diff --git a/yaml/0258df5c-c3c1-4ed5-ba8f-846d91526ffe.yaml b/yaml/0258df5c-c3c1-4ed5-ba8f-846d91526ffe.yaml
index 17d71f57f..49989b0c8 100644
--- a/yaml/0258df5c-c3c1-4ed5-ba8f-846d91526ffe.yaml
+++ b/yaml/0258df5c-c3c1-4ed5-ba8f-846d91526ffe.yaml
@@ -1,213 +1,214 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 0258df5c-c3c1-4ed5-ba8f-846d91526ffe
+Tags:
+- AsrDrv10.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create AsrDrv10.sys binPath=C:\windows\temp\AsrDrv10.sys type=kernel
-    && sc.exe start AsrDrv10.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/ece0a900ea089e730741499614c0917432246ceb5e11599ee3a1bb679e24fd2c.yara
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: 0258df5c-c3c1-4ed5-ba8f-846d91526ffe
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: e3a0cecf1427722f291347941edc9b81
-    SHA1: 2e6d61fa32e12fe4abf7b7d87aa6824f5f528000
-    SHA256: c767a5895119154467ac3fce8e82c20e6538a4e54f6c109001c61f8abd58f9f8
-  Company: ASRock Incorporation
-  Copyright: Copyright (C) 2012 ASRock Incorporation
-  CreationTimestamp: '2012-07-23 08:59:20'
-  Date: ''
-  Description: ASRock IO Driver
-  ExportedFunctions: ''
-  FileVersion: '1.00.00.0000 built by: WinDDK'
-  Filename: AsrDrv10.sys
-  ImportedFunctions:
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - MmFreeContiguousMemorySpecifyCache
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - RtlQueryRegistryValues
-  - MmUnmapIoSpace
-  - IoFreeMdl
-  - MmGetPhysicalAddress
-  - IoBuildAsynchronousFsdRequest
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - IoFreeIrp
-  - RtlCompareMemory
-  - MmUnlockPages
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - MmAllocateContiguousMemorySpecifyCache
-  - IofCallDriver
-  - KeBugCheckEx
-  - ExAllocatePoolWithTag
-  - KeStallExecutionProcessor
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: AsrDrv.sys
-  MD5: 9b91a44a488e4d539f2e55476b216024
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: AsrDrv.sys
-  Product: ASRock IO Driver
-  ProductVersion: 1.00.00.0000
-  Publisher: ASROCK Incorporation
-  RichPEHeaderHash:
-    MD5: a84c01eca8a6ca8e5221dbca3000c16e
-    SHA1: ff0ae5ad07f99ad2ac40b53c5215335a5d84e926
-    SHA256: 961a144592952461a785ff1f4d4f55c4132016b9fbbce3d881edf6131038533b
-  SHA1: 72966ca845759d239d09da0de7eebe3abe86fee3
-  SHA256: ece0a900ea089e730741499614c0917432246ceb5e11599ee3a1bb679e24fd2c
-  Sections:
-    .text:
-      Entropy: 6.341021622788994
-      Virtual Size: '0x1ae8'
-    .rdata:
-      Entropy: 4.613366571949234
-      Virtual Size: '0x254'
-    .data:
-      Entropy: 0.46979092711892695
-      Virtual Size: '0x130'
-    .pdata:
-      Entropy: 3.6856873474703487
-      Virtual Size: '0xf0'
-    INIT:
-      Entropy: 5.418481788878183
-      Virtual Size: '0x4d8'
-    .rsrc:
-      Entropy: 3.287296316763299
-      Virtual Size: '0x3a0'
-  Signature:
-  - ASROCK Incorporation
-  - VeriSign Class 3 Code Signing 2010 CA
-  - VeriSign
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G3
-      ValidFrom: '2012-05-01 00:00:00'
-      ValidTo: '2012-12-31 23:59:59'
-      Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
-      Version: 3
-      TBS:
-        MD5: e6d820afb23af20a65cf0b03247ea05e
-        SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
-        SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
-        SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=TW, ST=TAIWAN, L=Taipei, O=ASROCK Incorporation, OU=Digital ID Class
-        3 , Microsoft Software Validation v2, CN=ASROCK Incorporation
-      ValidFrom: '2011-03-07 00:00:00'
-      ValidTo: '2014-04-03 23:59:59'
-      Signature: e457550022e1dc5fe5a4f5162ea4664b819458f2359662f932d0d95e5ea6fd9ddafef2e213e9b4a46fa9acd6d5a07919479d127beb7ec1c11f0bc376b8ebfa7f815ec4f9b97646c2297359d2d8fda71a21143f33696ca8f3e1f830ef73cddea63b38fe440779ac5ef4885c3e5158183efbd50ecac394edbe86ad65c8245bf56719cd0dd5a13b2baad92c65ab6b2fbfc7aad423fc082e067d6080a3fbc634e58361bb6aa25ef376c78795d025f425faf64d8771549f3f7acfa1a55d4d7c4d8da57cd78411925d37a515cccbd1f978fb26abd268b80ff67b64bd4262e63b04d4015c8af232d9f117bfcec950c5612adbbcd70106d5712f5c70c131fbd19db21e6c
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 45dfec7bb3d378c97feb24efd699bb4e
-      Version: 3
-      TBS:
-        MD5: 544af7037e76dccfe47a9dffd9b847fd
-        SHA1: ea7dceadac1b76a4a0ed5624632072f8aa6ce02c
-        SHA256: 87f5b27417a56e4175d0e0acb7a831961963fad217e5d82fbf699287e8fdab25
-        SHA384: 2b6eb82e226dcec715cc7c98e2bf9a9a0dcb3f4e471827fe95d9dbd452ce459c6ae9525771c673800fa84b679b14db89
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 45dfec7bb3d378c97feb24efd699bb4e
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 9d7183c1d8107495354c4fad9dae3452
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create AsrDrv10.sys binPath=C:\windows\temp\AsrDrv10.sys type=kernel
+        && sc.exe start AsrDrv10.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://github.com/namazso/physmem_drivers
-Tags:
-- AsrDrv10.sys
-Verified: 'TRUE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/ece0a900ea089e730741499614c0917432246ceb5e11599ee3a1bb679e24fd2c.yara
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: e3a0cecf1427722f291347941edc9b81
+        SHA1: 2e6d61fa32e12fe4abf7b7d87aa6824f5f528000
+        SHA256: c767a5895119154467ac3fce8e82c20e6538a4e54f6c109001c61f8abd58f9f8
+    Company: ASRock Incorporation
+    Copyright: Copyright (C) 2012 ASRock Incorporation
+    CreationTimestamp: '2012-07-23 08:59:20'
+    Date: ''
+    Description: ASRock IO Driver
+    ExportedFunctions: ''
+    FileVersion: '1.00.00.0000 built by: WinDDK'
+    Filename: AsrDrv10.sys
+    ImportedFunctions:
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - MmFreeContiguousMemorySpecifyCache
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - RtlQueryRegistryValues
+    - MmUnmapIoSpace
+    - IoFreeMdl
+    - MmGetPhysicalAddress
+    - IoBuildAsynchronousFsdRequest
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - IoFreeIrp
+    - RtlCompareMemory
+    - MmUnlockPages
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - MmAllocateContiguousMemorySpecifyCache
+    - IofCallDriver
+    - KeBugCheckEx
+    - ExAllocatePoolWithTag
+    - KeStallExecutionProcessor
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: AsrDrv.sys
+    MD5: 9b91a44a488e4d539f2e55476b216024
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: AsrDrv.sys
+    Product: ASRock IO Driver
+    ProductVersion: 1.00.00.0000
+    Publisher: ASROCK Incorporation
+    RichPEHeaderHash:
+        MD5: a84c01eca8a6ca8e5221dbca3000c16e
+        SHA1: ff0ae5ad07f99ad2ac40b53c5215335a5d84e926
+        SHA256: 961a144592952461a785ff1f4d4f55c4132016b9fbbce3d881edf6131038533b
+    SHA1: 72966ca845759d239d09da0de7eebe3abe86fee3
+    SHA256: ece0a900ea089e730741499614c0917432246ceb5e11599ee3a1bb679e24fd2c
+    Sections:
+        .text:
+            Entropy: 6.341021622788994
+            Virtual Size: '0x1ae8'
+        .rdata:
+            Entropy: 4.613366571949234
+            Virtual Size: '0x254'
+        .data:
+            Entropy: 0.46979092711892695
+            Virtual Size: '0x130'
+        .pdata:
+            Entropy: 3.6856873474703487
+            Virtual Size: '0xf0'
+        INIT:
+            Entropy: 5.418481788878183
+            Virtual Size: '0x4d8'
+        .rsrc:
+            Entropy: 3.287296316763299
+            Virtual Size: '0x3a0'
+    Signature:
+    - ASROCK Incorporation
+    - VeriSign Class 3 Code Signing 2010 CA
+    - VeriSign
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G3
+            ValidFrom: '2012-05-01 00:00:00'
+            ValidTo: '2012-12-31 23:59:59'
+            Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
+            Version: 3
+            TBS:
+                MD5: e6d820afb23af20a65cf0b03247ea05e
+                SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
+                SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
+                SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=TW, ST=TAIWAN, L=Taipei, O=ASROCK Incorporation, OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, CN=ASROCK Incorporation
+            ValidFrom: '2011-03-07 00:00:00'
+            ValidTo: '2014-04-03 23:59:59'
+            Signature: e457550022e1dc5fe5a4f5162ea4664b819458f2359662f932d0d95e5ea6fd9ddafef2e213e9b4a46fa9acd6d5a07919479d127beb7ec1c11f0bc376b8ebfa7f815ec4f9b97646c2297359d2d8fda71a21143f33696ca8f3e1f830ef73cddea63b38fe440779ac5ef4885c3e5158183efbd50ecac394edbe86ad65c8245bf56719cd0dd5a13b2baad92c65ab6b2fbfc7aad423fc082e067d6080a3fbc634e58361bb6aa25ef376c78795d025f425faf64d8771549f3f7acfa1a55d4d7c4d8da57cd78411925d37a515cccbd1f978fb26abd268b80ff67b64bd4262e63b04d4015c8af232d9f117bfcec950c5612adbbcd70106d5712f5c70c131fbd19db21e6c
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 45dfec7bb3d378c97feb24efd699bb4e
+            Version: 3
+            TBS:
+                MD5: 544af7037e76dccfe47a9dffd9b847fd
+                SHA1: ea7dceadac1b76a4a0ed5624632072f8aa6ce02c
+                SHA256: 87f5b27417a56e4175d0e0acb7a831961963fad217e5d82fbf699287e8fdab25
+                SHA384: 2b6eb82e226dcec715cc7c98e2bf9a9a0dcb3f4e471827fe95d9dbd452ce459c6ae9525771c673800fa84b679b14db89
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 45dfec7bb3d378c97feb24efd699bb4e
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 9d7183c1d8107495354c4fad9dae3452
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/02e4a30f-8aa8-4ff0-8e02-1bff1d0f088f.yaml b/yaml/02e4a30f-8aa8-4ff0-8e02-1bff1d0f088f.yaml
index 298c6232e..da093a608 100644
--- a/yaml/02e4a30f-8aa8-4ff0-8e02-1bff1d0f088f.yaml
+++ b/yaml/02e4a30f-8aa8-4ff0-8e02-1bff1d0f088f.yaml
@@ -1,205 +1,206 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 02e4a30f-8aa8-4ff0-8e02-1bff1d0f088f
+Tags:
+- AsrAutoChkUpdDrv_1_0_32.sys
+Verified: 'TRUE'
 Author: Michael Haag
+Created: '2023-07-22'
+MitreID: T1068
 CVE:
 - ''
 Category: vulnerable drivers
 Commands:
-  Command: ''
-  Description: Confirmed vulnerable driver from Microsoft Block List
-  OperatingSystem: Windows
-  Privileges: kernel
-  Usecase: Elevate privileges
-Created: '2023-07-22'
-Detection:
-- type: ''
-  value: ''
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: 02e4a30f-8aa8-4ff0-8e02-1bff1d0f088f
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: aa06c91cf9286e2aea99534794daa427
-    SHA1: d9326484320452a9887daad7d39bad711bd7cefe
-    SHA256: 2bb0418dcfb3fa15f01220dc039f2c9ad4dc12eb7f0396deaa9b2e81cb5e77e9
-  Company: ASRock Incorporation
-  Copyright: Copyright (C) 2012 ASRock Incorporation
-  CreationTimestamp: '2015-12-18 05:32:13'
-  Date: ''
-  Description: AsrAutoChkUpdDrv_1_0_32 Driver
-  ExportedFunctions: ''
-  FileVersion: '1.00.00.0000 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - MmFreeContiguousMemorySpecifyCache
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - RtlQueryRegistryValues
-  - MmUnmapIoSpace
-  - IoFreeMdl
-  - MmGetPhysicalAddress
-  - IoBuildAsynchronousFsdRequest
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - IoFreeIrp
-  - RtlCompareMemory
-  - MmUnlockPages
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - MmAllocateContiguousMemorySpecifyCache
-  - IofCallDriver
-  - KeBugCheckEx
-  - ExAllocatePoolWithTag
-  - KeStallExecutionProcessor
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: AsrAutoChkUpdDrv_1_0_32.sys
-  MD5: d9c24542dd04d2562ae9e050061cee1d
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: AsrAutoChkUpdDrv_1_0_32.sys
-  PDBPath: ''
-  Product: AsrAutoChkUpdDrv_1_0_32 Driver
-  ProductVersion: 1.00.00.0000
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: a84c01eca8a6ca8e5221dbca3000c16e
-    SHA1: ff0ae5ad07f99ad2ac40b53c5215335a5d84e926
-    SHA256: 961a144592952461a785ff1f4d4f55c4132016b9fbbce3d881edf6131038533b
-  SHA1: d028783637b9b3ca567dcef0fb50156bf1620836
-  SHA256: 4ae42c1f11a98dee07a0d7199f611699511f1fb95120fabc4c3c349c485467fe
-  Sections:
-    .text:
-      Entropy: 6.3208486378494
-      Virtual Size: '0x1c78'
-    .rdata:
-      Entropy: 4.713603818174108
-      Virtual Size: '0x26c'
-    .data:
-      Entropy: 0.46979092711892695
-      Virtual Size: '0x130'
-    .pdata:
-      Entropy: 3.783970155092492
-      Virtual Size: '0xfc'
-    INIT:
-      Entropy: 5.349731181563033
-      Virtual Size: '0x518'
-    .rsrc:
-      Entropy: 3.3841559237194785
-      Virtual Size: '0x418'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=TW, ST=TAIWAN, L=Taipei, O=ASROCK Incorporation, OU=Digital ID Class
-        3 , Microsoft Software Validation v2, CN=ASROCK Incorporation
-      ValidFrom: '2014-03-07 00:00:00'
-      ValidTo: '2017-05-05 23:59:59'
-      Signature: 1a2d36e51fc7012c4b1548f12a0b4dbef774c3662171e0e1779f412648292619a8d74f8603af4fff5516d4859e7a26de9f0f688b2714b64ff296e56165afb0781c9a9dd23220d939c15cc218fe29d63d9ccd12f74127268c027d4041d392cad853e9da0a6d9379ac46efa8fe2099da7c49374b6c416139038143a94cc56334fad15ccbba2a821a22591d2c5b1449999e40af21e4f8280485d02056d904740e5c73a36e30c43376e7dbc8d0ccb7520e4bffc6501d0c0674a684398281b23d7dcb4386721fdece5817c74509fe6cc86751cd28e255dd47de330646d6bfe863fc50c773b90078f0332c3a02539c9e82b5e793c288063f91ed5f2036eb6cd4eae9e0
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03ffdaa3aac322387d7eb98acf9524bf
-      Version: 3
-      TBS:
-        MD5: 987b0fb90b05c0b59ba66fb1527c27e3
-        SHA1: 1b5d5279beed01b2355731588b1a26da29218b55
-        SHA256: b3cd9f313e55fce2d39d25dbe303777e5db9d0c01448dcd9ac70c2355bb5b4ea
-        SHA384: 4bb9546cdd73e2bff4224e021b54318e708c822a1a773a9e7246a46054aba1dd14c1651e8f01f5661b4ff4a3241c32ff
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 03ffdaa3aac322387d7eb98acf9524bf
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 9d7183c1d8107495354c4fad9dae3452
-  LoadsDespiteHVCI: 'FALSE'
-MitreID: T1068
+    Command: ''
+    Description: Confirmed vulnerable driver from Microsoft Block List
+    OperatingSystem: Windows
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://gist.github.com/mgraeber-rc/1bde6a2a83237f17b463d051d32e802c
-Tags:
-- AsrAutoChkUpdDrv_1_0_32.sys
-Verified: 'TRUE'
+Detection:
+-   type: ''
+    value: ''
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: aa06c91cf9286e2aea99534794daa427
+        SHA1: d9326484320452a9887daad7d39bad711bd7cefe
+        SHA256: 2bb0418dcfb3fa15f01220dc039f2c9ad4dc12eb7f0396deaa9b2e81cb5e77e9
+    Company: ASRock Incorporation
+    Copyright: Copyright (C) 2012 ASRock Incorporation
+    CreationTimestamp: '2015-12-18 05:32:13'
+    Date: ''
+    Description: AsrAutoChkUpdDrv_1_0_32 Driver
+    ExportedFunctions: ''
+    FileVersion: '1.00.00.0000 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - MmFreeContiguousMemorySpecifyCache
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - RtlQueryRegistryValues
+    - MmUnmapIoSpace
+    - IoFreeMdl
+    - MmGetPhysicalAddress
+    - IoBuildAsynchronousFsdRequest
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - IoFreeIrp
+    - RtlCompareMemory
+    - MmUnlockPages
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - MmAllocateContiguousMemorySpecifyCache
+    - IofCallDriver
+    - KeBugCheckEx
+    - ExAllocatePoolWithTag
+    - KeStallExecutionProcessor
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: AsrAutoChkUpdDrv_1_0_32.sys
+    MD5: d9c24542dd04d2562ae9e050061cee1d
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: AsrAutoChkUpdDrv_1_0_32.sys
+    PDBPath: ''
+    Product: AsrAutoChkUpdDrv_1_0_32 Driver
+    ProductVersion: 1.00.00.0000
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: a84c01eca8a6ca8e5221dbca3000c16e
+        SHA1: ff0ae5ad07f99ad2ac40b53c5215335a5d84e926
+        SHA256: 961a144592952461a785ff1f4d4f55c4132016b9fbbce3d881edf6131038533b
+    SHA1: d028783637b9b3ca567dcef0fb50156bf1620836
+    SHA256: 4ae42c1f11a98dee07a0d7199f611699511f1fb95120fabc4c3c349c485467fe
+    Sections:
+        .text:
+            Entropy: 6.3208486378494
+            Virtual Size: '0x1c78'
+        .rdata:
+            Entropy: 4.713603818174108
+            Virtual Size: '0x26c'
+        .data:
+            Entropy: 0.46979092711892695
+            Virtual Size: '0x130'
+        .pdata:
+            Entropy: 3.783970155092492
+            Virtual Size: '0xfc'
+        INIT:
+            Entropy: 5.349731181563033
+            Virtual Size: '0x518'
+        .rsrc:
+            Entropy: 3.3841559237194785
+            Virtual Size: '0x418'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=TW, ST=TAIWAN, L=Taipei, O=ASROCK Incorporation, OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, CN=ASROCK Incorporation
+            ValidFrom: '2014-03-07 00:00:00'
+            ValidTo: '2017-05-05 23:59:59'
+            Signature: 1a2d36e51fc7012c4b1548f12a0b4dbef774c3662171e0e1779f412648292619a8d74f8603af4fff5516d4859e7a26de9f0f688b2714b64ff296e56165afb0781c9a9dd23220d939c15cc218fe29d63d9ccd12f74127268c027d4041d392cad853e9da0a6d9379ac46efa8fe2099da7c49374b6c416139038143a94cc56334fad15ccbba2a821a22591d2c5b1449999e40af21e4f8280485d02056d904740e5c73a36e30c43376e7dbc8d0ccb7520e4bffc6501d0c0674a684398281b23d7dcb4386721fdece5817c74509fe6cc86751cd28e255dd47de330646d6bfe863fc50c773b90078f0332c3a02539c9e82b5e793c288063f91ed5f2036eb6cd4eae9e0
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03ffdaa3aac322387d7eb98acf9524bf
+            Version: 3
+            TBS:
+                MD5: 987b0fb90b05c0b59ba66fb1527c27e3
+                SHA1: 1b5d5279beed01b2355731588b1a26da29218b55
+                SHA256: b3cd9f313e55fce2d39d25dbe303777e5db9d0c01448dcd9ac70c2355bb5b4ea
+                SHA384: 4bb9546cdd73e2bff4224e021b54318e708c822a1a773a9e7246a46054aba1dd14c1651e8f01f5661b4ff4a3241c32ff
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 03ffdaa3aac322387d7eb98acf9524bf
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 9d7183c1d8107495354c4fad9dae3452
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/043773c5-120a-4c6b-8485-8f1f5c47fd3e.yaml b/yaml/043773c5-120a-4c6b-8485-8f1f5c47fd3e.yaml
index 0823341d9..54bde9604 100644
--- a/yaml/043773c5-120a-4c6b-8485-8f1f5c47fd3e.yaml
+++ b/yaml/043773c5-120a-4c6b-8485-8f1f5c47fd3e.yaml
@@ -1,11545 +1,11584 @@
 Id: 043773c5-120a-4c6b-8485-8f1f5c47fd3e
+Tags:
+- aswArPot.sys
+- avgArPot.sys
+Verified: 'TRUE'
 Author: Nasreddine Bencherchali
 Created: '2023-05-06'
 MitreID: T1068
 Category: vulnerable driver
-Verified: 'TRUE'
 Commands:
-  Command: sc.exe create aswArPot.sys binPath=C:\windows\temp\aswArPot.sys type=kernel
-    && sc.exe start aswArPot.sys
-  Description: ''
-  Usecase: Elevate privileges
-  Privileges: kernel
-  OperatingSystem: Windows 10
+    Command: sc.exe create aswArPot.sys binPath=C:\windows\temp\aswArPot.sys type=kernel
+        && sc.exe start aswArPot.sys
+    Description: ''
+    Usecase: Elevate privileges
+    Privileges: kernel
+    OperatingSystem: Windows 10
 Resources:
 - Internal Research
-Acknowledgement:
-  Person: ''
-  Handle: ''
 Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Person: ''
+    Handle: ''
 KnownVulnerableSamples:
-- Filename: aswArPot.sys
-  MD5: c61876aaca6ce822be18adb9d9bd4260
-  SHA1: 186b6523e8e2fa121d6d3b8cb106e9a5b918af4f
-  SHA256: 0b2ad05939b0aabbdc011082fad7960baa0c459ec16a2b29f37c1fa31795a46d
-  Authentihash:
-    MD5: 18893a7dd0bc23f4f4aa7b8350f0e75e
-    SHA1: 27021d09730a1d7694137e123ba3a63cd0b9e040
-    SHA256: fab3f1dbc49bd9f0219156fe49d4423c311f529f7d3653f5f69d2b10b9b0bc98
-  Description: AVG anti rootkit
-  Company: AVG Technologies CZ, s.r.o.
-  InternalName: aswArPot.sys
-  OriginalFilename: aswArPot.sys
-  FileVersion: 18.7.4031.0
-  Product: 'AVG Internet Security System '
-  ProductVersion: 18.7.4031.0
-  Copyright: Copyright (C) 2018 AVG Technologies CZ, s.r.o.
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - wcschr
-  - MmUnmapLockedPages
-  - _stricmp
-  - _wcsicmp
-  - towlower
-  - _strnicmp
-  - ExAllocatePoolWithTag
-  - PsGetProcessWin32Process
-  - KeClearEvent
-  - RtlVolumeDeviceToDosName
-  - KeQueryActiveProcessors
-  - RtlConvertSidToUnicodeString
-  - IoBuildDeviceIoControlRequest
-  - ExFreePoolWithTag
-  - KeResetEvent
-  - ExReleaseFastMutex
-  - IoGetBaseFileSystemDeviceObject
-  - strncmp
-  - ZwOpenThreadTokenEx
-  - RtlAnsiStringToUnicodeString
-  - ExAcquireFastMutex
-  - PsSetLoadImageNotifyRoutine
-  - _snwprintf
-  - NtBuildNumber
-  - PsRemoveCreateThreadNotifyRoutine
-  - PsLookupProcessByProcessId
-  - ZwQuerySymbolicLinkObject
-  - _wcsnicmp
-  - ZwReadFile
-  - strstr
-  - ZwMapViewOfSection
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeSetEvent
-  - wcsncpy
-  - RtlEqualSid
-  - strchr
-  - IoFreeWorkItem
-  - MmGetSystemRoutineAddress
-  - KeInitializeEvent
-  - PsSetCreateThreadNotifyRoutine
-  - RtlUnicodeStringToAnsiString
-  - _snprintf
-  - RtlGetVersion
-  - ZwQuerySystemInformation
-  - RtlInitString
-  - KeReleaseSpinLock
-  - PsSetCreateProcessNotifyRoutine
-  - ZwOpenSymbolicLinkObject
-  - IoFreeMdl
-  - KeUnstackDetachProcess
-  - ZwOpenProcessTokenEx
-  - ZwSetInformationFile
-  - KeDelayExecutionThread
-  - ObQueryNameString
-  - strncpy
-  - IoFileObjectType
-  - IoDriverObjectType
-  - wcsrchr
-  - wcsstr
-  - PsCreateSystemThread
-  - MmMapLockedPagesSpecifyCache
-  - IoGetDeviceObjectPointer
-  - ZwUnmapViewOfSection
-  - ExAllocatePool
-  - PsTerminateSystemThread
-  - IoGetCurrentProcess
-  - ExEventObjectType
-  - IoAllocateWorkItem
-  - ZwClose
-  - IofCompleteRequest
-  - ObReferenceObjectByHandle
-  - KeWaitForSingleObject
-  - PsRemoveLoadImageNotifyRoutine
-  - IoGetRequestorProcessId
-  - MmProbeAndLockPages
-  - PsGetVersion
-  - KeRevertToUserAffinityThread
-  - PsThreadType
-  - IoGetDeviceInterfaces
-  - ZwOpenProcess
-  - SeExports
-  - MmUnlockPages
-  - strrchr
-  - ZwQueryInformationProcess
-  - IoCreateSymbolicLink
-  - PsGetCurrentThreadId
-  - PsGetCurrentProcessId
-  - KeSetSystemAffinityThread
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - ZwCreateSection
-  - ObReferenceObjectByName
-  - IoQueueWorkItem
-  - IoDeviceObjectType
-  - ZwOpenFile
-  - wcsncmp
-  - ZwQueryInformationToken
-  - ZwQueryInformationFile
-  - ZwQueryInformationThread
-  - ObOpenObjectByPointer
-  - KeStackAttachProcess
-  - PsLookupThreadByThreadId
-  - ZwEnumerateKey
-  - IoAllocateMdl
-  - IofCallDriver
-  - ZwOpenKey
-  - KeAcquireSpinLockRaiseToDpc
-  - IoThreadToProcess
-  - IoAttachDeviceToDeviceStackSafe
-  - IoDetachDevice
-  - PsInitialSystemProcess
-  - IoCreateDevice
-  - PsProcessType
-  - KeDetachProcess
-  - KeAttachProcess
-  - ZwDeleteFile
-  - IoBuildSynchronousFsdRequest
-  - NtClose
-  - RtlCompareUnicodeString
-  - ObfReferenceObject
-  - ZwWriteFile
-  - ZwOpenThread
-  - ZwTerminateProcess
-  - RtlEqualUnicodeString
-  - ZwOpenDirectoryObject
-  - KeBugCheck
-  - ZwQueryDirectoryObject
-  - IoFreeIrp
-  - IoAllocateIrp
-  - KdDebuggerNotPresent
-  - KeSetTargetProcessorDpc
-  - KeInitializeDpc
-  - KeInsertQueueDpc
-  - KeNumberProcessors
-  - KeBugCheckEx
-  - ZwSetSecurityObject
-  - RtlLengthSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - RtlCreateSecurityDescriptor
-  - RtlSetDaclSecurityDescriptor
-  - RtlAbsoluteToSelfRelativeSD
-  - IoIsWdmVersionAvailable
-  - RtlLengthSid
-  - RtlAddAccessAllowedAce
-  - RtlGetSaclSecurityDescriptor
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - ZwCreateKey
-  - ZwQueryValueKey
-  - ZwSetValueKey
-  - RtlFreeUnicodeString
-  - RtlQueryRegistryValues
-  - RtlPrefixUnicodeString
-  - ExUnregisterCallback
-  - ExRegisterCallback
-  - ExCreateCallback
-  - __C_specific_handler
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root
-        CA
-      ValidFrom: '2011-04-15 19:41:37'
-      ValidTo: '2021-04-15 19:51:37'
-      Signature: 5cf5b22d02ceed01b53512d813f7aa4014c7a15ca08a55ed7e55ea6ac457176fd04722423658efc5ac61c5f62c52ce6ae6c80d85dab334420ea40225182672b92a4ea57e4b16f2a0e40c449ce24d9af474f0f927a6699031c244654348c74869d0fc8409f286140ac22996857f11eb8713176ed3ec6bff1d578ab17b1ea5a07ce9a27a68e5fac6b161d67263fa379163835599f81d614f0c6fa3f7bcb1152acc8d85e31417ef7e49443fb022c0f0acbe2fdbe10c86b0f4585c5a10a94bcdf3448a4652083e0a6210e9459504b78b8d4b074f500db7bbe7fb8ca27878c6c53b7663b2cfe521845a66fce04c79834ecfa8ee700586587cc29cd73ca3ad3c7e76625c87d0ed7cd5c55b1421f4be75a275d2e9e15ad020307841624d6b5e6e1b1710244ad8588775d015d762bbfd185665842561977faad49df4f35d6da031c2e19e02ac3e90c3327ee832903416d08b14cf95accee58c54a265b8bfed186a57073ed3e79a4a2f081a041c49871a8ae61b08a365d81c31c50d9cbab368ddf45076160675fec403e7d13edfdc862e10027e661296534e7af3365879b12042d8963f35be3f8ef2999743f5e40ce13c68728c8d49d75a52b573fb7a35943a61b08482c04885c19732d39b725fa0d2348f7ef0467cf28c7294c707b0d7b5b230b81965f09c8327b0a0abd0a2727e050fb3aeddb95b9b42bcc32663456b86f11d4643edc8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611cb28a000000000026
-      Version: 3
-      TBS:
-        MD5: 983a0c315a50542362f2bd6a5d71c8d0
-        SHA1: 8047f476001f5cb16a661d2a3fd0c3576168f5e2
-        SHA256: 5f6a519ed2e35cd0fa1cdfc90f4387162c36287bbf9e4d6648251d99542a9e83
-        SHA384: 5f014b60511ddab3247ef0b3c03fe82c622237ba76015e2911d1adc50dc632d56ebd1ee532f3c2b6cbfe68d80a2c91dc
-    - Subject: C=US, ST=North Carolina, L=Newton, O=AVG Technologies USA, Inc., OU=Release
-        Engineering, CN=AVG Technologies USA, Inc.
-      ValidFrom: '2018-01-30 00:00:00'
-      ValidTo: '2021-01-22 12:00:00'
-      Signature: 64a3846966f4f2a1ffd87657c43ac13664775a70d059fd4447ee6588de3e0bf2b1a228291c0a01222cab6b4bbbcaabb94662396476d5525c952e7fd0048588028be1ba1c55c1ac200b523e7234ded93661acf83becee39c27823e22ec23d4ff8266eea3241ed9fbfd6bba155c7c39ed31db5e810dd7ea0858b0a2e9b824f23b9002f04e35375d54e5237f575e221914fd6a11590fdac7bc2ee5d66eb08e3c560414f6144111bef12350d70d9bdc513fb8d2407de5f1c7cca824feb4fb2a51057c2609f8d6419078879d64840ed870385d645f08f022a306ba5309883eacf4967dbbeb36961c73f2ed047d6cf85d2c3ee86c9913e8374be078155a4ffa36d9fa8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0557955e02a6b53dd1d574ede15f310e
-      Version: 3
-      TBS:
-        MD5: f9b558280379fbd2ac831a9850ec9c0e
-        SHA1: c22448dd1388c2011166e2a203fe984bd702f355
-        SHA256: c2f472e92e35af2565c8973f388a3602f43929f9e41befa85cdeff4446c5b9fe
-        SHA384: 5ee6139861e1ad7af4f34277455f9239b9ae156de69550c1f6b567afa2038498f9edb2464632655aac52899243ff84b3
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code
-        Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 7b721d64ff88c83ac1b7e9e7a9c487bbdb9492d7905933fa2b87dea85b80253f138f9b831b7c43c4e68cdf393ec315ecb0da3b21257b24c1725db84791811346fa9c3f6a5138deb425cbf0abdfc528015479104624d1380f26a161904dbabd28e63ff1c4aa9bf6da35534fc9f23dd36cdc23edaaa04d6709f33a803d3cfb364c90e776a4ddf23abf56352fa24c65e8e0d4dad1c7c8916a2d234f373b199418d4d59c103cd5b11c19ff8fc86b9b9ef8ae9c999678d1cd9c51155b4226725a8d0a4a239240e886de22c2933ad49b68a6df297f06b93c0ebd9fc4869c82474271328609997209794b9d7169f541ff7f397764f1848dbe8b1eb27d68a3a590b10cff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0fa8490615d700a0be2176fdc5ec6dbd
-      Version: 3
-      TBS:
-        MD5: a9a31555bbc92b6033975c5428fb3679
-        SHA1: 47f4b9898631773231b32844ec0d49990ac4eb1e
-        SHA256: c826846e4b1d73edb7561ab1b41c949354e237a91e82fe1be5b7e2e1701f52d1
-        SHA384: 86f49574f368a561914a52d7ae043ec6784ef8c718960700f834e123594605d25d39f1ad45f1eb5052c9567f3edd0e16
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 0557955e02a6b53dd1d574ede15f310e
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code
-        Signing CA,1
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 382c4767d71156621da4d8ab3193017a
-    SHA1: 20e40fd8dd4465dfd940c017e5cb26819d5cbed7
-    SHA256: cc76cbedaf6062b99e917cf31a8cce723c854d10d1afd041e4ca85ceabb39c4b
-  Sections:
-    .text:
-      Entropy: 6.335598955768239
-      Virtual Size: '0x2133c'
-    .rdata:
-      Entropy: 5.843813784629538
-      Virtual Size: '0x30b4'
-    .data:
-      Entropy: 1.9686843664265543
-      Virtual Size: '0x25ac0'
-    .pdata:
-      Entropy: 5.344378789120372
-      Virtual Size: '0x10a4'
-    PAGE:
-      Entropy: 6.236243477409071
-      Virtual Size: '0x19f7'
-    INIT:
-      Entropy: 5.308986664848571
-      Virtual Size: '0x130e'
-    .rsrc:
-      Entropy: 3.397661483885662
-      Virtual Size: '0x3b8'
-    .reloc:
-      Entropy: 2.585838337225609
-      Virtual Size: '0x4ba'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2018-10-02 03:42:06'
-  Imphash: dd406d43857d7f5ad1b0aec04fdb7e5f
-  LoadsDespiteHVCI: 'TRUE'
-- Filename: aswArPot.sys
-  MD5: 56a9e9b5334f8698a0ede27c64140982
-  SHA1: 762a5b4c7beb2af675617dca6dcd6afd36ce0afd
-  SHA256: 0b542e47248611a1895018ec4f4033ea53464f259c74eb014d018b19ad818917
-  Authentihash:
-    MD5: a75fd1dc0e0b04ba483ab56147868c5f
-    SHA1: aad76f7285cc00fffce801147036331610943062
-    SHA256: 1faa125c9442b20c646411f629dd48afe2d962554c45fc4a8e2d45c1fc611b6c
-  Description: AVG Anti Rootkit
-  Company: AVG Technologies CZ, s.r.o.
-  InternalName: aswArPot
-  OriginalFilename: aswArPot.sys
-  FileVersion: 20.8.130.0
-  Product: 'AVG Internet Security System '
-  ProductVersion: 20.8.130.0
-  Copyright: Copyright (C) 2020 AVG Technologies CZ, s.r.o.
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - __C_specific_handler
-  - KeDelayExecutionThread
-  - IoAllocateWorkItem
-  - MmIsAddressValid
-  - MmUnlockPages
-  - ExAllocatePool
-  - RtlAnsiStringToUnicodeString
-  - KeAcquireSpinLockRaiseToDpc
-  - ZwQuerySystemInformation
-  - PsRemoveLoadImageNotifyRoutine
-  - ZwUnmapViewOfSection
-  - ZwQuerySymbolicLinkObject
-  - MmProbeAndLockPages
-  - RtlVolumeDeviceToDosName
-  - PsSetLoadImageNotifyRoutine
-  - IoGetRequestorProcessId
-  - ZwReadFile
-  - ObQueryNameString
-  - ZwOpenThreadTokenEx
-  - ZwOpenProcessTokenEx
-  - towlower
-  - NtBuildNumber
-  - ExReleaseFastMutex
-  - _wcsicmp
-  - _snwprintf
-  - RtlConvertSidToUnicodeString
-  - ObfDereferenceObject
-  - IoAllocateMdl
-  - ZwCreateSection
-  - ZwQueryInformationProcess
-  - PsGetProcessId
-  - PsCreateSystemThread
-  - ZwQueryInformationThread
-  - RtlInitUnicodeString
-  - ZwOpenSymbolicLinkObject
-  - tolower
-  - PsRemoveCreateThreadNotifyRoutine
-  - IoDeleteDevice
-  - IoBuildDeviceIoControlRequest
-  - wcsncpy
-  - IoGetDeviceObjectPointer
-  - IoGetCurrentProcess
-  - ObOpenObjectByPointer
-  - strncpy
-  - KeReleaseSpinLock
-  - _strnicmp
-  - IoFileObjectType
-  - KeStackAttachProcess
-  - PsLookupProcessByProcessId
-  - PsGetCurrentProcessId
-  - KeSetEvent
-  - PsThreadType
-  - RtlUnicodeStringToAnsiString
-  - ZwQueryInformationToken
-  - ZwMapViewOfSection
-  - strncmp
-  - ObReferenceObjectByHandle
-  - RtlGetVersion
-  - PsGetThreadId
-  - PsGetVersion
-  - KeClearEvent
-  - IoGetBaseFileSystemDeviceObject
-  - wcschr
-  - ZwSetInformationFile
-  - ZwEnumerateKey
-  - IoFreeMdl
-  - wcsstr
-  - ExAcquireFastMutex
-  - MmGetSystemRoutineAddress
-  - IoFreeWorkItem
-  - _stricmp
-  - ExAllocatePoolWithTag
-  - RtlInitString
-  - IofCallDriver
-  - IoDeviceObjectType
-  - _snprintf
-  - ExFreePoolWithTag
-  - ZwOpenFile
-  - KeSetSystemAffinityThread
-  - strstr
-  - KeInitializeEvent
-  - ObReferenceObjectByName
-  - strchr
-  - _wcsnicmp
-  - KeQueryActiveProcessors
-  - RtlEqualSid
-  - IoQueueWorkItem
-  - MmUnmapLockedPages
-  - MmMapLockedPagesSpecifyCache
-  - PsSetCreateThreadNotifyRoutine
-  - PsGetCurrentThreadId
-  - IofCompleteRequest
-  - PsGetProcessWin32Process
-  - ExEventObjectType
-  - ZwQueryInformationFile
-  - KeWaitForSingleObject
-  - IoCreateSymbolicLink
-  - PsSetCreateProcessNotifyRoutine
-  - IoDriverObjectType
-  - PsLookupThreadByThreadId
-  - IoGetDeviceInterfaces
-  - ZwClose
-  - PsTerminateSystemThread
-  - wcsrchr
-  - strrchr
-  - SeExports
-  - KeUnstackDetachProcess
-  - KeResetEvent
-  - KeRevertToUserAffinityThread
-  - ZwOpenProcess
-  - wcsncmp
-  - ZwOpenKey
-  - PsGetThreadProcess
-  - IoDetachDevice
-  - IoAttachDeviceToDeviceStackSafe
-  - IoThreadToProcess
-  - PsInitialSystemProcess
-  - IoCreateDevice
-  - KeInsertQueueDpc
-  - KeNumberProcessors
-  - KeInitializeDpc
-  - KeSetTargetProcessorDpc
-  - PsProcessType
-  - MmMapIoSpace
-  - MmUnmapIoSpace
-  - ZwDeleteFile
-  - KeAttachProcess
-  - KeDetachProcess
-  - RtlCompareUnicodeString
-  - ZwWriteFile
-  - NtClose
-  - ObfReferenceObject
-  - IoBuildSynchronousFsdRequest
-  - ZwOpenThread
-  - ZwTerminateProcess
-  - RtlEqualUnicodeString
-  - IoFreeIrp
-  - ZwQueryDirectoryObject
-  - KeBugCheck
-  - ZwOpenDirectoryObject
-  - IoAllocateIrp
-  - KdDebuggerNotPresent
-  - ZwSetSecurityObject
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - RtlGetSaclSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - RtlLengthSecurityDescriptor
-  - RtlCreateSecurityDescriptor
-  - RtlAbsoluteToSelfRelativeSD
-  - RtlAddAccessAllowedAce
-  - RtlLengthSid
-  - IoIsWdmVersionAvailable
-  - RtlSetDaclSecurityDescriptor
-  - ZwSetValueKey
-  - ZwQueryValueKey
-  - ZwCreateKey
-  - RtlFreeUnicodeString
-  - KeBugCheckEx
-  - RtlQueryRegistryValues
-  - RtlPrefixUnicodeString
-  - ExRegisterCallback
-  - ExCreateCallback
-  - ExUnregisterCallback
-  - strcmp
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: C=US, ST=North Carolina, L=Newton, O=AVG Technologies USA, LLC, OU=RE
-        999, CN=AVG Technologies USA, LLC
-      ValidFrom: '2020-01-27 00:00:00'
-      ValidTo: '2022-10-20 12:00:00'
-      Signature: b02cbaf178caf97fa7c0182c25b4c97d4e68127e4d5634609757bcbc051eb94254bb50e112e72505e7f9c6dbd92622287bacbcd726fa911b3b3e36ccc88f8794e980c0b0409efc87fb04d88a15df20dedb23ced152779b799359e4d3b553eb4c6c6ea61216899a0d9cc97de7f7e21ce374d5430e2dcfbb3b6f653db2d236f59bb22bd65e0787a65610c4fde1463a5be08e4710fb4e1ae7c00080edb315995b06297431ce4a9821d1050aa7061ef26c182482d09ba42001ab103c882c01f312411130490aa7820ff72902e723a864b881066e2d7883afdb5ba9d3027550f6a3761669e42b425ad61f76e2add3dd012558bd769b76f8f37843243dfbd0a2efa363
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03ec0c9015079fab8a6f3fc9f839311c
-      Version: 3
-      TBS:
-        MD5: bf2831557abdf7e58917d0a2608080a5
-        SHA1: 24ece342e4c4f2f17f32e6924f48c240ad6300ff
-        SHA256: 1afa061865098b2da9d030bc9f5815ad98e59fa847903692e52d6ba0bbf260dd
-        SHA384: 0bed85528163e2befed14755c2dcaf02acea62bdf352d3f964cfeaa2883bebea3e186aa26ce12e4df1dfd6d235bf9bb6
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
-      Version: 3
-      TBS:
-        MD5: 829995f702421dea833a24fb2c7f4442
-        SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
-        SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
-        SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 03ec0c9015079fab8a6f3fc9f839311c
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      Version: 1
-  RichPEHeaderHash:
-    MD5: e8033ae063a3483aec0d2fa55081ff62
-    SHA1: fef047c18b115c601ddfd833e1cb5784ca1afbd7
-    SHA256: fe30a08a31a5f4687353c7b08444b72fb6402a51b0586f0ade667983f833c4a5
-  Sections:
-    .text:
-      Entropy: 6.382014580840617
-      Virtual Size: '0x21e62'
-    .rdata:
-      Entropy: 5.714696800325816
-      Virtual Size: '0x3b24'
-    .data:
-      Entropy: 2.7169953597230534
-      Virtual Size: '0x259b0'
-    .pdata:
-      Entropy: 5.4323977966026975
-      Virtual Size: '0x11dc'
-    PAGE:
-      Entropy: 6.273110218235552
-      Virtual Size: '0x1c4b'
-    INIT:
-      Entropy: 5.36403021726766
-      Virtual Size: '0x13dc'
-    .rsrc:
-      Entropy: 3.367990251400212
-      Virtual Size: '0x3d8'
-    .reloc:
-      Entropy: 5.3833020583275815
-      Virtual Size: '0x188'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2020-09-24 08:28:43'
-  Imphash: 26150d69f50aa9247c3f3f17521d18a2
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: aswArPot.sys
-  MD5: 94999245e9580c6228b22ac44c66044c
-  SHA1: 4a04596acf79115f15add3921ce30a96f594d7ce
-  SHA256: 0cd4ca335155062182608cad9ef5c8351a715bce92049719dd09c76422cd7b0c
-  Authentihash:
-    MD5: bd9f1ccc35bd6f7b1b10f29e34167f2d
-    SHA1: e6822211c3f40414dd0d8ec6416db8b050859cd5
-    SHA256: a801e12c32c0eb197b3cc507d096afc16a32dca6bc71d080e1ae2c17ad13b2ca
-  Description: AVG Anti Rootkit
-  Company: AVG Technologies CZ, s.r.o.
-  InternalName: aswArPot
-  OriginalFilename: aswArPot.sys
-  FileVersion: 20.3.68.0
-  Product: 'AVG Internet Security System '
-  ProductVersion: 20.3.68.0
-  Copyright: Copyright (C) 2020 AVG Technologies CZ, s.r.o.
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - __C_specific_handler
-  - KeDelayExecutionThread
-  - IoAllocateWorkItem
-  - MmIsAddressValid
-  - MmUnlockPages
-  - ExAllocatePool
-  - RtlAnsiStringToUnicodeString
-  - KeAcquireSpinLockRaiseToDpc
-  - ZwQuerySystemInformation
-  - PsRemoveLoadImageNotifyRoutine
-  - ZwUnmapViewOfSection
-  - ZwQuerySymbolicLinkObject
-  - MmProbeAndLockPages
-  - RtlVolumeDeviceToDosName
-  - PsSetLoadImageNotifyRoutine
-  - IoGetRequestorProcessId
-  - ZwReadFile
-  - ObQueryNameString
-  - ZwOpenThreadTokenEx
-  - ZwOpenProcessTokenEx
-  - towlower
-  - NtBuildNumber
-  - ExReleaseFastMutex
-  - _wcsicmp
-  - _snwprintf
-  - RtlConvertSidToUnicodeString
-  - ObfDereferenceObject
-  - IoAllocateMdl
-  - ZwCreateSection
-  - ZwQueryInformationProcess
-  - PsGetProcessId
-  - PsCreateSystemThread
-  - ZwQueryInformationThread
-  - RtlInitUnicodeString
-  - ZwOpenSymbolicLinkObject
-  - tolower
-  - PsRemoveCreateThreadNotifyRoutine
-  - IoDeleteDevice
-  - IoBuildDeviceIoControlRequest
-  - wcsncpy
-  - IoGetDeviceObjectPointer
-  - IoGetCurrentProcess
-  - ObOpenObjectByPointer
-  - strncpy
-  - KeReleaseSpinLock
-  - _strnicmp
-  - IoFileObjectType
-  - KeStackAttachProcess
-  - PsLookupProcessByProcessId
-  - PsGetCurrentProcessId
-  - KeSetEvent
-  - PsThreadType
-  - RtlUnicodeStringToAnsiString
-  - ZwQueryInformationToken
-  - ZwMapViewOfSection
-  - strncmp
-  - ObReferenceObjectByHandle
-  - RtlGetVersion
-  - PsGetThreadId
-  - PsGetVersion
-  - KeClearEvent
-  - IoGetBaseFileSystemDeviceObject
-  - wcschr
-  - ZwSetInformationFile
-  - ZwEnumerateKey
-  - IoFreeMdl
-  - wcsstr
-  - ExAcquireFastMutex
-  - MmGetSystemRoutineAddress
-  - IoFreeWorkItem
-  - _stricmp
-  - ExAllocatePoolWithTag
-  - RtlInitString
-  - IofCallDriver
-  - IoDeviceObjectType
-  - _snprintf
-  - ExFreePoolWithTag
-  - ZwOpenFile
-  - KeSetSystemAffinityThread
-  - strstr
-  - KeInitializeEvent
-  - ObReferenceObjectByName
-  - strchr
-  - _wcsnicmp
-  - KeQueryActiveProcessors
-  - RtlEqualSid
-  - IoQueueWorkItem
-  - MmUnmapLockedPages
-  - MmMapLockedPagesSpecifyCache
-  - PsSetCreateThreadNotifyRoutine
-  - PsGetCurrentThreadId
-  - IofCompleteRequest
-  - PsGetProcessWin32Process
-  - ExEventObjectType
-  - ZwQueryInformationFile
-  - KeWaitForSingleObject
-  - IoCreateSymbolicLink
-  - PsSetCreateProcessNotifyRoutine
-  - IoDriverObjectType
-  - PsLookupThreadByThreadId
-  - IoGetDeviceInterfaces
-  - ZwClose
-  - PsTerminateSystemThread
-  - wcsrchr
-  - strrchr
-  - SeExports
-  - KeUnstackDetachProcess
-  - KeResetEvent
-  - KeRevertToUserAffinityThread
-  - ZwOpenProcess
-  - wcsncmp
-  - ZwOpenKey
-  - PsGetThreadProcess
-  - IoDetachDevice
-  - IoAttachDeviceToDeviceStackSafe
-  - IoThreadToProcess
-  - PsInitialSystemProcess
-  - IoCreateDevice
-  - KeInsertQueueDpc
-  - KeNumberProcessors
-  - KeInitializeDpc
-  - KeSetTargetProcessorDpc
-  - PsProcessType
-  - MmMapIoSpace
-  - MmUnmapIoSpace
-  - ZwDeleteFile
-  - KeAttachProcess
-  - KeDetachProcess
-  - RtlCompareUnicodeString
-  - ZwWriteFile
-  - NtClose
-  - ObfReferenceObject
-  - IoBuildSynchronousFsdRequest
-  - ZwOpenThread
-  - ZwTerminateProcess
-  - RtlEqualUnicodeString
-  - IoFreeIrp
-  - ZwQueryDirectoryObject
-  - KeBugCheck
-  - ZwOpenDirectoryObject
-  - IoAllocateIrp
-  - KdDebuggerNotPresent
-  - ZwSetSecurityObject
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - RtlGetSaclSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - RtlLengthSecurityDescriptor
-  - RtlCreateSecurityDescriptor
-  - RtlAbsoluteToSelfRelativeSD
-  - RtlAddAccessAllowedAce
-  - RtlLengthSid
-  - IoIsWdmVersionAvailable
-  - RtlSetDaclSecurityDescriptor
-  - ZwSetValueKey
-  - ZwQueryValueKey
-  - ZwCreateKey
-  - RtlFreeUnicodeString
-  - KeBugCheckEx
-  - RtlQueryRegistryValues
-  - RtlPrefixUnicodeString
-  - ExRegisterCallback
-  - ExCreateCallback
-  - ExUnregisterCallback
-  - strcmp
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: C=US, ST=North Carolina, L=Newton, O=AVG Technologies USA, LLC, OU=RE
-        999, CN=AVG Technologies USA, LLC
-      ValidFrom: '2020-01-27 00:00:00'
-      ValidTo: '2022-10-20 12:00:00'
-      Signature: b02cbaf178caf97fa7c0182c25b4c97d4e68127e4d5634609757bcbc051eb94254bb50e112e72505e7f9c6dbd92622287bacbcd726fa911b3b3e36ccc88f8794e980c0b0409efc87fb04d88a15df20dedb23ced152779b799359e4d3b553eb4c6c6ea61216899a0d9cc97de7f7e21ce374d5430e2dcfbb3b6f653db2d236f59bb22bd65e0787a65610c4fde1463a5be08e4710fb4e1ae7c00080edb315995b06297431ce4a9821d1050aa7061ef26c182482d09ba42001ab103c882c01f312411130490aa7820ff72902e723a864b881066e2d7883afdb5ba9d3027550f6a3761669e42b425ad61f76e2add3dd012558bd769b76f8f37843243dfbd0a2efa363
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03ec0c9015079fab8a6f3fc9f839311c
-      Version: 3
-      TBS:
-        MD5: bf2831557abdf7e58917d0a2608080a5
-        SHA1: 24ece342e4c4f2f17f32e6924f48c240ad6300ff
-        SHA256: 1afa061865098b2da9d030bc9f5815ad98e59fa847903692e52d6ba0bbf260dd
-        SHA384: 0bed85528163e2befed14755c2dcaf02acea62bdf352d3f964cfeaa2883bebea3e186aa26ce12e4df1dfd6d235bf9bb6
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
-      Version: 3
-      TBS:
-        MD5: 829995f702421dea833a24fb2c7f4442
-        SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
-        SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
-        SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 03ec0c9015079fab8a6f3fc9f839311c
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 5a489fed9ab25dab8eb1e8de57816a5b
-    SHA1: e1f992c705eb87c462152c01a8db69d1df44aacb
-    SHA256: 13fb8d5234772b9e76b9929957aa21c6a9395cc3892f69dcd599f7682daff315
-  Sections:
-    .text:
-      Entropy: 6.37980416282674
-      Virtual Size: '0x21d62'
-    .rdata:
-      Entropy: 5.713849110081666
-      Virtual Size: '0x3b1c'
-    .data:
-      Entropy: 2.7078442579876167
-      Virtual Size: '0x259b0'
-    .pdata:
-      Entropy: 5.4286864002584405
-      Virtual Size: '0x11dc'
-    PAGE:
-      Entropy: 6.273919225206701
-      Virtual Size: '0x1c4b'
-    INIT:
-      Entropy: 5.3629488423190335
-      Virtual Size: '0x13dc'
-    .rsrc:
-      Entropy: 3.3599501979564375
-      Virtual Size: '0x3d0'
-    .reloc:
-      Entropy: 5.3833020583275815
-      Virtual Size: '0x188'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2020-04-28 12:47:02'
-  Imphash: 26150d69f50aa9247c3f3f17521d18a2
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: aswArPot.sys
-  MD5: 93a23503e26773c27ed1da06bb79e7a4
-  SHA1: da03799bb0025a476e3e15cc5f426e5412aeef02
-  SHA256: 0f016c80c4938fbcd47a47409969b3925f54292eba2ce01a8e45222ce8615eb8
-  Authentihash:
-    MD5: c53ff2c139c291d9afe0a4831d0ca8b3
-    SHA1: e6fb86d4de7362af1e3cd957bcc4e2e887aa5016
-    SHA256: 29a560a11292c4224a401392e091a8f08230fdfea35521035e2bfda0b3d1f952
-  Description: AVG anti rootkit
-  Company: AVG Technologies CZ, s.r.o.
-  InternalName: aswArPot.sys
-  OriginalFilename: aswArPot.sys
-  FileVersion: 18.8.4057.0
-  Product: 'AVG Internet Security System '
-  ProductVersion: 18.8.4057.0
-  Copyright: Copyright (C) 2018 AVG Technologies CZ, s.r.o.
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - wcschr
-  - MmUnmapLockedPages
-  - _stricmp
-  - _wcsicmp
-  - towlower
-  - _strnicmp
-  - ExAllocatePoolWithTag
-  - PsGetProcessWin32Process
-  - KeClearEvent
-  - RtlVolumeDeviceToDosName
-  - KeQueryActiveProcessors
-  - RtlConvertSidToUnicodeString
-  - IoBuildDeviceIoControlRequest
-  - ExFreePoolWithTag
-  - KeResetEvent
-  - ExReleaseFastMutex
-  - IoGetBaseFileSystemDeviceObject
-  - strncmp
-  - ZwOpenThreadTokenEx
-  - RtlAnsiStringToUnicodeString
-  - ExAcquireFastMutex
-  - PsSetLoadImageNotifyRoutine
-  - _snwprintf
-  - NtBuildNumber
-  - PsRemoveCreateThreadNotifyRoutine
-  - PsLookupProcessByProcessId
-  - ZwQuerySymbolicLinkObject
-  - _wcsnicmp
-  - ZwReadFile
-  - strstr
-  - ZwMapViewOfSection
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeSetEvent
-  - wcsncpy
-  - RtlEqualSid
-  - strchr
-  - IoFreeWorkItem
-  - MmGetSystemRoutineAddress
-  - KeInitializeEvent
-  - PsSetCreateThreadNotifyRoutine
-  - RtlUnicodeStringToAnsiString
-  - _snprintf
-  - RtlGetVersion
-  - ZwQuerySystemInformation
-  - RtlInitString
-  - KeReleaseSpinLock
-  - PsSetCreateProcessNotifyRoutine
-  - ZwOpenSymbolicLinkObject
-  - IoFreeMdl
-  - KeUnstackDetachProcess
-  - ZwOpenProcessTokenEx
-  - ZwSetInformationFile
-  - KeDelayExecutionThread
-  - ObQueryNameString
-  - strncpy
-  - IoFileObjectType
-  - IoDriverObjectType
-  - wcsrchr
-  - wcsstr
-  - PsCreateSystemThread
-  - MmMapLockedPagesSpecifyCache
-  - IoGetDeviceObjectPointer
-  - ZwUnmapViewOfSection
-  - ExAllocatePool
-  - PsTerminateSystemThread
-  - IoGetCurrentProcess
-  - ExEventObjectType
-  - IoAllocateWorkItem
-  - ZwClose
-  - IofCompleteRequest
-  - ObReferenceObjectByHandle
-  - KeWaitForSingleObject
-  - PsRemoveLoadImageNotifyRoutine
-  - IoGetRequestorProcessId
-  - MmProbeAndLockPages
-  - PsGetVersion
-  - KeRevertToUserAffinityThread
-  - PsThreadType
-  - IoGetDeviceInterfaces
-  - ZwOpenProcess
-  - SeExports
-  - MmUnlockPages
-  - strrchr
-  - ZwQueryInformationProcess
-  - IoCreateSymbolicLink
-  - PsGetCurrentThreadId
-  - PsGetCurrentProcessId
-  - KeSetSystemAffinityThread
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - ZwCreateSection
-  - ObReferenceObjectByName
-  - IoQueueWorkItem
-  - IoDeviceObjectType
-  - ZwOpenFile
-  - wcsncmp
-  - ZwQueryInformationToken
-  - ZwQueryInformationFile
-  - ZwQueryInformationThread
-  - ObOpenObjectByPointer
-  - KeStackAttachProcess
-  - PsLookupThreadByThreadId
-  - ZwEnumerateKey
-  - IoAllocateMdl
-  - IofCallDriver
-  - ZwOpenKey
-  - KeAcquireSpinLockRaiseToDpc
-  - IoThreadToProcess
-  - IoAttachDeviceToDeviceStackSafe
-  - IoDetachDevice
-  - PsInitialSystemProcess
-  - IoCreateDevice
-  - PsProcessType
-  - KeDetachProcess
-  - KeAttachProcess
-  - ZwDeleteFile
-  - IoBuildSynchronousFsdRequest
-  - NtClose
-  - RtlCompareUnicodeString
-  - ObfReferenceObject
-  - ZwWriteFile
-  - ZwOpenThread
-  - ZwTerminateProcess
-  - RtlEqualUnicodeString
-  - ZwOpenDirectoryObject
-  - KeBugCheck
-  - ZwQueryDirectoryObject
-  - IoFreeIrp
-  - IoAllocateIrp
-  - KdDebuggerNotPresent
-  - KeSetTargetProcessorDpc
-  - KeInitializeDpc
-  - KeInsertQueueDpc
-  - KeNumberProcessors
-  - KeBugCheckEx
-  - ZwSetSecurityObject
-  - RtlLengthSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - RtlCreateSecurityDescriptor
-  - RtlSetDaclSecurityDescriptor
-  - RtlAbsoluteToSelfRelativeSD
-  - IoIsWdmVersionAvailable
-  - RtlLengthSid
-  - RtlAddAccessAllowedAce
-  - RtlGetSaclSecurityDescriptor
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - ZwCreateKey
-  - ZwQueryValueKey
-  - ZwSetValueKey
-  - RtlFreeUnicodeString
-  - RtlQueryRegistryValues
-  - RtlPrefixUnicodeString
-  - ExUnregisterCallback
-  - ExRegisterCallback
-  - ExCreateCallback
-  - __C_specific_handler
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root
-        CA
-      ValidFrom: '2011-04-15 19:41:37'
-      ValidTo: '2021-04-15 19:51:37'
-      Signature: 5cf5b22d02ceed01b53512d813f7aa4014c7a15ca08a55ed7e55ea6ac457176fd04722423658efc5ac61c5f62c52ce6ae6c80d85dab334420ea40225182672b92a4ea57e4b16f2a0e40c449ce24d9af474f0f927a6699031c244654348c74869d0fc8409f286140ac22996857f11eb8713176ed3ec6bff1d578ab17b1ea5a07ce9a27a68e5fac6b161d67263fa379163835599f81d614f0c6fa3f7bcb1152acc8d85e31417ef7e49443fb022c0f0acbe2fdbe10c86b0f4585c5a10a94bcdf3448a4652083e0a6210e9459504b78b8d4b074f500db7bbe7fb8ca27878c6c53b7663b2cfe521845a66fce04c79834ecfa8ee700586587cc29cd73ca3ad3c7e76625c87d0ed7cd5c55b1421f4be75a275d2e9e15ad020307841624d6b5e6e1b1710244ad8588775d015d762bbfd185665842561977faad49df4f35d6da031c2e19e02ac3e90c3327ee832903416d08b14cf95accee58c54a265b8bfed186a57073ed3e79a4a2f081a041c49871a8ae61b08a365d81c31c50d9cbab368ddf45076160675fec403e7d13edfdc862e10027e661296534e7af3365879b12042d8963f35be3f8ef2999743f5e40ce13c68728c8d49d75a52b573fb7a35943a61b08482c04885c19732d39b725fa0d2348f7ef0467cf28c7294c707b0d7b5b230b81965f09c8327b0a0abd0a2727e050fb3aeddb95b9b42bcc32663456b86f11d4643edc8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611cb28a000000000026
-      Version: 3
-      TBS:
-        MD5: 983a0c315a50542362f2bd6a5d71c8d0
-        SHA1: 8047f476001f5cb16a661d2a3fd0c3576168f5e2
-        SHA256: 5f6a519ed2e35cd0fa1cdfc90f4387162c36287bbf9e4d6648251d99542a9e83
-        SHA384: 5f014b60511ddab3247ef0b3c03fe82c622237ba76015e2911d1adc50dc632d56ebd1ee532f3c2b6cbfe68d80a2c91dc
-    - Subject: C=US, ST=North Carolina, L=Newton, O=AVG Technologies USA, Inc., OU=Release
-        Engineering, CN=AVG Technologies USA, Inc.
-      ValidFrom: '2018-01-30 00:00:00'
-      ValidTo: '2021-01-22 12:00:00'
-      Signature: 64a3846966f4f2a1ffd87657c43ac13664775a70d059fd4447ee6588de3e0bf2b1a228291c0a01222cab6b4bbbcaabb94662396476d5525c952e7fd0048588028be1ba1c55c1ac200b523e7234ded93661acf83becee39c27823e22ec23d4ff8266eea3241ed9fbfd6bba155c7c39ed31db5e810dd7ea0858b0a2e9b824f23b9002f04e35375d54e5237f575e221914fd6a11590fdac7bc2ee5d66eb08e3c560414f6144111bef12350d70d9bdc513fb8d2407de5f1c7cca824feb4fb2a51057c2609f8d6419078879d64840ed870385d645f08f022a306ba5309883eacf4967dbbeb36961c73f2ed047d6cf85d2c3ee86c9913e8374be078155a4ffa36d9fa8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0557955e02a6b53dd1d574ede15f310e
-      Version: 3
-      TBS:
-        MD5: f9b558280379fbd2ac831a9850ec9c0e
-        SHA1: c22448dd1388c2011166e2a203fe984bd702f355
-        SHA256: c2f472e92e35af2565c8973f388a3602f43929f9e41befa85cdeff4446c5b9fe
-        SHA384: 5ee6139861e1ad7af4f34277455f9239b9ae156de69550c1f6b567afa2038498f9edb2464632655aac52899243ff84b3
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code
-        Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 7b721d64ff88c83ac1b7e9e7a9c487bbdb9492d7905933fa2b87dea85b80253f138f9b831b7c43c4e68cdf393ec315ecb0da3b21257b24c1725db84791811346fa9c3f6a5138deb425cbf0abdfc528015479104624d1380f26a161904dbabd28e63ff1c4aa9bf6da35534fc9f23dd36cdc23edaaa04d6709f33a803d3cfb364c90e776a4ddf23abf56352fa24c65e8e0d4dad1c7c8916a2d234f373b199418d4d59c103cd5b11c19ff8fc86b9b9ef8ae9c999678d1cd9c51155b4226725a8d0a4a239240e886de22c2933ad49b68a6df297f06b93c0ebd9fc4869c82474271328609997209794b9d7169f541ff7f397764f1848dbe8b1eb27d68a3a590b10cff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0fa8490615d700a0be2176fdc5ec6dbd
-      Version: 3
-      TBS:
-        MD5: a9a31555bbc92b6033975c5428fb3679
-        SHA1: 47f4b9898631773231b32844ec0d49990ac4eb1e
-        SHA256: c826846e4b1d73edb7561ab1b41c949354e237a91e82fe1be5b7e2e1701f52d1
-        SHA384: 86f49574f368a561914a52d7ae043ec6784ef8c718960700f834e123594605d25d39f1ad45f1eb5052c9567f3edd0e16
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 0557955e02a6b53dd1d574ede15f310e
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code
-        Signing CA,1
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 382c4767d71156621da4d8ab3193017a
-    SHA1: 20e40fd8dd4465dfd940c017e5cb26819d5cbed7
-    SHA256: cc76cbedaf6062b99e917cf31a8cce723c854d10d1afd041e4ca85ceabb39c4b
-  Sections:
-    .text:
-      Entropy: 6.335598955768239
-      Virtual Size: '0x2133c'
-    .rdata:
-      Entropy: 5.827850078819874
-      Virtual Size: '0x306c'
-    .data:
-      Entropy: 1.9686843664265543
-      Virtual Size: '0x25ac0'
-    .pdata:
-      Entropy: 5.352123698526265
-      Virtual Size: '0x10a4'
-    PAGE:
-      Entropy: 6.236243477409071
-      Virtual Size: '0x19f7'
-    INIT:
-      Entropy: 5.308986664848571
-      Virtual Size: '0x130e'
-    .rsrc:
-      Entropy: 3.3969734355326646
-      Virtual Size: '0x3b8'
-    .reloc:
-      Entropy: 2.585838337225609
-      Virtual Size: '0x4ba'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2018-11-02 05:23:13'
-  Imphash: dd406d43857d7f5ad1b0aec04fdb7e5f
-  LoadsDespiteHVCI: 'TRUE'
-- Filename: aswArPot.sys
-  MD5: 25190f667f31318dd9a2e36383d5709f
-  SHA1: 6dac7a8fa9589caae0db9d6775361d26011c80b2
-  SHA256: 0f17e5cfc5bdd74aff91bfb1a836071345ba2b5d1b47b0d5bf8e7e0d4d5e2dbf
-  Authentihash:
-    MD5: 7d20fc4bf882c254e43049b35c40abe5
-    SHA1: 38ec7b2b736b7544fae9891c066a3f7231145ba2
-    SHA256: 9e51062d4249945e77c7d3fdecc9797ffc38017465c8068a5f1296bf85ae558c
-  Description: Avast anti rootkit
-  Company: AVAST Software
-  InternalName: aswArPot.sys
-  OriginalFilename: aswArPot.sys
-  FileVersion: 19.3.4224.0
-  Product: 'Avast Antivirus '
-  ProductVersion: 19.3.4224.0
-  Copyright: Copyright (c) 2019 AVAST Software
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - wcschr
-  - MmUnmapLockedPages
-  - _stricmp
-  - _wcsicmp
-  - towlower
-  - _strnicmp
-  - ExAllocatePoolWithTag
-  - PsGetProcessWin32Process
-  - KeClearEvent
-  - RtlVolumeDeviceToDosName
-  - KeQueryActiveProcessors
-  - RtlConvertSidToUnicodeString
-  - IoBuildDeviceIoControlRequest
-  - ExFreePoolWithTag
-  - KeResetEvent
-  - ExReleaseFastMutex
-  - IoGetBaseFileSystemDeviceObject
-  - strncmp
-  - ZwOpenThreadTokenEx
-  - RtlAnsiStringToUnicodeString
-  - ExAcquireFastMutex
-  - PsSetLoadImageNotifyRoutine
-  - _snwprintf
-  - NtBuildNumber
-  - PsRemoveCreateThreadNotifyRoutine
-  - PsLookupProcessByProcessId
-  - ZwQuerySymbolicLinkObject
-  - _wcsnicmp
-  - ZwReadFile
-  - strstr
-  - ZwMapViewOfSection
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeSetEvent
-  - wcsncpy
-  - RtlEqualSid
-  - strchr
-  - IoFreeWorkItem
-  - MmGetSystemRoutineAddress
-  - KeInitializeEvent
-  - PsSetCreateThreadNotifyRoutine
-  - RtlUnicodeStringToAnsiString
-  - _snprintf
-  - RtlGetVersion
-  - ZwQuerySystemInformation
-  - RtlInitString
-  - KeReleaseSpinLock
-  - PsSetCreateProcessNotifyRoutine
-  - ZwOpenSymbolicLinkObject
-  - IoFreeMdl
-  - KeUnstackDetachProcess
-  - ZwOpenProcessTokenEx
-  - ZwSetInformationFile
-  - tolower
-  - KeDelayExecutionThread
-  - ObQueryNameString
-  - strncpy
-  - IoFileObjectType
-  - IoDriverObjectType
-  - wcsrchr
-  - wcsstr
-  - PsCreateSystemThread
-  - MmMapLockedPagesSpecifyCache
-  - IoGetDeviceObjectPointer
-  - ZwUnmapViewOfSection
-  - ExAllocatePool
-  - PsTerminateSystemThread
-  - IoGetCurrentProcess
-  - ExEventObjectType
-  - IoAllocateWorkItem
-  - ZwClose
-  - IofCompleteRequest
-  - ObReferenceObjectByHandle
-  - KeWaitForSingleObject
-  - PsRemoveLoadImageNotifyRoutine
-  - IoGetRequestorProcessId
-  - MmProbeAndLockPages
-  - PsGetVersion
-  - KeRevertToUserAffinityThread
-  - PsThreadType
-  - IoGetDeviceInterfaces
-  - ZwOpenProcess
-  - SeExports
-  - MmUnlockPages
-  - strrchr
-  - ZwQueryInformationProcess
-  - IoCreateSymbolicLink
-  - PsGetCurrentThreadId
-  - PsGetCurrentProcessId
-  - KeSetSystemAffinityThread
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - ZwCreateSection
-  - ObReferenceObjectByName
-  - IoQueueWorkItem
-  - IoDeviceObjectType
-  - ZwOpenFile
-  - wcsncmp
-  - ZwQueryInformationToken
-  - ZwQueryInformationFile
-  - ZwQueryInformationThread
-  - ObOpenObjectByPointer
-  - KeStackAttachProcess
-  - PsLookupThreadByThreadId
-  - ZwEnumerateKey
-  - IoAllocateMdl
-  - IofCallDriver
-  - ZwOpenKey
-  - KeAcquireSpinLockRaiseToDpc
-  - IoThreadToProcess
-  - IoAttachDeviceToDeviceStackSafe
-  - IoDetachDevice
-  - PsInitialSystemProcess
-  - IoCreateDevice
-  - PsProcessType
-  - MmUnmapIoSpace
-  - KeDetachProcess
-  - MmMapIoSpace
-  - KeAttachProcess
-  - ZwDeleteFile
-  - IoBuildSynchronousFsdRequest
-  - NtClose
-  - RtlCompareUnicodeString
-  - ObfReferenceObject
-  - ZwWriteFile
-  - ZwOpenThread
-  - ZwTerminateProcess
-  - RtlEqualUnicodeString
-  - ZwOpenDirectoryObject
-  - KeBugCheck
-  - ZwQueryDirectoryObject
-  - IoFreeIrp
-  - IoAllocateIrp
-  - KdDebuggerNotPresent
-  - KeSetTargetProcessorDpc
-  - KeInitializeDpc
-  - KeInsertQueueDpc
-  - KeNumberProcessors
-  - KeBugCheckEx
-  - ZwSetSecurityObject
-  - RtlLengthSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - RtlCreateSecurityDescriptor
-  - RtlSetDaclSecurityDescriptor
-  - RtlAbsoluteToSelfRelativeSD
-  - IoIsWdmVersionAvailable
-  - RtlLengthSid
-  - RtlAddAccessAllowedAce
-  - RtlGetSaclSecurityDescriptor
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - ZwCreateKey
-  - ZwQueryValueKey
-  - ZwSetValueKey
-  - RtlFreeUnicodeString
-  - RtlQueryRegistryValues
-  - RtlPrefixUnicodeString
-  - ExUnregisterCallback
-  - ExRegisterCallback
-  - ExCreateCallback
-  - __C_specific_handler
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=CZ, L=Praha 4, O=AVAST Software s.r.o., CN=AVAST Software s.r.o.
-      ValidFrom: '2016-09-06 00:00:00'
-      ValidTo: '2019-10-04 12:00:00'
-      Signature: 56220de8a9a65fffbff97ff463c4026ec9be68fe98bfa0b20a722df84322a44dbc98f25b87ee42da3a06a6cedef076de22e0d7e02d41201156875341cd24badedb8aa5afa133e9ed688fc45aeb37a74fbe399828143561fd717fa7bed97cb5d42643494462fef349f3300daff13660a9e50f85d1110de96d1300e0e730d2b6689fd53eb7a72f4f3112dffa2c1caf17cb64c22509d82b5ce1c2181c2faac22fce3981e683183d6da50d1c17dec375c370f5feb5abfbc6dca4cdd47a5b14375870de6dc346361d8997e79f19819f5168f9b01c9aacc210f2322248adc375a2782b64881c6a557677815c39b024555cc0adca920a617e0ecb385eb47213b1553c80
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 07c70f7cab145bc1ed385fbe69fa3130
-      Version: 3
-      TBS:
-        MD5: 2e1a5012cbe8b95785c794bc1c5584c3
-        SHA1: f4753b06b08938794c32c2475cee663143036d08
-        SHA256: fcad609a3259e3ca079248302a7e694f40e66a7090e510c8c3e821d7a8da82a5
-        SHA384: 08a8396996a9ecb96b22a85d6adf3f8b1117f3a880b1d4af12e4de8e8005897a7073d6d5368cb92f701f466ec227e2a6
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
-      Version: 3
-      TBS:
-        MD5: 829995f702421dea833a24fb2c7f4442
-        SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
-        SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
-        SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 07c70f7cab145bc1ed385fbe69fa3130
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 9626b493680953826324d269e208fa60
-    SHA1: 1a458000e2060911a31fcbed8ad9000b98f54944
-    SHA256: ace6a5d1d7b11c6668753f9f17b2bb60f496168179cfd2d50e4e9e66fc41a50f
-  Sections:
-    .text:
-      Entropy: 6.339013885126004
-      Virtual Size: '0x222fc'
-    .rdata:
-      Entropy: 5.8378531100614115
-      Virtual Size: '0x315c'
-    .data:
-      Entropy: 1.978643378313633
-      Virtual Size: '0x25b18'
-    .pdata:
-      Entropy: 5.349965388979516
-      Virtual Size: '0x111c'
-    PAGE:
-      Entropy: 6.235824409373057
-      Virtual Size: '0x19f7'
-    INIT:
-      Entropy: 5.316566552212568
-      Virtual Size: '0x1352'
-    .rsrc:
-      Entropy: 3.3340452179788547
-      Virtual Size: '0x370'
-    .reloc:
-      Entropy: 2.5738028214326922
-      Virtual Size: '0x4c4'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2019-02-25 07:50:54'
-  Imphash: 1aa10b05dee9268d7ce87f5f56ea9ded
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: aswArPot.sys
-  MD5: e7273e17ac85dc4272c4c4400091a19e
-  SHA1: 94b014123412fbe8709b58ec72594f8053037ae9
-  SHA256: 1023dcd4c80db19e9f82f95b1c5e1ddb60db7ac034848dd5cc1c78104a6350f4
-  Authentihash:
-    MD5: 8c2b0e47a2de7bd04758041782b1b2a7
-    SHA1: a7f1025ab664dd61800687724fce31fd3b765d1f
-    SHA256: 60ae64ade82e9364e95f779bbf950571484aa833ece6837489329517012c7757
-  Description: AVG anti rootkit
-  Company: AVG Technologies CZ, s.r.o.
-  InternalName: aswArPot.sys
-  OriginalFilename: aswArPot.sys
-  FileVersion: 18.1.3800.0
-  Product: 'AVG Internet Security System '
-  ProductVersion: 18.1.3800.0
-  Copyright: Copyright (C) 2018 AVG Technologies CZ, s.r.o.
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - wcschr
-  - MmUnmapLockedPages
-  - _stricmp
-  - _wcsicmp
-  - towlower
-  - _strnicmp
-  - ExAllocatePoolWithTag
-  - PsGetProcessWin32Process
-  - KeClearEvent
-  - RtlVolumeDeviceToDosName
-  - KeQueryActiveProcessors
-  - RtlConvertSidToUnicodeString
-  - ExFreePoolWithTag
-  - KeResetEvent
-  - ExReleaseFastMutex
-  - IoGetBaseFileSystemDeviceObject
-  - strncmp
-  - ZwOpenThreadTokenEx
-  - RtlAnsiStringToUnicodeString
-  - ExAcquireFastMutex
-  - PsSetLoadImageNotifyRoutine
-  - _snwprintf
-  - NtBuildNumber
-  - PsRemoveCreateThreadNotifyRoutine
-  - PsLookupProcessByProcessId
-  - ZwQuerySymbolicLinkObject
-  - _wcsnicmp
-  - ZwReadFile
-  - strstr
-  - ZwMapViewOfSection
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeSetEvent
-  - wcsncpy
-  - RtlEqualSid
-  - strchr
-  - IoFreeWorkItem
-  - MmGetSystemRoutineAddress
-  - KeInitializeEvent
-  - PsSetCreateThreadNotifyRoutine
-  - RtlUnicodeStringToAnsiString
-  - _snprintf
-  - RtlGetVersion
-  - ZwQuerySystemInformation
-  - RtlInitString
-  - KeReleaseSpinLock
-  - PsSetCreateProcessNotifyRoutine
-  - ZwOpenSymbolicLinkObject
-  - IoFreeMdl
-  - KeUnstackDetachProcess
-  - ZwOpenProcessTokenEx
-  - ZwSetInformationFile
-  - KeDelayExecutionThread
-  - ObQueryNameString
-  - strncpy
-  - IoFileObjectType
-  - IoDriverObjectType
-  - wcsrchr
-  - wcsstr
-  - PsCreateSystemThread
-  - MmMapLockedPagesSpecifyCache
-  - IoGetDeviceObjectPointer
-  - ZwUnmapViewOfSection
-  - ExAllocatePool
-  - PsTerminateSystemThread
-  - IoGetCurrentProcess
-  - ExEventObjectType
-  - IoAllocateWorkItem
-  - ZwClose
-  - IofCompleteRequest
-  - ObReferenceObjectByHandle
-  - KeWaitForSingleObject
-  - PsRemoveLoadImageNotifyRoutine
-  - IoGetRequestorProcessId
-  - MmProbeAndLockPages
-  - PsGetVersion
-  - KeRevertToUserAffinityThread
-  - PsThreadType
-  - IoGetDeviceInterfaces
-  - ZwOpenProcess
-  - SeExports
-  - MmUnlockPages
-  - strrchr
-  - ZwQueryInformationProcess
-  - IoCreateSymbolicLink
-  - PsGetCurrentThreadId
-  - PsGetCurrentProcessId
-  - KeSetSystemAffinityThread
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - ZwCreateSection
-  - ObReferenceObjectByName
-  - IoQueueWorkItem
-  - IoDeviceObjectType
-  - ZwOpenFile
-  - wcsncmp
-  - ZwQueryInformationToken
-  - ZwQueryInformationFile
-  - ZwQueryInformationThread
-  - ObOpenObjectByPointer
-  - KeStackAttachProcess
-  - PsLookupThreadByThreadId
-  - ZwEnumerateKey
-  - IoAllocateMdl
-  - IofCallDriver
-  - ZwOpenKey
-  - KeAcquireSpinLockRaiseToDpc
-  - IoAttachDeviceToDeviceStackSafe
-  - IoDetachDevice
-  - IoCreateDevice
-  - PsProcessType
-  - KeDetachProcess
-  - KeAttachProcess
-  - ZwDeleteFile
-  - IoBuildSynchronousFsdRequest
-  - NtClose
-  - RtlCompareUnicodeString
-  - ObfReferenceObject
-  - ZwWriteFile
-  - ZwOpenThread
-  - ZwTerminateProcess
-  - RtlEqualUnicodeString
-  - ZwOpenDirectoryObject
-  - KeBugCheck
-  - ZwQueryDirectoryObject
-  - IoFreeIrp
-  - IoAllocateIrp
-  - KdDebuggerNotPresent
-  - KeSetTargetProcessorDpc
-  - IoBuildDeviceIoControlRequest
-  - KeInitializeDpc
-  - KeInsertQueueDpc
-  - KeNumberProcessors
-  - KeBugCheckEx
-  - ZwSetSecurityObject
-  - RtlLengthSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - RtlCreateSecurityDescriptor
-  - RtlSetDaclSecurityDescriptor
-  - RtlAbsoluteToSelfRelativeSD
-  - IoIsWdmVersionAvailable
-  - RtlLengthSid
-  - RtlAddAccessAllowedAce
-  - RtlGetSaclSecurityDescriptor
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - ZwCreateKey
-  - ZwQueryValueKey
-  - ZwSetValueKey
-  - RtlFreeUnicodeString
-  - RtlQueryRegistryValues
-  - RtlPrefixUnicodeString
-  - ExUnregisterCallback
-  - ExRegisterCallback
-  - ExCreateCallback
-  - __C_specific_handler
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=NL, ST=North Holland, L=Amsterdam, O=AVG Netherlands B.V., CN=AVG
-        Netherlands B.V.
-      ValidFrom: '2015-07-28 00:00:00'
-      ValidTo: '2018-09-25 23:59:59'
-      Signature: 6a77df4c2dc0ab59ee02d60398ece3dbed508ef731dfe2d64ecaeb0d78f918776b40e046c00dc921210237c8fe7f91b4f2101334f5f672eed5cc4a21825bd8be18fc38ca8f190e2e83e527aae99e956a9cb6a1fa9f52658e42b9fc5618bf7e644f9aea6af7409233ba6e92bc6ea8c07677f094369af597f236de3ffeec4f2d4191c825e1273bbafa6ecb7846f430655760a92f40de681304dc230eb1513082bd4249e3fdcd01cb82905f21cdf0d1f68f581e76f8bded6332cca3dcabf7d483c5e64255bca86d876454c614d9c14c961df6ce78555b9d61a482497dc36dc41179970a8ae7e5cba9306d14cfa79b59112dfa0bec9cf9f7f63853a833b146dc33d8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 4b5e1897903602425d3cb25d75c4f4ce
-      Version: 3
-      TBS:
-        MD5: d4ce3e543458edafb2db286a26226b5b
-        SHA1: e1f64883f78595bfbbbb6998babc3eaf8e335749
-        SHA256: 52b100ec65c2b99f058ff89869ced270bf5e6a5db581962a69e073275339e0ae
-        SHA384: e5a09ab56343245e3f9235ebb1ff4a9479cbc13df2787cd70c850b62498f92265d2da9fd39f6bcd0e90e4d8f086e86d4
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 4b5e1897903602425d3cb25d75c4f4ce
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 73f94453db44e5265861f0ce8df39fc1
-    SHA1: 6d710be934482758c43d9d19941be5ed522e371f
-    SHA256: 39835922f0b2a2c24ed5fb74c468f28fc5b2c036c7a219352dc78f7f29ea13c3
-  Sections:
-    .text:
-      Entropy: 6.330956856300409
-      Virtual Size: '0x1f8ec'
-    .rdata:
-      Entropy: 5.8461335830026036
-      Virtual Size: '0x2ff4'
-    .data:
-      Entropy: 1.53386112768171
-      Virtual Size: '0x257d4'
-    .pdata:
-      Entropy: 5.366570445938959
-      Virtual Size: '0x1044'
-    PAGE:
-      Entropy: 6.235845388216762
-      Virtual Size: '0x19f7'
-    INIT:
-      Entropy: 5.313754042377951
-      Virtual Size: '0x12d0'
-    .rsrc:
-      Entropy: 3.3761629235800097
-      Virtual Size: '0x3b8'
-    .reloc:
-      Entropy: 1.8352486494643003
-      Virtual Size: '0x3fe'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2018-02-07 15:49:49'
-  Imphash: 1e8ee6407390a2d52051bec21c771fdb
-  LoadsDespiteHVCI: 'TRUE'
-- Filename: aswArPot.sys
-  MD5: 812e960977116bf6d6c1ccf8b5dd351f
-  SHA1: 3eea0f5fb180c6f865fc83ac75ef3ad5b1376775
-  SHA256: 1078af0c70e03ac17c7b8aa5ee03593f5decfef2f536716646a4ded1e98c153c
-  Authentihash:
-    MD5: 69e30d791a1b6a41c1ddd2d7394e5a86
-    SHA1: a3c5c7127cd7376ddd3571edccfe8d9ecdc8b623
-    SHA256: 59e004cd839611cbc5f7c061827587dbb120d7aab8d0e44191c0c01aeed9e168
-  Description: AVG anti rootkit
-  Company: AVG Technologies CZ, s.r.o.
-  InternalName: aswArPot.sys
-  OriginalFilename: aswArPot.sys
-  FileVersion: 19.3.4239.0
-  Product: 'AVG Internet Security System '
-  ProductVersion: 19.3.4239.0
-  Copyright: Copyright (C) 2019 AVG Technologies CZ, s.r.o.
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - wcschr
-  - MmUnmapLockedPages
-  - _stricmp
-  - _wcsicmp
-  - towlower
-  - _strnicmp
-  - ExAllocatePoolWithTag
-  - PsGetProcessWin32Process
-  - KeClearEvent
-  - RtlVolumeDeviceToDosName
-  - KeQueryActiveProcessors
-  - RtlConvertSidToUnicodeString
-  - IoBuildDeviceIoControlRequest
-  - ExFreePoolWithTag
-  - KeResetEvent
-  - ExReleaseFastMutex
-  - IoGetBaseFileSystemDeviceObject
-  - strncmp
-  - ZwOpenThreadTokenEx
-  - RtlAnsiStringToUnicodeString
-  - ExAcquireFastMutex
-  - PsSetLoadImageNotifyRoutine
-  - _snwprintf
-  - NtBuildNumber
-  - PsRemoveCreateThreadNotifyRoutine
-  - PsLookupProcessByProcessId
-  - ZwQuerySymbolicLinkObject
-  - _wcsnicmp
-  - ZwReadFile
-  - strstr
-  - ZwMapViewOfSection
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeSetEvent
-  - wcsncpy
-  - RtlEqualSid
-  - strchr
-  - IoFreeWorkItem
-  - MmGetSystemRoutineAddress
-  - KeInitializeEvent
-  - PsSetCreateThreadNotifyRoutine
-  - RtlUnicodeStringToAnsiString
-  - _snprintf
-  - RtlGetVersion
-  - ZwQuerySystemInformation
-  - RtlInitString
-  - KeReleaseSpinLock
-  - PsSetCreateProcessNotifyRoutine
-  - ZwOpenSymbolicLinkObject
-  - IoFreeMdl
-  - KeUnstackDetachProcess
-  - ZwOpenProcessTokenEx
-  - ZwSetInformationFile
-  - tolower
-  - KeDelayExecutionThread
-  - ObQueryNameString
-  - strncpy
-  - IoFileObjectType
-  - IoDriverObjectType
-  - wcsrchr
-  - wcsstr
-  - PsCreateSystemThread
-  - MmMapLockedPagesSpecifyCache
-  - IoGetDeviceObjectPointer
-  - ZwUnmapViewOfSection
-  - ExAllocatePool
-  - PsTerminateSystemThread
-  - IoGetCurrentProcess
-  - ExEventObjectType
-  - IoAllocateWorkItem
-  - ZwClose
-  - IofCompleteRequest
-  - ObReferenceObjectByHandle
-  - KeWaitForSingleObject
-  - PsRemoveLoadImageNotifyRoutine
-  - IoGetRequestorProcessId
-  - MmProbeAndLockPages
-  - PsGetVersion
-  - KeRevertToUserAffinityThread
-  - PsThreadType
-  - IoGetDeviceInterfaces
-  - ZwOpenProcess
-  - SeExports
-  - MmUnlockPages
-  - strrchr
-  - ZwQueryInformationProcess
-  - IoCreateSymbolicLink
-  - PsGetCurrentThreadId
-  - PsGetCurrentProcessId
-  - KeSetSystemAffinityThread
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - ZwCreateSection
-  - ObReferenceObjectByName
-  - IoQueueWorkItem
-  - IoDeviceObjectType
-  - ZwOpenFile
-  - wcsncmp
-  - ZwQueryInformationToken
-  - ZwQueryInformationFile
-  - ZwQueryInformationThread
-  - ObOpenObjectByPointer
-  - KeStackAttachProcess
-  - PsLookupThreadByThreadId
-  - ZwEnumerateKey
-  - IoAllocateMdl
-  - IofCallDriver
-  - ZwOpenKey
-  - KeAcquireSpinLockRaiseToDpc
-  - IoThreadToProcess
-  - IoAttachDeviceToDeviceStackSafe
-  - IoDetachDevice
-  - PsInitialSystemProcess
-  - IoCreateDevice
-  - PsProcessType
-  - MmUnmapIoSpace
-  - KeDetachProcess
-  - MmMapIoSpace
-  - KeAttachProcess
-  - ZwDeleteFile
-  - IoBuildSynchronousFsdRequest
-  - NtClose
-  - RtlCompareUnicodeString
-  - ObfReferenceObject
-  - ZwWriteFile
-  - ZwOpenThread
-  - ZwTerminateProcess
-  - RtlEqualUnicodeString
-  - ZwOpenDirectoryObject
-  - KeBugCheck
-  - ZwQueryDirectoryObject
-  - IoFreeIrp
-  - IoAllocateIrp
-  - KdDebuggerNotPresent
-  - KeSetTargetProcessorDpc
-  - KeInitializeDpc
-  - KeInsertQueueDpc
-  - KeNumberProcessors
-  - KeBugCheckEx
-  - ZwSetSecurityObject
-  - RtlLengthSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - RtlCreateSecurityDescriptor
-  - RtlSetDaclSecurityDescriptor
-  - RtlAbsoluteToSelfRelativeSD
-  - IoIsWdmVersionAvailable
-  - RtlLengthSid
-  - RtlAddAccessAllowedAce
-  - RtlGetSaclSecurityDescriptor
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - ZwCreateKey
-  - ZwQueryValueKey
-  - ZwSetValueKey
-  - RtlFreeUnicodeString
-  - RtlQueryRegistryValues
-  - RtlPrefixUnicodeString
-  - ExUnregisterCallback
-  - ExRegisterCallback
-  - ExCreateCallback
-  - __C_specific_handler
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root
-        CA
-      ValidFrom: '2011-04-15 19:41:37'
-      ValidTo: '2021-04-15 19:51:37'
-      Signature: 5cf5b22d02ceed01b53512d813f7aa4014c7a15ca08a55ed7e55ea6ac457176fd04722423658efc5ac61c5f62c52ce6ae6c80d85dab334420ea40225182672b92a4ea57e4b16f2a0e40c449ce24d9af474f0f927a6699031c244654348c74869d0fc8409f286140ac22996857f11eb8713176ed3ec6bff1d578ab17b1ea5a07ce9a27a68e5fac6b161d67263fa379163835599f81d614f0c6fa3f7bcb1152acc8d85e31417ef7e49443fb022c0f0acbe2fdbe10c86b0f4585c5a10a94bcdf3448a4652083e0a6210e9459504b78b8d4b074f500db7bbe7fb8ca27878c6c53b7663b2cfe521845a66fce04c79834ecfa8ee700586587cc29cd73ca3ad3c7e76625c87d0ed7cd5c55b1421f4be75a275d2e9e15ad020307841624d6b5e6e1b1710244ad8588775d015d762bbfd185665842561977faad49df4f35d6da031c2e19e02ac3e90c3327ee832903416d08b14cf95accee58c54a265b8bfed186a57073ed3e79a4a2f081a041c49871a8ae61b08a365d81c31c50d9cbab368ddf45076160675fec403e7d13edfdc862e10027e661296534e7af3365879b12042d8963f35be3f8ef2999743f5e40ce13c68728c8d49d75a52b573fb7a35943a61b08482c04885c19732d39b725fa0d2348f7ef0467cf28c7294c707b0d7b5b230b81965f09c8327b0a0abd0a2727e050fb3aeddb95b9b42bcc32663456b86f11d4643edc8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611cb28a000000000026
-      Version: 3
-      TBS:
-        MD5: 983a0c315a50542362f2bd6a5d71c8d0
-        SHA1: 8047f476001f5cb16a661d2a3fd0c3576168f5e2
-        SHA256: 5f6a519ed2e35cd0fa1cdfc90f4387162c36287bbf9e4d6648251d99542a9e83
-        SHA384: 5f014b60511ddab3247ef0b3c03fe82c622237ba76015e2911d1adc50dc632d56ebd1ee532f3c2b6cbfe68d80a2c91dc
-    - Subject: C=US, ST=North Carolina, L=Newton, O=AVG Technologies USA, Inc., OU=Release
-        Engineering, CN=AVG Technologies USA, Inc.
-      ValidFrom: '2018-01-30 00:00:00'
-      ValidTo: '2021-01-22 12:00:00'
-      Signature: 64a3846966f4f2a1ffd87657c43ac13664775a70d059fd4447ee6588de3e0bf2b1a228291c0a01222cab6b4bbbcaabb94662396476d5525c952e7fd0048588028be1ba1c55c1ac200b523e7234ded93661acf83becee39c27823e22ec23d4ff8266eea3241ed9fbfd6bba155c7c39ed31db5e810dd7ea0858b0a2e9b824f23b9002f04e35375d54e5237f575e221914fd6a11590fdac7bc2ee5d66eb08e3c560414f6144111bef12350d70d9bdc513fb8d2407de5f1c7cca824feb4fb2a51057c2609f8d6419078879d64840ed870385d645f08f022a306ba5309883eacf4967dbbeb36961c73f2ed047d6cf85d2c3ee86c9913e8374be078155a4ffa36d9fa8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0557955e02a6b53dd1d574ede15f310e
-      Version: 3
-      TBS:
-        MD5: f9b558280379fbd2ac831a9850ec9c0e
-        SHA1: c22448dd1388c2011166e2a203fe984bd702f355
-        SHA256: c2f472e92e35af2565c8973f388a3602f43929f9e41befa85cdeff4446c5b9fe
-        SHA384: 5ee6139861e1ad7af4f34277455f9239b9ae156de69550c1f6b567afa2038498f9edb2464632655aac52899243ff84b3
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code
-        Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 7b721d64ff88c83ac1b7e9e7a9c487bbdb9492d7905933fa2b87dea85b80253f138f9b831b7c43c4e68cdf393ec315ecb0da3b21257b24c1725db84791811346fa9c3f6a5138deb425cbf0abdfc528015479104624d1380f26a161904dbabd28e63ff1c4aa9bf6da35534fc9f23dd36cdc23edaaa04d6709f33a803d3cfb364c90e776a4ddf23abf56352fa24c65e8e0d4dad1c7c8916a2d234f373b199418d4d59c103cd5b11c19ff8fc86b9b9ef8ae9c999678d1cd9c51155b4226725a8d0a4a239240e886de22c2933ad49b68a6df297f06b93c0ebd9fc4869c82474271328609997209794b9d7169f541ff7f397764f1848dbe8b1eb27d68a3a590b10cff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0fa8490615d700a0be2176fdc5ec6dbd
-      Version: 3
-      TBS:
-        MD5: a9a31555bbc92b6033975c5428fb3679
-        SHA1: 47f4b9898631773231b32844ec0d49990ac4eb1e
-        SHA256: c826846e4b1d73edb7561ab1b41c949354e237a91e82fe1be5b7e2e1701f52d1
-        SHA384: 86f49574f368a561914a52d7ae043ec6784ef8c718960700f834e123594605d25d39f1ad45f1eb5052c9567f3edd0e16
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 0557955e02a6b53dd1d574ede15f310e
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code
-        Signing CA,1
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 9626b493680953826324d269e208fa60
-    SHA1: 1a458000e2060911a31fcbed8ad9000b98f54944
-    SHA256: ace6a5d1d7b11c6668753f9f17b2bb60f496168179cfd2d50e4e9e66fc41a50f
-  Sections:
-    .text:
-      Entropy: 6.339013885126004
-      Virtual Size: '0x222fc'
-    .rdata:
-      Entropy: 5.837026711574128
-      Virtual Size: '0x315c'
-    .data:
-      Entropy: 1.978643378313633
-      Virtual Size: '0x25b18'
-    .pdata:
-      Entropy: 5.349965388979516
-      Virtual Size: '0x111c'
-    PAGE:
-      Entropy: 6.235824409373057
-      Virtual Size: '0x19f7'
-    INIT:
-      Entropy: 5.316566552212568
-      Virtual Size: '0x1352'
-    .rsrc:
-      Entropy: 3.3974399348294853
-      Virtual Size: '0x3b8'
-    .reloc:
-      Entropy: 2.5738028214326922
-      Virtual Size: '0x4c4'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2019-03-07 03:04:31'
-  Imphash: 1aa10b05dee9268d7ce87f5f56ea9ded
-  LoadsDespiteHVCI: 'TRUE'
-- Filename: aswArPot.sys
-  MD5: 595363661db3e50acc4de05b0215cc6f
-  SHA1: ec8c0b2f49756b8784b3523e70cd8821b05b95eb
-  SHA256: 1273b74c3c1553eaa92e844fbd51f716356cc19cf77c2c780d4899ec7738fbd1
-  Authentihash:
-    MD5: 7890348aaadad057268d7273afd85c2f
-    SHA1: 276a8ba9fddb74586e3f50d49a784c0180619a86
-    SHA256: 68043583bc2f3fc1ca11458e8b921dce2573afdc04bd20ba85eeb806d884eb6f
-  Description: Avast anti rootkit
-  Company: AVAST Software
-  InternalName: aswArPot.sys
-  OriginalFilename: aswArPot.sys
-  FileVersion: 18.5.3926.0
-  Product: 'Avast Antivirus '
-  ProductVersion: 18.5.3926.0
-  Copyright: Copyright (c) 2018 AVAST Software
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - wcschr
-  - MmUnmapLockedPages
-  - _stricmp
-  - _wcsicmp
-  - towlower
-  - _strnicmp
-  - ExAllocatePoolWithTag
-  - PsGetProcessWin32Process
-  - KeClearEvent
-  - RtlVolumeDeviceToDosName
-  - KeQueryActiveProcessors
-  - RtlConvertSidToUnicodeString
-  - ExFreePoolWithTag
-  - KeResetEvent
-  - ExReleaseFastMutex
-  - IoGetBaseFileSystemDeviceObject
-  - strncmp
-  - ZwOpenThreadTokenEx
-  - RtlAnsiStringToUnicodeString
-  - ExAcquireFastMutex
-  - PsSetLoadImageNotifyRoutine
-  - _snwprintf
-  - NtBuildNumber
-  - PsRemoveCreateThreadNotifyRoutine
-  - PsLookupProcessByProcessId
-  - ZwQuerySymbolicLinkObject
-  - _wcsnicmp
-  - ZwReadFile
-  - strstr
-  - ZwMapViewOfSection
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeSetEvent
-  - wcsncpy
-  - RtlEqualSid
-  - strchr
-  - IoFreeWorkItem
-  - MmGetSystemRoutineAddress
-  - KeInitializeEvent
-  - PsSetCreateThreadNotifyRoutine
-  - RtlUnicodeStringToAnsiString
-  - _snprintf
-  - RtlGetVersion
-  - ZwQuerySystemInformation
-  - RtlInitString
-  - KeReleaseSpinLock
-  - PsSetCreateProcessNotifyRoutine
-  - ZwOpenSymbolicLinkObject
-  - IoFreeMdl
-  - KeUnstackDetachProcess
-  - ZwOpenProcessTokenEx
-  - ZwSetInformationFile
-  - KeDelayExecutionThread
-  - ObQueryNameString
-  - strncpy
-  - IoFileObjectType
-  - IoDriverObjectType
-  - wcsrchr
-  - wcsstr
-  - PsCreateSystemThread
-  - MmMapLockedPagesSpecifyCache
-  - IoGetDeviceObjectPointer
-  - ZwUnmapViewOfSection
-  - ExAllocatePool
-  - PsTerminateSystemThread
-  - IoGetCurrentProcess
-  - ExEventObjectType
-  - IoAllocateWorkItem
-  - ZwClose
-  - IofCompleteRequest
-  - ObReferenceObjectByHandle
-  - KeWaitForSingleObject
-  - PsRemoveLoadImageNotifyRoutine
-  - IoGetRequestorProcessId
-  - MmProbeAndLockPages
-  - PsGetVersion
-  - KeRevertToUserAffinityThread
-  - PsThreadType
-  - IoGetDeviceInterfaces
-  - ZwOpenProcess
-  - SeExports
-  - MmUnlockPages
-  - strrchr
-  - ZwQueryInformationProcess
-  - IoCreateSymbolicLink
-  - PsGetCurrentThreadId
-  - PsGetCurrentProcessId
-  - KeSetSystemAffinityThread
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - ZwCreateSection
-  - ObReferenceObjectByName
-  - IoQueueWorkItem
-  - IoDeviceObjectType
-  - ZwOpenFile
-  - wcsncmp
-  - ZwQueryInformationToken
-  - ZwQueryInformationFile
-  - ZwQueryInformationThread
-  - ObOpenObjectByPointer
-  - KeStackAttachProcess
-  - PsLookupThreadByThreadId
-  - ZwEnumerateKey
-  - IoAllocateMdl
-  - IofCallDriver
-  - ZwOpenKey
-  - KeAcquireSpinLockRaiseToDpc
-  - IoThreadToProcess
-  - IoAttachDeviceToDeviceStackSafe
-  - IoDetachDevice
-  - PsInitialSystemProcess
-  - IoCreateDevice
-  - PsProcessType
-  - KeDetachProcess
-  - KeAttachProcess
-  - ZwDeleteFile
-  - IoBuildSynchronousFsdRequest
-  - NtClose
-  - RtlCompareUnicodeString
-  - ObfReferenceObject
-  - ZwWriteFile
-  - ZwOpenThread
-  - ZwTerminateProcess
-  - RtlEqualUnicodeString
-  - ZwOpenDirectoryObject
-  - KeBugCheck
-  - ZwQueryDirectoryObject
-  - IoFreeIrp
-  - IoAllocateIrp
-  - KdDebuggerNotPresent
-  - KeSetTargetProcessorDpc
-  - IoBuildDeviceIoControlRequest
-  - KeInitializeDpc
-  - KeInsertQueueDpc
-  - KeNumberProcessors
-  - KeBugCheckEx
-  - ZwSetSecurityObject
-  - RtlLengthSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - RtlCreateSecurityDescriptor
-  - RtlSetDaclSecurityDescriptor
-  - RtlAbsoluteToSelfRelativeSD
-  - IoIsWdmVersionAvailable
-  - RtlLengthSid
-  - RtlAddAccessAllowedAce
-  - RtlGetSaclSecurityDescriptor
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - ZwCreateKey
-  - ZwQueryValueKey
-  - ZwSetValueKey
-  - RtlFreeUnicodeString
-  - RtlQueryRegistryValues
-  - RtlPrefixUnicodeString
-  - ExUnregisterCallback
-  - ExRegisterCallback
-  - ExCreateCallback
-  - __C_specific_handler
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=CZ, L=Praha 4, O=AVAST Software s.r.o., CN=AVAST Software s.r.o.
-      ValidFrom: '2016-09-06 00:00:00'
-      ValidTo: '2019-10-04 12:00:00'
-      Signature: 56220de8a9a65fffbff97ff463c4026ec9be68fe98bfa0b20a722df84322a44dbc98f25b87ee42da3a06a6cedef076de22e0d7e02d41201156875341cd24badedb8aa5afa133e9ed688fc45aeb37a74fbe399828143561fd717fa7bed97cb5d42643494462fef349f3300daff13660a9e50f85d1110de96d1300e0e730d2b6689fd53eb7a72f4f3112dffa2c1caf17cb64c22509d82b5ce1c2181c2faac22fce3981e683183d6da50d1c17dec375c370f5feb5abfbc6dca4cdd47a5b14375870de6dc346361d8997e79f19819f5168f9b01c9aacc210f2322248adc375a2782b64881c6a557677815c39b024555cc0adca920a617e0ecb385eb47213b1553c80
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 07c70f7cab145bc1ed385fbe69fa3130
-      Version: 3
-      TBS:
-        MD5: 2e1a5012cbe8b95785c794bc1c5584c3
-        SHA1: f4753b06b08938794c32c2475cee663143036d08
-        SHA256: fcad609a3259e3ca079248302a7e694f40e66a7090e510c8c3e821d7a8da82a5
-        SHA384: 08a8396996a9ecb96b22a85d6adf3f8b1117f3a880b1d4af12e4de8e8005897a7073d6d5368cb92f701f466ec227e2a6
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
-      Version: 3
-      TBS:
-        MD5: 829995f702421dea833a24fb2c7f4442
-        SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
-        SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
-        SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 07c70f7cab145bc1ed385fbe69fa3130
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 382c4767d71156621da4d8ab3193017a
-    SHA1: 20e40fd8dd4465dfd940c017e5cb26819d5cbed7
-    SHA256: cc76cbedaf6062b99e917cf31a8cce723c854d10d1afd041e4ca85ceabb39c4b
-  Sections:
-    .text:
-      Entropy: 6.3325058070978955
-      Virtual Size: '0x2055c'
-    .rdata:
-      Entropy: 5.833104784529011
-      Virtual Size: '0x3054'
-    .data:
-      Entropy: 1.7175014889289248
-      Virtual Size: '0x25834'
-    .pdata:
-      Entropy: 5.361018425197471
-      Virtual Size: '0x1080'
-    PAGE:
-      Entropy: 6.239589873252345
-      Virtual Size: '0x19f7'
-    INIT:
-      Entropy: 5.290568113447651
-      Virtual Size: '0x130e'
-    .rsrc:
-      Entropy: 3.345730921274483
-      Virtual Size: '0x370'
-    .reloc:
-      Entropy: 1.9886948791060113
-      Virtual Size: '0x438'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2018-06-12 01:27:49'
-  Imphash: 18502b56d9ea5dea7f9d31ef85db31d5
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: aswArPot.sys
-  MD5: 6212832f13b296ddbc85b24e22edb5ec
-  SHA1: 492a47426b04f00c0d5b711ad8c872aad3aa3a1d
-  SHA256: 14adbf0bc43414a7700e5403100cff7fc6ade50bebfab16a17acf2fdda5a9da8
-  Authentihash:
-    MD5: 4031a1ee3682bcfb0b50423708cffc54
-    SHA1: 6f4648a7e5aba2e64d62f00d72da0d5735ebea8a
-    SHA256: e5183eda50e2c42d2ed10c015be87dff774da180928c076e99888b0d6a931df5
-  Description: Avast anti rootkit
-  Company: AVAST Software
-  InternalName: aswArPot.sys
-  OriginalFilename: aswArPot.sys
-  FileVersion: 17.9.3754.0
-  Product: 'Avast Antivirus '
-  ProductVersion: 17.9.3754.0
-  Copyright: Copyright (c) 2014 AVAST Software
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - wcschr
-  - MmUnmapLockedPages
-  - _stricmp
-  - _wcsicmp
-  - towlower
-  - _strnicmp
-  - ExAllocatePoolWithTag
-  - PsGetProcessWin32Process
-  - KeClearEvent
-  - RtlVolumeDeviceToDosName
-  - KeQueryActiveProcessors
-  - RtlConvertSidToUnicodeString
-  - ExFreePoolWithTag
-  - KeResetEvent
-  - ExReleaseFastMutex
-  - IoGetBaseFileSystemDeviceObject
-  - strncmp
-  - ZwOpenThreadTokenEx
-  - RtlAnsiStringToUnicodeString
-  - ExAcquireFastMutex
-  - PsSetLoadImageNotifyRoutine
-  - _snwprintf
-  - NtBuildNumber
-  - PsRemoveCreateThreadNotifyRoutine
-  - PsLookupProcessByProcessId
-  - ZwQuerySymbolicLinkObject
-  - _wcsnicmp
-  - ZwReadFile
-  - strstr
-  - ZwMapViewOfSection
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeSetEvent
-  - wcsncpy
-  - RtlEqualSid
-  - strchr
-  - IoFreeWorkItem
-  - MmGetSystemRoutineAddress
-  - KeInitializeEvent
-  - PsSetCreateThreadNotifyRoutine
-  - RtlUnicodeStringToAnsiString
-  - _snprintf
-  - RtlGetVersion
-  - ZwQuerySystemInformation
-  - RtlInitString
-  - KeReleaseSpinLock
-  - PsSetCreateProcessNotifyRoutine
-  - ZwOpenSymbolicLinkObject
-  - IoFreeMdl
-  - KeUnstackDetachProcess
-  - ZwOpenProcessTokenEx
-  - ZwSetInformationFile
-  - KeDelayExecutionThread
-  - ObQueryNameString
-  - strncpy
-  - IoFileObjectType
-  - IoDriverObjectType
-  - wcsrchr
-  - wcsstr
-  - PsCreateSystemThread
-  - MmMapLockedPagesSpecifyCache
-  - IoGetDeviceObjectPointer
-  - ZwUnmapViewOfSection
-  - ExAllocatePool
-  - PsTerminateSystemThread
-  - IoGetCurrentProcess
-  - ExEventObjectType
-  - IoAllocateWorkItem
-  - ZwClose
-  - IofCompleteRequest
-  - ObReferenceObjectByHandle
-  - KeWaitForSingleObject
-  - PsRemoveLoadImageNotifyRoutine
-  - IoGetRequestorProcessId
-  - MmProbeAndLockPages
-  - PsGetVersion
-  - KeRevertToUserAffinityThread
-  - PsThreadType
-  - IoGetDeviceInterfaces
-  - ZwOpenProcess
-  - SeExports
-  - MmUnlockPages
-  - strrchr
-  - ZwQueryInformationProcess
-  - IoCreateSymbolicLink
-  - PsGetCurrentThreadId
-  - PsGetCurrentProcessId
-  - KeSetSystemAffinityThread
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - ZwCreateSection
-  - ObReferenceObjectByName
-  - IoQueueWorkItem
-  - IoDeviceObjectType
-  - ZwOpenFile
-  - wcsncmp
-  - ZwQueryInformationToken
-  - ZwQueryInformationFile
-  - ZwQueryInformationThread
-  - ObOpenObjectByPointer
-  - KeStackAttachProcess
-  - PsLookupThreadByThreadId
-  - ZwEnumerateKey
-  - IoAllocateMdl
-  - IofCallDriver
-  - ZwOpenKey
-  - KeAcquireSpinLockRaiseToDpc
-  - IoAttachDeviceToDeviceStackSafe
-  - IoDetachDevice
-  - IoCreateDevice
-  - PsProcessType
-  - KeDetachProcess
-  - KeAttachProcess
-  - ZwDeleteFile
-  - IoBuildSynchronousFsdRequest
-  - NtClose
-  - RtlCompareUnicodeString
-  - ObfReferenceObject
-  - ZwWriteFile
-  - ZwOpenThread
-  - ZwTerminateProcess
-  - RtlEqualUnicodeString
-  - ZwOpenDirectoryObject
-  - KeBugCheck
-  - ZwQueryDirectoryObject
-  - IoFreeIrp
-  - IoAllocateIrp
-  - KdDebuggerNotPresent
-  - KeSetTargetProcessorDpc
-  - IoBuildDeviceIoControlRequest
-  - KeInitializeDpc
-  - KeInsertQueueDpc
-  - KeNumberProcessors
-  - KeBugCheckEx
-  - ZwSetSecurityObject
-  - RtlLengthSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - RtlCreateSecurityDescriptor
-  - RtlSetDaclSecurityDescriptor
-  - RtlAbsoluteToSelfRelativeSD
-  - IoIsWdmVersionAvailable
-  - RtlLengthSid
-  - RtlAddAccessAllowedAce
-  - RtlGetSaclSecurityDescriptor
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - ZwCreateKey
-  - ZwQueryValueKey
-  - ZwSetValueKey
-  - RtlFreeUnicodeString
-  - RtlQueryRegistryValues
-  - RtlPrefixUnicodeString
-  - ExUnregisterCallback
-  - ExRegisterCallback
-  - ExCreateCallback
-  - __C_specific_handler
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=CZ, L=Praha 4, O=AVAST Software s.r.o., CN=AVAST Software s.r.o.
-      ValidFrom: '2016-09-06 00:00:00'
-      ValidTo: '2019-10-04 12:00:00'
-      Signature: 56220de8a9a65fffbff97ff463c4026ec9be68fe98bfa0b20a722df84322a44dbc98f25b87ee42da3a06a6cedef076de22e0d7e02d41201156875341cd24badedb8aa5afa133e9ed688fc45aeb37a74fbe399828143561fd717fa7bed97cb5d42643494462fef349f3300daff13660a9e50f85d1110de96d1300e0e730d2b6689fd53eb7a72f4f3112dffa2c1caf17cb64c22509d82b5ce1c2181c2faac22fce3981e683183d6da50d1c17dec375c370f5feb5abfbc6dca4cdd47a5b14375870de6dc346361d8997e79f19819f5168f9b01c9aacc210f2322248adc375a2782b64881c6a557677815c39b024555cc0adca920a617e0ecb385eb47213b1553c80
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 07c70f7cab145bc1ed385fbe69fa3130
-      Version: 3
-      TBS:
-        MD5: 2e1a5012cbe8b95785c794bc1c5584c3
-        SHA1: f4753b06b08938794c32c2475cee663143036d08
-        SHA256: fcad609a3259e3ca079248302a7e694f40e66a7090e510c8c3e821d7a8da82a5
-        SHA384: 08a8396996a9ecb96b22a85d6adf3f8b1117f3a880b1d4af12e4de8e8005897a7073d6d5368cb92f701f466ec227e2a6
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
-      Version: 3
-      TBS:
-        MD5: 829995f702421dea833a24fb2c7f4442
-        SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
-        SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
-        SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 07c70f7cab145bc1ed385fbe69fa3130
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 9f01ca8ed93b73533b4b894bfa79f4bd
-    SHA1: 017d43c1c1f23212519d8de54caf8049bb59aae7
-    SHA256: abb9be2d564989154e22b1dc4541f92c7859f64b7417c281aee3656fa0a4979d
-  Sections:
-    .text:
-      Entropy: 6.318649585727606
-      Virtual Size: '0x1de5c'
-    .rdata:
-      Entropy: 5.864385224996639
-      Virtual Size: '0x2e6c'
-    .data:
-      Entropy: 1.7814286677447535
-      Virtual Size: '0x25654'
-    .pdata:
-      Entropy: 5.356926069292097
-      Virtual Size: '0xf78'
-    PAGE:
-      Entropy: 6.246816071025832
-      Virtual Size: '0x19f7'
-    INIT:
-      Entropy: 5.302313382373697
-      Virtual Size: '0x12d0'
-    .rsrc:
-      Entropy: 3.3479742945142976
-      Virtual Size: '0x370'
-    .reloc:
-      Entropy: 1.8405309177627724
-      Virtual Size: '0x3dc'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2017-12-12 11:36:29'
-  Imphash: 1e8ee6407390a2d52051bec21c771fdb
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: aswArPot.sys
-  MD5: cc8855fe30a9cdef895177a4cf1a3dad
-  SHA1: 07c244739803f60a75d60347c17edc02d5d10b5d
-  SHA256: 17687cba00ec2c9036dd3cb5430aa1f4851e64990dafb4c8f06d88de5283d6ca
-  Authentihash:
-    MD5: 3e14e8314e37d819e12a94610e0c7efc
-    SHA1: c9e2da8df3086536c3fb8973c1848a39b9074bd1
-    SHA256: a465cfa7a0bd76dfe8f261661d348e25d1a6a3975673336f90878618f2e6c21b
-  Description: Avast Anti Rootkit
-  Company: AVAST Software
-  InternalName: aswArPot
-  OriginalFilename: aswArPot.sys
-  FileVersion: 20.8.137.0
-  Product: 'Avast Antivirus '
-  ProductVersion: 20.8.137.0
-  Copyright: Copyright (c) 2020 AVAST Software
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - __C_specific_handler
-  - KeDelayExecutionThread
-  - IoAllocateWorkItem
-  - MmIsAddressValid
-  - MmUnlockPages
-  - ExAllocatePool
-  - RtlAnsiStringToUnicodeString
-  - KeAcquireSpinLockRaiseToDpc
-  - ZwQuerySystemInformation
-  - PsRemoveLoadImageNotifyRoutine
-  - ZwUnmapViewOfSection
-  - ZwQuerySymbolicLinkObject
-  - MmProbeAndLockPages
-  - RtlVolumeDeviceToDosName
-  - PsSetLoadImageNotifyRoutine
-  - IoGetRequestorProcessId
-  - ZwReadFile
-  - ObQueryNameString
-  - ZwOpenThreadTokenEx
-  - ZwOpenProcessTokenEx
-  - towlower
-  - NtBuildNumber
-  - ExReleaseFastMutex
-  - _wcsicmp
-  - _snwprintf
-  - RtlConvertSidToUnicodeString
-  - ObfDereferenceObject
-  - IoAllocateMdl
-  - ZwCreateSection
-  - ZwQueryInformationProcess
-  - PsGetProcessId
-  - PsCreateSystemThread
-  - ZwQueryInformationThread
-  - RtlInitUnicodeString
-  - ZwOpenSymbolicLinkObject
-  - tolower
-  - PsRemoveCreateThreadNotifyRoutine
-  - IoDeleteDevice
-  - IoBuildDeviceIoControlRequest
-  - wcsncpy
-  - IoGetDeviceObjectPointer
-  - IoGetCurrentProcess
-  - ObOpenObjectByPointer
-  - strncpy
-  - KeReleaseSpinLock
-  - _strnicmp
-  - IoFileObjectType
-  - KeStackAttachProcess
-  - PsLookupProcessByProcessId
-  - PsGetCurrentProcessId
-  - KeSetEvent
-  - PsThreadType
-  - RtlUnicodeStringToAnsiString
-  - ZwQueryInformationToken
-  - ZwMapViewOfSection
-  - strncmp
-  - ObReferenceObjectByHandle
-  - RtlGetVersion
-  - PsGetThreadId
-  - PsGetVersion
-  - KeClearEvent
-  - IoGetBaseFileSystemDeviceObject
-  - wcschr
-  - ZwSetInformationFile
-  - ZwEnumerateKey
-  - IoFreeMdl
-  - wcsstr
-  - ExAcquireFastMutex
-  - MmGetSystemRoutineAddress
-  - IoFreeWorkItem
-  - _stricmp
-  - ExAllocatePoolWithTag
-  - RtlInitString
-  - IofCallDriver
-  - IoDeviceObjectType
-  - _snprintf
-  - ExFreePoolWithTag
-  - ZwOpenFile
-  - KeSetSystemAffinityThread
-  - strstr
-  - KeInitializeEvent
-  - ObReferenceObjectByName
-  - strchr
-  - _wcsnicmp
-  - KeQueryActiveProcessors
-  - RtlEqualSid
-  - IoQueueWorkItem
-  - MmUnmapLockedPages
-  - MmMapLockedPagesSpecifyCache
-  - PsSetCreateThreadNotifyRoutine
-  - PsGetCurrentThreadId
-  - IofCompleteRequest
-  - PsGetProcessWin32Process
-  - ExEventObjectType
-  - ZwQueryInformationFile
-  - KeWaitForSingleObject
-  - IoCreateSymbolicLink
-  - PsSetCreateProcessNotifyRoutine
-  - IoDriverObjectType
-  - PsLookupThreadByThreadId
-  - IoGetDeviceInterfaces
-  - ZwClose
-  - PsTerminateSystemThread
-  - wcsrchr
-  - strrchr
-  - SeExports
-  - KeUnstackDetachProcess
-  - KeResetEvent
-  - KeRevertToUserAffinityThread
-  - ZwOpenProcess
-  - wcsncmp
-  - ZwOpenKey
-  - PsGetThreadProcess
-  - IoDetachDevice
-  - IoAttachDeviceToDeviceStackSafe
-  - IoThreadToProcess
-  - PsInitialSystemProcess
-  - IoCreateDevice
-  - KeInsertQueueDpc
-  - KeNumberProcessors
-  - KeInitializeDpc
-  - KeSetTargetProcessorDpc
-  - PsProcessType
-  - MmMapIoSpace
-  - MmUnmapIoSpace
-  - ZwDeleteFile
-  - KeAttachProcess
-  - KeDetachProcess
-  - RtlCompareUnicodeString
-  - ZwWriteFile
-  - NtClose
-  - ObfReferenceObject
-  - IoBuildSynchronousFsdRequest
-  - ZwOpenThread
-  - ZwTerminateProcess
-  - RtlEqualUnicodeString
-  - IoFreeIrp
-  - ZwQueryDirectoryObject
-  - KeBugCheck
-  - ZwOpenDirectoryObject
-  - IoAllocateIrp
-  - KdDebuggerNotPresent
-  - ZwSetSecurityObject
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - RtlGetSaclSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - RtlLengthSecurityDescriptor
-  - RtlCreateSecurityDescriptor
-  - RtlAbsoluteToSelfRelativeSD
-  - RtlAddAccessAllowedAce
-  - RtlLengthSid
-  - IoIsWdmVersionAvailable
-  - RtlSetDaclSecurityDescriptor
-  - ZwSetValueKey
-  - ZwQueryValueKey
-  - ZwCreateKey
-  - RtlFreeUnicodeString
-  - KeBugCheckEx
-  - RtlQueryRegistryValues
-  - RtlPrefixUnicodeString
-  - ExRegisterCallback
-  - ExCreateCallback
-  - ExUnregisterCallback
-  - strcmp
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=CZ, L=Praha, O=Avast Software s.r.o., OU=RE 999, CN=Avast Software
-        s.r.o.
-      ValidFrom: '2019-12-02 00:00:00'
-      ValidTo: '2022-10-19 12:00:00'
-      Signature: 874d04f17ffc50e66100207e56ecc8ae7e81c1957a7600295ead9db28842c7c05e06e8e28ccfc1e9d45d7a55d6d4a2fb74d72600a79ef5bfa53acaa4f3a4fcaf90a2554fc37742dd44c83a90880f948f5538637c0d999b03ebbf20cc001293a5639d44ad950cacfce2a337f7a24b817a5b85df89f6acf49974adee1d867373e6534a3f3558e59f87d06afe5744ec575b66c76110a595471007b209c591984f0ff20ea4c87ac405c85f42f0b105b04ec2ced11ca9cfb6aef21a3c6ae9ccd2a9cb4a9f78244751b15bfccb32ec3a52d44258bad6fc6d9f24c24700e9e1c4c0c29b9db4683c526a92934d72367620c6a89119e7a678597d7603c62b1c22f54edfad
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03f02aca051d1c9330eeabd3706e836f
-      Version: 3
-      TBS:
-        MD5: f251d9cde0901fb67831855b4a592b51
-        SHA1: cd0ac068faea4b875ded287512f20b6ba8dcb457
-        SHA256: 247e040822854e1a4cbc3488782a9e96db6bffa9bdfe36406a46e3f88695d423
-        SHA384: c6a765c300f3ee36604e9c51a9fcd18071b0cd0bd15b3ad69350f04a0b1b5ef7b71556af698a1e8988bf91cd8b2a6104
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
-      Version: 3
-      TBS:
-        MD5: 829995f702421dea833a24fb2c7f4442
-        SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
-        SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
-        SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 03f02aca051d1c9330eeabd3706e836f
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      Version: 1
-  RichPEHeaderHash:
-    MD5: e8033ae063a3483aec0d2fa55081ff62
-    SHA1: fef047c18b115c601ddfd833e1cb5784ca1afbd7
-    SHA256: fe30a08a31a5f4687353c7b08444b72fb6402a51b0586f0ade667983f833c4a5
-  Sections:
-    .text:
-      Entropy: 6.382014580840617
-      Virtual Size: '0x21e62'
-    .rdata:
-      Entropy: 5.714787775738275
-      Virtual Size: '0x3b24'
-    .data:
-      Entropy: 2.7169953597230534
-      Virtual Size: '0x259b0'
-    .pdata:
-      Entropy: 5.4323977966026975
-      Virtual Size: '0x11dc'
-    PAGE:
-      Entropy: 6.273110218235552
-      Virtual Size: '0x1c4b'
-    INIT:
-      Entropy: 5.36403021726766
-      Virtual Size: '0x13dc'
-    .rsrc:
-      Entropy: 3.2921361382464633
-      Virtual Size: '0x398'
-    .reloc:
-      Entropy: 5.3833020583275815
-      Virtual Size: '0x188'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2020-10-05 12:20:35'
-  Imphash: 26150d69f50aa9247c3f3f17521d18a2
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: aswArPot.sys
-  MD5: f83c61adbb154d46dd8f77923aa7e9c3
-  SHA1: 804013a12f2f6ba2e55c4542cbdc50ca01761905
-  SHA256: 19d0fc91b70d7a719f7a28b4ad929f114bf1de94a4c7cba5ad821285a4485da0
-  Authentihash:
-    MD5: 42a26c6ef3e814bccfb68b994460aa0d
-    SHA1: a8258d25d074281391109908b94130f39f7dbfbf
-    SHA256: 968258fe6b307a7887465c7fb0a0b7b45f973b91deb8638af1428d247430d777
-  Description: AVG Anti Rootkit
-  Company: AVG Technologies CZ, s.r.o.
-  InternalName: aswArPot
-  OriginalFilename: aswArPot.sys
-  FileVersion: 20.7.113.0
-  Product: 'AVG Internet Security System '
-  ProductVersion: 20.7.113.0
-  Copyright: Copyright (C) 2020 AVG Technologies CZ, s.r.o.
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - __C_specific_handler
-  - KeDelayExecutionThread
-  - IoAllocateWorkItem
-  - MmIsAddressValid
-  - MmUnlockPages
-  - ExAllocatePool
-  - RtlAnsiStringToUnicodeString
-  - KeAcquireSpinLockRaiseToDpc
-  - ZwQuerySystemInformation
-  - PsRemoveLoadImageNotifyRoutine
-  - ZwUnmapViewOfSection
-  - ZwQuerySymbolicLinkObject
-  - MmProbeAndLockPages
-  - RtlVolumeDeviceToDosName
-  - PsSetLoadImageNotifyRoutine
-  - IoGetRequestorProcessId
-  - ZwReadFile
-  - ObQueryNameString
-  - ZwOpenThreadTokenEx
-  - ZwOpenProcessTokenEx
-  - towlower
-  - NtBuildNumber
-  - ExReleaseFastMutex
-  - _wcsicmp
-  - _snwprintf
-  - RtlConvertSidToUnicodeString
-  - ObfDereferenceObject
-  - IoAllocateMdl
-  - ZwCreateSection
-  - ZwQueryInformationProcess
-  - PsGetProcessId
-  - PsCreateSystemThread
-  - ZwQueryInformationThread
-  - RtlInitUnicodeString
-  - ZwOpenSymbolicLinkObject
-  - tolower
-  - PsRemoveCreateThreadNotifyRoutine
-  - IoDeleteDevice
-  - IoBuildDeviceIoControlRequest
-  - wcsncpy
-  - IoGetDeviceObjectPointer
-  - IoGetCurrentProcess
-  - ObOpenObjectByPointer
-  - strncpy
-  - KeReleaseSpinLock
-  - _strnicmp
-  - IoFileObjectType
-  - KeStackAttachProcess
-  - PsLookupProcessByProcessId
-  - PsGetCurrentProcessId
-  - KeSetEvent
-  - PsThreadType
-  - RtlUnicodeStringToAnsiString
-  - ZwQueryInformationToken
-  - ZwMapViewOfSection
-  - strncmp
-  - ObReferenceObjectByHandle
-  - RtlGetVersion
-  - PsGetThreadId
-  - PsGetVersion
-  - KeClearEvent
-  - IoGetBaseFileSystemDeviceObject
-  - wcschr
-  - ZwSetInformationFile
-  - ZwEnumerateKey
-  - IoFreeMdl
-  - wcsstr
-  - ExAcquireFastMutex
-  - MmGetSystemRoutineAddress
-  - IoFreeWorkItem
-  - _stricmp
-  - ExAllocatePoolWithTag
-  - RtlInitString
-  - IofCallDriver
-  - IoDeviceObjectType
-  - _snprintf
-  - ExFreePoolWithTag
-  - ZwOpenFile
-  - KeSetSystemAffinityThread
-  - strstr
-  - KeInitializeEvent
-  - ObReferenceObjectByName
-  - strchr
-  - _wcsnicmp
-  - KeQueryActiveProcessors
-  - RtlEqualSid
-  - IoQueueWorkItem
-  - MmUnmapLockedPages
-  - MmMapLockedPagesSpecifyCache
-  - PsSetCreateThreadNotifyRoutine
-  - PsGetCurrentThreadId
-  - IofCompleteRequest
-  - PsGetProcessWin32Process
-  - ExEventObjectType
-  - ZwQueryInformationFile
-  - KeWaitForSingleObject
-  - IoCreateSymbolicLink
-  - PsSetCreateProcessNotifyRoutine
-  - IoDriverObjectType
-  - PsLookupThreadByThreadId
-  - IoGetDeviceInterfaces
-  - ZwClose
-  - PsTerminateSystemThread
-  - wcsrchr
-  - strrchr
-  - SeExports
-  - KeUnstackDetachProcess
-  - KeResetEvent
-  - KeRevertToUserAffinityThread
-  - ZwOpenProcess
-  - wcsncmp
-  - ZwOpenKey
-  - PsGetThreadProcess
-  - IoDetachDevice
-  - IoAttachDeviceToDeviceStackSafe
-  - IoThreadToProcess
-  - PsInitialSystemProcess
-  - IoCreateDevice
-  - KeInsertQueueDpc
-  - KeNumberProcessors
-  - KeInitializeDpc
-  - KeSetTargetProcessorDpc
-  - PsProcessType
-  - MmMapIoSpace
-  - MmUnmapIoSpace
-  - ZwDeleteFile
-  - KeAttachProcess
-  - KeDetachProcess
-  - RtlCompareUnicodeString
-  - ZwWriteFile
-  - NtClose
-  - ObfReferenceObject
-  - IoBuildSynchronousFsdRequest
-  - ZwOpenThread
-  - ZwTerminateProcess
-  - RtlEqualUnicodeString
-  - IoFreeIrp
-  - ZwQueryDirectoryObject
-  - KeBugCheck
-  - ZwOpenDirectoryObject
-  - IoAllocateIrp
-  - KdDebuggerNotPresent
-  - ZwSetSecurityObject
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - RtlGetSaclSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - RtlLengthSecurityDescriptor
-  - RtlCreateSecurityDescriptor
-  - RtlAbsoluteToSelfRelativeSD
-  - RtlAddAccessAllowedAce
-  - RtlLengthSid
-  - IoIsWdmVersionAvailable
-  - RtlSetDaclSecurityDescriptor
-  - ZwSetValueKey
-  - ZwQueryValueKey
-  - ZwCreateKey
-  - RtlFreeUnicodeString
-  - KeBugCheckEx
-  - RtlQueryRegistryValues
-  - RtlPrefixUnicodeString
-  - ExRegisterCallback
-  - ExCreateCallback
-  - ExUnregisterCallback
-  - strcmp
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: C=US, ST=North Carolina, L=Newton, O=AVG Technologies USA, LLC, OU=RE
-        999, CN=AVG Technologies USA, LLC
-      ValidFrom: '2020-01-27 00:00:00'
-      ValidTo: '2022-10-20 12:00:00'
-      Signature: b02cbaf178caf97fa7c0182c25b4c97d4e68127e4d5634609757bcbc051eb94254bb50e112e72505e7f9c6dbd92622287bacbcd726fa911b3b3e36ccc88f8794e980c0b0409efc87fb04d88a15df20dedb23ced152779b799359e4d3b553eb4c6c6ea61216899a0d9cc97de7f7e21ce374d5430e2dcfbb3b6f653db2d236f59bb22bd65e0787a65610c4fde1463a5be08e4710fb4e1ae7c00080edb315995b06297431ce4a9821d1050aa7061ef26c182482d09ba42001ab103c882c01f312411130490aa7820ff72902e723a864b881066e2d7883afdb5ba9d3027550f6a3761669e42b425ad61f76e2add3dd012558bd769b76f8f37843243dfbd0a2efa363
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03ec0c9015079fab8a6f3fc9f839311c
-      Version: 3
-      TBS:
-        MD5: bf2831557abdf7e58917d0a2608080a5
-        SHA1: 24ece342e4c4f2f17f32e6924f48c240ad6300ff
-        SHA256: 1afa061865098b2da9d030bc9f5815ad98e59fa847903692e52d6ba0bbf260dd
-        SHA384: 0bed85528163e2befed14755c2dcaf02acea62bdf352d3f964cfeaa2883bebea3e186aa26ce12e4df1dfd6d235bf9bb6
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
-      Version: 3
-      TBS:
-        MD5: 829995f702421dea833a24fb2c7f4442
-        SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
-        SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
-        SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 03ec0c9015079fab8a6f3fc9f839311c
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      Version: 1
-  RichPEHeaderHash:
-    MD5: e8033ae063a3483aec0d2fa55081ff62
-    SHA1: fef047c18b115c601ddfd833e1cb5784ca1afbd7
-    SHA256: fe30a08a31a5f4687353c7b08444b72fb6402a51b0586f0ade667983f833c4a5
-  Sections:
-    .text:
-      Entropy: 6.382035112661383
-      Virtual Size: '0x21e62'
-    .rdata:
-      Entropy: 5.715330119411003
-      Virtual Size: '0x3b24'
-    .data:
-      Entropy: 2.7169953597230534
-      Virtual Size: '0x259b0'
-    .pdata:
-      Entropy: 5.4323977966026975
-      Virtual Size: '0x11dc'
-    PAGE:
-      Entropy: 6.273110218235552
-      Virtual Size: '0x1c4b'
-    INIT:
-      Entropy: 5.36403021726766
-      Virtual Size: '0x13dc'
-    .rsrc:
-      Entropy: 3.3723433193881727
-      Virtual Size: '0x3d8'
-    .reloc:
-      Entropy: 5.3833020583275815
-      Virtual Size: '0x188'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2020-08-21 04:32:58'
-  Imphash: 26150d69f50aa9247c3f3f17521d18a2
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: aswArPot.sys
-  MD5: a3af4a4fa6cba27284f8289436c2f074
-  SHA1: ed3f11383a47710fa840e13a7a9286227fa1474c
-  SHA256: 1a42ebde59e8f63804eaa404f79ee93a16bb33d27fb158c6bfbe6143226899a0
-  Authentihash:
-    MD5: 7f6e8583009bec91a51d479a2eb8b0e4
-    SHA1: 85a0622ec6c77df0ce26c11380044039d908869d
-    SHA256: d92b2f58c8fca3d3634b0c20578edd5004df571b29790690c97255e6096442c6
-  Description: Avast anti rootkit
-  Company: AVAST Software
-  InternalName: aswArPot.sys
-  OriginalFilename: aswArPot.sys
-  FileVersion: 19.3.4239.0
-  Product: 'Avast Antivirus '
-  ProductVersion: 19.3.4239.0
-  Copyright: Copyright (c) 2019 AVAST Software
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - wcschr
-  - MmUnmapLockedPages
-  - _stricmp
-  - _wcsicmp
-  - towlower
-  - _strnicmp
-  - ExAllocatePoolWithTag
-  - PsGetProcessWin32Process
-  - KeClearEvent
-  - RtlVolumeDeviceToDosName
-  - KeQueryActiveProcessors
-  - RtlConvertSidToUnicodeString
-  - IoBuildDeviceIoControlRequest
-  - ExFreePoolWithTag
-  - KeResetEvent
-  - ExReleaseFastMutex
-  - IoGetBaseFileSystemDeviceObject
-  - strncmp
-  - ZwOpenThreadTokenEx
-  - RtlAnsiStringToUnicodeString
-  - ExAcquireFastMutex
-  - PsSetLoadImageNotifyRoutine
-  - _snwprintf
-  - NtBuildNumber
-  - PsRemoveCreateThreadNotifyRoutine
-  - PsLookupProcessByProcessId
-  - ZwQuerySymbolicLinkObject
-  - _wcsnicmp
-  - ZwReadFile
-  - strstr
-  - ZwMapViewOfSection
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeSetEvent
-  - wcsncpy
-  - RtlEqualSid
-  - strchr
-  - IoFreeWorkItem
-  - MmGetSystemRoutineAddress
-  - KeInitializeEvent
-  - PsSetCreateThreadNotifyRoutine
-  - RtlUnicodeStringToAnsiString
-  - _snprintf
-  - RtlGetVersion
-  - ZwQuerySystemInformation
-  - RtlInitString
-  - KeReleaseSpinLock
-  - PsSetCreateProcessNotifyRoutine
-  - ZwOpenSymbolicLinkObject
-  - IoFreeMdl
-  - KeUnstackDetachProcess
-  - ZwOpenProcessTokenEx
-  - ZwSetInformationFile
-  - tolower
-  - KeDelayExecutionThread
-  - ObQueryNameString
-  - strncpy
-  - IoFileObjectType
-  - IoDriverObjectType
-  - wcsrchr
-  - wcsstr
-  - PsCreateSystemThread
-  - MmMapLockedPagesSpecifyCache
-  - IoGetDeviceObjectPointer
-  - ZwUnmapViewOfSection
-  - ExAllocatePool
-  - PsTerminateSystemThread
-  - IoGetCurrentProcess
-  - ExEventObjectType
-  - IoAllocateWorkItem
-  - ZwClose
-  - IofCompleteRequest
-  - ObReferenceObjectByHandle
-  - KeWaitForSingleObject
-  - PsRemoveLoadImageNotifyRoutine
-  - IoGetRequestorProcessId
-  - MmProbeAndLockPages
-  - PsGetVersion
-  - KeRevertToUserAffinityThread
-  - PsThreadType
-  - IoGetDeviceInterfaces
-  - ZwOpenProcess
-  - SeExports
-  - MmUnlockPages
-  - strrchr
-  - ZwQueryInformationProcess
-  - IoCreateSymbolicLink
-  - PsGetCurrentThreadId
-  - PsGetCurrentProcessId
-  - KeSetSystemAffinityThread
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - ZwCreateSection
-  - ObReferenceObjectByName
-  - IoQueueWorkItem
-  - IoDeviceObjectType
-  - ZwOpenFile
-  - wcsncmp
-  - ZwQueryInformationToken
-  - ZwQueryInformationFile
-  - ZwQueryInformationThread
-  - ObOpenObjectByPointer
-  - KeStackAttachProcess
-  - PsLookupThreadByThreadId
-  - ZwEnumerateKey
-  - IoAllocateMdl
-  - IofCallDriver
-  - ZwOpenKey
-  - KeAcquireSpinLockRaiseToDpc
-  - IoThreadToProcess
-  - IoAttachDeviceToDeviceStackSafe
-  - IoDetachDevice
-  - PsInitialSystemProcess
-  - IoCreateDevice
-  - PsProcessType
-  - MmUnmapIoSpace
-  - KeDetachProcess
-  - MmMapIoSpace
-  - KeAttachProcess
-  - ZwDeleteFile
-  - IoBuildSynchronousFsdRequest
-  - NtClose
-  - RtlCompareUnicodeString
-  - ObfReferenceObject
-  - ZwWriteFile
-  - ZwOpenThread
-  - ZwTerminateProcess
-  - RtlEqualUnicodeString
-  - ZwOpenDirectoryObject
-  - KeBugCheck
-  - ZwQueryDirectoryObject
-  - IoFreeIrp
-  - IoAllocateIrp
-  - KdDebuggerNotPresent
-  - KeSetTargetProcessorDpc
-  - KeInitializeDpc
-  - KeInsertQueueDpc
-  - KeNumberProcessors
-  - KeBugCheckEx
-  - ZwSetSecurityObject
-  - RtlLengthSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - RtlCreateSecurityDescriptor
-  - RtlSetDaclSecurityDescriptor
-  - RtlAbsoluteToSelfRelativeSD
-  - IoIsWdmVersionAvailable
-  - RtlLengthSid
-  - RtlAddAccessAllowedAce
-  - RtlGetSaclSecurityDescriptor
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - ZwCreateKey
-  - ZwQueryValueKey
-  - ZwSetValueKey
-  - RtlFreeUnicodeString
-  - RtlQueryRegistryValues
-  - RtlPrefixUnicodeString
-  - ExUnregisterCallback
-  - ExRegisterCallback
-  - ExCreateCallback
-  - __C_specific_handler
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=CZ, L=Praha 4, O=AVAST Software s.r.o., CN=AVAST Software s.r.o.
-      ValidFrom: '2016-09-06 00:00:00'
-      ValidTo: '2019-10-04 12:00:00'
-      Signature: 56220de8a9a65fffbff97ff463c4026ec9be68fe98bfa0b20a722df84322a44dbc98f25b87ee42da3a06a6cedef076de22e0d7e02d41201156875341cd24badedb8aa5afa133e9ed688fc45aeb37a74fbe399828143561fd717fa7bed97cb5d42643494462fef349f3300daff13660a9e50f85d1110de96d1300e0e730d2b6689fd53eb7a72f4f3112dffa2c1caf17cb64c22509d82b5ce1c2181c2faac22fce3981e683183d6da50d1c17dec375c370f5feb5abfbc6dca4cdd47a5b14375870de6dc346361d8997e79f19819f5168f9b01c9aacc210f2322248adc375a2782b64881c6a557677815c39b024555cc0adca920a617e0ecb385eb47213b1553c80
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 07c70f7cab145bc1ed385fbe69fa3130
-      Version: 3
-      TBS:
-        MD5: 2e1a5012cbe8b95785c794bc1c5584c3
-        SHA1: f4753b06b08938794c32c2475cee663143036d08
-        SHA256: fcad609a3259e3ca079248302a7e694f40e66a7090e510c8c3e821d7a8da82a5
-        SHA384: 08a8396996a9ecb96b22a85d6adf3f8b1117f3a880b1d4af12e4de8e8005897a7073d6d5368cb92f701f466ec227e2a6
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
-      Version: 3
-      TBS:
-        MD5: 829995f702421dea833a24fb2c7f4442
-        SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
-        SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
-        SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 07c70f7cab145bc1ed385fbe69fa3130
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 9626b493680953826324d269e208fa60
-    SHA1: 1a458000e2060911a31fcbed8ad9000b98f54944
-    SHA256: ace6a5d1d7b11c6668753f9f17b2bb60f496168179cfd2d50e4e9e66fc41a50f
-  Sections:
-    .text:
-      Entropy: 6.339013885126004
-      Virtual Size: '0x222fc'
-    .rdata:
-      Entropy: 5.838378593371746
-      Virtual Size: '0x315c'
-    .data:
-      Entropy: 1.978643378313633
-      Virtual Size: '0x25b18'
-    .pdata:
-      Entropy: 5.349965388979516
-      Virtual Size: '0x111c'
-    PAGE:
-      Entropy: 6.235824409373057
-      Virtual Size: '0x19f7'
-    INIT:
-      Entropy: 5.316566552212568
-      Virtual Size: '0x1352'
-    .rsrc:
-      Entropy: 3.3401666065560285
-      Virtual Size: '0x370'
-    .reloc:
-      Entropy: 2.5738028214326922
-      Virtual Size: '0x4c4'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2019-03-07 03:04:42'
-  Imphash: 1aa10b05dee9268d7ce87f5f56ea9ded
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: aswArPot.sys
-  MD5: 88d5fc86f0dd3a8b42463f8d5503a570
-  SHA1: d0452363b41385f6a6778f970f3744dde4701d8f
-  SHA256: 2594b3ef3675ca3a7b465b8ed4962e3251364bab13b12af00ebba7fa2211abb2
-  Authentihash:
-    MD5: beaca8c2a09b87bf9c63febf94f1de1c
-    SHA1: 3a74bc87abd401e34b291f5118358fef7173af46
-    SHA256: 2cd8e9eb8e4754f07fdfc8c3aae4d7fc0d25b346884c3474db35c757d2994b34
-  Description: AVG anti rootkit
-  Company: AVG Technologies CZ, s.r.o.
-  InternalName: aswArPot.sys
-  OriginalFilename: aswArPot.sys
-  FileVersion: 18.3.3860.0
-  Product: 'AVG Internet Security System '
-  ProductVersion: 18.3.3860.0
-  Copyright: Copyright (C) 2018 AVG Technologies CZ, s.r.o.
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - wcschr
-  - MmUnmapLockedPages
-  - _stricmp
-  - _wcsicmp
-  - towlower
-  - _strnicmp
-  - ExAllocatePoolWithTag
-  - PsGetProcessWin32Process
-  - KeClearEvent
-  - RtlVolumeDeviceToDosName
-  - KeQueryActiveProcessors
-  - RtlConvertSidToUnicodeString
-  - ExFreePoolWithTag
-  - KeResetEvent
-  - ExReleaseFastMutex
-  - IoGetBaseFileSystemDeviceObject
-  - strncmp
-  - ZwOpenThreadTokenEx
-  - RtlAnsiStringToUnicodeString
-  - ExAcquireFastMutex
-  - PsSetLoadImageNotifyRoutine
-  - _snwprintf
-  - NtBuildNumber
-  - PsRemoveCreateThreadNotifyRoutine
-  - PsLookupProcessByProcessId
-  - ZwQuerySymbolicLinkObject
-  - _wcsnicmp
-  - ZwReadFile
-  - strstr
-  - ZwMapViewOfSection
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeSetEvent
-  - wcsncpy
-  - RtlEqualSid
-  - strchr
-  - IoFreeWorkItem
-  - MmGetSystemRoutineAddress
-  - KeInitializeEvent
-  - PsSetCreateThreadNotifyRoutine
-  - RtlUnicodeStringToAnsiString
-  - _snprintf
-  - RtlGetVersion
-  - ZwQuerySystemInformation
-  - RtlInitString
-  - KeReleaseSpinLock
-  - PsSetCreateProcessNotifyRoutine
-  - ZwOpenSymbolicLinkObject
-  - IoFreeMdl
-  - KeUnstackDetachProcess
-  - ZwOpenProcessTokenEx
-  - ZwSetInformationFile
-  - KeDelayExecutionThread
-  - ObQueryNameString
-  - strncpy
-  - IoFileObjectType
-  - IoDriverObjectType
-  - wcsrchr
-  - wcsstr
-  - PsCreateSystemThread
-  - MmMapLockedPagesSpecifyCache
-  - IoGetDeviceObjectPointer
-  - ZwUnmapViewOfSection
-  - ExAllocatePool
-  - PsTerminateSystemThread
-  - IoGetCurrentProcess
-  - ExEventObjectType
-  - IoAllocateWorkItem
-  - ZwClose
-  - IofCompleteRequest
-  - ObReferenceObjectByHandle
-  - KeWaitForSingleObject
-  - PsRemoveLoadImageNotifyRoutine
-  - IoGetRequestorProcessId
-  - MmProbeAndLockPages
-  - PsGetVersion
-  - KeRevertToUserAffinityThread
-  - PsThreadType
-  - IoGetDeviceInterfaces
-  - ZwOpenProcess
-  - SeExports
-  - MmUnlockPages
-  - strrchr
-  - ZwQueryInformationProcess
-  - IoCreateSymbolicLink
-  - PsGetCurrentThreadId
-  - PsGetCurrentProcessId
-  - KeSetSystemAffinityThread
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - ZwCreateSection
-  - ObReferenceObjectByName
-  - IoQueueWorkItem
-  - IoDeviceObjectType
-  - ZwOpenFile
-  - wcsncmp
-  - ZwQueryInformationToken
-  - ZwQueryInformationFile
-  - ZwQueryInformationThread
-  - ObOpenObjectByPointer
-  - KeStackAttachProcess
-  - PsLookupThreadByThreadId
-  - ZwEnumerateKey
-  - IoAllocateMdl
-  - IofCallDriver
-  - ZwOpenKey
-  - KeAcquireSpinLockRaiseToDpc
-  - IoAttachDeviceToDeviceStackSafe
-  - IoDetachDevice
-  - IoCreateDevice
-  - PsProcessType
-  - KeDetachProcess
-  - KeAttachProcess
-  - ZwDeleteFile
-  - IoBuildSynchronousFsdRequest
-  - NtClose
-  - RtlCompareUnicodeString
-  - ObfReferenceObject
-  - ZwWriteFile
-  - ZwOpenThread
-  - ZwTerminateProcess
-  - RtlEqualUnicodeString
-  - ZwOpenDirectoryObject
-  - KeBugCheck
-  - ZwQueryDirectoryObject
-  - IoFreeIrp
-  - IoAllocateIrp
-  - KdDebuggerNotPresent
-  - KeSetTargetProcessorDpc
-  - IoBuildDeviceIoControlRequest
-  - KeInitializeDpc
-  - KeInsertQueueDpc
-  - KeNumberProcessors
-  - KeBugCheckEx
-  - ZwSetSecurityObject
-  - RtlLengthSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - RtlCreateSecurityDescriptor
-  - RtlSetDaclSecurityDescriptor
-  - RtlAbsoluteToSelfRelativeSD
-  - IoIsWdmVersionAvailable
-  - RtlLengthSid
-  - RtlAddAccessAllowedAce
-  - RtlGetSaclSecurityDescriptor
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - ZwCreateKey
-  - ZwQueryValueKey
-  - ZwSetValueKey
-  - RtlFreeUnicodeString
-  - RtlQueryRegistryValues
-  - RtlPrefixUnicodeString
-  - ExUnregisterCallback
-  - ExRegisterCallback
-  - ExCreateCallback
-  - __C_specific_handler
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=NL, ST=North Holland, L=Amsterdam, O=AVG Netherlands B.V., CN=AVG
-        Netherlands B.V.
-      ValidFrom: '2015-07-28 00:00:00'
-      ValidTo: '2018-09-25 23:59:59'
-      Signature: 6a77df4c2dc0ab59ee02d60398ece3dbed508ef731dfe2d64ecaeb0d78f918776b40e046c00dc921210237c8fe7f91b4f2101334f5f672eed5cc4a21825bd8be18fc38ca8f190e2e83e527aae99e956a9cb6a1fa9f52658e42b9fc5618bf7e644f9aea6af7409233ba6e92bc6ea8c07677f094369af597f236de3ffeec4f2d4191c825e1273bbafa6ecb7846f430655760a92f40de681304dc230eb1513082bd4249e3fdcd01cb82905f21cdf0d1f68f581e76f8bded6332cca3dcabf7d483c5e64255bca86d876454c614d9c14c961df6ce78555b9d61a482497dc36dc41179970a8ae7e5cba9306d14cfa79b59112dfa0bec9cf9f7f63853a833b146dc33d8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 4b5e1897903602425d3cb25d75c4f4ce
-      Version: 3
-      TBS:
-        MD5: d4ce3e543458edafb2db286a26226b5b
-        SHA1: e1f64883f78595bfbbbb6998babc3eaf8e335749
-        SHA256: 52b100ec65c2b99f058ff89869ced270bf5e6a5db581962a69e073275339e0ae
-        SHA384: e5a09ab56343245e3f9235ebb1ff4a9479cbc13df2787cd70c850b62498f92265d2da9fd39f6bcd0e90e4d8f086e86d4
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 4b5e1897903602425d3cb25d75c4f4ce
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 73f94453db44e5265861f0ce8df39fc1
-    SHA1: 6d710be934482758c43d9d19941be5ed522e371f
-    SHA256: 39835922f0b2a2c24ed5fb74c468f28fc5b2c036c7a219352dc78f7f29ea13c3
-  Sections:
-    .text:
-      Entropy: 6.331634555230066
-      Virtual Size: '0x2032c'
-    .rdata:
-      Entropy: 5.811497203970377
-      Virtual Size: '0x3034'
-    .data:
-      Entropy: 1.7228772750546992
-      Virtual Size: '0x25814'
-    .pdata:
-      Entropy: 5.346859731218178
-      Virtual Size: '0x1080'
-    PAGE:
-      Entropy: 6.241650261489821
-      Virtual Size: '0x19f7'
-    INIT:
-      Entropy: 5.291903484197976
-      Virtual Size: '0x12d0'
-    .rsrc:
-      Entropy: 3.3950750251255504
-      Virtual Size: '0x3b8'
-    .reloc:
-      Entropy: 1.9822497903370622
-      Virtual Size: '0x438'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2018-03-28 08:03:49'
-  Imphash: 1e8ee6407390a2d52051bec21c771fdb
-  LoadsDespiteHVCI: 'TRUE'
-- Filename: aswArPot.sys
-  MD5: e4d4a22cbf94e6b0a92fc36d46741f56
-  SHA1: 1013d5a0fd6074a8c40dbf3a88e3e06fbf3bcf41
-  SHA256: 2732050a7d836ae0bdc5c0aea4cdf8ce205618c3e7f613b8139c176e86476d0c
-  Authentihash:
-    MD5: 19758f499cc41d3fecb06ee83152e7d6
-    SHA1: bfbb65d893f45a289417b6d45a060759ad4478d5
-    SHA256: 62b89fab85cf77b1e6730d2b55b4f9458f368f89d3ca5672d450e3c3365d8c37
-  Description: Avast anti rootkit
-  Company: AVAST Software
-  InternalName: aswArPot.sys
-  OriginalFilename: aswArPot.sys
-  FileVersion: 19.1.4132.0
-  Product: 'Avast Antivirus '
-  ProductVersion: 19.1.4132.0
-  Copyright: Copyright (c) 2018 AVAST Software
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - wcschr
-  - MmUnmapLockedPages
-  - _stricmp
-  - _wcsicmp
-  - towlower
-  - _strnicmp
-  - ExAllocatePoolWithTag
-  - PsGetProcessWin32Process
-  - KeClearEvent
-  - RtlVolumeDeviceToDosName
-  - KeQueryActiveProcessors
-  - RtlConvertSidToUnicodeString
-  - IoBuildDeviceIoControlRequest
-  - ExFreePoolWithTag
-  - KeResetEvent
-  - ExReleaseFastMutex
-  - IoGetBaseFileSystemDeviceObject
-  - strncmp
-  - ZwOpenThreadTokenEx
-  - RtlAnsiStringToUnicodeString
-  - ExAcquireFastMutex
-  - PsSetLoadImageNotifyRoutine
-  - _snwprintf
-  - NtBuildNumber
-  - PsRemoveCreateThreadNotifyRoutine
-  - PsLookupProcessByProcessId
-  - ZwQuerySymbolicLinkObject
-  - _wcsnicmp
-  - ZwReadFile
-  - strstr
-  - ZwMapViewOfSection
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeSetEvent
-  - wcsncpy
-  - RtlEqualSid
-  - strchr
-  - IoFreeWorkItem
-  - MmGetSystemRoutineAddress
-  - KeInitializeEvent
-  - PsSetCreateThreadNotifyRoutine
-  - RtlUnicodeStringToAnsiString
-  - _snprintf
-  - RtlGetVersion
-  - ZwQuerySystemInformation
-  - RtlInitString
-  - KeReleaseSpinLock
-  - PsSetCreateProcessNotifyRoutine
-  - ZwOpenSymbolicLinkObject
-  - IoFreeMdl
-  - KeUnstackDetachProcess
-  - ZwOpenProcessTokenEx
-  - ZwSetInformationFile
-  - tolower
-  - KeDelayExecutionThread
-  - ObQueryNameString
-  - strncpy
-  - IoFileObjectType
-  - IoDriverObjectType
-  - wcsrchr
-  - wcsstr
-  - PsCreateSystemThread
-  - MmMapLockedPagesSpecifyCache
-  - IoGetDeviceObjectPointer
-  - ZwUnmapViewOfSection
-  - ExAllocatePool
-  - PsTerminateSystemThread
-  - IoGetCurrentProcess
-  - ExEventObjectType
-  - IoAllocateWorkItem
-  - ZwClose
-  - IofCompleteRequest
-  - ObReferenceObjectByHandle
-  - KeWaitForSingleObject
-  - PsRemoveLoadImageNotifyRoutine
-  - IoGetRequestorProcessId
-  - MmProbeAndLockPages
-  - PsGetVersion
-  - KeRevertToUserAffinityThread
-  - PsThreadType
-  - IoGetDeviceInterfaces
-  - ZwOpenProcess
-  - SeExports
-  - MmUnlockPages
-  - strrchr
-  - ZwQueryInformationProcess
-  - IoCreateSymbolicLink
-  - PsGetCurrentThreadId
-  - PsGetCurrentProcessId
-  - KeSetSystemAffinityThread
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - ZwCreateSection
-  - ObReferenceObjectByName
-  - IoQueueWorkItem
-  - IoDeviceObjectType
-  - ZwOpenFile
-  - wcsncmp
-  - ZwQueryInformationToken
-  - ZwQueryInformationFile
-  - ZwQueryInformationThread
-  - ObOpenObjectByPointer
-  - KeStackAttachProcess
-  - PsLookupThreadByThreadId
-  - ZwEnumerateKey
-  - IoAllocateMdl
-  - IofCallDriver
-  - ZwOpenKey
-  - KeAcquireSpinLockRaiseToDpc
-  - IoThreadToProcess
-  - IoAttachDeviceToDeviceStackSafe
-  - IoDetachDevice
-  - PsInitialSystemProcess
-  - IoCreateDevice
-  - PsProcessType
-  - KeDetachProcess
-  - KeAttachProcess
-  - ZwDeleteFile
-  - IoBuildSynchronousFsdRequest
-  - NtClose
-  - RtlCompareUnicodeString
-  - ObfReferenceObject
-  - ZwWriteFile
-  - ZwOpenThread
-  - ZwTerminateProcess
-  - RtlEqualUnicodeString
-  - ZwOpenDirectoryObject
-  - KeBugCheck
-  - ZwQueryDirectoryObject
-  - IoFreeIrp
-  - IoAllocateIrp
-  - KdDebuggerNotPresent
-  - KeSetTargetProcessorDpc
-  - KeInitializeDpc
-  - KeInsertQueueDpc
-  - KeNumberProcessors
-  - KeBugCheckEx
-  - ZwSetSecurityObject
-  - RtlLengthSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - RtlCreateSecurityDescriptor
-  - RtlSetDaclSecurityDescriptor
-  - RtlAbsoluteToSelfRelativeSD
-  - IoIsWdmVersionAvailable
-  - RtlLengthSid
-  - RtlAddAccessAllowedAce
-  - RtlGetSaclSecurityDescriptor
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - ZwCreateKey
-  - ZwQueryValueKey
-  - ZwSetValueKey
-  - RtlFreeUnicodeString
-  - RtlQueryRegistryValues
-  - RtlPrefixUnicodeString
-  - ExUnregisterCallback
-  - ExRegisterCallback
-  - ExCreateCallback
-  - __C_specific_handler
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=CZ, L=Praha 4, O=AVAST Software s.r.o., CN=AVAST Software s.r.o.
-      ValidFrom: '2016-09-06 00:00:00'
-      ValidTo: '2019-10-04 12:00:00'
-      Signature: 56220de8a9a65fffbff97ff463c4026ec9be68fe98bfa0b20a722df84322a44dbc98f25b87ee42da3a06a6cedef076de22e0d7e02d41201156875341cd24badedb8aa5afa133e9ed688fc45aeb37a74fbe399828143561fd717fa7bed97cb5d42643494462fef349f3300daff13660a9e50f85d1110de96d1300e0e730d2b6689fd53eb7a72f4f3112dffa2c1caf17cb64c22509d82b5ce1c2181c2faac22fce3981e683183d6da50d1c17dec375c370f5feb5abfbc6dca4cdd47a5b14375870de6dc346361d8997e79f19819f5168f9b01c9aacc210f2322248adc375a2782b64881c6a557677815c39b024555cc0adca920a617e0ecb385eb47213b1553c80
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 07c70f7cab145bc1ed385fbe69fa3130
-      Version: 3
-      TBS:
-        MD5: 2e1a5012cbe8b95785c794bc1c5584c3
-        SHA1: f4753b06b08938794c32c2475cee663143036d08
-        SHA256: fcad609a3259e3ca079248302a7e694f40e66a7090e510c8c3e821d7a8da82a5
-        SHA384: 08a8396996a9ecb96b22a85d6adf3f8b1117f3a880b1d4af12e4de8e8005897a7073d6d5368cb92f701f466ec227e2a6
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
-      Version: 3
-      TBS:
-        MD5: 829995f702421dea833a24fb2c7f4442
-        SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
-        SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
-        SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 07c70f7cab145bc1ed385fbe69fa3130
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 6132f6d32bf124e5f0bbebe21876c5ea
-    SHA1: 15b4ffef2a2b3a862a0eab844af3cfc4b1900d6f
-    SHA256: 0b8a681dd006525cd3655d98f39d2c65123a186d1781bb2331ae1b0c927d5ee0
-  Sections:
-    .text:
-      Entropy: 6.333034342254648
-      Virtual Size: '0x21a9c'
-    .rdata:
-      Entropy: 5.822348143959372
-      Virtual Size: '0x30ac'
-    .data:
-      Entropy: 1.9883419545841996
-      Virtual Size: '0x25b18'
-    .pdata:
-      Entropy: 5.344549474194191
-      Virtual Size: '0x10c8'
-    PAGE:
-      Entropy: 6.2415459986958455
-      Virtual Size: '0x19f7'
-    INIT:
-      Entropy: 5.308945301421294
-      Virtual Size: '0x1320'
-    .rsrc:
-      Entropy: 3.32695090312545
-      Virtual Size: '0x370'
-    .reloc:
-      Entropy: 2.5894785090098025
-      Virtual Size: '0x4ba'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2018-12-10 07:43:57'
-  Imphash: 86682585c620fa85096a7bedaf990cd1
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: aswArPot.sys
-  MD5: a22626febc924eb219a953f1ee2b9600
-  SHA1: f61e56359c663a769073782a0a3ffd3679c2694a
-  SHA256: 2ce81759bfa236913bbbb9b2cbc093140b099486fd002910b18e2c6e31fdc4f1
-  Authentihash:
-    MD5: dbff97e1c14c4c58e54ab1c0a5bfb5dc
-    SHA1: 8b374284e8269100798b4471a0dae9a70a2f906c
-    SHA256: 5512aea158c30e4f52c1e27136c1c803c98388d1d8c7269e497728fd0b57d9f5
-  Description: AVG Anti Rootkit
-  Company: AVG Technologies CZ, s.r.o.
-  InternalName: aswArPot
-  OriginalFilename: aswArPot.sys
-  FileVersion: 20.10.171.0
-  Product: 'AVG Internet Security System '
-  ProductVersion: 20.10.171.0
-  Copyright: Copyright (C) 2020 AVG Technologies CZ, s.r.o.
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - __C_specific_handler
-  - KeDelayExecutionThread
-  - IoAllocateWorkItem
-  - MmIsAddressValid
-  - MmUnlockPages
-  - ExAllocatePool
-  - RtlAnsiStringToUnicodeString
-  - KeAcquireSpinLockRaiseToDpc
-  - ZwQuerySystemInformation
-  - PsRemoveLoadImageNotifyRoutine
-  - ZwUnmapViewOfSection
-  - ZwQuerySymbolicLinkObject
-  - MmProbeAndLockPages
-  - RtlVolumeDeviceToDosName
-  - PsSetLoadImageNotifyRoutine
-  - IoGetRequestorProcessId
-  - ZwReadFile
-  - ObQueryNameString
-  - IoDetachDevice
-  - ZwOpenThreadTokenEx
-  - ZwOpenProcessTokenEx
-  - towlower
-  - NtBuildNumber
-  - ExReleaseFastMutex
-  - _wcsicmp
-  - _snwprintf
-  - RtlConvertSidToUnicodeString
-  - ObfDereferenceObject
-  - IoAllocateMdl
-  - ZwCreateSection
-  - ZwQueryInformationProcess
-  - IoAttachDeviceToDeviceStackSafe
-  - PsGetProcessId
-  - PsCreateSystemThread
-  - ZwQueryInformationThread
-  - RtlInitUnicodeString
-  - ZwOpenSymbolicLinkObject
-  - tolower
-  - PsRemoveCreateThreadNotifyRoutine
-  - IoDeleteDevice
-  - IoBuildDeviceIoControlRequest
-  - wcsncpy
-  - IoGetDeviceObjectPointer
-  - IoGetCurrentProcess
-  - ObOpenObjectByPointer
-  - strncpy
-  - KeReleaseSpinLock
-  - _strnicmp
-  - IoFileObjectType
-  - KeStackAttachProcess
-  - PsLookupProcessByProcessId
-  - PsGetCurrentProcessId
-  - KeSetEvent
-  - PsThreadType
-  - RtlUnicodeStringToAnsiString
-  - ZwQueryInformationToken
-  - ZwMapViewOfSection
-  - strncmp
-  - ObReferenceObjectByHandle
-  - RtlGetVersion
-  - PsGetThreadId
-  - PsGetVersion
-  - KeClearEvent
-  - IoGetBaseFileSystemDeviceObject
-  - wcschr
-  - ZwSetInformationFile
-  - ZwEnumerateKey
-  - IoFreeMdl
-  - wcsstr
-  - ExAcquireFastMutex
-  - MmGetSystemRoutineAddress
-  - IoFreeWorkItem
-  - _stricmp
-  - ExAllocatePoolWithTag
-  - RtlInitString
-  - IoCreateDevice
-  - IofCallDriver
-  - IoDeviceObjectType
-  - _snprintf
-  - ExFreePoolWithTag
-  - ZwOpenFile
-  - KeSetSystemAffinityThread
-  - strstr
-  - KeInitializeEvent
-  - ObReferenceObjectByName
-  - strchr
-  - _wcsnicmp
-  - KeQueryActiveProcessors
-  - RtlEqualSid
-  - IoQueueWorkItem
-  - MmUnmapLockedPages
-  - MmMapLockedPagesSpecifyCache
-  - PsSetCreateThreadNotifyRoutine
-  - PsGetCurrentThreadId
-  - IofCompleteRequest
-  - PsGetProcessWin32Process
-  - ExEventObjectType
-  - ZwQueryInformationFile
-  - KeWaitForSingleObject
-  - IoCreateSymbolicLink
-  - PsSetCreateProcessNotifyRoutine
-  - IoDriverObjectType
-  - PsLookupThreadByThreadId
-  - IoGetDeviceInterfaces
-  - ZwClose
-  - PsTerminateSystemThread
-  - wcsrchr
-  - strrchr
-  - SeExports
-  - KeUnstackDetachProcess
-  - KeResetEvent
-  - KeRevertToUserAffinityThread
-  - ZwOpenProcess
-  - wcsncmp
-  - ZwOpenKey
-  - PsGetThreadProcess
-  - IoThreadToProcess
-  - PsInitialSystemProcess
-  - KeInsertQueueDpc
-  - KeNumberProcessors
-  - KeInitializeDpc
-  - KeSetTargetProcessorDpc
-  - PsProcessType
-  - MmMapIoSpace
-  - MmUnmapIoSpace
-  - ZwDeleteFile
-  - KeAttachProcess
-  - KeDetachProcess
-  - RtlCompareUnicodeString
-  - ZwWriteFile
-  - NtClose
-  - ObfReferenceObject
-  - IoBuildSynchronousFsdRequest
-  - ZwOpenThread
-  - ZwTerminateProcess
-  - RtlEqualUnicodeString
-  - IoFreeIrp
-  - ZwQueryDirectoryObject
-  - KeBugCheck
-  - ZwOpenDirectoryObject
-  - IoAllocateIrp
-  - KdDebuggerNotPresent
-  - ZwSetSecurityObject
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - RtlGetSaclSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - RtlLengthSecurityDescriptor
-  - RtlCreateSecurityDescriptor
-  - RtlAbsoluteToSelfRelativeSD
-  - RtlAddAccessAllowedAce
-  - RtlLengthSid
-  - IoIsWdmVersionAvailable
-  - RtlSetDaclSecurityDescriptor
-  - ZwSetValueKey
-  - ZwQueryValueKey
-  - ZwCreateKey
-  - RtlFreeUnicodeString
-  - KeBugCheckEx
-  - RtlQueryRegistryValues
-  - RtlPrefixUnicodeString
-  - ExRegisterCallback
-  - ExCreateCallback
-  - ExUnregisterCallback
-  - strcmp
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: C=US, ST=North Carolina, L=Newton, O=AVG Technologies USA, LLC, OU=RE
-        999, CN=AVG Technologies USA, LLC
-      ValidFrom: '2020-01-27 00:00:00'
-      ValidTo: '2022-10-20 12:00:00'
-      Signature: b02cbaf178caf97fa7c0182c25b4c97d4e68127e4d5634609757bcbc051eb94254bb50e112e72505e7f9c6dbd92622287bacbcd726fa911b3b3e36ccc88f8794e980c0b0409efc87fb04d88a15df20dedb23ced152779b799359e4d3b553eb4c6c6ea61216899a0d9cc97de7f7e21ce374d5430e2dcfbb3b6f653db2d236f59bb22bd65e0787a65610c4fde1463a5be08e4710fb4e1ae7c00080edb315995b06297431ce4a9821d1050aa7061ef26c182482d09ba42001ab103c882c01f312411130490aa7820ff72902e723a864b881066e2d7883afdb5ba9d3027550f6a3761669e42b425ad61f76e2add3dd012558bd769b76f8f37843243dfbd0a2efa363
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03ec0c9015079fab8a6f3fc9f839311c
-      Version: 3
-      TBS:
-        MD5: bf2831557abdf7e58917d0a2608080a5
-        SHA1: 24ece342e4c4f2f17f32e6924f48c240ad6300ff
-        SHA256: 1afa061865098b2da9d030bc9f5815ad98e59fa847903692e52d6ba0bbf260dd
-        SHA384: 0bed85528163e2befed14755c2dcaf02acea62bdf352d3f964cfeaa2883bebea3e186aa26ce12e4df1dfd6d235bf9bb6
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
-      Version: 3
-      TBS:
-        MD5: 829995f702421dea833a24fb2c7f4442
-        SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
-        SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
-        SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 03ec0c9015079fab8a6f3fc9f839311c
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      Version: 1
-  RichPEHeaderHash:
-    MD5: edc05997bbdab8acd04f275b386ffdab
-    SHA1: b47a65e11021476840629d33996069e4638e241c
-    SHA256: fe13709d1d6fd5734b2d61d1661e6ac2540c5ee2f4f96e56418d1db86c0bdb20
-  Sections:
-    .text:
-      Entropy: 6.388123612362734
-      Virtual Size: '0x22642'
-    .rdata:
-      Entropy: 5.726639706322517
-      Virtual Size: '0x3ba4'
-    .data:
-      Entropy: 2.8326105974628013
-      Virtual Size: '0x25ab0'
-    .pdata:
-      Entropy: 5.41365966057565
-      Virtual Size: '0x1218'
-    PAGE:
-      Entropy: 6.268060315888827
-      Virtual Size: '0x1c4b'
-    INIT:
-      Entropy: 5.3650712692664975
-      Virtual Size: '0x13dc'
-    .rsrc:
-      Entropy: 3.3859195680143874
-      Virtual Size: '0x3d8'
-    .reloc:
-      Entropy: 5.435120402444784
-      Virtual Size: '0x1a0'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2020-12-01 01:05:41'
-  Imphash: 3702511999371bac8982d01820dd70f2
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: aswArPot.sys
-  MD5: 66e0db8a5b0425459d0430547ecbb3db
-  SHA1: 7cee31d3aaee8771c872626feedeeb5d09db008c
-  SHA256: 34e0364a4952d914f23f271d36e11161fb6bb7b64aea22ff965a967825a4a4bf
-  Authentihash:
-    MD5: b8a542fc08dd527ce67d711ff876a3db
-    SHA1: 47edc88c38f2abfbc06a5d7d1b54d14ac93acc22
-    SHA256: f6cb70c945e7b3723de1d334aa2fb97bb8ddb9f68e409deeb9988f446546a57c
-  Description: AVG Anti Rootkit
-  Company: AVG Technologies CZ, s.r.o.
-  InternalName: aswArPot
-  OriginalFilename: aswArPot.sys
-  FileVersion: 20.5.96.0
-  Product: 'AVG Internet Security System '
-  ProductVersion: 20.5.96.0
-  Copyright: Copyright (C) 2020 AVG Technologies CZ, s.r.o.
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - __C_specific_handler
-  - KeDelayExecutionThread
-  - IoAllocateWorkItem
-  - MmIsAddressValid
-  - MmUnlockPages
-  - ExAllocatePool
-  - RtlAnsiStringToUnicodeString
-  - KeAcquireSpinLockRaiseToDpc
-  - ZwQuerySystemInformation
-  - PsRemoveLoadImageNotifyRoutine
-  - ZwUnmapViewOfSection
-  - ZwQuerySymbolicLinkObject
-  - MmProbeAndLockPages
-  - RtlVolumeDeviceToDosName
-  - PsSetLoadImageNotifyRoutine
-  - IoGetRequestorProcessId
-  - ZwReadFile
-  - ObQueryNameString
-  - ZwOpenThreadTokenEx
-  - ZwOpenProcessTokenEx
-  - towlower
-  - NtBuildNumber
-  - ExReleaseFastMutex
-  - _wcsicmp
-  - _snwprintf
-  - RtlConvertSidToUnicodeString
-  - ObfDereferenceObject
-  - IoAllocateMdl
-  - ZwCreateSection
-  - ZwQueryInformationProcess
-  - PsGetProcessId
-  - PsCreateSystemThread
-  - ZwQueryInformationThread
-  - RtlInitUnicodeString
-  - ZwOpenSymbolicLinkObject
-  - tolower
-  - PsRemoveCreateThreadNotifyRoutine
-  - IoDeleteDevice
-  - IoBuildDeviceIoControlRequest
-  - wcsncpy
-  - IoGetDeviceObjectPointer
-  - IoGetCurrentProcess
-  - ObOpenObjectByPointer
-  - strncpy
-  - KeReleaseSpinLock
-  - _strnicmp
-  - IoFileObjectType
-  - KeStackAttachProcess
-  - PsLookupProcessByProcessId
-  - PsGetCurrentProcessId
-  - KeSetEvent
-  - PsThreadType
-  - RtlUnicodeStringToAnsiString
-  - ZwQueryInformationToken
-  - ZwMapViewOfSection
-  - strncmp
-  - ObReferenceObjectByHandle
-  - RtlGetVersion
-  - PsGetThreadId
-  - PsGetVersion
-  - KeClearEvent
-  - IoGetBaseFileSystemDeviceObject
-  - wcschr
-  - ZwSetInformationFile
-  - ZwEnumerateKey
-  - IoFreeMdl
-  - wcsstr
-  - ExAcquireFastMutex
-  - MmGetSystemRoutineAddress
-  - IoFreeWorkItem
-  - _stricmp
-  - ExAllocatePoolWithTag
-  - RtlInitString
-  - IofCallDriver
-  - IoDeviceObjectType
-  - _snprintf
-  - ExFreePoolWithTag
-  - ZwOpenFile
-  - KeSetSystemAffinityThread
-  - strstr
-  - KeInitializeEvent
-  - ObReferenceObjectByName
-  - strchr
-  - _wcsnicmp
-  - KeQueryActiveProcessors
-  - RtlEqualSid
-  - IoQueueWorkItem
-  - MmUnmapLockedPages
-  - MmMapLockedPagesSpecifyCache
-  - PsSetCreateThreadNotifyRoutine
-  - PsGetCurrentThreadId
-  - IofCompleteRequest
-  - PsGetProcessWin32Process
-  - ExEventObjectType
-  - ZwQueryInformationFile
-  - KeWaitForSingleObject
-  - IoCreateSymbolicLink
-  - PsSetCreateProcessNotifyRoutine
-  - IoDriverObjectType
-  - PsLookupThreadByThreadId
-  - IoGetDeviceInterfaces
-  - ZwClose
-  - PsTerminateSystemThread
-  - wcsrchr
-  - strrchr
-  - SeExports
-  - KeUnstackDetachProcess
-  - KeResetEvent
-  - KeRevertToUserAffinityThread
-  - ZwOpenProcess
-  - wcsncmp
-  - ZwOpenKey
-  - PsGetThreadProcess
-  - IoDetachDevice
-  - IoAttachDeviceToDeviceStackSafe
-  - IoThreadToProcess
-  - PsInitialSystemProcess
-  - IoCreateDevice
-  - KeInsertQueueDpc
-  - KeNumberProcessors
-  - KeInitializeDpc
-  - KeSetTargetProcessorDpc
-  - PsProcessType
-  - MmMapIoSpace
-  - MmUnmapIoSpace
-  - ZwDeleteFile
-  - KeAttachProcess
-  - KeDetachProcess
-  - RtlCompareUnicodeString
-  - ZwWriteFile
-  - NtClose
-  - ObfReferenceObject
-  - IoBuildSynchronousFsdRequest
-  - ZwOpenThread
-  - ZwTerminateProcess
-  - RtlEqualUnicodeString
-  - IoFreeIrp
-  - ZwQueryDirectoryObject
-  - KeBugCheck
-  - ZwOpenDirectoryObject
-  - IoAllocateIrp
-  - KdDebuggerNotPresent
-  - ZwSetSecurityObject
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - RtlGetSaclSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - RtlLengthSecurityDescriptor
-  - RtlCreateSecurityDescriptor
-  - RtlAbsoluteToSelfRelativeSD
-  - RtlAddAccessAllowedAce
-  - RtlLengthSid
-  - IoIsWdmVersionAvailable
-  - RtlSetDaclSecurityDescriptor
-  - ZwSetValueKey
-  - ZwQueryValueKey
-  - ZwCreateKey
-  - RtlFreeUnicodeString
-  - KeBugCheckEx
-  - RtlQueryRegistryValues
-  - RtlPrefixUnicodeString
-  - ExRegisterCallback
-  - ExCreateCallback
-  - ExUnregisterCallback
-  - strcmp
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: C=US, ST=North Carolina, L=Newton, O=AVG Technologies USA, LLC, OU=RE
-        999, CN=AVG Technologies USA, LLC
-      ValidFrom: '2020-01-27 00:00:00'
-      ValidTo: '2022-10-20 12:00:00'
-      Signature: b02cbaf178caf97fa7c0182c25b4c97d4e68127e4d5634609757bcbc051eb94254bb50e112e72505e7f9c6dbd92622287bacbcd726fa911b3b3e36ccc88f8794e980c0b0409efc87fb04d88a15df20dedb23ced152779b799359e4d3b553eb4c6c6ea61216899a0d9cc97de7f7e21ce374d5430e2dcfbb3b6f653db2d236f59bb22bd65e0787a65610c4fde1463a5be08e4710fb4e1ae7c00080edb315995b06297431ce4a9821d1050aa7061ef26c182482d09ba42001ab103c882c01f312411130490aa7820ff72902e723a864b881066e2d7883afdb5ba9d3027550f6a3761669e42b425ad61f76e2add3dd012558bd769b76f8f37843243dfbd0a2efa363
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03ec0c9015079fab8a6f3fc9f839311c
-      Version: 3
-      TBS:
-        MD5: bf2831557abdf7e58917d0a2608080a5
-        SHA1: 24ece342e4c4f2f17f32e6924f48c240ad6300ff
-        SHA256: 1afa061865098b2da9d030bc9f5815ad98e59fa847903692e52d6ba0bbf260dd
-        SHA384: 0bed85528163e2befed14755c2dcaf02acea62bdf352d3f964cfeaa2883bebea3e186aa26ce12e4df1dfd6d235bf9bb6
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
-      Version: 3
-      TBS:
-        MD5: 829995f702421dea833a24fb2c7f4442
-        SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
-        SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
-        SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 03ec0c9015079fab8a6f3fc9f839311c
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      Version: 1
-  RichPEHeaderHash:
-    MD5: e8033ae063a3483aec0d2fa55081ff62
-    SHA1: fef047c18b115c601ddfd833e1cb5784ca1afbd7
-    SHA256: fe30a08a31a5f4687353c7b08444b72fb6402a51b0586f0ade667983f833c4a5
-  Sections:
-    .text:
-      Entropy: 6.37980416282674
-      Virtual Size: '0x21d62'
-    .rdata:
-      Entropy: 5.71353590549718
-      Virtual Size: '0x3b1c'
-    .data:
-      Entropy: 2.7078442579876167
-      Virtual Size: '0x259b0'
-    .pdata:
-      Entropy: 5.4286864002584405
-      Virtual Size: '0x11dc'
-    PAGE:
-      Entropy: 6.273919225206701
-      Virtual Size: '0x1c4b'
-    INIT:
-      Entropy: 5.3629488423190335
-      Virtual Size: '0x13dc'
-    .rsrc:
-      Entropy: 3.3633774294809733
-      Virtual Size: '0x3d0'
-    .reloc:
-      Entropy: 5.3833020583275815
-      Virtual Size: '0x188'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2020-06-23 10:34:33'
-  Imphash: 26150d69f50aa9247c3f3f17521d18a2
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: aswArPot.sys
-  MD5: cb31f1b637056a3d374e22865c41e6d9
-  SHA1: 24b47ba7179755e3b12a59d55ae6b2c3d2bd1505
-  SHA256: 36e3127f045ef1fa7426a3ff8c441092d3b66923d2b69826034e48306609e289
-  Authentihash:
-    MD5: 0f3a942c946055cb40ee138ceb5f57d9
-    SHA1: 2989078f9ab5fc078bf801fcdc49674e3fc1d187
-    SHA256: 5af59d6ca109b5cae3350b48b85274ce181e45be4c7f7156bdf58ca3ca7f4188
-  Description: Avast Anti Rootkit
-  Company: AVAST Software
-  InternalName: aswArPot
-  OriginalFilename: aswArPot.sys
-  FileVersion: 20.3.68.0
-  Product: 'Avast Antivirus '
-  ProductVersion: 20.3.68.0
-  Copyright: Copyright (c) 2020 AVAST Software
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - __C_specific_handler
-  - KeDelayExecutionThread
-  - IoAllocateWorkItem
-  - MmIsAddressValid
-  - MmUnlockPages
-  - ExAllocatePool
-  - RtlAnsiStringToUnicodeString
-  - KeAcquireSpinLockRaiseToDpc
-  - ZwQuerySystemInformation
-  - PsRemoveLoadImageNotifyRoutine
-  - ZwUnmapViewOfSection
-  - ZwQuerySymbolicLinkObject
-  - MmProbeAndLockPages
-  - RtlVolumeDeviceToDosName
-  - PsSetLoadImageNotifyRoutine
-  - IoGetRequestorProcessId
-  - ZwReadFile
-  - ObQueryNameString
-  - ZwOpenThreadTokenEx
-  - ZwOpenProcessTokenEx
-  - towlower
-  - NtBuildNumber
-  - ExReleaseFastMutex
-  - _wcsicmp
-  - _snwprintf
-  - RtlConvertSidToUnicodeString
-  - ObfDereferenceObject
-  - IoAllocateMdl
-  - ZwCreateSection
-  - ZwQueryInformationProcess
-  - PsGetProcessId
-  - PsCreateSystemThread
-  - ZwQueryInformationThread
-  - RtlInitUnicodeString
-  - ZwOpenSymbolicLinkObject
-  - tolower
-  - PsRemoveCreateThreadNotifyRoutine
-  - IoDeleteDevice
-  - IoBuildDeviceIoControlRequest
-  - wcsncpy
-  - IoGetDeviceObjectPointer
-  - IoGetCurrentProcess
-  - ObOpenObjectByPointer
-  - strncpy
-  - KeReleaseSpinLock
-  - _strnicmp
-  - IoFileObjectType
-  - KeStackAttachProcess
-  - PsLookupProcessByProcessId
-  - PsGetCurrentProcessId
-  - KeSetEvent
-  - PsThreadType
-  - RtlUnicodeStringToAnsiString
-  - ZwQueryInformationToken
-  - ZwMapViewOfSection
-  - strncmp
-  - ObReferenceObjectByHandle
-  - RtlGetVersion
-  - PsGetThreadId
-  - PsGetVersion
-  - KeClearEvent
-  - IoGetBaseFileSystemDeviceObject
-  - wcschr
-  - ZwSetInformationFile
-  - ZwEnumerateKey
-  - IoFreeMdl
-  - wcsstr
-  - ExAcquireFastMutex
-  - MmGetSystemRoutineAddress
-  - IoFreeWorkItem
-  - _stricmp
-  - ExAllocatePoolWithTag
-  - RtlInitString
-  - IofCallDriver
-  - IoDeviceObjectType
-  - _snprintf
-  - ExFreePoolWithTag
-  - ZwOpenFile
-  - KeSetSystemAffinityThread
-  - strstr
-  - KeInitializeEvent
-  - ObReferenceObjectByName
-  - strchr
-  - _wcsnicmp
-  - KeQueryActiveProcessors
-  - RtlEqualSid
-  - IoQueueWorkItem
-  - MmUnmapLockedPages
-  - MmMapLockedPagesSpecifyCache
-  - PsSetCreateThreadNotifyRoutine
-  - PsGetCurrentThreadId
-  - IofCompleteRequest
-  - PsGetProcessWin32Process
-  - ExEventObjectType
-  - ZwQueryInformationFile
-  - KeWaitForSingleObject
-  - IoCreateSymbolicLink
-  - PsSetCreateProcessNotifyRoutine
-  - IoDriverObjectType
-  - PsLookupThreadByThreadId
-  - IoGetDeviceInterfaces
-  - ZwClose
-  - PsTerminateSystemThread
-  - wcsrchr
-  - strrchr
-  - SeExports
-  - KeUnstackDetachProcess
-  - KeResetEvent
-  - KeRevertToUserAffinityThread
-  - ZwOpenProcess
-  - wcsncmp
-  - ZwOpenKey
-  - PsGetThreadProcess
-  - IoDetachDevice
-  - IoAttachDeviceToDeviceStackSafe
-  - IoThreadToProcess
-  - PsInitialSystemProcess
-  - IoCreateDevice
-  - KeInsertQueueDpc
-  - KeNumberProcessors
-  - KeInitializeDpc
-  - KeSetTargetProcessorDpc
-  - PsProcessType
-  - MmMapIoSpace
-  - MmUnmapIoSpace
-  - ZwDeleteFile
-  - KeAttachProcess
-  - KeDetachProcess
-  - RtlCompareUnicodeString
-  - ZwWriteFile
-  - NtClose
-  - ObfReferenceObject
-  - IoBuildSynchronousFsdRequest
-  - ZwOpenThread
-  - ZwTerminateProcess
-  - RtlEqualUnicodeString
-  - IoFreeIrp
-  - ZwQueryDirectoryObject
-  - KeBugCheck
-  - ZwOpenDirectoryObject
-  - IoAllocateIrp
-  - KdDebuggerNotPresent
-  - ZwSetSecurityObject
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - RtlGetSaclSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - RtlLengthSecurityDescriptor
-  - RtlCreateSecurityDescriptor
-  - RtlAbsoluteToSelfRelativeSD
-  - RtlAddAccessAllowedAce
-  - RtlLengthSid
-  - IoIsWdmVersionAvailable
-  - RtlSetDaclSecurityDescriptor
-  - ZwSetValueKey
-  - ZwQueryValueKey
-  - ZwCreateKey
-  - RtlFreeUnicodeString
-  - KeBugCheckEx
-  - RtlQueryRegistryValues
-  - RtlPrefixUnicodeString
-  - ExRegisterCallback
-  - ExCreateCallback
-  - ExUnregisterCallback
-  - strcmp
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=CZ, L=Praha, O=Avast Software s.r.o., OU=RE 999, CN=Avast Software
-        s.r.o.
-      ValidFrom: '2019-12-02 00:00:00'
-      ValidTo: '2022-10-19 12:00:00'
-      Signature: 874d04f17ffc50e66100207e56ecc8ae7e81c1957a7600295ead9db28842c7c05e06e8e28ccfc1e9d45d7a55d6d4a2fb74d72600a79ef5bfa53acaa4f3a4fcaf90a2554fc37742dd44c83a90880f948f5538637c0d999b03ebbf20cc001293a5639d44ad950cacfce2a337f7a24b817a5b85df89f6acf49974adee1d867373e6534a3f3558e59f87d06afe5744ec575b66c76110a595471007b209c591984f0ff20ea4c87ac405c85f42f0b105b04ec2ced11ca9cfb6aef21a3c6ae9ccd2a9cb4a9f78244751b15bfccb32ec3a52d44258bad6fc6d9f24c24700e9e1c4c0c29b9db4683c526a92934d72367620c6a89119e7a678597d7603c62b1c22f54edfad
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03f02aca051d1c9330eeabd3706e836f
-      Version: 3
-      TBS:
-        MD5: f251d9cde0901fb67831855b4a592b51
-        SHA1: cd0ac068faea4b875ded287512f20b6ba8dcb457
-        SHA256: 247e040822854e1a4cbc3488782a9e96db6bffa9bdfe36406a46e3f88695d423
-        SHA384: c6a765c300f3ee36604e9c51a9fcd18071b0cd0bd15b3ad69350f04a0b1b5ef7b71556af698a1e8988bf91cd8b2a6104
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
-      Version: 3
-      TBS:
-        MD5: 829995f702421dea833a24fb2c7f4442
-        SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
-        SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
-        SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 03f02aca051d1c9330eeabd3706e836f
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 5a489fed9ab25dab8eb1e8de57816a5b
-    SHA1: e1f992c705eb87c462152c01a8db69d1df44aacb
-    SHA256: 13fb8d5234772b9e76b9929957aa21c6a9395cc3892f69dcd599f7682daff315
-  Sections:
-    .text:
-      Entropy: 6.37980416282674
-      Virtual Size: '0x21d62'
-    .rdata:
-      Entropy: 5.714116767013148
-      Virtual Size: '0x3b1c'
-    .data:
-      Entropy: 2.7078442579876167
-      Virtual Size: '0x259b0'
-    .pdata:
-      Entropy: 5.4286864002584405
-      Virtual Size: '0x11dc'
-    PAGE:
-      Entropy: 6.273919225206701
-      Virtual Size: '0x1c4b'
-    INIT:
-      Entropy: 5.3629488423190335
-      Virtual Size: '0x13dc'
-    .rsrc:
-      Entropy: 3.284445299481583
-      Virtual Size: '0x390'
-    .reloc:
-      Entropy: 5.3833020583275815
-      Virtual Size: '0x188'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2020-04-28 12:47:01'
-  Imphash: 26150d69f50aa9247c3f3f17521d18a2
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: aswArPot.sys
-  MD5: d0a5b98788e480c12afc65ad3e6d4478
-  SHA1: 6c445ceb38d5b1212ce2e7498888dd9562a57875
-  SHA256: 3b6e85c8fed9e39b21b2eab0b69bc464272b2c92961510c36e2e2df7aa39861b
-  Authentihash:
-    MD5: 8bbe86720ded843c4a0023310a403879
-    SHA1: 2035334476f2c5f82a5e71c04bbf82aa51b2f41b
-    SHA256: 4e89a5a25969953961db2a2a1a5c73c8af48f7af169ac3fd098171556bf0854d
-  Description: Avast Anti Rootkit
-  Company: AVAST Software
-  InternalName: aswArPot
-  OriginalFilename: aswArPot.sys
-  FileVersion: 20.7.113.0
-  Product: 'Avast Antivirus '
-  ProductVersion: 20.7.113.0
-  Copyright: Copyright (c) 2020 AVAST Software
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - __C_specific_handler
-  - KeDelayExecutionThread
-  - IoAllocateWorkItem
-  - MmIsAddressValid
-  - MmUnlockPages
-  - ExAllocatePool
-  - RtlAnsiStringToUnicodeString
-  - KeAcquireSpinLockRaiseToDpc
-  - ZwQuerySystemInformation
-  - PsRemoveLoadImageNotifyRoutine
-  - ZwUnmapViewOfSection
-  - ZwQuerySymbolicLinkObject
-  - MmProbeAndLockPages
-  - RtlVolumeDeviceToDosName
-  - PsSetLoadImageNotifyRoutine
-  - IoGetRequestorProcessId
-  - ZwReadFile
-  - ObQueryNameString
-  - ZwOpenThreadTokenEx
-  - ZwOpenProcessTokenEx
-  - towlower
-  - NtBuildNumber
-  - ExReleaseFastMutex
-  - _wcsicmp
-  - _snwprintf
-  - RtlConvertSidToUnicodeString
-  - ObfDereferenceObject
-  - IoAllocateMdl
-  - ZwCreateSection
-  - ZwQueryInformationProcess
-  - PsGetProcessId
-  - PsCreateSystemThread
-  - ZwQueryInformationThread
-  - RtlInitUnicodeString
-  - ZwOpenSymbolicLinkObject
-  - tolower
-  - PsRemoveCreateThreadNotifyRoutine
-  - IoDeleteDevice
-  - IoBuildDeviceIoControlRequest
-  - wcsncpy
-  - IoGetDeviceObjectPointer
-  - IoGetCurrentProcess
-  - ObOpenObjectByPointer
-  - strncpy
-  - KeReleaseSpinLock
-  - _strnicmp
-  - IoFileObjectType
-  - KeStackAttachProcess
-  - PsLookupProcessByProcessId
-  - PsGetCurrentProcessId
-  - KeSetEvent
-  - PsThreadType
-  - RtlUnicodeStringToAnsiString
-  - ZwQueryInformationToken
-  - ZwMapViewOfSection
-  - strncmp
-  - ObReferenceObjectByHandle
-  - RtlGetVersion
-  - PsGetThreadId
-  - PsGetVersion
-  - KeClearEvent
-  - IoGetBaseFileSystemDeviceObject
-  - wcschr
-  - ZwSetInformationFile
-  - ZwEnumerateKey
-  - IoFreeMdl
-  - wcsstr
-  - ExAcquireFastMutex
-  - MmGetSystemRoutineAddress
-  - IoFreeWorkItem
-  - _stricmp
-  - ExAllocatePoolWithTag
-  - RtlInitString
-  - IofCallDriver
-  - IoDeviceObjectType
-  - _snprintf
-  - ExFreePoolWithTag
-  - ZwOpenFile
-  - KeSetSystemAffinityThread
-  - strstr
-  - KeInitializeEvent
-  - ObReferenceObjectByName
-  - strchr
-  - _wcsnicmp
-  - KeQueryActiveProcessors
-  - RtlEqualSid
-  - IoQueueWorkItem
-  - MmUnmapLockedPages
-  - MmMapLockedPagesSpecifyCache
-  - PsSetCreateThreadNotifyRoutine
-  - PsGetCurrentThreadId
-  - IofCompleteRequest
-  - PsGetProcessWin32Process
-  - ExEventObjectType
-  - ZwQueryInformationFile
-  - KeWaitForSingleObject
-  - IoCreateSymbolicLink
-  - PsSetCreateProcessNotifyRoutine
-  - IoDriverObjectType
-  - PsLookupThreadByThreadId
-  - IoGetDeviceInterfaces
-  - ZwClose
-  - PsTerminateSystemThread
-  - wcsrchr
-  - strrchr
-  - SeExports
-  - KeUnstackDetachProcess
-  - KeResetEvent
-  - KeRevertToUserAffinityThread
-  - ZwOpenProcess
-  - wcsncmp
-  - ZwOpenKey
-  - PsGetThreadProcess
-  - IoDetachDevice
-  - IoAttachDeviceToDeviceStackSafe
-  - IoThreadToProcess
-  - PsInitialSystemProcess
-  - IoCreateDevice
-  - KeInsertQueueDpc
-  - KeNumberProcessors
-  - KeInitializeDpc
-  - KeSetTargetProcessorDpc
-  - PsProcessType
-  - MmMapIoSpace
-  - MmUnmapIoSpace
-  - ZwDeleteFile
-  - KeAttachProcess
-  - KeDetachProcess
-  - RtlCompareUnicodeString
-  - ZwWriteFile
-  - NtClose
-  - ObfReferenceObject
-  - IoBuildSynchronousFsdRequest
-  - ZwOpenThread
-  - ZwTerminateProcess
-  - RtlEqualUnicodeString
-  - IoFreeIrp
-  - ZwQueryDirectoryObject
-  - KeBugCheck
-  - ZwOpenDirectoryObject
-  - IoAllocateIrp
-  - KdDebuggerNotPresent
-  - ZwSetSecurityObject
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - RtlGetSaclSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - RtlLengthSecurityDescriptor
-  - RtlCreateSecurityDescriptor
-  - RtlAbsoluteToSelfRelativeSD
-  - RtlAddAccessAllowedAce
-  - RtlLengthSid
-  - IoIsWdmVersionAvailable
-  - RtlSetDaclSecurityDescriptor
-  - ZwSetValueKey
-  - ZwQueryValueKey
-  - ZwCreateKey
-  - RtlFreeUnicodeString
-  - KeBugCheckEx
-  - RtlQueryRegistryValues
-  - RtlPrefixUnicodeString
-  - ExRegisterCallback
-  - ExCreateCallback
-  - ExUnregisterCallback
-  - strcmp
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=CZ, L=Praha, O=Avast Software s.r.o., OU=RE 999, CN=Avast Software
-        s.r.o.
-      ValidFrom: '2019-12-02 00:00:00'
-      ValidTo: '2022-10-19 12:00:00'
-      Signature: 874d04f17ffc50e66100207e56ecc8ae7e81c1957a7600295ead9db28842c7c05e06e8e28ccfc1e9d45d7a55d6d4a2fb74d72600a79ef5bfa53acaa4f3a4fcaf90a2554fc37742dd44c83a90880f948f5538637c0d999b03ebbf20cc001293a5639d44ad950cacfce2a337f7a24b817a5b85df89f6acf49974adee1d867373e6534a3f3558e59f87d06afe5744ec575b66c76110a595471007b209c591984f0ff20ea4c87ac405c85f42f0b105b04ec2ced11ca9cfb6aef21a3c6ae9ccd2a9cb4a9f78244751b15bfccb32ec3a52d44258bad6fc6d9f24c24700e9e1c4c0c29b9db4683c526a92934d72367620c6a89119e7a678597d7603c62b1c22f54edfad
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03f02aca051d1c9330eeabd3706e836f
-      Version: 3
-      TBS:
-        MD5: f251d9cde0901fb67831855b4a592b51
-        SHA1: cd0ac068faea4b875ded287512f20b6ba8dcb457
-        SHA256: 247e040822854e1a4cbc3488782a9e96db6bffa9bdfe36406a46e3f88695d423
-        SHA384: c6a765c300f3ee36604e9c51a9fcd18071b0cd0bd15b3ad69350f04a0b1b5ef7b71556af698a1e8988bf91cd8b2a6104
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
-      Version: 3
-      TBS:
-        MD5: 829995f702421dea833a24fb2c7f4442
-        SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
-        SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
-        SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 03f02aca051d1c9330eeabd3706e836f
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      Version: 1
-  RichPEHeaderHash:
-    MD5: e8033ae063a3483aec0d2fa55081ff62
-    SHA1: fef047c18b115c601ddfd833e1cb5784ca1afbd7
-    SHA256: fe30a08a31a5f4687353c7b08444b72fb6402a51b0586f0ade667983f833c4a5
-  Sections:
-    .text:
-      Entropy: 6.382035112661383
-      Virtual Size: '0x21e62'
-    .rdata:
-      Entropy: 5.715693652903285
-      Virtual Size: '0x3b24'
-    .data:
-      Entropy: 2.7169953597230534
-      Virtual Size: '0x259b0'
-    .pdata:
-      Entropy: 5.4323977966026975
-      Virtual Size: '0x11dc'
-    PAGE:
-      Entropy: 6.273110218235552
-      Virtual Size: '0x1c4b'
-    INIT:
-      Entropy: 5.36403021726766
-      Virtual Size: '0x13dc'
-    .rsrc:
-      Entropy: 3.2877883121595066
-      Virtual Size: '0x398'
-    .reloc:
-      Entropy: 5.3833020583275815
-      Virtual Size: '0x188'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2020-08-21 04:32:58'
-  Imphash: 26150d69f50aa9247c3f3f17521d18a2
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: aswArPot.sys
-  MD5: 84c4d8ae023ca9bb60694fa467141247
-  SHA1: 79f1a6f5486523e6d8dcfef696bc949fc767613d
-  SHA256: 4da08c0681fbe028b60a1eaf5cb8890bd3eba4d0e6a8b976495ddcd315e147ba
-  Authentihash:
-    MD5: 739b545edae1f711d7c566f740cdc018
-    SHA1: a3eb3e15e851a8744781889ca4e728bb9c67070f
-    SHA256: cd3b38875c8b727f18cec382698624679d6413f02cf33d82a7c93b9595860b6d
-  Description: Avast anti rootkit
-  Company: AVAST Software
-  InternalName: aswArPot.sys
-  OriginalFilename: aswArPot.sys
-  FileVersion: 18.7.4016.0
-  Product: 'Avast Antivirus '
-  ProductVersion: 18.7.4016.0
-  Copyright: Copyright (c) 2018 AVAST Software
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - wcschr
-  - MmUnmapLockedPages
-  - _stricmp
-  - _wcsicmp
-  - towlower
-  - _strnicmp
-  - ExAllocatePoolWithTag
-  - PsGetProcessWin32Process
-  - KeClearEvent
-  - RtlVolumeDeviceToDosName
-  - KeQueryActiveProcessors
-  - RtlConvertSidToUnicodeString
-  - IoBuildDeviceIoControlRequest
-  - ExFreePoolWithTag
-  - KeResetEvent
-  - ExReleaseFastMutex
-  - IoGetBaseFileSystemDeviceObject
-  - strncmp
-  - ZwOpenThreadTokenEx
-  - RtlAnsiStringToUnicodeString
-  - ExAcquireFastMutex
-  - PsSetLoadImageNotifyRoutine
-  - _snwprintf
-  - NtBuildNumber
-  - PsRemoveCreateThreadNotifyRoutine
-  - PsLookupProcessByProcessId
-  - ZwQuerySymbolicLinkObject
-  - _wcsnicmp
-  - ZwReadFile
-  - strstr
-  - ZwMapViewOfSection
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeSetEvent
-  - wcsncpy
-  - RtlEqualSid
-  - strchr
-  - IoFreeWorkItem
-  - MmGetSystemRoutineAddress
-  - KeInitializeEvent
-  - PsSetCreateThreadNotifyRoutine
-  - RtlUnicodeStringToAnsiString
-  - _snprintf
-  - RtlGetVersion
-  - ZwQuerySystemInformation
-  - RtlInitString
-  - KeReleaseSpinLock
-  - PsSetCreateProcessNotifyRoutine
-  - ZwOpenSymbolicLinkObject
-  - IoFreeMdl
-  - KeUnstackDetachProcess
-  - ZwOpenProcessTokenEx
-  - ZwSetInformationFile
-  - KeDelayExecutionThread
-  - ObQueryNameString
-  - strncpy
-  - IoFileObjectType
-  - IoDriverObjectType
-  - wcsrchr
-  - wcsstr
-  - PsCreateSystemThread
-  - MmMapLockedPagesSpecifyCache
-  - IoGetDeviceObjectPointer
-  - ZwUnmapViewOfSection
-  - ExAllocatePool
-  - PsTerminateSystemThread
-  - IoGetCurrentProcess
-  - ExEventObjectType
-  - IoAllocateWorkItem
-  - ZwClose
-  - IofCompleteRequest
-  - ObReferenceObjectByHandle
-  - KeWaitForSingleObject
-  - PsRemoveLoadImageNotifyRoutine
-  - IoGetRequestorProcessId
-  - MmProbeAndLockPages
-  - PsGetVersion
-  - KeRevertToUserAffinityThread
-  - PsThreadType
-  - IoGetDeviceInterfaces
-  - ZwOpenProcess
-  - SeExports
-  - MmUnlockPages
-  - strrchr
-  - ZwQueryInformationProcess
-  - IoCreateSymbolicLink
-  - PsGetCurrentThreadId
-  - PsGetCurrentProcessId
-  - KeSetSystemAffinityThread
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - ZwCreateSection
-  - ObReferenceObjectByName
-  - IoQueueWorkItem
-  - IoDeviceObjectType
-  - ZwOpenFile
-  - wcsncmp
-  - ZwQueryInformationToken
-  - ZwQueryInformationFile
-  - ZwQueryInformationThread
-  - ObOpenObjectByPointer
-  - KeStackAttachProcess
-  - PsLookupThreadByThreadId
-  - ZwEnumerateKey
-  - IoAllocateMdl
-  - IofCallDriver
-  - ZwOpenKey
-  - KeAcquireSpinLockRaiseToDpc
-  - IoThreadToProcess
-  - IoAttachDeviceToDeviceStackSafe
-  - IoDetachDevice
-  - PsInitialSystemProcess
-  - IoCreateDevice
-  - PsProcessType
-  - KeDetachProcess
-  - KeAttachProcess
-  - ZwDeleteFile
-  - IoBuildSynchronousFsdRequest
-  - NtClose
-  - RtlCompareUnicodeString
-  - ObfReferenceObject
-  - ZwWriteFile
-  - ZwOpenThread
-  - ZwTerminateProcess
-  - RtlEqualUnicodeString
-  - ZwOpenDirectoryObject
-  - KeBugCheck
-  - ZwQueryDirectoryObject
-  - IoFreeIrp
-  - IoAllocateIrp
-  - KdDebuggerNotPresent
-  - KeSetTargetProcessorDpc
-  - KeInitializeDpc
-  - KeInsertQueueDpc
-  - KeNumberProcessors
-  - KeBugCheckEx
-  - ZwSetSecurityObject
-  - RtlLengthSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - RtlCreateSecurityDescriptor
-  - RtlSetDaclSecurityDescriptor
-  - RtlAbsoluteToSelfRelativeSD
-  - IoIsWdmVersionAvailable
-  - RtlLengthSid
-  - RtlAddAccessAllowedAce
-  - RtlGetSaclSecurityDescriptor
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - ZwCreateKey
-  - ZwQueryValueKey
-  - ZwSetValueKey
-  - RtlFreeUnicodeString
-  - RtlQueryRegistryValues
-  - RtlPrefixUnicodeString
-  - ExUnregisterCallback
-  - ExRegisterCallback
-  - ExCreateCallback
-  - __C_specific_handler
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=CZ, L=Praha 4, O=AVAST Software s.r.o., CN=AVAST Software s.r.o.
-      ValidFrom: '2016-09-06 00:00:00'
-      ValidTo: '2019-10-04 12:00:00'
-      Signature: 56220de8a9a65fffbff97ff463c4026ec9be68fe98bfa0b20a722df84322a44dbc98f25b87ee42da3a06a6cedef076de22e0d7e02d41201156875341cd24badedb8aa5afa133e9ed688fc45aeb37a74fbe399828143561fd717fa7bed97cb5d42643494462fef349f3300daff13660a9e50f85d1110de96d1300e0e730d2b6689fd53eb7a72f4f3112dffa2c1caf17cb64c22509d82b5ce1c2181c2faac22fce3981e683183d6da50d1c17dec375c370f5feb5abfbc6dca4cdd47a5b14375870de6dc346361d8997e79f19819f5168f9b01c9aacc210f2322248adc375a2782b64881c6a557677815c39b024555cc0adca920a617e0ecb385eb47213b1553c80
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 07c70f7cab145bc1ed385fbe69fa3130
-      Version: 3
-      TBS:
-        MD5: 2e1a5012cbe8b95785c794bc1c5584c3
-        SHA1: f4753b06b08938794c32c2475cee663143036d08
-        SHA256: fcad609a3259e3ca079248302a7e694f40e66a7090e510c8c3e821d7a8da82a5
-        SHA384: 08a8396996a9ecb96b22a85d6adf3f8b1117f3a880b1d4af12e4de8e8005897a7073d6d5368cb92f701f466ec227e2a6
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
-      Version: 3
-      TBS:
-        MD5: 829995f702421dea833a24fb2c7f4442
-        SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
-        SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
-        SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 07c70f7cab145bc1ed385fbe69fa3130
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 382c4767d71156621da4d8ab3193017a
-    SHA1: 20e40fd8dd4465dfd940c017e5cb26819d5cbed7
-    SHA256: cc76cbedaf6062b99e917cf31a8cce723c854d10d1afd041e4ca85ceabb39c4b
-  Sections:
-    .text:
-      Entropy: 6.335598955768239
-      Virtual Size: '0x2133c'
-    .rdata:
-      Entropy: 5.842242988112416
-      Virtual Size: '0x30bc'
-    .data:
-      Entropy: 1.9686843664265543
-      Virtual Size: '0x25ac0'
-    .pdata:
-      Entropy: 5.347767841792384
-      Virtual Size: '0x10a4'
-    PAGE:
-      Entropy: 6.236243477409071
-      Virtual Size: '0x19f7'
-    INIT:
-      Entropy: 5.308986664848571
-      Virtual Size: '0x130e'
-    .rsrc:
-      Entropy: 3.3372757283734344
-      Virtual Size: '0x370'
-    .reloc:
-      Entropy: 2.585838337225609
-      Virtual Size: '0x4ba'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2018-09-24 07:23:41'
-  Imphash: dd406d43857d7f5ad1b0aec04fdb7e5f
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: aswArPot.sys
-  MD5: 14add4f16d80595e6e816abf038141e5
-  SHA1: 218e4bbdd5ce810c48b938307d01501c442b75f4
-  SHA256: 5bd41a29cbba0d24e639f49d1f201b9bd119b11f5e3b8a5fefa3a5c6f1e7692c
-  Authentihash:
-    MD5: d81a508b30f8107d9b43c7eef68821b9
-    SHA1: c1c619cdc11eecf093afe9d9a96a3236d1dab348
-    SHA256: 0bc755f3e24023d931c637b4c734ae3a4d50567c87fd025114e0520413721751
-  Description: AVG Anti Rootkit
-  Company: AVG Technologies CZ, s.r.o.
-  InternalName: aswArPot
-  OriginalFilename: aswArPot.sys
-  FileVersion: 20.6.107.0
-  Product: 'AVG Internet Security System '
-  ProductVersion: 20.6.107.0
-  Copyright: Copyright (C) 2020 AVG Technologies CZ, s.r.o.
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - __C_specific_handler
-  - KeDelayExecutionThread
-  - IoAllocateWorkItem
-  - MmIsAddressValid
-  - MmUnlockPages
-  - ExAllocatePool
-  - RtlAnsiStringToUnicodeString
-  - KeAcquireSpinLockRaiseToDpc
-  - ZwQuerySystemInformation
-  - PsRemoveLoadImageNotifyRoutine
-  - ZwUnmapViewOfSection
-  - ZwQuerySymbolicLinkObject
-  - MmProbeAndLockPages
-  - RtlVolumeDeviceToDosName
-  - PsSetLoadImageNotifyRoutine
-  - IoGetRequestorProcessId
-  - ZwReadFile
-  - ObQueryNameString
-  - ZwOpenThreadTokenEx
-  - ZwOpenProcessTokenEx
-  - towlower
-  - NtBuildNumber
-  - ExReleaseFastMutex
-  - _wcsicmp
-  - _snwprintf
-  - RtlConvertSidToUnicodeString
-  - ObfDereferenceObject
-  - IoAllocateMdl
-  - ZwCreateSection
-  - ZwQueryInformationProcess
-  - PsGetProcessId
-  - PsCreateSystemThread
-  - ZwQueryInformationThread
-  - RtlInitUnicodeString
-  - ZwOpenSymbolicLinkObject
-  - tolower
-  - PsRemoveCreateThreadNotifyRoutine
-  - IoDeleteDevice
-  - IoBuildDeviceIoControlRequest
-  - wcsncpy
-  - IoGetDeviceObjectPointer
-  - IoGetCurrentProcess
-  - ObOpenObjectByPointer
-  - strncpy
-  - KeReleaseSpinLock
-  - _strnicmp
-  - IoFileObjectType
-  - KeStackAttachProcess
-  - PsLookupProcessByProcessId
-  - PsGetCurrentProcessId
-  - KeSetEvent
-  - PsThreadType
-  - RtlUnicodeStringToAnsiString
-  - ZwQueryInformationToken
-  - ZwMapViewOfSection
-  - strncmp
-  - ObReferenceObjectByHandle
-  - RtlGetVersion
-  - PsGetThreadId
-  - PsGetVersion
-  - KeClearEvent
-  - IoGetBaseFileSystemDeviceObject
-  - wcschr
-  - ZwSetInformationFile
-  - ZwEnumerateKey
-  - IoFreeMdl
-  - wcsstr
-  - ExAcquireFastMutex
-  - MmGetSystemRoutineAddress
-  - IoFreeWorkItem
-  - _stricmp
-  - ExAllocatePoolWithTag
-  - RtlInitString
-  - IofCallDriver
-  - IoDeviceObjectType
-  - _snprintf
-  - ExFreePoolWithTag
-  - ZwOpenFile
-  - KeSetSystemAffinityThread
-  - strstr
-  - KeInitializeEvent
-  - ObReferenceObjectByName
-  - strchr
-  - _wcsnicmp
-  - KeQueryActiveProcessors
-  - RtlEqualSid
-  - IoQueueWorkItem
-  - MmUnmapLockedPages
-  - MmMapLockedPagesSpecifyCache
-  - PsSetCreateThreadNotifyRoutine
-  - PsGetCurrentThreadId
-  - IofCompleteRequest
-  - PsGetProcessWin32Process
-  - ExEventObjectType
-  - ZwQueryInformationFile
-  - KeWaitForSingleObject
-  - IoCreateSymbolicLink
-  - PsSetCreateProcessNotifyRoutine
-  - IoDriverObjectType
-  - PsLookupThreadByThreadId
-  - IoGetDeviceInterfaces
-  - ZwClose
-  - PsTerminateSystemThread
-  - wcsrchr
-  - strrchr
-  - SeExports
-  - KeUnstackDetachProcess
-  - KeResetEvent
-  - KeRevertToUserAffinityThread
-  - ZwOpenProcess
-  - wcsncmp
-  - ZwOpenKey
-  - PsGetThreadProcess
-  - IoDetachDevice
-  - IoAttachDeviceToDeviceStackSafe
-  - IoThreadToProcess
-  - PsInitialSystemProcess
-  - IoCreateDevice
-  - KeInsertQueueDpc
-  - KeNumberProcessors
-  - KeInitializeDpc
-  - KeSetTargetProcessorDpc
-  - PsProcessType
-  - MmMapIoSpace
-  - MmUnmapIoSpace
-  - ZwDeleteFile
-  - KeAttachProcess
-  - KeDetachProcess
-  - RtlCompareUnicodeString
-  - ZwWriteFile
-  - NtClose
-  - ObfReferenceObject
-  - IoBuildSynchronousFsdRequest
-  - ZwOpenThread
-  - ZwTerminateProcess
-  - RtlEqualUnicodeString
-  - IoFreeIrp
-  - ZwQueryDirectoryObject
-  - KeBugCheck
-  - ZwOpenDirectoryObject
-  - IoAllocateIrp
-  - KdDebuggerNotPresent
-  - ZwSetSecurityObject
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - RtlGetSaclSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - RtlLengthSecurityDescriptor
-  - RtlCreateSecurityDescriptor
-  - RtlAbsoluteToSelfRelativeSD
-  - RtlAddAccessAllowedAce
-  - RtlLengthSid
-  - IoIsWdmVersionAvailable
-  - RtlSetDaclSecurityDescriptor
-  - ZwSetValueKey
-  - ZwQueryValueKey
-  - ZwCreateKey
-  - RtlFreeUnicodeString
-  - KeBugCheckEx
-  - RtlQueryRegistryValues
-  - RtlPrefixUnicodeString
-  - ExRegisterCallback
-  - ExCreateCallback
-  - ExUnregisterCallback
-  - strcmp
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: C=US, ST=North Carolina, L=Newton, O=AVG Technologies USA, LLC, OU=RE
-        999, CN=AVG Technologies USA, LLC
-      ValidFrom: '2020-01-27 00:00:00'
-      ValidTo: '2022-10-20 12:00:00'
-      Signature: b02cbaf178caf97fa7c0182c25b4c97d4e68127e4d5634609757bcbc051eb94254bb50e112e72505e7f9c6dbd92622287bacbcd726fa911b3b3e36ccc88f8794e980c0b0409efc87fb04d88a15df20dedb23ced152779b799359e4d3b553eb4c6c6ea61216899a0d9cc97de7f7e21ce374d5430e2dcfbb3b6f653db2d236f59bb22bd65e0787a65610c4fde1463a5be08e4710fb4e1ae7c00080edb315995b06297431ce4a9821d1050aa7061ef26c182482d09ba42001ab103c882c01f312411130490aa7820ff72902e723a864b881066e2d7883afdb5ba9d3027550f6a3761669e42b425ad61f76e2add3dd012558bd769b76f8f37843243dfbd0a2efa363
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03ec0c9015079fab8a6f3fc9f839311c
-      Version: 3
-      TBS:
-        MD5: bf2831557abdf7e58917d0a2608080a5
-        SHA1: 24ece342e4c4f2f17f32e6924f48c240ad6300ff
-        SHA256: 1afa061865098b2da9d030bc9f5815ad98e59fa847903692e52d6ba0bbf260dd
-        SHA384: 0bed85528163e2befed14755c2dcaf02acea62bdf352d3f964cfeaa2883bebea3e186aa26ce12e4df1dfd6d235bf9bb6
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
-      Version: 3
-      TBS:
-        MD5: 829995f702421dea833a24fb2c7f4442
-        SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
-        SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
-        SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 03ec0c9015079fab8a6f3fc9f839311c
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      Version: 1
-  RichPEHeaderHash:
-    MD5: e8033ae063a3483aec0d2fa55081ff62
-    SHA1: fef047c18b115c601ddfd833e1cb5784ca1afbd7
-    SHA256: fe30a08a31a5f4687353c7b08444b72fb6402a51b0586f0ade667983f833c4a5
-  Sections:
-    .text:
-      Entropy: 6.379234008066875
-      Virtual Size: '0x21da2'
-    .rdata:
-      Entropy: 5.719682007707807
-      Virtual Size: '0x3b1c'
-    .data:
-      Entropy: 2.6876888382903856
-      Virtual Size: '0x259b0'
-    .pdata:
-      Entropy: 5.428586674221124
-      Virtual Size: '0x11dc'
-    PAGE:
-      Entropy: 6.274427019122509
-      Virtual Size: '0x1c4b'
-    INIT:
-      Entropy: 5.364309660201566
-      Virtual Size: '0x13dc'
-    .rsrc:
-      Entropy: 3.3651905689793145
-      Virtual Size: '0x3d8'
-    .reloc:
-      Entropy: 5.3833020583275815
-      Virtual Size: '0x188'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2020-07-23 06:09:55'
-  Imphash: 26150d69f50aa9247c3f3f17521d18a2
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: aswArPot.sys
-  MD5: 53bb10742e10991af4ad280fcb134151
-  SHA1: d6b1b3311263bfb170f2091d22f373c2215051b7
-  SHA256: 65008817eb97635826a8708a6411d7b50f762bab81304e457119d669382944c3
-  Authentihash:
-    MD5: 04a76d94db489fdaf72161aa467b2acb
-    SHA1: 57d45edbab6745991e54c3e50f768eb5714a76cd
-    SHA256: 9d736f624a306d6e2399778dd92ab7f4f7ab33c6ca0528657bc026214f990a4f
-  Description: Avast anti rootkit
-  Company: AVAST Software
-  InternalName: aswArPot.sys
-  OriginalFilename: aswArPot.sys
-  FileVersion: 19.5.4220.0
-  Product: 'Avast Antivirus '
-  ProductVersion: 19.5.4220.0
-  Copyright: Copyright (c) 2019 AVAST Software
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - wcschr
-  - MmUnmapLockedPages
-  - _stricmp
-  - _wcsicmp
-  - towlower
-  - _strnicmp
-  - ExAllocatePoolWithTag
-  - PsGetProcessWin32Process
-  - KeClearEvent
-  - RtlVolumeDeviceToDosName
-  - KeQueryActiveProcessors
-  - RtlConvertSidToUnicodeString
-  - IoBuildDeviceIoControlRequest
-  - ExFreePoolWithTag
-  - KeResetEvent
-  - ExReleaseFastMutex
-  - IoGetBaseFileSystemDeviceObject
-  - strncmp
-  - ZwOpenThreadTokenEx
-  - RtlAnsiStringToUnicodeString
-  - ExAcquireFastMutex
-  - PsSetLoadImageNotifyRoutine
-  - _snwprintf
-  - NtBuildNumber
-  - PsRemoveCreateThreadNotifyRoutine
-  - PsLookupProcessByProcessId
-  - ZwQuerySymbolicLinkObject
-  - _wcsnicmp
-  - ZwReadFile
-  - strstr
-  - ZwMapViewOfSection
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeSetEvent
-  - wcsncpy
-  - RtlEqualSid
-  - strchr
-  - IoFreeWorkItem
-  - MmGetSystemRoutineAddress
-  - KeInitializeEvent
-  - PsSetCreateThreadNotifyRoutine
-  - RtlUnicodeStringToAnsiString
-  - _snprintf
-  - RtlGetVersion
-  - ZwQuerySystemInformation
-  - RtlInitString
-  - KeReleaseSpinLock
-  - PsGetThreadId
-  - PsSetCreateProcessNotifyRoutine
-  - ZwOpenSymbolicLinkObject
-  - IoFreeMdl
-  - KeUnstackDetachProcess
-  - ZwOpenProcessTokenEx
-  - ZwSetInformationFile
-  - tolower
-  - KeDelayExecutionThread
-  - ObQueryNameString
-  - strncpy
-  - IoFileObjectType
-  - IoDriverObjectType
-  - wcsrchr
-  - wcsstr
-  - PsCreateSystemThread
-  - MmMapLockedPagesSpecifyCache
-  - IoGetDeviceObjectPointer
-  - ZwUnmapViewOfSection
-  - ExAllocatePool
-  - PsTerminateSystemThread
-  - IoGetCurrentProcess
-  - ExEventObjectType
-  - IoAllocateWorkItem
-  - ZwClose
-  - IofCompleteRequest
-  - PsGetThreadProcess
-  - ObReferenceObjectByHandle
-  - KeWaitForSingleObject
-  - PsRemoveLoadImageNotifyRoutine
-  - IoGetRequestorProcessId
-  - MmProbeAndLockPages
-  - PsGetVersion
-  - KeRevertToUserAffinityThread
-  - PsThreadType
-  - IoGetDeviceInterfaces
-  - ZwOpenProcess
-  - SeExports
-  - MmUnlockPages
-  - strrchr
-  - ZwQueryInformationProcess
-  - IoCreateSymbolicLink
-  - PsGetCurrentThreadId
-  - PsGetCurrentProcessId
-  - KeSetSystemAffinityThread
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - ZwCreateSection
-  - ObReferenceObjectByName
-  - IoQueueWorkItem
-  - IoDeviceObjectType
-  - ZwOpenFile
-  - wcsncmp
-  - ZwQueryInformationToken
-  - ZwQueryInformationFile
-  - ZwQueryInformationThread
-  - ObOpenObjectByPointer
-  - PsGetProcessId
-  - KeStackAttachProcess
-  - PsLookupThreadByThreadId
-  - ZwEnumerateKey
-  - IoAllocateMdl
-  - IofCallDriver
-  - ZwOpenKey
-  - KeAcquireSpinLockRaiseToDpc
-  - IoThreadToProcess
-  - IoAttachDeviceToDeviceStackSafe
-  - IoDetachDevice
-  - PsInitialSystemProcess
-  - IoCreateDevice
-  - PsProcessType
-  - MmUnmapIoSpace
-  - KeDetachProcess
-  - MmMapIoSpace
-  - KeAttachProcess
-  - ZwDeleteFile
-  - IoBuildSynchronousFsdRequest
-  - NtClose
-  - RtlCompareUnicodeString
-  - ObfReferenceObject
-  - ZwWriteFile
-  - ZwOpenThread
-  - ZwTerminateProcess
-  - RtlEqualUnicodeString
-  - ZwOpenDirectoryObject
-  - KeBugCheck
-  - ZwQueryDirectoryObject
-  - IoFreeIrp
-  - IoAllocateIrp
-  - KdDebuggerNotPresent
-  - KeSetTargetProcessorDpc
-  - KeInitializeDpc
-  - KeInsertQueueDpc
-  - KeNumberProcessors
-  - KeBugCheckEx
-  - ZwSetSecurityObject
-  - RtlLengthSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - RtlCreateSecurityDescriptor
-  - RtlSetDaclSecurityDescriptor
-  - RtlAbsoluteToSelfRelativeSD
-  - IoIsWdmVersionAvailable
-  - RtlLengthSid
-  - RtlAddAccessAllowedAce
-  - RtlGetSaclSecurityDescriptor
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - ZwCreateKey
-  - ZwQueryValueKey
-  - ZwSetValueKey
-  - RtlFreeUnicodeString
-  - RtlQueryRegistryValues
-  - RtlPrefixUnicodeString
-  - ExUnregisterCallback
-  - ExRegisterCallback
-  - ExCreateCallback
-  - __C_specific_handler
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=CZ, L=Praha 4, O=AVAST Software s.r.o., CN=AVAST Software s.r.o.
-      ValidFrom: '2016-09-06 00:00:00'
-      ValidTo: '2019-10-04 12:00:00'
-      Signature: 56220de8a9a65fffbff97ff463c4026ec9be68fe98bfa0b20a722df84322a44dbc98f25b87ee42da3a06a6cedef076de22e0d7e02d41201156875341cd24badedb8aa5afa133e9ed688fc45aeb37a74fbe399828143561fd717fa7bed97cb5d42643494462fef349f3300daff13660a9e50f85d1110de96d1300e0e730d2b6689fd53eb7a72f4f3112dffa2c1caf17cb64c22509d82b5ce1c2181c2faac22fce3981e683183d6da50d1c17dec375c370f5feb5abfbc6dca4cdd47a5b14375870de6dc346361d8997e79f19819f5168f9b01c9aacc210f2322248adc375a2782b64881c6a557677815c39b024555cc0adca920a617e0ecb385eb47213b1553c80
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 07c70f7cab145bc1ed385fbe69fa3130
-      Version: 3
-      TBS:
-        MD5: 2e1a5012cbe8b95785c794bc1c5584c3
-        SHA1: f4753b06b08938794c32c2475cee663143036d08
-        SHA256: fcad609a3259e3ca079248302a7e694f40e66a7090e510c8c3e821d7a8da82a5
-        SHA384: 08a8396996a9ecb96b22a85d6adf3f8b1117f3a880b1d4af12e4de8e8005897a7073d6d5368cb92f701f466ec227e2a6
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
-      Version: 3
-      TBS:
-        MD5: 829995f702421dea833a24fb2c7f4442
-        SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
-        SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
-        SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 07c70f7cab145bc1ed385fbe69fa3130
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 75b13c227d5208aed34b2687daf4ff12
-    SHA1: 74ea061adc0690a674274c70e479258dff68f6b5
-    SHA256: 89b1537c5094e9ccb980e1cbc109f742c686ac06078ce71c08767731dbafdc39
-  Sections:
-    .text:
-      Entropy: 6.3409113169982545
-      Virtual Size: '0x22b1c'
-    .rdata:
-      Entropy: 5.834805352276382
-      Virtual Size: '0x31ac'
-    .data:
-      Entropy: 2.1705229343232895
-      Virtual Size: '0x25c18'
-    .pdata:
-      Entropy: 5.371310934717328
-      Virtual Size: '0x1164'
-    PAGE:
-      Entropy: 6.238662007032819
-      Virtual Size: '0x19f7'
-    INIT:
-      Entropy: 5.296549178381908
-      Virtual Size: '0x13a2'
-    .rsrc:
-      Entropy: 3.3396388867302216
-      Virtual Size: '0x370'
-    .reloc:
-      Entropy: 2.762350280644424
-      Virtual Size: '0x4f4'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2019-04-30 05:59:06'
-  Imphash: 62dbb90b4be9282d52aff9ae1a101d6b
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: aswArPot.sys
-  MD5: 045ef7a39288ba1f4b8d6eca43def44f
-  SHA1: a0bf00e4ef2b1a79ccf2361c6b303688641ed94c
-  SHA256: 6e0aa67cfdbe27a059cbd066443337f81c5b6d37444d14792d1c765d9d122dcf
-  Authentihash:
-    MD5: ef1a7d935ae5e49c42d632f550e6f5e0
-    SHA1: a62c27dedfb91de6404e2358fdd14b67fdb43767
-    SHA256: 596c497e7e405ceb79ba0ba45f993125d88d50fc18867048d0c7a356ebd0c0ed
-  Description: AVG anti rootkit
-  Company: AVG Technologies CZ, s.r.o.
-  InternalName: aswArPot.sys
-  OriginalFilename: aswArPot.sys
-  FileVersion: 19.6.4235.0
-  Product: 'AVG Internet Security System '
-  ProductVersion: 19.6.4235.0
-  Copyright: Copyright (C) 2019 AVG Technologies CZ, s.r.o.
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - wcschr
-  - MmUnmapLockedPages
-  - _stricmp
-  - _wcsicmp
-  - towlower
-  - _strnicmp
-  - ExAllocatePoolWithTag
-  - PsGetProcessWin32Process
-  - KeClearEvent
-  - RtlVolumeDeviceToDosName
-  - KeQueryActiveProcessors
-  - RtlConvertSidToUnicodeString
-  - IoBuildDeviceIoControlRequest
-  - ExFreePoolWithTag
-  - KeResetEvent
-  - ExReleaseFastMutex
-  - IoGetBaseFileSystemDeviceObject
-  - strncmp
-  - ZwOpenThreadTokenEx
-  - RtlAnsiStringToUnicodeString
-  - ExAcquireFastMutex
-  - PsSetLoadImageNotifyRoutine
-  - _snwprintf
-  - NtBuildNumber
-  - PsRemoveCreateThreadNotifyRoutine
-  - PsLookupProcessByProcessId
-  - ZwQuerySymbolicLinkObject
-  - _wcsnicmp
-  - ZwReadFile
-  - strstr
-  - ZwMapViewOfSection
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeSetEvent
-  - wcsncpy
-  - RtlEqualSid
-  - strchr
-  - IoFreeWorkItem
-  - MmGetSystemRoutineAddress
-  - KeInitializeEvent
-  - PsSetCreateThreadNotifyRoutine
-  - RtlUnicodeStringToAnsiString
-  - _snprintf
-  - RtlGetVersion
-  - ZwQuerySystemInformation
-  - RtlInitString
-  - KeReleaseSpinLock
-  - PsGetThreadId
-  - PsSetCreateProcessNotifyRoutine
-  - ZwOpenSymbolicLinkObject
-  - IoFreeMdl
-  - KeUnstackDetachProcess
-  - ZwOpenProcessTokenEx
-  - ZwSetInformationFile
-  - tolower
-  - KeDelayExecutionThread
-  - ObQueryNameString
-  - strncpy
-  - IoFileObjectType
-  - IoDriverObjectType
-  - wcsrchr
-  - wcsstr
-  - PsCreateSystemThread
-  - MmMapLockedPagesSpecifyCache
-  - IoGetDeviceObjectPointer
-  - ZwUnmapViewOfSection
-  - ExAllocatePool
-  - PsTerminateSystemThread
-  - IoGetCurrentProcess
-  - ExEventObjectType
-  - IoAllocateWorkItem
-  - ZwClose
-  - IofCompleteRequest
-  - PsGetThreadProcess
-  - ObReferenceObjectByHandle
-  - KeWaitForSingleObject
-  - PsRemoveLoadImageNotifyRoutine
-  - IoGetRequestorProcessId
-  - MmProbeAndLockPages
-  - PsGetVersion
-  - KeRevertToUserAffinityThread
-  - PsThreadType
-  - IoGetDeviceInterfaces
-  - ZwOpenProcess
-  - SeExports
-  - MmUnlockPages
-  - strrchr
-  - ZwQueryInformationProcess
-  - IoCreateSymbolicLink
-  - PsGetCurrentThreadId
-  - PsGetCurrentProcessId
-  - KeSetSystemAffinityThread
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - ZwCreateSection
-  - ObReferenceObjectByName
-  - IoQueueWorkItem
-  - IoDeviceObjectType
-  - ZwOpenFile
-  - wcsncmp
-  - ZwQueryInformationToken
-  - ZwQueryInformationFile
-  - ZwQueryInformationThread
-  - ObOpenObjectByPointer
-  - PsGetProcessId
-  - KeStackAttachProcess
-  - PsLookupThreadByThreadId
-  - ZwEnumerateKey
-  - IoAllocateMdl
-  - IofCallDriver
-  - ZwOpenKey
-  - KeAcquireSpinLockRaiseToDpc
-  - IoThreadToProcess
-  - IoAttachDeviceToDeviceStackSafe
-  - IoDetachDevice
-  - PsInitialSystemProcess
-  - IoCreateDevice
-  - PsProcessType
-  - MmUnmapIoSpace
-  - KeDetachProcess
-  - MmMapIoSpace
-  - KeAttachProcess
-  - ZwDeleteFile
-  - IoBuildSynchronousFsdRequest
-  - NtClose
-  - RtlCompareUnicodeString
-  - ObfReferenceObject
-  - ZwWriteFile
-  - ZwOpenThread
-  - ZwTerminateProcess
-  - RtlEqualUnicodeString
-  - ZwOpenDirectoryObject
-  - KeBugCheck
-  - ZwQueryDirectoryObject
-  - IoFreeIrp
-  - IoAllocateIrp
-  - KdDebuggerNotPresent
-  - KeSetTargetProcessorDpc
-  - KeInitializeDpc
-  - KeInsertQueueDpc
-  - KeNumberProcessors
-  - KeBugCheckEx
-  - ZwSetSecurityObject
-  - RtlLengthSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - RtlCreateSecurityDescriptor
-  - RtlSetDaclSecurityDescriptor
-  - RtlAbsoluteToSelfRelativeSD
-  - IoIsWdmVersionAvailable
-  - RtlLengthSid
-  - RtlAddAccessAllowedAce
-  - RtlGetSaclSecurityDescriptor
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - ZwCreateKey
-  - ZwQueryValueKey
-  - ZwSetValueKey
-  - RtlFreeUnicodeString
-  - RtlQueryRegistryValues
-  - RtlPrefixUnicodeString
-  - ExUnregisterCallback
-  - ExRegisterCallback
-  - ExCreateCallback
-  - __C_specific_handler
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root
-        CA
-      ValidFrom: '2011-04-15 19:41:37'
-      ValidTo: '2021-04-15 19:51:37'
-      Signature: 5cf5b22d02ceed01b53512d813f7aa4014c7a15ca08a55ed7e55ea6ac457176fd04722423658efc5ac61c5f62c52ce6ae6c80d85dab334420ea40225182672b92a4ea57e4b16f2a0e40c449ce24d9af474f0f927a6699031c244654348c74869d0fc8409f286140ac22996857f11eb8713176ed3ec6bff1d578ab17b1ea5a07ce9a27a68e5fac6b161d67263fa379163835599f81d614f0c6fa3f7bcb1152acc8d85e31417ef7e49443fb022c0f0acbe2fdbe10c86b0f4585c5a10a94bcdf3448a4652083e0a6210e9459504b78b8d4b074f500db7bbe7fb8ca27878c6c53b7663b2cfe521845a66fce04c79834ecfa8ee700586587cc29cd73ca3ad3c7e76625c87d0ed7cd5c55b1421f4be75a275d2e9e15ad020307841624d6b5e6e1b1710244ad8588775d015d762bbfd185665842561977faad49df4f35d6da031c2e19e02ac3e90c3327ee832903416d08b14cf95accee58c54a265b8bfed186a57073ed3e79a4a2f081a041c49871a8ae61b08a365d81c31c50d9cbab368ddf45076160675fec403e7d13edfdc862e10027e661296534e7af3365879b12042d8963f35be3f8ef2999743f5e40ce13c68728c8d49d75a52b573fb7a35943a61b08482c04885c19732d39b725fa0d2348f7ef0467cf28c7294c707b0d7b5b230b81965f09c8327b0a0abd0a2727e050fb3aeddb95b9b42bcc32663456b86f11d4643edc8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611cb28a000000000026
-      Version: 3
-      TBS:
-        MD5: 983a0c315a50542362f2bd6a5d71c8d0
-        SHA1: 8047f476001f5cb16a661d2a3fd0c3576168f5e2
-        SHA256: 5f6a519ed2e35cd0fa1cdfc90f4387162c36287bbf9e4d6648251d99542a9e83
-        SHA384: 5f014b60511ddab3247ef0b3c03fe82c622237ba76015e2911d1adc50dc632d56ebd1ee532f3c2b6cbfe68d80a2c91dc
-    - Subject: C=US, ST=North Carolina, L=Newton, O=AVG Technologies USA, Inc., OU=Release
-        Engineering, CN=AVG Technologies USA, Inc.
-      ValidFrom: '2018-01-30 00:00:00'
-      ValidTo: '2021-01-22 12:00:00'
-      Signature: 64a3846966f4f2a1ffd87657c43ac13664775a70d059fd4447ee6588de3e0bf2b1a228291c0a01222cab6b4bbbcaabb94662396476d5525c952e7fd0048588028be1ba1c55c1ac200b523e7234ded93661acf83becee39c27823e22ec23d4ff8266eea3241ed9fbfd6bba155c7c39ed31db5e810dd7ea0858b0a2e9b824f23b9002f04e35375d54e5237f575e221914fd6a11590fdac7bc2ee5d66eb08e3c560414f6144111bef12350d70d9bdc513fb8d2407de5f1c7cca824feb4fb2a51057c2609f8d6419078879d64840ed870385d645f08f022a306ba5309883eacf4967dbbeb36961c73f2ed047d6cf85d2c3ee86c9913e8374be078155a4ffa36d9fa8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0557955e02a6b53dd1d574ede15f310e
-      Version: 3
-      TBS:
-        MD5: f9b558280379fbd2ac831a9850ec9c0e
-        SHA1: c22448dd1388c2011166e2a203fe984bd702f355
-        SHA256: c2f472e92e35af2565c8973f388a3602f43929f9e41befa85cdeff4446c5b9fe
-        SHA384: 5ee6139861e1ad7af4f34277455f9239b9ae156de69550c1f6b567afa2038498f9edb2464632655aac52899243ff84b3
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code
-        Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 7b721d64ff88c83ac1b7e9e7a9c487bbdb9492d7905933fa2b87dea85b80253f138f9b831b7c43c4e68cdf393ec315ecb0da3b21257b24c1725db84791811346fa9c3f6a5138deb425cbf0abdfc528015479104624d1380f26a161904dbabd28e63ff1c4aa9bf6da35534fc9f23dd36cdc23edaaa04d6709f33a803d3cfb364c90e776a4ddf23abf56352fa24c65e8e0d4dad1c7c8916a2d234f373b199418d4d59c103cd5b11c19ff8fc86b9b9ef8ae9c999678d1cd9c51155b4226725a8d0a4a239240e886de22c2933ad49b68a6df297f06b93c0ebd9fc4869c82474271328609997209794b9d7169f541ff7f397764f1848dbe8b1eb27d68a3a590b10cff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0fa8490615d700a0be2176fdc5ec6dbd
-      Version: 3
-      TBS:
-        MD5: a9a31555bbc92b6033975c5428fb3679
-        SHA1: 47f4b9898631773231b32844ec0d49990ac4eb1e
-        SHA256: c826846e4b1d73edb7561ab1b41c949354e237a91e82fe1be5b7e2e1701f52d1
-        SHA384: 86f49574f368a561914a52d7ae043ec6784ef8c718960700f834e123594605d25d39f1ad45f1eb5052c9567f3edd0e16
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 0557955e02a6b53dd1d574ede15f310e
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code
-        Signing CA,1
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 75b13c227d5208aed34b2687daf4ff12
-    SHA1: 74ea061adc0690a674274c70e479258dff68f6b5
-    SHA256: 89b1537c5094e9ccb980e1cbc109f742c686ac06078ce71c08767731dbafdc39
-  Sections:
-    .text:
-      Entropy: 6.341103308256492
-      Virtual Size: '0x2310c'
-    .rdata:
-      Entropy: 5.8413606495183
-      Virtual Size: '0x31dc'
-    .data:
-      Entropy: 2.2061947011638425
-      Virtual Size: '0x25ca0'
-    .pdata:
-      Entropy: 5.3358417678886365
-      Virtual Size: '0x117c'
-    PAGE:
-      Entropy: 6.229567095788267
-      Virtual Size: '0x19f7'
-    INIT:
-      Entropy: 5.291965916480469
-      Virtual Size: '0x13a2'
-    .rsrc:
-      Entropy: 3.408737085567052
-      Virtual Size: '0x3b8'
-    .reloc:
-      Entropy: 2.843075596963878
-      Virtual Size: '0x516'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2019-06-19 22:05:36'
-  Imphash: 62dbb90b4be9282d52aff9ae1a101d6b
-  LoadsDespiteHVCI: 'TRUE'
-- Filename: aswArPot.sys
-  MD5: 11dc5523bb559f8d2ce637f6a2b70dea
-  SHA1: 0edf51a0fac3b90f6961c2b20bbaeb4ccfc1ea84
-  SHA256: 6fb5bc9c51f6872de116c7db8a2134461743908efc306373f6de59a0646c4f5d
-  Authentihash:
-    MD5: 0b253942e96233f5999ffea9ac6cc07a
-    SHA1: 12079ccb38494c101d23667282452f87845868eb
-    SHA256: 03a54ad77fc453c9889e170a811d232a305d46fb7f59582d3f1cb234598507a1
-  Description: AVG anti rootkit
-  Company: AVG Technologies CZ, s.r.o.
-  InternalName: aswArPot.sys
-  OriginalFilename: aswArPot.sys
-  FileVersion: 19.5.4220.0
-  Product: 'AVG Internet Security System '
-  ProductVersion: 19.5.4220.0
-  Copyright: Copyright (C) 2019 AVG Technologies CZ, s.r.o.
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - wcschr
-  - MmUnmapLockedPages
-  - _stricmp
-  - _wcsicmp
-  - towlower
-  - _strnicmp
-  - ExAllocatePoolWithTag
-  - PsGetProcessWin32Process
-  - KeClearEvent
-  - RtlVolumeDeviceToDosName
-  - KeQueryActiveProcessors
-  - RtlConvertSidToUnicodeString
-  - IoBuildDeviceIoControlRequest
-  - ExFreePoolWithTag
-  - KeResetEvent
-  - ExReleaseFastMutex
-  - IoGetBaseFileSystemDeviceObject
-  - strncmp
-  - ZwOpenThreadTokenEx
-  - RtlAnsiStringToUnicodeString
-  - ExAcquireFastMutex
-  - PsSetLoadImageNotifyRoutine
-  - _snwprintf
-  - NtBuildNumber
-  - PsRemoveCreateThreadNotifyRoutine
-  - PsLookupProcessByProcessId
-  - ZwQuerySymbolicLinkObject
-  - _wcsnicmp
-  - ZwReadFile
-  - strstr
-  - ZwMapViewOfSection
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeSetEvent
-  - wcsncpy
-  - RtlEqualSid
-  - strchr
-  - IoFreeWorkItem
-  - MmGetSystemRoutineAddress
-  - KeInitializeEvent
-  - PsSetCreateThreadNotifyRoutine
-  - RtlUnicodeStringToAnsiString
-  - _snprintf
-  - RtlGetVersion
-  - ZwQuerySystemInformation
-  - RtlInitString
-  - KeReleaseSpinLock
-  - PsGetThreadId
-  - PsSetCreateProcessNotifyRoutine
-  - ZwOpenSymbolicLinkObject
-  - IoFreeMdl
-  - KeUnstackDetachProcess
-  - ZwOpenProcessTokenEx
-  - ZwSetInformationFile
-  - tolower
-  - KeDelayExecutionThread
-  - ObQueryNameString
-  - strncpy
-  - IoFileObjectType
-  - IoDriverObjectType
-  - wcsrchr
-  - wcsstr
-  - PsCreateSystemThread
-  - MmMapLockedPagesSpecifyCache
-  - IoGetDeviceObjectPointer
-  - ZwUnmapViewOfSection
-  - ExAllocatePool
-  - PsTerminateSystemThread
-  - IoGetCurrentProcess
-  - ExEventObjectType
-  - IoAllocateWorkItem
-  - ZwClose
-  - IofCompleteRequest
-  - PsGetThreadProcess
-  - ObReferenceObjectByHandle
-  - KeWaitForSingleObject
-  - PsRemoveLoadImageNotifyRoutine
-  - IoGetRequestorProcessId
-  - MmProbeAndLockPages
-  - PsGetVersion
-  - KeRevertToUserAffinityThread
-  - PsThreadType
-  - IoGetDeviceInterfaces
-  - ZwOpenProcess
-  - SeExports
-  - MmUnlockPages
-  - strrchr
-  - ZwQueryInformationProcess
-  - IoCreateSymbolicLink
-  - PsGetCurrentThreadId
-  - PsGetCurrentProcessId
-  - KeSetSystemAffinityThread
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - ZwCreateSection
-  - ObReferenceObjectByName
-  - IoQueueWorkItem
-  - IoDeviceObjectType
-  - ZwOpenFile
-  - wcsncmp
-  - ZwQueryInformationToken
-  - ZwQueryInformationFile
-  - ZwQueryInformationThread
-  - ObOpenObjectByPointer
-  - PsGetProcessId
-  - KeStackAttachProcess
-  - PsLookupThreadByThreadId
-  - ZwEnumerateKey
-  - IoAllocateMdl
-  - IofCallDriver
-  - ZwOpenKey
-  - KeAcquireSpinLockRaiseToDpc
-  - IoThreadToProcess
-  - IoAttachDeviceToDeviceStackSafe
-  - IoDetachDevice
-  - PsInitialSystemProcess
-  - IoCreateDevice
-  - PsProcessType
-  - MmUnmapIoSpace
-  - KeDetachProcess
-  - MmMapIoSpace
-  - KeAttachProcess
-  - ZwDeleteFile
-  - IoBuildSynchronousFsdRequest
-  - NtClose
-  - RtlCompareUnicodeString
-  - ObfReferenceObject
-  - ZwWriteFile
-  - ZwOpenThread
-  - ZwTerminateProcess
-  - RtlEqualUnicodeString
-  - ZwOpenDirectoryObject
-  - KeBugCheck
-  - ZwQueryDirectoryObject
-  - IoFreeIrp
-  - IoAllocateIrp
-  - KdDebuggerNotPresent
-  - KeSetTargetProcessorDpc
-  - KeInitializeDpc
-  - KeInsertQueueDpc
-  - KeNumberProcessors
-  - KeBugCheckEx
-  - ZwSetSecurityObject
-  - RtlLengthSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - RtlCreateSecurityDescriptor
-  - RtlSetDaclSecurityDescriptor
-  - RtlAbsoluteToSelfRelativeSD
-  - IoIsWdmVersionAvailable
-  - RtlLengthSid
-  - RtlAddAccessAllowedAce
-  - RtlGetSaclSecurityDescriptor
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - ZwCreateKey
-  - ZwQueryValueKey
-  - ZwSetValueKey
-  - RtlFreeUnicodeString
-  - RtlQueryRegistryValues
-  - RtlPrefixUnicodeString
-  - ExUnregisterCallback
-  - ExRegisterCallback
-  - ExCreateCallback
-  - __C_specific_handler
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root
-        CA
-      ValidFrom: '2011-04-15 19:41:37'
-      ValidTo: '2021-04-15 19:51:37'
-      Signature: 5cf5b22d02ceed01b53512d813f7aa4014c7a15ca08a55ed7e55ea6ac457176fd04722423658efc5ac61c5f62c52ce6ae6c80d85dab334420ea40225182672b92a4ea57e4b16f2a0e40c449ce24d9af474f0f927a6699031c244654348c74869d0fc8409f286140ac22996857f11eb8713176ed3ec6bff1d578ab17b1ea5a07ce9a27a68e5fac6b161d67263fa379163835599f81d614f0c6fa3f7bcb1152acc8d85e31417ef7e49443fb022c0f0acbe2fdbe10c86b0f4585c5a10a94bcdf3448a4652083e0a6210e9459504b78b8d4b074f500db7bbe7fb8ca27878c6c53b7663b2cfe521845a66fce04c79834ecfa8ee700586587cc29cd73ca3ad3c7e76625c87d0ed7cd5c55b1421f4be75a275d2e9e15ad020307841624d6b5e6e1b1710244ad8588775d015d762bbfd185665842561977faad49df4f35d6da031c2e19e02ac3e90c3327ee832903416d08b14cf95accee58c54a265b8bfed186a57073ed3e79a4a2f081a041c49871a8ae61b08a365d81c31c50d9cbab368ddf45076160675fec403e7d13edfdc862e10027e661296534e7af3365879b12042d8963f35be3f8ef2999743f5e40ce13c68728c8d49d75a52b573fb7a35943a61b08482c04885c19732d39b725fa0d2348f7ef0467cf28c7294c707b0d7b5b230b81965f09c8327b0a0abd0a2727e050fb3aeddb95b9b42bcc32663456b86f11d4643edc8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611cb28a000000000026
-      Version: 3
-      TBS:
-        MD5: 983a0c315a50542362f2bd6a5d71c8d0
-        SHA1: 8047f476001f5cb16a661d2a3fd0c3576168f5e2
-        SHA256: 5f6a519ed2e35cd0fa1cdfc90f4387162c36287bbf9e4d6648251d99542a9e83
-        SHA384: 5f014b60511ddab3247ef0b3c03fe82c622237ba76015e2911d1adc50dc632d56ebd1ee532f3c2b6cbfe68d80a2c91dc
-    - Subject: C=US, ST=North Carolina, L=Newton, O=AVG Technologies USA, Inc., OU=Release
-        Engineering, CN=AVG Technologies USA, Inc.
-      ValidFrom: '2018-01-30 00:00:00'
-      ValidTo: '2021-01-22 12:00:00'
-      Signature: 64a3846966f4f2a1ffd87657c43ac13664775a70d059fd4447ee6588de3e0bf2b1a228291c0a01222cab6b4bbbcaabb94662396476d5525c952e7fd0048588028be1ba1c55c1ac200b523e7234ded93661acf83becee39c27823e22ec23d4ff8266eea3241ed9fbfd6bba155c7c39ed31db5e810dd7ea0858b0a2e9b824f23b9002f04e35375d54e5237f575e221914fd6a11590fdac7bc2ee5d66eb08e3c560414f6144111bef12350d70d9bdc513fb8d2407de5f1c7cca824feb4fb2a51057c2609f8d6419078879d64840ed870385d645f08f022a306ba5309883eacf4967dbbeb36961c73f2ed047d6cf85d2c3ee86c9913e8374be078155a4ffa36d9fa8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0557955e02a6b53dd1d574ede15f310e
-      Version: 3
-      TBS:
-        MD5: f9b558280379fbd2ac831a9850ec9c0e
-        SHA1: c22448dd1388c2011166e2a203fe984bd702f355
-        SHA256: c2f472e92e35af2565c8973f388a3602f43929f9e41befa85cdeff4446c5b9fe
-        SHA384: 5ee6139861e1ad7af4f34277455f9239b9ae156de69550c1f6b567afa2038498f9edb2464632655aac52899243ff84b3
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code
-        Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 7b721d64ff88c83ac1b7e9e7a9c487bbdb9492d7905933fa2b87dea85b80253f138f9b831b7c43c4e68cdf393ec315ecb0da3b21257b24c1725db84791811346fa9c3f6a5138deb425cbf0abdfc528015479104624d1380f26a161904dbabd28e63ff1c4aa9bf6da35534fc9f23dd36cdc23edaaa04d6709f33a803d3cfb364c90e776a4ddf23abf56352fa24c65e8e0d4dad1c7c8916a2d234f373b199418d4d59c103cd5b11c19ff8fc86b9b9ef8ae9c999678d1cd9c51155b4226725a8d0a4a239240e886de22c2933ad49b68a6df297f06b93c0ebd9fc4869c82474271328609997209794b9d7169f541ff7f397764f1848dbe8b1eb27d68a3a590b10cff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0fa8490615d700a0be2176fdc5ec6dbd
-      Version: 3
-      TBS:
-        MD5: a9a31555bbc92b6033975c5428fb3679
-        SHA1: 47f4b9898631773231b32844ec0d49990ac4eb1e
-        SHA256: c826846e4b1d73edb7561ab1b41c949354e237a91e82fe1be5b7e2e1701f52d1
-        SHA384: 86f49574f368a561914a52d7ae043ec6784ef8c718960700f834e123594605d25d39f1ad45f1eb5052c9567f3edd0e16
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 0557955e02a6b53dd1d574ede15f310e
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code
-        Signing CA,1
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 75b13c227d5208aed34b2687daf4ff12
-    SHA1: 74ea061adc0690a674274c70e479258dff68f6b5
-    SHA256: 89b1537c5094e9ccb980e1cbc109f742c686ac06078ce71c08767731dbafdc39
-  Sections:
-    .text:
-      Entropy: 6.3409113169982545
-      Virtual Size: '0x22b1c'
-    .rdata:
-      Entropy: 5.8340852321207475
-      Virtual Size: '0x31ac'
-    .data:
-      Entropy: 2.1705229343232895
-      Virtual Size: '0x25c18'
-    .pdata:
-      Entropy: 5.371310934717328
-      Virtual Size: '0x1164'
-    PAGE:
-      Entropy: 6.238662007032819
-      Virtual Size: '0x19f7'
-    INIT:
-      Entropy: 5.296549178381908
-      Virtual Size: '0x13a2'
-    .rsrc:
-      Entropy: 3.3969521265871427
-      Virtual Size: '0x3b8'
-    .reloc:
-      Entropy: 2.762350280644424
-      Virtual Size: '0x4f4'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2019-04-30 06:00:34'
-  Imphash: 62dbb90b4be9282d52aff9ae1a101d6b
-  LoadsDespiteHVCI: 'TRUE'
-- Filename: aswArPot.sys
-  MD5: 9f3b5de6fe46429bed794813c6ae8421
-  SHA1: 5236728c7562b047a9371403137a6e169e2026a6
-  SHA256: 7ad0ab23023bc500c3b46f414a8b363c5f8700861bc4745cecc14dd34bcee9ed
-  Authentihash:
-    MD5: e4d36098f543d3e4d5bbe1bd50cc42cd
-    SHA1: e51d18476af7dd376eaaedf2a3533b6fbdab95c0
-    SHA256: c13745de817eb38a092524cd3dae805c8fbde967e635e485243782db955508cc
-  Description: Avast Anti Rootkit
-  Company: AVAST Software
-  InternalName: aswArPot
-  OriginalFilename: aswArPot.sys
-  FileVersion: 20.4.83.0
-  Product: 'Avast Antivirus '
-  ProductVersion: 20.4.83.0
-  Copyright: Copyright (c) 2020 AVAST Software
-  MachineType: I386
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - ZwQuerySymbolicLinkObject
-  - MmProbeAndLockPages
-  - RtlVolumeDeviceToDosName
-  - PsSetLoadImageNotifyRoutine
-  - IoGetRequestorProcessId
-  - ZwReadFile
-  - ObQueryNameString
-  - ZwOpenThreadTokenEx
-  - ZwOpenProcessTokenEx
-  - towlower
-  - NtBuildNumber
-  - _wcsicmp
-  - KeGetCurrentThread
-  - _snwprintf
-  - RtlConvertSidToUnicodeString
-  - ObfDereferenceObject
-  - IoAllocateMdl
-  - ZwCreateSection
-  - ZwQueryInformationProcess
-  - PsGetProcessId
-  - PsCreateSystemThread
-  - ZwQueryInformationThread
-  - RtlInitUnicodeString
-  - ZwOpenSymbolicLinkObject
-  - PsRemoveCreateThreadNotifyRoutine
-  - IoDeleteDevice
-  - wcsncpy
-  - IoGetDeviceObjectPointer
-  - IoGetCurrentProcess
-  - ObOpenObjectByPointer
-  - strncpy
-  - _strnicmp
-  - IoFileObjectType
-  - KeStackAttachProcess
-  - PsLookupProcessByProcessId
-  - PsGetCurrentProcessId
-  - KeSetEvent
-  - PsThreadType
-  - RtlUnicodeStringToAnsiString
-  - ZwQueryInformationToken
-  - ZwMapViewOfSection
-  - strncmp
-  - ObReferenceObjectByHandle
-  - PsGetThreadId
-  - PsGetVersion
-  - KeClearEvent
-  - IoGetBaseFileSystemDeviceObject
-  - wcschr
-  - ZwSetInformationFile
-  - ZwEnumerateKey
-  - IoFreeMdl
-  - wcsstr
-  - MmGetSystemRoutineAddress
-  - IoFreeWorkItem
-  - _stricmp
-  - ExAllocatePoolWithTag
-  - RtlInitString
-  - IofCallDriver
-  - KeQuerySystemTime
-  - IoDeviceObjectType
-  - _snprintf
-  - ExFreePoolWithTag
-  - ZwOpenFile
-  - KeSetSystemAffinityThread
-  - strstr
-  - KeInitializeEvent
-  - ObReferenceObjectByName
-  - strchr
-  - _wcsnicmp
-  - KeQueryActiveProcessors
-  - RtlEqualSid
-  - IoQueueWorkItem
-  - MmUnmapLockedPages
-  - MmMapLockedPagesSpecifyCache
-  - PsSetCreateThreadNotifyRoutine
-  - ZwUnmapViewOfSection
-  - IofCompleteRequest
-  - PsGetProcessWin32Process
-  - ExEventObjectType
-  - ZwQueryInformationFile
-  - KeWaitForSingleObject
-  - IoCreateSymbolicLink
-  - PsSetCreateProcessNotifyRoutine
-  - IoDriverObjectType
-  - PsLookupThreadByThreadId
-  - IoGetDeviceInterfaces
-  - ZwClose
-  - PsTerminateSystemThread
-  - wcsrchr
-  - strrchr
-  - SeExports
-  - KeUnstackDetachProcess
-  - KeResetEvent
-  - KeRevertToUserAffinityThread
-  - ZwOpenProcess
-  - wcsncmp
-  - ZwOpenKey
-  - PsGetThreadProcess
-  - IoDetachDevice
-  - IoAttachDeviceToDeviceStackSafe
-  - IoThreadToProcess
-  - PsInitialSystemProcess
-  - IoCreateDevice
-  - KeInsertQueueDpc
-  - KeNumberProcessors
-  - KeInitializeDpc
-  - IoBuildDeviceIoControlRequest
-  - KeSetTargetProcessorDpc
-  - PsProcessType
-  - MmMapIoSpace
-  - MmUnmapIoSpace
-  - ZwDeleteFile
-  - KeAttachProcess
-  - KeDetachProcess
-  - RtlCompareUnicodeString
-  - KeBugCheckEx
-  - ZwWriteFile
-  - NtClose
-  - ObfReferenceObject
-  - IoBuildSynchronousFsdRequest
-  - ZwOpenThread
-  - ZwTerminateProcess
-  - RtlEqualUnicodeString
-  - IoFreeIrp
-  - ZwQueryDirectoryObject
-  - KeBugCheck
-  - ZwOpenDirectoryObject
-  - IoAllocateIrp
-  - RtlUnwind
-  - ZwSetSecurityObject
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - RtlGetSaclSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - RtlLengthSecurityDescriptor
-  - RtlCreateSecurityDescriptor
-  - RtlAbsoluteToSelfRelativeSD
-  - RtlAddAccessAllowedAce
-  - RtlLengthSid
-  - IoIsWdmVersionAvailable
-  - RtlSetDaclSecurityDescriptor
-  - memcpy
-  - memset
-  - ZwSetValueKey
-  - ZwQueryValueKey
-  - ZwCreateKey
-  - RtlFreeUnicodeString
-  - PsRemoveLoadImageNotifyRoutine
-  - ZwQuerySystemInformation
-  - RtlAnsiStringToUnicodeString
-  - ExAllocatePool
-  - MmUnlockPages
-  - MmIsAddressValid
-  - IoAllocateWorkItem
-  - PsGetCurrentThreadId
-  - KeDelayExecutionThread
-  - RtlQueryRegistryValues
-  - RtlPrefixUnicodeString
-  - ExRegisterCallback
-  - ExCreateCallback
-  - ExUnregisterCallback
-  - KfLowerIrql
-  - ExAcquireFastMutex
-  - KfAcquireSpinLock
-  - KfReleaseSpinLock
-  - ExReleaseFastMutex
-  - KeGetCurrentIrql
-  - KeRaiseIrqlToDpcLevel
-  - KfRaiseIrql
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=CZ, L=Praha, O=Avast Software s.r.o., OU=RE 999, CN=Avast Software
-        s.r.o.
-      ValidFrom: '2019-12-02 00:00:00'
-      ValidTo: '2022-10-19 12:00:00'
-      Signature: 874d04f17ffc50e66100207e56ecc8ae7e81c1957a7600295ead9db28842c7c05e06e8e28ccfc1e9d45d7a55d6d4a2fb74d72600a79ef5bfa53acaa4f3a4fcaf90a2554fc37742dd44c83a90880f948f5538637c0d999b03ebbf20cc001293a5639d44ad950cacfce2a337f7a24b817a5b85df89f6acf49974adee1d867373e6534a3f3558e59f87d06afe5744ec575b66c76110a595471007b209c591984f0ff20ea4c87ac405c85f42f0b105b04ec2ced11ca9cfb6aef21a3c6ae9ccd2a9cb4a9f78244751b15bfccb32ec3a52d44258bad6fc6d9f24c24700e9e1c4c0c29b9db4683c526a92934d72367620c6a89119e7a678597d7603c62b1c22f54edfad
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03f02aca051d1c9330eeabd3706e836f
-      Version: 3
-      TBS:
-        MD5: f251d9cde0901fb67831855b4a592b51
-        SHA1: cd0ac068faea4b875ded287512f20b6ba8dcb457
-        SHA256: 247e040822854e1a4cbc3488782a9e96db6bffa9bdfe36406a46e3f88695d423
-        SHA384: c6a765c300f3ee36604e9c51a9fcd18071b0cd0bd15b3ad69350f04a0b1b5ef7b71556af698a1e8988bf91cd8b2a6104
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
-      Version: 3
-      TBS:
-        MD5: 829995f702421dea833a24fb2c7f4442
-        SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
-        SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
-        SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 03f02aca051d1c9330eeabd3706e836f
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 6f0b02025c12b8e1130f9d4e2a7eef19
-    SHA1: 9598ea9769e18149497654ec5d20bfc585e43bfd
-    SHA256: 2cbb75695a831c017d18fd2c0446a087ce3f11c1333658a42e84d1384a738a4b
-  Sections:
-    .text:
-      Entropy: 6.623425654457183
-      Virtual Size: '0x1ad28'
-    .rwtext:
-      Entropy: 1.7680585101783894
-      Virtual Size: '0x53'
-    .rdata:
-      Entropy: 5.431578192019503
-      Virtual Size: '0x2e84'
-    .data:
-      Entropy: 2.41175775559541
-      Virtual Size: '0x14b40'
-    PAGE:
-      Entropy: 6.254456324275546
-      Virtual Size: '0x1736'
-    INIT:
-      Entropy: 5.657616760317337
-      Virtual Size: '0x115c'
-    .rsrc:
-      Entropy: 3.274916775969081
-      Virtual Size: '0x390'
-    .reloc:
-      Entropy: 6.759752170608124
-      Virtual Size: '0x227c'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2020-06-01 01:48:04'
-  Imphash: 49a12b06131d938e9dc40c693b88ba7f
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: aswArPot.sys
-  MD5: f0aeb731d83f7ab6008c92c97faf6233
-  SHA1: aaffdc89befa42e375f822366bbded8c245baf94
-  SHA256: 7d43769b353d63093228a59eb19bba87ce6b552d7e1a99bf34a54eee641aa0ea
-  Authentihash:
-    MD5: 444a4760f447dafc01a359829e17dcab
-    SHA1: 83f7c19b66f53302e371d9f0987fc4adc37b1e46
-    SHA256: c8b5fddf52551259d7d936283aa4fdc4579c5e4b030a11267496cdbdc143e15b
-  Description: AVG anti rootkit
-  Company: AVG Technologies CZ, s.r.o.
-  InternalName: aswArPot.sys
-  OriginalFilename: aswArPot.sys
-  FileVersion: 17.9.3761.0
-  Product: 'AVG Internet Security System '
-  ProductVersion: 17.9.3761.0
-  Copyright: Copyright (C) 2014 AVG Technologies CZ, s.r.o.
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - wcschr
-  - MmUnmapLockedPages
-  - _stricmp
-  - _wcsicmp
-  - towlower
-  - _strnicmp
-  - ExAllocatePoolWithTag
-  - PsGetProcessWin32Process
-  - KeClearEvent
-  - RtlVolumeDeviceToDosName
-  - KeQueryActiveProcessors
-  - RtlConvertSidToUnicodeString
-  - ExFreePoolWithTag
-  - KeResetEvent
-  - ExReleaseFastMutex
-  - IoGetBaseFileSystemDeviceObject
-  - strncmp
-  - ZwOpenThreadTokenEx
-  - RtlAnsiStringToUnicodeString
-  - ExAcquireFastMutex
-  - PsSetLoadImageNotifyRoutine
-  - _snwprintf
-  - NtBuildNumber
-  - PsRemoveCreateThreadNotifyRoutine
-  - PsLookupProcessByProcessId
-  - ZwQuerySymbolicLinkObject
-  - _wcsnicmp
-  - ZwReadFile
-  - strstr
-  - ZwMapViewOfSection
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeSetEvent
-  - wcsncpy
-  - RtlEqualSid
-  - strchr
-  - IoFreeWorkItem
-  - MmGetSystemRoutineAddress
-  - KeInitializeEvent
-  - PsSetCreateThreadNotifyRoutine
-  - RtlUnicodeStringToAnsiString
-  - _snprintf
-  - RtlGetVersion
-  - ZwQuerySystemInformation
-  - RtlInitString
-  - KeReleaseSpinLock
-  - PsSetCreateProcessNotifyRoutine
-  - ZwOpenSymbolicLinkObject
-  - IoFreeMdl
-  - KeUnstackDetachProcess
-  - ZwOpenProcessTokenEx
-  - ZwSetInformationFile
-  - KeDelayExecutionThread
-  - ObQueryNameString
-  - strncpy
-  - IoFileObjectType
-  - IoDriverObjectType
-  - wcsrchr
-  - wcsstr
-  - PsCreateSystemThread
-  - MmMapLockedPagesSpecifyCache
-  - IoGetDeviceObjectPointer
-  - ZwUnmapViewOfSection
-  - ExAllocatePool
-  - PsTerminateSystemThread
-  - IoGetCurrentProcess
-  - ExEventObjectType
-  - IoAllocateWorkItem
-  - ZwClose
-  - IofCompleteRequest
-  - ObReferenceObjectByHandle
-  - KeWaitForSingleObject
-  - PsRemoveLoadImageNotifyRoutine
-  - IoGetRequestorProcessId
-  - MmProbeAndLockPages
-  - PsGetVersion
-  - KeRevertToUserAffinityThread
-  - PsThreadType
-  - IoGetDeviceInterfaces
-  - ZwOpenProcess
-  - SeExports
-  - MmUnlockPages
-  - strrchr
-  - ZwQueryInformationProcess
-  - IoCreateSymbolicLink
-  - PsGetCurrentThreadId
-  - PsGetCurrentProcessId
-  - KeSetSystemAffinityThread
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - ZwCreateSection
-  - ObReferenceObjectByName
-  - IoQueueWorkItem
-  - IoDeviceObjectType
-  - ZwOpenFile
-  - wcsncmp
-  - ZwQueryInformationToken
-  - ZwQueryInformationFile
-  - ZwQueryInformationThread
-  - ObOpenObjectByPointer
-  - KeStackAttachProcess
-  - PsLookupThreadByThreadId
-  - ZwEnumerateKey
-  - IoAllocateMdl
-  - IofCallDriver
-  - ZwOpenKey
-  - KeAcquireSpinLockRaiseToDpc
-  - IoAttachDeviceToDeviceStackSafe
-  - IoDetachDevice
-  - IoCreateDevice
-  - PsProcessType
-  - KeDetachProcess
-  - KeAttachProcess
-  - ZwDeleteFile
-  - IoBuildSynchronousFsdRequest
-  - NtClose
-  - RtlCompareUnicodeString
-  - ObfReferenceObject
-  - ZwWriteFile
-  - ZwOpenThread
-  - ZwTerminateProcess
-  - RtlEqualUnicodeString
-  - ZwOpenDirectoryObject
-  - KeBugCheck
-  - ZwQueryDirectoryObject
-  - IoFreeIrp
-  - IoAllocateIrp
-  - KdDebuggerNotPresent
-  - KeSetTargetProcessorDpc
-  - IoBuildDeviceIoControlRequest
-  - KeInitializeDpc
-  - KeInsertQueueDpc
-  - KeNumberProcessors
-  - KeBugCheckEx
-  - ZwSetSecurityObject
-  - RtlLengthSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - RtlCreateSecurityDescriptor
-  - RtlSetDaclSecurityDescriptor
-  - RtlAbsoluteToSelfRelativeSD
-  - IoIsWdmVersionAvailable
-  - RtlLengthSid
-  - RtlAddAccessAllowedAce
-  - RtlGetSaclSecurityDescriptor
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - ZwCreateKey
-  - ZwQueryValueKey
-  - ZwSetValueKey
-  - RtlFreeUnicodeString
-  - RtlQueryRegistryValues
-  - RtlPrefixUnicodeString
-  - ExUnregisterCallback
-  - ExRegisterCallback
-  - ExCreateCallback
-  - __C_specific_handler
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=CZ, ST=Jihomoravsky kraj, L=Brno, O=AVG Technologies CZ, s.r.o.,
-        CN=AVG Technologies CZ, s.r.o.
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2018-01-20 23:59:59'
-      Signature: 3d93ae390468d2f9d7dae44754afe395ca0a9dae3e2e78d96f1fb865662d5336479c70f7f75dd2e478dfeee4afd56418f03491e2758d3b9907892a1d5425ce69fd560ab580589451c26ccb281b08eac55d446d391de4d1eb3b6161ee879927ef9e700c1e827957ebfd201eda47fdf3cbeeec5a61fdad2496055d39804d3525a9fdf1fb15d54f5d7089daebde48a226a4532d815ca0b98808cf072975df3756f8bb5fd97ec97877b6243dc33ae787cae89da9419da2d818ff892179a561b4e3208acfd7b956eeaa3396d91f36cba96269abbc0a54764daab47ada4589de2e318dc0ae82ffa7aa327cc73b42f84e472a834c804f77a3883600e0bd8faf126d7d82
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 266d333ede17a8b472053e4fa3934572
-      Version: 3
-      TBS:
-        MD5: 56b59f4aab381d13396d1c100a2f46dc
-        SHA1: 16943ddbd3b569119a81be71548717abd03f1736
-        SHA256: 65aa0decb458c1c34aea982ea1cfbb6cc2228a07641251e2190f29c633aed21b
-        SHA384: e054f0566def12a94ccb937ada71e468d584c29a9e0513e3eb7097c537daee86bc8b6a9b7a64c88b1bba39b734a6ad2f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 266d333ede17a8b472053e4fa3934572
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 9f01ca8ed93b73533b4b894bfa79f4bd
-    SHA1: 017d43c1c1f23212519d8de54caf8049bb59aae7
-    SHA256: abb9be2d564989154e22b1dc4541f92c7859f64b7417c281aee3656fa0a4979d
-  Sections:
-    .text:
-      Entropy: 6.318649585727606
-      Virtual Size: '0x1de5c'
-    .rdata:
-      Entropy: 5.866786080497287
-      Virtual Size: '0x2e64'
-    .data:
-      Entropy: 1.7814286677447535
-      Virtual Size: '0x25654'
-    .pdata:
-      Entropy: 5.368826877329211
-      Virtual Size: '0xf78'
-    PAGE:
-      Entropy: 6.246816071025832
-      Virtual Size: '0x19f7'
-    INIT:
-      Entropy: 5.302313382373697
-      Virtual Size: '0x12d0'
-    .rsrc:
-      Entropy: 3.4024513843391144
-      Virtual Size: '0x3b8'
-    .reloc:
-      Entropy: 1.8405309177627724
-      Virtual Size: '0x3dc'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2017-12-19 11:09:16'
-  Imphash: 1e8ee6407390a2d52051bec21c771fdb
-  LoadsDespiteHVCI: 'TRUE'
-- Filename: aswArPot.sys
-  MD5: 700d6a0331befd4ed9cfbb3234b335e7
-  SHA1: c1a5aacf05c00080e04d692a99c46ab445bf8b6e
-  SHA256: 86a1b1bacc0c51332c9979e6aad84b5fba335df6b9a096ccb7681ab0779a8882
-  Authentihash:
-    MD5: 200e978d48ef267fa8fe5eef7fe798b8
-    SHA1: f7979e778214d8d32844e6b65b8f4a56c3a12354
-    SHA256: 6c919efdad21b7d9884903b9d539fbb50dc418ff2c2753c12b35b9ace4c96d73
-  Description: Avast anti rootkit
-  Company: AVAST Software
-  InternalName: aswArPot.sys
-  OriginalFilename: aswArPot.sys
-  FileVersion: 18.8.4057.0
-  Product: 'Avast Antivirus '
-  ProductVersion: 18.8.4057.0
-  Copyright: Copyright (c) 2018 AVAST Software
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - wcschr
-  - MmUnmapLockedPages
-  - _stricmp
-  - _wcsicmp
-  - towlower
-  - _strnicmp
-  - ExAllocatePoolWithTag
-  - PsGetProcessWin32Process
-  - KeClearEvent
-  - RtlVolumeDeviceToDosName
-  - KeQueryActiveProcessors
-  - RtlConvertSidToUnicodeString
-  - IoBuildDeviceIoControlRequest
-  - ExFreePoolWithTag
-  - KeResetEvent
-  - ExReleaseFastMutex
-  - IoGetBaseFileSystemDeviceObject
-  - strncmp
-  - ZwOpenThreadTokenEx
-  - RtlAnsiStringToUnicodeString
-  - ExAcquireFastMutex
-  - PsSetLoadImageNotifyRoutine
-  - _snwprintf
-  - NtBuildNumber
-  - PsRemoveCreateThreadNotifyRoutine
-  - PsLookupProcessByProcessId
-  - ZwQuerySymbolicLinkObject
-  - _wcsnicmp
-  - ZwReadFile
-  - strstr
-  - ZwMapViewOfSection
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeSetEvent
-  - wcsncpy
-  - RtlEqualSid
-  - strchr
-  - IoFreeWorkItem
-  - MmGetSystemRoutineAddress
-  - KeInitializeEvent
-  - PsSetCreateThreadNotifyRoutine
-  - RtlUnicodeStringToAnsiString
-  - _snprintf
-  - RtlGetVersion
-  - ZwQuerySystemInformation
-  - RtlInitString
-  - KeReleaseSpinLock
-  - PsSetCreateProcessNotifyRoutine
-  - ZwOpenSymbolicLinkObject
-  - IoFreeMdl
-  - KeUnstackDetachProcess
-  - ZwOpenProcessTokenEx
-  - ZwSetInformationFile
-  - KeDelayExecutionThread
-  - ObQueryNameString
-  - strncpy
-  - IoFileObjectType
-  - IoDriverObjectType
-  - wcsrchr
-  - wcsstr
-  - PsCreateSystemThread
-  - MmMapLockedPagesSpecifyCache
-  - IoGetDeviceObjectPointer
-  - ZwUnmapViewOfSection
-  - ExAllocatePool
-  - PsTerminateSystemThread
-  - IoGetCurrentProcess
-  - ExEventObjectType
-  - IoAllocateWorkItem
-  - ZwClose
-  - IofCompleteRequest
-  - ObReferenceObjectByHandle
-  - KeWaitForSingleObject
-  - PsRemoveLoadImageNotifyRoutine
-  - IoGetRequestorProcessId
-  - MmProbeAndLockPages
-  - PsGetVersion
-  - KeRevertToUserAffinityThread
-  - PsThreadType
-  - IoGetDeviceInterfaces
-  - ZwOpenProcess
-  - SeExports
-  - MmUnlockPages
-  - strrchr
-  - ZwQueryInformationProcess
-  - IoCreateSymbolicLink
-  - PsGetCurrentThreadId
-  - PsGetCurrentProcessId
-  - KeSetSystemAffinityThread
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - ZwCreateSection
-  - ObReferenceObjectByName
-  - IoQueueWorkItem
-  - IoDeviceObjectType
-  - ZwOpenFile
-  - wcsncmp
-  - ZwQueryInformationToken
-  - ZwQueryInformationFile
-  - ZwQueryInformationThread
-  - ObOpenObjectByPointer
-  - KeStackAttachProcess
-  - PsLookupThreadByThreadId
-  - ZwEnumerateKey
-  - IoAllocateMdl
-  - IofCallDriver
-  - ZwOpenKey
-  - KeAcquireSpinLockRaiseToDpc
-  - IoThreadToProcess
-  - IoAttachDeviceToDeviceStackSafe
-  - IoDetachDevice
-  - PsInitialSystemProcess
-  - IoCreateDevice
-  - PsProcessType
-  - KeDetachProcess
-  - KeAttachProcess
-  - ZwDeleteFile
-  - IoBuildSynchronousFsdRequest
-  - NtClose
-  - RtlCompareUnicodeString
-  - ObfReferenceObject
-  - ZwWriteFile
-  - ZwOpenThread
-  - ZwTerminateProcess
-  - RtlEqualUnicodeString
-  - ZwOpenDirectoryObject
-  - KeBugCheck
-  - ZwQueryDirectoryObject
-  - IoFreeIrp
-  - IoAllocateIrp
-  - KdDebuggerNotPresent
-  - KeSetTargetProcessorDpc
-  - KeInitializeDpc
-  - KeInsertQueueDpc
-  - KeNumberProcessors
-  - KeBugCheckEx
-  - ZwSetSecurityObject
-  - RtlLengthSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - RtlCreateSecurityDescriptor
-  - RtlSetDaclSecurityDescriptor
-  - RtlAbsoluteToSelfRelativeSD
-  - IoIsWdmVersionAvailable
-  - RtlLengthSid
-  - RtlAddAccessAllowedAce
-  - RtlGetSaclSecurityDescriptor
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - ZwCreateKey
-  - ZwQueryValueKey
-  - ZwSetValueKey
-  - RtlFreeUnicodeString
-  - RtlQueryRegistryValues
-  - RtlPrefixUnicodeString
-  - ExUnregisterCallback
-  - ExRegisterCallback
-  - ExCreateCallback
-  - __C_specific_handler
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=CZ, L=Praha 4, O=AVAST Software s.r.o., CN=AVAST Software s.r.o.
-      ValidFrom: '2016-09-06 00:00:00'
-      ValidTo: '2019-10-04 12:00:00'
-      Signature: 56220de8a9a65fffbff97ff463c4026ec9be68fe98bfa0b20a722df84322a44dbc98f25b87ee42da3a06a6cedef076de22e0d7e02d41201156875341cd24badedb8aa5afa133e9ed688fc45aeb37a74fbe399828143561fd717fa7bed97cb5d42643494462fef349f3300daff13660a9e50f85d1110de96d1300e0e730d2b6689fd53eb7a72f4f3112dffa2c1caf17cb64c22509d82b5ce1c2181c2faac22fce3981e683183d6da50d1c17dec375c370f5feb5abfbc6dca4cdd47a5b14375870de6dc346361d8997e79f19819f5168f9b01c9aacc210f2322248adc375a2782b64881c6a557677815c39b024555cc0adca920a617e0ecb385eb47213b1553c80
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 07c70f7cab145bc1ed385fbe69fa3130
-      Version: 3
-      TBS:
-        MD5: 2e1a5012cbe8b95785c794bc1c5584c3
-        SHA1: f4753b06b08938794c32c2475cee663143036d08
-        SHA256: fcad609a3259e3ca079248302a7e694f40e66a7090e510c8c3e821d7a8da82a5
-        SHA384: 08a8396996a9ecb96b22a85d6adf3f8b1117f3a880b1d4af12e4de8e8005897a7073d6d5368cb92f701f466ec227e2a6
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
-      Version: 3
-      TBS:
-        MD5: 829995f702421dea833a24fb2c7f4442
-        SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
-        SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
-        SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 07c70f7cab145bc1ed385fbe69fa3130
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 382c4767d71156621da4d8ab3193017a
-    SHA1: 20e40fd8dd4465dfd940c017e5cb26819d5cbed7
-    SHA256: cc76cbedaf6062b99e917cf31a8cce723c854d10d1afd041e4ca85ceabb39c4b
-  Sections:
-    .text:
-      Entropy: 6.335598955768239
-      Virtual Size: '0x2133c'
-    .rdata:
-      Entropy: 5.828605093657631
-      Virtual Size: '0x306c'
-    .data:
-      Entropy: 1.9686843664265543
-      Virtual Size: '0x25ac0'
-    .pdata:
-      Entropy: 5.352123698526265
-      Virtual Size: '0x10a4'
-    PAGE:
-      Entropy: 6.236243477409071
-      Virtual Size: '0x19f7'
-    INIT:
-      Entropy: 5.308986664848571
-      Virtual Size: '0x130e'
-    .rsrc:
-      Entropy: 3.3396619391349227
-      Virtual Size: '0x370'
-    .reloc:
-      Entropy: 2.585838337225609
-      Virtual Size: '0x4ba'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2018-11-02 05:51:13'
-  Imphash: dd406d43857d7f5ad1b0aec04fdb7e5f
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: aswArPot.sys
-  MD5: 9eb524c5f92e5b80374b8261292fdeb5
-  SHA1: 80ea425e193bd0e05161e8e1dc34fb0eae5f9017
-  SHA256: 8cfd5b2102fbc77018c7fe6019ec15f07da497f6d73c32a31f4ba07e67ec85d9
-  Authentihash:
-    MD5: 996cd1b1cf33931bfaf2217e22fc82f0
-    SHA1: ba761efd5a552ccdd4363277acf95cd54b9dff4c
-    SHA256: 3b38427f167fde644868a62f0aa1ed03790137905c97024ac21729fa6153eca2
-  Description: AVG anti rootkit
-  Company: AVG Technologies CZ, s.r.o.
-  InternalName: aswArPot.sys
-  OriginalFilename: aswArPot.sys
-  FileVersion: 19.7.4246.0
-  Product: 'AVG Internet Security System '
-  ProductVersion: 19.7.4246.0
-  Copyright: Copyright (C) 2019 AVG Technologies CZ, s.r.o.
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - wcschr
-  - MmUnmapLockedPages
-  - _stricmp
-  - _wcsicmp
-  - towlower
-  - _strnicmp
-  - ExAllocatePoolWithTag
-  - PsGetProcessWin32Process
-  - KeClearEvent
-  - RtlVolumeDeviceToDosName
-  - KeQueryActiveProcessors
-  - RtlConvertSidToUnicodeString
-  - IoBuildDeviceIoControlRequest
-  - ExFreePoolWithTag
-  - KeResetEvent
-  - ExReleaseFastMutex
-  - IoGetBaseFileSystemDeviceObject
-  - strncmp
-  - ZwOpenThreadTokenEx
-  - RtlAnsiStringToUnicodeString
-  - ExAcquireFastMutex
-  - PsSetLoadImageNotifyRoutine
-  - _snwprintf
-  - NtBuildNumber
-  - PsRemoveCreateThreadNotifyRoutine
-  - PsLookupProcessByProcessId
-  - ZwQuerySymbolicLinkObject
-  - _wcsnicmp
-  - ZwReadFile
-  - strstr
-  - ZwMapViewOfSection
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeSetEvent
-  - wcsncpy
-  - RtlEqualSid
-  - strchr
-  - IoFreeWorkItem
-  - MmGetSystemRoutineAddress
-  - KeInitializeEvent
-  - PsSetCreateThreadNotifyRoutine
-  - RtlUnicodeStringToAnsiString
-  - _snprintf
-  - RtlGetVersion
-  - ZwQuerySystemInformation
-  - RtlInitString
-  - KeReleaseSpinLock
-  - PsGetThreadId
-  - PsSetCreateProcessNotifyRoutine
-  - ZwOpenSymbolicLinkObject
-  - IoFreeMdl
-  - KeUnstackDetachProcess
-  - ZwOpenProcessTokenEx
-  - ZwSetInformationFile
-  - tolower
-  - KeDelayExecutionThread
-  - ObQueryNameString
-  - strncpy
-  - IoFileObjectType
-  - IoDriverObjectType
-  - wcsrchr
-  - wcsstr
-  - PsCreateSystemThread
-  - MmMapLockedPagesSpecifyCache
-  - IoGetDeviceObjectPointer
-  - ZwUnmapViewOfSection
-  - ExAllocatePool
-  - PsTerminateSystemThread
-  - IoGetCurrentProcess
-  - ExEventObjectType
-  - IoAllocateWorkItem
-  - ZwClose
-  - IofCompleteRequest
-  - PsGetThreadProcess
-  - ObReferenceObjectByHandle
-  - KeWaitForSingleObject
-  - PsRemoveLoadImageNotifyRoutine
-  - IoGetRequestorProcessId
-  - MmProbeAndLockPages
-  - PsGetVersion
-  - KeRevertToUserAffinityThread
-  - PsThreadType
-  - IoGetDeviceInterfaces
-  - ZwOpenProcess
-  - SeExports
-  - MmUnlockPages
-  - strrchr
-  - ZwQueryInformationProcess
-  - IoCreateSymbolicLink
-  - PsGetCurrentThreadId
-  - PsGetCurrentProcessId
-  - KeSetSystemAffinityThread
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - ZwCreateSection
-  - ObReferenceObjectByName
-  - IoQueueWorkItem
-  - IoDeviceObjectType
-  - ZwOpenFile
-  - wcsncmp
-  - ZwQueryInformationToken
-  - ZwQueryInformationFile
-  - ZwQueryInformationThread
-  - ObOpenObjectByPointer
-  - PsGetProcessId
-  - KeStackAttachProcess
-  - PsLookupThreadByThreadId
-  - ZwEnumerateKey
-  - IoAllocateMdl
-  - IofCallDriver
-  - ZwOpenKey
-  - KeAcquireSpinLockRaiseToDpc
-  - IoThreadToProcess
-  - IoAttachDeviceToDeviceStackSafe
-  - IoDetachDevice
-  - PsInitialSystemProcess
-  - IoCreateDevice
-  - PsProcessType
-  - MmUnmapIoSpace
-  - KeDetachProcess
-  - MmMapIoSpace
-  - KeAttachProcess
-  - ZwDeleteFile
-  - IoBuildSynchronousFsdRequest
-  - NtClose
-  - RtlCompareUnicodeString
-  - ObfReferenceObject
-  - ZwWriteFile
-  - ZwOpenThread
-  - ZwTerminateProcess
-  - RtlEqualUnicodeString
-  - ZwOpenDirectoryObject
-  - KeBugCheck
-  - ZwQueryDirectoryObject
-  - IoFreeIrp
-  - IoAllocateIrp
-  - KdDebuggerNotPresent
-  - KeSetTargetProcessorDpc
-  - KeInitializeDpc
-  - KeInsertQueueDpc
-  - KeNumberProcessors
-  - KeBugCheckEx
-  - ZwSetSecurityObject
-  - RtlLengthSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - RtlCreateSecurityDescriptor
-  - RtlSetDaclSecurityDescriptor
-  - RtlAbsoluteToSelfRelativeSD
-  - IoIsWdmVersionAvailable
-  - RtlLengthSid
-  - RtlAddAccessAllowedAce
-  - RtlGetSaclSecurityDescriptor
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - ZwCreateKey
-  - ZwQueryValueKey
-  - ZwSetValueKey
-  - RtlFreeUnicodeString
-  - RtlQueryRegistryValues
-  - RtlPrefixUnicodeString
-  - ExUnregisterCallback
-  - ExRegisterCallback
-  - ExCreateCallback
-  - __C_specific_handler
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root
-        CA
-      ValidFrom: '2011-04-15 19:41:37'
-      ValidTo: '2021-04-15 19:51:37'
-      Signature: 5cf5b22d02ceed01b53512d813f7aa4014c7a15ca08a55ed7e55ea6ac457176fd04722423658efc5ac61c5f62c52ce6ae6c80d85dab334420ea40225182672b92a4ea57e4b16f2a0e40c449ce24d9af474f0f927a6699031c244654348c74869d0fc8409f286140ac22996857f11eb8713176ed3ec6bff1d578ab17b1ea5a07ce9a27a68e5fac6b161d67263fa379163835599f81d614f0c6fa3f7bcb1152acc8d85e31417ef7e49443fb022c0f0acbe2fdbe10c86b0f4585c5a10a94bcdf3448a4652083e0a6210e9459504b78b8d4b074f500db7bbe7fb8ca27878c6c53b7663b2cfe521845a66fce04c79834ecfa8ee700586587cc29cd73ca3ad3c7e76625c87d0ed7cd5c55b1421f4be75a275d2e9e15ad020307841624d6b5e6e1b1710244ad8588775d015d762bbfd185665842561977faad49df4f35d6da031c2e19e02ac3e90c3327ee832903416d08b14cf95accee58c54a265b8bfed186a57073ed3e79a4a2f081a041c49871a8ae61b08a365d81c31c50d9cbab368ddf45076160675fec403e7d13edfdc862e10027e661296534e7af3365879b12042d8963f35be3f8ef2999743f5e40ce13c68728c8d49d75a52b573fb7a35943a61b08482c04885c19732d39b725fa0d2348f7ef0467cf28c7294c707b0d7b5b230b81965f09c8327b0a0abd0a2727e050fb3aeddb95b9b42bcc32663456b86f11d4643edc8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611cb28a000000000026
-      Version: 3
-      TBS:
-        MD5: 983a0c315a50542362f2bd6a5d71c8d0
-        SHA1: 8047f476001f5cb16a661d2a3fd0c3576168f5e2
-        SHA256: 5f6a519ed2e35cd0fa1cdfc90f4387162c36287bbf9e4d6648251d99542a9e83
-        SHA384: 5f014b60511ddab3247ef0b3c03fe82c622237ba76015e2911d1adc50dc632d56ebd1ee532f3c2b6cbfe68d80a2c91dc
-    - Subject: C=US, ST=North Carolina, L=Newton, O=AVG Technologies USA, Inc., OU=Release
-        Engineering, CN=AVG Technologies USA, Inc.
-      ValidFrom: '2018-01-30 00:00:00'
-      ValidTo: '2021-01-22 12:00:00'
-      Signature: 64a3846966f4f2a1ffd87657c43ac13664775a70d059fd4447ee6588de3e0bf2b1a228291c0a01222cab6b4bbbcaabb94662396476d5525c952e7fd0048588028be1ba1c55c1ac200b523e7234ded93661acf83becee39c27823e22ec23d4ff8266eea3241ed9fbfd6bba155c7c39ed31db5e810dd7ea0858b0a2e9b824f23b9002f04e35375d54e5237f575e221914fd6a11590fdac7bc2ee5d66eb08e3c560414f6144111bef12350d70d9bdc513fb8d2407de5f1c7cca824feb4fb2a51057c2609f8d6419078879d64840ed870385d645f08f022a306ba5309883eacf4967dbbeb36961c73f2ed047d6cf85d2c3ee86c9913e8374be078155a4ffa36d9fa8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0557955e02a6b53dd1d574ede15f310e
-      Version: 3
-      TBS:
-        MD5: f9b558280379fbd2ac831a9850ec9c0e
-        SHA1: c22448dd1388c2011166e2a203fe984bd702f355
-        SHA256: c2f472e92e35af2565c8973f388a3602f43929f9e41befa85cdeff4446c5b9fe
-        SHA384: 5ee6139861e1ad7af4f34277455f9239b9ae156de69550c1f6b567afa2038498f9edb2464632655aac52899243ff84b3
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code
-        Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 7b721d64ff88c83ac1b7e9e7a9c487bbdb9492d7905933fa2b87dea85b80253f138f9b831b7c43c4e68cdf393ec315ecb0da3b21257b24c1725db84791811346fa9c3f6a5138deb425cbf0abdfc528015479104624d1380f26a161904dbabd28e63ff1c4aa9bf6da35534fc9f23dd36cdc23edaaa04d6709f33a803d3cfb364c90e776a4ddf23abf56352fa24c65e8e0d4dad1c7c8916a2d234f373b199418d4d59c103cd5b11c19ff8fc86b9b9ef8ae9c999678d1cd9c51155b4226725a8d0a4a239240e886de22c2933ad49b68a6df297f06b93c0ebd9fc4869c82474271328609997209794b9d7169f541ff7f397764f1848dbe8b1eb27d68a3a590b10cff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0fa8490615d700a0be2176fdc5ec6dbd
-      Version: 3
-      TBS:
-        MD5: a9a31555bbc92b6033975c5428fb3679
-        SHA1: 47f4b9898631773231b32844ec0d49990ac4eb1e
-        SHA256: c826846e4b1d73edb7561ab1b41c949354e237a91e82fe1be5b7e2e1701f52d1
-        SHA384: 86f49574f368a561914a52d7ae043ec6784ef8c718960700f834e123594605d25d39f1ad45f1eb5052c9567f3edd0e16
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 0557955e02a6b53dd1d574ede15f310e
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code
-        Signing CA,1
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 75b13c227d5208aed34b2687daf4ff12
-    SHA1: 74ea061adc0690a674274c70e479258dff68f6b5
-    SHA256: 89b1537c5094e9ccb980e1cbc109f742c686ac06078ce71c08767731dbafdc39
-  Sections:
-    .text:
-      Entropy: 6.342856822122601
-      Virtual Size: '0x2321c'
-    .rdata:
-      Entropy: 5.8350932122253685
-      Virtual Size: '0x31e4'
-    .data:
-      Entropy: 2.3041982865973822
-      Virtual Size: '0x25ce0'
-    .pdata:
-      Entropy: 5.3256215910283435
-      Virtual Size: '0x117c'
-    PAGE:
-      Entropy: 6.229306478822744
-      Virtual Size: '0x19f7'
-    INIT:
-      Entropy: 5.290761222190212
-      Virtual Size: '0x13a2'
-    .rsrc:
-      Entropy: 3.3994968214051506
-      Virtual Size: '0x3b8'
-    .reloc:
-      Entropy: 2.891565286382792
-      Virtual Size: '0x522'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2019-08-11 14:14:15'
-  Imphash: 62dbb90b4be9282d52aff9ae1a101d6b
-  LoadsDespiteHVCI: 'TRUE'
-- Filename: aswArPot.sys
-  MD5: 9496585198d726000ea505abc39dbfe9
-  SHA1: 19977d45e98b48c901596fb0a49a7623cee4c782
-  SHA256: 94911fe6f2aba9683b10353094caf71ee4a882de63b4620797629d79f18feec5
-  Authentihash:
-    MD5: e7f217b2e9cafd1fd529fac02570b6ba
-    SHA1: 172b630f5d54c70ce0ee43cf1afdbb6f488eb4b7
-    SHA256: 2537f2ad83f5efc841ed75081d5dfffeb04eea92abfb9844adc091ff2a671b56
-  Description: AVG Anti Rootkit
-  Company: AVG Technologies CZ, s.r.o.
-  InternalName: aswArPot
-  OriginalFilename: aswArPot.sys
-  FileVersion: 20.4.83.0
-  Product: 'AVG Internet Security System '
-  ProductVersion: 20.4.83.0
-  Copyright: Copyright (C) 2020 AVG Technologies CZ, s.r.o.
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - __C_specific_handler
-  - KeDelayExecutionThread
-  - IoAllocateWorkItem
-  - MmIsAddressValid
-  - MmUnlockPages
-  - ExAllocatePool
-  - RtlAnsiStringToUnicodeString
-  - KeAcquireSpinLockRaiseToDpc
-  - ZwQuerySystemInformation
-  - PsRemoveLoadImageNotifyRoutine
-  - ZwUnmapViewOfSection
-  - ZwQuerySymbolicLinkObject
-  - MmProbeAndLockPages
-  - RtlVolumeDeviceToDosName
-  - PsSetLoadImageNotifyRoutine
-  - IoGetRequestorProcessId
-  - ZwReadFile
-  - ObQueryNameString
-  - ZwOpenThreadTokenEx
-  - ZwOpenProcessTokenEx
-  - towlower
-  - NtBuildNumber
-  - ExReleaseFastMutex
-  - _wcsicmp
-  - _snwprintf
-  - RtlConvertSidToUnicodeString
-  - ObfDereferenceObject
-  - IoAllocateMdl
-  - ZwCreateSection
-  - ZwQueryInformationProcess
-  - PsGetProcessId
-  - PsCreateSystemThread
-  - ZwQueryInformationThread
-  - RtlInitUnicodeString
-  - ZwOpenSymbolicLinkObject
-  - tolower
-  - PsRemoveCreateThreadNotifyRoutine
-  - IoDeleteDevice
-  - IoBuildDeviceIoControlRequest
-  - wcsncpy
-  - IoGetDeviceObjectPointer
-  - IoGetCurrentProcess
-  - ObOpenObjectByPointer
-  - strncpy
-  - KeReleaseSpinLock
-  - _strnicmp
-  - IoFileObjectType
-  - KeStackAttachProcess
-  - PsLookupProcessByProcessId
-  - PsGetCurrentProcessId
-  - KeSetEvent
-  - PsThreadType
-  - RtlUnicodeStringToAnsiString
-  - ZwQueryInformationToken
-  - ZwMapViewOfSection
-  - strncmp
-  - ObReferenceObjectByHandle
-  - RtlGetVersion
-  - PsGetThreadId
-  - PsGetVersion
-  - KeClearEvent
-  - IoGetBaseFileSystemDeviceObject
-  - wcschr
-  - ZwSetInformationFile
-  - ZwEnumerateKey
-  - IoFreeMdl
-  - wcsstr
-  - ExAcquireFastMutex
-  - MmGetSystemRoutineAddress
-  - IoFreeWorkItem
-  - _stricmp
-  - ExAllocatePoolWithTag
-  - RtlInitString
-  - IofCallDriver
-  - IoDeviceObjectType
-  - _snprintf
-  - ExFreePoolWithTag
-  - ZwOpenFile
-  - KeSetSystemAffinityThread
-  - strstr
-  - KeInitializeEvent
-  - ObReferenceObjectByName
-  - strchr
-  - _wcsnicmp
-  - KeQueryActiveProcessors
-  - RtlEqualSid
-  - IoQueueWorkItem
-  - MmUnmapLockedPages
-  - MmMapLockedPagesSpecifyCache
-  - PsSetCreateThreadNotifyRoutine
-  - PsGetCurrentThreadId
-  - IofCompleteRequest
-  - PsGetProcessWin32Process
-  - ExEventObjectType
-  - ZwQueryInformationFile
-  - KeWaitForSingleObject
-  - IoCreateSymbolicLink
-  - PsSetCreateProcessNotifyRoutine
-  - IoDriverObjectType
-  - PsLookupThreadByThreadId
-  - IoGetDeviceInterfaces
-  - ZwClose
-  - PsTerminateSystemThread
-  - wcsrchr
-  - strrchr
-  - SeExports
-  - KeUnstackDetachProcess
-  - KeResetEvent
-  - KeRevertToUserAffinityThread
-  - ZwOpenProcess
-  - wcsncmp
-  - ZwOpenKey
-  - PsGetThreadProcess
-  - IoDetachDevice
-  - IoAttachDeviceToDeviceStackSafe
-  - IoThreadToProcess
-  - PsInitialSystemProcess
-  - IoCreateDevice
-  - KeInsertQueueDpc
-  - KeNumberProcessors
-  - KeInitializeDpc
-  - KeSetTargetProcessorDpc
-  - PsProcessType
-  - MmMapIoSpace
-  - MmUnmapIoSpace
-  - ZwDeleteFile
-  - KeAttachProcess
-  - KeDetachProcess
-  - RtlCompareUnicodeString
-  - ZwWriteFile
-  - NtClose
-  - ObfReferenceObject
-  - IoBuildSynchronousFsdRequest
-  - ZwOpenThread
-  - ZwTerminateProcess
-  - RtlEqualUnicodeString
-  - IoFreeIrp
-  - ZwQueryDirectoryObject
-  - KeBugCheck
-  - ZwOpenDirectoryObject
-  - IoAllocateIrp
-  - KdDebuggerNotPresent
-  - ZwSetSecurityObject
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - RtlGetSaclSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - RtlLengthSecurityDescriptor
-  - RtlCreateSecurityDescriptor
-  - RtlAbsoluteToSelfRelativeSD
-  - RtlAddAccessAllowedAce
-  - RtlLengthSid
-  - IoIsWdmVersionAvailable
-  - RtlSetDaclSecurityDescriptor
-  - ZwSetValueKey
-  - ZwQueryValueKey
-  - ZwCreateKey
-  - RtlFreeUnicodeString
-  - KeBugCheckEx
-  - RtlQueryRegistryValues
-  - RtlPrefixUnicodeString
-  - ExRegisterCallback
-  - ExCreateCallback
-  - ExUnregisterCallback
-  - strcmp
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: C=US, ST=North Carolina, L=Newton, O=AVG Technologies USA, LLC, OU=RE
-        999, CN=AVG Technologies USA, LLC
-      ValidFrom: '2020-01-27 00:00:00'
-      ValidTo: '2022-10-20 12:00:00'
-      Signature: b02cbaf178caf97fa7c0182c25b4c97d4e68127e4d5634609757bcbc051eb94254bb50e112e72505e7f9c6dbd92622287bacbcd726fa911b3b3e36ccc88f8794e980c0b0409efc87fb04d88a15df20dedb23ced152779b799359e4d3b553eb4c6c6ea61216899a0d9cc97de7f7e21ce374d5430e2dcfbb3b6f653db2d236f59bb22bd65e0787a65610c4fde1463a5be08e4710fb4e1ae7c00080edb315995b06297431ce4a9821d1050aa7061ef26c182482d09ba42001ab103c882c01f312411130490aa7820ff72902e723a864b881066e2d7883afdb5ba9d3027550f6a3761669e42b425ad61f76e2add3dd012558bd769b76f8f37843243dfbd0a2efa363
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03ec0c9015079fab8a6f3fc9f839311c
-      Version: 3
-      TBS:
-        MD5: bf2831557abdf7e58917d0a2608080a5
-        SHA1: 24ece342e4c4f2f17f32e6924f48c240ad6300ff
-        SHA256: 1afa061865098b2da9d030bc9f5815ad98e59fa847903692e52d6ba0bbf260dd
-        SHA384: 0bed85528163e2befed14755c2dcaf02acea62bdf352d3f964cfeaa2883bebea3e186aa26ce12e4df1dfd6d235bf9bb6
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
-      Version: 3
-      TBS:
-        MD5: 829995f702421dea833a24fb2c7f4442
-        SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
-        SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
-        SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 03ec0c9015079fab8a6f3fc9f839311c
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      Version: 1
-  RichPEHeaderHash:
-    MD5: e8033ae063a3483aec0d2fa55081ff62
-    SHA1: fef047c18b115c601ddfd833e1cb5784ca1afbd7
-    SHA256: fe30a08a31a5f4687353c7b08444b72fb6402a51b0586f0ade667983f833c4a5
-  Sections:
-    .text:
-      Entropy: 6.37980416282674
-      Virtual Size: '0x21d62'
-    .rdata:
-      Entropy: 5.713252224601693
-      Virtual Size: '0x3b1c'
-    .data:
-      Entropy: 2.7078442579876167
-      Virtual Size: '0x259b0'
-    .pdata:
-      Entropy: 5.4286864002584405
-      Virtual Size: '0x11dc'
-    PAGE:
-      Entropy: 6.273919225206701
-      Virtual Size: '0x1c4b'
-    INIT:
-      Entropy: 5.3629488423190335
-      Virtual Size: '0x13dc'
-    .rsrc:
-      Entropy: 3.350140047781645
-      Virtual Size: '0x3d0'
-    .reloc:
-      Entropy: 5.3833020583275815
-      Virtual Size: '0x188'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2020-06-01 01:48:53'
-  Imphash: 26150d69f50aa9247c3f3f17521d18a2
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: aswArPot.sys
-  MD5: ceac1347acae9ad9496d4b0593256522
-  SHA1: 36a6f75f05ac348af357fdecbabe1a184fe8d315
-  SHA256: 9a54ef5cfbe6db599322967ee2c84db7daabcb468be10a3ccfcaa0f64d9173c7
-  Authentihash:
-    MD5: d09a1bf39b8055fc11ac2bad634f36c5
-    SHA1: 3016bec15d07a845d6cf40aafbd4d63a06c403f2
-    SHA256: 9e309324897edf07776adbb2b05252d7a2ad8140c6636bc28a5050e4ea183d40
-  Description: AVG anti rootkit
-  Company: AVG Technologies CZ, s.r.o.
-  InternalName: aswArPot.sys
-  OriginalFilename: aswArPot.sys
-  FileVersion: 19.1.4132.0
-  Product: 'AVG Internet Security System '
-  ProductVersion: 19.1.4132.0
-  Copyright: Copyright (C) 2018 AVG Technologies CZ, s.r.o.
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - wcschr
-  - MmUnmapLockedPages
-  - _stricmp
-  - _wcsicmp
-  - towlower
-  - _strnicmp
-  - ExAllocatePoolWithTag
-  - PsGetProcessWin32Process
-  - KeClearEvent
-  - RtlVolumeDeviceToDosName
-  - KeQueryActiveProcessors
-  - RtlConvertSidToUnicodeString
-  - IoBuildDeviceIoControlRequest
-  - ExFreePoolWithTag
-  - KeResetEvent
-  - ExReleaseFastMutex
-  - IoGetBaseFileSystemDeviceObject
-  - strncmp
-  - ZwOpenThreadTokenEx
-  - RtlAnsiStringToUnicodeString
-  - ExAcquireFastMutex
-  - PsSetLoadImageNotifyRoutine
-  - _snwprintf
-  - NtBuildNumber
-  - PsRemoveCreateThreadNotifyRoutine
-  - PsLookupProcessByProcessId
-  - ZwQuerySymbolicLinkObject
-  - _wcsnicmp
-  - ZwReadFile
-  - strstr
-  - ZwMapViewOfSection
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeSetEvent
-  - wcsncpy
-  - RtlEqualSid
-  - strchr
-  - IoFreeWorkItem
-  - MmGetSystemRoutineAddress
-  - KeInitializeEvent
-  - PsSetCreateThreadNotifyRoutine
-  - RtlUnicodeStringToAnsiString
-  - _snprintf
-  - RtlGetVersion
-  - ZwQuerySystemInformation
-  - RtlInitString
-  - KeReleaseSpinLock
-  - PsSetCreateProcessNotifyRoutine
-  - ZwOpenSymbolicLinkObject
-  - IoFreeMdl
-  - KeUnstackDetachProcess
-  - ZwOpenProcessTokenEx
-  - ZwSetInformationFile
-  - tolower
-  - KeDelayExecutionThread
-  - ObQueryNameString
-  - strncpy
-  - IoFileObjectType
-  - IoDriverObjectType
-  - wcsrchr
-  - wcsstr
-  - PsCreateSystemThread
-  - MmMapLockedPagesSpecifyCache
-  - IoGetDeviceObjectPointer
-  - ZwUnmapViewOfSection
-  - ExAllocatePool
-  - PsTerminateSystemThread
-  - IoGetCurrentProcess
-  - ExEventObjectType
-  - IoAllocateWorkItem
-  - ZwClose
-  - IofCompleteRequest
-  - ObReferenceObjectByHandle
-  - KeWaitForSingleObject
-  - PsRemoveLoadImageNotifyRoutine
-  - IoGetRequestorProcessId
-  - MmProbeAndLockPages
-  - PsGetVersion
-  - KeRevertToUserAffinityThread
-  - PsThreadType
-  - IoGetDeviceInterfaces
-  - ZwOpenProcess
-  - SeExports
-  - MmUnlockPages
-  - strrchr
-  - ZwQueryInformationProcess
-  - IoCreateSymbolicLink
-  - PsGetCurrentThreadId
-  - PsGetCurrentProcessId
-  - KeSetSystemAffinityThread
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - ZwCreateSection
-  - ObReferenceObjectByName
-  - IoQueueWorkItem
-  - IoDeviceObjectType
-  - ZwOpenFile
-  - wcsncmp
-  - ZwQueryInformationToken
-  - ZwQueryInformationFile
-  - ZwQueryInformationThread
-  - ObOpenObjectByPointer
-  - KeStackAttachProcess
-  - PsLookupThreadByThreadId
-  - ZwEnumerateKey
-  - IoAllocateMdl
-  - IofCallDriver
-  - ZwOpenKey
-  - KeAcquireSpinLockRaiseToDpc
-  - IoThreadToProcess
-  - IoAttachDeviceToDeviceStackSafe
-  - IoDetachDevice
-  - PsInitialSystemProcess
-  - IoCreateDevice
-  - PsProcessType
-  - KeDetachProcess
-  - KeAttachProcess
-  - ZwDeleteFile
-  - IoBuildSynchronousFsdRequest
-  - NtClose
-  - RtlCompareUnicodeString
-  - ObfReferenceObject
-  - ZwWriteFile
-  - ZwOpenThread
-  - ZwTerminateProcess
-  - RtlEqualUnicodeString
-  - ZwOpenDirectoryObject
-  - KeBugCheck
-  - ZwQueryDirectoryObject
-  - IoFreeIrp
-  - IoAllocateIrp
-  - KdDebuggerNotPresent
-  - KeSetTargetProcessorDpc
-  - KeInitializeDpc
-  - KeInsertQueueDpc
-  - KeNumberProcessors
-  - KeBugCheckEx
-  - ZwSetSecurityObject
-  - RtlLengthSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - RtlCreateSecurityDescriptor
-  - RtlSetDaclSecurityDescriptor
-  - RtlAbsoluteToSelfRelativeSD
-  - IoIsWdmVersionAvailable
-  - RtlLengthSid
-  - RtlAddAccessAllowedAce
-  - RtlGetSaclSecurityDescriptor
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - ZwCreateKey
-  - ZwQueryValueKey
-  - ZwSetValueKey
-  - RtlFreeUnicodeString
-  - RtlQueryRegistryValues
-  - RtlPrefixUnicodeString
-  - ExUnregisterCallback
-  - ExRegisterCallback
-  - ExCreateCallback
-  - __C_specific_handler
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root
-        CA
-      ValidFrom: '2011-04-15 19:41:37'
-      ValidTo: '2021-04-15 19:51:37'
-      Signature: 5cf5b22d02ceed01b53512d813f7aa4014c7a15ca08a55ed7e55ea6ac457176fd04722423658efc5ac61c5f62c52ce6ae6c80d85dab334420ea40225182672b92a4ea57e4b16f2a0e40c449ce24d9af474f0f927a6699031c244654348c74869d0fc8409f286140ac22996857f11eb8713176ed3ec6bff1d578ab17b1ea5a07ce9a27a68e5fac6b161d67263fa379163835599f81d614f0c6fa3f7bcb1152acc8d85e31417ef7e49443fb022c0f0acbe2fdbe10c86b0f4585c5a10a94bcdf3448a4652083e0a6210e9459504b78b8d4b074f500db7bbe7fb8ca27878c6c53b7663b2cfe521845a66fce04c79834ecfa8ee700586587cc29cd73ca3ad3c7e76625c87d0ed7cd5c55b1421f4be75a275d2e9e15ad020307841624d6b5e6e1b1710244ad8588775d015d762bbfd185665842561977faad49df4f35d6da031c2e19e02ac3e90c3327ee832903416d08b14cf95accee58c54a265b8bfed186a57073ed3e79a4a2f081a041c49871a8ae61b08a365d81c31c50d9cbab368ddf45076160675fec403e7d13edfdc862e10027e661296534e7af3365879b12042d8963f35be3f8ef2999743f5e40ce13c68728c8d49d75a52b573fb7a35943a61b08482c04885c19732d39b725fa0d2348f7ef0467cf28c7294c707b0d7b5b230b81965f09c8327b0a0abd0a2727e050fb3aeddb95b9b42bcc32663456b86f11d4643edc8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611cb28a000000000026
-      Version: 3
-      TBS:
-        MD5: 983a0c315a50542362f2bd6a5d71c8d0
-        SHA1: 8047f476001f5cb16a661d2a3fd0c3576168f5e2
-        SHA256: 5f6a519ed2e35cd0fa1cdfc90f4387162c36287bbf9e4d6648251d99542a9e83
-        SHA384: 5f014b60511ddab3247ef0b3c03fe82c622237ba76015e2911d1adc50dc632d56ebd1ee532f3c2b6cbfe68d80a2c91dc
-    - Subject: C=US, ST=North Carolina, L=Newton, O=AVG Technologies USA, Inc., OU=Release
-        Engineering, CN=AVG Technologies USA, Inc.
-      ValidFrom: '2018-01-30 00:00:00'
-      ValidTo: '2021-01-22 12:00:00'
-      Signature: 64a3846966f4f2a1ffd87657c43ac13664775a70d059fd4447ee6588de3e0bf2b1a228291c0a01222cab6b4bbbcaabb94662396476d5525c952e7fd0048588028be1ba1c55c1ac200b523e7234ded93661acf83becee39c27823e22ec23d4ff8266eea3241ed9fbfd6bba155c7c39ed31db5e810dd7ea0858b0a2e9b824f23b9002f04e35375d54e5237f575e221914fd6a11590fdac7bc2ee5d66eb08e3c560414f6144111bef12350d70d9bdc513fb8d2407de5f1c7cca824feb4fb2a51057c2609f8d6419078879d64840ed870385d645f08f022a306ba5309883eacf4967dbbeb36961c73f2ed047d6cf85d2c3ee86c9913e8374be078155a4ffa36d9fa8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0557955e02a6b53dd1d574ede15f310e
-      Version: 3
-      TBS:
-        MD5: f9b558280379fbd2ac831a9850ec9c0e
-        SHA1: c22448dd1388c2011166e2a203fe984bd702f355
-        SHA256: c2f472e92e35af2565c8973f388a3602f43929f9e41befa85cdeff4446c5b9fe
-        SHA384: 5ee6139861e1ad7af4f34277455f9239b9ae156de69550c1f6b567afa2038498f9edb2464632655aac52899243ff84b3
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code
-        Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 7b721d64ff88c83ac1b7e9e7a9c487bbdb9492d7905933fa2b87dea85b80253f138f9b831b7c43c4e68cdf393ec315ecb0da3b21257b24c1725db84791811346fa9c3f6a5138deb425cbf0abdfc528015479104624d1380f26a161904dbabd28e63ff1c4aa9bf6da35534fc9f23dd36cdc23edaaa04d6709f33a803d3cfb364c90e776a4ddf23abf56352fa24c65e8e0d4dad1c7c8916a2d234f373b199418d4d59c103cd5b11c19ff8fc86b9b9ef8ae9c999678d1cd9c51155b4226725a8d0a4a239240e886de22c2933ad49b68a6df297f06b93c0ebd9fc4869c82474271328609997209794b9d7169f541ff7f397764f1848dbe8b1eb27d68a3a590b10cff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0fa8490615d700a0be2176fdc5ec6dbd
-      Version: 3
-      TBS:
-        MD5: a9a31555bbc92b6033975c5428fb3679
-        SHA1: 47f4b9898631773231b32844ec0d49990ac4eb1e
-        SHA256: c826846e4b1d73edb7561ab1b41c949354e237a91e82fe1be5b7e2e1701f52d1
-        SHA384: 86f49574f368a561914a52d7ae043ec6784ef8c718960700f834e123594605d25d39f1ad45f1eb5052c9567f3edd0e16
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 0557955e02a6b53dd1d574ede15f310e
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code
-        Signing CA,1
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 6132f6d32bf124e5f0bbebe21876c5ea
-    SHA1: 15b4ffef2a2b3a862a0eab844af3cfc4b1900d6f
-    SHA256: 0b8a681dd006525cd3655d98f39d2c65123a186d1781bb2331ae1b0c927d5ee0
-  Sections:
-    .text:
-      Entropy: 6.333034342254648
-      Virtual Size: '0x21a9c'
-    .rdata:
-      Entropy: 5.822460548764078
-      Virtual Size: '0x30ac'
-    .data:
-      Entropy: 1.9883419545841996
-      Virtual Size: '0x25b18'
-    .pdata:
-      Entropy: 5.344549474194191
-      Virtual Size: '0x10c8'
-    PAGE:
-      Entropy: 6.2415459986958455
-      Virtual Size: '0x19f7'
-    INIT:
-      Entropy: 5.308945301421294
-      Virtual Size: '0x1320'
-    .rsrc:
-      Entropy: 3.3852237383810513
-      Virtual Size: '0x3b8'
-    .reloc:
-      Entropy: 2.5894785090098025
-      Virtual Size: '0x4ba'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2018-12-10 07:58:34'
-  Imphash: 86682585c620fa85096a7bedaf990cd1
-  LoadsDespiteHVCI: 'TRUE'
-- Filename: aswArPot.sys
-  MD5: 35c8fdf881909fa28c92b1c2741ac60b
-  SHA1: d942dac4033dcd681161181d50ce3661d1e12b96
-  SHA256: a2f45d95d54f4e110b577e621fefa0483fa0e3dcca14c500c298fb9209e491c1
-  Authentihash:
-    MD5: e56d6c4be652c01f178ecef18428f567
-    SHA1: 816088e3f2c6e3be17abe236bc905acc10733fda
-    SHA256: 11f0f2395b3e7a9849bf3f050bfda6b48ae2de856d8541a16b51d9097afb8306
-  Description: AVG anti rootkit
-  Company: AVG Technologies CZ, s.r.o.
-  InternalName: aswArPot.sys
-  OriginalFilename: aswArPot.sys
-  FileVersion: 19.2.4181.0
-  Product: 'AVG Internet Security System '
-  ProductVersion: 19.2.4181.0
-  Copyright: Copyright (C) 2019 AVG Technologies CZ, s.r.o.
-  MachineType: I386
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - wcsrchr
-  - towlower
-  - MmGetSystemRoutineAddress
-  - RtlInitUnicodeString
-  - RtlUnicodeStringToAnsiString
-  - MmIsAddressValid
-  - RtlAnsiStringToUnicodeString
-  - strncmp
-  - MmUnlockPages
-  - MmUnmapLockedPages
-  - IoFreeMdl
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - memcpy
-  - ObfDereferenceObject
-  - ObReferenceObjectByName
-  - IoDriverObjectType
-  - _snwprintf
-  - ZwClose
-  - IoGetBaseFileSystemDeviceObject
-  - ObReferenceObjectByHandle
-  - ZwOpenFile
-  - ExFreePoolWithTag
-  - ZwReadFile
-  - ExAllocatePoolWithTag
-  - ZwSetInformationFile
-  - ZwQueryInformationFile
-  - PsLookupProcessByProcessId
-  - KeSetEvent
-  - KeResetEvent
-  - ZwMapViewOfSection
-  - ZwCreateSection
-  - ZwUnmapViewOfSection
-  - KeRevertToUserAffinityThread
-  - KeSetSystemAffinityThread
-  - KeQueryActiveProcessors
-  - _snprintf
-  - memset
-  - ZwQuerySystemInformation
-  - ZwQueryInformationProcess
-  - ZwQueryInformationThread
-  - ObOpenObjectByPointer
-  - PsThreadType
-  - PsLookupThreadByThreadId
-  - KeUnstackDetachProcess
-  - ZwOpenProcess
-  - KeStackAttachProcess
-  - KeWaitForSingleObject
-  - KeClearEvent
-  - KeQuerySystemTime
-  - ZwEnumerateKey
-  - ZwOpenKey
-  - IoFreeWorkItem
-  - IoQueueWorkItem
-  - IoAllocateWorkItem
-  - strchr
-  - strrchr
-  - strstr
-  - PsGetCurrentProcessId
-  - _alldiv
-  - ZwQuerySymbolicLinkObject
-  - ZwOpenSymbolicLinkObject
-  - RtlVolumeDeviceToDosName
-  - IoGetDeviceObjectPointer
-  - wcsncpy
-  - wcsncmp
-  - IoGetDeviceInterfaces
-  - _stricmp
-  - strncpy
-  - IoGetCurrentProcess
-  - RtlInitString
-  - ZwOpenThreadTokenEx
-  - ZwOpenProcessTokenEx
-  - RtlConvertSidToUnicodeString
-  - RtlEqualSid
-  - SeExports
-  - ZwQueryInformationToken
-  - PsGetCurrentThreadId
-  - ExEventObjectType
-  - NtBuildNumber
-  - IoFileObjectType
-  - IoDeviceObjectType
-  - PsSetLoadImageNotifyRoutine
-  - PsSetCreateProcessNotifyRoutine
-  - PsGetProcessWin32Process
-  - ExAllocatePool
-  - PsTerminateSystemThread
-  - PsCreateSystemThread
-  - ObQueryNameString
-  - _allmul
-  - PsSetCreateThreadNotifyRoutine
-  - PsRemoveCreateThreadNotifyRoutine
-  - PsRemoveLoadImageNotifyRoutine
-  - IofCompleteRequest
-  - IoGetRequestorProcessId
-  - IofCallDriver
-  - IoDeleteDevice
-  - IoCreateSymbolicLink
-  - PsGetVersion
-  - IoDetachDevice
-  - IoAttachDeviceToDeviceStackSafe
-  - IoCreateDevice
-  - PsInitialSystemProcess
-  - IoThreadToProcess
-  - KeAttachProcess
-  - MmMapLockedPages
-  - ZwDeleteFile
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - PsProcessType
-  - KeDetachProcess
-  - ZwWriteFile
-  - NtClose
-  - ObfReferenceObject
-  - KeBugCheckEx
-  - RtlCompareUnicodeString
-  - IoBuildSynchronousFsdRequest
-  - ZwTerminateProcess
-  - ZwOpenThread
-  - IoFreeIrp
-  - RtlEqualUnicodeString
-  - IoAllocateIrp
-  - ZwQueryDirectoryObject
-  - ZwOpenDirectoryObject
-  - KeBugCheck
-  - KeInsertQueueDpc
-  - KeSetTargetProcessorDpc
-  - KeInitializeDpc
-  - KeNumberProcessors
-  - IoBuildDeviceIoControlRequest
-  - KeTickCount
-  - RtlUnwind
-  - _strnicmp
-  - _wcsnicmp
-  - _wcsicmp
-  - wcschr
-  - KeDelayExecutionThread
-  - MmMapLockedPagesSpecifyCache
-  - KeGetCurrentThread
-  - wcsstr
-  - KeInitializeEvent
-  - ZwSetSecurityObject
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetSaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - RtlLengthSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - IoIsWdmVersionAvailable
-  - RtlAddAccessAllowedAce
-  - RtlLengthSid
-  - RtlAbsoluteToSelfRelativeSD
-  - RtlSetDaclSecurityDescriptor
-  - RtlCreateSecurityDescriptor
-  - ZwCreateKey
-  - ZwQueryValueKey
-  - ZwSetValueKey
-  - RtlFreeUnicodeString
-  - ExUnregisterCallback
-  - ExCreateCallback
-  - ExRegisterCallback
-  - RtlQueryRegistryValues
-  - RtlPrefixUnicodeString
-  - KfAcquireSpinLock
-  - KfReleaseSpinLock
-  - KeGetCurrentIrql
-  - ExAcquireFastMutex
-  - ExReleaseFastMutex
-  - KeRaiseIrqlToDpcLevel
-  - KfLowerIrql
-  - KfRaiseIrql
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root
-        CA
-      ValidFrom: '2011-04-15 19:41:37'
-      ValidTo: '2021-04-15 19:51:37'
-      Signature: 5cf5b22d02ceed01b53512d813f7aa4014c7a15ca08a55ed7e55ea6ac457176fd04722423658efc5ac61c5f62c52ce6ae6c80d85dab334420ea40225182672b92a4ea57e4b16f2a0e40c449ce24d9af474f0f927a6699031c244654348c74869d0fc8409f286140ac22996857f11eb8713176ed3ec6bff1d578ab17b1ea5a07ce9a27a68e5fac6b161d67263fa379163835599f81d614f0c6fa3f7bcb1152acc8d85e31417ef7e49443fb022c0f0acbe2fdbe10c86b0f4585c5a10a94bcdf3448a4652083e0a6210e9459504b78b8d4b074f500db7bbe7fb8ca27878c6c53b7663b2cfe521845a66fce04c79834ecfa8ee700586587cc29cd73ca3ad3c7e76625c87d0ed7cd5c55b1421f4be75a275d2e9e15ad020307841624d6b5e6e1b1710244ad8588775d015d762bbfd185665842561977faad49df4f35d6da031c2e19e02ac3e90c3327ee832903416d08b14cf95accee58c54a265b8bfed186a57073ed3e79a4a2f081a041c49871a8ae61b08a365d81c31c50d9cbab368ddf45076160675fec403e7d13edfdc862e10027e661296534e7af3365879b12042d8963f35be3f8ef2999743f5e40ce13c68728c8d49d75a52b573fb7a35943a61b08482c04885c19732d39b725fa0d2348f7ef0467cf28c7294c707b0d7b5b230b81965f09c8327b0a0abd0a2727e050fb3aeddb95b9b42bcc32663456b86f11d4643edc8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611cb28a000000000026
-      Version: 3
-      TBS:
-        MD5: 983a0c315a50542362f2bd6a5d71c8d0
-        SHA1: 8047f476001f5cb16a661d2a3fd0c3576168f5e2
-        SHA256: 5f6a519ed2e35cd0fa1cdfc90f4387162c36287bbf9e4d6648251d99542a9e83
-        SHA384: 5f014b60511ddab3247ef0b3c03fe82c622237ba76015e2911d1adc50dc632d56ebd1ee532f3c2b6cbfe68d80a2c91dc
-    - Subject: C=US, ST=North Carolina, L=Newton, O=AVG Technologies USA, Inc., OU=Release
-        Engineering, CN=AVG Technologies USA, Inc.
-      ValidFrom: '2018-01-30 00:00:00'
-      ValidTo: '2021-01-22 12:00:00'
-      Signature: 64a3846966f4f2a1ffd87657c43ac13664775a70d059fd4447ee6588de3e0bf2b1a228291c0a01222cab6b4bbbcaabb94662396476d5525c952e7fd0048588028be1ba1c55c1ac200b523e7234ded93661acf83becee39c27823e22ec23d4ff8266eea3241ed9fbfd6bba155c7c39ed31db5e810dd7ea0858b0a2e9b824f23b9002f04e35375d54e5237f575e221914fd6a11590fdac7bc2ee5d66eb08e3c560414f6144111bef12350d70d9bdc513fb8d2407de5f1c7cca824feb4fb2a51057c2609f8d6419078879d64840ed870385d645f08f022a306ba5309883eacf4967dbbeb36961c73f2ed047d6cf85d2c3ee86c9913e8374be078155a4ffa36d9fa8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0557955e02a6b53dd1d574ede15f310e
-      Version: 3
-      TBS:
-        MD5: f9b558280379fbd2ac831a9850ec9c0e
-        SHA1: c22448dd1388c2011166e2a203fe984bd702f355
-        SHA256: c2f472e92e35af2565c8973f388a3602f43929f9e41befa85cdeff4446c5b9fe
-        SHA384: 5ee6139861e1ad7af4f34277455f9239b9ae156de69550c1f6b567afa2038498f9edb2464632655aac52899243ff84b3
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code
-        Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 7b721d64ff88c83ac1b7e9e7a9c487bbdb9492d7905933fa2b87dea85b80253f138f9b831b7c43c4e68cdf393ec315ecb0da3b21257b24c1725db84791811346fa9c3f6a5138deb425cbf0abdfc528015479104624d1380f26a161904dbabd28e63ff1c4aa9bf6da35534fc9f23dd36cdc23edaaa04d6709f33a803d3cfb364c90e776a4ddf23abf56352fa24c65e8e0d4dad1c7c8916a2d234f373b199418d4d59c103cd5b11c19ff8fc86b9b9ef8ae9c999678d1cd9c51155b4226725a8d0a4a239240e886de22c2933ad49b68a6df297f06b93c0ebd9fc4869c82474271328609997209794b9d7169f541ff7f397764f1848dbe8b1eb27d68a3a590b10cff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0fa8490615d700a0be2176fdc5ec6dbd
-      Version: 3
-      TBS:
-        MD5: a9a31555bbc92b6033975c5428fb3679
-        SHA1: 47f4b9898631773231b32844ec0d49990ac4eb1e
-        SHA256: c826846e4b1d73edb7561ab1b41c949354e237a91e82fe1be5b7e2e1701f52d1
-        SHA384: 86f49574f368a561914a52d7ae043ec6784ef8c718960700f834e123594605d25d39f1ad45f1eb5052c9567f3edd0e16
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 0557955e02a6b53dd1d574ede15f310e
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code
-        Signing CA,1
-      Version: 1
-  RichPEHeaderHash:
-    MD5: d35f2d33b54b350bbf39cbac221c6154
-    SHA1: e101b17cd430037f7f7a190f31271340e96fc272
-    SHA256: b97429cb64da49991e6729b0342b0a9a67edb37ad01c1199191203097aba8631
-  Sections:
-    .text:
-      Entropy: 6.542036319657988
-      Virtual Size: '0x19fae'
-    .rwtext:
-      Entropy: 1.7300584522683535
-      Virtual Size: '0x51'
-    .rdata:
-      Entropy: 5.42555121194693
-      Virtual Size: '0x2ffc'
-    .data:
-      Entropy: 2.6449416238771346
-      Virtual Size: '0x14b94'
-    PAGE:
-      Entropy: 6.255823244544411
-      Virtual Size: '0x13dd'
-    INIT:
-      Entropy: 5.575609594408319
-      Virtual Size: '0x115a'
-    .rsrc:
-      Entropy: 3.387684728445238
-      Virtual Size: '0x3b8'
-    .reloc:
-      Entropy: 6.3599137895820474
-      Virtual Size: '0x23ec'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2019-01-30 13:27:34'
-  Imphash: f08e2ac6ca73cd2a924ed25dc6813638
-  LoadsDespiteHVCI: 'TRUE'
-- Filename: aswArPot.sys
-  MD5: 300d6ac47a146eb8eb159f51bc13f7cf
-  SHA1: 02316decf9e5165b431c599643f6856e86b95e7c
-  SHA256: a5a50449e2cc4d0dbc80496f757935ae38bf8a1bebdd6555a3495d8c219df2ad
-  Authentihash:
-    MD5: dc4869ad1497f7bd21ae89c9ecbcefca
-    SHA1: 1b7496a00aa6fd9328b41bf48a692f2648f6a7fb
-    SHA256: 60f79c1b60a74b98b4f436d6bbbf5aeb9ce6febbe1443d318eea7581962b75a4
-  Description: Avast anti rootkit
-  Company: AVAST Software
-  InternalName: aswArPot.sys
-  OriginalFilename: aswArPot.sys
-  FileVersion: 18.3.3848.0
-  Product: 'Avast Antivirus '
-  ProductVersion: 18.3.3848.0
-  Copyright: Copyright (c) 2018 AVAST Software
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - wcschr
-  - MmUnmapLockedPages
-  - _stricmp
-  - _wcsicmp
-  - towlower
-  - _strnicmp
-  - ExAllocatePoolWithTag
-  - PsGetProcessWin32Process
-  - KeClearEvent
-  - RtlVolumeDeviceToDosName
-  - KeQueryActiveProcessors
-  - RtlConvertSidToUnicodeString
-  - ExFreePoolWithTag
-  - KeResetEvent
-  - ExReleaseFastMutex
-  - IoGetBaseFileSystemDeviceObject
-  - strncmp
-  - ZwOpenThreadTokenEx
-  - RtlAnsiStringToUnicodeString
-  - ExAcquireFastMutex
-  - PsSetLoadImageNotifyRoutine
-  - _snwprintf
-  - NtBuildNumber
-  - PsRemoveCreateThreadNotifyRoutine
-  - PsLookupProcessByProcessId
-  - ZwQuerySymbolicLinkObject
-  - _wcsnicmp
-  - ZwReadFile
-  - strstr
-  - ZwMapViewOfSection
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeSetEvent
-  - wcsncpy
-  - RtlEqualSid
-  - strchr
-  - IoFreeWorkItem
-  - MmGetSystemRoutineAddress
-  - KeInitializeEvent
-  - PsSetCreateThreadNotifyRoutine
-  - RtlUnicodeStringToAnsiString
-  - _snprintf
-  - RtlGetVersion
-  - ZwQuerySystemInformation
-  - RtlInitString
-  - KeReleaseSpinLock
-  - PsSetCreateProcessNotifyRoutine
-  - ZwOpenSymbolicLinkObject
-  - IoFreeMdl
-  - KeUnstackDetachProcess
-  - ZwOpenProcessTokenEx
-  - ZwSetInformationFile
-  - KeDelayExecutionThread
-  - ObQueryNameString
-  - strncpy
-  - IoFileObjectType
-  - IoDriverObjectType
-  - wcsrchr
-  - wcsstr
-  - PsCreateSystemThread
-  - MmMapLockedPagesSpecifyCache
-  - IoGetDeviceObjectPointer
-  - ZwUnmapViewOfSection
-  - ExAllocatePool
-  - PsTerminateSystemThread
-  - IoGetCurrentProcess
-  - ExEventObjectType
-  - IoAllocateWorkItem
-  - ZwClose
-  - IofCompleteRequest
-  - ObReferenceObjectByHandle
-  - KeWaitForSingleObject
-  - PsRemoveLoadImageNotifyRoutine
-  - IoGetRequestorProcessId
-  - MmProbeAndLockPages
-  - PsGetVersion
-  - KeRevertToUserAffinityThread
-  - PsThreadType
-  - IoGetDeviceInterfaces
-  - ZwOpenProcess
-  - SeExports
-  - MmUnlockPages
-  - strrchr
-  - ZwQueryInformationProcess
-  - IoCreateSymbolicLink
-  - PsGetCurrentThreadId
-  - PsGetCurrentProcessId
-  - KeSetSystemAffinityThread
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - ZwCreateSection
-  - ObReferenceObjectByName
-  - IoQueueWorkItem
-  - IoDeviceObjectType
-  - ZwOpenFile
-  - wcsncmp
-  - ZwQueryInformationToken
-  - ZwQueryInformationFile
-  - ZwQueryInformationThread
-  - ObOpenObjectByPointer
-  - KeStackAttachProcess
-  - PsLookupThreadByThreadId
-  - ZwEnumerateKey
-  - IoAllocateMdl
-  - IofCallDriver
-  - ZwOpenKey
-  - KeAcquireSpinLockRaiseToDpc
-  - IoAttachDeviceToDeviceStackSafe
-  - IoDetachDevice
-  - IoCreateDevice
-  - PsProcessType
-  - KeDetachProcess
-  - KeAttachProcess
-  - ZwDeleteFile
-  - IoBuildSynchronousFsdRequest
-  - NtClose
-  - RtlCompareUnicodeString
-  - ObfReferenceObject
-  - ZwWriteFile
-  - ZwOpenThread
-  - ZwTerminateProcess
-  - RtlEqualUnicodeString
-  - ZwOpenDirectoryObject
-  - KeBugCheck
-  - ZwQueryDirectoryObject
-  - IoFreeIrp
-  - IoAllocateIrp
-  - KdDebuggerNotPresent
-  - KeSetTargetProcessorDpc
-  - IoBuildDeviceIoControlRequest
-  - KeInitializeDpc
-  - KeInsertQueueDpc
-  - KeNumberProcessors
-  - KeBugCheckEx
-  - ZwSetSecurityObject
-  - RtlLengthSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - RtlCreateSecurityDescriptor
-  - RtlSetDaclSecurityDescriptor
-  - RtlAbsoluteToSelfRelativeSD
-  - IoIsWdmVersionAvailable
-  - RtlLengthSid
-  - RtlAddAccessAllowedAce
-  - RtlGetSaclSecurityDescriptor
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - ZwCreateKey
-  - ZwQueryValueKey
-  - ZwSetValueKey
-  - RtlFreeUnicodeString
-  - RtlQueryRegistryValues
-  - RtlPrefixUnicodeString
-  - ExUnregisterCallback
-  - ExRegisterCallback
-  - ExCreateCallback
-  - __C_specific_handler
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=CZ, L=Praha 4, O=AVAST Software s.r.o., CN=AVAST Software s.r.o.
-      ValidFrom: '2016-09-06 00:00:00'
-      ValidTo: '2019-10-04 12:00:00'
-      Signature: 56220de8a9a65fffbff97ff463c4026ec9be68fe98bfa0b20a722df84322a44dbc98f25b87ee42da3a06a6cedef076de22e0d7e02d41201156875341cd24badedb8aa5afa133e9ed688fc45aeb37a74fbe399828143561fd717fa7bed97cb5d42643494462fef349f3300daff13660a9e50f85d1110de96d1300e0e730d2b6689fd53eb7a72f4f3112dffa2c1caf17cb64c22509d82b5ce1c2181c2faac22fce3981e683183d6da50d1c17dec375c370f5feb5abfbc6dca4cdd47a5b14375870de6dc346361d8997e79f19819f5168f9b01c9aacc210f2322248adc375a2782b64881c6a557677815c39b024555cc0adca920a617e0ecb385eb47213b1553c80
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 07c70f7cab145bc1ed385fbe69fa3130
-      Version: 3
-      TBS:
-        MD5: 2e1a5012cbe8b95785c794bc1c5584c3
-        SHA1: f4753b06b08938794c32c2475cee663143036d08
-        SHA256: fcad609a3259e3ca079248302a7e694f40e66a7090e510c8c3e821d7a8da82a5
-        SHA384: 08a8396996a9ecb96b22a85d6adf3f8b1117f3a880b1d4af12e4de8e8005897a7073d6d5368cb92f701f466ec227e2a6
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
-      Version: 3
-      TBS:
-        MD5: 829995f702421dea833a24fb2c7f4442
-        SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
-        SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
-        SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 07c70f7cab145bc1ed385fbe69fa3130
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 73f94453db44e5265861f0ce8df39fc1
-    SHA1: 6d710be934482758c43d9d19941be5ed522e371f
-    SHA256: 39835922f0b2a2c24ed5fb74c468f28fc5b2c036c7a219352dc78f7f29ea13c3
-  Sections:
-    .text:
-      Entropy: 6.331634555230066
-      Virtual Size: '0x2032c'
-    .rdata:
-      Entropy: 5.8083706753670254
-      Virtual Size: '0x303c'
-    .data:
-      Entropy: 1.7228772750546992
-      Virtual Size: '0x25814'
-    .pdata:
-      Entropy: 5.349284817948452
-      Virtual Size: '0x1080'
-    PAGE:
-      Entropy: 6.241650261489821
-      Virtual Size: '0x19f7'
-    INIT:
-      Entropy: 5.291903484197976
-      Virtual Size: '0x12d0'
-    .rsrc:
-      Entropy: 3.330592409477162
-      Virtual Size: '0x370'
-    .reloc:
-      Entropy: 1.9822497903370622
-      Virtual Size: '0x438'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2018-03-19 13:51:14'
-  Imphash: 1e8ee6407390a2d52051bec21c771fdb
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: aswArPot.sys
-  MD5: dcd966874b4c8c952662d2d16ddb4d7c
-  SHA1: 135b261eb03e830c57b1729e3a4653f9c27c7522
-  SHA256: aaa3459bcac25423f78ed72dbae4d7ef19e7c5c65770cbe5210b14e33cd1816c
-  Authentihash:
-    MD5: 31deadc1bcfdcac3b86e05ad2aa9eb1d
-    SHA1: 6a02a8de97682af43b1a5831c4b4991caf94094a
-    SHA256: f2e97fb72237dbbd8981d13a056dd3544c41d802efd129e1ea7e3f655de661b8
-  Description: Avast anti rootkit
-  Company: AVAST Software
-  InternalName: aswArPot.sys
-  OriginalFilename: aswArPot.sys
-  FileVersion: 18.2.3820.0
-  Product: 'Avast Antivirus '
-  ProductVersion: 18.2.3820.0
-  Copyright: Copyright (c) 2018 AVAST Software
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - wcschr
-  - MmUnmapLockedPages
-  - _stricmp
-  - _wcsicmp
-  - towlower
-  - _strnicmp
-  - ExAllocatePoolWithTag
-  - PsGetProcessWin32Process
-  - KeClearEvent
-  - RtlVolumeDeviceToDosName
-  - KeQueryActiveProcessors
-  - RtlConvertSidToUnicodeString
-  - ExFreePoolWithTag
-  - KeResetEvent
-  - ExReleaseFastMutex
-  - IoGetBaseFileSystemDeviceObject
-  - strncmp
-  - ZwOpenThreadTokenEx
-  - RtlAnsiStringToUnicodeString
-  - ExAcquireFastMutex
-  - PsSetLoadImageNotifyRoutine
-  - _snwprintf
-  - NtBuildNumber
-  - PsRemoveCreateThreadNotifyRoutine
-  - PsLookupProcessByProcessId
-  - ZwQuerySymbolicLinkObject
-  - _wcsnicmp
-  - ZwReadFile
-  - strstr
-  - ZwMapViewOfSection
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeSetEvent
-  - wcsncpy
-  - RtlEqualSid
-  - strchr
-  - IoFreeWorkItem
-  - MmGetSystemRoutineAddress
-  - KeInitializeEvent
-  - PsSetCreateThreadNotifyRoutine
-  - RtlUnicodeStringToAnsiString
-  - _snprintf
-  - RtlGetVersion
-  - ZwQuerySystemInformation
-  - RtlInitString
-  - KeReleaseSpinLock
-  - PsSetCreateProcessNotifyRoutine
-  - ZwOpenSymbolicLinkObject
-  - IoFreeMdl
-  - KeUnstackDetachProcess
-  - ZwOpenProcessTokenEx
-  - ZwSetInformationFile
-  - KeDelayExecutionThread
-  - ObQueryNameString
-  - strncpy
-  - IoFileObjectType
-  - IoDriverObjectType
-  - wcsrchr
-  - wcsstr
-  - PsCreateSystemThread
-  - MmMapLockedPagesSpecifyCache
-  - IoGetDeviceObjectPointer
-  - ZwUnmapViewOfSection
-  - ExAllocatePool
-  - PsTerminateSystemThread
-  - IoGetCurrentProcess
-  - ExEventObjectType
-  - IoAllocateWorkItem
-  - ZwClose
-  - IofCompleteRequest
-  - ObReferenceObjectByHandle
-  - KeWaitForSingleObject
-  - PsRemoveLoadImageNotifyRoutine
-  - IoGetRequestorProcessId
-  - MmProbeAndLockPages
-  - PsGetVersion
-  - KeRevertToUserAffinityThread
-  - PsThreadType
-  - IoGetDeviceInterfaces
-  - ZwOpenProcess
-  - SeExports
-  - MmUnlockPages
-  - strrchr
-  - ZwQueryInformationProcess
-  - IoCreateSymbolicLink
-  - PsGetCurrentThreadId
-  - PsGetCurrentProcessId
-  - KeSetSystemAffinityThread
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - ZwCreateSection
-  - ObReferenceObjectByName
-  - IoQueueWorkItem
-  - IoDeviceObjectType
-  - ZwOpenFile
-  - wcsncmp
-  - ZwQueryInformationToken
-  - ZwQueryInformationFile
-  - ZwQueryInformationThread
-  - ObOpenObjectByPointer
-  - KeStackAttachProcess
-  - PsLookupThreadByThreadId
-  - ZwEnumerateKey
-  - IoAllocateMdl
-  - IofCallDriver
-  - ZwOpenKey
-  - KeAcquireSpinLockRaiseToDpc
-  - IoAttachDeviceToDeviceStackSafe
-  - IoDetachDevice
-  - IoCreateDevice
-  - PsProcessType
-  - KeDetachProcess
-  - KeAttachProcess
-  - ZwDeleteFile
-  - IoBuildSynchronousFsdRequest
-  - NtClose
-  - RtlCompareUnicodeString
-  - ObfReferenceObject
-  - ZwWriteFile
-  - ZwOpenThread
-  - ZwTerminateProcess
-  - RtlEqualUnicodeString
-  - ZwOpenDirectoryObject
-  - KeBugCheck
-  - ZwQueryDirectoryObject
-  - IoFreeIrp
-  - IoAllocateIrp
-  - KdDebuggerNotPresent
-  - KeSetTargetProcessorDpc
-  - IoBuildDeviceIoControlRequest
-  - KeInitializeDpc
-  - KeInsertQueueDpc
-  - KeNumberProcessors
-  - KeBugCheckEx
-  - ZwSetSecurityObject
-  - RtlLengthSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - RtlCreateSecurityDescriptor
-  - RtlSetDaclSecurityDescriptor
-  - RtlAbsoluteToSelfRelativeSD
-  - IoIsWdmVersionAvailable
-  - RtlLengthSid
-  - RtlAddAccessAllowedAce
-  - RtlGetSaclSecurityDescriptor
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - ZwCreateKey
-  - ZwQueryValueKey
-  - ZwSetValueKey
-  - RtlFreeUnicodeString
-  - RtlQueryRegistryValues
-  - RtlPrefixUnicodeString
-  - ExUnregisterCallback
-  - ExRegisterCallback
-  - ExCreateCallback
-  - __C_specific_handler
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=CZ, L=Praha 4, O=AVAST Software s.r.o., CN=AVAST Software s.r.o.
-      ValidFrom: '2016-09-06 00:00:00'
-      ValidTo: '2019-10-04 12:00:00'
-      Signature: 56220de8a9a65fffbff97ff463c4026ec9be68fe98bfa0b20a722df84322a44dbc98f25b87ee42da3a06a6cedef076de22e0d7e02d41201156875341cd24badedb8aa5afa133e9ed688fc45aeb37a74fbe399828143561fd717fa7bed97cb5d42643494462fef349f3300daff13660a9e50f85d1110de96d1300e0e730d2b6689fd53eb7a72f4f3112dffa2c1caf17cb64c22509d82b5ce1c2181c2faac22fce3981e683183d6da50d1c17dec375c370f5feb5abfbc6dca4cdd47a5b14375870de6dc346361d8997e79f19819f5168f9b01c9aacc210f2322248adc375a2782b64881c6a557677815c39b024555cc0adca920a617e0ecb385eb47213b1553c80
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 07c70f7cab145bc1ed385fbe69fa3130
-      Version: 3
-      TBS:
-        MD5: 2e1a5012cbe8b95785c794bc1c5584c3
-        SHA1: f4753b06b08938794c32c2475cee663143036d08
-        SHA256: fcad609a3259e3ca079248302a7e694f40e66a7090e510c8c3e821d7a8da82a5
-        SHA384: 08a8396996a9ecb96b22a85d6adf3f8b1117f3a880b1d4af12e4de8e8005897a7073d6d5368cb92f701f466ec227e2a6
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
-      Version: 3
-      TBS:
-        MD5: 829995f702421dea833a24fb2c7f4442
-        SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
-        SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
-        SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 07c70f7cab145bc1ed385fbe69fa3130
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 73f94453db44e5265861f0ce8df39fc1
-    SHA1: 6d710be934482758c43d9d19941be5ed522e371f
-    SHA256: 39835922f0b2a2c24ed5fb74c468f28fc5b2c036c7a219352dc78f7f29ea13c3
-  Sections:
-    .text:
-      Entropy: 6.332677044584613
-      Virtual Size: '0x202fc'
-    .rdata:
-      Entropy: 5.814931943419495
-      Virtual Size: '0x305c'
-    .data:
-      Entropy: 1.7096861456745627
-      Virtual Size: '0x25814'
-    .pdata:
-      Entropy: 5.335827533513024
-      Virtual Size: '0x1080'
-    PAGE:
-      Entropy: 6.2414734898635
-      Virtual Size: '0x19f7'
-    INIT:
-      Entropy: 5.291903484197976
-      Virtual Size: '0x12d0'
-    .rsrc:
-      Entropy: 3.3384112555240217
-      Virtual Size: '0x370'
-    .reloc:
-      Entropy: 1.9822497903370622
-      Virtual Size: '0x438'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2018-02-26 05:01:25'
-  Imphash: 1e8ee6407390a2d52051bec21c771fdb
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: aswArPot.sys
-  MD5: 991230087394738976dbd44f92516cae
-  SHA1: e2f40590b404a24e775f781525d8ed01f1b1156d
-  SHA256: ad8ffccfde782bc287241152cf24245a8bf21c2530d81c57e17631b3c4adb833
-  Authentihash:
-    MD5: 6a9312463a34c79194223951fc89b195
-    SHA1: 6439725334c47247763a76d4ba8ebab4c1caedfa
-    SHA256: f8e307f2af1c1ae3d5ef6581e651823e3b6bfb9d7b565353cbd50e455c1dc9c8
-  Description: Avast Anti Rootkit
-  Company: AVAST Software
-  InternalName: aswArPot
-  OriginalFilename: aswArPot.sys
-  FileVersion: 20.6.107.0
-  Product: 'Avast Antivirus '
-  ProductVersion: 20.6.107.0
-  Copyright: Copyright (c) 2020 AVAST Software
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - __C_specific_handler
-  - KeDelayExecutionThread
-  - IoAllocateWorkItem
-  - MmIsAddressValid
-  - MmUnlockPages
-  - ExAllocatePool
-  - RtlAnsiStringToUnicodeString
-  - KeAcquireSpinLockRaiseToDpc
-  - ZwQuerySystemInformation
-  - PsRemoveLoadImageNotifyRoutine
-  - ZwUnmapViewOfSection
-  - ZwQuerySymbolicLinkObject
-  - MmProbeAndLockPages
-  - RtlVolumeDeviceToDosName
-  - PsSetLoadImageNotifyRoutine
-  - IoGetRequestorProcessId
-  - ZwReadFile
-  - ObQueryNameString
-  - ZwOpenThreadTokenEx
-  - ZwOpenProcessTokenEx
-  - towlower
-  - NtBuildNumber
-  - ExReleaseFastMutex
-  - _wcsicmp
-  - _snwprintf
-  - RtlConvertSidToUnicodeString
-  - ObfDereferenceObject
-  - IoAllocateMdl
-  - ZwCreateSection
-  - ZwQueryInformationProcess
-  - PsGetProcessId
-  - PsCreateSystemThread
-  - ZwQueryInformationThread
-  - RtlInitUnicodeString
-  - ZwOpenSymbolicLinkObject
-  - tolower
-  - PsRemoveCreateThreadNotifyRoutine
-  - IoDeleteDevice
-  - IoBuildDeviceIoControlRequest
-  - wcsncpy
-  - IoGetDeviceObjectPointer
-  - IoGetCurrentProcess
-  - ObOpenObjectByPointer
-  - strncpy
-  - KeReleaseSpinLock
-  - _strnicmp
-  - IoFileObjectType
-  - KeStackAttachProcess
-  - PsLookupProcessByProcessId
-  - PsGetCurrentProcessId
-  - KeSetEvent
-  - PsThreadType
-  - RtlUnicodeStringToAnsiString
-  - ZwQueryInformationToken
-  - ZwMapViewOfSection
-  - strncmp
-  - ObReferenceObjectByHandle
-  - RtlGetVersion
-  - PsGetThreadId
-  - PsGetVersion
-  - KeClearEvent
-  - IoGetBaseFileSystemDeviceObject
-  - wcschr
-  - ZwSetInformationFile
-  - ZwEnumerateKey
-  - IoFreeMdl
-  - wcsstr
-  - ExAcquireFastMutex
-  - MmGetSystemRoutineAddress
-  - IoFreeWorkItem
-  - _stricmp
-  - ExAllocatePoolWithTag
-  - RtlInitString
-  - IofCallDriver
-  - IoDeviceObjectType
-  - _snprintf
-  - ExFreePoolWithTag
-  - ZwOpenFile
-  - KeSetSystemAffinityThread
-  - strstr
-  - KeInitializeEvent
-  - ObReferenceObjectByName
-  - strchr
-  - _wcsnicmp
-  - KeQueryActiveProcessors
-  - RtlEqualSid
-  - IoQueueWorkItem
-  - MmUnmapLockedPages
-  - MmMapLockedPagesSpecifyCache
-  - PsSetCreateThreadNotifyRoutine
-  - PsGetCurrentThreadId
-  - IofCompleteRequest
-  - PsGetProcessWin32Process
-  - ExEventObjectType
-  - ZwQueryInformationFile
-  - KeWaitForSingleObject
-  - IoCreateSymbolicLink
-  - PsSetCreateProcessNotifyRoutine
-  - IoDriverObjectType
-  - PsLookupThreadByThreadId
-  - IoGetDeviceInterfaces
-  - ZwClose
-  - PsTerminateSystemThread
-  - wcsrchr
-  - strrchr
-  - SeExports
-  - KeUnstackDetachProcess
-  - KeResetEvent
-  - KeRevertToUserAffinityThread
-  - ZwOpenProcess
-  - wcsncmp
-  - ZwOpenKey
-  - PsGetThreadProcess
-  - IoDetachDevice
-  - IoAttachDeviceToDeviceStackSafe
-  - IoThreadToProcess
-  - PsInitialSystemProcess
-  - IoCreateDevice
-  - KeInsertQueueDpc
-  - KeNumberProcessors
-  - KeInitializeDpc
-  - KeSetTargetProcessorDpc
-  - PsProcessType
-  - MmMapIoSpace
-  - MmUnmapIoSpace
-  - ZwDeleteFile
-  - KeAttachProcess
-  - KeDetachProcess
-  - RtlCompareUnicodeString
-  - ZwWriteFile
-  - NtClose
-  - ObfReferenceObject
-  - IoBuildSynchronousFsdRequest
-  - ZwOpenThread
-  - ZwTerminateProcess
-  - RtlEqualUnicodeString
-  - IoFreeIrp
-  - ZwQueryDirectoryObject
-  - KeBugCheck
-  - ZwOpenDirectoryObject
-  - IoAllocateIrp
-  - KdDebuggerNotPresent
-  - ZwSetSecurityObject
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - RtlGetSaclSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - RtlLengthSecurityDescriptor
-  - RtlCreateSecurityDescriptor
-  - RtlAbsoluteToSelfRelativeSD
-  - RtlAddAccessAllowedAce
-  - RtlLengthSid
-  - IoIsWdmVersionAvailable
-  - RtlSetDaclSecurityDescriptor
-  - ZwSetValueKey
-  - ZwQueryValueKey
-  - ZwCreateKey
-  - RtlFreeUnicodeString
-  - KeBugCheckEx
-  - RtlQueryRegistryValues
-  - RtlPrefixUnicodeString
-  - ExRegisterCallback
-  - ExCreateCallback
-  - ExUnregisterCallback
-  - strcmp
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=CZ, L=Praha, O=Avast Software s.r.o., OU=RE 999, CN=Avast Software
-        s.r.o.
-      ValidFrom: '2019-12-02 00:00:00'
-      ValidTo: '2022-10-19 12:00:00'
-      Signature: 874d04f17ffc50e66100207e56ecc8ae7e81c1957a7600295ead9db28842c7c05e06e8e28ccfc1e9d45d7a55d6d4a2fb74d72600a79ef5bfa53acaa4f3a4fcaf90a2554fc37742dd44c83a90880f948f5538637c0d999b03ebbf20cc001293a5639d44ad950cacfce2a337f7a24b817a5b85df89f6acf49974adee1d867373e6534a3f3558e59f87d06afe5744ec575b66c76110a595471007b209c591984f0ff20ea4c87ac405c85f42f0b105b04ec2ced11ca9cfb6aef21a3c6ae9ccd2a9cb4a9f78244751b15bfccb32ec3a52d44258bad6fc6d9f24c24700e9e1c4c0c29b9db4683c526a92934d72367620c6a89119e7a678597d7603c62b1c22f54edfad
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03f02aca051d1c9330eeabd3706e836f
-      Version: 3
-      TBS:
-        MD5: f251d9cde0901fb67831855b4a592b51
-        SHA1: cd0ac068faea4b875ded287512f20b6ba8dcb457
-        SHA256: 247e040822854e1a4cbc3488782a9e96db6bffa9bdfe36406a46e3f88695d423
-        SHA384: c6a765c300f3ee36604e9c51a9fcd18071b0cd0bd15b3ad69350f04a0b1b5ef7b71556af698a1e8988bf91cd8b2a6104
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
-      Version: 3
-      TBS:
-        MD5: 829995f702421dea833a24fb2c7f4442
-        SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
-        SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
-        SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 03f02aca051d1c9330eeabd3706e836f
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      Version: 1
-  RichPEHeaderHash:
-    MD5: e8033ae063a3483aec0d2fa55081ff62
-    SHA1: fef047c18b115c601ddfd833e1cb5784ca1afbd7
-    SHA256: fe30a08a31a5f4687353c7b08444b72fb6402a51b0586f0ade667983f833c4a5
-  Sections:
-    .text:
-      Entropy: 6.379234008066875
-      Virtual Size: '0x21da2'
-    .rdata:
-      Entropy: 5.720028704696872
-      Virtual Size: '0x3b1c'
-    .data:
-      Entropy: 2.6876888382903856
-      Virtual Size: '0x259b0'
-    .pdata:
-      Entropy: 5.428586674221124
-      Virtual Size: '0x11dc'
-    PAGE:
-      Entropy: 6.274427019122509
-      Virtual Size: '0x1c4b'
-    INIT:
-      Entropy: 5.364309660201566
-      Virtual Size: '0x13dc'
-    .rsrc:
-      Entropy: 3.2771435361763768
-      Virtual Size: '0x398'
-    .reloc:
-      Entropy: 5.3833020583275815
-      Virtual Size: '0x188'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2020-07-23 06:10:00'
-  Imphash: 26150d69f50aa9247c3f3f17521d18a2
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: aswArPot.sys
-  MD5: 259381daae0357fbfefe1d92188c496a
-  SHA1: 3f347117d21cd8229dd99fa03d6c92601067c604
-  SHA256: be8dd2d39a527649e34dc77ef8bc07193a4234b38597b8f51e519dadc5479ec2
-  Authentihash:
-    MD5: 63451cd1b804978b26b8b04869749d76
-    SHA1: 2c96a59141c58c42a871671fd2c3dfac9bb43a37
-    SHA256: 72f100edc998bb2fc40a3a7e7d76c6c37f7173b812f5cd7ae62c824b3fc63d57
-  Description: Avast anti rootkit
-  Company: AVAST Software
-  InternalName: aswArPot.sys
-  OriginalFilename: aswArPot.sys
-  FileVersion: 18.4.3891.0
-  Product: 'Avast Antivirus '
-  ProductVersion: 18.4.3891.0
-  Copyright: Copyright (c) 2018 AVAST Software
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - wcschr
-  - MmUnmapLockedPages
-  - _stricmp
-  - _wcsicmp
-  - towlower
-  - _strnicmp
-  - ExAllocatePoolWithTag
-  - PsGetProcessWin32Process
-  - KeClearEvent
-  - RtlVolumeDeviceToDosName
-  - KeQueryActiveProcessors
-  - RtlConvertSidToUnicodeString
-  - ExFreePoolWithTag
-  - KeResetEvent
-  - ExReleaseFastMutex
-  - IoGetBaseFileSystemDeviceObject
-  - strncmp
-  - ZwOpenThreadTokenEx
-  - RtlAnsiStringToUnicodeString
-  - ExAcquireFastMutex
-  - PsSetLoadImageNotifyRoutine
-  - _snwprintf
-  - NtBuildNumber
-  - PsRemoveCreateThreadNotifyRoutine
-  - PsLookupProcessByProcessId
-  - ZwQuerySymbolicLinkObject
-  - _wcsnicmp
-  - ZwReadFile
-  - strstr
-  - ZwMapViewOfSection
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeSetEvent
-  - wcsncpy
-  - RtlEqualSid
-  - strchr
-  - IoFreeWorkItem
-  - MmGetSystemRoutineAddress
-  - KeInitializeEvent
-  - PsSetCreateThreadNotifyRoutine
-  - RtlUnicodeStringToAnsiString
-  - _snprintf
-  - RtlGetVersion
-  - ZwQuerySystemInformation
-  - RtlInitString
-  - KeReleaseSpinLock
-  - PsSetCreateProcessNotifyRoutine
-  - ZwOpenSymbolicLinkObject
-  - IoFreeMdl
-  - KeUnstackDetachProcess
-  - ZwOpenProcessTokenEx
-  - ZwSetInformationFile
-  - KeDelayExecutionThread
-  - ObQueryNameString
-  - strncpy
-  - IoFileObjectType
-  - IoDriverObjectType
-  - wcsrchr
-  - wcsstr
-  - PsCreateSystemThread
-  - MmMapLockedPagesSpecifyCache
-  - IoGetDeviceObjectPointer
-  - ZwUnmapViewOfSection
-  - ExAllocatePool
-  - PsTerminateSystemThread
-  - IoGetCurrentProcess
-  - ExEventObjectType
-  - IoAllocateWorkItem
-  - ZwClose
-  - IofCompleteRequest
-  - ObReferenceObjectByHandle
-  - KeWaitForSingleObject
-  - PsRemoveLoadImageNotifyRoutine
-  - IoGetRequestorProcessId
-  - MmProbeAndLockPages
-  - PsGetVersion
-  - KeRevertToUserAffinityThread
-  - PsThreadType
-  - IoGetDeviceInterfaces
-  - ZwOpenProcess
-  - SeExports
-  - MmUnlockPages
-  - strrchr
-  - ZwQueryInformationProcess
-  - IoCreateSymbolicLink
-  - PsGetCurrentThreadId
-  - PsGetCurrentProcessId
-  - KeSetSystemAffinityThread
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - ZwCreateSection
-  - ObReferenceObjectByName
-  - IoQueueWorkItem
-  - IoDeviceObjectType
-  - ZwOpenFile
-  - wcsncmp
-  - ZwQueryInformationToken
-  - ZwQueryInformationFile
-  - ZwQueryInformationThread
-  - ObOpenObjectByPointer
-  - KeStackAttachProcess
-  - PsLookupThreadByThreadId
-  - ZwEnumerateKey
-  - IoAllocateMdl
-  - IofCallDriver
-  - ZwOpenKey
-  - KeAcquireSpinLockRaiseToDpc
-  - IoAttachDeviceToDeviceStackSafe
-  - IoDetachDevice
-  - IoCreateDevice
-  - PsProcessType
-  - KeDetachProcess
-  - KeAttachProcess
-  - ZwDeleteFile
-  - IoBuildSynchronousFsdRequest
-  - NtClose
-  - RtlCompareUnicodeString
-  - ObfReferenceObject
-  - ZwWriteFile
-  - ZwOpenThread
-  - ZwTerminateProcess
-  - RtlEqualUnicodeString
-  - ZwOpenDirectoryObject
-  - KeBugCheck
-  - ZwQueryDirectoryObject
-  - IoFreeIrp
-  - IoAllocateIrp
-  - KdDebuggerNotPresent
-  - KeSetTargetProcessorDpc
-  - IoBuildDeviceIoControlRequest
-  - KeInitializeDpc
-  - KeInsertQueueDpc
-  - KeNumberProcessors
-  - KeBugCheckEx
-  - ZwSetSecurityObject
-  - RtlLengthSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - RtlCreateSecurityDescriptor
-  - RtlSetDaclSecurityDescriptor
-  - RtlAbsoluteToSelfRelativeSD
-  - IoIsWdmVersionAvailable
-  - RtlLengthSid
-  - RtlAddAccessAllowedAce
-  - RtlGetSaclSecurityDescriptor
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - ZwCreateKey
-  - ZwQueryValueKey
-  - ZwSetValueKey
-  - RtlFreeUnicodeString
-  - RtlQueryRegistryValues
-  - RtlPrefixUnicodeString
-  - ExUnregisterCallback
-  - ExRegisterCallback
-  - ExCreateCallback
-  - __C_specific_handler
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=CZ, L=Praha 4, O=AVAST Software s.r.o., CN=AVAST Software s.r.o.
-      ValidFrom: '2016-09-06 00:00:00'
-      ValidTo: '2019-10-04 12:00:00'
-      Signature: 56220de8a9a65fffbff97ff463c4026ec9be68fe98bfa0b20a722df84322a44dbc98f25b87ee42da3a06a6cedef076de22e0d7e02d41201156875341cd24badedb8aa5afa133e9ed688fc45aeb37a74fbe399828143561fd717fa7bed97cb5d42643494462fef349f3300daff13660a9e50f85d1110de96d1300e0e730d2b6689fd53eb7a72f4f3112dffa2c1caf17cb64c22509d82b5ce1c2181c2faac22fce3981e683183d6da50d1c17dec375c370f5feb5abfbc6dca4cdd47a5b14375870de6dc346361d8997e79f19819f5168f9b01c9aacc210f2322248adc375a2782b64881c6a557677815c39b024555cc0adca920a617e0ecb385eb47213b1553c80
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 07c70f7cab145bc1ed385fbe69fa3130
-      Version: 3
-      TBS:
-        MD5: 2e1a5012cbe8b95785c794bc1c5584c3
-        SHA1: f4753b06b08938794c32c2475cee663143036d08
-        SHA256: fcad609a3259e3ca079248302a7e694f40e66a7090e510c8c3e821d7a8da82a5
-        SHA384: 08a8396996a9ecb96b22a85d6adf3f8b1117f3a880b1d4af12e4de8e8005897a7073d6d5368cb92f701f466ec227e2a6
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
-      Version: 3
-      TBS:
-        MD5: 829995f702421dea833a24fb2c7f4442
-        SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
-        SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
-        SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 07c70f7cab145bc1ed385fbe69fa3130
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 73f94453db44e5265861f0ce8df39fc1
-    SHA1: 6d710be934482758c43d9d19941be5ed522e371f
-    SHA256: 39835922f0b2a2c24ed5fb74c468f28fc5b2c036c7a219352dc78f7f29ea13c3
-  Sections:
-    .text:
-      Entropy: 6.333165816090795
-      Virtual Size: '0x203dc'
-    .rdata:
-      Entropy: 5.826378527520496
-      Virtual Size: '0x3044'
-    .data:
-      Entropy: 1.722989677434697
-      Virtual Size: '0x25834'
-    .pdata:
-      Entropy: 5.359550614921239
-      Virtual Size: '0x1074'
-    PAGE:
-      Entropy: 6.241853317493543
-      Virtual Size: '0x19f7'
-    INIT:
-      Entropy: 5.292236169997528
-      Virtual Size: '0x12d0'
-    .rsrc:
-      Entropy: 3.330151937246589
-      Virtual Size: '0x370'
-    .reloc:
-      Entropy: 1.9822497903370622
-      Virtual Size: '0x438'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2018-04-27 12:33:22'
-  Imphash: 1e8ee6407390a2d52051bec21c771fdb
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: aswArPot.sys
-  MD5: 16472fca75ab4b5647c99de608949cde
-  SHA1: 24daa825adedcbbb1d098cbe9d68c40389901b64
-  SHA256: d5c4ff35eaa74ccdb80c7197d3d113c9cd38561070f2aa69c0affe8ed84a77c9
-  Authentihash:
-    MD5: f778cb0515b1db1cb133286ed8e3f284
-    SHA1: 7ab72d197214b2792893a14b80ed6e5a546d0b9b
-    SHA256: 5eb493fc07a9573176f87297a002183d8e60104619a7b83940ce6e83ac54cd7b
-  Description: Avast anti rootkit
-  Company: AVAST Software
-  InternalName: aswArPot.sys
-  OriginalFilename: aswArPot.sys
-  FileVersion: 18.6.3979.0
-  Product: 'Avast Antivirus '
-  ProductVersion: 18.6.3979.0
-  Copyright: Copyright (c) 2018 AVAST Software
-  MachineType: I386
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - wcsrchr
-  - towlower
-  - MmGetSystemRoutineAddress
-  - RtlInitUnicodeString
-  - RtlUnicodeStringToAnsiString
-  - MmIsAddressValid
-  - RtlAnsiStringToUnicodeString
-  - strncmp
-  - MmUnlockPages
-  - MmUnmapLockedPages
-  - IoFreeMdl
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - memcpy
-  - ObfDereferenceObject
-  - ObReferenceObjectByName
-  - IoDriverObjectType
-  - _snwprintf
-  - ZwClose
-  - IoGetBaseFileSystemDeviceObject
-  - ObReferenceObjectByHandle
-  - ZwOpenFile
-  - ExFreePoolWithTag
-  - ZwReadFile
-  - ExAllocatePoolWithTag
-  - ZwSetInformationFile
-  - ZwQueryInformationFile
-  - PsLookupProcessByProcessId
-  - KeSetEvent
-  - KeResetEvent
-  - ZwMapViewOfSection
-  - ZwCreateSection
-  - ZwUnmapViewOfSection
-  - KeRevertToUserAffinityThread
-  - KeSetSystemAffinityThread
-  - KeQueryActiveProcessors
-  - _snprintf
-  - memset
-  - ZwQuerySystemInformation
-  - ZwQueryInformationProcess
-  - ZwQueryInformationThread
-  - ObOpenObjectByPointer
-  - PsThreadType
-  - PsLookupThreadByThreadId
-  - KeUnstackDetachProcess
-  - ZwOpenProcess
-  - KeStackAttachProcess
-  - KeWaitForSingleObject
-  - KeClearEvent
-  - KeQuerySystemTime
-  - ZwEnumerateKey
-  - ZwOpenKey
-  - IoFreeWorkItem
-  - IoQueueWorkItem
-  - IoAllocateWorkItem
-  - strchr
-  - strstr
-  - PsGetCurrentProcessId
-  - _alldiv
-  - ZwQuerySymbolicLinkObject
-  - ZwOpenSymbolicLinkObject
-  - RtlVolumeDeviceToDosName
-  - IoGetDeviceObjectPointer
-  - wcsncpy
-  - wcsncmp
-  - IoGetDeviceInterfaces
-  - wcschr
-  - strncpy
-  - IoGetCurrentProcess
-  - RtlInitString
-  - ZwOpenThreadTokenEx
-  - ZwOpenProcessTokenEx
-  - RtlConvertSidToUnicodeString
-  - RtlEqualSid
-  - SeExports
-  - ZwQueryInformationToken
-  - PsGetCurrentThreadId
-  - ExEventObjectType
-  - NtBuildNumber
-  - IoFileObjectType
-  - IoDeviceObjectType
-  - PsSetLoadImageNotifyRoutine
-  - PsSetCreateProcessNotifyRoutine
-  - PsGetProcessWin32Process
-  - strrchr
-  - ExAllocatePool
-  - PsTerminateSystemThread
-  - PsCreateSystemThread
-  - ObQueryNameString
-  - _allmul
-  - PsSetCreateThreadNotifyRoutine
-  - PsRemoveCreateThreadNotifyRoutine
-  - PsRemoveLoadImageNotifyRoutine
-  - IofCompleteRequest
-  - IoGetRequestorProcessId
-  - IofCallDriver
-  - IoDeleteDevice
-  - IoCreateSymbolicLink
-  - PsGetVersion
-  - IoDetachDevice
-  - IoAttachDeviceToDeviceStackSafe
-  - IoCreateDevice
-  - PsInitialSystemProcess
-  - IoThreadToProcess
-  - KeAttachProcess
-  - MmMapLockedPages
-  - ZwDeleteFile
-  - PsProcessType
-  - KeDetachProcess
-  - ZwWriteFile
-  - NtClose
-  - ObfReferenceObject
-  - KeBugCheckEx
-  - RtlCompareUnicodeString
-  - IoBuildSynchronousFsdRequest
-  - ZwTerminateProcess
-  - ZwOpenThread
-  - IoFreeIrp
-  - RtlEqualUnicodeString
-  - IoAllocateIrp
-  - ZwQueryDirectoryObject
-  - ZwOpenDirectoryObject
-  - KeBugCheck
-  - KeInsertQueueDpc
-  - KeSetTargetProcessorDpc
-  - KeInitializeDpc
-  - KeNumberProcessors
-  - IoBuildDeviceIoControlRequest
-  - KeTickCount
-  - RtlUnwind
-  - _stricmp
-  - _strnicmp
-  - _wcsicmp
-  - _wcsnicmp
-  - KeDelayExecutionThread
-  - MmMapLockedPagesSpecifyCache
-  - KeGetCurrentThread
-  - wcsstr
-  - KeInitializeEvent
-  - ZwSetSecurityObject
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetSaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - RtlLengthSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - IoIsWdmVersionAvailable
-  - RtlAddAccessAllowedAce
-  - RtlLengthSid
-  - RtlAbsoluteToSelfRelativeSD
-  - RtlSetDaclSecurityDescriptor
-  - RtlCreateSecurityDescriptor
-  - ZwCreateKey
-  - ZwQueryValueKey
-  - ZwSetValueKey
-  - RtlFreeUnicodeString
-  - ExUnregisterCallback
-  - ExCreateCallback
-  - ExRegisterCallback
-  - RtlQueryRegistryValues
-  - RtlPrefixUnicodeString
-  - KfAcquireSpinLock
-  - KfReleaseSpinLock
-  - KeGetCurrentIrql
-  - ExAcquireFastMutex
-  - ExReleaseFastMutex
-  - KeRaiseIrqlToDpcLevel
-  - KfLowerIrql
-  - KfRaiseIrql
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=CZ, L=Praha 4, O=AVAST Software s.r.o., CN=AVAST Software s.r.o.
-      ValidFrom: '2016-09-06 00:00:00'
-      ValidTo: '2019-10-04 12:00:00'
-      Signature: 56220de8a9a65fffbff97ff463c4026ec9be68fe98bfa0b20a722df84322a44dbc98f25b87ee42da3a06a6cedef076de22e0d7e02d41201156875341cd24badedb8aa5afa133e9ed688fc45aeb37a74fbe399828143561fd717fa7bed97cb5d42643494462fef349f3300daff13660a9e50f85d1110de96d1300e0e730d2b6689fd53eb7a72f4f3112dffa2c1caf17cb64c22509d82b5ce1c2181c2faac22fce3981e683183d6da50d1c17dec375c370f5feb5abfbc6dca4cdd47a5b14375870de6dc346361d8997e79f19819f5168f9b01c9aacc210f2322248adc375a2782b64881c6a557677815c39b024555cc0adca920a617e0ecb385eb47213b1553c80
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 07c70f7cab145bc1ed385fbe69fa3130
-      Version: 3
-      TBS:
-        MD5: 2e1a5012cbe8b95785c794bc1c5584c3
-        SHA1: f4753b06b08938794c32c2475cee663143036d08
-        SHA256: fcad609a3259e3ca079248302a7e694f40e66a7090e510c8c3e821d7a8da82a5
-        SHA384: 08a8396996a9ecb96b22a85d6adf3f8b1117f3a880b1d4af12e4de8e8005897a7073d6d5368cb92f701f466ec227e2a6
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
-      Version: 3
-      TBS:
-        MD5: 829995f702421dea833a24fb2c7f4442
-        SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
-        SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
-        SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 07c70f7cab145bc1ed385fbe69fa3130
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 8f27968d54353190563abf5d170857a7
-    SHA1: 4f025cb639a0c6de2121a3f920731370c9d2ac4f
-    SHA256: 99759a45bb45fa627b27179f12e3d9906bd82fbc603268d549b820f10ca3ee71
-  Sections:
-    .text:
-      Entropy: 6.539675266217022
-      Virtual Size: '0x19262'
-    .rwtext:
-      Entropy: 1.7300584522683535
-      Virtual Size: '0x51'
-    .rdata:
-      Entropy: 5.465644262546619
-      Virtual Size: '0x2fdc'
-    .data:
-      Entropy: 2.527335824359937
-      Virtual Size: '0x14b24'
-    PAGE:
-      Entropy: 6.258698209738133
-      Virtual Size: '0x13dd'
-    INIT:
-      Entropy: 5.560113366449929
-      Virtual Size: '0x1130'
-    .rsrc:
-      Entropy: 3.352802305963715
-      Virtual Size: '0x370'
-    .reloc:
-      Entropy: 6.347666594226636
-      Virtual Size: '0x2354'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2018-08-17 02:44:48'
-  Imphash: 62473b41d695f075ad96abc4a408de5b
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: aswArPot.sys
-  MD5: 0e207ef80361b3d047a2358d0e2206b4
-  SHA1: 9393698058ce1187eb87e8c148cfe4804761142d
-  SHA256: dcb815eb8e9016608d0d917101b6af8c84b96fb709dc0344bceed02cbc4ed258
-  Authentihash:
-    MD5: 57dfa53fc7b8280adbe9a32a00241e17
-    SHA1: 20812c39a2bb52c80eec322d8fecbef4d8138a73
-    SHA256: 00716eab8a3277128fb5ea8b1ac863e4b81b40674f7c6eb0f201e96341fd87c9
-  Description: Avast anti rootkit
-  Company: AVAST Software
-  InternalName: aswArPot.sys
-  OriginalFilename: aswArPot.sys
-  FileVersion: 19.7.4246.0
-  Product: 'Avast Antivirus '
-  ProductVersion: 19.7.4246.0
-  Copyright: Copyright (c) 2019 AVAST Software
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - wcschr
-  - MmUnmapLockedPages
-  - _stricmp
-  - _wcsicmp
-  - towlower
-  - _strnicmp
-  - ExAllocatePoolWithTag
-  - PsGetProcessWin32Process
-  - KeClearEvent
-  - RtlVolumeDeviceToDosName
-  - KeQueryActiveProcessors
-  - RtlConvertSidToUnicodeString
-  - IoBuildDeviceIoControlRequest
-  - ExFreePoolWithTag
-  - KeResetEvent
-  - ExReleaseFastMutex
-  - IoGetBaseFileSystemDeviceObject
-  - strncmp
-  - ZwOpenThreadTokenEx
-  - RtlAnsiStringToUnicodeString
-  - ExAcquireFastMutex
-  - PsSetLoadImageNotifyRoutine
-  - _snwprintf
-  - NtBuildNumber
-  - PsRemoveCreateThreadNotifyRoutine
-  - PsLookupProcessByProcessId
-  - ZwQuerySymbolicLinkObject
-  - _wcsnicmp
-  - ZwReadFile
-  - strstr
-  - ZwMapViewOfSection
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeSetEvent
-  - wcsncpy
-  - RtlEqualSid
-  - strchr
-  - IoFreeWorkItem
-  - MmGetSystemRoutineAddress
-  - KeInitializeEvent
-  - PsSetCreateThreadNotifyRoutine
-  - RtlUnicodeStringToAnsiString
-  - _snprintf
-  - RtlGetVersion
-  - ZwQuerySystemInformation
-  - RtlInitString
-  - KeReleaseSpinLock
-  - PsGetThreadId
-  - PsSetCreateProcessNotifyRoutine
-  - ZwOpenSymbolicLinkObject
-  - IoFreeMdl
-  - KeUnstackDetachProcess
-  - ZwOpenProcessTokenEx
-  - ZwSetInformationFile
-  - tolower
-  - KeDelayExecutionThread
-  - ObQueryNameString
-  - strncpy
-  - IoFileObjectType
-  - IoDriverObjectType
-  - wcsrchr
-  - wcsstr
-  - PsCreateSystemThread
-  - MmMapLockedPagesSpecifyCache
-  - IoGetDeviceObjectPointer
-  - ZwUnmapViewOfSection
-  - ExAllocatePool
-  - PsTerminateSystemThread
-  - IoGetCurrentProcess
-  - ExEventObjectType
-  - IoAllocateWorkItem
-  - ZwClose
-  - IofCompleteRequest
-  - PsGetThreadProcess
-  - ObReferenceObjectByHandle
-  - KeWaitForSingleObject
-  - PsRemoveLoadImageNotifyRoutine
-  - IoGetRequestorProcessId
-  - MmProbeAndLockPages
-  - PsGetVersion
-  - KeRevertToUserAffinityThread
-  - PsThreadType
-  - IoGetDeviceInterfaces
-  - ZwOpenProcess
-  - SeExports
-  - MmUnlockPages
-  - strrchr
-  - ZwQueryInformationProcess
-  - IoCreateSymbolicLink
-  - PsGetCurrentThreadId
-  - PsGetCurrentProcessId
-  - KeSetSystemAffinityThread
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - ZwCreateSection
-  - ObReferenceObjectByName
-  - IoQueueWorkItem
-  - IoDeviceObjectType
-  - ZwOpenFile
-  - wcsncmp
-  - ZwQueryInformationToken
-  - ZwQueryInformationFile
-  - ZwQueryInformationThread
-  - ObOpenObjectByPointer
-  - PsGetProcessId
-  - KeStackAttachProcess
-  - PsLookupThreadByThreadId
-  - ZwEnumerateKey
-  - IoAllocateMdl
-  - IofCallDriver
-  - ZwOpenKey
-  - KeAcquireSpinLockRaiseToDpc
-  - IoThreadToProcess
-  - IoAttachDeviceToDeviceStackSafe
-  - IoDetachDevice
-  - PsInitialSystemProcess
-  - IoCreateDevice
-  - PsProcessType
-  - MmUnmapIoSpace
-  - KeDetachProcess
-  - MmMapIoSpace
-  - KeAttachProcess
-  - ZwDeleteFile
-  - IoBuildSynchronousFsdRequest
-  - NtClose
-  - RtlCompareUnicodeString
-  - ObfReferenceObject
-  - ZwWriteFile
-  - ZwOpenThread
-  - ZwTerminateProcess
-  - RtlEqualUnicodeString
-  - ZwOpenDirectoryObject
-  - KeBugCheck
-  - ZwQueryDirectoryObject
-  - IoFreeIrp
-  - IoAllocateIrp
-  - KdDebuggerNotPresent
-  - KeSetTargetProcessorDpc
-  - KeInitializeDpc
-  - KeInsertQueueDpc
-  - KeNumberProcessors
-  - KeBugCheckEx
-  - ZwSetSecurityObject
-  - RtlLengthSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - RtlCreateSecurityDescriptor
-  - RtlSetDaclSecurityDescriptor
-  - RtlAbsoluteToSelfRelativeSD
-  - IoIsWdmVersionAvailable
-  - RtlLengthSid
-  - RtlAddAccessAllowedAce
-  - RtlGetSaclSecurityDescriptor
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - ZwCreateKey
-  - ZwQueryValueKey
-  - ZwSetValueKey
-  - RtlFreeUnicodeString
-  - RtlQueryRegistryValues
-  - RtlPrefixUnicodeString
-  - ExUnregisterCallback
-  - ExRegisterCallback
-  - ExCreateCallback
-  - __C_specific_handler
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=CZ, L=Praha 4, O=AVAST Software s.r.o., CN=AVAST Software s.r.o.
-      ValidFrom: '2016-09-06 00:00:00'
-      ValidTo: '2019-10-04 12:00:00'
-      Signature: 56220de8a9a65fffbff97ff463c4026ec9be68fe98bfa0b20a722df84322a44dbc98f25b87ee42da3a06a6cedef076de22e0d7e02d41201156875341cd24badedb8aa5afa133e9ed688fc45aeb37a74fbe399828143561fd717fa7bed97cb5d42643494462fef349f3300daff13660a9e50f85d1110de96d1300e0e730d2b6689fd53eb7a72f4f3112dffa2c1caf17cb64c22509d82b5ce1c2181c2faac22fce3981e683183d6da50d1c17dec375c370f5feb5abfbc6dca4cdd47a5b14375870de6dc346361d8997e79f19819f5168f9b01c9aacc210f2322248adc375a2782b64881c6a557677815c39b024555cc0adca920a617e0ecb385eb47213b1553c80
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 07c70f7cab145bc1ed385fbe69fa3130
-      Version: 3
-      TBS:
-        MD5: 2e1a5012cbe8b95785c794bc1c5584c3
-        SHA1: f4753b06b08938794c32c2475cee663143036d08
-        SHA256: fcad609a3259e3ca079248302a7e694f40e66a7090e510c8c3e821d7a8da82a5
-        SHA384: 08a8396996a9ecb96b22a85d6adf3f8b1117f3a880b1d4af12e4de8e8005897a7073d6d5368cb92f701f466ec227e2a6
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
-      Version: 3
-      TBS:
-        MD5: 829995f702421dea833a24fb2c7f4442
-        SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
-        SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
-        SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 07c70f7cab145bc1ed385fbe69fa3130
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 75b13c227d5208aed34b2687daf4ff12
-    SHA1: 74ea061adc0690a674274c70e479258dff68f6b5
-    SHA256: 89b1537c5094e9ccb980e1cbc109f742c686ac06078ce71c08767731dbafdc39
-  Sections:
-    .text:
-      Entropy: 6.342856822122601
-      Virtual Size: '0x2321c'
-    .rdata:
-      Entropy: 5.834239192986491
-      Virtual Size: '0x31e4'
-    .data:
-      Entropy: 2.3041982865973822
-      Virtual Size: '0x25ce0'
-    .pdata:
-      Entropy: 5.3256215910283435
-      Virtual Size: '0x117c'
-    PAGE:
-      Entropy: 6.229306478822744
-      Virtual Size: '0x19f7'
-    INIT:
-      Entropy: 5.290761222190212
-      Virtual Size: '0x13a2'
-    .rsrc:
-      Entropy: 3.3423917838515216
-      Virtual Size: '0x370'
-    .reloc:
-      Entropy: 2.891565286382792
-      Virtual Size: '0x522'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2019-08-11 14:15:51'
-  Imphash: 62dbb90b4be9282d52aff9ae1a101d6b
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: aswArPot.sys
-  MD5: a4531040276080441974d9e00d8d4cfa
-  SHA1: d8e8dcc8531b8d07f8dabc9e79c19aac6eeca793
-  SHA256: e2e79f1e696f27fa70d72f97e448081b1fa14d59cbb89bb4a40428534dd5c6f6
-  Authentihash:
-    MD5: 2288e600dfcf6eb8f176f9c5df5e7fcf
-    SHA1: 2cc6204ab44715a8d7c5189c524d8213a917e00a
-    SHA256: e27fa56ceff3fe7d5a723c5f4192ce6aa16994f88cf05935645f9e398292376a
-  Description: AVG anti rootkit
-  Company: AVG Technologies CZ, s.r.o.
-  InternalName: aswArPot.sys
-  OriginalFilename: aswArPot.sys
-  FileVersion: 19.4.4211.0
-  Product: 'AVG Internet Security System '
-  ProductVersion: 19.4.4211.0
-  Copyright: Copyright (C) 2019 AVG Technologies CZ, s.r.o.
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - wcschr
-  - MmUnmapLockedPages
-  - _stricmp
-  - _wcsicmp
-  - towlower
-  - _strnicmp
-  - ExAllocatePoolWithTag
-  - PsGetProcessWin32Process
-  - KeClearEvent
-  - RtlVolumeDeviceToDosName
-  - KeQueryActiveProcessors
-  - RtlConvertSidToUnicodeString
-  - IoBuildDeviceIoControlRequest
-  - ExFreePoolWithTag
-  - KeResetEvent
-  - ExReleaseFastMutex
-  - IoGetBaseFileSystemDeviceObject
-  - strncmp
-  - ZwOpenThreadTokenEx
-  - RtlAnsiStringToUnicodeString
-  - ExAcquireFastMutex
-  - PsSetLoadImageNotifyRoutine
-  - _snwprintf
-  - NtBuildNumber
-  - PsRemoveCreateThreadNotifyRoutine
-  - PsLookupProcessByProcessId
-  - ZwQuerySymbolicLinkObject
-  - _wcsnicmp
-  - ZwReadFile
-  - strstr
-  - ZwMapViewOfSection
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeSetEvent
-  - wcsncpy
-  - RtlEqualSid
-  - strchr
-  - IoFreeWorkItem
-  - MmGetSystemRoutineAddress
-  - KeInitializeEvent
-  - PsSetCreateThreadNotifyRoutine
-  - RtlUnicodeStringToAnsiString
-  - _snprintf
-  - RtlGetVersion
-  - ZwQuerySystemInformation
-  - RtlInitString
-  - KeReleaseSpinLock
-  - PsSetCreateProcessNotifyRoutine
-  - ZwOpenSymbolicLinkObject
-  - IoFreeMdl
-  - KeUnstackDetachProcess
-  - ZwOpenProcessTokenEx
-  - ZwSetInformationFile
-  - tolower
-  - KeDelayExecutionThread
-  - ObQueryNameString
-  - strncpy
-  - IoFileObjectType
-  - IoDriverObjectType
-  - wcsrchr
-  - wcsstr
-  - PsCreateSystemThread
-  - MmMapLockedPagesSpecifyCache
-  - IoGetDeviceObjectPointer
-  - ZwUnmapViewOfSection
-  - ExAllocatePool
-  - PsTerminateSystemThread
-  - IoGetCurrentProcess
-  - ExEventObjectType
-  - IoAllocateWorkItem
-  - ZwClose
-  - IofCompleteRequest
-  - ObReferenceObjectByHandle
-  - KeWaitForSingleObject
-  - PsRemoveLoadImageNotifyRoutine
-  - IoGetRequestorProcessId
-  - MmProbeAndLockPages
-  - PsGetVersion
-  - KeRevertToUserAffinityThread
-  - PsThreadType
-  - IoGetDeviceInterfaces
-  - ZwOpenProcess
-  - SeExports
-  - MmUnlockPages
-  - strrchr
-  - ZwQueryInformationProcess
-  - IoCreateSymbolicLink
-  - PsGetCurrentThreadId
-  - PsGetCurrentProcessId
-  - KeSetSystemAffinityThread
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - ZwCreateSection
-  - ObReferenceObjectByName
-  - IoQueueWorkItem
-  - IoDeviceObjectType
-  - ZwOpenFile
-  - wcsncmp
-  - ZwQueryInformationToken
-  - ZwQueryInformationFile
-  - ZwQueryInformationThread
-  - ObOpenObjectByPointer
-  - KeStackAttachProcess
-  - PsLookupThreadByThreadId
-  - ZwEnumerateKey
-  - IoAllocateMdl
-  - IofCallDriver
-  - ZwOpenKey
-  - KeAcquireSpinLockRaiseToDpc
-  - IoThreadToProcess
-  - IoAttachDeviceToDeviceStackSafe
-  - IoDetachDevice
-  - PsInitialSystemProcess
-  - IoCreateDevice
-  - PsProcessType
-  - MmUnmapIoSpace
-  - KeDetachProcess
-  - MmMapIoSpace
-  - KeAttachProcess
-  - ZwDeleteFile
-  - IoBuildSynchronousFsdRequest
-  - NtClose
-  - RtlCompareUnicodeString
-  - ObfReferenceObject
-  - ZwWriteFile
-  - ZwOpenThread
-  - ZwTerminateProcess
-  - RtlEqualUnicodeString
-  - ZwOpenDirectoryObject
-  - KeBugCheck
-  - ZwQueryDirectoryObject
-  - IoFreeIrp
-  - IoAllocateIrp
-  - KdDebuggerNotPresent
-  - KeSetTargetProcessorDpc
-  - KeInitializeDpc
-  - KeInsertQueueDpc
-  - KeNumberProcessors
-  - KeBugCheckEx
-  - ZwSetSecurityObject
-  - RtlLengthSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - RtlCreateSecurityDescriptor
-  - RtlSetDaclSecurityDescriptor
-  - RtlAbsoluteToSelfRelativeSD
-  - IoIsWdmVersionAvailable
-  - RtlLengthSid
-  - RtlAddAccessAllowedAce
-  - RtlGetSaclSecurityDescriptor
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - ZwCreateKey
-  - ZwQueryValueKey
-  - ZwSetValueKey
-  - RtlFreeUnicodeString
-  - RtlQueryRegistryValues
-  - RtlPrefixUnicodeString
-  - ExUnregisterCallback
-  - ExRegisterCallback
-  - ExCreateCallback
-  - __C_specific_handler
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root
-        CA
-      ValidFrom: '2011-04-15 19:41:37'
-      ValidTo: '2021-04-15 19:51:37'
-      Signature: 5cf5b22d02ceed01b53512d813f7aa4014c7a15ca08a55ed7e55ea6ac457176fd04722423658efc5ac61c5f62c52ce6ae6c80d85dab334420ea40225182672b92a4ea57e4b16f2a0e40c449ce24d9af474f0f927a6699031c244654348c74869d0fc8409f286140ac22996857f11eb8713176ed3ec6bff1d578ab17b1ea5a07ce9a27a68e5fac6b161d67263fa379163835599f81d614f0c6fa3f7bcb1152acc8d85e31417ef7e49443fb022c0f0acbe2fdbe10c86b0f4585c5a10a94bcdf3448a4652083e0a6210e9459504b78b8d4b074f500db7bbe7fb8ca27878c6c53b7663b2cfe521845a66fce04c79834ecfa8ee700586587cc29cd73ca3ad3c7e76625c87d0ed7cd5c55b1421f4be75a275d2e9e15ad020307841624d6b5e6e1b1710244ad8588775d015d762bbfd185665842561977faad49df4f35d6da031c2e19e02ac3e90c3327ee832903416d08b14cf95accee58c54a265b8bfed186a57073ed3e79a4a2f081a041c49871a8ae61b08a365d81c31c50d9cbab368ddf45076160675fec403e7d13edfdc862e10027e661296534e7af3365879b12042d8963f35be3f8ef2999743f5e40ce13c68728c8d49d75a52b573fb7a35943a61b08482c04885c19732d39b725fa0d2348f7ef0467cf28c7294c707b0d7b5b230b81965f09c8327b0a0abd0a2727e050fb3aeddb95b9b42bcc32663456b86f11d4643edc8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611cb28a000000000026
-      Version: 3
-      TBS:
-        MD5: 983a0c315a50542362f2bd6a5d71c8d0
-        SHA1: 8047f476001f5cb16a661d2a3fd0c3576168f5e2
-        SHA256: 5f6a519ed2e35cd0fa1cdfc90f4387162c36287bbf9e4d6648251d99542a9e83
-        SHA384: 5f014b60511ddab3247ef0b3c03fe82c622237ba76015e2911d1adc50dc632d56ebd1ee532f3c2b6cbfe68d80a2c91dc
-    - Subject: C=US, ST=North Carolina, L=Newton, O=AVG Technologies USA, Inc., OU=Release
-        Engineering, CN=AVG Technologies USA, Inc.
-      ValidFrom: '2018-01-30 00:00:00'
-      ValidTo: '2021-01-22 12:00:00'
-      Signature: 64a3846966f4f2a1ffd87657c43ac13664775a70d059fd4447ee6588de3e0bf2b1a228291c0a01222cab6b4bbbcaabb94662396476d5525c952e7fd0048588028be1ba1c55c1ac200b523e7234ded93661acf83becee39c27823e22ec23d4ff8266eea3241ed9fbfd6bba155c7c39ed31db5e810dd7ea0858b0a2e9b824f23b9002f04e35375d54e5237f575e221914fd6a11590fdac7bc2ee5d66eb08e3c560414f6144111bef12350d70d9bdc513fb8d2407de5f1c7cca824feb4fb2a51057c2609f8d6419078879d64840ed870385d645f08f022a306ba5309883eacf4967dbbeb36961c73f2ed047d6cf85d2c3ee86c9913e8374be078155a4ffa36d9fa8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0557955e02a6b53dd1d574ede15f310e
-      Version: 3
-      TBS:
-        MD5: f9b558280379fbd2ac831a9850ec9c0e
-        SHA1: c22448dd1388c2011166e2a203fe984bd702f355
-        SHA256: c2f472e92e35af2565c8973f388a3602f43929f9e41befa85cdeff4446c5b9fe
-        SHA384: 5ee6139861e1ad7af4f34277455f9239b9ae156de69550c1f6b567afa2038498f9edb2464632655aac52899243ff84b3
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code
-        Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 7b721d64ff88c83ac1b7e9e7a9c487bbdb9492d7905933fa2b87dea85b80253f138f9b831b7c43c4e68cdf393ec315ecb0da3b21257b24c1725db84791811346fa9c3f6a5138deb425cbf0abdfc528015479104624d1380f26a161904dbabd28e63ff1c4aa9bf6da35534fc9f23dd36cdc23edaaa04d6709f33a803d3cfb364c90e776a4ddf23abf56352fa24c65e8e0d4dad1c7c8916a2d234f373b199418d4d59c103cd5b11c19ff8fc86b9b9ef8ae9c999678d1cd9c51155b4226725a8d0a4a239240e886de22c2933ad49b68a6df297f06b93c0ebd9fc4869c82474271328609997209794b9d7169f541ff7f397764f1848dbe8b1eb27d68a3a590b10cff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0fa8490615d700a0be2176fdc5ec6dbd
-      Version: 3
-      TBS:
-        MD5: a9a31555bbc92b6033975c5428fb3679
-        SHA1: 47f4b9898631773231b32844ec0d49990ac4eb1e
-        SHA256: c826846e4b1d73edb7561ab1b41c949354e237a91e82fe1be5b7e2e1701f52d1
-        SHA384: 86f49574f368a561914a52d7ae043ec6784ef8c718960700f834e123594605d25d39f1ad45f1eb5052c9567f3edd0e16
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 0557955e02a6b53dd1d574ede15f310e
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code
-        Signing CA,1
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 9626b493680953826324d269e208fa60
-    SHA1: 1a458000e2060911a31fcbed8ad9000b98f54944
-    SHA256: ace6a5d1d7b11c6668753f9f17b2bb60f496168179cfd2d50e4e9e66fc41a50f
-  Sections:
-    .text:
-      Entropy: 6.338122785417557
-      Virtual Size: '0x2236c'
-    .rdata:
-      Entropy: 5.839736997303118
-      Virtual Size: '0x3164'
-    .data:
-      Entropy: 1.9768756829994332
-      Virtual Size: '0x25b18'
-    .pdata:
-      Entropy: 5.35421636085956
-      Virtual Size: '0x111c'
-    PAGE:
-      Entropy: 6.235289627738667
-      Virtual Size: '0x19f7'
-    INIT:
-      Entropy: 5.316818293518236
-      Virtual Size: '0x1352'
-    .rsrc:
-      Entropy: 3.378180204912141
-      Virtual Size: '0x3b8'
-    .reloc:
-      Entropy: 2.5738028214326922
-      Virtual Size: '0x4c4'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2019-03-28 09:56:24'
-  Imphash: 1aa10b05dee9268d7ce87f5f56ea9ded
-  LoadsDespiteHVCI: 'TRUE'
-- Filename: aswArPot.sys
-  MD5: 7fbd3b4488a12eab56c54e7bb91516f3
-  SHA1: 61d44c9a1ef992bc29502f725d1672d551b9bc3f
-  SHA256: e4522e2cfa0b1f5d258a3cf85b87681d6969e0572f668024c465d635c236b5d9
-  Authentihash:
-    MD5: e9dca8f16d7d0074a212dd73f33f94f1
-    SHA1: b844ef5bb029ccfd144dc6f3d705b7c3d0e6efdb
-    SHA256: 47f64d6753f40388382097351a26dad54b8fdf59529a24acc65e9ced440ee2c6
-  Description: AVG anti rootkit
-  Company: AVG Technologies CZ, s.r.o.
-  InternalName: aswArPot.sys
-  OriginalFilename: aswArPot.sys
-  FileVersion: 18.2.3827.0
-  Product: 'AVG Internet Security System '
-  ProductVersion: 18.2.3827.0
-  Copyright: Copyright (C) 2018 AVG Technologies CZ, s.r.o.
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - wcschr
-  - MmUnmapLockedPages
-  - _stricmp
-  - _wcsicmp
-  - towlower
-  - _strnicmp
-  - ExAllocatePoolWithTag
-  - PsGetProcessWin32Process
-  - KeClearEvent
-  - RtlVolumeDeviceToDosName
-  - KeQueryActiveProcessors
-  - RtlConvertSidToUnicodeString
-  - ExFreePoolWithTag
-  - KeResetEvent
-  - ExReleaseFastMutex
-  - IoGetBaseFileSystemDeviceObject
-  - strncmp
-  - ZwOpenThreadTokenEx
-  - RtlAnsiStringToUnicodeString
-  - ExAcquireFastMutex
-  - PsSetLoadImageNotifyRoutine
-  - _snwprintf
-  - NtBuildNumber
-  - PsRemoveCreateThreadNotifyRoutine
-  - PsLookupProcessByProcessId
-  - ZwQuerySymbolicLinkObject
-  - _wcsnicmp
-  - ZwReadFile
-  - strstr
-  - ZwMapViewOfSection
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeSetEvent
-  - wcsncpy
-  - RtlEqualSid
-  - strchr
-  - IoFreeWorkItem
-  - MmGetSystemRoutineAddress
-  - KeInitializeEvent
-  - PsSetCreateThreadNotifyRoutine
-  - RtlUnicodeStringToAnsiString
-  - _snprintf
-  - RtlGetVersion
-  - ZwQuerySystemInformation
-  - RtlInitString
-  - KeReleaseSpinLock
-  - PsSetCreateProcessNotifyRoutine
-  - ZwOpenSymbolicLinkObject
-  - IoFreeMdl
-  - KeUnstackDetachProcess
-  - ZwOpenProcessTokenEx
-  - ZwSetInformationFile
-  - KeDelayExecutionThread
-  - ObQueryNameString
-  - strncpy
-  - IoFileObjectType
-  - IoDriverObjectType
-  - wcsrchr
-  - wcsstr
-  - PsCreateSystemThread
-  - MmMapLockedPagesSpecifyCache
-  - IoGetDeviceObjectPointer
-  - ZwUnmapViewOfSection
-  - ExAllocatePool
-  - PsTerminateSystemThread
-  - IoGetCurrentProcess
-  - ExEventObjectType
-  - IoAllocateWorkItem
-  - ZwClose
-  - IofCompleteRequest
-  - ObReferenceObjectByHandle
-  - KeWaitForSingleObject
-  - PsRemoveLoadImageNotifyRoutine
-  - IoGetRequestorProcessId
-  - MmProbeAndLockPages
-  - PsGetVersion
-  - KeRevertToUserAffinityThread
-  - PsThreadType
-  - IoGetDeviceInterfaces
-  - ZwOpenProcess
-  - SeExports
-  - MmUnlockPages
-  - strrchr
-  - ZwQueryInformationProcess
-  - IoCreateSymbolicLink
-  - PsGetCurrentThreadId
-  - PsGetCurrentProcessId
-  - KeSetSystemAffinityThread
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - ZwCreateSection
-  - ObReferenceObjectByName
-  - IoQueueWorkItem
-  - IoDeviceObjectType
-  - ZwOpenFile
-  - wcsncmp
-  - ZwQueryInformationToken
-  - ZwQueryInformationFile
-  - ZwQueryInformationThread
-  - ObOpenObjectByPointer
-  - KeStackAttachProcess
-  - PsLookupThreadByThreadId
-  - ZwEnumerateKey
-  - IoAllocateMdl
-  - IofCallDriver
-  - ZwOpenKey
-  - KeAcquireSpinLockRaiseToDpc
-  - IoAttachDeviceToDeviceStackSafe
-  - IoDetachDevice
-  - IoCreateDevice
-  - PsProcessType
-  - KeDetachProcess
-  - KeAttachProcess
-  - ZwDeleteFile
-  - IoBuildSynchronousFsdRequest
-  - NtClose
-  - RtlCompareUnicodeString
-  - ObfReferenceObject
-  - ZwWriteFile
-  - ZwOpenThread
-  - ZwTerminateProcess
-  - RtlEqualUnicodeString
-  - ZwOpenDirectoryObject
-  - KeBugCheck
-  - ZwQueryDirectoryObject
-  - IoFreeIrp
-  - IoAllocateIrp
-  - KdDebuggerNotPresent
-  - KeSetTargetProcessorDpc
-  - IoBuildDeviceIoControlRequest
-  - KeInitializeDpc
-  - KeInsertQueueDpc
-  - KeNumberProcessors
-  - KeBugCheckEx
-  - ZwSetSecurityObject
-  - RtlLengthSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - RtlCreateSecurityDescriptor
-  - RtlSetDaclSecurityDescriptor
-  - RtlAbsoluteToSelfRelativeSD
-  - IoIsWdmVersionAvailable
-  - RtlLengthSid
-  - RtlAddAccessAllowedAce
-  - RtlGetSaclSecurityDescriptor
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - ZwCreateKey
-  - ZwQueryValueKey
-  - ZwSetValueKey
-  - RtlFreeUnicodeString
-  - RtlQueryRegistryValues
-  - RtlPrefixUnicodeString
-  - ExUnregisterCallback
-  - ExRegisterCallback
-  - ExCreateCallback
-  - __C_specific_handler
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=NL, ST=North Holland, L=Amsterdam, O=AVG Netherlands B.V., CN=AVG
-        Netherlands B.V.
-      ValidFrom: '2015-07-28 00:00:00'
-      ValidTo: '2018-09-25 23:59:59'
-      Signature: 6a77df4c2dc0ab59ee02d60398ece3dbed508ef731dfe2d64ecaeb0d78f918776b40e046c00dc921210237c8fe7f91b4f2101334f5f672eed5cc4a21825bd8be18fc38ca8f190e2e83e527aae99e956a9cb6a1fa9f52658e42b9fc5618bf7e644f9aea6af7409233ba6e92bc6ea8c07677f094369af597f236de3ffeec4f2d4191c825e1273bbafa6ecb7846f430655760a92f40de681304dc230eb1513082bd4249e3fdcd01cb82905f21cdf0d1f68f581e76f8bded6332cca3dcabf7d483c5e64255bca86d876454c614d9c14c961df6ce78555b9d61a482497dc36dc41179970a8ae7e5cba9306d14cfa79b59112dfa0bec9cf9f7f63853a833b146dc33d8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 4b5e1897903602425d3cb25d75c4f4ce
-      Version: 3
-      TBS:
-        MD5: d4ce3e543458edafb2db286a26226b5b
-        SHA1: e1f64883f78595bfbbbb6998babc3eaf8e335749
-        SHA256: 52b100ec65c2b99f058ff89869ced270bf5e6a5db581962a69e073275339e0ae
-        SHA384: e5a09ab56343245e3f9235ebb1ff4a9479cbc13df2787cd70c850b62498f92265d2da9fd39f6bcd0e90e4d8f086e86d4
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 4b5e1897903602425d3cb25d75c4f4ce
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 73f94453db44e5265861f0ce8df39fc1
-    SHA1: 6d710be934482758c43d9d19941be5ed522e371f
-    SHA256: 39835922f0b2a2c24ed5fb74c468f28fc5b2c036c7a219352dc78f7f29ea13c3
-  Sections:
-    .text:
-      Entropy: 6.332677044584613
-      Virtual Size: '0x202fc'
-    .rdata:
-      Entropy: 5.81653861925658
-      Virtual Size: '0x3054'
-    .data:
-      Entropy: 1.7096861456745627
-      Virtual Size: '0x25814'
-    .pdata:
-      Entropy: 5.335003314094236
-      Virtual Size: '0x1080'
-    PAGE:
-      Entropy: 6.2414734898635
-      Virtual Size: '0x19f7'
-    INIT:
-      Entropy: 5.291903484197976
-      Virtual Size: '0x12d0'
-    .rsrc:
-      Entropy: 3.3997645140401622
-      Virtual Size: '0x3b8'
-    .reloc:
-      Entropy: 1.9822497903370622
-      Virtual Size: '0x438'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2018-02-27 04:28:46'
-  Imphash: 1e8ee6407390a2d52051bec21c771fdb
-  LoadsDespiteHVCI: 'TRUE'
-- Filename: aswArPot.sys
-  MD5: 65e6718a547495c692e090d7887d247b
-  SHA1: 51b9867c391be3ce56ba7e1c3cba8c76777245b2
-  SHA256: ebe2e9ec6d5d94c2d58fbcc9d78c5f0ee7a2f2c1aed6d1b309f383186d11dfa3
-  Authentihash:
-    MD5: 2be74c85587978badcc47079d1eb1c5b
-    SHA1: eaaaeba2313000a501688f7b8416fec2b705ef7a
-    SHA256: fca5f90ce2b210e6026cbf6f2c281fe17a08ddb2e936200847823ef83eaab1eb
-  Description: Avast anti rootkit
-  Company: AVAST Software
-  InternalName: aswArPot.sys
-  OriginalFilename: aswArPot.sys
-  FileVersion: 19.2.4157.0
-  Product: 'Avast Antivirus '
-  ProductVersion: 19.2.4157.0
-  Copyright: Copyright (c) 2019 AVAST Software
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - wcschr
-  - MmUnmapLockedPages
-  - _stricmp
-  - _wcsicmp
-  - towlower
-  - _strnicmp
-  - ExAllocatePoolWithTag
-  - PsGetProcessWin32Process
-  - KeClearEvent
-  - RtlVolumeDeviceToDosName
-  - KeQueryActiveProcessors
-  - RtlConvertSidToUnicodeString
-  - IoBuildDeviceIoControlRequest
-  - ExFreePoolWithTag
-  - KeResetEvent
-  - ExReleaseFastMutex
-  - IoGetBaseFileSystemDeviceObject
-  - strncmp
-  - ZwOpenThreadTokenEx
-  - RtlAnsiStringToUnicodeString
-  - ExAcquireFastMutex
-  - PsSetLoadImageNotifyRoutine
-  - _snwprintf
-  - NtBuildNumber
-  - PsRemoveCreateThreadNotifyRoutine
-  - PsLookupProcessByProcessId
-  - ZwQuerySymbolicLinkObject
-  - _wcsnicmp
-  - ZwReadFile
-  - strstr
-  - ZwMapViewOfSection
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeSetEvent
-  - wcsncpy
-  - RtlEqualSid
-  - strchr
-  - IoFreeWorkItem
-  - MmGetSystemRoutineAddress
-  - KeInitializeEvent
-  - PsSetCreateThreadNotifyRoutine
-  - RtlUnicodeStringToAnsiString
-  - _snprintf
-  - RtlGetVersion
-  - ZwQuerySystemInformation
-  - RtlInitString
-  - KeReleaseSpinLock
-  - PsSetCreateProcessNotifyRoutine
-  - ZwOpenSymbolicLinkObject
-  - IoFreeMdl
-  - KeUnstackDetachProcess
-  - ZwOpenProcessTokenEx
-  - ZwSetInformationFile
-  - tolower
-  - KeDelayExecutionThread
-  - ObQueryNameString
-  - strncpy
-  - IoFileObjectType
-  - IoDriverObjectType
-  - wcsrchr
-  - wcsstr
-  - PsCreateSystemThread
-  - MmMapLockedPagesSpecifyCache
-  - IoGetDeviceObjectPointer
-  - ZwUnmapViewOfSection
-  - ExAllocatePool
-  - PsTerminateSystemThread
-  - IoGetCurrentProcess
-  - ExEventObjectType
-  - IoAllocateWorkItem
-  - ZwClose
-  - IofCompleteRequest
-  - ObReferenceObjectByHandle
-  - KeWaitForSingleObject
-  - PsRemoveLoadImageNotifyRoutine
-  - IoGetRequestorProcessId
-  - MmProbeAndLockPages
-  - PsGetVersion
-  - KeRevertToUserAffinityThread
-  - PsThreadType
-  - IoGetDeviceInterfaces
-  - ZwOpenProcess
-  - SeExports
-  - MmUnlockPages
-  - strrchr
-  - ZwQueryInformationProcess
-  - IoCreateSymbolicLink
-  - PsGetCurrentThreadId
-  - PsGetCurrentProcessId
-  - KeSetSystemAffinityThread
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - ZwCreateSection
-  - ObReferenceObjectByName
-  - IoQueueWorkItem
-  - IoDeviceObjectType
-  - ZwOpenFile
-  - wcsncmp
-  - ZwQueryInformationToken
-  - ZwQueryInformationFile
-  - ZwQueryInformationThread
-  - ObOpenObjectByPointer
-  - KeStackAttachProcess
-  - PsLookupThreadByThreadId
-  - ZwEnumerateKey
-  - IoAllocateMdl
-  - IofCallDriver
-  - ZwOpenKey
-  - KeAcquireSpinLockRaiseToDpc
-  - IoThreadToProcess
-  - IoAttachDeviceToDeviceStackSafe
-  - IoDetachDevice
-  - PsInitialSystemProcess
-  - IoCreateDevice
-  - PsProcessType
-  - MmUnmapIoSpace
-  - KeDetachProcess
-  - MmMapIoSpace
-  - KeAttachProcess
-  - ZwDeleteFile
-  - IoBuildSynchronousFsdRequest
-  - NtClose
-  - RtlCompareUnicodeString
-  - ObfReferenceObject
-  - ZwWriteFile
-  - ZwOpenThread
-  - ZwTerminateProcess
-  - RtlEqualUnicodeString
-  - ZwOpenDirectoryObject
-  - KeBugCheck
-  - ZwQueryDirectoryObject
-  - IoFreeIrp
-  - IoAllocateIrp
-  - KdDebuggerNotPresent
-  - KeSetTargetProcessorDpc
-  - KeInitializeDpc
-  - KeInsertQueueDpc
-  - KeNumberProcessors
-  - KeBugCheckEx
-  - ZwSetSecurityObject
-  - RtlLengthSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - RtlCreateSecurityDescriptor
-  - RtlSetDaclSecurityDescriptor
-  - RtlAbsoluteToSelfRelativeSD
-  - IoIsWdmVersionAvailable
-  - RtlLengthSid
-  - RtlAddAccessAllowedAce
-  - RtlGetSaclSecurityDescriptor
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - ZwCreateKey
-  - ZwQueryValueKey
-  - ZwSetValueKey
-  - RtlFreeUnicodeString
-  - RtlQueryRegistryValues
-  - RtlPrefixUnicodeString
-  - ExUnregisterCallback
-  - ExRegisterCallback
-  - ExCreateCallback
-  - __C_specific_handler
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=CZ, L=Praha 4, O=AVAST Software s.r.o., CN=AVAST Software s.r.o.
-      ValidFrom: '2016-09-06 00:00:00'
-      ValidTo: '2019-10-04 12:00:00'
-      Signature: 56220de8a9a65fffbff97ff463c4026ec9be68fe98bfa0b20a722df84322a44dbc98f25b87ee42da3a06a6cedef076de22e0d7e02d41201156875341cd24badedb8aa5afa133e9ed688fc45aeb37a74fbe399828143561fd717fa7bed97cb5d42643494462fef349f3300daff13660a9e50f85d1110de96d1300e0e730d2b6689fd53eb7a72f4f3112dffa2c1caf17cb64c22509d82b5ce1c2181c2faac22fce3981e683183d6da50d1c17dec375c370f5feb5abfbc6dca4cdd47a5b14375870de6dc346361d8997e79f19819f5168f9b01c9aacc210f2322248adc375a2782b64881c6a557677815c39b024555cc0adca920a617e0ecb385eb47213b1553c80
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 07c70f7cab145bc1ed385fbe69fa3130
-      Version: 3
-      TBS:
-        MD5: 2e1a5012cbe8b95785c794bc1c5584c3
-        SHA1: f4753b06b08938794c32c2475cee663143036d08
-        SHA256: fcad609a3259e3ca079248302a7e694f40e66a7090e510c8c3e821d7a8da82a5
-        SHA384: 08a8396996a9ecb96b22a85d6adf3f8b1117f3a880b1d4af12e4de8e8005897a7073d6d5368cb92f701f466ec227e2a6
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
-      Version: 3
-      TBS:
-        MD5: 829995f702421dea833a24fb2c7f4442
-        SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
-        SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
-        SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 07c70f7cab145bc1ed385fbe69fa3130
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 9626b493680953826324d269e208fa60
-    SHA1: 1a458000e2060911a31fcbed8ad9000b98f54944
-    SHA256: ace6a5d1d7b11c6668753f9f17b2bb60f496168179cfd2d50e4e9e66fc41a50f
-  Sections:
-    .text:
-      Entropy: 6.335491187956018
-      Virtual Size: '0x21e5c'
-    .rdata:
-      Entropy: 5.82392832720373
-      Virtual Size: '0x313c'
-    .data:
-      Entropy: 1.9846555560748016
-      Virtual Size: '0x25b18'
-    .pdata:
-      Entropy: 5.348966481204584
-      Virtual Size: '0x10f8'
-    PAGE:
-      Entropy: 6.238771415869281
-      Virtual Size: '0x19f7'
-    INIT:
-      Entropy: 5.312322202490202
-      Virtual Size: '0x1352'
-    .rsrc:
-      Entropy: 3.3412807542734675
-      Virtual Size: '0x370'
-    .reloc:
-      Entropy: 2.591169638260909
-      Virtual Size: '0x4ba'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2019-01-16 11:17:09'
-  Imphash: 1aa10b05dee9268d7ce87f5f56ea9ded
-  LoadsDespiteHVCI: 'FALSE'
-Tags:
-- aswArPot.sys
-- avgArPot.sys
+-   Filename: aswArPot.sys
+    MD5: c61876aaca6ce822be18adb9d9bd4260
+    SHA1: 186b6523e8e2fa121d6d3b8cb106e9a5b918af4f
+    SHA256: 0b2ad05939b0aabbdc011082fad7960baa0c459ec16a2b29f37c1fa31795a46d
+    Authentihash:
+        MD5: 18893a7dd0bc23f4f4aa7b8350f0e75e
+        SHA1: 27021d09730a1d7694137e123ba3a63cd0b9e040
+        SHA256: fab3f1dbc49bd9f0219156fe49d4423c311f529f7d3653f5f69d2b10b9b0bc98
+    Description: AVG anti rootkit
+    Company: AVG Technologies CZ, s.r.o.
+    InternalName: aswArPot.sys
+    OriginalFilename: aswArPot.sys
+    FileVersion: 18.7.4031.0
+    Product: 'AVG Internet Security System '
+    ProductVersion: 18.7.4031.0
+    Copyright: Copyright (C) 2018 AVG Technologies CZ, s.r.o.
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - wcschr
+    - MmUnmapLockedPages
+    - _stricmp
+    - _wcsicmp
+    - towlower
+    - _strnicmp
+    - ExAllocatePoolWithTag
+    - PsGetProcessWin32Process
+    - KeClearEvent
+    - RtlVolumeDeviceToDosName
+    - KeQueryActiveProcessors
+    - RtlConvertSidToUnicodeString
+    - IoBuildDeviceIoControlRequest
+    - ExFreePoolWithTag
+    - KeResetEvent
+    - ExReleaseFastMutex
+    - IoGetBaseFileSystemDeviceObject
+    - strncmp
+    - ZwOpenThreadTokenEx
+    - RtlAnsiStringToUnicodeString
+    - ExAcquireFastMutex
+    - PsSetLoadImageNotifyRoutine
+    - _snwprintf
+    - NtBuildNumber
+    - PsRemoveCreateThreadNotifyRoutine
+    - PsLookupProcessByProcessId
+    - ZwQuerySymbolicLinkObject
+    - _wcsnicmp
+    - ZwReadFile
+    - strstr
+    - ZwMapViewOfSection
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeSetEvent
+    - wcsncpy
+    - RtlEqualSid
+    - strchr
+    - IoFreeWorkItem
+    - MmGetSystemRoutineAddress
+    - KeInitializeEvent
+    - PsSetCreateThreadNotifyRoutine
+    - RtlUnicodeStringToAnsiString
+    - _snprintf
+    - RtlGetVersion
+    - ZwQuerySystemInformation
+    - RtlInitString
+    - KeReleaseSpinLock
+    - PsSetCreateProcessNotifyRoutine
+    - ZwOpenSymbolicLinkObject
+    - IoFreeMdl
+    - KeUnstackDetachProcess
+    - ZwOpenProcessTokenEx
+    - ZwSetInformationFile
+    - KeDelayExecutionThread
+    - ObQueryNameString
+    - strncpy
+    - IoFileObjectType
+    - IoDriverObjectType
+    - wcsrchr
+    - wcsstr
+    - PsCreateSystemThread
+    - MmMapLockedPagesSpecifyCache
+    - IoGetDeviceObjectPointer
+    - ZwUnmapViewOfSection
+    - ExAllocatePool
+    - PsTerminateSystemThread
+    - IoGetCurrentProcess
+    - ExEventObjectType
+    - IoAllocateWorkItem
+    - ZwClose
+    - IofCompleteRequest
+    - ObReferenceObjectByHandle
+    - KeWaitForSingleObject
+    - PsRemoveLoadImageNotifyRoutine
+    - IoGetRequestorProcessId
+    - MmProbeAndLockPages
+    - PsGetVersion
+    - KeRevertToUserAffinityThread
+    - PsThreadType
+    - IoGetDeviceInterfaces
+    - ZwOpenProcess
+    - SeExports
+    - MmUnlockPages
+    - strrchr
+    - ZwQueryInformationProcess
+    - IoCreateSymbolicLink
+    - PsGetCurrentThreadId
+    - PsGetCurrentProcessId
+    - KeSetSystemAffinityThread
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - ZwCreateSection
+    - ObReferenceObjectByName
+    - IoQueueWorkItem
+    - IoDeviceObjectType
+    - ZwOpenFile
+    - wcsncmp
+    - ZwQueryInformationToken
+    - ZwQueryInformationFile
+    - ZwQueryInformationThread
+    - ObOpenObjectByPointer
+    - KeStackAttachProcess
+    - PsLookupThreadByThreadId
+    - ZwEnumerateKey
+    - IoAllocateMdl
+    - IofCallDriver
+    - ZwOpenKey
+    - KeAcquireSpinLockRaiseToDpc
+    - IoThreadToProcess
+    - IoAttachDeviceToDeviceStackSafe
+    - IoDetachDevice
+    - PsInitialSystemProcess
+    - IoCreateDevice
+    - PsProcessType
+    - KeDetachProcess
+    - KeAttachProcess
+    - ZwDeleteFile
+    - IoBuildSynchronousFsdRequest
+    - NtClose
+    - RtlCompareUnicodeString
+    - ObfReferenceObject
+    - ZwWriteFile
+    - ZwOpenThread
+    - ZwTerminateProcess
+    - RtlEqualUnicodeString
+    - ZwOpenDirectoryObject
+    - KeBugCheck
+    - ZwQueryDirectoryObject
+    - IoFreeIrp
+    - IoAllocateIrp
+    - KdDebuggerNotPresent
+    - KeSetTargetProcessorDpc
+    - KeInitializeDpc
+    - KeInsertQueueDpc
+    - KeNumberProcessors
+    - KeBugCheckEx
+    - ZwSetSecurityObject
+    - RtlLengthSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - RtlCreateSecurityDescriptor
+    - RtlSetDaclSecurityDescriptor
+    - RtlAbsoluteToSelfRelativeSD
+    - IoIsWdmVersionAvailable
+    - RtlLengthSid
+    - RtlAddAccessAllowedAce
+    - RtlGetSaclSecurityDescriptor
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - ZwCreateKey
+    - ZwQueryValueKey
+    - ZwSetValueKey
+    - RtlFreeUnicodeString
+    - RtlQueryRegistryValues
+    - RtlPrefixUnicodeString
+    - ExUnregisterCallback
+    - ExRegisterCallback
+    - ExCreateCallback
+    - __C_specific_handler
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID Root CA
+            ValidFrom: '2011-04-15 19:41:37'
+            ValidTo: '2021-04-15 19:51:37'
+            Signature: 5cf5b22d02ceed01b53512d813f7aa4014c7a15ca08a55ed7e55ea6ac457176fd04722423658efc5ac61c5f62c52ce6ae6c80d85dab334420ea40225182672b92a4ea57e4b16f2a0e40c449ce24d9af474f0f927a6699031c244654348c74869d0fc8409f286140ac22996857f11eb8713176ed3ec6bff1d578ab17b1ea5a07ce9a27a68e5fac6b161d67263fa379163835599f81d614f0c6fa3f7bcb1152acc8d85e31417ef7e49443fb022c0f0acbe2fdbe10c86b0f4585c5a10a94bcdf3448a4652083e0a6210e9459504b78b8d4b074f500db7bbe7fb8ca27878c6c53b7663b2cfe521845a66fce04c79834ecfa8ee700586587cc29cd73ca3ad3c7e76625c87d0ed7cd5c55b1421f4be75a275d2e9e15ad020307841624d6b5e6e1b1710244ad8588775d015d762bbfd185665842561977faad49df4f35d6da031c2e19e02ac3e90c3327ee832903416d08b14cf95accee58c54a265b8bfed186a57073ed3e79a4a2f081a041c49871a8ae61b08a365d81c31c50d9cbab368ddf45076160675fec403e7d13edfdc862e10027e661296534e7af3365879b12042d8963f35be3f8ef2999743f5e40ce13c68728c8d49d75a52b573fb7a35943a61b08482c04885c19732d39b725fa0d2348f7ef0467cf28c7294c707b0d7b5b230b81965f09c8327b0a0abd0a2727e050fb3aeddb95b9b42bcc32663456b86f11d4643edc8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611cb28a000000000026
+            Version: 3
+            TBS:
+                MD5: 983a0c315a50542362f2bd6a5d71c8d0
+                SHA1: 8047f476001f5cb16a661d2a3fd0c3576168f5e2
+                SHA256: 5f6a519ed2e35cd0fa1cdfc90f4387162c36287bbf9e4d6648251d99542a9e83
+                SHA384: 5f014b60511ddab3247ef0b3c03fe82c622237ba76015e2911d1adc50dc632d56ebd1ee532f3c2b6cbfe68d80a2c91dc
+        -   Subject: C=US, ST=North Carolina, L=Newton, O=AVG Technologies USA, Inc.,
+                OU=Release Engineering, CN=AVG Technologies USA, Inc.
+            ValidFrom: '2018-01-30 00:00:00'
+            ValidTo: '2021-01-22 12:00:00'
+            Signature: 64a3846966f4f2a1ffd87657c43ac13664775a70d059fd4447ee6588de3e0bf2b1a228291c0a01222cab6b4bbbcaabb94662396476d5525c952e7fd0048588028be1ba1c55c1ac200b523e7234ded93661acf83becee39c27823e22ec23d4ff8266eea3241ed9fbfd6bba155c7c39ed31db5e810dd7ea0858b0a2e9b824f23b9002f04e35375d54e5237f575e221914fd6a11590fdac7bc2ee5d66eb08e3c560414f6144111bef12350d70d9bdc513fb8d2407de5f1c7cca824feb4fb2a51057c2609f8d6419078879d64840ed870385d645f08f022a306ba5309883eacf4967dbbeb36961c73f2ed047d6cf85d2c3ee86c9913e8374be078155a4ffa36d9fa8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0557955e02a6b53dd1d574ede15f310e
+            Version: 3
+            TBS:
+                MD5: f9b558280379fbd2ac831a9850ec9c0e
+                SHA1: c22448dd1388c2011166e2a203fe984bd702f355
+                SHA256: c2f472e92e35af2565c8973f388a3602f43929f9e41befa85cdeff4446c5b9fe
+                SHA384: 5ee6139861e1ad7af4f34277455f9239b9ae156de69550c1f6b567afa2038498f9edb2464632655aac52899243ff84b3
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 7b721d64ff88c83ac1b7e9e7a9c487bbdb9492d7905933fa2b87dea85b80253f138f9b831b7c43c4e68cdf393ec315ecb0da3b21257b24c1725db84791811346fa9c3f6a5138deb425cbf0abdfc528015479104624d1380f26a161904dbabd28e63ff1c4aa9bf6da35534fc9f23dd36cdc23edaaa04d6709f33a803d3cfb364c90e776a4ddf23abf56352fa24c65e8e0d4dad1c7c8916a2d234f373b199418d4d59c103cd5b11c19ff8fc86b9b9ef8ae9c999678d1cd9c51155b4226725a8d0a4a239240e886de22c2933ad49b68a6df297f06b93c0ebd9fc4869c82474271328609997209794b9d7169f541ff7f397764f1848dbe8b1eb27d68a3a590b10cff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0fa8490615d700a0be2176fdc5ec6dbd
+            Version: 3
+            TBS:
+                MD5: a9a31555bbc92b6033975c5428fb3679
+                SHA1: 47f4b9898631773231b32844ec0d49990ac4eb1e
+                SHA256: c826846e4b1d73edb7561ab1b41c949354e237a91e82fe1be5b7e2e1701f52d1
+                SHA384: 86f49574f368a561914a52d7ae043ec6784ef8c718960700f834e123594605d25d39f1ad45f1eb5052c9567f3edd0e16
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 0557955e02a6b53dd1d574ede15f310e
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID Code Signing CA,1
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 382c4767d71156621da4d8ab3193017a
+        SHA1: 20e40fd8dd4465dfd940c017e5cb26819d5cbed7
+        SHA256: cc76cbedaf6062b99e917cf31a8cce723c854d10d1afd041e4ca85ceabb39c4b
+    Sections:
+        .text:
+            Entropy: 6.335598955768239
+            Virtual Size: '0x2133c'
+        .rdata:
+            Entropy: 5.843813784629538
+            Virtual Size: '0x30b4'
+        .data:
+            Entropy: 1.9686843664265543
+            Virtual Size: '0x25ac0'
+        .pdata:
+            Entropy: 5.344378789120372
+            Virtual Size: '0x10a4'
+        PAGE:
+            Entropy: 6.236243477409071
+            Virtual Size: '0x19f7'
+        INIT:
+            Entropy: 5.308986664848571
+            Virtual Size: '0x130e'
+        .rsrc:
+            Entropy: 3.397661483885662
+            Virtual Size: '0x3b8'
+        .reloc:
+            Entropy: 2.585838337225609
+            Virtual Size: '0x4ba'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2018-10-02 03:42:06'
+    Imphash: dd406d43857d7f5ad1b0aec04fdb7e5f
+    LoadsDespiteHVCI: 'TRUE'
+-   Filename: aswArPot.sys
+    MD5: 56a9e9b5334f8698a0ede27c64140982
+    SHA1: 762a5b4c7beb2af675617dca6dcd6afd36ce0afd
+    SHA256: 0b542e47248611a1895018ec4f4033ea53464f259c74eb014d018b19ad818917
+    Authentihash:
+        MD5: a75fd1dc0e0b04ba483ab56147868c5f
+        SHA1: aad76f7285cc00fffce801147036331610943062
+        SHA256: 1faa125c9442b20c646411f629dd48afe2d962554c45fc4a8e2d45c1fc611b6c
+    Description: AVG Anti Rootkit
+    Company: AVG Technologies CZ, s.r.o.
+    InternalName: aswArPot
+    OriginalFilename: aswArPot.sys
+    FileVersion: 20.8.130.0
+    Product: 'AVG Internet Security System '
+    ProductVersion: 20.8.130.0
+    Copyright: Copyright (C) 2020 AVG Technologies CZ, s.r.o.
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - __C_specific_handler
+    - KeDelayExecutionThread
+    - IoAllocateWorkItem
+    - MmIsAddressValid
+    - MmUnlockPages
+    - ExAllocatePool
+    - RtlAnsiStringToUnicodeString
+    - KeAcquireSpinLockRaiseToDpc
+    - ZwQuerySystemInformation
+    - PsRemoveLoadImageNotifyRoutine
+    - ZwUnmapViewOfSection
+    - ZwQuerySymbolicLinkObject
+    - MmProbeAndLockPages
+    - RtlVolumeDeviceToDosName
+    - PsSetLoadImageNotifyRoutine
+    - IoGetRequestorProcessId
+    - ZwReadFile
+    - ObQueryNameString
+    - ZwOpenThreadTokenEx
+    - ZwOpenProcessTokenEx
+    - towlower
+    - NtBuildNumber
+    - ExReleaseFastMutex
+    - _wcsicmp
+    - _snwprintf
+    - RtlConvertSidToUnicodeString
+    - ObfDereferenceObject
+    - IoAllocateMdl
+    - ZwCreateSection
+    - ZwQueryInformationProcess
+    - PsGetProcessId
+    - PsCreateSystemThread
+    - ZwQueryInformationThread
+    - RtlInitUnicodeString
+    - ZwOpenSymbolicLinkObject
+    - tolower
+    - PsRemoveCreateThreadNotifyRoutine
+    - IoDeleteDevice
+    - IoBuildDeviceIoControlRequest
+    - wcsncpy
+    - IoGetDeviceObjectPointer
+    - IoGetCurrentProcess
+    - ObOpenObjectByPointer
+    - strncpy
+    - KeReleaseSpinLock
+    - _strnicmp
+    - IoFileObjectType
+    - KeStackAttachProcess
+    - PsLookupProcessByProcessId
+    - PsGetCurrentProcessId
+    - KeSetEvent
+    - PsThreadType
+    - RtlUnicodeStringToAnsiString
+    - ZwQueryInformationToken
+    - ZwMapViewOfSection
+    - strncmp
+    - ObReferenceObjectByHandle
+    - RtlGetVersion
+    - PsGetThreadId
+    - PsGetVersion
+    - KeClearEvent
+    - IoGetBaseFileSystemDeviceObject
+    - wcschr
+    - ZwSetInformationFile
+    - ZwEnumerateKey
+    - IoFreeMdl
+    - wcsstr
+    - ExAcquireFastMutex
+    - MmGetSystemRoutineAddress
+    - IoFreeWorkItem
+    - _stricmp
+    - ExAllocatePoolWithTag
+    - RtlInitString
+    - IofCallDriver
+    - IoDeviceObjectType
+    - _snprintf
+    - ExFreePoolWithTag
+    - ZwOpenFile
+    - KeSetSystemAffinityThread
+    - strstr
+    - KeInitializeEvent
+    - ObReferenceObjectByName
+    - strchr
+    - _wcsnicmp
+    - KeQueryActiveProcessors
+    - RtlEqualSid
+    - IoQueueWorkItem
+    - MmUnmapLockedPages
+    - MmMapLockedPagesSpecifyCache
+    - PsSetCreateThreadNotifyRoutine
+    - PsGetCurrentThreadId
+    - IofCompleteRequest
+    - PsGetProcessWin32Process
+    - ExEventObjectType
+    - ZwQueryInformationFile
+    - KeWaitForSingleObject
+    - IoCreateSymbolicLink
+    - PsSetCreateProcessNotifyRoutine
+    - IoDriverObjectType
+    - PsLookupThreadByThreadId
+    - IoGetDeviceInterfaces
+    - ZwClose
+    - PsTerminateSystemThread
+    - wcsrchr
+    - strrchr
+    - SeExports
+    - KeUnstackDetachProcess
+    - KeResetEvent
+    - KeRevertToUserAffinityThread
+    - ZwOpenProcess
+    - wcsncmp
+    - ZwOpenKey
+    - PsGetThreadProcess
+    - IoDetachDevice
+    - IoAttachDeviceToDeviceStackSafe
+    - IoThreadToProcess
+    - PsInitialSystemProcess
+    - IoCreateDevice
+    - KeInsertQueueDpc
+    - KeNumberProcessors
+    - KeInitializeDpc
+    - KeSetTargetProcessorDpc
+    - PsProcessType
+    - MmMapIoSpace
+    - MmUnmapIoSpace
+    - ZwDeleteFile
+    - KeAttachProcess
+    - KeDetachProcess
+    - RtlCompareUnicodeString
+    - ZwWriteFile
+    - NtClose
+    - ObfReferenceObject
+    - IoBuildSynchronousFsdRequest
+    - ZwOpenThread
+    - ZwTerminateProcess
+    - RtlEqualUnicodeString
+    - IoFreeIrp
+    - ZwQueryDirectoryObject
+    - KeBugCheck
+    - ZwOpenDirectoryObject
+    - IoAllocateIrp
+    - KdDebuggerNotPresent
+    - ZwSetSecurityObject
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - RtlGetSaclSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - RtlLengthSecurityDescriptor
+    - RtlCreateSecurityDescriptor
+    - RtlAbsoluteToSelfRelativeSD
+    - RtlAddAccessAllowedAce
+    - RtlLengthSid
+    - IoIsWdmVersionAvailable
+    - RtlSetDaclSecurityDescriptor
+    - ZwSetValueKey
+    - ZwQueryValueKey
+    - ZwCreateKey
+    - RtlFreeUnicodeString
+    - KeBugCheckEx
+    - RtlQueryRegistryValues
+    - RtlPrefixUnicodeString
+    - ExRegisterCallback
+    - ExCreateCallback
+    - ExUnregisterCallback
+    - strcmp
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: C=US, ST=North Carolina, L=Newton, O=AVG Technologies USA, LLC,
+                OU=RE 999, CN=AVG Technologies USA, LLC
+            ValidFrom: '2020-01-27 00:00:00'
+            ValidTo: '2022-10-20 12:00:00'
+            Signature: b02cbaf178caf97fa7c0182c25b4c97d4e68127e4d5634609757bcbc051eb94254bb50e112e72505e7f9c6dbd92622287bacbcd726fa911b3b3e36ccc88f8794e980c0b0409efc87fb04d88a15df20dedb23ced152779b799359e4d3b553eb4c6c6ea61216899a0d9cc97de7f7e21ce374d5430e2dcfbb3b6f653db2d236f59bb22bd65e0787a65610c4fde1463a5be08e4710fb4e1ae7c00080edb315995b06297431ce4a9821d1050aa7061ef26c182482d09ba42001ab103c882c01f312411130490aa7820ff72902e723a864b881066e2d7883afdb5ba9d3027550f6a3761669e42b425ad61f76e2add3dd012558bd769b76f8f37843243dfbd0a2efa363
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03ec0c9015079fab8a6f3fc9f839311c
+            Version: 3
+            TBS:
+                MD5: bf2831557abdf7e58917d0a2608080a5
+                SHA1: 24ece342e4c4f2f17f32e6924f48c240ad6300ff
+                SHA256: 1afa061865098b2da9d030bc9f5815ad98e59fa847903692e52d6ba0bbf260dd
+                SHA384: 0bed85528163e2befed14755c2dcaf02acea62bdf352d3f964cfeaa2883bebea3e186aa26ce12e4df1dfd6d235bf9bb6
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
+            Version: 3
+            TBS:
+                MD5: 829995f702421dea833a24fb2c7f4442
+                SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
+                SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
+                SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 03ec0c9015079fab8a6f3fc9f839311c
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            Version: 1
+    RichPEHeaderHash:
+        MD5: e8033ae063a3483aec0d2fa55081ff62
+        SHA1: fef047c18b115c601ddfd833e1cb5784ca1afbd7
+        SHA256: fe30a08a31a5f4687353c7b08444b72fb6402a51b0586f0ade667983f833c4a5
+    Sections:
+        .text:
+            Entropy: 6.382014580840617
+            Virtual Size: '0x21e62'
+        .rdata:
+            Entropy: 5.714696800325816
+            Virtual Size: '0x3b24'
+        .data:
+            Entropy: 2.7169953597230534
+            Virtual Size: '0x259b0'
+        .pdata:
+            Entropy: 5.4323977966026975
+            Virtual Size: '0x11dc'
+        PAGE:
+            Entropy: 6.273110218235552
+            Virtual Size: '0x1c4b'
+        INIT:
+            Entropy: 5.36403021726766
+            Virtual Size: '0x13dc'
+        .rsrc:
+            Entropy: 3.367990251400212
+            Virtual Size: '0x3d8'
+        .reloc:
+            Entropy: 5.3833020583275815
+            Virtual Size: '0x188'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2020-09-24 08:28:43'
+    Imphash: 26150d69f50aa9247c3f3f17521d18a2
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: aswArPot.sys
+    MD5: 94999245e9580c6228b22ac44c66044c
+    SHA1: 4a04596acf79115f15add3921ce30a96f594d7ce
+    SHA256: 0cd4ca335155062182608cad9ef5c8351a715bce92049719dd09c76422cd7b0c
+    Authentihash:
+        MD5: bd9f1ccc35bd6f7b1b10f29e34167f2d
+        SHA1: e6822211c3f40414dd0d8ec6416db8b050859cd5
+        SHA256: a801e12c32c0eb197b3cc507d096afc16a32dca6bc71d080e1ae2c17ad13b2ca
+    Description: AVG Anti Rootkit
+    Company: AVG Technologies CZ, s.r.o.
+    InternalName: aswArPot
+    OriginalFilename: aswArPot.sys
+    FileVersion: 20.3.68.0
+    Product: 'AVG Internet Security System '
+    ProductVersion: 20.3.68.0
+    Copyright: Copyright (C) 2020 AVG Technologies CZ, s.r.o.
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - __C_specific_handler
+    - KeDelayExecutionThread
+    - IoAllocateWorkItem
+    - MmIsAddressValid
+    - MmUnlockPages
+    - ExAllocatePool
+    - RtlAnsiStringToUnicodeString
+    - KeAcquireSpinLockRaiseToDpc
+    - ZwQuerySystemInformation
+    - PsRemoveLoadImageNotifyRoutine
+    - ZwUnmapViewOfSection
+    - ZwQuerySymbolicLinkObject
+    - MmProbeAndLockPages
+    - RtlVolumeDeviceToDosName
+    - PsSetLoadImageNotifyRoutine
+    - IoGetRequestorProcessId
+    - ZwReadFile
+    - ObQueryNameString
+    - ZwOpenThreadTokenEx
+    - ZwOpenProcessTokenEx
+    - towlower
+    - NtBuildNumber
+    - ExReleaseFastMutex
+    - _wcsicmp
+    - _snwprintf
+    - RtlConvertSidToUnicodeString
+    - ObfDereferenceObject
+    - IoAllocateMdl
+    - ZwCreateSection
+    - ZwQueryInformationProcess
+    - PsGetProcessId
+    - PsCreateSystemThread
+    - ZwQueryInformationThread
+    - RtlInitUnicodeString
+    - ZwOpenSymbolicLinkObject
+    - tolower
+    - PsRemoveCreateThreadNotifyRoutine
+    - IoDeleteDevice
+    - IoBuildDeviceIoControlRequest
+    - wcsncpy
+    - IoGetDeviceObjectPointer
+    - IoGetCurrentProcess
+    - ObOpenObjectByPointer
+    - strncpy
+    - KeReleaseSpinLock
+    - _strnicmp
+    - IoFileObjectType
+    - KeStackAttachProcess
+    - PsLookupProcessByProcessId
+    - PsGetCurrentProcessId
+    - KeSetEvent
+    - PsThreadType
+    - RtlUnicodeStringToAnsiString
+    - ZwQueryInformationToken
+    - ZwMapViewOfSection
+    - strncmp
+    - ObReferenceObjectByHandle
+    - RtlGetVersion
+    - PsGetThreadId
+    - PsGetVersion
+    - KeClearEvent
+    - IoGetBaseFileSystemDeviceObject
+    - wcschr
+    - ZwSetInformationFile
+    - ZwEnumerateKey
+    - IoFreeMdl
+    - wcsstr
+    - ExAcquireFastMutex
+    - MmGetSystemRoutineAddress
+    - IoFreeWorkItem
+    - _stricmp
+    - ExAllocatePoolWithTag
+    - RtlInitString
+    - IofCallDriver
+    - IoDeviceObjectType
+    - _snprintf
+    - ExFreePoolWithTag
+    - ZwOpenFile
+    - KeSetSystemAffinityThread
+    - strstr
+    - KeInitializeEvent
+    - ObReferenceObjectByName
+    - strchr
+    - _wcsnicmp
+    - KeQueryActiveProcessors
+    - RtlEqualSid
+    - IoQueueWorkItem
+    - MmUnmapLockedPages
+    - MmMapLockedPagesSpecifyCache
+    - PsSetCreateThreadNotifyRoutine
+    - PsGetCurrentThreadId
+    - IofCompleteRequest
+    - PsGetProcessWin32Process
+    - ExEventObjectType
+    - ZwQueryInformationFile
+    - KeWaitForSingleObject
+    - IoCreateSymbolicLink
+    - PsSetCreateProcessNotifyRoutine
+    - IoDriverObjectType
+    - PsLookupThreadByThreadId
+    - IoGetDeviceInterfaces
+    - ZwClose
+    - PsTerminateSystemThread
+    - wcsrchr
+    - strrchr
+    - SeExports
+    - KeUnstackDetachProcess
+    - KeResetEvent
+    - KeRevertToUserAffinityThread
+    - ZwOpenProcess
+    - wcsncmp
+    - ZwOpenKey
+    - PsGetThreadProcess
+    - IoDetachDevice
+    - IoAttachDeviceToDeviceStackSafe
+    - IoThreadToProcess
+    - PsInitialSystemProcess
+    - IoCreateDevice
+    - KeInsertQueueDpc
+    - KeNumberProcessors
+    - KeInitializeDpc
+    - KeSetTargetProcessorDpc
+    - PsProcessType
+    - MmMapIoSpace
+    - MmUnmapIoSpace
+    - ZwDeleteFile
+    - KeAttachProcess
+    - KeDetachProcess
+    - RtlCompareUnicodeString
+    - ZwWriteFile
+    - NtClose
+    - ObfReferenceObject
+    - IoBuildSynchronousFsdRequest
+    - ZwOpenThread
+    - ZwTerminateProcess
+    - RtlEqualUnicodeString
+    - IoFreeIrp
+    - ZwQueryDirectoryObject
+    - KeBugCheck
+    - ZwOpenDirectoryObject
+    - IoAllocateIrp
+    - KdDebuggerNotPresent
+    - ZwSetSecurityObject
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - RtlGetSaclSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - RtlLengthSecurityDescriptor
+    - RtlCreateSecurityDescriptor
+    - RtlAbsoluteToSelfRelativeSD
+    - RtlAddAccessAllowedAce
+    - RtlLengthSid
+    - IoIsWdmVersionAvailable
+    - RtlSetDaclSecurityDescriptor
+    - ZwSetValueKey
+    - ZwQueryValueKey
+    - ZwCreateKey
+    - RtlFreeUnicodeString
+    - KeBugCheckEx
+    - RtlQueryRegistryValues
+    - RtlPrefixUnicodeString
+    - ExRegisterCallback
+    - ExCreateCallback
+    - ExUnregisterCallback
+    - strcmp
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: C=US, ST=North Carolina, L=Newton, O=AVG Technologies USA, LLC,
+                OU=RE 999, CN=AVG Technologies USA, LLC
+            ValidFrom: '2020-01-27 00:00:00'
+            ValidTo: '2022-10-20 12:00:00'
+            Signature: b02cbaf178caf97fa7c0182c25b4c97d4e68127e4d5634609757bcbc051eb94254bb50e112e72505e7f9c6dbd92622287bacbcd726fa911b3b3e36ccc88f8794e980c0b0409efc87fb04d88a15df20dedb23ced152779b799359e4d3b553eb4c6c6ea61216899a0d9cc97de7f7e21ce374d5430e2dcfbb3b6f653db2d236f59bb22bd65e0787a65610c4fde1463a5be08e4710fb4e1ae7c00080edb315995b06297431ce4a9821d1050aa7061ef26c182482d09ba42001ab103c882c01f312411130490aa7820ff72902e723a864b881066e2d7883afdb5ba9d3027550f6a3761669e42b425ad61f76e2add3dd012558bd769b76f8f37843243dfbd0a2efa363
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03ec0c9015079fab8a6f3fc9f839311c
+            Version: 3
+            TBS:
+                MD5: bf2831557abdf7e58917d0a2608080a5
+                SHA1: 24ece342e4c4f2f17f32e6924f48c240ad6300ff
+                SHA256: 1afa061865098b2da9d030bc9f5815ad98e59fa847903692e52d6ba0bbf260dd
+                SHA384: 0bed85528163e2befed14755c2dcaf02acea62bdf352d3f964cfeaa2883bebea3e186aa26ce12e4df1dfd6d235bf9bb6
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
+            Version: 3
+            TBS:
+                MD5: 829995f702421dea833a24fb2c7f4442
+                SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
+                SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
+                SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 03ec0c9015079fab8a6f3fc9f839311c
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 5a489fed9ab25dab8eb1e8de57816a5b
+        SHA1: e1f992c705eb87c462152c01a8db69d1df44aacb
+        SHA256: 13fb8d5234772b9e76b9929957aa21c6a9395cc3892f69dcd599f7682daff315
+    Sections:
+        .text:
+            Entropy: 6.37980416282674
+            Virtual Size: '0x21d62'
+        .rdata:
+            Entropy: 5.713849110081666
+            Virtual Size: '0x3b1c'
+        .data:
+            Entropy: 2.7078442579876167
+            Virtual Size: '0x259b0'
+        .pdata:
+            Entropy: 5.4286864002584405
+            Virtual Size: '0x11dc'
+        PAGE:
+            Entropy: 6.273919225206701
+            Virtual Size: '0x1c4b'
+        INIT:
+            Entropy: 5.3629488423190335
+            Virtual Size: '0x13dc'
+        .rsrc:
+            Entropy: 3.3599501979564375
+            Virtual Size: '0x3d0'
+        .reloc:
+            Entropy: 5.3833020583275815
+            Virtual Size: '0x188'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2020-04-28 12:47:02'
+    Imphash: 26150d69f50aa9247c3f3f17521d18a2
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: aswArPot.sys
+    MD5: 93a23503e26773c27ed1da06bb79e7a4
+    SHA1: da03799bb0025a476e3e15cc5f426e5412aeef02
+    SHA256: 0f016c80c4938fbcd47a47409969b3925f54292eba2ce01a8e45222ce8615eb8
+    Authentihash:
+        MD5: c53ff2c139c291d9afe0a4831d0ca8b3
+        SHA1: e6fb86d4de7362af1e3cd957bcc4e2e887aa5016
+        SHA256: 29a560a11292c4224a401392e091a8f08230fdfea35521035e2bfda0b3d1f952
+    Description: AVG anti rootkit
+    Company: AVG Technologies CZ, s.r.o.
+    InternalName: aswArPot.sys
+    OriginalFilename: aswArPot.sys
+    FileVersion: 18.8.4057.0
+    Product: 'AVG Internet Security System '
+    ProductVersion: 18.8.4057.0
+    Copyright: Copyright (C) 2018 AVG Technologies CZ, s.r.o.
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - wcschr
+    - MmUnmapLockedPages
+    - _stricmp
+    - _wcsicmp
+    - towlower
+    - _strnicmp
+    - ExAllocatePoolWithTag
+    - PsGetProcessWin32Process
+    - KeClearEvent
+    - RtlVolumeDeviceToDosName
+    - KeQueryActiveProcessors
+    - RtlConvertSidToUnicodeString
+    - IoBuildDeviceIoControlRequest
+    - ExFreePoolWithTag
+    - KeResetEvent
+    - ExReleaseFastMutex
+    - IoGetBaseFileSystemDeviceObject
+    - strncmp
+    - ZwOpenThreadTokenEx
+    - RtlAnsiStringToUnicodeString
+    - ExAcquireFastMutex
+    - PsSetLoadImageNotifyRoutine
+    - _snwprintf
+    - NtBuildNumber
+    - PsRemoveCreateThreadNotifyRoutine
+    - PsLookupProcessByProcessId
+    - ZwQuerySymbolicLinkObject
+    - _wcsnicmp
+    - ZwReadFile
+    - strstr
+    - ZwMapViewOfSection
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeSetEvent
+    - wcsncpy
+    - RtlEqualSid
+    - strchr
+    - IoFreeWorkItem
+    - MmGetSystemRoutineAddress
+    - KeInitializeEvent
+    - PsSetCreateThreadNotifyRoutine
+    - RtlUnicodeStringToAnsiString
+    - _snprintf
+    - RtlGetVersion
+    - ZwQuerySystemInformation
+    - RtlInitString
+    - KeReleaseSpinLock
+    - PsSetCreateProcessNotifyRoutine
+    - ZwOpenSymbolicLinkObject
+    - IoFreeMdl
+    - KeUnstackDetachProcess
+    - ZwOpenProcessTokenEx
+    - ZwSetInformationFile
+    - KeDelayExecutionThread
+    - ObQueryNameString
+    - strncpy
+    - IoFileObjectType
+    - IoDriverObjectType
+    - wcsrchr
+    - wcsstr
+    - PsCreateSystemThread
+    - MmMapLockedPagesSpecifyCache
+    - IoGetDeviceObjectPointer
+    - ZwUnmapViewOfSection
+    - ExAllocatePool
+    - PsTerminateSystemThread
+    - IoGetCurrentProcess
+    - ExEventObjectType
+    - IoAllocateWorkItem
+    - ZwClose
+    - IofCompleteRequest
+    - ObReferenceObjectByHandle
+    - KeWaitForSingleObject
+    - PsRemoveLoadImageNotifyRoutine
+    - IoGetRequestorProcessId
+    - MmProbeAndLockPages
+    - PsGetVersion
+    - KeRevertToUserAffinityThread
+    - PsThreadType
+    - IoGetDeviceInterfaces
+    - ZwOpenProcess
+    - SeExports
+    - MmUnlockPages
+    - strrchr
+    - ZwQueryInformationProcess
+    - IoCreateSymbolicLink
+    - PsGetCurrentThreadId
+    - PsGetCurrentProcessId
+    - KeSetSystemAffinityThread
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - ZwCreateSection
+    - ObReferenceObjectByName
+    - IoQueueWorkItem
+    - IoDeviceObjectType
+    - ZwOpenFile
+    - wcsncmp
+    - ZwQueryInformationToken
+    - ZwQueryInformationFile
+    - ZwQueryInformationThread
+    - ObOpenObjectByPointer
+    - KeStackAttachProcess
+    - PsLookupThreadByThreadId
+    - ZwEnumerateKey
+    - IoAllocateMdl
+    - IofCallDriver
+    - ZwOpenKey
+    - KeAcquireSpinLockRaiseToDpc
+    - IoThreadToProcess
+    - IoAttachDeviceToDeviceStackSafe
+    - IoDetachDevice
+    - PsInitialSystemProcess
+    - IoCreateDevice
+    - PsProcessType
+    - KeDetachProcess
+    - KeAttachProcess
+    - ZwDeleteFile
+    - IoBuildSynchronousFsdRequest
+    - NtClose
+    - RtlCompareUnicodeString
+    - ObfReferenceObject
+    - ZwWriteFile
+    - ZwOpenThread
+    - ZwTerminateProcess
+    - RtlEqualUnicodeString
+    - ZwOpenDirectoryObject
+    - KeBugCheck
+    - ZwQueryDirectoryObject
+    - IoFreeIrp
+    - IoAllocateIrp
+    - KdDebuggerNotPresent
+    - KeSetTargetProcessorDpc
+    - KeInitializeDpc
+    - KeInsertQueueDpc
+    - KeNumberProcessors
+    - KeBugCheckEx
+    - ZwSetSecurityObject
+    - RtlLengthSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - RtlCreateSecurityDescriptor
+    - RtlSetDaclSecurityDescriptor
+    - RtlAbsoluteToSelfRelativeSD
+    - IoIsWdmVersionAvailable
+    - RtlLengthSid
+    - RtlAddAccessAllowedAce
+    - RtlGetSaclSecurityDescriptor
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - ZwCreateKey
+    - ZwQueryValueKey
+    - ZwSetValueKey
+    - RtlFreeUnicodeString
+    - RtlQueryRegistryValues
+    - RtlPrefixUnicodeString
+    - ExUnregisterCallback
+    - ExRegisterCallback
+    - ExCreateCallback
+    - __C_specific_handler
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID Root CA
+            ValidFrom: '2011-04-15 19:41:37'
+            ValidTo: '2021-04-15 19:51:37'
+            Signature: 5cf5b22d02ceed01b53512d813f7aa4014c7a15ca08a55ed7e55ea6ac457176fd04722423658efc5ac61c5f62c52ce6ae6c80d85dab334420ea40225182672b92a4ea57e4b16f2a0e40c449ce24d9af474f0f927a6699031c244654348c74869d0fc8409f286140ac22996857f11eb8713176ed3ec6bff1d578ab17b1ea5a07ce9a27a68e5fac6b161d67263fa379163835599f81d614f0c6fa3f7bcb1152acc8d85e31417ef7e49443fb022c0f0acbe2fdbe10c86b0f4585c5a10a94bcdf3448a4652083e0a6210e9459504b78b8d4b074f500db7bbe7fb8ca27878c6c53b7663b2cfe521845a66fce04c79834ecfa8ee700586587cc29cd73ca3ad3c7e76625c87d0ed7cd5c55b1421f4be75a275d2e9e15ad020307841624d6b5e6e1b1710244ad8588775d015d762bbfd185665842561977faad49df4f35d6da031c2e19e02ac3e90c3327ee832903416d08b14cf95accee58c54a265b8bfed186a57073ed3e79a4a2f081a041c49871a8ae61b08a365d81c31c50d9cbab368ddf45076160675fec403e7d13edfdc862e10027e661296534e7af3365879b12042d8963f35be3f8ef2999743f5e40ce13c68728c8d49d75a52b573fb7a35943a61b08482c04885c19732d39b725fa0d2348f7ef0467cf28c7294c707b0d7b5b230b81965f09c8327b0a0abd0a2727e050fb3aeddb95b9b42bcc32663456b86f11d4643edc8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611cb28a000000000026
+            Version: 3
+            TBS:
+                MD5: 983a0c315a50542362f2bd6a5d71c8d0
+                SHA1: 8047f476001f5cb16a661d2a3fd0c3576168f5e2
+                SHA256: 5f6a519ed2e35cd0fa1cdfc90f4387162c36287bbf9e4d6648251d99542a9e83
+                SHA384: 5f014b60511ddab3247ef0b3c03fe82c622237ba76015e2911d1adc50dc632d56ebd1ee532f3c2b6cbfe68d80a2c91dc
+        -   Subject: C=US, ST=North Carolina, L=Newton, O=AVG Technologies USA, Inc.,
+                OU=Release Engineering, CN=AVG Technologies USA, Inc.
+            ValidFrom: '2018-01-30 00:00:00'
+            ValidTo: '2021-01-22 12:00:00'
+            Signature: 64a3846966f4f2a1ffd87657c43ac13664775a70d059fd4447ee6588de3e0bf2b1a228291c0a01222cab6b4bbbcaabb94662396476d5525c952e7fd0048588028be1ba1c55c1ac200b523e7234ded93661acf83becee39c27823e22ec23d4ff8266eea3241ed9fbfd6bba155c7c39ed31db5e810dd7ea0858b0a2e9b824f23b9002f04e35375d54e5237f575e221914fd6a11590fdac7bc2ee5d66eb08e3c560414f6144111bef12350d70d9bdc513fb8d2407de5f1c7cca824feb4fb2a51057c2609f8d6419078879d64840ed870385d645f08f022a306ba5309883eacf4967dbbeb36961c73f2ed047d6cf85d2c3ee86c9913e8374be078155a4ffa36d9fa8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0557955e02a6b53dd1d574ede15f310e
+            Version: 3
+            TBS:
+                MD5: f9b558280379fbd2ac831a9850ec9c0e
+                SHA1: c22448dd1388c2011166e2a203fe984bd702f355
+                SHA256: c2f472e92e35af2565c8973f388a3602f43929f9e41befa85cdeff4446c5b9fe
+                SHA384: 5ee6139861e1ad7af4f34277455f9239b9ae156de69550c1f6b567afa2038498f9edb2464632655aac52899243ff84b3
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 7b721d64ff88c83ac1b7e9e7a9c487bbdb9492d7905933fa2b87dea85b80253f138f9b831b7c43c4e68cdf393ec315ecb0da3b21257b24c1725db84791811346fa9c3f6a5138deb425cbf0abdfc528015479104624d1380f26a161904dbabd28e63ff1c4aa9bf6da35534fc9f23dd36cdc23edaaa04d6709f33a803d3cfb364c90e776a4ddf23abf56352fa24c65e8e0d4dad1c7c8916a2d234f373b199418d4d59c103cd5b11c19ff8fc86b9b9ef8ae9c999678d1cd9c51155b4226725a8d0a4a239240e886de22c2933ad49b68a6df297f06b93c0ebd9fc4869c82474271328609997209794b9d7169f541ff7f397764f1848dbe8b1eb27d68a3a590b10cff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0fa8490615d700a0be2176fdc5ec6dbd
+            Version: 3
+            TBS:
+                MD5: a9a31555bbc92b6033975c5428fb3679
+                SHA1: 47f4b9898631773231b32844ec0d49990ac4eb1e
+                SHA256: c826846e4b1d73edb7561ab1b41c949354e237a91e82fe1be5b7e2e1701f52d1
+                SHA384: 86f49574f368a561914a52d7ae043ec6784ef8c718960700f834e123594605d25d39f1ad45f1eb5052c9567f3edd0e16
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 0557955e02a6b53dd1d574ede15f310e
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID Code Signing CA,1
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 382c4767d71156621da4d8ab3193017a
+        SHA1: 20e40fd8dd4465dfd940c017e5cb26819d5cbed7
+        SHA256: cc76cbedaf6062b99e917cf31a8cce723c854d10d1afd041e4ca85ceabb39c4b
+    Sections:
+        .text:
+            Entropy: 6.335598955768239
+            Virtual Size: '0x2133c'
+        .rdata:
+            Entropy: 5.827850078819874
+            Virtual Size: '0x306c'
+        .data:
+            Entropy: 1.9686843664265543
+            Virtual Size: '0x25ac0'
+        .pdata:
+            Entropy: 5.352123698526265
+            Virtual Size: '0x10a4'
+        PAGE:
+            Entropy: 6.236243477409071
+            Virtual Size: '0x19f7'
+        INIT:
+            Entropy: 5.308986664848571
+            Virtual Size: '0x130e'
+        .rsrc:
+            Entropy: 3.3969734355326646
+            Virtual Size: '0x3b8'
+        .reloc:
+            Entropy: 2.585838337225609
+            Virtual Size: '0x4ba'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2018-11-02 05:23:13'
+    Imphash: dd406d43857d7f5ad1b0aec04fdb7e5f
+    LoadsDespiteHVCI: 'TRUE'
+-   Filename: aswArPot.sys
+    MD5: 25190f667f31318dd9a2e36383d5709f
+    SHA1: 6dac7a8fa9589caae0db9d6775361d26011c80b2
+    SHA256: 0f17e5cfc5bdd74aff91bfb1a836071345ba2b5d1b47b0d5bf8e7e0d4d5e2dbf
+    Authentihash:
+        MD5: 7d20fc4bf882c254e43049b35c40abe5
+        SHA1: 38ec7b2b736b7544fae9891c066a3f7231145ba2
+        SHA256: 9e51062d4249945e77c7d3fdecc9797ffc38017465c8068a5f1296bf85ae558c
+    Description: Avast anti rootkit
+    Company: AVAST Software
+    InternalName: aswArPot.sys
+    OriginalFilename: aswArPot.sys
+    FileVersion: 19.3.4224.0
+    Product: 'Avast Antivirus '
+    ProductVersion: 19.3.4224.0
+    Copyright: Copyright (c) 2019 AVAST Software
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - wcschr
+    - MmUnmapLockedPages
+    - _stricmp
+    - _wcsicmp
+    - towlower
+    - _strnicmp
+    - ExAllocatePoolWithTag
+    - PsGetProcessWin32Process
+    - KeClearEvent
+    - RtlVolumeDeviceToDosName
+    - KeQueryActiveProcessors
+    - RtlConvertSidToUnicodeString
+    - IoBuildDeviceIoControlRequest
+    - ExFreePoolWithTag
+    - KeResetEvent
+    - ExReleaseFastMutex
+    - IoGetBaseFileSystemDeviceObject
+    - strncmp
+    - ZwOpenThreadTokenEx
+    - RtlAnsiStringToUnicodeString
+    - ExAcquireFastMutex
+    - PsSetLoadImageNotifyRoutine
+    - _snwprintf
+    - NtBuildNumber
+    - PsRemoveCreateThreadNotifyRoutine
+    - PsLookupProcessByProcessId
+    - ZwQuerySymbolicLinkObject
+    - _wcsnicmp
+    - ZwReadFile
+    - strstr
+    - ZwMapViewOfSection
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeSetEvent
+    - wcsncpy
+    - RtlEqualSid
+    - strchr
+    - IoFreeWorkItem
+    - MmGetSystemRoutineAddress
+    - KeInitializeEvent
+    - PsSetCreateThreadNotifyRoutine
+    - RtlUnicodeStringToAnsiString
+    - _snprintf
+    - RtlGetVersion
+    - ZwQuerySystemInformation
+    - RtlInitString
+    - KeReleaseSpinLock
+    - PsSetCreateProcessNotifyRoutine
+    - ZwOpenSymbolicLinkObject
+    - IoFreeMdl
+    - KeUnstackDetachProcess
+    - ZwOpenProcessTokenEx
+    - ZwSetInformationFile
+    - tolower
+    - KeDelayExecutionThread
+    - ObQueryNameString
+    - strncpy
+    - IoFileObjectType
+    - IoDriverObjectType
+    - wcsrchr
+    - wcsstr
+    - PsCreateSystemThread
+    - MmMapLockedPagesSpecifyCache
+    - IoGetDeviceObjectPointer
+    - ZwUnmapViewOfSection
+    - ExAllocatePool
+    - PsTerminateSystemThread
+    - IoGetCurrentProcess
+    - ExEventObjectType
+    - IoAllocateWorkItem
+    - ZwClose
+    - IofCompleteRequest
+    - ObReferenceObjectByHandle
+    - KeWaitForSingleObject
+    - PsRemoveLoadImageNotifyRoutine
+    - IoGetRequestorProcessId
+    - MmProbeAndLockPages
+    - PsGetVersion
+    - KeRevertToUserAffinityThread
+    - PsThreadType
+    - IoGetDeviceInterfaces
+    - ZwOpenProcess
+    - SeExports
+    - MmUnlockPages
+    - strrchr
+    - ZwQueryInformationProcess
+    - IoCreateSymbolicLink
+    - PsGetCurrentThreadId
+    - PsGetCurrentProcessId
+    - KeSetSystemAffinityThread
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - ZwCreateSection
+    - ObReferenceObjectByName
+    - IoQueueWorkItem
+    - IoDeviceObjectType
+    - ZwOpenFile
+    - wcsncmp
+    - ZwQueryInformationToken
+    - ZwQueryInformationFile
+    - ZwQueryInformationThread
+    - ObOpenObjectByPointer
+    - KeStackAttachProcess
+    - PsLookupThreadByThreadId
+    - ZwEnumerateKey
+    - IoAllocateMdl
+    - IofCallDriver
+    - ZwOpenKey
+    - KeAcquireSpinLockRaiseToDpc
+    - IoThreadToProcess
+    - IoAttachDeviceToDeviceStackSafe
+    - IoDetachDevice
+    - PsInitialSystemProcess
+    - IoCreateDevice
+    - PsProcessType
+    - MmUnmapIoSpace
+    - KeDetachProcess
+    - MmMapIoSpace
+    - KeAttachProcess
+    - ZwDeleteFile
+    - IoBuildSynchronousFsdRequest
+    - NtClose
+    - RtlCompareUnicodeString
+    - ObfReferenceObject
+    - ZwWriteFile
+    - ZwOpenThread
+    - ZwTerminateProcess
+    - RtlEqualUnicodeString
+    - ZwOpenDirectoryObject
+    - KeBugCheck
+    - ZwQueryDirectoryObject
+    - IoFreeIrp
+    - IoAllocateIrp
+    - KdDebuggerNotPresent
+    - KeSetTargetProcessorDpc
+    - KeInitializeDpc
+    - KeInsertQueueDpc
+    - KeNumberProcessors
+    - KeBugCheckEx
+    - ZwSetSecurityObject
+    - RtlLengthSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - RtlCreateSecurityDescriptor
+    - RtlSetDaclSecurityDescriptor
+    - RtlAbsoluteToSelfRelativeSD
+    - IoIsWdmVersionAvailable
+    - RtlLengthSid
+    - RtlAddAccessAllowedAce
+    - RtlGetSaclSecurityDescriptor
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - ZwCreateKey
+    - ZwQueryValueKey
+    - ZwSetValueKey
+    - RtlFreeUnicodeString
+    - RtlQueryRegistryValues
+    - RtlPrefixUnicodeString
+    - ExUnregisterCallback
+    - ExRegisterCallback
+    - ExCreateCallback
+    - __C_specific_handler
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=CZ, L=Praha 4, O=AVAST Software s.r.o., CN=AVAST Software s.r.o.
+            ValidFrom: '2016-09-06 00:00:00'
+            ValidTo: '2019-10-04 12:00:00'
+            Signature: 56220de8a9a65fffbff97ff463c4026ec9be68fe98bfa0b20a722df84322a44dbc98f25b87ee42da3a06a6cedef076de22e0d7e02d41201156875341cd24badedb8aa5afa133e9ed688fc45aeb37a74fbe399828143561fd717fa7bed97cb5d42643494462fef349f3300daff13660a9e50f85d1110de96d1300e0e730d2b6689fd53eb7a72f4f3112dffa2c1caf17cb64c22509d82b5ce1c2181c2faac22fce3981e683183d6da50d1c17dec375c370f5feb5abfbc6dca4cdd47a5b14375870de6dc346361d8997e79f19819f5168f9b01c9aacc210f2322248adc375a2782b64881c6a557677815c39b024555cc0adca920a617e0ecb385eb47213b1553c80
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 07c70f7cab145bc1ed385fbe69fa3130
+            Version: 3
+            TBS:
+                MD5: 2e1a5012cbe8b95785c794bc1c5584c3
+                SHA1: f4753b06b08938794c32c2475cee663143036d08
+                SHA256: fcad609a3259e3ca079248302a7e694f40e66a7090e510c8c3e821d7a8da82a5
+                SHA384: 08a8396996a9ecb96b22a85d6adf3f8b1117f3a880b1d4af12e4de8e8005897a7073d6d5368cb92f701f466ec227e2a6
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
+            Version: 3
+            TBS:
+                MD5: 829995f702421dea833a24fb2c7f4442
+                SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
+                SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
+                SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 07c70f7cab145bc1ed385fbe69fa3130
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 9626b493680953826324d269e208fa60
+        SHA1: 1a458000e2060911a31fcbed8ad9000b98f54944
+        SHA256: ace6a5d1d7b11c6668753f9f17b2bb60f496168179cfd2d50e4e9e66fc41a50f
+    Sections:
+        .text:
+            Entropy: 6.339013885126004
+            Virtual Size: '0x222fc'
+        .rdata:
+            Entropy: 5.8378531100614115
+            Virtual Size: '0x315c'
+        .data:
+            Entropy: 1.978643378313633
+            Virtual Size: '0x25b18'
+        .pdata:
+            Entropy: 5.349965388979516
+            Virtual Size: '0x111c'
+        PAGE:
+            Entropy: 6.235824409373057
+            Virtual Size: '0x19f7'
+        INIT:
+            Entropy: 5.316566552212568
+            Virtual Size: '0x1352'
+        .rsrc:
+            Entropy: 3.3340452179788547
+            Virtual Size: '0x370'
+        .reloc:
+            Entropy: 2.5738028214326922
+            Virtual Size: '0x4c4'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2019-02-25 07:50:54'
+    Imphash: 1aa10b05dee9268d7ce87f5f56ea9ded
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: aswArPot.sys
+    MD5: e7273e17ac85dc4272c4c4400091a19e
+    SHA1: 94b014123412fbe8709b58ec72594f8053037ae9
+    SHA256: 1023dcd4c80db19e9f82f95b1c5e1ddb60db7ac034848dd5cc1c78104a6350f4
+    Authentihash:
+        MD5: 8c2b0e47a2de7bd04758041782b1b2a7
+        SHA1: a7f1025ab664dd61800687724fce31fd3b765d1f
+        SHA256: 60ae64ade82e9364e95f779bbf950571484aa833ece6837489329517012c7757
+    Description: AVG anti rootkit
+    Company: AVG Technologies CZ, s.r.o.
+    InternalName: aswArPot.sys
+    OriginalFilename: aswArPot.sys
+    FileVersion: 18.1.3800.0
+    Product: 'AVG Internet Security System '
+    ProductVersion: 18.1.3800.0
+    Copyright: Copyright (C) 2018 AVG Technologies CZ, s.r.o.
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - wcschr
+    - MmUnmapLockedPages
+    - _stricmp
+    - _wcsicmp
+    - towlower
+    - _strnicmp
+    - ExAllocatePoolWithTag
+    - PsGetProcessWin32Process
+    - KeClearEvent
+    - RtlVolumeDeviceToDosName
+    - KeQueryActiveProcessors
+    - RtlConvertSidToUnicodeString
+    - ExFreePoolWithTag
+    - KeResetEvent
+    - ExReleaseFastMutex
+    - IoGetBaseFileSystemDeviceObject
+    - strncmp
+    - ZwOpenThreadTokenEx
+    - RtlAnsiStringToUnicodeString
+    - ExAcquireFastMutex
+    - PsSetLoadImageNotifyRoutine
+    - _snwprintf
+    - NtBuildNumber
+    - PsRemoveCreateThreadNotifyRoutine
+    - PsLookupProcessByProcessId
+    - ZwQuerySymbolicLinkObject
+    - _wcsnicmp
+    - ZwReadFile
+    - strstr
+    - ZwMapViewOfSection
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeSetEvent
+    - wcsncpy
+    - RtlEqualSid
+    - strchr
+    - IoFreeWorkItem
+    - MmGetSystemRoutineAddress
+    - KeInitializeEvent
+    - PsSetCreateThreadNotifyRoutine
+    - RtlUnicodeStringToAnsiString
+    - _snprintf
+    - RtlGetVersion
+    - ZwQuerySystemInformation
+    - RtlInitString
+    - KeReleaseSpinLock
+    - PsSetCreateProcessNotifyRoutine
+    - ZwOpenSymbolicLinkObject
+    - IoFreeMdl
+    - KeUnstackDetachProcess
+    - ZwOpenProcessTokenEx
+    - ZwSetInformationFile
+    - KeDelayExecutionThread
+    - ObQueryNameString
+    - strncpy
+    - IoFileObjectType
+    - IoDriverObjectType
+    - wcsrchr
+    - wcsstr
+    - PsCreateSystemThread
+    - MmMapLockedPagesSpecifyCache
+    - IoGetDeviceObjectPointer
+    - ZwUnmapViewOfSection
+    - ExAllocatePool
+    - PsTerminateSystemThread
+    - IoGetCurrentProcess
+    - ExEventObjectType
+    - IoAllocateWorkItem
+    - ZwClose
+    - IofCompleteRequest
+    - ObReferenceObjectByHandle
+    - KeWaitForSingleObject
+    - PsRemoveLoadImageNotifyRoutine
+    - IoGetRequestorProcessId
+    - MmProbeAndLockPages
+    - PsGetVersion
+    - KeRevertToUserAffinityThread
+    - PsThreadType
+    - IoGetDeviceInterfaces
+    - ZwOpenProcess
+    - SeExports
+    - MmUnlockPages
+    - strrchr
+    - ZwQueryInformationProcess
+    - IoCreateSymbolicLink
+    - PsGetCurrentThreadId
+    - PsGetCurrentProcessId
+    - KeSetSystemAffinityThread
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - ZwCreateSection
+    - ObReferenceObjectByName
+    - IoQueueWorkItem
+    - IoDeviceObjectType
+    - ZwOpenFile
+    - wcsncmp
+    - ZwQueryInformationToken
+    - ZwQueryInformationFile
+    - ZwQueryInformationThread
+    - ObOpenObjectByPointer
+    - KeStackAttachProcess
+    - PsLookupThreadByThreadId
+    - ZwEnumerateKey
+    - IoAllocateMdl
+    - IofCallDriver
+    - ZwOpenKey
+    - KeAcquireSpinLockRaiseToDpc
+    - IoAttachDeviceToDeviceStackSafe
+    - IoDetachDevice
+    - IoCreateDevice
+    - PsProcessType
+    - KeDetachProcess
+    - KeAttachProcess
+    - ZwDeleteFile
+    - IoBuildSynchronousFsdRequest
+    - NtClose
+    - RtlCompareUnicodeString
+    - ObfReferenceObject
+    - ZwWriteFile
+    - ZwOpenThread
+    - ZwTerminateProcess
+    - RtlEqualUnicodeString
+    - ZwOpenDirectoryObject
+    - KeBugCheck
+    - ZwQueryDirectoryObject
+    - IoFreeIrp
+    - IoAllocateIrp
+    - KdDebuggerNotPresent
+    - KeSetTargetProcessorDpc
+    - IoBuildDeviceIoControlRequest
+    - KeInitializeDpc
+    - KeInsertQueueDpc
+    - KeNumberProcessors
+    - KeBugCheckEx
+    - ZwSetSecurityObject
+    - RtlLengthSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - RtlCreateSecurityDescriptor
+    - RtlSetDaclSecurityDescriptor
+    - RtlAbsoluteToSelfRelativeSD
+    - IoIsWdmVersionAvailable
+    - RtlLengthSid
+    - RtlAddAccessAllowedAce
+    - RtlGetSaclSecurityDescriptor
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - ZwCreateKey
+    - ZwQueryValueKey
+    - ZwSetValueKey
+    - RtlFreeUnicodeString
+    - RtlQueryRegistryValues
+    - RtlPrefixUnicodeString
+    - ExUnregisterCallback
+    - ExRegisterCallback
+    - ExCreateCallback
+    - __C_specific_handler
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=NL, ST=North Holland, L=Amsterdam, O=AVG Netherlands B.V.,
+                CN=AVG Netherlands B.V.
+            ValidFrom: '2015-07-28 00:00:00'
+            ValidTo: '2018-09-25 23:59:59'
+            Signature: 6a77df4c2dc0ab59ee02d60398ece3dbed508ef731dfe2d64ecaeb0d78f918776b40e046c00dc921210237c8fe7f91b4f2101334f5f672eed5cc4a21825bd8be18fc38ca8f190e2e83e527aae99e956a9cb6a1fa9f52658e42b9fc5618bf7e644f9aea6af7409233ba6e92bc6ea8c07677f094369af597f236de3ffeec4f2d4191c825e1273bbafa6ecb7846f430655760a92f40de681304dc230eb1513082bd4249e3fdcd01cb82905f21cdf0d1f68f581e76f8bded6332cca3dcabf7d483c5e64255bca86d876454c614d9c14c961df6ce78555b9d61a482497dc36dc41179970a8ae7e5cba9306d14cfa79b59112dfa0bec9cf9f7f63853a833b146dc33d8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 4b5e1897903602425d3cb25d75c4f4ce
+            Version: 3
+            TBS:
+                MD5: d4ce3e543458edafb2db286a26226b5b
+                SHA1: e1f64883f78595bfbbbb6998babc3eaf8e335749
+                SHA256: 52b100ec65c2b99f058ff89869ced270bf5e6a5db581962a69e073275339e0ae
+                SHA384: e5a09ab56343245e3f9235ebb1ff4a9479cbc13df2787cd70c850b62498f92265d2da9fd39f6bcd0e90e4d8f086e86d4
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 4b5e1897903602425d3cb25d75c4f4ce
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 73f94453db44e5265861f0ce8df39fc1
+        SHA1: 6d710be934482758c43d9d19941be5ed522e371f
+        SHA256: 39835922f0b2a2c24ed5fb74c468f28fc5b2c036c7a219352dc78f7f29ea13c3
+    Sections:
+        .text:
+            Entropy: 6.330956856300409
+            Virtual Size: '0x1f8ec'
+        .rdata:
+            Entropy: 5.8461335830026036
+            Virtual Size: '0x2ff4'
+        .data:
+            Entropy: 1.53386112768171
+            Virtual Size: '0x257d4'
+        .pdata:
+            Entropy: 5.366570445938959
+            Virtual Size: '0x1044'
+        PAGE:
+            Entropy: 6.235845388216762
+            Virtual Size: '0x19f7'
+        INIT:
+            Entropy: 5.313754042377951
+            Virtual Size: '0x12d0'
+        .rsrc:
+            Entropy: 3.3761629235800097
+            Virtual Size: '0x3b8'
+        .reloc:
+            Entropy: 1.8352486494643003
+            Virtual Size: '0x3fe'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2018-02-07 15:49:49'
+    Imphash: 1e8ee6407390a2d52051bec21c771fdb
+    LoadsDespiteHVCI: 'TRUE'
+-   Filename: aswArPot.sys
+    MD5: 812e960977116bf6d6c1ccf8b5dd351f
+    SHA1: 3eea0f5fb180c6f865fc83ac75ef3ad5b1376775
+    SHA256: 1078af0c70e03ac17c7b8aa5ee03593f5decfef2f536716646a4ded1e98c153c
+    Authentihash:
+        MD5: 69e30d791a1b6a41c1ddd2d7394e5a86
+        SHA1: a3c5c7127cd7376ddd3571edccfe8d9ecdc8b623
+        SHA256: 59e004cd839611cbc5f7c061827587dbb120d7aab8d0e44191c0c01aeed9e168
+    Description: AVG anti rootkit
+    Company: AVG Technologies CZ, s.r.o.
+    InternalName: aswArPot.sys
+    OriginalFilename: aswArPot.sys
+    FileVersion: 19.3.4239.0
+    Product: 'AVG Internet Security System '
+    ProductVersion: 19.3.4239.0
+    Copyright: Copyright (C) 2019 AVG Technologies CZ, s.r.o.
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - wcschr
+    - MmUnmapLockedPages
+    - _stricmp
+    - _wcsicmp
+    - towlower
+    - _strnicmp
+    - ExAllocatePoolWithTag
+    - PsGetProcessWin32Process
+    - KeClearEvent
+    - RtlVolumeDeviceToDosName
+    - KeQueryActiveProcessors
+    - RtlConvertSidToUnicodeString
+    - IoBuildDeviceIoControlRequest
+    - ExFreePoolWithTag
+    - KeResetEvent
+    - ExReleaseFastMutex
+    - IoGetBaseFileSystemDeviceObject
+    - strncmp
+    - ZwOpenThreadTokenEx
+    - RtlAnsiStringToUnicodeString
+    - ExAcquireFastMutex
+    - PsSetLoadImageNotifyRoutine
+    - _snwprintf
+    - NtBuildNumber
+    - PsRemoveCreateThreadNotifyRoutine
+    - PsLookupProcessByProcessId
+    - ZwQuerySymbolicLinkObject
+    - _wcsnicmp
+    - ZwReadFile
+    - strstr
+    - ZwMapViewOfSection
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeSetEvent
+    - wcsncpy
+    - RtlEqualSid
+    - strchr
+    - IoFreeWorkItem
+    - MmGetSystemRoutineAddress
+    - KeInitializeEvent
+    - PsSetCreateThreadNotifyRoutine
+    - RtlUnicodeStringToAnsiString
+    - _snprintf
+    - RtlGetVersion
+    - ZwQuerySystemInformation
+    - RtlInitString
+    - KeReleaseSpinLock
+    - PsSetCreateProcessNotifyRoutine
+    - ZwOpenSymbolicLinkObject
+    - IoFreeMdl
+    - KeUnstackDetachProcess
+    - ZwOpenProcessTokenEx
+    - ZwSetInformationFile
+    - tolower
+    - KeDelayExecutionThread
+    - ObQueryNameString
+    - strncpy
+    - IoFileObjectType
+    - IoDriverObjectType
+    - wcsrchr
+    - wcsstr
+    - PsCreateSystemThread
+    - MmMapLockedPagesSpecifyCache
+    - IoGetDeviceObjectPointer
+    - ZwUnmapViewOfSection
+    - ExAllocatePool
+    - PsTerminateSystemThread
+    - IoGetCurrentProcess
+    - ExEventObjectType
+    - IoAllocateWorkItem
+    - ZwClose
+    - IofCompleteRequest
+    - ObReferenceObjectByHandle
+    - KeWaitForSingleObject
+    - PsRemoveLoadImageNotifyRoutine
+    - IoGetRequestorProcessId
+    - MmProbeAndLockPages
+    - PsGetVersion
+    - KeRevertToUserAffinityThread
+    - PsThreadType
+    - IoGetDeviceInterfaces
+    - ZwOpenProcess
+    - SeExports
+    - MmUnlockPages
+    - strrchr
+    - ZwQueryInformationProcess
+    - IoCreateSymbolicLink
+    - PsGetCurrentThreadId
+    - PsGetCurrentProcessId
+    - KeSetSystemAffinityThread
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - ZwCreateSection
+    - ObReferenceObjectByName
+    - IoQueueWorkItem
+    - IoDeviceObjectType
+    - ZwOpenFile
+    - wcsncmp
+    - ZwQueryInformationToken
+    - ZwQueryInformationFile
+    - ZwQueryInformationThread
+    - ObOpenObjectByPointer
+    - KeStackAttachProcess
+    - PsLookupThreadByThreadId
+    - ZwEnumerateKey
+    - IoAllocateMdl
+    - IofCallDriver
+    - ZwOpenKey
+    - KeAcquireSpinLockRaiseToDpc
+    - IoThreadToProcess
+    - IoAttachDeviceToDeviceStackSafe
+    - IoDetachDevice
+    - PsInitialSystemProcess
+    - IoCreateDevice
+    - PsProcessType
+    - MmUnmapIoSpace
+    - KeDetachProcess
+    - MmMapIoSpace
+    - KeAttachProcess
+    - ZwDeleteFile
+    - IoBuildSynchronousFsdRequest
+    - NtClose
+    - RtlCompareUnicodeString
+    - ObfReferenceObject
+    - ZwWriteFile
+    - ZwOpenThread
+    - ZwTerminateProcess
+    - RtlEqualUnicodeString
+    - ZwOpenDirectoryObject
+    - KeBugCheck
+    - ZwQueryDirectoryObject
+    - IoFreeIrp
+    - IoAllocateIrp
+    - KdDebuggerNotPresent
+    - KeSetTargetProcessorDpc
+    - KeInitializeDpc
+    - KeInsertQueueDpc
+    - KeNumberProcessors
+    - KeBugCheckEx
+    - ZwSetSecurityObject
+    - RtlLengthSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - RtlCreateSecurityDescriptor
+    - RtlSetDaclSecurityDescriptor
+    - RtlAbsoluteToSelfRelativeSD
+    - IoIsWdmVersionAvailable
+    - RtlLengthSid
+    - RtlAddAccessAllowedAce
+    - RtlGetSaclSecurityDescriptor
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - ZwCreateKey
+    - ZwQueryValueKey
+    - ZwSetValueKey
+    - RtlFreeUnicodeString
+    - RtlQueryRegistryValues
+    - RtlPrefixUnicodeString
+    - ExUnregisterCallback
+    - ExRegisterCallback
+    - ExCreateCallback
+    - __C_specific_handler
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID Root CA
+            ValidFrom: '2011-04-15 19:41:37'
+            ValidTo: '2021-04-15 19:51:37'
+            Signature: 5cf5b22d02ceed01b53512d813f7aa4014c7a15ca08a55ed7e55ea6ac457176fd04722423658efc5ac61c5f62c52ce6ae6c80d85dab334420ea40225182672b92a4ea57e4b16f2a0e40c449ce24d9af474f0f927a6699031c244654348c74869d0fc8409f286140ac22996857f11eb8713176ed3ec6bff1d578ab17b1ea5a07ce9a27a68e5fac6b161d67263fa379163835599f81d614f0c6fa3f7bcb1152acc8d85e31417ef7e49443fb022c0f0acbe2fdbe10c86b0f4585c5a10a94bcdf3448a4652083e0a6210e9459504b78b8d4b074f500db7bbe7fb8ca27878c6c53b7663b2cfe521845a66fce04c79834ecfa8ee700586587cc29cd73ca3ad3c7e76625c87d0ed7cd5c55b1421f4be75a275d2e9e15ad020307841624d6b5e6e1b1710244ad8588775d015d762bbfd185665842561977faad49df4f35d6da031c2e19e02ac3e90c3327ee832903416d08b14cf95accee58c54a265b8bfed186a57073ed3e79a4a2f081a041c49871a8ae61b08a365d81c31c50d9cbab368ddf45076160675fec403e7d13edfdc862e10027e661296534e7af3365879b12042d8963f35be3f8ef2999743f5e40ce13c68728c8d49d75a52b573fb7a35943a61b08482c04885c19732d39b725fa0d2348f7ef0467cf28c7294c707b0d7b5b230b81965f09c8327b0a0abd0a2727e050fb3aeddb95b9b42bcc32663456b86f11d4643edc8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611cb28a000000000026
+            Version: 3
+            TBS:
+                MD5: 983a0c315a50542362f2bd6a5d71c8d0
+                SHA1: 8047f476001f5cb16a661d2a3fd0c3576168f5e2
+                SHA256: 5f6a519ed2e35cd0fa1cdfc90f4387162c36287bbf9e4d6648251d99542a9e83
+                SHA384: 5f014b60511ddab3247ef0b3c03fe82c622237ba76015e2911d1adc50dc632d56ebd1ee532f3c2b6cbfe68d80a2c91dc
+        -   Subject: C=US, ST=North Carolina, L=Newton, O=AVG Technologies USA, Inc.,
+                OU=Release Engineering, CN=AVG Technologies USA, Inc.
+            ValidFrom: '2018-01-30 00:00:00'
+            ValidTo: '2021-01-22 12:00:00'
+            Signature: 64a3846966f4f2a1ffd87657c43ac13664775a70d059fd4447ee6588de3e0bf2b1a228291c0a01222cab6b4bbbcaabb94662396476d5525c952e7fd0048588028be1ba1c55c1ac200b523e7234ded93661acf83becee39c27823e22ec23d4ff8266eea3241ed9fbfd6bba155c7c39ed31db5e810dd7ea0858b0a2e9b824f23b9002f04e35375d54e5237f575e221914fd6a11590fdac7bc2ee5d66eb08e3c560414f6144111bef12350d70d9bdc513fb8d2407de5f1c7cca824feb4fb2a51057c2609f8d6419078879d64840ed870385d645f08f022a306ba5309883eacf4967dbbeb36961c73f2ed047d6cf85d2c3ee86c9913e8374be078155a4ffa36d9fa8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0557955e02a6b53dd1d574ede15f310e
+            Version: 3
+            TBS:
+                MD5: f9b558280379fbd2ac831a9850ec9c0e
+                SHA1: c22448dd1388c2011166e2a203fe984bd702f355
+                SHA256: c2f472e92e35af2565c8973f388a3602f43929f9e41befa85cdeff4446c5b9fe
+                SHA384: 5ee6139861e1ad7af4f34277455f9239b9ae156de69550c1f6b567afa2038498f9edb2464632655aac52899243ff84b3
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 7b721d64ff88c83ac1b7e9e7a9c487bbdb9492d7905933fa2b87dea85b80253f138f9b831b7c43c4e68cdf393ec315ecb0da3b21257b24c1725db84791811346fa9c3f6a5138deb425cbf0abdfc528015479104624d1380f26a161904dbabd28e63ff1c4aa9bf6da35534fc9f23dd36cdc23edaaa04d6709f33a803d3cfb364c90e776a4ddf23abf56352fa24c65e8e0d4dad1c7c8916a2d234f373b199418d4d59c103cd5b11c19ff8fc86b9b9ef8ae9c999678d1cd9c51155b4226725a8d0a4a239240e886de22c2933ad49b68a6df297f06b93c0ebd9fc4869c82474271328609997209794b9d7169f541ff7f397764f1848dbe8b1eb27d68a3a590b10cff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0fa8490615d700a0be2176fdc5ec6dbd
+            Version: 3
+            TBS:
+                MD5: a9a31555bbc92b6033975c5428fb3679
+                SHA1: 47f4b9898631773231b32844ec0d49990ac4eb1e
+                SHA256: c826846e4b1d73edb7561ab1b41c949354e237a91e82fe1be5b7e2e1701f52d1
+                SHA384: 86f49574f368a561914a52d7ae043ec6784ef8c718960700f834e123594605d25d39f1ad45f1eb5052c9567f3edd0e16
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 0557955e02a6b53dd1d574ede15f310e
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID Code Signing CA,1
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 9626b493680953826324d269e208fa60
+        SHA1: 1a458000e2060911a31fcbed8ad9000b98f54944
+        SHA256: ace6a5d1d7b11c6668753f9f17b2bb60f496168179cfd2d50e4e9e66fc41a50f
+    Sections:
+        .text:
+            Entropy: 6.339013885126004
+            Virtual Size: '0x222fc'
+        .rdata:
+            Entropy: 5.837026711574128
+            Virtual Size: '0x315c'
+        .data:
+            Entropy: 1.978643378313633
+            Virtual Size: '0x25b18'
+        .pdata:
+            Entropy: 5.349965388979516
+            Virtual Size: '0x111c'
+        PAGE:
+            Entropy: 6.235824409373057
+            Virtual Size: '0x19f7'
+        INIT:
+            Entropy: 5.316566552212568
+            Virtual Size: '0x1352'
+        .rsrc:
+            Entropy: 3.3974399348294853
+            Virtual Size: '0x3b8'
+        .reloc:
+            Entropy: 2.5738028214326922
+            Virtual Size: '0x4c4'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2019-03-07 03:04:31'
+    Imphash: 1aa10b05dee9268d7ce87f5f56ea9ded
+    LoadsDespiteHVCI: 'TRUE'
+-   Filename: aswArPot.sys
+    MD5: 595363661db3e50acc4de05b0215cc6f
+    SHA1: ec8c0b2f49756b8784b3523e70cd8821b05b95eb
+    SHA256: 1273b74c3c1553eaa92e844fbd51f716356cc19cf77c2c780d4899ec7738fbd1
+    Authentihash:
+        MD5: 7890348aaadad057268d7273afd85c2f
+        SHA1: 276a8ba9fddb74586e3f50d49a784c0180619a86
+        SHA256: 68043583bc2f3fc1ca11458e8b921dce2573afdc04bd20ba85eeb806d884eb6f
+    Description: Avast anti rootkit
+    Company: AVAST Software
+    InternalName: aswArPot.sys
+    OriginalFilename: aswArPot.sys
+    FileVersion: 18.5.3926.0
+    Product: 'Avast Antivirus '
+    ProductVersion: 18.5.3926.0
+    Copyright: Copyright (c) 2018 AVAST Software
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - wcschr
+    - MmUnmapLockedPages
+    - _stricmp
+    - _wcsicmp
+    - towlower
+    - _strnicmp
+    - ExAllocatePoolWithTag
+    - PsGetProcessWin32Process
+    - KeClearEvent
+    - RtlVolumeDeviceToDosName
+    - KeQueryActiveProcessors
+    - RtlConvertSidToUnicodeString
+    - ExFreePoolWithTag
+    - KeResetEvent
+    - ExReleaseFastMutex
+    - IoGetBaseFileSystemDeviceObject
+    - strncmp
+    - ZwOpenThreadTokenEx
+    - RtlAnsiStringToUnicodeString
+    - ExAcquireFastMutex
+    - PsSetLoadImageNotifyRoutine
+    - _snwprintf
+    - NtBuildNumber
+    - PsRemoveCreateThreadNotifyRoutine
+    - PsLookupProcessByProcessId
+    - ZwQuerySymbolicLinkObject
+    - _wcsnicmp
+    - ZwReadFile
+    - strstr
+    - ZwMapViewOfSection
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeSetEvent
+    - wcsncpy
+    - RtlEqualSid
+    - strchr
+    - IoFreeWorkItem
+    - MmGetSystemRoutineAddress
+    - KeInitializeEvent
+    - PsSetCreateThreadNotifyRoutine
+    - RtlUnicodeStringToAnsiString
+    - _snprintf
+    - RtlGetVersion
+    - ZwQuerySystemInformation
+    - RtlInitString
+    - KeReleaseSpinLock
+    - PsSetCreateProcessNotifyRoutine
+    - ZwOpenSymbolicLinkObject
+    - IoFreeMdl
+    - KeUnstackDetachProcess
+    - ZwOpenProcessTokenEx
+    - ZwSetInformationFile
+    - KeDelayExecutionThread
+    - ObQueryNameString
+    - strncpy
+    - IoFileObjectType
+    - IoDriverObjectType
+    - wcsrchr
+    - wcsstr
+    - PsCreateSystemThread
+    - MmMapLockedPagesSpecifyCache
+    - IoGetDeviceObjectPointer
+    - ZwUnmapViewOfSection
+    - ExAllocatePool
+    - PsTerminateSystemThread
+    - IoGetCurrentProcess
+    - ExEventObjectType
+    - IoAllocateWorkItem
+    - ZwClose
+    - IofCompleteRequest
+    - ObReferenceObjectByHandle
+    - KeWaitForSingleObject
+    - PsRemoveLoadImageNotifyRoutine
+    - IoGetRequestorProcessId
+    - MmProbeAndLockPages
+    - PsGetVersion
+    - KeRevertToUserAffinityThread
+    - PsThreadType
+    - IoGetDeviceInterfaces
+    - ZwOpenProcess
+    - SeExports
+    - MmUnlockPages
+    - strrchr
+    - ZwQueryInformationProcess
+    - IoCreateSymbolicLink
+    - PsGetCurrentThreadId
+    - PsGetCurrentProcessId
+    - KeSetSystemAffinityThread
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - ZwCreateSection
+    - ObReferenceObjectByName
+    - IoQueueWorkItem
+    - IoDeviceObjectType
+    - ZwOpenFile
+    - wcsncmp
+    - ZwQueryInformationToken
+    - ZwQueryInformationFile
+    - ZwQueryInformationThread
+    - ObOpenObjectByPointer
+    - KeStackAttachProcess
+    - PsLookupThreadByThreadId
+    - ZwEnumerateKey
+    - IoAllocateMdl
+    - IofCallDriver
+    - ZwOpenKey
+    - KeAcquireSpinLockRaiseToDpc
+    - IoThreadToProcess
+    - IoAttachDeviceToDeviceStackSafe
+    - IoDetachDevice
+    - PsInitialSystemProcess
+    - IoCreateDevice
+    - PsProcessType
+    - KeDetachProcess
+    - KeAttachProcess
+    - ZwDeleteFile
+    - IoBuildSynchronousFsdRequest
+    - NtClose
+    - RtlCompareUnicodeString
+    - ObfReferenceObject
+    - ZwWriteFile
+    - ZwOpenThread
+    - ZwTerminateProcess
+    - RtlEqualUnicodeString
+    - ZwOpenDirectoryObject
+    - KeBugCheck
+    - ZwQueryDirectoryObject
+    - IoFreeIrp
+    - IoAllocateIrp
+    - KdDebuggerNotPresent
+    - KeSetTargetProcessorDpc
+    - IoBuildDeviceIoControlRequest
+    - KeInitializeDpc
+    - KeInsertQueueDpc
+    - KeNumberProcessors
+    - KeBugCheckEx
+    - ZwSetSecurityObject
+    - RtlLengthSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - RtlCreateSecurityDescriptor
+    - RtlSetDaclSecurityDescriptor
+    - RtlAbsoluteToSelfRelativeSD
+    - IoIsWdmVersionAvailable
+    - RtlLengthSid
+    - RtlAddAccessAllowedAce
+    - RtlGetSaclSecurityDescriptor
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - ZwCreateKey
+    - ZwQueryValueKey
+    - ZwSetValueKey
+    - RtlFreeUnicodeString
+    - RtlQueryRegistryValues
+    - RtlPrefixUnicodeString
+    - ExUnregisterCallback
+    - ExRegisterCallback
+    - ExCreateCallback
+    - __C_specific_handler
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=CZ, L=Praha 4, O=AVAST Software s.r.o., CN=AVAST Software s.r.o.
+            ValidFrom: '2016-09-06 00:00:00'
+            ValidTo: '2019-10-04 12:00:00'
+            Signature: 56220de8a9a65fffbff97ff463c4026ec9be68fe98bfa0b20a722df84322a44dbc98f25b87ee42da3a06a6cedef076de22e0d7e02d41201156875341cd24badedb8aa5afa133e9ed688fc45aeb37a74fbe399828143561fd717fa7bed97cb5d42643494462fef349f3300daff13660a9e50f85d1110de96d1300e0e730d2b6689fd53eb7a72f4f3112dffa2c1caf17cb64c22509d82b5ce1c2181c2faac22fce3981e683183d6da50d1c17dec375c370f5feb5abfbc6dca4cdd47a5b14375870de6dc346361d8997e79f19819f5168f9b01c9aacc210f2322248adc375a2782b64881c6a557677815c39b024555cc0adca920a617e0ecb385eb47213b1553c80
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 07c70f7cab145bc1ed385fbe69fa3130
+            Version: 3
+            TBS:
+                MD5: 2e1a5012cbe8b95785c794bc1c5584c3
+                SHA1: f4753b06b08938794c32c2475cee663143036d08
+                SHA256: fcad609a3259e3ca079248302a7e694f40e66a7090e510c8c3e821d7a8da82a5
+                SHA384: 08a8396996a9ecb96b22a85d6adf3f8b1117f3a880b1d4af12e4de8e8005897a7073d6d5368cb92f701f466ec227e2a6
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
+            Version: 3
+            TBS:
+                MD5: 829995f702421dea833a24fb2c7f4442
+                SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
+                SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
+                SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 07c70f7cab145bc1ed385fbe69fa3130
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 382c4767d71156621da4d8ab3193017a
+        SHA1: 20e40fd8dd4465dfd940c017e5cb26819d5cbed7
+        SHA256: cc76cbedaf6062b99e917cf31a8cce723c854d10d1afd041e4ca85ceabb39c4b
+    Sections:
+        .text:
+            Entropy: 6.3325058070978955
+            Virtual Size: '0x2055c'
+        .rdata:
+            Entropy: 5.833104784529011
+            Virtual Size: '0x3054'
+        .data:
+            Entropy: 1.7175014889289248
+            Virtual Size: '0x25834'
+        .pdata:
+            Entropy: 5.361018425197471
+            Virtual Size: '0x1080'
+        PAGE:
+            Entropy: 6.239589873252345
+            Virtual Size: '0x19f7'
+        INIT:
+            Entropy: 5.290568113447651
+            Virtual Size: '0x130e'
+        .rsrc:
+            Entropy: 3.345730921274483
+            Virtual Size: '0x370'
+        .reloc:
+            Entropy: 1.9886948791060113
+            Virtual Size: '0x438'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2018-06-12 01:27:49'
+    Imphash: 18502b56d9ea5dea7f9d31ef85db31d5
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: aswArPot.sys
+    MD5: 6212832f13b296ddbc85b24e22edb5ec
+    SHA1: 492a47426b04f00c0d5b711ad8c872aad3aa3a1d
+    SHA256: 14adbf0bc43414a7700e5403100cff7fc6ade50bebfab16a17acf2fdda5a9da8
+    Authentihash:
+        MD5: 4031a1ee3682bcfb0b50423708cffc54
+        SHA1: 6f4648a7e5aba2e64d62f00d72da0d5735ebea8a
+        SHA256: e5183eda50e2c42d2ed10c015be87dff774da180928c076e99888b0d6a931df5
+    Description: Avast anti rootkit
+    Company: AVAST Software
+    InternalName: aswArPot.sys
+    OriginalFilename: aswArPot.sys
+    FileVersion: 17.9.3754.0
+    Product: 'Avast Antivirus '
+    ProductVersion: 17.9.3754.0
+    Copyright: Copyright (c) 2014 AVAST Software
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - wcschr
+    - MmUnmapLockedPages
+    - _stricmp
+    - _wcsicmp
+    - towlower
+    - _strnicmp
+    - ExAllocatePoolWithTag
+    - PsGetProcessWin32Process
+    - KeClearEvent
+    - RtlVolumeDeviceToDosName
+    - KeQueryActiveProcessors
+    - RtlConvertSidToUnicodeString
+    - ExFreePoolWithTag
+    - KeResetEvent
+    - ExReleaseFastMutex
+    - IoGetBaseFileSystemDeviceObject
+    - strncmp
+    - ZwOpenThreadTokenEx
+    - RtlAnsiStringToUnicodeString
+    - ExAcquireFastMutex
+    - PsSetLoadImageNotifyRoutine
+    - _snwprintf
+    - NtBuildNumber
+    - PsRemoveCreateThreadNotifyRoutine
+    - PsLookupProcessByProcessId
+    - ZwQuerySymbolicLinkObject
+    - _wcsnicmp
+    - ZwReadFile
+    - strstr
+    - ZwMapViewOfSection
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeSetEvent
+    - wcsncpy
+    - RtlEqualSid
+    - strchr
+    - IoFreeWorkItem
+    - MmGetSystemRoutineAddress
+    - KeInitializeEvent
+    - PsSetCreateThreadNotifyRoutine
+    - RtlUnicodeStringToAnsiString
+    - _snprintf
+    - RtlGetVersion
+    - ZwQuerySystemInformation
+    - RtlInitString
+    - KeReleaseSpinLock
+    - PsSetCreateProcessNotifyRoutine
+    - ZwOpenSymbolicLinkObject
+    - IoFreeMdl
+    - KeUnstackDetachProcess
+    - ZwOpenProcessTokenEx
+    - ZwSetInformationFile
+    - KeDelayExecutionThread
+    - ObQueryNameString
+    - strncpy
+    - IoFileObjectType
+    - IoDriverObjectType
+    - wcsrchr
+    - wcsstr
+    - PsCreateSystemThread
+    - MmMapLockedPagesSpecifyCache
+    - IoGetDeviceObjectPointer
+    - ZwUnmapViewOfSection
+    - ExAllocatePool
+    - PsTerminateSystemThread
+    - IoGetCurrentProcess
+    - ExEventObjectType
+    - IoAllocateWorkItem
+    - ZwClose
+    - IofCompleteRequest
+    - ObReferenceObjectByHandle
+    - KeWaitForSingleObject
+    - PsRemoveLoadImageNotifyRoutine
+    - IoGetRequestorProcessId
+    - MmProbeAndLockPages
+    - PsGetVersion
+    - KeRevertToUserAffinityThread
+    - PsThreadType
+    - IoGetDeviceInterfaces
+    - ZwOpenProcess
+    - SeExports
+    - MmUnlockPages
+    - strrchr
+    - ZwQueryInformationProcess
+    - IoCreateSymbolicLink
+    - PsGetCurrentThreadId
+    - PsGetCurrentProcessId
+    - KeSetSystemAffinityThread
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - ZwCreateSection
+    - ObReferenceObjectByName
+    - IoQueueWorkItem
+    - IoDeviceObjectType
+    - ZwOpenFile
+    - wcsncmp
+    - ZwQueryInformationToken
+    - ZwQueryInformationFile
+    - ZwQueryInformationThread
+    - ObOpenObjectByPointer
+    - KeStackAttachProcess
+    - PsLookupThreadByThreadId
+    - ZwEnumerateKey
+    - IoAllocateMdl
+    - IofCallDriver
+    - ZwOpenKey
+    - KeAcquireSpinLockRaiseToDpc
+    - IoAttachDeviceToDeviceStackSafe
+    - IoDetachDevice
+    - IoCreateDevice
+    - PsProcessType
+    - KeDetachProcess
+    - KeAttachProcess
+    - ZwDeleteFile
+    - IoBuildSynchronousFsdRequest
+    - NtClose
+    - RtlCompareUnicodeString
+    - ObfReferenceObject
+    - ZwWriteFile
+    - ZwOpenThread
+    - ZwTerminateProcess
+    - RtlEqualUnicodeString
+    - ZwOpenDirectoryObject
+    - KeBugCheck
+    - ZwQueryDirectoryObject
+    - IoFreeIrp
+    - IoAllocateIrp
+    - KdDebuggerNotPresent
+    - KeSetTargetProcessorDpc
+    - IoBuildDeviceIoControlRequest
+    - KeInitializeDpc
+    - KeInsertQueueDpc
+    - KeNumberProcessors
+    - KeBugCheckEx
+    - ZwSetSecurityObject
+    - RtlLengthSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - RtlCreateSecurityDescriptor
+    - RtlSetDaclSecurityDescriptor
+    - RtlAbsoluteToSelfRelativeSD
+    - IoIsWdmVersionAvailable
+    - RtlLengthSid
+    - RtlAddAccessAllowedAce
+    - RtlGetSaclSecurityDescriptor
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - ZwCreateKey
+    - ZwQueryValueKey
+    - ZwSetValueKey
+    - RtlFreeUnicodeString
+    - RtlQueryRegistryValues
+    - RtlPrefixUnicodeString
+    - ExUnregisterCallback
+    - ExRegisterCallback
+    - ExCreateCallback
+    - __C_specific_handler
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=CZ, L=Praha 4, O=AVAST Software s.r.o., CN=AVAST Software s.r.o.
+            ValidFrom: '2016-09-06 00:00:00'
+            ValidTo: '2019-10-04 12:00:00'
+            Signature: 56220de8a9a65fffbff97ff463c4026ec9be68fe98bfa0b20a722df84322a44dbc98f25b87ee42da3a06a6cedef076de22e0d7e02d41201156875341cd24badedb8aa5afa133e9ed688fc45aeb37a74fbe399828143561fd717fa7bed97cb5d42643494462fef349f3300daff13660a9e50f85d1110de96d1300e0e730d2b6689fd53eb7a72f4f3112dffa2c1caf17cb64c22509d82b5ce1c2181c2faac22fce3981e683183d6da50d1c17dec375c370f5feb5abfbc6dca4cdd47a5b14375870de6dc346361d8997e79f19819f5168f9b01c9aacc210f2322248adc375a2782b64881c6a557677815c39b024555cc0adca920a617e0ecb385eb47213b1553c80
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 07c70f7cab145bc1ed385fbe69fa3130
+            Version: 3
+            TBS:
+                MD5: 2e1a5012cbe8b95785c794bc1c5584c3
+                SHA1: f4753b06b08938794c32c2475cee663143036d08
+                SHA256: fcad609a3259e3ca079248302a7e694f40e66a7090e510c8c3e821d7a8da82a5
+                SHA384: 08a8396996a9ecb96b22a85d6adf3f8b1117f3a880b1d4af12e4de8e8005897a7073d6d5368cb92f701f466ec227e2a6
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
+            Version: 3
+            TBS:
+                MD5: 829995f702421dea833a24fb2c7f4442
+                SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
+                SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
+                SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 07c70f7cab145bc1ed385fbe69fa3130
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 9f01ca8ed93b73533b4b894bfa79f4bd
+        SHA1: 017d43c1c1f23212519d8de54caf8049bb59aae7
+        SHA256: abb9be2d564989154e22b1dc4541f92c7859f64b7417c281aee3656fa0a4979d
+    Sections:
+        .text:
+            Entropy: 6.318649585727606
+            Virtual Size: '0x1de5c'
+        .rdata:
+            Entropy: 5.864385224996639
+            Virtual Size: '0x2e6c'
+        .data:
+            Entropy: 1.7814286677447535
+            Virtual Size: '0x25654'
+        .pdata:
+            Entropy: 5.356926069292097
+            Virtual Size: '0xf78'
+        PAGE:
+            Entropy: 6.246816071025832
+            Virtual Size: '0x19f7'
+        INIT:
+            Entropy: 5.302313382373697
+            Virtual Size: '0x12d0'
+        .rsrc:
+            Entropy: 3.3479742945142976
+            Virtual Size: '0x370'
+        .reloc:
+            Entropy: 1.8405309177627724
+            Virtual Size: '0x3dc'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2017-12-12 11:36:29'
+    Imphash: 1e8ee6407390a2d52051bec21c771fdb
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: aswArPot.sys
+    MD5: cc8855fe30a9cdef895177a4cf1a3dad
+    SHA1: 07c244739803f60a75d60347c17edc02d5d10b5d
+    SHA256: 17687cba00ec2c9036dd3cb5430aa1f4851e64990dafb4c8f06d88de5283d6ca
+    Authentihash:
+        MD5: 3e14e8314e37d819e12a94610e0c7efc
+        SHA1: c9e2da8df3086536c3fb8973c1848a39b9074bd1
+        SHA256: a465cfa7a0bd76dfe8f261661d348e25d1a6a3975673336f90878618f2e6c21b
+    Description: Avast Anti Rootkit
+    Company: AVAST Software
+    InternalName: aswArPot
+    OriginalFilename: aswArPot.sys
+    FileVersion: 20.8.137.0
+    Product: 'Avast Antivirus '
+    ProductVersion: 20.8.137.0
+    Copyright: Copyright (c) 2020 AVAST Software
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - __C_specific_handler
+    - KeDelayExecutionThread
+    - IoAllocateWorkItem
+    - MmIsAddressValid
+    - MmUnlockPages
+    - ExAllocatePool
+    - RtlAnsiStringToUnicodeString
+    - KeAcquireSpinLockRaiseToDpc
+    - ZwQuerySystemInformation
+    - PsRemoveLoadImageNotifyRoutine
+    - ZwUnmapViewOfSection
+    - ZwQuerySymbolicLinkObject
+    - MmProbeAndLockPages
+    - RtlVolumeDeviceToDosName
+    - PsSetLoadImageNotifyRoutine
+    - IoGetRequestorProcessId
+    - ZwReadFile
+    - ObQueryNameString
+    - ZwOpenThreadTokenEx
+    - ZwOpenProcessTokenEx
+    - towlower
+    - NtBuildNumber
+    - ExReleaseFastMutex
+    - _wcsicmp
+    - _snwprintf
+    - RtlConvertSidToUnicodeString
+    - ObfDereferenceObject
+    - IoAllocateMdl
+    - ZwCreateSection
+    - ZwQueryInformationProcess
+    - PsGetProcessId
+    - PsCreateSystemThread
+    - ZwQueryInformationThread
+    - RtlInitUnicodeString
+    - ZwOpenSymbolicLinkObject
+    - tolower
+    - PsRemoveCreateThreadNotifyRoutine
+    - IoDeleteDevice
+    - IoBuildDeviceIoControlRequest
+    - wcsncpy
+    - IoGetDeviceObjectPointer
+    - IoGetCurrentProcess
+    - ObOpenObjectByPointer
+    - strncpy
+    - KeReleaseSpinLock
+    - _strnicmp
+    - IoFileObjectType
+    - KeStackAttachProcess
+    - PsLookupProcessByProcessId
+    - PsGetCurrentProcessId
+    - KeSetEvent
+    - PsThreadType
+    - RtlUnicodeStringToAnsiString
+    - ZwQueryInformationToken
+    - ZwMapViewOfSection
+    - strncmp
+    - ObReferenceObjectByHandle
+    - RtlGetVersion
+    - PsGetThreadId
+    - PsGetVersion
+    - KeClearEvent
+    - IoGetBaseFileSystemDeviceObject
+    - wcschr
+    - ZwSetInformationFile
+    - ZwEnumerateKey
+    - IoFreeMdl
+    - wcsstr
+    - ExAcquireFastMutex
+    - MmGetSystemRoutineAddress
+    - IoFreeWorkItem
+    - _stricmp
+    - ExAllocatePoolWithTag
+    - RtlInitString
+    - IofCallDriver
+    - IoDeviceObjectType
+    - _snprintf
+    - ExFreePoolWithTag
+    - ZwOpenFile
+    - KeSetSystemAffinityThread
+    - strstr
+    - KeInitializeEvent
+    - ObReferenceObjectByName
+    - strchr
+    - _wcsnicmp
+    - KeQueryActiveProcessors
+    - RtlEqualSid
+    - IoQueueWorkItem
+    - MmUnmapLockedPages
+    - MmMapLockedPagesSpecifyCache
+    - PsSetCreateThreadNotifyRoutine
+    - PsGetCurrentThreadId
+    - IofCompleteRequest
+    - PsGetProcessWin32Process
+    - ExEventObjectType
+    - ZwQueryInformationFile
+    - KeWaitForSingleObject
+    - IoCreateSymbolicLink
+    - PsSetCreateProcessNotifyRoutine
+    - IoDriverObjectType
+    - PsLookupThreadByThreadId
+    - IoGetDeviceInterfaces
+    - ZwClose
+    - PsTerminateSystemThread
+    - wcsrchr
+    - strrchr
+    - SeExports
+    - KeUnstackDetachProcess
+    - KeResetEvent
+    - KeRevertToUserAffinityThread
+    - ZwOpenProcess
+    - wcsncmp
+    - ZwOpenKey
+    - PsGetThreadProcess
+    - IoDetachDevice
+    - IoAttachDeviceToDeviceStackSafe
+    - IoThreadToProcess
+    - PsInitialSystemProcess
+    - IoCreateDevice
+    - KeInsertQueueDpc
+    - KeNumberProcessors
+    - KeInitializeDpc
+    - KeSetTargetProcessorDpc
+    - PsProcessType
+    - MmMapIoSpace
+    - MmUnmapIoSpace
+    - ZwDeleteFile
+    - KeAttachProcess
+    - KeDetachProcess
+    - RtlCompareUnicodeString
+    - ZwWriteFile
+    - NtClose
+    - ObfReferenceObject
+    - IoBuildSynchronousFsdRequest
+    - ZwOpenThread
+    - ZwTerminateProcess
+    - RtlEqualUnicodeString
+    - IoFreeIrp
+    - ZwQueryDirectoryObject
+    - KeBugCheck
+    - ZwOpenDirectoryObject
+    - IoAllocateIrp
+    - KdDebuggerNotPresent
+    - ZwSetSecurityObject
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - RtlGetSaclSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - RtlLengthSecurityDescriptor
+    - RtlCreateSecurityDescriptor
+    - RtlAbsoluteToSelfRelativeSD
+    - RtlAddAccessAllowedAce
+    - RtlLengthSid
+    - IoIsWdmVersionAvailable
+    - RtlSetDaclSecurityDescriptor
+    - ZwSetValueKey
+    - ZwQueryValueKey
+    - ZwCreateKey
+    - RtlFreeUnicodeString
+    - KeBugCheckEx
+    - RtlQueryRegistryValues
+    - RtlPrefixUnicodeString
+    - ExRegisterCallback
+    - ExCreateCallback
+    - ExUnregisterCallback
+    - strcmp
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=CZ, L=Praha, O=Avast Software s.r.o., OU=RE 999, CN=Avast Software
+                s.r.o.
+            ValidFrom: '2019-12-02 00:00:00'
+            ValidTo: '2022-10-19 12:00:00'
+            Signature: 874d04f17ffc50e66100207e56ecc8ae7e81c1957a7600295ead9db28842c7c05e06e8e28ccfc1e9d45d7a55d6d4a2fb74d72600a79ef5bfa53acaa4f3a4fcaf90a2554fc37742dd44c83a90880f948f5538637c0d999b03ebbf20cc001293a5639d44ad950cacfce2a337f7a24b817a5b85df89f6acf49974adee1d867373e6534a3f3558e59f87d06afe5744ec575b66c76110a595471007b209c591984f0ff20ea4c87ac405c85f42f0b105b04ec2ced11ca9cfb6aef21a3c6ae9ccd2a9cb4a9f78244751b15bfccb32ec3a52d44258bad6fc6d9f24c24700e9e1c4c0c29b9db4683c526a92934d72367620c6a89119e7a678597d7603c62b1c22f54edfad
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03f02aca051d1c9330eeabd3706e836f
+            Version: 3
+            TBS:
+                MD5: f251d9cde0901fb67831855b4a592b51
+                SHA1: cd0ac068faea4b875ded287512f20b6ba8dcb457
+                SHA256: 247e040822854e1a4cbc3488782a9e96db6bffa9bdfe36406a46e3f88695d423
+                SHA384: c6a765c300f3ee36604e9c51a9fcd18071b0cd0bd15b3ad69350f04a0b1b5ef7b71556af698a1e8988bf91cd8b2a6104
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
+            Version: 3
+            TBS:
+                MD5: 829995f702421dea833a24fb2c7f4442
+                SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
+                SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
+                SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 03f02aca051d1c9330eeabd3706e836f
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            Version: 1
+    RichPEHeaderHash:
+        MD5: e8033ae063a3483aec0d2fa55081ff62
+        SHA1: fef047c18b115c601ddfd833e1cb5784ca1afbd7
+        SHA256: fe30a08a31a5f4687353c7b08444b72fb6402a51b0586f0ade667983f833c4a5
+    Sections:
+        .text:
+            Entropy: 6.382014580840617
+            Virtual Size: '0x21e62'
+        .rdata:
+            Entropy: 5.714787775738275
+            Virtual Size: '0x3b24'
+        .data:
+            Entropy: 2.7169953597230534
+            Virtual Size: '0x259b0'
+        .pdata:
+            Entropy: 5.4323977966026975
+            Virtual Size: '0x11dc'
+        PAGE:
+            Entropy: 6.273110218235552
+            Virtual Size: '0x1c4b'
+        INIT:
+            Entropy: 5.36403021726766
+            Virtual Size: '0x13dc'
+        .rsrc:
+            Entropy: 3.2921361382464633
+            Virtual Size: '0x398'
+        .reloc:
+            Entropy: 5.3833020583275815
+            Virtual Size: '0x188'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2020-10-05 12:20:35'
+    Imphash: 26150d69f50aa9247c3f3f17521d18a2
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: aswArPot.sys
+    MD5: f83c61adbb154d46dd8f77923aa7e9c3
+    SHA1: 804013a12f2f6ba2e55c4542cbdc50ca01761905
+    SHA256: 19d0fc91b70d7a719f7a28b4ad929f114bf1de94a4c7cba5ad821285a4485da0
+    Authentihash:
+        MD5: 42a26c6ef3e814bccfb68b994460aa0d
+        SHA1: a8258d25d074281391109908b94130f39f7dbfbf
+        SHA256: 968258fe6b307a7887465c7fb0a0b7b45f973b91deb8638af1428d247430d777
+    Description: AVG Anti Rootkit
+    Company: AVG Technologies CZ, s.r.o.
+    InternalName: aswArPot
+    OriginalFilename: aswArPot.sys
+    FileVersion: 20.7.113.0
+    Product: 'AVG Internet Security System '
+    ProductVersion: 20.7.113.0
+    Copyright: Copyright (C) 2020 AVG Technologies CZ, s.r.o.
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - __C_specific_handler
+    - KeDelayExecutionThread
+    - IoAllocateWorkItem
+    - MmIsAddressValid
+    - MmUnlockPages
+    - ExAllocatePool
+    - RtlAnsiStringToUnicodeString
+    - KeAcquireSpinLockRaiseToDpc
+    - ZwQuerySystemInformation
+    - PsRemoveLoadImageNotifyRoutine
+    - ZwUnmapViewOfSection
+    - ZwQuerySymbolicLinkObject
+    - MmProbeAndLockPages
+    - RtlVolumeDeviceToDosName
+    - PsSetLoadImageNotifyRoutine
+    - IoGetRequestorProcessId
+    - ZwReadFile
+    - ObQueryNameString
+    - ZwOpenThreadTokenEx
+    - ZwOpenProcessTokenEx
+    - towlower
+    - NtBuildNumber
+    - ExReleaseFastMutex
+    - _wcsicmp
+    - _snwprintf
+    - RtlConvertSidToUnicodeString
+    - ObfDereferenceObject
+    - IoAllocateMdl
+    - ZwCreateSection
+    - ZwQueryInformationProcess
+    - PsGetProcessId
+    - PsCreateSystemThread
+    - ZwQueryInformationThread
+    - RtlInitUnicodeString
+    - ZwOpenSymbolicLinkObject
+    - tolower
+    - PsRemoveCreateThreadNotifyRoutine
+    - IoDeleteDevice
+    - IoBuildDeviceIoControlRequest
+    - wcsncpy
+    - IoGetDeviceObjectPointer
+    - IoGetCurrentProcess
+    - ObOpenObjectByPointer
+    - strncpy
+    - KeReleaseSpinLock
+    - _strnicmp
+    - IoFileObjectType
+    - KeStackAttachProcess
+    - PsLookupProcessByProcessId
+    - PsGetCurrentProcessId
+    - KeSetEvent
+    - PsThreadType
+    - RtlUnicodeStringToAnsiString
+    - ZwQueryInformationToken
+    - ZwMapViewOfSection
+    - strncmp
+    - ObReferenceObjectByHandle
+    - RtlGetVersion
+    - PsGetThreadId
+    - PsGetVersion
+    - KeClearEvent
+    - IoGetBaseFileSystemDeviceObject
+    - wcschr
+    - ZwSetInformationFile
+    - ZwEnumerateKey
+    - IoFreeMdl
+    - wcsstr
+    - ExAcquireFastMutex
+    - MmGetSystemRoutineAddress
+    - IoFreeWorkItem
+    - _stricmp
+    - ExAllocatePoolWithTag
+    - RtlInitString
+    - IofCallDriver
+    - IoDeviceObjectType
+    - _snprintf
+    - ExFreePoolWithTag
+    - ZwOpenFile
+    - KeSetSystemAffinityThread
+    - strstr
+    - KeInitializeEvent
+    - ObReferenceObjectByName
+    - strchr
+    - _wcsnicmp
+    - KeQueryActiveProcessors
+    - RtlEqualSid
+    - IoQueueWorkItem
+    - MmUnmapLockedPages
+    - MmMapLockedPagesSpecifyCache
+    - PsSetCreateThreadNotifyRoutine
+    - PsGetCurrentThreadId
+    - IofCompleteRequest
+    - PsGetProcessWin32Process
+    - ExEventObjectType
+    - ZwQueryInformationFile
+    - KeWaitForSingleObject
+    - IoCreateSymbolicLink
+    - PsSetCreateProcessNotifyRoutine
+    - IoDriverObjectType
+    - PsLookupThreadByThreadId
+    - IoGetDeviceInterfaces
+    - ZwClose
+    - PsTerminateSystemThread
+    - wcsrchr
+    - strrchr
+    - SeExports
+    - KeUnstackDetachProcess
+    - KeResetEvent
+    - KeRevertToUserAffinityThread
+    - ZwOpenProcess
+    - wcsncmp
+    - ZwOpenKey
+    - PsGetThreadProcess
+    - IoDetachDevice
+    - IoAttachDeviceToDeviceStackSafe
+    - IoThreadToProcess
+    - PsInitialSystemProcess
+    - IoCreateDevice
+    - KeInsertQueueDpc
+    - KeNumberProcessors
+    - KeInitializeDpc
+    - KeSetTargetProcessorDpc
+    - PsProcessType
+    - MmMapIoSpace
+    - MmUnmapIoSpace
+    - ZwDeleteFile
+    - KeAttachProcess
+    - KeDetachProcess
+    - RtlCompareUnicodeString
+    - ZwWriteFile
+    - NtClose
+    - ObfReferenceObject
+    - IoBuildSynchronousFsdRequest
+    - ZwOpenThread
+    - ZwTerminateProcess
+    - RtlEqualUnicodeString
+    - IoFreeIrp
+    - ZwQueryDirectoryObject
+    - KeBugCheck
+    - ZwOpenDirectoryObject
+    - IoAllocateIrp
+    - KdDebuggerNotPresent
+    - ZwSetSecurityObject
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - RtlGetSaclSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - RtlLengthSecurityDescriptor
+    - RtlCreateSecurityDescriptor
+    - RtlAbsoluteToSelfRelativeSD
+    - RtlAddAccessAllowedAce
+    - RtlLengthSid
+    - IoIsWdmVersionAvailable
+    - RtlSetDaclSecurityDescriptor
+    - ZwSetValueKey
+    - ZwQueryValueKey
+    - ZwCreateKey
+    - RtlFreeUnicodeString
+    - KeBugCheckEx
+    - RtlQueryRegistryValues
+    - RtlPrefixUnicodeString
+    - ExRegisterCallback
+    - ExCreateCallback
+    - ExUnregisterCallback
+    - strcmp
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: C=US, ST=North Carolina, L=Newton, O=AVG Technologies USA, LLC,
+                OU=RE 999, CN=AVG Technologies USA, LLC
+            ValidFrom: '2020-01-27 00:00:00'
+            ValidTo: '2022-10-20 12:00:00'
+            Signature: b02cbaf178caf97fa7c0182c25b4c97d4e68127e4d5634609757bcbc051eb94254bb50e112e72505e7f9c6dbd92622287bacbcd726fa911b3b3e36ccc88f8794e980c0b0409efc87fb04d88a15df20dedb23ced152779b799359e4d3b553eb4c6c6ea61216899a0d9cc97de7f7e21ce374d5430e2dcfbb3b6f653db2d236f59bb22bd65e0787a65610c4fde1463a5be08e4710fb4e1ae7c00080edb315995b06297431ce4a9821d1050aa7061ef26c182482d09ba42001ab103c882c01f312411130490aa7820ff72902e723a864b881066e2d7883afdb5ba9d3027550f6a3761669e42b425ad61f76e2add3dd012558bd769b76f8f37843243dfbd0a2efa363
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03ec0c9015079fab8a6f3fc9f839311c
+            Version: 3
+            TBS:
+                MD5: bf2831557abdf7e58917d0a2608080a5
+                SHA1: 24ece342e4c4f2f17f32e6924f48c240ad6300ff
+                SHA256: 1afa061865098b2da9d030bc9f5815ad98e59fa847903692e52d6ba0bbf260dd
+                SHA384: 0bed85528163e2befed14755c2dcaf02acea62bdf352d3f964cfeaa2883bebea3e186aa26ce12e4df1dfd6d235bf9bb6
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
+            Version: 3
+            TBS:
+                MD5: 829995f702421dea833a24fb2c7f4442
+                SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
+                SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
+                SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 03ec0c9015079fab8a6f3fc9f839311c
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            Version: 1
+    RichPEHeaderHash:
+        MD5: e8033ae063a3483aec0d2fa55081ff62
+        SHA1: fef047c18b115c601ddfd833e1cb5784ca1afbd7
+        SHA256: fe30a08a31a5f4687353c7b08444b72fb6402a51b0586f0ade667983f833c4a5
+    Sections:
+        .text:
+            Entropy: 6.382035112661383
+            Virtual Size: '0x21e62'
+        .rdata:
+            Entropy: 5.715330119411003
+            Virtual Size: '0x3b24'
+        .data:
+            Entropy: 2.7169953597230534
+            Virtual Size: '0x259b0'
+        .pdata:
+            Entropy: 5.4323977966026975
+            Virtual Size: '0x11dc'
+        PAGE:
+            Entropy: 6.273110218235552
+            Virtual Size: '0x1c4b'
+        INIT:
+            Entropy: 5.36403021726766
+            Virtual Size: '0x13dc'
+        .rsrc:
+            Entropy: 3.3723433193881727
+            Virtual Size: '0x3d8'
+        .reloc:
+            Entropy: 5.3833020583275815
+            Virtual Size: '0x188'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2020-08-21 04:32:58'
+    Imphash: 26150d69f50aa9247c3f3f17521d18a2
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: aswArPot.sys
+    MD5: a3af4a4fa6cba27284f8289436c2f074
+    SHA1: ed3f11383a47710fa840e13a7a9286227fa1474c
+    SHA256: 1a42ebde59e8f63804eaa404f79ee93a16bb33d27fb158c6bfbe6143226899a0
+    Authentihash:
+        MD5: 7f6e8583009bec91a51d479a2eb8b0e4
+        SHA1: 85a0622ec6c77df0ce26c11380044039d908869d
+        SHA256: d92b2f58c8fca3d3634b0c20578edd5004df571b29790690c97255e6096442c6
+    Description: Avast anti rootkit
+    Company: AVAST Software
+    InternalName: aswArPot.sys
+    OriginalFilename: aswArPot.sys
+    FileVersion: 19.3.4239.0
+    Product: 'Avast Antivirus '
+    ProductVersion: 19.3.4239.0
+    Copyright: Copyright (c) 2019 AVAST Software
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - wcschr
+    - MmUnmapLockedPages
+    - _stricmp
+    - _wcsicmp
+    - towlower
+    - _strnicmp
+    - ExAllocatePoolWithTag
+    - PsGetProcessWin32Process
+    - KeClearEvent
+    - RtlVolumeDeviceToDosName
+    - KeQueryActiveProcessors
+    - RtlConvertSidToUnicodeString
+    - IoBuildDeviceIoControlRequest
+    - ExFreePoolWithTag
+    - KeResetEvent
+    - ExReleaseFastMutex
+    - IoGetBaseFileSystemDeviceObject
+    - strncmp
+    - ZwOpenThreadTokenEx
+    - RtlAnsiStringToUnicodeString
+    - ExAcquireFastMutex
+    - PsSetLoadImageNotifyRoutine
+    - _snwprintf
+    - NtBuildNumber
+    - PsRemoveCreateThreadNotifyRoutine
+    - PsLookupProcessByProcessId
+    - ZwQuerySymbolicLinkObject
+    - _wcsnicmp
+    - ZwReadFile
+    - strstr
+    - ZwMapViewOfSection
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeSetEvent
+    - wcsncpy
+    - RtlEqualSid
+    - strchr
+    - IoFreeWorkItem
+    - MmGetSystemRoutineAddress
+    - KeInitializeEvent
+    - PsSetCreateThreadNotifyRoutine
+    - RtlUnicodeStringToAnsiString
+    - _snprintf
+    - RtlGetVersion
+    - ZwQuerySystemInformation
+    - RtlInitString
+    - KeReleaseSpinLock
+    - PsSetCreateProcessNotifyRoutine
+    - ZwOpenSymbolicLinkObject
+    - IoFreeMdl
+    - KeUnstackDetachProcess
+    - ZwOpenProcessTokenEx
+    - ZwSetInformationFile
+    - tolower
+    - KeDelayExecutionThread
+    - ObQueryNameString
+    - strncpy
+    - IoFileObjectType
+    - IoDriverObjectType
+    - wcsrchr
+    - wcsstr
+    - PsCreateSystemThread
+    - MmMapLockedPagesSpecifyCache
+    - IoGetDeviceObjectPointer
+    - ZwUnmapViewOfSection
+    - ExAllocatePool
+    - PsTerminateSystemThread
+    - IoGetCurrentProcess
+    - ExEventObjectType
+    - IoAllocateWorkItem
+    - ZwClose
+    - IofCompleteRequest
+    - ObReferenceObjectByHandle
+    - KeWaitForSingleObject
+    - PsRemoveLoadImageNotifyRoutine
+    - IoGetRequestorProcessId
+    - MmProbeAndLockPages
+    - PsGetVersion
+    - KeRevertToUserAffinityThread
+    - PsThreadType
+    - IoGetDeviceInterfaces
+    - ZwOpenProcess
+    - SeExports
+    - MmUnlockPages
+    - strrchr
+    - ZwQueryInformationProcess
+    - IoCreateSymbolicLink
+    - PsGetCurrentThreadId
+    - PsGetCurrentProcessId
+    - KeSetSystemAffinityThread
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - ZwCreateSection
+    - ObReferenceObjectByName
+    - IoQueueWorkItem
+    - IoDeviceObjectType
+    - ZwOpenFile
+    - wcsncmp
+    - ZwQueryInformationToken
+    - ZwQueryInformationFile
+    - ZwQueryInformationThread
+    - ObOpenObjectByPointer
+    - KeStackAttachProcess
+    - PsLookupThreadByThreadId
+    - ZwEnumerateKey
+    - IoAllocateMdl
+    - IofCallDriver
+    - ZwOpenKey
+    - KeAcquireSpinLockRaiseToDpc
+    - IoThreadToProcess
+    - IoAttachDeviceToDeviceStackSafe
+    - IoDetachDevice
+    - PsInitialSystemProcess
+    - IoCreateDevice
+    - PsProcessType
+    - MmUnmapIoSpace
+    - KeDetachProcess
+    - MmMapIoSpace
+    - KeAttachProcess
+    - ZwDeleteFile
+    - IoBuildSynchronousFsdRequest
+    - NtClose
+    - RtlCompareUnicodeString
+    - ObfReferenceObject
+    - ZwWriteFile
+    - ZwOpenThread
+    - ZwTerminateProcess
+    - RtlEqualUnicodeString
+    - ZwOpenDirectoryObject
+    - KeBugCheck
+    - ZwQueryDirectoryObject
+    - IoFreeIrp
+    - IoAllocateIrp
+    - KdDebuggerNotPresent
+    - KeSetTargetProcessorDpc
+    - KeInitializeDpc
+    - KeInsertQueueDpc
+    - KeNumberProcessors
+    - KeBugCheckEx
+    - ZwSetSecurityObject
+    - RtlLengthSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - RtlCreateSecurityDescriptor
+    - RtlSetDaclSecurityDescriptor
+    - RtlAbsoluteToSelfRelativeSD
+    - IoIsWdmVersionAvailable
+    - RtlLengthSid
+    - RtlAddAccessAllowedAce
+    - RtlGetSaclSecurityDescriptor
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - ZwCreateKey
+    - ZwQueryValueKey
+    - ZwSetValueKey
+    - RtlFreeUnicodeString
+    - RtlQueryRegistryValues
+    - RtlPrefixUnicodeString
+    - ExUnregisterCallback
+    - ExRegisterCallback
+    - ExCreateCallback
+    - __C_specific_handler
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=CZ, L=Praha 4, O=AVAST Software s.r.o., CN=AVAST Software s.r.o.
+            ValidFrom: '2016-09-06 00:00:00'
+            ValidTo: '2019-10-04 12:00:00'
+            Signature: 56220de8a9a65fffbff97ff463c4026ec9be68fe98bfa0b20a722df84322a44dbc98f25b87ee42da3a06a6cedef076de22e0d7e02d41201156875341cd24badedb8aa5afa133e9ed688fc45aeb37a74fbe399828143561fd717fa7bed97cb5d42643494462fef349f3300daff13660a9e50f85d1110de96d1300e0e730d2b6689fd53eb7a72f4f3112dffa2c1caf17cb64c22509d82b5ce1c2181c2faac22fce3981e683183d6da50d1c17dec375c370f5feb5abfbc6dca4cdd47a5b14375870de6dc346361d8997e79f19819f5168f9b01c9aacc210f2322248adc375a2782b64881c6a557677815c39b024555cc0adca920a617e0ecb385eb47213b1553c80
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 07c70f7cab145bc1ed385fbe69fa3130
+            Version: 3
+            TBS:
+                MD5: 2e1a5012cbe8b95785c794bc1c5584c3
+                SHA1: f4753b06b08938794c32c2475cee663143036d08
+                SHA256: fcad609a3259e3ca079248302a7e694f40e66a7090e510c8c3e821d7a8da82a5
+                SHA384: 08a8396996a9ecb96b22a85d6adf3f8b1117f3a880b1d4af12e4de8e8005897a7073d6d5368cb92f701f466ec227e2a6
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
+            Version: 3
+            TBS:
+                MD5: 829995f702421dea833a24fb2c7f4442
+                SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
+                SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
+                SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 07c70f7cab145bc1ed385fbe69fa3130
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 9626b493680953826324d269e208fa60
+        SHA1: 1a458000e2060911a31fcbed8ad9000b98f54944
+        SHA256: ace6a5d1d7b11c6668753f9f17b2bb60f496168179cfd2d50e4e9e66fc41a50f
+    Sections:
+        .text:
+            Entropy: 6.339013885126004
+            Virtual Size: '0x222fc'
+        .rdata:
+            Entropy: 5.838378593371746
+            Virtual Size: '0x315c'
+        .data:
+            Entropy: 1.978643378313633
+            Virtual Size: '0x25b18'
+        .pdata:
+            Entropy: 5.349965388979516
+            Virtual Size: '0x111c'
+        PAGE:
+            Entropy: 6.235824409373057
+            Virtual Size: '0x19f7'
+        INIT:
+            Entropy: 5.316566552212568
+            Virtual Size: '0x1352'
+        .rsrc:
+            Entropy: 3.3401666065560285
+            Virtual Size: '0x370'
+        .reloc:
+            Entropy: 2.5738028214326922
+            Virtual Size: '0x4c4'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2019-03-07 03:04:42'
+    Imphash: 1aa10b05dee9268d7ce87f5f56ea9ded
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: aswArPot.sys
+    MD5: 88d5fc86f0dd3a8b42463f8d5503a570
+    SHA1: d0452363b41385f6a6778f970f3744dde4701d8f
+    SHA256: 2594b3ef3675ca3a7b465b8ed4962e3251364bab13b12af00ebba7fa2211abb2
+    Authentihash:
+        MD5: beaca8c2a09b87bf9c63febf94f1de1c
+        SHA1: 3a74bc87abd401e34b291f5118358fef7173af46
+        SHA256: 2cd8e9eb8e4754f07fdfc8c3aae4d7fc0d25b346884c3474db35c757d2994b34
+    Description: AVG anti rootkit
+    Company: AVG Technologies CZ, s.r.o.
+    InternalName: aswArPot.sys
+    OriginalFilename: aswArPot.sys
+    FileVersion: 18.3.3860.0
+    Product: 'AVG Internet Security System '
+    ProductVersion: 18.3.3860.0
+    Copyright: Copyright (C) 2018 AVG Technologies CZ, s.r.o.
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - wcschr
+    - MmUnmapLockedPages
+    - _stricmp
+    - _wcsicmp
+    - towlower
+    - _strnicmp
+    - ExAllocatePoolWithTag
+    - PsGetProcessWin32Process
+    - KeClearEvent
+    - RtlVolumeDeviceToDosName
+    - KeQueryActiveProcessors
+    - RtlConvertSidToUnicodeString
+    - ExFreePoolWithTag
+    - KeResetEvent
+    - ExReleaseFastMutex
+    - IoGetBaseFileSystemDeviceObject
+    - strncmp
+    - ZwOpenThreadTokenEx
+    - RtlAnsiStringToUnicodeString
+    - ExAcquireFastMutex
+    - PsSetLoadImageNotifyRoutine
+    - _snwprintf
+    - NtBuildNumber
+    - PsRemoveCreateThreadNotifyRoutine
+    - PsLookupProcessByProcessId
+    - ZwQuerySymbolicLinkObject
+    - _wcsnicmp
+    - ZwReadFile
+    - strstr
+    - ZwMapViewOfSection
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeSetEvent
+    - wcsncpy
+    - RtlEqualSid
+    - strchr
+    - IoFreeWorkItem
+    - MmGetSystemRoutineAddress
+    - KeInitializeEvent
+    - PsSetCreateThreadNotifyRoutine
+    - RtlUnicodeStringToAnsiString
+    - _snprintf
+    - RtlGetVersion
+    - ZwQuerySystemInformation
+    - RtlInitString
+    - KeReleaseSpinLock
+    - PsSetCreateProcessNotifyRoutine
+    - ZwOpenSymbolicLinkObject
+    - IoFreeMdl
+    - KeUnstackDetachProcess
+    - ZwOpenProcessTokenEx
+    - ZwSetInformationFile
+    - KeDelayExecutionThread
+    - ObQueryNameString
+    - strncpy
+    - IoFileObjectType
+    - IoDriverObjectType
+    - wcsrchr
+    - wcsstr
+    - PsCreateSystemThread
+    - MmMapLockedPagesSpecifyCache
+    - IoGetDeviceObjectPointer
+    - ZwUnmapViewOfSection
+    - ExAllocatePool
+    - PsTerminateSystemThread
+    - IoGetCurrentProcess
+    - ExEventObjectType
+    - IoAllocateWorkItem
+    - ZwClose
+    - IofCompleteRequest
+    - ObReferenceObjectByHandle
+    - KeWaitForSingleObject
+    - PsRemoveLoadImageNotifyRoutine
+    - IoGetRequestorProcessId
+    - MmProbeAndLockPages
+    - PsGetVersion
+    - KeRevertToUserAffinityThread
+    - PsThreadType
+    - IoGetDeviceInterfaces
+    - ZwOpenProcess
+    - SeExports
+    - MmUnlockPages
+    - strrchr
+    - ZwQueryInformationProcess
+    - IoCreateSymbolicLink
+    - PsGetCurrentThreadId
+    - PsGetCurrentProcessId
+    - KeSetSystemAffinityThread
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - ZwCreateSection
+    - ObReferenceObjectByName
+    - IoQueueWorkItem
+    - IoDeviceObjectType
+    - ZwOpenFile
+    - wcsncmp
+    - ZwQueryInformationToken
+    - ZwQueryInformationFile
+    - ZwQueryInformationThread
+    - ObOpenObjectByPointer
+    - KeStackAttachProcess
+    - PsLookupThreadByThreadId
+    - ZwEnumerateKey
+    - IoAllocateMdl
+    - IofCallDriver
+    - ZwOpenKey
+    - KeAcquireSpinLockRaiseToDpc
+    - IoAttachDeviceToDeviceStackSafe
+    - IoDetachDevice
+    - IoCreateDevice
+    - PsProcessType
+    - KeDetachProcess
+    - KeAttachProcess
+    - ZwDeleteFile
+    - IoBuildSynchronousFsdRequest
+    - NtClose
+    - RtlCompareUnicodeString
+    - ObfReferenceObject
+    - ZwWriteFile
+    - ZwOpenThread
+    - ZwTerminateProcess
+    - RtlEqualUnicodeString
+    - ZwOpenDirectoryObject
+    - KeBugCheck
+    - ZwQueryDirectoryObject
+    - IoFreeIrp
+    - IoAllocateIrp
+    - KdDebuggerNotPresent
+    - KeSetTargetProcessorDpc
+    - IoBuildDeviceIoControlRequest
+    - KeInitializeDpc
+    - KeInsertQueueDpc
+    - KeNumberProcessors
+    - KeBugCheckEx
+    - ZwSetSecurityObject
+    - RtlLengthSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - RtlCreateSecurityDescriptor
+    - RtlSetDaclSecurityDescriptor
+    - RtlAbsoluteToSelfRelativeSD
+    - IoIsWdmVersionAvailable
+    - RtlLengthSid
+    - RtlAddAccessAllowedAce
+    - RtlGetSaclSecurityDescriptor
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - ZwCreateKey
+    - ZwQueryValueKey
+    - ZwSetValueKey
+    - RtlFreeUnicodeString
+    - RtlQueryRegistryValues
+    - RtlPrefixUnicodeString
+    - ExUnregisterCallback
+    - ExRegisterCallback
+    - ExCreateCallback
+    - __C_specific_handler
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=NL, ST=North Holland, L=Amsterdam, O=AVG Netherlands B.V.,
+                CN=AVG Netherlands B.V.
+            ValidFrom: '2015-07-28 00:00:00'
+            ValidTo: '2018-09-25 23:59:59'
+            Signature: 6a77df4c2dc0ab59ee02d60398ece3dbed508ef731dfe2d64ecaeb0d78f918776b40e046c00dc921210237c8fe7f91b4f2101334f5f672eed5cc4a21825bd8be18fc38ca8f190e2e83e527aae99e956a9cb6a1fa9f52658e42b9fc5618bf7e644f9aea6af7409233ba6e92bc6ea8c07677f094369af597f236de3ffeec4f2d4191c825e1273bbafa6ecb7846f430655760a92f40de681304dc230eb1513082bd4249e3fdcd01cb82905f21cdf0d1f68f581e76f8bded6332cca3dcabf7d483c5e64255bca86d876454c614d9c14c961df6ce78555b9d61a482497dc36dc41179970a8ae7e5cba9306d14cfa79b59112dfa0bec9cf9f7f63853a833b146dc33d8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 4b5e1897903602425d3cb25d75c4f4ce
+            Version: 3
+            TBS:
+                MD5: d4ce3e543458edafb2db286a26226b5b
+                SHA1: e1f64883f78595bfbbbb6998babc3eaf8e335749
+                SHA256: 52b100ec65c2b99f058ff89869ced270bf5e6a5db581962a69e073275339e0ae
+                SHA384: e5a09ab56343245e3f9235ebb1ff4a9479cbc13df2787cd70c850b62498f92265d2da9fd39f6bcd0e90e4d8f086e86d4
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 4b5e1897903602425d3cb25d75c4f4ce
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 73f94453db44e5265861f0ce8df39fc1
+        SHA1: 6d710be934482758c43d9d19941be5ed522e371f
+        SHA256: 39835922f0b2a2c24ed5fb74c468f28fc5b2c036c7a219352dc78f7f29ea13c3
+    Sections:
+        .text:
+            Entropy: 6.331634555230066
+            Virtual Size: '0x2032c'
+        .rdata:
+            Entropy: 5.811497203970377
+            Virtual Size: '0x3034'
+        .data:
+            Entropy: 1.7228772750546992
+            Virtual Size: '0x25814'
+        .pdata:
+            Entropy: 5.346859731218178
+            Virtual Size: '0x1080'
+        PAGE:
+            Entropy: 6.241650261489821
+            Virtual Size: '0x19f7'
+        INIT:
+            Entropy: 5.291903484197976
+            Virtual Size: '0x12d0'
+        .rsrc:
+            Entropy: 3.3950750251255504
+            Virtual Size: '0x3b8'
+        .reloc:
+            Entropy: 1.9822497903370622
+            Virtual Size: '0x438'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2018-03-28 08:03:49'
+    Imphash: 1e8ee6407390a2d52051bec21c771fdb
+    LoadsDespiteHVCI: 'TRUE'
+-   Filename: aswArPot.sys
+    MD5: e4d4a22cbf94e6b0a92fc36d46741f56
+    SHA1: 1013d5a0fd6074a8c40dbf3a88e3e06fbf3bcf41
+    SHA256: 2732050a7d836ae0bdc5c0aea4cdf8ce205618c3e7f613b8139c176e86476d0c
+    Authentihash:
+        MD5: 19758f499cc41d3fecb06ee83152e7d6
+        SHA1: bfbb65d893f45a289417b6d45a060759ad4478d5
+        SHA256: 62b89fab85cf77b1e6730d2b55b4f9458f368f89d3ca5672d450e3c3365d8c37
+    Description: Avast anti rootkit
+    Company: AVAST Software
+    InternalName: aswArPot.sys
+    OriginalFilename: aswArPot.sys
+    FileVersion: 19.1.4132.0
+    Product: 'Avast Antivirus '
+    ProductVersion: 19.1.4132.0
+    Copyright: Copyright (c) 2018 AVAST Software
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - wcschr
+    - MmUnmapLockedPages
+    - _stricmp
+    - _wcsicmp
+    - towlower
+    - _strnicmp
+    - ExAllocatePoolWithTag
+    - PsGetProcessWin32Process
+    - KeClearEvent
+    - RtlVolumeDeviceToDosName
+    - KeQueryActiveProcessors
+    - RtlConvertSidToUnicodeString
+    - IoBuildDeviceIoControlRequest
+    - ExFreePoolWithTag
+    - KeResetEvent
+    - ExReleaseFastMutex
+    - IoGetBaseFileSystemDeviceObject
+    - strncmp
+    - ZwOpenThreadTokenEx
+    - RtlAnsiStringToUnicodeString
+    - ExAcquireFastMutex
+    - PsSetLoadImageNotifyRoutine
+    - _snwprintf
+    - NtBuildNumber
+    - PsRemoveCreateThreadNotifyRoutine
+    - PsLookupProcessByProcessId
+    - ZwQuerySymbolicLinkObject
+    - _wcsnicmp
+    - ZwReadFile
+    - strstr
+    - ZwMapViewOfSection
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeSetEvent
+    - wcsncpy
+    - RtlEqualSid
+    - strchr
+    - IoFreeWorkItem
+    - MmGetSystemRoutineAddress
+    - KeInitializeEvent
+    - PsSetCreateThreadNotifyRoutine
+    - RtlUnicodeStringToAnsiString
+    - _snprintf
+    - RtlGetVersion
+    - ZwQuerySystemInformation
+    - RtlInitString
+    - KeReleaseSpinLock
+    - PsSetCreateProcessNotifyRoutine
+    - ZwOpenSymbolicLinkObject
+    - IoFreeMdl
+    - KeUnstackDetachProcess
+    - ZwOpenProcessTokenEx
+    - ZwSetInformationFile
+    - tolower
+    - KeDelayExecutionThread
+    - ObQueryNameString
+    - strncpy
+    - IoFileObjectType
+    - IoDriverObjectType
+    - wcsrchr
+    - wcsstr
+    - PsCreateSystemThread
+    - MmMapLockedPagesSpecifyCache
+    - IoGetDeviceObjectPointer
+    - ZwUnmapViewOfSection
+    - ExAllocatePool
+    - PsTerminateSystemThread
+    - IoGetCurrentProcess
+    - ExEventObjectType
+    - IoAllocateWorkItem
+    - ZwClose
+    - IofCompleteRequest
+    - ObReferenceObjectByHandle
+    - KeWaitForSingleObject
+    - PsRemoveLoadImageNotifyRoutine
+    - IoGetRequestorProcessId
+    - MmProbeAndLockPages
+    - PsGetVersion
+    - KeRevertToUserAffinityThread
+    - PsThreadType
+    - IoGetDeviceInterfaces
+    - ZwOpenProcess
+    - SeExports
+    - MmUnlockPages
+    - strrchr
+    - ZwQueryInformationProcess
+    - IoCreateSymbolicLink
+    - PsGetCurrentThreadId
+    - PsGetCurrentProcessId
+    - KeSetSystemAffinityThread
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - ZwCreateSection
+    - ObReferenceObjectByName
+    - IoQueueWorkItem
+    - IoDeviceObjectType
+    - ZwOpenFile
+    - wcsncmp
+    - ZwQueryInformationToken
+    - ZwQueryInformationFile
+    - ZwQueryInformationThread
+    - ObOpenObjectByPointer
+    - KeStackAttachProcess
+    - PsLookupThreadByThreadId
+    - ZwEnumerateKey
+    - IoAllocateMdl
+    - IofCallDriver
+    - ZwOpenKey
+    - KeAcquireSpinLockRaiseToDpc
+    - IoThreadToProcess
+    - IoAttachDeviceToDeviceStackSafe
+    - IoDetachDevice
+    - PsInitialSystemProcess
+    - IoCreateDevice
+    - PsProcessType
+    - KeDetachProcess
+    - KeAttachProcess
+    - ZwDeleteFile
+    - IoBuildSynchronousFsdRequest
+    - NtClose
+    - RtlCompareUnicodeString
+    - ObfReferenceObject
+    - ZwWriteFile
+    - ZwOpenThread
+    - ZwTerminateProcess
+    - RtlEqualUnicodeString
+    - ZwOpenDirectoryObject
+    - KeBugCheck
+    - ZwQueryDirectoryObject
+    - IoFreeIrp
+    - IoAllocateIrp
+    - KdDebuggerNotPresent
+    - KeSetTargetProcessorDpc
+    - KeInitializeDpc
+    - KeInsertQueueDpc
+    - KeNumberProcessors
+    - KeBugCheckEx
+    - ZwSetSecurityObject
+    - RtlLengthSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - RtlCreateSecurityDescriptor
+    - RtlSetDaclSecurityDescriptor
+    - RtlAbsoluteToSelfRelativeSD
+    - IoIsWdmVersionAvailable
+    - RtlLengthSid
+    - RtlAddAccessAllowedAce
+    - RtlGetSaclSecurityDescriptor
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - ZwCreateKey
+    - ZwQueryValueKey
+    - ZwSetValueKey
+    - RtlFreeUnicodeString
+    - RtlQueryRegistryValues
+    - RtlPrefixUnicodeString
+    - ExUnregisterCallback
+    - ExRegisterCallback
+    - ExCreateCallback
+    - __C_specific_handler
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=CZ, L=Praha 4, O=AVAST Software s.r.o., CN=AVAST Software s.r.o.
+            ValidFrom: '2016-09-06 00:00:00'
+            ValidTo: '2019-10-04 12:00:00'
+            Signature: 56220de8a9a65fffbff97ff463c4026ec9be68fe98bfa0b20a722df84322a44dbc98f25b87ee42da3a06a6cedef076de22e0d7e02d41201156875341cd24badedb8aa5afa133e9ed688fc45aeb37a74fbe399828143561fd717fa7bed97cb5d42643494462fef349f3300daff13660a9e50f85d1110de96d1300e0e730d2b6689fd53eb7a72f4f3112dffa2c1caf17cb64c22509d82b5ce1c2181c2faac22fce3981e683183d6da50d1c17dec375c370f5feb5abfbc6dca4cdd47a5b14375870de6dc346361d8997e79f19819f5168f9b01c9aacc210f2322248adc375a2782b64881c6a557677815c39b024555cc0adca920a617e0ecb385eb47213b1553c80
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 07c70f7cab145bc1ed385fbe69fa3130
+            Version: 3
+            TBS:
+                MD5: 2e1a5012cbe8b95785c794bc1c5584c3
+                SHA1: f4753b06b08938794c32c2475cee663143036d08
+                SHA256: fcad609a3259e3ca079248302a7e694f40e66a7090e510c8c3e821d7a8da82a5
+                SHA384: 08a8396996a9ecb96b22a85d6adf3f8b1117f3a880b1d4af12e4de8e8005897a7073d6d5368cb92f701f466ec227e2a6
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
+            Version: 3
+            TBS:
+                MD5: 829995f702421dea833a24fb2c7f4442
+                SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
+                SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
+                SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 07c70f7cab145bc1ed385fbe69fa3130
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 6132f6d32bf124e5f0bbebe21876c5ea
+        SHA1: 15b4ffef2a2b3a862a0eab844af3cfc4b1900d6f
+        SHA256: 0b8a681dd006525cd3655d98f39d2c65123a186d1781bb2331ae1b0c927d5ee0
+    Sections:
+        .text:
+            Entropy: 6.333034342254648
+            Virtual Size: '0x21a9c'
+        .rdata:
+            Entropy: 5.822348143959372
+            Virtual Size: '0x30ac'
+        .data:
+            Entropy: 1.9883419545841996
+            Virtual Size: '0x25b18'
+        .pdata:
+            Entropy: 5.344549474194191
+            Virtual Size: '0x10c8'
+        PAGE:
+            Entropy: 6.2415459986958455
+            Virtual Size: '0x19f7'
+        INIT:
+            Entropy: 5.308945301421294
+            Virtual Size: '0x1320'
+        .rsrc:
+            Entropy: 3.32695090312545
+            Virtual Size: '0x370'
+        .reloc:
+            Entropy: 2.5894785090098025
+            Virtual Size: '0x4ba'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2018-12-10 07:43:57'
+    Imphash: 86682585c620fa85096a7bedaf990cd1
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: aswArPot.sys
+    MD5: a22626febc924eb219a953f1ee2b9600
+    SHA1: f61e56359c663a769073782a0a3ffd3679c2694a
+    SHA256: 2ce81759bfa236913bbbb9b2cbc093140b099486fd002910b18e2c6e31fdc4f1
+    Authentihash:
+        MD5: dbff97e1c14c4c58e54ab1c0a5bfb5dc
+        SHA1: 8b374284e8269100798b4471a0dae9a70a2f906c
+        SHA256: 5512aea158c30e4f52c1e27136c1c803c98388d1d8c7269e497728fd0b57d9f5
+    Description: AVG Anti Rootkit
+    Company: AVG Technologies CZ, s.r.o.
+    InternalName: aswArPot
+    OriginalFilename: aswArPot.sys
+    FileVersion: 20.10.171.0
+    Product: 'AVG Internet Security System '
+    ProductVersion: 20.10.171.0
+    Copyright: Copyright (C) 2020 AVG Technologies CZ, s.r.o.
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - __C_specific_handler
+    - KeDelayExecutionThread
+    - IoAllocateWorkItem
+    - MmIsAddressValid
+    - MmUnlockPages
+    - ExAllocatePool
+    - RtlAnsiStringToUnicodeString
+    - KeAcquireSpinLockRaiseToDpc
+    - ZwQuerySystemInformation
+    - PsRemoveLoadImageNotifyRoutine
+    - ZwUnmapViewOfSection
+    - ZwQuerySymbolicLinkObject
+    - MmProbeAndLockPages
+    - RtlVolumeDeviceToDosName
+    - PsSetLoadImageNotifyRoutine
+    - IoGetRequestorProcessId
+    - ZwReadFile
+    - ObQueryNameString
+    - IoDetachDevice
+    - ZwOpenThreadTokenEx
+    - ZwOpenProcessTokenEx
+    - towlower
+    - NtBuildNumber
+    - ExReleaseFastMutex
+    - _wcsicmp
+    - _snwprintf
+    - RtlConvertSidToUnicodeString
+    - ObfDereferenceObject
+    - IoAllocateMdl
+    - ZwCreateSection
+    - ZwQueryInformationProcess
+    - IoAttachDeviceToDeviceStackSafe
+    - PsGetProcessId
+    - PsCreateSystemThread
+    - ZwQueryInformationThread
+    - RtlInitUnicodeString
+    - ZwOpenSymbolicLinkObject
+    - tolower
+    - PsRemoveCreateThreadNotifyRoutine
+    - IoDeleteDevice
+    - IoBuildDeviceIoControlRequest
+    - wcsncpy
+    - IoGetDeviceObjectPointer
+    - IoGetCurrentProcess
+    - ObOpenObjectByPointer
+    - strncpy
+    - KeReleaseSpinLock
+    - _strnicmp
+    - IoFileObjectType
+    - KeStackAttachProcess
+    - PsLookupProcessByProcessId
+    - PsGetCurrentProcessId
+    - KeSetEvent
+    - PsThreadType
+    - RtlUnicodeStringToAnsiString
+    - ZwQueryInformationToken
+    - ZwMapViewOfSection
+    - strncmp
+    - ObReferenceObjectByHandle
+    - RtlGetVersion
+    - PsGetThreadId
+    - PsGetVersion
+    - KeClearEvent
+    - IoGetBaseFileSystemDeviceObject
+    - wcschr
+    - ZwSetInformationFile
+    - ZwEnumerateKey
+    - IoFreeMdl
+    - wcsstr
+    - ExAcquireFastMutex
+    - MmGetSystemRoutineAddress
+    - IoFreeWorkItem
+    - _stricmp
+    - ExAllocatePoolWithTag
+    - RtlInitString
+    - IoCreateDevice
+    - IofCallDriver
+    - IoDeviceObjectType
+    - _snprintf
+    - ExFreePoolWithTag
+    - ZwOpenFile
+    - KeSetSystemAffinityThread
+    - strstr
+    - KeInitializeEvent
+    - ObReferenceObjectByName
+    - strchr
+    - _wcsnicmp
+    - KeQueryActiveProcessors
+    - RtlEqualSid
+    - IoQueueWorkItem
+    - MmUnmapLockedPages
+    - MmMapLockedPagesSpecifyCache
+    - PsSetCreateThreadNotifyRoutine
+    - PsGetCurrentThreadId
+    - IofCompleteRequest
+    - PsGetProcessWin32Process
+    - ExEventObjectType
+    - ZwQueryInformationFile
+    - KeWaitForSingleObject
+    - IoCreateSymbolicLink
+    - PsSetCreateProcessNotifyRoutine
+    - IoDriverObjectType
+    - PsLookupThreadByThreadId
+    - IoGetDeviceInterfaces
+    - ZwClose
+    - PsTerminateSystemThread
+    - wcsrchr
+    - strrchr
+    - SeExports
+    - KeUnstackDetachProcess
+    - KeResetEvent
+    - KeRevertToUserAffinityThread
+    - ZwOpenProcess
+    - wcsncmp
+    - ZwOpenKey
+    - PsGetThreadProcess
+    - IoThreadToProcess
+    - PsInitialSystemProcess
+    - KeInsertQueueDpc
+    - KeNumberProcessors
+    - KeInitializeDpc
+    - KeSetTargetProcessorDpc
+    - PsProcessType
+    - MmMapIoSpace
+    - MmUnmapIoSpace
+    - ZwDeleteFile
+    - KeAttachProcess
+    - KeDetachProcess
+    - RtlCompareUnicodeString
+    - ZwWriteFile
+    - NtClose
+    - ObfReferenceObject
+    - IoBuildSynchronousFsdRequest
+    - ZwOpenThread
+    - ZwTerminateProcess
+    - RtlEqualUnicodeString
+    - IoFreeIrp
+    - ZwQueryDirectoryObject
+    - KeBugCheck
+    - ZwOpenDirectoryObject
+    - IoAllocateIrp
+    - KdDebuggerNotPresent
+    - ZwSetSecurityObject
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - RtlGetSaclSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - RtlLengthSecurityDescriptor
+    - RtlCreateSecurityDescriptor
+    - RtlAbsoluteToSelfRelativeSD
+    - RtlAddAccessAllowedAce
+    - RtlLengthSid
+    - IoIsWdmVersionAvailable
+    - RtlSetDaclSecurityDescriptor
+    - ZwSetValueKey
+    - ZwQueryValueKey
+    - ZwCreateKey
+    - RtlFreeUnicodeString
+    - KeBugCheckEx
+    - RtlQueryRegistryValues
+    - RtlPrefixUnicodeString
+    - ExRegisterCallback
+    - ExCreateCallback
+    - ExUnregisterCallback
+    - strcmp
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: C=US, ST=North Carolina, L=Newton, O=AVG Technologies USA, LLC,
+                OU=RE 999, CN=AVG Technologies USA, LLC
+            ValidFrom: '2020-01-27 00:00:00'
+            ValidTo: '2022-10-20 12:00:00'
+            Signature: b02cbaf178caf97fa7c0182c25b4c97d4e68127e4d5634609757bcbc051eb94254bb50e112e72505e7f9c6dbd92622287bacbcd726fa911b3b3e36ccc88f8794e980c0b0409efc87fb04d88a15df20dedb23ced152779b799359e4d3b553eb4c6c6ea61216899a0d9cc97de7f7e21ce374d5430e2dcfbb3b6f653db2d236f59bb22bd65e0787a65610c4fde1463a5be08e4710fb4e1ae7c00080edb315995b06297431ce4a9821d1050aa7061ef26c182482d09ba42001ab103c882c01f312411130490aa7820ff72902e723a864b881066e2d7883afdb5ba9d3027550f6a3761669e42b425ad61f76e2add3dd012558bd769b76f8f37843243dfbd0a2efa363
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03ec0c9015079fab8a6f3fc9f839311c
+            Version: 3
+            TBS:
+                MD5: bf2831557abdf7e58917d0a2608080a5
+                SHA1: 24ece342e4c4f2f17f32e6924f48c240ad6300ff
+                SHA256: 1afa061865098b2da9d030bc9f5815ad98e59fa847903692e52d6ba0bbf260dd
+                SHA384: 0bed85528163e2befed14755c2dcaf02acea62bdf352d3f964cfeaa2883bebea3e186aa26ce12e4df1dfd6d235bf9bb6
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
+            Version: 3
+            TBS:
+                MD5: 829995f702421dea833a24fb2c7f4442
+                SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
+                SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
+                SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 03ec0c9015079fab8a6f3fc9f839311c
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            Version: 1
+    RichPEHeaderHash:
+        MD5: edc05997bbdab8acd04f275b386ffdab
+        SHA1: b47a65e11021476840629d33996069e4638e241c
+        SHA256: fe13709d1d6fd5734b2d61d1661e6ac2540c5ee2f4f96e56418d1db86c0bdb20
+    Sections:
+        .text:
+            Entropy: 6.388123612362734
+            Virtual Size: '0x22642'
+        .rdata:
+            Entropy: 5.726639706322517
+            Virtual Size: '0x3ba4'
+        .data:
+            Entropy: 2.8326105974628013
+            Virtual Size: '0x25ab0'
+        .pdata:
+            Entropy: 5.41365966057565
+            Virtual Size: '0x1218'
+        PAGE:
+            Entropy: 6.268060315888827
+            Virtual Size: '0x1c4b'
+        INIT:
+            Entropy: 5.3650712692664975
+            Virtual Size: '0x13dc'
+        .rsrc:
+            Entropy: 3.3859195680143874
+            Virtual Size: '0x3d8'
+        .reloc:
+            Entropy: 5.435120402444784
+            Virtual Size: '0x1a0'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2020-12-01 01:05:41'
+    Imphash: 3702511999371bac8982d01820dd70f2
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: aswArPot.sys
+    MD5: 66e0db8a5b0425459d0430547ecbb3db
+    SHA1: 7cee31d3aaee8771c872626feedeeb5d09db008c
+    SHA256: 34e0364a4952d914f23f271d36e11161fb6bb7b64aea22ff965a967825a4a4bf
+    Authentihash:
+        MD5: b8a542fc08dd527ce67d711ff876a3db
+        SHA1: 47edc88c38f2abfbc06a5d7d1b54d14ac93acc22
+        SHA256: f6cb70c945e7b3723de1d334aa2fb97bb8ddb9f68e409deeb9988f446546a57c
+    Description: AVG Anti Rootkit
+    Company: AVG Technologies CZ, s.r.o.
+    InternalName: aswArPot
+    OriginalFilename: aswArPot.sys
+    FileVersion: 20.5.96.0
+    Product: 'AVG Internet Security System '
+    ProductVersion: 20.5.96.0
+    Copyright: Copyright (C) 2020 AVG Technologies CZ, s.r.o.
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - __C_specific_handler
+    - KeDelayExecutionThread
+    - IoAllocateWorkItem
+    - MmIsAddressValid
+    - MmUnlockPages
+    - ExAllocatePool
+    - RtlAnsiStringToUnicodeString
+    - KeAcquireSpinLockRaiseToDpc
+    - ZwQuerySystemInformation
+    - PsRemoveLoadImageNotifyRoutine
+    - ZwUnmapViewOfSection
+    - ZwQuerySymbolicLinkObject
+    - MmProbeAndLockPages
+    - RtlVolumeDeviceToDosName
+    - PsSetLoadImageNotifyRoutine
+    - IoGetRequestorProcessId
+    - ZwReadFile
+    - ObQueryNameString
+    - ZwOpenThreadTokenEx
+    - ZwOpenProcessTokenEx
+    - towlower
+    - NtBuildNumber
+    - ExReleaseFastMutex
+    - _wcsicmp
+    - _snwprintf
+    - RtlConvertSidToUnicodeString
+    - ObfDereferenceObject
+    - IoAllocateMdl
+    - ZwCreateSection
+    - ZwQueryInformationProcess
+    - PsGetProcessId
+    - PsCreateSystemThread
+    - ZwQueryInformationThread
+    - RtlInitUnicodeString
+    - ZwOpenSymbolicLinkObject
+    - tolower
+    - PsRemoveCreateThreadNotifyRoutine
+    - IoDeleteDevice
+    - IoBuildDeviceIoControlRequest
+    - wcsncpy
+    - IoGetDeviceObjectPointer
+    - IoGetCurrentProcess
+    - ObOpenObjectByPointer
+    - strncpy
+    - KeReleaseSpinLock
+    - _strnicmp
+    - IoFileObjectType
+    - KeStackAttachProcess
+    - PsLookupProcessByProcessId
+    - PsGetCurrentProcessId
+    - KeSetEvent
+    - PsThreadType
+    - RtlUnicodeStringToAnsiString
+    - ZwQueryInformationToken
+    - ZwMapViewOfSection
+    - strncmp
+    - ObReferenceObjectByHandle
+    - RtlGetVersion
+    - PsGetThreadId
+    - PsGetVersion
+    - KeClearEvent
+    - IoGetBaseFileSystemDeviceObject
+    - wcschr
+    - ZwSetInformationFile
+    - ZwEnumerateKey
+    - IoFreeMdl
+    - wcsstr
+    - ExAcquireFastMutex
+    - MmGetSystemRoutineAddress
+    - IoFreeWorkItem
+    - _stricmp
+    - ExAllocatePoolWithTag
+    - RtlInitString
+    - IofCallDriver
+    - IoDeviceObjectType
+    - _snprintf
+    - ExFreePoolWithTag
+    - ZwOpenFile
+    - KeSetSystemAffinityThread
+    - strstr
+    - KeInitializeEvent
+    - ObReferenceObjectByName
+    - strchr
+    - _wcsnicmp
+    - KeQueryActiveProcessors
+    - RtlEqualSid
+    - IoQueueWorkItem
+    - MmUnmapLockedPages
+    - MmMapLockedPagesSpecifyCache
+    - PsSetCreateThreadNotifyRoutine
+    - PsGetCurrentThreadId
+    - IofCompleteRequest
+    - PsGetProcessWin32Process
+    - ExEventObjectType
+    - ZwQueryInformationFile
+    - KeWaitForSingleObject
+    - IoCreateSymbolicLink
+    - PsSetCreateProcessNotifyRoutine
+    - IoDriverObjectType
+    - PsLookupThreadByThreadId
+    - IoGetDeviceInterfaces
+    - ZwClose
+    - PsTerminateSystemThread
+    - wcsrchr
+    - strrchr
+    - SeExports
+    - KeUnstackDetachProcess
+    - KeResetEvent
+    - KeRevertToUserAffinityThread
+    - ZwOpenProcess
+    - wcsncmp
+    - ZwOpenKey
+    - PsGetThreadProcess
+    - IoDetachDevice
+    - IoAttachDeviceToDeviceStackSafe
+    - IoThreadToProcess
+    - PsInitialSystemProcess
+    - IoCreateDevice
+    - KeInsertQueueDpc
+    - KeNumberProcessors
+    - KeInitializeDpc
+    - KeSetTargetProcessorDpc
+    - PsProcessType
+    - MmMapIoSpace
+    - MmUnmapIoSpace
+    - ZwDeleteFile
+    - KeAttachProcess
+    - KeDetachProcess
+    - RtlCompareUnicodeString
+    - ZwWriteFile
+    - NtClose
+    - ObfReferenceObject
+    - IoBuildSynchronousFsdRequest
+    - ZwOpenThread
+    - ZwTerminateProcess
+    - RtlEqualUnicodeString
+    - IoFreeIrp
+    - ZwQueryDirectoryObject
+    - KeBugCheck
+    - ZwOpenDirectoryObject
+    - IoAllocateIrp
+    - KdDebuggerNotPresent
+    - ZwSetSecurityObject
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - RtlGetSaclSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - RtlLengthSecurityDescriptor
+    - RtlCreateSecurityDescriptor
+    - RtlAbsoluteToSelfRelativeSD
+    - RtlAddAccessAllowedAce
+    - RtlLengthSid
+    - IoIsWdmVersionAvailable
+    - RtlSetDaclSecurityDescriptor
+    - ZwSetValueKey
+    - ZwQueryValueKey
+    - ZwCreateKey
+    - RtlFreeUnicodeString
+    - KeBugCheckEx
+    - RtlQueryRegistryValues
+    - RtlPrefixUnicodeString
+    - ExRegisterCallback
+    - ExCreateCallback
+    - ExUnregisterCallback
+    - strcmp
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: C=US, ST=North Carolina, L=Newton, O=AVG Technologies USA, LLC,
+                OU=RE 999, CN=AVG Technologies USA, LLC
+            ValidFrom: '2020-01-27 00:00:00'
+            ValidTo: '2022-10-20 12:00:00'
+            Signature: b02cbaf178caf97fa7c0182c25b4c97d4e68127e4d5634609757bcbc051eb94254bb50e112e72505e7f9c6dbd92622287bacbcd726fa911b3b3e36ccc88f8794e980c0b0409efc87fb04d88a15df20dedb23ced152779b799359e4d3b553eb4c6c6ea61216899a0d9cc97de7f7e21ce374d5430e2dcfbb3b6f653db2d236f59bb22bd65e0787a65610c4fde1463a5be08e4710fb4e1ae7c00080edb315995b06297431ce4a9821d1050aa7061ef26c182482d09ba42001ab103c882c01f312411130490aa7820ff72902e723a864b881066e2d7883afdb5ba9d3027550f6a3761669e42b425ad61f76e2add3dd012558bd769b76f8f37843243dfbd0a2efa363
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03ec0c9015079fab8a6f3fc9f839311c
+            Version: 3
+            TBS:
+                MD5: bf2831557abdf7e58917d0a2608080a5
+                SHA1: 24ece342e4c4f2f17f32e6924f48c240ad6300ff
+                SHA256: 1afa061865098b2da9d030bc9f5815ad98e59fa847903692e52d6ba0bbf260dd
+                SHA384: 0bed85528163e2befed14755c2dcaf02acea62bdf352d3f964cfeaa2883bebea3e186aa26ce12e4df1dfd6d235bf9bb6
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
+            Version: 3
+            TBS:
+                MD5: 829995f702421dea833a24fb2c7f4442
+                SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
+                SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
+                SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 03ec0c9015079fab8a6f3fc9f839311c
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            Version: 1
+    RichPEHeaderHash:
+        MD5: e8033ae063a3483aec0d2fa55081ff62
+        SHA1: fef047c18b115c601ddfd833e1cb5784ca1afbd7
+        SHA256: fe30a08a31a5f4687353c7b08444b72fb6402a51b0586f0ade667983f833c4a5
+    Sections:
+        .text:
+            Entropy: 6.37980416282674
+            Virtual Size: '0x21d62'
+        .rdata:
+            Entropy: 5.71353590549718
+            Virtual Size: '0x3b1c'
+        .data:
+            Entropy: 2.7078442579876167
+            Virtual Size: '0x259b0'
+        .pdata:
+            Entropy: 5.4286864002584405
+            Virtual Size: '0x11dc'
+        PAGE:
+            Entropy: 6.273919225206701
+            Virtual Size: '0x1c4b'
+        INIT:
+            Entropy: 5.3629488423190335
+            Virtual Size: '0x13dc'
+        .rsrc:
+            Entropy: 3.3633774294809733
+            Virtual Size: '0x3d0'
+        .reloc:
+            Entropy: 5.3833020583275815
+            Virtual Size: '0x188'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2020-06-23 10:34:33'
+    Imphash: 26150d69f50aa9247c3f3f17521d18a2
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: aswArPot.sys
+    MD5: cb31f1b637056a3d374e22865c41e6d9
+    SHA1: 24b47ba7179755e3b12a59d55ae6b2c3d2bd1505
+    SHA256: 36e3127f045ef1fa7426a3ff8c441092d3b66923d2b69826034e48306609e289
+    Authentihash:
+        MD5: 0f3a942c946055cb40ee138ceb5f57d9
+        SHA1: 2989078f9ab5fc078bf801fcdc49674e3fc1d187
+        SHA256: 5af59d6ca109b5cae3350b48b85274ce181e45be4c7f7156bdf58ca3ca7f4188
+    Description: Avast Anti Rootkit
+    Company: AVAST Software
+    InternalName: aswArPot
+    OriginalFilename: aswArPot.sys
+    FileVersion: 20.3.68.0
+    Product: 'Avast Antivirus '
+    ProductVersion: 20.3.68.0
+    Copyright: Copyright (c) 2020 AVAST Software
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - __C_specific_handler
+    - KeDelayExecutionThread
+    - IoAllocateWorkItem
+    - MmIsAddressValid
+    - MmUnlockPages
+    - ExAllocatePool
+    - RtlAnsiStringToUnicodeString
+    - KeAcquireSpinLockRaiseToDpc
+    - ZwQuerySystemInformation
+    - PsRemoveLoadImageNotifyRoutine
+    - ZwUnmapViewOfSection
+    - ZwQuerySymbolicLinkObject
+    - MmProbeAndLockPages
+    - RtlVolumeDeviceToDosName
+    - PsSetLoadImageNotifyRoutine
+    - IoGetRequestorProcessId
+    - ZwReadFile
+    - ObQueryNameString
+    - ZwOpenThreadTokenEx
+    - ZwOpenProcessTokenEx
+    - towlower
+    - NtBuildNumber
+    - ExReleaseFastMutex
+    - _wcsicmp
+    - _snwprintf
+    - RtlConvertSidToUnicodeString
+    - ObfDereferenceObject
+    - IoAllocateMdl
+    - ZwCreateSection
+    - ZwQueryInformationProcess
+    - PsGetProcessId
+    - PsCreateSystemThread
+    - ZwQueryInformationThread
+    - RtlInitUnicodeString
+    - ZwOpenSymbolicLinkObject
+    - tolower
+    - PsRemoveCreateThreadNotifyRoutine
+    - IoDeleteDevice
+    - IoBuildDeviceIoControlRequest
+    - wcsncpy
+    - IoGetDeviceObjectPointer
+    - IoGetCurrentProcess
+    - ObOpenObjectByPointer
+    - strncpy
+    - KeReleaseSpinLock
+    - _strnicmp
+    - IoFileObjectType
+    - KeStackAttachProcess
+    - PsLookupProcessByProcessId
+    - PsGetCurrentProcessId
+    - KeSetEvent
+    - PsThreadType
+    - RtlUnicodeStringToAnsiString
+    - ZwQueryInformationToken
+    - ZwMapViewOfSection
+    - strncmp
+    - ObReferenceObjectByHandle
+    - RtlGetVersion
+    - PsGetThreadId
+    - PsGetVersion
+    - KeClearEvent
+    - IoGetBaseFileSystemDeviceObject
+    - wcschr
+    - ZwSetInformationFile
+    - ZwEnumerateKey
+    - IoFreeMdl
+    - wcsstr
+    - ExAcquireFastMutex
+    - MmGetSystemRoutineAddress
+    - IoFreeWorkItem
+    - _stricmp
+    - ExAllocatePoolWithTag
+    - RtlInitString
+    - IofCallDriver
+    - IoDeviceObjectType
+    - _snprintf
+    - ExFreePoolWithTag
+    - ZwOpenFile
+    - KeSetSystemAffinityThread
+    - strstr
+    - KeInitializeEvent
+    - ObReferenceObjectByName
+    - strchr
+    - _wcsnicmp
+    - KeQueryActiveProcessors
+    - RtlEqualSid
+    - IoQueueWorkItem
+    - MmUnmapLockedPages
+    - MmMapLockedPagesSpecifyCache
+    - PsSetCreateThreadNotifyRoutine
+    - PsGetCurrentThreadId
+    - IofCompleteRequest
+    - PsGetProcessWin32Process
+    - ExEventObjectType
+    - ZwQueryInformationFile
+    - KeWaitForSingleObject
+    - IoCreateSymbolicLink
+    - PsSetCreateProcessNotifyRoutine
+    - IoDriverObjectType
+    - PsLookupThreadByThreadId
+    - IoGetDeviceInterfaces
+    - ZwClose
+    - PsTerminateSystemThread
+    - wcsrchr
+    - strrchr
+    - SeExports
+    - KeUnstackDetachProcess
+    - KeResetEvent
+    - KeRevertToUserAffinityThread
+    - ZwOpenProcess
+    - wcsncmp
+    - ZwOpenKey
+    - PsGetThreadProcess
+    - IoDetachDevice
+    - IoAttachDeviceToDeviceStackSafe
+    - IoThreadToProcess
+    - PsInitialSystemProcess
+    - IoCreateDevice
+    - KeInsertQueueDpc
+    - KeNumberProcessors
+    - KeInitializeDpc
+    - KeSetTargetProcessorDpc
+    - PsProcessType
+    - MmMapIoSpace
+    - MmUnmapIoSpace
+    - ZwDeleteFile
+    - KeAttachProcess
+    - KeDetachProcess
+    - RtlCompareUnicodeString
+    - ZwWriteFile
+    - NtClose
+    - ObfReferenceObject
+    - IoBuildSynchronousFsdRequest
+    - ZwOpenThread
+    - ZwTerminateProcess
+    - RtlEqualUnicodeString
+    - IoFreeIrp
+    - ZwQueryDirectoryObject
+    - KeBugCheck
+    - ZwOpenDirectoryObject
+    - IoAllocateIrp
+    - KdDebuggerNotPresent
+    - ZwSetSecurityObject
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - RtlGetSaclSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - RtlLengthSecurityDescriptor
+    - RtlCreateSecurityDescriptor
+    - RtlAbsoluteToSelfRelativeSD
+    - RtlAddAccessAllowedAce
+    - RtlLengthSid
+    - IoIsWdmVersionAvailable
+    - RtlSetDaclSecurityDescriptor
+    - ZwSetValueKey
+    - ZwQueryValueKey
+    - ZwCreateKey
+    - RtlFreeUnicodeString
+    - KeBugCheckEx
+    - RtlQueryRegistryValues
+    - RtlPrefixUnicodeString
+    - ExRegisterCallback
+    - ExCreateCallback
+    - ExUnregisterCallback
+    - strcmp
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=CZ, L=Praha, O=Avast Software s.r.o., OU=RE 999, CN=Avast Software
+                s.r.o.
+            ValidFrom: '2019-12-02 00:00:00'
+            ValidTo: '2022-10-19 12:00:00'
+            Signature: 874d04f17ffc50e66100207e56ecc8ae7e81c1957a7600295ead9db28842c7c05e06e8e28ccfc1e9d45d7a55d6d4a2fb74d72600a79ef5bfa53acaa4f3a4fcaf90a2554fc37742dd44c83a90880f948f5538637c0d999b03ebbf20cc001293a5639d44ad950cacfce2a337f7a24b817a5b85df89f6acf49974adee1d867373e6534a3f3558e59f87d06afe5744ec575b66c76110a595471007b209c591984f0ff20ea4c87ac405c85f42f0b105b04ec2ced11ca9cfb6aef21a3c6ae9ccd2a9cb4a9f78244751b15bfccb32ec3a52d44258bad6fc6d9f24c24700e9e1c4c0c29b9db4683c526a92934d72367620c6a89119e7a678597d7603c62b1c22f54edfad
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03f02aca051d1c9330eeabd3706e836f
+            Version: 3
+            TBS:
+                MD5: f251d9cde0901fb67831855b4a592b51
+                SHA1: cd0ac068faea4b875ded287512f20b6ba8dcb457
+                SHA256: 247e040822854e1a4cbc3488782a9e96db6bffa9bdfe36406a46e3f88695d423
+                SHA384: c6a765c300f3ee36604e9c51a9fcd18071b0cd0bd15b3ad69350f04a0b1b5ef7b71556af698a1e8988bf91cd8b2a6104
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
+            Version: 3
+            TBS:
+                MD5: 829995f702421dea833a24fb2c7f4442
+                SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
+                SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
+                SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 03f02aca051d1c9330eeabd3706e836f
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 5a489fed9ab25dab8eb1e8de57816a5b
+        SHA1: e1f992c705eb87c462152c01a8db69d1df44aacb
+        SHA256: 13fb8d5234772b9e76b9929957aa21c6a9395cc3892f69dcd599f7682daff315
+    Sections:
+        .text:
+            Entropy: 6.37980416282674
+            Virtual Size: '0x21d62'
+        .rdata:
+            Entropy: 5.714116767013148
+            Virtual Size: '0x3b1c'
+        .data:
+            Entropy: 2.7078442579876167
+            Virtual Size: '0x259b0'
+        .pdata:
+            Entropy: 5.4286864002584405
+            Virtual Size: '0x11dc'
+        PAGE:
+            Entropy: 6.273919225206701
+            Virtual Size: '0x1c4b'
+        INIT:
+            Entropy: 5.3629488423190335
+            Virtual Size: '0x13dc'
+        .rsrc:
+            Entropy: 3.284445299481583
+            Virtual Size: '0x390'
+        .reloc:
+            Entropy: 5.3833020583275815
+            Virtual Size: '0x188'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2020-04-28 12:47:01'
+    Imphash: 26150d69f50aa9247c3f3f17521d18a2
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: aswArPot.sys
+    MD5: d0a5b98788e480c12afc65ad3e6d4478
+    SHA1: 6c445ceb38d5b1212ce2e7498888dd9562a57875
+    SHA256: 3b6e85c8fed9e39b21b2eab0b69bc464272b2c92961510c36e2e2df7aa39861b
+    Authentihash:
+        MD5: 8bbe86720ded843c4a0023310a403879
+        SHA1: 2035334476f2c5f82a5e71c04bbf82aa51b2f41b
+        SHA256: 4e89a5a25969953961db2a2a1a5c73c8af48f7af169ac3fd098171556bf0854d
+    Description: Avast Anti Rootkit
+    Company: AVAST Software
+    InternalName: aswArPot
+    OriginalFilename: aswArPot.sys
+    FileVersion: 20.7.113.0
+    Product: 'Avast Antivirus '
+    ProductVersion: 20.7.113.0
+    Copyright: Copyright (c) 2020 AVAST Software
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - __C_specific_handler
+    - KeDelayExecutionThread
+    - IoAllocateWorkItem
+    - MmIsAddressValid
+    - MmUnlockPages
+    - ExAllocatePool
+    - RtlAnsiStringToUnicodeString
+    - KeAcquireSpinLockRaiseToDpc
+    - ZwQuerySystemInformation
+    - PsRemoveLoadImageNotifyRoutine
+    - ZwUnmapViewOfSection
+    - ZwQuerySymbolicLinkObject
+    - MmProbeAndLockPages
+    - RtlVolumeDeviceToDosName
+    - PsSetLoadImageNotifyRoutine
+    - IoGetRequestorProcessId
+    - ZwReadFile
+    - ObQueryNameString
+    - ZwOpenThreadTokenEx
+    - ZwOpenProcessTokenEx
+    - towlower
+    - NtBuildNumber
+    - ExReleaseFastMutex
+    - _wcsicmp
+    - _snwprintf
+    - RtlConvertSidToUnicodeString
+    - ObfDereferenceObject
+    - IoAllocateMdl
+    - ZwCreateSection
+    - ZwQueryInformationProcess
+    - PsGetProcessId
+    - PsCreateSystemThread
+    - ZwQueryInformationThread
+    - RtlInitUnicodeString
+    - ZwOpenSymbolicLinkObject
+    - tolower
+    - PsRemoveCreateThreadNotifyRoutine
+    - IoDeleteDevice
+    - IoBuildDeviceIoControlRequest
+    - wcsncpy
+    - IoGetDeviceObjectPointer
+    - IoGetCurrentProcess
+    - ObOpenObjectByPointer
+    - strncpy
+    - KeReleaseSpinLock
+    - _strnicmp
+    - IoFileObjectType
+    - KeStackAttachProcess
+    - PsLookupProcessByProcessId
+    - PsGetCurrentProcessId
+    - KeSetEvent
+    - PsThreadType
+    - RtlUnicodeStringToAnsiString
+    - ZwQueryInformationToken
+    - ZwMapViewOfSection
+    - strncmp
+    - ObReferenceObjectByHandle
+    - RtlGetVersion
+    - PsGetThreadId
+    - PsGetVersion
+    - KeClearEvent
+    - IoGetBaseFileSystemDeviceObject
+    - wcschr
+    - ZwSetInformationFile
+    - ZwEnumerateKey
+    - IoFreeMdl
+    - wcsstr
+    - ExAcquireFastMutex
+    - MmGetSystemRoutineAddress
+    - IoFreeWorkItem
+    - _stricmp
+    - ExAllocatePoolWithTag
+    - RtlInitString
+    - IofCallDriver
+    - IoDeviceObjectType
+    - _snprintf
+    - ExFreePoolWithTag
+    - ZwOpenFile
+    - KeSetSystemAffinityThread
+    - strstr
+    - KeInitializeEvent
+    - ObReferenceObjectByName
+    - strchr
+    - _wcsnicmp
+    - KeQueryActiveProcessors
+    - RtlEqualSid
+    - IoQueueWorkItem
+    - MmUnmapLockedPages
+    - MmMapLockedPagesSpecifyCache
+    - PsSetCreateThreadNotifyRoutine
+    - PsGetCurrentThreadId
+    - IofCompleteRequest
+    - PsGetProcessWin32Process
+    - ExEventObjectType
+    - ZwQueryInformationFile
+    - KeWaitForSingleObject
+    - IoCreateSymbolicLink
+    - PsSetCreateProcessNotifyRoutine
+    - IoDriverObjectType
+    - PsLookupThreadByThreadId
+    - IoGetDeviceInterfaces
+    - ZwClose
+    - PsTerminateSystemThread
+    - wcsrchr
+    - strrchr
+    - SeExports
+    - KeUnstackDetachProcess
+    - KeResetEvent
+    - KeRevertToUserAffinityThread
+    - ZwOpenProcess
+    - wcsncmp
+    - ZwOpenKey
+    - PsGetThreadProcess
+    - IoDetachDevice
+    - IoAttachDeviceToDeviceStackSafe
+    - IoThreadToProcess
+    - PsInitialSystemProcess
+    - IoCreateDevice
+    - KeInsertQueueDpc
+    - KeNumberProcessors
+    - KeInitializeDpc
+    - KeSetTargetProcessorDpc
+    - PsProcessType
+    - MmMapIoSpace
+    - MmUnmapIoSpace
+    - ZwDeleteFile
+    - KeAttachProcess
+    - KeDetachProcess
+    - RtlCompareUnicodeString
+    - ZwWriteFile
+    - NtClose
+    - ObfReferenceObject
+    - IoBuildSynchronousFsdRequest
+    - ZwOpenThread
+    - ZwTerminateProcess
+    - RtlEqualUnicodeString
+    - IoFreeIrp
+    - ZwQueryDirectoryObject
+    - KeBugCheck
+    - ZwOpenDirectoryObject
+    - IoAllocateIrp
+    - KdDebuggerNotPresent
+    - ZwSetSecurityObject
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - RtlGetSaclSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - RtlLengthSecurityDescriptor
+    - RtlCreateSecurityDescriptor
+    - RtlAbsoluteToSelfRelativeSD
+    - RtlAddAccessAllowedAce
+    - RtlLengthSid
+    - IoIsWdmVersionAvailable
+    - RtlSetDaclSecurityDescriptor
+    - ZwSetValueKey
+    - ZwQueryValueKey
+    - ZwCreateKey
+    - RtlFreeUnicodeString
+    - KeBugCheckEx
+    - RtlQueryRegistryValues
+    - RtlPrefixUnicodeString
+    - ExRegisterCallback
+    - ExCreateCallback
+    - ExUnregisterCallback
+    - strcmp
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=CZ, L=Praha, O=Avast Software s.r.o., OU=RE 999, CN=Avast Software
+                s.r.o.
+            ValidFrom: '2019-12-02 00:00:00'
+            ValidTo: '2022-10-19 12:00:00'
+            Signature: 874d04f17ffc50e66100207e56ecc8ae7e81c1957a7600295ead9db28842c7c05e06e8e28ccfc1e9d45d7a55d6d4a2fb74d72600a79ef5bfa53acaa4f3a4fcaf90a2554fc37742dd44c83a90880f948f5538637c0d999b03ebbf20cc001293a5639d44ad950cacfce2a337f7a24b817a5b85df89f6acf49974adee1d867373e6534a3f3558e59f87d06afe5744ec575b66c76110a595471007b209c591984f0ff20ea4c87ac405c85f42f0b105b04ec2ced11ca9cfb6aef21a3c6ae9ccd2a9cb4a9f78244751b15bfccb32ec3a52d44258bad6fc6d9f24c24700e9e1c4c0c29b9db4683c526a92934d72367620c6a89119e7a678597d7603c62b1c22f54edfad
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03f02aca051d1c9330eeabd3706e836f
+            Version: 3
+            TBS:
+                MD5: f251d9cde0901fb67831855b4a592b51
+                SHA1: cd0ac068faea4b875ded287512f20b6ba8dcb457
+                SHA256: 247e040822854e1a4cbc3488782a9e96db6bffa9bdfe36406a46e3f88695d423
+                SHA384: c6a765c300f3ee36604e9c51a9fcd18071b0cd0bd15b3ad69350f04a0b1b5ef7b71556af698a1e8988bf91cd8b2a6104
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
+            Version: 3
+            TBS:
+                MD5: 829995f702421dea833a24fb2c7f4442
+                SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
+                SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
+                SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 03f02aca051d1c9330eeabd3706e836f
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            Version: 1
+    RichPEHeaderHash:
+        MD5: e8033ae063a3483aec0d2fa55081ff62
+        SHA1: fef047c18b115c601ddfd833e1cb5784ca1afbd7
+        SHA256: fe30a08a31a5f4687353c7b08444b72fb6402a51b0586f0ade667983f833c4a5
+    Sections:
+        .text:
+            Entropy: 6.382035112661383
+            Virtual Size: '0x21e62'
+        .rdata:
+            Entropy: 5.715693652903285
+            Virtual Size: '0x3b24'
+        .data:
+            Entropy: 2.7169953597230534
+            Virtual Size: '0x259b0'
+        .pdata:
+            Entropy: 5.4323977966026975
+            Virtual Size: '0x11dc'
+        PAGE:
+            Entropy: 6.273110218235552
+            Virtual Size: '0x1c4b'
+        INIT:
+            Entropy: 5.36403021726766
+            Virtual Size: '0x13dc'
+        .rsrc:
+            Entropy: 3.2877883121595066
+            Virtual Size: '0x398'
+        .reloc:
+            Entropy: 5.3833020583275815
+            Virtual Size: '0x188'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2020-08-21 04:32:58'
+    Imphash: 26150d69f50aa9247c3f3f17521d18a2
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: aswArPot.sys
+    MD5: 84c4d8ae023ca9bb60694fa467141247
+    SHA1: 79f1a6f5486523e6d8dcfef696bc949fc767613d
+    SHA256: 4da08c0681fbe028b60a1eaf5cb8890bd3eba4d0e6a8b976495ddcd315e147ba
+    Authentihash:
+        MD5: 739b545edae1f711d7c566f740cdc018
+        SHA1: a3eb3e15e851a8744781889ca4e728bb9c67070f
+        SHA256: cd3b38875c8b727f18cec382698624679d6413f02cf33d82a7c93b9595860b6d
+    Description: Avast anti rootkit
+    Company: AVAST Software
+    InternalName: aswArPot.sys
+    OriginalFilename: aswArPot.sys
+    FileVersion: 18.7.4016.0
+    Product: 'Avast Antivirus '
+    ProductVersion: 18.7.4016.0
+    Copyright: Copyright (c) 2018 AVAST Software
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - wcschr
+    - MmUnmapLockedPages
+    - _stricmp
+    - _wcsicmp
+    - towlower
+    - _strnicmp
+    - ExAllocatePoolWithTag
+    - PsGetProcessWin32Process
+    - KeClearEvent
+    - RtlVolumeDeviceToDosName
+    - KeQueryActiveProcessors
+    - RtlConvertSidToUnicodeString
+    - IoBuildDeviceIoControlRequest
+    - ExFreePoolWithTag
+    - KeResetEvent
+    - ExReleaseFastMutex
+    - IoGetBaseFileSystemDeviceObject
+    - strncmp
+    - ZwOpenThreadTokenEx
+    - RtlAnsiStringToUnicodeString
+    - ExAcquireFastMutex
+    - PsSetLoadImageNotifyRoutine
+    - _snwprintf
+    - NtBuildNumber
+    - PsRemoveCreateThreadNotifyRoutine
+    - PsLookupProcessByProcessId
+    - ZwQuerySymbolicLinkObject
+    - _wcsnicmp
+    - ZwReadFile
+    - strstr
+    - ZwMapViewOfSection
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeSetEvent
+    - wcsncpy
+    - RtlEqualSid
+    - strchr
+    - IoFreeWorkItem
+    - MmGetSystemRoutineAddress
+    - KeInitializeEvent
+    - PsSetCreateThreadNotifyRoutine
+    - RtlUnicodeStringToAnsiString
+    - _snprintf
+    - RtlGetVersion
+    - ZwQuerySystemInformation
+    - RtlInitString
+    - KeReleaseSpinLock
+    - PsSetCreateProcessNotifyRoutine
+    - ZwOpenSymbolicLinkObject
+    - IoFreeMdl
+    - KeUnstackDetachProcess
+    - ZwOpenProcessTokenEx
+    - ZwSetInformationFile
+    - KeDelayExecutionThread
+    - ObQueryNameString
+    - strncpy
+    - IoFileObjectType
+    - IoDriverObjectType
+    - wcsrchr
+    - wcsstr
+    - PsCreateSystemThread
+    - MmMapLockedPagesSpecifyCache
+    - IoGetDeviceObjectPointer
+    - ZwUnmapViewOfSection
+    - ExAllocatePool
+    - PsTerminateSystemThread
+    - IoGetCurrentProcess
+    - ExEventObjectType
+    - IoAllocateWorkItem
+    - ZwClose
+    - IofCompleteRequest
+    - ObReferenceObjectByHandle
+    - KeWaitForSingleObject
+    - PsRemoveLoadImageNotifyRoutine
+    - IoGetRequestorProcessId
+    - MmProbeAndLockPages
+    - PsGetVersion
+    - KeRevertToUserAffinityThread
+    - PsThreadType
+    - IoGetDeviceInterfaces
+    - ZwOpenProcess
+    - SeExports
+    - MmUnlockPages
+    - strrchr
+    - ZwQueryInformationProcess
+    - IoCreateSymbolicLink
+    - PsGetCurrentThreadId
+    - PsGetCurrentProcessId
+    - KeSetSystemAffinityThread
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - ZwCreateSection
+    - ObReferenceObjectByName
+    - IoQueueWorkItem
+    - IoDeviceObjectType
+    - ZwOpenFile
+    - wcsncmp
+    - ZwQueryInformationToken
+    - ZwQueryInformationFile
+    - ZwQueryInformationThread
+    - ObOpenObjectByPointer
+    - KeStackAttachProcess
+    - PsLookupThreadByThreadId
+    - ZwEnumerateKey
+    - IoAllocateMdl
+    - IofCallDriver
+    - ZwOpenKey
+    - KeAcquireSpinLockRaiseToDpc
+    - IoThreadToProcess
+    - IoAttachDeviceToDeviceStackSafe
+    - IoDetachDevice
+    - PsInitialSystemProcess
+    - IoCreateDevice
+    - PsProcessType
+    - KeDetachProcess
+    - KeAttachProcess
+    - ZwDeleteFile
+    - IoBuildSynchronousFsdRequest
+    - NtClose
+    - RtlCompareUnicodeString
+    - ObfReferenceObject
+    - ZwWriteFile
+    - ZwOpenThread
+    - ZwTerminateProcess
+    - RtlEqualUnicodeString
+    - ZwOpenDirectoryObject
+    - KeBugCheck
+    - ZwQueryDirectoryObject
+    - IoFreeIrp
+    - IoAllocateIrp
+    - KdDebuggerNotPresent
+    - KeSetTargetProcessorDpc
+    - KeInitializeDpc
+    - KeInsertQueueDpc
+    - KeNumberProcessors
+    - KeBugCheckEx
+    - ZwSetSecurityObject
+    - RtlLengthSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - RtlCreateSecurityDescriptor
+    - RtlSetDaclSecurityDescriptor
+    - RtlAbsoluteToSelfRelativeSD
+    - IoIsWdmVersionAvailable
+    - RtlLengthSid
+    - RtlAddAccessAllowedAce
+    - RtlGetSaclSecurityDescriptor
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - ZwCreateKey
+    - ZwQueryValueKey
+    - ZwSetValueKey
+    - RtlFreeUnicodeString
+    - RtlQueryRegistryValues
+    - RtlPrefixUnicodeString
+    - ExUnregisterCallback
+    - ExRegisterCallback
+    - ExCreateCallback
+    - __C_specific_handler
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=CZ, L=Praha 4, O=AVAST Software s.r.o., CN=AVAST Software s.r.o.
+            ValidFrom: '2016-09-06 00:00:00'
+            ValidTo: '2019-10-04 12:00:00'
+            Signature: 56220de8a9a65fffbff97ff463c4026ec9be68fe98bfa0b20a722df84322a44dbc98f25b87ee42da3a06a6cedef076de22e0d7e02d41201156875341cd24badedb8aa5afa133e9ed688fc45aeb37a74fbe399828143561fd717fa7bed97cb5d42643494462fef349f3300daff13660a9e50f85d1110de96d1300e0e730d2b6689fd53eb7a72f4f3112dffa2c1caf17cb64c22509d82b5ce1c2181c2faac22fce3981e683183d6da50d1c17dec375c370f5feb5abfbc6dca4cdd47a5b14375870de6dc346361d8997e79f19819f5168f9b01c9aacc210f2322248adc375a2782b64881c6a557677815c39b024555cc0adca920a617e0ecb385eb47213b1553c80
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 07c70f7cab145bc1ed385fbe69fa3130
+            Version: 3
+            TBS:
+                MD5: 2e1a5012cbe8b95785c794bc1c5584c3
+                SHA1: f4753b06b08938794c32c2475cee663143036d08
+                SHA256: fcad609a3259e3ca079248302a7e694f40e66a7090e510c8c3e821d7a8da82a5
+                SHA384: 08a8396996a9ecb96b22a85d6adf3f8b1117f3a880b1d4af12e4de8e8005897a7073d6d5368cb92f701f466ec227e2a6
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
+            Version: 3
+            TBS:
+                MD5: 829995f702421dea833a24fb2c7f4442
+                SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
+                SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
+                SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 07c70f7cab145bc1ed385fbe69fa3130
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 382c4767d71156621da4d8ab3193017a
+        SHA1: 20e40fd8dd4465dfd940c017e5cb26819d5cbed7
+        SHA256: cc76cbedaf6062b99e917cf31a8cce723c854d10d1afd041e4ca85ceabb39c4b
+    Sections:
+        .text:
+            Entropy: 6.335598955768239
+            Virtual Size: '0x2133c'
+        .rdata:
+            Entropy: 5.842242988112416
+            Virtual Size: '0x30bc'
+        .data:
+            Entropy: 1.9686843664265543
+            Virtual Size: '0x25ac0'
+        .pdata:
+            Entropy: 5.347767841792384
+            Virtual Size: '0x10a4'
+        PAGE:
+            Entropy: 6.236243477409071
+            Virtual Size: '0x19f7'
+        INIT:
+            Entropy: 5.308986664848571
+            Virtual Size: '0x130e'
+        .rsrc:
+            Entropy: 3.3372757283734344
+            Virtual Size: '0x370'
+        .reloc:
+            Entropy: 2.585838337225609
+            Virtual Size: '0x4ba'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2018-09-24 07:23:41'
+    Imphash: dd406d43857d7f5ad1b0aec04fdb7e5f
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: aswArPot.sys
+    MD5: 14add4f16d80595e6e816abf038141e5
+    SHA1: 218e4bbdd5ce810c48b938307d01501c442b75f4
+    SHA256: 5bd41a29cbba0d24e639f49d1f201b9bd119b11f5e3b8a5fefa3a5c6f1e7692c
+    Authentihash:
+        MD5: d81a508b30f8107d9b43c7eef68821b9
+        SHA1: c1c619cdc11eecf093afe9d9a96a3236d1dab348
+        SHA256: 0bc755f3e24023d931c637b4c734ae3a4d50567c87fd025114e0520413721751
+    Description: AVG Anti Rootkit
+    Company: AVG Technologies CZ, s.r.o.
+    InternalName: aswArPot
+    OriginalFilename: aswArPot.sys
+    FileVersion: 20.6.107.0
+    Product: 'AVG Internet Security System '
+    ProductVersion: 20.6.107.0
+    Copyright: Copyright (C) 2020 AVG Technologies CZ, s.r.o.
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - __C_specific_handler
+    - KeDelayExecutionThread
+    - IoAllocateWorkItem
+    - MmIsAddressValid
+    - MmUnlockPages
+    - ExAllocatePool
+    - RtlAnsiStringToUnicodeString
+    - KeAcquireSpinLockRaiseToDpc
+    - ZwQuerySystemInformation
+    - PsRemoveLoadImageNotifyRoutine
+    - ZwUnmapViewOfSection
+    - ZwQuerySymbolicLinkObject
+    - MmProbeAndLockPages
+    - RtlVolumeDeviceToDosName
+    - PsSetLoadImageNotifyRoutine
+    - IoGetRequestorProcessId
+    - ZwReadFile
+    - ObQueryNameString
+    - ZwOpenThreadTokenEx
+    - ZwOpenProcessTokenEx
+    - towlower
+    - NtBuildNumber
+    - ExReleaseFastMutex
+    - _wcsicmp
+    - _snwprintf
+    - RtlConvertSidToUnicodeString
+    - ObfDereferenceObject
+    - IoAllocateMdl
+    - ZwCreateSection
+    - ZwQueryInformationProcess
+    - PsGetProcessId
+    - PsCreateSystemThread
+    - ZwQueryInformationThread
+    - RtlInitUnicodeString
+    - ZwOpenSymbolicLinkObject
+    - tolower
+    - PsRemoveCreateThreadNotifyRoutine
+    - IoDeleteDevice
+    - IoBuildDeviceIoControlRequest
+    - wcsncpy
+    - IoGetDeviceObjectPointer
+    - IoGetCurrentProcess
+    - ObOpenObjectByPointer
+    - strncpy
+    - KeReleaseSpinLock
+    - _strnicmp
+    - IoFileObjectType
+    - KeStackAttachProcess
+    - PsLookupProcessByProcessId
+    - PsGetCurrentProcessId
+    - KeSetEvent
+    - PsThreadType
+    - RtlUnicodeStringToAnsiString
+    - ZwQueryInformationToken
+    - ZwMapViewOfSection
+    - strncmp
+    - ObReferenceObjectByHandle
+    - RtlGetVersion
+    - PsGetThreadId
+    - PsGetVersion
+    - KeClearEvent
+    - IoGetBaseFileSystemDeviceObject
+    - wcschr
+    - ZwSetInformationFile
+    - ZwEnumerateKey
+    - IoFreeMdl
+    - wcsstr
+    - ExAcquireFastMutex
+    - MmGetSystemRoutineAddress
+    - IoFreeWorkItem
+    - _stricmp
+    - ExAllocatePoolWithTag
+    - RtlInitString
+    - IofCallDriver
+    - IoDeviceObjectType
+    - _snprintf
+    - ExFreePoolWithTag
+    - ZwOpenFile
+    - KeSetSystemAffinityThread
+    - strstr
+    - KeInitializeEvent
+    - ObReferenceObjectByName
+    - strchr
+    - _wcsnicmp
+    - KeQueryActiveProcessors
+    - RtlEqualSid
+    - IoQueueWorkItem
+    - MmUnmapLockedPages
+    - MmMapLockedPagesSpecifyCache
+    - PsSetCreateThreadNotifyRoutine
+    - PsGetCurrentThreadId
+    - IofCompleteRequest
+    - PsGetProcessWin32Process
+    - ExEventObjectType
+    - ZwQueryInformationFile
+    - KeWaitForSingleObject
+    - IoCreateSymbolicLink
+    - PsSetCreateProcessNotifyRoutine
+    - IoDriverObjectType
+    - PsLookupThreadByThreadId
+    - IoGetDeviceInterfaces
+    - ZwClose
+    - PsTerminateSystemThread
+    - wcsrchr
+    - strrchr
+    - SeExports
+    - KeUnstackDetachProcess
+    - KeResetEvent
+    - KeRevertToUserAffinityThread
+    - ZwOpenProcess
+    - wcsncmp
+    - ZwOpenKey
+    - PsGetThreadProcess
+    - IoDetachDevice
+    - IoAttachDeviceToDeviceStackSafe
+    - IoThreadToProcess
+    - PsInitialSystemProcess
+    - IoCreateDevice
+    - KeInsertQueueDpc
+    - KeNumberProcessors
+    - KeInitializeDpc
+    - KeSetTargetProcessorDpc
+    - PsProcessType
+    - MmMapIoSpace
+    - MmUnmapIoSpace
+    - ZwDeleteFile
+    - KeAttachProcess
+    - KeDetachProcess
+    - RtlCompareUnicodeString
+    - ZwWriteFile
+    - NtClose
+    - ObfReferenceObject
+    - IoBuildSynchronousFsdRequest
+    - ZwOpenThread
+    - ZwTerminateProcess
+    - RtlEqualUnicodeString
+    - IoFreeIrp
+    - ZwQueryDirectoryObject
+    - KeBugCheck
+    - ZwOpenDirectoryObject
+    - IoAllocateIrp
+    - KdDebuggerNotPresent
+    - ZwSetSecurityObject
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - RtlGetSaclSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - RtlLengthSecurityDescriptor
+    - RtlCreateSecurityDescriptor
+    - RtlAbsoluteToSelfRelativeSD
+    - RtlAddAccessAllowedAce
+    - RtlLengthSid
+    - IoIsWdmVersionAvailable
+    - RtlSetDaclSecurityDescriptor
+    - ZwSetValueKey
+    - ZwQueryValueKey
+    - ZwCreateKey
+    - RtlFreeUnicodeString
+    - KeBugCheckEx
+    - RtlQueryRegistryValues
+    - RtlPrefixUnicodeString
+    - ExRegisterCallback
+    - ExCreateCallback
+    - ExUnregisterCallback
+    - strcmp
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: C=US, ST=North Carolina, L=Newton, O=AVG Technologies USA, LLC,
+                OU=RE 999, CN=AVG Technologies USA, LLC
+            ValidFrom: '2020-01-27 00:00:00'
+            ValidTo: '2022-10-20 12:00:00'
+            Signature: b02cbaf178caf97fa7c0182c25b4c97d4e68127e4d5634609757bcbc051eb94254bb50e112e72505e7f9c6dbd92622287bacbcd726fa911b3b3e36ccc88f8794e980c0b0409efc87fb04d88a15df20dedb23ced152779b799359e4d3b553eb4c6c6ea61216899a0d9cc97de7f7e21ce374d5430e2dcfbb3b6f653db2d236f59bb22bd65e0787a65610c4fde1463a5be08e4710fb4e1ae7c00080edb315995b06297431ce4a9821d1050aa7061ef26c182482d09ba42001ab103c882c01f312411130490aa7820ff72902e723a864b881066e2d7883afdb5ba9d3027550f6a3761669e42b425ad61f76e2add3dd012558bd769b76f8f37843243dfbd0a2efa363
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03ec0c9015079fab8a6f3fc9f839311c
+            Version: 3
+            TBS:
+                MD5: bf2831557abdf7e58917d0a2608080a5
+                SHA1: 24ece342e4c4f2f17f32e6924f48c240ad6300ff
+                SHA256: 1afa061865098b2da9d030bc9f5815ad98e59fa847903692e52d6ba0bbf260dd
+                SHA384: 0bed85528163e2befed14755c2dcaf02acea62bdf352d3f964cfeaa2883bebea3e186aa26ce12e4df1dfd6d235bf9bb6
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
+            Version: 3
+            TBS:
+                MD5: 829995f702421dea833a24fb2c7f4442
+                SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
+                SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
+                SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 03ec0c9015079fab8a6f3fc9f839311c
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            Version: 1
+    RichPEHeaderHash:
+        MD5: e8033ae063a3483aec0d2fa55081ff62
+        SHA1: fef047c18b115c601ddfd833e1cb5784ca1afbd7
+        SHA256: fe30a08a31a5f4687353c7b08444b72fb6402a51b0586f0ade667983f833c4a5
+    Sections:
+        .text:
+            Entropy: 6.379234008066875
+            Virtual Size: '0x21da2'
+        .rdata:
+            Entropy: 5.719682007707807
+            Virtual Size: '0x3b1c'
+        .data:
+            Entropy: 2.6876888382903856
+            Virtual Size: '0x259b0'
+        .pdata:
+            Entropy: 5.428586674221124
+            Virtual Size: '0x11dc'
+        PAGE:
+            Entropy: 6.274427019122509
+            Virtual Size: '0x1c4b'
+        INIT:
+            Entropy: 5.364309660201566
+            Virtual Size: '0x13dc'
+        .rsrc:
+            Entropy: 3.3651905689793145
+            Virtual Size: '0x3d8'
+        .reloc:
+            Entropy: 5.3833020583275815
+            Virtual Size: '0x188'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2020-07-23 06:09:55'
+    Imphash: 26150d69f50aa9247c3f3f17521d18a2
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: aswArPot.sys
+    MD5: 53bb10742e10991af4ad280fcb134151
+    SHA1: d6b1b3311263bfb170f2091d22f373c2215051b7
+    SHA256: 65008817eb97635826a8708a6411d7b50f762bab81304e457119d669382944c3
+    Authentihash:
+        MD5: 04a76d94db489fdaf72161aa467b2acb
+        SHA1: 57d45edbab6745991e54c3e50f768eb5714a76cd
+        SHA256: 9d736f624a306d6e2399778dd92ab7f4f7ab33c6ca0528657bc026214f990a4f
+    Description: Avast anti rootkit
+    Company: AVAST Software
+    InternalName: aswArPot.sys
+    OriginalFilename: aswArPot.sys
+    FileVersion: 19.5.4220.0
+    Product: 'Avast Antivirus '
+    ProductVersion: 19.5.4220.0
+    Copyright: Copyright (c) 2019 AVAST Software
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - wcschr
+    - MmUnmapLockedPages
+    - _stricmp
+    - _wcsicmp
+    - towlower
+    - _strnicmp
+    - ExAllocatePoolWithTag
+    - PsGetProcessWin32Process
+    - KeClearEvent
+    - RtlVolumeDeviceToDosName
+    - KeQueryActiveProcessors
+    - RtlConvertSidToUnicodeString
+    - IoBuildDeviceIoControlRequest
+    - ExFreePoolWithTag
+    - KeResetEvent
+    - ExReleaseFastMutex
+    - IoGetBaseFileSystemDeviceObject
+    - strncmp
+    - ZwOpenThreadTokenEx
+    - RtlAnsiStringToUnicodeString
+    - ExAcquireFastMutex
+    - PsSetLoadImageNotifyRoutine
+    - _snwprintf
+    - NtBuildNumber
+    - PsRemoveCreateThreadNotifyRoutine
+    - PsLookupProcessByProcessId
+    - ZwQuerySymbolicLinkObject
+    - _wcsnicmp
+    - ZwReadFile
+    - strstr
+    - ZwMapViewOfSection
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeSetEvent
+    - wcsncpy
+    - RtlEqualSid
+    - strchr
+    - IoFreeWorkItem
+    - MmGetSystemRoutineAddress
+    - KeInitializeEvent
+    - PsSetCreateThreadNotifyRoutine
+    - RtlUnicodeStringToAnsiString
+    - _snprintf
+    - RtlGetVersion
+    - ZwQuerySystemInformation
+    - RtlInitString
+    - KeReleaseSpinLock
+    - PsGetThreadId
+    - PsSetCreateProcessNotifyRoutine
+    - ZwOpenSymbolicLinkObject
+    - IoFreeMdl
+    - KeUnstackDetachProcess
+    - ZwOpenProcessTokenEx
+    - ZwSetInformationFile
+    - tolower
+    - KeDelayExecutionThread
+    - ObQueryNameString
+    - strncpy
+    - IoFileObjectType
+    - IoDriverObjectType
+    - wcsrchr
+    - wcsstr
+    - PsCreateSystemThread
+    - MmMapLockedPagesSpecifyCache
+    - IoGetDeviceObjectPointer
+    - ZwUnmapViewOfSection
+    - ExAllocatePool
+    - PsTerminateSystemThread
+    - IoGetCurrentProcess
+    - ExEventObjectType
+    - IoAllocateWorkItem
+    - ZwClose
+    - IofCompleteRequest
+    - PsGetThreadProcess
+    - ObReferenceObjectByHandle
+    - KeWaitForSingleObject
+    - PsRemoveLoadImageNotifyRoutine
+    - IoGetRequestorProcessId
+    - MmProbeAndLockPages
+    - PsGetVersion
+    - KeRevertToUserAffinityThread
+    - PsThreadType
+    - IoGetDeviceInterfaces
+    - ZwOpenProcess
+    - SeExports
+    - MmUnlockPages
+    - strrchr
+    - ZwQueryInformationProcess
+    - IoCreateSymbolicLink
+    - PsGetCurrentThreadId
+    - PsGetCurrentProcessId
+    - KeSetSystemAffinityThread
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - ZwCreateSection
+    - ObReferenceObjectByName
+    - IoQueueWorkItem
+    - IoDeviceObjectType
+    - ZwOpenFile
+    - wcsncmp
+    - ZwQueryInformationToken
+    - ZwQueryInformationFile
+    - ZwQueryInformationThread
+    - ObOpenObjectByPointer
+    - PsGetProcessId
+    - KeStackAttachProcess
+    - PsLookupThreadByThreadId
+    - ZwEnumerateKey
+    - IoAllocateMdl
+    - IofCallDriver
+    - ZwOpenKey
+    - KeAcquireSpinLockRaiseToDpc
+    - IoThreadToProcess
+    - IoAttachDeviceToDeviceStackSafe
+    - IoDetachDevice
+    - PsInitialSystemProcess
+    - IoCreateDevice
+    - PsProcessType
+    - MmUnmapIoSpace
+    - KeDetachProcess
+    - MmMapIoSpace
+    - KeAttachProcess
+    - ZwDeleteFile
+    - IoBuildSynchronousFsdRequest
+    - NtClose
+    - RtlCompareUnicodeString
+    - ObfReferenceObject
+    - ZwWriteFile
+    - ZwOpenThread
+    - ZwTerminateProcess
+    - RtlEqualUnicodeString
+    - ZwOpenDirectoryObject
+    - KeBugCheck
+    - ZwQueryDirectoryObject
+    - IoFreeIrp
+    - IoAllocateIrp
+    - KdDebuggerNotPresent
+    - KeSetTargetProcessorDpc
+    - KeInitializeDpc
+    - KeInsertQueueDpc
+    - KeNumberProcessors
+    - KeBugCheckEx
+    - ZwSetSecurityObject
+    - RtlLengthSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - RtlCreateSecurityDescriptor
+    - RtlSetDaclSecurityDescriptor
+    - RtlAbsoluteToSelfRelativeSD
+    - IoIsWdmVersionAvailable
+    - RtlLengthSid
+    - RtlAddAccessAllowedAce
+    - RtlGetSaclSecurityDescriptor
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - ZwCreateKey
+    - ZwQueryValueKey
+    - ZwSetValueKey
+    - RtlFreeUnicodeString
+    - RtlQueryRegistryValues
+    - RtlPrefixUnicodeString
+    - ExUnregisterCallback
+    - ExRegisterCallback
+    - ExCreateCallback
+    - __C_specific_handler
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=CZ, L=Praha 4, O=AVAST Software s.r.o., CN=AVAST Software s.r.o.
+            ValidFrom: '2016-09-06 00:00:00'
+            ValidTo: '2019-10-04 12:00:00'
+            Signature: 56220de8a9a65fffbff97ff463c4026ec9be68fe98bfa0b20a722df84322a44dbc98f25b87ee42da3a06a6cedef076de22e0d7e02d41201156875341cd24badedb8aa5afa133e9ed688fc45aeb37a74fbe399828143561fd717fa7bed97cb5d42643494462fef349f3300daff13660a9e50f85d1110de96d1300e0e730d2b6689fd53eb7a72f4f3112dffa2c1caf17cb64c22509d82b5ce1c2181c2faac22fce3981e683183d6da50d1c17dec375c370f5feb5abfbc6dca4cdd47a5b14375870de6dc346361d8997e79f19819f5168f9b01c9aacc210f2322248adc375a2782b64881c6a557677815c39b024555cc0adca920a617e0ecb385eb47213b1553c80
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 07c70f7cab145bc1ed385fbe69fa3130
+            Version: 3
+            TBS:
+                MD5: 2e1a5012cbe8b95785c794bc1c5584c3
+                SHA1: f4753b06b08938794c32c2475cee663143036d08
+                SHA256: fcad609a3259e3ca079248302a7e694f40e66a7090e510c8c3e821d7a8da82a5
+                SHA384: 08a8396996a9ecb96b22a85d6adf3f8b1117f3a880b1d4af12e4de8e8005897a7073d6d5368cb92f701f466ec227e2a6
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
+            Version: 3
+            TBS:
+                MD5: 829995f702421dea833a24fb2c7f4442
+                SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
+                SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
+                SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 07c70f7cab145bc1ed385fbe69fa3130
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 75b13c227d5208aed34b2687daf4ff12
+        SHA1: 74ea061adc0690a674274c70e479258dff68f6b5
+        SHA256: 89b1537c5094e9ccb980e1cbc109f742c686ac06078ce71c08767731dbafdc39
+    Sections:
+        .text:
+            Entropy: 6.3409113169982545
+            Virtual Size: '0x22b1c'
+        .rdata:
+            Entropy: 5.834805352276382
+            Virtual Size: '0x31ac'
+        .data:
+            Entropy: 2.1705229343232895
+            Virtual Size: '0x25c18'
+        .pdata:
+            Entropy: 5.371310934717328
+            Virtual Size: '0x1164'
+        PAGE:
+            Entropy: 6.238662007032819
+            Virtual Size: '0x19f7'
+        INIT:
+            Entropy: 5.296549178381908
+            Virtual Size: '0x13a2'
+        .rsrc:
+            Entropy: 3.3396388867302216
+            Virtual Size: '0x370'
+        .reloc:
+            Entropy: 2.762350280644424
+            Virtual Size: '0x4f4'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2019-04-30 05:59:06'
+    Imphash: 62dbb90b4be9282d52aff9ae1a101d6b
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: aswArPot.sys
+    MD5: 045ef7a39288ba1f4b8d6eca43def44f
+    SHA1: a0bf00e4ef2b1a79ccf2361c6b303688641ed94c
+    SHA256: 6e0aa67cfdbe27a059cbd066443337f81c5b6d37444d14792d1c765d9d122dcf
+    Authentihash:
+        MD5: ef1a7d935ae5e49c42d632f550e6f5e0
+        SHA1: a62c27dedfb91de6404e2358fdd14b67fdb43767
+        SHA256: 596c497e7e405ceb79ba0ba45f993125d88d50fc18867048d0c7a356ebd0c0ed
+    Description: AVG anti rootkit
+    Company: AVG Technologies CZ, s.r.o.
+    InternalName: aswArPot.sys
+    OriginalFilename: aswArPot.sys
+    FileVersion: 19.6.4235.0
+    Product: 'AVG Internet Security System '
+    ProductVersion: 19.6.4235.0
+    Copyright: Copyright (C) 2019 AVG Technologies CZ, s.r.o.
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - wcschr
+    - MmUnmapLockedPages
+    - _stricmp
+    - _wcsicmp
+    - towlower
+    - _strnicmp
+    - ExAllocatePoolWithTag
+    - PsGetProcessWin32Process
+    - KeClearEvent
+    - RtlVolumeDeviceToDosName
+    - KeQueryActiveProcessors
+    - RtlConvertSidToUnicodeString
+    - IoBuildDeviceIoControlRequest
+    - ExFreePoolWithTag
+    - KeResetEvent
+    - ExReleaseFastMutex
+    - IoGetBaseFileSystemDeviceObject
+    - strncmp
+    - ZwOpenThreadTokenEx
+    - RtlAnsiStringToUnicodeString
+    - ExAcquireFastMutex
+    - PsSetLoadImageNotifyRoutine
+    - _snwprintf
+    - NtBuildNumber
+    - PsRemoveCreateThreadNotifyRoutine
+    - PsLookupProcessByProcessId
+    - ZwQuerySymbolicLinkObject
+    - _wcsnicmp
+    - ZwReadFile
+    - strstr
+    - ZwMapViewOfSection
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeSetEvent
+    - wcsncpy
+    - RtlEqualSid
+    - strchr
+    - IoFreeWorkItem
+    - MmGetSystemRoutineAddress
+    - KeInitializeEvent
+    - PsSetCreateThreadNotifyRoutine
+    - RtlUnicodeStringToAnsiString
+    - _snprintf
+    - RtlGetVersion
+    - ZwQuerySystemInformation
+    - RtlInitString
+    - KeReleaseSpinLock
+    - PsGetThreadId
+    - PsSetCreateProcessNotifyRoutine
+    - ZwOpenSymbolicLinkObject
+    - IoFreeMdl
+    - KeUnstackDetachProcess
+    - ZwOpenProcessTokenEx
+    - ZwSetInformationFile
+    - tolower
+    - KeDelayExecutionThread
+    - ObQueryNameString
+    - strncpy
+    - IoFileObjectType
+    - IoDriverObjectType
+    - wcsrchr
+    - wcsstr
+    - PsCreateSystemThread
+    - MmMapLockedPagesSpecifyCache
+    - IoGetDeviceObjectPointer
+    - ZwUnmapViewOfSection
+    - ExAllocatePool
+    - PsTerminateSystemThread
+    - IoGetCurrentProcess
+    - ExEventObjectType
+    - IoAllocateWorkItem
+    - ZwClose
+    - IofCompleteRequest
+    - PsGetThreadProcess
+    - ObReferenceObjectByHandle
+    - KeWaitForSingleObject
+    - PsRemoveLoadImageNotifyRoutine
+    - IoGetRequestorProcessId
+    - MmProbeAndLockPages
+    - PsGetVersion
+    - KeRevertToUserAffinityThread
+    - PsThreadType
+    - IoGetDeviceInterfaces
+    - ZwOpenProcess
+    - SeExports
+    - MmUnlockPages
+    - strrchr
+    - ZwQueryInformationProcess
+    - IoCreateSymbolicLink
+    - PsGetCurrentThreadId
+    - PsGetCurrentProcessId
+    - KeSetSystemAffinityThread
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - ZwCreateSection
+    - ObReferenceObjectByName
+    - IoQueueWorkItem
+    - IoDeviceObjectType
+    - ZwOpenFile
+    - wcsncmp
+    - ZwQueryInformationToken
+    - ZwQueryInformationFile
+    - ZwQueryInformationThread
+    - ObOpenObjectByPointer
+    - PsGetProcessId
+    - KeStackAttachProcess
+    - PsLookupThreadByThreadId
+    - ZwEnumerateKey
+    - IoAllocateMdl
+    - IofCallDriver
+    - ZwOpenKey
+    - KeAcquireSpinLockRaiseToDpc
+    - IoThreadToProcess
+    - IoAttachDeviceToDeviceStackSafe
+    - IoDetachDevice
+    - PsInitialSystemProcess
+    - IoCreateDevice
+    - PsProcessType
+    - MmUnmapIoSpace
+    - KeDetachProcess
+    - MmMapIoSpace
+    - KeAttachProcess
+    - ZwDeleteFile
+    - IoBuildSynchronousFsdRequest
+    - NtClose
+    - RtlCompareUnicodeString
+    - ObfReferenceObject
+    - ZwWriteFile
+    - ZwOpenThread
+    - ZwTerminateProcess
+    - RtlEqualUnicodeString
+    - ZwOpenDirectoryObject
+    - KeBugCheck
+    - ZwQueryDirectoryObject
+    - IoFreeIrp
+    - IoAllocateIrp
+    - KdDebuggerNotPresent
+    - KeSetTargetProcessorDpc
+    - KeInitializeDpc
+    - KeInsertQueueDpc
+    - KeNumberProcessors
+    - KeBugCheckEx
+    - ZwSetSecurityObject
+    - RtlLengthSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - RtlCreateSecurityDescriptor
+    - RtlSetDaclSecurityDescriptor
+    - RtlAbsoluteToSelfRelativeSD
+    - IoIsWdmVersionAvailable
+    - RtlLengthSid
+    - RtlAddAccessAllowedAce
+    - RtlGetSaclSecurityDescriptor
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - ZwCreateKey
+    - ZwQueryValueKey
+    - ZwSetValueKey
+    - RtlFreeUnicodeString
+    - RtlQueryRegistryValues
+    - RtlPrefixUnicodeString
+    - ExUnregisterCallback
+    - ExRegisterCallback
+    - ExCreateCallback
+    - __C_specific_handler
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID Root CA
+            ValidFrom: '2011-04-15 19:41:37'
+            ValidTo: '2021-04-15 19:51:37'
+            Signature: 5cf5b22d02ceed01b53512d813f7aa4014c7a15ca08a55ed7e55ea6ac457176fd04722423658efc5ac61c5f62c52ce6ae6c80d85dab334420ea40225182672b92a4ea57e4b16f2a0e40c449ce24d9af474f0f927a6699031c244654348c74869d0fc8409f286140ac22996857f11eb8713176ed3ec6bff1d578ab17b1ea5a07ce9a27a68e5fac6b161d67263fa379163835599f81d614f0c6fa3f7bcb1152acc8d85e31417ef7e49443fb022c0f0acbe2fdbe10c86b0f4585c5a10a94bcdf3448a4652083e0a6210e9459504b78b8d4b074f500db7bbe7fb8ca27878c6c53b7663b2cfe521845a66fce04c79834ecfa8ee700586587cc29cd73ca3ad3c7e76625c87d0ed7cd5c55b1421f4be75a275d2e9e15ad020307841624d6b5e6e1b1710244ad8588775d015d762bbfd185665842561977faad49df4f35d6da031c2e19e02ac3e90c3327ee832903416d08b14cf95accee58c54a265b8bfed186a57073ed3e79a4a2f081a041c49871a8ae61b08a365d81c31c50d9cbab368ddf45076160675fec403e7d13edfdc862e10027e661296534e7af3365879b12042d8963f35be3f8ef2999743f5e40ce13c68728c8d49d75a52b573fb7a35943a61b08482c04885c19732d39b725fa0d2348f7ef0467cf28c7294c707b0d7b5b230b81965f09c8327b0a0abd0a2727e050fb3aeddb95b9b42bcc32663456b86f11d4643edc8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611cb28a000000000026
+            Version: 3
+            TBS:
+                MD5: 983a0c315a50542362f2bd6a5d71c8d0
+                SHA1: 8047f476001f5cb16a661d2a3fd0c3576168f5e2
+                SHA256: 5f6a519ed2e35cd0fa1cdfc90f4387162c36287bbf9e4d6648251d99542a9e83
+                SHA384: 5f014b60511ddab3247ef0b3c03fe82c622237ba76015e2911d1adc50dc632d56ebd1ee532f3c2b6cbfe68d80a2c91dc
+        -   Subject: C=US, ST=North Carolina, L=Newton, O=AVG Technologies USA, Inc.,
+                OU=Release Engineering, CN=AVG Technologies USA, Inc.
+            ValidFrom: '2018-01-30 00:00:00'
+            ValidTo: '2021-01-22 12:00:00'
+            Signature: 64a3846966f4f2a1ffd87657c43ac13664775a70d059fd4447ee6588de3e0bf2b1a228291c0a01222cab6b4bbbcaabb94662396476d5525c952e7fd0048588028be1ba1c55c1ac200b523e7234ded93661acf83becee39c27823e22ec23d4ff8266eea3241ed9fbfd6bba155c7c39ed31db5e810dd7ea0858b0a2e9b824f23b9002f04e35375d54e5237f575e221914fd6a11590fdac7bc2ee5d66eb08e3c560414f6144111bef12350d70d9bdc513fb8d2407de5f1c7cca824feb4fb2a51057c2609f8d6419078879d64840ed870385d645f08f022a306ba5309883eacf4967dbbeb36961c73f2ed047d6cf85d2c3ee86c9913e8374be078155a4ffa36d9fa8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0557955e02a6b53dd1d574ede15f310e
+            Version: 3
+            TBS:
+                MD5: f9b558280379fbd2ac831a9850ec9c0e
+                SHA1: c22448dd1388c2011166e2a203fe984bd702f355
+                SHA256: c2f472e92e35af2565c8973f388a3602f43929f9e41befa85cdeff4446c5b9fe
+                SHA384: 5ee6139861e1ad7af4f34277455f9239b9ae156de69550c1f6b567afa2038498f9edb2464632655aac52899243ff84b3
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 7b721d64ff88c83ac1b7e9e7a9c487bbdb9492d7905933fa2b87dea85b80253f138f9b831b7c43c4e68cdf393ec315ecb0da3b21257b24c1725db84791811346fa9c3f6a5138deb425cbf0abdfc528015479104624d1380f26a161904dbabd28e63ff1c4aa9bf6da35534fc9f23dd36cdc23edaaa04d6709f33a803d3cfb364c90e776a4ddf23abf56352fa24c65e8e0d4dad1c7c8916a2d234f373b199418d4d59c103cd5b11c19ff8fc86b9b9ef8ae9c999678d1cd9c51155b4226725a8d0a4a239240e886de22c2933ad49b68a6df297f06b93c0ebd9fc4869c82474271328609997209794b9d7169f541ff7f397764f1848dbe8b1eb27d68a3a590b10cff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0fa8490615d700a0be2176fdc5ec6dbd
+            Version: 3
+            TBS:
+                MD5: a9a31555bbc92b6033975c5428fb3679
+                SHA1: 47f4b9898631773231b32844ec0d49990ac4eb1e
+                SHA256: c826846e4b1d73edb7561ab1b41c949354e237a91e82fe1be5b7e2e1701f52d1
+                SHA384: 86f49574f368a561914a52d7ae043ec6784ef8c718960700f834e123594605d25d39f1ad45f1eb5052c9567f3edd0e16
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 0557955e02a6b53dd1d574ede15f310e
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID Code Signing CA,1
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 75b13c227d5208aed34b2687daf4ff12
+        SHA1: 74ea061adc0690a674274c70e479258dff68f6b5
+        SHA256: 89b1537c5094e9ccb980e1cbc109f742c686ac06078ce71c08767731dbafdc39
+    Sections:
+        .text:
+            Entropy: 6.341103308256492
+            Virtual Size: '0x2310c'
+        .rdata:
+            Entropy: 5.8413606495183
+            Virtual Size: '0x31dc'
+        .data:
+            Entropy: 2.2061947011638425
+            Virtual Size: '0x25ca0'
+        .pdata:
+            Entropy: 5.3358417678886365
+            Virtual Size: '0x117c'
+        PAGE:
+            Entropy: 6.229567095788267
+            Virtual Size: '0x19f7'
+        INIT:
+            Entropy: 5.291965916480469
+            Virtual Size: '0x13a2'
+        .rsrc:
+            Entropy: 3.408737085567052
+            Virtual Size: '0x3b8'
+        .reloc:
+            Entropy: 2.843075596963878
+            Virtual Size: '0x516'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2019-06-19 22:05:36'
+    Imphash: 62dbb90b4be9282d52aff9ae1a101d6b
+    LoadsDespiteHVCI: 'TRUE'
+-   Filename: aswArPot.sys
+    MD5: 11dc5523bb559f8d2ce637f6a2b70dea
+    SHA1: 0edf51a0fac3b90f6961c2b20bbaeb4ccfc1ea84
+    SHA256: 6fb5bc9c51f6872de116c7db8a2134461743908efc306373f6de59a0646c4f5d
+    Authentihash:
+        MD5: 0b253942e96233f5999ffea9ac6cc07a
+        SHA1: 12079ccb38494c101d23667282452f87845868eb
+        SHA256: 03a54ad77fc453c9889e170a811d232a305d46fb7f59582d3f1cb234598507a1
+    Description: AVG anti rootkit
+    Company: AVG Technologies CZ, s.r.o.
+    InternalName: aswArPot.sys
+    OriginalFilename: aswArPot.sys
+    FileVersion: 19.5.4220.0
+    Product: 'AVG Internet Security System '
+    ProductVersion: 19.5.4220.0
+    Copyright: Copyright (C) 2019 AVG Technologies CZ, s.r.o.
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - wcschr
+    - MmUnmapLockedPages
+    - _stricmp
+    - _wcsicmp
+    - towlower
+    - _strnicmp
+    - ExAllocatePoolWithTag
+    - PsGetProcessWin32Process
+    - KeClearEvent
+    - RtlVolumeDeviceToDosName
+    - KeQueryActiveProcessors
+    - RtlConvertSidToUnicodeString
+    - IoBuildDeviceIoControlRequest
+    - ExFreePoolWithTag
+    - KeResetEvent
+    - ExReleaseFastMutex
+    - IoGetBaseFileSystemDeviceObject
+    - strncmp
+    - ZwOpenThreadTokenEx
+    - RtlAnsiStringToUnicodeString
+    - ExAcquireFastMutex
+    - PsSetLoadImageNotifyRoutine
+    - _snwprintf
+    - NtBuildNumber
+    - PsRemoveCreateThreadNotifyRoutine
+    - PsLookupProcessByProcessId
+    - ZwQuerySymbolicLinkObject
+    - _wcsnicmp
+    - ZwReadFile
+    - strstr
+    - ZwMapViewOfSection
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeSetEvent
+    - wcsncpy
+    - RtlEqualSid
+    - strchr
+    - IoFreeWorkItem
+    - MmGetSystemRoutineAddress
+    - KeInitializeEvent
+    - PsSetCreateThreadNotifyRoutine
+    - RtlUnicodeStringToAnsiString
+    - _snprintf
+    - RtlGetVersion
+    - ZwQuerySystemInformation
+    - RtlInitString
+    - KeReleaseSpinLock
+    - PsGetThreadId
+    - PsSetCreateProcessNotifyRoutine
+    - ZwOpenSymbolicLinkObject
+    - IoFreeMdl
+    - KeUnstackDetachProcess
+    - ZwOpenProcessTokenEx
+    - ZwSetInformationFile
+    - tolower
+    - KeDelayExecutionThread
+    - ObQueryNameString
+    - strncpy
+    - IoFileObjectType
+    - IoDriverObjectType
+    - wcsrchr
+    - wcsstr
+    - PsCreateSystemThread
+    - MmMapLockedPagesSpecifyCache
+    - IoGetDeviceObjectPointer
+    - ZwUnmapViewOfSection
+    - ExAllocatePool
+    - PsTerminateSystemThread
+    - IoGetCurrentProcess
+    - ExEventObjectType
+    - IoAllocateWorkItem
+    - ZwClose
+    - IofCompleteRequest
+    - PsGetThreadProcess
+    - ObReferenceObjectByHandle
+    - KeWaitForSingleObject
+    - PsRemoveLoadImageNotifyRoutine
+    - IoGetRequestorProcessId
+    - MmProbeAndLockPages
+    - PsGetVersion
+    - KeRevertToUserAffinityThread
+    - PsThreadType
+    - IoGetDeviceInterfaces
+    - ZwOpenProcess
+    - SeExports
+    - MmUnlockPages
+    - strrchr
+    - ZwQueryInformationProcess
+    - IoCreateSymbolicLink
+    - PsGetCurrentThreadId
+    - PsGetCurrentProcessId
+    - KeSetSystemAffinityThread
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - ZwCreateSection
+    - ObReferenceObjectByName
+    - IoQueueWorkItem
+    - IoDeviceObjectType
+    - ZwOpenFile
+    - wcsncmp
+    - ZwQueryInformationToken
+    - ZwQueryInformationFile
+    - ZwQueryInformationThread
+    - ObOpenObjectByPointer
+    - PsGetProcessId
+    - KeStackAttachProcess
+    - PsLookupThreadByThreadId
+    - ZwEnumerateKey
+    - IoAllocateMdl
+    - IofCallDriver
+    - ZwOpenKey
+    - KeAcquireSpinLockRaiseToDpc
+    - IoThreadToProcess
+    - IoAttachDeviceToDeviceStackSafe
+    - IoDetachDevice
+    - PsInitialSystemProcess
+    - IoCreateDevice
+    - PsProcessType
+    - MmUnmapIoSpace
+    - KeDetachProcess
+    - MmMapIoSpace
+    - KeAttachProcess
+    - ZwDeleteFile
+    - IoBuildSynchronousFsdRequest
+    - NtClose
+    - RtlCompareUnicodeString
+    - ObfReferenceObject
+    - ZwWriteFile
+    - ZwOpenThread
+    - ZwTerminateProcess
+    - RtlEqualUnicodeString
+    - ZwOpenDirectoryObject
+    - KeBugCheck
+    - ZwQueryDirectoryObject
+    - IoFreeIrp
+    - IoAllocateIrp
+    - KdDebuggerNotPresent
+    - KeSetTargetProcessorDpc
+    - KeInitializeDpc
+    - KeInsertQueueDpc
+    - KeNumberProcessors
+    - KeBugCheckEx
+    - ZwSetSecurityObject
+    - RtlLengthSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - RtlCreateSecurityDescriptor
+    - RtlSetDaclSecurityDescriptor
+    - RtlAbsoluteToSelfRelativeSD
+    - IoIsWdmVersionAvailable
+    - RtlLengthSid
+    - RtlAddAccessAllowedAce
+    - RtlGetSaclSecurityDescriptor
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - ZwCreateKey
+    - ZwQueryValueKey
+    - ZwSetValueKey
+    - RtlFreeUnicodeString
+    - RtlQueryRegistryValues
+    - RtlPrefixUnicodeString
+    - ExUnregisterCallback
+    - ExRegisterCallback
+    - ExCreateCallback
+    - __C_specific_handler
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID Root CA
+            ValidFrom: '2011-04-15 19:41:37'
+            ValidTo: '2021-04-15 19:51:37'
+            Signature: 5cf5b22d02ceed01b53512d813f7aa4014c7a15ca08a55ed7e55ea6ac457176fd04722423658efc5ac61c5f62c52ce6ae6c80d85dab334420ea40225182672b92a4ea57e4b16f2a0e40c449ce24d9af474f0f927a6699031c244654348c74869d0fc8409f286140ac22996857f11eb8713176ed3ec6bff1d578ab17b1ea5a07ce9a27a68e5fac6b161d67263fa379163835599f81d614f0c6fa3f7bcb1152acc8d85e31417ef7e49443fb022c0f0acbe2fdbe10c86b0f4585c5a10a94bcdf3448a4652083e0a6210e9459504b78b8d4b074f500db7bbe7fb8ca27878c6c53b7663b2cfe521845a66fce04c79834ecfa8ee700586587cc29cd73ca3ad3c7e76625c87d0ed7cd5c55b1421f4be75a275d2e9e15ad020307841624d6b5e6e1b1710244ad8588775d015d762bbfd185665842561977faad49df4f35d6da031c2e19e02ac3e90c3327ee832903416d08b14cf95accee58c54a265b8bfed186a57073ed3e79a4a2f081a041c49871a8ae61b08a365d81c31c50d9cbab368ddf45076160675fec403e7d13edfdc862e10027e661296534e7af3365879b12042d8963f35be3f8ef2999743f5e40ce13c68728c8d49d75a52b573fb7a35943a61b08482c04885c19732d39b725fa0d2348f7ef0467cf28c7294c707b0d7b5b230b81965f09c8327b0a0abd0a2727e050fb3aeddb95b9b42bcc32663456b86f11d4643edc8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611cb28a000000000026
+            Version: 3
+            TBS:
+                MD5: 983a0c315a50542362f2bd6a5d71c8d0
+                SHA1: 8047f476001f5cb16a661d2a3fd0c3576168f5e2
+                SHA256: 5f6a519ed2e35cd0fa1cdfc90f4387162c36287bbf9e4d6648251d99542a9e83
+                SHA384: 5f014b60511ddab3247ef0b3c03fe82c622237ba76015e2911d1adc50dc632d56ebd1ee532f3c2b6cbfe68d80a2c91dc
+        -   Subject: C=US, ST=North Carolina, L=Newton, O=AVG Technologies USA, Inc.,
+                OU=Release Engineering, CN=AVG Technologies USA, Inc.
+            ValidFrom: '2018-01-30 00:00:00'
+            ValidTo: '2021-01-22 12:00:00'
+            Signature: 64a3846966f4f2a1ffd87657c43ac13664775a70d059fd4447ee6588de3e0bf2b1a228291c0a01222cab6b4bbbcaabb94662396476d5525c952e7fd0048588028be1ba1c55c1ac200b523e7234ded93661acf83becee39c27823e22ec23d4ff8266eea3241ed9fbfd6bba155c7c39ed31db5e810dd7ea0858b0a2e9b824f23b9002f04e35375d54e5237f575e221914fd6a11590fdac7bc2ee5d66eb08e3c560414f6144111bef12350d70d9bdc513fb8d2407de5f1c7cca824feb4fb2a51057c2609f8d6419078879d64840ed870385d645f08f022a306ba5309883eacf4967dbbeb36961c73f2ed047d6cf85d2c3ee86c9913e8374be078155a4ffa36d9fa8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0557955e02a6b53dd1d574ede15f310e
+            Version: 3
+            TBS:
+                MD5: f9b558280379fbd2ac831a9850ec9c0e
+                SHA1: c22448dd1388c2011166e2a203fe984bd702f355
+                SHA256: c2f472e92e35af2565c8973f388a3602f43929f9e41befa85cdeff4446c5b9fe
+                SHA384: 5ee6139861e1ad7af4f34277455f9239b9ae156de69550c1f6b567afa2038498f9edb2464632655aac52899243ff84b3
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 7b721d64ff88c83ac1b7e9e7a9c487bbdb9492d7905933fa2b87dea85b80253f138f9b831b7c43c4e68cdf393ec315ecb0da3b21257b24c1725db84791811346fa9c3f6a5138deb425cbf0abdfc528015479104624d1380f26a161904dbabd28e63ff1c4aa9bf6da35534fc9f23dd36cdc23edaaa04d6709f33a803d3cfb364c90e776a4ddf23abf56352fa24c65e8e0d4dad1c7c8916a2d234f373b199418d4d59c103cd5b11c19ff8fc86b9b9ef8ae9c999678d1cd9c51155b4226725a8d0a4a239240e886de22c2933ad49b68a6df297f06b93c0ebd9fc4869c82474271328609997209794b9d7169f541ff7f397764f1848dbe8b1eb27d68a3a590b10cff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0fa8490615d700a0be2176fdc5ec6dbd
+            Version: 3
+            TBS:
+                MD5: a9a31555bbc92b6033975c5428fb3679
+                SHA1: 47f4b9898631773231b32844ec0d49990ac4eb1e
+                SHA256: c826846e4b1d73edb7561ab1b41c949354e237a91e82fe1be5b7e2e1701f52d1
+                SHA384: 86f49574f368a561914a52d7ae043ec6784ef8c718960700f834e123594605d25d39f1ad45f1eb5052c9567f3edd0e16
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 0557955e02a6b53dd1d574ede15f310e
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID Code Signing CA,1
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 75b13c227d5208aed34b2687daf4ff12
+        SHA1: 74ea061adc0690a674274c70e479258dff68f6b5
+        SHA256: 89b1537c5094e9ccb980e1cbc109f742c686ac06078ce71c08767731dbafdc39
+    Sections:
+        .text:
+            Entropy: 6.3409113169982545
+            Virtual Size: '0x22b1c'
+        .rdata:
+            Entropy: 5.8340852321207475
+            Virtual Size: '0x31ac'
+        .data:
+            Entropy: 2.1705229343232895
+            Virtual Size: '0x25c18'
+        .pdata:
+            Entropy: 5.371310934717328
+            Virtual Size: '0x1164'
+        PAGE:
+            Entropy: 6.238662007032819
+            Virtual Size: '0x19f7'
+        INIT:
+            Entropy: 5.296549178381908
+            Virtual Size: '0x13a2'
+        .rsrc:
+            Entropy: 3.3969521265871427
+            Virtual Size: '0x3b8'
+        .reloc:
+            Entropy: 2.762350280644424
+            Virtual Size: '0x4f4'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2019-04-30 06:00:34'
+    Imphash: 62dbb90b4be9282d52aff9ae1a101d6b
+    LoadsDespiteHVCI: 'TRUE'
+-   Filename: aswArPot.sys
+    MD5: 9f3b5de6fe46429bed794813c6ae8421
+    SHA1: 5236728c7562b047a9371403137a6e169e2026a6
+    SHA256: 7ad0ab23023bc500c3b46f414a8b363c5f8700861bc4745cecc14dd34bcee9ed
+    Authentihash:
+        MD5: e4d36098f543d3e4d5bbe1bd50cc42cd
+        SHA1: e51d18476af7dd376eaaedf2a3533b6fbdab95c0
+        SHA256: c13745de817eb38a092524cd3dae805c8fbde967e635e485243782db955508cc
+    Description: Avast Anti Rootkit
+    Company: AVAST Software
+    InternalName: aswArPot
+    OriginalFilename: aswArPot.sys
+    FileVersion: 20.4.83.0
+    Product: 'Avast Antivirus '
+    ProductVersion: 20.4.83.0
+    Copyright: Copyright (c) 2020 AVAST Software
+    MachineType: I386
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - ZwQuerySymbolicLinkObject
+    - MmProbeAndLockPages
+    - RtlVolumeDeviceToDosName
+    - PsSetLoadImageNotifyRoutine
+    - IoGetRequestorProcessId
+    - ZwReadFile
+    - ObQueryNameString
+    - ZwOpenThreadTokenEx
+    - ZwOpenProcessTokenEx
+    - towlower
+    - NtBuildNumber
+    - _wcsicmp
+    - KeGetCurrentThread
+    - _snwprintf
+    - RtlConvertSidToUnicodeString
+    - ObfDereferenceObject
+    - IoAllocateMdl
+    - ZwCreateSection
+    - ZwQueryInformationProcess
+    - PsGetProcessId
+    - PsCreateSystemThread
+    - ZwQueryInformationThread
+    - RtlInitUnicodeString
+    - ZwOpenSymbolicLinkObject
+    - PsRemoveCreateThreadNotifyRoutine
+    - IoDeleteDevice
+    - wcsncpy
+    - IoGetDeviceObjectPointer
+    - IoGetCurrentProcess
+    - ObOpenObjectByPointer
+    - strncpy
+    - _strnicmp
+    - IoFileObjectType
+    - KeStackAttachProcess
+    - PsLookupProcessByProcessId
+    - PsGetCurrentProcessId
+    - KeSetEvent
+    - PsThreadType
+    - RtlUnicodeStringToAnsiString
+    - ZwQueryInformationToken
+    - ZwMapViewOfSection
+    - strncmp
+    - ObReferenceObjectByHandle
+    - PsGetThreadId
+    - PsGetVersion
+    - KeClearEvent
+    - IoGetBaseFileSystemDeviceObject
+    - wcschr
+    - ZwSetInformationFile
+    - ZwEnumerateKey
+    - IoFreeMdl
+    - wcsstr
+    - MmGetSystemRoutineAddress
+    - IoFreeWorkItem
+    - _stricmp
+    - ExAllocatePoolWithTag
+    - RtlInitString
+    - IofCallDriver
+    - KeQuerySystemTime
+    - IoDeviceObjectType
+    - _snprintf
+    - ExFreePoolWithTag
+    - ZwOpenFile
+    - KeSetSystemAffinityThread
+    - strstr
+    - KeInitializeEvent
+    - ObReferenceObjectByName
+    - strchr
+    - _wcsnicmp
+    - KeQueryActiveProcessors
+    - RtlEqualSid
+    - IoQueueWorkItem
+    - MmUnmapLockedPages
+    - MmMapLockedPagesSpecifyCache
+    - PsSetCreateThreadNotifyRoutine
+    - ZwUnmapViewOfSection
+    - IofCompleteRequest
+    - PsGetProcessWin32Process
+    - ExEventObjectType
+    - ZwQueryInformationFile
+    - KeWaitForSingleObject
+    - IoCreateSymbolicLink
+    - PsSetCreateProcessNotifyRoutine
+    - IoDriverObjectType
+    - PsLookupThreadByThreadId
+    - IoGetDeviceInterfaces
+    - ZwClose
+    - PsTerminateSystemThread
+    - wcsrchr
+    - strrchr
+    - SeExports
+    - KeUnstackDetachProcess
+    - KeResetEvent
+    - KeRevertToUserAffinityThread
+    - ZwOpenProcess
+    - wcsncmp
+    - ZwOpenKey
+    - PsGetThreadProcess
+    - IoDetachDevice
+    - IoAttachDeviceToDeviceStackSafe
+    - IoThreadToProcess
+    - PsInitialSystemProcess
+    - IoCreateDevice
+    - KeInsertQueueDpc
+    - KeNumberProcessors
+    - KeInitializeDpc
+    - IoBuildDeviceIoControlRequest
+    - KeSetTargetProcessorDpc
+    - PsProcessType
+    - MmMapIoSpace
+    - MmUnmapIoSpace
+    - ZwDeleteFile
+    - KeAttachProcess
+    - KeDetachProcess
+    - RtlCompareUnicodeString
+    - KeBugCheckEx
+    - ZwWriteFile
+    - NtClose
+    - ObfReferenceObject
+    - IoBuildSynchronousFsdRequest
+    - ZwOpenThread
+    - ZwTerminateProcess
+    - RtlEqualUnicodeString
+    - IoFreeIrp
+    - ZwQueryDirectoryObject
+    - KeBugCheck
+    - ZwOpenDirectoryObject
+    - IoAllocateIrp
+    - RtlUnwind
+    - ZwSetSecurityObject
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - RtlGetSaclSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - RtlLengthSecurityDescriptor
+    - RtlCreateSecurityDescriptor
+    - RtlAbsoluteToSelfRelativeSD
+    - RtlAddAccessAllowedAce
+    - RtlLengthSid
+    - IoIsWdmVersionAvailable
+    - RtlSetDaclSecurityDescriptor
+    - memcpy
+    - memset
+    - ZwSetValueKey
+    - ZwQueryValueKey
+    - ZwCreateKey
+    - RtlFreeUnicodeString
+    - PsRemoveLoadImageNotifyRoutine
+    - ZwQuerySystemInformation
+    - RtlAnsiStringToUnicodeString
+    - ExAllocatePool
+    - MmUnlockPages
+    - MmIsAddressValid
+    - IoAllocateWorkItem
+    - PsGetCurrentThreadId
+    - KeDelayExecutionThread
+    - RtlQueryRegistryValues
+    - RtlPrefixUnicodeString
+    - ExRegisterCallback
+    - ExCreateCallback
+    - ExUnregisterCallback
+    - KfLowerIrql
+    - ExAcquireFastMutex
+    - KfAcquireSpinLock
+    - KfReleaseSpinLock
+    - ExReleaseFastMutex
+    - KeGetCurrentIrql
+    - KeRaiseIrqlToDpcLevel
+    - KfRaiseIrql
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=CZ, L=Praha, O=Avast Software s.r.o., OU=RE 999, CN=Avast Software
+                s.r.o.
+            ValidFrom: '2019-12-02 00:00:00'
+            ValidTo: '2022-10-19 12:00:00'
+            Signature: 874d04f17ffc50e66100207e56ecc8ae7e81c1957a7600295ead9db28842c7c05e06e8e28ccfc1e9d45d7a55d6d4a2fb74d72600a79ef5bfa53acaa4f3a4fcaf90a2554fc37742dd44c83a90880f948f5538637c0d999b03ebbf20cc001293a5639d44ad950cacfce2a337f7a24b817a5b85df89f6acf49974adee1d867373e6534a3f3558e59f87d06afe5744ec575b66c76110a595471007b209c591984f0ff20ea4c87ac405c85f42f0b105b04ec2ced11ca9cfb6aef21a3c6ae9ccd2a9cb4a9f78244751b15bfccb32ec3a52d44258bad6fc6d9f24c24700e9e1c4c0c29b9db4683c526a92934d72367620c6a89119e7a678597d7603c62b1c22f54edfad
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03f02aca051d1c9330eeabd3706e836f
+            Version: 3
+            TBS:
+                MD5: f251d9cde0901fb67831855b4a592b51
+                SHA1: cd0ac068faea4b875ded287512f20b6ba8dcb457
+                SHA256: 247e040822854e1a4cbc3488782a9e96db6bffa9bdfe36406a46e3f88695d423
+                SHA384: c6a765c300f3ee36604e9c51a9fcd18071b0cd0bd15b3ad69350f04a0b1b5ef7b71556af698a1e8988bf91cd8b2a6104
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
+            Version: 3
+            TBS:
+                MD5: 829995f702421dea833a24fb2c7f4442
+                SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
+                SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
+                SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 03f02aca051d1c9330eeabd3706e836f
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 6f0b02025c12b8e1130f9d4e2a7eef19
+        SHA1: 9598ea9769e18149497654ec5d20bfc585e43bfd
+        SHA256: 2cbb75695a831c017d18fd2c0446a087ce3f11c1333658a42e84d1384a738a4b
+    Sections:
+        .text:
+            Entropy: 6.623425654457183
+            Virtual Size: '0x1ad28'
+        .rwtext:
+            Entropy: 1.7680585101783894
+            Virtual Size: '0x53'
+        .rdata:
+            Entropy: 5.431578192019503
+            Virtual Size: '0x2e84'
+        .data:
+            Entropy: 2.41175775559541
+            Virtual Size: '0x14b40'
+        PAGE:
+            Entropy: 6.254456324275546
+            Virtual Size: '0x1736'
+        INIT:
+            Entropy: 5.657616760317337
+            Virtual Size: '0x115c'
+        .rsrc:
+            Entropy: 3.274916775969081
+            Virtual Size: '0x390'
+        .reloc:
+            Entropy: 6.759752170608124
+            Virtual Size: '0x227c'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2020-06-01 01:48:04'
+    Imphash: 49a12b06131d938e9dc40c693b88ba7f
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: aswArPot.sys
+    MD5: f0aeb731d83f7ab6008c92c97faf6233
+    SHA1: aaffdc89befa42e375f822366bbded8c245baf94
+    SHA256: 7d43769b353d63093228a59eb19bba87ce6b552d7e1a99bf34a54eee641aa0ea
+    Authentihash:
+        MD5: 444a4760f447dafc01a359829e17dcab
+        SHA1: 83f7c19b66f53302e371d9f0987fc4adc37b1e46
+        SHA256: c8b5fddf52551259d7d936283aa4fdc4579c5e4b030a11267496cdbdc143e15b
+    Description: AVG anti rootkit
+    Company: AVG Technologies CZ, s.r.o.
+    InternalName: aswArPot.sys
+    OriginalFilename: aswArPot.sys
+    FileVersion: 17.9.3761.0
+    Product: 'AVG Internet Security System '
+    ProductVersion: 17.9.3761.0
+    Copyright: Copyright (C) 2014 AVG Technologies CZ, s.r.o.
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - wcschr
+    - MmUnmapLockedPages
+    - _stricmp
+    - _wcsicmp
+    - towlower
+    - _strnicmp
+    - ExAllocatePoolWithTag
+    - PsGetProcessWin32Process
+    - KeClearEvent
+    - RtlVolumeDeviceToDosName
+    - KeQueryActiveProcessors
+    - RtlConvertSidToUnicodeString
+    - ExFreePoolWithTag
+    - KeResetEvent
+    - ExReleaseFastMutex
+    - IoGetBaseFileSystemDeviceObject
+    - strncmp
+    - ZwOpenThreadTokenEx
+    - RtlAnsiStringToUnicodeString
+    - ExAcquireFastMutex
+    - PsSetLoadImageNotifyRoutine
+    - _snwprintf
+    - NtBuildNumber
+    - PsRemoveCreateThreadNotifyRoutine
+    - PsLookupProcessByProcessId
+    - ZwQuerySymbolicLinkObject
+    - _wcsnicmp
+    - ZwReadFile
+    - strstr
+    - ZwMapViewOfSection
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeSetEvent
+    - wcsncpy
+    - RtlEqualSid
+    - strchr
+    - IoFreeWorkItem
+    - MmGetSystemRoutineAddress
+    - KeInitializeEvent
+    - PsSetCreateThreadNotifyRoutine
+    - RtlUnicodeStringToAnsiString
+    - _snprintf
+    - RtlGetVersion
+    - ZwQuerySystemInformation
+    - RtlInitString
+    - KeReleaseSpinLock
+    - PsSetCreateProcessNotifyRoutine
+    - ZwOpenSymbolicLinkObject
+    - IoFreeMdl
+    - KeUnstackDetachProcess
+    - ZwOpenProcessTokenEx
+    - ZwSetInformationFile
+    - KeDelayExecutionThread
+    - ObQueryNameString
+    - strncpy
+    - IoFileObjectType
+    - IoDriverObjectType
+    - wcsrchr
+    - wcsstr
+    - PsCreateSystemThread
+    - MmMapLockedPagesSpecifyCache
+    - IoGetDeviceObjectPointer
+    - ZwUnmapViewOfSection
+    - ExAllocatePool
+    - PsTerminateSystemThread
+    - IoGetCurrentProcess
+    - ExEventObjectType
+    - IoAllocateWorkItem
+    - ZwClose
+    - IofCompleteRequest
+    - ObReferenceObjectByHandle
+    - KeWaitForSingleObject
+    - PsRemoveLoadImageNotifyRoutine
+    - IoGetRequestorProcessId
+    - MmProbeAndLockPages
+    - PsGetVersion
+    - KeRevertToUserAffinityThread
+    - PsThreadType
+    - IoGetDeviceInterfaces
+    - ZwOpenProcess
+    - SeExports
+    - MmUnlockPages
+    - strrchr
+    - ZwQueryInformationProcess
+    - IoCreateSymbolicLink
+    - PsGetCurrentThreadId
+    - PsGetCurrentProcessId
+    - KeSetSystemAffinityThread
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - ZwCreateSection
+    - ObReferenceObjectByName
+    - IoQueueWorkItem
+    - IoDeviceObjectType
+    - ZwOpenFile
+    - wcsncmp
+    - ZwQueryInformationToken
+    - ZwQueryInformationFile
+    - ZwQueryInformationThread
+    - ObOpenObjectByPointer
+    - KeStackAttachProcess
+    - PsLookupThreadByThreadId
+    - ZwEnumerateKey
+    - IoAllocateMdl
+    - IofCallDriver
+    - ZwOpenKey
+    - KeAcquireSpinLockRaiseToDpc
+    - IoAttachDeviceToDeviceStackSafe
+    - IoDetachDevice
+    - IoCreateDevice
+    - PsProcessType
+    - KeDetachProcess
+    - KeAttachProcess
+    - ZwDeleteFile
+    - IoBuildSynchronousFsdRequest
+    - NtClose
+    - RtlCompareUnicodeString
+    - ObfReferenceObject
+    - ZwWriteFile
+    - ZwOpenThread
+    - ZwTerminateProcess
+    - RtlEqualUnicodeString
+    - ZwOpenDirectoryObject
+    - KeBugCheck
+    - ZwQueryDirectoryObject
+    - IoFreeIrp
+    - IoAllocateIrp
+    - KdDebuggerNotPresent
+    - KeSetTargetProcessorDpc
+    - IoBuildDeviceIoControlRequest
+    - KeInitializeDpc
+    - KeInsertQueueDpc
+    - KeNumberProcessors
+    - KeBugCheckEx
+    - ZwSetSecurityObject
+    - RtlLengthSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - RtlCreateSecurityDescriptor
+    - RtlSetDaclSecurityDescriptor
+    - RtlAbsoluteToSelfRelativeSD
+    - IoIsWdmVersionAvailable
+    - RtlLengthSid
+    - RtlAddAccessAllowedAce
+    - RtlGetSaclSecurityDescriptor
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - ZwCreateKey
+    - ZwQueryValueKey
+    - ZwSetValueKey
+    - RtlFreeUnicodeString
+    - RtlQueryRegistryValues
+    - RtlPrefixUnicodeString
+    - ExUnregisterCallback
+    - ExRegisterCallback
+    - ExCreateCallback
+    - __C_specific_handler
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=CZ, ST=Jihomoravsky kraj, L=Brno, O=AVG Technologies CZ, s.r.o.,
+                CN=AVG Technologies CZ, s.r.o.
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2018-01-20 23:59:59'
+            Signature: 3d93ae390468d2f9d7dae44754afe395ca0a9dae3e2e78d96f1fb865662d5336479c70f7f75dd2e478dfeee4afd56418f03491e2758d3b9907892a1d5425ce69fd560ab580589451c26ccb281b08eac55d446d391de4d1eb3b6161ee879927ef9e700c1e827957ebfd201eda47fdf3cbeeec5a61fdad2496055d39804d3525a9fdf1fb15d54f5d7089daebde48a226a4532d815ca0b98808cf072975df3756f8bb5fd97ec97877b6243dc33ae787cae89da9419da2d818ff892179a561b4e3208acfd7b956eeaa3396d91f36cba96269abbc0a54764daab47ada4589de2e318dc0ae82ffa7aa327cc73b42f84e472a834c804f77a3883600e0bd8faf126d7d82
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 266d333ede17a8b472053e4fa3934572
+            Version: 3
+            TBS:
+                MD5: 56b59f4aab381d13396d1c100a2f46dc
+                SHA1: 16943ddbd3b569119a81be71548717abd03f1736
+                SHA256: 65aa0decb458c1c34aea982ea1cfbb6cc2228a07641251e2190f29c633aed21b
+                SHA384: e054f0566def12a94ccb937ada71e468d584c29a9e0513e3eb7097c537daee86bc8b6a9b7a64c88b1bba39b734a6ad2f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 266d333ede17a8b472053e4fa3934572
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 9f01ca8ed93b73533b4b894bfa79f4bd
+        SHA1: 017d43c1c1f23212519d8de54caf8049bb59aae7
+        SHA256: abb9be2d564989154e22b1dc4541f92c7859f64b7417c281aee3656fa0a4979d
+    Sections:
+        .text:
+            Entropy: 6.318649585727606
+            Virtual Size: '0x1de5c'
+        .rdata:
+            Entropy: 5.866786080497287
+            Virtual Size: '0x2e64'
+        .data:
+            Entropy: 1.7814286677447535
+            Virtual Size: '0x25654'
+        .pdata:
+            Entropy: 5.368826877329211
+            Virtual Size: '0xf78'
+        PAGE:
+            Entropy: 6.246816071025832
+            Virtual Size: '0x19f7'
+        INIT:
+            Entropy: 5.302313382373697
+            Virtual Size: '0x12d0'
+        .rsrc:
+            Entropy: 3.4024513843391144
+            Virtual Size: '0x3b8'
+        .reloc:
+            Entropy: 1.8405309177627724
+            Virtual Size: '0x3dc'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2017-12-19 11:09:16'
+    Imphash: 1e8ee6407390a2d52051bec21c771fdb
+    LoadsDespiteHVCI: 'TRUE'
+-   Filename: aswArPot.sys
+    MD5: 700d6a0331befd4ed9cfbb3234b335e7
+    SHA1: c1a5aacf05c00080e04d692a99c46ab445bf8b6e
+    SHA256: 86a1b1bacc0c51332c9979e6aad84b5fba335df6b9a096ccb7681ab0779a8882
+    Authentihash:
+        MD5: 200e978d48ef267fa8fe5eef7fe798b8
+        SHA1: f7979e778214d8d32844e6b65b8f4a56c3a12354
+        SHA256: 6c919efdad21b7d9884903b9d539fbb50dc418ff2c2753c12b35b9ace4c96d73
+    Description: Avast anti rootkit
+    Company: AVAST Software
+    InternalName: aswArPot.sys
+    OriginalFilename: aswArPot.sys
+    FileVersion: 18.8.4057.0
+    Product: 'Avast Antivirus '
+    ProductVersion: 18.8.4057.0
+    Copyright: Copyright (c) 2018 AVAST Software
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - wcschr
+    - MmUnmapLockedPages
+    - _stricmp
+    - _wcsicmp
+    - towlower
+    - _strnicmp
+    - ExAllocatePoolWithTag
+    - PsGetProcessWin32Process
+    - KeClearEvent
+    - RtlVolumeDeviceToDosName
+    - KeQueryActiveProcessors
+    - RtlConvertSidToUnicodeString
+    - IoBuildDeviceIoControlRequest
+    - ExFreePoolWithTag
+    - KeResetEvent
+    - ExReleaseFastMutex
+    - IoGetBaseFileSystemDeviceObject
+    - strncmp
+    - ZwOpenThreadTokenEx
+    - RtlAnsiStringToUnicodeString
+    - ExAcquireFastMutex
+    - PsSetLoadImageNotifyRoutine
+    - _snwprintf
+    - NtBuildNumber
+    - PsRemoveCreateThreadNotifyRoutine
+    - PsLookupProcessByProcessId
+    - ZwQuerySymbolicLinkObject
+    - _wcsnicmp
+    - ZwReadFile
+    - strstr
+    - ZwMapViewOfSection
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeSetEvent
+    - wcsncpy
+    - RtlEqualSid
+    - strchr
+    - IoFreeWorkItem
+    - MmGetSystemRoutineAddress
+    - KeInitializeEvent
+    - PsSetCreateThreadNotifyRoutine
+    - RtlUnicodeStringToAnsiString
+    - _snprintf
+    - RtlGetVersion
+    - ZwQuerySystemInformation
+    - RtlInitString
+    - KeReleaseSpinLock
+    - PsSetCreateProcessNotifyRoutine
+    - ZwOpenSymbolicLinkObject
+    - IoFreeMdl
+    - KeUnstackDetachProcess
+    - ZwOpenProcessTokenEx
+    - ZwSetInformationFile
+    - KeDelayExecutionThread
+    - ObQueryNameString
+    - strncpy
+    - IoFileObjectType
+    - IoDriverObjectType
+    - wcsrchr
+    - wcsstr
+    - PsCreateSystemThread
+    - MmMapLockedPagesSpecifyCache
+    - IoGetDeviceObjectPointer
+    - ZwUnmapViewOfSection
+    - ExAllocatePool
+    - PsTerminateSystemThread
+    - IoGetCurrentProcess
+    - ExEventObjectType
+    - IoAllocateWorkItem
+    - ZwClose
+    - IofCompleteRequest
+    - ObReferenceObjectByHandle
+    - KeWaitForSingleObject
+    - PsRemoveLoadImageNotifyRoutine
+    - IoGetRequestorProcessId
+    - MmProbeAndLockPages
+    - PsGetVersion
+    - KeRevertToUserAffinityThread
+    - PsThreadType
+    - IoGetDeviceInterfaces
+    - ZwOpenProcess
+    - SeExports
+    - MmUnlockPages
+    - strrchr
+    - ZwQueryInformationProcess
+    - IoCreateSymbolicLink
+    - PsGetCurrentThreadId
+    - PsGetCurrentProcessId
+    - KeSetSystemAffinityThread
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - ZwCreateSection
+    - ObReferenceObjectByName
+    - IoQueueWorkItem
+    - IoDeviceObjectType
+    - ZwOpenFile
+    - wcsncmp
+    - ZwQueryInformationToken
+    - ZwQueryInformationFile
+    - ZwQueryInformationThread
+    - ObOpenObjectByPointer
+    - KeStackAttachProcess
+    - PsLookupThreadByThreadId
+    - ZwEnumerateKey
+    - IoAllocateMdl
+    - IofCallDriver
+    - ZwOpenKey
+    - KeAcquireSpinLockRaiseToDpc
+    - IoThreadToProcess
+    - IoAttachDeviceToDeviceStackSafe
+    - IoDetachDevice
+    - PsInitialSystemProcess
+    - IoCreateDevice
+    - PsProcessType
+    - KeDetachProcess
+    - KeAttachProcess
+    - ZwDeleteFile
+    - IoBuildSynchronousFsdRequest
+    - NtClose
+    - RtlCompareUnicodeString
+    - ObfReferenceObject
+    - ZwWriteFile
+    - ZwOpenThread
+    - ZwTerminateProcess
+    - RtlEqualUnicodeString
+    - ZwOpenDirectoryObject
+    - KeBugCheck
+    - ZwQueryDirectoryObject
+    - IoFreeIrp
+    - IoAllocateIrp
+    - KdDebuggerNotPresent
+    - KeSetTargetProcessorDpc
+    - KeInitializeDpc
+    - KeInsertQueueDpc
+    - KeNumberProcessors
+    - KeBugCheckEx
+    - ZwSetSecurityObject
+    - RtlLengthSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - RtlCreateSecurityDescriptor
+    - RtlSetDaclSecurityDescriptor
+    - RtlAbsoluteToSelfRelativeSD
+    - IoIsWdmVersionAvailable
+    - RtlLengthSid
+    - RtlAddAccessAllowedAce
+    - RtlGetSaclSecurityDescriptor
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - ZwCreateKey
+    - ZwQueryValueKey
+    - ZwSetValueKey
+    - RtlFreeUnicodeString
+    - RtlQueryRegistryValues
+    - RtlPrefixUnicodeString
+    - ExUnregisterCallback
+    - ExRegisterCallback
+    - ExCreateCallback
+    - __C_specific_handler
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=CZ, L=Praha 4, O=AVAST Software s.r.o., CN=AVAST Software s.r.o.
+            ValidFrom: '2016-09-06 00:00:00'
+            ValidTo: '2019-10-04 12:00:00'
+            Signature: 56220de8a9a65fffbff97ff463c4026ec9be68fe98bfa0b20a722df84322a44dbc98f25b87ee42da3a06a6cedef076de22e0d7e02d41201156875341cd24badedb8aa5afa133e9ed688fc45aeb37a74fbe399828143561fd717fa7bed97cb5d42643494462fef349f3300daff13660a9e50f85d1110de96d1300e0e730d2b6689fd53eb7a72f4f3112dffa2c1caf17cb64c22509d82b5ce1c2181c2faac22fce3981e683183d6da50d1c17dec375c370f5feb5abfbc6dca4cdd47a5b14375870de6dc346361d8997e79f19819f5168f9b01c9aacc210f2322248adc375a2782b64881c6a557677815c39b024555cc0adca920a617e0ecb385eb47213b1553c80
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 07c70f7cab145bc1ed385fbe69fa3130
+            Version: 3
+            TBS:
+                MD5: 2e1a5012cbe8b95785c794bc1c5584c3
+                SHA1: f4753b06b08938794c32c2475cee663143036d08
+                SHA256: fcad609a3259e3ca079248302a7e694f40e66a7090e510c8c3e821d7a8da82a5
+                SHA384: 08a8396996a9ecb96b22a85d6adf3f8b1117f3a880b1d4af12e4de8e8005897a7073d6d5368cb92f701f466ec227e2a6
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
+            Version: 3
+            TBS:
+                MD5: 829995f702421dea833a24fb2c7f4442
+                SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
+                SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
+                SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 07c70f7cab145bc1ed385fbe69fa3130
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 382c4767d71156621da4d8ab3193017a
+        SHA1: 20e40fd8dd4465dfd940c017e5cb26819d5cbed7
+        SHA256: cc76cbedaf6062b99e917cf31a8cce723c854d10d1afd041e4ca85ceabb39c4b
+    Sections:
+        .text:
+            Entropy: 6.335598955768239
+            Virtual Size: '0x2133c'
+        .rdata:
+            Entropy: 5.828605093657631
+            Virtual Size: '0x306c'
+        .data:
+            Entropy: 1.9686843664265543
+            Virtual Size: '0x25ac0'
+        .pdata:
+            Entropy: 5.352123698526265
+            Virtual Size: '0x10a4'
+        PAGE:
+            Entropy: 6.236243477409071
+            Virtual Size: '0x19f7'
+        INIT:
+            Entropy: 5.308986664848571
+            Virtual Size: '0x130e'
+        .rsrc:
+            Entropy: 3.3396619391349227
+            Virtual Size: '0x370'
+        .reloc:
+            Entropy: 2.585838337225609
+            Virtual Size: '0x4ba'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2018-11-02 05:51:13'
+    Imphash: dd406d43857d7f5ad1b0aec04fdb7e5f
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: aswArPot.sys
+    MD5: 9eb524c5f92e5b80374b8261292fdeb5
+    SHA1: 80ea425e193bd0e05161e8e1dc34fb0eae5f9017
+    SHA256: 8cfd5b2102fbc77018c7fe6019ec15f07da497f6d73c32a31f4ba07e67ec85d9
+    Authentihash:
+        MD5: 996cd1b1cf33931bfaf2217e22fc82f0
+        SHA1: ba761efd5a552ccdd4363277acf95cd54b9dff4c
+        SHA256: 3b38427f167fde644868a62f0aa1ed03790137905c97024ac21729fa6153eca2
+    Description: AVG anti rootkit
+    Company: AVG Technologies CZ, s.r.o.
+    InternalName: aswArPot.sys
+    OriginalFilename: aswArPot.sys
+    FileVersion: 19.7.4246.0
+    Product: 'AVG Internet Security System '
+    ProductVersion: 19.7.4246.0
+    Copyright: Copyright (C) 2019 AVG Technologies CZ, s.r.o.
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - wcschr
+    - MmUnmapLockedPages
+    - _stricmp
+    - _wcsicmp
+    - towlower
+    - _strnicmp
+    - ExAllocatePoolWithTag
+    - PsGetProcessWin32Process
+    - KeClearEvent
+    - RtlVolumeDeviceToDosName
+    - KeQueryActiveProcessors
+    - RtlConvertSidToUnicodeString
+    - IoBuildDeviceIoControlRequest
+    - ExFreePoolWithTag
+    - KeResetEvent
+    - ExReleaseFastMutex
+    - IoGetBaseFileSystemDeviceObject
+    - strncmp
+    - ZwOpenThreadTokenEx
+    - RtlAnsiStringToUnicodeString
+    - ExAcquireFastMutex
+    - PsSetLoadImageNotifyRoutine
+    - _snwprintf
+    - NtBuildNumber
+    - PsRemoveCreateThreadNotifyRoutine
+    - PsLookupProcessByProcessId
+    - ZwQuerySymbolicLinkObject
+    - _wcsnicmp
+    - ZwReadFile
+    - strstr
+    - ZwMapViewOfSection
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeSetEvent
+    - wcsncpy
+    - RtlEqualSid
+    - strchr
+    - IoFreeWorkItem
+    - MmGetSystemRoutineAddress
+    - KeInitializeEvent
+    - PsSetCreateThreadNotifyRoutine
+    - RtlUnicodeStringToAnsiString
+    - _snprintf
+    - RtlGetVersion
+    - ZwQuerySystemInformation
+    - RtlInitString
+    - KeReleaseSpinLock
+    - PsGetThreadId
+    - PsSetCreateProcessNotifyRoutine
+    - ZwOpenSymbolicLinkObject
+    - IoFreeMdl
+    - KeUnstackDetachProcess
+    - ZwOpenProcessTokenEx
+    - ZwSetInformationFile
+    - tolower
+    - KeDelayExecutionThread
+    - ObQueryNameString
+    - strncpy
+    - IoFileObjectType
+    - IoDriverObjectType
+    - wcsrchr
+    - wcsstr
+    - PsCreateSystemThread
+    - MmMapLockedPagesSpecifyCache
+    - IoGetDeviceObjectPointer
+    - ZwUnmapViewOfSection
+    - ExAllocatePool
+    - PsTerminateSystemThread
+    - IoGetCurrentProcess
+    - ExEventObjectType
+    - IoAllocateWorkItem
+    - ZwClose
+    - IofCompleteRequest
+    - PsGetThreadProcess
+    - ObReferenceObjectByHandle
+    - KeWaitForSingleObject
+    - PsRemoveLoadImageNotifyRoutine
+    - IoGetRequestorProcessId
+    - MmProbeAndLockPages
+    - PsGetVersion
+    - KeRevertToUserAffinityThread
+    - PsThreadType
+    - IoGetDeviceInterfaces
+    - ZwOpenProcess
+    - SeExports
+    - MmUnlockPages
+    - strrchr
+    - ZwQueryInformationProcess
+    - IoCreateSymbolicLink
+    - PsGetCurrentThreadId
+    - PsGetCurrentProcessId
+    - KeSetSystemAffinityThread
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - ZwCreateSection
+    - ObReferenceObjectByName
+    - IoQueueWorkItem
+    - IoDeviceObjectType
+    - ZwOpenFile
+    - wcsncmp
+    - ZwQueryInformationToken
+    - ZwQueryInformationFile
+    - ZwQueryInformationThread
+    - ObOpenObjectByPointer
+    - PsGetProcessId
+    - KeStackAttachProcess
+    - PsLookupThreadByThreadId
+    - ZwEnumerateKey
+    - IoAllocateMdl
+    - IofCallDriver
+    - ZwOpenKey
+    - KeAcquireSpinLockRaiseToDpc
+    - IoThreadToProcess
+    - IoAttachDeviceToDeviceStackSafe
+    - IoDetachDevice
+    - PsInitialSystemProcess
+    - IoCreateDevice
+    - PsProcessType
+    - MmUnmapIoSpace
+    - KeDetachProcess
+    - MmMapIoSpace
+    - KeAttachProcess
+    - ZwDeleteFile
+    - IoBuildSynchronousFsdRequest
+    - NtClose
+    - RtlCompareUnicodeString
+    - ObfReferenceObject
+    - ZwWriteFile
+    - ZwOpenThread
+    - ZwTerminateProcess
+    - RtlEqualUnicodeString
+    - ZwOpenDirectoryObject
+    - KeBugCheck
+    - ZwQueryDirectoryObject
+    - IoFreeIrp
+    - IoAllocateIrp
+    - KdDebuggerNotPresent
+    - KeSetTargetProcessorDpc
+    - KeInitializeDpc
+    - KeInsertQueueDpc
+    - KeNumberProcessors
+    - KeBugCheckEx
+    - ZwSetSecurityObject
+    - RtlLengthSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - RtlCreateSecurityDescriptor
+    - RtlSetDaclSecurityDescriptor
+    - RtlAbsoluteToSelfRelativeSD
+    - IoIsWdmVersionAvailable
+    - RtlLengthSid
+    - RtlAddAccessAllowedAce
+    - RtlGetSaclSecurityDescriptor
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - ZwCreateKey
+    - ZwQueryValueKey
+    - ZwSetValueKey
+    - RtlFreeUnicodeString
+    - RtlQueryRegistryValues
+    - RtlPrefixUnicodeString
+    - ExUnregisterCallback
+    - ExRegisterCallback
+    - ExCreateCallback
+    - __C_specific_handler
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID Root CA
+            ValidFrom: '2011-04-15 19:41:37'
+            ValidTo: '2021-04-15 19:51:37'
+            Signature: 5cf5b22d02ceed01b53512d813f7aa4014c7a15ca08a55ed7e55ea6ac457176fd04722423658efc5ac61c5f62c52ce6ae6c80d85dab334420ea40225182672b92a4ea57e4b16f2a0e40c449ce24d9af474f0f927a6699031c244654348c74869d0fc8409f286140ac22996857f11eb8713176ed3ec6bff1d578ab17b1ea5a07ce9a27a68e5fac6b161d67263fa379163835599f81d614f0c6fa3f7bcb1152acc8d85e31417ef7e49443fb022c0f0acbe2fdbe10c86b0f4585c5a10a94bcdf3448a4652083e0a6210e9459504b78b8d4b074f500db7bbe7fb8ca27878c6c53b7663b2cfe521845a66fce04c79834ecfa8ee700586587cc29cd73ca3ad3c7e76625c87d0ed7cd5c55b1421f4be75a275d2e9e15ad020307841624d6b5e6e1b1710244ad8588775d015d762bbfd185665842561977faad49df4f35d6da031c2e19e02ac3e90c3327ee832903416d08b14cf95accee58c54a265b8bfed186a57073ed3e79a4a2f081a041c49871a8ae61b08a365d81c31c50d9cbab368ddf45076160675fec403e7d13edfdc862e10027e661296534e7af3365879b12042d8963f35be3f8ef2999743f5e40ce13c68728c8d49d75a52b573fb7a35943a61b08482c04885c19732d39b725fa0d2348f7ef0467cf28c7294c707b0d7b5b230b81965f09c8327b0a0abd0a2727e050fb3aeddb95b9b42bcc32663456b86f11d4643edc8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611cb28a000000000026
+            Version: 3
+            TBS:
+                MD5: 983a0c315a50542362f2bd6a5d71c8d0
+                SHA1: 8047f476001f5cb16a661d2a3fd0c3576168f5e2
+                SHA256: 5f6a519ed2e35cd0fa1cdfc90f4387162c36287bbf9e4d6648251d99542a9e83
+                SHA384: 5f014b60511ddab3247ef0b3c03fe82c622237ba76015e2911d1adc50dc632d56ebd1ee532f3c2b6cbfe68d80a2c91dc
+        -   Subject: C=US, ST=North Carolina, L=Newton, O=AVG Technologies USA, Inc.,
+                OU=Release Engineering, CN=AVG Technologies USA, Inc.
+            ValidFrom: '2018-01-30 00:00:00'
+            ValidTo: '2021-01-22 12:00:00'
+            Signature: 64a3846966f4f2a1ffd87657c43ac13664775a70d059fd4447ee6588de3e0bf2b1a228291c0a01222cab6b4bbbcaabb94662396476d5525c952e7fd0048588028be1ba1c55c1ac200b523e7234ded93661acf83becee39c27823e22ec23d4ff8266eea3241ed9fbfd6bba155c7c39ed31db5e810dd7ea0858b0a2e9b824f23b9002f04e35375d54e5237f575e221914fd6a11590fdac7bc2ee5d66eb08e3c560414f6144111bef12350d70d9bdc513fb8d2407de5f1c7cca824feb4fb2a51057c2609f8d6419078879d64840ed870385d645f08f022a306ba5309883eacf4967dbbeb36961c73f2ed047d6cf85d2c3ee86c9913e8374be078155a4ffa36d9fa8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0557955e02a6b53dd1d574ede15f310e
+            Version: 3
+            TBS:
+                MD5: f9b558280379fbd2ac831a9850ec9c0e
+                SHA1: c22448dd1388c2011166e2a203fe984bd702f355
+                SHA256: c2f472e92e35af2565c8973f388a3602f43929f9e41befa85cdeff4446c5b9fe
+                SHA384: 5ee6139861e1ad7af4f34277455f9239b9ae156de69550c1f6b567afa2038498f9edb2464632655aac52899243ff84b3
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 7b721d64ff88c83ac1b7e9e7a9c487bbdb9492d7905933fa2b87dea85b80253f138f9b831b7c43c4e68cdf393ec315ecb0da3b21257b24c1725db84791811346fa9c3f6a5138deb425cbf0abdfc528015479104624d1380f26a161904dbabd28e63ff1c4aa9bf6da35534fc9f23dd36cdc23edaaa04d6709f33a803d3cfb364c90e776a4ddf23abf56352fa24c65e8e0d4dad1c7c8916a2d234f373b199418d4d59c103cd5b11c19ff8fc86b9b9ef8ae9c999678d1cd9c51155b4226725a8d0a4a239240e886de22c2933ad49b68a6df297f06b93c0ebd9fc4869c82474271328609997209794b9d7169f541ff7f397764f1848dbe8b1eb27d68a3a590b10cff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0fa8490615d700a0be2176fdc5ec6dbd
+            Version: 3
+            TBS:
+                MD5: a9a31555bbc92b6033975c5428fb3679
+                SHA1: 47f4b9898631773231b32844ec0d49990ac4eb1e
+                SHA256: c826846e4b1d73edb7561ab1b41c949354e237a91e82fe1be5b7e2e1701f52d1
+                SHA384: 86f49574f368a561914a52d7ae043ec6784ef8c718960700f834e123594605d25d39f1ad45f1eb5052c9567f3edd0e16
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 0557955e02a6b53dd1d574ede15f310e
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID Code Signing CA,1
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 75b13c227d5208aed34b2687daf4ff12
+        SHA1: 74ea061adc0690a674274c70e479258dff68f6b5
+        SHA256: 89b1537c5094e9ccb980e1cbc109f742c686ac06078ce71c08767731dbafdc39
+    Sections:
+        .text:
+            Entropy: 6.342856822122601
+            Virtual Size: '0x2321c'
+        .rdata:
+            Entropy: 5.8350932122253685
+            Virtual Size: '0x31e4'
+        .data:
+            Entropy: 2.3041982865973822
+            Virtual Size: '0x25ce0'
+        .pdata:
+            Entropy: 5.3256215910283435
+            Virtual Size: '0x117c'
+        PAGE:
+            Entropy: 6.229306478822744
+            Virtual Size: '0x19f7'
+        INIT:
+            Entropy: 5.290761222190212
+            Virtual Size: '0x13a2'
+        .rsrc:
+            Entropy: 3.3994968214051506
+            Virtual Size: '0x3b8'
+        .reloc:
+            Entropy: 2.891565286382792
+            Virtual Size: '0x522'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2019-08-11 14:14:15'
+    Imphash: 62dbb90b4be9282d52aff9ae1a101d6b
+    LoadsDespiteHVCI: 'TRUE'
+-   Filename: aswArPot.sys
+    MD5: 9496585198d726000ea505abc39dbfe9
+    SHA1: 19977d45e98b48c901596fb0a49a7623cee4c782
+    SHA256: 94911fe6f2aba9683b10353094caf71ee4a882de63b4620797629d79f18feec5
+    Authentihash:
+        MD5: e7f217b2e9cafd1fd529fac02570b6ba
+        SHA1: 172b630f5d54c70ce0ee43cf1afdbb6f488eb4b7
+        SHA256: 2537f2ad83f5efc841ed75081d5dfffeb04eea92abfb9844adc091ff2a671b56
+    Description: AVG Anti Rootkit
+    Company: AVG Technologies CZ, s.r.o.
+    InternalName: aswArPot
+    OriginalFilename: aswArPot.sys
+    FileVersion: 20.4.83.0
+    Product: 'AVG Internet Security System '
+    ProductVersion: 20.4.83.0
+    Copyright: Copyright (C) 2020 AVG Technologies CZ, s.r.o.
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - __C_specific_handler
+    - KeDelayExecutionThread
+    - IoAllocateWorkItem
+    - MmIsAddressValid
+    - MmUnlockPages
+    - ExAllocatePool
+    - RtlAnsiStringToUnicodeString
+    - KeAcquireSpinLockRaiseToDpc
+    - ZwQuerySystemInformation
+    - PsRemoveLoadImageNotifyRoutine
+    - ZwUnmapViewOfSection
+    - ZwQuerySymbolicLinkObject
+    - MmProbeAndLockPages
+    - RtlVolumeDeviceToDosName
+    - PsSetLoadImageNotifyRoutine
+    - IoGetRequestorProcessId
+    - ZwReadFile
+    - ObQueryNameString
+    - ZwOpenThreadTokenEx
+    - ZwOpenProcessTokenEx
+    - towlower
+    - NtBuildNumber
+    - ExReleaseFastMutex
+    - _wcsicmp
+    - _snwprintf
+    - RtlConvertSidToUnicodeString
+    - ObfDereferenceObject
+    - IoAllocateMdl
+    - ZwCreateSection
+    - ZwQueryInformationProcess
+    - PsGetProcessId
+    - PsCreateSystemThread
+    - ZwQueryInformationThread
+    - RtlInitUnicodeString
+    - ZwOpenSymbolicLinkObject
+    - tolower
+    - PsRemoveCreateThreadNotifyRoutine
+    - IoDeleteDevice
+    - IoBuildDeviceIoControlRequest
+    - wcsncpy
+    - IoGetDeviceObjectPointer
+    - IoGetCurrentProcess
+    - ObOpenObjectByPointer
+    - strncpy
+    - KeReleaseSpinLock
+    - _strnicmp
+    - IoFileObjectType
+    - KeStackAttachProcess
+    - PsLookupProcessByProcessId
+    - PsGetCurrentProcessId
+    - KeSetEvent
+    - PsThreadType
+    - RtlUnicodeStringToAnsiString
+    - ZwQueryInformationToken
+    - ZwMapViewOfSection
+    - strncmp
+    - ObReferenceObjectByHandle
+    - RtlGetVersion
+    - PsGetThreadId
+    - PsGetVersion
+    - KeClearEvent
+    - IoGetBaseFileSystemDeviceObject
+    - wcschr
+    - ZwSetInformationFile
+    - ZwEnumerateKey
+    - IoFreeMdl
+    - wcsstr
+    - ExAcquireFastMutex
+    - MmGetSystemRoutineAddress
+    - IoFreeWorkItem
+    - _stricmp
+    - ExAllocatePoolWithTag
+    - RtlInitString
+    - IofCallDriver
+    - IoDeviceObjectType
+    - _snprintf
+    - ExFreePoolWithTag
+    - ZwOpenFile
+    - KeSetSystemAffinityThread
+    - strstr
+    - KeInitializeEvent
+    - ObReferenceObjectByName
+    - strchr
+    - _wcsnicmp
+    - KeQueryActiveProcessors
+    - RtlEqualSid
+    - IoQueueWorkItem
+    - MmUnmapLockedPages
+    - MmMapLockedPagesSpecifyCache
+    - PsSetCreateThreadNotifyRoutine
+    - PsGetCurrentThreadId
+    - IofCompleteRequest
+    - PsGetProcessWin32Process
+    - ExEventObjectType
+    - ZwQueryInformationFile
+    - KeWaitForSingleObject
+    - IoCreateSymbolicLink
+    - PsSetCreateProcessNotifyRoutine
+    - IoDriverObjectType
+    - PsLookupThreadByThreadId
+    - IoGetDeviceInterfaces
+    - ZwClose
+    - PsTerminateSystemThread
+    - wcsrchr
+    - strrchr
+    - SeExports
+    - KeUnstackDetachProcess
+    - KeResetEvent
+    - KeRevertToUserAffinityThread
+    - ZwOpenProcess
+    - wcsncmp
+    - ZwOpenKey
+    - PsGetThreadProcess
+    - IoDetachDevice
+    - IoAttachDeviceToDeviceStackSafe
+    - IoThreadToProcess
+    - PsInitialSystemProcess
+    - IoCreateDevice
+    - KeInsertQueueDpc
+    - KeNumberProcessors
+    - KeInitializeDpc
+    - KeSetTargetProcessorDpc
+    - PsProcessType
+    - MmMapIoSpace
+    - MmUnmapIoSpace
+    - ZwDeleteFile
+    - KeAttachProcess
+    - KeDetachProcess
+    - RtlCompareUnicodeString
+    - ZwWriteFile
+    - NtClose
+    - ObfReferenceObject
+    - IoBuildSynchronousFsdRequest
+    - ZwOpenThread
+    - ZwTerminateProcess
+    - RtlEqualUnicodeString
+    - IoFreeIrp
+    - ZwQueryDirectoryObject
+    - KeBugCheck
+    - ZwOpenDirectoryObject
+    - IoAllocateIrp
+    - KdDebuggerNotPresent
+    - ZwSetSecurityObject
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - RtlGetSaclSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - RtlLengthSecurityDescriptor
+    - RtlCreateSecurityDescriptor
+    - RtlAbsoluteToSelfRelativeSD
+    - RtlAddAccessAllowedAce
+    - RtlLengthSid
+    - IoIsWdmVersionAvailable
+    - RtlSetDaclSecurityDescriptor
+    - ZwSetValueKey
+    - ZwQueryValueKey
+    - ZwCreateKey
+    - RtlFreeUnicodeString
+    - KeBugCheckEx
+    - RtlQueryRegistryValues
+    - RtlPrefixUnicodeString
+    - ExRegisterCallback
+    - ExCreateCallback
+    - ExUnregisterCallback
+    - strcmp
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: C=US, ST=North Carolina, L=Newton, O=AVG Technologies USA, LLC,
+                OU=RE 999, CN=AVG Technologies USA, LLC
+            ValidFrom: '2020-01-27 00:00:00'
+            ValidTo: '2022-10-20 12:00:00'
+            Signature: b02cbaf178caf97fa7c0182c25b4c97d4e68127e4d5634609757bcbc051eb94254bb50e112e72505e7f9c6dbd92622287bacbcd726fa911b3b3e36ccc88f8794e980c0b0409efc87fb04d88a15df20dedb23ced152779b799359e4d3b553eb4c6c6ea61216899a0d9cc97de7f7e21ce374d5430e2dcfbb3b6f653db2d236f59bb22bd65e0787a65610c4fde1463a5be08e4710fb4e1ae7c00080edb315995b06297431ce4a9821d1050aa7061ef26c182482d09ba42001ab103c882c01f312411130490aa7820ff72902e723a864b881066e2d7883afdb5ba9d3027550f6a3761669e42b425ad61f76e2add3dd012558bd769b76f8f37843243dfbd0a2efa363
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03ec0c9015079fab8a6f3fc9f839311c
+            Version: 3
+            TBS:
+                MD5: bf2831557abdf7e58917d0a2608080a5
+                SHA1: 24ece342e4c4f2f17f32e6924f48c240ad6300ff
+                SHA256: 1afa061865098b2da9d030bc9f5815ad98e59fa847903692e52d6ba0bbf260dd
+                SHA384: 0bed85528163e2befed14755c2dcaf02acea62bdf352d3f964cfeaa2883bebea3e186aa26ce12e4df1dfd6d235bf9bb6
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
+            Version: 3
+            TBS:
+                MD5: 829995f702421dea833a24fb2c7f4442
+                SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
+                SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
+                SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 03ec0c9015079fab8a6f3fc9f839311c
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            Version: 1
+    RichPEHeaderHash:
+        MD5: e8033ae063a3483aec0d2fa55081ff62
+        SHA1: fef047c18b115c601ddfd833e1cb5784ca1afbd7
+        SHA256: fe30a08a31a5f4687353c7b08444b72fb6402a51b0586f0ade667983f833c4a5
+    Sections:
+        .text:
+            Entropy: 6.37980416282674
+            Virtual Size: '0x21d62'
+        .rdata:
+            Entropy: 5.713252224601693
+            Virtual Size: '0x3b1c'
+        .data:
+            Entropy: 2.7078442579876167
+            Virtual Size: '0x259b0'
+        .pdata:
+            Entropy: 5.4286864002584405
+            Virtual Size: '0x11dc'
+        PAGE:
+            Entropy: 6.273919225206701
+            Virtual Size: '0x1c4b'
+        INIT:
+            Entropy: 5.3629488423190335
+            Virtual Size: '0x13dc'
+        .rsrc:
+            Entropy: 3.350140047781645
+            Virtual Size: '0x3d0'
+        .reloc:
+            Entropy: 5.3833020583275815
+            Virtual Size: '0x188'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2020-06-01 01:48:53'
+    Imphash: 26150d69f50aa9247c3f3f17521d18a2
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: aswArPot.sys
+    MD5: ceac1347acae9ad9496d4b0593256522
+    SHA1: 36a6f75f05ac348af357fdecbabe1a184fe8d315
+    SHA256: 9a54ef5cfbe6db599322967ee2c84db7daabcb468be10a3ccfcaa0f64d9173c7
+    Authentihash:
+        MD5: d09a1bf39b8055fc11ac2bad634f36c5
+        SHA1: 3016bec15d07a845d6cf40aafbd4d63a06c403f2
+        SHA256: 9e309324897edf07776adbb2b05252d7a2ad8140c6636bc28a5050e4ea183d40
+    Description: AVG anti rootkit
+    Company: AVG Technologies CZ, s.r.o.
+    InternalName: aswArPot.sys
+    OriginalFilename: aswArPot.sys
+    FileVersion: 19.1.4132.0
+    Product: 'AVG Internet Security System '
+    ProductVersion: 19.1.4132.0
+    Copyright: Copyright (C) 2018 AVG Technologies CZ, s.r.o.
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - wcschr
+    - MmUnmapLockedPages
+    - _stricmp
+    - _wcsicmp
+    - towlower
+    - _strnicmp
+    - ExAllocatePoolWithTag
+    - PsGetProcessWin32Process
+    - KeClearEvent
+    - RtlVolumeDeviceToDosName
+    - KeQueryActiveProcessors
+    - RtlConvertSidToUnicodeString
+    - IoBuildDeviceIoControlRequest
+    - ExFreePoolWithTag
+    - KeResetEvent
+    - ExReleaseFastMutex
+    - IoGetBaseFileSystemDeviceObject
+    - strncmp
+    - ZwOpenThreadTokenEx
+    - RtlAnsiStringToUnicodeString
+    - ExAcquireFastMutex
+    - PsSetLoadImageNotifyRoutine
+    - _snwprintf
+    - NtBuildNumber
+    - PsRemoveCreateThreadNotifyRoutine
+    - PsLookupProcessByProcessId
+    - ZwQuerySymbolicLinkObject
+    - _wcsnicmp
+    - ZwReadFile
+    - strstr
+    - ZwMapViewOfSection
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeSetEvent
+    - wcsncpy
+    - RtlEqualSid
+    - strchr
+    - IoFreeWorkItem
+    - MmGetSystemRoutineAddress
+    - KeInitializeEvent
+    - PsSetCreateThreadNotifyRoutine
+    - RtlUnicodeStringToAnsiString
+    - _snprintf
+    - RtlGetVersion
+    - ZwQuerySystemInformation
+    - RtlInitString
+    - KeReleaseSpinLock
+    - PsSetCreateProcessNotifyRoutine
+    - ZwOpenSymbolicLinkObject
+    - IoFreeMdl
+    - KeUnstackDetachProcess
+    - ZwOpenProcessTokenEx
+    - ZwSetInformationFile
+    - tolower
+    - KeDelayExecutionThread
+    - ObQueryNameString
+    - strncpy
+    - IoFileObjectType
+    - IoDriverObjectType
+    - wcsrchr
+    - wcsstr
+    - PsCreateSystemThread
+    - MmMapLockedPagesSpecifyCache
+    - IoGetDeviceObjectPointer
+    - ZwUnmapViewOfSection
+    - ExAllocatePool
+    - PsTerminateSystemThread
+    - IoGetCurrentProcess
+    - ExEventObjectType
+    - IoAllocateWorkItem
+    - ZwClose
+    - IofCompleteRequest
+    - ObReferenceObjectByHandle
+    - KeWaitForSingleObject
+    - PsRemoveLoadImageNotifyRoutine
+    - IoGetRequestorProcessId
+    - MmProbeAndLockPages
+    - PsGetVersion
+    - KeRevertToUserAffinityThread
+    - PsThreadType
+    - IoGetDeviceInterfaces
+    - ZwOpenProcess
+    - SeExports
+    - MmUnlockPages
+    - strrchr
+    - ZwQueryInformationProcess
+    - IoCreateSymbolicLink
+    - PsGetCurrentThreadId
+    - PsGetCurrentProcessId
+    - KeSetSystemAffinityThread
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - ZwCreateSection
+    - ObReferenceObjectByName
+    - IoQueueWorkItem
+    - IoDeviceObjectType
+    - ZwOpenFile
+    - wcsncmp
+    - ZwQueryInformationToken
+    - ZwQueryInformationFile
+    - ZwQueryInformationThread
+    - ObOpenObjectByPointer
+    - KeStackAttachProcess
+    - PsLookupThreadByThreadId
+    - ZwEnumerateKey
+    - IoAllocateMdl
+    - IofCallDriver
+    - ZwOpenKey
+    - KeAcquireSpinLockRaiseToDpc
+    - IoThreadToProcess
+    - IoAttachDeviceToDeviceStackSafe
+    - IoDetachDevice
+    - PsInitialSystemProcess
+    - IoCreateDevice
+    - PsProcessType
+    - KeDetachProcess
+    - KeAttachProcess
+    - ZwDeleteFile
+    - IoBuildSynchronousFsdRequest
+    - NtClose
+    - RtlCompareUnicodeString
+    - ObfReferenceObject
+    - ZwWriteFile
+    - ZwOpenThread
+    - ZwTerminateProcess
+    - RtlEqualUnicodeString
+    - ZwOpenDirectoryObject
+    - KeBugCheck
+    - ZwQueryDirectoryObject
+    - IoFreeIrp
+    - IoAllocateIrp
+    - KdDebuggerNotPresent
+    - KeSetTargetProcessorDpc
+    - KeInitializeDpc
+    - KeInsertQueueDpc
+    - KeNumberProcessors
+    - KeBugCheckEx
+    - ZwSetSecurityObject
+    - RtlLengthSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - RtlCreateSecurityDescriptor
+    - RtlSetDaclSecurityDescriptor
+    - RtlAbsoluteToSelfRelativeSD
+    - IoIsWdmVersionAvailable
+    - RtlLengthSid
+    - RtlAddAccessAllowedAce
+    - RtlGetSaclSecurityDescriptor
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - ZwCreateKey
+    - ZwQueryValueKey
+    - ZwSetValueKey
+    - RtlFreeUnicodeString
+    - RtlQueryRegistryValues
+    - RtlPrefixUnicodeString
+    - ExUnregisterCallback
+    - ExRegisterCallback
+    - ExCreateCallback
+    - __C_specific_handler
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID Root CA
+            ValidFrom: '2011-04-15 19:41:37'
+            ValidTo: '2021-04-15 19:51:37'
+            Signature: 5cf5b22d02ceed01b53512d813f7aa4014c7a15ca08a55ed7e55ea6ac457176fd04722423658efc5ac61c5f62c52ce6ae6c80d85dab334420ea40225182672b92a4ea57e4b16f2a0e40c449ce24d9af474f0f927a6699031c244654348c74869d0fc8409f286140ac22996857f11eb8713176ed3ec6bff1d578ab17b1ea5a07ce9a27a68e5fac6b161d67263fa379163835599f81d614f0c6fa3f7bcb1152acc8d85e31417ef7e49443fb022c0f0acbe2fdbe10c86b0f4585c5a10a94bcdf3448a4652083e0a6210e9459504b78b8d4b074f500db7bbe7fb8ca27878c6c53b7663b2cfe521845a66fce04c79834ecfa8ee700586587cc29cd73ca3ad3c7e76625c87d0ed7cd5c55b1421f4be75a275d2e9e15ad020307841624d6b5e6e1b1710244ad8588775d015d762bbfd185665842561977faad49df4f35d6da031c2e19e02ac3e90c3327ee832903416d08b14cf95accee58c54a265b8bfed186a57073ed3e79a4a2f081a041c49871a8ae61b08a365d81c31c50d9cbab368ddf45076160675fec403e7d13edfdc862e10027e661296534e7af3365879b12042d8963f35be3f8ef2999743f5e40ce13c68728c8d49d75a52b573fb7a35943a61b08482c04885c19732d39b725fa0d2348f7ef0467cf28c7294c707b0d7b5b230b81965f09c8327b0a0abd0a2727e050fb3aeddb95b9b42bcc32663456b86f11d4643edc8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611cb28a000000000026
+            Version: 3
+            TBS:
+                MD5: 983a0c315a50542362f2bd6a5d71c8d0
+                SHA1: 8047f476001f5cb16a661d2a3fd0c3576168f5e2
+                SHA256: 5f6a519ed2e35cd0fa1cdfc90f4387162c36287bbf9e4d6648251d99542a9e83
+                SHA384: 5f014b60511ddab3247ef0b3c03fe82c622237ba76015e2911d1adc50dc632d56ebd1ee532f3c2b6cbfe68d80a2c91dc
+        -   Subject: C=US, ST=North Carolina, L=Newton, O=AVG Technologies USA, Inc.,
+                OU=Release Engineering, CN=AVG Technologies USA, Inc.
+            ValidFrom: '2018-01-30 00:00:00'
+            ValidTo: '2021-01-22 12:00:00'
+            Signature: 64a3846966f4f2a1ffd87657c43ac13664775a70d059fd4447ee6588de3e0bf2b1a228291c0a01222cab6b4bbbcaabb94662396476d5525c952e7fd0048588028be1ba1c55c1ac200b523e7234ded93661acf83becee39c27823e22ec23d4ff8266eea3241ed9fbfd6bba155c7c39ed31db5e810dd7ea0858b0a2e9b824f23b9002f04e35375d54e5237f575e221914fd6a11590fdac7bc2ee5d66eb08e3c560414f6144111bef12350d70d9bdc513fb8d2407de5f1c7cca824feb4fb2a51057c2609f8d6419078879d64840ed870385d645f08f022a306ba5309883eacf4967dbbeb36961c73f2ed047d6cf85d2c3ee86c9913e8374be078155a4ffa36d9fa8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0557955e02a6b53dd1d574ede15f310e
+            Version: 3
+            TBS:
+                MD5: f9b558280379fbd2ac831a9850ec9c0e
+                SHA1: c22448dd1388c2011166e2a203fe984bd702f355
+                SHA256: c2f472e92e35af2565c8973f388a3602f43929f9e41befa85cdeff4446c5b9fe
+                SHA384: 5ee6139861e1ad7af4f34277455f9239b9ae156de69550c1f6b567afa2038498f9edb2464632655aac52899243ff84b3
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 7b721d64ff88c83ac1b7e9e7a9c487bbdb9492d7905933fa2b87dea85b80253f138f9b831b7c43c4e68cdf393ec315ecb0da3b21257b24c1725db84791811346fa9c3f6a5138deb425cbf0abdfc528015479104624d1380f26a161904dbabd28e63ff1c4aa9bf6da35534fc9f23dd36cdc23edaaa04d6709f33a803d3cfb364c90e776a4ddf23abf56352fa24c65e8e0d4dad1c7c8916a2d234f373b199418d4d59c103cd5b11c19ff8fc86b9b9ef8ae9c999678d1cd9c51155b4226725a8d0a4a239240e886de22c2933ad49b68a6df297f06b93c0ebd9fc4869c82474271328609997209794b9d7169f541ff7f397764f1848dbe8b1eb27d68a3a590b10cff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0fa8490615d700a0be2176fdc5ec6dbd
+            Version: 3
+            TBS:
+                MD5: a9a31555bbc92b6033975c5428fb3679
+                SHA1: 47f4b9898631773231b32844ec0d49990ac4eb1e
+                SHA256: c826846e4b1d73edb7561ab1b41c949354e237a91e82fe1be5b7e2e1701f52d1
+                SHA384: 86f49574f368a561914a52d7ae043ec6784ef8c718960700f834e123594605d25d39f1ad45f1eb5052c9567f3edd0e16
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 0557955e02a6b53dd1d574ede15f310e
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID Code Signing CA,1
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 6132f6d32bf124e5f0bbebe21876c5ea
+        SHA1: 15b4ffef2a2b3a862a0eab844af3cfc4b1900d6f
+        SHA256: 0b8a681dd006525cd3655d98f39d2c65123a186d1781bb2331ae1b0c927d5ee0
+    Sections:
+        .text:
+            Entropy: 6.333034342254648
+            Virtual Size: '0x21a9c'
+        .rdata:
+            Entropy: 5.822460548764078
+            Virtual Size: '0x30ac'
+        .data:
+            Entropy: 1.9883419545841996
+            Virtual Size: '0x25b18'
+        .pdata:
+            Entropy: 5.344549474194191
+            Virtual Size: '0x10c8'
+        PAGE:
+            Entropy: 6.2415459986958455
+            Virtual Size: '0x19f7'
+        INIT:
+            Entropy: 5.308945301421294
+            Virtual Size: '0x1320'
+        .rsrc:
+            Entropy: 3.3852237383810513
+            Virtual Size: '0x3b8'
+        .reloc:
+            Entropy: 2.5894785090098025
+            Virtual Size: '0x4ba'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2018-12-10 07:58:34'
+    Imphash: 86682585c620fa85096a7bedaf990cd1
+    LoadsDespiteHVCI: 'TRUE'
+-   Filename: aswArPot.sys
+    MD5: 35c8fdf881909fa28c92b1c2741ac60b
+    SHA1: d942dac4033dcd681161181d50ce3661d1e12b96
+    SHA256: a2f45d95d54f4e110b577e621fefa0483fa0e3dcca14c500c298fb9209e491c1
+    Authentihash:
+        MD5: e56d6c4be652c01f178ecef18428f567
+        SHA1: 816088e3f2c6e3be17abe236bc905acc10733fda
+        SHA256: 11f0f2395b3e7a9849bf3f050bfda6b48ae2de856d8541a16b51d9097afb8306
+    Description: AVG anti rootkit
+    Company: AVG Technologies CZ, s.r.o.
+    InternalName: aswArPot.sys
+    OriginalFilename: aswArPot.sys
+    FileVersion: 19.2.4181.0
+    Product: 'AVG Internet Security System '
+    ProductVersion: 19.2.4181.0
+    Copyright: Copyright (C) 2019 AVG Technologies CZ, s.r.o.
+    MachineType: I386
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - wcsrchr
+    - towlower
+    - MmGetSystemRoutineAddress
+    - RtlInitUnicodeString
+    - RtlUnicodeStringToAnsiString
+    - MmIsAddressValid
+    - RtlAnsiStringToUnicodeString
+    - strncmp
+    - MmUnlockPages
+    - MmUnmapLockedPages
+    - IoFreeMdl
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - memcpy
+    - ObfDereferenceObject
+    - ObReferenceObjectByName
+    - IoDriverObjectType
+    - _snwprintf
+    - ZwClose
+    - IoGetBaseFileSystemDeviceObject
+    - ObReferenceObjectByHandle
+    - ZwOpenFile
+    - ExFreePoolWithTag
+    - ZwReadFile
+    - ExAllocatePoolWithTag
+    - ZwSetInformationFile
+    - ZwQueryInformationFile
+    - PsLookupProcessByProcessId
+    - KeSetEvent
+    - KeResetEvent
+    - ZwMapViewOfSection
+    - ZwCreateSection
+    - ZwUnmapViewOfSection
+    - KeRevertToUserAffinityThread
+    - KeSetSystemAffinityThread
+    - KeQueryActiveProcessors
+    - _snprintf
+    - memset
+    - ZwQuerySystemInformation
+    - ZwQueryInformationProcess
+    - ZwQueryInformationThread
+    - ObOpenObjectByPointer
+    - PsThreadType
+    - PsLookupThreadByThreadId
+    - KeUnstackDetachProcess
+    - ZwOpenProcess
+    - KeStackAttachProcess
+    - KeWaitForSingleObject
+    - KeClearEvent
+    - KeQuerySystemTime
+    - ZwEnumerateKey
+    - ZwOpenKey
+    - IoFreeWorkItem
+    - IoQueueWorkItem
+    - IoAllocateWorkItem
+    - strchr
+    - strrchr
+    - strstr
+    - PsGetCurrentProcessId
+    - _alldiv
+    - ZwQuerySymbolicLinkObject
+    - ZwOpenSymbolicLinkObject
+    - RtlVolumeDeviceToDosName
+    - IoGetDeviceObjectPointer
+    - wcsncpy
+    - wcsncmp
+    - IoGetDeviceInterfaces
+    - _stricmp
+    - strncpy
+    - IoGetCurrentProcess
+    - RtlInitString
+    - ZwOpenThreadTokenEx
+    - ZwOpenProcessTokenEx
+    - RtlConvertSidToUnicodeString
+    - RtlEqualSid
+    - SeExports
+    - ZwQueryInformationToken
+    - PsGetCurrentThreadId
+    - ExEventObjectType
+    - NtBuildNumber
+    - IoFileObjectType
+    - IoDeviceObjectType
+    - PsSetLoadImageNotifyRoutine
+    - PsSetCreateProcessNotifyRoutine
+    - PsGetProcessWin32Process
+    - ExAllocatePool
+    - PsTerminateSystemThread
+    - PsCreateSystemThread
+    - ObQueryNameString
+    - _allmul
+    - PsSetCreateThreadNotifyRoutine
+    - PsRemoveCreateThreadNotifyRoutine
+    - PsRemoveLoadImageNotifyRoutine
+    - IofCompleteRequest
+    - IoGetRequestorProcessId
+    - IofCallDriver
+    - IoDeleteDevice
+    - IoCreateSymbolicLink
+    - PsGetVersion
+    - IoDetachDevice
+    - IoAttachDeviceToDeviceStackSafe
+    - IoCreateDevice
+    - PsInitialSystemProcess
+    - IoThreadToProcess
+    - KeAttachProcess
+    - MmMapLockedPages
+    - ZwDeleteFile
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - PsProcessType
+    - KeDetachProcess
+    - ZwWriteFile
+    - NtClose
+    - ObfReferenceObject
+    - KeBugCheckEx
+    - RtlCompareUnicodeString
+    - IoBuildSynchronousFsdRequest
+    - ZwTerminateProcess
+    - ZwOpenThread
+    - IoFreeIrp
+    - RtlEqualUnicodeString
+    - IoAllocateIrp
+    - ZwQueryDirectoryObject
+    - ZwOpenDirectoryObject
+    - KeBugCheck
+    - KeInsertQueueDpc
+    - KeSetTargetProcessorDpc
+    - KeInitializeDpc
+    - KeNumberProcessors
+    - IoBuildDeviceIoControlRequest
+    - KeTickCount
+    - RtlUnwind
+    - _strnicmp
+    - _wcsnicmp
+    - _wcsicmp
+    - wcschr
+    - KeDelayExecutionThread
+    - MmMapLockedPagesSpecifyCache
+    - KeGetCurrentThread
+    - wcsstr
+    - KeInitializeEvent
+    - ZwSetSecurityObject
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetSaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - RtlLengthSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - IoIsWdmVersionAvailable
+    - RtlAddAccessAllowedAce
+    - RtlLengthSid
+    - RtlAbsoluteToSelfRelativeSD
+    - RtlSetDaclSecurityDescriptor
+    - RtlCreateSecurityDescriptor
+    - ZwCreateKey
+    - ZwQueryValueKey
+    - ZwSetValueKey
+    - RtlFreeUnicodeString
+    - ExUnregisterCallback
+    - ExCreateCallback
+    - ExRegisterCallback
+    - RtlQueryRegistryValues
+    - RtlPrefixUnicodeString
+    - KfAcquireSpinLock
+    - KfReleaseSpinLock
+    - KeGetCurrentIrql
+    - ExAcquireFastMutex
+    - ExReleaseFastMutex
+    - KeRaiseIrqlToDpcLevel
+    - KfLowerIrql
+    - KfRaiseIrql
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID Root CA
+            ValidFrom: '2011-04-15 19:41:37'
+            ValidTo: '2021-04-15 19:51:37'
+            Signature: 5cf5b22d02ceed01b53512d813f7aa4014c7a15ca08a55ed7e55ea6ac457176fd04722423658efc5ac61c5f62c52ce6ae6c80d85dab334420ea40225182672b92a4ea57e4b16f2a0e40c449ce24d9af474f0f927a6699031c244654348c74869d0fc8409f286140ac22996857f11eb8713176ed3ec6bff1d578ab17b1ea5a07ce9a27a68e5fac6b161d67263fa379163835599f81d614f0c6fa3f7bcb1152acc8d85e31417ef7e49443fb022c0f0acbe2fdbe10c86b0f4585c5a10a94bcdf3448a4652083e0a6210e9459504b78b8d4b074f500db7bbe7fb8ca27878c6c53b7663b2cfe521845a66fce04c79834ecfa8ee700586587cc29cd73ca3ad3c7e76625c87d0ed7cd5c55b1421f4be75a275d2e9e15ad020307841624d6b5e6e1b1710244ad8588775d015d762bbfd185665842561977faad49df4f35d6da031c2e19e02ac3e90c3327ee832903416d08b14cf95accee58c54a265b8bfed186a57073ed3e79a4a2f081a041c49871a8ae61b08a365d81c31c50d9cbab368ddf45076160675fec403e7d13edfdc862e10027e661296534e7af3365879b12042d8963f35be3f8ef2999743f5e40ce13c68728c8d49d75a52b573fb7a35943a61b08482c04885c19732d39b725fa0d2348f7ef0467cf28c7294c707b0d7b5b230b81965f09c8327b0a0abd0a2727e050fb3aeddb95b9b42bcc32663456b86f11d4643edc8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611cb28a000000000026
+            Version: 3
+            TBS:
+                MD5: 983a0c315a50542362f2bd6a5d71c8d0
+                SHA1: 8047f476001f5cb16a661d2a3fd0c3576168f5e2
+                SHA256: 5f6a519ed2e35cd0fa1cdfc90f4387162c36287bbf9e4d6648251d99542a9e83
+                SHA384: 5f014b60511ddab3247ef0b3c03fe82c622237ba76015e2911d1adc50dc632d56ebd1ee532f3c2b6cbfe68d80a2c91dc
+        -   Subject: C=US, ST=North Carolina, L=Newton, O=AVG Technologies USA, Inc.,
+                OU=Release Engineering, CN=AVG Technologies USA, Inc.
+            ValidFrom: '2018-01-30 00:00:00'
+            ValidTo: '2021-01-22 12:00:00'
+            Signature: 64a3846966f4f2a1ffd87657c43ac13664775a70d059fd4447ee6588de3e0bf2b1a228291c0a01222cab6b4bbbcaabb94662396476d5525c952e7fd0048588028be1ba1c55c1ac200b523e7234ded93661acf83becee39c27823e22ec23d4ff8266eea3241ed9fbfd6bba155c7c39ed31db5e810dd7ea0858b0a2e9b824f23b9002f04e35375d54e5237f575e221914fd6a11590fdac7bc2ee5d66eb08e3c560414f6144111bef12350d70d9bdc513fb8d2407de5f1c7cca824feb4fb2a51057c2609f8d6419078879d64840ed870385d645f08f022a306ba5309883eacf4967dbbeb36961c73f2ed047d6cf85d2c3ee86c9913e8374be078155a4ffa36d9fa8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0557955e02a6b53dd1d574ede15f310e
+            Version: 3
+            TBS:
+                MD5: f9b558280379fbd2ac831a9850ec9c0e
+                SHA1: c22448dd1388c2011166e2a203fe984bd702f355
+                SHA256: c2f472e92e35af2565c8973f388a3602f43929f9e41befa85cdeff4446c5b9fe
+                SHA384: 5ee6139861e1ad7af4f34277455f9239b9ae156de69550c1f6b567afa2038498f9edb2464632655aac52899243ff84b3
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 7b721d64ff88c83ac1b7e9e7a9c487bbdb9492d7905933fa2b87dea85b80253f138f9b831b7c43c4e68cdf393ec315ecb0da3b21257b24c1725db84791811346fa9c3f6a5138deb425cbf0abdfc528015479104624d1380f26a161904dbabd28e63ff1c4aa9bf6da35534fc9f23dd36cdc23edaaa04d6709f33a803d3cfb364c90e776a4ddf23abf56352fa24c65e8e0d4dad1c7c8916a2d234f373b199418d4d59c103cd5b11c19ff8fc86b9b9ef8ae9c999678d1cd9c51155b4226725a8d0a4a239240e886de22c2933ad49b68a6df297f06b93c0ebd9fc4869c82474271328609997209794b9d7169f541ff7f397764f1848dbe8b1eb27d68a3a590b10cff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0fa8490615d700a0be2176fdc5ec6dbd
+            Version: 3
+            TBS:
+                MD5: a9a31555bbc92b6033975c5428fb3679
+                SHA1: 47f4b9898631773231b32844ec0d49990ac4eb1e
+                SHA256: c826846e4b1d73edb7561ab1b41c949354e237a91e82fe1be5b7e2e1701f52d1
+                SHA384: 86f49574f368a561914a52d7ae043ec6784ef8c718960700f834e123594605d25d39f1ad45f1eb5052c9567f3edd0e16
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 0557955e02a6b53dd1d574ede15f310e
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID Code Signing CA,1
+            Version: 1
+    RichPEHeaderHash:
+        MD5: d35f2d33b54b350bbf39cbac221c6154
+        SHA1: e101b17cd430037f7f7a190f31271340e96fc272
+        SHA256: b97429cb64da49991e6729b0342b0a9a67edb37ad01c1199191203097aba8631
+    Sections:
+        .text:
+            Entropy: 6.542036319657988
+            Virtual Size: '0x19fae'
+        .rwtext:
+            Entropy: 1.7300584522683535
+            Virtual Size: '0x51'
+        .rdata:
+            Entropy: 5.42555121194693
+            Virtual Size: '0x2ffc'
+        .data:
+            Entropy: 2.6449416238771346
+            Virtual Size: '0x14b94'
+        PAGE:
+            Entropy: 6.255823244544411
+            Virtual Size: '0x13dd'
+        INIT:
+            Entropy: 5.575609594408319
+            Virtual Size: '0x115a'
+        .rsrc:
+            Entropy: 3.387684728445238
+            Virtual Size: '0x3b8'
+        .reloc:
+            Entropy: 6.3599137895820474
+            Virtual Size: '0x23ec'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2019-01-30 13:27:34'
+    Imphash: f08e2ac6ca73cd2a924ed25dc6813638
+    LoadsDespiteHVCI: 'TRUE'
+-   Filename: aswArPot.sys
+    MD5: 300d6ac47a146eb8eb159f51bc13f7cf
+    SHA1: 02316decf9e5165b431c599643f6856e86b95e7c
+    SHA256: a5a50449e2cc4d0dbc80496f757935ae38bf8a1bebdd6555a3495d8c219df2ad
+    Authentihash:
+        MD5: dc4869ad1497f7bd21ae89c9ecbcefca
+        SHA1: 1b7496a00aa6fd9328b41bf48a692f2648f6a7fb
+        SHA256: 60f79c1b60a74b98b4f436d6bbbf5aeb9ce6febbe1443d318eea7581962b75a4
+    Description: Avast anti rootkit
+    Company: AVAST Software
+    InternalName: aswArPot.sys
+    OriginalFilename: aswArPot.sys
+    FileVersion: 18.3.3848.0
+    Product: 'Avast Antivirus '
+    ProductVersion: 18.3.3848.0
+    Copyright: Copyright (c) 2018 AVAST Software
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - wcschr
+    - MmUnmapLockedPages
+    - _stricmp
+    - _wcsicmp
+    - towlower
+    - _strnicmp
+    - ExAllocatePoolWithTag
+    - PsGetProcessWin32Process
+    - KeClearEvent
+    - RtlVolumeDeviceToDosName
+    - KeQueryActiveProcessors
+    - RtlConvertSidToUnicodeString
+    - ExFreePoolWithTag
+    - KeResetEvent
+    - ExReleaseFastMutex
+    - IoGetBaseFileSystemDeviceObject
+    - strncmp
+    - ZwOpenThreadTokenEx
+    - RtlAnsiStringToUnicodeString
+    - ExAcquireFastMutex
+    - PsSetLoadImageNotifyRoutine
+    - _snwprintf
+    - NtBuildNumber
+    - PsRemoveCreateThreadNotifyRoutine
+    - PsLookupProcessByProcessId
+    - ZwQuerySymbolicLinkObject
+    - _wcsnicmp
+    - ZwReadFile
+    - strstr
+    - ZwMapViewOfSection
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeSetEvent
+    - wcsncpy
+    - RtlEqualSid
+    - strchr
+    - IoFreeWorkItem
+    - MmGetSystemRoutineAddress
+    - KeInitializeEvent
+    - PsSetCreateThreadNotifyRoutine
+    - RtlUnicodeStringToAnsiString
+    - _snprintf
+    - RtlGetVersion
+    - ZwQuerySystemInformation
+    - RtlInitString
+    - KeReleaseSpinLock
+    - PsSetCreateProcessNotifyRoutine
+    - ZwOpenSymbolicLinkObject
+    - IoFreeMdl
+    - KeUnstackDetachProcess
+    - ZwOpenProcessTokenEx
+    - ZwSetInformationFile
+    - KeDelayExecutionThread
+    - ObQueryNameString
+    - strncpy
+    - IoFileObjectType
+    - IoDriverObjectType
+    - wcsrchr
+    - wcsstr
+    - PsCreateSystemThread
+    - MmMapLockedPagesSpecifyCache
+    - IoGetDeviceObjectPointer
+    - ZwUnmapViewOfSection
+    - ExAllocatePool
+    - PsTerminateSystemThread
+    - IoGetCurrentProcess
+    - ExEventObjectType
+    - IoAllocateWorkItem
+    - ZwClose
+    - IofCompleteRequest
+    - ObReferenceObjectByHandle
+    - KeWaitForSingleObject
+    - PsRemoveLoadImageNotifyRoutine
+    - IoGetRequestorProcessId
+    - MmProbeAndLockPages
+    - PsGetVersion
+    - KeRevertToUserAffinityThread
+    - PsThreadType
+    - IoGetDeviceInterfaces
+    - ZwOpenProcess
+    - SeExports
+    - MmUnlockPages
+    - strrchr
+    - ZwQueryInformationProcess
+    - IoCreateSymbolicLink
+    - PsGetCurrentThreadId
+    - PsGetCurrentProcessId
+    - KeSetSystemAffinityThread
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - ZwCreateSection
+    - ObReferenceObjectByName
+    - IoQueueWorkItem
+    - IoDeviceObjectType
+    - ZwOpenFile
+    - wcsncmp
+    - ZwQueryInformationToken
+    - ZwQueryInformationFile
+    - ZwQueryInformationThread
+    - ObOpenObjectByPointer
+    - KeStackAttachProcess
+    - PsLookupThreadByThreadId
+    - ZwEnumerateKey
+    - IoAllocateMdl
+    - IofCallDriver
+    - ZwOpenKey
+    - KeAcquireSpinLockRaiseToDpc
+    - IoAttachDeviceToDeviceStackSafe
+    - IoDetachDevice
+    - IoCreateDevice
+    - PsProcessType
+    - KeDetachProcess
+    - KeAttachProcess
+    - ZwDeleteFile
+    - IoBuildSynchronousFsdRequest
+    - NtClose
+    - RtlCompareUnicodeString
+    - ObfReferenceObject
+    - ZwWriteFile
+    - ZwOpenThread
+    - ZwTerminateProcess
+    - RtlEqualUnicodeString
+    - ZwOpenDirectoryObject
+    - KeBugCheck
+    - ZwQueryDirectoryObject
+    - IoFreeIrp
+    - IoAllocateIrp
+    - KdDebuggerNotPresent
+    - KeSetTargetProcessorDpc
+    - IoBuildDeviceIoControlRequest
+    - KeInitializeDpc
+    - KeInsertQueueDpc
+    - KeNumberProcessors
+    - KeBugCheckEx
+    - ZwSetSecurityObject
+    - RtlLengthSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - RtlCreateSecurityDescriptor
+    - RtlSetDaclSecurityDescriptor
+    - RtlAbsoluteToSelfRelativeSD
+    - IoIsWdmVersionAvailable
+    - RtlLengthSid
+    - RtlAddAccessAllowedAce
+    - RtlGetSaclSecurityDescriptor
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - ZwCreateKey
+    - ZwQueryValueKey
+    - ZwSetValueKey
+    - RtlFreeUnicodeString
+    - RtlQueryRegistryValues
+    - RtlPrefixUnicodeString
+    - ExUnregisterCallback
+    - ExRegisterCallback
+    - ExCreateCallback
+    - __C_specific_handler
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=CZ, L=Praha 4, O=AVAST Software s.r.o., CN=AVAST Software s.r.o.
+            ValidFrom: '2016-09-06 00:00:00'
+            ValidTo: '2019-10-04 12:00:00'
+            Signature: 56220de8a9a65fffbff97ff463c4026ec9be68fe98bfa0b20a722df84322a44dbc98f25b87ee42da3a06a6cedef076de22e0d7e02d41201156875341cd24badedb8aa5afa133e9ed688fc45aeb37a74fbe399828143561fd717fa7bed97cb5d42643494462fef349f3300daff13660a9e50f85d1110de96d1300e0e730d2b6689fd53eb7a72f4f3112dffa2c1caf17cb64c22509d82b5ce1c2181c2faac22fce3981e683183d6da50d1c17dec375c370f5feb5abfbc6dca4cdd47a5b14375870de6dc346361d8997e79f19819f5168f9b01c9aacc210f2322248adc375a2782b64881c6a557677815c39b024555cc0adca920a617e0ecb385eb47213b1553c80
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 07c70f7cab145bc1ed385fbe69fa3130
+            Version: 3
+            TBS:
+                MD5: 2e1a5012cbe8b95785c794bc1c5584c3
+                SHA1: f4753b06b08938794c32c2475cee663143036d08
+                SHA256: fcad609a3259e3ca079248302a7e694f40e66a7090e510c8c3e821d7a8da82a5
+                SHA384: 08a8396996a9ecb96b22a85d6adf3f8b1117f3a880b1d4af12e4de8e8005897a7073d6d5368cb92f701f466ec227e2a6
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
+            Version: 3
+            TBS:
+                MD5: 829995f702421dea833a24fb2c7f4442
+                SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
+                SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
+                SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 07c70f7cab145bc1ed385fbe69fa3130
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 73f94453db44e5265861f0ce8df39fc1
+        SHA1: 6d710be934482758c43d9d19941be5ed522e371f
+        SHA256: 39835922f0b2a2c24ed5fb74c468f28fc5b2c036c7a219352dc78f7f29ea13c3
+    Sections:
+        .text:
+            Entropy: 6.331634555230066
+            Virtual Size: '0x2032c'
+        .rdata:
+            Entropy: 5.8083706753670254
+            Virtual Size: '0x303c'
+        .data:
+            Entropy: 1.7228772750546992
+            Virtual Size: '0x25814'
+        .pdata:
+            Entropy: 5.349284817948452
+            Virtual Size: '0x1080'
+        PAGE:
+            Entropy: 6.241650261489821
+            Virtual Size: '0x19f7'
+        INIT:
+            Entropy: 5.291903484197976
+            Virtual Size: '0x12d0'
+        .rsrc:
+            Entropy: 3.330592409477162
+            Virtual Size: '0x370'
+        .reloc:
+            Entropy: 1.9822497903370622
+            Virtual Size: '0x438'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2018-03-19 13:51:14'
+    Imphash: 1e8ee6407390a2d52051bec21c771fdb
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: aswArPot.sys
+    MD5: dcd966874b4c8c952662d2d16ddb4d7c
+    SHA1: 135b261eb03e830c57b1729e3a4653f9c27c7522
+    SHA256: aaa3459bcac25423f78ed72dbae4d7ef19e7c5c65770cbe5210b14e33cd1816c
+    Authentihash:
+        MD5: 31deadc1bcfdcac3b86e05ad2aa9eb1d
+        SHA1: 6a02a8de97682af43b1a5831c4b4991caf94094a
+        SHA256: f2e97fb72237dbbd8981d13a056dd3544c41d802efd129e1ea7e3f655de661b8
+    Description: Avast anti rootkit
+    Company: AVAST Software
+    InternalName: aswArPot.sys
+    OriginalFilename: aswArPot.sys
+    FileVersion: 18.2.3820.0
+    Product: 'Avast Antivirus '
+    ProductVersion: 18.2.3820.0
+    Copyright: Copyright (c) 2018 AVAST Software
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - wcschr
+    - MmUnmapLockedPages
+    - _stricmp
+    - _wcsicmp
+    - towlower
+    - _strnicmp
+    - ExAllocatePoolWithTag
+    - PsGetProcessWin32Process
+    - KeClearEvent
+    - RtlVolumeDeviceToDosName
+    - KeQueryActiveProcessors
+    - RtlConvertSidToUnicodeString
+    - ExFreePoolWithTag
+    - KeResetEvent
+    - ExReleaseFastMutex
+    - IoGetBaseFileSystemDeviceObject
+    - strncmp
+    - ZwOpenThreadTokenEx
+    - RtlAnsiStringToUnicodeString
+    - ExAcquireFastMutex
+    - PsSetLoadImageNotifyRoutine
+    - _snwprintf
+    - NtBuildNumber
+    - PsRemoveCreateThreadNotifyRoutine
+    - PsLookupProcessByProcessId
+    - ZwQuerySymbolicLinkObject
+    - _wcsnicmp
+    - ZwReadFile
+    - strstr
+    - ZwMapViewOfSection
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeSetEvent
+    - wcsncpy
+    - RtlEqualSid
+    - strchr
+    - IoFreeWorkItem
+    - MmGetSystemRoutineAddress
+    - KeInitializeEvent
+    - PsSetCreateThreadNotifyRoutine
+    - RtlUnicodeStringToAnsiString
+    - _snprintf
+    - RtlGetVersion
+    - ZwQuerySystemInformation
+    - RtlInitString
+    - KeReleaseSpinLock
+    - PsSetCreateProcessNotifyRoutine
+    - ZwOpenSymbolicLinkObject
+    - IoFreeMdl
+    - KeUnstackDetachProcess
+    - ZwOpenProcessTokenEx
+    - ZwSetInformationFile
+    - KeDelayExecutionThread
+    - ObQueryNameString
+    - strncpy
+    - IoFileObjectType
+    - IoDriverObjectType
+    - wcsrchr
+    - wcsstr
+    - PsCreateSystemThread
+    - MmMapLockedPagesSpecifyCache
+    - IoGetDeviceObjectPointer
+    - ZwUnmapViewOfSection
+    - ExAllocatePool
+    - PsTerminateSystemThread
+    - IoGetCurrentProcess
+    - ExEventObjectType
+    - IoAllocateWorkItem
+    - ZwClose
+    - IofCompleteRequest
+    - ObReferenceObjectByHandle
+    - KeWaitForSingleObject
+    - PsRemoveLoadImageNotifyRoutine
+    - IoGetRequestorProcessId
+    - MmProbeAndLockPages
+    - PsGetVersion
+    - KeRevertToUserAffinityThread
+    - PsThreadType
+    - IoGetDeviceInterfaces
+    - ZwOpenProcess
+    - SeExports
+    - MmUnlockPages
+    - strrchr
+    - ZwQueryInformationProcess
+    - IoCreateSymbolicLink
+    - PsGetCurrentThreadId
+    - PsGetCurrentProcessId
+    - KeSetSystemAffinityThread
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - ZwCreateSection
+    - ObReferenceObjectByName
+    - IoQueueWorkItem
+    - IoDeviceObjectType
+    - ZwOpenFile
+    - wcsncmp
+    - ZwQueryInformationToken
+    - ZwQueryInformationFile
+    - ZwQueryInformationThread
+    - ObOpenObjectByPointer
+    - KeStackAttachProcess
+    - PsLookupThreadByThreadId
+    - ZwEnumerateKey
+    - IoAllocateMdl
+    - IofCallDriver
+    - ZwOpenKey
+    - KeAcquireSpinLockRaiseToDpc
+    - IoAttachDeviceToDeviceStackSafe
+    - IoDetachDevice
+    - IoCreateDevice
+    - PsProcessType
+    - KeDetachProcess
+    - KeAttachProcess
+    - ZwDeleteFile
+    - IoBuildSynchronousFsdRequest
+    - NtClose
+    - RtlCompareUnicodeString
+    - ObfReferenceObject
+    - ZwWriteFile
+    - ZwOpenThread
+    - ZwTerminateProcess
+    - RtlEqualUnicodeString
+    - ZwOpenDirectoryObject
+    - KeBugCheck
+    - ZwQueryDirectoryObject
+    - IoFreeIrp
+    - IoAllocateIrp
+    - KdDebuggerNotPresent
+    - KeSetTargetProcessorDpc
+    - IoBuildDeviceIoControlRequest
+    - KeInitializeDpc
+    - KeInsertQueueDpc
+    - KeNumberProcessors
+    - KeBugCheckEx
+    - ZwSetSecurityObject
+    - RtlLengthSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - RtlCreateSecurityDescriptor
+    - RtlSetDaclSecurityDescriptor
+    - RtlAbsoluteToSelfRelativeSD
+    - IoIsWdmVersionAvailable
+    - RtlLengthSid
+    - RtlAddAccessAllowedAce
+    - RtlGetSaclSecurityDescriptor
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - ZwCreateKey
+    - ZwQueryValueKey
+    - ZwSetValueKey
+    - RtlFreeUnicodeString
+    - RtlQueryRegistryValues
+    - RtlPrefixUnicodeString
+    - ExUnregisterCallback
+    - ExRegisterCallback
+    - ExCreateCallback
+    - __C_specific_handler
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=CZ, L=Praha 4, O=AVAST Software s.r.o., CN=AVAST Software s.r.o.
+            ValidFrom: '2016-09-06 00:00:00'
+            ValidTo: '2019-10-04 12:00:00'
+            Signature: 56220de8a9a65fffbff97ff463c4026ec9be68fe98bfa0b20a722df84322a44dbc98f25b87ee42da3a06a6cedef076de22e0d7e02d41201156875341cd24badedb8aa5afa133e9ed688fc45aeb37a74fbe399828143561fd717fa7bed97cb5d42643494462fef349f3300daff13660a9e50f85d1110de96d1300e0e730d2b6689fd53eb7a72f4f3112dffa2c1caf17cb64c22509d82b5ce1c2181c2faac22fce3981e683183d6da50d1c17dec375c370f5feb5abfbc6dca4cdd47a5b14375870de6dc346361d8997e79f19819f5168f9b01c9aacc210f2322248adc375a2782b64881c6a557677815c39b024555cc0adca920a617e0ecb385eb47213b1553c80
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 07c70f7cab145bc1ed385fbe69fa3130
+            Version: 3
+            TBS:
+                MD5: 2e1a5012cbe8b95785c794bc1c5584c3
+                SHA1: f4753b06b08938794c32c2475cee663143036d08
+                SHA256: fcad609a3259e3ca079248302a7e694f40e66a7090e510c8c3e821d7a8da82a5
+                SHA384: 08a8396996a9ecb96b22a85d6adf3f8b1117f3a880b1d4af12e4de8e8005897a7073d6d5368cb92f701f466ec227e2a6
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
+            Version: 3
+            TBS:
+                MD5: 829995f702421dea833a24fb2c7f4442
+                SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
+                SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
+                SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 07c70f7cab145bc1ed385fbe69fa3130
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 73f94453db44e5265861f0ce8df39fc1
+        SHA1: 6d710be934482758c43d9d19941be5ed522e371f
+        SHA256: 39835922f0b2a2c24ed5fb74c468f28fc5b2c036c7a219352dc78f7f29ea13c3
+    Sections:
+        .text:
+            Entropy: 6.332677044584613
+            Virtual Size: '0x202fc'
+        .rdata:
+            Entropy: 5.814931943419495
+            Virtual Size: '0x305c'
+        .data:
+            Entropy: 1.7096861456745627
+            Virtual Size: '0x25814'
+        .pdata:
+            Entropy: 5.335827533513024
+            Virtual Size: '0x1080'
+        PAGE:
+            Entropy: 6.2414734898635
+            Virtual Size: '0x19f7'
+        INIT:
+            Entropy: 5.291903484197976
+            Virtual Size: '0x12d0'
+        .rsrc:
+            Entropy: 3.3384112555240217
+            Virtual Size: '0x370'
+        .reloc:
+            Entropy: 1.9822497903370622
+            Virtual Size: '0x438'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2018-02-26 05:01:25'
+    Imphash: 1e8ee6407390a2d52051bec21c771fdb
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: aswArPot.sys
+    MD5: 991230087394738976dbd44f92516cae
+    SHA1: e2f40590b404a24e775f781525d8ed01f1b1156d
+    SHA256: ad8ffccfde782bc287241152cf24245a8bf21c2530d81c57e17631b3c4adb833
+    Authentihash:
+        MD5: 6a9312463a34c79194223951fc89b195
+        SHA1: 6439725334c47247763a76d4ba8ebab4c1caedfa
+        SHA256: f8e307f2af1c1ae3d5ef6581e651823e3b6bfb9d7b565353cbd50e455c1dc9c8
+    Description: Avast Anti Rootkit
+    Company: AVAST Software
+    InternalName: aswArPot
+    OriginalFilename: aswArPot.sys
+    FileVersion: 20.6.107.0
+    Product: 'Avast Antivirus '
+    ProductVersion: 20.6.107.0
+    Copyright: Copyright (c) 2020 AVAST Software
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - __C_specific_handler
+    - KeDelayExecutionThread
+    - IoAllocateWorkItem
+    - MmIsAddressValid
+    - MmUnlockPages
+    - ExAllocatePool
+    - RtlAnsiStringToUnicodeString
+    - KeAcquireSpinLockRaiseToDpc
+    - ZwQuerySystemInformation
+    - PsRemoveLoadImageNotifyRoutine
+    - ZwUnmapViewOfSection
+    - ZwQuerySymbolicLinkObject
+    - MmProbeAndLockPages
+    - RtlVolumeDeviceToDosName
+    - PsSetLoadImageNotifyRoutine
+    - IoGetRequestorProcessId
+    - ZwReadFile
+    - ObQueryNameString
+    - ZwOpenThreadTokenEx
+    - ZwOpenProcessTokenEx
+    - towlower
+    - NtBuildNumber
+    - ExReleaseFastMutex
+    - _wcsicmp
+    - _snwprintf
+    - RtlConvertSidToUnicodeString
+    - ObfDereferenceObject
+    - IoAllocateMdl
+    - ZwCreateSection
+    - ZwQueryInformationProcess
+    - PsGetProcessId
+    - PsCreateSystemThread
+    - ZwQueryInformationThread
+    - RtlInitUnicodeString
+    - ZwOpenSymbolicLinkObject
+    - tolower
+    - PsRemoveCreateThreadNotifyRoutine
+    - IoDeleteDevice
+    - IoBuildDeviceIoControlRequest
+    - wcsncpy
+    - IoGetDeviceObjectPointer
+    - IoGetCurrentProcess
+    - ObOpenObjectByPointer
+    - strncpy
+    - KeReleaseSpinLock
+    - _strnicmp
+    - IoFileObjectType
+    - KeStackAttachProcess
+    - PsLookupProcessByProcessId
+    - PsGetCurrentProcessId
+    - KeSetEvent
+    - PsThreadType
+    - RtlUnicodeStringToAnsiString
+    - ZwQueryInformationToken
+    - ZwMapViewOfSection
+    - strncmp
+    - ObReferenceObjectByHandle
+    - RtlGetVersion
+    - PsGetThreadId
+    - PsGetVersion
+    - KeClearEvent
+    - IoGetBaseFileSystemDeviceObject
+    - wcschr
+    - ZwSetInformationFile
+    - ZwEnumerateKey
+    - IoFreeMdl
+    - wcsstr
+    - ExAcquireFastMutex
+    - MmGetSystemRoutineAddress
+    - IoFreeWorkItem
+    - _stricmp
+    - ExAllocatePoolWithTag
+    - RtlInitString
+    - IofCallDriver
+    - IoDeviceObjectType
+    - _snprintf
+    - ExFreePoolWithTag
+    - ZwOpenFile
+    - KeSetSystemAffinityThread
+    - strstr
+    - KeInitializeEvent
+    - ObReferenceObjectByName
+    - strchr
+    - _wcsnicmp
+    - KeQueryActiveProcessors
+    - RtlEqualSid
+    - IoQueueWorkItem
+    - MmUnmapLockedPages
+    - MmMapLockedPagesSpecifyCache
+    - PsSetCreateThreadNotifyRoutine
+    - PsGetCurrentThreadId
+    - IofCompleteRequest
+    - PsGetProcessWin32Process
+    - ExEventObjectType
+    - ZwQueryInformationFile
+    - KeWaitForSingleObject
+    - IoCreateSymbolicLink
+    - PsSetCreateProcessNotifyRoutine
+    - IoDriverObjectType
+    - PsLookupThreadByThreadId
+    - IoGetDeviceInterfaces
+    - ZwClose
+    - PsTerminateSystemThread
+    - wcsrchr
+    - strrchr
+    - SeExports
+    - KeUnstackDetachProcess
+    - KeResetEvent
+    - KeRevertToUserAffinityThread
+    - ZwOpenProcess
+    - wcsncmp
+    - ZwOpenKey
+    - PsGetThreadProcess
+    - IoDetachDevice
+    - IoAttachDeviceToDeviceStackSafe
+    - IoThreadToProcess
+    - PsInitialSystemProcess
+    - IoCreateDevice
+    - KeInsertQueueDpc
+    - KeNumberProcessors
+    - KeInitializeDpc
+    - KeSetTargetProcessorDpc
+    - PsProcessType
+    - MmMapIoSpace
+    - MmUnmapIoSpace
+    - ZwDeleteFile
+    - KeAttachProcess
+    - KeDetachProcess
+    - RtlCompareUnicodeString
+    - ZwWriteFile
+    - NtClose
+    - ObfReferenceObject
+    - IoBuildSynchronousFsdRequest
+    - ZwOpenThread
+    - ZwTerminateProcess
+    - RtlEqualUnicodeString
+    - IoFreeIrp
+    - ZwQueryDirectoryObject
+    - KeBugCheck
+    - ZwOpenDirectoryObject
+    - IoAllocateIrp
+    - KdDebuggerNotPresent
+    - ZwSetSecurityObject
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - RtlGetSaclSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - RtlLengthSecurityDescriptor
+    - RtlCreateSecurityDescriptor
+    - RtlAbsoluteToSelfRelativeSD
+    - RtlAddAccessAllowedAce
+    - RtlLengthSid
+    - IoIsWdmVersionAvailable
+    - RtlSetDaclSecurityDescriptor
+    - ZwSetValueKey
+    - ZwQueryValueKey
+    - ZwCreateKey
+    - RtlFreeUnicodeString
+    - KeBugCheckEx
+    - RtlQueryRegistryValues
+    - RtlPrefixUnicodeString
+    - ExRegisterCallback
+    - ExCreateCallback
+    - ExUnregisterCallback
+    - strcmp
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=CZ, L=Praha, O=Avast Software s.r.o., OU=RE 999, CN=Avast Software
+                s.r.o.
+            ValidFrom: '2019-12-02 00:00:00'
+            ValidTo: '2022-10-19 12:00:00'
+            Signature: 874d04f17ffc50e66100207e56ecc8ae7e81c1957a7600295ead9db28842c7c05e06e8e28ccfc1e9d45d7a55d6d4a2fb74d72600a79ef5bfa53acaa4f3a4fcaf90a2554fc37742dd44c83a90880f948f5538637c0d999b03ebbf20cc001293a5639d44ad950cacfce2a337f7a24b817a5b85df89f6acf49974adee1d867373e6534a3f3558e59f87d06afe5744ec575b66c76110a595471007b209c591984f0ff20ea4c87ac405c85f42f0b105b04ec2ced11ca9cfb6aef21a3c6ae9ccd2a9cb4a9f78244751b15bfccb32ec3a52d44258bad6fc6d9f24c24700e9e1c4c0c29b9db4683c526a92934d72367620c6a89119e7a678597d7603c62b1c22f54edfad
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03f02aca051d1c9330eeabd3706e836f
+            Version: 3
+            TBS:
+                MD5: f251d9cde0901fb67831855b4a592b51
+                SHA1: cd0ac068faea4b875ded287512f20b6ba8dcb457
+                SHA256: 247e040822854e1a4cbc3488782a9e96db6bffa9bdfe36406a46e3f88695d423
+                SHA384: c6a765c300f3ee36604e9c51a9fcd18071b0cd0bd15b3ad69350f04a0b1b5ef7b71556af698a1e8988bf91cd8b2a6104
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
+            Version: 3
+            TBS:
+                MD5: 829995f702421dea833a24fb2c7f4442
+                SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
+                SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
+                SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 03f02aca051d1c9330eeabd3706e836f
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            Version: 1
+    RichPEHeaderHash:
+        MD5: e8033ae063a3483aec0d2fa55081ff62
+        SHA1: fef047c18b115c601ddfd833e1cb5784ca1afbd7
+        SHA256: fe30a08a31a5f4687353c7b08444b72fb6402a51b0586f0ade667983f833c4a5
+    Sections:
+        .text:
+            Entropy: 6.379234008066875
+            Virtual Size: '0x21da2'
+        .rdata:
+            Entropy: 5.720028704696872
+            Virtual Size: '0x3b1c'
+        .data:
+            Entropy: 2.6876888382903856
+            Virtual Size: '0x259b0'
+        .pdata:
+            Entropy: 5.428586674221124
+            Virtual Size: '0x11dc'
+        PAGE:
+            Entropy: 6.274427019122509
+            Virtual Size: '0x1c4b'
+        INIT:
+            Entropy: 5.364309660201566
+            Virtual Size: '0x13dc'
+        .rsrc:
+            Entropy: 3.2771435361763768
+            Virtual Size: '0x398'
+        .reloc:
+            Entropy: 5.3833020583275815
+            Virtual Size: '0x188'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2020-07-23 06:10:00'
+    Imphash: 26150d69f50aa9247c3f3f17521d18a2
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: aswArPot.sys
+    MD5: 259381daae0357fbfefe1d92188c496a
+    SHA1: 3f347117d21cd8229dd99fa03d6c92601067c604
+    SHA256: be8dd2d39a527649e34dc77ef8bc07193a4234b38597b8f51e519dadc5479ec2
+    Authentihash:
+        MD5: 63451cd1b804978b26b8b04869749d76
+        SHA1: 2c96a59141c58c42a871671fd2c3dfac9bb43a37
+        SHA256: 72f100edc998bb2fc40a3a7e7d76c6c37f7173b812f5cd7ae62c824b3fc63d57
+    Description: Avast anti rootkit
+    Company: AVAST Software
+    InternalName: aswArPot.sys
+    OriginalFilename: aswArPot.sys
+    FileVersion: 18.4.3891.0
+    Product: 'Avast Antivirus '
+    ProductVersion: 18.4.3891.0
+    Copyright: Copyright (c) 2018 AVAST Software
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - wcschr
+    - MmUnmapLockedPages
+    - _stricmp
+    - _wcsicmp
+    - towlower
+    - _strnicmp
+    - ExAllocatePoolWithTag
+    - PsGetProcessWin32Process
+    - KeClearEvent
+    - RtlVolumeDeviceToDosName
+    - KeQueryActiveProcessors
+    - RtlConvertSidToUnicodeString
+    - ExFreePoolWithTag
+    - KeResetEvent
+    - ExReleaseFastMutex
+    - IoGetBaseFileSystemDeviceObject
+    - strncmp
+    - ZwOpenThreadTokenEx
+    - RtlAnsiStringToUnicodeString
+    - ExAcquireFastMutex
+    - PsSetLoadImageNotifyRoutine
+    - _snwprintf
+    - NtBuildNumber
+    - PsRemoveCreateThreadNotifyRoutine
+    - PsLookupProcessByProcessId
+    - ZwQuerySymbolicLinkObject
+    - _wcsnicmp
+    - ZwReadFile
+    - strstr
+    - ZwMapViewOfSection
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeSetEvent
+    - wcsncpy
+    - RtlEqualSid
+    - strchr
+    - IoFreeWorkItem
+    - MmGetSystemRoutineAddress
+    - KeInitializeEvent
+    - PsSetCreateThreadNotifyRoutine
+    - RtlUnicodeStringToAnsiString
+    - _snprintf
+    - RtlGetVersion
+    - ZwQuerySystemInformation
+    - RtlInitString
+    - KeReleaseSpinLock
+    - PsSetCreateProcessNotifyRoutine
+    - ZwOpenSymbolicLinkObject
+    - IoFreeMdl
+    - KeUnstackDetachProcess
+    - ZwOpenProcessTokenEx
+    - ZwSetInformationFile
+    - KeDelayExecutionThread
+    - ObQueryNameString
+    - strncpy
+    - IoFileObjectType
+    - IoDriverObjectType
+    - wcsrchr
+    - wcsstr
+    - PsCreateSystemThread
+    - MmMapLockedPagesSpecifyCache
+    - IoGetDeviceObjectPointer
+    - ZwUnmapViewOfSection
+    - ExAllocatePool
+    - PsTerminateSystemThread
+    - IoGetCurrentProcess
+    - ExEventObjectType
+    - IoAllocateWorkItem
+    - ZwClose
+    - IofCompleteRequest
+    - ObReferenceObjectByHandle
+    - KeWaitForSingleObject
+    - PsRemoveLoadImageNotifyRoutine
+    - IoGetRequestorProcessId
+    - MmProbeAndLockPages
+    - PsGetVersion
+    - KeRevertToUserAffinityThread
+    - PsThreadType
+    - IoGetDeviceInterfaces
+    - ZwOpenProcess
+    - SeExports
+    - MmUnlockPages
+    - strrchr
+    - ZwQueryInformationProcess
+    - IoCreateSymbolicLink
+    - PsGetCurrentThreadId
+    - PsGetCurrentProcessId
+    - KeSetSystemAffinityThread
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - ZwCreateSection
+    - ObReferenceObjectByName
+    - IoQueueWorkItem
+    - IoDeviceObjectType
+    - ZwOpenFile
+    - wcsncmp
+    - ZwQueryInformationToken
+    - ZwQueryInformationFile
+    - ZwQueryInformationThread
+    - ObOpenObjectByPointer
+    - KeStackAttachProcess
+    - PsLookupThreadByThreadId
+    - ZwEnumerateKey
+    - IoAllocateMdl
+    - IofCallDriver
+    - ZwOpenKey
+    - KeAcquireSpinLockRaiseToDpc
+    - IoAttachDeviceToDeviceStackSafe
+    - IoDetachDevice
+    - IoCreateDevice
+    - PsProcessType
+    - KeDetachProcess
+    - KeAttachProcess
+    - ZwDeleteFile
+    - IoBuildSynchronousFsdRequest
+    - NtClose
+    - RtlCompareUnicodeString
+    - ObfReferenceObject
+    - ZwWriteFile
+    - ZwOpenThread
+    - ZwTerminateProcess
+    - RtlEqualUnicodeString
+    - ZwOpenDirectoryObject
+    - KeBugCheck
+    - ZwQueryDirectoryObject
+    - IoFreeIrp
+    - IoAllocateIrp
+    - KdDebuggerNotPresent
+    - KeSetTargetProcessorDpc
+    - IoBuildDeviceIoControlRequest
+    - KeInitializeDpc
+    - KeInsertQueueDpc
+    - KeNumberProcessors
+    - KeBugCheckEx
+    - ZwSetSecurityObject
+    - RtlLengthSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - RtlCreateSecurityDescriptor
+    - RtlSetDaclSecurityDescriptor
+    - RtlAbsoluteToSelfRelativeSD
+    - IoIsWdmVersionAvailable
+    - RtlLengthSid
+    - RtlAddAccessAllowedAce
+    - RtlGetSaclSecurityDescriptor
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - ZwCreateKey
+    - ZwQueryValueKey
+    - ZwSetValueKey
+    - RtlFreeUnicodeString
+    - RtlQueryRegistryValues
+    - RtlPrefixUnicodeString
+    - ExUnregisterCallback
+    - ExRegisterCallback
+    - ExCreateCallback
+    - __C_specific_handler
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=CZ, L=Praha 4, O=AVAST Software s.r.o., CN=AVAST Software s.r.o.
+            ValidFrom: '2016-09-06 00:00:00'
+            ValidTo: '2019-10-04 12:00:00'
+            Signature: 56220de8a9a65fffbff97ff463c4026ec9be68fe98bfa0b20a722df84322a44dbc98f25b87ee42da3a06a6cedef076de22e0d7e02d41201156875341cd24badedb8aa5afa133e9ed688fc45aeb37a74fbe399828143561fd717fa7bed97cb5d42643494462fef349f3300daff13660a9e50f85d1110de96d1300e0e730d2b6689fd53eb7a72f4f3112dffa2c1caf17cb64c22509d82b5ce1c2181c2faac22fce3981e683183d6da50d1c17dec375c370f5feb5abfbc6dca4cdd47a5b14375870de6dc346361d8997e79f19819f5168f9b01c9aacc210f2322248adc375a2782b64881c6a557677815c39b024555cc0adca920a617e0ecb385eb47213b1553c80
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 07c70f7cab145bc1ed385fbe69fa3130
+            Version: 3
+            TBS:
+                MD5: 2e1a5012cbe8b95785c794bc1c5584c3
+                SHA1: f4753b06b08938794c32c2475cee663143036d08
+                SHA256: fcad609a3259e3ca079248302a7e694f40e66a7090e510c8c3e821d7a8da82a5
+                SHA384: 08a8396996a9ecb96b22a85d6adf3f8b1117f3a880b1d4af12e4de8e8005897a7073d6d5368cb92f701f466ec227e2a6
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
+            Version: 3
+            TBS:
+                MD5: 829995f702421dea833a24fb2c7f4442
+                SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
+                SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
+                SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 07c70f7cab145bc1ed385fbe69fa3130
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 73f94453db44e5265861f0ce8df39fc1
+        SHA1: 6d710be934482758c43d9d19941be5ed522e371f
+        SHA256: 39835922f0b2a2c24ed5fb74c468f28fc5b2c036c7a219352dc78f7f29ea13c3
+    Sections:
+        .text:
+            Entropy: 6.333165816090795
+            Virtual Size: '0x203dc'
+        .rdata:
+            Entropy: 5.826378527520496
+            Virtual Size: '0x3044'
+        .data:
+            Entropy: 1.722989677434697
+            Virtual Size: '0x25834'
+        .pdata:
+            Entropy: 5.359550614921239
+            Virtual Size: '0x1074'
+        PAGE:
+            Entropy: 6.241853317493543
+            Virtual Size: '0x19f7'
+        INIT:
+            Entropy: 5.292236169997528
+            Virtual Size: '0x12d0'
+        .rsrc:
+            Entropy: 3.330151937246589
+            Virtual Size: '0x370'
+        .reloc:
+            Entropy: 1.9822497903370622
+            Virtual Size: '0x438'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2018-04-27 12:33:22'
+    Imphash: 1e8ee6407390a2d52051bec21c771fdb
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: aswArPot.sys
+    MD5: 16472fca75ab4b5647c99de608949cde
+    SHA1: 24daa825adedcbbb1d098cbe9d68c40389901b64
+    SHA256: d5c4ff35eaa74ccdb80c7197d3d113c9cd38561070f2aa69c0affe8ed84a77c9
+    Authentihash:
+        MD5: f778cb0515b1db1cb133286ed8e3f284
+        SHA1: 7ab72d197214b2792893a14b80ed6e5a546d0b9b
+        SHA256: 5eb493fc07a9573176f87297a002183d8e60104619a7b83940ce6e83ac54cd7b
+    Description: Avast anti rootkit
+    Company: AVAST Software
+    InternalName: aswArPot.sys
+    OriginalFilename: aswArPot.sys
+    FileVersion: 18.6.3979.0
+    Product: 'Avast Antivirus '
+    ProductVersion: 18.6.3979.0
+    Copyright: Copyright (c) 2018 AVAST Software
+    MachineType: I386
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - wcsrchr
+    - towlower
+    - MmGetSystemRoutineAddress
+    - RtlInitUnicodeString
+    - RtlUnicodeStringToAnsiString
+    - MmIsAddressValid
+    - RtlAnsiStringToUnicodeString
+    - strncmp
+    - MmUnlockPages
+    - MmUnmapLockedPages
+    - IoFreeMdl
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - memcpy
+    - ObfDereferenceObject
+    - ObReferenceObjectByName
+    - IoDriverObjectType
+    - _snwprintf
+    - ZwClose
+    - IoGetBaseFileSystemDeviceObject
+    - ObReferenceObjectByHandle
+    - ZwOpenFile
+    - ExFreePoolWithTag
+    - ZwReadFile
+    - ExAllocatePoolWithTag
+    - ZwSetInformationFile
+    - ZwQueryInformationFile
+    - PsLookupProcessByProcessId
+    - KeSetEvent
+    - KeResetEvent
+    - ZwMapViewOfSection
+    - ZwCreateSection
+    - ZwUnmapViewOfSection
+    - KeRevertToUserAffinityThread
+    - KeSetSystemAffinityThread
+    - KeQueryActiveProcessors
+    - _snprintf
+    - memset
+    - ZwQuerySystemInformation
+    - ZwQueryInformationProcess
+    - ZwQueryInformationThread
+    - ObOpenObjectByPointer
+    - PsThreadType
+    - PsLookupThreadByThreadId
+    - KeUnstackDetachProcess
+    - ZwOpenProcess
+    - KeStackAttachProcess
+    - KeWaitForSingleObject
+    - KeClearEvent
+    - KeQuerySystemTime
+    - ZwEnumerateKey
+    - ZwOpenKey
+    - IoFreeWorkItem
+    - IoQueueWorkItem
+    - IoAllocateWorkItem
+    - strchr
+    - strstr
+    - PsGetCurrentProcessId
+    - _alldiv
+    - ZwQuerySymbolicLinkObject
+    - ZwOpenSymbolicLinkObject
+    - RtlVolumeDeviceToDosName
+    - IoGetDeviceObjectPointer
+    - wcsncpy
+    - wcsncmp
+    - IoGetDeviceInterfaces
+    - wcschr
+    - strncpy
+    - IoGetCurrentProcess
+    - RtlInitString
+    - ZwOpenThreadTokenEx
+    - ZwOpenProcessTokenEx
+    - RtlConvertSidToUnicodeString
+    - RtlEqualSid
+    - SeExports
+    - ZwQueryInformationToken
+    - PsGetCurrentThreadId
+    - ExEventObjectType
+    - NtBuildNumber
+    - IoFileObjectType
+    - IoDeviceObjectType
+    - PsSetLoadImageNotifyRoutine
+    - PsSetCreateProcessNotifyRoutine
+    - PsGetProcessWin32Process
+    - strrchr
+    - ExAllocatePool
+    - PsTerminateSystemThread
+    - PsCreateSystemThread
+    - ObQueryNameString
+    - _allmul
+    - PsSetCreateThreadNotifyRoutine
+    - PsRemoveCreateThreadNotifyRoutine
+    - PsRemoveLoadImageNotifyRoutine
+    - IofCompleteRequest
+    - IoGetRequestorProcessId
+    - IofCallDriver
+    - IoDeleteDevice
+    - IoCreateSymbolicLink
+    - PsGetVersion
+    - IoDetachDevice
+    - IoAttachDeviceToDeviceStackSafe
+    - IoCreateDevice
+    - PsInitialSystemProcess
+    - IoThreadToProcess
+    - KeAttachProcess
+    - MmMapLockedPages
+    - ZwDeleteFile
+    - PsProcessType
+    - KeDetachProcess
+    - ZwWriteFile
+    - NtClose
+    - ObfReferenceObject
+    - KeBugCheckEx
+    - RtlCompareUnicodeString
+    - IoBuildSynchronousFsdRequest
+    - ZwTerminateProcess
+    - ZwOpenThread
+    - IoFreeIrp
+    - RtlEqualUnicodeString
+    - IoAllocateIrp
+    - ZwQueryDirectoryObject
+    - ZwOpenDirectoryObject
+    - KeBugCheck
+    - KeInsertQueueDpc
+    - KeSetTargetProcessorDpc
+    - KeInitializeDpc
+    - KeNumberProcessors
+    - IoBuildDeviceIoControlRequest
+    - KeTickCount
+    - RtlUnwind
+    - _stricmp
+    - _strnicmp
+    - _wcsicmp
+    - _wcsnicmp
+    - KeDelayExecutionThread
+    - MmMapLockedPagesSpecifyCache
+    - KeGetCurrentThread
+    - wcsstr
+    - KeInitializeEvent
+    - ZwSetSecurityObject
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetSaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - RtlLengthSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - IoIsWdmVersionAvailable
+    - RtlAddAccessAllowedAce
+    - RtlLengthSid
+    - RtlAbsoluteToSelfRelativeSD
+    - RtlSetDaclSecurityDescriptor
+    - RtlCreateSecurityDescriptor
+    - ZwCreateKey
+    - ZwQueryValueKey
+    - ZwSetValueKey
+    - RtlFreeUnicodeString
+    - ExUnregisterCallback
+    - ExCreateCallback
+    - ExRegisterCallback
+    - RtlQueryRegistryValues
+    - RtlPrefixUnicodeString
+    - KfAcquireSpinLock
+    - KfReleaseSpinLock
+    - KeGetCurrentIrql
+    - ExAcquireFastMutex
+    - ExReleaseFastMutex
+    - KeRaiseIrqlToDpcLevel
+    - KfLowerIrql
+    - KfRaiseIrql
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=CZ, L=Praha 4, O=AVAST Software s.r.o., CN=AVAST Software s.r.o.
+            ValidFrom: '2016-09-06 00:00:00'
+            ValidTo: '2019-10-04 12:00:00'
+            Signature: 56220de8a9a65fffbff97ff463c4026ec9be68fe98bfa0b20a722df84322a44dbc98f25b87ee42da3a06a6cedef076de22e0d7e02d41201156875341cd24badedb8aa5afa133e9ed688fc45aeb37a74fbe399828143561fd717fa7bed97cb5d42643494462fef349f3300daff13660a9e50f85d1110de96d1300e0e730d2b6689fd53eb7a72f4f3112dffa2c1caf17cb64c22509d82b5ce1c2181c2faac22fce3981e683183d6da50d1c17dec375c370f5feb5abfbc6dca4cdd47a5b14375870de6dc346361d8997e79f19819f5168f9b01c9aacc210f2322248adc375a2782b64881c6a557677815c39b024555cc0adca920a617e0ecb385eb47213b1553c80
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 07c70f7cab145bc1ed385fbe69fa3130
+            Version: 3
+            TBS:
+                MD5: 2e1a5012cbe8b95785c794bc1c5584c3
+                SHA1: f4753b06b08938794c32c2475cee663143036d08
+                SHA256: fcad609a3259e3ca079248302a7e694f40e66a7090e510c8c3e821d7a8da82a5
+                SHA384: 08a8396996a9ecb96b22a85d6adf3f8b1117f3a880b1d4af12e4de8e8005897a7073d6d5368cb92f701f466ec227e2a6
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
+            Version: 3
+            TBS:
+                MD5: 829995f702421dea833a24fb2c7f4442
+                SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
+                SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
+                SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 07c70f7cab145bc1ed385fbe69fa3130
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 8f27968d54353190563abf5d170857a7
+        SHA1: 4f025cb639a0c6de2121a3f920731370c9d2ac4f
+        SHA256: 99759a45bb45fa627b27179f12e3d9906bd82fbc603268d549b820f10ca3ee71
+    Sections:
+        .text:
+            Entropy: 6.539675266217022
+            Virtual Size: '0x19262'
+        .rwtext:
+            Entropy: 1.7300584522683535
+            Virtual Size: '0x51'
+        .rdata:
+            Entropy: 5.465644262546619
+            Virtual Size: '0x2fdc'
+        .data:
+            Entropy: 2.527335824359937
+            Virtual Size: '0x14b24'
+        PAGE:
+            Entropy: 6.258698209738133
+            Virtual Size: '0x13dd'
+        INIT:
+            Entropy: 5.560113366449929
+            Virtual Size: '0x1130'
+        .rsrc:
+            Entropy: 3.352802305963715
+            Virtual Size: '0x370'
+        .reloc:
+            Entropy: 6.347666594226636
+            Virtual Size: '0x2354'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2018-08-17 02:44:48'
+    Imphash: 62473b41d695f075ad96abc4a408de5b
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: aswArPot.sys
+    MD5: 0e207ef80361b3d047a2358d0e2206b4
+    SHA1: 9393698058ce1187eb87e8c148cfe4804761142d
+    SHA256: dcb815eb8e9016608d0d917101b6af8c84b96fb709dc0344bceed02cbc4ed258
+    Authentihash:
+        MD5: 57dfa53fc7b8280adbe9a32a00241e17
+        SHA1: 20812c39a2bb52c80eec322d8fecbef4d8138a73
+        SHA256: 00716eab8a3277128fb5ea8b1ac863e4b81b40674f7c6eb0f201e96341fd87c9
+    Description: Avast anti rootkit
+    Company: AVAST Software
+    InternalName: aswArPot.sys
+    OriginalFilename: aswArPot.sys
+    FileVersion: 19.7.4246.0
+    Product: 'Avast Antivirus '
+    ProductVersion: 19.7.4246.0
+    Copyright: Copyright (c) 2019 AVAST Software
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - wcschr
+    - MmUnmapLockedPages
+    - _stricmp
+    - _wcsicmp
+    - towlower
+    - _strnicmp
+    - ExAllocatePoolWithTag
+    - PsGetProcessWin32Process
+    - KeClearEvent
+    - RtlVolumeDeviceToDosName
+    - KeQueryActiveProcessors
+    - RtlConvertSidToUnicodeString
+    - IoBuildDeviceIoControlRequest
+    - ExFreePoolWithTag
+    - KeResetEvent
+    - ExReleaseFastMutex
+    - IoGetBaseFileSystemDeviceObject
+    - strncmp
+    - ZwOpenThreadTokenEx
+    - RtlAnsiStringToUnicodeString
+    - ExAcquireFastMutex
+    - PsSetLoadImageNotifyRoutine
+    - _snwprintf
+    - NtBuildNumber
+    - PsRemoveCreateThreadNotifyRoutine
+    - PsLookupProcessByProcessId
+    - ZwQuerySymbolicLinkObject
+    - _wcsnicmp
+    - ZwReadFile
+    - strstr
+    - ZwMapViewOfSection
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeSetEvent
+    - wcsncpy
+    - RtlEqualSid
+    - strchr
+    - IoFreeWorkItem
+    - MmGetSystemRoutineAddress
+    - KeInitializeEvent
+    - PsSetCreateThreadNotifyRoutine
+    - RtlUnicodeStringToAnsiString
+    - _snprintf
+    - RtlGetVersion
+    - ZwQuerySystemInformation
+    - RtlInitString
+    - KeReleaseSpinLock
+    - PsGetThreadId
+    - PsSetCreateProcessNotifyRoutine
+    - ZwOpenSymbolicLinkObject
+    - IoFreeMdl
+    - KeUnstackDetachProcess
+    - ZwOpenProcessTokenEx
+    - ZwSetInformationFile
+    - tolower
+    - KeDelayExecutionThread
+    - ObQueryNameString
+    - strncpy
+    - IoFileObjectType
+    - IoDriverObjectType
+    - wcsrchr
+    - wcsstr
+    - PsCreateSystemThread
+    - MmMapLockedPagesSpecifyCache
+    - IoGetDeviceObjectPointer
+    - ZwUnmapViewOfSection
+    - ExAllocatePool
+    - PsTerminateSystemThread
+    - IoGetCurrentProcess
+    - ExEventObjectType
+    - IoAllocateWorkItem
+    - ZwClose
+    - IofCompleteRequest
+    - PsGetThreadProcess
+    - ObReferenceObjectByHandle
+    - KeWaitForSingleObject
+    - PsRemoveLoadImageNotifyRoutine
+    - IoGetRequestorProcessId
+    - MmProbeAndLockPages
+    - PsGetVersion
+    - KeRevertToUserAffinityThread
+    - PsThreadType
+    - IoGetDeviceInterfaces
+    - ZwOpenProcess
+    - SeExports
+    - MmUnlockPages
+    - strrchr
+    - ZwQueryInformationProcess
+    - IoCreateSymbolicLink
+    - PsGetCurrentThreadId
+    - PsGetCurrentProcessId
+    - KeSetSystemAffinityThread
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - ZwCreateSection
+    - ObReferenceObjectByName
+    - IoQueueWorkItem
+    - IoDeviceObjectType
+    - ZwOpenFile
+    - wcsncmp
+    - ZwQueryInformationToken
+    - ZwQueryInformationFile
+    - ZwQueryInformationThread
+    - ObOpenObjectByPointer
+    - PsGetProcessId
+    - KeStackAttachProcess
+    - PsLookupThreadByThreadId
+    - ZwEnumerateKey
+    - IoAllocateMdl
+    - IofCallDriver
+    - ZwOpenKey
+    - KeAcquireSpinLockRaiseToDpc
+    - IoThreadToProcess
+    - IoAttachDeviceToDeviceStackSafe
+    - IoDetachDevice
+    - PsInitialSystemProcess
+    - IoCreateDevice
+    - PsProcessType
+    - MmUnmapIoSpace
+    - KeDetachProcess
+    - MmMapIoSpace
+    - KeAttachProcess
+    - ZwDeleteFile
+    - IoBuildSynchronousFsdRequest
+    - NtClose
+    - RtlCompareUnicodeString
+    - ObfReferenceObject
+    - ZwWriteFile
+    - ZwOpenThread
+    - ZwTerminateProcess
+    - RtlEqualUnicodeString
+    - ZwOpenDirectoryObject
+    - KeBugCheck
+    - ZwQueryDirectoryObject
+    - IoFreeIrp
+    - IoAllocateIrp
+    - KdDebuggerNotPresent
+    - KeSetTargetProcessorDpc
+    - KeInitializeDpc
+    - KeInsertQueueDpc
+    - KeNumberProcessors
+    - KeBugCheckEx
+    - ZwSetSecurityObject
+    - RtlLengthSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - RtlCreateSecurityDescriptor
+    - RtlSetDaclSecurityDescriptor
+    - RtlAbsoluteToSelfRelativeSD
+    - IoIsWdmVersionAvailable
+    - RtlLengthSid
+    - RtlAddAccessAllowedAce
+    - RtlGetSaclSecurityDescriptor
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - ZwCreateKey
+    - ZwQueryValueKey
+    - ZwSetValueKey
+    - RtlFreeUnicodeString
+    - RtlQueryRegistryValues
+    - RtlPrefixUnicodeString
+    - ExUnregisterCallback
+    - ExRegisterCallback
+    - ExCreateCallback
+    - __C_specific_handler
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=CZ, L=Praha 4, O=AVAST Software s.r.o., CN=AVAST Software s.r.o.
+            ValidFrom: '2016-09-06 00:00:00'
+            ValidTo: '2019-10-04 12:00:00'
+            Signature: 56220de8a9a65fffbff97ff463c4026ec9be68fe98bfa0b20a722df84322a44dbc98f25b87ee42da3a06a6cedef076de22e0d7e02d41201156875341cd24badedb8aa5afa133e9ed688fc45aeb37a74fbe399828143561fd717fa7bed97cb5d42643494462fef349f3300daff13660a9e50f85d1110de96d1300e0e730d2b6689fd53eb7a72f4f3112dffa2c1caf17cb64c22509d82b5ce1c2181c2faac22fce3981e683183d6da50d1c17dec375c370f5feb5abfbc6dca4cdd47a5b14375870de6dc346361d8997e79f19819f5168f9b01c9aacc210f2322248adc375a2782b64881c6a557677815c39b024555cc0adca920a617e0ecb385eb47213b1553c80
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 07c70f7cab145bc1ed385fbe69fa3130
+            Version: 3
+            TBS:
+                MD5: 2e1a5012cbe8b95785c794bc1c5584c3
+                SHA1: f4753b06b08938794c32c2475cee663143036d08
+                SHA256: fcad609a3259e3ca079248302a7e694f40e66a7090e510c8c3e821d7a8da82a5
+                SHA384: 08a8396996a9ecb96b22a85d6adf3f8b1117f3a880b1d4af12e4de8e8005897a7073d6d5368cb92f701f466ec227e2a6
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
+            Version: 3
+            TBS:
+                MD5: 829995f702421dea833a24fb2c7f4442
+                SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
+                SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
+                SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 07c70f7cab145bc1ed385fbe69fa3130
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 75b13c227d5208aed34b2687daf4ff12
+        SHA1: 74ea061adc0690a674274c70e479258dff68f6b5
+        SHA256: 89b1537c5094e9ccb980e1cbc109f742c686ac06078ce71c08767731dbafdc39
+    Sections:
+        .text:
+            Entropy: 6.342856822122601
+            Virtual Size: '0x2321c'
+        .rdata:
+            Entropy: 5.834239192986491
+            Virtual Size: '0x31e4'
+        .data:
+            Entropy: 2.3041982865973822
+            Virtual Size: '0x25ce0'
+        .pdata:
+            Entropy: 5.3256215910283435
+            Virtual Size: '0x117c'
+        PAGE:
+            Entropy: 6.229306478822744
+            Virtual Size: '0x19f7'
+        INIT:
+            Entropy: 5.290761222190212
+            Virtual Size: '0x13a2'
+        .rsrc:
+            Entropy: 3.3423917838515216
+            Virtual Size: '0x370'
+        .reloc:
+            Entropy: 2.891565286382792
+            Virtual Size: '0x522'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2019-08-11 14:15:51'
+    Imphash: 62dbb90b4be9282d52aff9ae1a101d6b
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: aswArPot.sys
+    MD5: a4531040276080441974d9e00d8d4cfa
+    SHA1: d8e8dcc8531b8d07f8dabc9e79c19aac6eeca793
+    SHA256: e2e79f1e696f27fa70d72f97e448081b1fa14d59cbb89bb4a40428534dd5c6f6
+    Authentihash:
+        MD5: 2288e600dfcf6eb8f176f9c5df5e7fcf
+        SHA1: 2cc6204ab44715a8d7c5189c524d8213a917e00a
+        SHA256: e27fa56ceff3fe7d5a723c5f4192ce6aa16994f88cf05935645f9e398292376a
+    Description: AVG anti rootkit
+    Company: AVG Technologies CZ, s.r.o.
+    InternalName: aswArPot.sys
+    OriginalFilename: aswArPot.sys
+    FileVersion: 19.4.4211.0
+    Product: 'AVG Internet Security System '
+    ProductVersion: 19.4.4211.0
+    Copyright: Copyright (C) 2019 AVG Technologies CZ, s.r.o.
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - wcschr
+    - MmUnmapLockedPages
+    - _stricmp
+    - _wcsicmp
+    - towlower
+    - _strnicmp
+    - ExAllocatePoolWithTag
+    - PsGetProcessWin32Process
+    - KeClearEvent
+    - RtlVolumeDeviceToDosName
+    - KeQueryActiveProcessors
+    - RtlConvertSidToUnicodeString
+    - IoBuildDeviceIoControlRequest
+    - ExFreePoolWithTag
+    - KeResetEvent
+    - ExReleaseFastMutex
+    - IoGetBaseFileSystemDeviceObject
+    - strncmp
+    - ZwOpenThreadTokenEx
+    - RtlAnsiStringToUnicodeString
+    - ExAcquireFastMutex
+    - PsSetLoadImageNotifyRoutine
+    - _snwprintf
+    - NtBuildNumber
+    - PsRemoveCreateThreadNotifyRoutine
+    - PsLookupProcessByProcessId
+    - ZwQuerySymbolicLinkObject
+    - _wcsnicmp
+    - ZwReadFile
+    - strstr
+    - ZwMapViewOfSection
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeSetEvent
+    - wcsncpy
+    - RtlEqualSid
+    - strchr
+    - IoFreeWorkItem
+    - MmGetSystemRoutineAddress
+    - KeInitializeEvent
+    - PsSetCreateThreadNotifyRoutine
+    - RtlUnicodeStringToAnsiString
+    - _snprintf
+    - RtlGetVersion
+    - ZwQuerySystemInformation
+    - RtlInitString
+    - KeReleaseSpinLock
+    - PsSetCreateProcessNotifyRoutine
+    - ZwOpenSymbolicLinkObject
+    - IoFreeMdl
+    - KeUnstackDetachProcess
+    - ZwOpenProcessTokenEx
+    - ZwSetInformationFile
+    - tolower
+    - KeDelayExecutionThread
+    - ObQueryNameString
+    - strncpy
+    - IoFileObjectType
+    - IoDriverObjectType
+    - wcsrchr
+    - wcsstr
+    - PsCreateSystemThread
+    - MmMapLockedPagesSpecifyCache
+    - IoGetDeviceObjectPointer
+    - ZwUnmapViewOfSection
+    - ExAllocatePool
+    - PsTerminateSystemThread
+    - IoGetCurrentProcess
+    - ExEventObjectType
+    - IoAllocateWorkItem
+    - ZwClose
+    - IofCompleteRequest
+    - ObReferenceObjectByHandle
+    - KeWaitForSingleObject
+    - PsRemoveLoadImageNotifyRoutine
+    - IoGetRequestorProcessId
+    - MmProbeAndLockPages
+    - PsGetVersion
+    - KeRevertToUserAffinityThread
+    - PsThreadType
+    - IoGetDeviceInterfaces
+    - ZwOpenProcess
+    - SeExports
+    - MmUnlockPages
+    - strrchr
+    - ZwQueryInformationProcess
+    - IoCreateSymbolicLink
+    - PsGetCurrentThreadId
+    - PsGetCurrentProcessId
+    - KeSetSystemAffinityThread
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - ZwCreateSection
+    - ObReferenceObjectByName
+    - IoQueueWorkItem
+    - IoDeviceObjectType
+    - ZwOpenFile
+    - wcsncmp
+    - ZwQueryInformationToken
+    - ZwQueryInformationFile
+    - ZwQueryInformationThread
+    - ObOpenObjectByPointer
+    - KeStackAttachProcess
+    - PsLookupThreadByThreadId
+    - ZwEnumerateKey
+    - IoAllocateMdl
+    - IofCallDriver
+    - ZwOpenKey
+    - KeAcquireSpinLockRaiseToDpc
+    - IoThreadToProcess
+    - IoAttachDeviceToDeviceStackSafe
+    - IoDetachDevice
+    - PsInitialSystemProcess
+    - IoCreateDevice
+    - PsProcessType
+    - MmUnmapIoSpace
+    - KeDetachProcess
+    - MmMapIoSpace
+    - KeAttachProcess
+    - ZwDeleteFile
+    - IoBuildSynchronousFsdRequest
+    - NtClose
+    - RtlCompareUnicodeString
+    - ObfReferenceObject
+    - ZwWriteFile
+    - ZwOpenThread
+    - ZwTerminateProcess
+    - RtlEqualUnicodeString
+    - ZwOpenDirectoryObject
+    - KeBugCheck
+    - ZwQueryDirectoryObject
+    - IoFreeIrp
+    - IoAllocateIrp
+    - KdDebuggerNotPresent
+    - KeSetTargetProcessorDpc
+    - KeInitializeDpc
+    - KeInsertQueueDpc
+    - KeNumberProcessors
+    - KeBugCheckEx
+    - ZwSetSecurityObject
+    - RtlLengthSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - RtlCreateSecurityDescriptor
+    - RtlSetDaclSecurityDescriptor
+    - RtlAbsoluteToSelfRelativeSD
+    - IoIsWdmVersionAvailable
+    - RtlLengthSid
+    - RtlAddAccessAllowedAce
+    - RtlGetSaclSecurityDescriptor
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - ZwCreateKey
+    - ZwQueryValueKey
+    - ZwSetValueKey
+    - RtlFreeUnicodeString
+    - RtlQueryRegistryValues
+    - RtlPrefixUnicodeString
+    - ExUnregisterCallback
+    - ExRegisterCallback
+    - ExCreateCallback
+    - __C_specific_handler
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID Root CA
+            ValidFrom: '2011-04-15 19:41:37'
+            ValidTo: '2021-04-15 19:51:37'
+            Signature: 5cf5b22d02ceed01b53512d813f7aa4014c7a15ca08a55ed7e55ea6ac457176fd04722423658efc5ac61c5f62c52ce6ae6c80d85dab334420ea40225182672b92a4ea57e4b16f2a0e40c449ce24d9af474f0f927a6699031c244654348c74869d0fc8409f286140ac22996857f11eb8713176ed3ec6bff1d578ab17b1ea5a07ce9a27a68e5fac6b161d67263fa379163835599f81d614f0c6fa3f7bcb1152acc8d85e31417ef7e49443fb022c0f0acbe2fdbe10c86b0f4585c5a10a94bcdf3448a4652083e0a6210e9459504b78b8d4b074f500db7bbe7fb8ca27878c6c53b7663b2cfe521845a66fce04c79834ecfa8ee700586587cc29cd73ca3ad3c7e76625c87d0ed7cd5c55b1421f4be75a275d2e9e15ad020307841624d6b5e6e1b1710244ad8588775d015d762bbfd185665842561977faad49df4f35d6da031c2e19e02ac3e90c3327ee832903416d08b14cf95accee58c54a265b8bfed186a57073ed3e79a4a2f081a041c49871a8ae61b08a365d81c31c50d9cbab368ddf45076160675fec403e7d13edfdc862e10027e661296534e7af3365879b12042d8963f35be3f8ef2999743f5e40ce13c68728c8d49d75a52b573fb7a35943a61b08482c04885c19732d39b725fa0d2348f7ef0467cf28c7294c707b0d7b5b230b81965f09c8327b0a0abd0a2727e050fb3aeddb95b9b42bcc32663456b86f11d4643edc8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611cb28a000000000026
+            Version: 3
+            TBS:
+                MD5: 983a0c315a50542362f2bd6a5d71c8d0
+                SHA1: 8047f476001f5cb16a661d2a3fd0c3576168f5e2
+                SHA256: 5f6a519ed2e35cd0fa1cdfc90f4387162c36287bbf9e4d6648251d99542a9e83
+                SHA384: 5f014b60511ddab3247ef0b3c03fe82c622237ba76015e2911d1adc50dc632d56ebd1ee532f3c2b6cbfe68d80a2c91dc
+        -   Subject: C=US, ST=North Carolina, L=Newton, O=AVG Technologies USA, Inc.,
+                OU=Release Engineering, CN=AVG Technologies USA, Inc.
+            ValidFrom: '2018-01-30 00:00:00'
+            ValidTo: '2021-01-22 12:00:00'
+            Signature: 64a3846966f4f2a1ffd87657c43ac13664775a70d059fd4447ee6588de3e0bf2b1a228291c0a01222cab6b4bbbcaabb94662396476d5525c952e7fd0048588028be1ba1c55c1ac200b523e7234ded93661acf83becee39c27823e22ec23d4ff8266eea3241ed9fbfd6bba155c7c39ed31db5e810dd7ea0858b0a2e9b824f23b9002f04e35375d54e5237f575e221914fd6a11590fdac7bc2ee5d66eb08e3c560414f6144111bef12350d70d9bdc513fb8d2407de5f1c7cca824feb4fb2a51057c2609f8d6419078879d64840ed870385d645f08f022a306ba5309883eacf4967dbbeb36961c73f2ed047d6cf85d2c3ee86c9913e8374be078155a4ffa36d9fa8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0557955e02a6b53dd1d574ede15f310e
+            Version: 3
+            TBS:
+                MD5: f9b558280379fbd2ac831a9850ec9c0e
+                SHA1: c22448dd1388c2011166e2a203fe984bd702f355
+                SHA256: c2f472e92e35af2565c8973f388a3602f43929f9e41befa85cdeff4446c5b9fe
+                SHA384: 5ee6139861e1ad7af4f34277455f9239b9ae156de69550c1f6b567afa2038498f9edb2464632655aac52899243ff84b3
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 7b721d64ff88c83ac1b7e9e7a9c487bbdb9492d7905933fa2b87dea85b80253f138f9b831b7c43c4e68cdf393ec315ecb0da3b21257b24c1725db84791811346fa9c3f6a5138deb425cbf0abdfc528015479104624d1380f26a161904dbabd28e63ff1c4aa9bf6da35534fc9f23dd36cdc23edaaa04d6709f33a803d3cfb364c90e776a4ddf23abf56352fa24c65e8e0d4dad1c7c8916a2d234f373b199418d4d59c103cd5b11c19ff8fc86b9b9ef8ae9c999678d1cd9c51155b4226725a8d0a4a239240e886de22c2933ad49b68a6df297f06b93c0ebd9fc4869c82474271328609997209794b9d7169f541ff7f397764f1848dbe8b1eb27d68a3a590b10cff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0fa8490615d700a0be2176fdc5ec6dbd
+            Version: 3
+            TBS:
+                MD5: a9a31555bbc92b6033975c5428fb3679
+                SHA1: 47f4b9898631773231b32844ec0d49990ac4eb1e
+                SHA256: c826846e4b1d73edb7561ab1b41c949354e237a91e82fe1be5b7e2e1701f52d1
+                SHA384: 86f49574f368a561914a52d7ae043ec6784ef8c718960700f834e123594605d25d39f1ad45f1eb5052c9567f3edd0e16
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 0557955e02a6b53dd1d574ede15f310e
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID Code Signing CA,1
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 9626b493680953826324d269e208fa60
+        SHA1: 1a458000e2060911a31fcbed8ad9000b98f54944
+        SHA256: ace6a5d1d7b11c6668753f9f17b2bb60f496168179cfd2d50e4e9e66fc41a50f
+    Sections:
+        .text:
+            Entropy: 6.338122785417557
+            Virtual Size: '0x2236c'
+        .rdata:
+            Entropy: 5.839736997303118
+            Virtual Size: '0x3164'
+        .data:
+            Entropy: 1.9768756829994332
+            Virtual Size: '0x25b18'
+        .pdata:
+            Entropy: 5.35421636085956
+            Virtual Size: '0x111c'
+        PAGE:
+            Entropy: 6.235289627738667
+            Virtual Size: '0x19f7'
+        INIT:
+            Entropy: 5.316818293518236
+            Virtual Size: '0x1352'
+        .rsrc:
+            Entropy: 3.378180204912141
+            Virtual Size: '0x3b8'
+        .reloc:
+            Entropy: 2.5738028214326922
+            Virtual Size: '0x4c4'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2019-03-28 09:56:24'
+    Imphash: 1aa10b05dee9268d7ce87f5f56ea9ded
+    LoadsDespiteHVCI: 'TRUE'
+-   Filename: aswArPot.sys
+    MD5: 7fbd3b4488a12eab56c54e7bb91516f3
+    SHA1: 61d44c9a1ef992bc29502f725d1672d551b9bc3f
+    SHA256: e4522e2cfa0b1f5d258a3cf85b87681d6969e0572f668024c465d635c236b5d9
+    Authentihash:
+        MD5: e9dca8f16d7d0074a212dd73f33f94f1
+        SHA1: b844ef5bb029ccfd144dc6f3d705b7c3d0e6efdb
+        SHA256: 47f64d6753f40388382097351a26dad54b8fdf59529a24acc65e9ced440ee2c6
+    Description: AVG anti rootkit
+    Company: AVG Technologies CZ, s.r.o.
+    InternalName: aswArPot.sys
+    OriginalFilename: aswArPot.sys
+    FileVersion: 18.2.3827.0
+    Product: 'AVG Internet Security System '
+    ProductVersion: 18.2.3827.0
+    Copyright: Copyright (C) 2018 AVG Technologies CZ, s.r.o.
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - wcschr
+    - MmUnmapLockedPages
+    - _stricmp
+    - _wcsicmp
+    - towlower
+    - _strnicmp
+    - ExAllocatePoolWithTag
+    - PsGetProcessWin32Process
+    - KeClearEvent
+    - RtlVolumeDeviceToDosName
+    - KeQueryActiveProcessors
+    - RtlConvertSidToUnicodeString
+    - ExFreePoolWithTag
+    - KeResetEvent
+    - ExReleaseFastMutex
+    - IoGetBaseFileSystemDeviceObject
+    - strncmp
+    - ZwOpenThreadTokenEx
+    - RtlAnsiStringToUnicodeString
+    - ExAcquireFastMutex
+    - PsSetLoadImageNotifyRoutine
+    - _snwprintf
+    - NtBuildNumber
+    - PsRemoveCreateThreadNotifyRoutine
+    - PsLookupProcessByProcessId
+    - ZwQuerySymbolicLinkObject
+    - _wcsnicmp
+    - ZwReadFile
+    - strstr
+    - ZwMapViewOfSection
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeSetEvent
+    - wcsncpy
+    - RtlEqualSid
+    - strchr
+    - IoFreeWorkItem
+    - MmGetSystemRoutineAddress
+    - KeInitializeEvent
+    - PsSetCreateThreadNotifyRoutine
+    - RtlUnicodeStringToAnsiString
+    - _snprintf
+    - RtlGetVersion
+    - ZwQuerySystemInformation
+    - RtlInitString
+    - KeReleaseSpinLock
+    - PsSetCreateProcessNotifyRoutine
+    - ZwOpenSymbolicLinkObject
+    - IoFreeMdl
+    - KeUnstackDetachProcess
+    - ZwOpenProcessTokenEx
+    - ZwSetInformationFile
+    - KeDelayExecutionThread
+    - ObQueryNameString
+    - strncpy
+    - IoFileObjectType
+    - IoDriverObjectType
+    - wcsrchr
+    - wcsstr
+    - PsCreateSystemThread
+    - MmMapLockedPagesSpecifyCache
+    - IoGetDeviceObjectPointer
+    - ZwUnmapViewOfSection
+    - ExAllocatePool
+    - PsTerminateSystemThread
+    - IoGetCurrentProcess
+    - ExEventObjectType
+    - IoAllocateWorkItem
+    - ZwClose
+    - IofCompleteRequest
+    - ObReferenceObjectByHandle
+    - KeWaitForSingleObject
+    - PsRemoveLoadImageNotifyRoutine
+    - IoGetRequestorProcessId
+    - MmProbeAndLockPages
+    - PsGetVersion
+    - KeRevertToUserAffinityThread
+    - PsThreadType
+    - IoGetDeviceInterfaces
+    - ZwOpenProcess
+    - SeExports
+    - MmUnlockPages
+    - strrchr
+    - ZwQueryInformationProcess
+    - IoCreateSymbolicLink
+    - PsGetCurrentThreadId
+    - PsGetCurrentProcessId
+    - KeSetSystemAffinityThread
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - ZwCreateSection
+    - ObReferenceObjectByName
+    - IoQueueWorkItem
+    - IoDeviceObjectType
+    - ZwOpenFile
+    - wcsncmp
+    - ZwQueryInformationToken
+    - ZwQueryInformationFile
+    - ZwQueryInformationThread
+    - ObOpenObjectByPointer
+    - KeStackAttachProcess
+    - PsLookupThreadByThreadId
+    - ZwEnumerateKey
+    - IoAllocateMdl
+    - IofCallDriver
+    - ZwOpenKey
+    - KeAcquireSpinLockRaiseToDpc
+    - IoAttachDeviceToDeviceStackSafe
+    - IoDetachDevice
+    - IoCreateDevice
+    - PsProcessType
+    - KeDetachProcess
+    - KeAttachProcess
+    - ZwDeleteFile
+    - IoBuildSynchronousFsdRequest
+    - NtClose
+    - RtlCompareUnicodeString
+    - ObfReferenceObject
+    - ZwWriteFile
+    - ZwOpenThread
+    - ZwTerminateProcess
+    - RtlEqualUnicodeString
+    - ZwOpenDirectoryObject
+    - KeBugCheck
+    - ZwQueryDirectoryObject
+    - IoFreeIrp
+    - IoAllocateIrp
+    - KdDebuggerNotPresent
+    - KeSetTargetProcessorDpc
+    - IoBuildDeviceIoControlRequest
+    - KeInitializeDpc
+    - KeInsertQueueDpc
+    - KeNumberProcessors
+    - KeBugCheckEx
+    - ZwSetSecurityObject
+    - RtlLengthSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - RtlCreateSecurityDescriptor
+    - RtlSetDaclSecurityDescriptor
+    - RtlAbsoluteToSelfRelativeSD
+    - IoIsWdmVersionAvailable
+    - RtlLengthSid
+    - RtlAddAccessAllowedAce
+    - RtlGetSaclSecurityDescriptor
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - ZwCreateKey
+    - ZwQueryValueKey
+    - ZwSetValueKey
+    - RtlFreeUnicodeString
+    - RtlQueryRegistryValues
+    - RtlPrefixUnicodeString
+    - ExUnregisterCallback
+    - ExRegisterCallback
+    - ExCreateCallback
+    - __C_specific_handler
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=NL, ST=North Holland, L=Amsterdam, O=AVG Netherlands B.V.,
+                CN=AVG Netherlands B.V.
+            ValidFrom: '2015-07-28 00:00:00'
+            ValidTo: '2018-09-25 23:59:59'
+            Signature: 6a77df4c2dc0ab59ee02d60398ece3dbed508ef731dfe2d64ecaeb0d78f918776b40e046c00dc921210237c8fe7f91b4f2101334f5f672eed5cc4a21825bd8be18fc38ca8f190e2e83e527aae99e956a9cb6a1fa9f52658e42b9fc5618bf7e644f9aea6af7409233ba6e92bc6ea8c07677f094369af597f236de3ffeec4f2d4191c825e1273bbafa6ecb7846f430655760a92f40de681304dc230eb1513082bd4249e3fdcd01cb82905f21cdf0d1f68f581e76f8bded6332cca3dcabf7d483c5e64255bca86d876454c614d9c14c961df6ce78555b9d61a482497dc36dc41179970a8ae7e5cba9306d14cfa79b59112dfa0bec9cf9f7f63853a833b146dc33d8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 4b5e1897903602425d3cb25d75c4f4ce
+            Version: 3
+            TBS:
+                MD5: d4ce3e543458edafb2db286a26226b5b
+                SHA1: e1f64883f78595bfbbbb6998babc3eaf8e335749
+                SHA256: 52b100ec65c2b99f058ff89869ced270bf5e6a5db581962a69e073275339e0ae
+                SHA384: e5a09ab56343245e3f9235ebb1ff4a9479cbc13df2787cd70c850b62498f92265d2da9fd39f6bcd0e90e4d8f086e86d4
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 4b5e1897903602425d3cb25d75c4f4ce
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 73f94453db44e5265861f0ce8df39fc1
+        SHA1: 6d710be934482758c43d9d19941be5ed522e371f
+        SHA256: 39835922f0b2a2c24ed5fb74c468f28fc5b2c036c7a219352dc78f7f29ea13c3
+    Sections:
+        .text:
+            Entropy: 6.332677044584613
+            Virtual Size: '0x202fc'
+        .rdata:
+            Entropy: 5.81653861925658
+            Virtual Size: '0x3054'
+        .data:
+            Entropy: 1.7096861456745627
+            Virtual Size: '0x25814'
+        .pdata:
+            Entropy: 5.335003314094236
+            Virtual Size: '0x1080'
+        PAGE:
+            Entropy: 6.2414734898635
+            Virtual Size: '0x19f7'
+        INIT:
+            Entropy: 5.291903484197976
+            Virtual Size: '0x12d0'
+        .rsrc:
+            Entropy: 3.3997645140401622
+            Virtual Size: '0x3b8'
+        .reloc:
+            Entropy: 1.9822497903370622
+            Virtual Size: '0x438'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2018-02-27 04:28:46'
+    Imphash: 1e8ee6407390a2d52051bec21c771fdb
+    LoadsDespiteHVCI: 'TRUE'
+-   Filename: aswArPot.sys
+    MD5: 65e6718a547495c692e090d7887d247b
+    SHA1: 51b9867c391be3ce56ba7e1c3cba8c76777245b2
+    SHA256: ebe2e9ec6d5d94c2d58fbcc9d78c5f0ee7a2f2c1aed6d1b309f383186d11dfa3
+    Authentihash:
+        MD5: 2be74c85587978badcc47079d1eb1c5b
+        SHA1: eaaaeba2313000a501688f7b8416fec2b705ef7a
+        SHA256: fca5f90ce2b210e6026cbf6f2c281fe17a08ddb2e936200847823ef83eaab1eb
+    Description: Avast anti rootkit
+    Company: AVAST Software
+    InternalName: aswArPot.sys
+    OriginalFilename: aswArPot.sys
+    FileVersion: 19.2.4157.0
+    Product: 'Avast Antivirus '
+    ProductVersion: 19.2.4157.0
+    Copyright: Copyright (c) 2019 AVAST Software
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - wcschr
+    - MmUnmapLockedPages
+    - _stricmp
+    - _wcsicmp
+    - towlower
+    - _strnicmp
+    - ExAllocatePoolWithTag
+    - PsGetProcessWin32Process
+    - KeClearEvent
+    - RtlVolumeDeviceToDosName
+    - KeQueryActiveProcessors
+    - RtlConvertSidToUnicodeString
+    - IoBuildDeviceIoControlRequest
+    - ExFreePoolWithTag
+    - KeResetEvent
+    - ExReleaseFastMutex
+    - IoGetBaseFileSystemDeviceObject
+    - strncmp
+    - ZwOpenThreadTokenEx
+    - RtlAnsiStringToUnicodeString
+    - ExAcquireFastMutex
+    - PsSetLoadImageNotifyRoutine
+    - _snwprintf
+    - NtBuildNumber
+    - PsRemoveCreateThreadNotifyRoutine
+    - PsLookupProcessByProcessId
+    - ZwQuerySymbolicLinkObject
+    - _wcsnicmp
+    - ZwReadFile
+    - strstr
+    - ZwMapViewOfSection
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeSetEvent
+    - wcsncpy
+    - RtlEqualSid
+    - strchr
+    - IoFreeWorkItem
+    - MmGetSystemRoutineAddress
+    - KeInitializeEvent
+    - PsSetCreateThreadNotifyRoutine
+    - RtlUnicodeStringToAnsiString
+    - _snprintf
+    - RtlGetVersion
+    - ZwQuerySystemInformation
+    - RtlInitString
+    - KeReleaseSpinLock
+    - PsSetCreateProcessNotifyRoutine
+    - ZwOpenSymbolicLinkObject
+    - IoFreeMdl
+    - KeUnstackDetachProcess
+    - ZwOpenProcessTokenEx
+    - ZwSetInformationFile
+    - tolower
+    - KeDelayExecutionThread
+    - ObQueryNameString
+    - strncpy
+    - IoFileObjectType
+    - IoDriverObjectType
+    - wcsrchr
+    - wcsstr
+    - PsCreateSystemThread
+    - MmMapLockedPagesSpecifyCache
+    - IoGetDeviceObjectPointer
+    - ZwUnmapViewOfSection
+    - ExAllocatePool
+    - PsTerminateSystemThread
+    - IoGetCurrentProcess
+    - ExEventObjectType
+    - IoAllocateWorkItem
+    - ZwClose
+    - IofCompleteRequest
+    - ObReferenceObjectByHandle
+    - KeWaitForSingleObject
+    - PsRemoveLoadImageNotifyRoutine
+    - IoGetRequestorProcessId
+    - MmProbeAndLockPages
+    - PsGetVersion
+    - KeRevertToUserAffinityThread
+    - PsThreadType
+    - IoGetDeviceInterfaces
+    - ZwOpenProcess
+    - SeExports
+    - MmUnlockPages
+    - strrchr
+    - ZwQueryInformationProcess
+    - IoCreateSymbolicLink
+    - PsGetCurrentThreadId
+    - PsGetCurrentProcessId
+    - KeSetSystemAffinityThread
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - ZwCreateSection
+    - ObReferenceObjectByName
+    - IoQueueWorkItem
+    - IoDeviceObjectType
+    - ZwOpenFile
+    - wcsncmp
+    - ZwQueryInformationToken
+    - ZwQueryInformationFile
+    - ZwQueryInformationThread
+    - ObOpenObjectByPointer
+    - KeStackAttachProcess
+    - PsLookupThreadByThreadId
+    - ZwEnumerateKey
+    - IoAllocateMdl
+    - IofCallDriver
+    - ZwOpenKey
+    - KeAcquireSpinLockRaiseToDpc
+    - IoThreadToProcess
+    - IoAttachDeviceToDeviceStackSafe
+    - IoDetachDevice
+    - PsInitialSystemProcess
+    - IoCreateDevice
+    - PsProcessType
+    - MmUnmapIoSpace
+    - KeDetachProcess
+    - MmMapIoSpace
+    - KeAttachProcess
+    - ZwDeleteFile
+    - IoBuildSynchronousFsdRequest
+    - NtClose
+    - RtlCompareUnicodeString
+    - ObfReferenceObject
+    - ZwWriteFile
+    - ZwOpenThread
+    - ZwTerminateProcess
+    - RtlEqualUnicodeString
+    - ZwOpenDirectoryObject
+    - KeBugCheck
+    - ZwQueryDirectoryObject
+    - IoFreeIrp
+    - IoAllocateIrp
+    - KdDebuggerNotPresent
+    - KeSetTargetProcessorDpc
+    - KeInitializeDpc
+    - KeInsertQueueDpc
+    - KeNumberProcessors
+    - KeBugCheckEx
+    - ZwSetSecurityObject
+    - RtlLengthSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - RtlCreateSecurityDescriptor
+    - RtlSetDaclSecurityDescriptor
+    - RtlAbsoluteToSelfRelativeSD
+    - IoIsWdmVersionAvailable
+    - RtlLengthSid
+    - RtlAddAccessAllowedAce
+    - RtlGetSaclSecurityDescriptor
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - ZwCreateKey
+    - ZwQueryValueKey
+    - ZwSetValueKey
+    - RtlFreeUnicodeString
+    - RtlQueryRegistryValues
+    - RtlPrefixUnicodeString
+    - ExUnregisterCallback
+    - ExRegisterCallback
+    - ExCreateCallback
+    - __C_specific_handler
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=CZ, L=Praha 4, O=AVAST Software s.r.o., CN=AVAST Software s.r.o.
+            ValidFrom: '2016-09-06 00:00:00'
+            ValidTo: '2019-10-04 12:00:00'
+            Signature: 56220de8a9a65fffbff97ff463c4026ec9be68fe98bfa0b20a722df84322a44dbc98f25b87ee42da3a06a6cedef076de22e0d7e02d41201156875341cd24badedb8aa5afa133e9ed688fc45aeb37a74fbe399828143561fd717fa7bed97cb5d42643494462fef349f3300daff13660a9e50f85d1110de96d1300e0e730d2b6689fd53eb7a72f4f3112dffa2c1caf17cb64c22509d82b5ce1c2181c2faac22fce3981e683183d6da50d1c17dec375c370f5feb5abfbc6dca4cdd47a5b14375870de6dc346361d8997e79f19819f5168f9b01c9aacc210f2322248adc375a2782b64881c6a557677815c39b024555cc0adca920a617e0ecb385eb47213b1553c80
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 07c70f7cab145bc1ed385fbe69fa3130
+            Version: 3
+            TBS:
+                MD5: 2e1a5012cbe8b95785c794bc1c5584c3
+                SHA1: f4753b06b08938794c32c2475cee663143036d08
+                SHA256: fcad609a3259e3ca079248302a7e694f40e66a7090e510c8c3e821d7a8da82a5
+                SHA384: 08a8396996a9ecb96b22a85d6adf3f8b1117f3a880b1d4af12e4de8e8005897a7073d6d5368cb92f701f466ec227e2a6
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
+            Version: 3
+            TBS:
+                MD5: 829995f702421dea833a24fb2c7f4442
+                SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
+                SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
+                SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 07c70f7cab145bc1ed385fbe69fa3130
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 9626b493680953826324d269e208fa60
+        SHA1: 1a458000e2060911a31fcbed8ad9000b98f54944
+        SHA256: ace6a5d1d7b11c6668753f9f17b2bb60f496168179cfd2d50e4e9e66fc41a50f
+    Sections:
+        .text:
+            Entropy: 6.335491187956018
+            Virtual Size: '0x21e5c'
+        .rdata:
+            Entropy: 5.82392832720373
+            Virtual Size: '0x313c'
+        .data:
+            Entropy: 1.9846555560748016
+            Virtual Size: '0x25b18'
+        .pdata:
+            Entropy: 5.348966481204584
+            Virtual Size: '0x10f8'
+        PAGE:
+            Entropy: 6.238771415869281
+            Virtual Size: '0x19f7'
+        INIT:
+            Entropy: 5.312322202490202
+            Virtual Size: '0x1352'
+        .rsrc:
+            Entropy: 3.3412807542734675
+            Virtual Size: '0x370'
+        .reloc:
+            Entropy: 2.591169638260909
+            Virtual Size: '0x4ba'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2019-01-16 11:17:09'
+    Imphash: 1aa10b05dee9268d7ce87f5f56ea9ded
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/04d377f9-36e0-42a4-8d47-62232163dc68.yaml b/yaml/04d377f9-36e0-42a4-8d47-62232163dc68.yaml
index 4cbbc96b2..6545815e7 100644
--- a/yaml/04d377f9-36e0-42a4-8d47-62232163dc68.yaml
+++ b/yaml/04d377f9-36e0-42a4-8d47-62232163dc68.yaml
@@ -1,349 +1,349 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 04d377f9-36e0-42a4-8d47-62232163dc68
+Tags:
+- iomem64.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create iomem64.sys binPath=C:\windows\temp\iomem64.sys type=kernel
-    && sc.exe start iomem64.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/3d23bdbaf9905259d858df5bf991eb23d2dc9f4ecda7f9f77839691acef1b8c4.yara
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/dd4a1253d47de14ef83f1bc8b40816a86ccf90d1e624c5adf9203ae9d51d4097.yara
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: 04d377f9-36e0-42a4-8d47-62232163dc68
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 9b6609bd5d9d8de37273fe2d355ae349
-    SHA1: 4bf9ce7ffca224020572af6c13e866d8d41ad5bf
-    SHA256: 46ffe559f5a8f6bd611ac5a9264edf92d8449d8d31b2ddf6b2add5971e309c56
-  Company: DT Research, Inc.
-  Copyright: DT Research Inc. All Rights Reserved.
-  CreationTimestamp: '2013-01-28 01:45:17'
-  Date: ''
-  Description: DTR Kernel mode driver
-  ExportedFunctions: ''
-  FileVersion: 2.3.0.0
-  Filename: iomem64.sys
-  ImportedFunctions:
-  - IoDeleteDevice
-  - MmUnmapIoSpace
-  - KeEnterCriticalRegion
-  - MmFreeNonCachedMemory
-  - MmMapIoSpace
-  - RtlInitUnicodeString
-  - IoCreateSymbolicLink
-  - MmAllocateNonCachedMemory
-  - IoCreateDevice
-  - KeBugCheckEx
-  - KeLeaveCriticalRegion
-  - IofCompleteRequest
-  - IoDeleteSymbolicLink
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: iomem.sys
-  MD5: 0898af0888d8f7a9544ef56e5e16354e
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: iomem.sys
-  Product: iomem.sys
-  ProductVersion: 2.3.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 0ae286be57b21fec5b461a83d859358d
-    SHA1: 2f485c062bee896fc4fa28cc256c4f7466f3ff81
-    SHA256: 1beb30ca75a71912c068d962caa0f4a651ff924c1cbb1b88cf2bdcb357590e21
-  SHA1: 4b009e91bae8d27b160dc195f10c095f8a2441e1
-  SHA256: 3d23bdbaf9905259d858df5bf991eb23d2dc9f4ecda7f9f77839691acef1b8c4
-  Sections:
-    .text:
-      Entropy: 5.429433941896276
-      Virtual Size: '0x13b4'
-    .rdata:
-      Entropy: 4.340575063764079
-      Virtual Size: '0x198'
-    .data:
-      Entropy: 0.5035334969292564
-      Virtual Size: '0x118'
-    .pdata:
-      Entropy: 3.3340349653294203
-      Virtual Size: '0xa8'
-    INIT:
-      Entropy: 5.039084100171449
-      Virtual Size: '0x2a6'
-    .rsrc:
-      Entropy: 3.2363116153206524
-      Virtual Size: '0x350'
-  Signature:
-  - DT RESEARCH, INC. TAIWAN BRANCH
-  - VeriSign Class 3 Code Signing 2010 CA
-  - VeriSign
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=TW, ST=Taipei, L=Zhongzheng, O=DT RESEARCH, INC. TAIWAN BRANCH, OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, CN=DT RESEARCH, INC. TAIWAN
-        BRANCH
-      ValidFrom: '2012-11-28 00:00:00'
-      ValidTo: '2014-02-27 23:59:59'
-      Signature: f0db051a101a03822142ad6370846fde79334c0ca76bd6e57fe4dca43570ce0936b1a9c4e3372dfbe23eecf858c76228a3dda166e0a9890c3a9558ee704b9ac6fda3d31e0dfb250d369568f623a15c8c041bfd94332adfd636c16e6e5a00d4fff2d53f85398ce97de15f54baebc937904f72fa829e848b83f9aec30e201930e2811167fc1c7f5b1570b197bc7d797e91060df7946148f43944021c30c2a73a6af1b916358071208ef26c6b3bc59bb2d3db066c0575200b6d65ed47f267412a4a5983735235506602282aa045c6b716827243955ace1bc0222a3d611dab9e84f960c4cb66e23c60b75d50aca0ee9f7dbff7e2a157e5525dfcd8b90448944190e1
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 79666acda698ffe7bb2f8c23ade9d57d
-      Version: 3
-      TBS:
-        MD5: dbb1dd5e54c789f66640d658709fedf2
-        SHA1: c5216c75242d0744a48ee5527b5f32953eca22de
-        SHA256: 2a3d22ff84046ce3ef33bb5b856892a9154243c11be3c5938ffbb68f3e6d33ba
-        SHA384: cc2c9885bd39100045b4cc7339c25b4ccbac9cc1dc8afbe382bedf2406bd1b71500d59f9ed298d7ad716dd961ac44c23
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 79666acda698ffe7bb2f8c23ade9d57d
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 679eba16ab2d51543b7007708838ef7c
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 91896c53af5ab967f7f131285354e4ac
-    SHA1: 7eec42b3027252dea4c777bbdbd47560bc179986
-    SHA256: 57d36936fbf8785380536b03e5d9be172e5dd5c3bf435e19875a80aa96f97e1f
-  Company: DT Research, Inc.
-  Copyright: DT Research Inc. All Rights Reserved.
-  CreationTimestamp: '2012-12-03 01:39:06'
-  Date: ''
-  Description: DTR Kernel mode driver
-  ExportedFunctions: ''
-  FileVersion: 2.2.0.0
-  Filename: iomem64.sys
-  ImportedFunctions:
-  - IoDeleteDevice
-  - MmUnmapIoSpace
-  - KeEnterCriticalRegion
-  - MmFreeNonCachedMemory
-  - MmMapIoSpace
-  - RtlInitUnicodeString
-  - IoCreateSymbolicLink
-  - MmAllocateNonCachedMemory
-  - IoCreateDevice
-  - KeBugCheckEx
-  - KeLeaveCriticalRegion
-  - IofCompleteRequest
-  - IoDeleteSymbolicLink
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: iomem.sys
-  MD5: f1e054333cc40f79cfa78e5fbf3b54c2
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: iomem.sys
-  Product: iomem.sys
-  ProductVersion: 2.2.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 0ae286be57b21fec5b461a83d859358d
-    SHA1: 2f485c062bee896fc4fa28cc256c4f7466f3ff81
-    SHA256: 1beb30ca75a71912c068d962caa0f4a651ff924c1cbb1b88cf2bdcb357590e21
-  SHA1: 6003184788cd3d2fc624ca801df291ccc4e225ee
-  SHA256: dd4a1253d47de14ef83f1bc8b40816a86ccf90d1e624c5adf9203ae9d51d4097
-  Sections:
-    .text:
-      Entropy: 5.4276217868285315
-      Virtual Size: '0x1384'
-    .rdata:
-      Entropy: 4.330082770085826
-      Virtual Size: '0x198'
-    .data:
-      Entropy: 0.5035334969292564
-      Virtual Size: '0x118'
-    .pdata:
-      Entropy: 3.3340349653294203
-      Virtual Size: '0xa8'
-    INIT:
-      Entropy: 5.039084100171449
-      Virtual Size: '0x2a6'
-    .rsrc:
-      Entropy: 3.227189755068873
-      Virtual Size: '0x350'
-  Signature:
-  - DT RESEARCH, INC. TAIWAN BRANCH
-  - VeriSign Class 3 Code Signing 2010 CA
-  - VeriSign
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G3
-      ValidFrom: '2012-05-01 00:00:00'
-      ValidTo: '2012-12-31 23:59:59'
-      Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
-      Version: 3
-      TBS:
-        MD5: e6d820afb23af20a65cf0b03247ea05e
-        SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
-        SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
-        SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=TW, ST=Taiwan, L=Taipei, O=DT RESEARCH, INC. TAIWAN BRANCH, OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, CN=DT RESEARCH, INC. TAIWAN
-        BRANCH
-      ValidFrom: '2012-01-18 00:00:00'
-      ValidTo: '2013-01-17 23:59:59'
-      Signature: b8ae271018c3961846bf8143d1fc6ab9ce843d08c492ac7d179086c44a9453bc00ccfaeb638fce7fef3b83104a060a2e3284f63818f0798ae33db982098c7f4bcff265294f27248dd5874243e55451a30061fff3f1a9e78ca0aadabd376ec0d20176e731df3655c1328763c8fc2cae631e33abcc244a829cebb7bdf54eaf41fc2a63ba2671896ae6371792f40af06b9ac5de4b34837e7b85676eca74761b6e6872be25f14fda20ddd845b155e290b909a3c84329aded0d04a0a79843d71035467c61a72f66668e7941d69c1e2c69c8c2bc4a09243472bcbcec9af16ee4b286109325935364790810d40a59d7ef5758ef9e9444e2623977329efd8c5d38431af7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 215c8fa3dc44a29e86e5e59bd239b3c8
-      Version: 3
-      TBS:
-        MD5: a64ea916f6938102e6116b8283e3597f
-        SHA1: 888f188d39a9c8b14375f1bbcf5c88f5b1e92d63
-        SHA256: 1ad8fb0027b18802ed025be6d1258c99c5d2ee586e2eb5ecfaa706bc8b8170c9
-        SHA384: 9bf7495220fe2b9cd3c86a155aacdf93325f370a32233aaa8c4a185864d52f178b26c6af87335146f7f716237f13c854
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 215c8fa3dc44a29e86e5e59bd239b3c8
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 679eba16ab2d51543b7007708838ef7c
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create iomem64.sys binPath=C:\windows\temp\iomem64.sys type=kernel
+        && sc.exe start iomem64.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://github.com/namazso/physmem_drivers
-Tags:
-- iomem64.sys
-Verified: 'TRUE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/3d23bdbaf9905259d858df5bf991eb23d2dc9f4ecda7f9f77839691acef1b8c4.yara
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/dd4a1253d47de14ef83f1bc8b40816a86ccf90d1e624c5adf9203ae9d51d4097.yara
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 9b6609bd5d9d8de37273fe2d355ae349
+        SHA1: 4bf9ce7ffca224020572af6c13e866d8d41ad5bf
+        SHA256: 46ffe559f5a8f6bd611ac5a9264edf92d8449d8d31b2ddf6b2add5971e309c56
+    Company: DT Research, Inc.
+    Copyright: DT Research Inc. All Rights Reserved.
+    CreationTimestamp: '2013-01-28 01:45:17'
+    Date: ''
+    Description: DTR Kernel mode driver
+    ExportedFunctions: ''
+    FileVersion: 2.3.0.0
+    Filename: iomem64.sys
+    ImportedFunctions:
+    - IoDeleteDevice
+    - MmUnmapIoSpace
+    - KeEnterCriticalRegion
+    - MmFreeNonCachedMemory
+    - MmMapIoSpace
+    - RtlInitUnicodeString
+    - IoCreateSymbolicLink
+    - MmAllocateNonCachedMemory
+    - IoCreateDevice
+    - KeBugCheckEx
+    - KeLeaveCriticalRegion
+    - IofCompleteRequest
+    - IoDeleteSymbolicLink
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: iomem.sys
+    MD5: 0898af0888d8f7a9544ef56e5e16354e
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: iomem.sys
+    Product: iomem.sys
+    ProductVersion: 2.3.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 0ae286be57b21fec5b461a83d859358d
+        SHA1: 2f485c062bee896fc4fa28cc256c4f7466f3ff81
+        SHA256: 1beb30ca75a71912c068d962caa0f4a651ff924c1cbb1b88cf2bdcb357590e21
+    SHA1: 4b009e91bae8d27b160dc195f10c095f8a2441e1
+    SHA256: 3d23bdbaf9905259d858df5bf991eb23d2dc9f4ecda7f9f77839691acef1b8c4
+    Sections:
+        .text:
+            Entropy: 5.429433941896276
+            Virtual Size: '0x13b4'
+        .rdata:
+            Entropy: 4.340575063764079
+            Virtual Size: '0x198'
+        .data:
+            Entropy: 0.5035334969292564
+            Virtual Size: '0x118'
+        .pdata:
+            Entropy: 3.3340349653294203
+            Virtual Size: '0xa8'
+        INIT:
+            Entropy: 5.039084100171449
+            Virtual Size: '0x2a6'
+        .rsrc:
+            Entropy: 3.2363116153206524
+            Virtual Size: '0x350'
+    Signature:
+    - DT RESEARCH, INC. TAIWAN BRANCH
+    - VeriSign Class 3 Code Signing 2010 CA
+    - VeriSign
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=TW, ST=Taipei, L=Zhongzheng, O=DT RESEARCH, INC. TAIWAN BRANCH,
+                OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=DT RESEARCH,
+                INC. TAIWAN BRANCH
+            ValidFrom: '2012-11-28 00:00:00'
+            ValidTo: '2014-02-27 23:59:59'
+            Signature: f0db051a101a03822142ad6370846fde79334c0ca76bd6e57fe4dca43570ce0936b1a9c4e3372dfbe23eecf858c76228a3dda166e0a9890c3a9558ee704b9ac6fda3d31e0dfb250d369568f623a15c8c041bfd94332adfd636c16e6e5a00d4fff2d53f85398ce97de15f54baebc937904f72fa829e848b83f9aec30e201930e2811167fc1c7f5b1570b197bc7d797e91060df7946148f43944021c30c2a73a6af1b916358071208ef26c6b3bc59bb2d3db066c0575200b6d65ed47f267412a4a5983735235506602282aa045c6b716827243955ace1bc0222a3d611dab9e84f960c4cb66e23c60b75d50aca0ee9f7dbff7e2a157e5525dfcd8b90448944190e1
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 79666acda698ffe7bb2f8c23ade9d57d
+            Version: 3
+            TBS:
+                MD5: dbb1dd5e54c789f66640d658709fedf2
+                SHA1: c5216c75242d0744a48ee5527b5f32953eca22de
+                SHA256: 2a3d22ff84046ce3ef33bb5b856892a9154243c11be3c5938ffbb68f3e6d33ba
+                SHA384: cc2c9885bd39100045b4cc7339c25b4ccbac9cc1dc8afbe382bedf2406bd1b71500d59f9ed298d7ad716dd961ac44c23
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 79666acda698ffe7bb2f8c23ade9d57d
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 679eba16ab2d51543b7007708838ef7c
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 91896c53af5ab967f7f131285354e4ac
+        SHA1: 7eec42b3027252dea4c777bbdbd47560bc179986
+        SHA256: 57d36936fbf8785380536b03e5d9be172e5dd5c3bf435e19875a80aa96f97e1f
+    Company: DT Research, Inc.
+    Copyright: DT Research Inc. All Rights Reserved.
+    CreationTimestamp: '2012-12-03 01:39:06'
+    Date: ''
+    Description: DTR Kernel mode driver
+    ExportedFunctions: ''
+    FileVersion: 2.2.0.0
+    Filename: iomem64.sys
+    ImportedFunctions:
+    - IoDeleteDevice
+    - MmUnmapIoSpace
+    - KeEnterCriticalRegion
+    - MmFreeNonCachedMemory
+    - MmMapIoSpace
+    - RtlInitUnicodeString
+    - IoCreateSymbolicLink
+    - MmAllocateNonCachedMemory
+    - IoCreateDevice
+    - KeBugCheckEx
+    - KeLeaveCriticalRegion
+    - IofCompleteRequest
+    - IoDeleteSymbolicLink
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: iomem.sys
+    MD5: f1e054333cc40f79cfa78e5fbf3b54c2
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: iomem.sys
+    Product: iomem.sys
+    ProductVersion: 2.2.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 0ae286be57b21fec5b461a83d859358d
+        SHA1: 2f485c062bee896fc4fa28cc256c4f7466f3ff81
+        SHA256: 1beb30ca75a71912c068d962caa0f4a651ff924c1cbb1b88cf2bdcb357590e21
+    SHA1: 6003184788cd3d2fc624ca801df291ccc4e225ee
+    SHA256: dd4a1253d47de14ef83f1bc8b40816a86ccf90d1e624c5adf9203ae9d51d4097
+    Sections:
+        .text:
+            Entropy: 5.4276217868285315
+            Virtual Size: '0x1384'
+        .rdata:
+            Entropy: 4.330082770085826
+            Virtual Size: '0x198'
+        .data:
+            Entropy: 0.5035334969292564
+            Virtual Size: '0x118'
+        .pdata:
+            Entropy: 3.3340349653294203
+            Virtual Size: '0xa8'
+        INIT:
+            Entropy: 5.039084100171449
+            Virtual Size: '0x2a6'
+        .rsrc:
+            Entropy: 3.227189755068873
+            Virtual Size: '0x350'
+    Signature:
+    - DT RESEARCH, INC. TAIWAN BRANCH
+    - VeriSign Class 3 Code Signing 2010 CA
+    - VeriSign
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G3
+            ValidFrom: '2012-05-01 00:00:00'
+            ValidTo: '2012-12-31 23:59:59'
+            Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
+            Version: 3
+            TBS:
+                MD5: e6d820afb23af20a65cf0b03247ea05e
+                SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
+                SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
+                SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=TW, ST=Taiwan, L=Taipei, O=DT RESEARCH, INC. TAIWAN BRANCH,
+                OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=DT RESEARCH,
+                INC. TAIWAN BRANCH
+            ValidFrom: '2012-01-18 00:00:00'
+            ValidTo: '2013-01-17 23:59:59'
+            Signature: b8ae271018c3961846bf8143d1fc6ab9ce843d08c492ac7d179086c44a9453bc00ccfaeb638fce7fef3b83104a060a2e3284f63818f0798ae33db982098c7f4bcff265294f27248dd5874243e55451a30061fff3f1a9e78ca0aadabd376ec0d20176e731df3655c1328763c8fc2cae631e33abcc244a829cebb7bdf54eaf41fc2a63ba2671896ae6371792f40af06b9ac5de4b34837e7b85676eca74761b6e6872be25f14fda20ddd845b155e290b909a3c84329aded0d04a0a79843d71035467c61a72f66668e7941d69c1e2c69c8c2bc4a09243472bcbcec9af16ee4b286109325935364790810d40a59d7ef5758ef9e9444e2623977329efd8c5d38431af7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 215c8fa3dc44a29e86e5e59bd239b3c8
+            Version: 3
+            TBS:
+                MD5: a64ea916f6938102e6116b8283e3597f
+                SHA1: 888f188d39a9c8b14375f1bbcf5c88f5b1e92d63
+                SHA256: 1ad8fb0027b18802ed025be6d1258c99c5d2ee586e2eb5ecfaa706bc8b8170c9
+                SHA384: 9bf7495220fe2b9cd3c86a155aacdf93325f370a32233aaa8c4a185864d52f178b26c6af87335146f7f716237f13c854
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 215c8fa3dc44a29e86e5e59bd239b3c8
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 679eba16ab2d51543b7007708838ef7c
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/0567c6c4-282f-406f-9369-7f876b899c25.yaml b/yaml/0567c6c4-282f-406f-9369-7f876b899c25.yaml
index 5cb732347..4475152cf 100644
--- a/yaml/0567c6c4-282f-406f-9369-7f876b899c25.yaml
+++ b/yaml/0567c6c4-282f-406f-9369-7f876b899c25.yaml
@@ -1,16 +1,18 @@
 Id: 0567c6c4-282f-406f-9369-7f876b899c25
+Tags:
+- procexp.Sys
+Verified: 'TRUE'
 Author: Nasreddine Bencherchali
 Created: '2023-05-06'
 MitreID: T1068
 Category: vulnerable driver
-Verified: 'TRUE'
 Commands:
-  Command: sc.exe create procexp.sys binPath=C:\windows\temp\procexp.Sys type=kernel
-    && sc.exe start procexp.Sys
-  Description: ''
-  Usecase: Elevate privileges
-  Privileges: kernel
-  OperatingSystem: Windows 10
+    Command: sc.exe create procexp.sys binPath=C:\windows\temp\procexp.Sys type=kernel
+        && sc.exe start procexp.Sys
+    Description: ''
+    Usecase: Elevate privileges
+    Privileges: kernel
+    OperatingSystem: Windows 10
 Resources:
 - Internal Research
 - https://malware.news/t/lazarus-group-attack-case-using-vulnerability-of-certificate-software-commonly-used-by-public-institutions-and-universities/67715
@@ -20,5321 +22,5328 @@ Resources:
 - https://github.com/Yaxser/Backstab/blob/master/resources/PROCEXP.sys
 - https://news.sophos.com/en-us/2023/04/19/aukill-edr-killer-malware-abuses-process-explorer-driver/
 - https://github.com/magicsword-io/LOLDrivers/issues/55#issuecomment-1537161951
-Acknowledgement:
-  Person: ''
-  Handle: ''
 Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/075de997497262a9d105afeadaaefc6348b25ce0e0126505c24aa9396c251e85.yara
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/16a2e578bc8683f17a175480fea4f53c838cfae965f1d4caa47eaf9e0b3415c1.yara
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/1b00d6e5d40b1b84ca63da0e99246574cdd2a533122bc83746f06c0d66e63a6e.yara
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/30abc0cc700fdebc74e62d574addc08f6227f9c7177d9eaa8cbc37d5c017c9bb.yara
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/3503ea284b6819f9cb43b3e94c0bb1bf5945ccb37be6a898387e215197a4792a.yara
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/3c7e5b25a33a7805c999d318a9523fcae46695a89f55bbdb8bb9087360323dfc.yara
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/3ff39728f1c11d1108f65ec5eb3d722fd1a1279c530d79712e0d32b34880baaa.yara
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/46621554728bc55438c7c241137af401250f062edef6e7efecf1a6f0f6d0c1f7.yara
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/51e91dd108d974ae809e5fc23f6fbd16e13f672f86aa594dae4a5c4bc629b0b5.yara
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/59b09bd69923c0b3de3239e73205b1846a5f69043546d471b259887bb141d879.yara
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/6bfc0f425de9f4e7480aa2d1f2e08892d0553ed0df1c31e9bf3d8d702f38fa2e.yara
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/6e944ae1bfe43a8a7cd2ea65e518a30172ce8f31223bdfd39701b2cb41d8a9e7.yara
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/77950e2a40ac0447ae7ee1ee3ef1242ce22796a157074e6f04e345b1956e143c.yara
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/7a48f92a9c2d95a72e18055cac28c1e7e6cad5f47aa735cbea5c3b82813ccfaf.yara
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/86721ee8161096348ed3dbe1ccbf933ae004c315b1691745a8af4a0df9fed675.yara
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/88e2e6a705d3fb71b966d9fb46dc5a4b015548daf585fb54dfcd81dc0bd3ebdc.yara
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/89b9823ed974a5b71de8468324d45b7e9d6dc914f93615ba86c6209b25b3cbf7.yara
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/98a123b314cba2de65f899cdbfa386532f178333389e0f0fbd544aff85be02eb.yara
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/9d5ebd0f4585ec20a5fe3c5276df13ece5a2645d3d6f70cedcda979bd1248fc2.yara
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/bced04bdefad6a08c763265d6993f07aa2feb57d33ed057f162a947cf0e6668f.yara
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/bdbceca41e576841cad2f2b38ee6dbf92fd77fbbfdfe6ecf99f0623d44ef182c.yara
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/c089a31ac95d41ed02d1e4574962f53376b36a9e60ff87769d221dc7d1a3ecfa.yara
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/cdfbe62ef515546f1728189260d0bdf77167063b6dbb77f1db6ed8b61145a2bc.yara
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/d6827cd3a8f273a66ecc33bb915df6c7dea5cc1b8134b0c348303ef50db33476.yara
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/e07211224b02aaf68a5e4b73fc1049376623793509d9581cdaee9e601020af06.yara
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/e3f2ee22dec15061919583e4beb8abb3b29b283e2bcb46badf2bfde65f5ea8dd.yara
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/f29073dc99cb52fa890aae80037b48a172138f112474a1aecddae21179c93478.yara
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/59b09bd69923c0b3de3239e73205b1846a5f69043546d471b259887bb141d879.yara
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/440883cd9d6a76db5e53517d0ec7fe13d5a50d2f6a7f91ecfc863bc3490e4f5c.yara
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/cdfbe62ef515546f1728189260d0bdf77167063b6dbb77f1db6ed8b61145a2bc.yara
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/9b6a84f7c40ea51c38cc4d2e93efb3375e9d98d4894a85941190d94fbe73a4e4.yara
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/075de997497262a9d105afeadaaefc6348b25ce0e0126505c24aa9396c251e85.yara
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/16a2e578bc8683f17a175480fea4f53c838cfae965f1d4caa47eaf9e0b3415c1.yara
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/1b00d6e5d40b1b84ca63da0e99246574cdd2a533122bc83746f06c0d66e63a6e.yara
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/30abc0cc700fdebc74e62d574addc08f6227f9c7177d9eaa8cbc37d5c017c9bb.yara
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/3503ea284b6819f9cb43b3e94c0bb1bf5945ccb37be6a898387e215197a4792a.yara
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/3c7e5b25a33a7805c999d318a9523fcae46695a89f55bbdb8bb9087360323dfc.yara
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/3ff39728f1c11d1108f65ec5eb3d722fd1a1279c530d79712e0d32b34880baaa.yara
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/46621554728bc55438c7c241137af401250f062edef6e7efecf1a6f0f6d0c1f7.yara
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/51e91dd108d974ae809e5fc23f6fbd16e13f672f86aa594dae4a5c4bc629b0b5.yara
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/59b09bd69923c0b3de3239e73205b1846a5f69043546d471b259887bb141d879.yara
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/6bfc0f425de9f4e7480aa2d1f2e08892d0553ed0df1c31e9bf3d8d702f38fa2e.yara
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/6e944ae1bfe43a8a7cd2ea65e518a30172ce8f31223bdfd39701b2cb41d8a9e7.yara
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/77950e2a40ac0447ae7ee1ee3ef1242ce22796a157074e6f04e345b1956e143c.yara
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/7a48f92a9c2d95a72e18055cac28c1e7e6cad5f47aa735cbea5c3b82813ccfaf.yara
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/86721ee8161096348ed3dbe1ccbf933ae004c315b1691745a8af4a0df9fed675.yara
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/88e2e6a705d3fb71b966d9fb46dc5a4b015548daf585fb54dfcd81dc0bd3ebdc.yara
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/89b9823ed974a5b71de8468324d45b7e9d6dc914f93615ba86c6209b25b3cbf7.yara
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/98a123b314cba2de65f899cdbfa386532f178333389e0f0fbd544aff85be02eb.yara
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/9d5ebd0f4585ec20a5fe3c5276df13ece5a2645d3d6f70cedcda979bd1248fc2.yara
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/bced04bdefad6a08c763265d6993f07aa2feb57d33ed057f162a947cf0e6668f.yara
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/bdbceca41e576841cad2f2b38ee6dbf92fd77fbbfdfe6ecf99f0623d44ef182c.yara
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/c089a31ac95d41ed02d1e4574962f53376b36a9e60ff87769d221dc7d1a3ecfa.yara
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/cdfbe62ef515546f1728189260d0bdf77167063b6dbb77f1db6ed8b61145a2bc.yara
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/d6827cd3a8f273a66ecc33bb915df6c7dea5cc1b8134b0c348303ef50db33476.yara
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/e07211224b02aaf68a5e4b73fc1049376623793509d9581cdaee9e601020af06.yara
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/e3f2ee22dec15061919583e4beb8abb3b29b283e2bcb46badf2bfde65f5ea8dd.yara
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/f29073dc99cb52fa890aae80037b48a172138f112474a1aecddae21179c93478.yara
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/59b09bd69923c0b3de3239e73205b1846a5f69043546d471b259887bb141d879.yara
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/440883cd9d6a76db5e53517d0ec7fe13d5a50d2f6a7f91ecfc863bc3490e4f5c.yara
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/cdfbe62ef515546f1728189260d0bdf77167063b6dbb77f1db6ed8b61145a2bc.yara
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/9b6a84f7c40ea51c38cc4d2e93efb3375e9d98d4894a85941190d94fbe73a4e4.yara
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Person: ''
+    Handle: ''
 KnownVulnerableSamples:
-- Filename: procexp.Sys
-  MD5: e6cb1728c50bd020e531d19a14904e1c
-  SHA1: 2dd916cb8a9973b5890829361c1f9c0d532ba5d6
-  SHA256: 075de997497262a9d105afeadaaefc6348b25ce0e0126505c24aa9396c251e85
-  Authentihash:
-    MD5: fe54aac5dfae8729c48361d2ea4f7271
-    SHA1: 2a4e81a1d23e3b7d9c14b6fbc393ecfad5f34133
-    SHA256: c5732937c3ab5e0fd244cc1b820eaa1fb7d97110c213cd6b9dadebafe3ea853d
-  Description: Process Explorer
-  Company: Sysinternals - www.sysinternals.com
-  InternalName: procexp.sys
-  OriginalFilename: procexp.Sys
-  FileVersion: '16.32'
-  Product: Process Explorer
-  ProductVersion: '16.32'
-  Copyright: Copyright (C) Mark Russinovich 1996-2020
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - strncpy
-  - RtlInitUnicodeString
-  - RtlUnicodeStringToAnsiString
-  - RtlFreeAnsiString
-  - KeWaitForSingleObject
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - ExGetPreviousMode
-  - MmGetSystemRoutineAddress
-  - SeCaptureSubjectContext
-  - SeReleaseSubjectContext
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ObReferenceObjectByHandle
-  - ObfDereferenceObject
-  - ZwClose
-  - MmIsAddressValid
-  - PsGetVersion
-  - ZwOpenProcess
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - SePrivilegeCheck
-  - PsLookupProcessByProcessId
-  - ObOpenObjectByPointer
-  - ObQueryNameString
-  - ZwQueryObject
-  - ZwDuplicateObject
-  - ZwOpenProcessToken
-  - ZwQueryInformationProcess
-  - ZwQuerySystemInformation
-  - ObCloseHandle
-  - ObOpenObjectByName
-  - __C_specific_handler
-  - IoFileObjectType
-  - PsProcessType
-  - PsThreadType
-  - RtlFreeUnicodeString
-  - IoCreateDevice
-  - ZwSetSecurityObject
-  - IoDeviceObjectType
-  - _snwprintf
-  - RtlLengthSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - RtlCreateSecurityDescriptor
-  - RtlSetDaclSecurityDescriptor
-  - RtlAbsoluteToSelfRelativeSD
-  - IoIsWdmVersionAvailable
-  - SeExports
-  - wcschr
-  - _wcsnicmp
-  - RtlLengthSid
-  - RtlAddAccessAllowedAce
-  - RtlGetSaclSecurityDescriptor
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - ZwOpenKey
-  - ZwCreateKey
-  - ZwQueryValueKey
-  - ZwSetValueKey
-  - KeBugCheckEx
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Hardware Compatibility Publisher
-      ValidFrom: '2020-03-04 19:12:18'
-      ValidTo: '2021-03-03 19:12:18'
-      Signature: 36f61260ed044bf89549c232aa8ee2004a952d0e542dc7388d42439d56f055eae824b2cf5be28cfae13b7c6064dc82e4ad88ddd542db32adc513e2b2b4c2a8e842cef37844682e569326e401f11243c4a2ad8b3b164909afdc57a9ee36d6b3e2a29785a8c1e60368581989af87b0d0e614102a64d39a621887b25fc02b846c65e0f2bfcd5385942c77aafae5cb3d7a89ea7fd71b65d6e33506286ac35ff7c3d1600eb51989271921b449a20ba70f383eb24c015a621af60f0593cc7cecaca55697f3a41c550aefa048fff0999175778613a8f902166e58bd46cb10e6c7a4e605073a7615d414476ee5cf4c51662cba47e7dc85324fd8fd13cbbcbe47a7287e29
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 330000009484c47568579aafe9000000000094
-      Version: 3
-      TBS:
-        MD5: b46a69db7e461e55282dc24dc594e5d6
-        SHA1: 3b19241d555a74781e2b63a7c14ad12b1ec68205
-        SHA256: 2a247cfecd58618afbf0f68cde5b9284a822e18e6ad5ff873467c6845b7f5975
-        SHA384: 5d7aeddeeef9b55bec8c3c5def19b19b0986f14b37ebc2e572847c82ab66a5dda02cfb30dd60a6be132441c7c4a70e79
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2012
-      ValidFrom: '2012-04-18 23:48:38'
-      ValidTo: '2027-04-18 23:58:38'
-      Signature: 5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 610baac1000000000009
-      Version: 3
-      TBS:
-        MD5: a569061297e8e824767dbc3184a69bea
-        SHA1: adbb26a587a8f44b4fccaecb306f980d1c55a150
-        SHA256: cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46
-        SHA384: e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba
-    Signer:
-    - SerialNumber: 330000009484c47568579aafe9000000000094
-      Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2012
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 420860e9f312122cbc3065cd4c79b0b8
-    SHA1: c4291fc018995b5847a846335c233b91b40f94a0
-    SHA256: 931eddc74e60814089c8a5da745e1e2fbf6ddd99781ee273379c6debdb9a3ba7
-  Sections:
-    .text:
-      Entropy: 6.137423926314564
-      Virtual Size: '0x25a0'
-    .rdata:
-      Entropy: 4.321191990294893
-      Virtual Size: '0xf68'
-    .data:
-      Entropy: 2.0732868843388097
-      Virtual Size: '0x22c'
-    .pdata:
-      Entropy: 4.199286592950671
-      Virtual Size: '0x2f4'
-    PAGE:
-      Entropy: 6.228697679351415
-      Virtual Size: '0x1a1b'
-    INIT:
-      Entropy: 5.210944759781676
-      Virtual Size: '0x818'
-    .rsrc:
-      Entropy: 3.300315570047502
-      Virtual Size: '0x380'
-    .reloc:
-      Entropy: 3.698934896284056
-      Virtual Size: '0x30'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2020-04-27 01:35:06'
-  Imphash: d122c1eaa50839be14c31876d0d4e0be
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: procexp.Sys
-  MD5: fea9319d67177ed6f36438d2bd9392fb
-  SHA1: db6170ee2ee0a3292deceb2fc88ef26d938ebf2d
-  SHA256: 16a2e578bc8683f17a175480fea4f53c838cfae965f1d4caa47eaf9e0b3415c1
-  Authentihash:
-    MD5: fbc316e1e634e967c5413a200cde7ad6
-    SHA1: a1dd17b946ade947b621e9fec4fe7ad0835f0ac9
-    SHA256: 4533a11f4f190354b749f2842b57233e5e9e8b37fa4031bcb976118cff902101
-  Description: Process Explorer
-  Company: Sysinternals - www.sysinternals.com
-  InternalName: procexp.sys
-  OriginalFilename: procexp.Sys
-  FileVersion: '16.42'
-  Product: Process Explorer
-  ProductVersion: '16.42'
-  Copyright: Copyright (C) Mark Russinovich 1996-2021
-  MachineType: ARM64
-  Imports:
-  - HAL.dll
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - KfRaiseIrql
-  - KfLowerIrql
-  - strncpy
-  - RtlInitUnicodeString
-  - MmGetSystemRoutineAddress
-  - RtlUnicodeStringToAnsiString
-  - RtlFreeAnsiString
-  - KeWaitForSingleObject
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - ExGetPreviousMode
-  - SeCaptureSubjectContext
-  - SeReleaseSubjectContext
-  - PsGetVersion
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ObReferenceObjectByHandle
-  - ObCloseHandle
-  - ObfDereferenceObject
-  - ZwClose
-  - MmIsAddressValid
-  - ZwOpenProcess
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - SePrivilegeCheck
-  - PsLookupProcessByProcessId
-  - ObOpenObjectByPointer
-  - ObQueryNameString
-  - ZwQueryObject
-  - ZwDuplicateObject
-  - ZwOpenProcessToken
-  - ZwQueryInformationProcess
-  - ZwQuerySystemInformation
-  - ObOpenObjectByName
-  - __C_specific_handler
-  - IoFileObjectType
-  - PsProcessType
-  - PsThreadType
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Hardware Compatibility Publisher
-      ValidFrom: '2020-12-15 22:15:30'
-      ValidTo: '2021-12-02 22:15:30'
-      Signature: 199acc6a8717c0db5b4b2312dccd8bb1e33ef492731fb8e1d60bd6f690de074b6d92293c8260012dcacc668a68f10e726a37d2ff7ee66b1eea424f56f104249bd6d7e7eba8c1745f4f1143bac7e648e48c1b2a1adf6954b5de1669df19c4be5633b791b7a3cba23641006fd58ac2d494a1d00dadbc3b3fe50a7ad0163cb386693824106b5dd9f9b8a579e45f5c5f8804832b8a773701e0ca31dee9a012fce5911492de93beea44a3822f7a83c448a484eeb937a4fa7f4067879b910e534c966d2650bd5c93f066656aa0f4c7c318161d4a8b367056df42af60a0aad0eb2de3bb47b96b948f2c849f330cfef599f1775bb6d41cf150decb40a83d5800727d977e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 33000000b20f9ad86794f322f60000000000b2
-      Version: 3
-      TBS:
-        MD5: b9dc0ff1a60c3aba24a78d505955bf39
-        SHA1: 15a5da2c8aa2955af75615009d249071f91fd252
-        SHA256: ba7853f855ba7bc325287c11f5f7b20e013716affad372440feb2c3cf02f0bc5
-        SHA384: 90f67f637874aca58284dde5bfa77d98616efd902d1a63f53bc30cd287d464e6706388ed317199236e0739642622f9c5
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2012
-      ValidFrom: '2012-04-18 23:48:38'
-      ValidTo: '2027-04-18 23:58:38'
-      Signature: 5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 610baac1000000000009
-      Version: 3
-      TBS:
-        MD5: a569061297e8e824767dbc3184a69bea
-        SHA1: adbb26a587a8f44b4fccaecb306f980d1c55a150
-        SHA256: cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46
-        SHA384: e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba
-    Signer:
-    - SerialNumber: 33000000b20f9ad86794f322f60000000000b2
-      Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2012
-      Version: 1
-  RichPEHeaderHash:
-    MD5: b9d3f09e377f3b150f32d6ebfb37c19c
-    SHA1: 37b54bd186c5e76895c75551721d5f8432fb5d72
-    SHA256: 7f2c741567540cfb1a1f6e79392080387d55b9cb524c21f80c1bf2dc75992c84
-  Sections:
-    .text:
-      Entropy: 6.0250851608186204
-      Virtual Size: '0x2b00'
-    .rdata:
-      Entropy: 3.8365608883427753
-      Virtual Size: '0x820'
-    .data:
-      Entropy: 1.6388264292981416
-      Virtual Size: '0x3c'
-    .pdata:
-      Entropy: 3.9469090112624383
-      Virtual Size: '0x100'
-    INIT:
-      Entropy: 4.9698639451866535
-      Virtual Size: '0x550'
-    .rsrc:
-      Entropy: 3.301212675669634
-      Virtual Size: '0x380'
-    .reloc:
-      Entropy: 2.7841837197791888
-      Virtual Size: '0x14'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2021-06-01 08:24:35'
-  Imphash: bfe13c695e41d3eee414d3929b1bd523
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: procexp.Sys
-  MD5: eeb8e039f6d942538eb4b0252117899a
-  SHA1: bebf97411946749b9050989d9c40352dbe8269ea
-  SHA256: 1b00d6e5d40b1b84ca63da0e99246574cdd2a533122bc83746f06c0d66e63a6e
-  Authentihash:
-    MD5: 750ecd21c673a6fda9199887013d3751
-    SHA1: 82d3299c06b944895385fd2f3d9d18391273019d
-    SHA256: 8e38148ad4ed9946e8600b37f63996bf17c0101e3f50123b3b8513c895a4b521
-  Description: Process Explorer
-  Company: Sysinternals - www.sysinternals.com
-  InternalName: procexp.sys
-  OriginalFilename: procexp.Sys
-  FileVersion: '12.00'
-  Product: Process Explorer
-  ProductVersion: '12.00'
-  Copyright: Copyright (C) M. Russinovich 1996-2010
-  MachineType: I386
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - ObQueryNameString
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - ZwQueryObject
-  - KeDetachProcess
-  - ObReferenceObjectByHandle
-  - KeAttachProcess
-  - ObfDereferenceObject
-  - PsLookupProcessByProcessId
-  - ZwClose
-  - ZwDuplicateObject
-  - ZwOpenProcess
-  - ZwQuerySystemInformation
-  - MmIsAddressValid
-  - memset
-  - ObOpenObjectByPointer
-  - RtlUnicodeStringToAnsiString
-  - NtClose
-  - ZwOpenProcessToken
-  - memcpy
-  - IofCompleteRequest
-  - SeReleaseSubjectContext
-  - SePrivilegeCheck
-  - ExGetPreviousMode
-  - SeCaptureSubjectContext
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - NtBuildNumber
-  - KeTickCount
-  - KeBugCheckEx
-  - strncpy
-  - ZwQueryInformationProcess
-  - RtlFreeAnsiString
-  - RtlUnwind
-  - KfLowerIrql
-  - KfRaiseIrql
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Texas, L=Austin, O=Sysinternals, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, OU=Headquarters, CN=Sysinternals
-      ValidFrom: '2010-03-04 00:00:00'
-      ValidTo: '2013-04-18 23:59:59'
-      Signature: 699b1e86265a9879a822a8a6699a8c10445951bf2b4f573e73a1d61d4cb8279a8069fc69f009280908b49182f4701c7928c3c2b6d586365f50278ef35f08b6cdf8208a12e1ac531ef354a0ccd6e3e3f2f46cb624ad8e38a40143793950d6c4da6a9aeb3420d16f7edbf1e9394464e64dd68c3a227dc7e39217e3539b630ab82a9ffed252b8a89d32c2d373e53bbfc4d7110f58a7a8fb88fdb9d918251ad2a6e1315725007597a4492ee39b513e0dde05fe421fe4ef18cf7b86f5165ae71a6fe40948f0fa39e3a9d681be276f20295d2132e53043f5db8a1ed02ebbf7f32b574e95cb607aafac1ba41c77151ade1984532df7ac190fb57e17f730a197050c0e32
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 4112e632c7b18a029a3a1fac803ab89f
-      Version: 3
-      TBS:
-        MD5: 55a4c08c9404782113330a8cd169ed20
-        SHA1: 74807ba52ae6108b0fbac5031090b3295b2c3bba
-        SHA256: 3fe3c656e859492b0d4bb2c4c2020ae816340f985e054239d3342ffb93269b16
-        SHA384: 653eeae6166aec45fd75b679034bec2a53623d999b14ebfbc821067c1c041eaa5f00cf8e7e7330ad793b880aa35f6c4e
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 4112e632c7b18a029a3a1fac803ab89f
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 39a696a518c3b3d973af323b4a784aa5
-    SHA1: 82644e6d5011a7d16fc45795e5476d1a11fd42b3
-    SHA256: 701cabcf5d588fd9a68480eb11798221b29fdb9be68cb9f919041e1af88534a8
-  Sections:
-    .text:
-      Entropy: 6.305335255152002
-      Virtual Size: '0x147a'
-    .rdata:
-      Entropy: 3.790465958065011
-      Virtual Size: '0x1ec'
-    .data:
-      Entropy: 2.0577277787393187
-      Virtual Size: '0x24'
-    INIT:
-      Entropy: 5.410711553706741
-      Virtual Size: '0x438'
-    .rsrc:
-      Entropy: 3.261114029825118
-      Virtual Size: '0x380'
-    .reloc:
-      Entropy: 5.426276217210761
-      Virtual Size: '0x186'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2010-04-15 03:23:35'
-  Imphash: 9376f1c4ab79240cc948b77bf9e8814b
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: procexp.Sys
-  MD5: c56a9ed0192c5a2b39691e54f2132a2f
-  SHA1: 9099482b26e9ba8e1d303418afc9111a3bffd6b3
-  SHA256: 30abc0cc700fdebc74e62d574addc08f6227f9c7177d9eaa8cbc37d5c017c9bb
-  Authentihash:
-    MD5: eb6ceb9aa0eaedee2d112b167908e871
-    SHA1: 4d68ec346d13359525da958af0fada57bc9ff35a
-    SHA256: 7a4e4ee169fe0f1f079e5f5c1da38ea70fe717e728faf054deb180f9e37fe574
-  Description: Process Explorer
-  Company: Sysinternals - www.sysinternals.com
-  InternalName: procexp.sys
-  OriginalFilename: procexp.Sys
-  FileVersion: '11.30'
-  Product: Process Explorer
-  ProductVersion: '11.30'
-  Copyright: Copyright (C) M. Russinovich 1996-2008
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - NtBuildNumber
-  - ZwOpenProcess
-  - PsLookupProcessByProcessId
-  - ZwQueryInformationProcess
-  - IoCreateSymbolicLink
-  - RtlInitUnicodeString
-  - MmIsAddressValid
-  - IoDeleteDevice
-  - ObfDereferenceObject
-  - ExGetPreviousMode
-  - IoCreateDevice
-  - MmGetSystemRoutineAddress
-  - ObOpenObjectByPointer
-  - ZwQueryObject
-  - RtlUnicodeStringToAnsiString
-  - SePrivilegeCheck
-  - ZwQuerySystemInformation
-  - ZwOpenProcessToken
-  - SeReleaseSubjectContext
-  - KeDetachProcess
-  - ObQueryNameString
-  - strncpy
-  - ExAllocatePool
-  - SeCaptureSubjectContext
-  - NtClose
-  - ZwClose
-  - IofCompleteRequest
-  - ObReferenceObjectByHandle
-  - IoDeleteSymbolicLink
-  - ZwDuplicateObject
-  - ExFreePoolWithTag
-  - RtlFreeAnsiString
-  - KeAttachProcess
-  - KeBugCheckEx
-  - __C_specific_handler
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=US, ST=Texas, L=Austin, O=Sysinternals, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, OU=Headquarters, CN=Sysinternals
-      ValidFrom: '2007-03-05 00:00:00'
-      ValidTo: '2010-04-19 23:59:59'
-      Signature: a1ce9df2911dc8d72282d3c41cc94a5ec63e00dbdf60015908bc703678b1a68e25d1ec5780e425ffb68e3e1bb0ea62cc9ba43c0e262cfa5f6c552458696acb67422328df20215aa22e5e8d4417d8688fcb06c1de0fe431e6811596fb0dcbe8678fe69098653687b041ab4eefd3181964c0a5225fe0a1606ff4c12c3f57d7e620860dcd66a8b856438dfb87d10e50beea9e838964d2584811fa83287ef363e88e4fc5b8d09f2fb4feeb7fd7f2a77661cb75ed56a0d3b60fdeed43674757704753721df8c8801ee85e4818fafb012399b1d36a8e17b8e40cbaa0fd891b6d2e0515dbd4d743e42eea35a9b191bf26a850eff41a5aa6d95790329c8a21a88c11faba
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 7d2c89d309e57beef2d791bb8ed6a26f
-      Version: 3
-      TBS:
-        MD5: ae18dfd140f9414eadf1f611ec1b84b7
-        SHA1: 9aecb2568e995d5965e49acf3ff247bc3d1ab99c
-        SHA256: f14ce5fe5f508ced18d652e8211edb00c1c773899d03d18dec932df9c54f0a86
-        SHA384: c2a6c771b86b687befda12f6871e2f0d473317b4694f25ddc835d2f203953870f26ae9994822e53fcddaeb012f2b6740
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 7d2c89d309e57beef2d791bb8ed6a26f
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 3ea5cd355cba9d9928873cdba35d4bcc
-    SHA1: b7e9df380d50227614a9745068a6b50c798b66f9
-    SHA256: b3da31bed27ae39b6fd4b9152315a2a81e444cdb54edb34eb6a583538717a4a1
-  Sections:
-    .text:
-      Entropy: 6.168262202149083
-      Virtual Size: '0x19f8'
-    .rdata:
-      Entropy: 4.079443409043563
-      Virtual Size: '0x2cc'
-    .data:
-      Entropy: 0.4860349013607531
-      Virtual Size: '0x124'
-    .pdata:
-      Entropy: 3.651113286298327
-      Virtual Size: '0xa8'
-    INIT:
-      Entropy: 5.006142056841753
-      Virtual Size: '0x4a0'
-    .rsrc:
-      Entropy: 3.294153762600323
-      Virtual Size: '0x380'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2008-11-03 14:19:45'
-  Imphash: 0b40636205c64cacfd2e4f407518ad58
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: procexp.Sys
-  MD5: 6ff59faea912903af0ba8e80e58612bc
-  SHA1: 736531c76b8d9c56e26561bf430e10ecabff0186
-  SHA256: 3503ea284b6819f9cb43b3e94c0bb1bf5945ccb37be6a898387e215197a4792a
-  Authentihash:
-    MD5: 8b8a646469bdd1bab7b402ac83dba4a5
-    SHA1: 075998a905d4afda2e1727f6f31030c4d126dcc5
-    SHA256: 083828dd2e4afe22f5d27b56bd7f5a60e43aea7ec8f8cb0a138be84ee639a09c
-  Description: Process Explorer
-  Company: Sysinternals - www.sysinternals.com
-  InternalName: procexp.sys
-  OriginalFilename: procexp.Sys
-  FileVersion: '15.00'
-  Product: Process Explorer
-  ProductVersion: '15.00'
-  Copyright: Copyright (C) Mark Russinovich 1996-2014
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - strncpy
-  - RtlInitUnicodeString
-  - RtlUnicodeStringToAnsiString
-  - RtlFreeAnsiString
-  - KeWaitForSingleObject
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - ExGetPreviousMode
-  - MmGetSystemRoutineAddress
-  - SeCaptureSubjectContext
-  - SeReleaseSubjectContext
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ObReferenceObjectByHandle
-  - ObfDereferenceObject
-  - ZwClose
-  - MmIsAddressValid
-  - PsGetVersion
-  - ZwOpenProcess
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - SePrivilegeCheck
-  - PsLookupProcessByProcessId
-  - ObOpenObjectByPointer
-  - ObQueryNameString
-  - ZwQueryObject
-  - ZwDuplicateObject
-  - ZwOpenProcessToken
-  - ZwQueryInformationProcess
-  - ZwQuerySystemInformation
-  - ObCloseHandle
-  - ObOpenObjectByName
-  - __C_specific_handler
-  - IoFileObjectType
-  - PsProcessType
-  - PsThreadType
-  - RtlFreeUnicodeString
-  - IoCreateDevice
-  - ZwSetSecurityObject
-  - IoDeviceObjectType
-  - _snwprintf
-  - RtlLengthSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - RtlCreateSecurityDescriptor
-  - RtlSetDaclSecurityDescriptor
-  - RtlAbsoluteToSelfRelativeSD
-  - IoIsWdmVersionAvailable
-  - SeExports
-  - wcschr
-  - _wcsnicmp
-  - RtlLengthSid
-  - RtlAddAccessAllowedAce
-  - RtlGetSaclSecurityDescriptor
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - ZwOpenKey
-  - ZwCreateKey
-  - ZwQueryValueKey
-  - ZwSetValueKey
-  - KeBugCheckEx
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=WA, L=Redmond, O=Microsoft Corporation, OU=Microsoft Ireland
-        Operations Limited, OU=Thales TSS ESN:3BD4,4B80,69C3, CN=Microsoft Time,Stamp
-        service
-      ValidFrom: '2018-08-23 20:20:24'
-      ValidTo: '2019-11-23 20:20:24'
-      Signature: 70b7312f4250cdf1d3def3c43951f5a88b8f263b88f82996cb1cdaa8c9fd2bc5cb16304482e1d4a3cd7c2680f316e8d04d560716707e31ee044018f77802b3e1620e9ddb7a9c4b7266af30fe4d6224225f47eaf7e9d4598e46e9069c9ecdd3c0500570cebcee298bec6254fcc5bf44c88b40b0b228839cf17e2c71689143f6558bcad70c395d627f74f7338012b15fd471a905d91b5a4b26aff62f1d0eef7131633d3b1423cd634e504b5bb9d8ad3ef506ef2ddd2d806c4df1b713395b2b17747e9e5afcaab83a1428b276c5ee6c4d9ec09ced00cc55888ce5ba6fec026cc4c502f7fe6ea6c8e101356f1b508e18b958d3b3bec3b629f1ff9c3ffedee98df4c4
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 33000001058eca29221e6a345b000000000105
-      Version: 3
-      TBS:
-        MD5: 31c86790d5106374a2387094c9e925f9
-        SHA1: 02effd51d770a6881492009028d3e37d52a353ec
-        SHA256: 4846d6d5238e9900fae36792af3ac2835f6f10aa18de48b558c676e94bb24e05
-        SHA384: 0bffcf528e304b0b704985707ddbafbbcf5670203ae1dfa78b1ef03926cc6619f55fd20c095bbe416f470e50a075c5d2
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Hardware Compatibility Publisher
-      ValidFrom: '2019-04-18 18:42:23'
-      ValidTo: '2020-03-27 18:42:23'
-      Signature: 5844e21f86b9788f56cd1d77f3f69287bb20fca894e9fedbba22b6bc952403a6b4c2cd38d003bfdd0ceb0ddcc583331efcad8b4be9516204983e26aaa15594ebc7b5784a3999aa9096a0d877371281c61840e4e57a2f4e33bcb554e3b1c25bcc71215544be72d254435aa7f462028722def36cb7819d9d746296b42f1e2dc0c6176f722fdc51d3913e1afdd3052cc50e1dc3f8dac1aaec4fc9b739973db14c1f1f68b5516a406994297ba034347c781323447d7e6c87dd73db025cea27bba00321aa12287daee740fd07040f293ead6d5f61bc0304daeebc847d5f4da6e712d2868d64a710212080c97dd804c265b6a60b368cceab6e1a4c81ba8361233a0ab2
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 33000000387a14cce6619d8c51000200000038
-      Version: 3
-      TBS:
-        MD5: f9a6526d8f83e3d33d925ae95b752dca
-        SHA1: ad9f086d0642e3b5de60584c44123cf4603c4525
-        SHA256: 7bdb7967d328a3a1cb2d2c4c7399633203668f9a86a271b277a218b639ad12ee
-        SHA384: 0ae0176f351a8e4df75f1c72d2002b1682a1e4d1ccb069fb8b5bcb496ef016a6386e44428ebabe538eb2900b564e3f93
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Hardware Compatibility PCA
-      ValidFrom: '2018-09-20 17:42:01'
-      ValidTo: '2021-05-09 23:28:13'
-      Signature: db595516f66f18e1341f22519cd75bdebec9fe22cf0da8b0b3d16c1da9a402d786bc566b40ee0bbcf93519de693d54a7d10a23c02dbc67986c390faf808cbc4adb87290c6336e5faf85d8f8c233ef9922fb1843a48a325954aeac902617af61fee0538540f210e1e96e2d2fbd710c3d9dcdee31f05054f429bacbd15eea95a19817a77c5be146a41a7307858ced3207157603c07b83c83ca0f35f77a632f148aa6dc8e0f947a8aaf6ad8c8d7c4490526c7f4f6ad021edb776725fe7dfb894a56d92fd032d2197c0e4edb995316a84d28109a61707230317c47c98b01093a263ebe5bcc278ffd669fd49fe1f51ac913b6c3cf714b5fc34381ee4996d59981421916414f0a902e76bd3b0399e4851a6084716df77ce405fe55a53be6f3c95f067a3f46ef77f7ad48d211cac1b08ab7964cfa9e8fdd336d2a84750021c76bffdc3de28b8d81b65134c9bdf6379fedf06b028f3ec0b6f5a6bb72c6745953ef43d67808d0bf11b7fa1d0a74b18f5e3b21f2e940ade8d052a9e19e9eb3bffbe9f5e8439a09ee26abf6d3e9528a1ef984617b5c33cf0d8d6e9daac74135d14fc21e82668e5b9075d3235eb988eec5fcac9753af2e343e2a1c88a19dc94ec1f11ae245eef3a76beccb5bb13fa9f39d9b04ffd6342cbc040e29a161d212d5b6a50c10be6f6b9e681d4747ac7bd030d75c18d61ec0ad03e3cecfc668c49424c26fd4de1072
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610435f1000000000041
-      Version: 3
-      TBS:
-        MD5: 77dab20d8e23cd8e18633adca506cf6e
-        SHA1: c5506bee3c29254dc5b5a0e6e7a14046522708ef
-        SHA256: 611f1d188d7c39a400a01ee32e2c257be5082445ace6f59acd103a250cc2ec0f
-        SHA384: cf4c4b8360744f9c56803afb49175361c93fc4a95c77dbe0eebb2852a32c93ed9cc563495c0e1c9c32e4d58512f55b49
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Time,Stamp PCA
-      ValidFrom: '2007-04-03 12:53:09'
-      ValidTo: '2021-04-03 13:03:09'
-      Signature: 10978ac35c034436dde9b4ad77dbce79514d01b12e74715b6d0c13abcebe7b8fb82ed412a28c6d62b85702cb4e20135099dd7a40e257bbaf589a1ce11d0186acbb78f28bd0ec3b01eee2be8f0a05c88d48e2f05315dd4fab92e4e78d6ad580c1e694f2062f8503e9912a242270fbf6fce478992e0df707e270bc184e9d8e6b0a7295b8a1399c672dc5510eea625c3f16988b203fe2071a32f9cc314a76313d2b720bc8ea703dff850a13dfc20a618ef0d7b817eb4e8b7fc5352b5ea3bfebbc7d0b427bd4537221ee30cabb78655c5b01170a140ed2da1498f53cb96658b32d2fe7f98586cc5156e89d70946cac394cd4f679bfaa187a6229efa29b293406771a62c93d1e6d1f82f00bc72cbbcf43b3e5f9ec7db5e3a4a87435b84ec571231226760b3c528c715a464314bcb3b3b04d67c89f42ff807921809e153066e842125e1ac89e2221d043e92be9bbf448cc2cd4d832804c262a48245f5aea56efa6de999dca3a6fbd8127740611ee7621bf9b82c12754b6b16a3d89a17661b46ea113a6bfaa47f0126ffd8a326cb2fedf51c88c23c966bd9d1d871264023d2daf598fb8e421e5b5b0ca63b4785405d4412e50ac94b0a578abb3a096751ad992871375222f32a8086ea05b8c25bfa0ef84ca21d6eb1e4fc99aee49e0f701656f890b7dc869c8e66eeaa797ce3129ff0ec55b5cd84d1ba1d8fa2f9e3f2e55166bc913a3fd
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 6116683400000000001c
-      Version: 3
-      TBS:
-        MD5: 335713f62536c68d0acc82df3dceb932
-        SHA1: 023cf1c5e99dc2f24133dae6937145bb481306e6
-        SHA256: 65d585d6bf2b0aa4f798b9af69be08c6f1c3d01a754f989768b722a145df5312
-        SHA384: f7dd00644994985c518f70c060386448dd0c3a13f5eff12a0dd31bf8333f24b781928d323acca27e04633e71a7f22e71
-    Signer:
-    - SerialNumber: 33000000387a14cce6619d8c51000200000038
-      Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Hardware Compatibility PCA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: dd10afd0600f2236361f48592587474c
-    SHA1: 0dbcc0d10e288b15aa0eda2aaffcd2a0edb7850b
-    SHA256: c834c4c8ac0c6f8457c4b833e5771b4f273ed815ab2d189a65c4afa9ca9e3975
-  Sections:
-    .text:
-      Entropy: 6.137423926314564
-      Virtual Size: '0x25a0'
-    .rdata:
-      Entropy: 4.315810674049461
-      Virtual Size: '0xf68'
-    .data:
-      Entropy: 2.0732868843388097
-      Virtual Size: '0x22c'
-    .pdata:
-      Entropy: 4.199286592950671
-      Virtual Size: '0x2f4'
-    PAGE:
-      Entropy: 6.228697679351415
-      Virtual Size: '0x1a1b'
-    INIT:
-      Entropy: 5.210944759781676
-      Virtual Size: '0x818'
-    .rsrc:
-      Entropy: 3.282250655906871
-      Virtual Size: '0x380'
-    .reloc:
-      Entropy: 3.698934896284056
-      Virtual Size: '0x30'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2019-06-13 07:35:39'
-  Imphash: d122c1eaa50839be14c31876d0d4e0be
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: procexp.Sys
-  MD5: 8e78ab9b9709bafb11695a0a6eddeff9
-  SHA1: 2f9b0cd96d961e49d5d3b416028fd3a0e43d6a28
-  SHA256: 3c7e5b25a33a7805c999d318a9523fcae46695a89f55bbdb8bb9087360323dfc
-  Authentihash:
-    MD5: acacde5c8a3a37b4fa43d9b651df85ea
-    SHA1: f14e20cea5fac19bca02f5b067d12a459a393467
-    SHA256: c286dfac5ca413efeb1936e876688b6bd46d25dc64206f86efb4f52ad83d1889
-  Description: Process Explorer
-  Company: Sysinternals - www.sysinternals.com
-  InternalName: procexp.sys
-  OriginalFilename: procexp.Sys
-  FileVersion: '15.00'
-  Product: Process Explorer
-  ProductVersion: '15.00'
-  Copyright: Copyright (C) M. Russinovich 1996-2011
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - ObfDereferenceObject
-  - ObOpenObjectByPointer
-  - ObReferenceObjectByHandle
-  - __C_specific_handler
-  - RtlFreeAnsiString
-  - RtlUnicodeStringToAnsiString
-  - ObQueryNameString
-  - ExFreePoolWithTag
-  - strlen
-  - strncpy
-  - wcslen
-  - ExAllocatePoolWithTag
-  - ZwQueryObject
-  - KeUnstackDetachProcess
-  - KeStackAttachProcess
-  - PsLookupProcessByProcessId
-  - ZwClose
-  - ZwDuplicateObject
-  - ZwOpenProcess
-  - ObCloseHandle
-  - IoFileObjectType
-  - ZwQuerySystemInformation
-  - MmIsAddressValid
-  - PsThreadType
-  - ZwQueryInformationProcess
-  - PsProcessType
-  - KeWaitForSingleObject
-  - ZwOpenProcessToken
-  - IofCompleteRequest
-  - SeReleaseSubjectContext
-  - SePrivilegeCheck
-  - ExGetPreviousMode
-  - SeCaptureSubjectContext
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - ObOpenObjectByName
-  - IoCreateSymbolicLink
-  - MmGetSystemRoutineAddress
-  - NtBuildNumber
-  - IoCreateDevice
-  - ZwSetSecurityObject
-  - IoDeviceObjectType
-  - _snwprintf
-  - RtlLengthSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - RtlCreateSecurityDescriptor
-  - RtlSetDaclSecurityDescriptor
-  - RtlAbsoluteToSelfRelativeSD
-  - IoIsWdmVersionAvailable
-  - SeExports
-  - wcschr
-  - _wcsnicmp
-  - RtlLengthSid
-  - RtlAddAccessAllowedAce
-  - RtlGetSaclSecurityDescriptor
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - ZwOpenKey
-  - ZwCreateKey
-  - ZwQueryValueKey
-  - ZwSetValueKey
-  - RtlFreeUnicodeString
-  - KeBugCheckEx
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Texas, L=Austin, O=Sysinternals, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, OU=Headquarters, CN=Sysinternals
-      ValidFrom: '2010-03-04 00:00:00'
-      ValidTo: '2013-04-18 23:59:59'
-      Signature: 699b1e86265a9879a822a8a6699a8c10445951bf2b4f573e73a1d61d4cb8279a8069fc69f009280908b49182f4701c7928c3c2b6d586365f50278ef35f08b6cdf8208a12e1ac531ef354a0ccd6e3e3f2f46cb624ad8e38a40143793950d6c4da6a9aeb3420d16f7edbf1e9394464e64dd68c3a227dc7e39217e3539b630ab82a9ffed252b8a89d32c2d373e53bbfc4d7110f58a7a8fb88fdb9d918251ad2a6e1315725007597a4492ee39b513e0dde05fe421fe4ef18cf7b86f5165ae71a6fe40948f0fa39e3a9d681be276f20295d2132e53043f5db8a1ed02ebbf7f32b574e95cb607aafac1ba41c77151ade1984532df7ac190fb57e17f730a197050c0e32
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 4112e632c7b18a029a3a1fac803ab89f
-      Version: 3
-      TBS:
-        MD5: 55a4c08c9404782113330a8cd169ed20
-        SHA1: 74807ba52ae6108b0fbac5031090b3295b2c3bba
-        SHA256: 3fe3c656e859492b0d4bb2c4c2020ae816340f985e054239d3342ffb93269b16
-        SHA384: 653eeae6166aec45fd75b679034bec2a53623d999b14ebfbc821067c1c041eaa5f00cf8e7e7330ad793b880aa35f6c4e
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 4112e632c7b18a029a3a1fac803ab89f
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 78726760a9bf9be61589052b60d61ff2
-    SHA1: 6667039bfab04d76be83ed4e99d280965f2a88b2
-    SHA256: 5ebe6e73c02e720960a435c91c80679ee272f215795d3321969b72820365418e
-  Sections:
-    .text:
-      Entropy: 5.522949950133435
-      Virtual Size: '0x3193'
-    .rdata:
-      Entropy: 4.339948425571505
-      Virtual Size: '0x8b8'
-    .data:
-      Entropy: 4.48191551836309
-      Virtual Size: '0x9d0'
-    .pdata:
-      Entropy: 4.13079962034881
-      Virtual Size: '0x300'
-    PAGE:
-      Entropy: 6.230330583561505
-      Virtual Size: '0x1a1b'
-    INIT:
-      Entropy: 5.199891508904556
-      Virtual Size: '0x83c'
-    .rsrc:
-      Entropy: 3.2729894475085453
-      Virtual Size: '0x380'
-    .reloc:
-      Entropy: 1.1266429267004154
-      Virtual Size: '0x60'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2012-06-16 15:21:56'
-  Imphash: 8a5edbe5251fe141ea0262d5d572178b
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: procexp.Sys
-  MD5: a91a1bc393971a662a3210dac8c17dfd
-  SHA1: e4fcb363cfe9de0e32096fa5be94a41577a89bb0
-  SHA256: 3ff39728f1c11d1108f65ec5eb3d722fd1a1279c530d79712e0d32b34880baaa
-  Authentihash:
-    MD5: 455eb57840b64c8fe0d942ea5da23c6b
-    SHA1: aa8756d00691d3d8959b68c3626ba896cc2709fb
-    SHA256: 1a902521c5f82ad9acac815229a00e6ed9137b8d49106b64147b088ff89d0f01
-  Description: Process Explorer
-  Company: Sysinternals - www.sysinternals.com
-  InternalName: procexp.sys
-  OriginalFilename: procexp.Sys
-  FileVersion: '11.40'
-  Product: Process Explorer
-  ProductVersion: '11.40'
-  Copyright: Copyright (C) M. Russinovich 1996-2010
-  MachineType: I386
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - ObQueryNameString
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - ZwQueryObject
-  - KeDetachProcess
-  - ObReferenceObjectByHandle
-  - KeAttachProcess
-  - ObfDereferenceObject
-  - PsLookupProcessByProcessId
-  - ZwClose
-  - ZwDuplicateObject
-  - ZwOpenProcess
-  - ZwQuerySystemInformation
-  - MmIsAddressValid
-  - memset
-  - ObOpenObjectByPointer
-  - RtlUnicodeStringToAnsiString
-  - NtClose
-  - ZwOpenProcessToken
-  - memcpy
-  - IofCompleteRequest
-  - SeReleaseSubjectContext
-  - SePrivilegeCheck
-  - ExGetPreviousMode
-  - SeCaptureSubjectContext
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - IoCreateSymbolicLink
-  - MmGetSystemRoutineAddress
-  - NtBuildNumber
-  - KeTickCount
-  - KeBugCheckEx
-  - strncpy
-  - ZwQueryInformationProcess
-  - RtlFreeAnsiString
-  - RtlUnwind
-  - ZwSetSecurityObject
-  - IoDeviceObjectType
-  - IoCreateDevice
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetSaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - _snwprintf
-  - RtlLengthSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - SeExports
-  - IoIsWdmVersionAvailable
-  - _wcsnicmp
-  - RtlAddAccessAllowedAce
-  - RtlLengthSid
-  - wcschr
-  - RtlAbsoluteToSelfRelativeSD
-  - RtlSetDaclSecurityDescriptor
-  - RtlCreateSecurityDescriptor
-  - ZwOpenKey
-  - ZwCreateKey
-  - ZwQueryValueKey
-  - ZwSetValueKey
-  - RtlFreeUnicodeString
-  - KfLowerIrql
-  - KfRaiseIrql
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=US, ST=Texas, L=Austin, O=Sysinternals, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, OU=Headquarters, CN=Sysinternals
-      ValidFrom: '2007-03-05 00:00:00'
-      ValidTo: '2010-04-19 23:59:59'
-      Signature: a1ce9df2911dc8d72282d3c41cc94a5ec63e00dbdf60015908bc703678b1a68e25d1ec5780e425ffb68e3e1bb0ea62cc9ba43c0e262cfa5f6c552458696acb67422328df20215aa22e5e8d4417d8688fcb06c1de0fe431e6811596fb0dcbe8678fe69098653687b041ab4eefd3181964c0a5225fe0a1606ff4c12c3f57d7e620860dcd66a8b856438dfb87d10e50beea9e838964d2584811fa83287ef363e88e4fc5b8d09f2fb4feeb7fd7f2a77661cb75ed56a0d3b60fdeed43674757704753721df8c8801ee85e4818fafb012399b1d36a8e17b8e40cbaa0fd891b6d2e0515dbd4d743e42eea35a9b191bf26a850eff41a5aa6d95790329c8a21a88c11faba
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 7d2c89d309e57beef2d791bb8ed6a26f
-      Version: 3
-      TBS:
-        MD5: ae18dfd140f9414eadf1f611ec1b84b7
-        SHA1: 9aecb2568e995d5965e49acf3ff247bc3d1ab99c
-        SHA256: f14ce5fe5f508ced18d652e8211edb00c1c773899d03d18dec932df9c54f0a86
-        SHA384: c2a6c771b86b687befda12f6871e2f0d473317b4694f25ddc835d2f203953870f26ae9994822e53fcddaeb012f2b6740
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 7d2c89d309e57beef2d791bb8ed6a26f
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 0d2827279de53381241bc9e2f3cd3b37
-    SHA1: 553d0e9497ca6fab0cfe6e576e55a0a8727856c3
-    SHA256: 6b3aa920729075ad11455f6df6ce1cece1555725d1b570f61aef163ade76c2d3
-  Sections:
-    .text:
-      Entropy: 6.296981930022721
-      Virtual Size: '0x1640'
-    .rdata:
-      Entropy: 3.864022209011694
-      Virtual Size: '0x49c'
-    .data:
-      Entropy: 2.165957212826059
-      Virtual Size: '0x1b4'
-    PAGE:
-      Entropy: 6.253761393386401
-      Virtual Size: '0x13e2'
-    INIT:
-      Entropy: 5.513149658648293
-      Virtual Size: '0x6cc'
-    .rsrc:
-      Entropy: 3.2889357847563603
-      Virtual Size: '0x380'
-    .reloc:
-      Entropy: 5.7007058924695935
-      Virtual Size: '0x29e'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2010-03-30 18:27:21'
-  Imphash: ebf30b4cd57a4f4548a03eab0f6c418c
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: procexp.Sys
-  MD5: e4a0bba88605d4c07b58a2cc3fac0fe9
-  SHA1: ac31d15851c0af14d60cfce23f00c4b7887d3cb7
-  SHA256: 46621554728bc55438c7c241137af401250f062edef6e7efecf1a6f0f6d0c1f7
-  Authentihash:
-    MD5: 24263d0e152884eb7d180070164830c8
-    SHA1: 929c28f99d550278415c7087b71511e44439a41c
-    SHA256: b4f9272894f926d4f3b957fca673140a3a24dc896f1a49badaa1e04687b223cd
-  Description: Process Explorer
-  Company: Sysinternals - www.sysinternals.com
-  InternalName: procexp.sys
-  OriginalFilename: procexp.Sys
-  FileVersion: '15.00'
-  Product: Process Explorer
-  ProductVersion: '15.00'
-  Copyright: Copyright (C) M. Russinovich 1996-2011
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - ObfDereferenceObject
-  - ObOpenObjectByPointer
-  - ObReferenceObjectByHandle
-  - __C_specific_handler
-  - RtlFreeAnsiString
-  - RtlUnicodeStringToAnsiString
-  - ObQueryNameString
-  - ExFreePoolWithTag
-  - strlen
-  - strncpy
-  - wcslen
-  - ExAllocatePoolWithTag
-  - ZwQueryObject
-  - KeDetachProcess
-  - KeAttachProcess
-  - PsLookupProcessByProcessId
-  - ZwClose
-  - ZwDuplicateObject
-  - ZwOpenProcess
-  - ZwQuerySystemInformation
-  - MmIsAddressValid
-  - ZwQueryInformationProcess
-  - KeWaitForSingleObject
-  - NtClose
-  - ZwOpenProcessToken
-  - IofCompleteRequest
-  - SeReleaseSubjectContext
-  - SePrivilegeCheck
-  - ExGetPreviousMode
-  - SeCaptureSubjectContext
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - IoCreateSymbolicLink
-  - MmGetSystemRoutineAddress
-  - NtBuildNumber
-  - IoCreateDevice
-  - ZwSetSecurityObject
-  - IoDeviceObjectType
-  - _snwprintf
-  - RtlLengthSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - RtlCreateSecurityDescriptor
-  - RtlSetDaclSecurityDescriptor
-  - RtlAbsoluteToSelfRelativeSD
-  - IoIsWdmVersionAvailable
-  - SeExports
-  - wcschr
-  - _wcsnicmp
-  - RtlLengthSid
-  - RtlAddAccessAllowedAce
-  - RtlGetSaclSecurityDescriptor
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - ZwOpenKey
-  - ZwCreateKey
-  - ZwQueryValueKey
-  - ZwSetValueKey
-  - RtlFreeUnicodeString
-  - KeBugCheckEx
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Texas, L=Austin, O=Sysinternals, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, OU=Headquarters, CN=Sysinternals
-      ValidFrom: '2010-03-04 00:00:00'
-      ValidTo: '2013-04-18 23:59:59'
-      Signature: 699b1e86265a9879a822a8a6699a8c10445951bf2b4f573e73a1d61d4cb8279a8069fc69f009280908b49182f4701c7928c3c2b6d586365f50278ef35f08b6cdf8208a12e1ac531ef354a0ccd6e3e3f2f46cb624ad8e38a40143793950d6c4da6a9aeb3420d16f7edbf1e9394464e64dd68c3a227dc7e39217e3539b630ab82a9ffed252b8a89d32c2d373e53bbfc4d7110f58a7a8fb88fdb9d918251ad2a6e1315725007597a4492ee39b513e0dde05fe421fe4ef18cf7b86f5165ae71a6fe40948f0fa39e3a9d681be276f20295d2132e53043f5db8a1ed02ebbf7f32b574e95cb607aafac1ba41c77151ade1984532df7ac190fb57e17f730a197050c0e32
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 4112e632c7b18a029a3a1fac803ab89f
-      Version: 3
-      TBS:
-        MD5: 55a4c08c9404782113330a8cd169ed20
-        SHA1: 74807ba52ae6108b0fbac5031090b3295b2c3bba
-        SHA256: 3fe3c656e859492b0d4bb2c4c2020ae816340f985e054239d3342ffb93269b16
-        SHA384: 653eeae6166aec45fd75b679034bec2a53623d999b14ebfbc821067c1c041eaa5f00cf8e7e7330ad793b880aa35f6c4e
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 4112e632c7b18a029a3a1fac803ab89f
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 06af0fa035494c3b0a64ed4d30b92a1d
-    SHA1: a28ec273392c9087398ad288220d05f5a05bfd73
-    SHA256: dc52d97ba63a84b49265c1c6d9a802ee7e0d3151f917ed1a9840711caddb6fd5
-  Sections:
-    .text:
-      Entropy: 5.574488362960796
-      Virtual Size: '0x2d8f'
-    .rdata:
-      Entropy: 4.3611610571192605
-      Virtual Size: '0x890'
-    .data:
-      Entropy: 4.5196692261371245
-      Virtual Size: '0x970'
-    .pdata:
-      Entropy: 4.1349798434712515
-      Virtual Size: '0x2f4'
-    PAGE:
-      Entropy: 6.226121511186966
-      Virtual Size: '0x1a1b'
-    INIT:
-      Entropy: 5.188603622455519
-      Virtual Size: '0x7be'
-    .rsrc:
-      Entropy: 3.2752215903656885
-      Virtual Size: '0x380'
-    .reloc:
-      Entropy: 1.2270124269441627
-      Virtual Size: '0x60'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2011-12-30 16:49:03'
-  Imphash: f27327907e57c0c2c9fddc68eab2eb7b
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: procexp.Sys
-  MD5: 880686bceaf66bfde3c80569eb1ebfa7
-  SHA1: 10b9ae9286837b3bf6a00771c7e81adbdea3cbfe
-  SHA256: 51e91dd108d974ae809e5fc23f6fbd16e13f672f86aa594dae4a5c4bc629b0b5
-  Authentihash:
-    MD5: 5d265a745ca048fb2ee0a59cc7ffc8aa
-    SHA1: e5d5076fca6ed125d14d9f70fff802a1fa992ac6
-    SHA256: 17bdeeb4447f0758c3720991d3ed43a405efb49fd2cdbb37f7b5feb349693acb
-  Description: Process Explorer
-  Company: Sysinternals - www.sysinternals.com
-  InternalName: procexp.sys
-  OriginalFilename: procexp.Sys
-  FileVersion: '12.00'
-  Product: Process Explorer
-  ProductVersion: '12.00'
-  Copyright: Copyright (C) M. Russinovich 1996-2010
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - ExAllocatePoolWithTag
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - NtBuildNumber
-  - PsLookupProcessByProcessId
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - ExGetPreviousMode
-  - MmGetSystemRoutineAddress
-  - ZwQueryObject
-  - RtlUnicodeStringToAnsiString
-  - ZwQuerySystemInformation
-  - ZwOpenProcessToken
-  - SeReleaseSubjectContext
-  - KeDetachProcess
-  - ObQueryNameString
-  - strncpy
-  - SeCaptureSubjectContext
-  - NtClose
-  - ZwClose
-  - IofCompleteRequest
-  - ObReferenceObjectByHandle
-  - ZwDuplicateObject
-  - RtlFreeAnsiString
-  - KeAttachProcess
-  - ZwOpenProcess
-  - ZwQueryInformationProcess
-  - IoCreateSymbolicLink
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - ObOpenObjectByPointer
-  - SePrivilegeCheck
-  - KeBugCheckEx
-  - IoCreateDevice
-  - ZwSetSecurityObject
-  - IoDeviceObjectType
-  - _snwprintf
-  - RtlLengthSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - RtlCreateSecurityDescriptor
-  - RtlSetDaclSecurityDescriptor
-  - RtlAbsoluteToSelfRelativeSD
-  - IoIsWdmVersionAvailable
-  - SeExports
-  - wcschr
-  - _wcsnicmp
-  - RtlLengthSid
-  - RtlAddAccessAllowedAce
-  - RtlGetSaclSecurityDescriptor
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - ZwOpenKey
-  - ZwCreateKey
-  - ZwQueryValueKey
-  - ZwSetValueKey
-  - RtlFreeUnicodeString
-  - __C_specific_handler
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Texas, L=Austin, O=Sysinternals, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, OU=Headquarters, CN=Sysinternals
-      ValidFrom: '2010-03-04 00:00:00'
-      ValidTo: '2013-04-18 23:59:59'
-      Signature: 699b1e86265a9879a822a8a6699a8c10445951bf2b4f573e73a1d61d4cb8279a8069fc69f009280908b49182f4701c7928c3c2b6d586365f50278ef35f08b6cdf8208a12e1ac531ef354a0ccd6e3e3f2f46cb624ad8e38a40143793950d6c4da6a9aeb3420d16f7edbf1e9394464e64dd68c3a227dc7e39217e3539b630ab82a9ffed252b8a89d32c2d373e53bbfc4d7110f58a7a8fb88fdb9d918251ad2a6e1315725007597a4492ee39b513e0dde05fe421fe4ef18cf7b86f5165ae71a6fe40948f0fa39e3a9d681be276f20295d2132e53043f5db8a1ed02ebbf7f32b574e95cb607aafac1ba41c77151ade1984532df7ac190fb57e17f730a197050c0e32
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 4112e632c7b18a029a3a1fac803ab89f
-      Version: 3
-      TBS:
-        MD5: 55a4c08c9404782113330a8cd169ed20
-        SHA1: 74807ba52ae6108b0fbac5031090b3295b2c3bba
-        SHA256: 3fe3c656e859492b0d4bb2c4c2020ae816340f985e054239d3342ffb93269b16
-        SHA384: 653eeae6166aec45fd75b679034bec2a53623d999b14ebfbc821067c1c041eaa5f00cf8e7e7330ad793b880aa35f6c4e
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 4112e632c7b18a029a3a1fac803ab89f
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 64b3eb9ab6aa05642765b3ed3433f961
-    SHA1: 33d624aacacbef6591bd60b851034a7b14fac938
-    SHA256: ec592d4c182b05a26b286d78201e870e091c9d6d98f5eade5a48be6a060f5ba9
-  Sections:
-    .text:
-      Entropy: 6.1214097189278265
-      Virtual Size: '0x1b42'
-    .rdata:
-      Entropy: 4.321784985283108
-      Virtual Size: '0x7f8'
-    .data:
-      Entropy: 1.3979136028359334
-      Virtual Size: '0x314'
-    .pdata:
-      Entropy: 4.1873206533709775
-      Virtual Size: '0x24c'
-    PAGE:
-      Entropy: 6.217617404924
-      Virtual Size: '0x1a47'
-    INIT:
-      Entropy: 5.182814317902468
-      Virtual Size: '0x78a'
-    .rsrc:
-      Entropy: 3.26616908006282
-      Virtual Size: '0x380'
-    .reloc:
-      Entropy: 1.2280731978955797
-      Virtual Size: '0x60'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2011-04-25 12:19:41'
-  Imphash: 505e0a016962137ca6169bce64ba2f53
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: procexp.Sys
-  MD5: ad03f225247b58a57584b40a4d1746d3
-  SHA1: e525f54b762c10703c975132e8fc21b6cd88d39b
-  SHA256: 59b09bd69923c0b3de3239e73205b1846a5f69043546d471b259887bb141d879
-  Authentihash:
-    MD5: 9e4c2a2e8832f10ecdd2be70eb6bc300
-    SHA1: 2b15e90dc654ce779bd460787352639768cd8baa
-    SHA256: 26536758c2247b6251a342d2e80de1753c006a0dce9b3b8a6a5b1d3110c8fc34
-  Description: Process Explorer
-  Company: Sysinternals - www.sysinternals.com
-  InternalName: procexp.sys
-  OriginalFilename: procexp.Sys
-  FileVersion: '15.00'
-  Product: Process Explorer
-  ProductVersion: '15.00'
-  Copyright: Copyright (C) Mark Russinovich 1996-2014
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - strncpy
-  - RtlInitUnicodeString
-  - RtlUnicodeStringToAnsiString
-  - RtlFreeAnsiString
-  - KeWaitForSingleObject
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - ExGetPreviousMode
-  - MmGetSystemRoutineAddress
-  - SeCaptureSubjectContext
-  - SeReleaseSubjectContext
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ObReferenceObjectByHandle
-  - ObfDereferenceObject
-  - ZwClose
-  - MmIsAddressValid
-  - ZwOpenProcess
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - SePrivilegeCheck
-  - PsLookupProcessByProcessId
-  - ObOpenObjectByPointer
-  - ObQueryNameString
-  - ZwQueryObject
-  - ZwDuplicateObject
-  - ZwOpenProcessToken
-  - ZwQueryInformationProcess
-  - ZwQuerySystemInformation
-  - ObCloseHandle
-  - ObOpenObjectByName
-  - __C_specific_handler
-  - IoFileObjectType
-  - PsProcessType
-  - PsThreadType
-  - NtBuildNumber
-  - IoCreateDevice
-  - ZwSetSecurityObject
-  - IoDeviceObjectType
-  - _snwprintf
-  - RtlLengthSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - RtlCreateSecurityDescriptor
-  - RtlSetDaclSecurityDescriptor
-  - RtlAbsoluteToSelfRelativeSD
-  - IoIsWdmVersionAvailable
-  - SeExports
-  - wcschr
-  - _wcsnicmp
-  - RtlLengthSid
-  - RtlAddAccessAllowedAce
-  - RtlGetSaclSecurityDescriptor
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - ZwOpenKey
-  - ZwCreateKey
-  - ZwQueryValueKey
-  - ZwSetValueKey
-  - RtlFreeUnicodeString
-  - KeBugCheckEx
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, ST=Washington, L=Redmond, O=Sysinternals, OU=Digital ID Class
-        3 , Microsoft Software Validation v2, CN=Sysinternals
-      ValidFrom: '2013-04-06 00:00:00'
-      ValidTo: '2016-05-05 23:59:59'
-      Signature: dcae28e748027154f884826e2ddb877a410d735e07184d1777b9fe78bb3458d7b9cb6be5a892e1f6f16f040f4c143bb40dee252c632d495822bf8eef37429257332efd651b27023dba183f9824886a3602f3a0b3d78addfc85e235da619e504d300242eb19dc85c34d170a78d849372b6fb7de286fe6ed87c62f45d8e7ddf4840c009fadfbb0cf4268f0d476113f2f970d04be95e41665f20166a156b5a407c62f7e7b3d7b2acce45a615af50c85631dadab3088137df317645ef6c901b313a02abe7cf128aff2a16dfebb8e1dc4d39b5919e9433955fc3f2ba065833b573ef8e346f1505e613d5cee2efc71d7b5477a80dcc32ae5acb580370ddfa9dda309f2
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1efd983a49d3f152ac9cd2941b8a0edd
-      Version: 3
-      TBS:
-        MD5: 1b7ca026e68405de56477b5b7bb3a0a5
-        SHA1: b2a1bd13d8833154f02e51e25c9f023d54a27d21
-        SHA256: 2018b8e7ea18c392558dcd375742cc792648ec23e5eb07d7987c27c76f4c62c0
-        SHA384: a8ccad9eeb4974ba9504241c685e7e1dd85e0de420c0ae077f8f3e92b3ab7c9a1653b3d0d535250a741bb7e36ec2f06a
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 1efd983a49d3f152ac9cd2941b8a0edd
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: a052ed4e5d10c66e3e667a42fcdcc54a
-    SHA1: 04b9d41ef58b5aaaca72f0ce222a8adfbe8ad251
-    SHA256: c254feaf8c3e788a6ec9d41de0d7bad054f4347a8347d6806840cd1d9030ed4a
-  Sections:
-    .text:
-      Entropy: 6.194112925534596
-      Virtual Size: '0x2370'
-    .rdata:
-      Entropy: 4.439763008453193
-      Virtual Size: '0xb80'
-    .data:
-      Entropy: 2.0654743843388097
-      Virtual Size: '0x224'
-    .pdata:
-      Entropy: 4.238715005322108
-      Virtual Size: '0x2e8'
-    PAGE:
-      Entropy: 6.226087739371598
-      Virtual Size: '0x1a1b'
-    INIT:
-      Entropy: 5.215673013101648
-      Virtual Size: '0x818'
-    .rsrc:
-      Entropy: 3.282250655906871
-      Virtual Size: '0x380'
-    .reloc:
-      Entropy: 2.855388542207534
-      Virtual Size: '0x18'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2015-05-10 22:52:10'
-  Imphash: 4792bcb395d06f9efb72e8020c4af5e6
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: procexp.Sys
-  MD5: 90f8c1b76f786814d03ef4c51d4abb6d
-  SHA1: d1c38145addfed1bcd1b400334ff5a5e2ef9a5c6
-  SHA256: 6bfc0f425de9f4e7480aa2d1f2e08892d0553ed0df1c31e9bf3d8d702f38fa2e
-  Authentihash:
-    MD5: 028b8d642c1c76b18b74f3e0f76b3522
-    SHA1: 1aa871802d7278272172d9d7faabf8c8292996a3
-    SHA256: 76adb3fa346058e95ba3fd549fd48a15adaf4920a3109391f52053ebf39e62cc
-  Description: Process Explorer
-  Company: Sysinternals - www.sysinternals.com
-  InternalName: procexp.sys
-  OriginalFilename: procexp.Sys
-  FileVersion: '15.00'
-  Product: Process Explorer
-  ProductVersion: '15.00'
-  Copyright: Copyright (C) M. Russinovich 1996-2011
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - ObfDereferenceObject
-  - ObOpenObjectByPointer
-  - ObReferenceObjectByHandle
-  - __C_specific_handler
-  - RtlFreeAnsiString
-  - RtlUnicodeStringToAnsiString
-  - ObQueryNameString
-  - ExFreePoolWithTag
-  - strlen
-  - strncpy
-  - wcslen
-  - ExAllocatePoolWithTag
-  - ZwQueryObject
-  - KeUnstackDetachProcess
-  - KeStackAttachProcess
-  - PsLookupProcessByProcessId
-  - ZwClose
-  - ZwDuplicateObject
-  - ZwOpenProcess
-  - ObCloseHandle
-  - IoFileObjectType
-  - ZwQuerySystemInformation
-  - MmIsAddressValid
-  - PsThreadType
-  - ZwQueryInformationProcess
-  - PsProcessType
-  - KeWaitForSingleObject
-  - ZwOpenProcessToken
-  - IofCompleteRequest
-  - SeReleaseSubjectContext
-  - SePrivilegeCheck
-  - ExGetPreviousMode
-  - SeCaptureSubjectContext
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - ObOpenObjectByName
-  - IoCreateSymbolicLink
-  - MmGetSystemRoutineAddress
-  - NtBuildNumber
-  - IoCreateDevice
-  - ZwSetSecurityObject
-  - IoDeviceObjectType
-  - _snwprintf
-  - RtlLengthSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - RtlCreateSecurityDescriptor
-  - RtlSetDaclSecurityDescriptor
-  - RtlAbsoluteToSelfRelativeSD
-  - IoIsWdmVersionAvailable
-  - SeExports
-  - wcschr
-  - _wcsnicmp
-  - RtlLengthSid
-  - RtlAddAccessAllowedAce
-  - RtlGetSaclSecurityDescriptor
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - ZwOpenKey
-  - ZwCreateKey
-  - ZwQueryValueKey
-  - ZwSetValueKey
-  - RtlFreeUnicodeString
-  - KeBugCheckEx
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Washington, L=Redmond, O=Sysinternals, OU=Digital ID Class
-        3 , Microsoft Software Validation v2, CN=Sysinternals
-      ValidFrom: '2013-04-06 00:00:00'
-      ValidTo: '2016-05-05 23:59:59'
-      Signature: dcae28e748027154f884826e2ddb877a410d735e07184d1777b9fe78bb3458d7b9cb6be5a892e1f6f16f040f4c143bb40dee252c632d495822bf8eef37429257332efd651b27023dba183f9824886a3602f3a0b3d78addfc85e235da619e504d300242eb19dc85c34d170a78d849372b6fb7de286fe6ed87c62f45d8e7ddf4840c009fadfbb0cf4268f0d476113f2f970d04be95e41665f20166a156b5a407c62f7e7b3d7b2acce45a615af50c85631dadab3088137df317645ef6c901b313a02abe7cf128aff2a16dfebb8e1dc4d39b5919e9433955fc3f2ba065833b573ef8e346f1505e613d5cee2efc71d7b5477a80dcc32ae5acb580370ddfa9dda309f2
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1efd983a49d3f152ac9cd2941b8a0edd
-      Version: 3
-      TBS:
-        MD5: 1b7ca026e68405de56477b5b7bb3a0a5
-        SHA1: b2a1bd13d8833154f02e51e25c9f023d54a27d21
-        SHA256: 2018b8e7ea18c392558dcd375742cc792648ec23e5eb07d7987c27c76f4c62c0
-        SHA384: a8ccad9eeb4974ba9504241c685e7e1dd85e0de420c0ae077f8f3e92b3ab7c9a1653b3d0d535250a741bb7e36ec2f06a
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 1efd983a49d3f152ac9cd2941b8a0edd
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 0d17e05fea90e97edacc66532133bb1a
-    SHA1: 876c6595954f77341bcd153315bd7806af4a7230
-    SHA256: 219a730631a67f4dcd6e2fc1f918f2532698dde1bb734391fe323b69b7349edd
-  Sections:
-    .text:
-      Entropy: 5.526495684182833
-      Virtual Size: '0x31a3'
-    .rdata:
-      Entropy: 4.333968530107277
-      Virtual Size: '0x8b8'
-    .data:
-      Entropy: 4.48191551836309
-      Virtual Size: '0x9d0'
-    .pdata:
-      Entropy: 4.158668830245067
-      Virtual Size: '0x300'
-    PAGE:
-      Entropy: 6.228863895048878
-      Virtual Size: '0x1a1b'
-    INIT:
-      Entropy: 5.199891508904556
-      Virtual Size: '0x83c'
-    .rsrc:
-      Entropy: 3.2729894475085453
-      Virtual Size: '0x380'
-    .reloc:
-      Entropy: 1.1266429267004154
-      Virtual Size: '0x60'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2013-10-20 18:16:05'
-  Imphash: 8a5edbe5251fe141ea0262d5d572178b
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: procexp.Sys
-  MD5: f9d04e99e4cab90973226a4555bc6d57
-  SHA1: 96ec8c16f6a54b48e9a7f0d0416a529f4bf9ac11
-  SHA256: 6e944ae1bfe43a8a7cd2ea65e518a30172ce8f31223bdfd39701b2cb41d8a9e7
-  Authentihash:
-    MD5: 8e66ec7a60a2b67386516a2e9a236d6b
-    SHA1: 07dfb6fe9b3876c0e1b1cda010cb3cc24ff2ce25
-    SHA256: 6b3316496ab1e2d1ef02be966d9caa171674856e8fb8ea78d6a3bcfe8e2013c1
-  Description: Process Explorer
-  Company: Sysinternals - www.sysinternals.com
-  InternalName: procexp.sys
-  OriginalFilename: procexp.Sys
-  FileVersion: '15.00'
-  Product: Process Explorer
-  ProductVersion: '15.00'
-  Copyright: Copyright (C) Mark Russinovich 1996-2014
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - strncpy
-  - RtlInitUnicodeString
-  - RtlUnicodeStringToAnsiString
-  - RtlFreeAnsiString
-  - KeWaitForSingleObject
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - ExGetPreviousMode
-  - MmGetSystemRoutineAddress
-  - SeCaptureSubjectContext
-  - SeReleaseSubjectContext
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ObReferenceObjectByHandle
-  - ObfDereferenceObject
-  - ZwClose
-  - MmIsAddressValid
-  - PsGetVersion
-  - ZwOpenProcess
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - SePrivilegeCheck
-  - PsLookupProcessByProcessId
-  - ObOpenObjectByPointer
-  - ObQueryNameString
-  - ZwQueryObject
-  - ZwDuplicateObject
-  - ZwOpenProcessToken
-  - ZwQueryInformationProcess
-  - ZwQuerySystemInformation
-  - ObCloseHandle
-  - ObOpenObjectByName
-  - __C_specific_handler
-  - IoFileObjectType
-  - PsProcessType
-  - PsThreadType
-  - IoCreateDevice
-  - ZwSetSecurityObject
-  - IoDeviceObjectType
-  - _snwprintf
-  - RtlLengthSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - RtlCreateSecurityDescriptor
-  - RtlSetDaclSecurityDescriptor
-  - RtlAbsoluteToSelfRelativeSD
-  - IoIsWdmVersionAvailable
-  - SeExports
-  - wcschr
-  - _wcsnicmp
-  - RtlLengthSid
-  - RtlAddAccessAllowedAce
-  - RtlGetSaclSecurityDescriptor
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - ZwOpenKey
-  - ZwCreateKey
-  - ZwQueryValueKey
-  - ZwSetValueKey
-  - RtlFreeUnicodeString
-  - KeBugCheckEx
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft
-        Operations Puerto Rico, OU=Thales TSS ESN:BBEC,30CA,2DBE, CN=Microsoft Time,Stamp
-        Service
-      ValidFrom: '2018-08-23 20:20:02'
-      ValidTo: '2019-11-23 20:20:02'
-      Signature: 18296d831c69501fcc0fba56af62fea612d3e1df8e88026af0152c003451479cc1ed1574a00da10660272dc5dd446a18c647b100a47b4c65d0ab4004131aebb3c988b6937214ee9dc7c2e381988b8fe0582c47fa97c21c9b0f11e198b8449015b171f00cb487241b0e339902adfd55f0adbc38b374e77f6daa6e5868b6197ba2122f927de072de2aa467f3175f948d3c29dacac8c697f26e08d840876c6c919bc522b59cf1fb5ee1b23bd9047b02b3a9edd5b1ad4b3be3bf7dec5a093e5732f75c5389eb28c6f95f1bd1c81381e96725eaf4df641c32aed1e77a8fdcdaa360c4b39c6257c5c14c57dc1a380e165cc2f3bfffc9c9ce9d36907e2c74cafdd5f722
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 33000000f6380d9a86d05ca43b0000000000f6
-      Version: 3
-      TBS:
-        MD5: 3094214121c022fb9a5e410920d5eb96
-        SHA1: 388c68e81cfc19e838d5070ac4e6793b32bfd293
-        SHA256: 0fe53b3d3a84a2b9768554a34a64622ed13cd1b915bdacdc4955e12cc24b4da9
-        SHA384: 8bdb4ff21bcdd1436dc37b1e6c9c7fb32178462243304b51a6277b5291a9421dd65fb238c8711b1aef75b85375a92599
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Hardware Compatibility Publisher
-      ValidFrom: '2018-06-08 17:24:26'
-      ValidTo: '2019-05-29 17:24:26'
-      Signature: 507e1dabe5c8a200d7b848d718478b9b2278f88da52f23c4c297c0694d76611430bff53bbe64c2bf85fa5ed551cef1d014dcf7f38109ebb5d8474c628715d4c10dd49f303cbe25aaca38d589b581c1e9786abfb23e79aa332cca8ddeeae9958623887375b40836c23f972646b8b8eac96f0b3dcbc88d56062c54a14d1e7f52ed4eb9d6e0e876fab6029355c1c7f791c63ce9ecfe5d78ffb5ba3ffb21fa78edca381c8717d1c23d01c3f0aa36cb01434f68c981c5924f04089d731c26846e466255679fab67bdfc16ab0debbc2d17f9458dcf4176ac6d63e1bb673a2d7daec55618183ae25d420dc2f7874c295fd7a4afef5cf609247c7c50f75aba8f0195fe03
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 33000000317c61d46115ceba6a000100000031
-      Version: 3
-      TBS:
-        MD5: 9a2de17c0445f3e68c9315347b5805f8
-        SHA1: df228171e01e890d9b69a749887197af4a3f7602
-        SHA256: 4a7311ef8dd289fa50df104e89c167449e87034901503c7e9423ee9e90d5c528
-        SHA384: e3f444c0320389de66bee39dc64dfb13eb4903590060830cbebaf14d8c707b2eb1e6289c9c08e7f258e6dea4387d88eb
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Hardware Compatibility PCA
-      ValidFrom: '2012-06-04 21:05:46'
-      ValidTo: '2020-06-04 21:15:46'
-      Signature: 0ddf98999318a11f177ab1350fbf36a767f19aae9d2b6878f00df46be551e1a2006c7df64f549376a929c92d15cb1e84bfdedb53638c99f519ebc1e0c1316929f808feeb4098a1742a085e1db5f064b29e45d51ec082db948d6627c5c13d8cec31a94e2682c2e3a11d1f795957b5959e2bf15735f165ee532336fd7250472f564b110c033165e9d151e84cbb18166c479bf193ccad7afb4e0a5a7df5554673eebd9cc7e95616c5bdc1f4323698f67e624e5de547179ee8a2ef1a036f6b536790d8b798deb565279a2ef7d60698683e5725829050744c79f570a60ad5a2a42dca8663b4aa403a43ce41ed76053d509dbefe0af8be00a703439e7e30f82c43d04cd5e4e5ccfea8bc7e0d827c931a327b5f60db68d61592a9644fb73be812ed2e8191add55e535695cdeb5791e290e1a2c8a926252280385d048812e033225d8490263e4fdc36ab70425923a78d6aa13ac6f71d126f1110faf5cf3c3f18802621c55edac43561d9002b0cb0287ee37f2ac7159f7f09fee67f8701ed0f39d50e1b9dfeaf16116af301d0c01bde1439992300df9e47077d6293691cbdc4aaa6fcbac071fea8b8f3aec9034128334ac15358409b8b8371503d9fba3f2c884fc648b05b3908ed710ae26c7509ef1253d60fc19641209f4f88d0695992bcf2555e799086f929121acd378057c6d3c68b9b2b63378701a9ccba6e50c0c80c77cd0a53799e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 33000000382e50e86a989d957f000000000038
-      Version: 3
-      TBS:
-        MD5: cfa5fa49250320f7a3473a82877fabf3
-        SHA1: 6b3242a9a639b0da4d5882c7eeb402be6615ad0c
-        SHA256: 8e7c756d4597e8cca0f627d75647e2f9d5a693f1f263b193347066d214c1d4db
-        SHA384: 296a0f621330ac591c8c80bdd5e5bd19e9c01e8d267d02a3f3abc845088174d752c077907b99b128d389dc13ea69d009
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Time,Stamp PCA
-      ValidFrom: '2007-04-03 12:53:09'
-      ValidTo: '2021-04-03 13:03:09'
-      Signature: 10978ac35c034436dde9b4ad77dbce79514d01b12e74715b6d0c13abcebe7b8fb82ed412a28c6d62b85702cb4e20135099dd7a40e257bbaf589a1ce11d0186acbb78f28bd0ec3b01eee2be8f0a05c88d48e2f05315dd4fab92e4e78d6ad580c1e694f2062f8503e9912a242270fbf6fce478992e0df707e270bc184e9d8e6b0a7295b8a1399c672dc5510eea625c3f16988b203fe2071a32f9cc314a76313d2b720bc8ea703dff850a13dfc20a618ef0d7b817eb4e8b7fc5352b5ea3bfebbc7d0b427bd4537221ee30cabb78655c5b01170a140ed2da1498f53cb96658b32d2fe7f98586cc5156e89d70946cac394cd4f679bfaa187a6229efa29b293406771a62c93d1e6d1f82f00bc72cbbcf43b3e5f9ec7db5e3a4a87435b84ec571231226760b3c528c715a464314bcb3b3b04d67c89f42ff807921809e153066e842125e1ac89e2221d043e92be9bbf448cc2cd4d832804c262a48245f5aea56efa6de999dca3a6fbd8127740611ee7621bf9b82c12754b6b16a3d89a17661b46ea113a6bfaa47f0126ffd8a326cb2fedf51c88c23c966bd9d1d871264023d2daf598fb8e421e5b5b0ca63b4785405d4412e50ac94b0a578abb3a096751ad992871375222f32a8086ea05b8c25bfa0ef84ca21d6eb1e4fc99aee49e0f701656f890b7dc869c8e66eeaa797ce3129ff0ec55b5cd84d1ba1d8fa2f9e3f2e55166bc913a3fd
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 6116683400000000001c
-      Version: 3
-      TBS:
-        MD5: 335713f62536c68d0acc82df3dceb932
-        SHA1: 023cf1c5e99dc2f24133dae6937145bb481306e6
-        SHA256: 65d585d6bf2b0aa4f798b9af69be08c6f1c3d01a754f989768b722a145df5312
-        SHA384: f7dd00644994985c518f70c060386448dd0c3a13f5eff12a0dd31bf8333f24b781928d323acca27e04633e71a7f22e71
-    Signer:
-    - SerialNumber: 33000000317c61d46115ceba6a000100000031
-      Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Hardware Compatibility PCA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: b304340f5a584624dcd7df388088259e
-    SHA1: 60b9485e04a7fd71335816953eeb57cabab0866d
-    SHA256: 7d5b2828aba79fcf1d98ba371f54c4ecb1fe7f56fdfad814e98a1074f3ec01bf
-  Sections:
-    .text:
-      Entropy: 6.192542500380886
-      Virtual Size: '0x22f0'
-    .rdata:
-      Entropy: 4.310862528548892
-      Virtual Size: '0xe3c'
-    .data:
-      Entropy: 2.0429884420387983
-      Virtual Size: '0x22c'
-    .pdata:
-      Entropy: 4.25522456360755
-      Virtual Size: '0x2e8'
-    PAGE:
-      Entropy: 6.2273427245942345
-      Virtual Size: '0x1a1b'
-    INIT:
-      Entropy: 5.211213219982408
-      Virtual Size: '0x818'
-    .rsrc:
-      Entropy: 3.282250655906871
-      Virtual Size: '0x380'
-    .reloc:
-      Entropy: 3.667481250360578
-      Virtual Size: '0x30'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2018-11-09 12:21:38'
-  Imphash: b8a35d469bc164d86ac7c64e93b0037b
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: procexp.Sys
-  MD5: 659a59d7e26b7730361244e12201378e
-  SHA1: c21510569fd84a5fe04508aa28e3cf9c8cc45b7a
-  SHA256: 77950e2a40ac0447ae7ee1ee3ef1242ce22796a157074e6f04e345b1956e143c
-  Authentihash:
-    MD5: 3798eddcccab7da4682f64997533d27d
-    SHA1: 0d753c1d21c4e6c6eb74d3436eb4c5f376cc7364
-    SHA256: a4859c5456d03f799de89d2f8cbb36b4518259a6c7c0bc909b1fd16f48363d5a
-  Description: '                '
-  Company: Sysinternals - www.sysinternals.com
-  InternalName: procexp.sys
-  OriginalFilename: procexp.Sys
-  FileVersion: '15.00'
-  Product: '                '
-  ProductVersion: '15.00'
-  Copyright: Copyright (C) Mark Russinovich 1996-2014
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - strncpy
-  - RtlInitUnicodeString
-  - RtlUnicodeStringToAnsiString
-  - RtlFreeAnsiString
-  - KeWaitForSingleObject
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - ExGetPreviousMode
-  - MmGetSystemRoutineAddress
-  - SeCaptureSubjectContext
-  - SeReleaseSubjectContext
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ObReferenceObjectByHandle
-  - ObfDereferenceObject
-  - ZwClose
-  - MmIsAddressValid
-  - PsGetVersion
-  - ZwOpenProcess
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - SePrivilegeCheck
-  - PsLookupProcessByProcessId
-  - ObOpenObjectByPointer
-  - ObQueryNameString
-  - ZwQueryObject
-  - ZwDuplicateObject
-  - ZwOpenProcessToken
-  - ZwQueryInformationProcess
-  - ZwQuerySystemInformation
-  - ObCloseHandle
-  - ObOpenObjectByName
-  - __C_specific_handler
-  - IoFileObjectType
-  - PsProcessType
-  - PsThreadType
-  - RtlFreeUnicodeString
-  - IoCreateDevice
-  - ZwSetSecurityObject
-  - IoDeviceObjectType
-  - _snwprintf
-  - RtlLengthSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - RtlCreateSecurityDescriptor
-  - RtlSetDaclSecurityDescriptor
-  - RtlAbsoluteToSelfRelativeSD
-  - IoIsWdmVersionAvailable
-  - SeExports
-  - wcschr
-  - _wcsnicmp
-  - RtlLengthSid
-  - RtlAddAccessAllowedAce
-  - RtlGetSaclSecurityDescriptor
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - ZwOpenKey
-  - ZwCreateKey
-  - ZwQueryValueKey
-  - ZwSetValueKey
-  - KeBugCheckEx
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=WA, L=Redmond, O=Microsoft Corporation, OU=Microsoft Ireland
-        Operations Limited, OU=Thales TSS ESN:86DF,4BBC,9335, CN=Microsoft Time,Stamp
-        service
-      ValidFrom: '2018-08-23 20:20:28'
-      ValidTo: '2019-11-23 20:20:28'
-      Signature: 9d7642feb515917887e958cc8890ccc717f8b1b164f2248f2657c2dd3bc82767e8a80b860b39f6469c373f7db0e6bf50975f396197e28b8b47b1c36014316a5fecd78d4528fe00e0c5a92321319a4be66b2359c99f01a27514f95879324fc6c121d6958cade3c4e366f75ebd979c4ee701a63655ae846982f63439c44099f0a18de3b3d9ae023e8c5c49406c94c556a7dee459a92b543f395dde5cfe106e0540f7710430d130862c6693445d18efaac409f2cd7d319e21a12c5184e767993562b324ff9db371cce7a932d3be5ee3396cf1864a609bbe6ebcf8834cbb11c44729119a6a5abc5e3ef8947dcb0bc6b554217a3e39a079e4bd733dc46b77b8f39a3c
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 3300000109e219d6f9b8a4bebf000000000109
-      Version: 3
-      TBS:
-        MD5: 10a173441d459944d30bbcfc69f7521b
-        SHA1: 500cf2d67d9e3b7c31b2a65d4f121f7201cade0e
-        SHA256: 1994223eadaccd1eaf27c1a3e90dd6142a4ceb8f8fafe5109e2accbccc60e4ed
-        SHA384: 583cf1f7091b957856b816d69081d73f79f4fa08bfd49b6c40f09087c1a50823637b96b2c8f224b934e5234212ef8f53
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Hardware Compatibility Publisher
-      ValidFrom: '2019-04-18 18:42:23'
-      ValidTo: '2020-03-27 18:42:23'
-      Signature: 5844e21f86b9788f56cd1d77f3f69287bb20fca894e9fedbba22b6bc952403a6b4c2cd38d003bfdd0ceb0ddcc583331efcad8b4be9516204983e26aaa15594ebc7b5784a3999aa9096a0d877371281c61840e4e57a2f4e33bcb554e3b1c25bcc71215544be72d254435aa7f462028722def36cb7819d9d746296b42f1e2dc0c6176f722fdc51d3913e1afdd3052cc50e1dc3f8dac1aaec4fc9b739973db14c1f1f68b5516a406994297ba034347c781323447d7e6c87dd73db025cea27bba00321aa12287daee740fd07040f293ead6d5f61bc0304daeebc847d5f4da6e712d2868d64a710212080c97dd804c265b6a60b368cceab6e1a4c81ba8361233a0ab2
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 33000000387a14cce6619d8c51000200000038
-      Version: 3
-      TBS:
-        MD5: f9a6526d8f83e3d33d925ae95b752dca
-        SHA1: ad9f086d0642e3b5de60584c44123cf4603c4525
-        SHA256: 7bdb7967d328a3a1cb2d2c4c7399633203668f9a86a271b277a218b639ad12ee
-        SHA384: 0ae0176f351a8e4df75f1c72d2002b1682a1e4d1ccb069fb8b5bcb496ef016a6386e44428ebabe538eb2900b564e3f93
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Hardware Compatibility PCA
-      ValidFrom: '2018-09-20 17:42:01'
-      ValidTo: '2021-05-09 23:28:13'
-      Signature: db595516f66f18e1341f22519cd75bdebec9fe22cf0da8b0b3d16c1da9a402d786bc566b40ee0bbcf93519de693d54a7d10a23c02dbc67986c390faf808cbc4adb87290c6336e5faf85d8f8c233ef9922fb1843a48a325954aeac902617af61fee0538540f210e1e96e2d2fbd710c3d9dcdee31f05054f429bacbd15eea95a19817a77c5be146a41a7307858ced3207157603c07b83c83ca0f35f77a632f148aa6dc8e0f947a8aaf6ad8c8d7c4490526c7f4f6ad021edb776725fe7dfb894a56d92fd032d2197c0e4edb995316a84d28109a61707230317c47c98b01093a263ebe5bcc278ffd669fd49fe1f51ac913b6c3cf714b5fc34381ee4996d59981421916414f0a902e76bd3b0399e4851a6084716df77ce405fe55a53be6f3c95f067a3f46ef77f7ad48d211cac1b08ab7964cfa9e8fdd336d2a84750021c76bffdc3de28b8d81b65134c9bdf6379fedf06b028f3ec0b6f5a6bb72c6745953ef43d67808d0bf11b7fa1d0a74b18f5e3b21f2e940ade8d052a9e19e9eb3bffbe9f5e8439a09ee26abf6d3e9528a1ef984617b5c33cf0d8d6e9daac74135d14fc21e82668e5b9075d3235eb988eec5fcac9753af2e343e2a1c88a19dc94ec1f11ae245eef3a76beccb5bb13fa9f39d9b04ffd6342cbc040e29a161d212d5b6a50c10be6f6b9e681d4747ac7bd030d75c18d61ec0ad03e3cecfc668c49424c26fd4de1072
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610435f1000000000041
-      Version: 3
-      TBS:
-        MD5: 77dab20d8e23cd8e18633adca506cf6e
-        SHA1: c5506bee3c29254dc5b5a0e6e7a14046522708ef
-        SHA256: 611f1d188d7c39a400a01ee32e2c257be5082445ace6f59acd103a250cc2ec0f
-        SHA384: cf4c4b8360744f9c56803afb49175361c93fc4a95c77dbe0eebb2852a32c93ed9cc563495c0e1c9c32e4d58512f55b49
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Time,Stamp PCA
-      ValidFrom: '2007-04-03 12:53:09'
-      ValidTo: '2021-04-03 13:03:09'
-      Signature: 10978ac35c034436dde9b4ad77dbce79514d01b12e74715b6d0c13abcebe7b8fb82ed412a28c6d62b85702cb4e20135099dd7a40e257bbaf589a1ce11d0186acbb78f28bd0ec3b01eee2be8f0a05c88d48e2f05315dd4fab92e4e78d6ad580c1e694f2062f8503e9912a242270fbf6fce478992e0df707e270bc184e9d8e6b0a7295b8a1399c672dc5510eea625c3f16988b203fe2071a32f9cc314a76313d2b720bc8ea703dff850a13dfc20a618ef0d7b817eb4e8b7fc5352b5ea3bfebbc7d0b427bd4537221ee30cabb78655c5b01170a140ed2da1498f53cb96658b32d2fe7f98586cc5156e89d70946cac394cd4f679bfaa187a6229efa29b293406771a62c93d1e6d1f82f00bc72cbbcf43b3e5f9ec7db5e3a4a87435b84ec571231226760b3c528c715a464314bcb3b3b04d67c89f42ff807921809e153066e842125e1ac89e2221d043e92be9bbf448cc2cd4d832804c262a48245f5aea56efa6de999dca3a6fbd8127740611ee7621bf9b82c12754b6b16a3d89a17661b46ea113a6bfaa47f0126ffd8a326cb2fedf51c88c23c966bd9d1d871264023d2daf598fb8e421e5b5b0ca63b4785405d4412e50ac94b0a578abb3a096751ad992871375222f32a8086ea05b8c25bfa0ef84ca21d6eb1e4fc99aee49e0f701656f890b7dc869c8e66eeaa797ce3129ff0ec55b5cd84d1ba1d8fa2f9e3f2e55166bc913a3fd
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 6116683400000000001c
-      Version: 3
-      TBS:
-        MD5: 335713f62536c68d0acc82df3dceb932
-        SHA1: 023cf1c5e99dc2f24133dae6937145bb481306e6
-        SHA256: 65d585d6bf2b0aa4f798b9af69be08c6f1c3d01a754f989768b722a145df5312
-        SHA384: f7dd00644994985c518f70c060386448dd0c3a13f5eff12a0dd31bf8333f24b781928d323acca27e04633e71a7f22e71
-    Signer:
-    - SerialNumber: 33000000387a14cce6619d8c51000200000038
-      Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Hardware Compatibility PCA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: dd10afd0600f2236361f48592587474c
-    SHA1: 0dbcc0d10e288b15aa0eda2aaffcd2a0edb7850b
-    SHA256: c834c4c8ac0c6f8457c4b833e5771b4f273ed815ab2d189a65c4afa9ca9e3975
-  Sections:
-    .text:
-      Entropy: 6.137423926314564
-      Virtual Size: '0x25a0'
-    .rdata:
-      Entropy: 4.319500105806409
-      Virtual Size: '0xf68'
-    .data:
-      Entropy: 2.0732868843388097
-      Virtual Size: '0x22c'
-    .pdata:
-      Entropy: 4.199286592950671
-      Virtual Size: '0x2f4'
-    PAGE:
-      Entropy: 6.228697679351415
-      Virtual Size: '0x1a1b'
-    INIT:
-      Entropy: 5.210944759781676
-      Virtual Size: '0x818'
-    .rsrc:
-      Entropy: 3.2450999660680178
-      Virtual Size: '0x380'
-    .reloc:
-      Entropy: 3.698934896284056
-      Virtual Size: '0x30'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2019-06-28 15:02:57'
-  Imphash: d122c1eaa50839be14c31876d0d4e0be
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: procexp.Sys
-  MD5: da6f7407c4656a2dbaf16a407aff1a38
-  SHA1: ed40c1f7da98634869b415530e250f4a665a8c48
-  SHA256: 7a48f92a9c2d95a72e18055cac28c1e7e6cad5f47aa735cbea5c3b82813ccfaf
-  Authentihash:
-    MD5: 4eae8421b149baa7d0ce15a86470cde2
-    SHA1: af5ff77f2106b31a8e433c3689b6a65628c2dfce
-    SHA256: 19d579e5a08bcb524405bdcbd2ea7247548af9f23ce64582a5be5ae3f184ad23
-  Description: Process Explorer
-  Company: Sysinternals - www.sysinternals.com
-  InternalName: procexp.sys
-  OriginalFilename: procexp.Sys
-  FileVersion: '16.41'
-  Product: Process Explorer
-  ProductVersion: '16.41'
-  Copyright: Copyright (C) Mark Russinovich 1996-2021
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - strncpy
-  - RtlInitUnicodeString
-  - RtlUnicodeStringToAnsiString
-  - RtlFreeAnsiString
-  - KeWaitForSingleObject
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - ExGetPreviousMode
-  - MmGetSystemRoutineAddress
-  - SeCaptureSubjectContext
-  - SeReleaseSubjectContext
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ObReferenceObjectByHandle
-  - ObfDereferenceObject
-  - ZwClose
-  - MmIsAddressValid
-  - PsGetVersion
-  - ZwOpenProcess
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - SePrivilegeCheck
-  - PsLookupProcessByProcessId
-  - ObOpenObjectByPointer
-  - ObQueryNameString
-  - ZwQueryObject
-  - ZwDuplicateObject
-  - ZwOpenProcessToken
-  - ZwQueryInformationProcess
-  - ZwQuerySystemInformation
-  - ObCloseHandle
-  - ObOpenObjectByName
-  - __C_specific_handler
-  - IoFileObjectType
-  - PsProcessType
-  - PsThreadType
-  - RtlFreeUnicodeString
-  - IoCreateDevice
-  - ZwSetSecurityObject
-  - IoDeviceObjectType
-  - _snwprintf
-  - RtlLengthSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - RtlCreateSecurityDescriptor
-  - RtlSetDaclSecurityDescriptor
-  - RtlAbsoluteToSelfRelativeSD
-  - IoIsWdmVersionAvailable
-  - SeExports
-  - wcschr
-  - _wcsnicmp
-  - RtlLengthSid
-  - RtlAddAccessAllowedAce
-  - RtlGetSaclSecurityDescriptor
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - ZwOpenKey
-  - ZwCreateKey
-  - ZwQueryValueKey
-  - ZwSetValueKey
-  - KeBugCheckEx
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Hardware Compatibility Publisher
-      ValidFrom: '2020-12-15 22:15:30'
-      ValidTo: '2021-12-02 22:15:30'
-      Signature: 199acc6a8717c0db5b4b2312dccd8bb1e33ef492731fb8e1d60bd6f690de074b6d92293c8260012dcacc668a68f10e726a37d2ff7ee66b1eea424f56f104249bd6d7e7eba8c1745f4f1143bac7e648e48c1b2a1adf6954b5de1669df19c4be5633b791b7a3cba23641006fd58ac2d494a1d00dadbc3b3fe50a7ad0163cb386693824106b5dd9f9b8a579e45f5c5f8804832b8a773701e0ca31dee9a012fce5911492de93beea44a3822f7a83c448a484eeb937a4fa7f4067879b910e534c966d2650bd5c93f066656aa0f4c7c318161d4a8b367056df42af60a0aad0eb2de3bb47b96b948f2c849f330cfef599f1775bb6d41cf150decb40a83d5800727d977e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 33000000b20f9ad86794f322f60000000000b2
-      Version: 3
-      TBS:
-        MD5: b9dc0ff1a60c3aba24a78d505955bf39
-        SHA1: 15a5da2c8aa2955af75615009d249071f91fd252
-        SHA256: ba7853f855ba7bc325287c11f5f7b20e013716affad372440feb2c3cf02f0bc5
-        SHA384: 90f67f637874aca58284dde5bfa77d98616efd902d1a63f53bc30cd287d464e6706388ed317199236e0739642622f9c5
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2012
-      ValidFrom: '2012-04-18 23:48:38'
-      ValidTo: '2027-04-18 23:58:38'
-      Signature: 5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 610baac1000000000009
-      Version: 3
-      TBS:
-        MD5: a569061297e8e824767dbc3184a69bea
-        SHA1: adbb26a587a8f44b4fccaecb306f980d1c55a150
-        SHA256: cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46
-        SHA384: e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba
-    Signer:
-    - SerialNumber: 33000000b20f9ad86794f322f60000000000b2
-      Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2012
-      Version: 1
-  RichPEHeaderHash:
-    MD5: bc95ff65f30c5f18added29541a58004
-    SHA1: 39d8ca8b59d6aabc2fd11a6fc0d2559dde8e6812
-    SHA256: 067c4b33292a48a07d12538a048b2c4e9919fff8dc21aad0acdb7ad87549082d
-  Sections:
-    .text:
-      Entropy: 6.135370257019049
-      Virtual Size: '0x25d0'
-    .rdata:
-      Entropy: 4.3113647252218925
-      Virtual Size: '0xf50'
-    .data:
-      Entropy: 2.0732868843388097
-      Virtual Size: '0x22c'
-    .pdata:
-      Entropy: 4.218239636932152
-      Virtual Size: '0x2f4'
-    PAGE:
-      Entropy: 6.227798908894738
-      Virtual Size: '0x1a1b'
-    INIT:
-      Entropy: 5.210944759781676
-      Virtual Size: '0x818'
-    .rsrc:
-      Entropy: 3.2986851505507833
-      Virtual Size: '0x380'
-    .reloc:
-      Entropy: 3.698934896284056
-      Virtual Size: '0x30'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2021-05-26 08:02:20'
-  Imphash: d122c1eaa50839be14c31876d0d4e0be
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: procexp.Sys
-  MD5: 6b3abe55c4d39e305a11b4d1091dfaac
-  SHA1: 1c537fd17836283364349475c6138e6667cf1164
-  SHA256: 86721ee8161096348ed3dbe1ccbf933ae004c315b1691745a8af4a0df9fed675
-  Authentihash:
-    MD5: 4b64921bd05ed4a30830f23facb43bde
-    SHA1: 3d9be989fbb447bbf7e4b081d9ee4d9b025476c3
-    SHA256: e2e351efd57c89bc0c7b9d4d440113304d0b8a4c88cdf0126442171aa50634d4
-  Description: Process Explorer
-  Company: Sysinternals - www.sysinternals.com
-  InternalName: procexp.sys
-  OriginalFilename: procexp.Sys
-  FileVersion: '11.40'
-  Product: Process Explorer
-  ProductVersion: '11.40'
-  Copyright: Copyright (C) M. Russinovich 1996-2010
-  MachineType: IA64
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - ExAllocatePoolWithTag
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - NtBuildNumber
-  - PsLookupProcessByProcessId
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - ExGetPreviousMode
-  - MmGetSystemRoutineAddress
-  - ZwQueryObject
-  - RtlUnicodeStringToAnsiString
-  - ZwQuerySystemInformation
-  - ZwOpenProcessToken
-  - SeReleaseSubjectContext
-  - KeDetachProcess
-  - ObQueryNameString
-  - strncpy
-  - SeCaptureSubjectContext
-  - NtClose
-  - ZwClose
-  - IofCompleteRequest
-  - ObReferenceObjectByHandle
-  - ZwDuplicateObject
-  - RtlFreeAnsiString
-  - KeRaiseIrql
-  - KeAttachProcess
-  - KeLowerIrql
-  - ZwOpenProcess
-  - ZwQueryInformationProcess
-  - IoCreateSymbolicLink
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - ObOpenObjectByPointer
-  - SePrivilegeCheck
-  - KeTickCount
-  - KeBugCheckEx
-  - IoCreateDevice
-  - ZwSetSecurityObject
-  - IoDeviceObjectType
-  - _snwprintf
-  - RtlLengthSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - RtlCreateSecurityDescriptor
-  - RtlSetDaclSecurityDescriptor
-  - RtlAbsoluteToSelfRelativeSD
-  - IoIsWdmVersionAvailable
-  - SeExports
-  - wcschr
-  - _wcsnicmp
-  - RtlLengthSid
-  - RtlAddAccessAllowedAce
-  - RtlGetSaclSecurityDescriptor
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - ZwOpenKey
-  - ZwCreateKey
-  - ZwQueryValueKey
-  - ZwSetValueKey
-  - RtlFreeUnicodeString
-  - __C_specific_handler
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=US, ST=Texas, L=Austin, O=Sysinternals, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, OU=Headquarters, CN=Sysinternals
-      ValidFrom: '2007-03-05 00:00:00'
-      ValidTo: '2010-04-19 23:59:59'
-      Signature: a1ce9df2911dc8d72282d3c41cc94a5ec63e00dbdf60015908bc703678b1a68e25d1ec5780e425ffb68e3e1bb0ea62cc9ba43c0e262cfa5f6c552458696acb67422328df20215aa22e5e8d4417d8688fcb06c1de0fe431e6811596fb0dcbe8678fe69098653687b041ab4eefd3181964c0a5225fe0a1606ff4c12c3f57d7e620860dcd66a8b856438dfb87d10e50beea9e838964d2584811fa83287ef363e88e4fc5b8d09f2fb4feeb7fd7f2a77661cb75ed56a0d3b60fdeed43674757704753721df8c8801ee85e4818fafb012399b1d36a8e17b8e40cbaa0fd891b6d2e0515dbd4d743e42eea35a9b191bf26a850eff41a5aa6d95790329c8a21a88c11faba
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 7d2c89d309e57beef2d791bb8ed6a26f
-      Version: 3
-      TBS:
-        MD5: ae18dfd140f9414eadf1f611ec1b84b7
-        SHA1: 9aecb2568e995d5965e49acf3ff247bc3d1ab99c
-        SHA256: f14ce5fe5f508ced18d652e8211edb00c1c773899d03d18dec932df9c54f0a86
-        SHA384: c2a6c771b86b687befda12f6871e2f0d473317b4694f25ddc835d2f203953870f26ae9994822e53fcddaeb012f2b6740
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 7d2c89d309e57beef2d791bb8ed6a26f
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: d70cbc6a63dcac0a6b5a8131d93c00ad
-    SHA1: d3b960226f06fd1b9f08ce080b16d649416e75a3
-    SHA256: 90085a27428def469bdd2805cc61cde09cc3e95404d6f69ed6c328f0d0e97d9c
-  Sections:
-    .text:
-      Entropy: 5.424894741339865
-      Virtual Size: '0x5820'
-    .rdata:
-      Entropy: 3.7393867847659603
-      Virtual Size: '0xc88'
-    .pdata:
-      Entropy: 4.254704396602022
-      Virtual Size: '0x2f4'
-    .srdata:
-      Entropy: 1.5305882342388135
-      Virtual Size: '0x4c'
-    .sdata:
-      Entropy: 2.6750321646829582
-      Virtual Size: '0x234'
-    .data:
-      Entropy: 1.8211654677412543
-      Virtual Size: '0x1d0'
-    PAGE:
-      Entropy: 5.152497833077514
-      Virtual Size: '0x3fd0'
-    INIT:
-      Entropy: 5.205112242696482
-      Virtual Size: '0x834'
-    .rsrc:
-      Entropy: 3.2914310280393253
-      Virtual Size: '0x380'
-    .reloc:
-      Entropy: 1.4379095220400315
-      Virtual Size: '0x338'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2010-03-30 18:30:49'
-  Imphash: 421730c2b3fa3a7d78c2eda3da1be6a8
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: procexp.Sys
-  MD5: cec257dcac9e708cefb17f8984dd0a70
-  SHA1: da361c56c18ea98e1c442aac7c322ff20f64486b
-  SHA256: 88e2e6a705d3fb71b966d9fb46dc5a4b015548daf585fb54dfcd81dc0bd3ebdc
-  Authentihash:
-    MD5: df8e20e6fb1d2a22135e155763bf9588
-    SHA1: 1915e95974b6f75f4793e81b85e148ebdaa35515
-    SHA256: 0c2d8e8487de5e7749f9899f6fefa6e7d40b394479449b5027a895392af23349
-  Description: Process Explorer
-  Company: Sysinternals - www.sysinternals.com
-  InternalName: procexp.sys
-  OriginalFilename: procexp.Sys
-  FileVersion: '15.00'
-  Product: Process Explorer
-  ProductVersion: '15.00'
-  Copyright: Copyright (C) Mark Russinovich 1996-2014
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - strncpy
-  - RtlInitUnicodeString
-  - RtlUnicodeStringToAnsiString
-  - RtlFreeAnsiString
-  - KeWaitForSingleObject
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - ExGetPreviousMode
-  - MmGetSystemRoutineAddress
-  - SeCaptureSubjectContext
-  - SeReleaseSubjectContext
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ObReferenceObjectByHandle
-  - ObfDereferenceObject
-  - ZwClose
-  - MmIsAddressValid
-  - ZwOpenProcess
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - SePrivilegeCheck
-  - PsLookupProcessByProcessId
-  - ObOpenObjectByPointer
-  - ObQueryNameString
-  - ZwQueryObject
-  - ZwDuplicateObject
-  - ZwOpenProcessToken
-  - ZwQueryInformationProcess
-  - ZwQuerySystemInformation
-  - ObCloseHandle
-  - ObOpenObjectByName
-  - __C_specific_handler
-  - IoFileObjectType
-  - PsProcessType
-  - PsThreadType
-  - NtBuildNumber
-  - IoCreateDevice
-  - ZwSetSecurityObject
-  - IoDeviceObjectType
-  - _snwprintf
-  - RtlLengthSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - RtlCreateSecurityDescriptor
-  - RtlSetDaclSecurityDescriptor
-  - RtlAbsoluteToSelfRelativeSD
-  - IoIsWdmVersionAvailable
-  - SeExports
-  - wcschr
-  - _wcsnicmp
-  - RtlLengthSid
-  - RtlAddAccessAllowedAce
-  - RtlGetSaclSecurityDescriptor
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - ZwOpenKey
-  - ZwCreateKey
-  - ZwQueryValueKey
-  - ZwSetValueKey
-  - RtlFreeUnicodeString
-  - KeBugCheckEx
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, OU=nCipher
-        DSE ESN:148C,C4B9,2066, CN=Microsoft Time,Stamp Service
-      ValidFrom: '2016-09-07 17:58:56'
-      ValidTo: '2018-09-07 17:58:56'
-      Signature: 96812d8a1bf7a71c8efb5c46a525ff9d7e890e935f85a824261bfa37f7b0cb6040b77890b3e9081ff67fcbae65e3dff7049d8c2bb648f16dd4fc7abc9cac5e4d81eeb45e611dc0f06d12b2852ffe709d163a7776daf7966db190c536c2fe4ec7804ee097fed2f4fdfacdcf6cb9cf64afc68d427589d5921b4b0aa5782aee6a52c3d495ee32238dd3346eea41776c4b08a7e87318d88abe546095a20bc0b491bfffe85f3f24bfe7d46af54f2ee665d8858d6e050442314d4debd049c0aad3affced1c0292ee0bd015d69162c651a0411aa503fc5140b2daba2de3e6a18a7897a28d84b34498136392f6d486dbb95e9aac8ad98692642f4e7d42880a0458239a22
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 33000000cccbb813eb5d722d450000000000cc
-      Version: 3
-      TBS:
-        MD5: b23d5388c0fa7b32ff0a91fccb5cce6d
-        SHA1: ab5d6cc2d03e34f4fe2e51fa524401d5806f9a9f
-        SHA256: a072644961dcfa16259c4aac9cb7faf1431c48b41f616551827dd3f41a849976
-        SHA384: a723c261b9b6c6bd3d706d37e6a3e22c3e2b60b012d4358cf41d5df21c7759e89fa165cf120dfb84b8f65e8ab45b0afa
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft
-        Windows Hardware Compatibility Publisher
-      ValidFrom: '2016-10-12 20:32:53'
-      ValidTo: '2018-01-05 20:32:53'
-      Signature: 9fcff5d0683abc4c8daea4cc93841a3b037f2512114b780e6d1d0baf20ca63f15baf12e15392d0952d7ad3d6e270182085d8dd2a78af8a585f557506c975546138a087c58dcac5b9e5879a21dcaf4f026b9a97dc57c5b8a7e85f57861dedf618421b036a4b332cd12a4f6e2aba0aa1ff5249e9d93d7669d13eba761d5dddd495b86ac46eac38f724f525060c90079045e305a8ee0ccb626e4cd6722decd56f824d6e36eca2016fcbccf5479e9df7b3b123f6d1aa429d73808cf59f65b75e7f2da16f7d5c81b05430dc587c008f3fbf5afc42c99cf40b7f2ea7b27a314c22cb33eb2ebadfe904b7b6ea40f57eee80cc058229a617e31dead3909aad73885d21e7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 33000000244d59538809906ea7000100000024
-      Version: 3
-      TBS:
-        MD5: 16a85b0d3a49b45acb03c9165240f78a
-        SHA1: d21820acd2d9a023556d949773b2177b63552ea3
-        SHA256: 0c0eaf6cf17b0b0a74d5a8f6286ec93e43001ee82f2481278e009c57366c63d5
-        SHA384: 8fa38bd1192722d0e4a7afae30214255bac446feade34a716d90d4567bc0875613b7a3d53292194f644e2ad2c1c14962
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Hardware Compatibility PCA
-      ValidFrom: '2012-06-04 21:05:46'
-      ValidTo: '2020-06-04 21:15:46'
-      Signature: 0ddf98999318a11f177ab1350fbf36a767f19aae9d2b6878f00df46be551e1a2006c7df64f549376a929c92d15cb1e84bfdedb53638c99f519ebc1e0c1316929f808feeb4098a1742a085e1db5f064b29e45d51ec082db948d6627c5c13d8cec31a94e2682c2e3a11d1f795957b5959e2bf15735f165ee532336fd7250472f564b110c033165e9d151e84cbb18166c479bf193ccad7afb4e0a5a7df5554673eebd9cc7e95616c5bdc1f4323698f67e624e5de547179ee8a2ef1a036f6b536790d8b798deb565279a2ef7d60698683e5725829050744c79f570a60ad5a2a42dca8663b4aa403a43ce41ed76053d509dbefe0af8be00a703439e7e30f82c43d04cd5e4e5ccfea8bc7e0d827c931a327b5f60db68d61592a9644fb73be812ed2e8191add55e535695cdeb5791e290e1a2c8a926252280385d048812e033225d8490263e4fdc36ab70425923a78d6aa13ac6f71d126f1110faf5cf3c3f18802621c55edac43561d9002b0cb0287ee37f2ac7159f7f09fee67f8701ed0f39d50e1b9dfeaf16116af301d0c01bde1439992300df9e47077d6293691cbdc4aaa6fcbac071fea8b8f3aec9034128334ac15358409b8b8371503d9fba3f2c884fc648b05b3908ed710ae26c7509ef1253d60fc19641209f4f88d0695992bcf2555e799086f929121acd378057c6d3c68b9b2b63378701a9ccba6e50c0c80c77cd0a53799e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 33000000382e50e86a989d957f000000000038
-      Version: 3
-      TBS:
-        MD5: cfa5fa49250320f7a3473a82877fabf3
-        SHA1: 6b3242a9a639b0da4d5882c7eeb402be6615ad0c
-        SHA256: 8e7c756d4597e8cca0f627d75647e2f9d5a693f1f263b193347066d214c1d4db
-        SHA384: 296a0f621330ac591c8c80bdd5e5bd19e9c01e8d267d02a3f3abc845088174d752c077907b99b128d389dc13ea69d009
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Time,Stamp PCA
-      ValidFrom: '2007-04-03 12:53:09'
-      ValidTo: '2021-04-03 13:03:09'
-      Signature: 10978ac35c034436dde9b4ad77dbce79514d01b12e74715b6d0c13abcebe7b8fb82ed412a28c6d62b85702cb4e20135099dd7a40e257bbaf589a1ce11d0186acbb78f28bd0ec3b01eee2be8f0a05c88d48e2f05315dd4fab92e4e78d6ad580c1e694f2062f8503e9912a242270fbf6fce478992e0df707e270bc184e9d8e6b0a7295b8a1399c672dc5510eea625c3f16988b203fe2071a32f9cc314a76313d2b720bc8ea703dff850a13dfc20a618ef0d7b817eb4e8b7fc5352b5ea3bfebbc7d0b427bd4537221ee30cabb78655c5b01170a140ed2da1498f53cb96658b32d2fe7f98586cc5156e89d70946cac394cd4f679bfaa187a6229efa29b293406771a62c93d1e6d1f82f00bc72cbbcf43b3e5f9ec7db5e3a4a87435b84ec571231226760b3c528c715a464314bcb3b3b04d67c89f42ff807921809e153066e842125e1ac89e2221d043e92be9bbf448cc2cd4d832804c262a48245f5aea56efa6de999dca3a6fbd8127740611ee7621bf9b82c12754b6b16a3d89a17661b46ea113a6bfaa47f0126ffd8a326cb2fedf51c88c23c966bd9d1d871264023d2daf598fb8e421e5b5b0ca63b4785405d4412e50ac94b0a578abb3a096751ad992871375222f32a8086ea05b8c25bfa0ef84ca21d6eb1e4fc99aee49e0f701656f890b7dc869c8e66eeaa797ce3129ff0ec55b5cd84d1ba1d8fa2f9e3f2e55166bc913a3fd
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 6116683400000000001c
-      Version: 3
-      TBS:
-        MD5: 335713f62536c68d0acc82df3dceb932
-        SHA1: 023cf1c5e99dc2f24133dae6937145bb481306e6
-        SHA256: 65d585d6bf2b0aa4f798b9af69be08c6f1c3d01a754f989768b722a145df5312
-        SHA384: f7dd00644994985c518f70c060386448dd0c3a13f5eff12a0dd31bf8333f24b781928d323acca27e04633e71a7f22e71
-    Signer:
-    - SerialNumber: 33000000244d59538809906ea7000100000024
-      Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Hardware Compatibility PCA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: a052ed4e5d10c66e3e667a42fcdcc54a
-    SHA1: 04b9d41ef58b5aaaca72f0ce222a8adfbe8ad251
-    SHA256: c254feaf8c3e788a6ec9d41de0d7bad054f4347a8347d6806840cd1d9030ed4a
-  Sections:
-    .text:
-      Entropy: 6.200851507972058
-      Virtual Size: '0x23d0'
-    .rdata:
-      Entropy: 4.415170315972782
-      Virtual Size: '0xbd0'
-    .data:
-      Entropy: 2.0677508162604177
-      Virtual Size: '0x22c'
-    .pdata:
-      Entropy: 4.194795401903142
-      Virtual Size: '0x2e8'
-    PAGE:
-      Entropy: 6.2255173792372
-      Virtual Size: '0x1a1b'
-    INIT:
-      Entropy: 5.215673013101648
-      Virtual Size: '0x818'
-    .rsrc:
-      Entropy: 3.282250655906871
-      Virtual Size: '0x380'
-    .reloc:
-      Entropy: 2.855388542207534
-      Virtual Size: '0x18'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2017-04-30 17:23:14'
-  Imphash: 4792bcb395d06f9efb72e8020c4af5e6
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: procexp.Sys
-  MD5: bf74d0706f5ab9c34067192260f4efb0
-  SHA1: 6b090c558b877b6abb0d1051610cadbc6335ecbb
-  SHA256: 89b9823ed974a5b71de8468324d45b7e9d6dc914f93615ba86c6209b25b3cbf7
-  Authentihash:
-    MD5: c292f0024a454f42fba117b3505b12e9
-    SHA1: d9ebe7ff8318eeece457fc72bec2b582d3350b61
-    SHA256: f0fb06748758082263e252050904f2fd8a29a77ae71dfdb390346bd2046ebfd4
-  Description: Process Explorer
-  Company: Sysinternals - www.sysinternals.com
-  InternalName: procexp.sys
-  OriginalFilename: procexp.Sys
-  FileVersion: '15.00'
-  Product: Process Explorer
-  ProductVersion: '15.00'
-  Copyright: Copyright (C) Mark Russinovich 1996-2014
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - strncpy
-  - RtlInitUnicodeString
-  - RtlUnicodeStringToAnsiString
-  - RtlFreeAnsiString
-  - KeWaitForSingleObject
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - ExGetPreviousMode
-  - MmGetSystemRoutineAddress
-  - SeCaptureSubjectContext
-  - SeReleaseSubjectContext
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ObReferenceObjectByHandle
-  - ObfDereferenceObject
-  - ZwClose
-  - MmIsAddressValid
-  - ZwOpenProcess
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - SePrivilegeCheck
-  - PsLookupProcessByProcessId
-  - ObOpenObjectByPointer
-  - ObQueryNameString
-  - ZwQueryObject
-  - ZwDuplicateObject
-  - ZwOpenProcessToken
-  - ZwQueryInformationProcess
-  - ZwQuerySystemInformation
-  - ObCloseHandle
-  - ObOpenObjectByName
-  - __C_specific_handler
-  - IoFileObjectType
-  - PsProcessType
-  - PsThreadType
-  - NtBuildNumber
-  - IoCreateDevice
-  - ZwSetSecurityObject
-  - IoDeviceObjectType
-  - _snwprintf
-  - RtlLengthSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - RtlCreateSecurityDescriptor
-  - RtlSetDaclSecurityDescriptor
-  - RtlAbsoluteToSelfRelativeSD
-  - IoIsWdmVersionAvailable
-  - SeExports
-  - wcschr
-  - _wcsnicmp
-  - RtlLengthSid
-  - RtlAddAccessAllowedAce
-  - RtlGetSaclSecurityDescriptor
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - ZwOpenKey
-  - ZwCreateKey
-  - ZwQueryValueKey
-  - ZwSetValueKey
-  - RtlFreeUnicodeString
-  - KeBugCheckEx
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, ST=Washington, L=Redmond, O=Sysinternals, OU=Digital ID Class
-        3 , Microsoft Software Validation v2, CN=Sysinternals
-      ValidFrom: '2013-04-06 00:00:00'
-      ValidTo: '2016-05-05 23:59:59'
-      Signature: dcae28e748027154f884826e2ddb877a410d735e07184d1777b9fe78bb3458d7b9cb6be5a892e1f6f16f040f4c143bb40dee252c632d495822bf8eef37429257332efd651b27023dba183f9824886a3602f3a0b3d78addfc85e235da619e504d300242eb19dc85c34d170a78d849372b6fb7de286fe6ed87c62f45d8e7ddf4840c009fadfbb0cf4268f0d476113f2f970d04be95e41665f20166a156b5a407c62f7e7b3d7b2acce45a615af50c85631dadab3088137df317645ef6c901b313a02abe7cf128aff2a16dfebb8e1dc4d39b5919e9433955fc3f2ba065833b573ef8e346f1505e613d5cee2efc71d7b5477a80dcc32ae5acb580370ddfa9dda309f2
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1efd983a49d3f152ac9cd2941b8a0edd
-      Version: 3
-      TBS:
-        MD5: 1b7ca026e68405de56477b5b7bb3a0a5
-        SHA1: b2a1bd13d8833154f02e51e25c9f023d54a27d21
-        SHA256: 2018b8e7ea18c392558dcd375742cc792648ec23e5eb07d7987c27c76f4c62c0
-        SHA384: a8ccad9eeb4974ba9504241c685e7e1dd85e0de420c0ae077f8f3e92b3ab7c9a1653b3d0d535250a741bb7e36ec2f06a
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 1efd983a49d3f152ac9cd2941b8a0edd
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: aff0aa7b20b4b7a5a981901f3d77237c
-    SHA1: 263eefe8940d88cce62ddce6fba55eacf2b36ab8
-    SHA256: 205571b9130bfcc537bcf92e2898431e4afb0dfeabff2c2079146702745ea250
-  Sections:
-    .text:
-      Entropy: 6.194112925534596
-      Virtual Size: '0x2370'
-    .rdata:
-      Entropy: 4.434868128160928
-      Virtual Size: '0xb78'
-    .data:
-      Entropy: 2.0654743843388097
-      Virtual Size: '0x224'
-    .pdata:
-      Entropy: 4.238556641699438
-      Virtual Size: '0x2e8'
-    PAGE:
-      Entropy: 6.226087739371598
-      Virtual Size: '0x1a1b'
-    INIT:
-      Entropy: 5.215673013101648
-      Virtual Size: '0x818'
-    .rsrc:
-      Entropy: 3.282250655906871
-      Virtual Size: '0x380'
-    .reloc:
-      Entropy: 2.855388542207534
-      Virtual Size: '0x18'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2014-07-08 00:28:27'
-  Imphash: 4792bcb395d06f9efb72e8020c4af5e6
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: procexp.Sys
-  MD5: 92927c47d6ff139c9b19674c9d0088f6
-  SHA1: a98734cd388f5b4b3caca5ce61cb03b05a8ad570
-  SHA256: 98a123b314cba2de65f899cdbfa386532f178333389e0f0fbd544aff85be02eb
-  Authentihash:
-    MD5: 26f48296b5ef64120e55008690060a6e
-    SHA1: 8d59ed924e8c76b0ab8b7ee653510f43062eaa3e
-    SHA256: cd1beb64cd67169d57ca4dbc602a94f74891962221bb49c09abf3339ce35bc90
-  Description: Process Explorer
-  Company: Sysinternals - www.sysinternals.com
-  InternalName: procexp.sys
-  OriginalFilename: procexp.Sys
-  FileVersion: '16.42'
-  Product: Process Explorer
-  ProductVersion: '16.42'
-  Copyright: Copyright (C) Mark Russinovich 1996-2021
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - strncpy
-  - RtlInitUnicodeString
-  - RtlUnicodeStringToAnsiString
-  - RtlFreeAnsiString
-  - KeWaitForSingleObject
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - ExGetPreviousMode
-  - MmGetSystemRoutineAddress
-  - SeCaptureSubjectContext
-  - SeReleaseSubjectContext
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ObReferenceObjectByHandle
-  - ObfDereferenceObject
-  - ZwClose
-  - MmIsAddressValid
-  - PsGetVersion
-  - ZwOpenProcess
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - SePrivilegeCheck
-  - PsLookupProcessByProcessId
-  - ObOpenObjectByPointer
-  - ObQueryNameString
-  - ZwQueryObject
-  - ZwDuplicateObject
-  - ZwOpenProcessToken
-  - ZwQueryInformationProcess
-  - ZwQuerySystemInformation
-  - ObCloseHandle
-  - ObOpenObjectByName
-  - __C_specific_handler
-  - IoFileObjectType
-  - PsProcessType
-  - PsThreadType
-  - RtlFreeUnicodeString
-  - IoCreateDevice
-  - ZwSetSecurityObject
-  - IoDeviceObjectType
-  - _snwprintf
-  - RtlLengthSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - RtlCreateSecurityDescriptor
-  - RtlSetDaclSecurityDescriptor
-  - RtlAbsoluteToSelfRelativeSD
-  - IoIsWdmVersionAvailable
-  - SeExports
-  - wcschr
-  - _wcsnicmp
-  - RtlLengthSid
-  - RtlAddAccessAllowedAce
-  - RtlGetSaclSecurityDescriptor
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - ZwOpenKey
-  - ZwCreateKey
-  - ZwQueryValueKey
-  - ZwSetValueKey
-  - KeBugCheckEx
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Hardware Compatibility Publisher
-      ValidFrom: '2020-12-15 22:15:30'
-      ValidTo: '2021-12-02 22:15:30'
-      Signature: 199acc6a8717c0db5b4b2312dccd8bb1e33ef492731fb8e1d60bd6f690de074b6d92293c8260012dcacc668a68f10e726a37d2ff7ee66b1eea424f56f104249bd6d7e7eba8c1745f4f1143bac7e648e48c1b2a1adf6954b5de1669df19c4be5633b791b7a3cba23641006fd58ac2d494a1d00dadbc3b3fe50a7ad0163cb386693824106b5dd9f9b8a579e45f5c5f8804832b8a773701e0ca31dee9a012fce5911492de93beea44a3822f7a83c448a484eeb937a4fa7f4067879b910e534c966d2650bd5c93f066656aa0f4c7c318161d4a8b367056df42af60a0aad0eb2de3bb47b96b948f2c849f330cfef599f1775bb6d41cf150decb40a83d5800727d977e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 33000000b20f9ad86794f322f60000000000b2
-      Version: 3
-      TBS:
-        MD5: b9dc0ff1a60c3aba24a78d505955bf39
-        SHA1: 15a5da2c8aa2955af75615009d249071f91fd252
-        SHA256: ba7853f855ba7bc325287c11f5f7b20e013716affad372440feb2c3cf02f0bc5
-        SHA384: 90f67f637874aca58284dde5bfa77d98616efd902d1a63f53bc30cd287d464e6706388ed317199236e0739642622f9c5
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2012
-      ValidFrom: '2012-04-18 23:48:38'
-      ValidTo: '2027-04-18 23:58:38'
-      Signature: 5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 610baac1000000000009
-      Version: 3
-      TBS:
-        MD5: a569061297e8e824767dbc3184a69bea
-        SHA1: adbb26a587a8f44b4fccaecb306f980d1c55a150
-        SHA256: cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46
-        SHA384: e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba
-    Signer:
-    - SerialNumber: 33000000b20f9ad86794f322f60000000000b2
-      Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2012
-      Version: 1
-  RichPEHeaderHash:
-    MD5: bc95ff65f30c5f18added29541a58004
-    SHA1: 39d8ca8b59d6aabc2fd11a6fc0d2559dde8e6812
-    SHA256: 067c4b33292a48a07d12538a048b2c4e9919fff8dc21aad0acdb7ad87549082d
-  Sections:
-    .text:
-      Entropy: 6.135370257019049
-      Virtual Size: '0x25d0'
-    .rdata:
-      Entropy: 4.30999546354495
-      Virtual Size: '0xf50'
-    .data:
-      Entropy: 2.0732868843388097
-      Virtual Size: '0x22c'
-    .pdata:
-      Entropy: 4.218239636932152
-      Virtual Size: '0x2f4'
-    PAGE:
-      Entropy: 6.227798908894738
-      Virtual Size: '0x1a1b'
-    INIT:
-      Entropy: 5.210944759781676
-      Virtual Size: '0x818'
-    .rsrc:
-      Entropy: 3.3048344530109697
-      Virtual Size: '0x380'
-    .reloc:
-      Entropy: 3.698934896284056
-      Virtual Size: '0x30'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2021-06-01 08:24:37'
-  Imphash: d122c1eaa50839be14c31876d0d4e0be
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: procexp.Sys
-  MD5: 2e219df70fccb79351f0452cba86623e
-  SHA1: 2740cd167a9ccb81c8e8719ce0d2ae31babc631c
-  SHA256: 9d5ebd0f4585ec20a5fe3c5276df13ece5a2645d3d6f70cedcda979bd1248fc2
-  Authentihash:
-    MD5: 0f461053add90ebe0bac9e8be9d9a8e5
-    SHA1: 5b27248685b909d5ae4c8ec77e2d3dcb02d6cc4b
-    SHA256: cddd341f267a6094f7bd7d1b56427ebc029ccb348e7f0714d9301c2c67fdd5df
-  Description: Process Explorer
-  Company: Sysinternals - www.sysinternals.com
-  InternalName: procexp.sys
-  OriginalFilename: procexp.Sys
-  FileVersion: '15.00'
-  Product: Process Explorer
-  ProductVersion: '15.00'
-  Copyright: Copyright (C) Mark Russinovich 1996-2014
-  MachineType: I386
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - RtlUnicodeStringToAnsiString
-  - RtlFreeAnsiString
-  - KeWaitForSingleObject
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - ExGetPreviousMode
-  - MmGetSystemRoutineAddress
-  - SeCaptureSubjectContext
-  - SeReleaseSubjectContext
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ObReferenceObjectByHandle
-  - ObfDereferenceObject
-  - ZwClose
-  - MmIsAddressValid
-  - ZwOpenProcess
-  - RtlInitUnicodeString
-  - KeUnstackDetachProcess
-  - SePrivilegeCheck
-  - PsLookupProcessByProcessId
-  - ObOpenObjectByPointer
-  - ObQueryNameString
-  - ZwQueryObject
-  - ZwDuplicateObject
-  - ZwOpenProcessToken
-  - ZwQueryInformationProcess
-  - ZwQuerySystemInformation
-  - ObCloseHandle
-  - ObOpenObjectByName
-  - memcpy
-  - memset
-  - IoFileObjectType
-  - PsProcessType
-  - PsThreadType
-  - NtBuildNumber
-  - strncpy
-  - KeStackAttachProcess
-  - memmove
-  - ZwSetSecurityObject
-  - IoDeviceObjectType
-  - IoCreateDevice
-  - RtlUnwind
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetSaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - _snwprintf
-  - RtlLengthSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - SeExports
-  - IoIsWdmVersionAvailable
-  - _wcsnicmp
-  - RtlAddAccessAllowedAce
-  - RtlLengthSid
-  - wcschr
-  - RtlAbsoluteToSelfRelativeSD
-  - RtlSetDaclSecurityDescriptor
-  - RtlCreateSecurityDescriptor
-  - ZwOpenKey
-  - ZwCreateKey
-  - ZwQueryValueKey
-  - ZwSetValueKey
-  - RtlFreeUnicodeString
-  - KeTickCount
-  - KeBugCheckEx
-  - KfLowerIrql
-  - KfRaiseIrql
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Test PCA
-      ValidFrom: '2010-05-10 07:00:00'
-      ValidTo: '2020-12-29 07:00:00'
-      Signature: a5e89be29a34018c5eb99e6500101e7bde49d04c42f76ece04cacdaaac0de80f586b1ba7bbc841d892fe7477ab3c28f2a507ca45c4e65cfe487d0add256644c366d8f417666a7f11e622a8c31b09663524d9da9f092f3576291e00a4186ae9c857d0af477baa74d02fa3bbbb1f13e37dcd2855295be421278d806e2d597c72ff42aab3fef101b0bfd34d94e14a54f1394a541d08ee74119115dc5079db43cd1cad7ca84c57f843f68ef6f75e1d917e0ddbb1b6724be9a53df535c8cb77f59eb4
-      SignatureAlgorithmOID: 1.3.14.3.2.29
-      IsCertificateAuthority: true
-      SerialNumber: 6a0b994fc0004aab11df8adce1e027aa
-      Version: 3
-      TBS:
-        MD5: 8ee8b5683b30c385e8f50ba39c817ecf
-        SHA1: 0bead658f967af350cfce561ac851470f0bea7a7
-        SHA256: 09763f5805c8295309022c7ef0dab73421a992d49902824b93a2a39f639c1ae7
-        SHA384: 8e30b9dbbecb0eb13a70166c2db49365467daca2b4c5a323bd675dcdaff232b9c92f93d45da62ea403524a4220e2aa0f
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: DC=com, DC=microsoft, DC=corp, DC=redmond, CN=MSIT Test CodeSign CA
-        2
-      ValidFrom: '2014-01-03 23:17:17'
-      ValidTo: '2018-01-03 23:17:17'
-      Signature: 600ff8df535a796bbfced445b646d9269fe514eabe10b53277af5085fa3e5e54e21e649f474d88898b7a3dc3256b7397224f7055466bc237465c153b87ee9529e08a3f0d2076719b25f9b3bb421b3ba628448696e986ee3a204078c0c2652735080ef7577a6b3e47a09174e5e863929dac616d67a63f6741a99f7ad7647a3ce18fb9541cb3b79b96ac18e68af065442cad6915e597b2758f33957345c682658eefc1da2f56580b15630e4e0dbeeadbe57bffb975fdbedcde81ed18bc34562ab05d52f9005126dd43a5a5ea46b0a6ec62d3a040c0f804650cabb2f8fd55e7cb7108172f71fee99a648a869fb1d73e9fc2700a6efad07bad0aa21be22e8ea8914e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 3300000021dd626c1271c15d6f000100000021
-      Version: 3
-      TBS:
-        MD5: af75bafa171badc569c547f8cb748b04
-        SHA1: ca9e1727c61692a1894e9f78f646a34f1a4046c1
-        SHA256: 6f3fc63b80ab900fb038ca2bff158a031615bf33c8e4a069e309e7985b30f9ca
-        SHA384: 264a82fc20cf73d863651570f7d2b0aaf0765c92953ea47eb6fc85f7d4c7a6e2a146c0e654611d33ad273474d5167a40
-    - Subject: CN=Mark Russinovich
-      ValidFrom: '2015-06-30 15:50:49'
-      ValidTo: '2016-06-29 15:50:49'
-      Signature: a5e48ed2bb14b9940826f88cb72b09bf1cd99dcf8f9816164bb14db8dc7805b2b1aa0e197e3dbc2ca73d591759a93077ea140b9d62d80e29b1d3bfdd9cbe8055064139c70256c5d4ca4f7a23671a00a94963ed2fccf1a618391343b96cabe8c075be2b6ffa0dc0f1ffc2d832185f3010fd555d1d8a7ec669dd872eb8856624f480a3ed5ad27ddcf485fe761ecea5f90754d956f07132ac9e68e78c84f875fe72790c6581a6e22d1d0ab22f637b87668d930f664299dbf1ca09d65647521fff791d3ca79fe2dc01c8d97d41a8332bc383eac81578243ebde8c9ff1f6a87bea0b1eeda190920d020e775b6216d04cb9dcbdcd299745e5fbcb91d919a7d41d61125
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 77005ec5ff32646dcbf76aac900003005ec5ff
-      Version: 3
-      TBS:
-        MD5: d47b1f71468f38d938a59072612c5a81
-        SHA1: f029c7017324e858115d76088dd21ab0106145d2
-        SHA256: 400790acf2a3847c7021865e7213b25eec9b9354cf5ec47ec1d3cadf2e8be539
-        SHA384: 26fdffba51f8b2620f44d1f199e5a3c6a81744d4b4c4116eee67edbca74ef6002cddd7bc5aec674fed74d84b72a1b166
-    Signer:
-    - SerialNumber: 77005ec5ff32646dcbf76aac900003005ec5ff
-      Issuer: DC=com, DC=microsoft, DC=corp, DC=redmond, CN=MSIT Test CodeSign CA
-        2
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 2730904f5b7710d90214612e812b40e7
-    SHA1: 816b6dc12f26d2e229f388b1b6332983f6f84435
-    SHA256: a9105aa56ee389cdb89ef2b3cf9ddbf176c8d60493879497875b6db003a3ebbc
-  Sections:
-    .text:
-      Entropy: 6.177002526293282
-      Virtual Size: '0x1e60'
-    .rdata:
-      Entropy: 3.750710913663099
-      Virtual Size: '0x68c'
-    .data:
-      Entropy: 2.0959485813397767
-      Virtual Size: '0x1c0'
-    PAGE:
-      Entropy: 6.234132326978529
-      Virtual Size: '0x1364'
-    INIT:
-      Entropy: 5.405593329483538
-      Virtual Size: '0x758'
-    .rsrc:
-      Entropy: 3.2786288785655353
-      Virtual Size: '0x380'
-    .reloc:
-      Entropy: 6.4689942009857395
-      Virtual Size: '0x360'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2015-12-05 14:43:50'
-  Imphash: 3c9af2347198d96c8ab5b189b4e3db37
-  LoadsDespiteHVCI: 'TRUE'
-- Filename: procexp.Sys
-  MD5: 0ef05030abd55ba6b02faa2c0970f67f
-  SHA1: f6d826d73bf819dbc9a058f2b55c88d6d4b634e3
-  SHA256: bced04bdefad6a08c763265d6993f07aa2feb57d33ed057f162a947cf0e6668f
-  Authentihash:
-    MD5: 82ece436a712985b767d42a178872ab3
-    SHA1: e7bedb9528d3da5e7e161a14db260140a02facca
-    SHA256: d28acafeb6a85294d2672fa894a2934599713aa9ce1b21184dc1ec34131af7bb
-  Description: Process Explorer
-  Company: Sysinternals - www.sysinternals.com
-  InternalName: procexp.sys
-  OriginalFilename: procexp.Sys
-  FileVersion: '9.30'
-  Product: Process Explorer
-  ProductVersion: '9.30'
-  Copyright: Copyright (C) M. Russinovich 1996-2005
-  MachineType: I386
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - ObQueryNameString
-  - ZwClose
-  - ZwDuplicateObject
-  - ZwOpenProcess
-  - KeDetachProcess
-  - ObfDereferenceObject
-  - ObReferenceObjectByHandle
-  - KeAttachProcess
-  - PsLookupProcessByProcessId
-  - MmIsAddressValid
-  - ObOpenObjectByPointer
-  - ZwQueryInformationProcess
-  - NtBuildNumber
-  - RtlUnicodeStringToAnsiString
-  - IofCompleteRequest
-  - SeReleaseSubjectContext
-  - SePrivilegeCheck
-  - ExGetPreviousMode
-  - SeCaptureSubjectContext
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - ExAllocatePoolWithTag
-  - RtlUnwind
-  - strncpy
-  - ZwOpenProcessToken
-  - RtlFreeAnsiString
-  - KfLowerIrql
-  - KfRaiseIrql
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=US, ST=Texas, L=Austin, O=Sysinternals, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, OU=Headquarters, CN=Sysinternals
-      ValidFrom: '2006-02-02 00:00:00'
-      ValidTo: '2007-04-04 23:59:59'
-      Signature: 5af17754974b15636dc46a7e5295ee11668ae831cec469f15925a66f796b3aa4f912b02278957d3faf1a4df6a88b6e4720c082286400fcf2ca9b56c64197ff5c13a01dd81af41255c57cd1acf1cd790b613446332e716235469f0b2fd62d02d3ebea5965dcb2c6bc7e389e09308a895ef339ff981c4f3c8f5c8d907df45d44eb385e787cfded041491e9d72532a9ef8c8ee1d3931583c078656d1ce3d0316d8806faa8921b4837f0b5f0af1a50b2a798904ebde9bb438b06e2558c97a56145614d7e32193dcc85482bbaf4cc632094946b45ff6c1fde47cc0808344ec175d3555b66ebedd451d88e6bbf3463faf9bf65a0595d37d9e2033ae65ab7e08e081078
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 75c1a798b875894335c78cddbf05cbff
-      Version: 3
-      TBS:
-        MD5: a41a1fbfc85b812b2a1570204015b8b4
-        SHA1: a7e0f6ba7402a18a3a4e861e57a3ffacb582e8c0
-        SHA256: c770e31a5ae65a0ae2b2b2c550ebaa2aa3594d872c08b31dde6d8105fc8b6687
-        SHA384: 1b58aa762321744aba0769fbf8d45151bb613a18cf8caf68b41c85af4c1715681cd186df5e5805cf400b12ab09166e9b
-    Signer:
-    - SerialNumber: 75c1a798b875894335c78cddbf05cbff
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 7ed4474ed84b1f8f736a1628b81bd13c
-    SHA1: 4456cd303246bff5ac1095977b7c56a1c4ba02fa
-    SHA256: 1379bea6cc6236eca70f97ba7fc73338ade1f24a85c4bf1c08992e573a48fad2
-  Sections:
-    .text:
-      Entropy: 6.100262415508947
-      Virtual Size: '0xf68'
-    INIT:
-      Entropy: 5.190425299514774
-      Virtual Size: '0x358'
-    .rsrc:
-      Entropy: 3.2730236665026364
-      Virtual Size: '0x380'
-    .reloc:
-      Entropy: 4.850293456344704
-      Virtual Size: '0x12e'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2006-01-06 15:04:34'
-  Imphash: 5bb79a6caa12076a6d140085cb53892e
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: procexp.Sys
-  MD5: b7ca4c32c844df9b61634052ae276387
-  SHA1: 6df6d5b30d04b9adb9d2c99de18ed108b011d52b
-  SHA256: bdbceca41e576841cad2f2b38ee6dbf92fd77fbbfdfe6ecf99f0623d44ef182c
-  Authentihash:
-    MD5: 1694c87131cee15e63d71936859506b8
-    SHA1: 5eb106f413ad1d8de4c04661a1c5162410164d50
-    SHA256: 120f7983011211e6740d7a3a4cd2354507866ef7d36a48e2e3a9bd5b52c21c8a
-  Description: Process Explorer
-  Company: Sysinternals - www.sysinternals.com
-  InternalName: procexp.sys
-  OriginalFilename: procexp.Sys
-  FileVersion: '11.01'
-  Product: Process Explorer
-  ProductVersion: '11.01'
-  Copyright: Copyright (C) M. Russinovich 1996-2007
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - NtBuildNumber
-  - ZwOpenProcess
-  - PsLookupProcessByProcessId
-  - ZwQueryInformationProcess
-  - IoCreateSymbolicLink
-  - RtlInitUnicodeString
-  - MmIsAddressValid
-  - IoDeleteDevice
-  - ObfDereferenceObject
-  - ExGetPreviousMode
-  - IoCreateDevice
-  - MmGetSystemRoutineAddress
-  - ObOpenObjectByPointer
-  - ZwQueryObject
-  - RtlUnicodeStringToAnsiString
-  - SePrivilegeCheck
-  - ZwQuerySystemInformation
-  - ZwOpenProcessToken
-  - SeReleaseSubjectContext
-  - KeDetachProcess
-  - ObQueryNameString
-  - strncpy
-  - ExAllocatePool
-  - SeCaptureSubjectContext
-  - NtClose
-  - ZwClose
-  - IofCompleteRequest
-  - ObReferenceObjectByHandle
-  - IoDeleteSymbolicLink
-  - ZwDuplicateObject
-  - ExFreePoolWithTag
-  - RtlFreeAnsiString
-  - KeAttachProcess
-  - KeBugCheckEx
-  - __C_specific_handler
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=US, ST=Texas, L=Austin, O=Sysinternals, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, OU=Headquarters, CN=Sysinternals
-      ValidFrom: '2007-03-05 00:00:00'
-      ValidTo: '2010-04-19 23:59:59'
-      Signature: a1ce9df2911dc8d72282d3c41cc94a5ec63e00dbdf60015908bc703678b1a68e25d1ec5780e425ffb68e3e1bb0ea62cc9ba43c0e262cfa5f6c552458696acb67422328df20215aa22e5e8d4417d8688fcb06c1de0fe431e6811596fb0dcbe8678fe69098653687b041ab4eefd3181964c0a5225fe0a1606ff4c12c3f57d7e620860dcd66a8b856438dfb87d10e50beea9e838964d2584811fa83287ef363e88e4fc5b8d09f2fb4feeb7fd7f2a77661cb75ed56a0d3b60fdeed43674757704753721df8c8801ee85e4818fafb012399b1d36a8e17b8e40cbaa0fd891b6d2e0515dbd4d743e42eea35a9b191bf26a850eff41a5aa6d95790329c8a21a88c11faba
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 7d2c89d309e57beef2d791bb8ed6a26f
-      Version: 3
-      TBS:
-        MD5: ae18dfd140f9414eadf1f611ec1b84b7
-        SHA1: 9aecb2568e995d5965e49acf3ff247bc3d1ab99c
-        SHA256: f14ce5fe5f508ced18d652e8211edb00c1c773899d03d18dec932df9c54f0a86
-        SHA384: c2a6c771b86b687befda12f6871e2f0d473317b4694f25ddc835d2f203953870f26ae9994822e53fcddaeb012f2b6740
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 7d2c89d309e57beef2d791bb8ed6a26f
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 3ea5cd355cba9d9928873cdba35d4bcc
-    SHA1: b7e9df380d50227614a9745068a6b50c798b66f9
-    SHA256: b3da31bed27ae39b6fd4b9152315a2a81e444cdb54edb34eb6a583538717a4a1
-  Sections:
-    .text:
-      Entropy: 6.134866287932838
-      Virtual Size: '0x1a98'
-    .rdata:
-      Entropy: 4.141958899402925
-      Virtual Size: '0x2dc'
-    .data:
-      Entropy: 0.4860349013607531
-      Virtual Size: '0x124'
-    .pdata:
-      Entropy: 3.5957393883250757
-      Virtual Size: '0xc0'
-    INIT:
-      Entropy: 5.011637602197952
-      Virtual Size: '0x4a0'
-    .rsrc:
-      Entropy: 3.2795326755401355
-      Virtual Size: '0x380'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2008-07-21 14:42:49'
-  Imphash: 0b40636205c64cacfd2e4f407518ad58
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: procexp.Sys
-  MD5: 9beecfb3146f19400880da61476ef940
-  SHA1: d5beca70469e0dcb099ba35979155e7c91876fd2
-  SHA256: c089a31ac95d41ed02d1e4574962f53376b36a9e60ff87769d221dc7d1a3ecfa
-  Authentihash:
-    MD5: c292f0024a454f42fba117b3505b12e9
-    SHA1: d9ebe7ff8318eeece457fc72bec2b582d3350b61
-    SHA256: f0fb06748758082263e252050904f2fd8a29a77ae71dfdb390346bd2046ebfd4
-  Description: Process Explorer
-  Company: Sysinternals - www.sysinternals.com
-  InternalName: procexp.sys
-  OriginalFilename: procexp.Sys
-  FileVersion: '15.00'
-  Product: Process Explorer
-  ProductVersion: '15.00'
-  Copyright: Copyright (C) Mark Russinovich 1996-2014
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - strncpy
-  - RtlInitUnicodeString
-  - RtlUnicodeStringToAnsiString
-  - RtlFreeAnsiString
-  - KeWaitForSingleObject
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - ExGetPreviousMode
-  - MmGetSystemRoutineAddress
-  - SeCaptureSubjectContext
-  - SeReleaseSubjectContext
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ObReferenceObjectByHandle
-  - ObfDereferenceObject
-  - ZwClose
-  - MmIsAddressValid
-  - ZwOpenProcess
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - SePrivilegeCheck
-  - PsLookupProcessByProcessId
-  - ObOpenObjectByPointer
-  - ObQueryNameString
-  - ZwQueryObject
-  - ZwDuplicateObject
-  - ZwOpenProcessToken
-  - ZwQueryInformationProcess
-  - ZwQuerySystemInformation
-  - ObCloseHandle
-  - ObOpenObjectByName
-  - __C_specific_handler
-  - IoFileObjectType
-  - PsProcessType
-  - PsThreadType
-  - NtBuildNumber
-  - IoCreateDevice
-  - ZwSetSecurityObject
-  - IoDeviceObjectType
-  - _snwprintf
-  - RtlLengthSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - RtlCreateSecurityDescriptor
-  - RtlSetDaclSecurityDescriptor
-  - RtlAbsoluteToSelfRelativeSD
-  - IoIsWdmVersionAvailable
-  - SeExports
-  - wcschr
-  - _wcsnicmp
-  - RtlLengthSid
-  - RtlAddAccessAllowedAce
-  - RtlGetSaclSecurityDescriptor
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - ZwOpenKey
-  - ZwCreateKey
-  - ZwQueryValueKey
-  - ZwSetValueKey
-  - RtlFreeUnicodeString
-  - KeBugCheckEx
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, ST=Washington, L=Redmond, O=Sysinternals, OU=Digital ID Class
-        3 , Microsoft Software Validation v2, CN=Sysinternals
-      ValidFrom: '2013-04-06 00:00:00'
-      ValidTo: '2016-05-05 23:59:59'
-      Signature: dcae28e748027154f884826e2ddb877a410d735e07184d1777b9fe78bb3458d7b9cb6be5a892e1f6f16f040f4c143bb40dee252c632d495822bf8eef37429257332efd651b27023dba183f9824886a3602f3a0b3d78addfc85e235da619e504d300242eb19dc85c34d170a78d849372b6fb7de286fe6ed87c62f45d8e7ddf4840c009fadfbb0cf4268f0d476113f2f970d04be95e41665f20166a156b5a407c62f7e7b3d7b2acce45a615af50c85631dadab3088137df317645ef6c901b313a02abe7cf128aff2a16dfebb8e1dc4d39b5919e9433955fc3f2ba065833b573ef8e346f1505e613d5cee2efc71d7b5477a80dcc32ae5acb580370ddfa9dda309f2
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1efd983a49d3f152ac9cd2941b8a0edd
-      Version: 3
-      TBS:
-        MD5: 1b7ca026e68405de56477b5b7bb3a0a5
-        SHA1: b2a1bd13d8833154f02e51e25c9f023d54a27d21
-        SHA256: 2018b8e7ea18c392558dcd375742cc792648ec23e5eb07d7987c27c76f4c62c0
-        SHA384: a8ccad9eeb4974ba9504241c685e7e1dd85e0de420c0ae077f8f3e92b3ab7c9a1653b3d0d535250a741bb7e36ec2f06a
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 1efd983a49d3f152ac9cd2941b8a0edd
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: aff0aa7b20b4b7a5a981901f3d77237c
-    SHA1: 263eefe8940d88cce62ddce6fba55eacf2b36ab8
-    SHA256: 205571b9130bfcc537bcf92e2898431e4afb0dfeabff2c2079146702745ea250
-  Sections:
-    .text:
-      Entropy: 6.194112925534596
-      Virtual Size: '0x2370'
-    .rdata:
-      Entropy: 4.434868128160928
-      Virtual Size: '0xb78'
-    .data:
-      Entropy: 2.0654743843388097
-      Virtual Size: '0x224'
-    .pdata:
-      Entropy: 4.238556641699438
-      Virtual Size: '0x2e8'
-    PAGE:
-      Entropy: 6.226087739371598
-      Virtual Size: '0x1a1b'
-    INIT:
-      Entropy: 5.215673013101648
-      Virtual Size: '0x818'
-    .rsrc:
-      Entropy: 3.282250655906871
-      Virtual Size: '0x380'
-    .reloc:
-      Entropy: 2.855388542207534
-      Virtual Size: '0x18'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2014-07-08 00:28:27'
-  Imphash: 4792bcb395d06f9efb72e8020c4af5e6
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: procexp.Sys
-  MD5: b79475c4783efdd8122694c6b5669a79
-  SHA1: d612165251d5f1dcfb1f1a762c88d956f49ce344
-  SHA256: cdfbe62ef515546f1728189260d0bdf77167063b6dbb77f1db6ed8b61145a2bc
-  Authentihash:
-    MD5: bee5a87f72b42f3bb5958ba541f4caff
-    SHA1: 9e0516a6ce73163e2ff5bf0740b57da46846228b
-    SHA256: 74716032cc2f63c67b9df0882c6794b4bf66147d943329db5f233a04c2fd9b12
-  Description: Process Explorer
-  Company: Sysinternals - www.sysinternals.com
-  InternalName: procexp.sys
-  OriginalFilename: procexp.Sys
-  FileVersion: '16.32'
-  Product: Process Explorer
-  ProductVersion: '16.32'
-  Copyright: Copyright (C) Mark Russinovich 1996-2020
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - strncpy
-  - RtlInitUnicodeString
-  - RtlUnicodeStringToAnsiString
-  - RtlFreeAnsiString
-  - KeWaitForSingleObject
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - ExGetPreviousMode
-  - MmGetSystemRoutineAddress
-  - SeCaptureSubjectContext
-  - SeReleaseSubjectContext
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ObReferenceObjectByHandle
-  - ObfDereferenceObject
-  - ZwClose
-  - MmIsAddressValid
-  - PsGetVersion
-  - ZwOpenProcess
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - SePrivilegeCheck
-  - PsLookupProcessByProcessId
-  - ObOpenObjectByPointer
-  - ObQueryNameString
-  - ZwQueryObject
-  - ZwDuplicateObject
-  - ZwOpenProcessToken
-  - ZwQueryInformationProcess
-  - ZwQuerySystemInformation
-  - ObCloseHandle
-  - ObOpenObjectByName
-  - __C_specific_handler
-  - IoFileObjectType
-  - PsProcessType
-  - PsThreadType
-  - RtlFreeUnicodeString
-  - IoCreateDevice
-  - ZwSetSecurityObject
-  - IoDeviceObjectType
-  - _snwprintf
-  - RtlLengthSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - RtlCreateSecurityDescriptor
-  - RtlSetDaclSecurityDescriptor
-  - RtlAbsoluteToSelfRelativeSD
-  - IoIsWdmVersionAvailable
-  - SeExports
-  - wcschr
-  - _wcsnicmp
-  - RtlLengthSid
-  - RtlAddAccessAllowedAce
-  - RtlGetSaclSecurityDescriptor
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - ZwOpenKey
-  - ZwCreateKey
-  - ZwQueryValueKey
-  - ZwSetValueKey
-  - KeBugCheckEx
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Hardware Compatibility Publisher
-      ValidFrom: '2020-03-04 19:12:18'
-      ValidTo: '2021-03-03 19:12:18'
-      Signature: 36f61260ed044bf89549c232aa8ee2004a952d0e542dc7388d42439d56f055eae824b2cf5be28cfae13b7c6064dc82e4ad88ddd542db32adc513e2b2b4c2a8e842cef37844682e569326e401f11243c4a2ad8b3b164909afdc57a9ee36d6b3e2a29785a8c1e60368581989af87b0d0e614102a64d39a621887b25fc02b846c65e0f2bfcd5385942c77aafae5cb3d7a89ea7fd71b65d6e33506286ac35ff7c3d1600eb51989271921b449a20ba70f383eb24c015a621af60f0593cc7cecaca55697f3a41c550aefa048fff0999175778613a8f902166e58bd46cb10e6c7a4e605073a7615d414476ee5cf4c51662cba47e7dc85324fd8fd13cbbcbe47a7287e29
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 330000009484c47568579aafe9000000000094
-      Version: 3
-      TBS:
-        MD5: b46a69db7e461e55282dc24dc594e5d6
-        SHA1: 3b19241d555a74781e2b63a7c14ad12b1ec68205
-        SHA256: 2a247cfecd58618afbf0f68cde5b9284a822e18e6ad5ff873467c6845b7f5975
-        SHA384: 5d7aeddeeef9b55bec8c3c5def19b19b0986f14b37ebc2e572847c82ab66a5dda02cfb30dd60a6be132441c7c4a70e79
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2012
-      ValidFrom: '2012-04-18 23:48:38'
-      ValidTo: '2027-04-18 23:58:38'
-      Signature: 5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 610baac1000000000009
-      Version: 3
-      TBS:
-        MD5: a569061297e8e824767dbc3184a69bea
-        SHA1: adbb26a587a8f44b4fccaecb306f980d1c55a150
-        SHA256: cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46
-        SHA384: e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba
-    Signer:
-    - SerialNumber: 330000009484c47568579aafe9000000000094
-      Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2012
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 43d9cd97a9af9d2018a2e3b912ceee7b
-    SHA1: 8376f05ff6ebd3001f063c022d6878ae5f3b0adc
-    SHA256: 8affa451179e3e28a8f4f5e5ce035ec16f661d943ec0acc9ac6e987e7640dfc9
-  Sections:
-    .text:
-      Entropy: 6.137423926314564
-      Virtual Size: '0x25a0'
-    .rdata:
-      Entropy: 4.316500024833388
-      Virtual Size: '0xf68'
-    .data:
-      Entropy: 2.0732868843388097
-      Virtual Size: '0x22c'
-    .pdata:
-      Entropy: 4.199286592950671
-      Virtual Size: '0x2f4'
-    PAGE:
-      Entropy: 6.228697679351415
-      Virtual Size: '0x1a1b'
-    INIT:
-      Entropy: 5.210944759781676
-      Virtual Size: '0x818'
-    .rsrc:
-      Entropy: 3.300315570047502
-      Virtual Size: '0x380'
-    .reloc:
-      Entropy: 3.698934896284056
-      Virtual Size: '0x30'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2020-09-11 15:57:25'
-  Imphash: d122c1eaa50839be14c31876d0d4e0be
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: procexp.Sys
-  MD5: 318e309e11199ec69d8928c46a4d901b
-  SHA1: 63bb17160115f16b3fca1f028b13033af4e468c6
-  SHA256: d6827cd3a8f273a66ecc33bb915df6c7dea5cc1b8134b0c348303ef50db33476
-  Authentihash:
-    MD5: decbda17e27f012c72e5ff39c8c19089
-    SHA1: ecdaa78f29e1f1a27d28b45a9de5f93af9f18f15
-    SHA256: ee24071d9a0ef38dc98929cfb4d316f9fb010de107c110fad2403022cf1eebfc
-  Description: Process Explorer
-  Company: Sysinternals - www.sysinternals.com
-  InternalName: procexp.sys
-  OriginalFilename: procexp.Sys
-  FileVersion: '15.00'
-  Product: Process Explorer
-  ProductVersion: '15.00'
-  Copyright: Copyright (C) Mark Russinovich 1996-2014
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - strncpy
-  - RtlInitUnicodeString
-  - RtlUnicodeStringToAnsiString
-  - RtlFreeAnsiString
-  - KeWaitForSingleObject
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - ExGetPreviousMode
-  - MmGetSystemRoutineAddress
-  - SeCaptureSubjectContext
-  - SeReleaseSubjectContext
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ObReferenceObjectByHandle
-  - ObfDereferenceObject
-  - ZwClose
-  - MmIsAddressValid
-  - PsGetVersion
-  - ZwOpenProcess
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - SePrivilegeCheck
-  - PsLookupProcessByProcessId
-  - ObOpenObjectByPointer
-  - ObQueryNameString
-  - ZwQueryObject
-  - ZwDuplicateObject
-  - ZwOpenProcessToken
-  - ZwQueryInformationProcess
-  - ZwQuerySystemInformation
-  - ObCloseHandle
-  - ObOpenObjectByName
-  - __C_specific_handler
-  - IoFileObjectType
-  - PsProcessType
-  - PsThreadType
-  - IoCreateDevice
-  - ZwSetSecurityObject
-  - IoDeviceObjectType
-  - _snwprintf
-  - RtlLengthSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - RtlCreateSecurityDescriptor
-  - RtlSetDaclSecurityDescriptor
-  - RtlAbsoluteToSelfRelativeSD
-  - IoIsWdmVersionAvailable
-  - SeExports
-  - wcschr
-  - _wcsnicmp
-  - RtlLengthSid
-  - RtlAddAccessAllowedAce
-  - RtlGetSaclSecurityDescriptor
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - ZwOpenKey
-  - ZwCreateKey
-  - ZwQueryValueKey
-  - ZwSetValueKey
-  - RtlFreeUnicodeString
-  - KeBugCheckEx
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft
-        Operations Puerto Rico, OU=Thales TSS ESN:BBEC,30CA,2DBE, CN=Microsoft Time,Stamp
-        Service
-      ValidFrom: '2018-08-23 20:20:02'
-      ValidTo: '2019-11-23 20:20:02'
-      Signature: 18296d831c69501fcc0fba56af62fea612d3e1df8e88026af0152c003451479cc1ed1574a00da10660272dc5dd446a18c647b100a47b4c65d0ab4004131aebb3c988b6937214ee9dc7c2e381988b8fe0582c47fa97c21c9b0f11e198b8449015b171f00cb487241b0e339902adfd55f0adbc38b374e77f6daa6e5868b6197ba2122f927de072de2aa467f3175f948d3c29dacac8c697f26e08d840876c6c919bc522b59cf1fb5ee1b23bd9047b02b3a9edd5b1ad4b3be3bf7dec5a093e5732f75c5389eb28c6f95f1bd1c81381e96725eaf4df641c32aed1e77a8fdcdaa360c4b39c6257c5c14c57dc1a380e165cc2f3bfffc9c9ce9d36907e2c74cafdd5f722
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 33000000f6380d9a86d05ca43b0000000000f6
-      Version: 3
-      TBS:
-        MD5: 3094214121c022fb9a5e410920d5eb96
-        SHA1: 388c68e81cfc19e838d5070ac4e6793b32bfd293
-        SHA256: 0fe53b3d3a84a2b9768554a34a64622ed13cd1b915bdacdc4955e12cc24b4da9
-        SHA384: 8bdb4ff21bcdd1436dc37b1e6c9c7fb32178462243304b51a6277b5291a9421dd65fb238c8711b1aef75b85375a92599
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Hardware Compatibility Publisher
-      ValidFrom: '2018-06-08 17:24:26'
-      ValidTo: '2019-05-29 17:24:26'
-      Signature: 507e1dabe5c8a200d7b848d718478b9b2278f88da52f23c4c297c0694d76611430bff53bbe64c2bf85fa5ed551cef1d014dcf7f38109ebb5d8474c628715d4c10dd49f303cbe25aaca38d589b581c1e9786abfb23e79aa332cca8ddeeae9958623887375b40836c23f972646b8b8eac96f0b3dcbc88d56062c54a14d1e7f52ed4eb9d6e0e876fab6029355c1c7f791c63ce9ecfe5d78ffb5ba3ffb21fa78edca381c8717d1c23d01c3f0aa36cb01434f68c981c5924f04089d731c26846e466255679fab67bdfc16ab0debbc2d17f9458dcf4176ac6d63e1bb673a2d7daec55618183ae25d420dc2f7874c295fd7a4afef5cf609247c7c50f75aba8f0195fe03
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 33000000317c61d46115ceba6a000100000031
-      Version: 3
-      TBS:
-        MD5: 9a2de17c0445f3e68c9315347b5805f8
-        SHA1: df228171e01e890d9b69a749887197af4a3f7602
-        SHA256: 4a7311ef8dd289fa50df104e89c167449e87034901503c7e9423ee9e90d5c528
-        SHA384: e3f444c0320389de66bee39dc64dfb13eb4903590060830cbebaf14d8c707b2eb1e6289c9c08e7f258e6dea4387d88eb
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Hardware Compatibility PCA
-      ValidFrom: '2012-06-04 21:05:46'
-      ValidTo: '2020-06-04 21:15:46'
-      Signature: 0ddf98999318a11f177ab1350fbf36a767f19aae9d2b6878f00df46be551e1a2006c7df64f549376a929c92d15cb1e84bfdedb53638c99f519ebc1e0c1316929f808feeb4098a1742a085e1db5f064b29e45d51ec082db948d6627c5c13d8cec31a94e2682c2e3a11d1f795957b5959e2bf15735f165ee532336fd7250472f564b110c033165e9d151e84cbb18166c479bf193ccad7afb4e0a5a7df5554673eebd9cc7e95616c5bdc1f4323698f67e624e5de547179ee8a2ef1a036f6b536790d8b798deb565279a2ef7d60698683e5725829050744c79f570a60ad5a2a42dca8663b4aa403a43ce41ed76053d509dbefe0af8be00a703439e7e30f82c43d04cd5e4e5ccfea8bc7e0d827c931a327b5f60db68d61592a9644fb73be812ed2e8191add55e535695cdeb5791e290e1a2c8a926252280385d048812e033225d8490263e4fdc36ab70425923a78d6aa13ac6f71d126f1110faf5cf3c3f18802621c55edac43561d9002b0cb0287ee37f2ac7159f7f09fee67f8701ed0f39d50e1b9dfeaf16116af301d0c01bde1439992300df9e47077d6293691cbdc4aaa6fcbac071fea8b8f3aec9034128334ac15358409b8b8371503d9fba3f2c884fc648b05b3908ed710ae26c7509ef1253d60fc19641209f4f88d0695992bcf2555e799086f929121acd378057c6d3c68b9b2b63378701a9ccba6e50c0c80c77cd0a53799e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 33000000382e50e86a989d957f000000000038
-      Version: 3
-      TBS:
-        MD5: cfa5fa49250320f7a3473a82877fabf3
-        SHA1: 6b3242a9a639b0da4d5882c7eeb402be6615ad0c
-        SHA256: 8e7c756d4597e8cca0f627d75647e2f9d5a693f1f263b193347066d214c1d4db
-        SHA384: 296a0f621330ac591c8c80bdd5e5bd19e9c01e8d267d02a3f3abc845088174d752c077907b99b128d389dc13ea69d009
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Time,Stamp PCA
-      ValidFrom: '2007-04-03 12:53:09'
-      ValidTo: '2021-04-03 13:03:09'
-      Signature: 10978ac35c034436dde9b4ad77dbce79514d01b12e74715b6d0c13abcebe7b8fb82ed412a28c6d62b85702cb4e20135099dd7a40e257bbaf589a1ce11d0186acbb78f28bd0ec3b01eee2be8f0a05c88d48e2f05315dd4fab92e4e78d6ad580c1e694f2062f8503e9912a242270fbf6fce478992e0df707e270bc184e9d8e6b0a7295b8a1399c672dc5510eea625c3f16988b203fe2071a32f9cc314a76313d2b720bc8ea703dff850a13dfc20a618ef0d7b817eb4e8b7fc5352b5ea3bfebbc7d0b427bd4537221ee30cabb78655c5b01170a140ed2da1498f53cb96658b32d2fe7f98586cc5156e89d70946cac394cd4f679bfaa187a6229efa29b293406771a62c93d1e6d1f82f00bc72cbbcf43b3e5f9ec7db5e3a4a87435b84ec571231226760b3c528c715a464314bcb3b3b04d67c89f42ff807921809e153066e842125e1ac89e2221d043e92be9bbf448cc2cd4d832804c262a48245f5aea56efa6de999dca3a6fbd8127740611ee7621bf9b82c12754b6b16a3d89a17661b46ea113a6bfaa47f0126ffd8a326cb2fedf51c88c23c966bd9d1d871264023d2daf598fb8e421e5b5b0ca63b4785405d4412e50ac94b0a578abb3a096751ad992871375222f32a8086ea05b8c25bfa0ef84ca21d6eb1e4fc99aee49e0f701656f890b7dc869c8e66eeaa797ce3129ff0ec55b5cd84d1ba1d8fa2f9e3f2e55166bc913a3fd
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 6116683400000000001c
-      Version: 3
-      TBS:
-        MD5: 335713f62536c68d0acc82df3dceb932
-        SHA1: 023cf1c5e99dc2f24133dae6937145bb481306e6
-        SHA256: 65d585d6bf2b0aa4f798b9af69be08c6f1c3d01a754f989768b722a145df5312
-        SHA384: f7dd00644994985c518f70c060386448dd0c3a13f5eff12a0dd31bf8333f24b781928d323acca27e04633e71a7f22e71
-    Signer:
-    - SerialNumber: 33000000317c61d46115ceba6a000100000031
-      Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Hardware Compatibility PCA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: b304340f5a584624dcd7df388088259e
-    SHA1: 60b9485e04a7fd71335816953eeb57cabab0866d
-    SHA256: 7d5b2828aba79fcf1d98ba371f54c4ecb1fe7f56fdfad814e98a1074f3ec01bf
-  Sections:
-    .text:
-      Entropy: 6.192542500380886
-      Virtual Size: '0x22f0'
-    .rdata:
-      Entropy: 4.295275237990091
-      Virtual Size: '0xe2c'
-    .data:
-      Entropy: 2.0429884420387983
-      Virtual Size: '0x22c'
-    .pdata:
-      Entropy: 4.233708286405829
-      Virtual Size: '0x2e8'
-    PAGE:
-      Entropy: 6.2273427245942345
-      Virtual Size: '0x1a1b'
-    INIT:
-      Entropy: 5.211213219982408
-      Virtual Size: '0x818'
-    .rsrc:
-      Entropy: 3.282250655906871
-      Virtual Size: '0x380'
-    .reloc:
-      Entropy: 3.667481250360578
-      Virtual Size: '0x30'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2018-11-16 16:15:17'
-  Imphash: b8a35d469bc164d86ac7c64e93b0037b
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: procexp.Sys
-  MD5: c69c292e0b76b25a5fa0e16136770e11
-  SHA1: 05eff2001f595f9e2894c6b5eee756ae72379a6d
-  SHA256: e07211224b02aaf68a5e4b73fc1049376623793509d9581cdaee9e601020af06
-  Authentihash:
-    MD5: 92c56a03fbcd375d9569e1cf60bf78cd
-    SHA1: be428ed7b322ad13b2207294b934b0a67aa8345d
-    SHA256: fa959c48c055ec149d434a5adeb9f9938d1c260a65ee8a4ea1d67bfbdceab83f
-  Description: Process Explorer
-  Company: Sysinternals - www.sysinternals.com
-  InternalName: procexp.sys
-  OriginalFilename: procexp.Sys
-  FileVersion: '15.00'
-  Product: Process Explorer
-  ProductVersion: '15.00'
-  Copyright: Copyright (C) Mark Russinovich 1996-2014
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - strncpy
-  - RtlInitUnicodeString
-  - RtlUnicodeStringToAnsiString
-  - RtlFreeAnsiString
-  - KeWaitForSingleObject
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - ExGetPreviousMode
-  - MmGetSystemRoutineAddress
-  - SeCaptureSubjectContext
-  - SeReleaseSubjectContext
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ObReferenceObjectByHandle
-  - ObfDereferenceObject
-  - ZwClose
-  - MmIsAddressValid
-  - ZwOpenProcess
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - SePrivilegeCheck
-  - PsLookupProcessByProcessId
-  - ObOpenObjectByPointer
-  - ObQueryNameString
-  - ZwQueryObject
-  - ZwDuplicateObject
-  - ZwOpenProcessToken
-  - ZwQueryInformationProcess
-  - ZwQuerySystemInformation
-  - ObCloseHandle
-  - ObOpenObjectByName
-  - __C_specific_handler
-  - IoFileObjectType
-  - PsProcessType
-  - PsThreadType
-  - NtBuildNumber
-  - IoCreateDevice
-  - ZwSetSecurityObject
-  - IoDeviceObjectType
-  - _snwprintf
-  - RtlLengthSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - RtlCreateSecurityDescriptor
-  - RtlSetDaclSecurityDescriptor
-  - RtlAbsoluteToSelfRelativeSD
-  - IoIsWdmVersionAvailable
-  - SeExports
-  - wcschr
-  - _wcsnicmp
-  - RtlLengthSid
-  - RtlAddAccessAllowedAce
-  - RtlGetSaclSecurityDescriptor
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - ZwOpenKey
-  - ZwCreateKey
-  - ZwQueryValueKey
-  - ZwSetValueKey
-  - RtlFreeUnicodeString
-  - KeBugCheckEx
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, OU=nCipher
-        DSE ESN:B1B7,F67F,FEC2, CN=Microsoft Time,Stamp Service
-      ValidFrom: '2015-10-07 18:14:02'
-      ValidTo: '2017-01-07 18:14:02'
-      Signature: 01d47ac81233981cb030b0fbeeabdd39641bb136ee8863bea04f5ea087ad995f71743f3525cc1e89f20ba37b31e60e2b8e6838f8820ed9ba2201fef412b9831a62d323f9e0a752bc92dd2da8a110e7eb47ce16bd0b933a624a7554d44eaf30e718572ab6968e3234701ded6156b8ecdd53c36cac5ca802437198616ce6b84e707c80548ca7e638ea7acdc0ef56430f030e89c83a701d9ac7541d637b31f2e616a122db3a08ab044a93cc61e2fc4a31a61df406ad6f634bc04d9c1244e0a986c60bebf7f82b44cb769bc5f016f01cf32877adc0cd23e78494c23597207de815f1abe1217416477b62b0dacb176b10a8a9e0663e1f5ad41fec1fb51d2ddc6c8491
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 330000008a57ea89a349eb8be800000000008a
-      Version: 3
-      TBS:
-        MD5: fc736157189c18985ff54e87edc06166
-        SHA1: 9c4ab0e49bf223f88f1a9cd4be69e53db6f59ef2
-        SHA256: 8daf9edee56dd74ee0c24f9f618f2fac6eb78e8cd688c733bc8ba9c3a9d6303e
-        SHA384: 1ce3414a874efbbb74f1563aa28a7c5039b6ca232fc1c0975c8e608124d5d769e660d87436ef643e6b0cf2d672736fb1
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft
-        Corporation
-      ValidFrom: '2015-06-04 17:42:45'
-      ValidTo: '2016-09-04 17:42:45'
-      Signature: a6a85391df3b01fe615d065aeb66f00cd8f7d984d300510e10d1a4d11728e78c33382bd843c6038b75eb3392f4a9e267fd02dba51d4e43455d1b49e3e04f16f07e8ff08811ca82ada4fba6a95ff59760c87bc4bf7c9b69ed1f82c1f1cd8e784b62f5d70d1cd75312d69652ef35bd198ea04093a10aa52d169cc2467408ebdbf4d8a549365412115503b37b16fb47fefb68fcc0455ce23f127933a2ef82c5de401907ee15c50a9b590541a9d0979e819e035bfc4ae31a2e05ac50472f8cfa79d81e20f805fb296b1814fa7204b70ba79a64ec115d4f45498d291a2dfbd0b609535f3494e016c4b9ea7335e857efe1eb16c318c706b33bcf6184e2b6448994a386
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 330000010a2c79aed7797ba6ac00010000010a
-      Version: 3
-      TBS:
-        MD5: 14e79171202b9f17d8770ee3e9e1a04c
-        SHA1: ce13da3e20f06d1c9ebef5646f4b763f423fbffa
-        SHA256: 37823fe17d235fa83b5231f159e969bcf0d0c6c134d4a89a5f91a92143c7472f
-        SHA384: 3965aeba6c585db3abc820f536d80296b9868da981a558ade81e7ae4fd1a6203a7f953ab33f265fa7f1c566213a89ffa
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Code Signing PCA
-      ValidFrom: '2010-08-31 22:19:32'
-      ValidTo: '2020-08-31 22:29:32'
-      Signature: 59393e7f2646afeb6f40b132b56aeb0e2f6ea849f7eb5f75ed4c3b2dd743ad0bfecbe92d31a323cc7c509880215dac3d2f4cbaa2a8569ce370bbb8b4f879b54972f73eea417fcae10c1769cba59c202dfa0b50c456cd2de34ad2bc70e7a80da203a556e0b88a4b57f295429cf1f3efeee3861f343cb8569af05323852aa4821c93e294071df2e24ef88ca1cae813a5914ec81bd28f72952a716d9b1af81cf053d667cc22ff5c1dcda28cbd27b279635644a251cdf9e9a35856dd9b0245442f5ff4daaed482326efca49513e4eb69e7a9a22cbec82b100e658e99dbf5a2fa122609653894f17a1f4abbd1e156e8d07896185cc935165fdd931d498e2dbead34441cee10151a005ddd355b21ce98c709ee850e8c4f6d0e134e3d7c29489c72d1f36ccac1ec70a35792577d948da01b48035af7cfa3670a74a536ed2d2f17c8e6723712f46fb13c6782f952b28d3316651e0e8add10de64f46fce46d4d317e979c404b4d3fb2cdf1f8a9eac0afb132740ade4f9e1a97f46bb0760476560404eb042ec4eedb37679d80a34096d1c80311fe20e54dde5a1fbe54710ad6498ff50162e7cbf05217ae295412769c3938f95c98dd89b21ae0d5c9cf0a2ae8668830c6a2dbb766b001d96adf2167bf6168324b988cf6aa847312f9adce3713dd7007e6247d1ce88c9b818fa0e728dc1a33daf02406aff699b96e210a810b4375008d6c33d
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 6133261a000000000031
-      Version: 3
-      TBS:
-        MD5: 482f91c72e48878971dcf15579a96bd8
-        SHA1: 27543a3f7612de2261c7228321722402f63a07de
-        SHA256: d372e474aa3b4ca8c060f6adbab1dd488b720b0314aeaf05d49448180ff8afc6
-        SHA384: 63ec1262b2abf88e3a376855d52b4973a32721d960a6c99c2019395c40ffc21c1e60c123c2e81bf93565471caabfb5bf
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Time,Stamp PCA
-      ValidFrom: '2007-04-03 12:53:09'
-      ValidTo: '2021-04-03 13:03:09'
-      Signature: 10978ac35c034436dde9b4ad77dbce79514d01b12e74715b6d0c13abcebe7b8fb82ed412a28c6d62b85702cb4e20135099dd7a40e257bbaf589a1ce11d0186acbb78f28bd0ec3b01eee2be8f0a05c88d48e2f05315dd4fab92e4e78d6ad580c1e694f2062f8503e9912a242270fbf6fce478992e0df707e270bc184e9d8e6b0a7295b8a1399c672dc5510eea625c3f16988b203fe2071a32f9cc314a76313d2b720bc8ea703dff850a13dfc20a618ef0d7b817eb4e8b7fc5352b5ea3bfebbc7d0b427bd4537221ee30cabb78655c5b01170a140ed2da1498f53cb96658b32d2fe7f98586cc5156e89d70946cac394cd4f679bfaa187a6229efa29b293406771a62c93d1e6d1f82f00bc72cbbcf43b3e5f9ec7db5e3a4a87435b84ec571231226760b3c528c715a464314bcb3b3b04d67c89f42ff807921809e153066e842125e1ac89e2221d043e92be9bbf448cc2cd4d832804c262a48245f5aea56efa6de999dca3a6fbd8127740611ee7621bf9b82c12754b6b16a3d89a17661b46ea113a6bfaa47f0126ffd8a326cb2fedf51c88c23c966bd9d1d871264023d2daf598fb8e421e5b5b0ca63b4785405d4412e50ac94b0a578abb3a096751ad992871375222f32a8086ea05b8c25bfa0ef84ca21d6eb1e4fc99aee49e0f701656f890b7dc869c8e66eeaa797ce3129ff0ec55b5cd84d1ba1d8fa2f9e3f2e55166bc913a3fd
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 6116683400000000001c
-      Version: 3
-      TBS:
-        MD5: 335713f62536c68d0acc82df3dceb932
-        SHA1: 023cf1c5e99dc2f24133dae6937145bb481306e6
-        SHA256: 65d585d6bf2b0aa4f798b9af69be08c6f1c3d01a754f989768b722a145df5312
-        SHA384: f7dd00644994985c518f70c060386448dd0c3a13f5eff12a0dd31bf8333f24b781928d323acca27e04633e71a7f22e71
-    Signer:
-    - SerialNumber: 330000010a2c79aed7797ba6ac00010000010a
-      Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Code Signing PCA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: a052ed4e5d10c66e3e667a42fcdcc54a
-    SHA1: 04b9d41ef58b5aaaca72f0ce222a8adfbe8ad251
-    SHA256: c254feaf8c3e788a6ec9d41de0d7bad054f4347a8347d6806840cd1d9030ed4a
-  Sections:
-    .text:
-      Entropy: 6.194112925534596
-      Virtual Size: '0x2370'
-    .rdata:
-      Entropy: 4.4428556927172265
-      Virtual Size: '0xb80'
-    .data:
-      Entropy: 2.0654743843388097
-      Virtual Size: '0x224'
-    .pdata:
-      Entropy: 4.238715005322108
-      Virtual Size: '0x2e8'
-    PAGE:
-      Entropy: 6.226087739371598
-      Virtual Size: '0x1a1b'
-    INIT:
-      Entropy: 5.215673013101648
-      Virtual Size: '0x818'
-    .rsrc:
-      Entropy: 3.282250655906871
-      Virtual Size: '0x380'
-    .reloc:
-      Entropy: 2.855388542207534
-      Virtual Size: '0x18'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2016-02-04 15:04:43'
-  Imphash: 4792bcb395d06f9efb72e8020c4af5e6
-  LoadsDespiteHVCI: 'TRUE'
-- Filename: procexp.Sys
-  MD5: 9982da703f13140997e137b1e745a2e3
-  SHA1: 511b06898770337609ee065547dbf14ce3de5a95
-  SHA256: e3f2ee22dec15061919583e4beb8abb3b29b283e2bcb46badf2bfde65f5ea8dd
-  Authentihash:
-    MD5: db32843b80c6e8c9173847c3faab2200
-    SHA1: fffeec16afdeedd2bee22860f0942c846ba9ee1a
-    SHA256: cee01c69cb0c06dd0d98ff05aeb2b0a34a4aa1a71d35a3033bf9c1a35b637c55
-  Description: Process Explorer
-  Company: Sysinternals - www.sysinternals.com
-  InternalName: procexp.sys
-  OriginalFilename: procexp.Sys
-  FileVersion: '15.00'
-  Product: Process Explorer
-  ProductVersion: '15.00'
-  Copyright: Copyright (C) Mark Russinovich 1996-2014
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - strncpy
-  - RtlInitUnicodeString
-  - RtlUnicodeStringToAnsiString
-  - RtlFreeAnsiString
-  - KeWaitForSingleObject
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - ExGetPreviousMode
-  - MmGetSystemRoutineAddress
-  - SeCaptureSubjectContext
-  - SeReleaseSubjectContext
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ObReferenceObjectByHandle
-  - ObfDereferenceObject
-  - ZwClose
-  - MmIsAddressValid
-  - PsGetVersion
-  - ZwOpenProcess
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - SePrivilegeCheck
-  - PsLookupProcessByProcessId
-  - ObOpenObjectByPointer
-  - ObQueryNameString
-  - ZwQueryObject
-  - ZwDuplicateObject
-  - ZwOpenProcessToken
-  - ZwQueryInformationProcess
-  - ZwQuerySystemInformation
-  - ObCloseHandle
-  - ObOpenObjectByName
-  - __C_specific_handler
-  - IoFileObjectType
-  - PsProcessType
-  - PsThreadType
-  - RtlFreeUnicodeString
-  - IoCreateDevice
-  - ZwSetSecurityObject
-  - IoDeviceObjectType
-  - _snwprintf
-  - RtlLengthSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - RtlCreateSecurityDescriptor
-  - RtlSetDaclSecurityDescriptor
-  - RtlAbsoluteToSelfRelativeSD
-  - IoIsWdmVersionAvailable
-  - SeExports
-  - wcschr
-  - _wcsnicmp
-  - RtlLengthSid
-  - RtlAddAccessAllowedAce
-  - RtlGetSaclSecurityDescriptor
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - ZwOpenKey
-  - ZwCreateKey
-  - ZwQueryValueKey
-  - ZwSetValueKey
-  - KeBugCheckEx
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=WA, L=Redmond, O=Microsoft Corporation, OU=Microsoft Ireland
-        Operations Limited, OU=Thales TSS ESN:86DF,4BBC,9335, CN=Microsoft Time,Stamp
-        service
-      ValidFrom: '2018-08-23 20:20:28'
-      ValidTo: '2019-11-23 20:20:28'
-      Signature: 9d7642feb515917887e958cc8890ccc717f8b1b164f2248f2657c2dd3bc82767e8a80b860b39f6469c373f7db0e6bf50975f396197e28b8b47b1c36014316a5fecd78d4528fe00e0c5a92321319a4be66b2359c99f01a27514f95879324fc6c121d6958cade3c4e366f75ebd979c4ee701a63655ae846982f63439c44099f0a18de3b3d9ae023e8c5c49406c94c556a7dee459a92b543f395dde5cfe106e0540f7710430d130862c6693445d18efaac409f2cd7d319e21a12c5184e767993562b324ff9db371cce7a932d3be5ee3396cf1864a609bbe6ebcf8834cbb11c44729119a6a5abc5e3ef8947dcb0bc6b554217a3e39a079e4bd733dc46b77b8f39a3c
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 3300000109e219d6f9b8a4bebf000000000109
-      Version: 3
-      TBS:
-        MD5: 10a173441d459944d30bbcfc69f7521b
-        SHA1: 500cf2d67d9e3b7c31b2a65d4f121f7201cade0e
-        SHA256: 1994223eadaccd1eaf27c1a3e90dd6142a4ceb8f8fafe5109e2accbccc60e4ed
-        SHA384: 583cf1f7091b957856b816d69081d73f79f4fa08bfd49b6c40f09087c1a50823637b96b2c8f224b934e5234212ef8f53
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Hardware Compatibility Publisher
-      ValidFrom: '2019-04-18 18:42:23'
-      ValidTo: '2020-03-27 18:42:23'
-      Signature: 5844e21f86b9788f56cd1d77f3f69287bb20fca894e9fedbba22b6bc952403a6b4c2cd38d003bfdd0ceb0ddcc583331efcad8b4be9516204983e26aaa15594ebc7b5784a3999aa9096a0d877371281c61840e4e57a2f4e33bcb554e3b1c25bcc71215544be72d254435aa7f462028722def36cb7819d9d746296b42f1e2dc0c6176f722fdc51d3913e1afdd3052cc50e1dc3f8dac1aaec4fc9b739973db14c1f1f68b5516a406994297ba034347c781323447d7e6c87dd73db025cea27bba00321aa12287daee740fd07040f293ead6d5f61bc0304daeebc847d5f4da6e712d2868d64a710212080c97dd804c265b6a60b368cceab6e1a4c81ba8361233a0ab2
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 33000000387a14cce6619d8c51000200000038
-      Version: 3
-      TBS:
-        MD5: f9a6526d8f83e3d33d925ae95b752dca
-        SHA1: ad9f086d0642e3b5de60584c44123cf4603c4525
-        SHA256: 7bdb7967d328a3a1cb2d2c4c7399633203668f9a86a271b277a218b639ad12ee
-        SHA384: 0ae0176f351a8e4df75f1c72d2002b1682a1e4d1ccb069fb8b5bcb496ef016a6386e44428ebabe538eb2900b564e3f93
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Hardware Compatibility PCA
-      ValidFrom: '2018-09-20 17:42:01'
-      ValidTo: '2021-05-09 23:28:13'
-      Signature: db595516f66f18e1341f22519cd75bdebec9fe22cf0da8b0b3d16c1da9a402d786bc566b40ee0bbcf93519de693d54a7d10a23c02dbc67986c390faf808cbc4adb87290c6336e5faf85d8f8c233ef9922fb1843a48a325954aeac902617af61fee0538540f210e1e96e2d2fbd710c3d9dcdee31f05054f429bacbd15eea95a19817a77c5be146a41a7307858ced3207157603c07b83c83ca0f35f77a632f148aa6dc8e0f947a8aaf6ad8c8d7c4490526c7f4f6ad021edb776725fe7dfb894a56d92fd032d2197c0e4edb995316a84d28109a61707230317c47c98b01093a263ebe5bcc278ffd669fd49fe1f51ac913b6c3cf714b5fc34381ee4996d59981421916414f0a902e76bd3b0399e4851a6084716df77ce405fe55a53be6f3c95f067a3f46ef77f7ad48d211cac1b08ab7964cfa9e8fdd336d2a84750021c76bffdc3de28b8d81b65134c9bdf6379fedf06b028f3ec0b6f5a6bb72c6745953ef43d67808d0bf11b7fa1d0a74b18f5e3b21f2e940ade8d052a9e19e9eb3bffbe9f5e8439a09ee26abf6d3e9528a1ef984617b5c33cf0d8d6e9daac74135d14fc21e82668e5b9075d3235eb988eec5fcac9753af2e343e2a1c88a19dc94ec1f11ae245eef3a76beccb5bb13fa9f39d9b04ffd6342cbc040e29a161d212d5b6a50c10be6f6b9e681d4747ac7bd030d75c18d61ec0ad03e3cecfc668c49424c26fd4de1072
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610435f1000000000041
-      Version: 3
-      TBS:
-        MD5: 77dab20d8e23cd8e18633adca506cf6e
-        SHA1: c5506bee3c29254dc5b5a0e6e7a14046522708ef
-        SHA256: 611f1d188d7c39a400a01ee32e2c257be5082445ace6f59acd103a250cc2ec0f
-        SHA384: cf4c4b8360744f9c56803afb49175361c93fc4a95c77dbe0eebb2852a32c93ed9cc563495c0e1c9c32e4d58512f55b49
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Time,Stamp PCA
-      ValidFrom: '2007-04-03 12:53:09'
-      ValidTo: '2021-04-03 13:03:09'
-      Signature: 10978ac35c034436dde9b4ad77dbce79514d01b12e74715b6d0c13abcebe7b8fb82ed412a28c6d62b85702cb4e20135099dd7a40e257bbaf589a1ce11d0186acbb78f28bd0ec3b01eee2be8f0a05c88d48e2f05315dd4fab92e4e78d6ad580c1e694f2062f8503e9912a242270fbf6fce478992e0df707e270bc184e9d8e6b0a7295b8a1399c672dc5510eea625c3f16988b203fe2071a32f9cc314a76313d2b720bc8ea703dff850a13dfc20a618ef0d7b817eb4e8b7fc5352b5ea3bfebbc7d0b427bd4537221ee30cabb78655c5b01170a140ed2da1498f53cb96658b32d2fe7f98586cc5156e89d70946cac394cd4f679bfaa187a6229efa29b293406771a62c93d1e6d1f82f00bc72cbbcf43b3e5f9ec7db5e3a4a87435b84ec571231226760b3c528c715a464314bcb3b3b04d67c89f42ff807921809e153066e842125e1ac89e2221d043e92be9bbf448cc2cd4d832804c262a48245f5aea56efa6de999dca3a6fbd8127740611ee7621bf9b82c12754b6b16a3d89a17661b46ea113a6bfaa47f0126ffd8a326cb2fedf51c88c23c966bd9d1d871264023d2daf598fb8e421e5b5b0ca63b4785405d4412e50ac94b0a578abb3a096751ad992871375222f32a8086ea05b8c25bfa0ef84ca21d6eb1e4fc99aee49e0f701656f890b7dc869c8e66eeaa797ce3129ff0ec55b5cd84d1ba1d8fa2f9e3f2e55166bc913a3fd
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 6116683400000000001c
-      Version: 3
-      TBS:
-        MD5: 335713f62536c68d0acc82df3dceb932
-        SHA1: 023cf1c5e99dc2f24133dae6937145bb481306e6
-        SHA256: 65d585d6bf2b0aa4f798b9af69be08c6f1c3d01a754f989768b722a145df5312
-        SHA384: f7dd00644994985c518f70c060386448dd0c3a13f5eff12a0dd31bf8333f24b781928d323acca27e04633e71a7f22e71
-    Signer:
-    - SerialNumber: 33000000387a14cce6619d8c51000200000038
-      Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Hardware Compatibility PCA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: dd10afd0600f2236361f48592587474c
-    SHA1: 0dbcc0d10e288b15aa0eda2aaffcd2a0edb7850b
-    SHA256: c834c4c8ac0c6f8457c4b833e5771b4f273ed815ab2d189a65c4afa9ca9e3975
-  Sections:
-    .text:
-      Entropy: 6.137423926314564
-      Virtual Size: '0x25a0'
-    .rdata:
-      Entropy: 4.319500105806409
-      Virtual Size: '0xf68'
-    .data:
-      Entropy: 2.0732868843388097
-      Virtual Size: '0x22c'
-    .pdata:
-      Entropy: 4.199286592950671
-      Virtual Size: '0x2f4'
-    PAGE:
-      Entropy: 6.228697679351415
-      Virtual Size: '0x1a1b'
-    INIT:
-      Entropy: 5.210944759781676
-      Virtual Size: '0x818'
-    .rsrc:
-      Entropy: 3.282250655906871
-      Virtual Size: '0x380'
-    .reloc:
-      Entropy: 3.698934896284056
-      Virtual Size: '0x30'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2019-06-28 15:02:57'
-  Imphash: d122c1eaa50839be14c31876d0d4e0be
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: procexp.Sys
-  MD5: 9b9d367cb53df0a2e0850760c840d016
-  SHA1: 631fdd1ef2d6f2d98e36f8fc7adbf90fbfb0a1e8
-  SHA256: f29073dc99cb52fa890aae80037b48a172138f112474a1aecddae21179c93478
-  Authentihash:
-    MD5: dafa4bdbdbbd96532d03022cd6900fed
-    SHA1: f2ff9b749f7c5f21043b42d97b8a386c702d4435
-    SHA256: ab5324c992c7547020f85de3456516e0dba2c3c5aab10371723a96188354abaf
-  Description: Process Explorer
-  Company: Sysinternals - www.sysinternals.com
-  InternalName: procexp.sys
-  OriginalFilename: procexp.Sys
-  FileVersion: '15.00'
-  Product: Process Explorer
-  ProductVersion: '15.00'
-  Copyright: Copyright (C) Mark Russinovich 1996-2014
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - strncpy
-  - RtlInitUnicodeString
-  - RtlUnicodeStringToAnsiString
-  - RtlFreeAnsiString
-  - KeWaitForSingleObject
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - ExGetPreviousMode
-  - MmGetSystemRoutineAddress
-  - SeCaptureSubjectContext
-  - SeReleaseSubjectContext
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ObReferenceObjectByHandle
-  - ObfDereferenceObject
-  - ZwClose
-  - MmIsAddressValid
-  - PsGetVersion
-  - ZwOpenProcess
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - SePrivilegeCheck
-  - PsLookupProcessByProcessId
-  - ObOpenObjectByPointer
-  - ObQueryNameString
-  - ZwQueryObject
-  - ZwDuplicateObject
-  - ZwOpenProcessToken
-  - ZwQueryInformationProcess
-  - ZwQuerySystemInformation
-  - ObCloseHandle
-  - ObOpenObjectByName
-  - __C_specific_handler
-  - IoFileObjectType
-  - PsProcessType
-  - PsThreadType
-  - RtlFreeUnicodeString
-  - IoCreateDevice
-  - ZwSetSecurityObject
-  - IoDeviceObjectType
-  - _snwprintf
-  - RtlLengthSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - RtlCreateSecurityDescriptor
-  - RtlSetDaclSecurityDescriptor
-  - RtlAbsoluteToSelfRelativeSD
-  - IoIsWdmVersionAvailable
-  - SeExports
-  - wcschr
-  - _wcsnicmp
-  - RtlLengthSid
-  - RtlAddAccessAllowedAce
-  - RtlGetSaclSecurityDescriptor
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - ZwOpenKey
-  - ZwCreateKey
-  - ZwQueryValueKey
-  - ZwSetValueKey
-  - KeBugCheckEx
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft
-        Operations Puerto Rico, OU=Thales TSS ESN:B8EC,30A4,7144, CN=Microsoft Time,Stamp
-        Service
-      ValidFrom: '2018-08-23 20:19:30'
-      ValidTo: '2019-11-23 20:19:30'
-      Signature: 7be0d660424af8eac275a9459174b3ce3f76e30006b180babd8949b702315798d46cfdc5fb6e6f0b489316944aab7252418e255760c2550c6404f8feea766d14fcf7ab9529c10737079214ba8fc5f789160b14cd0fb3f5fb47e12f7e217f95ee8d0707856807dd90f5075de7a1ea44915a2f36eca695c9a525db6ddb6b0638dfa21612ae4ce571e75643ab00363b309586d9e1c5b1183101dda77c613ccb9cf66d7306384789f8f543a751abc6fcd074b494546cc38ee1fc9400c06be11db4b58b9d82fa1744af0155511f60fea641ad501ba321de896e25bde327ba58a437cc3115e1dd2f58ea9a1fbbaeeda1dc5b2fb69f9f5562d7577afdb8cde903074a76
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 33000000eb69aacc3e299f2d390000000000eb
-      Version: 3
-      TBS:
-        MD5: 474aa22f78903fa7bca0bf6ff4dabe03
-        SHA1: 1745a1caaa7a8dd0da3ae4b2c3037b327e66ca86
-        SHA256: a8662656da96725e4dedea5cd1234e9d64281228f08f87462cdcf378d7ff4a03
-        SHA384: c9ff7f654d644415032d44f78f8dd9f2d51fabb059dc3f75ea39a3d7b20604ae1d7d3b365205f5468d1fbd4e1f858be3
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Hardware Compatibility Publisher
-      ValidFrom: '2019-04-18 18:42:23'
-      ValidTo: '2020-03-27 18:42:23'
-      Signature: 5844e21f86b9788f56cd1d77f3f69287bb20fca894e9fedbba22b6bc952403a6b4c2cd38d003bfdd0ceb0ddcc583331efcad8b4be9516204983e26aaa15594ebc7b5784a3999aa9096a0d877371281c61840e4e57a2f4e33bcb554e3b1c25bcc71215544be72d254435aa7f462028722def36cb7819d9d746296b42f1e2dc0c6176f722fdc51d3913e1afdd3052cc50e1dc3f8dac1aaec4fc9b739973db14c1f1f68b5516a406994297ba034347c781323447d7e6c87dd73db025cea27bba00321aa12287daee740fd07040f293ead6d5f61bc0304daeebc847d5f4da6e712d2868d64a710212080c97dd804c265b6a60b368cceab6e1a4c81ba8361233a0ab2
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 33000000387a14cce6619d8c51000200000038
-      Version: 3
-      TBS:
-        MD5: f9a6526d8f83e3d33d925ae95b752dca
-        SHA1: ad9f086d0642e3b5de60584c44123cf4603c4525
-        SHA256: 7bdb7967d328a3a1cb2d2c4c7399633203668f9a86a271b277a218b639ad12ee
-        SHA384: 0ae0176f351a8e4df75f1c72d2002b1682a1e4d1ccb069fb8b5bcb496ef016a6386e44428ebabe538eb2900b564e3f93
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Hardware Compatibility PCA
-      ValidFrom: '2018-09-20 17:42:01'
-      ValidTo: '2021-05-09 23:28:13'
-      Signature: db595516f66f18e1341f22519cd75bdebec9fe22cf0da8b0b3d16c1da9a402d786bc566b40ee0bbcf93519de693d54a7d10a23c02dbc67986c390faf808cbc4adb87290c6336e5faf85d8f8c233ef9922fb1843a48a325954aeac902617af61fee0538540f210e1e96e2d2fbd710c3d9dcdee31f05054f429bacbd15eea95a19817a77c5be146a41a7307858ced3207157603c07b83c83ca0f35f77a632f148aa6dc8e0f947a8aaf6ad8c8d7c4490526c7f4f6ad021edb776725fe7dfb894a56d92fd032d2197c0e4edb995316a84d28109a61707230317c47c98b01093a263ebe5bcc278ffd669fd49fe1f51ac913b6c3cf714b5fc34381ee4996d59981421916414f0a902e76bd3b0399e4851a6084716df77ce405fe55a53be6f3c95f067a3f46ef77f7ad48d211cac1b08ab7964cfa9e8fdd336d2a84750021c76bffdc3de28b8d81b65134c9bdf6379fedf06b028f3ec0b6f5a6bb72c6745953ef43d67808d0bf11b7fa1d0a74b18f5e3b21f2e940ade8d052a9e19e9eb3bffbe9f5e8439a09ee26abf6d3e9528a1ef984617b5c33cf0d8d6e9daac74135d14fc21e82668e5b9075d3235eb988eec5fcac9753af2e343e2a1c88a19dc94ec1f11ae245eef3a76beccb5bb13fa9f39d9b04ffd6342cbc040e29a161d212d5b6a50c10be6f6b9e681d4747ac7bd030d75c18d61ec0ad03e3cecfc668c49424c26fd4de1072
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610435f1000000000041
-      Version: 3
-      TBS:
-        MD5: 77dab20d8e23cd8e18633adca506cf6e
-        SHA1: c5506bee3c29254dc5b5a0e6e7a14046522708ef
-        SHA256: 611f1d188d7c39a400a01ee32e2c257be5082445ace6f59acd103a250cc2ec0f
-        SHA384: cf4c4b8360744f9c56803afb49175361c93fc4a95c77dbe0eebb2852a32c93ed9cc563495c0e1c9c32e4d58512f55b49
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Time,Stamp PCA
-      ValidFrom: '2007-04-03 12:53:09'
-      ValidTo: '2021-04-03 13:03:09'
-      Signature: 10978ac35c034436dde9b4ad77dbce79514d01b12e74715b6d0c13abcebe7b8fb82ed412a28c6d62b85702cb4e20135099dd7a40e257bbaf589a1ce11d0186acbb78f28bd0ec3b01eee2be8f0a05c88d48e2f05315dd4fab92e4e78d6ad580c1e694f2062f8503e9912a242270fbf6fce478992e0df707e270bc184e9d8e6b0a7295b8a1399c672dc5510eea625c3f16988b203fe2071a32f9cc314a76313d2b720bc8ea703dff850a13dfc20a618ef0d7b817eb4e8b7fc5352b5ea3bfebbc7d0b427bd4537221ee30cabb78655c5b01170a140ed2da1498f53cb96658b32d2fe7f98586cc5156e89d70946cac394cd4f679bfaa187a6229efa29b293406771a62c93d1e6d1f82f00bc72cbbcf43b3e5f9ec7db5e3a4a87435b84ec571231226760b3c528c715a464314bcb3b3b04d67c89f42ff807921809e153066e842125e1ac89e2221d043e92be9bbf448cc2cd4d832804c262a48245f5aea56efa6de999dca3a6fbd8127740611ee7621bf9b82c12754b6b16a3d89a17661b46ea113a6bfaa47f0126ffd8a326cb2fedf51c88c23c966bd9d1d871264023d2daf598fb8e421e5b5b0ca63b4785405d4412e50ac94b0a578abb3a096751ad992871375222f32a8086ea05b8c25bfa0ef84ca21d6eb1e4fc99aee49e0f701656f890b7dc869c8e66eeaa797ce3129ff0ec55b5cd84d1ba1d8fa2f9e3f2e55166bc913a3fd
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 6116683400000000001c
-      Version: 3
-      TBS:
-        MD5: 335713f62536c68d0acc82df3dceb932
-        SHA1: 023cf1c5e99dc2f24133dae6937145bb481306e6
-        SHA256: 65d585d6bf2b0aa4f798b9af69be08c6f1c3d01a754f989768b722a145df5312
-        SHA384: f7dd00644994985c518f70c060386448dd0c3a13f5eff12a0dd31bf8333f24b781928d323acca27e04633e71a7f22e71
-    Signer:
-    - SerialNumber: 33000000387a14cce6619d8c51000200000038
-      Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Hardware Compatibility PCA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: dd10afd0600f2236361f48592587474c
-    SHA1: 0dbcc0d10e288b15aa0eda2aaffcd2a0edb7850b
-    SHA256: c834c4c8ac0c6f8457c4b833e5771b4f273ed815ab2d189a65c4afa9ca9e3975
-  Sections:
-    .text:
-      Entropy: 6.137423926314564
-      Virtual Size: '0x25a0'
-    .rdata:
-      Entropy: 4.328121245748763
-      Virtual Size: '0xf78'
-    .data:
-      Entropy: 2.0732868843388097
-      Virtual Size: '0x22c'
-    .pdata:
-      Entropy: 4.208993052865855
-      Virtual Size: '0x2f4'
-    PAGE:
-      Entropy: 6.228697679351415
-      Virtual Size: '0x1a1b'
-    INIT:
-      Entropy: 5.210944759781676
-      Virtual Size: '0x818'
-    .rsrc:
-      Entropy: 3.282250655906871
-      Virtual Size: '0x380'
-    .reloc:
-      Entropy: 3.698934896284056
-      Virtual Size: '0x30'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2019-06-13 08:03:46'
-  Imphash: d122c1eaa50839be14c31876d0d4e0be
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: procexp152.sys
-  MD5: ad03f225247b58a57584b40a4d1746d3
-  SHA1: e525f54b762c10703c975132e8fc21b6cd88d39b
-  SHA256: 59b09bd69923c0b3de3239e73205b1846a5f69043546d471b259887bb141d879
-  Signature: ''
-  Date: ''
-  Publisher: ''
-  Company: Sysinternals - www.sysinternals.com
-  Description: Process Explorer
-  Product: Process Explorer
-  ProductVersion: '15.00'
-  FileVersion: '15.00'
-  MachineType: AMD64
-  OriginalFilename: procexp.Sys
-  Authentihash:
-    MD5: 9e4c2a2e8832f10ecdd2be70eb6bc300
-    SHA1: 2b15e90dc654ce779bd460787352639768cd8baa
-    SHA256: 26536758c2247b6251a342d2e80de1753c006a0dce9b3b8a6a5b1d3110c8fc34
-  InternalName: procexp.sys
-  Copyright: Copyright (C) Mark Russinovich 1996-2014
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - strncpy
-  - RtlInitUnicodeString
-  - RtlUnicodeStringToAnsiString
-  - RtlFreeAnsiString
-  - KeWaitForSingleObject
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - ExGetPreviousMode
-  - MmGetSystemRoutineAddress
-  - SeCaptureSubjectContext
-  - SeReleaseSubjectContext
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ObReferenceObjectByHandle
-  - ObfDereferenceObject
-  - ZwClose
-  - MmIsAddressValid
-  - ZwOpenProcess
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - SePrivilegeCheck
-  - PsLookupProcessByProcessId
-  - ObOpenObjectByPointer
-  - ObQueryNameString
-  - ZwQueryObject
-  - ZwDuplicateObject
-  - ZwOpenProcessToken
-  - ZwQueryInformationProcess
-  - ZwQuerySystemInformation
-  - ObCloseHandle
-  - ObOpenObjectByName
-  - __C_specific_handler
-  - IoFileObjectType
-  - PsProcessType
-  - PsThreadType
-  - NtBuildNumber
-  - IoCreateDevice
-  - ZwSetSecurityObject
-  - IoDeviceObjectType
-  - _snwprintf
-  - RtlLengthSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - RtlCreateSecurityDescriptor
-  - RtlSetDaclSecurityDescriptor
-  - RtlAbsoluteToSelfRelativeSD
-  - IoIsWdmVersionAvailable
-  - SeExports
-  - wcschr
-  - _wcsnicmp
-  - RtlLengthSid
-  - RtlAddAccessAllowedAce
-  - RtlGetSaclSecurityDescriptor
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - ZwOpenKey
-  - ZwCreateKey
-  - ZwQueryValueKey
-  - ZwSetValueKey
-  - RtlFreeUnicodeString
-  - KeBugCheckEx
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, ST=Washington, L=Redmond, O=Sysinternals, OU=Digital ID Class
-        3 , Microsoft Software Validation v2, CN=Sysinternals
-      ValidFrom: '2013-04-06 00:00:00'
-      ValidTo: '2016-05-05 23:59:59'
-      Signature: dcae28e748027154f884826e2ddb877a410d735e07184d1777b9fe78bb3458d7b9cb6be5a892e1f6f16f040f4c143bb40dee252c632d495822bf8eef37429257332efd651b27023dba183f9824886a3602f3a0b3d78addfc85e235da619e504d300242eb19dc85c34d170a78d849372b6fb7de286fe6ed87c62f45d8e7ddf4840c009fadfbb0cf4268f0d476113f2f970d04be95e41665f20166a156b5a407c62f7e7b3d7b2acce45a615af50c85631dadab3088137df317645ef6c901b313a02abe7cf128aff2a16dfebb8e1dc4d39b5919e9433955fc3f2ba065833b573ef8e346f1505e613d5cee2efc71d7b5477a80dcc32ae5acb580370ddfa9dda309f2
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1efd983a49d3f152ac9cd2941b8a0edd
-      Version: 3
-      TBS:
-        MD5: 1b7ca026e68405de56477b5b7bb3a0a5
-        SHA1: b2a1bd13d8833154f02e51e25c9f023d54a27d21
-        SHA256: 2018b8e7ea18c392558dcd375742cc792648ec23e5eb07d7987c27c76f4c62c0
-        SHA384: a8ccad9eeb4974ba9504241c685e7e1dd85e0de420c0ae077f8f3e92b3ab7c9a1653b3d0d535250a741bb7e36ec2f06a
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 1efd983a49d3f152ac9cd2941b8a0edd
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: a052ed4e5d10c66e3e667a42fcdcc54a
-    SHA1: 04b9d41ef58b5aaaca72f0ce222a8adfbe8ad251
-    SHA256: c254feaf8c3e788a6ec9d41de0d7bad054f4347a8347d6806840cd1d9030ed4a
-  Sections:
-    .text:
-      Entropy: 6.194112925534596
-      Virtual Size: '0x2370'
-    .rdata:
-      Entropy: 4.439763008453193
-      Virtual Size: '0xb80'
-    .data:
-      Entropy: 2.0654743843388097
-      Virtual Size: '0x224'
-    .pdata:
-      Entropy: 4.238715005322108
-      Virtual Size: '0x2e8'
-    PAGE:
-      Entropy: 6.226087739371598
-      Virtual Size: '0x1a1b'
-    INIT:
-      Entropy: 5.215673013101648
-      Virtual Size: '0x818'
-    .rsrc:
-      Entropy: 3.282250655906871
-      Virtual Size: '0x380'
-    .reloc:
-      Entropy: 2.855388542207534
-      Virtual Size: '0x18'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2015-05-10 22:52:10'
-  Imphash: 4792bcb395d06f9efb72e8020c4af5e6
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: procexp.Sys
-  MD5: 97e3a44ec4ae58c8cc38eefc613e950e
-  SHA1: bc47e15537fa7c32dfefd23168d7e1741f8477ed
-  SHA256: 440883cd9d6a76db5e53517d0ec7fe13d5a50d2f6a7f91ecfc863bc3490e4f5c
-  Signature:
-  - Microsoft Windows Hardware Compatibility Publisher
-  - Microsoft Windows Third Party Component CA 2012
-  - Microsoft Root Certificate Authority 2010
-  Date: ''
-  Publisher: ''
-  Company: Sysinternals - www.sysinternals.com
-  Description: Process Explorer
-  Product: Process Explorer
-  ProductVersion: '16.43'
-  FileVersion: '16.43'
-  MachineType: AMD64
-  OriginalFilename: procexp.Sys
-  Authentihash:
-    MD5: 0a7106a04e6e3b13eb105b013f76e031
-    SHA1: 0c74316dfb9c21b7ff2dc288c005f9474dc26589
-    SHA256: c7fef94e329bd9b66b281539265f989313356cbd9c345df9e670e9c4b6e0edce
-  InternalName: procexp.sys
-  Copyright: Copyright (C) Mark Russinovich 1996-2021
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - strncpy
-  - RtlInitUnicodeString
-  - RtlUnicodeStringToAnsiString
-  - RtlFreeAnsiString
-  - KeWaitForSingleObject
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - ExGetPreviousMode
-  - MmGetSystemRoutineAddress
-  - SeCaptureSubjectContext
-  - SeReleaseSubjectContext
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ObReferenceObjectByHandle
-  - ObfDereferenceObject
-  - ZwClose
-  - MmIsAddressValid
-  - PsGetVersion
-  - ZwOpenProcess
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - SePrivilegeCheck
-  - PsLookupProcessByProcessId
-  - ObOpenObjectByPointer
-  - ObQueryNameString
-  - ZwQueryObject
-  - ZwDuplicateObject
-  - ZwOpenProcessToken
-  - ZwQueryInformationProcess
-  - ZwQuerySystemInformation
-  - ObCloseHandle
-  - ObOpenObjectByName
-  - __C_specific_handler
-  - IoFileObjectType
-  - PsProcessType
-  - PsThreadType
-  - RtlFreeUnicodeString
-  - IoCreateDevice
-  - ZwSetSecurityObject
-  - IoDeviceObjectType
-  - _snwprintf
-  - RtlLengthSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - RtlCreateSecurityDescriptor
-  - RtlSetDaclSecurityDescriptor
-  - RtlAbsoluteToSelfRelativeSD
-  - IoIsWdmVersionAvailable
-  - SeExports
-  - wcschr
-  - _wcsnicmp
-  - RtlLengthSid
-  - RtlAddAccessAllowedAce
-  - RtlGetSaclSecurityDescriptor
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - ZwOpenKey
-  - ZwCreateKey
-  - ZwQueryValueKey
-  - ZwSetValueKey
-  - KeBugCheckEx
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Hardware Compatibility Publisher
-      ValidFrom: '2020-12-15 22:15:30'
-      ValidTo: '2021-12-02 22:15:30'
-      Signature: 199acc6a8717c0db5b4b2312dccd8bb1e33ef492731fb8e1d60bd6f690de074b6d92293c8260012dcacc668a68f10e726a37d2ff7ee66b1eea424f56f104249bd6d7e7eba8c1745f4f1143bac7e648e48c1b2a1adf6954b5de1669df19c4be5633b791b7a3cba23641006fd58ac2d494a1d00dadbc3b3fe50a7ad0163cb386693824106b5dd9f9b8a579e45f5c5f8804832b8a773701e0ca31dee9a012fce5911492de93beea44a3822f7a83c448a484eeb937a4fa7f4067879b910e534c966d2650bd5c93f066656aa0f4c7c318161d4a8b367056df42af60a0aad0eb2de3bb47b96b948f2c849f330cfef599f1775bb6d41cf150decb40a83d5800727d977e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 33000000b20f9ad86794f322f60000000000b2
-      Version: 3
-      TBS:
-        MD5: b9dc0ff1a60c3aba24a78d505955bf39
-        SHA1: 15a5da2c8aa2955af75615009d249071f91fd252
-        SHA256: ba7853f855ba7bc325287c11f5f7b20e013716affad372440feb2c3cf02f0bc5
-        SHA384: 90f67f637874aca58284dde5bfa77d98616efd902d1a63f53bc30cd287d464e6706388ed317199236e0739642622f9c5
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2012
-      ValidFrom: '2012-04-18 23:48:38'
-      ValidTo: '2027-04-18 23:58:38'
-      Signature: 5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 610baac1000000000009
-      Version: 3
-      TBS:
-        MD5: a569061297e8e824767dbc3184a69bea
-        SHA1: adbb26a587a8f44b4fccaecb306f980d1c55a150
-        SHA256: cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46
-        SHA384: e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba
-    Signer:
-    - SerialNumber: 33000000b20f9ad86794f322f60000000000b2
-      Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2012
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 10ece32f0d8e8124966ad20948a21790
-    SHA1: e70413e4c5de0ddabaeb3b871f170e42cc2c98d3
-    SHA256: 70581f2de67d48a583a4ee59062315c053f9419dc879e246c6a4efc9f1ec6506
-  Sections:
-    .text:
-      Entropy: 6.135370257019049
-      Virtual Size: '0x25d0'
-    .rdata:
-      Entropy: 4.304481785203618
-      Virtual Size: '0xf90'
-    .data:
-      Entropy: 2.0732868843388097
-      Virtual Size: '0x22c'
-    .pdata:
-      Entropy: 4.222974183202439
-      Virtual Size: '0x2f4'
-    PAGE:
-      Entropy: 6.227798908894738
-      Virtual Size: '0x1a1b'
-    INIT:
-      Entropy: 5.210944759781676
-      Virtual Size: '0x818'
-    .rsrc:
-      Entropy: 3.3092987387252557
-      Virtual Size: '0x380'
-    .reloc:
-      Entropy: 3.698934896284056
-      Virtual Size: '0x30'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2021-08-16 20:01:16'
-  Imphash: d122c1eaa50839be14c31876d0d4e0be
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: procexp.sys
-  MD5: b79475c4783efdd8122694c6b5669a79
-  SHA1: d612165251d5f1dcfb1f1a762c88d956f49ce344
-  SHA256: cdfbe62ef515546f1728189260d0bdf77167063b6dbb77f1db6ed8b61145a2bc
-  Signature: ''
-  Date: ''
-  Publisher: ''
-  Company: Sysinternals - www.sysinternals.com
-  Description: Process Explorer
-  Product: Process Explorer
-  ProductVersion: '16.32'
-  FileVersion: '16.32'
-  MachineType: AMD64
-  OriginalFilename: procexp.Sys
-  Authentihash:
-    MD5: bee5a87f72b42f3bb5958ba541f4caff
-    SHA1: 9e0516a6ce73163e2ff5bf0740b57da46846228b
-    SHA256: 74716032cc2f63c67b9df0882c6794b4bf66147d943329db5f233a04c2fd9b12
-  RichPEHeaderHash:
-    MD5: 43d9cd97a9af9d2018a2e3b912ceee7b
-    SHA1: 8376f05ff6ebd3001f063c022d6878ae5f3b0adc
-    SHA256: 8affa451179e3e28a8f4f5e5ce035ec16f661d943ec0acc9ac6e987e7640dfc9
-  Sections:
-    .text:
-      Entropy: 6.137423926314564
-      Virtual Size: '0x25a0'
-    .rdata:
-      Entropy: 4.316500024833388
-      Virtual Size: '0xf68'
-    .data:
-      Entropy: 2.0732868843388097
-      Virtual Size: '0x22c'
-    .pdata:
-      Entropy: 4.199286592950671
-      Virtual Size: '0x2f4'
-    PAGE:
-      Entropy: 6.228697679351415
-      Virtual Size: '0x1a1b'
-    INIT:
-      Entropy: 5.210944759781676
-      Virtual Size: '0x818'
-    .rsrc:
-      Entropy: 3.300315570047502
-      Virtual Size: '0x380'
-    .reloc:
-      Entropy: 3.698934896284056
-      Virtual Size: '0x30'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2020-09-11 15:57:25'
-  InternalName: procexp.sys
-  Copyright: Copyright (C) Mark Russinovich 1996-2020
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - strncpy
-  - RtlInitUnicodeString
-  - RtlUnicodeStringToAnsiString
-  - RtlFreeAnsiString
-  - KeWaitForSingleObject
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - ExGetPreviousMode
-  - MmGetSystemRoutineAddress
-  - SeCaptureSubjectContext
-  - SeReleaseSubjectContext
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ObReferenceObjectByHandle
-  - ObfDereferenceObject
-  - ZwClose
-  - MmIsAddressValid
-  - PsGetVersion
-  - ZwOpenProcess
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - SePrivilegeCheck
-  - PsLookupProcessByProcessId
-  - ObOpenObjectByPointer
-  - ObQueryNameString
-  - ZwQueryObject
-  - ZwDuplicateObject
-  - ZwOpenProcessToken
-  - ZwQueryInformationProcess
-  - ZwQuerySystemInformation
-  - ObCloseHandle
-  - ObOpenObjectByName
-  - __C_specific_handler
-  - IoFileObjectType
-  - PsProcessType
-  - PsThreadType
-  - RtlFreeUnicodeString
-  - IoCreateDevice
-  - ZwSetSecurityObject
-  - IoDeviceObjectType
-  - _snwprintf
-  - RtlLengthSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - RtlCreateSecurityDescriptor
-  - RtlSetDaclSecurityDescriptor
-  - RtlAbsoluteToSelfRelativeSD
-  - IoIsWdmVersionAvailable
-  - SeExports
-  - wcschr
-  - _wcsnicmp
-  - RtlLengthSid
-  - RtlAddAccessAllowedAce
-  - RtlGetSaclSecurityDescriptor
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - ZwOpenKey
-  - ZwCreateKey
-  - ZwQueryValueKey
-  - ZwSetValueKey
-  - KeBugCheckEx
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Hardware Compatibility Publisher
-      ValidFrom: '2020-03-04 19:12:18'
-      ValidTo: '2021-03-03 19:12:18'
-      Signature: 36f61260ed044bf89549c232aa8ee2004a952d0e542dc7388d42439d56f055eae824b2cf5be28cfae13b7c6064dc82e4ad88ddd542db32adc513e2b2b4c2a8e842cef37844682e569326e401f11243c4a2ad8b3b164909afdc57a9ee36d6b3e2a29785a8c1e60368581989af87b0d0e614102a64d39a621887b25fc02b846c65e0f2bfcd5385942c77aafae5cb3d7a89ea7fd71b65d6e33506286ac35ff7c3d1600eb51989271921b449a20ba70f383eb24c015a621af60f0593cc7cecaca55697f3a41c550aefa048fff0999175778613a8f902166e58bd46cb10e6c7a4e605073a7615d414476ee5cf4c51662cba47e7dc85324fd8fd13cbbcbe47a7287e29
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 330000009484c47568579aafe9000000000094
-      Version: 3
-      TBS:
-        MD5: b46a69db7e461e55282dc24dc594e5d6
-        SHA1: 3b19241d555a74781e2b63a7c14ad12b1ec68205
-        SHA256: 2a247cfecd58618afbf0f68cde5b9284a822e18e6ad5ff873467c6845b7f5975
-        SHA384: 5d7aeddeeef9b55bec8c3c5def19b19b0986f14b37ebc2e572847c82ab66a5dda02cfb30dd60a6be132441c7c4a70e79
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2012
-      ValidFrom: '2012-04-18 23:48:38'
-      ValidTo: '2027-04-18 23:58:38'
-      Signature: 5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 610baac1000000000009
-      Version: 3
-      TBS:
-        MD5: a569061297e8e824767dbc3184a69bea
-        SHA1: adbb26a587a8f44b4fccaecb306f980d1c55a150
-        SHA256: cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46
-        SHA384: e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba
-    Signer:
-    - SerialNumber: 330000009484c47568579aafe9000000000094
-      Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2012
-      Version: 1
-  Imphash: d122c1eaa50839be14c31876d0d4e0be
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: procexp1627.sys
-  MD5: c06dda757b92e79540551efd00b99d4b
-  SHA1: 3296844d22c87dd5eba3aa378a8242b41d59db7a
-  SHA256: 9b6a84f7c40ea51c38cc4d2e93efb3375e9d98d4894a85941190d94fbe73a4e4
-  Signature: ''
-  Date: ''
-  Publisher: ''
-  Company: Sysinternals - www.sysinternals.com
-  Description: Process Explorer
-  Product: Process Explorer
-  ProductVersion: '16.27'
-  FileVersion: '16.27'
-  MachineType: AMD64
-  OriginalFilename: procexp.Sys
-  Authentihash:
-    MD5: f57e986673aee44bf51e7e6bb3ed0113
-    SHA1: edc10781eb6d1e3bdf9d15cfebddbe1a1fb804d9
-    SHA256: decba65bbf2232ac55a698539304cab211b45eef0ed17c05dd7995bef2b98fc6
-  InternalName: procexp.sys
-  Copyright: Copyright (C) Mark Russinovich 1996-2019
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - strncpy
-  - RtlInitUnicodeString
-  - RtlUnicodeStringToAnsiString
-  - RtlFreeAnsiString
-  - KeWaitForSingleObject
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - ExGetPreviousMode
-  - MmGetSystemRoutineAddress
-  - SeCaptureSubjectContext
-  - SeReleaseSubjectContext
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ObReferenceObjectByHandle
-  - ObfDereferenceObject
-  - ZwClose
-  - MmIsAddressValid
-  - PsGetVersion
-  - ZwOpenProcess
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - SePrivilegeCheck
-  - PsLookupProcessByProcessId
-  - ObOpenObjectByPointer
-  - ObQueryNameString
-  - ZwQueryObject
-  - ZwDuplicateObject
-  - ZwOpenProcessToken
-  - ZwQueryInformationProcess
-  - ZwQuerySystemInformation
-  - ObCloseHandle
-  - ObOpenObjectByName
-  - __C_specific_handler
-  - IoFileObjectType
-  - PsProcessType
-  - PsThreadType
-  - RtlFreeUnicodeString
-  - IoCreateDevice
-  - ZwSetSecurityObject
-  - IoDeviceObjectType
-  - _snwprintf
-  - RtlLengthSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - RtlCreateSecurityDescriptor
-  - RtlSetDaclSecurityDescriptor
-  - RtlAbsoluteToSelfRelativeSD
-  - IoIsWdmVersionAvailable
-  - SeExports
-  - wcschr
-  - _wcsnicmp
-  - RtlLengthSid
-  - RtlAddAccessAllowedAce
-  - RtlGetSaclSecurityDescriptor
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - ZwOpenKey
-  - ZwCreateKey
-  - ZwQueryValueKey
-  - ZwSetValueKey
-  - KeBugCheckEx
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Hardware Compatibility Publisher
-      ValidFrom: '2019-05-02 20:49:42'
-      ValidTo: '2020-05-02 20:49:42'
-      Signature: 9c38927cf34cadf6121bbacca605cb2423a311565e3a71c4449c2cb81936d3ed3aa79d7a0914e19ab121d788f1803cdf9f023a352823ad4175f5389c193fb1efba47e33ab8ff227e68742a875f3932dfa7bc39950353653e664de0049ba8f09914e5dd7d78dff13d50096d20de210e49c3ea01713741c88ed65805d4eb08ded809a5c70a116c7648c0c55951004b1d249575bed351fbee3361cf822e02b437c702c7948496eb784dbf6102839ceb3e1e26f344a6aa2a9b1b0b7c6f56f3c145cbecd9a9661adc7446b5c368f782f5fd50a5a244618ae30b3dc4616c59992a28192174906653bc878dec57075ce37a4e8ceeabd2b8eeff742443fee80af5ee6482
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 3300000082c88ba15b1c3ef710000000000082
-      Version: 3
-      TBS:
-        MD5: d47b44dce52973327e0283b8aaa49df4
-        SHA1: d8c5ee55191da114e9e73f01e6222025ede696ac
-        SHA256: 2d7cd230c57a7af8093369126606854002ea799a5d9b72fdb636988bdec5b451
-        SHA384: fdf14dbff80d252e2775d15550a319a858a79083ef31346a46beb1361031d3f8d16db0483a893a1ba4370f58c8bc47b2
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2012
-      ValidFrom: '2012-04-18 23:48:38'
-      ValidTo: '2027-04-18 23:58:38'
-      Signature: 5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 610baac1000000000009
-      Version: 3
-      TBS:
-        MD5: a569061297e8e824767dbc3184a69bea
-        SHA1: adbb26a587a8f44b4fccaecb306f980d1c55a150
-        SHA256: cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46
-        SHA384: e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba
-    Signer:
-    - SerialNumber: 3300000082c88ba15b1c3ef710000000000082
-      Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2012
-      Version: 1
-  RichPEHeaderHash:
-    MD5: fb1a18f749889fe0e199b0f3663bd343
-    SHA1: 9a992dfb873710e2066c04fcfd782ba5b28b26a0
-    SHA256: 5926062150b4490d7e6f74618065b30be72dce302a8ae31b808bc8ba87e22694
-  Sections:
-    .text:
-      Entropy: 6.137423926314564
-      Virtual Size: '0x25a0'
-    .rdata:
-      Entropy: 4.321548193877127
-      Virtual Size: '0xf68'
-    .data:
-      Entropy: 2.0732868843388097
-      Virtual Size: '0x22c'
-    .pdata:
-      Entropy: 4.199286592950671
-      Virtual Size: '0x2f4'
-    PAGE:
-      Entropy: 6.228697679351415
-      Virtual Size: '0x1a1b'
-    INIT:
-      Entropy: 5.210944759781676
-      Virtual Size: '0x818'
-    .rsrc:
-      Entropy: 3.3102527040960963
-      Virtual Size: '0x380'
-    .reloc:
-      Entropy: 3.698934896284056
-      Virtual Size: '0x30'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2019-12-13 09:37:59'
-  Imphash: d122c1eaa50839be14c31876d0d4e0be
-  LoadsDespiteHVCI: 'FALSE'
-Tags:
-- procexp.Sys
+-   Filename: procexp.Sys
+    MD5: e6cb1728c50bd020e531d19a14904e1c
+    SHA1: 2dd916cb8a9973b5890829361c1f9c0d532ba5d6
+    SHA256: 075de997497262a9d105afeadaaefc6348b25ce0e0126505c24aa9396c251e85
+    Authentihash:
+        MD5: fe54aac5dfae8729c48361d2ea4f7271
+        SHA1: 2a4e81a1d23e3b7d9c14b6fbc393ecfad5f34133
+        SHA256: c5732937c3ab5e0fd244cc1b820eaa1fb7d97110c213cd6b9dadebafe3ea853d
+    Description: Process Explorer
+    Company: Sysinternals - www.sysinternals.com
+    InternalName: procexp.sys
+    OriginalFilename: procexp.Sys
+    FileVersion: '16.32'
+    Product: Process Explorer
+    ProductVersion: '16.32'
+    Copyright: Copyright (C) Mark Russinovich 1996-2020
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - strncpy
+    - RtlInitUnicodeString
+    - RtlUnicodeStringToAnsiString
+    - RtlFreeAnsiString
+    - KeWaitForSingleObject
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - ExGetPreviousMode
+    - MmGetSystemRoutineAddress
+    - SeCaptureSubjectContext
+    - SeReleaseSubjectContext
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - ObReferenceObjectByHandle
+    - ObfDereferenceObject
+    - ZwClose
+    - MmIsAddressValid
+    - PsGetVersion
+    - ZwOpenProcess
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - SePrivilegeCheck
+    - PsLookupProcessByProcessId
+    - ObOpenObjectByPointer
+    - ObQueryNameString
+    - ZwQueryObject
+    - ZwDuplicateObject
+    - ZwOpenProcessToken
+    - ZwQueryInformationProcess
+    - ZwQuerySystemInformation
+    - ObCloseHandle
+    - ObOpenObjectByName
+    - __C_specific_handler
+    - IoFileObjectType
+    - PsProcessType
+    - PsThreadType
+    - RtlFreeUnicodeString
+    - IoCreateDevice
+    - ZwSetSecurityObject
+    - IoDeviceObjectType
+    - _snwprintf
+    - RtlLengthSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - RtlCreateSecurityDescriptor
+    - RtlSetDaclSecurityDescriptor
+    - RtlAbsoluteToSelfRelativeSD
+    - IoIsWdmVersionAvailable
+    - SeExports
+    - wcschr
+    - _wcsnicmp
+    - RtlLengthSid
+    - RtlAddAccessAllowedAce
+    - RtlGetSaclSecurityDescriptor
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - ZwOpenKey
+    - ZwCreateKey
+    - ZwQueryValueKey
+    - ZwSetValueKey
+    - KeBugCheckEx
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Hardware Compatibility Publisher
+            ValidFrom: '2020-03-04 19:12:18'
+            ValidTo: '2021-03-03 19:12:18'
+            Signature: 36f61260ed044bf89549c232aa8ee2004a952d0e542dc7388d42439d56f055eae824b2cf5be28cfae13b7c6064dc82e4ad88ddd542db32adc513e2b2b4c2a8e842cef37844682e569326e401f11243c4a2ad8b3b164909afdc57a9ee36d6b3e2a29785a8c1e60368581989af87b0d0e614102a64d39a621887b25fc02b846c65e0f2bfcd5385942c77aafae5cb3d7a89ea7fd71b65d6e33506286ac35ff7c3d1600eb51989271921b449a20ba70f383eb24c015a621af60f0593cc7cecaca55697f3a41c550aefa048fff0999175778613a8f902166e58bd46cb10e6c7a4e605073a7615d414476ee5cf4c51662cba47e7dc85324fd8fd13cbbcbe47a7287e29
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 330000009484c47568579aafe9000000000094
+            Version: 3
+            TBS:
+                MD5: b46a69db7e461e55282dc24dc594e5d6
+                SHA1: 3b19241d555a74781e2b63a7c14ad12b1ec68205
+                SHA256: 2a247cfecd58618afbf0f68cde5b9284a822e18e6ad5ff873467c6845b7f5975
+                SHA384: 5d7aeddeeef9b55bec8c3c5def19b19b0986f14b37ebc2e572847c82ab66a5dda02cfb30dd60a6be132441c7c4a70e79
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2012
+            ValidFrom: '2012-04-18 23:48:38'
+            ValidTo: '2027-04-18 23:58:38'
+            Signature: 5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 610baac1000000000009
+            Version: 3
+            TBS:
+                MD5: a569061297e8e824767dbc3184a69bea
+                SHA1: adbb26a587a8f44b4fccaecb306f980d1c55a150
+                SHA256: cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46
+                SHA384: e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba
+        Signer:
+        -   SerialNumber: 330000009484c47568579aafe9000000000094
+            Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2012
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 420860e9f312122cbc3065cd4c79b0b8
+        SHA1: c4291fc018995b5847a846335c233b91b40f94a0
+        SHA256: 931eddc74e60814089c8a5da745e1e2fbf6ddd99781ee273379c6debdb9a3ba7
+    Sections:
+        .text:
+            Entropy: 6.137423926314564
+            Virtual Size: '0x25a0'
+        .rdata:
+            Entropy: 4.321191990294893
+            Virtual Size: '0xf68'
+        .data:
+            Entropy: 2.0732868843388097
+            Virtual Size: '0x22c'
+        .pdata:
+            Entropy: 4.199286592950671
+            Virtual Size: '0x2f4'
+        PAGE:
+            Entropy: 6.228697679351415
+            Virtual Size: '0x1a1b'
+        INIT:
+            Entropy: 5.210944759781676
+            Virtual Size: '0x818'
+        .rsrc:
+            Entropy: 3.300315570047502
+            Virtual Size: '0x380'
+        .reloc:
+            Entropy: 3.698934896284056
+            Virtual Size: '0x30'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2020-04-27 01:35:06'
+    Imphash: d122c1eaa50839be14c31876d0d4e0be
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: procexp.Sys
+    MD5: fea9319d67177ed6f36438d2bd9392fb
+    SHA1: db6170ee2ee0a3292deceb2fc88ef26d938ebf2d
+    SHA256: 16a2e578bc8683f17a175480fea4f53c838cfae965f1d4caa47eaf9e0b3415c1
+    Authentihash:
+        MD5: fbc316e1e634e967c5413a200cde7ad6
+        SHA1: a1dd17b946ade947b621e9fec4fe7ad0835f0ac9
+        SHA256: 4533a11f4f190354b749f2842b57233e5e9e8b37fa4031bcb976118cff902101
+    Description: Process Explorer
+    Company: Sysinternals - www.sysinternals.com
+    InternalName: procexp.sys
+    OriginalFilename: procexp.Sys
+    FileVersion: '16.42'
+    Product: Process Explorer
+    ProductVersion: '16.42'
+    Copyright: Copyright (C) Mark Russinovich 1996-2021
+    MachineType: ARM64
+    Imports:
+    - HAL.dll
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - KfRaiseIrql
+    - KfLowerIrql
+    - strncpy
+    - RtlInitUnicodeString
+    - MmGetSystemRoutineAddress
+    - RtlUnicodeStringToAnsiString
+    - RtlFreeAnsiString
+    - KeWaitForSingleObject
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - ExGetPreviousMode
+    - SeCaptureSubjectContext
+    - SeReleaseSubjectContext
+    - PsGetVersion
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - ObReferenceObjectByHandle
+    - ObCloseHandle
+    - ObfDereferenceObject
+    - ZwClose
+    - MmIsAddressValid
+    - ZwOpenProcess
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - SePrivilegeCheck
+    - PsLookupProcessByProcessId
+    - ObOpenObjectByPointer
+    - ObQueryNameString
+    - ZwQueryObject
+    - ZwDuplicateObject
+    - ZwOpenProcessToken
+    - ZwQueryInformationProcess
+    - ZwQuerySystemInformation
+    - ObOpenObjectByName
+    - __C_specific_handler
+    - IoFileObjectType
+    - PsProcessType
+    - PsThreadType
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Hardware Compatibility Publisher
+            ValidFrom: '2020-12-15 22:15:30'
+            ValidTo: '2021-12-02 22:15:30'
+            Signature: 199acc6a8717c0db5b4b2312dccd8bb1e33ef492731fb8e1d60bd6f690de074b6d92293c8260012dcacc668a68f10e726a37d2ff7ee66b1eea424f56f104249bd6d7e7eba8c1745f4f1143bac7e648e48c1b2a1adf6954b5de1669df19c4be5633b791b7a3cba23641006fd58ac2d494a1d00dadbc3b3fe50a7ad0163cb386693824106b5dd9f9b8a579e45f5c5f8804832b8a773701e0ca31dee9a012fce5911492de93beea44a3822f7a83c448a484eeb937a4fa7f4067879b910e534c966d2650bd5c93f066656aa0f4c7c318161d4a8b367056df42af60a0aad0eb2de3bb47b96b948f2c849f330cfef599f1775bb6d41cf150decb40a83d5800727d977e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 33000000b20f9ad86794f322f60000000000b2
+            Version: 3
+            TBS:
+                MD5: b9dc0ff1a60c3aba24a78d505955bf39
+                SHA1: 15a5da2c8aa2955af75615009d249071f91fd252
+                SHA256: ba7853f855ba7bc325287c11f5f7b20e013716affad372440feb2c3cf02f0bc5
+                SHA384: 90f67f637874aca58284dde5bfa77d98616efd902d1a63f53bc30cd287d464e6706388ed317199236e0739642622f9c5
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2012
+            ValidFrom: '2012-04-18 23:48:38'
+            ValidTo: '2027-04-18 23:58:38'
+            Signature: 5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 610baac1000000000009
+            Version: 3
+            TBS:
+                MD5: a569061297e8e824767dbc3184a69bea
+                SHA1: adbb26a587a8f44b4fccaecb306f980d1c55a150
+                SHA256: cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46
+                SHA384: e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba
+        Signer:
+        -   SerialNumber: 33000000b20f9ad86794f322f60000000000b2
+            Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2012
+            Version: 1
+    RichPEHeaderHash:
+        MD5: b9d3f09e377f3b150f32d6ebfb37c19c
+        SHA1: 37b54bd186c5e76895c75551721d5f8432fb5d72
+        SHA256: 7f2c741567540cfb1a1f6e79392080387d55b9cb524c21f80c1bf2dc75992c84
+    Sections:
+        .text:
+            Entropy: 6.0250851608186204
+            Virtual Size: '0x2b00'
+        .rdata:
+            Entropy: 3.8365608883427753
+            Virtual Size: '0x820'
+        .data:
+            Entropy: 1.6388264292981416
+            Virtual Size: '0x3c'
+        .pdata:
+            Entropy: 3.9469090112624383
+            Virtual Size: '0x100'
+        INIT:
+            Entropy: 4.9698639451866535
+            Virtual Size: '0x550'
+        .rsrc:
+            Entropy: 3.301212675669634
+            Virtual Size: '0x380'
+        .reloc:
+            Entropy: 2.7841837197791888
+            Virtual Size: '0x14'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2021-06-01 08:24:35'
+    Imphash: bfe13c695e41d3eee414d3929b1bd523
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: procexp.Sys
+    MD5: eeb8e039f6d942538eb4b0252117899a
+    SHA1: bebf97411946749b9050989d9c40352dbe8269ea
+    SHA256: 1b00d6e5d40b1b84ca63da0e99246574cdd2a533122bc83746f06c0d66e63a6e
+    Authentihash:
+        MD5: 750ecd21c673a6fda9199887013d3751
+        SHA1: 82d3299c06b944895385fd2f3d9d18391273019d
+        SHA256: 8e38148ad4ed9946e8600b37f63996bf17c0101e3f50123b3b8513c895a4b521
+    Description: Process Explorer
+    Company: Sysinternals - www.sysinternals.com
+    InternalName: procexp.sys
+    OriginalFilename: procexp.Sys
+    FileVersion: '12.00'
+    Product: Process Explorer
+    ProductVersion: '12.00'
+    Copyright: Copyright (C) M. Russinovich 1996-2010
+    MachineType: I386
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - ObQueryNameString
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - ZwQueryObject
+    - KeDetachProcess
+    - ObReferenceObjectByHandle
+    - KeAttachProcess
+    - ObfDereferenceObject
+    - PsLookupProcessByProcessId
+    - ZwClose
+    - ZwDuplicateObject
+    - ZwOpenProcess
+    - ZwQuerySystemInformation
+    - MmIsAddressValid
+    - memset
+    - ObOpenObjectByPointer
+    - RtlUnicodeStringToAnsiString
+    - NtClose
+    - ZwOpenProcessToken
+    - memcpy
+    - IofCompleteRequest
+    - SeReleaseSubjectContext
+    - SePrivilegeCheck
+    - ExGetPreviousMode
+    - SeCaptureSubjectContext
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - NtBuildNumber
+    - KeTickCount
+    - KeBugCheckEx
+    - strncpy
+    - ZwQueryInformationProcess
+    - RtlFreeAnsiString
+    - RtlUnwind
+    - KfLowerIrql
+    - KfRaiseIrql
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=Texas, L=Austin, O=Sysinternals, OU=Digital ID Class
+                3 , Microsoft Software Validation v2, OU=Headquarters, CN=Sysinternals
+            ValidFrom: '2010-03-04 00:00:00'
+            ValidTo: '2013-04-18 23:59:59'
+            Signature: 699b1e86265a9879a822a8a6699a8c10445951bf2b4f573e73a1d61d4cb8279a8069fc69f009280908b49182f4701c7928c3c2b6d586365f50278ef35f08b6cdf8208a12e1ac531ef354a0ccd6e3e3f2f46cb624ad8e38a40143793950d6c4da6a9aeb3420d16f7edbf1e9394464e64dd68c3a227dc7e39217e3539b630ab82a9ffed252b8a89d32c2d373e53bbfc4d7110f58a7a8fb88fdb9d918251ad2a6e1315725007597a4492ee39b513e0dde05fe421fe4ef18cf7b86f5165ae71a6fe40948f0fa39e3a9d681be276f20295d2132e53043f5db8a1ed02ebbf7f32b574e95cb607aafac1ba41c77151ade1984532df7ac190fb57e17f730a197050c0e32
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 4112e632c7b18a029a3a1fac803ab89f
+            Version: 3
+            TBS:
+                MD5: 55a4c08c9404782113330a8cd169ed20
+                SHA1: 74807ba52ae6108b0fbac5031090b3295b2c3bba
+                SHA256: 3fe3c656e859492b0d4bb2c4c2020ae816340f985e054239d3342ffb93269b16
+                SHA384: 653eeae6166aec45fd75b679034bec2a53623d999b14ebfbc821067c1c041eaa5f00cf8e7e7330ad793b880aa35f6c4e
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 4112e632c7b18a029a3a1fac803ab89f
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 39a696a518c3b3d973af323b4a784aa5
+        SHA1: 82644e6d5011a7d16fc45795e5476d1a11fd42b3
+        SHA256: 701cabcf5d588fd9a68480eb11798221b29fdb9be68cb9f919041e1af88534a8
+    Sections:
+        .text:
+            Entropy: 6.305335255152002
+            Virtual Size: '0x147a'
+        .rdata:
+            Entropy: 3.790465958065011
+            Virtual Size: '0x1ec'
+        .data:
+            Entropy: 2.0577277787393187
+            Virtual Size: '0x24'
+        INIT:
+            Entropy: 5.410711553706741
+            Virtual Size: '0x438'
+        .rsrc:
+            Entropy: 3.261114029825118
+            Virtual Size: '0x380'
+        .reloc:
+            Entropy: 5.426276217210761
+            Virtual Size: '0x186'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2010-04-15 03:23:35'
+    Imphash: 9376f1c4ab79240cc948b77bf9e8814b
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: procexp.Sys
+    MD5: c56a9ed0192c5a2b39691e54f2132a2f
+    SHA1: 9099482b26e9ba8e1d303418afc9111a3bffd6b3
+    SHA256: 30abc0cc700fdebc74e62d574addc08f6227f9c7177d9eaa8cbc37d5c017c9bb
+    Authentihash:
+        MD5: eb6ceb9aa0eaedee2d112b167908e871
+        SHA1: 4d68ec346d13359525da958af0fada57bc9ff35a
+        SHA256: 7a4e4ee169fe0f1f079e5f5c1da38ea70fe717e728faf054deb180f9e37fe574
+    Description: Process Explorer
+    Company: Sysinternals - www.sysinternals.com
+    InternalName: procexp.sys
+    OriginalFilename: procexp.Sys
+    FileVersion: '11.30'
+    Product: Process Explorer
+    ProductVersion: '11.30'
+    Copyright: Copyright (C) M. Russinovich 1996-2008
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - NtBuildNumber
+    - ZwOpenProcess
+    - PsLookupProcessByProcessId
+    - ZwQueryInformationProcess
+    - IoCreateSymbolicLink
+    - RtlInitUnicodeString
+    - MmIsAddressValid
+    - IoDeleteDevice
+    - ObfDereferenceObject
+    - ExGetPreviousMode
+    - IoCreateDevice
+    - MmGetSystemRoutineAddress
+    - ObOpenObjectByPointer
+    - ZwQueryObject
+    - RtlUnicodeStringToAnsiString
+    - SePrivilegeCheck
+    - ZwQuerySystemInformation
+    - ZwOpenProcessToken
+    - SeReleaseSubjectContext
+    - KeDetachProcess
+    - ObQueryNameString
+    - strncpy
+    - ExAllocatePool
+    - SeCaptureSubjectContext
+    - NtClose
+    - ZwClose
+    - IofCompleteRequest
+    - ObReferenceObjectByHandle
+    - IoDeleteSymbolicLink
+    - ZwDuplicateObject
+    - ExFreePoolWithTag
+    - RtlFreeAnsiString
+    - KeAttachProcess
+    - KeBugCheckEx
+    - __C_specific_handler
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=US, ST=Texas, L=Austin, O=Sysinternals, OU=Digital ID Class
+                3 , Microsoft Software Validation v2, OU=Headquarters, CN=Sysinternals
+            ValidFrom: '2007-03-05 00:00:00'
+            ValidTo: '2010-04-19 23:59:59'
+            Signature: a1ce9df2911dc8d72282d3c41cc94a5ec63e00dbdf60015908bc703678b1a68e25d1ec5780e425ffb68e3e1bb0ea62cc9ba43c0e262cfa5f6c552458696acb67422328df20215aa22e5e8d4417d8688fcb06c1de0fe431e6811596fb0dcbe8678fe69098653687b041ab4eefd3181964c0a5225fe0a1606ff4c12c3f57d7e620860dcd66a8b856438dfb87d10e50beea9e838964d2584811fa83287ef363e88e4fc5b8d09f2fb4feeb7fd7f2a77661cb75ed56a0d3b60fdeed43674757704753721df8c8801ee85e4818fafb012399b1d36a8e17b8e40cbaa0fd891b6d2e0515dbd4d743e42eea35a9b191bf26a850eff41a5aa6d95790329c8a21a88c11faba
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 7d2c89d309e57beef2d791bb8ed6a26f
+            Version: 3
+            TBS:
+                MD5: ae18dfd140f9414eadf1f611ec1b84b7
+                SHA1: 9aecb2568e995d5965e49acf3ff247bc3d1ab99c
+                SHA256: f14ce5fe5f508ced18d652e8211edb00c1c773899d03d18dec932df9c54f0a86
+                SHA384: c2a6c771b86b687befda12f6871e2f0d473317b4694f25ddc835d2f203953870f26ae9994822e53fcddaeb012f2b6740
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 7d2c89d309e57beef2d791bb8ed6a26f
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 3ea5cd355cba9d9928873cdba35d4bcc
+        SHA1: b7e9df380d50227614a9745068a6b50c798b66f9
+        SHA256: b3da31bed27ae39b6fd4b9152315a2a81e444cdb54edb34eb6a583538717a4a1
+    Sections:
+        .text:
+            Entropy: 6.168262202149083
+            Virtual Size: '0x19f8'
+        .rdata:
+            Entropy: 4.079443409043563
+            Virtual Size: '0x2cc'
+        .data:
+            Entropy: 0.4860349013607531
+            Virtual Size: '0x124'
+        .pdata:
+            Entropy: 3.651113286298327
+            Virtual Size: '0xa8'
+        INIT:
+            Entropy: 5.006142056841753
+            Virtual Size: '0x4a0'
+        .rsrc:
+            Entropy: 3.294153762600323
+            Virtual Size: '0x380'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2008-11-03 14:19:45'
+    Imphash: 0b40636205c64cacfd2e4f407518ad58
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: procexp.Sys
+    MD5: 6ff59faea912903af0ba8e80e58612bc
+    SHA1: 736531c76b8d9c56e26561bf430e10ecabff0186
+    SHA256: 3503ea284b6819f9cb43b3e94c0bb1bf5945ccb37be6a898387e215197a4792a
+    Authentihash:
+        MD5: 8b8a646469bdd1bab7b402ac83dba4a5
+        SHA1: 075998a905d4afda2e1727f6f31030c4d126dcc5
+        SHA256: 083828dd2e4afe22f5d27b56bd7f5a60e43aea7ec8f8cb0a138be84ee639a09c
+    Description: Process Explorer
+    Company: Sysinternals - www.sysinternals.com
+    InternalName: procexp.sys
+    OriginalFilename: procexp.Sys
+    FileVersion: '15.00'
+    Product: Process Explorer
+    ProductVersion: '15.00'
+    Copyright: Copyright (C) Mark Russinovich 1996-2014
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - strncpy
+    - RtlInitUnicodeString
+    - RtlUnicodeStringToAnsiString
+    - RtlFreeAnsiString
+    - KeWaitForSingleObject
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - ExGetPreviousMode
+    - MmGetSystemRoutineAddress
+    - SeCaptureSubjectContext
+    - SeReleaseSubjectContext
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - ObReferenceObjectByHandle
+    - ObfDereferenceObject
+    - ZwClose
+    - MmIsAddressValid
+    - PsGetVersion
+    - ZwOpenProcess
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - SePrivilegeCheck
+    - PsLookupProcessByProcessId
+    - ObOpenObjectByPointer
+    - ObQueryNameString
+    - ZwQueryObject
+    - ZwDuplicateObject
+    - ZwOpenProcessToken
+    - ZwQueryInformationProcess
+    - ZwQuerySystemInformation
+    - ObCloseHandle
+    - ObOpenObjectByName
+    - __C_specific_handler
+    - IoFileObjectType
+    - PsProcessType
+    - PsThreadType
+    - RtlFreeUnicodeString
+    - IoCreateDevice
+    - ZwSetSecurityObject
+    - IoDeviceObjectType
+    - _snwprintf
+    - RtlLengthSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - RtlCreateSecurityDescriptor
+    - RtlSetDaclSecurityDescriptor
+    - RtlAbsoluteToSelfRelativeSD
+    - IoIsWdmVersionAvailable
+    - SeExports
+    - wcschr
+    - _wcsnicmp
+    - RtlLengthSid
+    - RtlAddAccessAllowedAce
+    - RtlGetSaclSecurityDescriptor
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - ZwOpenKey
+    - ZwCreateKey
+    - ZwQueryValueKey
+    - ZwSetValueKey
+    - KeBugCheckEx
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=WA, L=Redmond, O=Microsoft Corporation, OU=Microsoft
+                Ireland Operations Limited, OU=Thales TSS ESN:3BD4,4B80,69C3, CN=Microsoft
+                Time,Stamp service
+            ValidFrom: '2018-08-23 20:20:24'
+            ValidTo: '2019-11-23 20:20:24'
+            Signature: 70b7312f4250cdf1d3def3c43951f5a88b8f263b88f82996cb1cdaa8c9fd2bc5cb16304482e1d4a3cd7c2680f316e8d04d560716707e31ee044018f77802b3e1620e9ddb7a9c4b7266af30fe4d6224225f47eaf7e9d4598e46e9069c9ecdd3c0500570cebcee298bec6254fcc5bf44c88b40b0b228839cf17e2c71689143f6558bcad70c395d627f74f7338012b15fd471a905d91b5a4b26aff62f1d0eef7131633d3b1423cd634e504b5bb9d8ad3ef506ef2ddd2d806c4df1b713395b2b17747e9e5afcaab83a1428b276c5ee6c4d9ec09ced00cc55888ce5ba6fec026cc4c502f7fe6ea6c8e101356f1b508e18b958d3b3bec3b629f1ff9c3ffedee98df4c4
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 33000001058eca29221e6a345b000000000105
+            Version: 3
+            TBS:
+                MD5: 31c86790d5106374a2387094c9e925f9
+                SHA1: 02effd51d770a6881492009028d3e37d52a353ec
+                SHA256: 4846d6d5238e9900fae36792af3ac2835f6f10aa18de48b558c676e94bb24e05
+                SHA384: 0bffcf528e304b0b704985707ddbafbbcf5670203ae1dfa78b1ef03926cc6619f55fd20c095bbe416f470e50a075c5d2
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Hardware Compatibility Publisher
+            ValidFrom: '2019-04-18 18:42:23'
+            ValidTo: '2020-03-27 18:42:23'
+            Signature: 5844e21f86b9788f56cd1d77f3f69287bb20fca894e9fedbba22b6bc952403a6b4c2cd38d003bfdd0ceb0ddcc583331efcad8b4be9516204983e26aaa15594ebc7b5784a3999aa9096a0d877371281c61840e4e57a2f4e33bcb554e3b1c25bcc71215544be72d254435aa7f462028722def36cb7819d9d746296b42f1e2dc0c6176f722fdc51d3913e1afdd3052cc50e1dc3f8dac1aaec4fc9b739973db14c1f1f68b5516a406994297ba034347c781323447d7e6c87dd73db025cea27bba00321aa12287daee740fd07040f293ead6d5f61bc0304daeebc847d5f4da6e712d2868d64a710212080c97dd804c265b6a60b368cceab6e1a4c81ba8361233a0ab2
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 33000000387a14cce6619d8c51000200000038
+            Version: 3
+            TBS:
+                MD5: f9a6526d8f83e3d33d925ae95b752dca
+                SHA1: ad9f086d0642e3b5de60584c44123cf4603c4525
+                SHA256: 7bdb7967d328a3a1cb2d2c4c7399633203668f9a86a271b277a218b639ad12ee
+                SHA384: 0ae0176f351a8e4df75f1c72d2002b1682a1e4d1ccb069fb8b5bcb496ef016a6386e44428ebabe538eb2900b564e3f93
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Hardware Compatibility PCA
+            ValidFrom: '2018-09-20 17:42:01'
+            ValidTo: '2021-05-09 23:28:13'
+            Signature: db595516f66f18e1341f22519cd75bdebec9fe22cf0da8b0b3d16c1da9a402d786bc566b40ee0bbcf93519de693d54a7d10a23c02dbc67986c390faf808cbc4adb87290c6336e5faf85d8f8c233ef9922fb1843a48a325954aeac902617af61fee0538540f210e1e96e2d2fbd710c3d9dcdee31f05054f429bacbd15eea95a19817a77c5be146a41a7307858ced3207157603c07b83c83ca0f35f77a632f148aa6dc8e0f947a8aaf6ad8c8d7c4490526c7f4f6ad021edb776725fe7dfb894a56d92fd032d2197c0e4edb995316a84d28109a61707230317c47c98b01093a263ebe5bcc278ffd669fd49fe1f51ac913b6c3cf714b5fc34381ee4996d59981421916414f0a902e76bd3b0399e4851a6084716df77ce405fe55a53be6f3c95f067a3f46ef77f7ad48d211cac1b08ab7964cfa9e8fdd336d2a84750021c76bffdc3de28b8d81b65134c9bdf6379fedf06b028f3ec0b6f5a6bb72c6745953ef43d67808d0bf11b7fa1d0a74b18f5e3b21f2e940ade8d052a9e19e9eb3bffbe9f5e8439a09ee26abf6d3e9528a1ef984617b5c33cf0d8d6e9daac74135d14fc21e82668e5b9075d3235eb988eec5fcac9753af2e343e2a1c88a19dc94ec1f11ae245eef3a76beccb5bb13fa9f39d9b04ffd6342cbc040e29a161d212d5b6a50c10be6f6b9e681d4747ac7bd030d75c18d61ec0ad03e3cecfc668c49424c26fd4de1072
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610435f1000000000041
+            Version: 3
+            TBS:
+                MD5: 77dab20d8e23cd8e18633adca506cf6e
+                SHA1: c5506bee3c29254dc5b5a0e6e7a14046522708ef
+                SHA256: 611f1d188d7c39a400a01ee32e2c257be5082445ace6f59acd103a250cc2ec0f
+                SHA384: cf4c4b8360744f9c56803afb49175361c93fc4a95c77dbe0eebb2852a32c93ed9cc563495c0e1c9c32e4d58512f55b49
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Time,Stamp PCA
+            ValidFrom: '2007-04-03 12:53:09'
+            ValidTo: '2021-04-03 13:03:09'
+            Signature: 10978ac35c034436dde9b4ad77dbce79514d01b12e74715b6d0c13abcebe7b8fb82ed412a28c6d62b85702cb4e20135099dd7a40e257bbaf589a1ce11d0186acbb78f28bd0ec3b01eee2be8f0a05c88d48e2f05315dd4fab92e4e78d6ad580c1e694f2062f8503e9912a242270fbf6fce478992e0df707e270bc184e9d8e6b0a7295b8a1399c672dc5510eea625c3f16988b203fe2071a32f9cc314a76313d2b720bc8ea703dff850a13dfc20a618ef0d7b817eb4e8b7fc5352b5ea3bfebbc7d0b427bd4537221ee30cabb78655c5b01170a140ed2da1498f53cb96658b32d2fe7f98586cc5156e89d70946cac394cd4f679bfaa187a6229efa29b293406771a62c93d1e6d1f82f00bc72cbbcf43b3e5f9ec7db5e3a4a87435b84ec571231226760b3c528c715a464314bcb3b3b04d67c89f42ff807921809e153066e842125e1ac89e2221d043e92be9bbf448cc2cd4d832804c262a48245f5aea56efa6de999dca3a6fbd8127740611ee7621bf9b82c12754b6b16a3d89a17661b46ea113a6bfaa47f0126ffd8a326cb2fedf51c88c23c966bd9d1d871264023d2daf598fb8e421e5b5b0ca63b4785405d4412e50ac94b0a578abb3a096751ad992871375222f32a8086ea05b8c25bfa0ef84ca21d6eb1e4fc99aee49e0f701656f890b7dc869c8e66eeaa797ce3129ff0ec55b5cd84d1ba1d8fa2f9e3f2e55166bc913a3fd
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 6116683400000000001c
+            Version: 3
+            TBS:
+                MD5: 335713f62536c68d0acc82df3dceb932
+                SHA1: 023cf1c5e99dc2f24133dae6937145bb481306e6
+                SHA256: 65d585d6bf2b0aa4f798b9af69be08c6f1c3d01a754f989768b722a145df5312
+                SHA384: f7dd00644994985c518f70c060386448dd0c3a13f5eff12a0dd31bf8333f24b781928d323acca27e04633e71a7f22e71
+        Signer:
+        -   SerialNumber: 33000000387a14cce6619d8c51000200000038
+            Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Hardware Compatibility PCA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: dd10afd0600f2236361f48592587474c
+        SHA1: 0dbcc0d10e288b15aa0eda2aaffcd2a0edb7850b
+        SHA256: c834c4c8ac0c6f8457c4b833e5771b4f273ed815ab2d189a65c4afa9ca9e3975
+    Sections:
+        .text:
+            Entropy: 6.137423926314564
+            Virtual Size: '0x25a0'
+        .rdata:
+            Entropy: 4.315810674049461
+            Virtual Size: '0xf68'
+        .data:
+            Entropy: 2.0732868843388097
+            Virtual Size: '0x22c'
+        .pdata:
+            Entropy: 4.199286592950671
+            Virtual Size: '0x2f4'
+        PAGE:
+            Entropy: 6.228697679351415
+            Virtual Size: '0x1a1b'
+        INIT:
+            Entropy: 5.210944759781676
+            Virtual Size: '0x818'
+        .rsrc:
+            Entropy: 3.282250655906871
+            Virtual Size: '0x380'
+        .reloc:
+            Entropy: 3.698934896284056
+            Virtual Size: '0x30'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2019-06-13 07:35:39'
+    Imphash: d122c1eaa50839be14c31876d0d4e0be
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: procexp.Sys
+    MD5: 8e78ab9b9709bafb11695a0a6eddeff9
+    SHA1: 2f9b0cd96d961e49d5d3b416028fd3a0e43d6a28
+    SHA256: 3c7e5b25a33a7805c999d318a9523fcae46695a89f55bbdb8bb9087360323dfc
+    Authentihash:
+        MD5: acacde5c8a3a37b4fa43d9b651df85ea
+        SHA1: f14e20cea5fac19bca02f5b067d12a459a393467
+        SHA256: c286dfac5ca413efeb1936e876688b6bd46d25dc64206f86efb4f52ad83d1889
+    Description: Process Explorer
+    Company: Sysinternals - www.sysinternals.com
+    InternalName: procexp.sys
+    OriginalFilename: procexp.Sys
+    FileVersion: '15.00'
+    Product: Process Explorer
+    ProductVersion: '15.00'
+    Copyright: Copyright (C) M. Russinovich 1996-2011
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - ObfDereferenceObject
+    - ObOpenObjectByPointer
+    - ObReferenceObjectByHandle
+    - __C_specific_handler
+    - RtlFreeAnsiString
+    - RtlUnicodeStringToAnsiString
+    - ObQueryNameString
+    - ExFreePoolWithTag
+    - strlen
+    - strncpy
+    - wcslen
+    - ExAllocatePoolWithTag
+    - ZwQueryObject
+    - KeUnstackDetachProcess
+    - KeStackAttachProcess
+    - PsLookupProcessByProcessId
+    - ZwClose
+    - ZwDuplicateObject
+    - ZwOpenProcess
+    - ObCloseHandle
+    - IoFileObjectType
+    - ZwQuerySystemInformation
+    - MmIsAddressValid
+    - PsThreadType
+    - ZwQueryInformationProcess
+    - PsProcessType
+    - KeWaitForSingleObject
+    - ZwOpenProcessToken
+    - IofCompleteRequest
+    - SeReleaseSubjectContext
+    - SePrivilegeCheck
+    - ExGetPreviousMode
+    - SeCaptureSubjectContext
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - ObOpenObjectByName
+    - IoCreateSymbolicLink
+    - MmGetSystemRoutineAddress
+    - NtBuildNumber
+    - IoCreateDevice
+    - ZwSetSecurityObject
+    - IoDeviceObjectType
+    - _snwprintf
+    - RtlLengthSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - RtlCreateSecurityDescriptor
+    - RtlSetDaclSecurityDescriptor
+    - RtlAbsoluteToSelfRelativeSD
+    - IoIsWdmVersionAvailable
+    - SeExports
+    - wcschr
+    - _wcsnicmp
+    - RtlLengthSid
+    - RtlAddAccessAllowedAce
+    - RtlGetSaclSecurityDescriptor
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - ZwOpenKey
+    - ZwCreateKey
+    - ZwQueryValueKey
+    - ZwSetValueKey
+    - RtlFreeUnicodeString
+    - KeBugCheckEx
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=Texas, L=Austin, O=Sysinternals, OU=Digital ID Class
+                3 , Microsoft Software Validation v2, OU=Headquarters, CN=Sysinternals
+            ValidFrom: '2010-03-04 00:00:00'
+            ValidTo: '2013-04-18 23:59:59'
+            Signature: 699b1e86265a9879a822a8a6699a8c10445951bf2b4f573e73a1d61d4cb8279a8069fc69f009280908b49182f4701c7928c3c2b6d586365f50278ef35f08b6cdf8208a12e1ac531ef354a0ccd6e3e3f2f46cb624ad8e38a40143793950d6c4da6a9aeb3420d16f7edbf1e9394464e64dd68c3a227dc7e39217e3539b630ab82a9ffed252b8a89d32c2d373e53bbfc4d7110f58a7a8fb88fdb9d918251ad2a6e1315725007597a4492ee39b513e0dde05fe421fe4ef18cf7b86f5165ae71a6fe40948f0fa39e3a9d681be276f20295d2132e53043f5db8a1ed02ebbf7f32b574e95cb607aafac1ba41c77151ade1984532df7ac190fb57e17f730a197050c0e32
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 4112e632c7b18a029a3a1fac803ab89f
+            Version: 3
+            TBS:
+                MD5: 55a4c08c9404782113330a8cd169ed20
+                SHA1: 74807ba52ae6108b0fbac5031090b3295b2c3bba
+                SHA256: 3fe3c656e859492b0d4bb2c4c2020ae816340f985e054239d3342ffb93269b16
+                SHA384: 653eeae6166aec45fd75b679034bec2a53623d999b14ebfbc821067c1c041eaa5f00cf8e7e7330ad793b880aa35f6c4e
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 4112e632c7b18a029a3a1fac803ab89f
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 78726760a9bf9be61589052b60d61ff2
+        SHA1: 6667039bfab04d76be83ed4e99d280965f2a88b2
+        SHA256: 5ebe6e73c02e720960a435c91c80679ee272f215795d3321969b72820365418e
+    Sections:
+        .text:
+            Entropy: 5.522949950133435
+            Virtual Size: '0x3193'
+        .rdata:
+            Entropy: 4.339948425571505
+            Virtual Size: '0x8b8'
+        .data:
+            Entropy: 4.48191551836309
+            Virtual Size: '0x9d0'
+        .pdata:
+            Entropy: 4.13079962034881
+            Virtual Size: '0x300'
+        PAGE:
+            Entropy: 6.230330583561505
+            Virtual Size: '0x1a1b'
+        INIT:
+            Entropy: 5.199891508904556
+            Virtual Size: '0x83c'
+        .rsrc:
+            Entropy: 3.2729894475085453
+            Virtual Size: '0x380'
+        .reloc:
+            Entropy: 1.1266429267004154
+            Virtual Size: '0x60'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2012-06-16 15:21:56'
+    Imphash: 8a5edbe5251fe141ea0262d5d572178b
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: procexp.Sys
+    MD5: a91a1bc393971a662a3210dac8c17dfd
+    SHA1: e4fcb363cfe9de0e32096fa5be94a41577a89bb0
+    SHA256: 3ff39728f1c11d1108f65ec5eb3d722fd1a1279c530d79712e0d32b34880baaa
+    Authentihash:
+        MD5: 455eb57840b64c8fe0d942ea5da23c6b
+        SHA1: aa8756d00691d3d8959b68c3626ba896cc2709fb
+        SHA256: 1a902521c5f82ad9acac815229a00e6ed9137b8d49106b64147b088ff89d0f01
+    Description: Process Explorer
+    Company: Sysinternals - www.sysinternals.com
+    InternalName: procexp.sys
+    OriginalFilename: procexp.Sys
+    FileVersion: '11.40'
+    Product: Process Explorer
+    ProductVersion: '11.40'
+    Copyright: Copyright (C) M. Russinovich 1996-2010
+    MachineType: I386
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - ObQueryNameString
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - ZwQueryObject
+    - KeDetachProcess
+    - ObReferenceObjectByHandle
+    - KeAttachProcess
+    - ObfDereferenceObject
+    - PsLookupProcessByProcessId
+    - ZwClose
+    - ZwDuplicateObject
+    - ZwOpenProcess
+    - ZwQuerySystemInformation
+    - MmIsAddressValid
+    - memset
+    - ObOpenObjectByPointer
+    - RtlUnicodeStringToAnsiString
+    - NtClose
+    - ZwOpenProcessToken
+    - memcpy
+    - IofCompleteRequest
+    - SeReleaseSubjectContext
+    - SePrivilegeCheck
+    - ExGetPreviousMode
+    - SeCaptureSubjectContext
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - IoCreateSymbolicLink
+    - MmGetSystemRoutineAddress
+    - NtBuildNumber
+    - KeTickCount
+    - KeBugCheckEx
+    - strncpy
+    - ZwQueryInformationProcess
+    - RtlFreeAnsiString
+    - RtlUnwind
+    - ZwSetSecurityObject
+    - IoDeviceObjectType
+    - IoCreateDevice
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetSaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - _snwprintf
+    - RtlLengthSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - SeExports
+    - IoIsWdmVersionAvailable
+    - _wcsnicmp
+    - RtlAddAccessAllowedAce
+    - RtlLengthSid
+    - wcschr
+    - RtlAbsoluteToSelfRelativeSD
+    - RtlSetDaclSecurityDescriptor
+    - RtlCreateSecurityDescriptor
+    - ZwOpenKey
+    - ZwCreateKey
+    - ZwQueryValueKey
+    - ZwSetValueKey
+    - RtlFreeUnicodeString
+    - KfLowerIrql
+    - KfRaiseIrql
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=US, ST=Texas, L=Austin, O=Sysinternals, OU=Digital ID Class
+                3 , Microsoft Software Validation v2, OU=Headquarters, CN=Sysinternals
+            ValidFrom: '2007-03-05 00:00:00'
+            ValidTo: '2010-04-19 23:59:59'
+            Signature: a1ce9df2911dc8d72282d3c41cc94a5ec63e00dbdf60015908bc703678b1a68e25d1ec5780e425ffb68e3e1bb0ea62cc9ba43c0e262cfa5f6c552458696acb67422328df20215aa22e5e8d4417d8688fcb06c1de0fe431e6811596fb0dcbe8678fe69098653687b041ab4eefd3181964c0a5225fe0a1606ff4c12c3f57d7e620860dcd66a8b856438dfb87d10e50beea9e838964d2584811fa83287ef363e88e4fc5b8d09f2fb4feeb7fd7f2a77661cb75ed56a0d3b60fdeed43674757704753721df8c8801ee85e4818fafb012399b1d36a8e17b8e40cbaa0fd891b6d2e0515dbd4d743e42eea35a9b191bf26a850eff41a5aa6d95790329c8a21a88c11faba
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 7d2c89d309e57beef2d791bb8ed6a26f
+            Version: 3
+            TBS:
+                MD5: ae18dfd140f9414eadf1f611ec1b84b7
+                SHA1: 9aecb2568e995d5965e49acf3ff247bc3d1ab99c
+                SHA256: f14ce5fe5f508ced18d652e8211edb00c1c773899d03d18dec932df9c54f0a86
+                SHA384: c2a6c771b86b687befda12f6871e2f0d473317b4694f25ddc835d2f203953870f26ae9994822e53fcddaeb012f2b6740
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 7d2c89d309e57beef2d791bb8ed6a26f
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 0d2827279de53381241bc9e2f3cd3b37
+        SHA1: 553d0e9497ca6fab0cfe6e576e55a0a8727856c3
+        SHA256: 6b3aa920729075ad11455f6df6ce1cece1555725d1b570f61aef163ade76c2d3
+    Sections:
+        .text:
+            Entropy: 6.296981930022721
+            Virtual Size: '0x1640'
+        .rdata:
+            Entropy: 3.864022209011694
+            Virtual Size: '0x49c'
+        .data:
+            Entropy: 2.165957212826059
+            Virtual Size: '0x1b4'
+        PAGE:
+            Entropy: 6.253761393386401
+            Virtual Size: '0x13e2'
+        INIT:
+            Entropy: 5.513149658648293
+            Virtual Size: '0x6cc'
+        .rsrc:
+            Entropy: 3.2889357847563603
+            Virtual Size: '0x380'
+        .reloc:
+            Entropy: 5.7007058924695935
+            Virtual Size: '0x29e'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2010-03-30 18:27:21'
+    Imphash: ebf30b4cd57a4f4548a03eab0f6c418c
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: procexp.Sys
+    MD5: e4a0bba88605d4c07b58a2cc3fac0fe9
+    SHA1: ac31d15851c0af14d60cfce23f00c4b7887d3cb7
+    SHA256: 46621554728bc55438c7c241137af401250f062edef6e7efecf1a6f0f6d0c1f7
+    Authentihash:
+        MD5: 24263d0e152884eb7d180070164830c8
+        SHA1: 929c28f99d550278415c7087b71511e44439a41c
+        SHA256: b4f9272894f926d4f3b957fca673140a3a24dc896f1a49badaa1e04687b223cd
+    Description: Process Explorer
+    Company: Sysinternals - www.sysinternals.com
+    InternalName: procexp.sys
+    OriginalFilename: procexp.Sys
+    FileVersion: '15.00'
+    Product: Process Explorer
+    ProductVersion: '15.00'
+    Copyright: Copyright (C) M. Russinovich 1996-2011
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - ObfDereferenceObject
+    - ObOpenObjectByPointer
+    - ObReferenceObjectByHandle
+    - __C_specific_handler
+    - RtlFreeAnsiString
+    - RtlUnicodeStringToAnsiString
+    - ObQueryNameString
+    - ExFreePoolWithTag
+    - strlen
+    - strncpy
+    - wcslen
+    - ExAllocatePoolWithTag
+    - ZwQueryObject
+    - KeDetachProcess
+    - KeAttachProcess
+    - PsLookupProcessByProcessId
+    - ZwClose
+    - ZwDuplicateObject
+    - ZwOpenProcess
+    - ZwQuerySystemInformation
+    - MmIsAddressValid
+    - ZwQueryInformationProcess
+    - KeWaitForSingleObject
+    - NtClose
+    - ZwOpenProcessToken
+    - IofCompleteRequest
+    - SeReleaseSubjectContext
+    - SePrivilegeCheck
+    - ExGetPreviousMode
+    - SeCaptureSubjectContext
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - IoCreateSymbolicLink
+    - MmGetSystemRoutineAddress
+    - NtBuildNumber
+    - IoCreateDevice
+    - ZwSetSecurityObject
+    - IoDeviceObjectType
+    - _snwprintf
+    - RtlLengthSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - RtlCreateSecurityDescriptor
+    - RtlSetDaclSecurityDescriptor
+    - RtlAbsoluteToSelfRelativeSD
+    - IoIsWdmVersionAvailable
+    - SeExports
+    - wcschr
+    - _wcsnicmp
+    - RtlLengthSid
+    - RtlAddAccessAllowedAce
+    - RtlGetSaclSecurityDescriptor
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - ZwOpenKey
+    - ZwCreateKey
+    - ZwQueryValueKey
+    - ZwSetValueKey
+    - RtlFreeUnicodeString
+    - KeBugCheckEx
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=Texas, L=Austin, O=Sysinternals, OU=Digital ID Class
+                3 , Microsoft Software Validation v2, OU=Headquarters, CN=Sysinternals
+            ValidFrom: '2010-03-04 00:00:00'
+            ValidTo: '2013-04-18 23:59:59'
+            Signature: 699b1e86265a9879a822a8a6699a8c10445951bf2b4f573e73a1d61d4cb8279a8069fc69f009280908b49182f4701c7928c3c2b6d586365f50278ef35f08b6cdf8208a12e1ac531ef354a0ccd6e3e3f2f46cb624ad8e38a40143793950d6c4da6a9aeb3420d16f7edbf1e9394464e64dd68c3a227dc7e39217e3539b630ab82a9ffed252b8a89d32c2d373e53bbfc4d7110f58a7a8fb88fdb9d918251ad2a6e1315725007597a4492ee39b513e0dde05fe421fe4ef18cf7b86f5165ae71a6fe40948f0fa39e3a9d681be276f20295d2132e53043f5db8a1ed02ebbf7f32b574e95cb607aafac1ba41c77151ade1984532df7ac190fb57e17f730a197050c0e32
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 4112e632c7b18a029a3a1fac803ab89f
+            Version: 3
+            TBS:
+                MD5: 55a4c08c9404782113330a8cd169ed20
+                SHA1: 74807ba52ae6108b0fbac5031090b3295b2c3bba
+                SHA256: 3fe3c656e859492b0d4bb2c4c2020ae816340f985e054239d3342ffb93269b16
+                SHA384: 653eeae6166aec45fd75b679034bec2a53623d999b14ebfbc821067c1c041eaa5f00cf8e7e7330ad793b880aa35f6c4e
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 4112e632c7b18a029a3a1fac803ab89f
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 06af0fa035494c3b0a64ed4d30b92a1d
+        SHA1: a28ec273392c9087398ad288220d05f5a05bfd73
+        SHA256: dc52d97ba63a84b49265c1c6d9a802ee7e0d3151f917ed1a9840711caddb6fd5
+    Sections:
+        .text:
+            Entropy: 5.574488362960796
+            Virtual Size: '0x2d8f'
+        .rdata:
+            Entropy: 4.3611610571192605
+            Virtual Size: '0x890'
+        .data:
+            Entropy: 4.5196692261371245
+            Virtual Size: '0x970'
+        .pdata:
+            Entropy: 4.1349798434712515
+            Virtual Size: '0x2f4'
+        PAGE:
+            Entropy: 6.226121511186966
+            Virtual Size: '0x1a1b'
+        INIT:
+            Entropy: 5.188603622455519
+            Virtual Size: '0x7be'
+        .rsrc:
+            Entropy: 3.2752215903656885
+            Virtual Size: '0x380'
+        .reloc:
+            Entropy: 1.2270124269441627
+            Virtual Size: '0x60'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2011-12-30 16:49:03'
+    Imphash: f27327907e57c0c2c9fddc68eab2eb7b
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: procexp.Sys
+    MD5: 880686bceaf66bfde3c80569eb1ebfa7
+    SHA1: 10b9ae9286837b3bf6a00771c7e81adbdea3cbfe
+    SHA256: 51e91dd108d974ae809e5fc23f6fbd16e13f672f86aa594dae4a5c4bc629b0b5
+    Authentihash:
+        MD5: 5d265a745ca048fb2ee0a59cc7ffc8aa
+        SHA1: e5d5076fca6ed125d14d9f70fff802a1fa992ac6
+        SHA256: 17bdeeb4447f0758c3720991d3ed43a405efb49fd2cdbb37f7b5feb349693acb
+    Description: Process Explorer
+    Company: Sysinternals - www.sysinternals.com
+    InternalName: procexp.sys
+    OriginalFilename: procexp.Sys
+    FileVersion: '12.00'
+    Product: Process Explorer
+    ProductVersion: '12.00'
+    Copyright: Copyright (C) M. Russinovich 1996-2010
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - ExAllocatePoolWithTag
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - NtBuildNumber
+    - PsLookupProcessByProcessId
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - ExGetPreviousMode
+    - MmGetSystemRoutineAddress
+    - ZwQueryObject
+    - RtlUnicodeStringToAnsiString
+    - ZwQuerySystemInformation
+    - ZwOpenProcessToken
+    - SeReleaseSubjectContext
+    - KeDetachProcess
+    - ObQueryNameString
+    - strncpy
+    - SeCaptureSubjectContext
+    - NtClose
+    - ZwClose
+    - IofCompleteRequest
+    - ObReferenceObjectByHandle
+    - ZwDuplicateObject
+    - RtlFreeAnsiString
+    - KeAttachProcess
+    - ZwOpenProcess
+    - ZwQueryInformationProcess
+    - IoCreateSymbolicLink
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - ObOpenObjectByPointer
+    - SePrivilegeCheck
+    - KeBugCheckEx
+    - IoCreateDevice
+    - ZwSetSecurityObject
+    - IoDeviceObjectType
+    - _snwprintf
+    - RtlLengthSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - RtlCreateSecurityDescriptor
+    - RtlSetDaclSecurityDescriptor
+    - RtlAbsoluteToSelfRelativeSD
+    - IoIsWdmVersionAvailable
+    - SeExports
+    - wcschr
+    - _wcsnicmp
+    - RtlLengthSid
+    - RtlAddAccessAllowedAce
+    - RtlGetSaclSecurityDescriptor
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - ZwOpenKey
+    - ZwCreateKey
+    - ZwQueryValueKey
+    - ZwSetValueKey
+    - RtlFreeUnicodeString
+    - __C_specific_handler
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=Texas, L=Austin, O=Sysinternals, OU=Digital ID Class
+                3 , Microsoft Software Validation v2, OU=Headquarters, CN=Sysinternals
+            ValidFrom: '2010-03-04 00:00:00'
+            ValidTo: '2013-04-18 23:59:59'
+            Signature: 699b1e86265a9879a822a8a6699a8c10445951bf2b4f573e73a1d61d4cb8279a8069fc69f009280908b49182f4701c7928c3c2b6d586365f50278ef35f08b6cdf8208a12e1ac531ef354a0ccd6e3e3f2f46cb624ad8e38a40143793950d6c4da6a9aeb3420d16f7edbf1e9394464e64dd68c3a227dc7e39217e3539b630ab82a9ffed252b8a89d32c2d373e53bbfc4d7110f58a7a8fb88fdb9d918251ad2a6e1315725007597a4492ee39b513e0dde05fe421fe4ef18cf7b86f5165ae71a6fe40948f0fa39e3a9d681be276f20295d2132e53043f5db8a1ed02ebbf7f32b574e95cb607aafac1ba41c77151ade1984532df7ac190fb57e17f730a197050c0e32
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 4112e632c7b18a029a3a1fac803ab89f
+            Version: 3
+            TBS:
+                MD5: 55a4c08c9404782113330a8cd169ed20
+                SHA1: 74807ba52ae6108b0fbac5031090b3295b2c3bba
+                SHA256: 3fe3c656e859492b0d4bb2c4c2020ae816340f985e054239d3342ffb93269b16
+                SHA384: 653eeae6166aec45fd75b679034bec2a53623d999b14ebfbc821067c1c041eaa5f00cf8e7e7330ad793b880aa35f6c4e
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 4112e632c7b18a029a3a1fac803ab89f
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 64b3eb9ab6aa05642765b3ed3433f961
+        SHA1: 33d624aacacbef6591bd60b851034a7b14fac938
+        SHA256: ec592d4c182b05a26b286d78201e870e091c9d6d98f5eade5a48be6a060f5ba9
+    Sections:
+        .text:
+            Entropy: 6.1214097189278265
+            Virtual Size: '0x1b42'
+        .rdata:
+            Entropy: 4.321784985283108
+            Virtual Size: '0x7f8'
+        .data:
+            Entropy: 1.3979136028359334
+            Virtual Size: '0x314'
+        .pdata:
+            Entropy: 4.1873206533709775
+            Virtual Size: '0x24c'
+        PAGE:
+            Entropy: 6.217617404924
+            Virtual Size: '0x1a47'
+        INIT:
+            Entropy: 5.182814317902468
+            Virtual Size: '0x78a'
+        .rsrc:
+            Entropy: 3.26616908006282
+            Virtual Size: '0x380'
+        .reloc:
+            Entropy: 1.2280731978955797
+            Virtual Size: '0x60'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2011-04-25 12:19:41'
+    Imphash: 505e0a016962137ca6169bce64ba2f53
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: procexp.Sys
+    MD5: ad03f225247b58a57584b40a4d1746d3
+    SHA1: e525f54b762c10703c975132e8fc21b6cd88d39b
+    SHA256: 59b09bd69923c0b3de3239e73205b1846a5f69043546d471b259887bb141d879
+    Authentihash:
+        MD5: 9e4c2a2e8832f10ecdd2be70eb6bc300
+        SHA1: 2b15e90dc654ce779bd460787352639768cd8baa
+        SHA256: 26536758c2247b6251a342d2e80de1753c006a0dce9b3b8a6a5b1d3110c8fc34
+    Description: Process Explorer
+    Company: Sysinternals - www.sysinternals.com
+    InternalName: procexp.sys
+    OriginalFilename: procexp.Sys
+    FileVersion: '15.00'
+    Product: Process Explorer
+    ProductVersion: '15.00'
+    Copyright: Copyright (C) Mark Russinovich 1996-2014
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - strncpy
+    - RtlInitUnicodeString
+    - RtlUnicodeStringToAnsiString
+    - RtlFreeAnsiString
+    - KeWaitForSingleObject
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - ExGetPreviousMode
+    - MmGetSystemRoutineAddress
+    - SeCaptureSubjectContext
+    - SeReleaseSubjectContext
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - ObReferenceObjectByHandle
+    - ObfDereferenceObject
+    - ZwClose
+    - MmIsAddressValid
+    - ZwOpenProcess
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - SePrivilegeCheck
+    - PsLookupProcessByProcessId
+    - ObOpenObjectByPointer
+    - ObQueryNameString
+    - ZwQueryObject
+    - ZwDuplicateObject
+    - ZwOpenProcessToken
+    - ZwQueryInformationProcess
+    - ZwQuerySystemInformation
+    - ObCloseHandle
+    - ObOpenObjectByName
+    - __C_specific_handler
+    - IoFileObjectType
+    - PsProcessType
+    - PsThreadType
+    - NtBuildNumber
+    - IoCreateDevice
+    - ZwSetSecurityObject
+    - IoDeviceObjectType
+    - _snwprintf
+    - RtlLengthSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - RtlCreateSecurityDescriptor
+    - RtlSetDaclSecurityDescriptor
+    - RtlAbsoluteToSelfRelativeSD
+    - IoIsWdmVersionAvailable
+    - SeExports
+    - wcschr
+    - _wcsnicmp
+    - RtlLengthSid
+    - RtlAddAccessAllowedAce
+    - RtlGetSaclSecurityDescriptor
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - ZwOpenKey
+    - ZwCreateKey
+    - ZwQueryValueKey
+    - ZwSetValueKey
+    - RtlFreeUnicodeString
+    - KeBugCheckEx
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Sysinternals, OU=Digital ID
+                Class 3 , Microsoft Software Validation v2, CN=Sysinternals
+            ValidFrom: '2013-04-06 00:00:00'
+            ValidTo: '2016-05-05 23:59:59'
+            Signature: dcae28e748027154f884826e2ddb877a410d735e07184d1777b9fe78bb3458d7b9cb6be5a892e1f6f16f040f4c143bb40dee252c632d495822bf8eef37429257332efd651b27023dba183f9824886a3602f3a0b3d78addfc85e235da619e504d300242eb19dc85c34d170a78d849372b6fb7de286fe6ed87c62f45d8e7ddf4840c009fadfbb0cf4268f0d476113f2f970d04be95e41665f20166a156b5a407c62f7e7b3d7b2acce45a615af50c85631dadab3088137df317645ef6c901b313a02abe7cf128aff2a16dfebb8e1dc4d39b5919e9433955fc3f2ba065833b573ef8e346f1505e613d5cee2efc71d7b5477a80dcc32ae5acb580370ddfa9dda309f2
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1efd983a49d3f152ac9cd2941b8a0edd
+            Version: 3
+            TBS:
+                MD5: 1b7ca026e68405de56477b5b7bb3a0a5
+                SHA1: b2a1bd13d8833154f02e51e25c9f023d54a27d21
+                SHA256: 2018b8e7ea18c392558dcd375742cc792648ec23e5eb07d7987c27c76f4c62c0
+                SHA384: a8ccad9eeb4974ba9504241c685e7e1dd85e0de420c0ae077f8f3e92b3ab7c9a1653b3d0d535250a741bb7e36ec2f06a
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 1efd983a49d3f152ac9cd2941b8a0edd
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: a052ed4e5d10c66e3e667a42fcdcc54a
+        SHA1: 04b9d41ef58b5aaaca72f0ce222a8adfbe8ad251
+        SHA256: c254feaf8c3e788a6ec9d41de0d7bad054f4347a8347d6806840cd1d9030ed4a
+    Sections:
+        .text:
+            Entropy: 6.194112925534596
+            Virtual Size: '0x2370'
+        .rdata:
+            Entropy: 4.439763008453193
+            Virtual Size: '0xb80'
+        .data:
+            Entropy: 2.0654743843388097
+            Virtual Size: '0x224'
+        .pdata:
+            Entropy: 4.238715005322108
+            Virtual Size: '0x2e8'
+        PAGE:
+            Entropy: 6.226087739371598
+            Virtual Size: '0x1a1b'
+        INIT:
+            Entropy: 5.215673013101648
+            Virtual Size: '0x818'
+        .rsrc:
+            Entropy: 3.282250655906871
+            Virtual Size: '0x380'
+        .reloc:
+            Entropy: 2.855388542207534
+            Virtual Size: '0x18'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2015-05-10 22:52:10'
+    Imphash: 4792bcb395d06f9efb72e8020c4af5e6
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: procexp.Sys
+    MD5: 90f8c1b76f786814d03ef4c51d4abb6d
+    SHA1: d1c38145addfed1bcd1b400334ff5a5e2ef9a5c6
+    SHA256: 6bfc0f425de9f4e7480aa2d1f2e08892d0553ed0df1c31e9bf3d8d702f38fa2e
+    Authentihash:
+        MD5: 028b8d642c1c76b18b74f3e0f76b3522
+        SHA1: 1aa871802d7278272172d9d7faabf8c8292996a3
+        SHA256: 76adb3fa346058e95ba3fd549fd48a15adaf4920a3109391f52053ebf39e62cc
+    Description: Process Explorer
+    Company: Sysinternals - www.sysinternals.com
+    InternalName: procexp.sys
+    OriginalFilename: procexp.Sys
+    FileVersion: '15.00'
+    Product: Process Explorer
+    ProductVersion: '15.00'
+    Copyright: Copyright (C) M. Russinovich 1996-2011
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - ObfDereferenceObject
+    - ObOpenObjectByPointer
+    - ObReferenceObjectByHandle
+    - __C_specific_handler
+    - RtlFreeAnsiString
+    - RtlUnicodeStringToAnsiString
+    - ObQueryNameString
+    - ExFreePoolWithTag
+    - strlen
+    - strncpy
+    - wcslen
+    - ExAllocatePoolWithTag
+    - ZwQueryObject
+    - KeUnstackDetachProcess
+    - KeStackAttachProcess
+    - PsLookupProcessByProcessId
+    - ZwClose
+    - ZwDuplicateObject
+    - ZwOpenProcess
+    - ObCloseHandle
+    - IoFileObjectType
+    - ZwQuerySystemInformation
+    - MmIsAddressValid
+    - PsThreadType
+    - ZwQueryInformationProcess
+    - PsProcessType
+    - KeWaitForSingleObject
+    - ZwOpenProcessToken
+    - IofCompleteRequest
+    - SeReleaseSubjectContext
+    - SePrivilegeCheck
+    - ExGetPreviousMode
+    - SeCaptureSubjectContext
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - ObOpenObjectByName
+    - IoCreateSymbolicLink
+    - MmGetSystemRoutineAddress
+    - NtBuildNumber
+    - IoCreateDevice
+    - ZwSetSecurityObject
+    - IoDeviceObjectType
+    - _snwprintf
+    - RtlLengthSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - RtlCreateSecurityDescriptor
+    - RtlSetDaclSecurityDescriptor
+    - RtlAbsoluteToSelfRelativeSD
+    - IoIsWdmVersionAvailable
+    - SeExports
+    - wcschr
+    - _wcsnicmp
+    - RtlLengthSid
+    - RtlAddAccessAllowedAce
+    - RtlGetSaclSecurityDescriptor
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - ZwOpenKey
+    - ZwCreateKey
+    - ZwQueryValueKey
+    - ZwSetValueKey
+    - RtlFreeUnicodeString
+    - KeBugCheckEx
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Sysinternals, OU=Digital ID
+                Class 3 , Microsoft Software Validation v2, CN=Sysinternals
+            ValidFrom: '2013-04-06 00:00:00'
+            ValidTo: '2016-05-05 23:59:59'
+            Signature: dcae28e748027154f884826e2ddb877a410d735e07184d1777b9fe78bb3458d7b9cb6be5a892e1f6f16f040f4c143bb40dee252c632d495822bf8eef37429257332efd651b27023dba183f9824886a3602f3a0b3d78addfc85e235da619e504d300242eb19dc85c34d170a78d849372b6fb7de286fe6ed87c62f45d8e7ddf4840c009fadfbb0cf4268f0d476113f2f970d04be95e41665f20166a156b5a407c62f7e7b3d7b2acce45a615af50c85631dadab3088137df317645ef6c901b313a02abe7cf128aff2a16dfebb8e1dc4d39b5919e9433955fc3f2ba065833b573ef8e346f1505e613d5cee2efc71d7b5477a80dcc32ae5acb580370ddfa9dda309f2
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1efd983a49d3f152ac9cd2941b8a0edd
+            Version: 3
+            TBS:
+                MD5: 1b7ca026e68405de56477b5b7bb3a0a5
+                SHA1: b2a1bd13d8833154f02e51e25c9f023d54a27d21
+                SHA256: 2018b8e7ea18c392558dcd375742cc792648ec23e5eb07d7987c27c76f4c62c0
+                SHA384: a8ccad9eeb4974ba9504241c685e7e1dd85e0de420c0ae077f8f3e92b3ab7c9a1653b3d0d535250a741bb7e36ec2f06a
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 1efd983a49d3f152ac9cd2941b8a0edd
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 0d17e05fea90e97edacc66532133bb1a
+        SHA1: 876c6595954f77341bcd153315bd7806af4a7230
+        SHA256: 219a730631a67f4dcd6e2fc1f918f2532698dde1bb734391fe323b69b7349edd
+    Sections:
+        .text:
+            Entropy: 5.526495684182833
+            Virtual Size: '0x31a3'
+        .rdata:
+            Entropy: 4.333968530107277
+            Virtual Size: '0x8b8'
+        .data:
+            Entropy: 4.48191551836309
+            Virtual Size: '0x9d0'
+        .pdata:
+            Entropy: 4.158668830245067
+            Virtual Size: '0x300'
+        PAGE:
+            Entropy: 6.228863895048878
+            Virtual Size: '0x1a1b'
+        INIT:
+            Entropy: 5.199891508904556
+            Virtual Size: '0x83c'
+        .rsrc:
+            Entropy: 3.2729894475085453
+            Virtual Size: '0x380'
+        .reloc:
+            Entropy: 1.1266429267004154
+            Virtual Size: '0x60'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2013-10-20 18:16:05'
+    Imphash: 8a5edbe5251fe141ea0262d5d572178b
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: procexp.Sys
+    MD5: f9d04e99e4cab90973226a4555bc6d57
+    SHA1: 96ec8c16f6a54b48e9a7f0d0416a529f4bf9ac11
+    SHA256: 6e944ae1bfe43a8a7cd2ea65e518a30172ce8f31223bdfd39701b2cb41d8a9e7
+    Authentihash:
+        MD5: 8e66ec7a60a2b67386516a2e9a236d6b
+        SHA1: 07dfb6fe9b3876c0e1b1cda010cb3cc24ff2ce25
+        SHA256: 6b3316496ab1e2d1ef02be966d9caa171674856e8fb8ea78d6a3bcfe8e2013c1
+    Description: Process Explorer
+    Company: Sysinternals - www.sysinternals.com
+    InternalName: procexp.sys
+    OriginalFilename: procexp.Sys
+    FileVersion: '15.00'
+    Product: Process Explorer
+    ProductVersion: '15.00'
+    Copyright: Copyright (C) Mark Russinovich 1996-2014
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - strncpy
+    - RtlInitUnicodeString
+    - RtlUnicodeStringToAnsiString
+    - RtlFreeAnsiString
+    - KeWaitForSingleObject
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - ExGetPreviousMode
+    - MmGetSystemRoutineAddress
+    - SeCaptureSubjectContext
+    - SeReleaseSubjectContext
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - ObReferenceObjectByHandle
+    - ObfDereferenceObject
+    - ZwClose
+    - MmIsAddressValid
+    - PsGetVersion
+    - ZwOpenProcess
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - SePrivilegeCheck
+    - PsLookupProcessByProcessId
+    - ObOpenObjectByPointer
+    - ObQueryNameString
+    - ZwQueryObject
+    - ZwDuplicateObject
+    - ZwOpenProcessToken
+    - ZwQueryInformationProcess
+    - ZwQuerySystemInformation
+    - ObCloseHandle
+    - ObOpenObjectByName
+    - __C_specific_handler
+    - IoFileObjectType
+    - PsProcessType
+    - PsThreadType
+    - IoCreateDevice
+    - ZwSetSecurityObject
+    - IoDeviceObjectType
+    - _snwprintf
+    - RtlLengthSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - RtlCreateSecurityDescriptor
+    - RtlSetDaclSecurityDescriptor
+    - RtlAbsoluteToSelfRelativeSD
+    - IoIsWdmVersionAvailable
+    - SeExports
+    - wcschr
+    - _wcsnicmp
+    - RtlLengthSid
+    - RtlAddAccessAllowedAce
+    - RtlGetSaclSecurityDescriptor
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - ZwOpenKey
+    - ZwCreateKey
+    - ZwQueryValueKey
+    - ZwSetValueKey
+    - RtlFreeUnicodeString
+    - KeBugCheckEx
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft
+                Operations Puerto Rico, OU=Thales TSS ESN:BBEC,30CA,2DBE, CN=Microsoft
+                Time,Stamp Service
+            ValidFrom: '2018-08-23 20:20:02'
+            ValidTo: '2019-11-23 20:20:02'
+            Signature: 18296d831c69501fcc0fba56af62fea612d3e1df8e88026af0152c003451479cc1ed1574a00da10660272dc5dd446a18c647b100a47b4c65d0ab4004131aebb3c988b6937214ee9dc7c2e381988b8fe0582c47fa97c21c9b0f11e198b8449015b171f00cb487241b0e339902adfd55f0adbc38b374e77f6daa6e5868b6197ba2122f927de072de2aa467f3175f948d3c29dacac8c697f26e08d840876c6c919bc522b59cf1fb5ee1b23bd9047b02b3a9edd5b1ad4b3be3bf7dec5a093e5732f75c5389eb28c6f95f1bd1c81381e96725eaf4df641c32aed1e77a8fdcdaa360c4b39c6257c5c14c57dc1a380e165cc2f3bfffc9c9ce9d36907e2c74cafdd5f722
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 33000000f6380d9a86d05ca43b0000000000f6
+            Version: 3
+            TBS:
+                MD5: 3094214121c022fb9a5e410920d5eb96
+                SHA1: 388c68e81cfc19e838d5070ac4e6793b32bfd293
+                SHA256: 0fe53b3d3a84a2b9768554a34a64622ed13cd1b915bdacdc4955e12cc24b4da9
+                SHA384: 8bdb4ff21bcdd1436dc37b1e6c9c7fb32178462243304b51a6277b5291a9421dd65fb238c8711b1aef75b85375a92599
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Hardware Compatibility Publisher
+            ValidFrom: '2018-06-08 17:24:26'
+            ValidTo: '2019-05-29 17:24:26'
+            Signature: 507e1dabe5c8a200d7b848d718478b9b2278f88da52f23c4c297c0694d76611430bff53bbe64c2bf85fa5ed551cef1d014dcf7f38109ebb5d8474c628715d4c10dd49f303cbe25aaca38d589b581c1e9786abfb23e79aa332cca8ddeeae9958623887375b40836c23f972646b8b8eac96f0b3dcbc88d56062c54a14d1e7f52ed4eb9d6e0e876fab6029355c1c7f791c63ce9ecfe5d78ffb5ba3ffb21fa78edca381c8717d1c23d01c3f0aa36cb01434f68c981c5924f04089d731c26846e466255679fab67bdfc16ab0debbc2d17f9458dcf4176ac6d63e1bb673a2d7daec55618183ae25d420dc2f7874c295fd7a4afef5cf609247c7c50f75aba8f0195fe03
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 33000000317c61d46115ceba6a000100000031
+            Version: 3
+            TBS:
+                MD5: 9a2de17c0445f3e68c9315347b5805f8
+                SHA1: df228171e01e890d9b69a749887197af4a3f7602
+                SHA256: 4a7311ef8dd289fa50df104e89c167449e87034901503c7e9423ee9e90d5c528
+                SHA384: e3f444c0320389de66bee39dc64dfb13eb4903590060830cbebaf14d8c707b2eb1e6289c9c08e7f258e6dea4387d88eb
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Hardware Compatibility PCA
+            ValidFrom: '2012-06-04 21:05:46'
+            ValidTo: '2020-06-04 21:15:46'
+            Signature: 0ddf98999318a11f177ab1350fbf36a767f19aae9d2b6878f00df46be551e1a2006c7df64f549376a929c92d15cb1e84bfdedb53638c99f519ebc1e0c1316929f808feeb4098a1742a085e1db5f064b29e45d51ec082db948d6627c5c13d8cec31a94e2682c2e3a11d1f795957b5959e2bf15735f165ee532336fd7250472f564b110c033165e9d151e84cbb18166c479bf193ccad7afb4e0a5a7df5554673eebd9cc7e95616c5bdc1f4323698f67e624e5de547179ee8a2ef1a036f6b536790d8b798deb565279a2ef7d60698683e5725829050744c79f570a60ad5a2a42dca8663b4aa403a43ce41ed76053d509dbefe0af8be00a703439e7e30f82c43d04cd5e4e5ccfea8bc7e0d827c931a327b5f60db68d61592a9644fb73be812ed2e8191add55e535695cdeb5791e290e1a2c8a926252280385d048812e033225d8490263e4fdc36ab70425923a78d6aa13ac6f71d126f1110faf5cf3c3f18802621c55edac43561d9002b0cb0287ee37f2ac7159f7f09fee67f8701ed0f39d50e1b9dfeaf16116af301d0c01bde1439992300df9e47077d6293691cbdc4aaa6fcbac071fea8b8f3aec9034128334ac15358409b8b8371503d9fba3f2c884fc648b05b3908ed710ae26c7509ef1253d60fc19641209f4f88d0695992bcf2555e799086f929121acd378057c6d3c68b9b2b63378701a9ccba6e50c0c80c77cd0a53799e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 33000000382e50e86a989d957f000000000038
+            Version: 3
+            TBS:
+                MD5: cfa5fa49250320f7a3473a82877fabf3
+                SHA1: 6b3242a9a639b0da4d5882c7eeb402be6615ad0c
+                SHA256: 8e7c756d4597e8cca0f627d75647e2f9d5a693f1f263b193347066d214c1d4db
+                SHA384: 296a0f621330ac591c8c80bdd5e5bd19e9c01e8d267d02a3f3abc845088174d752c077907b99b128d389dc13ea69d009
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Time,Stamp PCA
+            ValidFrom: '2007-04-03 12:53:09'
+            ValidTo: '2021-04-03 13:03:09'
+            Signature: 10978ac35c034436dde9b4ad77dbce79514d01b12e74715b6d0c13abcebe7b8fb82ed412a28c6d62b85702cb4e20135099dd7a40e257bbaf589a1ce11d0186acbb78f28bd0ec3b01eee2be8f0a05c88d48e2f05315dd4fab92e4e78d6ad580c1e694f2062f8503e9912a242270fbf6fce478992e0df707e270bc184e9d8e6b0a7295b8a1399c672dc5510eea625c3f16988b203fe2071a32f9cc314a76313d2b720bc8ea703dff850a13dfc20a618ef0d7b817eb4e8b7fc5352b5ea3bfebbc7d0b427bd4537221ee30cabb78655c5b01170a140ed2da1498f53cb96658b32d2fe7f98586cc5156e89d70946cac394cd4f679bfaa187a6229efa29b293406771a62c93d1e6d1f82f00bc72cbbcf43b3e5f9ec7db5e3a4a87435b84ec571231226760b3c528c715a464314bcb3b3b04d67c89f42ff807921809e153066e842125e1ac89e2221d043e92be9bbf448cc2cd4d832804c262a48245f5aea56efa6de999dca3a6fbd8127740611ee7621bf9b82c12754b6b16a3d89a17661b46ea113a6bfaa47f0126ffd8a326cb2fedf51c88c23c966bd9d1d871264023d2daf598fb8e421e5b5b0ca63b4785405d4412e50ac94b0a578abb3a096751ad992871375222f32a8086ea05b8c25bfa0ef84ca21d6eb1e4fc99aee49e0f701656f890b7dc869c8e66eeaa797ce3129ff0ec55b5cd84d1ba1d8fa2f9e3f2e55166bc913a3fd
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 6116683400000000001c
+            Version: 3
+            TBS:
+                MD5: 335713f62536c68d0acc82df3dceb932
+                SHA1: 023cf1c5e99dc2f24133dae6937145bb481306e6
+                SHA256: 65d585d6bf2b0aa4f798b9af69be08c6f1c3d01a754f989768b722a145df5312
+                SHA384: f7dd00644994985c518f70c060386448dd0c3a13f5eff12a0dd31bf8333f24b781928d323acca27e04633e71a7f22e71
+        Signer:
+        -   SerialNumber: 33000000317c61d46115ceba6a000100000031
+            Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Hardware Compatibility PCA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: b304340f5a584624dcd7df388088259e
+        SHA1: 60b9485e04a7fd71335816953eeb57cabab0866d
+        SHA256: 7d5b2828aba79fcf1d98ba371f54c4ecb1fe7f56fdfad814e98a1074f3ec01bf
+    Sections:
+        .text:
+            Entropy: 6.192542500380886
+            Virtual Size: '0x22f0'
+        .rdata:
+            Entropy: 4.310862528548892
+            Virtual Size: '0xe3c'
+        .data:
+            Entropy: 2.0429884420387983
+            Virtual Size: '0x22c'
+        .pdata:
+            Entropy: 4.25522456360755
+            Virtual Size: '0x2e8'
+        PAGE:
+            Entropy: 6.2273427245942345
+            Virtual Size: '0x1a1b'
+        INIT:
+            Entropy: 5.211213219982408
+            Virtual Size: '0x818'
+        .rsrc:
+            Entropy: 3.282250655906871
+            Virtual Size: '0x380'
+        .reloc:
+            Entropy: 3.667481250360578
+            Virtual Size: '0x30'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2018-11-09 12:21:38'
+    Imphash: b8a35d469bc164d86ac7c64e93b0037b
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: procexp.Sys
+    MD5: 659a59d7e26b7730361244e12201378e
+    SHA1: c21510569fd84a5fe04508aa28e3cf9c8cc45b7a
+    SHA256: 77950e2a40ac0447ae7ee1ee3ef1242ce22796a157074e6f04e345b1956e143c
+    Authentihash:
+        MD5: 3798eddcccab7da4682f64997533d27d
+        SHA1: 0d753c1d21c4e6c6eb74d3436eb4c5f376cc7364
+        SHA256: a4859c5456d03f799de89d2f8cbb36b4518259a6c7c0bc909b1fd16f48363d5a
+    Description: '                '
+    Company: Sysinternals - www.sysinternals.com
+    InternalName: procexp.sys
+    OriginalFilename: procexp.Sys
+    FileVersion: '15.00'
+    Product: '                '
+    ProductVersion: '15.00'
+    Copyright: Copyright (C) Mark Russinovich 1996-2014
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - strncpy
+    - RtlInitUnicodeString
+    - RtlUnicodeStringToAnsiString
+    - RtlFreeAnsiString
+    - KeWaitForSingleObject
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - ExGetPreviousMode
+    - MmGetSystemRoutineAddress
+    - SeCaptureSubjectContext
+    - SeReleaseSubjectContext
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - ObReferenceObjectByHandle
+    - ObfDereferenceObject
+    - ZwClose
+    - MmIsAddressValid
+    - PsGetVersion
+    - ZwOpenProcess
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - SePrivilegeCheck
+    - PsLookupProcessByProcessId
+    - ObOpenObjectByPointer
+    - ObQueryNameString
+    - ZwQueryObject
+    - ZwDuplicateObject
+    - ZwOpenProcessToken
+    - ZwQueryInformationProcess
+    - ZwQuerySystemInformation
+    - ObCloseHandle
+    - ObOpenObjectByName
+    - __C_specific_handler
+    - IoFileObjectType
+    - PsProcessType
+    - PsThreadType
+    - RtlFreeUnicodeString
+    - IoCreateDevice
+    - ZwSetSecurityObject
+    - IoDeviceObjectType
+    - _snwprintf
+    - RtlLengthSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - RtlCreateSecurityDescriptor
+    - RtlSetDaclSecurityDescriptor
+    - RtlAbsoluteToSelfRelativeSD
+    - IoIsWdmVersionAvailable
+    - SeExports
+    - wcschr
+    - _wcsnicmp
+    - RtlLengthSid
+    - RtlAddAccessAllowedAce
+    - RtlGetSaclSecurityDescriptor
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - ZwOpenKey
+    - ZwCreateKey
+    - ZwQueryValueKey
+    - ZwSetValueKey
+    - KeBugCheckEx
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=WA, L=Redmond, O=Microsoft Corporation, OU=Microsoft
+                Ireland Operations Limited, OU=Thales TSS ESN:86DF,4BBC,9335, CN=Microsoft
+                Time,Stamp service
+            ValidFrom: '2018-08-23 20:20:28'
+            ValidTo: '2019-11-23 20:20:28'
+            Signature: 9d7642feb515917887e958cc8890ccc717f8b1b164f2248f2657c2dd3bc82767e8a80b860b39f6469c373f7db0e6bf50975f396197e28b8b47b1c36014316a5fecd78d4528fe00e0c5a92321319a4be66b2359c99f01a27514f95879324fc6c121d6958cade3c4e366f75ebd979c4ee701a63655ae846982f63439c44099f0a18de3b3d9ae023e8c5c49406c94c556a7dee459a92b543f395dde5cfe106e0540f7710430d130862c6693445d18efaac409f2cd7d319e21a12c5184e767993562b324ff9db371cce7a932d3be5ee3396cf1864a609bbe6ebcf8834cbb11c44729119a6a5abc5e3ef8947dcb0bc6b554217a3e39a079e4bd733dc46b77b8f39a3c
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 3300000109e219d6f9b8a4bebf000000000109
+            Version: 3
+            TBS:
+                MD5: 10a173441d459944d30bbcfc69f7521b
+                SHA1: 500cf2d67d9e3b7c31b2a65d4f121f7201cade0e
+                SHA256: 1994223eadaccd1eaf27c1a3e90dd6142a4ceb8f8fafe5109e2accbccc60e4ed
+                SHA384: 583cf1f7091b957856b816d69081d73f79f4fa08bfd49b6c40f09087c1a50823637b96b2c8f224b934e5234212ef8f53
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Hardware Compatibility Publisher
+            ValidFrom: '2019-04-18 18:42:23'
+            ValidTo: '2020-03-27 18:42:23'
+            Signature: 5844e21f86b9788f56cd1d77f3f69287bb20fca894e9fedbba22b6bc952403a6b4c2cd38d003bfdd0ceb0ddcc583331efcad8b4be9516204983e26aaa15594ebc7b5784a3999aa9096a0d877371281c61840e4e57a2f4e33bcb554e3b1c25bcc71215544be72d254435aa7f462028722def36cb7819d9d746296b42f1e2dc0c6176f722fdc51d3913e1afdd3052cc50e1dc3f8dac1aaec4fc9b739973db14c1f1f68b5516a406994297ba034347c781323447d7e6c87dd73db025cea27bba00321aa12287daee740fd07040f293ead6d5f61bc0304daeebc847d5f4da6e712d2868d64a710212080c97dd804c265b6a60b368cceab6e1a4c81ba8361233a0ab2
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 33000000387a14cce6619d8c51000200000038
+            Version: 3
+            TBS:
+                MD5: f9a6526d8f83e3d33d925ae95b752dca
+                SHA1: ad9f086d0642e3b5de60584c44123cf4603c4525
+                SHA256: 7bdb7967d328a3a1cb2d2c4c7399633203668f9a86a271b277a218b639ad12ee
+                SHA384: 0ae0176f351a8e4df75f1c72d2002b1682a1e4d1ccb069fb8b5bcb496ef016a6386e44428ebabe538eb2900b564e3f93
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Hardware Compatibility PCA
+            ValidFrom: '2018-09-20 17:42:01'
+            ValidTo: '2021-05-09 23:28:13'
+            Signature: db595516f66f18e1341f22519cd75bdebec9fe22cf0da8b0b3d16c1da9a402d786bc566b40ee0bbcf93519de693d54a7d10a23c02dbc67986c390faf808cbc4adb87290c6336e5faf85d8f8c233ef9922fb1843a48a325954aeac902617af61fee0538540f210e1e96e2d2fbd710c3d9dcdee31f05054f429bacbd15eea95a19817a77c5be146a41a7307858ced3207157603c07b83c83ca0f35f77a632f148aa6dc8e0f947a8aaf6ad8c8d7c4490526c7f4f6ad021edb776725fe7dfb894a56d92fd032d2197c0e4edb995316a84d28109a61707230317c47c98b01093a263ebe5bcc278ffd669fd49fe1f51ac913b6c3cf714b5fc34381ee4996d59981421916414f0a902e76bd3b0399e4851a6084716df77ce405fe55a53be6f3c95f067a3f46ef77f7ad48d211cac1b08ab7964cfa9e8fdd336d2a84750021c76bffdc3de28b8d81b65134c9bdf6379fedf06b028f3ec0b6f5a6bb72c6745953ef43d67808d0bf11b7fa1d0a74b18f5e3b21f2e940ade8d052a9e19e9eb3bffbe9f5e8439a09ee26abf6d3e9528a1ef984617b5c33cf0d8d6e9daac74135d14fc21e82668e5b9075d3235eb988eec5fcac9753af2e343e2a1c88a19dc94ec1f11ae245eef3a76beccb5bb13fa9f39d9b04ffd6342cbc040e29a161d212d5b6a50c10be6f6b9e681d4747ac7bd030d75c18d61ec0ad03e3cecfc668c49424c26fd4de1072
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610435f1000000000041
+            Version: 3
+            TBS:
+                MD5: 77dab20d8e23cd8e18633adca506cf6e
+                SHA1: c5506bee3c29254dc5b5a0e6e7a14046522708ef
+                SHA256: 611f1d188d7c39a400a01ee32e2c257be5082445ace6f59acd103a250cc2ec0f
+                SHA384: cf4c4b8360744f9c56803afb49175361c93fc4a95c77dbe0eebb2852a32c93ed9cc563495c0e1c9c32e4d58512f55b49
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Time,Stamp PCA
+            ValidFrom: '2007-04-03 12:53:09'
+            ValidTo: '2021-04-03 13:03:09'
+            Signature: 10978ac35c034436dde9b4ad77dbce79514d01b12e74715b6d0c13abcebe7b8fb82ed412a28c6d62b85702cb4e20135099dd7a40e257bbaf589a1ce11d0186acbb78f28bd0ec3b01eee2be8f0a05c88d48e2f05315dd4fab92e4e78d6ad580c1e694f2062f8503e9912a242270fbf6fce478992e0df707e270bc184e9d8e6b0a7295b8a1399c672dc5510eea625c3f16988b203fe2071a32f9cc314a76313d2b720bc8ea703dff850a13dfc20a618ef0d7b817eb4e8b7fc5352b5ea3bfebbc7d0b427bd4537221ee30cabb78655c5b01170a140ed2da1498f53cb96658b32d2fe7f98586cc5156e89d70946cac394cd4f679bfaa187a6229efa29b293406771a62c93d1e6d1f82f00bc72cbbcf43b3e5f9ec7db5e3a4a87435b84ec571231226760b3c528c715a464314bcb3b3b04d67c89f42ff807921809e153066e842125e1ac89e2221d043e92be9bbf448cc2cd4d832804c262a48245f5aea56efa6de999dca3a6fbd8127740611ee7621bf9b82c12754b6b16a3d89a17661b46ea113a6bfaa47f0126ffd8a326cb2fedf51c88c23c966bd9d1d871264023d2daf598fb8e421e5b5b0ca63b4785405d4412e50ac94b0a578abb3a096751ad992871375222f32a8086ea05b8c25bfa0ef84ca21d6eb1e4fc99aee49e0f701656f890b7dc869c8e66eeaa797ce3129ff0ec55b5cd84d1ba1d8fa2f9e3f2e55166bc913a3fd
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 6116683400000000001c
+            Version: 3
+            TBS:
+                MD5: 335713f62536c68d0acc82df3dceb932
+                SHA1: 023cf1c5e99dc2f24133dae6937145bb481306e6
+                SHA256: 65d585d6bf2b0aa4f798b9af69be08c6f1c3d01a754f989768b722a145df5312
+                SHA384: f7dd00644994985c518f70c060386448dd0c3a13f5eff12a0dd31bf8333f24b781928d323acca27e04633e71a7f22e71
+        Signer:
+        -   SerialNumber: 33000000387a14cce6619d8c51000200000038
+            Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Hardware Compatibility PCA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: dd10afd0600f2236361f48592587474c
+        SHA1: 0dbcc0d10e288b15aa0eda2aaffcd2a0edb7850b
+        SHA256: c834c4c8ac0c6f8457c4b833e5771b4f273ed815ab2d189a65c4afa9ca9e3975
+    Sections:
+        .text:
+            Entropy: 6.137423926314564
+            Virtual Size: '0x25a0'
+        .rdata:
+            Entropy: 4.319500105806409
+            Virtual Size: '0xf68'
+        .data:
+            Entropy: 2.0732868843388097
+            Virtual Size: '0x22c'
+        .pdata:
+            Entropy: 4.199286592950671
+            Virtual Size: '0x2f4'
+        PAGE:
+            Entropy: 6.228697679351415
+            Virtual Size: '0x1a1b'
+        INIT:
+            Entropy: 5.210944759781676
+            Virtual Size: '0x818'
+        .rsrc:
+            Entropy: 3.2450999660680178
+            Virtual Size: '0x380'
+        .reloc:
+            Entropy: 3.698934896284056
+            Virtual Size: '0x30'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2019-06-28 15:02:57'
+    Imphash: d122c1eaa50839be14c31876d0d4e0be
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: procexp.Sys
+    MD5: da6f7407c4656a2dbaf16a407aff1a38
+    SHA1: ed40c1f7da98634869b415530e250f4a665a8c48
+    SHA256: 7a48f92a9c2d95a72e18055cac28c1e7e6cad5f47aa735cbea5c3b82813ccfaf
+    Authentihash:
+        MD5: 4eae8421b149baa7d0ce15a86470cde2
+        SHA1: af5ff77f2106b31a8e433c3689b6a65628c2dfce
+        SHA256: 19d579e5a08bcb524405bdcbd2ea7247548af9f23ce64582a5be5ae3f184ad23
+    Description: Process Explorer
+    Company: Sysinternals - www.sysinternals.com
+    InternalName: procexp.sys
+    OriginalFilename: procexp.Sys
+    FileVersion: '16.41'
+    Product: Process Explorer
+    ProductVersion: '16.41'
+    Copyright: Copyright (C) Mark Russinovich 1996-2021
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - strncpy
+    - RtlInitUnicodeString
+    - RtlUnicodeStringToAnsiString
+    - RtlFreeAnsiString
+    - KeWaitForSingleObject
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - ExGetPreviousMode
+    - MmGetSystemRoutineAddress
+    - SeCaptureSubjectContext
+    - SeReleaseSubjectContext
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - ObReferenceObjectByHandle
+    - ObfDereferenceObject
+    - ZwClose
+    - MmIsAddressValid
+    - PsGetVersion
+    - ZwOpenProcess
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - SePrivilegeCheck
+    - PsLookupProcessByProcessId
+    - ObOpenObjectByPointer
+    - ObQueryNameString
+    - ZwQueryObject
+    - ZwDuplicateObject
+    - ZwOpenProcessToken
+    - ZwQueryInformationProcess
+    - ZwQuerySystemInformation
+    - ObCloseHandle
+    - ObOpenObjectByName
+    - __C_specific_handler
+    - IoFileObjectType
+    - PsProcessType
+    - PsThreadType
+    - RtlFreeUnicodeString
+    - IoCreateDevice
+    - ZwSetSecurityObject
+    - IoDeviceObjectType
+    - _snwprintf
+    - RtlLengthSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - RtlCreateSecurityDescriptor
+    - RtlSetDaclSecurityDescriptor
+    - RtlAbsoluteToSelfRelativeSD
+    - IoIsWdmVersionAvailable
+    - SeExports
+    - wcschr
+    - _wcsnicmp
+    - RtlLengthSid
+    - RtlAddAccessAllowedAce
+    - RtlGetSaclSecurityDescriptor
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - ZwOpenKey
+    - ZwCreateKey
+    - ZwQueryValueKey
+    - ZwSetValueKey
+    - KeBugCheckEx
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Hardware Compatibility Publisher
+            ValidFrom: '2020-12-15 22:15:30'
+            ValidTo: '2021-12-02 22:15:30'
+            Signature: 199acc6a8717c0db5b4b2312dccd8bb1e33ef492731fb8e1d60bd6f690de074b6d92293c8260012dcacc668a68f10e726a37d2ff7ee66b1eea424f56f104249bd6d7e7eba8c1745f4f1143bac7e648e48c1b2a1adf6954b5de1669df19c4be5633b791b7a3cba23641006fd58ac2d494a1d00dadbc3b3fe50a7ad0163cb386693824106b5dd9f9b8a579e45f5c5f8804832b8a773701e0ca31dee9a012fce5911492de93beea44a3822f7a83c448a484eeb937a4fa7f4067879b910e534c966d2650bd5c93f066656aa0f4c7c318161d4a8b367056df42af60a0aad0eb2de3bb47b96b948f2c849f330cfef599f1775bb6d41cf150decb40a83d5800727d977e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 33000000b20f9ad86794f322f60000000000b2
+            Version: 3
+            TBS:
+                MD5: b9dc0ff1a60c3aba24a78d505955bf39
+                SHA1: 15a5da2c8aa2955af75615009d249071f91fd252
+                SHA256: ba7853f855ba7bc325287c11f5f7b20e013716affad372440feb2c3cf02f0bc5
+                SHA384: 90f67f637874aca58284dde5bfa77d98616efd902d1a63f53bc30cd287d464e6706388ed317199236e0739642622f9c5
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2012
+            ValidFrom: '2012-04-18 23:48:38'
+            ValidTo: '2027-04-18 23:58:38'
+            Signature: 5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 610baac1000000000009
+            Version: 3
+            TBS:
+                MD5: a569061297e8e824767dbc3184a69bea
+                SHA1: adbb26a587a8f44b4fccaecb306f980d1c55a150
+                SHA256: cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46
+                SHA384: e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba
+        Signer:
+        -   SerialNumber: 33000000b20f9ad86794f322f60000000000b2
+            Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2012
+            Version: 1
+    RichPEHeaderHash:
+        MD5: bc95ff65f30c5f18added29541a58004
+        SHA1: 39d8ca8b59d6aabc2fd11a6fc0d2559dde8e6812
+        SHA256: 067c4b33292a48a07d12538a048b2c4e9919fff8dc21aad0acdb7ad87549082d
+    Sections:
+        .text:
+            Entropy: 6.135370257019049
+            Virtual Size: '0x25d0'
+        .rdata:
+            Entropy: 4.3113647252218925
+            Virtual Size: '0xf50'
+        .data:
+            Entropy: 2.0732868843388097
+            Virtual Size: '0x22c'
+        .pdata:
+            Entropy: 4.218239636932152
+            Virtual Size: '0x2f4'
+        PAGE:
+            Entropy: 6.227798908894738
+            Virtual Size: '0x1a1b'
+        INIT:
+            Entropy: 5.210944759781676
+            Virtual Size: '0x818'
+        .rsrc:
+            Entropy: 3.2986851505507833
+            Virtual Size: '0x380'
+        .reloc:
+            Entropy: 3.698934896284056
+            Virtual Size: '0x30'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2021-05-26 08:02:20'
+    Imphash: d122c1eaa50839be14c31876d0d4e0be
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: procexp.Sys
+    MD5: 6b3abe55c4d39e305a11b4d1091dfaac
+    SHA1: 1c537fd17836283364349475c6138e6667cf1164
+    SHA256: 86721ee8161096348ed3dbe1ccbf933ae004c315b1691745a8af4a0df9fed675
+    Authentihash:
+        MD5: 4b64921bd05ed4a30830f23facb43bde
+        SHA1: 3d9be989fbb447bbf7e4b081d9ee4d9b025476c3
+        SHA256: e2e351efd57c89bc0c7b9d4d440113304d0b8a4c88cdf0126442171aa50634d4
+    Description: Process Explorer
+    Company: Sysinternals - www.sysinternals.com
+    InternalName: procexp.sys
+    OriginalFilename: procexp.Sys
+    FileVersion: '11.40'
+    Product: Process Explorer
+    ProductVersion: '11.40'
+    Copyright: Copyright (C) M. Russinovich 1996-2010
+    MachineType: IA64
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - ExAllocatePoolWithTag
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - NtBuildNumber
+    - PsLookupProcessByProcessId
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - ExGetPreviousMode
+    - MmGetSystemRoutineAddress
+    - ZwQueryObject
+    - RtlUnicodeStringToAnsiString
+    - ZwQuerySystemInformation
+    - ZwOpenProcessToken
+    - SeReleaseSubjectContext
+    - KeDetachProcess
+    - ObQueryNameString
+    - strncpy
+    - SeCaptureSubjectContext
+    - NtClose
+    - ZwClose
+    - IofCompleteRequest
+    - ObReferenceObjectByHandle
+    - ZwDuplicateObject
+    - RtlFreeAnsiString
+    - KeRaiseIrql
+    - KeAttachProcess
+    - KeLowerIrql
+    - ZwOpenProcess
+    - ZwQueryInformationProcess
+    - IoCreateSymbolicLink
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - ObOpenObjectByPointer
+    - SePrivilegeCheck
+    - KeTickCount
+    - KeBugCheckEx
+    - IoCreateDevice
+    - ZwSetSecurityObject
+    - IoDeviceObjectType
+    - _snwprintf
+    - RtlLengthSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - RtlCreateSecurityDescriptor
+    - RtlSetDaclSecurityDescriptor
+    - RtlAbsoluteToSelfRelativeSD
+    - IoIsWdmVersionAvailable
+    - SeExports
+    - wcschr
+    - _wcsnicmp
+    - RtlLengthSid
+    - RtlAddAccessAllowedAce
+    - RtlGetSaclSecurityDescriptor
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - ZwOpenKey
+    - ZwCreateKey
+    - ZwQueryValueKey
+    - ZwSetValueKey
+    - RtlFreeUnicodeString
+    - __C_specific_handler
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=US, ST=Texas, L=Austin, O=Sysinternals, OU=Digital ID Class
+                3 , Microsoft Software Validation v2, OU=Headquarters, CN=Sysinternals
+            ValidFrom: '2007-03-05 00:00:00'
+            ValidTo: '2010-04-19 23:59:59'
+            Signature: a1ce9df2911dc8d72282d3c41cc94a5ec63e00dbdf60015908bc703678b1a68e25d1ec5780e425ffb68e3e1bb0ea62cc9ba43c0e262cfa5f6c552458696acb67422328df20215aa22e5e8d4417d8688fcb06c1de0fe431e6811596fb0dcbe8678fe69098653687b041ab4eefd3181964c0a5225fe0a1606ff4c12c3f57d7e620860dcd66a8b856438dfb87d10e50beea9e838964d2584811fa83287ef363e88e4fc5b8d09f2fb4feeb7fd7f2a77661cb75ed56a0d3b60fdeed43674757704753721df8c8801ee85e4818fafb012399b1d36a8e17b8e40cbaa0fd891b6d2e0515dbd4d743e42eea35a9b191bf26a850eff41a5aa6d95790329c8a21a88c11faba
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 7d2c89d309e57beef2d791bb8ed6a26f
+            Version: 3
+            TBS:
+                MD5: ae18dfd140f9414eadf1f611ec1b84b7
+                SHA1: 9aecb2568e995d5965e49acf3ff247bc3d1ab99c
+                SHA256: f14ce5fe5f508ced18d652e8211edb00c1c773899d03d18dec932df9c54f0a86
+                SHA384: c2a6c771b86b687befda12f6871e2f0d473317b4694f25ddc835d2f203953870f26ae9994822e53fcddaeb012f2b6740
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 7d2c89d309e57beef2d791bb8ed6a26f
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: d70cbc6a63dcac0a6b5a8131d93c00ad
+        SHA1: d3b960226f06fd1b9f08ce080b16d649416e75a3
+        SHA256: 90085a27428def469bdd2805cc61cde09cc3e95404d6f69ed6c328f0d0e97d9c
+    Sections:
+        .text:
+            Entropy: 5.424894741339865
+            Virtual Size: '0x5820'
+        .rdata:
+            Entropy: 3.7393867847659603
+            Virtual Size: '0xc88'
+        .pdata:
+            Entropy: 4.254704396602022
+            Virtual Size: '0x2f4'
+        .srdata:
+            Entropy: 1.5305882342388135
+            Virtual Size: '0x4c'
+        .sdata:
+            Entropy: 2.6750321646829582
+            Virtual Size: '0x234'
+        .data:
+            Entropy: 1.8211654677412543
+            Virtual Size: '0x1d0'
+        PAGE:
+            Entropy: 5.152497833077514
+            Virtual Size: '0x3fd0'
+        INIT:
+            Entropy: 5.205112242696482
+            Virtual Size: '0x834'
+        .rsrc:
+            Entropy: 3.2914310280393253
+            Virtual Size: '0x380'
+        .reloc:
+            Entropy: 1.4379095220400315
+            Virtual Size: '0x338'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2010-03-30 18:30:49'
+    Imphash: 421730c2b3fa3a7d78c2eda3da1be6a8
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: procexp.Sys
+    MD5: cec257dcac9e708cefb17f8984dd0a70
+    SHA1: da361c56c18ea98e1c442aac7c322ff20f64486b
+    SHA256: 88e2e6a705d3fb71b966d9fb46dc5a4b015548daf585fb54dfcd81dc0bd3ebdc
+    Authentihash:
+        MD5: df8e20e6fb1d2a22135e155763bf9588
+        SHA1: 1915e95974b6f75f4793e81b85e148ebdaa35515
+        SHA256: 0c2d8e8487de5e7749f9899f6fefa6e7d40b394479449b5027a895392af23349
+    Description: Process Explorer
+    Company: Sysinternals - www.sysinternals.com
+    InternalName: procexp.sys
+    OriginalFilename: procexp.Sys
+    FileVersion: '15.00'
+    Product: Process Explorer
+    ProductVersion: '15.00'
+    Copyright: Copyright (C) Mark Russinovich 1996-2014
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - strncpy
+    - RtlInitUnicodeString
+    - RtlUnicodeStringToAnsiString
+    - RtlFreeAnsiString
+    - KeWaitForSingleObject
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - ExGetPreviousMode
+    - MmGetSystemRoutineAddress
+    - SeCaptureSubjectContext
+    - SeReleaseSubjectContext
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - ObReferenceObjectByHandle
+    - ObfDereferenceObject
+    - ZwClose
+    - MmIsAddressValid
+    - ZwOpenProcess
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - SePrivilegeCheck
+    - PsLookupProcessByProcessId
+    - ObOpenObjectByPointer
+    - ObQueryNameString
+    - ZwQueryObject
+    - ZwDuplicateObject
+    - ZwOpenProcessToken
+    - ZwQueryInformationProcess
+    - ZwQuerySystemInformation
+    - ObCloseHandle
+    - ObOpenObjectByName
+    - __C_specific_handler
+    - IoFileObjectType
+    - PsProcessType
+    - PsThreadType
+    - NtBuildNumber
+    - IoCreateDevice
+    - ZwSetSecurityObject
+    - IoDeviceObjectType
+    - _snwprintf
+    - RtlLengthSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - RtlCreateSecurityDescriptor
+    - RtlSetDaclSecurityDescriptor
+    - RtlAbsoluteToSelfRelativeSD
+    - IoIsWdmVersionAvailable
+    - SeExports
+    - wcschr
+    - _wcsnicmp
+    - RtlLengthSid
+    - RtlAddAccessAllowedAce
+    - RtlGetSaclSecurityDescriptor
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - ZwOpenKey
+    - ZwCreateKey
+    - ZwQueryValueKey
+    - ZwSetValueKey
+    - RtlFreeUnicodeString
+    - KeBugCheckEx
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR,
+                OU=nCipher DSE ESN:148C,C4B9,2066, CN=Microsoft Time,Stamp Service
+            ValidFrom: '2016-09-07 17:58:56'
+            ValidTo: '2018-09-07 17:58:56'
+            Signature: 96812d8a1bf7a71c8efb5c46a525ff9d7e890e935f85a824261bfa37f7b0cb6040b77890b3e9081ff67fcbae65e3dff7049d8c2bb648f16dd4fc7abc9cac5e4d81eeb45e611dc0f06d12b2852ffe709d163a7776daf7966db190c536c2fe4ec7804ee097fed2f4fdfacdcf6cb9cf64afc68d427589d5921b4b0aa5782aee6a52c3d495ee32238dd3346eea41776c4b08a7e87318d88abe546095a20bc0b491bfffe85f3f24bfe7d46af54f2ee665d8858d6e050442314d4debd049c0aad3affced1c0292ee0bd015d69162c651a0411aa503fc5140b2daba2de3e6a18a7897a28d84b34498136392f6d486dbb95e9aac8ad98692642f4e7d42880a0458239a22
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 33000000cccbb813eb5d722d450000000000cc
+            Version: 3
+            TBS:
+                MD5: b23d5388c0fa7b32ff0a91fccb5cce6d
+                SHA1: ab5d6cc2d03e34f4fe2e51fa524401d5806f9a9f
+                SHA256: a072644961dcfa16259c4aac9cb7faf1431c48b41f616551827dd3f41a849976
+                SHA384: a723c261b9b6c6bd3d706d37e6a3e22c3e2b60b012d4358cf41d5df21c7759e89fa165cf120dfb84b8f65e8ab45b0afa
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR,
+                CN=Microsoft Windows Hardware Compatibility Publisher
+            ValidFrom: '2016-10-12 20:32:53'
+            ValidTo: '2018-01-05 20:32:53'
+            Signature: 9fcff5d0683abc4c8daea4cc93841a3b037f2512114b780e6d1d0baf20ca63f15baf12e15392d0952d7ad3d6e270182085d8dd2a78af8a585f557506c975546138a087c58dcac5b9e5879a21dcaf4f026b9a97dc57c5b8a7e85f57861dedf618421b036a4b332cd12a4f6e2aba0aa1ff5249e9d93d7669d13eba761d5dddd495b86ac46eac38f724f525060c90079045e305a8ee0ccb626e4cd6722decd56f824d6e36eca2016fcbccf5479e9df7b3b123f6d1aa429d73808cf59f65b75e7f2da16f7d5c81b05430dc587c008f3fbf5afc42c99cf40b7f2ea7b27a314c22cb33eb2ebadfe904b7b6ea40f57eee80cc058229a617e31dead3909aad73885d21e7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 33000000244d59538809906ea7000100000024
+            Version: 3
+            TBS:
+                MD5: 16a85b0d3a49b45acb03c9165240f78a
+                SHA1: d21820acd2d9a023556d949773b2177b63552ea3
+                SHA256: 0c0eaf6cf17b0b0a74d5a8f6286ec93e43001ee82f2481278e009c57366c63d5
+                SHA384: 8fa38bd1192722d0e4a7afae30214255bac446feade34a716d90d4567bc0875613b7a3d53292194f644e2ad2c1c14962
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Hardware Compatibility PCA
+            ValidFrom: '2012-06-04 21:05:46'
+            ValidTo: '2020-06-04 21:15:46'
+            Signature: 0ddf98999318a11f177ab1350fbf36a767f19aae9d2b6878f00df46be551e1a2006c7df64f549376a929c92d15cb1e84bfdedb53638c99f519ebc1e0c1316929f808feeb4098a1742a085e1db5f064b29e45d51ec082db948d6627c5c13d8cec31a94e2682c2e3a11d1f795957b5959e2bf15735f165ee532336fd7250472f564b110c033165e9d151e84cbb18166c479bf193ccad7afb4e0a5a7df5554673eebd9cc7e95616c5bdc1f4323698f67e624e5de547179ee8a2ef1a036f6b536790d8b798deb565279a2ef7d60698683e5725829050744c79f570a60ad5a2a42dca8663b4aa403a43ce41ed76053d509dbefe0af8be00a703439e7e30f82c43d04cd5e4e5ccfea8bc7e0d827c931a327b5f60db68d61592a9644fb73be812ed2e8191add55e535695cdeb5791e290e1a2c8a926252280385d048812e033225d8490263e4fdc36ab70425923a78d6aa13ac6f71d126f1110faf5cf3c3f18802621c55edac43561d9002b0cb0287ee37f2ac7159f7f09fee67f8701ed0f39d50e1b9dfeaf16116af301d0c01bde1439992300df9e47077d6293691cbdc4aaa6fcbac071fea8b8f3aec9034128334ac15358409b8b8371503d9fba3f2c884fc648b05b3908ed710ae26c7509ef1253d60fc19641209f4f88d0695992bcf2555e799086f929121acd378057c6d3c68b9b2b63378701a9ccba6e50c0c80c77cd0a53799e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 33000000382e50e86a989d957f000000000038
+            Version: 3
+            TBS:
+                MD5: cfa5fa49250320f7a3473a82877fabf3
+                SHA1: 6b3242a9a639b0da4d5882c7eeb402be6615ad0c
+                SHA256: 8e7c756d4597e8cca0f627d75647e2f9d5a693f1f263b193347066d214c1d4db
+                SHA384: 296a0f621330ac591c8c80bdd5e5bd19e9c01e8d267d02a3f3abc845088174d752c077907b99b128d389dc13ea69d009
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Time,Stamp PCA
+            ValidFrom: '2007-04-03 12:53:09'
+            ValidTo: '2021-04-03 13:03:09'
+            Signature: 10978ac35c034436dde9b4ad77dbce79514d01b12e74715b6d0c13abcebe7b8fb82ed412a28c6d62b85702cb4e20135099dd7a40e257bbaf589a1ce11d0186acbb78f28bd0ec3b01eee2be8f0a05c88d48e2f05315dd4fab92e4e78d6ad580c1e694f2062f8503e9912a242270fbf6fce478992e0df707e270bc184e9d8e6b0a7295b8a1399c672dc5510eea625c3f16988b203fe2071a32f9cc314a76313d2b720bc8ea703dff850a13dfc20a618ef0d7b817eb4e8b7fc5352b5ea3bfebbc7d0b427bd4537221ee30cabb78655c5b01170a140ed2da1498f53cb96658b32d2fe7f98586cc5156e89d70946cac394cd4f679bfaa187a6229efa29b293406771a62c93d1e6d1f82f00bc72cbbcf43b3e5f9ec7db5e3a4a87435b84ec571231226760b3c528c715a464314bcb3b3b04d67c89f42ff807921809e153066e842125e1ac89e2221d043e92be9bbf448cc2cd4d832804c262a48245f5aea56efa6de999dca3a6fbd8127740611ee7621bf9b82c12754b6b16a3d89a17661b46ea113a6bfaa47f0126ffd8a326cb2fedf51c88c23c966bd9d1d871264023d2daf598fb8e421e5b5b0ca63b4785405d4412e50ac94b0a578abb3a096751ad992871375222f32a8086ea05b8c25bfa0ef84ca21d6eb1e4fc99aee49e0f701656f890b7dc869c8e66eeaa797ce3129ff0ec55b5cd84d1ba1d8fa2f9e3f2e55166bc913a3fd
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 6116683400000000001c
+            Version: 3
+            TBS:
+                MD5: 335713f62536c68d0acc82df3dceb932
+                SHA1: 023cf1c5e99dc2f24133dae6937145bb481306e6
+                SHA256: 65d585d6bf2b0aa4f798b9af69be08c6f1c3d01a754f989768b722a145df5312
+                SHA384: f7dd00644994985c518f70c060386448dd0c3a13f5eff12a0dd31bf8333f24b781928d323acca27e04633e71a7f22e71
+        Signer:
+        -   SerialNumber: 33000000244d59538809906ea7000100000024
+            Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Hardware Compatibility PCA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: a052ed4e5d10c66e3e667a42fcdcc54a
+        SHA1: 04b9d41ef58b5aaaca72f0ce222a8adfbe8ad251
+        SHA256: c254feaf8c3e788a6ec9d41de0d7bad054f4347a8347d6806840cd1d9030ed4a
+    Sections:
+        .text:
+            Entropy: 6.200851507972058
+            Virtual Size: '0x23d0'
+        .rdata:
+            Entropy: 4.415170315972782
+            Virtual Size: '0xbd0'
+        .data:
+            Entropy: 2.0677508162604177
+            Virtual Size: '0x22c'
+        .pdata:
+            Entropy: 4.194795401903142
+            Virtual Size: '0x2e8'
+        PAGE:
+            Entropy: 6.2255173792372
+            Virtual Size: '0x1a1b'
+        INIT:
+            Entropy: 5.215673013101648
+            Virtual Size: '0x818'
+        .rsrc:
+            Entropy: 3.282250655906871
+            Virtual Size: '0x380'
+        .reloc:
+            Entropy: 2.855388542207534
+            Virtual Size: '0x18'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2017-04-30 17:23:14'
+    Imphash: 4792bcb395d06f9efb72e8020c4af5e6
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: procexp.Sys
+    MD5: bf74d0706f5ab9c34067192260f4efb0
+    SHA1: 6b090c558b877b6abb0d1051610cadbc6335ecbb
+    SHA256: 89b9823ed974a5b71de8468324d45b7e9d6dc914f93615ba86c6209b25b3cbf7
+    Authentihash:
+        MD5: c292f0024a454f42fba117b3505b12e9
+        SHA1: d9ebe7ff8318eeece457fc72bec2b582d3350b61
+        SHA256: f0fb06748758082263e252050904f2fd8a29a77ae71dfdb390346bd2046ebfd4
+    Description: Process Explorer
+    Company: Sysinternals - www.sysinternals.com
+    InternalName: procexp.sys
+    OriginalFilename: procexp.Sys
+    FileVersion: '15.00'
+    Product: Process Explorer
+    ProductVersion: '15.00'
+    Copyright: Copyright (C) Mark Russinovich 1996-2014
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - strncpy
+    - RtlInitUnicodeString
+    - RtlUnicodeStringToAnsiString
+    - RtlFreeAnsiString
+    - KeWaitForSingleObject
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - ExGetPreviousMode
+    - MmGetSystemRoutineAddress
+    - SeCaptureSubjectContext
+    - SeReleaseSubjectContext
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - ObReferenceObjectByHandle
+    - ObfDereferenceObject
+    - ZwClose
+    - MmIsAddressValid
+    - ZwOpenProcess
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - SePrivilegeCheck
+    - PsLookupProcessByProcessId
+    - ObOpenObjectByPointer
+    - ObQueryNameString
+    - ZwQueryObject
+    - ZwDuplicateObject
+    - ZwOpenProcessToken
+    - ZwQueryInformationProcess
+    - ZwQuerySystemInformation
+    - ObCloseHandle
+    - ObOpenObjectByName
+    - __C_specific_handler
+    - IoFileObjectType
+    - PsProcessType
+    - PsThreadType
+    - NtBuildNumber
+    - IoCreateDevice
+    - ZwSetSecurityObject
+    - IoDeviceObjectType
+    - _snwprintf
+    - RtlLengthSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - RtlCreateSecurityDescriptor
+    - RtlSetDaclSecurityDescriptor
+    - RtlAbsoluteToSelfRelativeSD
+    - IoIsWdmVersionAvailable
+    - SeExports
+    - wcschr
+    - _wcsnicmp
+    - RtlLengthSid
+    - RtlAddAccessAllowedAce
+    - RtlGetSaclSecurityDescriptor
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - ZwOpenKey
+    - ZwCreateKey
+    - ZwQueryValueKey
+    - ZwSetValueKey
+    - RtlFreeUnicodeString
+    - KeBugCheckEx
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Sysinternals, OU=Digital ID
+                Class 3 , Microsoft Software Validation v2, CN=Sysinternals
+            ValidFrom: '2013-04-06 00:00:00'
+            ValidTo: '2016-05-05 23:59:59'
+            Signature: dcae28e748027154f884826e2ddb877a410d735e07184d1777b9fe78bb3458d7b9cb6be5a892e1f6f16f040f4c143bb40dee252c632d495822bf8eef37429257332efd651b27023dba183f9824886a3602f3a0b3d78addfc85e235da619e504d300242eb19dc85c34d170a78d849372b6fb7de286fe6ed87c62f45d8e7ddf4840c009fadfbb0cf4268f0d476113f2f970d04be95e41665f20166a156b5a407c62f7e7b3d7b2acce45a615af50c85631dadab3088137df317645ef6c901b313a02abe7cf128aff2a16dfebb8e1dc4d39b5919e9433955fc3f2ba065833b573ef8e346f1505e613d5cee2efc71d7b5477a80dcc32ae5acb580370ddfa9dda309f2
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1efd983a49d3f152ac9cd2941b8a0edd
+            Version: 3
+            TBS:
+                MD5: 1b7ca026e68405de56477b5b7bb3a0a5
+                SHA1: b2a1bd13d8833154f02e51e25c9f023d54a27d21
+                SHA256: 2018b8e7ea18c392558dcd375742cc792648ec23e5eb07d7987c27c76f4c62c0
+                SHA384: a8ccad9eeb4974ba9504241c685e7e1dd85e0de420c0ae077f8f3e92b3ab7c9a1653b3d0d535250a741bb7e36ec2f06a
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 1efd983a49d3f152ac9cd2941b8a0edd
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: aff0aa7b20b4b7a5a981901f3d77237c
+        SHA1: 263eefe8940d88cce62ddce6fba55eacf2b36ab8
+        SHA256: 205571b9130bfcc537bcf92e2898431e4afb0dfeabff2c2079146702745ea250
+    Sections:
+        .text:
+            Entropy: 6.194112925534596
+            Virtual Size: '0x2370'
+        .rdata:
+            Entropy: 4.434868128160928
+            Virtual Size: '0xb78'
+        .data:
+            Entropy: 2.0654743843388097
+            Virtual Size: '0x224'
+        .pdata:
+            Entropy: 4.238556641699438
+            Virtual Size: '0x2e8'
+        PAGE:
+            Entropy: 6.226087739371598
+            Virtual Size: '0x1a1b'
+        INIT:
+            Entropy: 5.215673013101648
+            Virtual Size: '0x818'
+        .rsrc:
+            Entropy: 3.282250655906871
+            Virtual Size: '0x380'
+        .reloc:
+            Entropy: 2.855388542207534
+            Virtual Size: '0x18'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2014-07-08 00:28:27'
+    Imphash: 4792bcb395d06f9efb72e8020c4af5e6
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: procexp.Sys
+    MD5: 92927c47d6ff139c9b19674c9d0088f6
+    SHA1: a98734cd388f5b4b3caca5ce61cb03b05a8ad570
+    SHA256: 98a123b314cba2de65f899cdbfa386532f178333389e0f0fbd544aff85be02eb
+    Authentihash:
+        MD5: 26f48296b5ef64120e55008690060a6e
+        SHA1: 8d59ed924e8c76b0ab8b7ee653510f43062eaa3e
+        SHA256: cd1beb64cd67169d57ca4dbc602a94f74891962221bb49c09abf3339ce35bc90
+    Description: Process Explorer
+    Company: Sysinternals - www.sysinternals.com
+    InternalName: procexp.sys
+    OriginalFilename: procexp.Sys
+    FileVersion: '16.42'
+    Product: Process Explorer
+    ProductVersion: '16.42'
+    Copyright: Copyright (C) Mark Russinovich 1996-2021
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - strncpy
+    - RtlInitUnicodeString
+    - RtlUnicodeStringToAnsiString
+    - RtlFreeAnsiString
+    - KeWaitForSingleObject
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - ExGetPreviousMode
+    - MmGetSystemRoutineAddress
+    - SeCaptureSubjectContext
+    - SeReleaseSubjectContext
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - ObReferenceObjectByHandle
+    - ObfDereferenceObject
+    - ZwClose
+    - MmIsAddressValid
+    - PsGetVersion
+    - ZwOpenProcess
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - SePrivilegeCheck
+    - PsLookupProcessByProcessId
+    - ObOpenObjectByPointer
+    - ObQueryNameString
+    - ZwQueryObject
+    - ZwDuplicateObject
+    - ZwOpenProcessToken
+    - ZwQueryInformationProcess
+    - ZwQuerySystemInformation
+    - ObCloseHandle
+    - ObOpenObjectByName
+    - __C_specific_handler
+    - IoFileObjectType
+    - PsProcessType
+    - PsThreadType
+    - RtlFreeUnicodeString
+    - IoCreateDevice
+    - ZwSetSecurityObject
+    - IoDeviceObjectType
+    - _snwprintf
+    - RtlLengthSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - RtlCreateSecurityDescriptor
+    - RtlSetDaclSecurityDescriptor
+    - RtlAbsoluteToSelfRelativeSD
+    - IoIsWdmVersionAvailable
+    - SeExports
+    - wcschr
+    - _wcsnicmp
+    - RtlLengthSid
+    - RtlAddAccessAllowedAce
+    - RtlGetSaclSecurityDescriptor
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - ZwOpenKey
+    - ZwCreateKey
+    - ZwQueryValueKey
+    - ZwSetValueKey
+    - KeBugCheckEx
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Hardware Compatibility Publisher
+            ValidFrom: '2020-12-15 22:15:30'
+            ValidTo: '2021-12-02 22:15:30'
+            Signature: 199acc6a8717c0db5b4b2312dccd8bb1e33ef492731fb8e1d60bd6f690de074b6d92293c8260012dcacc668a68f10e726a37d2ff7ee66b1eea424f56f104249bd6d7e7eba8c1745f4f1143bac7e648e48c1b2a1adf6954b5de1669df19c4be5633b791b7a3cba23641006fd58ac2d494a1d00dadbc3b3fe50a7ad0163cb386693824106b5dd9f9b8a579e45f5c5f8804832b8a773701e0ca31dee9a012fce5911492de93beea44a3822f7a83c448a484eeb937a4fa7f4067879b910e534c966d2650bd5c93f066656aa0f4c7c318161d4a8b367056df42af60a0aad0eb2de3bb47b96b948f2c849f330cfef599f1775bb6d41cf150decb40a83d5800727d977e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 33000000b20f9ad86794f322f60000000000b2
+            Version: 3
+            TBS:
+                MD5: b9dc0ff1a60c3aba24a78d505955bf39
+                SHA1: 15a5da2c8aa2955af75615009d249071f91fd252
+                SHA256: ba7853f855ba7bc325287c11f5f7b20e013716affad372440feb2c3cf02f0bc5
+                SHA384: 90f67f637874aca58284dde5bfa77d98616efd902d1a63f53bc30cd287d464e6706388ed317199236e0739642622f9c5
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2012
+            ValidFrom: '2012-04-18 23:48:38'
+            ValidTo: '2027-04-18 23:58:38'
+            Signature: 5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 610baac1000000000009
+            Version: 3
+            TBS:
+                MD5: a569061297e8e824767dbc3184a69bea
+                SHA1: adbb26a587a8f44b4fccaecb306f980d1c55a150
+                SHA256: cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46
+                SHA384: e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba
+        Signer:
+        -   SerialNumber: 33000000b20f9ad86794f322f60000000000b2
+            Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2012
+            Version: 1
+    RichPEHeaderHash:
+        MD5: bc95ff65f30c5f18added29541a58004
+        SHA1: 39d8ca8b59d6aabc2fd11a6fc0d2559dde8e6812
+        SHA256: 067c4b33292a48a07d12538a048b2c4e9919fff8dc21aad0acdb7ad87549082d
+    Sections:
+        .text:
+            Entropy: 6.135370257019049
+            Virtual Size: '0x25d0'
+        .rdata:
+            Entropy: 4.30999546354495
+            Virtual Size: '0xf50'
+        .data:
+            Entropy: 2.0732868843388097
+            Virtual Size: '0x22c'
+        .pdata:
+            Entropy: 4.218239636932152
+            Virtual Size: '0x2f4'
+        PAGE:
+            Entropy: 6.227798908894738
+            Virtual Size: '0x1a1b'
+        INIT:
+            Entropy: 5.210944759781676
+            Virtual Size: '0x818'
+        .rsrc:
+            Entropy: 3.3048344530109697
+            Virtual Size: '0x380'
+        .reloc:
+            Entropy: 3.698934896284056
+            Virtual Size: '0x30'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2021-06-01 08:24:37'
+    Imphash: d122c1eaa50839be14c31876d0d4e0be
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: procexp.Sys
+    MD5: 2e219df70fccb79351f0452cba86623e
+    SHA1: 2740cd167a9ccb81c8e8719ce0d2ae31babc631c
+    SHA256: 9d5ebd0f4585ec20a5fe3c5276df13ece5a2645d3d6f70cedcda979bd1248fc2
+    Authentihash:
+        MD5: 0f461053add90ebe0bac9e8be9d9a8e5
+        SHA1: 5b27248685b909d5ae4c8ec77e2d3dcb02d6cc4b
+        SHA256: cddd341f267a6094f7bd7d1b56427ebc029ccb348e7f0714d9301c2c67fdd5df
+    Description: Process Explorer
+    Company: Sysinternals - www.sysinternals.com
+    InternalName: procexp.sys
+    OriginalFilename: procexp.Sys
+    FileVersion: '15.00'
+    Product: Process Explorer
+    ProductVersion: '15.00'
+    Copyright: Copyright (C) Mark Russinovich 1996-2014
+    MachineType: I386
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - RtlUnicodeStringToAnsiString
+    - RtlFreeAnsiString
+    - KeWaitForSingleObject
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - ExGetPreviousMode
+    - MmGetSystemRoutineAddress
+    - SeCaptureSubjectContext
+    - SeReleaseSubjectContext
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - ObReferenceObjectByHandle
+    - ObfDereferenceObject
+    - ZwClose
+    - MmIsAddressValid
+    - ZwOpenProcess
+    - RtlInitUnicodeString
+    - KeUnstackDetachProcess
+    - SePrivilegeCheck
+    - PsLookupProcessByProcessId
+    - ObOpenObjectByPointer
+    - ObQueryNameString
+    - ZwQueryObject
+    - ZwDuplicateObject
+    - ZwOpenProcessToken
+    - ZwQueryInformationProcess
+    - ZwQuerySystemInformation
+    - ObCloseHandle
+    - ObOpenObjectByName
+    - memcpy
+    - memset
+    - IoFileObjectType
+    - PsProcessType
+    - PsThreadType
+    - NtBuildNumber
+    - strncpy
+    - KeStackAttachProcess
+    - memmove
+    - ZwSetSecurityObject
+    - IoDeviceObjectType
+    - IoCreateDevice
+    - RtlUnwind
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetSaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - _snwprintf
+    - RtlLengthSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - SeExports
+    - IoIsWdmVersionAvailable
+    - _wcsnicmp
+    - RtlAddAccessAllowedAce
+    - RtlLengthSid
+    - wcschr
+    - RtlAbsoluteToSelfRelativeSD
+    - RtlSetDaclSecurityDescriptor
+    - RtlCreateSecurityDescriptor
+    - ZwOpenKey
+    - ZwCreateKey
+    - ZwQueryValueKey
+    - ZwSetValueKey
+    - RtlFreeUnicodeString
+    - KeTickCount
+    - KeBugCheckEx
+    - KfLowerIrql
+    - KfRaiseIrql
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Test PCA
+            ValidFrom: '2010-05-10 07:00:00'
+            ValidTo: '2020-12-29 07:00:00'
+            Signature: a5e89be29a34018c5eb99e6500101e7bde49d04c42f76ece04cacdaaac0de80f586b1ba7bbc841d892fe7477ab3c28f2a507ca45c4e65cfe487d0add256644c366d8f417666a7f11e622a8c31b09663524d9da9f092f3576291e00a4186ae9c857d0af477baa74d02fa3bbbb1f13e37dcd2855295be421278d806e2d597c72ff42aab3fef101b0bfd34d94e14a54f1394a541d08ee74119115dc5079db43cd1cad7ca84c57f843f68ef6f75e1d917e0ddbb1b6724be9a53df535c8cb77f59eb4
+            SignatureAlgorithmOID: 1.3.14.3.2.29
+            IsCertificateAuthority: true
+            SerialNumber: 6a0b994fc0004aab11df8adce1e027aa
+            Version: 3
+            TBS:
+                MD5: 8ee8b5683b30c385e8f50ba39c817ecf
+                SHA1: 0bead658f967af350cfce561ac851470f0bea7a7
+                SHA256: 09763f5805c8295309022c7ef0dab73421a992d49902824b93a2a39f639c1ae7
+                SHA384: 8e30b9dbbecb0eb13a70166c2db49365467daca2b4c5a323bd675dcdaff232b9c92f93d45da62ea403524a4220e2aa0f
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: DC=com, DC=microsoft, DC=corp, DC=redmond, CN=MSIT Test CodeSign
+                CA 2
+            ValidFrom: '2014-01-03 23:17:17'
+            ValidTo: '2018-01-03 23:17:17'
+            Signature: 600ff8df535a796bbfced445b646d9269fe514eabe10b53277af5085fa3e5e54e21e649f474d88898b7a3dc3256b7397224f7055466bc237465c153b87ee9529e08a3f0d2076719b25f9b3bb421b3ba628448696e986ee3a204078c0c2652735080ef7577a6b3e47a09174e5e863929dac616d67a63f6741a99f7ad7647a3ce18fb9541cb3b79b96ac18e68af065442cad6915e597b2758f33957345c682658eefc1da2f56580b15630e4e0dbeeadbe57bffb975fdbedcde81ed18bc34562ab05d52f9005126dd43a5a5ea46b0a6ec62d3a040c0f804650cabb2f8fd55e7cb7108172f71fee99a648a869fb1d73e9fc2700a6efad07bad0aa21be22e8ea8914e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 3300000021dd626c1271c15d6f000100000021
+            Version: 3
+            TBS:
+                MD5: af75bafa171badc569c547f8cb748b04
+                SHA1: ca9e1727c61692a1894e9f78f646a34f1a4046c1
+                SHA256: 6f3fc63b80ab900fb038ca2bff158a031615bf33c8e4a069e309e7985b30f9ca
+                SHA384: 264a82fc20cf73d863651570f7d2b0aaf0765c92953ea47eb6fc85f7d4c7a6e2a146c0e654611d33ad273474d5167a40
+        -   Subject: CN=Mark Russinovich
+            ValidFrom: '2015-06-30 15:50:49'
+            ValidTo: '2016-06-29 15:50:49'
+            Signature: a5e48ed2bb14b9940826f88cb72b09bf1cd99dcf8f9816164bb14db8dc7805b2b1aa0e197e3dbc2ca73d591759a93077ea140b9d62d80e29b1d3bfdd9cbe8055064139c70256c5d4ca4f7a23671a00a94963ed2fccf1a618391343b96cabe8c075be2b6ffa0dc0f1ffc2d832185f3010fd555d1d8a7ec669dd872eb8856624f480a3ed5ad27ddcf485fe761ecea5f90754d956f07132ac9e68e78c84f875fe72790c6581a6e22d1d0ab22f637b87668d930f664299dbf1ca09d65647521fff791d3ca79fe2dc01c8d97d41a8332bc383eac81578243ebde8c9ff1f6a87bea0b1eeda190920d020e775b6216d04cb9dcbdcd299745e5fbcb91d919a7d41d61125
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 77005ec5ff32646dcbf76aac900003005ec5ff
+            Version: 3
+            TBS:
+                MD5: d47b1f71468f38d938a59072612c5a81
+                SHA1: f029c7017324e858115d76088dd21ab0106145d2
+                SHA256: 400790acf2a3847c7021865e7213b25eec9b9354cf5ec47ec1d3cadf2e8be539
+                SHA384: 26fdffba51f8b2620f44d1f199e5a3c6a81744d4b4c4116eee67edbca74ef6002cddd7bc5aec674fed74d84b72a1b166
+        Signer:
+        -   SerialNumber: 77005ec5ff32646dcbf76aac900003005ec5ff
+            Issuer: DC=com, DC=microsoft, DC=corp, DC=redmond, CN=MSIT Test CodeSign
+                CA 2
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 2730904f5b7710d90214612e812b40e7
+        SHA1: 816b6dc12f26d2e229f388b1b6332983f6f84435
+        SHA256: a9105aa56ee389cdb89ef2b3cf9ddbf176c8d60493879497875b6db003a3ebbc
+    Sections:
+        .text:
+            Entropy: 6.177002526293282
+            Virtual Size: '0x1e60'
+        .rdata:
+            Entropy: 3.750710913663099
+            Virtual Size: '0x68c'
+        .data:
+            Entropy: 2.0959485813397767
+            Virtual Size: '0x1c0'
+        PAGE:
+            Entropy: 6.234132326978529
+            Virtual Size: '0x1364'
+        INIT:
+            Entropy: 5.405593329483538
+            Virtual Size: '0x758'
+        .rsrc:
+            Entropy: 3.2786288785655353
+            Virtual Size: '0x380'
+        .reloc:
+            Entropy: 6.4689942009857395
+            Virtual Size: '0x360'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2015-12-05 14:43:50'
+    Imphash: 3c9af2347198d96c8ab5b189b4e3db37
+    LoadsDespiteHVCI: 'TRUE'
+-   Filename: procexp.Sys
+    MD5: 0ef05030abd55ba6b02faa2c0970f67f
+    SHA1: f6d826d73bf819dbc9a058f2b55c88d6d4b634e3
+    SHA256: bced04bdefad6a08c763265d6993f07aa2feb57d33ed057f162a947cf0e6668f
+    Authentihash:
+        MD5: 82ece436a712985b767d42a178872ab3
+        SHA1: e7bedb9528d3da5e7e161a14db260140a02facca
+        SHA256: d28acafeb6a85294d2672fa894a2934599713aa9ce1b21184dc1ec34131af7bb
+    Description: Process Explorer
+    Company: Sysinternals - www.sysinternals.com
+    InternalName: procexp.sys
+    OriginalFilename: procexp.Sys
+    FileVersion: '9.30'
+    Product: Process Explorer
+    ProductVersion: '9.30'
+    Copyright: Copyright (C) M. Russinovich 1996-2005
+    MachineType: I386
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - ObQueryNameString
+    - ZwClose
+    - ZwDuplicateObject
+    - ZwOpenProcess
+    - KeDetachProcess
+    - ObfDereferenceObject
+    - ObReferenceObjectByHandle
+    - KeAttachProcess
+    - PsLookupProcessByProcessId
+    - MmIsAddressValid
+    - ObOpenObjectByPointer
+    - ZwQueryInformationProcess
+    - NtBuildNumber
+    - RtlUnicodeStringToAnsiString
+    - IofCompleteRequest
+    - SeReleaseSubjectContext
+    - SePrivilegeCheck
+    - ExGetPreviousMode
+    - SeCaptureSubjectContext
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - ExAllocatePoolWithTag
+    - RtlUnwind
+    - strncpy
+    - ZwOpenProcessToken
+    - RtlFreeAnsiString
+    - KfLowerIrql
+    - KfRaiseIrql
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=US, ST=Texas, L=Austin, O=Sysinternals, OU=Digital ID Class
+                3 , Microsoft Software Validation v2, OU=Headquarters, CN=Sysinternals
+            ValidFrom: '2006-02-02 00:00:00'
+            ValidTo: '2007-04-04 23:59:59'
+            Signature: 5af17754974b15636dc46a7e5295ee11668ae831cec469f15925a66f796b3aa4f912b02278957d3faf1a4df6a88b6e4720c082286400fcf2ca9b56c64197ff5c13a01dd81af41255c57cd1acf1cd790b613446332e716235469f0b2fd62d02d3ebea5965dcb2c6bc7e389e09308a895ef339ff981c4f3c8f5c8d907df45d44eb385e787cfded041491e9d72532a9ef8c8ee1d3931583c078656d1ce3d0316d8806faa8921b4837f0b5f0af1a50b2a798904ebde9bb438b06e2558c97a56145614d7e32193dcc85482bbaf4cc632094946b45ff6c1fde47cc0808344ec175d3555b66ebedd451d88e6bbf3463faf9bf65a0595d37d9e2033ae65ab7e08e081078
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 75c1a798b875894335c78cddbf05cbff
+            Version: 3
+            TBS:
+                MD5: a41a1fbfc85b812b2a1570204015b8b4
+                SHA1: a7e0f6ba7402a18a3a4e861e57a3ffacb582e8c0
+                SHA256: c770e31a5ae65a0ae2b2b2c550ebaa2aa3594d872c08b31dde6d8105fc8b6687
+                SHA384: 1b58aa762321744aba0769fbf8d45151bb613a18cf8caf68b41c85af4c1715681cd186df5e5805cf400b12ab09166e9b
+        Signer:
+        -   SerialNumber: 75c1a798b875894335c78cddbf05cbff
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 7ed4474ed84b1f8f736a1628b81bd13c
+        SHA1: 4456cd303246bff5ac1095977b7c56a1c4ba02fa
+        SHA256: 1379bea6cc6236eca70f97ba7fc73338ade1f24a85c4bf1c08992e573a48fad2
+    Sections:
+        .text:
+            Entropy: 6.100262415508947
+            Virtual Size: '0xf68'
+        INIT:
+            Entropy: 5.190425299514774
+            Virtual Size: '0x358'
+        .rsrc:
+            Entropy: 3.2730236665026364
+            Virtual Size: '0x380'
+        .reloc:
+            Entropy: 4.850293456344704
+            Virtual Size: '0x12e'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2006-01-06 15:04:34'
+    Imphash: 5bb79a6caa12076a6d140085cb53892e
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: procexp.Sys
+    MD5: b7ca4c32c844df9b61634052ae276387
+    SHA1: 6df6d5b30d04b9adb9d2c99de18ed108b011d52b
+    SHA256: bdbceca41e576841cad2f2b38ee6dbf92fd77fbbfdfe6ecf99f0623d44ef182c
+    Authentihash:
+        MD5: 1694c87131cee15e63d71936859506b8
+        SHA1: 5eb106f413ad1d8de4c04661a1c5162410164d50
+        SHA256: 120f7983011211e6740d7a3a4cd2354507866ef7d36a48e2e3a9bd5b52c21c8a
+    Description: Process Explorer
+    Company: Sysinternals - www.sysinternals.com
+    InternalName: procexp.sys
+    OriginalFilename: procexp.Sys
+    FileVersion: '11.01'
+    Product: Process Explorer
+    ProductVersion: '11.01'
+    Copyright: Copyright (C) M. Russinovich 1996-2007
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - NtBuildNumber
+    - ZwOpenProcess
+    - PsLookupProcessByProcessId
+    - ZwQueryInformationProcess
+    - IoCreateSymbolicLink
+    - RtlInitUnicodeString
+    - MmIsAddressValid
+    - IoDeleteDevice
+    - ObfDereferenceObject
+    - ExGetPreviousMode
+    - IoCreateDevice
+    - MmGetSystemRoutineAddress
+    - ObOpenObjectByPointer
+    - ZwQueryObject
+    - RtlUnicodeStringToAnsiString
+    - SePrivilegeCheck
+    - ZwQuerySystemInformation
+    - ZwOpenProcessToken
+    - SeReleaseSubjectContext
+    - KeDetachProcess
+    - ObQueryNameString
+    - strncpy
+    - ExAllocatePool
+    - SeCaptureSubjectContext
+    - NtClose
+    - ZwClose
+    - IofCompleteRequest
+    - ObReferenceObjectByHandle
+    - IoDeleteSymbolicLink
+    - ZwDuplicateObject
+    - ExFreePoolWithTag
+    - RtlFreeAnsiString
+    - KeAttachProcess
+    - KeBugCheckEx
+    - __C_specific_handler
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=US, ST=Texas, L=Austin, O=Sysinternals, OU=Digital ID Class
+                3 , Microsoft Software Validation v2, OU=Headquarters, CN=Sysinternals
+            ValidFrom: '2007-03-05 00:00:00'
+            ValidTo: '2010-04-19 23:59:59'
+            Signature: a1ce9df2911dc8d72282d3c41cc94a5ec63e00dbdf60015908bc703678b1a68e25d1ec5780e425ffb68e3e1bb0ea62cc9ba43c0e262cfa5f6c552458696acb67422328df20215aa22e5e8d4417d8688fcb06c1de0fe431e6811596fb0dcbe8678fe69098653687b041ab4eefd3181964c0a5225fe0a1606ff4c12c3f57d7e620860dcd66a8b856438dfb87d10e50beea9e838964d2584811fa83287ef363e88e4fc5b8d09f2fb4feeb7fd7f2a77661cb75ed56a0d3b60fdeed43674757704753721df8c8801ee85e4818fafb012399b1d36a8e17b8e40cbaa0fd891b6d2e0515dbd4d743e42eea35a9b191bf26a850eff41a5aa6d95790329c8a21a88c11faba
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 7d2c89d309e57beef2d791bb8ed6a26f
+            Version: 3
+            TBS:
+                MD5: ae18dfd140f9414eadf1f611ec1b84b7
+                SHA1: 9aecb2568e995d5965e49acf3ff247bc3d1ab99c
+                SHA256: f14ce5fe5f508ced18d652e8211edb00c1c773899d03d18dec932df9c54f0a86
+                SHA384: c2a6c771b86b687befda12f6871e2f0d473317b4694f25ddc835d2f203953870f26ae9994822e53fcddaeb012f2b6740
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 7d2c89d309e57beef2d791bb8ed6a26f
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 3ea5cd355cba9d9928873cdba35d4bcc
+        SHA1: b7e9df380d50227614a9745068a6b50c798b66f9
+        SHA256: b3da31bed27ae39b6fd4b9152315a2a81e444cdb54edb34eb6a583538717a4a1
+    Sections:
+        .text:
+            Entropy: 6.134866287932838
+            Virtual Size: '0x1a98'
+        .rdata:
+            Entropy: 4.141958899402925
+            Virtual Size: '0x2dc'
+        .data:
+            Entropy: 0.4860349013607531
+            Virtual Size: '0x124'
+        .pdata:
+            Entropy: 3.5957393883250757
+            Virtual Size: '0xc0'
+        INIT:
+            Entropy: 5.011637602197952
+            Virtual Size: '0x4a0'
+        .rsrc:
+            Entropy: 3.2795326755401355
+            Virtual Size: '0x380'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2008-07-21 14:42:49'
+    Imphash: 0b40636205c64cacfd2e4f407518ad58
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: procexp.Sys
+    MD5: 9beecfb3146f19400880da61476ef940
+    SHA1: d5beca70469e0dcb099ba35979155e7c91876fd2
+    SHA256: c089a31ac95d41ed02d1e4574962f53376b36a9e60ff87769d221dc7d1a3ecfa
+    Authentihash:
+        MD5: c292f0024a454f42fba117b3505b12e9
+        SHA1: d9ebe7ff8318eeece457fc72bec2b582d3350b61
+        SHA256: f0fb06748758082263e252050904f2fd8a29a77ae71dfdb390346bd2046ebfd4
+    Description: Process Explorer
+    Company: Sysinternals - www.sysinternals.com
+    InternalName: procexp.sys
+    OriginalFilename: procexp.Sys
+    FileVersion: '15.00'
+    Product: Process Explorer
+    ProductVersion: '15.00'
+    Copyright: Copyright (C) Mark Russinovich 1996-2014
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - strncpy
+    - RtlInitUnicodeString
+    - RtlUnicodeStringToAnsiString
+    - RtlFreeAnsiString
+    - KeWaitForSingleObject
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - ExGetPreviousMode
+    - MmGetSystemRoutineAddress
+    - SeCaptureSubjectContext
+    - SeReleaseSubjectContext
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - ObReferenceObjectByHandle
+    - ObfDereferenceObject
+    - ZwClose
+    - MmIsAddressValid
+    - ZwOpenProcess
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - SePrivilegeCheck
+    - PsLookupProcessByProcessId
+    - ObOpenObjectByPointer
+    - ObQueryNameString
+    - ZwQueryObject
+    - ZwDuplicateObject
+    - ZwOpenProcessToken
+    - ZwQueryInformationProcess
+    - ZwQuerySystemInformation
+    - ObCloseHandle
+    - ObOpenObjectByName
+    - __C_specific_handler
+    - IoFileObjectType
+    - PsProcessType
+    - PsThreadType
+    - NtBuildNumber
+    - IoCreateDevice
+    - ZwSetSecurityObject
+    - IoDeviceObjectType
+    - _snwprintf
+    - RtlLengthSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - RtlCreateSecurityDescriptor
+    - RtlSetDaclSecurityDescriptor
+    - RtlAbsoluteToSelfRelativeSD
+    - IoIsWdmVersionAvailable
+    - SeExports
+    - wcschr
+    - _wcsnicmp
+    - RtlLengthSid
+    - RtlAddAccessAllowedAce
+    - RtlGetSaclSecurityDescriptor
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - ZwOpenKey
+    - ZwCreateKey
+    - ZwQueryValueKey
+    - ZwSetValueKey
+    - RtlFreeUnicodeString
+    - KeBugCheckEx
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Sysinternals, OU=Digital ID
+                Class 3 , Microsoft Software Validation v2, CN=Sysinternals
+            ValidFrom: '2013-04-06 00:00:00'
+            ValidTo: '2016-05-05 23:59:59'
+            Signature: dcae28e748027154f884826e2ddb877a410d735e07184d1777b9fe78bb3458d7b9cb6be5a892e1f6f16f040f4c143bb40dee252c632d495822bf8eef37429257332efd651b27023dba183f9824886a3602f3a0b3d78addfc85e235da619e504d300242eb19dc85c34d170a78d849372b6fb7de286fe6ed87c62f45d8e7ddf4840c009fadfbb0cf4268f0d476113f2f970d04be95e41665f20166a156b5a407c62f7e7b3d7b2acce45a615af50c85631dadab3088137df317645ef6c901b313a02abe7cf128aff2a16dfebb8e1dc4d39b5919e9433955fc3f2ba065833b573ef8e346f1505e613d5cee2efc71d7b5477a80dcc32ae5acb580370ddfa9dda309f2
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1efd983a49d3f152ac9cd2941b8a0edd
+            Version: 3
+            TBS:
+                MD5: 1b7ca026e68405de56477b5b7bb3a0a5
+                SHA1: b2a1bd13d8833154f02e51e25c9f023d54a27d21
+                SHA256: 2018b8e7ea18c392558dcd375742cc792648ec23e5eb07d7987c27c76f4c62c0
+                SHA384: a8ccad9eeb4974ba9504241c685e7e1dd85e0de420c0ae077f8f3e92b3ab7c9a1653b3d0d535250a741bb7e36ec2f06a
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 1efd983a49d3f152ac9cd2941b8a0edd
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: aff0aa7b20b4b7a5a981901f3d77237c
+        SHA1: 263eefe8940d88cce62ddce6fba55eacf2b36ab8
+        SHA256: 205571b9130bfcc537bcf92e2898431e4afb0dfeabff2c2079146702745ea250
+    Sections:
+        .text:
+            Entropy: 6.194112925534596
+            Virtual Size: '0x2370'
+        .rdata:
+            Entropy: 4.434868128160928
+            Virtual Size: '0xb78'
+        .data:
+            Entropy: 2.0654743843388097
+            Virtual Size: '0x224'
+        .pdata:
+            Entropy: 4.238556641699438
+            Virtual Size: '0x2e8'
+        PAGE:
+            Entropy: 6.226087739371598
+            Virtual Size: '0x1a1b'
+        INIT:
+            Entropy: 5.215673013101648
+            Virtual Size: '0x818'
+        .rsrc:
+            Entropy: 3.282250655906871
+            Virtual Size: '0x380'
+        .reloc:
+            Entropy: 2.855388542207534
+            Virtual Size: '0x18'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2014-07-08 00:28:27'
+    Imphash: 4792bcb395d06f9efb72e8020c4af5e6
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: procexp.Sys
+    MD5: b79475c4783efdd8122694c6b5669a79
+    SHA1: d612165251d5f1dcfb1f1a762c88d956f49ce344
+    SHA256: cdfbe62ef515546f1728189260d0bdf77167063b6dbb77f1db6ed8b61145a2bc
+    Authentihash:
+        MD5: bee5a87f72b42f3bb5958ba541f4caff
+        SHA1: 9e0516a6ce73163e2ff5bf0740b57da46846228b
+        SHA256: 74716032cc2f63c67b9df0882c6794b4bf66147d943329db5f233a04c2fd9b12
+    Description: Process Explorer
+    Company: Sysinternals - www.sysinternals.com
+    InternalName: procexp.sys
+    OriginalFilename: procexp.Sys
+    FileVersion: '16.32'
+    Product: Process Explorer
+    ProductVersion: '16.32'
+    Copyright: Copyright (C) Mark Russinovich 1996-2020
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - strncpy
+    - RtlInitUnicodeString
+    - RtlUnicodeStringToAnsiString
+    - RtlFreeAnsiString
+    - KeWaitForSingleObject
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - ExGetPreviousMode
+    - MmGetSystemRoutineAddress
+    - SeCaptureSubjectContext
+    - SeReleaseSubjectContext
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - ObReferenceObjectByHandle
+    - ObfDereferenceObject
+    - ZwClose
+    - MmIsAddressValid
+    - PsGetVersion
+    - ZwOpenProcess
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - SePrivilegeCheck
+    - PsLookupProcessByProcessId
+    - ObOpenObjectByPointer
+    - ObQueryNameString
+    - ZwQueryObject
+    - ZwDuplicateObject
+    - ZwOpenProcessToken
+    - ZwQueryInformationProcess
+    - ZwQuerySystemInformation
+    - ObCloseHandle
+    - ObOpenObjectByName
+    - __C_specific_handler
+    - IoFileObjectType
+    - PsProcessType
+    - PsThreadType
+    - RtlFreeUnicodeString
+    - IoCreateDevice
+    - ZwSetSecurityObject
+    - IoDeviceObjectType
+    - _snwprintf
+    - RtlLengthSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - RtlCreateSecurityDescriptor
+    - RtlSetDaclSecurityDescriptor
+    - RtlAbsoluteToSelfRelativeSD
+    - IoIsWdmVersionAvailable
+    - SeExports
+    - wcschr
+    - _wcsnicmp
+    - RtlLengthSid
+    - RtlAddAccessAllowedAce
+    - RtlGetSaclSecurityDescriptor
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - ZwOpenKey
+    - ZwCreateKey
+    - ZwQueryValueKey
+    - ZwSetValueKey
+    - KeBugCheckEx
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Hardware Compatibility Publisher
+            ValidFrom: '2020-03-04 19:12:18'
+            ValidTo: '2021-03-03 19:12:18'
+            Signature: 36f61260ed044bf89549c232aa8ee2004a952d0e542dc7388d42439d56f055eae824b2cf5be28cfae13b7c6064dc82e4ad88ddd542db32adc513e2b2b4c2a8e842cef37844682e569326e401f11243c4a2ad8b3b164909afdc57a9ee36d6b3e2a29785a8c1e60368581989af87b0d0e614102a64d39a621887b25fc02b846c65e0f2bfcd5385942c77aafae5cb3d7a89ea7fd71b65d6e33506286ac35ff7c3d1600eb51989271921b449a20ba70f383eb24c015a621af60f0593cc7cecaca55697f3a41c550aefa048fff0999175778613a8f902166e58bd46cb10e6c7a4e605073a7615d414476ee5cf4c51662cba47e7dc85324fd8fd13cbbcbe47a7287e29
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 330000009484c47568579aafe9000000000094
+            Version: 3
+            TBS:
+                MD5: b46a69db7e461e55282dc24dc594e5d6
+                SHA1: 3b19241d555a74781e2b63a7c14ad12b1ec68205
+                SHA256: 2a247cfecd58618afbf0f68cde5b9284a822e18e6ad5ff873467c6845b7f5975
+                SHA384: 5d7aeddeeef9b55bec8c3c5def19b19b0986f14b37ebc2e572847c82ab66a5dda02cfb30dd60a6be132441c7c4a70e79
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2012
+            ValidFrom: '2012-04-18 23:48:38'
+            ValidTo: '2027-04-18 23:58:38'
+            Signature: 5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 610baac1000000000009
+            Version: 3
+            TBS:
+                MD5: a569061297e8e824767dbc3184a69bea
+                SHA1: adbb26a587a8f44b4fccaecb306f980d1c55a150
+                SHA256: cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46
+                SHA384: e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba
+        Signer:
+        -   SerialNumber: 330000009484c47568579aafe9000000000094
+            Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2012
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 43d9cd97a9af9d2018a2e3b912ceee7b
+        SHA1: 8376f05ff6ebd3001f063c022d6878ae5f3b0adc
+        SHA256: 8affa451179e3e28a8f4f5e5ce035ec16f661d943ec0acc9ac6e987e7640dfc9
+    Sections:
+        .text:
+            Entropy: 6.137423926314564
+            Virtual Size: '0x25a0'
+        .rdata:
+            Entropy: 4.316500024833388
+            Virtual Size: '0xf68'
+        .data:
+            Entropy: 2.0732868843388097
+            Virtual Size: '0x22c'
+        .pdata:
+            Entropy: 4.199286592950671
+            Virtual Size: '0x2f4'
+        PAGE:
+            Entropy: 6.228697679351415
+            Virtual Size: '0x1a1b'
+        INIT:
+            Entropy: 5.210944759781676
+            Virtual Size: '0x818'
+        .rsrc:
+            Entropy: 3.300315570047502
+            Virtual Size: '0x380'
+        .reloc:
+            Entropy: 3.698934896284056
+            Virtual Size: '0x30'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2020-09-11 15:57:25'
+    Imphash: d122c1eaa50839be14c31876d0d4e0be
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: procexp.Sys
+    MD5: 318e309e11199ec69d8928c46a4d901b
+    SHA1: 63bb17160115f16b3fca1f028b13033af4e468c6
+    SHA256: d6827cd3a8f273a66ecc33bb915df6c7dea5cc1b8134b0c348303ef50db33476
+    Authentihash:
+        MD5: decbda17e27f012c72e5ff39c8c19089
+        SHA1: ecdaa78f29e1f1a27d28b45a9de5f93af9f18f15
+        SHA256: ee24071d9a0ef38dc98929cfb4d316f9fb010de107c110fad2403022cf1eebfc
+    Description: Process Explorer
+    Company: Sysinternals - www.sysinternals.com
+    InternalName: procexp.sys
+    OriginalFilename: procexp.Sys
+    FileVersion: '15.00'
+    Product: Process Explorer
+    ProductVersion: '15.00'
+    Copyright: Copyright (C) Mark Russinovich 1996-2014
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - strncpy
+    - RtlInitUnicodeString
+    - RtlUnicodeStringToAnsiString
+    - RtlFreeAnsiString
+    - KeWaitForSingleObject
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - ExGetPreviousMode
+    - MmGetSystemRoutineAddress
+    - SeCaptureSubjectContext
+    - SeReleaseSubjectContext
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - ObReferenceObjectByHandle
+    - ObfDereferenceObject
+    - ZwClose
+    - MmIsAddressValid
+    - PsGetVersion
+    - ZwOpenProcess
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - SePrivilegeCheck
+    - PsLookupProcessByProcessId
+    - ObOpenObjectByPointer
+    - ObQueryNameString
+    - ZwQueryObject
+    - ZwDuplicateObject
+    - ZwOpenProcessToken
+    - ZwQueryInformationProcess
+    - ZwQuerySystemInformation
+    - ObCloseHandle
+    - ObOpenObjectByName
+    - __C_specific_handler
+    - IoFileObjectType
+    - PsProcessType
+    - PsThreadType
+    - IoCreateDevice
+    - ZwSetSecurityObject
+    - IoDeviceObjectType
+    - _snwprintf
+    - RtlLengthSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - RtlCreateSecurityDescriptor
+    - RtlSetDaclSecurityDescriptor
+    - RtlAbsoluteToSelfRelativeSD
+    - IoIsWdmVersionAvailable
+    - SeExports
+    - wcschr
+    - _wcsnicmp
+    - RtlLengthSid
+    - RtlAddAccessAllowedAce
+    - RtlGetSaclSecurityDescriptor
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - ZwOpenKey
+    - ZwCreateKey
+    - ZwQueryValueKey
+    - ZwSetValueKey
+    - RtlFreeUnicodeString
+    - KeBugCheckEx
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft
+                Operations Puerto Rico, OU=Thales TSS ESN:BBEC,30CA,2DBE, CN=Microsoft
+                Time,Stamp Service
+            ValidFrom: '2018-08-23 20:20:02'
+            ValidTo: '2019-11-23 20:20:02'
+            Signature: 18296d831c69501fcc0fba56af62fea612d3e1df8e88026af0152c003451479cc1ed1574a00da10660272dc5dd446a18c647b100a47b4c65d0ab4004131aebb3c988b6937214ee9dc7c2e381988b8fe0582c47fa97c21c9b0f11e198b8449015b171f00cb487241b0e339902adfd55f0adbc38b374e77f6daa6e5868b6197ba2122f927de072de2aa467f3175f948d3c29dacac8c697f26e08d840876c6c919bc522b59cf1fb5ee1b23bd9047b02b3a9edd5b1ad4b3be3bf7dec5a093e5732f75c5389eb28c6f95f1bd1c81381e96725eaf4df641c32aed1e77a8fdcdaa360c4b39c6257c5c14c57dc1a380e165cc2f3bfffc9c9ce9d36907e2c74cafdd5f722
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 33000000f6380d9a86d05ca43b0000000000f6
+            Version: 3
+            TBS:
+                MD5: 3094214121c022fb9a5e410920d5eb96
+                SHA1: 388c68e81cfc19e838d5070ac4e6793b32bfd293
+                SHA256: 0fe53b3d3a84a2b9768554a34a64622ed13cd1b915bdacdc4955e12cc24b4da9
+                SHA384: 8bdb4ff21bcdd1436dc37b1e6c9c7fb32178462243304b51a6277b5291a9421dd65fb238c8711b1aef75b85375a92599
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Hardware Compatibility Publisher
+            ValidFrom: '2018-06-08 17:24:26'
+            ValidTo: '2019-05-29 17:24:26'
+            Signature: 507e1dabe5c8a200d7b848d718478b9b2278f88da52f23c4c297c0694d76611430bff53bbe64c2bf85fa5ed551cef1d014dcf7f38109ebb5d8474c628715d4c10dd49f303cbe25aaca38d589b581c1e9786abfb23e79aa332cca8ddeeae9958623887375b40836c23f972646b8b8eac96f0b3dcbc88d56062c54a14d1e7f52ed4eb9d6e0e876fab6029355c1c7f791c63ce9ecfe5d78ffb5ba3ffb21fa78edca381c8717d1c23d01c3f0aa36cb01434f68c981c5924f04089d731c26846e466255679fab67bdfc16ab0debbc2d17f9458dcf4176ac6d63e1bb673a2d7daec55618183ae25d420dc2f7874c295fd7a4afef5cf609247c7c50f75aba8f0195fe03
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 33000000317c61d46115ceba6a000100000031
+            Version: 3
+            TBS:
+                MD5: 9a2de17c0445f3e68c9315347b5805f8
+                SHA1: df228171e01e890d9b69a749887197af4a3f7602
+                SHA256: 4a7311ef8dd289fa50df104e89c167449e87034901503c7e9423ee9e90d5c528
+                SHA384: e3f444c0320389de66bee39dc64dfb13eb4903590060830cbebaf14d8c707b2eb1e6289c9c08e7f258e6dea4387d88eb
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Hardware Compatibility PCA
+            ValidFrom: '2012-06-04 21:05:46'
+            ValidTo: '2020-06-04 21:15:46'
+            Signature: 0ddf98999318a11f177ab1350fbf36a767f19aae9d2b6878f00df46be551e1a2006c7df64f549376a929c92d15cb1e84bfdedb53638c99f519ebc1e0c1316929f808feeb4098a1742a085e1db5f064b29e45d51ec082db948d6627c5c13d8cec31a94e2682c2e3a11d1f795957b5959e2bf15735f165ee532336fd7250472f564b110c033165e9d151e84cbb18166c479bf193ccad7afb4e0a5a7df5554673eebd9cc7e95616c5bdc1f4323698f67e624e5de547179ee8a2ef1a036f6b536790d8b798deb565279a2ef7d60698683e5725829050744c79f570a60ad5a2a42dca8663b4aa403a43ce41ed76053d509dbefe0af8be00a703439e7e30f82c43d04cd5e4e5ccfea8bc7e0d827c931a327b5f60db68d61592a9644fb73be812ed2e8191add55e535695cdeb5791e290e1a2c8a926252280385d048812e033225d8490263e4fdc36ab70425923a78d6aa13ac6f71d126f1110faf5cf3c3f18802621c55edac43561d9002b0cb0287ee37f2ac7159f7f09fee67f8701ed0f39d50e1b9dfeaf16116af301d0c01bde1439992300df9e47077d6293691cbdc4aaa6fcbac071fea8b8f3aec9034128334ac15358409b8b8371503d9fba3f2c884fc648b05b3908ed710ae26c7509ef1253d60fc19641209f4f88d0695992bcf2555e799086f929121acd378057c6d3c68b9b2b63378701a9ccba6e50c0c80c77cd0a53799e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 33000000382e50e86a989d957f000000000038
+            Version: 3
+            TBS:
+                MD5: cfa5fa49250320f7a3473a82877fabf3
+                SHA1: 6b3242a9a639b0da4d5882c7eeb402be6615ad0c
+                SHA256: 8e7c756d4597e8cca0f627d75647e2f9d5a693f1f263b193347066d214c1d4db
+                SHA384: 296a0f621330ac591c8c80bdd5e5bd19e9c01e8d267d02a3f3abc845088174d752c077907b99b128d389dc13ea69d009
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Time,Stamp PCA
+            ValidFrom: '2007-04-03 12:53:09'
+            ValidTo: '2021-04-03 13:03:09'
+            Signature: 10978ac35c034436dde9b4ad77dbce79514d01b12e74715b6d0c13abcebe7b8fb82ed412a28c6d62b85702cb4e20135099dd7a40e257bbaf589a1ce11d0186acbb78f28bd0ec3b01eee2be8f0a05c88d48e2f05315dd4fab92e4e78d6ad580c1e694f2062f8503e9912a242270fbf6fce478992e0df707e270bc184e9d8e6b0a7295b8a1399c672dc5510eea625c3f16988b203fe2071a32f9cc314a76313d2b720bc8ea703dff850a13dfc20a618ef0d7b817eb4e8b7fc5352b5ea3bfebbc7d0b427bd4537221ee30cabb78655c5b01170a140ed2da1498f53cb96658b32d2fe7f98586cc5156e89d70946cac394cd4f679bfaa187a6229efa29b293406771a62c93d1e6d1f82f00bc72cbbcf43b3e5f9ec7db5e3a4a87435b84ec571231226760b3c528c715a464314bcb3b3b04d67c89f42ff807921809e153066e842125e1ac89e2221d043e92be9bbf448cc2cd4d832804c262a48245f5aea56efa6de999dca3a6fbd8127740611ee7621bf9b82c12754b6b16a3d89a17661b46ea113a6bfaa47f0126ffd8a326cb2fedf51c88c23c966bd9d1d871264023d2daf598fb8e421e5b5b0ca63b4785405d4412e50ac94b0a578abb3a096751ad992871375222f32a8086ea05b8c25bfa0ef84ca21d6eb1e4fc99aee49e0f701656f890b7dc869c8e66eeaa797ce3129ff0ec55b5cd84d1ba1d8fa2f9e3f2e55166bc913a3fd
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 6116683400000000001c
+            Version: 3
+            TBS:
+                MD5: 335713f62536c68d0acc82df3dceb932
+                SHA1: 023cf1c5e99dc2f24133dae6937145bb481306e6
+                SHA256: 65d585d6bf2b0aa4f798b9af69be08c6f1c3d01a754f989768b722a145df5312
+                SHA384: f7dd00644994985c518f70c060386448dd0c3a13f5eff12a0dd31bf8333f24b781928d323acca27e04633e71a7f22e71
+        Signer:
+        -   SerialNumber: 33000000317c61d46115ceba6a000100000031
+            Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Hardware Compatibility PCA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: b304340f5a584624dcd7df388088259e
+        SHA1: 60b9485e04a7fd71335816953eeb57cabab0866d
+        SHA256: 7d5b2828aba79fcf1d98ba371f54c4ecb1fe7f56fdfad814e98a1074f3ec01bf
+    Sections:
+        .text:
+            Entropy: 6.192542500380886
+            Virtual Size: '0x22f0'
+        .rdata:
+            Entropy: 4.295275237990091
+            Virtual Size: '0xe2c'
+        .data:
+            Entropy: 2.0429884420387983
+            Virtual Size: '0x22c'
+        .pdata:
+            Entropy: 4.233708286405829
+            Virtual Size: '0x2e8'
+        PAGE:
+            Entropy: 6.2273427245942345
+            Virtual Size: '0x1a1b'
+        INIT:
+            Entropy: 5.211213219982408
+            Virtual Size: '0x818'
+        .rsrc:
+            Entropy: 3.282250655906871
+            Virtual Size: '0x380'
+        .reloc:
+            Entropy: 3.667481250360578
+            Virtual Size: '0x30'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2018-11-16 16:15:17'
+    Imphash: b8a35d469bc164d86ac7c64e93b0037b
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: procexp.Sys
+    MD5: c69c292e0b76b25a5fa0e16136770e11
+    SHA1: 05eff2001f595f9e2894c6b5eee756ae72379a6d
+    SHA256: e07211224b02aaf68a5e4b73fc1049376623793509d9581cdaee9e601020af06
+    Authentihash:
+        MD5: 92c56a03fbcd375d9569e1cf60bf78cd
+        SHA1: be428ed7b322ad13b2207294b934b0a67aa8345d
+        SHA256: fa959c48c055ec149d434a5adeb9f9938d1c260a65ee8a4ea1d67bfbdceab83f
+    Description: Process Explorer
+    Company: Sysinternals - www.sysinternals.com
+    InternalName: procexp.sys
+    OriginalFilename: procexp.Sys
+    FileVersion: '15.00'
+    Product: Process Explorer
+    ProductVersion: '15.00'
+    Copyright: Copyright (C) Mark Russinovich 1996-2014
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - strncpy
+    - RtlInitUnicodeString
+    - RtlUnicodeStringToAnsiString
+    - RtlFreeAnsiString
+    - KeWaitForSingleObject
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - ExGetPreviousMode
+    - MmGetSystemRoutineAddress
+    - SeCaptureSubjectContext
+    - SeReleaseSubjectContext
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - ObReferenceObjectByHandle
+    - ObfDereferenceObject
+    - ZwClose
+    - MmIsAddressValid
+    - ZwOpenProcess
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - SePrivilegeCheck
+    - PsLookupProcessByProcessId
+    - ObOpenObjectByPointer
+    - ObQueryNameString
+    - ZwQueryObject
+    - ZwDuplicateObject
+    - ZwOpenProcessToken
+    - ZwQueryInformationProcess
+    - ZwQuerySystemInformation
+    - ObCloseHandle
+    - ObOpenObjectByName
+    - __C_specific_handler
+    - IoFileObjectType
+    - PsProcessType
+    - PsThreadType
+    - NtBuildNumber
+    - IoCreateDevice
+    - ZwSetSecurityObject
+    - IoDeviceObjectType
+    - _snwprintf
+    - RtlLengthSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - RtlCreateSecurityDescriptor
+    - RtlSetDaclSecurityDescriptor
+    - RtlAbsoluteToSelfRelativeSD
+    - IoIsWdmVersionAvailable
+    - SeExports
+    - wcschr
+    - _wcsnicmp
+    - RtlLengthSid
+    - RtlAddAccessAllowedAce
+    - RtlGetSaclSecurityDescriptor
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - ZwOpenKey
+    - ZwCreateKey
+    - ZwQueryValueKey
+    - ZwSetValueKey
+    - RtlFreeUnicodeString
+    - KeBugCheckEx
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR,
+                OU=nCipher DSE ESN:B1B7,F67F,FEC2, CN=Microsoft Time,Stamp Service
+            ValidFrom: '2015-10-07 18:14:02'
+            ValidTo: '2017-01-07 18:14:02'
+            Signature: 01d47ac81233981cb030b0fbeeabdd39641bb136ee8863bea04f5ea087ad995f71743f3525cc1e89f20ba37b31e60e2b8e6838f8820ed9ba2201fef412b9831a62d323f9e0a752bc92dd2da8a110e7eb47ce16bd0b933a624a7554d44eaf30e718572ab6968e3234701ded6156b8ecdd53c36cac5ca802437198616ce6b84e707c80548ca7e638ea7acdc0ef56430f030e89c83a701d9ac7541d637b31f2e616a122db3a08ab044a93cc61e2fc4a31a61df406ad6f634bc04d9c1244e0a986c60bebf7f82b44cb769bc5f016f01cf32877adc0cd23e78494c23597207de815f1abe1217416477b62b0dacb176b10a8a9e0663e1f5ad41fec1fb51d2ddc6c8491
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 330000008a57ea89a349eb8be800000000008a
+            Version: 3
+            TBS:
+                MD5: fc736157189c18985ff54e87edc06166
+                SHA1: 9c4ab0e49bf223f88f1a9cd4be69e53db6f59ef2
+                SHA256: 8daf9edee56dd74ee0c24f9f618f2fac6eb78e8cd688c733bc8ba9c3a9d6303e
+                SHA384: 1ce3414a874efbbb74f1563aa28a7c5039b6ca232fc1c0975c8e608124d5d769e660d87436ef643e6b0cf2d672736fb1
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR,
+                CN=Microsoft Corporation
+            ValidFrom: '2015-06-04 17:42:45'
+            ValidTo: '2016-09-04 17:42:45'
+            Signature: a6a85391df3b01fe615d065aeb66f00cd8f7d984d300510e10d1a4d11728e78c33382bd843c6038b75eb3392f4a9e267fd02dba51d4e43455d1b49e3e04f16f07e8ff08811ca82ada4fba6a95ff59760c87bc4bf7c9b69ed1f82c1f1cd8e784b62f5d70d1cd75312d69652ef35bd198ea04093a10aa52d169cc2467408ebdbf4d8a549365412115503b37b16fb47fefb68fcc0455ce23f127933a2ef82c5de401907ee15c50a9b590541a9d0979e819e035bfc4ae31a2e05ac50472f8cfa79d81e20f805fb296b1814fa7204b70ba79a64ec115d4f45498d291a2dfbd0b609535f3494e016c4b9ea7335e857efe1eb16c318c706b33bcf6184e2b6448994a386
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 330000010a2c79aed7797ba6ac00010000010a
+            Version: 3
+            TBS:
+                MD5: 14e79171202b9f17d8770ee3e9e1a04c
+                SHA1: ce13da3e20f06d1c9ebef5646f4b763f423fbffa
+                SHA256: 37823fe17d235fa83b5231f159e969bcf0d0c6c134d4a89a5f91a92143c7472f
+                SHA384: 3965aeba6c585db3abc820f536d80296b9868da981a558ade81e7ae4fd1a6203a7f953ab33f265fa7f1c566213a89ffa
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Code Signing PCA
+            ValidFrom: '2010-08-31 22:19:32'
+            ValidTo: '2020-08-31 22:29:32'
+            Signature: 59393e7f2646afeb6f40b132b56aeb0e2f6ea849f7eb5f75ed4c3b2dd743ad0bfecbe92d31a323cc7c509880215dac3d2f4cbaa2a8569ce370bbb8b4f879b54972f73eea417fcae10c1769cba59c202dfa0b50c456cd2de34ad2bc70e7a80da203a556e0b88a4b57f295429cf1f3efeee3861f343cb8569af05323852aa4821c93e294071df2e24ef88ca1cae813a5914ec81bd28f72952a716d9b1af81cf053d667cc22ff5c1dcda28cbd27b279635644a251cdf9e9a35856dd9b0245442f5ff4daaed482326efca49513e4eb69e7a9a22cbec82b100e658e99dbf5a2fa122609653894f17a1f4abbd1e156e8d07896185cc935165fdd931d498e2dbead34441cee10151a005ddd355b21ce98c709ee850e8c4f6d0e134e3d7c29489c72d1f36ccac1ec70a35792577d948da01b48035af7cfa3670a74a536ed2d2f17c8e6723712f46fb13c6782f952b28d3316651e0e8add10de64f46fce46d4d317e979c404b4d3fb2cdf1f8a9eac0afb132740ade4f9e1a97f46bb0760476560404eb042ec4eedb37679d80a34096d1c80311fe20e54dde5a1fbe54710ad6498ff50162e7cbf05217ae295412769c3938f95c98dd89b21ae0d5c9cf0a2ae8668830c6a2dbb766b001d96adf2167bf6168324b988cf6aa847312f9adce3713dd7007e6247d1ce88c9b818fa0e728dc1a33daf02406aff699b96e210a810b4375008d6c33d
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 6133261a000000000031
+            Version: 3
+            TBS:
+                MD5: 482f91c72e48878971dcf15579a96bd8
+                SHA1: 27543a3f7612de2261c7228321722402f63a07de
+                SHA256: d372e474aa3b4ca8c060f6adbab1dd488b720b0314aeaf05d49448180ff8afc6
+                SHA384: 63ec1262b2abf88e3a376855d52b4973a32721d960a6c99c2019395c40ffc21c1e60c123c2e81bf93565471caabfb5bf
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Time,Stamp PCA
+            ValidFrom: '2007-04-03 12:53:09'
+            ValidTo: '2021-04-03 13:03:09'
+            Signature: 10978ac35c034436dde9b4ad77dbce79514d01b12e74715b6d0c13abcebe7b8fb82ed412a28c6d62b85702cb4e20135099dd7a40e257bbaf589a1ce11d0186acbb78f28bd0ec3b01eee2be8f0a05c88d48e2f05315dd4fab92e4e78d6ad580c1e694f2062f8503e9912a242270fbf6fce478992e0df707e270bc184e9d8e6b0a7295b8a1399c672dc5510eea625c3f16988b203fe2071a32f9cc314a76313d2b720bc8ea703dff850a13dfc20a618ef0d7b817eb4e8b7fc5352b5ea3bfebbc7d0b427bd4537221ee30cabb78655c5b01170a140ed2da1498f53cb96658b32d2fe7f98586cc5156e89d70946cac394cd4f679bfaa187a6229efa29b293406771a62c93d1e6d1f82f00bc72cbbcf43b3e5f9ec7db5e3a4a87435b84ec571231226760b3c528c715a464314bcb3b3b04d67c89f42ff807921809e153066e842125e1ac89e2221d043e92be9bbf448cc2cd4d832804c262a48245f5aea56efa6de999dca3a6fbd8127740611ee7621bf9b82c12754b6b16a3d89a17661b46ea113a6bfaa47f0126ffd8a326cb2fedf51c88c23c966bd9d1d871264023d2daf598fb8e421e5b5b0ca63b4785405d4412e50ac94b0a578abb3a096751ad992871375222f32a8086ea05b8c25bfa0ef84ca21d6eb1e4fc99aee49e0f701656f890b7dc869c8e66eeaa797ce3129ff0ec55b5cd84d1ba1d8fa2f9e3f2e55166bc913a3fd
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 6116683400000000001c
+            Version: 3
+            TBS:
+                MD5: 335713f62536c68d0acc82df3dceb932
+                SHA1: 023cf1c5e99dc2f24133dae6937145bb481306e6
+                SHA256: 65d585d6bf2b0aa4f798b9af69be08c6f1c3d01a754f989768b722a145df5312
+                SHA384: f7dd00644994985c518f70c060386448dd0c3a13f5eff12a0dd31bf8333f24b781928d323acca27e04633e71a7f22e71
+        Signer:
+        -   SerialNumber: 330000010a2c79aed7797ba6ac00010000010a
+            Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Code Signing PCA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: a052ed4e5d10c66e3e667a42fcdcc54a
+        SHA1: 04b9d41ef58b5aaaca72f0ce222a8adfbe8ad251
+        SHA256: c254feaf8c3e788a6ec9d41de0d7bad054f4347a8347d6806840cd1d9030ed4a
+    Sections:
+        .text:
+            Entropy: 6.194112925534596
+            Virtual Size: '0x2370'
+        .rdata:
+            Entropy: 4.4428556927172265
+            Virtual Size: '0xb80'
+        .data:
+            Entropy: 2.0654743843388097
+            Virtual Size: '0x224'
+        .pdata:
+            Entropy: 4.238715005322108
+            Virtual Size: '0x2e8'
+        PAGE:
+            Entropy: 6.226087739371598
+            Virtual Size: '0x1a1b'
+        INIT:
+            Entropy: 5.215673013101648
+            Virtual Size: '0x818'
+        .rsrc:
+            Entropy: 3.282250655906871
+            Virtual Size: '0x380'
+        .reloc:
+            Entropy: 2.855388542207534
+            Virtual Size: '0x18'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2016-02-04 15:04:43'
+    Imphash: 4792bcb395d06f9efb72e8020c4af5e6
+    LoadsDespiteHVCI: 'TRUE'
+-   Filename: procexp.Sys
+    MD5: 9982da703f13140997e137b1e745a2e3
+    SHA1: 511b06898770337609ee065547dbf14ce3de5a95
+    SHA256: e3f2ee22dec15061919583e4beb8abb3b29b283e2bcb46badf2bfde65f5ea8dd
+    Authentihash:
+        MD5: db32843b80c6e8c9173847c3faab2200
+        SHA1: fffeec16afdeedd2bee22860f0942c846ba9ee1a
+        SHA256: cee01c69cb0c06dd0d98ff05aeb2b0a34a4aa1a71d35a3033bf9c1a35b637c55
+    Description: Process Explorer
+    Company: Sysinternals - www.sysinternals.com
+    InternalName: procexp.sys
+    OriginalFilename: procexp.Sys
+    FileVersion: '15.00'
+    Product: Process Explorer
+    ProductVersion: '15.00'
+    Copyright: Copyright (C) Mark Russinovich 1996-2014
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - strncpy
+    - RtlInitUnicodeString
+    - RtlUnicodeStringToAnsiString
+    - RtlFreeAnsiString
+    - KeWaitForSingleObject
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - ExGetPreviousMode
+    - MmGetSystemRoutineAddress
+    - SeCaptureSubjectContext
+    - SeReleaseSubjectContext
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - ObReferenceObjectByHandle
+    - ObfDereferenceObject
+    - ZwClose
+    - MmIsAddressValid
+    - PsGetVersion
+    - ZwOpenProcess
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - SePrivilegeCheck
+    - PsLookupProcessByProcessId
+    - ObOpenObjectByPointer
+    - ObQueryNameString
+    - ZwQueryObject
+    - ZwDuplicateObject
+    - ZwOpenProcessToken
+    - ZwQueryInformationProcess
+    - ZwQuerySystemInformation
+    - ObCloseHandle
+    - ObOpenObjectByName
+    - __C_specific_handler
+    - IoFileObjectType
+    - PsProcessType
+    - PsThreadType
+    - RtlFreeUnicodeString
+    - IoCreateDevice
+    - ZwSetSecurityObject
+    - IoDeviceObjectType
+    - _snwprintf
+    - RtlLengthSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - RtlCreateSecurityDescriptor
+    - RtlSetDaclSecurityDescriptor
+    - RtlAbsoluteToSelfRelativeSD
+    - IoIsWdmVersionAvailable
+    - SeExports
+    - wcschr
+    - _wcsnicmp
+    - RtlLengthSid
+    - RtlAddAccessAllowedAce
+    - RtlGetSaclSecurityDescriptor
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - ZwOpenKey
+    - ZwCreateKey
+    - ZwQueryValueKey
+    - ZwSetValueKey
+    - KeBugCheckEx
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=WA, L=Redmond, O=Microsoft Corporation, OU=Microsoft
+                Ireland Operations Limited, OU=Thales TSS ESN:86DF,4BBC,9335, CN=Microsoft
+                Time,Stamp service
+            ValidFrom: '2018-08-23 20:20:28'
+            ValidTo: '2019-11-23 20:20:28'
+            Signature: 9d7642feb515917887e958cc8890ccc717f8b1b164f2248f2657c2dd3bc82767e8a80b860b39f6469c373f7db0e6bf50975f396197e28b8b47b1c36014316a5fecd78d4528fe00e0c5a92321319a4be66b2359c99f01a27514f95879324fc6c121d6958cade3c4e366f75ebd979c4ee701a63655ae846982f63439c44099f0a18de3b3d9ae023e8c5c49406c94c556a7dee459a92b543f395dde5cfe106e0540f7710430d130862c6693445d18efaac409f2cd7d319e21a12c5184e767993562b324ff9db371cce7a932d3be5ee3396cf1864a609bbe6ebcf8834cbb11c44729119a6a5abc5e3ef8947dcb0bc6b554217a3e39a079e4bd733dc46b77b8f39a3c
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 3300000109e219d6f9b8a4bebf000000000109
+            Version: 3
+            TBS:
+                MD5: 10a173441d459944d30bbcfc69f7521b
+                SHA1: 500cf2d67d9e3b7c31b2a65d4f121f7201cade0e
+                SHA256: 1994223eadaccd1eaf27c1a3e90dd6142a4ceb8f8fafe5109e2accbccc60e4ed
+                SHA384: 583cf1f7091b957856b816d69081d73f79f4fa08bfd49b6c40f09087c1a50823637b96b2c8f224b934e5234212ef8f53
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Hardware Compatibility Publisher
+            ValidFrom: '2019-04-18 18:42:23'
+            ValidTo: '2020-03-27 18:42:23'
+            Signature: 5844e21f86b9788f56cd1d77f3f69287bb20fca894e9fedbba22b6bc952403a6b4c2cd38d003bfdd0ceb0ddcc583331efcad8b4be9516204983e26aaa15594ebc7b5784a3999aa9096a0d877371281c61840e4e57a2f4e33bcb554e3b1c25bcc71215544be72d254435aa7f462028722def36cb7819d9d746296b42f1e2dc0c6176f722fdc51d3913e1afdd3052cc50e1dc3f8dac1aaec4fc9b739973db14c1f1f68b5516a406994297ba034347c781323447d7e6c87dd73db025cea27bba00321aa12287daee740fd07040f293ead6d5f61bc0304daeebc847d5f4da6e712d2868d64a710212080c97dd804c265b6a60b368cceab6e1a4c81ba8361233a0ab2
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 33000000387a14cce6619d8c51000200000038
+            Version: 3
+            TBS:
+                MD5: f9a6526d8f83e3d33d925ae95b752dca
+                SHA1: ad9f086d0642e3b5de60584c44123cf4603c4525
+                SHA256: 7bdb7967d328a3a1cb2d2c4c7399633203668f9a86a271b277a218b639ad12ee
+                SHA384: 0ae0176f351a8e4df75f1c72d2002b1682a1e4d1ccb069fb8b5bcb496ef016a6386e44428ebabe538eb2900b564e3f93
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Hardware Compatibility PCA
+            ValidFrom: '2018-09-20 17:42:01'
+            ValidTo: '2021-05-09 23:28:13'
+            Signature: db595516f66f18e1341f22519cd75bdebec9fe22cf0da8b0b3d16c1da9a402d786bc566b40ee0bbcf93519de693d54a7d10a23c02dbc67986c390faf808cbc4adb87290c6336e5faf85d8f8c233ef9922fb1843a48a325954aeac902617af61fee0538540f210e1e96e2d2fbd710c3d9dcdee31f05054f429bacbd15eea95a19817a77c5be146a41a7307858ced3207157603c07b83c83ca0f35f77a632f148aa6dc8e0f947a8aaf6ad8c8d7c4490526c7f4f6ad021edb776725fe7dfb894a56d92fd032d2197c0e4edb995316a84d28109a61707230317c47c98b01093a263ebe5bcc278ffd669fd49fe1f51ac913b6c3cf714b5fc34381ee4996d59981421916414f0a902e76bd3b0399e4851a6084716df77ce405fe55a53be6f3c95f067a3f46ef77f7ad48d211cac1b08ab7964cfa9e8fdd336d2a84750021c76bffdc3de28b8d81b65134c9bdf6379fedf06b028f3ec0b6f5a6bb72c6745953ef43d67808d0bf11b7fa1d0a74b18f5e3b21f2e940ade8d052a9e19e9eb3bffbe9f5e8439a09ee26abf6d3e9528a1ef984617b5c33cf0d8d6e9daac74135d14fc21e82668e5b9075d3235eb988eec5fcac9753af2e343e2a1c88a19dc94ec1f11ae245eef3a76beccb5bb13fa9f39d9b04ffd6342cbc040e29a161d212d5b6a50c10be6f6b9e681d4747ac7bd030d75c18d61ec0ad03e3cecfc668c49424c26fd4de1072
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610435f1000000000041
+            Version: 3
+            TBS:
+                MD5: 77dab20d8e23cd8e18633adca506cf6e
+                SHA1: c5506bee3c29254dc5b5a0e6e7a14046522708ef
+                SHA256: 611f1d188d7c39a400a01ee32e2c257be5082445ace6f59acd103a250cc2ec0f
+                SHA384: cf4c4b8360744f9c56803afb49175361c93fc4a95c77dbe0eebb2852a32c93ed9cc563495c0e1c9c32e4d58512f55b49
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Time,Stamp PCA
+            ValidFrom: '2007-04-03 12:53:09'
+            ValidTo: '2021-04-03 13:03:09'
+            Signature: 10978ac35c034436dde9b4ad77dbce79514d01b12e74715b6d0c13abcebe7b8fb82ed412a28c6d62b85702cb4e20135099dd7a40e257bbaf589a1ce11d0186acbb78f28bd0ec3b01eee2be8f0a05c88d48e2f05315dd4fab92e4e78d6ad580c1e694f2062f8503e9912a242270fbf6fce478992e0df707e270bc184e9d8e6b0a7295b8a1399c672dc5510eea625c3f16988b203fe2071a32f9cc314a76313d2b720bc8ea703dff850a13dfc20a618ef0d7b817eb4e8b7fc5352b5ea3bfebbc7d0b427bd4537221ee30cabb78655c5b01170a140ed2da1498f53cb96658b32d2fe7f98586cc5156e89d70946cac394cd4f679bfaa187a6229efa29b293406771a62c93d1e6d1f82f00bc72cbbcf43b3e5f9ec7db5e3a4a87435b84ec571231226760b3c528c715a464314bcb3b3b04d67c89f42ff807921809e153066e842125e1ac89e2221d043e92be9bbf448cc2cd4d832804c262a48245f5aea56efa6de999dca3a6fbd8127740611ee7621bf9b82c12754b6b16a3d89a17661b46ea113a6bfaa47f0126ffd8a326cb2fedf51c88c23c966bd9d1d871264023d2daf598fb8e421e5b5b0ca63b4785405d4412e50ac94b0a578abb3a096751ad992871375222f32a8086ea05b8c25bfa0ef84ca21d6eb1e4fc99aee49e0f701656f890b7dc869c8e66eeaa797ce3129ff0ec55b5cd84d1ba1d8fa2f9e3f2e55166bc913a3fd
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 6116683400000000001c
+            Version: 3
+            TBS:
+                MD5: 335713f62536c68d0acc82df3dceb932
+                SHA1: 023cf1c5e99dc2f24133dae6937145bb481306e6
+                SHA256: 65d585d6bf2b0aa4f798b9af69be08c6f1c3d01a754f989768b722a145df5312
+                SHA384: f7dd00644994985c518f70c060386448dd0c3a13f5eff12a0dd31bf8333f24b781928d323acca27e04633e71a7f22e71
+        Signer:
+        -   SerialNumber: 33000000387a14cce6619d8c51000200000038
+            Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Hardware Compatibility PCA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: dd10afd0600f2236361f48592587474c
+        SHA1: 0dbcc0d10e288b15aa0eda2aaffcd2a0edb7850b
+        SHA256: c834c4c8ac0c6f8457c4b833e5771b4f273ed815ab2d189a65c4afa9ca9e3975
+    Sections:
+        .text:
+            Entropy: 6.137423926314564
+            Virtual Size: '0x25a0'
+        .rdata:
+            Entropy: 4.319500105806409
+            Virtual Size: '0xf68'
+        .data:
+            Entropy: 2.0732868843388097
+            Virtual Size: '0x22c'
+        .pdata:
+            Entropy: 4.199286592950671
+            Virtual Size: '0x2f4'
+        PAGE:
+            Entropy: 6.228697679351415
+            Virtual Size: '0x1a1b'
+        INIT:
+            Entropy: 5.210944759781676
+            Virtual Size: '0x818'
+        .rsrc:
+            Entropy: 3.282250655906871
+            Virtual Size: '0x380'
+        .reloc:
+            Entropy: 3.698934896284056
+            Virtual Size: '0x30'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2019-06-28 15:02:57'
+    Imphash: d122c1eaa50839be14c31876d0d4e0be
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: procexp.Sys
+    MD5: 9b9d367cb53df0a2e0850760c840d016
+    SHA1: 631fdd1ef2d6f2d98e36f8fc7adbf90fbfb0a1e8
+    SHA256: f29073dc99cb52fa890aae80037b48a172138f112474a1aecddae21179c93478
+    Authentihash:
+        MD5: dafa4bdbdbbd96532d03022cd6900fed
+        SHA1: f2ff9b749f7c5f21043b42d97b8a386c702d4435
+        SHA256: ab5324c992c7547020f85de3456516e0dba2c3c5aab10371723a96188354abaf
+    Description: Process Explorer
+    Company: Sysinternals - www.sysinternals.com
+    InternalName: procexp.sys
+    OriginalFilename: procexp.Sys
+    FileVersion: '15.00'
+    Product: Process Explorer
+    ProductVersion: '15.00'
+    Copyright: Copyright (C) Mark Russinovich 1996-2014
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - strncpy
+    - RtlInitUnicodeString
+    - RtlUnicodeStringToAnsiString
+    - RtlFreeAnsiString
+    - KeWaitForSingleObject
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - ExGetPreviousMode
+    - MmGetSystemRoutineAddress
+    - SeCaptureSubjectContext
+    - SeReleaseSubjectContext
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - ObReferenceObjectByHandle
+    - ObfDereferenceObject
+    - ZwClose
+    - MmIsAddressValid
+    - PsGetVersion
+    - ZwOpenProcess
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - SePrivilegeCheck
+    - PsLookupProcessByProcessId
+    - ObOpenObjectByPointer
+    - ObQueryNameString
+    - ZwQueryObject
+    - ZwDuplicateObject
+    - ZwOpenProcessToken
+    - ZwQueryInformationProcess
+    - ZwQuerySystemInformation
+    - ObCloseHandle
+    - ObOpenObjectByName
+    - __C_specific_handler
+    - IoFileObjectType
+    - PsProcessType
+    - PsThreadType
+    - RtlFreeUnicodeString
+    - IoCreateDevice
+    - ZwSetSecurityObject
+    - IoDeviceObjectType
+    - _snwprintf
+    - RtlLengthSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - RtlCreateSecurityDescriptor
+    - RtlSetDaclSecurityDescriptor
+    - RtlAbsoluteToSelfRelativeSD
+    - IoIsWdmVersionAvailable
+    - SeExports
+    - wcschr
+    - _wcsnicmp
+    - RtlLengthSid
+    - RtlAddAccessAllowedAce
+    - RtlGetSaclSecurityDescriptor
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - ZwOpenKey
+    - ZwCreateKey
+    - ZwQueryValueKey
+    - ZwSetValueKey
+    - KeBugCheckEx
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft
+                Operations Puerto Rico, OU=Thales TSS ESN:B8EC,30A4,7144, CN=Microsoft
+                Time,Stamp Service
+            ValidFrom: '2018-08-23 20:19:30'
+            ValidTo: '2019-11-23 20:19:30'
+            Signature: 7be0d660424af8eac275a9459174b3ce3f76e30006b180babd8949b702315798d46cfdc5fb6e6f0b489316944aab7252418e255760c2550c6404f8feea766d14fcf7ab9529c10737079214ba8fc5f789160b14cd0fb3f5fb47e12f7e217f95ee8d0707856807dd90f5075de7a1ea44915a2f36eca695c9a525db6ddb6b0638dfa21612ae4ce571e75643ab00363b309586d9e1c5b1183101dda77c613ccb9cf66d7306384789f8f543a751abc6fcd074b494546cc38ee1fc9400c06be11db4b58b9d82fa1744af0155511f60fea641ad501ba321de896e25bde327ba58a437cc3115e1dd2f58ea9a1fbbaeeda1dc5b2fb69f9f5562d7577afdb8cde903074a76
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 33000000eb69aacc3e299f2d390000000000eb
+            Version: 3
+            TBS:
+                MD5: 474aa22f78903fa7bca0bf6ff4dabe03
+                SHA1: 1745a1caaa7a8dd0da3ae4b2c3037b327e66ca86
+                SHA256: a8662656da96725e4dedea5cd1234e9d64281228f08f87462cdcf378d7ff4a03
+                SHA384: c9ff7f654d644415032d44f78f8dd9f2d51fabb059dc3f75ea39a3d7b20604ae1d7d3b365205f5468d1fbd4e1f858be3
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Hardware Compatibility Publisher
+            ValidFrom: '2019-04-18 18:42:23'
+            ValidTo: '2020-03-27 18:42:23'
+            Signature: 5844e21f86b9788f56cd1d77f3f69287bb20fca894e9fedbba22b6bc952403a6b4c2cd38d003bfdd0ceb0ddcc583331efcad8b4be9516204983e26aaa15594ebc7b5784a3999aa9096a0d877371281c61840e4e57a2f4e33bcb554e3b1c25bcc71215544be72d254435aa7f462028722def36cb7819d9d746296b42f1e2dc0c6176f722fdc51d3913e1afdd3052cc50e1dc3f8dac1aaec4fc9b739973db14c1f1f68b5516a406994297ba034347c781323447d7e6c87dd73db025cea27bba00321aa12287daee740fd07040f293ead6d5f61bc0304daeebc847d5f4da6e712d2868d64a710212080c97dd804c265b6a60b368cceab6e1a4c81ba8361233a0ab2
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 33000000387a14cce6619d8c51000200000038
+            Version: 3
+            TBS:
+                MD5: f9a6526d8f83e3d33d925ae95b752dca
+                SHA1: ad9f086d0642e3b5de60584c44123cf4603c4525
+                SHA256: 7bdb7967d328a3a1cb2d2c4c7399633203668f9a86a271b277a218b639ad12ee
+                SHA384: 0ae0176f351a8e4df75f1c72d2002b1682a1e4d1ccb069fb8b5bcb496ef016a6386e44428ebabe538eb2900b564e3f93
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Hardware Compatibility PCA
+            ValidFrom: '2018-09-20 17:42:01'
+            ValidTo: '2021-05-09 23:28:13'
+            Signature: db595516f66f18e1341f22519cd75bdebec9fe22cf0da8b0b3d16c1da9a402d786bc566b40ee0bbcf93519de693d54a7d10a23c02dbc67986c390faf808cbc4adb87290c6336e5faf85d8f8c233ef9922fb1843a48a325954aeac902617af61fee0538540f210e1e96e2d2fbd710c3d9dcdee31f05054f429bacbd15eea95a19817a77c5be146a41a7307858ced3207157603c07b83c83ca0f35f77a632f148aa6dc8e0f947a8aaf6ad8c8d7c4490526c7f4f6ad021edb776725fe7dfb894a56d92fd032d2197c0e4edb995316a84d28109a61707230317c47c98b01093a263ebe5bcc278ffd669fd49fe1f51ac913b6c3cf714b5fc34381ee4996d59981421916414f0a902e76bd3b0399e4851a6084716df77ce405fe55a53be6f3c95f067a3f46ef77f7ad48d211cac1b08ab7964cfa9e8fdd336d2a84750021c76bffdc3de28b8d81b65134c9bdf6379fedf06b028f3ec0b6f5a6bb72c6745953ef43d67808d0bf11b7fa1d0a74b18f5e3b21f2e940ade8d052a9e19e9eb3bffbe9f5e8439a09ee26abf6d3e9528a1ef984617b5c33cf0d8d6e9daac74135d14fc21e82668e5b9075d3235eb988eec5fcac9753af2e343e2a1c88a19dc94ec1f11ae245eef3a76beccb5bb13fa9f39d9b04ffd6342cbc040e29a161d212d5b6a50c10be6f6b9e681d4747ac7bd030d75c18d61ec0ad03e3cecfc668c49424c26fd4de1072
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610435f1000000000041
+            Version: 3
+            TBS:
+                MD5: 77dab20d8e23cd8e18633adca506cf6e
+                SHA1: c5506bee3c29254dc5b5a0e6e7a14046522708ef
+                SHA256: 611f1d188d7c39a400a01ee32e2c257be5082445ace6f59acd103a250cc2ec0f
+                SHA384: cf4c4b8360744f9c56803afb49175361c93fc4a95c77dbe0eebb2852a32c93ed9cc563495c0e1c9c32e4d58512f55b49
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Time,Stamp PCA
+            ValidFrom: '2007-04-03 12:53:09'
+            ValidTo: '2021-04-03 13:03:09'
+            Signature: 10978ac35c034436dde9b4ad77dbce79514d01b12e74715b6d0c13abcebe7b8fb82ed412a28c6d62b85702cb4e20135099dd7a40e257bbaf589a1ce11d0186acbb78f28bd0ec3b01eee2be8f0a05c88d48e2f05315dd4fab92e4e78d6ad580c1e694f2062f8503e9912a242270fbf6fce478992e0df707e270bc184e9d8e6b0a7295b8a1399c672dc5510eea625c3f16988b203fe2071a32f9cc314a76313d2b720bc8ea703dff850a13dfc20a618ef0d7b817eb4e8b7fc5352b5ea3bfebbc7d0b427bd4537221ee30cabb78655c5b01170a140ed2da1498f53cb96658b32d2fe7f98586cc5156e89d70946cac394cd4f679bfaa187a6229efa29b293406771a62c93d1e6d1f82f00bc72cbbcf43b3e5f9ec7db5e3a4a87435b84ec571231226760b3c528c715a464314bcb3b3b04d67c89f42ff807921809e153066e842125e1ac89e2221d043e92be9bbf448cc2cd4d832804c262a48245f5aea56efa6de999dca3a6fbd8127740611ee7621bf9b82c12754b6b16a3d89a17661b46ea113a6bfaa47f0126ffd8a326cb2fedf51c88c23c966bd9d1d871264023d2daf598fb8e421e5b5b0ca63b4785405d4412e50ac94b0a578abb3a096751ad992871375222f32a8086ea05b8c25bfa0ef84ca21d6eb1e4fc99aee49e0f701656f890b7dc869c8e66eeaa797ce3129ff0ec55b5cd84d1ba1d8fa2f9e3f2e55166bc913a3fd
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 6116683400000000001c
+            Version: 3
+            TBS:
+                MD5: 335713f62536c68d0acc82df3dceb932
+                SHA1: 023cf1c5e99dc2f24133dae6937145bb481306e6
+                SHA256: 65d585d6bf2b0aa4f798b9af69be08c6f1c3d01a754f989768b722a145df5312
+                SHA384: f7dd00644994985c518f70c060386448dd0c3a13f5eff12a0dd31bf8333f24b781928d323acca27e04633e71a7f22e71
+        Signer:
+        -   SerialNumber: 33000000387a14cce6619d8c51000200000038
+            Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Hardware Compatibility PCA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: dd10afd0600f2236361f48592587474c
+        SHA1: 0dbcc0d10e288b15aa0eda2aaffcd2a0edb7850b
+        SHA256: c834c4c8ac0c6f8457c4b833e5771b4f273ed815ab2d189a65c4afa9ca9e3975
+    Sections:
+        .text:
+            Entropy: 6.137423926314564
+            Virtual Size: '0x25a0'
+        .rdata:
+            Entropy: 4.328121245748763
+            Virtual Size: '0xf78'
+        .data:
+            Entropy: 2.0732868843388097
+            Virtual Size: '0x22c'
+        .pdata:
+            Entropy: 4.208993052865855
+            Virtual Size: '0x2f4'
+        PAGE:
+            Entropy: 6.228697679351415
+            Virtual Size: '0x1a1b'
+        INIT:
+            Entropy: 5.210944759781676
+            Virtual Size: '0x818'
+        .rsrc:
+            Entropy: 3.282250655906871
+            Virtual Size: '0x380'
+        .reloc:
+            Entropy: 3.698934896284056
+            Virtual Size: '0x30'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2019-06-13 08:03:46'
+    Imphash: d122c1eaa50839be14c31876d0d4e0be
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: procexp152.sys
+    MD5: ad03f225247b58a57584b40a4d1746d3
+    SHA1: e525f54b762c10703c975132e8fc21b6cd88d39b
+    SHA256: 59b09bd69923c0b3de3239e73205b1846a5f69043546d471b259887bb141d879
+    Signature: ''
+    Date: ''
+    Publisher: ''
+    Company: Sysinternals - www.sysinternals.com
+    Description: Process Explorer
+    Product: Process Explorer
+    ProductVersion: '15.00'
+    FileVersion: '15.00'
+    MachineType: AMD64
+    OriginalFilename: procexp.Sys
+    Authentihash:
+        MD5: 9e4c2a2e8832f10ecdd2be70eb6bc300
+        SHA1: 2b15e90dc654ce779bd460787352639768cd8baa
+        SHA256: 26536758c2247b6251a342d2e80de1753c006a0dce9b3b8a6a5b1d3110c8fc34
+    InternalName: procexp.sys
+    Copyright: Copyright (C) Mark Russinovich 1996-2014
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - strncpy
+    - RtlInitUnicodeString
+    - RtlUnicodeStringToAnsiString
+    - RtlFreeAnsiString
+    - KeWaitForSingleObject
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - ExGetPreviousMode
+    - MmGetSystemRoutineAddress
+    - SeCaptureSubjectContext
+    - SeReleaseSubjectContext
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - ObReferenceObjectByHandle
+    - ObfDereferenceObject
+    - ZwClose
+    - MmIsAddressValid
+    - ZwOpenProcess
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - SePrivilegeCheck
+    - PsLookupProcessByProcessId
+    - ObOpenObjectByPointer
+    - ObQueryNameString
+    - ZwQueryObject
+    - ZwDuplicateObject
+    - ZwOpenProcessToken
+    - ZwQueryInformationProcess
+    - ZwQuerySystemInformation
+    - ObCloseHandle
+    - ObOpenObjectByName
+    - __C_specific_handler
+    - IoFileObjectType
+    - PsProcessType
+    - PsThreadType
+    - NtBuildNumber
+    - IoCreateDevice
+    - ZwSetSecurityObject
+    - IoDeviceObjectType
+    - _snwprintf
+    - RtlLengthSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - RtlCreateSecurityDescriptor
+    - RtlSetDaclSecurityDescriptor
+    - RtlAbsoluteToSelfRelativeSD
+    - IoIsWdmVersionAvailable
+    - SeExports
+    - wcschr
+    - _wcsnicmp
+    - RtlLengthSid
+    - RtlAddAccessAllowedAce
+    - RtlGetSaclSecurityDescriptor
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - ZwOpenKey
+    - ZwCreateKey
+    - ZwQueryValueKey
+    - ZwSetValueKey
+    - RtlFreeUnicodeString
+    - KeBugCheckEx
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Sysinternals, OU=Digital ID
+                Class 3 , Microsoft Software Validation v2, CN=Sysinternals
+            ValidFrom: '2013-04-06 00:00:00'
+            ValidTo: '2016-05-05 23:59:59'
+            Signature: dcae28e748027154f884826e2ddb877a410d735e07184d1777b9fe78bb3458d7b9cb6be5a892e1f6f16f040f4c143bb40dee252c632d495822bf8eef37429257332efd651b27023dba183f9824886a3602f3a0b3d78addfc85e235da619e504d300242eb19dc85c34d170a78d849372b6fb7de286fe6ed87c62f45d8e7ddf4840c009fadfbb0cf4268f0d476113f2f970d04be95e41665f20166a156b5a407c62f7e7b3d7b2acce45a615af50c85631dadab3088137df317645ef6c901b313a02abe7cf128aff2a16dfebb8e1dc4d39b5919e9433955fc3f2ba065833b573ef8e346f1505e613d5cee2efc71d7b5477a80dcc32ae5acb580370ddfa9dda309f2
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1efd983a49d3f152ac9cd2941b8a0edd
+            Version: 3
+            TBS:
+                MD5: 1b7ca026e68405de56477b5b7bb3a0a5
+                SHA1: b2a1bd13d8833154f02e51e25c9f023d54a27d21
+                SHA256: 2018b8e7ea18c392558dcd375742cc792648ec23e5eb07d7987c27c76f4c62c0
+                SHA384: a8ccad9eeb4974ba9504241c685e7e1dd85e0de420c0ae077f8f3e92b3ab7c9a1653b3d0d535250a741bb7e36ec2f06a
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 1efd983a49d3f152ac9cd2941b8a0edd
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: a052ed4e5d10c66e3e667a42fcdcc54a
+        SHA1: 04b9d41ef58b5aaaca72f0ce222a8adfbe8ad251
+        SHA256: c254feaf8c3e788a6ec9d41de0d7bad054f4347a8347d6806840cd1d9030ed4a
+    Sections:
+        .text:
+            Entropy: 6.194112925534596
+            Virtual Size: '0x2370'
+        .rdata:
+            Entropy: 4.439763008453193
+            Virtual Size: '0xb80'
+        .data:
+            Entropy: 2.0654743843388097
+            Virtual Size: '0x224'
+        .pdata:
+            Entropy: 4.238715005322108
+            Virtual Size: '0x2e8'
+        PAGE:
+            Entropy: 6.226087739371598
+            Virtual Size: '0x1a1b'
+        INIT:
+            Entropy: 5.215673013101648
+            Virtual Size: '0x818'
+        .rsrc:
+            Entropy: 3.282250655906871
+            Virtual Size: '0x380'
+        .reloc:
+            Entropy: 2.855388542207534
+            Virtual Size: '0x18'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2015-05-10 22:52:10'
+    Imphash: 4792bcb395d06f9efb72e8020c4af5e6
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: procexp.Sys
+    MD5: 97e3a44ec4ae58c8cc38eefc613e950e
+    SHA1: bc47e15537fa7c32dfefd23168d7e1741f8477ed
+    SHA256: 440883cd9d6a76db5e53517d0ec7fe13d5a50d2f6a7f91ecfc863bc3490e4f5c
+    Signature:
+    - Microsoft Windows Hardware Compatibility Publisher
+    - Microsoft Windows Third Party Component CA 2012
+    - Microsoft Root Certificate Authority 2010
+    Date: ''
+    Publisher: ''
+    Company: Sysinternals - www.sysinternals.com
+    Description: Process Explorer
+    Product: Process Explorer
+    ProductVersion: '16.43'
+    FileVersion: '16.43'
+    MachineType: AMD64
+    OriginalFilename: procexp.Sys
+    Authentihash:
+        MD5: 0a7106a04e6e3b13eb105b013f76e031
+        SHA1: 0c74316dfb9c21b7ff2dc288c005f9474dc26589
+        SHA256: c7fef94e329bd9b66b281539265f989313356cbd9c345df9e670e9c4b6e0edce
+    InternalName: procexp.sys
+    Copyright: Copyright (C) Mark Russinovich 1996-2021
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - strncpy
+    - RtlInitUnicodeString
+    - RtlUnicodeStringToAnsiString
+    - RtlFreeAnsiString
+    - KeWaitForSingleObject
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - ExGetPreviousMode
+    - MmGetSystemRoutineAddress
+    - SeCaptureSubjectContext
+    - SeReleaseSubjectContext
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - ObReferenceObjectByHandle
+    - ObfDereferenceObject
+    - ZwClose
+    - MmIsAddressValid
+    - PsGetVersion
+    - ZwOpenProcess
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - SePrivilegeCheck
+    - PsLookupProcessByProcessId
+    - ObOpenObjectByPointer
+    - ObQueryNameString
+    - ZwQueryObject
+    - ZwDuplicateObject
+    - ZwOpenProcessToken
+    - ZwQueryInformationProcess
+    - ZwQuerySystemInformation
+    - ObCloseHandle
+    - ObOpenObjectByName
+    - __C_specific_handler
+    - IoFileObjectType
+    - PsProcessType
+    - PsThreadType
+    - RtlFreeUnicodeString
+    - IoCreateDevice
+    - ZwSetSecurityObject
+    - IoDeviceObjectType
+    - _snwprintf
+    - RtlLengthSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - RtlCreateSecurityDescriptor
+    - RtlSetDaclSecurityDescriptor
+    - RtlAbsoluteToSelfRelativeSD
+    - IoIsWdmVersionAvailable
+    - SeExports
+    - wcschr
+    - _wcsnicmp
+    - RtlLengthSid
+    - RtlAddAccessAllowedAce
+    - RtlGetSaclSecurityDescriptor
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - ZwOpenKey
+    - ZwCreateKey
+    - ZwQueryValueKey
+    - ZwSetValueKey
+    - KeBugCheckEx
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Hardware Compatibility Publisher
+            ValidFrom: '2020-12-15 22:15:30'
+            ValidTo: '2021-12-02 22:15:30'
+            Signature: 199acc6a8717c0db5b4b2312dccd8bb1e33ef492731fb8e1d60bd6f690de074b6d92293c8260012dcacc668a68f10e726a37d2ff7ee66b1eea424f56f104249bd6d7e7eba8c1745f4f1143bac7e648e48c1b2a1adf6954b5de1669df19c4be5633b791b7a3cba23641006fd58ac2d494a1d00dadbc3b3fe50a7ad0163cb386693824106b5dd9f9b8a579e45f5c5f8804832b8a773701e0ca31dee9a012fce5911492de93beea44a3822f7a83c448a484eeb937a4fa7f4067879b910e534c966d2650bd5c93f066656aa0f4c7c318161d4a8b367056df42af60a0aad0eb2de3bb47b96b948f2c849f330cfef599f1775bb6d41cf150decb40a83d5800727d977e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 33000000b20f9ad86794f322f60000000000b2
+            Version: 3
+            TBS:
+                MD5: b9dc0ff1a60c3aba24a78d505955bf39
+                SHA1: 15a5da2c8aa2955af75615009d249071f91fd252
+                SHA256: ba7853f855ba7bc325287c11f5f7b20e013716affad372440feb2c3cf02f0bc5
+                SHA384: 90f67f637874aca58284dde5bfa77d98616efd902d1a63f53bc30cd287d464e6706388ed317199236e0739642622f9c5
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2012
+            ValidFrom: '2012-04-18 23:48:38'
+            ValidTo: '2027-04-18 23:58:38'
+            Signature: 5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 610baac1000000000009
+            Version: 3
+            TBS:
+                MD5: a569061297e8e824767dbc3184a69bea
+                SHA1: adbb26a587a8f44b4fccaecb306f980d1c55a150
+                SHA256: cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46
+                SHA384: e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba
+        Signer:
+        -   SerialNumber: 33000000b20f9ad86794f322f60000000000b2
+            Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2012
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 10ece32f0d8e8124966ad20948a21790
+        SHA1: e70413e4c5de0ddabaeb3b871f170e42cc2c98d3
+        SHA256: 70581f2de67d48a583a4ee59062315c053f9419dc879e246c6a4efc9f1ec6506
+    Sections:
+        .text:
+            Entropy: 6.135370257019049
+            Virtual Size: '0x25d0'
+        .rdata:
+            Entropy: 4.304481785203618
+            Virtual Size: '0xf90'
+        .data:
+            Entropy: 2.0732868843388097
+            Virtual Size: '0x22c'
+        .pdata:
+            Entropy: 4.222974183202439
+            Virtual Size: '0x2f4'
+        PAGE:
+            Entropy: 6.227798908894738
+            Virtual Size: '0x1a1b'
+        INIT:
+            Entropy: 5.210944759781676
+            Virtual Size: '0x818'
+        .rsrc:
+            Entropy: 3.3092987387252557
+            Virtual Size: '0x380'
+        .reloc:
+            Entropy: 3.698934896284056
+            Virtual Size: '0x30'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2021-08-16 20:01:16'
+    Imphash: d122c1eaa50839be14c31876d0d4e0be
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: procexp.sys
+    MD5: b79475c4783efdd8122694c6b5669a79
+    SHA1: d612165251d5f1dcfb1f1a762c88d956f49ce344
+    SHA256: cdfbe62ef515546f1728189260d0bdf77167063b6dbb77f1db6ed8b61145a2bc
+    Signature: ''
+    Date: ''
+    Publisher: ''
+    Company: Sysinternals - www.sysinternals.com
+    Description: Process Explorer
+    Product: Process Explorer
+    ProductVersion: '16.32'
+    FileVersion: '16.32'
+    MachineType: AMD64
+    OriginalFilename: procexp.Sys
+    Authentihash:
+        MD5: bee5a87f72b42f3bb5958ba541f4caff
+        SHA1: 9e0516a6ce73163e2ff5bf0740b57da46846228b
+        SHA256: 74716032cc2f63c67b9df0882c6794b4bf66147d943329db5f233a04c2fd9b12
+    RichPEHeaderHash:
+        MD5: 43d9cd97a9af9d2018a2e3b912ceee7b
+        SHA1: 8376f05ff6ebd3001f063c022d6878ae5f3b0adc
+        SHA256: 8affa451179e3e28a8f4f5e5ce035ec16f661d943ec0acc9ac6e987e7640dfc9
+    Sections:
+        .text:
+            Entropy: 6.137423926314564
+            Virtual Size: '0x25a0'
+        .rdata:
+            Entropy: 4.316500024833388
+            Virtual Size: '0xf68'
+        .data:
+            Entropy: 2.0732868843388097
+            Virtual Size: '0x22c'
+        .pdata:
+            Entropy: 4.199286592950671
+            Virtual Size: '0x2f4'
+        PAGE:
+            Entropy: 6.228697679351415
+            Virtual Size: '0x1a1b'
+        INIT:
+            Entropy: 5.210944759781676
+            Virtual Size: '0x818'
+        .rsrc:
+            Entropy: 3.300315570047502
+            Virtual Size: '0x380'
+        .reloc:
+            Entropy: 3.698934896284056
+            Virtual Size: '0x30'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2020-09-11 15:57:25'
+    InternalName: procexp.sys
+    Copyright: Copyright (C) Mark Russinovich 1996-2020
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - strncpy
+    - RtlInitUnicodeString
+    - RtlUnicodeStringToAnsiString
+    - RtlFreeAnsiString
+    - KeWaitForSingleObject
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - ExGetPreviousMode
+    - MmGetSystemRoutineAddress
+    - SeCaptureSubjectContext
+    - SeReleaseSubjectContext
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - ObReferenceObjectByHandle
+    - ObfDereferenceObject
+    - ZwClose
+    - MmIsAddressValid
+    - PsGetVersion
+    - ZwOpenProcess
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - SePrivilegeCheck
+    - PsLookupProcessByProcessId
+    - ObOpenObjectByPointer
+    - ObQueryNameString
+    - ZwQueryObject
+    - ZwDuplicateObject
+    - ZwOpenProcessToken
+    - ZwQueryInformationProcess
+    - ZwQuerySystemInformation
+    - ObCloseHandle
+    - ObOpenObjectByName
+    - __C_specific_handler
+    - IoFileObjectType
+    - PsProcessType
+    - PsThreadType
+    - RtlFreeUnicodeString
+    - IoCreateDevice
+    - ZwSetSecurityObject
+    - IoDeviceObjectType
+    - _snwprintf
+    - RtlLengthSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - RtlCreateSecurityDescriptor
+    - RtlSetDaclSecurityDescriptor
+    - RtlAbsoluteToSelfRelativeSD
+    - IoIsWdmVersionAvailable
+    - SeExports
+    - wcschr
+    - _wcsnicmp
+    - RtlLengthSid
+    - RtlAddAccessAllowedAce
+    - RtlGetSaclSecurityDescriptor
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - ZwOpenKey
+    - ZwCreateKey
+    - ZwQueryValueKey
+    - ZwSetValueKey
+    - KeBugCheckEx
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Hardware Compatibility Publisher
+            ValidFrom: '2020-03-04 19:12:18'
+            ValidTo: '2021-03-03 19:12:18'
+            Signature: 36f61260ed044bf89549c232aa8ee2004a952d0e542dc7388d42439d56f055eae824b2cf5be28cfae13b7c6064dc82e4ad88ddd542db32adc513e2b2b4c2a8e842cef37844682e569326e401f11243c4a2ad8b3b164909afdc57a9ee36d6b3e2a29785a8c1e60368581989af87b0d0e614102a64d39a621887b25fc02b846c65e0f2bfcd5385942c77aafae5cb3d7a89ea7fd71b65d6e33506286ac35ff7c3d1600eb51989271921b449a20ba70f383eb24c015a621af60f0593cc7cecaca55697f3a41c550aefa048fff0999175778613a8f902166e58bd46cb10e6c7a4e605073a7615d414476ee5cf4c51662cba47e7dc85324fd8fd13cbbcbe47a7287e29
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 330000009484c47568579aafe9000000000094
+            Version: 3
+            TBS:
+                MD5: b46a69db7e461e55282dc24dc594e5d6
+                SHA1: 3b19241d555a74781e2b63a7c14ad12b1ec68205
+                SHA256: 2a247cfecd58618afbf0f68cde5b9284a822e18e6ad5ff873467c6845b7f5975
+                SHA384: 5d7aeddeeef9b55bec8c3c5def19b19b0986f14b37ebc2e572847c82ab66a5dda02cfb30dd60a6be132441c7c4a70e79
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2012
+            ValidFrom: '2012-04-18 23:48:38'
+            ValidTo: '2027-04-18 23:58:38'
+            Signature: 5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 610baac1000000000009
+            Version: 3
+            TBS:
+                MD5: a569061297e8e824767dbc3184a69bea
+                SHA1: adbb26a587a8f44b4fccaecb306f980d1c55a150
+                SHA256: cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46
+                SHA384: e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba
+        Signer:
+        -   SerialNumber: 330000009484c47568579aafe9000000000094
+            Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2012
+            Version: 1
+    Imphash: d122c1eaa50839be14c31876d0d4e0be
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: procexp1627.sys
+    MD5: c06dda757b92e79540551efd00b99d4b
+    SHA1: 3296844d22c87dd5eba3aa378a8242b41d59db7a
+    SHA256: 9b6a84f7c40ea51c38cc4d2e93efb3375e9d98d4894a85941190d94fbe73a4e4
+    Signature: ''
+    Date: ''
+    Publisher: ''
+    Company: Sysinternals - www.sysinternals.com
+    Description: Process Explorer
+    Product: Process Explorer
+    ProductVersion: '16.27'
+    FileVersion: '16.27'
+    MachineType: AMD64
+    OriginalFilename: procexp.Sys
+    Authentihash:
+        MD5: f57e986673aee44bf51e7e6bb3ed0113
+        SHA1: edc10781eb6d1e3bdf9d15cfebddbe1a1fb804d9
+        SHA256: decba65bbf2232ac55a698539304cab211b45eef0ed17c05dd7995bef2b98fc6
+    InternalName: procexp.sys
+    Copyright: Copyright (C) Mark Russinovich 1996-2019
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - strncpy
+    - RtlInitUnicodeString
+    - RtlUnicodeStringToAnsiString
+    - RtlFreeAnsiString
+    - KeWaitForSingleObject
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - ExGetPreviousMode
+    - MmGetSystemRoutineAddress
+    - SeCaptureSubjectContext
+    - SeReleaseSubjectContext
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - ObReferenceObjectByHandle
+    - ObfDereferenceObject
+    - ZwClose
+    - MmIsAddressValid
+    - PsGetVersion
+    - ZwOpenProcess
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - SePrivilegeCheck
+    - PsLookupProcessByProcessId
+    - ObOpenObjectByPointer
+    - ObQueryNameString
+    - ZwQueryObject
+    - ZwDuplicateObject
+    - ZwOpenProcessToken
+    - ZwQueryInformationProcess
+    - ZwQuerySystemInformation
+    - ObCloseHandle
+    - ObOpenObjectByName
+    - __C_specific_handler
+    - IoFileObjectType
+    - PsProcessType
+    - PsThreadType
+    - RtlFreeUnicodeString
+    - IoCreateDevice
+    - ZwSetSecurityObject
+    - IoDeviceObjectType
+    - _snwprintf
+    - RtlLengthSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - RtlCreateSecurityDescriptor
+    - RtlSetDaclSecurityDescriptor
+    - RtlAbsoluteToSelfRelativeSD
+    - IoIsWdmVersionAvailable
+    - SeExports
+    - wcschr
+    - _wcsnicmp
+    - RtlLengthSid
+    - RtlAddAccessAllowedAce
+    - RtlGetSaclSecurityDescriptor
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - ZwOpenKey
+    - ZwCreateKey
+    - ZwQueryValueKey
+    - ZwSetValueKey
+    - KeBugCheckEx
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Hardware Compatibility Publisher
+            ValidFrom: '2019-05-02 20:49:42'
+            ValidTo: '2020-05-02 20:49:42'
+            Signature: 9c38927cf34cadf6121bbacca605cb2423a311565e3a71c4449c2cb81936d3ed3aa79d7a0914e19ab121d788f1803cdf9f023a352823ad4175f5389c193fb1efba47e33ab8ff227e68742a875f3932dfa7bc39950353653e664de0049ba8f09914e5dd7d78dff13d50096d20de210e49c3ea01713741c88ed65805d4eb08ded809a5c70a116c7648c0c55951004b1d249575bed351fbee3361cf822e02b437c702c7948496eb784dbf6102839ceb3e1e26f344a6aa2a9b1b0b7c6f56f3c145cbecd9a9661adc7446b5c368f782f5fd50a5a244618ae30b3dc4616c59992a28192174906653bc878dec57075ce37a4e8ceeabd2b8eeff742443fee80af5ee6482
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 3300000082c88ba15b1c3ef710000000000082
+            Version: 3
+            TBS:
+                MD5: d47b44dce52973327e0283b8aaa49df4
+                SHA1: d8c5ee55191da114e9e73f01e6222025ede696ac
+                SHA256: 2d7cd230c57a7af8093369126606854002ea799a5d9b72fdb636988bdec5b451
+                SHA384: fdf14dbff80d252e2775d15550a319a858a79083ef31346a46beb1361031d3f8d16db0483a893a1ba4370f58c8bc47b2
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2012
+            ValidFrom: '2012-04-18 23:48:38'
+            ValidTo: '2027-04-18 23:58:38'
+            Signature: 5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 610baac1000000000009
+            Version: 3
+            TBS:
+                MD5: a569061297e8e824767dbc3184a69bea
+                SHA1: adbb26a587a8f44b4fccaecb306f980d1c55a150
+                SHA256: cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46
+                SHA384: e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba
+        Signer:
+        -   SerialNumber: 3300000082c88ba15b1c3ef710000000000082
+            Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2012
+            Version: 1
+    RichPEHeaderHash:
+        MD5: fb1a18f749889fe0e199b0f3663bd343
+        SHA1: 9a992dfb873710e2066c04fcfd782ba5b28b26a0
+        SHA256: 5926062150b4490d7e6f74618065b30be72dce302a8ae31b808bc8ba87e22694
+    Sections:
+        .text:
+            Entropy: 6.137423926314564
+            Virtual Size: '0x25a0'
+        .rdata:
+            Entropy: 4.321548193877127
+            Virtual Size: '0xf68'
+        .data:
+            Entropy: 2.0732868843388097
+            Virtual Size: '0x22c'
+        .pdata:
+            Entropy: 4.199286592950671
+            Virtual Size: '0x2f4'
+        PAGE:
+            Entropy: 6.228697679351415
+            Virtual Size: '0x1a1b'
+        INIT:
+            Entropy: 5.210944759781676
+            Virtual Size: '0x818'
+        .rsrc:
+            Entropy: 3.3102527040960963
+            Virtual Size: '0x380'
+        .reloc:
+            Entropy: 3.698934896284056
+            Virtual Size: '0x30'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2019-12-13 09:37:59'
+    Imphash: d122c1eaa50839be14c31876d0d4e0be
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/058fb356-e0ff-4f5e-8293-319feb005db2.yaml b/yaml/058fb356-e0ff-4f5e-8293-319feb005db2.yaml
index 36769e41d..f555e0d71 100644
--- a/yaml/058fb356-e0ff-4f5e-8293-319feb005db2.yaml
+++ b/yaml/058fb356-e0ff-4f5e-8293-319feb005db2.yaml
@@ -1,48 +1,48 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 058fb356-e0ff-4f5e-8293-319feb005db2
+Tags:
+- bandai.sys
+Verified: 'FALSE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create bandai.sys binPath=C:\windows\temp\bandai.sys type=kernel
-    && sc.exe start bandai.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection: []
-Id: 058fb356-e0ff-4f5e-8293-319feb005db2
-KnownVulnerableSamples:
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: bandai.sys
-  MachineType: ''
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: 0f780b7ada5dd8464d9f2cc537d973f5ac804e9c
-  Signature: []
-  LoadsDespiteHVCI: 'FALSE'
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: bandai.sys
-  MachineType: ''
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: ea360a9f23bb7cf67f08b88e6a185a699f0c5410
-  Signature: []
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create bandai.sys binPath=C:\windows\temp\bandai.sys type=kernel
+        && sc.exe start bandai.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules
-Tags:
-- bandai.sys
-Verified: 'FALSE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: bandai.sys
+    MachineType: ''
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: 0f780b7ada5dd8464d9f2cc537d973f5ac804e9c
+    Signature: []
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: bandai.sys
+    MachineType: ''
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: ea360a9f23bb7cf67f08b88e6a185a699f0c5410
+    Signature: []
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/0590655c-baa2-481a-b909-463534bd7a5e.yaml b/yaml/0590655c-baa2-481a-b909-463534bd7a5e.yaml
index 9cc8abed2..b812c2f22 100644
--- a/yaml/0590655c-baa2-481a-b909-463534bd7a5e.yaml
+++ b/yaml/0590655c-baa2-481a-b909-463534bd7a5e.yaml
@@ -1,134 +1,134 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 0590655c-baa2-481a-b909-463534bd7a5e
+Tags:
+- daxin_blank5.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: malicious
-Commands:
-  Command: sc.exe create daxin_blank5.sys binPath=C:\windows\temp\daxin_blank5.sys     type=kernel
-    && sc.exe start daxin_blank5.sys
-  Description: Driver used in the Daxin malware campaign.
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-02-28'
-Detection: []
-Id: 0590655c-baa2-481a-b909-463534bd7a5e
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: da0d70a9fd3a61a2802af4a07bed29d4
-    SHA1: 99a969b2deded8b2d403268cd49139463c06b484
-    SHA256: 954789c665098cf491a9bdf4e04886bad8992a393f91ccbca239bff40cc6dca6
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2008-07-17 19:29:43'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: daxin_blank5.sys
-  ImportedFunctions:
-  - MmUnlockPages
-  - KeInsertQueueApc
-  - strncmp
-  - KeInitializeApc
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - _except_handler3
-  - IoQueueWorkItem
-  - KeAttachProcess
-  - KeDetachProcess
-  - IoGetCurrentProcess
-  - IoFreeWorkItem
-  - RtlFreeUnicodeString
-  - ZwClose
-  - ZwWriteFile
-  - ZwCreateFile
-  - RtlAnsiStringToUnicodeString
-  - IofCompleteRequest
-  - ExFreePool
-  - ExAllocatePoolWithTag
-  - InterlockedDecrement
-  - MmMapLockedPagesSpecifyCache
-  - IoFreeMdl
-  - InterlockedExchange
-  - InterlockedIncrement
-  - swprintf
-  - RtlCopyUnicodeString
-  - ExfInterlockedInsertTailList
-  - wcsncmp
-  - IoCreateSymbolicLink
-  - RtlInitUnicodeString
-  - IoCreateDevice
-  - IoDeleteSymbolicLink
-  - KeInitializeSpinLock
-  - IoDeleteDevice
-  - _strnicmp
-  - ExfInterlockedRemoveHeadList
-  - IoAllocateWorkItem
-  - KfAcquireSpinLock
-  - KfReleaseSpinLock
-  - NdisAllocateMemory
-  - NdisFreePacket
-  - NdisAllocatePacket
-  - NdisResetEvent
-  - NdisCloseAdapter
-  - NdisAllocateBuffer
-  - NdisInitializeEvent
-  - NdisOpenAdapter
-  - NdisFreeMemory
-  - NdisQueryAdapterInstanceName
-  - NdisDeregisterProtocol
-  - NdisSetEvent
-  - NdisFreeBufferPool
-  - NdisAllocatePacketPool
-  - NdisFreePacketPool
-  - NdisRegisterProtocol
-  - NdisWaitEvent
-  - NdisAllocateBufferPool
-  - NdisCopyFromPacketToPacket
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  - NDIS.SYS
-  InternalName: ''
-  MD5: f242cffd9926c0ccf94af3bf16b6e527
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: n/a
-  RichPEHeaderHash:
-    MD5: 6c5319c52cabf708cac1121ed7df420b
-    SHA1: 4d9f5c969d83ff20b202263d6d4a38aed8deb9f3
-    SHA256: cb3c84a0789027aef0c0aef452da254f600b2f17ed53054a5a68765f708302d4
-  SHA1: 53f776d9a183c42b93960b270dddeafba74eb3fb
-  SHA256: 9c2f3e9811f7d0c7463eaa1ee6f39c23f902f3797b80891590b43bbe0fdf0e51
-  Sections:
-    .text:
-      Entropy: 6.333612663607225
-      Virtual Size: '0x3146'
-    .rdata:
-      Entropy: 3.9544250034604453
-      Virtual Size: '0x104'
-    .data:
-      Entropy: 2.1263450977868867
-      Virtual Size: '0x4ec9c'
-    INIT:
-      Entropy: 5.2278974725553775
-      Virtual Size: '0x62e'
-    .reloc:
-      Entropy: 4.026524390647434
-      Virtual Size: '0x724'
-  Signature: Unsigned
-  Signatures: {}
-  Imphash: a09170ef09c55cdca9472c02cb1f2647
-  LoadsDespiteHVCI: 'TRUE'
 MitreID: T1068
+Category: malicious
+Commands:
+    Command: sc.exe create daxin_blank5.sys binPath=C:\windows\temp\daxin_blank5.sys     type=kernel
+        && sc.exe start daxin_blank5.sys
+    Description: Driver used in the Daxin malware campaign.
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://gist.github.com/MHaggis/9ab3bb795a6018d70fb11fa7c31f8f48
 - https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/daxin-backdoor-espionage
 - ''
-Tags:
-- daxin_blank5.sys
-Verified: 'TRUE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: da0d70a9fd3a61a2802af4a07bed29d4
+        SHA1: 99a969b2deded8b2d403268cd49139463c06b484
+        SHA256: 954789c665098cf491a9bdf4e04886bad8992a393f91ccbca239bff40cc6dca6
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2008-07-17 19:29:43'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: daxin_blank5.sys
+    ImportedFunctions:
+    - MmUnlockPages
+    - KeInsertQueueApc
+    - strncmp
+    - KeInitializeApc
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - _except_handler3
+    - IoQueueWorkItem
+    - KeAttachProcess
+    - KeDetachProcess
+    - IoGetCurrentProcess
+    - IoFreeWorkItem
+    - RtlFreeUnicodeString
+    - ZwClose
+    - ZwWriteFile
+    - ZwCreateFile
+    - RtlAnsiStringToUnicodeString
+    - IofCompleteRequest
+    - ExFreePool
+    - ExAllocatePoolWithTag
+    - InterlockedDecrement
+    - MmMapLockedPagesSpecifyCache
+    - IoFreeMdl
+    - InterlockedExchange
+    - InterlockedIncrement
+    - swprintf
+    - RtlCopyUnicodeString
+    - ExfInterlockedInsertTailList
+    - wcsncmp
+    - IoCreateSymbolicLink
+    - RtlInitUnicodeString
+    - IoCreateDevice
+    - IoDeleteSymbolicLink
+    - KeInitializeSpinLock
+    - IoDeleteDevice
+    - _strnicmp
+    - ExfInterlockedRemoveHeadList
+    - IoAllocateWorkItem
+    - KfAcquireSpinLock
+    - KfReleaseSpinLock
+    - NdisAllocateMemory
+    - NdisFreePacket
+    - NdisAllocatePacket
+    - NdisResetEvent
+    - NdisCloseAdapter
+    - NdisAllocateBuffer
+    - NdisInitializeEvent
+    - NdisOpenAdapter
+    - NdisFreeMemory
+    - NdisQueryAdapterInstanceName
+    - NdisDeregisterProtocol
+    - NdisSetEvent
+    - NdisFreeBufferPool
+    - NdisAllocatePacketPool
+    - NdisFreePacketPool
+    - NdisRegisterProtocol
+    - NdisWaitEvent
+    - NdisAllocateBufferPool
+    - NdisCopyFromPacketToPacket
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    - NDIS.SYS
+    InternalName: ''
+    MD5: f242cffd9926c0ccf94af3bf16b6e527
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: n/a
+    RichPEHeaderHash:
+        MD5: 6c5319c52cabf708cac1121ed7df420b
+        SHA1: 4d9f5c969d83ff20b202263d6d4a38aed8deb9f3
+        SHA256: cb3c84a0789027aef0c0aef452da254f600b2f17ed53054a5a68765f708302d4
+    SHA1: 53f776d9a183c42b93960b270dddeafba74eb3fb
+    SHA256: 9c2f3e9811f7d0c7463eaa1ee6f39c23f902f3797b80891590b43bbe0fdf0e51
+    Sections:
+        .text:
+            Entropy: 6.333612663607225
+            Virtual Size: '0x3146'
+        .rdata:
+            Entropy: 3.9544250034604453
+            Virtual Size: '0x104'
+        .data:
+            Entropy: 2.1263450977868867
+            Virtual Size: '0x4ec9c'
+        INIT:
+            Entropy: 5.2278974725553775
+            Virtual Size: '0x62e'
+        .reloc:
+            Entropy: 4.026524390647434
+            Virtual Size: '0x724'
+    Signature: Unsigned
+    Signatures: {}
+    Imphash: a09170ef09c55cdca9472c02cb1f2647
+    LoadsDespiteHVCI: 'TRUE'
diff --git a/yaml/05d7cfea-1fb9-4559-8837-d97b713254fe.yaml b/yaml/05d7cfea-1fb9-4559-8837-d97b713254fe.yaml
index aad12fae5..854e9a785 100644
--- a/yaml/05d7cfea-1fb9-4559-8837-d97b713254fe.yaml
+++ b/yaml/05d7cfea-1fb9-4559-8837-d97b713254fe.yaml
@@ -1,147 +1,147 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 05d7cfea-1fb9-4559-8837-d97b713254fe
+Tags:
+- 4.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: malicious
-Commands:
-  Command: sc.exe create 4.sys binPath=C:\windows\temp\4.sys type=kernel && sc.exe
-    start 4.sys
-  Description: "SentinelOne has observed prominent threat actors abusing legitimately\
-    \ signed Microsoft drivers in active intrusions into telecommunication, BPO, MSSP,\
-    \ and financial services businesses.\nInvestigations into these intrusions led\
-    \ to the discovery of POORTRY and STONESTOP malware, part of a small toolkit designed\
-    \ to terminate AV and EDR processes.\nWe first reported our discovery to Microsoft\u2019\
-    s Security Response Center (MSRC) in October 2022 and received an official case\
-    \ number (75361). Today, MSRC released an associated advisory under ADV220005.\n\
-    This research is being released alongside Mandiant, a SentinelOne technology and\
-    \ incident response partner. "
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-03-04'
-Detection: []
-Id: 05d7cfea-1fb9-4559-8837-d97b713254fe
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 72b24aa23f596d91a5596e57b1c306d0
-    SHA1: 60316c8ebadad30d9dd33ae87e8202b6e0c17cb4
-    SHA256: 1716d4c523aeea9703032ca93eb9668b9a16f542c00cec248b0a1c132d80bb15
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2022-06-02 04:09:08'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: 4.sys
-  ImportedFunctions:
-  - rand
-  - ExAllocatePool
-  - NtQuerySystemInformation
-  - ExFreePoolWithTag
-  - IoAllocateMdl
-  - MmProbeAndLockPages
-  - MmMapLockedPagesSpecifyCache
-  - MmUnlockPages
-  - IoFreeMdl
-  - KeQueryActiveProcessors
-  - KeSetSystemAffinityThread
-  - KeRevertToUserAffinityThread
-  - DbgPrint
-  - KeQueryPerformanceCounter
-  Imports:
-  - ntoskrnl.exe
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: 6fcf56f6ca3210ec397e55f727353c4a
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: ffdf660eb1ebf020a1d0a55a90712dfb
-    SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
-    SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
-  SHA1: 6debce728bcff73d9d1d334df0c6b1c3735e295c
-  SHA256: 8e035beb02a411f8a9e92d4cf184ad34f52bbd0a81a50c222cdd4706e4e45104
-  Sections:
-    .text:
-      Entropy: 0.0
-      Virtual Size: '0x16a8'
-    .rdata:
-      Entropy: 0.0
-      Virtual Size: '0x5b0'
-    .data:
-      Entropy: 0.0
-      Virtual Size: '0x110'
-    .pdata:
-      Entropy: 0.0
-      Virtual Size: '0x15c'
-    INIT:
-      Entropy: 0.0
-      Virtual Size: '0x3ee'
-    .vmp0:
-      Entropy: 0.0
-      Virtual Size: '0x146f47'
-    .vmp1:
-      Entropy: 2.75
-      Virtual Size: '0x8'
-    .vmp2:
-      Entropy: 7.687230732544206
-      Virtual Size: '0x28aae4'
-    .reloc:
-      Entropy: 4.111279543411234
-      Virtual Size: '0xb8'
-  Signature:
-  - Microsoft Windows Hardware Compatibility Publisher
-  - Microsoft Windows Third Party Component CA 2014
-  - Microsoft Root Certificate Authority 2010
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Hardware Compatibility Publisher
-      ValidFrom: '2022-06-07 18:08:06'
-      ValidTo: '2023-06-01 18:08:06'
-      Signature: 0a835e40cdb627d4f0a0d3dbbf64a46a05c132d0b5df9d11cd9c195d7037737057d57a342732ae68d67de47f460e7211c7c40dc29b0a079caff871c4834a9a2fc85e759de9b78659ad6fd79b7320e538e9ba5d52227ad67cc00b0a770ef662af3d743a558643ad89cfb015591709a69b6271a9b65db71898e7cb9964c6376dc474898301a6133198b486b518fdd9d7b9723dcffc441e026833f7c72e27986026c97b9184a0048b10d1fe6847ae467f02173f7a69120be780e5b6b9e6399402cc58735a31b537cc33578fbea443135a4a612359150bcf9ab316f6a9248bc71ef3f3480b9b3fa2341692bc3a121d80214688f7bd87d5ec56dcbd0ea61abf2c7ed2b739a07590adb596d401735d955f5f94c591d69ab4363a42f9fca549d439495711ff7990448c03724792ed4acf31f2b35b136c1b2f37aa82b1aabf7daf059dcb2e976e95311ec6e9cc53876dd09632cf512d39c801849a7c1088a565691953e07c7ff17b22518e982dd2dcc0feda8c834ca1f5e247aef1c3af5f13cd4b8cc1b6c0179bc876db88d677047c34366533e349796dbdea86389ad640710b7742ae8cc4ec88f10fa80ede4b1c93f81b55480fc8228216d54813df0327e74b3db9f3512a40c0568e4215827f9b7a2613deea72a7ec4df2def05e5559015049fe83edc83300526045cb128119e131b7d3573b268e24b0a25b9ad59f6301c8fc8f409322
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 3300000057ee4d659a923e7c10000000000057
-      Version: 3
-      TBS:
-        MD5: fdc11a5676aed4e9cc0c09eeb7450dfb
-        SHA1: 4902077d9a05d4231b791d3b05bafa4a79132f03
-        SHA256: 5db56c23d83bf67c7152e28ad4a684a7372b4ae4f52afe7a81ce91eef94caec3
-        SHA384: c952d7f0e0ea5216ce4400601fb7c0829f0f3fcd6eb2b5b9112fbe45d133e00c4abd660f8e1794f7ac4ef95123e2c0ab
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2014
-      ValidFrom: '2014-10-15 20:31:27'
-      ValidTo: '2029-10-15 20:41:27'
-      Signature: 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 330000000d690d5d7893d076df00000000000d
-      Version: 3
-      TBS:
-        MD5: 83f69422963f11c3c340b81712eef319
-        SHA1: 0c5e5f24590b53bc291e28583acb78e5adc95601
-        SHA256: d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
-        SHA384: 260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63
-    Signer:
-    - SerialNumber: 3300000057ee4d659a923e7c10000000000057
-      Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2014
-      Version: 1
-  Imphash: 2a008187d4a73284ddcc43f1b727b513
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: malicious
+Commands:
+    Command: sc.exe create 4.sys binPath=C:\windows\temp\4.sys type=kernel && sc.exe
+        start 4.sys
+    Description: "SentinelOne has observed prominent threat actors abusing legitimately\
+        \ signed Microsoft drivers in active intrusions into telecommunication, BPO,\
+        \ MSSP, and financial services businesses.\nInvestigations into these intrusions\
+        \ led to the discovery of POORTRY and STONESTOP malware, part of a small toolkit\
+        \ designed to terminate AV and EDR processes.\nWe first reported our discovery\
+        \ to Microsoft\u2019s Security Response Center (MSRC) in October 2022 and\
+        \ received an official case number (75361). Today, MSRC released an associated\
+        \ advisory under ADV220005.\nThis research is being released alongside Mandiant,\
+        \ a SentinelOne technology and incident response partner. "
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://www.sentinelone.com/labs/driving-through-defenses-targeted-attacks-leverage-signed-malicious-microsoft-drivers/
 - ''
-Tags:
-- 4.sys
-Verified: 'TRUE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 72b24aa23f596d91a5596e57b1c306d0
+        SHA1: 60316c8ebadad30d9dd33ae87e8202b6e0c17cb4
+        SHA256: 1716d4c523aeea9703032ca93eb9668b9a16f542c00cec248b0a1c132d80bb15
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2022-06-02 04:09:08'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: 4.sys
+    ImportedFunctions:
+    - rand
+    - ExAllocatePool
+    - NtQuerySystemInformation
+    - ExFreePoolWithTag
+    - IoAllocateMdl
+    - MmProbeAndLockPages
+    - MmMapLockedPagesSpecifyCache
+    - MmUnlockPages
+    - IoFreeMdl
+    - KeQueryActiveProcessors
+    - KeSetSystemAffinityThread
+    - KeRevertToUserAffinityThread
+    - DbgPrint
+    - KeQueryPerformanceCounter
+    Imports:
+    - ntoskrnl.exe
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: 6fcf56f6ca3210ec397e55f727353c4a
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: ffdf660eb1ebf020a1d0a55a90712dfb
+        SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
+        SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
+    SHA1: 6debce728bcff73d9d1d334df0c6b1c3735e295c
+    SHA256: 8e035beb02a411f8a9e92d4cf184ad34f52bbd0a81a50c222cdd4706e4e45104
+    Sections:
+        .text:
+            Entropy: 0.0
+            Virtual Size: '0x16a8'
+        .rdata:
+            Entropy: 0.0
+            Virtual Size: '0x5b0'
+        .data:
+            Entropy: 0.0
+            Virtual Size: '0x110'
+        .pdata:
+            Entropy: 0.0
+            Virtual Size: '0x15c'
+        INIT:
+            Entropy: 0.0
+            Virtual Size: '0x3ee'
+        .vmp0:
+            Entropy: 0.0
+            Virtual Size: '0x146f47'
+        .vmp1:
+            Entropy: 2.75
+            Virtual Size: '0x8'
+        .vmp2:
+            Entropy: 7.687230732544206
+            Virtual Size: '0x28aae4'
+        .reloc:
+            Entropy: 4.111279543411234
+            Virtual Size: '0xb8'
+    Signature:
+    - Microsoft Windows Hardware Compatibility Publisher
+    - Microsoft Windows Third Party Component CA 2014
+    - Microsoft Root Certificate Authority 2010
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Hardware Compatibility Publisher
+            ValidFrom: '2022-06-07 18:08:06'
+            ValidTo: '2023-06-01 18:08:06'
+            Signature: 0a835e40cdb627d4f0a0d3dbbf64a46a05c132d0b5df9d11cd9c195d7037737057d57a342732ae68d67de47f460e7211c7c40dc29b0a079caff871c4834a9a2fc85e759de9b78659ad6fd79b7320e538e9ba5d52227ad67cc00b0a770ef662af3d743a558643ad89cfb015591709a69b6271a9b65db71898e7cb9964c6376dc474898301a6133198b486b518fdd9d7b9723dcffc441e026833f7c72e27986026c97b9184a0048b10d1fe6847ae467f02173f7a69120be780e5b6b9e6399402cc58735a31b537cc33578fbea443135a4a612359150bcf9ab316f6a9248bc71ef3f3480b9b3fa2341692bc3a121d80214688f7bd87d5ec56dcbd0ea61abf2c7ed2b739a07590adb596d401735d955f5f94c591d69ab4363a42f9fca549d439495711ff7990448c03724792ed4acf31f2b35b136c1b2f37aa82b1aabf7daf059dcb2e976e95311ec6e9cc53876dd09632cf512d39c801849a7c1088a565691953e07c7ff17b22518e982dd2dcc0feda8c834ca1f5e247aef1c3af5f13cd4b8cc1b6c0179bc876db88d677047c34366533e349796dbdea86389ad640710b7742ae8cc4ec88f10fa80ede4b1c93f81b55480fc8228216d54813df0327e74b3db9f3512a40c0568e4215827f9b7a2613deea72a7ec4df2def05e5559015049fe83edc83300526045cb128119e131b7d3573b268e24b0a25b9ad59f6301c8fc8f409322
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 3300000057ee4d659a923e7c10000000000057
+            Version: 3
+            TBS:
+                MD5: fdc11a5676aed4e9cc0c09eeb7450dfb
+                SHA1: 4902077d9a05d4231b791d3b05bafa4a79132f03
+                SHA256: 5db56c23d83bf67c7152e28ad4a684a7372b4ae4f52afe7a81ce91eef94caec3
+                SHA384: c952d7f0e0ea5216ce4400601fb7c0829f0f3fcd6eb2b5b9112fbe45d133e00c4abd660f8e1794f7ac4ef95123e2c0ab
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2014
+            ValidFrom: '2014-10-15 20:31:27'
+            ValidTo: '2029-10-15 20:41:27'
+            Signature: 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 330000000d690d5d7893d076df00000000000d
+            Version: 3
+            TBS:
+                MD5: 83f69422963f11c3c340b81712eef319
+                SHA1: 0c5e5f24590b53bc291e28583acb78e5adc95601
+                SHA256: d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
+                SHA384: 260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63
+        Signer:
+        -   SerialNumber: 3300000057ee4d659a923e7c10000000000057
+            Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2014
+            Version: 1
+    Imphash: 2a008187d4a73284ddcc43f1b727b513
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/067589f2-4f29-4dc4-bd50-a2e2ee57b25f.yaml b/yaml/067589f2-4f29-4dc4-bd50-a2e2ee57b25f.yaml
index ad4b46caf..8505e487a 100644
--- a/yaml/067589f2-4f29-4dc4-bd50-a2e2ee57b25f.yaml
+++ b/yaml/067589f2-4f29-4dc4-bd50-a2e2ee57b25f.yaml
@@ -1,35 +1,35 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 067589f2-4f29-4dc4-bd50-a2e2ee57b25f
+Tags:
+- GameTerSafe.sys
+Verified: 'FALSE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create GameTerSafe.sys binPath=C:\windows\temp\GameTerSafe.sys     type=kernel
-    type=kernel && sc.exe start GameTerSafe.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection: []
-Id: 067589f2-4f29-4dc4-bd50-a2e2ee57b25f
-KnownVulnerableSamples:
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: GameTerSafe.sys
-  MachineType: ''
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA256: 3e9b62d2ea2be50a2da670746c4dbe807db9601980af3a1014bcd72d0248d84c
-  Signature: []
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create GameTerSafe.sys binPath=C:\windows\temp\GameTerSafe.sys     type=kernel
+        type=kernel && sc.exe start GameTerSafe.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules
-Tags:
-- GameTerSafe.sys
-Verified: 'FALSE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: GameTerSafe.sys
+    MachineType: ''
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA256: 3e9b62d2ea2be50a2da670746c4dbe807db9601980af3a1014bcd72d0248d84c
+    Signature: []
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/080a834f-3e19-4cae-b940-a4ecf901db28.yaml b/yaml/080a834f-3e19-4cae-b940-a4ecf901db28.yaml
index 9f1692bdf..be898abd5 100644
--- a/yaml/080a834f-3e19-4cae-b940-a4ecf901db28.yaml
+++ b/yaml/080a834f-3e19-4cae-b940-a4ecf901db28.yaml
@@ -1,229 +1,229 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 080a834f-3e19-4cae-b940-a4ecf901db28
+Tags:
+- HWiNFO64I.SYS
+Verified: 'TRUE'
 Author: Michael Haag
+Created: '2023-07-22'
+MitreID: T1068
 CVE:
 - ''
 Category: vulnerable drivers
 Commands:
-  Command: ''
-  Description: Confirmed vulnerable driver from Microsoft Block List
-  OperatingSystem: Windows
-  Privileges: kernel
-  Usecase: Elevate privileges
-Created: '2023-07-22'
-Detection:
-- type: ''
-  value: ''
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: 080a834f-3e19-4cae-b940-a4ecf901db28
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 3c96154a55e5b0cb40f5c0500639b4a7
-    SHA1: 4f812a2781379912292efed09e43292117753dbb
-    SHA256: 548c44566d19ba0975c9a22e7b592fda45bfa8831e56f55c1c3e7241d84dd175
-  Company: REALiX(tm)
-  Copyright: "Copyright (c)1999-2012 Martin Mal\xEDk - REALiX"
-  CreationTimestamp: '2012-05-10 07:05:22'
-  Date: ''
-  Description: HWiNFO IA64 Kernel Driver
-  ExportedFunctions: ''
-  FileVersion: '8.72'
-  Filename: ''
-  ImportedFunctions:
-  - IofCompleteRequest
-  - ZwClose
-  - ZwDeviceIoControlFile
-  - ZwOpenFile
-  - RtlInitUnicodeString
-  - IoGetDeviceObjectPointer
-  - RtlAnsiStringToUnicodeString
-  - RtlInitAnsiString
-  - KeLowerIrql
-  - KeRaiseIrql
-  - KeInitializeEvent
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - RtlFreeUnicodeString
-  - ObfDereferenceObject
-  - ExFreePoolWithTag
-  - MmUnmapIoSpace
-  - ExInterlockedRemoveHeadList
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeTickCount
-  - IoAllocateIrp
-  - IofCallDriver
-  - KeWaitForSingleObject
-  - IoFreeIrp
-  - KeSetEvent
-  - KeAcquireSpinLockRaiseToDpc
-  - KeReleaseSpinLock
-  - MmMapIoSpace
-  - ExAllocatePoolWithTag
-  - __C_specific_handler
-  - ExInterlockedInsertTailList
-  - READ_PORT_UCHAR
-  - READ_PORT_ULONG
-  - READ_PORT_USHORT
-  - HalGetBusDataByOffset
-  - WRITE_PORT_ULONG
-  - WRITE_PORT_USHORT
-  - HalSetBusDataByOffset
-  - HalCallPal
-  - KeStallExecutionProcessor
-  - WRITE_PORT_UCHAR
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: HWiNFO64I.SYS
-  MD5: 31e8d7b070dcc6cd92cec9d6d2254afe
-  MachineType: IA64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: HWiNFO64I.SYS
-  PDBPath: ''
-  Product: HWiNFO IA64 Kernel Driver
-  ProductVersion: '8.72'
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: bd87ea0955778a277b3f9ae3a8975d88
-    SHA1: d34cad0a1be5a7f5774e9832791e55475ad18a0a
-    SHA256: 9527799d818cd48b11774da7ee7831a449f1b5fc91cdd308cdb620c03a0d419a
-  SHA1: 2ea7907525b8375457235c3d85a928dcd5354df2
-  SHA256: 33c6c622464f80a8d8017a03ff3aa196840da8bb03bfb5212b51612b5cf953dc
-  Sections:
-    .text:
-      Entropy: 5.456120816192852
-      Virtual Size: '0x6020'
-    .rdata:
-      Entropy: 3.1079121751758496
-      Virtual Size: '0x680'
-    .pdata:
-      Entropy: 3.602529372489993
-      Virtual Size: '0x18c'
-    .srdata:
-      Entropy: 2.009517799968779
-      Virtual Size: '0x58'
-    .sdata:
-      Entropy: 2.401007712325313
-      Virtual Size: '0x1a0'
-    .data:
-      Entropy: 0.0
-      Virtual Size: '0x70'
-    INIT:
-      Entropy: 5.234164490541921
-      Virtual Size: '0x5da'
-    .rsrc:
-      Entropy: 3.3839304798026686
-      Virtual Size: '0x380'
-    .reloc:
-      Entropy: 0.6515890920389715
-      Virtual Size: '0x256'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=SK, L=Bratislava, O=REALiX, CN=REALiX
-      ValidFrom: '2009-07-16 13:59:23'
-      ValidTo: '2012-07-16 13:59:20'
-      Signature: 8df4772e78f08e0872af4bc472c4ee3c2f5ece224e8b2184bf7d965af06b1c82548b3f8593f824afe1bc343a0318e42379118602ff1253b7763526d857be6cdeafe2ac497de87a76fbb6fb1fd3bbabc84f0873d357a0b9d7d51d373db582a2300f87f5004635ccd1d8d519211406cc91c5724895cdf00f3cc4cfb8f907e37a048f47a1949e92e5a2faf60149ea1d4fdbbc3a2a5e224c1163f5023b4db7611cc916601d3ca8dc74fb99cd013033777a0a3f0a4ab88c67327c9aeb1489ac814b76d3fc67e293b58e39daf6506abae275224a72b4fb1c8c7b03b4d788a93baa902be4a346aec10f6c2c64b4cd0a61286eb8c42f9b2a25277a16a0a11af612dd02af
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 010000000001228403475b
-      Version: 3
-      TBS:
-        MD5: c08c341aadc50a4843dc7f12d2b7dda6
-        SHA1: 0077567a36c455505f2cfed87b2e47d6e836fb9e
-        SHA256: 5b17af75beca4abe098882f6b4fe2ed4975f428d81b964c648b1ac5df313233b
-        SHA384: b0ad18a16f199f8ee3efc9bc5d21bb209674a4e3d1013b7943c08eeae9b47ce706da1fd8707f86dbd31651ad4a2e886c
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
-        Primary Object Publishing CA
-      ValidFrom: '1999-01-28 13:00:00'
-      ValidTo: '2017-01-27 12:00:00'
-      Signature: 4016df43e479ce76f248f698483061e2f1b452708ed8c612214d4f28831a648e03f731840f1f01d4a418fc008b2c6f1bb837fa4b97c05727b83109267832eef4e45912bd45a159e23511c0d6fc1e987ad982f990f36e07eeb0939acb31ed2c17bc921afa92cd821e2f0f31d328c03ce81c2926ab5a8d9fa1f0303289b68e516f8b5b90ad21f3f4209c909bb0ac2b37161e1db859bb49a63b75ae99d9b64b870194df91e1720e75079fcb05b59e7226fc2e21f5f62377eb6614d3ca3deae6f20b40ae553d02718821eb6a04b0945e9d9274ef292ebd4a4d85a4233ce31066901d3b63d23c481030e9e35cb67729ff3406f27da103406617df628d2b34a7426725
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000011e44a5e24e
-      Version: 3
-      TBS:
-        MD5: 1523b60530a241a9dc96e8890e42a0fa
-        SHA1: 879269f3f467a6d59641960a62fe9cb419355ff6
-        SHA256: 6811f3e33268aef810dc3277f8f9356adcbc3c36446a0420593b82f3cd526022
-        SHA384: 92f5e55d6eb6d965c1b698e56cbb8087d80eda1a24eb6ed178abeddafe2fcf524e9f8311ca232be7f5b4555b89b97c6b
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      ValidFrom: '2004-01-22 10:00:00'
-      ValidTo: '2017-01-27 11:00:00'
-      Signature: 762e2fe996fef4c3678bf1b07e321701ddb41c0f9e42d179569684be68afa554dbc7a9b55981d41cded9606baec05214fbab2b8e75f853ad91308efc04e4c58803d13f1861eab3d2b1d899f0754509ce7874d4d79e70bd120be405b64d3cf6af38c2881858a7958e7d1671e9b40df726a98f55de60ebc48d046b7b068feefea9c9c80a64240169df2f182058aa3e854c64e3e3832f860d4cf076a982c464981ec3cf5c7c863ec2ee5e9268b1483c857959e93bb4de5123d26648d1f7db967b82fac971e4caa7baca47c34b9183d3cab18f39bb38cccdc14caa9a6353051e1dd75377054d8f8ff7679b5ecebfdc4905ff7ef55180a01638d8b680a0514facf698
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000011e44a5ecbe
-      Version: 3
-      TBS:
-        MD5: 16fb30314f4f5ff4dac603580f605778
-        SHA1: 55c862df1f775f6a4c8e4f963115962a5cffc4ee
-        SHA256: aec84e1206957180ccf4e598fa10864ef4ee18ff9fc126b9a54af79c618f0492
-        SHA384: a2b0c7b9ffe6e8244a4662099132406aea0a47889ecde7b336c4f09296da2ffbb3718597a0fb570bd1e97e88a24f8fbb
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 010000000001228403475b
-      Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      Version: 1
-  Imphash: 7bf7d94570a80fb38c22341013531b14
-  LoadsDespiteHVCI: 'FALSE'
-MitreID: T1068
+    Command: ''
+    Description: Confirmed vulnerable driver from Microsoft Block List
+    OperatingSystem: Windows
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://gist.github.com/mgraeber-rc/1bde6a2a83237f17b463d051d32e802c
-Tags:
-- HWiNFO64I.SYS
-Verified: 'TRUE'
+Detection:
+-   type: ''
+    value: ''
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 3c96154a55e5b0cb40f5c0500639b4a7
+        SHA1: 4f812a2781379912292efed09e43292117753dbb
+        SHA256: 548c44566d19ba0975c9a22e7b592fda45bfa8831e56f55c1c3e7241d84dd175
+    Company: REALiX(tm)
+    Copyright: "Copyright (c)1999-2012 Martin Mal\xEDk - REALiX"
+    CreationTimestamp: '2012-05-10 07:05:22'
+    Date: ''
+    Description: HWiNFO IA64 Kernel Driver
+    ExportedFunctions: ''
+    FileVersion: '8.72'
+    Filename: ''
+    ImportedFunctions:
+    - IofCompleteRequest
+    - ZwClose
+    - ZwDeviceIoControlFile
+    - ZwOpenFile
+    - RtlInitUnicodeString
+    - IoGetDeviceObjectPointer
+    - RtlAnsiStringToUnicodeString
+    - RtlInitAnsiString
+    - KeLowerIrql
+    - KeRaiseIrql
+    - KeInitializeEvent
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - RtlFreeUnicodeString
+    - ObfDereferenceObject
+    - ExFreePoolWithTag
+    - MmUnmapIoSpace
+    - ExInterlockedRemoveHeadList
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeTickCount
+    - IoAllocateIrp
+    - IofCallDriver
+    - KeWaitForSingleObject
+    - IoFreeIrp
+    - KeSetEvent
+    - KeAcquireSpinLockRaiseToDpc
+    - KeReleaseSpinLock
+    - MmMapIoSpace
+    - ExAllocatePoolWithTag
+    - __C_specific_handler
+    - ExInterlockedInsertTailList
+    - READ_PORT_UCHAR
+    - READ_PORT_ULONG
+    - READ_PORT_USHORT
+    - HalGetBusDataByOffset
+    - WRITE_PORT_ULONG
+    - WRITE_PORT_USHORT
+    - HalSetBusDataByOffset
+    - HalCallPal
+    - KeStallExecutionProcessor
+    - WRITE_PORT_UCHAR
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: HWiNFO64I.SYS
+    MD5: 31e8d7b070dcc6cd92cec9d6d2254afe
+    MachineType: IA64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: HWiNFO64I.SYS
+    PDBPath: ''
+    Product: HWiNFO IA64 Kernel Driver
+    ProductVersion: '8.72'
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: bd87ea0955778a277b3f9ae3a8975d88
+        SHA1: d34cad0a1be5a7f5774e9832791e55475ad18a0a
+        SHA256: 9527799d818cd48b11774da7ee7831a449f1b5fc91cdd308cdb620c03a0d419a
+    SHA1: 2ea7907525b8375457235c3d85a928dcd5354df2
+    SHA256: 33c6c622464f80a8d8017a03ff3aa196840da8bb03bfb5212b51612b5cf953dc
+    Sections:
+        .text:
+            Entropy: 5.456120816192852
+            Virtual Size: '0x6020'
+        .rdata:
+            Entropy: 3.1079121751758496
+            Virtual Size: '0x680'
+        .pdata:
+            Entropy: 3.602529372489993
+            Virtual Size: '0x18c'
+        .srdata:
+            Entropy: 2.009517799968779
+            Virtual Size: '0x58'
+        .sdata:
+            Entropy: 2.401007712325313
+            Virtual Size: '0x1a0'
+        .data:
+            Entropy: 0.0
+            Virtual Size: '0x70'
+        INIT:
+            Entropy: 5.234164490541921
+            Virtual Size: '0x5da'
+        .rsrc:
+            Entropy: 3.3839304798026686
+            Virtual Size: '0x380'
+        .reloc:
+            Entropy: 0.6515890920389715
+            Virtual Size: '0x256'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=SK, L=Bratislava, O=REALiX, CN=REALiX
+            ValidFrom: '2009-07-16 13:59:23'
+            ValidTo: '2012-07-16 13:59:20'
+            Signature: 8df4772e78f08e0872af4bc472c4ee3c2f5ece224e8b2184bf7d965af06b1c82548b3f8593f824afe1bc343a0318e42379118602ff1253b7763526d857be6cdeafe2ac497de87a76fbb6fb1fd3bbabc84f0873d357a0b9d7d51d373db582a2300f87f5004635ccd1d8d519211406cc91c5724895cdf00f3cc4cfb8f907e37a048f47a1949e92e5a2faf60149ea1d4fdbbc3a2a5e224c1163f5023b4db7611cc916601d3ca8dc74fb99cd013033777a0a3f0a4ab88c67327c9aeb1489ac814b76d3fc67e293b58e39daf6506abae275224a72b4fb1c8c7b03b4d788a93baa902be4a346aec10f6c2c64b4cd0a61286eb8c42f9b2a25277a16a0a11af612dd02af
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 010000000001228403475b
+            Version: 3
+            TBS:
+                MD5: c08c341aadc50a4843dc7f12d2b7dda6
+                SHA1: 0077567a36c455505f2cfed87b2e47d6e836fb9e
+                SHA256: 5b17af75beca4abe098882f6b4fe2ed4975f428d81b964c648b1ac5df313233b
+                SHA384: b0ad18a16f199f8ee3efc9bc5d21bb209674a4e3d1013b7943c08eeae9b47ce706da1fd8707f86dbd31651ad4a2e886c
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
+                Primary Object Publishing CA
+            ValidFrom: '1999-01-28 13:00:00'
+            ValidTo: '2017-01-27 12:00:00'
+            Signature: 4016df43e479ce76f248f698483061e2f1b452708ed8c612214d4f28831a648e03f731840f1f01d4a418fc008b2c6f1bb837fa4b97c05727b83109267832eef4e45912bd45a159e23511c0d6fc1e987ad982f990f36e07eeb0939acb31ed2c17bc921afa92cd821e2f0f31d328c03ce81c2926ab5a8d9fa1f0303289b68e516f8b5b90ad21f3f4209c909bb0ac2b37161e1db859bb49a63b75ae99d9b64b870194df91e1720e75079fcb05b59e7226fc2e21f5f62377eb6614d3ca3deae6f20b40ae553d02718821eb6a04b0945e9d9274ef292ebd4a4d85a4233ce31066901d3b63d23c481030e9e35cb67729ff3406f27da103406617df628d2b34a7426725
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000011e44a5e24e
+            Version: 3
+            TBS:
+                MD5: 1523b60530a241a9dc96e8890e42a0fa
+                SHA1: 879269f3f467a6d59641960a62fe9cb419355ff6
+                SHA256: 6811f3e33268aef810dc3277f8f9356adcbc3c36446a0420593b82f3cd526022
+                SHA384: 92f5e55d6eb6d965c1b698e56cbb8087d80eda1a24eb6ed178abeddafe2fcf524e9f8311ca232be7f5b4555b89b97c6b
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            ValidFrom: '2004-01-22 10:00:00'
+            ValidTo: '2017-01-27 11:00:00'
+            Signature: 762e2fe996fef4c3678bf1b07e321701ddb41c0f9e42d179569684be68afa554dbc7a9b55981d41cded9606baec05214fbab2b8e75f853ad91308efc04e4c58803d13f1861eab3d2b1d899f0754509ce7874d4d79e70bd120be405b64d3cf6af38c2881858a7958e7d1671e9b40df726a98f55de60ebc48d046b7b068feefea9c9c80a64240169df2f182058aa3e854c64e3e3832f860d4cf076a982c464981ec3cf5c7c863ec2ee5e9268b1483c857959e93bb4de5123d26648d1f7db967b82fac971e4caa7baca47c34b9183d3cab18f39bb38cccdc14caa9a6353051e1dd75377054d8f8ff7679b5ecebfdc4905ff7ef55180a01638d8b680a0514facf698
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000011e44a5ecbe
+            Version: 3
+            TBS:
+                MD5: 16fb30314f4f5ff4dac603580f605778
+                SHA1: 55c862df1f775f6a4c8e4f963115962a5cffc4ee
+                SHA256: aec84e1206957180ccf4e598fa10864ef4ee18ff9fc126b9a54af79c618f0492
+                SHA384: a2b0c7b9ffe6e8244a4662099132406aea0a47889ecde7b336c4f09296da2ffbb3718597a0fb570bd1e97e88a24f8fbb
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 010000000001228403475b
+            Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            Version: 1
+    Imphash: 7bf7d94570a80fb38c22341013531b14
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/080ff223-f8e0-49c0-a7b5-e97349cf81a0.yaml b/yaml/080ff223-f8e0-49c0-a7b5-e97349cf81a0.yaml
index 31d2d803d..b6d4b9c63 100644
--- a/yaml/080ff223-f8e0-49c0-a7b5-e97349cf81a0.yaml
+++ b/yaml/080ff223-f8e0-49c0-a7b5-e97349cf81a0.yaml
@@ -1,175 +1,175 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 080ff223-f8e0-49c0-a7b5-e97349cf81a0
+Tags:
+- HpPortIox64.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create HpPortIox64.sys binPath=C:\windows\temp\HpPortIox64.sys     type=kernel
-    && sc.exe start HpPortIox64.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/c5050a2017490fff7aa53c73755982b339ddb0fd7cef2cde32c81bc9834331c5.yara
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: 080ff223-f8e0-49c0-a7b5-e97349cf81a0
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 986877a0cf596be97155e9469f3c4b40
-    SHA1: 98807d9e11bad4feed54d0d2c1abadeb95ca997c
-    SHA256: 35b31c96194d78cbb98b3223bf810f78f53fc0e4601f49169938ca883586e4e9
-  Company: HP Inc.
-  Copyright: Copyright (C) 2020-2021 HP Inc. All rights reserved.
-  CreationTimestamp: '2021-04-20 21:22:47'
-  Date: ''
-  Description: HpPortIo
-  ExportedFunctions: ''
-  FileVersion: 1.2.0.9
-  Filename: HpPortIox64.sys
-  ImportedFunctions:
-  - MmGetSystemRoutineAddress
-  - RtlUnicodeStringToAnsiString
-  - ExAllocatePool
-  - ZwClose
-  - RtlAppendUnicodeStringToString
-  - ObReferenceObjectByHandle
-  - RtlCopyUnicodeString
-  - MmIsAddressValid
-  - ExFreePoolWithTag
-  - ZwOpenFile
-  - DbgPrint
-  - RtlEqualUnicodeString
-  - ZwCreateFile
-  - KeBugCheckEx
-  - RtlVolumeDeviceToDosName
-  - ExAllocatePoolWithTag
-  - DbgPrintEx
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - RtlFreeAnsiString
-  - IofCompleteRequest
-  - RtlFreeUnicodeString
-  - RtlInitString
-  - IoDeleteDevice
-  - RtlInitUnicodeString
-  - strstr
-  - RtlAnsiStringToUnicodeString
-  - ObfDereferenceObject
-  - IoDeleteSymbolicLink
-  - ZwReadFile
-  - RtlUTF8ToUnicodeN
-  - RtlTimeFieldsToTime
-  - RtlCharToInteger
-  - RtlCompareMemory
-  - RtlAssert
-  - __C_specific_handler
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: HpPortIox64.sys
-  MD5: a641e3dccba765a10718c9cb0da7879e
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: HpPortIox64.sys
-  Product: HpPortIo
-  ProductVersion: 1.2.0.9
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 4d4d28dcc041614dbd266ba38ab0b695
-    SHA1: 4d93ccf1496f49e241e0a8948d5f356787864952
-    SHA256: 2dba8cdd15e9042ac6f8f474ed1bd3c6ed65b64176bee0edb8a763ec144183c5
-  SHA1: 8c377ab4eebc5f4d8dd7bb3f90c0187dfdd3349f
-  SHA256: c5050a2017490fff7aa53c73755982b339ddb0fd7cef2cde32c81bc9834331c5
-  Sections:
-    .text:
-      Entropy: 5.606025812365913
-      Virtual Size: '0x5d61'
-    .rdata:
-      Entropy: 4.972101999668686
-      Virtual Size: '0xf84'
-    .data:
-      Entropy: 1.2741239614517732
-      Virtual Size: '0x1b8'
-    .pdata:
-      Entropy: 4.080437825589189
-      Virtual Size: '0x270'
-    INIT:
-      Entropy: 5.127227635761384
-      Virtual Size: '0x534'
-    .rsrc:
-      Entropy: 3.2845087920390967
-      Virtual Size: '0x3a8'
-    .reloc:
-      Entropy: 1.584962500721156
-      Virtual Size: '0xc'
-  Signature:
-  - HP Inc.
-  - DigiCert SHA2 Assured ID Code Signing CA
-  - DigiCert
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Assured
-        ID Code Signing CA
-      ValidFrom: '2013-10-22 12:00:00'
-      ValidTo: '2028-10-22 12:00:00'
-      Signature: 3eec0d5a24b3f322d115c82c7c252976a81d5d1c2d3a1ac4ef3061d77e0b60fdc33d0fc4af8bfdef2adf205537b0e1f6d192750f51b46ea58e5ae25e24814e10a4ee3f718e630e134badd75f4479f33614068af79c464e5cff90b11b070e9115fbbaafb551c28d24ae24c6c7272aa129281a3a7128023c2e91a3c02511e29c1447a17a6868af9ba75c205cd971b10c8fbba8f8c512689fcf40cb4044a513f0e6640c25084232b2368a2402fe2f727e1cd7494596e8591de9fa74646bb2eb6643dab3b08cd5e90dddf60120ce9931633d081a18b3819b4fc6931006fc0781fa8bdaf98249f7626ea153fa129418852e9291ea686c4432b266a1e718a49a6451ef
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 0409181b5fd5bb66755343b56f955008
-      Version: 3
-      TBS:
-        MD5: 9359496ca4f021408b9d8923cab8b179
-        SHA1: 2aed40d7759997830870769be250199fd609e40e
-        SHA256: e767799478f64a34b3f53ff3bb9057fe1768f4ab178041b0dcc0ff1e210cba65
-        SHA384: 5cb7e7b4f1dbccd48d10db7e71b6f8c05fcb4bcb0085a6fefcfa0c2148f9a594e59f56ac4304004f3b398e259035c40c
-    - Subject: C=US, ST=California, L=Palo Alto, O=HP Inc., OU=HP Cybersecurity, CN=HP
-        Inc.
-      ValidFrom: '2020-05-14 00:00:00'
-      ValidTo: '2021-05-19 12:00:00'
-      Signature: f2d1a458df5efa9cd81a8ee531f040d22d4a0ddd4c3ee66272cd114b9f0f399243a7d3c810ada729d8677d7adebfb7f3d8c98160d8ef936a372cf095f8f3407153e4dc4dfe899b9cacd1c3169869da98a3a90a8933c2f04acf67572f25259adb3670b4cfb30c1916f690f4f771bb68bcbcfb6e8a9a8bf4c0948f2397fd570a4281b25978e1da0c01e4460f9d8f4c7df28724d196a256aba21081a3de98aae12cf34ea26eefd79adf1866d2898011da1b626dcb18e384b30edc7ff8703f7bec19b197da6494c435b98a5fad01b9885c3d43726d1d69c55283f950d8e9b267dd4cbd0c8d8879bbb1347025571710a63fed825e67ed93dc0ef58fb8d0ed87f1bd14
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 0449edef08b987f05203c4e0f2356499
-      Version: 3
-      TBS:
-        MD5: 5e993a919f907013f89ff0215fcfdf29
-        SHA1: b8b101040d1a81a545ae65cc953979880d3c1b10
-        SHA256: 8896a2b0f531a6672e0b827766d86766184f0e350785a3c263fc67347e99fe75
-        SHA384: 8ca6718d1dfe26aabc763217c248619ba30a5485604d1e197ea049a93dc487fba8332c07437ce13bfe67e8075fcf3745
-    Signer:
-    - SerialNumber: 0449edef08b987f05203c4e0f2356499
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Assured
-        ID Code Signing CA
-      Version: 1
-  Imphash: 75018719e85e67b75e73c57d682dbcbf
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create HpPortIox64.sys binPath=C:\windows\temp\HpPortIox64.sys     type=kernel
+        && sc.exe start HpPortIox64.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://github.com/elastic/protections-artifacts/search?q=VulnDriver
-Tags:
-- HpPortIox64.sys
-Verified: 'TRUE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/c5050a2017490fff7aa53c73755982b339ddb0fd7cef2cde32c81bc9834331c5.yara
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 986877a0cf596be97155e9469f3c4b40
+        SHA1: 98807d9e11bad4feed54d0d2c1abadeb95ca997c
+        SHA256: 35b31c96194d78cbb98b3223bf810f78f53fc0e4601f49169938ca883586e4e9
+    Company: HP Inc.
+    Copyright: Copyright (C) 2020-2021 HP Inc. All rights reserved.
+    CreationTimestamp: '2021-04-20 21:22:47'
+    Date: ''
+    Description: HpPortIo
+    ExportedFunctions: ''
+    FileVersion: 1.2.0.9
+    Filename: HpPortIox64.sys
+    ImportedFunctions:
+    - MmGetSystemRoutineAddress
+    - RtlUnicodeStringToAnsiString
+    - ExAllocatePool
+    - ZwClose
+    - RtlAppendUnicodeStringToString
+    - ObReferenceObjectByHandle
+    - RtlCopyUnicodeString
+    - MmIsAddressValid
+    - ExFreePoolWithTag
+    - ZwOpenFile
+    - DbgPrint
+    - RtlEqualUnicodeString
+    - ZwCreateFile
+    - KeBugCheckEx
+    - RtlVolumeDeviceToDosName
+    - ExAllocatePoolWithTag
+    - DbgPrintEx
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - RtlFreeAnsiString
+    - IofCompleteRequest
+    - RtlFreeUnicodeString
+    - RtlInitString
+    - IoDeleteDevice
+    - RtlInitUnicodeString
+    - strstr
+    - RtlAnsiStringToUnicodeString
+    - ObfDereferenceObject
+    - IoDeleteSymbolicLink
+    - ZwReadFile
+    - RtlUTF8ToUnicodeN
+    - RtlTimeFieldsToTime
+    - RtlCharToInteger
+    - RtlCompareMemory
+    - RtlAssert
+    - __C_specific_handler
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: HpPortIox64.sys
+    MD5: a641e3dccba765a10718c9cb0da7879e
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: HpPortIox64.sys
+    Product: HpPortIo
+    ProductVersion: 1.2.0.9
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 4d4d28dcc041614dbd266ba38ab0b695
+        SHA1: 4d93ccf1496f49e241e0a8948d5f356787864952
+        SHA256: 2dba8cdd15e9042ac6f8f474ed1bd3c6ed65b64176bee0edb8a763ec144183c5
+    SHA1: 8c377ab4eebc5f4d8dd7bb3f90c0187dfdd3349f
+    SHA256: c5050a2017490fff7aa53c73755982b339ddb0fd7cef2cde32c81bc9834331c5
+    Sections:
+        .text:
+            Entropy: 5.606025812365913
+            Virtual Size: '0x5d61'
+        .rdata:
+            Entropy: 4.972101999668686
+            Virtual Size: '0xf84'
+        .data:
+            Entropy: 1.2741239614517732
+            Virtual Size: '0x1b8'
+        .pdata:
+            Entropy: 4.080437825589189
+            Virtual Size: '0x270'
+        INIT:
+            Entropy: 5.127227635761384
+            Virtual Size: '0x534'
+        .rsrc:
+            Entropy: 3.2845087920390967
+            Virtual Size: '0x3a8'
+        .reloc:
+            Entropy: 1.584962500721156
+            Virtual Size: '0xc'
+    Signature:
+    - HP Inc.
+    - DigiCert SHA2 Assured ID Code Signing CA
+    - DigiCert
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Assured
+                ID Code Signing CA
+            ValidFrom: '2013-10-22 12:00:00'
+            ValidTo: '2028-10-22 12:00:00'
+            Signature: 3eec0d5a24b3f322d115c82c7c252976a81d5d1c2d3a1ac4ef3061d77e0b60fdc33d0fc4af8bfdef2adf205537b0e1f6d192750f51b46ea58e5ae25e24814e10a4ee3f718e630e134badd75f4479f33614068af79c464e5cff90b11b070e9115fbbaafb551c28d24ae24c6c7272aa129281a3a7128023c2e91a3c02511e29c1447a17a6868af9ba75c205cd971b10c8fbba8f8c512689fcf40cb4044a513f0e6640c25084232b2368a2402fe2f727e1cd7494596e8591de9fa74646bb2eb6643dab3b08cd5e90dddf60120ce9931633d081a18b3819b4fc6931006fc0781fa8bdaf98249f7626ea153fa129418852e9291ea686c4432b266a1e718a49a6451ef
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 0409181b5fd5bb66755343b56f955008
+            Version: 3
+            TBS:
+                MD5: 9359496ca4f021408b9d8923cab8b179
+                SHA1: 2aed40d7759997830870769be250199fd609e40e
+                SHA256: e767799478f64a34b3f53ff3bb9057fe1768f4ab178041b0dcc0ff1e210cba65
+                SHA384: 5cb7e7b4f1dbccd48d10db7e71b6f8c05fcb4bcb0085a6fefcfa0c2148f9a594e59f56ac4304004f3b398e259035c40c
+        -   Subject: C=US, ST=California, L=Palo Alto, O=HP Inc., OU=HP Cybersecurity,
+                CN=HP Inc.
+            ValidFrom: '2020-05-14 00:00:00'
+            ValidTo: '2021-05-19 12:00:00'
+            Signature: f2d1a458df5efa9cd81a8ee531f040d22d4a0ddd4c3ee66272cd114b9f0f399243a7d3c810ada729d8677d7adebfb7f3d8c98160d8ef936a372cf095f8f3407153e4dc4dfe899b9cacd1c3169869da98a3a90a8933c2f04acf67572f25259adb3670b4cfb30c1916f690f4f771bb68bcbcfb6e8a9a8bf4c0948f2397fd570a4281b25978e1da0c01e4460f9d8f4c7df28724d196a256aba21081a3de98aae12cf34ea26eefd79adf1866d2898011da1b626dcb18e384b30edc7ff8703f7bec19b197da6494c435b98a5fad01b9885c3d43726d1d69c55283f950d8e9b267dd4cbd0c8d8879bbb1347025571710a63fed825e67ed93dc0ef58fb8d0ed87f1bd14
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 0449edef08b987f05203c4e0f2356499
+            Version: 3
+            TBS:
+                MD5: 5e993a919f907013f89ff0215fcfdf29
+                SHA1: b8b101040d1a81a545ae65cc953979880d3c1b10
+                SHA256: 8896a2b0f531a6672e0b827766d86766184f0e350785a3c263fc67347e99fe75
+                SHA384: 8ca6718d1dfe26aabc763217c248619ba30a5485604d1e197ea049a93dc487fba8332c07437ce13bfe67e8075fcf3745
+        Signer:
+        -   SerialNumber: 0449edef08b987f05203c4e0f2356499
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Assured
+                ID Code Signing CA
+            Version: 1
+    Imphash: 75018719e85e67b75e73c57d682dbcbf
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/0a2f2700-97b5-42b6-b121-38e5f03e9957.yaml b/yaml/0a2f2700-97b5-42b6-b121-38e5f03e9957.yaml
index e0c30f938..dbed60929 100644
--- a/yaml/0a2f2700-97b5-42b6-b121-38e5f03e9957.yaml
+++ b/yaml/0a2f2700-97b5-42b6-b121-38e5f03e9957.yaml
@@ -1,190 +1,192 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 0a2f2700-97b5-42b6-b121-38e5f03e9957
+Tags:
+- BS_RCIO.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create BS_RCIO.sys binPath=C:\windows\temp\BS_RCIO.sys type=kernel
-    && sc.exe start BS_RCIO.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection: []
-Id: 0a2f2700-97b5-42b6-b121-38e5f03e9957
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 8284660345377a69dd99b25fdf397314
-    SHA1: 3311e4e94e8a6dd81859719fbe0fcbf187f0bd8a
-    SHA256: f67e60228084151fdcb84e94a48693db864cf606b65faef5a1d829175380dbfa
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2017-01-16 19:29:00'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: BS_RCIO.sys
-  ImportedFunctions:
-  - KeWaitForSingleObject
-  - memcpy
-  - KeDelayExecutionThread
-  - PsTerminateSystemThread
-  - KeSetEvent
-  - IoStartNextPacket
-  - IoReleaseCancelSpinLock
-  - IoAcquireCancelSpinLock
-  - ZwClose
-  - MmMapIoSpace
-  - ObfDereferenceObject
-  - ObReferenceObjectByHandle
-  - ExEventObjectType
-  - IofCompleteRequest
-  - KeRemoveEntryDeviceQueue
-  - IoStartPacket
-  - KeTickCount
-  - KeBugCheckEx
-  - READ_REGISTER_BUFFER_UCHAR
-  - MmUnmapIoSpace
-  - KeReleaseSemaphore
-  - KeInitializeSemaphore
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - PsCreateSystemThread
-  - IoDeleteDevice
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  - WRITE_PORT_UCHAR
-  - WRITE_PORT_USHORT
-  - WRITE_PORT_ULONG
-  - READ_PORT_UCHAR
-  - READ_PORT_USHORT
-  - READ_PORT_ULONG
-  - KfLowerIrql
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: ab53d07f18a9697139ddc825b466f696
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: c518efc7fb74ad56780730034846fb80
-    SHA1: ec34db923330d443ffb78311b27ed227fee4ed16
-    SHA256: 31c6a4c2e5994dcccb1fc3fa846b9d865f191213ec5686c163e548fa58c0e245
-  SHA1: 213ba055863d4226da26a759e8a254062ea77814
-  SHA256: 362c4f3dadc9c393682664a139d65d80e32caa2a97b6e0361dfd713a73267ecc
-  Sections:
-    .text:
-      Entropy: 6.012865951436391
-      Virtual Size: '0xeec'
-    .rdata:
-      Entropy: 4.674544303018785
-      Virtual Size: '0x127'
-    .data:
-      Entropy: 1.3219280948873622
-      Virtual Size: '0x28'
-    INIT:
-      Entropy: 5.6725581816645905
-      Virtual Size: '0x54c'
-    .reloc:
-      Entropy: 5.327084372249684
-      Virtual Size: '0x1a2'
-  Signature:
-  - Biostar Microtech Int'l Corp
-  - DigiCert EV Code Signing CA
-  - DigiCert
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: ??=Private Organization, ??=TW, serialNumber=23826200, ??=2F, NO.108,2,
-        MIN CHUAN RD, postalCode=231, C=TW, ST=XINDIAN DIST, L=NEW TAIPEI CITY, O=Biostar
-        Microtech Int'l Corp, CN=Biostar Microtech Int'l Corp
-      ValidFrom: '2017-01-18 00:00:00'
-      ValidTo: '2018-11-21 12:00:00'
-      Signature: aa8cef17213cdec7450165ba781408fc71b6792ac728f013552013c510425eb3a2e2ef24ade49746109163fa7f439ea8fdd5d17d6b314fec14bcbf7ee75a9583786cf64194fd76065aa97819044180dd63b9168bdd5cefcd2ce925b4ca4da6e78b0d61ad0850722efed489401704611c8918e733ff438a81521e58224b3b0357ac9f8e8feaf9b4da492ef2e00b1d30ebacb6146bdafc613fbd87377733614beb7458f1bd285b224620c0dc41a4b58ed64abb79fa6344ca956ea323f12cdcc794f5620cc46ef8892a04d6b33cb81b5e0b2e6e1218fc9f1de0a1d7083ec01b422d9b351f429b4c709bd1fa057edcc32dda3b940fb999896097c07237578e983fc5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0240c40d347ee38f707adae8a101450b
-      Version: 3
-      TBS:
-        MD5: 88a4c70dd696e5777929d272523d55bf
-        SHA1: c4353dfabf88e1243b77bcbf451fecea1cd17a87
-        SHA256: ecf1547d382836fa9202405ad21933170f4a9a1316d131ef6a89c527164481ad
-        SHA384: e01e1f8f8e20db99bde388c0ef388eecd9742ce89c2d699cd156fca1fec006c869b3cf62fa1992f343b0d86830960deb
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA
-      ValidFrom: '2012-04-18 12:00:00'
-      ValidTo: '2027-04-18 12:00:00'
-      Signature: 9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0dd0e3374ac95bdbfa6b434b2a48ec06
-      Version: 3
-      TBS:
-        MD5: f92649915476229b093c211c2b18e6c4
-        SHA1: 2d54c16a8f8b69ccdea48d0603c132f547a5cf75
-        SHA256: 2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
-        SHA384: 511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 0240c40d347ee38f707adae8a101450b
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA
-      Version: 1
-  Imphash: 1d05fb30a58133da2e9dbdfcf51b80fd
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create BS_RCIO.sys binPath=C:\windows\temp\BS_RCIO.sys type=kernel
+        && sc.exe start BS_RCIO.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules
 - https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules
-Tags:
-- BS_RCIO.sys
-Verified: 'TRUE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 8284660345377a69dd99b25fdf397314
+        SHA1: 3311e4e94e8a6dd81859719fbe0fcbf187f0bd8a
+        SHA256: f67e60228084151fdcb84e94a48693db864cf606b65faef5a1d829175380dbfa
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2017-01-16 19:29:00'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: BS_RCIO.sys
+    ImportedFunctions:
+    - KeWaitForSingleObject
+    - memcpy
+    - KeDelayExecutionThread
+    - PsTerminateSystemThread
+    - KeSetEvent
+    - IoStartNextPacket
+    - IoReleaseCancelSpinLock
+    - IoAcquireCancelSpinLock
+    - ZwClose
+    - MmMapIoSpace
+    - ObfDereferenceObject
+    - ObReferenceObjectByHandle
+    - ExEventObjectType
+    - IofCompleteRequest
+    - KeRemoveEntryDeviceQueue
+    - IoStartPacket
+    - KeTickCount
+    - KeBugCheckEx
+    - READ_REGISTER_BUFFER_UCHAR
+    - MmUnmapIoSpace
+    - KeReleaseSemaphore
+    - KeInitializeSemaphore
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - PsCreateSystemThread
+    - IoDeleteDevice
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    - WRITE_PORT_UCHAR
+    - WRITE_PORT_USHORT
+    - WRITE_PORT_ULONG
+    - READ_PORT_UCHAR
+    - READ_PORT_USHORT
+    - READ_PORT_ULONG
+    - KfLowerIrql
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: ab53d07f18a9697139ddc825b466f696
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: c518efc7fb74ad56780730034846fb80
+        SHA1: ec34db923330d443ffb78311b27ed227fee4ed16
+        SHA256: 31c6a4c2e5994dcccb1fc3fa846b9d865f191213ec5686c163e548fa58c0e245
+    SHA1: 213ba055863d4226da26a759e8a254062ea77814
+    SHA256: 362c4f3dadc9c393682664a139d65d80e32caa2a97b6e0361dfd713a73267ecc
+    Sections:
+        .text:
+            Entropy: 6.012865951436391
+            Virtual Size: '0xeec'
+        .rdata:
+            Entropy: 4.674544303018785
+            Virtual Size: '0x127'
+        .data:
+            Entropy: 1.3219280948873622
+            Virtual Size: '0x28'
+        INIT:
+            Entropy: 5.6725581816645905
+            Virtual Size: '0x54c'
+        .reloc:
+            Entropy: 5.327084372249684
+            Virtual Size: '0x1a2'
+    Signature:
+    - Biostar Microtech Int'l Corp
+    - DigiCert EV Code Signing CA
+    - DigiCert
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: ??=Private Organization, ??=TW, serialNumber=23826200, ??=2F,
+                NO.108,2, MIN CHUAN RD, postalCode=231, C=TW, ST=XINDIAN DIST, L=NEW
+                TAIPEI CITY, O=Biostar Microtech Int'l Corp, CN=Biostar Microtech
+                Int'l Corp
+            ValidFrom: '2017-01-18 00:00:00'
+            ValidTo: '2018-11-21 12:00:00'
+            Signature: aa8cef17213cdec7450165ba781408fc71b6792ac728f013552013c510425eb3a2e2ef24ade49746109163fa7f439ea8fdd5d17d6b314fec14bcbf7ee75a9583786cf64194fd76065aa97819044180dd63b9168bdd5cefcd2ce925b4ca4da6e78b0d61ad0850722efed489401704611c8918e733ff438a81521e58224b3b0357ac9f8e8feaf9b4da492ef2e00b1d30ebacb6146bdafc613fbd87377733614beb7458f1bd285b224620c0dc41a4b58ed64abb79fa6344ca956ea323f12cdcc794f5620cc46ef8892a04d6b33cb81b5e0b2e6e1218fc9f1de0a1d7083ec01b422d9b351f429b4c709bd1fa057edcc32dda3b940fb999896097c07237578e983fc5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0240c40d347ee38f707adae8a101450b
+            Version: 3
+            TBS:
+                MD5: 88a4c70dd696e5777929d272523d55bf
+                SHA1: c4353dfabf88e1243b77bcbf451fecea1cd17a87
+                SHA256: ecf1547d382836fa9202405ad21933170f4a9a1316d131ef6a89c527164481ad
+                SHA384: e01e1f8f8e20db99bde388c0ef388eecd9742ce89c2d699cd156fca1fec006c869b3cf62fa1992f343b0d86830960deb
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA
+            ValidFrom: '2012-04-18 12:00:00'
+            ValidTo: '2027-04-18 12:00:00'
+            Signature: 9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0dd0e3374ac95bdbfa6b434b2a48ec06
+            Version: 3
+            TBS:
+                MD5: f92649915476229b093c211c2b18e6c4
+                SHA1: 2d54c16a8f8b69ccdea48d0603c132f547a5cf75
+                SHA256: 2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
+                SHA384: 511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 0240c40d347ee38f707adae8a101450b
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA
+            Version: 1
+    Imphash: 1d05fb30a58133da2e9dbdfcf51b80fd
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/0baa833c-e4e1-449e-86ee-cafeb11f5fd5.yaml b/yaml/0baa833c-e4e1-449e-86ee-cafeb11f5fd5.yaml
index 3c3e77141..3d2ec022a 100644
--- a/yaml/0baa833c-e4e1-449e-86ee-cafeb11f5fd5.yaml
+++ b/yaml/0baa833c-e4e1-449e-86ee-cafeb11f5fd5.yaml
@@ -1,480 +1,480 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 0baa833c-e4e1-449e-86ee-cafeb11f5fd5
+Tags:
+- vboxguest.sys
+Verified: 'TRUE'
 Author: Michael Haag
+Created: '2023-07-22'
+MitreID: T1068
 CVE:
 - ''
 Category: vulnerable drivers
 Commands:
-  Command: ''
-  Description: Confirmed vulnerable driver from Microsoft Block List
-  OperatingSystem: Windows
-  Privileges: kernel
-  Usecase: Elevate privileges
-Created: '2023-07-22'
-Detection:
-- type: ''
-  value: ''
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: 0baa833c-e4e1-449e-86ee-cafeb11f5fd5
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: c9fff1bf9b2dd3c53150aa7fa931e7a9
-    SHA1: 1824949e8cbe70954e2e5676c7559e32867eb7b4
-    SHA256: c3fa8f5c8094a6c6936faff1d1faa02fd489482f21c288e6c700446ade5c20be
-  Company: innotek GmbH
-  Copyright: Copyright (C) 2004-2007 innotek GmbH
-  CreationTimestamp: '2007-10-18 01:49:33'
-  Date: ''
-  Description: VirtualBox Guest Driver
-  ExportedFunctions:
-  - AssertMsg1
-  - AssertMsg2
-  - RTLogBackdoorPrintf
-  - RTLogBackdoorPrintfV
-  - RTLogFormatV
-  - RTLogWriteUser
-  - RTMemAlloc
-  - RTMemAllocZ
-  - RTMemContAlloc
-  - RTMemContFree
-  - RTMemExecAlloc
-  - RTMemExecFree
-  - RTMemFree
-  - RTMemRealloc
-  - RTMemTmpAlloc
-  - RTMemTmpAllocZ
-  - RTMemTmpFree
-  - RTSemEventCreate
-  - RTSemEventDestroy
-  - RTSemEventSignal
-  - RTSemEventWait
-  - RTSemFastMutexCreate
-  - RTSemFastMutexDestroy
-  - RTSemFastMutexRelease
-  - RTSemFastMutexRequest
-  - RTSemMutexCreate
-  - RTSemMutexDestroy
-  - RTSemMutexRelease
-  - RTSemMutexRequest
-  - RTStrFormat
-  - RTStrFormatNumber
-  - RTStrFormatV
-  FileVersion: 1.5.2
-  Filename: ''
-  ImportedFunctions:
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - RtlInitUnicodeString
-  - IofCompleteRequest
-  - KeWaitForSingleObject
-  - IofCallDriver
-  - KePulseEvent
-  - KeInsertQueueDpc
-  - MmMapIoSpace
-  - MmUnmapIoSpace
-  - PsGetVersion
-  - ObfDereferenceObject
-  - KeResetEvent
-  - ZwSetSystemTime
-  - ZwClose
-  - ObReferenceObjectByHandle
-  - PsCreateSystemThread
-  - KeInitializeEvent
-  - IoDeleteDevice
-  - PoCallDriver
-  - PoStartNextPowerIrp
-  - IoDetachDevice
-  - IoConnectInterrupt
-  - KeInitializeDpc
-  - IoFreeMdl
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - _except_handler3
-  - MmUnlockPages
-  - KeInitializeMutex
-  - KeReleaseMutex
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - MmFreeContiguousMemory
-  - MmGetPhysicalAddress
-  - MmAllocateContiguousMemory
-  - IoAttachDeviceToDeviceStack
-  - KeSetEvent
-  - IoDeleteSymbolicLink
-  - ExAcquireFastMutex
-  - ExReleaseFastMutex
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: vboxguest
-  MD5: d04f5388e962cd21462bcc54180e84e0
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: vboxguest.sys
-  PDBPath: ''
-  Product: VirtualBox Guest Additions
-  ProductVersion: 1.5.2
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 6057ec1f7b3ca1fd52c465c5a75e98ed
-    SHA1: c399b3582e5ba4798e5ce1a449f610bc9885b220
-    SHA256: f4fef270af86e98eeb55def2f308797953172c6137e55244fdaf1ee08f48046f
-  SHA1: 73c2148626ae56cf2ff7686c6fd196ab6f653ffb
-  SHA256: 983310cdce8397c016bfcfcc9c3a8abbb5c928b235bc3c3ae3a3cc10ef24dfbd
-  Sections:
-    .text:
-      Entropy: 6.498715318861706
-      Virtual Size: '0x397c'
-    .rdata:
-      Entropy: 5.170441202927912
-      Virtual Size: '0x1554'
-    .data:
-      Entropy: 1.094105384848431
-      Virtual Size: '0x54'
-    PAGE:
-      Entropy: 6.112816718019873
-      Virtual Size: '0xd2c'
-    .edata:
-      Entropy: 4.985932824859424
-      Virtual Size: '0x36f'
-    INIT:
-      Entropy: 5.424054586662424
-      Virtual Size: '0x51a'
-    .rsrc:
-      Entropy: 3.27529491638526
-      Virtual Size: '0x370'
-    .reloc:
-      Entropy: 6.423377612183336
-      Virtual Size: '0x3ea'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=DE, O=InnoTek Systemberatung GmbH, CN=InnoTek Systemberatung GmbH,
-        emailAddress=info@innotek.de
-      ValidFrom: '2007-01-09 12:35:15'
-      ValidTo: '2008-01-09 12:35:15'
-      Signature: afdad3534508399d12ede2f611e2d0eeb79cddeb8193638a13865632fad7e8c879fa7dc83a9731e81f85ceb8bf6ef42b257af4b265a03fa7b445ea06869fda28efe2e0642c277fcb46d1e3d14394a70872581cff992979238c319514f6665e7906c738d7152ce8ae0e5660392ed454ef57309d41a139f32e4ef4ecd1fe9c8560da48ab88522492523bf103ca8a47d3ac853fd6d3502788ef56a107baa0a7335e25dca7dc2aa6456240144ba583c206ec308ba5b04c1be2229126c4d817e723ca2b8eb36d692329e7372e0dc4d78d82ace182d44856e88163ef041e16b415ab851b2dba181948f3c92fbaad952e41e7922e7e5354687f63204e6c76455b01ab5c
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0100000000011006daed6b
-      Version: 3
-      TBS:
-        MD5: bfbe9f4dc7264d47b48dbc2ec48aa897
-        SHA1: 699c3e67f349f262426097a4c9320951f0d56e8f
-        SHA256: 785b2e779c33465eaba8a6326a40af1ff990d22a5493b55ce3c1f3aa04f3b3e2
-        SHA384: 3178625856310ac3802a36f337bf9af1e2b62fbc7881221390cbd8f2e1be0f8d82c165dba90745f99c09c0bad2eced79
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
-        Primary Object Publishing CA
-      ValidFrom: '1999-01-28 12:00:00'
-      ValidTo: '2014-01-27 11:00:00'
-      Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9611cd6
-      Version: 3
-      TBS:
-        MD5: 698f075151097d84c0b1f3e7bc3d6fca
-        SHA1: 041750993d7c9e063f02dfe74699598640911aab
-        SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
-        SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      ValidFrom: '2004-01-22 09:00:00'
-      ValidTo: '2014-01-27 10:00:00'
-      Signature: 11d45d8af43d0d9d7e4fa70071610b56b34caa70e1b2d1dec7886d1d897c2ba946e58b1f8e4cc26695911fe34d394ae31b70b7446edc068a4d6d25e89812dcbca0dd864eae8f81130540905a542529944acaf165b4ef0679dae7cb86f004c918dcee72b320015748dfe333e12ccd9c077f9447278d888d340ca67c5c20c17d07b3736b648c26d29bd7e87965a6a891a174862a050282c1847cf279cd3c2a2b0f99291eea8c8a1ab16aeaa266380e65e1add8c6c91f888d3976ee1782c4138d97ce6341e77af5b4b66c15c33813b3930b620688dde1447f10a950248b60dc05f75ba514b27b56720b96eabffc057090659e051ca4dd07af4b57dec639673bc574
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9612448
-      Version: 3
-      TBS:
-        MD5: 2fc76031fc24eec1ef3db2d246d21d6a
-        SHA1: 75c3a1f76b9dfa31ef6bf56325e7bd0bf6e4779d
-        SHA256: 9238292d441c56dc89684c253343c17de3ed9cecd7f83d1d8f793b5ebc91f7b9
-        SHA384: 9279c1377eb701fdd79ef85038ff151cd8902169ba55fca84b9850f003563f73a1daaf869544252a2e42f06f58d2275f
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 0100000000011006daed6b
-      Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      Version: 1
-  Imphash: 1de909f78f82f10ffb00bd2fe9da7dd1
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 741b0c8a0a56340b62854cb121cb4930
-    SHA1: 7618118dbe72c953e62e1bcac6b3c874ec43b72f
-    SHA256: bfbc382decb986b6050268e53092eae5e981cb886ccfb116ca7a0b311cef3862
-  Company: innotek GmbH
-  Copyright: Copyright (C) 2004-2007 innotek GmbH
-  CreationTimestamp: '2008-02-19 09:09:00'
-  Date: ''
-  Description: VirtualBox Guest Driver
-  ExportedFunctions:
-  - AssertMsg1
-  - AssertMsg2
-  - RTLogBackdoorPrintf
-  - RTLogBackdoorPrintfV
-  - RTLogFormatV
-  - RTLogWriteUser
-  - RTMemAlloc
-  - RTMemAllocZ
-  - RTMemContAlloc
-  - RTMemContFree
-  - RTMemExecAlloc
-  - RTMemExecFree
-  - RTMemFree
-  - RTMemRealloc
-  - RTMemTmpAlloc
-  - RTMemTmpAllocZ
-  - RTMemTmpFree
-  - RTSemEventCreate
-  - RTSemEventDestroy
-  - RTSemEventSignal
-  - RTSemEventWait
-  - RTSemFastMutexCreate
-  - RTSemFastMutexDestroy
-  - RTSemFastMutexRelease
-  - RTSemFastMutexRequest
-  - RTSemMutexCreate
-  - RTSemMutexDestroy
-  - RTSemMutexRelease
-  - RTSemMutexRequest
-  - RTStrFormat
-  - RTStrFormatNumber
-  - RTStrFormatV
-  FileVersion: 1.5.6.28241
-  Filename: ''
-  ImportedFunctions:
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - KeSetEvent
-  - ObfDereferenceObject
-  - KeResetEvent
-  - ZwSetSystemTime
-  - ZwClose
-  - ObReferenceObjectByHandle
-  - PsCreateSystemThread
-  - KeInitializeEvent
-  - PsGetVersion
-  - IoDisconnectInterrupt
-  - IoConnectInterrupt
-  - KeInitializeDpc
-  - MmUnmapIoSpace
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - MmMapIoSpace
-  - KeInsertQueueDpc
-  - KePulseEvent
-  - KeWaitForSingleObject
-  - IoFreeMdl
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - MmUnlockPages
-  - KeInitializeMutex
-  - KeReleaseMutex
-  - ExAllocatePool
-  - ExFreePool
-  - MmFreeContiguousMemory
-  - MmGetPhysicalAddress
-  - MmAllocateContiguousMemory
-  - RtlUnwind
-  - IoAttachDeviceToDeviceStack
-  - IofCompleteRequest
-  - ExReleaseFastMutex
-  - HalAssignSlotResources
-  - HalGetInterruptVector
-  - HalGetBusData
-  - ExAcquireFastMutex
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: vboxguest
-  MD5: ff7cc8b6553ab57c53d5bc8afcf50f67
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: vboxguest.sys
-  PDBPath: ''
-  Product: VirtualBox Guest Additions
-  ProductVersion: 1.5.6.28241
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 5b7fb26b2a4fe53c9cb6b5941eaa8d54
-    SHA1: 156da0d85961b6517852b0361ba53ef4bb892496
-    SHA256: 0980a5fac489d65fbe4d22d6a614017751b3df951aa67678f67b27956fb44d7f
-  SHA1: d5ac49a7ab274bceb6671e19524bd850e06513a0
-  SHA256: d53f9111a5e6c94b37e3f39c5860897405cb250dd11aa91c3814a98b1759c055
-  Sections:
-    .text:
-      Entropy: 6.508798370730336
-      Virtual Size: '0x3b9c'
-    .rdata:
-      Entropy: 4.919019075313747
-      Virtual Size: '0x1298'
-    .data:
-      Entropy: 1.2706635459878959
-      Virtual Size: '0x64'
-    PAGE:
-      Entropy: 6.057194637350653
-      Virtual Size: '0x83c'
-    .edata:
-      Entropy: 5.051677993614914
-      Virtual Size: '0x371'
-    INIT:
-      Entropy: 6.061100966964755
-      Virtual Size: '0x854'
-    .rsrc:
-      Entropy: 3.336741265163333
-      Virtual Size: '0x388'
-    .reloc:
-      Entropy: 6.388840902014098
-      Virtual Size: '0x3ca'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=DE, O=innotek GmbH, CN=innotek GmbH, emailAddress=info@innotek.de
-      ValidFrom: '2007-12-27 14:37:17'
-      ValidTo: '2010-12-27 14:37:17'
-      Signature: 2a6d31919705290526ee3286d2825883af75a52ec1257276e9ab0eeff47a83adeab4bc2068eb7f76f84a356d466012e17b91d4f5c2913d28c73ee15018243e2ba7487f70d21f954eeeefb9854fc980d1ee61bf9a779e6e9a661938d7d9d6d101ddb49a9917264622f0ce4d63ac106b50769c38e9361a34f6cf5c5cae3ef50eb2a49d0f02c001af28d1f1fe250f2c99e5436b485a107eab17295180e5750eb31faee1ea0937a827bc140906a014b85409d8c48afbfcee20bf53f4e74661c1f555823c4bee18fde06e1e3e44fb8930e3ea84385e5006fd994fe8e69205a84ed7ed0f25c7b9f8fcb6f7d5b30188c27bf99050175afb1fc60f89ed2462ce999ca5dc
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 010000000001171c092665
-      Version: 3
-      TBS:
-        MD5: 5cfd8530475b20ed5a2bed70b37ee977
-        SHA1: 4761dbd41ba2b01f21b9306ca21e8add93a30f09
-        SHA256: 219041cc8d9e3248c69d9b116d440a0bbaa6aa500aa0c5de2d5af15908d83c7f
-        SHA384: 46dcdf272bf47e608519abe5183dae12858d1b3763b78d7f5212be2adc021325e7f7a2ff3e18cc9b5307f43a61b184c5
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
-        Primary Object Publishing CA
-      ValidFrom: '1999-01-28 12:00:00'
-      ValidTo: '2014-01-27 11:00:00'
-      Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9611cd6
-      Version: 3
-      TBS:
-        MD5: 698f075151097d84c0b1f3e7bc3d6fca
-        SHA1: 041750993d7c9e063f02dfe74699598640911aab
-        SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
-        SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      ValidFrom: '2004-01-22 09:00:00'
-      ValidTo: '2014-01-27 10:00:00'
-      Signature: 11d45d8af43d0d9d7e4fa70071610b56b34caa70e1b2d1dec7886d1d897c2ba946e58b1f8e4cc26695911fe34d394ae31b70b7446edc068a4d6d25e89812dcbca0dd864eae8f81130540905a542529944acaf165b4ef0679dae7cb86f004c918dcee72b320015748dfe333e12ccd9c077f9447278d888d340ca67c5c20c17d07b3736b648c26d29bd7e87965a6a891a174862a050282c1847cf279cd3c2a2b0f99291eea8c8a1ab16aeaa266380e65e1add8c6c91f888d3976ee1782c4138d97ce6341e77af5b4b66c15c33813b3930b620688dde1447f10a950248b60dc05f75ba514b27b56720b96eabffc057090659e051ca4dd07af4b57dec639673bc574
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9612448
-      Version: 3
-      TBS:
-        MD5: 2fc76031fc24eec1ef3db2d246d21d6a
-        SHA1: 75c3a1f76b9dfa31ef6bf56325e7bd0bf6e4779d
-        SHA256: 9238292d441c56dc89684c253343c17de3ed9cecd7f83d1d8f793b5ebc91f7b9
-        SHA384: 9279c1377eb701fdd79ef85038ff151cd8902169ba55fca84b9850f003563f73a1daaf869544252a2e42f06f58d2275f
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 010000000001171c092665
-      Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      Version: 1
-  Imphash: 60c1eb7640a50cdacdac1212965b1b25
-  LoadsDespiteHVCI: 'FALSE'
-MitreID: T1068
+    Command: ''
+    Description: Confirmed vulnerable driver from Microsoft Block List
+    OperatingSystem: Windows
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://gist.github.com/mgraeber-rc/1bde6a2a83237f17b463d051d32e802c
-Tags:
-- vboxguest.sys
-Verified: 'TRUE'
+Detection:
+-   type: ''
+    value: ''
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: c9fff1bf9b2dd3c53150aa7fa931e7a9
+        SHA1: 1824949e8cbe70954e2e5676c7559e32867eb7b4
+        SHA256: c3fa8f5c8094a6c6936faff1d1faa02fd489482f21c288e6c700446ade5c20be
+    Company: innotek GmbH
+    Copyright: Copyright (C) 2004-2007 innotek GmbH
+    CreationTimestamp: '2007-10-18 01:49:33'
+    Date: ''
+    Description: VirtualBox Guest Driver
+    ExportedFunctions:
+    - AssertMsg1
+    - AssertMsg2
+    - RTLogBackdoorPrintf
+    - RTLogBackdoorPrintfV
+    - RTLogFormatV
+    - RTLogWriteUser
+    - RTMemAlloc
+    - RTMemAllocZ
+    - RTMemContAlloc
+    - RTMemContFree
+    - RTMemExecAlloc
+    - RTMemExecFree
+    - RTMemFree
+    - RTMemRealloc
+    - RTMemTmpAlloc
+    - RTMemTmpAllocZ
+    - RTMemTmpFree
+    - RTSemEventCreate
+    - RTSemEventDestroy
+    - RTSemEventSignal
+    - RTSemEventWait
+    - RTSemFastMutexCreate
+    - RTSemFastMutexDestroy
+    - RTSemFastMutexRelease
+    - RTSemFastMutexRequest
+    - RTSemMutexCreate
+    - RTSemMutexDestroy
+    - RTSemMutexRelease
+    - RTSemMutexRequest
+    - RTStrFormat
+    - RTStrFormatNumber
+    - RTStrFormatV
+    FileVersion: 1.5.2
+    Filename: ''
+    ImportedFunctions:
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - RtlInitUnicodeString
+    - IofCompleteRequest
+    - KeWaitForSingleObject
+    - IofCallDriver
+    - KePulseEvent
+    - KeInsertQueueDpc
+    - MmMapIoSpace
+    - MmUnmapIoSpace
+    - PsGetVersion
+    - ObfDereferenceObject
+    - KeResetEvent
+    - ZwSetSystemTime
+    - ZwClose
+    - ObReferenceObjectByHandle
+    - PsCreateSystemThread
+    - KeInitializeEvent
+    - IoDeleteDevice
+    - PoCallDriver
+    - PoStartNextPowerIrp
+    - IoDetachDevice
+    - IoConnectInterrupt
+    - KeInitializeDpc
+    - IoFreeMdl
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - _except_handler3
+    - MmUnlockPages
+    - KeInitializeMutex
+    - KeReleaseMutex
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - MmFreeContiguousMemory
+    - MmGetPhysicalAddress
+    - MmAllocateContiguousMemory
+    - IoAttachDeviceToDeviceStack
+    - KeSetEvent
+    - IoDeleteSymbolicLink
+    - ExAcquireFastMutex
+    - ExReleaseFastMutex
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: vboxguest
+    MD5: d04f5388e962cd21462bcc54180e84e0
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: vboxguest.sys
+    PDBPath: ''
+    Product: VirtualBox Guest Additions
+    ProductVersion: 1.5.2
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 6057ec1f7b3ca1fd52c465c5a75e98ed
+        SHA1: c399b3582e5ba4798e5ce1a449f610bc9885b220
+        SHA256: f4fef270af86e98eeb55def2f308797953172c6137e55244fdaf1ee08f48046f
+    SHA1: 73c2148626ae56cf2ff7686c6fd196ab6f653ffb
+    SHA256: 983310cdce8397c016bfcfcc9c3a8abbb5c928b235bc3c3ae3a3cc10ef24dfbd
+    Sections:
+        .text:
+            Entropy: 6.498715318861706
+            Virtual Size: '0x397c'
+        .rdata:
+            Entropy: 5.170441202927912
+            Virtual Size: '0x1554'
+        .data:
+            Entropy: 1.094105384848431
+            Virtual Size: '0x54'
+        PAGE:
+            Entropy: 6.112816718019873
+            Virtual Size: '0xd2c'
+        .edata:
+            Entropy: 4.985932824859424
+            Virtual Size: '0x36f'
+        INIT:
+            Entropy: 5.424054586662424
+            Virtual Size: '0x51a'
+        .rsrc:
+            Entropy: 3.27529491638526
+            Virtual Size: '0x370'
+        .reloc:
+            Entropy: 6.423377612183336
+            Virtual Size: '0x3ea'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=DE, O=InnoTek Systemberatung GmbH, CN=InnoTek Systemberatung
+                GmbH, emailAddress=info@innotek.de
+            ValidFrom: '2007-01-09 12:35:15'
+            ValidTo: '2008-01-09 12:35:15'
+            Signature: afdad3534508399d12ede2f611e2d0eeb79cddeb8193638a13865632fad7e8c879fa7dc83a9731e81f85ceb8bf6ef42b257af4b265a03fa7b445ea06869fda28efe2e0642c277fcb46d1e3d14394a70872581cff992979238c319514f6665e7906c738d7152ce8ae0e5660392ed454ef57309d41a139f32e4ef4ecd1fe9c8560da48ab88522492523bf103ca8a47d3ac853fd6d3502788ef56a107baa0a7335e25dca7dc2aa6456240144ba583c206ec308ba5b04c1be2229126c4d817e723ca2b8eb36d692329e7372e0dc4d78d82ace182d44856e88163ef041e16b415ab851b2dba181948f3c92fbaad952e41e7922e7e5354687f63204e6c76455b01ab5c
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0100000000011006daed6b
+            Version: 3
+            TBS:
+                MD5: bfbe9f4dc7264d47b48dbc2ec48aa897
+                SHA1: 699c3e67f349f262426097a4c9320951f0d56e8f
+                SHA256: 785b2e779c33465eaba8a6326a40af1ff990d22a5493b55ce3c1f3aa04f3b3e2
+                SHA384: 3178625856310ac3802a36f337bf9af1e2b62fbc7881221390cbd8f2e1be0f8d82c165dba90745f99c09c0bad2eced79
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
+                Primary Object Publishing CA
+            ValidFrom: '1999-01-28 12:00:00'
+            ValidTo: '2014-01-27 11:00:00'
+            Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9611cd6
+            Version: 3
+            TBS:
+                MD5: 698f075151097d84c0b1f3e7bc3d6fca
+                SHA1: 041750993d7c9e063f02dfe74699598640911aab
+                SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
+                SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            ValidFrom: '2004-01-22 09:00:00'
+            ValidTo: '2014-01-27 10:00:00'
+            Signature: 11d45d8af43d0d9d7e4fa70071610b56b34caa70e1b2d1dec7886d1d897c2ba946e58b1f8e4cc26695911fe34d394ae31b70b7446edc068a4d6d25e89812dcbca0dd864eae8f81130540905a542529944acaf165b4ef0679dae7cb86f004c918dcee72b320015748dfe333e12ccd9c077f9447278d888d340ca67c5c20c17d07b3736b648c26d29bd7e87965a6a891a174862a050282c1847cf279cd3c2a2b0f99291eea8c8a1ab16aeaa266380e65e1add8c6c91f888d3976ee1782c4138d97ce6341e77af5b4b66c15c33813b3930b620688dde1447f10a950248b60dc05f75ba514b27b56720b96eabffc057090659e051ca4dd07af4b57dec639673bc574
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9612448
+            Version: 3
+            TBS:
+                MD5: 2fc76031fc24eec1ef3db2d246d21d6a
+                SHA1: 75c3a1f76b9dfa31ef6bf56325e7bd0bf6e4779d
+                SHA256: 9238292d441c56dc89684c253343c17de3ed9cecd7f83d1d8f793b5ebc91f7b9
+                SHA384: 9279c1377eb701fdd79ef85038ff151cd8902169ba55fca84b9850f003563f73a1daaf869544252a2e42f06f58d2275f
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 0100000000011006daed6b
+            Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            Version: 1
+    Imphash: 1de909f78f82f10ffb00bd2fe9da7dd1
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 741b0c8a0a56340b62854cb121cb4930
+        SHA1: 7618118dbe72c953e62e1bcac6b3c874ec43b72f
+        SHA256: bfbc382decb986b6050268e53092eae5e981cb886ccfb116ca7a0b311cef3862
+    Company: innotek GmbH
+    Copyright: Copyright (C) 2004-2007 innotek GmbH
+    CreationTimestamp: '2008-02-19 09:09:00'
+    Date: ''
+    Description: VirtualBox Guest Driver
+    ExportedFunctions:
+    - AssertMsg1
+    - AssertMsg2
+    - RTLogBackdoorPrintf
+    - RTLogBackdoorPrintfV
+    - RTLogFormatV
+    - RTLogWriteUser
+    - RTMemAlloc
+    - RTMemAllocZ
+    - RTMemContAlloc
+    - RTMemContFree
+    - RTMemExecAlloc
+    - RTMemExecFree
+    - RTMemFree
+    - RTMemRealloc
+    - RTMemTmpAlloc
+    - RTMemTmpAllocZ
+    - RTMemTmpFree
+    - RTSemEventCreate
+    - RTSemEventDestroy
+    - RTSemEventSignal
+    - RTSemEventWait
+    - RTSemFastMutexCreate
+    - RTSemFastMutexDestroy
+    - RTSemFastMutexRelease
+    - RTSemFastMutexRequest
+    - RTSemMutexCreate
+    - RTSemMutexDestroy
+    - RTSemMutexRelease
+    - RTSemMutexRequest
+    - RTStrFormat
+    - RTStrFormatNumber
+    - RTStrFormatV
+    FileVersion: 1.5.6.28241
+    Filename: ''
+    ImportedFunctions:
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - KeSetEvent
+    - ObfDereferenceObject
+    - KeResetEvent
+    - ZwSetSystemTime
+    - ZwClose
+    - ObReferenceObjectByHandle
+    - PsCreateSystemThread
+    - KeInitializeEvent
+    - PsGetVersion
+    - IoDisconnectInterrupt
+    - IoConnectInterrupt
+    - KeInitializeDpc
+    - MmUnmapIoSpace
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - MmMapIoSpace
+    - KeInsertQueueDpc
+    - KePulseEvent
+    - KeWaitForSingleObject
+    - IoFreeMdl
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - MmUnlockPages
+    - KeInitializeMutex
+    - KeReleaseMutex
+    - ExAllocatePool
+    - ExFreePool
+    - MmFreeContiguousMemory
+    - MmGetPhysicalAddress
+    - MmAllocateContiguousMemory
+    - RtlUnwind
+    - IoAttachDeviceToDeviceStack
+    - IofCompleteRequest
+    - ExReleaseFastMutex
+    - HalAssignSlotResources
+    - HalGetInterruptVector
+    - HalGetBusData
+    - ExAcquireFastMutex
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: vboxguest
+    MD5: ff7cc8b6553ab57c53d5bc8afcf50f67
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: vboxguest.sys
+    PDBPath: ''
+    Product: VirtualBox Guest Additions
+    ProductVersion: 1.5.6.28241
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 5b7fb26b2a4fe53c9cb6b5941eaa8d54
+        SHA1: 156da0d85961b6517852b0361ba53ef4bb892496
+        SHA256: 0980a5fac489d65fbe4d22d6a614017751b3df951aa67678f67b27956fb44d7f
+    SHA1: d5ac49a7ab274bceb6671e19524bd850e06513a0
+    SHA256: d53f9111a5e6c94b37e3f39c5860897405cb250dd11aa91c3814a98b1759c055
+    Sections:
+        .text:
+            Entropy: 6.508798370730336
+            Virtual Size: '0x3b9c'
+        .rdata:
+            Entropy: 4.919019075313747
+            Virtual Size: '0x1298'
+        .data:
+            Entropy: 1.2706635459878959
+            Virtual Size: '0x64'
+        PAGE:
+            Entropy: 6.057194637350653
+            Virtual Size: '0x83c'
+        .edata:
+            Entropy: 5.051677993614914
+            Virtual Size: '0x371'
+        INIT:
+            Entropy: 6.061100966964755
+            Virtual Size: '0x854'
+        .rsrc:
+            Entropy: 3.336741265163333
+            Virtual Size: '0x388'
+        .reloc:
+            Entropy: 6.388840902014098
+            Virtual Size: '0x3ca'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=DE, O=innotek GmbH, CN=innotek GmbH, emailAddress=info@innotek.de
+            ValidFrom: '2007-12-27 14:37:17'
+            ValidTo: '2010-12-27 14:37:17'
+            Signature: 2a6d31919705290526ee3286d2825883af75a52ec1257276e9ab0eeff47a83adeab4bc2068eb7f76f84a356d466012e17b91d4f5c2913d28c73ee15018243e2ba7487f70d21f954eeeefb9854fc980d1ee61bf9a779e6e9a661938d7d9d6d101ddb49a9917264622f0ce4d63ac106b50769c38e9361a34f6cf5c5cae3ef50eb2a49d0f02c001af28d1f1fe250f2c99e5436b485a107eab17295180e5750eb31faee1ea0937a827bc140906a014b85409d8c48afbfcee20bf53f4e74661c1f555823c4bee18fde06e1e3e44fb8930e3ea84385e5006fd994fe8e69205a84ed7ed0f25c7b9f8fcb6f7d5b30188c27bf99050175afb1fc60f89ed2462ce999ca5dc
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 010000000001171c092665
+            Version: 3
+            TBS:
+                MD5: 5cfd8530475b20ed5a2bed70b37ee977
+                SHA1: 4761dbd41ba2b01f21b9306ca21e8add93a30f09
+                SHA256: 219041cc8d9e3248c69d9b116d440a0bbaa6aa500aa0c5de2d5af15908d83c7f
+                SHA384: 46dcdf272bf47e608519abe5183dae12858d1b3763b78d7f5212be2adc021325e7f7a2ff3e18cc9b5307f43a61b184c5
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
+                Primary Object Publishing CA
+            ValidFrom: '1999-01-28 12:00:00'
+            ValidTo: '2014-01-27 11:00:00'
+            Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9611cd6
+            Version: 3
+            TBS:
+                MD5: 698f075151097d84c0b1f3e7bc3d6fca
+                SHA1: 041750993d7c9e063f02dfe74699598640911aab
+                SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
+                SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            ValidFrom: '2004-01-22 09:00:00'
+            ValidTo: '2014-01-27 10:00:00'
+            Signature: 11d45d8af43d0d9d7e4fa70071610b56b34caa70e1b2d1dec7886d1d897c2ba946e58b1f8e4cc26695911fe34d394ae31b70b7446edc068a4d6d25e89812dcbca0dd864eae8f81130540905a542529944acaf165b4ef0679dae7cb86f004c918dcee72b320015748dfe333e12ccd9c077f9447278d888d340ca67c5c20c17d07b3736b648c26d29bd7e87965a6a891a174862a050282c1847cf279cd3c2a2b0f99291eea8c8a1ab16aeaa266380e65e1add8c6c91f888d3976ee1782c4138d97ce6341e77af5b4b66c15c33813b3930b620688dde1447f10a950248b60dc05f75ba514b27b56720b96eabffc057090659e051ca4dd07af4b57dec639673bc574
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9612448
+            Version: 3
+            TBS:
+                MD5: 2fc76031fc24eec1ef3db2d246d21d6a
+                SHA1: 75c3a1f76b9dfa31ef6bf56325e7bd0bf6e4779d
+                SHA256: 9238292d441c56dc89684c253343c17de3ed9cecd7f83d1d8f793b5ebc91f7b9
+                SHA384: 9279c1377eb701fdd79ef85038ff151cd8902169ba55fca84b9850f003563f73a1daaf869544252a2e42f06f58d2275f
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 010000000001171c092665
+            Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            Version: 1
+    Imphash: 60c1eb7640a50cdacdac1212965b1b25
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/0c0198a3-5c63-4a9b-abe9-88a810602329.yaml b/yaml/0c0198a3-5c63-4a9b-abe9-88a810602329.yaml
index f647d2f99..8f4a69d48 100644
--- a/yaml/0c0198a3-5c63-4a9b-abe9-88a810602329.yaml
+++ b/yaml/0c0198a3-5c63-4a9b-abe9-88a810602329.yaml
@@ -1,129 +1,129 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 0c0198a3-5c63-4a9b-abe9-88a810602329
+Tags:
+- 2.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: malicious
-Commands:
-  Command: sc.exe create 2.sys binPath=C:\windows\temp\2.sys type=kernel && sc.exe
-    start 2.sys
-  Description: Driver categorized as POORTRY by Mandiant.
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-03-04'
-Detection: []
-Id: 0c0198a3-5c63-4a9b-abe9-88a810602329
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 887c566bdc8ed5231f45a37845d5ee89
-    SHA1: e6ab2bbad89502d8985381b33d7351eb97cb2b78
-    SHA256: 565733b6e6d8f7b9661f04a3b4f29372f5dec080512551204b92ac4916a144cb
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2013-12-12 10:14:51'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: 2.sys
-  ImportedFunctions:
-  - ExAllocatePoolWithTag
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - RtlAnsiStringToUnicodeString
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - IoCreateFile
-  - RtlInitString
-  - RtlFreeUnicodeString
-  - ZwQueryDirectoryFile
-  - ZwClose
-  - IofCompleteRequest
-  - IoIsWdmVersionAvailable
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - DbgPrint
-  - KeBugCheckEx
-  - __chkstk
-  Imports:
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: bd25be845c151370ff177509d95d5add
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: b8bd897847f9fb59fd2cd13a53dd67bd
-    SHA1: 3db6a537756d68d4e961e37bc17960881214eca4
-    SHA256: 0418235f7944cd80b88942aa7c406a353062afb5f821b5d7e8bd9628e6db3325
-  SHA1: 10115219e3595b93204c70eec6db3e68a93f3144
-  SHA256: 88076e98d45ed3adf0c5355411fe8ca793eb7cec1a1c61f5e1ec337eae267463
-  Sections:
-    .text:
-      Entropy: 5.937121058090373
-      Virtual Size: '0xb9b'
-    .rdata:
-      Entropy: 4.490966677486938
-      Virtual Size: '0x1ac'
-    .data:
-      Entropy: 0.5159719988134768
-      Virtual Size: '0x110'
-    .pdata:
-      Entropy: 3.286805294060428
-      Virtual Size: '0x90'
-    INIT:
-      Entropy: 5.062533995350018
-      Virtual Size: '0x2c0'
-  Signature:
-  - Microsoft Windows Hardware Compatibility Publisher
-  - Microsoft Windows Third Party Component CA 2014
-  - Microsoft Root Certificate Authority 2010
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Hardware Compatibility Publisher
-      ValidFrom: '2022-06-07 18:08:06'
-      ValidTo: '2023-06-01 18:08:06'
-      Signature: 0a835e40cdb627d4f0a0d3dbbf64a46a05c132d0b5df9d11cd9c195d7037737057d57a342732ae68d67de47f460e7211c7c40dc29b0a079caff871c4834a9a2fc85e759de9b78659ad6fd79b7320e538e9ba5d52227ad67cc00b0a770ef662af3d743a558643ad89cfb015591709a69b6271a9b65db71898e7cb9964c6376dc474898301a6133198b486b518fdd9d7b9723dcffc441e026833f7c72e27986026c97b9184a0048b10d1fe6847ae467f02173f7a69120be780e5b6b9e6399402cc58735a31b537cc33578fbea443135a4a612359150bcf9ab316f6a9248bc71ef3f3480b9b3fa2341692bc3a121d80214688f7bd87d5ec56dcbd0ea61abf2c7ed2b739a07590adb596d401735d955f5f94c591d69ab4363a42f9fca549d439495711ff7990448c03724792ed4acf31f2b35b136c1b2f37aa82b1aabf7daf059dcb2e976e95311ec6e9cc53876dd09632cf512d39c801849a7c1088a565691953e07c7ff17b22518e982dd2dcc0feda8c834ca1f5e247aef1c3af5f13cd4b8cc1b6c0179bc876db88d677047c34366533e349796dbdea86389ad640710b7742ae8cc4ec88f10fa80ede4b1c93f81b55480fc8228216d54813df0327e74b3db9f3512a40c0568e4215827f9b7a2613deea72a7ec4df2def05e5559015049fe83edc83300526045cb128119e131b7d3573b268e24b0a25b9ad59f6301c8fc8f409322
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 3300000057ee4d659a923e7c10000000000057
-      Version: 3
-      TBS:
-        MD5: fdc11a5676aed4e9cc0c09eeb7450dfb
-        SHA1: 4902077d9a05d4231b791d3b05bafa4a79132f03
-        SHA256: 5db56c23d83bf67c7152e28ad4a684a7372b4ae4f52afe7a81ce91eef94caec3
-        SHA384: c952d7f0e0ea5216ce4400601fb7c0829f0f3fcd6eb2b5b9112fbe45d133e00c4abd660f8e1794f7ac4ef95123e2c0ab
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2014
-      ValidFrom: '2014-10-15 20:31:27'
-      ValidTo: '2029-10-15 20:41:27'
-      Signature: 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 330000000d690d5d7893d076df00000000000d
-      Version: 3
-      TBS:
-        MD5: 83f69422963f11c3c340b81712eef319
-        SHA1: 0c5e5f24590b53bc291e28583acb78e5adc95601
-        SHA256: d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
-        SHA384: 260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63
-    Signer:
-    - SerialNumber: 3300000057ee4d659a923e7c10000000000057
-      Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2014
-      Version: 1
-  Imphash: 3fd33d5b3b52e2db91983ac4b1d7a3c4
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: malicious
+Commands:
+    Command: sc.exe create 2.sys binPath=C:\windows\temp\2.sys type=kernel && sc.exe
+        start 2.sys
+    Description: Driver categorized as POORTRY by Mandiant.
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://www.mandiant.com/resources/blog/hunting-attestation-signed-malware
 - ''
-Tags:
-- 2.sys
-Verified: 'TRUE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 887c566bdc8ed5231f45a37845d5ee89
+        SHA1: e6ab2bbad89502d8985381b33d7351eb97cb2b78
+        SHA256: 565733b6e6d8f7b9661f04a3b4f29372f5dec080512551204b92ac4916a144cb
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2013-12-12 10:14:51'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: 2.sys
+    ImportedFunctions:
+    - ExAllocatePoolWithTag
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - RtlAnsiStringToUnicodeString
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - IoCreateFile
+    - RtlInitString
+    - RtlFreeUnicodeString
+    - ZwQueryDirectoryFile
+    - ZwClose
+    - IofCompleteRequest
+    - IoIsWdmVersionAvailable
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - DbgPrint
+    - KeBugCheckEx
+    - __chkstk
+    Imports:
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: bd25be845c151370ff177509d95d5add
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: b8bd897847f9fb59fd2cd13a53dd67bd
+        SHA1: 3db6a537756d68d4e961e37bc17960881214eca4
+        SHA256: 0418235f7944cd80b88942aa7c406a353062afb5f821b5d7e8bd9628e6db3325
+    SHA1: 10115219e3595b93204c70eec6db3e68a93f3144
+    SHA256: 88076e98d45ed3adf0c5355411fe8ca793eb7cec1a1c61f5e1ec337eae267463
+    Sections:
+        .text:
+            Entropy: 5.937121058090373
+            Virtual Size: '0xb9b'
+        .rdata:
+            Entropy: 4.490966677486938
+            Virtual Size: '0x1ac'
+        .data:
+            Entropy: 0.5159719988134768
+            Virtual Size: '0x110'
+        .pdata:
+            Entropy: 3.286805294060428
+            Virtual Size: '0x90'
+        INIT:
+            Entropy: 5.062533995350018
+            Virtual Size: '0x2c0'
+    Signature:
+    - Microsoft Windows Hardware Compatibility Publisher
+    - Microsoft Windows Third Party Component CA 2014
+    - Microsoft Root Certificate Authority 2010
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Hardware Compatibility Publisher
+            ValidFrom: '2022-06-07 18:08:06'
+            ValidTo: '2023-06-01 18:08:06'
+            Signature: 0a835e40cdb627d4f0a0d3dbbf64a46a05c132d0b5df9d11cd9c195d7037737057d57a342732ae68d67de47f460e7211c7c40dc29b0a079caff871c4834a9a2fc85e759de9b78659ad6fd79b7320e538e9ba5d52227ad67cc00b0a770ef662af3d743a558643ad89cfb015591709a69b6271a9b65db71898e7cb9964c6376dc474898301a6133198b486b518fdd9d7b9723dcffc441e026833f7c72e27986026c97b9184a0048b10d1fe6847ae467f02173f7a69120be780e5b6b9e6399402cc58735a31b537cc33578fbea443135a4a612359150bcf9ab316f6a9248bc71ef3f3480b9b3fa2341692bc3a121d80214688f7bd87d5ec56dcbd0ea61abf2c7ed2b739a07590adb596d401735d955f5f94c591d69ab4363a42f9fca549d439495711ff7990448c03724792ed4acf31f2b35b136c1b2f37aa82b1aabf7daf059dcb2e976e95311ec6e9cc53876dd09632cf512d39c801849a7c1088a565691953e07c7ff17b22518e982dd2dcc0feda8c834ca1f5e247aef1c3af5f13cd4b8cc1b6c0179bc876db88d677047c34366533e349796dbdea86389ad640710b7742ae8cc4ec88f10fa80ede4b1c93f81b55480fc8228216d54813df0327e74b3db9f3512a40c0568e4215827f9b7a2613deea72a7ec4df2def05e5559015049fe83edc83300526045cb128119e131b7d3573b268e24b0a25b9ad59f6301c8fc8f409322
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 3300000057ee4d659a923e7c10000000000057
+            Version: 3
+            TBS:
+                MD5: fdc11a5676aed4e9cc0c09eeb7450dfb
+                SHA1: 4902077d9a05d4231b791d3b05bafa4a79132f03
+                SHA256: 5db56c23d83bf67c7152e28ad4a684a7372b4ae4f52afe7a81ce91eef94caec3
+                SHA384: c952d7f0e0ea5216ce4400601fb7c0829f0f3fcd6eb2b5b9112fbe45d133e00c4abd660f8e1794f7ac4ef95123e2c0ab
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2014
+            ValidFrom: '2014-10-15 20:31:27'
+            ValidTo: '2029-10-15 20:41:27'
+            Signature: 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 330000000d690d5d7893d076df00000000000d
+            Version: 3
+            TBS:
+                MD5: 83f69422963f11c3c340b81712eef319
+                SHA1: 0c5e5f24590b53bc291e28583acb78e5adc95601
+                SHA256: d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
+                SHA384: 260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63
+        Signer:
+        -   SerialNumber: 3300000057ee4d659a923e7c10000000000057
+            Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2014
+            Version: 1
+    Imphash: 3fd33d5b3b52e2db91983ac4b1d7a3c4
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/0d039ee9-aaa5-49c2-a980-405d4290ee0a.yaml b/yaml/0d039ee9-aaa5-49c2-a980-405d4290ee0a.yaml
index e40e2d269..9fc4a0811 100644
--- a/yaml/0d039ee9-aaa5-49c2-a980-405d4290ee0a.yaml
+++ b/yaml/0d039ee9-aaa5-49c2-a980-405d4290ee0a.yaml
@@ -1,216 +1,217 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 0d039ee9-aaa5-49c2-a980-405d4290ee0a
+Tags:
+- telephonuAfY.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: malicious
-Commands:
-  Command: sc.exe create telephonuAfY.sys binPath=C:\windows\temp\telephonuAfY.sys
-    type=kernel && sc.exe start telephonuAfY.sys
-  Description: "Cisco Talos has identified multiple versions of an undocumented malicious\
-    \ driver named \u201CRedDriver,\u201D a driver-based browser hijacker that uses\
-    \ the Windows Filtering Platform (WFP) to intercept browser traffic. RedDriver\
-    \ has been active since at least 2021.\nRedDriver utilizes HookSignTool to forge\
-    \ its signature timestamp to bypass Windows driver-signing policies.\nCode from\
-    \ multiple open-source tools has been used in the development of RedDriver's infection\
-    \ chain, including HP-Socket and a custom implementation of ReflectiveLoader.\n\
-    The authors of RedDriver appear to be skilled in driver development and have deep\
-    \ knowledge of the Windows operating system.\nThis threat appears to target native\
-    \ Chinese speakers, as it searches for Chinese language browsers to hijack. Additionally,\
-    \ the authors are likely Chinese speakers themselves."
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-07-11'
-Detection: []
-Id: 0d039ee9-aaa5-49c2-a980-405d4290ee0a
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 43b75d04464038f6a49bdbe6b1e8b622
-    SHA1: 23373cbe45710492834ef1ed7a968de14985df8f
-    SHA256: f929b77636026cc0c57a0bd95e4c61f0b28a65e60331807e32235947f5c67931
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2023-05-23 01:23:25'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: telephonuAfY.sys
-  ImportedFunctions:
-  - FwpsReleaseClassifyHandle0
-  - FwpsAcquireClassifyHandle0
-  - FwpsApplyModifiedLayerData0
-  - FwpsAcquireWritableLayerDataPointer0
-  - FwpsCalloutRegister1
-  - RtlCompareMemory
-  - ExAllocatePool
-  - ExFreePoolWithTag
-  - CmRegisterCallback
-  - PsCreateSystemThread
-  - ZwClose
-  - MmIsAddressValid
-  - PsSetCreateProcessNotifyRoutine
-  - PsSetCreateThreadNotifyRoutine
-  - PsSetLoadImageNotifyRoutine
-  - __C_specific_handler
-  - RtlInitUnicodeString
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - ObfDereferenceObject
-  - PsGetCurrentProcessId
-  - ZwOpenProcess
-  - PsLookupProcessByProcessId
-  - ZwWaitForSingleObject
-  - PsReferenceProcessFilePointer
-  - RtlCompareUnicodeStrings
-  - KeEnterCriticalRegion
-  - KeLeaveCriticalRegion
-  - KeWaitForSingleObject
-  - ExQueryDepthSList
-  - ExpInterlockedPopEntrySList
-  - ExpInterlockedPushEntrySList
-  - ExInitializeNPagedLookasideList
-  - ExInitializeResourceLite
-  - ExAcquireResourceSharedLite
-  - ExAcquireResourceExclusiveLite
-  - ExReleaseResourceLite
-  - PsTerminateSystemThread
-  - ObReferenceObjectByHandle
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - PsGetProcessWow64Process
-  - PsGetProcessImageFileName
-  - ZwCreateFile
-  - ZwQueryInformationFile
-  - ZwReadFile
-  - ExAllocatePoolWithTag
-  - MmGetSystemRoutineAddress
-  - KeAcquireInStackQueuedSpinLock
-  - KeReleaseInStackQueuedSpinLock
-  - RtlIpv4AddressToStringA
-  - IoGetCurrentProcess
-  - PsGetProcessId
-  - PsProcessType
-  - PsGetProcessPeb
-  - RtlInitAnsiString
-  - RtlAnsiStringToUnicodeString
-  - RtlFreeUnicodeString
-  - _vsnprintf
-  - _vsnwprintf
-  - RtlGetVersion
-  - KeInitializeEvent
-  - KeQueryTimeIncrement
-  - RtlRandomEx
-  - ZwSetInformationFile
-  - ZwWriteFile
-  - IoFileObjectType
-  - ZwTerminateProcess
-  - RtlCopyUnicodeString
-  - KeBugCheckEx
-  - _wcslwr
-  - wcsstr
-  - ExSystemTimeToLocalTime
-  - RtlTimeToTimeFields
-  - WdfVersionBind
-  - WdfVersionBindClass
-  - WdfVersionUnbindClass
-  - WdfVersionUnbind
-  Imports:
-  - fwpkclnt.sys
-  - ntoskrnl.exe
-  - WDFLDR.SYS
-  InternalName: ''
-  MD5: 5aeab9427d85951def146b4c0a44fc63
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: ceb1860de56dcebdf714302cb649ff71
-    SHA1: a03c600569d3c813667c3520788e423f1c5eed0f
-    SHA256: 39e0e1bb3f0a24fd42b1e55d492f5b87a926d6689b172c3475e1898f737be750
-  SHA1: c9e9198d52d94771cb14711a5f6aaf8d82b602a2
-  SHA256: 87565ff08a93a8ff41ea932bf55dec8e0c7e79aba036507ea45df9d81cb36105
-  Sections:
-    .text:
-      Entropy: 6.259941019226518
-      Virtual Size: '0x6bb4'
-    .rdata:
-      Entropy: 4.497291548397011
-      Virtual Size: '0xd38'
-    .data:
-      Entropy: 5.434886649336555
-      Virtual Size: '0x2f28'
-    .pdata:
-      Entropy: 4.420943866714438
-      Virtual Size: '0x57c'
-    .gfids:
-      Entropy: 0.8112781244591328
-      Virtual Size: '0x4'
-    INIT:
-      Entropy: 5.1734289362463395
-      Virtual Size: '0xad4'
-    .reloc:
-      Entropy: 3.084183719779188
-      Virtual Size: '0x28'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=thawte, Inc., CN=thawte SHA256 Code Signing CA
-      ValidFrom: '2013-12-10 00:00:00'
-      ValidTo: '2023-12-09 23:59:59'
-      Signature: 243bf5d7a03613c743fef0098768d198316e12e43f1e1f967b6b4c1e879e8bc56ca3b10c7b5092d5819cb18f2c29b7eef99105b98e41f12cf6d0592d98e0b9ea8001474095b83d9d03bd79bb35b6ad9c4c27f6674510c9c5bc874e557bd287bbdddc30efc6d46ccc99356d1ce060d3cd688f29594b89960846c98efc754fc5dc09cc4e278b44cd07bcac04e0b533a5879ff4dd730c91ea12816fe375f01eb5936c4417d53e97c9bd072c56771f85dd46e8bfde2c8194a3f7e5b7a7c1379f75ca55774d5e3629ca85d84541725775c0795bfa3410066d642042b73ac81f1d4664025fc647bef0c43a2854daf61e4f9aa21943a46f49f8fc5e422028848b47206e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 71a0b73695ddb1afc23b2b9a18ee54cb
-      Version: 3
-      TBS:
-        MD5: 8314595952398203ab24badbbc927d39
-        SHA1: b07dcf73133408eee2786a208ce4b2543bf6c583
-        SHA256: c734685d985b8ea13db4fc1a6dcd26aa0dde78b4c3b651ea5d58e32e081b2a41
-        SHA384: 874ded773c743b4e18744d7978b41cfe2e55529c61d45a0e34b3950aaad56b6c7a3780880133bcd1df3b1f86d468d46d
-    - Subject: C=CN, L=, O=, OU=, CN=
-      ValidFrom: '2018-08-15 00:00:00'
-      ValidTo: '2019-08-15 23:59:59'
-      Signature: 3ebdf2009f802c1033d2a14df88ed84c6282db1e8d19d6324b21ffb8e69fbc0752d101bd22ab4fae6c8c45bb82b7ba0d9a7213d7a29a2f587bdf68c7ae3ab6f9ed7cc23e27d6f44a0a5311124381f6f9bdeec2e19c59fc7362d5d59f09951b8ffa03215e5679ae4bcffe45b7059426a96c2897107c07b2b3e6cbcbee46527908db76f7a1bf2af19c986eba31504c9c5c3cb34e81ba2a1eb55965a2d192820cac79f640a3e9672bb507dc3a561de5d94f9a0105a355f42bea235ea5349d7d2b104a71c56640e0170433fe1ef075d9f865f17be8989b590765917215c0f7b709e9820f7106dff8cec57d59ee2777cec96f8b1de8e3a93bc7e7b757d87c9888b9a2
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 0dbdf488aeaa9795e332a1ca2747af0d
-      Version: 3
-      TBS:
-        MD5: 5037c865c427f7d514ac954ef7e66ccf
-        SHA1: cfcc3ebb5c9003e88373beb66781dbdf9e1904d2
-        SHA256: cd684ad96d510b669c0767e4b845fb7a04fba27c1f3a0935b09a988d94938f6e
-        SHA384: 30bf56d04a2a54ae834ea9b111da02fe53c0c13ddd66f815aed8100bb887c6d5b299e518ba1f4abc0f2c3bb02029141b
-    - Subject: C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006
-        thawte, Inc. , For authorized use only, CN=thawte Primary Root CA
-      ValidFrom: '2011-02-22 19:31:57'
-      ValidTo: '2021-02-22 19:41:57'
-      Signature: 2dcc71b5e8ba94ff5ee64467007b6afc412c3ee70e41855ab12a932ba95b89f2f72b499c8003f297b8e760a80ed7fd5de545467594f4ed1c9de166228b61fb29f2c6a8bdf387c98f7f47e1c058b64a1aa2e7f718606969e083069e26c775c40c0d79da746b52b9fae8ea3359b9bb18dd291a14dfd36a37277a9da0dacffffc22c4faf009ff33e93e17ba1cc742cfce2743d30c0c5581303db96060ce02ece19ee81ddc852ce0a18d966d95ac17a4713ea16741b6281d2ce3b615e5b7e5a2f6256d86e320acf9f8314f8e629b9833376d6af735523e90feb03b5fc5b852a9e06ea0479a279e97aea24a9e531939ec357ec659de3ae0aaf533f06abda0821812dea18c4570ca2bd62e959145995a5c240049bd23b30ceca43df5b9e1d1b1825a38eea3fba1ab483a8c5dffa065223fd3d3fe4990db1446a3852e8a554b09ab38b2ab63a008d1fdad48e273d812bcc26ca516fad09ac05e38383a2b718e553aac42197a1f0d4220e7ab5d8c6880524ca1c0d488d02321fb901309007b4937afa9df486022abf4f6c2363bf8513c34bbc586e43ae19f4b90fe5461024b159c34176aa94b8d4cb69d2326c83af1d6b805cdda1d6240183a2f1b41cd3a993a0aa9d1d77eb8c4aff7b8c980105ed55df6ce7a9a02c50f6381efb564e9fc5bd8d2619a68c37cf9c78df91e87d5fa2cf816ae9dab068fc86dc741cda14e84e3dac26ebcfb
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611fb0a400000000001d
-      Version: 3
-      TBS:
-        MD5: a3f222107d4e1085e73b5b589c2f480b
-        SHA1: b94aa26cd77c48d91a53ac44506cbd255e1d362c
-        SHA256: a39ed0d6fd4eb1a6f7fed60f726e23eae668b7591bc004644625d22c701213fa
-        SHA384: 64b7643e4146016cbf83c911eb67e4601b6bb8d66f8ee8dcee67b815f91770d86ab23678b984430f22a963e5484881b7
-    Signer:
-    - SerialNumber: 0dbdf488aeaa9795e332a1ca2747af0d
-      Issuer: C=US, O=thawte, Inc., CN=thawte SHA256 Code Signing CA
-      Version: 1
-  Imphash: d51f0f6034eb5e45f0ed4e9b7bbc9c97
-  LoadsDespiteHVCI: 'TRUE'
 MitreID: T1068
+Category: malicious
+Commands:
+    Command: sc.exe create telephonuAfY.sys binPath=C:\windows\temp\telephonuAfY.sys
+        type=kernel && sc.exe start telephonuAfY.sys
+    Description: "Cisco Talos has identified multiple versions of an undocumented\
+        \ malicious driver named \u201CRedDriver,\u201D a driver-based browser hijacker\
+        \ that uses the Windows Filtering Platform (WFP) to intercept browser traffic.\
+        \ RedDriver has been active since at least 2021.\nRedDriver utilizes HookSignTool\
+        \ to forge its signature timestamp to bypass Windows driver-signing policies.\n\
+        Code from multiple open-source tools has been used in the development of RedDriver's\
+        \ infection chain, including HP-Socket and a custom implementation of ReflectiveLoader.\n\
+        The authors of RedDriver appear to be skilled in driver development and have\
+        \ deep knowledge of the Windows operating system.\nThis threat appears to\
+        \ target native Chinese speakers, as it searches for Chinese language browsers\
+        \ to hijack. Additionally, the authors are likely Chinese speakers themselves."
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://blog.talosintelligence.com/undocumented-reddriver/
-Tags:
-- telephonuAfY.sys
-Verified: 'TRUE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 43b75d04464038f6a49bdbe6b1e8b622
+        SHA1: 23373cbe45710492834ef1ed7a968de14985df8f
+        SHA256: f929b77636026cc0c57a0bd95e4c61f0b28a65e60331807e32235947f5c67931
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2023-05-23 01:23:25'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: telephonuAfY.sys
+    ImportedFunctions:
+    - FwpsReleaseClassifyHandle0
+    - FwpsAcquireClassifyHandle0
+    - FwpsApplyModifiedLayerData0
+    - FwpsAcquireWritableLayerDataPointer0
+    - FwpsCalloutRegister1
+    - RtlCompareMemory
+    - ExAllocatePool
+    - ExFreePoolWithTag
+    - CmRegisterCallback
+    - PsCreateSystemThread
+    - ZwClose
+    - MmIsAddressValid
+    - PsSetCreateProcessNotifyRoutine
+    - PsSetCreateThreadNotifyRoutine
+    - PsSetLoadImageNotifyRoutine
+    - __C_specific_handler
+    - RtlInitUnicodeString
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - ObfDereferenceObject
+    - PsGetCurrentProcessId
+    - ZwOpenProcess
+    - PsLookupProcessByProcessId
+    - ZwWaitForSingleObject
+    - PsReferenceProcessFilePointer
+    - RtlCompareUnicodeStrings
+    - KeEnterCriticalRegion
+    - KeLeaveCriticalRegion
+    - KeWaitForSingleObject
+    - ExQueryDepthSList
+    - ExpInterlockedPopEntrySList
+    - ExpInterlockedPushEntrySList
+    - ExInitializeNPagedLookasideList
+    - ExInitializeResourceLite
+    - ExAcquireResourceSharedLite
+    - ExAcquireResourceExclusiveLite
+    - ExReleaseResourceLite
+    - PsTerminateSystemThread
+    - ObReferenceObjectByHandle
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - PsGetProcessWow64Process
+    - PsGetProcessImageFileName
+    - ZwCreateFile
+    - ZwQueryInformationFile
+    - ZwReadFile
+    - ExAllocatePoolWithTag
+    - MmGetSystemRoutineAddress
+    - KeAcquireInStackQueuedSpinLock
+    - KeReleaseInStackQueuedSpinLock
+    - RtlIpv4AddressToStringA
+    - IoGetCurrentProcess
+    - PsGetProcessId
+    - PsProcessType
+    - PsGetProcessPeb
+    - RtlInitAnsiString
+    - RtlAnsiStringToUnicodeString
+    - RtlFreeUnicodeString
+    - _vsnprintf
+    - _vsnwprintf
+    - RtlGetVersion
+    - KeInitializeEvent
+    - KeQueryTimeIncrement
+    - RtlRandomEx
+    - ZwSetInformationFile
+    - ZwWriteFile
+    - IoFileObjectType
+    - ZwTerminateProcess
+    - RtlCopyUnicodeString
+    - KeBugCheckEx
+    - _wcslwr
+    - wcsstr
+    - ExSystemTimeToLocalTime
+    - RtlTimeToTimeFields
+    - WdfVersionBind
+    - WdfVersionBindClass
+    - WdfVersionUnbindClass
+    - WdfVersionUnbind
+    Imports:
+    - fwpkclnt.sys
+    - ntoskrnl.exe
+    - WDFLDR.SYS
+    InternalName: ''
+    MD5: 5aeab9427d85951def146b4c0a44fc63
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: ceb1860de56dcebdf714302cb649ff71
+        SHA1: a03c600569d3c813667c3520788e423f1c5eed0f
+        SHA256: 39e0e1bb3f0a24fd42b1e55d492f5b87a926d6689b172c3475e1898f737be750
+    SHA1: c9e9198d52d94771cb14711a5f6aaf8d82b602a2
+    SHA256: 87565ff08a93a8ff41ea932bf55dec8e0c7e79aba036507ea45df9d81cb36105
+    Sections:
+        .text:
+            Entropy: 6.259941019226518
+            Virtual Size: '0x6bb4'
+        .rdata:
+            Entropy: 4.497291548397011
+            Virtual Size: '0xd38'
+        .data:
+            Entropy: 5.434886649336555
+            Virtual Size: '0x2f28'
+        .pdata:
+            Entropy: 4.420943866714438
+            Virtual Size: '0x57c'
+        .gfids:
+            Entropy: 0.8112781244591328
+            Virtual Size: '0x4'
+        INIT:
+            Entropy: 5.1734289362463395
+            Virtual Size: '0xad4'
+        .reloc:
+            Entropy: 3.084183719779188
+            Virtual Size: '0x28'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=thawte, Inc., CN=thawte SHA256 Code Signing CA
+            ValidFrom: '2013-12-10 00:00:00'
+            ValidTo: '2023-12-09 23:59:59'
+            Signature: 243bf5d7a03613c743fef0098768d198316e12e43f1e1f967b6b4c1e879e8bc56ca3b10c7b5092d5819cb18f2c29b7eef99105b98e41f12cf6d0592d98e0b9ea8001474095b83d9d03bd79bb35b6ad9c4c27f6674510c9c5bc874e557bd287bbdddc30efc6d46ccc99356d1ce060d3cd688f29594b89960846c98efc754fc5dc09cc4e278b44cd07bcac04e0b533a5879ff4dd730c91ea12816fe375f01eb5936c4417d53e97c9bd072c56771f85dd46e8bfde2c8194a3f7e5b7a7c1379f75ca55774d5e3629ca85d84541725775c0795bfa3410066d642042b73ac81f1d4664025fc647bef0c43a2854daf61e4f9aa21943a46f49f8fc5e422028848b47206e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 71a0b73695ddb1afc23b2b9a18ee54cb
+            Version: 3
+            TBS:
+                MD5: 8314595952398203ab24badbbc927d39
+                SHA1: b07dcf73133408eee2786a208ce4b2543bf6c583
+                SHA256: c734685d985b8ea13db4fc1a6dcd26aa0dde78b4c3b651ea5d58e32e081b2a41
+                SHA384: 874ded773c743b4e18744d7978b41cfe2e55529c61d45a0e34b3950aaad56b6c7a3780880133bcd1df3b1f86d468d46d
+        -   Subject: C=CN, L=, O=, OU=, CN=
+            ValidFrom: '2018-08-15 00:00:00'
+            ValidTo: '2019-08-15 23:59:59'
+            Signature: 3ebdf2009f802c1033d2a14df88ed84c6282db1e8d19d6324b21ffb8e69fbc0752d101bd22ab4fae6c8c45bb82b7ba0d9a7213d7a29a2f587bdf68c7ae3ab6f9ed7cc23e27d6f44a0a5311124381f6f9bdeec2e19c59fc7362d5d59f09951b8ffa03215e5679ae4bcffe45b7059426a96c2897107c07b2b3e6cbcbee46527908db76f7a1bf2af19c986eba31504c9c5c3cb34e81ba2a1eb55965a2d192820cac79f640a3e9672bb507dc3a561de5d94f9a0105a355f42bea235ea5349d7d2b104a71c56640e0170433fe1ef075d9f865f17be8989b590765917215c0f7b709e9820f7106dff8cec57d59ee2777cec96f8b1de8e3a93bc7e7b757d87c9888b9a2
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 0dbdf488aeaa9795e332a1ca2747af0d
+            Version: 3
+            TBS:
+                MD5: 5037c865c427f7d514ac954ef7e66ccf
+                SHA1: cfcc3ebb5c9003e88373beb66781dbdf9e1904d2
+                SHA256: cd684ad96d510b669c0767e4b845fb7a04fba27c1f3a0935b09a988d94938f6e
+                SHA384: 30bf56d04a2a54ae834ea9b111da02fe53c0c13ddd66f815aed8100bb887c6d5b299e518ba1f4abc0f2c3bb02029141b
+        -   Subject: C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c)
+                2006 thawte, Inc. , For authorized use only, CN=thawte Primary Root
+                CA
+            ValidFrom: '2011-02-22 19:31:57'
+            ValidTo: '2021-02-22 19:41:57'
+            Signature: 2dcc71b5e8ba94ff5ee64467007b6afc412c3ee70e41855ab12a932ba95b89f2f72b499c8003f297b8e760a80ed7fd5de545467594f4ed1c9de166228b61fb29f2c6a8bdf387c98f7f47e1c058b64a1aa2e7f718606969e083069e26c775c40c0d79da746b52b9fae8ea3359b9bb18dd291a14dfd36a37277a9da0dacffffc22c4faf009ff33e93e17ba1cc742cfce2743d30c0c5581303db96060ce02ece19ee81ddc852ce0a18d966d95ac17a4713ea16741b6281d2ce3b615e5b7e5a2f6256d86e320acf9f8314f8e629b9833376d6af735523e90feb03b5fc5b852a9e06ea0479a279e97aea24a9e531939ec357ec659de3ae0aaf533f06abda0821812dea18c4570ca2bd62e959145995a5c240049bd23b30ceca43df5b9e1d1b1825a38eea3fba1ab483a8c5dffa065223fd3d3fe4990db1446a3852e8a554b09ab38b2ab63a008d1fdad48e273d812bcc26ca516fad09ac05e38383a2b718e553aac42197a1f0d4220e7ab5d8c6880524ca1c0d488d02321fb901309007b4937afa9df486022abf4f6c2363bf8513c34bbc586e43ae19f4b90fe5461024b159c34176aa94b8d4cb69d2326c83af1d6b805cdda1d6240183a2f1b41cd3a993a0aa9d1d77eb8c4aff7b8c980105ed55df6ce7a9a02c50f6381efb564e9fc5bd8d2619a68c37cf9c78df91e87d5fa2cf816ae9dab068fc86dc741cda14e84e3dac26ebcfb
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611fb0a400000000001d
+            Version: 3
+            TBS:
+                MD5: a3f222107d4e1085e73b5b589c2f480b
+                SHA1: b94aa26cd77c48d91a53ac44506cbd255e1d362c
+                SHA256: a39ed0d6fd4eb1a6f7fed60f726e23eae668b7591bc004644625d22c701213fa
+                SHA384: 64b7643e4146016cbf83c911eb67e4601b6bb8d66f8ee8dcee67b815f91770d86ab23678b984430f22a963e5484881b7
+        Signer:
+        -   SerialNumber: 0dbdf488aeaa9795e332a1ca2747af0d
+            Issuer: C=US, O=thawte, Inc., CN=thawte SHA256 Code Signing CA
+            Version: 1
+    Imphash: d51f0f6034eb5e45f0ed4e9b7bbc9c97
+    LoadsDespiteHVCI: 'TRUE'
diff --git a/yaml/0d0d204b-f6ce-4ce4-8d76-1724a1676c3f.yaml b/yaml/0d0d204b-f6ce-4ce4-8d76-1724a1676c3f.yaml
index 397c771b7..64717a70e 100644
--- a/yaml/0d0d204b-f6ce-4ce4-8d76-1724a1676c3f.yaml
+++ b/yaml/0d0d204b-f6ce-4ce4-8d76-1724a1676c3f.yaml
@@ -1,35 +1,35 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 0d0d204b-f6ce-4ce4-8d76-1724a1676c3f
+Tags:
+- Proxy32.sys
+Verified: 'FALSE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create Proxy32.sys binPath=C:\windows\temp\Proxy32.sys type=kernel
-    && sc.exe start Proxy32.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection: []
-Id: 0d0d204b-f6ce-4ce4-8d76-1724a1676c3f
-KnownVulnerableSamples:
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: Proxy32.sys
-  MachineType: ''
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA256: 49ed27460730b62403c1d2e4930573121ab0c86c442854bc0a62415ca445a810
-  Signature: []
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create Proxy32.sys binPath=C:\windows\temp\Proxy32.sys type=kernel
+        && sc.exe start Proxy32.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules
-Tags:
-- Proxy32.sys
-Verified: 'FALSE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: Proxy32.sys
+    MachineType: ''
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA256: 49ed27460730b62403c1d2e4930573121ab0c86c442854bc0a62415ca445a810
+    Signature: []
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/0d6f1b0f-b94d-4254-b3bb-49de61246260.yaml b/yaml/0d6f1b0f-b94d-4254-b3bb-49de61246260.yaml
index 7f87daf2d..895092015 100644
--- a/yaml/0d6f1b0f-b94d-4254-b3bb-49de61246260.yaml
+++ b/yaml/0d6f1b0f-b94d-4254-b3bb-49de61246260.yaml
@@ -1,191 +1,192 @@
 Id: 0d6f1b0f-b94d-4254-b3bb-49de61246260
+Tags:
+- GPU-Z.sys
+Verified: 'TRUE'
 Author: goosvorbook
 Created: '2024-06-20'
 MitreID: T1068
 Category: vulnerable driver
-Verified: 'TRUE'
 Commands:
-  Command: sc.exe create GPU-Z.sys binPath=C:\windows\temp\GPU-Z.sys type=kernel &&
-    sc.exe start GPU-Z.sys
-  Description: 'Utilized in RealBlindingEDR. '
-  Usecase: Elevate privileges
-  Privileges: kernel
-  OperatingSystem: Windows 11
+    Command: sc.exe create GPU-Z.sys binPath=C:\windows\temp\GPU-Z.sys type=kernel
+        && sc.exe start GPU-Z.sys
+    Description: 'Utilized in RealBlindingEDR. '
+    Usecase: Elevate privileges
+    Privileges: kernel
+    OperatingSystem: Windows 11
 Resources:
 - https://github.com/myzxcg/RealBlindingEDR/
-Acknowledgement:
-  Person: ''
-  Handle: ''
 Detection: []
+Acknowledgement:
+    Person: ''
+    Handle: ''
 KnownVulnerableSamples:
-- Filename: ''
-  MD5: 96e7f6770e12dd05a8ecf7b5d5dcd2fd
-  SHA1: 9677a67bf1d6abb41ad2dd2f7218bb5cd3df50b7
-  SHA256: f9418b5e90a235339a4a1a889490faca39cd117a51ba4446daa1011da06c7ecd
-  Signature: ''
-  Date: ''
-  Publisher: ''
-  Company: ''
-  Description: Low-Level Driver
-  Product: Low-Level Driver
-  ProductVersion: 1.60.0.0
-  FileVersion: 1.60.0.0
-  MachineType: AMD64
-  OriginalFilename: ''
-  Imphash: c1e4bebf7e4ee27e3e75f7289d6e0d7a
-  Authentihash:
-    MD5: d48a4610e31e4c67e1d163cc0d62c7dd
-    SHA1: a4f5aff705ce0ec09a5137599eea7145d04a1b70
-    SHA256: 06967882fae2160cec07ea7b31685deefc61e1e6153ed8e87ee8a1f7086afc5b
-  RichPEHeaderHash:
-    MD5: e612c69f4e08856b7a48d70b61a782d4
-    SHA1: f84ae7725942d32878cca235ac97d34a6eaa918c
-    SHA256: 4676d72843f72ff3ff9bac2decd5bf7d85015c94d9787349260f395ba2134e5d
-  Sections:
-    .text:
-      Entropy: 6.383312025530643
-      Virtual Size: '0x2c40'
-    .rdata:
-      Entropy: 5.116897984855867
-      Virtual Size: '0x690'
-    .data:
-      Entropy: 0.6123648845469585
-      Virtual Size: '0x20c0'
-    .pdata:
-      Entropy: 3.9449572726468434
-      Virtual Size: '0x258'
-    INIT:
-      Entropy: 4.768688929673879
-      Virtual Size: '0x35c'
-    .rsrc:
-      Entropy: 3.2099484778925733
-      Virtual Size: '0x2b8'
-    .reloc:
-      Entropy: 0.5739775248775807
-      Virtual Size: '0x3c'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2010-10-06 10:14:37'
-  InternalName: ''
-  Copyright: Copyright 2004-2010 (c). All rights reserved.
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - DbgPrint
-  - ExAllocatePoolWithTag
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - IoRegisterShutdownNotification
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - wcsncpy
-  - wcsrchr
-  - IoUnregisterShutdownNotification
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - RtlCopyUnicodeString
-  - IoCreateDevice
-  - MmUnmapLockedPages
-  - MmUnmapIoSpace
-  - MmBuildMdlForNonPagedPool
-  - IoFreeMdl
-  - MmMapLockedPagesSpecifyCache
-  - MmMapIoSpace
-  - PsGetCurrentProcessId
-  - MmIsAddressValid
-  - IoAllocateMdl
-  - RtlUnicodeToMultiByteN
-  - RtlAnsiCharToUnicodeChar
-  - KeBugCheckEx
-  - __C_specific_handler
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
-        Primary Object Publishing CA
-      ValidFrom: '1999-01-28 13:00:00'
-      ValidTo: '2017-01-27 12:00:00'
-      Signature: 4016df43e479ce76f248f698483061e2f1b452708ed8c612214d4f28831a648e03f731840f1f01d4a418fc008b2c6f1bb837fa4b97c05727b83109267832eef4e45912bd45a159e23511c0d6fc1e987ad982f990f36e07eeb0939acb31ed2c17bc921afa92cd821e2f0f31d328c03ce81c2926ab5a8d9fa1f0303289b68e516f8b5b90ad21f3f4209c909bb0ac2b37161e1db859bb49a63b75ae99d9b64b870194df91e1720e75079fcb05b59e7226fc2e21f5f62377eb6614d3ca3deae6f20b40ae553d02718821eb6a04b0945e9d9274ef292ebd4a4d85a4233ce31066901d3b63d23c481030e9e35cb67729ff3406f27da103406617df628d2b34a7426725
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000011e44a5e24e
-      Version: 3
-      TBS:
-        MD5: 1523b60530a241a9dc96e8890e42a0fa
-        SHA1: 879269f3f467a6d59641960a62fe9cb419355ff6
-        SHA256: 6811f3e33268aef810dc3277f8f9356adcbc3c36446a0420593b82f3cd526022
-        SHA384: 92f5e55d6eb6d965c1b698e56cbb8087d80eda1a24eb6ed178abeddafe2fcf524e9f8311ca232be7f5b4555b89b97c6b
-    - Subject: C=HK, O=TechPowerUp, CN=TechPowerUp, emailAddress=admin@techpowerup.com
-      ValidFrom: '2008-08-12 02:41:47'
-      ValidTo: '2011-08-12 02:41:47'
-      Signature: 9752fc84e8fc58abce11894b7804857bfa515b343c13d2617ff87231afc9b1ce95bf569e056645f20f77aeec1f0674cda8035a16de94a2947001e26c7ae31479bdf16a9bd0bcf0f5c3ba0300c98a07882a029d7a2e22eb824e6d58babdd472c0adc0198172f3331615ca3ce2d7b7f8cf2019ab5ae6b5ec2af14d2e7da3ff04b8068439b6ed1be7e03d964e2d5443d9f5c592a871f1707a16c1b5347349a1b6ffea815f75b644f1ce543612a5302c22c1b3d43591cbcb0279810d751d622d56b323c651150f599697c1713938392571632fcc90c358ed8daed7db9f674b0287fedc6ee58d403eee10a51ea6eaa337dec4ff51d52dc7cc1fe1ca6dde230471889a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0100000000011bb4ca6474
-      Version: 3
-      TBS:
-        MD5: f28bd845fd8d5e61d42a1f0727518341
-        SHA1: 3799d13fa3cd023eff76c5ee6a760206349103a0
-        SHA256: e86bb49c942c342801e3d51f5321056706cb183db1046168653768a8d400bb14
-        SHA384: 848706d1904777aab9915299f9d7366784ae4967a6427c33802e158f633899e86abfb434fe77891e86f677d424aeeb63
-    - Subject: OU=Timestamping CA, O=GlobalSign, CN=GlobalSign Timestamping CA
-      ValidFrom: '2009-03-18 11:00:00'
-      ValidTo: '2028-01-28 12:00:00'
-      Signature: 5df6cb2b0d0140849f857a43706ae0c5e7aa0600d76713c9089131654f14a8a905dc389e6aa0300abd8dc78028ee4245ca94f3de5845a9803204f5595c6a70003927944df5b44634e81c5331b2b35416e9cc42abd5d959301cfb462725b88723b1e8758824831ec876377b01494548a4ede25dd27c9ca2dc2dba105a126265abae00c710343bcb72bd14240cdcc37627b4a7fee15829f20e169f91391d89a6e60f1c878ce258ac927e243eaaec14e73a33348bc63bac83ab0f14627aba1a2d4d4b1bc530f00b92797d3c78e0f8e6d215965999392b3061e8b8f8c0a1e9221411787dc4dc89bec0bb94e172aeebb540404fef171e585ed0a88996ac9228e9babf
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012019c19066
-      Version: 3
-      TBS:
-        MD5: 42023b9487cafe46c1b6a49c369a362e
-        SHA1: 7c7b524d269334b9f073c32e888e09544c6acd98
-        SHA256: b7126567833f3daa4085ff41e73112daad3d1e3808a942c1936520e2d6c46c78
-        SHA384: 0ee4f63d6f157ec4f6990c3ebb411ccd76cb1e2123c7f692459e43f96c0da2dbf60a2bce6afeacc60621d3055028baea
-    - Subject: C=BE, O=GlobalSign NV, CN=GlobalSign Time Stamping Authority
-      ValidFrom: '2009-12-21 09:32:56'
-      ValidTo: '2020-12-22 09:32:56'
-      Signature: bc89ecfee63655935c79d4117a86808f17b693b26d9b91a1561811c655eaf608edad9b9ef52b81c8bbdd607b1b47991e6d403e1d80c213d58e04052fdbe7ae529e688472a1e54a603cf89bd52f46d8c3b2b79353ac9b6c432424d1f1fce9562e3411581843eaefff34746ca0c06c7fad031969881e9560cabbbd0cbb76efc724b081c63831cf36ad0c38b89020849b2e8f28b99ff6ca9427cdac396157e0e3955a9c769230f5dea6973d721c2a6032a8334d8635338a5cf3a4fdf7062ce16b4b30f5cbd34362f841b9de7d20cb058c8e2cf65f35fd338d42896508362ca389f45a858bb0b97bdb6ccba1f8d20e1bbb977cd12779be9d7c3be6a75634d8c991a9
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 01000000000125b0b4cc01
-      Version: 3
-      TBS:
-        MD5: e3369c8e5aec0504b3a50455f615d9f9
-        SHA1: 13c244a894b40ecd18aaf97c362f20385bd005a7
-        SHA256: 26da721a670c72836926032fee6920118bfb9bff89cc8d0ce30d9452c33f2532
-        SHA384: 1524902f0e25addc6d74039d439366d2b06199e215004fd8e145369f50ea94a021ce6312e8a62b35470da0309ccb975c
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      ValidFrom: '2004-01-22 10:00:00'
-      ValidTo: '2017-01-27 11:00:00'
-      Signature: 762e2fe996fef4c3678bf1b07e321701ddb41c0f9e42d179569684be68afa554dbc7a9b55981d41cded9606baec05214fbab2b8e75f853ad91308efc04e4c58803d13f1861eab3d2b1d899f0754509ce7874d4d79e70bd120be405b64d3cf6af38c2881858a7958e7d1671e9b40df726a98f55de60ebc48d046b7b068feefea9c9c80a64240169df2f182058aa3e854c64e3e3832f860d4cf076a982c464981ec3cf5c7c863ec2ee5e9268b1483c857959e93bb4de5123d26648d1f7db967b82fac971e4caa7baca47c34b9183d3cab18f39bb38cccdc14caa9a6353051e1dd75377054d8f8ff7679b5ecebfdc4905ff7ef55180a01638d8b680a0514facf698
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000011e44a5ecbe
-      Version: 3
-      TBS:
-        MD5: 16fb30314f4f5ff4dac603580f605778
-        SHA1: 55c862df1f775f6a4c8e4f963115962a5cffc4ee
-        SHA256: aec84e1206957180ccf4e598fa10864ef4ee18ff9fc126b9a54af79c618f0492
-        SHA384: a2b0c7b9ffe6e8244a4662099132406aea0a47889ecde7b336c4f09296da2ffbb3718597a0fb570bd1e97e88a24f8fbb
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 0100000000011bb4ca6474
-      Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      Version: 1
-Tags:
-- GPU-Z.sys
+-   Filename: ''
+    MD5: 96e7f6770e12dd05a8ecf7b5d5dcd2fd
+    SHA1: 9677a67bf1d6abb41ad2dd2f7218bb5cd3df50b7
+    SHA256: f9418b5e90a235339a4a1a889490faca39cd117a51ba4446daa1011da06c7ecd
+    Signature: ''
+    Date: ''
+    Publisher: ''
+    Company: ''
+    Description: Low-Level Driver
+    Product: Low-Level Driver
+    ProductVersion: 1.60.0.0
+    FileVersion: 1.60.0.0
+    MachineType: AMD64
+    OriginalFilename: ''
+    Imphash: c1e4bebf7e4ee27e3e75f7289d6e0d7a
+    Authentihash:
+        MD5: d48a4610e31e4c67e1d163cc0d62c7dd
+        SHA1: a4f5aff705ce0ec09a5137599eea7145d04a1b70
+        SHA256: 06967882fae2160cec07ea7b31685deefc61e1e6153ed8e87ee8a1f7086afc5b
+    RichPEHeaderHash:
+        MD5: e612c69f4e08856b7a48d70b61a782d4
+        SHA1: f84ae7725942d32878cca235ac97d34a6eaa918c
+        SHA256: 4676d72843f72ff3ff9bac2decd5bf7d85015c94d9787349260f395ba2134e5d
+    Sections:
+        .text:
+            Entropy: 6.383312025530643
+            Virtual Size: '0x2c40'
+        .rdata:
+            Entropy: 5.116897984855867
+            Virtual Size: '0x690'
+        .data:
+            Entropy: 0.6123648845469585
+            Virtual Size: '0x20c0'
+        .pdata:
+            Entropy: 3.9449572726468434
+            Virtual Size: '0x258'
+        INIT:
+            Entropy: 4.768688929673879
+            Virtual Size: '0x35c'
+        .rsrc:
+            Entropy: 3.2099484778925733
+            Virtual Size: '0x2b8'
+        .reloc:
+            Entropy: 0.5739775248775807
+            Virtual Size: '0x3c'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2010-10-06 10:14:37'
+    InternalName: ''
+    Copyright: Copyright 2004-2010 (c). All rights reserved.
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - DbgPrint
+    - ExAllocatePoolWithTag
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - IoRegisterShutdownNotification
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - wcsncpy
+    - wcsrchr
+    - IoUnregisterShutdownNotification
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - RtlCopyUnicodeString
+    - IoCreateDevice
+    - MmUnmapLockedPages
+    - MmUnmapIoSpace
+    - MmBuildMdlForNonPagedPool
+    - IoFreeMdl
+    - MmMapLockedPagesSpecifyCache
+    - MmMapIoSpace
+    - PsGetCurrentProcessId
+    - MmIsAddressValid
+    - IoAllocateMdl
+    - RtlUnicodeToMultiByteN
+    - RtlAnsiCharToUnicodeChar
+    - KeBugCheckEx
+    - __C_specific_handler
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
+                Primary Object Publishing CA
+            ValidFrom: '1999-01-28 13:00:00'
+            ValidTo: '2017-01-27 12:00:00'
+            Signature: 4016df43e479ce76f248f698483061e2f1b452708ed8c612214d4f28831a648e03f731840f1f01d4a418fc008b2c6f1bb837fa4b97c05727b83109267832eef4e45912bd45a159e23511c0d6fc1e987ad982f990f36e07eeb0939acb31ed2c17bc921afa92cd821e2f0f31d328c03ce81c2926ab5a8d9fa1f0303289b68e516f8b5b90ad21f3f4209c909bb0ac2b37161e1db859bb49a63b75ae99d9b64b870194df91e1720e75079fcb05b59e7226fc2e21f5f62377eb6614d3ca3deae6f20b40ae553d02718821eb6a04b0945e9d9274ef292ebd4a4d85a4233ce31066901d3b63d23c481030e9e35cb67729ff3406f27da103406617df628d2b34a7426725
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000011e44a5e24e
+            Version: 3
+            TBS:
+                MD5: 1523b60530a241a9dc96e8890e42a0fa
+                SHA1: 879269f3f467a6d59641960a62fe9cb419355ff6
+                SHA256: 6811f3e33268aef810dc3277f8f9356adcbc3c36446a0420593b82f3cd526022
+                SHA384: 92f5e55d6eb6d965c1b698e56cbb8087d80eda1a24eb6ed178abeddafe2fcf524e9f8311ca232be7f5b4555b89b97c6b
+        -   Subject: C=HK, O=TechPowerUp, CN=TechPowerUp, emailAddress=admin@techpowerup.com
+            ValidFrom: '2008-08-12 02:41:47'
+            ValidTo: '2011-08-12 02:41:47'
+            Signature: 9752fc84e8fc58abce11894b7804857bfa515b343c13d2617ff87231afc9b1ce95bf569e056645f20f77aeec1f0674cda8035a16de94a2947001e26c7ae31479bdf16a9bd0bcf0f5c3ba0300c98a07882a029d7a2e22eb824e6d58babdd472c0adc0198172f3331615ca3ce2d7b7f8cf2019ab5ae6b5ec2af14d2e7da3ff04b8068439b6ed1be7e03d964e2d5443d9f5c592a871f1707a16c1b5347349a1b6ffea815f75b644f1ce543612a5302c22c1b3d43591cbcb0279810d751d622d56b323c651150f599697c1713938392571632fcc90c358ed8daed7db9f674b0287fedc6ee58d403eee10a51ea6eaa337dec4ff51d52dc7cc1fe1ca6dde230471889a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0100000000011bb4ca6474
+            Version: 3
+            TBS:
+                MD5: f28bd845fd8d5e61d42a1f0727518341
+                SHA1: 3799d13fa3cd023eff76c5ee6a760206349103a0
+                SHA256: e86bb49c942c342801e3d51f5321056706cb183db1046168653768a8d400bb14
+                SHA384: 848706d1904777aab9915299f9d7366784ae4967a6427c33802e158f633899e86abfb434fe77891e86f677d424aeeb63
+        -   Subject: OU=Timestamping CA, O=GlobalSign, CN=GlobalSign Timestamping
+                CA
+            ValidFrom: '2009-03-18 11:00:00'
+            ValidTo: '2028-01-28 12:00:00'
+            Signature: 5df6cb2b0d0140849f857a43706ae0c5e7aa0600d76713c9089131654f14a8a905dc389e6aa0300abd8dc78028ee4245ca94f3de5845a9803204f5595c6a70003927944df5b44634e81c5331b2b35416e9cc42abd5d959301cfb462725b88723b1e8758824831ec876377b01494548a4ede25dd27c9ca2dc2dba105a126265abae00c710343bcb72bd14240cdcc37627b4a7fee15829f20e169f91391d89a6e60f1c878ce258ac927e243eaaec14e73a33348bc63bac83ab0f14627aba1a2d4d4b1bc530f00b92797d3c78e0f8e6d215965999392b3061e8b8f8c0a1e9221411787dc4dc89bec0bb94e172aeebb540404fef171e585ed0a88996ac9228e9babf
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012019c19066
+            Version: 3
+            TBS:
+                MD5: 42023b9487cafe46c1b6a49c369a362e
+                SHA1: 7c7b524d269334b9f073c32e888e09544c6acd98
+                SHA256: b7126567833f3daa4085ff41e73112daad3d1e3808a942c1936520e2d6c46c78
+                SHA384: 0ee4f63d6f157ec4f6990c3ebb411ccd76cb1e2123c7f692459e43f96c0da2dbf60a2bce6afeacc60621d3055028baea
+        -   Subject: C=BE, O=GlobalSign NV, CN=GlobalSign Time Stamping Authority
+            ValidFrom: '2009-12-21 09:32:56'
+            ValidTo: '2020-12-22 09:32:56'
+            Signature: bc89ecfee63655935c79d4117a86808f17b693b26d9b91a1561811c655eaf608edad9b9ef52b81c8bbdd607b1b47991e6d403e1d80c213d58e04052fdbe7ae529e688472a1e54a603cf89bd52f46d8c3b2b79353ac9b6c432424d1f1fce9562e3411581843eaefff34746ca0c06c7fad031969881e9560cabbbd0cbb76efc724b081c63831cf36ad0c38b89020849b2e8f28b99ff6ca9427cdac396157e0e3955a9c769230f5dea6973d721c2a6032a8334d8635338a5cf3a4fdf7062ce16b4b30f5cbd34362f841b9de7d20cb058c8e2cf65f35fd338d42896508362ca389f45a858bb0b97bdb6ccba1f8d20e1bbb977cd12779be9d7c3be6a75634d8c991a9
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 01000000000125b0b4cc01
+            Version: 3
+            TBS:
+                MD5: e3369c8e5aec0504b3a50455f615d9f9
+                SHA1: 13c244a894b40ecd18aaf97c362f20385bd005a7
+                SHA256: 26da721a670c72836926032fee6920118bfb9bff89cc8d0ce30d9452c33f2532
+                SHA384: 1524902f0e25addc6d74039d439366d2b06199e215004fd8e145369f50ea94a021ce6312e8a62b35470da0309ccb975c
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            ValidFrom: '2004-01-22 10:00:00'
+            ValidTo: '2017-01-27 11:00:00'
+            Signature: 762e2fe996fef4c3678bf1b07e321701ddb41c0f9e42d179569684be68afa554dbc7a9b55981d41cded9606baec05214fbab2b8e75f853ad91308efc04e4c58803d13f1861eab3d2b1d899f0754509ce7874d4d79e70bd120be405b64d3cf6af38c2881858a7958e7d1671e9b40df726a98f55de60ebc48d046b7b068feefea9c9c80a64240169df2f182058aa3e854c64e3e3832f860d4cf076a982c464981ec3cf5c7c863ec2ee5e9268b1483c857959e93bb4de5123d26648d1f7db967b82fac971e4caa7baca47c34b9183d3cab18f39bb38cccdc14caa9a6353051e1dd75377054d8f8ff7679b5ecebfdc4905ff7ef55180a01638d8b680a0514facf698
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000011e44a5ecbe
+            Version: 3
+            TBS:
+                MD5: 16fb30314f4f5ff4dac603580f605778
+                SHA1: 55c862df1f775f6a4c8e4f963115962a5cffc4ee
+                SHA256: aec84e1206957180ccf4e598fa10864ef4ee18ff9fc126b9a54af79c618f0492
+                SHA384: a2b0c7b9ffe6e8244a4662099132406aea0a47889ecde7b336c4f09296da2ffbb3718597a0fb570bd1e97e88a24f8fbb
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 0100000000011bb4ca6474
+            Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            Version: 1
diff --git a/yaml/0e3b0052-18c7-4c8b-a064-a1332df07af2.yaml b/yaml/0e3b0052-18c7-4c8b-a064-a1332df07af2.yaml
index f2d92ee43..5151688ef 100644
--- a/yaml/0e3b0052-18c7-4c8b-a064-a1332df07af2.yaml
+++ b/yaml/0e3b0052-18c7-4c8b-a064-a1332df07af2.yaml
@@ -1,516 +1,518 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 0e3b0052-18c7-4c8b-a064-a1332df07af2
+Tags:
+- ProxyDrv.sys
+Verified: 'TRUE'
 Author: Michael Haag
+Created: '2023-07-22'
+MitreID: T1068
 CVE:
 - ''
 Category: vulnerable drivers
 Commands:
-  Command: ''
-  Description: Confirmed vulnerable driver from Microsoft Block List
-  OperatingSystem: Windows
-  Privileges: kernel
-  Usecase: Elevate privileges
-Created: '2023-07-22'
-Detection:
-- type: ''
-  value: ''
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: 0e3b0052-18c7-4c8b-a064-a1332df07af2
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 0139a9cdb5f84d47dbf553890e9a5377
-    SHA1: 69d6b4032f1456506382885eba5b396f1c36841b
-    SHA256: 49ed27460730b62403c1d2e4930573121ab0c86c442854bc0a62415ca445a810
-  Company: "\u96F7\u795E\uFF08\u6B66\u6C49\uFF09\u7F51\u7EDC\u6280\u672F\u6709\u9650\
-    \u516C\u53F8"
-  Copyright: Copyright @ Www.Nn.Com
-  CreationTimestamp: '2020-04-03 04:51:25'
-  Date: ''
-  Description: "\u96F7\u795ENN\u52A0\u901F\u5668-\u9A71\u52A8\u7A0B\u5E8F\u6587\u4EF6"
-  ExportedFunctions: ''
-  FileVersion: '1,9,5,3 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - ExDeleteNPagedLookasideList
-  - memcpy
-  - ZwQueryValueKey
-  - RtlUnwind
-  - ZwSetSecurityObject
-  - KeBugCheckEx
-  - KeTickCount
-  - _allmul
-  - _aulldiv
-  - KeQuerySystemTime
-  - ExUuidCreate
-  - swprintf_s
-  - KeInitializeEvent
-  - PsCreateSystemThread
-  - ZwSetInformationThread
-  - ObReferenceObjectByHandle
-  - RtlAppendUnicodeToString
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - PsTerminateSystemThread
-  - MmGetSystemRoutineAddress
-  - PsLookupProcessByProcessId
-  - IoAllocateMdl
-  - MmBuildMdlForNonPagedPool
-  - IoReleaseCancelSpinLock
-  - PsGetCurrentProcessId
-  - IofCompleteRequest
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - KeWaitForSingleObject
-  - ObfDereferenceObject
-  - MmAllocatePagesForMdl
-  - MmMapLockedPagesSpecifyCache
-  - MmFreePagesFromMdl
-  - MmUnmapLockedPages
-  - KeSetEvent
-  - ObOpenObjectByPointer
-  - RtlLengthSid
-  - SeExports
-  - RtlCreateAcl
-  - RtlAddAccessAllowedAce
-  - RtlCreateSecurityDescriptor
-  - RtlSetDaclSecurityDescriptor
-  - IoFreeMdl
-  - ExInitializeNPagedLookasideList
-  - InterlockedPushEntrySList
-  - InterlockedPopEntrySList
-  - _aullrem
-  - ExFreePoolWithTag
-  - memset
-  - ExAllocatePoolWithTag
-  - RtlInitUnicodeString
-  - ZwOpenKey
-  - ZwClose
-  - KeAcquireInStackQueuedSpinLock
-  - KeGetCurrentIrql
-  - KeReleaseInStackQueuedSpinLock
-  - FwpsFreeNetBufferList0
-  - FwpmEngineOpen0
-  - FwpmProviderAdd0
-  - FwpmSubLayerDeleteByKey0
-  - FwpmProviderContextDeleteByKey0
-  - FwpsAcquireClassifyHandle0
-  - FwpsQueryPacketInjectionState0
-  - FwpsFlowAssociateContext0
-  - FwpmSubLayerAdd0
-  - FwpmSubLayerCreateEnumHandle0
-  - FwpmFreeMemory0
-  - FwpmSubLayerEnum0
-  - FwpmSubLayerDestroyEnumHandle0
-  - FwpmCalloutAdd0
-  - FwpmFilterAdd0
-  - FwpmTransactionBegin0
-  - FwpmEngineClose0
-  - FwpmTransactionCommit0
-  - FwpmTransactionAbort0
-  - FwpsCalloutRegister1
-  - FwpsCalloutUnregisterByKey0
-  - FwpsPendClassify0
-  - FwpsInjectionHandleCreate0
-  - FwpsCopyStreamDataToBuffer0
-  - FwpsInjectNetworkReceiveAsync0
-  - FwpsAcquireWritableLayerDataPointer0
-  - FwpsApplyModifiedLayerData0
-  - FwpsAllocateNetBufferAndNetBufferList0
-  - FwpsInjectTransportSendAsync0
-  - FwpsConstructIpHeaderForTransportPacket0
-  - FwpsInjectNetworkSendAsync0
-  - FwpsInjectTransportReceiveAsync0
-  - FwpsFreeCloneNetBufferList0
-  - FwpsInjectionHandleDestroy0
-  - FwpsFlowRemoveContext0
-  - FwpsCloneStreamData0
-  - FwpsCompleteClassify0
-  - FwpsReleaseClassifyHandle0
-  - FwpsDiscardClonedStreamData0
-  - FwpsStreamInjectAsync0
-  - FwpmBfeStateGet0
-  - FwpmBfeStateSubscribeChanges0
-  - FwpmBfeStateUnsubscribeChanges0
-  - NdisFreeGenericObject
-  - NdisInitializeEvent
-  - NdisWaitEvent
-  - NdisFreeNetBufferListPool
-  - NdisAdvanceNetBufferDataStart
-  - NdisRetreatNetBufferDataStart
-  - NdisAllocateNetBufferListPool
-  - NdisAllocateGenericObject
-  - NdisGetDataBuffer
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  - fwpkclnt.sys
-  - NDIS.SYS
-  InternalName: ProxyDrv.sys
-  MD5: 54313eadbe10511393d42b902436a30d
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ProxyDrv.sys
-  PDBPath: ''
-  Product: "\u96F7\u795ENN\u52A0\u901F\u5668"
-  ProductVersion: 2.5.1.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 46657e0062478bca55dea3bf3614c4a3
-    SHA1: e1d9f53cbe8080caa655b35dab32bfdf1d3357d4
-    SHA256: d9fb506945778a3c3b8083655cf3e32fa57fb67207d48a1fbe1f0f2044b49e20
-  SHA1: 1c9e3bc640de5065535925a75d7dda51af2c9836
-  SHA256: 0b205838a8271daea89656b1ec7c5bb7244c42a8b8000d7697e92095da6b9b94
-  Sections:
-    .text:
-      Entropy: 6.465065363864816
-      Virtual Size: '0xb002'
-    .rdata:
-      Entropy: 4.169693415501691
-      Virtual Size: '0x880'
-    .data:
-      Entropy: 2.8489589357060323
-      Virtual Size: '0xef4'
-    INIT:
-      Entropy: 5.507253947388693
-      Virtual Size: '0xd0a'
-    .rsrc:
-      Entropy: 3.686270807485425
-      Virtual Size: '0x350'
-    .reloc:
-      Entropy: 6.590687837428921
-      Virtual Size: '0xc8a'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root
-        CA
-      ValidFrom: '2011-04-15 19:41:37'
-      ValidTo: '2021-04-15 19:51:37'
-      Signature: 5cf5b22d02ceed01b53512d813f7aa4014c7a15ca08a55ed7e55ea6ac457176fd04722423658efc5ac61c5f62c52ce6ae6c80d85dab334420ea40225182672b92a4ea57e4b16f2a0e40c449ce24d9af474f0f927a6699031c244654348c74869d0fc8409f286140ac22996857f11eb8713176ed3ec6bff1d578ab17b1ea5a07ce9a27a68e5fac6b161d67263fa379163835599f81d614f0c6fa3f7bcb1152acc8d85e31417ef7e49443fb022c0f0acbe2fdbe10c86b0f4585c5a10a94bcdf3448a4652083e0a6210e9459504b78b8d4b074f500db7bbe7fb8ca27878c6c53b7663b2cfe521845a66fce04c79834ecfa8ee700586587cc29cd73ca3ad3c7e76625c87d0ed7cd5c55b1421f4be75a275d2e9e15ad020307841624d6b5e6e1b1710244ad8588775d015d762bbfd185665842561977faad49df4f35d6da031c2e19e02ac3e90c3327ee832903416d08b14cf95accee58c54a265b8bfed186a57073ed3e79a4a2f081a041c49871a8ae61b08a365d81c31c50d9cbab368ddf45076160675fec403e7d13edfdc862e10027e661296534e7af3365879b12042d8963f35be3f8ef2999743f5e40ce13c68728c8d49d75a52b573fb7a35943a61b08482c04885c19732d39b725fa0d2348f7ef0467cf28c7294c707b0d7b5b230b81965f09c8327b0a0abd0a2727e050fb3aeddb95b9b42bcc32663456b86f11d4643edc8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611cb28a000000000026
-      Version: 3
-      TBS:
-        MD5: 983a0c315a50542362f2bd6a5d71c8d0
-        SHA1: 8047f476001f5cb16a661d2a3fd0c3576168f5e2
-        SHA256: 5f6a519ed2e35cd0fa1cdfc90f4387162c36287bbf9e4d6648251d99542a9e83
-        SHA384: 5f014b60511ddab3247ef0b3c03fe82c622237ba76015e2911d1adc50dc632d56ebd1ee532f3c2b6cbfe68d80a2c91dc
-    - Subject: C=CN, ST=, L=, O=, CN=
-      ValidFrom: '2020-04-07 00:00:00'
-      ValidTo: '2023-04-12 12:00:00'
-      Signature: 056b54cd71b6206297f5e781cbdd5fd3e1d00efd8902ba8fa5e88fa99f3e4de7f620d29685cd48f2e229845102cae6eeaf3dd16087873576b35af8bde8b369baf14d6956c881d4d55c730734db3029c84b83eabed46aeaf79daacc1821220e82886a9b499923225ac471a3df7389ab99693d7a950c07f7fcb4da549ed53c462676b259c867b31f317552cbdbeb331b537ec9b3ca4ab68c26a47aede38fd3a33253655442c4a6113cd16669660e55088a03650dc6c1c5fe52aabd613651e5f0a45096bfc3baeafc386bbe75b53909d4974cc360a491cb19090b681bca3dda039ee52b5bd5fdf1ff157625ad1f54db0e14b571e00d7119bfbd667df0cd517e77bd
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0dd7d4a785990584d8c0837659173272
-      Version: 3
-      TBS:
-        MD5: 559c170b8f735dd1ba8c3946354c4fa5
-        SHA1: e7432e65001ca5e56478ee25ae9906981432ee75
-        SHA256: 1c6140780d5210fb89e1dd3005184e03dc52740266a921035b1f836b5af0d32a
-        SHA384: 545ad02c12154f939f80b6f4b9d7ae888550220af82ec3f0a42805c8f6e6d7e57dbe62c80a8f8ec35a894acce2f68d9f
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code
-        Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 7b721d64ff88c83ac1b7e9e7a9c487bbdb9492d7905933fa2b87dea85b80253f138f9b831b7c43c4e68cdf393ec315ecb0da3b21257b24c1725db84791811346fa9c3f6a5138deb425cbf0abdfc528015479104624d1380f26a161904dbabd28e63ff1c4aa9bf6da35534fc9f23dd36cdc23edaaa04d6709f33a803d3cfb364c90e776a4ddf23abf56352fa24c65e8e0d4dad1c7c8916a2d234f373b199418d4d59c103cd5b11c19ff8fc86b9b9ef8ae9c999678d1cd9c51155b4226725a8d0a4a239240e886de22c2933ad49b68a6df297f06b93c0ebd9fc4869c82474271328609997209794b9d7169f541ff7f397764f1848dbe8b1eb27d68a3a590b10cff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0fa8490615d700a0be2176fdc5ec6dbd
-      Version: 3
-      TBS:
-        MD5: a9a31555bbc92b6033975c5428fb3679
-        SHA1: 47f4b9898631773231b32844ec0d49990ac4eb1e
-        SHA256: c826846e4b1d73edb7561ab1b41c949354e237a91e82fe1be5b7e2e1701f52d1
-        SHA384: 86f49574f368a561914a52d7ae043ec6784ef8c718960700f834e123594605d25d39f1ad45f1eb5052c9567f3edd0e16
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 0dd7d4a785990584d8c0837659173272
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code
-        Signing CA,1
-      Version: 1
-  Imphash: 710e0a840c6027b3c64add0ff18631c3
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 264c9453024d0f3b091f4ab6e8ca8d8b
-    SHA1: aa937f73a8afcda98e868f4aeeb0eb81a4150075
-    SHA256: c60fcff9c8e5243bbb22ec94618b9dcb02c59bb49b90c04d7d6ab3ebbd58dc3a
-  Company: "\u96F7\u795E\uFF08\u6B66\u6C49\uFF09\u7F51\u7EDC\u6280\u672F\u6709\u9650\
-    \u516C\u53F8"
-  Copyright: Copyright @ Www.Nn.Com
-  CreationTimestamp: '2020-04-03 04:54:10'
-  Date: ''
-  Description: "\u96F7\u795ENN\u52A0\u901F\u5668-\u9A71\u52A8\u7A0B\u5E8F\u6587\u4EF6"
-  ExportedFunctions: ''
-  FileVersion: 1,9,5,3
-  Filename: ''
-  ImportedFunctions:
-  - FwpmFreeMemory0
-  - FwpmEngineOpen0
-  - FwpmEngineClose0
-  - FwpmTransactionBegin0
-  - FwpmTransactionCommit0
-  - FwpmTransactionAbort0
-  - FwpmProviderAdd0
-  - FwpmProviderContextDeleteByKey0
-  - FwpmSubLayerAdd0
-  - FwpmSubLayerDeleteByKey0
-  - FwpmSubLayerCreateEnumHandle0
-  - FwpmSubLayerEnum0
-  - FwpmSubLayerDestroyEnumHandle0
-  - FwpmCalloutAdd0
-  - FwpmFilterAdd0
-  - FwpsFlowAbort0
-  - FwpsInjectionHandleCreate0
-  - FwpsInjectionHandleDestroy0
-  - FwpsRedirectHandleCreate0
-  - FwpsFreeNetBufferList0
-  - FwpsFreeCloneNetBufferList0
-  - FwpsInjectNetworkSendAsync0
-  - FwpsConstructIpHeaderForTransportPacket0
-  - FwpsInjectTransportSendAsync0
-  - FwpsInjectTransportReceiveAsync0
-  - FwpsInjectNetworkReceiveAsync0
-  - FwpsStreamInjectAsync0
-  - FwpsCopyStreamDataToBuffer0
-  - FwpmBfeStateGet0
-  - FwpmBfeStateSubscribeChanges0
-  - FwpmBfeStateUnsubscribeChanges0
-  - FwpsFlowRemoveContext0
-  - FwpsCompleteClassify0
-  - FwpsRedirectHandleDestroy0
-  - FwpsCloneStreamData0
-  - FwpsDiscardClonedStreamData0
-  - FwpsQueryPacketInjectionState0
-  - FwpsApplyModifiedLayerData0
-  - FwpsAcquireWritableLayerDataPointer0
-  - FwpsReleaseClassifyHandle0
-  - FwpsAcquireClassifyHandle0
-  - FwpsFlowAssociateContext0
-  - FwpsCalloutUnregisterByKey0
-  - FwpsPendClassify0
-  - FwpsCalloutRegister1
-  - FwpsAllocateNetBufferAndNetBufferList0
-  - NdisAllocateNetBufferListPool
-  - NdisFreeNetBufferListPool
-  - NdisWaitEvent
-  - NdisInitializeEvent
-  - NdisFreeGenericObject
-  - NdisAllocateGenericObject
-  - NdisGetDataBuffer
-  - NdisAdvanceNetBufferDataStart
-  - NdisRetreatNetBufferDataStart
-  - KeAcquireInStackQueuedSpinLock
-  - KeReleaseInStackQueuedSpinLock
-  - ExAllocatePoolWithTag
-  - ExUuidCreate
-  - swprintf_s
-  - RtlInitUnicodeString
-  - MmGetSystemRoutineAddress
-  - RtlAppendUnicodeToString
-  - RtlCreateSecurityDescriptor
-  - RtlSetDaclSecurityDescriptor
-  - KeInitializeEvent
-  - KeSetEvent
-  - KeWaitForSingleObject
-  - KeInitializeSpinLock
-  - ExFreePoolWithTag
-  - ExQueryDepthSList
-  - ExpInterlockedPopEntrySList
-  - ExpInterlockedPushEntrySList
-  - ExInitializeNPagedLookasideList
-  - ExDeleteNPagedLookasideList
-  - MmBuildMdlForNonPagedPool
-  - MmMapLockedPagesSpecifyCache
-  - MmUnmapLockedPages
-  - MmAllocatePagesForMdl
-  - MmFreePagesFromMdl
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - IoAllocateMdl
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - IoFreeMdl
-  - IoReleaseCancelSpinLock
-  - ObReferenceObjectByHandle
-  - ObfDereferenceObject
-  - ZwClose
-  - ZwOpenKey
-  - ZwQueryValueKey
-  - PsGetCurrentProcessId
-  - ZwSetInformationThread
-  - RtlLengthSid
-  - RtlCreateAcl
-  - RtlAddAccessAllowedAce
-  - PsLookupProcessByProcessId
-  - ObOpenObjectByPointer
-  - ZwSetSecurityObject
-  - __C_specific_handler
-  - SeExports
-  - RtlGetVersion
-  Imports:
-  - fwpkclnt.sys
-  - NDIS.SYS
-  - ntoskrnl.exe
-  InternalName: ProxyDrv.sys
-  MD5: b224ef59e8f31d8f397000fe6548b0c7
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ProxyDrv.sys
-  PDBPath: ''
-  Product: "\u96F7\u795ENN\u52A0\u901F\u5668"
-  ProductVersion: 2.5.1.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: c952cf0cb6ef2b504b8003c023e26016
-    SHA1: dbedf0591c35f298c691e923a55be09b6daaf0bc
-    SHA256: 69b86efd5a2c247ea300ba9552bad07caeaf698f24091e714f83672cb107513c
-  SHA1: f8e8b3e49b04b837b4d774a6c027e380971c221d
-  SHA256: c0e74f565237c32989cb81234f4b5ad85f9dd731c112847c0a143d771021cb99
-  Sections:
-    .text:
-      Entropy: 6.182741872331694
-      Virtual Size: '0xee64'
-    .rdata:
-      Entropy: 4.7617738882730976
-      Virtual Size: '0x1c7c'
-    .data:
-      Entropy: 1.9573155632634147
-      Virtual Size: '0x16c0'
-    .pdata:
-      Entropy: 4.987692606613797
-      Virtual Size: '0xd50'
-    INIT:
-      Entropy: 5.223648954698558
-      Virtual Size: '0xe90'
-    .rsrc:
-      Entropy: 3.8633479531370662
-      Virtual Size: '0x3b8'
-    .reloc:
-      Entropy: 4.789360076662959
-      Virtual Size: '0x130'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root
-        CA
-      ValidFrom: '2011-04-15 19:41:37'
-      ValidTo: '2021-04-15 19:51:37'
-      Signature: 5cf5b22d02ceed01b53512d813f7aa4014c7a15ca08a55ed7e55ea6ac457176fd04722423658efc5ac61c5f62c52ce6ae6c80d85dab334420ea40225182672b92a4ea57e4b16f2a0e40c449ce24d9af474f0f927a6699031c244654348c74869d0fc8409f286140ac22996857f11eb8713176ed3ec6bff1d578ab17b1ea5a07ce9a27a68e5fac6b161d67263fa379163835599f81d614f0c6fa3f7bcb1152acc8d85e31417ef7e49443fb022c0f0acbe2fdbe10c86b0f4585c5a10a94bcdf3448a4652083e0a6210e9459504b78b8d4b074f500db7bbe7fb8ca27878c6c53b7663b2cfe521845a66fce04c79834ecfa8ee700586587cc29cd73ca3ad3c7e76625c87d0ed7cd5c55b1421f4be75a275d2e9e15ad020307841624d6b5e6e1b1710244ad8588775d015d762bbfd185665842561977faad49df4f35d6da031c2e19e02ac3e90c3327ee832903416d08b14cf95accee58c54a265b8bfed186a57073ed3e79a4a2f081a041c49871a8ae61b08a365d81c31c50d9cbab368ddf45076160675fec403e7d13edfdc862e10027e661296534e7af3365879b12042d8963f35be3f8ef2999743f5e40ce13c68728c8d49d75a52b573fb7a35943a61b08482c04885c19732d39b725fa0d2348f7ef0467cf28c7294c707b0d7b5b230b81965f09c8327b0a0abd0a2727e050fb3aeddb95b9b42bcc32663456b86f11d4643edc8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611cb28a000000000026
-      Version: 3
-      TBS:
-        MD5: 983a0c315a50542362f2bd6a5d71c8d0
-        SHA1: 8047f476001f5cb16a661d2a3fd0c3576168f5e2
-        SHA256: 5f6a519ed2e35cd0fa1cdfc90f4387162c36287bbf9e4d6648251d99542a9e83
-        SHA384: 5f014b60511ddab3247ef0b3c03fe82c622237ba76015e2911d1adc50dc632d56ebd1ee532f3c2b6cbfe68d80a2c91dc
-    - Subject: C=CN, ST=, L=, O=, CN=
-      ValidFrom: '2020-04-07 00:00:00'
-      ValidTo: '2023-04-12 12:00:00'
-      Signature: 056b54cd71b6206297f5e781cbdd5fd3e1d00efd8902ba8fa5e88fa99f3e4de7f620d29685cd48f2e229845102cae6eeaf3dd16087873576b35af8bde8b369baf14d6956c881d4d55c730734db3029c84b83eabed46aeaf79daacc1821220e82886a9b499923225ac471a3df7389ab99693d7a950c07f7fcb4da549ed53c462676b259c867b31f317552cbdbeb331b537ec9b3ca4ab68c26a47aede38fd3a33253655442c4a6113cd16669660e55088a03650dc6c1c5fe52aabd613651e5f0a45096bfc3baeafc386bbe75b53909d4974cc360a491cb19090b681bca3dda039ee52b5bd5fdf1ff157625ad1f54db0e14b571e00d7119bfbd667df0cd517e77bd
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0dd7d4a785990584d8c0837659173272
-      Version: 3
-      TBS:
-        MD5: 559c170b8f735dd1ba8c3946354c4fa5
-        SHA1: e7432e65001ca5e56478ee25ae9906981432ee75
-        SHA256: 1c6140780d5210fb89e1dd3005184e03dc52740266a921035b1f836b5af0d32a
-        SHA384: 545ad02c12154f939f80b6f4b9d7ae888550220af82ec3f0a42805c8f6e6d7e57dbe62c80a8f8ec35a894acce2f68d9f
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code
-        Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 7b721d64ff88c83ac1b7e9e7a9c487bbdb9492d7905933fa2b87dea85b80253f138f9b831b7c43c4e68cdf393ec315ecb0da3b21257b24c1725db84791811346fa9c3f6a5138deb425cbf0abdfc528015479104624d1380f26a161904dbabd28e63ff1c4aa9bf6da35534fc9f23dd36cdc23edaaa04d6709f33a803d3cfb364c90e776a4ddf23abf56352fa24c65e8e0d4dad1c7c8916a2d234f373b199418d4d59c103cd5b11c19ff8fc86b9b9ef8ae9c999678d1cd9c51155b4226725a8d0a4a239240e886de22c2933ad49b68a6df297f06b93c0ebd9fc4869c82474271328609997209794b9d7169f541ff7f397764f1848dbe8b1eb27d68a3a590b10cff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0fa8490615d700a0be2176fdc5ec6dbd
-      Version: 3
-      TBS:
-        MD5: a9a31555bbc92b6033975c5428fb3679
-        SHA1: 47f4b9898631773231b32844ec0d49990ac4eb1e
-        SHA256: c826846e4b1d73edb7561ab1b41c949354e237a91e82fe1be5b7e2e1701f52d1
-        SHA384: 86f49574f368a561914a52d7ae043ec6784ef8c718960700f834e123594605d25d39f1ad45f1eb5052c9567f3edd0e16
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 0dd7d4a785990584d8c0837659173272
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code
-        Signing CA,1
-      Version: 1
-  Imphash: ff016f73670717be3741d1044bf4b7a6
-  LoadsDespiteHVCI: 'FALSE'
-MitreID: T1068
+    Command: ''
+    Description: Confirmed vulnerable driver from Microsoft Block List
+    OperatingSystem: Windows
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://gist.github.com/mgraeber-rc/1bde6a2a83237f17b463d051d32e802c
-Tags:
-- ProxyDrv.sys
-Verified: 'TRUE'
+Detection:
+-   type: ''
+    value: ''
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 0139a9cdb5f84d47dbf553890e9a5377
+        SHA1: 69d6b4032f1456506382885eba5b396f1c36841b
+        SHA256: 49ed27460730b62403c1d2e4930573121ab0c86c442854bc0a62415ca445a810
+    Company: "\u96F7\u795E\uFF08\u6B66\u6C49\uFF09\u7F51\u7EDC\u6280\u672F\u6709\u9650\
+        \u516C\u53F8"
+    Copyright: Copyright @ Www.Nn.Com
+    CreationTimestamp: '2020-04-03 04:51:25'
+    Date: ''
+    Description: "\u96F7\u795ENN\u52A0\u901F\u5668-\u9A71\u52A8\u7A0B\u5E8F\u6587\u4EF6"
+    ExportedFunctions: ''
+    FileVersion: '1,9,5,3 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - ExDeleteNPagedLookasideList
+    - memcpy
+    - ZwQueryValueKey
+    - RtlUnwind
+    - ZwSetSecurityObject
+    - KeBugCheckEx
+    - KeTickCount
+    - _allmul
+    - _aulldiv
+    - KeQuerySystemTime
+    - ExUuidCreate
+    - swprintf_s
+    - KeInitializeEvent
+    - PsCreateSystemThread
+    - ZwSetInformationThread
+    - ObReferenceObjectByHandle
+    - RtlAppendUnicodeToString
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - PsTerminateSystemThread
+    - MmGetSystemRoutineAddress
+    - PsLookupProcessByProcessId
+    - IoAllocateMdl
+    - MmBuildMdlForNonPagedPool
+    - IoReleaseCancelSpinLock
+    - PsGetCurrentProcessId
+    - IofCompleteRequest
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - KeWaitForSingleObject
+    - ObfDereferenceObject
+    - MmAllocatePagesForMdl
+    - MmMapLockedPagesSpecifyCache
+    - MmFreePagesFromMdl
+    - MmUnmapLockedPages
+    - KeSetEvent
+    - ObOpenObjectByPointer
+    - RtlLengthSid
+    - SeExports
+    - RtlCreateAcl
+    - RtlAddAccessAllowedAce
+    - RtlCreateSecurityDescriptor
+    - RtlSetDaclSecurityDescriptor
+    - IoFreeMdl
+    - ExInitializeNPagedLookasideList
+    - InterlockedPushEntrySList
+    - InterlockedPopEntrySList
+    - _aullrem
+    - ExFreePoolWithTag
+    - memset
+    - ExAllocatePoolWithTag
+    - RtlInitUnicodeString
+    - ZwOpenKey
+    - ZwClose
+    - KeAcquireInStackQueuedSpinLock
+    - KeGetCurrentIrql
+    - KeReleaseInStackQueuedSpinLock
+    - FwpsFreeNetBufferList0
+    - FwpmEngineOpen0
+    - FwpmProviderAdd0
+    - FwpmSubLayerDeleteByKey0
+    - FwpmProviderContextDeleteByKey0
+    - FwpsAcquireClassifyHandle0
+    - FwpsQueryPacketInjectionState0
+    - FwpsFlowAssociateContext0
+    - FwpmSubLayerAdd0
+    - FwpmSubLayerCreateEnumHandle0
+    - FwpmFreeMemory0
+    - FwpmSubLayerEnum0
+    - FwpmSubLayerDestroyEnumHandle0
+    - FwpmCalloutAdd0
+    - FwpmFilterAdd0
+    - FwpmTransactionBegin0
+    - FwpmEngineClose0
+    - FwpmTransactionCommit0
+    - FwpmTransactionAbort0
+    - FwpsCalloutRegister1
+    - FwpsCalloutUnregisterByKey0
+    - FwpsPendClassify0
+    - FwpsInjectionHandleCreate0
+    - FwpsCopyStreamDataToBuffer0
+    - FwpsInjectNetworkReceiveAsync0
+    - FwpsAcquireWritableLayerDataPointer0
+    - FwpsApplyModifiedLayerData0
+    - FwpsAllocateNetBufferAndNetBufferList0
+    - FwpsInjectTransportSendAsync0
+    - FwpsConstructIpHeaderForTransportPacket0
+    - FwpsInjectNetworkSendAsync0
+    - FwpsInjectTransportReceiveAsync0
+    - FwpsFreeCloneNetBufferList0
+    - FwpsInjectionHandleDestroy0
+    - FwpsFlowRemoveContext0
+    - FwpsCloneStreamData0
+    - FwpsCompleteClassify0
+    - FwpsReleaseClassifyHandle0
+    - FwpsDiscardClonedStreamData0
+    - FwpsStreamInjectAsync0
+    - FwpmBfeStateGet0
+    - FwpmBfeStateSubscribeChanges0
+    - FwpmBfeStateUnsubscribeChanges0
+    - NdisFreeGenericObject
+    - NdisInitializeEvent
+    - NdisWaitEvent
+    - NdisFreeNetBufferListPool
+    - NdisAdvanceNetBufferDataStart
+    - NdisRetreatNetBufferDataStart
+    - NdisAllocateNetBufferListPool
+    - NdisAllocateGenericObject
+    - NdisGetDataBuffer
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    - fwpkclnt.sys
+    - NDIS.SYS
+    InternalName: ProxyDrv.sys
+    MD5: 54313eadbe10511393d42b902436a30d
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ProxyDrv.sys
+    PDBPath: ''
+    Product: "\u96F7\u795ENN\u52A0\u901F\u5668"
+    ProductVersion: 2.5.1.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 46657e0062478bca55dea3bf3614c4a3
+        SHA1: e1d9f53cbe8080caa655b35dab32bfdf1d3357d4
+        SHA256: d9fb506945778a3c3b8083655cf3e32fa57fb67207d48a1fbe1f0f2044b49e20
+    SHA1: 1c9e3bc640de5065535925a75d7dda51af2c9836
+    SHA256: 0b205838a8271daea89656b1ec7c5bb7244c42a8b8000d7697e92095da6b9b94
+    Sections:
+        .text:
+            Entropy: 6.465065363864816
+            Virtual Size: '0xb002'
+        .rdata:
+            Entropy: 4.169693415501691
+            Virtual Size: '0x880'
+        .data:
+            Entropy: 2.8489589357060323
+            Virtual Size: '0xef4'
+        INIT:
+            Entropy: 5.507253947388693
+            Virtual Size: '0xd0a'
+        .rsrc:
+            Entropy: 3.686270807485425
+            Virtual Size: '0x350'
+        .reloc:
+            Entropy: 6.590687837428921
+            Virtual Size: '0xc8a'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID Root CA
+            ValidFrom: '2011-04-15 19:41:37'
+            ValidTo: '2021-04-15 19:51:37'
+            Signature: 5cf5b22d02ceed01b53512d813f7aa4014c7a15ca08a55ed7e55ea6ac457176fd04722423658efc5ac61c5f62c52ce6ae6c80d85dab334420ea40225182672b92a4ea57e4b16f2a0e40c449ce24d9af474f0f927a6699031c244654348c74869d0fc8409f286140ac22996857f11eb8713176ed3ec6bff1d578ab17b1ea5a07ce9a27a68e5fac6b161d67263fa379163835599f81d614f0c6fa3f7bcb1152acc8d85e31417ef7e49443fb022c0f0acbe2fdbe10c86b0f4585c5a10a94bcdf3448a4652083e0a6210e9459504b78b8d4b074f500db7bbe7fb8ca27878c6c53b7663b2cfe521845a66fce04c79834ecfa8ee700586587cc29cd73ca3ad3c7e76625c87d0ed7cd5c55b1421f4be75a275d2e9e15ad020307841624d6b5e6e1b1710244ad8588775d015d762bbfd185665842561977faad49df4f35d6da031c2e19e02ac3e90c3327ee832903416d08b14cf95accee58c54a265b8bfed186a57073ed3e79a4a2f081a041c49871a8ae61b08a365d81c31c50d9cbab368ddf45076160675fec403e7d13edfdc862e10027e661296534e7af3365879b12042d8963f35be3f8ef2999743f5e40ce13c68728c8d49d75a52b573fb7a35943a61b08482c04885c19732d39b725fa0d2348f7ef0467cf28c7294c707b0d7b5b230b81965f09c8327b0a0abd0a2727e050fb3aeddb95b9b42bcc32663456b86f11d4643edc8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611cb28a000000000026
+            Version: 3
+            TBS:
+                MD5: 983a0c315a50542362f2bd6a5d71c8d0
+                SHA1: 8047f476001f5cb16a661d2a3fd0c3576168f5e2
+                SHA256: 5f6a519ed2e35cd0fa1cdfc90f4387162c36287bbf9e4d6648251d99542a9e83
+                SHA384: 5f014b60511ddab3247ef0b3c03fe82c622237ba76015e2911d1adc50dc632d56ebd1ee532f3c2b6cbfe68d80a2c91dc
+        -   Subject: C=CN, ST=, L=, O=, CN=
+            ValidFrom: '2020-04-07 00:00:00'
+            ValidTo: '2023-04-12 12:00:00'
+            Signature: 056b54cd71b6206297f5e781cbdd5fd3e1d00efd8902ba8fa5e88fa99f3e4de7f620d29685cd48f2e229845102cae6eeaf3dd16087873576b35af8bde8b369baf14d6956c881d4d55c730734db3029c84b83eabed46aeaf79daacc1821220e82886a9b499923225ac471a3df7389ab99693d7a950c07f7fcb4da549ed53c462676b259c867b31f317552cbdbeb331b537ec9b3ca4ab68c26a47aede38fd3a33253655442c4a6113cd16669660e55088a03650dc6c1c5fe52aabd613651e5f0a45096bfc3baeafc386bbe75b53909d4974cc360a491cb19090b681bca3dda039ee52b5bd5fdf1ff157625ad1f54db0e14b571e00d7119bfbd667df0cd517e77bd
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0dd7d4a785990584d8c0837659173272
+            Version: 3
+            TBS:
+                MD5: 559c170b8f735dd1ba8c3946354c4fa5
+                SHA1: e7432e65001ca5e56478ee25ae9906981432ee75
+                SHA256: 1c6140780d5210fb89e1dd3005184e03dc52740266a921035b1f836b5af0d32a
+                SHA384: 545ad02c12154f939f80b6f4b9d7ae888550220af82ec3f0a42805c8f6e6d7e57dbe62c80a8f8ec35a894acce2f68d9f
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 7b721d64ff88c83ac1b7e9e7a9c487bbdb9492d7905933fa2b87dea85b80253f138f9b831b7c43c4e68cdf393ec315ecb0da3b21257b24c1725db84791811346fa9c3f6a5138deb425cbf0abdfc528015479104624d1380f26a161904dbabd28e63ff1c4aa9bf6da35534fc9f23dd36cdc23edaaa04d6709f33a803d3cfb364c90e776a4ddf23abf56352fa24c65e8e0d4dad1c7c8916a2d234f373b199418d4d59c103cd5b11c19ff8fc86b9b9ef8ae9c999678d1cd9c51155b4226725a8d0a4a239240e886de22c2933ad49b68a6df297f06b93c0ebd9fc4869c82474271328609997209794b9d7169f541ff7f397764f1848dbe8b1eb27d68a3a590b10cff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0fa8490615d700a0be2176fdc5ec6dbd
+            Version: 3
+            TBS:
+                MD5: a9a31555bbc92b6033975c5428fb3679
+                SHA1: 47f4b9898631773231b32844ec0d49990ac4eb1e
+                SHA256: c826846e4b1d73edb7561ab1b41c949354e237a91e82fe1be5b7e2e1701f52d1
+                SHA384: 86f49574f368a561914a52d7ae043ec6784ef8c718960700f834e123594605d25d39f1ad45f1eb5052c9567f3edd0e16
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 0dd7d4a785990584d8c0837659173272
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID Code Signing CA,1
+            Version: 1
+    Imphash: 710e0a840c6027b3c64add0ff18631c3
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 264c9453024d0f3b091f4ab6e8ca8d8b
+        SHA1: aa937f73a8afcda98e868f4aeeb0eb81a4150075
+        SHA256: c60fcff9c8e5243bbb22ec94618b9dcb02c59bb49b90c04d7d6ab3ebbd58dc3a
+    Company: "\u96F7\u795E\uFF08\u6B66\u6C49\uFF09\u7F51\u7EDC\u6280\u672F\u6709\u9650\
+        \u516C\u53F8"
+    Copyright: Copyright @ Www.Nn.Com
+    CreationTimestamp: '2020-04-03 04:54:10'
+    Date: ''
+    Description: "\u96F7\u795ENN\u52A0\u901F\u5668-\u9A71\u52A8\u7A0B\u5E8F\u6587\u4EF6"
+    ExportedFunctions: ''
+    FileVersion: 1,9,5,3
+    Filename: ''
+    ImportedFunctions:
+    - FwpmFreeMemory0
+    - FwpmEngineOpen0
+    - FwpmEngineClose0
+    - FwpmTransactionBegin0
+    - FwpmTransactionCommit0
+    - FwpmTransactionAbort0
+    - FwpmProviderAdd0
+    - FwpmProviderContextDeleteByKey0
+    - FwpmSubLayerAdd0
+    - FwpmSubLayerDeleteByKey0
+    - FwpmSubLayerCreateEnumHandle0
+    - FwpmSubLayerEnum0
+    - FwpmSubLayerDestroyEnumHandle0
+    - FwpmCalloutAdd0
+    - FwpmFilterAdd0
+    - FwpsFlowAbort0
+    - FwpsInjectionHandleCreate0
+    - FwpsInjectionHandleDestroy0
+    - FwpsRedirectHandleCreate0
+    - FwpsFreeNetBufferList0
+    - FwpsFreeCloneNetBufferList0
+    - FwpsInjectNetworkSendAsync0
+    - FwpsConstructIpHeaderForTransportPacket0
+    - FwpsInjectTransportSendAsync0
+    - FwpsInjectTransportReceiveAsync0
+    - FwpsInjectNetworkReceiveAsync0
+    - FwpsStreamInjectAsync0
+    - FwpsCopyStreamDataToBuffer0
+    - FwpmBfeStateGet0
+    - FwpmBfeStateSubscribeChanges0
+    - FwpmBfeStateUnsubscribeChanges0
+    - FwpsFlowRemoveContext0
+    - FwpsCompleteClassify0
+    - FwpsRedirectHandleDestroy0
+    - FwpsCloneStreamData0
+    - FwpsDiscardClonedStreamData0
+    - FwpsQueryPacketInjectionState0
+    - FwpsApplyModifiedLayerData0
+    - FwpsAcquireWritableLayerDataPointer0
+    - FwpsReleaseClassifyHandle0
+    - FwpsAcquireClassifyHandle0
+    - FwpsFlowAssociateContext0
+    - FwpsCalloutUnregisterByKey0
+    - FwpsPendClassify0
+    - FwpsCalloutRegister1
+    - FwpsAllocateNetBufferAndNetBufferList0
+    - NdisAllocateNetBufferListPool
+    - NdisFreeNetBufferListPool
+    - NdisWaitEvent
+    - NdisInitializeEvent
+    - NdisFreeGenericObject
+    - NdisAllocateGenericObject
+    - NdisGetDataBuffer
+    - NdisAdvanceNetBufferDataStart
+    - NdisRetreatNetBufferDataStart
+    - KeAcquireInStackQueuedSpinLock
+    - KeReleaseInStackQueuedSpinLock
+    - ExAllocatePoolWithTag
+    - ExUuidCreate
+    - swprintf_s
+    - RtlInitUnicodeString
+    - MmGetSystemRoutineAddress
+    - RtlAppendUnicodeToString
+    - RtlCreateSecurityDescriptor
+    - RtlSetDaclSecurityDescriptor
+    - KeInitializeEvent
+    - KeSetEvent
+    - KeWaitForSingleObject
+    - KeInitializeSpinLock
+    - ExFreePoolWithTag
+    - ExQueryDepthSList
+    - ExpInterlockedPopEntrySList
+    - ExpInterlockedPushEntrySList
+    - ExInitializeNPagedLookasideList
+    - ExDeleteNPagedLookasideList
+    - MmBuildMdlForNonPagedPool
+    - MmMapLockedPagesSpecifyCache
+    - MmUnmapLockedPages
+    - MmAllocatePagesForMdl
+    - MmFreePagesFromMdl
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - IoAllocateMdl
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - IoFreeMdl
+    - IoReleaseCancelSpinLock
+    - ObReferenceObjectByHandle
+    - ObfDereferenceObject
+    - ZwClose
+    - ZwOpenKey
+    - ZwQueryValueKey
+    - PsGetCurrentProcessId
+    - ZwSetInformationThread
+    - RtlLengthSid
+    - RtlCreateAcl
+    - RtlAddAccessAllowedAce
+    - PsLookupProcessByProcessId
+    - ObOpenObjectByPointer
+    - ZwSetSecurityObject
+    - __C_specific_handler
+    - SeExports
+    - RtlGetVersion
+    Imports:
+    - fwpkclnt.sys
+    - NDIS.SYS
+    - ntoskrnl.exe
+    InternalName: ProxyDrv.sys
+    MD5: b224ef59e8f31d8f397000fe6548b0c7
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ProxyDrv.sys
+    PDBPath: ''
+    Product: "\u96F7\u795ENN\u52A0\u901F\u5668"
+    ProductVersion: 2.5.1.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: c952cf0cb6ef2b504b8003c023e26016
+        SHA1: dbedf0591c35f298c691e923a55be09b6daaf0bc
+        SHA256: 69b86efd5a2c247ea300ba9552bad07caeaf698f24091e714f83672cb107513c
+    SHA1: f8e8b3e49b04b837b4d774a6c027e380971c221d
+    SHA256: c0e74f565237c32989cb81234f4b5ad85f9dd731c112847c0a143d771021cb99
+    Sections:
+        .text:
+            Entropy: 6.182741872331694
+            Virtual Size: '0xee64'
+        .rdata:
+            Entropy: 4.7617738882730976
+            Virtual Size: '0x1c7c'
+        .data:
+            Entropy: 1.9573155632634147
+            Virtual Size: '0x16c0'
+        .pdata:
+            Entropy: 4.987692606613797
+            Virtual Size: '0xd50'
+        INIT:
+            Entropy: 5.223648954698558
+            Virtual Size: '0xe90'
+        .rsrc:
+            Entropy: 3.8633479531370662
+            Virtual Size: '0x3b8'
+        .reloc:
+            Entropy: 4.789360076662959
+            Virtual Size: '0x130'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID Root CA
+            ValidFrom: '2011-04-15 19:41:37'
+            ValidTo: '2021-04-15 19:51:37'
+            Signature: 5cf5b22d02ceed01b53512d813f7aa4014c7a15ca08a55ed7e55ea6ac457176fd04722423658efc5ac61c5f62c52ce6ae6c80d85dab334420ea40225182672b92a4ea57e4b16f2a0e40c449ce24d9af474f0f927a6699031c244654348c74869d0fc8409f286140ac22996857f11eb8713176ed3ec6bff1d578ab17b1ea5a07ce9a27a68e5fac6b161d67263fa379163835599f81d614f0c6fa3f7bcb1152acc8d85e31417ef7e49443fb022c0f0acbe2fdbe10c86b0f4585c5a10a94bcdf3448a4652083e0a6210e9459504b78b8d4b074f500db7bbe7fb8ca27878c6c53b7663b2cfe521845a66fce04c79834ecfa8ee700586587cc29cd73ca3ad3c7e76625c87d0ed7cd5c55b1421f4be75a275d2e9e15ad020307841624d6b5e6e1b1710244ad8588775d015d762bbfd185665842561977faad49df4f35d6da031c2e19e02ac3e90c3327ee832903416d08b14cf95accee58c54a265b8bfed186a57073ed3e79a4a2f081a041c49871a8ae61b08a365d81c31c50d9cbab368ddf45076160675fec403e7d13edfdc862e10027e661296534e7af3365879b12042d8963f35be3f8ef2999743f5e40ce13c68728c8d49d75a52b573fb7a35943a61b08482c04885c19732d39b725fa0d2348f7ef0467cf28c7294c707b0d7b5b230b81965f09c8327b0a0abd0a2727e050fb3aeddb95b9b42bcc32663456b86f11d4643edc8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611cb28a000000000026
+            Version: 3
+            TBS:
+                MD5: 983a0c315a50542362f2bd6a5d71c8d0
+                SHA1: 8047f476001f5cb16a661d2a3fd0c3576168f5e2
+                SHA256: 5f6a519ed2e35cd0fa1cdfc90f4387162c36287bbf9e4d6648251d99542a9e83
+                SHA384: 5f014b60511ddab3247ef0b3c03fe82c622237ba76015e2911d1adc50dc632d56ebd1ee532f3c2b6cbfe68d80a2c91dc
+        -   Subject: C=CN, ST=, L=, O=, CN=
+            ValidFrom: '2020-04-07 00:00:00'
+            ValidTo: '2023-04-12 12:00:00'
+            Signature: 056b54cd71b6206297f5e781cbdd5fd3e1d00efd8902ba8fa5e88fa99f3e4de7f620d29685cd48f2e229845102cae6eeaf3dd16087873576b35af8bde8b369baf14d6956c881d4d55c730734db3029c84b83eabed46aeaf79daacc1821220e82886a9b499923225ac471a3df7389ab99693d7a950c07f7fcb4da549ed53c462676b259c867b31f317552cbdbeb331b537ec9b3ca4ab68c26a47aede38fd3a33253655442c4a6113cd16669660e55088a03650dc6c1c5fe52aabd613651e5f0a45096bfc3baeafc386bbe75b53909d4974cc360a491cb19090b681bca3dda039ee52b5bd5fdf1ff157625ad1f54db0e14b571e00d7119bfbd667df0cd517e77bd
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0dd7d4a785990584d8c0837659173272
+            Version: 3
+            TBS:
+                MD5: 559c170b8f735dd1ba8c3946354c4fa5
+                SHA1: e7432e65001ca5e56478ee25ae9906981432ee75
+                SHA256: 1c6140780d5210fb89e1dd3005184e03dc52740266a921035b1f836b5af0d32a
+                SHA384: 545ad02c12154f939f80b6f4b9d7ae888550220af82ec3f0a42805c8f6e6d7e57dbe62c80a8f8ec35a894acce2f68d9f
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 7b721d64ff88c83ac1b7e9e7a9c487bbdb9492d7905933fa2b87dea85b80253f138f9b831b7c43c4e68cdf393ec315ecb0da3b21257b24c1725db84791811346fa9c3f6a5138deb425cbf0abdfc528015479104624d1380f26a161904dbabd28e63ff1c4aa9bf6da35534fc9f23dd36cdc23edaaa04d6709f33a803d3cfb364c90e776a4ddf23abf56352fa24c65e8e0d4dad1c7c8916a2d234f373b199418d4d59c103cd5b11c19ff8fc86b9b9ef8ae9c999678d1cd9c51155b4226725a8d0a4a239240e886de22c2933ad49b68a6df297f06b93c0ebd9fc4869c82474271328609997209794b9d7169f541ff7f397764f1848dbe8b1eb27d68a3a590b10cff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0fa8490615d700a0be2176fdc5ec6dbd
+            Version: 3
+            TBS:
+                MD5: a9a31555bbc92b6033975c5428fb3679
+                SHA1: 47f4b9898631773231b32844ec0d49990ac4eb1e
+                SHA256: c826846e4b1d73edb7561ab1b41c949354e237a91e82fe1be5b7e2e1701f52d1
+                SHA384: 86f49574f368a561914a52d7ae043ec6784ef8c718960700f834e123594605d25d39f1ad45f1eb5052c9567f3edd0e16
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 0dd7d4a785990584d8c0837659173272
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID Code Signing CA,1
+            Version: 1
+    Imphash: ff016f73670717be3741d1044bf4b7a6
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/0e8da43d-92e0-43f9-bc34-50a7d15b34bd.yaml b/yaml/0e8da43d-92e0-43f9-bc34-50a7d15b34bd.yaml
index 9ea6abb3c..e3012d2c8 100644
--- a/yaml/0e8da43d-92e0-43f9-bc34-50a7d15b34bd.yaml
+++ b/yaml/0e8da43d-92e0-43f9-bc34-50a7d15b34bd.yaml
@@ -1,133 +1,134 @@
 Id: 0e8da43d-92e0-43f9-bc34-50a7d15b34bd
+Tags:
+- etdsupp.sys
+Verified: 'TRUE'
 Author: Nasreddine Bencherchali
 Created: '2023-05-11'
 MitreID: T1068
 Category: vulnerable driver
-Verified: 'TRUE'
 Commands:
-  Command: sc.exe create etdsupp binPath=C:\windows\temp\etdsupp.sys type=kernel &&
-    sc.exe start etdsupp.sys
-  Description: ''
-  Usecase: Elevate privileges
-  Privileges: kernel
-  OperatingSystem: Windows 10
+    Command: sc.exe create etdsupp binPath=C:\windows\temp\etdsupp.sys type=kernel
+        && sc.exe start etdsupp.sys
+    Description: ''
+    Usecase: Elevate privileges
+    Privileges: kernel
+    OperatingSystem: Windows 10
 Resources:
 - Internal Research
-Acknowledgement:
-  Person: Michael Alfaro
-  Handle: '@_mmpte_software'
 Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Person: Michael Alfaro
+    Handle: '@_mmpte_software'
 KnownVulnerableSamples:
-- Filename: etdsupp.sys
-  MD5: a92bf3c219a5fa82087b6c31bdf36ff3
-  SHA1: a57eefa0c653b49bd60b6f46d7c441a78063b682
-  SHA256: f744abb99c97d98e4cd08072a897107829d6d8481aee96c22443f626d00f4145
-  Authentihash:
-    MD5: bcc13f939e945b7395681cc6299a45bb
-    SHA1: 96faa975feb28588372a98a1e77d98af7fc90e41
-    SHA256: c9532a354c24fd256c24534c554bca5a126414eb496dbd3223fe9486418df2ea
-  Description: ETDi Support Driver
-  Company: HP Development Company
-  InternalName: etdsupp.sys
-  OriginalFilename: etdsupp.sys
-  FileVersion: 18.0.0.0
-  Product: HP ETDi Driver DLL
-  ProductVersion: 18.0.0.0
-  Copyright: (C) Copyright 1991-2022 Hewlett-Packard Development Company, L.P.
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IofCompleteRequest
-  - MmGetPhysicalAddress
-  - __C_specific_handler
-  - KeBugCheckEx
-  - DbgPrint
-  - IoDeleteSymbolicLink
-  - RtlAppendUnicodeToString
-  - HalGetBusDataByOffset
-  - HalSetBusDataByOffset
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert, Inc., CN=DigiCert Trusted G4 Code Signing RSA4096
-        SHA384 2021 CA1
-      ValidFrom: '2021-04-29 00:00:00'
-      ValidTo: '2036-04-28 23:59:59'
-      Signature: 3a23443d8d0876ee8fbc3a99d356e0021aa5f84834f32cb6e67466f79472b100caaf6c302713129e90449f4bfd9ea37c26d537bc3a5d486d95d53f49f427bb16814550fd9cbdb685e0767e3771cb22f75aaa90cff5936ae3eb20d1d55079889a8a8ac1b6bda148187edcd8801a111918cd61998156f6c9e376e7c4e41b5f43f83e94ff76393d9ed499cf4add28eb5f26a1955848d51afed7273ffd90d17686dd1cb0605cf30da8eee089a1bd39e1384eda6ebb369dfbe521535ac3cae96af1a23edb43b833c84f38149299f5ddce546dd95d02141f40337c03e295b2c221757352cb46d8c4341ca2a54b8dcd6f76372c853f1ace26e918be9007b0437f9588208270f0cccaeffd29355c1f893855f7378a8b09a1cb0be9311aff2e195c3971e1be9ca70a06d62667b792e64e5fde7aac49cf2ea47492addb3ca49c861fe3c1561b2b23ff8fb5ea887b706be6a0bafd3a3f45a6c4e81691528b41c048844b964dab4440e38df01528ceedf11856072a2f10c40c08643c338fae288c3ccb8f880b0dbf3bf4ce1e7b8eefb5ebcbb7f07713e6e7283fac12aea52f226c41f9825c1566cc6c0ecac586c3f626330c074ba0d307026a6a4030484b34a85120bbad1b8508e2590d6dca05502bea4a1c9ea5fda0a71f0674e7f2d65290fdaf854821f9573bb49c03ed8645f4b4616ebf68e2266086eac8afa9fe941de7631b3a8656784e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.12
-      IsCertificateAuthority: true
-      SerialNumber: 08ad40b260d29c4c9f5ecda9bd93aed9
-      Version: 3
-      TBS:
-        MD5: 5d8003a64dfa5a4d88365da1566038cb
-        SHA1: 79465b56bc7ad55a37bdf633943da8bfc84db228
-        SHA256: 84bdc82e2f2a7f7aaa782667dac556ffcb2b33240c1f9c0a00a3264526a98332
-        SHA384: 65b1d4076a89ae273f57e6eeedecb3eae129b4168f76fa7671914cdf461d542255c59d9b85b916ae0ca6fc0fcf7a8e64
-    - Subject: ??=Private Organization, ??=US, ??=California, serialNumber=C2895304,
-        C=US, ST=California, L=Palo Alto, O=HP Inc., OU=HP Cybersecurity, CN=HP Inc.
-      ValidFrom: '2022-01-19 00:00:00'
-      ValidTo: '2024-01-19 23:59:59'
-      Signature: 9500d1da5fadfef36a40966dce1ca0cee421500966b33f49f4c10f8acfea86f00dffde1f543367816b85f0ff09bc7f4767f7ca4533ea1b94c8eb026cd04936cd558ae73815b87a5e7a5b25a8b8aa9fb309f20a455067b17f1648d46a46f1f714b6f7c3df658545a43513e08b23828fa4e2180bf7356ab845318358cb4655b3c2c5efbf3ef01ebf6a172a271d714da3b844a184412a57d7e36e52480f8d3ced0fb1fa5c42257b05904820138acaea141a50294d827b92ef804d25d7cb36426edb915c90e97b8461df38f47ecb905b29b40ecf54dea2b060276444740357f2e8557a5fe064a03426c9408652e88a9b253f7bd37334199ce81b866b73b897217dcf019c8c7e5be66905b528a9eda563bca9b4922ea972df2e68c06d3396ac1bb76e4551f750ebd66d1c68edb6ecffdd8f9f492b7630e4a0591867edccec6d5cb6d58c35b89a8aebdc12c210b38289ecf419f8e82c1a03e2c8761b984bafafa502db482659a1ff256eee72175bc1a3d5dd5afa71fedbd7a8f4ad1cf6e569e382775ed6828dedeea6bf8689ee18dbe380140949cdc4a827622f23841731bb062941226d030e3873a425b078fe4926ef1985d8aecfce1140848b565dc0b5b722bf11fe129f6caee67af3e1c797562224849cfecbeda2f6c801d727f93a53e8b01cf475c541f3f4e26cf4c34e7b28cdb059f46880d92c6aab7d15eca050c395e4035fa5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 0ec67729a8c3327b1b23804ce24719bd
-      Version: 3
-      TBS:
-        MD5: afe1c63df3a72b3310fa8c7dffc96e31
-        SHA1: 703cdd9e140b72b91be73f874f4c20992bb298e9
-        SHA256: 92451a4efd049ec849f8a2439f467692ef93c6d2c7fb5fa44686f979ce4a9491
-        SHA384: 47c4642eaa33c02889cabb1070764b99c10827dbd83cd3fe5bcc939a8480c0c58d0abf53f06513ade2c4701b55ebf738
-    Signer:
-    - SerialNumber: 0ec67729a8c3327b1b23804ce24719bd
-      Issuer: C=US, O=DigiCert, Inc., CN=DigiCert Trusted G4 Code Signing RSA4096
-        SHA384 2021 CA1
-      Version: 1
-  RichPEHeaderHash:
-    MD5: cf643234aa46307b74481a16f78c4e77
-    SHA1: 6a7972690baca2292ab606c7db9294fe7a7b5253
-    SHA256: 0a6a33a5113114984b057df1e89d6ae9487b4c5928f0da3ea7382090e5617226
-  Sections:
-    .text:
-      Entropy: 6.3127580415603495
-      Virtual Size: '0x10ab'
-    .rdata:
-      Entropy: 3.7500872463390986
-      Virtual Size: '0x4e4'
-    .data:
-      Entropy: 3.446439344671015
-      Virtual Size: '0x14'
-    .pdata:
-      Entropy: 3.499049437096423
-      Virtual Size: '0xc0'
-    INIT:
-      Entropy: 5.190058073985316
-      Virtual Size: '0x258'
-    .rsrc:
-      Entropy: 3.2977796909630825
-      Virtual Size: '0x3b0'
-    .reloc:
-      Entropy: 3.046439344671015
-      Virtual Size: '0x14'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2022-11-07 16:38:44'
-  Imphash: 3552d8a0022e7f3136b667e6d1e402f2
-  LoadsDespiteHVCI: 'FALSE'
-Tags:
-- etdsupp.sys
+-   Filename: etdsupp.sys
+    MD5: a92bf3c219a5fa82087b6c31bdf36ff3
+    SHA1: a57eefa0c653b49bd60b6f46d7c441a78063b682
+    SHA256: f744abb99c97d98e4cd08072a897107829d6d8481aee96c22443f626d00f4145
+    Authentihash:
+        MD5: bcc13f939e945b7395681cc6299a45bb
+        SHA1: 96faa975feb28588372a98a1e77d98af7fc90e41
+        SHA256: c9532a354c24fd256c24534c554bca5a126414eb496dbd3223fe9486418df2ea
+    Description: ETDi Support Driver
+    Company: HP Development Company
+    InternalName: etdsupp.sys
+    OriginalFilename: etdsupp.sys
+    FileVersion: 18.0.0.0
+    Product: HP ETDi Driver DLL
+    ProductVersion: 18.0.0.0
+    Copyright: (C) Copyright 1991-2022 Hewlett-Packard Development Company, L.P.
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IofCompleteRequest
+    - MmGetPhysicalAddress
+    - __C_specific_handler
+    - KeBugCheckEx
+    - DbgPrint
+    - IoDeleteSymbolicLink
+    - RtlAppendUnicodeToString
+    - HalGetBusDataByOffset
+    - HalSetBusDataByOffset
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert, Inc., CN=DigiCert Trusted G4 Code Signing RSA4096
+                SHA384 2021 CA1
+            ValidFrom: '2021-04-29 00:00:00'
+            ValidTo: '2036-04-28 23:59:59'
+            Signature: 3a23443d8d0876ee8fbc3a99d356e0021aa5f84834f32cb6e67466f79472b100caaf6c302713129e90449f4bfd9ea37c26d537bc3a5d486d95d53f49f427bb16814550fd9cbdb685e0767e3771cb22f75aaa90cff5936ae3eb20d1d55079889a8a8ac1b6bda148187edcd8801a111918cd61998156f6c9e376e7c4e41b5f43f83e94ff76393d9ed499cf4add28eb5f26a1955848d51afed7273ffd90d17686dd1cb0605cf30da8eee089a1bd39e1384eda6ebb369dfbe521535ac3cae96af1a23edb43b833c84f38149299f5ddce546dd95d02141f40337c03e295b2c221757352cb46d8c4341ca2a54b8dcd6f76372c853f1ace26e918be9007b0437f9588208270f0cccaeffd29355c1f893855f7378a8b09a1cb0be9311aff2e195c3971e1be9ca70a06d62667b792e64e5fde7aac49cf2ea47492addb3ca49c861fe3c1561b2b23ff8fb5ea887b706be6a0bafd3a3f45a6c4e81691528b41c048844b964dab4440e38df01528ceedf11856072a2f10c40c08643c338fae288c3ccb8f880b0dbf3bf4ce1e7b8eefb5ebcbb7f07713e6e7283fac12aea52f226c41f9825c1566cc6c0ecac586c3f626330c074ba0d307026a6a4030484b34a85120bbad1b8508e2590d6dca05502bea4a1c9ea5fda0a71f0674e7f2d65290fdaf854821f9573bb49c03ed8645f4b4616ebf68e2266086eac8afa9fe941de7631b3a8656784e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.12
+            IsCertificateAuthority: true
+            SerialNumber: 08ad40b260d29c4c9f5ecda9bd93aed9
+            Version: 3
+            TBS:
+                MD5: 5d8003a64dfa5a4d88365da1566038cb
+                SHA1: 79465b56bc7ad55a37bdf633943da8bfc84db228
+                SHA256: 84bdc82e2f2a7f7aaa782667dac556ffcb2b33240c1f9c0a00a3264526a98332
+                SHA384: 65b1d4076a89ae273f57e6eeedecb3eae129b4168f76fa7671914cdf461d542255c59d9b85b916ae0ca6fc0fcf7a8e64
+        -   Subject: ??=Private Organization, ??=US, ??=California, serialNumber=C2895304,
+                C=US, ST=California, L=Palo Alto, O=HP Inc., OU=HP Cybersecurity,
+                CN=HP Inc.
+            ValidFrom: '2022-01-19 00:00:00'
+            ValidTo: '2024-01-19 23:59:59'
+            Signature: 9500d1da5fadfef36a40966dce1ca0cee421500966b33f49f4c10f8acfea86f00dffde1f543367816b85f0ff09bc7f4767f7ca4533ea1b94c8eb026cd04936cd558ae73815b87a5e7a5b25a8b8aa9fb309f20a455067b17f1648d46a46f1f714b6f7c3df658545a43513e08b23828fa4e2180bf7356ab845318358cb4655b3c2c5efbf3ef01ebf6a172a271d714da3b844a184412a57d7e36e52480f8d3ced0fb1fa5c42257b05904820138acaea141a50294d827b92ef804d25d7cb36426edb915c90e97b8461df38f47ecb905b29b40ecf54dea2b060276444740357f2e8557a5fe064a03426c9408652e88a9b253f7bd37334199ce81b866b73b897217dcf019c8c7e5be66905b528a9eda563bca9b4922ea972df2e68c06d3396ac1bb76e4551f750ebd66d1c68edb6ecffdd8f9f492b7630e4a0591867edccec6d5cb6d58c35b89a8aebdc12c210b38289ecf419f8e82c1a03e2c8761b984bafafa502db482659a1ff256eee72175bc1a3d5dd5afa71fedbd7a8f4ad1cf6e569e382775ed6828dedeea6bf8689ee18dbe380140949cdc4a827622f23841731bb062941226d030e3873a425b078fe4926ef1985d8aecfce1140848b565dc0b5b722bf11fe129f6caee67af3e1c797562224849cfecbeda2f6c801d727f93a53e8b01cf475c541f3f4e26cf4c34e7b28cdb059f46880d92c6aab7d15eca050c395e4035fa5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 0ec67729a8c3327b1b23804ce24719bd
+            Version: 3
+            TBS:
+                MD5: afe1c63df3a72b3310fa8c7dffc96e31
+                SHA1: 703cdd9e140b72b91be73f874f4c20992bb298e9
+                SHA256: 92451a4efd049ec849f8a2439f467692ef93c6d2c7fb5fa44686f979ce4a9491
+                SHA384: 47c4642eaa33c02889cabb1070764b99c10827dbd83cd3fe5bcc939a8480c0c58d0abf53f06513ade2c4701b55ebf738
+        Signer:
+        -   SerialNumber: 0ec67729a8c3327b1b23804ce24719bd
+            Issuer: C=US, O=DigiCert, Inc., CN=DigiCert Trusted G4 Code Signing RSA4096
+                SHA384 2021 CA1
+            Version: 1
+    RichPEHeaderHash:
+        MD5: cf643234aa46307b74481a16f78c4e77
+        SHA1: 6a7972690baca2292ab606c7db9294fe7a7b5253
+        SHA256: 0a6a33a5113114984b057df1e89d6ae9487b4c5928f0da3ea7382090e5617226
+    Sections:
+        .text:
+            Entropy: 6.3127580415603495
+            Virtual Size: '0x10ab'
+        .rdata:
+            Entropy: 3.7500872463390986
+            Virtual Size: '0x4e4'
+        .data:
+            Entropy: 3.446439344671015
+            Virtual Size: '0x14'
+        .pdata:
+            Entropy: 3.499049437096423
+            Virtual Size: '0xc0'
+        INIT:
+            Entropy: 5.190058073985316
+            Virtual Size: '0x258'
+        .rsrc:
+            Entropy: 3.2977796909630825
+            Virtual Size: '0x3b0'
+        .reloc:
+            Entropy: 3.046439344671015
+            Virtual Size: '0x14'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2022-11-07 16:38:44'
+    Imphash: 3552d8a0022e7f3136b667e6d1e402f2
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/0eb5f4ce-12a7-4b45-b021-42b995de07c5.yaml b/yaml/0eb5f4ce-12a7-4b45-b021-42b995de07c5.yaml
index daed24dcc..ed82cf9ff 100644
--- a/yaml/0eb5f4ce-12a7-4b45-b021-42b995de07c5.yaml
+++ b/yaml/0eb5f4ce-12a7-4b45-b021-42b995de07c5.yaml
@@ -1,178 +1,178 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 0eb5f4ce-12a7-4b45-b021-42b995de07c5
+Tags:
+- Air_SYSTEM10.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: malicious
-Commands:
-  Command: sc.exe create Air_SYSTEM10.sys binPath=C:\windows\temp\Air_SYSTEM10.sys     type=kernel
-    && sc.exe start Air_SYSTEM10.sys
-  Description: Driver categorized as POORTRY by Mandiant.
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-03-03'
-Detection: []
-Id: 0eb5f4ce-12a7-4b45-b021-42b995de07c5
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 6f562fc03c72abd6ff33c6df23df0219
-    SHA1: 7435b3f4c67217bfcdcfa9d940b12e5d5d6a22da
-    SHA256: 9c31a9fbf833b732b5f3f06c31e200994a65ce187260e66eff62278660dba4ef
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2022-09-29 07:14:26'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: Air_SYSTEM10.sys
-  ImportedFunctions:
-  - FltRegisterFilter
-  - FltUnregisterFilter
-  - FltStartFiltering
-  - FltGetFileNameInformation
-  - FltReleaseFileNameInformation
-  - FltParseFileNameInformation
-  - FltCreateCommunicationPort
-  - FltCloseCommunicationPort
-  - FltCloseClientPort
-  - FltBuildDefaultSecurityDescriptor
-  - FltFreeSecurityDescriptor
-  - FltGetRequestorProcess
-  - ExAllocatePoolWithTag
-  - DbgPrintEx
-  - PsSetLoadImageNotifyRoutine
-  - PsRemoveLoadImageNotifyRoutine
-  - strstr
-  - wcsstr
-  - RtlInitUnicodeString
-  - MmGetSystemRoutineAddress
-  - ExFreePoolWithTag
-  - IoCreateDevice
-  - IoGetCurrentProcess
-  - ObReferenceObjectByHandle
-  - ObfDereferenceObject
-  - MmIsAddressValid
-  - PsLookupProcessByProcessId
-  - PsGetProcessImageFileName
-  - __C_specific_handler
-  - PsProcessType
-  - ExInitializeRundownProtection
-  - ExAcquireRundownProtection
-  - ExReleaseRundownProtection
-  - ExWaitForRundownProtectionRelease
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - ZwClose
-  - PsGetCurrentProcessId
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - ObOpenObjectByPointer
-  - ZwAllocateVirtualMemory
-  - ZwQueryVirtualMemory
-  - ZwProtectVirtualMemory
-  - PsGetProcessWow64Process
-  - strcpy_s
-  - ObRegisterCallbacks
-  - ObUnRegisterCallbacks
-  - ObGetFilterVersion
-  - RtlSetDaclSecurityDescriptor
-  - KeBugCheckEx
-  - RtlCompareUnicodeString
-  - KeDelayExecutionThread
-  - MmBuildMdlForNonPagedPool
-  - MmMapLockedPagesSpecifyCache
-  - MmUnmapLockedPages
-  - IoAllocateMdl
-  - MmCopyVirtualMemory
-  - PsGetProcessPeb
-  - ZwQuerySystemInformation
-  Imports:
-  - FLTMGR.SYS
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: 1f2888e57fdd6aee466962c25ba7d62d
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: dc535cdd7504ad7bdb7a3f4e35fc6a41
-    SHA1: 431632c0f59afaed3ceadca17f2e9e2a81ec0e17
-    SHA256: fad4e2c2e8de2bf44be578f2747f21eb3f9e1ffbbbaeefebe8f2db1b64f5d8e4
-  SHA1: c23eeb6f18f626ce1fd840227f351fa7543bb167
-  SHA256: f461414a2596555cece5cfee65a3c22648db0082ca211f6238af8230e41b3212
-  Sections:
-    .text:
-      Entropy: 5.990918385480201
-      Virtual Size: '0x762f'
-    .rdata:
-      Entropy: 4.863080854105776
-      Virtual Size: '0x124c'
-    .data:
-      Entropy: 7.990071848879915
-      Virtual Size: '0x107a2'
-    .pdata:
-      Entropy: 7.711412146562409
-      Virtual Size: '0x600'
-    INIT:
-      Entropy: 5.351030079594413
-      Virtual Size: '0x8be'
-    .vmp0:
-      Entropy: 6.894363452637907
-      Virtual Size: '0x108ed8'
-    .reloc:
-      Entropy: 4.478793837093537
-      Virtual Size: '0xe4'
-  Signature:
-  - Microsoft Windows Hardware Compatibility Publisher
-  - Microsoft Windows Third Party Component CA 2014
-  - Microsoft Root Certificate Authority 2010
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Hardware Compatibility Publisher
-      ValidFrom: '2022-06-07 18:08:06'
-      ValidTo: '2023-06-01 18:08:06'
-      Signature: 0a835e40cdb627d4f0a0d3dbbf64a46a05c132d0b5df9d11cd9c195d7037737057d57a342732ae68d67de47f460e7211c7c40dc29b0a079caff871c4834a9a2fc85e759de9b78659ad6fd79b7320e538e9ba5d52227ad67cc00b0a770ef662af3d743a558643ad89cfb015591709a69b6271a9b65db71898e7cb9964c6376dc474898301a6133198b486b518fdd9d7b9723dcffc441e026833f7c72e27986026c97b9184a0048b10d1fe6847ae467f02173f7a69120be780e5b6b9e6399402cc58735a31b537cc33578fbea443135a4a612359150bcf9ab316f6a9248bc71ef3f3480b9b3fa2341692bc3a121d80214688f7bd87d5ec56dcbd0ea61abf2c7ed2b739a07590adb596d401735d955f5f94c591d69ab4363a42f9fca549d439495711ff7990448c03724792ed4acf31f2b35b136c1b2f37aa82b1aabf7daf059dcb2e976e95311ec6e9cc53876dd09632cf512d39c801849a7c1088a565691953e07c7ff17b22518e982dd2dcc0feda8c834ca1f5e247aef1c3af5f13cd4b8cc1b6c0179bc876db88d677047c34366533e349796dbdea86389ad640710b7742ae8cc4ec88f10fa80ede4b1c93f81b55480fc8228216d54813df0327e74b3db9f3512a40c0568e4215827f9b7a2613deea72a7ec4df2def05e5559015049fe83edc83300526045cb128119e131b7d3573b268e24b0a25b9ad59f6301c8fc8f409322
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 3300000057ee4d659a923e7c10000000000057
-      Version: 3
-      TBS:
-        MD5: fdc11a5676aed4e9cc0c09eeb7450dfb
-        SHA1: 4902077d9a05d4231b791d3b05bafa4a79132f03
-        SHA256: 5db56c23d83bf67c7152e28ad4a684a7372b4ae4f52afe7a81ce91eef94caec3
-        SHA384: c952d7f0e0ea5216ce4400601fb7c0829f0f3fcd6eb2b5b9112fbe45d133e00c4abd660f8e1794f7ac4ef95123e2c0ab
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2014
-      ValidFrom: '2014-10-15 20:31:27'
-      ValidTo: '2029-10-15 20:41:27'
-      Signature: 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 330000000d690d5d7893d076df00000000000d
-      Version: 3
-      TBS:
-        MD5: 83f69422963f11c3c340b81712eef319
-        SHA1: 0c5e5f24590b53bc291e28583acb78e5adc95601
-        SHA256: d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
-        SHA384: 260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63
-    Signer:
-    - SerialNumber: 3300000057ee4d659a923e7c10000000000057
-      Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2014
-      Version: 1
-  Imphash: 41113a3a832353963112b94f4635a383
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: malicious
+Commands:
+    Command: sc.exe create Air_SYSTEM10.sys binPath=C:\windows\temp\Air_SYSTEM10.sys     type=kernel
+        && sc.exe start Air_SYSTEM10.sys
+    Description: Driver categorized as POORTRY by Mandiant.
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://www.mandiant.com/resources/blog/hunting-attestation-signed-malware
 - ''
-Tags:
-- Air_SYSTEM10.sys
-Verified: 'TRUE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 6f562fc03c72abd6ff33c6df23df0219
+        SHA1: 7435b3f4c67217bfcdcfa9d940b12e5d5d6a22da
+        SHA256: 9c31a9fbf833b732b5f3f06c31e200994a65ce187260e66eff62278660dba4ef
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2022-09-29 07:14:26'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: Air_SYSTEM10.sys
+    ImportedFunctions:
+    - FltRegisterFilter
+    - FltUnregisterFilter
+    - FltStartFiltering
+    - FltGetFileNameInformation
+    - FltReleaseFileNameInformation
+    - FltParseFileNameInformation
+    - FltCreateCommunicationPort
+    - FltCloseCommunicationPort
+    - FltCloseClientPort
+    - FltBuildDefaultSecurityDescriptor
+    - FltFreeSecurityDescriptor
+    - FltGetRequestorProcess
+    - ExAllocatePoolWithTag
+    - DbgPrintEx
+    - PsSetLoadImageNotifyRoutine
+    - PsRemoveLoadImageNotifyRoutine
+    - strstr
+    - wcsstr
+    - RtlInitUnicodeString
+    - MmGetSystemRoutineAddress
+    - ExFreePoolWithTag
+    - IoCreateDevice
+    - IoGetCurrentProcess
+    - ObReferenceObjectByHandle
+    - ObfDereferenceObject
+    - MmIsAddressValid
+    - PsLookupProcessByProcessId
+    - PsGetProcessImageFileName
+    - __C_specific_handler
+    - PsProcessType
+    - ExInitializeRundownProtection
+    - ExAcquireRundownProtection
+    - ExReleaseRundownProtection
+    - ExWaitForRundownProtectionRelease
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - ZwClose
+    - PsGetCurrentProcessId
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - ObOpenObjectByPointer
+    - ZwAllocateVirtualMemory
+    - ZwQueryVirtualMemory
+    - ZwProtectVirtualMemory
+    - PsGetProcessWow64Process
+    - strcpy_s
+    - ObRegisterCallbacks
+    - ObUnRegisterCallbacks
+    - ObGetFilterVersion
+    - RtlSetDaclSecurityDescriptor
+    - KeBugCheckEx
+    - RtlCompareUnicodeString
+    - KeDelayExecutionThread
+    - MmBuildMdlForNonPagedPool
+    - MmMapLockedPagesSpecifyCache
+    - MmUnmapLockedPages
+    - IoAllocateMdl
+    - MmCopyVirtualMemory
+    - PsGetProcessPeb
+    - ZwQuerySystemInformation
+    Imports:
+    - FLTMGR.SYS
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: 1f2888e57fdd6aee466962c25ba7d62d
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: dc535cdd7504ad7bdb7a3f4e35fc6a41
+        SHA1: 431632c0f59afaed3ceadca17f2e9e2a81ec0e17
+        SHA256: fad4e2c2e8de2bf44be578f2747f21eb3f9e1ffbbbaeefebe8f2db1b64f5d8e4
+    SHA1: c23eeb6f18f626ce1fd840227f351fa7543bb167
+    SHA256: f461414a2596555cece5cfee65a3c22648db0082ca211f6238af8230e41b3212
+    Sections:
+        .text:
+            Entropy: 5.990918385480201
+            Virtual Size: '0x762f'
+        .rdata:
+            Entropy: 4.863080854105776
+            Virtual Size: '0x124c'
+        .data:
+            Entropy: 7.990071848879915
+            Virtual Size: '0x107a2'
+        .pdata:
+            Entropy: 7.711412146562409
+            Virtual Size: '0x600'
+        INIT:
+            Entropy: 5.351030079594413
+            Virtual Size: '0x8be'
+        .vmp0:
+            Entropy: 6.894363452637907
+            Virtual Size: '0x108ed8'
+        .reloc:
+            Entropy: 4.478793837093537
+            Virtual Size: '0xe4'
+    Signature:
+    - Microsoft Windows Hardware Compatibility Publisher
+    - Microsoft Windows Third Party Component CA 2014
+    - Microsoft Root Certificate Authority 2010
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Hardware Compatibility Publisher
+            ValidFrom: '2022-06-07 18:08:06'
+            ValidTo: '2023-06-01 18:08:06'
+            Signature: 0a835e40cdb627d4f0a0d3dbbf64a46a05c132d0b5df9d11cd9c195d7037737057d57a342732ae68d67de47f460e7211c7c40dc29b0a079caff871c4834a9a2fc85e759de9b78659ad6fd79b7320e538e9ba5d52227ad67cc00b0a770ef662af3d743a558643ad89cfb015591709a69b6271a9b65db71898e7cb9964c6376dc474898301a6133198b486b518fdd9d7b9723dcffc441e026833f7c72e27986026c97b9184a0048b10d1fe6847ae467f02173f7a69120be780e5b6b9e6399402cc58735a31b537cc33578fbea443135a4a612359150bcf9ab316f6a9248bc71ef3f3480b9b3fa2341692bc3a121d80214688f7bd87d5ec56dcbd0ea61abf2c7ed2b739a07590adb596d401735d955f5f94c591d69ab4363a42f9fca549d439495711ff7990448c03724792ed4acf31f2b35b136c1b2f37aa82b1aabf7daf059dcb2e976e95311ec6e9cc53876dd09632cf512d39c801849a7c1088a565691953e07c7ff17b22518e982dd2dcc0feda8c834ca1f5e247aef1c3af5f13cd4b8cc1b6c0179bc876db88d677047c34366533e349796dbdea86389ad640710b7742ae8cc4ec88f10fa80ede4b1c93f81b55480fc8228216d54813df0327e74b3db9f3512a40c0568e4215827f9b7a2613deea72a7ec4df2def05e5559015049fe83edc83300526045cb128119e131b7d3573b268e24b0a25b9ad59f6301c8fc8f409322
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 3300000057ee4d659a923e7c10000000000057
+            Version: 3
+            TBS:
+                MD5: fdc11a5676aed4e9cc0c09eeb7450dfb
+                SHA1: 4902077d9a05d4231b791d3b05bafa4a79132f03
+                SHA256: 5db56c23d83bf67c7152e28ad4a684a7372b4ae4f52afe7a81ce91eef94caec3
+                SHA384: c952d7f0e0ea5216ce4400601fb7c0829f0f3fcd6eb2b5b9112fbe45d133e00c4abd660f8e1794f7ac4ef95123e2c0ab
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2014
+            ValidFrom: '2014-10-15 20:31:27'
+            ValidTo: '2029-10-15 20:41:27'
+            Signature: 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 330000000d690d5d7893d076df00000000000d
+            Version: 3
+            TBS:
+                MD5: 83f69422963f11c3c340b81712eef319
+                SHA1: 0c5e5f24590b53bc291e28583acb78e5adc95601
+                SHA256: d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
+                SHA384: 260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63
+        Signer:
+        -   SerialNumber: 3300000057ee4d659a923e7c10000000000057
+            Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2014
+            Version: 1
+    Imphash: 41113a3a832353963112b94f4635a383
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/0f21a584-6ace-4242-82cb-9766cea6973a.yaml b/yaml/0f21a584-6ace-4242-82cb-9766cea6973a.yaml
index 9495a881e..a4cf6b0a0 100644
--- a/yaml/0f21a584-6ace-4242-82cb-9766cea6973a.yaml
+++ b/yaml/0f21a584-6ace-4242-82cb-9766cea6973a.yaml
@@ -1,3009 +1,3019 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 0f21a584-6ace-4242-82cb-9766cea6973a
+Tags:
+- CITMDRV_IA64.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create CITMDRV_IA64.sys binPath=C:\windows\temp\CITMDRV_IA64.sys     type=kernel
-    && sc.exe start CITMDRV_IA64.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection: []
-Id: 0f21a584-6ace-4242-82cb-9766cea6973a
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 2be85acec4d5e36a137af7ef046e0cc8
-    SHA1: b90403d206e5f76bbf699c9627461d9fdafa9aa5
-    SHA256: d453110c9050320419c2064ddea08230de6c76f86b07dc58112208e3d24a809e
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2006-05-05 01:37:49'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: CITMDRV_IA64.sys
-  ImportedFunctions:
-  - ZwClose
-  - ZwOpenFile
-  - RtlInitUnicodeString
-  - ZwWriteFile
-  - DbgPrint
-  - ZwCreateFile
-  - vsprintf
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ZwMapViewOfSection
-  - ZwUnmapViewOfSection
-  - MmUnlockPages
-  - IoFreeMdl
-  - ZwOpenSection
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - __C_specific_handler
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeTickCount
-  - KeBugCheckEx
-  Imports:
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: c7a57cd4bea07dadba2e2fb914379910
-  MachineType: IA64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: IBM Polska Sp. z o.o.
-  RichPEHeaderHash:
-    MD5: a636a04d17b366998b7c1c07aeed6b8f
-    SHA1: 21d73d0b88dcdb85eda878180b57c823e4b13610
-    SHA256: c40c075a7fb6945338d1cb5a5254a32ea4c58845c40d3626394b993262d6d6d8
-  SHA1: ea877092d57373cb466b44e7dbcad4ce9a547344
-  SHA256: 1c8dfa14888bb58848b4792fb1d8a921976a9463be8334cff45cc96f1276049a
-  Sections:
-    .text:
-      Entropy: 5.387578832102652
-      Virtual Size: '0x2c80'
-    .rdata:
-      Entropy: 3.5276453906221574
-      Virtual Size: '0x2d0'
-    .pdata:
-      Entropy: 3.0920063384794108
-      Virtual Size: '0x90'
-    .srdata:
-      Entropy: 2.2708669023612464
-      Virtual Size: '0x148'
-    .sdata:
-      Entropy: 2.1231320048496527
-      Virtual Size: '0xd0'
-    INIT:
-      Entropy: 5.147103167634986
-      Virtual Size: '0x334'
-    .reloc:
-      Entropy: 1.8848419960299854
-      Virtual Size: '0x166'
-  Signature:
-  - IBM Polska Sp. z o.o.
-  - Symantec Class 3 SHA256 Code Signing CA
-  - VeriSign
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=PL, ST=mazowieckie, L=Warsaw, O=IBM Polska Sp. z o.o., CN=IBM Polska
-        Sp. z o.o.
-      ValidFrom: '2016-05-30 00:00:00'
-      ValidTo: '2019-07-29 23:59:59'
-      Signature: 37c4cb65c2d5579c51543d15af31471b5b497715b8018ab41d79e8c5fd07393f3ae94bc05fe9c7c309f7ac8cc213535a8fa8ea90100c57e455b50ddc95ee310d73c0577dd2e02e8f488ac3402f0a04f6bd5f40892e98c1c7a0f2763666416c56578c5124f057a762ac7e12ec79b0513db914a194e0180e7c60ebcfe6669802fa959e117dbe681d72789baa05343c622da0bb17eb05b8c6f0740d7053dbee3f12d569d4186d2dcc65a802e5ff99f6e9737f3b025eb44df12036e51b3d078fb5c29f36134134aa0ac6d34dc45d973b92fb05740c50975194828977dbe9c7218c092a4a96ec45d08610914926d92eb2fc2f0e7e4965dda5f82b7c9bbd731256acbf
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 74c58808c139aecc23260eb2ba16f2fd
-      Version: 3
-      TBS:
-        MD5: e7b67b21239296b841387cb545428012
-        SHA1: 16490d98ea08654a99e355b9b87be04fc66b62df
-        SHA256: 3dfd1ebc716c318dd93c0532018c67ca0e98bdb16dfbbd266dabf6f47dcb8870
-        SHA384: e70fb3a325bd9a1d3b52f5a7d8648a21c9a27ce88da95b324448220897832618a427b2b7d7f99cd4192645f1c1dac2a7
-    - Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 SHA256 Code Signing CA
-      ValidFrom: '2013-12-10 00:00:00'
-      ValidTo: '2023-12-09 23:59:59'
-      Signature: 13851a1e69a937f7a0bda4af7e1d6153fe9d8c5e0ca6751e781723ddfdec1a035539fb7195c7655aa78e30d2445a61db706fda2105c22e73ba49f1d193fe5dc9cd5e03e0899e3f741ed7f7388ba9d6cfbb352f3358a89256d1c84d3b82e6798416fc28b0b147f31da23eee87d9a67fa456a53fad842e29de7cbca8aaa33d0401eaba93a20e502229174c87e43a115fd6a425899b056b2fb4c9014c277b0bac190522a060153fdac9fb4d4c8ffb726777fd2794c7ba350e8849fe8dfd28af4a12bd0db39705de440c15fa362b03dcc15001f1a1115d14e5e2bd274b54be2b845e0fa6c374050aef97c38922b11f77f3bdcd43d4f14ca93fb58b84af64f2d01421
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 3d78d7f9764960b2617df4f01eca862a
-      Version: 3
-      TBS:
-        MD5: 1f056ff7d5f874984dc605402b7cb042
-        SHA1: bdb348353a2203deb4b767914fa1bd7248dd728b
-        SHA256: a08e79c386083d875014c409c13d144e0a24386132980df11ff59737c8489eb1
-        SHA384: fa2729064b49e0d77540c1ee95d5f74acaf8eaf55197851a3a40383335f8113e51190bc48b552196edf8ac5cf0c89278
-    Signer:
-    - SerialNumber: 74c58808c139aecc23260eb2ba16f2fd
-      Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 SHA256 Code Signing CA
-      Version: 1
-  Imphash: 2c19472843b56c67efb80d8c447f3cfe
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 2be85acec4d5e36a137af7ef046e0cc8
-    SHA1: b90403d206e5f76bbf699c9627461d9fdafa9aa5
-    SHA256: d453110c9050320419c2064ddea08230de6c76f86b07dc58112208e3d24a809e
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2006-05-05 01:37:49'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: CITMDRV_IA64.sys
-  ImportedFunctions:
-  - ZwClose
-  - ZwOpenFile
-  - RtlInitUnicodeString
-  - ZwWriteFile
-  - DbgPrint
-  - ZwCreateFile
-  - vsprintf
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ZwMapViewOfSection
-  - ZwUnmapViewOfSection
-  - MmUnlockPages
-  - IoFreeMdl
-  - ZwOpenSection
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - __C_specific_handler
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeTickCount
-  - KeBugCheckEx
-  Imports:
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: 6909b5e86e00b4033fedfca1775b0e33
-  MachineType: IA64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: IBM Polska Sp. z o.o.
-  RichPEHeaderHash:
-    MD5: a636a04d17b366998b7c1c07aeed6b8f
-    SHA1: 21d73d0b88dcdb85eda878180b57c823e4b13610
-    SHA256: c40c075a7fb6945338d1cb5a5254a32ea4c58845c40d3626394b993262d6d6d8
-  SHA1: 205c69f078a563f54f4c0da2d02a25e284370251
-  SHA256: 22418016e980e0a4a2d01ca210a17059916a4208352c1018b0079ccb19aaf86a
-  Sections:
-    .text:
-      Entropy: 5.387578832102652
-      Virtual Size: '0x2c80'
-    .rdata:
-      Entropy: 3.5276453906221574
-      Virtual Size: '0x2d0'
-    .pdata:
-      Entropy: 3.0920063384794108
-      Virtual Size: '0x90'
-    .srdata:
-      Entropy: 2.2708669023612464
-      Virtual Size: '0x148'
-    .sdata:
-      Entropy: 2.1231320048496527
-      Virtual Size: '0xd0'
-    INIT:
-      Entropy: 5.147103167634986
-      Virtual Size: '0x334'
-    .reloc:
-      Entropy: 1.8848419960299854
-      Virtual Size: '0x166'
-  Signature:
-  - IBM Polska Sp. z o.o.
-  - VeriSign Class 3 Code Signing 2009-2 CA
-  - VeriSign Class 3 Public Primary CA
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=PL, ST=malopolska, L=Krakow, O=IBM Polska Sp. z o.o., OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, CN=IBM Polska Sp. z o.o.
-      ValidFrom: '2010-04-08 00:00:00'
-      ValidTo: '2013-04-09 23:59:59'
-      Signature: aec628787fc5115db93dba252e13cd029479d493c11fe73c7489505159c140ffe12c4626385c9dc75bb198692a08f1ddef7596666f654f6b2ac73884106f73c854ea38c3ea17af5d6b114884e174c4fb9061d48894066d6375662ddfdbb501cecbd1b6b92b9ac67a4b420aab9275658932fbcddfaa96590f5d40d29c807fda722681eb09fd16407fc1f2aea03470f36d1e134807d87dfc934789a500bf97b7fa816a56b96b269cf900d66809306d450556051df6ea7643848b2199d3a4927c34f1e385a31ead8aabb510a3dc1551c2ddabfede5f3210e774196660380a9d707d329c97e4317ddde27e111865367bab7c424e9a704f7f005d641cff9e3977bd38
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 45595f53cb4840a48f7415305213fba6
-      Version: 3
-      TBS:
-        MD5: 478f5b241a92e2c4a0b1580fbf6a1222
-        SHA1: 16c4e1d539fe3eff639929b0e688e97dea1fbd7c
-        SHA256: f9655471d8ad73cfa42a56521d31e6f0d7088207234f3aaa00638fe36fad109d
-        SHA384: 3f0f3cdcb3f9b03da2be316c4305836ffb88b0cb8e18001518cff506e0fa35b27b98f4330f7f91fef30d37de2d57cf24
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    Signer:
-    - SerialNumber: 45595f53cb4840a48f7415305213fba6
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  Imphash: 2c19472843b56c67efb80d8c447f3cfe
-  LoadsDespiteHVCI: 'TRUE'
-- Authentihash:
-    MD5: 2be85acec4d5e36a137af7ef046e0cc8
-    SHA1: b90403d206e5f76bbf699c9627461d9fdafa9aa5
-    SHA256: d453110c9050320419c2064ddea08230de6c76f86b07dc58112208e3d24a809e
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2006-05-05 01:37:49'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: CITMDRV_IA64.sys
-  ImportedFunctions:
-  - ZwClose
-  - ZwOpenFile
-  - RtlInitUnicodeString
-  - ZwWriteFile
-  - DbgPrint
-  - ZwCreateFile
-  - vsprintf
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ZwMapViewOfSection
-  - ZwUnmapViewOfSection
-  - MmUnlockPages
-  - IoFreeMdl
-  - ZwOpenSection
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - __C_specific_handler
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeTickCount
-  - KeBugCheckEx
-  Imports:
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: fa173832dca1b1faeba095e5c82a1559
-  MachineType: IA64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: IBM Polska Sp. z o.o.
-  RichPEHeaderHash:
-    MD5: a636a04d17b366998b7c1c07aeed6b8f
-    SHA1: 21d73d0b88dcdb85eda878180b57c823e4b13610
-    SHA256: c40c075a7fb6945338d1cb5a5254a32ea4c58845c40d3626394b993262d6d6d8
-  SHA1: f9feb60b23ca69072ce42264cd821fe588a186a6
-  SHA256: 405472a8f9400a54bb29d03b436ccd58cfd6442fe686f6d2ed4f63f002854659
-  Sections:
-    .text:
-      Entropy: 5.387578832102652
-      Virtual Size: '0x2c80'
-    .rdata:
-      Entropy: 3.5276453906221574
-      Virtual Size: '0x2d0'
-    .pdata:
-      Entropy: 3.0920063384794108
-      Virtual Size: '0x90'
-    .srdata:
-      Entropy: 2.2708669023612464
-      Virtual Size: '0x148'
-    .sdata:
-      Entropy: 2.1231320048496527
-      Virtual Size: '0xd0'
-    INIT:
-      Entropy: 5.147103167634986
-      Virtual Size: '0x334'
-    .reloc:
-      Entropy: 1.8848419960299854
-      Virtual Size: '0x166'
-  Signature:
-  - IBM Polska Sp. z o.o.
-  - VeriSign Class 3 Code Signing 2009-2 CA
-  - VeriSign Class 3 Public Primary Certification Authority (PCA3 G1 SHA1)
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G3
-      ValidFrom: '2012-05-01 00:00:00'
-      ValidTo: '2012-12-31 23:59:59'
-      Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
-      Version: 3
-      TBS:
-        MD5: e6d820afb23af20a65cf0b03247ea05e
-        SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
-        SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
-        SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=PL, ST=malopolska, L=Krakow, O=IBM Polska Sp. z o.o., OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, CN=IBM Polska Sp. z o.o.
-      ValidFrom: '2010-04-08 00:00:00'
-      ValidTo: '2013-04-09 23:59:59'
-      Signature: aec628787fc5115db93dba252e13cd029479d493c11fe73c7489505159c140ffe12c4626385c9dc75bb198692a08f1ddef7596666f654f6b2ac73884106f73c854ea38c3ea17af5d6b114884e174c4fb9061d48894066d6375662ddfdbb501cecbd1b6b92b9ac67a4b420aab9275658932fbcddfaa96590f5d40d29c807fda722681eb09fd16407fc1f2aea03470f36d1e134807d87dfc934789a500bf97b7fa816a56b96b269cf900d66809306d450556051df6ea7643848b2199d3a4927c34f1e385a31ead8aabb510a3dc1551c2ddabfede5f3210e774196660380a9d707d329c97e4317ddde27e111865367bab7c424e9a704f7f005d641cff9e3977bd38
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 45595f53cb4840a48f7415305213fba6
-      Version: 3
-      TBS:
-        MD5: 478f5b241a92e2c4a0b1580fbf6a1222
-        SHA1: 16c4e1d539fe3eff639929b0e688e97dea1fbd7c
-        SHA256: f9655471d8ad73cfa42a56521d31e6f0d7088207234f3aaa00638fe36fad109d
-        SHA384: 3f0f3cdcb3f9b03da2be316c4305836ffb88b0cb8e18001518cff506e0fa35b27b98f4330f7f91fef30d37de2d57cf24
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    Signer:
-    - SerialNumber: 45595f53cb4840a48f7415305213fba6
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  Imphash: 2c19472843b56c67efb80d8c447f3cfe
-  LoadsDespiteHVCI: 'TRUE'
-- Authentihash:
-    MD5: 2be85acec4d5e36a137af7ef046e0cc8
-    SHA1: b90403d206e5f76bbf699c9627461d9fdafa9aa5
-    SHA256: d453110c9050320419c2064ddea08230de6c76f86b07dc58112208e3d24a809e
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2006-05-05 01:37:49'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: CITMDRV_IA64.sys
-  ImportedFunctions:
-  - ZwClose
-  - ZwOpenFile
-  - RtlInitUnicodeString
-  - ZwWriteFile
-  - DbgPrint
-  - ZwCreateFile
-  - vsprintf
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ZwMapViewOfSection
-  - ZwUnmapViewOfSection
-  - MmUnlockPages
-  - IoFreeMdl
-  - ZwOpenSection
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - __C_specific_handler
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeTickCount
-  - KeBugCheckEx
-  Imports:
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: bbe4f5f8b0c0f32f384a83ae31f49a00
-  MachineType: IA64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: IBM Polska Sp. z o.o.
-  RichPEHeaderHash:
-    MD5: a636a04d17b366998b7c1c07aeed6b8f
-    SHA1: 21d73d0b88dcdb85eda878180b57c823e4b13610
-    SHA256: c40c075a7fb6945338d1cb5a5254a32ea4c58845c40d3626394b993262d6d6d8
-  SHA1: b25170e09c9fb7c0599bfba3cf617187f6a733ac
-  SHA256: 49f75746eebe14e5db11706b3e58accc62d4034d2f1c05c681ecef5d1ad933ba
-  Sections:
-    .text:
-      Entropy: 5.387578832102652
-      Virtual Size: '0x2c80'
-    .rdata:
-      Entropy: 3.5276453906221574
-      Virtual Size: '0x2d0'
-    .pdata:
-      Entropy: 3.0920063384794108
-      Virtual Size: '0x90'
-    .srdata:
-      Entropy: 2.2708669023612464
-      Virtual Size: '0x148'
-    .sdata:
-      Entropy: 2.1231320048496527
-      Virtual Size: '0xd0'
-    INIT:
-      Entropy: 5.147103167634986
-      Virtual Size: '0x334'
-    .reloc:
-      Entropy: 1.8848419960299854
-      Virtual Size: '0x166'
-  Signature:
-  - IBM Polska Sp. z o.o.
-  - VeriSign Class 3 Code Signing 2010 CA
-  - VeriSign
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=PL, ST=mazowieckie, L=Warsaw, O=IBM Polska Sp. z o.o., OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, CN=IBM Polska Sp. z o.o.
-      ValidFrom: '2013-05-31 00:00:00'
-      ValidTo: '2016-06-29 23:59:59'
-      Signature: 42e8dc916f2dc408ca5166c8b7ced14e560f83871c13c6c64e315e05fe905f6d744191e2e1fa04e15896b09c9853c735ac78efecf1d9d6c4b81d449b71b041b37f66e879cdd3ccaee2fad716d01f842540235d15c8b607c010ae4abe541053cc38f0f16c25c4cc1064aea63f2db60ebb4a7fd0f4c468f658bfe57c541b1b9292c3e6490604e75ceb222dad4bd25c3cf81031d9eeb9599a7f150f3ea8417ae517a59488fc512bbda13ba30018b1692ebfea87957384abb8cb0ce20141a7d58299a15454184e79a36c7e492e5e98c145e6e2b6010fb70825c2557176ad96047e55ca2136536f9d2357f3bbd970eb696a6af7eedb5ffdbe4696b99412a5d09e568e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 63acb2cbe8cf97d66478469f5ce0d445
-      Version: 3
-      TBS:
-        MD5: d2f517a828f35cbbd527489cdc79ea5d
-        SHA1: c09bc2bc5ba1256a1a7928f16cb0a628ff50209b
-        SHA256: e20f8274f7861cfeac94335c1201e538a22ed769e10c4eef430bf8f50598ff85
-        SHA384: 6011cff1637bf8176fdda7d4f22656034e7cfa63676bb0414ad5e48f3a7e4a0eb013ba6f533c997a0eadc507c65d914f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 63acb2cbe8cf97d66478469f5ce0d445
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 2c19472843b56c67efb80d8c447f3cfe
-  LoadsDespiteHVCI: 'TRUE'
-- Authentihash:
-    MD5: 2be85acec4d5e36a137af7ef046e0cc8
-    SHA1: b90403d206e5f76bbf699c9627461d9fdafa9aa5
-    SHA256: d453110c9050320419c2064ddea08230de6c76f86b07dc58112208e3d24a809e
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2006-05-05 01:37:49'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: CITMDRV_IA64.sys
-  ImportedFunctions:
-  - ZwClose
-  - ZwOpenFile
-  - RtlInitUnicodeString
-  - ZwWriteFile
-  - DbgPrint
-  - ZwCreateFile
-  - vsprintf
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ZwMapViewOfSection
-  - ZwUnmapViewOfSection
-  - MmUnlockPages
-  - IoFreeMdl
-  - ZwOpenSection
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - __C_specific_handler
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeTickCount
-  - KeBugCheckEx
-  Imports:
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: c5f5d109f11aadebae94c77b27cb026f
-  MachineType: IA64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: IBM Polska Sp. z o.o.
-  RichPEHeaderHash:
-    MD5: a636a04d17b366998b7c1c07aeed6b8f
-    SHA1: 21d73d0b88dcdb85eda878180b57c823e4b13610
-    SHA256: c40c075a7fb6945338d1cb5a5254a32ea4c58845c40d3626394b993262d6d6d8
-  SHA1: 160c96b5e5db8c96b821895582b501e3c2d5d6e7
-  SHA256: 4a3d4db86f580b1680d6454baee1c1a139e2dde7d55e972ba7c92ec3f555dce2
-  Sections:
-    .text:
-      Entropy: 5.387578832102652
-      Virtual Size: '0x2c80'
-    .rdata:
-      Entropy: 3.5276453906221574
-      Virtual Size: '0x2d0'
-    .pdata:
-      Entropy: 3.0920063384794108
-      Virtual Size: '0x90'
-    .srdata:
-      Entropy: 2.2708669023612464
-      Virtual Size: '0x148'
-    .sdata:
-      Entropy: 2.1231320048496527
-      Virtual Size: '0xd0'
-    INIT:
-      Entropy: 5.147103167634986
-      Virtual Size: '0x334'
-    .reloc:
-      Entropy: 1.8848419960299854
-      Virtual Size: '0x166'
-  Signature:
-  - IBM Polska Sp. z o.o.
-  - VeriSign Class 3 Code Signing 2010 CA
-  - VeriSign
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=PL, ST=mazowieckie, L=Warsaw, O=IBM Polska Sp. z o.o., OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, CN=IBM Polska Sp. z o.o.
-      ValidFrom: '2013-05-31 00:00:00'
-      ValidTo: '2016-06-29 23:59:59'
-      Signature: 42e8dc916f2dc408ca5166c8b7ced14e560f83871c13c6c64e315e05fe905f6d744191e2e1fa04e15896b09c9853c735ac78efecf1d9d6c4b81d449b71b041b37f66e879cdd3ccaee2fad716d01f842540235d15c8b607c010ae4abe541053cc38f0f16c25c4cc1064aea63f2db60ebb4a7fd0f4c468f658bfe57c541b1b9292c3e6490604e75ceb222dad4bd25c3cf81031d9eeb9599a7f150f3ea8417ae517a59488fc512bbda13ba30018b1692ebfea87957384abb8cb0ce20141a7d58299a15454184e79a36c7e492e5e98c145e6e2b6010fb70825c2557176ad96047e55ca2136536f9d2357f3bbd970eb696a6af7eedb5ffdbe4696b99412a5d09e568e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 63acb2cbe8cf97d66478469f5ce0d445
-      Version: 3
-      TBS:
-        MD5: d2f517a828f35cbbd527489cdc79ea5d
-        SHA1: c09bc2bc5ba1256a1a7928f16cb0a628ff50209b
-        SHA256: e20f8274f7861cfeac94335c1201e538a22ed769e10c4eef430bf8f50598ff85
-        SHA384: 6011cff1637bf8176fdda7d4f22656034e7cfa63676bb0414ad5e48f3a7e4a0eb013ba6f533c997a0eadc507c65d914f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 63acb2cbe8cf97d66478469f5ce0d445
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 2c19472843b56c67efb80d8c447f3cfe
-  LoadsDespiteHVCI: 'TRUE'
-- Authentihash:
-    MD5: 2be85acec4d5e36a137af7ef046e0cc8
-    SHA1: b90403d206e5f76bbf699c9627461d9fdafa9aa5
-    SHA256: d453110c9050320419c2064ddea08230de6c76f86b07dc58112208e3d24a809e
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2006-05-05 01:37:49'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: CITMDRV_IA64.sys
-  ImportedFunctions:
-  - ZwClose
-  - ZwOpenFile
-  - RtlInitUnicodeString
-  - ZwWriteFile
-  - DbgPrint
-  - ZwCreateFile
-  - vsprintf
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ZwMapViewOfSection
-  - ZwUnmapViewOfSection
-  - MmUnlockPages
-  - IoFreeMdl
-  - ZwOpenSection
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - __C_specific_handler
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeTickCount
-  - KeBugCheckEx
-  Imports:
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: 40bc58b7615d00eb55ad9ba700c340c1
-  MachineType: IA64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: IBM Polska Sp. z o.o.
-  RichPEHeaderHash:
-    MD5: a636a04d17b366998b7c1c07aeed6b8f
-    SHA1: 21d73d0b88dcdb85eda878180b57c823e4b13610
-    SHA256: c40c075a7fb6945338d1cb5a5254a32ea4c58845c40d3626394b993262d6d6d8
-  SHA1: a2e0b3162cfa336cd4ab40a2acc95abe7dc53843
-  SHA256: 4ab41816abbf14d59e75b7fad49e2cb1c1feb27a3cb27402297a2a4793ff9da7
-  Sections:
-    .text:
-      Entropy: 5.387578832102652
-      Virtual Size: '0x2c80'
-    .rdata:
-      Entropy: 3.5276453906221574
-      Virtual Size: '0x2d0'
-    .pdata:
-      Entropy: 3.0920063384794108
-      Virtual Size: '0x90'
-    .srdata:
-      Entropy: 2.2708669023612464
-      Virtual Size: '0x148'
-    .sdata:
-      Entropy: 2.1231320048496527
-      Virtual Size: '0xd0'
-    INIT:
-      Entropy: 5.147103167634986
-      Virtual Size: '0x334'
-    .reloc:
-      Entropy: 1.8848419960299854
-      Virtual Size: '0x166'
-  Signature:
-  - IBM Polska Sp. z o.o.
-  - Symantec Class 3 SHA256 Code Signing CA
-  - VeriSign
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=PL, ST=mazowieckie, L=Warsaw, O=IBM Polska Sp. z o.o., CN=IBM Polska
-        Sp. z o.o.
-      ValidFrom: '2016-05-30 00:00:00'
-      ValidTo: '2019-07-29 23:59:59'
-      Signature: 37c4cb65c2d5579c51543d15af31471b5b497715b8018ab41d79e8c5fd07393f3ae94bc05fe9c7c309f7ac8cc213535a8fa8ea90100c57e455b50ddc95ee310d73c0577dd2e02e8f488ac3402f0a04f6bd5f40892e98c1c7a0f2763666416c56578c5124f057a762ac7e12ec79b0513db914a194e0180e7c60ebcfe6669802fa959e117dbe681d72789baa05343c622da0bb17eb05b8c6f0740d7053dbee3f12d569d4186d2dcc65a802e5ff99f6e9737f3b025eb44df12036e51b3d078fb5c29f36134134aa0ac6d34dc45d973b92fb05740c50975194828977dbe9c7218c092a4a96ec45d08610914926d92eb2fc2f0e7e4965dda5f82b7c9bbd731256acbf
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 74c58808c139aecc23260eb2ba16f2fd
-      Version: 3
-      TBS:
-        MD5: e7b67b21239296b841387cb545428012
-        SHA1: 16490d98ea08654a99e355b9b87be04fc66b62df
-        SHA256: 3dfd1ebc716c318dd93c0532018c67ca0e98bdb16dfbbd266dabf6f47dcb8870
-        SHA384: e70fb3a325bd9a1d3b52f5a7d8648a21c9a27ce88da95b324448220897832618a427b2b7d7f99cd4192645f1c1dac2a7
-    - Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 SHA256 Code Signing CA
-      ValidFrom: '2013-12-10 00:00:00'
-      ValidTo: '2023-12-09 23:59:59'
-      Signature: 13851a1e69a937f7a0bda4af7e1d6153fe9d8c5e0ca6751e781723ddfdec1a035539fb7195c7655aa78e30d2445a61db706fda2105c22e73ba49f1d193fe5dc9cd5e03e0899e3f741ed7f7388ba9d6cfbb352f3358a89256d1c84d3b82e6798416fc28b0b147f31da23eee87d9a67fa456a53fad842e29de7cbca8aaa33d0401eaba93a20e502229174c87e43a115fd6a425899b056b2fb4c9014c277b0bac190522a060153fdac9fb4d4c8ffb726777fd2794c7ba350e8849fe8dfd28af4a12bd0db39705de440c15fa362b03dcc15001f1a1115d14e5e2bd274b54be2b845e0fa6c374050aef97c38922b11f77f3bdcd43d4f14ca93fb58b84af64f2d01421
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 3d78d7f9764960b2617df4f01eca862a
-      Version: 3
-      TBS:
-        MD5: 1f056ff7d5f874984dc605402b7cb042
-        SHA1: bdb348353a2203deb4b767914fa1bd7248dd728b
-        SHA256: a08e79c386083d875014c409c13d144e0a24386132980df11ff59737c8489eb1
-        SHA384: fa2729064b49e0d77540c1ee95d5f74acaf8eaf55197851a3a40383335f8113e51190bc48b552196edf8ac5cf0c89278
-    Signer:
-    - SerialNumber: 74c58808c139aecc23260eb2ba16f2fd
-      Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 SHA256 Code Signing CA
-      Version: 1
-  Imphash: 2c19472843b56c67efb80d8c447f3cfe
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 2be85acec4d5e36a137af7ef046e0cc8
-    SHA1: b90403d206e5f76bbf699c9627461d9fdafa9aa5
-    SHA256: d453110c9050320419c2064ddea08230de6c76f86b07dc58112208e3d24a809e
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2006-05-05 01:37:49'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: CITMDRV_IA64.sys
-  ImportedFunctions:
-  - ZwClose
-  - ZwOpenFile
-  - RtlInitUnicodeString
-  - ZwWriteFile
-  - DbgPrint
-  - ZwCreateFile
-  - vsprintf
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ZwMapViewOfSection
-  - ZwUnmapViewOfSection
-  - MmUnlockPages
-  - IoFreeMdl
-  - ZwOpenSection
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - __C_specific_handler
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeTickCount
-  - KeBugCheckEx
-  Imports:
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: 839cbbc86453960e9eb6db814b776a40
-  MachineType: IA64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: IBM Polska Sp. z o.o.
-  RichPEHeaderHash:
-    MD5: a636a04d17b366998b7c1c07aeed6b8f
-    SHA1: 21d73d0b88dcdb85eda878180b57c823e4b13610
-    SHA256: c40c075a7fb6945338d1cb5a5254a32ea4c58845c40d3626394b993262d6d6d8
-  SHA1: 4e826430a1389032f3fe06e2cc292f643fb0c417
-  SHA256: 54841d9f89e195196e65aa881834804fe3678f1cf6b328cab8703edd15e3ec57
-  Sections:
-    .text:
-      Entropy: 5.387578832102652
-      Virtual Size: '0x2c80'
-    .rdata:
-      Entropy: 3.5276453906221574
-      Virtual Size: '0x2d0'
-    .pdata:
-      Entropy: 3.0920063384794108
-      Virtual Size: '0x90'
-    .srdata:
-      Entropy: 2.2708669023612464
-      Virtual Size: '0x148'
-    .sdata:
-      Entropy: 2.1231320048496527
-      Virtual Size: '0xd0'
-    INIT:
-      Entropy: 5.147103167634986
-      Virtual Size: '0x334'
-    .reloc:
-      Entropy: 1.8848419960299854
-      Virtual Size: '0x166'
-  Signature:
-  - IBM Polska Sp. z o.o.
-  - Symantec Class 3 SHA256 Code Signing CA
-  - VeriSign
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=PL, ST=mazowieckie, L=Warsaw, O=IBM Polska Sp. z o.o., CN=IBM Polska
-        Sp. z o.o.
-      ValidFrom: '2016-05-30 00:00:00'
-      ValidTo: '2019-07-29 23:59:59'
-      Signature: 37c4cb65c2d5579c51543d15af31471b5b497715b8018ab41d79e8c5fd07393f3ae94bc05fe9c7c309f7ac8cc213535a8fa8ea90100c57e455b50ddc95ee310d73c0577dd2e02e8f488ac3402f0a04f6bd5f40892e98c1c7a0f2763666416c56578c5124f057a762ac7e12ec79b0513db914a194e0180e7c60ebcfe6669802fa959e117dbe681d72789baa05343c622da0bb17eb05b8c6f0740d7053dbee3f12d569d4186d2dcc65a802e5ff99f6e9737f3b025eb44df12036e51b3d078fb5c29f36134134aa0ac6d34dc45d973b92fb05740c50975194828977dbe9c7218c092a4a96ec45d08610914926d92eb2fc2f0e7e4965dda5f82b7c9bbd731256acbf
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 74c58808c139aecc23260eb2ba16f2fd
-      Version: 3
-      TBS:
-        MD5: e7b67b21239296b841387cb545428012
-        SHA1: 16490d98ea08654a99e355b9b87be04fc66b62df
-        SHA256: 3dfd1ebc716c318dd93c0532018c67ca0e98bdb16dfbbd266dabf6f47dcb8870
-        SHA384: e70fb3a325bd9a1d3b52f5a7d8648a21c9a27ce88da95b324448220897832618a427b2b7d7f99cd4192645f1c1dac2a7
-    - Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 SHA256 Code Signing CA
-      ValidFrom: '2013-12-10 00:00:00'
-      ValidTo: '2023-12-09 23:59:59'
-      Signature: 13851a1e69a937f7a0bda4af7e1d6153fe9d8c5e0ca6751e781723ddfdec1a035539fb7195c7655aa78e30d2445a61db706fda2105c22e73ba49f1d193fe5dc9cd5e03e0899e3f741ed7f7388ba9d6cfbb352f3358a89256d1c84d3b82e6798416fc28b0b147f31da23eee87d9a67fa456a53fad842e29de7cbca8aaa33d0401eaba93a20e502229174c87e43a115fd6a425899b056b2fb4c9014c277b0bac190522a060153fdac9fb4d4c8ffb726777fd2794c7ba350e8849fe8dfd28af4a12bd0db39705de440c15fa362b03dcc15001f1a1115d14e5e2bd274b54be2b845e0fa6c374050aef97c38922b11f77f3bdcd43d4f14ca93fb58b84af64f2d01421
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 3d78d7f9764960b2617df4f01eca862a
-      Version: 3
-      TBS:
-        MD5: 1f056ff7d5f874984dc605402b7cb042
-        SHA1: bdb348353a2203deb4b767914fa1bd7248dd728b
-        SHA256: a08e79c386083d875014c409c13d144e0a24386132980df11ff59737c8489eb1
-        SHA384: fa2729064b49e0d77540c1ee95d5f74acaf8eaf55197851a3a40383335f8113e51190bc48b552196edf8ac5cf0c89278
-    Signer:
-    - SerialNumber: 74c58808c139aecc23260eb2ba16f2fd
-      Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 SHA256 Code Signing CA
-      Version: 1
-  Imphash: 2c19472843b56c67efb80d8c447f3cfe
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 2be85acec4d5e36a137af7ef046e0cc8
-    SHA1: b90403d206e5f76bbf699c9627461d9fdafa9aa5
-    SHA256: d453110c9050320419c2064ddea08230de6c76f86b07dc58112208e3d24a809e
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2006-05-05 01:37:49'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: CITMDRV_IA64.sys
-  ImportedFunctions:
-  - ZwClose
-  - ZwOpenFile
-  - RtlInitUnicodeString
-  - ZwWriteFile
-  - DbgPrint
-  - ZwCreateFile
-  - vsprintf
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ZwMapViewOfSection
-  - ZwUnmapViewOfSection
-  - MmUnlockPages
-  - IoFreeMdl
-  - ZwOpenSection
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - __C_specific_handler
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeTickCount
-  - KeBugCheckEx
-  Imports:
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: 42f7cc4be348c3efd98b0f1233cf2d69
-  MachineType: IA64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: IBM Polska Sp. z o.o.
-  RichPEHeaderHash:
-    MD5: a636a04d17b366998b7c1c07aeed6b8f
-    SHA1: 21d73d0b88dcdb85eda878180b57c823e4b13610
-    SHA256: c40c075a7fb6945338d1cb5a5254a32ea4c58845c40d3626394b993262d6d6d8
-  SHA1: 7ab4565ba24268f0adadb03a5506d4eb1dc7c181
-  SHA256: 5ee292b605cd3751a24e5949aae615d472a3c72688632c3040dc311055b75a92
-  Sections:
-    .text:
-      Entropy: 5.387578832102652
-      Virtual Size: '0x2c80'
-    .rdata:
-      Entropy: 3.5276453906221574
-      Virtual Size: '0x2d0'
-    .pdata:
-      Entropy: 3.0920063384794108
-      Virtual Size: '0x90'
-    .srdata:
-      Entropy: 2.2708669023612464
-      Virtual Size: '0x148'
-    .sdata:
-      Entropy: 2.1231320048496527
-      Virtual Size: '0xd0'
-    INIT:
-      Entropy: 5.147103167634986
-      Virtual Size: '0x334'
-    .reloc:
-      Entropy: 1.8848419960299854
-      Virtual Size: '0x166'
-  Signature:
-  - IBM Polska Sp. z o.o.
-  - VeriSign Class 3 Code Signing 2010 CA
-  - VeriSign
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=PL, ST=mazowieckie, L=Warsaw, O=IBM Polska Sp. z o.o., OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, CN=IBM Polska Sp. z o.o.
-      ValidFrom: '2013-05-31 00:00:00'
-      ValidTo: '2016-06-29 23:59:59'
-      Signature: 42e8dc916f2dc408ca5166c8b7ced14e560f83871c13c6c64e315e05fe905f6d744191e2e1fa04e15896b09c9853c735ac78efecf1d9d6c4b81d449b71b041b37f66e879cdd3ccaee2fad716d01f842540235d15c8b607c010ae4abe541053cc38f0f16c25c4cc1064aea63f2db60ebb4a7fd0f4c468f658bfe57c541b1b9292c3e6490604e75ceb222dad4bd25c3cf81031d9eeb9599a7f150f3ea8417ae517a59488fc512bbda13ba30018b1692ebfea87957384abb8cb0ce20141a7d58299a15454184e79a36c7e492e5e98c145e6e2b6010fb70825c2557176ad96047e55ca2136536f9d2357f3bbd970eb696a6af7eedb5ffdbe4696b99412a5d09e568e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 63acb2cbe8cf97d66478469f5ce0d445
-      Version: 3
-      TBS:
-        MD5: d2f517a828f35cbbd527489cdc79ea5d
-        SHA1: c09bc2bc5ba1256a1a7928f16cb0a628ff50209b
-        SHA256: e20f8274f7861cfeac94335c1201e538a22ed769e10c4eef430bf8f50598ff85
-        SHA384: 6011cff1637bf8176fdda7d4f22656034e7cfa63676bb0414ad5e48f3a7e4a0eb013ba6f533c997a0eadc507c65d914f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 63acb2cbe8cf97d66478469f5ce0d445
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 2c19472843b56c67efb80d8c447f3cfe
-  LoadsDespiteHVCI: 'TRUE'
-- Authentihash:
-    MD5: 2be85acec4d5e36a137af7ef046e0cc8
-    SHA1: b90403d206e5f76bbf699c9627461d9fdafa9aa5
-    SHA256: d453110c9050320419c2064ddea08230de6c76f86b07dc58112208e3d24a809e
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2006-05-05 01:37:49'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: CITMDRV_IA64.sys
-  ImportedFunctions:
-  - ZwClose
-  - ZwOpenFile
-  - RtlInitUnicodeString
-  - ZwWriteFile
-  - DbgPrint
-  - ZwCreateFile
-  - vsprintf
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ZwMapViewOfSection
-  - ZwUnmapViewOfSection
-  - MmUnlockPages
-  - IoFreeMdl
-  - ZwOpenSection
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - __C_specific_handler
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeTickCount
-  - KeBugCheckEx
-  Imports:
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: 2128e6c044ee86f822d952a261af0b48
-  MachineType: IA64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: IBM Polska Sp. z o.o.
-  RichPEHeaderHash:
-    MD5: a636a04d17b366998b7c1c07aeed6b8f
-    SHA1: 21d73d0b88dcdb85eda878180b57c823e4b13610
-    SHA256: c40c075a7fb6945338d1cb5a5254a32ea4c58845c40d3626394b993262d6d6d8
-  SHA1: dc7b022f8bd149efbcb2204a48dce75c72633526
-  SHA256: 76b86543ce05540048f954fed37bdda66360c4a3ddb8328213d5aef7a960c184
-  Sections:
-    .text:
-      Entropy: 5.387578832102652
-      Virtual Size: '0x2c80'
-    .rdata:
-      Entropy: 3.5276453906221574
-      Virtual Size: '0x2d0'
-    .pdata:
-      Entropy: 3.0920063384794108
-      Virtual Size: '0x90'
-    .srdata:
-      Entropy: 2.2708669023612464
-      Virtual Size: '0x148'
-    .sdata:
-      Entropy: 2.1231320048496527
-      Virtual Size: '0xd0'
-    INIT:
-      Entropy: 5.147103167634986
-      Virtual Size: '0x334'
-    .reloc:
-      Entropy: 1.8848419960299854
-      Virtual Size: '0x166'
-  Signature:
-  - IBM Polska Sp. z o.o.
-  - Symantec Class 3 SHA256 Code Signing CA
-  - VeriSign
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=PL, ST=mazowieckie, L=Warsaw, O=IBM Polska Sp. z o.o., CN=IBM Polska
-        Sp. z o.o.
-      ValidFrom: '2016-05-30 00:00:00'
-      ValidTo: '2019-07-29 23:59:59'
-      Signature: 37c4cb65c2d5579c51543d15af31471b5b497715b8018ab41d79e8c5fd07393f3ae94bc05fe9c7c309f7ac8cc213535a8fa8ea90100c57e455b50ddc95ee310d73c0577dd2e02e8f488ac3402f0a04f6bd5f40892e98c1c7a0f2763666416c56578c5124f057a762ac7e12ec79b0513db914a194e0180e7c60ebcfe6669802fa959e117dbe681d72789baa05343c622da0bb17eb05b8c6f0740d7053dbee3f12d569d4186d2dcc65a802e5ff99f6e9737f3b025eb44df12036e51b3d078fb5c29f36134134aa0ac6d34dc45d973b92fb05740c50975194828977dbe9c7218c092a4a96ec45d08610914926d92eb2fc2f0e7e4965dda5f82b7c9bbd731256acbf
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 74c58808c139aecc23260eb2ba16f2fd
-      Version: 3
-      TBS:
-        MD5: e7b67b21239296b841387cb545428012
-        SHA1: 16490d98ea08654a99e355b9b87be04fc66b62df
-        SHA256: 3dfd1ebc716c318dd93c0532018c67ca0e98bdb16dfbbd266dabf6f47dcb8870
-        SHA384: e70fb3a325bd9a1d3b52f5a7d8648a21c9a27ce88da95b324448220897832618a427b2b7d7f99cd4192645f1c1dac2a7
-    - Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 SHA256 Code Signing CA
-      ValidFrom: '2013-12-10 00:00:00'
-      ValidTo: '2023-12-09 23:59:59'
-      Signature: 13851a1e69a937f7a0bda4af7e1d6153fe9d8c5e0ca6751e781723ddfdec1a035539fb7195c7655aa78e30d2445a61db706fda2105c22e73ba49f1d193fe5dc9cd5e03e0899e3f741ed7f7388ba9d6cfbb352f3358a89256d1c84d3b82e6798416fc28b0b147f31da23eee87d9a67fa456a53fad842e29de7cbca8aaa33d0401eaba93a20e502229174c87e43a115fd6a425899b056b2fb4c9014c277b0bac190522a060153fdac9fb4d4c8ffb726777fd2794c7ba350e8849fe8dfd28af4a12bd0db39705de440c15fa362b03dcc15001f1a1115d14e5e2bd274b54be2b845e0fa6c374050aef97c38922b11f77f3bdcd43d4f14ca93fb58b84af64f2d01421
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 3d78d7f9764960b2617df4f01eca862a
-      Version: 3
-      TBS:
-        MD5: 1f056ff7d5f874984dc605402b7cb042
-        SHA1: bdb348353a2203deb4b767914fa1bd7248dd728b
-        SHA256: a08e79c386083d875014c409c13d144e0a24386132980df11ff59737c8489eb1
-        SHA384: fa2729064b49e0d77540c1ee95d5f74acaf8eaf55197851a3a40383335f8113e51190bc48b552196edf8ac5cf0c89278
-    Signer:
-    - SerialNumber: 74c58808c139aecc23260eb2ba16f2fd
-      Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 SHA256 Code Signing CA
-      Version: 1
-  Imphash: 2c19472843b56c67efb80d8c447f3cfe
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 2be85acec4d5e36a137af7ef046e0cc8
-    SHA1: b90403d206e5f76bbf699c9627461d9fdafa9aa5
-    SHA256: d453110c9050320419c2064ddea08230de6c76f86b07dc58112208e3d24a809e
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2006-05-05 01:37:49'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: CITMDRV_IA64.sys
-  ImportedFunctions:
-  - ZwClose
-  - ZwOpenFile
-  - RtlInitUnicodeString
-  - ZwWriteFile
-  - DbgPrint
-  - ZwCreateFile
-  - vsprintf
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ZwMapViewOfSection
-  - ZwUnmapViewOfSection
-  - MmUnlockPages
-  - IoFreeMdl
-  - ZwOpenSection
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - __C_specific_handler
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeTickCount
-  - KeBugCheckEx
-  Imports:
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: fd81af62964f5dd5eb4a828543a33dcf
-  MachineType: IA64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: IBM Polska Sp. z o.o.
-  RichPEHeaderHash:
-    MD5: a636a04d17b366998b7c1c07aeed6b8f
-    SHA1: 21d73d0b88dcdb85eda878180b57c823e4b13610
-    SHA256: c40c075a7fb6945338d1cb5a5254a32ea4c58845c40d3626394b993262d6d6d8
-  SHA1: 0307d76750dd98d707c699aee3b626643afb6936
-  SHA256: 7f190f6e5ab0edafd63391506c2360230af4c2d56c45fc8996a168a1fc12d457
-  Sections:
-    .text:
-      Entropy: 5.387578832102652
-      Virtual Size: '0x2c80'
-    .rdata:
-      Entropy: 3.5276453906221574
-      Virtual Size: '0x2d0'
-    .pdata:
-      Entropy: 3.0920063384794108
-      Virtual Size: '0x90'
-    .srdata:
-      Entropy: 2.2708669023612464
-      Virtual Size: '0x148'
-    .sdata:
-      Entropy: 2.1231320048496527
-      Virtual Size: '0xd0'
-    INIT:
-      Entropy: 5.147103167634986
-      Virtual Size: '0x334'
-    .reloc:
-      Entropy: 1.8848419960299854
-      Virtual Size: '0x166'
-  Signature:
-  - IBM Polska Sp. z o.o.
-  - VeriSign Class 3 Code Signing 2009-2 CA
-  - VeriSign Class 3 Public Primary CA
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G3
-      ValidFrom: '2012-05-01 00:00:00'
-      ValidTo: '2012-12-31 23:59:59'
-      Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
-      Version: 3
-      TBS:
-        MD5: e6d820afb23af20a65cf0b03247ea05e
-        SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
-        SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
-        SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=PL, ST=malopolska, L=Krakow, O=IBM Polska Sp. z o.o., OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, CN=IBM Polska Sp. z o.o.
-      ValidFrom: '2010-04-08 00:00:00'
-      ValidTo: '2013-04-09 23:59:59'
-      Signature: aec628787fc5115db93dba252e13cd029479d493c11fe73c7489505159c140ffe12c4626385c9dc75bb198692a08f1ddef7596666f654f6b2ac73884106f73c854ea38c3ea17af5d6b114884e174c4fb9061d48894066d6375662ddfdbb501cecbd1b6b92b9ac67a4b420aab9275658932fbcddfaa96590f5d40d29c807fda722681eb09fd16407fc1f2aea03470f36d1e134807d87dfc934789a500bf97b7fa816a56b96b269cf900d66809306d450556051df6ea7643848b2199d3a4927c34f1e385a31ead8aabb510a3dc1551c2ddabfede5f3210e774196660380a9d707d329c97e4317ddde27e111865367bab7c424e9a704f7f005d641cff9e3977bd38
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 45595f53cb4840a48f7415305213fba6
-      Version: 3
-      TBS:
-        MD5: 478f5b241a92e2c4a0b1580fbf6a1222
-        SHA1: 16c4e1d539fe3eff639929b0e688e97dea1fbd7c
-        SHA256: f9655471d8ad73cfa42a56521d31e6f0d7088207234f3aaa00638fe36fad109d
-        SHA384: 3f0f3cdcb3f9b03da2be316c4305836ffb88b0cb8e18001518cff506e0fa35b27b98f4330f7f91fef30d37de2d57cf24
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    Signer:
-    - SerialNumber: 45595f53cb4840a48f7415305213fba6
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  Imphash: 2c19472843b56c67efb80d8c447f3cfe
-  LoadsDespiteHVCI: 'TRUE'
-- Authentihash:
-    MD5: 2be85acec4d5e36a137af7ef046e0cc8
-    SHA1: b90403d206e5f76bbf699c9627461d9fdafa9aa5
-    SHA256: d453110c9050320419c2064ddea08230de6c76f86b07dc58112208e3d24a809e
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2006-05-05 01:37:49'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: CITMDRV_IA64.sys
-  ImportedFunctions:
-  - ZwClose
-  - ZwOpenFile
-  - RtlInitUnicodeString
-  - ZwWriteFile
-  - DbgPrint
-  - ZwCreateFile
-  - vsprintf
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ZwMapViewOfSection
-  - ZwUnmapViewOfSection
-  - MmUnlockPages
-  - IoFreeMdl
-  - ZwOpenSection
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - __C_specific_handler
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeTickCount
-  - KeBugCheckEx
-  Imports:
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: 010c0e5ac584e3ab97a2daf84cf436f5
-  MachineType: IA64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: IBM Polska Sp. z o.o.
-  RichPEHeaderHash:
-    MD5: a636a04d17b366998b7c1c07aeed6b8f
-    SHA1: 21d73d0b88dcdb85eda878180b57c823e4b13610
-    SHA256: c40c075a7fb6945338d1cb5a5254a32ea4c58845c40d3626394b993262d6d6d8
-  SHA1: 5711c88e9e64e45b8fc4b90ab6f2dd6437dc5a8a
-  SHA256: 845f1e228de249fc1ddf8dc28c39d03e8ad328a6277b6502d3932e83b879a65a
-  Sections:
-    .text:
-      Entropy: 5.387578832102652
-      Virtual Size: '0x2c80'
-    .rdata:
-      Entropy: 3.5276453906221574
-      Virtual Size: '0x2d0'
-    .pdata:
-      Entropy: 3.0920063384794108
-      Virtual Size: '0x90'
-    .srdata:
-      Entropy: 2.2708669023612464
-      Virtual Size: '0x148'
-    .sdata:
-      Entropy: 2.1231320048496527
-      Virtual Size: '0xd0'
-    INIT:
-      Entropy: 5.147103167634986
-      Virtual Size: '0x334'
-    .reloc:
-      Entropy: 1.8848419960299854
-      Virtual Size: '0x166'
-  Signature:
-  - IBM Polska Sp. z o.o.
-  - Symantec Class 3 SHA256 Code Signing CA
-  - VeriSign
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=PL, ST=mazowieckie, L=Warsaw, O=IBM Polska Sp. z o.o., CN=IBM Polska
-        Sp. z o.o.
-      ValidFrom: '2016-05-30 00:00:00'
-      ValidTo: '2019-07-29 23:59:59'
-      Signature: 37c4cb65c2d5579c51543d15af31471b5b497715b8018ab41d79e8c5fd07393f3ae94bc05fe9c7c309f7ac8cc213535a8fa8ea90100c57e455b50ddc95ee310d73c0577dd2e02e8f488ac3402f0a04f6bd5f40892e98c1c7a0f2763666416c56578c5124f057a762ac7e12ec79b0513db914a194e0180e7c60ebcfe6669802fa959e117dbe681d72789baa05343c622da0bb17eb05b8c6f0740d7053dbee3f12d569d4186d2dcc65a802e5ff99f6e9737f3b025eb44df12036e51b3d078fb5c29f36134134aa0ac6d34dc45d973b92fb05740c50975194828977dbe9c7218c092a4a96ec45d08610914926d92eb2fc2f0e7e4965dda5f82b7c9bbd731256acbf
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 74c58808c139aecc23260eb2ba16f2fd
-      Version: 3
-      TBS:
-        MD5: e7b67b21239296b841387cb545428012
-        SHA1: 16490d98ea08654a99e355b9b87be04fc66b62df
-        SHA256: 3dfd1ebc716c318dd93c0532018c67ca0e98bdb16dfbbd266dabf6f47dcb8870
-        SHA384: e70fb3a325bd9a1d3b52f5a7d8648a21c9a27ce88da95b324448220897832618a427b2b7d7f99cd4192645f1c1dac2a7
-    - Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 SHA256 Code Signing CA
-      ValidFrom: '2013-12-10 00:00:00'
-      ValidTo: '2023-12-09 23:59:59'
-      Signature: 13851a1e69a937f7a0bda4af7e1d6153fe9d8c5e0ca6751e781723ddfdec1a035539fb7195c7655aa78e30d2445a61db706fda2105c22e73ba49f1d193fe5dc9cd5e03e0899e3f741ed7f7388ba9d6cfbb352f3358a89256d1c84d3b82e6798416fc28b0b147f31da23eee87d9a67fa456a53fad842e29de7cbca8aaa33d0401eaba93a20e502229174c87e43a115fd6a425899b056b2fb4c9014c277b0bac190522a060153fdac9fb4d4c8ffb726777fd2794c7ba350e8849fe8dfd28af4a12bd0db39705de440c15fa362b03dcc15001f1a1115d14e5e2bd274b54be2b845e0fa6c374050aef97c38922b11f77f3bdcd43d4f14ca93fb58b84af64f2d01421
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 3d78d7f9764960b2617df4f01eca862a
-      Version: 3
-      TBS:
-        MD5: 1f056ff7d5f874984dc605402b7cb042
-        SHA1: bdb348353a2203deb4b767914fa1bd7248dd728b
-        SHA256: a08e79c386083d875014c409c13d144e0a24386132980df11ff59737c8489eb1
-        SHA384: fa2729064b49e0d77540c1ee95d5f74acaf8eaf55197851a3a40383335f8113e51190bc48b552196edf8ac5cf0c89278
-    Signer:
-    - SerialNumber: 74c58808c139aecc23260eb2ba16f2fd
-      Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 SHA256 Code Signing CA
-      Version: 1
-  Imphash: 2c19472843b56c67efb80d8c447f3cfe
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 2be85acec4d5e36a137af7ef046e0cc8
-    SHA1: b90403d206e5f76bbf699c9627461d9fdafa9aa5
-    SHA256: d453110c9050320419c2064ddea08230de6c76f86b07dc58112208e3d24a809e
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2006-05-05 01:37:49'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: CITMDRV_IA64.sys
-  ImportedFunctions:
-  - ZwClose
-  - ZwOpenFile
-  - RtlInitUnicodeString
-  - ZwWriteFile
-  - DbgPrint
-  - ZwCreateFile
-  - vsprintf
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ZwMapViewOfSection
-  - ZwUnmapViewOfSection
-  - MmUnlockPages
-  - IoFreeMdl
-  - ZwOpenSection
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - __C_specific_handler
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeTickCount
-  - KeBugCheckEx
-  Imports:
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: ff7b31fa6e9ab923bce8af31d1be5bb2
-  MachineType: IA64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: IBM Polska Sp. z o.o.
-  RichPEHeaderHash:
-    MD5: a636a04d17b366998b7c1c07aeed6b8f
-    SHA1: 21d73d0b88dcdb85eda878180b57c823e4b13610
-    SHA256: c40c075a7fb6945338d1cb5a5254a32ea4c58845c40d3626394b993262d6d6d8
-  SHA1: 6714380bc0b8ab09b9a0d2fa66d1b025b646b946
-  SHA256: 84bf1d0bcdf175cfe8aea2973e0373015793d43907410ae97e2071b2c4b8e2d4
-  Sections:
-    .text:
-      Entropy: 5.387578832102652
-      Virtual Size: '0x2c80'
-    .rdata:
-      Entropy: 3.5276453906221574
-      Virtual Size: '0x2d0'
-    .pdata:
-      Entropy: 3.0920063384794108
-      Virtual Size: '0x90'
-    .srdata:
-      Entropy: 2.2708669023612464
-      Virtual Size: '0x148'
-    .sdata:
-      Entropy: 2.1231320048496527
-      Virtual Size: '0xd0'
-    INIT:
-      Entropy: 5.147103167634986
-      Virtual Size: '0x334'
-    .reloc:
-      Entropy: 1.8848419960299854
-      Virtual Size: '0x166'
-  Signature:
-  - IBM Polska Sp. z o.o.
-  - VeriSign Class 3 Code Signing 2010 CA
-  - VeriSign
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=PL, ST=mazowieckie, L=Warsaw, O=IBM Polska Sp. z o.o., OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, CN=IBM Polska Sp. z o.o.
-      ValidFrom: '2013-05-31 00:00:00'
-      ValidTo: '2016-06-29 23:59:59'
-      Signature: 42e8dc916f2dc408ca5166c8b7ced14e560f83871c13c6c64e315e05fe905f6d744191e2e1fa04e15896b09c9853c735ac78efecf1d9d6c4b81d449b71b041b37f66e879cdd3ccaee2fad716d01f842540235d15c8b607c010ae4abe541053cc38f0f16c25c4cc1064aea63f2db60ebb4a7fd0f4c468f658bfe57c541b1b9292c3e6490604e75ceb222dad4bd25c3cf81031d9eeb9599a7f150f3ea8417ae517a59488fc512bbda13ba30018b1692ebfea87957384abb8cb0ce20141a7d58299a15454184e79a36c7e492e5e98c145e6e2b6010fb70825c2557176ad96047e55ca2136536f9d2357f3bbd970eb696a6af7eedb5ffdbe4696b99412a5d09e568e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 63acb2cbe8cf97d66478469f5ce0d445
-      Version: 3
-      TBS:
-        MD5: d2f517a828f35cbbd527489cdc79ea5d
-        SHA1: c09bc2bc5ba1256a1a7928f16cb0a628ff50209b
-        SHA256: e20f8274f7861cfeac94335c1201e538a22ed769e10c4eef430bf8f50598ff85
-        SHA384: 6011cff1637bf8176fdda7d4f22656034e7cfa63676bb0414ad5e48f3a7e4a0eb013ba6f533c997a0eadc507c65d914f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 63acb2cbe8cf97d66478469f5ce0d445
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 2c19472843b56c67efb80d8c447f3cfe
-  LoadsDespiteHVCI: 'TRUE'
-- Authentihash:
-    MD5: 2be85acec4d5e36a137af7ef046e0cc8
-    SHA1: b90403d206e5f76bbf699c9627461d9fdafa9aa5
-    SHA256: d453110c9050320419c2064ddea08230de6c76f86b07dc58112208e3d24a809e
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2006-05-05 01:37:49'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: CITMDRV_IA64.sys
-  ImportedFunctions:
-  - ZwClose
-  - ZwOpenFile
-  - RtlInitUnicodeString
-  - ZwWriteFile
-  - DbgPrint
-  - ZwCreateFile
-  - vsprintf
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ZwMapViewOfSection
-  - ZwUnmapViewOfSection
-  - MmUnlockPages
-  - IoFreeMdl
-  - ZwOpenSection
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - __C_specific_handler
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeTickCount
-  - KeBugCheckEx
-  Imports:
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: 7bd840ff7f15df79a9a71fec7db1243e
-  MachineType: IA64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: IBM Polska Sp. z o.o.
-  RichPEHeaderHash:
-    MD5: a636a04d17b366998b7c1c07aeed6b8f
-    SHA1: 21d73d0b88dcdb85eda878180b57c823e4b13610
-    SHA256: c40c075a7fb6945338d1cb5a5254a32ea4c58845c40d3626394b993262d6d6d8
-  SHA1: 8626ab1da6bfbdf61bd327eb944b39fd9df33d1d
-  SHA256: 8ef0ad86500094e8fa3d9e7d53163aa6feef67c09575c169873c494ed66f057f
-  Sections:
-    .text:
-      Entropy: 5.387578832102652
-      Virtual Size: '0x2c80'
-    .rdata:
-      Entropy: 3.5276453906221574
-      Virtual Size: '0x2d0'
-    .pdata:
-      Entropy: 3.0920063384794108
-      Virtual Size: '0x90'
-    .srdata:
-      Entropy: 2.2708669023612464
-      Virtual Size: '0x148'
-    .sdata:
-      Entropy: 2.1231320048496527
-      Virtual Size: '0xd0'
-    INIT:
-      Entropy: 5.147103167634986
-      Virtual Size: '0x334'
-    .reloc:
-      Entropy: 1.8848419960299854
-      Virtual Size: '0x166'
-  Signature:
-  - IBM Polska Sp. z o.o.
-  - VeriSign Class 3 Code Signing 2010 CA
-  - VeriSign
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=PL, ST=mazowieckie, L=Warsaw, O=IBM Polska Sp. z o.o., OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, CN=IBM Polska Sp. z o.o.
-      ValidFrom: '2013-05-31 00:00:00'
-      ValidTo: '2016-06-29 23:59:59'
-      Signature: 42e8dc916f2dc408ca5166c8b7ced14e560f83871c13c6c64e315e05fe905f6d744191e2e1fa04e15896b09c9853c735ac78efecf1d9d6c4b81d449b71b041b37f66e879cdd3ccaee2fad716d01f842540235d15c8b607c010ae4abe541053cc38f0f16c25c4cc1064aea63f2db60ebb4a7fd0f4c468f658bfe57c541b1b9292c3e6490604e75ceb222dad4bd25c3cf81031d9eeb9599a7f150f3ea8417ae517a59488fc512bbda13ba30018b1692ebfea87957384abb8cb0ce20141a7d58299a15454184e79a36c7e492e5e98c145e6e2b6010fb70825c2557176ad96047e55ca2136536f9d2357f3bbd970eb696a6af7eedb5ffdbe4696b99412a5d09e568e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 63acb2cbe8cf97d66478469f5ce0d445
-      Version: 3
-      TBS:
-        MD5: d2f517a828f35cbbd527489cdc79ea5d
-        SHA1: c09bc2bc5ba1256a1a7928f16cb0a628ff50209b
-        SHA256: e20f8274f7861cfeac94335c1201e538a22ed769e10c4eef430bf8f50598ff85
-        SHA384: 6011cff1637bf8176fdda7d4f22656034e7cfa63676bb0414ad5e48f3a7e4a0eb013ba6f533c997a0eadc507c65d914f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 63acb2cbe8cf97d66478469f5ce0d445
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 2c19472843b56c67efb80d8c447f3cfe
-  LoadsDespiteHVCI: 'TRUE'
-- Authentihash:
-    MD5: 2be85acec4d5e36a137af7ef046e0cc8
-    SHA1: b90403d206e5f76bbf699c9627461d9fdafa9aa5
-    SHA256: d453110c9050320419c2064ddea08230de6c76f86b07dc58112208e3d24a809e
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2006-05-05 01:37:49'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: CITMDRV_IA64.sys
-  ImportedFunctions:
-  - ZwClose
-  - ZwOpenFile
-  - RtlInitUnicodeString
-  - ZwWriteFile
-  - DbgPrint
-  - ZwCreateFile
-  - vsprintf
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ZwMapViewOfSection
-  - ZwUnmapViewOfSection
-  - MmUnlockPages
-  - IoFreeMdl
-  - ZwOpenSection
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - __C_specific_handler
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeTickCount
-  - KeBugCheckEx
-  Imports:
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: fa222bed731713904320723b9c085b11
-  MachineType: IA64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: IBM Polska Sp. z o.o.
-  RichPEHeaderHash:
-    MD5: a636a04d17b366998b7c1c07aeed6b8f
-    SHA1: 21d73d0b88dcdb85eda878180b57c823e4b13610
-    SHA256: c40c075a7fb6945338d1cb5a5254a32ea4c58845c40d3626394b993262d6d6d8
-  SHA1: 30a224b22592d952fbe2e6ad97eda4a8f2c734e0
-  SHA256: a56c2a2425eb3a4260cc7fc5c8d7bed7a3b4cd2af256185f24471c668853aee8
-  Sections:
-    .text:
-      Entropy: 5.387578832102652
-      Virtual Size: '0x2c80'
-    .rdata:
-      Entropy: 3.5276453906221574
-      Virtual Size: '0x2d0'
-    .pdata:
-      Entropy: 3.0920063384794108
-      Virtual Size: '0x90'
-    .srdata:
-      Entropy: 2.2708669023612464
-      Virtual Size: '0x148'
-    .sdata:
-      Entropy: 2.1231320048496527
-      Virtual Size: '0xd0'
-    INIT:
-      Entropy: 5.147103167634986
-      Virtual Size: '0x334'
-    .reloc:
-      Entropy: 1.8848419960299854
-      Virtual Size: '0x166'
-  Signature:
-  - IBM Polska Sp. z o.o.
-  - Symantec Class 3 SHA256 Code Signing CA
-  - VeriSign
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=PL, ST=mazowieckie, L=Warsaw, O=IBM Polska Sp. z o.o., CN=IBM Polska
-        Sp. z o.o.
-      ValidFrom: '2016-05-30 00:00:00'
-      ValidTo: '2019-07-29 23:59:59'
-      Signature: 37c4cb65c2d5579c51543d15af31471b5b497715b8018ab41d79e8c5fd07393f3ae94bc05fe9c7c309f7ac8cc213535a8fa8ea90100c57e455b50ddc95ee310d73c0577dd2e02e8f488ac3402f0a04f6bd5f40892e98c1c7a0f2763666416c56578c5124f057a762ac7e12ec79b0513db914a194e0180e7c60ebcfe6669802fa959e117dbe681d72789baa05343c622da0bb17eb05b8c6f0740d7053dbee3f12d569d4186d2dcc65a802e5ff99f6e9737f3b025eb44df12036e51b3d078fb5c29f36134134aa0ac6d34dc45d973b92fb05740c50975194828977dbe9c7218c092a4a96ec45d08610914926d92eb2fc2f0e7e4965dda5f82b7c9bbd731256acbf
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 74c58808c139aecc23260eb2ba16f2fd
-      Version: 3
-      TBS:
-        MD5: e7b67b21239296b841387cb545428012
-        SHA1: 16490d98ea08654a99e355b9b87be04fc66b62df
-        SHA256: 3dfd1ebc716c318dd93c0532018c67ca0e98bdb16dfbbd266dabf6f47dcb8870
-        SHA384: e70fb3a325bd9a1d3b52f5a7d8648a21c9a27ce88da95b324448220897832618a427b2b7d7f99cd4192645f1c1dac2a7
-    - Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 SHA256 Code Signing CA
-      ValidFrom: '2013-12-10 00:00:00'
-      ValidTo: '2023-12-09 23:59:59'
-      Signature: 13851a1e69a937f7a0bda4af7e1d6153fe9d8c5e0ca6751e781723ddfdec1a035539fb7195c7655aa78e30d2445a61db706fda2105c22e73ba49f1d193fe5dc9cd5e03e0899e3f741ed7f7388ba9d6cfbb352f3358a89256d1c84d3b82e6798416fc28b0b147f31da23eee87d9a67fa456a53fad842e29de7cbca8aaa33d0401eaba93a20e502229174c87e43a115fd6a425899b056b2fb4c9014c277b0bac190522a060153fdac9fb4d4c8ffb726777fd2794c7ba350e8849fe8dfd28af4a12bd0db39705de440c15fa362b03dcc15001f1a1115d14e5e2bd274b54be2b845e0fa6c374050aef97c38922b11f77f3bdcd43d4f14ca93fb58b84af64f2d01421
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 3d78d7f9764960b2617df4f01eca862a
-      Version: 3
-      TBS:
-        MD5: 1f056ff7d5f874984dc605402b7cb042
-        SHA1: bdb348353a2203deb4b767914fa1bd7248dd728b
-        SHA256: a08e79c386083d875014c409c13d144e0a24386132980df11ff59737c8489eb1
-        SHA384: fa2729064b49e0d77540c1ee95d5f74acaf8eaf55197851a3a40383335f8113e51190bc48b552196edf8ac5cf0c89278
-    Signer:
-    - SerialNumber: 74c58808c139aecc23260eb2ba16f2fd
-      Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 SHA256 Code Signing CA
-      Version: 1
-  Imphash: 2c19472843b56c67efb80d8c447f3cfe
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 2be85acec4d5e36a137af7ef046e0cc8
-    SHA1: b90403d206e5f76bbf699c9627461d9fdafa9aa5
-    SHA256: d453110c9050320419c2064ddea08230de6c76f86b07dc58112208e3d24a809e
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2006-05-05 01:37:49'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: CITMDRV_IA64.sys
-  ImportedFunctions:
-  - ZwClose
-  - ZwOpenFile
-  - RtlInitUnicodeString
-  - ZwWriteFile
-  - DbgPrint
-  - ZwCreateFile
-  - vsprintf
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ZwMapViewOfSection
-  - ZwUnmapViewOfSection
-  - MmUnlockPages
-  - IoFreeMdl
-  - ZwOpenSection
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - __C_specific_handler
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeTickCount
-  - KeBugCheckEx
-  Imports:
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: f778489c7105a63e9e789a02412aaa5f
-  MachineType: IA64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: IBM Polska Sp. z o.o.
-  RichPEHeaderHash:
-    MD5: a636a04d17b366998b7c1c07aeed6b8f
-    SHA1: 21d73d0b88dcdb85eda878180b57c823e4b13610
-    SHA256: c40c075a7fb6945338d1cb5a5254a32ea4c58845c40d3626394b993262d6d6d8
-  SHA1: c95db1e82619fb16f8eec9a8209b7b0e853a4ebe
-  SHA256: ac3f613d457fc4d44fa27b2e0b1baa62c09415705efb5a40a4756da39b3ac165
-  Sections:
-    .text:
-      Entropy: 5.387578832102652
-      Virtual Size: '0x2c80'
-    .rdata:
-      Entropy: 3.5276453906221574
-      Virtual Size: '0x2d0'
-    .pdata:
-      Entropy: 3.0920063384794108
-      Virtual Size: '0x90'
-    .srdata:
-      Entropy: 2.2708669023612464
-      Virtual Size: '0x148'
-    .sdata:
-      Entropy: 2.1231320048496527
-      Virtual Size: '0xd0'
-    INIT:
-      Entropy: 5.147103167634986
-      Virtual Size: '0x334'
-    .reloc:
-      Entropy: 1.8848419960299854
-      Virtual Size: '0x166'
-  Signature:
-  - IBM Polska Sp. z o.o.
-  - Symantec Class 3 SHA256 Code Signing CA
-  - VeriSign
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=PL, ST=mazowieckie, L=Warsaw, O=IBM Polska Sp. z o.o., CN=IBM Polska
-        Sp. z o.o.
-      ValidFrom: '2016-05-30 00:00:00'
-      ValidTo: '2019-07-29 23:59:59'
-      Signature: 37c4cb65c2d5579c51543d15af31471b5b497715b8018ab41d79e8c5fd07393f3ae94bc05fe9c7c309f7ac8cc213535a8fa8ea90100c57e455b50ddc95ee310d73c0577dd2e02e8f488ac3402f0a04f6bd5f40892e98c1c7a0f2763666416c56578c5124f057a762ac7e12ec79b0513db914a194e0180e7c60ebcfe6669802fa959e117dbe681d72789baa05343c622da0bb17eb05b8c6f0740d7053dbee3f12d569d4186d2dcc65a802e5ff99f6e9737f3b025eb44df12036e51b3d078fb5c29f36134134aa0ac6d34dc45d973b92fb05740c50975194828977dbe9c7218c092a4a96ec45d08610914926d92eb2fc2f0e7e4965dda5f82b7c9bbd731256acbf
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 74c58808c139aecc23260eb2ba16f2fd
-      Version: 3
-      TBS:
-        MD5: e7b67b21239296b841387cb545428012
-        SHA1: 16490d98ea08654a99e355b9b87be04fc66b62df
-        SHA256: 3dfd1ebc716c318dd93c0532018c67ca0e98bdb16dfbbd266dabf6f47dcb8870
-        SHA384: e70fb3a325bd9a1d3b52f5a7d8648a21c9a27ce88da95b324448220897832618a427b2b7d7f99cd4192645f1c1dac2a7
-    - Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 SHA256 Code Signing CA
-      ValidFrom: '2013-12-10 00:00:00'
-      ValidTo: '2023-12-09 23:59:59'
-      Signature: 13851a1e69a937f7a0bda4af7e1d6153fe9d8c5e0ca6751e781723ddfdec1a035539fb7195c7655aa78e30d2445a61db706fda2105c22e73ba49f1d193fe5dc9cd5e03e0899e3f741ed7f7388ba9d6cfbb352f3358a89256d1c84d3b82e6798416fc28b0b147f31da23eee87d9a67fa456a53fad842e29de7cbca8aaa33d0401eaba93a20e502229174c87e43a115fd6a425899b056b2fb4c9014c277b0bac190522a060153fdac9fb4d4c8ffb726777fd2794c7ba350e8849fe8dfd28af4a12bd0db39705de440c15fa362b03dcc15001f1a1115d14e5e2bd274b54be2b845e0fa6c374050aef97c38922b11f77f3bdcd43d4f14ca93fb58b84af64f2d01421
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 3d78d7f9764960b2617df4f01eca862a
-      Version: 3
-      TBS:
-        MD5: 1f056ff7d5f874984dc605402b7cb042
-        SHA1: bdb348353a2203deb4b767914fa1bd7248dd728b
-        SHA256: a08e79c386083d875014c409c13d144e0a24386132980df11ff59737c8489eb1
-        SHA384: fa2729064b49e0d77540c1ee95d5f74acaf8eaf55197851a3a40383335f8113e51190bc48b552196edf8ac5cf0c89278
-    Signer:
-    - SerialNumber: 74c58808c139aecc23260eb2ba16f2fd
-      Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 SHA256 Code Signing CA
-      Version: 1
-  Imphash: 2c19472843b56c67efb80d8c447f3cfe
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 2be85acec4d5e36a137af7ef046e0cc8
-    SHA1: b90403d206e5f76bbf699c9627461d9fdafa9aa5
-    SHA256: d453110c9050320419c2064ddea08230de6c76f86b07dc58112208e3d24a809e
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2006-05-05 01:37:49'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: CITMDRV_IA64.sys
-  ImportedFunctions:
-  - ZwClose
-  - ZwOpenFile
-  - RtlInitUnicodeString
-  - ZwWriteFile
-  - DbgPrint
-  - ZwCreateFile
-  - vsprintf
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ZwMapViewOfSection
-  - ZwUnmapViewOfSection
-  - MmUnlockPages
-  - IoFreeMdl
-  - ZwOpenSection
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - __C_specific_handler
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeTickCount
-  - KeBugCheckEx
-  Imports:
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: ed07f1a8038596574184e09211dfc30f
-  MachineType: IA64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: IBM Polska Sp. z o.o.
-  RichPEHeaderHash:
-    MD5: a636a04d17b366998b7c1c07aeed6b8f
-    SHA1: 21d73d0b88dcdb85eda878180b57c823e4b13610
-    SHA256: c40c075a7fb6945338d1cb5a5254a32ea4c58845c40d3626394b993262d6d6d8
-  SHA1: fe1d909ab38de1389a2a48352fd1c8415fd2eab0
-  SHA256: b1334a71cc73b3d0c54f62d8011bec330dfc355a239bf94a121f6e4c86a30a2e
-  Sections:
-    .text:
-      Entropy: 5.387578832102652
-      Virtual Size: '0x2c80'
-    .rdata:
-      Entropy: 3.5276453906221574
-      Virtual Size: '0x2d0'
-    .pdata:
-      Entropy: 3.0920063384794108
-      Virtual Size: '0x90'
-    .srdata:
-      Entropy: 2.2708669023612464
-      Virtual Size: '0x148'
-    .sdata:
-      Entropy: 2.1231320048496527
-      Virtual Size: '0xd0'
-    INIT:
-      Entropy: 5.147103167634986
-      Virtual Size: '0x334'
-    .reloc:
-      Entropy: 1.8848419960299854
-      Virtual Size: '0x166'
-  Signature:
-  - IBM Polska Sp. z o.o.
-  - VeriSign Class 3 Code Signing 2009-2 CA
-  - VeriSign Class 3 Public Primary CA
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G3
-      ValidFrom: '2012-05-01 00:00:00'
-      ValidTo: '2012-12-31 23:59:59'
-      Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
-      Version: 3
-      TBS:
-        MD5: e6d820afb23af20a65cf0b03247ea05e
-        SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
-        SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
-        SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=PL, ST=malopolska, L=Krakow, O=IBM Polska Sp. z o.o., OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, CN=IBM Polska Sp. z o.o.
-      ValidFrom: '2010-04-08 00:00:00'
-      ValidTo: '2013-04-09 23:59:59'
-      Signature: aec628787fc5115db93dba252e13cd029479d493c11fe73c7489505159c140ffe12c4626385c9dc75bb198692a08f1ddef7596666f654f6b2ac73884106f73c854ea38c3ea17af5d6b114884e174c4fb9061d48894066d6375662ddfdbb501cecbd1b6b92b9ac67a4b420aab9275658932fbcddfaa96590f5d40d29c807fda722681eb09fd16407fc1f2aea03470f36d1e134807d87dfc934789a500bf97b7fa816a56b96b269cf900d66809306d450556051df6ea7643848b2199d3a4927c34f1e385a31ead8aabb510a3dc1551c2ddabfede5f3210e774196660380a9d707d329c97e4317ddde27e111865367bab7c424e9a704f7f005d641cff9e3977bd38
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 45595f53cb4840a48f7415305213fba6
-      Version: 3
-      TBS:
-        MD5: 478f5b241a92e2c4a0b1580fbf6a1222
-        SHA1: 16c4e1d539fe3eff639929b0e688e97dea1fbd7c
-        SHA256: f9655471d8ad73cfa42a56521d31e6f0d7088207234f3aaa00638fe36fad109d
-        SHA384: 3f0f3cdcb3f9b03da2be316c4305836ffb88b0cb8e18001518cff506e0fa35b27b98f4330f7f91fef30d37de2d57cf24
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    Signer:
-    - SerialNumber: 45595f53cb4840a48f7415305213fba6
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  Imphash: 2c19472843b56c67efb80d8c447f3cfe
-  LoadsDespiteHVCI: 'TRUE'
-- Authentihash:
-    MD5: 2be85acec4d5e36a137af7ef046e0cc8
-    SHA1: b90403d206e5f76bbf699c9627461d9fdafa9aa5
-    SHA256: d453110c9050320419c2064ddea08230de6c76f86b07dc58112208e3d24a809e
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2006-05-05 01:37:49'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: CITMDRV_IA64.sys
-  ImportedFunctions:
-  - ZwClose
-  - ZwOpenFile
-  - RtlInitUnicodeString
-  - ZwWriteFile
-  - DbgPrint
-  - ZwCreateFile
-  - vsprintf
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ZwMapViewOfSection
-  - ZwUnmapViewOfSection
-  - MmUnlockPages
-  - IoFreeMdl
-  - ZwOpenSection
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - __C_specific_handler
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeTickCount
-  - KeBugCheckEx
-  Imports:
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: 14eead4d42728e9340ec8399a225c124
-  MachineType: IA64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: IBM Polska Sp. z o.o.
-  RichPEHeaderHash:
-    MD5: a636a04d17b366998b7c1c07aeed6b8f
-    SHA1: 21d73d0b88dcdb85eda878180b57c823e4b13610
-    SHA256: c40c075a7fb6945338d1cb5a5254a32ea4c58845c40d3626394b993262d6d6d8
-  SHA1: b4d1554ec19504215d27de0758e13c35ddd6db3e
-  SHA256: b47be212352d407d0ef7458a7161c66b47c2aec8391dd101df11e65728337a6a
-  Sections:
-    .text:
-      Entropy: 5.387578832102652
-      Virtual Size: '0x2c80'
-    .rdata:
-      Entropy: 3.5276453906221574
-      Virtual Size: '0x2d0'
-    .pdata:
-      Entropy: 3.0920063384794108
-      Virtual Size: '0x90'
-    .srdata:
-      Entropy: 2.2708669023612464
-      Virtual Size: '0x148'
-    .sdata:
-      Entropy: 2.1231320048496527
-      Virtual Size: '0xd0'
-    INIT:
-      Entropy: 5.147103167634986
-      Virtual Size: '0x334'
-    .reloc:
-      Entropy: 1.8848419960299854
-      Virtual Size: '0x166'
-  Signature:
-  - IBM Polska Sp. z o.o.
-  - Symantec Class 3 SHA256 Code Signing CA
-  - VeriSign
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=PL, ST=mazowieckie, L=Warsaw, O=IBM Polska Sp. z o.o., CN=IBM Polska
-        Sp. z o.o.
-      ValidFrom: '2016-05-30 00:00:00'
-      ValidTo: '2019-07-29 23:59:59'
-      Signature: 37c4cb65c2d5579c51543d15af31471b5b497715b8018ab41d79e8c5fd07393f3ae94bc05fe9c7c309f7ac8cc213535a8fa8ea90100c57e455b50ddc95ee310d73c0577dd2e02e8f488ac3402f0a04f6bd5f40892e98c1c7a0f2763666416c56578c5124f057a762ac7e12ec79b0513db914a194e0180e7c60ebcfe6669802fa959e117dbe681d72789baa05343c622da0bb17eb05b8c6f0740d7053dbee3f12d569d4186d2dcc65a802e5ff99f6e9737f3b025eb44df12036e51b3d078fb5c29f36134134aa0ac6d34dc45d973b92fb05740c50975194828977dbe9c7218c092a4a96ec45d08610914926d92eb2fc2f0e7e4965dda5f82b7c9bbd731256acbf
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 74c58808c139aecc23260eb2ba16f2fd
-      Version: 3
-      TBS:
-        MD5: e7b67b21239296b841387cb545428012
-        SHA1: 16490d98ea08654a99e355b9b87be04fc66b62df
-        SHA256: 3dfd1ebc716c318dd93c0532018c67ca0e98bdb16dfbbd266dabf6f47dcb8870
-        SHA384: e70fb3a325bd9a1d3b52f5a7d8648a21c9a27ce88da95b324448220897832618a427b2b7d7f99cd4192645f1c1dac2a7
-    - Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 SHA256 Code Signing CA
-      ValidFrom: '2013-12-10 00:00:00'
-      ValidTo: '2023-12-09 23:59:59'
-      Signature: 13851a1e69a937f7a0bda4af7e1d6153fe9d8c5e0ca6751e781723ddfdec1a035539fb7195c7655aa78e30d2445a61db706fda2105c22e73ba49f1d193fe5dc9cd5e03e0899e3f741ed7f7388ba9d6cfbb352f3358a89256d1c84d3b82e6798416fc28b0b147f31da23eee87d9a67fa456a53fad842e29de7cbca8aaa33d0401eaba93a20e502229174c87e43a115fd6a425899b056b2fb4c9014c277b0bac190522a060153fdac9fb4d4c8ffb726777fd2794c7ba350e8849fe8dfd28af4a12bd0db39705de440c15fa362b03dcc15001f1a1115d14e5e2bd274b54be2b845e0fa6c374050aef97c38922b11f77f3bdcd43d4f14ca93fb58b84af64f2d01421
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 3d78d7f9764960b2617df4f01eca862a
-      Version: 3
-      TBS:
-        MD5: 1f056ff7d5f874984dc605402b7cb042
-        SHA1: bdb348353a2203deb4b767914fa1bd7248dd728b
-        SHA256: a08e79c386083d875014c409c13d144e0a24386132980df11ff59737c8489eb1
-        SHA384: fa2729064b49e0d77540c1ee95d5f74acaf8eaf55197851a3a40383335f8113e51190bc48b552196edf8ac5cf0c89278
-    Signer:
-    - SerialNumber: 74c58808c139aecc23260eb2ba16f2fd
-      Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 SHA256 Code Signing CA
-      Version: 1
-  Imphash: 2c19472843b56c67efb80d8c447f3cfe
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 2be85acec4d5e36a137af7ef046e0cc8
-    SHA1: b90403d206e5f76bbf699c9627461d9fdafa9aa5
-    SHA256: d453110c9050320419c2064ddea08230de6c76f86b07dc58112208e3d24a809e
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2006-05-05 01:37:49'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: CITMDRV_IA64.sys
-  ImportedFunctions:
-  - ZwClose
-  - ZwOpenFile
-  - RtlInitUnicodeString
-  - ZwWriteFile
-  - DbgPrint
-  - ZwCreateFile
-  - vsprintf
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ZwMapViewOfSection
-  - ZwUnmapViewOfSection
-  - MmUnlockPages
-  - IoFreeMdl
-  - ZwOpenSection
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - __C_specific_handler
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeTickCount
-  - KeBugCheckEx
-  Imports:
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: 825703c494e0d270f797f1ecf070f698
-  MachineType: IA64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: IBM Polska Sp. z o.o.
-  RichPEHeaderHash:
-    MD5: a636a04d17b366998b7c1c07aeed6b8f
-    SHA1: 21d73d0b88dcdb85eda878180b57c823e4b13610
-    SHA256: c40c075a7fb6945338d1cb5a5254a32ea4c58845c40d3626394b993262d6d6d8
-  SHA1: 5dd2c31c4357a8b76db095364952b3d0e3935e1d
-  SHA256: b9b3878ddc5dfb237d38f8d25067267870afd67d12a330397a8853209c4d889c
-  Sections:
-    .text:
-      Entropy: 5.387578832102652
-      Virtual Size: '0x2c80'
-    .rdata:
-      Entropy: 3.5276453906221574
-      Virtual Size: '0x2d0'
-    .pdata:
-      Entropy: 3.0920063384794108
-      Virtual Size: '0x90'
-    .srdata:
-      Entropy: 2.2708669023612464
-      Virtual Size: '0x148'
-    .sdata:
-      Entropy: 2.1231320048496527
-      Virtual Size: '0xd0'
-    INIT:
-      Entropy: 5.147103167634986
-      Virtual Size: '0x334'
-    .reloc:
-      Entropy: 1.8848419960299854
-      Virtual Size: '0x166'
-  Signature:
-  - IBM Polska Sp. z o.o.
-  - Symantec Class 3 SHA256 Code Signing CA
-  - VeriSign
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=PL, ST=mazowieckie, L=Warsaw, O=IBM Polska Sp. z o.o., CN=IBM Polska
-        Sp. z o.o.
-      ValidFrom: '2016-05-30 00:00:00'
-      ValidTo: '2019-07-29 23:59:59'
-      Signature: 37c4cb65c2d5579c51543d15af31471b5b497715b8018ab41d79e8c5fd07393f3ae94bc05fe9c7c309f7ac8cc213535a8fa8ea90100c57e455b50ddc95ee310d73c0577dd2e02e8f488ac3402f0a04f6bd5f40892e98c1c7a0f2763666416c56578c5124f057a762ac7e12ec79b0513db914a194e0180e7c60ebcfe6669802fa959e117dbe681d72789baa05343c622da0bb17eb05b8c6f0740d7053dbee3f12d569d4186d2dcc65a802e5ff99f6e9737f3b025eb44df12036e51b3d078fb5c29f36134134aa0ac6d34dc45d973b92fb05740c50975194828977dbe9c7218c092a4a96ec45d08610914926d92eb2fc2f0e7e4965dda5f82b7c9bbd731256acbf
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 74c58808c139aecc23260eb2ba16f2fd
-      Version: 3
-      TBS:
-        MD5: e7b67b21239296b841387cb545428012
-        SHA1: 16490d98ea08654a99e355b9b87be04fc66b62df
-        SHA256: 3dfd1ebc716c318dd93c0532018c67ca0e98bdb16dfbbd266dabf6f47dcb8870
-        SHA384: e70fb3a325bd9a1d3b52f5a7d8648a21c9a27ce88da95b324448220897832618a427b2b7d7f99cd4192645f1c1dac2a7
-    - Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 SHA256 Code Signing CA
-      ValidFrom: '2013-12-10 00:00:00'
-      ValidTo: '2023-12-09 23:59:59'
-      Signature: 13851a1e69a937f7a0bda4af7e1d6153fe9d8c5e0ca6751e781723ddfdec1a035539fb7195c7655aa78e30d2445a61db706fda2105c22e73ba49f1d193fe5dc9cd5e03e0899e3f741ed7f7388ba9d6cfbb352f3358a89256d1c84d3b82e6798416fc28b0b147f31da23eee87d9a67fa456a53fad842e29de7cbca8aaa33d0401eaba93a20e502229174c87e43a115fd6a425899b056b2fb4c9014c277b0bac190522a060153fdac9fb4d4c8ffb726777fd2794c7ba350e8849fe8dfd28af4a12bd0db39705de440c15fa362b03dcc15001f1a1115d14e5e2bd274b54be2b845e0fa6c374050aef97c38922b11f77f3bdcd43d4f14ca93fb58b84af64f2d01421
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 3d78d7f9764960b2617df4f01eca862a
-      Version: 3
-      TBS:
-        MD5: 1f056ff7d5f874984dc605402b7cb042
-        SHA1: bdb348353a2203deb4b767914fa1bd7248dd728b
-        SHA256: a08e79c386083d875014c409c13d144e0a24386132980df11ff59737c8489eb1
-        SHA384: fa2729064b49e0d77540c1ee95d5f74acaf8eaf55197851a3a40383335f8113e51190bc48b552196edf8ac5cf0c89278
-    Signer:
-    - SerialNumber: 74c58808c139aecc23260eb2ba16f2fd
-      Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 SHA256 Code Signing CA
-      Version: 1
-  Imphash: 2c19472843b56c67efb80d8c447f3cfe
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 2be85acec4d5e36a137af7ef046e0cc8
-    SHA1: b90403d206e5f76bbf699c9627461d9fdafa9aa5
-    SHA256: d453110c9050320419c2064ddea08230de6c76f86b07dc58112208e3d24a809e
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2006-05-05 01:37:49'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: CITMDRV_IA64.sys
-  ImportedFunctions:
-  - ZwClose
-  - ZwOpenFile
-  - RtlInitUnicodeString
-  - ZwWriteFile
-  - DbgPrint
-  - ZwCreateFile
-  - vsprintf
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ZwMapViewOfSection
-  - ZwUnmapViewOfSection
-  - MmUnlockPages
-  - IoFreeMdl
-  - ZwOpenSection
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - __C_specific_handler
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeTickCount
-  - KeBugCheckEx
-  Imports:
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: 9007c94c9d91ccff8d7f5d4cdddcc403
-  MachineType: IA64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: IBM Polska Sp. z o.o.
-  RichPEHeaderHash:
-    MD5: a636a04d17b366998b7c1c07aeed6b8f
-    SHA1: 21d73d0b88dcdb85eda878180b57c823e4b13610
-    SHA256: c40c075a7fb6945338d1cb5a5254a32ea4c58845c40d3626394b993262d6d6d8
-  SHA1: ecb4d096a9c58643b02f328d2c7742a38e017cf0
-  SHA256: db90e554ad249c2bd888282ecf7d8da4d1538dd364129a3327b54f8242dd5653
-  Sections:
-    .text:
-      Entropy: 5.387578832102652
-      Virtual Size: '0x2c80'
-    .rdata:
-      Entropy: 3.5276453906221574
-      Virtual Size: '0x2d0'
-    .pdata:
-      Entropy: 3.0920063384794108
-      Virtual Size: '0x90'
-    .srdata:
-      Entropy: 2.2708669023612464
-      Virtual Size: '0x148'
-    .sdata:
-      Entropy: 2.1231320048496527
-      Virtual Size: '0xd0'
-    INIT:
-      Entropy: 5.147103167634986
-      Virtual Size: '0x334'
-    .reloc:
-      Entropy: 1.8848419960299854
-      Virtual Size: '0x166'
-  Signature:
-  - IBM Polska Sp. z o.o.
-  - Symantec Class 3 SHA256 Code Signing CA
-  - VeriSign
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=PL, ST=mazowieckie, L=Warsaw, O=IBM Polska Sp. z o.o., CN=IBM Polska
-        Sp. z o.o.
-      ValidFrom: '2016-05-30 00:00:00'
-      ValidTo: '2019-07-29 23:59:59'
-      Signature: 37c4cb65c2d5579c51543d15af31471b5b497715b8018ab41d79e8c5fd07393f3ae94bc05fe9c7c309f7ac8cc213535a8fa8ea90100c57e455b50ddc95ee310d73c0577dd2e02e8f488ac3402f0a04f6bd5f40892e98c1c7a0f2763666416c56578c5124f057a762ac7e12ec79b0513db914a194e0180e7c60ebcfe6669802fa959e117dbe681d72789baa05343c622da0bb17eb05b8c6f0740d7053dbee3f12d569d4186d2dcc65a802e5ff99f6e9737f3b025eb44df12036e51b3d078fb5c29f36134134aa0ac6d34dc45d973b92fb05740c50975194828977dbe9c7218c092a4a96ec45d08610914926d92eb2fc2f0e7e4965dda5f82b7c9bbd731256acbf
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 74c58808c139aecc23260eb2ba16f2fd
-      Version: 3
-      TBS:
-        MD5: e7b67b21239296b841387cb545428012
-        SHA1: 16490d98ea08654a99e355b9b87be04fc66b62df
-        SHA256: 3dfd1ebc716c318dd93c0532018c67ca0e98bdb16dfbbd266dabf6f47dcb8870
-        SHA384: e70fb3a325bd9a1d3b52f5a7d8648a21c9a27ce88da95b324448220897832618a427b2b7d7f99cd4192645f1c1dac2a7
-    - Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 SHA256 Code Signing CA
-      ValidFrom: '2013-12-10 00:00:00'
-      ValidTo: '2023-12-09 23:59:59'
-      Signature: 13851a1e69a937f7a0bda4af7e1d6153fe9d8c5e0ca6751e781723ddfdec1a035539fb7195c7655aa78e30d2445a61db706fda2105c22e73ba49f1d193fe5dc9cd5e03e0899e3f741ed7f7388ba9d6cfbb352f3358a89256d1c84d3b82e6798416fc28b0b147f31da23eee87d9a67fa456a53fad842e29de7cbca8aaa33d0401eaba93a20e502229174c87e43a115fd6a425899b056b2fb4c9014c277b0bac190522a060153fdac9fb4d4c8ffb726777fd2794c7ba350e8849fe8dfd28af4a12bd0db39705de440c15fa362b03dcc15001f1a1115d14e5e2bd274b54be2b845e0fa6c374050aef97c38922b11f77f3bdcd43d4f14ca93fb58b84af64f2d01421
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 3d78d7f9764960b2617df4f01eca862a
-      Version: 3
-      TBS:
-        MD5: 1f056ff7d5f874984dc605402b7cb042
-        SHA1: bdb348353a2203deb4b767914fa1bd7248dd728b
-        SHA256: a08e79c386083d875014c409c13d144e0a24386132980df11ff59737c8489eb1
-        SHA384: fa2729064b49e0d77540c1ee95d5f74acaf8eaf55197851a3a40383335f8113e51190bc48b552196edf8ac5cf0c89278
-    Signer:
-    - SerialNumber: 74c58808c139aecc23260eb2ba16f2fd
-      Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 SHA256 Code Signing CA
-      Version: 1
-  Imphash: 2c19472843b56c67efb80d8c447f3cfe
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 2be85acec4d5e36a137af7ef046e0cc8
-    SHA1: b90403d206e5f76bbf699c9627461d9fdafa9aa5
-    SHA256: d453110c9050320419c2064ddea08230de6c76f86b07dc58112208e3d24a809e
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2006-05-05 01:37:49'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: CITMDRV_IA64.sys
-  ImportedFunctions:
-  - ZwClose
-  - ZwOpenFile
-  - RtlInitUnicodeString
-  - ZwWriteFile
-  - DbgPrint
-  - ZwCreateFile
-  - vsprintf
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ZwMapViewOfSection
-  - ZwUnmapViewOfSection
-  - MmUnlockPages
-  - IoFreeMdl
-  - ZwOpenSection
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - __C_specific_handler
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeTickCount
-  - KeBugCheckEx
-  Imports:
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: 9b359b722ac80c4e0a5235264e1e0156
-  MachineType: IA64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: IBM Polska Sp. z o.o.
-  RichPEHeaderHash:
-    MD5: a636a04d17b366998b7c1c07aeed6b8f
-    SHA1: 21d73d0b88dcdb85eda878180b57c823e4b13610
-    SHA256: c40c075a7fb6945338d1cb5a5254a32ea4c58845c40d3626394b993262d6d6d8
-  SHA1: 4a705af959af61bad48ef7579f839cb5ebd654d2
-  SHA256: e61a54f6d3869b43c4eceac3016df73df67cce03878c5a6167166601c5d3f028
-  Sections:
-    .text:
-      Entropy: 5.387578832102652
-      Virtual Size: '0x2c80'
-    .rdata:
-      Entropy: 3.5276453906221574
-      Virtual Size: '0x2d0'
-    .pdata:
-      Entropy: 3.0920063384794108
-      Virtual Size: '0x90'
-    .srdata:
-      Entropy: 2.2708669023612464
-      Virtual Size: '0x148'
-    .sdata:
-      Entropy: 2.1231320048496527
-      Virtual Size: '0xd0'
-    INIT:
-      Entropy: 5.147103167634986
-      Virtual Size: '0x334'
-    .reloc:
-      Entropy: 1.8848419960299854
-      Virtual Size: '0x166'
-  Signature:
-  - IBM Polska Sp. z o.o.
-  - VeriSign Class 3 Code Signing 2010 CA
-  - VeriSign
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=PL, ST=mazowieckie, L=Warsaw, O=IBM Polska Sp. z o.o., OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, CN=IBM Polska Sp. z o.o.
-      ValidFrom: '2013-05-31 00:00:00'
-      ValidTo: '2016-06-29 23:59:59'
-      Signature: 42e8dc916f2dc408ca5166c8b7ced14e560f83871c13c6c64e315e05fe905f6d744191e2e1fa04e15896b09c9853c735ac78efecf1d9d6c4b81d449b71b041b37f66e879cdd3ccaee2fad716d01f842540235d15c8b607c010ae4abe541053cc38f0f16c25c4cc1064aea63f2db60ebb4a7fd0f4c468f658bfe57c541b1b9292c3e6490604e75ceb222dad4bd25c3cf81031d9eeb9599a7f150f3ea8417ae517a59488fc512bbda13ba30018b1692ebfea87957384abb8cb0ce20141a7d58299a15454184e79a36c7e492e5e98c145e6e2b6010fb70825c2557176ad96047e55ca2136536f9d2357f3bbd970eb696a6af7eedb5ffdbe4696b99412a5d09e568e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 63acb2cbe8cf97d66478469f5ce0d445
-      Version: 3
-      TBS:
-        MD5: d2f517a828f35cbbd527489cdc79ea5d
-        SHA1: c09bc2bc5ba1256a1a7928f16cb0a628ff50209b
-        SHA256: e20f8274f7861cfeac94335c1201e538a22ed769e10c4eef430bf8f50598ff85
-        SHA384: 6011cff1637bf8176fdda7d4f22656034e7cfa63676bb0414ad5e48f3a7e4a0eb013ba6f533c997a0eadc507c65d914f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 63acb2cbe8cf97d66478469f5ce0d445
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 2c19472843b56c67efb80d8c447f3cfe
-  LoadsDespiteHVCI: 'TRUE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create CITMDRV_IA64.sys binPath=C:\windows\temp\CITMDRV_IA64.sys     type=kernel
+        && sc.exe start CITMDRV_IA64.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://github.com/namazso/physmem_drivers
-Tags:
-- CITMDRV_IA64.sys
-Verified: 'TRUE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 2be85acec4d5e36a137af7ef046e0cc8
+        SHA1: b90403d206e5f76bbf699c9627461d9fdafa9aa5
+        SHA256: d453110c9050320419c2064ddea08230de6c76f86b07dc58112208e3d24a809e
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2006-05-05 01:37:49'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: CITMDRV_IA64.sys
+    ImportedFunctions:
+    - ZwClose
+    - ZwOpenFile
+    - RtlInitUnicodeString
+    - ZwWriteFile
+    - DbgPrint
+    - ZwCreateFile
+    - vsprintf
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - ZwMapViewOfSection
+    - ZwUnmapViewOfSection
+    - MmUnlockPages
+    - IoFreeMdl
+    - ZwOpenSection
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - __C_specific_handler
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeTickCount
+    - KeBugCheckEx
+    Imports:
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: c7a57cd4bea07dadba2e2fb914379910
+    MachineType: IA64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: IBM Polska Sp. z o.o.
+    RichPEHeaderHash:
+        MD5: a636a04d17b366998b7c1c07aeed6b8f
+        SHA1: 21d73d0b88dcdb85eda878180b57c823e4b13610
+        SHA256: c40c075a7fb6945338d1cb5a5254a32ea4c58845c40d3626394b993262d6d6d8
+    SHA1: ea877092d57373cb466b44e7dbcad4ce9a547344
+    SHA256: 1c8dfa14888bb58848b4792fb1d8a921976a9463be8334cff45cc96f1276049a
+    Sections:
+        .text:
+            Entropy: 5.387578832102652
+            Virtual Size: '0x2c80'
+        .rdata:
+            Entropy: 3.5276453906221574
+            Virtual Size: '0x2d0'
+        .pdata:
+            Entropy: 3.0920063384794108
+            Virtual Size: '0x90'
+        .srdata:
+            Entropy: 2.2708669023612464
+            Virtual Size: '0x148'
+        .sdata:
+            Entropy: 2.1231320048496527
+            Virtual Size: '0xd0'
+        INIT:
+            Entropy: 5.147103167634986
+            Virtual Size: '0x334'
+        .reloc:
+            Entropy: 1.8848419960299854
+            Virtual Size: '0x166'
+    Signature:
+    - IBM Polska Sp. z o.o.
+    - Symantec Class 3 SHA256 Code Signing CA
+    - VeriSign
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=PL, ST=mazowieckie, L=Warsaw, O=IBM Polska Sp. z o.o., CN=IBM
+                Polska Sp. z o.o.
+            ValidFrom: '2016-05-30 00:00:00'
+            ValidTo: '2019-07-29 23:59:59'
+            Signature: 37c4cb65c2d5579c51543d15af31471b5b497715b8018ab41d79e8c5fd07393f3ae94bc05fe9c7c309f7ac8cc213535a8fa8ea90100c57e455b50ddc95ee310d73c0577dd2e02e8f488ac3402f0a04f6bd5f40892e98c1c7a0f2763666416c56578c5124f057a762ac7e12ec79b0513db914a194e0180e7c60ebcfe6669802fa959e117dbe681d72789baa05343c622da0bb17eb05b8c6f0740d7053dbee3f12d569d4186d2dcc65a802e5ff99f6e9737f3b025eb44df12036e51b3d078fb5c29f36134134aa0ac6d34dc45d973b92fb05740c50975194828977dbe9c7218c092a4a96ec45d08610914926d92eb2fc2f0e7e4965dda5f82b7c9bbd731256acbf
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 74c58808c139aecc23260eb2ba16f2fd
+            Version: 3
+            TBS:
+                MD5: e7b67b21239296b841387cb545428012
+                SHA1: 16490d98ea08654a99e355b9b87be04fc66b62df
+                SHA256: 3dfd1ebc716c318dd93c0532018c67ca0e98bdb16dfbbd266dabf6f47dcb8870
+                SHA384: e70fb3a325bd9a1d3b52f5a7d8648a21c9a27ce88da95b324448220897832618a427b2b7d7f99cd4192645f1c1dac2a7
+        -   Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 SHA256 Code Signing CA
+            ValidFrom: '2013-12-10 00:00:00'
+            ValidTo: '2023-12-09 23:59:59'
+            Signature: 13851a1e69a937f7a0bda4af7e1d6153fe9d8c5e0ca6751e781723ddfdec1a035539fb7195c7655aa78e30d2445a61db706fda2105c22e73ba49f1d193fe5dc9cd5e03e0899e3f741ed7f7388ba9d6cfbb352f3358a89256d1c84d3b82e6798416fc28b0b147f31da23eee87d9a67fa456a53fad842e29de7cbca8aaa33d0401eaba93a20e502229174c87e43a115fd6a425899b056b2fb4c9014c277b0bac190522a060153fdac9fb4d4c8ffb726777fd2794c7ba350e8849fe8dfd28af4a12bd0db39705de440c15fa362b03dcc15001f1a1115d14e5e2bd274b54be2b845e0fa6c374050aef97c38922b11f77f3bdcd43d4f14ca93fb58b84af64f2d01421
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 3d78d7f9764960b2617df4f01eca862a
+            Version: 3
+            TBS:
+                MD5: 1f056ff7d5f874984dc605402b7cb042
+                SHA1: bdb348353a2203deb4b767914fa1bd7248dd728b
+                SHA256: a08e79c386083d875014c409c13d144e0a24386132980df11ff59737c8489eb1
+                SHA384: fa2729064b49e0d77540c1ee95d5f74acaf8eaf55197851a3a40383335f8113e51190bc48b552196edf8ac5cf0c89278
+        Signer:
+        -   SerialNumber: 74c58808c139aecc23260eb2ba16f2fd
+            Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 SHA256 Code Signing CA
+            Version: 1
+    Imphash: 2c19472843b56c67efb80d8c447f3cfe
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 2be85acec4d5e36a137af7ef046e0cc8
+        SHA1: b90403d206e5f76bbf699c9627461d9fdafa9aa5
+        SHA256: d453110c9050320419c2064ddea08230de6c76f86b07dc58112208e3d24a809e
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2006-05-05 01:37:49'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: CITMDRV_IA64.sys
+    ImportedFunctions:
+    - ZwClose
+    - ZwOpenFile
+    - RtlInitUnicodeString
+    - ZwWriteFile
+    - DbgPrint
+    - ZwCreateFile
+    - vsprintf
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - ZwMapViewOfSection
+    - ZwUnmapViewOfSection
+    - MmUnlockPages
+    - IoFreeMdl
+    - ZwOpenSection
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - __C_specific_handler
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeTickCount
+    - KeBugCheckEx
+    Imports:
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: 6909b5e86e00b4033fedfca1775b0e33
+    MachineType: IA64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: IBM Polska Sp. z o.o.
+    RichPEHeaderHash:
+        MD5: a636a04d17b366998b7c1c07aeed6b8f
+        SHA1: 21d73d0b88dcdb85eda878180b57c823e4b13610
+        SHA256: c40c075a7fb6945338d1cb5a5254a32ea4c58845c40d3626394b993262d6d6d8
+    SHA1: 205c69f078a563f54f4c0da2d02a25e284370251
+    SHA256: 22418016e980e0a4a2d01ca210a17059916a4208352c1018b0079ccb19aaf86a
+    Sections:
+        .text:
+            Entropy: 5.387578832102652
+            Virtual Size: '0x2c80'
+        .rdata:
+            Entropy: 3.5276453906221574
+            Virtual Size: '0x2d0'
+        .pdata:
+            Entropy: 3.0920063384794108
+            Virtual Size: '0x90'
+        .srdata:
+            Entropy: 2.2708669023612464
+            Virtual Size: '0x148'
+        .sdata:
+            Entropy: 2.1231320048496527
+            Virtual Size: '0xd0'
+        INIT:
+            Entropy: 5.147103167634986
+            Virtual Size: '0x334'
+        .reloc:
+            Entropy: 1.8848419960299854
+            Virtual Size: '0x166'
+    Signature:
+    - IBM Polska Sp. z o.o.
+    - VeriSign Class 3 Code Signing 2009-2 CA
+    - VeriSign Class 3 Public Primary CA
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=PL, ST=malopolska, L=Krakow, O=IBM Polska Sp. z o.o., OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, CN=IBM Polska Sp. z
+                o.o.
+            ValidFrom: '2010-04-08 00:00:00'
+            ValidTo: '2013-04-09 23:59:59'
+            Signature: aec628787fc5115db93dba252e13cd029479d493c11fe73c7489505159c140ffe12c4626385c9dc75bb198692a08f1ddef7596666f654f6b2ac73884106f73c854ea38c3ea17af5d6b114884e174c4fb9061d48894066d6375662ddfdbb501cecbd1b6b92b9ac67a4b420aab9275658932fbcddfaa96590f5d40d29c807fda722681eb09fd16407fc1f2aea03470f36d1e134807d87dfc934789a500bf97b7fa816a56b96b269cf900d66809306d450556051df6ea7643848b2199d3a4927c34f1e385a31ead8aabb510a3dc1551c2ddabfede5f3210e774196660380a9d707d329c97e4317ddde27e111865367bab7c424e9a704f7f005d641cff9e3977bd38
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 45595f53cb4840a48f7415305213fba6
+            Version: 3
+            TBS:
+                MD5: 478f5b241a92e2c4a0b1580fbf6a1222
+                SHA1: 16c4e1d539fe3eff639929b0e688e97dea1fbd7c
+                SHA256: f9655471d8ad73cfa42a56521d31e6f0d7088207234f3aaa00638fe36fad109d
+                SHA384: 3f0f3cdcb3f9b03da2be316c4305836ffb88b0cb8e18001518cff506e0fa35b27b98f4330f7f91fef30d37de2d57cf24
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        Signer:
+        -   SerialNumber: 45595f53cb4840a48f7415305213fba6
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    Imphash: 2c19472843b56c67efb80d8c447f3cfe
+    LoadsDespiteHVCI: 'TRUE'
+-   Authentihash:
+        MD5: 2be85acec4d5e36a137af7ef046e0cc8
+        SHA1: b90403d206e5f76bbf699c9627461d9fdafa9aa5
+        SHA256: d453110c9050320419c2064ddea08230de6c76f86b07dc58112208e3d24a809e
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2006-05-05 01:37:49'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: CITMDRV_IA64.sys
+    ImportedFunctions:
+    - ZwClose
+    - ZwOpenFile
+    - RtlInitUnicodeString
+    - ZwWriteFile
+    - DbgPrint
+    - ZwCreateFile
+    - vsprintf
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - ZwMapViewOfSection
+    - ZwUnmapViewOfSection
+    - MmUnlockPages
+    - IoFreeMdl
+    - ZwOpenSection
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - __C_specific_handler
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeTickCount
+    - KeBugCheckEx
+    Imports:
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: fa173832dca1b1faeba095e5c82a1559
+    MachineType: IA64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: IBM Polska Sp. z o.o.
+    RichPEHeaderHash:
+        MD5: a636a04d17b366998b7c1c07aeed6b8f
+        SHA1: 21d73d0b88dcdb85eda878180b57c823e4b13610
+        SHA256: c40c075a7fb6945338d1cb5a5254a32ea4c58845c40d3626394b993262d6d6d8
+    SHA1: f9feb60b23ca69072ce42264cd821fe588a186a6
+    SHA256: 405472a8f9400a54bb29d03b436ccd58cfd6442fe686f6d2ed4f63f002854659
+    Sections:
+        .text:
+            Entropy: 5.387578832102652
+            Virtual Size: '0x2c80'
+        .rdata:
+            Entropy: 3.5276453906221574
+            Virtual Size: '0x2d0'
+        .pdata:
+            Entropy: 3.0920063384794108
+            Virtual Size: '0x90'
+        .srdata:
+            Entropy: 2.2708669023612464
+            Virtual Size: '0x148'
+        .sdata:
+            Entropy: 2.1231320048496527
+            Virtual Size: '0xd0'
+        INIT:
+            Entropy: 5.147103167634986
+            Virtual Size: '0x334'
+        .reloc:
+            Entropy: 1.8848419960299854
+            Virtual Size: '0x166'
+    Signature:
+    - IBM Polska Sp. z o.o.
+    - VeriSign Class 3 Code Signing 2009-2 CA
+    - VeriSign Class 3 Public Primary Certification Authority (PCA3 G1 SHA1)
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G3
+            ValidFrom: '2012-05-01 00:00:00'
+            ValidTo: '2012-12-31 23:59:59'
+            Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
+            Version: 3
+            TBS:
+                MD5: e6d820afb23af20a65cf0b03247ea05e
+                SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
+                SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
+                SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=PL, ST=malopolska, L=Krakow, O=IBM Polska Sp. z o.o., OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, CN=IBM Polska Sp. z
+                o.o.
+            ValidFrom: '2010-04-08 00:00:00'
+            ValidTo: '2013-04-09 23:59:59'
+            Signature: aec628787fc5115db93dba252e13cd029479d493c11fe73c7489505159c140ffe12c4626385c9dc75bb198692a08f1ddef7596666f654f6b2ac73884106f73c854ea38c3ea17af5d6b114884e174c4fb9061d48894066d6375662ddfdbb501cecbd1b6b92b9ac67a4b420aab9275658932fbcddfaa96590f5d40d29c807fda722681eb09fd16407fc1f2aea03470f36d1e134807d87dfc934789a500bf97b7fa816a56b96b269cf900d66809306d450556051df6ea7643848b2199d3a4927c34f1e385a31ead8aabb510a3dc1551c2ddabfede5f3210e774196660380a9d707d329c97e4317ddde27e111865367bab7c424e9a704f7f005d641cff9e3977bd38
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 45595f53cb4840a48f7415305213fba6
+            Version: 3
+            TBS:
+                MD5: 478f5b241a92e2c4a0b1580fbf6a1222
+                SHA1: 16c4e1d539fe3eff639929b0e688e97dea1fbd7c
+                SHA256: f9655471d8ad73cfa42a56521d31e6f0d7088207234f3aaa00638fe36fad109d
+                SHA384: 3f0f3cdcb3f9b03da2be316c4305836ffb88b0cb8e18001518cff506e0fa35b27b98f4330f7f91fef30d37de2d57cf24
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        Signer:
+        -   SerialNumber: 45595f53cb4840a48f7415305213fba6
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    Imphash: 2c19472843b56c67efb80d8c447f3cfe
+    LoadsDespiteHVCI: 'TRUE'
+-   Authentihash:
+        MD5: 2be85acec4d5e36a137af7ef046e0cc8
+        SHA1: b90403d206e5f76bbf699c9627461d9fdafa9aa5
+        SHA256: d453110c9050320419c2064ddea08230de6c76f86b07dc58112208e3d24a809e
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2006-05-05 01:37:49'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: CITMDRV_IA64.sys
+    ImportedFunctions:
+    - ZwClose
+    - ZwOpenFile
+    - RtlInitUnicodeString
+    - ZwWriteFile
+    - DbgPrint
+    - ZwCreateFile
+    - vsprintf
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - ZwMapViewOfSection
+    - ZwUnmapViewOfSection
+    - MmUnlockPages
+    - IoFreeMdl
+    - ZwOpenSection
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - __C_specific_handler
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeTickCount
+    - KeBugCheckEx
+    Imports:
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: bbe4f5f8b0c0f32f384a83ae31f49a00
+    MachineType: IA64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: IBM Polska Sp. z o.o.
+    RichPEHeaderHash:
+        MD5: a636a04d17b366998b7c1c07aeed6b8f
+        SHA1: 21d73d0b88dcdb85eda878180b57c823e4b13610
+        SHA256: c40c075a7fb6945338d1cb5a5254a32ea4c58845c40d3626394b993262d6d6d8
+    SHA1: b25170e09c9fb7c0599bfba3cf617187f6a733ac
+    SHA256: 49f75746eebe14e5db11706b3e58accc62d4034d2f1c05c681ecef5d1ad933ba
+    Sections:
+        .text:
+            Entropy: 5.387578832102652
+            Virtual Size: '0x2c80'
+        .rdata:
+            Entropy: 3.5276453906221574
+            Virtual Size: '0x2d0'
+        .pdata:
+            Entropy: 3.0920063384794108
+            Virtual Size: '0x90'
+        .srdata:
+            Entropy: 2.2708669023612464
+            Virtual Size: '0x148'
+        .sdata:
+            Entropy: 2.1231320048496527
+            Virtual Size: '0xd0'
+        INIT:
+            Entropy: 5.147103167634986
+            Virtual Size: '0x334'
+        .reloc:
+            Entropy: 1.8848419960299854
+            Virtual Size: '0x166'
+    Signature:
+    - IBM Polska Sp. z o.o.
+    - VeriSign Class 3 Code Signing 2010 CA
+    - VeriSign
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=PL, ST=mazowieckie, L=Warsaw, O=IBM Polska Sp. z o.o., OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, CN=IBM Polska Sp. z
+                o.o.
+            ValidFrom: '2013-05-31 00:00:00'
+            ValidTo: '2016-06-29 23:59:59'
+            Signature: 42e8dc916f2dc408ca5166c8b7ced14e560f83871c13c6c64e315e05fe905f6d744191e2e1fa04e15896b09c9853c735ac78efecf1d9d6c4b81d449b71b041b37f66e879cdd3ccaee2fad716d01f842540235d15c8b607c010ae4abe541053cc38f0f16c25c4cc1064aea63f2db60ebb4a7fd0f4c468f658bfe57c541b1b9292c3e6490604e75ceb222dad4bd25c3cf81031d9eeb9599a7f150f3ea8417ae517a59488fc512bbda13ba30018b1692ebfea87957384abb8cb0ce20141a7d58299a15454184e79a36c7e492e5e98c145e6e2b6010fb70825c2557176ad96047e55ca2136536f9d2357f3bbd970eb696a6af7eedb5ffdbe4696b99412a5d09e568e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 63acb2cbe8cf97d66478469f5ce0d445
+            Version: 3
+            TBS:
+                MD5: d2f517a828f35cbbd527489cdc79ea5d
+                SHA1: c09bc2bc5ba1256a1a7928f16cb0a628ff50209b
+                SHA256: e20f8274f7861cfeac94335c1201e538a22ed769e10c4eef430bf8f50598ff85
+                SHA384: 6011cff1637bf8176fdda7d4f22656034e7cfa63676bb0414ad5e48f3a7e4a0eb013ba6f533c997a0eadc507c65d914f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 63acb2cbe8cf97d66478469f5ce0d445
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 2c19472843b56c67efb80d8c447f3cfe
+    LoadsDespiteHVCI: 'TRUE'
+-   Authentihash:
+        MD5: 2be85acec4d5e36a137af7ef046e0cc8
+        SHA1: b90403d206e5f76bbf699c9627461d9fdafa9aa5
+        SHA256: d453110c9050320419c2064ddea08230de6c76f86b07dc58112208e3d24a809e
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2006-05-05 01:37:49'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: CITMDRV_IA64.sys
+    ImportedFunctions:
+    - ZwClose
+    - ZwOpenFile
+    - RtlInitUnicodeString
+    - ZwWriteFile
+    - DbgPrint
+    - ZwCreateFile
+    - vsprintf
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - ZwMapViewOfSection
+    - ZwUnmapViewOfSection
+    - MmUnlockPages
+    - IoFreeMdl
+    - ZwOpenSection
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - __C_specific_handler
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeTickCount
+    - KeBugCheckEx
+    Imports:
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: c5f5d109f11aadebae94c77b27cb026f
+    MachineType: IA64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: IBM Polska Sp. z o.o.
+    RichPEHeaderHash:
+        MD5: a636a04d17b366998b7c1c07aeed6b8f
+        SHA1: 21d73d0b88dcdb85eda878180b57c823e4b13610
+        SHA256: c40c075a7fb6945338d1cb5a5254a32ea4c58845c40d3626394b993262d6d6d8
+    SHA1: 160c96b5e5db8c96b821895582b501e3c2d5d6e7
+    SHA256: 4a3d4db86f580b1680d6454baee1c1a139e2dde7d55e972ba7c92ec3f555dce2
+    Sections:
+        .text:
+            Entropy: 5.387578832102652
+            Virtual Size: '0x2c80'
+        .rdata:
+            Entropy: 3.5276453906221574
+            Virtual Size: '0x2d0'
+        .pdata:
+            Entropy: 3.0920063384794108
+            Virtual Size: '0x90'
+        .srdata:
+            Entropy: 2.2708669023612464
+            Virtual Size: '0x148'
+        .sdata:
+            Entropy: 2.1231320048496527
+            Virtual Size: '0xd0'
+        INIT:
+            Entropy: 5.147103167634986
+            Virtual Size: '0x334'
+        .reloc:
+            Entropy: 1.8848419960299854
+            Virtual Size: '0x166'
+    Signature:
+    - IBM Polska Sp. z o.o.
+    - VeriSign Class 3 Code Signing 2010 CA
+    - VeriSign
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=PL, ST=mazowieckie, L=Warsaw, O=IBM Polska Sp. z o.o., OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, CN=IBM Polska Sp. z
+                o.o.
+            ValidFrom: '2013-05-31 00:00:00'
+            ValidTo: '2016-06-29 23:59:59'
+            Signature: 42e8dc916f2dc408ca5166c8b7ced14e560f83871c13c6c64e315e05fe905f6d744191e2e1fa04e15896b09c9853c735ac78efecf1d9d6c4b81d449b71b041b37f66e879cdd3ccaee2fad716d01f842540235d15c8b607c010ae4abe541053cc38f0f16c25c4cc1064aea63f2db60ebb4a7fd0f4c468f658bfe57c541b1b9292c3e6490604e75ceb222dad4bd25c3cf81031d9eeb9599a7f150f3ea8417ae517a59488fc512bbda13ba30018b1692ebfea87957384abb8cb0ce20141a7d58299a15454184e79a36c7e492e5e98c145e6e2b6010fb70825c2557176ad96047e55ca2136536f9d2357f3bbd970eb696a6af7eedb5ffdbe4696b99412a5d09e568e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 63acb2cbe8cf97d66478469f5ce0d445
+            Version: 3
+            TBS:
+                MD5: d2f517a828f35cbbd527489cdc79ea5d
+                SHA1: c09bc2bc5ba1256a1a7928f16cb0a628ff50209b
+                SHA256: e20f8274f7861cfeac94335c1201e538a22ed769e10c4eef430bf8f50598ff85
+                SHA384: 6011cff1637bf8176fdda7d4f22656034e7cfa63676bb0414ad5e48f3a7e4a0eb013ba6f533c997a0eadc507c65d914f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 63acb2cbe8cf97d66478469f5ce0d445
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 2c19472843b56c67efb80d8c447f3cfe
+    LoadsDespiteHVCI: 'TRUE'
+-   Authentihash:
+        MD5: 2be85acec4d5e36a137af7ef046e0cc8
+        SHA1: b90403d206e5f76bbf699c9627461d9fdafa9aa5
+        SHA256: d453110c9050320419c2064ddea08230de6c76f86b07dc58112208e3d24a809e
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2006-05-05 01:37:49'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: CITMDRV_IA64.sys
+    ImportedFunctions:
+    - ZwClose
+    - ZwOpenFile
+    - RtlInitUnicodeString
+    - ZwWriteFile
+    - DbgPrint
+    - ZwCreateFile
+    - vsprintf
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - ZwMapViewOfSection
+    - ZwUnmapViewOfSection
+    - MmUnlockPages
+    - IoFreeMdl
+    - ZwOpenSection
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - __C_specific_handler
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeTickCount
+    - KeBugCheckEx
+    Imports:
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: 40bc58b7615d00eb55ad9ba700c340c1
+    MachineType: IA64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: IBM Polska Sp. z o.o.
+    RichPEHeaderHash:
+        MD5: a636a04d17b366998b7c1c07aeed6b8f
+        SHA1: 21d73d0b88dcdb85eda878180b57c823e4b13610
+        SHA256: c40c075a7fb6945338d1cb5a5254a32ea4c58845c40d3626394b993262d6d6d8
+    SHA1: a2e0b3162cfa336cd4ab40a2acc95abe7dc53843
+    SHA256: 4ab41816abbf14d59e75b7fad49e2cb1c1feb27a3cb27402297a2a4793ff9da7
+    Sections:
+        .text:
+            Entropy: 5.387578832102652
+            Virtual Size: '0x2c80'
+        .rdata:
+            Entropy: 3.5276453906221574
+            Virtual Size: '0x2d0'
+        .pdata:
+            Entropy: 3.0920063384794108
+            Virtual Size: '0x90'
+        .srdata:
+            Entropy: 2.2708669023612464
+            Virtual Size: '0x148'
+        .sdata:
+            Entropy: 2.1231320048496527
+            Virtual Size: '0xd0'
+        INIT:
+            Entropy: 5.147103167634986
+            Virtual Size: '0x334'
+        .reloc:
+            Entropy: 1.8848419960299854
+            Virtual Size: '0x166'
+    Signature:
+    - IBM Polska Sp. z o.o.
+    - Symantec Class 3 SHA256 Code Signing CA
+    - VeriSign
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=PL, ST=mazowieckie, L=Warsaw, O=IBM Polska Sp. z o.o., CN=IBM
+                Polska Sp. z o.o.
+            ValidFrom: '2016-05-30 00:00:00'
+            ValidTo: '2019-07-29 23:59:59'
+            Signature: 37c4cb65c2d5579c51543d15af31471b5b497715b8018ab41d79e8c5fd07393f3ae94bc05fe9c7c309f7ac8cc213535a8fa8ea90100c57e455b50ddc95ee310d73c0577dd2e02e8f488ac3402f0a04f6bd5f40892e98c1c7a0f2763666416c56578c5124f057a762ac7e12ec79b0513db914a194e0180e7c60ebcfe6669802fa959e117dbe681d72789baa05343c622da0bb17eb05b8c6f0740d7053dbee3f12d569d4186d2dcc65a802e5ff99f6e9737f3b025eb44df12036e51b3d078fb5c29f36134134aa0ac6d34dc45d973b92fb05740c50975194828977dbe9c7218c092a4a96ec45d08610914926d92eb2fc2f0e7e4965dda5f82b7c9bbd731256acbf
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 74c58808c139aecc23260eb2ba16f2fd
+            Version: 3
+            TBS:
+                MD5: e7b67b21239296b841387cb545428012
+                SHA1: 16490d98ea08654a99e355b9b87be04fc66b62df
+                SHA256: 3dfd1ebc716c318dd93c0532018c67ca0e98bdb16dfbbd266dabf6f47dcb8870
+                SHA384: e70fb3a325bd9a1d3b52f5a7d8648a21c9a27ce88da95b324448220897832618a427b2b7d7f99cd4192645f1c1dac2a7
+        -   Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 SHA256 Code Signing CA
+            ValidFrom: '2013-12-10 00:00:00'
+            ValidTo: '2023-12-09 23:59:59'
+            Signature: 13851a1e69a937f7a0bda4af7e1d6153fe9d8c5e0ca6751e781723ddfdec1a035539fb7195c7655aa78e30d2445a61db706fda2105c22e73ba49f1d193fe5dc9cd5e03e0899e3f741ed7f7388ba9d6cfbb352f3358a89256d1c84d3b82e6798416fc28b0b147f31da23eee87d9a67fa456a53fad842e29de7cbca8aaa33d0401eaba93a20e502229174c87e43a115fd6a425899b056b2fb4c9014c277b0bac190522a060153fdac9fb4d4c8ffb726777fd2794c7ba350e8849fe8dfd28af4a12bd0db39705de440c15fa362b03dcc15001f1a1115d14e5e2bd274b54be2b845e0fa6c374050aef97c38922b11f77f3bdcd43d4f14ca93fb58b84af64f2d01421
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 3d78d7f9764960b2617df4f01eca862a
+            Version: 3
+            TBS:
+                MD5: 1f056ff7d5f874984dc605402b7cb042
+                SHA1: bdb348353a2203deb4b767914fa1bd7248dd728b
+                SHA256: a08e79c386083d875014c409c13d144e0a24386132980df11ff59737c8489eb1
+                SHA384: fa2729064b49e0d77540c1ee95d5f74acaf8eaf55197851a3a40383335f8113e51190bc48b552196edf8ac5cf0c89278
+        Signer:
+        -   SerialNumber: 74c58808c139aecc23260eb2ba16f2fd
+            Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 SHA256 Code Signing CA
+            Version: 1
+    Imphash: 2c19472843b56c67efb80d8c447f3cfe
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 2be85acec4d5e36a137af7ef046e0cc8
+        SHA1: b90403d206e5f76bbf699c9627461d9fdafa9aa5
+        SHA256: d453110c9050320419c2064ddea08230de6c76f86b07dc58112208e3d24a809e
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2006-05-05 01:37:49'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: CITMDRV_IA64.sys
+    ImportedFunctions:
+    - ZwClose
+    - ZwOpenFile
+    - RtlInitUnicodeString
+    - ZwWriteFile
+    - DbgPrint
+    - ZwCreateFile
+    - vsprintf
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - ZwMapViewOfSection
+    - ZwUnmapViewOfSection
+    - MmUnlockPages
+    - IoFreeMdl
+    - ZwOpenSection
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - __C_specific_handler
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeTickCount
+    - KeBugCheckEx
+    Imports:
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: 839cbbc86453960e9eb6db814b776a40
+    MachineType: IA64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: IBM Polska Sp. z o.o.
+    RichPEHeaderHash:
+        MD5: a636a04d17b366998b7c1c07aeed6b8f
+        SHA1: 21d73d0b88dcdb85eda878180b57c823e4b13610
+        SHA256: c40c075a7fb6945338d1cb5a5254a32ea4c58845c40d3626394b993262d6d6d8
+    SHA1: 4e826430a1389032f3fe06e2cc292f643fb0c417
+    SHA256: 54841d9f89e195196e65aa881834804fe3678f1cf6b328cab8703edd15e3ec57
+    Sections:
+        .text:
+            Entropy: 5.387578832102652
+            Virtual Size: '0x2c80'
+        .rdata:
+            Entropy: 3.5276453906221574
+            Virtual Size: '0x2d0'
+        .pdata:
+            Entropy: 3.0920063384794108
+            Virtual Size: '0x90'
+        .srdata:
+            Entropy: 2.2708669023612464
+            Virtual Size: '0x148'
+        .sdata:
+            Entropy: 2.1231320048496527
+            Virtual Size: '0xd0'
+        INIT:
+            Entropy: 5.147103167634986
+            Virtual Size: '0x334'
+        .reloc:
+            Entropy: 1.8848419960299854
+            Virtual Size: '0x166'
+    Signature:
+    - IBM Polska Sp. z o.o.
+    - Symantec Class 3 SHA256 Code Signing CA
+    - VeriSign
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=PL, ST=mazowieckie, L=Warsaw, O=IBM Polska Sp. z o.o., CN=IBM
+                Polska Sp. z o.o.
+            ValidFrom: '2016-05-30 00:00:00'
+            ValidTo: '2019-07-29 23:59:59'
+            Signature: 37c4cb65c2d5579c51543d15af31471b5b497715b8018ab41d79e8c5fd07393f3ae94bc05fe9c7c309f7ac8cc213535a8fa8ea90100c57e455b50ddc95ee310d73c0577dd2e02e8f488ac3402f0a04f6bd5f40892e98c1c7a0f2763666416c56578c5124f057a762ac7e12ec79b0513db914a194e0180e7c60ebcfe6669802fa959e117dbe681d72789baa05343c622da0bb17eb05b8c6f0740d7053dbee3f12d569d4186d2dcc65a802e5ff99f6e9737f3b025eb44df12036e51b3d078fb5c29f36134134aa0ac6d34dc45d973b92fb05740c50975194828977dbe9c7218c092a4a96ec45d08610914926d92eb2fc2f0e7e4965dda5f82b7c9bbd731256acbf
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 74c58808c139aecc23260eb2ba16f2fd
+            Version: 3
+            TBS:
+                MD5: e7b67b21239296b841387cb545428012
+                SHA1: 16490d98ea08654a99e355b9b87be04fc66b62df
+                SHA256: 3dfd1ebc716c318dd93c0532018c67ca0e98bdb16dfbbd266dabf6f47dcb8870
+                SHA384: e70fb3a325bd9a1d3b52f5a7d8648a21c9a27ce88da95b324448220897832618a427b2b7d7f99cd4192645f1c1dac2a7
+        -   Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 SHA256 Code Signing CA
+            ValidFrom: '2013-12-10 00:00:00'
+            ValidTo: '2023-12-09 23:59:59'
+            Signature: 13851a1e69a937f7a0bda4af7e1d6153fe9d8c5e0ca6751e781723ddfdec1a035539fb7195c7655aa78e30d2445a61db706fda2105c22e73ba49f1d193fe5dc9cd5e03e0899e3f741ed7f7388ba9d6cfbb352f3358a89256d1c84d3b82e6798416fc28b0b147f31da23eee87d9a67fa456a53fad842e29de7cbca8aaa33d0401eaba93a20e502229174c87e43a115fd6a425899b056b2fb4c9014c277b0bac190522a060153fdac9fb4d4c8ffb726777fd2794c7ba350e8849fe8dfd28af4a12bd0db39705de440c15fa362b03dcc15001f1a1115d14e5e2bd274b54be2b845e0fa6c374050aef97c38922b11f77f3bdcd43d4f14ca93fb58b84af64f2d01421
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 3d78d7f9764960b2617df4f01eca862a
+            Version: 3
+            TBS:
+                MD5: 1f056ff7d5f874984dc605402b7cb042
+                SHA1: bdb348353a2203deb4b767914fa1bd7248dd728b
+                SHA256: a08e79c386083d875014c409c13d144e0a24386132980df11ff59737c8489eb1
+                SHA384: fa2729064b49e0d77540c1ee95d5f74acaf8eaf55197851a3a40383335f8113e51190bc48b552196edf8ac5cf0c89278
+        Signer:
+        -   SerialNumber: 74c58808c139aecc23260eb2ba16f2fd
+            Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 SHA256 Code Signing CA
+            Version: 1
+    Imphash: 2c19472843b56c67efb80d8c447f3cfe
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 2be85acec4d5e36a137af7ef046e0cc8
+        SHA1: b90403d206e5f76bbf699c9627461d9fdafa9aa5
+        SHA256: d453110c9050320419c2064ddea08230de6c76f86b07dc58112208e3d24a809e
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2006-05-05 01:37:49'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: CITMDRV_IA64.sys
+    ImportedFunctions:
+    - ZwClose
+    - ZwOpenFile
+    - RtlInitUnicodeString
+    - ZwWriteFile
+    - DbgPrint
+    - ZwCreateFile
+    - vsprintf
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - ZwMapViewOfSection
+    - ZwUnmapViewOfSection
+    - MmUnlockPages
+    - IoFreeMdl
+    - ZwOpenSection
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - __C_specific_handler
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeTickCount
+    - KeBugCheckEx
+    Imports:
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: 42f7cc4be348c3efd98b0f1233cf2d69
+    MachineType: IA64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: IBM Polska Sp. z o.o.
+    RichPEHeaderHash:
+        MD5: a636a04d17b366998b7c1c07aeed6b8f
+        SHA1: 21d73d0b88dcdb85eda878180b57c823e4b13610
+        SHA256: c40c075a7fb6945338d1cb5a5254a32ea4c58845c40d3626394b993262d6d6d8
+    SHA1: 7ab4565ba24268f0adadb03a5506d4eb1dc7c181
+    SHA256: 5ee292b605cd3751a24e5949aae615d472a3c72688632c3040dc311055b75a92
+    Sections:
+        .text:
+            Entropy: 5.387578832102652
+            Virtual Size: '0x2c80'
+        .rdata:
+            Entropy: 3.5276453906221574
+            Virtual Size: '0x2d0'
+        .pdata:
+            Entropy: 3.0920063384794108
+            Virtual Size: '0x90'
+        .srdata:
+            Entropy: 2.2708669023612464
+            Virtual Size: '0x148'
+        .sdata:
+            Entropy: 2.1231320048496527
+            Virtual Size: '0xd0'
+        INIT:
+            Entropy: 5.147103167634986
+            Virtual Size: '0x334'
+        .reloc:
+            Entropy: 1.8848419960299854
+            Virtual Size: '0x166'
+    Signature:
+    - IBM Polska Sp. z o.o.
+    - VeriSign Class 3 Code Signing 2010 CA
+    - VeriSign
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=PL, ST=mazowieckie, L=Warsaw, O=IBM Polska Sp. z o.o., OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, CN=IBM Polska Sp. z
+                o.o.
+            ValidFrom: '2013-05-31 00:00:00'
+            ValidTo: '2016-06-29 23:59:59'
+            Signature: 42e8dc916f2dc408ca5166c8b7ced14e560f83871c13c6c64e315e05fe905f6d744191e2e1fa04e15896b09c9853c735ac78efecf1d9d6c4b81d449b71b041b37f66e879cdd3ccaee2fad716d01f842540235d15c8b607c010ae4abe541053cc38f0f16c25c4cc1064aea63f2db60ebb4a7fd0f4c468f658bfe57c541b1b9292c3e6490604e75ceb222dad4bd25c3cf81031d9eeb9599a7f150f3ea8417ae517a59488fc512bbda13ba30018b1692ebfea87957384abb8cb0ce20141a7d58299a15454184e79a36c7e492e5e98c145e6e2b6010fb70825c2557176ad96047e55ca2136536f9d2357f3bbd970eb696a6af7eedb5ffdbe4696b99412a5d09e568e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 63acb2cbe8cf97d66478469f5ce0d445
+            Version: 3
+            TBS:
+                MD5: d2f517a828f35cbbd527489cdc79ea5d
+                SHA1: c09bc2bc5ba1256a1a7928f16cb0a628ff50209b
+                SHA256: e20f8274f7861cfeac94335c1201e538a22ed769e10c4eef430bf8f50598ff85
+                SHA384: 6011cff1637bf8176fdda7d4f22656034e7cfa63676bb0414ad5e48f3a7e4a0eb013ba6f533c997a0eadc507c65d914f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 63acb2cbe8cf97d66478469f5ce0d445
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 2c19472843b56c67efb80d8c447f3cfe
+    LoadsDespiteHVCI: 'TRUE'
+-   Authentihash:
+        MD5: 2be85acec4d5e36a137af7ef046e0cc8
+        SHA1: b90403d206e5f76bbf699c9627461d9fdafa9aa5
+        SHA256: d453110c9050320419c2064ddea08230de6c76f86b07dc58112208e3d24a809e
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2006-05-05 01:37:49'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: CITMDRV_IA64.sys
+    ImportedFunctions:
+    - ZwClose
+    - ZwOpenFile
+    - RtlInitUnicodeString
+    - ZwWriteFile
+    - DbgPrint
+    - ZwCreateFile
+    - vsprintf
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - ZwMapViewOfSection
+    - ZwUnmapViewOfSection
+    - MmUnlockPages
+    - IoFreeMdl
+    - ZwOpenSection
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - __C_specific_handler
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeTickCount
+    - KeBugCheckEx
+    Imports:
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: 2128e6c044ee86f822d952a261af0b48
+    MachineType: IA64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: IBM Polska Sp. z o.o.
+    RichPEHeaderHash:
+        MD5: a636a04d17b366998b7c1c07aeed6b8f
+        SHA1: 21d73d0b88dcdb85eda878180b57c823e4b13610
+        SHA256: c40c075a7fb6945338d1cb5a5254a32ea4c58845c40d3626394b993262d6d6d8
+    SHA1: dc7b022f8bd149efbcb2204a48dce75c72633526
+    SHA256: 76b86543ce05540048f954fed37bdda66360c4a3ddb8328213d5aef7a960c184
+    Sections:
+        .text:
+            Entropy: 5.387578832102652
+            Virtual Size: '0x2c80'
+        .rdata:
+            Entropy: 3.5276453906221574
+            Virtual Size: '0x2d0'
+        .pdata:
+            Entropy: 3.0920063384794108
+            Virtual Size: '0x90'
+        .srdata:
+            Entropy: 2.2708669023612464
+            Virtual Size: '0x148'
+        .sdata:
+            Entropy: 2.1231320048496527
+            Virtual Size: '0xd0'
+        INIT:
+            Entropy: 5.147103167634986
+            Virtual Size: '0x334'
+        .reloc:
+            Entropy: 1.8848419960299854
+            Virtual Size: '0x166'
+    Signature:
+    - IBM Polska Sp. z o.o.
+    - Symantec Class 3 SHA256 Code Signing CA
+    - VeriSign
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=PL, ST=mazowieckie, L=Warsaw, O=IBM Polska Sp. z o.o., CN=IBM
+                Polska Sp. z o.o.
+            ValidFrom: '2016-05-30 00:00:00'
+            ValidTo: '2019-07-29 23:59:59'
+            Signature: 37c4cb65c2d5579c51543d15af31471b5b497715b8018ab41d79e8c5fd07393f3ae94bc05fe9c7c309f7ac8cc213535a8fa8ea90100c57e455b50ddc95ee310d73c0577dd2e02e8f488ac3402f0a04f6bd5f40892e98c1c7a0f2763666416c56578c5124f057a762ac7e12ec79b0513db914a194e0180e7c60ebcfe6669802fa959e117dbe681d72789baa05343c622da0bb17eb05b8c6f0740d7053dbee3f12d569d4186d2dcc65a802e5ff99f6e9737f3b025eb44df12036e51b3d078fb5c29f36134134aa0ac6d34dc45d973b92fb05740c50975194828977dbe9c7218c092a4a96ec45d08610914926d92eb2fc2f0e7e4965dda5f82b7c9bbd731256acbf
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 74c58808c139aecc23260eb2ba16f2fd
+            Version: 3
+            TBS:
+                MD5: e7b67b21239296b841387cb545428012
+                SHA1: 16490d98ea08654a99e355b9b87be04fc66b62df
+                SHA256: 3dfd1ebc716c318dd93c0532018c67ca0e98bdb16dfbbd266dabf6f47dcb8870
+                SHA384: e70fb3a325bd9a1d3b52f5a7d8648a21c9a27ce88da95b324448220897832618a427b2b7d7f99cd4192645f1c1dac2a7
+        -   Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 SHA256 Code Signing CA
+            ValidFrom: '2013-12-10 00:00:00'
+            ValidTo: '2023-12-09 23:59:59'
+            Signature: 13851a1e69a937f7a0bda4af7e1d6153fe9d8c5e0ca6751e781723ddfdec1a035539fb7195c7655aa78e30d2445a61db706fda2105c22e73ba49f1d193fe5dc9cd5e03e0899e3f741ed7f7388ba9d6cfbb352f3358a89256d1c84d3b82e6798416fc28b0b147f31da23eee87d9a67fa456a53fad842e29de7cbca8aaa33d0401eaba93a20e502229174c87e43a115fd6a425899b056b2fb4c9014c277b0bac190522a060153fdac9fb4d4c8ffb726777fd2794c7ba350e8849fe8dfd28af4a12bd0db39705de440c15fa362b03dcc15001f1a1115d14e5e2bd274b54be2b845e0fa6c374050aef97c38922b11f77f3bdcd43d4f14ca93fb58b84af64f2d01421
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 3d78d7f9764960b2617df4f01eca862a
+            Version: 3
+            TBS:
+                MD5: 1f056ff7d5f874984dc605402b7cb042
+                SHA1: bdb348353a2203deb4b767914fa1bd7248dd728b
+                SHA256: a08e79c386083d875014c409c13d144e0a24386132980df11ff59737c8489eb1
+                SHA384: fa2729064b49e0d77540c1ee95d5f74acaf8eaf55197851a3a40383335f8113e51190bc48b552196edf8ac5cf0c89278
+        Signer:
+        -   SerialNumber: 74c58808c139aecc23260eb2ba16f2fd
+            Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 SHA256 Code Signing CA
+            Version: 1
+    Imphash: 2c19472843b56c67efb80d8c447f3cfe
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 2be85acec4d5e36a137af7ef046e0cc8
+        SHA1: b90403d206e5f76bbf699c9627461d9fdafa9aa5
+        SHA256: d453110c9050320419c2064ddea08230de6c76f86b07dc58112208e3d24a809e
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2006-05-05 01:37:49'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: CITMDRV_IA64.sys
+    ImportedFunctions:
+    - ZwClose
+    - ZwOpenFile
+    - RtlInitUnicodeString
+    - ZwWriteFile
+    - DbgPrint
+    - ZwCreateFile
+    - vsprintf
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - ZwMapViewOfSection
+    - ZwUnmapViewOfSection
+    - MmUnlockPages
+    - IoFreeMdl
+    - ZwOpenSection
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - __C_specific_handler
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeTickCount
+    - KeBugCheckEx
+    Imports:
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: fd81af62964f5dd5eb4a828543a33dcf
+    MachineType: IA64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: IBM Polska Sp. z o.o.
+    RichPEHeaderHash:
+        MD5: a636a04d17b366998b7c1c07aeed6b8f
+        SHA1: 21d73d0b88dcdb85eda878180b57c823e4b13610
+        SHA256: c40c075a7fb6945338d1cb5a5254a32ea4c58845c40d3626394b993262d6d6d8
+    SHA1: 0307d76750dd98d707c699aee3b626643afb6936
+    SHA256: 7f190f6e5ab0edafd63391506c2360230af4c2d56c45fc8996a168a1fc12d457
+    Sections:
+        .text:
+            Entropy: 5.387578832102652
+            Virtual Size: '0x2c80'
+        .rdata:
+            Entropy: 3.5276453906221574
+            Virtual Size: '0x2d0'
+        .pdata:
+            Entropy: 3.0920063384794108
+            Virtual Size: '0x90'
+        .srdata:
+            Entropy: 2.2708669023612464
+            Virtual Size: '0x148'
+        .sdata:
+            Entropy: 2.1231320048496527
+            Virtual Size: '0xd0'
+        INIT:
+            Entropy: 5.147103167634986
+            Virtual Size: '0x334'
+        .reloc:
+            Entropy: 1.8848419960299854
+            Virtual Size: '0x166'
+    Signature:
+    - IBM Polska Sp. z o.o.
+    - VeriSign Class 3 Code Signing 2009-2 CA
+    - VeriSign Class 3 Public Primary CA
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G3
+            ValidFrom: '2012-05-01 00:00:00'
+            ValidTo: '2012-12-31 23:59:59'
+            Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
+            Version: 3
+            TBS:
+                MD5: e6d820afb23af20a65cf0b03247ea05e
+                SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
+                SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
+                SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=PL, ST=malopolska, L=Krakow, O=IBM Polska Sp. z o.o., OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, CN=IBM Polska Sp. z
+                o.o.
+            ValidFrom: '2010-04-08 00:00:00'
+            ValidTo: '2013-04-09 23:59:59'
+            Signature: aec628787fc5115db93dba252e13cd029479d493c11fe73c7489505159c140ffe12c4626385c9dc75bb198692a08f1ddef7596666f654f6b2ac73884106f73c854ea38c3ea17af5d6b114884e174c4fb9061d48894066d6375662ddfdbb501cecbd1b6b92b9ac67a4b420aab9275658932fbcddfaa96590f5d40d29c807fda722681eb09fd16407fc1f2aea03470f36d1e134807d87dfc934789a500bf97b7fa816a56b96b269cf900d66809306d450556051df6ea7643848b2199d3a4927c34f1e385a31ead8aabb510a3dc1551c2ddabfede5f3210e774196660380a9d707d329c97e4317ddde27e111865367bab7c424e9a704f7f005d641cff9e3977bd38
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 45595f53cb4840a48f7415305213fba6
+            Version: 3
+            TBS:
+                MD5: 478f5b241a92e2c4a0b1580fbf6a1222
+                SHA1: 16c4e1d539fe3eff639929b0e688e97dea1fbd7c
+                SHA256: f9655471d8ad73cfa42a56521d31e6f0d7088207234f3aaa00638fe36fad109d
+                SHA384: 3f0f3cdcb3f9b03da2be316c4305836ffb88b0cb8e18001518cff506e0fa35b27b98f4330f7f91fef30d37de2d57cf24
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        Signer:
+        -   SerialNumber: 45595f53cb4840a48f7415305213fba6
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    Imphash: 2c19472843b56c67efb80d8c447f3cfe
+    LoadsDespiteHVCI: 'TRUE'
+-   Authentihash:
+        MD5: 2be85acec4d5e36a137af7ef046e0cc8
+        SHA1: b90403d206e5f76bbf699c9627461d9fdafa9aa5
+        SHA256: d453110c9050320419c2064ddea08230de6c76f86b07dc58112208e3d24a809e
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2006-05-05 01:37:49'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: CITMDRV_IA64.sys
+    ImportedFunctions:
+    - ZwClose
+    - ZwOpenFile
+    - RtlInitUnicodeString
+    - ZwWriteFile
+    - DbgPrint
+    - ZwCreateFile
+    - vsprintf
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - ZwMapViewOfSection
+    - ZwUnmapViewOfSection
+    - MmUnlockPages
+    - IoFreeMdl
+    - ZwOpenSection
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - __C_specific_handler
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeTickCount
+    - KeBugCheckEx
+    Imports:
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: 010c0e5ac584e3ab97a2daf84cf436f5
+    MachineType: IA64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: IBM Polska Sp. z o.o.
+    RichPEHeaderHash:
+        MD5: a636a04d17b366998b7c1c07aeed6b8f
+        SHA1: 21d73d0b88dcdb85eda878180b57c823e4b13610
+        SHA256: c40c075a7fb6945338d1cb5a5254a32ea4c58845c40d3626394b993262d6d6d8
+    SHA1: 5711c88e9e64e45b8fc4b90ab6f2dd6437dc5a8a
+    SHA256: 845f1e228de249fc1ddf8dc28c39d03e8ad328a6277b6502d3932e83b879a65a
+    Sections:
+        .text:
+            Entropy: 5.387578832102652
+            Virtual Size: '0x2c80'
+        .rdata:
+            Entropy: 3.5276453906221574
+            Virtual Size: '0x2d0'
+        .pdata:
+            Entropy: 3.0920063384794108
+            Virtual Size: '0x90'
+        .srdata:
+            Entropy: 2.2708669023612464
+            Virtual Size: '0x148'
+        .sdata:
+            Entropy: 2.1231320048496527
+            Virtual Size: '0xd0'
+        INIT:
+            Entropy: 5.147103167634986
+            Virtual Size: '0x334'
+        .reloc:
+            Entropy: 1.8848419960299854
+            Virtual Size: '0x166'
+    Signature:
+    - IBM Polska Sp. z o.o.
+    - Symantec Class 3 SHA256 Code Signing CA
+    - VeriSign
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=PL, ST=mazowieckie, L=Warsaw, O=IBM Polska Sp. z o.o., CN=IBM
+                Polska Sp. z o.o.
+            ValidFrom: '2016-05-30 00:00:00'
+            ValidTo: '2019-07-29 23:59:59'
+            Signature: 37c4cb65c2d5579c51543d15af31471b5b497715b8018ab41d79e8c5fd07393f3ae94bc05fe9c7c309f7ac8cc213535a8fa8ea90100c57e455b50ddc95ee310d73c0577dd2e02e8f488ac3402f0a04f6bd5f40892e98c1c7a0f2763666416c56578c5124f057a762ac7e12ec79b0513db914a194e0180e7c60ebcfe6669802fa959e117dbe681d72789baa05343c622da0bb17eb05b8c6f0740d7053dbee3f12d569d4186d2dcc65a802e5ff99f6e9737f3b025eb44df12036e51b3d078fb5c29f36134134aa0ac6d34dc45d973b92fb05740c50975194828977dbe9c7218c092a4a96ec45d08610914926d92eb2fc2f0e7e4965dda5f82b7c9bbd731256acbf
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 74c58808c139aecc23260eb2ba16f2fd
+            Version: 3
+            TBS:
+                MD5: e7b67b21239296b841387cb545428012
+                SHA1: 16490d98ea08654a99e355b9b87be04fc66b62df
+                SHA256: 3dfd1ebc716c318dd93c0532018c67ca0e98bdb16dfbbd266dabf6f47dcb8870
+                SHA384: e70fb3a325bd9a1d3b52f5a7d8648a21c9a27ce88da95b324448220897832618a427b2b7d7f99cd4192645f1c1dac2a7
+        -   Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 SHA256 Code Signing CA
+            ValidFrom: '2013-12-10 00:00:00'
+            ValidTo: '2023-12-09 23:59:59'
+            Signature: 13851a1e69a937f7a0bda4af7e1d6153fe9d8c5e0ca6751e781723ddfdec1a035539fb7195c7655aa78e30d2445a61db706fda2105c22e73ba49f1d193fe5dc9cd5e03e0899e3f741ed7f7388ba9d6cfbb352f3358a89256d1c84d3b82e6798416fc28b0b147f31da23eee87d9a67fa456a53fad842e29de7cbca8aaa33d0401eaba93a20e502229174c87e43a115fd6a425899b056b2fb4c9014c277b0bac190522a060153fdac9fb4d4c8ffb726777fd2794c7ba350e8849fe8dfd28af4a12bd0db39705de440c15fa362b03dcc15001f1a1115d14e5e2bd274b54be2b845e0fa6c374050aef97c38922b11f77f3bdcd43d4f14ca93fb58b84af64f2d01421
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 3d78d7f9764960b2617df4f01eca862a
+            Version: 3
+            TBS:
+                MD5: 1f056ff7d5f874984dc605402b7cb042
+                SHA1: bdb348353a2203deb4b767914fa1bd7248dd728b
+                SHA256: a08e79c386083d875014c409c13d144e0a24386132980df11ff59737c8489eb1
+                SHA384: fa2729064b49e0d77540c1ee95d5f74acaf8eaf55197851a3a40383335f8113e51190bc48b552196edf8ac5cf0c89278
+        Signer:
+        -   SerialNumber: 74c58808c139aecc23260eb2ba16f2fd
+            Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 SHA256 Code Signing CA
+            Version: 1
+    Imphash: 2c19472843b56c67efb80d8c447f3cfe
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 2be85acec4d5e36a137af7ef046e0cc8
+        SHA1: b90403d206e5f76bbf699c9627461d9fdafa9aa5
+        SHA256: d453110c9050320419c2064ddea08230de6c76f86b07dc58112208e3d24a809e
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2006-05-05 01:37:49'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: CITMDRV_IA64.sys
+    ImportedFunctions:
+    - ZwClose
+    - ZwOpenFile
+    - RtlInitUnicodeString
+    - ZwWriteFile
+    - DbgPrint
+    - ZwCreateFile
+    - vsprintf
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - ZwMapViewOfSection
+    - ZwUnmapViewOfSection
+    - MmUnlockPages
+    - IoFreeMdl
+    - ZwOpenSection
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - __C_specific_handler
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeTickCount
+    - KeBugCheckEx
+    Imports:
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: ff7b31fa6e9ab923bce8af31d1be5bb2
+    MachineType: IA64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: IBM Polska Sp. z o.o.
+    RichPEHeaderHash:
+        MD5: a636a04d17b366998b7c1c07aeed6b8f
+        SHA1: 21d73d0b88dcdb85eda878180b57c823e4b13610
+        SHA256: c40c075a7fb6945338d1cb5a5254a32ea4c58845c40d3626394b993262d6d6d8
+    SHA1: 6714380bc0b8ab09b9a0d2fa66d1b025b646b946
+    SHA256: 84bf1d0bcdf175cfe8aea2973e0373015793d43907410ae97e2071b2c4b8e2d4
+    Sections:
+        .text:
+            Entropy: 5.387578832102652
+            Virtual Size: '0x2c80'
+        .rdata:
+            Entropy: 3.5276453906221574
+            Virtual Size: '0x2d0'
+        .pdata:
+            Entropy: 3.0920063384794108
+            Virtual Size: '0x90'
+        .srdata:
+            Entropy: 2.2708669023612464
+            Virtual Size: '0x148'
+        .sdata:
+            Entropy: 2.1231320048496527
+            Virtual Size: '0xd0'
+        INIT:
+            Entropy: 5.147103167634986
+            Virtual Size: '0x334'
+        .reloc:
+            Entropy: 1.8848419960299854
+            Virtual Size: '0x166'
+    Signature:
+    - IBM Polska Sp. z o.o.
+    - VeriSign Class 3 Code Signing 2010 CA
+    - VeriSign
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=PL, ST=mazowieckie, L=Warsaw, O=IBM Polska Sp. z o.o., OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, CN=IBM Polska Sp. z
+                o.o.
+            ValidFrom: '2013-05-31 00:00:00'
+            ValidTo: '2016-06-29 23:59:59'
+            Signature: 42e8dc916f2dc408ca5166c8b7ced14e560f83871c13c6c64e315e05fe905f6d744191e2e1fa04e15896b09c9853c735ac78efecf1d9d6c4b81d449b71b041b37f66e879cdd3ccaee2fad716d01f842540235d15c8b607c010ae4abe541053cc38f0f16c25c4cc1064aea63f2db60ebb4a7fd0f4c468f658bfe57c541b1b9292c3e6490604e75ceb222dad4bd25c3cf81031d9eeb9599a7f150f3ea8417ae517a59488fc512bbda13ba30018b1692ebfea87957384abb8cb0ce20141a7d58299a15454184e79a36c7e492e5e98c145e6e2b6010fb70825c2557176ad96047e55ca2136536f9d2357f3bbd970eb696a6af7eedb5ffdbe4696b99412a5d09e568e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 63acb2cbe8cf97d66478469f5ce0d445
+            Version: 3
+            TBS:
+                MD5: d2f517a828f35cbbd527489cdc79ea5d
+                SHA1: c09bc2bc5ba1256a1a7928f16cb0a628ff50209b
+                SHA256: e20f8274f7861cfeac94335c1201e538a22ed769e10c4eef430bf8f50598ff85
+                SHA384: 6011cff1637bf8176fdda7d4f22656034e7cfa63676bb0414ad5e48f3a7e4a0eb013ba6f533c997a0eadc507c65d914f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 63acb2cbe8cf97d66478469f5ce0d445
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 2c19472843b56c67efb80d8c447f3cfe
+    LoadsDespiteHVCI: 'TRUE'
+-   Authentihash:
+        MD5: 2be85acec4d5e36a137af7ef046e0cc8
+        SHA1: b90403d206e5f76bbf699c9627461d9fdafa9aa5
+        SHA256: d453110c9050320419c2064ddea08230de6c76f86b07dc58112208e3d24a809e
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2006-05-05 01:37:49'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: CITMDRV_IA64.sys
+    ImportedFunctions:
+    - ZwClose
+    - ZwOpenFile
+    - RtlInitUnicodeString
+    - ZwWriteFile
+    - DbgPrint
+    - ZwCreateFile
+    - vsprintf
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - ZwMapViewOfSection
+    - ZwUnmapViewOfSection
+    - MmUnlockPages
+    - IoFreeMdl
+    - ZwOpenSection
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - __C_specific_handler
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeTickCount
+    - KeBugCheckEx
+    Imports:
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: 7bd840ff7f15df79a9a71fec7db1243e
+    MachineType: IA64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: IBM Polska Sp. z o.o.
+    RichPEHeaderHash:
+        MD5: a636a04d17b366998b7c1c07aeed6b8f
+        SHA1: 21d73d0b88dcdb85eda878180b57c823e4b13610
+        SHA256: c40c075a7fb6945338d1cb5a5254a32ea4c58845c40d3626394b993262d6d6d8
+    SHA1: 8626ab1da6bfbdf61bd327eb944b39fd9df33d1d
+    SHA256: 8ef0ad86500094e8fa3d9e7d53163aa6feef67c09575c169873c494ed66f057f
+    Sections:
+        .text:
+            Entropy: 5.387578832102652
+            Virtual Size: '0x2c80'
+        .rdata:
+            Entropy: 3.5276453906221574
+            Virtual Size: '0x2d0'
+        .pdata:
+            Entropy: 3.0920063384794108
+            Virtual Size: '0x90'
+        .srdata:
+            Entropy: 2.2708669023612464
+            Virtual Size: '0x148'
+        .sdata:
+            Entropy: 2.1231320048496527
+            Virtual Size: '0xd0'
+        INIT:
+            Entropy: 5.147103167634986
+            Virtual Size: '0x334'
+        .reloc:
+            Entropy: 1.8848419960299854
+            Virtual Size: '0x166'
+    Signature:
+    - IBM Polska Sp. z o.o.
+    - VeriSign Class 3 Code Signing 2010 CA
+    - VeriSign
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=PL, ST=mazowieckie, L=Warsaw, O=IBM Polska Sp. z o.o., OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, CN=IBM Polska Sp. z
+                o.o.
+            ValidFrom: '2013-05-31 00:00:00'
+            ValidTo: '2016-06-29 23:59:59'
+            Signature: 42e8dc916f2dc408ca5166c8b7ced14e560f83871c13c6c64e315e05fe905f6d744191e2e1fa04e15896b09c9853c735ac78efecf1d9d6c4b81d449b71b041b37f66e879cdd3ccaee2fad716d01f842540235d15c8b607c010ae4abe541053cc38f0f16c25c4cc1064aea63f2db60ebb4a7fd0f4c468f658bfe57c541b1b9292c3e6490604e75ceb222dad4bd25c3cf81031d9eeb9599a7f150f3ea8417ae517a59488fc512bbda13ba30018b1692ebfea87957384abb8cb0ce20141a7d58299a15454184e79a36c7e492e5e98c145e6e2b6010fb70825c2557176ad96047e55ca2136536f9d2357f3bbd970eb696a6af7eedb5ffdbe4696b99412a5d09e568e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 63acb2cbe8cf97d66478469f5ce0d445
+            Version: 3
+            TBS:
+                MD5: d2f517a828f35cbbd527489cdc79ea5d
+                SHA1: c09bc2bc5ba1256a1a7928f16cb0a628ff50209b
+                SHA256: e20f8274f7861cfeac94335c1201e538a22ed769e10c4eef430bf8f50598ff85
+                SHA384: 6011cff1637bf8176fdda7d4f22656034e7cfa63676bb0414ad5e48f3a7e4a0eb013ba6f533c997a0eadc507c65d914f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 63acb2cbe8cf97d66478469f5ce0d445
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 2c19472843b56c67efb80d8c447f3cfe
+    LoadsDespiteHVCI: 'TRUE'
+-   Authentihash:
+        MD5: 2be85acec4d5e36a137af7ef046e0cc8
+        SHA1: b90403d206e5f76bbf699c9627461d9fdafa9aa5
+        SHA256: d453110c9050320419c2064ddea08230de6c76f86b07dc58112208e3d24a809e
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2006-05-05 01:37:49'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: CITMDRV_IA64.sys
+    ImportedFunctions:
+    - ZwClose
+    - ZwOpenFile
+    - RtlInitUnicodeString
+    - ZwWriteFile
+    - DbgPrint
+    - ZwCreateFile
+    - vsprintf
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - ZwMapViewOfSection
+    - ZwUnmapViewOfSection
+    - MmUnlockPages
+    - IoFreeMdl
+    - ZwOpenSection
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - __C_specific_handler
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeTickCount
+    - KeBugCheckEx
+    Imports:
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: fa222bed731713904320723b9c085b11
+    MachineType: IA64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: IBM Polska Sp. z o.o.
+    RichPEHeaderHash:
+        MD5: a636a04d17b366998b7c1c07aeed6b8f
+        SHA1: 21d73d0b88dcdb85eda878180b57c823e4b13610
+        SHA256: c40c075a7fb6945338d1cb5a5254a32ea4c58845c40d3626394b993262d6d6d8
+    SHA1: 30a224b22592d952fbe2e6ad97eda4a8f2c734e0
+    SHA256: a56c2a2425eb3a4260cc7fc5c8d7bed7a3b4cd2af256185f24471c668853aee8
+    Sections:
+        .text:
+            Entropy: 5.387578832102652
+            Virtual Size: '0x2c80'
+        .rdata:
+            Entropy: 3.5276453906221574
+            Virtual Size: '0x2d0'
+        .pdata:
+            Entropy: 3.0920063384794108
+            Virtual Size: '0x90'
+        .srdata:
+            Entropy: 2.2708669023612464
+            Virtual Size: '0x148'
+        .sdata:
+            Entropy: 2.1231320048496527
+            Virtual Size: '0xd0'
+        INIT:
+            Entropy: 5.147103167634986
+            Virtual Size: '0x334'
+        .reloc:
+            Entropy: 1.8848419960299854
+            Virtual Size: '0x166'
+    Signature:
+    - IBM Polska Sp. z o.o.
+    - Symantec Class 3 SHA256 Code Signing CA
+    - VeriSign
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=PL, ST=mazowieckie, L=Warsaw, O=IBM Polska Sp. z o.o., CN=IBM
+                Polska Sp. z o.o.
+            ValidFrom: '2016-05-30 00:00:00'
+            ValidTo: '2019-07-29 23:59:59'
+            Signature: 37c4cb65c2d5579c51543d15af31471b5b497715b8018ab41d79e8c5fd07393f3ae94bc05fe9c7c309f7ac8cc213535a8fa8ea90100c57e455b50ddc95ee310d73c0577dd2e02e8f488ac3402f0a04f6bd5f40892e98c1c7a0f2763666416c56578c5124f057a762ac7e12ec79b0513db914a194e0180e7c60ebcfe6669802fa959e117dbe681d72789baa05343c622da0bb17eb05b8c6f0740d7053dbee3f12d569d4186d2dcc65a802e5ff99f6e9737f3b025eb44df12036e51b3d078fb5c29f36134134aa0ac6d34dc45d973b92fb05740c50975194828977dbe9c7218c092a4a96ec45d08610914926d92eb2fc2f0e7e4965dda5f82b7c9bbd731256acbf
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 74c58808c139aecc23260eb2ba16f2fd
+            Version: 3
+            TBS:
+                MD5: e7b67b21239296b841387cb545428012
+                SHA1: 16490d98ea08654a99e355b9b87be04fc66b62df
+                SHA256: 3dfd1ebc716c318dd93c0532018c67ca0e98bdb16dfbbd266dabf6f47dcb8870
+                SHA384: e70fb3a325bd9a1d3b52f5a7d8648a21c9a27ce88da95b324448220897832618a427b2b7d7f99cd4192645f1c1dac2a7
+        -   Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 SHA256 Code Signing CA
+            ValidFrom: '2013-12-10 00:00:00'
+            ValidTo: '2023-12-09 23:59:59'
+            Signature: 13851a1e69a937f7a0bda4af7e1d6153fe9d8c5e0ca6751e781723ddfdec1a035539fb7195c7655aa78e30d2445a61db706fda2105c22e73ba49f1d193fe5dc9cd5e03e0899e3f741ed7f7388ba9d6cfbb352f3358a89256d1c84d3b82e6798416fc28b0b147f31da23eee87d9a67fa456a53fad842e29de7cbca8aaa33d0401eaba93a20e502229174c87e43a115fd6a425899b056b2fb4c9014c277b0bac190522a060153fdac9fb4d4c8ffb726777fd2794c7ba350e8849fe8dfd28af4a12bd0db39705de440c15fa362b03dcc15001f1a1115d14e5e2bd274b54be2b845e0fa6c374050aef97c38922b11f77f3bdcd43d4f14ca93fb58b84af64f2d01421
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 3d78d7f9764960b2617df4f01eca862a
+            Version: 3
+            TBS:
+                MD5: 1f056ff7d5f874984dc605402b7cb042
+                SHA1: bdb348353a2203deb4b767914fa1bd7248dd728b
+                SHA256: a08e79c386083d875014c409c13d144e0a24386132980df11ff59737c8489eb1
+                SHA384: fa2729064b49e0d77540c1ee95d5f74acaf8eaf55197851a3a40383335f8113e51190bc48b552196edf8ac5cf0c89278
+        Signer:
+        -   SerialNumber: 74c58808c139aecc23260eb2ba16f2fd
+            Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 SHA256 Code Signing CA
+            Version: 1
+    Imphash: 2c19472843b56c67efb80d8c447f3cfe
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 2be85acec4d5e36a137af7ef046e0cc8
+        SHA1: b90403d206e5f76bbf699c9627461d9fdafa9aa5
+        SHA256: d453110c9050320419c2064ddea08230de6c76f86b07dc58112208e3d24a809e
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2006-05-05 01:37:49'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: CITMDRV_IA64.sys
+    ImportedFunctions:
+    - ZwClose
+    - ZwOpenFile
+    - RtlInitUnicodeString
+    - ZwWriteFile
+    - DbgPrint
+    - ZwCreateFile
+    - vsprintf
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - ZwMapViewOfSection
+    - ZwUnmapViewOfSection
+    - MmUnlockPages
+    - IoFreeMdl
+    - ZwOpenSection
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - __C_specific_handler
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeTickCount
+    - KeBugCheckEx
+    Imports:
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: f778489c7105a63e9e789a02412aaa5f
+    MachineType: IA64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: IBM Polska Sp. z o.o.
+    RichPEHeaderHash:
+        MD5: a636a04d17b366998b7c1c07aeed6b8f
+        SHA1: 21d73d0b88dcdb85eda878180b57c823e4b13610
+        SHA256: c40c075a7fb6945338d1cb5a5254a32ea4c58845c40d3626394b993262d6d6d8
+    SHA1: c95db1e82619fb16f8eec9a8209b7b0e853a4ebe
+    SHA256: ac3f613d457fc4d44fa27b2e0b1baa62c09415705efb5a40a4756da39b3ac165
+    Sections:
+        .text:
+            Entropy: 5.387578832102652
+            Virtual Size: '0x2c80'
+        .rdata:
+            Entropy: 3.5276453906221574
+            Virtual Size: '0x2d0'
+        .pdata:
+            Entropy: 3.0920063384794108
+            Virtual Size: '0x90'
+        .srdata:
+            Entropy: 2.2708669023612464
+            Virtual Size: '0x148'
+        .sdata:
+            Entropy: 2.1231320048496527
+            Virtual Size: '0xd0'
+        INIT:
+            Entropy: 5.147103167634986
+            Virtual Size: '0x334'
+        .reloc:
+            Entropy: 1.8848419960299854
+            Virtual Size: '0x166'
+    Signature:
+    - IBM Polska Sp. z o.o.
+    - Symantec Class 3 SHA256 Code Signing CA
+    - VeriSign
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=PL, ST=mazowieckie, L=Warsaw, O=IBM Polska Sp. z o.o., CN=IBM
+                Polska Sp. z o.o.
+            ValidFrom: '2016-05-30 00:00:00'
+            ValidTo: '2019-07-29 23:59:59'
+            Signature: 37c4cb65c2d5579c51543d15af31471b5b497715b8018ab41d79e8c5fd07393f3ae94bc05fe9c7c309f7ac8cc213535a8fa8ea90100c57e455b50ddc95ee310d73c0577dd2e02e8f488ac3402f0a04f6bd5f40892e98c1c7a0f2763666416c56578c5124f057a762ac7e12ec79b0513db914a194e0180e7c60ebcfe6669802fa959e117dbe681d72789baa05343c622da0bb17eb05b8c6f0740d7053dbee3f12d569d4186d2dcc65a802e5ff99f6e9737f3b025eb44df12036e51b3d078fb5c29f36134134aa0ac6d34dc45d973b92fb05740c50975194828977dbe9c7218c092a4a96ec45d08610914926d92eb2fc2f0e7e4965dda5f82b7c9bbd731256acbf
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 74c58808c139aecc23260eb2ba16f2fd
+            Version: 3
+            TBS:
+                MD5: e7b67b21239296b841387cb545428012
+                SHA1: 16490d98ea08654a99e355b9b87be04fc66b62df
+                SHA256: 3dfd1ebc716c318dd93c0532018c67ca0e98bdb16dfbbd266dabf6f47dcb8870
+                SHA384: e70fb3a325bd9a1d3b52f5a7d8648a21c9a27ce88da95b324448220897832618a427b2b7d7f99cd4192645f1c1dac2a7
+        -   Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 SHA256 Code Signing CA
+            ValidFrom: '2013-12-10 00:00:00'
+            ValidTo: '2023-12-09 23:59:59'
+            Signature: 13851a1e69a937f7a0bda4af7e1d6153fe9d8c5e0ca6751e781723ddfdec1a035539fb7195c7655aa78e30d2445a61db706fda2105c22e73ba49f1d193fe5dc9cd5e03e0899e3f741ed7f7388ba9d6cfbb352f3358a89256d1c84d3b82e6798416fc28b0b147f31da23eee87d9a67fa456a53fad842e29de7cbca8aaa33d0401eaba93a20e502229174c87e43a115fd6a425899b056b2fb4c9014c277b0bac190522a060153fdac9fb4d4c8ffb726777fd2794c7ba350e8849fe8dfd28af4a12bd0db39705de440c15fa362b03dcc15001f1a1115d14e5e2bd274b54be2b845e0fa6c374050aef97c38922b11f77f3bdcd43d4f14ca93fb58b84af64f2d01421
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 3d78d7f9764960b2617df4f01eca862a
+            Version: 3
+            TBS:
+                MD5: 1f056ff7d5f874984dc605402b7cb042
+                SHA1: bdb348353a2203deb4b767914fa1bd7248dd728b
+                SHA256: a08e79c386083d875014c409c13d144e0a24386132980df11ff59737c8489eb1
+                SHA384: fa2729064b49e0d77540c1ee95d5f74acaf8eaf55197851a3a40383335f8113e51190bc48b552196edf8ac5cf0c89278
+        Signer:
+        -   SerialNumber: 74c58808c139aecc23260eb2ba16f2fd
+            Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 SHA256 Code Signing CA
+            Version: 1
+    Imphash: 2c19472843b56c67efb80d8c447f3cfe
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 2be85acec4d5e36a137af7ef046e0cc8
+        SHA1: b90403d206e5f76bbf699c9627461d9fdafa9aa5
+        SHA256: d453110c9050320419c2064ddea08230de6c76f86b07dc58112208e3d24a809e
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2006-05-05 01:37:49'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: CITMDRV_IA64.sys
+    ImportedFunctions:
+    - ZwClose
+    - ZwOpenFile
+    - RtlInitUnicodeString
+    - ZwWriteFile
+    - DbgPrint
+    - ZwCreateFile
+    - vsprintf
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - ZwMapViewOfSection
+    - ZwUnmapViewOfSection
+    - MmUnlockPages
+    - IoFreeMdl
+    - ZwOpenSection
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - __C_specific_handler
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeTickCount
+    - KeBugCheckEx
+    Imports:
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: ed07f1a8038596574184e09211dfc30f
+    MachineType: IA64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: IBM Polska Sp. z o.o.
+    RichPEHeaderHash:
+        MD5: a636a04d17b366998b7c1c07aeed6b8f
+        SHA1: 21d73d0b88dcdb85eda878180b57c823e4b13610
+        SHA256: c40c075a7fb6945338d1cb5a5254a32ea4c58845c40d3626394b993262d6d6d8
+    SHA1: fe1d909ab38de1389a2a48352fd1c8415fd2eab0
+    SHA256: b1334a71cc73b3d0c54f62d8011bec330dfc355a239bf94a121f6e4c86a30a2e
+    Sections:
+        .text:
+            Entropy: 5.387578832102652
+            Virtual Size: '0x2c80'
+        .rdata:
+            Entropy: 3.5276453906221574
+            Virtual Size: '0x2d0'
+        .pdata:
+            Entropy: 3.0920063384794108
+            Virtual Size: '0x90'
+        .srdata:
+            Entropy: 2.2708669023612464
+            Virtual Size: '0x148'
+        .sdata:
+            Entropy: 2.1231320048496527
+            Virtual Size: '0xd0'
+        INIT:
+            Entropy: 5.147103167634986
+            Virtual Size: '0x334'
+        .reloc:
+            Entropy: 1.8848419960299854
+            Virtual Size: '0x166'
+    Signature:
+    - IBM Polska Sp. z o.o.
+    - VeriSign Class 3 Code Signing 2009-2 CA
+    - VeriSign Class 3 Public Primary CA
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G3
+            ValidFrom: '2012-05-01 00:00:00'
+            ValidTo: '2012-12-31 23:59:59'
+            Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
+            Version: 3
+            TBS:
+                MD5: e6d820afb23af20a65cf0b03247ea05e
+                SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
+                SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
+                SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=PL, ST=malopolska, L=Krakow, O=IBM Polska Sp. z o.o., OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, CN=IBM Polska Sp. z
+                o.o.
+            ValidFrom: '2010-04-08 00:00:00'
+            ValidTo: '2013-04-09 23:59:59'
+            Signature: aec628787fc5115db93dba252e13cd029479d493c11fe73c7489505159c140ffe12c4626385c9dc75bb198692a08f1ddef7596666f654f6b2ac73884106f73c854ea38c3ea17af5d6b114884e174c4fb9061d48894066d6375662ddfdbb501cecbd1b6b92b9ac67a4b420aab9275658932fbcddfaa96590f5d40d29c807fda722681eb09fd16407fc1f2aea03470f36d1e134807d87dfc934789a500bf97b7fa816a56b96b269cf900d66809306d450556051df6ea7643848b2199d3a4927c34f1e385a31ead8aabb510a3dc1551c2ddabfede5f3210e774196660380a9d707d329c97e4317ddde27e111865367bab7c424e9a704f7f005d641cff9e3977bd38
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 45595f53cb4840a48f7415305213fba6
+            Version: 3
+            TBS:
+                MD5: 478f5b241a92e2c4a0b1580fbf6a1222
+                SHA1: 16c4e1d539fe3eff639929b0e688e97dea1fbd7c
+                SHA256: f9655471d8ad73cfa42a56521d31e6f0d7088207234f3aaa00638fe36fad109d
+                SHA384: 3f0f3cdcb3f9b03da2be316c4305836ffb88b0cb8e18001518cff506e0fa35b27b98f4330f7f91fef30d37de2d57cf24
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        Signer:
+        -   SerialNumber: 45595f53cb4840a48f7415305213fba6
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    Imphash: 2c19472843b56c67efb80d8c447f3cfe
+    LoadsDespiteHVCI: 'TRUE'
+-   Authentihash:
+        MD5: 2be85acec4d5e36a137af7ef046e0cc8
+        SHA1: b90403d206e5f76bbf699c9627461d9fdafa9aa5
+        SHA256: d453110c9050320419c2064ddea08230de6c76f86b07dc58112208e3d24a809e
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2006-05-05 01:37:49'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: CITMDRV_IA64.sys
+    ImportedFunctions:
+    - ZwClose
+    - ZwOpenFile
+    - RtlInitUnicodeString
+    - ZwWriteFile
+    - DbgPrint
+    - ZwCreateFile
+    - vsprintf
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - ZwMapViewOfSection
+    - ZwUnmapViewOfSection
+    - MmUnlockPages
+    - IoFreeMdl
+    - ZwOpenSection
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - __C_specific_handler
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeTickCount
+    - KeBugCheckEx
+    Imports:
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: 14eead4d42728e9340ec8399a225c124
+    MachineType: IA64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: IBM Polska Sp. z o.o.
+    RichPEHeaderHash:
+        MD5: a636a04d17b366998b7c1c07aeed6b8f
+        SHA1: 21d73d0b88dcdb85eda878180b57c823e4b13610
+        SHA256: c40c075a7fb6945338d1cb5a5254a32ea4c58845c40d3626394b993262d6d6d8
+    SHA1: b4d1554ec19504215d27de0758e13c35ddd6db3e
+    SHA256: b47be212352d407d0ef7458a7161c66b47c2aec8391dd101df11e65728337a6a
+    Sections:
+        .text:
+            Entropy: 5.387578832102652
+            Virtual Size: '0x2c80'
+        .rdata:
+            Entropy: 3.5276453906221574
+            Virtual Size: '0x2d0'
+        .pdata:
+            Entropy: 3.0920063384794108
+            Virtual Size: '0x90'
+        .srdata:
+            Entropy: 2.2708669023612464
+            Virtual Size: '0x148'
+        .sdata:
+            Entropy: 2.1231320048496527
+            Virtual Size: '0xd0'
+        INIT:
+            Entropy: 5.147103167634986
+            Virtual Size: '0x334'
+        .reloc:
+            Entropy: 1.8848419960299854
+            Virtual Size: '0x166'
+    Signature:
+    - IBM Polska Sp. z o.o.
+    - Symantec Class 3 SHA256 Code Signing CA
+    - VeriSign
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=PL, ST=mazowieckie, L=Warsaw, O=IBM Polska Sp. z o.o., CN=IBM
+                Polska Sp. z o.o.
+            ValidFrom: '2016-05-30 00:00:00'
+            ValidTo: '2019-07-29 23:59:59'
+            Signature: 37c4cb65c2d5579c51543d15af31471b5b497715b8018ab41d79e8c5fd07393f3ae94bc05fe9c7c309f7ac8cc213535a8fa8ea90100c57e455b50ddc95ee310d73c0577dd2e02e8f488ac3402f0a04f6bd5f40892e98c1c7a0f2763666416c56578c5124f057a762ac7e12ec79b0513db914a194e0180e7c60ebcfe6669802fa959e117dbe681d72789baa05343c622da0bb17eb05b8c6f0740d7053dbee3f12d569d4186d2dcc65a802e5ff99f6e9737f3b025eb44df12036e51b3d078fb5c29f36134134aa0ac6d34dc45d973b92fb05740c50975194828977dbe9c7218c092a4a96ec45d08610914926d92eb2fc2f0e7e4965dda5f82b7c9bbd731256acbf
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 74c58808c139aecc23260eb2ba16f2fd
+            Version: 3
+            TBS:
+                MD5: e7b67b21239296b841387cb545428012
+                SHA1: 16490d98ea08654a99e355b9b87be04fc66b62df
+                SHA256: 3dfd1ebc716c318dd93c0532018c67ca0e98bdb16dfbbd266dabf6f47dcb8870
+                SHA384: e70fb3a325bd9a1d3b52f5a7d8648a21c9a27ce88da95b324448220897832618a427b2b7d7f99cd4192645f1c1dac2a7
+        -   Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 SHA256 Code Signing CA
+            ValidFrom: '2013-12-10 00:00:00'
+            ValidTo: '2023-12-09 23:59:59'
+            Signature: 13851a1e69a937f7a0bda4af7e1d6153fe9d8c5e0ca6751e781723ddfdec1a035539fb7195c7655aa78e30d2445a61db706fda2105c22e73ba49f1d193fe5dc9cd5e03e0899e3f741ed7f7388ba9d6cfbb352f3358a89256d1c84d3b82e6798416fc28b0b147f31da23eee87d9a67fa456a53fad842e29de7cbca8aaa33d0401eaba93a20e502229174c87e43a115fd6a425899b056b2fb4c9014c277b0bac190522a060153fdac9fb4d4c8ffb726777fd2794c7ba350e8849fe8dfd28af4a12bd0db39705de440c15fa362b03dcc15001f1a1115d14e5e2bd274b54be2b845e0fa6c374050aef97c38922b11f77f3bdcd43d4f14ca93fb58b84af64f2d01421
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 3d78d7f9764960b2617df4f01eca862a
+            Version: 3
+            TBS:
+                MD5: 1f056ff7d5f874984dc605402b7cb042
+                SHA1: bdb348353a2203deb4b767914fa1bd7248dd728b
+                SHA256: a08e79c386083d875014c409c13d144e0a24386132980df11ff59737c8489eb1
+                SHA384: fa2729064b49e0d77540c1ee95d5f74acaf8eaf55197851a3a40383335f8113e51190bc48b552196edf8ac5cf0c89278
+        Signer:
+        -   SerialNumber: 74c58808c139aecc23260eb2ba16f2fd
+            Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 SHA256 Code Signing CA
+            Version: 1
+    Imphash: 2c19472843b56c67efb80d8c447f3cfe
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 2be85acec4d5e36a137af7ef046e0cc8
+        SHA1: b90403d206e5f76bbf699c9627461d9fdafa9aa5
+        SHA256: d453110c9050320419c2064ddea08230de6c76f86b07dc58112208e3d24a809e
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2006-05-05 01:37:49'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: CITMDRV_IA64.sys
+    ImportedFunctions:
+    - ZwClose
+    - ZwOpenFile
+    - RtlInitUnicodeString
+    - ZwWriteFile
+    - DbgPrint
+    - ZwCreateFile
+    - vsprintf
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - ZwMapViewOfSection
+    - ZwUnmapViewOfSection
+    - MmUnlockPages
+    - IoFreeMdl
+    - ZwOpenSection
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - __C_specific_handler
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeTickCount
+    - KeBugCheckEx
+    Imports:
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: 825703c494e0d270f797f1ecf070f698
+    MachineType: IA64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: IBM Polska Sp. z o.o.
+    RichPEHeaderHash:
+        MD5: a636a04d17b366998b7c1c07aeed6b8f
+        SHA1: 21d73d0b88dcdb85eda878180b57c823e4b13610
+        SHA256: c40c075a7fb6945338d1cb5a5254a32ea4c58845c40d3626394b993262d6d6d8
+    SHA1: 5dd2c31c4357a8b76db095364952b3d0e3935e1d
+    SHA256: b9b3878ddc5dfb237d38f8d25067267870afd67d12a330397a8853209c4d889c
+    Sections:
+        .text:
+            Entropy: 5.387578832102652
+            Virtual Size: '0x2c80'
+        .rdata:
+            Entropy: 3.5276453906221574
+            Virtual Size: '0x2d0'
+        .pdata:
+            Entropy: 3.0920063384794108
+            Virtual Size: '0x90'
+        .srdata:
+            Entropy: 2.2708669023612464
+            Virtual Size: '0x148'
+        .sdata:
+            Entropy: 2.1231320048496527
+            Virtual Size: '0xd0'
+        INIT:
+            Entropy: 5.147103167634986
+            Virtual Size: '0x334'
+        .reloc:
+            Entropy: 1.8848419960299854
+            Virtual Size: '0x166'
+    Signature:
+    - IBM Polska Sp. z o.o.
+    - Symantec Class 3 SHA256 Code Signing CA
+    - VeriSign
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=PL, ST=mazowieckie, L=Warsaw, O=IBM Polska Sp. z o.o., CN=IBM
+                Polska Sp. z o.o.
+            ValidFrom: '2016-05-30 00:00:00'
+            ValidTo: '2019-07-29 23:59:59'
+            Signature: 37c4cb65c2d5579c51543d15af31471b5b497715b8018ab41d79e8c5fd07393f3ae94bc05fe9c7c309f7ac8cc213535a8fa8ea90100c57e455b50ddc95ee310d73c0577dd2e02e8f488ac3402f0a04f6bd5f40892e98c1c7a0f2763666416c56578c5124f057a762ac7e12ec79b0513db914a194e0180e7c60ebcfe6669802fa959e117dbe681d72789baa05343c622da0bb17eb05b8c6f0740d7053dbee3f12d569d4186d2dcc65a802e5ff99f6e9737f3b025eb44df12036e51b3d078fb5c29f36134134aa0ac6d34dc45d973b92fb05740c50975194828977dbe9c7218c092a4a96ec45d08610914926d92eb2fc2f0e7e4965dda5f82b7c9bbd731256acbf
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 74c58808c139aecc23260eb2ba16f2fd
+            Version: 3
+            TBS:
+                MD5: e7b67b21239296b841387cb545428012
+                SHA1: 16490d98ea08654a99e355b9b87be04fc66b62df
+                SHA256: 3dfd1ebc716c318dd93c0532018c67ca0e98bdb16dfbbd266dabf6f47dcb8870
+                SHA384: e70fb3a325bd9a1d3b52f5a7d8648a21c9a27ce88da95b324448220897832618a427b2b7d7f99cd4192645f1c1dac2a7
+        -   Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 SHA256 Code Signing CA
+            ValidFrom: '2013-12-10 00:00:00'
+            ValidTo: '2023-12-09 23:59:59'
+            Signature: 13851a1e69a937f7a0bda4af7e1d6153fe9d8c5e0ca6751e781723ddfdec1a035539fb7195c7655aa78e30d2445a61db706fda2105c22e73ba49f1d193fe5dc9cd5e03e0899e3f741ed7f7388ba9d6cfbb352f3358a89256d1c84d3b82e6798416fc28b0b147f31da23eee87d9a67fa456a53fad842e29de7cbca8aaa33d0401eaba93a20e502229174c87e43a115fd6a425899b056b2fb4c9014c277b0bac190522a060153fdac9fb4d4c8ffb726777fd2794c7ba350e8849fe8dfd28af4a12bd0db39705de440c15fa362b03dcc15001f1a1115d14e5e2bd274b54be2b845e0fa6c374050aef97c38922b11f77f3bdcd43d4f14ca93fb58b84af64f2d01421
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 3d78d7f9764960b2617df4f01eca862a
+            Version: 3
+            TBS:
+                MD5: 1f056ff7d5f874984dc605402b7cb042
+                SHA1: bdb348353a2203deb4b767914fa1bd7248dd728b
+                SHA256: a08e79c386083d875014c409c13d144e0a24386132980df11ff59737c8489eb1
+                SHA384: fa2729064b49e0d77540c1ee95d5f74acaf8eaf55197851a3a40383335f8113e51190bc48b552196edf8ac5cf0c89278
+        Signer:
+        -   SerialNumber: 74c58808c139aecc23260eb2ba16f2fd
+            Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 SHA256 Code Signing CA
+            Version: 1
+    Imphash: 2c19472843b56c67efb80d8c447f3cfe
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 2be85acec4d5e36a137af7ef046e0cc8
+        SHA1: b90403d206e5f76bbf699c9627461d9fdafa9aa5
+        SHA256: d453110c9050320419c2064ddea08230de6c76f86b07dc58112208e3d24a809e
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2006-05-05 01:37:49'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: CITMDRV_IA64.sys
+    ImportedFunctions:
+    - ZwClose
+    - ZwOpenFile
+    - RtlInitUnicodeString
+    - ZwWriteFile
+    - DbgPrint
+    - ZwCreateFile
+    - vsprintf
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - ZwMapViewOfSection
+    - ZwUnmapViewOfSection
+    - MmUnlockPages
+    - IoFreeMdl
+    - ZwOpenSection
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - __C_specific_handler
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeTickCount
+    - KeBugCheckEx
+    Imports:
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: 9007c94c9d91ccff8d7f5d4cdddcc403
+    MachineType: IA64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: IBM Polska Sp. z o.o.
+    RichPEHeaderHash:
+        MD5: a636a04d17b366998b7c1c07aeed6b8f
+        SHA1: 21d73d0b88dcdb85eda878180b57c823e4b13610
+        SHA256: c40c075a7fb6945338d1cb5a5254a32ea4c58845c40d3626394b993262d6d6d8
+    SHA1: ecb4d096a9c58643b02f328d2c7742a38e017cf0
+    SHA256: db90e554ad249c2bd888282ecf7d8da4d1538dd364129a3327b54f8242dd5653
+    Sections:
+        .text:
+            Entropy: 5.387578832102652
+            Virtual Size: '0x2c80'
+        .rdata:
+            Entropy: 3.5276453906221574
+            Virtual Size: '0x2d0'
+        .pdata:
+            Entropy: 3.0920063384794108
+            Virtual Size: '0x90'
+        .srdata:
+            Entropy: 2.2708669023612464
+            Virtual Size: '0x148'
+        .sdata:
+            Entropy: 2.1231320048496527
+            Virtual Size: '0xd0'
+        INIT:
+            Entropy: 5.147103167634986
+            Virtual Size: '0x334'
+        .reloc:
+            Entropy: 1.8848419960299854
+            Virtual Size: '0x166'
+    Signature:
+    - IBM Polska Sp. z o.o.
+    - Symantec Class 3 SHA256 Code Signing CA
+    - VeriSign
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=PL, ST=mazowieckie, L=Warsaw, O=IBM Polska Sp. z o.o., CN=IBM
+                Polska Sp. z o.o.
+            ValidFrom: '2016-05-30 00:00:00'
+            ValidTo: '2019-07-29 23:59:59'
+            Signature: 37c4cb65c2d5579c51543d15af31471b5b497715b8018ab41d79e8c5fd07393f3ae94bc05fe9c7c309f7ac8cc213535a8fa8ea90100c57e455b50ddc95ee310d73c0577dd2e02e8f488ac3402f0a04f6bd5f40892e98c1c7a0f2763666416c56578c5124f057a762ac7e12ec79b0513db914a194e0180e7c60ebcfe6669802fa959e117dbe681d72789baa05343c622da0bb17eb05b8c6f0740d7053dbee3f12d569d4186d2dcc65a802e5ff99f6e9737f3b025eb44df12036e51b3d078fb5c29f36134134aa0ac6d34dc45d973b92fb05740c50975194828977dbe9c7218c092a4a96ec45d08610914926d92eb2fc2f0e7e4965dda5f82b7c9bbd731256acbf
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 74c58808c139aecc23260eb2ba16f2fd
+            Version: 3
+            TBS:
+                MD5: e7b67b21239296b841387cb545428012
+                SHA1: 16490d98ea08654a99e355b9b87be04fc66b62df
+                SHA256: 3dfd1ebc716c318dd93c0532018c67ca0e98bdb16dfbbd266dabf6f47dcb8870
+                SHA384: e70fb3a325bd9a1d3b52f5a7d8648a21c9a27ce88da95b324448220897832618a427b2b7d7f99cd4192645f1c1dac2a7
+        -   Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 SHA256 Code Signing CA
+            ValidFrom: '2013-12-10 00:00:00'
+            ValidTo: '2023-12-09 23:59:59'
+            Signature: 13851a1e69a937f7a0bda4af7e1d6153fe9d8c5e0ca6751e781723ddfdec1a035539fb7195c7655aa78e30d2445a61db706fda2105c22e73ba49f1d193fe5dc9cd5e03e0899e3f741ed7f7388ba9d6cfbb352f3358a89256d1c84d3b82e6798416fc28b0b147f31da23eee87d9a67fa456a53fad842e29de7cbca8aaa33d0401eaba93a20e502229174c87e43a115fd6a425899b056b2fb4c9014c277b0bac190522a060153fdac9fb4d4c8ffb726777fd2794c7ba350e8849fe8dfd28af4a12bd0db39705de440c15fa362b03dcc15001f1a1115d14e5e2bd274b54be2b845e0fa6c374050aef97c38922b11f77f3bdcd43d4f14ca93fb58b84af64f2d01421
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 3d78d7f9764960b2617df4f01eca862a
+            Version: 3
+            TBS:
+                MD5: 1f056ff7d5f874984dc605402b7cb042
+                SHA1: bdb348353a2203deb4b767914fa1bd7248dd728b
+                SHA256: a08e79c386083d875014c409c13d144e0a24386132980df11ff59737c8489eb1
+                SHA384: fa2729064b49e0d77540c1ee95d5f74acaf8eaf55197851a3a40383335f8113e51190bc48b552196edf8ac5cf0c89278
+        Signer:
+        -   SerialNumber: 74c58808c139aecc23260eb2ba16f2fd
+            Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 SHA256 Code Signing CA
+            Version: 1
+    Imphash: 2c19472843b56c67efb80d8c447f3cfe
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 2be85acec4d5e36a137af7ef046e0cc8
+        SHA1: b90403d206e5f76bbf699c9627461d9fdafa9aa5
+        SHA256: d453110c9050320419c2064ddea08230de6c76f86b07dc58112208e3d24a809e
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2006-05-05 01:37:49'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: CITMDRV_IA64.sys
+    ImportedFunctions:
+    - ZwClose
+    - ZwOpenFile
+    - RtlInitUnicodeString
+    - ZwWriteFile
+    - DbgPrint
+    - ZwCreateFile
+    - vsprintf
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - ZwMapViewOfSection
+    - ZwUnmapViewOfSection
+    - MmUnlockPages
+    - IoFreeMdl
+    - ZwOpenSection
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - __C_specific_handler
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeTickCount
+    - KeBugCheckEx
+    Imports:
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: 9b359b722ac80c4e0a5235264e1e0156
+    MachineType: IA64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: IBM Polska Sp. z o.o.
+    RichPEHeaderHash:
+        MD5: a636a04d17b366998b7c1c07aeed6b8f
+        SHA1: 21d73d0b88dcdb85eda878180b57c823e4b13610
+        SHA256: c40c075a7fb6945338d1cb5a5254a32ea4c58845c40d3626394b993262d6d6d8
+    SHA1: 4a705af959af61bad48ef7579f839cb5ebd654d2
+    SHA256: e61a54f6d3869b43c4eceac3016df73df67cce03878c5a6167166601c5d3f028
+    Sections:
+        .text:
+            Entropy: 5.387578832102652
+            Virtual Size: '0x2c80'
+        .rdata:
+            Entropy: 3.5276453906221574
+            Virtual Size: '0x2d0'
+        .pdata:
+            Entropy: 3.0920063384794108
+            Virtual Size: '0x90'
+        .srdata:
+            Entropy: 2.2708669023612464
+            Virtual Size: '0x148'
+        .sdata:
+            Entropy: 2.1231320048496527
+            Virtual Size: '0xd0'
+        INIT:
+            Entropy: 5.147103167634986
+            Virtual Size: '0x334'
+        .reloc:
+            Entropy: 1.8848419960299854
+            Virtual Size: '0x166'
+    Signature:
+    - IBM Polska Sp. z o.o.
+    - VeriSign Class 3 Code Signing 2010 CA
+    - VeriSign
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=PL, ST=mazowieckie, L=Warsaw, O=IBM Polska Sp. z o.o., OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, CN=IBM Polska Sp. z
+                o.o.
+            ValidFrom: '2013-05-31 00:00:00'
+            ValidTo: '2016-06-29 23:59:59'
+            Signature: 42e8dc916f2dc408ca5166c8b7ced14e560f83871c13c6c64e315e05fe905f6d744191e2e1fa04e15896b09c9853c735ac78efecf1d9d6c4b81d449b71b041b37f66e879cdd3ccaee2fad716d01f842540235d15c8b607c010ae4abe541053cc38f0f16c25c4cc1064aea63f2db60ebb4a7fd0f4c468f658bfe57c541b1b9292c3e6490604e75ceb222dad4bd25c3cf81031d9eeb9599a7f150f3ea8417ae517a59488fc512bbda13ba30018b1692ebfea87957384abb8cb0ce20141a7d58299a15454184e79a36c7e492e5e98c145e6e2b6010fb70825c2557176ad96047e55ca2136536f9d2357f3bbd970eb696a6af7eedb5ffdbe4696b99412a5d09e568e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 63acb2cbe8cf97d66478469f5ce0d445
+            Version: 3
+            TBS:
+                MD5: d2f517a828f35cbbd527489cdc79ea5d
+                SHA1: c09bc2bc5ba1256a1a7928f16cb0a628ff50209b
+                SHA256: e20f8274f7861cfeac94335c1201e538a22ed769e10c4eef430bf8f50598ff85
+                SHA384: 6011cff1637bf8176fdda7d4f22656034e7cfa63676bb0414ad5e48f3a7e4a0eb013ba6f533c997a0eadc507c65d914f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 63acb2cbe8cf97d66478469f5ce0d445
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 2c19472843b56c67efb80d8c447f3cfe
+    LoadsDespiteHVCI: 'TRUE'
diff --git a/yaml/0f59ce3b-20ac-41ba-8010-2abc74827eb8.yaml b/yaml/0f59ce3b-20ac-41ba-8010-2abc74827eb8.yaml
index 2d1d8bb06..319fd234e 100644
--- a/yaml/0f59ce3b-20ac-41ba-8010-2abc74827eb8.yaml
+++ b/yaml/0f59ce3b-20ac-41ba-8010-2abc74827eb8.yaml
@@ -1,15985 +1,16082 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 0f59ce3b-20ac-41ba-8010-2abc74827eb8
+Tags:
+- cpuz.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create cpuz.sys binPath=C:\windows\temp\cpuz.sys type=kernel &&
-    sc.exe start cpuz.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/8c95d28270a4a314299cf50f05dcbe63033b2a555195d2ad2f678e09e00393e6.yara
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: 0f59ce3b-20ac-41ba-8010-2abc74827eb8
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: d69ba595980ae05f25cf1a43195d7b1d
-    SHA1: e58a98dc42fb6c4817acd01c2049258f2dfdff0e
-    SHA256: baec06b150e0298136275860ecb0aae08a9bd731ef14d255fc729c4bd7e4d832
-  Company: Windows (R) Codename Longhorn DDK provider
-  Copyright: "\xA9 Microsoft Corporation. All rights reserved."
-  CreationTimestamp: '2007-02-10 13:14:24'
-  Date: ''
-  Description: CPU-Z Driver
-  ExportedFunctions: ''
-  FileVersion: '6.0.6000.16386 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - PsGetVersion
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeBugCheckEx
-  - RtlUnwindEx
-  Imports:
-  - ntoskrnl.exe
-  InternalName: cpuz.sys
-  MD5: b0809d8adc254c52f9d06362489ce474
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: cpuz.sys
-  PDBPath: ''
-  Product: Windows (R) Codename Longhorn DDK driver
-  ProductVersion: 6.0.6000.16386
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: bd0558043c8e080a66e4253666539e67
-    SHA1: 32417b0a544c70bb6c39bfe4fea8fffefc27c287
-    SHA256: e15effe07957252ea7419024f3438239cb3d93ef7319b0d929b887ed33f8c153
-  SHA1: 43011eb72be4775fec37aa436753c4d6827395d1
-  SHA256: eaa5dae373553024d7294105e4e07d996f3a8bd47c770cdf8df79bf57619a8cd
-  Sections:
-    .text:
-      Entropy: 6.29679164755045
-      Virtual Size: '0x1256'
-    .rdata:
-      Entropy: 4.716864547788463
-      Virtual Size: '0x1d4'
-    .data:
-      Entropy: 0.6099523004172788
-      Virtual Size: '0x124'
-    .pdata:
-      Entropy: 3.200307705979818
-      Virtual Size: '0x54'
-    INIT:
-      Entropy: 4.829481878189185
-      Virtual Size: '0x1d0'
-    .rsrc:
-      Entropy: 3.4033476900719424
-      Virtual Size: '0x400'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2008-12-03 23:59:59'
-      Signature: 877870da4e5201205be079c98230c4fdb91996bd9100c3bdcdcdc6f40ed8fff94dc033623011c5f5741bd492de5f9c2013b17c45be50cd83e7801783a72793671346fbcab8984103cc9b515b058b7fa86ff31b501b242ef2698d6c22f7bbca1695ed0c74c06877d9eb996287c17390f889747a23aba3987b97b1f78f29714d2e751b4841daf0b50d2054d677a097826369fd09cf8af075bb099bd9f91155269a6132be7a02b07b86bea2c38b222c78d13576bc92735cf9b9e64c150a23cce4d2d4342e4940153c0f607a24c6a566ef96cf70eb3ee7f40d7edcd17ca3767169c19c4f47303521b1a2af1a623c2bd98eaa2a077bd818b35c7be29da56ffe3c89ad
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0de92bf0d4d82988183205095e9a7688
-      Version: 3
-      TBS:
-        MD5: 45c204b8a20f6abb0188d2d38a3fb0c9
-        SHA1: cdf3a3c5c2eda4c29621f30fd3154f9f8c765739
-        SHA256: e32839dddc0f4ed2474efaf37f59d46db400c700fd19533cb0895a111124bc77
-        SHA384: ee9c75832cb252218b3201619852209df490d2ef7a5f7a28afdb37f1c1dd56f4604898838e558f615b1c798d4a488223
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=CPUID
-      ValidFrom: '2007-02-08 00:00:00'
-      ValidTo: '2009-02-07 23:59:59'
-      Signature: 6ca08361ce69863ade5289039d2e6eaf79729d950a57fc32158e56bc0bfc05ca3b76263b8e8a5e2279522eceed35495c697a2f1b1631e1a4f997c8b2e14cd08a3b4aaeca9f150126f5933e6a29fde1e3ef607f452219582ac034c3f95023fd6c5474008ecea3aab5ba096ae73a3dd76b296d3c8b06a72ca763698e49474d624c22ad57a3d11342be8a6d2a49e4af5893003fcf02900a0fbf4854858cc0468d23b9917cfe59ac8b7058de49ab25bbca0bc67f1f367309deed4827295173fad53932d12ad79b8c70175e640f7917fd60940be86d1af397dd5eb0ecb9e92f9e3dc03f2cbf51e9776b31a8cba38fabd8b27e561f66a5ddad46546d6bc984a6a8d8bc
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 10e29d74903d9c7cd58caa35a0944770
-      Version: 3
-      TBS:
-        MD5: 5e3b5587eb8c553dc279bb241c30689d
-        SHA1: 5b5631ff0033ed753a5c630a4d8d48772050db32
-        SHA256: 9b30d9d9f9fd9c0480c0503dd4ac86649d2cc180d1401ade6dd8048356d7f634
-        SHA384: 1886034ac8dc819ed45b8b48b0225cdb142d53d61bda992ee7e4923276c3c36dffbb0f8d929e1ad20c3437709df2399a
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 10e29d74903d9c7cd58caa35a0944770
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  Imphash: 2263350df91a5a4f5e10e68b3b822029
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: bc927975792f67bfeda2d3c8fdf68b49
-    SHA1: 23fdc7c76424fc100c74af895228c45376000728
-    SHA256: c84b0dbc0024c88c61a06d0aa7663a17a15e7c062f185811c5d85e1155e25aeb
-  Company: CPUID
-  Copyright: Copyright(C) 2012 CPUID
-  CreationTimestamp: '2013-05-10 06:41:58'
-  Date: ''
-  Description: CPUID Driver
-  ExportedFunctions: ''
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - IofCompleteRequest
-  - ExFreePool
-  - ExAllocatePoolWithTag
-  - RtlFreeUnicodeString
-  - ObfDereferenceObject
-  - MmIsAddressValid
-  - IoGetDeviceObjectPointer
-  - MmUnmapIoSpace
-  - RtlInitAnsiString
-  - MmMapIoSpace
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - RtlUnwind
-  - KeTickCount
-  - KeBugCheckEx
-  - RtlInitUnicodeString
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - PsGetVersion
-  - KeInitializeEvent
-  - IoBuildDeviceIoControlRequest
-  - IofCallDriver
-  - KeWaitForSingleObject
-  - RtlAnsiStringToUnicodeString
-  - IoCancelIrp
-  - READ_PORT_USHORT
-  - READ_PORT_ULONG
-  - WRITE_PORT_UCHAR
-  - WRITE_PORT_USHORT
-  - WRITE_PORT_ULONG
-  - HalGetBusDataByOffset
-  - HalSetBusDataByOffset
-  - KeStallExecutionProcessor
-  - READ_PORT_UCHAR
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: cpuz.sys
-  MD5: 0e14b69dcf67c20343f85f9fdb5b9300
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: cpuz.sys
-  PDBPath: ''
-  Product: CPUID service
-  ProductVersion: 6.1.7600.16385
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 41f15d0f328a165973b49de608ef72a2
-    SHA1: abcd9850775bd0a1a855e785a238e0e69525810f
-    SHA256: 02dc44b04a6426fcaedf26995bfa471f123a90a9c747e82cebaf95f394890631
-  SHA1: bb1f9cc94e83c59c90b055fe13bb4604b2c624df
-  SHA256: 3813c1aab1760acb963bcc10d6ea3fddc2976b9e291710756408de392bc9e5d5
-  Sections:
-    .text:
-      Entropy: 6.178915961557228
-      Virtual Size: '0x27b0'
-    .rdata:
-      Entropy: 4.662787288256179
-      Virtual Size: '0x2c0'
-    .data:
-      Entropy: 0.335842300318532
-      Virtual Size: '0x1e0'
-    INIT:
-      Entropy: 5.4178574069546706
-      Virtual Size: '0x3f4'
-    .rsrc:
-      Entropy: 3.391941258882184
-      Virtual Size: '0x350'
-    .reloc:
-      Entropy: 5.39741845115168
-      Virtual Size: '0x236'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=CPUID
-      ValidFrom: '2012-01-06 00:00:00'
-      ValidTo: '2015-02-06 23:59:59'
-      Signature: be6fb3b3b33e9108a9a2273d1cf5eb3209a8c3a86ba7d66069393587f6b451b75b327ea15d36b1604aad5509c0ace37fa66e220b35764b9c201169677738c06802d2f798383c256c690898a663b0aeb519491057f9f24149c513abba2a4cab9934a684e5d83a34105fe6681f2b85d5ee06332d1c05c3627758442fd2fc94f5f68bb30f085cb1d31174e1461394aeef7b124291a099654d1103df3deab81e9658b5b5cc817061d688ae39e702f1d0dd420d6de931bed331960e089233b8576482e48d5b769fdfa8df02e1d098912444b324057826e1f72c26f045b2479a9b39eadfd6b2e1bd6db4057ef6b12ca385cad9a7ad82c4414e619f97dfd08a55f59053
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 53c8b54713882d4d5439511804935e
-      Version: 3
-      TBS:
-        MD5: 49e7946e133b4aaa31899adb235d3fa9
-        SHA1: f9f38ec49a6ccb990805be6dda0efa5f7fe8f7e7
-        SHA256: 1bb998a806b890e3300be35de0daa1b691fa218ef3d58ee5ec1b43fd34250a74
-        SHA384: 0a2ca21b084e3b431a7150c49819934d64a8b259d5686706d879a90cc37d32005eb2bbe07558b312b1169ab8a3e3de39
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 53c8b54713882d4d5439511804935e
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 958dd67f866ae27cf716e30a025b266f
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 562b9cc6c321c967a46f05258e263319
-    SHA1: 05719918c31d3eb19909768b5a00de35c499d532
-    SHA256: 148ca220316fe9a0af2b12ed9528273295009d8568bf4c47fbfd4605f0ce2acc
-  Company: CPUID
-  Copyright: Copyright(C) 2013 CPUID
-  CreationTimestamp: '2013-08-24 02:58:17'
-  Date: ''
-  Description: CPUID Driver
-  ExportedFunctions: ''
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - IofCompleteRequest
-  - ExFreePool
-  - ExAllocatePoolWithTag
-  - RtlFreeUnicodeString
-  - ObfDereferenceObject
-  - MmIsAddressValid
-  - IoGetDeviceObjectPointer
-  - MmUnmapIoSpace
-  - RtlInitAnsiString
-  - MmMapIoSpace
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - RtlUnwind
-  - KeTickCount
-  - KeBugCheckEx
-  - RtlInitUnicodeString
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - PsGetVersion
-  - KeInitializeEvent
-  - IoBuildDeviceIoControlRequest
-  - IofCallDriver
-  - KeWaitForSingleObject
-  - RtlAnsiStringToUnicodeString
-  - IoCancelIrp
-  - READ_PORT_USHORT
-  - READ_PORT_ULONG
-  - WRITE_PORT_UCHAR
-  - WRITE_PORT_USHORT
-  - WRITE_PORT_ULONG
-  - HalGetBusDataByOffset
-  - HalSetBusDataByOffset
-  - KeStallExecutionProcessor
-  - READ_PORT_UCHAR
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: cpuz.sys
-  MD5: 6f5cf7feb9bb8108b68f169b8e625ffe
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: cpuz.sys
-  PDBPath: ''
-  Product: CPUID service
-  ProductVersion: 6.1.7600.16385
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 41f15d0f328a165973b49de608ef72a2
-    SHA1: abcd9850775bd0a1a855e785a238e0e69525810f
-    SHA256: 02dc44b04a6426fcaedf26995bfa471f123a90a9c747e82cebaf95f394890631
-  SHA1: 6df42ea7c0e6ee02062bf9ca2aa4aa5cd3775274
-  SHA256: b4c07f7e7c87518e8950eb0651ae34832b1ecee56c89cdfbd1b4efa8cf97779f
-  Sections:
-    .text:
-      Entropy: 6.1949781438911655
-      Virtual Size: '0x2860'
-    .rdata:
-      Entropy: 4.611976907005874
-      Virtual Size: '0x2c0'
-    .data:
-      Entropy: 0.335842300318532
-      Virtual Size: '0x1e0'
-    INIT:
-      Entropy: 5.42180997612463
-      Virtual Size: '0x3f4'
-    .rsrc:
-      Entropy: 3.391941258882184
-      Virtual Size: '0x350'
-    .reloc:
-      Entropy: 5.431068617797713
-      Virtual Size: '0x234'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=CPUID
-      ValidFrom: '2012-01-06 00:00:00'
-      ValidTo: '2015-02-06 23:59:59'
-      Signature: be6fb3b3b33e9108a9a2273d1cf5eb3209a8c3a86ba7d66069393587f6b451b75b327ea15d36b1604aad5509c0ace37fa66e220b35764b9c201169677738c06802d2f798383c256c690898a663b0aeb519491057f9f24149c513abba2a4cab9934a684e5d83a34105fe6681f2b85d5ee06332d1c05c3627758442fd2fc94f5f68bb30f085cb1d31174e1461394aeef7b124291a099654d1103df3deab81e9658b5b5cc817061d688ae39e702f1d0dd420d6de931bed331960e089233b8576482e48d5b769fdfa8df02e1d098912444b324057826e1f72c26f045b2479a9b39eadfd6b2e1bd6db4057ef6b12ca385cad9a7ad82c4414e619f97dfd08a55f59053
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 53c8b54713882d4d5439511804935e
-      Version: 3
-      TBS:
-        MD5: 49e7946e133b4aaa31899adb235d3fa9
-        SHA1: f9f38ec49a6ccb990805be6dda0efa5f7fe8f7e7
-        SHA256: 1bb998a806b890e3300be35de0daa1b691fa218ef3d58ee5ec1b43fd34250a74
-        SHA384: 0a2ca21b084e3b431a7150c49819934d64a8b259d5686706d879a90cc37d32005eb2bbe07558b312b1169ab8a3e3de39
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 53c8b54713882d4d5439511804935e
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 958dd67f866ae27cf716e30a025b266f
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 2c2e50591e0d14b0c72d40134f79dda4
-    SHA1: 2c5a4836fd3a2a868ad5940747b3e23b112f25b1
-    SHA256: b1375cb06b0e1ec47e3afea13824cff8f3d9d995960556c0795e9bec0fe48b70
-  Company: CPUID
-  Copyright: Copyright(C) 2012 CPUID
-  CreationTimestamp: '2012-10-27 12:10:43'
-  Date: ''
-  Description: CPUID Driver
-  ExportedFunctions: ''
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - IofCompleteRequest
-  - ExFreePool
-  - ExAllocatePoolWithTag
-  - RtlFreeUnicodeString
-  - ObfDereferenceObject
-  - MmIsAddressValid
-  - IoGetDeviceObjectPointer
-  - MmUnmapIoSpace
-  - RtlInitAnsiString
-  - MmMapIoSpace
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - RtlUnwind
-  - KeTickCount
-  - KeBugCheckEx
-  - RtlInitUnicodeString
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - PsGetVersion
-  - KeInitializeEvent
-  - IoBuildDeviceIoControlRequest
-  - IofCallDriver
-  - KeWaitForSingleObject
-  - RtlAnsiStringToUnicodeString
-  - IoCancelIrp
-  - READ_PORT_USHORT
-  - READ_PORT_ULONG
-  - WRITE_PORT_UCHAR
-  - WRITE_PORT_USHORT
-  - WRITE_PORT_ULONG
-  - HalGetBusDataByOffset
-  - HalSetBusDataByOffset
-  - KeStallExecutionProcessor
-  - READ_PORT_UCHAR
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: cpuz.sys
-  MD5: 2da269863ed99be7b6b8ec2adc710648
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: cpuz.sys
-  PDBPath: ''
-  Product: CPUID service
-  ProductVersion: 6.1.7600.16385
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 41f15d0f328a165973b49de608ef72a2
-    SHA1: abcd9850775bd0a1a855e785a238e0e69525810f
-    SHA256: 02dc44b04a6426fcaedf26995bfa471f123a90a9c747e82cebaf95f394890631
-  SHA1: 016aa643fbd8e10484741436bcacc0d9eee483c8
-  SHA256: 68671b735716ffc168addc052c5dc3d635e63e71c1e78815e7874286c3fcc248
-  Sections:
-    .text:
-      Entropy: 6.1850377511861385
-      Virtual Size: '0x2720'
-    .rdata:
-      Entropy: 4.631958539046656
-      Virtual Size: '0x2c0'
-    .data:
-      Entropy: 0.335842300318532
-      Virtual Size: '0x1e0'
-    INIT:
-      Entropy: 5.4138482125603415
-      Virtual Size: '0x3f4'
-    .rsrc:
-      Entropy: 3.391941258882184
-      Virtual Size: '0x350'
-    .reloc:
-      Entropy: 5.465598053010044
-      Virtual Size: '0x230'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G3
-      ValidFrom: '2012-05-01 00:00:00'
-      ValidTo: '2012-12-31 23:59:59'
-      Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
-      Version: 3
-      TBS:
-        MD5: e6d820afb23af20a65cf0b03247ea05e
-        SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
-        SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
-        SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=CPUID
-      ValidFrom: '2012-01-06 00:00:00'
-      ValidTo: '2015-02-06 23:59:59'
-      Signature: be6fb3b3b33e9108a9a2273d1cf5eb3209a8c3a86ba7d66069393587f6b451b75b327ea15d36b1604aad5509c0ace37fa66e220b35764b9c201169677738c06802d2f798383c256c690898a663b0aeb519491057f9f24149c513abba2a4cab9934a684e5d83a34105fe6681f2b85d5ee06332d1c05c3627758442fd2fc94f5f68bb30f085cb1d31174e1461394aeef7b124291a099654d1103df3deab81e9658b5b5cc817061d688ae39e702f1d0dd420d6de931bed331960e089233b8576482e48d5b769fdfa8df02e1d098912444b324057826e1f72c26f045b2479a9b39eadfd6b2e1bd6db4057ef6b12ca385cad9a7ad82c4414e619f97dfd08a55f59053
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 53c8b54713882d4d5439511804935e
-      Version: 3
-      TBS:
-        MD5: 49e7946e133b4aaa31899adb235d3fa9
-        SHA1: f9f38ec49a6ccb990805be6dda0efa5f7fe8f7e7
-        SHA256: 1bb998a806b890e3300be35de0daa1b691fa218ef3d58ee5ec1b43fd34250a74
-        SHA384: 0a2ca21b084e3b431a7150c49819934d64a8b259d5686706d879a90cc37d32005eb2bbe07558b312b1169ab8a3e3de39
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 53c8b54713882d4d5439511804935e
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 958dd67f866ae27cf716e30a025b266f
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 492e80d8c5bab03079565efdad04a25c
-    SHA1: 99c0f8e7ea48857bd8d0c1ac39123a28d2fea7ce
-    SHA256: 67b4d4995c9a054e90af05d7e04baf39759c478a519a3c729cbf6ffb041ae7cb
-  Company: CPUID
-  Copyright: Copyright(C) 2014 CPUID
-  CreationTimestamp: '2014-08-11 07:27:34'
-  Date: ''
-  Description: CPUID Driver
-  ExportedFunctions: ''
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - RtlAnsiStringToUnicodeString
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeInitializeEvent
-  - RtlInitAnsiString
-  - MmUnmapIoSpace
-  - IoCancelIrp
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - ExFreePoolWithTag
-  - IofCompleteRequest
-  - KeWaitForSingleObject
-  - PsGetVersion
-  - IoCreateSymbolicLink
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - IofCallDriver
-  - KeBugCheckEx
-  - IoDeleteSymbolicLink
-  - IoBuildDeviceIoControlRequest
-  - MmMapIoSpace
-  - ExAllocatePoolWithTag
-  - RtlUnwindEx
-  - HalSetBusDataByOffset
-  - KeStallExecutionProcessor
-  - HalGetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: cpuz.sys
-  MD5: 1b76363059fef4f7da752eb0dfb0c1e1
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: cpuz.sys
-  PDBPath: ''
-  Product: CPUID service
-  ProductVersion: 6.1.7600.16385
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 685a19a8e9f46a76067db83da501dca0
-    SHA1: 5f76e4cf5157450837536db016e9981cb41394d2
-    SHA256: 1a0c69ff029488d41c7d9413943c28d389016adb26698d9baf02c6f32739d591
-  SHA1: 862387e84baaf506c10080620cc46df2bda03eea
-  SHA256: f7e0cca8ad9ea1e34fa1a5e0533a746b2fa0988ba56b01542bc43841e463b686
-  Sections:
-    .text:
-      Entropy: 6.183536514789665
-      Virtual Size: '0x2fe6'
-    .rdata:
-      Entropy: 4.171435127029681
-      Virtual Size: '0x434'
-    .data:
-      Entropy: 0.378703493487675
-      Virtual Size: '0x2c0'
-    .pdata:
-      Entropy: 3.6206191013715263
-      Virtual Size: '0xd8'
-    INIT:
-      Entropy: 5.075842952801464
-      Virtual Size: '0x406'
-    .rsrc:
-      Entropy: 3.3938887641350184
-      Virtual Size: '0x350'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=CPUID
-      ValidFrom: '2012-01-06 00:00:00'
-      ValidTo: '2015-02-06 23:59:59'
-      Signature: be6fb3b3b33e9108a9a2273d1cf5eb3209a8c3a86ba7d66069393587f6b451b75b327ea15d36b1604aad5509c0ace37fa66e220b35764b9c201169677738c06802d2f798383c256c690898a663b0aeb519491057f9f24149c513abba2a4cab9934a684e5d83a34105fe6681f2b85d5ee06332d1c05c3627758442fd2fc94f5f68bb30f085cb1d31174e1461394aeef7b124291a099654d1103df3deab81e9658b5b5cc817061d688ae39e702f1d0dd420d6de931bed331960e089233b8576482e48d5b769fdfa8df02e1d098912444b324057826e1f72c26f045b2479a9b39eadfd6b2e1bd6db4057ef6b12ca385cad9a7ad82c4414e619f97dfd08a55f59053
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 53c8b54713882d4d5439511804935e
-      Version: 3
-      TBS:
-        MD5: 49e7946e133b4aaa31899adb235d3fa9
-        SHA1: f9f38ec49a6ccb990805be6dda0efa5f7fe8f7e7
-        SHA256: 1bb998a806b890e3300be35de0daa1b691fa218ef3d58ee5ec1b43fd34250a74
-        SHA384: 0a2ca21b084e3b431a7150c49819934d64a8b259d5686706d879a90cc37d32005eb2bbe07558b312b1169ab8a3e3de39
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 53c8b54713882d4d5439511804935e
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 82942c060f79cefd3bf1acdf5c207561
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 27d08cb8b1f2a78da7121170b53bdbb8
-    SHA1: 98de5c1a5aaaaf957ee912ad93009106abdb4530
-    SHA256: 2c27ad462ed0e16252b834cf0c76b1c5085ad9b7b6a13f67d1d2471177f1b177
-  Company: CPUID
-  Copyright: Copyright(C) 2013 CPUID
-  CreationTimestamp: '2013-07-26 07:40:20'
-  Date: ''
-  Description: CPUID Driver
-  ExportedFunctions: ''
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - RtlAnsiStringToUnicodeString
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeInitializeEvent
-  - RtlInitAnsiString
-  - MmUnmapIoSpace
-  - IoCancelIrp
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - ExFreePoolWithTag
-  - IofCompleteRequest
-  - KeWaitForSingleObject
-  - PsGetVersion
-  - IoCreateSymbolicLink
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - IofCallDriver
-  - KeBugCheckEx
-  - IoDeleteSymbolicLink
-  - IoBuildDeviceIoControlRequest
-  - MmMapIoSpace
-  - ExAllocatePoolWithTag
-  - RtlUnwindEx
-  - HalSetBusDataByOffset
-  - KeStallExecutionProcessor
-  - HalGetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: cpuz.sys
-  MD5: d74d202646e5a6d0d2c4207e1f949826
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: cpuz.sys
-  PDBPath: ''
-  Product: CPUID service
-  ProductVersion: 6.1.7600.16385
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 685a19a8e9f46a76067db83da501dca0
-    SHA1: 5f76e4cf5157450837536db016e9981cb41394d2
-    SHA256: 1a0c69ff029488d41c7d9413943c28d389016adb26698d9baf02c6f32739d591
-  SHA1: 8d0ae69fbe0c6575b6f8caf3983dd3ddc65aadb5
-  SHA256: 65e3548bc09dffd550e79501e3fe0fee268f895908e2bba1aa5620eb9bdac52d
-  Sections:
-    .text:
-      Entropy: 6.114632106877763
-      Virtual Size: '0x2876'
-    .rdata:
-      Entropy: 4.160432361069591
-      Virtual Size: '0x3d4'
-    .data:
-      Entropy: 0.378703493487675
-      Virtual Size: '0x2c0'
-    .pdata:
-      Entropy: 3.5059142627376296
-      Virtual Size: '0xc0'
-    INIT:
-      Entropy: 5.076575853289
-      Virtual Size: '0x406'
-    .rsrc:
-      Entropy: 3.3935766621226473
-      Virtual Size: '0x350'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=CPUID
-      ValidFrom: '2012-01-06 00:00:00'
-      ValidTo: '2015-02-06 23:59:59'
-      Signature: be6fb3b3b33e9108a9a2273d1cf5eb3209a8c3a86ba7d66069393587f6b451b75b327ea15d36b1604aad5509c0ace37fa66e220b35764b9c201169677738c06802d2f798383c256c690898a663b0aeb519491057f9f24149c513abba2a4cab9934a684e5d83a34105fe6681f2b85d5ee06332d1c05c3627758442fd2fc94f5f68bb30f085cb1d31174e1461394aeef7b124291a099654d1103df3deab81e9658b5b5cc817061d688ae39e702f1d0dd420d6de931bed331960e089233b8576482e48d5b769fdfa8df02e1d098912444b324057826e1f72c26f045b2479a9b39eadfd6b2e1bd6db4057ef6b12ca385cad9a7ad82c4414e619f97dfd08a55f59053
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 53c8b54713882d4d5439511804935e
-      Version: 3
-      TBS:
-        MD5: 49e7946e133b4aaa31899adb235d3fa9
-        SHA1: f9f38ec49a6ccb990805be6dda0efa5f7fe8f7e7
-        SHA256: 1bb998a806b890e3300be35de0daa1b691fa218ef3d58ee5ec1b43fd34250a74
-        SHA384: 0a2ca21b084e3b431a7150c49819934d64a8b259d5686706d879a90cc37d32005eb2bbe07558b312b1169ab8a3e3de39
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 53c8b54713882d4d5439511804935e
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 82942c060f79cefd3bf1acdf5c207561
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 39c20781bf75e604e2debe9a259a460b
-    SHA1: c01b2b502d2c83c09c1d99b17a1a6b2484948f53
-    SHA256: e618c3484111ea363a1ecd2c5f5d4abab13f2f474c870bfa5f6edb98df66f4cc
-  Company: CPUID
-  Copyright: Copyright(C) 2013 CPUID
-  CreationTimestamp: '2013-07-12 08:55:46'
-  Date: ''
-  Description: CPUID Driver
-  ExportedFunctions: ''
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - RtlAnsiStringToUnicodeString
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeInitializeEvent
-  - RtlInitAnsiString
-  - MmUnmapIoSpace
-  - IoCancelIrp
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - ExFreePoolWithTag
-  - IofCompleteRequest
-  - KeWaitForSingleObject
-  - PsGetVersion
-  - IoCreateSymbolicLink
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - IofCallDriver
-  - KeBugCheckEx
-  - IoDeleteSymbolicLink
-  - IoBuildDeviceIoControlRequest
-  - MmMapIoSpace
-  - ExAllocatePoolWithTag
-  - RtlUnwindEx
-  - HalSetBusDataByOffset
-  - KeStallExecutionProcessor
-  - HalGetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: cpuz.sys
-  MD5: 6c28461e78f8d908ca9a66bad2e212f7
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: cpuz.sys
-  PDBPath: ''
-  Product: CPUID service
-  ProductVersion: 6.1.7600.16385
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 685a19a8e9f46a76067db83da501dca0
-    SHA1: 5f76e4cf5157450837536db016e9981cb41394d2
-    SHA256: 1a0c69ff029488d41c7d9413943c28d389016adb26698d9baf02c6f32739d591
-  SHA1: b52886433e608926a0b6e623217009e4071b107e
-  SHA256: fb1183ef22ecbcc28f9c0a351c2c0280f1312a0fdf8a9983161691e2585efc70
-  Sections:
-    .text:
-      Entropy: 6.189245074011195
-      Virtual Size: '0x2636'
-    .rdata:
-      Entropy: 4.147289236280725
-      Virtual Size: '0x3d4'
-    .data:
-      Entropy: 0.378703493487675
-      Virtual Size: '0x2c0'
-    .pdata:
-      Entropy: 3.4744046458679896
-      Virtual Size: '0xc0'
-    INIT:
-      Entropy: 5.076575853289
-      Virtual Size: '0x406'
-    .rsrc:
-      Entropy: 3.3935766621226473
-      Virtual Size: '0x350'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=CPUID
-      ValidFrom: '2012-01-06 00:00:00'
-      ValidTo: '2015-02-06 23:59:59'
-      Signature: be6fb3b3b33e9108a9a2273d1cf5eb3209a8c3a86ba7d66069393587f6b451b75b327ea15d36b1604aad5509c0ace37fa66e220b35764b9c201169677738c06802d2f798383c256c690898a663b0aeb519491057f9f24149c513abba2a4cab9934a684e5d83a34105fe6681f2b85d5ee06332d1c05c3627758442fd2fc94f5f68bb30f085cb1d31174e1461394aeef7b124291a099654d1103df3deab81e9658b5b5cc817061d688ae39e702f1d0dd420d6de931bed331960e089233b8576482e48d5b769fdfa8df02e1d098912444b324057826e1f72c26f045b2479a9b39eadfd6b2e1bd6db4057ef6b12ca385cad9a7ad82c4414e619f97dfd08a55f59053
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 53c8b54713882d4d5439511804935e
-      Version: 3
-      TBS:
-        MD5: 49e7946e133b4aaa31899adb235d3fa9
-        SHA1: f9f38ec49a6ccb990805be6dda0efa5f7fe8f7e7
-        SHA256: 1bb998a806b890e3300be35de0daa1b691fa218ef3d58ee5ec1b43fd34250a74
-        SHA384: 0a2ca21b084e3b431a7150c49819934d64a8b259d5686706d879a90cc37d32005eb2bbe07558b312b1169ab8a3e3de39
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 53c8b54713882d4d5439511804935e
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 82942c060f79cefd3bf1acdf5c207561
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: f432aa1e809be9d47392cb0577a93a59
-    SHA1: a1eb60e96042ae7794c98e8496cb3165b0d0c6bb
-    SHA256: b5c8521c00f0a9003d3f91abb0b881e8657ba5f5cf74a1223a88499a85916e68
-  Company: CPUID
-  Copyright: Copyright(C) 2016 CPUID
-  CreationTimestamp: '2016-08-14 13:15:05'
-  Date: ''
-  Description: CPUID Driver
-  ExportedFunctions: ''
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - ObfDereferenceObject
-  - IoGetDeviceObjectPointer
-  - RtlAnsiStringToUnicodeString
-  - RtlInitAnsiString
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - IoDeleteDevice
-  - RtlFreeUnicodeString
-  - RtlInitUnicodeString
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - RtlUnwind
-  - KeTickCount
-  - KeBugCheckEx
-  - ExAllocatePoolWithTag
-  - ExFreePool
-  - IofCompleteRequest
-  - KeInitializeEvent
-  - IoBuildDeviceIoControlRequest
-  - IofCallDriver
-  - KeWaitForSingleObject
-  - IoCancelIrp
-  - IoDeleteSymbolicLink
-  - PsGetVersion
-  - READ_PORT_USHORT
-  - READ_PORT_ULONG
-  - WRITE_PORT_UCHAR
-  - WRITE_PORT_USHORT
-  - WRITE_PORT_ULONG
-  - KeStallExecutionProcessor
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  - READ_PORT_UCHAR
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: cpuz.sys
-  MD5: 2b8814cff6351c2b775387770053bdec
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: cpuz.sys
-  PDBPath: ''
-  Product: CPUID service
-  ProductVersion: 6.1.7600.16385
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 151279b238de6194a32d8ca426ceaeee
-    SHA1: 7836f9fa452c5a538aed446df8439f2f49cc74aa
-    SHA256: 1319e59df060332195af6318ab22fe3f5018b1498211216a28a48f73980ab3b0
-  SHA1: 5965ca5462cd9f24c67a1a1c4ef277fab8ea81d3
-  SHA256: ff987c30ce822d99f3b4b4e23c61b88955f52406a95e6331570a2a13cbebc498
-  Sections:
-    .text:
-      Entropy: 6.247223634292865
-      Virtual Size: '0x3490'
-    .rdata:
-      Entropy: 4.666472430079068
-      Virtual Size: '0x2f4'
-    .data:
-      Entropy: 0.31780982431271465
-      Virtual Size: '0x360'
-    INIT:
-      Entropy: 5.436222354875528
-      Virtual Size: '0x3dc'
-    .rsrc:
-      Entropy: 3.380165139130706
-      Virtual Size: '0x350'
-    .reloc:
-      Entropy: 5.635896599325999
-      Virtual Size: '0x286'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, CN=CPUID
-      ValidFrom: '2014-12-02 00:00:00'
-      ValidTo: '2018-03-02 23:59:59'
-      Signature: a59808b35f916a1201f0987b958aaaf50b81f3e507cf9d1b902bc22787244617e38069e4ca74bcf505dfdfeb6bad8bee2ecba26a428c2b26c9b9987241b50ccfd895a7335b35534c5569fdef2554d773cb3b20f10e08eeff2701d2a3e8ef7c5bb759baf1995d1580dce4f0c5da90eff4f07e01e7c9273b24c14c514f2ae1d1fe940dd53bfa25572cd6f3c007c7f21aebc58ea32ca3aea83c731419c9dcc191158cbb52b0b70545a16c9b42aadd4dcb167443d6c15fa03ae7f6f0f644845a69cb8badb3f143fd916a70c5008c3486d1f0cc8e0527f76da5aeaca4925f6eb6861dd54e1ce8b80e6b000446d77ac8bd0299e38db3b8e4a9c43294367cd6a55351d0
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 2d8021d84f098e7abde199f818e211a4
-      Version: 3
-      TBS:
-        MD5: 8f8c7ccf1ef7e1ee347f49e8266008ca
-        SHA1: b856b993df73da9d824aa1e5161788bd10d1e10e
-        SHA256: 1dd13a417806106c76cfbcd3614fe27a0638d2aaf2731f6a110c05043e34ad91
-        SHA384: d24ede407b82f80a6f0703b59af267f227a956c21f642f4c3d717d6999728ba2acfde76966340f4334f8ecdcf294616e
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 2d8021d84f098e7abde199f818e211a4
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 59b168c8ba0db46cb70d1d5a103e6c41
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 79ba474dbde75a8ca70258985b5b4bec
-    SHA1: d9073bd99852839538195fec30a6f0eff0060983
-    SHA256: 08b5f31070e370fbbf4f6e9a99c594c6e33846c82a56c773116705eda3109b62
-  Company: Windows (R) Win 7 DDK provider
-  Copyright: "\xA9 Microsoft Corporation. All rights reserved."
-  CreationTimestamp: '2010-05-11 03:58:57'
-  Date: ''
-  Description: CPUID Driver
-  ExportedFunctions: ''
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - RtlAnsiStringToUnicodeString
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - ProbeForWrite
-  - KeInitializeEvent
-  - RtlInitAnsiString
-  - MmUnmapIoSpace
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - ExFreePoolWithTag
-  - IofCompleteRequest
-  - KeWaitForSingleObject
-  - PsGetVersion
-  - IoCreateSymbolicLink
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - IofCallDriver
-  - KeBugCheckEx
-  - IoDeleteSymbolicLink
-  - IoBuildDeviceIoControlRequest
-  - MmMapIoSpace
-  - ExAllocatePoolWithTag
-  - RtlUnwindEx
-  - HalSetBusDataByOffset
-  - KeStallExecutionProcessor
-  - HalGetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: cpuz.sys
-  MD5: 95c88d25e211a4d52a82c53e5d93e634
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: cpuz.sys
-  PDBPath: ''
-  Product: Windows (R) Win 7 DDK driver
-  ProductVersion: 6.1.7600.16385
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 89dc670b5f7c06b577deeec9473dc96b
-    SHA1: af59c00ae531117ba9307257ab945cdf6c8309f6
-    SHA256: 35b9d8fc904c88f4df237edc610727f89c415e48bcf135191c43832bb2935ba6
-  SHA1: 35f803d483af51762bee3ec130de6a03362ce920
-  SHA256: 65deb5dca18ee846e7272894f74d84d9391bbe260c22f24a65ab37d48bd85377
-  Sections:
-    .text:
-      Entropy: 6.181778166104893
-      Virtual Size: '0x2146'
-    .rdata:
-      Entropy: 4.238598290844655
-      Virtual Size: '0x3d0'
-    .data:
-      Entropy: 0.378703493487675
-      Virtual Size: '0x2c0'
-    .pdata:
-      Entropy: 3.4475288205696204
-      Virtual Size: '0x90'
-    INIT:
-      Entropy: 5.069433080691773
-      Virtual Size: '0x408'
-    .rsrc:
-      Entropy: 3.4155760648585995
-      Virtual Size: '0x3d0'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=CPUID
-      ValidFrom: '2009-02-02 00:00:00'
-      ValidTo: '2012-02-07 23:59:59'
-      Signature: 9a9bbecb393272aaedfd7a125e0fe581151a18a75a4094e082a38156f62018b9d59edef27429bbea60d6e146a2ce134546d54e00b6585c1d85e3aedfb3b9a5de7728a96b2bcc26106655bae6bc5ce3a72714f9e23282a2fba29fc870b394e832f07dc50ded3a042953fe91379769e424398278b6ed14ae4f6b4cce5fa7ba20fc8d157a78fd308214d177189bcd76b2bd62a861a8c1562e2748f338f7369f0f062804685399a6655fcb4564a644e7a8bee8330557376884cce9153992e8e205bc1474dbd0109b3c87991db9bb77a9dff5775267390431ce56ff49500d8ad70be34a0d9a0b112e07eb55f0fe07de9ac93a0b30cb36029b5ec41e032daf66627d4e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
-      Version: 3
-      TBS:
-        MD5: fb72fa311261c4fb6a786e5cc7ce1d2f
-        SHA1: 1006abcf3b1eb43fd4cc42a2cc25346b3b9002c3
-        SHA256: 01beb7dc0d29b16a5506fc611b435aa0f4d9c50408ca404e91135e493a20890a
-        SHA384: 759175ad5a7509fc3ea3678d14e568abd0edeb753b53af88af04869bea98a07314b88c26de077ab3bdb6dbb1df1b93f9
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  Imphash: be527e5f470fbc661f914c81bfc9af38
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: be39d98c2a6042891fb0d2af53374f27
-    SHA1: 2f1ec40d264cfb36c7a15d4818f0ed230ff029e1
-    SHA256: 7f7c6346a25d465fbc06c41d841e6a5c7645545448db88793ab29d8e5637fae5
-  Company: CPUID
-  Copyright: Copyright(C) 2016 CPUID
-  CreationTimestamp: '2016-10-18 06:14:21'
-  Date: ''
-  Description: CPUID Driver
-  ExportedFunctions: ''
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - PsGetVersion
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeTickCount
-  - KeBugCheckEx
-  - IofCompleteRequest
-  - MmMapIoSpace
-  - MmUnmapIoSpace
-  - ProbeForWrite
-  - IoDeleteDevice
-  - RtlInitUnicodeString
-  - IoDeleteSymbolicLink
-  - RtlUnwindEx
-  - RtlPcToFileHeader
-  - READ_PORT_USHORT
-  - WRITE_PORT_ULONG
-  - HalGetBusDataByOffset
-  - HalSetBusDataByOffset
-  - READ_PORT_UCHAR
-  - HalCallPal
-  - WRITE_PORT_UCHAR
-  - KeStallExecutionProcessor
-  - WRITE_PORT_USHORT
-  - READ_PORT_ULONG
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: cpuz.sys
-  MD5: 047c06d4d38ea443c9af23a501c4480d
-  MachineType: IA64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: cpuz.sys
-  PDBPath: ''
-  Product: CPUID service
-  ProductVersion: 6.1.7600.16385
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 756be87f8c768cb8bfd02af932dd7589
-    SHA1: 16c2ebba52ba9fb0ef5570c1d620daaaee63865a
-    SHA256: 48acdfbe5ad27d73c0fd9b115a49420f182d146bca52797ce33cc2a061ff0ced
-  SHA1: 2ed4b51429b0a3303a645effc84022512f829836
-  SHA256: 405a99028c99f36ab0f84a1fd810a167b8f0597725e37513d7430617106501f1
-  Sections:
-    .text:
-      Entropy: 5.382748001307074
-      Virtual Size: '0x4080'
-    .rdata:
-      Entropy: 4.0867439500201925
-      Virtual Size: '0x430'
-    .pdata:
-      Entropy: 3.3686529491569175
-      Virtual Size: '0xcc'
-    .sdata:
-      Entropy: 1.1203888318125959
-      Virtual Size: '0x420'
-    INIT:
-      Entropy: 5.0154033944534415
-      Virtual Size: '0x3e8'
-    .rsrc:
-      Entropy: 3.382074768712142
-      Virtual Size: '0x350'
-    .reloc:
-      Entropy: 0.9037311282531212
-      Virtual Size: '0x184'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, CN=CPUID
-      ValidFrom: '2014-12-02 00:00:00'
-      ValidTo: '2018-03-02 23:59:59'
-      Signature: a59808b35f916a1201f0987b958aaaf50b81f3e507cf9d1b902bc22787244617e38069e4ca74bcf505dfdfeb6bad8bee2ecba26a428c2b26c9b9987241b50ccfd895a7335b35534c5569fdef2554d773cb3b20f10e08eeff2701d2a3e8ef7c5bb759baf1995d1580dce4f0c5da90eff4f07e01e7c9273b24c14c514f2ae1d1fe940dd53bfa25572cd6f3c007c7f21aebc58ea32ca3aea83c731419c9dcc191158cbb52b0b70545a16c9b42aadd4dcb167443d6c15fa03ae7f6f0f644845a69cb8badb3f143fd916a70c5008c3486d1f0cc8e0527f76da5aeaca4925f6eb6861dd54e1ce8b80e6b000446d77ac8bd0299e38db3b8e4a9c43294367cd6a55351d0
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 2d8021d84f098e7abde199f818e211a4
-      Version: 3
-      TBS:
-        MD5: 8f8c7ccf1ef7e1ee347f49e8266008ca
-        SHA1: b856b993df73da9d824aa1e5161788bd10d1e10e
-        SHA256: 1dd13a417806106c76cfbcd3614fe27a0638d2aaf2731f6a110c05043e34ad91
-        SHA384: d24ede407b82f80a6f0703b59af267f227a956c21f642f4c3d717d6999728ba2acfde76966340f4334f8ecdcf294616e
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 2d8021d84f098e7abde199f818e211a4
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: a2d936fa82b7340d28a697fb344046d8
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: ae9888a8e8498c39c3b358ddddcb23f7
-    SHA1: e7b6a1604851f36f5d3085637459cef8c819e0f9
-    SHA256: 1cad825ef477bdbafda6be0bbe9149d915560077d9017655fdb7f2233da9ad01
-  Company: CPUID
-  Copyright: Copyright(C) 2012 CPUID
-  CreationTimestamp: '2013-03-20 05:05:43'
-  Date: ''
-  Description: CPUID Driver
-  ExportedFunctions: ''
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - RtlAnsiStringToUnicodeString
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeInitializeEvent
-  - RtlInitAnsiString
-  - MmUnmapIoSpace
-  - IoCancelIrp
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - ExFreePoolWithTag
-  - IofCompleteRequest
-  - KeWaitForSingleObject
-  - PsGetVersion
-  - IoCreateSymbolicLink
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - IofCallDriver
-  - KeBugCheckEx
-  - IoDeleteSymbolicLink
-  - IoBuildDeviceIoControlRequest
-  - MmMapIoSpace
-  - ExAllocatePoolWithTag
-  - RtlUnwindEx
-  - HalSetBusDataByOffset
-  - KeStallExecutionProcessor
-  - HalGetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: cpuz.sys
-  MD5: c6cfa2d6e4c443e673c2c12417ea3001
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: cpuz.sys
-  PDBPath: ''
-  Product: CPUID service
-  ProductVersion: 6.1.7600.16385
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 685a19a8e9f46a76067db83da501dca0
-    SHA1: 5f76e4cf5157450837536db016e9981cb41394d2
-    SHA256: 1a0c69ff029488d41c7d9413943c28d389016adb26698d9baf02c6f32739d591
-  SHA1: c4ce0bb8a939c4f4cff955d9b3cdd9eb52746cc9
-  SHA256: 69640e9209f8e2ac25416bd3119b5308894b6ce22b5c80cb5d5f98f2f85d42ce
-  Sections:
-    .text:
-      Entropy: 6.190167312604016
-      Virtual Size: '0x2616'
-    .rdata:
-      Entropy: 4.171579257216199
-      Virtual Size: '0x3d4'
-    .data:
-      Entropy: 0.378703493487675
-      Virtual Size: '0x2c0'
-    .pdata:
-      Entropy: 3.501505002731896
-      Virtual Size: '0xc0'
-    INIT:
-      Entropy: 5.076575853289
-      Virtual Size: '0x406'
-    .rsrc:
-      Entropy: 3.3935766621226473
-      Virtual Size: '0x350'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=CPUID
-      ValidFrom: '2012-01-06 00:00:00'
-      ValidTo: '2015-02-06 23:59:59'
-      Signature: be6fb3b3b33e9108a9a2273d1cf5eb3209a8c3a86ba7d66069393587f6b451b75b327ea15d36b1604aad5509c0ace37fa66e220b35764b9c201169677738c06802d2f798383c256c690898a663b0aeb519491057f9f24149c513abba2a4cab9934a684e5d83a34105fe6681f2b85d5ee06332d1c05c3627758442fd2fc94f5f68bb30f085cb1d31174e1461394aeef7b124291a099654d1103df3deab81e9658b5b5cc817061d688ae39e702f1d0dd420d6de931bed331960e089233b8576482e48d5b769fdfa8df02e1d098912444b324057826e1f72c26f045b2479a9b39eadfd6b2e1bd6db4057ef6b12ca385cad9a7ad82c4414e619f97dfd08a55f59053
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 53c8b54713882d4d5439511804935e
-      Version: 3
-      TBS:
-        MD5: 49e7946e133b4aaa31899adb235d3fa9
-        SHA1: f9f38ec49a6ccb990805be6dda0efa5f7fe8f7e7
-        SHA256: 1bb998a806b890e3300be35de0daa1b691fa218ef3d58ee5ec1b43fd34250a74
-        SHA384: 0a2ca21b084e3b431a7150c49819934d64a8b259d5686706d879a90cc37d32005eb2bbe07558b312b1169ab8a3e3de39
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 53c8b54713882d4d5439511804935e
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 82942c060f79cefd3bf1acdf5c207561
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 8cb580b145c4fba69e29722ac8177d2a
-    SHA1: 3daf8df84e3cd4aeff1da9e84ab5817e7c877162
-    SHA256: 7f8cabb101d8ee0d76444fa4caa115b88b53ad8bd95516cae563bf92b910fa99
-  Company: Windows (R) Codename Longhorn DDK provider
-  Copyright: "\xA9 Microsoft Corporation. All rights reserved."
-  CreationTimestamp: '2008-12-02 06:51:19'
-  Date: ''
-  Description: CPUID Driver
-  ExportedFunctions: ''
-  FileVersion: '6.0.6000.16386 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - IoDeleteSymbolicLink
-  - IoCreateSymbolicLink
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - RtlAnsiStringToUnicodeString
-  - RtlFreeUnicodeString
-  - IoCreateDevice
-  - IofCallDriver
-  - IoGetDeviceObjectPointer
-  - IoBuildDeviceIoControlRequest
-  - IoDeleteDevice
-  - ProbeForWrite
-  - MmMapIoSpace
-  - KeInitializeEvent
-  - RtlInitAnsiString
-  - IofCompleteRequest
-  - KeWaitForSingleObject
-  - KeBugCheckEx
-  - MmUnmapIoSpace
-  - RtlInitUnicodeString
-  - PsGetVersion
-  - RtlUnwindEx
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: cpuz.sys
-  MD5: e68972cd9f28f0be0f9df7207aba9d1d
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: cpuz.sys
-  PDBPath: ''
-  Product: Windows (R) Codename Longhorn DDK driver
-  ProductVersion: 6.0.6000.16386
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 6633dd48aea31e9c4821fbc652e4701e
-    SHA1: 3fb6cdbdaa8959e6a79305a74981751e06506a6f
-    SHA256: 63b15db03090d5e7ba52906b2854fba693e17a5fac179397bd55f91e49d28859
-  SHA1: 9b3f57693f0f69d3729762d59a10439e738b9031
-  SHA256: ac1af529c9491644f1bda63267e0f0f35e30ab0c98ab1aecf4571f4190ab9db4
-  Sections:
-    .text:
-      Entropy: 6.148283767862968
-      Virtual Size: '0x1cd6'
-    .rdata:
-      Entropy: 4.307405382136631
-      Virtual Size: '0x378'
-    .data:
-      Entropy: 0.378703493487675
-      Virtual Size: '0x2c0'
-    .pdata:
-      Entropy: 3.32973292021935
-      Virtual Size: '0x78'
-    INIT:
-      Entropy: 4.945456847123696
-      Virtual Size: '0x388'
-    .rsrc:
-      Entropy: 3.3914708617609186
-      Virtual Size: '0x400'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=CPUID
-      ValidFrom: '2007-02-08 00:00:00'
-      ValidTo: '2009-02-07 23:59:59'
-      Signature: 6ca08361ce69863ade5289039d2e6eaf79729d950a57fc32158e56bc0bfc05ca3b76263b8e8a5e2279522eceed35495c697a2f1b1631e1a4f997c8b2e14cd08a3b4aaeca9f150126f5933e6a29fde1e3ef607f452219582ac034c3f95023fd6c5474008ecea3aab5ba096ae73a3dd76b296d3c8b06a72ca763698e49474d624c22ad57a3d11342be8a6d2a49e4af5893003fcf02900a0fbf4854858cc0468d23b9917cfe59ac8b7058de49ab25bbca0bc67f1f367309deed4827295173fad53932d12ad79b8c70175e640f7917fd60940be86d1af397dd5eb0ecb9e92f9e3dc03f2cbf51e9776b31a8cba38fabd8b27e561f66a5ddad46546d6bc984a6a8d8bc
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 10e29d74903d9c7cd58caa35a0944770
-      Version: 3
-      TBS:
-        MD5: 5e3b5587eb8c553dc279bb241c30689d
-        SHA1: 5b5631ff0033ed753a5c630a4d8d48772050db32
-        SHA256: 9b30d9d9f9fd9c0480c0503dd4ac86649d2cc180d1401ade6dd8048356d7f634
-        SHA384: 1886034ac8dc819ed45b8b48b0225cdb142d53d61bda992ee7e4923276c3c36dffbb0f8d929e1ad20c3437709df2399a
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 10e29d74903d9c7cd58caa35a0944770
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  Imphash: cb8db41ab8c06472574e58b9466f4070
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: e956094993c1bdf07390d97751fb0264
-    SHA1: f7e2c605f853869fe70364c5fac0763d8d6f368e
-    SHA256: 3e307281c9f7329579988190e24a655b15bb2e60afc585109f05a79e5aba81a0
-  Company: CPUID
-  Copyright: Copyright(C) 2014 CPUID
-  CreationTimestamp: '2015-02-26 00:25:29'
-  Date: ''
-  Description: CPUID Driver
-  ExportedFunctions: ''
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - PsGetVersion
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeTickCount
-  - KeBugCheckEx
-  - IofCompleteRequest
-  - MmMapIoSpace
-  - MmUnmapIoSpace
-  - ProbeForWrite
-  - IoDeleteDevice
-  - RtlInitUnicodeString
-  - IoDeleteSymbolicLink
-  - RtlUnwindEx
-  - RtlPcToFileHeader
-  - READ_PORT_USHORT
-  - WRITE_PORT_ULONG
-  - HalGetBusDataByOffset
-  - HalSetBusDataByOffset
-  - READ_PORT_UCHAR
-  - HalCallPal
-  - WRITE_PORT_UCHAR
-  - KeStallExecutionProcessor
-  - WRITE_PORT_USHORT
-  - READ_PORT_ULONG
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: cpuz.sys
-  MD5: d6c4baecff632d6ad63c45fc39e04b2f
-  MachineType: IA64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: cpuz.sys
-  PDBPath: ''
-  Product: CPUID service
-  ProductVersion: 6.1.7600.16385
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 756be87f8c768cb8bfd02af932dd7589
-    SHA1: 16c2ebba52ba9fb0ef5570c1d620daaaee63865a
-    SHA256: 48acdfbe5ad27d73c0fd9b115a49420f182d146bca52797ce33cc2a061ff0ced
-  SHA1: a3224815aedc14bb46f09535e9b8ca7eaa4963bf
-  SHA256: 3301b49b813427fa37a719988fe6446c6f4468dfe15aa246bec8d397f62f6486
-  Sections:
-    .text:
-      Entropy: 5.388849280671267
-      Virtual Size: '0x40c0'
-    .rdata:
-      Entropy: 4.07523813120193
-      Virtual Size: '0x430'
-    .pdata:
-      Entropy: 3.3802437725716254
-      Virtual Size: '0xcc'
-    .sdata:
-      Entropy: 1.1203888318125959
-      Virtual Size: '0x2a0'
-    INIT:
-      Entropy: 5.0154033944534415
-      Virtual Size: '0x3e8'
-    .rsrc:
-      Entropy: 3.3903828070121933
-      Virtual Size: '0x350'
-    .reloc:
-      Entropy: 0.9037311282531211
-      Virtual Size: '0x184'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, CN=CPUID
-      ValidFrom: '2014-12-02 00:00:00'
-      ValidTo: '2018-03-02 23:59:59'
-      Signature: a59808b35f916a1201f0987b958aaaf50b81f3e507cf9d1b902bc22787244617e38069e4ca74bcf505dfdfeb6bad8bee2ecba26a428c2b26c9b9987241b50ccfd895a7335b35534c5569fdef2554d773cb3b20f10e08eeff2701d2a3e8ef7c5bb759baf1995d1580dce4f0c5da90eff4f07e01e7c9273b24c14c514f2ae1d1fe940dd53bfa25572cd6f3c007c7f21aebc58ea32ca3aea83c731419c9dcc191158cbb52b0b70545a16c9b42aadd4dcb167443d6c15fa03ae7f6f0f644845a69cb8badb3f143fd916a70c5008c3486d1f0cc8e0527f76da5aeaca4925f6eb6861dd54e1ce8b80e6b000446d77ac8bd0299e38db3b8e4a9c43294367cd6a55351d0
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 2d8021d84f098e7abde199f818e211a4
-      Version: 3
-      TBS:
-        MD5: 8f8c7ccf1ef7e1ee347f49e8266008ca
-        SHA1: b856b993df73da9d824aa1e5161788bd10d1e10e
-        SHA256: 1dd13a417806106c76cfbcd3614fe27a0638d2aaf2731f6a110c05043e34ad91
-        SHA384: d24ede407b82f80a6f0703b59af267f227a956c21f642f4c3d717d6999728ba2acfde76966340f4334f8ecdcf294616e
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 2d8021d84f098e7abde199f818e211a4
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: a2d936fa82b7340d28a697fb344046d8
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: d65e3a9ff93baa4664219d1d0eac5a0d
-    SHA1: 0ecf760f548a933ceba7a988b14143149bc2ada2
-    SHA256: f94c8dee30d8d349d0b51b9f1624c49ef8b6b8d54d40ecf09af95011d01b705f
-  Company: Windows (R) Server 2003 DDK provider
-  Copyright: "\xA9 Microsoft Corporation. All rights reserved."
-  CreationTimestamp: '2007-02-20 13:30:26'
-  Date: ''
-  Description: CPU-Z Driver
-  ExportedFunctions: ''
-  FileVersion: '5.2.3790.0 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - IoCreateSymbolicLink
-  - PsGetVersion
-  - IoCreateDevice
-  - RtlUnwindEx
-  Imports:
-  - ntoskrnl.exe
-  InternalName: cpuz.sys
-  MD5: b5f96dd5cc7d14a9860ab99d161bf171
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: cpuz.sys
-  PDBPath: ''
-  Product: Windows (R) Server 2003 DDK driver
-  ProductVersion: 5.2.3790.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: d6e624eea1be2957d5ade6a1a35a31a9
-    SHA1: ec4d3466789d80cf12e0a2974953bbe33451e18f
-    SHA256: 44558104d89509a78f42ceee3abcd90cfda7f39a3387ef23f3511d9dcfd015a9
-  SHA1: c16d7b2fbe69a28ccbcf87348903277f22805bf3
-  SHA256: be683cd38e64280567c59f7dc0a45570abcb8a75f1d894853bbbd25675b4adf7
-  Sections:
-    .text:
-      Entropy: 6.19634494804668
-      Virtual Size: '0xed4'
-    .rdata:
-      Entropy: 4.775150923997567
-      Virtual Size: '0x228'
-    .data:
-      Entropy: 0.6699250014423124
-      Virtual Size: '0x24'
-    .pdata:
-      Entropy: 3.035251388053986
-      Virtual Size: '0x60'
-    INIT:
-      Entropy: 4.253708366005613
-      Virtual Size: '0x150'
-    .rsrc:
-      Entropy: 3.4105160211933994
-      Virtual Size: '0x3d8'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2008-12-03 23:59:59'
-      Signature: 877870da4e5201205be079c98230c4fdb91996bd9100c3bdcdcdc6f40ed8fff94dc033623011c5f5741bd492de5f9c2013b17c45be50cd83e7801783a72793671346fbcab8984103cc9b515b058b7fa86ff31b501b242ef2698d6c22f7bbca1695ed0c74c06877d9eb996287c17390f889747a23aba3987b97b1f78f29714d2e751b4841daf0b50d2054d677a097826369fd09cf8af075bb099bd9f91155269a6132be7a02b07b86bea2c38b222c78d13576bc92735cf9b9e64c150a23cce4d2d4342e4940153c0f607a24c6a566ef96cf70eb3ee7f40d7edcd17ca3767169c19c4f47303521b1a2af1a623c2bd98eaa2a077bd818b35c7be29da56ffe3c89ad
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0de92bf0d4d82988183205095e9a7688
-      Version: 3
-      TBS:
-        MD5: 45c204b8a20f6abb0188d2d38a3fb0c9
-        SHA1: cdf3a3c5c2eda4c29621f30fd3154f9f8c765739
-        SHA256: e32839dddc0f4ed2474efaf37f59d46db400c700fd19533cb0895a111124bc77
-        SHA384: ee9c75832cb252218b3201619852209df490d2ef7a5f7a28afdb37f1c1dd56f4604898838e558f615b1c798d4a488223
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=CPUID
-      ValidFrom: '2007-02-08 00:00:00'
-      ValidTo: '2009-02-07 23:59:59'
-      Signature: 6ca08361ce69863ade5289039d2e6eaf79729d950a57fc32158e56bc0bfc05ca3b76263b8e8a5e2279522eceed35495c697a2f1b1631e1a4f997c8b2e14cd08a3b4aaeca9f150126f5933e6a29fde1e3ef607f452219582ac034c3f95023fd6c5474008ecea3aab5ba096ae73a3dd76b296d3c8b06a72ca763698e49474d624c22ad57a3d11342be8a6d2a49e4af5893003fcf02900a0fbf4854858cc0468d23b9917cfe59ac8b7058de49ab25bbca0bc67f1f367309deed4827295173fad53932d12ad79b8c70175e640f7917fd60940be86d1af397dd5eb0ecb9e92f9e3dc03f2cbf51e9776b31a8cba38fabd8b27e561f66a5ddad46546d6bc984a6a8d8bc
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 10e29d74903d9c7cd58caa35a0944770
-      Version: 3
-      TBS:
-        MD5: 5e3b5587eb8c553dc279bb241c30689d
-        SHA1: 5b5631ff0033ed753a5c630a4d8d48772050db32
-        SHA256: 9b30d9d9f9fd9c0480c0503dd4ac86649d2cc180d1401ade6dd8048356d7f634
-        SHA384: 1886034ac8dc819ed45b8b48b0225cdb142d53d61bda992ee7e4923276c3c36dffbb0f8d929e1ad20c3437709df2399a
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 10e29d74903d9c7cd58caa35a0944770
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  Imphash: 4fb06df8cb54846e42943f0d3ae96e2f
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 8cb580b145c4fba69e29722ac8177d2a
-    SHA1: 3daf8df84e3cd4aeff1da9e84ab5817e7c877162
-    SHA256: 7f8cabb101d8ee0d76444fa4caa115b88b53ad8bd95516cae563bf92b910fa99
-  Company: Windows (R) Codename Longhorn DDK provider
-  Copyright: "\xA9 Microsoft Corporation. All rights reserved."
-  CreationTimestamp: '2008-12-02 06:51:19'
-  Date: ''
-  Description: CPUID Driver
-  ExportedFunctions: ''
-  FileVersion: '6.0.6000.16386 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - IoDeleteSymbolicLink
-  - IoCreateSymbolicLink
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - RtlAnsiStringToUnicodeString
-  - RtlFreeUnicodeString
-  - IoCreateDevice
-  - IofCallDriver
-  - IoGetDeviceObjectPointer
-  - IoBuildDeviceIoControlRequest
-  - IoDeleteDevice
-  - ProbeForWrite
-  - MmMapIoSpace
-  - KeInitializeEvent
-  - RtlInitAnsiString
-  - IofCompleteRequest
-  - KeWaitForSingleObject
-  - KeBugCheckEx
-  - MmUnmapIoSpace
-  - RtlInitUnicodeString
-  - PsGetVersion
-  - RtlUnwindEx
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: cpuz.sys
-  MD5: 5e71c0814287763d529822d0a022e693
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: cpuz.sys
-  PDBPath: ''
-  Product: Windows (R) Codename Longhorn DDK driver
-  ProductVersion: 6.0.6000.16386
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 6633dd48aea31e9c4821fbc652e4701e
-    SHA1: 3fb6cdbdaa8959e6a79305a74981751e06506a6f
-    SHA256: 63b15db03090d5e7ba52906b2854fba693e17a5fac179397bd55f91e49d28859
-  SHA1: bed323603a33fa8b2fc7568149345184690f0390
-  SHA256: 6001c6acae09d2a91f8773bbdfd52654c99bc672a9756dc4cb53dc2e3efeb097
-  Sections:
-    .text:
-      Entropy: 6.148283767862968
-      Virtual Size: '0x1cd6'
-    .rdata:
-      Entropy: 4.307405382136631
-      Virtual Size: '0x378'
-    .data:
-      Entropy: 0.378703493487675
-      Virtual Size: '0x2c0'
-    .pdata:
-      Entropy: 3.32973292021935
-      Virtual Size: '0x78'
-    INIT:
-      Entropy: 4.945456847123696
-      Virtual Size: '0x388'
-    .rsrc:
-      Entropy: 3.3914708617609186
-      Virtual Size: '0x400'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=CN, ST=Beijing, L=Beijing, O=Beijing Gigabit Times Technology Co.,
-        Ltd, OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=Beijing
-        Gigabit Times Technology Co., Ltd
-      ValidFrom: '2008-12-24 00:00:00'
-      ValidTo: '2011-12-24 23:59:59'
-      Signature: 381285ec3212a1acb6210dace62f9be92a590d2d95dec1278db1aba90999d3707764129ff43d9a538ddee21457221f3f39d83f4d9188cd6cadb454960d9fcd677c63fd50af20b70e5d70a82f4bee0028e1dade2453532c35509aa6b79735c143e7b9fe98adf97310cbd869f0eb348ff076436ea0189cddb1742249feb3d2b9246ff58cddd4d355ae8746a04cacc5194832b22e95c9a45356cf48eb2b8e2ca96879b3837845af2b5d0bc4091fed1c58b6ae7368238021f52ec230cf6ba368bb6ca4687aefcafc29831b6c1df204339fae347f2f88b396c331b1d545f12ae77c20c5b54e28650d671ead462a8d52ed730e30474067e7f0ddaab6dfeb0fcc8d40e5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 77a64759f12766e363d779998c71bdc9
-      Version: 3
-      TBS:
-        MD5: 081bc7ae4aa769d19d9554694edfc3a0
-        SHA1: a521dae1d3b1da03460eb5fa70717c9449a3d1b4
-        SHA256: 0af015afa3cd65db7b53fdad90bfdb2e89541964c569a4d41e2a032815da8b48
-        SHA384: 74f7efe3db46e6399e41b5cfd3eb25bf842c85385cd3a94c49b36c2cbe5e52be0ffe4b66d1e76bf86f2416e510d3f585
-    Signer:
-    - SerialNumber: 77a64759f12766e363d779998c71bdc9
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  Imphash: cb8db41ab8c06472574e58b9466f4070
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: cdcd746a4377b1a84a4ef4080148b1fc
-    SHA1: 979157903c1608be15c1e70deaaada23c51f6d0e
-    SHA256: 6b56978dd0fc606668c0ed2698b3b22ef53dc6e4a676a4c5479438425d4e60a9
-  Company: Windows (R) Win 7 DDK provider
-  Copyright: "\xA9 Microsoft Corporation. All rights reserved."
-  CreationTimestamp: '2010-06-30 06:22:54'
-  Date: ''
-  Description: CPUID Driver
-  ExportedFunctions: ''
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - RtlAnsiStringToUnicodeString
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeInitializeEvent
-  - RtlInitAnsiString
-  - MmUnmapIoSpace
-  - IoCancelIrp
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - ExFreePoolWithTag
-  - IofCompleteRequest
-  - KeWaitForSingleObject
-  - PsGetVersion
-  - IoCreateSymbolicLink
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - IofCallDriver
-  - KeBugCheckEx
-  - IoDeleteSymbolicLink
-  - IoBuildDeviceIoControlRequest
-  - MmMapIoSpace
-  - ExAllocatePoolWithTag
-  - RtlUnwindEx
-  - HalSetBusDataByOffset
-  - KeStallExecutionProcessor
-  - HalGetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: cpuz.sys
-  MD5: 2dbc09c853c4bf2e058d29aaa21fa803
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: cpuz.sys
-  PDBPath: ''
-  Product: Windows (R) Win 7 DDK driver
-  ProductVersion: 6.1.7600.16385
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 89dc670b5f7c06b577deeec9473dc96b
-    SHA1: af59c00ae531117ba9307257ab945cdf6c8309f6
-    SHA256: 35b9d8fc904c88f4df237edc610727f89c415e48bcf135191c43832bb2935ba6
-  SHA1: f95b59cab63408343ecbdb0e71db34e83f75b503
-  SHA256: b7aa4c17afdaff1603ef9b5cc8981bed535555f8185b59d5ae13f342f27ca6c5
-  Sections:
-    .text:
-      Entropy: 6.205258315003686
-      Virtual Size: '0x21c6'
-    .rdata:
-      Entropy: 4.285658099844044
-      Virtual Size: '0x3d0'
-    .data:
-      Entropy: 0.378703493487675
-      Virtual Size: '0x2c0'
-    .pdata:
-      Entropy: 3.41356498182979
-      Virtual Size: '0x90'
-    INIT:
-      Entropy: 5.067835669413665
-      Virtual Size: '0x406'
-    .rsrc:
-      Entropy: 3.4148190207283133
-      Virtual Size: '0x3d0'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=CPUID
-      ValidFrom: '2009-02-02 00:00:00'
-      ValidTo: '2012-02-07 23:59:59'
-      Signature: 9a9bbecb393272aaedfd7a125e0fe581151a18a75a4094e082a38156f62018b9d59edef27429bbea60d6e146a2ce134546d54e00b6585c1d85e3aedfb3b9a5de7728a96b2bcc26106655bae6bc5ce3a72714f9e23282a2fba29fc870b394e832f07dc50ded3a042953fe91379769e424398278b6ed14ae4f6b4cce5fa7ba20fc8d157a78fd308214d177189bcd76b2bd62a861a8c1562e2748f338f7369f0f062804685399a6655fcb4564a644e7a8bee8330557376884cce9153992e8e205bc1474dbd0109b3c87991db9bb77a9dff5775267390431ce56ff49500d8ad70be34a0d9a0b112e07eb55f0fe07de9ac93a0b30cb36029b5ec41e032daf66627d4e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
-      Version: 3
-      TBS:
-        MD5: fb72fa311261c4fb6a786e5cc7ce1d2f
-        SHA1: 1006abcf3b1eb43fd4cc42a2cc25346b3b9002c3
-        SHA256: 01beb7dc0d29b16a5506fc611b435aa0f4d9c50408ca404e91135e493a20890a
-        SHA384: 759175ad5a7509fc3ea3678d14e568abd0edeb753b53af88af04869bea98a07314b88c26de077ab3bdb6dbb1df1b93f9
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  Imphash: 82942c060f79cefd3bf1acdf5c207561
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 171210ce2efc15d66d9ea9a75cd56960
-    SHA1: cbbd16f5e84f198aec6922d58a84c6834dba2176
-    SHA256: affeec7af311ecb53182dc6b28c61057eeb6dbd895f92354310f775cf843cfec
-  Company: CPUID
-  Copyright: Copyright(C) 2017 CPUID
-  CreationTimestamp: '2017-04-24 04:33:32'
-  Date: ''
-  Description: CPUID Driver
-  ExportedFunctions: ''
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - IoGetDeviceObjectPointer
-  - RtlAnsiStringToUnicodeString
-  - RtlInitAnsiString
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - IoDeleteDevice
-  - ObfDereferenceObject
-  - RtlInitUnicodeString
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeTickCount
-  - KeBugCheckEx
-  - RtlFreeUnicodeString
-  - ExAllocatePoolWithTag
-  - ExFreePool
-  - IofCompleteRequest
-  - KeInitializeEvent
-  - IoBuildDeviceIoControlRequest
-  - IofCallDriver
-  - KeWaitForSingleObject
-  - IoCancelIrp
-  - IoDeleteSymbolicLink
-  - PsGetVersion
-  - RtlUnwind
-  - READ_PORT_USHORT
-  - READ_PORT_ULONG
-  - WRITE_PORT_UCHAR
-  - WRITE_PORT_USHORT
-  - WRITE_PORT_ULONG
-  - KeQueryPerformanceCounter
-  - KeStallExecutionProcessor
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  - READ_PORT_UCHAR
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: cpuz.sys
-  MD5: 2e3dbb01b282a526bdc3031e0663c41c
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: cpuz.sys
-  PDBPath: ''
-  Product: CPUID service
-  ProductVersion: 6.1.7600.16385
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: e10f1a83d333c2feb8a17b1906909a07
-    SHA1: f605fa8f10b2b64638f01715179b7588f4a6b727
-    SHA256: 9337693c714a35f8370e9a6d7aca13083a7e4c5dbbefdee250b06ae6cc63a06d
-  SHA1: def86c7dee1f788c717ac1917f1b5bbfada25a95
-  SHA256: 572c545b5a95d3f4d8c9808ebeff23f3c62ed41910eb162343dd5338e2d6b0b4
-  Sections:
-    .text:
-      Entropy: 6.187941589974115
-      Virtual Size: '0x4990'
-    .rdata:
-      Entropy: 4.73518293670389
-      Virtual Size: '0x398'
-    .data:
-      Entropy: 0.13142343474404483
-      Virtual Size: '0x340'
-    INIT:
-      Entropy: 5.440772918518928
-      Virtual Size: '0x3fc'
-    .rsrc:
-      Entropy: 3.394946071861716
-      Virtual Size: '0x350'
-    .reloc:
-      Entropy: 6.007585111448243
-      Virtual Size: '0x2f0'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, CN=CPUID
-      ValidFrom: '2014-12-02 00:00:00'
-      ValidTo: '2018-03-02 23:59:59'
-      Signature: a59808b35f916a1201f0987b958aaaf50b81f3e507cf9d1b902bc22787244617e38069e4ca74bcf505dfdfeb6bad8bee2ecba26a428c2b26c9b9987241b50ccfd895a7335b35534c5569fdef2554d773cb3b20f10e08eeff2701d2a3e8ef7c5bb759baf1995d1580dce4f0c5da90eff4f07e01e7c9273b24c14c514f2ae1d1fe940dd53bfa25572cd6f3c007c7f21aebc58ea32ca3aea83c731419c9dcc191158cbb52b0b70545a16c9b42aadd4dcb167443d6c15fa03ae7f6f0f644845a69cb8badb3f143fd916a70c5008c3486d1f0cc8e0527f76da5aeaca4925f6eb6861dd54e1ce8b80e6b000446d77ac8bd0299e38db3b8e4a9c43294367cd6a55351d0
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 2d8021d84f098e7abde199f818e211a4
-      Version: 3
-      TBS:
-        MD5: 8f8c7ccf1ef7e1ee347f49e8266008ca
-        SHA1: b856b993df73da9d824aa1e5161788bd10d1e10e
-        SHA256: 1dd13a417806106c76cfbcd3614fe27a0638d2aaf2731f6a110c05043e34ad91
-        SHA384: d24ede407b82f80a6f0703b59af267f227a956c21f642f4c3d717d6999728ba2acfde76966340f4334f8ecdcf294616e
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 2d8021d84f098e7abde199f818e211a4
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: b1e749ba779687a5127817da3d47af2c
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 60f49ecdb54991720bc99cc03c4678c4
-    SHA1: 3fcd9ff63b84aca1506af0c2223e176ec30c3cf4
-    SHA256: 5380daf2497ed35fc6d8b2a2f343dcbb95bb7384eea73781126a641ba3391af8
-  Company: CPUID
-  Copyright: Copyright(C) 2013 CPUID
-  CreationTimestamp: '2013-10-22 06:55:58'
-  Date: ''
-  Description: CPUID Driver
-  ExportedFunctions: ''
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - IofCompleteRequest
-  - ExFreePool
-  - ExAllocatePoolWithTag
-  - RtlFreeUnicodeString
-  - ObfDereferenceObject
-  - MmIsAddressValid
-  - IoGetDeviceObjectPointer
-  - MmUnmapIoSpace
-  - RtlInitAnsiString
-  - MmMapIoSpace
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - RtlUnwind
-  - KeTickCount
-  - KeBugCheckEx
-  - RtlInitUnicodeString
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - PsGetVersion
-  - KeInitializeEvent
-  - IoBuildDeviceIoControlRequest
-  - IofCallDriver
-  - KeWaitForSingleObject
-  - RtlAnsiStringToUnicodeString
-  - IoCancelIrp
-  - READ_PORT_USHORT
-  - READ_PORT_ULONG
-  - WRITE_PORT_UCHAR
-  - WRITE_PORT_USHORT
-  - WRITE_PORT_ULONG
-  - HalGetBusDataByOffset
-  - HalSetBusDataByOffset
-  - KeStallExecutionProcessor
-  - READ_PORT_UCHAR
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: cpuz.sys
-  MD5: 1bca427ab8e67a9db833eb8f0ff92196
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: cpuz.sys
-  PDBPath: ''
-  Product: CPUID service
-  ProductVersion: 6.1.7600.16385
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 41f15d0f328a165973b49de608ef72a2
-    SHA1: abcd9850775bd0a1a855e785a238e0e69525810f
-    SHA256: 02dc44b04a6426fcaedf26995bfa471f123a90a9c747e82cebaf95f394890631
-  SHA1: 1fb12c5db2acad8849677e97d7ce860d2bb2329e
-  SHA256: 8a0702681bc51419fbd336817787a966c7f92cabe09f8e959251069578dfa881
-  Sections:
-    .text:
-      Entropy: 6.201558609944256
-      Virtual Size: '0x2bc0'
-    .rdata:
-      Entropy: 4.6184116970842215
-      Virtual Size: '0x2dc'
-    .data:
-      Entropy: 0.335842300318532
-      Virtual Size: '0x1e0'
-    INIT:
-      Entropy: 5.42180997612463
-      Virtual Size: '0x3f4'
-    .rsrc:
-      Entropy: 3.391941258882184
-      Virtual Size: '0x350'
-    .reloc:
-      Entropy: 5.629175772175384
-      Virtual Size: '0x25e'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=CPUID
-      ValidFrom: '2012-01-06 00:00:00'
-      ValidTo: '2015-02-06 23:59:59'
-      Signature: be6fb3b3b33e9108a9a2273d1cf5eb3209a8c3a86ba7d66069393587f6b451b75b327ea15d36b1604aad5509c0ace37fa66e220b35764b9c201169677738c06802d2f798383c256c690898a663b0aeb519491057f9f24149c513abba2a4cab9934a684e5d83a34105fe6681f2b85d5ee06332d1c05c3627758442fd2fc94f5f68bb30f085cb1d31174e1461394aeef7b124291a099654d1103df3deab81e9658b5b5cc817061d688ae39e702f1d0dd420d6de931bed331960e089233b8576482e48d5b769fdfa8df02e1d098912444b324057826e1f72c26f045b2479a9b39eadfd6b2e1bd6db4057ef6b12ca385cad9a7ad82c4414e619f97dfd08a55f59053
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 53c8b54713882d4d5439511804935e
-      Version: 3
-      TBS:
-        MD5: 49e7946e133b4aaa31899adb235d3fa9
-        SHA1: f9f38ec49a6ccb990805be6dda0efa5f7fe8f7e7
-        SHA256: 1bb998a806b890e3300be35de0daa1b691fa218ef3d58ee5ec1b43fd34250a74
-        SHA384: 0a2ca21b084e3b431a7150c49819934d64a8b259d5686706d879a90cc37d32005eb2bbe07558b312b1169ab8a3e3de39
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 53c8b54713882d4d5439511804935e
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 958dd67f866ae27cf716e30a025b266f
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 87d26263df00d609768a244c52b894e5
-    SHA1: 707595372f4cc56801b8224ed43dc16a3fd60d76
-    SHA256: 88671ef30520d11a63a4cb3acf6b1c827c82acced657baa8f371034957ddf825
-  Company: CPUID
-  Copyright: Copyright(C) 2014 CPUID
-  CreationTimestamp: '2014-10-06 04:27:07'
-  Date: ''
-  Description: CPUID Driver
-  ExportedFunctions: ''
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - IofCompleteRequest
-  - ExFreePool
-  - ExAllocatePoolWithTag
-  - RtlFreeUnicodeString
-  - ObfDereferenceObject
-  - MmIsAddressValid
-  - IoGetDeviceObjectPointer
-  - MmUnmapIoSpace
-  - RtlInitAnsiString
-  - MmMapIoSpace
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - RtlUnwind
-  - KeTickCount
-  - KeBugCheckEx
-  - RtlInitUnicodeString
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - PsGetVersion
-  - KeInitializeEvent
-  - IoBuildDeviceIoControlRequest
-  - IofCallDriver
-  - KeWaitForSingleObject
-  - RtlAnsiStringToUnicodeString
-  - IoCancelIrp
-  - READ_PORT_USHORT
-  - READ_PORT_ULONG
-  - WRITE_PORT_UCHAR
-  - WRITE_PORT_USHORT
-  - WRITE_PORT_ULONG
-  - KeStallExecutionProcessor
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  - READ_PORT_UCHAR
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: cpuz.sys
-  MD5: 649ff59b8e571c1fc6535b31662407aa
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: cpuz.sys
-  PDBPath: ''
-  Product: CPUID service
-  ProductVersion: 6.1.7600.16385
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 2a626f8dd173fb7a6ff65f70f6f800a7
-    SHA1: 48062016c3487412b81fc88f0ca2208922bf3542
-    SHA256: fffc66439118e1ad1abc2e6417f479e03a4d436d7636649db6339989b65a5ac6
-  SHA1: ba0d6c596b78a1fc166747d7523ca6316ef87e9f
-  SHA256: f8d6ce1c86cbd616bb821698037f60a41e129d282a8d6f1f5ecdd37a9688f585
-  Sections:
-    .text:
-      Entropy: 6.225542447427719
-      Virtual Size: '0x31e0'
-    .rdata:
-      Entropy: 4.618701217485552
-      Virtual Size: '0x2f4'
-    .data:
-      Entropy: 0.335842300318532
-      Virtual Size: '0x1e0'
-    INIT:
-      Entropy: 5.428351714325533
-      Virtual Size: '0x3f4'
-    .rsrc:
-      Entropy: 3.3938887641350184
-      Virtual Size: '0x350'
-    .reloc:
-      Entropy: 5.557772230354666
-      Virtual Size: '0x282'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=CPUID
-      ValidFrom: '2012-01-06 00:00:00'
-      ValidTo: '2015-02-06 23:59:59'
-      Signature: be6fb3b3b33e9108a9a2273d1cf5eb3209a8c3a86ba7d66069393587f6b451b75b327ea15d36b1604aad5509c0ace37fa66e220b35764b9c201169677738c06802d2f798383c256c690898a663b0aeb519491057f9f24149c513abba2a4cab9934a684e5d83a34105fe6681f2b85d5ee06332d1c05c3627758442fd2fc94f5f68bb30f085cb1d31174e1461394aeef7b124291a099654d1103df3deab81e9658b5b5cc817061d688ae39e702f1d0dd420d6de931bed331960e089233b8576482e48d5b769fdfa8df02e1d098912444b324057826e1f72c26f045b2479a9b39eadfd6b2e1bd6db4057ef6b12ca385cad9a7ad82c4414e619f97dfd08a55f59053
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 53c8b54713882d4d5439511804935e
-      Version: 3
-      TBS:
-        MD5: 49e7946e133b4aaa31899adb235d3fa9
-        SHA1: f9f38ec49a6ccb990805be6dda0efa5f7fe8f7e7
-        SHA256: 1bb998a806b890e3300be35de0daa1b691fa218ef3d58ee5ec1b43fd34250a74
-        SHA384: 0a2ca21b084e3b431a7150c49819934d64a8b259d5686706d879a90cc37d32005eb2bbe07558b312b1169ab8a3e3de39
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 53c8b54713882d4d5439511804935e
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 111e6d92e02f02f737654c5b1cfe9f6f
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 428723466cb6dc9d061545862ce784cd
-    SHA1: e1cd8a81e4f48df9d0aa514423b791fa78ea37e2
-    SHA256: 506ec3e8b28e52be36b89041bbcd9933b7b79eaf8a53594186813d0f60edebc9
-  Company: CPUID
-  Copyright: Copyright(C) 2013 CPUID
-  CreationTimestamp: '2013-10-09 06:14:08'
-  Date: ''
-  Description: CPUID Driver
-  ExportedFunctions: ''
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - RtlAnsiStringToUnicodeString
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeInitializeEvent
-  - RtlInitAnsiString
-  - MmUnmapIoSpace
-  - IoCancelIrp
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - ExFreePoolWithTag
-  - IofCompleteRequest
-  - KeWaitForSingleObject
-  - PsGetVersion
-  - IoCreateSymbolicLink
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - IofCallDriver
-  - KeBugCheckEx
-  - IoDeleteSymbolicLink
-  - IoBuildDeviceIoControlRequest
-  - MmMapIoSpace
-  - ExAllocatePoolWithTag
-  - RtlUnwindEx
-  - HalSetBusDataByOffset
-  - KeStallExecutionProcessor
-  - HalGetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: cpuz.sys
-  MD5: 5158f786afa19945d19bee9179065e4d
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: cpuz.sys
-  PDBPath: ''
-  Product: CPUID service
-  ProductVersion: 6.1.7600.16385
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 685a19a8e9f46a76067db83da501dca0
-    SHA1: 5f76e4cf5157450837536db016e9981cb41394d2
-    SHA256: 1a0c69ff029488d41c7d9413943c28d389016adb26698d9baf02c6f32739d591
-  SHA1: a9b8d7afa2e4685280aebbeb162600cfce4e48c8
-  SHA256: d366cbc1d5dd8863b45776cfb982904abd21d0c0d4697851ff54381055abcfc8
-  Sections:
-    .text:
-      Entropy: 6.139175749958187
-      Virtual Size: '0x2a66'
-    .rdata:
-      Entropy: 4.157219517102148
-      Virtual Size: '0x3fc'
-    .data:
-      Entropy: 0.378703493487675
-      Virtual Size: '0x2c0'
-    .pdata:
-      Entropy: 3.511921669398563
-      Virtual Size: '0xc0'
-    INIT:
-      Entropy: 5.076575853289
-      Virtual Size: '0x406'
-    .rsrc:
-      Entropy: 3.3935766621226473
-      Virtual Size: '0x350'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=CPUID
-      ValidFrom: '2012-01-06 00:00:00'
-      ValidTo: '2015-02-06 23:59:59'
-      Signature: be6fb3b3b33e9108a9a2273d1cf5eb3209a8c3a86ba7d66069393587f6b451b75b327ea15d36b1604aad5509c0ace37fa66e220b35764b9c201169677738c06802d2f798383c256c690898a663b0aeb519491057f9f24149c513abba2a4cab9934a684e5d83a34105fe6681f2b85d5ee06332d1c05c3627758442fd2fc94f5f68bb30f085cb1d31174e1461394aeef7b124291a099654d1103df3deab81e9658b5b5cc817061d688ae39e702f1d0dd420d6de931bed331960e089233b8576482e48d5b769fdfa8df02e1d098912444b324057826e1f72c26f045b2479a9b39eadfd6b2e1bd6db4057ef6b12ca385cad9a7ad82c4414e619f97dfd08a55f59053
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 53c8b54713882d4d5439511804935e
-      Version: 3
-      TBS:
-        MD5: 49e7946e133b4aaa31899adb235d3fa9
-        SHA1: f9f38ec49a6ccb990805be6dda0efa5f7fe8f7e7
-        SHA256: 1bb998a806b890e3300be35de0daa1b691fa218ef3d58ee5ec1b43fd34250a74
-        SHA384: 0a2ca21b084e3b431a7150c49819934d64a8b259d5686706d879a90cc37d32005eb2bbe07558b312b1169ab8a3e3de39
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 53c8b54713882d4d5439511804935e
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 82942c060f79cefd3bf1acdf5c207561
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: c8710ddab96749f11a9fb0946e2b0e54
-    SHA1: 50da055e0c33876160a3faf454d092303a9ebf82
-    SHA256: dadbd564c4fec1cb6a3e2be92031f22b1ddd19796d5d9639bffb927599c69a8d
-  Company: Windows (R) Win 7 DDK provider
-  Copyright: "\xA9 Microsoft Corporation. All rights reserved."
-  CreationTimestamp: '2010-03-30 15:38:01'
-  Date: ''
-  Description: CPUID Driver
-  ExportedFunctions: ''
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - RtlFreeUnicodeString
-  - ObfDereferenceObject
-  - MmIsAddressValid
-  - IoGetDeviceObjectPointer
-  - RtlAnsiStringToUnicodeString
-  - IofCompleteRequest
-  - MmMapIoSpace
-  - ProbeForWrite
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeTickCount
-  - KeBugCheckEx
-  - MmUnmapIoSpace
-  - RtlInitUnicodeString
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - PsGetVersion
-  - KeInitializeEvent
-  - IoBuildDeviceIoControlRequest
-  - IofCallDriver
-  - RtlInitAnsiString
-  - KeWaitForSingleObject
-  - RtlUnwind
-  - READ_PORT_USHORT
-  - READ_PORT_ULONG
-  - WRITE_PORT_UCHAR
-  - WRITE_PORT_USHORT
-  - WRITE_PORT_ULONG
-  - HalGetBusDataByOffset
-  - HalSetBusDataByOffset
-  - KeStallExecutionProcessor
-  - READ_PORT_UCHAR
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: cpuz.sys
-  MD5: 13a0d3f9d5f39adaca0a8d3bb327eb31
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: cpuz.sys
-  PDBPath: ''
-  Product: Windows (R) Win 7 DDK driver
-  ProductVersion: 6.1.7600.16385
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 4ba73072bea66755a70f3a8c99951424
-    SHA1: d9ce039d736544c2d9b7fe44460d8e006a5c62f0
-    SHA256: 3b45bc2da9543317e7a22486f86a3f8c0eb289596d1d7661b47e35e99058861f
-  SHA1: 0fd700fee341148661616ecd8af8eca5e9fa60e3
-  SHA256: c7f64b27cd3be5af1c8454680529ea493dfbb09e634eec7e316445ad73499ae0
-  Sections:
-    .text:
-      Entropy: 6.213142784512632
-      Virtual Size: '0x2040'
-    .rdata:
-      Entropy: 4.474610455203302
-      Virtual Size: '0x2ec'
-    .data:
-      Entropy: 0.22396935932252834
-      Virtual Size: '0x1c0'
-    INIT:
-      Entropy: 5.375451713627951
-      Virtual Size: '0x3fc'
-    .rsrc:
-      Entropy: 3.4140956924835417
-      Virtual Size: '0x3d0'
-    .reloc:
-      Entropy: 5.475215496909597
-      Virtual Size: '0x22e'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=CPUID
-      ValidFrom: '2009-02-02 00:00:00'
-      ValidTo: '2012-02-07 23:59:59'
-      Signature: 9a9bbecb393272aaedfd7a125e0fe581151a18a75a4094e082a38156f62018b9d59edef27429bbea60d6e146a2ce134546d54e00b6585c1d85e3aedfb3b9a5de7728a96b2bcc26106655bae6bc5ce3a72714f9e23282a2fba29fc870b394e832f07dc50ded3a042953fe91379769e424398278b6ed14ae4f6b4cce5fa7ba20fc8d157a78fd308214d177189bcd76b2bd62a861a8c1562e2748f338f7369f0f062804685399a6655fcb4564a644e7a8bee8330557376884cce9153992e8e205bc1474dbd0109b3c87991db9bb77a9dff5775267390431ce56ff49500d8ad70be34a0d9a0b112e07eb55f0fe07de9ac93a0b30cb36029b5ec41e032daf66627d4e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
-      Version: 3
-      TBS:
-        MD5: fb72fa311261c4fb6a786e5cc7ce1d2f
-        SHA1: 1006abcf3b1eb43fd4cc42a2cc25346b3b9002c3
-        SHA256: 01beb7dc0d29b16a5506fc611b435aa0f4d9c50408ca404e91135e493a20890a
-        SHA384: 759175ad5a7509fc3ea3678d14e568abd0edeb753b53af88af04869bea98a07314b88c26de077ab3bdb6dbb1df1b93f9
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  Imphash: 744af2b62301859b4ccdffba53551b15
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: b6e26bb7c203a2ab36145434c2cf806f
-    SHA1: f8d212abaa64b795927e434085afadb8e02ccb8d
-    SHA256: 14b04931ee50e5d2560f42cc33b05f047886a8a7d45b3274ae78e5646a1cf1a5
-  Company: CPUID
-  Copyright: Copyright(C) 2010 CPUID
-  CreationTimestamp: '2010-12-27 06:35:24'
-  Date: ''
-  Description: CPUID Driver
-  ExportedFunctions: ''
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - RtlAnsiStringToUnicodeString
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeInitializeEvent
-  - RtlInitAnsiString
-  - MmUnmapIoSpace
-  - IoCancelIrp
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - ExFreePoolWithTag
-  - IofCompleteRequest
-  - KeWaitForSingleObject
-  - PsGetVersion
-  - IoCreateSymbolicLink
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - IofCallDriver
-  - KeBugCheckEx
-  - IoDeleteSymbolicLink
-  - IoBuildDeviceIoControlRequest
-  - MmMapIoSpace
-  - ExAllocatePoolWithTag
-  - RtlUnwindEx
-  - HalSetBusDataByOffset
-  - KeStallExecutionProcessor
-  - HalGetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: cpuz.sys
-  MD5: 76355d5eafdfa3e9b7580b9153de1f30
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: cpuz.sys
-  PDBPath: ''
-  Product: CPUID service
-  ProductVersion: 6.1.7600.16385
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 685a19a8e9f46a76067db83da501dca0
-    SHA1: 5f76e4cf5157450837536db016e9981cb41394d2
-    SHA256: 1a0c69ff029488d41c7d9413943c28d389016adb26698d9baf02c6f32739d591
-  SHA1: 437b56dc106d2e649d2c243c86729b6e6461d535
-  SHA256: e51ec2876af3c9c3f1563987a9a35a10f091ea25ede16b1a34ba2648c53e9dfc
-  Sections:
-    .text:
-      Entropy: 6.195386186538611
-      Virtual Size: '0x2426'
-    .rdata:
-      Entropy: 4.175087343593611
-      Virtual Size: '0x3ec'
-    .data:
-      Entropy: 0.378703493487675
-      Virtual Size: '0x2c0'
-    .pdata:
-      Entropy: 3.5158533751389975
-      Virtual Size: '0xc0'
-    INIT:
-      Entropy: 5.076575853289
-      Virtual Size: '0x406'
-    .rsrc:
-      Entropy: 3.3943730160709853
-      Virtual Size: '0x350'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=CPUID
-      ValidFrom: '2009-02-02 00:00:00'
-      ValidTo: '2012-02-07 23:59:59'
-      Signature: 9a9bbecb393272aaedfd7a125e0fe581151a18a75a4094e082a38156f62018b9d59edef27429bbea60d6e146a2ce134546d54e00b6585c1d85e3aedfb3b9a5de7728a96b2bcc26106655bae6bc5ce3a72714f9e23282a2fba29fc870b394e832f07dc50ded3a042953fe91379769e424398278b6ed14ae4f6b4cce5fa7ba20fc8d157a78fd308214d177189bcd76b2bd62a861a8c1562e2748f338f7369f0f062804685399a6655fcb4564a644e7a8bee8330557376884cce9153992e8e205bc1474dbd0109b3c87991db9bb77a9dff5775267390431ce56ff49500d8ad70be34a0d9a0b112e07eb55f0fe07de9ac93a0b30cb36029b5ec41e032daf66627d4e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
-      Version: 3
-      TBS:
-        MD5: fb72fa311261c4fb6a786e5cc7ce1d2f
-        SHA1: 1006abcf3b1eb43fd4cc42a2cc25346b3b9002c3
-        SHA256: 01beb7dc0d29b16a5506fc611b435aa0f4d9c50408ca404e91135e493a20890a
-        SHA384: 759175ad5a7509fc3ea3678d14e568abd0edeb753b53af88af04869bea98a07314b88c26de077ab3bdb6dbb1df1b93f9
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  Imphash: 82942c060f79cefd3bf1acdf5c207561
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 685044aad3442ee87ebab0b5034873c4
-    SHA1: 011ce7c9f07fbedbbff7df9c43fa85fb4e04bd68
-    SHA256: b32ef857f7603af679fb794432c9c1ecab0ca7a0ac2ae4dd4fd5e80e05d8bb30
-  Company: CPUID
-  Copyright: Copyright(C) 2014 CPUID
-  CreationTimestamp: '2014-10-23 09:03:47'
-  Date: ''
-  Description: CPUID Driver
-  ExportedFunctions: ''
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - DbgPrintEx
-  - IofCompleteRequest
-  - ExFreePool
-  - ExAllocatePoolWithTag
-  - RtlFreeUnicodeString
-  - ObfDereferenceObject
-  - MmIsAddressValid
-  - IoGetDeviceObjectPointer
-  - MmUnmapIoSpace
-  - RtlInitAnsiString
-  - MmMapIoSpace
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - RtlUnwind
-  - KeTickCount
-  - KeBugCheckEx
-  - RtlInitUnicodeString
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - PsGetVersion
-  - KeInitializeEvent
-  - IoBuildDeviceIoControlRequest
-  - IofCallDriver
-  - KeWaitForSingleObject
-  - RtlAnsiStringToUnicodeString
-  - IoCancelIrp
-  - READ_PORT_USHORT
-  - READ_PORT_ULONG
-  - WRITE_PORT_UCHAR
-  - WRITE_PORT_USHORT
-  - WRITE_PORT_ULONG
-  - KeStallExecutionProcessor
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  - READ_PORT_UCHAR
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: cpuz.sys
-  MD5: 1f263a57c5ef46c8577744ecb32c9548
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: cpuz.sys
-  PDBPath: ''
-  Product: CPUID service
-  ProductVersion: 6.1.7600.16385
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: e4e4087a28aa184bfec6fed816265f7a
-    SHA1: 834c57180a11a8ca7657777a9ee5043b1b819efa
-    SHA256: a1a002a007e8a19ac259fef0d83bc4a4a9fb303698ac1fc1582012ef57e683ed
-  SHA1: 1d2ab091d5c0b6e5977f7fa5c4a7bfb8ea302dc7
-  SHA256: 019c2955e380dd5867c4b82361a8d8de62346ef91140c95cb311b84448c0fa4f
-  Sections:
-    .text:
-      Entropy: 6.262896725470616
-      Virtual Size: '0x3350'
-    .rdata:
-      Entropy: 4.618021448500837
-      Virtual Size: '0x304'
-    .data:
-      Entropy: 0.335842300318532
-      Virtual Size: '0x1e0'
-    INIT:
-      Entropy: 5.4213221492075805
-      Virtual Size: '0x406'
-    .rsrc:
-      Entropy: 3.3938887641350184
-      Virtual Size: '0x350'
-    .reloc:
-      Entropy: 5.637794770813551
-      Virtual Size: '0x29a'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=CPUID
-      ValidFrom: '2012-01-06 00:00:00'
-      ValidTo: '2015-02-06 23:59:59'
-      Signature: be6fb3b3b33e9108a9a2273d1cf5eb3209a8c3a86ba7d66069393587f6b451b75b327ea15d36b1604aad5509c0ace37fa66e220b35764b9c201169677738c06802d2f798383c256c690898a663b0aeb519491057f9f24149c513abba2a4cab9934a684e5d83a34105fe6681f2b85d5ee06332d1c05c3627758442fd2fc94f5f68bb30f085cb1d31174e1461394aeef7b124291a099654d1103df3deab81e9658b5b5cc817061d688ae39e702f1d0dd420d6de931bed331960e089233b8576482e48d5b769fdfa8df02e1d098912444b324057826e1f72c26f045b2479a9b39eadfd6b2e1bd6db4057ef6b12ca385cad9a7ad82c4414e619f97dfd08a55f59053
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 53c8b54713882d4d5439511804935e
-      Version: 3
-      TBS:
-        MD5: 49e7946e133b4aaa31899adb235d3fa9
-        SHA1: f9f38ec49a6ccb990805be6dda0efa5f7fe8f7e7
-        SHA256: 1bb998a806b890e3300be35de0daa1b691fa218ef3d58ee5ec1b43fd34250a74
-        SHA384: 0a2ca21b084e3b431a7150c49819934d64a8b259d5686706d879a90cc37d32005eb2bbe07558b312b1169ab8a3e3de39
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 53c8b54713882d4d5439511804935e
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 18b8de84bd7aa83fec79d2c6aaf0a4f5
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: d1eb0a36fc04d5bf8b62660efe85b8e0
-    SHA1: f89ee80906ca4cab7081f3e31e3456713cff842a
-    SHA256: e05b62738ebb09250227e87908d67a3fc74e4c684d5a86ef935243a6f0e06792
-  Company: CPUID
-  Copyright: Copyright(C) 2016 CPUID
-  CreationTimestamp: '2016-10-18 06:14:56'
-  Date: ''
-  Description: CPUID Driver
-  ExportedFunctions: ''
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeInitializeEvent
-  - RtlInitAnsiString
-  - MmUnmapIoSpace
-  - IoCancelIrp
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - RtlAnsiStringToUnicodeString
-  - IofCompleteRequest
-  - KeWaitForSingleObject
-  - PsGetVersion
-  - IoCreateSymbolicLink
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - IofCallDriver
-  - KeBugCheckEx
-  - ExFreePoolWithTag
-  - IoDeleteSymbolicLink
-  - IoBuildDeviceIoControlRequest
-  - MmMapIoSpace
-  - ExAllocatePoolWithTag
-  - RtlUnwindEx
-  - HalGetBusDataByOffset
-  - HalSetBusDataByOffset
-  - KeStallExecutionProcessor
-  - KeQueryPerformanceCounter
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: cpuz.sys
-  MD5: e0fb44aba5e7798f2dc637c6d1f6ca84
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: cpuz.sys
-  PDBPath: ''
-  Product: CPUID service
-  ProductVersion: 6.1.7600.16385
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: c046d6f14ec39d2a0f67a417bda83c5e
-    SHA1: 74661f1063b4c80566f75a1bee22c35f7af17fa9
-    SHA256: 440eebbdc09d290724d364056ba4e2725c75759819a6df0a1ed5c876ed7d2474
-  SHA1: 91ee32b464f6385fc8c44b867ca3dec665cbe886
-  SHA256: 73c03b01d5d1eb03ec5cb5a443714b12fa095cc4b09ddc34671a92117ae4bb3a
-  Sections:
-    .text:
-      Entropy: 6.2029653102798905
-      Virtual Size: '0x38b6'
-    .rdata:
-      Entropy: 4.171840682780765
-      Virtual Size: '0x464'
-    .data:
-      Entropy: 0.378703493487675
-      Virtual Size: '0x440'
-    .pdata:
-      Entropy: 3.6000408617955837
-      Virtual Size: '0xf0'
-    INIT:
-      Entropy: 5.116119018385266
-      Virtual Size: '0x40e'
-    .rsrc:
-      Entropy: 3.3889145139722916
-      Virtual Size: '0x350'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, CN=CPUID
-      ValidFrom: '2014-12-02 00:00:00'
-      ValidTo: '2018-03-02 23:59:59'
-      Signature: a59808b35f916a1201f0987b958aaaf50b81f3e507cf9d1b902bc22787244617e38069e4ca74bcf505dfdfeb6bad8bee2ecba26a428c2b26c9b9987241b50ccfd895a7335b35534c5569fdef2554d773cb3b20f10e08eeff2701d2a3e8ef7c5bb759baf1995d1580dce4f0c5da90eff4f07e01e7c9273b24c14c514f2ae1d1fe940dd53bfa25572cd6f3c007c7f21aebc58ea32ca3aea83c731419c9dcc191158cbb52b0b70545a16c9b42aadd4dcb167443d6c15fa03ae7f6f0f644845a69cb8badb3f143fd916a70c5008c3486d1f0cc8e0527f76da5aeaca4925f6eb6861dd54e1ce8b80e6b000446d77ac8bd0299e38db3b8e4a9c43294367cd6a55351d0
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 2d8021d84f098e7abde199f818e211a4
-      Version: 3
-      TBS:
-        MD5: 8f8c7ccf1ef7e1ee347f49e8266008ca
-        SHA1: b856b993df73da9d824aa1e5161788bd10d1e10e
-        SHA256: 1dd13a417806106c76cfbcd3614fe27a0638d2aaf2731f6a110c05043e34ad91
-        SHA384: d24ede407b82f80a6f0703b59af267f227a956c21f642f4c3d717d6999728ba2acfde76966340f4334f8ecdcf294616e
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 2d8021d84f098e7abde199f818e211a4
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 8f96c3ef5dda3fe697d4a4d6326dbe37
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 108039203e53320e01076d3f97e08108
-    SHA1: c90c328211afc28e3b931bc2a0541eb04afc4e2b
-    SHA256: d8e3548efca46a3aceca747622881843b170225957cffeacfd149c25907ecf2d
-  Company: CPUID
-  Copyright: Copyright(C) 2010 CPUID
-  CreationTimestamp: '2010-12-27 06:34:14'
-  Date: ''
-  Description: CPUID Driver
-  ExportedFunctions: ''
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - PsGetVersion
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeTickCount
-  - KeBugCheckEx
-  - IofCompleteRequest
-  - MmMapIoSpace
-  - MmUnmapIoSpace
-  - ProbeForWrite
-  - IoDeleteDevice
-  - RtlInitUnicodeString
-  - IoDeleteSymbolicLink
-  - RtlUnwindEx
-  - RtlPcToFileHeader
-  - READ_PORT_USHORT
-  - WRITE_PORT_ULONG
-  - HalGetBusDataByOffset
-  - HalSetBusDataByOffset
-  - READ_PORT_UCHAR
-  - HalCallPal
-  - WRITE_PORT_UCHAR
-  - KeStallExecutionProcessor
-  - WRITE_PORT_USHORT
-  - READ_PORT_ULONG
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: cpuz.sys
-  MD5: 2ff629de3667fcd606a0693951f1c1a9
-  MachineType: IA64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: cpuz.sys
-  PDBPath: ''
-  Product: CPUID service
-  ProductVersion: 6.1.7600.16385
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: d6643b31d447dc612fb7920d936baf5a
-    SHA1: 0d2acfebbfb9a35446bb9ff7b915c8ff514fd7dc
-    SHA256: 98f7bc08e99aa659bfb0295c09adf8ccfdb7f7ad8cc065cfb4f0732585c1855c
-  SHA1: 263181bc8c2c6af06b9a06d994e4b651c3ab1849
-  SHA256: d0543f0fdc589c921b47877041f01b17a534c67dcc7c5ad60beba8cf7e7bc9c6
-  Sections:
-    .text:
-      Entropy: 5.406379776247194
-      Virtual Size: '0x39c0'
-    .rdata:
-      Entropy: 4.144024587509795
-      Virtual Size: '0x3d8'
-    .pdata:
-      Entropy: 3.3263502634141657
-      Virtual Size: '0xb4'
-    .sdata:
-      Entropy: 1.1203888318125959
-      Virtual Size: '0x2a0'
-    INIT:
-      Entropy: 5.0324391219722715
-      Virtual Size: '0x3e8'
-    .rsrc:
-      Entropy: 3.3976217041631593
-      Virtual Size: '0x350'
-    .reloc:
-      Entropy: 0.9613220996213607
-      Virtual Size: '0x168'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=CPUID
-      ValidFrom: '2009-02-02 00:00:00'
-      ValidTo: '2012-02-07 23:59:59'
-      Signature: 9a9bbecb393272aaedfd7a125e0fe581151a18a75a4094e082a38156f62018b9d59edef27429bbea60d6e146a2ce134546d54e00b6585c1d85e3aedfb3b9a5de7728a96b2bcc26106655bae6bc5ce3a72714f9e23282a2fba29fc870b394e832f07dc50ded3a042953fe91379769e424398278b6ed14ae4f6b4cce5fa7ba20fc8d157a78fd308214d177189bcd76b2bd62a861a8c1562e2748f338f7369f0f062804685399a6655fcb4564a644e7a8bee8330557376884cce9153992e8e205bc1474dbd0109b3c87991db9bb77a9dff5775267390431ce56ff49500d8ad70be34a0d9a0b112e07eb55f0fe07de9ac93a0b30cb36029b5ec41e032daf66627d4e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
-      Version: 3
-      TBS:
-        MD5: fb72fa311261c4fb6a786e5cc7ce1d2f
-        SHA1: 1006abcf3b1eb43fd4cc42a2cc25346b3b9002c3
-        SHA256: 01beb7dc0d29b16a5506fc611b435aa0f4d9c50408ca404e91135e493a20890a
-        SHA384: 759175ad5a7509fc3ea3678d14e568abd0edeb753b53af88af04869bea98a07314b88c26de077ab3bdb6dbb1df1b93f9
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  Imphash: a2d936fa82b7340d28a697fb344046d8
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 950669044ae6c3dd58a6a849e9f28f3e
-    SHA1: cbd1db5f7ec7b980c68cb8eb2147009d53c890f1
-    SHA256: d130e3e052b09dc154c32c170c227f7baaf74fa7767943478876c744fc3d026d
-  Company: CPUID
-  Copyright: Copyright(C) 2017 CPUID
-  CreationTimestamp: '2017-05-22 02:17:11'
-  Date: ''
-  Description: CPUID Driver
-  ExportedFunctions: ''
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - IoGetDeviceObjectPointer
-  - RtlAnsiStringToUnicodeString
-  - RtlInitAnsiString
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - IoDeleteDevice
-  - ObfDereferenceObject
-  - RtlInitUnicodeString
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeTickCount
-  - KeBugCheckEx
-  - RtlFreeUnicodeString
-  - ExAllocatePoolWithTag
-  - ExFreePool
-  - IofCompleteRequest
-  - KeInitializeEvent
-  - IoBuildDeviceIoControlRequest
-  - IofCallDriver
-  - KeWaitForSingleObject
-  - IoCancelIrp
-  - IoDeleteSymbolicLink
-  - PsGetVersion
-  - RtlUnwind
-  - READ_PORT_USHORT
-  - READ_PORT_ULONG
-  - WRITE_PORT_UCHAR
-  - WRITE_PORT_USHORT
-  - WRITE_PORT_ULONG
-  - KeQueryPerformanceCounter
-  - KeStallExecutionProcessor
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  - READ_PORT_UCHAR
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: cpuz.sys
-  MD5: f3d14fcdb86db8d75416ce173c6061af
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: cpuz.sys
-  PDBPath: ''
-  Product: CPUID service
-  ProductVersion: 6.1.7600.16385
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: e10f1a83d333c2feb8a17b1906909a07
-    SHA1: f605fa8f10b2b64638f01715179b7588f4a6b727
-    SHA256: 9337693c714a35f8370e9a6d7aca13083a7e4c5dbbefdee250b06ae6cc63a06d
-  SHA1: 53f7a84a8cebe0e3f84894c6b9119466d1a8ddaf
-  SHA256: 368a9c2b6f12adbe2ba65181fb96f8b0d2241e4eae9f3ce3e20e50c3a3cc9aa1
-  Sections:
-    .text:
-      Entropy: 6.181544782176429
-      Virtual Size: '0x4940'
-    .rdata:
-      Entropy: 4.742804621694481
-      Virtual Size: '0x398'
-    .data:
-      Entropy: 0.13142343474404483
-      Virtual Size: '0x340'
-    INIT:
-      Entropy: 5.404799281494045
-      Virtual Size: '0x3fc'
-    .rsrc:
-      Entropy: 3.3973045624277542
-      Virtual Size: '0x350'
-    .reloc:
-      Entropy: 5.9931524634500075
-      Virtual Size: '0x2ee'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, CN=CPUID
-      ValidFrom: '2014-12-02 00:00:00'
-      ValidTo: '2018-03-02 23:59:59'
-      Signature: a59808b35f916a1201f0987b958aaaf50b81f3e507cf9d1b902bc22787244617e38069e4ca74bcf505dfdfeb6bad8bee2ecba26a428c2b26c9b9987241b50ccfd895a7335b35534c5569fdef2554d773cb3b20f10e08eeff2701d2a3e8ef7c5bb759baf1995d1580dce4f0c5da90eff4f07e01e7c9273b24c14c514f2ae1d1fe940dd53bfa25572cd6f3c007c7f21aebc58ea32ca3aea83c731419c9dcc191158cbb52b0b70545a16c9b42aadd4dcb167443d6c15fa03ae7f6f0f644845a69cb8badb3f143fd916a70c5008c3486d1f0cc8e0527f76da5aeaca4925f6eb6861dd54e1ce8b80e6b000446d77ac8bd0299e38db3b8e4a9c43294367cd6a55351d0
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 2d8021d84f098e7abde199f818e211a4
-      Version: 3
-      TBS:
-        MD5: 8f8c7ccf1ef7e1ee347f49e8266008ca
-        SHA1: b856b993df73da9d824aa1e5161788bd10d1e10e
-        SHA256: 1dd13a417806106c76cfbcd3614fe27a0638d2aaf2731f6a110c05043e34ad91
-        SHA384: d24ede407b82f80a6f0703b59af267f227a956c21f642f4c3d717d6999728ba2acfde76966340f4334f8ecdcf294616e
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 2d8021d84f098e7abde199f818e211a4
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: b1e749ba779687a5127817da3d47af2c
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 745331465ad7efbf60b10ca71983dab7
-    SHA1: 2b1530f09d95ce711c803af896706039e48d1f48
-    SHA256: 2815c91fe5053899593cec83218b8dff85cfd85cea667dbbf2153cbc3cde000f
-  Company: CPUID
-  Copyright: Copyright(C) 2016 CPUID
-  CreationTimestamp: '2016-11-22 06:21:24'
-  Date: ''
-  Description: CPUID Driver
-  ExportedFunctions: ''
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - IoGetDeviceObjectPointer
-  - RtlAnsiStringToUnicodeString
-  - RtlInitAnsiString
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - IoDeleteDevice
-  - ObfDereferenceObject
-  - RtlInitUnicodeString
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeTickCount
-  - KeBugCheckEx
-  - RtlFreeUnicodeString
-  - ExAllocatePoolWithTag
-  - ExFreePool
-  - IofCompleteRequest
-  - KeInitializeEvent
-  - IoBuildDeviceIoControlRequest
-  - IofCallDriver
-  - KeWaitForSingleObject
-  - IoCancelIrp
-  - IoDeleteSymbolicLink
-  - PsGetVersion
-  - RtlUnwind
-  - READ_PORT_USHORT
-  - READ_PORT_ULONG
-  - WRITE_PORT_UCHAR
-  - WRITE_PORT_USHORT
-  - WRITE_PORT_ULONG
-  - KeQueryPerformanceCounter
-  - KeStallExecutionProcessor
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  - READ_PORT_UCHAR
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: cpuz.sys
-  MD5: 7c4e513702a0322b0e3bce29dea9e3e9
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: cpuz.sys
-  PDBPath: ''
-  Product: CPUID service
-  ProductVersion: 6.1.7600.16385
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: e10f1a83d333c2feb8a17b1906909a07
-    SHA1: f605fa8f10b2b64638f01715179b7588f4a6b727
-    SHA256: 9337693c714a35f8370e9a6d7aca13083a7e4c5dbbefdee250b06ae6cc63a06d
-  SHA1: 14c9cd9e2cf2b0aae56c46ff9ad1c89a8a980050
-  SHA256: b0f6cd34717d0cea5ab394b39a9de3a479ca472a071540a595117219d9a61a44
-  Sections:
-    .text:
-      Entropy: 6.234079240129433
-      Virtual Size: '0x3cd0'
-    .rdata:
-      Entropy: 4.651206288846307
-      Virtual Size: '0x32c'
-    .data:
-      Entropy: 0.13142343474404483
-      Virtual Size: '0x340'
-    INIT:
-      Entropy: 5.398598432524642
-      Virtual Size: '0x3fc'
-    .rsrc:
-      Entropy: 3.388914513972292
-      Virtual Size: '0x350'
-    .reloc:
-      Entropy: 5.848287650494908
-      Virtual Size: '0x296'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, CN=CPUID
-      ValidFrom: '2014-12-02 00:00:00'
-      ValidTo: '2018-03-02 23:59:59'
-      Signature: a59808b35f916a1201f0987b958aaaf50b81f3e507cf9d1b902bc22787244617e38069e4ca74bcf505dfdfeb6bad8bee2ecba26a428c2b26c9b9987241b50ccfd895a7335b35534c5569fdef2554d773cb3b20f10e08eeff2701d2a3e8ef7c5bb759baf1995d1580dce4f0c5da90eff4f07e01e7c9273b24c14c514f2ae1d1fe940dd53bfa25572cd6f3c007c7f21aebc58ea32ca3aea83c731419c9dcc191158cbb52b0b70545a16c9b42aadd4dcb167443d6c15fa03ae7f6f0f644845a69cb8badb3f143fd916a70c5008c3486d1f0cc8e0527f76da5aeaca4925f6eb6861dd54e1ce8b80e6b000446d77ac8bd0299e38db3b8e4a9c43294367cd6a55351d0
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 2d8021d84f098e7abde199f818e211a4
-      Version: 3
-      TBS:
-        MD5: 8f8c7ccf1ef7e1ee347f49e8266008ca
-        SHA1: b856b993df73da9d824aa1e5161788bd10d1e10e
-        SHA256: 1dd13a417806106c76cfbcd3614fe27a0638d2aaf2731f6a110c05043e34ad91
-        SHA384: d24ede407b82f80a6f0703b59af267f227a956c21f642f4c3d717d6999728ba2acfde76966340f4334f8ecdcf294616e
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 2d8021d84f098e7abde199f818e211a4
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: b1e749ba779687a5127817da3d47af2c
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 24667fcd9e65bf7b55094d71f468d5ef
-    SHA1: 3ec2f25de7dda0cdcec50b8288c4beb13af50602
-    SHA256: f291f251d8ffc6c6c2f69b62e8d1153bdb83f54cf60ef9a4c6235db87bfb2c1a
-  Company: CPUID
-  Copyright: Copyright(C) 2013 CPUID
-  CreationTimestamp: '2013-11-27 03:37:05'
-  Date: ''
-  Description: CPUID Driver
-  ExportedFunctions: ''
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - IofCompleteRequest
-  - ExFreePool
-  - ExAllocatePoolWithTag
-  - RtlFreeUnicodeString
-  - ObfDereferenceObject
-  - MmIsAddressValid
-  - IoGetDeviceObjectPointer
-  - MmUnmapIoSpace
-  - RtlInitAnsiString
-  - MmMapIoSpace
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - RtlUnwind
-  - KeTickCount
-  - KeBugCheckEx
-  - RtlInitUnicodeString
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - PsGetVersion
-  - KeInitializeEvent
-  - IoBuildDeviceIoControlRequest
-  - IofCallDriver
-  - KeWaitForSingleObject
-  - RtlAnsiStringToUnicodeString
-  - IoCancelIrp
-  - READ_PORT_USHORT
-  - READ_PORT_ULONG
-  - WRITE_PORT_UCHAR
-  - WRITE_PORT_USHORT
-  - WRITE_PORT_ULONG
-  - HalGetBusDataByOffset
-  - HalSetBusDataByOffset
-  - KeStallExecutionProcessor
-  - READ_PORT_UCHAR
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: cpuz.sys
-  MD5: 65c069af3875494ec686afbb0c3da399
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: cpuz.sys
-  PDBPath: ''
-  Product: CPUID service
-  ProductVersion: 6.1.7600.16385
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 41f15d0f328a165973b49de608ef72a2
-    SHA1: abcd9850775bd0a1a855e785a238e0e69525810f
-    SHA256: 02dc44b04a6426fcaedf26995bfa471f123a90a9c747e82cebaf95f394890631
-  SHA1: 30846313e3387298f1f81c694102133568d6d48d
-  SHA256: b738eab6f3e32cec59d5f53c12f13862429d3db6756212bbcd78ba4b4dbc234c
-  Sections:
-    .text:
-      Entropy: 6.1967437745841645
-      Virtual Size: '0x2e80'
-    .rdata:
-      Entropy: 4.639110906957436
-      Virtual Size: '0x2e8'
-    .data:
-      Entropy: 0.335842300318532
-      Virtual Size: '0x1e0'
-    INIT:
-      Entropy: 5.41983369153965
-      Virtual Size: '0x3f4'
-    .rsrc:
-      Entropy: 3.391941258882184
-      Virtual Size: '0x350'
-    .reloc:
-      Entropy: 5.678413796604456
-      Virtual Size: '0x26e'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=CPUID
-      ValidFrom: '2012-01-06 00:00:00'
-      ValidTo: '2015-02-06 23:59:59'
-      Signature: be6fb3b3b33e9108a9a2273d1cf5eb3209a8c3a86ba7d66069393587f6b451b75b327ea15d36b1604aad5509c0ace37fa66e220b35764b9c201169677738c06802d2f798383c256c690898a663b0aeb519491057f9f24149c513abba2a4cab9934a684e5d83a34105fe6681f2b85d5ee06332d1c05c3627758442fd2fc94f5f68bb30f085cb1d31174e1461394aeef7b124291a099654d1103df3deab81e9658b5b5cc817061d688ae39e702f1d0dd420d6de931bed331960e089233b8576482e48d5b769fdfa8df02e1d098912444b324057826e1f72c26f045b2479a9b39eadfd6b2e1bd6db4057ef6b12ca385cad9a7ad82c4414e619f97dfd08a55f59053
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 53c8b54713882d4d5439511804935e
-      Version: 3
-      TBS:
-        MD5: 49e7946e133b4aaa31899adb235d3fa9
-        SHA1: f9f38ec49a6ccb990805be6dda0efa5f7fe8f7e7
-        SHA256: 1bb998a806b890e3300be35de0daa1b691fa218ef3d58ee5ec1b43fd34250a74
-        SHA384: 0a2ca21b084e3b431a7150c49819934d64a8b259d5686706d879a90cc37d32005eb2bbe07558b312b1169ab8a3e3de39
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 53c8b54713882d4d5439511804935e
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 958dd67f866ae27cf716e30a025b266f
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 66db76d5c4711c1e3df120bcdeaba312
-    SHA1: 5f1c6923e6bcf737084683893718367858b4cc73
-    SHA256: 4d29b1c2fff1a67d911229f36570e3d9b1cab0397d2cbc858b665403f1add3a3
-  Company: Windows (R) Codename Longhorn DDK provider
-  Copyright: "\xA9 Microsoft Corporation. All rights reserved."
-  CreationTimestamp: '2009-03-26 17:16:27'
-  Date: ''
-  Description: CPUID Driver
-  ExportedFunctions: ''
-  FileVersion: '6.0.6000.16386 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - IofCompleteRequest
-  - RtlFreeUnicodeString
-  - ObfDereferenceObject
-  - MmIsAddressValid
-  - IoGetDeviceObjectPointer
-  - RtlAnsiStringToUnicodeString
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - ProbeForWrite
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeTickCount
-  - KeBugCheckEx
-  - RtlInitUnicodeString
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - PsGetVersion
-  - KeInitializeEvent
-  - IoBuildDeviceIoControlRequest
-  - IofCallDriver
-  - RtlInitAnsiString
-  - KeWaitForSingleObject
-  - RtlUnwind
-  - READ_PORT_USHORT
-  - READ_PORT_ULONG
-  - WRITE_PORT_UCHAR
-  - WRITE_PORT_USHORT
-  - WRITE_PORT_ULONG
-  - HalGetBusDataByOffset
-  - HalSetBusDataByOffset
-  - READ_PORT_UCHAR
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: cpuz.sys
-  MD5: c5e7e8ca0d76a13a568901b6b304c3ba
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: cpuz.sys
-  PDBPath: ''
-  Product: Windows (R) Codename Longhorn DDK driver
-  ProductVersion: 6.0.6000.16386
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: eb3173fd99b2078342df233d00679c5d
-    SHA1: 3fc02e77ee0ab701a737089132a6bb46f16235cb
-    SHA256: 2b81787128c9aa04aa108fde22892da6d4bcbe6939bcf8161b589c4a96fb1183
-  SHA1: b7a2f2760f9819cb242b2e4f5b7bab0a65944c81
-  SHA256: 8e92aacd60fca1f09b7257e62caf0692794f5d741c5d1eec89d841e87f2c359c
-  Sections:
-    .text:
-      Entropy: 6.225521838174455
-      Virtual Size: '0x1de0'
-    .rdata:
-      Entropy: 4.461996500807114
-      Virtual Size: '0x2e0'
-    .data:
-      Entropy: 0.22396935932252834
-      Virtual Size: '0x1c0'
-    INIT:
-      Entropy: 5.494689782586933
-      Virtual Size: '0x3a0'
-    .rsrc:
-      Entropy: 3.398166168635772
-      Virtual Size: '0x400'
-    .reloc:
-      Entropy: 5.750244250493869
-      Virtual Size: '0x1f4'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=CPUID
-      ValidFrom: '2009-02-02 00:00:00'
-      ValidTo: '2012-02-07 23:59:59'
-      Signature: 9a9bbecb393272aaedfd7a125e0fe581151a18a75a4094e082a38156f62018b9d59edef27429bbea60d6e146a2ce134546d54e00b6585c1d85e3aedfb3b9a5de7728a96b2bcc26106655bae6bc5ce3a72714f9e23282a2fba29fc870b394e832f07dc50ded3a042953fe91379769e424398278b6ed14ae4f6b4cce5fa7ba20fc8d157a78fd308214d177189bcd76b2bd62a861a8c1562e2748f338f7369f0f062804685399a6655fcb4564a644e7a8bee8330557376884cce9153992e8e205bc1474dbd0109b3c87991db9bb77a9dff5775267390431ce56ff49500d8ad70be34a0d9a0b112e07eb55f0fe07de9ac93a0b30cb36029b5ec41e032daf66627d4e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
-      Version: 3
-      TBS:
-        MD5: fb72fa311261c4fb6a786e5cc7ce1d2f
-        SHA1: 1006abcf3b1eb43fd4cc42a2cc25346b3b9002c3
-        SHA256: 01beb7dc0d29b16a5506fc611b435aa0f4d9c50408ca404e91135e493a20890a
-        SHA384: 759175ad5a7509fc3ea3678d14e568abd0edeb753b53af88af04869bea98a07314b88c26de077ab3bdb6dbb1df1b93f9
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  Imphash: 69dbb4c8bbe4d8c2e1493f82170b93c4
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 3a7c1ab3c7376492586cf10657e0b914
-    SHA1: e4061096700b51ecc4dbdff6b4dc1e8e640fd7ae
-    SHA256: 4c03f7e80857630277d292ad7324541cad38f652a199d94bc18a10aef98c8bfa
-  Company: CPUID
-  Copyright: Copyright(C) 2014 CPUID
-  CreationTimestamp: '2015-10-07 02:25:28'
-  Date: ''
-  Description: CPUID Driver
-  ExportedFunctions: ''
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - RtlAnsiStringToUnicodeString
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeInitializeEvent
-  - RtlInitAnsiString
-  - MmUnmapIoSpace
-  - IoCancelIrp
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - ExFreePoolWithTag
-  - IofCompleteRequest
-  - KeWaitForSingleObject
-  - PsGetVersion
-  - IoCreateSymbolicLink
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - IofCallDriver
-  - KeBugCheckEx
-  - IoDeleteSymbolicLink
-  - IoBuildDeviceIoControlRequest
-  - MmMapIoSpace
-  - ExAllocatePoolWithTag
-  - RtlUnwindEx
-  - HalSetBusDataByOffset
-  - KeStallExecutionProcessor
-  - HalGetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: cpuz.sys
-  MD5: 0d4306983e694c1f34920bae12d887e6
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: cpuz.sys
-  PDBPath: ''
-  Product: CPUID service
-  ProductVersion: 6.1.7600.16385
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: b3dcf662ce69ad7b34717fb6aecf09a7
-    SHA1: 63be2c28ecee71a739bfbaf38466362e998bc5bc
-    SHA256: f4257b7e95b00b38e446b2708cc342fe32846266064b94c78ec1f987731c2226
-  SHA1: deaf7d0c934cc428981ffa5bf528ca920bc692dc
-  SHA256: 8d6febd54ce0c98ea3653e582f7791061923a9a4842bd4a1326564204431ca9f
-  Sections:
-    .text:
-      Entropy: 6.187068215362904
-      Virtual Size: '0x30c6'
-    .rdata:
-      Entropy: 4.21132054612556
-      Virtual Size: '0x424'
-    .data:
-      Entropy: 0.378703493487675
-      Virtual Size: '0x2c0'
-    .pdata:
-      Entropy: 3.5511621274596537
-      Virtual Size: '0xd8'
-    INIT:
-      Entropy: 5.131854482283732
-      Virtual Size: '0x3ea'
-    .rsrc:
-      Entropy: 3.3971374522271924
-      Virtual Size: '0x350'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: ??=Private Organization, ??=FR, serialNumber=493 590 202, ??=39 rue
-        Joseph Jacquard, postalCode=59240, C=FR, L=Dunkerque, O=CPUID, CN=CPUID
-      ValidFrom: '2015-09-11 00:00:00'
-      ValidTo: '2018-09-19 12:00:00'
-      Signature: 4963c1597fb6f142ae83559d5a70e5bd09f92fdf2ddd16d93c77e91b10c52ef9e1032654515997dafd19e3b078e8c841ebde628e2f77b29c898d0612e2b7b1b3fec6a5cd93d9588494010e4e42b60d5d89d5ee4ee403228155cde73c1bdb770e65a7262a5c7cfa0914836d876a77698e88ac46b162a6326c79e62a857737571b64ab9d19556e6cfb7fcc5b32d340ef3872a7d9736575265b78b702652bd8621bb9b678a4768cbf78d6eba0d1370ad0f3e3e7d7d91e666627c9a0a30c548ed97fb9aca358aa0476ba2f1d475e956bf29123c59dce2c119d56603c42706f0c88efc1cd913e5dcba0130840eb86968290cd55f93b90466e8710bafd4111f67f04ba
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 07ef902f309d9df93e5124fa3ee5dae2
-      Version: 3
-      TBS:
-        MD5: aa06717c45e9e49a8c1e001c66edd9fa
-        SHA1: 6a150d1cba59e4090bf9169a333e0fb226ed5472
-        SHA256: 6dde4dd03be027a9ce82b9337559c984377a7a7f3f589d575726bfcbb806afdb
-        SHA384: b9bef10fc28980514e23d13d0fe6d5f43b3e4a2dff24049d6cef3c3fb955e071e1d1128c71c12c5a3bf09cc107782600
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA (SHA2)
-      ValidFrom: '2012-04-18 12:00:00'
-      ValidTo: '2027-04-18 12:00:00'
-      Signature: 19334a0c813337dbad36c9e4c93abbb51b2e7aa2e2f44342179ebf4ea14de1b1dbe981dd9f01f2e488d5e9fe09fd21c1ec5d80d2f0d6c143c2fe772bdbf9d79133ce6cd5b2193be62ed6c9934f88408ecde1f57ef10fc6595672e8eb6a41bd1cd546d57c49ca663815c1bfe091707787dcc98d31c90c29a233ed8de287cd898d3f1bffd5e01a978b7cda6dfba8c6b23a666b7b01b3cdd8a634ec1201ab9558a5c45357a860e6e70212a0b92364a24dbb7c81256421becfee42184397bba53706af4dff26a54d614bec4641b865ceb8799e08960b818c8a3b8fc7998ca32a6e986d5e61c696b78ab9612d93b8eb0e0443d7f5fea6f062d4996aa5c1c1f0649480
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 03f1b4e15f3a82f1149678b3d7d8475c
-      Version: 3
-      TBS:
-        MD5: 83f5de89f641d0fbf60248e10a7b9534
-        SHA1: 382a73a059a08698d6eb98c87e1b36fc750933a4
-        SHA256: eec58131dc11cd7f512501b15fdbc6074c603b68ca91f7162d5a042054edb0cf
-        SHA384: 4a25018683cabfb8ec2cad136334f37f33c89aa8540326322991d997c8adfb7faf06ab602ebd46630fe75fe3d2edc6b1
-    Signer:
-    - SerialNumber: 07ef902f309d9df93e5124fa3ee5dae2
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA (SHA2)
-      Version: 1
-  Imphash: f12ae9073d95c22ed89247253d59f500
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 97c040bf9611bc00ca2b18f5ec3b222a
-    SHA1: 5b59766ad52fb4a123a52452b088084b9536da11
-    SHA256: 330941d4b4c310814278afb3d07f7191470c7da06f694342797dc6a2eb37c5be
-  Company: CPUID
-  Copyright: Copyright(C) 2010 CPUID
-  CreationTimestamp: '2011-01-19 09:45:17'
-  Date: ''
-  Description: CPUID Driver
-  ExportedFunctions: ''
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - IofCompleteRequest
-  - ExFreePool
-  - ExAllocatePoolWithTag
-  - RtlFreeUnicodeString
-  - ObfDereferenceObject
-  - MmIsAddressValid
-  - IoGetDeviceObjectPointer
-  - MmUnmapIoSpace
-  - RtlInitAnsiString
-  - MmMapIoSpace
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - RtlUnwind
-  - KeTickCount
-  - KeBugCheckEx
-  - RtlInitUnicodeString
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - PsGetVersion
-  - KeInitializeEvent
-  - IoBuildDeviceIoControlRequest
-  - IofCallDriver
-  - KeWaitForSingleObject
-  - RtlAnsiStringToUnicodeString
-  - IoCancelIrp
-  - READ_PORT_USHORT
-  - READ_PORT_ULONG
-  - WRITE_PORT_UCHAR
-  - WRITE_PORT_USHORT
-  - WRITE_PORT_ULONG
-  - HalGetBusDataByOffset
-  - HalSetBusDataByOffset
-  - KeStallExecutionProcessor
-  - READ_PORT_UCHAR
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: cpuz.sys
-  MD5: 6bada94085b6709694f8327c211d12e1
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: cpuz.sys
-  PDBPath: ''
-  Product: CPUID service
-  ProductVersion: 6.1.7600.16385
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 41f15d0f328a165973b49de608ef72a2
-    SHA1: abcd9850775bd0a1a855e785a238e0e69525810f
-    SHA256: 02dc44b04a6426fcaedf26995bfa471f123a90a9c747e82cebaf95f394890631
-  SHA1: c0a8e45e57bb6d82524417d6fb7e955ab95621c0
-  SHA256: c8f0bb5d8836e21e7a22a406c69c01ba7d512a808c37c45088575d548ee25caa
-  Sections:
-    .text:
-      Entropy: 6.19967111253336
-      Virtual Size: '0x26c0'
-    .rdata:
-      Entropy: 4.5178451814893545
-      Virtual Size: '0x300'
-    .data:
-      Entropy: 0.335842300318532
-      Virtual Size: '0x1e0'
-    INIT:
-      Entropy: 5.42180997612463
-      Virtual Size: '0x3f4'
-    .rsrc:
-      Entropy: 3.3927376128305218
-      Virtual Size: '0x350'
-    .reloc:
-      Entropy: 5.451103698521333
-      Virtual Size: '0x250'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=CPUID
-      ValidFrom: '2009-02-02 00:00:00'
-      ValidTo: '2012-02-07 23:59:59'
-      Signature: 9a9bbecb393272aaedfd7a125e0fe581151a18a75a4094e082a38156f62018b9d59edef27429bbea60d6e146a2ce134546d54e00b6585c1d85e3aedfb3b9a5de7728a96b2bcc26106655bae6bc5ce3a72714f9e23282a2fba29fc870b394e832f07dc50ded3a042953fe91379769e424398278b6ed14ae4f6b4cce5fa7ba20fc8d157a78fd308214d177189bcd76b2bd62a861a8c1562e2748f338f7369f0f062804685399a6655fcb4564a644e7a8bee8330557376884cce9153992e8e205bc1474dbd0109b3c87991db9bb77a9dff5775267390431ce56ff49500d8ad70be34a0d9a0b112e07eb55f0fe07de9ac93a0b30cb36029b5ec41e032daf66627d4e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
-      Version: 3
-      TBS:
-        MD5: fb72fa311261c4fb6a786e5cc7ce1d2f
-        SHA1: 1006abcf3b1eb43fd4cc42a2cc25346b3b9002c3
-        SHA256: 01beb7dc0d29b16a5506fc611b435aa0f4d9c50408ca404e91135e493a20890a
-        SHA384: 759175ad5a7509fc3ea3678d14e568abd0edeb753b53af88af04869bea98a07314b88c26de077ab3bdb6dbb1df1b93f9
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  Imphash: 958dd67f866ae27cf716e30a025b266f
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: a6e1b2eb9fb061a48b9ea73a038b2b7d
-    SHA1: e94ab819d118852912afc39c61dd332664a02835
-    SHA256: 43eeac44acc2f0aefc02522f1d203b37798fec9232d5b6c5d266badc118a1d8b
-  Company: CPUID
-  Copyright: Copyright(C) 2010 CPUID
-  CreationTimestamp: '2011-01-19 09:46:02'
-  Date: ''
-  Description: CPUID Driver
-  ExportedFunctions: ''
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - PsGetVersion
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeTickCount
-  - KeBugCheckEx
-  - IofCompleteRequest
-  - MmMapIoSpace
-  - MmUnmapIoSpace
-  - ProbeForWrite
-  - IoDeleteDevice
-  - RtlInitUnicodeString
-  - IoDeleteSymbolicLink
-  - __C_specific_handler
-  - READ_PORT_USHORT
-  - WRITE_PORT_ULONG
-  - HalGetBusDataByOffset
-  - HalSetBusDataByOffset
-  - READ_PORT_UCHAR
-  - HalCallPal
-  - WRITE_PORT_UCHAR
-  - KeStallExecutionProcessor
-  - WRITE_PORT_USHORT
-  - READ_PORT_ULONG
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: cpuz.sys
-  MD5: 212bfd1ef00e199a365aeb74a8182609
-  MachineType: IA64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: cpuz.sys
-  PDBPath: ''
-  Product: CPUID service
-  ProductVersion: 6.1.7600.16385
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 3e05f63a445c98b6831d9476006337f7
-    SHA1: 08c8e06efd3136ae964f86be406389c47f74e4dd
-    SHA256: e5965588f92317c7d220193aa42f12d30bae66f0008f4831568b8131edeeb70a
-  SHA1: 90d73db752eac6ffc53555281fc5aa92297285ec
-  SHA256: b9695940f72e3ed5d7369fb32958e2146abd29d5895d91ccc22dfbcc9485b78b
-  Sections:
-    .text:
-      Entropy: 5.396602101057036
-      Virtual Size: '0x3130'
-    .rdata:
-      Entropy: 4.1537172213595825
-      Virtual Size: '0x348'
-    .pdata:
-      Entropy: 3.2551039363088288
-      Virtual Size: '0x84'
-    .sdata:
-      Entropy: 1.055945444608438
-      Virtual Size: '0x260'
-    INIT:
-      Entropy: 5.06628585370835
-      Virtual Size: '0x3d6'
-    .rsrc:
-      Entropy: 3.3976217041631593
-      Virtual Size: '0x350'
-    .reloc:
-      Entropy: 1.042907998495935
-      Virtual Size: '0x146'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=CPUID
-      ValidFrom: '2009-02-02 00:00:00'
-      ValidTo: '2012-02-07 23:59:59'
-      Signature: 9a9bbecb393272aaedfd7a125e0fe581151a18a75a4094e082a38156f62018b9d59edef27429bbea60d6e146a2ce134546d54e00b6585c1d85e3aedfb3b9a5de7728a96b2bcc26106655bae6bc5ce3a72714f9e23282a2fba29fc870b394e832f07dc50ded3a042953fe91379769e424398278b6ed14ae4f6b4cce5fa7ba20fc8d157a78fd308214d177189bcd76b2bd62a861a8c1562e2748f338f7369f0f062804685399a6655fcb4564a644e7a8bee8330557376884cce9153992e8e205bc1474dbd0109b3c87991db9bb77a9dff5775267390431ce56ff49500d8ad70be34a0d9a0b112e07eb55f0fe07de9ac93a0b30cb36029b5ec41e032daf66627d4e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
-      Version: 3
-      TBS:
-        MD5: fb72fa311261c4fb6a786e5cc7ce1d2f
-        SHA1: 1006abcf3b1eb43fd4cc42a2cc25346b3b9002c3
-        SHA256: 01beb7dc0d29b16a5506fc611b435aa0f4d9c50408ca404e91135e493a20890a
-        SHA384: 759175ad5a7509fc3ea3678d14e568abd0edeb753b53af88af04869bea98a07314b88c26de077ab3bdb6dbb1df1b93f9
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  Imphash: f0820e8f674e44e5c2a3f899ec561c1d
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: d9d45430dc3fb1c7154c109f9d85d70e
-    SHA1: 4f52e85725556496f9102bba0fdf9d13f721c675
-    SHA256: 90f5962e6b2342eae05dc8f4c34d5291742537248587ccf6ac298691806a4517
-  Company: CPUID
-  Copyright: Copyright(C) 2010 CPUID
-  CreationTimestamp: '2012-08-11 01:45:54'
-  Description: CPUID Driver
-  ExportedFunctions: ''
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Filename: cpuz.sys
-  ImportedFunctions:
-  - IofCompleteRequest
-  - ExFreePool
-  - ExAllocatePoolWithTag
-  - RtlFreeUnicodeString
-  - ObfDereferenceObject
-  - MmIsAddressValid
-  - IoGetDeviceObjectPointer
-  - RtlAnsiStringToUnicodeString
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - DbgPrint
-  - RtlUnwind
-  - KeTickCount
-  - KeBugCheckEx
-  - RtlInitUnicodeString
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - PsGetVersion
-  - KeInitializeEvent
-  - IoBuildDeviceIoControlRequest
-  - IofCallDriver
-  - KeWaitForSingleObject
-  - RtlInitAnsiString
-  - IoCancelIrp
-  - READ_PORT_USHORT
-  - READ_PORT_ULONG
-  - WRITE_PORT_UCHAR
-  - WRITE_PORT_USHORT
-  - WRITE_PORT_ULONG
-  - HalGetBusDataByOffset
-  - HalSetBusDataByOffset
-  - KeStallExecutionProcessor
-  - READ_PORT_UCHAR
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: cpuz.sys
-  MD5: a89ca92145fc330adced0dd005421183
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: cpuz.sys
-  Product: CPUID service
-  ProductVersion: 6.1.7600.16385
-  RichPEHeaderHash:
-    MD5: 573ac9a3fc69d00f19723f196162680e
-    SHA1: 7e21d51681f265bad20f1db06cd0831b80d4fed2
-    SHA256: 79749e2d14cda7629ae1b8bdc88101418cb5a099b93137ea76824b0246209519
-  SHA1: e33eac9d3b9b5c0db3db096332f059bf315a2343
-  SHA256: 0d3790af5f8e5c945410929e31d06144a471ac82f828afe89a4758a5bbeb7f9f
-  Sections:
-    .text:
-      Entropy: 6.222402374512635
-      Virtual Size: '0x2780'
-    .rdata:
-      Entropy: 4.5251453594439255
-      Virtual Size: '0x300'
-    .data:
-      Entropy: 0.335842300318532
-      Virtual Size: '0x1e0'
-    INIT:
-      Entropy: 5.423515041101043
-      Virtual Size: '0x404'
-    .rsrc:
-      Entropy: 3.3927376128305218
-      Virtual Size: '0x350'
-    .reloc:
-      Entropy: 5.4807357701963335
-      Virtual Size: '0x258'
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G3
-      ValidFrom: '2012-05-01 00:00:00'
-      ValidTo: '2012-12-31 23:59:59'
-      Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
-      Version: 3
-      TBS:
-        MD5: e6d820afb23af20a65cf0b03247ea05e
-        SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
-        SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
-        SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=CPUID
-      ValidFrom: '2012-01-06 00:00:00'
-      ValidTo: '2015-02-06 23:59:59'
-      Signature: be6fb3b3b33e9108a9a2273d1cf5eb3209a8c3a86ba7d66069393587f6b451b75b327ea15d36b1604aad5509c0ace37fa66e220b35764b9c201169677738c06802d2f798383c256c690898a663b0aeb519491057f9f24149c513abba2a4cab9934a684e5d83a34105fe6681f2b85d5ee06332d1c05c3627758442fd2fc94f5f68bb30f085cb1d31174e1461394aeef7b124291a099654d1103df3deab81e9658b5b5cc817061d688ae39e702f1d0dd420d6de931bed331960e089233b8576482e48d5b769fdfa8df02e1d098912444b324057826e1f72c26f045b2479a9b39eadfd6b2e1bd6db4057ef6b12ca385cad9a7ad82c4414e619f97dfd08a55f59053
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 53c8b54713882d4d5439511804935e
-      Version: 3
-      TBS:
-        MD5: 49e7946e133b4aaa31899adb235d3fa9
-        SHA1: f9f38ec49a6ccb990805be6dda0efa5f7fe8f7e7
-        SHA256: 1bb998a806b890e3300be35de0daa1b691fa218ef3d58ee5ec1b43fd34250a74
-        SHA384: 0a2ca21b084e3b431a7150c49819934d64a8b259d5686706d879a90cc37d32005eb2bbe07558b312b1169ab8a3e3de39
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 53c8b54713882d4d5439511804935e
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: a0a13575e37906924a0b79043b4005c6
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 0fef96c1d46145af32eb6993faa6e496
-    SHA1: 4d26356a4a48d492b00845a7ac1bb27a92f95871
-    SHA256: 0aa61910c3ceb765441c35925a50983b2571ac22da510f1495cf82f078b535b6
-  Company: CPUID
-  Copyright: Copyright(C) 2010 CPUID
-  CreationTimestamp: '2012-03-09 01:55:45'
-  Description: CPUID Driver
-  ExportedFunctions: ''
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Filename: cpuz.sys
-  ImportedFunctions:
-  - IofCompleteRequest
-  - ExFreePool
-  - ExAllocatePoolWithTag
-  - RtlFreeUnicodeString
-  - ObfDereferenceObject
-  - MmIsAddressValid
-  - IoGetDeviceObjectPointer
-  - MmUnmapIoSpace
-  - RtlInitAnsiString
-  - MmMapIoSpace
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - RtlUnwind
-  - KeTickCount
-  - KeBugCheckEx
-  - RtlInitUnicodeString
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - PsGetVersion
-  - KeInitializeEvent
-  - IoBuildDeviceIoControlRequest
-  - IofCallDriver
-  - KeWaitForSingleObject
-  - RtlAnsiStringToUnicodeString
-  - IoCancelIrp
-  - READ_PORT_USHORT
-  - READ_PORT_ULONG
-  - WRITE_PORT_UCHAR
-  - WRITE_PORT_USHORT
-  - WRITE_PORT_ULONG
-  - HalGetBusDataByOffset
-  - HalSetBusDataByOffset
-  - KeStallExecutionProcessor
-  - READ_PORT_UCHAR
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: cpuz.sys
-  MD5: 26ce59f9fc8639fd7fed53ce3b785015
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: cpuz.sys
-  Product: CPUID service
-  ProductVersion: 6.1.7600.16385
-  RichPEHeaderHash:
-    MD5: 41f15d0f328a165973b49de608ef72a2
-    SHA1: abcd9850775bd0a1a855e785a238e0e69525810f
-    SHA256: 02dc44b04a6426fcaedf26995bfa471f123a90a9c747e82cebaf95f394890631
-  SHA1: 2bf6b88b84d27cdf0699d6d18b08a1b36310cdd1
-  SHA256: 11d258e05b850dcc9ecfacccc9486e54bd928aaa3d5e9942696c323fdbd3481b
-  Sections:
-    .text:
-      Entropy: 6.217408305730309
-      Virtual Size: '0x2750'
-    .rdata:
-      Entropy: 4.55489113332384
-      Virtual Size: '0x2f0'
-    .data:
-      Entropy: 0.335842300318532
-      Virtual Size: '0x1e0'
-    INIT:
-      Entropy: 5.41983369153965
-      Virtual Size: '0x3f4'
-    .rsrc:
-      Entropy: 3.3927376128305218
-      Virtual Size: '0x350'
-    .reloc:
-      Entropy: 5.5051908528223255
-      Virtual Size: '0x254'
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=CPUID
-      ValidFrom: '2012-01-06 00:00:00'
-      ValidTo: '2015-02-06 23:59:59'
-      Signature: be6fb3b3b33e9108a9a2273d1cf5eb3209a8c3a86ba7d66069393587f6b451b75b327ea15d36b1604aad5509c0ace37fa66e220b35764b9c201169677738c06802d2f798383c256c690898a663b0aeb519491057f9f24149c513abba2a4cab9934a684e5d83a34105fe6681f2b85d5ee06332d1c05c3627758442fd2fc94f5f68bb30f085cb1d31174e1461394aeef7b124291a099654d1103df3deab81e9658b5b5cc817061d688ae39e702f1d0dd420d6de931bed331960e089233b8576482e48d5b769fdfa8df02e1d098912444b324057826e1f72c26f045b2479a9b39eadfd6b2e1bd6db4057ef6b12ca385cad9a7ad82c4414e619f97dfd08a55f59053
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 53c8b54713882d4d5439511804935e
-      Version: 3
-      TBS:
-        MD5: 49e7946e133b4aaa31899adb235d3fa9
-        SHA1: f9f38ec49a6ccb990805be6dda0efa5f7fe8f7e7
-        SHA256: 1bb998a806b890e3300be35de0daa1b691fa218ef3d58ee5ec1b43fd34250a74
-        SHA384: 0a2ca21b084e3b431a7150c49819934d64a8b259d5686706d879a90cc37d32005eb2bbe07558b312b1169ab8a3e3de39
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 53c8b54713882d4d5439511804935e
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 958dd67f866ae27cf716e30a025b266f
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: dfb8cce9246e17f356504802d14d019d
-    SHA1: 189bedcea5ec5bfc724ff44b4b44958dc450c7db
-    SHA256: 4b5aecfecf26145aadd23f96a1cdfae0bca4e53af215d4bd77bba5dcc5a4479b
-  Company: CPUID
-  Copyright: Copyright(C) 2010 CPUID
-  CreationTimestamp: '2012-03-09 01:56:55'
-  Description: CPUID Driver
-  ExportedFunctions: ''
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Filename: cpuz.sys
-  ImportedFunctions:
-  - RtlAnsiStringToUnicodeString
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeInitializeEvent
-  - RtlInitAnsiString
-  - MmUnmapIoSpace
-  - IoCancelIrp
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - ExFreePoolWithTag
-  - IofCompleteRequest
-  - KeWaitForSingleObject
-  - PsGetVersion
-  - IoCreateSymbolicLink
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - IofCallDriver
-  - KeBugCheckEx
-  - IoDeleteSymbolicLink
-  - IoBuildDeviceIoControlRequest
-  - MmMapIoSpace
-  - ExAllocatePoolWithTag
-  - RtlUnwindEx
-  - HalSetBusDataByOffset
-  - KeStallExecutionProcessor
-  - HalGetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: cpuz.sys
-  MD5: 75dbd5db9892d7451d0429bec1aabe1a
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: cpuz.sys
-  Product: CPUID service
-  ProductVersion: 6.1.7600.16385
-  RichPEHeaderHash:
-    MD5: 685a19a8e9f46a76067db83da501dca0
-    SHA1: 5f76e4cf5157450837536db016e9981cb41394d2
-    SHA256: 1a0c69ff029488d41c7d9413943c28d389016adb26698d9baf02c6f32739d591
-  SHA1: c05df2e56e05b97e3ca8c6a61865cae722ed3066
-  SHA256: 19696fb0db3fcae22f705ae1eb1e9f1151c823f3ff5d8857e90f2a4a6fdc5758
-  Sections:
-    .text:
-      Entropy: 6.207830883313713
-      Virtual Size: '0x25d6'
-    .rdata:
-      Entropy: 4.172824067374571
-      Virtual Size: '0x3ec'
-    .data:
-      Entropy: 0.378703493487675
-      Virtual Size: '0x2c0'
-    .pdata:
-      Entropy: 3.503621523339014
-      Virtual Size: '0xc0'
-    INIT:
-      Entropy: 5.076575853289
-      Virtual Size: '0x406'
-    .rsrc:
-      Entropy: 3.3943730160709853
-      Virtual Size: '0x350'
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=CPUID
-      ValidFrom: '2012-01-06 00:00:00'
-      ValidTo: '2015-02-06 23:59:59'
-      Signature: be6fb3b3b33e9108a9a2273d1cf5eb3209a8c3a86ba7d66069393587f6b451b75b327ea15d36b1604aad5509c0ace37fa66e220b35764b9c201169677738c06802d2f798383c256c690898a663b0aeb519491057f9f24149c513abba2a4cab9934a684e5d83a34105fe6681f2b85d5ee06332d1c05c3627758442fd2fc94f5f68bb30f085cb1d31174e1461394aeef7b124291a099654d1103df3deab81e9658b5b5cc817061d688ae39e702f1d0dd420d6de931bed331960e089233b8576482e48d5b769fdfa8df02e1d098912444b324057826e1f72c26f045b2479a9b39eadfd6b2e1bd6db4057ef6b12ca385cad9a7ad82c4414e619f97dfd08a55f59053
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 53c8b54713882d4d5439511804935e
-      Version: 3
-      TBS:
-        MD5: 49e7946e133b4aaa31899adb235d3fa9
-        SHA1: f9f38ec49a6ccb990805be6dda0efa5f7fe8f7e7
-        SHA256: 1bb998a806b890e3300be35de0daa1b691fa218ef3d58ee5ec1b43fd34250a74
-        SHA384: 0a2ca21b084e3b431a7150c49819934d64a8b259d5686706d879a90cc37d32005eb2bbe07558b312b1169ab8a3e3de39
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 53c8b54713882d4d5439511804935e
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 82942c060f79cefd3bf1acdf5c207561
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 97861c7d308c22f4db08d08ce912fced
-    SHA1: 368c63d2f393ef65f8107d175174e9eaa13d993e
-    SHA256: 3966d4b1e4f5442b8507f91b6dbde3523657b47fd2945d990249605727d231ec
-  Company: CPUID
-  Copyright: Copyright(C) 2012 CPUID
-  CreationTimestamp: '2012-10-27 11:24:41'
-  Description: CPUID Driver
-  ExportedFunctions: ''
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Filename: cpuz.sys
-  ImportedFunctions:
-  - RtlAnsiStringToUnicodeString
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeInitializeEvent
-  - RtlInitAnsiString
-  - MmUnmapIoSpace
-  - IoCancelIrp
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - ExFreePoolWithTag
-  - IofCompleteRequest
-  - KeWaitForSingleObject
-  - PsGetVersion
-  - IoCreateSymbolicLink
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - IofCallDriver
-  - KeBugCheckEx
-  - IoDeleteSymbolicLink
-  - IoBuildDeviceIoControlRequest
-  - MmMapIoSpace
-  - ExAllocatePoolWithTag
-  - RtlUnwindEx
-  - HalSetBusDataByOffset
-  - KeStallExecutionProcessor
-  - HalGetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: cpuz.sys
-  MD5: fe820a5f99b092c3660762c6fc6c64e0
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: cpuz.sys
-  Product: CPUID service
-  ProductVersion: 6.1.7600.16385
-  RichPEHeaderHash:
-    MD5: 685a19a8e9f46a76067db83da501dca0
-    SHA1: 5f76e4cf5157450837536db016e9981cb41394d2
-    SHA256: 1a0c69ff029488d41c7d9413943c28d389016adb26698d9baf02c6f32739d591
-  SHA1: fad8e308f6d2e6a9cfaf9e6189335126a3c69acb
-  SHA256: 1e16a01ef44e4c56e87abfbe03b2989b0391b172c3ec162783ad640be65ab961
-  Sections:
-    .text:
-      Entropy: 6.181674969781746
-      Virtual Size: '0x2536'
-    .rdata:
-      Entropy: 4.160071293394142
-      Virtual Size: '0x3d4'
-    .data:
-      Entropy: 0.378703493487675
-      Virtual Size: '0x2c0'
-    .pdata:
-      Entropy: 3.4970531643346394
-      Virtual Size: '0xc0'
-    INIT:
-      Entropy: 5.076575853289
-      Virtual Size: '0x406'
-    .rsrc:
-      Entropy: 3.3935766621226473
-      Virtual Size: '0x350'
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G3
-      ValidFrom: '2012-05-01 00:00:00'
-      ValidTo: '2012-12-31 23:59:59'
-      Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
-      Version: 3
-      TBS:
-        MD5: e6d820afb23af20a65cf0b03247ea05e
-        SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
-        SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
-        SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=CPUID
-      ValidFrom: '2012-01-06 00:00:00'
-      ValidTo: '2015-02-06 23:59:59'
-      Signature: be6fb3b3b33e9108a9a2273d1cf5eb3209a8c3a86ba7d66069393587f6b451b75b327ea15d36b1604aad5509c0ace37fa66e220b35764b9c201169677738c06802d2f798383c256c690898a663b0aeb519491057f9f24149c513abba2a4cab9934a684e5d83a34105fe6681f2b85d5ee06332d1c05c3627758442fd2fc94f5f68bb30f085cb1d31174e1461394aeef7b124291a099654d1103df3deab81e9658b5b5cc817061d688ae39e702f1d0dd420d6de931bed331960e089233b8576482e48d5b769fdfa8df02e1d098912444b324057826e1f72c26f045b2479a9b39eadfd6b2e1bd6db4057ef6b12ca385cad9a7ad82c4414e619f97dfd08a55f59053
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 53c8b54713882d4d5439511804935e
-      Version: 3
-      TBS:
-        MD5: 49e7946e133b4aaa31899adb235d3fa9
-        SHA1: f9f38ec49a6ccb990805be6dda0efa5f7fe8f7e7
-        SHA256: 1bb998a806b890e3300be35de0daa1b691fa218ef3d58ee5ec1b43fd34250a74
-        SHA384: 0a2ca21b084e3b431a7150c49819934d64a8b259d5686706d879a90cc37d32005eb2bbe07558b312b1169ab8a3e3de39
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 53c8b54713882d4d5439511804935e
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 82942c060f79cefd3bf1acdf5c207561
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 7c8e917e5adba8b20bea898d4b966c6c
-    SHA1: 570496ebc3c4010b48c3703652fdfcb60352798b
-    SHA256: 98c86fcf018822289340d248f5e2896c41ad0f284febb741b945312ff40bdfa3
-  Company: CPUID
-  Copyright: Copyright(C) 2010 CPUID
-  CreationTimestamp: '2010-11-09 06:33:36'
-  Description: CPUID Driver
-  ExportedFunctions: ''
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Filename: cpuz.sys
-  ImportedFunctions:
-  - RtlAnsiStringToUnicodeString
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeInitializeEvent
-  - RtlInitAnsiString
-  - MmUnmapIoSpace
-  - IoCancelIrp
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - ExFreePoolWithTag
-  - IofCompleteRequest
-  - KeWaitForSingleObject
-  - PsGetVersion
-  - IoCreateSymbolicLink
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - IofCallDriver
-  - KeBugCheckEx
-  - IoDeleteSymbolicLink
-  - IoBuildDeviceIoControlRequest
-  - MmMapIoSpace
-  - ExAllocatePoolWithTag
-  - RtlUnwindEx
-  - HalSetBusDataByOffset
-  - KeStallExecutionProcessor
-  - HalGetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: cpuz.sys
-  MD5: 262969a3fab32b9e17e63e2d17a57744
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: cpuz.sys
-  Product: CPUID service
-  ProductVersion: 6.1.7600.16385
-  RichPEHeaderHash:
-    MD5: 685a19a8e9f46a76067db83da501dca0
-    SHA1: 5f76e4cf5157450837536db016e9981cb41394d2
-    SHA256: 1a0c69ff029488d41c7d9413943c28d389016adb26698d9baf02c6f32739d591
-  SHA1: 363b907c3b4f37968e9c8e1b7eeca5a5c5d530f8
-  SHA256: 1ee59eb28688e73d10838c66e0d8e011c8df45b6b43a4ac5d0b75795ca3eb512
-  Sections:
-    .text:
-      Entropy: 6.190718841242454
-      Virtual Size: '0x2416'
-    .rdata:
-      Entropy: 4.183312032190414
-      Virtual Size: '0x3ec'
-    .data:
-      Entropy: 0.378703493487675
-      Virtual Size: '0x2c0'
-    .pdata:
-      Entropy: 3.53594863841985
-      Virtual Size: '0xc0'
-    INIT:
-      Entropy: 5.076575853289
-      Virtual Size: '0x406'
-    .rsrc:
-      Entropy: 3.3943730160709853
-      Virtual Size: '0x350'
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=CPUID
-      ValidFrom: '2009-02-02 00:00:00'
-      ValidTo: '2012-02-07 23:59:59'
-      Signature: 9a9bbecb393272aaedfd7a125e0fe581151a18a75a4094e082a38156f62018b9d59edef27429bbea60d6e146a2ce134546d54e00b6585c1d85e3aedfb3b9a5de7728a96b2bcc26106655bae6bc5ce3a72714f9e23282a2fba29fc870b394e832f07dc50ded3a042953fe91379769e424398278b6ed14ae4f6b4cce5fa7ba20fc8d157a78fd308214d177189bcd76b2bd62a861a8c1562e2748f338f7369f0f062804685399a6655fcb4564a644e7a8bee8330557376884cce9153992e8e205bc1474dbd0109b3c87991db9bb77a9dff5775267390431ce56ff49500d8ad70be34a0d9a0b112e07eb55f0fe07de9ac93a0b30cb36029b5ec41e032daf66627d4e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
-      Version: 3
-      TBS:
-        MD5: fb72fa311261c4fb6a786e5cc7ce1d2f
-        SHA1: 1006abcf3b1eb43fd4cc42a2cc25346b3b9002c3
-        SHA256: 01beb7dc0d29b16a5506fc611b435aa0f4d9c50408ca404e91135e493a20890a
-        SHA384: 759175ad5a7509fc3ea3678d14e568abd0edeb753b53af88af04869bea98a07314b88c26de077ab3bdb6dbb1df1b93f9
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  Imphash: 82942c060f79cefd3bf1acdf5c207561
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 93bf28533aa6e63dc8b80b998b0814af
-    SHA1: 413ed5609215f4a6cee3b7b357eb594902a817f5
-    SHA256: 1399e65aa55c898a6cd5fb32d4b19f5bbaf69c56c1383963c99b7a0804eb0203
-  Company: Windows (R) Win 7 DDK provider
-  Copyright: "\xA9 Microsoft Corporation. All rights reserved."
-  CreationTimestamp: '2010-07-09 05:16:58'
-  Description: CPUID Driver
-  ExportedFunctions: ''
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Filename: cpuz.sys
-  ImportedFunctions:
-  - RtlAnsiStringToUnicodeString
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeInitializeEvent
-  - RtlInitAnsiString
-  - MmUnmapIoSpace
-  - IoCancelIrp
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - ExFreePoolWithTag
-  - IofCompleteRequest
-  - KeWaitForSingleObject
-  - PsGetVersion
-  - IoCreateSymbolicLink
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - IofCallDriver
-  - KeBugCheckEx
-  - IoDeleteSymbolicLink
-  - IoBuildDeviceIoControlRequest
-  - MmMapIoSpace
-  - ExAllocatePoolWithTag
-  - RtlUnwindEx
-  - HalSetBusDataByOffset
-  - KeStallExecutionProcessor
-  - HalGetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: cpuz.sys
-  MD5: 17719a7f571d4cd08223f0b30f71b8b8
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: cpuz.sys
-  Product: Windows (R) Win 7 DDK driver
-  ProductVersion: 6.1.7600.16385
-  RichPEHeaderHash:
-    MD5: 89dc670b5f7c06b577deeec9473dc96b
-    SHA1: af59c00ae531117ba9307257ab945cdf6c8309f6
-    SHA256: 35b9d8fc904c88f4df237edc610727f89c415e48bcf135191c43832bb2935ba6
-  SHA1: f9c916d163b85057414300ca214ebdf751172ecf
-  SHA256: 1f4d4db4abe26e765a33afb2501ac134d14cadeaa74ae8a0fae420e4ecf58e0c
-  Sections:
-    .text:
-      Entropy: 6.182386482362877
-      Virtual Size: '0x2256'
-    .rdata:
-      Entropy: 4.258631853520521
-      Virtual Size: '0x3d0'
-    .data:
-      Entropy: 0.378703493487675
-      Virtual Size: '0x2c0'
-    .pdata:
-      Entropy: 3.4326961450392584
-      Virtual Size: '0x90'
-    INIT:
-      Entropy: 5.067835669413665
-      Virtual Size: '0x406'
-    .rsrc:
-      Entropy: 3.4148190207283133
-      Virtual Size: '0x3d0'
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=CPUID
-      ValidFrom: '2009-02-02 00:00:00'
-      ValidTo: '2012-02-07 23:59:59'
-      Signature: 9a9bbecb393272aaedfd7a125e0fe581151a18a75a4094e082a38156f62018b9d59edef27429bbea60d6e146a2ce134546d54e00b6585c1d85e3aedfb3b9a5de7728a96b2bcc26106655bae6bc5ce3a72714f9e23282a2fba29fc870b394e832f07dc50ded3a042953fe91379769e424398278b6ed14ae4f6b4cce5fa7ba20fc8d157a78fd308214d177189bcd76b2bd62a861a8c1562e2748f338f7369f0f062804685399a6655fcb4564a644e7a8bee8330557376884cce9153992e8e205bc1474dbd0109b3c87991db9bb77a9dff5775267390431ce56ff49500d8ad70be34a0d9a0b112e07eb55f0fe07de9ac93a0b30cb36029b5ec41e032daf66627d4e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
-      Version: 3
-      TBS:
-        MD5: fb72fa311261c4fb6a786e5cc7ce1d2f
-        SHA1: 1006abcf3b1eb43fd4cc42a2cc25346b3b9002c3
-        SHA256: 01beb7dc0d29b16a5506fc611b435aa0f4d9c50408ca404e91135e493a20890a
-        SHA384: 759175ad5a7509fc3ea3678d14e568abd0edeb753b53af88af04869bea98a07314b88c26de077ab3bdb6dbb1df1b93f9
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  Imphash: 82942c060f79cefd3bf1acdf5c207561
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 9328ac41d0afb80914780b9474c0bca0
-    SHA1: e8f4f4e2a672d845d897f36646d8339597135050
-    SHA256: c0ed71b491aec860932fe92e5527ef444d537b396186ac839d5ed0884cfcaf0c
-  Company: CPUID
-  Copyright: Copyright(C) 2014 CPUID
-  CreationTimestamp: '2014-10-06 04:26:29'
-  Description: CPUID Driver
-  ExportedFunctions: ''
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Filename: cpuz.sys
-  ImportedFunctions:
-  - RtlAnsiStringToUnicodeString
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeInitializeEvent
-  - RtlInitAnsiString
-  - MmUnmapIoSpace
-  - IoCancelIrp
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - ExFreePoolWithTag
-  - IofCompleteRequest
-  - KeWaitForSingleObject
-  - PsGetVersion
-  - IoCreateSymbolicLink
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - IofCallDriver
-  - KeBugCheckEx
-  - IoDeleteSymbolicLink
-  - IoBuildDeviceIoControlRequest
-  - MmMapIoSpace
-  - ExAllocatePoolWithTag
-  - RtlUnwindEx
-  - HalSetBusDataByOffset
-  - KeStallExecutionProcessor
-  - HalGetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: cpuz.sys
-  MD5: 21be10f66bb65c1d406407faa0b9ba95
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: cpuz.sys
-  Product: CPUID service
-  ProductVersion: 6.1.7600.16385
-  RichPEHeaderHash:
-    MD5: c046d6f14ec39d2a0f67a417bda83c5e
-    SHA1: 74661f1063b4c80566f75a1bee22c35f7af17fa9
-    SHA256: 440eebbdc09d290724d364056ba4e2725c75759819a6df0a1ed5c876ed7d2474
-  SHA1: 86e59b17272a3e7d9976c980ded939bf8bf75069
-  SHA256: 2101d5e80e92c55ecfd8c24fcf2202a206a4fd70195a1378f88c4cc04d336f22
-  Sections:
-    .text:
-      Entropy: 6.184959788800412
-      Virtual Size: '0x3046'
-    .rdata:
-      Entropy: 4.1967199978388665
-      Virtual Size: '0x434'
-    .data:
-      Entropy: 0.378703493487675
-      Virtual Size: '0x2c0'
-    .pdata:
-      Entropy: 3.61540303809267
-      Virtual Size: '0xd8'
-    INIT:
-      Entropy: 5.133048134973059
-      Virtual Size: '0x406'
-    .rsrc:
-      Entropy: 3.3971374522271924
-      Virtual Size: '0x350'
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=CPUID
-      ValidFrom: '2012-01-06 00:00:00'
-      ValidTo: '2015-02-06 23:59:59'
-      Signature: be6fb3b3b33e9108a9a2273d1cf5eb3209a8c3a86ba7d66069393587f6b451b75b327ea15d36b1604aad5509c0ace37fa66e220b35764b9c201169677738c06802d2f798383c256c690898a663b0aeb519491057f9f24149c513abba2a4cab9934a684e5d83a34105fe6681f2b85d5ee06332d1c05c3627758442fd2fc94f5f68bb30f085cb1d31174e1461394aeef7b124291a099654d1103df3deab81e9658b5b5cc817061d688ae39e702f1d0dd420d6de931bed331960e089233b8576482e48d5b769fdfa8df02e1d098912444b324057826e1f72c26f045b2479a9b39eadfd6b2e1bd6db4057ef6b12ca385cad9a7ad82c4414e619f97dfd08a55f59053
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 53c8b54713882d4d5439511804935e
-      Version: 3
-      TBS:
-        MD5: 49e7946e133b4aaa31899adb235d3fa9
-        SHA1: f9f38ec49a6ccb990805be6dda0efa5f7fe8f7e7
-        SHA256: 1bb998a806b890e3300be35de0daa1b691fa218ef3d58ee5ec1b43fd34250a74
-        SHA384: 0a2ca21b084e3b431a7150c49819934d64a8b259d5686706d879a90cc37d32005eb2bbe07558b312b1169ab8a3e3de39
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 53c8b54713882d4d5439511804935e
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 82942c060f79cefd3bf1acdf5c207561
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 92c5a8d936bb2ef7802aaa15c877e866
-    SHA1: 340024982f9ad5c2722bab8cddec9d32f0efdc7c
-    SHA256: 313a69d8eea6a933cffac0fa67d46ad9aef0815bb579fce7623d9be825888e30
-  Company: CPUID
-  Copyright: Copyright(C) 2013 CPUID
-  CreationTimestamp: '2013-11-27 03:33:59'
-  Description: CPUID Driver
-  ExportedFunctions: ''
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Filename: cpuz.sys
-  ImportedFunctions:
-  - RtlAnsiStringToUnicodeString
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeInitializeEvent
-  - RtlInitAnsiString
-  - MmUnmapIoSpace
-  - IoCancelIrp
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - ExFreePoolWithTag
-  - IofCompleteRequest
-  - KeWaitForSingleObject
-  - PsGetVersion
-  - IoCreateSymbolicLink
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - IofCallDriver
-  - KeBugCheckEx
-  - IoDeleteSymbolicLink
-  - IoBuildDeviceIoControlRequest
-  - MmMapIoSpace
-  - ExAllocatePoolWithTag
-  - RtlUnwindEx
-  - HalSetBusDataByOffset
-  - KeStallExecutionProcessor
-  - HalGetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: cpuz.sys
-  MD5: 4885e1bf1971c8fa9e7686fd5199f500
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: cpuz.sys
-  Product: CPUID service
-  ProductVersion: 6.1.7600.16385
-  RichPEHeaderHash:
-    MD5: 685a19a8e9f46a76067db83da501dca0
-    SHA1: 5f76e4cf5157450837536db016e9981cb41394d2
-    SHA256: 1a0c69ff029488d41c7d9413943c28d389016adb26698d9baf02c6f32739d591
-  SHA1: 388068adc9ec46a0bbc8173bcb0d5f9cf8af6ea5
-  SHA256: 26e3bfef255efd052a84c3c43994c73222b14c95db9a4b1fc2e98f1a5cb26e43
-  Sections:
-    .text:
-      Entropy: 6.189630683612354
-      Virtual Size: '0x2c76'
-    .rdata:
-      Entropy: 4.1481713750399685
-      Virtual Size: '0x414'
-    .data:
-      Entropy: 0.378703493487675
-      Virtual Size: '0x2c0'
-    .pdata:
-      Entropy: 3.5274875201903875
-      Virtual Size: '0xc0'
-    INIT:
-      Entropy: 5.076575853289
-      Virtual Size: '0x406'
-    .rsrc:
-      Entropy: 3.3935766621226473
-      Virtual Size: '0x350'
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=CPUID
-      ValidFrom: '2012-01-06 00:00:00'
-      ValidTo: '2015-02-06 23:59:59'
-      Signature: be6fb3b3b33e9108a9a2273d1cf5eb3209a8c3a86ba7d66069393587f6b451b75b327ea15d36b1604aad5509c0ace37fa66e220b35764b9c201169677738c06802d2f798383c256c690898a663b0aeb519491057f9f24149c513abba2a4cab9934a684e5d83a34105fe6681f2b85d5ee06332d1c05c3627758442fd2fc94f5f68bb30f085cb1d31174e1461394aeef7b124291a099654d1103df3deab81e9658b5b5cc817061d688ae39e702f1d0dd420d6de931bed331960e089233b8576482e48d5b769fdfa8df02e1d098912444b324057826e1f72c26f045b2479a9b39eadfd6b2e1bd6db4057ef6b12ca385cad9a7ad82c4414e619f97dfd08a55f59053
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 53c8b54713882d4d5439511804935e
-      Version: 3
-      TBS:
-        MD5: 49e7946e133b4aaa31899adb235d3fa9
-        SHA1: f9f38ec49a6ccb990805be6dda0efa5f7fe8f7e7
-        SHA256: 1bb998a806b890e3300be35de0daa1b691fa218ef3d58ee5ec1b43fd34250a74
-        SHA384: 0a2ca21b084e3b431a7150c49819934d64a8b259d5686706d879a90cc37d32005eb2bbe07558b312b1169ab8a3e3de39
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 53c8b54713882d4d5439511804935e
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 82942c060f79cefd3bf1acdf5c207561
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 654f9a768f518e632c99309bd4c1145b
-    SHA1: a5f086835d7c2883ad8d985772d02a9a8815bcbb
-    SHA256: d4e93f592a8342b0eb582d24a114348ce40ecb3c1e7b238d731b02e17d5aae7d
-  Company: CPUID
-  Copyright: Copyright(C) 2012 CPUID
-  CreationTimestamp: '2013-05-10 06:42:51'
-  Description: CPUID Driver
-  ExportedFunctions: ''
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Filename: cpuz.sys
-  ImportedFunctions:
-  - RtlAnsiStringToUnicodeString
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeInitializeEvent
-  - RtlInitAnsiString
-  - MmUnmapIoSpace
-  - IoCancelIrp
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - ExFreePoolWithTag
-  - IofCompleteRequest
-  - KeWaitForSingleObject
-  - PsGetVersion
-  - IoCreateSymbolicLink
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - IofCallDriver
-  - KeBugCheckEx
-  - IoDeleteSymbolicLink
-  - IoBuildDeviceIoControlRequest
-  - MmMapIoSpace
-  - ExAllocatePoolWithTag
-  - RtlUnwindEx
-  - HalSetBusDataByOffset
-  - KeStallExecutionProcessor
-  - HalGetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: cpuz.sys
-  MD5: ab4ee84e09b09012ac86d3a875af9d43
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: cpuz.sys
-  Product: CPUID service
-  ProductVersion: 6.1.7600.16385
-  RichPEHeaderHash:
-    MD5: 685a19a8e9f46a76067db83da501dca0
-    SHA1: 5f76e4cf5157450837536db016e9981cb41394d2
-    SHA256: 1a0c69ff029488d41c7d9413943c28d389016adb26698d9baf02c6f32739d591
-  SHA1: 3c81cdfd99d91c7c9de7921607be12233ed0dfd8
-  SHA256: 2a6db9facf9e13d35c37dd468be04bae5f70c6127a9aee76daebddbdec95d486
-  Sections:
-    .text:
-      Entropy: 6.190388157802366
-      Virtual Size: '0x2616'
-    .rdata:
-      Entropy: 4.158462162346533
-      Virtual Size: '0x3d4'
-    .data:
-      Entropy: 0.378703493487675
-      Virtual Size: '0x2c0'
-    .pdata:
-      Entropy: 3.501505002731896
-      Virtual Size: '0xc0'
-    INIT:
-      Entropy: 5.076575853289
-      Virtual Size: '0x406'
-    .rsrc:
-      Entropy: 3.3935766621226473
-      Virtual Size: '0x350'
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=CPUID
-      ValidFrom: '2012-01-06 00:00:00'
-      ValidTo: '2015-02-06 23:59:59'
-      Signature: be6fb3b3b33e9108a9a2273d1cf5eb3209a8c3a86ba7d66069393587f6b451b75b327ea15d36b1604aad5509c0ace37fa66e220b35764b9c201169677738c06802d2f798383c256c690898a663b0aeb519491057f9f24149c513abba2a4cab9934a684e5d83a34105fe6681f2b85d5ee06332d1c05c3627758442fd2fc94f5f68bb30f085cb1d31174e1461394aeef7b124291a099654d1103df3deab81e9658b5b5cc817061d688ae39e702f1d0dd420d6de931bed331960e089233b8576482e48d5b769fdfa8df02e1d098912444b324057826e1f72c26f045b2479a9b39eadfd6b2e1bd6db4057ef6b12ca385cad9a7ad82c4414e619f97dfd08a55f59053
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 53c8b54713882d4d5439511804935e
-      Version: 3
-      TBS:
-        MD5: 49e7946e133b4aaa31899adb235d3fa9
-        SHA1: f9f38ec49a6ccb990805be6dda0efa5f7fe8f7e7
-        SHA256: 1bb998a806b890e3300be35de0daa1b691fa218ef3d58ee5ec1b43fd34250a74
-        SHA384: 0a2ca21b084e3b431a7150c49819934d64a8b259d5686706d879a90cc37d32005eb2bbe07558b312b1169ab8a3e3de39
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 53c8b54713882d4d5439511804935e
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 82942c060f79cefd3bf1acdf5c207561
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 4c2f42ab19a70ee6a2cb936329b34aff
-    SHA1: 742a9fc918c7bb2b1707412c703d7b7674ed1094
-    SHA256: fd8d61102719afb0b8a230d9e8c372af3396bec4a6d72aada42a1f1d36187751
-  Company: Windows (R) Win 7 DDK provider
-  Copyright: "\xA9 Microsoft Corporation. All rights reserved."
-  CreationTimestamp: '2010-05-11 03:59:25'
-  Description: CPUID Driver
-  ExportedFunctions: ''
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Filename: cpuz.sys
-  ImportedFunctions:
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - RtlFreeUnicodeString
-  - ObfDereferenceObject
-  - MmIsAddressValid
-  - IoGetDeviceObjectPointer
-  - RtlAnsiStringToUnicodeString
-  - IofCompleteRequest
-  - MmMapIoSpace
-  - ProbeForWrite
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeTickCount
-  - KeBugCheckEx
-  - MmUnmapIoSpace
-  - RtlInitUnicodeString
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - PsGetVersion
-  - KeInitializeEvent
-  - IoBuildDeviceIoControlRequest
-  - IofCallDriver
-  - RtlInitAnsiString
-  - KeWaitForSingleObject
-  - RtlUnwind
-  - READ_PORT_USHORT
-  - READ_PORT_ULONG
-  - WRITE_PORT_UCHAR
-  - WRITE_PORT_USHORT
-  - WRITE_PORT_ULONG
-  - HalGetBusDataByOffset
-  - HalSetBusDataByOffset
-  - KeStallExecutionProcessor
-  - READ_PORT_UCHAR
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: cpuz.sys
-  MD5: 743c403d20a89db5ed84c874768b7119
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: cpuz.sys
-  Product: Windows (R) Win 7 DDK driver
-  ProductVersion: 6.1.7600.16385
-  RichPEHeaderHash:
-    MD5: 4ba73072bea66755a70f3a8c99951424
-    SHA1: d9ce039d736544c2d9b7fe44460d8e006a5c62f0
-    SHA256: 3b45bc2da9543317e7a22486f86a3f8c0eb289596d1d7661b47e35e99058861f
-  SHA1: dc8fa4648c674e3a7148dd8e8c35f668a3701a52
-  SHA256: 2a9d481ffdc5c1e2cb50cf078be32be06b21f6e2b38e90e008edfc8c4f2a9c4e
-  Sections:
-    .text:
-      Entropy: 6.221169838993626
-      Virtual Size: '0x2030'
-    .rdata:
-      Entropy: 4.564029507184391
-      Virtual Size: '0x2ec'
-    .data:
-      Entropy: 0.22396935932252834
-      Virtual Size: '0x1c0'
-    INIT:
-      Entropy: 5.46954214905682
-      Virtual Size: '0x3fc'
-    .rsrc:
-      Entropy: 3.413813063110847
-      Virtual Size: '0x3d0'
-    .reloc:
-      Entropy: 5.666994611221042
-      Virtual Size: '0x210'
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=CPUID
-      ValidFrom: '2009-02-02 00:00:00'
-      ValidTo: '2012-02-07 23:59:59'
-      Signature: 9a9bbecb393272aaedfd7a125e0fe581151a18a75a4094e082a38156f62018b9d59edef27429bbea60d6e146a2ce134546d54e00b6585c1d85e3aedfb3b9a5de7728a96b2bcc26106655bae6bc5ce3a72714f9e23282a2fba29fc870b394e832f07dc50ded3a042953fe91379769e424398278b6ed14ae4f6b4cce5fa7ba20fc8d157a78fd308214d177189bcd76b2bd62a861a8c1562e2748f338f7369f0f062804685399a6655fcb4564a644e7a8bee8330557376884cce9153992e8e205bc1474dbd0109b3c87991db9bb77a9dff5775267390431ce56ff49500d8ad70be34a0d9a0b112e07eb55f0fe07de9ac93a0b30cb36029b5ec41e032daf66627d4e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
-      Version: 3
-      TBS:
-        MD5: fb72fa311261c4fb6a786e5cc7ce1d2f
-        SHA1: 1006abcf3b1eb43fd4cc42a2cc25346b3b9002c3
-        SHA256: 01beb7dc0d29b16a5506fc611b435aa0f4d9c50408ca404e91135e493a20890a
-        SHA384: 759175ad5a7509fc3ea3678d14e568abd0edeb753b53af88af04869bea98a07314b88c26de077ab3bdb6dbb1df1b93f9
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  Imphash: 744af2b62301859b4ccdffba53551b15
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: a85d9912baf9994b0fabf924f6a66e9b
-    SHA1: 04defcae6548e92ea76bd7069a672a7e1067b995
-    SHA256: d1c71a98e10105faa0814fec3544474d86ae0e8f88efd77798a716adad3994a2
-  Company: Windows (R) Codename Longhorn DDK provider
-  Copyright: "\xA9 Microsoft Corporation. All rights reserved."
-  CreationTimestamp: '2009-03-07 03:03:14'
-  Description: CPUID Driver
-  ExportedFunctions: ''
-  FileVersion: '6.0.6000.16386 built by: WinDDK'
-  Filename: cpuz.sys
-  ImportedFunctions:
-  - IoDeleteSymbolicLink
-  - IoCreateSymbolicLink
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - RtlAnsiStringToUnicodeString
-  - RtlFreeUnicodeString
-  - IoCreateDevice
-  - IofCallDriver
-  - IoGetDeviceObjectPointer
-  - IoBuildDeviceIoControlRequest
-  - IoDeleteDevice
-  - ProbeForWrite
-  - MmMapIoSpace
-  - KeInitializeEvent
-  - RtlInitAnsiString
-  - IofCompleteRequest
-  - KeWaitForSingleObject
-  - KeBugCheckEx
-  - MmUnmapIoSpace
-  - RtlInitUnicodeString
-  - PsGetVersion
-  - RtlUnwindEx
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: cpuz.sys
-  MD5: e0bfbdf3793ea2742c03f5a82cb305a5
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: cpuz.sys
-  Product: Windows (R) Codename Longhorn DDK driver
-  ProductVersion: 6.0.6000.16386
-  RichPEHeaderHash:
-    MD5: a4919ba9bce5fa10c0659fe35e106bff
-    SHA1: c9062199c8b03518cf06dcc7212ff3c1ffbf0452
-    SHA256: f6f4beb34371f4eec6c80a94046382a70864524606df3fdcf4d08fe9ddacc1af
-  SHA1: a6a71fb4f91080aff2a3a42811b4bd86fb22168d
-  SHA256: 2ef7df384e93951893b65500dac6ee09da6b8fe9128326caad41b8be4da49a1e
-  Sections:
-    .text:
-      Entropy: 6.139220942185034
-      Virtual Size: '0x1da6'
-    .rdata:
-      Entropy: 4.302697981700664
-      Virtual Size: '0x394'
-    .data:
-      Entropy: 0.378703493487675
-      Virtual Size: '0x2c0'
-    .pdata:
-      Entropy: 3.3507319703399823
-      Virtual Size: '0x84'
-    INIT:
-      Entropy: 4.945456847123696
-      Virtual Size: '0x388'
-    .rsrc:
-      Entropy: 3.393742999677783
-      Virtual Size: '0x400'
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=CPUID
-      ValidFrom: '2009-02-02 00:00:00'
-      ValidTo: '2012-02-07 23:59:59'
-      Signature: 9a9bbecb393272aaedfd7a125e0fe581151a18a75a4094e082a38156f62018b9d59edef27429bbea60d6e146a2ce134546d54e00b6585c1d85e3aedfb3b9a5de7728a96b2bcc26106655bae6bc5ce3a72714f9e23282a2fba29fc870b394e832f07dc50ded3a042953fe91379769e424398278b6ed14ae4f6b4cce5fa7ba20fc8d157a78fd308214d177189bcd76b2bd62a861a8c1562e2748f338f7369f0f062804685399a6655fcb4564a644e7a8bee8330557376884cce9153992e8e205bc1474dbd0109b3c87991db9bb77a9dff5775267390431ce56ff49500d8ad70be34a0d9a0b112e07eb55f0fe07de9ac93a0b30cb36029b5ec41e032daf66627d4e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
-      Version: 3
-      TBS:
-        MD5: fb72fa311261c4fb6a786e5cc7ce1d2f
-        SHA1: 1006abcf3b1eb43fd4cc42a2cc25346b3b9002c3
-        SHA256: 01beb7dc0d29b16a5506fc611b435aa0f4d9c50408ca404e91135e493a20890a
-        SHA384: 759175ad5a7509fc3ea3678d14e568abd0edeb753b53af88af04869bea98a07314b88c26de077ab3bdb6dbb1df1b93f9
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  Imphash: cb8db41ab8c06472574e58b9466f4070
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: b1113bc5a8f67468ae6e0183c60be10a
-    SHA1: bbea7d9b8672ca30c6a8f49e913f110720d4753c
-    SHA256: 55e3b977402be076bfafe332a3fb29ddb6b02edf932d02e963df09adbe89eb91
-  Company: CPUID
-  Copyright: Copyright(C) 2017 CPUID
-  CreationTimestamp: '2017-04-24 05:12:14'
-  Description: CPUID Driver
-  ExportedFunctions: ''
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Filename: cpuz.sys
-  ImportedFunctions:
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeInitializeEvent
-  - RtlInitAnsiString
-  - MmUnmapIoSpace
-  - IoCancelIrp
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - RtlAnsiStringToUnicodeString
-  - IofCompleteRequest
-  - KeWaitForSingleObject
-  - PsGetVersion
-  - IoCreateSymbolicLink
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - IofCallDriver
-  - KeBugCheckEx
-  - ExFreePoolWithTag
-  - IoDeleteSymbolicLink
-  - IoBuildDeviceIoControlRequest
-  - MmMapIoSpace
-  - ExAllocatePoolWithTag
-  - RtlUnwindEx
-  - HalGetBusDataByOffset
-  - HalSetBusDataByOffset
-  - KeStallExecutionProcessor
-  - KeQueryPerformanceCounter
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: cpuz.sys
-  MD5: 22ca5fe8fb0e5e22e6fb0848108c03f4
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: cpuz.sys
-  Product: CPUID service
-  ProductVersion: 6.1.7600.16385
-  RichPEHeaderHash:
-    MD5: c046d6f14ec39d2a0f67a417bda83c5e
-    SHA1: 74661f1063b4c80566f75a1bee22c35f7af17fa9
-    SHA256: 440eebbdc09d290724d364056ba4e2725c75759819a6df0a1ed5c876ed7d2474
-  SHA1: bec66e0a4842048c25732f7ea2bbe989ea400abf
-  SHA256: 34bee22c18ddbddbe115cf1ab55cabf0e482aba1eb2c343153577fb24b7226d3
-  Sections:
-    .text:
-      Entropy: 6.167627326915935
-      Virtual Size: '0x4536'
-    .rdata:
-      Entropy: 4.195082406902852
-      Virtual Size: '0x534'
-    .data:
-      Entropy: 0.378703493487675
-      Virtual Size: '0x440'
-    .pdata:
-      Entropy: 3.6289632983036624
-      Virtual Size: '0xfc'
-    INIT:
-      Entropy: 5.132100585029012
-      Virtual Size: '0x40e'
-    .rsrc:
-      Entropy: 3.394946071861716
-      Virtual Size: '0x350'
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, CN=CPUID
-      ValidFrom: '2014-12-02 00:00:00'
-      ValidTo: '2018-03-02 23:59:59'
-      Signature: a59808b35f916a1201f0987b958aaaf50b81f3e507cf9d1b902bc22787244617e38069e4ca74bcf505dfdfeb6bad8bee2ecba26a428c2b26c9b9987241b50ccfd895a7335b35534c5569fdef2554d773cb3b20f10e08eeff2701d2a3e8ef7c5bb759baf1995d1580dce4f0c5da90eff4f07e01e7c9273b24c14c514f2ae1d1fe940dd53bfa25572cd6f3c007c7f21aebc58ea32ca3aea83c731419c9dcc191158cbb52b0b70545a16c9b42aadd4dcb167443d6c15fa03ae7f6f0f644845a69cb8badb3f143fd916a70c5008c3486d1f0cc8e0527f76da5aeaca4925f6eb6861dd54e1ce8b80e6b000446d77ac8bd0299e38db3b8e4a9c43294367cd6a55351d0
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 2d8021d84f098e7abde199f818e211a4
-      Version: 3
-      TBS:
-        MD5: 8f8c7ccf1ef7e1ee347f49e8266008ca
-        SHA1: b856b993df73da9d824aa1e5161788bd10d1e10e
-        SHA256: 1dd13a417806106c76cfbcd3614fe27a0638d2aaf2731f6a110c05043e34ad91
-        SHA384: d24ede407b82f80a6f0703b59af267f227a956c21f642f4c3d717d6999728ba2acfde76966340f4334f8ecdcf294616e
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 2d8021d84f098e7abde199f818e211a4
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 8f96c3ef5dda3fe697d4a4d6326dbe37
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 96c15399e89e9bca402ed660f90e1b98
-    SHA1: 1b4335f92c6137f56c8f98e5b79fc7af67af2a24
-    SHA256: 55a69f740a77fc07073c3d077d029dfb2dbe4b673171167e7310bd857eb55982
-  Company: CPUID
-  Copyright: Copyright(C) 2013 CPUID
-  CreationTimestamp: '2013-08-24 02:58:17'
-  Description: CPUID Driver
-  ExportedFunctions: ''
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Filename: cpuz.sys
-  ImportedFunctions:
-  - IofCompleteRequest
-  - ExFreePool
-  - ExAllocatePoolWithTag
-  - RtlFreeUnicodeString
-  - ObfDereferenceObject
-  - MmIsAddressValid
-  - IoGetDeviceObjectPointer
-  - MmUnmapIoSpace
-  - RtlInitAnsiString
-  - MmMapIoSpace
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - RtlUnwind
-  - KeTickCount
-  - KeBugCheckEx
-  - RtlInitUnicodeString
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - PsGetVersion
-  - KeInitializeEvent
-  - IoBuildDeviceIoControlRequest
-  - IofCallDriver
-  - KeWaitForSingleObject
-  - RtlAnsiStringToUnicodeString
-  - IoCancelIrp
-  - READ_PORT_USHORT
-  - READ_PORT_ULONG
-  - WRITE_PORT_UCHAR
-  - WRITE_PORT_USHORT
-  - WRITE_PORT_ULONG
-  - HalGetBusDataByOffset
-  - HalSetBusDataByOffset
-  - KeStallExecutionProcessor
-  - READ_PORT_UCHAR
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: cpuz.sys
-  MD5: 3ab94fba7196e84a97e83b15f7bcb270
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: cpuz.sys
-  Product: CPUID service
-  ProductVersion: 6.1.7600.16385
-  RichPEHeaderHash:
-    MD5: 41f15d0f328a165973b49de608ef72a2
-    SHA1: abcd9850775bd0a1a855e785a238e0e69525810f
-    SHA256: 02dc44b04a6426fcaedf26995bfa471f123a90a9c747e82cebaf95f394890631
-  SHA1: bea745b598dd957924d3465ebc04c5b830d5724f
-  SHA256: 3e07bb866d329a2f9aaa4802bad04fdac9163de9bf9cfa1d035f5ca610b4b9bf
-  Sections:
-    .text:
-      Entropy: 6.193679799265929
-      Virtual Size: '0x2860'
-    .rdata:
-      Entropy: 4.611976907005874
-      Virtual Size: '0x2c0'
-    .data:
-      Entropy: 0.335842300318532
-      Virtual Size: '0x1e0'
-    INIT:
-      Entropy: 5.42180997612463
-      Virtual Size: '0x3f4'
-    .rsrc:
-      Entropy: 3.391941258882184
-      Virtual Size: '0x350'
-    .reloc:
-      Entropy: 5.431068617797713
-      Virtual Size: '0x234'
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=CPUID
-      ValidFrom: '2012-01-06 00:00:00'
-      ValidTo: '2015-02-06 23:59:59'
-      Signature: be6fb3b3b33e9108a9a2273d1cf5eb3209a8c3a86ba7d66069393587f6b451b75b327ea15d36b1604aad5509c0ace37fa66e220b35764b9c201169677738c06802d2f798383c256c690898a663b0aeb519491057f9f24149c513abba2a4cab9934a684e5d83a34105fe6681f2b85d5ee06332d1c05c3627758442fd2fc94f5f68bb30f085cb1d31174e1461394aeef7b124291a099654d1103df3deab81e9658b5b5cc817061d688ae39e702f1d0dd420d6de931bed331960e089233b8576482e48d5b769fdfa8df02e1d098912444b324057826e1f72c26f045b2479a9b39eadfd6b2e1bd6db4057ef6b12ca385cad9a7ad82c4414e619f97dfd08a55f59053
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 53c8b54713882d4d5439511804935e
-      Version: 3
-      TBS:
-        MD5: 49e7946e133b4aaa31899adb235d3fa9
-        SHA1: f9f38ec49a6ccb990805be6dda0efa5f7fe8f7e7
-        SHA256: 1bb998a806b890e3300be35de0daa1b691fa218ef3d58ee5ec1b43fd34250a74
-        SHA384: 0a2ca21b084e3b431a7150c49819934d64a8b259d5686706d879a90cc37d32005eb2bbe07558b312b1169ab8a3e3de39
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 53c8b54713882d4d5439511804935e
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 958dd67f866ae27cf716e30a025b266f
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 972f2ce8097eda301f27a53fcf2b9865
-    SHA1: aba5185a6ebdb040c5e4b8b8eaa44382eb705aec
-    SHA256: 157ae92541eda2f5035435c63e1654adfa45c06e37b05cbb60d76a63daa93f04
-  Company: CPUID
-  Copyright: Copyright(C) 2014 CPUID
-  CreationTimestamp: '2014-10-23 09:03:05'
-  Description: CPUID Driver
-  ExportedFunctions: ''
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Filename: cpuz.sys
-  ImportedFunctions:
-  - RtlAnsiStringToUnicodeString
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeInitializeEvent
-  - RtlInitAnsiString
-  - MmUnmapIoSpace
-  - IoCancelIrp
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - MmMapIoSpace
-  - ExFreePoolWithTag
-  - KeWaitForSingleObject
-  - PsGetVersion
-  - IoCreateSymbolicLink
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - DbgPrintEx
-  - IofCallDriver
-  - KeBugCheckEx
-  - IoDeleteSymbolicLink
-  - IoBuildDeviceIoControlRequest
-  - IofCompleteRequest
-  - ExAllocatePoolWithTag
-  - RtlUnwindEx
-  - HalSetBusDataByOffset
-  - KeStallExecutionProcessor
-  - HalGetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: cpuz.sys
-  MD5: e323413de3caec7f7730b43c551f26a0
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: cpuz.sys
-  Product: CPUID service
-  ProductVersion: 6.1.7600.16385
-  RichPEHeaderHash:
-    MD5: a2326d96aef2fdfe4c1d2ed909160ccc
-    SHA1: 48faced2ed09c60dd807398c1338259bddcd3c1f
-    SHA256: a125d206aeade4827dcce39aadbd8da6cad0d8ad799b46adfd7bf6bcd0acf11e
-  SHA1: f3c20ce4282587c920e9ff5da2150fac7858172e
-  SHA256: 45c3d607cb57a1714c1c604a25cbadf2779f4734855d0e43aa394073b6966b26
-  Sections:
-    .text:
-      Entropy: 6.223329975658994
-      Virtual Size: '0x3207'
-    .rdata:
-      Entropy: 4.1808537985567344
-      Virtual Size: '0x434'
-    .data:
-      Entropy: 0.378703493487675
-      Virtual Size: '0x2c0'
-    .pdata:
-      Entropy: 3.626263920579275
-      Virtual Size: '0xd8'
-    INIT:
-      Entropy: 5.120133577153886
-      Virtual Size: '0x41c'
-    .rsrc:
-      Entropy: 3.3971374522271924
-      Virtual Size: '0x350'
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=CPUID
-      ValidFrom: '2012-01-06 00:00:00'
-      ValidTo: '2015-02-06 23:59:59'
-      Signature: be6fb3b3b33e9108a9a2273d1cf5eb3209a8c3a86ba7d66069393587f6b451b75b327ea15d36b1604aad5509c0ace37fa66e220b35764b9c201169677738c06802d2f798383c256c690898a663b0aeb519491057f9f24149c513abba2a4cab9934a684e5d83a34105fe6681f2b85d5ee06332d1c05c3627758442fd2fc94f5f68bb30f085cb1d31174e1461394aeef7b124291a099654d1103df3deab81e9658b5b5cc817061d688ae39e702f1d0dd420d6de931bed331960e089233b8576482e48d5b769fdfa8df02e1d098912444b324057826e1f72c26f045b2479a9b39eadfd6b2e1bd6db4057ef6b12ca385cad9a7ad82c4414e619f97dfd08a55f59053
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 53c8b54713882d4d5439511804935e
-      Version: 3
-      TBS:
-        MD5: 49e7946e133b4aaa31899adb235d3fa9
-        SHA1: f9f38ec49a6ccb990805be6dda0efa5f7fe8f7e7
-        SHA256: 1bb998a806b890e3300be35de0daa1b691fa218ef3d58ee5ec1b43fd34250a74
-        SHA384: 0a2ca21b084e3b431a7150c49819934d64a8b259d5686706d879a90cc37d32005eb2bbe07558b312b1169ab8a3e3de39
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 53c8b54713882d4d5439511804935e
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 28c5045218461018dbde27212ab0f227
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: ccc4847b99e359c72448de9f9f0981f1
-    SHA1: 9e771be7100b166ba79aeeea58aa3dee44c09d6b
-    SHA256: 6b9090296a10225be115810e29e8ada4f70e4d4a8f88b385ccd9a8a6d2eb6778
-  Company: Windows (R) Codename Longhorn DDK provider
-  Copyright: "\xA9 Microsoft Corporation. All rights reserved."
-  CreationTimestamp: '2009-03-26 17:17:23'
-  Description: CPUID Driver
-  ExportedFunctions: ''
-  FileVersion: '6.0.6000.16386 built by: WinDDK'
-  Filename: cpuz.sys
-  ImportedFunctions:
-  - IoDeleteSymbolicLink
-  - IoCreateSymbolicLink
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - RtlAnsiStringToUnicodeString
-  - RtlFreeUnicodeString
-  - IoCreateDevice
-  - IofCallDriver
-  - IoGetDeviceObjectPointer
-  - IoBuildDeviceIoControlRequest
-  - IoDeleteDevice
-  - ProbeForWrite
-  - MmMapIoSpace
-  - KeInitializeEvent
-  - RtlInitAnsiString
-  - IofCompleteRequest
-  - KeWaitForSingleObject
-  - KeBugCheckEx
-  - MmUnmapIoSpace
-  - RtlInitUnicodeString
-  - PsGetVersion
-  - RtlUnwindEx
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: cpuz.sys
-  MD5: c9c25778efe890baa4087e32937016a0
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: cpuz.sys
-  Product: Windows (R) Codename Longhorn DDK driver
-  ProductVersion: 6.0.6000.16386
-  RichPEHeaderHash:
-    MD5: a4919ba9bce5fa10c0659fe35e106bff
-    SHA1: c9062199c8b03518cf06dcc7212ff3c1ffbf0452
-    SHA256: f6f4beb34371f4eec6c80a94046382a70864524606df3fdcf4d08fe9ddacc1af
-  SHA1: f4728f490d741b04b611164a7d997e34458e3a5e
-  SHA256: 49329fa09f584d1960b09c1b15df18c0bc1c4fdb90bf48b6b5703e872040b668
-  Sections:
-    .text:
-      Entropy: 6.154548729898717
-      Virtual Size: '0x1dd6'
-    .rdata:
-      Entropy: 4.332394275902173
-      Virtual Size: '0x39c'
-    .data:
-      Entropy: 0.378703493487675
-      Virtual Size: '0x2c0'
-    .pdata:
-      Entropy: 3.424516355212702
-      Virtual Size: '0x84'
-    INIT:
-      Entropy: 4.945456847123696
-      Virtual Size: '0x388'
-    .rsrc:
-      Entropy: 3.393742999677783
-      Virtual Size: '0x400'
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=CPUID
-      ValidFrom: '2009-02-02 00:00:00'
-      ValidTo: '2012-02-07 23:59:59'
-      Signature: 9a9bbecb393272aaedfd7a125e0fe581151a18a75a4094e082a38156f62018b9d59edef27429bbea60d6e146a2ce134546d54e00b6585c1d85e3aedfb3b9a5de7728a96b2bcc26106655bae6bc5ce3a72714f9e23282a2fba29fc870b394e832f07dc50ded3a042953fe91379769e424398278b6ed14ae4f6b4cce5fa7ba20fc8d157a78fd308214d177189bcd76b2bd62a861a8c1562e2748f338f7369f0f062804685399a6655fcb4564a644e7a8bee8330557376884cce9153992e8e205bc1474dbd0109b3c87991db9bb77a9dff5775267390431ce56ff49500d8ad70be34a0d9a0b112e07eb55f0fe07de9ac93a0b30cb36029b5ec41e032daf66627d4e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
-      Version: 3
-      TBS:
-        MD5: fb72fa311261c4fb6a786e5cc7ce1d2f
-        SHA1: 1006abcf3b1eb43fd4cc42a2cc25346b3b9002c3
-        SHA256: 01beb7dc0d29b16a5506fc611b435aa0f4d9c50408ca404e91135e493a20890a
-        SHA384: 759175ad5a7509fc3ea3678d14e568abd0edeb753b53af88af04869bea98a07314b88c26de077ab3bdb6dbb1df1b93f9
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  Imphash: cb8db41ab8c06472574e58b9466f4070
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: a5f87835956f86d2acccd4c8012a4fcd
-    SHA1: 2e37b05cd1bafe18e0a1a33560b0ec5aa99b0192
-    SHA256: e650b4e4b5a95cba582b9749cac4c40e67e854d78eb8494f46f6d11f1fcea4d6
-  Company: Windows (R) Win 7 DDK provider
-  Copyright: "\xA9 Microsoft Corporation. All rights reserved."
-  CreationTimestamp: '2010-03-10 09:24:11'
-  Description: CPUID Driver
-  ExportedFunctions: ''
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Filename: cpuz.sys
-  ImportedFunctions:
-  - IofCompleteRequest
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - RtlFreeUnicodeString
-  - ObfDereferenceObject
-  - MmIsAddressValid
-  - IoGetDeviceObjectPointer
-  - RtlAnsiStringToUnicodeString
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - ProbeForWrite
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - RtlUnwind
-  - KeTickCount
-  - KeBugCheckEx
-  - RtlInitUnicodeString
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - PsGetVersion
-  - KeInitializeEvent
-  - IoBuildDeviceIoControlRequest
-  - IofCallDriver
-  - RtlInitAnsiString
-  - KeWaitForSingleObject
-  - READ_PORT_USHORT
-  - READ_PORT_ULONG
-  - WRITE_PORT_UCHAR
-  - WRITE_PORT_USHORT
-  - WRITE_PORT_ULONG
-  - HalGetBusDataByOffset
-  - HalSetBusDataByOffset
-  - READ_PORT_UCHAR
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: cpuz.sys
-  MD5: 2f8653034a35526df88ea0c62b035a42
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: cpuz.sys
-  Product: Windows (R) Win 7 DDK driver
-  ProductVersion: 6.1.7600.16385
-  RichPEHeaderHash:
-    MD5: ac22d2bffa82e1f2eeaff75340ddf502
-    SHA1: a884c8f5b8d433e30a79d959fb37fb0746ff537b
-    SHA256: 3e8f2e809174f7d618f3ce991f37c51a77d2a43db600925041b13fa3430146de
-  SHA1: 68ca9c27131aa35c7f433dc914da74f4b3d8793f
-  SHA256: 4d19ee789e101e5a76834fb411aadf8229f08b3ece671343ad57a6576a525036
-  Sections:
-    .text:
-      Entropy: 6.237934687882857
-      Virtual Size: '0x2180'
-    .rdata:
-      Entropy: 4.44829003144624
-      Virtual Size: '0x2f4'
-    .data:
-      Entropy: 0.335842300318532
-      Virtual Size: '0x1e0'
-    INIT:
-      Entropy: 5.414827215159332
-      Virtual Size: '0x3dc'
-    .rsrc:
-      Entropy: 3.4140956924835417
-      Virtual Size: '0x3d0'
-    .reloc:
-      Entropy: 5.51200680030155
-      Virtual Size: '0x236'
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=CPUID
-      ValidFrom: '2009-02-02 00:00:00'
-      ValidTo: '2012-02-07 23:59:59'
-      Signature: 9a9bbecb393272aaedfd7a125e0fe581151a18a75a4094e082a38156f62018b9d59edef27429bbea60d6e146a2ce134546d54e00b6585c1d85e3aedfb3b9a5de7728a96b2bcc26106655bae6bc5ce3a72714f9e23282a2fba29fc870b394e832f07dc50ded3a042953fe91379769e424398278b6ed14ae4f6b4cce5fa7ba20fc8d157a78fd308214d177189bcd76b2bd62a861a8c1562e2748f338f7369f0f062804685399a6655fcb4564a644e7a8bee8330557376884cce9153992e8e205bc1474dbd0109b3c87991db9bb77a9dff5775267390431ce56ff49500d8ad70be34a0d9a0b112e07eb55f0fe07de9ac93a0b30cb36029b5ec41e032daf66627d4e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
-      Version: 3
-      TBS:
-        MD5: fb72fa311261c4fb6a786e5cc7ce1d2f
-        SHA1: 1006abcf3b1eb43fd4cc42a2cc25346b3b9002c3
-        SHA256: 01beb7dc0d29b16a5506fc611b435aa0f4d9c50408ca404e91135e493a20890a
-        SHA384: 759175ad5a7509fc3ea3678d14e568abd0edeb753b53af88af04869bea98a07314b88c26de077ab3bdb6dbb1df1b93f9
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  Imphash: 29a1da8841f5363423dcba1a9773809a
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: b98238e731280f6d726e61b0016cb877
-    SHA1: 820a00a0e0fc628d06ac1f779eb9e88d613d8934
-    SHA256: b46fb3ed5a7a84ef594ab0b76f384aa2dca0614574478fb98308806612609465
-  Company: CPUID
-  Copyright: Copyright(C) 2017 CPUID
-  CreationTimestamp: '2017-03-23 05:27:23'
-  Description: CPUID Driver
-  ExportedFunctions: ''
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Filename: cpuz.sys
-  ImportedFunctions:
-  - PsGetVersion
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeTickCount
-  - KeBugCheckEx
-  - IofCompleteRequest
-  - MmMapIoSpace
-  - MmUnmapIoSpace
-  - ProbeForWrite
-  - IoDeleteDevice
-  - RtlInitUnicodeString
-  - IoDeleteSymbolicLink
-  - RtlUnwindEx
-  - RtlPcToFileHeader
-  - READ_PORT_USHORT
-  - WRITE_PORT_ULONG
-  - HalGetBusDataByOffset
-  - HalSetBusDataByOffset
-  - READ_PORT_UCHAR
-  - HalCallPal
-  - WRITE_PORT_UCHAR
-  - KeStallExecutionProcessor
-  - WRITE_PORT_USHORT
-  - READ_PORT_ULONG
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: cpuz.sys
-  MD5: e747f164fc89566f934f9ec5627cd8c3
-  MachineType: IA64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: cpuz.sys
-  Product: CPUID service
-  ProductVersion: 6.1.7600.16385
-  RichPEHeaderHash:
-    MD5: 756be87f8c768cb8bfd02af932dd7589
-    SHA1: 16c2ebba52ba9fb0ef5570c1d620daaaee63865a
-    SHA256: 48acdfbe5ad27d73c0fd9b115a49420f182d146bca52797ce33cc2a061ff0ced
-  SHA1: a958734d25865cbc6bcbc11090ab9d6b72799143
-  SHA256: 5177a3b7393fb5855b2ec0a45d4c91660b958ee077e76e5a7d0669f2e04bcf02
-  Sections:
-    .text:
-      Entropy: 5.336714834529696
-      Virtual Size: '0x5780'
-    .rdata:
-      Entropy: 4.010151907627347
-      Virtual Size: '0x550'
-    .pdata:
-      Entropy: 3.4578065856245583
-      Virtual Size: '0xd8'
-    .sdata:
-      Entropy: 1.1203888318125959
-      Virtual Size: '0x420'
-    INIT:
-      Entropy: 5.015276332791068
-      Virtual Size: '0x3e8'
-    .rsrc:
-      Entropy: 3.388191426646717
-      Virtual Size: '0x350'
-    .reloc:
-      Entropy: 0.9012044915351938
-      Virtual Size: '0x188'
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, CN=CPUID
-      ValidFrom: '2014-12-02 00:00:00'
-      ValidTo: '2018-03-02 23:59:59'
-      Signature: a59808b35f916a1201f0987b958aaaf50b81f3e507cf9d1b902bc22787244617e38069e4ca74bcf505dfdfeb6bad8bee2ecba26a428c2b26c9b9987241b50ccfd895a7335b35534c5569fdef2554d773cb3b20f10e08eeff2701d2a3e8ef7c5bb759baf1995d1580dce4f0c5da90eff4f07e01e7c9273b24c14c514f2ae1d1fe940dd53bfa25572cd6f3c007c7f21aebc58ea32ca3aea83c731419c9dcc191158cbb52b0b70545a16c9b42aadd4dcb167443d6c15fa03ae7f6f0f644845a69cb8badb3f143fd916a70c5008c3486d1f0cc8e0527f76da5aeaca4925f6eb6861dd54e1ce8b80e6b000446d77ac8bd0299e38db3b8e4a9c43294367cd6a55351d0
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 2d8021d84f098e7abde199f818e211a4
-      Version: 3
-      TBS:
-        MD5: 8f8c7ccf1ef7e1ee347f49e8266008ca
-        SHA1: b856b993df73da9d824aa1e5161788bd10d1e10e
-        SHA256: 1dd13a417806106c76cfbcd3614fe27a0638d2aaf2731f6a110c05043e34ad91
-        SHA384: d24ede407b82f80a6f0703b59af267f227a956c21f642f4c3d717d6999728ba2acfde76966340f4334f8ecdcf294616e
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 2d8021d84f098e7abde199f818e211a4
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: a2d936fa82b7340d28a697fb344046d8
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: a28d6b501a18377685e448a214f370a6
-    SHA1: 732fdb7d346543552b44e6d127fa907df7ef8d81
-    SHA256: 942a7b2ebca0edeff5803c8f899ee455c0ec279542c41d2db2664d58c1025c86
-  Company: CPUID
-  Copyright: Copyright(C) 2010 CPUID
-  CreationTimestamp: '2011-09-21 02:23:41'
-  Description: CPUID Driver
-  ExportedFunctions: ''
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Filename: cpuz.sys
-  ImportedFunctions:
-  - RtlAnsiStringToUnicodeString
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeInitializeEvent
-  - RtlInitAnsiString
-  - MmUnmapIoSpace
-  - IoCancelIrp
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - ExFreePoolWithTag
-  - IofCompleteRequest
-  - KeWaitForSingleObject
-  - PsGetVersion
-  - IoCreateSymbolicLink
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - IofCallDriver
-  - KeBugCheckEx
-  - IoDeleteSymbolicLink
-  - IoBuildDeviceIoControlRequest
-  - MmMapIoSpace
-  - ExAllocatePoolWithTag
-  - RtlUnwindEx
-  - HalSetBusDataByOffset
-  - KeStallExecutionProcessor
-  - HalGetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: cpuz.sys
-  MD5: c08063f052308b6f5882482615387f30
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: cpuz.sys
-  Product: CPUID service
-  ProductVersion: 6.1.7600.16385
-  RichPEHeaderHash:
-    MD5: 89dc670b5f7c06b577deeec9473dc96b
-    SHA1: af59c00ae531117ba9307257ab945cdf6c8309f6
-    SHA256: 35b9d8fc904c88f4df237edc610727f89c415e48bcf135191c43832bb2935ba6
-  SHA1: 252157ab2e33eed7aa112d1c93c720cadcee31ae
-  SHA256: 523d1d43e896077f32cd9acaa8e85b513bfb7b013a625e56f0d4e9675d9822ba
-  Sections:
-    .text:
-      Entropy: 6.200416768922914
-      Virtual Size: '0x2586'
-    .rdata:
-      Entropy: 4.272735727458459
-      Virtual Size: '0x3e0'
-    .data:
-      Entropy: 0.378703493487675
-      Virtual Size: '0x2c0'
-    .pdata:
-      Entropy: 3.401514027013751
-      Virtual Size: '0x90'
-    INIT:
-      Entropy: 5.067835669413665
-      Virtual Size: '0x406'
-    .rsrc:
-      Entropy: 3.3943730160709853
-      Virtual Size: '0x350'
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=CPUID
-      ValidFrom: '2009-02-02 00:00:00'
-      ValidTo: '2012-02-07 23:59:59'
-      Signature: 9a9bbecb393272aaedfd7a125e0fe581151a18a75a4094e082a38156f62018b9d59edef27429bbea60d6e146a2ce134546d54e00b6585c1d85e3aedfb3b9a5de7728a96b2bcc26106655bae6bc5ce3a72714f9e23282a2fba29fc870b394e832f07dc50ded3a042953fe91379769e424398278b6ed14ae4f6b4cce5fa7ba20fc8d157a78fd308214d177189bcd76b2bd62a861a8c1562e2748f338f7369f0f062804685399a6655fcb4564a644e7a8bee8330557376884cce9153992e8e205bc1474dbd0109b3c87991db9bb77a9dff5775267390431ce56ff49500d8ad70be34a0d9a0b112e07eb55f0fe07de9ac93a0b30cb36029b5ec41e032daf66627d4e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
-      Version: 3
-      TBS:
-        MD5: fb72fa311261c4fb6a786e5cc7ce1d2f
-        SHA1: 1006abcf3b1eb43fd4cc42a2cc25346b3b9002c3
-        SHA256: 01beb7dc0d29b16a5506fc611b435aa0f4d9c50408ca404e91135e493a20890a
-        SHA384: 759175ad5a7509fc3ea3678d14e568abd0edeb753b53af88af04869bea98a07314b88c26de077ab3bdb6dbb1df1b93f9
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  Imphash: 82942c060f79cefd3bf1acdf5c207561
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 00556fc028ef505e2a528e054c435923
-    SHA1: f645fd2deb256b7e3b8dcb7213c4fb61f2e209ec
-    SHA256: c2159219e9986ab9e07e00a87fb83835230a2b99174e7f9b94096046c2dace55
-  Company: Windows (R) Win 7 DDK provider
-  Copyright: "\xA9 Microsoft Corporation. All rights reserved."
-  CreationTimestamp: '2010-07-09 05:17:26'
-  Description: CPUID Driver
-  ExportedFunctions: ''
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Filename: cpuz.sys
-  ImportedFunctions:
-  - PsGetVersion
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeTickCount
-  - KeBugCheckEx
-  - IofCompleteRequest
-  - MmMapIoSpace
-  - MmUnmapIoSpace
-  - ProbeForWrite
-  - IoDeleteDevice
-  - RtlInitUnicodeString
-  - IoDeleteSymbolicLink
-  - __C_specific_handler
-  - READ_PORT_USHORT
-  - WRITE_PORT_ULONG
-  - HalGetBusDataByOffset
-  - HalSetBusDataByOffset
-  - READ_PORT_UCHAR
-  - HalCallPal
-  - WRITE_PORT_UCHAR
-  - KeStallExecutionProcessor
-  - WRITE_PORT_USHORT
-  - READ_PORT_ULONG
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: cpuz.sys
-  MD5: 549e5148be5e7be17f9d416d8a0e333e
-  MachineType: IA64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: cpuz.sys
-  Product: Windows (R) Win 7 DDK driver
-  ProductVersion: 6.1.7600.16385
-  RichPEHeaderHash:
-    MD5: 3e05f63a445c98b6831d9476006337f7
-    SHA1: 08c8e06efd3136ae964f86be406389c47f74e4dd
-    SHA256: e5965588f92317c7d220193aa42f12d30bae66f0008f4831568b8131edeeb70a
-  SHA1: 6d9e22a275a5477ea446e6c56ee45671fbcbb5f6
-  SHA256: 592f56b13e7dcaa285da64a0b9a48be7562bd9b0a190208b7c8b7d8de427cf6c
-  Sections:
-    .text:
-      Entropy: 5.396352784335148
-      Virtual Size: '0x3130'
-    .rdata:
-      Entropy: 4.150556480845234
-      Virtual Size: '0x348'
-    .pdata:
-      Entropy: 3.2551039363088288
-      Virtual Size: '0x84'
-    .sdata:
-      Entropy: 1.055945444608438
-      Virtual Size: '0x260'
-    INIT:
-      Entropy: 5.06628585370835
-      Virtual Size: '0x3d6'
-    .rsrc:
-      Entropy: 3.4181439310744572
-      Virtual Size: '0x3d0'
-    .reloc:
-      Entropy: 1.042907998495935
-      Virtual Size: '0x146'
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=CPUID
-      ValidFrom: '2009-02-02 00:00:00'
-      ValidTo: '2012-02-07 23:59:59'
-      Signature: 9a9bbecb393272aaedfd7a125e0fe581151a18a75a4094e082a38156f62018b9d59edef27429bbea60d6e146a2ce134546d54e00b6585c1d85e3aedfb3b9a5de7728a96b2bcc26106655bae6bc5ce3a72714f9e23282a2fba29fc870b394e832f07dc50ded3a042953fe91379769e424398278b6ed14ae4f6b4cce5fa7ba20fc8d157a78fd308214d177189bcd76b2bd62a861a8c1562e2748f338f7369f0f062804685399a6655fcb4564a644e7a8bee8330557376884cce9153992e8e205bc1474dbd0109b3c87991db9bb77a9dff5775267390431ce56ff49500d8ad70be34a0d9a0b112e07eb55f0fe07de9ac93a0b30cb36029b5ec41e032daf66627d4e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
-      Version: 3
-      TBS:
-        MD5: fb72fa311261c4fb6a786e5cc7ce1d2f
-        SHA1: 1006abcf3b1eb43fd4cc42a2cc25346b3b9002c3
-        SHA256: 01beb7dc0d29b16a5506fc611b435aa0f4d9c50408ca404e91135e493a20890a
-        SHA384: 759175ad5a7509fc3ea3678d14e568abd0edeb753b53af88af04869bea98a07314b88c26de077ab3bdb6dbb1df1b93f9
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  Imphash: f0820e8f674e44e5c2a3f899ec561c1d
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 1a595aaefa6bd782d63e97de4fcec464
-    SHA1: eae1ab9e3aac1a4de139993b7e63542befccf0df
-    SHA256: 6045d564286f00fc1efedd25ffd22ecb7eaf2b3a6c778e392319380c77e45658
-  Company: CPUID
-  Copyright: Copyright(C) 2010 CPUID
-  CreationTimestamp: '2012-08-11 01:48:20'
-  Description: CPUID Driver
-  ExportedFunctions: ''
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Filename: cpuz.sys
-  ImportedFunctions:
-  - RtlAnsiStringToUnicodeString
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeInitializeEvent
-  - RtlInitAnsiString
-  - MmUnmapIoSpace
-  - IoCancelIrp
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - MmMapIoSpace
-  - ExFreePoolWithTag
-  - KeWaitForSingleObject
-  - PsGetVersion
-  - IoCreateSymbolicLink
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - DbgPrint
-  - IofCallDriver
-  - KeBugCheckEx
-  - IoDeleteSymbolicLink
-  - IoBuildDeviceIoControlRequest
-  - IofCompleteRequest
-  - ExAllocatePoolWithTag
-  - RtlUnwindEx
-  - HalSetBusDataByOffset
-  - KeStallExecutionProcessor
-  - HalGetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: cpuz.sys
-  MD5: d0c2caa17c7b6d2200e1b5aa9d07135e
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: cpuz.sys
-  Product: CPUID service
-  ProductVersion: 6.1.7600.16385
-  RichPEHeaderHash:
-    MD5: dd4b3ae5449a7da46b90bead31c1bab6
-    SHA1: 76abd50622838fcbb459166b2b42850bc5cfd18b
-    SHA256: 3bb0708613c56dbb77df753872797d73065432ac7c2ea3cde2569173972c7dac
-  SHA1: bad84fca57ab0ef0af9230a93e0cc3d149f9ccd0
-  SHA256: 5b3705b47dc15f2b61ca3821b883b9cd114d83fcc3344d11eb1d3df495d75abe
-  Sections:
-    .text:
-      Entropy: 6.2041710477554854
-      Virtual Size: '0x2616'
-    .rdata:
-      Entropy: 4.177976296652285
-      Virtual Size: '0x3ec'
-    .data:
-      Entropy: 0.378703493487675
-      Virtual Size: '0x2c0'
-    .pdata:
-      Entropy: 3.499086286863614
-      Virtual Size: '0xc0'
-    INIT:
-      Entropy: 5.052256723807581
-      Virtual Size: '0x41a'
-    .rsrc:
-      Entropy: 3.3943730160709853
-      Virtual Size: '0x350'
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G3
-      ValidFrom: '2012-05-01 00:00:00'
-      ValidTo: '2012-12-31 23:59:59'
-      Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
-      Version: 3
-      TBS:
-        MD5: e6d820afb23af20a65cf0b03247ea05e
-        SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
-        SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
-        SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=CPUID
-      ValidFrom: '2012-01-06 00:00:00'
-      ValidTo: '2015-02-06 23:59:59'
-      Signature: be6fb3b3b33e9108a9a2273d1cf5eb3209a8c3a86ba7d66069393587f6b451b75b327ea15d36b1604aad5509c0ace37fa66e220b35764b9c201169677738c06802d2f798383c256c690898a663b0aeb519491057f9f24149c513abba2a4cab9934a684e5d83a34105fe6681f2b85d5ee06332d1c05c3627758442fd2fc94f5f68bb30f085cb1d31174e1461394aeef7b124291a099654d1103df3deab81e9658b5b5cc817061d688ae39e702f1d0dd420d6de931bed331960e089233b8576482e48d5b769fdfa8df02e1d098912444b324057826e1f72c26f045b2479a9b39eadfd6b2e1bd6db4057ef6b12ca385cad9a7ad82c4414e619f97dfd08a55f59053
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 53c8b54713882d4d5439511804935e
-      Version: 3
-      TBS:
-        MD5: 49e7946e133b4aaa31899adb235d3fa9
-        SHA1: f9f38ec49a6ccb990805be6dda0efa5f7fe8f7e7
-        SHA256: 1bb998a806b890e3300be35de0daa1b691fa218ef3d58ee5ec1b43fd34250a74
-        SHA384: 0a2ca21b084e3b431a7150c49819934d64a8b259d5686706d879a90cc37d32005eb2bbe07558b312b1169ab8a3e3de39
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 53c8b54713882d4d5439511804935e
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 2561727ac42d399030b3c46477c428f4
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 423e8ee5a464bc64032924ee428b40af
-    SHA1: 37552fe06a39175032793e6317d124008a892f18
-    SHA256: abf635a246752555868f203a565ead519c9ada06ea007545a47bf352678c342a
-  Company: CPUID
-  Copyright: Copyright(C) 2014 CPUID
-  CreationTimestamp: '2015-10-21 03:22:27'
-  Description: CPUID Driver
-  ExportedFunctions: ''
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Filename: cpuz.sys
-  ImportedFunctions:
-  - RtlAnsiStringToUnicodeString
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeInitializeEvent
-  - RtlInitAnsiString
-  - MmUnmapIoSpace
-  - IoCancelIrp
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - ExFreePoolWithTag
-  - IofCompleteRequest
-  - KeWaitForSingleObject
-  - PsGetVersion
-  - IoCreateSymbolicLink
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - IofCallDriver
-  - KeBugCheckEx
-  - IoDeleteSymbolicLink
-  - IoBuildDeviceIoControlRequest
-  - MmMapIoSpace
-  - ExAllocatePoolWithTag
-  - RtlUnwindEx
-  - HalSetBusDataByOffset
-  - KeStallExecutionProcessor
-  - HalGetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: cpuz.sys
-  MD5: f310b453ac562f2c53d30aa6e35506bb
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: cpuz.sys
-  Product: CPUID service
-  ProductVersion: 6.1.7600.16385
-  RichPEHeaderHash:
-    MD5: b3dcf662ce69ad7b34717fb6aecf09a7
-    SHA1: 63be2c28ecee71a739bfbaf38466362e998bc5bc
-    SHA256: f4257b7e95b00b38e446b2708cc342fe32846266064b94c78ec1f987731c2226
-  SHA1: eb44a05f8bba3d15e38454bd92999a856e6574eb
-  SHA256: 600a2119657973112025db3c0eeab2e69d528bccfeed75f40c6ef50b059ec8a0
-  Sections:
-    .text:
-      Entropy: 6.187068215362904
-      Virtual Size: '0x30c6'
-    .rdata:
-      Entropy: 4.212054484888266
-      Virtual Size: '0x424'
-    .data:
-      Entropy: 0.378703493487675
-      Virtual Size: '0x2c0'
-    .pdata:
-      Entropy: 3.5511621274596537
-      Virtual Size: '0xd8'
-    INIT:
-      Entropy: 5.131854482283732
-      Virtual Size: '0x3ea'
-    .rsrc:
-      Entropy: 3.3971374522271924
-      Virtual Size: '0x350'
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, CN=CPUID
-      ValidFrom: '2014-12-02 00:00:00'
-      ValidTo: '2018-03-02 23:59:59'
-      Signature: a59808b35f916a1201f0987b958aaaf50b81f3e507cf9d1b902bc22787244617e38069e4ca74bcf505dfdfeb6bad8bee2ecba26a428c2b26c9b9987241b50ccfd895a7335b35534c5569fdef2554d773cb3b20f10e08eeff2701d2a3e8ef7c5bb759baf1995d1580dce4f0c5da90eff4f07e01e7c9273b24c14c514f2ae1d1fe940dd53bfa25572cd6f3c007c7f21aebc58ea32ca3aea83c731419c9dcc191158cbb52b0b70545a16c9b42aadd4dcb167443d6c15fa03ae7f6f0f644845a69cb8badb3f143fd916a70c5008c3486d1f0cc8e0527f76da5aeaca4925f6eb6861dd54e1ce8b80e6b000446d77ac8bd0299e38db3b8e4a9c43294367cd6a55351d0
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 2d8021d84f098e7abde199f818e211a4
-      Version: 3
-      TBS:
-        MD5: 8f8c7ccf1ef7e1ee347f49e8266008ca
-        SHA1: b856b993df73da9d824aa1e5161788bd10d1e10e
-        SHA256: 1dd13a417806106c76cfbcd3614fe27a0638d2aaf2731f6a110c05043e34ad91
-        SHA384: d24ede407b82f80a6f0703b59af267f227a956c21f642f4c3d717d6999728ba2acfde76966340f4334f8ecdcf294616e
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 2d8021d84f098e7abde199f818e211a4
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: f12ae9073d95c22ed89247253d59f500
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 2d28bedef20cc63f0ae1b726a5cb34e0
-    SHA1: 92524be5b5320c3e08d880ecbcd36a9c8037a921
-    SHA256: 47c9323ae818bd2a3b55fc04abd984bd940cd4e27b6d4af311edcb66988ce941
-  Company: Windows (R) Win 7 DDK provider
-  Copyright: "\xA9 Microsoft Corporation. All rights reserved."
-  CreationTimestamp: '2010-03-16 05:00:47'
-  Description: CPUID Driver
-  ExportedFunctions: ''
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Filename: cpuz.sys
-  ImportedFunctions:
-  - ExFreePoolWithTag
-  - RtlAnsiStringToUnicodeString
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - ProbeForWrite
-  - KeInitializeEvent
-  - RtlInitAnsiString
-  - MmUnmapIoSpace
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - IoDeleteSymbolicLink
-  - IofCompleteRequest
-  - KeWaitForSingleObject
-  - PsGetVersion
-  - IoCreateSymbolicLink
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - IofCallDriver
-  - KeBugCheckEx
-  - IoBuildDeviceIoControlRequest
-  - MmMapIoSpace
-  - ExAllocatePoolWithTag
-  - RtlUnwindEx
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: cpuz.sys
-  MD5: aa69b4255e786d968adbd75ba5cf3e93
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: cpuz.sys
-  Product: Windows (R) Win 7 DDK driver
-  ProductVersion: 6.1.7600.16385
-  RichPEHeaderHash:
-    MD5: a38f27f93ae0a47de0beccf18bdd9f0d
-    SHA1: cd1a8f9d3317d025efd043e634381412d74f38d3
-    SHA256: f570747684874e6d241bec749b182ef1902d578127bf1087132383695896986e
-  SHA1: af5f642b105d86f82ba6d5e7a55d6404bfb50875
-  SHA256: 60b163776e7b95e0c2280d04476304d0c943b484909131f340e3ce6045a49289
-  Sections:
-    .text:
-      Entropy: 6.169826234776459
-      Virtual Size: '0x2176'
-    .rdata:
-      Entropy: 4.207878001994479
-      Virtual Size: '0x3cc'
-    .data:
-      Entropy: 0.378703493487675
-      Virtual Size: '0x2c0'
-    .pdata:
-      Entropy: 3.4966307212281404
-      Virtual Size: '0xc0'
-    INIT:
-      Entropy: 5.089554733637361
-      Virtual Size: '0x3e4'
-    .rsrc:
-      Entropy: 3.4155760648585995
-      Virtual Size: '0x3d0'
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=CPUID
-      ValidFrom: '2009-02-02 00:00:00'
-      ValidTo: '2012-02-07 23:59:59'
-      Signature: 9a9bbecb393272aaedfd7a125e0fe581151a18a75a4094e082a38156f62018b9d59edef27429bbea60d6e146a2ce134546d54e00b6585c1d85e3aedfb3b9a5de7728a96b2bcc26106655bae6bc5ce3a72714f9e23282a2fba29fc870b394e832f07dc50ded3a042953fe91379769e424398278b6ed14ae4f6b4cce5fa7ba20fc8d157a78fd308214d177189bcd76b2bd62a861a8c1562e2748f338f7369f0f062804685399a6655fcb4564a644e7a8bee8330557376884cce9153992e8e205bc1474dbd0109b3c87991db9bb77a9dff5775267390431ce56ff49500d8ad70be34a0d9a0b112e07eb55f0fe07de9ac93a0b30cb36029b5ec41e032daf66627d4e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
-      Version: 3
-      TBS:
-        MD5: fb72fa311261c4fb6a786e5cc7ce1d2f
-        SHA1: 1006abcf3b1eb43fd4cc42a2cc25346b3b9002c3
-        SHA256: 01beb7dc0d29b16a5506fc611b435aa0f4d9c50408ca404e91135e493a20890a
-        SHA384: 759175ad5a7509fc3ea3678d14e568abd0edeb753b53af88af04869bea98a07314b88c26de077ab3bdb6dbb1df1b93f9
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  Imphash: af34db96db910a3fa7a56f2fac8ed5e1
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 41fd82e071d4afdfd8a895d0ab4fb568
-    SHA1: b72edd113acbd4bb98374b80c1d238eb1e348f15
-    SHA256: 3b2a3b74127c7ecf095e0fe5a65af31b9701d2ba6dc2a4d87882de65d84842c0
-  Company: CPUID
-  Copyright: Copyright(C) 2010 CPUID
-  CreationTimestamp: '2011-09-21 02:24:20'
-  Description: CPUID Driver
-  ExportedFunctions: ''
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Filename: cpuz.sys
-  ImportedFunctions:
-  - IofCompleteRequest
-  - ExFreePool
-  - ExAllocatePoolWithTag
-  - RtlFreeUnicodeString
-  - ObfDereferenceObject
-  - MmIsAddressValid
-  - IoGetDeviceObjectPointer
-  - MmUnmapIoSpace
-  - RtlInitAnsiString
-  - MmMapIoSpace
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeTickCount
-  - KeBugCheckEx
-  - RtlInitUnicodeString
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - PsGetVersion
-  - KeInitializeEvent
-  - IoBuildDeviceIoControlRequest
-  - IofCallDriver
-  - KeWaitForSingleObject
-  - RtlAnsiStringToUnicodeString
-  - IoCancelIrp
-  - RtlUnwind
-  - READ_PORT_USHORT
-  - READ_PORT_ULONG
-  - WRITE_PORT_UCHAR
-  - WRITE_PORT_USHORT
-  - WRITE_PORT_ULONG
-  - HalGetBusDataByOffset
-  - HalSetBusDataByOffset
-  - KeStallExecutionProcessor
-  - READ_PORT_UCHAR
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: cpuz.sys
-  MD5: 3411fdf098aa20193eee5ffa36ba43b2
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: cpuz.sys
-  Product: CPUID service
-  ProductVersion: 6.1.7600.16385
-  RichPEHeaderHash:
-    MD5: 4ba73072bea66755a70f3a8c99951424
-    SHA1: d9ce039d736544c2d9b7fe44460d8e006a5c62f0
-    SHA256: 3b45bc2da9543317e7a22486f86a3f8c0eb289596d1d7661b47e35e99058861f
-  SHA1: ad05bff5fe45df9e08252717fc2bc2af57bf026f
-  SHA256: 67734c7c0130dd66c964f76965f09a2290da4b14c94412c0056046e700654bdc
-  Sections:
-    .text:
-      Entropy: 6.1851356647481595
-      Virtual Size: '0x2600'
-    .rdata:
-      Entropy: 4.469676429308113
-      Virtual Size: '0x2f8'
-    .data:
-      Entropy: 0.22396935932252834
-      Virtual Size: '0x1c0'
-    INIT:
-      Entropy: 5.358436362596031
-      Virtual Size: '0x3f4'
-    .rsrc:
-      Entropy: 3.3927376128305218
-      Virtual Size: '0x350'
-    .reloc:
-      Entropy: 5.38153465292173
-      Virtual Size: '0x244'
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=CPUID
-      ValidFrom: '2009-02-02 00:00:00'
-      ValidTo: '2012-02-07 23:59:59'
-      Signature: 9a9bbecb393272aaedfd7a125e0fe581151a18a75a4094e082a38156f62018b9d59edef27429bbea60d6e146a2ce134546d54e00b6585c1d85e3aedfb3b9a5de7728a96b2bcc26106655bae6bc5ce3a72714f9e23282a2fba29fc870b394e832f07dc50ded3a042953fe91379769e424398278b6ed14ae4f6b4cce5fa7ba20fc8d157a78fd308214d177189bcd76b2bd62a861a8c1562e2748f338f7369f0f062804685399a6655fcb4564a644e7a8bee8330557376884cce9153992e8e205bc1474dbd0109b3c87991db9bb77a9dff5775267390431ce56ff49500d8ad70be34a0d9a0b112e07eb55f0fe07de9ac93a0b30cb36029b5ec41e032daf66627d4e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
-      Version: 3
-      TBS:
-        MD5: fb72fa311261c4fb6a786e5cc7ce1d2f
-        SHA1: 1006abcf3b1eb43fd4cc42a2cc25346b3b9002c3
-        SHA256: 01beb7dc0d29b16a5506fc611b435aa0f4d9c50408ca404e91135e493a20890a
-        SHA384: 759175ad5a7509fc3ea3678d14e568abd0edeb753b53af88af04869bea98a07314b88c26de077ab3bdb6dbb1df1b93f9
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  Imphash: 5716c52252afe18d09f6c1bc6e5ef3ef
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: a3d5faa9e1a6f47f8e0a23ef837afe38
-    SHA1: bb21b535fa0adaef1a9a29759e0d2b2a5faf1965
-    SHA256: 5e9099b95b2074fecc6efa6d59552651b1e082aaa3612889f417064d378a797f
-  Company: CPUID
-  Copyright: Copyright(C) 2014 CPUID
-  CreationTimestamp: '2014-02-17 07:22:11'
-  Description: CPUID Driver
-  ExportedFunctions: ''
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Filename: cpuz.sys
-  ImportedFunctions:
-  - PsGetVersion
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeTickCount
-  - KeBugCheckEx
-  - IofCompleteRequest
-  - MmMapIoSpace
-  - MmUnmapIoSpace
-  - ProbeForWrite
-  - IoDeleteDevice
-  - RtlInitUnicodeString
-  - IoDeleteSymbolicLink
-  - RtlUnwindEx
-  - RtlPcToFileHeader
-  - READ_PORT_USHORT
-  - WRITE_PORT_ULONG
-  - HalGetBusDataByOffset
-  - HalSetBusDataByOffset
-  - READ_PORT_UCHAR
-  - HalCallPal
-  - WRITE_PORT_UCHAR
-  - KeStallExecutionProcessor
-  - WRITE_PORT_USHORT
-  - READ_PORT_ULONG
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: cpuz.sys
-  MD5: f60a9b88c6ff07d4990d8653d0025683
-  MachineType: IA64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: cpuz.sys
-  Product: CPUID service
-  ProductVersion: 6.1.7600.16385
-  RichPEHeaderHash:
-    MD5: d6643b31d447dc612fb7920d936baf5a
-    SHA1: 0d2acfebbfb9a35446bb9ff7b915c8ff514fd7dc
-    SHA256: 98f7bc08e99aa659bfb0295c09adf8ccfdb7f7ad8cc065cfb4f0732585c1855c
-  SHA1: 0cc60a56e245e70f664906b7b67dfe1b4a08a5b7
-  SHA256: 6befa481e8cca8084d9ec3a1925782cd3c28ef7a3e4384e034d48deaabb96b63
-  Sections:
-    .text:
-      Entropy: 5.3484809966574
-      Virtual Size: '0x3b60'
-    .rdata:
-      Entropy: 4.154715674967178
-      Virtual Size: '0x3d8'
-    .pdata:
-      Entropy: 3.4060649759113413
-      Virtual Size: '0xb4'
-    .sdata:
-      Entropy: 1.1203888318125959
-      Virtual Size: '0x2a0'
-    INIT:
-      Entropy: 5.0324391219722715
-      Virtual Size: '0x3e8'
-    .rsrc:
-      Entropy: 3.3971374522271924
-      Virtual Size: '0x350'
-    .reloc:
-      Entropy: 0.9557665440658051
-      Virtual Size: '0x168'
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=CPUID
-      ValidFrom: '2012-01-06 00:00:00'
-      ValidTo: '2015-02-06 23:59:59'
-      Signature: be6fb3b3b33e9108a9a2273d1cf5eb3209a8c3a86ba7d66069393587f6b451b75b327ea15d36b1604aad5509c0ace37fa66e220b35764b9c201169677738c06802d2f798383c256c690898a663b0aeb519491057f9f24149c513abba2a4cab9934a684e5d83a34105fe6681f2b85d5ee06332d1c05c3627758442fd2fc94f5f68bb30f085cb1d31174e1461394aeef7b124291a099654d1103df3deab81e9658b5b5cc817061d688ae39e702f1d0dd420d6de931bed331960e089233b8576482e48d5b769fdfa8df02e1d098912444b324057826e1f72c26f045b2479a9b39eadfd6b2e1bd6db4057ef6b12ca385cad9a7ad82c4414e619f97dfd08a55f59053
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 53c8b54713882d4d5439511804935e
-      Version: 3
-      TBS:
-        MD5: 49e7946e133b4aaa31899adb235d3fa9
-        SHA1: f9f38ec49a6ccb990805be6dda0efa5f7fe8f7e7
-        SHA256: 1bb998a806b890e3300be35de0daa1b691fa218ef3d58ee5ec1b43fd34250a74
-        SHA384: 0a2ca21b084e3b431a7150c49819934d64a8b259d5686706d879a90cc37d32005eb2bbe07558b312b1169ab8a3e3de39
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 53c8b54713882d4d5439511804935e
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: a2d936fa82b7340d28a697fb344046d8
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 49da5e87cba74d3bd91bd589e49b0d1a
-    SHA1: e79179e0a586067e9d9654c2a8dfd45963ddcac3
-    SHA256: 36729c2c714e05ebf9bc7262bc7f0d5d25d9dc9c8e0c4fdce27143bbdd9d9aa7
-  Company: CPUID
-  Copyright: Copyright(C) 2015 CPUID
-  CreationTimestamp: '2015-11-18 02:17:31'
-  Description: CPUID Driver
-  ExportedFunctions: ''
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Filename: cpuz.sys
-  ImportedFunctions:
-  - PsGetVersion
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeTickCount
-  - KeBugCheckEx
-  - IofCompleteRequest
-  - MmMapIoSpace
-  - MmUnmapIoSpace
-  - ProbeForWrite
-  - IoDeleteDevice
-  - RtlInitUnicodeString
-  - IoDeleteSymbolicLink
-  - __C_specific_handler
-  - READ_PORT_USHORT
-  - WRITE_PORT_ULONG
-  - HalGetBusDataByOffset
-  - HalSetBusDataByOffset
-  - READ_PORT_UCHAR
-  - HalCallPal
-  - WRITE_PORT_UCHAR
-  - KeStallExecutionProcessor
-  - WRITE_PORT_USHORT
-  - READ_PORT_ULONG
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: cpuz.sys
-  MD5: c046ca4da48db1524ddf3a49a8d02b65
-  MachineType: IA64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: cpuz.sys
-  Product: CPUID service
-  ProductVersion: 6.1.7600.16385
-  RichPEHeaderHash:
-    MD5: 8ea619be06260d53ffafd0dc9b610cb0
-    SHA1: c796bfcf888f2b8841388524d2117d3bb17c0e8c
-    SHA256: 0140c43b66ca9c67a08bcb7eaddab10203a2c2b75bd411d5eecf8d0d78dce9c6
-  SHA1: 5635bb2478929010693bc3b23f8b7fe5fdbc3aed
-  SHA256: 771015b2620942919bb2e0683476635b7a09db55216d6fbf03534cb18513b20c
-  Sections:
-    .text:
-      Entropy: 5.372120601484934
-      Virtual Size: '0x3850'
-    .rdata:
-      Entropy: 4.096307336199365
-      Virtual Size: '0x3a0'
-    .pdata:
-      Entropy: 3.3485198020390934
-      Virtual Size: '0x9c'
-    .sdata:
-      Entropy: 1.055945444608438
-      Virtual Size: '0x260'
-    INIT:
-      Entropy: 5.065598292840257
-      Virtual Size: '0x3d6'
-    .rsrc:
-      Entropy: 3.3958173868041217
-      Virtual Size: '0x350'
-    .reloc:
-      Entropy: 1.0164053768066021
-      Virtual Size: '0x14e'
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, CN=CPUID
-      ValidFrom: '2014-12-02 00:00:00'
-      ValidTo: '2018-03-02 23:59:59'
-      Signature: a59808b35f916a1201f0987b958aaaf50b81f3e507cf9d1b902bc22787244617e38069e4ca74bcf505dfdfeb6bad8bee2ecba26a428c2b26c9b9987241b50ccfd895a7335b35534c5569fdef2554d773cb3b20f10e08eeff2701d2a3e8ef7c5bb759baf1995d1580dce4f0c5da90eff4f07e01e7c9273b24c14c514f2ae1d1fe940dd53bfa25572cd6f3c007c7f21aebc58ea32ca3aea83c731419c9dcc191158cbb52b0b70545a16c9b42aadd4dcb167443d6c15fa03ae7f6f0f644845a69cb8badb3f143fd916a70c5008c3486d1f0cc8e0527f76da5aeaca4925f6eb6861dd54e1ce8b80e6b000446d77ac8bd0299e38db3b8e4a9c43294367cd6a55351d0
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 2d8021d84f098e7abde199f818e211a4
-      Version: 3
-      TBS:
-        MD5: 8f8c7ccf1ef7e1ee347f49e8266008ca
-        SHA1: b856b993df73da9d824aa1e5161788bd10d1e10e
-        SHA256: 1dd13a417806106c76cfbcd3614fe27a0638d2aaf2731f6a110c05043e34ad91
-        SHA384: d24ede407b82f80a6f0703b59af267f227a956c21f642f4c3d717d6999728ba2acfde76966340f4334f8ecdcf294616e
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 2d8021d84f098e7abde199f818e211a4
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: f0820e8f674e44e5c2a3f899ec561c1d
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: b978a03408c0e9ea44ffdeecc35ab83e
-    SHA1: fed654a9c5f2bf2a1ad9a2e94da162633fb468c5
-    SHA256: 72f9cb24cfa641876f34967b96244259f95987ef24d1d729c0e483b3eb9a2740
-  Company: CPUID
-  Copyright: Copyright(C) 2010 CPUID
-  CreationTimestamp: '2012-02-07 08:44:19'
-  Description: CPUID Driver
-  ExportedFunctions: ''
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Filename: cpuz.sys
-  ImportedFunctions:
-  - IofCompleteRequest
-  - ExFreePool
-  - ExAllocatePoolWithTag
-  - RtlFreeUnicodeString
-  - ObfDereferenceObject
-  - MmIsAddressValid
-  - IoGetDeviceObjectPointer
-  - MmUnmapIoSpace
-  - RtlInitAnsiString
-  - MmMapIoSpace
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - RtlUnwind
-  - KeTickCount
-  - KeBugCheckEx
-  - RtlInitUnicodeString
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - PsGetVersion
-  - KeInitializeEvent
-  - IoBuildDeviceIoControlRequest
-  - IofCallDriver
-  - KeWaitForSingleObject
-  - RtlAnsiStringToUnicodeString
-  - IoCancelIrp
-  - READ_PORT_USHORT
-  - READ_PORT_ULONG
-  - WRITE_PORT_UCHAR
-  - WRITE_PORT_USHORT
-  - WRITE_PORT_ULONG
-  - HalGetBusDataByOffset
-  - HalSetBusDataByOffset
-  - KeStallExecutionProcessor
-  - READ_PORT_UCHAR
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: cpuz.sys
-  MD5: 0283b43c6bc965175a1c92b255d39556
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: cpuz.sys
-  Product: CPUID service
-  ProductVersion: 6.1.7600.16385
-  RichPEHeaderHash:
-    MD5: 41f15d0f328a165973b49de608ef72a2
-    SHA1: abcd9850775bd0a1a855e785a238e0e69525810f
-    SHA256: 02dc44b04a6426fcaedf26995bfa471f123a90a9c747e82cebaf95f394890631
-  SHA1: 8325e8d7fd2edc126dcf1089dee8da64e79fb12e
-  SHA256: 80eeb8c2890f3535ed14f5881baf2f2226e6763be099d09fb8aadaba5b4474c1
-  Sections:
-    .text:
-      Entropy: 6.217479588256463
-      Virtual Size: '0x2750'
-    .rdata:
-      Entropy: 4.550469836478717
-      Virtual Size: '0x2f0'
-    .data:
-      Entropy: 0.335842300318532
-      Virtual Size: '0x1e0'
-    INIT:
-      Entropy: 5.41983369153965
-      Virtual Size: '0x3f4'
-    .rsrc:
-      Entropy: 3.3927376128305218
-      Virtual Size: '0x350'
-    .reloc:
-      Entropy: 5.5051908528223255
-      Virtual Size: '0x254'
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=CPUID
-      ValidFrom: '2012-01-06 00:00:00'
-      ValidTo: '2015-02-06 23:59:59'
-      Signature: be6fb3b3b33e9108a9a2273d1cf5eb3209a8c3a86ba7d66069393587f6b451b75b327ea15d36b1604aad5509c0ace37fa66e220b35764b9c201169677738c06802d2f798383c256c690898a663b0aeb519491057f9f24149c513abba2a4cab9934a684e5d83a34105fe6681f2b85d5ee06332d1c05c3627758442fd2fc94f5f68bb30f085cb1d31174e1461394aeef7b124291a099654d1103df3deab81e9658b5b5cc817061d688ae39e702f1d0dd420d6de931bed331960e089233b8576482e48d5b769fdfa8df02e1d098912444b324057826e1f72c26f045b2479a9b39eadfd6b2e1bd6db4057ef6b12ca385cad9a7ad82c4414e619f97dfd08a55f59053
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 53c8b54713882d4d5439511804935e
-      Version: 3
-      TBS:
-        MD5: 49e7946e133b4aaa31899adb235d3fa9
-        SHA1: f9f38ec49a6ccb990805be6dda0efa5f7fe8f7e7
-        SHA256: 1bb998a806b890e3300be35de0daa1b691fa218ef3d58ee5ec1b43fd34250a74
-        SHA384: 0a2ca21b084e3b431a7150c49819934d64a8b259d5686706d879a90cc37d32005eb2bbe07558b312b1169ab8a3e3de39
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 53c8b54713882d4d5439511804935e
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 958dd67f866ae27cf716e30a025b266f
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 3a19663e83c3569a86812ef915de52bc
-    SHA1: cd9a022e078eaa2364155e00942edbecb85619b0
-    SHA256: 8d3ed9427dcc4f79be3585d41ab9c0bb447d6a0258dd919c4d49e02dedbaa47b
-  Company: Windows (R) Win 7 DDK provider
-  Copyright: "\xA9 Microsoft Corporation. All rights reserved."
-  CreationTimestamp: '2010-06-04 07:51:45'
-  Description: CPUID Driver
-  ExportedFunctions: ''
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Filename: cpuz.sys
-  ImportedFunctions:
-  - RtlAnsiStringToUnicodeString
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeInitializeEvent
-  - RtlInitAnsiString
-  - MmUnmapIoSpace
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - MmMapIoSpace
-  - ExFreePoolWithTag
-  - KeWaitForSingleObject
-  - PsGetVersion
-  - IoCreateSymbolicLink
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - IofCallDriver
-  - KeBugCheckEx
-  - IoDeleteSymbolicLink
-  - IoBuildDeviceIoControlRequest
-  - IofCompleteRequest
-  - ExAllocatePoolWithTag
-  - RtlUnwindEx
-  - HalSetBusDataByOffset
-  - KeStallExecutionProcessor
-  - HalGetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: cpuz.sys
-  MD5: 4a85754636c694572ca9f440d254f5ce
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: cpuz.sys
-  Product: Windows (R) Win 7 DDK driver
-  ProductVersion: 6.1.7600.16385
-  RichPEHeaderHash:
-    MD5: 93394769f926489de472acbbd72c3d8b
-    SHA1: 6e6c943f13b82d4d46331de813914d4db63771f7
-    SHA256: 53362bef3277e59f67ebc5a085f1cbe60e5c9aef1a18a2ac391b2f4954fa9649
-  SHA1: dd55015f5406f0051853fd7cca3ab0406b5a2d52
-  SHA256: 8688e43d94b41eeca2ed458b8fc0d02f74696a918e375ecd3842d8627e7a8f2b
-  Sections:
-    .text:
-      Entropy: 6.206552850925677
-      Virtual Size: '0x21a6'
-    .rdata:
-      Entropy: 4.27776755944508
-      Virtual Size: '0x3c0'
-    .data:
-      Entropy: 0.378703493487675
-      Virtual Size: '0x2c0'
-    .pdata:
-      Entropy: 3.401674357474197
-      Virtual Size: '0x90'
-    INIT:
-      Entropy: 5.076342695575086
-      Virtual Size: '0x3f0'
-    .rsrc:
-      Entropy: 3.4148190207283133
-      Virtual Size: '0x3d0'
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=CPUID
-      ValidFrom: '2009-02-02 00:00:00'
-      ValidTo: '2012-02-07 23:59:59'
-      Signature: 9a9bbecb393272aaedfd7a125e0fe581151a18a75a4094e082a38156f62018b9d59edef27429bbea60d6e146a2ce134546d54e00b6585c1d85e3aedfb3b9a5de7728a96b2bcc26106655bae6bc5ce3a72714f9e23282a2fba29fc870b394e832f07dc50ded3a042953fe91379769e424398278b6ed14ae4f6b4cce5fa7ba20fc8d157a78fd308214d177189bcd76b2bd62a861a8c1562e2748f338f7369f0f062804685399a6655fcb4564a644e7a8bee8330557376884cce9153992e8e205bc1474dbd0109b3c87991db9bb77a9dff5775267390431ce56ff49500d8ad70be34a0d9a0b112e07eb55f0fe07de9ac93a0b30cb36029b5ec41e032daf66627d4e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
-      Version: 3
-      TBS:
-        MD5: fb72fa311261c4fb6a786e5cc7ce1d2f
-        SHA1: 1006abcf3b1eb43fd4cc42a2cc25346b3b9002c3
-        SHA256: 01beb7dc0d29b16a5506fc611b435aa0f4d9c50408ca404e91135e493a20890a
-        SHA384: 759175ad5a7509fc3ea3678d14e568abd0edeb753b53af88af04869bea98a07314b88c26de077ab3bdb6dbb1df1b93f9
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  Imphash: 68062e8b9d3c1e6cc62a9cae16a12b81
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: a67c91579145d058cf7cd3f8f60bf613
-    SHA1: cb981516b9979025669c080a74c9308dca04963a
-    SHA256: 02fcbc5372c9bf31903376bde11d558ab7c7f13bde005120e24bdb1aef5d0134
-  Company: CPUID
-  Copyright: Copyright(C) 2014 CPUID
-  CreationTimestamp: '2015-02-26 00:04:34'
-  Description: CPUID Driver
-  ExportedFunctions: ''
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Filename: cpuz.sys
-  ImportedFunctions:
-  - RtlAnsiStringToUnicodeString
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeInitializeEvent
-  - RtlInitAnsiString
-  - MmUnmapIoSpace
-  - IoCancelIrp
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - ExFreePoolWithTag
-  - IofCompleteRequest
-  - KeWaitForSingleObject
-  - PsGetVersion
-  - IoCreateSymbolicLink
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - IofCallDriver
-  - KeBugCheckEx
-  - IoDeleteSymbolicLink
-  - IoBuildDeviceIoControlRequest
-  - MmMapIoSpace
-  - ExAllocatePoolWithTag
-  - RtlUnwindEx
-  - HalSetBusDataByOffset
-  - KeStallExecutionProcessor
-  - HalGetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: cpuz.sys
-  MD5: 8741e6df191c805028b92cec44b1ba88
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: cpuz.sys
-  Product: CPUID service
-  ProductVersion: 6.1.7600.16385
-  RichPEHeaderHash:
-    MD5: b3dcf662ce69ad7b34717fb6aecf09a7
-    SHA1: 63be2c28ecee71a739bfbaf38466362e998bc5bc
-    SHA256: f4257b7e95b00b38e446b2708cc342fe32846266064b94c78ec1f987731c2226
-  SHA1: ba0938512d7abab23a72279b914d0ea0fb46e498
-  SHA256: 8cf0cbbdc43f9b977f0fb79e0a0dd0e1adabe08a67d0f40d727c717c747de775
-  Sections:
-    .text:
-      Entropy: 6.187068215362904
-      Virtual Size: '0x30c6'
-    .rdata:
-      Entropy: 4.226233458071221
-      Virtual Size: '0x424'
-    .data:
-      Entropy: 0.378703493487675
-      Virtual Size: '0x2c0'
-    .pdata:
-      Entropy: 3.5511621274596537
-      Virtual Size: '0xd8'
-    INIT:
-      Entropy: 5.131854482283732
-      Virtual Size: '0x3ea'
-    .rsrc:
-      Entropy: 3.3971374522271924
-      Virtual Size: '0x350'
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, CN=CPUID
-      ValidFrom: '2014-12-02 00:00:00'
-      ValidTo: '2018-03-02 23:59:59'
-      Signature: a59808b35f916a1201f0987b958aaaf50b81f3e507cf9d1b902bc22787244617e38069e4ca74bcf505dfdfeb6bad8bee2ecba26a428c2b26c9b9987241b50ccfd895a7335b35534c5569fdef2554d773cb3b20f10e08eeff2701d2a3e8ef7c5bb759baf1995d1580dce4f0c5da90eff4f07e01e7c9273b24c14c514f2ae1d1fe940dd53bfa25572cd6f3c007c7f21aebc58ea32ca3aea83c731419c9dcc191158cbb52b0b70545a16c9b42aadd4dcb167443d6c15fa03ae7f6f0f644845a69cb8badb3f143fd916a70c5008c3486d1f0cc8e0527f76da5aeaca4925f6eb6861dd54e1ce8b80e6b000446d77ac8bd0299e38db3b8e4a9c43294367cd6a55351d0
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 2d8021d84f098e7abde199f818e211a4
-      Version: 3
-      TBS:
-        MD5: 8f8c7ccf1ef7e1ee347f49e8266008ca
-        SHA1: b856b993df73da9d824aa1e5161788bd10d1e10e
-        SHA256: 1dd13a417806106c76cfbcd3614fe27a0638d2aaf2731f6a110c05043e34ad91
-        SHA384: d24ede407b82f80a6f0703b59af267f227a956c21f642f4c3d717d6999728ba2acfde76966340f4334f8ecdcf294616e
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 2d8021d84f098e7abde199f818e211a4
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: f12ae9073d95c22ed89247253d59f500
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: b2c31454c057d73fb6d240356a32f8f1
-    SHA1: f965db8fa1ef4ce0a738aad55d82c0cf63a47915
-    SHA256: 16398965e9cea179b2e5ca884e3af032dece08d4ef33bdd83234ee441d71a5fa
-  Company: CPUID
-  Copyright: Copyright(C) 2015 CPUID
-  CreationTimestamp: '2016-01-27 02:18:15'
-  Description: CPUID Driver
-  ExportedFunctions: ''
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Filename: cpuz.sys
-  ImportedFunctions:
-  - RtlAnsiStringToUnicodeString
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeInitializeEvent
-  - RtlInitAnsiString
-  - MmUnmapIoSpace
-  - IoCancelIrp
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - ExFreePoolWithTag
-  - IofCompleteRequest
-  - KeWaitForSingleObject
-  - PsGetVersion
-  - IoCreateSymbolicLink
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - IofCallDriver
-  - KeBugCheckEx
-  - IoDeleteSymbolicLink
-  - IoBuildDeviceIoControlRequest
-  - MmMapIoSpace
-  - ExAllocatePoolWithTag
-  - RtlUnwindEx
-  - HalSetBusDataByOffset
-  - KeStallExecutionProcessor
-  - HalGetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: cpuz.sys
-  MD5: bf581e9eb91bace0b02a2c5a54bf1419
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: cpuz.sys
-  Product: CPUID service
-  ProductVersion: 6.1.7600.16385
-  RichPEHeaderHash:
-    MD5: b3dcf662ce69ad7b34717fb6aecf09a7
-    SHA1: 63be2c28ecee71a739bfbaf38466362e998bc5bc
-    SHA256: f4257b7e95b00b38e446b2708cc342fe32846266064b94c78ec1f987731c2226
-  SHA1: 13df48ab4cd412651b2604829ce9b61d39a791bb
-  SHA256: 8d57e416ea4bb855b78a2ff3c80de1dfbb5dc5ee9bfbdddb23e46bd8619287e2
-  Sections:
-    .text:
-      Entropy: 6.188258985068624
-      Virtual Size: '0x30c6'
-    .rdata:
-      Entropy: 4.223852822083244
-      Virtual Size: '0x424'
-    .data:
-      Entropy: 0.378703493487675
-      Virtual Size: '0x2c0'
-    .pdata:
-      Entropy: 3.5511621274596537
-      Virtual Size: '0xd8'
-    INIT:
-      Entropy: 5.131854482283732
-      Virtual Size: '0x3ea'
-    .rsrc:
-      Entropy: 3.3958173868041217
-      Virtual Size: '0x350'
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, CN=CPUID
-      ValidFrom: '2014-12-02 00:00:00'
-      ValidTo: '2018-03-02 23:59:59'
-      Signature: a59808b35f916a1201f0987b958aaaf50b81f3e507cf9d1b902bc22787244617e38069e4ca74bcf505dfdfeb6bad8bee2ecba26a428c2b26c9b9987241b50ccfd895a7335b35534c5569fdef2554d773cb3b20f10e08eeff2701d2a3e8ef7c5bb759baf1995d1580dce4f0c5da90eff4f07e01e7c9273b24c14c514f2ae1d1fe940dd53bfa25572cd6f3c007c7f21aebc58ea32ca3aea83c731419c9dcc191158cbb52b0b70545a16c9b42aadd4dcb167443d6c15fa03ae7f6f0f644845a69cb8badb3f143fd916a70c5008c3486d1f0cc8e0527f76da5aeaca4925f6eb6861dd54e1ce8b80e6b000446d77ac8bd0299e38db3b8e4a9c43294367cd6a55351d0
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 2d8021d84f098e7abde199f818e211a4
-      Version: 3
-      TBS:
-        MD5: 8f8c7ccf1ef7e1ee347f49e8266008ca
-        SHA1: b856b993df73da9d824aa1e5161788bd10d1e10e
-        SHA256: 1dd13a417806106c76cfbcd3614fe27a0638d2aaf2731f6a110c05043e34ad91
-        SHA384: d24ede407b82f80a6f0703b59af267f227a956c21f642f4c3d717d6999728ba2acfde76966340f4334f8ecdcf294616e
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 2d8021d84f098e7abde199f818e211a4
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: f12ae9073d95c22ed89247253d59f500
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: ac9131c2fc8e77ef414ad451d35e4d1e
-    SHA1: 7b63ad1179825964aae9d1486fefed1b8f26a8a8
-    SHA256: 1a8a5aebf83d1fa6daf74e48fc600e22b8fdceafb5dd7c7e14db2aa2a28e8c24
-  Company: Windows (R) Codename Longhorn DDK provider
-  Copyright: "\xA9 Microsoft Corporation. All rights reserved."
-  CreationTimestamp: '2008-01-25 04:39:05'
-  Description: CPUID Driver
-  ExportedFunctions: ''
-  FileVersion: '6.0.6000.16386 built by: WinDDK'
-  Filename: cpuz.sys
-  ImportedFunctions:
-  - KeWaitForSingleObject
-  - PsGetVersion
-  - MmUnmapIoSpace
-  - IoBuildDeviceIoControlRequest
-  - IoCreateSymbolicLink
-  - IoDeleteSymbolicLink
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - IofCompleteRequest
-  - RtlFreeUnicodeString
-  - RtlAnsiStringToUnicodeString
-  - IofCallDriver
-  - IoGetDeviceObjectPointer
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - MmMapIoSpace
-  - KeBugCheckEx
-  - RtlInitAnsiString
-  - IoCreateDevice
-  - KeInitializeEvent
-  - RtlUnwindEx
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: cpuz.sys
-  MD5: 94ccef76fda12ab0b8270f9b2980552b
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: cpuz.sys
-  Product: Windows (R) Codename Longhorn DDK driver
-  ProductVersion: 6.0.6000.16386
-  RichPEHeaderHash:
-    MD5: 59cd82b693e20fe9af1be9ea12f739b9
-    SHA1: 1842433338394740479c35b690fc50c41d9f6efa
-    SHA256: fa2e40c67651befa71893d8a672a90a1f996057b6f5c15d2304bbfe120cf9115
-  SHA1: e4cbb48aa1aff6cf4ea94ef3b7afb6c245ac47e8
-  SHA256: 8e5aef7c66c0e92dfc037ee29ade1c8484b8d7fadebdcf521d2763b1d8215126
-  Sections:
-    .text:
-      Entropy: 6.050801271329098
-      Virtual Size: '0x1596'
-    .rdata:
-      Entropy: 4.266884457332851
-      Virtual Size: '0x304'
-    .data:
-      Entropy: 0.6099523004172788
-      Virtual Size: '0x124'
-    .pdata:
-      Entropy: 3.2933218797117716
-      Virtual Size: '0x6c'
-    INIT:
-      Entropy: 4.943162739985603
-      Virtual Size: '0x370'
-    .rsrc:
-      Entropy: 3.3933870153256342
-      Virtual Size: '0x400'
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=CPUID
-      ValidFrom: '2007-02-08 00:00:00'
-      ValidTo: '2009-02-07 23:59:59'
-      Signature: 6ca08361ce69863ade5289039d2e6eaf79729d950a57fc32158e56bc0bfc05ca3b76263b8e8a5e2279522eceed35495c697a2f1b1631e1a4f997c8b2e14cd08a3b4aaeca9f150126f5933e6a29fde1e3ef607f452219582ac034c3f95023fd6c5474008ecea3aab5ba096ae73a3dd76b296d3c8b06a72ca763698e49474d624c22ad57a3d11342be8a6d2a49e4af5893003fcf02900a0fbf4854858cc0468d23b9917cfe59ac8b7058de49ab25bbca0bc67f1f367309deed4827295173fad53932d12ad79b8c70175e640f7917fd60940be86d1af397dd5eb0ecb9e92f9e3dc03f2cbf51e9776b31a8cba38fabd8b27e561f66a5ddad46546d6bc984a6a8d8bc
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 10e29d74903d9c7cd58caa35a0944770
-      Version: 3
-      TBS:
-        MD5: 5e3b5587eb8c553dc279bb241c30689d
-        SHA1: 5b5631ff0033ed753a5c630a4d8d48772050db32
-        SHA256: 9b30d9d9f9fd9c0480c0503dd4ac86649d2cc180d1401ade6dd8048356d7f634
-        SHA384: 1886034ac8dc819ed45b8b48b0225cdb142d53d61bda992ee7e4923276c3c36dffbb0f8d929e1ad20c3437709df2399a
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 10e29d74903d9c7cd58caa35a0944770
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  Imphash: aa54fa0523f677e56d6d8199e5e18732
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 99cba45243e4a9e5999224b5719ccc2d
-    SHA1: 43ffee630881d6ae82640c59c674e9ee57cb5eac
-    SHA256: 94f39e23194d01698b2d8e7bb1c212bf192e81df59766d4adf5f7e33bbe13181
-  Company: CPUID
-  Copyright: Copyright(C) 2015 CPUID
-  CreationTimestamp: '2015-11-18 02:14:04'
-  Description: CPUID Driver
-  ExportedFunctions: ''
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Filename: cpuz.sys
-  ImportedFunctions:
-  - IofCompleteRequest
-  - ExFreePool
-  - ExAllocatePoolWithTag
-  - RtlFreeUnicodeString
-  - ObfDereferenceObject
-  - IoGetDeviceObjectPointer
-  - RtlAnsiStringToUnicodeString
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - RtlUnwind
-  - KeTickCount
-  - KeBugCheckEx
-  - RtlInitUnicodeString
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - PsGetVersion
-  - KeInitializeEvent
-  - IoBuildDeviceIoControlRequest
-  - IofCallDriver
-  - KeWaitForSingleObject
-  - RtlInitAnsiString
-  - IoCancelIrp
-  - READ_PORT_USHORT
-  - READ_PORT_ULONG
-  - WRITE_PORT_UCHAR
-  - WRITE_PORT_USHORT
-  - WRITE_PORT_ULONG
-  - KeStallExecutionProcessor
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  - READ_PORT_UCHAR
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: cpuz.sys
-  MD5: 9b157f1261a8a42e4ef5ec23dd4cda9e
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: cpuz.sys
-  Product: CPUID service
-  ProductVersion: 6.1.7600.16385
-  RichPEHeaderHash:
-    MD5: 151279b238de6194a32d8ca426ceaeee
-    SHA1: 7836f9fa452c5a538aed446df8439f2f49cc74aa
-    SHA256: 1319e59df060332195af6318ab22fe3f5018b1498211216a28a48f73980ab3b0
-  SHA1: 99bd8c1f5eeedd9f6a9252df5dbd0e42ef5999a4
-  SHA256: 900dd68ccc72d73774a347b3290c4b6153ae496a81de722ebb043e2e99496f88
-  Sections:
-    .text:
-      Entropy: 6.229266851006058
-      Virtual Size: '0x3260'
-    .rdata:
-      Entropy: 4.675179768119331
-      Virtual Size: '0x2f4'
-    .data:
-      Entropy: 0.335842300318532
-      Virtual Size: '0x1e0'
-    INIT:
-      Entropy: 5.428373271150746
-      Virtual Size: '0x3dc'
-    .rsrc:
-      Entropy: 3.3925686987119477
-      Virtual Size: '0x350'
-    .reloc:
-      Entropy: 5.597642275362914
-      Virtual Size: '0x27c'
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, CN=CPUID
-      ValidFrom: '2014-12-02 00:00:00'
-      ValidTo: '2018-03-02 23:59:59'
-      Signature: a59808b35f916a1201f0987b958aaaf50b81f3e507cf9d1b902bc22787244617e38069e4ca74bcf505dfdfeb6bad8bee2ecba26a428c2b26c9b9987241b50ccfd895a7335b35534c5569fdef2554d773cb3b20f10e08eeff2701d2a3e8ef7c5bb759baf1995d1580dce4f0c5da90eff4f07e01e7c9273b24c14c514f2ae1d1fe940dd53bfa25572cd6f3c007c7f21aebc58ea32ca3aea83c731419c9dcc191158cbb52b0b70545a16c9b42aadd4dcb167443d6c15fa03ae7f6f0f644845a69cb8badb3f143fd916a70c5008c3486d1f0cc8e0527f76da5aeaca4925f6eb6861dd54e1ce8b80e6b000446d77ac8bd0299e38db3b8e4a9c43294367cd6a55351d0
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 2d8021d84f098e7abde199f818e211a4
-      Version: 3
-      TBS:
-        MD5: 8f8c7ccf1ef7e1ee347f49e8266008ca
-        SHA1: b856b993df73da9d824aa1e5161788bd10d1e10e
-        SHA256: 1dd13a417806106c76cfbcd3614fe27a0638d2aaf2731f6a110c05043e34ad91
-        SHA384: d24ede407b82f80a6f0703b59af267f227a956c21f642f4c3d717d6999728ba2acfde76966340f4334f8ecdcf294616e
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 2d8021d84f098e7abde199f818e211a4
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 643f4d79f35dddc9bb5cc04a0f0c18d3
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 9b4bb5dc9df3edd0d7d859629c80c2dc
-    SHA1: 706789b1bf76e4d337957a36d60b96b7743f9f62
-    SHA256: eb6807c46e2d4808f07cca9242e7a59393fdab6ccf4da1aec124ef2a34398d43
-  Company: CPUID
-  Copyright: Copyright(C) 2014 CPUID
-  CreationTimestamp: '2014-02-17 07:22:16'
-  Description: CPUID Driver
-  ExportedFunctions: ''
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Filename: cpuz.sys
-  ImportedFunctions:
-  - RtlAnsiStringToUnicodeString
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeInitializeEvent
-  - RtlInitAnsiString
-  - MmUnmapIoSpace
-  - IoCancelIrp
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - ExFreePoolWithTag
-  - IofCompleteRequest
-  - KeWaitForSingleObject
-  - PsGetVersion
-  - IoCreateSymbolicLink
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - IofCallDriver
-  - KeBugCheckEx
-  - IoDeleteSymbolicLink
-  - IoBuildDeviceIoControlRequest
-  - MmMapIoSpace
-  - ExAllocatePoolWithTag
-  - RtlUnwindEx
-  - HalSetBusDataByOffset
-  - KeStallExecutionProcessor
-  - HalGetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: cpuz.sys
-  MD5: 5212e0957468d3f94d90fa7a0f06b58f
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: cpuz.sys
-  Product: CPUID service
-  ProductVersion: 6.1.7600.16385
-  RichPEHeaderHash:
-    MD5: 685a19a8e9f46a76067db83da501dca0
-    SHA1: 5f76e4cf5157450837536db016e9981cb41394d2
-    SHA256: 1a0c69ff029488d41c7d9413943c28d389016adb26698d9baf02c6f32739d591
-  SHA1: ad1616ea6dc17c91d983e829aa8a6706e81a3d27
-  SHA256: 955dac77a0148e9f9ed744f5d341cb9c9118261e52fe622ac6213965f2bc4cad
-  Sections:
-    .text:
-      Entropy: 6.201540970632788
-      Virtual Size: '0x2c56'
-    .rdata:
-      Entropy: 4.139510166690065
-      Virtual Size: '0x424'
-    .data:
-      Entropy: 0.378703493487675
-      Virtual Size: '0x2c0'
-    .pdata:
-      Entropy: 3.603856484265247
-      Virtual Size: '0xc0'
-    INIT:
-      Entropy: 5.076575853289
-      Virtual Size: '0x406'
-    .rsrc:
-      Entropy: 3.3938887641350184
-      Virtual Size: '0x350'
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=CPUID
-      ValidFrom: '2012-01-06 00:00:00'
-      ValidTo: '2015-02-06 23:59:59'
-      Signature: be6fb3b3b33e9108a9a2273d1cf5eb3209a8c3a86ba7d66069393587f6b451b75b327ea15d36b1604aad5509c0ace37fa66e220b35764b9c201169677738c06802d2f798383c256c690898a663b0aeb519491057f9f24149c513abba2a4cab9934a684e5d83a34105fe6681f2b85d5ee06332d1c05c3627758442fd2fc94f5f68bb30f085cb1d31174e1461394aeef7b124291a099654d1103df3deab81e9658b5b5cc817061d688ae39e702f1d0dd420d6de931bed331960e089233b8576482e48d5b769fdfa8df02e1d098912444b324057826e1f72c26f045b2479a9b39eadfd6b2e1bd6db4057ef6b12ca385cad9a7ad82c4414e619f97dfd08a55f59053
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 53c8b54713882d4d5439511804935e
-      Version: 3
-      TBS:
-        MD5: 49e7946e133b4aaa31899adb235d3fa9
-        SHA1: f9f38ec49a6ccb990805be6dda0efa5f7fe8f7e7
-        SHA256: 1bb998a806b890e3300be35de0daa1b691fa218ef3d58ee5ec1b43fd34250a74
-        SHA384: 0a2ca21b084e3b431a7150c49819934d64a8b259d5686706d879a90cc37d32005eb2bbe07558b312b1169ab8a3e3de39
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 53c8b54713882d4d5439511804935e
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 82942c060f79cefd3bf1acdf5c207561
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: c8b8d6e4b9b4f42714f3abfb66880ccf
-    SHA1: 5848f7c4dadcb1ea16f4d9e533a84a6d6f522f8b
-    SHA256: 057e45b47fe0ca96fe3741058bc4365c9a866dff925cab8cfea4c161b990e8e2
-  Company: CPUID
-  Copyright: Copyright(C) 2010 CPUID
-  CreationTimestamp: '2012-05-23 08:53:22'
-  Description: CPUID Driver
-  ExportedFunctions: ''
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Filename: cpuz.sys
-  ImportedFunctions:
-  - RtlAnsiStringToUnicodeString
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeInitializeEvent
-  - RtlInitAnsiString
-  - MmUnmapIoSpace
-  - IoCancelIrp
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - MmMapIoSpace
-  - ExFreePoolWithTag
-  - KeWaitForSingleObject
-  - PsGetVersion
-  - IoCreateSymbolicLink
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - DbgPrint
-  - IofCallDriver
-  - KeBugCheckEx
-  - IoDeleteSymbolicLink
-  - IoBuildDeviceIoControlRequest
-  - IofCompleteRequest
-  - ExAllocatePoolWithTag
-  - RtlUnwindEx
-  - HalSetBusDataByOffset
-  - KeStallExecutionProcessor
-  - HalGetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: cpuz.sys
-  MD5: 56b54823a79a53747cbe11f8c4db7b1e
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: cpuz.sys
-  Product: CPUID service
-  ProductVersion: 6.1.7600.16385
-  RichPEHeaderHash:
-    MD5: dd4b3ae5449a7da46b90bead31c1bab6
-    SHA1: 76abd50622838fcbb459166b2b42850bc5cfd18b
-    SHA256: 3bb0708613c56dbb77df753872797d73065432ac7c2ea3cde2569173972c7dac
-  SHA1: 1d9fd846e12104ae31fd6f6040b93fc689abf047
-  SHA256: 9a523854fe84f15efc1635d7f5d3e71812c45d6a4d2c99c29fdc4b4d9c84954c
-  Sections:
-    .text:
-      Entropy: 6.203757143489118
-      Virtual Size: '0x2616'
-    .rdata:
-      Entropy: 4.1950691845593875
-      Virtual Size: '0x3ec'
-    .data:
-      Entropy: 0.378703493487675
-      Virtual Size: '0x2c0'
-    .pdata:
-      Entropy: 3.499086286863614
-      Virtual Size: '0xc0'
-    INIT:
-      Entropy: 5.052256723807581
-      Virtual Size: '0x41a'
-    .rsrc:
-      Entropy: 3.3943730160709853
-      Virtual Size: '0x350'
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G3
-      ValidFrom: '2012-05-01 00:00:00'
-      ValidTo: '2012-12-31 23:59:59'
-      Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
-      Version: 3
-      TBS:
-        MD5: e6d820afb23af20a65cf0b03247ea05e
-        SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
-        SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
-        SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=CPUID
-      ValidFrom: '2012-01-06 00:00:00'
-      ValidTo: '2015-02-06 23:59:59'
-      Signature: be6fb3b3b33e9108a9a2273d1cf5eb3209a8c3a86ba7d66069393587f6b451b75b327ea15d36b1604aad5509c0ace37fa66e220b35764b9c201169677738c06802d2f798383c256c690898a663b0aeb519491057f9f24149c513abba2a4cab9934a684e5d83a34105fe6681f2b85d5ee06332d1c05c3627758442fd2fc94f5f68bb30f085cb1d31174e1461394aeef7b124291a099654d1103df3deab81e9658b5b5cc817061d688ae39e702f1d0dd420d6de931bed331960e089233b8576482e48d5b769fdfa8df02e1d098912444b324057826e1f72c26f045b2479a9b39eadfd6b2e1bd6db4057ef6b12ca385cad9a7ad82c4414e619f97dfd08a55f59053
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 53c8b54713882d4d5439511804935e
-      Version: 3
-      TBS:
-        MD5: 49e7946e133b4aaa31899adb235d3fa9
-        SHA1: f9f38ec49a6ccb990805be6dda0efa5f7fe8f7e7
-        SHA256: 1bb998a806b890e3300be35de0daa1b691fa218ef3d58ee5ec1b43fd34250a74
-        SHA384: 0a2ca21b084e3b431a7150c49819934d64a8b259d5686706d879a90cc37d32005eb2bbe07558b312b1169ab8a3e3de39
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 53c8b54713882d4d5439511804935e
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 2561727ac42d399030b3c46477c428f4
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 3c2269699f0187275c2b144f9b60d5e6
-    SHA1: 69aabc267344bd9f98bd2fddc7213de735ba79d7
-    SHA256: 2fb8f2a0a32f2e73921a16a7836ff14122da45582aae742e6afd4d7ca15b3da3
-  Company: CPUID
-  Copyright: Copyright(C) 2016 CPUID
-  CreationTimestamp: '2016-08-14 13:15:42'
-  Description: CPUID Driver
-  ExportedFunctions: ''
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Filename: cpuz.sys
-  ImportedFunctions:
-  - RtlAnsiStringToUnicodeString
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeInitializeEvent
-  - RtlInitAnsiString
-  - MmUnmapIoSpace
-  - IoCancelIrp
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - ExFreePoolWithTag
-  - IofCompleteRequest
-  - KeWaitForSingleObject
-  - PsGetVersion
-  - IoCreateSymbolicLink
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - IofCallDriver
-  - KeBugCheckEx
-  - IoDeleteSymbolicLink
-  - IoBuildDeviceIoControlRequest
-  - MmMapIoSpace
-  - ExAllocatePoolWithTag
-  - RtlUnwindEx
-  - HalSetBusDataByOffset
-  - KeStallExecutionProcessor
-  - HalGetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: cpuz.sys
-  MD5: 29872c7376c42e2a64fa838dad98aa11
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: cpuz.sys
-  Product: CPUID service
-  ProductVersion: 6.1.7600.16385
-  RichPEHeaderHash:
-    MD5: b3dcf662ce69ad7b34717fb6aecf09a7
-    SHA1: 63be2c28ecee71a739bfbaf38466362e998bc5bc
-    SHA256: f4257b7e95b00b38e446b2708cc342fe32846266064b94c78ec1f987731c2226
-  SHA1: 8ec28d7da81cf202f03761842738d740c0bb2fed
-  SHA256: a072197177aad26c31960694e38e2cae85afbab070929e67e331b99d3a418cf4
-  Sections:
-    .text:
-      Entropy: 6.219876754346496
-      Virtual Size: '0x3366'
-    .rdata:
-      Entropy: 4.23881802889425
-      Virtual Size: '0x424'
-    .data:
-      Entropy: 0.378703493487675
-      Virtual Size: '0x440'
-    .pdata:
-      Entropy: 3.638628882332417
-      Virtual Size: '0xf0'
-    INIT:
-      Entropy: 5.131854482283732
-      Virtual Size: '0x3ea'
-    .rsrc:
-      Entropy: 3.38341382722288
-      Virtual Size: '0x350'
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, CN=CPUID
-      ValidFrom: '2014-12-02 00:00:00'
-      ValidTo: '2018-03-02 23:59:59'
-      Signature: a59808b35f916a1201f0987b958aaaf50b81f3e507cf9d1b902bc22787244617e38069e4ca74bcf505dfdfeb6bad8bee2ecba26a428c2b26c9b9987241b50ccfd895a7335b35534c5569fdef2554d773cb3b20f10e08eeff2701d2a3e8ef7c5bb759baf1995d1580dce4f0c5da90eff4f07e01e7c9273b24c14c514f2ae1d1fe940dd53bfa25572cd6f3c007c7f21aebc58ea32ca3aea83c731419c9dcc191158cbb52b0b70545a16c9b42aadd4dcb167443d6c15fa03ae7f6f0f644845a69cb8badb3f143fd916a70c5008c3486d1f0cc8e0527f76da5aeaca4925f6eb6861dd54e1ce8b80e6b000446d77ac8bd0299e38db3b8e4a9c43294367cd6a55351d0
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 2d8021d84f098e7abde199f818e211a4
-      Version: 3
-      TBS:
-        MD5: 8f8c7ccf1ef7e1ee347f49e8266008ca
-        SHA1: b856b993df73da9d824aa1e5161788bd10d1e10e
-        SHA256: 1dd13a417806106c76cfbcd3614fe27a0638d2aaf2731f6a110c05043e34ad91
-        SHA384: d24ede407b82f80a6f0703b59af267f227a956c21f642f4c3d717d6999728ba2acfde76966340f4334f8ecdcf294616e
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 2d8021d84f098e7abde199f818e211a4
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: f12ae9073d95c22ed89247253d59f500
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: b8844b695f5170c70ac66f95324f836a
-    SHA1: 195024cc4a4adea16e6c2df8f2f8489a28f36beb
-    SHA256: 66cc007348a41fb33fab59f5ea265006534ba82db4eb7327039cbe2b4ce7e077
-  Company: CPUID
-  Copyright: Copyright(C) 2012 CPUID
-  CreationTimestamp: '2012-10-06 05:54:39'
-  Description: CPUID Driver
-  ExportedFunctions: ''
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Filename: cpuz.sys
-  ImportedFunctions:
-  - PsGetVersion
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeTickCount
-  - KeBugCheckEx
-  - IofCompleteRequest
-  - MmMapIoSpace
-  - MmUnmapIoSpace
-  - ProbeForWrite
-  - IoDeleteDevice
-  - RtlInitUnicodeString
-  - IoDeleteSymbolicLink
-  - RtlUnwindEx
-  - RtlPcToFileHeader
-  - READ_PORT_USHORT
-  - WRITE_PORT_ULONG
-  - HalGetBusDataByOffset
-  - HalSetBusDataByOffset
-  - READ_PORT_UCHAR
-  - HalCallPal
-  - WRITE_PORT_UCHAR
-  - KeStallExecutionProcessor
-  - WRITE_PORT_USHORT
-  - READ_PORT_ULONG
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: cpuz.sys
-  MD5: 557fd33ee99db6fe263cfcb82b7866b3
-  MachineType: IA64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: cpuz.sys
-  Product: CPUID service
-  ProductVersion: 6.1.7600.16385
-  RichPEHeaderHash:
-    MD5: d6643b31d447dc612fb7920d936baf5a
-    SHA1: 0d2acfebbfb9a35446bb9ff7b915c8ff514fd7dc
-    SHA256: 98f7bc08e99aa659bfb0295c09adf8ccfdb7f7ad8cc065cfb4f0732585c1855c
-  SHA1: 0a6e0f9f3d7179a99345d40e409895c12919195b
-  SHA256: aebcbfca180e372a048b682a4859fd520c98b5b63f6e3a627c626cb35adc0399
-  Sections:
-    .text:
-      Entropy: 5.406032855001113
-      Virtual Size: '0x39c0'
-    .rdata:
-      Entropy: 4.152970301277938
-      Virtual Size: '0x3d8'
-    .pdata:
-      Entropy: 3.3263502634141657
-      Virtual Size: '0xb4'
-    .sdata:
-      Entropy: 1.1203888318125959
-      Virtual Size: '0x2a0'
-    INIT:
-      Entropy: 5.0324391219722715
-      Virtual Size: '0x3e8'
-    .rsrc:
-      Entropy: 3.3968253502148213
-      Virtual Size: '0x350'
-    .reloc:
-      Entropy: 0.9613220996213607
-      Virtual Size: '0x168'
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G3
-      ValidFrom: '2012-05-01 00:00:00'
-      ValidTo: '2012-12-31 23:59:59'
-      Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
-      Version: 3
-      TBS:
-        MD5: e6d820afb23af20a65cf0b03247ea05e
-        SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
-        SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
-        SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=CPUID
-      ValidFrom: '2012-01-06 00:00:00'
-      ValidTo: '2015-02-06 23:59:59'
-      Signature: be6fb3b3b33e9108a9a2273d1cf5eb3209a8c3a86ba7d66069393587f6b451b75b327ea15d36b1604aad5509c0ace37fa66e220b35764b9c201169677738c06802d2f798383c256c690898a663b0aeb519491057f9f24149c513abba2a4cab9934a684e5d83a34105fe6681f2b85d5ee06332d1c05c3627758442fd2fc94f5f68bb30f085cb1d31174e1461394aeef7b124291a099654d1103df3deab81e9658b5b5cc817061d688ae39e702f1d0dd420d6de931bed331960e089233b8576482e48d5b769fdfa8df02e1d098912444b324057826e1f72c26f045b2479a9b39eadfd6b2e1bd6db4057ef6b12ca385cad9a7ad82c4414e619f97dfd08a55f59053
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 53c8b54713882d4d5439511804935e
-      Version: 3
-      TBS:
-        MD5: 49e7946e133b4aaa31899adb235d3fa9
-        SHA1: f9f38ec49a6ccb990805be6dda0efa5f7fe8f7e7
-        SHA256: 1bb998a806b890e3300be35de0daa1b691fa218ef3d58ee5ec1b43fd34250a74
-        SHA384: 0a2ca21b084e3b431a7150c49819934d64a8b259d5686706d879a90cc37d32005eb2bbe07558b312b1169ab8a3e3de39
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 53c8b54713882d4d5439511804935e
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: a2d936fa82b7340d28a697fb344046d8
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: a14a1ba39405f52d67d289b65f0c7eb9
-    SHA1: 11172e3f08444d643f277be83aaabe9f2aea74ca
-    SHA256: 3ce4a30668938fb7785c9958772e3c171af320ecfea8fc298160e80fbf80fb73
-  Company: CPUID
-  Copyright: Copyright(C) 2017 CPUID
-  CreationTimestamp: '2017-03-23 05:26:40'
-  Description: CPUID Driver
-  ExportedFunctions: ''
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Filename: cpuz.sys
-  ImportedFunctions:
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeInitializeEvent
-  - RtlInitAnsiString
-  - MmUnmapIoSpace
-  - IoCancelIrp
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - RtlAnsiStringToUnicodeString
-  - IofCompleteRequest
-  - KeWaitForSingleObject
-  - PsGetVersion
-  - IoCreateSymbolicLink
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - IofCallDriver
-  - KeBugCheckEx
-  - ExFreePoolWithTag
-  - IoDeleteSymbolicLink
-  - IoBuildDeviceIoControlRequest
-  - MmMapIoSpace
-  - ExAllocatePoolWithTag
-  - RtlUnwindEx
-  - HalGetBusDataByOffset
-  - HalSetBusDataByOffset
-  - KeStallExecutionProcessor
-  - KeQueryPerformanceCounter
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: cpuz.sys
-  MD5: c516acb873c7f8c24a0431df8287756e
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: cpuz.sys
-  Product: CPUID service
-  ProductVersion: 6.1.7600.16385
-  RichPEHeaderHash:
-    MD5: c046d6f14ec39d2a0f67a417bda83c5e
-    SHA1: 74661f1063b4c80566f75a1bee22c35f7af17fa9
-    SHA256: 440eebbdc09d290724d364056ba4e2725c75759819a6df0a1ed5c876ed7d2474
-  SHA1: f6f7b5776001149496092a95fb10218dea5d6a6b
-  SHA256: bac709c49ddee363c8e59e515f2f632324a0359e932b7d8cb1ce2d52a95981aa
-  Sections:
-    .text:
-      Entropy: 6.170317476121287
-      Virtual Size: '0x4536'
-    .rdata:
-      Entropy: 4.190423561703195
-      Virtual Size: '0x534'
-    .data:
-      Entropy: 0.378703493487675
-      Virtual Size: '0x440'
-    .pdata:
-      Entropy: 3.6289632983036624
-      Virtual Size: '0xfc'
-    INIT:
-      Entropy: 5.132100585029012
-      Virtual Size: '0x40e'
-    .rsrc:
-      Entropy: 3.394946071861716
-      Virtual Size: '0x350'
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, CN=CPUID
-      ValidFrom: '2014-12-02 00:00:00'
-      ValidTo: '2018-03-02 23:59:59'
-      Signature: a59808b35f916a1201f0987b958aaaf50b81f3e507cf9d1b902bc22787244617e38069e4ca74bcf505dfdfeb6bad8bee2ecba26a428c2b26c9b9987241b50ccfd895a7335b35534c5569fdef2554d773cb3b20f10e08eeff2701d2a3e8ef7c5bb759baf1995d1580dce4f0c5da90eff4f07e01e7c9273b24c14c514f2ae1d1fe940dd53bfa25572cd6f3c007c7f21aebc58ea32ca3aea83c731419c9dcc191158cbb52b0b70545a16c9b42aadd4dcb167443d6c15fa03ae7f6f0f644845a69cb8badb3f143fd916a70c5008c3486d1f0cc8e0527f76da5aeaca4925f6eb6861dd54e1ce8b80e6b000446d77ac8bd0299e38db3b8e4a9c43294367cd6a55351d0
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 2d8021d84f098e7abde199f818e211a4
-      Version: 3
-      TBS:
-        MD5: 8f8c7ccf1ef7e1ee347f49e8266008ca
-        SHA1: b856b993df73da9d824aa1e5161788bd10d1e10e
-        SHA256: 1dd13a417806106c76cfbcd3614fe27a0638d2aaf2731f6a110c05043e34ad91
-        SHA384: d24ede407b82f80a6f0703b59af267f227a956c21f642f4c3d717d6999728ba2acfde76966340f4334f8ecdcf294616e
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 2d8021d84f098e7abde199f818e211a4
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 8f96c3ef5dda3fe697d4a4d6326dbe37
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 560b782df855c5ea30b76ee4a9930d28
-    SHA1: 6423659ab76fad7627fd7fb16f05a40b8df8da4d
-    SHA256: 62daa7ab93684d935cdada8af43cba552d7692cb992411d27ba1ee50a9fb1883
-  Company: Windows (R) Win 7 DDK provider
-  Copyright: "\xA9 Microsoft Corporation. All rights reserved."
-  CreationTimestamp: '2010-03-30 15:34:16'
-  Description: CPUID Driver
-  ExportedFunctions: ''
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Filename: cpuz.sys
-  ImportedFunctions:
-  - RtlAnsiStringToUnicodeString
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - ProbeForWrite
-  - KeInitializeEvent
-  - RtlInitAnsiString
-  - MmUnmapIoSpace
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - ExFreePoolWithTag
-  - IofCompleteRequest
-  - KeWaitForSingleObject
-  - PsGetVersion
-  - IoCreateSymbolicLink
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - IofCallDriver
-  - KeBugCheckEx
-  - IoDeleteSymbolicLink
-  - IoBuildDeviceIoControlRequest
-  - MmMapIoSpace
-  - ExAllocatePoolWithTag
-  - RtlUnwindEx
-  - HalSetBusDataByOffset
-  - KeStallExecutionProcessor
-  - HalGetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: cpuz.sys
-  MD5: 641243746597fbd650e5000d95811ea3
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: cpuz.sys
-  Product: Windows (R) Win 7 DDK driver
-  ProductVersion: 6.1.7600.16385
-  RichPEHeaderHash:
-    MD5: 89dc670b5f7c06b577deeec9473dc96b
-    SHA1: af59c00ae531117ba9307257ab945cdf6c8309f6
-    SHA256: 35b9d8fc904c88f4df237edc610727f89c415e48bcf135191c43832bb2935ba6
-  SHA1: da42cefde56d673850f5ef69e7934d39a6de3025
-  SHA256: c3e150eb7e7292f70299d3054ed429156a4c32b1f7466a706a2b99249022979e
-  Sections:
-    .text:
-      Entropy: 6.180122394967694
-      Virtual Size: '0x2136'
-    .rdata:
-      Entropy: 4.244772424988803
-      Virtual Size: '0x3d0'
-    .data:
-      Entropy: 0.378703493487675
-      Virtual Size: '0x2c0'
-    .pdata:
-      Entropy: 3.5003735460865424
-      Virtual Size: '0x90'
-    INIT:
-      Entropy: 5.069433080691773
-      Virtual Size: '0x408'
-    .rsrc:
-      Entropy: 3.4155760648585995
-      Virtual Size: '0x3d0'
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=CPUID
-      ValidFrom: '2009-02-02 00:00:00'
-      ValidTo: '2012-02-07 23:59:59'
-      Signature: 9a9bbecb393272aaedfd7a125e0fe581151a18a75a4094e082a38156f62018b9d59edef27429bbea60d6e146a2ce134546d54e00b6585c1d85e3aedfb3b9a5de7728a96b2bcc26106655bae6bc5ce3a72714f9e23282a2fba29fc870b394e832f07dc50ded3a042953fe91379769e424398278b6ed14ae4f6b4cce5fa7ba20fc8d157a78fd308214d177189bcd76b2bd62a861a8c1562e2748f338f7369f0f062804685399a6655fcb4564a644e7a8bee8330557376884cce9153992e8e205bc1474dbd0109b3c87991db9bb77a9dff5775267390431ce56ff49500d8ad70be34a0d9a0b112e07eb55f0fe07de9ac93a0b30cb36029b5ec41e032daf66627d4e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
-      Version: 3
-      TBS:
-        MD5: fb72fa311261c4fb6a786e5cc7ce1d2f
-        SHA1: 1006abcf3b1eb43fd4cc42a2cc25346b3b9002c3
-        SHA256: 01beb7dc0d29b16a5506fc611b435aa0f4d9c50408ca404e91135e493a20890a
-        SHA384: 759175ad5a7509fc3ea3678d14e568abd0edeb753b53af88af04869bea98a07314b88c26de077ab3bdb6dbb1df1b93f9
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  Imphash: be527e5f470fbc661f914c81bfc9af38
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: b3bf90b99dec81a927b9fa8467d20e11
-    SHA1: 0632e0c8fdb6e629fd2efa5ccdf4a8415131bc58
-    SHA256: 536333c1fb9066a12c7791b740fcf637f6f86b45bd57baf0f27ae33c3b6c6cf1
-  Company: CPUID
-  Copyright: Copyright(C) 2013 CPUID
-  CreationTimestamp: '2013-08-24 02:56:35'
-  Description: CPUID Driver
-  ExportedFunctions: ''
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Filename: cpuz.sys
-  ImportedFunctions:
-  - RtlAnsiStringToUnicodeString
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeInitializeEvent
-  - RtlInitAnsiString
-  - MmUnmapIoSpace
-  - IoCancelIrp
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - ExFreePoolWithTag
-  - IofCompleteRequest
-  - KeWaitForSingleObject
-  - PsGetVersion
-  - IoCreateSymbolicLink
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - IofCallDriver
-  - KeBugCheckEx
-  - IoDeleteSymbolicLink
-  - IoBuildDeviceIoControlRequest
-  - MmMapIoSpace
-  - ExAllocatePoolWithTag
-  - RtlUnwindEx
-  - HalSetBusDataByOffset
-  - KeStallExecutionProcessor
-  - HalGetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: cpuz.sys
-  MD5: a453083b8f4ca7cb60cac327e97edbe2
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: cpuz.sys
-  Product: CPUID service
-  ProductVersion: 6.1.7600.16385
-  RichPEHeaderHash:
-    MD5: 685a19a8e9f46a76067db83da501dca0
-    SHA1: 5f76e4cf5157450837536db016e9981cb41394d2
-    SHA256: 1a0c69ff029488d41c7d9413943c28d389016adb26698d9baf02c6f32739d591
-  SHA1: 53f7fc4feb66af748f2ab295394bf4de62ae9fcc
-  SHA256: c50f8ab8538c557963252b702c1bd3cee4604b5fc2497705d2a6a3fd87e3cc26
-  Sections:
-    .text:
-      Entropy: 6.111492164689909
-      Virtual Size: '0x2836'
-    .rdata:
-      Entropy: 4.175526657333754
-      Virtual Size: '0x3d4'
-    .data:
-      Entropy: 0.378703493487675
-      Virtual Size: '0x2c0'
-    .pdata:
-      Entropy: 3.4970531643346394
-      Virtual Size: '0xc0'
-    INIT:
-      Entropy: 5.076575853289
-      Virtual Size: '0x406'
-    .rsrc:
-      Entropy: 3.3935766621226473
-      Virtual Size: '0x350'
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=CPUID
-      ValidFrom: '2012-01-06 00:00:00'
-      ValidTo: '2015-02-06 23:59:59'
-      Signature: be6fb3b3b33e9108a9a2273d1cf5eb3209a8c3a86ba7d66069393587f6b451b75b327ea15d36b1604aad5509c0ace37fa66e220b35764b9c201169677738c06802d2f798383c256c690898a663b0aeb519491057f9f24149c513abba2a4cab9934a684e5d83a34105fe6681f2b85d5ee06332d1c05c3627758442fd2fc94f5f68bb30f085cb1d31174e1461394aeef7b124291a099654d1103df3deab81e9658b5b5cc817061d688ae39e702f1d0dd420d6de931bed331960e089233b8576482e48d5b769fdfa8df02e1d098912444b324057826e1f72c26f045b2479a9b39eadfd6b2e1bd6db4057ef6b12ca385cad9a7ad82c4414e619f97dfd08a55f59053
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 53c8b54713882d4d5439511804935e
-      Version: 3
-      TBS:
-        MD5: 49e7946e133b4aaa31899adb235d3fa9
-        SHA1: f9f38ec49a6ccb990805be6dda0efa5f7fe8f7e7
-        SHA256: 1bb998a806b890e3300be35de0daa1b691fa218ef3d58ee5ec1b43fd34250a74
-        SHA384: 0a2ca21b084e3b431a7150c49819934d64a8b259d5686706d879a90cc37d32005eb2bbe07558b312b1169ab8a3e3de39
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 53c8b54713882d4d5439511804935e
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 82942c060f79cefd3bf1acdf5c207561
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 63e4ba0a05ddac75e9f2b90c28291331
-    SHA1: 34c6aeb2bc32ff8da525641af75ff600e7249252
-    SHA256: 653601cf8c3c2c4b778f9025d4e964c887966cc3216bb35a73a3ae75477b4476
-  Company: Windows (R) Codename Longhorn DDK provider
-  Copyright: "\xA9 Microsoft Corporation. All rights reserved."
-  CreationTimestamp: '2008-02-22 04:12:04'
-  Description: CPUID Driver
-  ExportedFunctions: ''
-  FileVersion: '6.0.6000.16386 built by: WinDDK'
-  Filename: cpuz.sys
-  ImportedFunctions:
-  - KeWaitForSingleObject
-  - PsGetVersion
-  - MmUnmapIoSpace
-  - IoBuildDeviceIoControlRequest
-  - IoDeleteSymbolicLink
-  - IoCreateSymbolicLink
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - RtlAnsiStringToUnicodeString
-  - IofCompleteRequest
-  - RtlFreeUnicodeString
-  - IofCallDriver
-  - IoGetDeviceObjectPointer
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - ProbeForWrite
-  - MmMapIoSpace
-  - KeBugCheckEx
-  - RtlInitAnsiString
-  - IoCreateDevice
-  - KeInitializeEvent
-  - RtlUnwindEx
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: cpuz.sys
-  MD5: 07493c774aa406478005e8fe52c788b2
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: cpuz.sys
-  Product: Windows (R) Codename Longhorn DDK driver
-  ProductVersion: 6.0.6000.16386
-  RichPEHeaderHash:
-    MD5: 6633dd48aea31e9c4821fbc652e4701e
-    SHA1: 3fb6cdbdaa8959e6a79305a74981751e06506a6f
-    SHA256: 63b15db03090d5e7ba52906b2854fba693e17a5fac179397bd55f91e49d28859
-  SHA1: 34a07ae39b232cc3dbbe657b34660e692ff2043a
-  SHA256: dbb457ae1bd07a945a1466ce4a206c625e590aee3922fa7d86fbe956beccfc98
-  Sections:
-    .text:
-      Entropy: 6.049517664101274
-      Virtual Size: '0x15a6'
-    .rdata:
-      Entropy: 4.2613924369366005
-      Virtual Size: '0x304'
-    .data:
-      Entropy: 0.6099523004172788
-      Virtual Size: '0x124'
-    .pdata:
-      Entropy: 3.3197547776031913
-      Virtual Size: '0x6c'
-    INIT:
-      Entropy: 4.94558496841094
-      Virtual Size: '0x388'
-    .rsrc:
-      Entropy: 3.3933870153256342
-      Virtual Size: '0x400'
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=CPUID
-      ValidFrom: '2007-02-08 00:00:00'
-      ValidTo: '2009-02-07 23:59:59'
-      Signature: 6ca08361ce69863ade5289039d2e6eaf79729d950a57fc32158e56bc0bfc05ca3b76263b8e8a5e2279522eceed35495c697a2f1b1631e1a4f997c8b2e14cd08a3b4aaeca9f150126f5933e6a29fde1e3ef607f452219582ac034c3f95023fd6c5474008ecea3aab5ba096ae73a3dd76b296d3c8b06a72ca763698e49474d624c22ad57a3d11342be8a6d2a49e4af5893003fcf02900a0fbf4854858cc0468d23b9917cfe59ac8b7058de49ab25bbca0bc67f1f367309deed4827295173fad53932d12ad79b8c70175e640f7917fd60940be86d1af397dd5eb0ecb9e92f9e3dc03f2cbf51e9776b31a8cba38fabd8b27e561f66a5ddad46546d6bc984a6a8d8bc
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 10e29d74903d9c7cd58caa35a0944770
-      Version: 3
-      TBS:
-        MD5: 5e3b5587eb8c553dc279bb241c30689d
-        SHA1: 5b5631ff0033ed753a5c630a4d8d48772050db32
-        SHA256: 9b30d9d9f9fd9c0480c0503dd4ac86649d2cc180d1401ade6dd8048356d7f634
-        SHA384: 1886034ac8dc819ed45b8b48b0225cdb142d53d61bda992ee7e4923276c3c36dffbb0f8d929e1ad20c3437709df2399a
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 10e29d74903d9c7cd58caa35a0944770
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  Imphash: dc0a0f2d424a59b4d17033f58f01b027
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: a10d1df81f81710baf68826e4c32befa
-    SHA1: ecbde8d7d911f64666f89356ce6194d92741bdc4
-    SHA256: cd7754a6ec6bf19724fb266ec4f1d02607e9b310791d8725d7db5ac84d5430e2
-  Company: CPUID
-  Copyright: Copyright(C) 2014 CPUID
-  CreationTimestamp: '2014-02-17 07:21:57'
-  Description: CPUID Driver
-  ExportedFunctions: ''
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Filename: cpuz.sys
-  ImportedFunctions:
-  - IofCompleteRequest
-  - ExFreePool
-  - ExAllocatePoolWithTag
-  - RtlFreeUnicodeString
-  - ObfDereferenceObject
-  - MmIsAddressValid
-  - IoGetDeviceObjectPointer
-  - MmUnmapIoSpace
-  - RtlInitAnsiString
-  - MmMapIoSpace
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - RtlUnwind
-  - KeTickCount
-  - KeBugCheckEx
-  - RtlInitUnicodeString
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - PsGetVersion
-  - KeInitializeEvent
-  - IoBuildDeviceIoControlRequest
-  - IofCallDriver
-  - KeWaitForSingleObject
-  - RtlAnsiStringToUnicodeString
-  - IoCancelIrp
-  - READ_PORT_USHORT
-  - READ_PORT_ULONG
-  - WRITE_PORT_UCHAR
-  - WRITE_PORT_USHORT
-  - WRITE_PORT_ULONG
-  - HalGetBusDataByOffset
-  - HalSetBusDataByOffset
-  - KeStallExecutionProcessor
-  - READ_PORT_UCHAR
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: cpuz.sys
-  MD5: e425c66663c96d5a9f030b0ad4d219a8
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: cpuz.sys
-  Product: CPUID service
-  ProductVersion: 6.1.7600.16385
-  RichPEHeaderHash:
-    MD5: 41f15d0f328a165973b49de608ef72a2
-    SHA1: abcd9850775bd0a1a855e785a238e0e69525810f
-    SHA256: 02dc44b04a6426fcaedf26995bfa471f123a90a9c747e82cebaf95f394890631
-  SHA1: bd87aecc0ac1d1c2ab72be1090d39fab657f7cc6
-  SHA256: deecbcd260849178de421d8e2f177dce5c63cf67a48abb23a0e3cf3aa3e00578
-  Sections:
-    .text:
-      Entropy: 6.204806970841105
-      Virtual Size: '0x2ed0'
-    .rdata:
-      Entropy: 4.656797686788462
-      Virtual Size: '0x2e8'
-    .data:
-      Entropy: 0.335842300318532
-      Virtual Size: '0x1e0'
-    INIT:
-      Entropy: 5.416266853126175
-      Virtual Size: '0x3f4'
-    .rsrc:
-      Entropy: 3.392253360894555
-      Virtual Size: '0x350'
-    .reloc:
-      Entropy: 5.600870307396892
-      Virtual Size: '0x26e'
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=CPUID
-      ValidFrom: '2012-01-06 00:00:00'
-      ValidTo: '2015-02-06 23:59:59'
-      Signature: be6fb3b3b33e9108a9a2273d1cf5eb3209a8c3a86ba7d66069393587f6b451b75b327ea15d36b1604aad5509c0ace37fa66e220b35764b9c201169677738c06802d2f798383c256c690898a663b0aeb519491057f9f24149c513abba2a4cab9934a684e5d83a34105fe6681f2b85d5ee06332d1c05c3627758442fd2fc94f5f68bb30f085cb1d31174e1461394aeef7b124291a099654d1103df3deab81e9658b5b5cc817061d688ae39e702f1d0dd420d6de931bed331960e089233b8576482e48d5b769fdfa8df02e1d098912444b324057826e1f72c26f045b2479a9b39eadfd6b2e1bd6db4057ef6b12ca385cad9a7ad82c4414e619f97dfd08a55f59053
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 53c8b54713882d4d5439511804935e
-      Version: 3
-      TBS:
-        MD5: 49e7946e133b4aaa31899adb235d3fa9
-        SHA1: f9f38ec49a6ccb990805be6dda0efa5f7fe8f7e7
-        SHA256: 1bb998a806b890e3300be35de0daa1b691fa218ef3d58ee5ec1b43fd34250a74
-        SHA384: 0a2ca21b084e3b431a7150c49819934d64a8b259d5686706d879a90cc37d32005eb2bbe07558b312b1169ab8a3e3de39
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 53c8b54713882d4d5439511804935e
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 958dd67f866ae27cf716e30a025b266f
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: e4b3d527845f6574b5959b6381f925f8
-    SHA1: baf46ac272c1a6d8c32683965b1d849386908079
-    SHA256: 68b0a239031b158e2927bb5dc8844b662cb4616ee8c1363fa729aa8fa0d86cff
-  Company: CPUID
-  Copyright: Copyright(C) 2010 CPUID
-  CreationTimestamp: '2011-01-19 09:42:06'
-  Description: CPUID Driver
-  ExportedFunctions: ''
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Filename: cpuz.sys
-  ImportedFunctions:
-  - RtlAnsiStringToUnicodeString
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeInitializeEvent
-  - RtlInitAnsiString
-  - MmUnmapIoSpace
-  - IoCancelIrp
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - ExFreePoolWithTag
-  - IofCompleteRequest
-  - KeWaitForSingleObject
-  - PsGetVersion
-  - IoCreateSymbolicLink
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - IofCallDriver
-  - KeBugCheckEx
-  - IoDeleteSymbolicLink
-  - IoBuildDeviceIoControlRequest
-  - MmMapIoSpace
-  - ExAllocatePoolWithTag
-  - RtlUnwindEx
-  - HalSetBusDataByOffset
-  - KeStallExecutionProcessor
-  - HalGetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: cpuz.sys
-  MD5: ccb09eb78e047c931708149992c2e435
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: cpuz.sys
-  Product: CPUID service
-  ProductVersion: 6.1.7600.16385
-  RichPEHeaderHash:
-    MD5: 89dc670b5f7c06b577deeec9473dc96b
-    SHA1: af59c00ae531117ba9307257ab945cdf6c8309f6
-    SHA256: 35b9d8fc904c88f4df237edc610727f89c415e48bcf135191c43832bb2935ba6
-  SHA1: ada23b709cb2bef8bedd612dc345db2e2fdbfaca
-  SHA256: df0dcfb3971829af79629efd036b8e1c6e2127481b3644ccc6e2ddd387489a15
-  Sections:
-    .text:
-      Entropy: 6.199906453328244
-      Virtual Size: '0x2506'
-    .rdata:
-      Entropy: 4.25835240231724
-      Virtual Size: '0x3e0'
-    .data:
-      Entropy: 0.378703493487675
-      Virtual Size: '0x2c0'
-    .pdata:
-      Entropy: 3.3649784372301403
-      Virtual Size: '0x90'
-    INIT:
-      Entropy: 5.067835669413665
-      Virtual Size: '0x406'
-    .rsrc:
-      Entropy: 3.3943730160709853
-      Virtual Size: '0x350'
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=CPUID
-      ValidFrom: '2009-02-02 00:00:00'
-      ValidTo: '2012-02-07 23:59:59'
-      Signature: 9a9bbecb393272aaedfd7a125e0fe581151a18a75a4094e082a38156f62018b9d59edef27429bbea60d6e146a2ce134546d54e00b6585c1d85e3aedfb3b9a5de7728a96b2bcc26106655bae6bc5ce3a72714f9e23282a2fba29fc870b394e832f07dc50ded3a042953fe91379769e424398278b6ed14ae4f6b4cce5fa7ba20fc8d157a78fd308214d177189bcd76b2bd62a861a8c1562e2748f338f7369f0f062804685399a6655fcb4564a644e7a8bee8330557376884cce9153992e8e205bc1474dbd0109b3c87991db9bb77a9dff5775267390431ce56ff49500d8ad70be34a0d9a0b112e07eb55f0fe07de9ac93a0b30cb36029b5ec41e032daf66627d4e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
-      Version: 3
-      TBS:
-        MD5: fb72fa311261c4fb6a786e5cc7ce1d2f
-        SHA1: 1006abcf3b1eb43fd4cc42a2cc25346b3b9002c3
-        SHA256: 01beb7dc0d29b16a5506fc611b435aa0f4d9c50408ca404e91135e493a20890a
-        SHA384: 759175ad5a7509fc3ea3678d14e568abd0edeb753b53af88af04869bea98a07314b88c26de077ab3bdb6dbb1df1b93f9
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  Imphash: 82942c060f79cefd3bf1acdf5c207561
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 68fb744e92133e8bb6b59fea9304667c
-    SHA1: de1a168f24f5da29b9f8bf8333fff57bfa0d21a4
-    SHA256: d70bfea03deeea92a253f2b4a8b7181a3064f62c5207f94b5f7ce5a9e62ab4cf
-  Company: CPUID
-  Copyright: Copyright(C) 2016 CPUID
-  CreationTimestamp: '2016-10-05 03:53:07'
-  Description: CPUID Driver
-  ExportedFunctions: ''
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Filename: cpuz.sys
-  ImportedFunctions:
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeInitializeEvent
-  - RtlInitAnsiString
-  - MmUnmapIoSpace
-  - IoCancelIrp
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - RtlAnsiStringToUnicodeString
-  - IofCompleteRequest
-  - KeWaitForSingleObject
-  - PsGetVersion
-  - IoCreateSymbolicLink
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - IofCallDriver
-  - KeBugCheckEx
-  - ExFreePoolWithTag
-  - IoDeleteSymbolicLink
-  - IoBuildDeviceIoControlRequest
-  - MmMapIoSpace
-  - ExAllocatePoolWithTag
-  - RtlUnwindEx
-  - HalGetBusDataByOffset
-  - HalSetBusDataByOffset
-  - KeStallExecutionProcessor
-  - KeQueryPerformanceCounter
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: cpuz.sys
-  MD5: 43bfc857406191963f4f3d9f1b76a7bf
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: cpuz.sys
-  Product: CPUID service
-  ProductVersion: 6.1.7600.16385
-  RichPEHeaderHash:
-    MD5: c046d6f14ec39d2a0f67a417bda83c5e
-    SHA1: 74661f1063b4c80566f75a1bee22c35f7af17fa9
-    SHA256: 440eebbdc09d290724d364056ba4e2725c75759819a6df0a1ed5c876ed7d2474
-  SHA1: 9329a0ce2749a3a6bea2028ce7562d74c417db64
-  SHA256: e0b5a5f8333fc1213791af5c5814d7a99615b3951361ca75f8aa5022c9cfbc2b
-  Sections:
-    .text:
-      Entropy: 6.202501650998955
-      Virtual Size: '0x38b6'
-    .rdata:
-      Entropy: 4.1722432536185465
-      Virtual Size: '0x464'
-    .data:
-      Entropy: 0.378703493487675
-      Virtual Size: '0x440'
-    .pdata:
-      Entropy: 3.6000408617955837
-      Virtual Size: '0xf0'
-    INIT:
-      Entropy: 5.116119018385266
-      Virtual Size: '0x40e'
-    .rsrc:
-      Entropy: 3.38341382722288
-      Virtual Size: '0x350'
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, CN=CPUID
-      ValidFrom: '2014-12-02 00:00:00'
-      ValidTo: '2018-03-02 23:59:59'
-      Signature: a59808b35f916a1201f0987b958aaaf50b81f3e507cf9d1b902bc22787244617e38069e4ca74bcf505dfdfeb6bad8bee2ecba26a428c2b26c9b9987241b50ccfd895a7335b35534c5569fdef2554d773cb3b20f10e08eeff2701d2a3e8ef7c5bb759baf1995d1580dce4f0c5da90eff4f07e01e7c9273b24c14c514f2ae1d1fe940dd53bfa25572cd6f3c007c7f21aebc58ea32ca3aea83c731419c9dcc191158cbb52b0b70545a16c9b42aadd4dcb167443d6c15fa03ae7f6f0f644845a69cb8badb3f143fd916a70c5008c3486d1f0cc8e0527f76da5aeaca4925f6eb6861dd54e1ce8b80e6b000446d77ac8bd0299e38db3b8e4a9c43294367cd6a55351d0
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 2d8021d84f098e7abde199f818e211a4
-      Version: 3
-      TBS:
-        MD5: 8f8c7ccf1ef7e1ee347f49e8266008ca
-        SHA1: b856b993df73da9d824aa1e5161788bd10d1e10e
-        SHA256: 1dd13a417806106c76cfbcd3614fe27a0638d2aaf2731f6a110c05043e34ad91
-        SHA384: d24ede407b82f80a6f0703b59af267f227a956c21f642f4c3d717d6999728ba2acfde76966340f4334f8ecdcf294616e
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 2d8021d84f098e7abde199f818e211a4
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 8f96c3ef5dda3fe697d4a4d6326dbe37
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 76a420a5ac2a6250c57d129de361695a
-    SHA1: 3736434ca3094fed9f1f3378e9fb966a5e9411f1
-    SHA256: 3e423caaff9002b38e1d90005df181aa2b3711ebbf6d1eb83941656ccc313811
-  Company: CPUID
-  Copyright: Copyright(C) 2010 CPUID
-  CreationTimestamp: '2012-02-07 08:44:59'
-  Description: CPUID Driver
-  ExportedFunctions: ''
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Filename: cpuz.sys
-  ImportedFunctions:
-  - RtlAnsiStringToUnicodeString
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeInitializeEvent
-  - RtlInitAnsiString
-  - MmUnmapIoSpace
-  - IoCancelIrp
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - ExFreePoolWithTag
-  - IofCompleteRequest
-  - KeWaitForSingleObject
-  - PsGetVersion
-  - IoCreateSymbolicLink
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - IofCallDriver
-  - KeBugCheckEx
-  - IoDeleteSymbolicLink
-  - IoBuildDeviceIoControlRequest
-  - MmMapIoSpace
-  - ExAllocatePoolWithTag
-  - RtlUnwindEx
-  - HalSetBusDataByOffset
-  - KeStallExecutionProcessor
-  - HalGetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: cpuz.sys
-  MD5: 8f5b84350bfc4fe3a65d921b4bd0e737
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: cpuz.sys
-  Product: CPUID service
-  ProductVersion: 6.1.7600.16385
-  RichPEHeaderHash:
-    MD5: 685a19a8e9f46a76067db83da501dca0
-    SHA1: 5f76e4cf5157450837536db016e9981cb41394d2
-    SHA256: 1a0c69ff029488d41c7d9413943c28d389016adb26698d9baf02c6f32739d591
-  SHA1: 76046978d8e4409e53d8126a8dcfc3bf8602c37f
-  SHA256: e58bbf3251906ff722aa63415bf169618e78be85cb92c8263d3715c260491e90
-  Sections:
-    .text:
-      Entropy: 6.214010136736859
-      Virtual Size: '0x25d6'
-    .rdata:
-      Entropy: 4.171320307410102
-      Virtual Size: '0x3ec'
-    .data:
-      Entropy: 0.378703493487675
-      Virtual Size: '0x2c0'
-    .pdata:
-      Entropy: 3.503621523339014
-      Virtual Size: '0xc0'
-    INIT:
-      Entropy: 5.076575853289
-      Virtual Size: '0x406'
-    .rsrc:
-      Entropy: 3.3943730160709853
-      Virtual Size: '0x350'
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=CPUID
-      ValidFrom: '2012-01-06 00:00:00'
-      ValidTo: '2015-02-06 23:59:59'
-      Signature: be6fb3b3b33e9108a9a2273d1cf5eb3209a8c3a86ba7d66069393587f6b451b75b327ea15d36b1604aad5509c0ace37fa66e220b35764b9c201169677738c06802d2f798383c256c690898a663b0aeb519491057f9f24149c513abba2a4cab9934a684e5d83a34105fe6681f2b85d5ee06332d1c05c3627758442fd2fc94f5f68bb30f085cb1d31174e1461394aeef7b124291a099654d1103df3deab81e9658b5b5cc817061d688ae39e702f1d0dd420d6de931bed331960e089233b8576482e48d5b769fdfa8df02e1d098912444b324057826e1f72c26f045b2479a9b39eadfd6b2e1bd6db4057ef6b12ca385cad9a7ad82c4414e619f97dfd08a55f59053
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 53c8b54713882d4d5439511804935e
-      Version: 3
-      TBS:
-        MD5: 49e7946e133b4aaa31899adb235d3fa9
-        SHA1: f9f38ec49a6ccb990805be6dda0efa5f7fe8f7e7
-        SHA256: 1bb998a806b890e3300be35de0daa1b691fa218ef3d58ee5ec1b43fd34250a74
-        SHA384: 0a2ca21b084e3b431a7150c49819934d64a8b259d5686706d879a90cc37d32005eb2bbe07558b312b1169ab8a3e3de39
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 53c8b54713882d4d5439511804935e
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 82942c060f79cefd3bf1acdf5c207561
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 649db3854efa0c9a10fdcca1bcc5fc0b
-    SHA1: 3c738ea73287a493a2254c6011c35f31569cf2b9
-    SHA256: 472e29b63e1d9d44269a99962b186113586fbd3603eac3a23c520c7ef73a69cf
-  Company: CPUID
-  Copyright: Copyright(C) 2017 CPUID
-  CreationTimestamp: '2017-05-22 02:17:51'
-  Description: CPUID Driver
-  ExportedFunctions: ''
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Filename: cpuz.sys
-  ImportedFunctions:
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeInitializeEvent
-  - RtlInitAnsiString
-  - MmUnmapIoSpace
-  - IoCancelIrp
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - RtlAnsiStringToUnicodeString
-  - IofCompleteRequest
-  - KeWaitForSingleObject
-  - PsGetVersion
-  - IoCreateSymbolicLink
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - IofCallDriver
-  - KeBugCheckEx
-  - ExFreePoolWithTag
-  - IoDeleteSymbolicLink
-  - IoBuildDeviceIoControlRequest
-  - MmMapIoSpace
-  - ExAllocatePoolWithTag
-  - RtlUnwindEx
-  - HalGetBusDataByOffset
-  - HalSetBusDataByOffset
-  - KeStallExecutionProcessor
-  - KeQueryPerformanceCounter
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: cpuz.sys
-  MD5: ce57844fb185d0cdd9d3ce9e5b6a891d
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: cpuz.sys
-  Product: CPUID service
-  ProductVersion: 6.1.7600.16385
-  RichPEHeaderHash:
-    MD5: c046d6f14ec39d2a0f67a417bda83c5e
-    SHA1: 74661f1063b4c80566f75a1bee22c35f7af17fa9
-    SHA256: 440eebbdc09d290724d364056ba4e2725c75759819a6df0a1ed5c876ed7d2474
-  SHA1: 32888d789edc91095da2e0a5d6c564c2aebcee68
-  SHA256: ee45fd2d7315fd039f3585a66e7855ba4af9d4721e1448e602623de14e932bbe
-  Sections:
-    .text:
-      Entropy: 6.1689591912915125
-      Virtual Size: '0x4546'
-    .rdata:
-      Entropy: 4.191218153188012
-      Virtual Size: '0x534'
-    .data:
-      Entropy: 0.378703493487675
-      Virtual Size: '0x440'
-    .pdata:
-      Entropy: 3.6397736740131683
-      Virtual Size: '0xfc'
-    INIT:
-      Entropy: 5.132100585029012
-      Virtual Size: '0x40e'
-    .rsrc:
-      Entropy: 3.394946071861716
-      Virtual Size: '0x350'
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, CN=CPUID
-      ValidFrom: '2014-12-02 00:00:00'
-      ValidTo: '2018-03-02 23:59:59'
-      Signature: a59808b35f916a1201f0987b958aaaf50b81f3e507cf9d1b902bc22787244617e38069e4ca74bcf505dfdfeb6bad8bee2ecba26a428c2b26c9b9987241b50ccfd895a7335b35534c5569fdef2554d773cb3b20f10e08eeff2701d2a3e8ef7c5bb759baf1995d1580dce4f0c5da90eff4f07e01e7c9273b24c14c514f2ae1d1fe940dd53bfa25572cd6f3c007c7f21aebc58ea32ca3aea83c731419c9dcc191158cbb52b0b70545a16c9b42aadd4dcb167443d6c15fa03ae7f6f0f644845a69cb8badb3f143fd916a70c5008c3486d1f0cc8e0527f76da5aeaca4925f6eb6861dd54e1ce8b80e6b000446d77ac8bd0299e38db3b8e4a9c43294367cd6a55351d0
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 2d8021d84f098e7abde199f818e211a4
-      Version: 3
-      TBS:
-        MD5: 8f8c7ccf1ef7e1ee347f49e8266008ca
-        SHA1: b856b993df73da9d824aa1e5161788bd10d1e10e
-        SHA256: 1dd13a417806106c76cfbcd3614fe27a0638d2aaf2731f6a110c05043e34ad91
-        SHA384: d24ede407b82f80a6f0703b59af267f227a956c21f642f4c3d717d6999728ba2acfde76966340f4334f8ecdcf294616e
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 2d8021d84f098e7abde199f818e211a4
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 8f96c3ef5dda3fe697d4a4d6326dbe37
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: fa889613bb0522d6e546e8cbd011105a
-    SHA1: 62ee17440edaf819966eb823a26dfd46c24447b4
-    SHA256: 991228f3ea6c1ae8083aa405d1d066e48cd6dbd7d6bc01c81599b2c28f3923f1
-  Company: CPUID
-  Copyright: Copyright(C) 2015 CPUID
-  CreationTimestamp: '2015-11-18 02:58:02'
-  Description: CPUID Driver
-  ExportedFunctions: ''
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Filename: cpuz.sys
-  ImportedFunctions:
-  - RtlAnsiStringToUnicodeString
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeInitializeEvent
-  - RtlInitAnsiString
-  - MmUnmapIoSpace
-  - IoCancelIrp
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - ExFreePoolWithTag
-  - IofCompleteRequest
-  - KeWaitForSingleObject
-  - PsGetVersion
-  - IoCreateSymbolicLink
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - IofCallDriver
-  - KeBugCheckEx
-  - IoDeleteSymbolicLink
-  - IoBuildDeviceIoControlRequest
-  - MmMapIoSpace
-  - ExAllocatePoolWithTag
-  - RtlUnwindEx
-  - HalSetBusDataByOffset
-  - KeStallExecutionProcessor
-  - HalGetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: cpuz.sys
-  MD5: 8ad9dfc971df71cd43788ade6acf8e7d
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: cpuz.sys
-  Product: CPUID service
-  ProductVersion: 6.1.7600.16385
-  RichPEHeaderHash:
-    MD5: b3dcf662ce69ad7b34717fb6aecf09a7
-    SHA1: 63be2c28ecee71a739bfbaf38466362e998bc5bc
-    SHA256: f4257b7e95b00b38e446b2708cc342fe32846266064b94c78ec1f987731c2226
-  SHA1: 7241b25c3a3ee9f36b52de3db2fc27db7065af37
-  SHA256: f74ffd6916333662900cbecb90aca2d6475a714ce410adf9c5c3264abbe5732c
-  Sections:
-    .text:
-      Entropy: 6.1888286192821065
-      Virtual Size: '0x30b6'
-    .rdata:
-      Entropy: 4.210489806011185
-      Virtual Size: '0x424'
-    .data:
-      Entropy: 0.378703493487675
-      Virtual Size: '0x2c0'
-    .pdata:
-      Entropy: 3.6128209941554763
-      Virtual Size: '0xd8'
-    INIT:
-      Entropy: 5.131854482283732
-      Virtual Size: '0x3ea'
-    .rsrc:
-      Entropy: 3.3958173868041217
-      Virtual Size: '0x350'
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, CN=CPUID
-      ValidFrom: '2014-12-02 00:00:00'
-      ValidTo: '2018-03-02 23:59:59'
-      Signature: a59808b35f916a1201f0987b958aaaf50b81f3e507cf9d1b902bc22787244617e38069e4ca74bcf505dfdfeb6bad8bee2ecba26a428c2b26c9b9987241b50ccfd895a7335b35534c5569fdef2554d773cb3b20f10e08eeff2701d2a3e8ef7c5bb759baf1995d1580dce4f0c5da90eff4f07e01e7c9273b24c14c514f2ae1d1fe940dd53bfa25572cd6f3c007c7f21aebc58ea32ca3aea83c731419c9dcc191158cbb52b0b70545a16c9b42aadd4dcb167443d6c15fa03ae7f6f0f644845a69cb8badb3f143fd916a70c5008c3486d1f0cc8e0527f76da5aeaca4925f6eb6861dd54e1ce8b80e6b000446d77ac8bd0299e38db3b8e4a9c43294367cd6a55351d0
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 2d8021d84f098e7abde199f818e211a4
-      Version: 3
-      TBS:
-        MD5: 8f8c7ccf1ef7e1ee347f49e8266008ca
-        SHA1: b856b993df73da9d824aa1e5161788bd10d1e10e
-        SHA256: 1dd13a417806106c76cfbcd3614fe27a0638d2aaf2731f6a110c05043e34ad91
-        SHA384: d24ede407b82f80a6f0703b59af267f227a956c21f642f4c3d717d6999728ba2acfde76966340f4334f8ecdcf294616e
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 2d8021d84f098e7abde199f818e211a4
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: f12ae9073d95c22ed89247253d59f500
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: f14c343aba9d37eba8790cb7577ece90
-    SHA1: 3ddbf0ccd001d5d0ce2a062b9476355a8ede975a
-    SHA256: d5e671c37f0eeb437d1ef480ff15b855ef2fdbb127f9130443fbaa279c5a3d72
-  Company: CPUID
-  Copyright: Copyright(C) 2017 CPUID
-  CreationTimestamp: '2017-04-24 05:12:56'
-  Date: ''
-  Description: CPUID Driver
-  ExportedFunctions: ''
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - PsGetVersion
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeTickCount
-  - KeBugCheckEx
-  - IofCompleteRequest
-  - MmMapIoSpace
-  - MmUnmapIoSpace
-  - ProbeForWrite
-  - IoDeleteDevice
-  - RtlInitUnicodeString
-  - IoDeleteSymbolicLink
-  - RtlUnwindEx
-  - RtlPcToFileHeader
-  - READ_PORT_USHORT
-  - WRITE_PORT_ULONG
-  - HalGetBusDataByOffset
-  - HalSetBusDataByOffset
-  - READ_PORT_UCHAR
-  - HalCallPal
-  - WRITE_PORT_UCHAR
-  - KeStallExecutionProcessor
-  - WRITE_PORT_USHORT
-  - READ_PORT_ULONG
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: cpuz.sys
-  MD5: 332db70d2c5c332768ab063ba6ac8433
-  MachineType: IA64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: cpuz.sys
-  PDBPath: ''
-  Product: CPUID service
-  ProductVersion: 6.1.7600.16385
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 756be87f8c768cb8bfd02af932dd7589
-    SHA1: 16c2ebba52ba9fb0ef5570c1d620daaaee63865a
-    SHA256: 48acdfbe5ad27d73c0fd9b115a49420f182d146bca52797ce33cc2a061ff0ced
-  SHA1: 4186ac693003f92fdf1efbd27fb8f6473a7cc53e
-  SHA256: 4d5059ec1ebd41284b9cea6ce804596e0f386c09eee25becdd3f6949e94139ba
-  Sections:
-    .text:
-      Entropy: 5.342232413588268
-      Virtual Size: '0x5780'
-    .rdata:
-      Entropy: 4.032871471574318
-      Virtual Size: '0x550'
-    .pdata:
-      Entropy: 3.4578065856245583
-      Virtual Size: '0xd8'
-    .sdata:
-      Entropy: 1.1203888318125959
-      Virtual Size: '0x420'
-    INIT:
-      Entropy: 5.015276332791068
-      Virtual Size: '0x3e8'
-    .rsrc:
-      Entropy: 3.388191426646717
-      Virtual Size: '0x350'
-    .reloc:
-      Entropy: 0.9012044915351938
-      Virtual Size: '0x188'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, CN=CPUID
-      ValidFrom: '2014-12-02 00:00:00'
-      ValidTo: '2018-03-02 23:59:59'
-      Signature: a59808b35f916a1201f0987b958aaaf50b81f3e507cf9d1b902bc22787244617e38069e4ca74bcf505dfdfeb6bad8bee2ecba26a428c2b26c9b9987241b50ccfd895a7335b35534c5569fdef2554d773cb3b20f10e08eeff2701d2a3e8ef7c5bb759baf1995d1580dce4f0c5da90eff4f07e01e7c9273b24c14c514f2ae1d1fe940dd53bfa25572cd6f3c007c7f21aebc58ea32ca3aea83c731419c9dcc191158cbb52b0b70545a16c9b42aadd4dcb167443d6c15fa03ae7f6f0f644845a69cb8badb3f143fd916a70c5008c3486d1f0cc8e0527f76da5aeaca4925f6eb6861dd54e1ce8b80e6b000446d77ac8bd0299e38db3b8e4a9c43294367cd6a55351d0
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 2d8021d84f098e7abde199f818e211a4
-      Version: 3
-      TBS:
-        MD5: 8f8c7ccf1ef7e1ee347f49e8266008ca
-        SHA1: b856b993df73da9d824aa1e5161788bd10d1e10e
-        SHA256: 1dd13a417806106c76cfbcd3614fe27a0638d2aaf2731f6a110c05043e34ad91
-        SHA384: d24ede407b82f80a6f0703b59af267f227a956c21f642f4c3d717d6999728ba2acfde76966340f4334f8ecdcf294616e
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 2d8021d84f098e7abde199f818e211a4
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: a2d936fa82b7340d28a697fb344046d8
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 2fe86a36e3d56afca791f4b701259362
-    SHA1: 8f408538b77cdb618229bcab37b600ed80012199
-    SHA256: 2145851bdcbf8419f09fd7470422dd56be1b415b15f39f0632bdd797cf500b36
-  Company: CPUID
-  Copyright: Copyright(C) 2012 CPUID
-  CreationTimestamp: '2013-03-20 05:05:55'
-  Date: ''
-  Description: CPUID Driver
-  ExportedFunctions: ''
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - IofCompleteRequest
-  - ExFreePool
-  - ExAllocatePoolWithTag
-  - RtlFreeUnicodeString
-  - ObfDereferenceObject
-  - MmIsAddressValid
-  - IoGetDeviceObjectPointer
-  - MmUnmapIoSpace
-  - RtlInitAnsiString
-  - MmMapIoSpace
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - RtlUnwind
-  - KeTickCount
-  - KeBugCheckEx
-  - RtlInitUnicodeString
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - PsGetVersion
-  - KeInitializeEvent
-  - IoBuildDeviceIoControlRequest
-  - IofCallDriver
-  - KeWaitForSingleObject
-  - RtlAnsiStringToUnicodeString
-  - IoCancelIrp
-  - READ_PORT_USHORT
-  - READ_PORT_ULONG
-  - WRITE_PORT_UCHAR
-  - WRITE_PORT_USHORT
-  - WRITE_PORT_ULONG
-  - HalGetBusDataByOffset
-  - HalSetBusDataByOffset
-  - KeStallExecutionProcessor
-  - READ_PORT_UCHAR
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: cpuz.sys
-  MD5: 729dd4df669dc96e74f4180c6ee2a64b
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: cpuz.sys
-  PDBPath: ''
-  Product: CPUID service
-  ProductVersion: 6.1.7600.16385
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 41f15d0f328a165973b49de608ef72a2
-    SHA1: abcd9850775bd0a1a855e785a238e0e69525810f
-    SHA256: 02dc44b04a6426fcaedf26995bfa471f123a90a9c747e82cebaf95f394890631
-  SHA1: dd085542683898a680311a0d1095ea2dffe865e2
-  SHA256: 2298e838e3c015aedfb83ab18194a2503fe5764a862c294c8b39c550aab2f08e
-  Sections:
-    .text:
-      Entropy: 6.179312117350968
-      Virtual Size: '0x27b0'
-    .rdata:
-      Entropy: 4.673046103305564
-      Virtual Size: '0x2c0'
-    .data:
-      Entropy: 0.335842300318532
-      Virtual Size: '0x1e0'
-    INIT:
-      Entropy: 5.4178574069546706
-      Virtual Size: '0x3f4'
-    .rsrc:
-      Entropy: 3.391941258882184
-      Virtual Size: '0x350'
-    .reloc:
-      Entropy: 5.39741845115168
-      Virtual Size: '0x236'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=CPUID
-      ValidFrom: '2012-01-06 00:00:00'
-      ValidTo: '2015-02-06 23:59:59'
-      Signature: be6fb3b3b33e9108a9a2273d1cf5eb3209a8c3a86ba7d66069393587f6b451b75b327ea15d36b1604aad5509c0ace37fa66e220b35764b9c201169677738c06802d2f798383c256c690898a663b0aeb519491057f9f24149c513abba2a4cab9934a684e5d83a34105fe6681f2b85d5ee06332d1c05c3627758442fd2fc94f5f68bb30f085cb1d31174e1461394aeef7b124291a099654d1103df3deab81e9658b5b5cc817061d688ae39e702f1d0dd420d6de931bed331960e089233b8576482e48d5b769fdfa8df02e1d098912444b324057826e1f72c26f045b2479a9b39eadfd6b2e1bd6db4057ef6b12ca385cad9a7ad82c4414e619f97dfd08a55f59053
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 53c8b54713882d4d5439511804935e
-      Version: 3
-      TBS:
-        MD5: 49e7946e133b4aaa31899adb235d3fa9
-        SHA1: f9f38ec49a6ccb990805be6dda0efa5f7fe8f7e7
-        SHA256: 1bb998a806b890e3300be35de0daa1b691fa218ef3d58ee5ec1b43fd34250a74
-        SHA384: 0a2ca21b084e3b431a7150c49819934d64a8b259d5686706d879a90cc37d32005eb2bbe07558b312b1169ab8a3e3de39
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 53c8b54713882d4d5439511804935e
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 958dd67f866ae27cf716e30a025b266f
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 239c92f4b8937148f656bf1276fef67c
-    SHA1: 9624f5e1a8950b1d275b30d4e2233125abe0b0f2
-    SHA256: 718e76d8cdcdf7b06342b5137f5591233aece4bf70fa9d761d38bd02993a0906
-  Company: Windows (R) Codename Longhorn DDK provider
-  Copyright: "\xA9 Microsoft Corporation. All rights reserved."
-  CreationTimestamp: '2008-12-02 06:50:52'
-  Date: ''
-  Description: CPUID Driver
-  ExportedFunctions: ''
-  FileVersion: '6.0.6000.16386 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - IofCompleteRequest
-  - RtlFreeUnicodeString
-  - ObfDereferenceObject
-  - MmIsAddressValid
-  - IoGetDeviceObjectPointer
-  - RtlAnsiStringToUnicodeString
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - ProbeForWrite
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeTickCount
-  - KeBugCheckEx
-  - RtlInitUnicodeString
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - PsGetVersion
-  - KeInitializeEvent
-  - IoBuildDeviceIoControlRequest
-  - IofCallDriver
-  - RtlInitAnsiString
-  - KeWaitForSingleObject
-  - RtlUnwind
-  - READ_PORT_USHORT
-  - READ_PORT_ULONG
-  - WRITE_PORT_UCHAR
-  - WRITE_PORT_USHORT
-  - WRITE_PORT_ULONG
-  - HalGetBusDataByOffset
-  - HalSetBusDataByOffset
-  - READ_PORT_UCHAR
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: cpuz.sys
-  MD5: 6ae4dec687ac6d1b635a4e351dddf73e
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: cpuz.sys
-  PDBPath: ''
-  Product: Windows (R) Codename Longhorn DDK driver
-  ProductVersion: 6.0.6000.16386
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: eb3173fd99b2078342df233d00679c5d
-    SHA1: 3fc02e77ee0ab701a737089132a6bb46f16235cb
-    SHA256: 2b81787128c9aa04aa108fde22892da6d4bcbe6939bcf8161b589c4a96fb1183
-  SHA1: 24f6e827984cca5d9aa3e4c6f3c0c5603977795a
-  SHA256: 79440da6b8178998bdda5ebde90491c124b1967d295db1449ec820a85dc246dd
-  Sections:
-    .text:
-      Entropy: 6.2267703540496
-      Virtual Size: '0x1cb0'
-    .rdata:
-      Entropy: 4.500126135375756
-      Virtual Size: '0x2c4'
-    .data:
-      Entropy: 0.22396935932252834
-      Virtual Size: '0x1c0'
-    INIT:
-      Entropy: 5.501165170369676
-      Virtual Size: '0x3a0'
-    .rsrc:
-      Entropy: 3.3978471557189076
-      Virtual Size: '0x400'
-    .reloc:
-      Entropy: 5.719767870611492
-      Virtual Size: '0x1ee'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=CN, ST=Beijing, L=Beijing, O=Beijing Gigabit Times Technology Co.,
-        Ltd, OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=Beijing
-        Gigabit Times Technology Co., Ltd
-      ValidFrom: '2008-12-24 00:00:00'
-      ValidTo: '2011-12-24 23:59:59'
-      Signature: 381285ec3212a1acb6210dace62f9be92a590d2d95dec1278db1aba90999d3707764129ff43d9a538ddee21457221f3f39d83f4d9188cd6cadb454960d9fcd677c63fd50af20b70e5d70a82f4bee0028e1dade2453532c35509aa6b79735c143e7b9fe98adf97310cbd869f0eb348ff076436ea0189cddb1742249feb3d2b9246ff58cddd4d355ae8746a04cacc5194832b22e95c9a45356cf48eb2b8e2ca96879b3837845af2b5d0bc4091fed1c58b6ae7368238021f52ec230cf6ba368bb6ca4687aefcafc29831b6c1df204339fae347f2f88b396c331b1d545f12ae77c20c5b54e28650d671ead462a8d52ed730e30474067e7f0ddaab6dfeb0fcc8d40e5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 77a64759f12766e363d779998c71bdc9
-      Version: 3
-      TBS:
-        MD5: 081bc7ae4aa769d19d9554694edfc3a0
-        SHA1: a521dae1d3b1da03460eb5fa70717c9449a3d1b4
-        SHA256: 0af015afa3cd65db7b53fdad90bfdb2e89541964c569a4d41e2a032815da8b48
-        SHA384: 74f7efe3db46e6399e41b5cfd3eb25bf842c85385cd3a94c49b36c2cbe5e52be0ffe4b66d1e76bf86f2416e510d3f585
-    Signer:
-    - SerialNumber: 77a64759f12766e363d779998c71bdc9
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  Imphash: 69dbb4c8bbe4d8c2e1493f82170b93c4
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 5f7be0e5dd56425ac32e309e1b7108f3
-    SHA1: 343677a6e0c0e88f458ac1fda4a1b7528414a9d3
-    SHA256: 2e43be62587d7c4bb371bc0a1142a87a2a021bd0dcfd6cd107a50837c109e3ba
-  Company: CPUID
-  Copyright: Copyright(C) 2016 CPUID
-  CreationTimestamp: '2016-10-18 06:15:45'
-  Date: ''
-  Description: CPUID Driver
-  ExportedFunctions: ''
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - IoGetDeviceObjectPointer
-  - RtlAnsiStringToUnicodeString
-  - RtlInitAnsiString
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - IoDeleteDevice
-  - ObfDereferenceObject
-  - RtlInitUnicodeString
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeTickCount
-  - KeBugCheckEx
-  - RtlFreeUnicodeString
-  - ExAllocatePoolWithTag
-  - ExFreePool
-  - IofCompleteRequest
-  - KeInitializeEvent
-  - IoBuildDeviceIoControlRequest
-  - IofCallDriver
-  - KeWaitForSingleObject
-  - IoCancelIrp
-  - IoDeleteSymbolicLink
-  - PsGetVersion
-  - RtlUnwind
-  - READ_PORT_USHORT
-  - READ_PORT_ULONG
-  - WRITE_PORT_UCHAR
-  - WRITE_PORT_USHORT
-  - WRITE_PORT_ULONG
-  - KeQueryPerformanceCounter
-  - KeStallExecutionProcessor
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  - READ_PORT_UCHAR
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: cpuz.sys
-  MD5: cf7aeedd674417b648fc334d179c94ae
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: cpuz.sys
-  PDBPath: ''
-  Product: CPUID service
-  ProductVersion: 6.1.7600.16385
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: e10f1a83d333c2feb8a17b1906909a07
-    SHA1: f605fa8f10b2b64638f01715179b7588f4a6b727
-    SHA256: 9337693c714a35f8370e9a6d7aca13083a7e4c5dbbefdee250b06ae6cc63a06d
-  SHA1: 57cf65b024d9e2831729def42db2362d7c90dcfa
-  SHA256: 0e8595217f4457757bed0e3cdea25ea70429732b173bba999f02dc85c7e06d02
-  Sections:
-    .text:
-      Entropy: 6.229011052765095
-      Virtual Size: '0x3af0'
-    .rdata:
-      Entropy: 4.676901538042152
-      Virtual Size: '0x310'
-    .data:
-      Entropy: 0.13142343474404483
-      Virtual Size: '0x340'
-    INIT:
-      Entropy: 5.401860187790186
-      Virtual Size: '0x3fc'
-    .rsrc:
-      Entropy: 3.3912730045383297
-      Virtual Size: '0x350'
-    .reloc:
-      Entropy: 5.867788462225375
-      Virtual Size: '0x286'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, CN=CPUID
-      ValidFrom: '2014-12-02 00:00:00'
-      ValidTo: '2018-03-02 23:59:59'
-      Signature: a59808b35f916a1201f0987b958aaaf50b81f3e507cf9d1b902bc22787244617e38069e4ca74bcf505dfdfeb6bad8bee2ecba26a428c2b26c9b9987241b50ccfd895a7335b35534c5569fdef2554d773cb3b20f10e08eeff2701d2a3e8ef7c5bb759baf1995d1580dce4f0c5da90eff4f07e01e7c9273b24c14c514f2ae1d1fe940dd53bfa25572cd6f3c007c7f21aebc58ea32ca3aea83c731419c9dcc191158cbb52b0b70545a16c9b42aadd4dcb167443d6c15fa03ae7f6f0f644845a69cb8badb3f143fd916a70c5008c3486d1f0cc8e0527f76da5aeaca4925f6eb6861dd54e1ce8b80e6b000446d77ac8bd0299e38db3b8e4a9c43294367cd6a55351d0
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 2d8021d84f098e7abde199f818e211a4
-      Version: 3
-      TBS:
-        MD5: 8f8c7ccf1ef7e1ee347f49e8266008ca
-        SHA1: b856b993df73da9d824aa1e5161788bd10d1e10e
-        SHA256: 1dd13a417806106c76cfbcd3614fe27a0638d2aaf2731f6a110c05043e34ad91
-        SHA384: d24ede407b82f80a6f0703b59af267f227a956c21f642f4c3d717d6999728ba2acfde76966340f4334f8ecdcf294616e
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 2d8021d84f098e7abde199f818e211a4
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: b1e749ba779687a5127817da3d47af2c
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 0d43c778ce0348cb2ec0b2568207ba64
-    SHA1: e8a5f9873a1b773a2c4781ce6a5a1a90c81e0b52
-    SHA256: 2274f63f88ec9b2d2ecfca3068026d62cf3085f76329b11b37498ce2b2b644a8
-  Company: CPUID
-  Copyright: Copyright(C) 2016 CPUID
-  CreationTimestamp: '2016-10-05 03:53:53'
-  Date: ''
-  Description: CPUID Driver
-  ExportedFunctions: ''
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - IoGetDeviceObjectPointer
-  - RtlAnsiStringToUnicodeString
-  - RtlInitAnsiString
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - IoDeleteDevice
-  - ObfDereferenceObject
-  - RtlInitUnicodeString
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeTickCount
-  - KeBugCheckEx
-  - RtlFreeUnicodeString
-  - ExAllocatePoolWithTag
-  - ExFreePool
-  - IofCompleteRequest
-  - KeInitializeEvent
-  - IoBuildDeviceIoControlRequest
-  - IofCallDriver
-  - KeWaitForSingleObject
-  - IoCancelIrp
-  - IoDeleteSymbolicLink
-  - PsGetVersion
-  - RtlUnwind
-  - READ_PORT_USHORT
-  - READ_PORT_ULONG
-  - WRITE_PORT_UCHAR
-  - WRITE_PORT_USHORT
-  - WRITE_PORT_ULONG
-  - KeQueryPerformanceCounter
-  - KeStallExecutionProcessor
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  - READ_PORT_UCHAR
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: cpuz.sys
-  MD5: be17a598e0f5314748ade0871ad343e7
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: cpuz.sys
-  PDBPath: ''
-  Product: CPUID service
-  ProductVersion: 6.1.7600.16385
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: e10f1a83d333c2feb8a17b1906909a07
-    SHA1: f605fa8f10b2b64638f01715179b7588f4a6b727
-    SHA256: 9337693c714a35f8370e9a6d7aca13083a7e4c5dbbefdee250b06ae6cc63a06d
-  SHA1: baa94f0f816d7a41a63e7f1aa9dd3d64a9450ed0
-  SHA256: 40da0adf588cbb2841a657239d92f24b111d62b173204b8102dd0e014932fe59
-  Sections:
-    .text:
-      Entropy: 6.229151016844064
-      Virtual Size: '0x3b10'
-    .rdata:
-      Entropy: 4.706171652369877
-      Virtual Size: '0x310'
-    .data:
-      Entropy: 0.13142343474404483
-      Virtual Size: '0x340'
-    INIT:
-      Entropy: 5.412321381721897
-      Virtual Size: '0x3fc'
-    .rsrc:
-      Entropy: 3.381055336656842
-      Virtual Size: '0x350'
-    .reloc:
-      Entropy: 5.763063155244045
-      Virtual Size: '0x286'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, CN=CPUID
-      ValidFrom: '2014-12-02 00:00:00'
-      ValidTo: '2018-03-02 23:59:59'
-      Signature: a59808b35f916a1201f0987b958aaaf50b81f3e507cf9d1b902bc22787244617e38069e4ca74bcf505dfdfeb6bad8bee2ecba26a428c2b26c9b9987241b50ccfd895a7335b35534c5569fdef2554d773cb3b20f10e08eeff2701d2a3e8ef7c5bb759baf1995d1580dce4f0c5da90eff4f07e01e7c9273b24c14c514f2ae1d1fe940dd53bfa25572cd6f3c007c7f21aebc58ea32ca3aea83c731419c9dcc191158cbb52b0b70545a16c9b42aadd4dcb167443d6c15fa03ae7f6f0f644845a69cb8badb3f143fd916a70c5008c3486d1f0cc8e0527f76da5aeaca4925f6eb6861dd54e1ce8b80e6b000446d77ac8bd0299e38db3b8e4a9c43294367cd6a55351d0
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 2d8021d84f098e7abde199f818e211a4
-      Version: 3
-      TBS:
-        MD5: 8f8c7ccf1ef7e1ee347f49e8266008ca
-        SHA1: b856b993df73da9d824aa1e5161788bd10d1e10e
-        SHA256: 1dd13a417806106c76cfbcd3614fe27a0638d2aaf2731f6a110c05043e34ad91
-        SHA384: d24ede407b82f80a6f0703b59af267f227a956c21f642f4c3d717d6999728ba2acfde76966340f4334f8ecdcf294616e
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 2d8021d84f098e7abde199f818e211a4
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: b1e749ba779687a5127817da3d47af2c
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 6bdc52beda16b06bf061e9ff3e2d3955
-    SHA1: ca1f81a944a4b9c3bc9f6436860480e2efd82db4
-    SHA256: a3a6146a681d25f7d8be88fb36e37821a351205d9be2843c4e7cc0b366984b39
-  Company: CPUID
-  Copyright: Copyright(C) 2013 CPUID
-  CreationTimestamp: '2013-07-26 07:40:42'
-  Date: ''
-  Description: CPUID Driver
-  ExportedFunctions: ''
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - IofCompleteRequest
-  - ExFreePool
-  - ExAllocatePoolWithTag
-  - RtlFreeUnicodeString
-  - ObfDereferenceObject
-  - MmIsAddressValid
-  - IoGetDeviceObjectPointer
-  - MmUnmapIoSpace
-  - RtlInitAnsiString
-  - MmMapIoSpace
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - RtlUnwind
-  - KeTickCount
-  - KeBugCheckEx
-  - RtlInitUnicodeString
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - PsGetVersion
-  - KeInitializeEvent
-  - IoBuildDeviceIoControlRequest
-  - IofCallDriver
-  - KeWaitForSingleObject
-  - RtlAnsiStringToUnicodeString
-  - IoCancelIrp
-  - READ_PORT_USHORT
-  - READ_PORT_ULONG
-  - WRITE_PORT_UCHAR
-  - WRITE_PORT_USHORT
-  - WRITE_PORT_ULONG
-  - HalGetBusDataByOffset
-  - HalSetBusDataByOffset
-  - KeStallExecutionProcessor
-  - READ_PORT_UCHAR
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: cpuz.sys
-  MD5: 2714c93eb240375a2893ed7f8818004f
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: cpuz.sys
-  PDBPath: ''
-  Product: CPUID service
-  ProductVersion: 6.1.7600.16385
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 41f15d0f328a165973b49de608ef72a2
-    SHA1: abcd9850775bd0a1a855e785a238e0e69525810f
-    SHA256: 02dc44b04a6426fcaedf26995bfa471f123a90a9c747e82cebaf95f394890631
-  SHA1: 75649b228a22ce1e2a306844e0d48f714fb03f28
-  SHA256: 53bd8e8d3542fcf02d09c34282ebf97aee9515ee6b9a01cefd81baa45c6fd3d6
-  Sections:
-    .text:
-      Entropy: 6.188265910261186
-      Virtual Size: '0x2940'
-    .rdata:
-      Entropy: 4.667475511572403
-      Virtual Size: '0x2c0'
-    .data:
-      Entropy: 0.335842300318532
-      Virtual Size: '0x1e0'
-    INIT:
-      Entropy: 5.413907629259022
-      Virtual Size: '0x3f4'
-    .rsrc:
-      Entropy: 3.391941258882184
-      Virtual Size: '0x350'
-    .reloc:
-      Entropy: 5.459424356020445
-      Virtual Size: '0x238'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=CPUID
-      ValidFrom: '2012-01-06 00:00:00'
-      ValidTo: '2015-02-06 23:59:59'
-      Signature: be6fb3b3b33e9108a9a2273d1cf5eb3209a8c3a86ba7d66069393587f6b451b75b327ea15d36b1604aad5509c0ace37fa66e220b35764b9c201169677738c06802d2f798383c256c690898a663b0aeb519491057f9f24149c513abba2a4cab9934a684e5d83a34105fe6681f2b85d5ee06332d1c05c3627758442fd2fc94f5f68bb30f085cb1d31174e1461394aeef7b124291a099654d1103df3deab81e9658b5b5cc817061d688ae39e702f1d0dd420d6de931bed331960e089233b8576482e48d5b769fdfa8df02e1d098912444b324057826e1f72c26f045b2479a9b39eadfd6b2e1bd6db4057ef6b12ca385cad9a7ad82c4414e619f97dfd08a55f59053
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 53c8b54713882d4d5439511804935e
-      Version: 3
-      TBS:
-        MD5: 49e7946e133b4aaa31899adb235d3fa9
-        SHA1: f9f38ec49a6ccb990805be6dda0efa5f7fe8f7e7
-        SHA256: 1bb998a806b890e3300be35de0daa1b691fa218ef3d58ee5ec1b43fd34250a74
-        SHA384: 0a2ca21b084e3b431a7150c49819934d64a8b259d5686706d879a90cc37d32005eb2bbe07558b312b1169ab8a3e3de39
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 53c8b54713882d4d5439511804935e
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 958dd67f866ae27cf716e30a025b266f
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: cacb8e654c0149427d5a4e2bda3146ee
-    SHA1: 4007a1c237ac8c4342c5d205090b09c8f0c4ca33
-    SHA256: c9534f81749245346003690ecd5bdbd0a2b7011fa402c4984477ee7b4f80ca95
-  Company: Windows (R) Win 7 DDK provider
-  Copyright: "\xA9 Microsoft Corporation. All rights reserved."
-  CreationTimestamp: '2010-05-17 12:01:40'
-  Date: ''
-  Description: CPUID Driver
-  ExportedFunctions: ''
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - RtlAnsiStringToUnicodeString
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeInitializeEvent
-  - RtlInitAnsiString
-  - MmUnmapIoSpace
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - MmMapIoSpace
-  - ExFreePoolWithTag
-  - KeWaitForSingleObject
-  - PsGetVersion
-  - IoCreateSymbolicLink
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - IofCallDriver
-  - KeBugCheckEx
-  - IoDeleteSymbolicLink
-  - IoBuildDeviceIoControlRequest
-  - IofCompleteRequest
-  - ExAllocatePoolWithTag
-  - RtlUnwindEx
-  - HalSetBusDataByOffset
-  - KeStallExecutionProcessor
-  - HalGetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: cpuz.sys
-  MD5: 118f3fdba730094d17aa1b259586aef6
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: cpuz.sys
-  PDBPath: ''
-  Product: Windows (R) Win 7 DDK driver
-  ProductVersion: 6.1.7600.16385
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 93394769f926489de472acbbd72c3d8b
-    SHA1: 6e6c943f13b82d4d46331de813914d4db63771f7
-    SHA256: 53362bef3277e59f67ebc5a085f1cbe60e5c9aef1a18a2ac391b2f4954fa9649
-  SHA1: ec04d8c814f6884c009a7b51c452e73895794e64
-  SHA256: 922d23999a59ce0d84b479170fd265650bc7fae9e7d41bf550d8597f472a3832
-  Sections:
-    .text:
-      Entropy: 6.201563564303854
-      Virtual Size: '0x2186'
-    .rdata:
-      Entropy: 4.302124262535883
-      Virtual Size: '0x3c0'
-    .data:
-      Entropy: 0.378703493487675
-      Virtual Size: '0x2c0'
-    .pdata:
-      Entropy: 3.416457899981637
-      Virtual Size: '0x90'
-    INIT:
-      Entropy: 5.076342695575086
-      Virtual Size: '0x3f0'
-    .rsrc:
-      Entropy: 3.4148190207283133
-      Virtual Size: '0x3d0'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=CPUID
-      ValidFrom: '2009-02-02 00:00:00'
-      ValidTo: '2012-02-07 23:59:59'
-      Signature: 9a9bbecb393272aaedfd7a125e0fe581151a18a75a4094e082a38156f62018b9d59edef27429bbea60d6e146a2ce134546d54e00b6585c1d85e3aedfb3b9a5de7728a96b2bcc26106655bae6bc5ce3a72714f9e23282a2fba29fc870b394e832f07dc50ded3a042953fe91379769e424398278b6ed14ae4f6b4cce5fa7ba20fc8d157a78fd308214d177189bcd76b2bd62a861a8c1562e2748f338f7369f0f062804685399a6655fcb4564a644e7a8bee8330557376884cce9153992e8e205bc1474dbd0109b3c87991db9bb77a9dff5775267390431ce56ff49500d8ad70be34a0d9a0b112e07eb55f0fe07de9ac93a0b30cb36029b5ec41e032daf66627d4e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
-      Version: 3
-      TBS:
-        MD5: fb72fa311261c4fb6a786e5cc7ce1d2f
-        SHA1: 1006abcf3b1eb43fd4cc42a2cc25346b3b9002c3
-        SHA256: 01beb7dc0d29b16a5506fc611b435aa0f4d9c50408ca404e91135e493a20890a
-        SHA384: 759175ad5a7509fc3ea3678d14e568abd0edeb753b53af88af04869bea98a07314b88c26de077ab3bdb6dbb1df1b93f9
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  Imphash: 68062e8b9d3c1e6cc62a9cae16a12b81
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: d8c89e44a139c2b19c1ed0dc8368ea2d
-    SHA1: 550bdcfa9131c1bf31742343090368d759c77044
-    SHA256: 7699613119b25fc5886305e43ff556f8d53560cfa7707ab456f3165ba4ea374b
-  Company: CPUID
-  Copyright: Copyright(C) 2014 CPUID
-  CreationTimestamp: '2015-10-07 03:56:49'
-  Date: ''
-  Description: CPUID Driver
-  ExportedFunctions: ''
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - IofCompleteRequest
-  - ExFreePool
-  - ExAllocatePoolWithTag
-  - RtlFreeUnicodeString
-  - ObfDereferenceObject
-  - IoGetDeviceObjectPointer
-  - RtlAnsiStringToUnicodeString
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - RtlUnwind
-  - KeTickCount
-  - KeBugCheckEx
-  - RtlInitUnicodeString
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - PsGetVersion
-  - KeInitializeEvent
-  - IoBuildDeviceIoControlRequest
-  - IofCallDriver
-  - KeWaitForSingleObject
-  - RtlInitAnsiString
-  - IoCancelIrp
-  - READ_PORT_USHORT
-  - READ_PORT_ULONG
-  - WRITE_PORT_UCHAR
-  - WRITE_PORT_USHORT
-  - WRITE_PORT_ULONG
-  - KeStallExecutionProcessor
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  - READ_PORT_UCHAR
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: cpuz.sys
-  MD5: 80b4041695810f98e1c71ff0cf420b6d
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: cpuz.sys
-  PDBPath: ''
-  Product: CPUID service
-  ProductVersion: 6.1.7600.16385
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 151279b238de6194a32d8ca426ceaeee
-    SHA1: 7836f9fa452c5a538aed446df8439f2f49cc74aa
-    SHA256: 1319e59df060332195af6318ab22fe3f5018b1498211216a28a48f73980ab3b0
-  SHA1: 2bc9047f08a664ade481d0bbf554d3a0b49424ca
-  SHA256: ef1abc77f4000e68d5190f9e11025ea3dc1e6132103d4c3678e15a678de09f33
-  Sections:
-    .text:
-      Entropy: 6.228493472160084
-      Virtual Size: '0x3260'
-    .rdata:
-      Entropy: 4.675879933480417
-      Virtual Size: '0x2f4'
-    .data:
-      Entropy: 0.335842300318532
-      Virtual Size: '0x1e0'
-    INIT:
-      Entropy: 5.428373271150746
-      Virtual Size: '0x3dc'
-    .rsrc:
-      Entropy: 3.3938887641350184
-      Virtual Size: '0x350'
-    .reloc:
-      Entropy: 5.603135612742354
-      Virtual Size: '0x27c'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: ??=Private Organization, ??=FR, serialNumber=493 590 202, ??=39 rue
-        Joseph Jacquard, postalCode=59240, C=FR, L=Dunkerque, O=CPUID, CN=CPUID
-      ValidFrom: '2015-09-11 00:00:00'
-      ValidTo: '2018-09-19 12:00:00'
-      Signature: 4963c1597fb6f142ae83559d5a70e5bd09f92fdf2ddd16d93c77e91b10c52ef9e1032654515997dafd19e3b078e8c841ebde628e2f77b29c898d0612e2b7b1b3fec6a5cd93d9588494010e4e42b60d5d89d5ee4ee403228155cde73c1bdb770e65a7262a5c7cfa0914836d876a77698e88ac46b162a6326c79e62a857737571b64ab9d19556e6cfb7fcc5b32d340ef3872a7d9736575265b78b702652bd8621bb9b678a4768cbf78d6eba0d1370ad0f3e3e7d7d91e666627c9a0a30c548ed97fb9aca358aa0476ba2f1d475e956bf29123c59dce2c119d56603c42706f0c88efc1cd913e5dcba0130840eb86968290cd55f93b90466e8710bafd4111f67f04ba
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 07ef902f309d9df93e5124fa3ee5dae2
-      Version: 3
-      TBS:
-        MD5: aa06717c45e9e49a8c1e001c66edd9fa
-        SHA1: 6a150d1cba59e4090bf9169a333e0fb226ed5472
-        SHA256: 6dde4dd03be027a9ce82b9337559c984377a7a7f3f589d575726bfcbb806afdb
-        SHA384: b9bef10fc28980514e23d13d0fe6d5f43b3e4a2dff24049d6cef3c3fb955e071e1d1128c71c12c5a3bf09cc107782600
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA (SHA2)
-      ValidFrom: '2012-04-18 12:00:00'
-      ValidTo: '2027-04-18 12:00:00'
-      Signature: 19334a0c813337dbad36c9e4c93abbb51b2e7aa2e2f44342179ebf4ea14de1b1dbe981dd9f01f2e488d5e9fe09fd21c1ec5d80d2f0d6c143c2fe772bdbf9d79133ce6cd5b2193be62ed6c9934f88408ecde1f57ef10fc6595672e8eb6a41bd1cd546d57c49ca663815c1bfe091707787dcc98d31c90c29a233ed8de287cd898d3f1bffd5e01a978b7cda6dfba8c6b23a666b7b01b3cdd8a634ec1201ab9558a5c45357a860e6e70212a0b92364a24dbb7c81256421becfee42184397bba53706af4dff26a54d614bec4641b865ceb8799e08960b818c8a3b8fc7998ca32a6e986d5e61c696b78ab9612d93b8eb0e0443d7f5fea6f062d4996aa5c1c1f0649480
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 03f1b4e15f3a82f1149678b3d7d8475c
-      Version: 3
-      TBS:
-        MD5: 83f5de89f641d0fbf60248e10a7b9534
-        SHA1: 382a73a059a08698d6eb98c87e1b36fc750933a4
-        SHA256: eec58131dc11cd7f512501b15fdbc6074c603b68ca91f7162d5a042054edb0cf
-        SHA384: 4a25018683cabfb8ec2cad136334f37f33c89aa8540326322991d997c8adfb7faf06ab602ebd46630fe75fe3d2edc6b1
-    Signer:
-    - SerialNumber: 07ef902f309d9df93e5124fa3ee5dae2
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA (SHA2)
-      Version: 1
-  Imphash: 643f4d79f35dddc9bb5cc04a0f0c18d3
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: d8a92124984eb0c21f84461d5babd6de
-    SHA1: 6e928611c1afb608bf0df53a0d9f9e59a51199a2
-    SHA256: 4bf6f1b49ed332b31c695ee1e3e8db69d7514a3179f707034eec96de4865e1d2
-  Company: CPUID
-  Copyright: Copyright(C) 2010 CPUID
-  CreationTimestamp: '2010-11-09 06:32:57'
-  Date: ''
-  Description: CPUID Driver
-  ExportedFunctions: ''
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Filename: cpuz.sys
-  ImportedFunctions:
-  - IofCompleteRequest
-  - ExFreePool
-  - ExAllocatePoolWithTag
-  - RtlFreeUnicodeString
-  - ObfDereferenceObject
-  - MmIsAddressValid
-  - IoGetDeviceObjectPointer
-  - MmUnmapIoSpace
-  - RtlInitAnsiString
-  - MmMapIoSpace
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - RtlUnwind
-  - KeTickCount
-  - KeBugCheckEx
-  - RtlInitUnicodeString
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - PsGetVersion
-  - KeInitializeEvent
-  - IoBuildDeviceIoControlRequest
-  - IofCallDriver
-  - KeWaitForSingleObject
-  - RtlAnsiStringToUnicodeString
-  - IoCancelIrp
-  - READ_PORT_USHORT
-  - READ_PORT_ULONG
-  - WRITE_PORT_UCHAR
-  - WRITE_PORT_USHORT
-  - WRITE_PORT_ULONG
-  - HalGetBusDataByOffset
-  - HalSetBusDataByOffset
-  - KeStallExecutionProcessor
-  - READ_PORT_UCHAR
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: cpuz.sys
-  MD5: c2eb4539a4f6ab6edd01bdc191619975
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: cpuz.sys
-  Product: CPUID service
-  ProductVersion: 6.1.7600.16385
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 41f15d0f328a165973b49de608ef72a2
-    SHA1: abcd9850775bd0a1a855e785a238e0e69525810f
-    SHA256: 02dc44b04a6426fcaedf26995bfa471f123a90a9c747e82cebaf95f394890631
-  SHA1: 4d41248078181c7f61e6e4906aa96bbdea320dc2
-  SHA256: 8c95d28270a4a314299cf50f05dcbe63033b2a555195d2ad2f678e09e00393e6
-  Sections:
-    .text:
-      Entropy: 6.209693758202642
-      Virtual Size: '0x25f0'
-    .rdata:
-      Entropy: 4.523679043309293
-      Virtual Size: '0x300'
-    .data:
-      Entropy: 0.335842300318532
-      Virtual Size: '0x1e0'
-    INIT:
-      Entropy: 5.419833691539649
-      Virtual Size: '0x3f4'
-    .rsrc:
-      Entropy: 3.3927376128305218
-      Virtual Size: '0x350'
-    .reloc:
-      Entropy: 5.4506770820844155
-      Virtual Size: '0x24c'
-  Signature:
-  - CPUID
-  - VeriSign Class 3 Code Signing 2004 CA
-  - VeriSign Class 3 Public Primary CA
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=CPUID
-      ValidFrom: '2009-02-02 00:00:00'
-      ValidTo: '2012-02-07 23:59:59'
-      Signature: 9a9bbecb393272aaedfd7a125e0fe581151a18a75a4094e082a38156f62018b9d59edef27429bbea60d6e146a2ce134546d54e00b6585c1d85e3aedfb3b9a5de7728a96b2bcc26106655bae6bc5ce3a72714f9e23282a2fba29fc870b394e832f07dc50ded3a042953fe91379769e424398278b6ed14ae4f6b4cce5fa7ba20fc8d157a78fd308214d177189bcd76b2bd62a861a8c1562e2748f338f7369f0f062804685399a6655fcb4564a644e7a8bee8330557376884cce9153992e8e205bc1474dbd0109b3c87991db9bb77a9dff5775267390431ce56ff49500d8ad70be34a0d9a0b112e07eb55f0fe07de9ac93a0b30cb36029b5ec41e032daf66627d4e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
-      Version: 3
-      TBS:
-        MD5: fb72fa311261c4fb6a786e5cc7ce1d2f
-        SHA1: 1006abcf3b1eb43fd4cc42a2cc25346b3b9002c3
-        SHA256: 01beb7dc0d29b16a5506fc611b435aa0f4d9c50408ca404e91135e493a20890a
-        SHA384: 759175ad5a7509fc3ea3678d14e568abd0edeb753b53af88af04869bea98a07314b88c26de077ab3bdb6dbb1df1b93f9
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  Imphash: 958dd67f866ae27cf716e30a025b266f
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 309452c42b32d432d3e9d242da06f97a
-    SHA1: 74349d8cce986c0d30e6d7dda85dee9382c26346
-    SHA256: 158f9e2bcec73e821d5df17c1d5f9f46f23ecd9f6cf101588578235240f5cca0
-  Company: CPUID
-  Copyright: Copyright(C) 2010 CPUID
-  CreationTimestamp: '2010-12-27 06:34:50'
-  Date: ''
-  Description: CPUID Driver
-  ExportedFunctions: ''
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - IofCompleteRequest
-  - ExFreePool
-  - ExAllocatePoolWithTag
-  - RtlFreeUnicodeString
-  - ObfDereferenceObject
-  - MmIsAddressValid
-  - IoGetDeviceObjectPointer
-  - MmUnmapIoSpace
-  - RtlInitAnsiString
-  - MmMapIoSpace
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - RtlUnwind
-  - KeTickCount
-  - KeBugCheckEx
-  - RtlInitUnicodeString
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - PsGetVersion
-  - KeInitializeEvent
-  - IoBuildDeviceIoControlRequest
-  - IofCallDriver
-  - KeWaitForSingleObject
-  - RtlAnsiStringToUnicodeString
-  - IoCancelIrp
-  - READ_PORT_USHORT
-  - READ_PORT_ULONG
-  - WRITE_PORT_UCHAR
-  - WRITE_PORT_USHORT
-  - WRITE_PORT_ULONG
-  - HalGetBusDataByOffset
-  - HalSetBusDataByOffset
-  - KeStallExecutionProcessor
-  - READ_PORT_UCHAR
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: cpuz.sys
-  MD5: 44a3b9cc0a8e89c11544932b295ea113
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: cpuz.sys
-  PDBPath: ''
-  Product: CPUID service
-  ProductVersion: 6.1.7600.16385
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 41f15d0f328a165973b49de608ef72a2
-    SHA1: abcd9850775bd0a1a855e785a238e0e69525810f
-    SHA256: 02dc44b04a6426fcaedf26995bfa471f123a90a9c747e82cebaf95f394890631
-  SHA1: 543933cce83f2e75d1b6a8abdb41199ddef8406c
-  SHA256: a11cf43794ea5b5122a0851bf7de08e559f6e9219c77f9888ff740055f2c155e
-  Sections:
-    .text:
-      Entropy: 6.191884042534969
-      Virtual Size: '0x2640'
-    .rdata:
-      Entropy: 4.514474359741861
-      Virtual Size: '0x300'
-    .data:
-      Entropy: 0.335842300318532
-      Virtual Size: '0x1e0'
-    INIT:
-      Entropy: 5.415883913844001
-      Virtual Size: '0x3f4'
-    .rsrc:
-      Entropy: 3.3927376128305218
-      Virtual Size: '0x350'
-    .reloc:
-      Entropy: 5.484183849650332
-      Virtual Size: '0x250'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=CPUID
-      ValidFrom: '2009-02-02 00:00:00'
-      ValidTo: '2012-02-07 23:59:59'
-      Signature: 9a9bbecb393272aaedfd7a125e0fe581151a18a75a4094e082a38156f62018b9d59edef27429bbea60d6e146a2ce134546d54e00b6585c1d85e3aedfb3b9a5de7728a96b2bcc26106655bae6bc5ce3a72714f9e23282a2fba29fc870b394e832f07dc50ded3a042953fe91379769e424398278b6ed14ae4f6b4cce5fa7ba20fc8d157a78fd308214d177189bcd76b2bd62a861a8c1562e2748f338f7369f0f062804685399a6655fcb4564a644e7a8bee8330557376884cce9153992e8e205bc1474dbd0109b3c87991db9bb77a9dff5775267390431ce56ff49500d8ad70be34a0d9a0b112e07eb55f0fe07de9ac93a0b30cb36029b5ec41e032daf66627d4e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
-      Version: 3
-      TBS:
-        MD5: fb72fa311261c4fb6a786e5cc7ce1d2f
-        SHA1: 1006abcf3b1eb43fd4cc42a2cc25346b3b9002c3
-        SHA256: 01beb7dc0d29b16a5506fc611b435aa0f4d9c50408ca404e91135e493a20890a
-        SHA384: 759175ad5a7509fc3ea3678d14e568abd0edeb753b53af88af04869bea98a07314b88c26de077ab3bdb6dbb1df1b93f9
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  Imphash: 958dd67f866ae27cf716e30a025b266f
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 935f15a2b9c92e1d2a01caa67e4d7a9c
-    SHA1: ec4945aa4e0f04e234aa00df92731a9692ab1026
-    SHA256: bedb25c95cead7deb60ef18c753b65131d9b7dcd13846f09b011060042586213
-  Company: Windows (R) Win 7 DDK provider
-  Copyright: "\xA9 Microsoft Corporation. All rights reserved."
-  CreationTimestamp: '2010-07-09 05:18:04'
-  Date: ''
-  Description: CPUID Driver
-  ExportedFunctions: ''
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - IofCompleteRequest
-  - ExFreePool
-  - ExAllocatePoolWithTag
-  - RtlFreeUnicodeString
-  - ObfDereferenceObject
-  - MmIsAddressValid
-  - IoGetDeviceObjectPointer
-  - MmUnmapIoSpace
-  - RtlInitAnsiString
-  - MmMapIoSpace
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeTickCount
-  - KeBugCheckEx
-  - RtlInitUnicodeString
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - PsGetVersion
-  - KeInitializeEvent
-  - IoBuildDeviceIoControlRequest
-  - IofCallDriver
-  - KeWaitForSingleObject
-  - RtlAnsiStringToUnicodeString
-  - IoCancelIrp
-  - RtlUnwind
-  - READ_PORT_USHORT
-  - READ_PORT_ULONG
-  - WRITE_PORT_UCHAR
-  - WRITE_PORT_USHORT
-  - WRITE_PORT_ULONG
-  - HalGetBusDataByOffset
-  - HalSetBusDataByOffset
-  - KeStallExecutionProcessor
-  - READ_PORT_UCHAR
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: cpuz.sys
-  MD5: 75fa19142531cbf490770c2988a7db64
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: cpuz.sys
-  PDBPath: ''
-  Product: Windows (R) Win 7 DDK driver
-  ProductVersion: 6.1.7600.16385
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 4ba73072bea66755a70f3a8c99951424
-    SHA1: d9ce039d736544c2d9b7fe44460d8e006a5c62f0
-    SHA256: 3b45bc2da9543317e7a22486f86a3f8c0eb289596d1d7661b47e35e99058861f
-  SHA1: 9cc694dcb532e94554a2a1ef7c6ced3e2f86ef5a
-  SHA256: c673f2eed5d0eed307a67119d20a91c8818a53a3cb616e2984876b07e5c62547
-  Sections:
-    .text:
-      Entropy: 6.234206925652012
-      Virtual Size: '0x2170'
-    .rdata:
-      Entropy: 4.503033217723106
-      Virtual Size: '0x2ec'
-    .data:
-      Entropy: 0.22396935932252834
-      Virtual Size: '0x1c0'
-    INIT:
-      Entropy: 5.447569063369494
-      Virtual Size: '0x3f4'
-    .rsrc:
-      Entropy: 3.418143931074457
-      Virtual Size: '0x3d0'
-    .reloc:
-      Entropy: 5.615914987677597
-      Virtual Size: '0x214'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=CPUID
-      ValidFrom: '2009-02-02 00:00:00'
-      ValidTo: '2012-02-07 23:59:59'
-      Signature: 9a9bbecb393272aaedfd7a125e0fe581151a18a75a4094e082a38156f62018b9d59edef27429bbea60d6e146a2ce134546d54e00b6585c1d85e3aedfb3b9a5de7728a96b2bcc26106655bae6bc5ce3a72714f9e23282a2fba29fc870b394e832f07dc50ded3a042953fe91379769e424398278b6ed14ae4f6b4cce5fa7ba20fc8d157a78fd308214d177189bcd76b2bd62a861a8c1562e2748f338f7369f0f062804685399a6655fcb4564a644e7a8bee8330557376884cce9153992e8e205bc1474dbd0109b3c87991db9bb77a9dff5775267390431ce56ff49500d8ad70be34a0d9a0b112e07eb55f0fe07de9ac93a0b30cb36029b5ec41e032daf66627d4e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
-      Version: 3
-      TBS:
-        MD5: fb72fa311261c4fb6a786e5cc7ce1d2f
-        SHA1: 1006abcf3b1eb43fd4cc42a2cc25346b3b9002c3
-        SHA256: 01beb7dc0d29b16a5506fc611b435aa0f4d9c50408ca404e91135e493a20890a
-        SHA384: 759175ad5a7509fc3ea3678d14e568abd0edeb753b53af88af04869bea98a07314b88c26de077ab3bdb6dbb1df1b93f9
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  Imphash: 5716c52252afe18d09f6c1bc6e5ef3ef
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: f650821a4b67b88288c57f0dcd2bb22b
-    SHA1: a73160d3ed6b21c9943d75357e55a4d422a37050
-    SHA256: 6522fc68fa686a546cd98142b90e5bcbfb8b79127cfb38b9a1249996d3d102dc
-  Company: CPUID
-  Copyright: Copyright(C) 2014 CPUID
-  CreationTimestamp: '2014-11-27 04:16:46'
-  Date: ''
-  Description: CPUID Driver
-  ExportedFunctions: ''
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - RtlAnsiStringToUnicodeString
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeInitializeEvent
-  - RtlInitAnsiString
-  - MmUnmapIoSpace
-  - IoCancelIrp
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - ExFreePoolWithTag
-  - IofCompleteRequest
-  - KeWaitForSingleObject
-  - PsGetVersion
-  - IoCreateSymbolicLink
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - DbgPrintEx
-  - IofCallDriver
-  - KeBugCheckEx
-  - IoDeleteSymbolicLink
-  - IoBuildDeviceIoControlRequest
-  - MmMapIoSpace
-  - ExAllocatePoolWithTag
-  - RtlUnwindEx
-  - HalSetBusDataByOffset
-  - KeStallExecutionProcessor
-  - HalGetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: cpuz.sys
-  MD5: a223f8584bcb978c003dd451b1439f8d
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: cpuz.sys
-  PDBPath: ''
-  Product: CPUID service
-  ProductVersion: 6.1.7600.16385
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: c046d6f14ec39d2a0f67a417bda83c5e
-    SHA1: 74661f1063b4c80566f75a1bee22c35f7af17fa9
-    SHA256: 440eebbdc09d290724d364056ba4e2725c75759819a6df0a1ed5c876ed7d2474
-  SHA1: dce4322406004fc884d91ed9a88a36daca7ae19a
-  SHA256: bc8cb3aebe911bd9b4a3caf46f7dda0f73fec4d2e4e7bc9601bb6726f5893091
-  Sections:
-    .text:
-      Entropy: 6.217726783866495
-      Virtual Size: '0x31d7'
-    .rdata:
-      Entropy: 4.172758269398432
-      Virtual Size: '0x434'
-    .data:
-      Entropy: 0.378703493487675
-      Virtual Size: '0x2c0'
-    .pdata:
-      Entropy: 3.5865115349753927
-      Virtual Size: '0xd8'
-    INIT:
-      Entropy: 5.117679654830676
-      Virtual Size: '0x400'
-    .rsrc:
-      Entropy: 3.3971374522271924
-      Virtual Size: '0x350'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=CPUID
-      ValidFrom: '2012-01-06 00:00:00'
-      ValidTo: '2015-02-06 23:59:59'
-      Signature: be6fb3b3b33e9108a9a2273d1cf5eb3209a8c3a86ba7d66069393587f6b451b75b327ea15d36b1604aad5509c0ace37fa66e220b35764b9c201169677738c06802d2f798383c256c690898a663b0aeb519491057f9f24149c513abba2a4cab9934a684e5d83a34105fe6681f2b85d5ee06332d1c05c3627758442fd2fc94f5f68bb30f085cb1d31174e1461394aeef7b124291a099654d1103df3deab81e9658b5b5cc817061d688ae39e702f1d0dd420d6de931bed331960e089233b8576482e48d5b769fdfa8df02e1d098912444b324057826e1f72c26f045b2479a9b39eadfd6b2e1bd6db4057ef6b12ca385cad9a7ad82c4414e619f97dfd08a55f59053
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 53c8b54713882d4d5439511804935e
-      Version: 3
-      TBS:
-        MD5: 49e7946e133b4aaa31899adb235d3fa9
-        SHA1: f9f38ec49a6ccb990805be6dda0efa5f7fe8f7e7
-        SHA256: 1bb998a806b890e3300be35de0daa1b691fa218ef3d58ee5ec1b43fd34250a74
-        SHA384: 0a2ca21b084e3b431a7150c49819934d64a8b259d5686706d879a90cc37d32005eb2bbe07558b312b1169ab8a3e3de39
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 53c8b54713882d4d5439511804935e
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 65abf5c92cc2239f2dc9d589458569c9
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: a81f08837e541b798d6c760ec7a7ee92
-    SHA1: c0c3d664f74fd6737431124a522a1347c8ce21ce
-    SHA256: 4a525f5350be5a82cf4fb3546a914841642cda5deed7f9baa13d2912eed476fb
-  Company: CPUID
-  Copyright: Copyright(C) 2017 CPUID
-  CreationTimestamp: '2017-03-23 05:18:13'
-  Date: ''
-  Description: CPUID Driver
-  ExportedFunctions: ''
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - IoGetDeviceObjectPointer
-  - RtlAnsiStringToUnicodeString
-  - RtlInitAnsiString
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - IoDeleteDevice
-  - ObfDereferenceObject
-  - RtlInitUnicodeString
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeTickCount
-  - KeBugCheckEx
-  - RtlFreeUnicodeString
-  - ExAllocatePoolWithTag
-  - ExFreePool
-  - IofCompleteRequest
-  - KeInitializeEvent
-  - IoBuildDeviceIoControlRequest
-  - IofCallDriver
-  - KeWaitForSingleObject
-  - IoCancelIrp
-  - IoDeleteSymbolicLink
-  - PsGetVersion
-  - RtlUnwind
-  - READ_PORT_USHORT
-  - READ_PORT_ULONG
-  - WRITE_PORT_UCHAR
-  - WRITE_PORT_USHORT
-  - WRITE_PORT_ULONG
-  - KeQueryPerformanceCounter
-  - KeStallExecutionProcessor
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  - READ_PORT_UCHAR
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: cpuz.sys
-  MD5: e027daa2f81961d09aef88093e107d93
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: cpuz.sys
-  PDBPath: ''
-  Product: CPUID service
-  ProductVersion: 6.1.7600.16385
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: e10f1a83d333c2feb8a17b1906909a07
-    SHA1: f605fa8f10b2b64638f01715179b7588f4a6b727
-    SHA256: 9337693c714a35f8370e9a6d7aca13083a7e4c5dbbefdee250b06ae6cc63a06d
-  SHA1: 65f6a4a23846277914d90ba6c12742eecf1be22d
-  SHA256: 11a4b08e70ebc25a1d4c35ed0f8ef576c1424c52b580115b26149bd224ffc768
-  Sections:
-    .text:
-      Entropy: 6.180707788939719
-      Virtual Size: '0x4980'
-    .rdata:
-      Entropy: 4.74337864304572
-      Virtual Size: '0x398'
-    .data:
-      Entropy: 0.13142343474404483
-      Virtual Size: '0x340'
-    INIT:
-      Entropy: 5.4107944069129665
-      Virtual Size: '0x3fc'
-    .rsrc:
-      Entropy: 3.3973045624277542
-      Virtual Size: '0x350'
-    .reloc:
-      Entropy: 5.9736845764369955
-      Virtual Size: '0x2f0'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, CN=CPUID
-      ValidFrom: '2014-12-02 00:00:00'
-      ValidTo: '2018-03-02 23:59:59'
-      Signature: a59808b35f916a1201f0987b958aaaf50b81f3e507cf9d1b902bc22787244617e38069e4ca74bcf505dfdfeb6bad8bee2ecba26a428c2b26c9b9987241b50ccfd895a7335b35534c5569fdef2554d773cb3b20f10e08eeff2701d2a3e8ef7c5bb759baf1995d1580dce4f0c5da90eff4f07e01e7c9273b24c14c514f2ae1d1fe940dd53bfa25572cd6f3c007c7f21aebc58ea32ca3aea83c731419c9dcc191158cbb52b0b70545a16c9b42aadd4dcb167443d6c15fa03ae7f6f0f644845a69cb8badb3f143fd916a70c5008c3486d1f0cc8e0527f76da5aeaca4925f6eb6861dd54e1ce8b80e6b000446d77ac8bd0299e38db3b8e4a9c43294367cd6a55351d0
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 2d8021d84f098e7abde199f818e211a4
-      Version: 3
-      TBS:
-        MD5: 8f8c7ccf1ef7e1ee347f49e8266008ca
-        SHA1: b856b993df73da9d824aa1e5161788bd10d1e10e
-        SHA256: 1dd13a417806106c76cfbcd3614fe27a0638d2aaf2731f6a110c05043e34ad91
-        SHA384: d24ede407b82f80a6f0703b59af267f227a956c21f642f4c3d717d6999728ba2acfde76966340f4334f8ecdcf294616e
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 2d8021d84f098e7abde199f818e211a4
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: b1e749ba779687a5127817da3d47af2c
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 3e6f73c0fdbd707a45c117d6bf4122a4
-    SHA1: b06dc5c8fb5cf42bab967d11eac38a13cb6f2cb0
-    SHA256: fed2e6e84e5f7212a86ede773184d97fb11d24b5da26a030c833dd1bec4ec953
-  Company: CPUID
-  Copyright: Copyright(C) 2015 CPUID
-  CreationTimestamp: '2016-01-27 02:15:39'
-  Date: ''
-  Description: CPUID Driver
-  ExportedFunctions: ''
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - IofCompleteRequest
-  - ExFreePool
-  - ExAllocatePoolWithTag
-  - RtlFreeUnicodeString
-  - ObfDereferenceObject
-  - IoGetDeviceObjectPointer
-  - RtlAnsiStringToUnicodeString
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - RtlUnwind
-  - KeTickCount
-  - KeBugCheckEx
-  - RtlInitUnicodeString
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - PsGetVersion
-  - KeInitializeEvent
-  - IoBuildDeviceIoControlRequest
-  - IofCallDriver
-  - KeWaitForSingleObject
-  - RtlInitAnsiString
-  - IoCancelIrp
-  - READ_PORT_USHORT
-  - READ_PORT_ULONG
-  - WRITE_PORT_UCHAR
-  - WRITE_PORT_USHORT
-  - WRITE_PORT_ULONG
-  - KeStallExecutionProcessor
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  - READ_PORT_UCHAR
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: cpuz.sys
-  MD5: c31610f4c383204a1fc105c54b7403c9
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: cpuz.sys
-  PDBPath: ''
-  Product: CPUID service
-  ProductVersion: 6.1.7600.16385
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 151279b238de6194a32d8ca426ceaeee
-    SHA1: 7836f9fa452c5a538aed446df8439f2f49cc74aa
-    SHA256: 1319e59df060332195af6318ab22fe3f5018b1498211216a28a48f73980ab3b0
-  SHA1: 65886384708d5a6c86f3c4c16a7e7cdbf68de92a
-  SHA256: 6c5c6c350c8dd4ca90a8cca0ed1eeca185ebc67b1100935c8f03eb3032aca388
-  Sections:
-    .text:
-      Entropy: 6.228423170107256
-      Virtual Size: '0x3260'
-    .rdata:
-      Entropy: 4.674813067607283
-      Virtual Size: '0x2f4'
-    .data:
-      Entropy: 0.335842300318532
-      Virtual Size: '0x1e0'
-    INIT:
-      Entropy: 5.428373271150746
-      Virtual Size: '0x3dc'
-    .rsrc:
-      Entropy: 3.3925686987119477
-      Virtual Size: '0x350'
-    .reloc:
-      Entropy: 5.603135612742354
-      Virtual Size: '0x27c'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, CN=CPUID
-      ValidFrom: '2014-12-02 00:00:00'
-      ValidTo: '2018-03-02 23:59:59'
-      Signature: a59808b35f916a1201f0987b958aaaf50b81f3e507cf9d1b902bc22787244617e38069e4ca74bcf505dfdfeb6bad8bee2ecba26a428c2b26c9b9987241b50ccfd895a7335b35534c5569fdef2554d773cb3b20f10e08eeff2701d2a3e8ef7c5bb759baf1995d1580dce4f0c5da90eff4f07e01e7c9273b24c14c514f2ae1d1fe940dd53bfa25572cd6f3c007c7f21aebc58ea32ca3aea83c731419c9dcc191158cbb52b0b70545a16c9b42aadd4dcb167443d6c15fa03ae7f6f0f644845a69cb8badb3f143fd916a70c5008c3486d1f0cc8e0527f76da5aeaca4925f6eb6861dd54e1ce8b80e6b000446d77ac8bd0299e38db3b8e4a9c43294367cd6a55351d0
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 2d8021d84f098e7abde199f818e211a4
-      Version: 3
-      TBS:
-        MD5: 8f8c7ccf1ef7e1ee347f49e8266008ca
-        SHA1: b856b993df73da9d824aa1e5161788bd10d1e10e
-        SHA256: 1dd13a417806106c76cfbcd3614fe27a0638d2aaf2731f6a110c05043e34ad91
-        SHA384: d24ede407b82f80a6f0703b59af267f227a956c21f642f4c3d717d6999728ba2acfde76966340f4334f8ecdcf294616e
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 2d8021d84f098e7abde199f818e211a4
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 643f4d79f35dddc9bb5cc04a0f0c18d3
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 5cfd801fc0baec3342bd6a6a59503c96
-    SHA1: e542227abbc61cd8adb8ecf2de77368c1825d2c8
-    SHA256: 81017af32ebdaf0bc0878a8057bc6b8bd3848eb21aca324cd56b27faa1df7377
-  Company: CPUID
-  Copyright: Copyright(C) 2014 CPUID
-  CreationTimestamp: '2015-02-26 00:22:40'
-  Date: ''
-  Description: CPUID Driver
-  ExportedFunctions: ''
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - IofCompleteRequest
-  - ExFreePool
-  - ExAllocatePoolWithTag
-  - RtlFreeUnicodeString
-  - ObfDereferenceObject
-  - IoGetDeviceObjectPointer
-  - RtlAnsiStringToUnicodeString
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - RtlUnwind
-  - KeTickCount
-  - KeBugCheckEx
-  - RtlInitUnicodeString
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - PsGetVersion
-  - KeInitializeEvent
-  - IoBuildDeviceIoControlRequest
-  - IofCallDriver
-  - KeWaitForSingleObject
-  - RtlInitAnsiString
-  - IoCancelIrp
-  - READ_PORT_USHORT
-  - READ_PORT_ULONG
-  - WRITE_PORT_UCHAR
-  - WRITE_PORT_USHORT
-  - WRITE_PORT_ULONG
-  - KeStallExecutionProcessor
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  - READ_PORT_UCHAR
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: cpuz.sys
-  MD5: 8d14b013fc2b555e404b1c3301150c34
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: cpuz.sys
-  PDBPath: ''
-  Product: CPUID service
-  ProductVersion: 6.1.7600.16385
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 151279b238de6194a32d8ca426ceaeee
-    SHA1: 7836f9fa452c5a538aed446df8439f2f49cc74aa
-    SHA256: 1319e59df060332195af6318ab22fe3f5018b1498211216a28a48f73980ab3b0
-  SHA1: 5c94c8894799f02f19e45fcab44ee33e653a4d17
-  SHA256: a3975db1127c331ba541fffff0c607a15c45b47aa078e756b402422ef7e81c2c
-  Sections:
-    .text:
-      Entropy: 6.228493472160084
-      Virtual Size: '0x3260'
-    .rdata:
-      Entropy: 4.678009087547132
-      Virtual Size: '0x2f4'
-    .data:
-      Entropy: 0.335842300318532
-      Virtual Size: '0x1e0'
-    INIT:
-      Entropy: 5.428373271150746
-      Virtual Size: '0x3dc'
-    .rsrc:
-      Entropy: 3.3938887641350184
-      Virtual Size: '0x350'
-    .reloc:
-      Entropy: 5.603135612742354
-      Virtual Size: '0x27c'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, CN=CPUID
-      ValidFrom: '2014-12-02 00:00:00'
-      ValidTo: '2018-03-02 23:59:59'
-      Signature: a59808b35f916a1201f0987b958aaaf50b81f3e507cf9d1b902bc22787244617e38069e4ca74bcf505dfdfeb6bad8bee2ecba26a428c2b26c9b9987241b50ccfd895a7335b35534c5569fdef2554d773cb3b20f10e08eeff2701d2a3e8ef7c5bb759baf1995d1580dce4f0c5da90eff4f07e01e7c9273b24c14c514f2ae1d1fe940dd53bfa25572cd6f3c007c7f21aebc58ea32ca3aea83c731419c9dcc191158cbb52b0b70545a16c9b42aadd4dcb167443d6c15fa03ae7f6f0f644845a69cb8badb3f143fd916a70c5008c3486d1f0cc8e0527f76da5aeaca4925f6eb6861dd54e1ce8b80e6b000446d77ac8bd0299e38db3b8e4a9c43294367cd6a55351d0
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 2d8021d84f098e7abde199f818e211a4
-      Version: 3
-      TBS:
-        MD5: 8f8c7ccf1ef7e1ee347f49e8266008ca
-        SHA1: b856b993df73da9d824aa1e5161788bd10d1e10e
-        SHA256: 1dd13a417806106c76cfbcd3614fe27a0638d2aaf2731f6a110c05043e34ad91
-        SHA384: d24ede407b82f80a6f0703b59af267f227a956c21f642f4c3d717d6999728ba2acfde76966340f4334f8ecdcf294616e
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 2d8021d84f098e7abde199f818e211a4
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 643f4d79f35dddc9bb5cc04a0f0c18d3
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 089b65f7a818485884624cea6fff78cd
-    SHA1: ed245e4139d5d97b6c5b4085b0bdb2d9a9711bfb
-    SHA256: d6d5d997bbb55b2328c6486595f6f3070a0d03b4dd7c1d2ec1510f43e61b9bcd
-  Company: CPUID
-  Copyright: Copyright(C) 2017 CPUID
-  CreationTimestamp: '2017-05-22 02:18:28'
-  Date: ''
-  Description: CPUID Driver
-  ExportedFunctions: ''
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - PsGetVersion
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeTickCount
-  - KeBugCheckEx
-  - IofCompleteRequest
-  - MmMapIoSpace
-  - MmUnmapIoSpace
-  - ProbeForWrite
-  - IoDeleteDevice
-  - RtlInitUnicodeString
-  - IoDeleteSymbolicLink
-  - RtlUnwindEx
-  - RtlPcToFileHeader
-  - READ_PORT_USHORT
-  - WRITE_PORT_ULONG
-  - HalGetBusDataByOffset
-  - HalSetBusDataByOffset
-  - READ_PORT_UCHAR
-  - HalCallPal
-  - WRITE_PORT_UCHAR
-  - KeStallExecutionProcessor
-  - WRITE_PORT_USHORT
-  - READ_PORT_ULONG
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: cpuz.sys
-  MD5: a610cd4c762b5af8575285dafb9baa8f
-  MachineType: IA64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: cpuz.sys
-  PDBPath: ''
-  Product: CPUID service
-  ProductVersion: 6.1.7600.16385
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 756be87f8c768cb8bfd02af932dd7589
-    SHA1: 16c2ebba52ba9fb0ef5570c1d620daaaee63865a
-    SHA256: 48acdfbe5ad27d73c0fd9b115a49420f182d146bca52797ce33cc2a061ff0ced
-  SHA1: 7a107291a9fad0d298a606eb34798d423c4a5683
-  SHA256: da617fe914a5f86dc9d657ef891bbbceb393c8a6fea2313c84923f3630255cdb
-  Sections:
-    .text:
-      Entropy: 5.345067492229126
-      Virtual Size: '0x57c0'
-    .rdata:
-      Entropy: 4.032837077012453
-      Virtual Size: '0x550'
-    .pdata:
-      Entropy: 3.4181953789743655
-      Virtual Size: '0xd8'
-    .sdata:
-      Entropy: 1.1203888318125959
-      Virtual Size: '0x420'
-    INIT:
-      Entropy: 5.015276332791068
-      Virtual Size: '0x3e8'
-    .rsrc:
-      Entropy: 3.388191426646717
-      Virtual Size: '0x350'
-    .reloc:
-      Entropy: 0.9063065323515203
-      Virtual Size: '0x188'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, CN=CPUID
-      ValidFrom: '2014-12-02 00:00:00'
-      ValidTo: '2018-03-02 23:59:59'
-      Signature: a59808b35f916a1201f0987b958aaaf50b81f3e507cf9d1b902bc22787244617e38069e4ca74bcf505dfdfeb6bad8bee2ecba26a428c2b26c9b9987241b50ccfd895a7335b35534c5569fdef2554d773cb3b20f10e08eeff2701d2a3e8ef7c5bb759baf1995d1580dce4f0c5da90eff4f07e01e7c9273b24c14c514f2ae1d1fe940dd53bfa25572cd6f3c007c7f21aebc58ea32ca3aea83c731419c9dcc191158cbb52b0b70545a16c9b42aadd4dcb167443d6c15fa03ae7f6f0f644845a69cb8badb3f143fd916a70c5008c3486d1f0cc8e0527f76da5aeaca4925f6eb6861dd54e1ce8b80e6b000446d77ac8bd0299e38db3b8e4a9c43294367cd6a55351d0
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 2d8021d84f098e7abde199f818e211a4
-      Version: 3
-      TBS:
-        MD5: 8f8c7ccf1ef7e1ee347f49e8266008ca
-        SHA1: b856b993df73da9d824aa1e5161788bd10d1e10e
-        SHA256: 1dd13a417806106c76cfbcd3614fe27a0638d2aaf2731f6a110c05043e34ad91
-        SHA384: d24ede407b82f80a6f0703b59af267f227a956c21f642f4c3d717d6999728ba2acfde76966340f4334f8ecdcf294616e
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 2d8021d84f098e7abde199f818e211a4
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: a2d936fa82b7340d28a697fb344046d8
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 14a0ffbaa1c006e13694045677dbeabf
-    SHA1: 9a80799aa58112415ce2d7b1d6b238d41cbdda28
-    SHA256: b7e3bd414674a3258be7ce384619b74946bafa218648a00c04e4e74f987f5723
-  Company: CPUID
-  Copyright: Copyright(C) 2015 CPUID
-  CreationTimestamp: '2016-01-27 02:16:16'
-  Date: ''
-  Description: CPUID Driver
-  ExportedFunctions: ''
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - PsGetVersion
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeTickCount
-  - KeBugCheckEx
-  - IofCompleteRequest
-  - MmMapIoSpace
-  - MmUnmapIoSpace
-  - ProbeForWrite
-  - IoDeleteDevice
-  - RtlInitUnicodeString
-  - IoDeleteSymbolicLink
-  - RtlUnwindEx
-  - RtlPcToFileHeader
-  - READ_PORT_USHORT
-  - WRITE_PORT_ULONG
-  - HalGetBusDataByOffset
-  - HalSetBusDataByOffset
-  - READ_PORT_UCHAR
-  - HalCallPal
-  - WRITE_PORT_UCHAR
-  - KeStallExecutionProcessor
-  - WRITE_PORT_USHORT
-  - READ_PORT_ULONG
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: cpuz.sys
-  MD5: 8ea94766cd7890483449dc193d267993
-  MachineType: IA64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: cpuz.sys
-  PDBPath: ''
-  Product: CPUID service
-  ProductVersion: 6.1.7600.16385
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 756be87f8c768cb8bfd02af932dd7589
-    SHA1: 16c2ebba52ba9fb0ef5570c1d620daaaee63865a
-    SHA256: 48acdfbe5ad27d73c0fd9b115a49420f182d146bca52797ce33cc2a061ff0ced
-  SHA1: 43b61039f415d14189d578012b6cb1bd2303d304
-  SHA256: b8ffe83919afc08a430c017a98e6ace3d9cbd7258c16c09c4f3a4e06746fc80a
-  Sections:
-    .text:
-      Entropy: 5.384315290830981
-      Virtual Size: '0x40e0'
-    .rdata:
-      Entropy: 4.105446572852521
-      Virtual Size: '0x430'
-    .pdata:
-      Entropy: 3.4076201526884144
-      Virtual Size: '0xcc'
-    .sdata:
-      Entropy: 1.1203888318125959
-      Virtual Size: '0x2a0'
-    INIT:
-      Entropy: 5.0154033944534415
-      Virtual Size: '0x3e8'
-    .rsrc:
-      Entropy: 3.3890627415891226
-      Virtual Size: '0x350'
-    .reloc:
-      Entropy: 0.9037311282531211
-      Virtual Size: '0x184'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, CN=CPUID
-      ValidFrom: '2014-12-02 00:00:00'
-      ValidTo: '2018-03-02 23:59:59'
-      Signature: a59808b35f916a1201f0987b958aaaf50b81f3e507cf9d1b902bc22787244617e38069e4ca74bcf505dfdfeb6bad8bee2ecba26a428c2b26c9b9987241b50ccfd895a7335b35534c5569fdef2554d773cb3b20f10e08eeff2701d2a3e8ef7c5bb759baf1995d1580dce4f0c5da90eff4f07e01e7c9273b24c14c514f2ae1d1fe940dd53bfa25572cd6f3c007c7f21aebc58ea32ca3aea83c731419c9dcc191158cbb52b0b70545a16c9b42aadd4dcb167443d6c15fa03ae7f6f0f644845a69cb8badb3f143fd916a70c5008c3486d1f0cc8e0527f76da5aeaca4925f6eb6861dd54e1ce8b80e6b000446d77ac8bd0299e38db3b8e4a9c43294367cd6a55351d0
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 2d8021d84f098e7abde199f818e211a4
-      Version: 3
-      TBS:
-        MD5: 8f8c7ccf1ef7e1ee347f49e8266008ca
-        SHA1: b856b993df73da9d824aa1e5161788bd10d1e10e
-        SHA256: 1dd13a417806106c76cfbcd3614fe27a0638d2aaf2731f6a110c05043e34ad91
-        SHA384: d24ede407b82f80a6f0703b59af267f227a956c21f642f4c3d717d6999728ba2acfde76966340f4334f8ecdcf294616e
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 2d8021d84f098e7abde199f818e211a4
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: a2d936fa82b7340d28a697fb344046d8
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: e6b4766ff30ed89390459e22c49c0bd2
-    SHA1: a87a40f69b737d0d16814f21dd9837d3834d6bd3
-    SHA256: 31fcf4cbe7de8a5d563144e577324f9206bcc24ddf17473b436f1c693dff0ee7
-  Company: CPUID
-  Copyright: Copyright(C) 2013 CPUID
-  CreationTimestamp: '2013-10-22 06:52:21'
-  Date: ''
-  Description: CPUID Driver
-  ExportedFunctions: ''
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - RtlAnsiStringToUnicodeString
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeInitializeEvent
-  - RtlInitAnsiString
-  - MmUnmapIoSpace
-  - IoCancelIrp
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - ExFreePoolWithTag
-  - IofCompleteRequest
-  - KeWaitForSingleObject
-  - PsGetVersion
-  - IoCreateSymbolicLink
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - IofCallDriver
-  - KeBugCheckEx
-  - IoDeleteSymbolicLink
-  - IoBuildDeviceIoControlRequest
-  - MmMapIoSpace
-  - ExAllocatePoolWithTag
-  - RtlUnwindEx
-  - HalSetBusDataByOffset
-  - KeStallExecutionProcessor
-  - HalGetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: cpuz.sys
-  MD5: 82854a57630059d1ce2870159dc2f86b
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: cpuz.sys
-  PDBPath: ''
-  Product: CPUID service
-  ProductVersion: 6.1.7600.16385
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 685a19a8e9f46a76067db83da501dca0
-    SHA1: 5f76e4cf5157450837536db016e9981cb41394d2
-    SHA256: 1a0c69ff029488d41c7d9413943c28d389016adb26698d9baf02c6f32739d591
-  SHA1: 5bb2d46ba666c03c56c326f0bbc85cc48a87dfa3
-  SHA256: 0484defcf1b5afbe573472753dc2395e528608b688e5c7d1d178164e48e7bed7
-  Sections:
-    .text:
-      Entropy: 6.128820194208281
-      Virtual Size: '0x2ab6'
-    .rdata:
-      Entropy: 4.139845021755118
-      Virtual Size: '0x404'
-    .data:
-      Entropy: 0.378703493487675
-      Virtual Size: '0x2c0'
-    .pdata:
-      Entropy: 3.49998628423541
-      Virtual Size: '0xc0'
-    INIT:
-      Entropy: 5.076575853289
-      Virtual Size: '0x406'
-    .rsrc:
-      Entropy: 3.3935766621226473
-      Virtual Size: '0x350'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=CPUID
-      ValidFrom: '2012-01-06 00:00:00'
-      ValidTo: '2015-02-06 23:59:59'
-      Signature: be6fb3b3b33e9108a9a2273d1cf5eb3209a8c3a86ba7d66069393587f6b451b75b327ea15d36b1604aad5509c0ace37fa66e220b35764b9c201169677738c06802d2f798383c256c690898a663b0aeb519491057f9f24149c513abba2a4cab9934a684e5d83a34105fe6681f2b85d5ee06332d1c05c3627758442fd2fc94f5f68bb30f085cb1d31174e1461394aeef7b124291a099654d1103df3deab81e9658b5b5cc817061d688ae39e702f1d0dd420d6de931bed331960e089233b8576482e48d5b769fdfa8df02e1d098912444b324057826e1f72c26f045b2479a9b39eadfd6b2e1bd6db4057ef6b12ca385cad9a7ad82c4414e619f97dfd08a55f59053
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 53c8b54713882d4d5439511804935e
-      Version: 3
-      TBS:
-        MD5: 49e7946e133b4aaa31899adb235d3fa9
-        SHA1: f9f38ec49a6ccb990805be6dda0efa5f7fe8f7e7
-        SHA256: 1bb998a806b890e3300be35de0daa1b691fa218ef3d58ee5ec1b43fd34250a74
-        SHA384: 0a2ca21b084e3b431a7150c49819934d64a8b259d5686706d879a90cc37d32005eb2bbe07558b312b1169ab8a3e3de39
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 53c8b54713882d4d5439511804935e
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 82942c060f79cefd3bf1acdf5c207561
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: fd64adcb979eef2e4f8630ae45a73bfc
-    SHA1: 1a0d5c565de911facdfcf09b2850d595d016388c
-    SHA256: 55054ac1fab3b2fb370640035d50d00ae41775c45a16d0737a11cef1da48faff
-  Company: CPUID
-  Copyright: Copyright(C) 2010 CPUID
-  CreationTimestamp: '2012-08-11 01:46:42'
-  Date: ''
-  Description: CPUID Driver
-  ExportedFunctions: ''
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - PsGetVersion
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeTickCount
-  - KeBugCheckEx
-  - IofCompleteRequest
-  - MmMapIoSpace
-  - MmUnmapIoSpace
-  - ProbeForWrite
-  - IoDeleteDevice
-  - RtlInitUnicodeString
-  - IoDeleteSymbolicLink
-  - DbgPrint
-  - RtlUnwindEx
-  - RtlPcToFileHeader
-  - READ_PORT_USHORT
-  - WRITE_PORT_ULONG
-  - HalGetBusDataByOffset
-  - HalSetBusDataByOffset
-  - READ_PORT_UCHAR
-  - HalCallPal
-  - WRITE_PORT_UCHAR
-  - KeStallExecutionProcessor
-  - WRITE_PORT_USHORT
-  - READ_PORT_ULONG
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: cpuz.sys
-  MD5: 9cc757a18b86408efc1ce3ed20cbcdac
-  MachineType: IA64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: cpuz.sys
-  PDBPath: ''
-  Product: CPUID service
-  ProductVersion: 6.1.7600.16385
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 47b2a19a0bf08e5769f7bdfd98c8a71e
-    SHA1: f89341892b2acf5730167b723170d50c46e93826
-    SHA256: 8de6c8ffefb1157ad187eea8b407e3d1b36def67cc220c87bd809b2bd98758f3
-  SHA1: 377f7e7382908690189aede31fcdd532baa186b5
-  SHA256: 636b4c1882bcdd19b56370e2ed744e059149c64c96de64ac595f20509efa6220
-  Sections:
-    .text:
-      Entropy: 5.408041404846556
-      Virtual Size: '0x3a20'
-    .rdata:
-      Entropy: 4.139975413196964
-      Virtual Size: '0x3d8'
-    .pdata:
-      Entropy: 3.311727855519807
-      Virtual Size: '0xb4'
-    .sdata:
-      Entropy: 1.1785140654177764
-      Virtual Size: '0x2a0'
-    INIT:
-      Entropy: 5.04926101789341
-      Virtual Size: '0x3fc'
-    .rsrc:
-      Entropy: 3.3976217041631593
-      Virtual Size: '0x350'
-    .reloc:
-      Entropy: 0.9556392745193011
-      Virtual Size: '0x16e'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G3
-      ValidFrom: '2012-05-01 00:00:00'
-      ValidTo: '2012-12-31 23:59:59'
-      Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
-      Version: 3
-      TBS:
-        MD5: e6d820afb23af20a65cf0b03247ea05e
-        SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
-        SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
-        SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=CPUID
-      ValidFrom: '2012-01-06 00:00:00'
-      ValidTo: '2015-02-06 23:59:59'
-      Signature: be6fb3b3b33e9108a9a2273d1cf5eb3209a8c3a86ba7d66069393587f6b451b75b327ea15d36b1604aad5509c0ace37fa66e220b35764b9c201169677738c06802d2f798383c256c690898a663b0aeb519491057f9f24149c513abba2a4cab9934a684e5d83a34105fe6681f2b85d5ee06332d1c05c3627758442fd2fc94f5f68bb30f085cb1d31174e1461394aeef7b124291a099654d1103df3deab81e9658b5b5cc817061d688ae39e702f1d0dd420d6de931bed331960e089233b8576482e48d5b769fdfa8df02e1d098912444b324057826e1f72c26f045b2479a9b39eadfd6b2e1bd6db4057ef6b12ca385cad9a7ad82c4414e619f97dfd08a55f59053
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 53c8b54713882d4d5439511804935e
-      Version: 3
-      TBS:
-        MD5: 49e7946e133b4aaa31899adb235d3fa9
-        SHA1: f9f38ec49a6ccb990805be6dda0efa5f7fe8f7e7
-        SHA256: 1bb998a806b890e3300be35de0daa1b691fa218ef3d58ee5ec1b43fd34250a74
-        SHA384: 0a2ca21b084e3b431a7150c49819934d64a8b259d5686706d879a90cc37d32005eb2bbe07558b312b1169ab8a3e3de39
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 53c8b54713882d4d5439511804935e
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: d5e7fc56a905088dbc79b8e27b98faea
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 4152ac0d4c53e0e3b420847564e9177a
-    SHA1: d18710d885b25c834185e1929dbd7d63b1d1b621
-    SHA256: e3d9b90e2a1a6e997dd3e3ed6b05aa3230d8ca3c25477b847dbe163c0367cc7e
-  Company: CPUID
-  Copyright: Copyright(C) 2016 CPUID
-  CreationTimestamp: '2016-10-05 03:54:40'
-  Date: ''
-  Description: CPUID Driver
-  ExportedFunctions: ''
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - PsGetVersion
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeTickCount
-  - KeBugCheckEx
-  - IofCompleteRequest
-  - MmMapIoSpace
-  - MmUnmapIoSpace
-  - ProbeForWrite
-  - IoDeleteDevice
-  - RtlInitUnicodeString
-  - IoDeleteSymbolicLink
-  - RtlUnwindEx
-  - RtlPcToFileHeader
-  - READ_PORT_USHORT
-  - WRITE_PORT_ULONG
-  - HalGetBusDataByOffset
-  - HalSetBusDataByOffset
-  - READ_PORT_UCHAR
-  - HalCallPal
-  - WRITE_PORT_UCHAR
-  - KeStallExecutionProcessor
-  - WRITE_PORT_USHORT
-  - READ_PORT_ULONG
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: cpuz.sys
-  MD5: 279f3b94c2b9ab5911515bc3e0ecf175
-  MachineType: IA64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: cpuz.sys
-  PDBPath: ''
-  Product: CPUID service
-  ProductVersion: 6.1.7600.16385
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 756be87f8c768cb8bfd02af932dd7589
-    SHA1: 16c2ebba52ba9fb0ef5570c1d620daaaee63865a
-    SHA256: 48acdfbe5ad27d73c0fd9b115a49420f182d146bca52797ce33cc2a061ff0ced
-  SHA1: 49d58f7565bacf10539bc63f1d2fe342b3c3d85a
-  SHA256: 78d49094913526340d8d0ef952e8fe9ada9e8b20726b77fb88c9fb5d54510663
-  Sections:
-    .text:
-      Entropy: 5.3821533128637515
-      Virtual Size: '0x4080'
-    .rdata:
-      Entropy: 4.079787075524782
-      Virtual Size: '0x430'
-    .pdata:
-      Entropy: 3.3686529491569175
-      Virtual Size: '0xcc'
-    .sdata:
-      Entropy: 1.1203888318125959
-      Virtual Size: '0x420'
-    INIT:
-      Entropy: 5.0154033944534415
-      Virtual Size: '0x3e8'
-    .rsrc:
-      Entropy: 3.376659182007881
-      Virtual Size: '0x350'
-    .reloc:
-      Entropy: 0.9037311282531212
-      Virtual Size: '0x184'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, CN=CPUID
-      ValidFrom: '2014-12-02 00:00:00'
-      ValidTo: '2018-03-02 23:59:59'
-      Signature: a59808b35f916a1201f0987b958aaaf50b81f3e507cf9d1b902bc22787244617e38069e4ca74bcf505dfdfeb6bad8bee2ecba26a428c2b26c9b9987241b50ccfd895a7335b35534c5569fdef2554d773cb3b20f10e08eeff2701d2a3e8ef7c5bb759baf1995d1580dce4f0c5da90eff4f07e01e7c9273b24c14c514f2ae1d1fe940dd53bfa25572cd6f3c007c7f21aebc58ea32ca3aea83c731419c9dcc191158cbb52b0b70545a16c9b42aadd4dcb167443d6c15fa03ae7f6f0f644845a69cb8badb3f143fd916a70c5008c3486d1f0cc8e0527f76da5aeaca4925f6eb6861dd54e1ce8b80e6b000446d77ac8bd0299e38db3b8e4a9c43294367cd6a55351d0
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 2d8021d84f098e7abde199f818e211a4
-      Version: 3
-      TBS:
-        MD5: 8f8c7ccf1ef7e1ee347f49e8266008ca
-        SHA1: b856b993df73da9d824aa1e5161788bd10d1e10e
-        SHA256: 1dd13a417806106c76cfbcd3614fe27a0638d2aaf2731f6a110c05043e34ad91
-        SHA384: d24ede407b82f80a6f0703b59af267f227a956c21f642f4c3d717d6999728ba2acfde76966340f4334f8ecdcf294616e
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 2d8021d84f098e7abde199f818e211a4
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: a2d936fa82b7340d28a697fb344046d8
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 56af9cdaf915fbf939af77ea54140880
-    SHA1: 6d7835bc8f5e22c996a35c68f4806bfdbc04979f
-    SHA256: ab6c6a6a4d7ae58cbbc63283699aaf59cf6ecddf56eba0933178732f2664abcd
-  Company: CPUID
-  Copyright: Copyright(C) 2010 CPUID
-  CreationTimestamp: '2012-03-09 01:55:45'
-  Date: ''
-  Description: CPUID Driver
-  ExportedFunctions: ''
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - IofCompleteRequest
-  - ExFreePool
-  - ExAllocatePoolWithTag
-  - RtlFreeUnicodeString
-  - ObfDereferenceObject
-  - MmIsAddressValid
-  - IoGetDeviceObjectPointer
-  - MmUnmapIoSpace
-  - RtlInitAnsiString
-  - MmMapIoSpace
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - RtlUnwind
-  - KeTickCount
-  - KeBugCheckEx
-  - RtlInitUnicodeString
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - PsGetVersion
-  - KeInitializeEvent
-  - IoBuildDeviceIoControlRequest
-  - IofCallDriver
-  - KeWaitForSingleObject
-  - RtlAnsiStringToUnicodeString
-  - IoCancelIrp
-  - READ_PORT_USHORT
-  - READ_PORT_ULONG
-  - WRITE_PORT_UCHAR
-  - WRITE_PORT_USHORT
-  - WRITE_PORT_ULONG
-  - HalGetBusDataByOffset
-  - HalSetBusDataByOffset
-  - KeStallExecutionProcessor
-  - READ_PORT_UCHAR
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: cpuz.sys
-  MD5: 8b47c5580b130dd3f580af09323bc949
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: cpuz.sys
-  PDBPath: ''
-  Product: CPUID service
-  ProductVersion: 6.1.7600.16385
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 41f15d0f328a165973b49de608ef72a2
-    SHA1: abcd9850775bd0a1a855e785a238e0e69525810f
-    SHA256: 02dc44b04a6426fcaedf26995bfa471f123a90a9c747e82cebaf95f394890631
-  SHA1: 0d27a3166575ec5983ec58de2591552cfa90ef92
-  SHA256: b01ebea651ec7780d0fe88dd1b6c2500a36dacf85e3a4038c2ca1c5cb44c7b5d
-  Sections:
-    .text:
-      Entropy: 6.217408305730309
-      Virtual Size: '0x2750'
-    .rdata:
-      Entropy: 4.5582967792228475
-      Virtual Size: '0x2f0'
-    .data:
-      Entropy: 0.335842300318532
-      Virtual Size: '0x1e0'
-    INIT:
-      Entropy: 5.41983369153965
-      Virtual Size: '0x3f4'
-    .rsrc:
-      Entropy: 3.3927376128305218
-      Virtual Size: '0x350'
-    .reloc:
-      Entropy: 5.573643819691654
-      Virtual Size: '0x254'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=CPUID
-      ValidFrom: '2012-01-06 00:00:00'
-      ValidTo: '2015-02-06 23:59:59'
-      Signature: be6fb3b3b33e9108a9a2273d1cf5eb3209a8c3a86ba7d66069393587f6b451b75b327ea15d36b1604aad5509c0ace37fa66e220b35764b9c201169677738c06802d2f798383c256c690898a663b0aeb519491057f9f24149c513abba2a4cab9934a684e5d83a34105fe6681f2b85d5ee06332d1c05c3627758442fd2fc94f5f68bb30f085cb1d31174e1461394aeef7b124291a099654d1103df3deab81e9658b5b5cc817061d688ae39e702f1d0dd420d6de931bed331960e089233b8576482e48d5b769fdfa8df02e1d098912444b324057826e1f72c26f045b2479a9b39eadfd6b2e1bd6db4057ef6b12ca385cad9a7ad82c4414e619f97dfd08a55f59053
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 53c8b54713882d4d5439511804935e
-      Version: 3
-      TBS:
-        MD5: 49e7946e133b4aaa31899adb235d3fa9
-        SHA1: f9f38ec49a6ccb990805be6dda0efa5f7fe8f7e7
-        SHA256: 1bb998a806b890e3300be35de0daa1b691fa218ef3d58ee5ec1b43fd34250a74
-        SHA384: 0a2ca21b084e3b431a7150c49819934d64a8b259d5686706d879a90cc37d32005eb2bbe07558b312b1169ab8a3e3de39
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 53c8b54713882d4d5439511804935e
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 958dd67f866ae27cf716e30a025b266f
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: e06d3f875b4239e9ac66ba6d59fd1431
-    SHA1: 0e3d49d0718f03d34281b2de51542c0496d060be
-    SHA256: 19e80663f055a038621c6de731151e4e8d6f42fde359efaf2ddeb49c62e317c4
-  Company: Windows (R) Codename Longhorn DDK provider
-  Copyright: "\xA9 Microsoft Corporation. All rights reserved."
-  CreationTimestamp: '2008-10-07 13:44:27'
-  Date: ''
-  Description: CPUID Driver
-  ExportedFunctions: ''
-  FileVersion: '6.0.6000.16386 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - IoDeleteSymbolicLink
-  - IoCreateSymbolicLink
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - RtlAnsiStringToUnicodeString
-  - RtlFreeUnicodeString
-  - IoCreateDevice
-  - IofCallDriver
-  - IoGetDeviceObjectPointer
-  - IoBuildDeviceIoControlRequest
-  - IoDeleteDevice
-  - ProbeForWrite
-  - MmMapIoSpace
-  - KeInitializeEvent
-  - RtlInitAnsiString
-  - IofCompleteRequest
-  - KeWaitForSingleObject
-  - KeBugCheckEx
-  - MmUnmapIoSpace
-  - RtlInitUnicodeString
-  - PsGetVersion
-  - RtlUnwindEx
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: cpuz.sys
-  MD5: d011d5fecdc94754bf02014cb229d6bc
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: cpuz.sys
-  PDBPath: ''
-  Product: Windows (R) Codename Longhorn DDK driver
-  ProductVersion: 6.0.6000.16386
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 6633dd48aea31e9c4821fbc652e4701e
-    SHA1: 3fb6cdbdaa8959e6a79305a74981751e06506a6f
-    SHA256: 63b15db03090d5e7ba52906b2854fba693e17a5fac179397bd55f91e49d28859
-  SHA1: 7d34bb240cb5dec51ffcc7bf062c8d613819ac30
-  SHA256: 84c5f6ddd9c90de873236205b59921caabb57ac6f7a506abbe2ce188833bbe51
-  Sections:
-    .text:
-      Entropy: 6.085404381375008
-      Virtual Size: '0x1916'
-    .rdata:
-      Entropy: 4.313355264022911
-      Virtual Size: '0x340'
-    .data:
-      Entropy: 0.378703493487675
-      Virtual Size: '0x2c0'
-    .pdata:
-      Entropy: 3.460783502147893
-      Virtual Size: '0x78'
-    INIT:
-      Entropy: 4.945456847123696
-      Virtual Size: '0x388'
-    .rsrc:
-      Entropy: 3.3865251210369607
-      Virtual Size: '0x400'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=CPUID
-      ValidFrom: '2007-02-08 00:00:00'
-      ValidTo: '2009-02-07 23:59:59'
-      Signature: 6ca08361ce69863ade5289039d2e6eaf79729d950a57fc32158e56bc0bfc05ca3b76263b8e8a5e2279522eceed35495c697a2f1b1631e1a4f997c8b2e14cd08a3b4aaeca9f150126f5933e6a29fde1e3ef607f452219582ac034c3f95023fd6c5474008ecea3aab5ba096ae73a3dd76b296d3c8b06a72ca763698e49474d624c22ad57a3d11342be8a6d2a49e4af5893003fcf02900a0fbf4854858cc0468d23b9917cfe59ac8b7058de49ab25bbca0bc67f1f367309deed4827295173fad53932d12ad79b8c70175e640f7917fd60940be86d1af397dd5eb0ecb9e92f9e3dc03f2cbf51e9776b31a8cba38fabd8b27e561f66a5ddad46546d6bc984a6a8d8bc
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 10e29d74903d9c7cd58caa35a0944770
-      Version: 3
-      TBS:
-        MD5: 5e3b5587eb8c553dc279bb241c30689d
-        SHA1: 5b5631ff0033ed753a5c630a4d8d48772050db32
-        SHA256: 9b30d9d9f9fd9c0480c0503dd4ac86649d2cc180d1401ade6dd8048356d7f634
-        SHA384: 1886034ac8dc819ed45b8b48b0225cdb142d53d61bda992ee7e4923276c3c36dffbb0f8d929e1ad20c3437709df2399a
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 10e29d74903d9c7cd58caa35a0944770
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  Imphash: cb8db41ab8c06472574e58b9466f4070
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create cpuz.sys binPath=C:\windows\temp\cpuz.sys type=kernel &&
+        sc.exe start cpuz.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://github.com/elastic/protections-artifacts/search?q=VulnDriver
-Tags:
-- cpuz.sys
-Verified: 'TRUE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/8c95d28270a4a314299cf50f05dcbe63033b2a555195d2ad2f678e09e00393e6.yara
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: d69ba595980ae05f25cf1a43195d7b1d
+        SHA1: e58a98dc42fb6c4817acd01c2049258f2dfdff0e
+        SHA256: baec06b150e0298136275860ecb0aae08a9bd731ef14d255fc729c4bd7e4d832
+    Company: Windows (R) Codename Longhorn DDK provider
+    Copyright: "\xA9 Microsoft Corporation. All rights reserved."
+    CreationTimestamp: '2007-02-10 13:14:24'
+    Date: ''
+    Description: CPU-Z Driver
+    ExportedFunctions: ''
+    FileVersion: '6.0.6000.16386 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - PsGetVersion
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeBugCheckEx
+    - RtlUnwindEx
+    Imports:
+    - ntoskrnl.exe
+    InternalName: cpuz.sys
+    MD5: b0809d8adc254c52f9d06362489ce474
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: cpuz.sys
+    PDBPath: ''
+    Product: Windows (R) Codename Longhorn DDK driver
+    ProductVersion: 6.0.6000.16386
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: bd0558043c8e080a66e4253666539e67
+        SHA1: 32417b0a544c70bb6c39bfe4fea8fffefc27c287
+        SHA256: e15effe07957252ea7419024f3438239cb3d93ef7319b0d929b887ed33f8c153
+    SHA1: 43011eb72be4775fec37aa436753c4d6827395d1
+    SHA256: eaa5dae373553024d7294105e4e07d996f3a8bd47c770cdf8df79bf57619a8cd
+    Sections:
+        .text:
+            Entropy: 6.29679164755045
+            Virtual Size: '0x1256'
+        .rdata:
+            Entropy: 4.716864547788463
+            Virtual Size: '0x1d4'
+        .data:
+            Entropy: 0.6099523004172788
+            Virtual Size: '0x124'
+        .pdata:
+            Entropy: 3.200307705979818
+            Virtual Size: '0x54'
+        INIT:
+            Entropy: 4.829481878189185
+            Virtual Size: '0x1d0'
+        .rsrc:
+            Entropy: 3.4033476900719424
+            Virtual Size: '0x400'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2008-12-03 23:59:59'
+            Signature: 877870da4e5201205be079c98230c4fdb91996bd9100c3bdcdcdc6f40ed8fff94dc033623011c5f5741bd492de5f9c2013b17c45be50cd83e7801783a72793671346fbcab8984103cc9b515b058b7fa86ff31b501b242ef2698d6c22f7bbca1695ed0c74c06877d9eb996287c17390f889747a23aba3987b97b1f78f29714d2e751b4841daf0b50d2054d677a097826369fd09cf8af075bb099bd9f91155269a6132be7a02b07b86bea2c38b222c78d13576bc92735cf9b9e64c150a23cce4d2d4342e4940153c0f607a24c6a566ef96cf70eb3ee7f40d7edcd17ca3767169c19c4f47303521b1a2af1a623c2bd98eaa2a077bd818b35c7be29da56ffe3c89ad
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0de92bf0d4d82988183205095e9a7688
+            Version: 3
+            TBS:
+                MD5: 45c204b8a20f6abb0188d2d38a3fb0c9
+                SHA1: cdf3a3c5c2eda4c29621f30fd3154f9f8c765739
+                SHA256: e32839dddc0f4ed2474efaf37f59d46db400c700fd19533cb0895a111124bc77
+                SHA384: ee9c75832cb252218b3201619852209df490d2ef7a5f7a28afdb37f1c1dd56f4604898838e558f615b1c798d4a488223
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=CPUID
+            ValidFrom: '2007-02-08 00:00:00'
+            ValidTo: '2009-02-07 23:59:59'
+            Signature: 6ca08361ce69863ade5289039d2e6eaf79729d950a57fc32158e56bc0bfc05ca3b76263b8e8a5e2279522eceed35495c697a2f1b1631e1a4f997c8b2e14cd08a3b4aaeca9f150126f5933e6a29fde1e3ef607f452219582ac034c3f95023fd6c5474008ecea3aab5ba096ae73a3dd76b296d3c8b06a72ca763698e49474d624c22ad57a3d11342be8a6d2a49e4af5893003fcf02900a0fbf4854858cc0468d23b9917cfe59ac8b7058de49ab25bbca0bc67f1f367309deed4827295173fad53932d12ad79b8c70175e640f7917fd60940be86d1af397dd5eb0ecb9e92f9e3dc03f2cbf51e9776b31a8cba38fabd8b27e561f66a5ddad46546d6bc984a6a8d8bc
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 10e29d74903d9c7cd58caa35a0944770
+            Version: 3
+            TBS:
+                MD5: 5e3b5587eb8c553dc279bb241c30689d
+                SHA1: 5b5631ff0033ed753a5c630a4d8d48772050db32
+                SHA256: 9b30d9d9f9fd9c0480c0503dd4ac86649d2cc180d1401ade6dd8048356d7f634
+                SHA384: 1886034ac8dc819ed45b8b48b0225cdb142d53d61bda992ee7e4923276c3c36dffbb0f8d929e1ad20c3437709df2399a
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 10e29d74903d9c7cd58caa35a0944770
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    Imphash: 2263350df91a5a4f5e10e68b3b822029
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: bc927975792f67bfeda2d3c8fdf68b49
+        SHA1: 23fdc7c76424fc100c74af895228c45376000728
+        SHA256: c84b0dbc0024c88c61a06d0aa7663a17a15e7c062f185811c5d85e1155e25aeb
+    Company: CPUID
+    Copyright: Copyright(C) 2012 CPUID
+    CreationTimestamp: '2013-05-10 06:41:58'
+    Date: ''
+    Description: CPUID Driver
+    ExportedFunctions: ''
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - IofCompleteRequest
+    - ExFreePool
+    - ExAllocatePoolWithTag
+    - RtlFreeUnicodeString
+    - ObfDereferenceObject
+    - MmIsAddressValid
+    - IoGetDeviceObjectPointer
+    - MmUnmapIoSpace
+    - RtlInitAnsiString
+    - MmMapIoSpace
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - RtlUnwind
+    - KeTickCount
+    - KeBugCheckEx
+    - RtlInitUnicodeString
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - PsGetVersion
+    - KeInitializeEvent
+    - IoBuildDeviceIoControlRequest
+    - IofCallDriver
+    - KeWaitForSingleObject
+    - RtlAnsiStringToUnicodeString
+    - IoCancelIrp
+    - READ_PORT_USHORT
+    - READ_PORT_ULONG
+    - WRITE_PORT_UCHAR
+    - WRITE_PORT_USHORT
+    - WRITE_PORT_ULONG
+    - HalGetBusDataByOffset
+    - HalSetBusDataByOffset
+    - KeStallExecutionProcessor
+    - READ_PORT_UCHAR
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: cpuz.sys
+    MD5: 0e14b69dcf67c20343f85f9fdb5b9300
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: cpuz.sys
+    PDBPath: ''
+    Product: CPUID service
+    ProductVersion: 6.1.7600.16385
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 41f15d0f328a165973b49de608ef72a2
+        SHA1: abcd9850775bd0a1a855e785a238e0e69525810f
+        SHA256: 02dc44b04a6426fcaedf26995bfa471f123a90a9c747e82cebaf95f394890631
+    SHA1: bb1f9cc94e83c59c90b055fe13bb4604b2c624df
+    SHA256: 3813c1aab1760acb963bcc10d6ea3fddc2976b9e291710756408de392bc9e5d5
+    Sections:
+        .text:
+            Entropy: 6.178915961557228
+            Virtual Size: '0x27b0'
+        .rdata:
+            Entropy: 4.662787288256179
+            Virtual Size: '0x2c0'
+        .data:
+            Entropy: 0.335842300318532
+            Virtual Size: '0x1e0'
+        INIT:
+            Entropy: 5.4178574069546706
+            Virtual Size: '0x3f4'
+        .rsrc:
+            Entropy: 3.391941258882184
+            Virtual Size: '0x350'
+        .reloc:
+            Entropy: 5.39741845115168
+            Virtual Size: '0x236'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=CPUID
+            ValidFrom: '2012-01-06 00:00:00'
+            ValidTo: '2015-02-06 23:59:59'
+            Signature: be6fb3b3b33e9108a9a2273d1cf5eb3209a8c3a86ba7d66069393587f6b451b75b327ea15d36b1604aad5509c0ace37fa66e220b35764b9c201169677738c06802d2f798383c256c690898a663b0aeb519491057f9f24149c513abba2a4cab9934a684e5d83a34105fe6681f2b85d5ee06332d1c05c3627758442fd2fc94f5f68bb30f085cb1d31174e1461394aeef7b124291a099654d1103df3deab81e9658b5b5cc817061d688ae39e702f1d0dd420d6de931bed331960e089233b8576482e48d5b769fdfa8df02e1d098912444b324057826e1f72c26f045b2479a9b39eadfd6b2e1bd6db4057ef6b12ca385cad9a7ad82c4414e619f97dfd08a55f59053
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 53c8b54713882d4d5439511804935e
+            Version: 3
+            TBS:
+                MD5: 49e7946e133b4aaa31899adb235d3fa9
+                SHA1: f9f38ec49a6ccb990805be6dda0efa5f7fe8f7e7
+                SHA256: 1bb998a806b890e3300be35de0daa1b691fa218ef3d58ee5ec1b43fd34250a74
+                SHA384: 0a2ca21b084e3b431a7150c49819934d64a8b259d5686706d879a90cc37d32005eb2bbe07558b312b1169ab8a3e3de39
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 53c8b54713882d4d5439511804935e
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 958dd67f866ae27cf716e30a025b266f
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 562b9cc6c321c967a46f05258e263319
+        SHA1: 05719918c31d3eb19909768b5a00de35c499d532
+        SHA256: 148ca220316fe9a0af2b12ed9528273295009d8568bf4c47fbfd4605f0ce2acc
+    Company: CPUID
+    Copyright: Copyright(C) 2013 CPUID
+    CreationTimestamp: '2013-08-24 02:58:17'
+    Date: ''
+    Description: CPUID Driver
+    ExportedFunctions: ''
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - IofCompleteRequest
+    - ExFreePool
+    - ExAllocatePoolWithTag
+    - RtlFreeUnicodeString
+    - ObfDereferenceObject
+    - MmIsAddressValid
+    - IoGetDeviceObjectPointer
+    - MmUnmapIoSpace
+    - RtlInitAnsiString
+    - MmMapIoSpace
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - RtlUnwind
+    - KeTickCount
+    - KeBugCheckEx
+    - RtlInitUnicodeString
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - PsGetVersion
+    - KeInitializeEvent
+    - IoBuildDeviceIoControlRequest
+    - IofCallDriver
+    - KeWaitForSingleObject
+    - RtlAnsiStringToUnicodeString
+    - IoCancelIrp
+    - READ_PORT_USHORT
+    - READ_PORT_ULONG
+    - WRITE_PORT_UCHAR
+    - WRITE_PORT_USHORT
+    - WRITE_PORT_ULONG
+    - HalGetBusDataByOffset
+    - HalSetBusDataByOffset
+    - KeStallExecutionProcessor
+    - READ_PORT_UCHAR
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: cpuz.sys
+    MD5: 6f5cf7feb9bb8108b68f169b8e625ffe
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: cpuz.sys
+    PDBPath: ''
+    Product: CPUID service
+    ProductVersion: 6.1.7600.16385
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 41f15d0f328a165973b49de608ef72a2
+        SHA1: abcd9850775bd0a1a855e785a238e0e69525810f
+        SHA256: 02dc44b04a6426fcaedf26995bfa471f123a90a9c747e82cebaf95f394890631
+    SHA1: 6df42ea7c0e6ee02062bf9ca2aa4aa5cd3775274
+    SHA256: b4c07f7e7c87518e8950eb0651ae34832b1ecee56c89cdfbd1b4efa8cf97779f
+    Sections:
+        .text:
+            Entropy: 6.1949781438911655
+            Virtual Size: '0x2860'
+        .rdata:
+            Entropy: 4.611976907005874
+            Virtual Size: '0x2c0'
+        .data:
+            Entropy: 0.335842300318532
+            Virtual Size: '0x1e0'
+        INIT:
+            Entropy: 5.42180997612463
+            Virtual Size: '0x3f4'
+        .rsrc:
+            Entropy: 3.391941258882184
+            Virtual Size: '0x350'
+        .reloc:
+            Entropy: 5.431068617797713
+            Virtual Size: '0x234'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=CPUID
+            ValidFrom: '2012-01-06 00:00:00'
+            ValidTo: '2015-02-06 23:59:59'
+            Signature: be6fb3b3b33e9108a9a2273d1cf5eb3209a8c3a86ba7d66069393587f6b451b75b327ea15d36b1604aad5509c0ace37fa66e220b35764b9c201169677738c06802d2f798383c256c690898a663b0aeb519491057f9f24149c513abba2a4cab9934a684e5d83a34105fe6681f2b85d5ee06332d1c05c3627758442fd2fc94f5f68bb30f085cb1d31174e1461394aeef7b124291a099654d1103df3deab81e9658b5b5cc817061d688ae39e702f1d0dd420d6de931bed331960e089233b8576482e48d5b769fdfa8df02e1d098912444b324057826e1f72c26f045b2479a9b39eadfd6b2e1bd6db4057ef6b12ca385cad9a7ad82c4414e619f97dfd08a55f59053
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 53c8b54713882d4d5439511804935e
+            Version: 3
+            TBS:
+                MD5: 49e7946e133b4aaa31899adb235d3fa9
+                SHA1: f9f38ec49a6ccb990805be6dda0efa5f7fe8f7e7
+                SHA256: 1bb998a806b890e3300be35de0daa1b691fa218ef3d58ee5ec1b43fd34250a74
+                SHA384: 0a2ca21b084e3b431a7150c49819934d64a8b259d5686706d879a90cc37d32005eb2bbe07558b312b1169ab8a3e3de39
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 53c8b54713882d4d5439511804935e
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 958dd67f866ae27cf716e30a025b266f
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 2c2e50591e0d14b0c72d40134f79dda4
+        SHA1: 2c5a4836fd3a2a868ad5940747b3e23b112f25b1
+        SHA256: b1375cb06b0e1ec47e3afea13824cff8f3d9d995960556c0795e9bec0fe48b70
+    Company: CPUID
+    Copyright: Copyright(C) 2012 CPUID
+    CreationTimestamp: '2012-10-27 12:10:43'
+    Date: ''
+    Description: CPUID Driver
+    ExportedFunctions: ''
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - IofCompleteRequest
+    - ExFreePool
+    - ExAllocatePoolWithTag
+    - RtlFreeUnicodeString
+    - ObfDereferenceObject
+    - MmIsAddressValid
+    - IoGetDeviceObjectPointer
+    - MmUnmapIoSpace
+    - RtlInitAnsiString
+    - MmMapIoSpace
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - RtlUnwind
+    - KeTickCount
+    - KeBugCheckEx
+    - RtlInitUnicodeString
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - PsGetVersion
+    - KeInitializeEvent
+    - IoBuildDeviceIoControlRequest
+    - IofCallDriver
+    - KeWaitForSingleObject
+    - RtlAnsiStringToUnicodeString
+    - IoCancelIrp
+    - READ_PORT_USHORT
+    - READ_PORT_ULONG
+    - WRITE_PORT_UCHAR
+    - WRITE_PORT_USHORT
+    - WRITE_PORT_ULONG
+    - HalGetBusDataByOffset
+    - HalSetBusDataByOffset
+    - KeStallExecutionProcessor
+    - READ_PORT_UCHAR
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: cpuz.sys
+    MD5: 2da269863ed99be7b6b8ec2adc710648
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: cpuz.sys
+    PDBPath: ''
+    Product: CPUID service
+    ProductVersion: 6.1.7600.16385
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 41f15d0f328a165973b49de608ef72a2
+        SHA1: abcd9850775bd0a1a855e785a238e0e69525810f
+        SHA256: 02dc44b04a6426fcaedf26995bfa471f123a90a9c747e82cebaf95f394890631
+    SHA1: 016aa643fbd8e10484741436bcacc0d9eee483c8
+    SHA256: 68671b735716ffc168addc052c5dc3d635e63e71c1e78815e7874286c3fcc248
+    Sections:
+        .text:
+            Entropy: 6.1850377511861385
+            Virtual Size: '0x2720'
+        .rdata:
+            Entropy: 4.631958539046656
+            Virtual Size: '0x2c0'
+        .data:
+            Entropy: 0.335842300318532
+            Virtual Size: '0x1e0'
+        INIT:
+            Entropy: 5.4138482125603415
+            Virtual Size: '0x3f4'
+        .rsrc:
+            Entropy: 3.391941258882184
+            Virtual Size: '0x350'
+        .reloc:
+            Entropy: 5.465598053010044
+            Virtual Size: '0x230'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G3
+            ValidFrom: '2012-05-01 00:00:00'
+            ValidTo: '2012-12-31 23:59:59'
+            Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
+            Version: 3
+            TBS:
+                MD5: e6d820afb23af20a65cf0b03247ea05e
+                SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
+                SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
+                SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=CPUID
+            ValidFrom: '2012-01-06 00:00:00'
+            ValidTo: '2015-02-06 23:59:59'
+            Signature: be6fb3b3b33e9108a9a2273d1cf5eb3209a8c3a86ba7d66069393587f6b451b75b327ea15d36b1604aad5509c0ace37fa66e220b35764b9c201169677738c06802d2f798383c256c690898a663b0aeb519491057f9f24149c513abba2a4cab9934a684e5d83a34105fe6681f2b85d5ee06332d1c05c3627758442fd2fc94f5f68bb30f085cb1d31174e1461394aeef7b124291a099654d1103df3deab81e9658b5b5cc817061d688ae39e702f1d0dd420d6de931bed331960e089233b8576482e48d5b769fdfa8df02e1d098912444b324057826e1f72c26f045b2479a9b39eadfd6b2e1bd6db4057ef6b12ca385cad9a7ad82c4414e619f97dfd08a55f59053
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 53c8b54713882d4d5439511804935e
+            Version: 3
+            TBS:
+                MD5: 49e7946e133b4aaa31899adb235d3fa9
+                SHA1: f9f38ec49a6ccb990805be6dda0efa5f7fe8f7e7
+                SHA256: 1bb998a806b890e3300be35de0daa1b691fa218ef3d58ee5ec1b43fd34250a74
+                SHA384: 0a2ca21b084e3b431a7150c49819934d64a8b259d5686706d879a90cc37d32005eb2bbe07558b312b1169ab8a3e3de39
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 53c8b54713882d4d5439511804935e
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 958dd67f866ae27cf716e30a025b266f
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 492e80d8c5bab03079565efdad04a25c
+        SHA1: 99c0f8e7ea48857bd8d0c1ac39123a28d2fea7ce
+        SHA256: 67b4d4995c9a054e90af05d7e04baf39759c478a519a3c729cbf6ffb041ae7cb
+    Company: CPUID
+    Copyright: Copyright(C) 2014 CPUID
+    CreationTimestamp: '2014-08-11 07:27:34'
+    Date: ''
+    Description: CPUID Driver
+    ExportedFunctions: ''
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - RtlAnsiStringToUnicodeString
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeInitializeEvent
+    - RtlInitAnsiString
+    - MmUnmapIoSpace
+    - IoCancelIrp
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - ExFreePoolWithTag
+    - IofCompleteRequest
+    - KeWaitForSingleObject
+    - PsGetVersion
+    - IoCreateSymbolicLink
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - IofCallDriver
+    - KeBugCheckEx
+    - IoDeleteSymbolicLink
+    - IoBuildDeviceIoControlRequest
+    - MmMapIoSpace
+    - ExAllocatePoolWithTag
+    - RtlUnwindEx
+    - HalSetBusDataByOffset
+    - KeStallExecutionProcessor
+    - HalGetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: cpuz.sys
+    MD5: 1b76363059fef4f7da752eb0dfb0c1e1
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: cpuz.sys
+    PDBPath: ''
+    Product: CPUID service
+    ProductVersion: 6.1.7600.16385
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 685a19a8e9f46a76067db83da501dca0
+        SHA1: 5f76e4cf5157450837536db016e9981cb41394d2
+        SHA256: 1a0c69ff029488d41c7d9413943c28d389016adb26698d9baf02c6f32739d591
+    SHA1: 862387e84baaf506c10080620cc46df2bda03eea
+    SHA256: f7e0cca8ad9ea1e34fa1a5e0533a746b2fa0988ba56b01542bc43841e463b686
+    Sections:
+        .text:
+            Entropy: 6.183536514789665
+            Virtual Size: '0x2fe6'
+        .rdata:
+            Entropy: 4.171435127029681
+            Virtual Size: '0x434'
+        .data:
+            Entropy: 0.378703493487675
+            Virtual Size: '0x2c0'
+        .pdata:
+            Entropy: 3.6206191013715263
+            Virtual Size: '0xd8'
+        INIT:
+            Entropy: 5.075842952801464
+            Virtual Size: '0x406'
+        .rsrc:
+            Entropy: 3.3938887641350184
+            Virtual Size: '0x350'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=CPUID
+            ValidFrom: '2012-01-06 00:00:00'
+            ValidTo: '2015-02-06 23:59:59'
+            Signature: be6fb3b3b33e9108a9a2273d1cf5eb3209a8c3a86ba7d66069393587f6b451b75b327ea15d36b1604aad5509c0ace37fa66e220b35764b9c201169677738c06802d2f798383c256c690898a663b0aeb519491057f9f24149c513abba2a4cab9934a684e5d83a34105fe6681f2b85d5ee06332d1c05c3627758442fd2fc94f5f68bb30f085cb1d31174e1461394aeef7b124291a099654d1103df3deab81e9658b5b5cc817061d688ae39e702f1d0dd420d6de931bed331960e089233b8576482e48d5b769fdfa8df02e1d098912444b324057826e1f72c26f045b2479a9b39eadfd6b2e1bd6db4057ef6b12ca385cad9a7ad82c4414e619f97dfd08a55f59053
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 53c8b54713882d4d5439511804935e
+            Version: 3
+            TBS:
+                MD5: 49e7946e133b4aaa31899adb235d3fa9
+                SHA1: f9f38ec49a6ccb990805be6dda0efa5f7fe8f7e7
+                SHA256: 1bb998a806b890e3300be35de0daa1b691fa218ef3d58ee5ec1b43fd34250a74
+                SHA384: 0a2ca21b084e3b431a7150c49819934d64a8b259d5686706d879a90cc37d32005eb2bbe07558b312b1169ab8a3e3de39
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 53c8b54713882d4d5439511804935e
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 82942c060f79cefd3bf1acdf5c207561
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 27d08cb8b1f2a78da7121170b53bdbb8
+        SHA1: 98de5c1a5aaaaf957ee912ad93009106abdb4530
+        SHA256: 2c27ad462ed0e16252b834cf0c76b1c5085ad9b7b6a13f67d1d2471177f1b177
+    Company: CPUID
+    Copyright: Copyright(C) 2013 CPUID
+    CreationTimestamp: '2013-07-26 07:40:20'
+    Date: ''
+    Description: CPUID Driver
+    ExportedFunctions: ''
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - RtlAnsiStringToUnicodeString
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeInitializeEvent
+    - RtlInitAnsiString
+    - MmUnmapIoSpace
+    - IoCancelIrp
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - ExFreePoolWithTag
+    - IofCompleteRequest
+    - KeWaitForSingleObject
+    - PsGetVersion
+    - IoCreateSymbolicLink
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - IofCallDriver
+    - KeBugCheckEx
+    - IoDeleteSymbolicLink
+    - IoBuildDeviceIoControlRequest
+    - MmMapIoSpace
+    - ExAllocatePoolWithTag
+    - RtlUnwindEx
+    - HalSetBusDataByOffset
+    - KeStallExecutionProcessor
+    - HalGetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: cpuz.sys
+    MD5: d74d202646e5a6d0d2c4207e1f949826
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: cpuz.sys
+    PDBPath: ''
+    Product: CPUID service
+    ProductVersion: 6.1.7600.16385
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 685a19a8e9f46a76067db83da501dca0
+        SHA1: 5f76e4cf5157450837536db016e9981cb41394d2
+        SHA256: 1a0c69ff029488d41c7d9413943c28d389016adb26698d9baf02c6f32739d591
+    SHA1: 8d0ae69fbe0c6575b6f8caf3983dd3ddc65aadb5
+    SHA256: 65e3548bc09dffd550e79501e3fe0fee268f895908e2bba1aa5620eb9bdac52d
+    Sections:
+        .text:
+            Entropy: 6.114632106877763
+            Virtual Size: '0x2876'
+        .rdata:
+            Entropy: 4.160432361069591
+            Virtual Size: '0x3d4'
+        .data:
+            Entropy: 0.378703493487675
+            Virtual Size: '0x2c0'
+        .pdata:
+            Entropy: 3.5059142627376296
+            Virtual Size: '0xc0'
+        INIT:
+            Entropy: 5.076575853289
+            Virtual Size: '0x406'
+        .rsrc:
+            Entropy: 3.3935766621226473
+            Virtual Size: '0x350'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=CPUID
+            ValidFrom: '2012-01-06 00:00:00'
+            ValidTo: '2015-02-06 23:59:59'
+            Signature: be6fb3b3b33e9108a9a2273d1cf5eb3209a8c3a86ba7d66069393587f6b451b75b327ea15d36b1604aad5509c0ace37fa66e220b35764b9c201169677738c06802d2f798383c256c690898a663b0aeb519491057f9f24149c513abba2a4cab9934a684e5d83a34105fe6681f2b85d5ee06332d1c05c3627758442fd2fc94f5f68bb30f085cb1d31174e1461394aeef7b124291a099654d1103df3deab81e9658b5b5cc817061d688ae39e702f1d0dd420d6de931bed331960e089233b8576482e48d5b769fdfa8df02e1d098912444b324057826e1f72c26f045b2479a9b39eadfd6b2e1bd6db4057ef6b12ca385cad9a7ad82c4414e619f97dfd08a55f59053
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 53c8b54713882d4d5439511804935e
+            Version: 3
+            TBS:
+                MD5: 49e7946e133b4aaa31899adb235d3fa9
+                SHA1: f9f38ec49a6ccb990805be6dda0efa5f7fe8f7e7
+                SHA256: 1bb998a806b890e3300be35de0daa1b691fa218ef3d58ee5ec1b43fd34250a74
+                SHA384: 0a2ca21b084e3b431a7150c49819934d64a8b259d5686706d879a90cc37d32005eb2bbe07558b312b1169ab8a3e3de39
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 53c8b54713882d4d5439511804935e
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 82942c060f79cefd3bf1acdf5c207561
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 39c20781bf75e604e2debe9a259a460b
+        SHA1: c01b2b502d2c83c09c1d99b17a1a6b2484948f53
+        SHA256: e618c3484111ea363a1ecd2c5f5d4abab13f2f474c870bfa5f6edb98df66f4cc
+    Company: CPUID
+    Copyright: Copyright(C) 2013 CPUID
+    CreationTimestamp: '2013-07-12 08:55:46'
+    Date: ''
+    Description: CPUID Driver
+    ExportedFunctions: ''
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - RtlAnsiStringToUnicodeString
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeInitializeEvent
+    - RtlInitAnsiString
+    - MmUnmapIoSpace
+    - IoCancelIrp
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - ExFreePoolWithTag
+    - IofCompleteRequest
+    - KeWaitForSingleObject
+    - PsGetVersion
+    - IoCreateSymbolicLink
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - IofCallDriver
+    - KeBugCheckEx
+    - IoDeleteSymbolicLink
+    - IoBuildDeviceIoControlRequest
+    - MmMapIoSpace
+    - ExAllocatePoolWithTag
+    - RtlUnwindEx
+    - HalSetBusDataByOffset
+    - KeStallExecutionProcessor
+    - HalGetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: cpuz.sys
+    MD5: 6c28461e78f8d908ca9a66bad2e212f7
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: cpuz.sys
+    PDBPath: ''
+    Product: CPUID service
+    ProductVersion: 6.1.7600.16385
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 685a19a8e9f46a76067db83da501dca0
+        SHA1: 5f76e4cf5157450837536db016e9981cb41394d2
+        SHA256: 1a0c69ff029488d41c7d9413943c28d389016adb26698d9baf02c6f32739d591
+    SHA1: b52886433e608926a0b6e623217009e4071b107e
+    SHA256: fb1183ef22ecbcc28f9c0a351c2c0280f1312a0fdf8a9983161691e2585efc70
+    Sections:
+        .text:
+            Entropy: 6.189245074011195
+            Virtual Size: '0x2636'
+        .rdata:
+            Entropy: 4.147289236280725
+            Virtual Size: '0x3d4'
+        .data:
+            Entropy: 0.378703493487675
+            Virtual Size: '0x2c0'
+        .pdata:
+            Entropy: 3.4744046458679896
+            Virtual Size: '0xc0'
+        INIT:
+            Entropy: 5.076575853289
+            Virtual Size: '0x406'
+        .rsrc:
+            Entropy: 3.3935766621226473
+            Virtual Size: '0x350'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=CPUID
+            ValidFrom: '2012-01-06 00:00:00'
+            ValidTo: '2015-02-06 23:59:59'
+            Signature: be6fb3b3b33e9108a9a2273d1cf5eb3209a8c3a86ba7d66069393587f6b451b75b327ea15d36b1604aad5509c0ace37fa66e220b35764b9c201169677738c06802d2f798383c256c690898a663b0aeb519491057f9f24149c513abba2a4cab9934a684e5d83a34105fe6681f2b85d5ee06332d1c05c3627758442fd2fc94f5f68bb30f085cb1d31174e1461394aeef7b124291a099654d1103df3deab81e9658b5b5cc817061d688ae39e702f1d0dd420d6de931bed331960e089233b8576482e48d5b769fdfa8df02e1d098912444b324057826e1f72c26f045b2479a9b39eadfd6b2e1bd6db4057ef6b12ca385cad9a7ad82c4414e619f97dfd08a55f59053
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 53c8b54713882d4d5439511804935e
+            Version: 3
+            TBS:
+                MD5: 49e7946e133b4aaa31899adb235d3fa9
+                SHA1: f9f38ec49a6ccb990805be6dda0efa5f7fe8f7e7
+                SHA256: 1bb998a806b890e3300be35de0daa1b691fa218ef3d58ee5ec1b43fd34250a74
+                SHA384: 0a2ca21b084e3b431a7150c49819934d64a8b259d5686706d879a90cc37d32005eb2bbe07558b312b1169ab8a3e3de39
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 53c8b54713882d4d5439511804935e
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 82942c060f79cefd3bf1acdf5c207561
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: f432aa1e809be9d47392cb0577a93a59
+        SHA1: a1eb60e96042ae7794c98e8496cb3165b0d0c6bb
+        SHA256: b5c8521c00f0a9003d3f91abb0b881e8657ba5f5cf74a1223a88499a85916e68
+    Company: CPUID
+    Copyright: Copyright(C) 2016 CPUID
+    CreationTimestamp: '2016-08-14 13:15:05'
+    Date: ''
+    Description: CPUID Driver
+    ExportedFunctions: ''
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - ObfDereferenceObject
+    - IoGetDeviceObjectPointer
+    - RtlAnsiStringToUnicodeString
+    - RtlInitAnsiString
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - IoDeleteDevice
+    - RtlFreeUnicodeString
+    - RtlInitUnicodeString
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - RtlUnwind
+    - KeTickCount
+    - KeBugCheckEx
+    - ExAllocatePoolWithTag
+    - ExFreePool
+    - IofCompleteRequest
+    - KeInitializeEvent
+    - IoBuildDeviceIoControlRequest
+    - IofCallDriver
+    - KeWaitForSingleObject
+    - IoCancelIrp
+    - IoDeleteSymbolicLink
+    - PsGetVersion
+    - READ_PORT_USHORT
+    - READ_PORT_ULONG
+    - WRITE_PORT_UCHAR
+    - WRITE_PORT_USHORT
+    - WRITE_PORT_ULONG
+    - KeStallExecutionProcessor
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    - READ_PORT_UCHAR
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: cpuz.sys
+    MD5: 2b8814cff6351c2b775387770053bdec
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: cpuz.sys
+    PDBPath: ''
+    Product: CPUID service
+    ProductVersion: 6.1.7600.16385
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 151279b238de6194a32d8ca426ceaeee
+        SHA1: 7836f9fa452c5a538aed446df8439f2f49cc74aa
+        SHA256: 1319e59df060332195af6318ab22fe3f5018b1498211216a28a48f73980ab3b0
+    SHA1: 5965ca5462cd9f24c67a1a1c4ef277fab8ea81d3
+    SHA256: ff987c30ce822d99f3b4b4e23c61b88955f52406a95e6331570a2a13cbebc498
+    Sections:
+        .text:
+            Entropy: 6.247223634292865
+            Virtual Size: '0x3490'
+        .rdata:
+            Entropy: 4.666472430079068
+            Virtual Size: '0x2f4'
+        .data:
+            Entropy: 0.31780982431271465
+            Virtual Size: '0x360'
+        INIT:
+            Entropy: 5.436222354875528
+            Virtual Size: '0x3dc'
+        .rsrc:
+            Entropy: 3.380165139130706
+            Virtual Size: '0x350'
+        .reloc:
+            Entropy: 5.635896599325999
+            Virtual Size: '0x286'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, CN=CPUID
+            ValidFrom: '2014-12-02 00:00:00'
+            ValidTo: '2018-03-02 23:59:59'
+            Signature: a59808b35f916a1201f0987b958aaaf50b81f3e507cf9d1b902bc22787244617e38069e4ca74bcf505dfdfeb6bad8bee2ecba26a428c2b26c9b9987241b50ccfd895a7335b35534c5569fdef2554d773cb3b20f10e08eeff2701d2a3e8ef7c5bb759baf1995d1580dce4f0c5da90eff4f07e01e7c9273b24c14c514f2ae1d1fe940dd53bfa25572cd6f3c007c7f21aebc58ea32ca3aea83c731419c9dcc191158cbb52b0b70545a16c9b42aadd4dcb167443d6c15fa03ae7f6f0f644845a69cb8badb3f143fd916a70c5008c3486d1f0cc8e0527f76da5aeaca4925f6eb6861dd54e1ce8b80e6b000446d77ac8bd0299e38db3b8e4a9c43294367cd6a55351d0
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 2d8021d84f098e7abde199f818e211a4
+            Version: 3
+            TBS:
+                MD5: 8f8c7ccf1ef7e1ee347f49e8266008ca
+                SHA1: b856b993df73da9d824aa1e5161788bd10d1e10e
+                SHA256: 1dd13a417806106c76cfbcd3614fe27a0638d2aaf2731f6a110c05043e34ad91
+                SHA384: d24ede407b82f80a6f0703b59af267f227a956c21f642f4c3d717d6999728ba2acfde76966340f4334f8ecdcf294616e
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 2d8021d84f098e7abde199f818e211a4
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 59b168c8ba0db46cb70d1d5a103e6c41
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 79ba474dbde75a8ca70258985b5b4bec
+        SHA1: d9073bd99852839538195fec30a6f0eff0060983
+        SHA256: 08b5f31070e370fbbf4f6e9a99c594c6e33846c82a56c773116705eda3109b62
+    Company: Windows (R) Win 7 DDK provider
+    Copyright: "\xA9 Microsoft Corporation. All rights reserved."
+    CreationTimestamp: '2010-05-11 03:58:57'
+    Date: ''
+    Description: CPUID Driver
+    ExportedFunctions: ''
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - RtlAnsiStringToUnicodeString
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - ProbeForWrite
+    - KeInitializeEvent
+    - RtlInitAnsiString
+    - MmUnmapIoSpace
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - ExFreePoolWithTag
+    - IofCompleteRequest
+    - KeWaitForSingleObject
+    - PsGetVersion
+    - IoCreateSymbolicLink
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - IofCallDriver
+    - KeBugCheckEx
+    - IoDeleteSymbolicLink
+    - IoBuildDeviceIoControlRequest
+    - MmMapIoSpace
+    - ExAllocatePoolWithTag
+    - RtlUnwindEx
+    - HalSetBusDataByOffset
+    - KeStallExecutionProcessor
+    - HalGetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: cpuz.sys
+    MD5: 95c88d25e211a4d52a82c53e5d93e634
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: cpuz.sys
+    PDBPath: ''
+    Product: Windows (R) Win 7 DDK driver
+    ProductVersion: 6.1.7600.16385
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 89dc670b5f7c06b577deeec9473dc96b
+        SHA1: af59c00ae531117ba9307257ab945cdf6c8309f6
+        SHA256: 35b9d8fc904c88f4df237edc610727f89c415e48bcf135191c43832bb2935ba6
+    SHA1: 35f803d483af51762bee3ec130de6a03362ce920
+    SHA256: 65deb5dca18ee846e7272894f74d84d9391bbe260c22f24a65ab37d48bd85377
+    Sections:
+        .text:
+            Entropy: 6.181778166104893
+            Virtual Size: '0x2146'
+        .rdata:
+            Entropy: 4.238598290844655
+            Virtual Size: '0x3d0'
+        .data:
+            Entropy: 0.378703493487675
+            Virtual Size: '0x2c0'
+        .pdata:
+            Entropy: 3.4475288205696204
+            Virtual Size: '0x90'
+        INIT:
+            Entropy: 5.069433080691773
+            Virtual Size: '0x408'
+        .rsrc:
+            Entropy: 3.4155760648585995
+            Virtual Size: '0x3d0'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=CPUID
+            ValidFrom: '2009-02-02 00:00:00'
+            ValidTo: '2012-02-07 23:59:59'
+            Signature: 9a9bbecb393272aaedfd7a125e0fe581151a18a75a4094e082a38156f62018b9d59edef27429bbea60d6e146a2ce134546d54e00b6585c1d85e3aedfb3b9a5de7728a96b2bcc26106655bae6bc5ce3a72714f9e23282a2fba29fc870b394e832f07dc50ded3a042953fe91379769e424398278b6ed14ae4f6b4cce5fa7ba20fc8d157a78fd308214d177189bcd76b2bd62a861a8c1562e2748f338f7369f0f062804685399a6655fcb4564a644e7a8bee8330557376884cce9153992e8e205bc1474dbd0109b3c87991db9bb77a9dff5775267390431ce56ff49500d8ad70be34a0d9a0b112e07eb55f0fe07de9ac93a0b30cb36029b5ec41e032daf66627d4e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
+            Version: 3
+            TBS:
+                MD5: fb72fa311261c4fb6a786e5cc7ce1d2f
+                SHA1: 1006abcf3b1eb43fd4cc42a2cc25346b3b9002c3
+                SHA256: 01beb7dc0d29b16a5506fc611b435aa0f4d9c50408ca404e91135e493a20890a
+                SHA384: 759175ad5a7509fc3ea3678d14e568abd0edeb753b53af88af04869bea98a07314b88c26de077ab3bdb6dbb1df1b93f9
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    Imphash: be527e5f470fbc661f914c81bfc9af38
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: be39d98c2a6042891fb0d2af53374f27
+        SHA1: 2f1ec40d264cfb36c7a15d4818f0ed230ff029e1
+        SHA256: 7f7c6346a25d465fbc06c41d841e6a5c7645545448db88793ab29d8e5637fae5
+    Company: CPUID
+    Copyright: Copyright(C) 2016 CPUID
+    CreationTimestamp: '2016-10-18 06:14:21'
+    Date: ''
+    Description: CPUID Driver
+    ExportedFunctions: ''
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - PsGetVersion
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeTickCount
+    - KeBugCheckEx
+    - IofCompleteRequest
+    - MmMapIoSpace
+    - MmUnmapIoSpace
+    - ProbeForWrite
+    - IoDeleteDevice
+    - RtlInitUnicodeString
+    - IoDeleteSymbolicLink
+    - RtlUnwindEx
+    - RtlPcToFileHeader
+    - READ_PORT_USHORT
+    - WRITE_PORT_ULONG
+    - HalGetBusDataByOffset
+    - HalSetBusDataByOffset
+    - READ_PORT_UCHAR
+    - HalCallPal
+    - WRITE_PORT_UCHAR
+    - KeStallExecutionProcessor
+    - WRITE_PORT_USHORT
+    - READ_PORT_ULONG
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: cpuz.sys
+    MD5: 047c06d4d38ea443c9af23a501c4480d
+    MachineType: IA64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: cpuz.sys
+    PDBPath: ''
+    Product: CPUID service
+    ProductVersion: 6.1.7600.16385
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 756be87f8c768cb8bfd02af932dd7589
+        SHA1: 16c2ebba52ba9fb0ef5570c1d620daaaee63865a
+        SHA256: 48acdfbe5ad27d73c0fd9b115a49420f182d146bca52797ce33cc2a061ff0ced
+    SHA1: 2ed4b51429b0a3303a645effc84022512f829836
+    SHA256: 405a99028c99f36ab0f84a1fd810a167b8f0597725e37513d7430617106501f1
+    Sections:
+        .text:
+            Entropy: 5.382748001307074
+            Virtual Size: '0x4080'
+        .rdata:
+            Entropy: 4.0867439500201925
+            Virtual Size: '0x430'
+        .pdata:
+            Entropy: 3.3686529491569175
+            Virtual Size: '0xcc'
+        .sdata:
+            Entropy: 1.1203888318125959
+            Virtual Size: '0x420'
+        INIT:
+            Entropy: 5.0154033944534415
+            Virtual Size: '0x3e8'
+        .rsrc:
+            Entropy: 3.382074768712142
+            Virtual Size: '0x350'
+        .reloc:
+            Entropy: 0.9037311282531212
+            Virtual Size: '0x184'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, CN=CPUID
+            ValidFrom: '2014-12-02 00:00:00'
+            ValidTo: '2018-03-02 23:59:59'
+            Signature: a59808b35f916a1201f0987b958aaaf50b81f3e507cf9d1b902bc22787244617e38069e4ca74bcf505dfdfeb6bad8bee2ecba26a428c2b26c9b9987241b50ccfd895a7335b35534c5569fdef2554d773cb3b20f10e08eeff2701d2a3e8ef7c5bb759baf1995d1580dce4f0c5da90eff4f07e01e7c9273b24c14c514f2ae1d1fe940dd53bfa25572cd6f3c007c7f21aebc58ea32ca3aea83c731419c9dcc191158cbb52b0b70545a16c9b42aadd4dcb167443d6c15fa03ae7f6f0f644845a69cb8badb3f143fd916a70c5008c3486d1f0cc8e0527f76da5aeaca4925f6eb6861dd54e1ce8b80e6b000446d77ac8bd0299e38db3b8e4a9c43294367cd6a55351d0
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 2d8021d84f098e7abde199f818e211a4
+            Version: 3
+            TBS:
+                MD5: 8f8c7ccf1ef7e1ee347f49e8266008ca
+                SHA1: b856b993df73da9d824aa1e5161788bd10d1e10e
+                SHA256: 1dd13a417806106c76cfbcd3614fe27a0638d2aaf2731f6a110c05043e34ad91
+                SHA384: d24ede407b82f80a6f0703b59af267f227a956c21f642f4c3d717d6999728ba2acfde76966340f4334f8ecdcf294616e
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 2d8021d84f098e7abde199f818e211a4
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: a2d936fa82b7340d28a697fb344046d8
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: ae9888a8e8498c39c3b358ddddcb23f7
+        SHA1: e7b6a1604851f36f5d3085637459cef8c819e0f9
+        SHA256: 1cad825ef477bdbafda6be0bbe9149d915560077d9017655fdb7f2233da9ad01
+    Company: CPUID
+    Copyright: Copyright(C) 2012 CPUID
+    CreationTimestamp: '2013-03-20 05:05:43'
+    Date: ''
+    Description: CPUID Driver
+    ExportedFunctions: ''
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - RtlAnsiStringToUnicodeString
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeInitializeEvent
+    - RtlInitAnsiString
+    - MmUnmapIoSpace
+    - IoCancelIrp
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - ExFreePoolWithTag
+    - IofCompleteRequest
+    - KeWaitForSingleObject
+    - PsGetVersion
+    - IoCreateSymbolicLink
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - IofCallDriver
+    - KeBugCheckEx
+    - IoDeleteSymbolicLink
+    - IoBuildDeviceIoControlRequest
+    - MmMapIoSpace
+    - ExAllocatePoolWithTag
+    - RtlUnwindEx
+    - HalSetBusDataByOffset
+    - KeStallExecutionProcessor
+    - HalGetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: cpuz.sys
+    MD5: c6cfa2d6e4c443e673c2c12417ea3001
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: cpuz.sys
+    PDBPath: ''
+    Product: CPUID service
+    ProductVersion: 6.1.7600.16385
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 685a19a8e9f46a76067db83da501dca0
+        SHA1: 5f76e4cf5157450837536db016e9981cb41394d2
+        SHA256: 1a0c69ff029488d41c7d9413943c28d389016adb26698d9baf02c6f32739d591
+    SHA1: c4ce0bb8a939c4f4cff955d9b3cdd9eb52746cc9
+    SHA256: 69640e9209f8e2ac25416bd3119b5308894b6ce22b5c80cb5d5f98f2f85d42ce
+    Sections:
+        .text:
+            Entropy: 6.190167312604016
+            Virtual Size: '0x2616'
+        .rdata:
+            Entropy: 4.171579257216199
+            Virtual Size: '0x3d4'
+        .data:
+            Entropy: 0.378703493487675
+            Virtual Size: '0x2c0'
+        .pdata:
+            Entropy: 3.501505002731896
+            Virtual Size: '0xc0'
+        INIT:
+            Entropy: 5.076575853289
+            Virtual Size: '0x406'
+        .rsrc:
+            Entropy: 3.3935766621226473
+            Virtual Size: '0x350'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=CPUID
+            ValidFrom: '2012-01-06 00:00:00'
+            ValidTo: '2015-02-06 23:59:59'
+            Signature: be6fb3b3b33e9108a9a2273d1cf5eb3209a8c3a86ba7d66069393587f6b451b75b327ea15d36b1604aad5509c0ace37fa66e220b35764b9c201169677738c06802d2f798383c256c690898a663b0aeb519491057f9f24149c513abba2a4cab9934a684e5d83a34105fe6681f2b85d5ee06332d1c05c3627758442fd2fc94f5f68bb30f085cb1d31174e1461394aeef7b124291a099654d1103df3deab81e9658b5b5cc817061d688ae39e702f1d0dd420d6de931bed331960e089233b8576482e48d5b769fdfa8df02e1d098912444b324057826e1f72c26f045b2479a9b39eadfd6b2e1bd6db4057ef6b12ca385cad9a7ad82c4414e619f97dfd08a55f59053
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 53c8b54713882d4d5439511804935e
+            Version: 3
+            TBS:
+                MD5: 49e7946e133b4aaa31899adb235d3fa9
+                SHA1: f9f38ec49a6ccb990805be6dda0efa5f7fe8f7e7
+                SHA256: 1bb998a806b890e3300be35de0daa1b691fa218ef3d58ee5ec1b43fd34250a74
+                SHA384: 0a2ca21b084e3b431a7150c49819934d64a8b259d5686706d879a90cc37d32005eb2bbe07558b312b1169ab8a3e3de39
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 53c8b54713882d4d5439511804935e
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 82942c060f79cefd3bf1acdf5c207561
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 8cb580b145c4fba69e29722ac8177d2a
+        SHA1: 3daf8df84e3cd4aeff1da9e84ab5817e7c877162
+        SHA256: 7f8cabb101d8ee0d76444fa4caa115b88b53ad8bd95516cae563bf92b910fa99
+    Company: Windows (R) Codename Longhorn DDK provider
+    Copyright: "\xA9 Microsoft Corporation. All rights reserved."
+    CreationTimestamp: '2008-12-02 06:51:19'
+    Date: ''
+    Description: CPUID Driver
+    ExportedFunctions: ''
+    FileVersion: '6.0.6000.16386 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - IoDeleteSymbolicLink
+    - IoCreateSymbolicLink
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - RtlAnsiStringToUnicodeString
+    - RtlFreeUnicodeString
+    - IoCreateDevice
+    - IofCallDriver
+    - IoGetDeviceObjectPointer
+    - IoBuildDeviceIoControlRequest
+    - IoDeleteDevice
+    - ProbeForWrite
+    - MmMapIoSpace
+    - KeInitializeEvent
+    - RtlInitAnsiString
+    - IofCompleteRequest
+    - KeWaitForSingleObject
+    - KeBugCheckEx
+    - MmUnmapIoSpace
+    - RtlInitUnicodeString
+    - PsGetVersion
+    - RtlUnwindEx
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: cpuz.sys
+    MD5: e68972cd9f28f0be0f9df7207aba9d1d
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: cpuz.sys
+    PDBPath: ''
+    Product: Windows (R) Codename Longhorn DDK driver
+    ProductVersion: 6.0.6000.16386
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 6633dd48aea31e9c4821fbc652e4701e
+        SHA1: 3fb6cdbdaa8959e6a79305a74981751e06506a6f
+        SHA256: 63b15db03090d5e7ba52906b2854fba693e17a5fac179397bd55f91e49d28859
+    SHA1: 9b3f57693f0f69d3729762d59a10439e738b9031
+    SHA256: ac1af529c9491644f1bda63267e0f0f35e30ab0c98ab1aecf4571f4190ab9db4
+    Sections:
+        .text:
+            Entropy: 6.148283767862968
+            Virtual Size: '0x1cd6'
+        .rdata:
+            Entropy: 4.307405382136631
+            Virtual Size: '0x378'
+        .data:
+            Entropy: 0.378703493487675
+            Virtual Size: '0x2c0'
+        .pdata:
+            Entropy: 3.32973292021935
+            Virtual Size: '0x78'
+        INIT:
+            Entropy: 4.945456847123696
+            Virtual Size: '0x388'
+        .rsrc:
+            Entropy: 3.3914708617609186
+            Virtual Size: '0x400'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=CPUID
+            ValidFrom: '2007-02-08 00:00:00'
+            ValidTo: '2009-02-07 23:59:59'
+            Signature: 6ca08361ce69863ade5289039d2e6eaf79729d950a57fc32158e56bc0bfc05ca3b76263b8e8a5e2279522eceed35495c697a2f1b1631e1a4f997c8b2e14cd08a3b4aaeca9f150126f5933e6a29fde1e3ef607f452219582ac034c3f95023fd6c5474008ecea3aab5ba096ae73a3dd76b296d3c8b06a72ca763698e49474d624c22ad57a3d11342be8a6d2a49e4af5893003fcf02900a0fbf4854858cc0468d23b9917cfe59ac8b7058de49ab25bbca0bc67f1f367309deed4827295173fad53932d12ad79b8c70175e640f7917fd60940be86d1af397dd5eb0ecb9e92f9e3dc03f2cbf51e9776b31a8cba38fabd8b27e561f66a5ddad46546d6bc984a6a8d8bc
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 10e29d74903d9c7cd58caa35a0944770
+            Version: 3
+            TBS:
+                MD5: 5e3b5587eb8c553dc279bb241c30689d
+                SHA1: 5b5631ff0033ed753a5c630a4d8d48772050db32
+                SHA256: 9b30d9d9f9fd9c0480c0503dd4ac86649d2cc180d1401ade6dd8048356d7f634
+                SHA384: 1886034ac8dc819ed45b8b48b0225cdb142d53d61bda992ee7e4923276c3c36dffbb0f8d929e1ad20c3437709df2399a
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 10e29d74903d9c7cd58caa35a0944770
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    Imphash: cb8db41ab8c06472574e58b9466f4070
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: e956094993c1bdf07390d97751fb0264
+        SHA1: f7e2c605f853869fe70364c5fac0763d8d6f368e
+        SHA256: 3e307281c9f7329579988190e24a655b15bb2e60afc585109f05a79e5aba81a0
+    Company: CPUID
+    Copyright: Copyright(C) 2014 CPUID
+    CreationTimestamp: '2015-02-26 00:25:29'
+    Date: ''
+    Description: CPUID Driver
+    ExportedFunctions: ''
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - PsGetVersion
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeTickCount
+    - KeBugCheckEx
+    - IofCompleteRequest
+    - MmMapIoSpace
+    - MmUnmapIoSpace
+    - ProbeForWrite
+    - IoDeleteDevice
+    - RtlInitUnicodeString
+    - IoDeleteSymbolicLink
+    - RtlUnwindEx
+    - RtlPcToFileHeader
+    - READ_PORT_USHORT
+    - WRITE_PORT_ULONG
+    - HalGetBusDataByOffset
+    - HalSetBusDataByOffset
+    - READ_PORT_UCHAR
+    - HalCallPal
+    - WRITE_PORT_UCHAR
+    - KeStallExecutionProcessor
+    - WRITE_PORT_USHORT
+    - READ_PORT_ULONG
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: cpuz.sys
+    MD5: d6c4baecff632d6ad63c45fc39e04b2f
+    MachineType: IA64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: cpuz.sys
+    PDBPath: ''
+    Product: CPUID service
+    ProductVersion: 6.1.7600.16385
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 756be87f8c768cb8bfd02af932dd7589
+        SHA1: 16c2ebba52ba9fb0ef5570c1d620daaaee63865a
+        SHA256: 48acdfbe5ad27d73c0fd9b115a49420f182d146bca52797ce33cc2a061ff0ced
+    SHA1: a3224815aedc14bb46f09535e9b8ca7eaa4963bf
+    SHA256: 3301b49b813427fa37a719988fe6446c6f4468dfe15aa246bec8d397f62f6486
+    Sections:
+        .text:
+            Entropy: 5.388849280671267
+            Virtual Size: '0x40c0'
+        .rdata:
+            Entropy: 4.07523813120193
+            Virtual Size: '0x430'
+        .pdata:
+            Entropy: 3.3802437725716254
+            Virtual Size: '0xcc'
+        .sdata:
+            Entropy: 1.1203888318125959
+            Virtual Size: '0x2a0'
+        INIT:
+            Entropy: 5.0154033944534415
+            Virtual Size: '0x3e8'
+        .rsrc:
+            Entropy: 3.3903828070121933
+            Virtual Size: '0x350'
+        .reloc:
+            Entropy: 0.9037311282531211
+            Virtual Size: '0x184'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, CN=CPUID
+            ValidFrom: '2014-12-02 00:00:00'
+            ValidTo: '2018-03-02 23:59:59'
+            Signature: a59808b35f916a1201f0987b958aaaf50b81f3e507cf9d1b902bc22787244617e38069e4ca74bcf505dfdfeb6bad8bee2ecba26a428c2b26c9b9987241b50ccfd895a7335b35534c5569fdef2554d773cb3b20f10e08eeff2701d2a3e8ef7c5bb759baf1995d1580dce4f0c5da90eff4f07e01e7c9273b24c14c514f2ae1d1fe940dd53bfa25572cd6f3c007c7f21aebc58ea32ca3aea83c731419c9dcc191158cbb52b0b70545a16c9b42aadd4dcb167443d6c15fa03ae7f6f0f644845a69cb8badb3f143fd916a70c5008c3486d1f0cc8e0527f76da5aeaca4925f6eb6861dd54e1ce8b80e6b000446d77ac8bd0299e38db3b8e4a9c43294367cd6a55351d0
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 2d8021d84f098e7abde199f818e211a4
+            Version: 3
+            TBS:
+                MD5: 8f8c7ccf1ef7e1ee347f49e8266008ca
+                SHA1: b856b993df73da9d824aa1e5161788bd10d1e10e
+                SHA256: 1dd13a417806106c76cfbcd3614fe27a0638d2aaf2731f6a110c05043e34ad91
+                SHA384: d24ede407b82f80a6f0703b59af267f227a956c21f642f4c3d717d6999728ba2acfde76966340f4334f8ecdcf294616e
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 2d8021d84f098e7abde199f818e211a4
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: a2d936fa82b7340d28a697fb344046d8
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: d65e3a9ff93baa4664219d1d0eac5a0d
+        SHA1: 0ecf760f548a933ceba7a988b14143149bc2ada2
+        SHA256: f94c8dee30d8d349d0b51b9f1624c49ef8b6b8d54d40ecf09af95011d01b705f
+    Company: Windows (R) Server 2003 DDK provider
+    Copyright: "\xA9 Microsoft Corporation. All rights reserved."
+    CreationTimestamp: '2007-02-20 13:30:26'
+    Date: ''
+    Description: CPU-Z Driver
+    ExportedFunctions: ''
+    FileVersion: '5.2.3790.0 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - IoCreateSymbolicLink
+    - PsGetVersion
+    - IoCreateDevice
+    - RtlUnwindEx
+    Imports:
+    - ntoskrnl.exe
+    InternalName: cpuz.sys
+    MD5: b5f96dd5cc7d14a9860ab99d161bf171
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: cpuz.sys
+    PDBPath: ''
+    Product: Windows (R) Server 2003 DDK driver
+    ProductVersion: 5.2.3790.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: d6e624eea1be2957d5ade6a1a35a31a9
+        SHA1: ec4d3466789d80cf12e0a2974953bbe33451e18f
+        SHA256: 44558104d89509a78f42ceee3abcd90cfda7f39a3387ef23f3511d9dcfd015a9
+    SHA1: c16d7b2fbe69a28ccbcf87348903277f22805bf3
+    SHA256: be683cd38e64280567c59f7dc0a45570abcb8a75f1d894853bbbd25675b4adf7
+    Sections:
+        .text:
+            Entropy: 6.19634494804668
+            Virtual Size: '0xed4'
+        .rdata:
+            Entropy: 4.775150923997567
+            Virtual Size: '0x228'
+        .data:
+            Entropy: 0.6699250014423124
+            Virtual Size: '0x24'
+        .pdata:
+            Entropy: 3.035251388053986
+            Virtual Size: '0x60'
+        INIT:
+            Entropy: 4.253708366005613
+            Virtual Size: '0x150'
+        .rsrc:
+            Entropy: 3.4105160211933994
+            Virtual Size: '0x3d8'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2008-12-03 23:59:59'
+            Signature: 877870da4e5201205be079c98230c4fdb91996bd9100c3bdcdcdc6f40ed8fff94dc033623011c5f5741bd492de5f9c2013b17c45be50cd83e7801783a72793671346fbcab8984103cc9b515b058b7fa86ff31b501b242ef2698d6c22f7bbca1695ed0c74c06877d9eb996287c17390f889747a23aba3987b97b1f78f29714d2e751b4841daf0b50d2054d677a097826369fd09cf8af075bb099bd9f91155269a6132be7a02b07b86bea2c38b222c78d13576bc92735cf9b9e64c150a23cce4d2d4342e4940153c0f607a24c6a566ef96cf70eb3ee7f40d7edcd17ca3767169c19c4f47303521b1a2af1a623c2bd98eaa2a077bd818b35c7be29da56ffe3c89ad
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0de92bf0d4d82988183205095e9a7688
+            Version: 3
+            TBS:
+                MD5: 45c204b8a20f6abb0188d2d38a3fb0c9
+                SHA1: cdf3a3c5c2eda4c29621f30fd3154f9f8c765739
+                SHA256: e32839dddc0f4ed2474efaf37f59d46db400c700fd19533cb0895a111124bc77
+                SHA384: ee9c75832cb252218b3201619852209df490d2ef7a5f7a28afdb37f1c1dd56f4604898838e558f615b1c798d4a488223
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=CPUID
+            ValidFrom: '2007-02-08 00:00:00'
+            ValidTo: '2009-02-07 23:59:59'
+            Signature: 6ca08361ce69863ade5289039d2e6eaf79729d950a57fc32158e56bc0bfc05ca3b76263b8e8a5e2279522eceed35495c697a2f1b1631e1a4f997c8b2e14cd08a3b4aaeca9f150126f5933e6a29fde1e3ef607f452219582ac034c3f95023fd6c5474008ecea3aab5ba096ae73a3dd76b296d3c8b06a72ca763698e49474d624c22ad57a3d11342be8a6d2a49e4af5893003fcf02900a0fbf4854858cc0468d23b9917cfe59ac8b7058de49ab25bbca0bc67f1f367309deed4827295173fad53932d12ad79b8c70175e640f7917fd60940be86d1af397dd5eb0ecb9e92f9e3dc03f2cbf51e9776b31a8cba38fabd8b27e561f66a5ddad46546d6bc984a6a8d8bc
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 10e29d74903d9c7cd58caa35a0944770
+            Version: 3
+            TBS:
+                MD5: 5e3b5587eb8c553dc279bb241c30689d
+                SHA1: 5b5631ff0033ed753a5c630a4d8d48772050db32
+                SHA256: 9b30d9d9f9fd9c0480c0503dd4ac86649d2cc180d1401ade6dd8048356d7f634
+                SHA384: 1886034ac8dc819ed45b8b48b0225cdb142d53d61bda992ee7e4923276c3c36dffbb0f8d929e1ad20c3437709df2399a
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 10e29d74903d9c7cd58caa35a0944770
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    Imphash: 4fb06df8cb54846e42943f0d3ae96e2f
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 8cb580b145c4fba69e29722ac8177d2a
+        SHA1: 3daf8df84e3cd4aeff1da9e84ab5817e7c877162
+        SHA256: 7f8cabb101d8ee0d76444fa4caa115b88b53ad8bd95516cae563bf92b910fa99
+    Company: Windows (R) Codename Longhorn DDK provider
+    Copyright: "\xA9 Microsoft Corporation. All rights reserved."
+    CreationTimestamp: '2008-12-02 06:51:19'
+    Date: ''
+    Description: CPUID Driver
+    ExportedFunctions: ''
+    FileVersion: '6.0.6000.16386 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - IoDeleteSymbolicLink
+    - IoCreateSymbolicLink
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - RtlAnsiStringToUnicodeString
+    - RtlFreeUnicodeString
+    - IoCreateDevice
+    - IofCallDriver
+    - IoGetDeviceObjectPointer
+    - IoBuildDeviceIoControlRequest
+    - IoDeleteDevice
+    - ProbeForWrite
+    - MmMapIoSpace
+    - KeInitializeEvent
+    - RtlInitAnsiString
+    - IofCompleteRequest
+    - KeWaitForSingleObject
+    - KeBugCheckEx
+    - MmUnmapIoSpace
+    - RtlInitUnicodeString
+    - PsGetVersion
+    - RtlUnwindEx
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: cpuz.sys
+    MD5: 5e71c0814287763d529822d0a022e693
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: cpuz.sys
+    PDBPath: ''
+    Product: Windows (R) Codename Longhorn DDK driver
+    ProductVersion: 6.0.6000.16386
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 6633dd48aea31e9c4821fbc652e4701e
+        SHA1: 3fb6cdbdaa8959e6a79305a74981751e06506a6f
+        SHA256: 63b15db03090d5e7ba52906b2854fba693e17a5fac179397bd55f91e49d28859
+    SHA1: bed323603a33fa8b2fc7568149345184690f0390
+    SHA256: 6001c6acae09d2a91f8773bbdfd52654c99bc672a9756dc4cb53dc2e3efeb097
+    Sections:
+        .text:
+            Entropy: 6.148283767862968
+            Virtual Size: '0x1cd6'
+        .rdata:
+            Entropy: 4.307405382136631
+            Virtual Size: '0x378'
+        .data:
+            Entropy: 0.378703493487675
+            Virtual Size: '0x2c0'
+        .pdata:
+            Entropy: 3.32973292021935
+            Virtual Size: '0x78'
+        INIT:
+            Entropy: 4.945456847123696
+            Virtual Size: '0x388'
+        .rsrc:
+            Entropy: 3.3914708617609186
+            Virtual Size: '0x400'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=CN, ST=Beijing, L=Beijing, O=Beijing Gigabit Times Technology
+                Co., Ltd, OU=Digital ID Class 3 , Microsoft Software Validation v2,
+                CN=Beijing Gigabit Times Technology Co., Ltd
+            ValidFrom: '2008-12-24 00:00:00'
+            ValidTo: '2011-12-24 23:59:59'
+            Signature: 381285ec3212a1acb6210dace62f9be92a590d2d95dec1278db1aba90999d3707764129ff43d9a538ddee21457221f3f39d83f4d9188cd6cadb454960d9fcd677c63fd50af20b70e5d70a82f4bee0028e1dade2453532c35509aa6b79735c143e7b9fe98adf97310cbd869f0eb348ff076436ea0189cddb1742249feb3d2b9246ff58cddd4d355ae8746a04cacc5194832b22e95c9a45356cf48eb2b8e2ca96879b3837845af2b5d0bc4091fed1c58b6ae7368238021f52ec230cf6ba368bb6ca4687aefcafc29831b6c1df204339fae347f2f88b396c331b1d545f12ae77c20c5b54e28650d671ead462a8d52ed730e30474067e7f0ddaab6dfeb0fcc8d40e5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 77a64759f12766e363d779998c71bdc9
+            Version: 3
+            TBS:
+                MD5: 081bc7ae4aa769d19d9554694edfc3a0
+                SHA1: a521dae1d3b1da03460eb5fa70717c9449a3d1b4
+                SHA256: 0af015afa3cd65db7b53fdad90bfdb2e89541964c569a4d41e2a032815da8b48
+                SHA384: 74f7efe3db46e6399e41b5cfd3eb25bf842c85385cd3a94c49b36c2cbe5e52be0ffe4b66d1e76bf86f2416e510d3f585
+        Signer:
+        -   SerialNumber: 77a64759f12766e363d779998c71bdc9
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    Imphash: cb8db41ab8c06472574e58b9466f4070
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: cdcd746a4377b1a84a4ef4080148b1fc
+        SHA1: 979157903c1608be15c1e70deaaada23c51f6d0e
+        SHA256: 6b56978dd0fc606668c0ed2698b3b22ef53dc6e4a676a4c5479438425d4e60a9
+    Company: Windows (R) Win 7 DDK provider
+    Copyright: "\xA9 Microsoft Corporation. All rights reserved."
+    CreationTimestamp: '2010-06-30 06:22:54'
+    Date: ''
+    Description: CPUID Driver
+    ExportedFunctions: ''
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - RtlAnsiStringToUnicodeString
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeInitializeEvent
+    - RtlInitAnsiString
+    - MmUnmapIoSpace
+    - IoCancelIrp
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - ExFreePoolWithTag
+    - IofCompleteRequest
+    - KeWaitForSingleObject
+    - PsGetVersion
+    - IoCreateSymbolicLink
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - IofCallDriver
+    - KeBugCheckEx
+    - IoDeleteSymbolicLink
+    - IoBuildDeviceIoControlRequest
+    - MmMapIoSpace
+    - ExAllocatePoolWithTag
+    - RtlUnwindEx
+    - HalSetBusDataByOffset
+    - KeStallExecutionProcessor
+    - HalGetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: cpuz.sys
+    MD5: 2dbc09c853c4bf2e058d29aaa21fa803
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: cpuz.sys
+    PDBPath: ''
+    Product: Windows (R) Win 7 DDK driver
+    ProductVersion: 6.1.7600.16385
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 89dc670b5f7c06b577deeec9473dc96b
+        SHA1: af59c00ae531117ba9307257ab945cdf6c8309f6
+        SHA256: 35b9d8fc904c88f4df237edc610727f89c415e48bcf135191c43832bb2935ba6
+    SHA1: f95b59cab63408343ecbdb0e71db34e83f75b503
+    SHA256: b7aa4c17afdaff1603ef9b5cc8981bed535555f8185b59d5ae13f342f27ca6c5
+    Sections:
+        .text:
+            Entropy: 6.205258315003686
+            Virtual Size: '0x21c6'
+        .rdata:
+            Entropy: 4.285658099844044
+            Virtual Size: '0x3d0'
+        .data:
+            Entropy: 0.378703493487675
+            Virtual Size: '0x2c0'
+        .pdata:
+            Entropy: 3.41356498182979
+            Virtual Size: '0x90'
+        INIT:
+            Entropy: 5.067835669413665
+            Virtual Size: '0x406'
+        .rsrc:
+            Entropy: 3.4148190207283133
+            Virtual Size: '0x3d0'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=CPUID
+            ValidFrom: '2009-02-02 00:00:00'
+            ValidTo: '2012-02-07 23:59:59'
+            Signature: 9a9bbecb393272aaedfd7a125e0fe581151a18a75a4094e082a38156f62018b9d59edef27429bbea60d6e146a2ce134546d54e00b6585c1d85e3aedfb3b9a5de7728a96b2bcc26106655bae6bc5ce3a72714f9e23282a2fba29fc870b394e832f07dc50ded3a042953fe91379769e424398278b6ed14ae4f6b4cce5fa7ba20fc8d157a78fd308214d177189bcd76b2bd62a861a8c1562e2748f338f7369f0f062804685399a6655fcb4564a644e7a8bee8330557376884cce9153992e8e205bc1474dbd0109b3c87991db9bb77a9dff5775267390431ce56ff49500d8ad70be34a0d9a0b112e07eb55f0fe07de9ac93a0b30cb36029b5ec41e032daf66627d4e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
+            Version: 3
+            TBS:
+                MD5: fb72fa311261c4fb6a786e5cc7ce1d2f
+                SHA1: 1006abcf3b1eb43fd4cc42a2cc25346b3b9002c3
+                SHA256: 01beb7dc0d29b16a5506fc611b435aa0f4d9c50408ca404e91135e493a20890a
+                SHA384: 759175ad5a7509fc3ea3678d14e568abd0edeb753b53af88af04869bea98a07314b88c26de077ab3bdb6dbb1df1b93f9
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    Imphash: 82942c060f79cefd3bf1acdf5c207561
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 171210ce2efc15d66d9ea9a75cd56960
+        SHA1: cbbd16f5e84f198aec6922d58a84c6834dba2176
+        SHA256: affeec7af311ecb53182dc6b28c61057eeb6dbd895f92354310f775cf843cfec
+    Company: CPUID
+    Copyright: Copyright(C) 2017 CPUID
+    CreationTimestamp: '2017-04-24 04:33:32'
+    Date: ''
+    Description: CPUID Driver
+    ExportedFunctions: ''
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - IoGetDeviceObjectPointer
+    - RtlAnsiStringToUnicodeString
+    - RtlInitAnsiString
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - IoDeleteDevice
+    - ObfDereferenceObject
+    - RtlInitUnicodeString
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeTickCount
+    - KeBugCheckEx
+    - RtlFreeUnicodeString
+    - ExAllocatePoolWithTag
+    - ExFreePool
+    - IofCompleteRequest
+    - KeInitializeEvent
+    - IoBuildDeviceIoControlRequest
+    - IofCallDriver
+    - KeWaitForSingleObject
+    - IoCancelIrp
+    - IoDeleteSymbolicLink
+    - PsGetVersion
+    - RtlUnwind
+    - READ_PORT_USHORT
+    - READ_PORT_ULONG
+    - WRITE_PORT_UCHAR
+    - WRITE_PORT_USHORT
+    - WRITE_PORT_ULONG
+    - KeQueryPerformanceCounter
+    - KeStallExecutionProcessor
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    - READ_PORT_UCHAR
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: cpuz.sys
+    MD5: 2e3dbb01b282a526bdc3031e0663c41c
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: cpuz.sys
+    PDBPath: ''
+    Product: CPUID service
+    ProductVersion: 6.1.7600.16385
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: e10f1a83d333c2feb8a17b1906909a07
+        SHA1: f605fa8f10b2b64638f01715179b7588f4a6b727
+        SHA256: 9337693c714a35f8370e9a6d7aca13083a7e4c5dbbefdee250b06ae6cc63a06d
+    SHA1: def86c7dee1f788c717ac1917f1b5bbfada25a95
+    SHA256: 572c545b5a95d3f4d8c9808ebeff23f3c62ed41910eb162343dd5338e2d6b0b4
+    Sections:
+        .text:
+            Entropy: 6.187941589974115
+            Virtual Size: '0x4990'
+        .rdata:
+            Entropy: 4.73518293670389
+            Virtual Size: '0x398'
+        .data:
+            Entropy: 0.13142343474404483
+            Virtual Size: '0x340'
+        INIT:
+            Entropy: 5.440772918518928
+            Virtual Size: '0x3fc'
+        .rsrc:
+            Entropy: 3.394946071861716
+            Virtual Size: '0x350'
+        .reloc:
+            Entropy: 6.007585111448243
+            Virtual Size: '0x2f0'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, CN=CPUID
+            ValidFrom: '2014-12-02 00:00:00'
+            ValidTo: '2018-03-02 23:59:59'
+            Signature: a59808b35f916a1201f0987b958aaaf50b81f3e507cf9d1b902bc22787244617e38069e4ca74bcf505dfdfeb6bad8bee2ecba26a428c2b26c9b9987241b50ccfd895a7335b35534c5569fdef2554d773cb3b20f10e08eeff2701d2a3e8ef7c5bb759baf1995d1580dce4f0c5da90eff4f07e01e7c9273b24c14c514f2ae1d1fe940dd53bfa25572cd6f3c007c7f21aebc58ea32ca3aea83c731419c9dcc191158cbb52b0b70545a16c9b42aadd4dcb167443d6c15fa03ae7f6f0f644845a69cb8badb3f143fd916a70c5008c3486d1f0cc8e0527f76da5aeaca4925f6eb6861dd54e1ce8b80e6b000446d77ac8bd0299e38db3b8e4a9c43294367cd6a55351d0
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 2d8021d84f098e7abde199f818e211a4
+            Version: 3
+            TBS:
+                MD5: 8f8c7ccf1ef7e1ee347f49e8266008ca
+                SHA1: b856b993df73da9d824aa1e5161788bd10d1e10e
+                SHA256: 1dd13a417806106c76cfbcd3614fe27a0638d2aaf2731f6a110c05043e34ad91
+                SHA384: d24ede407b82f80a6f0703b59af267f227a956c21f642f4c3d717d6999728ba2acfde76966340f4334f8ecdcf294616e
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 2d8021d84f098e7abde199f818e211a4
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: b1e749ba779687a5127817da3d47af2c
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 60f49ecdb54991720bc99cc03c4678c4
+        SHA1: 3fcd9ff63b84aca1506af0c2223e176ec30c3cf4
+        SHA256: 5380daf2497ed35fc6d8b2a2f343dcbb95bb7384eea73781126a641ba3391af8
+    Company: CPUID
+    Copyright: Copyright(C) 2013 CPUID
+    CreationTimestamp: '2013-10-22 06:55:58'
+    Date: ''
+    Description: CPUID Driver
+    ExportedFunctions: ''
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - IofCompleteRequest
+    - ExFreePool
+    - ExAllocatePoolWithTag
+    - RtlFreeUnicodeString
+    - ObfDereferenceObject
+    - MmIsAddressValid
+    - IoGetDeviceObjectPointer
+    - MmUnmapIoSpace
+    - RtlInitAnsiString
+    - MmMapIoSpace
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - RtlUnwind
+    - KeTickCount
+    - KeBugCheckEx
+    - RtlInitUnicodeString
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - PsGetVersion
+    - KeInitializeEvent
+    - IoBuildDeviceIoControlRequest
+    - IofCallDriver
+    - KeWaitForSingleObject
+    - RtlAnsiStringToUnicodeString
+    - IoCancelIrp
+    - READ_PORT_USHORT
+    - READ_PORT_ULONG
+    - WRITE_PORT_UCHAR
+    - WRITE_PORT_USHORT
+    - WRITE_PORT_ULONG
+    - HalGetBusDataByOffset
+    - HalSetBusDataByOffset
+    - KeStallExecutionProcessor
+    - READ_PORT_UCHAR
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: cpuz.sys
+    MD5: 1bca427ab8e67a9db833eb8f0ff92196
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: cpuz.sys
+    PDBPath: ''
+    Product: CPUID service
+    ProductVersion: 6.1.7600.16385
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 41f15d0f328a165973b49de608ef72a2
+        SHA1: abcd9850775bd0a1a855e785a238e0e69525810f
+        SHA256: 02dc44b04a6426fcaedf26995bfa471f123a90a9c747e82cebaf95f394890631
+    SHA1: 1fb12c5db2acad8849677e97d7ce860d2bb2329e
+    SHA256: 8a0702681bc51419fbd336817787a966c7f92cabe09f8e959251069578dfa881
+    Sections:
+        .text:
+            Entropy: 6.201558609944256
+            Virtual Size: '0x2bc0'
+        .rdata:
+            Entropy: 4.6184116970842215
+            Virtual Size: '0x2dc'
+        .data:
+            Entropy: 0.335842300318532
+            Virtual Size: '0x1e0'
+        INIT:
+            Entropy: 5.42180997612463
+            Virtual Size: '0x3f4'
+        .rsrc:
+            Entropy: 3.391941258882184
+            Virtual Size: '0x350'
+        .reloc:
+            Entropy: 5.629175772175384
+            Virtual Size: '0x25e'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=CPUID
+            ValidFrom: '2012-01-06 00:00:00'
+            ValidTo: '2015-02-06 23:59:59'
+            Signature: be6fb3b3b33e9108a9a2273d1cf5eb3209a8c3a86ba7d66069393587f6b451b75b327ea15d36b1604aad5509c0ace37fa66e220b35764b9c201169677738c06802d2f798383c256c690898a663b0aeb519491057f9f24149c513abba2a4cab9934a684e5d83a34105fe6681f2b85d5ee06332d1c05c3627758442fd2fc94f5f68bb30f085cb1d31174e1461394aeef7b124291a099654d1103df3deab81e9658b5b5cc817061d688ae39e702f1d0dd420d6de931bed331960e089233b8576482e48d5b769fdfa8df02e1d098912444b324057826e1f72c26f045b2479a9b39eadfd6b2e1bd6db4057ef6b12ca385cad9a7ad82c4414e619f97dfd08a55f59053
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 53c8b54713882d4d5439511804935e
+            Version: 3
+            TBS:
+                MD5: 49e7946e133b4aaa31899adb235d3fa9
+                SHA1: f9f38ec49a6ccb990805be6dda0efa5f7fe8f7e7
+                SHA256: 1bb998a806b890e3300be35de0daa1b691fa218ef3d58ee5ec1b43fd34250a74
+                SHA384: 0a2ca21b084e3b431a7150c49819934d64a8b259d5686706d879a90cc37d32005eb2bbe07558b312b1169ab8a3e3de39
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 53c8b54713882d4d5439511804935e
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 958dd67f866ae27cf716e30a025b266f
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 87d26263df00d609768a244c52b894e5
+        SHA1: 707595372f4cc56801b8224ed43dc16a3fd60d76
+        SHA256: 88671ef30520d11a63a4cb3acf6b1c827c82acced657baa8f371034957ddf825
+    Company: CPUID
+    Copyright: Copyright(C) 2014 CPUID
+    CreationTimestamp: '2014-10-06 04:27:07'
+    Date: ''
+    Description: CPUID Driver
+    ExportedFunctions: ''
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - IofCompleteRequest
+    - ExFreePool
+    - ExAllocatePoolWithTag
+    - RtlFreeUnicodeString
+    - ObfDereferenceObject
+    - MmIsAddressValid
+    - IoGetDeviceObjectPointer
+    - MmUnmapIoSpace
+    - RtlInitAnsiString
+    - MmMapIoSpace
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - RtlUnwind
+    - KeTickCount
+    - KeBugCheckEx
+    - RtlInitUnicodeString
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - PsGetVersion
+    - KeInitializeEvent
+    - IoBuildDeviceIoControlRequest
+    - IofCallDriver
+    - KeWaitForSingleObject
+    - RtlAnsiStringToUnicodeString
+    - IoCancelIrp
+    - READ_PORT_USHORT
+    - READ_PORT_ULONG
+    - WRITE_PORT_UCHAR
+    - WRITE_PORT_USHORT
+    - WRITE_PORT_ULONG
+    - KeStallExecutionProcessor
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    - READ_PORT_UCHAR
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: cpuz.sys
+    MD5: 649ff59b8e571c1fc6535b31662407aa
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: cpuz.sys
+    PDBPath: ''
+    Product: CPUID service
+    ProductVersion: 6.1.7600.16385
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 2a626f8dd173fb7a6ff65f70f6f800a7
+        SHA1: 48062016c3487412b81fc88f0ca2208922bf3542
+        SHA256: fffc66439118e1ad1abc2e6417f479e03a4d436d7636649db6339989b65a5ac6
+    SHA1: ba0d6c596b78a1fc166747d7523ca6316ef87e9f
+    SHA256: f8d6ce1c86cbd616bb821698037f60a41e129d282a8d6f1f5ecdd37a9688f585
+    Sections:
+        .text:
+            Entropy: 6.225542447427719
+            Virtual Size: '0x31e0'
+        .rdata:
+            Entropy: 4.618701217485552
+            Virtual Size: '0x2f4'
+        .data:
+            Entropy: 0.335842300318532
+            Virtual Size: '0x1e0'
+        INIT:
+            Entropy: 5.428351714325533
+            Virtual Size: '0x3f4'
+        .rsrc:
+            Entropy: 3.3938887641350184
+            Virtual Size: '0x350'
+        .reloc:
+            Entropy: 5.557772230354666
+            Virtual Size: '0x282'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=CPUID
+            ValidFrom: '2012-01-06 00:00:00'
+            ValidTo: '2015-02-06 23:59:59'
+            Signature: be6fb3b3b33e9108a9a2273d1cf5eb3209a8c3a86ba7d66069393587f6b451b75b327ea15d36b1604aad5509c0ace37fa66e220b35764b9c201169677738c06802d2f798383c256c690898a663b0aeb519491057f9f24149c513abba2a4cab9934a684e5d83a34105fe6681f2b85d5ee06332d1c05c3627758442fd2fc94f5f68bb30f085cb1d31174e1461394aeef7b124291a099654d1103df3deab81e9658b5b5cc817061d688ae39e702f1d0dd420d6de931bed331960e089233b8576482e48d5b769fdfa8df02e1d098912444b324057826e1f72c26f045b2479a9b39eadfd6b2e1bd6db4057ef6b12ca385cad9a7ad82c4414e619f97dfd08a55f59053
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 53c8b54713882d4d5439511804935e
+            Version: 3
+            TBS:
+                MD5: 49e7946e133b4aaa31899adb235d3fa9
+                SHA1: f9f38ec49a6ccb990805be6dda0efa5f7fe8f7e7
+                SHA256: 1bb998a806b890e3300be35de0daa1b691fa218ef3d58ee5ec1b43fd34250a74
+                SHA384: 0a2ca21b084e3b431a7150c49819934d64a8b259d5686706d879a90cc37d32005eb2bbe07558b312b1169ab8a3e3de39
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 53c8b54713882d4d5439511804935e
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 111e6d92e02f02f737654c5b1cfe9f6f
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 428723466cb6dc9d061545862ce784cd
+        SHA1: e1cd8a81e4f48df9d0aa514423b791fa78ea37e2
+        SHA256: 506ec3e8b28e52be36b89041bbcd9933b7b79eaf8a53594186813d0f60edebc9
+    Company: CPUID
+    Copyright: Copyright(C) 2013 CPUID
+    CreationTimestamp: '2013-10-09 06:14:08'
+    Date: ''
+    Description: CPUID Driver
+    ExportedFunctions: ''
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - RtlAnsiStringToUnicodeString
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeInitializeEvent
+    - RtlInitAnsiString
+    - MmUnmapIoSpace
+    - IoCancelIrp
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - ExFreePoolWithTag
+    - IofCompleteRequest
+    - KeWaitForSingleObject
+    - PsGetVersion
+    - IoCreateSymbolicLink
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - IofCallDriver
+    - KeBugCheckEx
+    - IoDeleteSymbolicLink
+    - IoBuildDeviceIoControlRequest
+    - MmMapIoSpace
+    - ExAllocatePoolWithTag
+    - RtlUnwindEx
+    - HalSetBusDataByOffset
+    - KeStallExecutionProcessor
+    - HalGetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: cpuz.sys
+    MD5: 5158f786afa19945d19bee9179065e4d
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: cpuz.sys
+    PDBPath: ''
+    Product: CPUID service
+    ProductVersion: 6.1.7600.16385
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 685a19a8e9f46a76067db83da501dca0
+        SHA1: 5f76e4cf5157450837536db016e9981cb41394d2
+        SHA256: 1a0c69ff029488d41c7d9413943c28d389016adb26698d9baf02c6f32739d591
+    SHA1: a9b8d7afa2e4685280aebbeb162600cfce4e48c8
+    SHA256: d366cbc1d5dd8863b45776cfb982904abd21d0c0d4697851ff54381055abcfc8
+    Sections:
+        .text:
+            Entropy: 6.139175749958187
+            Virtual Size: '0x2a66'
+        .rdata:
+            Entropy: 4.157219517102148
+            Virtual Size: '0x3fc'
+        .data:
+            Entropy: 0.378703493487675
+            Virtual Size: '0x2c0'
+        .pdata:
+            Entropy: 3.511921669398563
+            Virtual Size: '0xc0'
+        INIT:
+            Entropy: 5.076575853289
+            Virtual Size: '0x406'
+        .rsrc:
+            Entropy: 3.3935766621226473
+            Virtual Size: '0x350'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=CPUID
+            ValidFrom: '2012-01-06 00:00:00'
+            ValidTo: '2015-02-06 23:59:59'
+            Signature: be6fb3b3b33e9108a9a2273d1cf5eb3209a8c3a86ba7d66069393587f6b451b75b327ea15d36b1604aad5509c0ace37fa66e220b35764b9c201169677738c06802d2f798383c256c690898a663b0aeb519491057f9f24149c513abba2a4cab9934a684e5d83a34105fe6681f2b85d5ee06332d1c05c3627758442fd2fc94f5f68bb30f085cb1d31174e1461394aeef7b124291a099654d1103df3deab81e9658b5b5cc817061d688ae39e702f1d0dd420d6de931bed331960e089233b8576482e48d5b769fdfa8df02e1d098912444b324057826e1f72c26f045b2479a9b39eadfd6b2e1bd6db4057ef6b12ca385cad9a7ad82c4414e619f97dfd08a55f59053
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 53c8b54713882d4d5439511804935e
+            Version: 3
+            TBS:
+                MD5: 49e7946e133b4aaa31899adb235d3fa9
+                SHA1: f9f38ec49a6ccb990805be6dda0efa5f7fe8f7e7
+                SHA256: 1bb998a806b890e3300be35de0daa1b691fa218ef3d58ee5ec1b43fd34250a74
+                SHA384: 0a2ca21b084e3b431a7150c49819934d64a8b259d5686706d879a90cc37d32005eb2bbe07558b312b1169ab8a3e3de39
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 53c8b54713882d4d5439511804935e
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 82942c060f79cefd3bf1acdf5c207561
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: c8710ddab96749f11a9fb0946e2b0e54
+        SHA1: 50da055e0c33876160a3faf454d092303a9ebf82
+        SHA256: dadbd564c4fec1cb6a3e2be92031f22b1ddd19796d5d9639bffb927599c69a8d
+    Company: Windows (R) Win 7 DDK provider
+    Copyright: "\xA9 Microsoft Corporation. All rights reserved."
+    CreationTimestamp: '2010-03-30 15:38:01'
+    Date: ''
+    Description: CPUID Driver
+    ExportedFunctions: ''
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - RtlFreeUnicodeString
+    - ObfDereferenceObject
+    - MmIsAddressValid
+    - IoGetDeviceObjectPointer
+    - RtlAnsiStringToUnicodeString
+    - IofCompleteRequest
+    - MmMapIoSpace
+    - ProbeForWrite
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeTickCount
+    - KeBugCheckEx
+    - MmUnmapIoSpace
+    - RtlInitUnicodeString
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - PsGetVersion
+    - KeInitializeEvent
+    - IoBuildDeviceIoControlRequest
+    - IofCallDriver
+    - RtlInitAnsiString
+    - KeWaitForSingleObject
+    - RtlUnwind
+    - READ_PORT_USHORT
+    - READ_PORT_ULONG
+    - WRITE_PORT_UCHAR
+    - WRITE_PORT_USHORT
+    - WRITE_PORT_ULONG
+    - HalGetBusDataByOffset
+    - HalSetBusDataByOffset
+    - KeStallExecutionProcessor
+    - READ_PORT_UCHAR
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: cpuz.sys
+    MD5: 13a0d3f9d5f39adaca0a8d3bb327eb31
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: cpuz.sys
+    PDBPath: ''
+    Product: Windows (R) Win 7 DDK driver
+    ProductVersion: 6.1.7600.16385
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 4ba73072bea66755a70f3a8c99951424
+        SHA1: d9ce039d736544c2d9b7fe44460d8e006a5c62f0
+        SHA256: 3b45bc2da9543317e7a22486f86a3f8c0eb289596d1d7661b47e35e99058861f
+    SHA1: 0fd700fee341148661616ecd8af8eca5e9fa60e3
+    SHA256: c7f64b27cd3be5af1c8454680529ea493dfbb09e634eec7e316445ad73499ae0
+    Sections:
+        .text:
+            Entropy: 6.213142784512632
+            Virtual Size: '0x2040'
+        .rdata:
+            Entropy: 4.474610455203302
+            Virtual Size: '0x2ec'
+        .data:
+            Entropy: 0.22396935932252834
+            Virtual Size: '0x1c0'
+        INIT:
+            Entropy: 5.375451713627951
+            Virtual Size: '0x3fc'
+        .rsrc:
+            Entropy: 3.4140956924835417
+            Virtual Size: '0x3d0'
+        .reloc:
+            Entropy: 5.475215496909597
+            Virtual Size: '0x22e'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=CPUID
+            ValidFrom: '2009-02-02 00:00:00'
+            ValidTo: '2012-02-07 23:59:59'
+            Signature: 9a9bbecb393272aaedfd7a125e0fe581151a18a75a4094e082a38156f62018b9d59edef27429bbea60d6e146a2ce134546d54e00b6585c1d85e3aedfb3b9a5de7728a96b2bcc26106655bae6bc5ce3a72714f9e23282a2fba29fc870b394e832f07dc50ded3a042953fe91379769e424398278b6ed14ae4f6b4cce5fa7ba20fc8d157a78fd308214d177189bcd76b2bd62a861a8c1562e2748f338f7369f0f062804685399a6655fcb4564a644e7a8bee8330557376884cce9153992e8e205bc1474dbd0109b3c87991db9bb77a9dff5775267390431ce56ff49500d8ad70be34a0d9a0b112e07eb55f0fe07de9ac93a0b30cb36029b5ec41e032daf66627d4e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
+            Version: 3
+            TBS:
+                MD5: fb72fa311261c4fb6a786e5cc7ce1d2f
+                SHA1: 1006abcf3b1eb43fd4cc42a2cc25346b3b9002c3
+                SHA256: 01beb7dc0d29b16a5506fc611b435aa0f4d9c50408ca404e91135e493a20890a
+                SHA384: 759175ad5a7509fc3ea3678d14e568abd0edeb753b53af88af04869bea98a07314b88c26de077ab3bdb6dbb1df1b93f9
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    Imphash: 744af2b62301859b4ccdffba53551b15
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: b6e26bb7c203a2ab36145434c2cf806f
+        SHA1: f8d212abaa64b795927e434085afadb8e02ccb8d
+        SHA256: 14b04931ee50e5d2560f42cc33b05f047886a8a7d45b3274ae78e5646a1cf1a5
+    Company: CPUID
+    Copyright: Copyright(C) 2010 CPUID
+    CreationTimestamp: '2010-12-27 06:35:24'
+    Date: ''
+    Description: CPUID Driver
+    ExportedFunctions: ''
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - RtlAnsiStringToUnicodeString
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeInitializeEvent
+    - RtlInitAnsiString
+    - MmUnmapIoSpace
+    - IoCancelIrp
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - ExFreePoolWithTag
+    - IofCompleteRequest
+    - KeWaitForSingleObject
+    - PsGetVersion
+    - IoCreateSymbolicLink
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - IofCallDriver
+    - KeBugCheckEx
+    - IoDeleteSymbolicLink
+    - IoBuildDeviceIoControlRequest
+    - MmMapIoSpace
+    - ExAllocatePoolWithTag
+    - RtlUnwindEx
+    - HalSetBusDataByOffset
+    - KeStallExecutionProcessor
+    - HalGetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: cpuz.sys
+    MD5: 76355d5eafdfa3e9b7580b9153de1f30
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: cpuz.sys
+    PDBPath: ''
+    Product: CPUID service
+    ProductVersion: 6.1.7600.16385
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 685a19a8e9f46a76067db83da501dca0
+        SHA1: 5f76e4cf5157450837536db016e9981cb41394d2
+        SHA256: 1a0c69ff029488d41c7d9413943c28d389016adb26698d9baf02c6f32739d591
+    SHA1: 437b56dc106d2e649d2c243c86729b6e6461d535
+    SHA256: e51ec2876af3c9c3f1563987a9a35a10f091ea25ede16b1a34ba2648c53e9dfc
+    Sections:
+        .text:
+            Entropy: 6.195386186538611
+            Virtual Size: '0x2426'
+        .rdata:
+            Entropy: 4.175087343593611
+            Virtual Size: '0x3ec'
+        .data:
+            Entropy: 0.378703493487675
+            Virtual Size: '0x2c0'
+        .pdata:
+            Entropy: 3.5158533751389975
+            Virtual Size: '0xc0'
+        INIT:
+            Entropy: 5.076575853289
+            Virtual Size: '0x406'
+        .rsrc:
+            Entropy: 3.3943730160709853
+            Virtual Size: '0x350'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=CPUID
+            ValidFrom: '2009-02-02 00:00:00'
+            ValidTo: '2012-02-07 23:59:59'
+            Signature: 9a9bbecb393272aaedfd7a125e0fe581151a18a75a4094e082a38156f62018b9d59edef27429bbea60d6e146a2ce134546d54e00b6585c1d85e3aedfb3b9a5de7728a96b2bcc26106655bae6bc5ce3a72714f9e23282a2fba29fc870b394e832f07dc50ded3a042953fe91379769e424398278b6ed14ae4f6b4cce5fa7ba20fc8d157a78fd308214d177189bcd76b2bd62a861a8c1562e2748f338f7369f0f062804685399a6655fcb4564a644e7a8bee8330557376884cce9153992e8e205bc1474dbd0109b3c87991db9bb77a9dff5775267390431ce56ff49500d8ad70be34a0d9a0b112e07eb55f0fe07de9ac93a0b30cb36029b5ec41e032daf66627d4e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
+            Version: 3
+            TBS:
+                MD5: fb72fa311261c4fb6a786e5cc7ce1d2f
+                SHA1: 1006abcf3b1eb43fd4cc42a2cc25346b3b9002c3
+                SHA256: 01beb7dc0d29b16a5506fc611b435aa0f4d9c50408ca404e91135e493a20890a
+                SHA384: 759175ad5a7509fc3ea3678d14e568abd0edeb753b53af88af04869bea98a07314b88c26de077ab3bdb6dbb1df1b93f9
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    Imphash: 82942c060f79cefd3bf1acdf5c207561
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 685044aad3442ee87ebab0b5034873c4
+        SHA1: 011ce7c9f07fbedbbff7df9c43fa85fb4e04bd68
+        SHA256: b32ef857f7603af679fb794432c9c1ecab0ca7a0ac2ae4dd4fd5e80e05d8bb30
+    Company: CPUID
+    Copyright: Copyright(C) 2014 CPUID
+    CreationTimestamp: '2014-10-23 09:03:47'
+    Date: ''
+    Description: CPUID Driver
+    ExportedFunctions: ''
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - DbgPrintEx
+    - IofCompleteRequest
+    - ExFreePool
+    - ExAllocatePoolWithTag
+    - RtlFreeUnicodeString
+    - ObfDereferenceObject
+    - MmIsAddressValid
+    - IoGetDeviceObjectPointer
+    - MmUnmapIoSpace
+    - RtlInitAnsiString
+    - MmMapIoSpace
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - RtlUnwind
+    - KeTickCount
+    - KeBugCheckEx
+    - RtlInitUnicodeString
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - PsGetVersion
+    - KeInitializeEvent
+    - IoBuildDeviceIoControlRequest
+    - IofCallDriver
+    - KeWaitForSingleObject
+    - RtlAnsiStringToUnicodeString
+    - IoCancelIrp
+    - READ_PORT_USHORT
+    - READ_PORT_ULONG
+    - WRITE_PORT_UCHAR
+    - WRITE_PORT_USHORT
+    - WRITE_PORT_ULONG
+    - KeStallExecutionProcessor
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    - READ_PORT_UCHAR
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: cpuz.sys
+    MD5: 1f263a57c5ef46c8577744ecb32c9548
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: cpuz.sys
+    PDBPath: ''
+    Product: CPUID service
+    ProductVersion: 6.1.7600.16385
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: e4e4087a28aa184bfec6fed816265f7a
+        SHA1: 834c57180a11a8ca7657777a9ee5043b1b819efa
+        SHA256: a1a002a007e8a19ac259fef0d83bc4a4a9fb303698ac1fc1582012ef57e683ed
+    SHA1: 1d2ab091d5c0b6e5977f7fa5c4a7bfb8ea302dc7
+    SHA256: 019c2955e380dd5867c4b82361a8d8de62346ef91140c95cb311b84448c0fa4f
+    Sections:
+        .text:
+            Entropy: 6.262896725470616
+            Virtual Size: '0x3350'
+        .rdata:
+            Entropy: 4.618021448500837
+            Virtual Size: '0x304'
+        .data:
+            Entropy: 0.335842300318532
+            Virtual Size: '0x1e0'
+        INIT:
+            Entropy: 5.4213221492075805
+            Virtual Size: '0x406'
+        .rsrc:
+            Entropy: 3.3938887641350184
+            Virtual Size: '0x350'
+        .reloc:
+            Entropy: 5.637794770813551
+            Virtual Size: '0x29a'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=CPUID
+            ValidFrom: '2012-01-06 00:00:00'
+            ValidTo: '2015-02-06 23:59:59'
+            Signature: be6fb3b3b33e9108a9a2273d1cf5eb3209a8c3a86ba7d66069393587f6b451b75b327ea15d36b1604aad5509c0ace37fa66e220b35764b9c201169677738c06802d2f798383c256c690898a663b0aeb519491057f9f24149c513abba2a4cab9934a684e5d83a34105fe6681f2b85d5ee06332d1c05c3627758442fd2fc94f5f68bb30f085cb1d31174e1461394aeef7b124291a099654d1103df3deab81e9658b5b5cc817061d688ae39e702f1d0dd420d6de931bed331960e089233b8576482e48d5b769fdfa8df02e1d098912444b324057826e1f72c26f045b2479a9b39eadfd6b2e1bd6db4057ef6b12ca385cad9a7ad82c4414e619f97dfd08a55f59053
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 53c8b54713882d4d5439511804935e
+            Version: 3
+            TBS:
+                MD5: 49e7946e133b4aaa31899adb235d3fa9
+                SHA1: f9f38ec49a6ccb990805be6dda0efa5f7fe8f7e7
+                SHA256: 1bb998a806b890e3300be35de0daa1b691fa218ef3d58ee5ec1b43fd34250a74
+                SHA384: 0a2ca21b084e3b431a7150c49819934d64a8b259d5686706d879a90cc37d32005eb2bbe07558b312b1169ab8a3e3de39
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 53c8b54713882d4d5439511804935e
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 18b8de84bd7aa83fec79d2c6aaf0a4f5
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: d1eb0a36fc04d5bf8b62660efe85b8e0
+        SHA1: f89ee80906ca4cab7081f3e31e3456713cff842a
+        SHA256: e05b62738ebb09250227e87908d67a3fc74e4c684d5a86ef935243a6f0e06792
+    Company: CPUID
+    Copyright: Copyright(C) 2016 CPUID
+    CreationTimestamp: '2016-10-18 06:14:56'
+    Date: ''
+    Description: CPUID Driver
+    ExportedFunctions: ''
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeInitializeEvent
+    - RtlInitAnsiString
+    - MmUnmapIoSpace
+    - IoCancelIrp
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - RtlAnsiStringToUnicodeString
+    - IofCompleteRequest
+    - KeWaitForSingleObject
+    - PsGetVersion
+    - IoCreateSymbolicLink
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - IofCallDriver
+    - KeBugCheckEx
+    - ExFreePoolWithTag
+    - IoDeleteSymbolicLink
+    - IoBuildDeviceIoControlRequest
+    - MmMapIoSpace
+    - ExAllocatePoolWithTag
+    - RtlUnwindEx
+    - HalGetBusDataByOffset
+    - HalSetBusDataByOffset
+    - KeStallExecutionProcessor
+    - KeQueryPerformanceCounter
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: cpuz.sys
+    MD5: e0fb44aba5e7798f2dc637c6d1f6ca84
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: cpuz.sys
+    PDBPath: ''
+    Product: CPUID service
+    ProductVersion: 6.1.7600.16385
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: c046d6f14ec39d2a0f67a417bda83c5e
+        SHA1: 74661f1063b4c80566f75a1bee22c35f7af17fa9
+        SHA256: 440eebbdc09d290724d364056ba4e2725c75759819a6df0a1ed5c876ed7d2474
+    SHA1: 91ee32b464f6385fc8c44b867ca3dec665cbe886
+    SHA256: 73c03b01d5d1eb03ec5cb5a443714b12fa095cc4b09ddc34671a92117ae4bb3a
+    Sections:
+        .text:
+            Entropy: 6.2029653102798905
+            Virtual Size: '0x38b6'
+        .rdata:
+            Entropy: 4.171840682780765
+            Virtual Size: '0x464'
+        .data:
+            Entropy: 0.378703493487675
+            Virtual Size: '0x440'
+        .pdata:
+            Entropy: 3.6000408617955837
+            Virtual Size: '0xf0'
+        INIT:
+            Entropy: 5.116119018385266
+            Virtual Size: '0x40e'
+        .rsrc:
+            Entropy: 3.3889145139722916
+            Virtual Size: '0x350'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, CN=CPUID
+            ValidFrom: '2014-12-02 00:00:00'
+            ValidTo: '2018-03-02 23:59:59'
+            Signature: a59808b35f916a1201f0987b958aaaf50b81f3e507cf9d1b902bc22787244617e38069e4ca74bcf505dfdfeb6bad8bee2ecba26a428c2b26c9b9987241b50ccfd895a7335b35534c5569fdef2554d773cb3b20f10e08eeff2701d2a3e8ef7c5bb759baf1995d1580dce4f0c5da90eff4f07e01e7c9273b24c14c514f2ae1d1fe940dd53bfa25572cd6f3c007c7f21aebc58ea32ca3aea83c731419c9dcc191158cbb52b0b70545a16c9b42aadd4dcb167443d6c15fa03ae7f6f0f644845a69cb8badb3f143fd916a70c5008c3486d1f0cc8e0527f76da5aeaca4925f6eb6861dd54e1ce8b80e6b000446d77ac8bd0299e38db3b8e4a9c43294367cd6a55351d0
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 2d8021d84f098e7abde199f818e211a4
+            Version: 3
+            TBS:
+                MD5: 8f8c7ccf1ef7e1ee347f49e8266008ca
+                SHA1: b856b993df73da9d824aa1e5161788bd10d1e10e
+                SHA256: 1dd13a417806106c76cfbcd3614fe27a0638d2aaf2731f6a110c05043e34ad91
+                SHA384: d24ede407b82f80a6f0703b59af267f227a956c21f642f4c3d717d6999728ba2acfde76966340f4334f8ecdcf294616e
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 2d8021d84f098e7abde199f818e211a4
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 8f96c3ef5dda3fe697d4a4d6326dbe37
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 108039203e53320e01076d3f97e08108
+        SHA1: c90c328211afc28e3b931bc2a0541eb04afc4e2b
+        SHA256: d8e3548efca46a3aceca747622881843b170225957cffeacfd149c25907ecf2d
+    Company: CPUID
+    Copyright: Copyright(C) 2010 CPUID
+    CreationTimestamp: '2010-12-27 06:34:14'
+    Date: ''
+    Description: CPUID Driver
+    ExportedFunctions: ''
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - PsGetVersion
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeTickCount
+    - KeBugCheckEx
+    - IofCompleteRequest
+    - MmMapIoSpace
+    - MmUnmapIoSpace
+    - ProbeForWrite
+    - IoDeleteDevice
+    - RtlInitUnicodeString
+    - IoDeleteSymbolicLink
+    - RtlUnwindEx
+    - RtlPcToFileHeader
+    - READ_PORT_USHORT
+    - WRITE_PORT_ULONG
+    - HalGetBusDataByOffset
+    - HalSetBusDataByOffset
+    - READ_PORT_UCHAR
+    - HalCallPal
+    - WRITE_PORT_UCHAR
+    - KeStallExecutionProcessor
+    - WRITE_PORT_USHORT
+    - READ_PORT_ULONG
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: cpuz.sys
+    MD5: 2ff629de3667fcd606a0693951f1c1a9
+    MachineType: IA64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: cpuz.sys
+    PDBPath: ''
+    Product: CPUID service
+    ProductVersion: 6.1.7600.16385
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: d6643b31d447dc612fb7920d936baf5a
+        SHA1: 0d2acfebbfb9a35446bb9ff7b915c8ff514fd7dc
+        SHA256: 98f7bc08e99aa659bfb0295c09adf8ccfdb7f7ad8cc065cfb4f0732585c1855c
+    SHA1: 263181bc8c2c6af06b9a06d994e4b651c3ab1849
+    SHA256: d0543f0fdc589c921b47877041f01b17a534c67dcc7c5ad60beba8cf7e7bc9c6
+    Sections:
+        .text:
+            Entropy: 5.406379776247194
+            Virtual Size: '0x39c0'
+        .rdata:
+            Entropy: 4.144024587509795
+            Virtual Size: '0x3d8'
+        .pdata:
+            Entropy: 3.3263502634141657
+            Virtual Size: '0xb4'
+        .sdata:
+            Entropy: 1.1203888318125959
+            Virtual Size: '0x2a0'
+        INIT:
+            Entropy: 5.0324391219722715
+            Virtual Size: '0x3e8'
+        .rsrc:
+            Entropy: 3.3976217041631593
+            Virtual Size: '0x350'
+        .reloc:
+            Entropy: 0.9613220996213607
+            Virtual Size: '0x168'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=CPUID
+            ValidFrom: '2009-02-02 00:00:00'
+            ValidTo: '2012-02-07 23:59:59'
+            Signature: 9a9bbecb393272aaedfd7a125e0fe581151a18a75a4094e082a38156f62018b9d59edef27429bbea60d6e146a2ce134546d54e00b6585c1d85e3aedfb3b9a5de7728a96b2bcc26106655bae6bc5ce3a72714f9e23282a2fba29fc870b394e832f07dc50ded3a042953fe91379769e424398278b6ed14ae4f6b4cce5fa7ba20fc8d157a78fd308214d177189bcd76b2bd62a861a8c1562e2748f338f7369f0f062804685399a6655fcb4564a644e7a8bee8330557376884cce9153992e8e205bc1474dbd0109b3c87991db9bb77a9dff5775267390431ce56ff49500d8ad70be34a0d9a0b112e07eb55f0fe07de9ac93a0b30cb36029b5ec41e032daf66627d4e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
+            Version: 3
+            TBS:
+                MD5: fb72fa311261c4fb6a786e5cc7ce1d2f
+                SHA1: 1006abcf3b1eb43fd4cc42a2cc25346b3b9002c3
+                SHA256: 01beb7dc0d29b16a5506fc611b435aa0f4d9c50408ca404e91135e493a20890a
+                SHA384: 759175ad5a7509fc3ea3678d14e568abd0edeb753b53af88af04869bea98a07314b88c26de077ab3bdb6dbb1df1b93f9
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    Imphash: a2d936fa82b7340d28a697fb344046d8
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 950669044ae6c3dd58a6a849e9f28f3e
+        SHA1: cbd1db5f7ec7b980c68cb8eb2147009d53c890f1
+        SHA256: d130e3e052b09dc154c32c170c227f7baaf74fa7767943478876c744fc3d026d
+    Company: CPUID
+    Copyright: Copyright(C) 2017 CPUID
+    CreationTimestamp: '2017-05-22 02:17:11'
+    Date: ''
+    Description: CPUID Driver
+    ExportedFunctions: ''
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - IoGetDeviceObjectPointer
+    - RtlAnsiStringToUnicodeString
+    - RtlInitAnsiString
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - IoDeleteDevice
+    - ObfDereferenceObject
+    - RtlInitUnicodeString
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeTickCount
+    - KeBugCheckEx
+    - RtlFreeUnicodeString
+    - ExAllocatePoolWithTag
+    - ExFreePool
+    - IofCompleteRequest
+    - KeInitializeEvent
+    - IoBuildDeviceIoControlRequest
+    - IofCallDriver
+    - KeWaitForSingleObject
+    - IoCancelIrp
+    - IoDeleteSymbolicLink
+    - PsGetVersion
+    - RtlUnwind
+    - READ_PORT_USHORT
+    - READ_PORT_ULONG
+    - WRITE_PORT_UCHAR
+    - WRITE_PORT_USHORT
+    - WRITE_PORT_ULONG
+    - KeQueryPerformanceCounter
+    - KeStallExecutionProcessor
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    - READ_PORT_UCHAR
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: cpuz.sys
+    MD5: f3d14fcdb86db8d75416ce173c6061af
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: cpuz.sys
+    PDBPath: ''
+    Product: CPUID service
+    ProductVersion: 6.1.7600.16385
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: e10f1a83d333c2feb8a17b1906909a07
+        SHA1: f605fa8f10b2b64638f01715179b7588f4a6b727
+        SHA256: 9337693c714a35f8370e9a6d7aca13083a7e4c5dbbefdee250b06ae6cc63a06d
+    SHA1: 53f7a84a8cebe0e3f84894c6b9119466d1a8ddaf
+    SHA256: 368a9c2b6f12adbe2ba65181fb96f8b0d2241e4eae9f3ce3e20e50c3a3cc9aa1
+    Sections:
+        .text:
+            Entropy: 6.181544782176429
+            Virtual Size: '0x4940'
+        .rdata:
+            Entropy: 4.742804621694481
+            Virtual Size: '0x398'
+        .data:
+            Entropy: 0.13142343474404483
+            Virtual Size: '0x340'
+        INIT:
+            Entropy: 5.404799281494045
+            Virtual Size: '0x3fc'
+        .rsrc:
+            Entropy: 3.3973045624277542
+            Virtual Size: '0x350'
+        .reloc:
+            Entropy: 5.9931524634500075
+            Virtual Size: '0x2ee'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, CN=CPUID
+            ValidFrom: '2014-12-02 00:00:00'
+            ValidTo: '2018-03-02 23:59:59'
+            Signature: a59808b35f916a1201f0987b958aaaf50b81f3e507cf9d1b902bc22787244617e38069e4ca74bcf505dfdfeb6bad8bee2ecba26a428c2b26c9b9987241b50ccfd895a7335b35534c5569fdef2554d773cb3b20f10e08eeff2701d2a3e8ef7c5bb759baf1995d1580dce4f0c5da90eff4f07e01e7c9273b24c14c514f2ae1d1fe940dd53bfa25572cd6f3c007c7f21aebc58ea32ca3aea83c731419c9dcc191158cbb52b0b70545a16c9b42aadd4dcb167443d6c15fa03ae7f6f0f644845a69cb8badb3f143fd916a70c5008c3486d1f0cc8e0527f76da5aeaca4925f6eb6861dd54e1ce8b80e6b000446d77ac8bd0299e38db3b8e4a9c43294367cd6a55351d0
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 2d8021d84f098e7abde199f818e211a4
+            Version: 3
+            TBS:
+                MD5: 8f8c7ccf1ef7e1ee347f49e8266008ca
+                SHA1: b856b993df73da9d824aa1e5161788bd10d1e10e
+                SHA256: 1dd13a417806106c76cfbcd3614fe27a0638d2aaf2731f6a110c05043e34ad91
+                SHA384: d24ede407b82f80a6f0703b59af267f227a956c21f642f4c3d717d6999728ba2acfde76966340f4334f8ecdcf294616e
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 2d8021d84f098e7abde199f818e211a4
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: b1e749ba779687a5127817da3d47af2c
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 745331465ad7efbf60b10ca71983dab7
+        SHA1: 2b1530f09d95ce711c803af896706039e48d1f48
+        SHA256: 2815c91fe5053899593cec83218b8dff85cfd85cea667dbbf2153cbc3cde000f
+    Company: CPUID
+    Copyright: Copyright(C) 2016 CPUID
+    CreationTimestamp: '2016-11-22 06:21:24'
+    Date: ''
+    Description: CPUID Driver
+    ExportedFunctions: ''
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - IoGetDeviceObjectPointer
+    - RtlAnsiStringToUnicodeString
+    - RtlInitAnsiString
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - IoDeleteDevice
+    - ObfDereferenceObject
+    - RtlInitUnicodeString
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeTickCount
+    - KeBugCheckEx
+    - RtlFreeUnicodeString
+    - ExAllocatePoolWithTag
+    - ExFreePool
+    - IofCompleteRequest
+    - KeInitializeEvent
+    - IoBuildDeviceIoControlRequest
+    - IofCallDriver
+    - KeWaitForSingleObject
+    - IoCancelIrp
+    - IoDeleteSymbolicLink
+    - PsGetVersion
+    - RtlUnwind
+    - READ_PORT_USHORT
+    - READ_PORT_ULONG
+    - WRITE_PORT_UCHAR
+    - WRITE_PORT_USHORT
+    - WRITE_PORT_ULONG
+    - KeQueryPerformanceCounter
+    - KeStallExecutionProcessor
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    - READ_PORT_UCHAR
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: cpuz.sys
+    MD5: 7c4e513702a0322b0e3bce29dea9e3e9
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: cpuz.sys
+    PDBPath: ''
+    Product: CPUID service
+    ProductVersion: 6.1.7600.16385
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: e10f1a83d333c2feb8a17b1906909a07
+        SHA1: f605fa8f10b2b64638f01715179b7588f4a6b727
+        SHA256: 9337693c714a35f8370e9a6d7aca13083a7e4c5dbbefdee250b06ae6cc63a06d
+    SHA1: 14c9cd9e2cf2b0aae56c46ff9ad1c89a8a980050
+    SHA256: b0f6cd34717d0cea5ab394b39a9de3a479ca472a071540a595117219d9a61a44
+    Sections:
+        .text:
+            Entropy: 6.234079240129433
+            Virtual Size: '0x3cd0'
+        .rdata:
+            Entropy: 4.651206288846307
+            Virtual Size: '0x32c'
+        .data:
+            Entropy: 0.13142343474404483
+            Virtual Size: '0x340'
+        INIT:
+            Entropy: 5.398598432524642
+            Virtual Size: '0x3fc'
+        .rsrc:
+            Entropy: 3.388914513972292
+            Virtual Size: '0x350'
+        .reloc:
+            Entropy: 5.848287650494908
+            Virtual Size: '0x296'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, CN=CPUID
+            ValidFrom: '2014-12-02 00:00:00'
+            ValidTo: '2018-03-02 23:59:59'
+            Signature: a59808b35f916a1201f0987b958aaaf50b81f3e507cf9d1b902bc22787244617e38069e4ca74bcf505dfdfeb6bad8bee2ecba26a428c2b26c9b9987241b50ccfd895a7335b35534c5569fdef2554d773cb3b20f10e08eeff2701d2a3e8ef7c5bb759baf1995d1580dce4f0c5da90eff4f07e01e7c9273b24c14c514f2ae1d1fe940dd53bfa25572cd6f3c007c7f21aebc58ea32ca3aea83c731419c9dcc191158cbb52b0b70545a16c9b42aadd4dcb167443d6c15fa03ae7f6f0f644845a69cb8badb3f143fd916a70c5008c3486d1f0cc8e0527f76da5aeaca4925f6eb6861dd54e1ce8b80e6b000446d77ac8bd0299e38db3b8e4a9c43294367cd6a55351d0
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 2d8021d84f098e7abde199f818e211a4
+            Version: 3
+            TBS:
+                MD5: 8f8c7ccf1ef7e1ee347f49e8266008ca
+                SHA1: b856b993df73da9d824aa1e5161788bd10d1e10e
+                SHA256: 1dd13a417806106c76cfbcd3614fe27a0638d2aaf2731f6a110c05043e34ad91
+                SHA384: d24ede407b82f80a6f0703b59af267f227a956c21f642f4c3d717d6999728ba2acfde76966340f4334f8ecdcf294616e
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 2d8021d84f098e7abde199f818e211a4
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: b1e749ba779687a5127817da3d47af2c
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 24667fcd9e65bf7b55094d71f468d5ef
+        SHA1: 3ec2f25de7dda0cdcec50b8288c4beb13af50602
+        SHA256: f291f251d8ffc6c6c2f69b62e8d1153bdb83f54cf60ef9a4c6235db87bfb2c1a
+    Company: CPUID
+    Copyright: Copyright(C) 2013 CPUID
+    CreationTimestamp: '2013-11-27 03:37:05'
+    Date: ''
+    Description: CPUID Driver
+    ExportedFunctions: ''
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - IofCompleteRequest
+    - ExFreePool
+    - ExAllocatePoolWithTag
+    - RtlFreeUnicodeString
+    - ObfDereferenceObject
+    - MmIsAddressValid
+    - IoGetDeviceObjectPointer
+    - MmUnmapIoSpace
+    - RtlInitAnsiString
+    - MmMapIoSpace
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - RtlUnwind
+    - KeTickCount
+    - KeBugCheckEx
+    - RtlInitUnicodeString
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - PsGetVersion
+    - KeInitializeEvent
+    - IoBuildDeviceIoControlRequest
+    - IofCallDriver
+    - KeWaitForSingleObject
+    - RtlAnsiStringToUnicodeString
+    - IoCancelIrp
+    - READ_PORT_USHORT
+    - READ_PORT_ULONG
+    - WRITE_PORT_UCHAR
+    - WRITE_PORT_USHORT
+    - WRITE_PORT_ULONG
+    - HalGetBusDataByOffset
+    - HalSetBusDataByOffset
+    - KeStallExecutionProcessor
+    - READ_PORT_UCHAR
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: cpuz.sys
+    MD5: 65c069af3875494ec686afbb0c3da399
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: cpuz.sys
+    PDBPath: ''
+    Product: CPUID service
+    ProductVersion: 6.1.7600.16385
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 41f15d0f328a165973b49de608ef72a2
+        SHA1: abcd9850775bd0a1a855e785a238e0e69525810f
+        SHA256: 02dc44b04a6426fcaedf26995bfa471f123a90a9c747e82cebaf95f394890631
+    SHA1: 30846313e3387298f1f81c694102133568d6d48d
+    SHA256: b738eab6f3e32cec59d5f53c12f13862429d3db6756212bbcd78ba4b4dbc234c
+    Sections:
+        .text:
+            Entropy: 6.1967437745841645
+            Virtual Size: '0x2e80'
+        .rdata:
+            Entropy: 4.639110906957436
+            Virtual Size: '0x2e8'
+        .data:
+            Entropy: 0.335842300318532
+            Virtual Size: '0x1e0'
+        INIT:
+            Entropy: 5.41983369153965
+            Virtual Size: '0x3f4'
+        .rsrc:
+            Entropy: 3.391941258882184
+            Virtual Size: '0x350'
+        .reloc:
+            Entropy: 5.678413796604456
+            Virtual Size: '0x26e'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=CPUID
+            ValidFrom: '2012-01-06 00:00:00'
+            ValidTo: '2015-02-06 23:59:59'
+            Signature: be6fb3b3b33e9108a9a2273d1cf5eb3209a8c3a86ba7d66069393587f6b451b75b327ea15d36b1604aad5509c0ace37fa66e220b35764b9c201169677738c06802d2f798383c256c690898a663b0aeb519491057f9f24149c513abba2a4cab9934a684e5d83a34105fe6681f2b85d5ee06332d1c05c3627758442fd2fc94f5f68bb30f085cb1d31174e1461394aeef7b124291a099654d1103df3deab81e9658b5b5cc817061d688ae39e702f1d0dd420d6de931bed331960e089233b8576482e48d5b769fdfa8df02e1d098912444b324057826e1f72c26f045b2479a9b39eadfd6b2e1bd6db4057ef6b12ca385cad9a7ad82c4414e619f97dfd08a55f59053
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 53c8b54713882d4d5439511804935e
+            Version: 3
+            TBS:
+                MD5: 49e7946e133b4aaa31899adb235d3fa9
+                SHA1: f9f38ec49a6ccb990805be6dda0efa5f7fe8f7e7
+                SHA256: 1bb998a806b890e3300be35de0daa1b691fa218ef3d58ee5ec1b43fd34250a74
+                SHA384: 0a2ca21b084e3b431a7150c49819934d64a8b259d5686706d879a90cc37d32005eb2bbe07558b312b1169ab8a3e3de39
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 53c8b54713882d4d5439511804935e
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 958dd67f866ae27cf716e30a025b266f
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 66db76d5c4711c1e3df120bcdeaba312
+        SHA1: 5f1c6923e6bcf737084683893718367858b4cc73
+        SHA256: 4d29b1c2fff1a67d911229f36570e3d9b1cab0397d2cbc858b665403f1add3a3
+    Company: Windows (R) Codename Longhorn DDK provider
+    Copyright: "\xA9 Microsoft Corporation. All rights reserved."
+    CreationTimestamp: '2009-03-26 17:16:27'
+    Date: ''
+    Description: CPUID Driver
+    ExportedFunctions: ''
+    FileVersion: '6.0.6000.16386 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - IofCompleteRequest
+    - RtlFreeUnicodeString
+    - ObfDereferenceObject
+    - MmIsAddressValid
+    - IoGetDeviceObjectPointer
+    - RtlAnsiStringToUnicodeString
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - ProbeForWrite
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeTickCount
+    - KeBugCheckEx
+    - RtlInitUnicodeString
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - PsGetVersion
+    - KeInitializeEvent
+    - IoBuildDeviceIoControlRequest
+    - IofCallDriver
+    - RtlInitAnsiString
+    - KeWaitForSingleObject
+    - RtlUnwind
+    - READ_PORT_USHORT
+    - READ_PORT_ULONG
+    - WRITE_PORT_UCHAR
+    - WRITE_PORT_USHORT
+    - WRITE_PORT_ULONG
+    - HalGetBusDataByOffset
+    - HalSetBusDataByOffset
+    - READ_PORT_UCHAR
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: cpuz.sys
+    MD5: c5e7e8ca0d76a13a568901b6b304c3ba
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: cpuz.sys
+    PDBPath: ''
+    Product: Windows (R) Codename Longhorn DDK driver
+    ProductVersion: 6.0.6000.16386
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: eb3173fd99b2078342df233d00679c5d
+        SHA1: 3fc02e77ee0ab701a737089132a6bb46f16235cb
+        SHA256: 2b81787128c9aa04aa108fde22892da6d4bcbe6939bcf8161b589c4a96fb1183
+    SHA1: b7a2f2760f9819cb242b2e4f5b7bab0a65944c81
+    SHA256: 8e92aacd60fca1f09b7257e62caf0692794f5d741c5d1eec89d841e87f2c359c
+    Sections:
+        .text:
+            Entropy: 6.225521838174455
+            Virtual Size: '0x1de0'
+        .rdata:
+            Entropy: 4.461996500807114
+            Virtual Size: '0x2e0'
+        .data:
+            Entropy: 0.22396935932252834
+            Virtual Size: '0x1c0'
+        INIT:
+            Entropy: 5.494689782586933
+            Virtual Size: '0x3a0'
+        .rsrc:
+            Entropy: 3.398166168635772
+            Virtual Size: '0x400'
+        .reloc:
+            Entropy: 5.750244250493869
+            Virtual Size: '0x1f4'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=CPUID
+            ValidFrom: '2009-02-02 00:00:00'
+            ValidTo: '2012-02-07 23:59:59'
+            Signature: 9a9bbecb393272aaedfd7a125e0fe581151a18a75a4094e082a38156f62018b9d59edef27429bbea60d6e146a2ce134546d54e00b6585c1d85e3aedfb3b9a5de7728a96b2bcc26106655bae6bc5ce3a72714f9e23282a2fba29fc870b394e832f07dc50ded3a042953fe91379769e424398278b6ed14ae4f6b4cce5fa7ba20fc8d157a78fd308214d177189bcd76b2bd62a861a8c1562e2748f338f7369f0f062804685399a6655fcb4564a644e7a8bee8330557376884cce9153992e8e205bc1474dbd0109b3c87991db9bb77a9dff5775267390431ce56ff49500d8ad70be34a0d9a0b112e07eb55f0fe07de9ac93a0b30cb36029b5ec41e032daf66627d4e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
+            Version: 3
+            TBS:
+                MD5: fb72fa311261c4fb6a786e5cc7ce1d2f
+                SHA1: 1006abcf3b1eb43fd4cc42a2cc25346b3b9002c3
+                SHA256: 01beb7dc0d29b16a5506fc611b435aa0f4d9c50408ca404e91135e493a20890a
+                SHA384: 759175ad5a7509fc3ea3678d14e568abd0edeb753b53af88af04869bea98a07314b88c26de077ab3bdb6dbb1df1b93f9
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    Imphash: 69dbb4c8bbe4d8c2e1493f82170b93c4
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 3a7c1ab3c7376492586cf10657e0b914
+        SHA1: e4061096700b51ecc4dbdff6b4dc1e8e640fd7ae
+        SHA256: 4c03f7e80857630277d292ad7324541cad38f652a199d94bc18a10aef98c8bfa
+    Company: CPUID
+    Copyright: Copyright(C) 2014 CPUID
+    CreationTimestamp: '2015-10-07 02:25:28'
+    Date: ''
+    Description: CPUID Driver
+    ExportedFunctions: ''
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - RtlAnsiStringToUnicodeString
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeInitializeEvent
+    - RtlInitAnsiString
+    - MmUnmapIoSpace
+    - IoCancelIrp
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - ExFreePoolWithTag
+    - IofCompleteRequest
+    - KeWaitForSingleObject
+    - PsGetVersion
+    - IoCreateSymbolicLink
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - IofCallDriver
+    - KeBugCheckEx
+    - IoDeleteSymbolicLink
+    - IoBuildDeviceIoControlRequest
+    - MmMapIoSpace
+    - ExAllocatePoolWithTag
+    - RtlUnwindEx
+    - HalSetBusDataByOffset
+    - KeStallExecutionProcessor
+    - HalGetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: cpuz.sys
+    MD5: 0d4306983e694c1f34920bae12d887e6
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: cpuz.sys
+    PDBPath: ''
+    Product: CPUID service
+    ProductVersion: 6.1.7600.16385
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: b3dcf662ce69ad7b34717fb6aecf09a7
+        SHA1: 63be2c28ecee71a739bfbaf38466362e998bc5bc
+        SHA256: f4257b7e95b00b38e446b2708cc342fe32846266064b94c78ec1f987731c2226
+    SHA1: deaf7d0c934cc428981ffa5bf528ca920bc692dc
+    SHA256: 8d6febd54ce0c98ea3653e582f7791061923a9a4842bd4a1326564204431ca9f
+    Sections:
+        .text:
+            Entropy: 6.187068215362904
+            Virtual Size: '0x30c6'
+        .rdata:
+            Entropy: 4.21132054612556
+            Virtual Size: '0x424'
+        .data:
+            Entropy: 0.378703493487675
+            Virtual Size: '0x2c0'
+        .pdata:
+            Entropy: 3.5511621274596537
+            Virtual Size: '0xd8'
+        INIT:
+            Entropy: 5.131854482283732
+            Virtual Size: '0x3ea'
+        .rsrc:
+            Entropy: 3.3971374522271924
+            Virtual Size: '0x350'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: ??=Private Organization, ??=FR, serialNumber=493 590 202, ??=39
+                rue Joseph Jacquard, postalCode=59240, C=FR, L=Dunkerque, O=CPUID,
+                CN=CPUID
+            ValidFrom: '2015-09-11 00:00:00'
+            ValidTo: '2018-09-19 12:00:00'
+            Signature: 4963c1597fb6f142ae83559d5a70e5bd09f92fdf2ddd16d93c77e91b10c52ef9e1032654515997dafd19e3b078e8c841ebde628e2f77b29c898d0612e2b7b1b3fec6a5cd93d9588494010e4e42b60d5d89d5ee4ee403228155cde73c1bdb770e65a7262a5c7cfa0914836d876a77698e88ac46b162a6326c79e62a857737571b64ab9d19556e6cfb7fcc5b32d340ef3872a7d9736575265b78b702652bd8621bb9b678a4768cbf78d6eba0d1370ad0f3e3e7d7d91e666627c9a0a30c548ed97fb9aca358aa0476ba2f1d475e956bf29123c59dce2c119d56603c42706f0c88efc1cd913e5dcba0130840eb86968290cd55f93b90466e8710bafd4111f67f04ba
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 07ef902f309d9df93e5124fa3ee5dae2
+            Version: 3
+            TBS:
+                MD5: aa06717c45e9e49a8c1e001c66edd9fa
+                SHA1: 6a150d1cba59e4090bf9169a333e0fb226ed5472
+                SHA256: 6dde4dd03be027a9ce82b9337559c984377a7a7f3f589d575726bfcbb806afdb
+                SHA384: b9bef10fc28980514e23d13d0fe6d5f43b3e4a2dff24049d6cef3c3fb955e071e1d1128c71c12c5a3bf09cc107782600
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA (SHA2)
+            ValidFrom: '2012-04-18 12:00:00'
+            ValidTo: '2027-04-18 12:00:00'
+            Signature: 19334a0c813337dbad36c9e4c93abbb51b2e7aa2e2f44342179ebf4ea14de1b1dbe981dd9f01f2e488d5e9fe09fd21c1ec5d80d2f0d6c143c2fe772bdbf9d79133ce6cd5b2193be62ed6c9934f88408ecde1f57ef10fc6595672e8eb6a41bd1cd546d57c49ca663815c1bfe091707787dcc98d31c90c29a233ed8de287cd898d3f1bffd5e01a978b7cda6dfba8c6b23a666b7b01b3cdd8a634ec1201ab9558a5c45357a860e6e70212a0b92364a24dbb7c81256421becfee42184397bba53706af4dff26a54d614bec4641b865ceb8799e08960b818c8a3b8fc7998ca32a6e986d5e61c696b78ab9612d93b8eb0e0443d7f5fea6f062d4996aa5c1c1f0649480
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 03f1b4e15f3a82f1149678b3d7d8475c
+            Version: 3
+            TBS:
+                MD5: 83f5de89f641d0fbf60248e10a7b9534
+                SHA1: 382a73a059a08698d6eb98c87e1b36fc750933a4
+                SHA256: eec58131dc11cd7f512501b15fdbc6074c603b68ca91f7162d5a042054edb0cf
+                SHA384: 4a25018683cabfb8ec2cad136334f37f33c89aa8540326322991d997c8adfb7faf06ab602ebd46630fe75fe3d2edc6b1
+        Signer:
+        -   SerialNumber: 07ef902f309d9df93e5124fa3ee5dae2
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA (SHA2)
+            Version: 1
+    Imphash: f12ae9073d95c22ed89247253d59f500
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 97c040bf9611bc00ca2b18f5ec3b222a
+        SHA1: 5b59766ad52fb4a123a52452b088084b9536da11
+        SHA256: 330941d4b4c310814278afb3d07f7191470c7da06f694342797dc6a2eb37c5be
+    Company: CPUID
+    Copyright: Copyright(C) 2010 CPUID
+    CreationTimestamp: '2011-01-19 09:45:17'
+    Date: ''
+    Description: CPUID Driver
+    ExportedFunctions: ''
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - IofCompleteRequest
+    - ExFreePool
+    - ExAllocatePoolWithTag
+    - RtlFreeUnicodeString
+    - ObfDereferenceObject
+    - MmIsAddressValid
+    - IoGetDeviceObjectPointer
+    - MmUnmapIoSpace
+    - RtlInitAnsiString
+    - MmMapIoSpace
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - RtlUnwind
+    - KeTickCount
+    - KeBugCheckEx
+    - RtlInitUnicodeString
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - PsGetVersion
+    - KeInitializeEvent
+    - IoBuildDeviceIoControlRequest
+    - IofCallDriver
+    - KeWaitForSingleObject
+    - RtlAnsiStringToUnicodeString
+    - IoCancelIrp
+    - READ_PORT_USHORT
+    - READ_PORT_ULONG
+    - WRITE_PORT_UCHAR
+    - WRITE_PORT_USHORT
+    - WRITE_PORT_ULONG
+    - HalGetBusDataByOffset
+    - HalSetBusDataByOffset
+    - KeStallExecutionProcessor
+    - READ_PORT_UCHAR
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: cpuz.sys
+    MD5: 6bada94085b6709694f8327c211d12e1
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: cpuz.sys
+    PDBPath: ''
+    Product: CPUID service
+    ProductVersion: 6.1.7600.16385
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 41f15d0f328a165973b49de608ef72a2
+        SHA1: abcd9850775bd0a1a855e785a238e0e69525810f
+        SHA256: 02dc44b04a6426fcaedf26995bfa471f123a90a9c747e82cebaf95f394890631
+    SHA1: c0a8e45e57bb6d82524417d6fb7e955ab95621c0
+    SHA256: c8f0bb5d8836e21e7a22a406c69c01ba7d512a808c37c45088575d548ee25caa
+    Sections:
+        .text:
+            Entropy: 6.19967111253336
+            Virtual Size: '0x26c0'
+        .rdata:
+            Entropy: 4.5178451814893545
+            Virtual Size: '0x300'
+        .data:
+            Entropy: 0.335842300318532
+            Virtual Size: '0x1e0'
+        INIT:
+            Entropy: 5.42180997612463
+            Virtual Size: '0x3f4'
+        .rsrc:
+            Entropy: 3.3927376128305218
+            Virtual Size: '0x350'
+        .reloc:
+            Entropy: 5.451103698521333
+            Virtual Size: '0x250'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=CPUID
+            ValidFrom: '2009-02-02 00:00:00'
+            ValidTo: '2012-02-07 23:59:59'
+            Signature: 9a9bbecb393272aaedfd7a125e0fe581151a18a75a4094e082a38156f62018b9d59edef27429bbea60d6e146a2ce134546d54e00b6585c1d85e3aedfb3b9a5de7728a96b2bcc26106655bae6bc5ce3a72714f9e23282a2fba29fc870b394e832f07dc50ded3a042953fe91379769e424398278b6ed14ae4f6b4cce5fa7ba20fc8d157a78fd308214d177189bcd76b2bd62a861a8c1562e2748f338f7369f0f062804685399a6655fcb4564a644e7a8bee8330557376884cce9153992e8e205bc1474dbd0109b3c87991db9bb77a9dff5775267390431ce56ff49500d8ad70be34a0d9a0b112e07eb55f0fe07de9ac93a0b30cb36029b5ec41e032daf66627d4e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
+            Version: 3
+            TBS:
+                MD5: fb72fa311261c4fb6a786e5cc7ce1d2f
+                SHA1: 1006abcf3b1eb43fd4cc42a2cc25346b3b9002c3
+                SHA256: 01beb7dc0d29b16a5506fc611b435aa0f4d9c50408ca404e91135e493a20890a
+                SHA384: 759175ad5a7509fc3ea3678d14e568abd0edeb753b53af88af04869bea98a07314b88c26de077ab3bdb6dbb1df1b93f9
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    Imphash: 958dd67f866ae27cf716e30a025b266f
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: a6e1b2eb9fb061a48b9ea73a038b2b7d
+        SHA1: e94ab819d118852912afc39c61dd332664a02835
+        SHA256: 43eeac44acc2f0aefc02522f1d203b37798fec9232d5b6c5d266badc118a1d8b
+    Company: CPUID
+    Copyright: Copyright(C) 2010 CPUID
+    CreationTimestamp: '2011-01-19 09:46:02'
+    Date: ''
+    Description: CPUID Driver
+    ExportedFunctions: ''
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - PsGetVersion
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeTickCount
+    - KeBugCheckEx
+    - IofCompleteRequest
+    - MmMapIoSpace
+    - MmUnmapIoSpace
+    - ProbeForWrite
+    - IoDeleteDevice
+    - RtlInitUnicodeString
+    - IoDeleteSymbolicLink
+    - __C_specific_handler
+    - READ_PORT_USHORT
+    - WRITE_PORT_ULONG
+    - HalGetBusDataByOffset
+    - HalSetBusDataByOffset
+    - READ_PORT_UCHAR
+    - HalCallPal
+    - WRITE_PORT_UCHAR
+    - KeStallExecutionProcessor
+    - WRITE_PORT_USHORT
+    - READ_PORT_ULONG
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: cpuz.sys
+    MD5: 212bfd1ef00e199a365aeb74a8182609
+    MachineType: IA64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: cpuz.sys
+    PDBPath: ''
+    Product: CPUID service
+    ProductVersion: 6.1.7600.16385
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 3e05f63a445c98b6831d9476006337f7
+        SHA1: 08c8e06efd3136ae964f86be406389c47f74e4dd
+        SHA256: e5965588f92317c7d220193aa42f12d30bae66f0008f4831568b8131edeeb70a
+    SHA1: 90d73db752eac6ffc53555281fc5aa92297285ec
+    SHA256: b9695940f72e3ed5d7369fb32958e2146abd29d5895d91ccc22dfbcc9485b78b
+    Sections:
+        .text:
+            Entropy: 5.396602101057036
+            Virtual Size: '0x3130'
+        .rdata:
+            Entropy: 4.1537172213595825
+            Virtual Size: '0x348'
+        .pdata:
+            Entropy: 3.2551039363088288
+            Virtual Size: '0x84'
+        .sdata:
+            Entropy: 1.055945444608438
+            Virtual Size: '0x260'
+        INIT:
+            Entropy: 5.06628585370835
+            Virtual Size: '0x3d6'
+        .rsrc:
+            Entropy: 3.3976217041631593
+            Virtual Size: '0x350'
+        .reloc:
+            Entropy: 1.042907998495935
+            Virtual Size: '0x146'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=CPUID
+            ValidFrom: '2009-02-02 00:00:00'
+            ValidTo: '2012-02-07 23:59:59'
+            Signature: 9a9bbecb393272aaedfd7a125e0fe581151a18a75a4094e082a38156f62018b9d59edef27429bbea60d6e146a2ce134546d54e00b6585c1d85e3aedfb3b9a5de7728a96b2bcc26106655bae6bc5ce3a72714f9e23282a2fba29fc870b394e832f07dc50ded3a042953fe91379769e424398278b6ed14ae4f6b4cce5fa7ba20fc8d157a78fd308214d177189bcd76b2bd62a861a8c1562e2748f338f7369f0f062804685399a6655fcb4564a644e7a8bee8330557376884cce9153992e8e205bc1474dbd0109b3c87991db9bb77a9dff5775267390431ce56ff49500d8ad70be34a0d9a0b112e07eb55f0fe07de9ac93a0b30cb36029b5ec41e032daf66627d4e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
+            Version: 3
+            TBS:
+                MD5: fb72fa311261c4fb6a786e5cc7ce1d2f
+                SHA1: 1006abcf3b1eb43fd4cc42a2cc25346b3b9002c3
+                SHA256: 01beb7dc0d29b16a5506fc611b435aa0f4d9c50408ca404e91135e493a20890a
+                SHA384: 759175ad5a7509fc3ea3678d14e568abd0edeb753b53af88af04869bea98a07314b88c26de077ab3bdb6dbb1df1b93f9
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    Imphash: f0820e8f674e44e5c2a3f899ec561c1d
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: d9d45430dc3fb1c7154c109f9d85d70e
+        SHA1: 4f52e85725556496f9102bba0fdf9d13f721c675
+        SHA256: 90f5962e6b2342eae05dc8f4c34d5291742537248587ccf6ac298691806a4517
+    Company: CPUID
+    Copyright: Copyright(C) 2010 CPUID
+    CreationTimestamp: '2012-08-11 01:45:54'
+    Description: CPUID Driver
+    ExportedFunctions: ''
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Filename: cpuz.sys
+    ImportedFunctions:
+    - IofCompleteRequest
+    - ExFreePool
+    - ExAllocatePoolWithTag
+    - RtlFreeUnicodeString
+    - ObfDereferenceObject
+    - MmIsAddressValid
+    - IoGetDeviceObjectPointer
+    - RtlAnsiStringToUnicodeString
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - DbgPrint
+    - RtlUnwind
+    - KeTickCount
+    - KeBugCheckEx
+    - RtlInitUnicodeString
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - PsGetVersion
+    - KeInitializeEvent
+    - IoBuildDeviceIoControlRequest
+    - IofCallDriver
+    - KeWaitForSingleObject
+    - RtlInitAnsiString
+    - IoCancelIrp
+    - READ_PORT_USHORT
+    - READ_PORT_ULONG
+    - WRITE_PORT_UCHAR
+    - WRITE_PORT_USHORT
+    - WRITE_PORT_ULONG
+    - HalGetBusDataByOffset
+    - HalSetBusDataByOffset
+    - KeStallExecutionProcessor
+    - READ_PORT_UCHAR
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: cpuz.sys
+    MD5: a89ca92145fc330adced0dd005421183
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: cpuz.sys
+    Product: CPUID service
+    ProductVersion: 6.1.7600.16385
+    RichPEHeaderHash:
+        MD5: 573ac9a3fc69d00f19723f196162680e
+        SHA1: 7e21d51681f265bad20f1db06cd0831b80d4fed2
+        SHA256: 79749e2d14cda7629ae1b8bdc88101418cb5a099b93137ea76824b0246209519
+    SHA1: e33eac9d3b9b5c0db3db096332f059bf315a2343
+    SHA256: 0d3790af5f8e5c945410929e31d06144a471ac82f828afe89a4758a5bbeb7f9f
+    Sections:
+        .text:
+            Entropy: 6.222402374512635
+            Virtual Size: '0x2780'
+        .rdata:
+            Entropy: 4.5251453594439255
+            Virtual Size: '0x300'
+        .data:
+            Entropy: 0.335842300318532
+            Virtual Size: '0x1e0'
+        INIT:
+            Entropy: 5.423515041101043
+            Virtual Size: '0x404'
+        .rsrc:
+            Entropy: 3.3927376128305218
+            Virtual Size: '0x350'
+        .reloc:
+            Entropy: 5.4807357701963335
+            Virtual Size: '0x258'
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G3
+            ValidFrom: '2012-05-01 00:00:00'
+            ValidTo: '2012-12-31 23:59:59'
+            Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
+            Version: 3
+            TBS:
+                MD5: e6d820afb23af20a65cf0b03247ea05e
+                SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
+                SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
+                SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=CPUID
+            ValidFrom: '2012-01-06 00:00:00'
+            ValidTo: '2015-02-06 23:59:59'
+            Signature: be6fb3b3b33e9108a9a2273d1cf5eb3209a8c3a86ba7d66069393587f6b451b75b327ea15d36b1604aad5509c0ace37fa66e220b35764b9c201169677738c06802d2f798383c256c690898a663b0aeb519491057f9f24149c513abba2a4cab9934a684e5d83a34105fe6681f2b85d5ee06332d1c05c3627758442fd2fc94f5f68bb30f085cb1d31174e1461394aeef7b124291a099654d1103df3deab81e9658b5b5cc817061d688ae39e702f1d0dd420d6de931bed331960e089233b8576482e48d5b769fdfa8df02e1d098912444b324057826e1f72c26f045b2479a9b39eadfd6b2e1bd6db4057ef6b12ca385cad9a7ad82c4414e619f97dfd08a55f59053
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 53c8b54713882d4d5439511804935e
+            Version: 3
+            TBS:
+                MD5: 49e7946e133b4aaa31899adb235d3fa9
+                SHA1: f9f38ec49a6ccb990805be6dda0efa5f7fe8f7e7
+                SHA256: 1bb998a806b890e3300be35de0daa1b691fa218ef3d58ee5ec1b43fd34250a74
+                SHA384: 0a2ca21b084e3b431a7150c49819934d64a8b259d5686706d879a90cc37d32005eb2bbe07558b312b1169ab8a3e3de39
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 53c8b54713882d4d5439511804935e
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: a0a13575e37906924a0b79043b4005c6
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 0fef96c1d46145af32eb6993faa6e496
+        SHA1: 4d26356a4a48d492b00845a7ac1bb27a92f95871
+        SHA256: 0aa61910c3ceb765441c35925a50983b2571ac22da510f1495cf82f078b535b6
+    Company: CPUID
+    Copyright: Copyright(C) 2010 CPUID
+    CreationTimestamp: '2012-03-09 01:55:45'
+    Description: CPUID Driver
+    ExportedFunctions: ''
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Filename: cpuz.sys
+    ImportedFunctions:
+    - IofCompleteRequest
+    - ExFreePool
+    - ExAllocatePoolWithTag
+    - RtlFreeUnicodeString
+    - ObfDereferenceObject
+    - MmIsAddressValid
+    - IoGetDeviceObjectPointer
+    - MmUnmapIoSpace
+    - RtlInitAnsiString
+    - MmMapIoSpace
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - RtlUnwind
+    - KeTickCount
+    - KeBugCheckEx
+    - RtlInitUnicodeString
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - PsGetVersion
+    - KeInitializeEvent
+    - IoBuildDeviceIoControlRequest
+    - IofCallDriver
+    - KeWaitForSingleObject
+    - RtlAnsiStringToUnicodeString
+    - IoCancelIrp
+    - READ_PORT_USHORT
+    - READ_PORT_ULONG
+    - WRITE_PORT_UCHAR
+    - WRITE_PORT_USHORT
+    - WRITE_PORT_ULONG
+    - HalGetBusDataByOffset
+    - HalSetBusDataByOffset
+    - KeStallExecutionProcessor
+    - READ_PORT_UCHAR
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: cpuz.sys
+    MD5: 26ce59f9fc8639fd7fed53ce3b785015
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: cpuz.sys
+    Product: CPUID service
+    ProductVersion: 6.1.7600.16385
+    RichPEHeaderHash:
+        MD5: 41f15d0f328a165973b49de608ef72a2
+        SHA1: abcd9850775bd0a1a855e785a238e0e69525810f
+        SHA256: 02dc44b04a6426fcaedf26995bfa471f123a90a9c747e82cebaf95f394890631
+    SHA1: 2bf6b88b84d27cdf0699d6d18b08a1b36310cdd1
+    SHA256: 11d258e05b850dcc9ecfacccc9486e54bd928aaa3d5e9942696c323fdbd3481b
+    Sections:
+        .text:
+            Entropy: 6.217408305730309
+            Virtual Size: '0x2750'
+        .rdata:
+            Entropy: 4.55489113332384
+            Virtual Size: '0x2f0'
+        .data:
+            Entropy: 0.335842300318532
+            Virtual Size: '0x1e0'
+        INIT:
+            Entropy: 5.41983369153965
+            Virtual Size: '0x3f4'
+        .rsrc:
+            Entropy: 3.3927376128305218
+            Virtual Size: '0x350'
+        .reloc:
+            Entropy: 5.5051908528223255
+            Virtual Size: '0x254'
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=CPUID
+            ValidFrom: '2012-01-06 00:00:00'
+            ValidTo: '2015-02-06 23:59:59'
+            Signature: be6fb3b3b33e9108a9a2273d1cf5eb3209a8c3a86ba7d66069393587f6b451b75b327ea15d36b1604aad5509c0ace37fa66e220b35764b9c201169677738c06802d2f798383c256c690898a663b0aeb519491057f9f24149c513abba2a4cab9934a684e5d83a34105fe6681f2b85d5ee06332d1c05c3627758442fd2fc94f5f68bb30f085cb1d31174e1461394aeef7b124291a099654d1103df3deab81e9658b5b5cc817061d688ae39e702f1d0dd420d6de931bed331960e089233b8576482e48d5b769fdfa8df02e1d098912444b324057826e1f72c26f045b2479a9b39eadfd6b2e1bd6db4057ef6b12ca385cad9a7ad82c4414e619f97dfd08a55f59053
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 53c8b54713882d4d5439511804935e
+            Version: 3
+            TBS:
+                MD5: 49e7946e133b4aaa31899adb235d3fa9
+                SHA1: f9f38ec49a6ccb990805be6dda0efa5f7fe8f7e7
+                SHA256: 1bb998a806b890e3300be35de0daa1b691fa218ef3d58ee5ec1b43fd34250a74
+                SHA384: 0a2ca21b084e3b431a7150c49819934d64a8b259d5686706d879a90cc37d32005eb2bbe07558b312b1169ab8a3e3de39
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 53c8b54713882d4d5439511804935e
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 958dd67f866ae27cf716e30a025b266f
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: dfb8cce9246e17f356504802d14d019d
+        SHA1: 189bedcea5ec5bfc724ff44b4b44958dc450c7db
+        SHA256: 4b5aecfecf26145aadd23f96a1cdfae0bca4e53af215d4bd77bba5dcc5a4479b
+    Company: CPUID
+    Copyright: Copyright(C) 2010 CPUID
+    CreationTimestamp: '2012-03-09 01:56:55'
+    Description: CPUID Driver
+    ExportedFunctions: ''
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Filename: cpuz.sys
+    ImportedFunctions:
+    - RtlAnsiStringToUnicodeString
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeInitializeEvent
+    - RtlInitAnsiString
+    - MmUnmapIoSpace
+    - IoCancelIrp
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - ExFreePoolWithTag
+    - IofCompleteRequest
+    - KeWaitForSingleObject
+    - PsGetVersion
+    - IoCreateSymbolicLink
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - IofCallDriver
+    - KeBugCheckEx
+    - IoDeleteSymbolicLink
+    - IoBuildDeviceIoControlRequest
+    - MmMapIoSpace
+    - ExAllocatePoolWithTag
+    - RtlUnwindEx
+    - HalSetBusDataByOffset
+    - KeStallExecutionProcessor
+    - HalGetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: cpuz.sys
+    MD5: 75dbd5db9892d7451d0429bec1aabe1a
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: cpuz.sys
+    Product: CPUID service
+    ProductVersion: 6.1.7600.16385
+    RichPEHeaderHash:
+        MD5: 685a19a8e9f46a76067db83da501dca0
+        SHA1: 5f76e4cf5157450837536db016e9981cb41394d2
+        SHA256: 1a0c69ff029488d41c7d9413943c28d389016adb26698d9baf02c6f32739d591
+    SHA1: c05df2e56e05b97e3ca8c6a61865cae722ed3066
+    SHA256: 19696fb0db3fcae22f705ae1eb1e9f1151c823f3ff5d8857e90f2a4a6fdc5758
+    Sections:
+        .text:
+            Entropy: 6.207830883313713
+            Virtual Size: '0x25d6'
+        .rdata:
+            Entropy: 4.172824067374571
+            Virtual Size: '0x3ec'
+        .data:
+            Entropy: 0.378703493487675
+            Virtual Size: '0x2c0'
+        .pdata:
+            Entropy: 3.503621523339014
+            Virtual Size: '0xc0'
+        INIT:
+            Entropy: 5.076575853289
+            Virtual Size: '0x406'
+        .rsrc:
+            Entropy: 3.3943730160709853
+            Virtual Size: '0x350'
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=CPUID
+            ValidFrom: '2012-01-06 00:00:00'
+            ValidTo: '2015-02-06 23:59:59'
+            Signature: be6fb3b3b33e9108a9a2273d1cf5eb3209a8c3a86ba7d66069393587f6b451b75b327ea15d36b1604aad5509c0ace37fa66e220b35764b9c201169677738c06802d2f798383c256c690898a663b0aeb519491057f9f24149c513abba2a4cab9934a684e5d83a34105fe6681f2b85d5ee06332d1c05c3627758442fd2fc94f5f68bb30f085cb1d31174e1461394aeef7b124291a099654d1103df3deab81e9658b5b5cc817061d688ae39e702f1d0dd420d6de931bed331960e089233b8576482e48d5b769fdfa8df02e1d098912444b324057826e1f72c26f045b2479a9b39eadfd6b2e1bd6db4057ef6b12ca385cad9a7ad82c4414e619f97dfd08a55f59053
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 53c8b54713882d4d5439511804935e
+            Version: 3
+            TBS:
+                MD5: 49e7946e133b4aaa31899adb235d3fa9
+                SHA1: f9f38ec49a6ccb990805be6dda0efa5f7fe8f7e7
+                SHA256: 1bb998a806b890e3300be35de0daa1b691fa218ef3d58ee5ec1b43fd34250a74
+                SHA384: 0a2ca21b084e3b431a7150c49819934d64a8b259d5686706d879a90cc37d32005eb2bbe07558b312b1169ab8a3e3de39
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 53c8b54713882d4d5439511804935e
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 82942c060f79cefd3bf1acdf5c207561
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 97861c7d308c22f4db08d08ce912fced
+        SHA1: 368c63d2f393ef65f8107d175174e9eaa13d993e
+        SHA256: 3966d4b1e4f5442b8507f91b6dbde3523657b47fd2945d990249605727d231ec
+    Company: CPUID
+    Copyright: Copyright(C) 2012 CPUID
+    CreationTimestamp: '2012-10-27 11:24:41'
+    Description: CPUID Driver
+    ExportedFunctions: ''
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Filename: cpuz.sys
+    ImportedFunctions:
+    - RtlAnsiStringToUnicodeString
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeInitializeEvent
+    - RtlInitAnsiString
+    - MmUnmapIoSpace
+    - IoCancelIrp
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - ExFreePoolWithTag
+    - IofCompleteRequest
+    - KeWaitForSingleObject
+    - PsGetVersion
+    - IoCreateSymbolicLink
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - IofCallDriver
+    - KeBugCheckEx
+    - IoDeleteSymbolicLink
+    - IoBuildDeviceIoControlRequest
+    - MmMapIoSpace
+    - ExAllocatePoolWithTag
+    - RtlUnwindEx
+    - HalSetBusDataByOffset
+    - KeStallExecutionProcessor
+    - HalGetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: cpuz.sys
+    MD5: fe820a5f99b092c3660762c6fc6c64e0
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: cpuz.sys
+    Product: CPUID service
+    ProductVersion: 6.1.7600.16385
+    RichPEHeaderHash:
+        MD5: 685a19a8e9f46a76067db83da501dca0
+        SHA1: 5f76e4cf5157450837536db016e9981cb41394d2
+        SHA256: 1a0c69ff029488d41c7d9413943c28d389016adb26698d9baf02c6f32739d591
+    SHA1: fad8e308f6d2e6a9cfaf9e6189335126a3c69acb
+    SHA256: 1e16a01ef44e4c56e87abfbe03b2989b0391b172c3ec162783ad640be65ab961
+    Sections:
+        .text:
+            Entropy: 6.181674969781746
+            Virtual Size: '0x2536'
+        .rdata:
+            Entropy: 4.160071293394142
+            Virtual Size: '0x3d4'
+        .data:
+            Entropy: 0.378703493487675
+            Virtual Size: '0x2c0'
+        .pdata:
+            Entropy: 3.4970531643346394
+            Virtual Size: '0xc0'
+        INIT:
+            Entropy: 5.076575853289
+            Virtual Size: '0x406'
+        .rsrc:
+            Entropy: 3.3935766621226473
+            Virtual Size: '0x350'
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G3
+            ValidFrom: '2012-05-01 00:00:00'
+            ValidTo: '2012-12-31 23:59:59'
+            Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
+            Version: 3
+            TBS:
+                MD5: e6d820afb23af20a65cf0b03247ea05e
+                SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
+                SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
+                SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=CPUID
+            ValidFrom: '2012-01-06 00:00:00'
+            ValidTo: '2015-02-06 23:59:59'
+            Signature: be6fb3b3b33e9108a9a2273d1cf5eb3209a8c3a86ba7d66069393587f6b451b75b327ea15d36b1604aad5509c0ace37fa66e220b35764b9c201169677738c06802d2f798383c256c690898a663b0aeb519491057f9f24149c513abba2a4cab9934a684e5d83a34105fe6681f2b85d5ee06332d1c05c3627758442fd2fc94f5f68bb30f085cb1d31174e1461394aeef7b124291a099654d1103df3deab81e9658b5b5cc817061d688ae39e702f1d0dd420d6de931bed331960e089233b8576482e48d5b769fdfa8df02e1d098912444b324057826e1f72c26f045b2479a9b39eadfd6b2e1bd6db4057ef6b12ca385cad9a7ad82c4414e619f97dfd08a55f59053
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 53c8b54713882d4d5439511804935e
+            Version: 3
+            TBS:
+                MD5: 49e7946e133b4aaa31899adb235d3fa9
+                SHA1: f9f38ec49a6ccb990805be6dda0efa5f7fe8f7e7
+                SHA256: 1bb998a806b890e3300be35de0daa1b691fa218ef3d58ee5ec1b43fd34250a74
+                SHA384: 0a2ca21b084e3b431a7150c49819934d64a8b259d5686706d879a90cc37d32005eb2bbe07558b312b1169ab8a3e3de39
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 53c8b54713882d4d5439511804935e
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 82942c060f79cefd3bf1acdf5c207561
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 7c8e917e5adba8b20bea898d4b966c6c
+        SHA1: 570496ebc3c4010b48c3703652fdfcb60352798b
+        SHA256: 98c86fcf018822289340d248f5e2896c41ad0f284febb741b945312ff40bdfa3
+    Company: CPUID
+    Copyright: Copyright(C) 2010 CPUID
+    CreationTimestamp: '2010-11-09 06:33:36'
+    Description: CPUID Driver
+    ExportedFunctions: ''
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Filename: cpuz.sys
+    ImportedFunctions:
+    - RtlAnsiStringToUnicodeString
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeInitializeEvent
+    - RtlInitAnsiString
+    - MmUnmapIoSpace
+    - IoCancelIrp
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - ExFreePoolWithTag
+    - IofCompleteRequest
+    - KeWaitForSingleObject
+    - PsGetVersion
+    - IoCreateSymbolicLink
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - IofCallDriver
+    - KeBugCheckEx
+    - IoDeleteSymbolicLink
+    - IoBuildDeviceIoControlRequest
+    - MmMapIoSpace
+    - ExAllocatePoolWithTag
+    - RtlUnwindEx
+    - HalSetBusDataByOffset
+    - KeStallExecutionProcessor
+    - HalGetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: cpuz.sys
+    MD5: 262969a3fab32b9e17e63e2d17a57744
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: cpuz.sys
+    Product: CPUID service
+    ProductVersion: 6.1.7600.16385
+    RichPEHeaderHash:
+        MD5: 685a19a8e9f46a76067db83da501dca0
+        SHA1: 5f76e4cf5157450837536db016e9981cb41394d2
+        SHA256: 1a0c69ff029488d41c7d9413943c28d389016adb26698d9baf02c6f32739d591
+    SHA1: 363b907c3b4f37968e9c8e1b7eeca5a5c5d530f8
+    SHA256: 1ee59eb28688e73d10838c66e0d8e011c8df45b6b43a4ac5d0b75795ca3eb512
+    Sections:
+        .text:
+            Entropy: 6.190718841242454
+            Virtual Size: '0x2416'
+        .rdata:
+            Entropy: 4.183312032190414
+            Virtual Size: '0x3ec'
+        .data:
+            Entropy: 0.378703493487675
+            Virtual Size: '0x2c0'
+        .pdata:
+            Entropy: 3.53594863841985
+            Virtual Size: '0xc0'
+        INIT:
+            Entropy: 5.076575853289
+            Virtual Size: '0x406'
+        .rsrc:
+            Entropy: 3.3943730160709853
+            Virtual Size: '0x350'
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=CPUID
+            ValidFrom: '2009-02-02 00:00:00'
+            ValidTo: '2012-02-07 23:59:59'
+            Signature: 9a9bbecb393272aaedfd7a125e0fe581151a18a75a4094e082a38156f62018b9d59edef27429bbea60d6e146a2ce134546d54e00b6585c1d85e3aedfb3b9a5de7728a96b2bcc26106655bae6bc5ce3a72714f9e23282a2fba29fc870b394e832f07dc50ded3a042953fe91379769e424398278b6ed14ae4f6b4cce5fa7ba20fc8d157a78fd308214d177189bcd76b2bd62a861a8c1562e2748f338f7369f0f062804685399a6655fcb4564a644e7a8bee8330557376884cce9153992e8e205bc1474dbd0109b3c87991db9bb77a9dff5775267390431ce56ff49500d8ad70be34a0d9a0b112e07eb55f0fe07de9ac93a0b30cb36029b5ec41e032daf66627d4e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
+            Version: 3
+            TBS:
+                MD5: fb72fa311261c4fb6a786e5cc7ce1d2f
+                SHA1: 1006abcf3b1eb43fd4cc42a2cc25346b3b9002c3
+                SHA256: 01beb7dc0d29b16a5506fc611b435aa0f4d9c50408ca404e91135e493a20890a
+                SHA384: 759175ad5a7509fc3ea3678d14e568abd0edeb753b53af88af04869bea98a07314b88c26de077ab3bdb6dbb1df1b93f9
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    Imphash: 82942c060f79cefd3bf1acdf5c207561
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 93bf28533aa6e63dc8b80b998b0814af
+        SHA1: 413ed5609215f4a6cee3b7b357eb594902a817f5
+        SHA256: 1399e65aa55c898a6cd5fb32d4b19f5bbaf69c56c1383963c99b7a0804eb0203
+    Company: Windows (R) Win 7 DDK provider
+    Copyright: "\xA9 Microsoft Corporation. All rights reserved."
+    CreationTimestamp: '2010-07-09 05:16:58'
+    Description: CPUID Driver
+    ExportedFunctions: ''
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Filename: cpuz.sys
+    ImportedFunctions:
+    - RtlAnsiStringToUnicodeString
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeInitializeEvent
+    - RtlInitAnsiString
+    - MmUnmapIoSpace
+    - IoCancelIrp
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - ExFreePoolWithTag
+    - IofCompleteRequest
+    - KeWaitForSingleObject
+    - PsGetVersion
+    - IoCreateSymbolicLink
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - IofCallDriver
+    - KeBugCheckEx
+    - IoDeleteSymbolicLink
+    - IoBuildDeviceIoControlRequest
+    - MmMapIoSpace
+    - ExAllocatePoolWithTag
+    - RtlUnwindEx
+    - HalSetBusDataByOffset
+    - KeStallExecutionProcessor
+    - HalGetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: cpuz.sys
+    MD5: 17719a7f571d4cd08223f0b30f71b8b8
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: cpuz.sys
+    Product: Windows (R) Win 7 DDK driver
+    ProductVersion: 6.1.7600.16385
+    RichPEHeaderHash:
+        MD5: 89dc670b5f7c06b577deeec9473dc96b
+        SHA1: af59c00ae531117ba9307257ab945cdf6c8309f6
+        SHA256: 35b9d8fc904c88f4df237edc610727f89c415e48bcf135191c43832bb2935ba6
+    SHA1: f9c916d163b85057414300ca214ebdf751172ecf
+    SHA256: 1f4d4db4abe26e765a33afb2501ac134d14cadeaa74ae8a0fae420e4ecf58e0c
+    Sections:
+        .text:
+            Entropy: 6.182386482362877
+            Virtual Size: '0x2256'
+        .rdata:
+            Entropy: 4.258631853520521
+            Virtual Size: '0x3d0'
+        .data:
+            Entropy: 0.378703493487675
+            Virtual Size: '0x2c0'
+        .pdata:
+            Entropy: 3.4326961450392584
+            Virtual Size: '0x90'
+        INIT:
+            Entropy: 5.067835669413665
+            Virtual Size: '0x406'
+        .rsrc:
+            Entropy: 3.4148190207283133
+            Virtual Size: '0x3d0'
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=CPUID
+            ValidFrom: '2009-02-02 00:00:00'
+            ValidTo: '2012-02-07 23:59:59'
+            Signature: 9a9bbecb393272aaedfd7a125e0fe581151a18a75a4094e082a38156f62018b9d59edef27429bbea60d6e146a2ce134546d54e00b6585c1d85e3aedfb3b9a5de7728a96b2bcc26106655bae6bc5ce3a72714f9e23282a2fba29fc870b394e832f07dc50ded3a042953fe91379769e424398278b6ed14ae4f6b4cce5fa7ba20fc8d157a78fd308214d177189bcd76b2bd62a861a8c1562e2748f338f7369f0f062804685399a6655fcb4564a644e7a8bee8330557376884cce9153992e8e205bc1474dbd0109b3c87991db9bb77a9dff5775267390431ce56ff49500d8ad70be34a0d9a0b112e07eb55f0fe07de9ac93a0b30cb36029b5ec41e032daf66627d4e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
+            Version: 3
+            TBS:
+                MD5: fb72fa311261c4fb6a786e5cc7ce1d2f
+                SHA1: 1006abcf3b1eb43fd4cc42a2cc25346b3b9002c3
+                SHA256: 01beb7dc0d29b16a5506fc611b435aa0f4d9c50408ca404e91135e493a20890a
+                SHA384: 759175ad5a7509fc3ea3678d14e568abd0edeb753b53af88af04869bea98a07314b88c26de077ab3bdb6dbb1df1b93f9
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    Imphash: 82942c060f79cefd3bf1acdf5c207561
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 9328ac41d0afb80914780b9474c0bca0
+        SHA1: e8f4f4e2a672d845d897f36646d8339597135050
+        SHA256: c0ed71b491aec860932fe92e5527ef444d537b396186ac839d5ed0884cfcaf0c
+    Company: CPUID
+    Copyright: Copyright(C) 2014 CPUID
+    CreationTimestamp: '2014-10-06 04:26:29'
+    Description: CPUID Driver
+    ExportedFunctions: ''
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Filename: cpuz.sys
+    ImportedFunctions:
+    - RtlAnsiStringToUnicodeString
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeInitializeEvent
+    - RtlInitAnsiString
+    - MmUnmapIoSpace
+    - IoCancelIrp
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - ExFreePoolWithTag
+    - IofCompleteRequest
+    - KeWaitForSingleObject
+    - PsGetVersion
+    - IoCreateSymbolicLink
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - IofCallDriver
+    - KeBugCheckEx
+    - IoDeleteSymbolicLink
+    - IoBuildDeviceIoControlRequest
+    - MmMapIoSpace
+    - ExAllocatePoolWithTag
+    - RtlUnwindEx
+    - HalSetBusDataByOffset
+    - KeStallExecutionProcessor
+    - HalGetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: cpuz.sys
+    MD5: 21be10f66bb65c1d406407faa0b9ba95
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: cpuz.sys
+    Product: CPUID service
+    ProductVersion: 6.1.7600.16385
+    RichPEHeaderHash:
+        MD5: c046d6f14ec39d2a0f67a417bda83c5e
+        SHA1: 74661f1063b4c80566f75a1bee22c35f7af17fa9
+        SHA256: 440eebbdc09d290724d364056ba4e2725c75759819a6df0a1ed5c876ed7d2474
+    SHA1: 86e59b17272a3e7d9976c980ded939bf8bf75069
+    SHA256: 2101d5e80e92c55ecfd8c24fcf2202a206a4fd70195a1378f88c4cc04d336f22
+    Sections:
+        .text:
+            Entropy: 6.184959788800412
+            Virtual Size: '0x3046'
+        .rdata:
+            Entropy: 4.1967199978388665
+            Virtual Size: '0x434'
+        .data:
+            Entropy: 0.378703493487675
+            Virtual Size: '0x2c0'
+        .pdata:
+            Entropy: 3.61540303809267
+            Virtual Size: '0xd8'
+        INIT:
+            Entropy: 5.133048134973059
+            Virtual Size: '0x406'
+        .rsrc:
+            Entropy: 3.3971374522271924
+            Virtual Size: '0x350'
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=CPUID
+            ValidFrom: '2012-01-06 00:00:00'
+            ValidTo: '2015-02-06 23:59:59'
+            Signature: be6fb3b3b33e9108a9a2273d1cf5eb3209a8c3a86ba7d66069393587f6b451b75b327ea15d36b1604aad5509c0ace37fa66e220b35764b9c201169677738c06802d2f798383c256c690898a663b0aeb519491057f9f24149c513abba2a4cab9934a684e5d83a34105fe6681f2b85d5ee06332d1c05c3627758442fd2fc94f5f68bb30f085cb1d31174e1461394aeef7b124291a099654d1103df3deab81e9658b5b5cc817061d688ae39e702f1d0dd420d6de931bed331960e089233b8576482e48d5b769fdfa8df02e1d098912444b324057826e1f72c26f045b2479a9b39eadfd6b2e1bd6db4057ef6b12ca385cad9a7ad82c4414e619f97dfd08a55f59053
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 53c8b54713882d4d5439511804935e
+            Version: 3
+            TBS:
+                MD5: 49e7946e133b4aaa31899adb235d3fa9
+                SHA1: f9f38ec49a6ccb990805be6dda0efa5f7fe8f7e7
+                SHA256: 1bb998a806b890e3300be35de0daa1b691fa218ef3d58ee5ec1b43fd34250a74
+                SHA384: 0a2ca21b084e3b431a7150c49819934d64a8b259d5686706d879a90cc37d32005eb2bbe07558b312b1169ab8a3e3de39
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 53c8b54713882d4d5439511804935e
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 82942c060f79cefd3bf1acdf5c207561
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 92c5a8d936bb2ef7802aaa15c877e866
+        SHA1: 340024982f9ad5c2722bab8cddec9d32f0efdc7c
+        SHA256: 313a69d8eea6a933cffac0fa67d46ad9aef0815bb579fce7623d9be825888e30
+    Company: CPUID
+    Copyright: Copyright(C) 2013 CPUID
+    CreationTimestamp: '2013-11-27 03:33:59'
+    Description: CPUID Driver
+    ExportedFunctions: ''
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Filename: cpuz.sys
+    ImportedFunctions:
+    - RtlAnsiStringToUnicodeString
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeInitializeEvent
+    - RtlInitAnsiString
+    - MmUnmapIoSpace
+    - IoCancelIrp
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - ExFreePoolWithTag
+    - IofCompleteRequest
+    - KeWaitForSingleObject
+    - PsGetVersion
+    - IoCreateSymbolicLink
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - IofCallDriver
+    - KeBugCheckEx
+    - IoDeleteSymbolicLink
+    - IoBuildDeviceIoControlRequest
+    - MmMapIoSpace
+    - ExAllocatePoolWithTag
+    - RtlUnwindEx
+    - HalSetBusDataByOffset
+    - KeStallExecutionProcessor
+    - HalGetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: cpuz.sys
+    MD5: 4885e1bf1971c8fa9e7686fd5199f500
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: cpuz.sys
+    Product: CPUID service
+    ProductVersion: 6.1.7600.16385
+    RichPEHeaderHash:
+        MD5: 685a19a8e9f46a76067db83da501dca0
+        SHA1: 5f76e4cf5157450837536db016e9981cb41394d2
+        SHA256: 1a0c69ff029488d41c7d9413943c28d389016adb26698d9baf02c6f32739d591
+    SHA1: 388068adc9ec46a0bbc8173bcb0d5f9cf8af6ea5
+    SHA256: 26e3bfef255efd052a84c3c43994c73222b14c95db9a4b1fc2e98f1a5cb26e43
+    Sections:
+        .text:
+            Entropy: 6.189630683612354
+            Virtual Size: '0x2c76'
+        .rdata:
+            Entropy: 4.1481713750399685
+            Virtual Size: '0x414'
+        .data:
+            Entropy: 0.378703493487675
+            Virtual Size: '0x2c0'
+        .pdata:
+            Entropy: 3.5274875201903875
+            Virtual Size: '0xc0'
+        INIT:
+            Entropy: 5.076575853289
+            Virtual Size: '0x406'
+        .rsrc:
+            Entropy: 3.3935766621226473
+            Virtual Size: '0x350'
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=CPUID
+            ValidFrom: '2012-01-06 00:00:00'
+            ValidTo: '2015-02-06 23:59:59'
+            Signature: be6fb3b3b33e9108a9a2273d1cf5eb3209a8c3a86ba7d66069393587f6b451b75b327ea15d36b1604aad5509c0ace37fa66e220b35764b9c201169677738c06802d2f798383c256c690898a663b0aeb519491057f9f24149c513abba2a4cab9934a684e5d83a34105fe6681f2b85d5ee06332d1c05c3627758442fd2fc94f5f68bb30f085cb1d31174e1461394aeef7b124291a099654d1103df3deab81e9658b5b5cc817061d688ae39e702f1d0dd420d6de931bed331960e089233b8576482e48d5b769fdfa8df02e1d098912444b324057826e1f72c26f045b2479a9b39eadfd6b2e1bd6db4057ef6b12ca385cad9a7ad82c4414e619f97dfd08a55f59053
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 53c8b54713882d4d5439511804935e
+            Version: 3
+            TBS:
+                MD5: 49e7946e133b4aaa31899adb235d3fa9
+                SHA1: f9f38ec49a6ccb990805be6dda0efa5f7fe8f7e7
+                SHA256: 1bb998a806b890e3300be35de0daa1b691fa218ef3d58ee5ec1b43fd34250a74
+                SHA384: 0a2ca21b084e3b431a7150c49819934d64a8b259d5686706d879a90cc37d32005eb2bbe07558b312b1169ab8a3e3de39
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 53c8b54713882d4d5439511804935e
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 82942c060f79cefd3bf1acdf5c207561
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 654f9a768f518e632c99309bd4c1145b
+        SHA1: a5f086835d7c2883ad8d985772d02a9a8815bcbb
+        SHA256: d4e93f592a8342b0eb582d24a114348ce40ecb3c1e7b238d731b02e17d5aae7d
+    Company: CPUID
+    Copyright: Copyright(C) 2012 CPUID
+    CreationTimestamp: '2013-05-10 06:42:51'
+    Description: CPUID Driver
+    ExportedFunctions: ''
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Filename: cpuz.sys
+    ImportedFunctions:
+    - RtlAnsiStringToUnicodeString
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeInitializeEvent
+    - RtlInitAnsiString
+    - MmUnmapIoSpace
+    - IoCancelIrp
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - ExFreePoolWithTag
+    - IofCompleteRequest
+    - KeWaitForSingleObject
+    - PsGetVersion
+    - IoCreateSymbolicLink
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - IofCallDriver
+    - KeBugCheckEx
+    - IoDeleteSymbolicLink
+    - IoBuildDeviceIoControlRequest
+    - MmMapIoSpace
+    - ExAllocatePoolWithTag
+    - RtlUnwindEx
+    - HalSetBusDataByOffset
+    - KeStallExecutionProcessor
+    - HalGetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: cpuz.sys
+    MD5: ab4ee84e09b09012ac86d3a875af9d43
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: cpuz.sys
+    Product: CPUID service
+    ProductVersion: 6.1.7600.16385
+    RichPEHeaderHash:
+        MD5: 685a19a8e9f46a76067db83da501dca0
+        SHA1: 5f76e4cf5157450837536db016e9981cb41394d2
+        SHA256: 1a0c69ff029488d41c7d9413943c28d389016adb26698d9baf02c6f32739d591
+    SHA1: 3c81cdfd99d91c7c9de7921607be12233ed0dfd8
+    SHA256: 2a6db9facf9e13d35c37dd468be04bae5f70c6127a9aee76daebddbdec95d486
+    Sections:
+        .text:
+            Entropy: 6.190388157802366
+            Virtual Size: '0x2616'
+        .rdata:
+            Entropy: 4.158462162346533
+            Virtual Size: '0x3d4'
+        .data:
+            Entropy: 0.378703493487675
+            Virtual Size: '0x2c0'
+        .pdata:
+            Entropy: 3.501505002731896
+            Virtual Size: '0xc0'
+        INIT:
+            Entropy: 5.076575853289
+            Virtual Size: '0x406'
+        .rsrc:
+            Entropy: 3.3935766621226473
+            Virtual Size: '0x350'
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=CPUID
+            ValidFrom: '2012-01-06 00:00:00'
+            ValidTo: '2015-02-06 23:59:59'
+            Signature: be6fb3b3b33e9108a9a2273d1cf5eb3209a8c3a86ba7d66069393587f6b451b75b327ea15d36b1604aad5509c0ace37fa66e220b35764b9c201169677738c06802d2f798383c256c690898a663b0aeb519491057f9f24149c513abba2a4cab9934a684e5d83a34105fe6681f2b85d5ee06332d1c05c3627758442fd2fc94f5f68bb30f085cb1d31174e1461394aeef7b124291a099654d1103df3deab81e9658b5b5cc817061d688ae39e702f1d0dd420d6de931bed331960e089233b8576482e48d5b769fdfa8df02e1d098912444b324057826e1f72c26f045b2479a9b39eadfd6b2e1bd6db4057ef6b12ca385cad9a7ad82c4414e619f97dfd08a55f59053
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 53c8b54713882d4d5439511804935e
+            Version: 3
+            TBS:
+                MD5: 49e7946e133b4aaa31899adb235d3fa9
+                SHA1: f9f38ec49a6ccb990805be6dda0efa5f7fe8f7e7
+                SHA256: 1bb998a806b890e3300be35de0daa1b691fa218ef3d58ee5ec1b43fd34250a74
+                SHA384: 0a2ca21b084e3b431a7150c49819934d64a8b259d5686706d879a90cc37d32005eb2bbe07558b312b1169ab8a3e3de39
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 53c8b54713882d4d5439511804935e
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 82942c060f79cefd3bf1acdf5c207561
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 4c2f42ab19a70ee6a2cb936329b34aff
+        SHA1: 742a9fc918c7bb2b1707412c703d7b7674ed1094
+        SHA256: fd8d61102719afb0b8a230d9e8c372af3396bec4a6d72aada42a1f1d36187751
+    Company: Windows (R) Win 7 DDK provider
+    Copyright: "\xA9 Microsoft Corporation. All rights reserved."
+    CreationTimestamp: '2010-05-11 03:59:25'
+    Description: CPUID Driver
+    ExportedFunctions: ''
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Filename: cpuz.sys
+    ImportedFunctions:
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - RtlFreeUnicodeString
+    - ObfDereferenceObject
+    - MmIsAddressValid
+    - IoGetDeviceObjectPointer
+    - RtlAnsiStringToUnicodeString
+    - IofCompleteRequest
+    - MmMapIoSpace
+    - ProbeForWrite
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeTickCount
+    - KeBugCheckEx
+    - MmUnmapIoSpace
+    - RtlInitUnicodeString
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - PsGetVersion
+    - KeInitializeEvent
+    - IoBuildDeviceIoControlRequest
+    - IofCallDriver
+    - RtlInitAnsiString
+    - KeWaitForSingleObject
+    - RtlUnwind
+    - READ_PORT_USHORT
+    - READ_PORT_ULONG
+    - WRITE_PORT_UCHAR
+    - WRITE_PORT_USHORT
+    - WRITE_PORT_ULONG
+    - HalGetBusDataByOffset
+    - HalSetBusDataByOffset
+    - KeStallExecutionProcessor
+    - READ_PORT_UCHAR
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: cpuz.sys
+    MD5: 743c403d20a89db5ed84c874768b7119
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: cpuz.sys
+    Product: Windows (R) Win 7 DDK driver
+    ProductVersion: 6.1.7600.16385
+    RichPEHeaderHash:
+        MD5: 4ba73072bea66755a70f3a8c99951424
+        SHA1: d9ce039d736544c2d9b7fe44460d8e006a5c62f0
+        SHA256: 3b45bc2da9543317e7a22486f86a3f8c0eb289596d1d7661b47e35e99058861f
+    SHA1: dc8fa4648c674e3a7148dd8e8c35f668a3701a52
+    SHA256: 2a9d481ffdc5c1e2cb50cf078be32be06b21f6e2b38e90e008edfc8c4f2a9c4e
+    Sections:
+        .text:
+            Entropy: 6.221169838993626
+            Virtual Size: '0x2030'
+        .rdata:
+            Entropy: 4.564029507184391
+            Virtual Size: '0x2ec'
+        .data:
+            Entropy: 0.22396935932252834
+            Virtual Size: '0x1c0'
+        INIT:
+            Entropy: 5.46954214905682
+            Virtual Size: '0x3fc'
+        .rsrc:
+            Entropy: 3.413813063110847
+            Virtual Size: '0x3d0'
+        .reloc:
+            Entropy: 5.666994611221042
+            Virtual Size: '0x210'
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=CPUID
+            ValidFrom: '2009-02-02 00:00:00'
+            ValidTo: '2012-02-07 23:59:59'
+            Signature: 9a9bbecb393272aaedfd7a125e0fe581151a18a75a4094e082a38156f62018b9d59edef27429bbea60d6e146a2ce134546d54e00b6585c1d85e3aedfb3b9a5de7728a96b2bcc26106655bae6bc5ce3a72714f9e23282a2fba29fc870b394e832f07dc50ded3a042953fe91379769e424398278b6ed14ae4f6b4cce5fa7ba20fc8d157a78fd308214d177189bcd76b2bd62a861a8c1562e2748f338f7369f0f062804685399a6655fcb4564a644e7a8bee8330557376884cce9153992e8e205bc1474dbd0109b3c87991db9bb77a9dff5775267390431ce56ff49500d8ad70be34a0d9a0b112e07eb55f0fe07de9ac93a0b30cb36029b5ec41e032daf66627d4e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
+            Version: 3
+            TBS:
+                MD5: fb72fa311261c4fb6a786e5cc7ce1d2f
+                SHA1: 1006abcf3b1eb43fd4cc42a2cc25346b3b9002c3
+                SHA256: 01beb7dc0d29b16a5506fc611b435aa0f4d9c50408ca404e91135e493a20890a
+                SHA384: 759175ad5a7509fc3ea3678d14e568abd0edeb753b53af88af04869bea98a07314b88c26de077ab3bdb6dbb1df1b93f9
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    Imphash: 744af2b62301859b4ccdffba53551b15
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: a85d9912baf9994b0fabf924f6a66e9b
+        SHA1: 04defcae6548e92ea76bd7069a672a7e1067b995
+        SHA256: d1c71a98e10105faa0814fec3544474d86ae0e8f88efd77798a716adad3994a2
+    Company: Windows (R) Codename Longhorn DDK provider
+    Copyright: "\xA9 Microsoft Corporation. All rights reserved."
+    CreationTimestamp: '2009-03-07 03:03:14'
+    Description: CPUID Driver
+    ExportedFunctions: ''
+    FileVersion: '6.0.6000.16386 built by: WinDDK'
+    Filename: cpuz.sys
+    ImportedFunctions:
+    - IoDeleteSymbolicLink
+    - IoCreateSymbolicLink
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - RtlAnsiStringToUnicodeString
+    - RtlFreeUnicodeString
+    - IoCreateDevice
+    - IofCallDriver
+    - IoGetDeviceObjectPointer
+    - IoBuildDeviceIoControlRequest
+    - IoDeleteDevice
+    - ProbeForWrite
+    - MmMapIoSpace
+    - KeInitializeEvent
+    - RtlInitAnsiString
+    - IofCompleteRequest
+    - KeWaitForSingleObject
+    - KeBugCheckEx
+    - MmUnmapIoSpace
+    - RtlInitUnicodeString
+    - PsGetVersion
+    - RtlUnwindEx
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: cpuz.sys
+    MD5: e0bfbdf3793ea2742c03f5a82cb305a5
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: cpuz.sys
+    Product: Windows (R) Codename Longhorn DDK driver
+    ProductVersion: 6.0.6000.16386
+    RichPEHeaderHash:
+        MD5: a4919ba9bce5fa10c0659fe35e106bff
+        SHA1: c9062199c8b03518cf06dcc7212ff3c1ffbf0452
+        SHA256: f6f4beb34371f4eec6c80a94046382a70864524606df3fdcf4d08fe9ddacc1af
+    SHA1: a6a71fb4f91080aff2a3a42811b4bd86fb22168d
+    SHA256: 2ef7df384e93951893b65500dac6ee09da6b8fe9128326caad41b8be4da49a1e
+    Sections:
+        .text:
+            Entropy: 6.139220942185034
+            Virtual Size: '0x1da6'
+        .rdata:
+            Entropy: 4.302697981700664
+            Virtual Size: '0x394'
+        .data:
+            Entropy: 0.378703493487675
+            Virtual Size: '0x2c0'
+        .pdata:
+            Entropy: 3.3507319703399823
+            Virtual Size: '0x84'
+        INIT:
+            Entropy: 4.945456847123696
+            Virtual Size: '0x388'
+        .rsrc:
+            Entropy: 3.393742999677783
+            Virtual Size: '0x400'
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=CPUID
+            ValidFrom: '2009-02-02 00:00:00'
+            ValidTo: '2012-02-07 23:59:59'
+            Signature: 9a9bbecb393272aaedfd7a125e0fe581151a18a75a4094e082a38156f62018b9d59edef27429bbea60d6e146a2ce134546d54e00b6585c1d85e3aedfb3b9a5de7728a96b2bcc26106655bae6bc5ce3a72714f9e23282a2fba29fc870b394e832f07dc50ded3a042953fe91379769e424398278b6ed14ae4f6b4cce5fa7ba20fc8d157a78fd308214d177189bcd76b2bd62a861a8c1562e2748f338f7369f0f062804685399a6655fcb4564a644e7a8bee8330557376884cce9153992e8e205bc1474dbd0109b3c87991db9bb77a9dff5775267390431ce56ff49500d8ad70be34a0d9a0b112e07eb55f0fe07de9ac93a0b30cb36029b5ec41e032daf66627d4e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
+            Version: 3
+            TBS:
+                MD5: fb72fa311261c4fb6a786e5cc7ce1d2f
+                SHA1: 1006abcf3b1eb43fd4cc42a2cc25346b3b9002c3
+                SHA256: 01beb7dc0d29b16a5506fc611b435aa0f4d9c50408ca404e91135e493a20890a
+                SHA384: 759175ad5a7509fc3ea3678d14e568abd0edeb753b53af88af04869bea98a07314b88c26de077ab3bdb6dbb1df1b93f9
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    Imphash: cb8db41ab8c06472574e58b9466f4070
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: b1113bc5a8f67468ae6e0183c60be10a
+        SHA1: bbea7d9b8672ca30c6a8f49e913f110720d4753c
+        SHA256: 55e3b977402be076bfafe332a3fb29ddb6b02edf932d02e963df09adbe89eb91
+    Company: CPUID
+    Copyright: Copyright(C) 2017 CPUID
+    CreationTimestamp: '2017-04-24 05:12:14'
+    Description: CPUID Driver
+    ExportedFunctions: ''
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Filename: cpuz.sys
+    ImportedFunctions:
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeInitializeEvent
+    - RtlInitAnsiString
+    - MmUnmapIoSpace
+    - IoCancelIrp
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - RtlAnsiStringToUnicodeString
+    - IofCompleteRequest
+    - KeWaitForSingleObject
+    - PsGetVersion
+    - IoCreateSymbolicLink
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - IofCallDriver
+    - KeBugCheckEx
+    - ExFreePoolWithTag
+    - IoDeleteSymbolicLink
+    - IoBuildDeviceIoControlRequest
+    - MmMapIoSpace
+    - ExAllocatePoolWithTag
+    - RtlUnwindEx
+    - HalGetBusDataByOffset
+    - HalSetBusDataByOffset
+    - KeStallExecutionProcessor
+    - KeQueryPerformanceCounter
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: cpuz.sys
+    MD5: 22ca5fe8fb0e5e22e6fb0848108c03f4
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: cpuz.sys
+    Product: CPUID service
+    ProductVersion: 6.1.7600.16385
+    RichPEHeaderHash:
+        MD5: c046d6f14ec39d2a0f67a417bda83c5e
+        SHA1: 74661f1063b4c80566f75a1bee22c35f7af17fa9
+        SHA256: 440eebbdc09d290724d364056ba4e2725c75759819a6df0a1ed5c876ed7d2474
+    SHA1: bec66e0a4842048c25732f7ea2bbe989ea400abf
+    SHA256: 34bee22c18ddbddbe115cf1ab55cabf0e482aba1eb2c343153577fb24b7226d3
+    Sections:
+        .text:
+            Entropy: 6.167627326915935
+            Virtual Size: '0x4536'
+        .rdata:
+            Entropy: 4.195082406902852
+            Virtual Size: '0x534'
+        .data:
+            Entropy: 0.378703493487675
+            Virtual Size: '0x440'
+        .pdata:
+            Entropy: 3.6289632983036624
+            Virtual Size: '0xfc'
+        INIT:
+            Entropy: 5.132100585029012
+            Virtual Size: '0x40e'
+        .rsrc:
+            Entropy: 3.394946071861716
+            Virtual Size: '0x350'
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, CN=CPUID
+            ValidFrom: '2014-12-02 00:00:00'
+            ValidTo: '2018-03-02 23:59:59'
+            Signature: a59808b35f916a1201f0987b958aaaf50b81f3e507cf9d1b902bc22787244617e38069e4ca74bcf505dfdfeb6bad8bee2ecba26a428c2b26c9b9987241b50ccfd895a7335b35534c5569fdef2554d773cb3b20f10e08eeff2701d2a3e8ef7c5bb759baf1995d1580dce4f0c5da90eff4f07e01e7c9273b24c14c514f2ae1d1fe940dd53bfa25572cd6f3c007c7f21aebc58ea32ca3aea83c731419c9dcc191158cbb52b0b70545a16c9b42aadd4dcb167443d6c15fa03ae7f6f0f644845a69cb8badb3f143fd916a70c5008c3486d1f0cc8e0527f76da5aeaca4925f6eb6861dd54e1ce8b80e6b000446d77ac8bd0299e38db3b8e4a9c43294367cd6a55351d0
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 2d8021d84f098e7abde199f818e211a4
+            Version: 3
+            TBS:
+                MD5: 8f8c7ccf1ef7e1ee347f49e8266008ca
+                SHA1: b856b993df73da9d824aa1e5161788bd10d1e10e
+                SHA256: 1dd13a417806106c76cfbcd3614fe27a0638d2aaf2731f6a110c05043e34ad91
+                SHA384: d24ede407b82f80a6f0703b59af267f227a956c21f642f4c3d717d6999728ba2acfde76966340f4334f8ecdcf294616e
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 2d8021d84f098e7abde199f818e211a4
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 8f96c3ef5dda3fe697d4a4d6326dbe37
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 96c15399e89e9bca402ed660f90e1b98
+        SHA1: 1b4335f92c6137f56c8f98e5b79fc7af67af2a24
+        SHA256: 55a69f740a77fc07073c3d077d029dfb2dbe4b673171167e7310bd857eb55982
+    Company: CPUID
+    Copyright: Copyright(C) 2013 CPUID
+    CreationTimestamp: '2013-08-24 02:58:17'
+    Description: CPUID Driver
+    ExportedFunctions: ''
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Filename: cpuz.sys
+    ImportedFunctions:
+    - IofCompleteRequest
+    - ExFreePool
+    - ExAllocatePoolWithTag
+    - RtlFreeUnicodeString
+    - ObfDereferenceObject
+    - MmIsAddressValid
+    - IoGetDeviceObjectPointer
+    - MmUnmapIoSpace
+    - RtlInitAnsiString
+    - MmMapIoSpace
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - RtlUnwind
+    - KeTickCount
+    - KeBugCheckEx
+    - RtlInitUnicodeString
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - PsGetVersion
+    - KeInitializeEvent
+    - IoBuildDeviceIoControlRequest
+    - IofCallDriver
+    - KeWaitForSingleObject
+    - RtlAnsiStringToUnicodeString
+    - IoCancelIrp
+    - READ_PORT_USHORT
+    - READ_PORT_ULONG
+    - WRITE_PORT_UCHAR
+    - WRITE_PORT_USHORT
+    - WRITE_PORT_ULONG
+    - HalGetBusDataByOffset
+    - HalSetBusDataByOffset
+    - KeStallExecutionProcessor
+    - READ_PORT_UCHAR
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: cpuz.sys
+    MD5: 3ab94fba7196e84a97e83b15f7bcb270
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: cpuz.sys
+    Product: CPUID service
+    ProductVersion: 6.1.7600.16385
+    RichPEHeaderHash:
+        MD5: 41f15d0f328a165973b49de608ef72a2
+        SHA1: abcd9850775bd0a1a855e785a238e0e69525810f
+        SHA256: 02dc44b04a6426fcaedf26995bfa471f123a90a9c747e82cebaf95f394890631
+    SHA1: bea745b598dd957924d3465ebc04c5b830d5724f
+    SHA256: 3e07bb866d329a2f9aaa4802bad04fdac9163de9bf9cfa1d035f5ca610b4b9bf
+    Sections:
+        .text:
+            Entropy: 6.193679799265929
+            Virtual Size: '0x2860'
+        .rdata:
+            Entropy: 4.611976907005874
+            Virtual Size: '0x2c0'
+        .data:
+            Entropy: 0.335842300318532
+            Virtual Size: '0x1e0'
+        INIT:
+            Entropy: 5.42180997612463
+            Virtual Size: '0x3f4'
+        .rsrc:
+            Entropy: 3.391941258882184
+            Virtual Size: '0x350'
+        .reloc:
+            Entropy: 5.431068617797713
+            Virtual Size: '0x234'
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=CPUID
+            ValidFrom: '2012-01-06 00:00:00'
+            ValidTo: '2015-02-06 23:59:59'
+            Signature: be6fb3b3b33e9108a9a2273d1cf5eb3209a8c3a86ba7d66069393587f6b451b75b327ea15d36b1604aad5509c0ace37fa66e220b35764b9c201169677738c06802d2f798383c256c690898a663b0aeb519491057f9f24149c513abba2a4cab9934a684e5d83a34105fe6681f2b85d5ee06332d1c05c3627758442fd2fc94f5f68bb30f085cb1d31174e1461394aeef7b124291a099654d1103df3deab81e9658b5b5cc817061d688ae39e702f1d0dd420d6de931bed331960e089233b8576482e48d5b769fdfa8df02e1d098912444b324057826e1f72c26f045b2479a9b39eadfd6b2e1bd6db4057ef6b12ca385cad9a7ad82c4414e619f97dfd08a55f59053
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 53c8b54713882d4d5439511804935e
+            Version: 3
+            TBS:
+                MD5: 49e7946e133b4aaa31899adb235d3fa9
+                SHA1: f9f38ec49a6ccb990805be6dda0efa5f7fe8f7e7
+                SHA256: 1bb998a806b890e3300be35de0daa1b691fa218ef3d58ee5ec1b43fd34250a74
+                SHA384: 0a2ca21b084e3b431a7150c49819934d64a8b259d5686706d879a90cc37d32005eb2bbe07558b312b1169ab8a3e3de39
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 53c8b54713882d4d5439511804935e
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 958dd67f866ae27cf716e30a025b266f
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 972f2ce8097eda301f27a53fcf2b9865
+        SHA1: aba5185a6ebdb040c5e4b8b8eaa44382eb705aec
+        SHA256: 157ae92541eda2f5035435c63e1654adfa45c06e37b05cbb60d76a63daa93f04
+    Company: CPUID
+    Copyright: Copyright(C) 2014 CPUID
+    CreationTimestamp: '2014-10-23 09:03:05'
+    Description: CPUID Driver
+    ExportedFunctions: ''
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Filename: cpuz.sys
+    ImportedFunctions:
+    - RtlAnsiStringToUnicodeString
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeInitializeEvent
+    - RtlInitAnsiString
+    - MmUnmapIoSpace
+    - IoCancelIrp
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - MmMapIoSpace
+    - ExFreePoolWithTag
+    - KeWaitForSingleObject
+    - PsGetVersion
+    - IoCreateSymbolicLink
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - DbgPrintEx
+    - IofCallDriver
+    - KeBugCheckEx
+    - IoDeleteSymbolicLink
+    - IoBuildDeviceIoControlRequest
+    - IofCompleteRequest
+    - ExAllocatePoolWithTag
+    - RtlUnwindEx
+    - HalSetBusDataByOffset
+    - KeStallExecutionProcessor
+    - HalGetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: cpuz.sys
+    MD5: e323413de3caec7f7730b43c551f26a0
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: cpuz.sys
+    Product: CPUID service
+    ProductVersion: 6.1.7600.16385
+    RichPEHeaderHash:
+        MD5: a2326d96aef2fdfe4c1d2ed909160ccc
+        SHA1: 48faced2ed09c60dd807398c1338259bddcd3c1f
+        SHA256: a125d206aeade4827dcce39aadbd8da6cad0d8ad799b46adfd7bf6bcd0acf11e
+    SHA1: f3c20ce4282587c920e9ff5da2150fac7858172e
+    SHA256: 45c3d607cb57a1714c1c604a25cbadf2779f4734855d0e43aa394073b6966b26
+    Sections:
+        .text:
+            Entropy: 6.223329975658994
+            Virtual Size: '0x3207'
+        .rdata:
+            Entropy: 4.1808537985567344
+            Virtual Size: '0x434'
+        .data:
+            Entropy: 0.378703493487675
+            Virtual Size: '0x2c0'
+        .pdata:
+            Entropy: 3.626263920579275
+            Virtual Size: '0xd8'
+        INIT:
+            Entropy: 5.120133577153886
+            Virtual Size: '0x41c'
+        .rsrc:
+            Entropy: 3.3971374522271924
+            Virtual Size: '0x350'
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=CPUID
+            ValidFrom: '2012-01-06 00:00:00'
+            ValidTo: '2015-02-06 23:59:59'
+            Signature: be6fb3b3b33e9108a9a2273d1cf5eb3209a8c3a86ba7d66069393587f6b451b75b327ea15d36b1604aad5509c0ace37fa66e220b35764b9c201169677738c06802d2f798383c256c690898a663b0aeb519491057f9f24149c513abba2a4cab9934a684e5d83a34105fe6681f2b85d5ee06332d1c05c3627758442fd2fc94f5f68bb30f085cb1d31174e1461394aeef7b124291a099654d1103df3deab81e9658b5b5cc817061d688ae39e702f1d0dd420d6de931bed331960e089233b8576482e48d5b769fdfa8df02e1d098912444b324057826e1f72c26f045b2479a9b39eadfd6b2e1bd6db4057ef6b12ca385cad9a7ad82c4414e619f97dfd08a55f59053
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 53c8b54713882d4d5439511804935e
+            Version: 3
+            TBS:
+                MD5: 49e7946e133b4aaa31899adb235d3fa9
+                SHA1: f9f38ec49a6ccb990805be6dda0efa5f7fe8f7e7
+                SHA256: 1bb998a806b890e3300be35de0daa1b691fa218ef3d58ee5ec1b43fd34250a74
+                SHA384: 0a2ca21b084e3b431a7150c49819934d64a8b259d5686706d879a90cc37d32005eb2bbe07558b312b1169ab8a3e3de39
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 53c8b54713882d4d5439511804935e
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 28c5045218461018dbde27212ab0f227
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: ccc4847b99e359c72448de9f9f0981f1
+        SHA1: 9e771be7100b166ba79aeeea58aa3dee44c09d6b
+        SHA256: 6b9090296a10225be115810e29e8ada4f70e4d4a8f88b385ccd9a8a6d2eb6778
+    Company: Windows (R) Codename Longhorn DDK provider
+    Copyright: "\xA9 Microsoft Corporation. All rights reserved."
+    CreationTimestamp: '2009-03-26 17:17:23'
+    Description: CPUID Driver
+    ExportedFunctions: ''
+    FileVersion: '6.0.6000.16386 built by: WinDDK'
+    Filename: cpuz.sys
+    ImportedFunctions:
+    - IoDeleteSymbolicLink
+    - IoCreateSymbolicLink
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - RtlAnsiStringToUnicodeString
+    - RtlFreeUnicodeString
+    - IoCreateDevice
+    - IofCallDriver
+    - IoGetDeviceObjectPointer
+    - IoBuildDeviceIoControlRequest
+    - IoDeleteDevice
+    - ProbeForWrite
+    - MmMapIoSpace
+    - KeInitializeEvent
+    - RtlInitAnsiString
+    - IofCompleteRequest
+    - KeWaitForSingleObject
+    - KeBugCheckEx
+    - MmUnmapIoSpace
+    - RtlInitUnicodeString
+    - PsGetVersion
+    - RtlUnwindEx
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: cpuz.sys
+    MD5: c9c25778efe890baa4087e32937016a0
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: cpuz.sys
+    Product: Windows (R) Codename Longhorn DDK driver
+    ProductVersion: 6.0.6000.16386
+    RichPEHeaderHash:
+        MD5: a4919ba9bce5fa10c0659fe35e106bff
+        SHA1: c9062199c8b03518cf06dcc7212ff3c1ffbf0452
+        SHA256: f6f4beb34371f4eec6c80a94046382a70864524606df3fdcf4d08fe9ddacc1af
+    SHA1: f4728f490d741b04b611164a7d997e34458e3a5e
+    SHA256: 49329fa09f584d1960b09c1b15df18c0bc1c4fdb90bf48b6b5703e872040b668
+    Sections:
+        .text:
+            Entropy: 6.154548729898717
+            Virtual Size: '0x1dd6'
+        .rdata:
+            Entropy: 4.332394275902173
+            Virtual Size: '0x39c'
+        .data:
+            Entropy: 0.378703493487675
+            Virtual Size: '0x2c0'
+        .pdata:
+            Entropy: 3.424516355212702
+            Virtual Size: '0x84'
+        INIT:
+            Entropy: 4.945456847123696
+            Virtual Size: '0x388'
+        .rsrc:
+            Entropy: 3.393742999677783
+            Virtual Size: '0x400'
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=CPUID
+            ValidFrom: '2009-02-02 00:00:00'
+            ValidTo: '2012-02-07 23:59:59'
+            Signature: 9a9bbecb393272aaedfd7a125e0fe581151a18a75a4094e082a38156f62018b9d59edef27429bbea60d6e146a2ce134546d54e00b6585c1d85e3aedfb3b9a5de7728a96b2bcc26106655bae6bc5ce3a72714f9e23282a2fba29fc870b394e832f07dc50ded3a042953fe91379769e424398278b6ed14ae4f6b4cce5fa7ba20fc8d157a78fd308214d177189bcd76b2bd62a861a8c1562e2748f338f7369f0f062804685399a6655fcb4564a644e7a8bee8330557376884cce9153992e8e205bc1474dbd0109b3c87991db9bb77a9dff5775267390431ce56ff49500d8ad70be34a0d9a0b112e07eb55f0fe07de9ac93a0b30cb36029b5ec41e032daf66627d4e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
+            Version: 3
+            TBS:
+                MD5: fb72fa311261c4fb6a786e5cc7ce1d2f
+                SHA1: 1006abcf3b1eb43fd4cc42a2cc25346b3b9002c3
+                SHA256: 01beb7dc0d29b16a5506fc611b435aa0f4d9c50408ca404e91135e493a20890a
+                SHA384: 759175ad5a7509fc3ea3678d14e568abd0edeb753b53af88af04869bea98a07314b88c26de077ab3bdb6dbb1df1b93f9
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    Imphash: cb8db41ab8c06472574e58b9466f4070
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: a5f87835956f86d2acccd4c8012a4fcd
+        SHA1: 2e37b05cd1bafe18e0a1a33560b0ec5aa99b0192
+        SHA256: e650b4e4b5a95cba582b9749cac4c40e67e854d78eb8494f46f6d11f1fcea4d6
+    Company: Windows (R) Win 7 DDK provider
+    Copyright: "\xA9 Microsoft Corporation. All rights reserved."
+    CreationTimestamp: '2010-03-10 09:24:11'
+    Description: CPUID Driver
+    ExportedFunctions: ''
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Filename: cpuz.sys
+    ImportedFunctions:
+    - IofCompleteRequest
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - RtlFreeUnicodeString
+    - ObfDereferenceObject
+    - MmIsAddressValid
+    - IoGetDeviceObjectPointer
+    - RtlAnsiStringToUnicodeString
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - ProbeForWrite
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - RtlUnwind
+    - KeTickCount
+    - KeBugCheckEx
+    - RtlInitUnicodeString
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - PsGetVersion
+    - KeInitializeEvent
+    - IoBuildDeviceIoControlRequest
+    - IofCallDriver
+    - RtlInitAnsiString
+    - KeWaitForSingleObject
+    - READ_PORT_USHORT
+    - READ_PORT_ULONG
+    - WRITE_PORT_UCHAR
+    - WRITE_PORT_USHORT
+    - WRITE_PORT_ULONG
+    - HalGetBusDataByOffset
+    - HalSetBusDataByOffset
+    - READ_PORT_UCHAR
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: cpuz.sys
+    MD5: 2f8653034a35526df88ea0c62b035a42
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: cpuz.sys
+    Product: Windows (R) Win 7 DDK driver
+    ProductVersion: 6.1.7600.16385
+    RichPEHeaderHash:
+        MD5: ac22d2bffa82e1f2eeaff75340ddf502
+        SHA1: a884c8f5b8d433e30a79d959fb37fb0746ff537b
+        SHA256: 3e8f2e809174f7d618f3ce991f37c51a77d2a43db600925041b13fa3430146de
+    SHA1: 68ca9c27131aa35c7f433dc914da74f4b3d8793f
+    SHA256: 4d19ee789e101e5a76834fb411aadf8229f08b3ece671343ad57a6576a525036
+    Sections:
+        .text:
+            Entropy: 6.237934687882857
+            Virtual Size: '0x2180'
+        .rdata:
+            Entropy: 4.44829003144624
+            Virtual Size: '0x2f4'
+        .data:
+            Entropy: 0.335842300318532
+            Virtual Size: '0x1e0'
+        INIT:
+            Entropy: 5.414827215159332
+            Virtual Size: '0x3dc'
+        .rsrc:
+            Entropy: 3.4140956924835417
+            Virtual Size: '0x3d0'
+        .reloc:
+            Entropy: 5.51200680030155
+            Virtual Size: '0x236'
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=CPUID
+            ValidFrom: '2009-02-02 00:00:00'
+            ValidTo: '2012-02-07 23:59:59'
+            Signature: 9a9bbecb393272aaedfd7a125e0fe581151a18a75a4094e082a38156f62018b9d59edef27429bbea60d6e146a2ce134546d54e00b6585c1d85e3aedfb3b9a5de7728a96b2bcc26106655bae6bc5ce3a72714f9e23282a2fba29fc870b394e832f07dc50ded3a042953fe91379769e424398278b6ed14ae4f6b4cce5fa7ba20fc8d157a78fd308214d177189bcd76b2bd62a861a8c1562e2748f338f7369f0f062804685399a6655fcb4564a644e7a8bee8330557376884cce9153992e8e205bc1474dbd0109b3c87991db9bb77a9dff5775267390431ce56ff49500d8ad70be34a0d9a0b112e07eb55f0fe07de9ac93a0b30cb36029b5ec41e032daf66627d4e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
+            Version: 3
+            TBS:
+                MD5: fb72fa311261c4fb6a786e5cc7ce1d2f
+                SHA1: 1006abcf3b1eb43fd4cc42a2cc25346b3b9002c3
+                SHA256: 01beb7dc0d29b16a5506fc611b435aa0f4d9c50408ca404e91135e493a20890a
+                SHA384: 759175ad5a7509fc3ea3678d14e568abd0edeb753b53af88af04869bea98a07314b88c26de077ab3bdb6dbb1df1b93f9
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    Imphash: 29a1da8841f5363423dcba1a9773809a
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: b98238e731280f6d726e61b0016cb877
+        SHA1: 820a00a0e0fc628d06ac1f779eb9e88d613d8934
+        SHA256: b46fb3ed5a7a84ef594ab0b76f384aa2dca0614574478fb98308806612609465
+    Company: CPUID
+    Copyright: Copyright(C) 2017 CPUID
+    CreationTimestamp: '2017-03-23 05:27:23'
+    Description: CPUID Driver
+    ExportedFunctions: ''
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Filename: cpuz.sys
+    ImportedFunctions:
+    - PsGetVersion
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeTickCount
+    - KeBugCheckEx
+    - IofCompleteRequest
+    - MmMapIoSpace
+    - MmUnmapIoSpace
+    - ProbeForWrite
+    - IoDeleteDevice
+    - RtlInitUnicodeString
+    - IoDeleteSymbolicLink
+    - RtlUnwindEx
+    - RtlPcToFileHeader
+    - READ_PORT_USHORT
+    - WRITE_PORT_ULONG
+    - HalGetBusDataByOffset
+    - HalSetBusDataByOffset
+    - READ_PORT_UCHAR
+    - HalCallPal
+    - WRITE_PORT_UCHAR
+    - KeStallExecutionProcessor
+    - WRITE_PORT_USHORT
+    - READ_PORT_ULONG
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: cpuz.sys
+    MD5: e747f164fc89566f934f9ec5627cd8c3
+    MachineType: IA64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: cpuz.sys
+    Product: CPUID service
+    ProductVersion: 6.1.7600.16385
+    RichPEHeaderHash:
+        MD5: 756be87f8c768cb8bfd02af932dd7589
+        SHA1: 16c2ebba52ba9fb0ef5570c1d620daaaee63865a
+        SHA256: 48acdfbe5ad27d73c0fd9b115a49420f182d146bca52797ce33cc2a061ff0ced
+    SHA1: a958734d25865cbc6bcbc11090ab9d6b72799143
+    SHA256: 5177a3b7393fb5855b2ec0a45d4c91660b958ee077e76e5a7d0669f2e04bcf02
+    Sections:
+        .text:
+            Entropy: 5.336714834529696
+            Virtual Size: '0x5780'
+        .rdata:
+            Entropy: 4.010151907627347
+            Virtual Size: '0x550'
+        .pdata:
+            Entropy: 3.4578065856245583
+            Virtual Size: '0xd8'
+        .sdata:
+            Entropy: 1.1203888318125959
+            Virtual Size: '0x420'
+        INIT:
+            Entropy: 5.015276332791068
+            Virtual Size: '0x3e8'
+        .rsrc:
+            Entropy: 3.388191426646717
+            Virtual Size: '0x350'
+        .reloc:
+            Entropy: 0.9012044915351938
+            Virtual Size: '0x188'
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, CN=CPUID
+            ValidFrom: '2014-12-02 00:00:00'
+            ValidTo: '2018-03-02 23:59:59'
+            Signature: a59808b35f916a1201f0987b958aaaf50b81f3e507cf9d1b902bc22787244617e38069e4ca74bcf505dfdfeb6bad8bee2ecba26a428c2b26c9b9987241b50ccfd895a7335b35534c5569fdef2554d773cb3b20f10e08eeff2701d2a3e8ef7c5bb759baf1995d1580dce4f0c5da90eff4f07e01e7c9273b24c14c514f2ae1d1fe940dd53bfa25572cd6f3c007c7f21aebc58ea32ca3aea83c731419c9dcc191158cbb52b0b70545a16c9b42aadd4dcb167443d6c15fa03ae7f6f0f644845a69cb8badb3f143fd916a70c5008c3486d1f0cc8e0527f76da5aeaca4925f6eb6861dd54e1ce8b80e6b000446d77ac8bd0299e38db3b8e4a9c43294367cd6a55351d0
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 2d8021d84f098e7abde199f818e211a4
+            Version: 3
+            TBS:
+                MD5: 8f8c7ccf1ef7e1ee347f49e8266008ca
+                SHA1: b856b993df73da9d824aa1e5161788bd10d1e10e
+                SHA256: 1dd13a417806106c76cfbcd3614fe27a0638d2aaf2731f6a110c05043e34ad91
+                SHA384: d24ede407b82f80a6f0703b59af267f227a956c21f642f4c3d717d6999728ba2acfde76966340f4334f8ecdcf294616e
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 2d8021d84f098e7abde199f818e211a4
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: a2d936fa82b7340d28a697fb344046d8
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: a28d6b501a18377685e448a214f370a6
+        SHA1: 732fdb7d346543552b44e6d127fa907df7ef8d81
+        SHA256: 942a7b2ebca0edeff5803c8f899ee455c0ec279542c41d2db2664d58c1025c86
+    Company: CPUID
+    Copyright: Copyright(C) 2010 CPUID
+    CreationTimestamp: '2011-09-21 02:23:41'
+    Description: CPUID Driver
+    ExportedFunctions: ''
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Filename: cpuz.sys
+    ImportedFunctions:
+    - RtlAnsiStringToUnicodeString
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeInitializeEvent
+    - RtlInitAnsiString
+    - MmUnmapIoSpace
+    - IoCancelIrp
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - ExFreePoolWithTag
+    - IofCompleteRequest
+    - KeWaitForSingleObject
+    - PsGetVersion
+    - IoCreateSymbolicLink
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - IofCallDriver
+    - KeBugCheckEx
+    - IoDeleteSymbolicLink
+    - IoBuildDeviceIoControlRequest
+    - MmMapIoSpace
+    - ExAllocatePoolWithTag
+    - RtlUnwindEx
+    - HalSetBusDataByOffset
+    - KeStallExecutionProcessor
+    - HalGetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: cpuz.sys
+    MD5: c08063f052308b6f5882482615387f30
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: cpuz.sys
+    Product: CPUID service
+    ProductVersion: 6.1.7600.16385
+    RichPEHeaderHash:
+        MD5: 89dc670b5f7c06b577deeec9473dc96b
+        SHA1: af59c00ae531117ba9307257ab945cdf6c8309f6
+        SHA256: 35b9d8fc904c88f4df237edc610727f89c415e48bcf135191c43832bb2935ba6
+    SHA1: 252157ab2e33eed7aa112d1c93c720cadcee31ae
+    SHA256: 523d1d43e896077f32cd9acaa8e85b513bfb7b013a625e56f0d4e9675d9822ba
+    Sections:
+        .text:
+            Entropy: 6.200416768922914
+            Virtual Size: '0x2586'
+        .rdata:
+            Entropy: 4.272735727458459
+            Virtual Size: '0x3e0'
+        .data:
+            Entropy: 0.378703493487675
+            Virtual Size: '0x2c0'
+        .pdata:
+            Entropy: 3.401514027013751
+            Virtual Size: '0x90'
+        INIT:
+            Entropy: 5.067835669413665
+            Virtual Size: '0x406'
+        .rsrc:
+            Entropy: 3.3943730160709853
+            Virtual Size: '0x350'
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=CPUID
+            ValidFrom: '2009-02-02 00:00:00'
+            ValidTo: '2012-02-07 23:59:59'
+            Signature: 9a9bbecb393272aaedfd7a125e0fe581151a18a75a4094e082a38156f62018b9d59edef27429bbea60d6e146a2ce134546d54e00b6585c1d85e3aedfb3b9a5de7728a96b2bcc26106655bae6bc5ce3a72714f9e23282a2fba29fc870b394e832f07dc50ded3a042953fe91379769e424398278b6ed14ae4f6b4cce5fa7ba20fc8d157a78fd308214d177189bcd76b2bd62a861a8c1562e2748f338f7369f0f062804685399a6655fcb4564a644e7a8bee8330557376884cce9153992e8e205bc1474dbd0109b3c87991db9bb77a9dff5775267390431ce56ff49500d8ad70be34a0d9a0b112e07eb55f0fe07de9ac93a0b30cb36029b5ec41e032daf66627d4e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
+            Version: 3
+            TBS:
+                MD5: fb72fa311261c4fb6a786e5cc7ce1d2f
+                SHA1: 1006abcf3b1eb43fd4cc42a2cc25346b3b9002c3
+                SHA256: 01beb7dc0d29b16a5506fc611b435aa0f4d9c50408ca404e91135e493a20890a
+                SHA384: 759175ad5a7509fc3ea3678d14e568abd0edeb753b53af88af04869bea98a07314b88c26de077ab3bdb6dbb1df1b93f9
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    Imphash: 82942c060f79cefd3bf1acdf5c207561
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 00556fc028ef505e2a528e054c435923
+        SHA1: f645fd2deb256b7e3b8dcb7213c4fb61f2e209ec
+        SHA256: c2159219e9986ab9e07e00a87fb83835230a2b99174e7f9b94096046c2dace55
+    Company: Windows (R) Win 7 DDK provider
+    Copyright: "\xA9 Microsoft Corporation. All rights reserved."
+    CreationTimestamp: '2010-07-09 05:17:26'
+    Description: CPUID Driver
+    ExportedFunctions: ''
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Filename: cpuz.sys
+    ImportedFunctions:
+    - PsGetVersion
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeTickCount
+    - KeBugCheckEx
+    - IofCompleteRequest
+    - MmMapIoSpace
+    - MmUnmapIoSpace
+    - ProbeForWrite
+    - IoDeleteDevice
+    - RtlInitUnicodeString
+    - IoDeleteSymbolicLink
+    - __C_specific_handler
+    - READ_PORT_USHORT
+    - WRITE_PORT_ULONG
+    - HalGetBusDataByOffset
+    - HalSetBusDataByOffset
+    - READ_PORT_UCHAR
+    - HalCallPal
+    - WRITE_PORT_UCHAR
+    - KeStallExecutionProcessor
+    - WRITE_PORT_USHORT
+    - READ_PORT_ULONG
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: cpuz.sys
+    MD5: 549e5148be5e7be17f9d416d8a0e333e
+    MachineType: IA64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: cpuz.sys
+    Product: Windows (R) Win 7 DDK driver
+    ProductVersion: 6.1.7600.16385
+    RichPEHeaderHash:
+        MD5: 3e05f63a445c98b6831d9476006337f7
+        SHA1: 08c8e06efd3136ae964f86be406389c47f74e4dd
+        SHA256: e5965588f92317c7d220193aa42f12d30bae66f0008f4831568b8131edeeb70a
+    SHA1: 6d9e22a275a5477ea446e6c56ee45671fbcbb5f6
+    SHA256: 592f56b13e7dcaa285da64a0b9a48be7562bd9b0a190208b7c8b7d8de427cf6c
+    Sections:
+        .text:
+            Entropy: 5.396352784335148
+            Virtual Size: '0x3130'
+        .rdata:
+            Entropy: 4.150556480845234
+            Virtual Size: '0x348'
+        .pdata:
+            Entropy: 3.2551039363088288
+            Virtual Size: '0x84'
+        .sdata:
+            Entropy: 1.055945444608438
+            Virtual Size: '0x260'
+        INIT:
+            Entropy: 5.06628585370835
+            Virtual Size: '0x3d6'
+        .rsrc:
+            Entropy: 3.4181439310744572
+            Virtual Size: '0x3d0'
+        .reloc:
+            Entropy: 1.042907998495935
+            Virtual Size: '0x146'
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=CPUID
+            ValidFrom: '2009-02-02 00:00:00'
+            ValidTo: '2012-02-07 23:59:59'
+            Signature: 9a9bbecb393272aaedfd7a125e0fe581151a18a75a4094e082a38156f62018b9d59edef27429bbea60d6e146a2ce134546d54e00b6585c1d85e3aedfb3b9a5de7728a96b2bcc26106655bae6bc5ce3a72714f9e23282a2fba29fc870b394e832f07dc50ded3a042953fe91379769e424398278b6ed14ae4f6b4cce5fa7ba20fc8d157a78fd308214d177189bcd76b2bd62a861a8c1562e2748f338f7369f0f062804685399a6655fcb4564a644e7a8bee8330557376884cce9153992e8e205bc1474dbd0109b3c87991db9bb77a9dff5775267390431ce56ff49500d8ad70be34a0d9a0b112e07eb55f0fe07de9ac93a0b30cb36029b5ec41e032daf66627d4e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
+            Version: 3
+            TBS:
+                MD5: fb72fa311261c4fb6a786e5cc7ce1d2f
+                SHA1: 1006abcf3b1eb43fd4cc42a2cc25346b3b9002c3
+                SHA256: 01beb7dc0d29b16a5506fc611b435aa0f4d9c50408ca404e91135e493a20890a
+                SHA384: 759175ad5a7509fc3ea3678d14e568abd0edeb753b53af88af04869bea98a07314b88c26de077ab3bdb6dbb1df1b93f9
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    Imphash: f0820e8f674e44e5c2a3f899ec561c1d
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 1a595aaefa6bd782d63e97de4fcec464
+        SHA1: eae1ab9e3aac1a4de139993b7e63542befccf0df
+        SHA256: 6045d564286f00fc1efedd25ffd22ecb7eaf2b3a6c778e392319380c77e45658
+    Company: CPUID
+    Copyright: Copyright(C) 2010 CPUID
+    CreationTimestamp: '2012-08-11 01:48:20'
+    Description: CPUID Driver
+    ExportedFunctions: ''
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Filename: cpuz.sys
+    ImportedFunctions:
+    - RtlAnsiStringToUnicodeString
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeInitializeEvent
+    - RtlInitAnsiString
+    - MmUnmapIoSpace
+    - IoCancelIrp
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - MmMapIoSpace
+    - ExFreePoolWithTag
+    - KeWaitForSingleObject
+    - PsGetVersion
+    - IoCreateSymbolicLink
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - DbgPrint
+    - IofCallDriver
+    - KeBugCheckEx
+    - IoDeleteSymbolicLink
+    - IoBuildDeviceIoControlRequest
+    - IofCompleteRequest
+    - ExAllocatePoolWithTag
+    - RtlUnwindEx
+    - HalSetBusDataByOffset
+    - KeStallExecutionProcessor
+    - HalGetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: cpuz.sys
+    MD5: d0c2caa17c7b6d2200e1b5aa9d07135e
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: cpuz.sys
+    Product: CPUID service
+    ProductVersion: 6.1.7600.16385
+    RichPEHeaderHash:
+        MD5: dd4b3ae5449a7da46b90bead31c1bab6
+        SHA1: 76abd50622838fcbb459166b2b42850bc5cfd18b
+        SHA256: 3bb0708613c56dbb77df753872797d73065432ac7c2ea3cde2569173972c7dac
+    SHA1: bad84fca57ab0ef0af9230a93e0cc3d149f9ccd0
+    SHA256: 5b3705b47dc15f2b61ca3821b883b9cd114d83fcc3344d11eb1d3df495d75abe
+    Sections:
+        .text:
+            Entropy: 6.2041710477554854
+            Virtual Size: '0x2616'
+        .rdata:
+            Entropy: 4.177976296652285
+            Virtual Size: '0x3ec'
+        .data:
+            Entropy: 0.378703493487675
+            Virtual Size: '0x2c0'
+        .pdata:
+            Entropy: 3.499086286863614
+            Virtual Size: '0xc0'
+        INIT:
+            Entropy: 5.052256723807581
+            Virtual Size: '0x41a'
+        .rsrc:
+            Entropy: 3.3943730160709853
+            Virtual Size: '0x350'
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G3
+            ValidFrom: '2012-05-01 00:00:00'
+            ValidTo: '2012-12-31 23:59:59'
+            Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
+            Version: 3
+            TBS:
+                MD5: e6d820afb23af20a65cf0b03247ea05e
+                SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
+                SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
+                SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=CPUID
+            ValidFrom: '2012-01-06 00:00:00'
+            ValidTo: '2015-02-06 23:59:59'
+            Signature: be6fb3b3b33e9108a9a2273d1cf5eb3209a8c3a86ba7d66069393587f6b451b75b327ea15d36b1604aad5509c0ace37fa66e220b35764b9c201169677738c06802d2f798383c256c690898a663b0aeb519491057f9f24149c513abba2a4cab9934a684e5d83a34105fe6681f2b85d5ee06332d1c05c3627758442fd2fc94f5f68bb30f085cb1d31174e1461394aeef7b124291a099654d1103df3deab81e9658b5b5cc817061d688ae39e702f1d0dd420d6de931bed331960e089233b8576482e48d5b769fdfa8df02e1d098912444b324057826e1f72c26f045b2479a9b39eadfd6b2e1bd6db4057ef6b12ca385cad9a7ad82c4414e619f97dfd08a55f59053
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 53c8b54713882d4d5439511804935e
+            Version: 3
+            TBS:
+                MD5: 49e7946e133b4aaa31899adb235d3fa9
+                SHA1: f9f38ec49a6ccb990805be6dda0efa5f7fe8f7e7
+                SHA256: 1bb998a806b890e3300be35de0daa1b691fa218ef3d58ee5ec1b43fd34250a74
+                SHA384: 0a2ca21b084e3b431a7150c49819934d64a8b259d5686706d879a90cc37d32005eb2bbe07558b312b1169ab8a3e3de39
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 53c8b54713882d4d5439511804935e
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 2561727ac42d399030b3c46477c428f4
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 423e8ee5a464bc64032924ee428b40af
+        SHA1: 37552fe06a39175032793e6317d124008a892f18
+        SHA256: abf635a246752555868f203a565ead519c9ada06ea007545a47bf352678c342a
+    Company: CPUID
+    Copyright: Copyright(C) 2014 CPUID
+    CreationTimestamp: '2015-10-21 03:22:27'
+    Description: CPUID Driver
+    ExportedFunctions: ''
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Filename: cpuz.sys
+    ImportedFunctions:
+    - RtlAnsiStringToUnicodeString
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeInitializeEvent
+    - RtlInitAnsiString
+    - MmUnmapIoSpace
+    - IoCancelIrp
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - ExFreePoolWithTag
+    - IofCompleteRequest
+    - KeWaitForSingleObject
+    - PsGetVersion
+    - IoCreateSymbolicLink
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - IofCallDriver
+    - KeBugCheckEx
+    - IoDeleteSymbolicLink
+    - IoBuildDeviceIoControlRequest
+    - MmMapIoSpace
+    - ExAllocatePoolWithTag
+    - RtlUnwindEx
+    - HalSetBusDataByOffset
+    - KeStallExecutionProcessor
+    - HalGetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: cpuz.sys
+    MD5: f310b453ac562f2c53d30aa6e35506bb
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: cpuz.sys
+    Product: CPUID service
+    ProductVersion: 6.1.7600.16385
+    RichPEHeaderHash:
+        MD5: b3dcf662ce69ad7b34717fb6aecf09a7
+        SHA1: 63be2c28ecee71a739bfbaf38466362e998bc5bc
+        SHA256: f4257b7e95b00b38e446b2708cc342fe32846266064b94c78ec1f987731c2226
+    SHA1: eb44a05f8bba3d15e38454bd92999a856e6574eb
+    SHA256: 600a2119657973112025db3c0eeab2e69d528bccfeed75f40c6ef50b059ec8a0
+    Sections:
+        .text:
+            Entropy: 6.187068215362904
+            Virtual Size: '0x30c6'
+        .rdata:
+            Entropy: 4.212054484888266
+            Virtual Size: '0x424'
+        .data:
+            Entropy: 0.378703493487675
+            Virtual Size: '0x2c0'
+        .pdata:
+            Entropy: 3.5511621274596537
+            Virtual Size: '0xd8'
+        INIT:
+            Entropy: 5.131854482283732
+            Virtual Size: '0x3ea'
+        .rsrc:
+            Entropy: 3.3971374522271924
+            Virtual Size: '0x350'
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, CN=CPUID
+            ValidFrom: '2014-12-02 00:00:00'
+            ValidTo: '2018-03-02 23:59:59'
+            Signature: a59808b35f916a1201f0987b958aaaf50b81f3e507cf9d1b902bc22787244617e38069e4ca74bcf505dfdfeb6bad8bee2ecba26a428c2b26c9b9987241b50ccfd895a7335b35534c5569fdef2554d773cb3b20f10e08eeff2701d2a3e8ef7c5bb759baf1995d1580dce4f0c5da90eff4f07e01e7c9273b24c14c514f2ae1d1fe940dd53bfa25572cd6f3c007c7f21aebc58ea32ca3aea83c731419c9dcc191158cbb52b0b70545a16c9b42aadd4dcb167443d6c15fa03ae7f6f0f644845a69cb8badb3f143fd916a70c5008c3486d1f0cc8e0527f76da5aeaca4925f6eb6861dd54e1ce8b80e6b000446d77ac8bd0299e38db3b8e4a9c43294367cd6a55351d0
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 2d8021d84f098e7abde199f818e211a4
+            Version: 3
+            TBS:
+                MD5: 8f8c7ccf1ef7e1ee347f49e8266008ca
+                SHA1: b856b993df73da9d824aa1e5161788bd10d1e10e
+                SHA256: 1dd13a417806106c76cfbcd3614fe27a0638d2aaf2731f6a110c05043e34ad91
+                SHA384: d24ede407b82f80a6f0703b59af267f227a956c21f642f4c3d717d6999728ba2acfde76966340f4334f8ecdcf294616e
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 2d8021d84f098e7abde199f818e211a4
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: f12ae9073d95c22ed89247253d59f500
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 2d28bedef20cc63f0ae1b726a5cb34e0
+        SHA1: 92524be5b5320c3e08d880ecbcd36a9c8037a921
+        SHA256: 47c9323ae818bd2a3b55fc04abd984bd940cd4e27b6d4af311edcb66988ce941
+    Company: Windows (R) Win 7 DDK provider
+    Copyright: "\xA9 Microsoft Corporation. All rights reserved."
+    CreationTimestamp: '2010-03-16 05:00:47'
+    Description: CPUID Driver
+    ExportedFunctions: ''
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Filename: cpuz.sys
+    ImportedFunctions:
+    - ExFreePoolWithTag
+    - RtlAnsiStringToUnicodeString
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - ProbeForWrite
+    - KeInitializeEvent
+    - RtlInitAnsiString
+    - MmUnmapIoSpace
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - IoDeleteSymbolicLink
+    - IofCompleteRequest
+    - KeWaitForSingleObject
+    - PsGetVersion
+    - IoCreateSymbolicLink
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - IofCallDriver
+    - KeBugCheckEx
+    - IoBuildDeviceIoControlRequest
+    - MmMapIoSpace
+    - ExAllocatePoolWithTag
+    - RtlUnwindEx
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: cpuz.sys
+    MD5: aa69b4255e786d968adbd75ba5cf3e93
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: cpuz.sys
+    Product: Windows (R) Win 7 DDK driver
+    ProductVersion: 6.1.7600.16385
+    RichPEHeaderHash:
+        MD5: a38f27f93ae0a47de0beccf18bdd9f0d
+        SHA1: cd1a8f9d3317d025efd043e634381412d74f38d3
+        SHA256: f570747684874e6d241bec749b182ef1902d578127bf1087132383695896986e
+    SHA1: af5f642b105d86f82ba6d5e7a55d6404bfb50875
+    SHA256: 60b163776e7b95e0c2280d04476304d0c943b484909131f340e3ce6045a49289
+    Sections:
+        .text:
+            Entropy: 6.169826234776459
+            Virtual Size: '0x2176'
+        .rdata:
+            Entropy: 4.207878001994479
+            Virtual Size: '0x3cc'
+        .data:
+            Entropy: 0.378703493487675
+            Virtual Size: '0x2c0'
+        .pdata:
+            Entropy: 3.4966307212281404
+            Virtual Size: '0xc0'
+        INIT:
+            Entropy: 5.089554733637361
+            Virtual Size: '0x3e4'
+        .rsrc:
+            Entropy: 3.4155760648585995
+            Virtual Size: '0x3d0'
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=CPUID
+            ValidFrom: '2009-02-02 00:00:00'
+            ValidTo: '2012-02-07 23:59:59'
+            Signature: 9a9bbecb393272aaedfd7a125e0fe581151a18a75a4094e082a38156f62018b9d59edef27429bbea60d6e146a2ce134546d54e00b6585c1d85e3aedfb3b9a5de7728a96b2bcc26106655bae6bc5ce3a72714f9e23282a2fba29fc870b394e832f07dc50ded3a042953fe91379769e424398278b6ed14ae4f6b4cce5fa7ba20fc8d157a78fd308214d177189bcd76b2bd62a861a8c1562e2748f338f7369f0f062804685399a6655fcb4564a644e7a8bee8330557376884cce9153992e8e205bc1474dbd0109b3c87991db9bb77a9dff5775267390431ce56ff49500d8ad70be34a0d9a0b112e07eb55f0fe07de9ac93a0b30cb36029b5ec41e032daf66627d4e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
+            Version: 3
+            TBS:
+                MD5: fb72fa311261c4fb6a786e5cc7ce1d2f
+                SHA1: 1006abcf3b1eb43fd4cc42a2cc25346b3b9002c3
+                SHA256: 01beb7dc0d29b16a5506fc611b435aa0f4d9c50408ca404e91135e493a20890a
+                SHA384: 759175ad5a7509fc3ea3678d14e568abd0edeb753b53af88af04869bea98a07314b88c26de077ab3bdb6dbb1df1b93f9
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    Imphash: af34db96db910a3fa7a56f2fac8ed5e1
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 41fd82e071d4afdfd8a895d0ab4fb568
+        SHA1: b72edd113acbd4bb98374b80c1d238eb1e348f15
+        SHA256: 3b2a3b74127c7ecf095e0fe5a65af31b9701d2ba6dc2a4d87882de65d84842c0
+    Company: CPUID
+    Copyright: Copyright(C) 2010 CPUID
+    CreationTimestamp: '2011-09-21 02:24:20'
+    Description: CPUID Driver
+    ExportedFunctions: ''
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Filename: cpuz.sys
+    ImportedFunctions:
+    - IofCompleteRequest
+    - ExFreePool
+    - ExAllocatePoolWithTag
+    - RtlFreeUnicodeString
+    - ObfDereferenceObject
+    - MmIsAddressValid
+    - IoGetDeviceObjectPointer
+    - MmUnmapIoSpace
+    - RtlInitAnsiString
+    - MmMapIoSpace
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeTickCount
+    - KeBugCheckEx
+    - RtlInitUnicodeString
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - PsGetVersion
+    - KeInitializeEvent
+    - IoBuildDeviceIoControlRequest
+    - IofCallDriver
+    - KeWaitForSingleObject
+    - RtlAnsiStringToUnicodeString
+    - IoCancelIrp
+    - RtlUnwind
+    - READ_PORT_USHORT
+    - READ_PORT_ULONG
+    - WRITE_PORT_UCHAR
+    - WRITE_PORT_USHORT
+    - WRITE_PORT_ULONG
+    - HalGetBusDataByOffset
+    - HalSetBusDataByOffset
+    - KeStallExecutionProcessor
+    - READ_PORT_UCHAR
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: cpuz.sys
+    MD5: 3411fdf098aa20193eee5ffa36ba43b2
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: cpuz.sys
+    Product: CPUID service
+    ProductVersion: 6.1.7600.16385
+    RichPEHeaderHash:
+        MD5: 4ba73072bea66755a70f3a8c99951424
+        SHA1: d9ce039d736544c2d9b7fe44460d8e006a5c62f0
+        SHA256: 3b45bc2da9543317e7a22486f86a3f8c0eb289596d1d7661b47e35e99058861f
+    SHA1: ad05bff5fe45df9e08252717fc2bc2af57bf026f
+    SHA256: 67734c7c0130dd66c964f76965f09a2290da4b14c94412c0056046e700654bdc
+    Sections:
+        .text:
+            Entropy: 6.1851356647481595
+            Virtual Size: '0x2600'
+        .rdata:
+            Entropy: 4.469676429308113
+            Virtual Size: '0x2f8'
+        .data:
+            Entropy: 0.22396935932252834
+            Virtual Size: '0x1c0'
+        INIT:
+            Entropy: 5.358436362596031
+            Virtual Size: '0x3f4'
+        .rsrc:
+            Entropy: 3.3927376128305218
+            Virtual Size: '0x350'
+        .reloc:
+            Entropy: 5.38153465292173
+            Virtual Size: '0x244'
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=CPUID
+            ValidFrom: '2009-02-02 00:00:00'
+            ValidTo: '2012-02-07 23:59:59'
+            Signature: 9a9bbecb393272aaedfd7a125e0fe581151a18a75a4094e082a38156f62018b9d59edef27429bbea60d6e146a2ce134546d54e00b6585c1d85e3aedfb3b9a5de7728a96b2bcc26106655bae6bc5ce3a72714f9e23282a2fba29fc870b394e832f07dc50ded3a042953fe91379769e424398278b6ed14ae4f6b4cce5fa7ba20fc8d157a78fd308214d177189bcd76b2bd62a861a8c1562e2748f338f7369f0f062804685399a6655fcb4564a644e7a8bee8330557376884cce9153992e8e205bc1474dbd0109b3c87991db9bb77a9dff5775267390431ce56ff49500d8ad70be34a0d9a0b112e07eb55f0fe07de9ac93a0b30cb36029b5ec41e032daf66627d4e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
+            Version: 3
+            TBS:
+                MD5: fb72fa311261c4fb6a786e5cc7ce1d2f
+                SHA1: 1006abcf3b1eb43fd4cc42a2cc25346b3b9002c3
+                SHA256: 01beb7dc0d29b16a5506fc611b435aa0f4d9c50408ca404e91135e493a20890a
+                SHA384: 759175ad5a7509fc3ea3678d14e568abd0edeb753b53af88af04869bea98a07314b88c26de077ab3bdb6dbb1df1b93f9
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    Imphash: 5716c52252afe18d09f6c1bc6e5ef3ef
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: a3d5faa9e1a6f47f8e0a23ef837afe38
+        SHA1: bb21b535fa0adaef1a9a29759e0d2b2a5faf1965
+        SHA256: 5e9099b95b2074fecc6efa6d59552651b1e082aaa3612889f417064d378a797f
+    Company: CPUID
+    Copyright: Copyright(C) 2014 CPUID
+    CreationTimestamp: '2014-02-17 07:22:11'
+    Description: CPUID Driver
+    ExportedFunctions: ''
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Filename: cpuz.sys
+    ImportedFunctions:
+    - PsGetVersion
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeTickCount
+    - KeBugCheckEx
+    - IofCompleteRequest
+    - MmMapIoSpace
+    - MmUnmapIoSpace
+    - ProbeForWrite
+    - IoDeleteDevice
+    - RtlInitUnicodeString
+    - IoDeleteSymbolicLink
+    - RtlUnwindEx
+    - RtlPcToFileHeader
+    - READ_PORT_USHORT
+    - WRITE_PORT_ULONG
+    - HalGetBusDataByOffset
+    - HalSetBusDataByOffset
+    - READ_PORT_UCHAR
+    - HalCallPal
+    - WRITE_PORT_UCHAR
+    - KeStallExecutionProcessor
+    - WRITE_PORT_USHORT
+    - READ_PORT_ULONG
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: cpuz.sys
+    MD5: f60a9b88c6ff07d4990d8653d0025683
+    MachineType: IA64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: cpuz.sys
+    Product: CPUID service
+    ProductVersion: 6.1.7600.16385
+    RichPEHeaderHash:
+        MD5: d6643b31d447dc612fb7920d936baf5a
+        SHA1: 0d2acfebbfb9a35446bb9ff7b915c8ff514fd7dc
+        SHA256: 98f7bc08e99aa659bfb0295c09adf8ccfdb7f7ad8cc065cfb4f0732585c1855c
+    SHA1: 0cc60a56e245e70f664906b7b67dfe1b4a08a5b7
+    SHA256: 6befa481e8cca8084d9ec3a1925782cd3c28ef7a3e4384e034d48deaabb96b63
+    Sections:
+        .text:
+            Entropy: 5.3484809966574
+            Virtual Size: '0x3b60'
+        .rdata:
+            Entropy: 4.154715674967178
+            Virtual Size: '0x3d8'
+        .pdata:
+            Entropy: 3.4060649759113413
+            Virtual Size: '0xb4'
+        .sdata:
+            Entropy: 1.1203888318125959
+            Virtual Size: '0x2a0'
+        INIT:
+            Entropy: 5.0324391219722715
+            Virtual Size: '0x3e8'
+        .rsrc:
+            Entropy: 3.3971374522271924
+            Virtual Size: '0x350'
+        .reloc:
+            Entropy: 0.9557665440658051
+            Virtual Size: '0x168'
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=CPUID
+            ValidFrom: '2012-01-06 00:00:00'
+            ValidTo: '2015-02-06 23:59:59'
+            Signature: be6fb3b3b33e9108a9a2273d1cf5eb3209a8c3a86ba7d66069393587f6b451b75b327ea15d36b1604aad5509c0ace37fa66e220b35764b9c201169677738c06802d2f798383c256c690898a663b0aeb519491057f9f24149c513abba2a4cab9934a684e5d83a34105fe6681f2b85d5ee06332d1c05c3627758442fd2fc94f5f68bb30f085cb1d31174e1461394aeef7b124291a099654d1103df3deab81e9658b5b5cc817061d688ae39e702f1d0dd420d6de931bed331960e089233b8576482e48d5b769fdfa8df02e1d098912444b324057826e1f72c26f045b2479a9b39eadfd6b2e1bd6db4057ef6b12ca385cad9a7ad82c4414e619f97dfd08a55f59053
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 53c8b54713882d4d5439511804935e
+            Version: 3
+            TBS:
+                MD5: 49e7946e133b4aaa31899adb235d3fa9
+                SHA1: f9f38ec49a6ccb990805be6dda0efa5f7fe8f7e7
+                SHA256: 1bb998a806b890e3300be35de0daa1b691fa218ef3d58ee5ec1b43fd34250a74
+                SHA384: 0a2ca21b084e3b431a7150c49819934d64a8b259d5686706d879a90cc37d32005eb2bbe07558b312b1169ab8a3e3de39
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 53c8b54713882d4d5439511804935e
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: a2d936fa82b7340d28a697fb344046d8
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 49da5e87cba74d3bd91bd589e49b0d1a
+        SHA1: e79179e0a586067e9d9654c2a8dfd45963ddcac3
+        SHA256: 36729c2c714e05ebf9bc7262bc7f0d5d25d9dc9c8e0c4fdce27143bbdd9d9aa7
+    Company: CPUID
+    Copyright: Copyright(C) 2015 CPUID
+    CreationTimestamp: '2015-11-18 02:17:31'
+    Description: CPUID Driver
+    ExportedFunctions: ''
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Filename: cpuz.sys
+    ImportedFunctions:
+    - PsGetVersion
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeTickCount
+    - KeBugCheckEx
+    - IofCompleteRequest
+    - MmMapIoSpace
+    - MmUnmapIoSpace
+    - ProbeForWrite
+    - IoDeleteDevice
+    - RtlInitUnicodeString
+    - IoDeleteSymbolicLink
+    - __C_specific_handler
+    - READ_PORT_USHORT
+    - WRITE_PORT_ULONG
+    - HalGetBusDataByOffset
+    - HalSetBusDataByOffset
+    - READ_PORT_UCHAR
+    - HalCallPal
+    - WRITE_PORT_UCHAR
+    - KeStallExecutionProcessor
+    - WRITE_PORT_USHORT
+    - READ_PORT_ULONG
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: cpuz.sys
+    MD5: c046ca4da48db1524ddf3a49a8d02b65
+    MachineType: IA64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: cpuz.sys
+    Product: CPUID service
+    ProductVersion: 6.1.7600.16385
+    RichPEHeaderHash:
+        MD5: 8ea619be06260d53ffafd0dc9b610cb0
+        SHA1: c796bfcf888f2b8841388524d2117d3bb17c0e8c
+        SHA256: 0140c43b66ca9c67a08bcb7eaddab10203a2c2b75bd411d5eecf8d0d78dce9c6
+    SHA1: 5635bb2478929010693bc3b23f8b7fe5fdbc3aed
+    SHA256: 771015b2620942919bb2e0683476635b7a09db55216d6fbf03534cb18513b20c
+    Sections:
+        .text:
+            Entropy: 5.372120601484934
+            Virtual Size: '0x3850'
+        .rdata:
+            Entropy: 4.096307336199365
+            Virtual Size: '0x3a0'
+        .pdata:
+            Entropy: 3.3485198020390934
+            Virtual Size: '0x9c'
+        .sdata:
+            Entropy: 1.055945444608438
+            Virtual Size: '0x260'
+        INIT:
+            Entropy: 5.065598292840257
+            Virtual Size: '0x3d6'
+        .rsrc:
+            Entropy: 3.3958173868041217
+            Virtual Size: '0x350'
+        .reloc:
+            Entropy: 1.0164053768066021
+            Virtual Size: '0x14e'
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, CN=CPUID
+            ValidFrom: '2014-12-02 00:00:00'
+            ValidTo: '2018-03-02 23:59:59'
+            Signature: a59808b35f916a1201f0987b958aaaf50b81f3e507cf9d1b902bc22787244617e38069e4ca74bcf505dfdfeb6bad8bee2ecba26a428c2b26c9b9987241b50ccfd895a7335b35534c5569fdef2554d773cb3b20f10e08eeff2701d2a3e8ef7c5bb759baf1995d1580dce4f0c5da90eff4f07e01e7c9273b24c14c514f2ae1d1fe940dd53bfa25572cd6f3c007c7f21aebc58ea32ca3aea83c731419c9dcc191158cbb52b0b70545a16c9b42aadd4dcb167443d6c15fa03ae7f6f0f644845a69cb8badb3f143fd916a70c5008c3486d1f0cc8e0527f76da5aeaca4925f6eb6861dd54e1ce8b80e6b000446d77ac8bd0299e38db3b8e4a9c43294367cd6a55351d0
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 2d8021d84f098e7abde199f818e211a4
+            Version: 3
+            TBS:
+                MD5: 8f8c7ccf1ef7e1ee347f49e8266008ca
+                SHA1: b856b993df73da9d824aa1e5161788bd10d1e10e
+                SHA256: 1dd13a417806106c76cfbcd3614fe27a0638d2aaf2731f6a110c05043e34ad91
+                SHA384: d24ede407b82f80a6f0703b59af267f227a956c21f642f4c3d717d6999728ba2acfde76966340f4334f8ecdcf294616e
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 2d8021d84f098e7abde199f818e211a4
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: f0820e8f674e44e5c2a3f899ec561c1d
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: b978a03408c0e9ea44ffdeecc35ab83e
+        SHA1: fed654a9c5f2bf2a1ad9a2e94da162633fb468c5
+        SHA256: 72f9cb24cfa641876f34967b96244259f95987ef24d1d729c0e483b3eb9a2740
+    Company: CPUID
+    Copyright: Copyright(C) 2010 CPUID
+    CreationTimestamp: '2012-02-07 08:44:19'
+    Description: CPUID Driver
+    ExportedFunctions: ''
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Filename: cpuz.sys
+    ImportedFunctions:
+    - IofCompleteRequest
+    - ExFreePool
+    - ExAllocatePoolWithTag
+    - RtlFreeUnicodeString
+    - ObfDereferenceObject
+    - MmIsAddressValid
+    - IoGetDeviceObjectPointer
+    - MmUnmapIoSpace
+    - RtlInitAnsiString
+    - MmMapIoSpace
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - RtlUnwind
+    - KeTickCount
+    - KeBugCheckEx
+    - RtlInitUnicodeString
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - PsGetVersion
+    - KeInitializeEvent
+    - IoBuildDeviceIoControlRequest
+    - IofCallDriver
+    - KeWaitForSingleObject
+    - RtlAnsiStringToUnicodeString
+    - IoCancelIrp
+    - READ_PORT_USHORT
+    - READ_PORT_ULONG
+    - WRITE_PORT_UCHAR
+    - WRITE_PORT_USHORT
+    - WRITE_PORT_ULONG
+    - HalGetBusDataByOffset
+    - HalSetBusDataByOffset
+    - KeStallExecutionProcessor
+    - READ_PORT_UCHAR
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: cpuz.sys
+    MD5: 0283b43c6bc965175a1c92b255d39556
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: cpuz.sys
+    Product: CPUID service
+    ProductVersion: 6.1.7600.16385
+    RichPEHeaderHash:
+        MD5: 41f15d0f328a165973b49de608ef72a2
+        SHA1: abcd9850775bd0a1a855e785a238e0e69525810f
+        SHA256: 02dc44b04a6426fcaedf26995bfa471f123a90a9c747e82cebaf95f394890631
+    SHA1: 8325e8d7fd2edc126dcf1089dee8da64e79fb12e
+    SHA256: 80eeb8c2890f3535ed14f5881baf2f2226e6763be099d09fb8aadaba5b4474c1
+    Sections:
+        .text:
+            Entropy: 6.217479588256463
+            Virtual Size: '0x2750'
+        .rdata:
+            Entropy: 4.550469836478717
+            Virtual Size: '0x2f0'
+        .data:
+            Entropy: 0.335842300318532
+            Virtual Size: '0x1e0'
+        INIT:
+            Entropy: 5.41983369153965
+            Virtual Size: '0x3f4'
+        .rsrc:
+            Entropy: 3.3927376128305218
+            Virtual Size: '0x350'
+        .reloc:
+            Entropy: 5.5051908528223255
+            Virtual Size: '0x254'
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=CPUID
+            ValidFrom: '2012-01-06 00:00:00'
+            ValidTo: '2015-02-06 23:59:59'
+            Signature: be6fb3b3b33e9108a9a2273d1cf5eb3209a8c3a86ba7d66069393587f6b451b75b327ea15d36b1604aad5509c0ace37fa66e220b35764b9c201169677738c06802d2f798383c256c690898a663b0aeb519491057f9f24149c513abba2a4cab9934a684e5d83a34105fe6681f2b85d5ee06332d1c05c3627758442fd2fc94f5f68bb30f085cb1d31174e1461394aeef7b124291a099654d1103df3deab81e9658b5b5cc817061d688ae39e702f1d0dd420d6de931bed331960e089233b8576482e48d5b769fdfa8df02e1d098912444b324057826e1f72c26f045b2479a9b39eadfd6b2e1bd6db4057ef6b12ca385cad9a7ad82c4414e619f97dfd08a55f59053
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 53c8b54713882d4d5439511804935e
+            Version: 3
+            TBS:
+                MD5: 49e7946e133b4aaa31899adb235d3fa9
+                SHA1: f9f38ec49a6ccb990805be6dda0efa5f7fe8f7e7
+                SHA256: 1bb998a806b890e3300be35de0daa1b691fa218ef3d58ee5ec1b43fd34250a74
+                SHA384: 0a2ca21b084e3b431a7150c49819934d64a8b259d5686706d879a90cc37d32005eb2bbe07558b312b1169ab8a3e3de39
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 53c8b54713882d4d5439511804935e
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 958dd67f866ae27cf716e30a025b266f
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 3a19663e83c3569a86812ef915de52bc
+        SHA1: cd9a022e078eaa2364155e00942edbecb85619b0
+        SHA256: 8d3ed9427dcc4f79be3585d41ab9c0bb447d6a0258dd919c4d49e02dedbaa47b
+    Company: Windows (R) Win 7 DDK provider
+    Copyright: "\xA9 Microsoft Corporation. All rights reserved."
+    CreationTimestamp: '2010-06-04 07:51:45'
+    Description: CPUID Driver
+    ExportedFunctions: ''
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Filename: cpuz.sys
+    ImportedFunctions:
+    - RtlAnsiStringToUnicodeString
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeInitializeEvent
+    - RtlInitAnsiString
+    - MmUnmapIoSpace
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - MmMapIoSpace
+    - ExFreePoolWithTag
+    - KeWaitForSingleObject
+    - PsGetVersion
+    - IoCreateSymbolicLink
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - IofCallDriver
+    - KeBugCheckEx
+    - IoDeleteSymbolicLink
+    - IoBuildDeviceIoControlRequest
+    - IofCompleteRequest
+    - ExAllocatePoolWithTag
+    - RtlUnwindEx
+    - HalSetBusDataByOffset
+    - KeStallExecutionProcessor
+    - HalGetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: cpuz.sys
+    MD5: 4a85754636c694572ca9f440d254f5ce
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: cpuz.sys
+    Product: Windows (R) Win 7 DDK driver
+    ProductVersion: 6.1.7600.16385
+    RichPEHeaderHash:
+        MD5: 93394769f926489de472acbbd72c3d8b
+        SHA1: 6e6c943f13b82d4d46331de813914d4db63771f7
+        SHA256: 53362bef3277e59f67ebc5a085f1cbe60e5c9aef1a18a2ac391b2f4954fa9649
+    SHA1: dd55015f5406f0051853fd7cca3ab0406b5a2d52
+    SHA256: 8688e43d94b41eeca2ed458b8fc0d02f74696a918e375ecd3842d8627e7a8f2b
+    Sections:
+        .text:
+            Entropy: 6.206552850925677
+            Virtual Size: '0x21a6'
+        .rdata:
+            Entropy: 4.27776755944508
+            Virtual Size: '0x3c0'
+        .data:
+            Entropy: 0.378703493487675
+            Virtual Size: '0x2c0'
+        .pdata:
+            Entropy: 3.401674357474197
+            Virtual Size: '0x90'
+        INIT:
+            Entropy: 5.076342695575086
+            Virtual Size: '0x3f0'
+        .rsrc:
+            Entropy: 3.4148190207283133
+            Virtual Size: '0x3d0'
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=CPUID
+            ValidFrom: '2009-02-02 00:00:00'
+            ValidTo: '2012-02-07 23:59:59'
+            Signature: 9a9bbecb393272aaedfd7a125e0fe581151a18a75a4094e082a38156f62018b9d59edef27429bbea60d6e146a2ce134546d54e00b6585c1d85e3aedfb3b9a5de7728a96b2bcc26106655bae6bc5ce3a72714f9e23282a2fba29fc870b394e832f07dc50ded3a042953fe91379769e424398278b6ed14ae4f6b4cce5fa7ba20fc8d157a78fd308214d177189bcd76b2bd62a861a8c1562e2748f338f7369f0f062804685399a6655fcb4564a644e7a8bee8330557376884cce9153992e8e205bc1474dbd0109b3c87991db9bb77a9dff5775267390431ce56ff49500d8ad70be34a0d9a0b112e07eb55f0fe07de9ac93a0b30cb36029b5ec41e032daf66627d4e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
+            Version: 3
+            TBS:
+                MD5: fb72fa311261c4fb6a786e5cc7ce1d2f
+                SHA1: 1006abcf3b1eb43fd4cc42a2cc25346b3b9002c3
+                SHA256: 01beb7dc0d29b16a5506fc611b435aa0f4d9c50408ca404e91135e493a20890a
+                SHA384: 759175ad5a7509fc3ea3678d14e568abd0edeb753b53af88af04869bea98a07314b88c26de077ab3bdb6dbb1df1b93f9
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    Imphash: 68062e8b9d3c1e6cc62a9cae16a12b81
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: a67c91579145d058cf7cd3f8f60bf613
+        SHA1: cb981516b9979025669c080a74c9308dca04963a
+        SHA256: 02fcbc5372c9bf31903376bde11d558ab7c7f13bde005120e24bdb1aef5d0134
+    Company: CPUID
+    Copyright: Copyright(C) 2014 CPUID
+    CreationTimestamp: '2015-02-26 00:04:34'
+    Description: CPUID Driver
+    ExportedFunctions: ''
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Filename: cpuz.sys
+    ImportedFunctions:
+    - RtlAnsiStringToUnicodeString
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeInitializeEvent
+    - RtlInitAnsiString
+    - MmUnmapIoSpace
+    - IoCancelIrp
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - ExFreePoolWithTag
+    - IofCompleteRequest
+    - KeWaitForSingleObject
+    - PsGetVersion
+    - IoCreateSymbolicLink
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - IofCallDriver
+    - KeBugCheckEx
+    - IoDeleteSymbolicLink
+    - IoBuildDeviceIoControlRequest
+    - MmMapIoSpace
+    - ExAllocatePoolWithTag
+    - RtlUnwindEx
+    - HalSetBusDataByOffset
+    - KeStallExecutionProcessor
+    - HalGetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: cpuz.sys
+    MD5: 8741e6df191c805028b92cec44b1ba88
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: cpuz.sys
+    Product: CPUID service
+    ProductVersion: 6.1.7600.16385
+    RichPEHeaderHash:
+        MD5: b3dcf662ce69ad7b34717fb6aecf09a7
+        SHA1: 63be2c28ecee71a739bfbaf38466362e998bc5bc
+        SHA256: f4257b7e95b00b38e446b2708cc342fe32846266064b94c78ec1f987731c2226
+    SHA1: ba0938512d7abab23a72279b914d0ea0fb46e498
+    SHA256: 8cf0cbbdc43f9b977f0fb79e0a0dd0e1adabe08a67d0f40d727c717c747de775
+    Sections:
+        .text:
+            Entropy: 6.187068215362904
+            Virtual Size: '0x30c6'
+        .rdata:
+            Entropy: 4.226233458071221
+            Virtual Size: '0x424'
+        .data:
+            Entropy: 0.378703493487675
+            Virtual Size: '0x2c0'
+        .pdata:
+            Entropy: 3.5511621274596537
+            Virtual Size: '0xd8'
+        INIT:
+            Entropy: 5.131854482283732
+            Virtual Size: '0x3ea'
+        .rsrc:
+            Entropy: 3.3971374522271924
+            Virtual Size: '0x350'
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, CN=CPUID
+            ValidFrom: '2014-12-02 00:00:00'
+            ValidTo: '2018-03-02 23:59:59'
+            Signature: a59808b35f916a1201f0987b958aaaf50b81f3e507cf9d1b902bc22787244617e38069e4ca74bcf505dfdfeb6bad8bee2ecba26a428c2b26c9b9987241b50ccfd895a7335b35534c5569fdef2554d773cb3b20f10e08eeff2701d2a3e8ef7c5bb759baf1995d1580dce4f0c5da90eff4f07e01e7c9273b24c14c514f2ae1d1fe940dd53bfa25572cd6f3c007c7f21aebc58ea32ca3aea83c731419c9dcc191158cbb52b0b70545a16c9b42aadd4dcb167443d6c15fa03ae7f6f0f644845a69cb8badb3f143fd916a70c5008c3486d1f0cc8e0527f76da5aeaca4925f6eb6861dd54e1ce8b80e6b000446d77ac8bd0299e38db3b8e4a9c43294367cd6a55351d0
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 2d8021d84f098e7abde199f818e211a4
+            Version: 3
+            TBS:
+                MD5: 8f8c7ccf1ef7e1ee347f49e8266008ca
+                SHA1: b856b993df73da9d824aa1e5161788bd10d1e10e
+                SHA256: 1dd13a417806106c76cfbcd3614fe27a0638d2aaf2731f6a110c05043e34ad91
+                SHA384: d24ede407b82f80a6f0703b59af267f227a956c21f642f4c3d717d6999728ba2acfde76966340f4334f8ecdcf294616e
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 2d8021d84f098e7abde199f818e211a4
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: f12ae9073d95c22ed89247253d59f500
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: b2c31454c057d73fb6d240356a32f8f1
+        SHA1: f965db8fa1ef4ce0a738aad55d82c0cf63a47915
+        SHA256: 16398965e9cea179b2e5ca884e3af032dece08d4ef33bdd83234ee441d71a5fa
+    Company: CPUID
+    Copyright: Copyright(C) 2015 CPUID
+    CreationTimestamp: '2016-01-27 02:18:15'
+    Description: CPUID Driver
+    ExportedFunctions: ''
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Filename: cpuz.sys
+    ImportedFunctions:
+    - RtlAnsiStringToUnicodeString
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeInitializeEvent
+    - RtlInitAnsiString
+    - MmUnmapIoSpace
+    - IoCancelIrp
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - ExFreePoolWithTag
+    - IofCompleteRequest
+    - KeWaitForSingleObject
+    - PsGetVersion
+    - IoCreateSymbolicLink
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - IofCallDriver
+    - KeBugCheckEx
+    - IoDeleteSymbolicLink
+    - IoBuildDeviceIoControlRequest
+    - MmMapIoSpace
+    - ExAllocatePoolWithTag
+    - RtlUnwindEx
+    - HalSetBusDataByOffset
+    - KeStallExecutionProcessor
+    - HalGetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: cpuz.sys
+    MD5: bf581e9eb91bace0b02a2c5a54bf1419
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: cpuz.sys
+    Product: CPUID service
+    ProductVersion: 6.1.7600.16385
+    RichPEHeaderHash:
+        MD5: b3dcf662ce69ad7b34717fb6aecf09a7
+        SHA1: 63be2c28ecee71a739bfbaf38466362e998bc5bc
+        SHA256: f4257b7e95b00b38e446b2708cc342fe32846266064b94c78ec1f987731c2226
+    SHA1: 13df48ab4cd412651b2604829ce9b61d39a791bb
+    SHA256: 8d57e416ea4bb855b78a2ff3c80de1dfbb5dc5ee9bfbdddb23e46bd8619287e2
+    Sections:
+        .text:
+            Entropy: 6.188258985068624
+            Virtual Size: '0x30c6'
+        .rdata:
+            Entropy: 4.223852822083244
+            Virtual Size: '0x424'
+        .data:
+            Entropy: 0.378703493487675
+            Virtual Size: '0x2c0'
+        .pdata:
+            Entropy: 3.5511621274596537
+            Virtual Size: '0xd8'
+        INIT:
+            Entropy: 5.131854482283732
+            Virtual Size: '0x3ea'
+        .rsrc:
+            Entropy: 3.3958173868041217
+            Virtual Size: '0x350'
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, CN=CPUID
+            ValidFrom: '2014-12-02 00:00:00'
+            ValidTo: '2018-03-02 23:59:59'
+            Signature: a59808b35f916a1201f0987b958aaaf50b81f3e507cf9d1b902bc22787244617e38069e4ca74bcf505dfdfeb6bad8bee2ecba26a428c2b26c9b9987241b50ccfd895a7335b35534c5569fdef2554d773cb3b20f10e08eeff2701d2a3e8ef7c5bb759baf1995d1580dce4f0c5da90eff4f07e01e7c9273b24c14c514f2ae1d1fe940dd53bfa25572cd6f3c007c7f21aebc58ea32ca3aea83c731419c9dcc191158cbb52b0b70545a16c9b42aadd4dcb167443d6c15fa03ae7f6f0f644845a69cb8badb3f143fd916a70c5008c3486d1f0cc8e0527f76da5aeaca4925f6eb6861dd54e1ce8b80e6b000446d77ac8bd0299e38db3b8e4a9c43294367cd6a55351d0
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 2d8021d84f098e7abde199f818e211a4
+            Version: 3
+            TBS:
+                MD5: 8f8c7ccf1ef7e1ee347f49e8266008ca
+                SHA1: b856b993df73da9d824aa1e5161788bd10d1e10e
+                SHA256: 1dd13a417806106c76cfbcd3614fe27a0638d2aaf2731f6a110c05043e34ad91
+                SHA384: d24ede407b82f80a6f0703b59af267f227a956c21f642f4c3d717d6999728ba2acfde76966340f4334f8ecdcf294616e
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 2d8021d84f098e7abde199f818e211a4
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: f12ae9073d95c22ed89247253d59f500
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: ac9131c2fc8e77ef414ad451d35e4d1e
+        SHA1: 7b63ad1179825964aae9d1486fefed1b8f26a8a8
+        SHA256: 1a8a5aebf83d1fa6daf74e48fc600e22b8fdceafb5dd7c7e14db2aa2a28e8c24
+    Company: Windows (R) Codename Longhorn DDK provider
+    Copyright: "\xA9 Microsoft Corporation. All rights reserved."
+    CreationTimestamp: '2008-01-25 04:39:05'
+    Description: CPUID Driver
+    ExportedFunctions: ''
+    FileVersion: '6.0.6000.16386 built by: WinDDK'
+    Filename: cpuz.sys
+    ImportedFunctions:
+    - KeWaitForSingleObject
+    - PsGetVersion
+    - MmUnmapIoSpace
+    - IoBuildDeviceIoControlRequest
+    - IoCreateSymbolicLink
+    - IoDeleteSymbolicLink
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - IofCompleteRequest
+    - RtlFreeUnicodeString
+    - RtlAnsiStringToUnicodeString
+    - IofCallDriver
+    - IoGetDeviceObjectPointer
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - MmMapIoSpace
+    - KeBugCheckEx
+    - RtlInitAnsiString
+    - IoCreateDevice
+    - KeInitializeEvent
+    - RtlUnwindEx
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: cpuz.sys
+    MD5: 94ccef76fda12ab0b8270f9b2980552b
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: cpuz.sys
+    Product: Windows (R) Codename Longhorn DDK driver
+    ProductVersion: 6.0.6000.16386
+    RichPEHeaderHash:
+        MD5: 59cd82b693e20fe9af1be9ea12f739b9
+        SHA1: 1842433338394740479c35b690fc50c41d9f6efa
+        SHA256: fa2e40c67651befa71893d8a672a90a1f996057b6f5c15d2304bbfe120cf9115
+    SHA1: e4cbb48aa1aff6cf4ea94ef3b7afb6c245ac47e8
+    SHA256: 8e5aef7c66c0e92dfc037ee29ade1c8484b8d7fadebdcf521d2763b1d8215126
+    Sections:
+        .text:
+            Entropy: 6.050801271329098
+            Virtual Size: '0x1596'
+        .rdata:
+            Entropy: 4.266884457332851
+            Virtual Size: '0x304'
+        .data:
+            Entropy: 0.6099523004172788
+            Virtual Size: '0x124'
+        .pdata:
+            Entropy: 3.2933218797117716
+            Virtual Size: '0x6c'
+        INIT:
+            Entropy: 4.943162739985603
+            Virtual Size: '0x370'
+        .rsrc:
+            Entropy: 3.3933870153256342
+            Virtual Size: '0x400'
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=CPUID
+            ValidFrom: '2007-02-08 00:00:00'
+            ValidTo: '2009-02-07 23:59:59'
+            Signature: 6ca08361ce69863ade5289039d2e6eaf79729d950a57fc32158e56bc0bfc05ca3b76263b8e8a5e2279522eceed35495c697a2f1b1631e1a4f997c8b2e14cd08a3b4aaeca9f150126f5933e6a29fde1e3ef607f452219582ac034c3f95023fd6c5474008ecea3aab5ba096ae73a3dd76b296d3c8b06a72ca763698e49474d624c22ad57a3d11342be8a6d2a49e4af5893003fcf02900a0fbf4854858cc0468d23b9917cfe59ac8b7058de49ab25bbca0bc67f1f367309deed4827295173fad53932d12ad79b8c70175e640f7917fd60940be86d1af397dd5eb0ecb9e92f9e3dc03f2cbf51e9776b31a8cba38fabd8b27e561f66a5ddad46546d6bc984a6a8d8bc
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 10e29d74903d9c7cd58caa35a0944770
+            Version: 3
+            TBS:
+                MD5: 5e3b5587eb8c553dc279bb241c30689d
+                SHA1: 5b5631ff0033ed753a5c630a4d8d48772050db32
+                SHA256: 9b30d9d9f9fd9c0480c0503dd4ac86649d2cc180d1401ade6dd8048356d7f634
+                SHA384: 1886034ac8dc819ed45b8b48b0225cdb142d53d61bda992ee7e4923276c3c36dffbb0f8d929e1ad20c3437709df2399a
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 10e29d74903d9c7cd58caa35a0944770
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    Imphash: aa54fa0523f677e56d6d8199e5e18732
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 99cba45243e4a9e5999224b5719ccc2d
+        SHA1: 43ffee630881d6ae82640c59c674e9ee57cb5eac
+        SHA256: 94f39e23194d01698b2d8e7bb1c212bf192e81df59766d4adf5f7e33bbe13181
+    Company: CPUID
+    Copyright: Copyright(C) 2015 CPUID
+    CreationTimestamp: '2015-11-18 02:14:04'
+    Description: CPUID Driver
+    ExportedFunctions: ''
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Filename: cpuz.sys
+    ImportedFunctions:
+    - IofCompleteRequest
+    - ExFreePool
+    - ExAllocatePoolWithTag
+    - RtlFreeUnicodeString
+    - ObfDereferenceObject
+    - IoGetDeviceObjectPointer
+    - RtlAnsiStringToUnicodeString
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - RtlUnwind
+    - KeTickCount
+    - KeBugCheckEx
+    - RtlInitUnicodeString
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - PsGetVersion
+    - KeInitializeEvent
+    - IoBuildDeviceIoControlRequest
+    - IofCallDriver
+    - KeWaitForSingleObject
+    - RtlInitAnsiString
+    - IoCancelIrp
+    - READ_PORT_USHORT
+    - READ_PORT_ULONG
+    - WRITE_PORT_UCHAR
+    - WRITE_PORT_USHORT
+    - WRITE_PORT_ULONG
+    - KeStallExecutionProcessor
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    - READ_PORT_UCHAR
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: cpuz.sys
+    MD5: 9b157f1261a8a42e4ef5ec23dd4cda9e
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: cpuz.sys
+    Product: CPUID service
+    ProductVersion: 6.1.7600.16385
+    RichPEHeaderHash:
+        MD5: 151279b238de6194a32d8ca426ceaeee
+        SHA1: 7836f9fa452c5a538aed446df8439f2f49cc74aa
+        SHA256: 1319e59df060332195af6318ab22fe3f5018b1498211216a28a48f73980ab3b0
+    SHA1: 99bd8c1f5eeedd9f6a9252df5dbd0e42ef5999a4
+    SHA256: 900dd68ccc72d73774a347b3290c4b6153ae496a81de722ebb043e2e99496f88
+    Sections:
+        .text:
+            Entropy: 6.229266851006058
+            Virtual Size: '0x3260'
+        .rdata:
+            Entropy: 4.675179768119331
+            Virtual Size: '0x2f4'
+        .data:
+            Entropy: 0.335842300318532
+            Virtual Size: '0x1e0'
+        INIT:
+            Entropy: 5.428373271150746
+            Virtual Size: '0x3dc'
+        .rsrc:
+            Entropy: 3.3925686987119477
+            Virtual Size: '0x350'
+        .reloc:
+            Entropy: 5.597642275362914
+            Virtual Size: '0x27c'
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, CN=CPUID
+            ValidFrom: '2014-12-02 00:00:00'
+            ValidTo: '2018-03-02 23:59:59'
+            Signature: a59808b35f916a1201f0987b958aaaf50b81f3e507cf9d1b902bc22787244617e38069e4ca74bcf505dfdfeb6bad8bee2ecba26a428c2b26c9b9987241b50ccfd895a7335b35534c5569fdef2554d773cb3b20f10e08eeff2701d2a3e8ef7c5bb759baf1995d1580dce4f0c5da90eff4f07e01e7c9273b24c14c514f2ae1d1fe940dd53bfa25572cd6f3c007c7f21aebc58ea32ca3aea83c731419c9dcc191158cbb52b0b70545a16c9b42aadd4dcb167443d6c15fa03ae7f6f0f644845a69cb8badb3f143fd916a70c5008c3486d1f0cc8e0527f76da5aeaca4925f6eb6861dd54e1ce8b80e6b000446d77ac8bd0299e38db3b8e4a9c43294367cd6a55351d0
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 2d8021d84f098e7abde199f818e211a4
+            Version: 3
+            TBS:
+                MD5: 8f8c7ccf1ef7e1ee347f49e8266008ca
+                SHA1: b856b993df73da9d824aa1e5161788bd10d1e10e
+                SHA256: 1dd13a417806106c76cfbcd3614fe27a0638d2aaf2731f6a110c05043e34ad91
+                SHA384: d24ede407b82f80a6f0703b59af267f227a956c21f642f4c3d717d6999728ba2acfde76966340f4334f8ecdcf294616e
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 2d8021d84f098e7abde199f818e211a4
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 643f4d79f35dddc9bb5cc04a0f0c18d3
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 9b4bb5dc9df3edd0d7d859629c80c2dc
+        SHA1: 706789b1bf76e4d337957a36d60b96b7743f9f62
+        SHA256: eb6807c46e2d4808f07cca9242e7a59393fdab6ccf4da1aec124ef2a34398d43
+    Company: CPUID
+    Copyright: Copyright(C) 2014 CPUID
+    CreationTimestamp: '2014-02-17 07:22:16'
+    Description: CPUID Driver
+    ExportedFunctions: ''
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Filename: cpuz.sys
+    ImportedFunctions:
+    - RtlAnsiStringToUnicodeString
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeInitializeEvent
+    - RtlInitAnsiString
+    - MmUnmapIoSpace
+    - IoCancelIrp
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - ExFreePoolWithTag
+    - IofCompleteRequest
+    - KeWaitForSingleObject
+    - PsGetVersion
+    - IoCreateSymbolicLink
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - IofCallDriver
+    - KeBugCheckEx
+    - IoDeleteSymbolicLink
+    - IoBuildDeviceIoControlRequest
+    - MmMapIoSpace
+    - ExAllocatePoolWithTag
+    - RtlUnwindEx
+    - HalSetBusDataByOffset
+    - KeStallExecutionProcessor
+    - HalGetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: cpuz.sys
+    MD5: 5212e0957468d3f94d90fa7a0f06b58f
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: cpuz.sys
+    Product: CPUID service
+    ProductVersion: 6.1.7600.16385
+    RichPEHeaderHash:
+        MD5: 685a19a8e9f46a76067db83da501dca0
+        SHA1: 5f76e4cf5157450837536db016e9981cb41394d2
+        SHA256: 1a0c69ff029488d41c7d9413943c28d389016adb26698d9baf02c6f32739d591
+    SHA1: ad1616ea6dc17c91d983e829aa8a6706e81a3d27
+    SHA256: 955dac77a0148e9f9ed744f5d341cb9c9118261e52fe622ac6213965f2bc4cad
+    Sections:
+        .text:
+            Entropy: 6.201540970632788
+            Virtual Size: '0x2c56'
+        .rdata:
+            Entropy: 4.139510166690065
+            Virtual Size: '0x424'
+        .data:
+            Entropy: 0.378703493487675
+            Virtual Size: '0x2c0'
+        .pdata:
+            Entropy: 3.603856484265247
+            Virtual Size: '0xc0'
+        INIT:
+            Entropy: 5.076575853289
+            Virtual Size: '0x406'
+        .rsrc:
+            Entropy: 3.3938887641350184
+            Virtual Size: '0x350'
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=CPUID
+            ValidFrom: '2012-01-06 00:00:00'
+            ValidTo: '2015-02-06 23:59:59'
+            Signature: be6fb3b3b33e9108a9a2273d1cf5eb3209a8c3a86ba7d66069393587f6b451b75b327ea15d36b1604aad5509c0ace37fa66e220b35764b9c201169677738c06802d2f798383c256c690898a663b0aeb519491057f9f24149c513abba2a4cab9934a684e5d83a34105fe6681f2b85d5ee06332d1c05c3627758442fd2fc94f5f68bb30f085cb1d31174e1461394aeef7b124291a099654d1103df3deab81e9658b5b5cc817061d688ae39e702f1d0dd420d6de931bed331960e089233b8576482e48d5b769fdfa8df02e1d098912444b324057826e1f72c26f045b2479a9b39eadfd6b2e1bd6db4057ef6b12ca385cad9a7ad82c4414e619f97dfd08a55f59053
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 53c8b54713882d4d5439511804935e
+            Version: 3
+            TBS:
+                MD5: 49e7946e133b4aaa31899adb235d3fa9
+                SHA1: f9f38ec49a6ccb990805be6dda0efa5f7fe8f7e7
+                SHA256: 1bb998a806b890e3300be35de0daa1b691fa218ef3d58ee5ec1b43fd34250a74
+                SHA384: 0a2ca21b084e3b431a7150c49819934d64a8b259d5686706d879a90cc37d32005eb2bbe07558b312b1169ab8a3e3de39
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 53c8b54713882d4d5439511804935e
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 82942c060f79cefd3bf1acdf5c207561
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: c8b8d6e4b9b4f42714f3abfb66880ccf
+        SHA1: 5848f7c4dadcb1ea16f4d9e533a84a6d6f522f8b
+        SHA256: 057e45b47fe0ca96fe3741058bc4365c9a866dff925cab8cfea4c161b990e8e2
+    Company: CPUID
+    Copyright: Copyright(C) 2010 CPUID
+    CreationTimestamp: '2012-05-23 08:53:22'
+    Description: CPUID Driver
+    ExportedFunctions: ''
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Filename: cpuz.sys
+    ImportedFunctions:
+    - RtlAnsiStringToUnicodeString
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeInitializeEvent
+    - RtlInitAnsiString
+    - MmUnmapIoSpace
+    - IoCancelIrp
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - MmMapIoSpace
+    - ExFreePoolWithTag
+    - KeWaitForSingleObject
+    - PsGetVersion
+    - IoCreateSymbolicLink
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - DbgPrint
+    - IofCallDriver
+    - KeBugCheckEx
+    - IoDeleteSymbolicLink
+    - IoBuildDeviceIoControlRequest
+    - IofCompleteRequest
+    - ExAllocatePoolWithTag
+    - RtlUnwindEx
+    - HalSetBusDataByOffset
+    - KeStallExecutionProcessor
+    - HalGetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: cpuz.sys
+    MD5: 56b54823a79a53747cbe11f8c4db7b1e
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: cpuz.sys
+    Product: CPUID service
+    ProductVersion: 6.1.7600.16385
+    RichPEHeaderHash:
+        MD5: dd4b3ae5449a7da46b90bead31c1bab6
+        SHA1: 76abd50622838fcbb459166b2b42850bc5cfd18b
+        SHA256: 3bb0708613c56dbb77df753872797d73065432ac7c2ea3cde2569173972c7dac
+    SHA1: 1d9fd846e12104ae31fd6f6040b93fc689abf047
+    SHA256: 9a523854fe84f15efc1635d7f5d3e71812c45d6a4d2c99c29fdc4b4d9c84954c
+    Sections:
+        .text:
+            Entropy: 6.203757143489118
+            Virtual Size: '0x2616'
+        .rdata:
+            Entropy: 4.1950691845593875
+            Virtual Size: '0x3ec'
+        .data:
+            Entropy: 0.378703493487675
+            Virtual Size: '0x2c0'
+        .pdata:
+            Entropy: 3.499086286863614
+            Virtual Size: '0xc0'
+        INIT:
+            Entropy: 5.052256723807581
+            Virtual Size: '0x41a'
+        .rsrc:
+            Entropy: 3.3943730160709853
+            Virtual Size: '0x350'
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G3
+            ValidFrom: '2012-05-01 00:00:00'
+            ValidTo: '2012-12-31 23:59:59'
+            Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
+            Version: 3
+            TBS:
+                MD5: e6d820afb23af20a65cf0b03247ea05e
+                SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
+                SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
+                SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=CPUID
+            ValidFrom: '2012-01-06 00:00:00'
+            ValidTo: '2015-02-06 23:59:59'
+            Signature: be6fb3b3b33e9108a9a2273d1cf5eb3209a8c3a86ba7d66069393587f6b451b75b327ea15d36b1604aad5509c0ace37fa66e220b35764b9c201169677738c06802d2f798383c256c690898a663b0aeb519491057f9f24149c513abba2a4cab9934a684e5d83a34105fe6681f2b85d5ee06332d1c05c3627758442fd2fc94f5f68bb30f085cb1d31174e1461394aeef7b124291a099654d1103df3deab81e9658b5b5cc817061d688ae39e702f1d0dd420d6de931bed331960e089233b8576482e48d5b769fdfa8df02e1d098912444b324057826e1f72c26f045b2479a9b39eadfd6b2e1bd6db4057ef6b12ca385cad9a7ad82c4414e619f97dfd08a55f59053
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 53c8b54713882d4d5439511804935e
+            Version: 3
+            TBS:
+                MD5: 49e7946e133b4aaa31899adb235d3fa9
+                SHA1: f9f38ec49a6ccb990805be6dda0efa5f7fe8f7e7
+                SHA256: 1bb998a806b890e3300be35de0daa1b691fa218ef3d58ee5ec1b43fd34250a74
+                SHA384: 0a2ca21b084e3b431a7150c49819934d64a8b259d5686706d879a90cc37d32005eb2bbe07558b312b1169ab8a3e3de39
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 53c8b54713882d4d5439511804935e
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 2561727ac42d399030b3c46477c428f4
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 3c2269699f0187275c2b144f9b60d5e6
+        SHA1: 69aabc267344bd9f98bd2fddc7213de735ba79d7
+        SHA256: 2fb8f2a0a32f2e73921a16a7836ff14122da45582aae742e6afd4d7ca15b3da3
+    Company: CPUID
+    Copyright: Copyright(C) 2016 CPUID
+    CreationTimestamp: '2016-08-14 13:15:42'
+    Description: CPUID Driver
+    ExportedFunctions: ''
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Filename: cpuz.sys
+    ImportedFunctions:
+    - RtlAnsiStringToUnicodeString
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeInitializeEvent
+    - RtlInitAnsiString
+    - MmUnmapIoSpace
+    - IoCancelIrp
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - ExFreePoolWithTag
+    - IofCompleteRequest
+    - KeWaitForSingleObject
+    - PsGetVersion
+    - IoCreateSymbolicLink
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - IofCallDriver
+    - KeBugCheckEx
+    - IoDeleteSymbolicLink
+    - IoBuildDeviceIoControlRequest
+    - MmMapIoSpace
+    - ExAllocatePoolWithTag
+    - RtlUnwindEx
+    - HalSetBusDataByOffset
+    - KeStallExecutionProcessor
+    - HalGetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: cpuz.sys
+    MD5: 29872c7376c42e2a64fa838dad98aa11
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: cpuz.sys
+    Product: CPUID service
+    ProductVersion: 6.1.7600.16385
+    RichPEHeaderHash:
+        MD5: b3dcf662ce69ad7b34717fb6aecf09a7
+        SHA1: 63be2c28ecee71a739bfbaf38466362e998bc5bc
+        SHA256: f4257b7e95b00b38e446b2708cc342fe32846266064b94c78ec1f987731c2226
+    SHA1: 8ec28d7da81cf202f03761842738d740c0bb2fed
+    SHA256: a072197177aad26c31960694e38e2cae85afbab070929e67e331b99d3a418cf4
+    Sections:
+        .text:
+            Entropy: 6.219876754346496
+            Virtual Size: '0x3366'
+        .rdata:
+            Entropy: 4.23881802889425
+            Virtual Size: '0x424'
+        .data:
+            Entropy: 0.378703493487675
+            Virtual Size: '0x440'
+        .pdata:
+            Entropy: 3.638628882332417
+            Virtual Size: '0xf0'
+        INIT:
+            Entropy: 5.131854482283732
+            Virtual Size: '0x3ea'
+        .rsrc:
+            Entropy: 3.38341382722288
+            Virtual Size: '0x350'
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, CN=CPUID
+            ValidFrom: '2014-12-02 00:00:00'
+            ValidTo: '2018-03-02 23:59:59'
+            Signature: a59808b35f916a1201f0987b958aaaf50b81f3e507cf9d1b902bc22787244617e38069e4ca74bcf505dfdfeb6bad8bee2ecba26a428c2b26c9b9987241b50ccfd895a7335b35534c5569fdef2554d773cb3b20f10e08eeff2701d2a3e8ef7c5bb759baf1995d1580dce4f0c5da90eff4f07e01e7c9273b24c14c514f2ae1d1fe940dd53bfa25572cd6f3c007c7f21aebc58ea32ca3aea83c731419c9dcc191158cbb52b0b70545a16c9b42aadd4dcb167443d6c15fa03ae7f6f0f644845a69cb8badb3f143fd916a70c5008c3486d1f0cc8e0527f76da5aeaca4925f6eb6861dd54e1ce8b80e6b000446d77ac8bd0299e38db3b8e4a9c43294367cd6a55351d0
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 2d8021d84f098e7abde199f818e211a4
+            Version: 3
+            TBS:
+                MD5: 8f8c7ccf1ef7e1ee347f49e8266008ca
+                SHA1: b856b993df73da9d824aa1e5161788bd10d1e10e
+                SHA256: 1dd13a417806106c76cfbcd3614fe27a0638d2aaf2731f6a110c05043e34ad91
+                SHA384: d24ede407b82f80a6f0703b59af267f227a956c21f642f4c3d717d6999728ba2acfde76966340f4334f8ecdcf294616e
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 2d8021d84f098e7abde199f818e211a4
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: f12ae9073d95c22ed89247253d59f500
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: b8844b695f5170c70ac66f95324f836a
+        SHA1: 195024cc4a4adea16e6c2df8f2f8489a28f36beb
+        SHA256: 66cc007348a41fb33fab59f5ea265006534ba82db4eb7327039cbe2b4ce7e077
+    Company: CPUID
+    Copyright: Copyright(C) 2012 CPUID
+    CreationTimestamp: '2012-10-06 05:54:39'
+    Description: CPUID Driver
+    ExportedFunctions: ''
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Filename: cpuz.sys
+    ImportedFunctions:
+    - PsGetVersion
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeTickCount
+    - KeBugCheckEx
+    - IofCompleteRequest
+    - MmMapIoSpace
+    - MmUnmapIoSpace
+    - ProbeForWrite
+    - IoDeleteDevice
+    - RtlInitUnicodeString
+    - IoDeleteSymbolicLink
+    - RtlUnwindEx
+    - RtlPcToFileHeader
+    - READ_PORT_USHORT
+    - WRITE_PORT_ULONG
+    - HalGetBusDataByOffset
+    - HalSetBusDataByOffset
+    - READ_PORT_UCHAR
+    - HalCallPal
+    - WRITE_PORT_UCHAR
+    - KeStallExecutionProcessor
+    - WRITE_PORT_USHORT
+    - READ_PORT_ULONG
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: cpuz.sys
+    MD5: 557fd33ee99db6fe263cfcb82b7866b3
+    MachineType: IA64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: cpuz.sys
+    Product: CPUID service
+    ProductVersion: 6.1.7600.16385
+    RichPEHeaderHash:
+        MD5: d6643b31d447dc612fb7920d936baf5a
+        SHA1: 0d2acfebbfb9a35446bb9ff7b915c8ff514fd7dc
+        SHA256: 98f7bc08e99aa659bfb0295c09adf8ccfdb7f7ad8cc065cfb4f0732585c1855c
+    SHA1: 0a6e0f9f3d7179a99345d40e409895c12919195b
+    SHA256: aebcbfca180e372a048b682a4859fd520c98b5b63f6e3a627c626cb35adc0399
+    Sections:
+        .text:
+            Entropy: 5.406032855001113
+            Virtual Size: '0x39c0'
+        .rdata:
+            Entropy: 4.152970301277938
+            Virtual Size: '0x3d8'
+        .pdata:
+            Entropy: 3.3263502634141657
+            Virtual Size: '0xb4'
+        .sdata:
+            Entropy: 1.1203888318125959
+            Virtual Size: '0x2a0'
+        INIT:
+            Entropy: 5.0324391219722715
+            Virtual Size: '0x3e8'
+        .rsrc:
+            Entropy: 3.3968253502148213
+            Virtual Size: '0x350'
+        .reloc:
+            Entropy: 0.9613220996213607
+            Virtual Size: '0x168'
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G3
+            ValidFrom: '2012-05-01 00:00:00'
+            ValidTo: '2012-12-31 23:59:59'
+            Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
+            Version: 3
+            TBS:
+                MD5: e6d820afb23af20a65cf0b03247ea05e
+                SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
+                SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
+                SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=CPUID
+            ValidFrom: '2012-01-06 00:00:00'
+            ValidTo: '2015-02-06 23:59:59'
+            Signature: be6fb3b3b33e9108a9a2273d1cf5eb3209a8c3a86ba7d66069393587f6b451b75b327ea15d36b1604aad5509c0ace37fa66e220b35764b9c201169677738c06802d2f798383c256c690898a663b0aeb519491057f9f24149c513abba2a4cab9934a684e5d83a34105fe6681f2b85d5ee06332d1c05c3627758442fd2fc94f5f68bb30f085cb1d31174e1461394aeef7b124291a099654d1103df3deab81e9658b5b5cc817061d688ae39e702f1d0dd420d6de931bed331960e089233b8576482e48d5b769fdfa8df02e1d098912444b324057826e1f72c26f045b2479a9b39eadfd6b2e1bd6db4057ef6b12ca385cad9a7ad82c4414e619f97dfd08a55f59053
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 53c8b54713882d4d5439511804935e
+            Version: 3
+            TBS:
+                MD5: 49e7946e133b4aaa31899adb235d3fa9
+                SHA1: f9f38ec49a6ccb990805be6dda0efa5f7fe8f7e7
+                SHA256: 1bb998a806b890e3300be35de0daa1b691fa218ef3d58ee5ec1b43fd34250a74
+                SHA384: 0a2ca21b084e3b431a7150c49819934d64a8b259d5686706d879a90cc37d32005eb2bbe07558b312b1169ab8a3e3de39
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 53c8b54713882d4d5439511804935e
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: a2d936fa82b7340d28a697fb344046d8
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: a14a1ba39405f52d67d289b65f0c7eb9
+        SHA1: 11172e3f08444d643f277be83aaabe9f2aea74ca
+        SHA256: 3ce4a30668938fb7785c9958772e3c171af320ecfea8fc298160e80fbf80fb73
+    Company: CPUID
+    Copyright: Copyright(C) 2017 CPUID
+    CreationTimestamp: '2017-03-23 05:26:40'
+    Description: CPUID Driver
+    ExportedFunctions: ''
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Filename: cpuz.sys
+    ImportedFunctions:
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeInitializeEvent
+    - RtlInitAnsiString
+    - MmUnmapIoSpace
+    - IoCancelIrp
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - RtlAnsiStringToUnicodeString
+    - IofCompleteRequest
+    - KeWaitForSingleObject
+    - PsGetVersion
+    - IoCreateSymbolicLink
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - IofCallDriver
+    - KeBugCheckEx
+    - ExFreePoolWithTag
+    - IoDeleteSymbolicLink
+    - IoBuildDeviceIoControlRequest
+    - MmMapIoSpace
+    - ExAllocatePoolWithTag
+    - RtlUnwindEx
+    - HalGetBusDataByOffset
+    - HalSetBusDataByOffset
+    - KeStallExecutionProcessor
+    - KeQueryPerformanceCounter
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: cpuz.sys
+    MD5: c516acb873c7f8c24a0431df8287756e
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: cpuz.sys
+    Product: CPUID service
+    ProductVersion: 6.1.7600.16385
+    RichPEHeaderHash:
+        MD5: c046d6f14ec39d2a0f67a417bda83c5e
+        SHA1: 74661f1063b4c80566f75a1bee22c35f7af17fa9
+        SHA256: 440eebbdc09d290724d364056ba4e2725c75759819a6df0a1ed5c876ed7d2474
+    SHA1: f6f7b5776001149496092a95fb10218dea5d6a6b
+    SHA256: bac709c49ddee363c8e59e515f2f632324a0359e932b7d8cb1ce2d52a95981aa
+    Sections:
+        .text:
+            Entropy: 6.170317476121287
+            Virtual Size: '0x4536'
+        .rdata:
+            Entropy: 4.190423561703195
+            Virtual Size: '0x534'
+        .data:
+            Entropy: 0.378703493487675
+            Virtual Size: '0x440'
+        .pdata:
+            Entropy: 3.6289632983036624
+            Virtual Size: '0xfc'
+        INIT:
+            Entropy: 5.132100585029012
+            Virtual Size: '0x40e'
+        .rsrc:
+            Entropy: 3.394946071861716
+            Virtual Size: '0x350'
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, CN=CPUID
+            ValidFrom: '2014-12-02 00:00:00'
+            ValidTo: '2018-03-02 23:59:59'
+            Signature: a59808b35f916a1201f0987b958aaaf50b81f3e507cf9d1b902bc22787244617e38069e4ca74bcf505dfdfeb6bad8bee2ecba26a428c2b26c9b9987241b50ccfd895a7335b35534c5569fdef2554d773cb3b20f10e08eeff2701d2a3e8ef7c5bb759baf1995d1580dce4f0c5da90eff4f07e01e7c9273b24c14c514f2ae1d1fe940dd53bfa25572cd6f3c007c7f21aebc58ea32ca3aea83c731419c9dcc191158cbb52b0b70545a16c9b42aadd4dcb167443d6c15fa03ae7f6f0f644845a69cb8badb3f143fd916a70c5008c3486d1f0cc8e0527f76da5aeaca4925f6eb6861dd54e1ce8b80e6b000446d77ac8bd0299e38db3b8e4a9c43294367cd6a55351d0
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 2d8021d84f098e7abde199f818e211a4
+            Version: 3
+            TBS:
+                MD5: 8f8c7ccf1ef7e1ee347f49e8266008ca
+                SHA1: b856b993df73da9d824aa1e5161788bd10d1e10e
+                SHA256: 1dd13a417806106c76cfbcd3614fe27a0638d2aaf2731f6a110c05043e34ad91
+                SHA384: d24ede407b82f80a6f0703b59af267f227a956c21f642f4c3d717d6999728ba2acfde76966340f4334f8ecdcf294616e
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 2d8021d84f098e7abde199f818e211a4
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 8f96c3ef5dda3fe697d4a4d6326dbe37
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 560b782df855c5ea30b76ee4a9930d28
+        SHA1: 6423659ab76fad7627fd7fb16f05a40b8df8da4d
+        SHA256: 62daa7ab93684d935cdada8af43cba552d7692cb992411d27ba1ee50a9fb1883
+    Company: Windows (R) Win 7 DDK provider
+    Copyright: "\xA9 Microsoft Corporation. All rights reserved."
+    CreationTimestamp: '2010-03-30 15:34:16'
+    Description: CPUID Driver
+    ExportedFunctions: ''
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Filename: cpuz.sys
+    ImportedFunctions:
+    - RtlAnsiStringToUnicodeString
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - ProbeForWrite
+    - KeInitializeEvent
+    - RtlInitAnsiString
+    - MmUnmapIoSpace
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - ExFreePoolWithTag
+    - IofCompleteRequest
+    - KeWaitForSingleObject
+    - PsGetVersion
+    - IoCreateSymbolicLink
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - IofCallDriver
+    - KeBugCheckEx
+    - IoDeleteSymbolicLink
+    - IoBuildDeviceIoControlRequest
+    - MmMapIoSpace
+    - ExAllocatePoolWithTag
+    - RtlUnwindEx
+    - HalSetBusDataByOffset
+    - KeStallExecutionProcessor
+    - HalGetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: cpuz.sys
+    MD5: 641243746597fbd650e5000d95811ea3
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: cpuz.sys
+    Product: Windows (R) Win 7 DDK driver
+    ProductVersion: 6.1.7600.16385
+    RichPEHeaderHash:
+        MD5: 89dc670b5f7c06b577deeec9473dc96b
+        SHA1: af59c00ae531117ba9307257ab945cdf6c8309f6
+        SHA256: 35b9d8fc904c88f4df237edc610727f89c415e48bcf135191c43832bb2935ba6
+    SHA1: da42cefde56d673850f5ef69e7934d39a6de3025
+    SHA256: c3e150eb7e7292f70299d3054ed429156a4c32b1f7466a706a2b99249022979e
+    Sections:
+        .text:
+            Entropy: 6.180122394967694
+            Virtual Size: '0x2136'
+        .rdata:
+            Entropy: 4.244772424988803
+            Virtual Size: '0x3d0'
+        .data:
+            Entropy: 0.378703493487675
+            Virtual Size: '0x2c0'
+        .pdata:
+            Entropy: 3.5003735460865424
+            Virtual Size: '0x90'
+        INIT:
+            Entropy: 5.069433080691773
+            Virtual Size: '0x408'
+        .rsrc:
+            Entropy: 3.4155760648585995
+            Virtual Size: '0x3d0'
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=CPUID
+            ValidFrom: '2009-02-02 00:00:00'
+            ValidTo: '2012-02-07 23:59:59'
+            Signature: 9a9bbecb393272aaedfd7a125e0fe581151a18a75a4094e082a38156f62018b9d59edef27429bbea60d6e146a2ce134546d54e00b6585c1d85e3aedfb3b9a5de7728a96b2bcc26106655bae6bc5ce3a72714f9e23282a2fba29fc870b394e832f07dc50ded3a042953fe91379769e424398278b6ed14ae4f6b4cce5fa7ba20fc8d157a78fd308214d177189bcd76b2bd62a861a8c1562e2748f338f7369f0f062804685399a6655fcb4564a644e7a8bee8330557376884cce9153992e8e205bc1474dbd0109b3c87991db9bb77a9dff5775267390431ce56ff49500d8ad70be34a0d9a0b112e07eb55f0fe07de9ac93a0b30cb36029b5ec41e032daf66627d4e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
+            Version: 3
+            TBS:
+                MD5: fb72fa311261c4fb6a786e5cc7ce1d2f
+                SHA1: 1006abcf3b1eb43fd4cc42a2cc25346b3b9002c3
+                SHA256: 01beb7dc0d29b16a5506fc611b435aa0f4d9c50408ca404e91135e493a20890a
+                SHA384: 759175ad5a7509fc3ea3678d14e568abd0edeb753b53af88af04869bea98a07314b88c26de077ab3bdb6dbb1df1b93f9
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    Imphash: be527e5f470fbc661f914c81bfc9af38
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: b3bf90b99dec81a927b9fa8467d20e11
+        SHA1: 0632e0c8fdb6e629fd2efa5ccdf4a8415131bc58
+        SHA256: 536333c1fb9066a12c7791b740fcf637f6f86b45bd57baf0f27ae33c3b6c6cf1
+    Company: CPUID
+    Copyright: Copyright(C) 2013 CPUID
+    CreationTimestamp: '2013-08-24 02:56:35'
+    Description: CPUID Driver
+    ExportedFunctions: ''
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Filename: cpuz.sys
+    ImportedFunctions:
+    - RtlAnsiStringToUnicodeString
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeInitializeEvent
+    - RtlInitAnsiString
+    - MmUnmapIoSpace
+    - IoCancelIrp
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - ExFreePoolWithTag
+    - IofCompleteRequest
+    - KeWaitForSingleObject
+    - PsGetVersion
+    - IoCreateSymbolicLink
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - IofCallDriver
+    - KeBugCheckEx
+    - IoDeleteSymbolicLink
+    - IoBuildDeviceIoControlRequest
+    - MmMapIoSpace
+    - ExAllocatePoolWithTag
+    - RtlUnwindEx
+    - HalSetBusDataByOffset
+    - KeStallExecutionProcessor
+    - HalGetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: cpuz.sys
+    MD5: a453083b8f4ca7cb60cac327e97edbe2
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: cpuz.sys
+    Product: CPUID service
+    ProductVersion: 6.1.7600.16385
+    RichPEHeaderHash:
+        MD5: 685a19a8e9f46a76067db83da501dca0
+        SHA1: 5f76e4cf5157450837536db016e9981cb41394d2
+        SHA256: 1a0c69ff029488d41c7d9413943c28d389016adb26698d9baf02c6f32739d591
+    SHA1: 53f7fc4feb66af748f2ab295394bf4de62ae9fcc
+    SHA256: c50f8ab8538c557963252b702c1bd3cee4604b5fc2497705d2a6a3fd87e3cc26
+    Sections:
+        .text:
+            Entropy: 6.111492164689909
+            Virtual Size: '0x2836'
+        .rdata:
+            Entropy: 4.175526657333754
+            Virtual Size: '0x3d4'
+        .data:
+            Entropy: 0.378703493487675
+            Virtual Size: '0x2c0'
+        .pdata:
+            Entropy: 3.4970531643346394
+            Virtual Size: '0xc0'
+        INIT:
+            Entropy: 5.076575853289
+            Virtual Size: '0x406'
+        .rsrc:
+            Entropy: 3.3935766621226473
+            Virtual Size: '0x350'
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=CPUID
+            ValidFrom: '2012-01-06 00:00:00'
+            ValidTo: '2015-02-06 23:59:59'
+            Signature: be6fb3b3b33e9108a9a2273d1cf5eb3209a8c3a86ba7d66069393587f6b451b75b327ea15d36b1604aad5509c0ace37fa66e220b35764b9c201169677738c06802d2f798383c256c690898a663b0aeb519491057f9f24149c513abba2a4cab9934a684e5d83a34105fe6681f2b85d5ee06332d1c05c3627758442fd2fc94f5f68bb30f085cb1d31174e1461394aeef7b124291a099654d1103df3deab81e9658b5b5cc817061d688ae39e702f1d0dd420d6de931bed331960e089233b8576482e48d5b769fdfa8df02e1d098912444b324057826e1f72c26f045b2479a9b39eadfd6b2e1bd6db4057ef6b12ca385cad9a7ad82c4414e619f97dfd08a55f59053
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 53c8b54713882d4d5439511804935e
+            Version: 3
+            TBS:
+                MD5: 49e7946e133b4aaa31899adb235d3fa9
+                SHA1: f9f38ec49a6ccb990805be6dda0efa5f7fe8f7e7
+                SHA256: 1bb998a806b890e3300be35de0daa1b691fa218ef3d58ee5ec1b43fd34250a74
+                SHA384: 0a2ca21b084e3b431a7150c49819934d64a8b259d5686706d879a90cc37d32005eb2bbe07558b312b1169ab8a3e3de39
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 53c8b54713882d4d5439511804935e
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 82942c060f79cefd3bf1acdf5c207561
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 63e4ba0a05ddac75e9f2b90c28291331
+        SHA1: 34c6aeb2bc32ff8da525641af75ff600e7249252
+        SHA256: 653601cf8c3c2c4b778f9025d4e964c887966cc3216bb35a73a3ae75477b4476
+    Company: Windows (R) Codename Longhorn DDK provider
+    Copyright: "\xA9 Microsoft Corporation. All rights reserved."
+    CreationTimestamp: '2008-02-22 04:12:04'
+    Description: CPUID Driver
+    ExportedFunctions: ''
+    FileVersion: '6.0.6000.16386 built by: WinDDK'
+    Filename: cpuz.sys
+    ImportedFunctions:
+    - KeWaitForSingleObject
+    - PsGetVersion
+    - MmUnmapIoSpace
+    - IoBuildDeviceIoControlRequest
+    - IoDeleteSymbolicLink
+    - IoCreateSymbolicLink
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - RtlAnsiStringToUnicodeString
+    - IofCompleteRequest
+    - RtlFreeUnicodeString
+    - IofCallDriver
+    - IoGetDeviceObjectPointer
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - ProbeForWrite
+    - MmMapIoSpace
+    - KeBugCheckEx
+    - RtlInitAnsiString
+    - IoCreateDevice
+    - KeInitializeEvent
+    - RtlUnwindEx
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: cpuz.sys
+    MD5: 07493c774aa406478005e8fe52c788b2
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: cpuz.sys
+    Product: Windows (R) Codename Longhorn DDK driver
+    ProductVersion: 6.0.6000.16386
+    RichPEHeaderHash:
+        MD5: 6633dd48aea31e9c4821fbc652e4701e
+        SHA1: 3fb6cdbdaa8959e6a79305a74981751e06506a6f
+        SHA256: 63b15db03090d5e7ba52906b2854fba693e17a5fac179397bd55f91e49d28859
+    SHA1: 34a07ae39b232cc3dbbe657b34660e692ff2043a
+    SHA256: dbb457ae1bd07a945a1466ce4a206c625e590aee3922fa7d86fbe956beccfc98
+    Sections:
+        .text:
+            Entropy: 6.049517664101274
+            Virtual Size: '0x15a6'
+        .rdata:
+            Entropy: 4.2613924369366005
+            Virtual Size: '0x304'
+        .data:
+            Entropy: 0.6099523004172788
+            Virtual Size: '0x124'
+        .pdata:
+            Entropy: 3.3197547776031913
+            Virtual Size: '0x6c'
+        INIT:
+            Entropy: 4.94558496841094
+            Virtual Size: '0x388'
+        .rsrc:
+            Entropy: 3.3933870153256342
+            Virtual Size: '0x400'
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=CPUID
+            ValidFrom: '2007-02-08 00:00:00'
+            ValidTo: '2009-02-07 23:59:59'
+            Signature: 6ca08361ce69863ade5289039d2e6eaf79729d950a57fc32158e56bc0bfc05ca3b76263b8e8a5e2279522eceed35495c697a2f1b1631e1a4f997c8b2e14cd08a3b4aaeca9f150126f5933e6a29fde1e3ef607f452219582ac034c3f95023fd6c5474008ecea3aab5ba096ae73a3dd76b296d3c8b06a72ca763698e49474d624c22ad57a3d11342be8a6d2a49e4af5893003fcf02900a0fbf4854858cc0468d23b9917cfe59ac8b7058de49ab25bbca0bc67f1f367309deed4827295173fad53932d12ad79b8c70175e640f7917fd60940be86d1af397dd5eb0ecb9e92f9e3dc03f2cbf51e9776b31a8cba38fabd8b27e561f66a5ddad46546d6bc984a6a8d8bc
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 10e29d74903d9c7cd58caa35a0944770
+            Version: 3
+            TBS:
+                MD5: 5e3b5587eb8c553dc279bb241c30689d
+                SHA1: 5b5631ff0033ed753a5c630a4d8d48772050db32
+                SHA256: 9b30d9d9f9fd9c0480c0503dd4ac86649d2cc180d1401ade6dd8048356d7f634
+                SHA384: 1886034ac8dc819ed45b8b48b0225cdb142d53d61bda992ee7e4923276c3c36dffbb0f8d929e1ad20c3437709df2399a
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 10e29d74903d9c7cd58caa35a0944770
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    Imphash: dc0a0f2d424a59b4d17033f58f01b027
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: a10d1df81f81710baf68826e4c32befa
+        SHA1: ecbde8d7d911f64666f89356ce6194d92741bdc4
+        SHA256: cd7754a6ec6bf19724fb266ec4f1d02607e9b310791d8725d7db5ac84d5430e2
+    Company: CPUID
+    Copyright: Copyright(C) 2014 CPUID
+    CreationTimestamp: '2014-02-17 07:21:57'
+    Description: CPUID Driver
+    ExportedFunctions: ''
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Filename: cpuz.sys
+    ImportedFunctions:
+    - IofCompleteRequest
+    - ExFreePool
+    - ExAllocatePoolWithTag
+    - RtlFreeUnicodeString
+    - ObfDereferenceObject
+    - MmIsAddressValid
+    - IoGetDeviceObjectPointer
+    - MmUnmapIoSpace
+    - RtlInitAnsiString
+    - MmMapIoSpace
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - RtlUnwind
+    - KeTickCount
+    - KeBugCheckEx
+    - RtlInitUnicodeString
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - PsGetVersion
+    - KeInitializeEvent
+    - IoBuildDeviceIoControlRequest
+    - IofCallDriver
+    - KeWaitForSingleObject
+    - RtlAnsiStringToUnicodeString
+    - IoCancelIrp
+    - READ_PORT_USHORT
+    - READ_PORT_ULONG
+    - WRITE_PORT_UCHAR
+    - WRITE_PORT_USHORT
+    - WRITE_PORT_ULONG
+    - HalGetBusDataByOffset
+    - HalSetBusDataByOffset
+    - KeStallExecutionProcessor
+    - READ_PORT_UCHAR
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: cpuz.sys
+    MD5: e425c66663c96d5a9f030b0ad4d219a8
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: cpuz.sys
+    Product: CPUID service
+    ProductVersion: 6.1.7600.16385
+    RichPEHeaderHash:
+        MD5: 41f15d0f328a165973b49de608ef72a2
+        SHA1: abcd9850775bd0a1a855e785a238e0e69525810f
+        SHA256: 02dc44b04a6426fcaedf26995bfa471f123a90a9c747e82cebaf95f394890631
+    SHA1: bd87aecc0ac1d1c2ab72be1090d39fab657f7cc6
+    SHA256: deecbcd260849178de421d8e2f177dce5c63cf67a48abb23a0e3cf3aa3e00578
+    Sections:
+        .text:
+            Entropy: 6.204806970841105
+            Virtual Size: '0x2ed0'
+        .rdata:
+            Entropy: 4.656797686788462
+            Virtual Size: '0x2e8'
+        .data:
+            Entropy: 0.335842300318532
+            Virtual Size: '0x1e0'
+        INIT:
+            Entropy: 5.416266853126175
+            Virtual Size: '0x3f4'
+        .rsrc:
+            Entropy: 3.392253360894555
+            Virtual Size: '0x350'
+        .reloc:
+            Entropy: 5.600870307396892
+            Virtual Size: '0x26e'
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=CPUID
+            ValidFrom: '2012-01-06 00:00:00'
+            ValidTo: '2015-02-06 23:59:59'
+            Signature: be6fb3b3b33e9108a9a2273d1cf5eb3209a8c3a86ba7d66069393587f6b451b75b327ea15d36b1604aad5509c0ace37fa66e220b35764b9c201169677738c06802d2f798383c256c690898a663b0aeb519491057f9f24149c513abba2a4cab9934a684e5d83a34105fe6681f2b85d5ee06332d1c05c3627758442fd2fc94f5f68bb30f085cb1d31174e1461394aeef7b124291a099654d1103df3deab81e9658b5b5cc817061d688ae39e702f1d0dd420d6de931bed331960e089233b8576482e48d5b769fdfa8df02e1d098912444b324057826e1f72c26f045b2479a9b39eadfd6b2e1bd6db4057ef6b12ca385cad9a7ad82c4414e619f97dfd08a55f59053
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 53c8b54713882d4d5439511804935e
+            Version: 3
+            TBS:
+                MD5: 49e7946e133b4aaa31899adb235d3fa9
+                SHA1: f9f38ec49a6ccb990805be6dda0efa5f7fe8f7e7
+                SHA256: 1bb998a806b890e3300be35de0daa1b691fa218ef3d58ee5ec1b43fd34250a74
+                SHA384: 0a2ca21b084e3b431a7150c49819934d64a8b259d5686706d879a90cc37d32005eb2bbe07558b312b1169ab8a3e3de39
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 53c8b54713882d4d5439511804935e
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 958dd67f866ae27cf716e30a025b266f
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: e4b3d527845f6574b5959b6381f925f8
+        SHA1: baf46ac272c1a6d8c32683965b1d849386908079
+        SHA256: 68b0a239031b158e2927bb5dc8844b662cb4616ee8c1363fa729aa8fa0d86cff
+    Company: CPUID
+    Copyright: Copyright(C) 2010 CPUID
+    CreationTimestamp: '2011-01-19 09:42:06'
+    Description: CPUID Driver
+    ExportedFunctions: ''
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Filename: cpuz.sys
+    ImportedFunctions:
+    - RtlAnsiStringToUnicodeString
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeInitializeEvent
+    - RtlInitAnsiString
+    - MmUnmapIoSpace
+    - IoCancelIrp
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - ExFreePoolWithTag
+    - IofCompleteRequest
+    - KeWaitForSingleObject
+    - PsGetVersion
+    - IoCreateSymbolicLink
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - IofCallDriver
+    - KeBugCheckEx
+    - IoDeleteSymbolicLink
+    - IoBuildDeviceIoControlRequest
+    - MmMapIoSpace
+    - ExAllocatePoolWithTag
+    - RtlUnwindEx
+    - HalSetBusDataByOffset
+    - KeStallExecutionProcessor
+    - HalGetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: cpuz.sys
+    MD5: ccb09eb78e047c931708149992c2e435
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: cpuz.sys
+    Product: CPUID service
+    ProductVersion: 6.1.7600.16385
+    RichPEHeaderHash:
+        MD5: 89dc670b5f7c06b577deeec9473dc96b
+        SHA1: af59c00ae531117ba9307257ab945cdf6c8309f6
+        SHA256: 35b9d8fc904c88f4df237edc610727f89c415e48bcf135191c43832bb2935ba6
+    SHA1: ada23b709cb2bef8bedd612dc345db2e2fdbfaca
+    SHA256: df0dcfb3971829af79629efd036b8e1c6e2127481b3644ccc6e2ddd387489a15
+    Sections:
+        .text:
+            Entropy: 6.199906453328244
+            Virtual Size: '0x2506'
+        .rdata:
+            Entropy: 4.25835240231724
+            Virtual Size: '0x3e0'
+        .data:
+            Entropy: 0.378703493487675
+            Virtual Size: '0x2c0'
+        .pdata:
+            Entropy: 3.3649784372301403
+            Virtual Size: '0x90'
+        INIT:
+            Entropy: 5.067835669413665
+            Virtual Size: '0x406'
+        .rsrc:
+            Entropy: 3.3943730160709853
+            Virtual Size: '0x350'
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=CPUID
+            ValidFrom: '2009-02-02 00:00:00'
+            ValidTo: '2012-02-07 23:59:59'
+            Signature: 9a9bbecb393272aaedfd7a125e0fe581151a18a75a4094e082a38156f62018b9d59edef27429bbea60d6e146a2ce134546d54e00b6585c1d85e3aedfb3b9a5de7728a96b2bcc26106655bae6bc5ce3a72714f9e23282a2fba29fc870b394e832f07dc50ded3a042953fe91379769e424398278b6ed14ae4f6b4cce5fa7ba20fc8d157a78fd308214d177189bcd76b2bd62a861a8c1562e2748f338f7369f0f062804685399a6655fcb4564a644e7a8bee8330557376884cce9153992e8e205bc1474dbd0109b3c87991db9bb77a9dff5775267390431ce56ff49500d8ad70be34a0d9a0b112e07eb55f0fe07de9ac93a0b30cb36029b5ec41e032daf66627d4e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
+            Version: 3
+            TBS:
+                MD5: fb72fa311261c4fb6a786e5cc7ce1d2f
+                SHA1: 1006abcf3b1eb43fd4cc42a2cc25346b3b9002c3
+                SHA256: 01beb7dc0d29b16a5506fc611b435aa0f4d9c50408ca404e91135e493a20890a
+                SHA384: 759175ad5a7509fc3ea3678d14e568abd0edeb753b53af88af04869bea98a07314b88c26de077ab3bdb6dbb1df1b93f9
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    Imphash: 82942c060f79cefd3bf1acdf5c207561
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 68fb744e92133e8bb6b59fea9304667c
+        SHA1: de1a168f24f5da29b9f8bf8333fff57bfa0d21a4
+        SHA256: d70bfea03deeea92a253f2b4a8b7181a3064f62c5207f94b5f7ce5a9e62ab4cf
+    Company: CPUID
+    Copyright: Copyright(C) 2016 CPUID
+    CreationTimestamp: '2016-10-05 03:53:07'
+    Description: CPUID Driver
+    ExportedFunctions: ''
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Filename: cpuz.sys
+    ImportedFunctions:
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeInitializeEvent
+    - RtlInitAnsiString
+    - MmUnmapIoSpace
+    - IoCancelIrp
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - RtlAnsiStringToUnicodeString
+    - IofCompleteRequest
+    - KeWaitForSingleObject
+    - PsGetVersion
+    - IoCreateSymbolicLink
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - IofCallDriver
+    - KeBugCheckEx
+    - ExFreePoolWithTag
+    - IoDeleteSymbolicLink
+    - IoBuildDeviceIoControlRequest
+    - MmMapIoSpace
+    - ExAllocatePoolWithTag
+    - RtlUnwindEx
+    - HalGetBusDataByOffset
+    - HalSetBusDataByOffset
+    - KeStallExecutionProcessor
+    - KeQueryPerformanceCounter
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: cpuz.sys
+    MD5: 43bfc857406191963f4f3d9f1b76a7bf
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: cpuz.sys
+    Product: CPUID service
+    ProductVersion: 6.1.7600.16385
+    RichPEHeaderHash:
+        MD5: c046d6f14ec39d2a0f67a417bda83c5e
+        SHA1: 74661f1063b4c80566f75a1bee22c35f7af17fa9
+        SHA256: 440eebbdc09d290724d364056ba4e2725c75759819a6df0a1ed5c876ed7d2474
+    SHA1: 9329a0ce2749a3a6bea2028ce7562d74c417db64
+    SHA256: e0b5a5f8333fc1213791af5c5814d7a99615b3951361ca75f8aa5022c9cfbc2b
+    Sections:
+        .text:
+            Entropy: 6.202501650998955
+            Virtual Size: '0x38b6'
+        .rdata:
+            Entropy: 4.1722432536185465
+            Virtual Size: '0x464'
+        .data:
+            Entropy: 0.378703493487675
+            Virtual Size: '0x440'
+        .pdata:
+            Entropy: 3.6000408617955837
+            Virtual Size: '0xf0'
+        INIT:
+            Entropy: 5.116119018385266
+            Virtual Size: '0x40e'
+        .rsrc:
+            Entropy: 3.38341382722288
+            Virtual Size: '0x350'
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, CN=CPUID
+            ValidFrom: '2014-12-02 00:00:00'
+            ValidTo: '2018-03-02 23:59:59'
+            Signature: a59808b35f916a1201f0987b958aaaf50b81f3e507cf9d1b902bc22787244617e38069e4ca74bcf505dfdfeb6bad8bee2ecba26a428c2b26c9b9987241b50ccfd895a7335b35534c5569fdef2554d773cb3b20f10e08eeff2701d2a3e8ef7c5bb759baf1995d1580dce4f0c5da90eff4f07e01e7c9273b24c14c514f2ae1d1fe940dd53bfa25572cd6f3c007c7f21aebc58ea32ca3aea83c731419c9dcc191158cbb52b0b70545a16c9b42aadd4dcb167443d6c15fa03ae7f6f0f644845a69cb8badb3f143fd916a70c5008c3486d1f0cc8e0527f76da5aeaca4925f6eb6861dd54e1ce8b80e6b000446d77ac8bd0299e38db3b8e4a9c43294367cd6a55351d0
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 2d8021d84f098e7abde199f818e211a4
+            Version: 3
+            TBS:
+                MD5: 8f8c7ccf1ef7e1ee347f49e8266008ca
+                SHA1: b856b993df73da9d824aa1e5161788bd10d1e10e
+                SHA256: 1dd13a417806106c76cfbcd3614fe27a0638d2aaf2731f6a110c05043e34ad91
+                SHA384: d24ede407b82f80a6f0703b59af267f227a956c21f642f4c3d717d6999728ba2acfde76966340f4334f8ecdcf294616e
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 2d8021d84f098e7abde199f818e211a4
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 8f96c3ef5dda3fe697d4a4d6326dbe37
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 76a420a5ac2a6250c57d129de361695a
+        SHA1: 3736434ca3094fed9f1f3378e9fb966a5e9411f1
+        SHA256: 3e423caaff9002b38e1d90005df181aa2b3711ebbf6d1eb83941656ccc313811
+    Company: CPUID
+    Copyright: Copyright(C) 2010 CPUID
+    CreationTimestamp: '2012-02-07 08:44:59'
+    Description: CPUID Driver
+    ExportedFunctions: ''
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Filename: cpuz.sys
+    ImportedFunctions:
+    - RtlAnsiStringToUnicodeString
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeInitializeEvent
+    - RtlInitAnsiString
+    - MmUnmapIoSpace
+    - IoCancelIrp
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - ExFreePoolWithTag
+    - IofCompleteRequest
+    - KeWaitForSingleObject
+    - PsGetVersion
+    - IoCreateSymbolicLink
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - IofCallDriver
+    - KeBugCheckEx
+    - IoDeleteSymbolicLink
+    - IoBuildDeviceIoControlRequest
+    - MmMapIoSpace
+    - ExAllocatePoolWithTag
+    - RtlUnwindEx
+    - HalSetBusDataByOffset
+    - KeStallExecutionProcessor
+    - HalGetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: cpuz.sys
+    MD5: 8f5b84350bfc4fe3a65d921b4bd0e737
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: cpuz.sys
+    Product: CPUID service
+    ProductVersion: 6.1.7600.16385
+    RichPEHeaderHash:
+        MD5: 685a19a8e9f46a76067db83da501dca0
+        SHA1: 5f76e4cf5157450837536db016e9981cb41394d2
+        SHA256: 1a0c69ff029488d41c7d9413943c28d389016adb26698d9baf02c6f32739d591
+    SHA1: 76046978d8e4409e53d8126a8dcfc3bf8602c37f
+    SHA256: e58bbf3251906ff722aa63415bf169618e78be85cb92c8263d3715c260491e90
+    Sections:
+        .text:
+            Entropy: 6.214010136736859
+            Virtual Size: '0x25d6'
+        .rdata:
+            Entropy: 4.171320307410102
+            Virtual Size: '0x3ec'
+        .data:
+            Entropy: 0.378703493487675
+            Virtual Size: '0x2c0'
+        .pdata:
+            Entropy: 3.503621523339014
+            Virtual Size: '0xc0'
+        INIT:
+            Entropy: 5.076575853289
+            Virtual Size: '0x406'
+        .rsrc:
+            Entropy: 3.3943730160709853
+            Virtual Size: '0x350'
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=CPUID
+            ValidFrom: '2012-01-06 00:00:00'
+            ValidTo: '2015-02-06 23:59:59'
+            Signature: be6fb3b3b33e9108a9a2273d1cf5eb3209a8c3a86ba7d66069393587f6b451b75b327ea15d36b1604aad5509c0ace37fa66e220b35764b9c201169677738c06802d2f798383c256c690898a663b0aeb519491057f9f24149c513abba2a4cab9934a684e5d83a34105fe6681f2b85d5ee06332d1c05c3627758442fd2fc94f5f68bb30f085cb1d31174e1461394aeef7b124291a099654d1103df3deab81e9658b5b5cc817061d688ae39e702f1d0dd420d6de931bed331960e089233b8576482e48d5b769fdfa8df02e1d098912444b324057826e1f72c26f045b2479a9b39eadfd6b2e1bd6db4057ef6b12ca385cad9a7ad82c4414e619f97dfd08a55f59053
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 53c8b54713882d4d5439511804935e
+            Version: 3
+            TBS:
+                MD5: 49e7946e133b4aaa31899adb235d3fa9
+                SHA1: f9f38ec49a6ccb990805be6dda0efa5f7fe8f7e7
+                SHA256: 1bb998a806b890e3300be35de0daa1b691fa218ef3d58ee5ec1b43fd34250a74
+                SHA384: 0a2ca21b084e3b431a7150c49819934d64a8b259d5686706d879a90cc37d32005eb2bbe07558b312b1169ab8a3e3de39
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 53c8b54713882d4d5439511804935e
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 82942c060f79cefd3bf1acdf5c207561
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 649db3854efa0c9a10fdcca1bcc5fc0b
+        SHA1: 3c738ea73287a493a2254c6011c35f31569cf2b9
+        SHA256: 472e29b63e1d9d44269a99962b186113586fbd3603eac3a23c520c7ef73a69cf
+    Company: CPUID
+    Copyright: Copyright(C) 2017 CPUID
+    CreationTimestamp: '2017-05-22 02:17:51'
+    Description: CPUID Driver
+    ExportedFunctions: ''
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Filename: cpuz.sys
+    ImportedFunctions:
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeInitializeEvent
+    - RtlInitAnsiString
+    - MmUnmapIoSpace
+    - IoCancelIrp
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - RtlAnsiStringToUnicodeString
+    - IofCompleteRequest
+    - KeWaitForSingleObject
+    - PsGetVersion
+    - IoCreateSymbolicLink
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - IofCallDriver
+    - KeBugCheckEx
+    - ExFreePoolWithTag
+    - IoDeleteSymbolicLink
+    - IoBuildDeviceIoControlRequest
+    - MmMapIoSpace
+    - ExAllocatePoolWithTag
+    - RtlUnwindEx
+    - HalGetBusDataByOffset
+    - HalSetBusDataByOffset
+    - KeStallExecutionProcessor
+    - KeQueryPerformanceCounter
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: cpuz.sys
+    MD5: ce57844fb185d0cdd9d3ce9e5b6a891d
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: cpuz.sys
+    Product: CPUID service
+    ProductVersion: 6.1.7600.16385
+    RichPEHeaderHash:
+        MD5: c046d6f14ec39d2a0f67a417bda83c5e
+        SHA1: 74661f1063b4c80566f75a1bee22c35f7af17fa9
+        SHA256: 440eebbdc09d290724d364056ba4e2725c75759819a6df0a1ed5c876ed7d2474
+    SHA1: 32888d789edc91095da2e0a5d6c564c2aebcee68
+    SHA256: ee45fd2d7315fd039f3585a66e7855ba4af9d4721e1448e602623de14e932bbe
+    Sections:
+        .text:
+            Entropy: 6.1689591912915125
+            Virtual Size: '0x4546'
+        .rdata:
+            Entropy: 4.191218153188012
+            Virtual Size: '0x534'
+        .data:
+            Entropy: 0.378703493487675
+            Virtual Size: '0x440'
+        .pdata:
+            Entropy: 3.6397736740131683
+            Virtual Size: '0xfc'
+        INIT:
+            Entropy: 5.132100585029012
+            Virtual Size: '0x40e'
+        .rsrc:
+            Entropy: 3.394946071861716
+            Virtual Size: '0x350'
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, CN=CPUID
+            ValidFrom: '2014-12-02 00:00:00'
+            ValidTo: '2018-03-02 23:59:59'
+            Signature: a59808b35f916a1201f0987b958aaaf50b81f3e507cf9d1b902bc22787244617e38069e4ca74bcf505dfdfeb6bad8bee2ecba26a428c2b26c9b9987241b50ccfd895a7335b35534c5569fdef2554d773cb3b20f10e08eeff2701d2a3e8ef7c5bb759baf1995d1580dce4f0c5da90eff4f07e01e7c9273b24c14c514f2ae1d1fe940dd53bfa25572cd6f3c007c7f21aebc58ea32ca3aea83c731419c9dcc191158cbb52b0b70545a16c9b42aadd4dcb167443d6c15fa03ae7f6f0f644845a69cb8badb3f143fd916a70c5008c3486d1f0cc8e0527f76da5aeaca4925f6eb6861dd54e1ce8b80e6b000446d77ac8bd0299e38db3b8e4a9c43294367cd6a55351d0
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 2d8021d84f098e7abde199f818e211a4
+            Version: 3
+            TBS:
+                MD5: 8f8c7ccf1ef7e1ee347f49e8266008ca
+                SHA1: b856b993df73da9d824aa1e5161788bd10d1e10e
+                SHA256: 1dd13a417806106c76cfbcd3614fe27a0638d2aaf2731f6a110c05043e34ad91
+                SHA384: d24ede407b82f80a6f0703b59af267f227a956c21f642f4c3d717d6999728ba2acfde76966340f4334f8ecdcf294616e
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 2d8021d84f098e7abde199f818e211a4
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 8f96c3ef5dda3fe697d4a4d6326dbe37
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: fa889613bb0522d6e546e8cbd011105a
+        SHA1: 62ee17440edaf819966eb823a26dfd46c24447b4
+        SHA256: 991228f3ea6c1ae8083aa405d1d066e48cd6dbd7d6bc01c81599b2c28f3923f1
+    Company: CPUID
+    Copyright: Copyright(C) 2015 CPUID
+    CreationTimestamp: '2015-11-18 02:58:02'
+    Description: CPUID Driver
+    ExportedFunctions: ''
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Filename: cpuz.sys
+    ImportedFunctions:
+    - RtlAnsiStringToUnicodeString
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeInitializeEvent
+    - RtlInitAnsiString
+    - MmUnmapIoSpace
+    - IoCancelIrp
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - ExFreePoolWithTag
+    - IofCompleteRequest
+    - KeWaitForSingleObject
+    - PsGetVersion
+    - IoCreateSymbolicLink
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - IofCallDriver
+    - KeBugCheckEx
+    - IoDeleteSymbolicLink
+    - IoBuildDeviceIoControlRequest
+    - MmMapIoSpace
+    - ExAllocatePoolWithTag
+    - RtlUnwindEx
+    - HalSetBusDataByOffset
+    - KeStallExecutionProcessor
+    - HalGetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: cpuz.sys
+    MD5: 8ad9dfc971df71cd43788ade6acf8e7d
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: cpuz.sys
+    Product: CPUID service
+    ProductVersion: 6.1.7600.16385
+    RichPEHeaderHash:
+        MD5: b3dcf662ce69ad7b34717fb6aecf09a7
+        SHA1: 63be2c28ecee71a739bfbaf38466362e998bc5bc
+        SHA256: f4257b7e95b00b38e446b2708cc342fe32846266064b94c78ec1f987731c2226
+    SHA1: 7241b25c3a3ee9f36b52de3db2fc27db7065af37
+    SHA256: f74ffd6916333662900cbecb90aca2d6475a714ce410adf9c5c3264abbe5732c
+    Sections:
+        .text:
+            Entropy: 6.1888286192821065
+            Virtual Size: '0x30b6'
+        .rdata:
+            Entropy: 4.210489806011185
+            Virtual Size: '0x424'
+        .data:
+            Entropy: 0.378703493487675
+            Virtual Size: '0x2c0'
+        .pdata:
+            Entropy: 3.6128209941554763
+            Virtual Size: '0xd8'
+        INIT:
+            Entropy: 5.131854482283732
+            Virtual Size: '0x3ea'
+        .rsrc:
+            Entropy: 3.3958173868041217
+            Virtual Size: '0x350'
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, CN=CPUID
+            ValidFrom: '2014-12-02 00:00:00'
+            ValidTo: '2018-03-02 23:59:59'
+            Signature: a59808b35f916a1201f0987b958aaaf50b81f3e507cf9d1b902bc22787244617e38069e4ca74bcf505dfdfeb6bad8bee2ecba26a428c2b26c9b9987241b50ccfd895a7335b35534c5569fdef2554d773cb3b20f10e08eeff2701d2a3e8ef7c5bb759baf1995d1580dce4f0c5da90eff4f07e01e7c9273b24c14c514f2ae1d1fe940dd53bfa25572cd6f3c007c7f21aebc58ea32ca3aea83c731419c9dcc191158cbb52b0b70545a16c9b42aadd4dcb167443d6c15fa03ae7f6f0f644845a69cb8badb3f143fd916a70c5008c3486d1f0cc8e0527f76da5aeaca4925f6eb6861dd54e1ce8b80e6b000446d77ac8bd0299e38db3b8e4a9c43294367cd6a55351d0
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 2d8021d84f098e7abde199f818e211a4
+            Version: 3
+            TBS:
+                MD5: 8f8c7ccf1ef7e1ee347f49e8266008ca
+                SHA1: b856b993df73da9d824aa1e5161788bd10d1e10e
+                SHA256: 1dd13a417806106c76cfbcd3614fe27a0638d2aaf2731f6a110c05043e34ad91
+                SHA384: d24ede407b82f80a6f0703b59af267f227a956c21f642f4c3d717d6999728ba2acfde76966340f4334f8ecdcf294616e
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 2d8021d84f098e7abde199f818e211a4
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: f12ae9073d95c22ed89247253d59f500
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: f14c343aba9d37eba8790cb7577ece90
+        SHA1: 3ddbf0ccd001d5d0ce2a062b9476355a8ede975a
+        SHA256: d5e671c37f0eeb437d1ef480ff15b855ef2fdbb127f9130443fbaa279c5a3d72
+    Company: CPUID
+    Copyright: Copyright(C) 2017 CPUID
+    CreationTimestamp: '2017-04-24 05:12:56'
+    Date: ''
+    Description: CPUID Driver
+    ExportedFunctions: ''
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - PsGetVersion
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeTickCount
+    - KeBugCheckEx
+    - IofCompleteRequest
+    - MmMapIoSpace
+    - MmUnmapIoSpace
+    - ProbeForWrite
+    - IoDeleteDevice
+    - RtlInitUnicodeString
+    - IoDeleteSymbolicLink
+    - RtlUnwindEx
+    - RtlPcToFileHeader
+    - READ_PORT_USHORT
+    - WRITE_PORT_ULONG
+    - HalGetBusDataByOffset
+    - HalSetBusDataByOffset
+    - READ_PORT_UCHAR
+    - HalCallPal
+    - WRITE_PORT_UCHAR
+    - KeStallExecutionProcessor
+    - WRITE_PORT_USHORT
+    - READ_PORT_ULONG
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: cpuz.sys
+    MD5: 332db70d2c5c332768ab063ba6ac8433
+    MachineType: IA64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: cpuz.sys
+    PDBPath: ''
+    Product: CPUID service
+    ProductVersion: 6.1.7600.16385
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 756be87f8c768cb8bfd02af932dd7589
+        SHA1: 16c2ebba52ba9fb0ef5570c1d620daaaee63865a
+        SHA256: 48acdfbe5ad27d73c0fd9b115a49420f182d146bca52797ce33cc2a061ff0ced
+    SHA1: 4186ac693003f92fdf1efbd27fb8f6473a7cc53e
+    SHA256: 4d5059ec1ebd41284b9cea6ce804596e0f386c09eee25becdd3f6949e94139ba
+    Sections:
+        .text:
+            Entropy: 5.342232413588268
+            Virtual Size: '0x5780'
+        .rdata:
+            Entropy: 4.032871471574318
+            Virtual Size: '0x550'
+        .pdata:
+            Entropy: 3.4578065856245583
+            Virtual Size: '0xd8'
+        .sdata:
+            Entropy: 1.1203888318125959
+            Virtual Size: '0x420'
+        INIT:
+            Entropy: 5.015276332791068
+            Virtual Size: '0x3e8'
+        .rsrc:
+            Entropy: 3.388191426646717
+            Virtual Size: '0x350'
+        .reloc:
+            Entropy: 0.9012044915351938
+            Virtual Size: '0x188'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, CN=CPUID
+            ValidFrom: '2014-12-02 00:00:00'
+            ValidTo: '2018-03-02 23:59:59'
+            Signature: a59808b35f916a1201f0987b958aaaf50b81f3e507cf9d1b902bc22787244617e38069e4ca74bcf505dfdfeb6bad8bee2ecba26a428c2b26c9b9987241b50ccfd895a7335b35534c5569fdef2554d773cb3b20f10e08eeff2701d2a3e8ef7c5bb759baf1995d1580dce4f0c5da90eff4f07e01e7c9273b24c14c514f2ae1d1fe940dd53bfa25572cd6f3c007c7f21aebc58ea32ca3aea83c731419c9dcc191158cbb52b0b70545a16c9b42aadd4dcb167443d6c15fa03ae7f6f0f644845a69cb8badb3f143fd916a70c5008c3486d1f0cc8e0527f76da5aeaca4925f6eb6861dd54e1ce8b80e6b000446d77ac8bd0299e38db3b8e4a9c43294367cd6a55351d0
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 2d8021d84f098e7abde199f818e211a4
+            Version: 3
+            TBS:
+                MD5: 8f8c7ccf1ef7e1ee347f49e8266008ca
+                SHA1: b856b993df73da9d824aa1e5161788bd10d1e10e
+                SHA256: 1dd13a417806106c76cfbcd3614fe27a0638d2aaf2731f6a110c05043e34ad91
+                SHA384: d24ede407b82f80a6f0703b59af267f227a956c21f642f4c3d717d6999728ba2acfde76966340f4334f8ecdcf294616e
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 2d8021d84f098e7abde199f818e211a4
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: a2d936fa82b7340d28a697fb344046d8
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 2fe86a36e3d56afca791f4b701259362
+        SHA1: 8f408538b77cdb618229bcab37b600ed80012199
+        SHA256: 2145851bdcbf8419f09fd7470422dd56be1b415b15f39f0632bdd797cf500b36
+    Company: CPUID
+    Copyright: Copyright(C) 2012 CPUID
+    CreationTimestamp: '2013-03-20 05:05:55'
+    Date: ''
+    Description: CPUID Driver
+    ExportedFunctions: ''
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - IofCompleteRequest
+    - ExFreePool
+    - ExAllocatePoolWithTag
+    - RtlFreeUnicodeString
+    - ObfDereferenceObject
+    - MmIsAddressValid
+    - IoGetDeviceObjectPointer
+    - MmUnmapIoSpace
+    - RtlInitAnsiString
+    - MmMapIoSpace
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - RtlUnwind
+    - KeTickCount
+    - KeBugCheckEx
+    - RtlInitUnicodeString
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - PsGetVersion
+    - KeInitializeEvent
+    - IoBuildDeviceIoControlRequest
+    - IofCallDriver
+    - KeWaitForSingleObject
+    - RtlAnsiStringToUnicodeString
+    - IoCancelIrp
+    - READ_PORT_USHORT
+    - READ_PORT_ULONG
+    - WRITE_PORT_UCHAR
+    - WRITE_PORT_USHORT
+    - WRITE_PORT_ULONG
+    - HalGetBusDataByOffset
+    - HalSetBusDataByOffset
+    - KeStallExecutionProcessor
+    - READ_PORT_UCHAR
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: cpuz.sys
+    MD5: 729dd4df669dc96e74f4180c6ee2a64b
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: cpuz.sys
+    PDBPath: ''
+    Product: CPUID service
+    ProductVersion: 6.1.7600.16385
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 41f15d0f328a165973b49de608ef72a2
+        SHA1: abcd9850775bd0a1a855e785a238e0e69525810f
+        SHA256: 02dc44b04a6426fcaedf26995bfa471f123a90a9c747e82cebaf95f394890631
+    SHA1: dd085542683898a680311a0d1095ea2dffe865e2
+    SHA256: 2298e838e3c015aedfb83ab18194a2503fe5764a862c294c8b39c550aab2f08e
+    Sections:
+        .text:
+            Entropy: 6.179312117350968
+            Virtual Size: '0x27b0'
+        .rdata:
+            Entropy: 4.673046103305564
+            Virtual Size: '0x2c0'
+        .data:
+            Entropy: 0.335842300318532
+            Virtual Size: '0x1e0'
+        INIT:
+            Entropy: 5.4178574069546706
+            Virtual Size: '0x3f4'
+        .rsrc:
+            Entropy: 3.391941258882184
+            Virtual Size: '0x350'
+        .reloc:
+            Entropy: 5.39741845115168
+            Virtual Size: '0x236'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=CPUID
+            ValidFrom: '2012-01-06 00:00:00'
+            ValidTo: '2015-02-06 23:59:59'
+            Signature: be6fb3b3b33e9108a9a2273d1cf5eb3209a8c3a86ba7d66069393587f6b451b75b327ea15d36b1604aad5509c0ace37fa66e220b35764b9c201169677738c06802d2f798383c256c690898a663b0aeb519491057f9f24149c513abba2a4cab9934a684e5d83a34105fe6681f2b85d5ee06332d1c05c3627758442fd2fc94f5f68bb30f085cb1d31174e1461394aeef7b124291a099654d1103df3deab81e9658b5b5cc817061d688ae39e702f1d0dd420d6de931bed331960e089233b8576482e48d5b769fdfa8df02e1d098912444b324057826e1f72c26f045b2479a9b39eadfd6b2e1bd6db4057ef6b12ca385cad9a7ad82c4414e619f97dfd08a55f59053
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 53c8b54713882d4d5439511804935e
+            Version: 3
+            TBS:
+                MD5: 49e7946e133b4aaa31899adb235d3fa9
+                SHA1: f9f38ec49a6ccb990805be6dda0efa5f7fe8f7e7
+                SHA256: 1bb998a806b890e3300be35de0daa1b691fa218ef3d58ee5ec1b43fd34250a74
+                SHA384: 0a2ca21b084e3b431a7150c49819934d64a8b259d5686706d879a90cc37d32005eb2bbe07558b312b1169ab8a3e3de39
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 53c8b54713882d4d5439511804935e
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 958dd67f866ae27cf716e30a025b266f
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 239c92f4b8937148f656bf1276fef67c
+        SHA1: 9624f5e1a8950b1d275b30d4e2233125abe0b0f2
+        SHA256: 718e76d8cdcdf7b06342b5137f5591233aece4bf70fa9d761d38bd02993a0906
+    Company: Windows (R) Codename Longhorn DDK provider
+    Copyright: "\xA9 Microsoft Corporation. All rights reserved."
+    CreationTimestamp: '2008-12-02 06:50:52'
+    Date: ''
+    Description: CPUID Driver
+    ExportedFunctions: ''
+    FileVersion: '6.0.6000.16386 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - IofCompleteRequest
+    - RtlFreeUnicodeString
+    - ObfDereferenceObject
+    - MmIsAddressValid
+    - IoGetDeviceObjectPointer
+    - RtlAnsiStringToUnicodeString
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - ProbeForWrite
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeTickCount
+    - KeBugCheckEx
+    - RtlInitUnicodeString
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - PsGetVersion
+    - KeInitializeEvent
+    - IoBuildDeviceIoControlRequest
+    - IofCallDriver
+    - RtlInitAnsiString
+    - KeWaitForSingleObject
+    - RtlUnwind
+    - READ_PORT_USHORT
+    - READ_PORT_ULONG
+    - WRITE_PORT_UCHAR
+    - WRITE_PORT_USHORT
+    - WRITE_PORT_ULONG
+    - HalGetBusDataByOffset
+    - HalSetBusDataByOffset
+    - READ_PORT_UCHAR
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: cpuz.sys
+    MD5: 6ae4dec687ac6d1b635a4e351dddf73e
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: cpuz.sys
+    PDBPath: ''
+    Product: Windows (R) Codename Longhorn DDK driver
+    ProductVersion: 6.0.6000.16386
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: eb3173fd99b2078342df233d00679c5d
+        SHA1: 3fc02e77ee0ab701a737089132a6bb46f16235cb
+        SHA256: 2b81787128c9aa04aa108fde22892da6d4bcbe6939bcf8161b589c4a96fb1183
+    SHA1: 24f6e827984cca5d9aa3e4c6f3c0c5603977795a
+    SHA256: 79440da6b8178998bdda5ebde90491c124b1967d295db1449ec820a85dc246dd
+    Sections:
+        .text:
+            Entropy: 6.2267703540496
+            Virtual Size: '0x1cb0'
+        .rdata:
+            Entropy: 4.500126135375756
+            Virtual Size: '0x2c4'
+        .data:
+            Entropy: 0.22396935932252834
+            Virtual Size: '0x1c0'
+        INIT:
+            Entropy: 5.501165170369676
+            Virtual Size: '0x3a0'
+        .rsrc:
+            Entropy: 3.3978471557189076
+            Virtual Size: '0x400'
+        .reloc:
+            Entropy: 5.719767870611492
+            Virtual Size: '0x1ee'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=CN, ST=Beijing, L=Beijing, O=Beijing Gigabit Times Technology
+                Co., Ltd, OU=Digital ID Class 3 , Microsoft Software Validation v2,
+                CN=Beijing Gigabit Times Technology Co., Ltd
+            ValidFrom: '2008-12-24 00:00:00'
+            ValidTo: '2011-12-24 23:59:59'
+            Signature: 381285ec3212a1acb6210dace62f9be92a590d2d95dec1278db1aba90999d3707764129ff43d9a538ddee21457221f3f39d83f4d9188cd6cadb454960d9fcd677c63fd50af20b70e5d70a82f4bee0028e1dade2453532c35509aa6b79735c143e7b9fe98adf97310cbd869f0eb348ff076436ea0189cddb1742249feb3d2b9246ff58cddd4d355ae8746a04cacc5194832b22e95c9a45356cf48eb2b8e2ca96879b3837845af2b5d0bc4091fed1c58b6ae7368238021f52ec230cf6ba368bb6ca4687aefcafc29831b6c1df204339fae347f2f88b396c331b1d545f12ae77c20c5b54e28650d671ead462a8d52ed730e30474067e7f0ddaab6dfeb0fcc8d40e5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 77a64759f12766e363d779998c71bdc9
+            Version: 3
+            TBS:
+                MD5: 081bc7ae4aa769d19d9554694edfc3a0
+                SHA1: a521dae1d3b1da03460eb5fa70717c9449a3d1b4
+                SHA256: 0af015afa3cd65db7b53fdad90bfdb2e89541964c569a4d41e2a032815da8b48
+                SHA384: 74f7efe3db46e6399e41b5cfd3eb25bf842c85385cd3a94c49b36c2cbe5e52be0ffe4b66d1e76bf86f2416e510d3f585
+        Signer:
+        -   SerialNumber: 77a64759f12766e363d779998c71bdc9
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    Imphash: 69dbb4c8bbe4d8c2e1493f82170b93c4
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 5f7be0e5dd56425ac32e309e1b7108f3
+        SHA1: 343677a6e0c0e88f458ac1fda4a1b7528414a9d3
+        SHA256: 2e43be62587d7c4bb371bc0a1142a87a2a021bd0dcfd6cd107a50837c109e3ba
+    Company: CPUID
+    Copyright: Copyright(C) 2016 CPUID
+    CreationTimestamp: '2016-10-18 06:15:45'
+    Date: ''
+    Description: CPUID Driver
+    ExportedFunctions: ''
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - IoGetDeviceObjectPointer
+    - RtlAnsiStringToUnicodeString
+    - RtlInitAnsiString
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - IoDeleteDevice
+    - ObfDereferenceObject
+    - RtlInitUnicodeString
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeTickCount
+    - KeBugCheckEx
+    - RtlFreeUnicodeString
+    - ExAllocatePoolWithTag
+    - ExFreePool
+    - IofCompleteRequest
+    - KeInitializeEvent
+    - IoBuildDeviceIoControlRequest
+    - IofCallDriver
+    - KeWaitForSingleObject
+    - IoCancelIrp
+    - IoDeleteSymbolicLink
+    - PsGetVersion
+    - RtlUnwind
+    - READ_PORT_USHORT
+    - READ_PORT_ULONG
+    - WRITE_PORT_UCHAR
+    - WRITE_PORT_USHORT
+    - WRITE_PORT_ULONG
+    - KeQueryPerformanceCounter
+    - KeStallExecutionProcessor
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    - READ_PORT_UCHAR
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: cpuz.sys
+    MD5: cf7aeedd674417b648fc334d179c94ae
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: cpuz.sys
+    PDBPath: ''
+    Product: CPUID service
+    ProductVersion: 6.1.7600.16385
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: e10f1a83d333c2feb8a17b1906909a07
+        SHA1: f605fa8f10b2b64638f01715179b7588f4a6b727
+        SHA256: 9337693c714a35f8370e9a6d7aca13083a7e4c5dbbefdee250b06ae6cc63a06d
+    SHA1: 57cf65b024d9e2831729def42db2362d7c90dcfa
+    SHA256: 0e8595217f4457757bed0e3cdea25ea70429732b173bba999f02dc85c7e06d02
+    Sections:
+        .text:
+            Entropy: 6.229011052765095
+            Virtual Size: '0x3af0'
+        .rdata:
+            Entropy: 4.676901538042152
+            Virtual Size: '0x310'
+        .data:
+            Entropy: 0.13142343474404483
+            Virtual Size: '0x340'
+        INIT:
+            Entropy: 5.401860187790186
+            Virtual Size: '0x3fc'
+        .rsrc:
+            Entropy: 3.3912730045383297
+            Virtual Size: '0x350'
+        .reloc:
+            Entropy: 5.867788462225375
+            Virtual Size: '0x286'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, CN=CPUID
+            ValidFrom: '2014-12-02 00:00:00'
+            ValidTo: '2018-03-02 23:59:59'
+            Signature: a59808b35f916a1201f0987b958aaaf50b81f3e507cf9d1b902bc22787244617e38069e4ca74bcf505dfdfeb6bad8bee2ecba26a428c2b26c9b9987241b50ccfd895a7335b35534c5569fdef2554d773cb3b20f10e08eeff2701d2a3e8ef7c5bb759baf1995d1580dce4f0c5da90eff4f07e01e7c9273b24c14c514f2ae1d1fe940dd53bfa25572cd6f3c007c7f21aebc58ea32ca3aea83c731419c9dcc191158cbb52b0b70545a16c9b42aadd4dcb167443d6c15fa03ae7f6f0f644845a69cb8badb3f143fd916a70c5008c3486d1f0cc8e0527f76da5aeaca4925f6eb6861dd54e1ce8b80e6b000446d77ac8bd0299e38db3b8e4a9c43294367cd6a55351d0
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 2d8021d84f098e7abde199f818e211a4
+            Version: 3
+            TBS:
+                MD5: 8f8c7ccf1ef7e1ee347f49e8266008ca
+                SHA1: b856b993df73da9d824aa1e5161788bd10d1e10e
+                SHA256: 1dd13a417806106c76cfbcd3614fe27a0638d2aaf2731f6a110c05043e34ad91
+                SHA384: d24ede407b82f80a6f0703b59af267f227a956c21f642f4c3d717d6999728ba2acfde76966340f4334f8ecdcf294616e
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 2d8021d84f098e7abde199f818e211a4
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: b1e749ba779687a5127817da3d47af2c
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 0d43c778ce0348cb2ec0b2568207ba64
+        SHA1: e8a5f9873a1b773a2c4781ce6a5a1a90c81e0b52
+        SHA256: 2274f63f88ec9b2d2ecfca3068026d62cf3085f76329b11b37498ce2b2b644a8
+    Company: CPUID
+    Copyright: Copyright(C) 2016 CPUID
+    CreationTimestamp: '2016-10-05 03:53:53'
+    Date: ''
+    Description: CPUID Driver
+    ExportedFunctions: ''
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - IoGetDeviceObjectPointer
+    - RtlAnsiStringToUnicodeString
+    - RtlInitAnsiString
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - IoDeleteDevice
+    - ObfDereferenceObject
+    - RtlInitUnicodeString
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeTickCount
+    - KeBugCheckEx
+    - RtlFreeUnicodeString
+    - ExAllocatePoolWithTag
+    - ExFreePool
+    - IofCompleteRequest
+    - KeInitializeEvent
+    - IoBuildDeviceIoControlRequest
+    - IofCallDriver
+    - KeWaitForSingleObject
+    - IoCancelIrp
+    - IoDeleteSymbolicLink
+    - PsGetVersion
+    - RtlUnwind
+    - READ_PORT_USHORT
+    - READ_PORT_ULONG
+    - WRITE_PORT_UCHAR
+    - WRITE_PORT_USHORT
+    - WRITE_PORT_ULONG
+    - KeQueryPerformanceCounter
+    - KeStallExecutionProcessor
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    - READ_PORT_UCHAR
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: cpuz.sys
+    MD5: be17a598e0f5314748ade0871ad343e7
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: cpuz.sys
+    PDBPath: ''
+    Product: CPUID service
+    ProductVersion: 6.1.7600.16385
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: e10f1a83d333c2feb8a17b1906909a07
+        SHA1: f605fa8f10b2b64638f01715179b7588f4a6b727
+        SHA256: 9337693c714a35f8370e9a6d7aca13083a7e4c5dbbefdee250b06ae6cc63a06d
+    SHA1: baa94f0f816d7a41a63e7f1aa9dd3d64a9450ed0
+    SHA256: 40da0adf588cbb2841a657239d92f24b111d62b173204b8102dd0e014932fe59
+    Sections:
+        .text:
+            Entropy: 6.229151016844064
+            Virtual Size: '0x3b10'
+        .rdata:
+            Entropy: 4.706171652369877
+            Virtual Size: '0x310'
+        .data:
+            Entropy: 0.13142343474404483
+            Virtual Size: '0x340'
+        INIT:
+            Entropy: 5.412321381721897
+            Virtual Size: '0x3fc'
+        .rsrc:
+            Entropy: 3.381055336656842
+            Virtual Size: '0x350'
+        .reloc:
+            Entropy: 5.763063155244045
+            Virtual Size: '0x286'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, CN=CPUID
+            ValidFrom: '2014-12-02 00:00:00'
+            ValidTo: '2018-03-02 23:59:59'
+            Signature: a59808b35f916a1201f0987b958aaaf50b81f3e507cf9d1b902bc22787244617e38069e4ca74bcf505dfdfeb6bad8bee2ecba26a428c2b26c9b9987241b50ccfd895a7335b35534c5569fdef2554d773cb3b20f10e08eeff2701d2a3e8ef7c5bb759baf1995d1580dce4f0c5da90eff4f07e01e7c9273b24c14c514f2ae1d1fe940dd53bfa25572cd6f3c007c7f21aebc58ea32ca3aea83c731419c9dcc191158cbb52b0b70545a16c9b42aadd4dcb167443d6c15fa03ae7f6f0f644845a69cb8badb3f143fd916a70c5008c3486d1f0cc8e0527f76da5aeaca4925f6eb6861dd54e1ce8b80e6b000446d77ac8bd0299e38db3b8e4a9c43294367cd6a55351d0
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 2d8021d84f098e7abde199f818e211a4
+            Version: 3
+            TBS:
+                MD5: 8f8c7ccf1ef7e1ee347f49e8266008ca
+                SHA1: b856b993df73da9d824aa1e5161788bd10d1e10e
+                SHA256: 1dd13a417806106c76cfbcd3614fe27a0638d2aaf2731f6a110c05043e34ad91
+                SHA384: d24ede407b82f80a6f0703b59af267f227a956c21f642f4c3d717d6999728ba2acfde76966340f4334f8ecdcf294616e
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 2d8021d84f098e7abde199f818e211a4
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: b1e749ba779687a5127817da3d47af2c
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 6bdc52beda16b06bf061e9ff3e2d3955
+        SHA1: ca1f81a944a4b9c3bc9f6436860480e2efd82db4
+        SHA256: a3a6146a681d25f7d8be88fb36e37821a351205d9be2843c4e7cc0b366984b39
+    Company: CPUID
+    Copyright: Copyright(C) 2013 CPUID
+    CreationTimestamp: '2013-07-26 07:40:42'
+    Date: ''
+    Description: CPUID Driver
+    ExportedFunctions: ''
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - IofCompleteRequest
+    - ExFreePool
+    - ExAllocatePoolWithTag
+    - RtlFreeUnicodeString
+    - ObfDereferenceObject
+    - MmIsAddressValid
+    - IoGetDeviceObjectPointer
+    - MmUnmapIoSpace
+    - RtlInitAnsiString
+    - MmMapIoSpace
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - RtlUnwind
+    - KeTickCount
+    - KeBugCheckEx
+    - RtlInitUnicodeString
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - PsGetVersion
+    - KeInitializeEvent
+    - IoBuildDeviceIoControlRequest
+    - IofCallDriver
+    - KeWaitForSingleObject
+    - RtlAnsiStringToUnicodeString
+    - IoCancelIrp
+    - READ_PORT_USHORT
+    - READ_PORT_ULONG
+    - WRITE_PORT_UCHAR
+    - WRITE_PORT_USHORT
+    - WRITE_PORT_ULONG
+    - HalGetBusDataByOffset
+    - HalSetBusDataByOffset
+    - KeStallExecutionProcessor
+    - READ_PORT_UCHAR
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: cpuz.sys
+    MD5: 2714c93eb240375a2893ed7f8818004f
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: cpuz.sys
+    PDBPath: ''
+    Product: CPUID service
+    ProductVersion: 6.1.7600.16385
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 41f15d0f328a165973b49de608ef72a2
+        SHA1: abcd9850775bd0a1a855e785a238e0e69525810f
+        SHA256: 02dc44b04a6426fcaedf26995bfa471f123a90a9c747e82cebaf95f394890631
+    SHA1: 75649b228a22ce1e2a306844e0d48f714fb03f28
+    SHA256: 53bd8e8d3542fcf02d09c34282ebf97aee9515ee6b9a01cefd81baa45c6fd3d6
+    Sections:
+        .text:
+            Entropy: 6.188265910261186
+            Virtual Size: '0x2940'
+        .rdata:
+            Entropy: 4.667475511572403
+            Virtual Size: '0x2c0'
+        .data:
+            Entropy: 0.335842300318532
+            Virtual Size: '0x1e0'
+        INIT:
+            Entropy: 5.413907629259022
+            Virtual Size: '0x3f4'
+        .rsrc:
+            Entropy: 3.391941258882184
+            Virtual Size: '0x350'
+        .reloc:
+            Entropy: 5.459424356020445
+            Virtual Size: '0x238'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=CPUID
+            ValidFrom: '2012-01-06 00:00:00'
+            ValidTo: '2015-02-06 23:59:59'
+            Signature: be6fb3b3b33e9108a9a2273d1cf5eb3209a8c3a86ba7d66069393587f6b451b75b327ea15d36b1604aad5509c0ace37fa66e220b35764b9c201169677738c06802d2f798383c256c690898a663b0aeb519491057f9f24149c513abba2a4cab9934a684e5d83a34105fe6681f2b85d5ee06332d1c05c3627758442fd2fc94f5f68bb30f085cb1d31174e1461394aeef7b124291a099654d1103df3deab81e9658b5b5cc817061d688ae39e702f1d0dd420d6de931bed331960e089233b8576482e48d5b769fdfa8df02e1d098912444b324057826e1f72c26f045b2479a9b39eadfd6b2e1bd6db4057ef6b12ca385cad9a7ad82c4414e619f97dfd08a55f59053
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 53c8b54713882d4d5439511804935e
+            Version: 3
+            TBS:
+                MD5: 49e7946e133b4aaa31899adb235d3fa9
+                SHA1: f9f38ec49a6ccb990805be6dda0efa5f7fe8f7e7
+                SHA256: 1bb998a806b890e3300be35de0daa1b691fa218ef3d58ee5ec1b43fd34250a74
+                SHA384: 0a2ca21b084e3b431a7150c49819934d64a8b259d5686706d879a90cc37d32005eb2bbe07558b312b1169ab8a3e3de39
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 53c8b54713882d4d5439511804935e
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 958dd67f866ae27cf716e30a025b266f
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: cacb8e654c0149427d5a4e2bda3146ee
+        SHA1: 4007a1c237ac8c4342c5d205090b09c8f0c4ca33
+        SHA256: c9534f81749245346003690ecd5bdbd0a2b7011fa402c4984477ee7b4f80ca95
+    Company: Windows (R) Win 7 DDK provider
+    Copyright: "\xA9 Microsoft Corporation. All rights reserved."
+    CreationTimestamp: '2010-05-17 12:01:40'
+    Date: ''
+    Description: CPUID Driver
+    ExportedFunctions: ''
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - RtlAnsiStringToUnicodeString
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeInitializeEvent
+    - RtlInitAnsiString
+    - MmUnmapIoSpace
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - MmMapIoSpace
+    - ExFreePoolWithTag
+    - KeWaitForSingleObject
+    - PsGetVersion
+    - IoCreateSymbolicLink
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - IofCallDriver
+    - KeBugCheckEx
+    - IoDeleteSymbolicLink
+    - IoBuildDeviceIoControlRequest
+    - IofCompleteRequest
+    - ExAllocatePoolWithTag
+    - RtlUnwindEx
+    - HalSetBusDataByOffset
+    - KeStallExecutionProcessor
+    - HalGetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: cpuz.sys
+    MD5: 118f3fdba730094d17aa1b259586aef6
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: cpuz.sys
+    PDBPath: ''
+    Product: Windows (R) Win 7 DDK driver
+    ProductVersion: 6.1.7600.16385
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 93394769f926489de472acbbd72c3d8b
+        SHA1: 6e6c943f13b82d4d46331de813914d4db63771f7
+        SHA256: 53362bef3277e59f67ebc5a085f1cbe60e5c9aef1a18a2ac391b2f4954fa9649
+    SHA1: ec04d8c814f6884c009a7b51c452e73895794e64
+    SHA256: 922d23999a59ce0d84b479170fd265650bc7fae9e7d41bf550d8597f472a3832
+    Sections:
+        .text:
+            Entropy: 6.201563564303854
+            Virtual Size: '0x2186'
+        .rdata:
+            Entropy: 4.302124262535883
+            Virtual Size: '0x3c0'
+        .data:
+            Entropy: 0.378703493487675
+            Virtual Size: '0x2c0'
+        .pdata:
+            Entropy: 3.416457899981637
+            Virtual Size: '0x90'
+        INIT:
+            Entropy: 5.076342695575086
+            Virtual Size: '0x3f0'
+        .rsrc:
+            Entropy: 3.4148190207283133
+            Virtual Size: '0x3d0'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=CPUID
+            ValidFrom: '2009-02-02 00:00:00'
+            ValidTo: '2012-02-07 23:59:59'
+            Signature: 9a9bbecb393272aaedfd7a125e0fe581151a18a75a4094e082a38156f62018b9d59edef27429bbea60d6e146a2ce134546d54e00b6585c1d85e3aedfb3b9a5de7728a96b2bcc26106655bae6bc5ce3a72714f9e23282a2fba29fc870b394e832f07dc50ded3a042953fe91379769e424398278b6ed14ae4f6b4cce5fa7ba20fc8d157a78fd308214d177189bcd76b2bd62a861a8c1562e2748f338f7369f0f062804685399a6655fcb4564a644e7a8bee8330557376884cce9153992e8e205bc1474dbd0109b3c87991db9bb77a9dff5775267390431ce56ff49500d8ad70be34a0d9a0b112e07eb55f0fe07de9ac93a0b30cb36029b5ec41e032daf66627d4e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
+            Version: 3
+            TBS:
+                MD5: fb72fa311261c4fb6a786e5cc7ce1d2f
+                SHA1: 1006abcf3b1eb43fd4cc42a2cc25346b3b9002c3
+                SHA256: 01beb7dc0d29b16a5506fc611b435aa0f4d9c50408ca404e91135e493a20890a
+                SHA384: 759175ad5a7509fc3ea3678d14e568abd0edeb753b53af88af04869bea98a07314b88c26de077ab3bdb6dbb1df1b93f9
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    Imphash: 68062e8b9d3c1e6cc62a9cae16a12b81
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: d8c89e44a139c2b19c1ed0dc8368ea2d
+        SHA1: 550bdcfa9131c1bf31742343090368d759c77044
+        SHA256: 7699613119b25fc5886305e43ff556f8d53560cfa7707ab456f3165ba4ea374b
+    Company: CPUID
+    Copyright: Copyright(C) 2014 CPUID
+    CreationTimestamp: '2015-10-07 03:56:49'
+    Date: ''
+    Description: CPUID Driver
+    ExportedFunctions: ''
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - IofCompleteRequest
+    - ExFreePool
+    - ExAllocatePoolWithTag
+    - RtlFreeUnicodeString
+    - ObfDereferenceObject
+    - IoGetDeviceObjectPointer
+    - RtlAnsiStringToUnicodeString
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - RtlUnwind
+    - KeTickCount
+    - KeBugCheckEx
+    - RtlInitUnicodeString
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - PsGetVersion
+    - KeInitializeEvent
+    - IoBuildDeviceIoControlRequest
+    - IofCallDriver
+    - KeWaitForSingleObject
+    - RtlInitAnsiString
+    - IoCancelIrp
+    - READ_PORT_USHORT
+    - READ_PORT_ULONG
+    - WRITE_PORT_UCHAR
+    - WRITE_PORT_USHORT
+    - WRITE_PORT_ULONG
+    - KeStallExecutionProcessor
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    - READ_PORT_UCHAR
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: cpuz.sys
+    MD5: 80b4041695810f98e1c71ff0cf420b6d
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: cpuz.sys
+    PDBPath: ''
+    Product: CPUID service
+    ProductVersion: 6.1.7600.16385
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 151279b238de6194a32d8ca426ceaeee
+        SHA1: 7836f9fa452c5a538aed446df8439f2f49cc74aa
+        SHA256: 1319e59df060332195af6318ab22fe3f5018b1498211216a28a48f73980ab3b0
+    SHA1: 2bc9047f08a664ade481d0bbf554d3a0b49424ca
+    SHA256: ef1abc77f4000e68d5190f9e11025ea3dc1e6132103d4c3678e15a678de09f33
+    Sections:
+        .text:
+            Entropy: 6.228493472160084
+            Virtual Size: '0x3260'
+        .rdata:
+            Entropy: 4.675879933480417
+            Virtual Size: '0x2f4'
+        .data:
+            Entropy: 0.335842300318532
+            Virtual Size: '0x1e0'
+        INIT:
+            Entropy: 5.428373271150746
+            Virtual Size: '0x3dc'
+        .rsrc:
+            Entropy: 3.3938887641350184
+            Virtual Size: '0x350'
+        .reloc:
+            Entropy: 5.603135612742354
+            Virtual Size: '0x27c'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: ??=Private Organization, ??=FR, serialNumber=493 590 202, ??=39
+                rue Joseph Jacquard, postalCode=59240, C=FR, L=Dunkerque, O=CPUID,
+                CN=CPUID
+            ValidFrom: '2015-09-11 00:00:00'
+            ValidTo: '2018-09-19 12:00:00'
+            Signature: 4963c1597fb6f142ae83559d5a70e5bd09f92fdf2ddd16d93c77e91b10c52ef9e1032654515997dafd19e3b078e8c841ebde628e2f77b29c898d0612e2b7b1b3fec6a5cd93d9588494010e4e42b60d5d89d5ee4ee403228155cde73c1bdb770e65a7262a5c7cfa0914836d876a77698e88ac46b162a6326c79e62a857737571b64ab9d19556e6cfb7fcc5b32d340ef3872a7d9736575265b78b702652bd8621bb9b678a4768cbf78d6eba0d1370ad0f3e3e7d7d91e666627c9a0a30c548ed97fb9aca358aa0476ba2f1d475e956bf29123c59dce2c119d56603c42706f0c88efc1cd913e5dcba0130840eb86968290cd55f93b90466e8710bafd4111f67f04ba
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 07ef902f309d9df93e5124fa3ee5dae2
+            Version: 3
+            TBS:
+                MD5: aa06717c45e9e49a8c1e001c66edd9fa
+                SHA1: 6a150d1cba59e4090bf9169a333e0fb226ed5472
+                SHA256: 6dde4dd03be027a9ce82b9337559c984377a7a7f3f589d575726bfcbb806afdb
+                SHA384: b9bef10fc28980514e23d13d0fe6d5f43b3e4a2dff24049d6cef3c3fb955e071e1d1128c71c12c5a3bf09cc107782600
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA (SHA2)
+            ValidFrom: '2012-04-18 12:00:00'
+            ValidTo: '2027-04-18 12:00:00'
+            Signature: 19334a0c813337dbad36c9e4c93abbb51b2e7aa2e2f44342179ebf4ea14de1b1dbe981dd9f01f2e488d5e9fe09fd21c1ec5d80d2f0d6c143c2fe772bdbf9d79133ce6cd5b2193be62ed6c9934f88408ecde1f57ef10fc6595672e8eb6a41bd1cd546d57c49ca663815c1bfe091707787dcc98d31c90c29a233ed8de287cd898d3f1bffd5e01a978b7cda6dfba8c6b23a666b7b01b3cdd8a634ec1201ab9558a5c45357a860e6e70212a0b92364a24dbb7c81256421becfee42184397bba53706af4dff26a54d614bec4641b865ceb8799e08960b818c8a3b8fc7998ca32a6e986d5e61c696b78ab9612d93b8eb0e0443d7f5fea6f062d4996aa5c1c1f0649480
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 03f1b4e15f3a82f1149678b3d7d8475c
+            Version: 3
+            TBS:
+                MD5: 83f5de89f641d0fbf60248e10a7b9534
+                SHA1: 382a73a059a08698d6eb98c87e1b36fc750933a4
+                SHA256: eec58131dc11cd7f512501b15fdbc6074c603b68ca91f7162d5a042054edb0cf
+                SHA384: 4a25018683cabfb8ec2cad136334f37f33c89aa8540326322991d997c8adfb7faf06ab602ebd46630fe75fe3d2edc6b1
+        Signer:
+        -   SerialNumber: 07ef902f309d9df93e5124fa3ee5dae2
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA (SHA2)
+            Version: 1
+    Imphash: 643f4d79f35dddc9bb5cc04a0f0c18d3
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: d8a92124984eb0c21f84461d5babd6de
+        SHA1: 6e928611c1afb608bf0df53a0d9f9e59a51199a2
+        SHA256: 4bf6f1b49ed332b31c695ee1e3e8db69d7514a3179f707034eec96de4865e1d2
+    Company: CPUID
+    Copyright: Copyright(C) 2010 CPUID
+    CreationTimestamp: '2010-11-09 06:32:57'
+    Date: ''
+    Description: CPUID Driver
+    ExportedFunctions: ''
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Filename: cpuz.sys
+    ImportedFunctions:
+    - IofCompleteRequest
+    - ExFreePool
+    - ExAllocatePoolWithTag
+    - RtlFreeUnicodeString
+    - ObfDereferenceObject
+    - MmIsAddressValid
+    - IoGetDeviceObjectPointer
+    - MmUnmapIoSpace
+    - RtlInitAnsiString
+    - MmMapIoSpace
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - RtlUnwind
+    - KeTickCount
+    - KeBugCheckEx
+    - RtlInitUnicodeString
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - PsGetVersion
+    - KeInitializeEvent
+    - IoBuildDeviceIoControlRequest
+    - IofCallDriver
+    - KeWaitForSingleObject
+    - RtlAnsiStringToUnicodeString
+    - IoCancelIrp
+    - READ_PORT_USHORT
+    - READ_PORT_ULONG
+    - WRITE_PORT_UCHAR
+    - WRITE_PORT_USHORT
+    - WRITE_PORT_ULONG
+    - HalGetBusDataByOffset
+    - HalSetBusDataByOffset
+    - KeStallExecutionProcessor
+    - READ_PORT_UCHAR
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: cpuz.sys
+    MD5: c2eb4539a4f6ab6edd01bdc191619975
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: cpuz.sys
+    Product: CPUID service
+    ProductVersion: 6.1.7600.16385
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 41f15d0f328a165973b49de608ef72a2
+        SHA1: abcd9850775bd0a1a855e785a238e0e69525810f
+        SHA256: 02dc44b04a6426fcaedf26995bfa471f123a90a9c747e82cebaf95f394890631
+    SHA1: 4d41248078181c7f61e6e4906aa96bbdea320dc2
+    SHA256: 8c95d28270a4a314299cf50f05dcbe63033b2a555195d2ad2f678e09e00393e6
+    Sections:
+        .text:
+            Entropy: 6.209693758202642
+            Virtual Size: '0x25f0'
+        .rdata:
+            Entropy: 4.523679043309293
+            Virtual Size: '0x300'
+        .data:
+            Entropy: 0.335842300318532
+            Virtual Size: '0x1e0'
+        INIT:
+            Entropy: 5.419833691539649
+            Virtual Size: '0x3f4'
+        .rsrc:
+            Entropy: 3.3927376128305218
+            Virtual Size: '0x350'
+        .reloc:
+            Entropy: 5.4506770820844155
+            Virtual Size: '0x24c'
+    Signature:
+    - CPUID
+    - VeriSign Class 3 Code Signing 2004 CA
+    - VeriSign Class 3 Public Primary CA
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=CPUID
+            ValidFrom: '2009-02-02 00:00:00'
+            ValidTo: '2012-02-07 23:59:59'
+            Signature: 9a9bbecb393272aaedfd7a125e0fe581151a18a75a4094e082a38156f62018b9d59edef27429bbea60d6e146a2ce134546d54e00b6585c1d85e3aedfb3b9a5de7728a96b2bcc26106655bae6bc5ce3a72714f9e23282a2fba29fc870b394e832f07dc50ded3a042953fe91379769e424398278b6ed14ae4f6b4cce5fa7ba20fc8d157a78fd308214d177189bcd76b2bd62a861a8c1562e2748f338f7369f0f062804685399a6655fcb4564a644e7a8bee8330557376884cce9153992e8e205bc1474dbd0109b3c87991db9bb77a9dff5775267390431ce56ff49500d8ad70be34a0d9a0b112e07eb55f0fe07de9ac93a0b30cb36029b5ec41e032daf66627d4e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
+            Version: 3
+            TBS:
+                MD5: fb72fa311261c4fb6a786e5cc7ce1d2f
+                SHA1: 1006abcf3b1eb43fd4cc42a2cc25346b3b9002c3
+                SHA256: 01beb7dc0d29b16a5506fc611b435aa0f4d9c50408ca404e91135e493a20890a
+                SHA384: 759175ad5a7509fc3ea3678d14e568abd0edeb753b53af88af04869bea98a07314b88c26de077ab3bdb6dbb1df1b93f9
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    Imphash: 958dd67f866ae27cf716e30a025b266f
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 309452c42b32d432d3e9d242da06f97a
+        SHA1: 74349d8cce986c0d30e6d7dda85dee9382c26346
+        SHA256: 158f9e2bcec73e821d5df17c1d5f9f46f23ecd9f6cf101588578235240f5cca0
+    Company: CPUID
+    Copyright: Copyright(C) 2010 CPUID
+    CreationTimestamp: '2010-12-27 06:34:50'
+    Date: ''
+    Description: CPUID Driver
+    ExportedFunctions: ''
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - IofCompleteRequest
+    - ExFreePool
+    - ExAllocatePoolWithTag
+    - RtlFreeUnicodeString
+    - ObfDereferenceObject
+    - MmIsAddressValid
+    - IoGetDeviceObjectPointer
+    - MmUnmapIoSpace
+    - RtlInitAnsiString
+    - MmMapIoSpace
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - RtlUnwind
+    - KeTickCount
+    - KeBugCheckEx
+    - RtlInitUnicodeString
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - PsGetVersion
+    - KeInitializeEvent
+    - IoBuildDeviceIoControlRequest
+    - IofCallDriver
+    - KeWaitForSingleObject
+    - RtlAnsiStringToUnicodeString
+    - IoCancelIrp
+    - READ_PORT_USHORT
+    - READ_PORT_ULONG
+    - WRITE_PORT_UCHAR
+    - WRITE_PORT_USHORT
+    - WRITE_PORT_ULONG
+    - HalGetBusDataByOffset
+    - HalSetBusDataByOffset
+    - KeStallExecutionProcessor
+    - READ_PORT_UCHAR
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: cpuz.sys
+    MD5: 44a3b9cc0a8e89c11544932b295ea113
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: cpuz.sys
+    PDBPath: ''
+    Product: CPUID service
+    ProductVersion: 6.1.7600.16385
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 41f15d0f328a165973b49de608ef72a2
+        SHA1: abcd9850775bd0a1a855e785a238e0e69525810f
+        SHA256: 02dc44b04a6426fcaedf26995bfa471f123a90a9c747e82cebaf95f394890631
+    SHA1: 543933cce83f2e75d1b6a8abdb41199ddef8406c
+    SHA256: a11cf43794ea5b5122a0851bf7de08e559f6e9219c77f9888ff740055f2c155e
+    Sections:
+        .text:
+            Entropy: 6.191884042534969
+            Virtual Size: '0x2640'
+        .rdata:
+            Entropy: 4.514474359741861
+            Virtual Size: '0x300'
+        .data:
+            Entropy: 0.335842300318532
+            Virtual Size: '0x1e0'
+        INIT:
+            Entropy: 5.415883913844001
+            Virtual Size: '0x3f4'
+        .rsrc:
+            Entropy: 3.3927376128305218
+            Virtual Size: '0x350'
+        .reloc:
+            Entropy: 5.484183849650332
+            Virtual Size: '0x250'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=CPUID
+            ValidFrom: '2009-02-02 00:00:00'
+            ValidTo: '2012-02-07 23:59:59'
+            Signature: 9a9bbecb393272aaedfd7a125e0fe581151a18a75a4094e082a38156f62018b9d59edef27429bbea60d6e146a2ce134546d54e00b6585c1d85e3aedfb3b9a5de7728a96b2bcc26106655bae6bc5ce3a72714f9e23282a2fba29fc870b394e832f07dc50ded3a042953fe91379769e424398278b6ed14ae4f6b4cce5fa7ba20fc8d157a78fd308214d177189bcd76b2bd62a861a8c1562e2748f338f7369f0f062804685399a6655fcb4564a644e7a8bee8330557376884cce9153992e8e205bc1474dbd0109b3c87991db9bb77a9dff5775267390431ce56ff49500d8ad70be34a0d9a0b112e07eb55f0fe07de9ac93a0b30cb36029b5ec41e032daf66627d4e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
+            Version: 3
+            TBS:
+                MD5: fb72fa311261c4fb6a786e5cc7ce1d2f
+                SHA1: 1006abcf3b1eb43fd4cc42a2cc25346b3b9002c3
+                SHA256: 01beb7dc0d29b16a5506fc611b435aa0f4d9c50408ca404e91135e493a20890a
+                SHA384: 759175ad5a7509fc3ea3678d14e568abd0edeb753b53af88af04869bea98a07314b88c26de077ab3bdb6dbb1df1b93f9
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    Imphash: 958dd67f866ae27cf716e30a025b266f
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 935f15a2b9c92e1d2a01caa67e4d7a9c
+        SHA1: ec4945aa4e0f04e234aa00df92731a9692ab1026
+        SHA256: bedb25c95cead7deb60ef18c753b65131d9b7dcd13846f09b011060042586213
+    Company: Windows (R) Win 7 DDK provider
+    Copyright: "\xA9 Microsoft Corporation. All rights reserved."
+    CreationTimestamp: '2010-07-09 05:18:04'
+    Date: ''
+    Description: CPUID Driver
+    ExportedFunctions: ''
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - IofCompleteRequest
+    - ExFreePool
+    - ExAllocatePoolWithTag
+    - RtlFreeUnicodeString
+    - ObfDereferenceObject
+    - MmIsAddressValid
+    - IoGetDeviceObjectPointer
+    - MmUnmapIoSpace
+    - RtlInitAnsiString
+    - MmMapIoSpace
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeTickCount
+    - KeBugCheckEx
+    - RtlInitUnicodeString
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - PsGetVersion
+    - KeInitializeEvent
+    - IoBuildDeviceIoControlRequest
+    - IofCallDriver
+    - KeWaitForSingleObject
+    - RtlAnsiStringToUnicodeString
+    - IoCancelIrp
+    - RtlUnwind
+    - READ_PORT_USHORT
+    - READ_PORT_ULONG
+    - WRITE_PORT_UCHAR
+    - WRITE_PORT_USHORT
+    - WRITE_PORT_ULONG
+    - HalGetBusDataByOffset
+    - HalSetBusDataByOffset
+    - KeStallExecutionProcessor
+    - READ_PORT_UCHAR
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: cpuz.sys
+    MD5: 75fa19142531cbf490770c2988a7db64
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: cpuz.sys
+    PDBPath: ''
+    Product: Windows (R) Win 7 DDK driver
+    ProductVersion: 6.1.7600.16385
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 4ba73072bea66755a70f3a8c99951424
+        SHA1: d9ce039d736544c2d9b7fe44460d8e006a5c62f0
+        SHA256: 3b45bc2da9543317e7a22486f86a3f8c0eb289596d1d7661b47e35e99058861f
+    SHA1: 9cc694dcb532e94554a2a1ef7c6ced3e2f86ef5a
+    SHA256: c673f2eed5d0eed307a67119d20a91c8818a53a3cb616e2984876b07e5c62547
+    Sections:
+        .text:
+            Entropy: 6.234206925652012
+            Virtual Size: '0x2170'
+        .rdata:
+            Entropy: 4.503033217723106
+            Virtual Size: '0x2ec'
+        .data:
+            Entropy: 0.22396935932252834
+            Virtual Size: '0x1c0'
+        INIT:
+            Entropy: 5.447569063369494
+            Virtual Size: '0x3f4'
+        .rsrc:
+            Entropy: 3.418143931074457
+            Virtual Size: '0x3d0'
+        .reloc:
+            Entropy: 5.615914987677597
+            Virtual Size: '0x214'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=CPUID
+            ValidFrom: '2009-02-02 00:00:00'
+            ValidTo: '2012-02-07 23:59:59'
+            Signature: 9a9bbecb393272aaedfd7a125e0fe581151a18a75a4094e082a38156f62018b9d59edef27429bbea60d6e146a2ce134546d54e00b6585c1d85e3aedfb3b9a5de7728a96b2bcc26106655bae6bc5ce3a72714f9e23282a2fba29fc870b394e832f07dc50ded3a042953fe91379769e424398278b6ed14ae4f6b4cce5fa7ba20fc8d157a78fd308214d177189bcd76b2bd62a861a8c1562e2748f338f7369f0f062804685399a6655fcb4564a644e7a8bee8330557376884cce9153992e8e205bc1474dbd0109b3c87991db9bb77a9dff5775267390431ce56ff49500d8ad70be34a0d9a0b112e07eb55f0fe07de9ac93a0b30cb36029b5ec41e032daf66627d4e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
+            Version: 3
+            TBS:
+                MD5: fb72fa311261c4fb6a786e5cc7ce1d2f
+                SHA1: 1006abcf3b1eb43fd4cc42a2cc25346b3b9002c3
+                SHA256: 01beb7dc0d29b16a5506fc611b435aa0f4d9c50408ca404e91135e493a20890a
+                SHA384: 759175ad5a7509fc3ea3678d14e568abd0edeb753b53af88af04869bea98a07314b88c26de077ab3bdb6dbb1df1b93f9
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    Imphash: 5716c52252afe18d09f6c1bc6e5ef3ef
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: f650821a4b67b88288c57f0dcd2bb22b
+        SHA1: a73160d3ed6b21c9943d75357e55a4d422a37050
+        SHA256: 6522fc68fa686a546cd98142b90e5bcbfb8b79127cfb38b9a1249996d3d102dc
+    Company: CPUID
+    Copyright: Copyright(C) 2014 CPUID
+    CreationTimestamp: '2014-11-27 04:16:46'
+    Date: ''
+    Description: CPUID Driver
+    ExportedFunctions: ''
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - RtlAnsiStringToUnicodeString
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeInitializeEvent
+    - RtlInitAnsiString
+    - MmUnmapIoSpace
+    - IoCancelIrp
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - ExFreePoolWithTag
+    - IofCompleteRequest
+    - KeWaitForSingleObject
+    - PsGetVersion
+    - IoCreateSymbolicLink
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - DbgPrintEx
+    - IofCallDriver
+    - KeBugCheckEx
+    - IoDeleteSymbolicLink
+    - IoBuildDeviceIoControlRequest
+    - MmMapIoSpace
+    - ExAllocatePoolWithTag
+    - RtlUnwindEx
+    - HalSetBusDataByOffset
+    - KeStallExecutionProcessor
+    - HalGetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: cpuz.sys
+    MD5: a223f8584bcb978c003dd451b1439f8d
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: cpuz.sys
+    PDBPath: ''
+    Product: CPUID service
+    ProductVersion: 6.1.7600.16385
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: c046d6f14ec39d2a0f67a417bda83c5e
+        SHA1: 74661f1063b4c80566f75a1bee22c35f7af17fa9
+        SHA256: 440eebbdc09d290724d364056ba4e2725c75759819a6df0a1ed5c876ed7d2474
+    SHA1: dce4322406004fc884d91ed9a88a36daca7ae19a
+    SHA256: bc8cb3aebe911bd9b4a3caf46f7dda0f73fec4d2e4e7bc9601bb6726f5893091
+    Sections:
+        .text:
+            Entropy: 6.217726783866495
+            Virtual Size: '0x31d7'
+        .rdata:
+            Entropy: 4.172758269398432
+            Virtual Size: '0x434'
+        .data:
+            Entropy: 0.378703493487675
+            Virtual Size: '0x2c0'
+        .pdata:
+            Entropy: 3.5865115349753927
+            Virtual Size: '0xd8'
+        INIT:
+            Entropy: 5.117679654830676
+            Virtual Size: '0x400'
+        .rsrc:
+            Entropy: 3.3971374522271924
+            Virtual Size: '0x350'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=CPUID
+            ValidFrom: '2012-01-06 00:00:00'
+            ValidTo: '2015-02-06 23:59:59'
+            Signature: be6fb3b3b33e9108a9a2273d1cf5eb3209a8c3a86ba7d66069393587f6b451b75b327ea15d36b1604aad5509c0ace37fa66e220b35764b9c201169677738c06802d2f798383c256c690898a663b0aeb519491057f9f24149c513abba2a4cab9934a684e5d83a34105fe6681f2b85d5ee06332d1c05c3627758442fd2fc94f5f68bb30f085cb1d31174e1461394aeef7b124291a099654d1103df3deab81e9658b5b5cc817061d688ae39e702f1d0dd420d6de931bed331960e089233b8576482e48d5b769fdfa8df02e1d098912444b324057826e1f72c26f045b2479a9b39eadfd6b2e1bd6db4057ef6b12ca385cad9a7ad82c4414e619f97dfd08a55f59053
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 53c8b54713882d4d5439511804935e
+            Version: 3
+            TBS:
+                MD5: 49e7946e133b4aaa31899adb235d3fa9
+                SHA1: f9f38ec49a6ccb990805be6dda0efa5f7fe8f7e7
+                SHA256: 1bb998a806b890e3300be35de0daa1b691fa218ef3d58ee5ec1b43fd34250a74
+                SHA384: 0a2ca21b084e3b431a7150c49819934d64a8b259d5686706d879a90cc37d32005eb2bbe07558b312b1169ab8a3e3de39
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 53c8b54713882d4d5439511804935e
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 65abf5c92cc2239f2dc9d589458569c9
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: a81f08837e541b798d6c760ec7a7ee92
+        SHA1: c0c3d664f74fd6737431124a522a1347c8ce21ce
+        SHA256: 4a525f5350be5a82cf4fb3546a914841642cda5deed7f9baa13d2912eed476fb
+    Company: CPUID
+    Copyright: Copyright(C) 2017 CPUID
+    CreationTimestamp: '2017-03-23 05:18:13'
+    Date: ''
+    Description: CPUID Driver
+    ExportedFunctions: ''
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - IoGetDeviceObjectPointer
+    - RtlAnsiStringToUnicodeString
+    - RtlInitAnsiString
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - IoDeleteDevice
+    - ObfDereferenceObject
+    - RtlInitUnicodeString
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeTickCount
+    - KeBugCheckEx
+    - RtlFreeUnicodeString
+    - ExAllocatePoolWithTag
+    - ExFreePool
+    - IofCompleteRequest
+    - KeInitializeEvent
+    - IoBuildDeviceIoControlRequest
+    - IofCallDriver
+    - KeWaitForSingleObject
+    - IoCancelIrp
+    - IoDeleteSymbolicLink
+    - PsGetVersion
+    - RtlUnwind
+    - READ_PORT_USHORT
+    - READ_PORT_ULONG
+    - WRITE_PORT_UCHAR
+    - WRITE_PORT_USHORT
+    - WRITE_PORT_ULONG
+    - KeQueryPerformanceCounter
+    - KeStallExecutionProcessor
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    - READ_PORT_UCHAR
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: cpuz.sys
+    MD5: e027daa2f81961d09aef88093e107d93
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: cpuz.sys
+    PDBPath: ''
+    Product: CPUID service
+    ProductVersion: 6.1.7600.16385
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: e10f1a83d333c2feb8a17b1906909a07
+        SHA1: f605fa8f10b2b64638f01715179b7588f4a6b727
+        SHA256: 9337693c714a35f8370e9a6d7aca13083a7e4c5dbbefdee250b06ae6cc63a06d
+    SHA1: 65f6a4a23846277914d90ba6c12742eecf1be22d
+    SHA256: 11a4b08e70ebc25a1d4c35ed0f8ef576c1424c52b580115b26149bd224ffc768
+    Sections:
+        .text:
+            Entropy: 6.180707788939719
+            Virtual Size: '0x4980'
+        .rdata:
+            Entropy: 4.74337864304572
+            Virtual Size: '0x398'
+        .data:
+            Entropy: 0.13142343474404483
+            Virtual Size: '0x340'
+        INIT:
+            Entropy: 5.4107944069129665
+            Virtual Size: '0x3fc'
+        .rsrc:
+            Entropy: 3.3973045624277542
+            Virtual Size: '0x350'
+        .reloc:
+            Entropy: 5.9736845764369955
+            Virtual Size: '0x2f0'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, CN=CPUID
+            ValidFrom: '2014-12-02 00:00:00'
+            ValidTo: '2018-03-02 23:59:59'
+            Signature: a59808b35f916a1201f0987b958aaaf50b81f3e507cf9d1b902bc22787244617e38069e4ca74bcf505dfdfeb6bad8bee2ecba26a428c2b26c9b9987241b50ccfd895a7335b35534c5569fdef2554d773cb3b20f10e08eeff2701d2a3e8ef7c5bb759baf1995d1580dce4f0c5da90eff4f07e01e7c9273b24c14c514f2ae1d1fe940dd53bfa25572cd6f3c007c7f21aebc58ea32ca3aea83c731419c9dcc191158cbb52b0b70545a16c9b42aadd4dcb167443d6c15fa03ae7f6f0f644845a69cb8badb3f143fd916a70c5008c3486d1f0cc8e0527f76da5aeaca4925f6eb6861dd54e1ce8b80e6b000446d77ac8bd0299e38db3b8e4a9c43294367cd6a55351d0
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 2d8021d84f098e7abde199f818e211a4
+            Version: 3
+            TBS:
+                MD5: 8f8c7ccf1ef7e1ee347f49e8266008ca
+                SHA1: b856b993df73da9d824aa1e5161788bd10d1e10e
+                SHA256: 1dd13a417806106c76cfbcd3614fe27a0638d2aaf2731f6a110c05043e34ad91
+                SHA384: d24ede407b82f80a6f0703b59af267f227a956c21f642f4c3d717d6999728ba2acfde76966340f4334f8ecdcf294616e
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 2d8021d84f098e7abde199f818e211a4
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: b1e749ba779687a5127817da3d47af2c
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 3e6f73c0fdbd707a45c117d6bf4122a4
+        SHA1: b06dc5c8fb5cf42bab967d11eac38a13cb6f2cb0
+        SHA256: fed2e6e84e5f7212a86ede773184d97fb11d24b5da26a030c833dd1bec4ec953
+    Company: CPUID
+    Copyright: Copyright(C) 2015 CPUID
+    CreationTimestamp: '2016-01-27 02:15:39'
+    Date: ''
+    Description: CPUID Driver
+    ExportedFunctions: ''
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - IofCompleteRequest
+    - ExFreePool
+    - ExAllocatePoolWithTag
+    - RtlFreeUnicodeString
+    - ObfDereferenceObject
+    - IoGetDeviceObjectPointer
+    - RtlAnsiStringToUnicodeString
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - RtlUnwind
+    - KeTickCount
+    - KeBugCheckEx
+    - RtlInitUnicodeString
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - PsGetVersion
+    - KeInitializeEvent
+    - IoBuildDeviceIoControlRequest
+    - IofCallDriver
+    - KeWaitForSingleObject
+    - RtlInitAnsiString
+    - IoCancelIrp
+    - READ_PORT_USHORT
+    - READ_PORT_ULONG
+    - WRITE_PORT_UCHAR
+    - WRITE_PORT_USHORT
+    - WRITE_PORT_ULONG
+    - KeStallExecutionProcessor
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    - READ_PORT_UCHAR
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: cpuz.sys
+    MD5: c31610f4c383204a1fc105c54b7403c9
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: cpuz.sys
+    PDBPath: ''
+    Product: CPUID service
+    ProductVersion: 6.1.7600.16385
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 151279b238de6194a32d8ca426ceaeee
+        SHA1: 7836f9fa452c5a538aed446df8439f2f49cc74aa
+        SHA256: 1319e59df060332195af6318ab22fe3f5018b1498211216a28a48f73980ab3b0
+    SHA1: 65886384708d5a6c86f3c4c16a7e7cdbf68de92a
+    SHA256: 6c5c6c350c8dd4ca90a8cca0ed1eeca185ebc67b1100935c8f03eb3032aca388
+    Sections:
+        .text:
+            Entropy: 6.228423170107256
+            Virtual Size: '0x3260'
+        .rdata:
+            Entropy: 4.674813067607283
+            Virtual Size: '0x2f4'
+        .data:
+            Entropy: 0.335842300318532
+            Virtual Size: '0x1e0'
+        INIT:
+            Entropy: 5.428373271150746
+            Virtual Size: '0x3dc'
+        .rsrc:
+            Entropy: 3.3925686987119477
+            Virtual Size: '0x350'
+        .reloc:
+            Entropy: 5.603135612742354
+            Virtual Size: '0x27c'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, CN=CPUID
+            ValidFrom: '2014-12-02 00:00:00'
+            ValidTo: '2018-03-02 23:59:59'
+            Signature: a59808b35f916a1201f0987b958aaaf50b81f3e507cf9d1b902bc22787244617e38069e4ca74bcf505dfdfeb6bad8bee2ecba26a428c2b26c9b9987241b50ccfd895a7335b35534c5569fdef2554d773cb3b20f10e08eeff2701d2a3e8ef7c5bb759baf1995d1580dce4f0c5da90eff4f07e01e7c9273b24c14c514f2ae1d1fe940dd53bfa25572cd6f3c007c7f21aebc58ea32ca3aea83c731419c9dcc191158cbb52b0b70545a16c9b42aadd4dcb167443d6c15fa03ae7f6f0f644845a69cb8badb3f143fd916a70c5008c3486d1f0cc8e0527f76da5aeaca4925f6eb6861dd54e1ce8b80e6b000446d77ac8bd0299e38db3b8e4a9c43294367cd6a55351d0
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 2d8021d84f098e7abde199f818e211a4
+            Version: 3
+            TBS:
+                MD5: 8f8c7ccf1ef7e1ee347f49e8266008ca
+                SHA1: b856b993df73da9d824aa1e5161788bd10d1e10e
+                SHA256: 1dd13a417806106c76cfbcd3614fe27a0638d2aaf2731f6a110c05043e34ad91
+                SHA384: d24ede407b82f80a6f0703b59af267f227a956c21f642f4c3d717d6999728ba2acfde76966340f4334f8ecdcf294616e
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 2d8021d84f098e7abde199f818e211a4
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 643f4d79f35dddc9bb5cc04a0f0c18d3
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 5cfd801fc0baec3342bd6a6a59503c96
+        SHA1: e542227abbc61cd8adb8ecf2de77368c1825d2c8
+        SHA256: 81017af32ebdaf0bc0878a8057bc6b8bd3848eb21aca324cd56b27faa1df7377
+    Company: CPUID
+    Copyright: Copyright(C) 2014 CPUID
+    CreationTimestamp: '2015-02-26 00:22:40'
+    Date: ''
+    Description: CPUID Driver
+    ExportedFunctions: ''
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - IofCompleteRequest
+    - ExFreePool
+    - ExAllocatePoolWithTag
+    - RtlFreeUnicodeString
+    - ObfDereferenceObject
+    - IoGetDeviceObjectPointer
+    - RtlAnsiStringToUnicodeString
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - RtlUnwind
+    - KeTickCount
+    - KeBugCheckEx
+    - RtlInitUnicodeString
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - PsGetVersion
+    - KeInitializeEvent
+    - IoBuildDeviceIoControlRequest
+    - IofCallDriver
+    - KeWaitForSingleObject
+    - RtlInitAnsiString
+    - IoCancelIrp
+    - READ_PORT_USHORT
+    - READ_PORT_ULONG
+    - WRITE_PORT_UCHAR
+    - WRITE_PORT_USHORT
+    - WRITE_PORT_ULONG
+    - KeStallExecutionProcessor
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    - READ_PORT_UCHAR
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: cpuz.sys
+    MD5: 8d14b013fc2b555e404b1c3301150c34
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: cpuz.sys
+    PDBPath: ''
+    Product: CPUID service
+    ProductVersion: 6.1.7600.16385
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 151279b238de6194a32d8ca426ceaeee
+        SHA1: 7836f9fa452c5a538aed446df8439f2f49cc74aa
+        SHA256: 1319e59df060332195af6318ab22fe3f5018b1498211216a28a48f73980ab3b0
+    SHA1: 5c94c8894799f02f19e45fcab44ee33e653a4d17
+    SHA256: a3975db1127c331ba541fffff0c607a15c45b47aa078e756b402422ef7e81c2c
+    Sections:
+        .text:
+            Entropy: 6.228493472160084
+            Virtual Size: '0x3260'
+        .rdata:
+            Entropy: 4.678009087547132
+            Virtual Size: '0x2f4'
+        .data:
+            Entropy: 0.335842300318532
+            Virtual Size: '0x1e0'
+        INIT:
+            Entropy: 5.428373271150746
+            Virtual Size: '0x3dc'
+        .rsrc:
+            Entropy: 3.3938887641350184
+            Virtual Size: '0x350'
+        .reloc:
+            Entropy: 5.603135612742354
+            Virtual Size: '0x27c'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, CN=CPUID
+            ValidFrom: '2014-12-02 00:00:00'
+            ValidTo: '2018-03-02 23:59:59'
+            Signature: a59808b35f916a1201f0987b958aaaf50b81f3e507cf9d1b902bc22787244617e38069e4ca74bcf505dfdfeb6bad8bee2ecba26a428c2b26c9b9987241b50ccfd895a7335b35534c5569fdef2554d773cb3b20f10e08eeff2701d2a3e8ef7c5bb759baf1995d1580dce4f0c5da90eff4f07e01e7c9273b24c14c514f2ae1d1fe940dd53bfa25572cd6f3c007c7f21aebc58ea32ca3aea83c731419c9dcc191158cbb52b0b70545a16c9b42aadd4dcb167443d6c15fa03ae7f6f0f644845a69cb8badb3f143fd916a70c5008c3486d1f0cc8e0527f76da5aeaca4925f6eb6861dd54e1ce8b80e6b000446d77ac8bd0299e38db3b8e4a9c43294367cd6a55351d0
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 2d8021d84f098e7abde199f818e211a4
+            Version: 3
+            TBS:
+                MD5: 8f8c7ccf1ef7e1ee347f49e8266008ca
+                SHA1: b856b993df73da9d824aa1e5161788bd10d1e10e
+                SHA256: 1dd13a417806106c76cfbcd3614fe27a0638d2aaf2731f6a110c05043e34ad91
+                SHA384: d24ede407b82f80a6f0703b59af267f227a956c21f642f4c3d717d6999728ba2acfde76966340f4334f8ecdcf294616e
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 2d8021d84f098e7abde199f818e211a4
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 643f4d79f35dddc9bb5cc04a0f0c18d3
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 089b65f7a818485884624cea6fff78cd
+        SHA1: ed245e4139d5d97b6c5b4085b0bdb2d9a9711bfb
+        SHA256: d6d5d997bbb55b2328c6486595f6f3070a0d03b4dd7c1d2ec1510f43e61b9bcd
+    Company: CPUID
+    Copyright: Copyright(C) 2017 CPUID
+    CreationTimestamp: '2017-05-22 02:18:28'
+    Date: ''
+    Description: CPUID Driver
+    ExportedFunctions: ''
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - PsGetVersion
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeTickCount
+    - KeBugCheckEx
+    - IofCompleteRequest
+    - MmMapIoSpace
+    - MmUnmapIoSpace
+    - ProbeForWrite
+    - IoDeleteDevice
+    - RtlInitUnicodeString
+    - IoDeleteSymbolicLink
+    - RtlUnwindEx
+    - RtlPcToFileHeader
+    - READ_PORT_USHORT
+    - WRITE_PORT_ULONG
+    - HalGetBusDataByOffset
+    - HalSetBusDataByOffset
+    - READ_PORT_UCHAR
+    - HalCallPal
+    - WRITE_PORT_UCHAR
+    - KeStallExecutionProcessor
+    - WRITE_PORT_USHORT
+    - READ_PORT_ULONG
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: cpuz.sys
+    MD5: a610cd4c762b5af8575285dafb9baa8f
+    MachineType: IA64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: cpuz.sys
+    PDBPath: ''
+    Product: CPUID service
+    ProductVersion: 6.1.7600.16385
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 756be87f8c768cb8bfd02af932dd7589
+        SHA1: 16c2ebba52ba9fb0ef5570c1d620daaaee63865a
+        SHA256: 48acdfbe5ad27d73c0fd9b115a49420f182d146bca52797ce33cc2a061ff0ced
+    SHA1: 7a107291a9fad0d298a606eb34798d423c4a5683
+    SHA256: da617fe914a5f86dc9d657ef891bbbceb393c8a6fea2313c84923f3630255cdb
+    Sections:
+        .text:
+            Entropy: 5.345067492229126
+            Virtual Size: '0x57c0'
+        .rdata:
+            Entropy: 4.032837077012453
+            Virtual Size: '0x550'
+        .pdata:
+            Entropy: 3.4181953789743655
+            Virtual Size: '0xd8'
+        .sdata:
+            Entropy: 1.1203888318125959
+            Virtual Size: '0x420'
+        INIT:
+            Entropy: 5.015276332791068
+            Virtual Size: '0x3e8'
+        .rsrc:
+            Entropy: 3.388191426646717
+            Virtual Size: '0x350'
+        .reloc:
+            Entropy: 0.9063065323515203
+            Virtual Size: '0x188'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, CN=CPUID
+            ValidFrom: '2014-12-02 00:00:00'
+            ValidTo: '2018-03-02 23:59:59'
+            Signature: a59808b35f916a1201f0987b958aaaf50b81f3e507cf9d1b902bc22787244617e38069e4ca74bcf505dfdfeb6bad8bee2ecba26a428c2b26c9b9987241b50ccfd895a7335b35534c5569fdef2554d773cb3b20f10e08eeff2701d2a3e8ef7c5bb759baf1995d1580dce4f0c5da90eff4f07e01e7c9273b24c14c514f2ae1d1fe940dd53bfa25572cd6f3c007c7f21aebc58ea32ca3aea83c731419c9dcc191158cbb52b0b70545a16c9b42aadd4dcb167443d6c15fa03ae7f6f0f644845a69cb8badb3f143fd916a70c5008c3486d1f0cc8e0527f76da5aeaca4925f6eb6861dd54e1ce8b80e6b000446d77ac8bd0299e38db3b8e4a9c43294367cd6a55351d0
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 2d8021d84f098e7abde199f818e211a4
+            Version: 3
+            TBS:
+                MD5: 8f8c7ccf1ef7e1ee347f49e8266008ca
+                SHA1: b856b993df73da9d824aa1e5161788bd10d1e10e
+                SHA256: 1dd13a417806106c76cfbcd3614fe27a0638d2aaf2731f6a110c05043e34ad91
+                SHA384: d24ede407b82f80a6f0703b59af267f227a956c21f642f4c3d717d6999728ba2acfde76966340f4334f8ecdcf294616e
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 2d8021d84f098e7abde199f818e211a4
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: a2d936fa82b7340d28a697fb344046d8
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 14a0ffbaa1c006e13694045677dbeabf
+        SHA1: 9a80799aa58112415ce2d7b1d6b238d41cbdda28
+        SHA256: b7e3bd414674a3258be7ce384619b74946bafa218648a00c04e4e74f987f5723
+    Company: CPUID
+    Copyright: Copyright(C) 2015 CPUID
+    CreationTimestamp: '2016-01-27 02:16:16'
+    Date: ''
+    Description: CPUID Driver
+    ExportedFunctions: ''
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - PsGetVersion
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeTickCount
+    - KeBugCheckEx
+    - IofCompleteRequest
+    - MmMapIoSpace
+    - MmUnmapIoSpace
+    - ProbeForWrite
+    - IoDeleteDevice
+    - RtlInitUnicodeString
+    - IoDeleteSymbolicLink
+    - RtlUnwindEx
+    - RtlPcToFileHeader
+    - READ_PORT_USHORT
+    - WRITE_PORT_ULONG
+    - HalGetBusDataByOffset
+    - HalSetBusDataByOffset
+    - READ_PORT_UCHAR
+    - HalCallPal
+    - WRITE_PORT_UCHAR
+    - KeStallExecutionProcessor
+    - WRITE_PORT_USHORT
+    - READ_PORT_ULONG
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: cpuz.sys
+    MD5: 8ea94766cd7890483449dc193d267993
+    MachineType: IA64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: cpuz.sys
+    PDBPath: ''
+    Product: CPUID service
+    ProductVersion: 6.1.7600.16385
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 756be87f8c768cb8bfd02af932dd7589
+        SHA1: 16c2ebba52ba9fb0ef5570c1d620daaaee63865a
+        SHA256: 48acdfbe5ad27d73c0fd9b115a49420f182d146bca52797ce33cc2a061ff0ced
+    SHA1: 43b61039f415d14189d578012b6cb1bd2303d304
+    SHA256: b8ffe83919afc08a430c017a98e6ace3d9cbd7258c16c09c4f3a4e06746fc80a
+    Sections:
+        .text:
+            Entropy: 5.384315290830981
+            Virtual Size: '0x40e0'
+        .rdata:
+            Entropy: 4.105446572852521
+            Virtual Size: '0x430'
+        .pdata:
+            Entropy: 3.4076201526884144
+            Virtual Size: '0xcc'
+        .sdata:
+            Entropy: 1.1203888318125959
+            Virtual Size: '0x2a0'
+        INIT:
+            Entropy: 5.0154033944534415
+            Virtual Size: '0x3e8'
+        .rsrc:
+            Entropy: 3.3890627415891226
+            Virtual Size: '0x350'
+        .reloc:
+            Entropy: 0.9037311282531211
+            Virtual Size: '0x184'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, CN=CPUID
+            ValidFrom: '2014-12-02 00:00:00'
+            ValidTo: '2018-03-02 23:59:59'
+            Signature: a59808b35f916a1201f0987b958aaaf50b81f3e507cf9d1b902bc22787244617e38069e4ca74bcf505dfdfeb6bad8bee2ecba26a428c2b26c9b9987241b50ccfd895a7335b35534c5569fdef2554d773cb3b20f10e08eeff2701d2a3e8ef7c5bb759baf1995d1580dce4f0c5da90eff4f07e01e7c9273b24c14c514f2ae1d1fe940dd53bfa25572cd6f3c007c7f21aebc58ea32ca3aea83c731419c9dcc191158cbb52b0b70545a16c9b42aadd4dcb167443d6c15fa03ae7f6f0f644845a69cb8badb3f143fd916a70c5008c3486d1f0cc8e0527f76da5aeaca4925f6eb6861dd54e1ce8b80e6b000446d77ac8bd0299e38db3b8e4a9c43294367cd6a55351d0
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 2d8021d84f098e7abde199f818e211a4
+            Version: 3
+            TBS:
+                MD5: 8f8c7ccf1ef7e1ee347f49e8266008ca
+                SHA1: b856b993df73da9d824aa1e5161788bd10d1e10e
+                SHA256: 1dd13a417806106c76cfbcd3614fe27a0638d2aaf2731f6a110c05043e34ad91
+                SHA384: d24ede407b82f80a6f0703b59af267f227a956c21f642f4c3d717d6999728ba2acfde76966340f4334f8ecdcf294616e
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 2d8021d84f098e7abde199f818e211a4
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: a2d936fa82b7340d28a697fb344046d8
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: e6b4766ff30ed89390459e22c49c0bd2
+        SHA1: a87a40f69b737d0d16814f21dd9837d3834d6bd3
+        SHA256: 31fcf4cbe7de8a5d563144e577324f9206bcc24ddf17473b436f1c693dff0ee7
+    Company: CPUID
+    Copyright: Copyright(C) 2013 CPUID
+    CreationTimestamp: '2013-10-22 06:52:21'
+    Date: ''
+    Description: CPUID Driver
+    ExportedFunctions: ''
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - RtlAnsiStringToUnicodeString
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeInitializeEvent
+    - RtlInitAnsiString
+    - MmUnmapIoSpace
+    - IoCancelIrp
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - ExFreePoolWithTag
+    - IofCompleteRequest
+    - KeWaitForSingleObject
+    - PsGetVersion
+    - IoCreateSymbolicLink
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - IofCallDriver
+    - KeBugCheckEx
+    - IoDeleteSymbolicLink
+    - IoBuildDeviceIoControlRequest
+    - MmMapIoSpace
+    - ExAllocatePoolWithTag
+    - RtlUnwindEx
+    - HalSetBusDataByOffset
+    - KeStallExecutionProcessor
+    - HalGetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: cpuz.sys
+    MD5: 82854a57630059d1ce2870159dc2f86b
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: cpuz.sys
+    PDBPath: ''
+    Product: CPUID service
+    ProductVersion: 6.1.7600.16385
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 685a19a8e9f46a76067db83da501dca0
+        SHA1: 5f76e4cf5157450837536db016e9981cb41394d2
+        SHA256: 1a0c69ff029488d41c7d9413943c28d389016adb26698d9baf02c6f32739d591
+    SHA1: 5bb2d46ba666c03c56c326f0bbc85cc48a87dfa3
+    SHA256: 0484defcf1b5afbe573472753dc2395e528608b688e5c7d1d178164e48e7bed7
+    Sections:
+        .text:
+            Entropy: 6.128820194208281
+            Virtual Size: '0x2ab6'
+        .rdata:
+            Entropy: 4.139845021755118
+            Virtual Size: '0x404'
+        .data:
+            Entropy: 0.378703493487675
+            Virtual Size: '0x2c0'
+        .pdata:
+            Entropy: 3.49998628423541
+            Virtual Size: '0xc0'
+        INIT:
+            Entropy: 5.076575853289
+            Virtual Size: '0x406'
+        .rsrc:
+            Entropy: 3.3935766621226473
+            Virtual Size: '0x350'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=CPUID
+            ValidFrom: '2012-01-06 00:00:00'
+            ValidTo: '2015-02-06 23:59:59'
+            Signature: be6fb3b3b33e9108a9a2273d1cf5eb3209a8c3a86ba7d66069393587f6b451b75b327ea15d36b1604aad5509c0ace37fa66e220b35764b9c201169677738c06802d2f798383c256c690898a663b0aeb519491057f9f24149c513abba2a4cab9934a684e5d83a34105fe6681f2b85d5ee06332d1c05c3627758442fd2fc94f5f68bb30f085cb1d31174e1461394aeef7b124291a099654d1103df3deab81e9658b5b5cc817061d688ae39e702f1d0dd420d6de931bed331960e089233b8576482e48d5b769fdfa8df02e1d098912444b324057826e1f72c26f045b2479a9b39eadfd6b2e1bd6db4057ef6b12ca385cad9a7ad82c4414e619f97dfd08a55f59053
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 53c8b54713882d4d5439511804935e
+            Version: 3
+            TBS:
+                MD5: 49e7946e133b4aaa31899adb235d3fa9
+                SHA1: f9f38ec49a6ccb990805be6dda0efa5f7fe8f7e7
+                SHA256: 1bb998a806b890e3300be35de0daa1b691fa218ef3d58ee5ec1b43fd34250a74
+                SHA384: 0a2ca21b084e3b431a7150c49819934d64a8b259d5686706d879a90cc37d32005eb2bbe07558b312b1169ab8a3e3de39
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 53c8b54713882d4d5439511804935e
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 82942c060f79cefd3bf1acdf5c207561
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: fd64adcb979eef2e4f8630ae45a73bfc
+        SHA1: 1a0d5c565de911facdfcf09b2850d595d016388c
+        SHA256: 55054ac1fab3b2fb370640035d50d00ae41775c45a16d0737a11cef1da48faff
+    Company: CPUID
+    Copyright: Copyright(C) 2010 CPUID
+    CreationTimestamp: '2012-08-11 01:46:42'
+    Date: ''
+    Description: CPUID Driver
+    ExportedFunctions: ''
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - PsGetVersion
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeTickCount
+    - KeBugCheckEx
+    - IofCompleteRequest
+    - MmMapIoSpace
+    - MmUnmapIoSpace
+    - ProbeForWrite
+    - IoDeleteDevice
+    - RtlInitUnicodeString
+    - IoDeleteSymbolicLink
+    - DbgPrint
+    - RtlUnwindEx
+    - RtlPcToFileHeader
+    - READ_PORT_USHORT
+    - WRITE_PORT_ULONG
+    - HalGetBusDataByOffset
+    - HalSetBusDataByOffset
+    - READ_PORT_UCHAR
+    - HalCallPal
+    - WRITE_PORT_UCHAR
+    - KeStallExecutionProcessor
+    - WRITE_PORT_USHORT
+    - READ_PORT_ULONG
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: cpuz.sys
+    MD5: 9cc757a18b86408efc1ce3ed20cbcdac
+    MachineType: IA64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: cpuz.sys
+    PDBPath: ''
+    Product: CPUID service
+    ProductVersion: 6.1.7600.16385
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 47b2a19a0bf08e5769f7bdfd98c8a71e
+        SHA1: f89341892b2acf5730167b723170d50c46e93826
+        SHA256: 8de6c8ffefb1157ad187eea8b407e3d1b36def67cc220c87bd809b2bd98758f3
+    SHA1: 377f7e7382908690189aede31fcdd532baa186b5
+    SHA256: 636b4c1882bcdd19b56370e2ed744e059149c64c96de64ac595f20509efa6220
+    Sections:
+        .text:
+            Entropy: 5.408041404846556
+            Virtual Size: '0x3a20'
+        .rdata:
+            Entropy: 4.139975413196964
+            Virtual Size: '0x3d8'
+        .pdata:
+            Entropy: 3.311727855519807
+            Virtual Size: '0xb4'
+        .sdata:
+            Entropy: 1.1785140654177764
+            Virtual Size: '0x2a0'
+        INIT:
+            Entropy: 5.04926101789341
+            Virtual Size: '0x3fc'
+        .rsrc:
+            Entropy: 3.3976217041631593
+            Virtual Size: '0x350'
+        .reloc:
+            Entropy: 0.9556392745193011
+            Virtual Size: '0x16e'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G3
+            ValidFrom: '2012-05-01 00:00:00'
+            ValidTo: '2012-12-31 23:59:59'
+            Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
+            Version: 3
+            TBS:
+                MD5: e6d820afb23af20a65cf0b03247ea05e
+                SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
+                SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
+                SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=CPUID
+            ValidFrom: '2012-01-06 00:00:00'
+            ValidTo: '2015-02-06 23:59:59'
+            Signature: be6fb3b3b33e9108a9a2273d1cf5eb3209a8c3a86ba7d66069393587f6b451b75b327ea15d36b1604aad5509c0ace37fa66e220b35764b9c201169677738c06802d2f798383c256c690898a663b0aeb519491057f9f24149c513abba2a4cab9934a684e5d83a34105fe6681f2b85d5ee06332d1c05c3627758442fd2fc94f5f68bb30f085cb1d31174e1461394aeef7b124291a099654d1103df3deab81e9658b5b5cc817061d688ae39e702f1d0dd420d6de931bed331960e089233b8576482e48d5b769fdfa8df02e1d098912444b324057826e1f72c26f045b2479a9b39eadfd6b2e1bd6db4057ef6b12ca385cad9a7ad82c4414e619f97dfd08a55f59053
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 53c8b54713882d4d5439511804935e
+            Version: 3
+            TBS:
+                MD5: 49e7946e133b4aaa31899adb235d3fa9
+                SHA1: f9f38ec49a6ccb990805be6dda0efa5f7fe8f7e7
+                SHA256: 1bb998a806b890e3300be35de0daa1b691fa218ef3d58ee5ec1b43fd34250a74
+                SHA384: 0a2ca21b084e3b431a7150c49819934d64a8b259d5686706d879a90cc37d32005eb2bbe07558b312b1169ab8a3e3de39
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 53c8b54713882d4d5439511804935e
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: d5e7fc56a905088dbc79b8e27b98faea
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 4152ac0d4c53e0e3b420847564e9177a
+        SHA1: d18710d885b25c834185e1929dbd7d63b1d1b621
+        SHA256: e3d9b90e2a1a6e997dd3e3ed6b05aa3230d8ca3c25477b847dbe163c0367cc7e
+    Company: CPUID
+    Copyright: Copyright(C) 2016 CPUID
+    CreationTimestamp: '2016-10-05 03:54:40'
+    Date: ''
+    Description: CPUID Driver
+    ExportedFunctions: ''
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - PsGetVersion
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeTickCount
+    - KeBugCheckEx
+    - IofCompleteRequest
+    - MmMapIoSpace
+    - MmUnmapIoSpace
+    - ProbeForWrite
+    - IoDeleteDevice
+    - RtlInitUnicodeString
+    - IoDeleteSymbolicLink
+    - RtlUnwindEx
+    - RtlPcToFileHeader
+    - READ_PORT_USHORT
+    - WRITE_PORT_ULONG
+    - HalGetBusDataByOffset
+    - HalSetBusDataByOffset
+    - READ_PORT_UCHAR
+    - HalCallPal
+    - WRITE_PORT_UCHAR
+    - KeStallExecutionProcessor
+    - WRITE_PORT_USHORT
+    - READ_PORT_ULONG
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: cpuz.sys
+    MD5: 279f3b94c2b9ab5911515bc3e0ecf175
+    MachineType: IA64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: cpuz.sys
+    PDBPath: ''
+    Product: CPUID service
+    ProductVersion: 6.1.7600.16385
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 756be87f8c768cb8bfd02af932dd7589
+        SHA1: 16c2ebba52ba9fb0ef5570c1d620daaaee63865a
+        SHA256: 48acdfbe5ad27d73c0fd9b115a49420f182d146bca52797ce33cc2a061ff0ced
+    SHA1: 49d58f7565bacf10539bc63f1d2fe342b3c3d85a
+    SHA256: 78d49094913526340d8d0ef952e8fe9ada9e8b20726b77fb88c9fb5d54510663
+    Sections:
+        .text:
+            Entropy: 5.3821533128637515
+            Virtual Size: '0x4080'
+        .rdata:
+            Entropy: 4.079787075524782
+            Virtual Size: '0x430'
+        .pdata:
+            Entropy: 3.3686529491569175
+            Virtual Size: '0xcc'
+        .sdata:
+            Entropy: 1.1203888318125959
+            Virtual Size: '0x420'
+        INIT:
+            Entropy: 5.0154033944534415
+            Virtual Size: '0x3e8'
+        .rsrc:
+            Entropy: 3.376659182007881
+            Virtual Size: '0x350'
+        .reloc:
+            Entropy: 0.9037311282531212
+            Virtual Size: '0x184'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, CN=CPUID
+            ValidFrom: '2014-12-02 00:00:00'
+            ValidTo: '2018-03-02 23:59:59'
+            Signature: a59808b35f916a1201f0987b958aaaf50b81f3e507cf9d1b902bc22787244617e38069e4ca74bcf505dfdfeb6bad8bee2ecba26a428c2b26c9b9987241b50ccfd895a7335b35534c5569fdef2554d773cb3b20f10e08eeff2701d2a3e8ef7c5bb759baf1995d1580dce4f0c5da90eff4f07e01e7c9273b24c14c514f2ae1d1fe940dd53bfa25572cd6f3c007c7f21aebc58ea32ca3aea83c731419c9dcc191158cbb52b0b70545a16c9b42aadd4dcb167443d6c15fa03ae7f6f0f644845a69cb8badb3f143fd916a70c5008c3486d1f0cc8e0527f76da5aeaca4925f6eb6861dd54e1ce8b80e6b000446d77ac8bd0299e38db3b8e4a9c43294367cd6a55351d0
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 2d8021d84f098e7abde199f818e211a4
+            Version: 3
+            TBS:
+                MD5: 8f8c7ccf1ef7e1ee347f49e8266008ca
+                SHA1: b856b993df73da9d824aa1e5161788bd10d1e10e
+                SHA256: 1dd13a417806106c76cfbcd3614fe27a0638d2aaf2731f6a110c05043e34ad91
+                SHA384: d24ede407b82f80a6f0703b59af267f227a956c21f642f4c3d717d6999728ba2acfde76966340f4334f8ecdcf294616e
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 2d8021d84f098e7abde199f818e211a4
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: a2d936fa82b7340d28a697fb344046d8
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 56af9cdaf915fbf939af77ea54140880
+        SHA1: 6d7835bc8f5e22c996a35c68f4806bfdbc04979f
+        SHA256: ab6c6a6a4d7ae58cbbc63283699aaf59cf6ecddf56eba0933178732f2664abcd
+    Company: CPUID
+    Copyright: Copyright(C) 2010 CPUID
+    CreationTimestamp: '2012-03-09 01:55:45'
+    Date: ''
+    Description: CPUID Driver
+    ExportedFunctions: ''
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - IofCompleteRequest
+    - ExFreePool
+    - ExAllocatePoolWithTag
+    - RtlFreeUnicodeString
+    - ObfDereferenceObject
+    - MmIsAddressValid
+    - IoGetDeviceObjectPointer
+    - MmUnmapIoSpace
+    - RtlInitAnsiString
+    - MmMapIoSpace
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - RtlUnwind
+    - KeTickCount
+    - KeBugCheckEx
+    - RtlInitUnicodeString
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - PsGetVersion
+    - KeInitializeEvent
+    - IoBuildDeviceIoControlRequest
+    - IofCallDriver
+    - KeWaitForSingleObject
+    - RtlAnsiStringToUnicodeString
+    - IoCancelIrp
+    - READ_PORT_USHORT
+    - READ_PORT_ULONG
+    - WRITE_PORT_UCHAR
+    - WRITE_PORT_USHORT
+    - WRITE_PORT_ULONG
+    - HalGetBusDataByOffset
+    - HalSetBusDataByOffset
+    - KeStallExecutionProcessor
+    - READ_PORT_UCHAR
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: cpuz.sys
+    MD5: 8b47c5580b130dd3f580af09323bc949
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: cpuz.sys
+    PDBPath: ''
+    Product: CPUID service
+    ProductVersion: 6.1.7600.16385
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 41f15d0f328a165973b49de608ef72a2
+        SHA1: abcd9850775bd0a1a855e785a238e0e69525810f
+        SHA256: 02dc44b04a6426fcaedf26995bfa471f123a90a9c747e82cebaf95f394890631
+    SHA1: 0d27a3166575ec5983ec58de2591552cfa90ef92
+    SHA256: b01ebea651ec7780d0fe88dd1b6c2500a36dacf85e3a4038c2ca1c5cb44c7b5d
+    Sections:
+        .text:
+            Entropy: 6.217408305730309
+            Virtual Size: '0x2750'
+        .rdata:
+            Entropy: 4.5582967792228475
+            Virtual Size: '0x2f0'
+        .data:
+            Entropy: 0.335842300318532
+            Virtual Size: '0x1e0'
+        INIT:
+            Entropy: 5.41983369153965
+            Virtual Size: '0x3f4'
+        .rsrc:
+            Entropy: 3.3927376128305218
+            Virtual Size: '0x350'
+        .reloc:
+            Entropy: 5.573643819691654
+            Virtual Size: '0x254'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=CPUID
+            ValidFrom: '2012-01-06 00:00:00'
+            ValidTo: '2015-02-06 23:59:59'
+            Signature: be6fb3b3b33e9108a9a2273d1cf5eb3209a8c3a86ba7d66069393587f6b451b75b327ea15d36b1604aad5509c0ace37fa66e220b35764b9c201169677738c06802d2f798383c256c690898a663b0aeb519491057f9f24149c513abba2a4cab9934a684e5d83a34105fe6681f2b85d5ee06332d1c05c3627758442fd2fc94f5f68bb30f085cb1d31174e1461394aeef7b124291a099654d1103df3deab81e9658b5b5cc817061d688ae39e702f1d0dd420d6de931bed331960e089233b8576482e48d5b769fdfa8df02e1d098912444b324057826e1f72c26f045b2479a9b39eadfd6b2e1bd6db4057ef6b12ca385cad9a7ad82c4414e619f97dfd08a55f59053
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 53c8b54713882d4d5439511804935e
+            Version: 3
+            TBS:
+                MD5: 49e7946e133b4aaa31899adb235d3fa9
+                SHA1: f9f38ec49a6ccb990805be6dda0efa5f7fe8f7e7
+                SHA256: 1bb998a806b890e3300be35de0daa1b691fa218ef3d58ee5ec1b43fd34250a74
+                SHA384: 0a2ca21b084e3b431a7150c49819934d64a8b259d5686706d879a90cc37d32005eb2bbe07558b312b1169ab8a3e3de39
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 53c8b54713882d4d5439511804935e
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 958dd67f866ae27cf716e30a025b266f
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: e06d3f875b4239e9ac66ba6d59fd1431
+        SHA1: 0e3d49d0718f03d34281b2de51542c0496d060be
+        SHA256: 19e80663f055a038621c6de731151e4e8d6f42fde359efaf2ddeb49c62e317c4
+    Company: Windows (R) Codename Longhorn DDK provider
+    Copyright: "\xA9 Microsoft Corporation. All rights reserved."
+    CreationTimestamp: '2008-10-07 13:44:27'
+    Date: ''
+    Description: CPUID Driver
+    ExportedFunctions: ''
+    FileVersion: '6.0.6000.16386 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - IoDeleteSymbolicLink
+    - IoCreateSymbolicLink
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - RtlAnsiStringToUnicodeString
+    - RtlFreeUnicodeString
+    - IoCreateDevice
+    - IofCallDriver
+    - IoGetDeviceObjectPointer
+    - IoBuildDeviceIoControlRequest
+    - IoDeleteDevice
+    - ProbeForWrite
+    - MmMapIoSpace
+    - KeInitializeEvent
+    - RtlInitAnsiString
+    - IofCompleteRequest
+    - KeWaitForSingleObject
+    - KeBugCheckEx
+    - MmUnmapIoSpace
+    - RtlInitUnicodeString
+    - PsGetVersion
+    - RtlUnwindEx
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: cpuz.sys
+    MD5: d011d5fecdc94754bf02014cb229d6bc
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: cpuz.sys
+    PDBPath: ''
+    Product: Windows (R) Codename Longhorn DDK driver
+    ProductVersion: 6.0.6000.16386
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 6633dd48aea31e9c4821fbc652e4701e
+        SHA1: 3fb6cdbdaa8959e6a79305a74981751e06506a6f
+        SHA256: 63b15db03090d5e7ba52906b2854fba693e17a5fac179397bd55f91e49d28859
+    SHA1: 7d34bb240cb5dec51ffcc7bf062c8d613819ac30
+    SHA256: 84c5f6ddd9c90de873236205b59921caabb57ac6f7a506abbe2ce188833bbe51
+    Sections:
+        .text:
+            Entropy: 6.085404381375008
+            Virtual Size: '0x1916'
+        .rdata:
+            Entropy: 4.313355264022911
+            Virtual Size: '0x340'
+        .data:
+            Entropy: 0.378703493487675
+            Virtual Size: '0x2c0'
+        .pdata:
+            Entropy: 3.460783502147893
+            Virtual Size: '0x78'
+        INIT:
+            Entropy: 4.945456847123696
+            Virtual Size: '0x388'
+        .rsrc:
+            Entropy: 3.3865251210369607
+            Virtual Size: '0x400'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=CPUID
+            ValidFrom: '2007-02-08 00:00:00'
+            ValidTo: '2009-02-07 23:59:59'
+            Signature: 6ca08361ce69863ade5289039d2e6eaf79729d950a57fc32158e56bc0bfc05ca3b76263b8e8a5e2279522eceed35495c697a2f1b1631e1a4f997c8b2e14cd08a3b4aaeca9f150126f5933e6a29fde1e3ef607f452219582ac034c3f95023fd6c5474008ecea3aab5ba096ae73a3dd76b296d3c8b06a72ca763698e49474d624c22ad57a3d11342be8a6d2a49e4af5893003fcf02900a0fbf4854858cc0468d23b9917cfe59ac8b7058de49ab25bbca0bc67f1f367309deed4827295173fad53932d12ad79b8c70175e640f7917fd60940be86d1af397dd5eb0ecb9e92f9e3dc03f2cbf51e9776b31a8cba38fabd8b27e561f66a5ddad46546d6bc984a6a8d8bc
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 10e29d74903d9c7cd58caa35a0944770
+            Version: 3
+            TBS:
+                MD5: 5e3b5587eb8c553dc279bb241c30689d
+                SHA1: 5b5631ff0033ed753a5c630a4d8d48772050db32
+                SHA256: 9b30d9d9f9fd9c0480c0503dd4ac86649d2cc180d1401ade6dd8048356d7f634
+                SHA384: 1886034ac8dc819ed45b8b48b0225cdb142d53d61bda992ee7e4923276c3c36dffbb0f8d929e1ad20c3437709df2399a
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 10e29d74903d9c7cd58caa35a0944770
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    Imphash: cb8db41ab8c06472574e58b9466f4070
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/0f6c3a28-4d04-474b-a098-37383f984686.yaml b/yaml/0f6c3a28-4d04-474b-a098-37383f984686.yaml
index de4f3e502..8a5f4533a 100644
--- a/yaml/0f6c3a28-4d04-474b-a098-37383f984686.yaml
+++ b/yaml/0f6c3a28-4d04-474b-a098-37383f984686.yaml
@@ -1,37 +1,37 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 0f6c3a28-4d04-474b-a098-37383f984686
+Tags:
+- WinIO32.sys
+Verified: 'FALSE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create WinIO32.sys binPath=C:\windows\temp\WinIO32.sys type=kernel
-    && sc.exe start WinIO32.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection: []
-Id: 0f6c3a28-4d04-474b-a098-37383f984686
-KnownVulnerableSamples:
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: WinIO32.sys
-  MD5: ''
-  MachineType: ''
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: 8fb149fc476cf5bf18dc575334edad7caf210996
-  SHA256: ''
-  Signature: []
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create WinIO32.sys binPath=C:\windows\temp\WinIO32.sys type=kernel
+        && sc.exe start WinIO32.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules
-Tags:
-- WinIO32.sys
-Verified: 'FALSE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: WinIO32.sys
+    MD5: ''
+    MachineType: ''
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: 8fb149fc476cf5bf18dc575334edad7caf210996
+    SHA256: ''
+    Signature: []
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/0f749d4e-145e-4b8e-bea6-47003d228043.yaml b/yaml/0f749d4e-145e-4b8e-bea6-47003d228043.yaml
index 0a4322a23..7af31cce5 100644
--- a/yaml/0f749d4e-145e-4b8e-bea6-47003d228043.yaml
+++ b/yaml/0f749d4e-145e-4b8e-bea6-47003d228043.yaml
@@ -1,322 +1,323 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 0f749d4e-145e-4b8e-bea6-47003d228043
+Tags:
+- ecsiodriverx64.sys
+Verified: 'TRUE'
 Author: Takahiro Haruyama
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create ecsiodriverx64sys binPath= C:\windows\temp\ecsiodriverx64sys.sys
-    type=kernel && sc.exe start ecsiodriverx64sys
-  Description: The Carbon Black Threat Analysis Unit (TAU) discovered 34 unique vulnerable
-    drivers (237 file hashes) accepting firmware access. Six allow kernel memory access.
-    All give full control of the devices to non-admin users. By exploiting the vulnerable
-    drivers, an attacker without the system privilege may erase/alter firmware, and/or
-    elevate privileges. As of the time of writing in October 2023, the filenames of
-    the vulnerable drivers have not been made public until now.
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-11-02'
-Detection: []
-Id: 0f749d4e-145e-4b8e-bea6-47003d228043
-KnownVulnerableSamples:
-- Company: Elitegroup Computer Systems
-  Date: ''
-  Description: ECSIoDriver
-  FileVersion: 1.1.0.0
-  Filename: ''
-  MD5: 3a1ba5cd653a9ddce30c58e7c8ae28ae
-  MachineType: AMD64
-  OriginalFilename: ECSIoDriver.sys
-  Product: ECSIoDriver
-  ProductVersion: 1.1.0.0
-  Publisher: ''
-  SHA1: 04967bfd248d30183992c6c9fd2d9e07ae8d68ad
-  SHA256: 270547552060c6f4f5b2ebd57a636d5e71d5f8a9d4305c2b0fe5db0aa2f389cc
-  Signature: ''
-  Imphash: d6f977640d4810a784d152e4d3c63a6b
-  Authentihash:
-    MD5: ce904544497eb65515a416258b2bfd91
-    SHA1: 6cfa176d71505d8651f82b367f96cb5c497648a5
-    SHA256: 9452b5577681c74d568825c4e95c5c9a5e0f682782c8dd932a7d4d732e958802
-  RichPEHeaderHash:
-    MD5: 41ddd08b440611823bc5d8cb732c563d
-    SHA1: 8acdfc9ac988c6250e2a031640f6e169b5fddb73
-    SHA256: 189683b4db2e68d2f0b3f91f1141907b3887f23991867a68a22389d40ad3634e
-  Sections:
-    .text:
-      Entropy: 5.980950644331242
-      Virtual Size: '0x7d0'
-    .rdata:
-      Entropy: 3.965487432059954
-      Virtual Size: '0x184'
-    .data:
-      Entropy: 0.5096713223407059
-      Virtual Size: '0x114'
-    .pdata:
-      Entropy: 3.2905380059573024
-      Virtual Size: '0x78'
-    INIT:
-      Entropy: 5.046663153942613
-      Virtual Size: '0x242'
-    .rsrc:
-      Entropy: 3.3031199977766366
-      Virtual Size: '0x420'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2009-09-27 23:58:05'
-  InternalName: ECSIoDriver.sys
-  Copyright: Copyright (C) 2009-2010 Elitegroup Computer Systems. All rights reserved.
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - IoDeleteDevice
-  - IoCreateDevice
-  - KeBugCheckEx
-  - RtlInitUnicodeString
-  - IoCreateSymbolicLink
-  - IoDeleteSymbolicLink
-  - __C_specific_handler
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
-        Primary Object Publishing CA
-      ValidFrom: '1999-01-28 13:00:00'
-      ValidTo: '2017-01-27 12:00:00'
-      Signature: 4016df43e479ce76f248f698483061e2f1b452708ed8c612214d4f28831a648e03f731840f1f01d4a418fc008b2c6f1bb837fa4b97c05727b83109267832eef4e45912bd45a159e23511c0d6fc1e987ad982f990f36e07eeb0939acb31ed2c17bc921afa92cd821e2f0f31d328c03ce81c2926ab5a8d9fa1f0303289b68e516f8b5b90ad21f3f4209c909bb0ac2b37161e1db859bb49a63b75ae99d9b64b870194df91e1720e75079fcb05b59e7226fc2e21f5f62377eb6614d3ca3deae6f20b40ae553d02718821eb6a04b0945e9d9274ef292ebd4a4d85a4233ce31066901d3b63d23c481030e9e35cb67729ff3406f27da103406617df628d2b34a7426725
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000011e44a5e24e
-      Version: 3
-      TBS:
-        MD5: 1523b60530a241a9dc96e8890e42a0fa
-        SHA1: 879269f3f467a6d59641960a62fe9cb419355ff6
-        SHA256: 6811f3e33268aef810dc3277f8f9356adcbc3c36446a0420593b82f3cd526022
-        SHA384: 92f5e55d6eb6d965c1b698e56cbb8087d80eda1a24eb6ed178abeddafe2fcf524e9f8311ca232be7f5b4555b89b97c6b
-    - Subject: C=TW, O=ELITEGROUP COMPUTER SYSTEMS CO, CN=ELITEGROUP COMPUTER SYSTEMS
-        CO
-      ValidFrom: '2009-07-14 08:54:12'
-      ValidTo: '2010-07-14 08:54:12'
-      Signature: 3f77c78bd998d9b9075abfd71ac7e89d5f156e534c3599ea78c098f7d146a98618c037da6f8d6665a83ea8c09b0a4bc12c6aed15ea26ca105670c975f912791142ebfa5c0a7786769cf5c38569f99f87044f85295674c9f3991a443feab793a2d850179a58e27f4534e15bcf2ebad0d372a1876b1dfd874d6cdb69255123ed809364b22f2d9e20189ceae0c723f4a09971732fe9ac1b1994e3785cc44666fbd5691964e8195680955b3686d559a715ac8a1c368a6c4997c0c13ab2b2066a2e8f181582f2d5139e943effe64aa1e421f671f8daf6d4b92f3221d71b673633bc6251c4dfdacda1507cf076503ee4cbef284634bb337925da179b28994572fa224e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0100000000012278a99c57
-      Version: 3
-      TBS:
-        MD5: dc6b27710246f93aebf764fb1e0ea084
-        SHA1: 823b77e47e9781dc489bf2064a1f675a9add38eb
-        SHA256: a2d6ad307418f28f971a5f0fccc7f19bffdd7bbae03058be5428b9b9c5a415ea
-        SHA384: 16c75e5a347d8e6d34f302fe0982fe46cb058e7ab2655aea58ea7c4857954568c180da1cb379b8bf4b6165f6462327b9
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      ValidFrom: '2004-01-22 10:00:00'
-      ValidTo: '2017-01-27 11:00:00'
-      Signature: 762e2fe996fef4c3678bf1b07e321701ddb41c0f9e42d179569684be68afa554dbc7a9b55981d41cded9606baec05214fbab2b8e75f853ad91308efc04e4c58803d13f1861eab3d2b1d899f0754509ce7874d4d79e70bd120be405b64d3cf6af38c2881858a7958e7d1671e9b40df726a98f55de60ebc48d046b7b068feefea9c9c80a64240169df2f182058aa3e854c64e3e3832f860d4cf076a982c464981ec3cf5c7c863ec2ee5e9268b1483c857959e93bb4de5123d26648d1f7db967b82fac971e4caa7baca47c34b9183d3cab18f39bb38cccdc14caa9a6353051e1dd75377054d8f8ff7679b5ecebfdc4905ff7ef55180a01638d8b680a0514facf698
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000011e44a5ecbe
-      Version: 3
-      TBS:
-        MD5: 16fb30314f4f5ff4dac603580f605778
-        SHA1: 55c862df1f775f6a4c8e4f963115962a5cffc4ee
-        SHA256: aec84e1206957180ccf4e598fa10864ef4ee18ff9fc126b9a54af79c618f0492
-        SHA384: a2b0c7b9ffe6e8244a4662099132406aea0a47889ecde7b336c4f09296da2ffbb3718597a0fb570bd1e97e88a24f8fbb
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 0100000000012278a99c57
-      Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: ''
-  MD5: f34489c0f0d0a16b4db8a17281b57eba
-  MachineType: AMD64
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: 3a1f19b7a269723e244756dac1fc27c793276fe7
-  SHA256: 7de1ce434f957df7bbdf6578dd0bf06ed1269f3cc182802d5c499f5570a85b3a
-  Signature: ''
-  Imphash: a095f31019d7a32d0a0507879a1822b1
-  Authentihash:
-    MD5: d9272a5a4b5add2159866e4af9e893d5
-    SHA1: 87f47eb2066556a20a15f6c777c35daa2bc30f55
-    SHA256: 5cbe195ef5e86f705c8290602ae688e1835e7385ed68ae264c4795e425c1645f
-  RichPEHeaderHash:
-    MD5: c8dd3d2c77a34ae9af148b64e37b3de5
-    SHA1: 408fac64b925306c4d950f23cce782a8cbc07e90
-    SHA256: 547856cb3d972c9056b76f4f4829a79dc44e7cf2cd73e9fad28ec842e8682027
-  Sections:
-    .text:
-      Entropy: 6.140294030979783
-      Virtual Size: '0x7a0'
-    .rdata:
-      Entropy: 3.384644886986205
-      Virtual Size: '0x28c'
-    .data:
-      Entropy: 3.446439344671015
-      Virtual Size: '0x14'
-    .pdata:
-      Entropy: 3.2615212356163688
-      Virtual Size: '0x90'
-    INIT:
-      Entropy: 5.1941927291102195
-      Virtual Size: '0x23a'
-    .reloc:
-      Entropy: 1.9669171866886992
-      Virtual Size: '0x10'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2014-05-28 00:59:16'
-  InternalName: ''
-  Copyright: ''
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - MmUnmapIoSpace
-  - IoDeleteSymbolicLink
-  - __C_specific_handler
-  - MmMapIoSpace
-  - IoDeleteDevice
-  - RtlInitUnicodeString
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=TW, ST=Taiwan, L=Taipei, O=Elitegroup Computer Systems Co., Ltd.,
-        OU=Elitegroup Computer Systems Co., Ltd., CN=Elitegroup Computer Systems Co.,
-        Ltd.
-      ValidFrom: '2013-08-13 02:55:45'
-      ValidTo: '2016-08-13 02:55:45'
-      Signature: 092cf78892309981cd856a776368384adc8ccf07f1929358b49f383767a27bb5e5fca89409ff04cc6e754bc3d6c244f8ee66c0c36131f2dab9ca91832d5f0a526a61ce15cf5ef93583cc62b91023d804606861b6c18a96c3563b997686e547c908734b5a9b4a97e78c366a9418972d93c5a4bb71929cd8a516339c6298cb6ff93dea0134e9abccfd8a52f6d1a2e25cb070988f6efe7b8c91240e5bbfaec6af0d39f89ae9eff1a5bc3305b97c2d173c605db140a76ab79d0e0ff84c51dd5fa085dd837c53dbd3167b50d73743e19fc58df098a059318cbf9eb5285beeb20da9f53a1dc00ca0024dfd582d8ebf336c37f39a975f362c1073c63d23926e56df3270
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112132bbb2b7159fbe5d9e21ae2f0574ba48
-      Version: 3
-      TBS:
-        MD5: 10618d7cf87424813997516d822aaf4c
-        SHA1: 9cfa7cc819d9026fa4ee99d84ac64e1272e700f9
-        SHA256: c885117682477b3171786b826d2c84913e1467e0c955e9d6f53a13c7548a275e
-        SHA384: cbb34bbc38c531f3e4d3ed561b660dee8a9bcdce442f8e8a1ede761575f019366693eefb0f03815449e1693a16dc044e
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112132bbb2b7159fbe5d9e21ae2f0574ba48
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create ecsiodriverx64sys binPath= C:\windows\temp\ecsiodriverx64sys.sys
+        type=kernel && sc.exe start ecsiodriverx64sys
+    Description: The Carbon Black Threat Analysis Unit (TAU) discovered 34 unique
+        vulnerable drivers (237 file hashes) accepting firmware access. Six allow
+        kernel memory access. All give full control of the devices to non-admin users.
+        By exploiting the vulnerable drivers, an attacker without the system privilege
+        may erase/alter firmware, and/or elevate privileges. As of the time of writing
+        in October 2023, the filenames of the vulnerable drivers have not been made
+        public until now.
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://blogs.vmware.com/security/2023/10/hunting-vulnerable-kernel-drivers.html
-Tags:
-- ecsiodriverx64.sys
-Verified: 'TRUE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Company: Elitegroup Computer Systems
+    Date: ''
+    Description: ECSIoDriver
+    FileVersion: 1.1.0.0
+    Filename: ''
+    MD5: 3a1ba5cd653a9ddce30c58e7c8ae28ae
+    MachineType: AMD64
+    OriginalFilename: ECSIoDriver.sys
+    Product: ECSIoDriver
+    ProductVersion: 1.1.0.0
+    Publisher: ''
+    SHA1: 04967bfd248d30183992c6c9fd2d9e07ae8d68ad
+    SHA256: 270547552060c6f4f5b2ebd57a636d5e71d5f8a9d4305c2b0fe5db0aa2f389cc
+    Signature: ''
+    Imphash: d6f977640d4810a784d152e4d3c63a6b
+    Authentihash:
+        MD5: ce904544497eb65515a416258b2bfd91
+        SHA1: 6cfa176d71505d8651f82b367f96cb5c497648a5
+        SHA256: 9452b5577681c74d568825c4e95c5c9a5e0f682782c8dd932a7d4d732e958802
+    RichPEHeaderHash:
+        MD5: 41ddd08b440611823bc5d8cb732c563d
+        SHA1: 8acdfc9ac988c6250e2a031640f6e169b5fddb73
+        SHA256: 189683b4db2e68d2f0b3f91f1141907b3887f23991867a68a22389d40ad3634e
+    Sections:
+        .text:
+            Entropy: 5.980950644331242
+            Virtual Size: '0x7d0'
+        .rdata:
+            Entropy: 3.965487432059954
+            Virtual Size: '0x184'
+        .data:
+            Entropy: 0.5096713223407059
+            Virtual Size: '0x114'
+        .pdata:
+            Entropy: 3.2905380059573024
+            Virtual Size: '0x78'
+        INIT:
+            Entropy: 5.046663153942613
+            Virtual Size: '0x242'
+        .rsrc:
+            Entropy: 3.3031199977766366
+            Virtual Size: '0x420'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2009-09-27 23:58:05'
+    InternalName: ECSIoDriver.sys
+    Copyright: Copyright (C) 2009-2010 Elitegroup Computer Systems. All rights reserved.
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - IoDeleteDevice
+    - IoCreateDevice
+    - KeBugCheckEx
+    - RtlInitUnicodeString
+    - IoCreateSymbolicLink
+    - IoDeleteSymbolicLink
+    - __C_specific_handler
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
+                Primary Object Publishing CA
+            ValidFrom: '1999-01-28 13:00:00'
+            ValidTo: '2017-01-27 12:00:00'
+            Signature: 4016df43e479ce76f248f698483061e2f1b452708ed8c612214d4f28831a648e03f731840f1f01d4a418fc008b2c6f1bb837fa4b97c05727b83109267832eef4e45912bd45a159e23511c0d6fc1e987ad982f990f36e07eeb0939acb31ed2c17bc921afa92cd821e2f0f31d328c03ce81c2926ab5a8d9fa1f0303289b68e516f8b5b90ad21f3f4209c909bb0ac2b37161e1db859bb49a63b75ae99d9b64b870194df91e1720e75079fcb05b59e7226fc2e21f5f62377eb6614d3ca3deae6f20b40ae553d02718821eb6a04b0945e9d9274ef292ebd4a4d85a4233ce31066901d3b63d23c481030e9e35cb67729ff3406f27da103406617df628d2b34a7426725
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000011e44a5e24e
+            Version: 3
+            TBS:
+                MD5: 1523b60530a241a9dc96e8890e42a0fa
+                SHA1: 879269f3f467a6d59641960a62fe9cb419355ff6
+                SHA256: 6811f3e33268aef810dc3277f8f9356adcbc3c36446a0420593b82f3cd526022
+                SHA384: 92f5e55d6eb6d965c1b698e56cbb8087d80eda1a24eb6ed178abeddafe2fcf524e9f8311ca232be7f5b4555b89b97c6b
+        -   Subject: C=TW, O=ELITEGROUP COMPUTER SYSTEMS CO, CN=ELITEGROUP COMPUTER
+                SYSTEMS CO
+            ValidFrom: '2009-07-14 08:54:12'
+            ValidTo: '2010-07-14 08:54:12'
+            Signature: 3f77c78bd998d9b9075abfd71ac7e89d5f156e534c3599ea78c098f7d146a98618c037da6f8d6665a83ea8c09b0a4bc12c6aed15ea26ca105670c975f912791142ebfa5c0a7786769cf5c38569f99f87044f85295674c9f3991a443feab793a2d850179a58e27f4534e15bcf2ebad0d372a1876b1dfd874d6cdb69255123ed809364b22f2d9e20189ceae0c723f4a09971732fe9ac1b1994e3785cc44666fbd5691964e8195680955b3686d559a715ac8a1c368a6c4997c0c13ab2b2066a2e8f181582f2d5139e943effe64aa1e421f671f8daf6d4b92f3221d71b673633bc6251c4dfdacda1507cf076503ee4cbef284634bb337925da179b28994572fa224e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0100000000012278a99c57
+            Version: 3
+            TBS:
+                MD5: dc6b27710246f93aebf764fb1e0ea084
+                SHA1: 823b77e47e9781dc489bf2064a1f675a9add38eb
+                SHA256: a2d6ad307418f28f971a5f0fccc7f19bffdd7bbae03058be5428b9b9c5a415ea
+                SHA384: 16c75e5a347d8e6d34f302fe0982fe46cb058e7ab2655aea58ea7c4857954568c180da1cb379b8bf4b6165f6462327b9
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            ValidFrom: '2004-01-22 10:00:00'
+            ValidTo: '2017-01-27 11:00:00'
+            Signature: 762e2fe996fef4c3678bf1b07e321701ddb41c0f9e42d179569684be68afa554dbc7a9b55981d41cded9606baec05214fbab2b8e75f853ad91308efc04e4c58803d13f1861eab3d2b1d899f0754509ce7874d4d79e70bd120be405b64d3cf6af38c2881858a7958e7d1671e9b40df726a98f55de60ebc48d046b7b068feefea9c9c80a64240169df2f182058aa3e854c64e3e3832f860d4cf076a982c464981ec3cf5c7c863ec2ee5e9268b1483c857959e93bb4de5123d26648d1f7db967b82fac971e4caa7baca47c34b9183d3cab18f39bb38cccdc14caa9a6353051e1dd75377054d8f8ff7679b5ecebfdc4905ff7ef55180a01638d8b680a0514facf698
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000011e44a5ecbe
+            Version: 3
+            TBS:
+                MD5: 16fb30314f4f5ff4dac603580f605778
+                SHA1: 55c862df1f775f6a4c8e4f963115962a5cffc4ee
+                SHA256: aec84e1206957180ccf4e598fa10864ef4ee18ff9fc126b9a54af79c618f0492
+                SHA384: a2b0c7b9ffe6e8244a4662099132406aea0a47889ecde7b336c4f09296da2ffbb3718597a0fb570bd1e97e88a24f8fbb
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 0100000000012278a99c57
+            Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: ''
+    MD5: f34489c0f0d0a16b4db8a17281b57eba
+    MachineType: AMD64
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: 3a1f19b7a269723e244756dac1fc27c793276fe7
+    SHA256: 7de1ce434f957df7bbdf6578dd0bf06ed1269f3cc182802d5c499f5570a85b3a
+    Signature: ''
+    Imphash: a095f31019d7a32d0a0507879a1822b1
+    Authentihash:
+        MD5: d9272a5a4b5add2159866e4af9e893d5
+        SHA1: 87f47eb2066556a20a15f6c777c35daa2bc30f55
+        SHA256: 5cbe195ef5e86f705c8290602ae688e1835e7385ed68ae264c4795e425c1645f
+    RichPEHeaderHash:
+        MD5: c8dd3d2c77a34ae9af148b64e37b3de5
+        SHA1: 408fac64b925306c4d950f23cce782a8cbc07e90
+        SHA256: 547856cb3d972c9056b76f4f4829a79dc44e7cf2cd73e9fad28ec842e8682027
+    Sections:
+        .text:
+            Entropy: 6.140294030979783
+            Virtual Size: '0x7a0'
+        .rdata:
+            Entropy: 3.384644886986205
+            Virtual Size: '0x28c'
+        .data:
+            Entropy: 3.446439344671015
+            Virtual Size: '0x14'
+        .pdata:
+            Entropy: 3.2615212356163688
+            Virtual Size: '0x90'
+        INIT:
+            Entropy: 5.1941927291102195
+            Virtual Size: '0x23a'
+        .reloc:
+            Entropy: 1.9669171866886992
+            Virtual Size: '0x10'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2014-05-28 00:59:16'
+    InternalName: ''
+    Copyright: ''
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - MmUnmapIoSpace
+    - IoDeleteSymbolicLink
+    - __C_specific_handler
+    - MmMapIoSpace
+    - IoDeleteDevice
+    - RtlInitUnicodeString
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=TW, ST=Taiwan, L=Taipei, O=Elitegroup Computer Systems Co.,
+                Ltd., OU=Elitegroup Computer Systems Co., Ltd., CN=Elitegroup Computer
+                Systems Co., Ltd.
+            ValidFrom: '2013-08-13 02:55:45'
+            ValidTo: '2016-08-13 02:55:45'
+            Signature: 092cf78892309981cd856a776368384adc8ccf07f1929358b49f383767a27bb5e5fca89409ff04cc6e754bc3d6c244f8ee66c0c36131f2dab9ca91832d5f0a526a61ce15cf5ef93583cc62b91023d804606861b6c18a96c3563b997686e547c908734b5a9b4a97e78c366a9418972d93c5a4bb71929cd8a516339c6298cb6ff93dea0134e9abccfd8a52f6d1a2e25cb070988f6efe7b8c91240e5bbfaec6af0d39f89ae9eff1a5bc3305b97c2d173c605db140a76ab79d0e0ff84c51dd5fa085dd837c53dbd3167b50d73743e19fc58df098a059318cbf9eb5285beeb20da9f53a1dc00ca0024dfd582d8ebf336c37f39a975f362c1073c63d23926e56df3270
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112132bbb2b7159fbe5d9e21ae2f0574ba48
+            Version: 3
+            TBS:
+                MD5: 10618d7cf87424813997516d822aaf4c
+                SHA1: 9cfa7cc819d9026fa4ee99d84ac64e1272e700f9
+                SHA256: c885117682477b3171786b826d2c84913e1467e0c955e9d6f53a13c7548a275e
+                SHA384: cbb34bbc38c531f3e4d3ed561b660dee8a9bcdce442f8e8a1ede761575f019366693eefb0f03815449e1693a16dc044e
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112132bbb2b7159fbe5d9e21ae2f0574ba48
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/0f8e317e-ad2b-4b02-9f96-603bb8d28604.yaml b/yaml/0f8e317e-ad2b-4b02-9f96-603bb8d28604.yaml
index 22ac8eaff..b0ece3187 100644
--- a/yaml/0f8e317e-ad2b-4b02-9f96-603bb8d28604.yaml
+++ b/yaml/0f8e317e-ad2b-4b02-9f96-603bb8d28604.yaml
@@ -1,245 +1,247 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 0f8e317e-ad2b-4b02-9f96-603bb8d28604
+Tags:
+- NICM.sys
+Verified: 'TRUE'
 Author: Michael Haag
+Created: '2023-07-22'
+MitreID: T1068
 CVE:
 - ''
 Category: vulnerable drivers
 Commands:
-  Command: ''
-  Description: Confirmed vulnerable driver from Microsoft Block List
-  OperatingSystem: Windows
-  Privileges: kernel
-  Usecase: Elevate privileges
-Created: '2023-07-22'
-Detection:
-- type: ''
-  value: ''
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: 0f8e317e-ad2b-4b02-9f96-603bb8d28604
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 290440da10e3caf10caea93952046a3f
-    SHA1: b7e2d4ed97b7e3ca43a7f1605efd561540b283bd
-    SHA256: 407ca87833bd0931eec8005bb125e56d5765058c9b6422620aa95d8b2044239a
-  Company: Novell, Inc.
-  Copyright: (C) Copyright 2000-2008, Novell, Inc. All Rights Reserved.
-  CreationTimestamp: '2008-08-18 10:16:41'
-  Date: ''
-  Description: Novell Client Portability Layer
-  ExportedFunctions:
-  - DllGetClassObject
-  - XTCOM_Table
-  FileVersion: 3.1.6.0
-  Filename: ''
-  ImportedFunctions:
-  - KeWaitForSingleObject
-  - ZwEnumerateKey
-  - ZwOpenKey
-  - ExAllocatePoolWithTag
-  - ZwCreateKey
-  - ExFreePoolWithTag
-  - ExReleaseFastMutex
-  - ExAcquireFastMutex
-  - RtlInitUnicodeString
-  - ZwSetValueKey
-  - ZwQueryValueKey
-  - ZwEnumerateValueKey
-  - ZwClose
-  - RtlAppendUnicodeStringToString
-  - RtlCopyUnicodeString
-  - ZwDeleteKey
-  - DbgBreakPoint
-  - DbgPrintEx
-  - DbgPrint
-  - RtlUpcaseUnicodeString
-  - RtlAnsiStringToUnicodeString
-  - RtlUnicodeStringToAnsiString
-  - RtlUnicodeStringToOemString
-  - RtlFreeUnicodeString
-  - RtlOemStringToUnicodeString
-  - RtlFreeAnsiString
-  - KeReleaseSpinLock
-  - KeAcquireSpinLockRaiseToDpc
-  - RtlIntegerToUnicodeString
-  - RtlAppendUnicodeToString
-  - RtlInitString
-  - RtlEqualUnicodeString
-  - RtlCompareString
-  - KeReleaseMutex
-  - RtlCompareUnicodeString
-  - RtlEqualString
-  - RtlUnicodeStringToInteger
-  - ExDeleteResourceLite
-  - ExInitializeResourceLite
-  - KeWaitForMultipleObjects
-  - ExAcquireResourceExclusiveLite
-  - KeResetEvent
-  - KeInitializeMutex
-  - KeLeaveCriticalRegion
-  - KeSetEvent
-  - ExIsResourceAcquiredSharedLite
-  - ExIsResourceAcquiredExclusiveLite
-  - KeEnterCriticalRegion
-  - ExAcquireResourceSharedLite
-  - ExReleaseResourceLite
-  - KeSetPriorityThread
-  - IoDeleteDevice
-  - IoCreateDevice
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - RtlCompareMemory
-  - IoUninitializeWorkItem
-  - IoFreeWorkItem
-  - KeInitializeDpc
-  - KeInitializeTimer
-  - KeDelayExecutionThread
-  - IoAllocateWorkItem
-  - KeSetTimer
-  - IoInitializeWorkItem
-  - IoQueueWorkItem
-  - KeCancelTimer
-  - KeBugCheckEx
-  - RtlCopyString
-  - KeInitializeEvent
-  - NicmCreateInstance
-  Imports:
-  - ntoskrnl.exe
-  - nicm.sys
-  InternalName: ''
-  MD5: c0e2a64ba0d23ab95258372457060143
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: NICM.SYS
-  PDBPath: ''
-  Product: Novell XTier
-  ProductVersion: 3.1.6
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 7ccba2f5532d28974864bb49f2f7ecde
-    SHA1: d70b833fc592a8822e52af45961fb0eb6675311c
-    SHA256: 2c7265667f82af5943f1c9d0a07c904f2bc44c93380430659daaabd4527fa943
-  SHA1: bf87ecd70eec427b2090a34781c49bbf5c7b3500
-  SHA256: dd4fedd5662122cbfe046a12e2137294ef1cb7822238d9e24eacc78f22f8e93d
-  Sections:
-    .text:
-      Entropy: 6.2707978239378175
-      Virtual Size: '0x7b1f'
-    .rdata:
-      Entropy: 4.709078409109689
-      Virtual Size: '0x7c8'
-    .data:
-      Entropy: 2.3540808182213286
-      Virtual Size: '0x8c8'
-    .pdata:
-      Entropy: 4.31228440148608
-      Virtual Size: '0x5ac'
-    .edata:
-      Entropy: 4.031879483268685
-      Virtual Size: '0x63'
-    INIT:
-      Entropy: 5.176988201091535
-      Virtual Size: '0x96e'
-    .rsrc:
-      Entropy: 3.285837261243419
-      Virtual Size: '0x358'
-    .reloc:
-      Entropy: 3.6567400216610486
-      Virtual Size: '0x160'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, OU=Novell Products Group, CN=Novell, Inc.
-      ValidFrom: '2007-04-04 00:00:00'
-      ValidTo: '2010-04-27 23:59:59'
-      Signature: 267f71f6ee43755fd6395f85c34bb15a72a6f2a959c2074627d294395fb1aaa4c7bbeff369d735628b233bde7e5c95a0f1837e5ad03704270834ce9c1b07649a256027930f44e064568666b06e7f9dc3cd299b38b0a6766301200ab58434a05a34a369ab99bbbf2aaa6b3603481e0393a80ea09e78a7cf55317a9590c49887f02e1fd948c3b1f6d203e91782ce423d0569f45e7f074205df5f92be6ccd9836641439af4390022242e0ca84aedb0d71c5a50f2dbd1ed30e5ac9c1bda67c694f94f2fe4aa83945ed32e426afe26f44dcb6dcc8186728f86f1a1bddc1ea7dd82b76578a42d1e63bf5f8f348fbcd509094858978e375d277394529df1dd5d78abab2
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 4808d93b14b8600dbfa18dab5d15310f
-      Version: 3
-      TBS:
-        MD5: adddb65a3a360b3c1a55cb33e426f32a
-        SHA1: 93d9b282265288a94ee4f1a01c5fb3a08badb7ac
-        SHA256: d98d63f26125a94eb767fdd2526f6c74bfb40cb4d117a1d87ca3ed0d99bd6f0b
-        SHA384: cf20d9d6343b52b05ebaeace8a75ad950089e2d55508571cf5b153583fdf2d7b11bc61b8f38bfa70f09b2e7ac63d9ef5
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 4808d93b14b8600dbfa18dab5d15310f
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  Imphash: f2dc136141066311fddef65f7f417c44
-  LoadsDespiteHVCI: 'FALSE'
-MitreID: T1068
+    Command: ''
+    Description: Confirmed vulnerable driver from Microsoft Block List
+    OperatingSystem: Windows
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://gist.github.com/mgraeber-rc/1bde6a2a83237f17b463d051d32e802c
-Tags:
-- NICM.sys
-Verified: 'TRUE'
+Detection:
+-   type: ''
+    value: ''
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 290440da10e3caf10caea93952046a3f
+        SHA1: b7e2d4ed97b7e3ca43a7f1605efd561540b283bd
+        SHA256: 407ca87833bd0931eec8005bb125e56d5765058c9b6422620aa95d8b2044239a
+    Company: Novell, Inc.
+    Copyright: (C) Copyright 2000-2008, Novell, Inc. All Rights Reserved.
+    CreationTimestamp: '2008-08-18 10:16:41'
+    Date: ''
+    Description: Novell Client Portability Layer
+    ExportedFunctions:
+    - DllGetClassObject
+    - XTCOM_Table
+    FileVersion: 3.1.6.0
+    Filename: ''
+    ImportedFunctions:
+    - KeWaitForSingleObject
+    - ZwEnumerateKey
+    - ZwOpenKey
+    - ExAllocatePoolWithTag
+    - ZwCreateKey
+    - ExFreePoolWithTag
+    - ExReleaseFastMutex
+    - ExAcquireFastMutex
+    - RtlInitUnicodeString
+    - ZwSetValueKey
+    - ZwQueryValueKey
+    - ZwEnumerateValueKey
+    - ZwClose
+    - RtlAppendUnicodeStringToString
+    - RtlCopyUnicodeString
+    - ZwDeleteKey
+    - DbgBreakPoint
+    - DbgPrintEx
+    - DbgPrint
+    - RtlUpcaseUnicodeString
+    - RtlAnsiStringToUnicodeString
+    - RtlUnicodeStringToAnsiString
+    - RtlUnicodeStringToOemString
+    - RtlFreeUnicodeString
+    - RtlOemStringToUnicodeString
+    - RtlFreeAnsiString
+    - KeReleaseSpinLock
+    - KeAcquireSpinLockRaiseToDpc
+    - RtlIntegerToUnicodeString
+    - RtlAppendUnicodeToString
+    - RtlInitString
+    - RtlEqualUnicodeString
+    - RtlCompareString
+    - KeReleaseMutex
+    - RtlCompareUnicodeString
+    - RtlEqualString
+    - RtlUnicodeStringToInteger
+    - ExDeleteResourceLite
+    - ExInitializeResourceLite
+    - KeWaitForMultipleObjects
+    - ExAcquireResourceExclusiveLite
+    - KeResetEvent
+    - KeInitializeMutex
+    - KeLeaveCriticalRegion
+    - KeSetEvent
+    - ExIsResourceAcquiredSharedLite
+    - ExIsResourceAcquiredExclusiveLite
+    - KeEnterCriticalRegion
+    - ExAcquireResourceSharedLite
+    - ExReleaseResourceLite
+    - KeSetPriorityThread
+    - IoDeleteDevice
+    - IoCreateDevice
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - RtlCompareMemory
+    - IoUninitializeWorkItem
+    - IoFreeWorkItem
+    - KeInitializeDpc
+    - KeInitializeTimer
+    - KeDelayExecutionThread
+    - IoAllocateWorkItem
+    - KeSetTimer
+    - IoInitializeWorkItem
+    - IoQueueWorkItem
+    - KeCancelTimer
+    - KeBugCheckEx
+    - RtlCopyString
+    - KeInitializeEvent
+    - NicmCreateInstance
+    Imports:
+    - ntoskrnl.exe
+    - nicm.sys
+    InternalName: ''
+    MD5: c0e2a64ba0d23ab95258372457060143
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: NICM.SYS
+    PDBPath: ''
+    Product: Novell XTier
+    ProductVersion: 3.1.6
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 7ccba2f5532d28974864bb49f2f7ecde
+        SHA1: d70b833fc592a8822e52af45961fb0eb6675311c
+        SHA256: 2c7265667f82af5943f1c9d0a07c904f2bc44c93380430659daaabd4527fa943
+    SHA1: bf87ecd70eec427b2090a34781c49bbf5c7b3500
+    SHA256: dd4fedd5662122cbfe046a12e2137294ef1cb7822238d9e24eacc78f22f8e93d
+    Sections:
+        .text:
+            Entropy: 6.2707978239378175
+            Virtual Size: '0x7b1f'
+        .rdata:
+            Entropy: 4.709078409109689
+            Virtual Size: '0x7c8'
+        .data:
+            Entropy: 2.3540808182213286
+            Virtual Size: '0x8c8'
+        .pdata:
+            Entropy: 4.31228440148608
+            Virtual Size: '0x5ac'
+        .edata:
+            Entropy: 4.031879483268685
+            Virtual Size: '0x63'
+        INIT:
+            Entropy: 5.176988201091535
+            Virtual Size: '0x96e'
+        .rsrc:
+            Entropy: 3.285837261243419
+            Virtual Size: '0x358'
+        .reloc:
+            Entropy: 3.6567400216610486
+            Virtual Size: '0x160'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3
+                , Microsoft Software Validation v2, OU=Novell Products Group, CN=Novell,
+                Inc.
+            ValidFrom: '2007-04-04 00:00:00'
+            ValidTo: '2010-04-27 23:59:59'
+            Signature: 267f71f6ee43755fd6395f85c34bb15a72a6f2a959c2074627d294395fb1aaa4c7bbeff369d735628b233bde7e5c95a0f1837e5ad03704270834ce9c1b07649a256027930f44e064568666b06e7f9dc3cd299b38b0a6766301200ab58434a05a34a369ab99bbbf2aaa6b3603481e0393a80ea09e78a7cf55317a9590c49887f02e1fd948c3b1f6d203e91782ce423d0569f45e7f074205df5f92be6ccd9836641439af4390022242e0ca84aedb0d71c5a50f2dbd1ed30e5ac9c1bda67c694f94f2fe4aa83945ed32e426afe26f44dcb6dcc8186728f86f1a1bddc1ea7dd82b76578a42d1e63bf5f8f348fbcd509094858978e375d277394529df1dd5d78abab2
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 4808d93b14b8600dbfa18dab5d15310f
+            Version: 3
+            TBS:
+                MD5: adddb65a3a360b3c1a55cb33e426f32a
+                SHA1: 93d9b282265288a94ee4f1a01c5fb3a08badb7ac
+                SHA256: d98d63f26125a94eb767fdd2526f6c74bfb40cb4d117a1d87ca3ed0d99bd6f0b
+                SHA384: cf20d9d6343b52b05ebaeace8a75ad950089e2d55508571cf5b153583fdf2d7b11bc61b8f38bfa70f09b2e7ac63d9ef5
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 4808d93b14b8600dbfa18dab5d15310f
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    Imphash: f2dc136141066311fddef65f7f417c44
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/0fc0563c-de9f-41d8-806a-748e04d57365.yaml b/yaml/0fc0563c-de9f-41d8-806a-748e04d57365.yaml
index 21e019e06..699848477 100644
--- a/yaml/0fc0563c-de9f-41d8-806a-748e04d57365.yaml
+++ b/yaml/0fc0563c-de9f-41d8-806a-748e04d57365.yaml
@@ -1,169 +1,169 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 0fc0563c-de9f-41d8-806a-748e04d57365
+Tags:
+- gftkyj64.sys
+- deame.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: malicious
-Commands:
-  Command: sc.exe create gftkyj64.sys binPath=C:\windows\temp\gftkyj64.sys type=kernel
-    && sc.exe start gftkyj64.sys
-  Description: "SentinelOne has observed prominent threat actors abusing legitimately\
-    \ signed Microsoft drivers in active intrusions into telecommunication, BPO, MSSP,\
-    \ and financial services businesses.\nInvestigations into these intrusions led\
-    \ to the discovery of POORTRY and STONESTOP malware, part of a small toolkit designed\
-    \ to terminate AV and EDR processes.\nWe first reported our discovery to Microsoft\u2019\
-    s Security Response Center (MSRC) in October 2022 and received an official case\
-    \ number (75361). Today, MSRC released an associated advisory under ADV220005.\n\
-    This research is being released alongside Mandiant, a SentinelOne technology and\
-    \ incident response partner. "
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-03-04'
-Detection: []
-Id: 0fc0563c-de9f-41d8-806a-748e04d57365
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 4252d83e18ad41f0cea7ac168218d95b
-    SHA1: cf9cb05c9b725efca68c4b7d6f53c8e233217ac4
-    SHA256: cd66e893300e7e59a749fe4e1b1706f8ccb5ae140254def9f5a614648e2da36f
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2022-06-02 04:09:08'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: gftkyj64.sys
-  ImportedFunctions:
-  - rand
-  - srand
-  - RtlInitUnicodeString
-  - RtlGetVersion
-  - KeDelayExecutionThread
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - ExSystemTimeToLocalTime
-  - MmGetSystemRoutineAddress
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoGetCurrentProcess
-  - ObReferenceObjectByHandleWithTag
-  - ObfDereferenceObject
-  - ObfDereferenceObjectWithTag
-  - MmIsAddressValid
-  - PsGetProcessExitStatus
-  - PsIsThreadTerminating
-  - PsLookupProcessByProcessId
-  - PsLookupThreadByThreadId
-  - PsGetThreadProcess
-  - PsIsSystemThread
-  - ObOpenObjectByPointerWithTag
-  - KeBugCheckEx
-  Imports:
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: 04a88f5974caa621cee18f34300fc08a
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: a7d4acb55095eb7efa7945ef805fcf8b
-    SHA1: 10103bfe4f9a5b22c45d64354f88be415249f384
-    SHA256: 58bcb1d3215317fc95d1b8ddef6945aead4de70049db273b0d4a82a7e22b38d8
-  SHA1: a804ebec7e341b4d98d9e94f6e4860a55ea1638d
-  SHA256: 9b1b15a3aacb0e786a608726c3abfc94968915cedcbd239ddf903c4a54bfcf0c
-  Sections:
-    .text:
-      Entropy: 5.867789766876108
-      Virtual Size: '0x16a8'
-    .rdata:
-      Entropy: 3.699262445440139
-      Virtual Size: '0x5b0'
-    .data:
-      Entropy: 0.6050836155077387
-      Virtual Size: '0x110'
-    .pdata:
-      Entropy: 3.6860326615335524
-      Virtual Size: '0x15c'
-    INIT:
-      Entropy: 5.264965850546818
-      Virtual Size: '0x3ee'
-    .reloc:
-      Entropy: 3.566428031846024
-      Virtual Size: '0x20'
-  Signature:
-  - "\u5317\u4EAC\u4E1C\u65B9\u6D77\u8FBE\u7F51\u7EDC\u79D1\u6280\u6709\u9650\u8D23\
-    \u4EFB\u516C\u53F8"
-  - Sectigo Public Code Signing CA R36
-  - Sectigo Public Code Signing Root R46
-  - Sectigo (AAA)
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=CN, ST=guangdong, L=zhuhai, O=Zhuhai liancheng Technology Co., Ltd.,
-        OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=Zhuhai liancheng
-        Technology Co., Ltd.
-      ValidFrom: '2013-02-04 00:00:00'
-      ValidTo: '2014-02-04 23:59:59'
-      Signature: 6eb0af9de955b9bd1bda967942685c5b630bf60dd0be149178bce893c7c32039076006dd75f9655b497470e44e7954cd89fe4ee04a580992f0ee9268e8129afcf0b58519158d6864e56caa6e78d66b0278a86083b751cf8a030ba0139969509259e5d1ea91dc593e1d093fb5e4ebabe1a38359d920acb85f9c02f6939096522b010158d086bc5ff52bbe2be1ab364ca496ed5a3ac72531274daf4e808d483686118d6132d2b98018074a0e989eed4f43fe28298363e05e9c3cace4a954525ac021e0b10445e09a3528eff35b525e7cca44332744aa81b41dd4244ec54da168b2f1026a23ca9b9929199f037689956b69c21ca77e6605483439670dcf9baf2991
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 627dfdf73a1455de5143a270799e6b7b
-      Version: 3
-      TBS:
-        MD5: b91ec3270e80aa93214c42d1eed66d36
-        SHA1: c27a40cbc754d2bb1f7b872a5a9fd385ff1c2b2f
-        SHA256: 7b4a9879162ce64e75cca2bcc675be06dacb6c9eeae4df6c929080b4db819cd4
-        SHA384: 394fa6e52375f53d18f79f1abb7b26b02bbb000784279547bd81d16c18fabe1b8156b64ad1c356e85e1829fa2ab3f870
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 627dfdf73a1455de5143a270799e6b7b
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 832219eb71b8bdb771f1d29d27b0acf4
-  LoadsDespiteHVCI: 'TRUE'
 MitreID: T1068
+Category: malicious
+Commands:
+    Command: sc.exe create gftkyj64.sys binPath=C:\windows\temp\gftkyj64.sys type=kernel
+        && sc.exe start gftkyj64.sys
+    Description: "SentinelOne has observed prominent threat actors abusing legitimately\
+        \ signed Microsoft drivers in active intrusions into telecommunication, BPO,\
+        \ MSSP, and financial services businesses.\nInvestigations into these intrusions\
+        \ led to the discovery of POORTRY and STONESTOP malware, part of a small toolkit\
+        \ designed to terminate AV and EDR processes.\nWe first reported our discovery\
+        \ to Microsoft\u2019s Security Response Center (MSRC) in October 2022 and\
+        \ received an official case number (75361). Today, MSRC released an associated\
+        \ advisory under ADV220005.\nThis research is being released alongside Mandiant,\
+        \ a SentinelOne technology and incident response partner. "
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://www.sentinelone.com/labs/driving-through-defenses-targeted-attacks-leverage-signed-malicious-microsoft-drivers/
 - ''
-Tags:
-- gftkyj64.sys
-- deame.sys
-Verified: 'TRUE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 4252d83e18ad41f0cea7ac168218d95b
+        SHA1: cf9cb05c9b725efca68c4b7d6f53c8e233217ac4
+        SHA256: cd66e893300e7e59a749fe4e1b1706f8ccb5ae140254def9f5a614648e2da36f
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2022-06-02 04:09:08'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: gftkyj64.sys
+    ImportedFunctions:
+    - rand
+    - srand
+    - RtlInitUnicodeString
+    - RtlGetVersion
+    - KeDelayExecutionThread
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - ExSystemTimeToLocalTime
+    - MmGetSystemRoutineAddress
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoGetCurrentProcess
+    - ObReferenceObjectByHandleWithTag
+    - ObfDereferenceObject
+    - ObfDereferenceObjectWithTag
+    - MmIsAddressValid
+    - PsGetProcessExitStatus
+    - PsIsThreadTerminating
+    - PsLookupProcessByProcessId
+    - PsLookupThreadByThreadId
+    - PsGetThreadProcess
+    - PsIsSystemThread
+    - ObOpenObjectByPointerWithTag
+    - KeBugCheckEx
+    Imports:
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: 04a88f5974caa621cee18f34300fc08a
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: a7d4acb55095eb7efa7945ef805fcf8b
+        SHA1: 10103bfe4f9a5b22c45d64354f88be415249f384
+        SHA256: 58bcb1d3215317fc95d1b8ddef6945aead4de70049db273b0d4a82a7e22b38d8
+    SHA1: a804ebec7e341b4d98d9e94f6e4860a55ea1638d
+    SHA256: 9b1b15a3aacb0e786a608726c3abfc94968915cedcbd239ddf903c4a54bfcf0c
+    Sections:
+        .text:
+            Entropy: 5.867789766876108
+            Virtual Size: '0x16a8'
+        .rdata:
+            Entropy: 3.699262445440139
+            Virtual Size: '0x5b0'
+        .data:
+            Entropy: 0.6050836155077387
+            Virtual Size: '0x110'
+        .pdata:
+            Entropy: 3.6860326615335524
+            Virtual Size: '0x15c'
+        INIT:
+            Entropy: 5.264965850546818
+            Virtual Size: '0x3ee'
+        .reloc:
+            Entropy: 3.566428031846024
+            Virtual Size: '0x20'
+    Signature:
+    - "\u5317\u4EAC\u4E1C\u65B9\u6D77\u8FBE\u7F51\u7EDC\u79D1\u6280\u6709\u9650\u8D23\
+        \u4EFB\u516C\u53F8"
+    - Sectigo Public Code Signing CA R36
+    - Sectigo Public Code Signing Root R46
+    - Sectigo (AAA)
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=CN, ST=guangdong, L=zhuhai, O=Zhuhai liancheng Technology Co.,
+                Ltd., OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=Zhuhai
+                liancheng Technology Co., Ltd.
+            ValidFrom: '2013-02-04 00:00:00'
+            ValidTo: '2014-02-04 23:59:59'
+            Signature: 6eb0af9de955b9bd1bda967942685c5b630bf60dd0be149178bce893c7c32039076006dd75f9655b497470e44e7954cd89fe4ee04a580992f0ee9268e8129afcf0b58519158d6864e56caa6e78d66b0278a86083b751cf8a030ba0139969509259e5d1ea91dc593e1d093fb5e4ebabe1a38359d920acb85f9c02f6939096522b010158d086bc5ff52bbe2be1ab364ca496ed5a3ac72531274daf4e808d483686118d6132d2b98018074a0e989eed4f43fe28298363e05e9c3cace4a954525ac021e0b10445e09a3528eff35b525e7cca44332744aa81b41dd4244ec54da168b2f1026a23ca9b9929199f037689956b69c21ca77e6605483439670dcf9baf2991
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 627dfdf73a1455de5143a270799e6b7b
+            Version: 3
+            TBS:
+                MD5: b91ec3270e80aa93214c42d1eed66d36
+                SHA1: c27a40cbc754d2bb1f7b872a5a9fd385ff1c2b2f
+                SHA256: 7b4a9879162ce64e75cca2bcc675be06dacb6c9eeae4df6c929080b4db819cd4
+                SHA384: 394fa6e52375f53d18f79f1abb7b26b02bbb000784279547bd81d16c18fabe1b8156b64ad1c356e85e1829fa2ab3f870
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 627dfdf73a1455de5143a270799e6b7b
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 832219eb71b8bdb771f1d29d27b0acf4
+    LoadsDespiteHVCI: 'TRUE'
diff --git a/yaml/1055625b-3480-48b3-9556-8628a745d8f0.yaml b/yaml/1055625b-3480-48b3-9556-8628a745d8f0.yaml
index 3eff3adcc..e2495c643 100644
--- a/yaml/1055625b-3480-48b3-9556-8628a745d8f0.yaml
+++ b/yaml/1055625b-3480-48b3-9556-8628a745d8f0.yaml
@@ -1,190 +1,191 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 1055625b-3480-48b3-9556-8628a745d8f0
+Tags:
+- phydmaccx86.sys
+Verified: 'TRUE'
 Author: Michael Haag
+Created: '2023-07-22'
+MitreID: T1068
 CVE:
 - ''
 Category: vulnerable drivers
 Commands:
-  Command: ''
-  Description: Confirmed vulnerable driver from Microsoft Block List
-  OperatingSystem: Windows
-  Privileges: kernel
-  Usecase: Elevate privileges
-Created: '2023-07-22'
-Detection:
-- type: ''
-  value: ''
-Id: 1055625b-3480-48b3-9556-8628a745d8f0
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 9eddbcece57bf37b4e4c752599b4f1de
-    SHA1: b4af2981b9d94df71083a1f0c2d68e0883aa1cd1
-    SHA256: 5d10285d802fa793c217933c907d82db58977b865b3dad3848c6ed2550022413
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2010-02-03 21:52:36'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - WRITE_REGISTER_BUFFER_USHORT
-  - WRITE_REGISTER_BUFFER_ULONG
-  - IofCompleteRequest
-  - WRITE_REGISTER_BUFFER_UCHAR
-  - IoCreateDevice
-  - KeTickCount
-  - MmMapIoSpace
-  - READ_REGISTER_BUFFER_ULONG
-  - READ_REGISTER_BUFFER_USHORT
-  - READ_REGISTER_BUFFER_UCHAR
-  - MmUnmapIoSpace
-  - RtlInitUnicodeString
-  - IoDeleteSymbolicLink
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - RtlUnwind
-  - KeBugCheckEx
-  - HalGetBusDataByOffset
-  - WRITE_PORT_ULONG
-  - WRITE_PORT_USHORT
-  - WRITE_PORT_UCHAR
-  - READ_PORT_ULONG
-  - READ_PORT_USHORT
-  - READ_PORT_UCHAR
-  - HalSetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: 8af7fc0eb2e945c1be06238bde456091
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 993a8e328132a5ee41af8530044b3761
-    SHA1: 4a74fc1906f709fb6fb916c67f097179aeb155ac
-    SHA256: 3cc565366d03e6995a5a6131d96ec0201ee58e39e5644fd5b9abb94db773fdfa
-  SHA1: 8892ea0b3a05c65889162761ace8409df270d4c3
-  SHA256: 23787eb342fd38da73ce785023176f98304267c6f6fa8a50e718da096c7a7951
-  Sections:
-    .text:
-      Entropy: 6.173202023746463
-      Virtual Size: '0xb02'
-    .rdata:
-      Entropy: 4.047936591624656
-      Virtual Size: '0x1b4'
-    .data:
-      Entropy: 2.9182958340544896
-      Virtual Size: '0xc'
-    INIT:
-      Entropy: 5.40100021301616
-      Virtual Size: '0x336'
-    .reloc:
-      Entropy: 4.744935426027903
-      Virtual Size: '0xcc'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
-        Primary Object Publishing CA
-      ValidFrom: '1999-01-28 13:00:00'
-      ValidTo: '2017-01-27 12:00:00'
-      Signature: b578a6a27c04b77fc97f7d6abc71fa293060c2f4621efe7f431e9b6ee2b21f730b85765b7df54e49062fd4fab79140efed6f8d8e138354c52a023d0aa4dc990b7abd772fcc40c18ff3c48c4e72ba107ce6ff642bc7ce6ca7fcd79a7c8e468d01834d423bdb9c3f9f326157d717b0b33666f0b3fd446f8137b1944ea7562589f58ad66d116262795c42900218d39c23fc08e86445b92d7e805b4eafc38a299283781f914134af85c5fd07994e2c5cfec7fd17bb2525314d72b5b5294b489a376f13c7114e4a451e7e2f319cabe852afd6679734885f0e276a6652d15ac7ac302c2038dd2bff3aebce104582a27b1ba12073569b2a93e60451066c1bdc2f899493
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 040000000001239e0facb3
-      Version: 3
-      TBS:
-        MD5: 5ccf05e4dec10d9d6fe15d8778325272
-        SHA1: 79f0a648bd7f1184f86bff43ae47c9ecc3ed3cec
-        SHA256: 33ea31b892ba274a4aefe545de45c42c218b6dff78146655cdea892545c2cccc
-        SHA384: 1350ebc11fd20f5f141bc545786506e6a154be054da7a6e603cb276a6d60a24f2a4016ecc2f5cabd1088e1905f60aabf
-    - Subject: OU=Timestamping CA, O=GlobalSign, CN=GlobalSign Timestamping CA
-      ValidFrom: '2009-03-18 11:00:00'
-      ValidTo: '2028-01-28 12:00:00'
-      Signature: 5df6cb2b0d0140849f857a43706ae0c5e7aa0600d76713c9089131654f14a8a905dc389e6aa0300abd8dc78028ee4245ca94f3de5845a9803204f5595c6a70003927944df5b44634e81c5331b2b35416e9cc42abd5d959301cfb462725b88723b1e8758824831ec876377b01494548a4ede25dd27c9ca2dc2dba105a126265abae00c710343bcb72bd14240cdcc37627b4a7fee15829f20e169f91391d89a6e60f1c878ce258ac927e243eaaec14e73a33348bc63bac83ab0f14627aba1a2d4d4b1bc530f00b92797d3c78e0f8e6d215965999392b3061e8b8f8c0a1e9221411787dc4dc89bec0bb94e172aeebb540404fef171e585ed0a88996ac9228e9babf
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012019c19066
-      Version: 3
-      TBS:
-        MD5: 42023b9487cafe46c1b6a49c369a362e
-        SHA1: 7c7b524d269334b9f073c32e888e09544c6acd98
-        SHA256: b7126567833f3daa4085ff41e73112daad3d1e3808a942c1936520e2d6c46c78
-        SHA384: 0ee4f63d6f157ec4f6990c3ebb411ccd76cb1e2123c7f692459e43f96c0da2dbf60a2bce6afeacc60621d3055028baea
-    - Subject: C=BE, O=GlobalSign NV, CN=GlobalSign Time Stamping Authority
-      ValidFrom: '2009-12-21 09:32:56'
-      ValidTo: '2020-12-22 09:32:56'
-      Signature: bc89ecfee63655935c79d4117a86808f17b693b26d9b91a1561811c655eaf608edad9b9ef52b81c8bbdd607b1b47991e6d403e1d80c213d58e04052fdbe7ae529e688472a1e54a603cf89bd52f46d8c3b2b79353ac9b6c432424d1f1fce9562e3411581843eaefff34746ca0c06c7fad031969881e9560cabbbd0cbb76efc724b081c63831cf36ad0c38b89020849b2e8f28b99ff6ca9427cdac396157e0e3955a9c769230f5dea6973d721c2a6032a8334d8635338a5cf3a4fdf7062ce16b4b30f5cbd34362f841b9de7d20cb058c8e2cf65f35fd338d42896508362ca389f45a858bb0b97bdb6ccba1f8d20e1bbb977cd12779be9d7c3be6a75634d8c991a9
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 01000000000125b0b4cc01
-      Version: 3
-      TBS:
-        MD5: e3369c8e5aec0504b3a50455f615d9f9
-        SHA1: 13c244a894b40ecd18aaf97c362f20385bd005a7
-        SHA256: 26da721a670c72836926032fee6920118bfb9bff89cc8d0ce30d9452c33f2532
-        SHA384: 1524902f0e25addc6d74039d439366d2b06199e215004fd8e145369f50ea94a021ce6312e8a62b35470da0309ccb975c
-    - Subject: C=CN, O=Suzhou Ind. Park ShiSuanKeJi Co., Ltd., CN=Suzhou Ind. Park
-        ShiSuanKeJi Co., Ltd., emailAddress=support@winmount.com
-      ValidFrom: '2009-07-06 03:56:35'
-      ValidTo: '2010-07-06 03:56:35'
-      Signature: 85c9779e6b59736985b385e0e41542c8ad4d0549dde97d7fe57f28b7c94d9213ee3a5b930cda11d5ec31ad7af91301be188686cbea8509d053c737650684c16a46cd6ea0ee4ab8145b4a8b290a83abb754e43282f154a581c2c97d4ae4efc0f74e61197a74c6ff9edf4a73eda9f2bb8823db91718bdd114e195f07cdb5e2d20adb72e878920c26bad4a9cb400f0b5c2d1dbba924d0430a0bdb80a83d95961beff2c242a2f3da9838971caeb92395892174f7579bee52fb234887a3871c117751187c2fa334171aaf7a14e1dcd05aa8930e37f82c0aac6c514881f4ba1dc6c4aca3f2e59ef3a4de8744df815ee34333185aa3225675e20d60d7ae838f51937132
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 010000000001224e6689d6
-      Version: 3
-      TBS:
-        MD5: ca2389fcfbf20e5e06a93095a11e2969
-        SHA1: 560b2b09d374366d82385c34f5af32f90a36e4ff
-        SHA256: 8145484fe1f9827a0473717e15ff7ebe86c39d6e1659f294dacedf863c149ee0
-        SHA384: bd262827636c18b70299e8e96ccc2e61284352309d9c7da197ba51914c52adb3248d784f411fac6d884750f9d8f02a06
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      ValidFrom: '2004-01-22 10:00:00'
-      ValidTo: '2017-01-27 10:00:00'
-      Signature: 1e6af36df48ea922fe7008652ea15dab3330dd6c78fa4beaadc58dec107a6ac55897396b92f391e20ca7281cd15d768e8b077c136fadc43643b3c1bc3159cf1838d8a33bceffca6758bfe0f1ac613ea23b1ebc025b41ac446bf526f3ed5ea865f6ca65a63fcaf577eba5862a582956f8be161040e9d2fc572c636137662539202e0703a036032594bd7ceb7ed3a3c2c57616753092b9ff7641352168d10e5e5c8ec30360e68040fcc05da2546e6e9267a7811287a2a32bdbb74dffe4d5c7e505e6d5f1aefccd661821f33e47c9e59542612c9d2680b20fa83d0ec9a778df6e748c2c46f672e93c646b2855c44b6433cb78541338f0d57106d43e0d0a350ee0b3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 040000000001239e0faf24
-      Version: 3
-      TBS:
-        MD5: 7dd2351a85d3665eeb6720a21f4f7dee
-        SHA1: 77838c4d7f36958a581841d28f481d61ce0696ed
-        SHA256: 846725f4b0193468c1079d6127e9e6e420fc6ed66019ed02d732ba644decad57
-        SHA384: aaa45fe704bc66bb1842a2123c6e45e016dfbc7ba2ce07d7d2ee0b5d488a39c68bc6db582cb45d51f5fa52e60be8efd6
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 010000000001224e6689d6
-      Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      Version: 1
-  Imphash: a1d29a3af6402793ec9d23883512938a
-  LoadsDespiteHVCI: 'FALSE'
-MitreID: T1068
+    Command: ''
+    Description: Confirmed vulnerable driver from Microsoft Block List
+    OperatingSystem: Windows
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://gist.github.com/mgraeber-rc/1bde6a2a83237f17b463d051d32e802c
-Tags:
-- phydmaccx86.sys
-Verified: 'TRUE'
+Detection:
+-   type: ''
+    value: ''
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 9eddbcece57bf37b4e4c752599b4f1de
+        SHA1: b4af2981b9d94df71083a1f0c2d68e0883aa1cd1
+        SHA256: 5d10285d802fa793c217933c907d82db58977b865b3dad3848c6ed2550022413
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2010-02-03 21:52:36'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - WRITE_REGISTER_BUFFER_USHORT
+    - WRITE_REGISTER_BUFFER_ULONG
+    - IofCompleteRequest
+    - WRITE_REGISTER_BUFFER_UCHAR
+    - IoCreateDevice
+    - KeTickCount
+    - MmMapIoSpace
+    - READ_REGISTER_BUFFER_ULONG
+    - READ_REGISTER_BUFFER_USHORT
+    - READ_REGISTER_BUFFER_UCHAR
+    - MmUnmapIoSpace
+    - RtlInitUnicodeString
+    - IoDeleteSymbolicLink
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - RtlUnwind
+    - KeBugCheckEx
+    - HalGetBusDataByOffset
+    - WRITE_PORT_ULONG
+    - WRITE_PORT_USHORT
+    - WRITE_PORT_UCHAR
+    - READ_PORT_ULONG
+    - READ_PORT_USHORT
+    - READ_PORT_UCHAR
+    - HalSetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: 8af7fc0eb2e945c1be06238bde456091
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 993a8e328132a5ee41af8530044b3761
+        SHA1: 4a74fc1906f709fb6fb916c67f097179aeb155ac
+        SHA256: 3cc565366d03e6995a5a6131d96ec0201ee58e39e5644fd5b9abb94db773fdfa
+    SHA1: 8892ea0b3a05c65889162761ace8409df270d4c3
+    SHA256: 23787eb342fd38da73ce785023176f98304267c6f6fa8a50e718da096c7a7951
+    Sections:
+        .text:
+            Entropy: 6.173202023746463
+            Virtual Size: '0xb02'
+        .rdata:
+            Entropy: 4.047936591624656
+            Virtual Size: '0x1b4'
+        .data:
+            Entropy: 2.9182958340544896
+            Virtual Size: '0xc'
+        INIT:
+            Entropy: 5.40100021301616
+            Virtual Size: '0x336'
+        .reloc:
+            Entropy: 4.744935426027903
+            Virtual Size: '0xcc'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
+                Primary Object Publishing CA
+            ValidFrom: '1999-01-28 13:00:00'
+            ValidTo: '2017-01-27 12:00:00'
+            Signature: b578a6a27c04b77fc97f7d6abc71fa293060c2f4621efe7f431e9b6ee2b21f730b85765b7df54e49062fd4fab79140efed6f8d8e138354c52a023d0aa4dc990b7abd772fcc40c18ff3c48c4e72ba107ce6ff642bc7ce6ca7fcd79a7c8e468d01834d423bdb9c3f9f326157d717b0b33666f0b3fd446f8137b1944ea7562589f58ad66d116262795c42900218d39c23fc08e86445b92d7e805b4eafc38a299283781f914134af85c5fd07994e2c5cfec7fd17bb2525314d72b5b5294b489a376f13c7114e4a451e7e2f319cabe852afd6679734885f0e276a6652d15ac7ac302c2038dd2bff3aebce104582a27b1ba12073569b2a93e60451066c1bdc2f899493
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 040000000001239e0facb3
+            Version: 3
+            TBS:
+                MD5: 5ccf05e4dec10d9d6fe15d8778325272
+                SHA1: 79f0a648bd7f1184f86bff43ae47c9ecc3ed3cec
+                SHA256: 33ea31b892ba274a4aefe545de45c42c218b6dff78146655cdea892545c2cccc
+                SHA384: 1350ebc11fd20f5f141bc545786506e6a154be054da7a6e603cb276a6d60a24f2a4016ecc2f5cabd1088e1905f60aabf
+        -   Subject: OU=Timestamping CA, O=GlobalSign, CN=GlobalSign Timestamping
+                CA
+            ValidFrom: '2009-03-18 11:00:00'
+            ValidTo: '2028-01-28 12:00:00'
+            Signature: 5df6cb2b0d0140849f857a43706ae0c5e7aa0600d76713c9089131654f14a8a905dc389e6aa0300abd8dc78028ee4245ca94f3de5845a9803204f5595c6a70003927944df5b44634e81c5331b2b35416e9cc42abd5d959301cfb462725b88723b1e8758824831ec876377b01494548a4ede25dd27c9ca2dc2dba105a126265abae00c710343bcb72bd14240cdcc37627b4a7fee15829f20e169f91391d89a6e60f1c878ce258ac927e243eaaec14e73a33348bc63bac83ab0f14627aba1a2d4d4b1bc530f00b92797d3c78e0f8e6d215965999392b3061e8b8f8c0a1e9221411787dc4dc89bec0bb94e172aeebb540404fef171e585ed0a88996ac9228e9babf
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012019c19066
+            Version: 3
+            TBS:
+                MD5: 42023b9487cafe46c1b6a49c369a362e
+                SHA1: 7c7b524d269334b9f073c32e888e09544c6acd98
+                SHA256: b7126567833f3daa4085ff41e73112daad3d1e3808a942c1936520e2d6c46c78
+                SHA384: 0ee4f63d6f157ec4f6990c3ebb411ccd76cb1e2123c7f692459e43f96c0da2dbf60a2bce6afeacc60621d3055028baea
+        -   Subject: C=BE, O=GlobalSign NV, CN=GlobalSign Time Stamping Authority
+            ValidFrom: '2009-12-21 09:32:56'
+            ValidTo: '2020-12-22 09:32:56'
+            Signature: bc89ecfee63655935c79d4117a86808f17b693b26d9b91a1561811c655eaf608edad9b9ef52b81c8bbdd607b1b47991e6d403e1d80c213d58e04052fdbe7ae529e688472a1e54a603cf89bd52f46d8c3b2b79353ac9b6c432424d1f1fce9562e3411581843eaefff34746ca0c06c7fad031969881e9560cabbbd0cbb76efc724b081c63831cf36ad0c38b89020849b2e8f28b99ff6ca9427cdac396157e0e3955a9c769230f5dea6973d721c2a6032a8334d8635338a5cf3a4fdf7062ce16b4b30f5cbd34362f841b9de7d20cb058c8e2cf65f35fd338d42896508362ca389f45a858bb0b97bdb6ccba1f8d20e1bbb977cd12779be9d7c3be6a75634d8c991a9
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 01000000000125b0b4cc01
+            Version: 3
+            TBS:
+                MD5: e3369c8e5aec0504b3a50455f615d9f9
+                SHA1: 13c244a894b40ecd18aaf97c362f20385bd005a7
+                SHA256: 26da721a670c72836926032fee6920118bfb9bff89cc8d0ce30d9452c33f2532
+                SHA384: 1524902f0e25addc6d74039d439366d2b06199e215004fd8e145369f50ea94a021ce6312e8a62b35470da0309ccb975c
+        -   Subject: C=CN, O=Suzhou Ind. Park ShiSuanKeJi Co., Ltd., CN=Suzhou Ind.
+                Park ShiSuanKeJi Co., Ltd., emailAddress=support@winmount.com
+            ValidFrom: '2009-07-06 03:56:35'
+            ValidTo: '2010-07-06 03:56:35'
+            Signature: 85c9779e6b59736985b385e0e41542c8ad4d0549dde97d7fe57f28b7c94d9213ee3a5b930cda11d5ec31ad7af91301be188686cbea8509d053c737650684c16a46cd6ea0ee4ab8145b4a8b290a83abb754e43282f154a581c2c97d4ae4efc0f74e61197a74c6ff9edf4a73eda9f2bb8823db91718bdd114e195f07cdb5e2d20adb72e878920c26bad4a9cb400f0b5c2d1dbba924d0430a0bdb80a83d95961beff2c242a2f3da9838971caeb92395892174f7579bee52fb234887a3871c117751187c2fa334171aaf7a14e1dcd05aa8930e37f82c0aac6c514881f4ba1dc6c4aca3f2e59ef3a4de8744df815ee34333185aa3225675e20d60d7ae838f51937132
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 010000000001224e6689d6
+            Version: 3
+            TBS:
+                MD5: ca2389fcfbf20e5e06a93095a11e2969
+                SHA1: 560b2b09d374366d82385c34f5af32f90a36e4ff
+                SHA256: 8145484fe1f9827a0473717e15ff7ebe86c39d6e1659f294dacedf863c149ee0
+                SHA384: bd262827636c18b70299e8e96ccc2e61284352309d9c7da197ba51914c52adb3248d784f411fac6d884750f9d8f02a06
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            ValidFrom: '2004-01-22 10:00:00'
+            ValidTo: '2017-01-27 10:00:00'
+            Signature: 1e6af36df48ea922fe7008652ea15dab3330dd6c78fa4beaadc58dec107a6ac55897396b92f391e20ca7281cd15d768e8b077c136fadc43643b3c1bc3159cf1838d8a33bceffca6758bfe0f1ac613ea23b1ebc025b41ac446bf526f3ed5ea865f6ca65a63fcaf577eba5862a582956f8be161040e9d2fc572c636137662539202e0703a036032594bd7ceb7ed3a3c2c57616753092b9ff7641352168d10e5e5c8ec30360e68040fcc05da2546e6e9267a7811287a2a32bdbb74dffe4d5c7e505e6d5f1aefccd661821f33e47c9e59542612c9d2680b20fa83d0ec9a778df6e748c2c46f672e93c646b2855c44b6433cb78541338f0d57106d43e0d0a350ee0b3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 040000000001239e0faf24
+            Version: 3
+            TBS:
+                MD5: 7dd2351a85d3665eeb6720a21f4f7dee
+                SHA1: 77838c4d7f36958a581841d28f481d61ce0696ed
+                SHA256: 846725f4b0193468c1079d6127e9e6e420fc6ed66019ed02d732ba644decad57
+                SHA384: aaa45fe704bc66bb1842a2123c6e45e016dfbc7ba2ce07d7d2ee0b5d488a39c68bc6db582cb45d51f5fa52e60be8efd6
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 010000000001224e6689d6
+            Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            Version: 1
+    Imphash: a1d29a3af6402793ec9d23883512938a
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/1068f5cc-65dd-4fd0-b3d8-1d982b37405f.yaml b/yaml/1068f5cc-65dd-4fd0-b3d8-1d982b37405f.yaml
index e260ae960..6f9478361 100644
--- a/yaml/1068f5cc-65dd-4fd0-b3d8-1d982b37405f.yaml
+++ b/yaml/1068f5cc-65dd-4fd0-b3d8-1d982b37405f.yaml
@@ -1,35 +1,35 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 1068f5cc-65dd-4fd0-b3d8-1d982b37405f
+Tags:
+- WinIO32A.sys
+Verified: 'FALSE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create WinIO32A.sys binPath=C:\windows\temp\WinIO32A.sys type=kernel
-    && sc.exe start WinIO32A.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection: []
-Id: 1068f5cc-65dd-4fd0-b3d8-1d982b37405f
-KnownVulnerableSamples:
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: WinIO32A.sys
-  MachineType: ''
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: 01779ee53f999464465ed690d823d160f73f10e7
-  Signature: []
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create WinIO32A.sys binPath=C:\windows\temp\WinIO32A.sys type=kernel
+        && sc.exe start WinIO32A.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules
-Tags:
-- WinIO32A.sys
-Verified: 'FALSE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: WinIO32A.sys
+    MachineType: ''
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: 01779ee53f999464465ed690d823d160f73f10e7
+    Signature: []
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/10b1fc3d-c444-4885-8ca9-4b5891885507.yaml b/yaml/10b1fc3d-c444-4885-8ca9-4b5891885507.yaml
index af0b2cdb5..59a15cb38 100644
--- a/yaml/10b1fc3d-c444-4885-8ca9-4b5891885507.yaml
+++ b/yaml/10b1fc3d-c444-4885-8ca9-4b5891885507.yaml
@@ -1,482 +1,488 @@
 Id: 10b1fc3d-c444-4885-8ca9-4b5891885507
+Tags:
+- atillk64.sys
+Verified: 'TRUE'
 Author: Nasreddine Bencherchali
 Created: '2023-05-06'
 MitreID: T1068
 Category: vulnerable driver
-Verified: 'TRUE'
 Commands:
-  Command: sc.exe create atillk64.sys binPath=C:\windows\temp\atillk64.sys type=kernel
-    && sc.exe start atillk64.sys
-  Description: ''
-  Usecase: Elevate privileges
-  Privileges: kernel
-  OperatingSystem: Windows 10
+    Command: sc.exe create atillk64.sys binPath=C:\windows\temp\atillk64.sys type=kernel
+        && sc.exe start atillk64.sys
+    Description: ''
+    Usecase: Elevate privileges
+    Privileges: kernel
+    OperatingSystem: Windows 10
 Resources:
 - Internal Research
-Acknowledgement:
-  Person: ''
-  Handle: ''
 Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/38bb9751a3a1f072d518afe6921a66ee6d5cf6d25bc50af49e1925f20d75d4d7.yara
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/ad40e6d0f77c0e579fb87c5106bf6de3d1a9f30ee2fbf8c9c011f377fa05f173.yara
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/ad40e6d0f77c0e579fb87c5106bf6de3d1a9f30ee2fbf8c9c011f377fa05f173.yara
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/38bb9751a3a1f072d518afe6921a66ee6d5cf6d25bc50af49e1925f20d75d4d7.yara
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/ad40e6d0f77c0e579fb87c5106bf6de3d1a9f30ee2fbf8c9c011f377fa05f173.yara
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/ad40e6d0f77c0e579fb87c5106bf6de3d1a9f30ee2fbf8c9c011f377fa05f173.yara
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Person: ''
+    Handle: ''
 KnownVulnerableSamples:
-- Filename: atillk64.sys
-  MD5: 27d21eeff199ed555a29ca0ea4453cfb
-  SHA1: 1045c63eccb54c8aee9fd83ffe48306dc7fe272c
-  SHA256: 38bb9751a3a1f072d518afe6921a66ee6d5cf6d25bc50af49e1925f20d75d4d7
-  Authentihash:
-    MD5: 75c20227e11024bdfd5fbe23e769bbca
-    SHA1: 2e3cf3678d476420696ec7df46b08d4d24d25644
-    SHA256: c9b8ecd0657fda14476920fe47783bd8a951d7a4a640935d9199b4a7ae4b8b69
-  Description: ATI Diagnostics Hardware Abstraction Sys
-  Company: ATI Technologies Inc.
-  InternalName: atillk64.sys
-  OriginalFilename: atillk64.sys
-  FileVersion: 5.11.9.0
-  Product: ATI Diagnostics
-  ProductVersion: 5.11.9.0
-  Copyright: Copyright (C) ATI Technologies Inc., 2003
-  MachineType: IA64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - MmUnmapIoSpace
-  - IoDeleteSymbolicLink
-  - KeTickCount
-  - IoAllocateMdl
-  - MmBuildMdlForNonPagedPool
-  - MmMapLockedPages
-  - IoFreeMdl
-  - RtlInitUnicodeString
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - HalGetBusDataByOffset
-  - WRITE_PORT_UCHAR
-  - WRITE_PORT_USHORT
-  - WRITE_PORT_ULONG
-  - READ_PORT_UCHAR
-  - READ_PORT_USHORT
-  - READ_PORT_ULONG
-  - HalSetBusDataByOffset
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2008-12-03 23:59:59'
-      Signature: 877870da4e5201205be079c98230c4fdb91996bd9100c3bdcdcdc6f40ed8fff94dc033623011c5f5741bd492de5f9c2013b17c45be50cd83e7801783a72793671346fbcab8984103cc9b515b058b7fa86ff31b501b242ef2698d6c22f7bbca1695ed0c74c06877d9eb996287c17390f889747a23aba3987b97b1f78f29714d2e751b4841daf0b50d2054d677a097826369fd09cf8af075bb099bd9f91155269a6132be7a02b07b86bea2c38b222c78d13576bc92735cf9b9e64c150a23cce4d2d4342e4940153c0f607a24c6a566ef96cf70eb3ee7f40d7edcd17ca3767169c19c4f47303521b1a2af1a623c2bd98eaa2a077bd818b35c7be29da56ffe3c89ad
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0de92bf0d4d82988183205095e9a7688
-      Version: 3
-      TBS:
-        MD5: 45c204b8a20f6abb0188d2d38a3fb0c9
-        SHA1: cdf3a3c5c2eda4c29621f30fd3154f9f8c765739
-        SHA256: e32839dddc0f4ed2474efaf37f59d46db400c700fd19533cb0895a111124bc77
-        SHA384: ee9c75832cb252218b3201619852209df490d2ef7a5f7a28afdb37f1c1dd56f4604898838e558f615b1c798d4a488223
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=CA, ST=Ontario, L=Thornhill, O=ATI Technologies, Inc, OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, CN=ATI Technologies, Inc
-      ValidFrom: '2006-03-17 00:00:00'
-      ValidTo: '2009-03-21 23:59:59'
-      Signature: 7345709b7537390f5e353a60481acc85fef70a62195b9c0384f0902d68f66a98d26cb8601bc0aa4868a5136937cebc1b6898e1c16c2f8283a7a632cc5a124b514852877db91ef19627f9dc5ec8df9de0bda8c938efaa488e1c7aca70808d99edf2289109a64720f7ee24c21c35cbc126c3127f23f8ac10ac13095c8e6d91e1f23428a9528dc8e5139ca0a6b60a85d2dad287ac8810a5d9c6104790674ea13f71235c46d39faec2f7514be12720f3bcb1f01b58eb544f2094a8a0dff7e259e5c2e5363b6ad23d19607499b585ca194037d2651446534ced4b367860a711603ab89940dba8fd4ddf756bb36fa30a77ae941390561feaffebbd2040ac375414252c
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 71bb7d93f6814cf58266cf2176e751b3
-      Version: 3
-      TBS:
-        MD5: c7375b863517bb2bcb73dd7ddf66334e
-        SHA1: 489a704b9899dd6f5b195b2e7f7294e5db7aedfb
-        SHA256: 9e55ffa2dfe041c26ef1918e4f7cad301bb327ea8f2fd1a005de2d66131f0110
-        SHA384: c45a84113b973df0df98f4a34e91e78db9331d116e90895b4b0c458dc19b0eb349274e5381893531b13eed6e68dae183
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 71bb7d93f6814cf58266cf2176e751b3
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: f1899a92dac775dd91c488238c47121f
-    SHA1: f87117679e6a15d2f7cb1eb9a955920f7e27182f
-    SHA256: 7a797dd2fc95f2cc57884cc125ece95a449fb288004a431c565207c6689478db
-  Sections:
-    .text:
-      Entropy: 5.408148680070703
-      Virtual Size: '0x2540'
-    .rdata:
-      Entropy: 3.945423865388493
-      Virtual Size: '0x27c'
-    .pdata:
-      Entropy: 3.0150554354522017
-      Virtual Size: '0x6c'
-    .srdata:
-      Entropy: 1.77520470625279
-      Virtual Size: '0x20'
-    .sdata:
-      Entropy: 2.1249953441922287
-      Virtual Size: '0xc8'
-    INIT:
-      Entropy: 5.150279397766819
-      Virtual Size: '0x370'
-    .rsrc:
-      Entropy: 3.3270115807792875
-      Virtual Size: '0x3a8'
-    .reloc:
-      Entropy: 0.6102086113176999
-      Virtual Size: '0x128'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2005-09-09 12:36:29'
-  Imphash: a18b467c3b43f334ca455c495a3ef70d
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: atillk64.sys
-  MD5: 26d973d6d9a0d133dfda7d8c1adc04b7
-  SHA1: eb0d45aa6f537f5b2f90f3ad99013606eafcd162
-  SHA256: ad40e6d0f77c0e579fb87c5106bf6de3d1a9f30ee2fbf8c9c011f377fa05f173
-  Authentihash:
-    MD5: 78103f6de4cad64d95a8beda5f8b9112
-    SHA1: 0358bcba83349cb23ea44d5c36b9e22adaec8d94
-    SHA256: 2952ae305f9e206bb0b6d7986f2b6942656c310f9d201cf2e2dd6e961c18804e
-  Description: ATI Diagnostics Hardware Abstraction Sys
-  Company: ATI Technologies Inc.
-  InternalName: atillk64.sys
-  OriginalFilename: atillk64.sys
-  FileVersion: 5.11.9.0
-  Product: ATI Diagnostics
-  ProductVersion: 5.11.9.0
-  Copyright: Copyright (C) ATI Technologies Inc., 2003
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - RtlInitUnicodeString
-  - MmUnmapIoSpace
-  - IoFreeMdl
-  - MmMapLockedPages
-  - MmBuildMdlForNonPagedPool
-  - IoAllocateMdl
-  - IoCreateDevice
-  - IofCompleteRequest
-  - IoDeleteSymbolicLink
-  - IoCreateSymbolicLink
-  - MmMapIoSpace
-  - IoDeleteDevice
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2008-12-03 23:59:59'
-      Signature: 877870da4e5201205be079c98230c4fdb91996bd9100c3bdcdcdc6f40ed8fff94dc033623011c5f5741bd492de5f9c2013b17c45be50cd83e7801783a72793671346fbcab8984103cc9b515b058b7fa86ff31b501b242ef2698d6c22f7bbca1695ed0c74c06877d9eb996287c17390f889747a23aba3987b97b1f78f29714d2e751b4841daf0b50d2054d677a097826369fd09cf8af075bb099bd9f91155269a6132be7a02b07b86bea2c38b222c78d13576bc92735cf9b9e64c150a23cce4d2d4342e4940153c0f607a24c6a566ef96cf70eb3ee7f40d7edcd17ca3767169c19c4f47303521b1a2af1a623c2bd98eaa2a077bd818b35c7be29da56ffe3c89ad
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0de92bf0d4d82988183205095e9a7688
-      Version: 3
-      TBS:
-        MD5: 45c204b8a20f6abb0188d2d38a3fb0c9
-        SHA1: cdf3a3c5c2eda4c29621f30fd3154f9f8c765739
-        SHA256: e32839dddc0f4ed2474efaf37f59d46db400c700fd19533cb0895a111124bc77
-        SHA384: ee9c75832cb252218b3201619852209df490d2ef7a5f7a28afdb37f1c1dd56f4604898838e558f615b1c798d4a488223
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=CA, ST=Ontario, L=Thornhill, O=ATI Technologies, Inc, OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, CN=ATI Technologies, Inc
-      ValidFrom: '2006-03-17 00:00:00'
-      ValidTo: '2009-03-21 23:59:59'
-      Signature: 7345709b7537390f5e353a60481acc85fef70a62195b9c0384f0902d68f66a98d26cb8601bc0aa4868a5136937cebc1b6898e1c16c2f8283a7a632cc5a124b514852877db91ef19627f9dc5ec8df9de0bda8c938efaa488e1c7aca70808d99edf2289109a64720f7ee24c21c35cbc126c3127f23f8ac10ac13095c8e6d91e1f23428a9528dc8e5139ca0a6b60a85d2dad287ac8810a5d9c6104790674ea13f71235c46d39faec2f7514be12720f3bcb1f01b58eb544f2094a8a0dff7e259e5c2e5363b6ad23d19607499b585ca194037d2651446534ced4b367860a711603ab89940dba8fd4ddf756bb36fa30a77ae941390561feaffebbd2040ac375414252c
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 71bb7d93f6814cf58266cf2176e751b3
-      Version: 3
-      TBS:
-        MD5: c7375b863517bb2bcb73dd7ddf66334e
-        SHA1: 489a704b9899dd6f5b195b2e7f7294e5db7aedfb
-        SHA256: 9e55ffa2dfe041c26ef1918e4f7cad301bb327ea8f2fd1a005de2d66131f0110
-        SHA384: c45a84113b973df0df98f4a34e91e78db9331d116e90895b4b0c458dc19b0eb349274e5381893531b13eed6e68dae183
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 71bb7d93f6814cf58266cf2176e751b3
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: acb8ae81124f862a3e913e3aa625f35d
-    SHA1: 49255f0aea0d3a98ff31799c93fae2a40b0085b5
-    SHA256: 8bbe121f8f400e2f6858cbb2ba3f15c89de8e434fa27298831bf5d23244ba97d
-  Sections:
-    .text:
-      Entropy: 5.939518444890944
-      Virtual Size: '0xae2'
-    .rdata:
-      Entropy: 4.464303279960791
-      Virtual Size: '0x158'
-    .data:
-      Entropy: 0.5159719988134768
-      Virtual Size: '0x110'
-    .pdata:
-      Entropy: 2.674419891996053
-      Virtual Size: '0x30'
-    INIT:
-      Entropy: 4.792686708537381
-      Virtual Size: '0x25e'
-    .rsrc:
-      Entropy: 3.3307368674259283
-      Virtual Size: '0x3a8'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2005-09-09 12:40:54'
-  Imphash: b4c2607b2af5376910bf80b561e9a18a
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: atillk64.sys
-  MD5: 26d973d6d9a0d133dfda7d8c1adc04b7
-  SHA1: eb0d45aa6f537f5b2f90f3ad99013606eafcd162
-  SHA256: ad40e6d0f77c0e579fb87c5106bf6de3d1a9f30ee2fbf8c9c011f377fa05f173
-  Authentihash:
-    MD5: 78103f6de4cad64d95a8beda5f8b9112
-    SHA1: 0358bcba83349cb23ea44d5c36b9e22adaec8d94
-    SHA256: 2952ae305f9e206bb0b6d7986f2b6942656c310f9d201cf2e2dd6e961c18804e
-  Description: ATI Diagnostics Hardware Abstraction Sys
-  Company: ATI Technologies Inc.
-  InternalName: atillk64.sys
-  OriginalFilename: atillk64.sys
-  FileVersion: 5.11.9.0
-  Product: ATI Diagnostics
-  ProductVersion: 5.11.9.0
-  Copyright: Copyright (C) ATI Technologies Inc., 2003
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - RtlInitUnicodeString
-  - MmUnmapIoSpace
-  - IoFreeMdl
-  - MmMapLockedPages
-  - MmBuildMdlForNonPagedPool
-  - IoAllocateMdl
-  - IoCreateDevice
-  - IofCompleteRequest
-  - IoDeleteSymbolicLink
-  - IoCreateSymbolicLink
-  - MmMapIoSpace
-  - IoDeleteDevice
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2008-12-03 23:59:59'
-      Signature: 877870da4e5201205be079c98230c4fdb91996bd9100c3bdcdcdc6f40ed8fff94dc033623011c5f5741bd492de5f9c2013b17c45be50cd83e7801783a72793671346fbcab8984103cc9b515b058b7fa86ff31b501b242ef2698d6c22f7bbca1695ed0c74c06877d9eb996287c17390f889747a23aba3987b97b1f78f29714d2e751b4841daf0b50d2054d677a097826369fd09cf8af075bb099bd9f91155269a6132be7a02b07b86bea2c38b222c78d13576bc92735cf9b9e64c150a23cce4d2d4342e4940153c0f607a24c6a566ef96cf70eb3ee7f40d7edcd17ca3767169c19c4f47303521b1a2af1a623c2bd98eaa2a077bd818b35c7be29da56ffe3c89ad
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0de92bf0d4d82988183205095e9a7688
-      Version: 3
-      TBS:
-        MD5: 45c204b8a20f6abb0188d2d38a3fb0c9
-        SHA1: cdf3a3c5c2eda4c29621f30fd3154f9f8c765739
-        SHA256: e32839dddc0f4ed2474efaf37f59d46db400c700fd19533cb0895a111124bc77
-        SHA384: ee9c75832cb252218b3201619852209df490d2ef7a5f7a28afdb37f1c1dd56f4604898838e558f615b1c798d4a488223
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=CA, ST=Ontario, L=Thornhill, O=ATI Technologies, Inc, OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, CN=ATI Technologies, Inc
-      ValidFrom: '2006-03-17 00:00:00'
-      ValidTo: '2009-03-21 23:59:59'
-      Signature: 7345709b7537390f5e353a60481acc85fef70a62195b9c0384f0902d68f66a98d26cb8601bc0aa4868a5136937cebc1b6898e1c16c2f8283a7a632cc5a124b514852877db91ef19627f9dc5ec8df9de0bda8c938efaa488e1c7aca70808d99edf2289109a64720f7ee24c21c35cbc126c3127f23f8ac10ac13095c8e6d91e1f23428a9528dc8e5139ca0a6b60a85d2dad287ac8810a5d9c6104790674ea13f71235c46d39faec2f7514be12720f3bcb1f01b58eb544f2094a8a0dff7e259e5c2e5363b6ad23d19607499b585ca194037d2651446534ced4b367860a711603ab89940dba8fd4ddf756bb36fa30a77ae941390561feaffebbd2040ac375414252c
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 71bb7d93f6814cf58266cf2176e751b3
-      Version: 3
-      TBS:
-        MD5: c7375b863517bb2bcb73dd7ddf66334e
-        SHA1: 489a704b9899dd6f5b195b2e7f7294e5db7aedfb
-        SHA256: 9e55ffa2dfe041c26ef1918e4f7cad301bb327ea8f2fd1a005de2d66131f0110
-        SHA384: c45a84113b973df0df98f4a34e91e78db9331d116e90895b4b0c458dc19b0eb349274e5381893531b13eed6e68dae183
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 71bb7d93f6814cf58266cf2176e751b3
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: acb8ae81124f862a3e913e3aa625f35d
-    SHA1: 49255f0aea0d3a98ff31799c93fae2a40b0085b5
-    SHA256: 8bbe121f8f400e2f6858cbb2ba3f15c89de8e434fa27298831bf5d23244ba97d
-  Sections:
-    .text:
-      Entropy: 5.939518444890944
-      Virtual Size: '0xae2'
-    .rdata:
-      Entropy: 4.464303279960791
-      Virtual Size: '0x158'
-    .data:
-      Entropy: 0.5159719988134768
-      Virtual Size: '0x110'
-    .pdata:
-      Entropy: 2.674419891996053
-      Virtual Size: '0x30'
-    INIT:
-      Entropy: 4.792686708537381
-      Virtual Size: '0x25e'
-    .rsrc:
-      Entropy: 3.3307368674259283
-      Virtual Size: '0x3a8'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2005-09-09 12:40:54'
-  Imphash: b4c2607b2af5376910bf80b561e9a18a
-  LoadsDespiteHVCI: 'FALSE'
-Tags:
-- atillk64.sys
+-   Filename: atillk64.sys
+    MD5: 27d21eeff199ed555a29ca0ea4453cfb
+    SHA1: 1045c63eccb54c8aee9fd83ffe48306dc7fe272c
+    SHA256: 38bb9751a3a1f072d518afe6921a66ee6d5cf6d25bc50af49e1925f20d75d4d7
+    Authentihash:
+        MD5: 75c20227e11024bdfd5fbe23e769bbca
+        SHA1: 2e3cf3678d476420696ec7df46b08d4d24d25644
+        SHA256: c9b8ecd0657fda14476920fe47783bd8a951d7a4a640935d9199b4a7ae4b8b69
+    Description: ATI Diagnostics Hardware Abstraction Sys
+    Company: ATI Technologies Inc.
+    InternalName: atillk64.sys
+    OriginalFilename: atillk64.sys
+    FileVersion: 5.11.9.0
+    Product: ATI Diagnostics
+    ProductVersion: 5.11.9.0
+    Copyright: Copyright (C) ATI Technologies Inc., 2003
+    MachineType: IA64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - MmUnmapIoSpace
+    - IoDeleteSymbolicLink
+    - KeTickCount
+    - IoAllocateMdl
+    - MmBuildMdlForNonPagedPool
+    - MmMapLockedPages
+    - IoFreeMdl
+    - RtlInitUnicodeString
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - HalGetBusDataByOffset
+    - WRITE_PORT_UCHAR
+    - WRITE_PORT_USHORT
+    - WRITE_PORT_ULONG
+    - READ_PORT_UCHAR
+    - READ_PORT_USHORT
+    - READ_PORT_ULONG
+    - HalSetBusDataByOffset
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2008-12-03 23:59:59'
+            Signature: 877870da4e5201205be079c98230c4fdb91996bd9100c3bdcdcdc6f40ed8fff94dc033623011c5f5741bd492de5f9c2013b17c45be50cd83e7801783a72793671346fbcab8984103cc9b515b058b7fa86ff31b501b242ef2698d6c22f7bbca1695ed0c74c06877d9eb996287c17390f889747a23aba3987b97b1f78f29714d2e751b4841daf0b50d2054d677a097826369fd09cf8af075bb099bd9f91155269a6132be7a02b07b86bea2c38b222c78d13576bc92735cf9b9e64c150a23cce4d2d4342e4940153c0f607a24c6a566ef96cf70eb3ee7f40d7edcd17ca3767169c19c4f47303521b1a2af1a623c2bd98eaa2a077bd818b35c7be29da56ffe3c89ad
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0de92bf0d4d82988183205095e9a7688
+            Version: 3
+            TBS:
+                MD5: 45c204b8a20f6abb0188d2d38a3fb0c9
+                SHA1: cdf3a3c5c2eda4c29621f30fd3154f9f8c765739
+                SHA256: e32839dddc0f4ed2474efaf37f59d46db400c700fd19533cb0895a111124bc77
+                SHA384: ee9c75832cb252218b3201619852209df490d2ef7a5f7a28afdb37f1c1dd56f4604898838e558f615b1c798d4a488223
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=CA, ST=Ontario, L=Thornhill, O=ATI Technologies, Inc, OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, CN=ATI Technologies,
+                Inc
+            ValidFrom: '2006-03-17 00:00:00'
+            ValidTo: '2009-03-21 23:59:59'
+            Signature: 7345709b7537390f5e353a60481acc85fef70a62195b9c0384f0902d68f66a98d26cb8601bc0aa4868a5136937cebc1b6898e1c16c2f8283a7a632cc5a124b514852877db91ef19627f9dc5ec8df9de0bda8c938efaa488e1c7aca70808d99edf2289109a64720f7ee24c21c35cbc126c3127f23f8ac10ac13095c8e6d91e1f23428a9528dc8e5139ca0a6b60a85d2dad287ac8810a5d9c6104790674ea13f71235c46d39faec2f7514be12720f3bcb1f01b58eb544f2094a8a0dff7e259e5c2e5363b6ad23d19607499b585ca194037d2651446534ced4b367860a711603ab89940dba8fd4ddf756bb36fa30a77ae941390561feaffebbd2040ac375414252c
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 71bb7d93f6814cf58266cf2176e751b3
+            Version: 3
+            TBS:
+                MD5: c7375b863517bb2bcb73dd7ddf66334e
+                SHA1: 489a704b9899dd6f5b195b2e7f7294e5db7aedfb
+                SHA256: 9e55ffa2dfe041c26ef1918e4f7cad301bb327ea8f2fd1a005de2d66131f0110
+                SHA384: c45a84113b973df0df98f4a34e91e78db9331d116e90895b4b0c458dc19b0eb349274e5381893531b13eed6e68dae183
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 71bb7d93f6814cf58266cf2176e751b3
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: f1899a92dac775dd91c488238c47121f
+        SHA1: f87117679e6a15d2f7cb1eb9a955920f7e27182f
+        SHA256: 7a797dd2fc95f2cc57884cc125ece95a449fb288004a431c565207c6689478db
+    Sections:
+        .text:
+            Entropy: 5.408148680070703
+            Virtual Size: '0x2540'
+        .rdata:
+            Entropy: 3.945423865388493
+            Virtual Size: '0x27c'
+        .pdata:
+            Entropy: 3.0150554354522017
+            Virtual Size: '0x6c'
+        .srdata:
+            Entropy: 1.77520470625279
+            Virtual Size: '0x20'
+        .sdata:
+            Entropy: 2.1249953441922287
+            Virtual Size: '0xc8'
+        INIT:
+            Entropy: 5.150279397766819
+            Virtual Size: '0x370'
+        .rsrc:
+            Entropy: 3.3270115807792875
+            Virtual Size: '0x3a8'
+        .reloc:
+            Entropy: 0.6102086113176999
+            Virtual Size: '0x128'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2005-09-09 12:36:29'
+    Imphash: a18b467c3b43f334ca455c495a3ef70d
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: atillk64.sys
+    MD5: 26d973d6d9a0d133dfda7d8c1adc04b7
+    SHA1: eb0d45aa6f537f5b2f90f3ad99013606eafcd162
+    SHA256: ad40e6d0f77c0e579fb87c5106bf6de3d1a9f30ee2fbf8c9c011f377fa05f173
+    Authentihash:
+        MD5: 78103f6de4cad64d95a8beda5f8b9112
+        SHA1: 0358bcba83349cb23ea44d5c36b9e22adaec8d94
+        SHA256: 2952ae305f9e206bb0b6d7986f2b6942656c310f9d201cf2e2dd6e961c18804e
+    Description: ATI Diagnostics Hardware Abstraction Sys
+    Company: ATI Technologies Inc.
+    InternalName: atillk64.sys
+    OriginalFilename: atillk64.sys
+    FileVersion: 5.11.9.0
+    Product: ATI Diagnostics
+    ProductVersion: 5.11.9.0
+    Copyright: Copyright (C) ATI Technologies Inc., 2003
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - RtlInitUnicodeString
+    - MmUnmapIoSpace
+    - IoFreeMdl
+    - MmMapLockedPages
+    - MmBuildMdlForNonPagedPool
+    - IoAllocateMdl
+    - IoCreateDevice
+    - IofCompleteRequest
+    - IoDeleteSymbolicLink
+    - IoCreateSymbolicLink
+    - MmMapIoSpace
+    - IoDeleteDevice
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2008-12-03 23:59:59'
+            Signature: 877870da4e5201205be079c98230c4fdb91996bd9100c3bdcdcdc6f40ed8fff94dc033623011c5f5741bd492de5f9c2013b17c45be50cd83e7801783a72793671346fbcab8984103cc9b515b058b7fa86ff31b501b242ef2698d6c22f7bbca1695ed0c74c06877d9eb996287c17390f889747a23aba3987b97b1f78f29714d2e751b4841daf0b50d2054d677a097826369fd09cf8af075bb099bd9f91155269a6132be7a02b07b86bea2c38b222c78d13576bc92735cf9b9e64c150a23cce4d2d4342e4940153c0f607a24c6a566ef96cf70eb3ee7f40d7edcd17ca3767169c19c4f47303521b1a2af1a623c2bd98eaa2a077bd818b35c7be29da56ffe3c89ad
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0de92bf0d4d82988183205095e9a7688
+            Version: 3
+            TBS:
+                MD5: 45c204b8a20f6abb0188d2d38a3fb0c9
+                SHA1: cdf3a3c5c2eda4c29621f30fd3154f9f8c765739
+                SHA256: e32839dddc0f4ed2474efaf37f59d46db400c700fd19533cb0895a111124bc77
+                SHA384: ee9c75832cb252218b3201619852209df490d2ef7a5f7a28afdb37f1c1dd56f4604898838e558f615b1c798d4a488223
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=CA, ST=Ontario, L=Thornhill, O=ATI Technologies, Inc, OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, CN=ATI Technologies,
+                Inc
+            ValidFrom: '2006-03-17 00:00:00'
+            ValidTo: '2009-03-21 23:59:59'
+            Signature: 7345709b7537390f5e353a60481acc85fef70a62195b9c0384f0902d68f66a98d26cb8601bc0aa4868a5136937cebc1b6898e1c16c2f8283a7a632cc5a124b514852877db91ef19627f9dc5ec8df9de0bda8c938efaa488e1c7aca70808d99edf2289109a64720f7ee24c21c35cbc126c3127f23f8ac10ac13095c8e6d91e1f23428a9528dc8e5139ca0a6b60a85d2dad287ac8810a5d9c6104790674ea13f71235c46d39faec2f7514be12720f3bcb1f01b58eb544f2094a8a0dff7e259e5c2e5363b6ad23d19607499b585ca194037d2651446534ced4b367860a711603ab89940dba8fd4ddf756bb36fa30a77ae941390561feaffebbd2040ac375414252c
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 71bb7d93f6814cf58266cf2176e751b3
+            Version: 3
+            TBS:
+                MD5: c7375b863517bb2bcb73dd7ddf66334e
+                SHA1: 489a704b9899dd6f5b195b2e7f7294e5db7aedfb
+                SHA256: 9e55ffa2dfe041c26ef1918e4f7cad301bb327ea8f2fd1a005de2d66131f0110
+                SHA384: c45a84113b973df0df98f4a34e91e78db9331d116e90895b4b0c458dc19b0eb349274e5381893531b13eed6e68dae183
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 71bb7d93f6814cf58266cf2176e751b3
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: acb8ae81124f862a3e913e3aa625f35d
+        SHA1: 49255f0aea0d3a98ff31799c93fae2a40b0085b5
+        SHA256: 8bbe121f8f400e2f6858cbb2ba3f15c89de8e434fa27298831bf5d23244ba97d
+    Sections:
+        .text:
+            Entropy: 5.939518444890944
+            Virtual Size: '0xae2'
+        .rdata:
+            Entropy: 4.464303279960791
+            Virtual Size: '0x158'
+        .data:
+            Entropy: 0.5159719988134768
+            Virtual Size: '0x110'
+        .pdata:
+            Entropy: 2.674419891996053
+            Virtual Size: '0x30'
+        INIT:
+            Entropy: 4.792686708537381
+            Virtual Size: '0x25e'
+        .rsrc:
+            Entropy: 3.3307368674259283
+            Virtual Size: '0x3a8'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2005-09-09 12:40:54'
+    Imphash: b4c2607b2af5376910bf80b561e9a18a
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: atillk64.sys
+    MD5: 26d973d6d9a0d133dfda7d8c1adc04b7
+    SHA1: eb0d45aa6f537f5b2f90f3ad99013606eafcd162
+    SHA256: ad40e6d0f77c0e579fb87c5106bf6de3d1a9f30ee2fbf8c9c011f377fa05f173
+    Authentihash:
+        MD5: 78103f6de4cad64d95a8beda5f8b9112
+        SHA1: 0358bcba83349cb23ea44d5c36b9e22adaec8d94
+        SHA256: 2952ae305f9e206bb0b6d7986f2b6942656c310f9d201cf2e2dd6e961c18804e
+    Description: ATI Diagnostics Hardware Abstraction Sys
+    Company: ATI Technologies Inc.
+    InternalName: atillk64.sys
+    OriginalFilename: atillk64.sys
+    FileVersion: 5.11.9.0
+    Product: ATI Diagnostics
+    ProductVersion: 5.11.9.0
+    Copyright: Copyright (C) ATI Technologies Inc., 2003
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - RtlInitUnicodeString
+    - MmUnmapIoSpace
+    - IoFreeMdl
+    - MmMapLockedPages
+    - MmBuildMdlForNonPagedPool
+    - IoAllocateMdl
+    - IoCreateDevice
+    - IofCompleteRequest
+    - IoDeleteSymbolicLink
+    - IoCreateSymbolicLink
+    - MmMapIoSpace
+    - IoDeleteDevice
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2008-12-03 23:59:59'
+            Signature: 877870da4e5201205be079c98230c4fdb91996bd9100c3bdcdcdc6f40ed8fff94dc033623011c5f5741bd492de5f9c2013b17c45be50cd83e7801783a72793671346fbcab8984103cc9b515b058b7fa86ff31b501b242ef2698d6c22f7bbca1695ed0c74c06877d9eb996287c17390f889747a23aba3987b97b1f78f29714d2e751b4841daf0b50d2054d677a097826369fd09cf8af075bb099bd9f91155269a6132be7a02b07b86bea2c38b222c78d13576bc92735cf9b9e64c150a23cce4d2d4342e4940153c0f607a24c6a566ef96cf70eb3ee7f40d7edcd17ca3767169c19c4f47303521b1a2af1a623c2bd98eaa2a077bd818b35c7be29da56ffe3c89ad
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0de92bf0d4d82988183205095e9a7688
+            Version: 3
+            TBS:
+                MD5: 45c204b8a20f6abb0188d2d38a3fb0c9
+                SHA1: cdf3a3c5c2eda4c29621f30fd3154f9f8c765739
+                SHA256: e32839dddc0f4ed2474efaf37f59d46db400c700fd19533cb0895a111124bc77
+                SHA384: ee9c75832cb252218b3201619852209df490d2ef7a5f7a28afdb37f1c1dd56f4604898838e558f615b1c798d4a488223
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=CA, ST=Ontario, L=Thornhill, O=ATI Technologies, Inc, OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, CN=ATI Technologies,
+                Inc
+            ValidFrom: '2006-03-17 00:00:00'
+            ValidTo: '2009-03-21 23:59:59'
+            Signature: 7345709b7537390f5e353a60481acc85fef70a62195b9c0384f0902d68f66a98d26cb8601bc0aa4868a5136937cebc1b6898e1c16c2f8283a7a632cc5a124b514852877db91ef19627f9dc5ec8df9de0bda8c938efaa488e1c7aca70808d99edf2289109a64720f7ee24c21c35cbc126c3127f23f8ac10ac13095c8e6d91e1f23428a9528dc8e5139ca0a6b60a85d2dad287ac8810a5d9c6104790674ea13f71235c46d39faec2f7514be12720f3bcb1f01b58eb544f2094a8a0dff7e259e5c2e5363b6ad23d19607499b585ca194037d2651446534ced4b367860a711603ab89940dba8fd4ddf756bb36fa30a77ae941390561feaffebbd2040ac375414252c
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 71bb7d93f6814cf58266cf2176e751b3
+            Version: 3
+            TBS:
+                MD5: c7375b863517bb2bcb73dd7ddf66334e
+                SHA1: 489a704b9899dd6f5b195b2e7f7294e5db7aedfb
+                SHA256: 9e55ffa2dfe041c26ef1918e4f7cad301bb327ea8f2fd1a005de2d66131f0110
+                SHA384: c45a84113b973df0df98f4a34e91e78db9331d116e90895b4b0c458dc19b0eb349274e5381893531b13eed6e68dae183
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 71bb7d93f6814cf58266cf2176e751b3
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: acb8ae81124f862a3e913e3aa625f35d
+        SHA1: 49255f0aea0d3a98ff31799c93fae2a40b0085b5
+        SHA256: 8bbe121f8f400e2f6858cbb2ba3f15c89de8e434fa27298831bf5d23244ba97d
+    Sections:
+        .text:
+            Entropy: 5.939518444890944
+            Virtual Size: '0xae2'
+        .rdata:
+            Entropy: 4.464303279960791
+            Virtual Size: '0x158'
+        .data:
+            Entropy: 0.5159719988134768
+            Virtual Size: '0x110'
+        .pdata:
+            Entropy: 2.674419891996053
+            Virtual Size: '0x30'
+        INIT:
+            Entropy: 4.792686708537381
+            Virtual Size: '0x25e'
+        .rsrc:
+            Entropy: 3.3307368674259283
+            Virtual Size: '0x3a8'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2005-09-09 12:40:54'
+    Imphash: b4c2607b2af5376910bf80b561e9a18a
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/127cde1d-905e-4c67-a2c3-04ea4deaea7d.yaml b/yaml/127cde1d-905e-4c67-a2c3-04ea4deaea7d.yaml
index f15bc6723..1cd68da50 100644
--- a/yaml/127cde1d-905e-4c67-a2c3-04ea4deaea7d.yaml
+++ b/yaml/127cde1d-905e-4c67-a2c3-04ea4deaea7d.yaml
@@ -1,234 +1,234 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 127cde1d-905e-4c67-a2c3-04ea4deaea7d
+Tags:
+- wantd_6.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: malicious
-Commands:
-  Command: sc.exe create wantd_6.sys binPath=C:\windows\temp\wantd_6.sys type=kernel
-    && sc.exe start wantd_6.sys
-  Description: Driver used in the Daxin malware campaign.
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-02-28'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/e7af7bcb86bd6bab1835f610671c3921441965a839673ac34444cf0ce7b2164e.yara
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_mal_drivers_strict.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: 127cde1d-905e-4c67-a2c3-04ea4deaea7d
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 3bfdb46b5ad5fa267b992a2350a6518a
-    SHA1: cb65c6f9f411892d13ffe8ba1cb5e9c4be2c0a25
-    SHA256: bd243e33fa80f4bd6010c23ecdf94b6008fee30df248255dcfe014c91f2ce2af
-  Company: Microsoft Corporation
-  Copyright: Microsoft Corporation. All rights reserved.
-  CreationTimestamp: '2013-11-27 16:59:02'
-  Date: ''
-  Description: WAN Transport Driver
-  ExportedFunctions: ''
-  FileVersion: 6.1.7600.1172
-  Filename: wantd_6.sys
-  ImportedFunctions:
-  - wcsncmp
-  - IoAllocateMdl
-  - _stricmp
-  - sprintf
-  - RtlLengthRequiredSid
-  - _strnicmp
-  - ExAllocatePoolWithTag
-  - vsprintf
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - RtlAnsiStringToUnicodeString
-  - NtWriteFile
-  - RtlCreateAcl
-  - PsLookupProcessByProcessId
-  - NtQuerySystemInformation
-  - _wcsnicmp
-  - ZwReadFile
-  - RtlSetDaclSecurityDescriptor
-  - KeInitializeApc
-  - IoDeleteDevice
-  - NtFsControlFile
-  - KeInsertQueueApc
-  - MmGetSystemRoutineAddress
-  - IoCreateFile
-  - atoi
-  - _snprintf
-  - ZwQuerySystemInformation
-  - KeReleaseSpinLock
-  - RtlAddAccessAllowedAce
-  - RtlImageDirectoryEntryToData
-  - KeDetachProcess
-  - ZwOpenFile
-  - ZwCreateFile
-  - PsCreateSystemThread
-  - ZwQueryValueKey
-  - PsTerminateSystemThread
-  - ZwFreeVirtualMemory
-  - KeQueryTimeIncrement
-  - ObReferenceObjectByHandle
-  - KeWaitForSingleObject
-  - KeAttachProcess
-  - PsGetVersion
-  - PsThreadType
-  - RtlCompareUnicodeString
-  - ZwOpenProcess
-  - ZwQueryInformationProcess
-  - IoCreateSymbolicLink
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - ZwTerminateProcess
-  - ZwQueryInformationFile
-  - KeWaitForMultipleObjects
-  - ZwWriteFile
-  - NtReadFile
-  - PsLookupThreadByThreadId
-  - RtlLengthSid
-  - RtlCreateSecurityDescriptor
-  - ZwAllocateVirtualMemory
-  - ZwOpenKey
-  - KeAcquireSpinLockRaiseToDpc
-  - RtlUnicodeStringToInteger
-  - MmIsAddressValid
-  - ZwDeviceIoControlFile
-  - IofCompleteRequest
-  - ZwClose
-  - MmMapLockedPagesSpecifyCache
-  - KeDelayExecutionThread
-  - MmUserProbeAddress
-  - MmBuildMdlForNonPagedPool
-  - memchr
-  - ZwWaitForSingleObject
-  - RtlInitUnicodeString
-  - NdisAllocateMemoryWithTag
-  - NdisAllocateNetBufferAndNetBufferList
-  - NdisMSendNetBufferListsComplete
-  - NdisReturnNetBufferLists
-  - NdisAllocateNetBufferListPool
-  - NdisFreeMemory
-  - NdisMIndicateStatus
-  - NdisFreeMdl
-  - NdisFreeNetBufferListPool
-  - NdisFreeNetBufferList
-  - NdisSendNetBufferLists
-  Imports:
-  - ntoskrnl.exe
-  - NDIS.SYS
-  InternalName: wantd.sys
-  MD5: 4b058945c9f2b8d8ebc485add1101ba5
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: wantd.sys
-  Product: Microsoft Windows Operating System
-  ProductVersion: 6.1.7600.1172
-  Publisher: Anhua Xinda (Beijing) Technology Co., Ltd.
-  RichPEHeaderHash:
-    MD5: 8cdd468850a9084b109fb26005e28d1f
-    SHA1: abee83f631fc7792dc07a572a003c103903f305e
-    SHA256: aa49c3910540c2edd0e4a9154e5741d5cc65662a1364616e057ca3fc74243755
-  SHA1: 37e6450c7cd6999d080da94b867ba23faa8c32fe
-  SHA256: e7af7bcb86bd6bab1835f610671c3921441965a839673ac34444cf0ce7b2164e
-  Sections:
-    .text:
-      Entropy: 6.377924141957717
-      Virtual Size: '0xd88c'
-    .rdata:
-      Entropy: 4.702371843577182
-      Virtual Size: '0x84c'
-    .data:
-      Entropy: 1.0571423331776753
-      Virtual Size: '0x12590'
-    .pdata:
-      Entropy: 4.5393227380510455
-      Virtual Size: '0x8c4'
-    INIT:
-      Entropy: 5.793042716031905
-      Virtual Size: '0xd8c'
-    .rsrc:
-      Entropy: 3.262685485179719
-      Virtual Size: '0x3b0'
-  Signature: The digital signature of the object did not verify.
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=CN, ST=Beijing, L=Beijing, O=Anhua Xinda (Beijing) Technology Co.,
-        Ltd., OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=Anhua Xinda
-        (Beijing) Technology Co., Ltd.
-      ValidFrom: '2011-06-28 00:00:00'
-      ValidTo: '2014-06-27 23:59:59'
-      Signature: 75446640570a5790bb9af0f472df1738c47e362aedd568599f66a121e1c27b51008ca2e0d72ed727e61ee0c76a578dc56de22c5ee58136db144fc68aca0fd0196d70716bd8c9d19b5fdd8a147d749367a953604b24502efdd039577033df13b8d20a8cc7ca4829a303c11e7f6bf3c370d98b64b875ca3745546285bb70c204467968b1c4a416b0636c590dff6f7a3091ed00351c626e32e859bdd58d363940a5ed33d121e423d2ba1b8ad85c5c1296e23d627e0aafe9268945bce9567c38719621eecdde83a74139fb3e0920a32e558fd64c0149cfec10f4b82fdcc8cdaed4011977c2169035b71edc68fabaf43d59f989ee5d97ec94eaa05ef2a62bfc480fa9
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 387c9476e28320264594846317d46540
-      Version: 3
-      TBS:
-        MD5: ce372214eabe9d311e4a156fe2044327
-        SHA1: 7f7eb1a547c9b0b2e41b0f44515dfd20c16edceb
-        SHA256: 03d59cc81c6960a93ab4b02e5521aa9fb349e8d7df9dfdf675201e48c23b5a34
-        SHA384: 4b8829bc6980e82affeb7ad29efb59fc3ca9b02d015e6c0f385b9f2cf275609cd45936659f41fce579c073e34c2ca308
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 387c9476e28320264594846317d46540
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: c32d9a9af7f702814e1368c689877f3a
-  LoadsDespiteHVCI: 'TRUE'
 MitreID: T1068
+Category: malicious
+Commands:
+    Command: sc.exe create wantd_6.sys binPath=C:\windows\temp\wantd_6.sys type=kernel
+        && sc.exe start wantd_6.sys
+    Description: Driver used in the Daxin malware campaign.
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://gist.github.com/MHaggis/9ab3bb795a6018d70fb11fa7c31f8f48
 - https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/daxin-backdoor-espionage
 - ''
-Tags:
-- wantd_6.sys
-Verified: 'TRUE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/e7af7bcb86bd6bab1835f610671c3921441965a839673ac34444cf0ce7b2164e.yara
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_mal_drivers_strict.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 3bfdb46b5ad5fa267b992a2350a6518a
+        SHA1: cb65c6f9f411892d13ffe8ba1cb5e9c4be2c0a25
+        SHA256: bd243e33fa80f4bd6010c23ecdf94b6008fee30df248255dcfe014c91f2ce2af
+    Company: Microsoft Corporation
+    Copyright: Microsoft Corporation. All rights reserved.
+    CreationTimestamp: '2013-11-27 16:59:02'
+    Date: ''
+    Description: WAN Transport Driver
+    ExportedFunctions: ''
+    FileVersion: 6.1.7600.1172
+    Filename: wantd_6.sys
+    ImportedFunctions:
+    - wcsncmp
+    - IoAllocateMdl
+    - _stricmp
+    - sprintf
+    - RtlLengthRequiredSid
+    - _strnicmp
+    - ExAllocatePoolWithTag
+    - vsprintf
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - RtlAnsiStringToUnicodeString
+    - NtWriteFile
+    - RtlCreateAcl
+    - PsLookupProcessByProcessId
+    - NtQuerySystemInformation
+    - _wcsnicmp
+    - ZwReadFile
+    - RtlSetDaclSecurityDescriptor
+    - KeInitializeApc
+    - IoDeleteDevice
+    - NtFsControlFile
+    - KeInsertQueueApc
+    - MmGetSystemRoutineAddress
+    - IoCreateFile
+    - atoi
+    - _snprintf
+    - ZwQuerySystemInformation
+    - KeReleaseSpinLock
+    - RtlAddAccessAllowedAce
+    - RtlImageDirectoryEntryToData
+    - KeDetachProcess
+    - ZwOpenFile
+    - ZwCreateFile
+    - PsCreateSystemThread
+    - ZwQueryValueKey
+    - PsTerminateSystemThread
+    - ZwFreeVirtualMemory
+    - KeQueryTimeIncrement
+    - ObReferenceObjectByHandle
+    - KeWaitForSingleObject
+    - KeAttachProcess
+    - PsGetVersion
+    - PsThreadType
+    - RtlCompareUnicodeString
+    - ZwOpenProcess
+    - ZwQueryInformationProcess
+    - IoCreateSymbolicLink
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - ZwTerminateProcess
+    - ZwQueryInformationFile
+    - KeWaitForMultipleObjects
+    - ZwWriteFile
+    - NtReadFile
+    - PsLookupThreadByThreadId
+    - RtlLengthSid
+    - RtlCreateSecurityDescriptor
+    - ZwAllocateVirtualMemory
+    - ZwOpenKey
+    - KeAcquireSpinLockRaiseToDpc
+    - RtlUnicodeStringToInteger
+    - MmIsAddressValid
+    - ZwDeviceIoControlFile
+    - IofCompleteRequest
+    - ZwClose
+    - MmMapLockedPagesSpecifyCache
+    - KeDelayExecutionThread
+    - MmUserProbeAddress
+    - MmBuildMdlForNonPagedPool
+    - memchr
+    - ZwWaitForSingleObject
+    - RtlInitUnicodeString
+    - NdisAllocateMemoryWithTag
+    - NdisAllocateNetBufferAndNetBufferList
+    - NdisMSendNetBufferListsComplete
+    - NdisReturnNetBufferLists
+    - NdisAllocateNetBufferListPool
+    - NdisFreeMemory
+    - NdisMIndicateStatus
+    - NdisFreeMdl
+    - NdisFreeNetBufferListPool
+    - NdisFreeNetBufferList
+    - NdisSendNetBufferLists
+    Imports:
+    - ntoskrnl.exe
+    - NDIS.SYS
+    InternalName: wantd.sys
+    MD5: 4b058945c9f2b8d8ebc485add1101ba5
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: wantd.sys
+    Product: Microsoft Windows Operating System
+    ProductVersion: 6.1.7600.1172
+    Publisher: Anhua Xinda (Beijing) Technology Co., Ltd.
+    RichPEHeaderHash:
+        MD5: 8cdd468850a9084b109fb26005e28d1f
+        SHA1: abee83f631fc7792dc07a572a003c103903f305e
+        SHA256: aa49c3910540c2edd0e4a9154e5741d5cc65662a1364616e057ca3fc74243755
+    SHA1: 37e6450c7cd6999d080da94b867ba23faa8c32fe
+    SHA256: e7af7bcb86bd6bab1835f610671c3921441965a839673ac34444cf0ce7b2164e
+    Sections:
+        .text:
+            Entropy: 6.377924141957717
+            Virtual Size: '0xd88c'
+        .rdata:
+            Entropy: 4.702371843577182
+            Virtual Size: '0x84c'
+        .data:
+            Entropy: 1.0571423331776753
+            Virtual Size: '0x12590'
+        .pdata:
+            Entropy: 4.5393227380510455
+            Virtual Size: '0x8c4'
+        INIT:
+            Entropy: 5.793042716031905
+            Virtual Size: '0xd8c'
+        .rsrc:
+            Entropy: 3.262685485179719
+            Virtual Size: '0x3b0'
+    Signature: The digital signature of the object did not verify.
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=CN, ST=Beijing, L=Beijing, O=Anhua Xinda (Beijing) Technology
+                Co., Ltd., OU=Digital ID Class 3 , Microsoft Software Validation v2,
+                CN=Anhua Xinda (Beijing) Technology Co., Ltd.
+            ValidFrom: '2011-06-28 00:00:00'
+            ValidTo: '2014-06-27 23:59:59'
+            Signature: 75446640570a5790bb9af0f472df1738c47e362aedd568599f66a121e1c27b51008ca2e0d72ed727e61ee0c76a578dc56de22c5ee58136db144fc68aca0fd0196d70716bd8c9d19b5fdd8a147d749367a953604b24502efdd039577033df13b8d20a8cc7ca4829a303c11e7f6bf3c370d98b64b875ca3745546285bb70c204467968b1c4a416b0636c590dff6f7a3091ed00351c626e32e859bdd58d363940a5ed33d121e423d2ba1b8ad85c5c1296e23d627e0aafe9268945bce9567c38719621eecdde83a74139fb3e0920a32e558fd64c0149cfec10f4b82fdcc8cdaed4011977c2169035b71edc68fabaf43d59f989ee5d97ec94eaa05ef2a62bfc480fa9
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 387c9476e28320264594846317d46540
+            Version: 3
+            TBS:
+                MD5: ce372214eabe9d311e4a156fe2044327
+                SHA1: 7f7eb1a547c9b0b2e41b0f44515dfd20c16edceb
+                SHA256: 03d59cc81c6960a93ab4b02e5521aa9fb349e8d7df9dfdf675201e48c23b5a34
+                SHA384: 4b8829bc6980e82affeb7ad29efb59fc3ca9b02d015e6c0f385b9f2cf275609cd45936659f41fce579c073e34c2ca308
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 387c9476e28320264594846317d46540
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: c32d9a9af7f702814e1368c689877f3a
+    LoadsDespiteHVCI: 'TRUE'
diff --git a/yaml/12ccd18a-11da-495a-b4b4-98a2f2bff180.yaml b/yaml/12ccd18a-11da-495a-b4b4-98a2f2bff180.yaml
index ca5677095..50014cd3c 100644
--- a/yaml/12ccd18a-11da-495a-b4b4-98a2f2bff180.yaml
+++ b/yaml/12ccd18a-11da-495a-b4b4-98a2f2bff180.yaml
@@ -1,163 +1,164 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 12ccd18a-11da-495a-b4b4-98a2f2bff180
+Tags:
+- yyprotect64.sys
+Verified: 'TRUE'
 Author: Michael Haag
+Created: '2023-07-22'
+MitreID: T1068
 CVE:
 - ''
 Category: vulnerable drivers
 Commands:
-  Command: ''
-  Description: Confirmed vulnerable driver from Microsoft Block List
-  OperatingSystem: Windows
-  Privileges: kernel
-  Usecase: Elevate privileges
-Created: '2023-07-22'
-Detection:
-- type: ''
-  value: ''
-Id: 12ccd18a-11da-495a-b4b4-98a2f2bff180
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 64bd6bc3f5bdf6e6699d731716263e26
-    SHA1: 39ed8a86f91a548ae05e71e9c1c337ed4fad8ee4
-    SHA256: 8bce2afd04ec073143a2a4ba51671992451c8e747a84852458321f2d275b5433
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2017-12-29 03:05:35'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - ZwSetValueKey
-  - FltGetVolumeFromName
-  - IoAllocateMdl
-  - MmProbeAndLockPages
-  - MmMapLockedPagesSpecifyCache
-  - MmUnlockPages
-  - IoFreeMdl
-  - ExAllocatePool
-  - ExFreePool
-  - NtQuerySystemInformation
-  - HalMakeBeep
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  - ntoskrnl.exe
-  - hal.dll
-  InternalName: ''
-  MD5: 44c491b809823eba8747e08f3ec68829
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: aa5f6914372cf9243bc5016cdf24540f
-    SHA1: b5a9c0cfb38205291a7210daa38e7195c7cde373
-    SHA256: 12946c8414f653344e69f6580aaccc43a72e503787d361c5def0dd935b6612a4
-  SHA1: 7d8129a0cb28b9d3b75bfb84a7388e2357cf7c50
-  SHA256: dcd026fd2ff8d517e2779d67b3d2d5f9a7aa39f19c66fa8ff2cab66d5c6461c6
-  Sections:
-    .text:
-      Entropy: 0.0
-      Virtual Size: '0x68c7'
-    .rdata:
-      Entropy: 0.0
-      Virtual Size: '0xb04'
-    .data:
-      Entropy: 0.0
-      Virtual Size: '0x31d48'
-    .pdata:
-      Entropy: 0.0
-      Virtual Size: '0x378'
-    INIT:
-      Entropy: 0.0
-      Virtual Size: '0xd52'
-    .vmp0:
-      Entropy: 0.0
-      Virtual Size: '0x16947'
-    .vmp1:
-      Entropy: 7.844023139842499
-      Virtual Size: '0x5facc'
-    .reloc:
-      Entropy: 5.268445216752938
-      Virtual Size: '0xb4'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: a3cd7d1ef7c7758d48e756344c009075a951a556c16dbcfef55322e998a2ac9a7e701eb38e3b45e3869531da6d4cfb34508096cd24f240df043fe265ce34226115ea667064d2f16ef3ca18596a41467e82de19b0703156690d0ce61d9d7158dcccde62f5e17a1002d87adc3bfa57bdc9e98f4621399f51654c8e3abe2841701d
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 1b093b786096da37bba4519446c89678
-      Version: 3
-      TBS:
-        MD5: 13a167a548f4915921fc4381cad99605
-        SHA1: 8b61bb2b0c4cd1eba78f1bc0cd3b8b018269cf30
-        SHA256: 28a75b684ecd8b81b9327d3d3d37eaa56a4630c84dc2e3fade6b663729c86ef5
-        SHA384: 501cca63f378c1234b97d12974f6c883408a006a592b1fa6b1ae7721c0dc211534d5e4b7d9e1fac574c5f7de82684ec0
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=CN, ST=Guangdong, L=Guangzhou, O=YY Inc., OU=PM, CN=YY Inc.
-      ValidFrom: '2015-07-17 00:00:00'
-      ValidTo: '2018-10-15 23:59:59'
-      Signature: d4ce401727e18291036ff6c80bbc6345f4a165c55b6068af11d818772ceb6767e1d9b1b825acfe295bea0c2c2394dd1c04df89e70de7f9deae21ea00853299fc7b22a8e2d20558247695d870fead281c48d6ad4b2075958924d3436d456c6d649b4fd4098c23154a83c40c39273ddcf400a547c68da9db339fe845205865f78d32933bb6a161539c4c07c972411907ece60770fdcc02a683d8f46980e5432c1af11cc684a9a681311ca440b068ce32a0cb2e446aade3829376fc6407d11c8d4f7ad253f45e95673a272aac9f1a1ad9156f9059f34dc444860e40e33847b0d629fe8097f9e82371973e7236de9a5b4bad1840b7961b81f9b7fcb6510e180a5a18
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 53603f0f228be591521b9822ca852ad4
-      Version: 3
-      TBS:
-        MD5: 5c7d7b0dade70cf4b9066854dcf5a8d4
-        SHA1: 6f330267dc23c8950da764bb52dfeb013ea22221
-        SHA256: cdb0fa6086e4c825e8df60047d9586a90fd86f5b5e434e82fa362b6126085111
-        SHA384: a716a75090503141fd275d5751d8da1b3f99dcf04f5cd30ee74869d30238abe837e4058a4ce27e7eea584e3432c754ce
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 53603f0f228be591521b9822ca852ad4
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 8679f2831e18943f9f5554485c18d976
-  LoadsDespiteHVCI: 'FALSE'
-MitreID: T1068
+    Command: ''
+    Description: Confirmed vulnerable driver from Microsoft Block List
+    OperatingSystem: Windows
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://gist.github.com/mgraeber-rc/1bde6a2a83237f17b463d051d32e802c
-Tags:
-- yyprotect64.sys
-Verified: 'TRUE'
+Detection:
+-   type: ''
+    value: ''
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 64bd6bc3f5bdf6e6699d731716263e26
+        SHA1: 39ed8a86f91a548ae05e71e9c1c337ed4fad8ee4
+        SHA256: 8bce2afd04ec073143a2a4ba51671992451c8e747a84852458321f2d275b5433
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2017-12-29 03:05:35'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - ZwSetValueKey
+    - FltGetVolumeFromName
+    - IoAllocateMdl
+    - MmProbeAndLockPages
+    - MmMapLockedPagesSpecifyCache
+    - MmUnlockPages
+    - IoFreeMdl
+    - ExAllocatePool
+    - ExFreePool
+    - NtQuerySystemInformation
+    - HalMakeBeep
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    - ntoskrnl.exe
+    - hal.dll
+    InternalName: ''
+    MD5: 44c491b809823eba8747e08f3ec68829
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: aa5f6914372cf9243bc5016cdf24540f
+        SHA1: b5a9c0cfb38205291a7210daa38e7195c7cde373
+        SHA256: 12946c8414f653344e69f6580aaccc43a72e503787d361c5def0dd935b6612a4
+    SHA1: 7d8129a0cb28b9d3b75bfb84a7388e2357cf7c50
+    SHA256: dcd026fd2ff8d517e2779d67b3d2d5f9a7aa39f19c66fa8ff2cab66d5c6461c6
+    Sections:
+        .text:
+            Entropy: 0.0
+            Virtual Size: '0x68c7'
+        .rdata:
+            Entropy: 0.0
+            Virtual Size: '0xb04'
+        .data:
+            Entropy: 0.0
+            Virtual Size: '0x31d48'
+        .pdata:
+            Entropy: 0.0
+            Virtual Size: '0x378'
+        INIT:
+            Entropy: 0.0
+            Virtual Size: '0xd52'
+        .vmp0:
+            Entropy: 0.0
+            Virtual Size: '0x16947'
+        .vmp1:
+            Entropy: 7.844023139842499
+            Virtual Size: '0x5facc'
+        .reloc:
+            Entropy: 5.268445216752938
+            Virtual Size: '0xb4'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: a3cd7d1ef7c7758d48e756344c009075a951a556c16dbcfef55322e998a2ac9a7e701eb38e3b45e3869531da6d4cfb34508096cd24f240df043fe265ce34226115ea667064d2f16ef3ca18596a41467e82de19b0703156690d0ce61d9d7158dcccde62f5e17a1002d87adc3bfa57bdc9e98f4621399f51654c8e3abe2841701d
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 1b093b786096da37bba4519446c89678
+            Version: 3
+            TBS:
+                MD5: 13a167a548f4915921fc4381cad99605
+                SHA1: 8b61bb2b0c4cd1eba78f1bc0cd3b8b018269cf30
+                SHA256: 28a75b684ecd8b81b9327d3d3d37eaa56a4630c84dc2e3fade6b663729c86ef5
+                SHA384: 501cca63f378c1234b97d12974f6c883408a006a592b1fa6b1ae7721c0dc211534d5e4b7d9e1fac574c5f7de82684ec0
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=CN, ST=Guangdong, L=Guangzhou, O=YY Inc., OU=PM, CN=YY Inc.
+            ValidFrom: '2015-07-17 00:00:00'
+            ValidTo: '2018-10-15 23:59:59'
+            Signature: d4ce401727e18291036ff6c80bbc6345f4a165c55b6068af11d818772ceb6767e1d9b1b825acfe295bea0c2c2394dd1c04df89e70de7f9deae21ea00853299fc7b22a8e2d20558247695d870fead281c48d6ad4b2075958924d3436d456c6d649b4fd4098c23154a83c40c39273ddcf400a547c68da9db339fe845205865f78d32933bb6a161539c4c07c972411907ece60770fdcc02a683d8f46980e5432c1af11cc684a9a681311ca440b068ce32a0cb2e446aade3829376fc6407d11c8d4f7ad253f45e95673a272aac9f1a1ad9156f9059f34dc444860e40e33847b0d629fe8097f9e82371973e7236de9a5b4bad1840b7961b81f9b7fcb6510e180a5a18
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 53603f0f228be591521b9822ca852ad4
+            Version: 3
+            TBS:
+                MD5: 5c7d7b0dade70cf4b9066854dcf5a8d4
+                SHA1: 6f330267dc23c8950da764bb52dfeb013ea22221
+                SHA256: cdb0fa6086e4c825e8df60047d9586a90fd86f5b5e434e82fa362b6126085111
+                SHA384: a716a75090503141fd275d5751d8da1b3f99dcf04f5cd30ee74869d30238abe837e4058a4ce27e7eea584e3432c754ce
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 53603f0f228be591521b9822ca852ad4
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 8679f2831e18943f9f5554485c18d976
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/13637210-2e1c-45a4-9f76-fe38c3c34264.yaml b/yaml/13637210-2e1c-45a4-9f76-fe38c3c34264.yaml
index eada6f649..32976628e 100644
--- a/yaml/13637210-2e1c-45a4-9f76-fe38c3c34264.yaml
+++ b/yaml/13637210-2e1c-45a4-9f76-fe38c3c34264.yaml
@@ -1,130 +1,130 @@
 Id: 13637210-2e1c-45a4-9f76-fe38c3c34264
+Tags:
+- HpPortIox64.sys
+Verified: 'TRUE'
 Author: Nasreddine Bencherchali
 Created: '2023-05-06'
 MitreID: T1068
 Category: vulnerable driver
-Verified: 'TRUE'
 Commands:
-  Command: sc.exe create HpPortIox64.sys binPath=C:\windows\temp\HpPortIox64.sys type=kernel
-    && sc.exe start HpPortIox64.sys
-  Description: ''
-  Usecase: Elevate privileges
-  Privileges: kernel
-  OperatingSystem: Windows 10
+    Command: sc.exe create HpPortIox64.sys binPath=C:\windows\temp\HpPortIox64.sys
+        type=kernel && sc.exe start HpPortIox64.sys
+    Description: ''
+    Usecase: Elevate privileges
+    Privileges: kernel
+    OperatingSystem: Windows 10
 Resources:
 - Internal Research
-Acknowledgement:
-  Person: ''
-  Handle: ''
 Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Person: ''
+    Handle: ''
 KnownVulnerableSamples:
-- Filename: HpPortIox64.sys
-  MD5: 7b9e1e5e8ff4f18f84108bb9f7b5d108
-  SHA1: a59006308c4b5d33bb8f34ac6fb16701814fb8dc
-  SHA256: a4680fabf606d6580893434e81c130ff7ec9467a15e6534692443465f264d3c9
-  Authentihash:
-    MD5: 554fb2c6b328efeef850104fec12899c
-    SHA1: 12eb825418a932b1e4c6697dc7647e89ae52cf3f
-    SHA256: 4582adb2e67eebaff755ae740c1f24bc3af78e0f28e8e8decb99f86bf155ab23
-  Description: HpPortIo
-  Company: HP Inc.
-  InternalName: HpPortIox64.sys
-  OriginalFilename: HpPortIox64.sys
-  FileVersion: 1.0.0.0
-  Product: HpPortIo
-  ProductVersion: 1.0.0.0
-  Copyright: ''
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - IoDeleteDevice
-  - IoCreateDevice
-  - KeBugCheckEx
-  - RtlInitUnicodeString
-  - IoCreateSymbolicLink
-  - IoDeleteSymbolicLink
-  - __C_specific_handler
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=California, L=Palo Alto, O=HP Inc., OU=HP Cybersecurity, CN=HP
-        Inc.
-      ValidFrom: '2019-05-07 00:00:00'
-      ValidTo: '2020-05-11 12:00:00'
-      Signature: aa3f4f546b3d6b83970947632b27c00eaf66df4d21f2f3d4437fe0eca7e4c09e690bdefd378870decaac098e2733296e3a168ad24619242c1b85b97536b196c8598179c433f6cbde589199dfd0d82a0d606918b9ff243c7bc159096f1a3c06119e399744ef024d36ea40b991816f9c7816c491c2508f87165bae72cc3cfae8ee0cab40f988ca2ef7bd084fa6956b79aff39fabe0793f3456f82b3da0d077fcd80f3effb0a788509d834c347957ba0b39f61747dae3b880b9bd70f58a87ed9d0dd8a6bd9aaca12fc7f4a49fa1703209a023a7685b253d095f2377167d9a8859b9edfd8a4377d0c06eb597fb929f900d30dbd3de83101ead341cfcf5a4f500c29b
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 09e002ed55ebc92b8a799574f80069fd
-      Version: 3
-      TBS:
-        MD5: 8e5a33e7bb54021804e4e59f3e526eb6
-        SHA1: 1100fd4e09b76dbfc11a2af0be5fb874e1fb7de5
-        SHA256: 073be2d750162b598fb61d31412483eb6c2b95746abf85862de245322ab1dc13
-        SHA384: bc5188acd4a01d2e790b324dbac52b313693782a4d0f8db3e32b6dd92eef020171eeab09d42890b2e60e2a1207761f62
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance
-        Code Signing CA
-      ValidFrom: '2013-10-22 12:00:00'
-      ValidTo: '2028-10-22 12:00:00'
-      Signature: 6a0eff7e137c06a54bc02e8cf9536409e2ba58913050eccc9fe1d3a82f4846361829d078285f9856400f1ebabdb13b875cdc5bd8200ded1a164dd51124214bf127699013eb11a101dafdb54e795975bd382a6ac3f68e412b8aa28bd72c5151d99ca0c8e34eba6ca847d24ed1681f8c02573bb3296a8e6a202ab9f2006264bac8e900f9cca4d4ba9a35d8af2c656c167c5821de4a30d0faeb245d06c99d16b7ad4a45d325e20cf040aa5c4dac7ecd0682b976466908d832b682fee3a95834431b8e6767973f6831163638953e87f7c7c3af9d7a7719d9de93b5fd6e2bfc94f93db74c12352c30bee88d9e05709a4813f48cd6e71eac38e7a8f3ad0cb77aec67ed
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 0b7e10903c38490ffa2f679a87a1a7b9
-      Version: 3
-      TBS:
-        MD5: 7b0fbcf5c5aa55932726e9222f56efe2
-        SHA1: f09486b2b82a88a8b82aa2a12440496c8e53c452
-        SHA256: 0bf095b845b69928b5d7dfd1c42ae4f90feb8dc97f7830598c93e848877021fb
-        SHA384: f2a7644292efe9a7adc26cdeb0aa13980ea792d21845ba696684ac64d7f906839f3ec7625c3a88efefe3a451d961d317
-    Signer:
-    - SerialNumber: 09e002ed55ebc92b8a799574f80069fd
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance
-        Code Signing CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 41ddd08b440611823bc5d8cb732c563d
-    SHA1: 8acdfc9ac988c6250e2a031640f6e169b5fddb73
-    SHA256: 189683b4db2e68d2f0b3f91f1141907b3887f23991867a68a22389d40ad3634e
-  Sections:
-    .text:
-      Entropy: 5.93987588694592
-      Virtual Size: '0x6ba'
-    .rdata:
-      Entropy: 4.302335685844511
-      Virtual Size: '0x198'
-    .data:
-      Entropy: 0.5096713223407059
-      Virtual Size: '0x114'
-    .pdata:
-      Entropy: 3.169156050691243
-      Virtual Size: '0x6c'
-    INIT:
-      Entropy: 5.046663153942613
-      Virtual Size: '0x242'
-    .rsrc:
-      Entropy: 3.1281653750930665
-      Virtual Size: '0x2f8'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2020-01-16 02:04:02'
-  Imphash: d6f977640d4810a784d152e4d3c63a6b
-  LoadsDespiteHVCI: 'FALSE'
-Tags:
-- HpPortIox64.sys
+-   Filename: HpPortIox64.sys
+    MD5: 7b9e1e5e8ff4f18f84108bb9f7b5d108
+    SHA1: a59006308c4b5d33bb8f34ac6fb16701814fb8dc
+    SHA256: a4680fabf606d6580893434e81c130ff7ec9467a15e6534692443465f264d3c9
+    Authentihash:
+        MD5: 554fb2c6b328efeef850104fec12899c
+        SHA1: 12eb825418a932b1e4c6697dc7647e89ae52cf3f
+        SHA256: 4582adb2e67eebaff755ae740c1f24bc3af78e0f28e8e8decb99f86bf155ab23
+    Description: HpPortIo
+    Company: HP Inc.
+    InternalName: HpPortIox64.sys
+    OriginalFilename: HpPortIox64.sys
+    FileVersion: 1.0.0.0
+    Product: HpPortIo
+    ProductVersion: 1.0.0.0
+    Copyright: ''
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - IoDeleteDevice
+    - IoCreateDevice
+    - KeBugCheckEx
+    - RtlInitUnicodeString
+    - IoCreateSymbolicLink
+    - IoDeleteSymbolicLink
+    - __C_specific_handler
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=California, L=Palo Alto, O=HP Inc., OU=HP Cybersecurity,
+                CN=HP Inc.
+            ValidFrom: '2019-05-07 00:00:00'
+            ValidTo: '2020-05-11 12:00:00'
+            Signature: aa3f4f546b3d6b83970947632b27c00eaf66df4d21f2f3d4437fe0eca7e4c09e690bdefd378870decaac098e2733296e3a168ad24619242c1b85b97536b196c8598179c433f6cbde589199dfd0d82a0d606918b9ff243c7bc159096f1a3c06119e399744ef024d36ea40b991816f9c7816c491c2508f87165bae72cc3cfae8ee0cab40f988ca2ef7bd084fa6956b79aff39fabe0793f3456f82b3da0d077fcd80f3effb0a788509d834c347957ba0b39f61747dae3b880b9bd70f58a87ed9d0dd8a6bd9aaca12fc7f4a49fa1703209a023a7685b253d095f2377167d9a8859b9edfd8a4377d0c06eb597fb929f900d30dbd3de83101ead341cfcf5a4f500c29b
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 09e002ed55ebc92b8a799574f80069fd
+            Version: 3
+            TBS:
+                MD5: 8e5a33e7bb54021804e4e59f3e526eb6
+                SHA1: 1100fd4e09b76dbfc11a2af0be5fb874e1fb7de5
+                SHA256: 073be2d750162b598fb61d31412483eb6c2b95746abf85862de245322ab1dc13
+                SHA384: bc5188acd4a01d2e790b324dbac52b313693782a4d0f8db3e32b6dd92eef020171eeab09d42890b2e60e2a1207761f62
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High
+                Assurance Code Signing CA
+            ValidFrom: '2013-10-22 12:00:00'
+            ValidTo: '2028-10-22 12:00:00'
+            Signature: 6a0eff7e137c06a54bc02e8cf9536409e2ba58913050eccc9fe1d3a82f4846361829d078285f9856400f1ebabdb13b875cdc5bd8200ded1a164dd51124214bf127699013eb11a101dafdb54e795975bd382a6ac3f68e412b8aa28bd72c5151d99ca0c8e34eba6ca847d24ed1681f8c02573bb3296a8e6a202ab9f2006264bac8e900f9cca4d4ba9a35d8af2c656c167c5821de4a30d0faeb245d06c99d16b7ad4a45d325e20cf040aa5c4dac7ecd0682b976466908d832b682fee3a95834431b8e6767973f6831163638953e87f7c7c3af9d7a7719d9de93b5fd6e2bfc94f93db74c12352c30bee88d9e05709a4813f48cd6e71eac38e7a8f3ad0cb77aec67ed
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 0b7e10903c38490ffa2f679a87a1a7b9
+            Version: 3
+            TBS:
+                MD5: 7b0fbcf5c5aa55932726e9222f56efe2
+                SHA1: f09486b2b82a88a8b82aa2a12440496c8e53c452
+                SHA256: 0bf095b845b69928b5d7dfd1c42ae4f90feb8dc97f7830598c93e848877021fb
+                SHA384: f2a7644292efe9a7adc26cdeb0aa13980ea792d21845ba696684ac64d7f906839f3ec7625c3a88efefe3a451d961d317
+        Signer:
+        -   SerialNumber: 09e002ed55ebc92b8a799574f80069fd
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High
+                Assurance Code Signing CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 41ddd08b440611823bc5d8cb732c563d
+        SHA1: 8acdfc9ac988c6250e2a031640f6e169b5fddb73
+        SHA256: 189683b4db2e68d2f0b3f91f1141907b3887f23991867a68a22389d40ad3634e
+    Sections:
+        .text:
+            Entropy: 5.93987588694592
+            Virtual Size: '0x6ba'
+        .rdata:
+            Entropy: 4.302335685844511
+            Virtual Size: '0x198'
+        .data:
+            Entropy: 0.5096713223407059
+            Virtual Size: '0x114'
+        .pdata:
+            Entropy: 3.169156050691243
+            Virtual Size: '0x6c'
+        INIT:
+            Entropy: 5.046663153942613
+            Virtual Size: '0x242'
+        .rsrc:
+            Entropy: 3.1281653750930665
+            Virtual Size: '0x2f8'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2020-01-16 02:04:02'
+    Imphash: d6f977640d4810a784d152e4d3c63a6b
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/137daca4-0d7b-48aa-8574-f7eb6ad02526.yaml b/yaml/137daca4-0d7b-48aa-8574-f7eb6ad02526.yaml
index bb8c36065..e803c8606 100644
--- a/yaml/137daca4-0d7b-48aa-8574-f7eb6ad02526.yaml
+++ b/yaml/137daca4-0d7b-48aa-8574-f7eb6ad02526.yaml
@@ -1,188 +1,190 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 137daca4-0d7b-48aa-8574-f7eb6ad02526
+Tags:
+- speedfan.sys
+Verified: 'TRUE'
 Author: Michael Haag
+Created: '2023-01-09'
+MitreID: T1068
 CVE:
 - CVE-2007-5633
 Category: vulnerable driver
 Commands:
-  Command: sc.exe create speedfan.sys binPath=C:\windows\temp\speedfan.sys type=kernel
-    && sc.exe start speedfan.sys
-  Description: speedfan.sys is a vulnerable driver. CVE-2007-5633.
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
-Created: '2023-01-09'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/22be050955347661685a4343c51f11c7811674e030386d2264cd12ecbf544b7c.yara
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: 137daca4-0d7b-48aa-8574-f7eb6ad02526
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: af368f76c059d1e07aa884e86d29bbab
-    SHA1: 9c08d169b0f59a411c5b51f481622bc78bdf9c84
-    SHA256: 641490e28b2a1ee223238f5d969b5abf60a1089afe597c4251b285449e6b3b04
-  Company: Windows (R) Server 2003 DDK provider
-  Copyright: "\xA9 Microsoft Corporation. All rights reserved."
-  CreationTimestamp: '2006-09-24 07:26:48'
-  Date: ''
-  Description: SpeedFan Device Driver
-  ExportedFunctions: ''
-  FileVersion: '5.2.3790.0 built by: WinDDK'
-  Filename: speedfan.sys
-  ImportedFunctions:
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - IoCreateSymbolicLink
-  - PsGetVersion
-  - IoCreateDevice
-  - RtlUnwindEx
-  - KeBugCheckEx
-  Imports:
-  - ntoskrnl.exe
-  InternalName: speedfan.sys
-  MD5: 5f9785e7535f8f602cb294a54962c9e7
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: speedfan.sys
-  Product: Windows (R) Server 2003 DDK driver
-  ProductVersion: 5.2.3790.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: edbbdf5bb0479e4f4a4827203aebb406
-    SHA1: 691e232c9f6d9c5b1241ef5f0f48f67f7b9eb501
-    SHA256: f6121f3ea39a6896af3b0824a60eed616d52548fad83ded59b90a688dc219dd6
-  SHA1: bfe55cacc7c56c9f7bd75bdb4b352c0b745d071b
-  SHA256: 22be050955347661685a4343c51f11c7811674e030386d2264cd12ecbf544b7c
-  Sections:
-    .text:
-      Entropy: 6.055367251142709
-      Virtual Size: '0xb42'
-    .rdata:
-      Entropy: 4.6530845799285725
-      Virtual Size: '0x168'
-    .data:
-      Entropy: 0.5159719988134768
-      Virtual Size: '0x110'
-    .pdata:
-      Entropy: 3.040863839434868
-      Virtual Size: '0x3c'
-    INIT:
-      Entropy: 4.7999537352109725
-      Virtual Size: '0x1d8'
-    .rsrc:
-      Entropy: 3.3557848657208913
-      Virtual Size: '0x400'
-  Signature:
-  - Sokno S.R.L.
-  - VeriSign Class 3 Code Signing 2004 CA
-  - VeriSign Class 3 Public Primary CA
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2008-12-03 23:59:59'
-      Signature: 877870da4e5201205be079c98230c4fdb91996bd9100c3bdcdcdc6f40ed8fff94dc033623011c5f5741bd492de5f9c2013b17c45be50cd83e7801783a72793671346fbcab8984103cc9b515b058b7fa86ff31b501b242ef2698d6c22f7bbca1695ed0c74c06877d9eb996287c17390f889747a23aba3987b97b1f78f29714d2e751b4841daf0b50d2054d677a097826369fd09cf8af075bb099bd9f91155269a6132be7a02b07b86bea2c38b222c78d13576bc92735cf9b9e64c150a23cce4d2d4342e4940153c0f607a24c6a566ef96cf70eb3ee7f40d7edcd17ca3767169c19c4f47303521b1a2af1a623c2bd98eaa2a077bd818b35c7be29da56ffe3c89ad
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0de92bf0d4d82988183205095e9a7688
-      Version: 3
-      TBS:
-        MD5: 45c204b8a20f6abb0188d2d38a3fb0c9
-        SHA1: cdf3a3c5c2eda4c29621f30fd3154f9f8c765739
-        SHA256: e32839dddc0f4ed2474efaf37f59d46db400c700fd19533cb0895a111124bc77
-        SHA384: ee9c75832cb252218b3201619852209df490d2ef7a5f7a28afdb37f1c1dd56f4604898838e558f615b1c798d4a488223
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=IT, ST=Marche, L=Ancona, O=Sokno S.R.L., OU=Digital ID Class 3 ,
-        Microsoft Software Validation v2, OU=Software Development, CN=Sokno S.R.L.
-      ValidFrom: '2007-02-07 00:00:00'
-      ValidTo: '2008-02-07 23:59:59'
-      Signature: b572f3fe7b0c6aa1ee05ba9510b50345f5ccb72b55b1354fa3e0a5aaf8006302089153d52ebf69112781c7674e84d1646d4d08a04d554aa4428f801f4b4e6f467a35e2b464bb0878e7ca33d346f252d3f77a412ccb6d36fbd0c4d53cb14830362f8646cca976eb8ee66e6659d833a49643b947fe797d205ab717517d6af336669f6c1af45198d7ca0d621f0909098543353bcc39c256131db08f9abfe37f840636f8385e5ece017eff20e74d6363223dfc9948b66959ab5604a9d04ef2a459c03dd2cc4ac19bb1bf7b44b8bf1af9b5c996fd26e0e1b017a224c727a5986557397ceb4684353c85dabeaf102a15c45133baacff9eaa967342dda58442c0fe7a52
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 7b12cd12b82d7758c4d7c3e398845b3c
-      Version: 3
-      TBS:
-        MD5: 9c6803e909424a7709e1eec71bb56fee
-        SHA1: 29237efa67b52838056a16648f18d5b31920f4ce
-        SHA256: 17739d270191b317ef237c9b8e6c965704eca4733a5129ac44775a18d51637d3
-        SHA384: 72160f00ca6f6c1f9370279b17c8ae319e44822c942e3e0caa1948a53f9db1b4b9113fed394692801c1caf0c2f9437c4
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 7b12cd12b82d7758c4d7c3e398845b3c
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  Imphash: adfd4c0b031598afecb6f3f585f5f581
-  LoadsDespiteHVCI: 'FALSE'
-MitreID: T1068
+    Command: sc.exe create speedfan.sys binPath=C:\windows\temp\speedfan.sys type=kernel
+        && sc.exe start speedfan.sys
+    Description: speedfan.sys is a vulnerable driver. CVE-2007-5633.
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://github.com/jbaines-r7/dellicious
 - https://www.rapid7.com/blog/post/2021/12/13/driver-based-attacks-past-and-present/
-Tags:
-- speedfan.sys
-Verified: 'TRUE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/22be050955347661685a4343c51f11c7811674e030386d2264cd12ecbf544b7c.yara
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: af368f76c059d1e07aa884e86d29bbab
+        SHA1: 9c08d169b0f59a411c5b51f481622bc78bdf9c84
+        SHA256: 641490e28b2a1ee223238f5d969b5abf60a1089afe597c4251b285449e6b3b04
+    Company: Windows (R) Server 2003 DDK provider
+    Copyright: "\xA9 Microsoft Corporation. All rights reserved."
+    CreationTimestamp: '2006-09-24 07:26:48'
+    Date: ''
+    Description: SpeedFan Device Driver
+    ExportedFunctions: ''
+    FileVersion: '5.2.3790.0 built by: WinDDK'
+    Filename: speedfan.sys
+    ImportedFunctions:
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - IoCreateSymbolicLink
+    - PsGetVersion
+    - IoCreateDevice
+    - RtlUnwindEx
+    - KeBugCheckEx
+    Imports:
+    - ntoskrnl.exe
+    InternalName: speedfan.sys
+    MD5: 5f9785e7535f8f602cb294a54962c9e7
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: speedfan.sys
+    Product: Windows (R) Server 2003 DDK driver
+    ProductVersion: 5.2.3790.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: edbbdf5bb0479e4f4a4827203aebb406
+        SHA1: 691e232c9f6d9c5b1241ef5f0f48f67f7b9eb501
+        SHA256: f6121f3ea39a6896af3b0824a60eed616d52548fad83ded59b90a688dc219dd6
+    SHA1: bfe55cacc7c56c9f7bd75bdb4b352c0b745d071b
+    SHA256: 22be050955347661685a4343c51f11c7811674e030386d2264cd12ecbf544b7c
+    Sections:
+        .text:
+            Entropy: 6.055367251142709
+            Virtual Size: '0xb42'
+        .rdata:
+            Entropy: 4.6530845799285725
+            Virtual Size: '0x168'
+        .data:
+            Entropy: 0.5159719988134768
+            Virtual Size: '0x110'
+        .pdata:
+            Entropy: 3.040863839434868
+            Virtual Size: '0x3c'
+        INIT:
+            Entropy: 4.7999537352109725
+            Virtual Size: '0x1d8'
+        .rsrc:
+            Entropy: 3.3557848657208913
+            Virtual Size: '0x400'
+    Signature:
+    - Sokno S.R.L.
+    - VeriSign Class 3 Code Signing 2004 CA
+    - VeriSign Class 3 Public Primary CA
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2008-12-03 23:59:59'
+            Signature: 877870da4e5201205be079c98230c4fdb91996bd9100c3bdcdcdc6f40ed8fff94dc033623011c5f5741bd492de5f9c2013b17c45be50cd83e7801783a72793671346fbcab8984103cc9b515b058b7fa86ff31b501b242ef2698d6c22f7bbca1695ed0c74c06877d9eb996287c17390f889747a23aba3987b97b1f78f29714d2e751b4841daf0b50d2054d677a097826369fd09cf8af075bb099bd9f91155269a6132be7a02b07b86bea2c38b222c78d13576bc92735cf9b9e64c150a23cce4d2d4342e4940153c0f607a24c6a566ef96cf70eb3ee7f40d7edcd17ca3767169c19c4f47303521b1a2af1a623c2bd98eaa2a077bd818b35c7be29da56ffe3c89ad
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0de92bf0d4d82988183205095e9a7688
+            Version: 3
+            TBS:
+                MD5: 45c204b8a20f6abb0188d2d38a3fb0c9
+                SHA1: cdf3a3c5c2eda4c29621f30fd3154f9f8c765739
+                SHA256: e32839dddc0f4ed2474efaf37f59d46db400c700fd19533cb0895a111124bc77
+                SHA384: ee9c75832cb252218b3201619852209df490d2ef7a5f7a28afdb37f1c1dd56f4604898838e558f615b1c798d4a488223
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=IT, ST=Marche, L=Ancona, O=Sokno S.R.L., OU=Digital ID Class
+                3 , Microsoft Software Validation v2, OU=Software Development, CN=Sokno
+                S.R.L.
+            ValidFrom: '2007-02-07 00:00:00'
+            ValidTo: '2008-02-07 23:59:59'
+            Signature: b572f3fe7b0c6aa1ee05ba9510b50345f5ccb72b55b1354fa3e0a5aaf8006302089153d52ebf69112781c7674e84d1646d4d08a04d554aa4428f801f4b4e6f467a35e2b464bb0878e7ca33d346f252d3f77a412ccb6d36fbd0c4d53cb14830362f8646cca976eb8ee66e6659d833a49643b947fe797d205ab717517d6af336669f6c1af45198d7ca0d621f0909098543353bcc39c256131db08f9abfe37f840636f8385e5ece017eff20e74d6363223dfc9948b66959ab5604a9d04ef2a459c03dd2cc4ac19bb1bf7b44b8bf1af9b5c996fd26e0e1b017a224c727a5986557397ceb4684353c85dabeaf102a15c45133baacff9eaa967342dda58442c0fe7a52
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 7b12cd12b82d7758c4d7c3e398845b3c
+            Version: 3
+            TBS:
+                MD5: 9c6803e909424a7709e1eec71bb56fee
+                SHA1: 29237efa67b52838056a16648f18d5b31920f4ce
+                SHA256: 17739d270191b317ef237c9b8e6c965704eca4733a5129ac44775a18d51637d3
+                SHA384: 72160f00ca6f6c1f9370279b17c8ae319e44822c942e3e0caa1948a53f9db1b4b9113fed394692801c1caf0c2f9437c4
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 7b12cd12b82d7758c4d7c3e398845b3c
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    Imphash: adfd4c0b031598afecb6f3f585f5f581
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/13973a71-412f-4a18-a2a6-476d3853f8de.yaml b/yaml/13973a71-412f-4a18-a2a6-476d3853f8de.yaml
index a86b06517..294446c4e 100644
--- a/yaml/13973a71-412f-4a18-a2a6-476d3853f8de.yaml
+++ b/yaml/13973a71-412f-4a18-a2a6-476d3853f8de.yaml
@@ -1,1393 +1,1393 @@
 Id: 13973a71-412f-4a18-a2a6-476d3853f8de
+Tags:
+- AMDRyzenMasterDriver.sys
+Verified: 'TRUE'
 Author: Michael Haag, Nasreddine Bencherchali
 Created: '2023-01-09'
 MitreID: T1068
 Category: vulnerable driver
-Verified: 'TRUE'
 Commands:
-  Command: sc.exe create AMDRyzenMasterDriver.sys binPath=C:\windows\temp\AMDRyzenMasterDriver.sys
-    type=kernel && sc.exe start AMDRyzenMasterDriver.sys
-  Description: ''
-  Usecase: Elevate privileges
-  Privileges: kernel
-  OperatingSystem: Windows 10
+    Command: sc.exe create AMDRyzenMasterDriver.sys binPath=C:\windows\temp\AMDRyzenMasterDriver.sys
+        type=kernel && sc.exe start AMDRyzenMasterDriver.sys
+    Description: ''
+    Usecase: Elevate privileges
+    Privileges: kernel
+    OperatingSystem: Windows 10
 Resources:
 - Internal Research
 - https://github.com/elastic/protections-artifacts/search?q=AMDRyzenMasterDriver
-Acknowledgement:
-  Person: ''
-  Handle: ''
 Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Person: ''
+    Handle: ''
 KnownVulnerableSamples:
-- Filename: AMDRyzenMasterDriver.sys
-  MD5: f16b44cca74d3c3645e4c0a6bb5c0cb9
-  SHA1: eceb51233f013e04406da11482324d45e70281c7
-  SHA256: 7e81beae78e1ddbf6c150e15667e1f18783f9b0ab7fbe52c7ab63e754135948d
-  Authentihash:
-    MD5: 56d3a74361bd38be9c8ee476f0063f16
-    SHA1: 8facd7c1efbfb3b44cde04cc1b9a1f24d171c2b8
-    SHA256: ab1c74ed1ea4fc7a613aa22fd87ee4251ede260862fdebde2d7d2f00c0f23371
-  Description: AMD Ryzen Master Service Driver
-  Company: Advanced Micro Devices
-  InternalName: AMDRyzenMasterDriver.sys
-  OriginalFilename: AMDRyzenMasterDriver.sys
-  FileVersion: 1.3.0.0
-  Product: AMD Ryzen Master Service Driver
-  ProductVersion: 1.3.0.0
-  Copyright: "Copyright \xA9 2018 AMD, Inc."
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  - WDFLDR.SYS
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - KeLeaveCriticalRegion
-  - MmMapIoSpace
-  - MmUnmapIoSpace
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - MmBuildMdlForNonPagedPool
-  - MmMapLockedPagesSpecifyCache
-  - MmUnmapLockedPages
-  - IoAllocateMdl
-  - IoFreeMdl
-  - MmGetSystemRoutineAddress
-  - ZwClose
-  - ZwSetSecurityObject
-  - IoDeviceObjectType
-  - IoCreateDevice
-  - KeEnterCriticalRegion
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - RtlGetSaclSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - _snwprintf
-  - RtlLengthSecurityDescriptor
-  - SeExports
-  - RtlCreateSecurityDescriptor
-  - _wcsnicmp
-  - wcschr
-  - RtlAbsoluteToSelfRelativeSD
-  - RtlAddAccessAllowedAce
-  - RtlLengthSid
-  - IoIsWdmVersionAvailable
-  - RtlSetDaclSecurityDescriptor
-  - ZwOpenKey
-  - ZwSetValueKey
-  - ZwQueryValueKey
-  - ZwCreateKey
-  - RtlFreeUnicodeString
-  - KeDelayExecutionThread
-  - RtlGetVersion
-  - DbgPrint
-  - RtlCopyUnicodeString
-  - RtlInitUnicodeString
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - ObOpenObjectByPointer
-  - strncmp
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  - WdfVersionBind
-  - WdfVersionUnbind
-  - WdfVersionBindClass
-  - WdfVersionUnbindClass
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, ST=Washington, L=Bellevue, O=Advanced Micro Devices Inc., CN=Advanced
-        Micro Devices Inc.
-      ValidFrom: '2016-04-04 00:00:00'
-      ValidTo: '2019-04-04 23:59:59'
-      Signature: 954826dae788da2592d025efce7ccbdd68d9c19fe3713a5d3a8737a82d44b47ef6693f473c99f765cfb98e51f7b149b2368000cbae6bf94ae721feecaa23fe179a8032dff1c646816c3467c50cd84d46846af15bba67838d8f4ae9fe6b504cf83737550a75ccacf02a71c856e8dd9007e2681a0445406da6a885000d9a1106112f9a74e2ddc12144162aa7c29fbc5c144e1640c533688eab20d87ed08fed8d05f866dfb6f7163ab6967ccecbda61024481948c2eb2b239b69b69962bdb71c6eb80f51cc907c4e9d13be15aaa96c43fa030bc03c6389cd64ab0a4201ca2342eb94e6fd71489a8695fb7f18f9073b14f8b8e5b32f39a38dfbc0ea2d02ce9c8122d
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 5ca430e4777412a8230bf839f782d4f7
-      Version: 3
-      TBS:
-        MD5: e2da6edfa1d1a4ba506520e5383f6873
-        SHA1: b2473031866c0b72c4fc8a1dd9d607939988bdc0
-        SHA256: 3c657f61ebc39ea4921cbb226ce8c728a336f4c05b21bf14bf61a68d2f8b9a63
-        SHA384: b812f2f80e5bb1d66a5043c49443eb3fdbefd666bdcfd582c0f1c714fdefef8787383232a838be64ff4bed56a282af6f
-    - Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 SHA256 Code Signing CA
-      ValidFrom: '2013-12-10 00:00:00'
-      ValidTo: '2023-12-09 23:59:59'
-      Signature: 13851a1e69a937f7a0bda4af7e1d6153fe9d8c5e0ca6751e781723ddfdec1a035539fb7195c7655aa78e30d2445a61db706fda2105c22e73ba49f1d193fe5dc9cd5e03e0899e3f741ed7f7388ba9d6cfbb352f3358a89256d1c84d3b82e6798416fc28b0b147f31da23eee87d9a67fa456a53fad842e29de7cbca8aaa33d0401eaba93a20e502229174c87e43a115fd6a425899b056b2fb4c9014c277b0bac190522a060153fdac9fb4d4c8ffb726777fd2794c7ba350e8849fe8dfd28af4a12bd0db39705de440c15fa362b03dcc15001f1a1115d14e5e2bd274b54be2b845e0fa6c374050aef97c38922b11f77f3bdcd43d4f14ca93fb58b84af64f2d01421
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 3d78d7f9764960b2617df4f01eca862a
-      Version: 3
-      TBS:
-        MD5: 1f056ff7d5f874984dc605402b7cb042
-        SHA1: bdb348353a2203deb4b767914fa1bd7248dd728b
-        SHA256: a08e79c386083d875014c409c13d144e0a24386132980df11ff59737c8489eb1
-        SHA384: fa2729064b49e0d77540c1ee95d5f74acaf8eaf55197851a3a40383335f8113e51190bc48b552196edf8ac5cf0c89278
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    Signer:
-    - SerialNumber: 5ca430e4777412a8230bf839f782d4f7
-      Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 SHA256 Code Signing CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 6484a006a3f0542c3436d324dd3fa12c
-    SHA1: 23af6a8f0bfbf1bd7fab42b797a48e6ac38386e6
-    SHA256: a4866bda36b9be027705429c8cbc967b7e5c0e2bdb66338bdec5d9163929aef0
-  Sections:
-    .text:
-      Entropy: 6.048114488845268
-      Virtual Size: '0x8baa'
-    .rdata:
-      Entropy: 4.373606717521472
-      Virtual Size: '0xe10'
-    .data:
-      Entropy: 2.2935568747802817
-      Virtual Size: '0x20cb8'
-    .pdata:
-      Entropy: 4.631632837457454
-      Virtual Size: '0x51c'
-    .gfids:
-      Entropy: 0.8112781244591328
-      Virtual Size: '0x4'
-    PAGE:
-      Entropy: 6.374038212894357
-      Virtual Size: '0x18fd'
-    INIT:
-      Entropy: 5.110575836222027
-      Virtual Size: '0x6fe'
-    .rsrc:
-      Entropy: 3.278321646553536
-      Virtual Size: '0x3c8'
-    .reloc:
-      Entropy: 3.6401911491614793
-      Virtual Size: '0x38'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2018-10-17 22:47:22'
-  Imphash: 8bbc742eaed888736a715757f0584fb6
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: AMDRyzenMasterDriver.sys
-  MD5: 130c5aec46bdec8d534df7222d160fdb
-  SHA1: fac870d438bf62ecd5d5c8c58cc9bfda6f246b8b
-  SHA256: 909de5f21837ea2b13fdc4e5763589e6bdedb903f7c04e1d0b08776639774880
-  Authentihash:
-    MD5: baad4335bf64311b512e159d47cfb3c7
-    SHA1: dbfd5f346b6117941139006b9c7d88a4d9a6b04f
-    SHA256: 679de7449908838c031db59234cb4f482fbf5d27d7e02d0c30d5ad9d2f36495f
-  Description: AMD Ryzen Master Service Driver
-  Company: Advanced Micro Devices
-  InternalName: AMDRyzenMasterDriver.sys
-  OriginalFilename: AMDRyzenMasterDriver.sys
-  FileVersion: 1.5.0.0
-  Product: AMD Ryzen Master Service Driver
-  ProductVersion: 1.5.0.0
-  Copyright: "Copyright \xA9 2020 AMD, Inc."
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  - WDFLDR.SYS
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - KeLeaveCriticalRegion
-  - MmMapIoSpace
-  - MmUnmapIoSpace
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - MmBuildMdlForNonPagedPool
-  - MmMapLockedPagesSpecifyCache
-  - MmUnmapLockedPages
-  - IoAllocateMdl
-  - IoFreeMdl
-  - MmGetSystemRoutineAddress
-  - ZwClose
-  - ZwSetSecurityObject
-  - IoDeviceObjectType
-  - IoCreateDevice
-  - KeEnterCriticalRegion
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - RtlGetSaclSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - _snwprintf
-  - RtlLengthSecurityDescriptor
-  - SeExports
-  - RtlCreateSecurityDescriptor
-  - _wcsnicmp
-  - wcschr
-  - RtlAbsoluteToSelfRelativeSD
-  - RtlAddAccessAllowedAce
-  - RtlLengthSid
-  - IoIsWdmVersionAvailable
-  - RtlSetDaclSecurityDescriptor
-  - ZwOpenKey
-  - ZwSetValueKey
-  - ZwQueryValueKey
-  - ZwCreateKey
-  - RtlFreeUnicodeString
-  - KeDelayExecutionThread
-  - RtlGetVersion
-  - DbgPrint
-  - RtlCopyUnicodeString
-  - RtlInitUnicodeString
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - ObOpenObjectByPointer
-  - strncmp
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  - WdfVersionBind
-  - WdfVersionUnbind
-  - WdfVersionBindClass
-  - WdfVersionUnbindClass
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, ST=California, L=Santa Clara, O=Advanced Micro Devices INC.,
-        CN=Advanced Micro Devices INC.
-      ValidFrom: '2019-02-13 00:00:00'
-      ValidTo: '2022-02-13 23:59:59'
-      Signature: 8c521a9a934b3e45eaccd7ed8e301606b9e25215b4914181c8dfb5226b0e0e96df11e24e5d5985637b0ed21b121b6b46cc448cea697a0cb62faccc7cd5ec515797e424cf9e28634da84b95fa2eef52f8b9cc0752b6a161bae0be9f4924d7fd9a8fe5443177f16025dbf020287184581d3b1eed67fa369b80eb66cb70050089965da0bf36d68dd303738ac99edff5b7943ce863c4f3b2833a04576e6a28555c630d91bd4ea9f0ca41c0d97b07240c1059bc4a6cbe58276fede21f22de0ec57efe20b33ee4b2bb35cbfb1e5590193aa35368e728a09d27c3bf8e84815c66e092b91e63d025665756aa8e73f847b5506e6b118dde05bf7d72547ec2146d8b9dec80
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 1885b7e188d8fafd38a43d48967d7488
-      Version: 3
-      TBS:
-        MD5: 7383bf699bcb229fcf33802fe77d95fc
-        SHA1: 9b497b4a98173e0e91517daae8e47ca0fce3ff21
-        SHA256: 79ea901ff84d0e090348148fd3b9be496ee45e0e852ec8582b27c6d46f11b5b0
-        SHA384: dc879c437e176bfe1e9de208ba3cef533290598e81031e9210f2a8c0f79a15415106632a881a3d24aadf385c2c6861c6
-    - Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 SHA256 Code Signing CA
-      ValidFrom: '2013-12-10 00:00:00'
-      ValidTo: '2023-12-09 23:59:59'
-      Signature: 13851a1e69a937f7a0bda4af7e1d6153fe9d8c5e0ca6751e781723ddfdec1a035539fb7195c7655aa78e30d2445a61db706fda2105c22e73ba49f1d193fe5dc9cd5e03e0899e3f741ed7f7388ba9d6cfbb352f3358a89256d1c84d3b82e6798416fc28b0b147f31da23eee87d9a67fa456a53fad842e29de7cbca8aaa33d0401eaba93a20e502229174c87e43a115fd6a425899b056b2fb4c9014c277b0bac190522a060153fdac9fb4d4c8ffb726777fd2794c7ba350e8849fe8dfd28af4a12bd0db39705de440c15fa362b03dcc15001f1a1115d14e5e2bd274b54be2b845e0fa6c374050aef97c38922b11f77f3bdcd43d4f14ca93fb58b84af64f2d01421
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 3d78d7f9764960b2617df4f01eca862a
-      Version: 3
-      TBS:
-        MD5: 1f056ff7d5f874984dc605402b7cb042
-        SHA1: bdb348353a2203deb4b767914fa1bd7248dd728b
-        SHA256: a08e79c386083d875014c409c13d144e0a24386132980df11ff59737c8489eb1
-        SHA384: fa2729064b49e0d77540c1ee95d5f74acaf8eaf55197851a3a40383335f8113e51190bc48b552196edf8ac5cf0c89278
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    Signer:
-    - SerialNumber: 1885b7e188d8fafd38a43d48967d7488
-      Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 SHA256 Code Signing CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 6d6b8554188fb7411ca051ba2dff2781
-    SHA1: e72511c1833327ca1c8a601928d34423474dc29f
-    SHA256: 627de079d57aa0a30e00513bea298e3d0d1da718e568f8e13520afe3762f3aff
-  Sections:
-    .text:
-      Entropy: 6.041395171015692
-      Virtual Size: '0x8aca'
-    .rdata:
-      Entropy: 4.6845155343102025
-      Virtual Size: '0xbac'
-    .data:
-      Entropy: 2.303788557291196
-      Virtual Size: '0x20ca8'
-    .pdata:
-      Entropy: 4.561536748565084
-      Virtual Size: '0x4f8'
-    PAGE:
-      Entropy: 6.28357086298352
-      Virtual Size: '0x1b94'
-    INIT:
-      Entropy: 5.169922110711239
-      Virtual Size: '0x6fe'
-    .rsrc:
-      Entropy: 3.2708067652420643
-      Virtual Size: '0x3c8'
-    .reloc:
-      Entropy: 3.4421266343442025
-      Virtual Size: '0x34'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2019-12-15 22:10:07'
-  Imphash: 8bbc742eaed888736a715757f0584fb6
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: AMDRyzenMasterDriver.sys
-  MD5: 013719e840e955c2e4cd9d18c94a2625
-  SHA1: b74338c91c6effabc02ae0ced180428ab1024c7d
-  SHA256: 9b1ac756e35f795dd91adbc841e78db23cb7165280f8d4a01df663128b66d194
-  Authentihash:
-    MD5: 008ebc7b97c6e3c036bc3d51e4166027
-    SHA1: f0a89a5719eff19884d6674bd60c1249876e71b9
-    SHA256: ddc5ff33a19baf1630a92723b5d0103fcc9ca58ee2a548526b9439eec3c97fe8
-  Description: AMD Ryzen Master Service Driver
-  Company: Advanced Micro Devices
-  InternalName: AMDRyzenMasterDriver.sys
-  OriginalFilename: AMDRyzenMasterDriver.sys
-  FileVersion: 1.1.0.0
-  Product: AMD Ryzen Master Service Driver
-  ProductVersion: 1.1.0.0
-  Copyright: "Copyright \xA9 2017 AMD, Inc."
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  - WDFLDR.SYS
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - MmMapIoSpace
-  - MmUnmapIoSpace
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - MmBuildMdlForNonPagedPool
-  - MmMapLockedPagesSpecifyCache
-  - MmUnmapLockedPages
-  - IoAllocateMdl
-  - IoFreeMdl
-  - MmGetSystemRoutineAddress
-  - ObOpenObjectByPointer
-  - IoDeviceObjectType
-  - IoCreateDevice
-  - ZwSetSecurityObject
-  - ZwClose
-  - KeLeaveCriticalRegion
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetSaclSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - RtlLengthSecurityDescriptor
-  - _snwprintf
-  - RtlCreateSecurityDescriptor
-  - RtlLengthSid
-  - SeExports
-  - IoIsWdmVersionAvailable
-  - RtlAbsoluteToSelfRelativeSD
-  - RtlAddAccessAllowedAce
-  - RtlSetDaclSecurityDescriptor
-  - _wcsnicmp
-  - wcschr
-  - ZwOpenKey
-  - ZwQueryValueKey
-  - RtlFreeUnicodeString
-  - ZwSetValueKey
-  - ZwCreateKey
-  - KeBugCheckEx
-  - KeEnterCriticalRegion
-  - KeDelayExecutionThread
-  - DbgPrint
-  - RtlCopyUnicodeString
-  - RtlInitUnicodeString
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - RtlGetOwnerSecurityDescriptor
-  - strncmp
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  - WdfVersionUnbind
-  - WdfVersionBind
-  - WdfVersionBindClass
-  - WdfVersionUnbindClass
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, ST=California, L=Sunnyvale, O=Advanced Micro Devices, Inc., CN=Advanced
-        Micro Devices, Inc.
-      ValidFrom: '2016-06-16 00:00:00'
-      ValidTo: '2019-07-16 23:59:59'
-      Signature: a7e55605825dfbd1b68d884b19685d8a578891d427b776f584d93b0ee66a7f2bace57691884dd480e47dceba8506dcf432f8341e99b87c76751ccbf7086d570de39d83b1770c21ba699169bdff0645659289bcf989329ee0e187064e774dc338f9112edc66c104a6237e1687974a89b00e9e6e428b1581a769ca7b1cd017c317509ecdb2ce1ff410e80d91d167437d9d93efe9e103bb0d513bb821ceda37550bfaae4160fa445ba09afe9141bf45b44a28f80e5d32edc5ac63b27139b0264d7c80e58c1d1b12f47f9fe8f8d673d7b2fbf5acd023fe3ff8a3504d5cfe6c89edbbfc819dea2974720785e0463eb7d99aafea40178b942aeea5dcb91dff62610930
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 72dcd35b1dbbf28f0f9848ec766a1bdf
-      Version: 3
-      TBS:
-        MD5: 9aa40e03c13b5fea2e7e45e7a22ebe3d
-        SHA1: 3fddce5ae05f39f1ee992d32f7393e65a88d4ac2
-        SHA256: 1945901906ad5ade7732c453ad5cbed008f32b602ca52e5b2509680a3860f271
-        SHA384: 4c0d5c934bd27664155d80c73c72fca777bf12ab972aee8d418b9d05c74e48f69a6b80619132d50a29c00e83753ed099
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 72dcd35b1dbbf28f0f9848ec766a1bdf
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 87b708150cf6d7ba4ab6ad6b9ed4ac0b
-    SHA1: ef1170f87bcf19dc0e7f90afb1d50c1f34d5b3e5
-    SHA256: aae245bf274b2e8c005a03cbd57a3a3e2a5f0b52f544fc740032631662e9547e
-  Sections:
-    .text:
-      Entropy: 6.056885786535907
-      Virtual Size: '0x889a'
-    .rdata:
-      Entropy: 4.614076959395885
-      Virtual Size: '0xac4'
-    .data:
-      Entropy: 2.270167462468422
-      Virtual Size: '0x21918'
-    .pdata:
-      Entropy: 4.623565713265635
-      Virtual Size: '0x4e0'
-    .gfids:
-      Entropy: 1.5
-      Virtual Size: '0x4'
-    PAGE:
-      Entropy: 6.3311010402973205
-      Virtual Size: '0x1ae4'
-    INIT:
-      Entropy: 5.298320304217028
-      Virtual Size: '0x736'
-    .rsrc:
-      Entropy: 3.2657061939285486
-      Virtual Size: '0x3c8'
-    .reloc:
-      Entropy: 3.5944825065194204
-      Virtual Size: '0x34'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2017-04-24 23:40:43'
-  Imphash: bb437241f56020db0fcbf8f8629bdb07
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: AMDRyzenMasterDriver.sys
-  MD5: aa12c1cb47c443c6108bfe7fc1a34d98
-  SHA1: 88d00eff21221f95a0307da229bc9fe1afb6861b
-  SHA256: af1011c76a22af7be97a0b3e0ce11aca0509820c59fa7c8eeaaa1b2c0225f75a
-  Authentihash:
-    MD5: daaff8865677433e85f79ac4ceb6be54
-    SHA1: 588d359fa0e976507d2bad89a24de2d3dab34b64
-    SHA256: 0ad2d2fe1b16e42f43788dae1f0f45031b5025ef6bcc52360e18812820682f04
-  Description: AMD Ryzen Master Service Driver
-  Company: Advanced Micro Devices
-  InternalName: AMDRyzenMasterDriver.sys
-  OriginalFilename: AMDRyzenMasterDriver.sys
-  FileVersion: 1.0.0
-  Product: AMD Ryzen Master Service Driver
-  ProductVersion: 1.0.0
-  Copyright: "Copyright \xA9 2017 AMD, Inc."
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  - WDFLDR.SYS
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - MmMapIoSpace
-  - MmUnmapIoSpace
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - MmBuildMdlForNonPagedPool
-  - MmMapLockedPagesSpecifyCache
-  - MmUnmapLockedPages
-  - IoAllocateMdl
-  - IoFreeMdl
-  - MmGetSystemRoutineAddress
-  - ObOpenObjectByPointer
-  - IoDeviceObjectType
-  - IoCreateDevice
-  - ZwSetSecurityObject
-  - ZwClose
-  - KeLeaveCriticalRegion
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetSaclSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - RtlLengthSecurityDescriptor
-  - _snwprintf
-  - RtlCreateSecurityDescriptor
-  - RtlLengthSid
-  - SeExports
-  - IoIsWdmVersionAvailable
-  - RtlAbsoluteToSelfRelativeSD
-  - RtlAddAccessAllowedAce
-  - RtlSetDaclSecurityDescriptor
-  - _wcsnicmp
-  - wcschr
-  - ZwOpenKey
-  - ZwQueryValueKey
-  - RtlFreeUnicodeString
-  - ZwSetValueKey
-  - ZwCreateKey
-  - KeBugCheckEx
-  - KeEnterCriticalRegion
-  - KeDelayExecutionThread
-  - DbgPrint
-  - RtlCopyUnicodeString
-  - RtlInitUnicodeString
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - RtlGetOwnerSecurityDescriptor
-  - strncmp
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  - WdfVersionUnbind
-  - WdfVersionBind
-  - WdfVersionBindClass
-  - WdfVersionUnbindClass
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, ST=California, L=Sunnyvale, O=Advanced Micro Devices, Inc., CN=Advanced
-        Micro Devices, Inc.
-      ValidFrom: '2016-06-16 00:00:00'
-      ValidTo: '2019-07-16 23:59:59'
-      Signature: a7e55605825dfbd1b68d884b19685d8a578891d427b776f584d93b0ee66a7f2bace57691884dd480e47dceba8506dcf432f8341e99b87c76751ccbf7086d570de39d83b1770c21ba699169bdff0645659289bcf989329ee0e187064e774dc338f9112edc66c104a6237e1687974a89b00e9e6e428b1581a769ca7b1cd017c317509ecdb2ce1ff410e80d91d167437d9d93efe9e103bb0d513bb821ceda37550bfaae4160fa445ba09afe9141bf45b44a28f80e5d32edc5ac63b27139b0264d7c80e58c1d1b12f47f9fe8f8d673d7b2fbf5acd023fe3ff8a3504d5cfe6c89edbbfc819dea2974720785e0463eb7d99aafea40178b942aeea5dcb91dff62610930
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 72dcd35b1dbbf28f0f9848ec766a1bdf
-      Version: 3
-      TBS:
-        MD5: 9aa40e03c13b5fea2e7e45e7a22ebe3d
-        SHA1: 3fddce5ae05f39f1ee992d32f7393e65a88d4ac2
-        SHA256: 1945901906ad5ade7732c453ad5cbed008f32b602ca52e5b2509680a3860f271
-        SHA384: 4c0d5c934bd27664155d80c73c72fca777bf12ab972aee8d418b9d05c74e48f69a6b80619132d50a29c00e83753ed099
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 72dcd35b1dbbf28f0f9848ec766a1bdf
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 87b708150cf6d7ba4ab6ad6b9ed4ac0b
-    SHA1: ef1170f87bcf19dc0e7f90afb1d50c1f34d5b3e5
-    SHA256: aae245bf274b2e8c005a03cbd57a3a3e2a5f0b52f544fc740032631662e9547e
-  Sections:
-    .text:
-      Entropy: 6.055276530150317
-      Virtual Size: '0x889a'
-    .rdata:
-      Entropy: 4.617735799466591
-      Virtual Size: '0xac4'
-    .data:
-      Entropy: 2.329285274671635
-      Virtual Size: '0x21918'
-    .pdata:
-      Entropy: 4.653435999483515
-      Virtual Size: '0x4e0'
-    .gfids:
-      Entropy: 1.5
-      Virtual Size: '0x4'
-    PAGE:
-      Entropy: 6.332351249692235
-      Virtual Size: '0x1ae4'
-    INIT:
-      Entropy: 5.298759149028588
-      Virtual Size: '0x736'
-    .rsrc:
-      Entropy: 3.258458366375691
-      Virtual Size: '0x3c0'
-    .reloc:
-      Entropy: 3.5944825065194204
-      Virtual Size: '0x34'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2017-03-27 21:29:24'
-  Imphash: bb437241f56020db0fcbf8f8629bdb07
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: AMDRyzenMasterDriver.sys
-  MD5: 0490f5961e0980792f5cb5aedf081dd7
-  SHA1: 4786253daac6c60ffc0d2871fdd68023ec93dfb3
-  SHA256: f6cd7353cb6e86e98d387473ed6340f9b44241867508e209e944f548b9db1d5f
-  Authentihash:
-    MD5: 74e9ae3f89ff8fcf94f0407f7b94f680
-    SHA1: 4fce761086a78302bf6409d4be2c057e3389210d
-    SHA256: 192a27335de23a008c05efe24ea1fa0f633dd8ddc68d904466e4e2741a0bb645
-  Description: AMD Ryzen Master Service Driver
-  Company: Advanced Micro Devices
-  InternalName: AMDRyzenMasterDriver.sys
-  OriginalFilename: AMDRyzenMasterDriver.sys
-  FileVersion: 1.2.0.0
-  Product: AMD Ryzen Master Service Driver
-  ProductVersion: 1.2.0.0
-  Copyright: "Copyright \xA9 2017 AMD, Inc."
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  - WDFLDR.SYS
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - MmMapIoSpace
-  - MmUnmapIoSpace
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - MmBuildMdlForNonPagedPool
-  - MmMapLockedPagesSpecifyCache
-  - MmUnmapLockedPages
-  - IoAllocateMdl
-  - IoFreeMdl
-  - MmGetSystemRoutineAddress
-  - ZwClose
-  - ZwSetSecurityObject
-  - IoDeviceObjectType
-  - IoCreateDevice
-  - ObOpenObjectByPointer
-  - KeLeaveCriticalRegion
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - RtlGetSaclSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - _snwprintf
-  - RtlLengthSecurityDescriptor
-  - SeExports
-  - RtlCreateSecurityDescriptor
-  - _wcsnicmp
-  - wcschr
-  - RtlAbsoluteToSelfRelativeSD
-  - RtlAddAccessAllowedAce
-  - RtlLengthSid
-  - IoIsWdmVersionAvailable
-  - RtlSetDaclSecurityDescriptor
-  - ZwOpenKey
-  - ZwSetValueKey
-  - ZwQueryValueKey
-  - ZwCreateKey
-  - RtlFreeUnicodeString
-  - KeBugCheckEx
-  - KeEnterCriticalRegion
-  - KeDelayExecutionThread
-  - DbgPrint
-  - RtlCopyUnicodeString
-  - RtlInitUnicodeString
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - RtlGetDaclSecurityDescriptor
-  - strncmp
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  - WdfVersionUnbind
-  - WdfVersionBind
-  - WdfVersionBindClass
-  - WdfVersionUnbindClass
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, ST=California, L=Sunnyvale, O=Advanced Micro Devices, Inc., CN=Advanced
-        Micro Devices, Inc.
-      ValidFrom: '2016-06-16 00:00:00'
-      ValidTo: '2019-07-16 23:59:59'
-      Signature: a7e55605825dfbd1b68d884b19685d8a578891d427b776f584d93b0ee66a7f2bace57691884dd480e47dceba8506dcf432f8341e99b87c76751ccbf7086d570de39d83b1770c21ba699169bdff0645659289bcf989329ee0e187064e774dc338f9112edc66c104a6237e1687974a89b00e9e6e428b1581a769ca7b1cd017c317509ecdb2ce1ff410e80d91d167437d9d93efe9e103bb0d513bb821ceda37550bfaae4160fa445ba09afe9141bf45b44a28f80e5d32edc5ac63b27139b0264d7c80e58c1d1b12f47f9fe8f8d673d7b2fbf5acd023fe3ff8a3504d5cfe6c89edbbfc819dea2974720785e0463eb7d99aafea40178b942aeea5dcb91dff62610930
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 72dcd35b1dbbf28f0f9848ec766a1bdf
-      Version: 3
-      TBS:
-        MD5: 9aa40e03c13b5fea2e7e45e7a22ebe3d
-        SHA1: 3fddce5ae05f39f1ee992d32f7393e65a88d4ac2
-        SHA256: 1945901906ad5ade7732c453ad5cbed008f32b602ca52e5b2509680a3860f271
-        SHA384: 4c0d5c934bd27664155d80c73c72fca777bf12ab972aee8d418b9d05c74e48f69a6b80619132d50a29c00e83753ed099
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 72dcd35b1dbbf28f0f9848ec766a1bdf
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: c8e24840d3d344e161548f195f7bb0e3
-    SHA1: efd0bcc2165966f49eeadeb33ec6ba0e506801da
-    SHA256: 29493a0520c11b58053c1ae6895f291fb8f36a2cf1e483f2989891c23dbebf04
-  Sections:
-    .text:
-      Entropy: 6.051076636578072
-      Virtual Size: '0x899a'
-    .rdata:
-      Entropy: 4.550324534489092
-      Virtual Size: '0xaf4'
-    .data:
-      Entropy: 2.2680547590193103
-      Virtual Size: '0x218d8'
-    .pdata:
-      Entropy: 4.618148951031943
-      Virtual Size: '0x4e0'
-    .gfids:
-      Entropy: 0.8112781244591328
-      Virtual Size: '0x4'
-    PAGE:
-      Entropy: 6.337675978324415
-      Virtual Size: '0x1ae4'
-    INIT:
-      Entropy: 5.3115439107045965
-      Virtual Size: '0x736'
-    .rsrc:
-      Entropy: 3.273433236637118
-      Virtual Size: '0x3c8'
-    .reloc:
-      Entropy: 3.3999429145127564
-      Virtual Size: '0x34'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2017-11-13 22:58:28'
-  Imphash: 32b632f6379bfaac9f4f3a030a694f55
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: AMDRyzenMasterDriver.sys
-  MD5: 0be5c6476dd58072c93af4fca62ee4b3
-  SHA1: 5f8ae70b25b664433c6942d5963acadf2042cfe8
-  SHA256: ff9623317287358440ec67da9ba79994d9b17b99ffdd709ec836478fe1fc22a5
-  Authentihash:
-    MD5: 85f5af5f7200c76440823c16a70b2093
-    SHA1: 2f550bc5f89e2291f669b8a2d1910086bbea7532
-    SHA256: 207b6cea0c9f7e94a912b388d5e9f7ace3b6405114f64bcc425042a09170fcac
-  Description: AMD Ryzen Master Service Driver
-  Company: Advanced Micro Devices
-  InternalName: AMDRyzenMasterDriver.sys
-  OriginalFilename: AMDRyzenMasterDriver.sys
-  FileVersion: 1.4.0.0
-  Product: AMD Ryzen Master Service Driver
-  ProductVersion: 1.4.0.0
-  Copyright: "Copyright \xA9 2019 AMD, Inc."
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  - WDFLDR.SYS
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - KeLeaveCriticalRegion
-  - MmMapIoSpace
-  - MmUnmapIoSpace
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - MmBuildMdlForNonPagedPool
-  - MmMapLockedPagesSpecifyCache
-  - MmUnmapLockedPages
-  - IoAllocateMdl
-  - IoFreeMdl
-  - MmGetSystemRoutineAddress
-  - ZwClose
-  - ZwSetSecurityObject
-  - IoDeviceObjectType
-  - IoCreateDevice
-  - KeEnterCriticalRegion
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - RtlGetSaclSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - _snwprintf
-  - RtlLengthSecurityDescriptor
-  - SeExports
-  - RtlCreateSecurityDescriptor
-  - _wcsnicmp
-  - wcschr
-  - RtlAbsoluteToSelfRelativeSD
-  - RtlAddAccessAllowedAce
-  - RtlLengthSid
-  - IoIsWdmVersionAvailable
-  - RtlSetDaclSecurityDescriptor
-  - ZwOpenKey
-  - ZwSetValueKey
-  - ZwQueryValueKey
-  - ZwCreateKey
-  - RtlFreeUnicodeString
-  - KeDelayExecutionThread
-  - RtlGetVersion
-  - DbgPrint
-  - RtlCopyUnicodeString
-  - RtlInitUnicodeString
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - ObOpenObjectByPointer
-  - strncmp
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  - WdfVersionBind
-  - WdfVersionUnbind
-  - WdfVersionBindClass
-  - WdfVersionUnbindClass
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, ST=California, L=Santa Clara, O=Advanced Micro Devices INC.,
-        CN=Advanced Micro Devices INC.
-      ValidFrom: '2019-02-13 00:00:00'
-      ValidTo: '2022-02-13 23:59:59'
-      Signature: 8c521a9a934b3e45eaccd7ed8e301606b9e25215b4914181c8dfb5226b0e0e96df11e24e5d5985637b0ed21b121b6b46cc448cea697a0cb62faccc7cd5ec515797e424cf9e28634da84b95fa2eef52f8b9cc0752b6a161bae0be9f4924d7fd9a8fe5443177f16025dbf020287184581d3b1eed67fa369b80eb66cb70050089965da0bf36d68dd303738ac99edff5b7943ce863c4f3b2833a04576e6a28555c630d91bd4ea9f0ca41c0d97b07240c1059bc4a6cbe58276fede21f22de0ec57efe20b33ee4b2bb35cbfb1e5590193aa35368e728a09d27c3bf8e84815c66e092b91e63d025665756aa8e73f847b5506e6b118dde05bf7d72547ec2146d8b9dec80
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 1885b7e188d8fafd38a43d48967d7488
-      Version: 3
-      TBS:
-        MD5: 7383bf699bcb229fcf33802fe77d95fc
-        SHA1: 9b497b4a98173e0e91517daae8e47ca0fce3ff21
-        SHA256: 79ea901ff84d0e090348148fd3b9be496ee45e0e852ec8582b27c6d46f11b5b0
-        SHA384: dc879c437e176bfe1e9de208ba3cef533290598e81031e9210f2a8c0f79a15415106632a881a3d24aadf385c2c6861c6
-    - Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 SHA256 Code Signing CA
-      ValidFrom: '2013-12-10 00:00:00'
-      ValidTo: '2023-12-09 23:59:59'
-      Signature: 13851a1e69a937f7a0bda4af7e1d6153fe9d8c5e0ca6751e781723ddfdec1a035539fb7195c7655aa78e30d2445a61db706fda2105c22e73ba49f1d193fe5dc9cd5e03e0899e3f741ed7f7388ba9d6cfbb352f3358a89256d1c84d3b82e6798416fc28b0b147f31da23eee87d9a67fa456a53fad842e29de7cbca8aaa33d0401eaba93a20e502229174c87e43a115fd6a425899b056b2fb4c9014c277b0bac190522a060153fdac9fb4d4c8ffb726777fd2794c7ba350e8849fe8dfd28af4a12bd0db39705de440c15fa362b03dcc15001f1a1115d14e5e2bd274b54be2b845e0fa6c374050aef97c38922b11f77f3bdcd43d4f14ca93fb58b84af64f2d01421
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 3d78d7f9764960b2617df4f01eca862a
-      Version: 3
-      TBS:
-        MD5: 1f056ff7d5f874984dc605402b7cb042
-        SHA1: bdb348353a2203deb4b767914fa1bd7248dd728b
-        SHA256: a08e79c386083d875014c409c13d144e0a24386132980df11ff59737c8489eb1
-        SHA384: fa2729064b49e0d77540c1ee95d5f74acaf8eaf55197851a3a40383335f8113e51190bc48b552196edf8ac5cf0c89278
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    Signer:
-    - SerialNumber: 1885b7e188d8fafd38a43d48967d7488
-      Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 SHA256 Code Signing CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 9990d4d15399398bec3db3cb0c9e8325
-    SHA1: b56324b264afb241699d458766ceb579c0673865
-    SHA256: 71f9335e8816749364c86420bfc49b98aab207a3e4a3b1ed15cafded88f0cfee
-  Sections:
-    .text:
-      Entropy: 6.047793364690818
-      Virtual Size: '0x8b5a'
-    .rdata:
-      Entropy: 4.517008948968409
-      Virtual Size: '0xb24'
-    .data:
-      Entropy: 2.2954118276054416
-      Virtual Size: '0x20cb0'
-    .pdata:
-      Entropy: 4.587047800502242
-      Virtual Size: '0x4ec'
-    .gfids:
-      Entropy: 0.8112781244591328
-      Virtual Size: '0x4'
-    PAGE:
-      Entropy: 6.327839203234547
-      Virtual Size: '0x1ae4'
-    INIT:
-      Entropy: 5.11053085735039
-      Virtual Size: '0x6fe'
-    .rsrc:
-      Entropy: 3.2691503236624437
-      Virtual Size: '0x3c8'
-    .reloc:
-      Entropy: 3.3999429145127564
-      Virtual Size: '0x34'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2019-05-28 03:32:51'
-  Imphash: 8bbc742eaed888736a715757f0584fb6
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: AMDRyzenMasterDriver.sys
-  MD5: 13ee349c15ee5d6cf640b3d0111ffc0e
-  SHA1: 4f7a8e26a97980544be634b26899afbefb0a833c
-  SHA256: a13054f349b7baa8c8a3fcbd31789807a493cc52224bbff5e412eb2bd52a6433
-  Signature:
-  - Advanced Micro Devices INC.
-  - Symantec Class 3 SHA256 Code Signing CA
-  - VeriSign
-  Date: ''
-  Publisher: ''
-  Company: Advanced Micro Devices
-  Description: AMD Ryzen Master Service Driver
-  Product: AMD Ryzen Master Service Driver
-  ProductVersion: 1.3.0.0
-  FileVersion: 1.3.0.0
-  MachineType: AMD64
-  OriginalFilename: AMDRyzenMasterDriver.sys
-  Authentihash:
-    MD5: aa6e3970343cb83f7c924e98aeaf0c85
-    SHA1: c29a625c02bf49f3f055db90b280a1f201c59975
-    SHA256: 001cd8b2ce1932d1a8c32bc2d643ee4fa6f67626d1b6895beea916285450566c
-  InternalName: AMDRyzenMasterDriver.sys
-  Copyright: "Copyright \xA9 2018 AMD, Inc."
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  - WDFLDR.SYS
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - KeLeaveCriticalRegion
-  - MmMapIoSpace
-  - MmUnmapIoSpace
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - MmBuildMdlForNonPagedPool
-  - MmMapLockedPagesSpecifyCache
-  - MmUnmapLockedPages
-  - IoAllocateMdl
-  - IoFreeMdl
-  - MmGetSystemRoutineAddress
-  - ZwClose
-  - ZwSetSecurityObject
-  - IoDeviceObjectType
-  - IoCreateDevice
-  - KeEnterCriticalRegion
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - RtlGetSaclSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - _snwprintf
-  - RtlLengthSecurityDescriptor
-  - SeExports
-  - RtlCreateSecurityDescriptor
-  - _wcsnicmp
-  - wcschr
-  - RtlAbsoluteToSelfRelativeSD
-  - RtlAddAccessAllowedAce
-  - RtlLengthSid
-  - IoIsWdmVersionAvailable
-  - RtlSetDaclSecurityDescriptor
-  - ZwOpenKey
-  - ZwSetValueKey
-  - ZwQueryValueKey
-  - ZwCreateKey
-  - RtlFreeUnicodeString
-  - KeDelayExecutionThread
-  - RtlGetVersion
-  - DbgPrint
-  - RtlCopyUnicodeString
-  - RtlInitUnicodeString
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - ObOpenObjectByPointer
-  - strncmp
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  - WdfVersionBind
-  - WdfVersionUnbind
-  - WdfVersionBindClass
-  - WdfVersionUnbindClass
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, ST=California, L=Santa Clara, O=Advanced Micro Devices INC.,
-        CN=Advanced Micro Devices INC.
-      ValidFrom: '2019-02-13 00:00:00'
-      ValidTo: '2022-02-13 23:59:59'
-      Signature: 8c521a9a934b3e45eaccd7ed8e301606b9e25215b4914181c8dfb5226b0e0e96df11e24e5d5985637b0ed21b121b6b46cc448cea697a0cb62faccc7cd5ec515797e424cf9e28634da84b95fa2eef52f8b9cc0752b6a161bae0be9f4924d7fd9a8fe5443177f16025dbf020287184581d3b1eed67fa369b80eb66cb70050089965da0bf36d68dd303738ac99edff5b7943ce863c4f3b2833a04576e6a28555c630d91bd4ea9f0ca41c0d97b07240c1059bc4a6cbe58276fede21f22de0ec57efe20b33ee4b2bb35cbfb1e5590193aa35368e728a09d27c3bf8e84815c66e092b91e63d025665756aa8e73f847b5506e6b118dde05bf7d72547ec2146d8b9dec80
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 1885b7e188d8fafd38a43d48967d7488
-      Version: 3
-      TBS:
-        MD5: 7383bf699bcb229fcf33802fe77d95fc
-        SHA1: 9b497b4a98173e0e91517daae8e47ca0fce3ff21
-        SHA256: 79ea901ff84d0e090348148fd3b9be496ee45e0e852ec8582b27c6d46f11b5b0
-        SHA384: dc879c437e176bfe1e9de208ba3cef533290598e81031e9210f2a8c0f79a15415106632a881a3d24aadf385c2c6861c6
-    - Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 SHA256 Code Signing CA
-      ValidFrom: '2013-12-10 00:00:00'
-      ValidTo: '2023-12-09 23:59:59'
-      Signature: 13851a1e69a937f7a0bda4af7e1d6153fe9d8c5e0ca6751e781723ddfdec1a035539fb7195c7655aa78e30d2445a61db706fda2105c22e73ba49f1d193fe5dc9cd5e03e0899e3f741ed7f7388ba9d6cfbb352f3358a89256d1c84d3b82e6798416fc28b0b147f31da23eee87d9a67fa456a53fad842e29de7cbca8aaa33d0401eaba93a20e502229174c87e43a115fd6a425899b056b2fb4c9014c277b0bac190522a060153fdac9fb4d4c8ffb726777fd2794c7ba350e8849fe8dfd28af4a12bd0db39705de440c15fa362b03dcc15001f1a1115d14e5e2bd274b54be2b845e0fa6c374050aef97c38922b11f77f3bdcd43d4f14ca93fb58b84af64f2d01421
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 3d78d7f9764960b2617df4f01eca862a
-      Version: 3
-      TBS:
-        MD5: 1f056ff7d5f874984dc605402b7cb042
-        SHA1: bdb348353a2203deb4b767914fa1bd7248dd728b
-        SHA256: a08e79c386083d875014c409c13d144e0a24386132980df11ff59737c8489eb1
-        SHA384: fa2729064b49e0d77540c1ee95d5f74acaf8eaf55197851a3a40383335f8113e51190bc48b552196edf8ac5cf0c89278
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    Signer:
-    - SerialNumber: 1885b7e188d8fafd38a43d48967d7488
-      Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 SHA256 Code Signing CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 9990d4d15399398bec3db3cb0c9e8325
-    SHA1: b56324b264afb241699d458766ceb579c0673865
-    SHA256: 71f9335e8816749364c86420bfc49b98aab207a3e4a3b1ed15cafded88f0cfee
-  Sections:
-    .text:
-      Entropy: 6.044179809822067
-      Virtual Size: '0x8b2a'
-    .rdata:
-      Entropy: 4.528269919234319
-      Virtual Size: '0xb24'
-    .data:
-      Entropy: 2.2972053741563294
-      Virtual Size: '0x20cb0'
-    .pdata:
-      Entropy: 4.623524017696745
-      Virtual Size: '0x4ec'
-    .gfids:
-      Entropy: 0.8112781244591328
-      Virtual Size: '0x4'
-    PAGE:
-      Entropy: 6.329420837545584
-      Virtual Size: '0x1ae4'
-    INIT:
-      Entropy: 5.11053085735039
-      Virtual Size: '0x6fe'
-    .rsrc:
-      Entropy: 3.278321646553536
-      Virtual Size: '0x3c8'
-    .reloc:
-      Entropy: 3.3999429145127564
-      Virtual Size: '0x34'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2019-05-13 02:14:16'
-  Imphash: 8bbc742eaed888736a715757f0584fb6
-  LoadsDespiteHVCI: 'FALSE'
-Tags:
-- AMDRyzenMasterDriver.sys
+-   Filename: AMDRyzenMasterDriver.sys
+    MD5: f16b44cca74d3c3645e4c0a6bb5c0cb9
+    SHA1: eceb51233f013e04406da11482324d45e70281c7
+    SHA256: 7e81beae78e1ddbf6c150e15667e1f18783f9b0ab7fbe52c7ab63e754135948d
+    Authentihash:
+        MD5: 56d3a74361bd38be9c8ee476f0063f16
+        SHA1: 8facd7c1efbfb3b44cde04cc1b9a1f24d171c2b8
+        SHA256: ab1c74ed1ea4fc7a613aa22fd87ee4251ede260862fdebde2d7d2f00c0f23371
+    Description: AMD Ryzen Master Service Driver
+    Company: Advanced Micro Devices
+    InternalName: AMDRyzenMasterDriver.sys
+    OriginalFilename: AMDRyzenMasterDriver.sys
+    FileVersion: 1.3.0.0
+    Product: AMD Ryzen Master Service Driver
+    ProductVersion: 1.3.0.0
+    Copyright: "Copyright \xA9 2018 AMD, Inc."
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    - WDFLDR.SYS
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - KeLeaveCriticalRegion
+    - MmMapIoSpace
+    - MmUnmapIoSpace
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - MmBuildMdlForNonPagedPool
+    - MmMapLockedPagesSpecifyCache
+    - MmUnmapLockedPages
+    - IoAllocateMdl
+    - IoFreeMdl
+    - MmGetSystemRoutineAddress
+    - ZwClose
+    - ZwSetSecurityObject
+    - IoDeviceObjectType
+    - IoCreateDevice
+    - KeEnterCriticalRegion
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - RtlGetSaclSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - _snwprintf
+    - RtlLengthSecurityDescriptor
+    - SeExports
+    - RtlCreateSecurityDescriptor
+    - _wcsnicmp
+    - wcschr
+    - RtlAbsoluteToSelfRelativeSD
+    - RtlAddAccessAllowedAce
+    - RtlLengthSid
+    - IoIsWdmVersionAvailable
+    - RtlSetDaclSecurityDescriptor
+    - ZwOpenKey
+    - ZwSetValueKey
+    - ZwQueryValueKey
+    - ZwCreateKey
+    - RtlFreeUnicodeString
+    - KeDelayExecutionThread
+    - RtlGetVersion
+    - DbgPrint
+    - RtlCopyUnicodeString
+    - RtlInitUnicodeString
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - ObOpenObjectByPointer
+    - strncmp
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    - WdfVersionBind
+    - WdfVersionUnbind
+    - WdfVersionBindClass
+    - WdfVersionUnbindClass
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, ST=Washington, L=Bellevue, O=Advanced Micro Devices Inc.,
+                CN=Advanced Micro Devices Inc.
+            ValidFrom: '2016-04-04 00:00:00'
+            ValidTo: '2019-04-04 23:59:59'
+            Signature: 954826dae788da2592d025efce7ccbdd68d9c19fe3713a5d3a8737a82d44b47ef6693f473c99f765cfb98e51f7b149b2368000cbae6bf94ae721feecaa23fe179a8032dff1c646816c3467c50cd84d46846af15bba67838d8f4ae9fe6b504cf83737550a75ccacf02a71c856e8dd9007e2681a0445406da6a885000d9a1106112f9a74e2ddc12144162aa7c29fbc5c144e1640c533688eab20d87ed08fed8d05f866dfb6f7163ab6967ccecbda61024481948c2eb2b239b69b69962bdb71c6eb80f51cc907c4e9d13be15aaa96c43fa030bc03c6389cd64ab0a4201ca2342eb94e6fd71489a8695fb7f18f9073b14f8b8e5b32f39a38dfbc0ea2d02ce9c8122d
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 5ca430e4777412a8230bf839f782d4f7
+            Version: 3
+            TBS:
+                MD5: e2da6edfa1d1a4ba506520e5383f6873
+                SHA1: b2473031866c0b72c4fc8a1dd9d607939988bdc0
+                SHA256: 3c657f61ebc39ea4921cbb226ce8c728a336f4c05b21bf14bf61a68d2f8b9a63
+                SHA384: b812f2f80e5bb1d66a5043c49443eb3fdbefd666bdcfd582c0f1c714fdefef8787383232a838be64ff4bed56a282af6f
+        -   Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 SHA256 Code Signing CA
+            ValidFrom: '2013-12-10 00:00:00'
+            ValidTo: '2023-12-09 23:59:59'
+            Signature: 13851a1e69a937f7a0bda4af7e1d6153fe9d8c5e0ca6751e781723ddfdec1a035539fb7195c7655aa78e30d2445a61db706fda2105c22e73ba49f1d193fe5dc9cd5e03e0899e3f741ed7f7388ba9d6cfbb352f3358a89256d1c84d3b82e6798416fc28b0b147f31da23eee87d9a67fa456a53fad842e29de7cbca8aaa33d0401eaba93a20e502229174c87e43a115fd6a425899b056b2fb4c9014c277b0bac190522a060153fdac9fb4d4c8ffb726777fd2794c7ba350e8849fe8dfd28af4a12bd0db39705de440c15fa362b03dcc15001f1a1115d14e5e2bd274b54be2b845e0fa6c374050aef97c38922b11f77f3bdcd43d4f14ca93fb58b84af64f2d01421
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 3d78d7f9764960b2617df4f01eca862a
+            Version: 3
+            TBS:
+                MD5: 1f056ff7d5f874984dc605402b7cb042
+                SHA1: bdb348353a2203deb4b767914fa1bd7248dd728b
+                SHA256: a08e79c386083d875014c409c13d144e0a24386132980df11ff59737c8489eb1
+                SHA384: fa2729064b49e0d77540c1ee95d5f74acaf8eaf55197851a3a40383335f8113e51190bc48b552196edf8ac5cf0c89278
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        Signer:
+        -   SerialNumber: 5ca430e4777412a8230bf839f782d4f7
+            Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 SHA256 Code Signing CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 6484a006a3f0542c3436d324dd3fa12c
+        SHA1: 23af6a8f0bfbf1bd7fab42b797a48e6ac38386e6
+        SHA256: a4866bda36b9be027705429c8cbc967b7e5c0e2bdb66338bdec5d9163929aef0
+    Sections:
+        .text:
+            Entropy: 6.048114488845268
+            Virtual Size: '0x8baa'
+        .rdata:
+            Entropy: 4.373606717521472
+            Virtual Size: '0xe10'
+        .data:
+            Entropy: 2.2935568747802817
+            Virtual Size: '0x20cb8'
+        .pdata:
+            Entropy: 4.631632837457454
+            Virtual Size: '0x51c'
+        .gfids:
+            Entropy: 0.8112781244591328
+            Virtual Size: '0x4'
+        PAGE:
+            Entropy: 6.374038212894357
+            Virtual Size: '0x18fd'
+        INIT:
+            Entropy: 5.110575836222027
+            Virtual Size: '0x6fe'
+        .rsrc:
+            Entropy: 3.278321646553536
+            Virtual Size: '0x3c8'
+        .reloc:
+            Entropy: 3.6401911491614793
+            Virtual Size: '0x38'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2018-10-17 22:47:22'
+    Imphash: 8bbc742eaed888736a715757f0584fb6
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: AMDRyzenMasterDriver.sys
+    MD5: 130c5aec46bdec8d534df7222d160fdb
+    SHA1: fac870d438bf62ecd5d5c8c58cc9bfda6f246b8b
+    SHA256: 909de5f21837ea2b13fdc4e5763589e6bdedb903f7c04e1d0b08776639774880
+    Authentihash:
+        MD5: baad4335bf64311b512e159d47cfb3c7
+        SHA1: dbfd5f346b6117941139006b9c7d88a4d9a6b04f
+        SHA256: 679de7449908838c031db59234cb4f482fbf5d27d7e02d0c30d5ad9d2f36495f
+    Description: AMD Ryzen Master Service Driver
+    Company: Advanced Micro Devices
+    InternalName: AMDRyzenMasterDriver.sys
+    OriginalFilename: AMDRyzenMasterDriver.sys
+    FileVersion: 1.5.0.0
+    Product: AMD Ryzen Master Service Driver
+    ProductVersion: 1.5.0.0
+    Copyright: "Copyright \xA9 2020 AMD, Inc."
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    - WDFLDR.SYS
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - KeLeaveCriticalRegion
+    - MmMapIoSpace
+    - MmUnmapIoSpace
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - MmBuildMdlForNonPagedPool
+    - MmMapLockedPagesSpecifyCache
+    - MmUnmapLockedPages
+    - IoAllocateMdl
+    - IoFreeMdl
+    - MmGetSystemRoutineAddress
+    - ZwClose
+    - ZwSetSecurityObject
+    - IoDeviceObjectType
+    - IoCreateDevice
+    - KeEnterCriticalRegion
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - RtlGetSaclSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - _snwprintf
+    - RtlLengthSecurityDescriptor
+    - SeExports
+    - RtlCreateSecurityDescriptor
+    - _wcsnicmp
+    - wcschr
+    - RtlAbsoluteToSelfRelativeSD
+    - RtlAddAccessAllowedAce
+    - RtlLengthSid
+    - IoIsWdmVersionAvailable
+    - RtlSetDaclSecurityDescriptor
+    - ZwOpenKey
+    - ZwSetValueKey
+    - ZwQueryValueKey
+    - ZwCreateKey
+    - RtlFreeUnicodeString
+    - KeDelayExecutionThread
+    - RtlGetVersion
+    - DbgPrint
+    - RtlCopyUnicodeString
+    - RtlInitUnicodeString
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - ObOpenObjectByPointer
+    - strncmp
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    - WdfVersionBind
+    - WdfVersionUnbind
+    - WdfVersionBindClass
+    - WdfVersionUnbindClass
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, ST=California, L=Santa Clara, O=Advanced Micro Devices
+                INC., CN=Advanced Micro Devices INC.
+            ValidFrom: '2019-02-13 00:00:00'
+            ValidTo: '2022-02-13 23:59:59'
+            Signature: 8c521a9a934b3e45eaccd7ed8e301606b9e25215b4914181c8dfb5226b0e0e96df11e24e5d5985637b0ed21b121b6b46cc448cea697a0cb62faccc7cd5ec515797e424cf9e28634da84b95fa2eef52f8b9cc0752b6a161bae0be9f4924d7fd9a8fe5443177f16025dbf020287184581d3b1eed67fa369b80eb66cb70050089965da0bf36d68dd303738ac99edff5b7943ce863c4f3b2833a04576e6a28555c630d91bd4ea9f0ca41c0d97b07240c1059bc4a6cbe58276fede21f22de0ec57efe20b33ee4b2bb35cbfb1e5590193aa35368e728a09d27c3bf8e84815c66e092b91e63d025665756aa8e73f847b5506e6b118dde05bf7d72547ec2146d8b9dec80
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 1885b7e188d8fafd38a43d48967d7488
+            Version: 3
+            TBS:
+                MD5: 7383bf699bcb229fcf33802fe77d95fc
+                SHA1: 9b497b4a98173e0e91517daae8e47ca0fce3ff21
+                SHA256: 79ea901ff84d0e090348148fd3b9be496ee45e0e852ec8582b27c6d46f11b5b0
+                SHA384: dc879c437e176bfe1e9de208ba3cef533290598e81031e9210f2a8c0f79a15415106632a881a3d24aadf385c2c6861c6
+        -   Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 SHA256 Code Signing CA
+            ValidFrom: '2013-12-10 00:00:00'
+            ValidTo: '2023-12-09 23:59:59'
+            Signature: 13851a1e69a937f7a0bda4af7e1d6153fe9d8c5e0ca6751e781723ddfdec1a035539fb7195c7655aa78e30d2445a61db706fda2105c22e73ba49f1d193fe5dc9cd5e03e0899e3f741ed7f7388ba9d6cfbb352f3358a89256d1c84d3b82e6798416fc28b0b147f31da23eee87d9a67fa456a53fad842e29de7cbca8aaa33d0401eaba93a20e502229174c87e43a115fd6a425899b056b2fb4c9014c277b0bac190522a060153fdac9fb4d4c8ffb726777fd2794c7ba350e8849fe8dfd28af4a12bd0db39705de440c15fa362b03dcc15001f1a1115d14e5e2bd274b54be2b845e0fa6c374050aef97c38922b11f77f3bdcd43d4f14ca93fb58b84af64f2d01421
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 3d78d7f9764960b2617df4f01eca862a
+            Version: 3
+            TBS:
+                MD5: 1f056ff7d5f874984dc605402b7cb042
+                SHA1: bdb348353a2203deb4b767914fa1bd7248dd728b
+                SHA256: a08e79c386083d875014c409c13d144e0a24386132980df11ff59737c8489eb1
+                SHA384: fa2729064b49e0d77540c1ee95d5f74acaf8eaf55197851a3a40383335f8113e51190bc48b552196edf8ac5cf0c89278
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        Signer:
+        -   SerialNumber: 1885b7e188d8fafd38a43d48967d7488
+            Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 SHA256 Code Signing CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 6d6b8554188fb7411ca051ba2dff2781
+        SHA1: e72511c1833327ca1c8a601928d34423474dc29f
+        SHA256: 627de079d57aa0a30e00513bea298e3d0d1da718e568f8e13520afe3762f3aff
+    Sections:
+        .text:
+            Entropy: 6.041395171015692
+            Virtual Size: '0x8aca'
+        .rdata:
+            Entropy: 4.6845155343102025
+            Virtual Size: '0xbac'
+        .data:
+            Entropy: 2.303788557291196
+            Virtual Size: '0x20ca8'
+        .pdata:
+            Entropy: 4.561536748565084
+            Virtual Size: '0x4f8'
+        PAGE:
+            Entropy: 6.28357086298352
+            Virtual Size: '0x1b94'
+        INIT:
+            Entropy: 5.169922110711239
+            Virtual Size: '0x6fe'
+        .rsrc:
+            Entropy: 3.2708067652420643
+            Virtual Size: '0x3c8'
+        .reloc:
+            Entropy: 3.4421266343442025
+            Virtual Size: '0x34'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2019-12-15 22:10:07'
+    Imphash: 8bbc742eaed888736a715757f0584fb6
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: AMDRyzenMasterDriver.sys
+    MD5: 013719e840e955c2e4cd9d18c94a2625
+    SHA1: b74338c91c6effabc02ae0ced180428ab1024c7d
+    SHA256: 9b1ac756e35f795dd91adbc841e78db23cb7165280f8d4a01df663128b66d194
+    Authentihash:
+        MD5: 008ebc7b97c6e3c036bc3d51e4166027
+        SHA1: f0a89a5719eff19884d6674bd60c1249876e71b9
+        SHA256: ddc5ff33a19baf1630a92723b5d0103fcc9ca58ee2a548526b9439eec3c97fe8
+    Description: AMD Ryzen Master Service Driver
+    Company: Advanced Micro Devices
+    InternalName: AMDRyzenMasterDriver.sys
+    OriginalFilename: AMDRyzenMasterDriver.sys
+    FileVersion: 1.1.0.0
+    Product: AMD Ryzen Master Service Driver
+    ProductVersion: 1.1.0.0
+    Copyright: "Copyright \xA9 2017 AMD, Inc."
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    - WDFLDR.SYS
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - MmMapIoSpace
+    - MmUnmapIoSpace
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - MmBuildMdlForNonPagedPool
+    - MmMapLockedPagesSpecifyCache
+    - MmUnmapLockedPages
+    - IoAllocateMdl
+    - IoFreeMdl
+    - MmGetSystemRoutineAddress
+    - ObOpenObjectByPointer
+    - IoDeviceObjectType
+    - IoCreateDevice
+    - ZwSetSecurityObject
+    - ZwClose
+    - KeLeaveCriticalRegion
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetSaclSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - RtlLengthSecurityDescriptor
+    - _snwprintf
+    - RtlCreateSecurityDescriptor
+    - RtlLengthSid
+    - SeExports
+    - IoIsWdmVersionAvailable
+    - RtlAbsoluteToSelfRelativeSD
+    - RtlAddAccessAllowedAce
+    - RtlSetDaclSecurityDescriptor
+    - _wcsnicmp
+    - wcschr
+    - ZwOpenKey
+    - ZwQueryValueKey
+    - RtlFreeUnicodeString
+    - ZwSetValueKey
+    - ZwCreateKey
+    - KeBugCheckEx
+    - KeEnterCriticalRegion
+    - KeDelayExecutionThread
+    - DbgPrint
+    - RtlCopyUnicodeString
+    - RtlInitUnicodeString
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - RtlGetOwnerSecurityDescriptor
+    - strncmp
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    - WdfVersionUnbind
+    - WdfVersionBind
+    - WdfVersionBindClass
+    - WdfVersionUnbindClass
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, ST=California, L=Sunnyvale, O=Advanced Micro Devices, Inc.,
+                CN=Advanced Micro Devices, Inc.
+            ValidFrom: '2016-06-16 00:00:00'
+            ValidTo: '2019-07-16 23:59:59'
+            Signature: a7e55605825dfbd1b68d884b19685d8a578891d427b776f584d93b0ee66a7f2bace57691884dd480e47dceba8506dcf432f8341e99b87c76751ccbf7086d570de39d83b1770c21ba699169bdff0645659289bcf989329ee0e187064e774dc338f9112edc66c104a6237e1687974a89b00e9e6e428b1581a769ca7b1cd017c317509ecdb2ce1ff410e80d91d167437d9d93efe9e103bb0d513bb821ceda37550bfaae4160fa445ba09afe9141bf45b44a28f80e5d32edc5ac63b27139b0264d7c80e58c1d1b12f47f9fe8f8d673d7b2fbf5acd023fe3ff8a3504d5cfe6c89edbbfc819dea2974720785e0463eb7d99aafea40178b942aeea5dcb91dff62610930
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 72dcd35b1dbbf28f0f9848ec766a1bdf
+            Version: 3
+            TBS:
+                MD5: 9aa40e03c13b5fea2e7e45e7a22ebe3d
+                SHA1: 3fddce5ae05f39f1ee992d32f7393e65a88d4ac2
+                SHA256: 1945901906ad5ade7732c453ad5cbed008f32b602ca52e5b2509680a3860f271
+                SHA384: 4c0d5c934bd27664155d80c73c72fca777bf12ab972aee8d418b9d05c74e48f69a6b80619132d50a29c00e83753ed099
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 72dcd35b1dbbf28f0f9848ec766a1bdf
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 87b708150cf6d7ba4ab6ad6b9ed4ac0b
+        SHA1: ef1170f87bcf19dc0e7f90afb1d50c1f34d5b3e5
+        SHA256: aae245bf274b2e8c005a03cbd57a3a3e2a5f0b52f544fc740032631662e9547e
+    Sections:
+        .text:
+            Entropy: 6.056885786535907
+            Virtual Size: '0x889a'
+        .rdata:
+            Entropy: 4.614076959395885
+            Virtual Size: '0xac4'
+        .data:
+            Entropy: 2.270167462468422
+            Virtual Size: '0x21918'
+        .pdata:
+            Entropy: 4.623565713265635
+            Virtual Size: '0x4e0'
+        .gfids:
+            Entropy: 1.5
+            Virtual Size: '0x4'
+        PAGE:
+            Entropy: 6.3311010402973205
+            Virtual Size: '0x1ae4'
+        INIT:
+            Entropy: 5.298320304217028
+            Virtual Size: '0x736'
+        .rsrc:
+            Entropy: 3.2657061939285486
+            Virtual Size: '0x3c8'
+        .reloc:
+            Entropy: 3.5944825065194204
+            Virtual Size: '0x34'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2017-04-24 23:40:43'
+    Imphash: bb437241f56020db0fcbf8f8629bdb07
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: AMDRyzenMasterDriver.sys
+    MD5: aa12c1cb47c443c6108bfe7fc1a34d98
+    SHA1: 88d00eff21221f95a0307da229bc9fe1afb6861b
+    SHA256: af1011c76a22af7be97a0b3e0ce11aca0509820c59fa7c8eeaaa1b2c0225f75a
+    Authentihash:
+        MD5: daaff8865677433e85f79ac4ceb6be54
+        SHA1: 588d359fa0e976507d2bad89a24de2d3dab34b64
+        SHA256: 0ad2d2fe1b16e42f43788dae1f0f45031b5025ef6bcc52360e18812820682f04
+    Description: AMD Ryzen Master Service Driver
+    Company: Advanced Micro Devices
+    InternalName: AMDRyzenMasterDriver.sys
+    OriginalFilename: AMDRyzenMasterDriver.sys
+    FileVersion: 1.0.0
+    Product: AMD Ryzen Master Service Driver
+    ProductVersion: 1.0.0
+    Copyright: "Copyright \xA9 2017 AMD, Inc."
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    - WDFLDR.SYS
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - MmMapIoSpace
+    - MmUnmapIoSpace
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - MmBuildMdlForNonPagedPool
+    - MmMapLockedPagesSpecifyCache
+    - MmUnmapLockedPages
+    - IoAllocateMdl
+    - IoFreeMdl
+    - MmGetSystemRoutineAddress
+    - ObOpenObjectByPointer
+    - IoDeviceObjectType
+    - IoCreateDevice
+    - ZwSetSecurityObject
+    - ZwClose
+    - KeLeaveCriticalRegion
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetSaclSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - RtlLengthSecurityDescriptor
+    - _snwprintf
+    - RtlCreateSecurityDescriptor
+    - RtlLengthSid
+    - SeExports
+    - IoIsWdmVersionAvailable
+    - RtlAbsoluteToSelfRelativeSD
+    - RtlAddAccessAllowedAce
+    - RtlSetDaclSecurityDescriptor
+    - _wcsnicmp
+    - wcschr
+    - ZwOpenKey
+    - ZwQueryValueKey
+    - RtlFreeUnicodeString
+    - ZwSetValueKey
+    - ZwCreateKey
+    - KeBugCheckEx
+    - KeEnterCriticalRegion
+    - KeDelayExecutionThread
+    - DbgPrint
+    - RtlCopyUnicodeString
+    - RtlInitUnicodeString
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - RtlGetOwnerSecurityDescriptor
+    - strncmp
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    - WdfVersionUnbind
+    - WdfVersionBind
+    - WdfVersionBindClass
+    - WdfVersionUnbindClass
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, ST=California, L=Sunnyvale, O=Advanced Micro Devices, Inc.,
+                CN=Advanced Micro Devices, Inc.
+            ValidFrom: '2016-06-16 00:00:00'
+            ValidTo: '2019-07-16 23:59:59'
+            Signature: a7e55605825dfbd1b68d884b19685d8a578891d427b776f584d93b0ee66a7f2bace57691884dd480e47dceba8506dcf432f8341e99b87c76751ccbf7086d570de39d83b1770c21ba699169bdff0645659289bcf989329ee0e187064e774dc338f9112edc66c104a6237e1687974a89b00e9e6e428b1581a769ca7b1cd017c317509ecdb2ce1ff410e80d91d167437d9d93efe9e103bb0d513bb821ceda37550bfaae4160fa445ba09afe9141bf45b44a28f80e5d32edc5ac63b27139b0264d7c80e58c1d1b12f47f9fe8f8d673d7b2fbf5acd023fe3ff8a3504d5cfe6c89edbbfc819dea2974720785e0463eb7d99aafea40178b942aeea5dcb91dff62610930
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 72dcd35b1dbbf28f0f9848ec766a1bdf
+            Version: 3
+            TBS:
+                MD5: 9aa40e03c13b5fea2e7e45e7a22ebe3d
+                SHA1: 3fddce5ae05f39f1ee992d32f7393e65a88d4ac2
+                SHA256: 1945901906ad5ade7732c453ad5cbed008f32b602ca52e5b2509680a3860f271
+                SHA384: 4c0d5c934bd27664155d80c73c72fca777bf12ab972aee8d418b9d05c74e48f69a6b80619132d50a29c00e83753ed099
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 72dcd35b1dbbf28f0f9848ec766a1bdf
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 87b708150cf6d7ba4ab6ad6b9ed4ac0b
+        SHA1: ef1170f87bcf19dc0e7f90afb1d50c1f34d5b3e5
+        SHA256: aae245bf274b2e8c005a03cbd57a3a3e2a5f0b52f544fc740032631662e9547e
+    Sections:
+        .text:
+            Entropy: 6.055276530150317
+            Virtual Size: '0x889a'
+        .rdata:
+            Entropy: 4.617735799466591
+            Virtual Size: '0xac4'
+        .data:
+            Entropy: 2.329285274671635
+            Virtual Size: '0x21918'
+        .pdata:
+            Entropy: 4.653435999483515
+            Virtual Size: '0x4e0'
+        .gfids:
+            Entropy: 1.5
+            Virtual Size: '0x4'
+        PAGE:
+            Entropy: 6.332351249692235
+            Virtual Size: '0x1ae4'
+        INIT:
+            Entropy: 5.298759149028588
+            Virtual Size: '0x736'
+        .rsrc:
+            Entropy: 3.258458366375691
+            Virtual Size: '0x3c0'
+        .reloc:
+            Entropy: 3.5944825065194204
+            Virtual Size: '0x34'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2017-03-27 21:29:24'
+    Imphash: bb437241f56020db0fcbf8f8629bdb07
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: AMDRyzenMasterDriver.sys
+    MD5: 0490f5961e0980792f5cb5aedf081dd7
+    SHA1: 4786253daac6c60ffc0d2871fdd68023ec93dfb3
+    SHA256: f6cd7353cb6e86e98d387473ed6340f9b44241867508e209e944f548b9db1d5f
+    Authentihash:
+        MD5: 74e9ae3f89ff8fcf94f0407f7b94f680
+        SHA1: 4fce761086a78302bf6409d4be2c057e3389210d
+        SHA256: 192a27335de23a008c05efe24ea1fa0f633dd8ddc68d904466e4e2741a0bb645
+    Description: AMD Ryzen Master Service Driver
+    Company: Advanced Micro Devices
+    InternalName: AMDRyzenMasterDriver.sys
+    OriginalFilename: AMDRyzenMasterDriver.sys
+    FileVersion: 1.2.0.0
+    Product: AMD Ryzen Master Service Driver
+    ProductVersion: 1.2.0.0
+    Copyright: "Copyright \xA9 2017 AMD, Inc."
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    - WDFLDR.SYS
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - MmMapIoSpace
+    - MmUnmapIoSpace
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - MmBuildMdlForNonPagedPool
+    - MmMapLockedPagesSpecifyCache
+    - MmUnmapLockedPages
+    - IoAllocateMdl
+    - IoFreeMdl
+    - MmGetSystemRoutineAddress
+    - ZwClose
+    - ZwSetSecurityObject
+    - IoDeviceObjectType
+    - IoCreateDevice
+    - ObOpenObjectByPointer
+    - KeLeaveCriticalRegion
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - RtlGetSaclSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - _snwprintf
+    - RtlLengthSecurityDescriptor
+    - SeExports
+    - RtlCreateSecurityDescriptor
+    - _wcsnicmp
+    - wcschr
+    - RtlAbsoluteToSelfRelativeSD
+    - RtlAddAccessAllowedAce
+    - RtlLengthSid
+    - IoIsWdmVersionAvailable
+    - RtlSetDaclSecurityDescriptor
+    - ZwOpenKey
+    - ZwSetValueKey
+    - ZwQueryValueKey
+    - ZwCreateKey
+    - RtlFreeUnicodeString
+    - KeBugCheckEx
+    - KeEnterCriticalRegion
+    - KeDelayExecutionThread
+    - DbgPrint
+    - RtlCopyUnicodeString
+    - RtlInitUnicodeString
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - RtlGetDaclSecurityDescriptor
+    - strncmp
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    - WdfVersionUnbind
+    - WdfVersionBind
+    - WdfVersionBindClass
+    - WdfVersionUnbindClass
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, ST=California, L=Sunnyvale, O=Advanced Micro Devices, Inc.,
+                CN=Advanced Micro Devices, Inc.
+            ValidFrom: '2016-06-16 00:00:00'
+            ValidTo: '2019-07-16 23:59:59'
+            Signature: a7e55605825dfbd1b68d884b19685d8a578891d427b776f584d93b0ee66a7f2bace57691884dd480e47dceba8506dcf432f8341e99b87c76751ccbf7086d570de39d83b1770c21ba699169bdff0645659289bcf989329ee0e187064e774dc338f9112edc66c104a6237e1687974a89b00e9e6e428b1581a769ca7b1cd017c317509ecdb2ce1ff410e80d91d167437d9d93efe9e103bb0d513bb821ceda37550bfaae4160fa445ba09afe9141bf45b44a28f80e5d32edc5ac63b27139b0264d7c80e58c1d1b12f47f9fe8f8d673d7b2fbf5acd023fe3ff8a3504d5cfe6c89edbbfc819dea2974720785e0463eb7d99aafea40178b942aeea5dcb91dff62610930
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 72dcd35b1dbbf28f0f9848ec766a1bdf
+            Version: 3
+            TBS:
+                MD5: 9aa40e03c13b5fea2e7e45e7a22ebe3d
+                SHA1: 3fddce5ae05f39f1ee992d32f7393e65a88d4ac2
+                SHA256: 1945901906ad5ade7732c453ad5cbed008f32b602ca52e5b2509680a3860f271
+                SHA384: 4c0d5c934bd27664155d80c73c72fca777bf12ab972aee8d418b9d05c74e48f69a6b80619132d50a29c00e83753ed099
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 72dcd35b1dbbf28f0f9848ec766a1bdf
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: c8e24840d3d344e161548f195f7bb0e3
+        SHA1: efd0bcc2165966f49eeadeb33ec6ba0e506801da
+        SHA256: 29493a0520c11b58053c1ae6895f291fb8f36a2cf1e483f2989891c23dbebf04
+    Sections:
+        .text:
+            Entropy: 6.051076636578072
+            Virtual Size: '0x899a'
+        .rdata:
+            Entropy: 4.550324534489092
+            Virtual Size: '0xaf4'
+        .data:
+            Entropy: 2.2680547590193103
+            Virtual Size: '0x218d8'
+        .pdata:
+            Entropy: 4.618148951031943
+            Virtual Size: '0x4e0'
+        .gfids:
+            Entropy: 0.8112781244591328
+            Virtual Size: '0x4'
+        PAGE:
+            Entropy: 6.337675978324415
+            Virtual Size: '0x1ae4'
+        INIT:
+            Entropy: 5.3115439107045965
+            Virtual Size: '0x736'
+        .rsrc:
+            Entropy: 3.273433236637118
+            Virtual Size: '0x3c8'
+        .reloc:
+            Entropy: 3.3999429145127564
+            Virtual Size: '0x34'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2017-11-13 22:58:28'
+    Imphash: 32b632f6379bfaac9f4f3a030a694f55
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: AMDRyzenMasterDriver.sys
+    MD5: 0be5c6476dd58072c93af4fca62ee4b3
+    SHA1: 5f8ae70b25b664433c6942d5963acadf2042cfe8
+    SHA256: ff9623317287358440ec67da9ba79994d9b17b99ffdd709ec836478fe1fc22a5
+    Authentihash:
+        MD5: 85f5af5f7200c76440823c16a70b2093
+        SHA1: 2f550bc5f89e2291f669b8a2d1910086bbea7532
+        SHA256: 207b6cea0c9f7e94a912b388d5e9f7ace3b6405114f64bcc425042a09170fcac
+    Description: AMD Ryzen Master Service Driver
+    Company: Advanced Micro Devices
+    InternalName: AMDRyzenMasterDriver.sys
+    OriginalFilename: AMDRyzenMasterDriver.sys
+    FileVersion: 1.4.0.0
+    Product: AMD Ryzen Master Service Driver
+    ProductVersion: 1.4.0.0
+    Copyright: "Copyright \xA9 2019 AMD, Inc."
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    - WDFLDR.SYS
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - KeLeaveCriticalRegion
+    - MmMapIoSpace
+    - MmUnmapIoSpace
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - MmBuildMdlForNonPagedPool
+    - MmMapLockedPagesSpecifyCache
+    - MmUnmapLockedPages
+    - IoAllocateMdl
+    - IoFreeMdl
+    - MmGetSystemRoutineAddress
+    - ZwClose
+    - ZwSetSecurityObject
+    - IoDeviceObjectType
+    - IoCreateDevice
+    - KeEnterCriticalRegion
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - RtlGetSaclSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - _snwprintf
+    - RtlLengthSecurityDescriptor
+    - SeExports
+    - RtlCreateSecurityDescriptor
+    - _wcsnicmp
+    - wcschr
+    - RtlAbsoluteToSelfRelativeSD
+    - RtlAddAccessAllowedAce
+    - RtlLengthSid
+    - IoIsWdmVersionAvailable
+    - RtlSetDaclSecurityDescriptor
+    - ZwOpenKey
+    - ZwSetValueKey
+    - ZwQueryValueKey
+    - ZwCreateKey
+    - RtlFreeUnicodeString
+    - KeDelayExecutionThread
+    - RtlGetVersion
+    - DbgPrint
+    - RtlCopyUnicodeString
+    - RtlInitUnicodeString
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - ObOpenObjectByPointer
+    - strncmp
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    - WdfVersionBind
+    - WdfVersionUnbind
+    - WdfVersionBindClass
+    - WdfVersionUnbindClass
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, ST=California, L=Santa Clara, O=Advanced Micro Devices
+                INC., CN=Advanced Micro Devices INC.
+            ValidFrom: '2019-02-13 00:00:00'
+            ValidTo: '2022-02-13 23:59:59'
+            Signature: 8c521a9a934b3e45eaccd7ed8e301606b9e25215b4914181c8dfb5226b0e0e96df11e24e5d5985637b0ed21b121b6b46cc448cea697a0cb62faccc7cd5ec515797e424cf9e28634da84b95fa2eef52f8b9cc0752b6a161bae0be9f4924d7fd9a8fe5443177f16025dbf020287184581d3b1eed67fa369b80eb66cb70050089965da0bf36d68dd303738ac99edff5b7943ce863c4f3b2833a04576e6a28555c630d91bd4ea9f0ca41c0d97b07240c1059bc4a6cbe58276fede21f22de0ec57efe20b33ee4b2bb35cbfb1e5590193aa35368e728a09d27c3bf8e84815c66e092b91e63d025665756aa8e73f847b5506e6b118dde05bf7d72547ec2146d8b9dec80
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 1885b7e188d8fafd38a43d48967d7488
+            Version: 3
+            TBS:
+                MD5: 7383bf699bcb229fcf33802fe77d95fc
+                SHA1: 9b497b4a98173e0e91517daae8e47ca0fce3ff21
+                SHA256: 79ea901ff84d0e090348148fd3b9be496ee45e0e852ec8582b27c6d46f11b5b0
+                SHA384: dc879c437e176bfe1e9de208ba3cef533290598e81031e9210f2a8c0f79a15415106632a881a3d24aadf385c2c6861c6
+        -   Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 SHA256 Code Signing CA
+            ValidFrom: '2013-12-10 00:00:00'
+            ValidTo: '2023-12-09 23:59:59'
+            Signature: 13851a1e69a937f7a0bda4af7e1d6153fe9d8c5e0ca6751e781723ddfdec1a035539fb7195c7655aa78e30d2445a61db706fda2105c22e73ba49f1d193fe5dc9cd5e03e0899e3f741ed7f7388ba9d6cfbb352f3358a89256d1c84d3b82e6798416fc28b0b147f31da23eee87d9a67fa456a53fad842e29de7cbca8aaa33d0401eaba93a20e502229174c87e43a115fd6a425899b056b2fb4c9014c277b0bac190522a060153fdac9fb4d4c8ffb726777fd2794c7ba350e8849fe8dfd28af4a12bd0db39705de440c15fa362b03dcc15001f1a1115d14e5e2bd274b54be2b845e0fa6c374050aef97c38922b11f77f3bdcd43d4f14ca93fb58b84af64f2d01421
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 3d78d7f9764960b2617df4f01eca862a
+            Version: 3
+            TBS:
+                MD5: 1f056ff7d5f874984dc605402b7cb042
+                SHA1: bdb348353a2203deb4b767914fa1bd7248dd728b
+                SHA256: a08e79c386083d875014c409c13d144e0a24386132980df11ff59737c8489eb1
+                SHA384: fa2729064b49e0d77540c1ee95d5f74acaf8eaf55197851a3a40383335f8113e51190bc48b552196edf8ac5cf0c89278
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        Signer:
+        -   SerialNumber: 1885b7e188d8fafd38a43d48967d7488
+            Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 SHA256 Code Signing CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 9990d4d15399398bec3db3cb0c9e8325
+        SHA1: b56324b264afb241699d458766ceb579c0673865
+        SHA256: 71f9335e8816749364c86420bfc49b98aab207a3e4a3b1ed15cafded88f0cfee
+    Sections:
+        .text:
+            Entropy: 6.047793364690818
+            Virtual Size: '0x8b5a'
+        .rdata:
+            Entropy: 4.517008948968409
+            Virtual Size: '0xb24'
+        .data:
+            Entropy: 2.2954118276054416
+            Virtual Size: '0x20cb0'
+        .pdata:
+            Entropy: 4.587047800502242
+            Virtual Size: '0x4ec'
+        .gfids:
+            Entropy: 0.8112781244591328
+            Virtual Size: '0x4'
+        PAGE:
+            Entropy: 6.327839203234547
+            Virtual Size: '0x1ae4'
+        INIT:
+            Entropy: 5.11053085735039
+            Virtual Size: '0x6fe'
+        .rsrc:
+            Entropy: 3.2691503236624437
+            Virtual Size: '0x3c8'
+        .reloc:
+            Entropy: 3.3999429145127564
+            Virtual Size: '0x34'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2019-05-28 03:32:51'
+    Imphash: 8bbc742eaed888736a715757f0584fb6
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: AMDRyzenMasterDriver.sys
+    MD5: 13ee349c15ee5d6cf640b3d0111ffc0e
+    SHA1: 4f7a8e26a97980544be634b26899afbefb0a833c
+    SHA256: a13054f349b7baa8c8a3fcbd31789807a493cc52224bbff5e412eb2bd52a6433
+    Signature:
+    - Advanced Micro Devices INC.
+    - Symantec Class 3 SHA256 Code Signing CA
+    - VeriSign
+    Date: ''
+    Publisher: ''
+    Company: Advanced Micro Devices
+    Description: AMD Ryzen Master Service Driver
+    Product: AMD Ryzen Master Service Driver
+    ProductVersion: 1.3.0.0
+    FileVersion: 1.3.0.0
+    MachineType: AMD64
+    OriginalFilename: AMDRyzenMasterDriver.sys
+    Authentihash:
+        MD5: aa6e3970343cb83f7c924e98aeaf0c85
+        SHA1: c29a625c02bf49f3f055db90b280a1f201c59975
+        SHA256: 001cd8b2ce1932d1a8c32bc2d643ee4fa6f67626d1b6895beea916285450566c
+    InternalName: AMDRyzenMasterDriver.sys
+    Copyright: "Copyright \xA9 2018 AMD, Inc."
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    - WDFLDR.SYS
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - KeLeaveCriticalRegion
+    - MmMapIoSpace
+    - MmUnmapIoSpace
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - MmBuildMdlForNonPagedPool
+    - MmMapLockedPagesSpecifyCache
+    - MmUnmapLockedPages
+    - IoAllocateMdl
+    - IoFreeMdl
+    - MmGetSystemRoutineAddress
+    - ZwClose
+    - ZwSetSecurityObject
+    - IoDeviceObjectType
+    - IoCreateDevice
+    - KeEnterCriticalRegion
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - RtlGetSaclSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - _snwprintf
+    - RtlLengthSecurityDescriptor
+    - SeExports
+    - RtlCreateSecurityDescriptor
+    - _wcsnicmp
+    - wcschr
+    - RtlAbsoluteToSelfRelativeSD
+    - RtlAddAccessAllowedAce
+    - RtlLengthSid
+    - IoIsWdmVersionAvailable
+    - RtlSetDaclSecurityDescriptor
+    - ZwOpenKey
+    - ZwSetValueKey
+    - ZwQueryValueKey
+    - ZwCreateKey
+    - RtlFreeUnicodeString
+    - KeDelayExecutionThread
+    - RtlGetVersion
+    - DbgPrint
+    - RtlCopyUnicodeString
+    - RtlInitUnicodeString
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - ObOpenObjectByPointer
+    - strncmp
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    - WdfVersionBind
+    - WdfVersionUnbind
+    - WdfVersionBindClass
+    - WdfVersionUnbindClass
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, ST=California, L=Santa Clara, O=Advanced Micro Devices
+                INC., CN=Advanced Micro Devices INC.
+            ValidFrom: '2019-02-13 00:00:00'
+            ValidTo: '2022-02-13 23:59:59'
+            Signature: 8c521a9a934b3e45eaccd7ed8e301606b9e25215b4914181c8dfb5226b0e0e96df11e24e5d5985637b0ed21b121b6b46cc448cea697a0cb62faccc7cd5ec515797e424cf9e28634da84b95fa2eef52f8b9cc0752b6a161bae0be9f4924d7fd9a8fe5443177f16025dbf020287184581d3b1eed67fa369b80eb66cb70050089965da0bf36d68dd303738ac99edff5b7943ce863c4f3b2833a04576e6a28555c630d91bd4ea9f0ca41c0d97b07240c1059bc4a6cbe58276fede21f22de0ec57efe20b33ee4b2bb35cbfb1e5590193aa35368e728a09d27c3bf8e84815c66e092b91e63d025665756aa8e73f847b5506e6b118dde05bf7d72547ec2146d8b9dec80
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 1885b7e188d8fafd38a43d48967d7488
+            Version: 3
+            TBS:
+                MD5: 7383bf699bcb229fcf33802fe77d95fc
+                SHA1: 9b497b4a98173e0e91517daae8e47ca0fce3ff21
+                SHA256: 79ea901ff84d0e090348148fd3b9be496ee45e0e852ec8582b27c6d46f11b5b0
+                SHA384: dc879c437e176bfe1e9de208ba3cef533290598e81031e9210f2a8c0f79a15415106632a881a3d24aadf385c2c6861c6
+        -   Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 SHA256 Code Signing CA
+            ValidFrom: '2013-12-10 00:00:00'
+            ValidTo: '2023-12-09 23:59:59'
+            Signature: 13851a1e69a937f7a0bda4af7e1d6153fe9d8c5e0ca6751e781723ddfdec1a035539fb7195c7655aa78e30d2445a61db706fda2105c22e73ba49f1d193fe5dc9cd5e03e0899e3f741ed7f7388ba9d6cfbb352f3358a89256d1c84d3b82e6798416fc28b0b147f31da23eee87d9a67fa456a53fad842e29de7cbca8aaa33d0401eaba93a20e502229174c87e43a115fd6a425899b056b2fb4c9014c277b0bac190522a060153fdac9fb4d4c8ffb726777fd2794c7ba350e8849fe8dfd28af4a12bd0db39705de440c15fa362b03dcc15001f1a1115d14e5e2bd274b54be2b845e0fa6c374050aef97c38922b11f77f3bdcd43d4f14ca93fb58b84af64f2d01421
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 3d78d7f9764960b2617df4f01eca862a
+            Version: 3
+            TBS:
+                MD5: 1f056ff7d5f874984dc605402b7cb042
+                SHA1: bdb348353a2203deb4b767914fa1bd7248dd728b
+                SHA256: a08e79c386083d875014c409c13d144e0a24386132980df11ff59737c8489eb1
+                SHA384: fa2729064b49e0d77540c1ee95d5f74acaf8eaf55197851a3a40383335f8113e51190bc48b552196edf8ac5cf0c89278
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        Signer:
+        -   SerialNumber: 1885b7e188d8fafd38a43d48967d7488
+            Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 SHA256 Code Signing CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 9990d4d15399398bec3db3cb0c9e8325
+        SHA1: b56324b264afb241699d458766ceb579c0673865
+        SHA256: 71f9335e8816749364c86420bfc49b98aab207a3e4a3b1ed15cafded88f0cfee
+    Sections:
+        .text:
+            Entropy: 6.044179809822067
+            Virtual Size: '0x8b2a'
+        .rdata:
+            Entropy: 4.528269919234319
+            Virtual Size: '0xb24'
+        .data:
+            Entropy: 2.2972053741563294
+            Virtual Size: '0x20cb0'
+        .pdata:
+            Entropy: 4.623524017696745
+            Virtual Size: '0x4ec'
+        .gfids:
+            Entropy: 0.8112781244591328
+            Virtual Size: '0x4'
+        PAGE:
+            Entropy: 6.329420837545584
+            Virtual Size: '0x1ae4'
+        INIT:
+            Entropy: 5.11053085735039
+            Virtual Size: '0x6fe'
+        .rsrc:
+            Entropy: 3.278321646553536
+            Virtual Size: '0x3c8'
+        .reloc:
+            Entropy: 3.3999429145127564
+            Virtual Size: '0x34'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2019-05-13 02:14:16'
+    Imphash: 8bbc742eaed888736a715757f0584fb6
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/13b2424a-d337-4bc7-ad1d-2049c79906b4.yaml b/yaml/13b2424a-d337-4bc7-ad1d-2049c79906b4.yaml
index 8d6388706..0ad9acee4 100644
--- a/yaml/13b2424a-d337-4bc7-ad1d-2049c79906b4.yaml
+++ b/yaml/13b2424a-d337-4bc7-ad1d-2049c79906b4.yaml
@@ -1,35 +1,35 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 13b2424a-d337-4bc7-ad1d-2049c79906b4
+Tags:
+- d3.sys
+Verified: 'FALSE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create d3.sys binPath=C:\windows\temp\d3.sys type=kernel && sc.exe
-    start d3.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection: []
-Id: 13b2424a-d337-4bc7-ad1d-2049c79906b4
-KnownVulnerableSamples:
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: d3.sys
-  MachineType: ''
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA256: 36875562e747136313ec5db58174e5fab870997a054ca8d3987d181599c7db6a
-  Signature: []
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create d3.sys binPath=C:\windows\temp\d3.sys type=kernel && sc.exe
+        start d3.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules
-Tags:
-- d3.sys
-Verified: 'FALSE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: d3.sys
+    MachineType: ''
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA256: 36875562e747136313ec5db58174e5fab870997a054ca8d3987d181599c7db6a
+    Signature: []
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/142453a2-a24d-4b35-8922-6d5939f1c0fc.yaml b/yaml/142453a2-a24d-4b35-8922-6d5939f1c0fc.yaml
index 06dc2fe23..3e38b1c44 100644
--- a/yaml/142453a2-a24d-4b35-8922-6d5939f1c0fc.yaml
+++ b/yaml/142453a2-a24d-4b35-8922-6d5939f1c0fc.yaml
@@ -1,504 +1,506 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 142453a2-a24d-4b35-8922-6d5939f1c0fc
+Tags:
+- semav6msr.sys
+- semav6msr64.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create semav6msr.sys binPath=C:\windows\temp\semav6msr.sys type=kernel
-    && sc.exe start semav6msr.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection: []
-Id: 142453a2-a24d-4b35-8922-6d5939f1c0fc
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 79553d83580570e382d3b9c7e101df2b
-    SHA1: e3dbe2aa03847df621591a4cad69a5609de5c237
-    SHA256: eb71a8ecef692e74ae356e8cb734029b233185ee5c2ccb6cc87cc6b36bea65cf
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2014-01-24 12:22:40'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: semav6msr.sys
-  ImportedFunctions:
-  - KeQueryActiveProcessors
-  - KeQueryActiveProcessorCount
-  - IoDeleteSymbolicLink
-  - KeSetSystemAffinityThreadEx
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - KeRevertToUserAffinityThreadEx
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - RtlAssert
-  - DbgPrint
-  - KeBugCheckEx
-  - __C_specific_handler
-  Imports:
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: 07f83829e7429e60298440cd1e601a6a
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 252e1fcba620376013e4c621871adbd9
-    SHA1: 32ce757853a6284b60df9381e5054da74e5f45b9
-    SHA256: 0969d47afdfa5c5cc931241e8bf31a90296f457a962c018d5f0c3d1e86375242
-  SHA1: 643383938d5e0d4fd30d302af3e9293a4798e392
-  SHA256: 9f1229cd8dd9092c27a01f5d56e3c0d59c2bb9f0139abf042e56f343637fda33
-  Sections:
-    .text:
-      Entropy: 5.430468641775563
-      Virtual Size: '0xe6d'
-    .rdata:
-      Entropy: 4.112486136824452
-      Virtual Size: '0x1ec'
-    .data:
-      Entropy: 0.5035334969292564
-      Virtual Size: '0x118'
-    .pdata:
-      Entropy: 3.400976341753789
-      Virtual Size: '0xf0'
-    PAGE:
-      Entropy: 5.7210729999232015
-      Virtual Size: '0x82d'
-    INIT:
-      Entropy: 5.352607237368339
-      Virtual Size: '0x45a'
-  Signature:
-  - Intel(R) Code Signing External
-  - Intel External Basic Issuing CA 3B
-  - Intel External Basic Policy CA
-  - Sectigo (AddTrust)
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=CA, L=Santa Clara, O=Intel Corporation, CN=Intel(R) Code Signing
-        External
-      ValidFrom: '2015-04-16 17:22:30'
-      ValidTo: '2016-04-15 17:22:30'
-      Signature: 47ef93216b05a90df10512c9bb24dc20894c255a5943bd567c461f9d76dd3bfeebd65fa524ed3774b4894150c798d9647d64b8c45e0516cf03bdbc819185f494db80e56758fbad4b62f3aed983120533327039d23d550ee32f40d785fa8624a10bbcc4bf531db4c07f1a793be86b015098a62884970e3e58268820f7698ae23d609d2e20b4a75ebacbc98f01edb71c12049594593fd65f62c62b59ac0f269eeb113185fb7ae56cc8da9bd4a9abb7d3332d8ce732638afb3b2b786e56c256bf6211362b498b348b7e370c638b634d7fbd947b57e5c9f923612869cf1d9737fc51075ae92763045c2d2fed944763c14521521bab177c2aad1301d43a8679187077
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 330000b6712f575e402cf8708400020000b671
-      Version: 3
-      TBS:
-        MD5: 0ddb50f4d347b1641521dfecf6525c50
-        SHA1: 32a2b77cbfe58b3804618edd9435588f24b92695
-        SHA256: 65c1bffcd837ffb534b0641fb137580d7bcf46c905d4c946fbc1fb27281082f2
-        SHA384: 078be3addebd5c1e84cb34f7d1a5144d42b3bb3049d08eb6b3024e3b667d782b7d73fac6481404672a5ba91822c971bc
-    - Subject: C=US, ST=CA, L=Santa Clara, O=Intel Corporation, CN=Intel External
-        Basic Issuing CA 3B
-      ValidFrom: '2013-02-08 22:21:23'
-      ValidTo: '2018-02-08 22:31:23'
-      Signature: 47bb93e603b1d9570eff60e90fc75e86e623f7defa6dc27732ef23f68fcc6f2572d4a94bad11a273bb8bd2b7b8879474890ccc5cea3a9ac0753a97597c22003d7ac7c55be8d49313ec8f94cda833dfa4d79aa1c8d8a3b4497e173a02e96656978d16b470abbc6b1048e7457b13c74d05bca02c0516be067ef679678f9c3454e67eea197714f19d3b55e4339f69bba7a72254512c677d0452aa7b66dea96aad8ca15c7939cd1c85ec890699854627a001576e93365145e15a3a59af5b41f9709dc4160e05e795b401b4931a590b8a31f7b648c86af6228c9e92286fa893b4a772533ada2cfad43dbf09237fdfcc652ad091aa5031c865f53858d4b39be6311008
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 612cff88000100000010
-      Version: 3
-      TBS:
-        MD5: da9a02953cdcc039174d11b07dd2967d
-        SHA1: 568cfca269ff49615d305e680988337f0a90bc32
-        SHA256: fad628f5236458a9116a99f2d64fb9131a28f9942fca6239a5e7be0dddf4ce9f
-        SHA384: 5edeab0248f63cdc4c10b748618cd6fa4aa53ffb0ddfd51a2e35de2ea55a56822aa53fa734a46705655e8f5878b24ffd
-    - Subject: C=US, O=Intel Corporation, CN=Intel External Basic Policy CA
-      ValidFrom: '2013-02-01 00:00:00'
-      ValidTo: '2020-05-30 10:48:38'
-      Signature: 586fbfcd43074213fcb8d0ad8121f28a6fef87bc268a7c00bd680c2b19642c1167b3a9d9790aac395d6500163b53466ea2a6b56799dbe8bfa225ae049511093a2fdeacb73db8bc017430804748544ca0fb6ba8b8a284b7f434e57bcedc5278f4316d4251ae87bf94acbe9616fb55e5798264fdac5038e4dccb812ce7776f9d9b235c7d0403f4079e7ed457e266944debb55c5c629e8c2d83e64614e2a11380fddae0862711922bbd87174fcb19184b5e8ce60dd98f7d23766fa4ffa0ba3de36d37d62638e81a9c2392c8561f1a1a8e00d633a66b95fa821e740b0fa486df23337c9e3614b35ce2a3ed48a08e28f1d74cf6c09bb4f53ca3e5a863a22c08a5d5fe
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 79174aa9141736fe15a7ca9f2cff4588
-      Version: 3
-      TBS:
-        MD5: 6ce466d55ab160317ee9b13522c2a82a
-        SHA1: 53b052ba209c525233293274854b264bc0f68b73
-        SHA256: f71790e057380a0cbafdfc25bc8b3dafd6cfbeb01077bb3d8194e91254a2fc9b
-        SHA384: c0cc37f9505ff2bab958c8ef1ea94736efae52bcf5948c866446c46b64fb9f5e603fbad4bc70270ae74e58ac8ab055f9
-    - Subject: C=BM, O=QuoVadis Limited, CN=QuoVadis Issuing CA G4
-      ValidFrom: '2014-05-30 16:35:55'
-      ValidTo: '2021-03-17 18:33:33'
-      Signature: b9f61352b517a72a4d84774309a4dba067b4600e42f403bdc4ff2c5a0f902e78c563c84aec27f67ce429d0cf6018fa6822da0252760df21754c6f6081ea1cc82e4c33a6d99227cc4c077b4e6052047934039cfdc55adc346af294d799c644c205f8a1c56fc46a05fcb98dd917a39b4afc477996b9eacde6f2d79ea7fd7132498521cfd693eed72ac3fd0b4011914edb0f0cbf39c5114238cc7dc697d328196e41d478f017694833e888d925b1858986903c7f5d3f2615250eb34a0fd2630300fb5fd70e7272c370b1cf3e71ea62c0743b64b885e971fc1307d60642af30c7068445163599fdb57c21fff80e5c21192d82fefd51743ff642d64845c521a63c267
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 69b2d1ccf02e20dcc95c62894f7f9e5f5fc057bf
-      Version: 3
-      TBS:
-        MD5: 4e0fbd79a99e4a55f97ef41efee38a9f
-        SHA1: 114f36d5f22b84de97893469fc00b7035b3ef734
-        SHA256: f6dd9683708786a413d4d6a3661fa4e4aeb328adbd181b398b5b6aa02bb0bc16
-        SHA384: a26fe570a01b0e15cf94b41ce48ebd39ed9e9d18493d4c117f0fbb5a5b33ed8ef06c069b9638dda957547f0b0645e447
-    - Subject: C=US, ST=CA, L=Santa Clara, O=Intel Corporation, OU=Authenticode, OU=Thales
-        TSS ESN:A6A7,71B2,73F1, CN=Timestamp.intel.com
-      ValidFrom: '2014-12-09 21:30:38'
-      ValidTo: '2017-12-09 21:30:35'
-      Signature: 946aee51ab48079d01882edffbe887d87828778d30da382cacb0c1d5a4c0fc8437badc00c2c16454a82564ba4bcf776b79eb1feedc4e4ccd02514bbaea7c9b755d88a43a9493e07ebaa22358f95dabd995d4c572134e266dfb4bbd3a4c95c3191abbba7b1d1d0587c4a3e3911e1037fda9dacd9fe9c63383f0c21ece4e829c9c7e40e96a64139dfda69d0255a9588dbff28bfec8d343ca34decb755531b384a6cf388a5f06685870f79a321c3fc0e221cf8bba3b1e0b5d0486eb02f6e9008ebc4c2741215451b0ba6e1ec9d9e202b4e38c9184838c5e948df1c051aa0d0122c32810c11cb3458735c726b9e252558e0257b3360f85ec5ba949c3a3f8841c1938b5661ea9bde4f0894b40bd9567e89b17b373faaeeb1de7b7b27e4f52b46add679ac3dbd35bbdb48c9c6fb7aae98058c99002e9e53e0a0d5d88d21289ecce372c63afc6a08ca8f61d013695e40c48b67b9725dab9607e3f80e82d2f56afdd10b453d2e82d488b69a7ca63ced68f9bdc855d62fd79103e8b4abfef936e430dee4ea4e2a199a43a03783e4e4489807170fd63f12272c865861419fe6f2c474948f8749cb696446054b3e0913bba0f5483640dd33e955421beb4574f8398398e1323b3f24f83f640c5146aa90c6e314d6ccdcf8d21bbd09e4ff883e369adc6b742c021d833a2d4fefbba1080d8ca8eade080908a626fb8396451e2616afc943e1f74
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 385dccec5fe14d3974c9591a3ab1c2caad188c2d
-      Version: 3
-      TBS:
-        MD5: 4d35161b8be0a29812bb748b548e94b1
-        SHA1: bf27e048115892363598dec245759aa7529eb154
-        SHA256: d5c67eb0b73915a6f12dbe19f662205172cc9c97b9988b78a07f14c3b7e1e2b0
-        SHA384: 8b0e411b3fc02dd3a8f5f7d248699a7d882c160a6e3753c1b223d2b0671a6d3f9efa4894172a3bfa3525787be2d6f20e
-    - Subject: C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust
-        External CA Root
-      ValidFrom: '2013-08-15 20:26:30'
-      ValidTo: '2023-08-15 20:36:30'
-      Signature: 362ba2f2e1331fe493f7f26985c6640ec99b632fe4703798fd94ec7bcff8a14246f9ed6a4e8d34693605557a1ebbad8c99429606e925a82684bec1bf16a97caa5b04b7fdd1c0f402be28edf577c79bfe3af6e8c17bd382abfa144ecf2bcfe5d5b54840b1a38f838bad2b2553aba634cef243f74f2ce9dd1e4e5ab6bae83b10992400bc50fd78f6e523a8899493f7b74130374a57b7e644d9c9df9905aa44fc74af8264cc07cb01b609c32ee3e832a7b49f4178c7a184365462f2ec150ac8ead084f8f1e06bf456125f95e0fcddb77693fe294a25e90400f1b4110ec9849edb177df51ea58e3629193a6d6c464bd7ab7024288d05a3d9d524f2f8a0d13c8239d4a8820e693a8109fc06f0c75933843693064191232c22a5a7012b50b428aedb46b0591b86b39b87e8494e390b6d14df4c03301e1f5f74aef55b590353ec9816e0d06235751b48b87d13e57a48b87752a40798253b069b7a4e6a6f44864f144f2779273d5073414c9c413edd290c73b1c7fb1f760c176504ebd25010924149ece4067d3615446f89bf697df94d40c13a98b6a07e31d2b5aecafb53d53f5086cd5e933b6d5d7c9a3f3ff7a9255884dd114900a2c7c89e37dd778e6d718be05b81345d54baccf59347886de7ef5be228e4801b40e40f2ad17f2315655aac9994433f465526d6c4fa8895e2919aa32d0b85deac8ce0f967709f71790231f761a229c4
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 3300000035d8d5595b0671412b000000000035
-      Version: 3
-      TBS:
-        MD5: 3d488d41aaeb5661974952080abef2fd
-        SHA1: df01e35e6befc7d65625319f17397b861e618d56
-        SHA256: 3d6ef38b5d26773dc77392e415e88b3a744b30ea9f2081e2a992b5818db2f0c4
-        SHA384: ac7c06916fe4a00307834b2499f12799d3fe463c2e63d1881df669a2786745beeee2b3a7d87cd6bc9e4fe293c22e5a59
-    Signer:
-    - SerialNumber: 330000b6712f575e402cf8708400020000b671
-      Issuer: C=US, ST=CA, L=Santa Clara, O=Intel Corporation, CN=Intel External Basic
-        Issuing CA 3B
-      Version: 1
-  Imphash: 24e4c876bb5db0b0e0a4e92f0a3d3a48
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 79553d83580570e382d3b9c7e101df2b
-    SHA1: e3dbe2aa03847df621591a4cad69a5609de5c237
-    SHA256: eb71a8ecef692e74ae356e8cb734029b233185ee5c2ccb6cc87cc6b36bea65cf
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2014-01-24 12:22:40'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: semav6msr64.sys
-  ImportedFunctions:
-  - KeQueryActiveProcessors
-  - KeQueryActiveProcessorCount
-  - IoDeleteSymbolicLink
-  - KeSetSystemAffinityThreadEx
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - KeRevertToUserAffinityThreadEx
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - RtlAssert
-  - DbgPrint
-  - KeBugCheckEx
-  - __C_specific_handler
-  Imports:
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: 07f83829e7429e60298440cd1e601a6a
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 252e1fcba620376013e4c621871adbd9
-    SHA1: 32ce757853a6284b60df9381e5054da74e5f45b9
-    SHA256: 0969d47afdfa5c5cc931241e8bf31a90296f457a962c018d5f0c3d1e86375242
-  SHA1: 643383938d5e0d4fd30d302af3e9293a4798e392
-  SHA256: 9f1229cd8dd9092c27a01f5d56e3c0d59c2bb9f0139abf042e56f343637fda33
-  Sections:
-    .text:
-      Entropy: 5.430468641775563
-      Virtual Size: '0xe6d'
-    .rdata:
-      Entropy: 4.112486136824452
-      Virtual Size: '0x1ec'
-    .data:
-      Entropy: 0.5035334969292564
-      Virtual Size: '0x118'
-    .pdata:
-      Entropy: 3.400976341753789
-      Virtual Size: '0xf0'
-    PAGE:
-      Entropy: 5.7210729999232015
-      Virtual Size: '0x82d'
-    INIT:
-      Entropy: 5.352607237368339
-      Virtual Size: '0x45a'
-  Signature:
-  - Intel(R) Code Signing External
-  - Intel External Basic Issuing CA 3B
-  - Intel External Basic Policy CA
-  - Sectigo (AddTrust)
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=CA, L=Santa Clara, O=Intel Corporation, CN=Intel(R) Code Signing
-        External
-      ValidFrom: '2015-04-16 17:22:30'
-      ValidTo: '2016-04-15 17:22:30'
-      Signature: 47ef93216b05a90df10512c9bb24dc20894c255a5943bd567c461f9d76dd3bfeebd65fa524ed3774b4894150c798d9647d64b8c45e0516cf03bdbc819185f494db80e56758fbad4b62f3aed983120533327039d23d550ee32f40d785fa8624a10bbcc4bf531db4c07f1a793be86b015098a62884970e3e58268820f7698ae23d609d2e20b4a75ebacbc98f01edb71c12049594593fd65f62c62b59ac0f269eeb113185fb7ae56cc8da9bd4a9abb7d3332d8ce732638afb3b2b786e56c256bf6211362b498b348b7e370c638b634d7fbd947b57e5c9f923612869cf1d9737fc51075ae92763045c2d2fed944763c14521521bab177c2aad1301d43a8679187077
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 330000b6712f575e402cf8708400020000b671
-      Version: 3
-      TBS:
-        MD5: 0ddb50f4d347b1641521dfecf6525c50
-        SHA1: 32a2b77cbfe58b3804618edd9435588f24b92695
-        SHA256: 65c1bffcd837ffb534b0641fb137580d7bcf46c905d4c946fbc1fb27281082f2
-        SHA384: 078be3addebd5c1e84cb34f7d1a5144d42b3bb3049d08eb6b3024e3b667d782b7d73fac6481404672a5ba91822c971bc
-    - Subject: C=US, ST=CA, L=Santa Clara, O=Intel Corporation, CN=Intel External
-        Basic Issuing CA 3B
-      ValidFrom: '2013-02-08 22:21:23'
-      ValidTo: '2018-02-08 22:31:23'
-      Signature: 47bb93e603b1d9570eff60e90fc75e86e623f7defa6dc27732ef23f68fcc6f2572d4a94bad11a273bb8bd2b7b8879474890ccc5cea3a9ac0753a97597c22003d7ac7c55be8d49313ec8f94cda833dfa4d79aa1c8d8a3b4497e173a02e96656978d16b470abbc6b1048e7457b13c74d05bca02c0516be067ef679678f9c3454e67eea197714f19d3b55e4339f69bba7a72254512c677d0452aa7b66dea96aad8ca15c7939cd1c85ec890699854627a001576e93365145e15a3a59af5b41f9709dc4160e05e795b401b4931a590b8a31f7b648c86af6228c9e92286fa893b4a772533ada2cfad43dbf09237fdfcc652ad091aa5031c865f53858d4b39be6311008
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 612cff88000100000010
-      Version: 3
-      TBS:
-        MD5: da9a02953cdcc039174d11b07dd2967d
-        SHA1: 568cfca269ff49615d305e680988337f0a90bc32
-        SHA256: fad628f5236458a9116a99f2d64fb9131a28f9942fca6239a5e7be0dddf4ce9f
-        SHA384: 5edeab0248f63cdc4c10b748618cd6fa4aa53ffb0ddfd51a2e35de2ea55a56822aa53fa734a46705655e8f5878b24ffd
-    - Subject: C=US, O=Intel Corporation, CN=Intel External Basic Policy CA
-      ValidFrom: '2013-02-01 00:00:00'
-      ValidTo: '2020-05-30 10:48:38'
-      Signature: 586fbfcd43074213fcb8d0ad8121f28a6fef87bc268a7c00bd680c2b19642c1167b3a9d9790aac395d6500163b53466ea2a6b56799dbe8bfa225ae049511093a2fdeacb73db8bc017430804748544ca0fb6ba8b8a284b7f434e57bcedc5278f4316d4251ae87bf94acbe9616fb55e5798264fdac5038e4dccb812ce7776f9d9b235c7d0403f4079e7ed457e266944debb55c5c629e8c2d83e64614e2a11380fddae0862711922bbd87174fcb19184b5e8ce60dd98f7d23766fa4ffa0ba3de36d37d62638e81a9c2392c8561f1a1a8e00d633a66b95fa821e740b0fa486df23337c9e3614b35ce2a3ed48a08e28f1d74cf6c09bb4f53ca3e5a863a22c08a5d5fe
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 79174aa9141736fe15a7ca9f2cff4588
-      Version: 3
-      TBS:
-        MD5: 6ce466d55ab160317ee9b13522c2a82a
-        SHA1: 53b052ba209c525233293274854b264bc0f68b73
-        SHA256: f71790e057380a0cbafdfc25bc8b3dafd6cfbeb01077bb3d8194e91254a2fc9b
-        SHA384: c0cc37f9505ff2bab958c8ef1ea94736efae52bcf5948c866446c46b64fb9f5e603fbad4bc70270ae74e58ac8ab055f9
-    - Subject: C=BM, O=QuoVadis Limited, CN=QuoVadis Issuing CA G4
-      ValidFrom: '2014-05-30 16:35:55'
-      ValidTo: '2021-03-17 18:33:33'
-      Signature: b9f61352b517a72a4d84774309a4dba067b4600e42f403bdc4ff2c5a0f902e78c563c84aec27f67ce429d0cf6018fa6822da0252760df21754c6f6081ea1cc82e4c33a6d99227cc4c077b4e6052047934039cfdc55adc346af294d799c644c205f8a1c56fc46a05fcb98dd917a39b4afc477996b9eacde6f2d79ea7fd7132498521cfd693eed72ac3fd0b4011914edb0f0cbf39c5114238cc7dc697d328196e41d478f017694833e888d925b1858986903c7f5d3f2615250eb34a0fd2630300fb5fd70e7272c370b1cf3e71ea62c0743b64b885e971fc1307d60642af30c7068445163599fdb57c21fff80e5c21192d82fefd51743ff642d64845c521a63c267
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 69b2d1ccf02e20dcc95c62894f7f9e5f5fc057bf
-      Version: 3
-      TBS:
-        MD5: 4e0fbd79a99e4a55f97ef41efee38a9f
-        SHA1: 114f36d5f22b84de97893469fc00b7035b3ef734
-        SHA256: f6dd9683708786a413d4d6a3661fa4e4aeb328adbd181b398b5b6aa02bb0bc16
-        SHA384: a26fe570a01b0e15cf94b41ce48ebd39ed9e9d18493d4c117f0fbb5a5b33ed8ef06c069b9638dda957547f0b0645e447
-    - Subject: C=US, ST=CA, L=Santa Clara, O=Intel Corporation, OU=Authenticode, OU=Thales
-        TSS ESN:A6A7,71B2,73F1, CN=Timestamp.intel.com
-      ValidFrom: '2014-12-09 21:30:38'
-      ValidTo: '2017-12-09 21:30:35'
-      Signature: 946aee51ab48079d01882edffbe887d87828778d30da382cacb0c1d5a4c0fc8437badc00c2c16454a82564ba4bcf776b79eb1feedc4e4ccd02514bbaea7c9b755d88a43a9493e07ebaa22358f95dabd995d4c572134e266dfb4bbd3a4c95c3191abbba7b1d1d0587c4a3e3911e1037fda9dacd9fe9c63383f0c21ece4e829c9c7e40e96a64139dfda69d0255a9588dbff28bfec8d343ca34decb755531b384a6cf388a5f06685870f79a321c3fc0e221cf8bba3b1e0b5d0486eb02f6e9008ebc4c2741215451b0ba6e1ec9d9e202b4e38c9184838c5e948df1c051aa0d0122c32810c11cb3458735c726b9e252558e0257b3360f85ec5ba949c3a3f8841c1938b5661ea9bde4f0894b40bd9567e89b17b373faaeeb1de7b7b27e4f52b46add679ac3dbd35bbdb48c9c6fb7aae98058c99002e9e53e0a0d5d88d21289ecce372c63afc6a08ca8f61d013695e40c48b67b9725dab9607e3f80e82d2f56afdd10b453d2e82d488b69a7ca63ced68f9bdc855d62fd79103e8b4abfef936e430dee4ea4e2a199a43a03783e4e4489807170fd63f12272c865861419fe6f2c474948f8749cb696446054b3e0913bba0f5483640dd33e955421beb4574f8398398e1323b3f24f83f640c5146aa90c6e314d6ccdcf8d21bbd09e4ff883e369adc6b742c021d833a2d4fefbba1080d8ca8eade080908a626fb8396451e2616afc943e1f74
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 385dccec5fe14d3974c9591a3ab1c2caad188c2d
-      Version: 3
-      TBS:
-        MD5: 4d35161b8be0a29812bb748b548e94b1
-        SHA1: bf27e048115892363598dec245759aa7529eb154
-        SHA256: d5c67eb0b73915a6f12dbe19f662205172cc9c97b9988b78a07f14c3b7e1e2b0
-        SHA384: 8b0e411b3fc02dd3a8f5f7d248699a7d882c160a6e3753c1b223d2b0671a6d3f9efa4894172a3bfa3525787be2d6f20e
-    - Subject: C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust
-        External CA Root
-      ValidFrom: '2013-08-15 20:26:30'
-      ValidTo: '2023-08-15 20:36:30'
-      Signature: 362ba2f2e1331fe493f7f26985c6640ec99b632fe4703798fd94ec7bcff8a14246f9ed6a4e8d34693605557a1ebbad8c99429606e925a82684bec1bf16a97caa5b04b7fdd1c0f402be28edf577c79bfe3af6e8c17bd382abfa144ecf2bcfe5d5b54840b1a38f838bad2b2553aba634cef243f74f2ce9dd1e4e5ab6bae83b10992400bc50fd78f6e523a8899493f7b74130374a57b7e644d9c9df9905aa44fc74af8264cc07cb01b609c32ee3e832a7b49f4178c7a184365462f2ec150ac8ead084f8f1e06bf456125f95e0fcddb77693fe294a25e90400f1b4110ec9849edb177df51ea58e3629193a6d6c464bd7ab7024288d05a3d9d524f2f8a0d13c8239d4a8820e693a8109fc06f0c75933843693064191232c22a5a7012b50b428aedb46b0591b86b39b87e8494e390b6d14df4c03301e1f5f74aef55b590353ec9816e0d06235751b48b87d13e57a48b87752a40798253b069b7a4e6a6f44864f144f2779273d5073414c9c413edd290c73b1c7fb1f760c176504ebd25010924149ece4067d3615446f89bf697df94d40c13a98b6a07e31d2b5aecafb53d53f5086cd5e933b6d5d7c9a3f3ff7a9255884dd114900a2c7c89e37dd778e6d718be05b81345d54baccf59347886de7ef5be228e4801b40e40f2ad17f2315655aac9994433f465526d6c4fa8895e2919aa32d0b85deac8ce0f967709f71790231f761a229c4
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 3300000035d8d5595b0671412b000000000035
-      Version: 3
-      TBS:
-        MD5: 3d488d41aaeb5661974952080abef2fd
-        SHA1: df01e35e6befc7d65625319f17397b861e618d56
-        SHA256: 3d6ef38b5d26773dc77392e415e88b3a744b30ea9f2081e2a992b5818db2f0c4
-        SHA384: ac7c06916fe4a00307834b2499f12799d3fe463c2e63d1881df669a2786745beeee2b3a7d87cd6bc9e4fe293c22e5a59
-    Signer:
-    - SerialNumber: 330000b6712f575e402cf8708400020000b671
-      Issuer: C=US, ST=CA, L=Santa Clara, O=Intel Corporation, CN=Intel External Basic
-        Issuing CA 3B
-      Version: 1
-  Imphash: 24e4c876bb5db0b0e0a4e92f0a3d3a48
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 79553d83580570e382d3b9c7e101df2b
-    SHA1: e3dbe2aa03847df621591a4cad69a5609de5c237
-    SHA256: eb71a8ecef692e74ae356e8cb734029b233185ee5c2ccb6cc87cc6b36bea65cf
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2014-01-24 12:22:40'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - KeQueryActiveProcessors
-  - KeQueryActiveProcessorCount
-  - IoDeleteSymbolicLink
-  - KeSetSystemAffinityThreadEx
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - KeRevertToUserAffinityThreadEx
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - RtlAssert
-  - DbgPrint
-  - KeBugCheckEx
-  - __C_specific_handler
-  Imports:
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: 7d84a4ed0fcca3d098881a3f3283724b
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 252e1fcba620376013e4c621871adbd9
-    SHA1: 32ce757853a6284b60df9381e5054da74e5f45b9
-    SHA256: 0969d47afdfa5c5cc931241e8bf31a90296f457a962c018d5f0c3d1e86375242
-  SHA1: 67b45c1e204d44824cd7858455e1acedbd7ffbb3
-  SHA256: 648994905b29b9c4a1074eef332bf6932b638bad62df020b5452c74e2b15d78f
-  Sections:
-    .text:
-      Entropy: 5.430468641775563
-      Virtual Size: '0xe6d'
-    .rdata:
-      Entropy: 4.112486136824452
-      Virtual Size: '0x1ec'
-    .data:
-      Entropy: 0.5035334969292564
-      Virtual Size: '0x118'
-    .pdata:
-      Entropy: 3.400976341753789
-      Virtual Size: '0xf0'
-    PAGE:
-      Entropy: 5.7210729999232015
-      Virtual Size: '0x82d'
-    INIT:
-      Entropy: 5.352607237368339
-      Virtual Size: '0x45a'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Intel Corporation, CN=Intel External Basic Policy CA
-      ValidFrom: '2006-02-16 18:01:30'
-      ValidTo: '2016-02-19 18:01:30'
-      Signature: 131038ada454a5489545b02d3772c09f9ed8ef8f0bfb9096d2b6177951cab3df067ebdb4e9083f84a00c939fb31ca86c8acf2deef99012f0f83a26d773810e9fc4319259d4282541f555f1ca3d993dda64c8d21864223209092d1de331fafdd347d764a8f95dea8227e24fd2612124611d54263e145964b098d5f3a7c3aead50
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 05b0ff
-      Version: 3
-      TBS:
-        MD5: f532f9999c3f7a078f0f973c726a2a04
-        SHA1: f56832bc9412c372f9a8744591258f8bb11af2d8
-        SHA256: 4c75ce4be51027c4e1f7422775c3ae79d5195ffc0ff7f379123a603ccb702c60
-        SHA384: 084772ceb63ae50ebd8125ba9eba0c9b38d0e94a806f58513f71f1d5489f52489b0dfbb8c67603a425a603451b3b1719
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=Equifax, OU=Equifax Secure Certificate Authority
-      ValidFrom: '2006-05-23 17:01:15'
-      ValidTo: '2016-05-23 17:11:15'
-      Signature: 87a40f6b55916248ff54811ccf5db6c5a514aa671df485f6860d38b31c8d22ce7c867946fb71e16114d0ed4e46a48bca64654094f92ad7870ca9b7bedcc40bbd09c106eb9530841b9d8de7bc70c6f86539c4e5c4e65c8fcda130baef065e555290edd8587f15142ecc21a593dab8508d805e6e22a70fde8093add71d24b02aa2f4f20b98750131cc69bc359b3d13662f21bde54ec3639cc8518d59f5b600937ef10c35b0f4180dbfa7bdb2aae16b9f3ce6bb41b5d904e7c8a63abf8a5bdcaa9a3cd2c8dfcb1774163d78470b4c108e406616a0f300ede034998af0f9460ff27fbf202c972616d59e81da94a6dc61c8f18e092d4e32d03df682267d91d7a6c67bc1311d210ed4a342c1b4dfc0446b4f2aeebb29d62787b0a450ae1a9ab5f996f4ccabe52b3df166e2d5e1c3f0c687b659536638026e6194df1563aa415052f9bb64dc95e05b6c2aacfed6e603c21ff65557fe7e813fcb5a0bc1029cac84e47cd3f4c25a17c312706009ec82e5eccdd0b2106d69868c8da60e0416c57164ebd95bb8b08cfc32427e60846f655b7244272b846181f461d50fd51dbc05a27a5f937f26d1c8b3afa0190723e43e225d32d14a0fcee7b72a5c7b6e1c57126864e8337e8c501340a487b0d3a69b1eacbd3d7812bc52af09e0bab0508e5c81f98383af1482f50a6d035721bb9ac32e66fb04215b0a120fc1c907d63cecabf9a52f90883a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610bdc8f00000000001a
-      Version: 3
-      TBS:
-        MD5: 6e11ed171e9a07e607b8ca65bf0e8858
-        SHA1: 6d329a72420f76868584957854cdc45172e9f902
-        SHA256: 75efb8656a18ba5dacc596757bfb0fa11f0d3d81fd5f8cf9bb8975ced87e7b1b
-        SHA384: c41060ed797c77588692c0b3e36e19cca2d48c354863437f3df76009e25c916e8d2c7e17b297fbc59da085e98d070093
-    - Subject: CN=SEMA Software
-      ValidFrom: '2012-08-13 20:15:00'
-      ValidTo: '2015-05-15 19:35:13'
-      Signature: 759b16da09fbcae52729fd7739d9a29d9e5c83d61bf897d352b330cb0ef2e85f6675674f8fa4f0205fdaf097d766dada95c6a00012de4c8bcc2b91f462c30e8884f2262edae6482a497ebe024c266db370545536498feed2699b85d32892b19d10fa36ebad821790a82d4a9d17b1088950afbdfa4ab13e3082ab7e9ea705911ef91284430bf69b5b8b69a528b6896d87cdfb3e0e5f934278fed63d494a82025aa24f9e75ef54cc7453c29f9ab6ffc79adeca70be5fe54891fd2804f019624d430222c1b5e5862b67de49363b9e41b96f0a1f45dd63458ff4aeffe0d8701c11b2eb8a50399123a21f822f7b1bed5cc03c470ed396d927851e3b7069f4228b1ca4
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1b9a8f3100010000916c
-      Version: 3
-      TBS:
-        MD5: b94186e712a30346b6aec85b267f1ccf
-        SHA1: e6df41e3f543c4f54b4cecf8c45a941b5f79087c
-        SHA256: 955af30020a5027583bcbb5b546442a68c574ca151662d2c63d38b20c4924c6c
-        SHA384: 71cea65764f3d931a58017088d12472be5801d42516de63fcb8e248bd0e9f6696a7c4295fd2f03cd8bdaf5e9f2b0ed90
-    - Subject: C=US, O=Intel Corporation, CN=Intel External Basic Issuing CA 3A
-      ValidFrom: '2009-05-15 19:25:13'
-      ValidTo: '2015-05-15 19:35:13'
-      Signature: 9463fd5dd0c4ba54f4e521c3a1a355d6875f773c3e642432523dda612c741d335a0a03ec2131d201a18d55cd30c32be0be132e097329daedfa42f2e5669ff473fe2f4c66dc9ceea7b33ed6539fd532391bc999d747f8ec7f472706c1edda82cf2351db29102a2b60e909c9992c9c32254d552f6d1ef0c98fa018962ac565eaadc54512232c5aef3f38895fec5da0018301c35919e79767e2558120cd16aaf45e5a93ef85878ded8fb730a11d48c910ed366235b7dd6790fff0a7d634c4c9e151e5b4e8022f5940e6dc7f178475f76d2c9292f97aedd28fae744547b7ace5ec695e4dc89cc1c01df5fb5cec9a57957450f493f170f47c576c0404df9b9c37fec2
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611e80b7000000000007
-      Version: 3
-      TBS:
-        MD5: baca708678523cc174d8591aee607fa0
-        SHA1: ccb0c6bea0e8d844bce4c981fb29a4784b85ad34
-        SHA256: 11b7a4f10026418d92ba91b7d639a49b0f24ba1406bb0f3bb9a4fb6d2bede02c
-        SHA384: 4f90d1b4fce551db965d5fc639aa2636c0200122b67044832959c76e06f1714d9d8ef300366b600cb0fce10228332bb0
-    Signer:
-    - SerialNumber: 1b9a8f3100010000916c
-      Issuer: C=US, O=Intel Corporation, CN=Intel External Basic Issuing CA 3A
-      Version: 1
-  Imphash: 24e4c876bb5db0b0e0a4e92f0a3d3a48
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create semav6msr.sys binPath=C:\windows\temp\semav6msr.sys type=kernel
+        && sc.exe start semav6msr.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://github.com/eclypsium/Screwed-Drivers/blob/master/DRIVERS.md
 - https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules
-Tags:
-- semav6msr.sys
-- semav6msr64.sys
-Verified: 'TRUE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 79553d83580570e382d3b9c7e101df2b
+        SHA1: e3dbe2aa03847df621591a4cad69a5609de5c237
+        SHA256: eb71a8ecef692e74ae356e8cb734029b233185ee5c2ccb6cc87cc6b36bea65cf
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2014-01-24 12:22:40'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: semav6msr.sys
+    ImportedFunctions:
+    - KeQueryActiveProcessors
+    - KeQueryActiveProcessorCount
+    - IoDeleteSymbolicLink
+    - KeSetSystemAffinityThreadEx
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - KeRevertToUserAffinityThreadEx
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - RtlAssert
+    - DbgPrint
+    - KeBugCheckEx
+    - __C_specific_handler
+    Imports:
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: 07f83829e7429e60298440cd1e601a6a
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 252e1fcba620376013e4c621871adbd9
+        SHA1: 32ce757853a6284b60df9381e5054da74e5f45b9
+        SHA256: 0969d47afdfa5c5cc931241e8bf31a90296f457a962c018d5f0c3d1e86375242
+    SHA1: 643383938d5e0d4fd30d302af3e9293a4798e392
+    SHA256: 9f1229cd8dd9092c27a01f5d56e3c0d59c2bb9f0139abf042e56f343637fda33
+    Sections:
+        .text:
+            Entropy: 5.430468641775563
+            Virtual Size: '0xe6d'
+        .rdata:
+            Entropy: 4.112486136824452
+            Virtual Size: '0x1ec'
+        .data:
+            Entropy: 0.5035334969292564
+            Virtual Size: '0x118'
+        .pdata:
+            Entropy: 3.400976341753789
+            Virtual Size: '0xf0'
+        PAGE:
+            Entropy: 5.7210729999232015
+            Virtual Size: '0x82d'
+        INIT:
+            Entropy: 5.352607237368339
+            Virtual Size: '0x45a'
+    Signature:
+    - Intel(R) Code Signing External
+    - Intel External Basic Issuing CA 3B
+    - Intel External Basic Policy CA
+    - Sectigo (AddTrust)
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=CA, L=Santa Clara, O=Intel Corporation, CN=Intel(R)
+                Code Signing External
+            ValidFrom: '2015-04-16 17:22:30'
+            ValidTo: '2016-04-15 17:22:30'
+            Signature: 47ef93216b05a90df10512c9bb24dc20894c255a5943bd567c461f9d76dd3bfeebd65fa524ed3774b4894150c798d9647d64b8c45e0516cf03bdbc819185f494db80e56758fbad4b62f3aed983120533327039d23d550ee32f40d785fa8624a10bbcc4bf531db4c07f1a793be86b015098a62884970e3e58268820f7698ae23d609d2e20b4a75ebacbc98f01edb71c12049594593fd65f62c62b59ac0f269eeb113185fb7ae56cc8da9bd4a9abb7d3332d8ce732638afb3b2b786e56c256bf6211362b498b348b7e370c638b634d7fbd947b57e5c9f923612869cf1d9737fc51075ae92763045c2d2fed944763c14521521bab177c2aad1301d43a8679187077
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 330000b6712f575e402cf8708400020000b671
+            Version: 3
+            TBS:
+                MD5: 0ddb50f4d347b1641521dfecf6525c50
+                SHA1: 32a2b77cbfe58b3804618edd9435588f24b92695
+                SHA256: 65c1bffcd837ffb534b0641fb137580d7bcf46c905d4c946fbc1fb27281082f2
+                SHA384: 078be3addebd5c1e84cb34f7d1a5144d42b3bb3049d08eb6b3024e3b667d782b7d73fac6481404672a5ba91822c971bc
+        -   Subject: C=US, ST=CA, L=Santa Clara, O=Intel Corporation, CN=Intel External
+                Basic Issuing CA 3B
+            ValidFrom: '2013-02-08 22:21:23'
+            ValidTo: '2018-02-08 22:31:23'
+            Signature: 47bb93e603b1d9570eff60e90fc75e86e623f7defa6dc27732ef23f68fcc6f2572d4a94bad11a273bb8bd2b7b8879474890ccc5cea3a9ac0753a97597c22003d7ac7c55be8d49313ec8f94cda833dfa4d79aa1c8d8a3b4497e173a02e96656978d16b470abbc6b1048e7457b13c74d05bca02c0516be067ef679678f9c3454e67eea197714f19d3b55e4339f69bba7a72254512c677d0452aa7b66dea96aad8ca15c7939cd1c85ec890699854627a001576e93365145e15a3a59af5b41f9709dc4160e05e795b401b4931a590b8a31f7b648c86af6228c9e92286fa893b4a772533ada2cfad43dbf09237fdfcc652ad091aa5031c865f53858d4b39be6311008
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 612cff88000100000010
+            Version: 3
+            TBS:
+                MD5: da9a02953cdcc039174d11b07dd2967d
+                SHA1: 568cfca269ff49615d305e680988337f0a90bc32
+                SHA256: fad628f5236458a9116a99f2d64fb9131a28f9942fca6239a5e7be0dddf4ce9f
+                SHA384: 5edeab0248f63cdc4c10b748618cd6fa4aa53ffb0ddfd51a2e35de2ea55a56822aa53fa734a46705655e8f5878b24ffd
+        -   Subject: C=US, O=Intel Corporation, CN=Intel External Basic Policy CA
+            ValidFrom: '2013-02-01 00:00:00'
+            ValidTo: '2020-05-30 10:48:38'
+            Signature: 586fbfcd43074213fcb8d0ad8121f28a6fef87bc268a7c00bd680c2b19642c1167b3a9d9790aac395d6500163b53466ea2a6b56799dbe8bfa225ae049511093a2fdeacb73db8bc017430804748544ca0fb6ba8b8a284b7f434e57bcedc5278f4316d4251ae87bf94acbe9616fb55e5798264fdac5038e4dccb812ce7776f9d9b235c7d0403f4079e7ed457e266944debb55c5c629e8c2d83e64614e2a11380fddae0862711922bbd87174fcb19184b5e8ce60dd98f7d23766fa4ffa0ba3de36d37d62638e81a9c2392c8561f1a1a8e00d633a66b95fa821e740b0fa486df23337c9e3614b35ce2a3ed48a08e28f1d74cf6c09bb4f53ca3e5a863a22c08a5d5fe
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 79174aa9141736fe15a7ca9f2cff4588
+            Version: 3
+            TBS:
+                MD5: 6ce466d55ab160317ee9b13522c2a82a
+                SHA1: 53b052ba209c525233293274854b264bc0f68b73
+                SHA256: f71790e057380a0cbafdfc25bc8b3dafd6cfbeb01077bb3d8194e91254a2fc9b
+                SHA384: c0cc37f9505ff2bab958c8ef1ea94736efae52bcf5948c866446c46b64fb9f5e603fbad4bc70270ae74e58ac8ab055f9
+        -   Subject: C=BM, O=QuoVadis Limited, CN=QuoVadis Issuing CA G4
+            ValidFrom: '2014-05-30 16:35:55'
+            ValidTo: '2021-03-17 18:33:33'
+            Signature: b9f61352b517a72a4d84774309a4dba067b4600e42f403bdc4ff2c5a0f902e78c563c84aec27f67ce429d0cf6018fa6822da0252760df21754c6f6081ea1cc82e4c33a6d99227cc4c077b4e6052047934039cfdc55adc346af294d799c644c205f8a1c56fc46a05fcb98dd917a39b4afc477996b9eacde6f2d79ea7fd7132498521cfd693eed72ac3fd0b4011914edb0f0cbf39c5114238cc7dc697d328196e41d478f017694833e888d925b1858986903c7f5d3f2615250eb34a0fd2630300fb5fd70e7272c370b1cf3e71ea62c0743b64b885e971fc1307d60642af30c7068445163599fdb57c21fff80e5c21192d82fefd51743ff642d64845c521a63c267
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 69b2d1ccf02e20dcc95c62894f7f9e5f5fc057bf
+            Version: 3
+            TBS:
+                MD5: 4e0fbd79a99e4a55f97ef41efee38a9f
+                SHA1: 114f36d5f22b84de97893469fc00b7035b3ef734
+                SHA256: f6dd9683708786a413d4d6a3661fa4e4aeb328adbd181b398b5b6aa02bb0bc16
+                SHA384: a26fe570a01b0e15cf94b41ce48ebd39ed9e9d18493d4c117f0fbb5a5b33ed8ef06c069b9638dda957547f0b0645e447
+        -   Subject: C=US, ST=CA, L=Santa Clara, O=Intel Corporation, OU=Authenticode,
+                OU=Thales TSS ESN:A6A7,71B2,73F1, CN=Timestamp.intel.com
+            ValidFrom: '2014-12-09 21:30:38'
+            ValidTo: '2017-12-09 21:30:35'
+            Signature: 946aee51ab48079d01882edffbe887d87828778d30da382cacb0c1d5a4c0fc8437badc00c2c16454a82564ba4bcf776b79eb1feedc4e4ccd02514bbaea7c9b755d88a43a9493e07ebaa22358f95dabd995d4c572134e266dfb4bbd3a4c95c3191abbba7b1d1d0587c4a3e3911e1037fda9dacd9fe9c63383f0c21ece4e829c9c7e40e96a64139dfda69d0255a9588dbff28bfec8d343ca34decb755531b384a6cf388a5f06685870f79a321c3fc0e221cf8bba3b1e0b5d0486eb02f6e9008ebc4c2741215451b0ba6e1ec9d9e202b4e38c9184838c5e948df1c051aa0d0122c32810c11cb3458735c726b9e252558e0257b3360f85ec5ba949c3a3f8841c1938b5661ea9bde4f0894b40bd9567e89b17b373faaeeb1de7b7b27e4f52b46add679ac3dbd35bbdb48c9c6fb7aae98058c99002e9e53e0a0d5d88d21289ecce372c63afc6a08ca8f61d013695e40c48b67b9725dab9607e3f80e82d2f56afdd10b453d2e82d488b69a7ca63ced68f9bdc855d62fd79103e8b4abfef936e430dee4ea4e2a199a43a03783e4e4489807170fd63f12272c865861419fe6f2c474948f8749cb696446054b3e0913bba0f5483640dd33e955421beb4574f8398398e1323b3f24f83f640c5146aa90c6e314d6ccdcf8d21bbd09e4ff883e369adc6b742c021d833a2d4fefbba1080d8ca8eade080908a626fb8396451e2616afc943e1f74
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 385dccec5fe14d3974c9591a3ab1c2caad188c2d
+            Version: 3
+            TBS:
+                MD5: 4d35161b8be0a29812bb748b548e94b1
+                SHA1: bf27e048115892363598dec245759aa7529eb154
+                SHA256: d5c67eb0b73915a6f12dbe19f662205172cc9c97b9988b78a07f14c3b7e1e2b0
+                SHA384: 8b0e411b3fc02dd3a8f5f7d248699a7d882c160a6e3753c1b223d2b0671a6d3f9efa4894172a3bfa3525787be2d6f20e
+        -   Subject: C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust
+                External CA Root
+            ValidFrom: '2013-08-15 20:26:30'
+            ValidTo: '2023-08-15 20:36:30'
+            Signature: 362ba2f2e1331fe493f7f26985c6640ec99b632fe4703798fd94ec7bcff8a14246f9ed6a4e8d34693605557a1ebbad8c99429606e925a82684bec1bf16a97caa5b04b7fdd1c0f402be28edf577c79bfe3af6e8c17bd382abfa144ecf2bcfe5d5b54840b1a38f838bad2b2553aba634cef243f74f2ce9dd1e4e5ab6bae83b10992400bc50fd78f6e523a8899493f7b74130374a57b7e644d9c9df9905aa44fc74af8264cc07cb01b609c32ee3e832a7b49f4178c7a184365462f2ec150ac8ead084f8f1e06bf456125f95e0fcddb77693fe294a25e90400f1b4110ec9849edb177df51ea58e3629193a6d6c464bd7ab7024288d05a3d9d524f2f8a0d13c8239d4a8820e693a8109fc06f0c75933843693064191232c22a5a7012b50b428aedb46b0591b86b39b87e8494e390b6d14df4c03301e1f5f74aef55b590353ec9816e0d06235751b48b87d13e57a48b87752a40798253b069b7a4e6a6f44864f144f2779273d5073414c9c413edd290c73b1c7fb1f760c176504ebd25010924149ece4067d3615446f89bf697df94d40c13a98b6a07e31d2b5aecafb53d53f5086cd5e933b6d5d7c9a3f3ff7a9255884dd114900a2c7c89e37dd778e6d718be05b81345d54baccf59347886de7ef5be228e4801b40e40f2ad17f2315655aac9994433f465526d6c4fa8895e2919aa32d0b85deac8ce0f967709f71790231f761a229c4
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 3300000035d8d5595b0671412b000000000035
+            Version: 3
+            TBS:
+                MD5: 3d488d41aaeb5661974952080abef2fd
+                SHA1: df01e35e6befc7d65625319f17397b861e618d56
+                SHA256: 3d6ef38b5d26773dc77392e415e88b3a744b30ea9f2081e2a992b5818db2f0c4
+                SHA384: ac7c06916fe4a00307834b2499f12799d3fe463c2e63d1881df669a2786745beeee2b3a7d87cd6bc9e4fe293c22e5a59
+        Signer:
+        -   SerialNumber: 330000b6712f575e402cf8708400020000b671
+            Issuer: C=US, ST=CA, L=Santa Clara, O=Intel Corporation, CN=Intel External
+                Basic Issuing CA 3B
+            Version: 1
+    Imphash: 24e4c876bb5db0b0e0a4e92f0a3d3a48
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 79553d83580570e382d3b9c7e101df2b
+        SHA1: e3dbe2aa03847df621591a4cad69a5609de5c237
+        SHA256: eb71a8ecef692e74ae356e8cb734029b233185ee5c2ccb6cc87cc6b36bea65cf
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2014-01-24 12:22:40'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: semav6msr64.sys
+    ImportedFunctions:
+    - KeQueryActiveProcessors
+    - KeQueryActiveProcessorCount
+    - IoDeleteSymbolicLink
+    - KeSetSystemAffinityThreadEx
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - KeRevertToUserAffinityThreadEx
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - RtlAssert
+    - DbgPrint
+    - KeBugCheckEx
+    - __C_specific_handler
+    Imports:
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: 07f83829e7429e60298440cd1e601a6a
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 252e1fcba620376013e4c621871adbd9
+        SHA1: 32ce757853a6284b60df9381e5054da74e5f45b9
+        SHA256: 0969d47afdfa5c5cc931241e8bf31a90296f457a962c018d5f0c3d1e86375242
+    SHA1: 643383938d5e0d4fd30d302af3e9293a4798e392
+    SHA256: 9f1229cd8dd9092c27a01f5d56e3c0d59c2bb9f0139abf042e56f343637fda33
+    Sections:
+        .text:
+            Entropy: 5.430468641775563
+            Virtual Size: '0xe6d'
+        .rdata:
+            Entropy: 4.112486136824452
+            Virtual Size: '0x1ec'
+        .data:
+            Entropy: 0.5035334969292564
+            Virtual Size: '0x118'
+        .pdata:
+            Entropy: 3.400976341753789
+            Virtual Size: '0xf0'
+        PAGE:
+            Entropy: 5.7210729999232015
+            Virtual Size: '0x82d'
+        INIT:
+            Entropy: 5.352607237368339
+            Virtual Size: '0x45a'
+    Signature:
+    - Intel(R) Code Signing External
+    - Intel External Basic Issuing CA 3B
+    - Intel External Basic Policy CA
+    - Sectigo (AddTrust)
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=CA, L=Santa Clara, O=Intel Corporation, CN=Intel(R)
+                Code Signing External
+            ValidFrom: '2015-04-16 17:22:30'
+            ValidTo: '2016-04-15 17:22:30'
+            Signature: 47ef93216b05a90df10512c9bb24dc20894c255a5943bd567c461f9d76dd3bfeebd65fa524ed3774b4894150c798d9647d64b8c45e0516cf03bdbc819185f494db80e56758fbad4b62f3aed983120533327039d23d550ee32f40d785fa8624a10bbcc4bf531db4c07f1a793be86b015098a62884970e3e58268820f7698ae23d609d2e20b4a75ebacbc98f01edb71c12049594593fd65f62c62b59ac0f269eeb113185fb7ae56cc8da9bd4a9abb7d3332d8ce732638afb3b2b786e56c256bf6211362b498b348b7e370c638b634d7fbd947b57e5c9f923612869cf1d9737fc51075ae92763045c2d2fed944763c14521521bab177c2aad1301d43a8679187077
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 330000b6712f575e402cf8708400020000b671
+            Version: 3
+            TBS:
+                MD5: 0ddb50f4d347b1641521dfecf6525c50
+                SHA1: 32a2b77cbfe58b3804618edd9435588f24b92695
+                SHA256: 65c1bffcd837ffb534b0641fb137580d7bcf46c905d4c946fbc1fb27281082f2
+                SHA384: 078be3addebd5c1e84cb34f7d1a5144d42b3bb3049d08eb6b3024e3b667d782b7d73fac6481404672a5ba91822c971bc
+        -   Subject: C=US, ST=CA, L=Santa Clara, O=Intel Corporation, CN=Intel External
+                Basic Issuing CA 3B
+            ValidFrom: '2013-02-08 22:21:23'
+            ValidTo: '2018-02-08 22:31:23'
+            Signature: 47bb93e603b1d9570eff60e90fc75e86e623f7defa6dc27732ef23f68fcc6f2572d4a94bad11a273bb8bd2b7b8879474890ccc5cea3a9ac0753a97597c22003d7ac7c55be8d49313ec8f94cda833dfa4d79aa1c8d8a3b4497e173a02e96656978d16b470abbc6b1048e7457b13c74d05bca02c0516be067ef679678f9c3454e67eea197714f19d3b55e4339f69bba7a72254512c677d0452aa7b66dea96aad8ca15c7939cd1c85ec890699854627a001576e93365145e15a3a59af5b41f9709dc4160e05e795b401b4931a590b8a31f7b648c86af6228c9e92286fa893b4a772533ada2cfad43dbf09237fdfcc652ad091aa5031c865f53858d4b39be6311008
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 612cff88000100000010
+            Version: 3
+            TBS:
+                MD5: da9a02953cdcc039174d11b07dd2967d
+                SHA1: 568cfca269ff49615d305e680988337f0a90bc32
+                SHA256: fad628f5236458a9116a99f2d64fb9131a28f9942fca6239a5e7be0dddf4ce9f
+                SHA384: 5edeab0248f63cdc4c10b748618cd6fa4aa53ffb0ddfd51a2e35de2ea55a56822aa53fa734a46705655e8f5878b24ffd
+        -   Subject: C=US, O=Intel Corporation, CN=Intel External Basic Policy CA
+            ValidFrom: '2013-02-01 00:00:00'
+            ValidTo: '2020-05-30 10:48:38'
+            Signature: 586fbfcd43074213fcb8d0ad8121f28a6fef87bc268a7c00bd680c2b19642c1167b3a9d9790aac395d6500163b53466ea2a6b56799dbe8bfa225ae049511093a2fdeacb73db8bc017430804748544ca0fb6ba8b8a284b7f434e57bcedc5278f4316d4251ae87bf94acbe9616fb55e5798264fdac5038e4dccb812ce7776f9d9b235c7d0403f4079e7ed457e266944debb55c5c629e8c2d83e64614e2a11380fddae0862711922bbd87174fcb19184b5e8ce60dd98f7d23766fa4ffa0ba3de36d37d62638e81a9c2392c8561f1a1a8e00d633a66b95fa821e740b0fa486df23337c9e3614b35ce2a3ed48a08e28f1d74cf6c09bb4f53ca3e5a863a22c08a5d5fe
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 79174aa9141736fe15a7ca9f2cff4588
+            Version: 3
+            TBS:
+                MD5: 6ce466d55ab160317ee9b13522c2a82a
+                SHA1: 53b052ba209c525233293274854b264bc0f68b73
+                SHA256: f71790e057380a0cbafdfc25bc8b3dafd6cfbeb01077bb3d8194e91254a2fc9b
+                SHA384: c0cc37f9505ff2bab958c8ef1ea94736efae52bcf5948c866446c46b64fb9f5e603fbad4bc70270ae74e58ac8ab055f9
+        -   Subject: C=BM, O=QuoVadis Limited, CN=QuoVadis Issuing CA G4
+            ValidFrom: '2014-05-30 16:35:55'
+            ValidTo: '2021-03-17 18:33:33'
+            Signature: b9f61352b517a72a4d84774309a4dba067b4600e42f403bdc4ff2c5a0f902e78c563c84aec27f67ce429d0cf6018fa6822da0252760df21754c6f6081ea1cc82e4c33a6d99227cc4c077b4e6052047934039cfdc55adc346af294d799c644c205f8a1c56fc46a05fcb98dd917a39b4afc477996b9eacde6f2d79ea7fd7132498521cfd693eed72ac3fd0b4011914edb0f0cbf39c5114238cc7dc697d328196e41d478f017694833e888d925b1858986903c7f5d3f2615250eb34a0fd2630300fb5fd70e7272c370b1cf3e71ea62c0743b64b885e971fc1307d60642af30c7068445163599fdb57c21fff80e5c21192d82fefd51743ff642d64845c521a63c267
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 69b2d1ccf02e20dcc95c62894f7f9e5f5fc057bf
+            Version: 3
+            TBS:
+                MD5: 4e0fbd79a99e4a55f97ef41efee38a9f
+                SHA1: 114f36d5f22b84de97893469fc00b7035b3ef734
+                SHA256: f6dd9683708786a413d4d6a3661fa4e4aeb328adbd181b398b5b6aa02bb0bc16
+                SHA384: a26fe570a01b0e15cf94b41ce48ebd39ed9e9d18493d4c117f0fbb5a5b33ed8ef06c069b9638dda957547f0b0645e447
+        -   Subject: C=US, ST=CA, L=Santa Clara, O=Intel Corporation, OU=Authenticode,
+                OU=Thales TSS ESN:A6A7,71B2,73F1, CN=Timestamp.intel.com
+            ValidFrom: '2014-12-09 21:30:38'
+            ValidTo: '2017-12-09 21:30:35'
+            Signature: 946aee51ab48079d01882edffbe887d87828778d30da382cacb0c1d5a4c0fc8437badc00c2c16454a82564ba4bcf776b79eb1feedc4e4ccd02514bbaea7c9b755d88a43a9493e07ebaa22358f95dabd995d4c572134e266dfb4bbd3a4c95c3191abbba7b1d1d0587c4a3e3911e1037fda9dacd9fe9c63383f0c21ece4e829c9c7e40e96a64139dfda69d0255a9588dbff28bfec8d343ca34decb755531b384a6cf388a5f06685870f79a321c3fc0e221cf8bba3b1e0b5d0486eb02f6e9008ebc4c2741215451b0ba6e1ec9d9e202b4e38c9184838c5e948df1c051aa0d0122c32810c11cb3458735c726b9e252558e0257b3360f85ec5ba949c3a3f8841c1938b5661ea9bde4f0894b40bd9567e89b17b373faaeeb1de7b7b27e4f52b46add679ac3dbd35bbdb48c9c6fb7aae98058c99002e9e53e0a0d5d88d21289ecce372c63afc6a08ca8f61d013695e40c48b67b9725dab9607e3f80e82d2f56afdd10b453d2e82d488b69a7ca63ced68f9bdc855d62fd79103e8b4abfef936e430dee4ea4e2a199a43a03783e4e4489807170fd63f12272c865861419fe6f2c474948f8749cb696446054b3e0913bba0f5483640dd33e955421beb4574f8398398e1323b3f24f83f640c5146aa90c6e314d6ccdcf8d21bbd09e4ff883e369adc6b742c021d833a2d4fefbba1080d8ca8eade080908a626fb8396451e2616afc943e1f74
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 385dccec5fe14d3974c9591a3ab1c2caad188c2d
+            Version: 3
+            TBS:
+                MD5: 4d35161b8be0a29812bb748b548e94b1
+                SHA1: bf27e048115892363598dec245759aa7529eb154
+                SHA256: d5c67eb0b73915a6f12dbe19f662205172cc9c97b9988b78a07f14c3b7e1e2b0
+                SHA384: 8b0e411b3fc02dd3a8f5f7d248699a7d882c160a6e3753c1b223d2b0671a6d3f9efa4894172a3bfa3525787be2d6f20e
+        -   Subject: C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust
+                External CA Root
+            ValidFrom: '2013-08-15 20:26:30'
+            ValidTo: '2023-08-15 20:36:30'
+            Signature: 362ba2f2e1331fe493f7f26985c6640ec99b632fe4703798fd94ec7bcff8a14246f9ed6a4e8d34693605557a1ebbad8c99429606e925a82684bec1bf16a97caa5b04b7fdd1c0f402be28edf577c79bfe3af6e8c17bd382abfa144ecf2bcfe5d5b54840b1a38f838bad2b2553aba634cef243f74f2ce9dd1e4e5ab6bae83b10992400bc50fd78f6e523a8899493f7b74130374a57b7e644d9c9df9905aa44fc74af8264cc07cb01b609c32ee3e832a7b49f4178c7a184365462f2ec150ac8ead084f8f1e06bf456125f95e0fcddb77693fe294a25e90400f1b4110ec9849edb177df51ea58e3629193a6d6c464bd7ab7024288d05a3d9d524f2f8a0d13c8239d4a8820e693a8109fc06f0c75933843693064191232c22a5a7012b50b428aedb46b0591b86b39b87e8494e390b6d14df4c03301e1f5f74aef55b590353ec9816e0d06235751b48b87d13e57a48b87752a40798253b069b7a4e6a6f44864f144f2779273d5073414c9c413edd290c73b1c7fb1f760c176504ebd25010924149ece4067d3615446f89bf697df94d40c13a98b6a07e31d2b5aecafb53d53f5086cd5e933b6d5d7c9a3f3ff7a9255884dd114900a2c7c89e37dd778e6d718be05b81345d54baccf59347886de7ef5be228e4801b40e40f2ad17f2315655aac9994433f465526d6c4fa8895e2919aa32d0b85deac8ce0f967709f71790231f761a229c4
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 3300000035d8d5595b0671412b000000000035
+            Version: 3
+            TBS:
+                MD5: 3d488d41aaeb5661974952080abef2fd
+                SHA1: df01e35e6befc7d65625319f17397b861e618d56
+                SHA256: 3d6ef38b5d26773dc77392e415e88b3a744b30ea9f2081e2a992b5818db2f0c4
+                SHA384: ac7c06916fe4a00307834b2499f12799d3fe463c2e63d1881df669a2786745beeee2b3a7d87cd6bc9e4fe293c22e5a59
+        Signer:
+        -   SerialNumber: 330000b6712f575e402cf8708400020000b671
+            Issuer: C=US, ST=CA, L=Santa Clara, O=Intel Corporation, CN=Intel External
+                Basic Issuing CA 3B
+            Version: 1
+    Imphash: 24e4c876bb5db0b0e0a4e92f0a3d3a48
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 79553d83580570e382d3b9c7e101df2b
+        SHA1: e3dbe2aa03847df621591a4cad69a5609de5c237
+        SHA256: eb71a8ecef692e74ae356e8cb734029b233185ee5c2ccb6cc87cc6b36bea65cf
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2014-01-24 12:22:40'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - KeQueryActiveProcessors
+    - KeQueryActiveProcessorCount
+    - IoDeleteSymbolicLink
+    - KeSetSystemAffinityThreadEx
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - KeRevertToUserAffinityThreadEx
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - RtlAssert
+    - DbgPrint
+    - KeBugCheckEx
+    - __C_specific_handler
+    Imports:
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: 7d84a4ed0fcca3d098881a3f3283724b
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 252e1fcba620376013e4c621871adbd9
+        SHA1: 32ce757853a6284b60df9381e5054da74e5f45b9
+        SHA256: 0969d47afdfa5c5cc931241e8bf31a90296f457a962c018d5f0c3d1e86375242
+    SHA1: 67b45c1e204d44824cd7858455e1acedbd7ffbb3
+    SHA256: 648994905b29b9c4a1074eef332bf6932b638bad62df020b5452c74e2b15d78f
+    Sections:
+        .text:
+            Entropy: 5.430468641775563
+            Virtual Size: '0xe6d'
+        .rdata:
+            Entropy: 4.112486136824452
+            Virtual Size: '0x1ec'
+        .data:
+            Entropy: 0.5035334969292564
+            Virtual Size: '0x118'
+        .pdata:
+            Entropy: 3.400976341753789
+            Virtual Size: '0xf0'
+        PAGE:
+            Entropy: 5.7210729999232015
+            Virtual Size: '0x82d'
+        INIT:
+            Entropy: 5.352607237368339
+            Virtual Size: '0x45a'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Intel Corporation, CN=Intel External Basic Policy CA
+            ValidFrom: '2006-02-16 18:01:30'
+            ValidTo: '2016-02-19 18:01:30'
+            Signature: 131038ada454a5489545b02d3772c09f9ed8ef8f0bfb9096d2b6177951cab3df067ebdb4e9083f84a00c939fb31ca86c8acf2deef99012f0f83a26d773810e9fc4319259d4282541f555f1ca3d993dda64c8d21864223209092d1de331fafdd347d764a8f95dea8227e24fd2612124611d54263e145964b098d5f3a7c3aead50
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 05b0ff
+            Version: 3
+            TBS:
+                MD5: f532f9999c3f7a078f0f973c726a2a04
+                SHA1: f56832bc9412c372f9a8744591258f8bb11af2d8
+                SHA256: 4c75ce4be51027c4e1f7422775c3ae79d5195ffc0ff7f379123a603ccb702c60
+                SHA384: 084772ceb63ae50ebd8125ba9eba0c9b38d0e94a806f58513f71f1d5489f52489b0dfbb8c67603a425a603451b3b1719
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=Equifax, OU=Equifax Secure Certificate Authority
+            ValidFrom: '2006-05-23 17:01:15'
+            ValidTo: '2016-05-23 17:11:15'
+            Signature: 87a40f6b55916248ff54811ccf5db6c5a514aa671df485f6860d38b31c8d22ce7c867946fb71e16114d0ed4e46a48bca64654094f92ad7870ca9b7bedcc40bbd09c106eb9530841b9d8de7bc70c6f86539c4e5c4e65c8fcda130baef065e555290edd8587f15142ecc21a593dab8508d805e6e22a70fde8093add71d24b02aa2f4f20b98750131cc69bc359b3d13662f21bde54ec3639cc8518d59f5b600937ef10c35b0f4180dbfa7bdb2aae16b9f3ce6bb41b5d904e7c8a63abf8a5bdcaa9a3cd2c8dfcb1774163d78470b4c108e406616a0f300ede034998af0f9460ff27fbf202c972616d59e81da94a6dc61c8f18e092d4e32d03df682267d91d7a6c67bc1311d210ed4a342c1b4dfc0446b4f2aeebb29d62787b0a450ae1a9ab5f996f4ccabe52b3df166e2d5e1c3f0c687b659536638026e6194df1563aa415052f9bb64dc95e05b6c2aacfed6e603c21ff65557fe7e813fcb5a0bc1029cac84e47cd3f4c25a17c312706009ec82e5eccdd0b2106d69868c8da60e0416c57164ebd95bb8b08cfc32427e60846f655b7244272b846181f461d50fd51dbc05a27a5f937f26d1c8b3afa0190723e43e225d32d14a0fcee7b72a5c7b6e1c57126864e8337e8c501340a487b0d3a69b1eacbd3d7812bc52af09e0bab0508e5c81f98383af1482f50a6d035721bb9ac32e66fb04215b0a120fc1c907d63cecabf9a52f90883a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610bdc8f00000000001a
+            Version: 3
+            TBS:
+                MD5: 6e11ed171e9a07e607b8ca65bf0e8858
+                SHA1: 6d329a72420f76868584957854cdc45172e9f902
+                SHA256: 75efb8656a18ba5dacc596757bfb0fa11f0d3d81fd5f8cf9bb8975ced87e7b1b
+                SHA384: c41060ed797c77588692c0b3e36e19cca2d48c354863437f3df76009e25c916e8d2c7e17b297fbc59da085e98d070093
+        -   Subject: CN=SEMA Software
+            ValidFrom: '2012-08-13 20:15:00'
+            ValidTo: '2015-05-15 19:35:13'
+            Signature: 759b16da09fbcae52729fd7739d9a29d9e5c83d61bf897d352b330cb0ef2e85f6675674f8fa4f0205fdaf097d766dada95c6a00012de4c8bcc2b91f462c30e8884f2262edae6482a497ebe024c266db370545536498feed2699b85d32892b19d10fa36ebad821790a82d4a9d17b1088950afbdfa4ab13e3082ab7e9ea705911ef91284430bf69b5b8b69a528b6896d87cdfb3e0e5f934278fed63d494a82025aa24f9e75ef54cc7453c29f9ab6ffc79adeca70be5fe54891fd2804f019624d430222c1b5e5862b67de49363b9e41b96f0a1f45dd63458ff4aeffe0d8701c11b2eb8a50399123a21f822f7b1bed5cc03c470ed396d927851e3b7069f4228b1ca4
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1b9a8f3100010000916c
+            Version: 3
+            TBS:
+                MD5: b94186e712a30346b6aec85b267f1ccf
+                SHA1: e6df41e3f543c4f54b4cecf8c45a941b5f79087c
+                SHA256: 955af30020a5027583bcbb5b546442a68c574ca151662d2c63d38b20c4924c6c
+                SHA384: 71cea65764f3d931a58017088d12472be5801d42516de63fcb8e248bd0e9f6696a7c4295fd2f03cd8bdaf5e9f2b0ed90
+        -   Subject: C=US, O=Intel Corporation, CN=Intel External Basic Issuing CA
+                3A
+            ValidFrom: '2009-05-15 19:25:13'
+            ValidTo: '2015-05-15 19:35:13'
+            Signature: 9463fd5dd0c4ba54f4e521c3a1a355d6875f773c3e642432523dda612c741d335a0a03ec2131d201a18d55cd30c32be0be132e097329daedfa42f2e5669ff473fe2f4c66dc9ceea7b33ed6539fd532391bc999d747f8ec7f472706c1edda82cf2351db29102a2b60e909c9992c9c32254d552f6d1ef0c98fa018962ac565eaadc54512232c5aef3f38895fec5da0018301c35919e79767e2558120cd16aaf45e5a93ef85878ded8fb730a11d48c910ed366235b7dd6790fff0a7d634c4c9e151e5b4e8022f5940e6dc7f178475f76d2c9292f97aedd28fae744547b7ace5ec695e4dc89cc1c01df5fb5cec9a57957450f493f170f47c576c0404df9b9c37fec2
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611e80b7000000000007
+            Version: 3
+            TBS:
+                MD5: baca708678523cc174d8591aee607fa0
+                SHA1: ccb0c6bea0e8d844bce4c981fb29a4784b85ad34
+                SHA256: 11b7a4f10026418d92ba91b7d639a49b0f24ba1406bb0f3bb9a4fb6d2bede02c
+                SHA384: 4f90d1b4fce551db965d5fc639aa2636c0200122b67044832959c76e06f1714d9d8ef300366b600cb0fce10228332bb0
+        Signer:
+        -   SerialNumber: 1b9a8f3100010000916c
+            Issuer: C=US, O=Intel Corporation, CN=Intel External Basic Issuing CA
+                3A
+            Version: 1
+    Imphash: 24e4c876bb5db0b0e0a4e92f0a3d3a48
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/14556074-b235-4378-b356-f58721629d72.yaml b/yaml/14556074-b235-4378-b356-f58721629d72.yaml
index e26777cd0..8c95e1d47 100644
--- a/yaml/14556074-b235-4378-b356-f58721629d72.yaml
+++ b/yaml/14556074-b235-4378-b356-f58721629d72.yaml
@@ -1,2063 +1,2075 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 14556074-b235-4378-b356-f58721629d72
+Tags:
+- mimikatz.sys
+Verified: 'TRUE'
 Author: Michael Haag
+Created: '2023-07-22'
+MitreID: T1068
 CVE:
 - ''
 Category: malicious
 Commands:
-  Command: ''
-  Description: Confirmed vulnerable driver from Microsoft Block List
-  OperatingSystem: Windows
-  Privileges: kernel
-  Usecase: Elevate privileges
-Created: '2023-07-22'
-Detection:
-- type: ''
-  value: ''
-Id: 14556074-b235-4378-b356-f58721629d72
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 9b33accbd66ae545907a62b552574805
-    SHA1: 3b2ad39da3f313d76fc698dd84a79904d886c3a6
-    SHA256: e7a6c3a40724ba871e13d9c55b7967ed252777a2382fea86e4ed6a2a8203fb4a
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2012-08-26 04:47:53'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - NtBuildNumber
-  - RtlCompareMemory
-  - DbgPrint
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsDereferencePrimaryToken
-  - PsReferencePrimaryToken
-  - ZwClose
-  - ZwSetInformationProcess
-  - ZwDuplicateToken
-  - ZwOpenProcessTokenEx
-  - ObOpenObjectByPointer
-  - PsProcessType
-  - PsGetProcessId
-  - RtlInitUnicodeString
-  - PsInitialSystemProcess
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - ObfDereferenceObject
-  - IoEnumerateRegisteredFiltersList
-  - KeServiceDescriptorTable
-  - PsSetCreateProcessNotifyRoutine
-  - IoConnectInterrupt
-  - PsSetCreateThreadNotifyRoutine
-  - PsSetLoadImageNotifyRoutine
-  - CmUnRegisterCallback
-  - MmGetSystemRoutineAddress
-  - KeTickCount
-  - KeBugCheckEx
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - IofCompleteRequest
-  - memset
-  - PsGetProcessImageFileName
-  - _vsnwprintf
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwind
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltGetVolumeFromInstance
-  - FltObjectDereference
-  - FltEnumerateFilters
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: ''
-  MD5: 63060b756377fce2ce4ab9d079ca732f
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 3010c6b3ceeb3f2e83c6d7186b9a65bd
-    SHA1: 51dff26785c84f9975066bfc058749382af56e9a
-    SHA256: c66c5fcc9bbd9d23872aeb85b60c70ad22bef1cfff0b4b46039b3886728fb103
-  SHA1: 4da007dd298723f920e194501bb49bab769dfb14
-  SHA256: 3033ff03e6f523726638b43d954bc666cdd26483fa5abcf98307952ff88f80ee
-  Sections:
-    .text:
-      Entropy: 6.203004686966463
-      Virtual Size: '0x289e'
-    .rdata:
-      Entropy: 3.460622498395349
-      Virtual Size: '0x684'
-    .data:
-      Entropy: 3.11924592348315
-      Virtual Size: '0xe8'
-    PAGE:
-      Entropy: 5.786287892614831
-      Virtual Size: '0x266'
-    INIT:
-      Entropy: 5.266174691926025
-      Virtual Size: '0x53e'
-    .reloc:
-      Entropy: 5.67439270665009
-      Virtual Size: '0x30e'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: OU=Timestamping CA, O=GlobalSign, CN=GlobalSign Timestamping CA
-      ValidFrom: '2009-03-18 11:00:00'
-      ValidTo: '2028-01-28 12:00:00'
-      Signature: 5df6cb2b0d0140849f857a43706ae0c5e7aa0600d76713c9089131654f14a8a905dc389e6aa0300abd8dc78028ee4245ca94f3de5845a9803204f5595c6a70003927944df5b44634e81c5331b2b35416e9cc42abd5d959301cfb462725b88723b1e8758824831ec876377b01494548a4ede25dd27c9ca2dc2dba105a126265abae00c710343bcb72bd14240cdcc37627b4a7fee15829f20e169f91391d89a6e60f1c878ce258ac927e243eaaec14e73a33348bc63bac83ab0f14627aba1a2d4d4b1bc530f00b92797d3c78e0f8e6d215965999392b3061e8b8f8c0a1e9221411787dc4dc89bec0bb94e172aeebb540404fef171e585ed0a88996ac9228e9babf
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012019c19066
-      Version: 3
-      TBS:
-        MD5: 42023b9487cafe46c1b6a49c369a362e
-        SHA1: 7c7b524d269334b9f073c32e888e09544c6acd98
-        SHA256: b7126567833f3daa4085ff41e73112daad3d1e3808a942c1936520e2d6c46c78
-        SHA384: 0ee4f63d6f157ec4f6990c3ebb411ccd76cb1e2123c7f692459e43f96c0da2dbf60a2bce6afeacc60621d3055028baea
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=BE, O=GlobalSign NV, CN=GlobalSign Time Stamping Authority
-      ValidFrom: '2009-12-21 09:32:56'
-      ValidTo: '2020-12-22 09:32:56'
-      Signature: bc89ecfee63655935c79d4117a86808f17b693b26d9b91a1561811c655eaf608edad9b9ef52b81c8bbdd607b1b47991e6d403e1d80c213d58e04052fdbe7ae529e688472a1e54a603cf89bd52f46d8c3b2b79353ac9b6c432424d1f1fce9562e3411581843eaefff34746ca0c06c7fad031969881e9560cabbbd0cbb76efc724b081c63831cf36ad0c38b89020849b2e8f28b99ff6ca9427cdac396157e0e3955a9c769230f5dea6973d721c2a6032a8334d8635338a5cf3a4fdf7062ce16b4b30f5cbd34362f841b9de7d20cb058c8e2cf65f35fd338d42896508362ca389f45a858bb0b97bdb6ccba1f8d20e1bbb977cd12779be9d7c3be6a75634d8c991a9
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 01000000000125b0b4cc01
-      Version: 3
-      TBS:
-        MD5: e3369c8e5aec0504b3a50455f615d9f9
-        SHA1: 13c244a894b40ecd18aaf97c362f20385bd005a7
-        SHA256: 26da721a670c72836926032fee6920118bfb9bff89cc8d0ce30d9452c33f2532
-        SHA384: 1524902f0e25addc6d74039d439366d2b06199e215004fd8e145369f50ea94a021ce6312e8a62b35470da0309ccb975c
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 7df0d3ee663fc0e7c72a95e44ba4c82c
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 9b7f12a91aaee57a3af614abb56fd618
-    SHA1: cc2cd7bc3220a7c5afdb559f8978c9eca6583075
-    SHA256: 82fea578188662b4ed6df4c3aaaf6ebae72a6cd2f8bf135a89150cca1769156b
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2012-02-08 17:50:50'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - NtBuildNumber
-  - RtlCompareMemory
-  - DbgPrint
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsDereferencePrimaryToken
-  - PsReferencePrimaryToken
-  - ZwClose
-  - ZwSetInformationProcess
-  - ZwDuplicateToken
-  - ZwOpenProcessTokenEx
-  - PsProcessType
-  - ObOpenObjectByPointer
-  - RtlInitUnicodeString
-  - PsGetProcessImageFileName
-  - PsInitialSystemProcess
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - ObfDereferenceObject
-  - IoEnumerateRegisteredFiltersList
-  - KeServiceDescriptorTable
-  - PsSetCreateProcessNotifyRoutine
-  - PsSetCreateThreadNotifyRoutine
-  - PsSetLoadImageNotifyRoutine
-  - CmUnRegisterCallback
-  - KeTickCount
-  - KeBugCheckEx
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - IofCompleteRequest
-  - memset
-  - PsGetProcessId
-  - _vsnwprintf
-  - MmGetSystemRoutineAddress
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwind
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltGetVolumeFromInstance
-  - FltObjectDereference
-  - FltEnumerateFilters
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: ''
-  MD5: 650ef9dd70cb192027e536754d6e0f63
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 95ea6e420d0c2446eae3a1a53431a5d5
-    SHA1: bb5e5d23e51ec1e3700cfed8fba07053edfcf58e
-    SHA256: bc0476b068af191fdbf1f7a2be9c21188c6e7993e62293090eeaae4694dd6bef
-  SHA1: b7ff8536553cb236ea2607941e634b23aadb59ee
-  SHA256: 47356707e610cfd0be97595fbe55246b96a69141e1da579e6f662ddda6dc5280
-  Sections:
-    .text:
-      Entropy: 6.206569634065094
-      Virtual Size: '0x2388'
-    .rdata:
-      Entropy: 3.426812306993836
-      Virtual Size: '0x5c4'
-    .data:
-      Entropy: 2.981322356352421
-      Virtual Size: '0xc4'
-    PAGE:
-      Entropy: 5.778009200543782
-      Virtual Size: '0x266'
-    INIT:
-      Entropy: 5.268893138648195
-      Virtual Size: '0x524'
-    .reloc:
-      Entropy: 5.697555917019675
-      Virtual Size: '0x2c8'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: OU=Timestamping CA, O=GlobalSign, CN=GlobalSign Timestamping CA
-      ValidFrom: '2009-03-18 11:00:00'
-      ValidTo: '2028-01-28 12:00:00'
-      Signature: 5df6cb2b0d0140849f857a43706ae0c5e7aa0600d76713c9089131654f14a8a905dc389e6aa0300abd8dc78028ee4245ca94f3de5845a9803204f5595c6a70003927944df5b44634e81c5331b2b35416e9cc42abd5d959301cfb462725b88723b1e8758824831ec876377b01494548a4ede25dd27c9ca2dc2dba105a126265abae00c710343bcb72bd14240cdcc37627b4a7fee15829f20e169f91391d89a6e60f1c878ce258ac927e243eaaec14e73a33348bc63bac83ab0f14627aba1a2d4d4b1bc530f00b92797d3c78e0f8e6d215965999392b3061e8b8f8c0a1e9221411787dc4dc89bec0bb94e172aeebb540404fef171e585ed0a88996ac9228e9babf
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012019c19066
-      Version: 3
-      TBS:
-        MD5: 42023b9487cafe46c1b6a49c369a362e
-        SHA1: 7c7b524d269334b9f073c32e888e09544c6acd98
-        SHA256: b7126567833f3daa4085ff41e73112daad3d1e3808a942c1936520e2d6c46c78
-        SHA384: 0ee4f63d6f157ec4f6990c3ebb411ccd76cb1e2123c7f692459e43f96c0da2dbf60a2bce6afeacc60621d3055028baea
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=BE, O=GlobalSign NV, CN=GlobalSign Time Stamping Authority
-      ValidFrom: '2009-12-21 09:32:56'
-      ValidTo: '2020-12-22 09:32:56'
-      Signature: bc89ecfee63655935c79d4117a86808f17b693b26d9b91a1561811c655eaf608edad9b9ef52b81c8bbdd607b1b47991e6d403e1d80c213d58e04052fdbe7ae529e688472a1e54a603cf89bd52f46d8c3b2b79353ac9b6c432424d1f1fce9562e3411581843eaefff34746ca0c06c7fad031969881e9560cabbbd0cbb76efc724b081c63831cf36ad0c38b89020849b2e8f28b99ff6ca9427cdac396157e0e3955a9c769230f5dea6973d721c2a6032a8334d8635338a5cf3a4fdf7062ce16b4b30f5cbd34362f841b9de7d20cb058c8e2cf65f35fd338d42896508362ca389f45a858bb0b97bdb6ccba1f8d20e1bbb977cd12779be9d7c3be6a75634d8c991a9
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 01000000000125b0b4cc01
-      Version: 3
-      TBS:
-        MD5: e3369c8e5aec0504b3a50455f615d9f9
-        SHA1: 13c244a894b40ecd18aaf97c362f20385bd005a7
-        SHA256: 26da721a670c72836926032fee6920118bfb9bff89cc8d0ce30d9452c33f2532
-        SHA384: 1524902f0e25addc6d74039d439366d2b06199e215004fd8e145369f50ea94a021ce6312e8a62b35470da0309ccb975c
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 7641a0c227f0a3a45b80bb8af43cd152
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 350c412cbf84475c1251460180c1d87c
-    SHA1: 5816faf0ea63abe56fd20c1ac72d8f3e6d90e9ec
-    SHA256: 76718b87861bf6e502aa95ea85e378326c8db1759fe010c941b26cba3c881133
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2012-11-03 11:37:13'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - NtBuildNumber
-  - RtlCompareMemory
-  - DbgPrint
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsDereferencePrimaryToken
-  - PsReferencePrimaryToken
-  - ZwClose
-  - ZwSetInformationProcess
-  - ZwDuplicateToken
-  - ZwOpenProcessTokenEx
-  - ObOpenObjectByPointer
-  - PsProcessType
-  - PsGetProcessId
-  - RtlInitUnicodeString
-  - PsInitialSystemProcess
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - ObfDereferenceObject
-  - IoEnumerateRegisteredFiltersList
-  - KeServiceDescriptorTable
-  - PsSetCreateProcessNotifyRoutine
-  - IoConnectInterrupt
-  - PsSetCreateThreadNotifyRoutine
-  - PsSetLoadImageNotifyRoutine
-  - CmUnRegisterCallback
-  - MmGetSystemRoutineAddress
-  - KeTickCount
-  - KeBugCheckEx
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - IofCompleteRequest
-  - memset
-  - PsGetProcessImageFileName
-  - _vsnwprintf
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwind
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltGetVolumeFromInstance
-  - FltObjectDereference
-  - FltEnumerateFilters
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: ''
-  MD5: 76f8607fc4fb9e828d613a7214436b66
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 3010c6b3ceeb3f2e83c6d7186b9a65bd
-    SHA1: 51dff26785c84f9975066bfc058749382af56e9a
-    SHA256: c66c5fcc9bbd9d23872aeb85b60c70ad22bef1cfff0b4b46039b3886728fb103
-  SHA1: 197811ec137e9916e6692fc5c28f6d6609ffc20e
-  SHA256: be70be9d84ae14ea1fa5ec68e2a61f6acfe576d965fe51c6bac78fba01a744fb
-  Sections:
-    .text:
-      Entropy: 6.203004686966463
-      Virtual Size: '0x289e'
-    .rdata:
-      Entropy: 3.4564408637017117
-      Virtual Size: '0x684'
-    .data:
-      Entropy: 3.11924592348315
-      Virtual Size: '0xe8'
-    PAGE:
-      Entropy: 5.786287892614831
-      Virtual Size: '0x266'
-    INIT:
-      Entropy: 5.266174691926025
-      Virtual Size: '0x53e'
-    .reloc:
-      Entropy: 5.67439270665009
-      Virtual Size: '0x30e'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: OU=Timestamping CA, O=GlobalSign, CN=GlobalSign Timestamping CA
-      ValidFrom: '2009-03-18 11:00:00'
-      ValidTo: '2028-01-28 12:00:00'
-      Signature: 5df6cb2b0d0140849f857a43706ae0c5e7aa0600d76713c9089131654f14a8a905dc389e6aa0300abd8dc78028ee4245ca94f3de5845a9803204f5595c6a70003927944df5b44634e81c5331b2b35416e9cc42abd5d959301cfb462725b88723b1e8758824831ec876377b01494548a4ede25dd27c9ca2dc2dba105a126265abae00c710343bcb72bd14240cdcc37627b4a7fee15829f20e169f91391d89a6e60f1c878ce258ac927e243eaaec14e73a33348bc63bac83ab0f14627aba1a2d4d4b1bc530f00b92797d3c78e0f8e6d215965999392b3061e8b8f8c0a1e9221411787dc4dc89bec0bb94e172aeebb540404fef171e585ed0a88996ac9228e9babf
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012019c19066
-      Version: 3
-      TBS:
-        MD5: 42023b9487cafe46c1b6a49c369a362e
-        SHA1: 7c7b524d269334b9f073c32e888e09544c6acd98
-        SHA256: b7126567833f3daa4085ff41e73112daad3d1e3808a942c1936520e2d6c46c78
-        SHA384: 0ee4f63d6f157ec4f6990c3ebb411ccd76cb1e2123c7f692459e43f96c0da2dbf60a2bce6afeacc60621d3055028baea
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=BE, O=GlobalSign NV, CN=GlobalSign Time Stamping Authority
-      ValidFrom: '2009-12-21 09:32:56'
-      ValidTo: '2020-12-22 09:32:56'
-      Signature: bc89ecfee63655935c79d4117a86808f17b693b26d9b91a1561811c655eaf608edad9b9ef52b81c8bbdd607b1b47991e6d403e1d80c213d58e04052fdbe7ae529e688472a1e54a603cf89bd52f46d8c3b2b79353ac9b6c432424d1f1fce9562e3411581843eaefff34746ca0c06c7fad031969881e9560cabbbd0cbb76efc724b081c63831cf36ad0c38b89020849b2e8f28b99ff6ca9427cdac396157e0e3955a9c769230f5dea6973d721c2a6032a8334d8635338a5cf3a4fdf7062ce16b4b30f5cbd34362f841b9de7d20cb058c8e2cf65f35fd338d42896508362ca389f45a858bb0b97bdb6ccba1f8d20e1bbb977cd12779be9d7c3be6a75634d8c991a9
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 01000000000125b0b4cc01
-      Version: 3
-      TBS:
-        MD5: e3369c8e5aec0504b3a50455f615d9f9
-        SHA1: 13c244a894b40ecd18aaf97c362f20385bd005a7
-        SHA256: 26da721a670c72836926032fee6920118bfb9bff89cc8d0ce30d9452c33f2532
-        SHA384: 1524902f0e25addc6d74039d439366d2b06199e215004fd8e145369f50ea94a021ce6312e8a62b35470da0309ccb975c
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 7df0d3ee663fc0e7c72a95e44ba4c82c
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 64609ef7b3e2ca2ae15ac30c04002204
-    SHA1: 146c60b0dcd8cb8aa82992e56997b2ebe472918f
-    SHA256: 184cc3969b79f1856614bed64c1d5562d3363e13a92176f2e9a9235a4aa7d051
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2013-05-17 13:33:16'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - RtlCompareMemory
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - DbgPrint
-  - PsProcessType
-  - PsGetProcessImageFileName
-  - PsReferencePrimaryToken
-  - ZwOpenProcessTokenEx
-  - ZwSetInformationProcess
-  - ZwClose
-  - ZwDuplicateToken
-  - PsInitialSystemProcess
-  - ObOpenObjectByPointer
-  - IofCompleteRequest
-  - PsDereferencePrimaryToken
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IoEnumerateRegisteredFiltersList
-  - ObfDereferenceObject
-  - MmGetSystemRoutineAddress
-  - CcMdlRead
-  - SeImpersonateClientEx
-  - PsSetCreateThreadNotifyRoutine
-  - PsSetLoadImageNotifyRoutine
-  - CmUnRegisterCallback
-  - KeBugCheckEx
-  - _vsnwprintf
-  - IoDeleteDevice
-  - RtlInitUnicodeString
-  - NtBuildNumber
-  - PsGetProcessId
-  - IoDeleteSymbolicLink
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwindEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltEnumerateFilters
-  - FltObjectDereference
-  - FltGetVolumeFromInstance
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: ''
-  MD5: 2d37d2fb9b9f8ac52bc02cba4487e3cb
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 6931e969068f58678830e6bb4ee1ae49
-    SHA1: bd694fda9f3f6b6a24e205b6027faf20b7d02b7a
-    SHA256: 0ba61ea701b8a9e1bae7234e761b74c12b4262a3798d4525ce4b626affb6fc9a
-  SHA1: 632c80a3c95cf589b03812539dea59594eaefae0
-  SHA256: ece76b79feafb38ae4371e104b6dcbb4253ff3b2acbe5bd14ce6e47525c24f4a
-  Sections:
-    .text:
-      Entropy: 6.097853212616491
-      Virtual Size: '0x37f6'
-    .rdata:
-      Entropy: 4.076714176904094
-      Virtual Size: '0x940'
-    .data:
-      Entropy: 1.4269125817182893
-      Virtual Size: '0x2b8'
-    .pdata:
-      Entropy: 3.9170697014365152
-      Virtual Size: '0x1f8'
-    PAGE:
-      Entropy: 6.079756252073022
-      Virtual Size: '0x28b'
-    INIT:
-      Entropy: 5.100311543493838
-      Virtual Size: '0x5cc'
-    .reloc:
-      Entropy: 2.8064493688417227
-      Virtual Size: '0xa4'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: OU=Timestamping CA, O=GlobalSign, CN=GlobalSign Timestamping CA
-      ValidFrom: '2009-03-18 11:00:00'
-      ValidTo: '2028-01-28 12:00:00'
-      Signature: 5df6cb2b0d0140849f857a43706ae0c5e7aa0600d76713c9089131654f14a8a905dc389e6aa0300abd8dc78028ee4245ca94f3de5845a9803204f5595c6a70003927944df5b44634e81c5331b2b35416e9cc42abd5d959301cfb462725b88723b1e8758824831ec876377b01494548a4ede25dd27c9ca2dc2dba105a126265abae00c710343bcb72bd14240cdcc37627b4a7fee15829f20e169f91391d89a6e60f1c878ce258ac927e243eaaec14e73a33348bc63bac83ab0f14627aba1a2d4d4b1bc530f00b92797d3c78e0f8e6d215965999392b3061e8b8f8c0a1e9221411787dc4dc89bec0bb94e172aeebb540404fef171e585ed0a88996ac9228e9babf
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012019c19066
-      Version: 3
-      TBS:
-        MD5: 42023b9487cafe46c1b6a49c369a362e
-        SHA1: 7c7b524d269334b9f073c32e888e09544c6acd98
-        SHA256: b7126567833f3daa4085ff41e73112daad3d1e3808a942c1936520e2d6c46c78
-        SHA384: 0ee4f63d6f157ec4f6990c3ebb411ccd76cb1e2123c7f692459e43f96c0da2dbf60a2bce6afeacc60621d3055028baea
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=BE, O=GlobalSign NV, CN=GlobalSign Time Stamping Authority
-      ValidFrom: '2009-12-21 09:32:56'
-      ValidTo: '2020-12-22 09:32:56'
-      Signature: bc89ecfee63655935c79d4117a86808f17b693b26d9b91a1561811c655eaf608edad9b9ef52b81c8bbdd607b1b47991e6d403e1d80c213d58e04052fdbe7ae529e688472a1e54a603cf89bd52f46d8c3b2b79353ac9b6c432424d1f1fce9562e3411581843eaefff34746ca0c06c7fad031969881e9560cabbbd0cbb76efc724b081c63831cf36ad0c38b89020849b2e8f28b99ff6ca9427cdac396157e0e3955a9c769230f5dea6973d721c2a6032a8334d8635338a5cf3a4fdf7062ce16b4b30f5cbd34362f841b9de7d20cb058c8e2cf65f35fd338d42896508362ca389f45a858bb0b97bdb6ccba1f8d20e1bbb977cd12779be9d7c3be6a75634d8c991a9
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 01000000000125b0b4cc01
-      Version: 3
-      TBS:
-        MD5: e3369c8e5aec0504b3a50455f615d9f9
-        SHA1: 13c244a894b40ecd18aaf97c362f20385bd005a7
-        SHA256: 26da721a670c72836926032fee6920118bfb9bff89cc8d0ce30d9452c33f2532
-        SHA384: 1524902f0e25addc6d74039d439366d2b06199e215004fd8e145369f50ea94a021ce6312e8a62b35470da0309ccb975c
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 7bf14377888c429897eb10a85f70266c
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 4a3afa75d4e37084cd63bcb48f960431
-    SHA1: 17459f6e341ec31898452c21b3bd9c91faacbc73
-    SHA256: caa87fc917ab2ccf9bf2ad715173d74e031626c6bd3c80dca01f27933fec7242
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2013-01-14 22:20:03'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - RtlCompareMemory
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - DbgPrint
-  - PsProcessType
-  - PsGetProcessImageFileName
-  - PsReferencePrimaryToken
-  - ZwOpenProcessTokenEx
-  - ZwSetInformationProcess
-  - ZwClose
-  - ZwDuplicateToken
-  - PsInitialSystemProcess
-  - ObOpenObjectByPointer
-  - IofCompleteRequest
-  - PsDereferencePrimaryToken
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IoEnumerateRegisteredFiltersList
-  - ObfDereferenceObject
-  - MmGetSystemRoutineAddress
-  - CcMdlRead
-  - SeImpersonateClientEx
-  - PsSetCreateThreadNotifyRoutine
-  - PsSetLoadImageNotifyRoutine
-  - CmUnRegisterCallback
-  - KeBugCheckEx
-  - _vsnwprintf
-  - IoDeleteDevice
-  - RtlInitUnicodeString
-  - NtBuildNumber
-  - PsGetProcessId
-  - IoDeleteSymbolicLink
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwindEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltEnumerateFilters
-  - FltObjectDereference
-  - FltGetVolumeFromInstance
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: ''
-  MD5: a3d69c7e24300389b56782aa63b0e357
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 6931e969068f58678830e6bb4ee1ae49
-    SHA1: bd694fda9f3f6b6a24e205b6027faf20b7d02b7a
-    SHA256: 0ba61ea701b8a9e1bae7234e761b74c12b4262a3798d4525ce4b626affb6fc9a
-  SHA1: b555aad38df7605985462f3899572931ee126259
-  SHA256: c13f5bc4edfbe8f1884320c5d76ca129d00de41a1e61d45195738f125dfe60a7
-  Sections:
-    .text:
-      Entropy: 6.097853212616491
-      Virtual Size: '0x37f6'
-    .rdata:
-      Entropy: 4.051333761804722
-      Virtual Size: '0x940'
-    .data:
-      Entropy: 1.4269125817182893
-      Virtual Size: '0x2b8'
-    .pdata:
-      Entropy: 3.9170697014365152
-      Virtual Size: '0x1f8'
-    PAGE:
-      Entropy: 6.079756252073022
-      Virtual Size: '0x28b'
-    INIT:
-      Entropy: 5.100311543493838
-      Virtual Size: '0x5cc'
-    .reloc:
-      Entropy: 2.8064493688417227
-      Virtual Size: '0xa4'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: OU=Timestamping CA, O=GlobalSign, CN=GlobalSign Timestamping CA
-      ValidFrom: '2009-03-18 11:00:00'
-      ValidTo: '2028-01-28 12:00:00'
-      Signature: 5df6cb2b0d0140849f857a43706ae0c5e7aa0600d76713c9089131654f14a8a905dc389e6aa0300abd8dc78028ee4245ca94f3de5845a9803204f5595c6a70003927944df5b44634e81c5331b2b35416e9cc42abd5d959301cfb462725b88723b1e8758824831ec876377b01494548a4ede25dd27c9ca2dc2dba105a126265abae00c710343bcb72bd14240cdcc37627b4a7fee15829f20e169f91391d89a6e60f1c878ce258ac927e243eaaec14e73a33348bc63bac83ab0f14627aba1a2d4d4b1bc530f00b92797d3c78e0f8e6d215965999392b3061e8b8f8c0a1e9221411787dc4dc89bec0bb94e172aeebb540404fef171e585ed0a88996ac9228e9babf
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012019c19066
-      Version: 3
-      TBS:
-        MD5: 42023b9487cafe46c1b6a49c369a362e
-        SHA1: 7c7b524d269334b9f073c32e888e09544c6acd98
-        SHA256: b7126567833f3daa4085ff41e73112daad3d1e3808a942c1936520e2d6c46c78
-        SHA384: 0ee4f63d6f157ec4f6990c3ebb411ccd76cb1e2123c7f692459e43f96c0da2dbf60a2bce6afeacc60621d3055028baea
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=BE, O=GlobalSign NV, CN=GlobalSign Time Stamping Authority
-      ValidFrom: '2009-12-21 09:32:56'
-      ValidTo: '2020-12-22 09:32:56'
-      Signature: bc89ecfee63655935c79d4117a86808f17b693b26d9b91a1561811c655eaf608edad9b9ef52b81c8bbdd607b1b47991e6d403e1d80c213d58e04052fdbe7ae529e688472a1e54a603cf89bd52f46d8c3b2b79353ac9b6c432424d1f1fce9562e3411581843eaefff34746ca0c06c7fad031969881e9560cabbbd0cbb76efc724b081c63831cf36ad0c38b89020849b2e8f28b99ff6ca9427cdac396157e0e3955a9c769230f5dea6973d721c2a6032a8334d8635338a5cf3a4fdf7062ce16b4b30f5cbd34362f841b9de7d20cb058c8e2cf65f35fd338d42896508362ca389f45a858bb0b97bdb6ccba1f8d20e1bbb977cd12779be9d7c3be6a75634d8c991a9
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 01000000000125b0b4cc01
-      Version: 3
-      TBS:
-        MD5: e3369c8e5aec0504b3a50455f615d9f9
-        SHA1: 13c244a894b40ecd18aaf97c362f20385bd005a7
-        SHA256: 26da721a670c72836926032fee6920118bfb9bff89cc8d0ce30d9452c33f2532
-        SHA384: 1524902f0e25addc6d74039d439366d2b06199e215004fd8e145369f50ea94a021ce6312e8a62b35470da0309ccb975c
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 7bf14377888c429897eb10a85f70266c
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 04bfc5474deae488ead0a665e8bdbecf
-    SHA1: e6d31983f7d3d1f1f9977cad1b1898ff4957ac7c
-    SHA256: 19bfc95d74b27684e420b985589105d51772100383e7c3790a34ae311fee03d8
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2013-08-17 16:23:49'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - NtBuildNumber
-  - RtlCompareMemory
-  - DbgPrint
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsDereferencePrimaryToken
-  - PsReferencePrimaryToken
-  - ZwClose
-  - ZwSetInformationProcess
-  - ZwDuplicateToken
-  - ZwOpenProcessTokenEx
-  - ObOpenObjectByPointer
-  - PsProcessType
-  - PsGetProcessId
-  - RtlInitUnicodeString
-  - PsInitialSystemProcess
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - ObfDereferenceObject
-  - IoEnumerateRegisteredFiltersList
-  - KeServiceDescriptorTable
-  - PsSetCreateProcessNotifyRoutine
-  - IoConnectInterrupt
-  - PsSetCreateThreadNotifyRoutine
-  - PsSetLoadImageNotifyRoutine
-  - CmUnRegisterCallback
-  - MmGetSystemRoutineAddress
-  - KeTickCount
-  - KeBugCheckEx
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - IofCompleteRequest
-  - memset
-  - PsGetProcessImageFileName
-  - _vsnwprintf
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwind
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltGetVolumeFromInstance
-  - FltObjectDereference
-  - FltEnumerateFilters
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: ''
-  MD5: ac6e29f535b2c42999c50d2fc32f2c9c
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 3010c6b3ceeb3f2e83c6d7186b9a65bd
-    SHA1: 51dff26785c84f9975066bfc058749382af56e9a
-    SHA256: c66c5fcc9bbd9d23872aeb85b60c70ad22bef1cfff0b4b46039b3886728fb103
-  SHA1: f6a18fc9c4abe4a82c1ab28abc0a7259df8de7a3
-  SHA256: accb1a6604efb1b3ce9345c9fd62fe717a84c3e089e09c638e461df89193ef01
-  Sections:
-    .text:
-      Entropy: 6.203004686966463
-      Virtual Size: '0x289e'
-    .rdata:
-      Entropy: 3.474661239920984
-      Virtual Size: '0x684'
-    .data:
-      Entropy: 3.11924592348315
-      Virtual Size: '0xe8'
-    PAGE:
-      Entropy: 5.786287892614831
-      Virtual Size: '0x266'
-    INIT:
-      Entropy: 5.266174691926025
-      Virtual Size: '0x53e'
-    .reloc:
-      Entropy: 5.67439270665009
-      Virtual Size: '0x30e'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: OU=Timestamping CA, O=GlobalSign, CN=GlobalSign Timestamping CA
-      ValidFrom: '2009-03-18 11:00:00'
-      ValidTo: '2028-01-28 12:00:00'
-      Signature: 5df6cb2b0d0140849f857a43706ae0c5e7aa0600d76713c9089131654f14a8a905dc389e6aa0300abd8dc78028ee4245ca94f3de5845a9803204f5595c6a70003927944df5b44634e81c5331b2b35416e9cc42abd5d959301cfb462725b88723b1e8758824831ec876377b01494548a4ede25dd27c9ca2dc2dba105a126265abae00c710343bcb72bd14240cdcc37627b4a7fee15829f20e169f91391d89a6e60f1c878ce258ac927e243eaaec14e73a33348bc63bac83ab0f14627aba1a2d4d4b1bc530f00b92797d3c78e0f8e6d215965999392b3061e8b8f8c0a1e9221411787dc4dc89bec0bb94e172aeebb540404fef171e585ed0a88996ac9228e9babf
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012019c19066
-      Version: 3
-      TBS:
-        MD5: 42023b9487cafe46c1b6a49c369a362e
-        SHA1: 7c7b524d269334b9f073c32e888e09544c6acd98
-        SHA256: b7126567833f3daa4085ff41e73112daad3d1e3808a942c1936520e2d6c46c78
-        SHA384: 0ee4f63d6f157ec4f6990c3ebb411ccd76cb1e2123c7f692459e43f96c0da2dbf60a2bce6afeacc60621d3055028baea
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=BE, O=GlobalSign NV, CN=GlobalSign Time Stamping Authority
-      ValidFrom: '2009-12-21 09:32:56'
-      ValidTo: '2020-12-22 09:32:56'
-      Signature: bc89ecfee63655935c79d4117a86808f17b693b26d9b91a1561811c655eaf608edad9b9ef52b81c8bbdd607b1b47991e6d403e1d80c213d58e04052fdbe7ae529e688472a1e54a603cf89bd52f46d8c3b2b79353ac9b6c432424d1f1fce9562e3411581843eaefff34746ca0c06c7fad031969881e9560cabbbd0cbb76efc724b081c63831cf36ad0c38b89020849b2e8f28b99ff6ca9427cdac396157e0e3955a9c769230f5dea6973d721c2a6032a8334d8635338a5cf3a4fdf7062ce16b4b30f5cbd34362f841b9de7d20cb058c8e2cf65f35fd338d42896508362ca389f45a858bb0b97bdb6ccba1f8d20e1bbb977cd12779be9d7c3be6a75634d8c991a9
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 01000000000125b0b4cc01
-      Version: 3
-      TBS:
-        MD5: e3369c8e5aec0504b3a50455f615d9f9
-        SHA1: 13c244a894b40ecd18aaf97c362f20385bd005a7
-        SHA256: 26da721a670c72836926032fee6920118bfb9bff89cc8d0ce30d9452c33f2532
-        SHA384: 1524902f0e25addc6d74039d439366d2b06199e215004fd8e145369f50ea94a021ce6312e8a62b35470da0309ccb975c
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 7df0d3ee663fc0e7c72a95e44ba4c82c
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 990ef30c74b89afd7bec043603b8a587
-    SHA1: 43d05f5fbdf17de20ce8fc310b1ded0baec7120e
-    SHA256: 8210a89ba143d927384d7b2e6b3714d6ae9a9a384796ec6e306df38ca91e9c4e
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2012-09-08 07:18:08'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - NtBuildNumber
-  - RtlCompareMemory
-  - DbgPrint
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsDereferencePrimaryToken
-  - PsReferencePrimaryToken
-  - ZwClose
-  - ZwSetInformationProcess
-  - ZwDuplicateToken
-  - ZwOpenProcessTokenEx
-  - ObOpenObjectByPointer
-  - PsProcessType
-  - PsGetProcessId
-  - RtlInitUnicodeString
-  - PsInitialSystemProcess
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - ObfDereferenceObject
-  - IoEnumerateRegisteredFiltersList
-  - KeServiceDescriptorTable
-  - PsSetCreateProcessNotifyRoutine
-  - IoConnectInterrupt
-  - PsSetCreateThreadNotifyRoutine
-  - PsSetLoadImageNotifyRoutine
-  - CmUnRegisterCallback
-  - MmGetSystemRoutineAddress
-  - KeTickCount
-  - KeBugCheckEx
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - IofCompleteRequest
-  - memset
-  - PsGetProcessImageFileName
-  - _vsnwprintf
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwind
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltGetVolumeFromInstance
-  - FltObjectDereference
-  - FltEnumerateFilters
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: ''
-  MD5: 7073cd0085fcba1cd7d3568f9e6d652c
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 3010c6b3ceeb3f2e83c6d7186b9a65bd
-    SHA1: 51dff26785c84f9975066bfc058749382af56e9a
-    SHA256: c66c5fcc9bbd9d23872aeb85b60c70ad22bef1cfff0b4b46039b3886728fb103
-  SHA1: bd39ef9c758e2d9d6037e067fbb2c1f2ac7feac8
-  SHA256: e5ddfa39540d4e7ada56cdc1ebd2eb8c85a408ec078337488a81d1c3f2aaa4ff
-  Sections:
-    .text:
-      Entropy: 6.203004686966463
-      Virtual Size: '0x289e'
-    .rdata:
-      Entropy: 3.4515246314550203
-      Virtual Size: '0x684'
-    .data:
-      Entropy: 3.11924592348315
-      Virtual Size: '0xe8'
-    PAGE:
-      Entropy: 5.786287892614831
-      Virtual Size: '0x266'
-    INIT:
-      Entropy: 5.266174691926025
-      Virtual Size: '0x53e'
-    .reloc:
-      Entropy: 5.67439270665009
-      Virtual Size: '0x30e'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: OU=Timestamping CA, O=GlobalSign, CN=GlobalSign Timestamping CA
-      ValidFrom: '2009-03-18 11:00:00'
-      ValidTo: '2028-01-28 12:00:00'
-      Signature: 5df6cb2b0d0140849f857a43706ae0c5e7aa0600d76713c9089131654f14a8a905dc389e6aa0300abd8dc78028ee4245ca94f3de5845a9803204f5595c6a70003927944df5b44634e81c5331b2b35416e9cc42abd5d959301cfb462725b88723b1e8758824831ec876377b01494548a4ede25dd27c9ca2dc2dba105a126265abae00c710343bcb72bd14240cdcc37627b4a7fee15829f20e169f91391d89a6e60f1c878ce258ac927e243eaaec14e73a33348bc63bac83ab0f14627aba1a2d4d4b1bc530f00b92797d3c78e0f8e6d215965999392b3061e8b8f8c0a1e9221411787dc4dc89bec0bb94e172aeebb540404fef171e585ed0a88996ac9228e9babf
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012019c19066
-      Version: 3
-      TBS:
-        MD5: 42023b9487cafe46c1b6a49c369a362e
-        SHA1: 7c7b524d269334b9f073c32e888e09544c6acd98
-        SHA256: b7126567833f3daa4085ff41e73112daad3d1e3808a942c1936520e2d6c46c78
-        SHA384: 0ee4f63d6f157ec4f6990c3ebb411ccd76cb1e2123c7f692459e43f96c0da2dbf60a2bce6afeacc60621d3055028baea
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=BE, O=GlobalSign NV, CN=GlobalSign Time Stamping Authority
-      ValidFrom: '2009-12-21 09:32:56'
-      ValidTo: '2020-12-22 09:32:56'
-      Signature: bc89ecfee63655935c79d4117a86808f17b693b26d9b91a1561811c655eaf608edad9b9ef52b81c8bbdd607b1b47991e6d403e1d80c213d58e04052fdbe7ae529e688472a1e54a603cf89bd52f46d8c3b2b79353ac9b6c432424d1f1fce9562e3411581843eaefff34746ca0c06c7fad031969881e9560cabbbd0cbb76efc724b081c63831cf36ad0c38b89020849b2e8f28b99ff6ca9427cdac396157e0e3955a9c769230f5dea6973d721c2a6032a8334d8635338a5cf3a4fdf7062ce16b4b30f5cbd34362f841b9de7d20cb058c8e2cf65f35fd338d42896508362ca389f45a858bb0b97bdb6ccba1f8d20e1bbb977cd12779be9d7c3be6a75634d8c991a9
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 01000000000125b0b4cc01
-      Version: 3
-      TBS:
-        MD5: e3369c8e5aec0504b3a50455f615d9f9
-        SHA1: 13c244a894b40ecd18aaf97c362f20385bd005a7
-        SHA256: 26da721a670c72836926032fee6920118bfb9bff89cc8d0ce30d9452c33f2532
-        SHA384: 1524902f0e25addc6d74039d439366d2b06199e215004fd8e145369f50ea94a021ce6312e8a62b35470da0309ccb975c
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 7df0d3ee663fc0e7c72a95e44ba4c82c
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: bb0cdd5083c04ff1d769240982ad082d
-    SHA1: 816f41bb4d927568f72445c1b6f2f5a9b91b881d
-    SHA256: ed8d68c07947c01ca03d886e6ca795a3f8b2f079e8292f019bba3b97b41eef54
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2012-09-05 20:02:26'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - NtBuildNumber
-  - RtlCompareMemory
-  - DbgPrint
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsDereferencePrimaryToken
-  - PsReferencePrimaryToken
-  - ZwClose
-  - ZwSetInformationProcess
-  - ZwDuplicateToken
-  - ZwOpenProcessTokenEx
-  - ObOpenObjectByPointer
-  - PsProcessType
-  - PsGetProcessId
-  - RtlInitUnicodeString
-  - PsInitialSystemProcess
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - ObfDereferenceObject
-  - IoEnumerateRegisteredFiltersList
-  - KeServiceDescriptorTable
-  - PsSetCreateProcessNotifyRoutine
-  - IoConnectInterrupt
-  - PsSetCreateThreadNotifyRoutine
-  - PsSetLoadImageNotifyRoutine
-  - CmUnRegisterCallback
-  - MmGetSystemRoutineAddress
-  - KeTickCount
-  - KeBugCheckEx
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - IofCompleteRequest
-  - memset
-  - PsGetProcessImageFileName
-  - _vsnwprintf
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwind
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltGetVolumeFromInstance
-  - FltObjectDereference
-  - FltEnumerateFilters
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: ''
-  MD5: ed2b653d55c03f0bffa250372d682b75
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 3010c6b3ceeb3f2e83c6d7186b9a65bd
-    SHA1: 51dff26785c84f9975066bfc058749382af56e9a
-    SHA256: c66c5fcc9bbd9d23872aeb85b60c70ad22bef1cfff0b4b46039b3886728fb103
-  SHA1: 92138cfc14f9e2271f641547e031d5d63c6de19a
-  SHA256: deade507504d385d8cae11365a2ac9b5e2773ff9b61624d75ffa882d6bb28952
-  Sections:
-    .text:
-      Entropy: 6.203004686966463
-      Virtual Size: '0x289e'
-    .rdata:
-      Entropy: 3.4527878322014005
-      Virtual Size: '0x684'
-    .data:
-      Entropy: 3.11924592348315
-      Virtual Size: '0xe8'
-    PAGE:
-      Entropy: 5.786287892614831
-      Virtual Size: '0x266'
-    INIT:
-      Entropy: 5.266174691926025
-      Virtual Size: '0x53e'
-    .reloc:
-      Entropy: 5.67439270665009
-      Virtual Size: '0x30e'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: OU=Timestamping CA, O=GlobalSign, CN=GlobalSign Timestamping CA
-      ValidFrom: '2009-03-18 11:00:00'
-      ValidTo: '2028-01-28 12:00:00'
-      Signature: 5df6cb2b0d0140849f857a43706ae0c5e7aa0600d76713c9089131654f14a8a905dc389e6aa0300abd8dc78028ee4245ca94f3de5845a9803204f5595c6a70003927944df5b44634e81c5331b2b35416e9cc42abd5d959301cfb462725b88723b1e8758824831ec876377b01494548a4ede25dd27c9ca2dc2dba105a126265abae00c710343bcb72bd14240cdcc37627b4a7fee15829f20e169f91391d89a6e60f1c878ce258ac927e243eaaec14e73a33348bc63bac83ab0f14627aba1a2d4d4b1bc530f00b92797d3c78e0f8e6d215965999392b3061e8b8f8c0a1e9221411787dc4dc89bec0bb94e172aeebb540404fef171e585ed0a88996ac9228e9babf
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012019c19066
-      Version: 3
-      TBS:
-        MD5: 42023b9487cafe46c1b6a49c369a362e
-        SHA1: 7c7b524d269334b9f073c32e888e09544c6acd98
-        SHA256: b7126567833f3daa4085ff41e73112daad3d1e3808a942c1936520e2d6c46c78
-        SHA384: 0ee4f63d6f157ec4f6990c3ebb411ccd76cb1e2123c7f692459e43f96c0da2dbf60a2bce6afeacc60621d3055028baea
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=BE, O=GlobalSign NV, CN=GlobalSign Time Stamping Authority
-      ValidFrom: '2009-12-21 09:32:56'
-      ValidTo: '2020-12-22 09:32:56'
-      Signature: bc89ecfee63655935c79d4117a86808f17b693b26d9b91a1561811c655eaf608edad9b9ef52b81c8bbdd607b1b47991e6d403e1d80c213d58e04052fdbe7ae529e688472a1e54a603cf89bd52f46d8c3b2b79353ac9b6c432424d1f1fce9562e3411581843eaefff34746ca0c06c7fad031969881e9560cabbbd0cbb76efc724b081c63831cf36ad0c38b89020849b2e8f28b99ff6ca9427cdac396157e0e3955a9c769230f5dea6973d721c2a6032a8334d8635338a5cf3a4fdf7062ce16b4b30f5cbd34362f841b9de7d20cb058c8e2cf65f35fd338d42896508362ca389f45a858bb0b97bdb6ccba1f8d20e1bbb977cd12779be9d7c3be6a75634d8c991a9
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 01000000000125b0b4cc01
-      Version: 3
-      TBS:
-        MD5: e3369c8e5aec0504b3a50455f615d9f9
-        SHA1: 13c244a894b40ecd18aaf97c362f20385bd005a7
-        SHA256: 26da721a670c72836926032fee6920118bfb9bff89cc8d0ce30d9452c33f2532
-        SHA384: 1524902f0e25addc6d74039d439366d2b06199e215004fd8e145369f50ea94a021ce6312e8a62b35470da0309ccb975c
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 7df0d3ee663fc0e7c72a95e44ba4c82c
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: fd4949a0af1fcce6a0861ff981f18c7b
-    SHA1: c785eebe7891724fab3a83472150b902a4fc4d26
-    SHA256: bd9386206a5dfdf63bf642e2917fae6d5e8a1e52874cb2cfbabf79e47b9fed74
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2012-08-13 17:31:25'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - NtBuildNumber
-  - RtlCompareMemory
-  - DbgPrint
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsDereferencePrimaryToken
-  - PsReferencePrimaryToken
-  - ZwClose
-  - ZwSetInformationProcess
-  - ZwDuplicateToken
-  - ZwOpenProcessTokenEx
-  - ObOpenObjectByPointer
-  - PsProcessType
-  - PsGetProcessId
-  - RtlInitUnicodeString
-  - PsInitialSystemProcess
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - ObfDereferenceObject
-  - IoEnumerateRegisteredFiltersList
-  - KeServiceDescriptorTable
-  - PsSetCreateProcessNotifyRoutine
-  - IoConnectInterrupt
-  - PsSetCreateThreadNotifyRoutine
-  - PsSetLoadImageNotifyRoutine
-  - CmUnRegisterCallback
-  - MmGetSystemRoutineAddress
-  - KeTickCount
-  - KeBugCheckEx
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - IofCompleteRequest
-  - memset
-  - PsGetProcessImageFileName
-  - _vsnwprintf
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwind
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltGetVolumeFromInstance
-  - FltObjectDereference
-  - FltEnumerateFilters
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: ''
-  MD5: 85093bb9f027027c2c61aee50796de30
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 3010c6b3ceeb3f2e83c6d7186b9a65bd
-    SHA1: 51dff26785c84f9975066bfc058749382af56e9a
-    SHA256: c66c5fcc9bbd9d23872aeb85b60c70ad22bef1cfff0b4b46039b3886728fb103
-  SHA1: 6b5aa51f4717d123a468e9e9d3d154e20ca39d56
-  SHA256: 083a311875173f8c4653e9bbbabb689d14aa86b852e7fa9f5512fc60e0fd2c43
-  Sections:
-    .text:
-      Entropy: 6.203004686966463
-      Virtual Size: '0x289e'
-    .rdata:
-      Entropy: 3.4522369758432485
-      Virtual Size: '0x684'
-    .data:
-      Entropy: 3.11924592348315
-      Virtual Size: '0xe8'
-    PAGE:
-      Entropy: 5.786287892614831
-      Virtual Size: '0x266'
-    INIT:
-      Entropy: 5.266174691926025
-      Virtual Size: '0x53e'
-    .reloc:
-      Entropy: 5.67439270665009
-      Virtual Size: '0x30e'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: OU=Timestamping CA, O=GlobalSign, CN=GlobalSign Timestamping CA
-      ValidFrom: '2009-03-18 11:00:00'
-      ValidTo: '2028-01-28 12:00:00'
-      Signature: 5df6cb2b0d0140849f857a43706ae0c5e7aa0600d76713c9089131654f14a8a905dc389e6aa0300abd8dc78028ee4245ca94f3de5845a9803204f5595c6a70003927944df5b44634e81c5331b2b35416e9cc42abd5d959301cfb462725b88723b1e8758824831ec876377b01494548a4ede25dd27c9ca2dc2dba105a126265abae00c710343bcb72bd14240cdcc37627b4a7fee15829f20e169f91391d89a6e60f1c878ce258ac927e243eaaec14e73a33348bc63bac83ab0f14627aba1a2d4d4b1bc530f00b92797d3c78e0f8e6d215965999392b3061e8b8f8c0a1e9221411787dc4dc89bec0bb94e172aeebb540404fef171e585ed0a88996ac9228e9babf
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012019c19066
-      Version: 3
-      TBS:
-        MD5: 42023b9487cafe46c1b6a49c369a362e
-        SHA1: 7c7b524d269334b9f073c32e888e09544c6acd98
-        SHA256: b7126567833f3daa4085ff41e73112daad3d1e3808a942c1936520e2d6c46c78
-        SHA384: 0ee4f63d6f157ec4f6990c3ebb411ccd76cb1e2123c7f692459e43f96c0da2dbf60a2bce6afeacc60621d3055028baea
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=BE, O=GlobalSign NV, CN=GlobalSign Time Stamping Authority
-      ValidFrom: '2009-12-21 09:32:56'
-      ValidTo: '2020-12-22 09:32:56'
-      Signature: bc89ecfee63655935c79d4117a86808f17b693b26d9b91a1561811c655eaf608edad9b9ef52b81c8bbdd607b1b47991e6d403e1d80c213d58e04052fdbe7ae529e688472a1e54a603cf89bd52f46d8c3b2b79353ac9b6c432424d1f1fce9562e3411581843eaefff34746ca0c06c7fad031969881e9560cabbbd0cbb76efc724b081c63831cf36ad0c38b89020849b2e8f28b99ff6ca9427cdac396157e0e3955a9c769230f5dea6973d721c2a6032a8334d8635338a5cf3a4fdf7062ce16b4b30f5cbd34362f841b9de7d20cb058c8e2cf65f35fd338d42896508362ca389f45a858bb0b97bdb6ccba1f8d20e1bbb977cd12779be9d7c3be6a75634d8c991a9
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 01000000000125b0b4cc01
-      Version: 3
-      TBS:
-        MD5: e3369c8e5aec0504b3a50455f615d9f9
-        SHA1: 13c244a894b40ecd18aaf97c362f20385bd005a7
-        SHA256: 26da721a670c72836926032fee6920118bfb9bff89cc8d0ce30d9452c33f2532
-        SHA384: 1524902f0e25addc6d74039d439366d2b06199e215004fd8e145369f50ea94a021ce6312e8a62b35470da0309ccb975c
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 7df0d3ee663fc0e7c72a95e44ba4c82c
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: cf5dee8cce65b166ca275c87eb21d392
-    SHA1: e97da59c611cf90623dc05638f8c866ffee79265
-    SHA256: 51141c22e37d651703dd57cfda018ff06a0175a78e7c72f8ad733a281721716a
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2012-02-08 17:51:00'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - RtlCompareMemory
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - DbgPrint
-  - PsProcessType
-  - PsGetProcessImageFileName
-  - PsReferencePrimaryToken
-  - ZwOpenProcessTokenEx
-  - ZwSetInformationProcess
-  - ZwClose
-  - ZwDuplicateToken
-  - PsInitialSystemProcess
-  - IofCompleteRequest
-  - PsGetProcessId
-  - PsDereferencePrimaryToken
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IoEnumerateRegisteredFiltersList
-  - ObfDereferenceObject
-  - MmGetSystemRoutineAddress
-  - PsSetLoadImageNotifyRoutine
-  - PsSetCreateThreadNotifyRoutine
-  - PsSetCreateProcessNotifyRoutine
-  - CmUnRegisterCallback
-  - KeBugCheckEx
-  - _vsnwprintf
-  - IoDeleteDevice
-  - RtlInitUnicodeString
-  - NtBuildNumber
-  - ObOpenObjectByPointer
-  - IoDeleteSymbolicLink
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwindEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltEnumerateFilters
-  - FltObjectDereference
-  - FltGetVolumeFromInstance
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: ''
-  MD5: 6a4fbcfb44717eae2145c761c1c99b6a
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: c31de5cc00cb68b62ae186ff240ab9b0
-    SHA1: f71fd975d57b4fdc25853614f721575fe8910ea4
-    SHA256: eee6307fc92b0eeab791cc944719153abdef57a75c8aaf1ee43b2f26749bfbea
-  SHA1: 6a95860594cd8b7e3636bafa8f812e05359a64ca
-  SHA256: 36f45a42ebf2de6962db92aaf8845d7f9fd6895bedc31422adcf31c59a79602d
-  Sections:
-    .text:
-      Entropy: 6.11082071374607
-      Virtual Size: '0x31da'
-    .rdata:
-      Entropy: 4.065232172363281
-      Virtual Size: '0x860'
-    .data:
-      Entropy: 1.4960916763780787
-      Virtual Size: '0x278'
-    .pdata:
-      Entropy: 4.010597314508337
-      Virtual Size: '0x1bc'
-    PAGE:
-      Entropy: 6.071170454287612
-      Virtual Size: '0x28b'
-    INIT:
-      Entropy: 5.1035729791851745
-      Virtual Size: '0x5c2'
-    .reloc:
-      Entropy: 2.469316759121652
-      Virtual Size: '0x94'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: OU=Timestamping CA, O=GlobalSign, CN=GlobalSign Timestamping CA
-      ValidFrom: '2009-03-18 11:00:00'
-      ValidTo: '2028-01-28 12:00:00'
-      Signature: 5df6cb2b0d0140849f857a43706ae0c5e7aa0600d76713c9089131654f14a8a905dc389e6aa0300abd8dc78028ee4245ca94f3de5845a9803204f5595c6a70003927944df5b44634e81c5331b2b35416e9cc42abd5d959301cfb462725b88723b1e8758824831ec876377b01494548a4ede25dd27c9ca2dc2dba105a126265abae00c710343bcb72bd14240cdcc37627b4a7fee15829f20e169f91391d89a6e60f1c878ce258ac927e243eaaec14e73a33348bc63bac83ab0f14627aba1a2d4d4b1bc530f00b92797d3c78e0f8e6d215965999392b3061e8b8f8c0a1e9221411787dc4dc89bec0bb94e172aeebb540404fef171e585ed0a88996ac9228e9babf
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012019c19066
-      Version: 3
-      TBS:
-        MD5: 42023b9487cafe46c1b6a49c369a362e
-        SHA1: 7c7b524d269334b9f073c32e888e09544c6acd98
-        SHA256: b7126567833f3daa4085ff41e73112daad3d1e3808a942c1936520e2d6c46c78
-        SHA384: 0ee4f63d6f157ec4f6990c3ebb411ccd76cb1e2123c7f692459e43f96c0da2dbf60a2bce6afeacc60621d3055028baea
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=BE, O=GlobalSign NV, CN=GlobalSign Time Stamping Authority
-      ValidFrom: '2009-12-21 09:32:56'
-      ValidTo: '2020-12-22 09:32:56'
-      Signature: bc89ecfee63655935c79d4117a86808f17b693b26d9b91a1561811c655eaf608edad9b9ef52b81c8bbdd607b1b47991e6d403e1d80c213d58e04052fdbe7ae529e688472a1e54a603cf89bd52f46d8c3b2b79353ac9b6c432424d1f1fce9562e3411581843eaefff34746ca0c06c7fad031969881e9560cabbbd0cbb76efc724b081c63831cf36ad0c38b89020849b2e8f28b99ff6ca9427cdac396157e0e3955a9c769230f5dea6973d721c2a6032a8334d8635338a5cf3a4fdf7062ce16b4b30f5cbd34362f841b9de7d20cb058c8e2cf65f35fd338d42896508362ca389f45a858bb0b97bdb6ccba1f8d20e1bbb977cd12779be9d7c3be6a75634d8c991a9
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 01000000000125b0b4cc01
-      Version: 3
-      TBS:
-        MD5: e3369c8e5aec0504b3a50455f615d9f9
-        SHA1: 13c244a894b40ecd18aaf97c362f20385bd005a7
-        SHA256: 26da721a670c72836926032fee6920118bfb9bff89cc8d0ce30d9452c33f2532
-        SHA384: 1524902f0e25addc6d74039d439366d2b06199e215004fd8e145369f50ea94a021ce6312e8a62b35470da0309ccb975c
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 7d017945bf90936a6c40f73f91ed02c2
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 903faf17175c8d380fc9dd24bdd68da2
-    SHA1: 3bc62bb8baac9a9608b8c9fbcb121e7569a1efd8
-    SHA256: 36487117894ca7b93f704e26f22725827f6f04ec3b8c45eaa0d283a11de9a9c3
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2012-09-05 20:02:32'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - RtlCompareMemory
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - DbgPrint
-  - PsProcessType
-  - PsGetProcessImageFileName
-  - PsReferencePrimaryToken
-  - ZwOpenProcessTokenEx
-  - ZwSetInformationProcess
-  - ZwClose
-  - ZwDuplicateToken
-  - PsInitialSystemProcess
-  - ObOpenObjectByPointer
-  - IofCompleteRequest
-  - PsDereferencePrimaryToken
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IoEnumerateRegisteredFiltersList
-  - ObfDereferenceObject
-  - MmGetSystemRoutineAddress
-  - CcMdlRead
-  - SeImpersonateClientEx
-  - PsSetCreateThreadNotifyRoutine
-  - PsSetLoadImageNotifyRoutine
-  - CmUnRegisterCallback
-  - KeBugCheckEx
-  - _vsnwprintf
-  - IoDeleteDevice
-  - RtlInitUnicodeString
-  - NtBuildNumber
-  - PsGetProcessId
-  - IoDeleteSymbolicLink
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwindEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltEnumerateFilters
-  - FltObjectDereference
-  - FltGetVolumeFromInstance
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: ''
-  MD5: 1ee9f6326649cd23381eb9d7dfdeddf7
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 6931e969068f58678830e6bb4ee1ae49
-    SHA1: bd694fda9f3f6b6a24e205b6027faf20b7d02b7a
-    SHA256: 0ba61ea701b8a9e1bae7234e761b74c12b4262a3798d4525ce4b626affb6fc9a
-  SHA1: 766949d4599fbf8f45e888c9d6fedf21e04fb333
-  SHA256: b7956e31c2fcc0a84bcedf30e5f8115f4e74eed58916253a0c05c8be47283c57
-  Sections:
-    .text:
-      Entropy: 6.097853212616491
-      Virtual Size: '0x37f6'
-    .rdata:
-      Entropy: 4.052824356346606
-      Virtual Size: '0x940'
-    .data:
-      Entropy: 1.4269125817182893
-      Virtual Size: '0x2b8'
-    .pdata:
-      Entropy: 3.9170697014365152
-      Virtual Size: '0x1f8'
-    PAGE:
-      Entropy: 6.079756252073022
-      Virtual Size: '0x28b'
-    INIT:
-      Entropy: 5.100311543493838
-      Virtual Size: '0x5cc'
-    .reloc:
-      Entropy: 2.8064493688417227
-      Virtual Size: '0xa4'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: OU=Timestamping CA, O=GlobalSign, CN=GlobalSign Timestamping CA
-      ValidFrom: '2009-03-18 11:00:00'
-      ValidTo: '2028-01-28 12:00:00'
-      Signature: 5df6cb2b0d0140849f857a43706ae0c5e7aa0600d76713c9089131654f14a8a905dc389e6aa0300abd8dc78028ee4245ca94f3de5845a9803204f5595c6a70003927944df5b44634e81c5331b2b35416e9cc42abd5d959301cfb462725b88723b1e8758824831ec876377b01494548a4ede25dd27c9ca2dc2dba105a126265abae00c710343bcb72bd14240cdcc37627b4a7fee15829f20e169f91391d89a6e60f1c878ce258ac927e243eaaec14e73a33348bc63bac83ab0f14627aba1a2d4d4b1bc530f00b92797d3c78e0f8e6d215965999392b3061e8b8f8c0a1e9221411787dc4dc89bec0bb94e172aeebb540404fef171e585ed0a88996ac9228e9babf
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012019c19066
-      Version: 3
-      TBS:
-        MD5: 42023b9487cafe46c1b6a49c369a362e
-        SHA1: 7c7b524d269334b9f073c32e888e09544c6acd98
-        SHA256: b7126567833f3daa4085ff41e73112daad3d1e3808a942c1936520e2d6c46c78
-        SHA384: 0ee4f63d6f157ec4f6990c3ebb411ccd76cb1e2123c7f692459e43f96c0da2dbf60a2bce6afeacc60621d3055028baea
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=BE, O=GlobalSign NV, CN=GlobalSign Time Stamping Authority
-      ValidFrom: '2009-12-21 09:32:56'
-      ValidTo: '2020-12-22 09:32:56'
-      Signature: bc89ecfee63655935c79d4117a86808f17b693b26d9b91a1561811c655eaf608edad9b9ef52b81c8bbdd607b1b47991e6d403e1d80c213d58e04052fdbe7ae529e688472a1e54a603cf89bd52f46d8c3b2b79353ac9b6c432424d1f1fce9562e3411581843eaefff34746ca0c06c7fad031969881e9560cabbbd0cbb76efc724b081c63831cf36ad0c38b89020849b2e8f28b99ff6ca9427cdac396157e0e3955a9c769230f5dea6973d721c2a6032a8334d8635338a5cf3a4fdf7062ce16b4b30f5cbd34362f841b9de7d20cb058c8e2cf65f35fd338d42896508362ca389f45a858bb0b97bdb6ccba1f8d20e1bbb977cd12779be9d7c3be6a75634d8c991a9
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 01000000000125b0b4cc01
-      Version: 3
-      TBS:
-        MD5: e3369c8e5aec0504b3a50455f615d9f9
-        SHA1: 13c244a894b40ecd18aaf97c362f20385bd005a7
-        SHA256: 26da721a670c72836926032fee6920118bfb9bff89cc8d0ce30d9452c33f2532
-        SHA384: 1524902f0e25addc6d74039d439366d2b06199e215004fd8e145369f50ea94a021ce6312e8a62b35470da0309ccb975c
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 7bf14377888c429897eb10a85f70266c
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 93936f2a18b6a8501653ef021972d628
-    SHA1: c08664c9293219c245006ff18ae75de42722ca60
-    SHA256: be25688313f29d7e62c996572825c33f3dcdda373ec235efe552aeb2219990bb
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2013-08-17 16:23:52'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - RtlCompareMemory
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - DbgPrint
-  - PsProcessType
-  - PsGetProcessImageFileName
-  - PsReferencePrimaryToken
-  - ZwOpenProcessTokenEx
-  - ZwSetInformationProcess
-  - ZwClose
-  - ZwDuplicateToken
-  - PsInitialSystemProcess
-  - ObOpenObjectByPointer
-  - IofCompleteRequest
-  - PsDereferencePrimaryToken
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IoEnumerateRegisteredFiltersList
-  - ObfDereferenceObject
-  - MmGetSystemRoutineAddress
-  - CcMdlRead
-  - SeImpersonateClientEx
-  - PsSetCreateThreadNotifyRoutine
-  - PsSetLoadImageNotifyRoutine
-  - CmUnRegisterCallback
-  - KeBugCheckEx
-  - _vsnwprintf
-  - IoDeleteDevice
-  - RtlInitUnicodeString
-  - NtBuildNumber
-  - PsGetProcessId
-  - IoDeleteSymbolicLink
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwindEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltEnumerateFilters
-  - FltObjectDereference
-  - FltGetVolumeFromInstance
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: ''
-  MD5: 84763d8ca9fe5c3bff9667b2adf667de
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 6931e969068f58678830e6bb4ee1ae49
-    SHA1: bd694fda9f3f6b6a24e205b6027faf20b7d02b7a
-    SHA256: 0ba61ea701b8a9e1bae7234e761b74c12b4262a3798d4525ce4b626affb6fc9a
-  SHA1: 8b9dd4c001f17e7835fdaf0d87a2f3e026557e84
-  SHA256: 2c14bea0d85c9cad5c5f5c8d0e5442f6deb9e93fe3ad8ea5e8e147821c6f9304
-  Sections:
-    .text:
-      Entropy: 6.097853212616491
-      Virtual Size: '0x37f6'
-    .rdata:
-      Entropy: 4.063554093583363
-      Virtual Size: '0x940'
-    .data:
-      Entropy: 1.4269125817182893
-      Virtual Size: '0x2b8'
-    .pdata:
-      Entropy: 3.9170697014365152
-      Virtual Size: '0x1f8'
-    PAGE:
-      Entropy: 6.079756252073022
-      Virtual Size: '0x28b'
-    INIT:
-      Entropy: 5.100311543493838
-      Virtual Size: '0x5cc'
-    .reloc:
-      Entropy: 2.8064493688417227
-      Virtual Size: '0xa4'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: OU=Timestamping CA, O=GlobalSign, CN=GlobalSign Timestamping CA
-      ValidFrom: '2009-03-18 11:00:00'
-      ValidTo: '2028-01-28 12:00:00'
-      Signature: 5df6cb2b0d0140849f857a43706ae0c5e7aa0600d76713c9089131654f14a8a905dc389e6aa0300abd8dc78028ee4245ca94f3de5845a9803204f5595c6a70003927944df5b44634e81c5331b2b35416e9cc42abd5d959301cfb462725b88723b1e8758824831ec876377b01494548a4ede25dd27c9ca2dc2dba105a126265abae00c710343bcb72bd14240cdcc37627b4a7fee15829f20e169f91391d89a6e60f1c878ce258ac927e243eaaec14e73a33348bc63bac83ab0f14627aba1a2d4d4b1bc530f00b92797d3c78e0f8e6d215965999392b3061e8b8f8c0a1e9221411787dc4dc89bec0bb94e172aeebb540404fef171e585ed0a88996ac9228e9babf
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012019c19066
-      Version: 3
-      TBS:
-        MD5: 42023b9487cafe46c1b6a49c369a362e
-        SHA1: 7c7b524d269334b9f073c32e888e09544c6acd98
-        SHA256: b7126567833f3daa4085ff41e73112daad3d1e3808a942c1936520e2d6c46c78
-        SHA384: 0ee4f63d6f157ec4f6990c3ebb411ccd76cb1e2123c7f692459e43f96c0da2dbf60a2bce6afeacc60621d3055028baea
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=BE, O=GlobalSign NV, CN=GlobalSign Time Stamping Authority
-      ValidFrom: '2009-12-21 09:32:56'
-      ValidTo: '2020-12-22 09:32:56'
-      Signature: bc89ecfee63655935c79d4117a86808f17b693b26d9b91a1561811c655eaf608edad9b9ef52b81c8bbdd607b1b47991e6d403e1d80c213d58e04052fdbe7ae529e688472a1e54a603cf89bd52f46d8c3b2b79353ac9b6c432424d1f1fce9562e3411581843eaefff34746ca0c06c7fad031969881e9560cabbbd0cbb76efc724b081c63831cf36ad0c38b89020849b2e8f28b99ff6ca9427cdac396157e0e3955a9c769230f5dea6973d721c2a6032a8334d8635338a5cf3a4fdf7062ce16b4b30f5cbd34362f841b9de7d20cb058c8e2cf65f35fd338d42896508362ca389f45a858bb0b97bdb6ccba1f8d20e1bbb977cd12779be9d7c3be6a75634d8c991a9
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 01000000000125b0b4cc01
-      Version: 3
-      TBS:
-        MD5: e3369c8e5aec0504b3a50455f615d9f9
-        SHA1: 13c244a894b40ecd18aaf97c362f20385bd005a7
-        SHA256: 26da721a670c72836926032fee6920118bfb9bff89cc8d0ce30d9452c33f2532
-        SHA384: 1524902f0e25addc6d74039d439366d2b06199e215004fd8e145369f50ea94a021ce6312e8a62b35470da0309ccb975c
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 7bf14377888c429897eb10a85f70266c
-  LoadsDespiteHVCI: 'FALSE'
-MitreID: T1068
+    Command: ''
+    Description: Confirmed vulnerable driver from Microsoft Block List
+    OperatingSystem: Windows
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://gist.github.com/mgraeber-rc/1bde6a2a83237f17b463d051d32e802c
-Tags:
-- mimikatz.sys
-Verified: 'TRUE'
+Detection:
+-   type: ''
+    value: ''
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 9b33accbd66ae545907a62b552574805
+        SHA1: 3b2ad39da3f313d76fc698dd84a79904d886c3a6
+        SHA256: e7a6c3a40724ba871e13d9c55b7967ed252777a2382fea86e4ed6a2a8203fb4a
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2012-08-26 04:47:53'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - NtBuildNumber
+    - RtlCompareMemory
+    - DbgPrint
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsDereferencePrimaryToken
+    - PsReferencePrimaryToken
+    - ZwClose
+    - ZwSetInformationProcess
+    - ZwDuplicateToken
+    - ZwOpenProcessTokenEx
+    - ObOpenObjectByPointer
+    - PsProcessType
+    - PsGetProcessId
+    - RtlInitUnicodeString
+    - PsInitialSystemProcess
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - ObfDereferenceObject
+    - IoEnumerateRegisteredFiltersList
+    - KeServiceDescriptorTable
+    - PsSetCreateProcessNotifyRoutine
+    - IoConnectInterrupt
+    - PsSetCreateThreadNotifyRoutine
+    - PsSetLoadImageNotifyRoutine
+    - CmUnRegisterCallback
+    - MmGetSystemRoutineAddress
+    - KeTickCount
+    - KeBugCheckEx
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - IofCompleteRequest
+    - memset
+    - PsGetProcessImageFileName
+    - _vsnwprintf
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwind
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltGetVolumeFromInstance
+    - FltObjectDereference
+    - FltEnumerateFilters
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: ''
+    MD5: 63060b756377fce2ce4ab9d079ca732f
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 3010c6b3ceeb3f2e83c6d7186b9a65bd
+        SHA1: 51dff26785c84f9975066bfc058749382af56e9a
+        SHA256: c66c5fcc9bbd9d23872aeb85b60c70ad22bef1cfff0b4b46039b3886728fb103
+    SHA1: 4da007dd298723f920e194501bb49bab769dfb14
+    SHA256: 3033ff03e6f523726638b43d954bc666cdd26483fa5abcf98307952ff88f80ee
+    Sections:
+        .text:
+            Entropy: 6.203004686966463
+            Virtual Size: '0x289e'
+        .rdata:
+            Entropy: 3.460622498395349
+            Virtual Size: '0x684'
+        .data:
+            Entropy: 3.11924592348315
+            Virtual Size: '0xe8'
+        PAGE:
+            Entropy: 5.786287892614831
+            Virtual Size: '0x266'
+        INIT:
+            Entropy: 5.266174691926025
+            Virtual Size: '0x53e'
+        .reloc:
+            Entropy: 5.67439270665009
+            Virtual Size: '0x30e'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: OU=Timestamping CA, O=GlobalSign, CN=GlobalSign Timestamping
+                CA
+            ValidFrom: '2009-03-18 11:00:00'
+            ValidTo: '2028-01-28 12:00:00'
+            Signature: 5df6cb2b0d0140849f857a43706ae0c5e7aa0600d76713c9089131654f14a8a905dc389e6aa0300abd8dc78028ee4245ca94f3de5845a9803204f5595c6a70003927944df5b44634e81c5331b2b35416e9cc42abd5d959301cfb462725b88723b1e8758824831ec876377b01494548a4ede25dd27c9ca2dc2dba105a126265abae00c710343bcb72bd14240cdcc37627b4a7fee15829f20e169f91391d89a6e60f1c878ce258ac927e243eaaec14e73a33348bc63bac83ab0f14627aba1a2d4d4b1bc530f00b92797d3c78e0f8e6d215965999392b3061e8b8f8c0a1e9221411787dc4dc89bec0bb94e172aeebb540404fef171e585ed0a88996ac9228e9babf
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012019c19066
+            Version: 3
+            TBS:
+                MD5: 42023b9487cafe46c1b6a49c369a362e
+                SHA1: 7c7b524d269334b9f073c32e888e09544c6acd98
+                SHA256: b7126567833f3daa4085ff41e73112daad3d1e3808a942c1936520e2d6c46c78
+                SHA384: 0ee4f63d6f157ec4f6990c3ebb411ccd76cb1e2123c7f692459e43f96c0da2dbf60a2bce6afeacc60621d3055028baea
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=BE, O=GlobalSign NV, CN=GlobalSign Time Stamping Authority
+            ValidFrom: '2009-12-21 09:32:56'
+            ValidTo: '2020-12-22 09:32:56'
+            Signature: bc89ecfee63655935c79d4117a86808f17b693b26d9b91a1561811c655eaf608edad9b9ef52b81c8bbdd607b1b47991e6d403e1d80c213d58e04052fdbe7ae529e688472a1e54a603cf89bd52f46d8c3b2b79353ac9b6c432424d1f1fce9562e3411581843eaefff34746ca0c06c7fad031969881e9560cabbbd0cbb76efc724b081c63831cf36ad0c38b89020849b2e8f28b99ff6ca9427cdac396157e0e3955a9c769230f5dea6973d721c2a6032a8334d8635338a5cf3a4fdf7062ce16b4b30f5cbd34362f841b9de7d20cb058c8e2cf65f35fd338d42896508362ca389f45a858bb0b97bdb6ccba1f8d20e1bbb977cd12779be9d7c3be6a75634d8c991a9
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 01000000000125b0b4cc01
+            Version: 3
+            TBS:
+                MD5: e3369c8e5aec0504b3a50455f615d9f9
+                SHA1: 13c244a894b40ecd18aaf97c362f20385bd005a7
+                SHA256: 26da721a670c72836926032fee6920118bfb9bff89cc8d0ce30d9452c33f2532
+                SHA384: 1524902f0e25addc6d74039d439366d2b06199e215004fd8e145369f50ea94a021ce6312e8a62b35470da0309ccb975c
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 7df0d3ee663fc0e7c72a95e44ba4c82c
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 9b7f12a91aaee57a3af614abb56fd618
+        SHA1: cc2cd7bc3220a7c5afdb559f8978c9eca6583075
+        SHA256: 82fea578188662b4ed6df4c3aaaf6ebae72a6cd2f8bf135a89150cca1769156b
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2012-02-08 17:50:50'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - NtBuildNumber
+    - RtlCompareMemory
+    - DbgPrint
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsDereferencePrimaryToken
+    - PsReferencePrimaryToken
+    - ZwClose
+    - ZwSetInformationProcess
+    - ZwDuplicateToken
+    - ZwOpenProcessTokenEx
+    - PsProcessType
+    - ObOpenObjectByPointer
+    - RtlInitUnicodeString
+    - PsGetProcessImageFileName
+    - PsInitialSystemProcess
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - ObfDereferenceObject
+    - IoEnumerateRegisteredFiltersList
+    - KeServiceDescriptorTable
+    - PsSetCreateProcessNotifyRoutine
+    - PsSetCreateThreadNotifyRoutine
+    - PsSetLoadImageNotifyRoutine
+    - CmUnRegisterCallback
+    - KeTickCount
+    - KeBugCheckEx
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - IofCompleteRequest
+    - memset
+    - PsGetProcessId
+    - _vsnwprintf
+    - MmGetSystemRoutineAddress
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwind
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltGetVolumeFromInstance
+    - FltObjectDereference
+    - FltEnumerateFilters
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: ''
+    MD5: 650ef9dd70cb192027e536754d6e0f63
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 95ea6e420d0c2446eae3a1a53431a5d5
+        SHA1: bb5e5d23e51ec1e3700cfed8fba07053edfcf58e
+        SHA256: bc0476b068af191fdbf1f7a2be9c21188c6e7993e62293090eeaae4694dd6bef
+    SHA1: b7ff8536553cb236ea2607941e634b23aadb59ee
+    SHA256: 47356707e610cfd0be97595fbe55246b96a69141e1da579e6f662ddda6dc5280
+    Sections:
+        .text:
+            Entropy: 6.206569634065094
+            Virtual Size: '0x2388'
+        .rdata:
+            Entropy: 3.426812306993836
+            Virtual Size: '0x5c4'
+        .data:
+            Entropy: 2.981322356352421
+            Virtual Size: '0xc4'
+        PAGE:
+            Entropy: 5.778009200543782
+            Virtual Size: '0x266'
+        INIT:
+            Entropy: 5.268893138648195
+            Virtual Size: '0x524'
+        .reloc:
+            Entropy: 5.697555917019675
+            Virtual Size: '0x2c8'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: OU=Timestamping CA, O=GlobalSign, CN=GlobalSign Timestamping
+                CA
+            ValidFrom: '2009-03-18 11:00:00'
+            ValidTo: '2028-01-28 12:00:00'
+            Signature: 5df6cb2b0d0140849f857a43706ae0c5e7aa0600d76713c9089131654f14a8a905dc389e6aa0300abd8dc78028ee4245ca94f3de5845a9803204f5595c6a70003927944df5b44634e81c5331b2b35416e9cc42abd5d959301cfb462725b88723b1e8758824831ec876377b01494548a4ede25dd27c9ca2dc2dba105a126265abae00c710343bcb72bd14240cdcc37627b4a7fee15829f20e169f91391d89a6e60f1c878ce258ac927e243eaaec14e73a33348bc63bac83ab0f14627aba1a2d4d4b1bc530f00b92797d3c78e0f8e6d215965999392b3061e8b8f8c0a1e9221411787dc4dc89bec0bb94e172aeebb540404fef171e585ed0a88996ac9228e9babf
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012019c19066
+            Version: 3
+            TBS:
+                MD5: 42023b9487cafe46c1b6a49c369a362e
+                SHA1: 7c7b524d269334b9f073c32e888e09544c6acd98
+                SHA256: b7126567833f3daa4085ff41e73112daad3d1e3808a942c1936520e2d6c46c78
+                SHA384: 0ee4f63d6f157ec4f6990c3ebb411ccd76cb1e2123c7f692459e43f96c0da2dbf60a2bce6afeacc60621d3055028baea
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=BE, O=GlobalSign NV, CN=GlobalSign Time Stamping Authority
+            ValidFrom: '2009-12-21 09:32:56'
+            ValidTo: '2020-12-22 09:32:56'
+            Signature: bc89ecfee63655935c79d4117a86808f17b693b26d9b91a1561811c655eaf608edad9b9ef52b81c8bbdd607b1b47991e6d403e1d80c213d58e04052fdbe7ae529e688472a1e54a603cf89bd52f46d8c3b2b79353ac9b6c432424d1f1fce9562e3411581843eaefff34746ca0c06c7fad031969881e9560cabbbd0cbb76efc724b081c63831cf36ad0c38b89020849b2e8f28b99ff6ca9427cdac396157e0e3955a9c769230f5dea6973d721c2a6032a8334d8635338a5cf3a4fdf7062ce16b4b30f5cbd34362f841b9de7d20cb058c8e2cf65f35fd338d42896508362ca389f45a858bb0b97bdb6ccba1f8d20e1bbb977cd12779be9d7c3be6a75634d8c991a9
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 01000000000125b0b4cc01
+            Version: 3
+            TBS:
+                MD5: e3369c8e5aec0504b3a50455f615d9f9
+                SHA1: 13c244a894b40ecd18aaf97c362f20385bd005a7
+                SHA256: 26da721a670c72836926032fee6920118bfb9bff89cc8d0ce30d9452c33f2532
+                SHA384: 1524902f0e25addc6d74039d439366d2b06199e215004fd8e145369f50ea94a021ce6312e8a62b35470da0309ccb975c
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 7641a0c227f0a3a45b80bb8af43cd152
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 350c412cbf84475c1251460180c1d87c
+        SHA1: 5816faf0ea63abe56fd20c1ac72d8f3e6d90e9ec
+        SHA256: 76718b87861bf6e502aa95ea85e378326c8db1759fe010c941b26cba3c881133
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2012-11-03 11:37:13'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - NtBuildNumber
+    - RtlCompareMemory
+    - DbgPrint
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsDereferencePrimaryToken
+    - PsReferencePrimaryToken
+    - ZwClose
+    - ZwSetInformationProcess
+    - ZwDuplicateToken
+    - ZwOpenProcessTokenEx
+    - ObOpenObjectByPointer
+    - PsProcessType
+    - PsGetProcessId
+    - RtlInitUnicodeString
+    - PsInitialSystemProcess
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - ObfDereferenceObject
+    - IoEnumerateRegisteredFiltersList
+    - KeServiceDescriptorTable
+    - PsSetCreateProcessNotifyRoutine
+    - IoConnectInterrupt
+    - PsSetCreateThreadNotifyRoutine
+    - PsSetLoadImageNotifyRoutine
+    - CmUnRegisterCallback
+    - MmGetSystemRoutineAddress
+    - KeTickCount
+    - KeBugCheckEx
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - IofCompleteRequest
+    - memset
+    - PsGetProcessImageFileName
+    - _vsnwprintf
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwind
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltGetVolumeFromInstance
+    - FltObjectDereference
+    - FltEnumerateFilters
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: ''
+    MD5: 76f8607fc4fb9e828d613a7214436b66
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 3010c6b3ceeb3f2e83c6d7186b9a65bd
+        SHA1: 51dff26785c84f9975066bfc058749382af56e9a
+        SHA256: c66c5fcc9bbd9d23872aeb85b60c70ad22bef1cfff0b4b46039b3886728fb103
+    SHA1: 197811ec137e9916e6692fc5c28f6d6609ffc20e
+    SHA256: be70be9d84ae14ea1fa5ec68e2a61f6acfe576d965fe51c6bac78fba01a744fb
+    Sections:
+        .text:
+            Entropy: 6.203004686966463
+            Virtual Size: '0x289e'
+        .rdata:
+            Entropy: 3.4564408637017117
+            Virtual Size: '0x684'
+        .data:
+            Entropy: 3.11924592348315
+            Virtual Size: '0xe8'
+        PAGE:
+            Entropy: 5.786287892614831
+            Virtual Size: '0x266'
+        INIT:
+            Entropy: 5.266174691926025
+            Virtual Size: '0x53e'
+        .reloc:
+            Entropy: 5.67439270665009
+            Virtual Size: '0x30e'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: OU=Timestamping CA, O=GlobalSign, CN=GlobalSign Timestamping
+                CA
+            ValidFrom: '2009-03-18 11:00:00'
+            ValidTo: '2028-01-28 12:00:00'
+            Signature: 5df6cb2b0d0140849f857a43706ae0c5e7aa0600d76713c9089131654f14a8a905dc389e6aa0300abd8dc78028ee4245ca94f3de5845a9803204f5595c6a70003927944df5b44634e81c5331b2b35416e9cc42abd5d959301cfb462725b88723b1e8758824831ec876377b01494548a4ede25dd27c9ca2dc2dba105a126265abae00c710343bcb72bd14240cdcc37627b4a7fee15829f20e169f91391d89a6e60f1c878ce258ac927e243eaaec14e73a33348bc63bac83ab0f14627aba1a2d4d4b1bc530f00b92797d3c78e0f8e6d215965999392b3061e8b8f8c0a1e9221411787dc4dc89bec0bb94e172aeebb540404fef171e585ed0a88996ac9228e9babf
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012019c19066
+            Version: 3
+            TBS:
+                MD5: 42023b9487cafe46c1b6a49c369a362e
+                SHA1: 7c7b524d269334b9f073c32e888e09544c6acd98
+                SHA256: b7126567833f3daa4085ff41e73112daad3d1e3808a942c1936520e2d6c46c78
+                SHA384: 0ee4f63d6f157ec4f6990c3ebb411ccd76cb1e2123c7f692459e43f96c0da2dbf60a2bce6afeacc60621d3055028baea
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=BE, O=GlobalSign NV, CN=GlobalSign Time Stamping Authority
+            ValidFrom: '2009-12-21 09:32:56'
+            ValidTo: '2020-12-22 09:32:56'
+            Signature: bc89ecfee63655935c79d4117a86808f17b693b26d9b91a1561811c655eaf608edad9b9ef52b81c8bbdd607b1b47991e6d403e1d80c213d58e04052fdbe7ae529e688472a1e54a603cf89bd52f46d8c3b2b79353ac9b6c432424d1f1fce9562e3411581843eaefff34746ca0c06c7fad031969881e9560cabbbd0cbb76efc724b081c63831cf36ad0c38b89020849b2e8f28b99ff6ca9427cdac396157e0e3955a9c769230f5dea6973d721c2a6032a8334d8635338a5cf3a4fdf7062ce16b4b30f5cbd34362f841b9de7d20cb058c8e2cf65f35fd338d42896508362ca389f45a858bb0b97bdb6ccba1f8d20e1bbb977cd12779be9d7c3be6a75634d8c991a9
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 01000000000125b0b4cc01
+            Version: 3
+            TBS:
+                MD5: e3369c8e5aec0504b3a50455f615d9f9
+                SHA1: 13c244a894b40ecd18aaf97c362f20385bd005a7
+                SHA256: 26da721a670c72836926032fee6920118bfb9bff89cc8d0ce30d9452c33f2532
+                SHA384: 1524902f0e25addc6d74039d439366d2b06199e215004fd8e145369f50ea94a021ce6312e8a62b35470da0309ccb975c
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 7df0d3ee663fc0e7c72a95e44ba4c82c
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 64609ef7b3e2ca2ae15ac30c04002204
+        SHA1: 146c60b0dcd8cb8aa82992e56997b2ebe472918f
+        SHA256: 184cc3969b79f1856614bed64c1d5562d3363e13a92176f2e9a9235a4aa7d051
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2013-05-17 13:33:16'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - RtlCompareMemory
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - DbgPrint
+    - PsProcessType
+    - PsGetProcessImageFileName
+    - PsReferencePrimaryToken
+    - ZwOpenProcessTokenEx
+    - ZwSetInformationProcess
+    - ZwClose
+    - ZwDuplicateToken
+    - PsInitialSystemProcess
+    - ObOpenObjectByPointer
+    - IofCompleteRequest
+    - PsDereferencePrimaryToken
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - IoEnumerateRegisteredFiltersList
+    - ObfDereferenceObject
+    - MmGetSystemRoutineAddress
+    - CcMdlRead
+    - SeImpersonateClientEx
+    - PsSetCreateThreadNotifyRoutine
+    - PsSetLoadImageNotifyRoutine
+    - CmUnRegisterCallback
+    - KeBugCheckEx
+    - _vsnwprintf
+    - IoDeleteDevice
+    - RtlInitUnicodeString
+    - NtBuildNumber
+    - PsGetProcessId
+    - IoDeleteSymbolicLink
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwindEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltEnumerateFilters
+    - FltObjectDereference
+    - FltGetVolumeFromInstance
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: ''
+    MD5: 2d37d2fb9b9f8ac52bc02cba4487e3cb
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 6931e969068f58678830e6bb4ee1ae49
+        SHA1: bd694fda9f3f6b6a24e205b6027faf20b7d02b7a
+        SHA256: 0ba61ea701b8a9e1bae7234e761b74c12b4262a3798d4525ce4b626affb6fc9a
+    SHA1: 632c80a3c95cf589b03812539dea59594eaefae0
+    SHA256: ece76b79feafb38ae4371e104b6dcbb4253ff3b2acbe5bd14ce6e47525c24f4a
+    Sections:
+        .text:
+            Entropy: 6.097853212616491
+            Virtual Size: '0x37f6'
+        .rdata:
+            Entropy: 4.076714176904094
+            Virtual Size: '0x940'
+        .data:
+            Entropy: 1.4269125817182893
+            Virtual Size: '0x2b8'
+        .pdata:
+            Entropy: 3.9170697014365152
+            Virtual Size: '0x1f8'
+        PAGE:
+            Entropy: 6.079756252073022
+            Virtual Size: '0x28b'
+        INIT:
+            Entropy: 5.100311543493838
+            Virtual Size: '0x5cc'
+        .reloc:
+            Entropy: 2.8064493688417227
+            Virtual Size: '0xa4'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: OU=Timestamping CA, O=GlobalSign, CN=GlobalSign Timestamping
+                CA
+            ValidFrom: '2009-03-18 11:00:00'
+            ValidTo: '2028-01-28 12:00:00'
+            Signature: 5df6cb2b0d0140849f857a43706ae0c5e7aa0600d76713c9089131654f14a8a905dc389e6aa0300abd8dc78028ee4245ca94f3de5845a9803204f5595c6a70003927944df5b44634e81c5331b2b35416e9cc42abd5d959301cfb462725b88723b1e8758824831ec876377b01494548a4ede25dd27c9ca2dc2dba105a126265abae00c710343bcb72bd14240cdcc37627b4a7fee15829f20e169f91391d89a6e60f1c878ce258ac927e243eaaec14e73a33348bc63bac83ab0f14627aba1a2d4d4b1bc530f00b92797d3c78e0f8e6d215965999392b3061e8b8f8c0a1e9221411787dc4dc89bec0bb94e172aeebb540404fef171e585ed0a88996ac9228e9babf
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012019c19066
+            Version: 3
+            TBS:
+                MD5: 42023b9487cafe46c1b6a49c369a362e
+                SHA1: 7c7b524d269334b9f073c32e888e09544c6acd98
+                SHA256: b7126567833f3daa4085ff41e73112daad3d1e3808a942c1936520e2d6c46c78
+                SHA384: 0ee4f63d6f157ec4f6990c3ebb411ccd76cb1e2123c7f692459e43f96c0da2dbf60a2bce6afeacc60621d3055028baea
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=BE, O=GlobalSign NV, CN=GlobalSign Time Stamping Authority
+            ValidFrom: '2009-12-21 09:32:56'
+            ValidTo: '2020-12-22 09:32:56'
+            Signature: bc89ecfee63655935c79d4117a86808f17b693b26d9b91a1561811c655eaf608edad9b9ef52b81c8bbdd607b1b47991e6d403e1d80c213d58e04052fdbe7ae529e688472a1e54a603cf89bd52f46d8c3b2b79353ac9b6c432424d1f1fce9562e3411581843eaefff34746ca0c06c7fad031969881e9560cabbbd0cbb76efc724b081c63831cf36ad0c38b89020849b2e8f28b99ff6ca9427cdac396157e0e3955a9c769230f5dea6973d721c2a6032a8334d8635338a5cf3a4fdf7062ce16b4b30f5cbd34362f841b9de7d20cb058c8e2cf65f35fd338d42896508362ca389f45a858bb0b97bdb6ccba1f8d20e1bbb977cd12779be9d7c3be6a75634d8c991a9
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 01000000000125b0b4cc01
+            Version: 3
+            TBS:
+                MD5: e3369c8e5aec0504b3a50455f615d9f9
+                SHA1: 13c244a894b40ecd18aaf97c362f20385bd005a7
+                SHA256: 26da721a670c72836926032fee6920118bfb9bff89cc8d0ce30d9452c33f2532
+                SHA384: 1524902f0e25addc6d74039d439366d2b06199e215004fd8e145369f50ea94a021ce6312e8a62b35470da0309ccb975c
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 7bf14377888c429897eb10a85f70266c
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 4a3afa75d4e37084cd63bcb48f960431
+        SHA1: 17459f6e341ec31898452c21b3bd9c91faacbc73
+        SHA256: caa87fc917ab2ccf9bf2ad715173d74e031626c6bd3c80dca01f27933fec7242
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2013-01-14 22:20:03'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - RtlCompareMemory
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - DbgPrint
+    - PsProcessType
+    - PsGetProcessImageFileName
+    - PsReferencePrimaryToken
+    - ZwOpenProcessTokenEx
+    - ZwSetInformationProcess
+    - ZwClose
+    - ZwDuplicateToken
+    - PsInitialSystemProcess
+    - ObOpenObjectByPointer
+    - IofCompleteRequest
+    - PsDereferencePrimaryToken
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - IoEnumerateRegisteredFiltersList
+    - ObfDereferenceObject
+    - MmGetSystemRoutineAddress
+    - CcMdlRead
+    - SeImpersonateClientEx
+    - PsSetCreateThreadNotifyRoutine
+    - PsSetLoadImageNotifyRoutine
+    - CmUnRegisterCallback
+    - KeBugCheckEx
+    - _vsnwprintf
+    - IoDeleteDevice
+    - RtlInitUnicodeString
+    - NtBuildNumber
+    - PsGetProcessId
+    - IoDeleteSymbolicLink
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwindEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltEnumerateFilters
+    - FltObjectDereference
+    - FltGetVolumeFromInstance
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: ''
+    MD5: a3d69c7e24300389b56782aa63b0e357
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 6931e969068f58678830e6bb4ee1ae49
+        SHA1: bd694fda9f3f6b6a24e205b6027faf20b7d02b7a
+        SHA256: 0ba61ea701b8a9e1bae7234e761b74c12b4262a3798d4525ce4b626affb6fc9a
+    SHA1: b555aad38df7605985462f3899572931ee126259
+    SHA256: c13f5bc4edfbe8f1884320c5d76ca129d00de41a1e61d45195738f125dfe60a7
+    Sections:
+        .text:
+            Entropy: 6.097853212616491
+            Virtual Size: '0x37f6'
+        .rdata:
+            Entropy: 4.051333761804722
+            Virtual Size: '0x940'
+        .data:
+            Entropy: 1.4269125817182893
+            Virtual Size: '0x2b8'
+        .pdata:
+            Entropy: 3.9170697014365152
+            Virtual Size: '0x1f8'
+        PAGE:
+            Entropy: 6.079756252073022
+            Virtual Size: '0x28b'
+        INIT:
+            Entropy: 5.100311543493838
+            Virtual Size: '0x5cc'
+        .reloc:
+            Entropy: 2.8064493688417227
+            Virtual Size: '0xa4'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: OU=Timestamping CA, O=GlobalSign, CN=GlobalSign Timestamping
+                CA
+            ValidFrom: '2009-03-18 11:00:00'
+            ValidTo: '2028-01-28 12:00:00'
+            Signature: 5df6cb2b0d0140849f857a43706ae0c5e7aa0600d76713c9089131654f14a8a905dc389e6aa0300abd8dc78028ee4245ca94f3de5845a9803204f5595c6a70003927944df5b44634e81c5331b2b35416e9cc42abd5d959301cfb462725b88723b1e8758824831ec876377b01494548a4ede25dd27c9ca2dc2dba105a126265abae00c710343bcb72bd14240cdcc37627b4a7fee15829f20e169f91391d89a6e60f1c878ce258ac927e243eaaec14e73a33348bc63bac83ab0f14627aba1a2d4d4b1bc530f00b92797d3c78e0f8e6d215965999392b3061e8b8f8c0a1e9221411787dc4dc89bec0bb94e172aeebb540404fef171e585ed0a88996ac9228e9babf
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012019c19066
+            Version: 3
+            TBS:
+                MD5: 42023b9487cafe46c1b6a49c369a362e
+                SHA1: 7c7b524d269334b9f073c32e888e09544c6acd98
+                SHA256: b7126567833f3daa4085ff41e73112daad3d1e3808a942c1936520e2d6c46c78
+                SHA384: 0ee4f63d6f157ec4f6990c3ebb411ccd76cb1e2123c7f692459e43f96c0da2dbf60a2bce6afeacc60621d3055028baea
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=BE, O=GlobalSign NV, CN=GlobalSign Time Stamping Authority
+            ValidFrom: '2009-12-21 09:32:56'
+            ValidTo: '2020-12-22 09:32:56'
+            Signature: bc89ecfee63655935c79d4117a86808f17b693b26d9b91a1561811c655eaf608edad9b9ef52b81c8bbdd607b1b47991e6d403e1d80c213d58e04052fdbe7ae529e688472a1e54a603cf89bd52f46d8c3b2b79353ac9b6c432424d1f1fce9562e3411581843eaefff34746ca0c06c7fad031969881e9560cabbbd0cbb76efc724b081c63831cf36ad0c38b89020849b2e8f28b99ff6ca9427cdac396157e0e3955a9c769230f5dea6973d721c2a6032a8334d8635338a5cf3a4fdf7062ce16b4b30f5cbd34362f841b9de7d20cb058c8e2cf65f35fd338d42896508362ca389f45a858bb0b97bdb6ccba1f8d20e1bbb977cd12779be9d7c3be6a75634d8c991a9
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 01000000000125b0b4cc01
+            Version: 3
+            TBS:
+                MD5: e3369c8e5aec0504b3a50455f615d9f9
+                SHA1: 13c244a894b40ecd18aaf97c362f20385bd005a7
+                SHA256: 26da721a670c72836926032fee6920118bfb9bff89cc8d0ce30d9452c33f2532
+                SHA384: 1524902f0e25addc6d74039d439366d2b06199e215004fd8e145369f50ea94a021ce6312e8a62b35470da0309ccb975c
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 7bf14377888c429897eb10a85f70266c
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 04bfc5474deae488ead0a665e8bdbecf
+        SHA1: e6d31983f7d3d1f1f9977cad1b1898ff4957ac7c
+        SHA256: 19bfc95d74b27684e420b985589105d51772100383e7c3790a34ae311fee03d8
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2013-08-17 16:23:49'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - NtBuildNumber
+    - RtlCompareMemory
+    - DbgPrint
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsDereferencePrimaryToken
+    - PsReferencePrimaryToken
+    - ZwClose
+    - ZwSetInformationProcess
+    - ZwDuplicateToken
+    - ZwOpenProcessTokenEx
+    - ObOpenObjectByPointer
+    - PsProcessType
+    - PsGetProcessId
+    - RtlInitUnicodeString
+    - PsInitialSystemProcess
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - ObfDereferenceObject
+    - IoEnumerateRegisteredFiltersList
+    - KeServiceDescriptorTable
+    - PsSetCreateProcessNotifyRoutine
+    - IoConnectInterrupt
+    - PsSetCreateThreadNotifyRoutine
+    - PsSetLoadImageNotifyRoutine
+    - CmUnRegisterCallback
+    - MmGetSystemRoutineAddress
+    - KeTickCount
+    - KeBugCheckEx
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - IofCompleteRequest
+    - memset
+    - PsGetProcessImageFileName
+    - _vsnwprintf
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwind
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltGetVolumeFromInstance
+    - FltObjectDereference
+    - FltEnumerateFilters
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: ''
+    MD5: ac6e29f535b2c42999c50d2fc32f2c9c
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 3010c6b3ceeb3f2e83c6d7186b9a65bd
+        SHA1: 51dff26785c84f9975066bfc058749382af56e9a
+        SHA256: c66c5fcc9bbd9d23872aeb85b60c70ad22bef1cfff0b4b46039b3886728fb103
+    SHA1: f6a18fc9c4abe4a82c1ab28abc0a7259df8de7a3
+    SHA256: accb1a6604efb1b3ce9345c9fd62fe717a84c3e089e09c638e461df89193ef01
+    Sections:
+        .text:
+            Entropy: 6.203004686966463
+            Virtual Size: '0x289e'
+        .rdata:
+            Entropy: 3.474661239920984
+            Virtual Size: '0x684'
+        .data:
+            Entropy: 3.11924592348315
+            Virtual Size: '0xe8'
+        PAGE:
+            Entropy: 5.786287892614831
+            Virtual Size: '0x266'
+        INIT:
+            Entropy: 5.266174691926025
+            Virtual Size: '0x53e'
+        .reloc:
+            Entropy: 5.67439270665009
+            Virtual Size: '0x30e'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: OU=Timestamping CA, O=GlobalSign, CN=GlobalSign Timestamping
+                CA
+            ValidFrom: '2009-03-18 11:00:00'
+            ValidTo: '2028-01-28 12:00:00'
+            Signature: 5df6cb2b0d0140849f857a43706ae0c5e7aa0600d76713c9089131654f14a8a905dc389e6aa0300abd8dc78028ee4245ca94f3de5845a9803204f5595c6a70003927944df5b44634e81c5331b2b35416e9cc42abd5d959301cfb462725b88723b1e8758824831ec876377b01494548a4ede25dd27c9ca2dc2dba105a126265abae00c710343bcb72bd14240cdcc37627b4a7fee15829f20e169f91391d89a6e60f1c878ce258ac927e243eaaec14e73a33348bc63bac83ab0f14627aba1a2d4d4b1bc530f00b92797d3c78e0f8e6d215965999392b3061e8b8f8c0a1e9221411787dc4dc89bec0bb94e172aeebb540404fef171e585ed0a88996ac9228e9babf
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012019c19066
+            Version: 3
+            TBS:
+                MD5: 42023b9487cafe46c1b6a49c369a362e
+                SHA1: 7c7b524d269334b9f073c32e888e09544c6acd98
+                SHA256: b7126567833f3daa4085ff41e73112daad3d1e3808a942c1936520e2d6c46c78
+                SHA384: 0ee4f63d6f157ec4f6990c3ebb411ccd76cb1e2123c7f692459e43f96c0da2dbf60a2bce6afeacc60621d3055028baea
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=BE, O=GlobalSign NV, CN=GlobalSign Time Stamping Authority
+            ValidFrom: '2009-12-21 09:32:56'
+            ValidTo: '2020-12-22 09:32:56'
+            Signature: bc89ecfee63655935c79d4117a86808f17b693b26d9b91a1561811c655eaf608edad9b9ef52b81c8bbdd607b1b47991e6d403e1d80c213d58e04052fdbe7ae529e688472a1e54a603cf89bd52f46d8c3b2b79353ac9b6c432424d1f1fce9562e3411581843eaefff34746ca0c06c7fad031969881e9560cabbbd0cbb76efc724b081c63831cf36ad0c38b89020849b2e8f28b99ff6ca9427cdac396157e0e3955a9c769230f5dea6973d721c2a6032a8334d8635338a5cf3a4fdf7062ce16b4b30f5cbd34362f841b9de7d20cb058c8e2cf65f35fd338d42896508362ca389f45a858bb0b97bdb6ccba1f8d20e1bbb977cd12779be9d7c3be6a75634d8c991a9
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 01000000000125b0b4cc01
+            Version: 3
+            TBS:
+                MD5: e3369c8e5aec0504b3a50455f615d9f9
+                SHA1: 13c244a894b40ecd18aaf97c362f20385bd005a7
+                SHA256: 26da721a670c72836926032fee6920118bfb9bff89cc8d0ce30d9452c33f2532
+                SHA384: 1524902f0e25addc6d74039d439366d2b06199e215004fd8e145369f50ea94a021ce6312e8a62b35470da0309ccb975c
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 7df0d3ee663fc0e7c72a95e44ba4c82c
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 990ef30c74b89afd7bec043603b8a587
+        SHA1: 43d05f5fbdf17de20ce8fc310b1ded0baec7120e
+        SHA256: 8210a89ba143d927384d7b2e6b3714d6ae9a9a384796ec6e306df38ca91e9c4e
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2012-09-08 07:18:08'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - NtBuildNumber
+    - RtlCompareMemory
+    - DbgPrint
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsDereferencePrimaryToken
+    - PsReferencePrimaryToken
+    - ZwClose
+    - ZwSetInformationProcess
+    - ZwDuplicateToken
+    - ZwOpenProcessTokenEx
+    - ObOpenObjectByPointer
+    - PsProcessType
+    - PsGetProcessId
+    - RtlInitUnicodeString
+    - PsInitialSystemProcess
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - ObfDereferenceObject
+    - IoEnumerateRegisteredFiltersList
+    - KeServiceDescriptorTable
+    - PsSetCreateProcessNotifyRoutine
+    - IoConnectInterrupt
+    - PsSetCreateThreadNotifyRoutine
+    - PsSetLoadImageNotifyRoutine
+    - CmUnRegisterCallback
+    - MmGetSystemRoutineAddress
+    - KeTickCount
+    - KeBugCheckEx
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - IofCompleteRequest
+    - memset
+    - PsGetProcessImageFileName
+    - _vsnwprintf
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwind
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltGetVolumeFromInstance
+    - FltObjectDereference
+    - FltEnumerateFilters
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: ''
+    MD5: 7073cd0085fcba1cd7d3568f9e6d652c
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 3010c6b3ceeb3f2e83c6d7186b9a65bd
+        SHA1: 51dff26785c84f9975066bfc058749382af56e9a
+        SHA256: c66c5fcc9bbd9d23872aeb85b60c70ad22bef1cfff0b4b46039b3886728fb103
+    SHA1: bd39ef9c758e2d9d6037e067fbb2c1f2ac7feac8
+    SHA256: e5ddfa39540d4e7ada56cdc1ebd2eb8c85a408ec078337488a81d1c3f2aaa4ff
+    Sections:
+        .text:
+            Entropy: 6.203004686966463
+            Virtual Size: '0x289e'
+        .rdata:
+            Entropy: 3.4515246314550203
+            Virtual Size: '0x684'
+        .data:
+            Entropy: 3.11924592348315
+            Virtual Size: '0xe8'
+        PAGE:
+            Entropy: 5.786287892614831
+            Virtual Size: '0x266'
+        INIT:
+            Entropy: 5.266174691926025
+            Virtual Size: '0x53e'
+        .reloc:
+            Entropy: 5.67439270665009
+            Virtual Size: '0x30e'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: OU=Timestamping CA, O=GlobalSign, CN=GlobalSign Timestamping
+                CA
+            ValidFrom: '2009-03-18 11:00:00'
+            ValidTo: '2028-01-28 12:00:00'
+            Signature: 5df6cb2b0d0140849f857a43706ae0c5e7aa0600d76713c9089131654f14a8a905dc389e6aa0300abd8dc78028ee4245ca94f3de5845a9803204f5595c6a70003927944df5b44634e81c5331b2b35416e9cc42abd5d959301cfb462725b88723b1e8758824831ec876377b01494548a4ede25dd27c9ca2dc2dba105a126265abae00c710343bcb72bd14240cdcc37627b4a7fee15829f20e169f91391d89a6e60f1c878ce258ac927e243eaaec14e73a33348bc63bac83ab0f14627aba1a2d4d4b1bc530f00b92797d3c78e0f8e6d215965999392b3061e8b8f8c0a1e9221411787dc4dc89bec0bb94e172aeebb540404fef171e585ed0a88996ac9228e9babf
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012019c19066
+            Version: 3
+            TBS:
+                MD5: 42023b9487cafe46c1b6a49c369a362e
+                SHA1: 7c7b524d269334b9f073c32e888e09544c6acd98
+                SHA256: b7126567833f3daa4085ff41e73112daad3d1e3808a942c1936520e2d6c46c78
+                SHA384: 0ee4f63d6f157ec4f6990c3ebb411ccd76cb1e2123c7f692459e43f96c0da2dbf60a2bce6afeacc60621d3055028baea
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=BE, O=GlobalSign NV, CN=GlobalSign Time Stamping Authority
+            ValidFrom: '2009-12-21 09:32:56'
+            ValidTo: '2020-12-22 09:32:56'
+            Signature: bc89ecfee63655935c79d4117a86808f17b693b26d9b91a1561811c655eaf608edad9b9ef52b81c8bbdd607b1b47991e6d403e1d80c213d58e04052fdbe7ae529e688472a1e54a603cf89bd52f46d8c3b2b79353ac9b6c432424d1f1fce9562e3411581843eaefff34746ca0c06c7fad031969881e9560cabbbd0cbb76efc724b081c63831cf36ad0c38b89020849b2e8f28b99ff6ca9427cdac396157e0e3955a9c769230f5dea6973d721c2a6032a8334d8635338a5cf3a4fdf7062ce16b4b30f5cbd34362f841b9de7d20cb058c8e2cf65f35fd338d42896508362ca389f45a858bb0b97bdb6ccba1f8d20e1bbb977cd12779be9d7c3be6a75634d8c991a9
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 01000000000125b0b4cc01
+            Version: 3
+            TBS:
+                MD5: e3369c8e5aec0504b3a50455f615d9f9
+                SHA1: 13c244a894b40ecd18aaf97c362f20385bd005a7
+                SHA256: 26da721a670c72836926032fee6920118bfb9bff89cc8d0ce30d9452c33f2532
+                SHA384: 1524902f0e25addc6d74039d439366d2b06199e215004fd8e145369f50ea94a021ce6312e8a62b35470da0309ccb975c
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 7df0d3ee663fc0e7c72a95e44ba4c82c
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: bb0cdd5083c04ff1d769240982ad082d
+        SHA1: 816f41bb4d927568f72445c1b6f2f5a9b91b881d
+        SHA256: ed8d68c07947c01ca03d886e6ca795a3f8b2f079e8292f019bba3b97b41eef54
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2012-09-05 20:02:26'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - NtBuildNumber
+    - RtlCompareMemory
+    - DbgPrint
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsDereferencePrimaryToken
+    - PsReferencePrimaryToken
+    - ZwClose
+    - ZwSetInformationProcess
+    - ZwDuplicateToken
+    - ZwOpenProcessTokenEx
+    - ObOpenObjectByPointer
+    - PsProcessType
+    - PsGetProcessId
+    - RtlInitUnicodeString
+    - PsInitialSystemProcess
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - ObfDereferenceObject
+    - IoEnumerateRegisteredFiltersList
+    - KeServiceDescriptorTable
+    - PsSetCreateProcessNotifyRoutine
+    - IoConnectInterrupt
+    - PsSetCreateThreadNotifyRoutine
+    - PsSetLoadImageNotifyRoutine
+    - CmUnRegisterCallback
+    - MmGetSystemRoutineAddress
+    - KeTickCount
+    - KeBugCheckEx
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - IofCompleteRequest
+    - memset
+    - PsGetProcessImageFileName
+    - _vsnwprintf
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwind
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltGetVolumeFromInstance
+    - FltObjectDereference
+    - FltEnumerateFilters
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: ''
+    MD5: ed2b653d55c03f0bffa250372d682b75
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 3010c6b3ceeb3f2e83c6d7186b9a65bd
+        SHA1: 51dff26785c84f9975066bfc058749382af56e9a
+        SHA256: c66c5fcc9bbd9d23872aeb85b60c70ad22bef1cfff0b4b46039b3886728fb103
+    SHA1: 92138cfc14f9e2271f641547e031d5d63c6de19a
+    SHA256: deade507504d385d8cae11365a2ac9b5e2773ff9b61624d75ffa882d6bb28952
+    Sections:
+        .text:
+            Entropy: 6.203004686966463
+            Virtual Size: '0x289e'
+        .rdata:
+            Entropy: 3.4527878322014005
+            Virtual Size: '0x684'
+        .data:
+            Entropy: 3.11924592348315
+            Virtual Size: '0xe8'
+        PAGE:
+            Entropy: 5.786287892614831
+            Virtual Size: '0x266'
+        INIT:
+            Entropy: 5.266174691926025
+            Virtual Size: '0x53e'
+        .reloc:
+            Entropy: 5.67439270665009
+            Virtual Size: '0x30e'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: OU=Timestamping CA, O=GlobalSign, CN=GlobalSign Timestamping
+                CA
+            ValidFrom: '2009-03-18 11:00:00'
+            ValidTo: '2028-01-28 12:00:00'
+            Signature: 5df6cb2b0d0140849f857a43706ae0c5e7aa0600d76713c9089131654f14a8a905dc389e6aa0300abd8dc78028ee4245ca94f3de5845a9803204f5595c6a70003927944df5b44634e81c5331b2b35416e9cc42abd5d959301cfb462725b88723b1e8758824831ec876377b01494548a4ede25dd27c9ca2dc2dba105a126265abae00c710343bcb72bd14240cdcc37627b4a7fee15829f20e169f91391d89a6e60f1c878ce258ac927e243eaaec14e73a33348bc63bac83ab0f14627aba1a2d4d4b1bc530f00b92797d3c78e0f8e6d215965999392b3061e8b8f8c0a1e9221411787dc4dc89bec0bb94e172aeebb540404fef171e585ed0a88996ac9228e9babf
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012019c19066
+            Version: 3
+            TBS:
+                MD5: 42023b9487cafe46c1b6a49c369a362e
+                SHA1: 7c7b524d269334b9f073c32e888e09544c6acd98
+                SHA256: b7126567833f3daa4085ff41e73112daad3d1e3808a942c1936520e2d6c46c78
+                SHA384: 0ee4f63d6f157ec4f6990c3ebb411ccd76cb1e2123c7f692459e43f96c0da2dbf60a2bce6afeacc60621d3055028baea
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=BE, O=GlobalSign NV, CN=GlobalSign Time Stamping Authority
+            ValidFrom: '2009-12-21 09:32:56'
+            ValidTo: '2020-12-22 09:32:56'
+            Signature: bc89ecfee63655935c79d4117a86808f17b693b26d9b91a1561811c655eaf608edad9b9ef52b81c8bbdd607b1b47991e6d403e1d80c213d58e04052fdbe7ae529e688472a1e54a603cf89bd52f46d8c3b2b79353ac9b6c432424d1f1fce9562e3411581843eaefff34746ca0c06c7fad031969881e9560cabbbd0cbb76efc724b081c63831cf36ad0c38b89020849b2e8f28b99ff6ca9427cdac396157e0e3955a9c769230f5dea6973d721c2a6032a8334d8635338a5cf3a4fdf7062ce16b4b30f5cbd34362f841b9de7d20cb058c8e2cf65f35fd338d42896508362ca389f45a858bb0b97bdb6ccba1f8d20e1bbb977cd12779be9d7c3be6a75634d8c991a9
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 01000000000125b0b4cc01
+            Version: 3
+            TBS:
+                MD5: e3369c8e5aec0504b3a50455f615d9f9
+                SHA1: 13c244a894b40ecd18aaf97c362f20385bd005a7
+                SHA256: 26da721a670c72836926032fee6920118bfb9bff89cc8d0ce30d9452c33f2532
+                SHA384: 1524902f0e25addc6d74039d439366d2b06199e215004fd8e145369f50ea94a021ce6312e8a62b35470da0309ccb975c
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 7df0d3ee663fc0e7c72a95e44ba4c82c
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: fd4949a0af1fcce6a0861ff981f18c7b
+        SHA1: c785eebe7891724fab3a83472150b902a4fc4d26
+        SHA256: bd9386206a5dfdf63bf642e2917fae6d5e8a1e52874cb2cfbabf79e47b9fed74
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2012-08-13 17:31:25'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - NtBuildNumber
+    - RtlCompareMemory
+    - DbgPrint
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsDereferencePrimaryToken
+    - PsReferencePrimaryToken
+    - ZwClose
+    - ZwSetInformationProcess
+    - ZwDuplicateToken
+    - ZwOpenProcessTokenEx
+    - ObOpenObjectByPointer
+    - PsProcessType
+    - PsGetProcessId
+    - RtlInitUnicodeString
+    - PsInitialSystemProcess
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - ObfDereferenceObject
+    - IoEnumerateRegisteredFiltersList
+    - KeServiceDescriptorTable
+    - PsSetCreateProcessNotifyRoutine
+    - IoConnectInterrupt
+    - PsSetCreateThreadNotifyRoutine
+    - PsSetLoadImageNotifyRoutine
+    - CmUnRegisterCallback
+    - MmGetSystemRoutineAddress
+    - KeTickCount
+    - KeBugCheckEx
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - IofCompleteRequest
+    - memset
+    - PsGetProcessImageFileName
+    - _vsnwprintf
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwind
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltGetVolumeFromInstance
+    - FltObjectDereference
+    - FltEnumerateFilters
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: ''
+    MD5: 85093bb9f027027c2c61aee50796de30
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 3010c6b3ceeb3f2e83c6d7186b9a65bd
+        SHA1: 51dff26785c84f9975066bfc058749382af56e9a
+        SHA256: c66c5fcc9bbd9d23872aeb85b60c70ad22bef1cfff0b4b46039b3886728fb103
+    SHA1: 6b5aa51f4717d123a468e9e9d3d154e20ca39d56
+    SHA256: 083a311875173f8c4653e9bbbabb689d14aa86b852e7fa9f5512fc60e0fd2c43
+    Sections:
+        .text:
+            Entropy: 6.203004686966463
+            Virtual Size: '0x289e'
+        .rdata:
+            Entropy: 3.4522369758432485
+            Virtual Size: '0x684'
+        .data:
+            Entropy: 3.11924592348315
+            Virtual Size: '0xe8'
+        PAGE:
+            Entropy: 5.786287892614831
+            Virtual Size: '0x266'
+        INIT:
+            Entropy: 5.266174691926025
+            Virtual Size: '0x53e'
+        .reloc:
+            Entropy: 5.67439270665009
+            Virtual Size: '0x30e'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: OU=Timestamping CA, O=GlobalSign, CN=GlobalSign Timestamping
+                CA
+            ValidFrom: '2009-03-18 11:00:00'
+            ValidTo: '2028-01-28 12:00:00'
+            Signature: 5df6cb2b0d0140849f857a43706ae0c5e7aa0600d76713c9089131654f14a8a905dc389e6aa0300abd8dc78028ee4245ca94f3de5845a9803204f5595c6a70003927944df5b44634e81c5331b2b35416e9cc42abd5d959301cfb462725b88723b1e8758824831ec876377b01494548a4ede25dd27c9ca2dc2dba105a126265abae00c710343bcb72bd14240cdcc37627b4a7fee15829f20e169f91391d89a6e60f1c878ce258ac927e243eaaec14e73a33348bc63bac83ab0f14627aba1a2d4d4b1bc530f00b92797d3c78e0f8e6d215965999392b3061e8b8f8c0a1e9221411787dc4dc89bec0bb94e172aeebb540404fef171e585ed0a88996ac9228e9babf
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012019c19066
+            Version: 3
+            TBS:
+                MD5: 42023b9487cafe46c1b6a49c369a362e
+                SHA1: 7c7b524d269334b9f073c32e888e09544c6acd98
+                SHA256: b7126567833f3daa4085ff41e73112daad3d1e3808a942c1936520e2d6c46c78
+                SHA384: 0ee4f63d6f157ec4f6990c3ebb411ccd76cb1e2123c7f692459e43f96c0da2dbf60a2bce6afeacc60621d3055028baea
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=BE, O=GlobalSign NV, CN=GlobalSign Time Stamping Authority
+            ValidFrom: '2009-12-21 09:32:56'
+            ValidTo: '2020-12-22 09:32:56'
+            Signature: bc89ecfee63655935c79d4117a86808f17b693b26d9b91a1561811c655eaf608edad9b9ef52b81c8bbdd607b1b47991e6d403e1d80c213d58e04052fdbe7ae529e688472a1e54a603cf89bd52f46d8c3b2b79353ac9b6c432424d1f1fce9562e3411581843eaefff34746ca0c06c7fad031969881e9560cabbbd0cbb76efc724b081c63831cf36ad0c38b89020849b2e8f28b99ff6ca9427cdac396157e0e3955a9c769230f5dea6973d721c2a6032a8334d8635338a5cf3a4fdf7062ce16b4b30f5cbd34362f841b9de7d20cb058c8e2cf65f35fd338d42896508362ca389f45a858bb0b97bdb6ccba1f8d20e1bbb977cd12779be9d7c3be6a75634d8c991a9
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 01000000000125b0b4cc01
+            Version: 3
+            TBS:
+                MD5: e3369c8e5aec0504b3a50455f615d9f9
+                SHA1: 13c244a894b40ecd18aaf97c362f20385bd005a7
+                SHA256: 26da721a670c72836926032fee6920118bfb9bff89cc8d0ce30d9452c33f2532
+                SHA384: 1524902f0e25addc6d74039d439366d2b06199e215004fd8e145369f50ea94a021ce6312e8a62b35470da0309ccb975c
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 7df0d3ee663fc0e7c72a95e44ba4c82c
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: cf5dee8cce65b166ca275c87eb21d392
+        SHA1: e97da59c611cf90623dc05638f8c866ffee79265
+        SHA256: 51141c22e37d651703dd57cfda018ff06a0175a78e7c72f8ad733a281721716a
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2012-02-08 17:51:00'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - RtlCompareMemory
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - DbgPrint
+    - PsProcessType
+    - PsGetProcessImageFileName
+    - PsReferencePrimaryToken
+    - ZwOpenProcessTokenEx
+    - ZwSetInformationProcess
+    - ZwClose
+    - ZwDuplicateToken
+    - PsInitialSystemProcess
+    - IofCompleteRequest
+    - PsGetProcessId
+    - PsDereferencePrimaryToken
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - IoEnumerateRegisteredFiltersList
+    - ObfDereferenceObject
+    - MmGetSystemRoutineAddress
+    - PsSetLoadImageNotifyRoutine
+    - PsSetCreateThreadNotifyRoutine
+    - PsSetCreateProcessNotifyRoutine
+    - CmUnRegisterCallback
+    - KeBugCheckEx
+    - _vsnwprintf
+    - IoDeleteDevice
+    - RtlInitUnicodeString
+    - NtBuildNumber
+    - ObOpenObjectByPointer
+    - IoDeleteSymbolicLink
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwindEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltEnumerateFilters
+    - FltObjectDereference
+    - FltGetVolumeFromInstance
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: ''
+    MD5: 6a4fbcfb44717eae2145c761c1c99b6a
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: c31de5cc00cb68b62ae186ff240ab9b0
+        SHA1: f71fd975d57b4fdc25853614f721575fe8910ea4
+        SHA256: eee6307fc92b0eeab791cc944719153abdef57a75c8aaf1ee43b2f26749bfbea
+    SHA1: 6a95860594cd8b7e3636bafa8f812e05359a64ca
+    SHA256: 36f45a42ebf2de6962db92aaf8845d7f9fd6895bedc31422adcf31c59a79602d
+    Sections:
+        .text:
+            Entropy: 6.11082071374607
+            Virtual Size: '0x31da'
+        .rdata:
+            Entropy: 4.065232172363281
+            Virtual Size: '0x860'
+        .data:
+            Entropy: 1.4960916763780787
+            Virtual Size: '0x278'
+        .pdata:
+            Entropy: 4.010597314508337
+            Virtual Size: '0x1bc'
+        PAGE:
+            Entropy: 6.071170454287612
+            Virtual Size: '0x28b'
+        INIT:
+            Entropy: 5.1035729791851745
+            Virtual Size: '0x5c2'
+        .reloc:
+            Entropy: 2.469316759121652
+            Virtual Size: '0x94'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: OU=Timestamping CA, O=GlobalSign, CN=GlobalSign Timestamping
+                CA
+            ValidFrom: '2009-03-18 11:00:00'
+            ValidTo: '2028-01-28 12:00:00'
+            Signature: 5df6cb2b0d0140849f857a43706ae0c5e7aa0600d76713c9089131654f14a8a905dc389e6aa0300abd8dc78028ee4245ca94f3de5845a9803204f5595c6a70003927944df5b44634e81c5331b2b35416e9cc42abd5d959301cfb462725b88723b1e8758824831ec876377b01494548a4ede25dd27c9ca2dc2dba105a126265abae00c710343bcb72bd14240cdcc37627b4a7fee15829f20e169f91391d89a6e60f1c878ce258ac927e243eaaec14e73a33348bc63bac83ab0f14627aba1a2d4d4b1bc530f00b92797d3c78e0f8e6d215965999392b3061e8b8f8c0a1e9221411787dc4dc89bec0bb94e172aeebb540404fef171e585ed0a88996ac9228e9babf
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012019c19066
+            Version: 3
+            TBS:
+                MD5: 42023b9487cafe46c1b6a49c369a362e
+                SHA1: 7c7b524d269334b9f073c32e888e09544c6acd98
+                SHA256: b7126567833f3daa4085ff41e73112daad3d1e3808a942c1936520e2d6c46c78
+                SHA384: 0ee4f63d6f157ec4f6990c3ebb411ccd76cb1e2123c7f692459e43f96c0da2dbf60a2bce6afeacc60621d3055028baea
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=BE, O=GlobalSign NV, CN=GlobalSign Time Stamping Authority
+            ValidFrom: '2009-12-21 09:32:56'
+            ValidTo: '2020-12-22 09:32:56'
+            Signature: bc89ecfee63655935c79d4117a86808f17b693b26d9b91a1561811c655eaf608edad9b9ef52b81c8bbdd607b1b47991e6d403e1d80c213d58e04052fdbe7ae529e688472a1e54a603cf89bd52f46d8c3b2b79353ac9b6c432424d1f1fce9562e3411581843eaefff34746ca0c06c7fad031969881e9560cabbbd0cbb76efc724b081c63831cf36ad0c38b89020849b2e8f28b99ff6ca9427cdac396157e0e3955a9c769230f5dea6973d721c2a6032a8334d8635338a5cf3a4fdf7062ce16b4b30f5cbd34362f841b9de7d20cb058c8e2cf65f35fd338d42896508362ca389f45a858bb0b97bdb6ccba1f8d20e1bbb977cd12779be9d7c3be6a75634d8c991a9
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 01000000000125b0b4cc01
+            Version: 3
+            TBS:
+                MD5: e3369c8e5aec0504b3a50455f615d9f9
+                SHA1: 13c244a894b40ecd18aaf97c362f20385bd005a7
+                SHA256: 26da721a670c72836926032fee6920118bfb9bff89cc8d0ce30d9452c33f2532
+                SHA384: 1524902f0e25addc6d74039d439366d2b06199e215004fd8e145369f50ea94a021ce6312e8a62b35470da0309ccb975c
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 7d017945bf90936a6c40f73f91ed02c2
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 903faf17175c8d380fc9dd24bdd68da2
+        SHA1: 3bc62bb8baac9a9608b8c9fbcb121e7569a1efd8
+        SHA256: 36487117894ca7b93f704e26f22725827f6f04ec3b8c45eaa0d283a11de9a9c3
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2012-09-05 20:02:32'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - RtlCompareMemory
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - DbgPrint
+    - PsProcessType
+    - PsGetProcessImageFileName
+    - PsReferencePrimaryToken
+    - ZwOpenProcessTokenEx
+    - ZwSetInformationProcess
+    - ZwClose
+    - ZwDuplicateToken
+    - PsInitialSystemProcess
+    - ObOpenObjectByPointer
+    - IofCompleteRequest
+    - PsDereferencePrimaryToken
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - IoEnumerateRegisteredFiltersList
+    - ObfDereferenceObject
+    - MmGetSystemRoutineAddress
+    - CcMdlRead
+    - SeImpersonateClientEx
+    - PsSetCreateThreadNotifyRoutine
+    - PsSetLoadImageNotifyRoutine
+    - CmUnRegisterCallback
+    - KeBugCheckEx
+    - _vsnwprintf
+    - IoDeleteDevice
+    - RtlInitUnicodeString
+    - NtBuildNumber
+    - PsGetProcessId
+    - IoDeleteSymbolicLink
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwindEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltEnumerateFilters
+    - FltObjectDereference
+    - FltGetVolumeFromInstance
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: ''
+    MD5: 1ee9f6326649cd23381eb9d7dfdeddf7
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 6931e969068f58678830e6bb4ee1ae49
+        SHA1: bd694fda9f3f6b6a24e205b6027faf20b7d02b7a
+        SHA256: 0ba61ea701b8a9e1bae7234e761b74c12b4262a3798d4525ce4b626affb6fc9a
+    SHA1: 766949d4599fbf8f45e888c9d6fedf21e04fb333
+    SHA256: b7956e31c2fcc0a84bcedf30e5f8115f4e74eed58916253a0c05c8be47283c57
+    Sections:
+        .text:
+            Entropy: 6.097853212616491
+            Virtual Size: '0x37f6'
+        .rdata:
+            Entropy: 4.052824356346606
+            Virtual Size: '0x940'
+        .data:
+            Entropy: 1.4269125817182893
+            Virtual Size: '0x2b8'
+        .pdata:
+            Entropy: 3.9170697014365152
+            Virtual Size: '0x1f8'
+        PAGE:
+            Entropy: 6.079756252073022
+            Virtual Size: '0x28b'
+        INIT:
+            Entropy: 5.100311543493838
+            Virtual Size: '0x5cc'
+        .reloc:
+            Entropy: 2.8064493688417227
+            Virtual Size: '0xa4'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: OU=Timestamping CA, O=GlobalSign, CN=GlobalSign Timestamping
+                CA
+            ValidFrom: '2009-03-18 11:00:00'
+            ValidTo: '2028-01-28 12:00:00'
+            Signature: 5df6cb2b0d0140849f857a43706ae0c5e7aa0600d76713c9089131654f14a8a905dc389e6aa0300abd8dc78028ee4245ca94f3de5845a9803204f5595c6a70003927944df5b44634e81c5331b2b35416e9cc42abd5d959301cfb462725b88723b1e8758824831ec876377b01494548a4ede25dd27c9ca2dc2dba105a126265abae00c710343bcb72bd14240cdcc37627b4a7fee15829f20e169f91391d89a6e60f1c878ce258ac927e243eaaec14e73a33348bc63bac83ab0f14627aba1a2d4d4b1bc530f00b92797d3c78e0f8e6d215965999392b3061e8b8f8c0a1e9221411787dc4dc89bec0bb94e172aeebb540404fef171e585ed0a88996ac9228e9babf
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012019c19066
+            Version: 3
+            TBS:
+                MD5: 42023b9487cafe46c1b6a49c369a362e
+                SHA1: 7c7b524d269334b9f073c32e888e09544c6acd98
+                SHA256: b7126567833f3daa4085ff41e73112daad3d1e3808a942c1936520e2d6c46c78
+                SHA384: 0ee4f63d6f157ec4f6990c3ebb411ccd76cb1e2123c7f692459e43f96c0da2dbf60a2bce6afeacc60621d3055028baea
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=BE, O=GlobalSign NV, CN=GlobalSign Time Stamping Authority
+            ValidFrom: '2009-12-21 09:32:56'
+            ValidTo: '2020-12-22 09:32:56'
+            Signature: bc89ecfee63655935c79d4117a86808f17b693b26d9b91a1561811c655eaf608edad9b9ef52b81c8bbdd607b1b47991e6d403e1d80c213d58e04052fdbe7ae529e688472a1e54a603cf89bd52f46d8c3b2b79353ac9b6c432424d1f1fce9562e3411581843eaefff34746ca0c06c7fad031969881e9560cabbbd0cbb76efc724b081c63831cf36ad0c38b89020849b2e8f28b99ff6ca9427cdac396157e0e3955a9c769230f5dea6973d721c2a6032a8334d8635338a5cf3a4fdf7062ce16b4b30f5cbd34362f841b9de7d20cb058c8e2cf65f35fd338d42896508362ca389f45a858bb0b97bdb6ccba1f8d20e1bbb977cd12779be9d7c3be6a75634d8c991a9
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 01000000000125b0b4cc01
+            Version: 3
+            TBS:
+                MD5: e3369c8e5aec0504b3a50455f615d9f9
+                SHA1: 13c244a894b40ecd18aaf97c362f20385bd005a7
+                SHA256: 26da721a670c72836926032fee6920118bfb9bff89cc8d0ce30d9452c33f2532
+                SHA384: 1524902f0e25addc6d74039d439366d2b06199e215004fd8e145369f50ea94a021ce6312e8a62b35470da0309ccb975c
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 7bf14377888c429897eb10a85f70266c
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 93936f2a18b6a8501653ef021972d628
+        SHA1: c08664c9293219c245006ff18ae75de42722ca60
+        SHA256: be25688313f29d7e62c996572825c33f3dcdda373ec235efe552aeb2219990bb
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2013-08-17 16:23:52'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - RtlCompareMemory
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - DbgPrint
+    - PsProcessType
+    - PsGetProcessImageFileName
+    - PsReferencePrimaryToken
+    - ZwOpenProcessTokenEx
+    - ZwSetInformationProcess
+    - ZwClose
+    - ZwDuplicateToken
+    - PsInitialSystemProcess
+    - ObOpenObjectByPointer
+    - IofCompleteRequest
+    - PsDereferencePrimaryToken
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - IoEnumerateRegisteredFiltersList
+    - ObfDereferenceObject
+    - MmGetSystemRoutineAddress
+    - CcMdlRead
+    - SeImpersonateClientEx
+    - PsSetCreateThreadNotifyRoutine
+    - PsSetLoadImageNotifyRoutine
+    - CmUnRegisterCallback
+    - KeBugCheckEx
+    - _vsnwprintf
+    - IoDeleteDevice
+    - RtlInitUnicodeString
+    - NtBuildNumber
+    - PsGetProcessId
+    - IoDeleteSymbolicLink
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwindEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltEnumerateFilters
+    - FltObjectDereference
+    - FltGetVolumeFromInstance
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: ''
+    MD5: 84763d8ca9fe5c3bff9667b2adf667de
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 6931e969068f58678830e6bb4ee1ae49
+        SHA1: bd694fda9f3f6b6a24e205b6027faf20b7d02b7a
+        SHA256: 0ba61ea701b8a9e1bae7234e761b74c12b4262a3798d4525ce4b626affb6fc9a
+    SHA1: 8b9dd4c001f17e7835fdaf0d87a2f3e026557e84
+    SHA256: 2c14bea0d85c9cad5c5f5c8d0e5442f6deb9e93fe3ad8ea5e8e147821c6f9304
+    Sections:
+        .text:
+            Entropy: 6.097853212616491
+            Virtual Size: '0x37f6'
+        .rdata:
+            Entropy: 4.063554093583363
+            Virtual Size: '0x940'
+        .data:
+            Entropy: 1.4269125817182893
+            Virtual Size: '0x2b8'
+        .pdata:
+            Entropy: 3.9170697014365152
+            Virtual Size: '0x1f8'
+        PAGE:
+            Entropy: 6.079756252073022
+            Virtual Size: '0x28b'
+        INIT:
+            Entropy: 5.100311543493838
+            Virtual Size: '0x5cc'
+        .reloc:
+            Entropy: 2.8064493688417227
+            Virtual Size: '0xa4'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: OU=Timestamping CA, O=GlobalSign, CN=GlobalSign Timestamping
+                CA
+            ValidFrom: '2009-03-18 11:00:00'
+            ValidTo: '2028-01-28 12:00:00'
+            Signature: 5df6cb2b0d0140849f857a43706ae0c5e7aa0600d76713c9089131654f14a8a905dc389e6aa0300abd8dc78028ee4245ca94f3de5845a9803204f5595c6a70003927944df5b44634e81c5331b2b35416e9cc42abd5d959301cfb462725b88723b1e8758824831ec876377b01494548a4ede25dd27c9ca2dc2dba105a126265abae00c710343bcb72bd14240cdcc37627b4a7fee15829f20e169f91391d89a6e60f1c878ce258ac927e243eaaec14e73a33348bc63bac83ab0f14627aba1a2d4d4b1bc530f00b92797d3c78e0f8e6d215965999392b3061e8b8f8c0a1e9221411787dc4dc89bec0bb94e172aeebb540404fef171e585ed0a88996ac9228e9babf
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012019c19066
+            Version: 3
+            TBS:
+                MD5: 42023b9487cafe46c1b6a49c369a362e
+                SHA1: 7c7b524d269334b9f073c32e888e09544c6acd98
+                SHA256: b7126567833f3daa4085ff41e73112daad3d1e3808a942c1936520e2d6c46c78
+                SHA384: 0ee4f63d6f157ec4f6990c3ebb411ccd76cb1e2123c7f692459e43f96c0da2dbf60a2bce6afeacc60621d3055028baea
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=BE, O=GlobalSign NV, CN=GlobalSign Time Stamping Authority
+            ValidFrom: '2009-12-21 09:32:56'
+            ValidTo: '2020-12-22 09:32:56'
+            Signature: bc89ecfee63655935c79d4117a86808f17b693b26d9b91a1561811c655eaf608edad9b9ef52b81c8bbdd607b1b47991e6d403e1d80c213d58e04052fdbe7ae529e688472a1e54a603cf89bd52f46d8c3b2b79353ac9b6c432424d1f1fce9562e3411581843eaefff34746ca0c06c7fad031969881e9560cabbbd0cbb76efc724b081c63831cf36ad0c38b89020849b2e8f28b99ff6ca9427cdac396157e0e3955a9c769230f5dea6973d721c2a6032a8334d8635338a5cf3a4fdf7062ce16b4b30f5cbd34362f841b9de7d20cb058c8e2cf65f35fd338d42896508362ca389f45a858bb0b97bdb6ccba1f8d20e1bbb977cd12779be9d7c3be6a75634d8c991a9
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 01000000000125b0b4cc01
+            Version: 3
+            TBS:
+                MD5: e3369c8e5aec0504b3a50455f615d9f9
+                SHA1: 13c244a894b40ecd18aaf97c362f20385bd005a7
+                SHA256: 26da721a670c72836926032fee6920118bfb9bff89cc8d0ce30d9452c33f2532
+                SHA384: 1524902f0e25addc6d74039d439366d2b06199e215004fd8e145369f50ea94a021ce6312e8a62b35470da0309ccb975c
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 7bf14377888c429897eb10a85f70266c
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/1524a54d-520d-4fa4-a7d5-aaaa066fbfc4.yaml b/yaml/1524a54d-520d-4fa4-a7d5-aaaa066fbfc4.yaml
index c852d24fd..547bfb30a 100644
--- a/yaml/1524a54d-520d-4fa4-a7d5-aaaa066fbfc4.yaml
+++ b/yaml/1524a54d-520d-4fa4-a7d5-aaaa066fbfc4.yaml
@@ -1,601 +1,605 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 1524a54d-520d-4fa4-a7d5-aaaa066fbfc4
+Tags:
+- dbk64.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create dbk64.sys binPath=C:\windows\temp\dbk64.sys type=kernel &&
-    sc.exe start dbk64.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection: []
-Id: 1524a54d-520d-4fa4-a7d5-aaaa066fbfc4
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 50dadd183094b8711a4f00a198972e6b
-    SHA1: d7512b033d7332edd747631f9d1ccc9276dadbe4
-    SHA256: 71dc8d678e0749599d3db144c93741f64def1b8b0efb98bef963d2215ebb4992
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2018-06-10 02:06:16'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: dbk64.sys
-  ImportedFunctions:
-  - BCryptVerifySignature
-  - BCryptCreateHash
-  - BCryptDestroyKey
-  - BCryptFinishHash
-  - BCryptDestroyHash
-  - BCryptImportKeyPair
-  - BCryptCloseAlgorithmProvider
-  - BCryptGetProperty
-  - BCryptHashData
-  - BCryptOpenAlgorithmProvider
-  - ExDeleteResourceLite
-  - MmGetSystemRoutineAddress
-  - MmAllocateContiguousMemory
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ObUnRegisterCallbacks
-  - ZwClose
-  - ZwOpenKey
-  - ZwQueryValueKey
-  - SeSinglePrivilegeCheck
-  - PsSetCreateProcessNotifyRoutineEx
-  - KeInitializeDpc
-  - KeInsertQueueDpc
-  - KeSetTargetProcessorDpc
-  - KeFlushQueuedDpcs
-  - KeRevertToUserAffinityThreadEx
-  - KeSetSystemAffinityThreadEx
-  - KeQueryActiveProcessors
-  - KeInitializeEvent
-  - KeSetEvent
-  - KeWaitForSingleObject
-  - PsGetCurrentProcessId
-  - PsGetCurrentThreadId
-  - KeDelayExecutionThread
-  - ExAcquireResourceExclusiveLite
-  - ExReleaseResourceLite
-  - MmProbeAndLockPages
-  - MmUnlockPages
-  - MmMapLockedPagesSpecifyCache
-  - MmUnmapLockedPages
-  - PsWrapApcWow64Thread
-  - IoAllocateMdl
-  - IoFreeMdl
-  - IoGetCurrentProcess
-  - ObReferenceObjectByHandle
-  - ObfDereferenceObject
-  - ObRegisterCallbacks
-  - ZwOpenSection
-  - ZwMapViewOfSection
-  - ZwUnmapViewOfSection
-  - MmGetPhysicalMemoryRanges
-  - MmGetPhysicalAddress
-  - PsSetCreateThreadNotifyRoutine
-  - PsGetProcessId
-  - PsGetThreadProcessId
-  - ExFreePoolWithTag
-  - KeDetachProcess
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - PsLookupProcessByProcessId
-  - ObOpenObjectByPointer
-  - ZwAllocateVirtualMemory
-  - KeInitializeApc
-  - KeInsertQueueApc
-  - ZwOpenThread
-  - ZwQueryInformationProcess
-  - PsProcessType
-  - PsThreadType
-  - DbgBreakPointWithStatus
-  - RtlGetVersion
-  - ExAllocatePoolWithTag
-  - MmGetVirtualForPhysical
-  - PsLookupThreadByThreadId
-  - __C_specific_handler
-  - KeQueryActiveProcessorCount
-  - KeClearEvent
-  - ExAcquireResourceSharedLite
-  - RtlInitializeGenericTable
-  - RtlInsertElementGenericTable
-  - RtlDeleteElementGenericTable
-  - RtlLookupElementGenericTable
-  - RtlGetElementGenericTable
-  - KeReleaseSemaphore
-  - KeInitializeSemaphore
-  - KeWaitForMultipleObjects
-  - ExAcquireFastMutex
-  - ExReleaseFastMutex
-  - MmBuildMdlForNonPagedPool
-  - ZwCreateFile
-  - ZwWriteFile
-  - HalDispatchTable
-  - KeInitializeMutex
-  - KeReleaseMutex
-  - KeSetSystemAffinityThread
-  - KeQueryMaximumProcessorCount
-  - MmAllocateContiguousMemorySpecifyCache
-  - MmFreeContiguousMemory
-  - PsCreateSystemThread
-  - ZwDeleteFile
-  - ZwWaitForSingleObject
-  - swprintf_s
-  - MmMapIoSpace
-  - MmUnmapIoSpace
-  - KeAcquireSpinLockAtDpcLevel
-  - KeReleaseSpinLockFromDpcLevel
-  - MmAllocatePagesForMdl
-  - ZwQueryInformationFile
-  - ZwReadFile
-  - RtlAppendUnicodeToString
-  - RtlUnwindEx
-  - RtlAnsiCharToUnicodeChar
-  - KeBugCheckEx
-  - ExInitializeResourceLite
-  - RtlCopyUnicodeString
-  - ExAllocatePool
-  - DbgPrint
-  - RtlInitUnicodeString
-  - KeAttachProcess
-  - WdfVersionBind
-  - WdfVersionBindClass
-  - WdfVersionUnbindClass
-  - WdfVersionUnbind
-  Imports:
-  - ksecdd.sys
-  - ntoskrnl.exe
-  - WDFLDR.SYS
-  InternalName: ''
-  MD5: 1c294146fc77565030603878fd0106f9
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 7864672ea516bc178f2a047d0b0109c2
-    SHA1: a8dbab49f8fee3b339338cacdfaa08a6f82bdb92
-    SHA256: d53d6e1aa8138283f9fcddf1761cba073eadc88596ef5dbdb3a6a46b22688586
-  SHA1: 6053d258096bccb07cb0057d700fe05233ab1fbb
-  SHA256: 18e1707b319c279c7e0204074088cc39286007a1cf6cb6e269d5067d8d0628c6
-  Sections:
-    .text:
-      Entropy: 5.973233907903084
-      Virtual Size: '0x18fff'
-    .rdata:
-      Entropy: 4.535692283846469
-      Virtual Size: '0x130c'
-    .data:
-      Entropy: 3.2469132584201263
-      Virtual Size: '0xaec4'
-    .pdata:
-      Entropy: 4.886736865266565
-      Virtual Size: '0xa74'
-    INIT:
-      Entropy: 5.326593764460783
-      Virtual Size: '0x1020'
-    .reloc:
-      Entropy: 3.7524415161285263
-      Virtual Size: '0x38'
-  Signature:
-  - Cheat Engine
-  - GlobalSign Extended Validation CodeSigning CA - SHA256 - G3
-  - GlobalSign
-  - GlobalSign Root CA - R1
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Timestamping CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2028-01-28 12:00:00'
-      Signature: 4e5e56901e46b4d94931f3bb1739281bc216ddfd41dc0905049b6fb2a29ad6992e40990055b5ea3fa52076d38634d417cc553ac782eeefa8babcd8069f1550dfcd167b523a02d7191afdaff0785ce04bc518df3a241edaacb8a95804020730dbb0125efe31bef00448f4f070f83a5e5683cf3dfb0dbcf4c5ed979db9d4dba52784e3389b8ba735864420a43b6da46a0ba183fd28ebdaef28f6cc885dfb0a3b00abe021ebe22f356c0f8e344597eba2f79933357ecb9a8abb454de73f9fc2d98afa65b26ec77e65ffe892e12c31a2f7b02736488f266f3bee4d761f79c3e57f9635bc2d0ecc01b08e7fff518080a792d4b34446648c874f166307314b63b0dff3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee152d7
-      Version: 3
-      TBS:
-        MD5: e140543fe3256027cfa79fc3c19c1776
-        SHA1: c655f94eb1ecc93de319fc0c9a2dc6c5ec063728
-        SHA256: 3ca71e85908ff67368e4dc00253f5691b9e6d50c966e7784143d75fb92aa3448
-        SHA384: d9d366f9328f2b55ee19a32cc5fd5148b81d764282fe5dc196c872ae249caa51d2c212ef39f33945dfe0cda81925e326
-    - Subject: OU=GlobalSign Root CA , R3, O=GlobalSign, CN=GlobalSign
-      ValidFrom: '2009-11-18 10:00:00'
-      ValidTo: '2019-03-18 10:00:00'
-      Signature: 4252a97ea2cf5b3bcb4bddbaf85759d324a47772ef62443782ed06ee04d5165f24a314dc6c54056ab09b3dda8139daad28db956f8183f5cd62b14524b1dd29e5085495958cf01d065f1ad6463f1340174811169b474dd13ab50f571c9230d0f8b2253b0acdf687f9c7b257d33f7da58c14ce9ca8c79f4693da59fa795d652035445a4fc1909dc1549256dc34c8f5c103d05dc059489c00fc95a0f1d176f71636c813927f2d2bc0b880f126261f414d52bf1e97bb018208e715f6c1d5342accf5e4c3877a5781e1d6d74286620177e2a9c47a86f404387a076a7d00ec73f7a80b3478c59eb3efb838400e8c3353c875ec5f3eea755eff820e7415dc1905f3ba31
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000125071df9af
-      Version: 3
-      TBS:
-        MD5: f47739306d14722e670d9436eadb8e4f
-        SHA1: 457d9df00a652cb4c3356d00145d9528fc309172
-        SHA256: bd1765c56594221373893ef26d97f88c144fb0e5a0111215b45d7239c3444df7
-        SHA384: b8b268a1bdf388be66a1c969b7b353cb2bbc9fad446049b7efa05a9ab3b714494e97f4d1ee1c0bae35bfd9bf6ef275b3
-    - Subject: C=SG, O=GMO GlobalSign Pte Ltd, CN=GlobalSign TSA for MS Authenticode
-        , G2
-      ValidFrom: '2016-05-24 00:00:00'
-      ValidTo: '2027-06-24 00:00:00'
-      Signature: 8fa91a916d04a637200e8396de23d36b6e1f6edd643d682122b5f84736698ee1a545c724a222b72909cc545aaec6bccd638eb33d5048e5b4ccaecd928d9e288b134a11aabda3efd3b236fcb4a172bf6d9763798c44bc702f7ef3bcdd8253ab1af6ebfa1c97bcb6379ca41c30bcabbc2d4736df922003e871c658f675059a34f00b595a824434aa80e42f84f6475d96c9b6caca9db7a6bae450d3d437b8ba200ed0d3922a5bc459bba16ddb3cce449dc1382aade38dbdcd09771a10be670a02366488b9b31b26eee79e60c446a8bc61336ccf4eb99cb96af09f37feb53d4f9ad34dffde208e4e97a6fd9f09bc4dca1876c9b04d8550f280d21d06f5580407b118
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1121d699a764973ef1f8427ee919cc534114
-      Version: 3
-      TBS:
-        MD5: acb5170547d76873f1e4ff18ed5de2eb
-        SHA1: bd6e261e75b807381bada7287de04d259258a5fa
-        SHA256: 4783380498acf592286ef2dea0fcc5bdea3f54d5e374d3e3497df9d5f662cfb6
-        SHA384: 4f428f115cf3d008248f15f32007fc7c54bd454e1b48b765776b4c87c23ab8818d8fbcbb3646d35eca012b025260a3b8
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Extended Validation CodeSigning
-        CA , SHA256 , G3
-      ValidFrom: '2016-06-15 00:00:00'
-      ValidTo: '2024-06-15 00:00:00'
-      Signature: 7609c4cc2fd9ef1e4ba9f857f3403921ca4c3c1d9e292b20d42b44d288ce1a0d05cf8381bbeb69bc318d2ac4c744cc6060941ccfa1e102240ead5bbe2cc2271e67b7e8281f3251e339f398dfb89f2e8b2ab47b0a03bcbd36048fc9d09c4fa3022799b0f045e934dfe43aa3b70637d86f2a7990d4d44e5871ec53a96198f73969e0129c575872862729a51de532f32b99975abf2bb03cb406ea0e64ecb7cd65802417c2d937f5b1261035477b9a02ba54a24593ff79bf1a8cc59fb59fdf78e76b50f14794694b24b8da05e80c9d4f06ec4a31207e4f5d86842f35a3cd9cc184571f1fadc0e2a4b1ef296b2197a6d4feed0337b0fcf58d2abcdc8483e3dec3e75f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 481b6a07a9424c1eaafef3cdf10f
-      Version: 3
-      TBS:
-        MD5: fd8cfeea06be14fa89689909e1fc72dc
-        SHA1: 8bc3cd2f70abe543e0dbe721065a4076c8521f36
-        SHA256: 15e7050789df807f3e3174294a01b637a1239f603e42f4b5db9398efa9da9996
-        SHA384: 8b9f95e6d3dd45e4ef38e2f12fb893d7d1bb1ba867e152e4a73c49b3d51dd52bc83a05982deac29af90436061248546d
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2011-04-15 19:55:08'
-      ValidTo: '2021-04-15 20:05:08'
-      Signature: 5ff8d065746a81c6a6ca5b03b6914ae84bbdef2ba142f0efb4a5adcd3389ec0b9585ac62501108aa58d25aa08310e5a6337af25af2c5fe787cf09c83df190ad97396002dd62ccde914d41d9de83f3c1a76f7904efb01350a6c9313a0c356eb67a0e4d17a96dec267f190f80a7bf5321b94ec5f751f8d1b34da6c58a7cb2d279e2226b7c9aa30cc0777b836e38201b5393ccc8dd9a75f7f23b3877fdb5798918bd7ce2520e39d644fdd87f72b68490318e0a5df7c5f68644d36838d4781f2e9e0a869abfa7b163c05a449ea8830190a6c73055178dfd41ddd3ad47f2de44e54be83431e7a7433b4a4ebd77073bc2a02988966eef6bc8f749378e329025a5a43e258ce7ccf9acad236893be25fda26054ec8d4e72c910e1797c5beee8b13112323294ffa83d050f6bafad53db3173df4ff034aa325dce67561d1fa35086bd62744d068b78d45e0eb852cc8a15d614474160e5958aed2b5eea5bcd6d7076ab62978fd976767dd8d4f17944fd2ed0caf972437c3a29c81da6be143b6577b4cecbf791319e79fe844e94781b75e701e91f83dd17b27f50b7056434805dda92fab86101d0b12e31ad04c6e75ded645b30b748887935c564a41029af7aeb799d8b67f88fa11f2457cf4d71b91c01cf1a0fbd4080a411a142acef4eb34486e66879ed54b7a397fbb0e3d3861cf735706e412066bd96b5308cd7018c22d4f974691bca9f0
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 6129152700000000002a
-      Version: 3
-      TBS:
-        MD5: 0bb058d116f02817737920f112d9fd3b
-        SHA1: fd116235171a4feafedee586b7a59185fb5fd7e6
-        SHA256: f970426cc46d2ae0fc5f899fa19dbe76e05f07e525654c60c3c9399492c291f4
-        SHA384: c0df876be008c26ca407fe904e6f5e7ccded17f9c16830ce9f8022309c9e64c97f494810f152811ae43e223b82ad7cc6
-    - Subject: ??=Private Organization, serialNumber=50212036, ??=NL, C=NL, ST=Noord,Brabant,
-        L=Eindhoven, ??=Frankendaal 32, O=Cheat Engine, CN=Cheat Engine
-      ValidFrom: '2018-01-26 17:35:01'
-      ValidTo: '2019-05-04 16:21:19'
-      Signature: 18beceb33f0c3f5f8ab5da7182304418e057d64a8b76da01bc40435890fb6acc3510536dd110b2f83b33b04cd1ce4bb98361336a9df16cc0984fc8fda7515a0af74769478718f10a998c8dc3fba375ce1051543703dbb4825fd8c33efaa5f0ec937e1347281058d2b42683b25596e31ef6738e38551c4c87652708d0c56157a4ff399d7875ba9a97848eb23a2cc46e42faa3dad68e9b5d079925ed84cc5b1df2167e53cd4317aa88a83348d2526b0f8563d56f40e19786433c4442a5539f34a7041ff54e3f4f9e1499b3ce6930849d96dd078072ac742dba3e209503408ecd4bf2f65e1b08cd6b51e80108124bf6a0278fcbe879856bfc9bf905c843d8ef8f94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 1a9706fde692d88ca99b822d
-      Version: 3
-      TBS:
-        MD5: 0b13dccb2637dc9079aedef86a08fa6b
-        SHA1: f51d58aee7ca738a2dce7744b39859e2d2806a6f
-        SHA256: 635add73274894e1cf81a1c30297bf6af19846178e6b28220062f4c8a7acfd6f
-        SHA384: 5343b21290afd360e1b6faca3c81c467d1fa75c568ec737e9a205d8ec371141f29ca8ea44ed4be2d5848b061008ce525
-    Signer:
-    - SerialNumber: 1a9706fde692d88ca99b822d
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Extended Validation CodeSigning
-        CA , SHA256 , G3
-      Version: 1
-  Imphash: 5759d90322a7311eaccf4f0ab2c2a7c4
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 8950c65d305c42ada6cf31188f526674
-    SHA1: 1be4ba36ba9ce5b10d90137c08cc21f823379841
-    SHA256: d041654d8cbf189c29919733fd40184ceaf0050295fc7a7e6e3f4cda45b5e090
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2021-06-05 08:22:43'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: dbk64.sys
-  ImportedFunctions:
-  - BCryptVerifySignature
-  - BCryptCreateHash
-  - BCryptDestroyKey
-  - BCryptFinishHash
-  - BCryptDestroyHash
-  - BCryptImportKeyPair
-  - BCryptCloseAlgorithmProvider
-  - BCryptGetProperty
-  - BCryptHashData
-  - BCryptOpenAlgorithmProvider
-  - MmGetSystemRoutineAddress
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ObUnRegisterCallbacks
-  - ZwClose
-  - ZwOpenKey
-  - ZwQueryValueKey
-  - SeSinglePrivilegeCheck
-  - PsSetCreateProcessNotifyRoutineEx
-  - KeInitializeDpc
-  - KeInsertQueueDpc
-  - KeSetTargetProcessorDpc
-  - KeFlushQueuedDpcs
-  - KeRevertToUserAffinityThreadEx
-  - KeSetSystemAffinityThreadEx
-  - KeQueryActiveProcessors
-  - KeInitializeEvent
-  - KeSetEvent
-  - KeWaitForSingleObject
-  - PsGetCurrentProcessId
-  - PsGetCurrentThreadId
-  - KeDelayExecutionThread
-  - ExAcquireResourceExclusiveLite
-  - ExReleaseResourceLite
-  - MmProbeAndLockPages
-  - MmUnlockPages
-  - MmMapLockedPagesSpecifyCache
-  - MmUnmapLockedPages
-  - MmAllocatePagesForMdlEx
-  - PsWrapApcWow64Thread
-  - IoAllocateMdl
-  - IoFreeMdl
-  - IoGetCurrentProcess
-  - ObReferenceObjectByHandle
-  - ObfDereferenceObject
-  - ObRegisterCallbacks
-  - ZwOpenSection
-  - ZwMapViewOfSection
-  - ZwUnmapViewOfSection
-  - MmGetPhysicalMemoryRanges
-  - MmGetPhysicalAddress
-  - PsSetCreateThreadNotifyRoutine
-  - PsGetProcessId
-  - PsGetThreadProcessId
-  - KeAttachProcess
-  - KeDetachProcess
-  - ExInitializeResourceLite
-  - KeUnstackDetachProcess
-  - PsLookupProcessByProcessId
-  - ObOpenObjectByPointer
-  - ZwAllocateVirtualMemory
-  - KeInitializeApc
-  - KeInsertQueueApc
-  - ZwOpenThread
-  - ZwQueryInformationProcess
-  - PsProcessType
-  - PsThreadType
-  - DbgBreakPointWithStatus
-  - RtlGetVersion
-  - MmGetVirtualForPhysical
-  - PsLookupThreadByThreadId
-  - __C_specific_handler
-  - KeQueryActiveProcessorCount
-  - KeClearEvent
-  - ExAcquireResourceSharedLite
-  - RtlInitializeGenericTable
-  - RtlInsertElementGenericTable
-  - RtlDeleteElementGenericTable
-  - RtlLookupElementGenericTable
-  - RtlGetElementGenericTable
-  - KeReleaseSemaphore
-  - KeInitializeSemaphore
-  - KeWaitForMultipleObjects
-  - ExAcquireFastMutex
-  - ExReleaseFastMutex
-  - MmBuildMdlForNonPagedPool
-  - ZwCreateFile
-  - ZwWriteFile
-  - HalDispatchTable
-  - KeInitializeMutex
-  - KeReleaseMutex
-  - KeSetSystemAffinityThread
-  - KeQueryMaximumProcessorCount
-  - MmAllocateContiguousMemorySpecifyCache
-  - MmFreeContiguousMemory
-  - PsCreateSystemThread
-  - ZwDeleteFile
-  - ZwWaitForSingleObject
-  - swprintf_s
-  - MmMapIoSpace
-  - MmUnmapIoSpace
-  - KeAcquireSpinLockAtDpcLevel
-  - KeReleaseSpinLockFromDpcLevel
-  - MmAllocateContiguousMemory
-  - ZwQueryInformationFile
-  - ZwReadFile
-  - RtlAppendUnicodeToString
-  - DbgPrint
-  - RtlCompareMemory
-  - ZwQueryInformationThread
-  - RtlUnwind
-  - RtlAnsiCharToUnicodeChar
-  - KeBugCheckEx
-  - ExDeleteResourceLite
-  - RtlCopyUnicodeString
-  - ExFreePoolWithTag
-  - ExAllocatePool
-  - RtlInitUnicodeString
-  - KeStackAttachProcess
-  - WdfVersionBind
-  - WdfVersionBindClass
-  - WdfVersionUnbindClass
-  - WdfVersionUnbind
-  Imports:
-  - ksecdd.sys
-  - ntoskrnl.exe
-  - WDFLDR.SYS
-  InternalName: ''
-  MD5: 3a48f0e4297947663fbb11702aa1d728
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: b6b5fcf7ee2471eb24660244bd36b56f
-    SHA1: a5838587a29521825a9e276319a4e5326c6a3fb3
-    SHA256: a809e47480767f2c15045230f0fa0e0f669c2ca5a6c5951a781cc5d636b6eb3a
-  SHA1: a54ae1793e9d77e61416e0d9fb81269a4bc8f8a2
-  SHA256: 626fae47811450d080d08c3d9fd890aa64bfecdc45eacd42a40850c1833c8763
-  Sections:
-    .text:
-      Entropy: 5.682451889338359
-      Virtual Size: '0x132df'
-    .rdata:
-      Entropy: 4.517419685097444
-      Virtual Size: '0x131c'
-    .data:
-      Entropy: 3.255209832890341
-      Virtual Size: '0xacc4'
-    .pdata:
-      Entropy: 4.8820210675954305
-      Virtual Size: '0xa80'
-    INIT:
-      Entropy: 5.330738501788467
-      Virtual Size: '0x1040'
-    .reloc:
-      Entropy: 3.7749703233410856
-      Virtual Size: '0x38'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: OU=GlobalSign Root CA , R3, O=GlobalSign, CN=GlobalSign
-      ValidFrom: '2009-03-18 10:00:00'
-      ValidTo: '2029-03-18 10:00:00'
-      Signature: 4b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000121585308a2
-      Version: 3
-      TBS:
-        MD5: 3e12d32ec517f55b419739b79b663983
-        SHA1: 02dd1db230dce5d495a9264bb0946a4621eeba08
-        SHA256: 5229ba15b31b0c6f4cca89c2985177974327d1b689a3b935a0bd975532af22ab
-        SHA384: 65f867b5cddad176bed9ce2206693bf5daa9f55b0aa5572b153c1704f45296353a9616c3bb4b8668a38ee00fe0c0cf86
-    - Subject: OU=GlobalSign Root CA , R3, O=GlobalSign, CN=GlobalSign
-      ValidFrom: '2018-09-19 00:00:00'
-      ValidTo: '2028-01-28 12:00:00'
-      Signature: 2370e9cfe2bef559ae94426fc44333aacd3f3ab96417f262064b48f140880617a1feabd15f3cc633f2f38edd1f1d3ecc1a6099820bacc7fc7e9a872aa57d0fa657eeac3b6a85d6debd4063f8ada6c888b012fcf641df0f09971e38ea539fbe05f43eead39f501276be098bc20b487d1e2e51f68d53d3ab1f401b8a8eed7dfb4f7956705f0cd38e1bb3a7700d372b9795abdae0126b1c40cec5c77eedc26258ec77ed7322c28af5864388adea136efdd8fe422fb97d5ead18ef9490ca3d27ab26949975c7cbd37bf7ca4cd3af5121925b847d2b9f153f74cb51e89e830e166f1be746ce23bdf9e4a28bd2396baa791c912ce261242d8e2a487090c41ec5e8e070
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 01ee5f169dff97352b6465d66a
-      Version: 3
-      TBS:
-        MD5: 51c3959a45cecf3d21a3effb05762573
-        SHA1: ecfcd25fd0525448a74875ba271566bc0bfbf061
-        SHA256: de1da11668f0a8d5e13346ed3ab2755f5d25bebffcfd1d0bde5b9f87bc292c91
-        SHA384: f0eab75baf1f24a53d63bd795cd07292a312f603513c8cb0f40fe5acbdb477ed72607d309fad21471a16f6223fb3a838
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2011-04-15 19:55:08'
-      ValidTo: '2021-04-15 20:05:08'
-      Signature: 5ff8d065746a81c6a6ca5b03b6914ae84bbdef2ba142f0efb4a5adcd3389ec0b9585ac62501108aa58d25aa08310e5a6337af25af2c5fe787cf09c83df190ad97396002dd62ccde914d41d9de83f3c1a76f7904efb01350a6c9313a0c356eb67a0e4d17a96dec267f190f80a7bf5321b94ec5f751f8d1b34da6c58a7cb2d279e2226b7c9aa30cc0777b836e38201b5393ccc8dd9a75f7f23b3877fdb5798918bd7ce2520e39d644fdd87f72b68490318e0a5df7c5f68644d36838d4781f2e9e0a869abfa7b163c05a449ea8830190a6c73055178dfd41ddd3ad47f2de44e54be83431e7a7433b4a4ebd77073bc2a02988966eef6bc8f749378e329025a5a43e258ce7ccf9acad236893be25fda26054ec8d4e72c910e1797c5beee8b13112323294ffa83d050f6bafad53db3173df4ff034aa325dce67561d1fa35086bd62744d068b78d45e0eb852cc8a15d614474160e5958aed2b5eea5bcd6d7076ab62978fd976767dd8d4f17944fd2ed0caf972437c3a29c81da6be143b6577b4cecbf791319e79fe844e94781b75e701e91f83dd17b27f50b7056434805dda92fab86101d0b12e31ad04c6e75ded645b30b748887935c564a41029af7aeb799d8b67f88fa11f2457cf4d71b91c01cf1a0fbd4080a411a142acef4eb34486e66879ed54b7a397fbb0e3d3861cf735706e412066bd96b5308cd7018c22d4f974691bca9f0
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 6129152700000000002a
-      Version: 3
-      TBS:
-        MD5: 0bb058d116f02817737920f112d9fd3b
-        SHA1: fd116235171a4feafedee586b7a59185fb5fd7e6
-        SHA256: f970426cc46d2ae0fc5f899fa19dbe76e05f07e525654c60c3c9399492c291f4
-        SHA384: c0df876be008c26ca407fe904e6f5e7ccded17f9c16830ce9f8022309c9e64c97f494810f152811ae43e223b82ad7cc6
-    - Subject: OU=GlobalSign Root CA , R6, O=GlobalSign, CN=GlobalSign
-      ValidFrom: '2019-02-20 00:00:00'
-      ValidTo: '2029-03-18 10:00:00'
-      Signature: 49ac5ec583f35acb612a4d974a15299fe41490aa09f9c47a9f35188a0a33156d7287224e413f6d0a9e18aedbe25ffc95d12c98143b8ec1f0365979f38d81cf74f618a4e4e168cfef7f655942e9ca5539bcd3c526ee7138fad721030fb74ed95b606a43b47d09d06061ddaaed005e4e321ee0b26c9e3cb2c2bb98d390766a69ad1adca889da584fd2c28b324ace54fb38e93b070b750a11db0b7c2527f1ac26cf1153e6dcc6e2613532f4cedd83e3193aebc268a37200c8243c4eb8533cb117abe6352cf9d34229e65f6003ac4261a6b1576a3342df353186ca3e372bdac4da24f54e12f2b6b9b747eabb20ad6116b7a033e32d89a7bcb33c017f231a800934e9
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.12
-      IsCertificateAuthority: true
-      SerialNumber: 01f2404240cefd22dbe96c71fc
-      Version: 3
-      TBS:
-        MD5: 0457b0f3260d39d5ebb31b5a25a0f98a
-        SHA1: 30396862f517c4aa71795b25d71a772badc36860
-        SHA256: a4b297fecf824963d3877b2008a7b42dd7576a2039e2c64c54fe354f32f51f1c
-        SHA384: db09e847954618e46dc648065395c2cbfdf7f0aa6d002e59150c04bfafe3e87255522552a8cd445e5ab73abf920e83ec
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Code Signing Root R45
-      ValidFrom: '2020-07-28 00:00:00'
-      ValidTo: '2029-03-18 00:00:00'
-      Signature: acf7cc158b3079a81d0b28881909d71c7ffe86bd7b5a336e0d670e7b62d9e1185cb0bd135d1d23ae39507637aa44fd5f01235986564cccadbc64131430a420a8e03fe89c72dc7ef3d80c23baa82daa3cf6ec9f87310765f539a7518275e1f22f97f6d1e165968364fea11d51fbb5249bf5d27769bc852c5cfa5877d1aea7b10be2d677bba9b4344aa96f3df4f30d955de6f97a45b02517312edbf70f68e6831fa9f7e5d49d988cd3614b2fc3287e7ade930eb47da00a6d92c4b4663f7da758eeacf7ecc30801ab38fc0a1ca9c597b288c8090219f65c9a1af14d6c30d4b306ab0060480d78abcf17ad9293622077756cbdc832b4dc4debd9dfc1909629bdc17f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.12
-      IsCertificateAuthority: true
-      SerialNumber: 7803184245708a41cf6f01b8eeb4a954
-      Version: 3
-      TBS:
-        MD5: a33260428269bc902bc1cd280e4b1837
-        SHA1: 254209ca172cffcc67bd2a88996556d2f09538f0
-        SHA256: a67411358594f2cf016741a63fd49f36de917f86531b3e3a43eb6a421c654868
-        SHA384: fec727af43d1569995cea26e8eb97167165842a5b185304425a92c03b71254c5d51222837515f33e60cb8ed2e8c625ba
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Timestamping CA , SHA384 ,
-        G4
-      ValidFrom: '2018-06-20 00:00:00'
-      ValidTo: '2034-12-10 00:00:00'
-      Signature: 7fe288d957672b425f81a7090bbac4bb281856d64cbfdb1b0770c6fb0b09ad003a60331f39c6166b19404925081ee49bf7d6a40d8f1e96f286a217de41bf4fe1bcabcdeec0238cc685fe4b1524f91844ec1fc2a4acd0b2cfecc256651dbd7ff6de82c8b79f61d3b54648989702677a16954adb62c6d0b302cc34484555ddece94a9f5e14ed7210717670d20f96f3ea3757949118afdc8d99381958c2a9a17ea26e1526eab4f97f2ae7e74864692fd29aa172f6f7244b745a7d728635b302571f8b9cfcbbac4cdefade534c83fd12b1b649554f759dac6f4ac82e6ab9ca88c312304eb208739f5ea1d699cee97d4b962ccc166b18cde4593786092ce245d6b2cd6e8275a5da8d1eb75b2f882e3d7df1f29130059cce7b7ca0c5acaf5106f011c71d30c5515660e87c953d22e3d50a2453279780fa4889272c79e23ce59b1ee3aa8482893ec04af521fe6210ed1d30fcf6ccea48277c8b75427f6bcbf3a56b951f0458340a89ed8250e4d17ba8c9e6be48aa2b55d98db725200e1b51a0d463aa83ea6c72614ac9fa43c4c657c59db63cb08bb0b91c31efbdef14d814406c201dc22de80bc68d6d8cb671ed5221fe3ef69f9f391aaeacd22f7a20b1f4acaa1de22d149dfa966a1dc63ccaf3d91cbf534da447597c95c44341f925e22c107e81f90d94a77df2b509f5d8607240509520d44344befaa095e72059b678c6a46aaa229b
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.12
-      IsCertificateAuthority: true
-      SerialNumber: 01ec1c9240defd2e405d7c4774
-      Version: 3
-      TBS:
-        MD5: 4b80e148166f75934663aa914e0f1992
-        SHA1: dc2cbf1962ab679f4e3724e6c5953bb75f4cdb36
-        SHA256: 5eacff77bfe1704c571abfd361b1779bd77cebfead48e02afa3a3bd098f4f68c
-        SHA384: 93ba08f334b9e5f04cc1e2a33b4b7a22935a84e4e018bca1f1a96447b8e318e43eb2cc0a5d8f3abf478a74d182374133
-    - Subject: ??=Private Organization, serialNumber=50212036, ??=NL, C=NL, ST=Noord,Brabant,
-        L=Waalre, ??=Irenelaan 24, O=Cheat Engine, CN=Cheat Engine
-      ValidFrom: '2021-04-13 18:52:42'
-      ValidTo: '2022-07-04 16:21:19'
-      Signature: 1729eb40672fd6a5d0a6ed2179dff5b7b5f0bc383a3a0b467bb0bb3c4a3fb0e28b6af2fc96c9f10b3977bd96f864d57f37ff04da2b39471302ede8a088b6bd210e2e8406fdae4b1ed9229edf2f405a76445fa74d5dcd12dc1e06370a1f226c7a509676519d965b6d2456b87c7c504c7adb3837815309c83350a797af3b9c85bf7f15911770a86b49f3b5f5d599c035bf2ba6f314405c4060ab2974b50717df93f426829bcaeefce35128426c76d6de47795e03c8d050d17ca2dae96733184c8bbed9ad8a92fb63090e62a2bf7cbd958c17e375922309b1a2126fe74241b806ce0d173bb4cfa8fa065802b92f5ca3c485448c3f0f88bbeda4e89bdeda72c3c668a8e1e02c4ba5cf75f8bd78a22ca34da125472a696799dfa3a2c9fceaf39973116b320052b7ba8ca8f00fbf53a19a593627060a229d792419d33313711fc7b130f8591515ace1b93837af42b4291566ca67cbbf48b79ac64d7221de318c0e73776a73747b202ddaba8147845608e275235df242563cfa074f76bcfaf220672e6e8fda87b7d25d643d1806e996bd06f869ab9dc31d20d4d839350cd1b735180beb41fc325906ea0ce87dc04e9b92067d4c0490091beeb36c7313c9cf9995aac7a8ff1a1b52f0294eacb0439c74bf0eb4e5dbb5b106e81f77840633517a332f13e022cca1e18aeb51a3f10bd1a8f721431a8585a90c86ccdab494b44c209977c0d2
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 3038811fdd430a77db5b3cc2
-      Version: 3
-      TBS:
-        MD5: 896731b509196bf3f30582a3c5c04c38
-        SHA1: 5112cf67db96a72398bbefb4ec44086c27511fb7
-        SHA256: 6e5d7f487c8e653e4535aadadf54b903b7f75fea9930bfa2c6fabb28501c1996
-        SHA384: 47ab490bd13eb1b9f7517676965cd142946a325d17c4db3fd00c902850cc7489642f7ab650a4d1572d44e2cdd24dae75
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=Globalsign TSA for MS Authenticode Advanced
-        , G4
-      ValidFrom: '2021-05-27 10:00:16'
-      ValidTo: '2032-06-28 10:00:15'
-      Signature: 3893b77d358934ea1ad6aa7ace8d84dbe134b774a5ffd85d9436258fd2807ea165b19bcf35515ddba04b6ef721402eec4f6f1640721c751b300017398fc82fa471ce24332690d5e4ff39b961ef0bca39f32d5e8da0ff4ee156641fd49c7604a4445c3d6285702ff94ea4f78656db7a4926432d059be2c389b73aa12d272718c6438bdc43a1b6722d3fd9c6348a02d3623929f07d28d0a9c3648a466db3431c748bddb9a60b217b11a71f5da2db8ce055d369fa77d15d14b996ec91451b1b6c7e424024a4ed40c665fa418f48319ce3b8b317578279cacc1ec2d04f4f050e0d79d769dd95a1715d8a9ee75ac24fa8060f08897bdb58c8257dff68bc28a2709cbb0cb553e88e06b1b282818712a95e774c93ab18f844575811cbf693154931b7535021dad5fc607fdd30c5ac51440b67a5fad67734ad121f28fb88da519b449ade770eee321260560c919d588fbc9957f2becdb9c3732419da77a6e4ecf1de6fe0bc841d6fc3f1dbe1d5425186511242263ed3ea13f4289cad4d7ab7a2ba146a3f4055584e8c651cb3f675d67fae0f84802fbe88785c271f4717c23de4699ecbae9eef0268883710c26c268ac88c6590534dae5ddab84610d4900a8afff4284081e052c8f20164481884786a22faca9caa0e1dc58e72c3362219ebf8941fbfc2c50156e9a680ea011d133507e2b97414fd9a389e03d249f64ceba1bd1c14d2e399
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 0184d3a8ce3781eb57f4fd877b83aeb2
-      Version: 3
-      TBS:
-        MD5: 71fa2e9dc37bcda10b8ee18e8330f0d0
-        SHA1: d5f650f385330b7609759fbc058d610f52d4352e
-        SHA256: 0a4c62c6765d2ad7039277e3ff7d5637df89461cac60065965ab42b8bc491a7a
-        SHA384: a6d94156b0799c3fd25126b62a3d9db549729bd3c63ff262a0f2a7da7b57910fce0f054d0d09c5b8349619a1d5edf666
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign GCC R45 EV CodeSigning CA 2020
-      ValidFrom: '2020-07-28 00:00:00'
-      ValidTo: '2030-07-28 00:00:00'
-      Signature: 2575a009c939bab7a139892f189fabd6eb1d4be8947c0d07689b1c9def71b6176a6b024fb33f864587cc659b4ce35806022266d56102c5638fd4a2f1b65e250b7796e9cd7140338829eceef3a26dbc4db53e064bc97333ca08142d3d4ce8b0ba75a6742da4583a6c1349f8a5150a149685b16a68342542af9656f410fa247df12b72c116e16bebe6a998c73e5af4d0189dfd74978677462a3d237d28738aaeef2b1b9abf6c53a7149e3c8771c05e8ec8fbd32a9233ea574d5e075ecac118ac812d1a21fa6ecf97617bdf717a3aca63f7d530443732febb4385dcbafca6ca33192b776ddbcb05f07e5f752ea2b6bf35aa3663c9ce64d9bdfcbc2cf3495600c8122bc627bb37af57efc4cf1e29c4f4e22dce2a61cf57edf50a40e2f518d61ee9902fcad3875f938a481a111de537859f2e66629a5e814e95ac555743dc538b257e3c610f8a0bbaf53fa6d78ef704565e21bb9fd76a7180bf96de7203d8d8222bf327164f38e851400cae92efbe3d7df780c64c36578495a7841548300e5227088d8ea2bd22c719c9a6ca0ea87a36db6aba615f112495a4e28e68ee19a949995ed0b434bdd6f940c710973152393529118724d3c4fba963cb7748d5fa62fc24e0047a4ed0e46edece9e385026f4217165d70925d4c907007ab8c7f377e8c5d4e255d0d31ef67f52e2498db911720c88442633660144dfe4330e21de62894807daf5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 77bd0e05b7590bb61d4761531e3f75ed
-      Version: 3
-      TBS:
-        MD5: 65fd1dac1f115d9507f4e1840c8cb36a
-        SHA1: c7cf5607e19b22fe60c055e71d9b555d70f71f66
-        SHA256: d9c7db0b704f07089440c56e69a0f31d730edf77cfbf7514630e8b5390a270fe
-        SHA384: defe810317bd1215b4d1ee0ec8a5fb38b21d094ef1173cae670956cd899232638e4f9473fd947bd550a4a77300bbb2ab
-    Signer:
-    - SerialNumber: 3038811fdd430a77db5b3cc2
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign GCC R45 EV CodeSigning CA 2020
-      Version: 1
-  Imphash: 105b74485670215ab231a942c9101ccf
-  LoadsDespiteHVCI: 'TRUE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create dbk64.sys binPath=C:\windows\temp\dbk64.sys type=kernel
+        && sc.exe start dbk64.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://github.com/eclypsium/Screwed-Drivers/blob/master/DRIVERS.md
-Tags:
-- dbk64.sys
-Verified: 'TRUE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 50dadd183094b8711a4f00a198972e6b
+        SHA1: d7512b033d7332edd747631f9d1ccc9276dadbe4
+        SHA256: 71dc8d678e0749599d3db144c93741f64def1b8b0efb98bef963d2215ebb4992
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2018-06-10 02:06:16'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: dbk64.sys
+    ImportedFunctions:
+    - BCryptVerifySignature
+    - BCryptCreateHash
+    - BCryptDestroyKey
+    - BCryptFinishHash
+    - BCryptDestroyHash
+    - BCryptImportKeyPair
+    - BCryptCloseAlgorithmProvider
+    - BCryptGetProperty
+    - BCryptHashData
+    - BCryptOpenAlgorithmProvider
+    - ExDeleteResourceLite
+    - MmGetSystemRoutineAddress
+    - MmAllocateContiguousMemory
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - ObUnRegisterCallbacks
+    - ZwClose
+    - ZwOpenKey
+    - ZwQueryValueKey
+    - SeSinglePrivilegeCheck
+    - PsSetCreateProcessNotifyRoutineEx
+    - KeInitializeDpc
+    - KeInsertQueueDpc
+    - KeSetTargetProcessorDpc
+    - KeFlushQueuedDpcs
+    - KeRevertToUserAffinityThreadEx
+    - KeSetSystemAffinityThreadEx
+    - KeQueryActiveProcessors
+    - KeInitializeEvent
+    - KeSetEvent
+    - KeWaitForSingleObject
+    - PsGetCurrentProcessId
+    - PsGetCurrentThreadId
+    - KeDelayExecutionThread
+    - ExAcquireResourceExclusiveLite
+    - ExReleaseResourceLite
+    - MmProbeAndLockPages
+    - MmUnlockPages
+    - MmMapLockedPagesSpecifyCache
+    - MmUnmapLockedPages
+    - PsWrapApcWow64Thread
+    - IoAllocateMdl
+    - IoFreeMdl
+    - IoGetCurrentProcess
+    - ObReferenceObjectByHandle
+    - ObfDereferenceObject
+    - ObRegisterCallbacks
+    - ZwOpenSection
+    - ZwMapViewOfSection
+    - ZwUnmapViewOfSection
+    - MmGetPhysicalMemoryRanges
+    - MmGetPhysicalAddress
+    - PsSetCreateThreadNotifyRoutine
+    - PsGetProcessId
+    - PsGetThreadProcessId
+    - ExFreePoolWithTag
+    - KeDetachProcess
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - PsLookupProcessByProcessId
+    - ObOpenObjectByPointer
+    - ZwAllocateVirtualMemory
+    - KeInitializeApc
+    - KeInsertQueueApc
+    - ZwOpenThread
+    - ZwQueryInformationProcess
+    - PsProcessType
+    - PsThreadType
+    - DbgBreakPointWithStatus
+    - RtlGetVersion
+    - ExAllocatePoolWithTag
+    - MmGetVirtualForPhysical
+    - PsLookupThreadByThreadId
+    - __C_specific_handler
+    - KeQueryActiveProcessorCount
+    - KeClearEvent
+    - ExAcquireResourceSharedLite
+    - RtlInitializeGenericTable
+    - RtlInsertElementGenericTable
+    - RtlDeleteElementGenericTable
+    - RtlLookupElementGenericTable
+    - RtlGetElementGenericTable
+    - KeReleaseSemaphore
+    - KeInitializeSemaphore
+    - KeWaitForMultipleObjects
+    - ExAcquireFastMutex
+    - ExReleaseFastMutex
+    - MmBuildMdlForNonPagedPool
+    - ZwCreateFile
+    - ZwWriteFile
+    - HalDispatchTable
+    - KeInitializeMutex
+    - KeReleaseMutex
+    - KeSetSystemAffinityThread
+    - KeQueryMaximumProcessorCount
+    - MmAllocateContiguousMemorySpecifyCache
+    - MmFreeContiguousMemory
+    - PsCreateSystemThread
+    - ZwDeleteFile
+    - ZwWaitForSingleObject
+    - swprintf_s
+    - MmMapIoSpace
+    - MmUnmapIoSpace
+    - KeAcquireSpinLockAtDpcLevel
+    - KeReleaseSpinLockFromDpcLevel
+    - MmAllocatePagesForMdl
+    - ZwQueryInformationFile
+    - ZwReadFile
+    - RtlAppendUnicodeToString
+    - RtlUnwindEx
+    - RtlAnsiCharToUnicodeChar
+    - KeBugCheckEx
+    - ExInitializeResourceLite
+    - RtlCopyUnicodeString
+    - ExAllocatePool
+    - DbgPrint
+    - RtlInitUnicodeString
+    - KeAttachProcess
+    - WdfVersionBind
+    - WdfVersionBindClass
+    - WdfVersionUnbindClass
+    - WdfVersionUnbind
+    Imports:
+    - ksecdd.sys
+    - ntoskrnl.exe
+    - WDFLDR.SYS
+    InternalName: ''
+    MD5: 1c294146fc77565030603878fd0106f9
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 7864672ea516bc178f2a047d0b0109c2
+        SHA1: a8dbab49f8fee3b339338cacdfaa08a6f82bdb92
+        SHA256: d53d6e1aa8138283f9fcddf1761cba073eadc88596ef5dbdb3a6a46b22688586
+    SHA1: 6053d258096bccb07cb0057d700fe05233ab1fbb
+    SHA256: 18e1707b319c279c7e0204074088cc39286007a1cf6cb6e269d5067d8d0628c6
+    Sections:
+        .text:
+            Entropy: 5.973233907903084
+            Virtual Size: '0x18fff'
+        .rdata:
+            Entropy: 4.535692283846469
+            Virtual Size: '0x130c'
+        .data:
+            Entropy: 3.2469132584201263
+            Virtual Size: '0xaec4'
+        .pdata:
+            Entropy: 4.886736865266565
+            Virtual Size: '0xa74'
+        INIT:
+            Entropy: 5.326593764460783
+            Virtual Size: '0x1020'
+        .reloc:
+            Entropy: 3.7524415161285263
+            Virtual Size: '0x38'
+    Signature:
+    - Cheat Engine
+    - GlobalSign Extended Validation CodeSigning CA - SHA256 - G3
+    - GlobalSign
+    - GlobalSign Root CA - R1
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Timestamping CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2028-01-28 12:00:00'
+            Signature: 4e5e56901e46b4d94931f3bb1739281bc216ddfd41dc0905049b6fb2a29ad6992e40990055b5ea3fa52076d38634d417cc553ac782eeefa8babcd8069f1550dfcd167b523a02d7191afdaff0785ce04bc518df3a241edaacb8a95804020730dbb0125efe31bef00448f4f070f83a5e5683cf3dfb0dbcf4c5ed979db9d4dba52784e3389b8ba735864420a43b6da46a0ba183fd28ebdaef28f6cc885dfb0a3b00abe021ebe22f356c0f8e344597eba2f79933357ecb9a8abb454de73f9fc2d98afa65b26ec77e65ffe892e12c31a2f7b02736488f266f3bee4d761f79c3e57f9635bc2d0ecc01b08e7fff518080a792d4b34446648c874f166307314b63b0dff3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee152d7
+            Version: 3
+            TBS:
+                MD5: e140543fe3256027cfa79fc3c19c1776
+                SHA1: c655f94eb1ecc93de319fc0c9a2dc6c5ec063728
+                SHA256: 3ca71e85908ff67368e4dc00253f5691b9e6d50c966e7784143d75fb92aa3448
+                SHA384: d9d366f9328f2b55ee19a32cc5fd5148b81d764282fe5dc196c872ae249caa51d2c212ef39f33945dfe0cda81925e326
+        -   Subject: OU=GlobalSign Root CA , R3, O=GlobalSign, CN=GlobalSign
+            ValidFrom: '2009-11-18 10:00:00'
+            ValidTo: '2019-03-18 10:00:00'
+            Signature: 4252a97ea2cf5b3bcb4bddbaf85759d324a47772ef62443782ed06ee04d5165f24a314dc6c54056ab09b3dda8139daad28db956f8183f5cd62b14524b1dd29e5085495958cf01d065f1ad6463f1340174811169b474dd13ab50f571c9230d0f8b2253b0acdf687f9c7b257d33f7da58c14ce9ca8c79f4693da59fa795d652035445a4fc1909dc1549256dc34c8f5c103d05dc059489c00fc95a0f1d176f71636c813927f2d2bc0b880f126261f414d52bf1e97bb018208e715f6c1d5342accf5e4c3877a5781e1d6d74286620177e2a9c47a86f404387a076a7d00ec73f7a80b3478c59eb3efb838400e8c3353c875ec5f3eea755eff820e7415dc1905f3ba31
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000125071df9af
+            Version: 3
+            TBS:
+                MD5: f47739306d14722e670d9436eadb8e4f
+                SHA1: 457d9df00a652cb4c3356d00145d9528fc309172
+                SHA256: bd1765c56594221373893ef26d97f88c144fb0e5a0111215b45d7239c3444df7
+                SHA384: b8b268a1bdf388be66a1c969b7b353cb2bbc9fad446049b7efa05a9ab3b714494e97f4d1ee1c0bae35bfd9bf6ef275b3
+        -   Subject: C=SG, O=GMO GlobalSign Pte Ltd, CN=GlobalSign TSA for MS Authenticode
+                , G2
+            ValidFrom: '2016-05-24 00:00:00'
+            ValidTo: '2027-06-24 00:00:00'
+            Signature: 8fa91a916d04a637200e8396de23d36b6e1f6edd643d682122b5f84736698ee1a545c724a222b72909cc545aaec6bccd638eb33d5048e5b4ccaecd928d9e288b134a11aabda3efd3b236fcb4a172bf6d9763798c44bc702f7ef3bcdd8253ab1af6ebfa1c97bcb6379ca41c30bcabbc2d4736df922003e871c658f675059a34f00b595a824434aa80e42f84f6475d96c9b6caca9db7a6bae450d3d437b8ba200ed0d3922a5bc459bba16ddb3cce449dc1382aade38dbdcd09771a10be670a02366488b9b31b26eee79e60c446a8bc61336ccf4eb99cb96af09f37feb53d4f9ad34dffde208e4e97a6fd9f09bc4dca1876c9b04d8550f280d21d06f5580407b118
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1121d699a764973ef1f8427ee919cc534114
+            Version: 3
+            TBS:
+                MD5: acb5170547d76873f1e4ff18ed5de2eb
+                SHA1: bd6e261e75b807381bada7287de04d259258a5fa
+                SHA256: 4783380498acf592286ef2dea0fcc5bdea3f54d5e374d3e3497df9d5f662cfb6
+                SHA384: 4f428f115cf3d008248f15f32007fc7c54bd454e1b48b765776b4c87c23ab8818d8fbcbb3646d35eca012b025260a3b8
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Extended Validation CodeSigning
+                CA , SHA256 , G3
+            ValidFrom: '2016-06-15 00:00:00'
+            ValidTo: '2024-06-15 00:00:00'
+            Signature: 7609c4cc2fd9ef1e4ba9f857f3403921ca4c3c1d9e292b20d42b44d288ce1a0d05cf8381bbeb69bc318d2ac4c744cc6060941ccfa1e102240ead5bbe2cc2271e67b7e8281f3251e339f398dfb89f2e8b2ab47b0a03bcbd36048fc9d09c4fa3022799b0f045e934dfe43aa3b70637d86f2a7990d4d44e5871ec53a96198f73969e0129c575872862729a51de532f32b99975abf2bb03cb406ea0e64ecb7cd65802417c2d937f5b1261035477b9a02ba54a24593ff79bf1a8cc59fb59fdf78e76b50f14794694b24b8da05e80c9d4f06ec4a31207e4f5d86842f35a3cd9cc184571f1fadc0e2a4b1ef296b2197a6d4feed0337b0fcf58d2abcdc8483e3dec3e75f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 481b6a07a9424c1eaafef3cdf10f
+            Version: 3
+            TBS:
+                MD5: fd8cfeea06be14fa89689909e1fc72dc
+                SHA1: 8bc3cd2f70abe543e0dbe721065a4076c8521f36
+                SHA256: 15e7050789df807f3e3174294a01b637a1239f603e42f4b5db9398efa9da9996
+                SHA384: 8b9f95e6d3dd45e4ef38e2f12fb893d7d1bb1ba867e152e4a73c49b3d51dd52bc83a05982deac29af90436061248546d
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2011-04-15 19:55:08'
+            ValidTo: '2021-04-15 20:05:08'
+            Signature: 5ff8d065746a81c6a6ca5b03b6914ae84bbdef2ba142f0efb4a5adcd3389ec0b9585ac62501108aa58d25aa08310e5a6337af25af2c5fe787cf09c83df190ad97396002dd62ccde914d41d9de83f3c1a76f7904efb01350a6c9313a0c356eb67a0e4d17a96dec267f190f80a7bf5321b94ec5f751f8d1b34da6c58a7cb2d279e2226b7c9aa30cc0777b836e38201b5393ccc8dd9a75f7f23b3877fdb5798918bd7ce2520e39d644fdd87f72b68490318e0a5df7c5f68644d36838d4781f2e9e0a869abfa7b163c05a449ea8830190a6c73055178dfd41ddd3ad47f2de44e54be83431e7a7433b4a4ebd77073bc2a02988966eef6bc8f749378e329025a5a43e258ce7ccf9acad236893be25fda26054ec8d4e72c910e1797c5beee8b13112323294ffa83d050f6bafad53db3173df4ff034aa325dce67561d1fa35086bd62744d068b78d45e0eb852cc8a15d614474160e5958aed2b5eea5bcd6d7076ab62978fd976767dd8d4f17944fd2ed0caf972437c3a29c81da6be143b6577b4cecbf791319e79fe844e94781b75e701e91f83dd17b27f50b7056434805dda92fab86101d0b12e31ad04c6e75ded645b30b748887935c564a41029af7aeb799d8b67f88fa11f2457cf4d71b91c01cf1a0fbd4080a411a142acef4eb34486e66879ed54b7a397fbb0e3d3861cf735706e412066bd96b5308cd7018c22d4f974691bca9f0
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 6129152700000000002a
+            Version: 3
+            TBS:
+                MD5: 0bb058d116f02817737920f112d9fd3b
+                SHA1: fd116235171a4feafedee586b7a59185fb5fd7e6
+                SHA256: f970426cc46d2ae0fc5f899fa19dbe76e05f07e525654c60c3c9399492c291f4
+                SHA384: c0df876be008c26ca407fe904e6f5e7ccded17f9c16830ce9f8022309c9e64c97f494810f152811ae43e223b82ad7cc6
+        -   Subject: ??=Private Organization, serialNumber=50212036, ??=NL, C=NL,
+                ST=Noord,Brabant, L=Eindhoven, ??=Frankendaal 32, O=Cheat Engine,
+                CN=Cheat Engine
+            ValidFrom: '2018-01-26 17:35:01'
+            ValidTo: '2019-05-04 16:21:19'
+            Signature: 18beceb33f0c3f5f8ab5da7182304418e057d64a8b76da01bc40435890fb6acc3510536dd110b2f83b33b04cd1ce4bb98361336a9df16cc0984fc8fda7515a0af74769478718f10a998c8dc3fba375ce1051543703dbb4825fd8c33efaa5f0ec937e1347281058d2b42683b25596e31ef6738e38551c4c87652708d0c56157a4ff399d7875ba9a97848eb23a2cc46e42faa3dad68e9b5d079925ed84cc5b1df2167e53cd4317aa88a83348d2526b0f8563d56f40e19786433c4442a5539f34a7041ff54e3f4f9e1499b3ce6930849d96dd078072ac742dba3e209503408ecd4bf2f65e1b08cd6b51e80108124bf6a0278fcbe879856bfc9bf905c843d8ef8f94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 1a9706fde692d88ca99b822d
+            Version: 3
+            TBS:
+                MD5: 0b13dccb2637dc9079aedef86a08fa6b
+                SHA1: f51d58aee7ca738a2dce7744b39859e2d2806a6f
+                SHA256: 635add73274894e1cf81a1c30297bf6af19846178e6b28220062f4c8a7acfd6f
+                SHA384: 5343b21290afd360e1b6faca3c81c467d1fa75c568ec737e9a205d8ec371141f29ca8ea44ed4be2d5848b061008ce525
+        Signer:
+        -   SerialNumber: 1a9706fde692d88ca99b822d
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Extended Validation CodeSigning
+                CA , SHA256 , G3
+            Version: 1
+    Imphash: 5759d90322a7311eaccf4f0ab2c2a7c4
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 8950c65d305c42ada6cf31188f526674
+        SHA1: 1be4ba36ba9ce5b10d90137c08cc21f823379841
+        SHA256: d041654d8cbf189c29919733fd40184ceaf0050295fc7a7e6e3f4cda45b5e090
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2021-06-05 08:22:43'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: dbk64.sys
+    ImportedFunctions:
+    - BCryptVerifySignature
+    - BCryptCreateHash
+    - BCryptDestroyKey
+    - BCryptFinishHash
+    - BCryptDestroyHash
+    - BCryptImportKeyPair
+    - BCryptCloseAlgorithmProvider
+    - BCryptGetProperty
+    - BCryptHashData
+    - BCryptOpenAlgorithmProvider
+    - MmGetSystemRoutineAddress
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - ObUnRegisterCallbacks
+    - ZwClose
+    - ZwOpenKey
+    - ZwQueryValueKey
+    - SeSinglePrivilegeCheck
+    - PsSetCreateProcessNotifyRoutineEx
+    - KeInitializeDpc
+    - KeInsertQueueDpc
+    - KeSetTargetProcessorDpc
+    - KeFlushQueuedDpcs
+    - KeRevertToUserAffinityThreadEx
+    - KeSetSystemAffinityThreadEx
+    - KeQueryActiveProcessors
+    - KeInitializeEvent
+    - KeSetEvent
+    - KeWaitForSingleObject
+    - PsGetCurrentProcessId
+    - PsGetCurrentThreadId
+    - KeDelayExecutionThread
+    - ExAcquireResourceExclusiveLite
+    - ExReleaseResourceLite
+    - MmProbeAndLockPages
+    - MmUnlockPages
+    - MmMapLockedPagesSpecifyCache
+    - MmUnmapLockedPages
+    - MmAllocatePagesForMdlEx
+    - PsWrapApcWow64Thread
+    - IoAllocateMdl
+    - IoFreeMdl
+    - IoGetCurrentProcess
+    - ObReferenceObjectByHandle
+    - ObfDereferenceObject
+    - ObRegisterCallbacks
+    - ZwOpenSection
+    - ZwMapViewOfSection
+    - ZwUnmapViewOfSection
+    - MmGetPhysicalMemoryRanges
+    - MmGetPhysicalAddress
+    - PsSetCreateThreadNotifyRoutine
+    - PsGetProcessId
+    - PsGetThreadProcessId
+    - KeAttachProcess
+    - KeDetachProcess
+    - ExInitializeResourceLite
+    - KeUnstackDetachProcess
+    - PsLookupProcessByProcessId
+    - ObOpenObjectByPointer
+    - ZwAllocateVirtualMemory
+    - KeInitializeApc
+    - KeInsertQueueApc
+    - ZwOpenThread
+    - ZwQueryInformationProcess
+    - PsProcessType
+    - PsThreadType
+    - DbgBreakPointWithStatus
+    - RtlGetVersion
+    - MmGetVirtualForPhysical
+    - PsLookupThreadByThreadId
+    - __C_specific_handler
+    - KeQueryActiveProcessorCount
+    - KeClearEvent
+    - ExAcquireResourceSharedLite
+    - RtlInitializeGenericTable
+    - RtlInsertElementGenericTable
+    - RtlDeleteElementGenericTable
+    - RtlLookupElementGenericTable
+    - RtlGetElementGenericTable
+    - KeReleaseSemaphore
+    - KeInitializeSemaphore
+    - KeWaitForMultipleObjects
+    - ExAcquireFastMutex
+    - ExReleaseFastMutex
+    - MmBuildMdlForNonPagedPool
+    - ZwCreateFile
+    - ZwWriteFile
+    - HalDispatchTable
+    - KeInitializeMutex
+    - KeReleaseMutex
+    - KeSetSystemAffinityThread
+    - KeQueryMaximumProcessorCount
+    - MmAllocateContiguousMemorySpecifyCache
+    - MmFreeContiguousMemory
+    - PsCreateSystemThread
+    - ZwDeleteFile
+    - ZwWaitForSingleObject
+    - swprintf_s
+    - MmMapIoSpace
+    - MmUnmapIoSpace
+    - KeAcquireSpinLockAtDpcLevel
+    - KeReleaseSpinLockFromDpcLevel
+    - MmAllocateContiguousMemory
+    - ZwQueryInformationFile
+    - ZwReadFile
+    - RtlAppendUnicodeToString
+    - DbgPrint
+    - RtlCompareMemory
+    - ZwQueryInformationThread
+    - RtlUnwind
+    - RtlAnsiCharToUnicodeChar
+    - KeBugCheckEx
+    - ExDeleteResourceLite
+    - RtlCopyUnicodeString
+    - ExFreePoolWithTag
+    - ExAllocatePool
+    - RtlInitUnicodeString
+    - KeStackAttachProcess
+    - WdfVersionBind
+    - WdfVersionBindClass
+    - WdfVersionUnbindClass
+    - WdfVersionUnbind
+    Imports:
+    - ksecdd.sys
+    - ntoskrnl.exe
+    - WDFLDR.SYS
+    InternalName: ''
+    MD5: 3a48f0e4297947663fbb11702aa1d728
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: b6b5fcf7ee2471eb24660244bd36b56f
+        SHA1: a5838587a29521825a9e276319a4e5326c6a3fb3
+        SHA256: a809e47480767f2c15045230f0fa0e0f669c2ca5a6c5951a781cc5d636b6eb3a
+    SHA1: a54ae1793e9d77e61416e0d9fb81269a4bc8f8a2
+    SHA256: 626fae47811450d080d08c3d9fd890aa64bfecdc45eacd42a40850c1833c8763
+    Sections:
+        .text:
+            Entropy: 5.682451889338359
+            Virtual Size: '0x132df'
+        .rdata:
+            Entropy: 4.517419685097444
+            Virtual Size: '0x131c'
+        .data:
+            Entropy: 3.255209832890341
+            Virtual Size: '0xacc4'
+        .pdata:
+            Entropy: 4.8820210675954305
+            Virtual Size: '0xa80'
+        INIT:
+            Entropy: 5.330738501788467
+            Virtual Size: '0x1040'
+        .reloc:
+            Entropy: 3.7749703233410856
+            Virtual Size: '0x38'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: OU=GlobalSign Root CA , R3, O=GlobalSign, CN=GlobalSign
+            ValidFrom: '2009-03-18 10:00:00'
+            ValidTo: '2029-03-18 10:00:00'
+            Signature: 4b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000121585308a2
+            Version: 3
+            TBS:
+                MD5: 3e12d32ec517f55b419739b79b663983
+                SHA1: 02dd1db230dce5d495a9264bb0946a4621eeba08
+                SHA256: 5229ba15b31b0c6f4cca89c2985177974327d1b689a3b935a0bd975532af22ab
+                SHA384: 65f867b5cddad176bed9ce2206693bf5daa9f55b0aa5572b153c1704f45296353a9616c3bb4b8668a38ee00fe0c0cf86
+        -   Subject: OU=GlobalSign Root CA , R3, O=GlobalSign, CN=GlobalSign
+            ValidFrom: '2018-09-19 00:00:00'
+            ValidTo: '2028-01-28 12:00:00'
+            Signature: 2370e9cfe2bef559ae94426fc44333aacd3f3ab96417f262064b48f140880617a1feabd15f3cc633f2f38edd1f1d3ecc1a6099820bacc7fc7e9a872aa57d0fa657eeac3b6a85d6debd4063f8ada6c888b012fcf641df0f09971e38ea539fbe05f43eead39f501276be098bc20b487d1e2e51f68d53d3ab1f401b8a8eed7dfb4f7956705f0cd38e1bb3a7700d372b9795abdae0126b1c40cec5c77eedc26258ec77ed7322c28af5864388adea136efdd8fe422fb97d5ead18ef9490ca3d27ab26949975c7cbd37bf7ca4cd3af5121925b847d2b9f153f74cb51e89e830e166f1be746ce23bdf9e4a28bd2396baa791c912ce261242d8e2a487090c41ec5e8e070
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 01ee5f169dff97352b6465d66a
+            Version: 3
+            TBS:
+                MD5: 51c3959a45cecf3d21a3effb05762573
+                SHA1: ecfcd25fd0525448a74875ba271566bc0bfbf061
+                SHA256: de1da11668f0a8d5e13346ed3ab2755f5d25bebffcfd1d0bde5b9f87bc292c91
+                SHA384: f0eab75baf1f24a53d63bd795cd07292a312f603513c8cb0f40fe5acbdb477ed72607d309fad21471a16f6223fb3a838
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2011-04-15 19:55:08'
+            ValidTo: '2021-04-15 20:05:08'
+            Signature: 5ff8d065746a81c6a6ca5b03b6914ae84bbdef2ba142f0efb4a5adcd3389ec0b9585ac62501108aa58d25aa08310e5a6337af25af2c5fe787cf09c83df190ad97396002dd62ccde914d41d9de83f3c1a76f7904efb01350a6c9313a0c356eb67a0e4d17a96dec267f190f80a7bf5321b94ec5f751f8d1b34da6c58a7cb2d279e2226b7c9aa30cc0777b836e38201b5393ccc8dd9a75f7f23b3877fdb5798918bd7ce2520e39d644fdd87f72b68490318e0a5df7c5f68644d36838d4781f2e9e0a869abfa7b163c05a449ea8830190a6c73055178dfd41ddd3ad47f2de44e54be83431e7a7433b4a4ebd77073bc2a02988966eef6bc8f749378e329025a5a43e258ce7ccf9acad236893be25fda26054ec8d4e72c910e1797c5beee8b13112323294ffa83d050f6bafad53db3173df4ff034aa325dce67561d1fa35086bd62744d068b78d45e0eb852cc8a15d614474160e5958aed2b5eea5bcd6d7076ab62978fd976767dd8d4f17944fd2ed0caf972437c3a29c81da6be143b6577b4cecbf791319e79fe844e94781b75e701e91f83dd17b27f50b7056434805dda92fab86101d0b12e31ad04c6e75ded645b30b748887935c564a41029af7aeb799d8b67f88fa11f2457cf4d71b91c01cf1a0fbd4080a411a142acef4eb34486e66879ed54b7a397fbb0e3d3861cf735706e412066bd96b5308cd7018c22d4f974691bca9f0
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 6129152700000000002a
+            Version: 3
+            TBS:
+                MD5: 0bb058d116f02817737920f112d9fd3b
+                SHA1: fd116235171a4feafedee586b7a59185fb5fd7e6
+                SHA256: f970426cc46d2ae0fc5f899fa19dbe76e05f07e525654c60c3c9399492c291f4
+                SHA384: c0df876be008c26ca407fe904e6f5e7ccded17f9c16830ce9f8022309c9e64c97f494810f152811ae43e223b82ad7cc6
+        -   Subject: OU=GlobalSign Root CA , R6, O=GlobalSign, CN=GlobalSign
+            ValidFrom: '2019-02-20 00:00:00'
+            ValidTo: '2029-03-18 10:00:00'
+            Signature: 49ac5ec583f35acb612a4d974a15299fe41490aa09f9c47a9f35188a0a33156d7287224e413f6d0a9e18aedbe25ffc95d12c98143b8ec1f0365979f38d81cf74f618a4e4e168cfef7f655942e9ca5539bcd3c526ee7138fad721030fb74ed95b606a43b47d09d06061ddaaed005e4e321ee0b26c9e3cb2c2bb98d390766a69ad1adca889da584fd2c28b324ace54fb38e93b070b750a11db0b7c2527f1ac26cf1153e6dcc6e2613532f4cedd83e3193aebc268a37200c8243c4eb8533cb117abe6352cf9d34229e65f6003ac4261a6b1576a3342df353186ca3e372bdac4da24f54e12f2b6b9b747eabb20ad6116b7a033e32d89a7bcb33c017f231a800934e9
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.12
+            IsCertificateAuthority: true
+            SerialNumber: 01f2404240cefd22dbe96c71fc
+            Version: 3
+            TBS:
+                MD5: 0457b0f3260d39d5ebb31b5a25a0f98a
+                SHA1: 30396862f517c4aa71795b25d71a772badc36860
+                SHA256: a4b297fecf824963d3877b2008a7b42dd7576a2039e2c64c54fe354f32f51f1c
+                SHA384: db09e847954618e46dc648065395c2cbfdf7f0aa6d002e59150c04bfafe3e87255522552a8cd445e5ab73abf920e83ec
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Code Signing Root R45
+            ValidFrom: '2020-07-28 00:00:00'
+            ValidTo: '2029-03-18 00:00:00'
+            Signature: acf7cc158b3079a81d0b28881909d71c7ffe86bd7b5a336e0d670e7b62d9e1185cb0bd135d1d23ae39507637aa44fd5f01235986564cccadbc64131430a420a8e03fe89c72dc7ef3d80c23baa82daa3cf6ec9f87310765f539a7518275e1f22f97f6d1e165968364fea11d51fbb5249bf5d27769bc852c5cfa5877d1aea7b10be2d677bba9b4344aa96f3df4f30d955de6f97a45b02517312edbf70f68e6831fa9f7e5d49d988cd3614b2fc3287e7ade930eb47da00a6d92c4b4663f7da758eeacf7ecc30801ab38fc0a1ca9c597b288c8090219f65c9a1af14d6c30d4b306ab0060480d78abcf17ad9293622077756cbdc832b4dc4debd9dfc1909629bdc17f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.12
+            IsCertificateAuthority: true
+            SerialNumber: 7803184245708a41cf6f01b8eeb4a954
+            Version: 3
+            TBS:
+                MD5: a33260428269bc902bc1cd280e4b1837
+                SHA1: 254209ca172cffcc67bd2a88996556d2f09538f0
+                SHA256: a67411358594f2cf016741a63fd49f36de917f86531b3e3a43eb6a421c654868
+                SHA384: fec727af43d1569995cea26e8eb97167165842a5b185304425a92c03b71254c5d51222837515f33e60cb8ed2e8c625ba
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Timestamping CA , SHA384
+                , G4
+            ValidFrom: '2018-06-20 00:00:00'
+            ValidTo: '2034-12-10 00:00:00'
+            Signature: 7fe288d957672b425f81a7090bbac4bb281856d64cbfdb1b0770c6fb0b09ad003a60331f39c6166b19404925081ee49bf7d6a40d8f1e96f286a217de41bf4fe1bcabcdeec0238cc685fe4b1524f91844ec1fc2a4acd0b2cfecc256651dbd7ff6de82c8b79f61d3b54648989702677a16954adb62c6d0b302cc34484555ddece94a9f5e14ed7210717670d20f96f3ea3757949118afdc8d99381958c2a9a17ea26e1526eab4f97f2ae7e74864692fd29aa172f6f7244b745a7d728635b302571f8b9cfcbbac4cdefade534c83fd12b1b649554f759dac6f4ac82e6ab9ca88c312304eb208739f5ea1d699cee97d4b962ccc166b18cde4593786092ce245d6b2cd6e8275a5da8d1eb75b2f882e3d7df1f29130059cce7b7ca0c5acaf5106f011c71d30c5515660e87c953d22e3d50a2453279780fa4889272c79e23ce59b1ee3aa8482893ec04af521fe6210ed1d30fcf6ccea48277c8b75427f6bcbf3a56b951f0458340a89ed8250e4d17ba8c9e6be48aa2b55d98db725200e1b51a0d463aa83ea6c72614ac9fa43c4c657c59db63cb08bb0b91c31efbdef14d814406c201dc22de80bc68d6d8cb671ed5221fe3ef69f9f391aaeacd22f7a20b1f4acaa1de22d149dfa966a1dc63ccaf3d91cbf534da447597c95c44341f925e22c107e81f90d94a77df2b509f5d8607240509520d44344befaa095e72059b678c6a46aaa229b
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.12
+            IsCertificateAuthority: true
+            SerialNumber: 01ec1c9240defd2e405d7c4774
+            Version: 3
+            TBS:
+                MD5: 4b80e148166f75934663aa914e0f1992
+                SHA1: dc2cbf1962ab679f4e3724e6c5953bb75f4cdb36
+                SHA256: 5eacff77bfe1704c571abfd361b1779bd77cebfead48e02afa3a3bd098f4f68c
+                SHA384: 93ba08f334b9e5f04cc1e2a33b4b7a22935a84e4e018bca1f1a96447b8e318e43eb2cc0a5d8f3abf478a74d182374133
+        -   Subject: ??=Private Organization, serialNumber=50212036, ??=NL, C=NL,
+                ST=Noord,Brabant, L=Waalre, ??=Irenelaan 24, O=Cheat Engine, CN=Cheat
+                Engine
+            ValidFrom: '2021-04-13 18:52:42'
+            ValidTo: '2022-07-04 16:21:19'
+            Signature: 1729eb40672fd6a5d0a6ed2179dff5b7b5f0bc383a3a0b467bb0bb3c4a3fb0e28b6af2fc96c9f10b3977bd96f864d57f37ff04da2b39471302ede8a088b6bd210e2e8406fdae4b1ed9229edf2f405a76445fa74d5dcd12dc1e06370a1f226c7a509676519d965b6d2456b87c7c504c7adb3837815309c83350a797af3b9c85bf7f15911770a86b49f3b5f5d599c035bf2ba6f314405c4060ab2974b50717df93f426829bcaeefce35128426c76d6de47795e03c8d050d17ca2dae96733184c8bbed9ad8a92fb63090e62a2bf7cbd958c17e375922309b1a2126fe74241b806ce0d173bb4cfa8fa065802b92f5ca3c485448c3f0f88bbeda4e89bdeda72c3c668a8e1e02c4ba5cf75f8bd78a22ca34da125472a696799dfa3a2c9fceaf39973116b320052b7ba8ca8f00fbf53a19a593627060a229d792419d33313711fc7b130f8591515ace1b93837af42b4291566ca67cbbf48b79ac64d7221de318c0e73776a73747b202ddaba8147845608e275235df242563cfa074f76bcfaf220672e6e8fda87b7d25d643d1806e996bd06f869ab9dc31d20d4d839350cd1b735180beb41fc325906ea0ce87dc04e9b92067d4c0490091beeb36c7313c9cf9995aac7a8ff1a1b52f0294eacb0439c74bf0eb4e5dbb5b106e81f77840633517a332f13e022cca1e18aeb51a3f10bd1a8f721431a8585a90c86ccdab494b44c209977c0d2
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 3038811fdd430a77db5b3cc2
+            Version: 3
+            TBS:
+                MD5: 896731b509196bf3f30582a3c5c04c38
+                SHA1: 5112cf67db96a72398bbefb4ec44086c27511fb7
+                SHA256: 6e5d7f487c8e653e4535aadadf54b903b7f75fea9930bfa2c6fabb28501c1996
+                SHA384: 47ab490bd13eb1b9f7517676965cd142946a325d17c4db3fd00c902850cc7489642f7ab650a4d1572d44e2cdd24dae75
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=Globalsign TSA for MS Authenticode
+                Advanced , G4
+            ValidFrom: '2021-05-27 10:00:16'
+            ValidTo: '2032-06-28 10:00:15'
+            Signature: 3893b77d358934ea1ad6aa7ace8d84dbe134b774a5ffd85d9436258fd2807ea165b19bcf35515ddba04b6ef721402eec4f6f1640721c751b300017398fc82fa471ce24332690d5e4ff39b961ef0bca39f32d5e8da0ff4ee156641fd49c7604a4445c3d6285702ff94ea4f78656db7a4926432d059be2c389b73aa12d272718c6438bdc43a1b6722d3fd9c6348a02d3623929f07d28d0a9c3648a466db3431c748bddb9a60b217b11a71f5da2db8ce055d369fa77d15d14b996ec91451b1b6c7e424024a4ed40c665fa418f48319ce3b8b317578279cacc1ec2d04f4f050e0d79d769dd95a1715d8a9ee75ac24fa8060f08897bdb58c8257dff68bc28a2709cbb0cb553e88e06b1b282818712a95e774c93ab18f844575811cbf693154931b7535021dad5fc607fdd30c5ac51440b67a5fad67734ad121f28fb88da519b449ade770eee321260560c919d588fbc9957f2becdb9c3732419da77a6e4ecf1de6fe0bc841d6fc3f1dbe1d5425186511242263ed3ea13f4289cad4d7ab7a2ba146a3f4055584e8c651cb3f675d67fae0f84802fbe88785c271f4717c23de4699ecbae9eef0268883710c26c268ac88c6590534dae5ddab84610d4900a8afff4284081e052c8f20164481884786a22faca9caa0e1dc58e72c3362219ebf8941fbfc2c50156e9a680ea011d133507e2b97414fd9a389e03d249f64ceba1bd1c14d2e399
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 0184d3a8ce3781eb57f4fd877b83aeb2
+            Version: 3
+            TBS:
+                MD5: 71fa2e9dc37bcda10b8ee18e8330f0d0
+                SHA1: d5f650f385330b7609759fbc058d610f52d4352e
+                SHA256: 0a4c62c6765d2ad7039277e3ff7d5637df89461cac60065965ab42b8bc491a7a
+                SHA384: a6d94156b0799c3fd25126b62a3d9db549729bd3c63ff262a0f2a7da7b57910fce0f054d0d09c5b8349619a1d5edf666
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign GCC R45 EV CodeSigning
+                CA 2020
+            ValidFrom: '2020-07-28 00:00:00'
+            ValidTo: '2030-07-28 00:00:00'
+            Signature: 2575a009c939bab7a139892f189fabd6eb1d4be8947c0d07689b1c9def71b6176a6b024fb33f864587cc659b4ce35806022266d56102c5638fd4a2f1b65e250b7796e9cd7140338829eceef3a26dbc4db53e064bc97333ca08142d3d4ce8b0ba75a6742da4583a6c1349f8a5150a149685b16a68342542af9656f410fa247df12b72c116e16bebe6a998c73e5af4d0189dfd74978677462a3d237d28738aaeef2b1b9abf6c53a7149e3c8771c05e8ec8fbd32a9233ea574d5e075ecac118ac812d1a21fa6ecf97617bdf717a3aca63f7d530443732febb4385dcbafca6ca33192b776ddbcb05f07e5f752ea2b6bf35aa3663c9ce64d9bdfcbc2cf3495600c8122bc627bb37af57efc4cf1e29c4f4e22dce2a61cf57edf50a40e2f518d61ee9902fcad3875f938a481a111de537859f2e66629a5e814e95ac555743dc538b257e3c610f8a0bbaf53fa6d78ef704565e21bb9fd76a7180bf96de7203d8d8222bf327164f38e851400cae92efbe3d7df780c64c36578495a7841548300e5227088d8ea2bd22c719c9a6ca0ea87a36db6aba615f112495a4e28e68ee19a949995ed0b434bdd6f940c710973152393529118724d3c4fba963cb7748d5fa62fc24e0047a4ed0e46edece9e385026f4217165d70925d4c907007ab8c7f377e8c5d4e255d0d31ef67f52e2498db911720c88442633660144dfe4330e21de62894807daf5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 77bd0e05b7590bb61d4761531e3f75ed
+            Version: 3
+            TBS:
+                MD5: 65fd1dac1f115d9507f4e1840c8cb36a
+                SHA1: c7cf5607e19b22fe60c055e71d9b555d70f71f66
+                SHA256: d9c7db0b704f07089440c56e69a0f31d730edf77cfbf7514630e8b5390a270fe
+                SHA384: defe810317bd1215b4d1ee0ec8a5fb38b21d094ef1173cae670956cd899232638e4f9473fd947bd550a4a77300bbb2ab
+        Signer:
+        -   SerialNumber: 3038811fdd430a77db5b3cc2
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign GCC R45 EV CodeSigning
+                CA 2020
+            Version: 1
+    Imphash: 105b74485670215ab231a942c9101ccf
+    LoadsDespiteHVCI: 'TRUE'
diff --git a/yaml/16d8962b-cf96-432f-8a43-d41f06828f56.yaml b/yaml/16d8962b-cf96-432f-8a43-d41f06828f56.yaml
index a64376cfa..64869ae57 100644
--- a/yaml/16d8962b-cf96-432f-8a43-d41f06828f56.yaml
+++ b/yaml/16d8962b-cf96-432f-8a43-d41f06828f56.yaml
@@ -1,7201 +1,7246 @@
 Id: 16d8962b-cf96-432f-8a43-d41f06828f56
+Tags:
+- cpuz.sys
+Verified: 'TRUE'
 Author: Nasreddine Bencherchali
 Created: '2023-05-06'
 MitreID: T1068
 Category: vulnerable driver
-Verified: 'TRUE'
 Commands:
-  Command: sc.exe create cpuz.sys binPath=C:\windows\temp\cpuz.sys type=kernel &&
-    sc.exe start cpuz.sys
-  Description: ''
-  Usecase: Elevate privileges
-  Privileges: kernel
-  OperatingSystem: Windows 10
+    Command: sc.exe create cpuz.sys binPath=C:\windows\temp\cpuz.sys type=kernel &&
+        sc.exe start cpuz.sys
+    Description: ''
+    Usecase: Elevate privileges
+    Privileges: kernel
+    OperatingSystem: Windows 10
 Resources:
 - Internal Research
-Acknowledgement:
-  Person: ''
-  Handle: ''
 Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Person: ''
+    Handle: ''
 KnownVulnerableSamples:
-- Filename: cpuz.sys
-  MD5: a89ca92145fc330adced0dd005421183
-  SHA1: e33eac9d3b9b5c0db3db096332f059bf315a2343
-  SHA256: 0d3790af5f8e5c945410929e31d06144a471ac82f828afe89a4758a5bbeb7f9f
-  Authentihash:
-    MD5: d9d45430dc3fb1c7154c109f9d85d70e
-    SHA1: 4f52e85725556496f9102bba0fdf9d13f721c675
-    SHA256: 90f5962e6b2342eae05dc8f4c34d5291742537248587ccf6ac298691806a4517
-  Description: CPUID Driver
-  Company: CPUID
-  InternalName: cpuz.sys
-  OriginalFilename: cpuz.sys
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Product: CPUID service
-  ProductVersion: 6.1.7600.16385
-  Copyright: Copyright(C) 2010 CPUID
-  MachineType: I386
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IofCompleteRequest
-  - ExFreePool
-  - ExAllocatePoolWithTag
-  - RtlFreeUnicodeString
-  - ObfDereferenceObject
-  - MmIsAddressValid
-  - IoGetDeviceObjectPointer
-  - RtlAnsiStringToUnicodeString
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - DbgPrint
-  - RtlUnwind
-  - KeTickCount
-  - KeBugCheckEx
-  - RtlInitUnicodeString
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - PsGetVersion
-  - KeInitializeEvent
-  - IoBuildDeviceIoControlRequest
-  - IofCallDriver
-  - KeWaitForSingleObject
-  - RtlInitAnsiString
-  - IoCancelIrp
-  - READ_PORT_USHORT
-  - READ_PORT_ULONG
-  - WRITE_PORT_UCHAR
-  - WRITE_PORT_USHORT
-  - WRITE_PORT_ULONG
-  - HalGetBusDataByOffset
-  - HalSetBusDataByOffset
-  - KeStallExecutionProcessor
-  - READ_PORT_UCHAR
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G3
-      ValidFrom: '2012-05-01 00:00:00'
-      ValidTo: '2012-12-31 23:59:59'
-      Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
-      Version: 3
-      TBS:
-        MD5: e6d820afb23af20a65cf0b03247ea05e
-        SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
-        SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
-        SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=CPUID
-      ValidFrom: '2012-01-06 00:00:00'
-      ValidTo: '2015-02-06 23:59:59'
-      Signature: be6fb3b3b33e9108a9a2273d1cf5eb3209a8c3a86ba7d66069393587f6b451b75b327ea15d36b1604aad5509c0ace37fa66e220b35764b9c201169677738c06802d2f798383c256c690898a663b0aeb519491057f9f24149c513abba2a4cab9934a684e5d83a34105fe6681f2b85d5ee06332d1c05c3627758442fd2fc94f5f68bb30f085cb1d31174e1461394aeef7b124291a099654d1103df3deab81e9658b5b5cc817061d688ae39e702f1d0dd420d6de931bed331960e089233b8576482e48d5b769fdfa8df02e1d098912444b324057826e1f72c26f045b2479a9b39eadfd6b2e1bd6db4057ef6b12ca385cad9a7ad82c4414e619f97dfd08a55f59053
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 53c8b54713882d4d5439511804935e
-      Version: 3
-      TBS:
-        MD5: 49e7946e133b4aaa31899adb235d3fa9
-        SHA1: f9f38ec49a6ccb990805be6dda0efa5f7fe8f7e7
-        SHA256: 1bb998a806b890e3300be35de0daa1b691fa218ef3d58ee5ec1b43fd34250a74
-        SHA384: 0a2ca21b084e3b431a7150c49819934d64a8b259d5686706d879a90cc37d32005eb2bbe07558b312b1169ab8a3e3de39
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 53c8b54713882d4d5439511804935e
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 573ac9a3fc69d00f19723f196162680e
-    SHA1: 7e21d51681f265bad20f1db06cd0831b80d4fed2
-    SHA256: 79749e2d14cda7629ae1b8bdc88101418cb5a099b93137ea76824b0246209519
-  Sections:
-    .text:
-      Entropy: 6.222402374512635
-      Virtual Size: '0x2780'
-    .rdata:
-      Entropy: 4.5251453594439255
-      Virtual Size: '0x300'
-    .data:
-      Entropy: 0.335842300318532
-      Virtual Size: '0x1e0'
-    INIT:
-      Entropy: 5.423515041101043
-      Virtual Size: '0x404'
-    .rsrc:
-      Entropy: 3.3927376128305218
-      Virtual Size: '0x350'
-    .reloc:
-      Entropy: 5.4807357701963335
-      Virtual Size: '0x258'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2012-08-11 01:45:54'
-  Imphash: a0a13575e37906924a0b79043b4005c6
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: cpuz.sys
-  MD5: 26ce59f9fc8639fd7fed53ce3b785015
-  SHA1: 2bf6b88b84d27cdf0699d6d18b08a1b36310cdd1
-  SHA256: 11d258e05b850dcc9ecfacccc9486e54bd928aaa3d5e9942696c323fdbd3481b
-  Authentihash:
-    MD5: 0fef96c1d46145af32eb6993faa6e496
-    SHA1: 4d26356a4a48d492b00845a7ac1bb27a92f95871
-    SHA256: 0aa61910c3ceb765441c35925a50983b2571ac22da510f1495cf82f078b535b6
-  Description: CPUID Driver
-  Company: CPUID
-  InternalName: cpuz.sys
-  OriginalFilename: cpuz.sys
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Product: CPUID service
-  ProductVersion: 6.1.7600.16385
-  Copyright: Copyright(C) 2010 CPUID
-  MachineType: I386
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IofCompleteRequest
-  - ExFreePool
-  - ExAllocatePoolWithTag
-  - RtlFreeUnicodeString
-  - ObfDereferenceObject
-  - MmIsAddressValid
-  - IoGetDeviceObjectPointer
-  - MmUnmapIoSpace
-  - RtlInitAnsiString
-  - MmMapIoSpace
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - RtlUnwind
-  - KeTickCount
-  - KeBugCheckEx
-  - RtlInitUnicodeString
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - PsGetVersion
-  - KeInitializeEvent
-  - IoBuildDeviceIoControlRequest
-  - IofCallDriver
-  - KeWaitForSingleObject
-  - RtlAnsiStringToUnicodeString
-  - IoCancelIrp
-  - READ_PORT_USHORT
-  - READ_PORT_ULONG
-  - WRITE_PORT_UCHAR
-  - WRITE_PORT_USHORT
-  - WRITE_PORT_ULONG
-  - HalGetBusDataByOffset
-  - HalSetBusDataByOffset
-  - KeStallExecutionProcessor
-  - READ_PORT_UCHAR
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=CPUID
-      ValidFrom: '2012-01-06 00:00:00'
-      ValidTo: '2015-02-06 23:59:59'
-      Signature: be6fb3b3b33e9108a9a2273d1cf5eb3209a8c3a86ba7d66069393587f6b451b75b327ea15d36b1604aad5509c0ace37fa66e220b35764b9c201169677738c06802d2f798383c256c690898a663b0aeb519491057f9f24149c513abba2a4cab9934a684e5d83a34105fe6681f2b85d5ee06332d1c05c3627758442fd2fc94f5f68bb30f085cb1d31174e1461394aeef7b124291a099654d1103df3deab81e9658b5b5cc817061d688ae39e702f1d0dd420d6de931bed331960e089233b8576482e48d5b769fdfa8df02e1d098912444b324057826e1f72c26f045b2479a9b39eadfd6b2e1bd6db4057ef6b12ca385cad9a7ad82c4414e619f97dfd08a55f59053
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 53c8b54713882d4d5439511804935e
-      Version: 3
-      TBS:
-        MD5: 49e7946e133b4aaa31899adb235d3fa9
-        SHA1: f9f38ec49a6ccb990805be6dda0efa5f7fe8f7e7
-        SHA256: 1bb998a806b890e3300be35de0daa1b691fa218ef3d58ee5ec1b43fd34250a74
-        SHA384: 0a2ca21b084e3b431a7150c49819934d64a8b259d5686706d879a90cc37d32005eb2bbe07558b312b1169ab8a3e3de39
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 53c8b54713882d4d5439511804935e
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 41f15d0f328a165973b49de608ef72a2
-    SHA1: abcd9850775bd0a1a855e785a238e0e69525810f
-    SHA256: 02dc44b04a6426fcaedf26995bfa471f123a90a9c747e82cebaf95f394890631
-  Sections:
-    .text:
-      Entropy: 6.217408305730309
-      Virtual Size: '0x2750'
-    .rdata:
-      Entropy: 4.55489113332384
-      Virtual Size: '0x2f0'
-    .data:
-      Entropy: 0.335842300318532
-      Virtual Size: '0x1e0'
-    INIT:
-      Entropy: 5.41983369153965
-      Virtual Size: '0x3f4'
-    .rsrc:
-      Entropy: 3.3927376128305218
-      Virtual Size: '0x350'
-    .reloc:
-      Entropy: 5.5051908528223255
-      Virtual Size: '0x254'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2012-03-09 01:55:45'
-  Imphash: 958dd67f866ae27cf716e30a025b266f
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: cpuz.sys
-  MD5: 75dbd5db9892d7451d0429bec1aabe1a
-  SHA1: c05df2e56e05b97e3ca8c6a61865cae722ed3066
-  SHA256: 19696fb0db3fcae22f705ae1eb1e9f1151c823f3ff5d8857e90f2a4a6fdc5758
-  Authentihash:
-    MD5: dfb8cce9246e17f356504802d14d019d
-    SHA1: 189bedcea5ec5bfc724ff44b4b44958dc450c7db
-    SHA256: 4b5aecfecf26145aadd23f96a1cdfae0bca4e53af215d4bd77bba5dcc5a4479b
-  Description: CPUID Driver
-  Company: CPUID
-  InternalName: cpuz.sys
-  OriginalFilename: cpuz.sys
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Product: CPUID service
-  ProductVersion: 6.1.7600.16385
-  Copyright: Copyright(C) 2010 CPUID
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - RtlAnsiStringToUnicodeString
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeInitializeEvent
-  - RtlInitAnsiString
-  - MmUnmapIoSpace
-  - IoCancelIrp
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - ExFreePoolWithTag
-  - IofCompleteRequest
-  - KeWaitForSingleObject
-  - PsGetVersion
-  - IoCreateSymbolicLink
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - IofCallDriver
-  - KeBugCheckEx
-  - IoDeleteSymbolicLink
-  - IoBuildDeviceIoControlRequest
-  - MmMapIoSpace
-  - ExAllocatePoolWithTag
-  - RtlUnwindEx
-  - HalSetBusDataByOffset
-  - KeStallExecutionProcessor
-  - HalGetBusDataByOffset
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=CPUID
-      ValidFrom: '2012-01-06 00:00:00'
-      ValidTo: '2015-02-06 23:59:59'
-      Signature: be6fb3b3b33e9108a9a2273d1cf5eb3209a8c3a86ba7d66069393587f6b451b75b327ea15d36b1604aad5509c0ace37fa66e220b35764b9c201169677738c06802d2f798383c256c690898a663b0aeb519491057f9f24149c513abba2a4cab9934a684e5d83a34105fe6681f2b85d5ee06332d1c05c3627758442fd2fc94f5f68bb30f085cb1d31174e1461394aeef7b124291a099654d1103df3deab81e9658b5b5cc817061d688ae39e702f1d0dd420d6de931bed331960e089233b8576482e48d5b769fdfa8df02e1d098912444b324057826e1f72c26f045b2479a9b39eadfd6b2e1bd6db4057ef6b12ca385cad9a7ad82c4414e619f97dfd08a55f59053
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 53c8b54713882d4d5439511804935e
-      Version: 3
-      TBS:
-        MD5: 49e7946e133b4aaa31899adb235d3fa9
-        SHA1: f9f38ec49a6ccb990805be6dda0efa5f7fe8f7e7
-        SHA256: 1bb998a806b890e3300be35de0daa1b691fa218ef3d58ee5ec1b43fd34250a74
-        SHA384: 0a2ca21b084e3b431a7150c49819934d64a8b259d5686706d879a90cc37d32005eb2bbe07558b312b1169ab8a3e3de39
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 53c8b54713882d4d5439511804935e
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 685a19a8e9f46a76067db83da501dca0
-    SHA1: 5f76e4cf5157450837536db016e9981cb41394d2
-    SHA256: 1a0c69ff029488d41c7d9413943c28d389016adb26698d9baf02c6f32739d591
-  Sections:
-    .text:
-      Entropy: 6.207830883313713
-      Virtual Size: '0x25d6'
-    .rdata:
-      Entropy: 4.172824067374571
-      Virtual Size: '0x3ec'
-    .data:
-      Entropy: 0.378703493487675
-      Virtual Size: '0x2c0'
-    .pdata:
-      Entropy: 3.503621523339014
-      Virtual Size: '0xc0'
-    INIT:
-      Entropy: 5.076575853289
-      Virtual Size: '0x406'
-    .rsrc:
-      Entropy: 3.3943730160709853
-      Virtual Size: '0x350'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2012-03-09 01:56:55'
-  Imphash: 82942c060f79cefd3bf1acdf5c207561
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: cpuz.sys
-  MD5: fe820a5f99b092c3660762c6fc6c64e0
-  SHA1: fad8e308f6d2e6a9cfaf9e6189335126a3c69acb
-  SHA256: 1e16a01ef44e4c56e87abfbe03b2989b0391b172c3ec162783ad640be65ab961
-  Authentihash:
-    MD5: 97861c7d308c22f4db08d08ce912fced
-    SHA1: 368c63d2f393ef65f8107d175174e9eaa13d993e
-    SHA256: 3966d4b1e4f5442b8507f91b6dbde3523657b47fd2945d990249605727d231ec
-  Description: CPUID Driver
-  Company: CPUID
-  InternalName: cpuz.sys
-  OriginalFilename: cpuz.sys
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Product: CPUID service
-  ProductVersion: 6.1.7600.16385
-  Copyright: Copyright(C) 2012 CPUID
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - RtlAnsiStringToUnicodeString
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeInitializeEvent
-  - RtlInitAnsiString
-  - MmUnmapIoSpace
-  - IoCancelIrp
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - ExFreePoolWithTag
-  - IofCompleteRequest
-  - KeWaitForSingleObject
-  - PsGetVersion
-  - IoCreateSymbolicLink
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - IofCallDriver
-  - KeBugCheckEx
-  - IoDeleteSymbolicLink
-  - IoBuildDeviceIoControlRequest
-  - MmMapIoSpace
-  - ExAllocatePoolWithTag
-  - RtlUnwindEx
-  - HalSetBusDataByOffset
-  - KeStallExecutionProcessor
-  - HalGetBusDataByOffset
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G3
-      ValidFrom: '2012-05-01 00:00:00'
-      ValidTo: '2012-12-31 23:59:59'
-      Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
-      Version: 3
-      TBS:
-        MD5: e6d820afb23af20a65cf0b03247ea05e
-        SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
-        SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
-        SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=CPUID
-      ValidFrom: '2012-01-06 00:00:00'
-      ValidTo: '2015-02-06 23:59:59'
-      Signature: be6fb3b3b33e9108a9a2273d1cf5eb3209a8c3a86ba7d66069393587f6b451b75b327ea15d36b1604aad5509c0ace37fa66e220b35764b9c201169677738c06802d2f798383c256c690898a663b0aeb519491057f9f24149c513abba2a4cab9934a684e5d83a34105fe6681f2b85d5ee06332d1c05c3627758442fd2fc94f5f68bb30f085cb1d31174e1461394aeef7b124291a099654d1103df3deab81e9658b5b5cc817061d688ae39e702f1d0dd420d6de931bed331960e089233b8576482e48d5b769fdfa8df02e1d098912444b324057826e1f72c26f045b2479a9b39eadfd6b2e1bd6db4057ef6b12ca385cad9a7ad82c4414e619f97dfd08a55f59053
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 53c8b54713882d4d5439511804935e
-      Version: 3
-      TBS:
-        MD5: 49e7946e133b4aaa31899adb235d3fa9
-        SHA1: f9f38ec49a6ccb990805be6dda0efa5f7fe8f7e7
-        SHA256: 1bb998a806b890e3300be35de0daa1b691fa218ef3d58ee5ec1b43fd34250a74
-        SHA384: 0a2ca21b084e3b431a7150c49819934d64a8b259d5686706d879a90cc37d32005eb2bbe07558b312b1169ab8a3e3de39
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 53c8b54713882d4d5439511804935e
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 685a19a8e9f46a76067db83da501dca0
-    SHA1: 5f76e4cf5157450837536db016e9981cb41394d2
-    SHA256: 1a0c69ff029488d41c7d9413943c28d389016adb26698d9baf02c6f32739d591
-  Sections:
-    .text:
-      Entropy: 6.181674969781746
-      Virtual Size: '0x2536'
-    .rdata:
-      Entropy: 4.160071293394142
-      Virtual Size: '0x3d4'
-    .data:
-      Entropy: 0.378703493487675
-      Virtual Size: '0x2c0'
-    .pdata:
-      Entropy: 3.4970531643346394
-      Virtual Size: '0xc0'
-    INIT:
-      Entropy: 5.076575853289
-      Virtual Size: '0x406'
-    .rsrc:
-      Entropy: 3.3935766621226473
-      Virtual Size: '0x350'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2012-10-27 11:24:41'
-  Imphash: 82942c060f79cefd3bf1acdf5c207561
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: cpuz.sys
-  MD5: 262969a3fab32b9e17e63e2d17a57744
-  SHA1: 363b907c3b4f37968e9c8e1b7eeca5a5c5d530f8
-  SHA256: 1ee59eb28688e73d10838c66e0d8e011c8df45b6b43a4ac5d0b75795ca3eb512
-  Authentihash:
-    MD5: 7c8e917e5adba8b20bea898d4b966c6c
-    SHA1: 570496ebc3c4010b48c3703652fdfcb60352798b
-    SHA256: 98c86fcf018822289340d248f5e2896c41ad0f284febb741b945312ff40bdfa3
-  Description: CPUID Driver
-  Company: CPUID
-  InternalName: cpuz.sys
-  OriginalFilename: cpuz.sys
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Product: CPUID service
-  ProductVersion: 6.1.7600.16385
-  Copyright: Copyright(C) 2010 CPUID
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - RtlAnsiStringToUnicodeString
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeInitializeEvent
-  - RtlInitAnsiString
-  - MmUnmapIoSpace
-  - IoCancelIrp
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - ExFreePoolWithTag
-  - IofCompleteRequest
-  - KeWaitForSingleObject
-  - PsGetVersion
-  - IoCreateSymbolicLink
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - IofCallDriver
-  - KeBugCheckEx
-  - IoDeleteSymbolicLink
-  - IoBuildDeviceIoControlRequest
-  - MmMapIoSpace
-  - ExAllocatePoolWithTag
-  - RtlUnwindEx
-  - HalSetBusDataByOffset
-  - KeStallExecutionProcessor
-  - HalGetBusDataByOffset
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=CPUID
-      ValidFrom: '2009-02-02 00:00:00'
-      ValidTo: '2012-02-07 23:59:59'
-      Signature: 9a9bbecb393272aaedfd7a125e0fe581151a18a75a4094e082a38156f62018b9d59edef27429bbea60d6e146a2ce134546d54e00b6585c1d85e3aedfb3b9a5de7728a96b2bcc26106655bae6bc5ce3a72714f9e23282a2fba29fc870b394e832f07dc50ded3a042953fe91379769e424398278b6ed14ae4f6b4cce5fa7ba20fc8d157a78fd308214d177189bcd76b2bd62a861a8c1562e2748f338f7369f0f062804685399a6655fcb4564a644e7a8bee8330557376884cce9153992e8e205bc1474dbd0109b3c87991db9bb77a9dff5775267390431ce56ff49500d8ad70be34a0d9a0b112e07eb55f0fe07de9ac93a0b30cb36029b5ec41e032daf66627d4e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
-      Version: 3
-      TBS:
-        MD5: fb72fa311261c4fb6a786e5cc7ce1d2f
-        SHA1: 1006abcf3b1eb43fd4cc42a2cc25346b3b9002c3
-        SHA256: 01beb7dc0d29b16a5506fc611b435aa0f4d9c50408ca404e91135e493a20890a
-        SHA384: 759175ad5a7509fc3ea3678d14e568abd0edeb753b53af88af04869bea98a07314b88c26de077ab3bdb6dbb1df1b93f9
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 685a19a8e9f46a76067db83da501dca0
-    SHA1: 5f76e4cf5157450837536db016e9981cb41394d2
-    SHA256: 1a0c69ff029488d41c7d9413943c28d389016adb26698d9baf02c6f32739d591
-  Sections:
-    .text:
-      Entropy: 6.190718841242454
-      Virtual Size: '0x2416'
-    .rdata:
-      Entropy: 4.183312032190414
-      Virtual Size: '0x3ec'
-    .data:
-      Entropy: 0.378703493487675
-      Virtual Size: '0x2c0'
-    .pdata:
-      Entropy: 3.53594863841985
-      Virtual Size: '0xc0'
-    INIT:
-      Entropy: 5.076575853289
-      Virtual Size: '0x406'
-    .rsrc:
-      Entropy: 3.3943730160709853
-      Virtual Size: '0x350'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2010-11-09 06:33:36'
-  Imphash: 82942c060f79cefd3bf1acdf5c207561
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: cpuz.sys
-  MD5: 17719a7f571d4cd08223f0b30f71b8b8
-  SHA1: f9c916d163b85057414300ca214ebdf751172ecf
-  SHA256: 1f4d4db4abe26e765a33afb2501ac134d14cadeaa74ae8a0fae420e4ecf58e0c
-  Authentihash:
-    MD5: 93bf28533aa6e63dc8b80b998b0814af
-    SHA1: 413ed5609215f4a6cee3b7b357eb594902a817f5
-    SHA256: 1399e65aa55c898a6cd5fb32d4b19f5bbaf69c56c1383963c99b7a0804eb0203
-  Description: CPUID Driver
-  Company: Windows (R) Win 7 DDK provider
-  InternalName: cpuz.sys
-  OriginalFilename: cpuz.sys
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Product: Windows (R) Win 7 DDK driver
-  ProductVersion: 6.1.7600.16385
-  Copyright: "\xA9 Microsoft Corporation. All rights reserved."
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - RtlAnsiStringToUnicodeString
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeInitializeEvent
-  - RtlInitAnsiString
-  - MmUnmapIoSpace
-  - IoCancelIrp
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - ExFreePoolWithTag
-  - IofCompleteRequest
-  - KeWaitForSingleObject
-  - PsGetVersion
-  - IoCreateSymbolicLink
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - IofCallDriver
-  - KeBugCheckEx
-  - IoDeleteSymbolicLink
-  - IoBuildDeviceIoControlRequest
-  - MmMapIoSpace
-  - ExAllocatePoolWithTag
-  - RtlUnwindEx
-  - HalSetBusDataByOffset
-  - KeStallExecutionProcessor
-  - HalGetBusDataByOffset
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=CPUID
-      ValidFrom: '2009-02-02 00:00:00'
-      ValidTo: '2012-02-07 23:59:59'
-      Signature: 9a9bbecb393272aaedfd7a125e0fe581151a18a75a4094e082a38156f62018b9d59edef27429bbea60d6e146a2ce134546d54e00b6585c1d85e3aedfb3b9a5de7728a96b2bcc26106655bae6bc5ce3a72714f9e23282a2fba29fc870b394e832f07dc50ded3a042953fe91379769e424398278b6ed14ae4f6b4cce5fa7ba20fc8d157a78fd308214d177189bcd76b2bd62a861a8c1562e2748f338f7369f0f062804685399a6655fcb4564a644e7a8bee8330557376884cce9153992e8e205bc1474dbd0109b3c87991db9bb77a9dff5775267390431ce56ff49500d8ad70be34a0d9a0b112e07eb55f0fe07de9ac93a0b30cb36029b5ec41e032daf66627d4e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
-      Version: 3
-      TBS:
-        MD5: fb72fa311261c4fb6a786e5cc7ce1d2f
-        SHA1: 1006abcf3b1eb43fd4cc42a2cc25346b3b9002c3
-        SHA256: 01beb7dc0d29b16a5506fc611b435aa0f4d9c50408ca404e91135e493a20890a
-        SHA384: 759175ad5a7509fc3ea3678d14e568abd0edeb753b53af88af04869bea98a07314b88c26de077ab3bdb6dbb1df1b93f9
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 89dc670b5f7c06b577deeec9473dc96b
-    SHA1: af59c00ae531117ba9307257ab945cdf6c8309f6
-    SHA256: 35b9d8fc904c88f4df237edc610727f89c415e48bcf135191c43832bb2935ba6
-  Sections:
-    .text:
-      Entropy: 6.182386482362877
-      Virtual Size: '0x2256'
-    .rdata:
-      Entropy: 4.258631853520521
-      Virtual Size: '0x3d0'
-    .data:
-      Entropy: 0.378703493487675
-      Virtual Size: '0x2c0'
-    .pdata:
-      Entropy: 3.4326961450392584
-      Virtual Size: '0x90'
-    INIT:
-      Entropy: 5.067835669413665
-      Virtual Size: '0x406'
-    .rsrc:
-      Entropy: 3.4148190207283133
-      Virtual Size: '0x3d0'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2010-07-09 05:16:58'
-  Imphash: 82942c060f79cefd3bf1acdf5c207561
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: cpuz.sys
-  MD5: 21be10f66bb65c1d406407faa0b9ba95
-  SHA1: 86e59b17272a3e7d9976c980ded939bf8bf75069
-  SHA256: 2101d5e80e92c55ecfd8c24fcf2202a206a4fd70195a1378f88c4cc04d336f22
-  Authentihash:
-    MD5: 9328ac41d0afb80914780b9474c0bca0
-    SHA1: e8f4f4e2a672d845d897f36646d8339597135050
-    SHA256: c0ed71b491aec860932fe92e5527ef444d537b396186ac839d5ed0884cfcaf0c
-  Description: CPUID Driver
-  Company: CPUID
-  InternalName: cpuz.sys
-  OriginalFilename: cpuz.sys
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Product: CPUID service
-  ProductVersion: 6.1.7600.16385
-  Copyright: Copyright(C) 2014 CPUID
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - RtlAnsiStringToUnicodeString
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeInitializeEvent
-  - RtlInitAnsiString
-  - MmUnmapIoSpace
-  - IoCancelIrp
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - ExFreePoolWithTag
-  - IofCompleteRequest
-  - KeWaitForSingleObject
-  - PsGetVersion
-  - IoCreateSymbolicLink
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - IofCallDriver
-  - KeBugCheckEx
-  - IoDeleteSymbolicLink
-  - IoBuildDeviceIoControlRequest
-  - MmMapIoSpace
-  - ExAllocatePoolWithTag
-  - RtlUnwindEx
-  - HalSetBusDataByOffset
-  - KeStallExecutionProcessor
-  - HalGetBusDataByOffset
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=CPUID
-      ValidFrom: '2012-01-06 00:00:00'
-      ValidTo: '2015-02-06 23:59:59'
-      Signature: be6fb3b3b33e9108a9a2273d1cf5eb3209a8c3a86ba7d66069393587f6b451b75b327ea15d36b1604aad5509c0ace37fa66e220b35764b9c201169677738c06802d2f798383c256c690898a663b0aeb519491057f9f24149c513abba2a4cab9934a684e5d83a34105fe6681f2b85d5ee06332d1c05c3627758442fd2fc94f5f68bb30f085cb1d31174e1461394aeef7b124291a099654d1103df3deab81e9658b5b5cc817061d688ae39e702f1d0dd420d6de931bed331960e089233b8576482e48d5b769fdfa8df02e1d098912444b324057826e1f72c26f045b2479a9b39eadfd6b2e1bd6db4057ef6b12ca385cad9a7ad82c4414e619f97dfd08a55f59053
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 53c8b54713882d4d5439511804935e
-      Version: 3
-      TBS:
-        MD5: 49e7946e133b4aaa31899adb235d3fa9
-        SHA1: f9f38ec49a6ccb990805be6dda0efa5f7fe8f7e7
-        SHA256: 1bb998a806b890e3300be35de0daa1b691fa218ef3d58ee5ec1b43fd34250a74
-        SHA384: 0a2ca21b084e3b431a7150c49819934d64a8b259d5686706d879a90cc37d32005eb2bbe07558b312b1169ab8a3e3de39
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 53c8b54713882d4d5439511804935e
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: c046d6f14ec39d2a0f67a417bda83c5e
-    SHA1: 74661f1063b4c80566f75a1bee22c35f7af17fa9
-    SHA256: 440eebbdc09d290724d364056ba4e2725c75759819a6df0a1ed5c876ed7d2474
-  Sections:
-    .text:
-      Entropy: 6.184959788800412
-      Virtual Size: '0x3046'
-    .rdata:
-      Entropy: 4.1967199978388665
-      Virtual Size: '0x434'
-    .data:
-      Entropy: 0.378703493487675
-      Virtual Size: '0x2c0'
-    .pdata:
-      Entropy: 3.61540303809267
-      Virtual Size: '0xd8'
-    INIT:
-      Entropy: 5.133048134973059
-      Virtual Size: '0x406'
-    .rsrc:
-      Entropy: 3.3971374522271924
-      Virtual Size: '0x350'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2014-10-06 04:26:29'
-  Imphash: 82942c060f79cefd3bf1acdf5c207561
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: cpuz.sys
-  MD5: 4885e1bf1971c8fa9e7686fd5199f500
-  SHA1: 388068adc9ec46a0bbc8173bcb0d5f9cf8af6ea5
-  SHA256: 26e3bfef255efd052a84c3c43994c73222b14c95db9a4b1fc2e98f1a5cb26e43
-  Authentihash:
-    MD5: 92c5a8d936bb2ef7802aaa15c877e866
-    SHA1: 340024982f9ad5c2722bab8cddec9d32f0efdc7c
-    SHA256: 313a69d8eea6a933cffac0fa67d46ad9aef0815bb579fce7623d9be825888e30
-  Description: CPUID Driver
-  Company: CPUID
-  InternalName: cpuz.sys
-  OriginalFilename: cpuz.sys
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Product: CPUID service
-  ProductVersion: 6.1.7600.16385
-  Copyright: Copyright(C) 2013 CPUID
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - RtlAnsiStringToUnicodeString
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeInitializeEvent
-  - RtlInitAnsiString
-  - MmUnmapIoSpace
-  - IoCancelIrp
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - ExFreePoolWithTag
-  - IofCompleteRequest
-  - KeWaitForSingleObject
-  - PsGetVersion
-  - IoCreateSymbolicLink
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - IofCallDriver
-  - KeBugCheckEx
-  - IoDeleteSymbolicLink
-  - IoBuildDeviceIoControlRequest
-  - MmMapIoSpace
-  - ExAllocatePoolWithTag
-  - RtlUnwindEx
-  - HalSetBusDataByOffset
-  - KeStallExecutionProcessor
-  - HalGetBusDataByOffset
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=CPUID
-      ValidFrom: '2012-01-06 00:00:00'
-      ValidTo: '2015-02-06 23:59:59'
-      Signature: be6fb3b3b33e9108a9a2273d1cf5eb3209a8c3a86ba7d66069393587f6b451b75b327ea15d36b1604aad5509c0ace37fa66e220b35764b9c201169677738c06802d2f798383c256c690898a663b0aeb519491057f9f24149c513abba2a4cab9934a684e5d83a34105fe6681f2b85d5ee06332d1c05c3627758442fd2fc94f5f68bb30f085cb1d31174e1461394aeef7b124291a099654d1103df3deab81e9658b5b5cc817061d688ae39e702f1d0dd420d6de931bed331960e089233b8576482e48d5b769fdfa8df02e1d098912444b324057826e1f72c26f045b2479a9b39eadfd6b2e1bd6db4057ef6b12ca385cad9a7ad82c4414e619f97dfd08a55f59053
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 53c8b54713882d4d5439511804935e
-      Version: 3
-      TBS:
-        MD5: 49e7946e133b4aaa31899adb235d3fa9
-        SHA1: f9f38ec49a6ccb990805be6dda0efa5f7fe8f7e7
-        SHA256: 1bb998a806b890e3300be35de0daa1b691fa218ef3d58ee5ec1b43fd34250a74
-        SHA384: 0a2ca21b084e3b431a7150c49819934d64a8b259d5686706d879a90cc37d32005eb2bbe07558b312b1169ab8a3e3de39
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 53c8b54713882d4d5439511804935e
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 685a19a8e9f46a76067db83da501dca0
-    SHA1: 5f76e4cf5157450837536db016e9981cb41394d2
-    SHA256: 1a0c69ff029488d41c7d9413943c28d389016adb26698d9baf02c6f32739d591
-  Sections:
-    .text:
-      Entropy: 6.189630683612354
-      Virtual Size: '0x2c76'
-    .rdata:
-      Entropy: 4.1481713750399685
-      Virtual Size: '0x414'
-    .data:
-      Entropy: 0.378703493487675
-      Virtual Size: '0x2c0'
-    .pdata:
-      Entropy: 3.5274875201903875
-      Virtual Size: '0xc0'
-    INIT:
-      Entropy: 5.076575853289
-      Virtual Size: '0x406'
-    .rsrc:
-      Entropy: 3.3935766621226473
-      Virtual Size: '0x350'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2013-11-27 03:33:59'
-  Imphash: 82942c060f79cefd3bf1acdf5c207561
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: cpuz.sys
-  MD5: ab4ee84e09b09012ac86d3a875af9d43
-  SHA1: 3c81cdfd99d91c7c9de7921607be12233ed0dfd8
-  SHA256: 2a6db9facf9e13d35c37dd468be04bae5f70c6127a9aee76daebddbdec95d486
-  Authentihash:
-    MD5: 654f9a768f518e632c99309bd4c1145b
-    SHA1: a5f086835d7c2883ad8d985772d02a9a8815bcbb
-    SHA256: d4e93f592a8342b0eb582d24a114348ce40ecb3c1e7b238d731b02e17d5aae7d
-  Description: CPUID Driver
-  Company: CPUID
-  InternalName: cpuz.sys
-  OriginalFilename: cpuz.sys
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Product: CPUID service
-  ProductVersion: 6.1.7600.16385
-  Copyright: Copyright(C) 2012 CPUID
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - RtlAnsiStringToUnicodeString
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeInitializeEvent
-  - RtlInitAnsiString
-  - MmUnmapIoSpace
-  - IoCancelIrp
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - ExFreePoolWithTag
-  - IofCompleteRequest
-  - KeWaitForSingleObject
-  - PsGetVersion
-  - IoCreateSymbolicLink
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - IofCallDriver
-  - KeBugCheckEx
-  - IoDeleteSymbolicLink
-  - IoBuildDeviceIoControlRequest
-  - MmMapIoSpace
-  - ExAllocatePoolWithTag
-  - RtlUnwindEx
-  - HalSetBusDataByOffset
-  - KeStallExecutionProcessor
-  - HalGetBusDataByOffset
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=CPUID
-      ValidFrom: '2012-01-06 00:00:00'
-      ValidTo: '2015-02-06 23:59:59'
-      Signature: be6fb3b3b33e9108a9a2273d1cf5eb3209a8c3a86ba7d66069393587f6b451b75b327ea15d36b1604aad5509c0ace37fa66e220b35764b9c201169677738c06802d2f798383c256c690898a663b0aeb519491057f9f24149c513abba2a4cab9934a684e5d83a34105fe6681f2b85d5ee06332d1c05c3627758442fd2fc94f5f68bb30f085cb1d31174e1461394aeef7b124291a099654d1103df3deab81e9658b5b5cc817061d688ae39e702f1d0dd420d6de931bed331960e089233b8576482e48d5b769fdfa8df02e1d098912444b324057826e1f72c26f045b2479a9b39eadfd6b2e1bd6db4057ef6b12ca385cad9a7ad82c4414e619f97dfd08a55f59053
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 53c8b54713882d4d5439511804935e
-      Version: 3
-      TBS:
-        MD5: 49e7946e133b4aaa31899adb235d3fa9
-        SHA1: f9f38ec49a6ccb990805be6dda0efa5f7fe8f7e7
-        SHA256: 1bb998a806b890e3300be35de0daa1b691fa218ef3d58ee5ec1b43fd34250a74
-        SHA384: 0a2ca21b084e3b431a7150c49819934d64a8b259d5686706d879a90cc37d32005eb2bbe07558b312b1169ab8a3e3de39
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 53c8b54713882d4d5439511804935e
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 685a19a8e9f46a76067db83da501dca0
-    SHA1: 5f76e4cf5157450837536db016e9981cb41394d2
-    SHA256: 1a0c69ff029488d41c7d9413943c28d389016adb26698d9baf02c6f32739d591
-  Sections:
-    .text:
-      Entropy: 6.190388157802366
-      Virtual Size: '0x2616'
-    .rdata:
-      Entropy: 4.158462162346533
-      Virtual Size: '0x3d4'
-    .data:
-      Entropy: 0.378703493487675
-      Virtual Size: '0x2c0'
-    .pdata:
-      Entropy: 3.501505002731896
-      Virtual Size: '0xc0'
-    INIT:
-      Entropy: 5.076575853289
-      Virtual Size: '0x406'
-    .rsrc:
-      Entropy: 3.3935766621226473
-      Virtual Size: '0x350'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2013-05-10 06:42:51'
-  Imphash: 82942c060f79cefd3bf1acdf5c207561
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: cpuz.sys
-  MD5: 743c403d20a89db5ed84c874768b7119
-  SHA1: dc8fa4648c674e3a7148dd8e8c35f668a3701a52
-  SHA256: 2a9d481ffdc5c1e2cb50cf078be32be06b21f6e2b38e90e008edfc8c4f2a9c4e
-  Authentihash:
-    MD5: 4c2f42ab19a70ee6a2cb936329b34aff
-    SHA1: 742a9fc918c7bb2b1707412c703d7b7674ed1094
-    SHA256: fd8d61102719afb0b8a230d9e8c372af3396bec4a6d72aada42a1f1d36187751
-  Description: CPUID Driver
-  Company: Windows (R) Win 7 DDK provider
-  InternalName: cpuz.sys
-  OriginalFilename: cpuz.sys
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Product: Windows (R) Win 7 DDK driver
-  ProductVersion: 6.1.7600.16385
-  Copyright: "\xA9 Microsoft Corporation. All rights reserved."
-  MachineType: I386
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - RtlFreeUnicodeString
-  - ObfDereferenceObject
-  - MmIsAddressValid
-  - IoGetDeviceObjectPointer
-  - RtlAnsiStringToUnicodeString
-  - IofCompleteRequest
-  - MmMapIoSpace
-  - ProbeForWrite
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeTickCount
-  - KeBugCheckEx
-  - MmUnmapIoSpace
-  - RtlInitUnicodeString
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - PsGetVersion
-  - KeInitializeEvent
-  - IoBuildDeviceIoControlRequest
-  - IofCallDriver
-  - RtlInitAnsiString
-  - KeWaitForSingleObject
-  - RtlUnwind
-  - READ_PORT_USHORT
-  - READ_PORT_ULONG
-  - WRITE_PORT_UCHAR
-  - WRITE_PORT_USHORT
-  - WRITE_PORT_ULONG
-  - HalGetBusDataByOffset
-  - HalSetBusDataByOffset
-  - KeStallExecutionProcessor
-  - READ_PORT_UCHAR
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=CPUID
-      ValidFrom: '2009-02-02 00:00:00'
-      ValidTo: '2012-02-07 23:59:59'
-      Signature: 9a9bbecb393272aaedfd7a125e0fe581151a18a75a4094e082a38156f62018b9d59edef27429bbea60d6e146a2ce134546d54e00b6585c1d85e3aedfb3b9a5de7728a96b2bcc26106655bae6bc5ce3a72714f9e23282a2fba29fc870b394e832f07dc50ded3a042953fe91379769e424398278b6ed14ae4f6b4cce5fa7ba20fc8d157a78fd308214d177189bcd76b2bd62a861a8c1562e2748f338f7369f0f062804685399a6655fcb4564a644e7a8bee8330557376884cce9153992e8e205bc1474dbd0109b3c87991db9bb77a9dff5775267390431ce56ff49500d8ad70be34a0d9a0b112e07eb55f0fe07de9ac93a0b30cb36029b5ec41e032daf66627d4e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
-      Version: 3
-      TBS:
-        MD5: fb72fa311261c4fb6a786e5cc7ce1d2f
-        SHA1: 1006abcf3b1eb43fd4cc42a2cc25346b3b9002c3
-        SHA256: 01beb7dc0d29b16a5506fc611b435aa0f4d9c50408ca404e91135e493a20890a
-        SHA384: 759175ad5a7509fc3ea3678d14e568abd0edeb753b53af88af04869bea98a07314b88c26de077ab3bdb6dbb1df1b93f9
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 4ba73072bea66755a70f3a8c99951424
-    SHA1: d9ce039d736544c2d9b7fe44460d8e006a5c62f0
-    SHA256: 3b45bc2da9543317e7a22486f86a3f8c0eb289596d1d7661b47e35e99058861f
-  Sections:
-    .text:
-      Entropy: 6.221169838993626
-      Virtual Size: '0x2030'
-    .rdata:
-      Entropy: 4.564029507184391
-      Virtual Size: '0x2ec'
-    .data:
-      Entropy: 0.22396935932252834
-      Virtual Size: '0x1c0'
-    INIT:
-      Entropy: 5.46954214905682
-      Virtual Size: '0x3fc'
-    .rsrc:
-      Entropy: 3.413813063110847
-      Virtual Size: '0x3d0'
-    .reloc:
-      Entropy: 5.666994611221042
-      Virtual Size: '0x210'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2010-05-11 03:59:25'
-  Imphash: 744af2b62301859b4ccdffba53551b15
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: cpuz.sys
-  MD5: e0bfbdf3793ea2742c03f5a82cb305a5
-  SHA1: a6a71fb4f91080aff2a3a42811b4bd86fb22168d
-  SHA256: 2ef7df384e93951893b65500dac6ee09da6b8fe9128326caad41b8be4da49a1e
-  Authentihash:
-    MD5: a85d9912baf9994b0fabf924f6a66e9b
-    SHA1: 04defcae6548e92ea76bd7069a672a7e1067b995
-    SHA256: d1c71a98e10105faa0814fec3544474d86ae0e8f88efd77798a716adad3994a2
-  Description: CPUID Driver
-  Company: Windows (R) Codename Longhorn DDK provider
-  InternalName: cpuz.sys
-  OriginalFilename: cpuz.sys
-  FileVersion: '6.0.6000.16386 built by: WinDDK'
-  Product: Windows (R) Codename Longhorn DDK driver
-  ProductVersion: 6.0.6000.16386
-  Copyright: "\xA9 Microsoft Corporation. All rights reserved."
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoDeleteSymbolicLink
-  - IoCreateSymbolicLink
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - RtlAnsiStringToUnicodeString
-  - RtlFreeUnicodeString
-  - IoCreateDevice
-  - IofCallDriver
-  - IoGetDeviceObjectPointer
-  - IoBuildDeviceIoControlRequest
-  - IoDeleteDevice
-  - ProbeForWrite
-  - MmMapIoSpace
-  - KeInitializeEvent
-  - RtlInitAnsiString
-  - IofCompleteRequest
-  - KeWaitForSingleObject
-  - KeBugCheckEx
-  - MmUnmapIoSpace
-  - RtlInitUnicodeString
-  - PsGetVersion
-  - RtlUnwindEx
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=CPUID
-      ValidFrom: '2009-02-02 00:00:00'
-      ValidTo: '2012-02-07 23:59:59'
-      Signature: 9a9bbecb393272aaedfd7a125e0fe581151a18a75a4094e082a38156f62018b9d59edef27429bbea60d6e146a2ce134546d54e00b6585c1d85e3aedfb3b9a5de7728a96b2bcc26106655bae6bc5ce3a72714f9e23282a2fba29fc870b394e832f07dc50ded3a042953fe91379769e424398278b6ed14ae4f6b4cce5fa7ba20fc8d157a78fd308214d177189bcd76b2bd62a861a8c1562e2748f338f7369f0f062804685399a6655fcb4564a644e7a8bee8330557376884cce9153992e8e205bc1474dbd0109b3c87991db9bb77a9dff5775267390431ce56ff49500d8ad70be34a0d9a0b112e07eb55f0fe07de9ac93a0b30cb36029b5ec41e032daf66627d4e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
-      Version: 3
-      TBS:
-        MD5: fb72fa311261c4fb6a786e5cc7ce1d2f
-        SHA1: 1006abcf3b1eb43fd4cc42a2cc25346b3b9002c3
-        SHA256: 01beb7dc0d29b16a5506fc611b435aa0f4d9c50408ca404e91135e493a20890a
-        SHA384: 759175ad5a7509fc3ea3678d14e568abd0edeb753b53af88af04869bea98a07314b88c26de077ab3bdb6dbb1df1b93f9
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: a4919ba9bce5fa10c0659fe35e106bff
-    SHA1: c9062199c8b03518cf06dcc7212ff3c1ffbf0452
-    SHA256: f6f4beb34371f4eec6c80a94046382a70864524606df3fdcf4d08fe9ddacc1af
-  Sections:
-    .text:
-      Entropy: 6.139220942185034
-      Virtual Size: '0x1da6'
-    .rdata:
-      Entropy: 4.302697981700664
-      Virtual Size: '0x394'
-    .data:
-      Entropy: 0.378703493487675
-      Virtual Size: '0x2c0'
-    .pdata:
-      Entropy: 3.3507319703399823
-      Virtual Size: '0x84'
-    INIT:
-      Entropy: 4.945456847123696
-      Virtual Size: '0x388'
-    .rsrc:
-      Entropy: 3.393742999677783
-      Virtual Size: '0x400'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2009-03-07 03:03:14'
-  Imphash: cb8db41ab8c06472574e58b9466f4070
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: cpuz.sys
-  MD5: 22ca5fe8fb0e5e22e6fb0848108c03f4
-  SHA1: bec66e0a4842048c25732f7ea2bbe989ea400abf
-  SHA256: 34bee22c18ddbddbe115cf1ab55cabf0e482aba1eb2c343153577fb24b7226d3
-  Authentihash:
-    MD5: b1113bc5a8f67468ae6e0183c60be10a
-    SHA1: bbea7d9b8672ca30c6a8f49e913f110720d4753c
-    SHA256: 55e3b977402be076bfafe332a3fb29ddb6b02edf932d02e963df09adbe89eb91
-  Description: CPUID Driver
-  Company: CPUID
-  InternalName: cpuz.sys
-  OriginalFilename: cpuz.sys
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Product: CPUID service
-  ProductVersion: 6.1.7600.16385
-  Copyright: Copyright(C) 2017 CPUID
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeInitializeEvent
-  - RtlInitAnsiString
-  - MmUnmapIoSpace
-  - IoCancelIrp
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - RtlAnsiStringToUnicodeString
-  - IofCompleteRequest
-  - KeWaitForSingleObject
-  - PsGetVersion
-  - IoCreateSymbolicLink
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - IofCallDriver
-  - KeBugCheckEx
-  - ExFreePoolWithTag
-  - IoDeleteSymbolicLink
-  - IoBuildDeviceIoControlRequest
-  - MmMapIoSpace
-  - ExAllocatePoolWithTag
-  - RtlUnwindEx
-  - HalGetBusDataByOffset
-  - HalSetBusDataByOffset
-  - KeStallExecutionProcessor
-  - KeQueryPerformanceCounter
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, CN=CPUID
-      ValidFrom: '2014-12-02 00:00:00'
-      ValidTo: '2018-03-02 23:59:59'
-      Signature: a59808b35f916a1201f0987b958aaaf50b81f3e507cf9d1b902bc22787244617e38069e4ca74bcf505dfdfeb6bad8bee2ecba26a428c2b26c9b9987241b50ccfd895a7335b35534c5569fdef2554d773cb3b20f10e08eeff2701d2a3e8ef7c5bb759baf1995d1580dce4f0c5da90eff4f07e01e7c9273b24c14c514f2ae1d1fe940dd53bfa25572cd6f3c007c7f21aebc58ea32ca3aea83c731419c9dcc191158cbb52b0b70545a16c9b42aadd4dcb167443d6c15fa03ae7f6f0f644845a69cb8badb3f143fd916a70c5008c3486d1f0cc8e0527f76da5aeaca4925f6eb6861dd54e1ce8b80e6b000446d77ac8bd0299e38db3b8e4a9c43294367cd6a55351d0
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 2d8021d84f098e7abde199f818e211a4
-      Version: 3
-      TBS:
-        MD5: 8f8c7ccf1ef7e1ee347f49e8266008ca
-        SHA1: b856b993df73da9d824aa1e5161788bd10d1e10e
-        SHA256: 1dd13a417806106c76cfbcd3614fe27a0638d2aaf2731f6a110c05043e34ad91
-        SHA384: d24ede407b82f80a6f0703b59af267f227a956c21f642f4c3d717d6999728ba2acfde76966340f4334f8ecdcf294616e
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 2d8021d84f098e7abde199f818e211a4
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: c046d6f14ec39d2a0f67a417bda83c5e
-    SHA1: 74661f1063b4c80566f75a1bee22c35f7af17fa9
-    SHA256: 440eebbdc09d290724d364056ba4e2725c75759819a6df0a1ed5c876ed7d2474
-  Sections:
-    .text:
-      Entropy: 6.167627326915935
-      Virtual Size: '0x4536'
-    .rdata:
-      Entropy: 4.195082406902852
-      Virtual Size: '0x534'
-    .data:
-      Entropy: 0.378703493487675
-      Virtual Size: '0x440'
-    .pdata:
-      Entropy: 3.6289632983036624
-      Virtual Size: '0xfc'
-    INIT:
-      Entropy: 5.132100585029012
-      Virtual Size: '0x40e'
-    .rsrc:
-      Entropy: 3.394946071861716
-      Virtual Size: '0x350'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2017-04-24 05:12:14'
-  Imphash: 8f96c3ef5dda3fe697d4a4d6326dbe37
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: cpuz.sys
-  MD5: 3ab94fba7196e84a97e83b15f7bcb270
-  SHA1: bea745b598dd957924d3465ebc04c5b830d5724f
-  SHA256: 3e07bb866d329a2f9aaa4802bad04fdac9163de9bf9cfa1d035f5ca610b4b9bf
-  Authentihash:
-    MD5: 96c15399e89e9bca402ed660f90e1b98
-    SHA1: 1b4335f92c6137f56c8f98e5b79fc7af67af2a24
-    SHA256: 55a69f740a77fc07073c3d077d029dfb2dbe4b673171167e7310bd857eb55982
-  Description: CPUID Driver
-  Company: CPUID
-  InternalName: cpuz.sys
-  OriginalFilename: cpuz.sys
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Product: CPUID service
-  ProductVersion: 6.1.7600.16385
-  Copyright: Copyright(C) 2013 CPUID
-  MachineType: I386
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IofCompleteRequest
-  - ExFreePool
-  - ExAllocatePoolWithTag
-  - RtlFreeUnicodeString
-  - ObfDereferenceObject
-  - MmIsAddressValid
-  - IoGetDeviceObjectPointer
-  - MmUnmapIoSpace
-  - RtlInitAnsiString
-  - MmMapIoSpace
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - RtlUnwind
-  - KeTickCount
-  - KeBugCheckEx
-  - RtlInitUnicodeString
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - PsGetVersion
-  - KeInitializeEvent
-  - IoBuildDeviceIoControlRequest
-  - IofCallDriver
-  - KeWaitForSingleObject
-  - RtlAnsiStringToUnicodeString
-  - IoCancelIrp
-  - READ_PORT_USHORT
-  - READ_PORT_ULONG
-  - WRITE_PORT_UCHAR
-  - WRITE_PORT_USHORT
-  - WRITE_PORT_ULONG
-  - HalGetBusDataByOffset
-  - HalSetBusDataByOffset
-  - KeStallExecutionProcessor
-  - READ_PORT_UCHAR
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=CPUID
-      ValidFrom: '2012-01-06 00:00:00'
-      ValidTo: '2015-02-06 23:59:59'
-      Signature: be6fb3b3b33e9108a9a2273d1cf5eb3209a8c3a86ba7d66069393587f6b451b75b327ea15d36b1604aad5509c0ace37fa66e220b35764b9c201169677738c06802d2f798383c256c690898a663b0aeb519491057f9f24149c513abba2a4cab9934a684e5d83a34105fe6681f2b85d5ee06332d1c05c3627758442fd2fc94f5f68bb30f085cb1d31174e1461394aeef7b124291a099654d1103df3deab81e9658b5b5cc817061d688ae39e702f1d0dd420d6de931bed331960e089233b8576482e48d5b769fdfa8df02e1d098912444b324057826e1f72c26f045b2479a9b39eadfd6b2e1bd6db4057ef6b12ca385cad9a7ad82c4414e619f97dfd08a55f59053
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 53c8b54713882d4d5439511804935e
-      Version: 3
-      TBS:
-        MD5: 49e7946e133b4aaa31899adb235d3fa9
-        SHA1: f9f38ec49a6ccb990805be6dda0efa5f7fe8f7e7
-        SHA256: 1bb998a806b890e3300be35de0daa1b691fa218ef3d58ee5ec1b43fd34250a74
-        SHA384: 0a2ca21b084e3b431a7150c49819934d64a8b259d5686706d879a90cc37d32005eb2bbe07558b312b1169ab8a3e3de39
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 53c8b54713882d4d5439511804935e
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 41f15d0f328a165973b49de608ef72a2
-    SHA1: abcd9850775bd0a1a855e785a238e0e69525810f
-    SHA256: 02dc44b04a6426fcaedf26995bfa471f123a90a9c747e82cebaf95f394890631
-  Sections:
-    .text:
-      Entropy: 6.193679799265929
-      Virtual Size: '0x2860'
-    .rdata:
-      Entropy: 4.611976907005874
-      Virtual Size: '0x2c0'
-    .data:
-      Entropy: 0.335842300318532
-      Virtual Size: '0x1e0'
-    INIT:
-      Entropy: 5.42180997612463
-      Virtual Size: '0x3f4'
-    .rsrc:
-      Entropy: 3.391941258882184
-      Virtual Size: '0x350'
-    .reloc:
-      Entropy: 5.431068617797713
-      Virtual Size: '0x234'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2013-08-24 02:58:17'
-  Imphash: 958dd67f866ae27cf716e30a025b266f
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: cpuz.sys
-  MD5: e323413de3caec7f7730b43c551f26a0
-  SHA1: f3c20ce4282587c920e9ff5da2150fac7858172e
-  SHA256: 45c3d607cb57a1714c1c604a25cbadf2779f4734855d0e43aa394073b6966b26
-  Authentihash:
-    MD5: 972f2ce8097eda301f27a53fcf2b9865
-    SHA1: aba5185a6ebdb040c5e4b8b8eaa44382eb705aec
-    SHA256: 157ae92541eda2f5035435c63e1654adfa45c06e37b05cbb60d76a63daa93f04
-  Description: CPUID Driver
-  Company: CPUID
-  InternalName: cpuz.sys
-  OriginalFilename: cpuz.sys
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Product: CPUID service
-  ProductVersion: 6.1.7600.16385
-  Copyright: Copyright(C) 2014 CPUID
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - RtlAnsiStringToUnicodeString
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeInitializeEvent
-  - RtlInitAnsiString
-  - MmUnmapIoSpace
-  - IoCancelIrp
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - MmMapIoSpace
-  - ExFreePoolWithTag
-  - KeWaitForSingleObject
-  - PsGetVersion
-  - IoCreateSymbolicLink
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - DbgPrintEx
-  - IofCallDriver
-  - KeBugCheckEx
-  - IoDeleteSymbolicLink
-  - IoBuildDeviceIoControlRequest
-  - IofCompleteRequest
-  - ExAllocatePoolWithTag
-  - RtlUnwindEx
-  - HalSetBusDataByOffset
-  - KeStallExecutionProcessor
-  - HalGetBusDataByOffset
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=CPUID
-      ValidFrom: '2012-01-06 00:00:00'
-      ValidTo: '2015-02-06 23:59:59'
-      Signature: be6fb3b3b33e9108a9a2273d1cf5eb3209a8c3a86ba7d66069393587f6b451b75b327ea15d36b1604aad5509c0ace37fa66e220b35764b9c201169677738c06802d2f798383c256c690898a663b0aeb519491057f9f24149c513abba2a4cab9934a684e5d83a34105fe6681f2b85d5ee06332d1c05c3627758442fd2fc94f5f68bb30f085cb1d31174e1461394aeef7b124291a099654d1103df3deab81e9658b5b5cc817061d688ae39e702f1d0dd420d6de931bed331960e089233b8576482e48d5b769fdfa8df02e1d098912444b324057826e1f72c26f045b2479a9b39eadfd6b2e1bd6db4057ef6b12ca385cad9a7ad82c4414e619f97dfd08a55f59053
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 53c8b54713882d4d5439511804935e
-      Version: 3
-      TBS:
-        MD5: 49e7946e133b4aaa31899adb235d3fa9
-        SHA1: f9f38ec49a6ccb990805be6dda0efa5f7fe8f7e7
-        SHA256: 1bb998a806b890e3300be35de0daa1b691fa218ef3d58ee5ec1b43fd34250a74
-        SHA384: 0a2ca21b084e3b431a7150c49819934d64a8b259d5686706d879a90cc37d32005eb2bbe07558b312b1169ab8a3e3de39
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 53c8b54713882d4d5439511804935e
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: a2326d96aef2fdfe4c1d2ed909160ccc
-    SHA1: 48faced2ed09c60dd807398c1338259bddcd3c1f
-    SHA256: a125d206aeade4827dcce39aadbd8da6cad0d8ad799b46adfd7bf6bcd0acf11e
-  Sections:
-    .text:
-      Entropy: 6.223329975658994
-      Virtual Size: '0x3207'
-    .rdata:
-      Entropy: 4.1808537985567344
-      Virtual Size: '0x434'
-    .data:
-      Entropy: 0.378703493487675
-      Virtual Size: '0x2c0'
-    .pdata:
-      Entropy: 3.626263920579275
-      Virtual Size: '0xd8'
-    INIT:
-      Entropy: 5.120133577153886
-      Virtual Size: '0x41c'
-    .rsrc:
-      Entropy: 3.3971374522271924
-      Virtual Size: '0x350'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2014-10-23 09:03:05'
-  Imphash: 28c5045218461018dbde27212ab0f227
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: cpuz.sys
-  MD5: c9c25778efe890baa4087e32937016a0
-  SHA1: f4728f490d741b04b611164a7d997e34458e3a5e
-  SHA256: 49329fa09f584d1960b09c1b15df18c0bc1c4fdb90bf48b6b5703e872040b668
-  Authentihash:
-    MD5: ccc4847b99e359c72448de9f9f0981f1
-    SHA1: 9e771be7100b166ba79aeeea58aa3dee44c09d6b
-    SHA256: 6b9090296a10225be115810e29e8ada4f70e4d4a8f88b385ccd9a8a6d2eb6778
-  Description: CPUID Driver
-  Company: Windows (R) Codename Longhorn DDK provider
-  InternalName: cpuz.sys
-  OriginalFilename: cpuz.sys
-  FileVersion: '6.0.6000.16386 built by: WinDDK'
-  Product: Windows (R) Codename Longhorn DDK driver
-  ProductVersion: 6.0.6000.16386
-  Copyright: "\xA9 Microsoft Corporation. All rights reserved."
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoDeleteSymbolicLink
-  - IoCreateSymbolicLink
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - RtlAnsiStringToUnicodeString
-  - RtlFreeUnicodeString
-  - IoCreateDevice
-  - IofCallDriver
-  - IoGetDeviceObjectPointer
-  - IoBuildDeviceIoControlRequest
-  - IoDeleteDevice
-  - ProbeForWrite
-  - MmMapIoSpace
-  - KeInitializeEvent
-  - RtlInitAnsiString
-  - IofCompleteRequest
-  - KeWaitForSingleObject
-  - KeBugCheckEx
-  - MmUnmapIoSpace
-  - RtlInitUnicodeString
-  - PsGetVersion
-  - RtlUnwindEx
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=CPUID
-      ValidFrom: '2009-02-02 00:00:00'
-      ValidTo: '2012-02-07 23:59:59'
-      Signature: 9a9bbecb393272aaedfd7a125e0fe581151a18a75a4094e082a38156f62018b9d59edef27429bbea60d6e146a2ce134546d54e00b6585c1d85e3aedfb3b9a5de7728a96b2bcc26106655bae6bc5ce3a72714f9e23282a2fba29fc870b394e832f07dc50ded3a042953fe91379769e424398278b6ed14ae4f6b4cce5fa7ba20fc8d157a78fd308214d177189bcd76b2bd62a861a8c1562e2748f338f7369f0f062804685399a6655fcb4564a644e7a8bee8330557376884cce9153992e8e205bc1474dbd0109b3c87991db9bb77a9dff5775267390431ce56ff49500d8ad70be34a0d9a0b112e07eb55f0fe07de9ac93a0b30cb36029b5ec41e032daf66627d4e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
-      Version: 3
-      TBS:
-        MD5: fb72fa311261c4fb6a786e5cc7ce1d2f
-        SHA1: 1006abcf3b1eb43fd4cc42a2cc25346b3b9002c3
-        SHA256: 01beb7dc0d29b16a5506fc611b435aa0f4d9c50408ca404e91135e493a20890a
-        SHA384: 759175ad5a7509fc3ea3678d14e568abd0edeb753b53af88af04869bea98a07314b88c26de077ab3bdb6dbb1df1b93f9
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: a4919ba9bce5fa10c0659fe35e106bff
-    SHA1: c9062199c8b03518cf06dcc7212ff3c1ffbf0452
-    SHA256: f6f4beb34371f4eec6c80a94046382a70864524606df3fdcf4d08fe9ddacc1af
-  Sections:
-    .text:
-      Entropy: 6.154548729898717
-      Virtual Size: '0x1dd6'
-    .rdata:
-      Entropy: 4.332394275902173
-      Virtual Size: '0x39c'
-    .data:
-      Entropy: 0.378703493487675
-      Virtual Size: '0x2c0'
-    .pdata:
-      Entropy: 3.424516355212702
-      Virtual Size: '0x84'
-    INIT:
-      Entropy: 4.945456847123696
-      Virtual Size: '0x388'
-    .rsrc:
-      Entropy: 3.393742999677783
-      Virtual Size: '0x400'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2009-03-26 17:17:23'
-  Imphash: cb8db41ab8c06472574e58b9466f4070
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: cpuz.sys
-  MD5: 2f8653034a35526df88ea0c62b035a42
-  SHA1: 68ca9c27131aa35c7f433dc914da74f4b3d8793f
-  SHA256: 4d19ee789e101e5a76834fb411aadf8229f08b3ece671343ad57a6576a525036
-  Authentihash:
-    MD5: a5f87835956f86d2acccd4c8012a4fcd
-    SHA1: 2e37b05cd1bafe18e0a1a33560b0ec5aa99b0192
-    SHA256: e650b4e4b5a95cba582b9749cac4c40e67e854d78eb8494f46f6d11f1fcea4d6
-  Description: CPUID Driver
-  Company: Windows (R) Win 7 DDK provider
-  InternalName: cpuz.sys
-  OriginalFilename: cpuz.sys
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Product: Windows (R) Win 7 DDK driver
-  ProductVersion: 6.1.7600.16385
-  Copyright: "\xA9 Microsoft Corporation. All rights reserved."
-  MachineType: I386
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IofCompleteRequest
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - RtlFreeUnicodeString
-  - ObfDereferenceObject
-  - MmIsAddressValid
-  - IoGetDeviceObjectPointer
-  - RtlAnsiStringToUnicodeString
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - ProbeForWrite
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - RtlUnwind
-  - KeTickCount
-  - KeBugCheckEx
-  - RtlInitUnicodeString
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - PsGetVersion
-  - KeInitializeEvent
-  - IoBuildDeviceIoControlRequest
-  - IofCallDriver
-  - RtlInitAnsiString
-  - KeWaitForSingleObject
-  - READ_PORT_USHORT
-  - READ_PORT_ULONG
-  - WRITE_PORT_UCHAR
-  - WRITE_PORT_USHORT
-  - WRITE_PORT_ULONG
-  - HalGetBusDataByOffset
-  - HalSetBusDataByOffset
-  - READ_PORT_UCHAR
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=CPUID
-      ValidFrom: '2009-02-02 00:00:00'
-      ValidTo: '2012-02-07 23:59:59'
-      Signature: 9a9bbecb393272aaedfd7a125e0fe581151a18a75a4094e082a38156f62018b9d59edef27429bbea60d6e146a2ce134546d54e00b6585c1d85e3aedfb3b9a5de7728a96b2bcc26106655bae6bc5ce3a72714f9e23282a2fba29fc870b394e832f07dc50ded3a042953fe91379769e424398278b6ed14ae4f6b4cce5fa7ba20fc8d157a78fd308214d177189bcd76b2bd62a861a8c1562e2748f338f7369f0f062804685399a6655fcb4564a644e7a8bee8330557376884cce9153992e8e205bc1474dbd0109b3c87991db9bb77a9dff5775267390431ce56ff49500d8ad70be34a0d9a0b112e07eb55f0fe07de9ac93a0b30cb36029b5ec41e032daf66627d4e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
-      Version: 3
-      TBS:
-        MD5: fb72fa311261c4fb6a786e5cc7ce1d2f
-        SHA1: 1006abcf3b1eb43fd4cc42a2cc25346b3b9002c3
-        SHA256: 01beb7dc0d29b16a5506fc611b435aa0f4d9c50408ca404e91135e493a20890a
-        SHA384: 759175ad5a7509fc3ea3678d14e568abd0edeb753b53af88af04869bea98a07314b88c26de077ab3bdb6dbb1df1b93f9
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: ac22d2bffa82e1f2eeaff75340ddf502
-    SHA1: a884c8f5b8d433e30a79d959fb37fb0746ff537b
-    SHA256: 3e8f2e809174f7d618f3ce991f37c51a77d2a43db600925041b13fa3430146de
-  Sections:
-    .text:
-      Entropy: 6.237934687882857
-      Virtual Size: '0x2180'
-    .rdata:
-      Entropy: 4.44829003144624
-      Virtual Size: '0x2f4'
-    .data:
-      Entropy: 0.335842300318532
-      Virtual Size: '0x1e0'
-    INIT:
-      Entropy: 5.414827215159332
-      Virtual Size: '0x3dc'
-    .rsrc:
-      Entropy: 3.4140956924835417
-      Virtual Size: '0x3d0'
-    .reloc:
-      Entropy: 5.51200680030155
-      Virtual Size: '0x236'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2010-03-10 09:24:11'
-  Imphash: 29a1da8841f5363423dcba1a9773809a
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: cpuz.sys
-  MD5: e747f164fc89566f934f9ec5627cd8c3
-  SHA1: a958734d25865cbc6bcbc11090ab9d6b72799143
-  SHA256: 5177a3b7393fb5855b2ec0a45d4c91660b958ee077e76e5a7d0669f2e04bcf02
-  Authentihash:
-    MD5: b98238e731280f6d726e61b0016cb877
-    SHA1: 820a00a0e0fc628d06ac1f779eb9e88d613d8934
-    SHA256: b46fb3ed5a7a84ef594ab0b76f384aa2dca0614574478fb98308806612609465
-  Description: CPUID Driver
-  Company: CPUID
-  InternalName: cpuz.sys
-  OriginalFilename: cpuz.sys
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Product: CPUID service
-  ProductVersion: 6.1.7600.16385
-  Copyright: Copyright(C) 2017 CPUID
-  MachineType: IA64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - PsGetVersion
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeTickCount
-  - KeBugCheckEx
-  - IofCompleteRequest
-  - MmMapIoSpace
-  - MmUnmapIoSpace
-  - ProbeForWrite
-  - IoDeleteDevice
-  - RtlInitUnicodeString
-  - IoDeleteSymbolicLink
-  - RtlUnwindEx
-  - RtlPcToFileHeader
-  - READ_PORT_USHORT
-  - WRITE_PORT_ULONG
-  - HalGetBusDataByOffset
-  - HalSetBusDataByOffset
-  - READ_PORT_UCHAR
-  - HalCallPal
-  - WRITE_PORT_UCHAR
-  - KeStallExecutionProcessor
-  - WRITE_PORT_USHORT
-  - READ_PORT_ULONG
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, CN=CPUID
-      ValidFrom: '2014-12-02 00:00:00'
-      ValidTo: '2018-03-02 23:59:59'
-      Signature: a59808b35f916a1201f0987b958aaaf50b81f3e507cf9d1b902bc22787244617e38069e4ca74bcf505dfdfeb6bad8bee2ecba26a428c2b26c9b9987241b50ccfd895a7335b35534c5569fdef2554d773cb3b20f10e08eeff2701d2a3e8ef7c5bb759baf1995d1580dce4f0c5da90eff4f07e01e7c9273b24c14c514f2ae1d1fe940dd53bfa25572cd6f3c007c7f21aebc58ea32ca3aea83c731419c9dcc191158cbb52b0b70545a16c9b42aadd4dcb167443d6c15fa03ae7f6f0f644845a69cb8badb3f143fd916a70c5008c3486d1f0cc8e0527f76da5aeaca4925f6eb6861dd54e1ce8b80e6b000446d77ac8bd0299e38db3b8e4a9c43294367cd6a55351d0
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 2d8021d84f098e7abde199f818e211a4
-      Version: 3
-      TBS:
-        MD5: 8f8c7ccf1ef7e1ee347f49e8266008ca
-        SHA1: b856b993df73da9d824aa1e5161788bd10d1e10e
-        SHA256: 1dd13a417806106c76cfbcd3614fe27a0638d2aaf2731f6a110c05043e34ad91
-        SHA384: d24ede407b82f80a6f0703b59af267f227a956c21f642f4c3d717d6999728ba2acfde76966340f4334f8ecdcf294616e
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 2d8021d84f098e7abde199f818e211a4
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 756be87f8c768cb8bfd02af932dd7589
-    SHA1: 16c2ebba52ba9fb0ef5570c1d620daaaee63865a
-    SHA256: 48acdfbe5ad27d73c0fd9b115a49420f182d146bca52797ce33cc2a061ff0ced
-  Sections:
-    .text:
-      Entropy: 5.336714834529696
-      Virtual Size: '0x5780'
-    .rdata:
-      Entropy: 4.010151907627347
-      Virtual Size: '0x550'
-    .pdata:
-      Entropy: 3.4578065856245583
-      Virtual Size: '0xd8'
-    .sdata:
-      Entropy: 1.1203888318125959
-      Virtual Size: '0x420'
-    INIT:
-      Entropy: 5.015276332791068
-      Virtual Size: '0x3e8'
-    .rsrc:
-      Entropy: 3.388191426646717
-      Virtual Size: '0x350'
-    .reloc:
-      Entropy: 0.9012044915351938
-      Virtual Size: '0x188'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2017-03-23 05:27:23'
-  Imphash: a2d936fa82b7340d28a697fb344046d8
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: cpuz.sys
-  MD5: c08063f052308b6f5882482615387f30
-  SHA1: 252157ab2e33eed7aa112d1c93c720cadcee31ae
-  SHA256: 523d1d43e896077f32cd9acaa8e85b513bfb7b013a625e56f0d4e9675d9822ba
-  Authentihash:
-    MD5: a28d6b501a18377685e448a214f370a6
-    SHA1: 732fdb7d346543552b44e6d127fa907df7ef8d81
-    SHA256: 942a7b2ebca0edeff5803c8f899ee455c0ec279542c41d2db2664d58c1025c86
-  Description: CPUID Driver
-  Company: CPUID
-  InternalName: cpuz.sys
-  OriginalFilename: cpuz.sys
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Product: CPUID service
-  ProductVersion: 6.1.7600.16385
-  Copyright: Copyright(C) 2010 CPUID
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - RtlAnsiStringToUnicodeString
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeInitializeEvent
-  - RtlInitAnsiString
-  - MmUnmapIoSpace
-  - IoCancelIrp
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - ExFreePoolWithTag
-  - IofCompleteRequest
-  - KeWaitForSingleObject
-  - PsGetVersion
-  - IoCreateSymbolicLink
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - IofCallDriver
-  - KeBugCheckEx
-  - IoDeleteSymbolicLink
-  - IoBuildDeviceIoControlRequest
-  - MmMapIoSpace
-  - ExAllocatePoolWithTag
-  - RtlUnwindEx
-  - HalSetBusDataByOffset
-  - KeStallExecutionProcessor
-  - HalGetBusDataByOffset
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=CPUID
-      ValidFrom: '2009-02-02 00:00:00'
-      ValidTo: '2012-02-07 23:59:59'
-      Signature: 9a9bbecb393272aaedfd7a125e0fe581151a18a75a4094e082a38156f62018b9d59edef27429bbea60d6e146a2ce134546d54e00b6585c1d85e3aedfb3b9a5de7728a96b2bcc26106655bae6bc5ce3a72714f9e23282a2fba29fc870b394e832f07dc50ded3a042953fe91379769e424398278b6ed14ae4f6b4cce5fa7ba20fc8d157a78fd308214d177189bcd76b2bd62a861a8c1562e2748f338f7369f0f062804685399a6655fcb4564a644e7a8bee8330557376884cce9153992e8e205bc1474dbd0109b3c87991db9bb77a9dff5775267390431ce56ff49500d8ad70be34a0d9a0b112e07eb55f0fe07de9ac93a0b30cb36029b5ec41e032daf66627d4e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
-      Version: 3
-      TBS:
-        MD5: fb72fa311261c4fb6a786e5cc7ce1d2f
-        SHA1: 1006abcf3b1eb43fd4cc42a2cc25346b3b9002c3
-        SHA256: 01beb7dc0d29b16a5506fc611b435aa0f4d9c50408ca404e91135e493a20890a
-        SHA384: 759175ad5a7509fc3ea3678d14e568abd0edeb753b53af88af04869bea98a07314b88c26de077ab3bdb6dbb1df1b93f9
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 89dc670b5f7c06b577deeec9473dc96b
-    SHA1: af59c00ae531117ba9307257ab945cdf6c8309f6
-    SHA256: 35b9d8fc904c88f4df237edc610727f89c415e48bcf135191c43832bb2935ba6
-  Sections:
-    .text:
-      Entropy: 6.200416768922914
-      Virtual Size: '0x2586'
-    .rdata:
-      Entropy: 4.272735727458459
-      Virtual Size: '0x3e0'
-    .data:
-      Entropy: 0.378703493487675
-      Virtual Size: '0x2c0'
-    .pdata:
-      Entropy: 3.401514027013751
-      Virtual Size: '0x90'
-    INIT:
-      Entropy: 5.067835669413665
-      Virtual Size: '0x406'
-    .rsrc:
-      Entropy: 3.3943730160709853
-      Virtual Size: '0x350'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2011-09-21 02:23:41'
-  Imphash: 82942c060f79cefd3bf1acdf5c207561
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: cpuz.sys
-  MD5: 549e5148be5e7be17f9d416d8a0e333e
-  SHA1: 6d9e22a275a5477ea446e6c56ee45671fbcbb5f6
-  SHA256: 592f56b13e7dcaa285da64a0b9a48be7562bd9b0a190208b7c8b7d8de427cf6c
-  Authentihash:
-    MD5: 00556fc028ef505e2a528e054c435923
-    SHA1: f645fd2deb256b7e3b8dcb7213c4fb61f2e209ec
-    SHA256: c2159219e9986ab9e07e00a87fb83835230a2b99174e7f9b94096046c2dace55
-  Description: CPUID Driver
-  Company: Windows (R) Win 7 DDK provider
-  InternalName: cpuz.sys
-  OriginalFilename: cpuz.sys
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Product: Windows (R) Win 7 DDK driver
-  ProductVersion: 6.1.7600.16385
-  Copyright: "\xA9 Microsoft Corporation. All rights reserved."
-  MachineType: IA64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - PsGetVersion
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeTickCount
-  - KeBugCheckEx
-  - IofCompleteRequest
-  - MmMapIoSpace
-  - MmUnmapIoSpace
-  - ProbeForWrite
-  - IoDeleteDevice
-  - RtlInitUnicodeString
-  - IoDeleteSymbolicLink
-  - __C_specific_handler
-  - READ_PORT_USHORT
-  - WRITE_PORT_ULONG
-  - HalGetBusDataByOffset
-  - HalSetBusDataByOffset
-  - READ_PORT_UCHAR
-  - HalCallPal
-  - WRITE_PORT_UCHAR
-  - KeStallExecutionProcessor
-  - WRITE_PORT_USHORT
-  - READ_PORT_ULONG
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=CPUID
-      ValidFrom: '2009-02-02 00:00:00'
-      ValidTo: '2012-02-07 23:59:59'
-      Signature: 9a9bbecb393272aaedfd7a125e0fe581151a18a75a4094e082a38156f62018b9d59edef27429bbea60d6e146a2ce134546d54e00b6585c1d85e3aedfb3b9a5de7728a96b2bcc26106655bae6bc5ce3a72714f9e23282a2fba29fc870b394e832f07dc50ded3a042953fe91379769e424398278b6ed14ae4f6b4cce5fa7ba20fc8d157a78fd308214d177189bcd76b2bd62a861a8c1562e2748f338f7369f0f062804685399a6655fcb4564a644e7a8bee8330557376884cce9153992e8e205bc1474dbd0109b3c87991db9bb77a9dff5775267390431ce56ff49500d8ad70be34a0d9a0b112e07eb55f0fe07de9ac93a0b30cb36029b5ec41e032daf66627d4e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
-      Version: 3
-      TBS:
-        MD5: fb72fa311261c4fb6a786e5cc7ce1d2f
-        SHA1: 1006abcf3b1eb43fd4cc42a2cc25346b3b9002c3
-        SHA256: 01beb7dc0d29b16a5506fc611b435aa0f4d9c50408ca404e91135e493a20890a
-        SHA384: 759175ad5a7509fc3ea3678d14e568abd0edeb753b53af88af04869bea98a07314b88c26de077ab3bdb6dbb1df1b93f9
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 3e05f63a445c98b6831d9476006337f7
-    SHA1: 08c8e06efd3136ae964f86be406389c47f74e4dd
-    SHA256: e5965588f92317c7d220193aa42f12d30bae66f0008f4831568b8131edeeb70a
-  Sections:
-    .text:
-      Entropy: 5.396352784335148
-      Virtual Size: '0x3130'
-    .rdata:
-      Entropy: 4.150556480845234
-      Virtual Size: '0x348'
-    .pdata:
-      Entropy: 3.2551039363088288
-      Virtual Size: '0x84'
-    .sdata:
-      Entropy: 1.055945444608438
-      Virtual Size: '0x260'
-    INIT:
-      Entropy: 5.06628585370835
-      Virtual Size: '0x3d6'
-    .rsrc:
-      Entropy: 3.4181439310744572
-      Virtual Size: '0x3d0'
-    .reloc:
-      Entropy: 1.042907998495935
-      Virtual Size: '0x146'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2010-07-09 05:17:26'
-  Imphash: f0820e8f674e44e5c2a3f899ec561c1d
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: cpuz.sys
-  MD5: d0c2caa17c7b6d2200e1b5aa9d07135e
-  SHA1: bad84fca57ab0ef0af9230a93e0cc3d149f9ccd0
-  SHA256: 5b3705b47dc15f2b61ca3821b883b9cd114d83fcc3344d11eb1d3df495d75abe
-  Authentihash:
-    MD5: 1a595aaefa6bd782d63e97de4fcec464
-    SHA1: eae1ab9e3aac1a4de139993b7e63542befccf0df
-    SHA256: 6045d564286f00fc1efedd25ffd22ecb7eaf2b3a6c778e392319380c77e45658
-  Description: CPUID Driver
-  Company: CPUID
-  InternalName: cpuz.sys
-  OriginalFilename: cpuz.sys
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Product: CPUID service
-  ProductVersion: 6.1.7600.16385
-  Copyright: Copyright(C) 2010 CPUID
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - RtlAnsiStringToUnicodeString
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeInitializeEvent
-  - RtlInitAnsiString
-  - MmUnmapIoSpace
-  - IoCancelIrp
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - MmMapIoSpace
-  - ExFreePoolWithTag
-  - KeWaitForSingleObject
-  - PsGetVersion
-  - IoCreateSymbolicLink
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - DbgPrint
-  - IofCallDriver
-  - KeBugCheckEx
-  - IoDeleteSymbolicLink
-  - IoBuildDeviceIoControlRequest
-  - IofCompleteRequest
-  - ExAllocatePoolWithTag
-  - RtlUnwindEx
-  - HalSetBusDataByOffset
-  - KeStallExecutionProcessor
-  - HalGetBusDataByOffset
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G3
-      ValidFrom: '2012-05-01 00:00:00'
-      ValidTo: '2012-12-31 23:59:59'
-      Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
-      Version: 3
-      TBS:
-        MD5: e6d820afb23af20a65cf0b03247ea05e
-        SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
-        SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
-        SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=CPUID
-      ValidFrom: '2012-01-06 00:00:00'
-      ValidTo: '2015-02-06 23:59:59'
-      Signature: be6fb3b3b33e9108a9a2273d1cf5eb3209a8c3a86ba7d66069393587f6b451b75b327ea15d36b1604aad5509c0ace37fa66e220b35764b9c201169677738c06802d2f798383c256c690898a663b0aeb519491057f9f24149c513abba2a4cab9934a684e5d83a34105fe6681f2b85d5ee06332d1c05c3627758442fd2fc94f5f68bb30f085cb1d31174e1461394aeef7b124291a099654d1103df3deab81e9658b5b5cc817061d688ae39e702f1d0dd420d6de931bed331960e089233b8576482e48d5b769fdfa8df02e1d098912444b324057826e1f72c26f045b2479a9b39eadfd6b2e1bd6db4057ef6b12ca385cad9a7ad82c4414e619f97dfd08a55f59053
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 53c8b54713882d4d5439511804935e
-      Version: 3
-      TBS:
-        MD5: 49e7946e133b4aaa31899adb235d3fa9
-        SHA1: f9f38ec49a6ccb990805be6dda0efa5f7fe8f7e7
-        SHA256: 1bb998a806b890e3300be35de0daa1b691fa218ef3d58ee5ec1b43fd34250a74
-        SHA384: 0a2ca21b084e3b431a7150c49819934d64a8b259d5686706d879a90cc37d32005eb2bbe07558b312b1169ab8a3e3de39
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 53c8b54713882d4d5439511804935e
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: dd4b3ae5449a7da46b90bead31c1bab6
-    SHA1: 76abd50622838fcbb459166b2b42850bc5cfd18b
-    SHA256: 3bb0708613c56dbb77df753872797d73065432ac7c2ea3cde2569173972c7dac
-  Sections:
-    .text:
-      Entropy: 6.2041710477554854
-      Virtual Size: '0x2616'
-    .rdata:
-      Entropy: 4.177976296652285
-      Virtual Size: '0x3ec'
-    .data:
-      Entropy: 0.378703493487675
-      Virtual Size: '0x2c0'
-    .pdata:
-      Entropy: 3.499086286863614
-      Virtual Size: '0xc0'
-    INIT:
-      Entropy: 5.052256723807581
-      Virtual Size: '0x41a'
-    .rsrc:
-      Entropy: 3.3943730160709853
-      Virtual Size: '0x350'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2012-08-11 01:48:20'
-  Imphash: 2561727ac42d399030b3c46477c428f4
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: cpuz.sys
-  MD5: f310b453ac562f2c53d30aa6e35506bb
-  SHA1: eb44a05f8bba3d15e38454bd92999a856e6574eb
-  SHA256: 600a2119657973112025db3c0eeab2e69d528bccfeed75f40c6ef50b059ec8a0
-  Authentihash:
-    MD5: 423e8ee5a464bc64032924ee428b40af
-    SHA1: 37552fe06a39175032793e6317d124008a892f18
-    SHA256: abf635a246752555868f203a565ead519c9ada06ea007545a47bf352678c342a
-  Description: CPUID Driver
-  Company: CPUID
-  InternalName: cpuz.sys
-  OriginalFilename: cpuz.sys
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Product: CPUID service
-  ProductVersion: 6.1.7600.16385
-  Copyright: Copyright(C) 2014 CPUID
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - RtlAnsiStringToUnicodeString
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeInitializeEvent
-  - RtlInitAnsiString
-  - MmUnmapIoSpace
-  - IoCancelIrp
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - ExFreePoolWithTag
-  - IofCompleteRequest
-  - KeWaitForSingleObject
-  - PsGetVersion
-  - IoCreateSymbolicLink
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - IofCallDriver
-  - KeBugCheckEx
-  - IoDeleteSymbolicLink
-  - IoBuildDeviceIoControlRequest
-  - MmMapIoSpace
-  - ExAllocatePoolWithTag
-  - RtlUnwindEx
-  - HalSetBusDataByOffset
-  - KeStallExecutionProcessor
-  - HalGetBusDataByOffset
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, CN=CPUID
-      ValidFrom: '2014-12-02 00:00:00'
-      ValidTo: '2018-03-02 23:59:59'
-      Signature: a59808b35f916a1201f0987b958aaaf50b81f3e507cf9d1b902bc22787244617e38069e4ca74bcf505dfdfeb6bad8bee2ecba26a428c2b26c9b9987241b50ccfd895a7335b35534c5569fdef2554d773cb3b20f10e08eeff2701d2a3e8ef7c5bb759baf1995d1580dce4f0c5da90eff4f07e01e7c9273b24c14c514f2ae1d1fe940dd53bfa25572cd6f3c007c7f21aebc58ea32ca3aea83c731419c9dcc191158cbb52b0b70545a16c9b42aadd4dcb167443d6c15fa03ae7f6f0f644845a69cb8badb3f143fd916a70c5008c3486d1f0cc8e0527f76da5aeaca4925f6eb6861dd54e1ce8b80e6b000446d77ac8bd0299e38db3b8e4a9c43294367cd6a55351d0
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 2d8021d84f098e7abde199f818e211a4
-      Version: 3
-      TBS:
-        MD5: 8f8c7ccf1ef7e1ee347f49e8266008ca
-        SHA1: b856b993df73da9d824aa1e5161788bd10d1e10e
-        SHA256: 1dd13a417806106c76cfbcd3614fe27a0638d2aaf2731f6a110c05043e34ad91
-        SHA384: d24ede407b82f80a6f0703b59af267f227a956c21f642f4c3d717d6999728ba2acfde76966340f4334f8ecdcf294616e
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 2d8021d84f098e7abde199f818e211a4
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: b3dcf662ce69ad7b34717fb6aecf09a7
-    SHA1: 63be2c28ecee71a739bfbaf38466362e998bc5bc
-    SHA256: f4257b7e95b00b38e446b2708cc342fe32846266064b94c78ec1f987731c2226
-  Sections:
-    .text:
-      Entropy: 6.187068215362904
-      Virtual Size: '0x30c6'
-    .rdata:
-      Entropy: 4.212054484888266
-      Virtual Size: '0x424'
-    .data:
-      Entropy: 0.378703493487675
-      Virtual Size: '0x2c0'
-    .pdata:
-      Entropy: 3.5511621274596537
-      Virtual Size: '0xd8'
-    INIT:
-      Entropy: 5.131854482283732
-      Virtual Size: '0x3ea'
-    .rsrc:
-      Entropy: 3.3971374522271924
-      Virtual Size: '0x350'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2015-10-21 03:22:27'
-  Imphash: f12ae9073d95c22ed89247253d59f500
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: cpuz.sys
-  MD5: aa69b4255e786d968adbd75ba5cf3e93
-  SHA1: af5f642b105d86f82ba6d5e7a55d6404bfb50875
-  SHA256: 60b163776e7b95e0c2280d04476304d0c943b484909131f340e3ce6045a49289
-  Authentihash:
-    MD5: 2d28bedef20cc63f0ae1b726a5cb34e0
-    SHA1: 92524be5b5320c3e08d880ecbcd36a9c8037a921
-    SHA256: 47c9323ae818bd2a3b55fc04abd984bd940cd4e27b6d4af311edcb66988ce941
-  Description: CPUID Driver
-  Company: Windows (R) Win 7 DDK provider
-  InternalName: cpuz.sys
-  OriginalFilename: cpuz.sys
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Product: Windows (R) Win 7 DDK driver
-  ProductVersion: 6.1.7600.16385
-  Copyright: "\xA9 Microsoft Corporation. All rights reserved."
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - ExFreePoolWithTag
-  - RtlAnsiStringToUnicodeString
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - ProbeForWrite
-  - KeInitializeEvent
-  - RtlInitAnsiString
-  - MmUnmapIoSpace
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - IoDeleteSymbolicLink
-  - IofCompleteRequest
-  - KeWaitForSingleObject
-  - PsGetVersion
-  - IoCreateSymbolicLink
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - IofCallDriver
-  - KeBugCheckEx
-  - IoBuildDeviceIoControlRequest
-  - MmMapIoSpace
-  - ExAllocatePoolWithTag
-  - RtlUnwindEx
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=CPUID
-      ValidFrom: '2009-02-02 00:00:00'
-      ValidTo: '2012-02-07 23:59:59'
-      Signature: 9a9bbecb393272aaedfd7a125e0fe581151a18a75a4094e082a38156f62018b9d59edef27429bbea60d6e146a2ce134546d54e00b6585c1d85e3aedfb3b9a5de7728a96b2bcc26106655bae6bc5ce3a72714f9e23282a2fba29fc870b394e832f07dc50ded3a042953fe91379769e424398278b6ed14ae4f6b4cce5fa7ba20fc8d157a78fd308214d177189bcd76b2bd62a861a8c1562e2748f338f7369f0f062804685399a6655fcb4564a644e7a8bee8330557376884cce9153992e8e205bc1474dbd0109b3c87991db9bb77a9dff5775267390431ce56ff49500d8ad70be34a0d9a0b112e07eb55f0fe07de9ac93a0b30cb36029b5ec41e032daf66627d4e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
-      Version: 3
-      TBS:
-        MD5: fb72fa311261c4fb6a786e5cc7ce1d2f
-        SHA1: 1006abcf3b1eb43fd4cc42a2cc25346b3b9002c3
-        SHA256: 01beb7dc0d29b16a5506fc611b435aa0f4d9c50408ca404e91135e493a20890a
-        SHA384: 759175ad5a7509fc3ea3678d14e568abd0edeb753b53af88af04869bea98a07314b88c26de077ab3bdb6dbb1df1b93f9
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: a38f27f93ae0a47de0beccf18bdd9f0d
-    SHA1: cd1a8f9d3317d025efd043e634381412d74f38d3
-    SHA256: f570747684874e6d241bec749b182ef1902d578127bf1087132383695896986e
-  Sections:
-    .text:
-      Entropy: 6.169826234776459
-      Virtual Size: '0x2176'
-    .rdata:
-      Entropy: 4.207878001994479
-      Virtual Size: '0x3cc'
-    .data:
-      Entropy: 0.378703493487675
-      Virtual Size: '0x2c0'
-    .pdata:
-      Entropy: 3.4966307212281404
-      Virtual Size: '0xc0'
-    INIT:
-      Entropy: 5.089554733637361
-      Virtual Size: '0x3e4'
-    .rsrc:
-      Entropy: 3.4155760648585995
-      Virtual Size: '0x3d0'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2010-03-16 05:00:47'
-  Imphash: af34db96db910a3fa7a56f2fac8ed5e1
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: cpuz.sys
-  MD5: 3411fdf098aa20193eee5ffa36ba43b2
-  SHA1: ad05bff5fe45df9e08252717fc2bc2af57bf026f
-  SHA256: 67734c7c0130dd66c964f76965f09a2290da4b14c94412c0056046e700654bdc
-  Authentihash:
-    MD5: 41fd82e071d4afdfd8a895d0ab4fb568
-    SHA1: b72edd113acbd4bb98374b80c1d238eb1e348f15
-    SHA256: 3b2a3b74127c7ecf095e0fe5a65af31b9701d2ba6dc2a4d87882de65d84842c0
-  Description: CPUID Driver
-  Company: CPUID
-  InternalName: cpuz.sys
-  OriginalFilename: cpuz.sys
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Product: CPUID service
-  ProductVersion: 6.1.7600.16385
-  Copyright: Copyright(C) 2010 CPUID
-  MachineType: I386
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IofCompleteRequest
-  - ExFreePool
-  - ExAllocatePoolWithTag
-  - RtlFreeUnicodeString
-  - ObfDereferenceObject
-  - MmIsAddressValid
-  - IoGetDeviceObjectPointer
-  - MmUnmapIoSpace
-  - RtlInitAnsiString
-  - MmMapIoSpace
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeTickCount
-  - KeBugCheckEx
-  - RtlInitUnicodeString
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - PsGetVersion
-  - KeInitializeEvent
-  - IoBuildDeviceIoControlRequest
-  - IofCallDriver
-  - KeWaitForSingleObject
-  - RtlAnsiStringToUnicodeString
-  - IoCancelIrp
-  - RtlUnwind
-  - READ_PORT_USHORT
-  - READ_PORT_ULONG
-  - WRITE_PORT_UCHAR
-  - WRITE_PORT_USHORT
-  - WRITE_PORT_ULONG
-  - HalGetBusDataByOffset
-  - HalSetBusDataByOffset
-  - KeStallExecutionProcessor
-  - READ_PORT_UCHAR
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=CPUID
-      ValidFrom: '2009-02-02 00:00:00'
-      ValidTo: '2012-02-07 23:59:59'
-      Signature: 9a9bbecb393272aaedfd7a125e0fe581151a18a75a4094e082a38156f62018b9d59edef27429bbea60d6e146a2ce134546d54e00b6585c1d85e3aedfb3b9a5de7728a96b2bcc26106655bae6bc5ce3a72714f9e23282a2fba29fc870b394e832f07dc50ded3a042953fe91379769e424398278b6ed14ae4f6b4cce5fa7ba20fc8d157a78fd308214d177189bcd76b2bd62a861a8c1562e2748f338f7369f0f062804685399a6655fcb4564a644e7a8bee8330557376884cce9153992e8e205bc1474dbd0109b3c87991db9bb77a9dff5775267390431ce56ff49500d8ad70be34a0d9a0b112e07eb55f0fe07de9ac93a0b30cb36029b5ec41e032daf66627d4e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
-      Version: 3
-      TBS:
-        MD5: fb72fa311261c4fb6a786e5cc7ce1d2f
-        SHA1: 1006abcf3b1eb43fd4cc42a2cc25346b3b9002c3
-        SHA256: 01beb7dc0d29b16a5506fc611b435aa0f4d9c50408ca404e91135e493a20890a
-        SHA384: 759175ad5a7509fc3ea3678d14e568abd0edeb753b53af88af04869bea98a07314b88c26de077ab3bdb6dbb1df1b93f9
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 4ba73072bea66755a70f3a8c99951424
-    SHA1: d9ce039d736544c2d9b7fe44460d8e006a5c62f0
-    SHA256: 3b45bc2da9543317e7a22486f86a3f8c0eb289596d1d7661b47e35e99058861f
-  Sections:
-    .text:
-      Entropy: 6.1851356647481595
-      Virtual Size: '0x2600'
-    .rdata:
-      Entropy: 4.469676429308113
-      Virtual Size: '0x2f8'
-    .data:
-      Entropy: 0.22396935932252834
-      Virtual Size: '0x1c0'
-    INIT:
-      Entropy: 5.358436362596031
-      Virtual Size: '0x3f4'
-    .rsrc:
-      Entropy: 3.3927376128305218
-      Virtual Size: '0x350'
-    .reloc:
-      Entropy: 5.38153465292173
-      Virtual Size: '0x244'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2011-09-21 02:24:20'
-  Imphash: 5716c52252afe18d09f6c1bc6e5ef3ef
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: cpuz.sys
-  MD5: f60a9b88c6ff07d4990d8653d0025683
-  SHA1: 0cc60a56e245e70f664906b7b67dfe1b4a08a5b7
-  SHA256: 6befa481e8cca8084d9ec3a1925782cd3c28ef7a3e4384e034d48deaabb96b63
-  Authentihash:
-    MD5: a3d5faa9e1a6f47f8e0a23ef837afe38
-    SHA1: bb21b535fa0adaef1a9a29759e0d2b2a5faf1965
-    SHA256: 5e9099b95b2074fecc6efa6d59552651b1e082aaa3612889f417064d378a797f
-  Description: CPUID Driver
-  Company: CPUID
-  InternalName: cpuz.sys
-  OriginalFilename: cpuz.sys
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Product: CPUID service
-  ProductVersion: 6.1.7600.16385
-  Copyright: Copyright(C) 2014 CPUID
-  MachineType: IA64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - PsGetVersion
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeTickCount
-  - KeBugCheckEx
-  - IofCompleteRequest
-  - MmMapIoSpace
-  - MmUnmapIoSpace
-  - ProbeForWrite
-  - IoDeleteDevice
-  - RtlInitUnicodeString
-  - IoDeleteSymbolicLink
-  - RtlUnwindEx
-  - RtlPcToFileHeader
-  - READ_PORT_USHORT
-  - WRITE_PORT_ULONG
-  - HalGetBusDataByOffset
-  - HalSetBusDataByOffset
-  - READ_PORT_UCHAR
-  - HalCallPal
-  - WRITE_PORT_UCHAR
-  - KeStallExecutionProcessor
-  - WRITE_PORT_USHORT
-  - READ_PORT_ULONG
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=CPUID
-      ValidFrom: '2012-01-06 00:00:00'
-      ValidTo: '2015-02-06 23:59:59'
-      Signature: be6fb3b3b33e9108a9a2273d1cf5eb3209a8c3a86ba7d66069393587f6b451b75b327ea15d36b1604aad5509c0ace37fa66e220b35764b9c201169677738c06802d2f798383c256c690898a663b0aeb519491057f9f24149c513abba2a4cab9934a684e5d83a34105fe6681f2b85d5ee06332d1c05c3627758442fd2fc94f5f68bb30f085cb1d31174e1461394aeef7b124291a099654d1103df3deab81e9658b5b5cc817061d688ae39e702f1d0dd420d6de931bed331960e089233b8576482e48d5b769fdfa8df02e1d098912444b324057826e1f72c26f045b2479a9b39eadfd6b2e1bd6db4057ef6b12ca385cad9a7ad82c4414e619f97dfd08a55f59053
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 53c8b54713882d4d5439511804935e
-      Version: 3
-      TBS:
-        MD5: 49e7946e133b4aaa31899adb235d3fa9
-        SHA1: f9f38ec49a6ccb990805be6dda0efa5f7fe8f7e7
-        SHA256: 1bb998a806b890e3300be35de0daa1b691fa218ef3d58ee5ec1b43fd34250a74
-        SHA384: 0a2ca21b084e3b431a7150c49819934d64a8b259d5686706d879a90cc37d32005eb2bbe07558b312b1169ab8a3e3de39
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 53c8b54713882d4d5439511804935e
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: d6643b31d447dc612fb7920d936baf5a
-    SHA1: 0d2acfebbfb9a35446bb9ff7b915c8ff514fd7dc
-    SHA256: 98f7bc08e99aa659bfb0295c09adf8ccfdb7f7ad8cc065cfb4f0732585c1855c
-  Sections:
-    .text:
-      Entropy: 5.3484809966574
-      Virtual Size: '0x3b60'
-    .rdata:
-      Entropy: 4.154715674967178
-      Virtual Size: '0x3d8'
-    .pdata:
-      Entropy: 3.4060649759113413
-      Virtual Size: '0xb4'
-    .sdata:
-      Entropy: 1.1203888318125959
-      Virtual Size: '0x2a0'
-    INIT:
-      Entropy: 5.0324391219722715
-      Virtual Size: '0x3e8'
-    .rsrc:
-      Entropy: 3.3971374522271924
-      Virtual Size: '0x350'
-    .reloc:
-      Entropy: 0.9557665440658051
-      Virtual Size: '0x168'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2014-02-17 07:22:11'
-  Imphash: a2d936fa82b7340d28a697fb344046d8
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: cpuz.sys
-  MD5: c046ca4da48db1524ddf3a49a8d02b65
-  SHA1: 5635bb2478929010693bc3b23f8b7fe5fdbc3aed
-  SHA256: 771015b2620942919bb2e0683476635b7a09db55216d6fbf03534cb18513b20c
-  Authentihash:
-    MD5: 49da5e87cba74d3bd91bd589e49b0d1a
-    SHA1: e79179e0a586067e9d9654c2a8dfd45963ddcac3
-    SHA256: 36729c2c714e05ebf9bc7262bc7f0d5d25d9dc9c8e0c4fdce27143bbdd9d9aa7
-  Description: CPUID Driver
-  Company: CPUID
-  InternalName: cpuz.sys
-  OriginalFilename: cpuz.sys
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Product: CPUID service
-  ProductVersion: 6.1.7600.16385
-  Copyright: Copyright(C) 2015 CPUID
-  MachineType: IA64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - PsGetVersion
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeTickCount
-  - KeBugCheckEx
-  - IofCompleteRequest
-  - MmMapIoSpace
-  - MmUnmapIoSpace
-  - ProbeForWrite
-  - IoDeleteDevice
-  - RtlInitUnicodeString
-  - IoDeleteSymbolicLink
-  - __C_specific_handler
-  - READ_PORT_USHORT
-  - WRITE_PORT_ULONG
-  - HalGetBusDataByOffset
-  - HalSetBusDataByOffset
-  - READ_PORT_UCHAR
-  - HalCallPal
-  - WRITE_PORT_UCHAR
-  - KeStallExecutionProcessor
-  - WRITE_PORT_USHORT
-  - READ_PORT_ULONG
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, CN=CPUID
-      ValidFrom: '2014-12-02 00:00:00'
-      ValidTo: '2018-03-02 23:59:59'
-      Signature: a59808b35f916a1201f0987b958aaaf50b81f3e507cf9d1b902bc22787244617e38069e4ca74bcf505dfdfeb6bad8bee2ecba26a428c2b26c9b9987241b50ccfd895a7335b35534c5569fdef2554d773cb3b20f10e08eeff2701d2a3e8ef7c5bb759baf1995d1580dce4f0c5da90eff4f07e01e7c9273b24c14c514f2ae1d1fe940dd53bfa25572cd6f3c007c7f21aebc58ea32ca3aea83c731419c9dcc191158cbb52b0b70545a16c9b42aadd4dcb167443d6c15fa03ae7f6f0f644845a69cb8badb3f143fd916a70c5008c3486d1f0cc8e0527f76da5aeaca4925f6eb6861dd54e1ce8b80e6b000446d77ac8bd0299e38db3b8e4a9c43294367cd6a55351d0
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 2d8021d84f098e7abde199f818e211a4
-      Version: 3
-      TBS:
-        MD5: 8f8c7ccf1ef7e1ee347f49e8266008ca
-        SHA1: b856b993df73da9d824aa1e5161788bd10d1e10e
-        SHA256: 1dd13a417806106c76cfbcd3614fe27a0638d2aaf2731f6a110c05043e34ad91
-        SHA384: d24ede407b82f80a6f0703b59af267f227a956c21f642f4c3d717d6999728ba2acfde76966340f4334f8ecdcf294616e
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 2d8021d84f098e7abde199f818e211a4
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 8ea619be06260d53ffafd0dc9b610cb0
-    SHA1: c796bfcf888f2b8841388524d2117d3bb17c0e8c
-    SHA256: 0140c43b66ca9c67a08bcb7eaddab10203a2c2b75bd411d5eecf8d0d78dce9c6
-  Sections:
-    .text:
-      Entropy: 5.372120601484934
-      Virtual Size: '0x3850'
-    .rdata:
-      Entropy: 4.096307336199365
-      Virtual Size: '0x3a0'
-    .pdata:
-      Entropy: 3.3485198020390934
-      Virtual Size: '0x9c'
-    .sdata:
-      Entropy: 1.055945444608438
-      Virtual Size: '0x260'
-    INIT:
-      Entropy: 5.065598292840257
-      Virtual Size: '0x3d6'
-    .rsrc:
-      Entropy: 3.3958173868041217
-      Virtual Size: '0x350'
-    .reloc:
-      Entropy: 1.0164053768066021
-      Virtual Size: '0x14e'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2015-11-18 02:17:31'
-  Imphash: f0820e8f674e44e5c2a3f899ec561c1d
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: cpuz.sys
-  MD5: 0283b43c6bc965175a1c92b255d39556
-  SHA1: 8325e8d7fd2edc126dcf1089dee8da64e79fb12e
-  SHA256: 80eeb8c2890f3535ed14f5881baf2f2226e6763be099d09fb8aadaba5b4474c1
-  Authentihash:
-    MD5: b978a03408c0e9ea44ffdeecc35ab83e
-    SHA1: fed654a9c5f2bf2a1ad9a2e94da162633fb468c5
-    SHA256: 72f9cb24cfa641876f34967b96244259f95987ef24d1d729c0e483b3eb9a2740
-  Description: CPUID Driver
-  Company: CPUID
-  InternalName: cpuz.sys
-  OriginalFilename: cpuz.sys
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Product: CPUID service
-  ProductVersion: 6.1.7600.16385
-  Copyright: Copyright(C) 2010 CPUID
-  MachineType: I386
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IofCompleteRequest
-  - ExFreePool
-  - ExAllocatePoolWithTag
-  - RtlFreeUnicodeString
-  - ObfDereferenceObject
-  - MmIsAddressValid
-  - IoGetDeviceObjectPointer
-  - MmUnmapIoSpace
-  - RtlInitAnsiString
-  - MmMapIoSpace
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - RtlUnwind
-  - KeTickCount
-  - KeBugCheckEx
-  - RtlInitUnicodeString
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - PsGetVersion
-  - KeInitializeEvent
-  - IoBuildDeviceIoControlRequest
-  - IofCallDriver
-  - KeWaitForSingleObject
-  - RtlAnsiStringToUnicodeString
-  - IoCancelIrp
-  - READ_PORT_USHORT
-  - READ_PORT_ULONG
-  - WRITE_PORT_UCHAR
-  - WRITE_PORT_USHORT
-  - WRITE_PORT_ULONG
-  - HalGetBusDataByOffset
-  - HalSetBusDataByOffset
-  - KeStallExecutionProcessor
-  - READ_PORT_UCHAR
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=CPUID
-      ValidFrom: '2012-01-06 00:00:00'
-      ValidTo: '2015-02-06 23:59:59'
-      Signature: be6fb3b3b33e9108a9a2273d1cf5eb3209a8c3a86ba7d66069393587f6b451b75b327ea15d36b1604aad5509c0ace37fa66e220b35764b9c201169677738c06802d2f798383c256c690898a663b0aeb519491057f9f24149c513abba2a4cab9934a684e5d83a34105fe6681f2b85d5ee06332d1c05c3627758442fd2fc94f5f68bb30f085cb1d31174e1461394aeef7b124291a099654d1103df3deab81e9658b5b5cc817061d688ae39e702f1d0dd420d6de931bed331960e089233b8576482e48d5b769fdfa8df02e1d098912444b324057826e1f72c26f045b2479a9b39eadfd6b2e1bd6db4057ef6b12ca385cad9a7ad82c4414e619f97dfd08a55f59053
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 53c8b54713882d4d5439511804935e
-      Version: 3
-      TBS:
-        MD5: 49e7946e133b4aaa31899adb235d3fa9
-        SHA1: f9f38ec49a6ccb990805be6dda0efa5f7fe8f7e7
-        SHA256: 1bb998a806b890e3300be35de0daa1b691fa218ef3d58ee5ec1b43fd34250a74
-        SHA384: 0a2ca21b084e3b431a7150c49819934d64a8b259d5686706d879a90cc37d32005eb2bbe07558b312b1169ab8a3e3de39
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 53c8b54713882d4d5439511804935e
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 41f15d0f328a165973b49de608ef72a2
-    SHA1: abcd9850775bd0a1a855e785a238e0e69525810f
-    SHA256: 02dc44b04a6426fcaedf26995bfa471f123a90a9c747e82cebaf95f394890631
-  Sections:
-    .text:
-      Entropy: 6.217479588256463
-      Virtual Size: '0x2750'
-    .rdata:
-      Entropy: 4.550469836478717
-      Virtual Size: '0x2f0'
-    .data:
-      Entropy: 0.335842300318532
-      Virtual Size: '0x1e0'
-    INIT:
-      Entropy: 5.41983369153965
-      Virtual Size: '0x3f4'
-    .rsrc:
-      Entropy: 3.3927376128305218
-      Virtual Size: '0x350'
-    .reloc:
-      Entropy: 5.5051908528223255
-      Virtual Size: '0x254'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2012-02-07 08:44:19'
-  Imphash: 958dd67f866ae27cf716e30a025b266f
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: cpuz.sys
-  MD5: 4a85754636c694572ca9f440d254f5ce
-  SHA1: dd55015f5406f0051853fd7cca3ab0406b5a2d52
-  SHA256: 8688e43d94b41eeca2ed458b8fc0d02f74696a918e375ecd3842d8627e7a8f2b
-  Authentihash:
-    MD5: 3a19663e83c3569a86812ef915de52bc
-    SHA1: cd9a022e078eaa2364155e00942edbecb85619b0
-    SHA256: 8d3ed9427dcc4f79be3585d41ab9c0bb447d6a0258dd919c4d49e02dedbaa47b
-  Description: CPUID Driver
-  Company: Windows (R) Win 7 DDK provider
-  InternalName: cpuz.sys
-  OriginalFilename: cpuz.sys
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Product: Windows (R) Win 7 DDK driver
-  ProductVersion: 6.1.7600.16385
-  Copyright: "\xA9 Microsoft Corporation. All rights reserved."
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - RtlAnsiStringToUnicodeString
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeInitializeEvent
-  - RtlInitAnsiString
-  - MmUnmapIoSpace
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - MmMapIoSpace
-  - ExFreePoolWithTag
-  - KeWaitForSingleObject
-  - PsGetVersion
-  - IoCreateSymbolicLink
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - IofCallDriver
-  - KeBugCheckEx
-  - IoDeleteSymbolicLink
-  - IoBuildDeviceIoControlRequest
-  - IofCompleteRequest
-  - ExAllocatePoolWithTag
-  - RtlUnwindEx
-  - HalSetBusDataByOffset
-  - KeStallExecutionProcessor
-  - HalGetBusDataByOffset
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=CPUID
-      ValidFrom: '2009-02-02 00:00:00'
-      ValidTo: '2012-02-07 23:59:59'
-      Signature: 9a9bbecb393272aaedfd7a125e0fe581151a18a75a4094e082a38156f62018b9d59edef27429bbea60d6e146a2ce134546d54e00b6585c1d85e3aedfb3b9a5de7728a96b2bcc26106655bae6bc5ce3a72714f9e23282a2fba29fc870b394e832f07dc50ded3a042953fe91379769e424398278b6ed14ae4f6b4cce5fa7ba20fc8d157a78fd308214d177189bcd76b2bd62a861a8c1562e2748f338f7369f0f062804685399a6655fcb4564a644e7a8bee8330557376884cce9153992e8e205bc1474dbd0109b3c87991db9bb77a9dff5775267390431ce56ff49500d8ad70be34a0d9a0b112e07eb55f0fe07de9ac93a0b30cb36029b5ec41e032daf66627d4e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
-      Version: 3
-      TBS:
-        MD5: fb72fa311261c4fb6a786e5cc7ce1d2f
-        SHA1: 1006abcf3b1eb43fd4cc42a2cc25346b3b9002c3
-        SHA256: 01beb7dc0d29b16a5506fc611b435aa0f4d9c50408ca404e91135e493a20890a
-        SHA384: 759175ad5a7509fc3ea3678d14e568abd0edeb753b53af88af04869bea98a07314b88c26de077ab3bdb6dbb1df1b93f9
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 93394769f926489de472acbbd72c3d8b
-    SHA1: 6e6c943f13b82d4d46331de813914d4db63771f7
-    SHA256: 53362bef3277e59f67ebc5a085f1cbe60e5c9aef1a18a2ac391b2f4954fa9649
-  Sections:
-    .text:
-      Entropy: 6.206552850925677
-      Virtual Size: '0x21a6'
-    .rdata:
-      Entropy: 4.27776755944508
-      Virtual Size: '0x3c0'
-    .data:
-      Entropy: 0.378703493487675
-      Virtual Size: '0x2c0'
-    .pdata:
-      Entropy: 3.401674357474197
-      Virtual Size: '0x90'
-    INIT:
-      Entropy: 5.076342695575086
-      Virtual Size: '0x3f0'
-    .rsrc:
-      Entropy: 3.4148190207283133
-      Virtual Size: '0x3d0'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2010-06-04 07:51:45'
-  Imphash: 68062e8b9d3c1e6cc62a9cae16a12b81
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: cpuz.sys
-  MD5: 8741e6df191c805028b92cec44b1ba88
-  SHA1: ba0938512d7abab23a72279b914d0ea0fb46e498
-  SHA256: 8cf0cbbdc43f9b977f0fb79e0a0dd0e1adabe08a67d0f40d727c717c747de775
-  Authentihash:
-    MD5: a67c91579145d058cf7cd3f8f60bf613
-    SHA1: cb981516b9979025669c080a74c9308dca04963a
-    SHA256: 02fcbc5372c9bf31903376bde11d558ab7c7f13bde005120e24bdb1aef5d0134
-  Description: CPUID Driver
-  Company: CPUID
-  InternalName: cpuz.sys
-  OriginalFilename: cpuz.sys
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Product: CPUID service
-  ProductVersion: 6.1.7600.16385
-  Copyright: Copyright(C) 2014 CPUID
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - RtlAnsiStringToUnicodeString
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeInitializeEvent
-  - RtlInitAnsiString
-  - MmUnmapIoSpace
-  - IoCancelIrp
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - ExFreePoolWithTag
-  - IofCompleteRequest
-  - KeWaitForSingleObject
-  - PsGetVersion
-  - IoCreateSymbolicLink
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - IofCallDriver
-  - KeBugCheckEx
-  - IoDeleteSymbolicLink
-  - IoBuildDeviceIoControlRequest
-  - MmMapIoSpace
-  - ExAllocatePoolWithTag
-  - RtlUnwindEx
-  - HalSetBusDataByOffset
-  - KeStallExecutionProcessor
-  - HalGetBusDataByOffset
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, CN=CPUID
-      ValidFrom: '2014-12-02 00:00:00'
-      ValidTo: '2018-03-02 23:59:59'
-      Signature: a59808b35f916a1201f0987b958aaaf50b81f3e507cf9d1b902bc22787244617e38069e4ca74bcf505dfdfeb6bad8bee2ecba26a428c2b26c9b9987241b50ccfd895a7335b35534c5569fdef2554d773cb3b20f10e08eeff2701d2a3e8ef7c5bb759baf1995d1580dce4f0c5da90eff4f07e01e7c9273b24c14c514f2ae1d1fe940dd53bfa25572cd6f3c007c7f21aebc58ea32ca3aea83c731419c9dcc191158cbb52b0b70545a16c9b42aadd4dcb167443d6c15fa03ae7f6f0f644845a69cb8badb3f143fd916a70c5008c3486d1f0cc8e0527f76da5aeaca4925f6eb6861dd54e1ce8b80e6b000446d77ac8bd0299e38db3b8e4a9c43294367cd6a55351d0
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 2d8021d84f098e7abde199f818e211a4
-      Version: 3
-      TBS:
-        MD5: 8f8c7ccf1ef7e1ee347f49e8266008ca
-        SHA1: b856b993df73da9d824aa1e5161788bd10d1e10e
-        SHA256: 1dd13a417806106c76cfbcd3614fe27a0638d2aaf2731f6a110c05043e34ad91
-        SHA384: d24ede407b82f80a6f0703b59af267f227a956c21f642f4c3d717d6999728ba2acfde76966340f4334f8ecdcf294616e
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 2d8021d84f098e7abde199f818e211a4
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: b3dcf662ce69ad7b34717fb6aecf09a7
-    SHA1: 63be2c28ecee71a739bfbaf38466362e998bc5bc
-    SHA256: f4257b7e95b00b38e446b2708cc342fe32846266064b94c78ec1f987731c2226
-  Sections:
-    .text:
-      Entropy: 6.187068215362904
-      Virtual Size: '0x30c6'
-    .rdata:
-      Entropy: 4.226233458071221
-      Virtual Size: '0x424'
-    .data:
-      Entropy: 0.378703493487675
-      Virtual Size: '0x2c0'
-    .pdata:
-      Entropy: 3.5511621274596537
-      Virtual Size: '0xd8'
-    INIT:
-      Entropy: 5.131854482283732
-      Virtual Size: '0x3ea'
-    .rsrc:
-      Entropy: 3.3971374522271924
-      Virtual Size: '0x350'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2015-02-26 00:04:34'
-  Imphash: f12ae9073d95c22ed89247253d59f500
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: cpuz.sys
-  MD5: bf581e9eb91bace0b02a2c5a54bf1419
-  SHA1: 13df48ab4cd412651b2604829ce9b61d39a791bb
-  SHA256: 8d57e416ea4bb855b78a2ff3c80de1dfbb5dc5ee9bfbdddb23e46bd8619287e2
-  Authentihash:
-    MD5: b2c31454c057d73fb6d240356a32f8f1
-    SHA1: f965db8fa1ef4ce0a738aad55d82c0cf63a47915
-    SHA256: 16398965e9cea179b2e5ca884e3af032dece08d4ef33bdd83234ee441d71a5fa
-  Description: CPUID Driver
-  Company: CPUID
-  InternalName: cpuz.sys
-  OriginalFilename: cpuz.sys
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Product: CPUID service
-  ProductVersion: 6.1.7600.16385
-  Copyright: Copyright(C) 2015 CPUID
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - RtlAnsiStringToUnicodeString
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeInitializeEvent
-  - RtlInitAnsiString
-  - MmUnmapIoSpace
-  - IoCancelIrp
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - ExFreePoolWithTag
-  - IofCompleteRequest
-  - KeWaitForSingleObject
-  - PsGetVersion
-  - IoCreateSymbolicLink
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - IofCallDriver
-  - KeBugCheckEx
-  - IoDeleteSymbolicLink
-  - IoBuildDeviceIoControlRequest
-  - MmMapIoSpace
-  - ExAllocatePoolWithTag
-  - RtlUnwindEx
-  - HalSetBusDataByOffset
-  - KeStallExecutionProcessor
-  - HalGetBusDataByOffset
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, CN=CPUID
-      ValidFrom: '2014-12-02 00:00:00'
-      ValidTo: '2018-03-02 23:59:59'
-      Signature: a59808b35f916a1201f0987b958aaaf50b81f3e507cf9d1b902bc22787244617e38069e4ca74bcf505dfdfeb6bad8bee2ecba26a428c2b26c9b9987241b50ccfd895a7335b35534c5569fdef2554d773cb3b20f10e08eeff2701d2a3e8ef7c5bb759baf1995d1580dce4f0c5da90eff4f07e01e7c9273b24c14c514f2ae1d1fe940dd53bfa25572cd6f3c007c7f21aebc58ea32ca3aea83c731419c9dcc191158cbb52b0b70545a16c9b42aadd4dcb167443d6c15fa03ae7f6f0f644845a69cb8badb3f143fd916a70c5008c3486d1f0cc8e0527f76da5aeaca4925f6eb6861dd54e1ce8b80e6b000446d77ac8bd0299e38db3b8e4a9c43294367cd6a55351d0
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 2d8021d84f098e7abde199f818e211a4
-      Version: 3
-      TBS:
-        MD5: 8f8c7ccf1ef7e1ee347f49e8266008ca
-        SHA1: b856b993df73da9d824aa1e5161788bd10d1e10e
-        SHA256: 1dd13a417806106c76cfbcd3614fe27a0638d2aaf2731f6a110c05043e34ad91
-        SHA384: d24ede407b82f80a6f0703b59af267f227a956c21f642f4c3d717d6999728ba2acfde76966340f4334f8ecdcf294616e
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 2d8021d84f098e7abde199f818e211a4
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: b3dcf662ce69ad7b34717fb6aecf09a7
-    SHA1: 63be2c28ecee71a739bfbaf38466362e998bc5bc
-    SHA256: f4257b7e95b00b38e446b2708cc342fe32846266064b94c78ec1f987731c2226
-  Sections:
-    .text:
-      Entropy: 6.188258985068624
-      Virtual Size: '0x30c6'
-    .rdata:
-      Entropy: 4.223852822083244
-      Virtual Size: '0x424'
-    .data:
-      Entropy: 0.378703493487675
-      Virtual Size: '0x2c0'
-    .pdata:
-      Entropy: 3.5511621274596537
-      Virtual Size: '0xd8'
-    INIT:
-      Entropy: 5.131854482283732
-      Virtual Size: '0x3ea'
-    .rsrc:
-      Entropy: 3.3958173868041217
-      Virtual Size: '0x350'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2016-01-27 02:18:15'
-  Imphash: f12ae9073d95c22ed89247253d59f500
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: cpuz.sys
-  MD5: 94ccef76fda12ab0b8270f9b2980552b
-  SHA1: e4cbb48aa1aff6cf4ea94ef3b7afb6c245ac47e8
-  SHA256: 8e5aef7c66c0e92dfc037ee29ade1c8484b8d7fadebdcf521d2763b1d8215126
-  Authentihash:
-    MD5: ac9131c2fc8e77ef414ad451d35e4d1e
-    SHA1: 7b63ad1179825964aae9d1486fefed1b8f26a8a8
-    SHA256: 1a8a5aebf83d1fa6daf74e48fc600e22b8fdceafb5dd7c7e14db2aa2a28e8c24
-  Description: CPUID Driver
-  Company: Windows (R) Codename Longhorn DDK provider
-  InternalName: cpuz.sys
-  OriginalFilename: cpuz.sys
-  FileVersion: '6.0.6000.16386 built by: WinDDK'
-  Product: Windows (R) Codename Longhorn DDK driver
-  ProductVersion: 6.0.6000.16386
-  Copyright: "\xA9 Microsoft Corporation. All rights reserved."
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - KeWaitForSingleObject
-  - PsGetVersion
-  - MmUnmapIoSpace
-  - IoBuildDeviceIoControlRequest
-  - IoCreateSymbolicLink
-  - IoDeleteSymbolicLink
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - IofCompleteRequest
-  - RtlFreeUnicodeString
-  - RtlAnsiStringToUnicodeString
-  - IofCallDriver
-  - IoGetDeviceObjectPointer
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - MmMapIoSpace
-  - KeBugCheckEx
-  - RtlInitAnsiString
-  - IoCreateDevice
-  - KeInitializeEvent
-  - RtlUnwindEx
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=CPUID
-      ValidFrom: '2007-02-08 00:00:00'
-      ValidTo: '2009-02-07 23:59:59'
-      Signature: 6ca08361ce69863ade5289039d2e6eaf79729d950a57fc32158e56bc0bfc05ca3b76263b8e8a5e2279522eceed35495c697a2f1b1631e1a4f997c8b2e14cd08a3b4aaeca9f150126f5933e6a29fde1e3ef607f452219582ac034c3f95023fd6c5474008ecea3aab5ba096ae73a3dd76b296d3c8b06a72ca763698e49474d624c22ad57a3d11342be8a6d2a49e4af5893003fcf02900a0fbf4854858cc0468d23b9917cfe59ac8b7058de49ab25bbca0bc67f1f367309deed4827295173fad53932d12ad79b8c70175e640f7917fd60940be86d1af397dd5eb0ecb9e92f9e3dc03f2cbf51e9776b31a8cba38fabd8b27e561f66a5ddad46546d6bc984a6a8d8bc
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 10e29d74903d9c7cd58caa35a0944770
-      Version: 3
-      TBS:
-        MD5: 5e3b5587eb8c553dc279bb241c30689d
-        SHA1: 5b5631ff0033ed753a5c630a4d8d48772050db32
-        SHA256: 9b30d9d9f9fd9c0480c0503dd4ac86649d2cc180d1401ade6dd8048356d7f634
-        SHA384: 1886034ac8dc819ed45b8b48b0225cdb142d53d61bda992ee7e4923276c3c36dffbb0f8d929e1ad20c3437709df2399a
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 10e29d74903d9c7cd58caa35a0944770
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 59cd82b693e20fe9af1be9ea12f739b9
-    SHA1: 1842433338394740479c35b690fc50c41d9f6efa
-    SHA256: fa2e40c67651befa71893d8a672a90a1f996057b6f5c15d2304bbfe120cf9115
-  Sections:
-    .text:
-      Entropy: 6.050801271329098
-      Virtual Size: '0x1596'
-    .rdata:
-      Entropy: 4.266884457332851
-      Virtual Size: '0x304'
-    .data:
-      Entropy: 0.6099523004172788
-      Virtual Size: '0x124'
-    .pdata:
-      Entropy: 3.2933218797117716
-      Virtual Size: '0x6c'
-    INIT:
-      Entropy: 4.943162739985603
-      Virtual Size: '0x370'
-    .rsrc:
-      Entropy: 3.3933870153256342
-      Virtual Size: '0x400'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2008-01-25 04:39:05'
-  Imphash: aa54fa0523f677e56d6d8199e5e18732
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: cpuz.sys
-  MD5: 9b157f1261a8a42e4ef5ec23dd4cda9e
-  SHA1: 99bd8c1f5eeedd9f6a9252df5dbd0e42ef5999a4
-  SHA256: 900dd68ccc72d73774a347b3290c4b6153ae496a81de722ebb043e2e99496f88
-  Authentihash:
-    MD5: 99cba45243e4a9e5999224b5719ccc2d
-    SHA1: 43ffee630881d6ae82640c59c674e9ee57cb5eac
-    SHA256: 94f39e23194d01698b2d8e7bb1c212bf192e81df59766d4adf5f7e33bbe13181
-  Description: CPUID Driver
-  Company: CPUID
-  InternalName: cpuz.sys
-  OriginalFilename: cpuz.sys
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Product: CPUID service
-  ProductVersion: 6.1.7600.16385
-  Copyright: Copyright(C) 2015 CPUID
-  MachineType: I386
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IofCompleteRequest
-  - ExFreePool
-  - ExAllocatePoolWithTag
-  - RtlFreeUnicodeString
-  - ObfDereferenceObject
-  - IoGetDeviceObjectPointer
-  - RtlAnsiStringToUnicodeString
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - RtlUnwind
-  - KeTickCount
-  - KeBugCheckEx
-  - RtlInitUnicodeString
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - PsGetVersion
-  - KeInitializeEvent
-  - IoBuildDeviceIoControlRequest
-  - IofCallDriver
-  - KeWaitForSingleObject
-  - RtlInitAnsiString
-  - IoCancelIrp
-  - READ_PORT_USHORT
-  - READ_PORT_ULONG
-  - WRITE_PORT_UCHAR
-  - WRITE_PORT_USHORT
-  - WRITE_PORT_ULONG
-  - KeStallExecutionProcessor
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  - READ_PORT_UCHAR
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, CN=CPUID
-      ValidFrom: '2014-12-02 00:00:00'
-      ValidTo: '2018-03-02 23:59:59'
-      Signature: a59808b35f916a1201f0987b958aaaf50b81f3e507cf9d1b902bc22787244617e38069e4ca74bcf505dfdfeb6bad8bee2ecba26a428c2b26c9b9987241b50ccfd895a7335b35534c5569fdef2554d773cb3b20f10e08eeff2701d2a3e8ef7c5bb759baf1995d1580dce4f0c5da90eff4f07e01e7c9273b24c14c514f2ae1d1fe940dd53bfa25572cd6f3c007c7f21aebc58ea32ca3aea83c731419c9dcc191158cbb52b0b70545a16c9b42aadd4dcb167443d6c15fa03ae7f6f0f644845a69cb8badb3f143fd916a70c5008c3486d1f0cc8e0527f76da5aeaca4925f6eb6861dd54e1ce8b80e6b000446d77ac8bd0299e38db3b8e4a9c43294367cd6a55351d0
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 2d8021d84f098e7abde199f818e211a4
-      Version: 3
-      TBS:
-        MD5: 8f8c7ccf1ef7e1ee347f49e8266008ca
-        SHA1: b856b993df73da9d824aa1e5161788bd10d1e10e
-        SHA256: 1dd13a417806106c76cfbcd3614fe27a0638d2aaf2731f6a110c05043e34ad91
-        SHA384: d24ede407b82f80a6f0703b59af267f227a956c21f642f4c3d717d6999728ba2acfde76966340f4334f8ecdcf294616e
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 2d8021d84f098e7abde199f818e211a4
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 151279b238de6194a32d8ca426ceaeee
-    SHA1: 7836f9fa452c5a538aed446df8439f2f49cc74aa
-    SHA256: 1319e59df060332195af6318ab22fe3f5018b1498211216a28a48f73980ab3b0
-  Sections:
-    .text:
-      Entropy: 6.229266851006058
-      Virtual Size: '0x3260'
-    .rdata:
-      Entropy: 4.675179768119331
-      Virtual Size: '0x2f4'
-    .data:
-      Entropy: 0.335842300318532
-      Virtual Size: '0x1e0'
-    INIT:
-      Entropy: 5.428373271150746
-      Virtual Size: '0x3dc'
-    .rsrc:
-      Entropy: 3.3925686987119477
-      Virtual Size: '0x350'
-    .reloc:
-      Entropy: 5.597642275362914
-      Virtual Size: '0x27c'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2015-11-18 02:14:04'
-  Imphash: 643f4d79f35dddc9bb5cc04a0f0c18d3
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: cpuz.sys
-  MD5: 5212e0957468d3f94d90fa7a0f06b58f
-  SHA1: ad1616ea6dc17c91d983e829aa8a6706e81a3d27
-  SHA256: 955dac77a0148e9f9ed744f5d341cb9c9118261e52fe622ac6213965f2bc4cad
-  Authentihash:
-    MD5: 9b4bb5dc9df3edd0d7d859629c80c2dc
-    SHA1: 706789b1bf76e4d337957a36d60b96b7743f9f62
-    SHA256: eb6807c46e2d4808f07cca9242e7a59393fdab6ccf4da1aec124ef2a34398d43
-  Description: CPUID Driver
-  Company: CPUID
-  InternalName: cpuz.sys
-  OriginalFilename: cpuz.sys
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Product: CPUID service
-  ProductVersion: 6.1.7600.16385
-  Copyright: Copyright(C) 2014 CPUID
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - RtlAnsiStringToUnicodeString
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeInitializeEvent
-  - RtlInitAnsiString
-  - MmUnmapIoSpace
-  - IoCancelIrp
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - ExFreePoolWithTag
-  - IofCompleteRequest
-  - KeWaitForSingleObject
-  - PsGetVersion
-  - IoCreateSymbolicLink
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - IofCallDriver
-  - KeBugCheckEx
-  - IoDeleteSymbolicLink
-  - IoBuildDeviceIoControlRequest
-  - MmMapIoSpace
-  - ExAllocatePoolWithTag
-  - RtlUnwindEx
-  - HalSetBusDataByOffset
-  - KeStallExecutionProcessor
-  - HalGetBusDataByOffset
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=CPUID
-      ValidFrom: '2012-01-06 00:00:00'
-      ValidTo: '2015-02-06 23:59:59'
-      Signature: be6fb3b3b33e9108a9a2273d1cf5eb3209a8c3a86ba7d66069393587f6b451b75b327ea15d36b1604aad5509c0ace37fa66e220b35764b9c201169677738c06802d2f798383c256c690898a663b0aeb519491057f9f24149c513abba2a4cab9934a684e5d83a34105fe6681f2b85d5ee06332d1c05c3627758442fd2fc94f5f68bb30f085cb1d31174e1461394aeef7b124291a099654d1103df3deab81e9658b5b5cc817061d688ae39e702f1d0dd420d6de931bed331960e089233b8576482e48d5b769fdfa8df02e1d098912444b324057826e1f72c26f045b2479a9b39eadfd6b2e1bd6db4057ef6b12ca385cad9a7ad82c4414e619f97dfd08a55f59053
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 53c8b54713882d4d5439511804935e
-      Version: 3
-      TBS:
-        MD5: 49e7946e133b4aaa31899adb235d3fa9
-        SHA1: f9f38ec49a6ccb990805be6dda0efa5f7fe8f7e7
-        SHA256: 1bb998a806b890e3300be35de0daa1b691fa218ef3d58ee5ec1b43fd34250a74
-        SHA384: 0a2ca21b084e3b431a7150c49819934d64a8b259d5686706d879a90cc37d32005eb2bbe07558b312b1169ab8a3e3de39
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 53c8b54713882d4d5439511804935e
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 685a19a8e9f46a76067db83da501dca0
-    SHA1: 5f76e4cf5157450837536db016e9981cb41394d2
-    SHA256: 1a0c69ff029488d41c7d9413943c28d389016adb26698d9baf02c6f32739d591
-  Sections:
-    .text:
-      Entropy: 6.201540970632788
-      Virtual Size: '0x2c56'
-    .rdata:
-      Entropy: 4.139510166690065
-      Virtual Size: '0x424'
-    .data:
-      Entropy: 0.378703493487675
-      Virtual Size: '0x2c0'
-    .pdata:
-      Entropy: 3.603856484265247
-      Virtual Size: '0xc0'
-    INIT:
-      Entropy: 5.076575853289
-      Virtual Size: '0x406'
-    .rsrc:
-      Entropy: 3.3938887641350184
-      Virtual Size: '0x350'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2014-02-17 07:22:16'
-  Imphash: 82942c060f79cefd3bf1acdf5c207561
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: cpuz.sys
-  MD5: 56b54823a79a53747cbe11f8c4db7b1e
-  SHA1: 1d9fd846e12104ae31fd6f6040b93fc689abf047
-  SHA256: 9a523854fe84f15efc1635d7f5d3e71812c45d6a4d2c99c29fdc4b4d9c84954c
-  Authentihash:
-    MD5: c8b8d6e4b9b4f42714f3abfb66880ccf
-    SHA1: 5848f7c4dadcb1ea16f4d9e533a84a6d6f522f8b
-    SHA256: 057e45b47fe0ca96fe3741058bc4365c9a866dff925cab8cfea4c161b990e8e2
-  Description: CPUID Driver
-  Company: CPUID
-  InternalName: cpuz.sys
-  OriginalFilename: cpuz.sys
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Product: CPUID service
-  ProductVersion: 6.1.7600.16385
-  Copyright: Copyright(C) 2010 CPUID
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - RtlAnsiStringToUnicodeString
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeInitializeEvent
-  - RtlInitAnsiString
-  - MmUnmapIoSpace
-  - IoCancelIrp
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - MmMapIoSpace
-  - ExFreePoolWithTag
-  - KeWaitForSingleObject
-  - PsGetVersion
-  - IoCreateSymbolicLink
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - DbgPrint
-  - IofCallDriver
-  - KeBugCheckEx
-  - IoDeleteSymbolicLink
-  - IoBuildDeviceIoControlRequest
-  - IofCompleteRequest
-  - ExAllocatePoolWithTag
-  - RtlUnwindEx
-  - HalSetBusDataByOffset
-  - KeStallExecutionProcessor
-  - HalGetBusDataByOffset
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G3
-      ValidFrom: '2012-05-01 00:00:00'
-      ValidTo: '2012-12-31 23:59:59'
-      Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
-      Version: 3
-      TBS:
-        MD5: e6d820afb23af20a65cf0b03247ea05e
-        SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
-        SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
-        SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=CPUID
-      ValidFrom: '2012-01-06 00:00:00'
-      ValidTo: '2015-02-06 23:59:59'
-      Signature: be6fb3b3b33e9108a9a2273d1cf5eb3209a8c3a86ba7d66069393587f6b451b75b327ea15d36b1604aad5509c0ace37fa66e220b35764b9c201169677738c06802d2f798383c256c690898a663b0aeb519491057f9f24149c513abba2a4cab9934a684e5d83a34105fe6681f2b85d5ee06332d1c05c3627758442fd2fc94f5f68bb30f085cb1d31174e1461394aeef7b124291a099654d1103df3deab81e9658b5b5cc817061d688ae39e702f1d0dd420d6de931bed331960e089233b8576482e48d5b769fdfa8df02e1d098912444b324057826e1f72c26f045b2479a9b39eadfd6b2e1bd6db4057ef6b12ca385cad9a7ad82c4414e619f97dfd08a55f59053
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 53c8b54713882d4d5439511804935e
-      Version: 3
-      TBS:
-        MD5: 49e7946e133b4aaa31899adb235d3fa9
-        SHA1: f9f38ec49a6ccb990805be6dda0efa5f7fe8f7e7
-        SHA256: 1bb998a806b890e3300be35de0daa1b691fa218ef3d58ee5ec1b43fd34250a74
-        SHA384: 0a2ca21b084e3b431a7150c49819934d64a8b259d5686706d879a90cc37d32005eb2bbe07558b312b1169ab8a3e3de39
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 53c8b54713882d4d5439511804935e
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: dd4b3ae5449a7da46b90bead31c1bab6
-    SHA1: 76abd50622838fcbb459166b2b42850bc5cfd18b
-    SHA256: 3bb0708613c56dbb77df753872797d73065432ac7c2ea3cde2569173972c7dac
-  Sections:
-    .text:
-      Entropy: 6.203757143489118
-      Virtual Size: '0x2616'
-    .rdata:
-      Entropy: 4.1950691845593875
-      Virtual Size: '0x3ec'
-    .data:
-      Entropy: 0.378703493487675
-      Virtual Size: '0x2c0'
-    .pdata:
-      Entropy: 3.499086286863614
-      Virtual Size: '0xc0'
-    INIT:
-      Entropy: 5.052256723807581
-      Virtual Size: '0x41a'
-    .rsrc:
-      Entropy: 3.3943730160709853
-      Virtual Size: '0x350'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2012-05-23 08:53:22'
-  Imphash: 2561727ac42d399030b3c46477c428f4
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: cpuz.sys
-  MD5: 29872c7376c42e2a64fa838dad98aa11
-  SHA1: 8ec28d7da81cf202f03761842738d740c0bb2fed
-  SHA256: a072197177aad26c31960694e38e2cae85afbab070929e67e331b99d3a418cf4
-  Authentihash:
-    MD5: 3c2269699f0187275c2b144f9b60d5e6
-    SHA1: 69aabc267344bd9f98bd2fddc7213de735ba79d7
-    SHA256: 2fb8f2a0a32f2e73921a16a7836ff14122da45582aae742e6afd4d7ca15b3da3
-  Description: CPUID Driver
-  Company: CPUID
-  InternalName: cpuz.sys
-  OriginalFilename: cpuz.sys
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Product: CPUID service
-  ProductVersion: 6.1.7600.16385
-  Copyright: Copyright(C) 2016 CPUID
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - RtlAnsiStringToUnicodeString
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeInitializeEvent
-  - RtlInitAnsiString
-  - MmUnmapIoSpace
-  - IoCancelIrp
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - ExFreePoolWithTag
-  - IofCompleteRequest
-  - KeWaitForSingleObject
-  - PsGetVersion
-  - IoCreateSymbolicLink
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - IofCallDriver
-  - KeBugCheckEx
-  - IoDeleteSymbolicLink
-  - IoBuildDeviceIoControlRequest
-  - MmMapIoSpace
-  - ExAllocatePoolWithTag
-  - RtlUnwindEx
-  - HalSetBusDataByOffset
-  - KeStallExecutionProcessor
-  - HalGetBusDataByOffset
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, CN=CPUID
-      ValidFrom: '2014-12-02 00:00:00'
-      ValidTo: '2018-03-02 23:59:59'
-      Signature: a59808b35f916a1201f0987b958aaaf50b81f3e507cf9d1b902bc22787244617e38069e4ca74bcf505dfdfeb6bad8bee2ecba26a428c2b26c9b9987241b50ccfd895a7335b35534c5569fdef2554d773cb3b20f10e08eeff2701d2a3e8ef7c5bb759baf1995d1580dce4f0c5da90eff4f07e01e7c9273b24c14c514f2ae1d1fe940dd53bfa25572cd6f3c007c7f21aebc58ea32ca3aea83c731419c9dcc191158cbb52b0b70545a16c9b42aadd4dcb167443d6c15fa03ae7f6f0f644845a69cb8badb3f143fd916a70c5008c3486d1f0cc8e0527f76da5aeaca4925f6eb6861dd54e1ce8b80e6b000446d77ac8bd0299e38db3b8e4a9c43294367cd6a55351d0
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 2d8021d84f098e7abde199f818e211a4
-      Version: 3
-      TBS:
-        MD5: 8f8c7ccf1ef7e1ee347f49e8266008ca
-        SHA1: b856b993df73da9d824aa1e5161788bd10d1e10e
-        SHA256: 1dd13a417806106c76cfbcd3614fe27a0638d2aaf2731f6a110c05043e34ad91
-        SHA384: d24ede407b82f80a6f0703b59af267f227a956c21f642f4c3d717d6999728ba2acfde76966340f4334f8ecdcf294616e
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 2d8021d84f098e7abde199f818e211a4
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: b3dcf662ce69ad7b34717fb6aecf09a7
-    SHA1: 63be2c28ecee71a739bfbaf38466362e998bc5bc
-    SHA256: f4257b7e95b00b38e446b2708cc342fe32846266064b94c78ec1f987731c2226
-  Sections:
-    .text:
-      Entropy: 6.219876754346496
-      Virtual Size: '0x3366'
-    .rdata:
-      Entropy: 4.23881802889425
-      Virtual Size: '0x424'
-    .data:
-      Entropy: 0.378703493487675
-      Virtual Size: '0x440'
-    .pdata:
-      Entropy: 3.638628882332417
-      Virtual Size: '0xf0'
-    INIT:
-      Entropy: 5.131854482283732
-      Virtual Size: '0x3ea'
-    .rsrc:
-      Entropy: 3.38341382722288
-      Virtual Size: '0x350'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2016-08-14 13:15:42'
-  Imphash: f12ae9073d95c22ed89247253d59f500
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: cpuz.sys
-  MD5: 557fd33ee99db6fe263cfcb82b7866b3
-  SHA1: 0a6e0f9f3d7179a99345d40e409895c12919195b
-  SHA256: aebcbfca180e372a048b682a4859fd520c98b5b63f6e3a627c626cb35adc0399
-  Authentihash:
-    MD5: b8844b695f5170c70ac66f95324f836a
-    SHA1: 195024cc4a4adea16e6c2df8f2f8489a28f36beb
-    SHA256: 66cc007348a41fb33fab59f5ea265006534ba82db4eb7327039cbe2b4ce7e077
-  Description: CPUID Driver
-  Company: CPUID
-  InternalName: cpuz.sys
-  OriginalFilename: cpuz.sys
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Product: CPUID service
-  ProductVersion: 6.1.7600.16385
-  Copyright: Copyright(C) 2012 CPUID
-  MachineType: IA64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - PsGetVersion
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeTickCount
-  - KeBugCheckEx
-  - IofCompleteRequest
-  - MmMapIoSpace
-  - MmUnmapIoSpace
-  - ProbeForWrite
-  - IoDeleteDevice
-  - RtlInitUnicodeString
-  - IoDeleteSymbolicLink
-  - RtlUnwindEx
-  - RtlPcToFileHeader
-  - READ_PORT_USHORT
-  - WRITE_PORT_ULONG
-  - HalGetBusDataByOffset
-  - HalSetBusDataByOffset
-  - READ_PORT_UCHAR
-  - HalCallPal
-  - WRITE_PORT_UCHAR
-  - KeStallExecutionProcessor
-  - WRITE_PORT_USHORT
-  - READ_PORT_ULONG
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G3
-      ValidFrom: '2012-05-01 00:00:00'
-      ValidTo: '2012-12-31 23:59:59'
-      Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
-      Version: 3
-      TBS:
-        MD5: e6d820afb23af20a65cf0b03247ea05e
-        SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
-        SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
-        SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=CPUID
-      ValidFrom: '2012-01-06 00:00:00'
-      ValidTo: '2015-02-06 23:59:59'
-      Signature: be6fb3b3b33e9108a9a2273d1cf5eb3209a8c3a86ba7d66069393587f6b451b75b327ea15d36b1604aad5509c0ace37fa66e220b35764b9c201169677738c06802d2f798383c256c690898a663b0aeb519491057f9f24149c513abba2a4cab9934a684e5d83a34105fe6681f2b85d5ee06332d1c05c3627758442fd2fc94f5f68bb30f085cb1d31174e1461394aeef7b124291a099654d1103df3deab81e9658b5b5cc817061d688ae39e702f1d0dd420d6de931bed331960e089233b8576482e48d5b769fdfa8df02e1d098912444b324057826e1f72c26f045b2479a9b39eadfd6b2e1bd6db4057ef6b12ca385cad9a7ad82c4414e619f97dfd08a55f59053
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 53c8b54713882d4d5439511804935e
-      Version: 3
-      TBS:
-        MD5: 49e7946e133b4aaa31899adb235d3fa9
-        SHA1: f9f38ec49a6ccb990805be6dda0efa5f7fe8f7e7
-        SHA256: 1bb998a806b890e3300be35de0daa1b691fa218ef3d58ee5ec1b43fd34250a74
-        SHA384: 0a2ca21b084e3b431a7150c49819934d64a8b259d5686706d879a90cc37d32005eb2bbe07558b312b1169ab8a3e3de39
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 53c8b54713882d4d5439511804935e
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: d6643b31d447dc612fb7920d936baf5a
-    SHA1: 0d2acfebbfb9a35446bb9ff7b915c8ff514fd7dc
-    SHA256: 98f7bc08e99aa659bfb0295c09adf8ccfdb7f7ad8cc065cfb4f0732585c1855c
-  Sections:
-    .text:
-      Entropy: 5.406032855001113
-      Virtual Size: '0x39c0'
-    .rdata:
-      Entropy: 4.152970301277938
-      Virtual Size: '0x3d8'
-    .pdata:
-      Entropy: 3.3263502634141657
-      Virtual Size: '0xb4'
-    .sdata:
-      Entropy: 1.1203888318125959
-      Virtual Size: '0x2a0'
-    INIT:
-      Entropy: 5.0324391219722715
-      Virtual Size: '0x3e8'
-    .rsrc:
-      Entropy: 3.3968253502148213
-      Virtual Size: '0x350'
-    .reloc:
-      Entropy: 0.9613220996213607
-      Virtual Size: '0x168'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2012-10-06 05:54:39'
-  Imphash: a2d936fa82b7340d28a697fb344046d8
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: cpuz.sys
-  MD5: c516acb873c7f8c24a0431df8287756e
-  SHA1: f6f7b5776001149496092a95fb10218dea5d6a6b
-  SHA256: bac709c49ddee363c8e59e515f2f632324a0359e932b7d8cb1ce2d52a95981aa
-  Authentihash:
-    MD5: a14a1ba39405f52d67d289b65f0c7eb9
-    SHA1: 11172e3f08444d643f277be83aaabe9f2aea74ca
-    SHA256: 3ce4a30668938fb7785c9958772e3c171af320ecfea8fc298160e80fbf80fb73
-  Description: CPUID Driver
-  Company: CPUID
-  InternalName: cpuz.sys
-  OriginalFilename: cpuz.sys
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Product: CPUID service
-  ProductVersion: 6.1.7600.16385
-  Copyright: Copyright(C) 2017 CPUID
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeInitializeEvent
-  - RtlInitAnsiString
-  - MmUnmapIoSpace
-  - IoCancelIrp
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - RtlAnsiStringToUnicodeString
-  - IofCompleteRequest
-  - KeWaitForSingleObject
-  - PsGetVersion
-  - IoCreateSymbolicLink
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - IofCallDriver
-  - KeBugCheckEx
-  - ExFreePoolWithTag
-  - IoDeleteSymbolicLink
-  - IoBuildDeviceIoControlRequest
-  - MmMapIoSpace
-  - ExAllocatePoolWithTag
-  - RtlUnwindEx
-  - HalGetBusDataByOffset
-  - HalSetBusDataByOffset
-  - KeStallExecutionProcessor
-  - KeQueryPerformanceCounter
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, CN=CPUID
-      ValidFrom: '2014-12-02 00:00:00'
-      ValidTo: '2018-03-02 23:59:59'
-      Signature: a59808b35f916a1201f0987b958aaaf50b81f3e507cf9d1b902bc22787244617e38069e4ca74bcf505dfdfeb6bad8bee2ecba26a428c2b26c9b9987241b50ccfd895a7335b35534c5569fdef2554d773cb3b20f10e08eeff2701d2a3e8ef7c5bb759baf1995d1580dce4f0c5da90eff4f07e01e7c9273b24c14c514f2ae1d1fe940dd53bfa25572cd6f3c007c7f21aebc58ea32ca3aea83c731419c9dcc191158cbb52b0b70545a16c9b42aadd4dcb167443d6c15fa03ae7f6f0f644845a69cb8badb3f143fd916a70c5008c3486d1f0cc8e0527f76da5aeaca4925f6eb6861dd54e1ce8b80e6b000446d77ac8bd0299e38db3b8e4a9c43294367cd6a55351d0
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 2d8021d84f098e7abde199f818e211a4
-      Version: 3
-      TBS:
-        MD5: 8f8c7ccf1ef7e1ee347f49e8266008ca
-        SHA1: b856b993df73da9d824aa1e5161788bd10d1e10e
-        SHA256: 1dd13a417806106c76cfbcd3614fe27a0638d2aaf2731f6a110c05043e34ad91
-        SHA384: d24ede407b82f80a6f0703b59af267f227a956c21f642f4c3d717d6999728ba2acfde76966340f4334f8ecdcf294616e
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 2d8021d84f098e7abde199f818e211a4
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: c046d6f14ec39d2a0f67a417bda83c5e
-    SHA1: 74661f1063b4c80566f75a1bee22c35f7af17fa9
-    SHA256: 440eebbdc09d290724d364056ba4e2725c75759819a6df0a1ed5c876ed7d2474
-  Sections:
-    .text:
-      Entropy: 6.170317476121287
-      Virtual Size: '0x4536'
-    .rdata:
-      Entropy: 4.190423561703195
-      Virtual Size: '0x534'
-    .data:
-      Entropy: 0.378703493487675
-      Virtual Size: '0x440'
-    .pdata:
-      Entropy: 3.6289632983036624
-      Virtual Size: '0xfc'
-    INIT:
-      Entropy: 5.132100585029012
-      Virtual Size: '0x40e'
-    .rsrc:
-      Entropy: 3.394946071861716
-      Virtual Size: '0x350'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2017-03-23 05:26:40'
-  Imphash: 8f96c3ef5dda3fe697d4a4d6326dbe37
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: cpuz.sys
-  MD5: 641243746597fbd650e5000d95811ea3
-  SHA1: da42cefde56d673850f5ef69e7934d39a6de3025
-  SHA256: c3e150eb7e7292f70299d3054ed429156a4c32b1f7466a706a2b99249022979e
-  Authentihash:
-    MD5: 560b782df855c5ea30b76ee4a9930d28
-    SHA1: 6423659ab76fad7627fd7fb16f05a40b8df8da4d
-    SHA256: 62daa7ab93684d935cdada8af43cba552d7692cb992411d27ba1ee50a9fb1883
-  Description: CPUID Driver
-  Company: Windows (R) Win 7 DDK provider
-  InternalName: cpuz.sys
-  OriginalFilename: cpuz.sys
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Product: Windows (R) Win 7 DDK driver
-  ProductVersion: 6.1.7600.16385
-  Copyright: "\xA9 Microsoft Corporation. All rights reserved."
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - RtlAnsiStringToUnicodeString
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - ProbeForWrite
-  - KeInitializeEvent
-  - RtlInitAnsiString
-  - MmUnmapIoSpace
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - ExFreePoolWithTag
-  - IofCompleteRequest
-  - KeWaitForSingleObject
-  - PsGetVersion
-  - IoCreateSymbolicLink
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - IofCallDriver
-  - KeBugCheckEx
-  - IoDeleteSymbolicLink
-  - IoBuildDeviceIoControlRequest
-  - MmMapIoSpace
-  - ExAllocatePoolWithTag
-  - RtlUnwindEx
-  - HalSetBusDataByOffset
-  - KeStallExecutionProcessor
-  - HalGetBusDataByOffset
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=CPUID
-      ValidFrom: '2009-02-02 00:00:00'
-      ValidTo: '2012-02-07 23:59:59'
-      Signature: 9a9bbecb393272aaedfd7a125e0fe581151a18a75a4094e082a38156f62018b9d59edef27429bbea60d6e146a2ce134546d54e00b6585c1d85e3aedfb3b9a5de7728a96b2bcc26106655bae6bc5ce3a72714f9e23282a2fba29fc870b394e832f07dc50ded3a042953fe91379769e424398278b6ed14ae4f6b4cce5fa7ba20fc8d157a78fd308214d177189bcd76b2bd62a861a8c1562e2748f338f7369f0f062804685399a6655fcb4564a644e7a8bee8330557376884cce9153992e8e205bc1474dbd0109b3c87991db9bb77a9dff5775267390431ce56ff49500d8ad70be34a0d9a0b112e07eb55f0fe07de9ac93a0b30cb36029b5ec41e032daf66627d4e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
-      Version: 3
-      TBS:
-        MD5: fb72fa311261c4fb6a786e5cc7ce1d2f
-        SHA1: 1006abcf3b1eb43fd4cc42a2cc25346b3b9002c3
-        SHA256: 01beb7dc0d29b16a5506fc611b435aa0f4d9c50408ca404e91135e493a20890a
-        SHA384: 759175ad5a7509fc3ea3678d14e568abd0edeb753b53af88af04869bea98a07314b88c26de077ab3bdb6dbb1df1b93f9
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 89dc670b5f7c06b577deeec9473dc96b
-    SHA1: af59c00ae531117ba9307257ab945cdf6c8309f6
-    SHA256: 35b9d8fc904c88f4df237edc610727f89c415e48bcf135191c43832bb2935ba6
-  Sections:
-    .text:
-      Entropy: 6.180122394967694
-      Virtual Size: '0x2136'
-    .rdata:
-      Entropy: 4.244772424988803
-      Virtual Size: '0x3d0'
-    .data:
-      Entropy: 0.378703493487675
-      Virtual Size: '0x2c0'
-    .pdata:
-      Entropy: 3.5003735460865424
-      Virtual Size: '0x90'
-    INIT:
-      Entropy: 5.069433080691773
-      Virtual Size: '0x408'
-    .rsrc:
-      Entropy: 3.4155760648585995
-      Virtual Size: '0x3d0'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2010-03-30 15:34:16'
-  Imphash: be527e5f470fbc661f914c81bfc9af38
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: cpuz.sys
-  MD5: a453083b8f4ca7cb60cac327e97edbe2
-  SHA1: 53f7fc4feb66af748f2ab295394bf4de62ae9fcc
-  SHA256: c50f8ab8538c557963252b702c1bd3cee4604b5fc2497705d2a6a3fd87e3cc26
-  Authentihash:
-    MD5: b3bf90b99dec81a927b9fa8467d20e11
-    SHA1: 0632e0c8fdb6e629fd2efa5ccdf4a8415131bc58
-    SHA256: 536333c1fb9066a12c7791b740fcf637f6f86b45bd57baf0f27ae33c3b6c6cf1
-  Description: CPUID Driver
-  Company: CPUID
-  InternalName: cpuz.sys
-  OriginalFilename: cpuz.sys
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Product: CPUID service
-  ProductVersion: 6.1.7600.16385
-  Copyright: Copyright(C) 2013 CPUID
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - RtlAnsiStringToUnicodeString
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeInitializeEvent
-  - RtlInitAnsiString
-  - MmUnmapIoSpace
-  - IoCancelIrp
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - ExFreePoolWithTag
-  - IofCompleteRequest
-  - KeWaitForSingleObject
-  - PsGetVersion
-  - IoCreateSymbolicLink
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - IofCallDriver
-  - KeBugCheckEx
-  - IoDeleteSymbolicLink
-  - IoBuildDeviceIoControlRequest
-  - MmMapIoSpace
-  - ExAllocatePoolWithTag
-  - RtlUnwindEx
-  - HalSetBusDataByOffset
-  - KeStallExecutionProcessor
-  - HalGetBusDataByOffset
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=CPUID
-      ValidFrom: '2012-01-06 00:00:00'
-      ValidTo: '2015-02-06 23:59:59'
-      Signature: be6fb3b3b33e9108a9a2273d1cf5eb3209a8c3a86ba7d66069393587f6b451b75b327ea15d36b1604aad5509c0ace37fa66e220b35764b9c201169677738c06802d2f798383c256c690898a663b0aeb519491057f9f24149c513abba2a4cab9934a684e5d83a34105fe6681f2b85d5ee06332d1c05c3627758442fd2fc94f5f68bb30f085cb1d31174e1461394aeef7b124291a099654d1103df3deab81e9658b5b5cc817061d688ae39e702f1d0dd420d6de931bed331960e089233b8576482e48d5b769fdfa8df02e1d098912444b324057826e1f72c26f045b2479a9b39eadfd6b2e1bd6db4057ef6b12ca385cad9a7ad82c4414e619f97dfd08a55f59053
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 53c8b54713882d4d5439511804935e
-      Version: 3
-      TBS:
-        MD5: 49e7946e133b4aaa31899adb235d3fa9
-        SHA1: f9f38ec49a6ccb990805be6dda0efa5f7fe8f7e7
-        SHA256: 1bb998a806b890e3300be35de0daa1b691fa218ef3d58ee5ec1b43fd34250a74
-        SHA384: 0a2ca21b084e3b431a7150c49819934d64a8b259d5686706d879a90cc37d32005eb2bbe07558b312b1169ab8a3e3de39
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 53c8b54713882d4d5439511804935e
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 685a19a8e9f46a76067db83da501dca0
-    SHA1: 5f76e4cf5157450837536db016e9981cb41394d2
-    SHA256: 1a0c69ff029488d41c7d9413943c28d389016adb26698d9baf02c6f32739d591
-  Sections:
-    .text:
-      Entropy: 6.111492164689909
-      Virtual Size: '0x2836'
-    .rdata:
-      Entropy: 4.175526657333754
-      Virtual Size: '0x3d4'
-    .data:
-      Entropy: 0.378703493487675
-      Virtual Size: '0x2c0'
-    .pdata:
-      Entropy: 3.4970531643346394
-      Virtual Size: '0xc0'
-    INIT:
-      Entropy: 5.076575853289
-      Virtual Size: '0x406'
-    .rsrc:
-      Entropy: 3.3935766621226473
-      Virtual Size: '0x350'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2013-08-24 02:56:35'
-  Imphash: 82942c060f79cefd3bf1acdf5c207561
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: cpuz.sys
-  MD5: 07493c774aa406478005e8fe52c788b2
-  SHA1: 34a07ae39b232cc3dbbe657b34660e692ff2043a
-  SHA256: dbb457ae1bd07a945a1466ce4a206c625e590aee3922fa7d86fbe956beccfc98
-  Authentihash:
-    MD5: 63e4ba0a05ddac75e9f2b90c28291331
-    SHA1: 34c6aeb2bc32ff8da525641af75ff600e7249252
-    SHA256: 653601cf8c3c2c4b778f9025d4e964c887966cc3216bb35a73a3ae75477b4476
-  Description: CPUID Driver
-  Company: Windows (R) Codename Longhorn DDK provider
-  InternalName: cpuz.sys
-  OriginalFilename: cpuz.sys
-  FileVersion: '6.0.6000.16386 built by: WinDDK'
-  Product: Windows (R) Codename Longhorn DDK driver
-  ProductVersion: 6.0.6000.16386
-  Copyright: "\xA9 Microsoft Corporation. All rights reserved."
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - KeWaitForSingleObject
-  - PsGetVersion
-  - MmUnmapIoSpace
-  - IoBuildDeviceIoControlRequest
-  - IoDeleteSymbolicLink
-  - IoCreateSymbolicLink
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - RtlAnsiStringToUnicodeString
-  - IofCompleteRequest
-  - RtlFreeUnicodeString
-  - IofCallDriver
-  - IoGetDeviceObjectPointer
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - ProbeForWrite
-  - MmMapIoSpace
-  - KeBugCheckEx
-  - RtlInitAnsiString
-  - IoCreateDevice
-  - KeInitializeEvent
-  - RtlUnwindEx
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=CPUID
-      ValidFrom: '2007-02-08 00:00:00'
-      ValidTo: '2009-02-07 23:59:59'
-      Signature: 6ca08361ce69863ade5289039d2e6eaf79729d950a57fc32158e56bc0bfc05ca3b76263b8e8a5e2279522eceed35495c697a2f1b1631e1a4f997c8b2e14cd08a3b4aaeca9f150126f5933e6a29fde1e3ef607f452219582ac034c3f95023fd6c5474008ecea3aab5ba096ae73a3dd76b296d3c8b06a72ca763698e49474d624c22ad57a3d11342be8a6d2a49e4af5893003fcf02900a0fbf4854858cc0468d23b9917cfe59ac8b7058de49ab25bbca0bc67f1f367309deed4827295173fad53932d12ad79b8c70175e640f7917fd60940be86d1af397dd5eb0ecb9e92f9e3dc03f2cbf51e9776b31a8cba38fabd8b27e561f66a5ddad46546d6bc984a6a8d8bc
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 10e29d74903d9c7cd58caa35a0944770
-      Version: 3
-      TBS:
-        MD5: 5e3b5587eb8c553dc279bb241c30689d
-        SHA1: 5b5631ff0033ed753a5c630a4d8d48772050db32
-        SHA256: 9b30d9d9f9fd9c0480c0503dd4ac86649d2cc180d1401ade6dd8048356d7f634
-        SHA384: 1886034ac8dc819ed45b8b48b0225cdb142d53d61bda992ee7e4923276c3c36dffbb0f8d929e1ad20c3437709df2399a
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 10e29d74903d9c7cd58caa35a0944770
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 6633dd48aea31e9c4821fbc652e4701e
-    SHA1: 3fb6cdbdaa8959e6a79305a74981751e06506a6f
-    SHA256: 63b15db03090d5e7ba52906b2854fba693e17a5fac179397bd55f91e49d28859
-  Sections:
-    .text:
-      Entropy: 6.049517664101274
-      Virtual Size: '0x15a6'
-    .rdata:
-      Entropy: 4.2613924369366005
-      Virtual Size: '0x304'
-    .data:
-      Entropy: 0.6099523004172788
-      Virtual Size: '0x124'
-    .pdata:
-      Entropy: 3.3197547776031913
-      Virtual Size: '0x6c'
-    INIT:
-      Entropy: 4.94558496841094
-      Virtual Size: '0x388'
-    .rsrc:
-      Entropy: 3.3933870153256342
-      Virtual Size: '0x400'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2008-02-22 04:12:04'
-  Imphash: dc0a0f2d424a59b4d17033f58f01b027
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: cpuz.sys
-  MD5: e425c66663c96d5a9f030b0ad4d219a8
-  SHA1: bd87aecc0ac1d1c2ab72be1090d39fab657f7cc6
-  SHA256: deecbcd260849178de421d8e2f177dce5c63cf67a48abb23a0e3cf3aa3e00578
-  Authentihash:
-    MD5: a10d1df81f81710baf68826e4c32befa
-    SHA1: ecbde8d7d911f64666f89356ce6194d92741bdc4
-    SHA256: cd7754a6ec6bf19724fb266ec4f1d02607e9b310791d8725d7db5ac84d5430e2
-  Description: CPUID Driver
-  Company: CPUID
-  InternalName: cpuz.sys
-  OriginalFilename: cpuz.sys
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Product: CPUID service
-  ProductVersion: 6.1.7600.16385
-  Copyright: Copyright(C) 2014 CPUID
-  MachineType: I386
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IofCompleteRequest
-  - ExFreePool
-  - ExAllocatePoolWithTag
-  - RtlFreeUnicodeString
-  - ObfDereferenceObject
-  - MmIsAddressValid
-  - IoGetDeviceObjectPointer
-  - MmUnmapIoSpace
-  - RtlInitAnsiString
-  - MmMapIoSpace
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - RtlUnwind
-  - KeTickCount
-  - KeBugCheckEx
-  - RtlInitUnicodeString
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - PsGetVersion
-  - KeInitializeEvent
-  - IoBuildDeviceIoControlRequest
-  - IofCallDriver
-  - KeWaitForSingleObject
-  - RtlAnsiStringToUnicodeString
-  - IoCancelIrp
-  - READ_PORT_USHORT
-  - READ_PORT_ULONG
-  - WRITE_PORT_UCHAR
-  - WRITE_PORT_USHORT
-  - WRITE_PORT_ULONG
-  - HalGetBusDataByOffset
-  - HalSetBusDataByOffset
-  - KeStallExecutionProcessor
-  - READ_PORT_UCHAR
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=CPUID
-      ValidFrom: '2012-01-06 00:00:00'
-      ValidTo: '2015-02-06 23:59:59'
-      Signature: be6fb3b3b33e9108a9a2273d1cf5eb3209a8c3a86ba7d66069393587f6b451b75b327ea15d36b1604aad5509c0ace37fa66e220b35764b9c201169677738c06802d2f798383c256c690898a663b0aeb519491057f9f24149c513abba2a4cab9934a684e5d83a34105fe6681f2b85d5ee06332d1c05c3627758442fd2fc94f5f68bb30f085cb1d31174e1461394aeef7b124291a099654d1103df3deab81e9658b5b5cc817061d688ae39e702f1d0dd420d6de931bed331960e089233b8576482e48d5b769fdfa8df02e1d098912444b324057826e1f72c26f045b2479a9b39eadfd6b2e1bd6db4057ef6b12ca385cad9a7ad82c4414e619f97dfd08a55f59053
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 53c8b54713882d4d5439511804935e
-      Version: 3
-      TBS:
-        MD5: 49e7946e133b4aaa31899adb235d3fa9
-        SHA1: f9f38ec49a6ccb990805be6dda0efa5f7fe8f7e7
-        SHA256: 1bb998a806b890e3300be35de0daa1b691fa218ef3d58ee5ec1b43fd34250a74
-        SHA384: 0a2ca21b084e3b431a7150c49819934d64a8b259d5686706d879a90cc37d32005eb2bbe07558b312b1169ab8a3e3de39
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 53c8b54713882d4d5439511804935e
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 41f15d0f328a165973b49de608ef72a2
-    SHA1: abcd9850775bd0a1a855e785a238e0e69525810f
-    SHA256: 02dc44b04a6426fcaedf26995bfa471f123a90a9c747e82cebaf95f394890631
-  Sections:
-    .text:
-      Entropy: 6.204806970841105
-      Virtual Size: '0x2ed0'
-    .rdata:
-      Entropy: 4.656797686788462
-      Virtual Size: '0x2e8'
-    .data:
-      Entropy: 0.335842300318532
-      Virtual Size: '0x1e0'
-    INIT:
-      Entropy: 5.416266853126175
-      Virtual Size: '0x3f4'
-    .rsrc:
-      Entropy: 3.392253360894555
-      Virtual Size: '0x350'
-    .reloc:
-      Entropy: 5.600870307396892
-      Virtual Size: '0x26e'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2014-02-17 07:21:57'
-  Imphash: 958dd67f866ae27cf716e30a025b266f
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: cpuz.sys
-  MD5: ccb09eb78e047c931708149992c2e435
-  SHA1: ada23b709cb2bef8bedd612dc345db2e2fdbfaca
-  SHA256: df0dcfb3971829af79629efd036b8e1c6e2127481b3644ccc6e2ddd387489a15
-  Authentihash:
-    MD5: e4b3d527845f6574b5959b6381f925f8
-    SHA1: baf46ac272c1a6d8c32683965b1d849386908079
-    SHA256: 68b0a239031b158e2927bb5dc8844b662cb4616ee8c1363fa729aa8fa0d86cff
-  Description: CPUID Driver
-  Company: CPUID
-  InternalName: cpuz.sys
-  OriginalFilename: cpuz.sys
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Product: CPUID service
-  ProductVersion: 6.1.7600.16385
-  Copyright: Copyright(C) 2010 CPUID
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - RtlAnsiStringToUnicodeString
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeInitializeEvent
-  - RtlInitAnsiString
-  - MmUnmapIoSpace
-  - IoCancelIrp
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - ExFreePoolWithTag
-  - IofCompleteRequest
-  - KeWaitForSingleObject
-  - PsGetVersion
-  - IoCreateSymbolicLink
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - IofCallDriver
-  - KeBugCheckEx
-  - IoDeleteSymbolicLink
-  - IoBuildDeviceIoControlRequest
-  - MmMapIoSpace
-  - ExAllocatePoolWithTag
-  - RtlUnwindEx
-  - HalSetBusDataByOffset
-  - KeStallExecutionProcessor
-  - HalGetBusDataByOffset
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=CPUID
-      ValidFrom: '2009-02-02 00:00:00'
-      ValidTo: '2012-02-07 23:59:59'
-      Signature: 9a9bbecb393272aaedfd7a125e0fe581151a18a75a4094e082a38156f62018b9d59edef27429bbea60d6e146a2ce134546d54e00b6585c1d85e3aedfb3b9a5de7728a96b2bcc26106655bae6bc5ce3a72714f9e23282a2fba29fc870b394e832f07dc50ded3a042953fe91379769e424398278b6ed14ae4f6b4cce5fa7ba20fc8d157a78fd308214d177189bcd76b2bd62a861a8c1562e2748f338f7369f0f062804685399a6655fcb4564a644e7a8bee8330557376884cce9153992e8e205bc1474dbd0109b3c87991db9bb77a9dff5775267390431ce56ff49500d8ad70be34a0d9a0b112e07eb55f0fe07de9ac93a0b30cb36029b5ec41e032daf66627d4e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
-      Version: 3
-      TBS:
-        MD5: fb72fa311261c4fb6a786e5cc7ce1d2f
-        SHA1: 1006abcf3b1eb43fd4cc42a2cc25346b3b9002c3
-        SHA256: 01beb7dc0d29b16a5506fc611b435aa0f4d9c50408ca404e91135e493a20890a
-        SHA384: 759175ad5a7509fc3ea3678d14e568abd0edeb753b53af88af04869bea98a07314b88c26de077ab3bdb6dbb1df1b93f9
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 89dc670b5f7c06b577deeec9473dc96b
-    SHA1: af59c00ae531117ba9307257ab945cdf6c8309f6
-    SHA256: 35b9d8fc904c88f4df237edc610727f89c415e48bcf135191c43832bb2935ba6
-  Sections:
-    .text:
-      Entropy: 6.199906453328244
-      Virtual Size: '0x2506'
-    .rdata:
-      Entropy: 4.25835240231724
-      Virtual Size: '0x3e0'
-    .data:
-      Entropy: 0.378703493487675
-      Virtual Size: '0x2c0'
-    .pdata:
-      Entropy: 3.3649784372301403
-      Virtual Size: '0x90'
-    INIT:
-      Entropy: 5.067835669413665
-      Virtual Size: '0x406'
-    .rsrc:
-      Entropy: 3.3943730160709853
-      Virtual Size: '0x350'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2011-01-19 09:42:06'
-  Imphash: 82942c060f79cefd3bf1acdf5c207561
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: cpuz.sys
-  MD5: 43bfc857406191963f4f3d9f1b76a7bf
-  SHA1: 9329a0ce2749a3a6bea2028ce7562d74c417db64
-  SHA256: e0b5a5f8333fc1213791af5c5814d7a99615b3951361ca75f8aa5022c9cfbc2b
-  Authentihash:
-    MD5: 68fb744e92133e8bb6b59fea9304667c
-    SHA1: de1a168f24f5da29b9f8bf8333fff57bfa0d21a4
-    SHA256: d70bfea03deeea92a253f2b4a8b7181a3064f62c5207f94b5f7ce5a9e62ab4cf
-  Description: CPUID Driver
-  Company: CPUID
-  InternalName: cpuz.sys
-  OriginalFilename: cpuz.sys
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Product: CPUID service
-  ProductVersion: 6.1.7600.16385
-  Copyright: Copyright(C) 2016 CPUID
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeInitializeEvent
-  - RtlInitAnsiString
-  - MmUnmapIoSpace
-  - IoCancelIrp
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - RtlAnsiStringToUnicodeString
-  - IofCompleteRequest
-  - KeWaitForSingleObject
-  - PsGetVersion
-  - IoCreateSymbolicLink
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - IofCallDriver
-  - KeBugCheckEx
-  - ExFreePoolWithTag
-  - IoDeleteSymbolicLink
-  - IoBuildDeviceIoControlRequest
-  - MmMapIoSpace
-  - ExAllocatePoolWithTag
-  - RtlUnwindEx
-  - HalGetBusDataByOffset
-  - HalSetBusDataByOffset
-  - KeStallExecutionProcessor
-  - KeQueryPerformanceCounter
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, CN=CPUID
-      ValidFrom: '2014-12-02 00:00:00'
-      ValidTo: '2018-03-02 23:59:59'
-      Signature: a59808b35f916a1201f0987b958aaaf50b81f3e507cf9d1b902bc22787244617e38069e4ca74bcf505dfdfeb6bad8bee2ecba26a428c2b26c9b9987241b50ccfd895a7335b35534c5569fdef2554d773cb3b20f10e08eeff2701d2a3e8ef7c5bb759baf1995d1580dce4f0c5da90eff4f07e01e7c9273b24c14c514f2ae1d1fe940dd53bfa25572cd6f3c007c7f21aebc58ea32ca3aea83c731419c9dcc191158cbb52b0b70545a16c9b42aadd4dcb167443d6c15fa03ae7f6f0f644845a69cb8badb3f143fd916a70c5008c3486d1f0cc8e0527f76da5aeaca4925f6eb6861dd54e1ce8b80e6b000446d77ac8bd0299e38db3b8e4a9c43294367cd6a55351d0
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 2d8021d84f098e7abde199f818e211a4
-      Version: 3
-      TBS:
-        MD5: 8f8c7ccf1ef7e1ee347f49e8266008ca
-        SHA1: b856b993df73da9d824aa1e5161788bd10d1e10e
-        SHA256: 1dd13a417806106c76cfbcd3614fe27a0638d2aaf2731f6a110c05043e34ad91
-        SHA384: d24ede407b82f80a6f0703b59af267f227a956c21f642f4c3d717d6999728ba2acfde76966340f4334f8ecdcf294616e
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 2d8021d84f098e7abde199f818e211a4
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: c046d6f14ec39d2a0f67a417bda83c5e
-    SHA1: 74661f1063b4c80566f75a1bee22c35f7af17fa9
-    SHA256: 440eebbdc09d290724d364056ba4e2725c75759819a6df0a1ed5c876ed7d2474
-  Sections:
-    .text:
-      Entropy: 6.202501650998955
-      Virtual Size: '0x38b6'
-    .rdata:
-      Entropy: 4.1722432536185465
-      Virtual Size: '0x464'
-    .data:
-      Entropy: 0.378703493487675
-      Virtual Size: '0x440'
-    .pdata:
-      Entropy: 3.6000408617955837
-      Virtual Size: '0xf0'
-    INIT:
-      Entropy: 5.116119018385266
-      Virtual Size: '0x40e'
-    .rsrc:
-      Entropy: 3.38341382722288
-      Virtual Size: '0x350'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2016-10-05 03:53:07'
-  Imphash: 8f96c3ef5dda3fe697d4a4d6326dbe37
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: cpuz.sys
-  MD5: 8f5b84350bfc4fe3a65d921b4bd0e737
-  SHA1: 76046978d8e4409e53d8126a8dcfc3bf8602c37f
-  SHA256: e58bbf3251906ff722aa63415bf169618e78be85cb92c8263d3715c260491e90
-  Authentihash:
-    MD5: 76a420a5ac2a6250c57d129de361695a
-    SHA1: 3736434ca3094fed9f1f3378e9fb966a5e9411f1
-    SHA256: 3e423caaff9002b38e1d90005df181aa2b3711ebbf6d1eb83941656ccc313811
-  Description: CPUID Driver
-  Company: CPUID
-  InternalName: cpuz.sys
-  OriginalFilename: cpuz.sys
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Product: CPUID service
-  ProductVersion: 6.1.7600.16385
-  Copyright: Copyright(C) 2010 CPUID
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - RtlAnsiStringToUnicodeString
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeInitializeEvent
-  - RtlInitAnsiString
-  - MmUnmapIoSpace
-  - IoCancelIrp
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - ExFreePoolWithTag
-  - IofCompleteRequest
-  - KeWaitForSingleObject
-  - PsGetVersion
-  - IoCreateSymbolicLink
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - IofCallDriver
-  - KeBugCheckEx
-  - IoDeleteSymbolicLink
-  - IoBuildDeviceIoControlRequest
-  - MmMapIoSpace
-  - ExAllocatePoolWithTag
-  - RtlUnwindEx
-  - HalSetBusDataByOffset
-  - KeStallExecutionProcessor
-  - HalGetBusDataByOffset
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=CPUID
-      ValidFrom: '2012-01-06 00:00:00'
-      ValidTo: '2015-02-06 23:59:59'
-      Signature: be6fb3b3b33e9108a9a2273d1cf5eb3209a8c3a86ba7d66069393587f6b451b75b327ea15d36b1604aad5509c0ace37fa66e220b35764b9c201169677738c06802d2f798383c256c690898a663b0aeb519491057f9f24149c513abba2a4cab9934a684e5d83a34105fe6681f2b85d5ee06332d1c05c3627758442fd2fc94f5f68bb30f085cb1d31174e1461394aeef7b124291a099654d1103df3deab81e9658b5b5cc817061d688ae39e702f1d0dd420d6de931bed331960e089233b8576482e48d5b769fdfa8df02e1d098912444b324057826e1f72c26f045b2479a9b39eadfd6b2e1bd6db4057ef6b12ca385cad9a7ad82c4414e619f97dfd08a55f59053
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 53c8b54713882d4d5439511804935e
-      Version: 3
-      TBS:
-        MD5: 49e7946e133b4aaa31899adb235d3fa9
-        SHA1: f9f38ec49a6ccb990805be6dda0efa5f7fe8f7e7
-        SHA256: 1bb998a806b890e3300be35de0daa1b691fa218ef3d58ee5ec1b43fd34250a74
-        SHA384: 0a2ca21b084e3b431a7150c49819934d64a8b259d5686706d879a90cc37d32005eb2bbe07558b312b1169ab8a3e3de39
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 53c8b54713882d4d5439511804935e
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 685a19a8e9f46a76067db83da501dca0
-    SHA1: 5f76e4cf5157450837536db016e9981cb41394d2
-    SHA256: 1a0c69ff029488d41c7d9413943c28d389016adb26698d9baf02c6f32739d591
-  Sections:
-    .text:
-      Entropy: 6.214010136736859
-      Virtual Size: '0x25d6'
-    .rdata:
-      Entropy: 4.171320307410102
-      Virtual Size: '0x3ec'
-    .data:
-      Entropy: 0.378703493487675
-      Virtual Size: '0x2c0'
-    .pdata:
-      Entropy: 3.503621523339014
-      Virtual Size: '0xc0'
-    INIT:
-      Entropy: 5.076575853289
-      Virtual Size: '0x406'
-    .rsrc:
-      Entropy: 3.3943730160709853
-      Virtual Size: '0x350'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2012-02-07 08:44:59'
-  Imphash: 82942c060f79cefd3bf1acdf5c207561
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: cpuz.sys
-  MD5: ce57844fb185d0cdd9d3ce9e5b6a891d
-  SHA1: 32888d789edc91095da2e0a5d6c564c2aebcee68
-  SHA256: ee45fd2d7315fd039f3585a66e7855ba4af9d4721e1448e602623de14e932bbe
-  Authentihash:
-    MD5: 649db3854efa0c9a10fdcca1bcc5fc0b
-    SHA1: 3c738ea73287a493a2254c6011c35f31569cf2b9
-    SHA256: 472e29b63e1d9d44269a99962b186113586fbd3603eac3a23c520c7ef73a69cf
-  Description: CPUID Driver
-  Company: CPUID
-  InternalName: cpuz.sys
-  OriginalFilename: cpuz.sys
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Product: CPUID service
-  ProductVersion: 6.1.7600.16385
-  Copyright: Copyright(C) 2017 CPUID
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeInitializeEvent
-  - RtlInitAnsiString
-  - MmUnmapIoSpace
-  - IoCancelIrp
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - RtlAnsiStringToUnicodeString
-  - IofCompleteRequest
-  - KeWaitForSingleObject
-  - PsGetVersion
-  - IoCreateSymbolicLink
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - IofCallDriver
-  - KeBugCheckEx
-  - ExFreePoolWithTag
-  - IoDeleteSymbolicLink
-  - IoBuildDeviceIoControlRequest
-  - MmMapIoSpace
-  - ExAllocatePoolWithTag
-  - RtlUnwindEx
-  - HalGetBusDataByOffset
-  - HalSetBusDataByOffset
-  - KeStallExecutionProcessor
-  - KeQueryPerformanceCounter
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, CN=CPUID
-      ValidFrom: '2014-12-02 00:00:00'
-      ValidTo: '2018-03-02 23:59:59'
-      Signature: a59808b35f916a1201f0987b958aaaf50b81f3e507cf9d1b902bc22787244617e38069e4ca74bcf505dfdfeb6bad8bee2ecba26a428c2b26c9b9987241b50ccfd895a7335b35534c5569fdef2554d773cb3b20f10e08eeff2701d2a3e8ef7c5bb759baf1995d1580dce4f0c5da90eff4f07e01e7c9273b24c14c514f2ae1d1fe940dd53bfa25572cd6f3c007c7f21aebc58ea32ca3aea83c731419c9dcc191158cbb52b0b70545a16c9b42aadd4dcb167443d6c15fa03ae7f6f0f644845a69cb8badb3f143fd916a70c5008c3486d1f0cc8e0527f76da5aeaca4925f6eb6861dd54e1ce8b80e6b000446d77ac8bd0299e38db3b8e4a9c43294367cd6a55351d0
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 2d8021d84f098e7abde199f818e211a4
-      Version: 3
-      TBS:
-        MD5: 8f8c7ccf1ef7e1ee347f49e8266008ca
-        SHA1: b856b993df73da9d824aa1e5161788bd10d1e10e
-        SHA256: 1dd13a417806106c76cfbcd3614fe27a0638d2aaf2731f6a110c05043e34ad91
-        SHA384: d24ede407b82f80a6f0703b59af267f227a956c21f642f4c3d717d6999728ba2acfde76966340f4334f8ecdcf294616e
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 2d8021d84f098e7abde199f818e211a4
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: c046d6f14ec39d2a0f67a417bda83c5e
-    SHA1: 74661f1063b4c80566f75a1bee22c35f7af17fa9
-    SHA256: 440eebbdc09d290724d364056ba4e2725c75759819a6df0a1ed5c876ed7d2474
-  Sections:
-    .text:
-      Entropy: 6.1689591912915125
-      Virtual Size: '0x4546'
-    .rdata:
-      Entropy: 4.191218153188012
-      Virtual Size: '0x534'
-    .data:
-      Entropy: 0.378703493487675
-      Virtual Size: '0x440'
-    .pdata:
-      Entropy: 3.6397736740131683
-      Virtual Size: '0xfc'
-    INIT:
-      Entropy: 5.132100585029012
-      Virtual Size: '0x40e'
-    .rsrc:
-      Entropy: 3.394946071861716
-      Virtual Size: '0x350'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2017-05-22 02:17:51'
-  Imphash: 8f96c3ef5dda3fe697d4a4d6326dbe37
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: cpuz.sys
-  MD5: 8ad9dfc971df71cd43788ade6acf8e7d
-  SHA1: 7241b25c3a3ee9f36b52de3db2fc27db7065af37
-  SHA256: f74ffd6916333662900cbecb90aca2d6475a714ce410adf9c5c3264abbe5732c
-  Authentihash:
-    MD5: fa889613bb0522d6e546e8cbd011105a
-    SHA1: 62ee17440edaf819966eb823a26dfd46c24447b4
-    SHA256: 991228f3ea6c1ae8083aa405d1d066e48cd6dbd7d6bc01c81599b2c28f3923f1
-  Description: CPUID Driver
-  Company: CPUID
-  InternalName: cpuz.sys
-  OriginalFilename: cpuz.sys
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Product: CPUID service
-  ProductVersion: 6.1.7600.16385
-  Copyright: Copyright(C) 2015 CPUID
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - RtlAnsiStringToUnicodeString
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeInitializeEvent
-  - RtlInitAnsiString
-  - MmUnmapIoSpace
-  - IoCancelIrp
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - ExFreePoolWithTag
-  - IofCompleteRequest
-  - KeWaitForSingleObject
-  - PsGetVersion
-  - IoCreateSymbolicLink
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - IofCallDriver
-  - KeBugCheckEx
-  - IoDeleteSymbolicLink
-  - IoBuildDeviceIoControlRequest
-  - MmMapIoSpace
-  - ExAllocatePoolWithTag
-  - RtlUnwindEx
-  - HalSetBusDataByOffset
-  - KeStallExecutionProcessor
-  - HalGetBusDataByOffset
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, CN=CPUID
-      ValidFrom: '2014-12-02 00:00:00'
-      ValidTo: '2018-03-02 23:59:59'
-      Signature: a59808b35f916a1201f0987b958aaaf50b81f3e507cf9d1b902bc22787244617e38069e4ca74bcf505dfdfeb6bad8bee2ecba26a428c2b26c9b9987241b50ccfd895a7335b35534c5569fdef2554d773cb3b20f10e08eeff2701d2a3e8ef7c5bb759baf1995d1580dce4f0c5da90eff4f07e01e7c9273b24c14c514f2ae1d1fe940dd53bfa25572cd6f3c007c7f21aebc58ea32ca3aea83c731419c9dcc191158cbb52b0b70545a16c9b42aadd4dcb167443d6c15fa03ae7f6f0f644845a69cb8badb3f143fd916a70c5008c3486d1f0cc8e0527f76da5aeaca4925f6eb6861dd54e1ce8b80e6b000446d77ac8bd0299e38db3b8e4a9c43294367cd6a55351d0
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 2d8021d84f098e7abde199f818e211a4
-      Version: 3
-      TBS:
-        MD5: 8f8c7ccf1ef7e1ee347f49e8266008ca
-        SHA1: b856b993df73da9d824aa1e5161788bd10d1e10e
-        SHA256: 1dd13a417806106c76cfbcd3614fe27a0638d2aaf2731f6a110c05043e34ad91
-        SHA384: d24ede407b82f80a6f0703b59af267f227a956c21f642f4c3d717d6999728ba2acfde76966340f4334f8ecdcf294616e
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 2d8021d84f098e7abde199f818e211a4
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: b3dcf662ce69ad7b34717fb6aecf09a7
-    SHA1: 63be2c28ecee71a739bfbaf38466362e998bc5bc
-    SHA256: f4257b7e95b00b38e446b2708cc342fe32846266064b94c78ec1f987731c2226
-  Sections:
-    .text:
-      Entropy: 6.1888286192821065
-      Virtual Size: '0x30b6'
-    .rdata:
-      Entropy: 4.210489806011185
-      Virtual Size: '0x424'
-    .data:
-      Entropy: 0.378703493487675
-      Virtual Size: '0x2c0'
-    .pdata:
-      Entropy: 3.6128209941554763
-      Virtual Size: '0xd8'
-    INIT:
-      Entropy: 5.131854482283732
-      Virtual Size: '0x3ea'
-    .rsrc:
-      Entropy: 3.3958173868041217
-      Virtual Size: '0x350'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2015-11-18 02:58:02'
-  Imphash: f12ae9073d95c22ed89247253d59f500
-  LoadsDespiteHVCI: 'FALSE'
-Tags:
-- cpuz.sys
+-   Filename: cpuz.sys
+    MD5: a89ca92145fc330adced0dd005421183
+    SHA1: e33eac9d3b9b5c0db3db096332f059bf315a2343
+    SHA256: 0d3790af5f8e5c945410929e31d06144a471ac82f828afe89a4758a5bbeb7f9f
+    Authentihash:
+        MD5: d9d45430dc3fb1c7154c109f9d85d70e
+        SHA1: 4f52e85725556496f9102bba0fdf9d13f721c675
+        SHA256: 90f5962e6b2342eae05dc8f4c34d5291742537248587ccf6ac298691806a4517
+    Description: CPUID Driver
+    Company: CPUID
+    InternalName: cpuz.sys
+    OriginalFilename: cpuz.sys
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Product: CPUID service
+    ProductVersion: 6.1.7600.16385
+    Copyright: Copyright(C) 2010 CPUID
+    MachineType: I386
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IofCompleteRequest
+    - ExFreePool
+    - ExAllocatePoolWithTag
+    - RtlFreeUnicodeString
+    - ObfDereferenceObject
+    - MmIsAddressValid
+    - IoGetDeviceObjectPointer
+    - RtlAnsiStringToUnicodeString
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - DbgPrint
+    - RtlUnwind
+    - KeTickCount
+    - KeBugCheckEx
+    - RtlInitUnicodeString
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - PsGetVersion
+    - KeInitializeEvent
+    - IoBuildDeviceIoControlRequest
+    - IofCallDriver
+    - KeWaitForSingleObject
+    - RtlInitAnsiString
+    - IoCancelIrp
+    - READ_PORT_USHORT
+    - READ_PORT_ULONG
+    - WRITE_PORT_UCHAR
+    - WRITE_PORT_USHORT
+    - WRITE_PORT_ULONG
+    - HalGetBusDataByOffset
+    - HalSetBusDataByOffset
+    - KeStallExecutionProcessor
+    - READ_PORT_UCHAR
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G3
+            ValidFrom: '2012-05-01 00:00:00'
+            ValidTo: '2012-12-31 23:59:59'
+            Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
+            Version: 3
+            TBS:
+                MD5: e6d820afb23af20a65cf0b03247ea05e
+                SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
+                SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
+                SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=CPUID
+            ValidFrom: '2012-01-06 00:00:00'
+            ValidTo: '2015-02-06 23:59:59'
+            Signature: be6fb3b3b33e9108a9a2273d1cf5eb3209a8c3a86ba7d66069393587f6b451b75b327ea15d36b1604aad5509c0ace37fa66e220b35764b9c201169677738c06802d2f798383c256c690898a663b0aeb519491057f9f24149c513abba2a4cab9934a684e5d83a34105fe6681f2b85d5ee06332d1c05c3627758442fd2fc94f5f68bb30f085cb1d31174e1461394aeef7b124291a099654d1103df3deab81e9658b5b5cc817061d688ae39e702f1d0dd420d6de931bed331960e089233b8576482e48d5b769fdfa8df02e1d098912444b324057826e1f72c26f045b2479a9b39eadfd6b2e1bd6db4057ef6b12ca385cad9a7ad82c4414e619f97dfd08a55f59053
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 53c8b54713882d4d5439511804935e
+            Version: 3
+            TBS:
+                MD5: 49e7946e133b4aaa31899adb235d3fa9
+                SHA1: f9f38ec49a6ccb990805be6dda0efa5f7fe8f7e7
+                SHA256: 1bb998a806b890e3300be35de0daa1b691fa218ef3d58ee5ec1b43fd34250a74
+                SHA384: 0a2ca21b084e3b431a7150c49819934d64a8b259d5686706d879a90cc37d32005eb2bbe07558b312b1169ab8a3e3de39
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 53c8b54713882d4d5439511804935e
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 573ac9a3fc69d00f19723f196162680e
+        SHA1: 7e21d51681f265bad20f1db06cd0831b80d4fed2
+        SHA256: 79749e2d14cda7629ae1b8bdc88101418cb5a099b93137ea76824b0246209519
+    Sections:
+        .text:
+            Entropy: 6.222402374512635
+            Virtual Size: '0x2780'
+        .rdata:
+            Entropy: 4.5251453594439255
+            Virtual Size: '0x300'
+        .data:
+            Entropy: 0.335842300318532
+            Virtual Size: '0x1e0'
+        INIT:
+            Entropy: 5.423515041101043
+            Virtual Size: '0x404'
+        .rsrc:
+            Entropy: 3.3927376128305218
+            Virtual Size: '0x350'
+        .reloc:
+            Entropy: 5.4807357701963335
+            Virtual Size: '0x258'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2012-08-11 01:45:54'
+    Imphash: a0a13575e37906924a0b79043b4005c6
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: cpuz.sys
+    MD5: 26ce59f9fc8639fd7fed53ce3b785015
+    SHA1: 2bf6b88b84d27cdf0699d6d18b08a1b36310cdd1
+    SHA256: 11d258e05b850dcc9ecfacccc9486e54bd928aaa3d5e9942696c323fdbd3481b
+    Authentihash:
+        MD5: 0fef96c1d46145af32eb6993faa6e496
+        SHA1: 4d26356a4a48d492b00845a7ac1bb27a92f95871
+        SHA256: 0aa61910c3ceb765441c35925a50983b2571ac22da510f1495cf82f078b535b6
+    Description: CPUID Driver
+    Company: CPUID
+    InternalName: cpuz.sys
+    OriginalFilename: cpuz.sys
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Product: CPUID service
+    ProductVersion: 6.1.7600.16385
+    Copyright: Copyright(C) 2010 CPUID
+    MachineType: I386
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IofCompleteRequest
+    - ExFreePool
+    - ExAllocatePoolWithTag
+    - RtlFreeUnicodeString
+    - ObfDereferenceObject
+    - MmIsAddressValid
+    - IoGetDeviceObjectPointer
+    - MmUnmapIoSpace
+    - RtlInitAnsiString
+    - MmMapIoSpace
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - RtlUnwind
+    - KeTickCount
+    - KeBugCheckEx
+    - RtlInitUnicodeString
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - PsGetVersion
+    - KeInitializeEvent
+    - IoBuildDeviceIoControlRequest
+    - IofCallDriver
+    - KeWaitForSingleObject
+    - RtlAnsiStringToUnicodeString
+    - IoCancelIrp
+    - READ_PORT_USHORT
+    - READ_PORT_ULONG
+    - WRITE_PORT_UCHAR
+    - WRITE_PORT_USHORT
+    - WRITE_PORT_ULONG
+    - HalGetBusDataByOffset
+    - HalSetBusDataByOffset
+    - KeStallExecutionProcessor
+    - READ_PORT_UCHAR
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=CPUID
+            ValidFrom: '2012-01-06 00:00:00'
+            ValidTo: '2015-02-06 23:59:59'
+            Signature: be6fb3b3b33e9108a9a2273d1cf5eb3209a8c3a86ba7d66069393587f6b451b75b327ea15d36b1604aad5509c0ace37fa66e220b35764b9c201169677738c06802d2f798383c256c690898a663b0aeb519491057f9f24149c513abba2a4cab9934a684e5d83a34105fe6681f2b85d5ee06332d1c05c3627758442fd2fc94f5f68bb30f085cb1d31174e1461394aeef7b124291a099654d1103df3deab81e9658b5b5cc817061d688ae39e702f1d0dd420d6de931bed331960e089233b8576482e48d5b769fdfa8df02e1d098912444b324057826e1f72c26f045b2479a9b39eadfd6b2e1bd6db4057ef6b12ca385cad9a7ad82c4414e619f97dfd08a55f59053
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 53c8b54713882d4d5439511804935e
+            Version: 3
+            TBS:
+                MD5: 49e7946e133b4aaa31899adb235d3fa9
+                SHA1: f9f38ec49a6ccb990805be6dda0efa5f7fe8f7e7
+                SHA256: 1bb998a806b890e3300be35de0daa1b691fa218ef3d58ee5ec1b43fd34250a74
+                SHA384: 0a2ca21b084e3b431a7150c49819934d64a8b259d5686706d879a90cc37d32005eb2bbe07558b312b1169ab8a3e3de39
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 53c8b54713882d4d5439511804935e
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 41f15d0f328a165973b49de608ef72a2
+        SHA1: abcd9850775bd0a1a855e785a238e0e69525810f
+        SHA256: 02dc44b04a6426fcaedf26995bfa471f123a90a9c747e82cebaf95f394890631
+    Sections:
+        .text:
+            Entropy: 6.217408305730309
+            Virtual Size: '0x2750'
+        .rdata:
+            Entropy: 4.55489113332384
+            Virtual Size: '0x2f0'
+        .data:
+            Entropy: 0.335842300318532
+            Virtual Size: '0x1e0'
+        INIT:
+            Entropy: 5.41983369153965
+            Virtual Size: '0x3f4'
+        .rsrc:
+            Entropy: 3.3927376128305218
+            Virtual Size: '0x350'
+        .reloc:
+            Entropy: 5.5051908528223255
+            Virtual Size: '0x254'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2012-03-09 01:55:45'
+    Imphash: 958dd67f866ae27cf716e30a025b266f
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: cpuz.sys
+    MD5: 75dbd5db9892d7451d0429bec1aabe1a
+    SHA1: c05df2e56e05b97e3ca8c6a61865cae722ed3066
+    SHA256: 19696fb0db3fcae22f705ae1eb1e9f1151c823f3ff5d8857e90f2a4a6fdc5758
+    Authentihash:
+        MD5: dfb8cce9246e17f356504802d14d019d
+        SHA1: 189bedcea5ec5bfc724ff44b4b44958dc450c7db
+        SHA256: 4b5aecfecf26145aadd23f96a1cdfae0bca4e53af215d4bd77bba5dcc5a4479b
+    Description: CPUID Driver
+    Company: CPUID
+    InternalName: cpuz.sys
+    OriginalFilename: cpuz.sys
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Product: CPUID service
+    ProductVersion: 6.1.7600.16385
+    Copyright: Copyright(C) 2010 CPUID
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - RtlAnsiStringToUnicodeString
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeInitializeEvent
+    - RtlInitAnsiString
+    - MmUnmapIoSpace
+    - IoCancelIrp
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - ExFreePoolWithTag
+    - IofCompleteRequest
+    - KeWaitForSingleObject
+    - PsGetVersion
+    - IoCreateSymbolicLink
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - IofCallDriver
+    - KeBugCheckEx
+    - IoDeleteSymbolicLink
+    - IoBuildDeviceIoControlRequest
+    - MmMapIoSpace
+    - ExAllocatePoolWithTag
+    - RtlUnwindEx
+    - HalSetBusDataByOffset
+    - KeStallExecutionProcessor
+    - HalGetBusDataByOffset
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=CPUID
+            ValidFrom: '2012-01-06 00:00:00'
+            ValidTo: '2015-02-06 23:59:59'
+            Signature: be6fb3b3b33e9108a9a2273d1cf5eb3209a8c3a86ba7d66069393587f6b451b75b327ea15d36b1604aad5509c0ace37fa66e220b35764b9c201169677738c06802d2f798383c256c690898a663b0aeb519491057f9f24149c513abba2a4cab9934a684e5d83a34105fe6681f2b85d5ee06332d1c05c3627758442fd2fc94f5f68bb30f085cb1d31174e1461394aeef7b124291a099654d1103df3deab81e9658b5b5cc817061d688ae39e702f1d0dd420d6de931bed331960e089233b8576482e48d5b769fdfa8df02e1d098912444b324057826e1f72c26f045b2479a9b39eadfd6b2e1bd6db4057ef6b12ca385cad9a7ad82c4414e619f97dfd08a55f59053
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 53c8b54713882d4d5439511804935e
+            Version: 3
+            TBS:
+                MD5: 49e7946e133b4aaa31899adb235d3fa9
+                SHA1: f9f38ec49a6ccb990805be6dda0efa5f7fe8f7e7
+                SHA256: 1bb998a806b890e3300be35de0daa1b691fa218ef3d58ee5ec1b43fd34250a74
+                SHA384: 0a2ca21b084e3b431a7150c49819934d64a8b259d5686706d879a90cc37d32005eb2bbe07558b312b1169ab8a3e3de39
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 53c8b54713882d4d5439511804935e
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 685a19a8e9f46a76067db83da501dca0
+        SHA1: 5f76e4cf5157450837536db016e9981cb41394d2
+        SHA256: 1a0c69ff029488d41c7d9413943c28d389016adb26698d9baf02c6f32739d591
+    Sections:
+        .text:
+            Entropy: 6.207830883313713
+            Virtual Size: '0x25d6'
+        .rdata:
+            Entropy: 4.172824067374571
+            Virtual Size: '0x3ec'
+        .data:
+            Entropy: 0.378703493487675
+            Virtual Size: '0x2c0'
+        .pdata:
+            Entropy: 3.503621523339014
+            Virtual Size: '0xc0'
+        INIT:
+            Entropy: 5.076575853289
+            Virtual Size: '0x406'
+        .rsrc:
+            Entropy: 3.3943730160709853
+            Virtual Size: '0x350'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2012-03-09 01:56:55'
+    Imphash: 82942c060f79cefd3bf1acdf5c207561
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: cpuz.sys
+    MD5: fe820a5f99b092c3660762c6fc6c64e0
+    SHA1: fad8e308f6d2e6a9cfaf9e6189335126a3c69acb
+    SHA256: 1e16a01ef44e4c56e87abfbe03b2989b0391b172c3ec162783ad640be65ab961
+    Authentihash:
+        MD5: 97861c7d308c22f4db08d08ce912fced
+        SHA1: 368c63d2f393ef65f8107d175174e9eaa13d993e
+        SHA256: 3966d4b1e4f5442b8507f91b6dbde3523657b47fd2945d990249605727d231ec
+    Description: CPUID Driver
+    Company: CPUID
+    InternalName: cpuz.sys
+    OriginalFilename: cpuz.sys
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Product: CPUID service
+    ProductVersion: 6.1.7600.16385
+    Copyright: Copyright(C) 2012 CPUID
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - RtlAnsiStringToUnicodeString
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeInitializeEvent
+    - RtlInitAnsiString
+    - MmUnmapIoSpace
+    - IoCancelIrp
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - ExFreePoolWithTag
+    - IofCompleteRequest
+    - KeWaitForSingleObject
+    - PsGetVersion
+    - IoCreateSymbolicLink
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - IofCallDriver
+    - KeBugCheckEx
+    - IoDeleteSymbolicLink
+    - IoBuildDeviceIoControlRequest
+    - MmMapIoSpace
+    - ExAllocatePoolWithTag
+    - RtlUnwindEx
+    - HalSetBusDataByOffset
+    - KeStallExecutionProcessor
+    - HalGetBusDataByOffset
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G3
+            ValidFrom: '2012-05-01 00:00:00'
+            ValidTo: '2012-12-31 23:59:59'
+            Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
+            Version: 3
+            TBS:
+                MD5: e6d820afb23af20a65cf0b03247ea05e
+                SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
+                SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
+                SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=CPUID
+            ValidFrom: '2012-01-06 00:00:00'
+            ValidTo: '2015-02-06 23:59:59'
+            Signature: be6fb3b3b33e9108a9a2273d1cf5eb3209a8c3a86ba7d66069393587f6b451b75b327ea15d36b1604aad5509c0ace37fa66e220b35764b9c201169677738c06802d2f798383c256c690898a663b0aeb519491057f9f24149c513abba2a4cab9934a684e5d83a34105fe6681f2b85d5ee06332d1c05c3627758442fd2fc94f5f68bb30f085cb1d31174e1461394aeef7b124291a099654d1103df3deab81e9658b5b5cc817061d688ae39e702f1d0dd420d6de931bed331960e089233b8576482e48d5b769fdfa8df02e1d098912444b324057826e1f72c26f045b2479a9b39eadfd6b2e1bd6db4057ef6b12ca385cad9a7ad82c4414e619f97dfd08a55f59053
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 53c8b54713882d4d5439511804935e
+            Version: 3
+            TBS:
+                MD5: 49e7946e133b4aaa31899adb235d3fa9
+                SHA1: f9f38ec49a6ccb990805be6dda0efa5f7fe8f7e7
+                SHA256: 1bb998a806b890e3300be35de0daa1b691fa218ef3d58ee5ec1b43fd34250a74
+                SHA384: 0a2ca21b084e3b431a7150c49819934d64a8b259d5686706d879a90cc37d32005eb2bbe07558b312b1169ab8a3e3de39
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 53c8b54713882d4d5439511804935e
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 685a19a8e9f46a76067db83da501dca0
+        SHA1: 5f76e4cf5157450837536db016e9981cb41394d2
+        SHA256: 1a0c69ff029488d41c7d9413943c28d389016adb26698d9baf02c6f32739d591
+    Sections:
+        .text:
+            Entropy: 6.181674969781746
+            Virtual Size: '0x2536'
+        .rdata:
+            Entropy: 4.160071293394142
+            Virtual Size: '0x3d4'
+        .data:
+            Entropy: 0.378703493487675
+            Virtual Size: '0x2c0'
+        .pdata:
+            Entropy: 3.4970531643346394
+            Virtual Size: '0xc0'
+        INIT:
+            Entropy: 5.076575853289
+            Virtual Size: '0x406'
+        .rsrc:
+            Entropy: 3.3935766621226473
+            Virtual Size: '0x350'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2012-10-27 11:24:41'
+    Imphash: 82942c060f79cefd3bf1acdf5c207561
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: cpuz.sys
+    MD5: 262969a3fab32b9e17e63e2d17a57744
+    SHA1: 363b907c3b4f37968e9c8e1b7eeca5a5c5d530f8
+    SHA256: 1ee59eb28688e73d10838c66e0d8e011c8df45b6b43a4ac5d0b75795ca3eb512
+    Authentihash:
+        MD5: 7c8e917e5adba8b20bea898d4b966c6c
+        SHA1: 570496ebc3c4010b48c3703652fdfcb60352798b
+        SHA256: 98c86fcf018822289340d248f5e2896c41ad0f284febb741b945312ff40bdfa3
+    Description: CPUID Driver
+    Company: CPUID
+    InternalName: cpuz.sys
+    OriginalFilename: cpuz.sys
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Product: CPUID service
+    ProductVersion: 6.1.7600.16385
+    Copyright: Copyright(C) 2010 CPUID
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - RtlAnsiStringToUnicodeString
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeInitializeEvent
+    - RtlInitAnsiString
+    - MmUnmapIoSpace
+    - IoCancelIrp
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - ExFreePoolWithTag
+    - IofCompleteRequest
+    - KeWaitForSingleObject
+    - PsGetVersion
+    - IoCreateSymbolicLink
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - IofCallDriver
+    - KeBugCheckEx
+    - IoDeleteSymbolicLink
+    - IoBuildDeviceIoControlRequest
+    - MmMapIoSpace
+    - ExAllocatePoolWithTag
+    - RtlUnwindEx
+    - HalSetBusDataByOffset
+    - KeStallExecutionProcessor
+    - HalGetBusDataByOffset
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=CPUID
+            ValidFrom: '2009-02-02 00:00:00'
+            ValidTo: '2012-02-07 23:59:59'
+            Signature: 9a9bbecb393272aaedfd7a125e0fe581151a18a75a4094e082a38156f62018b9d59edef27429bbea60d6e146a2ce134546d54e00b6585c1d85e3aedfb3b9a5de7728a96b2bcc26106655bae6bc5ce3a72714f9e23282a2fba29fc870b394e832f07dc50ded3a042953fe91379769e424398278b6ed14ae4f6b4cce5fa7ba20fc8d157a78fd308214d177189bcd76b2bd62a861a8c1562e2748f338f7369f0f062804685399a6655fcb4564a644e7a8bee8330557376884cce9153992e8e205bc1474dbd0109b3c87991db9bb77a9dff5775267390431ce56ff49500d8ad70be34a0d9a0b112e07eb55f0fe07de9ac93a0b30cb36029b5ec41e032daf66627d4e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
+            Version: 3
+            TBS:
+                MD5: fb72fa311261c4fb6a786e5cc7ce1d2f
+                SHA1: 1006abcf3b1eb43fd4cc42a2cc25346b3b9002c3
+                SHA256: 01beb7dc0d29b16a5506fc611b435aa0f4d9c50408ca404e91135e493a20890a
+                SHA384: 759175ad5a7509fc3ea3678d14e568abd0edeb753b53af88af04869bea98a07314b88c26de077ab3bdb6dbb1df1b93f9
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 685a19a8e9f46a76067db83da501dca0
+        SHA1: 5f76e4cf5157450837536db016e9981cb41394d2
+        SHA256: 1a0c69ff029488d41c7d9413943c28d389016adb26698d9baf02c6f32739d591
+    Sections:
+        .text:
+            Entropy: 6.190718841242454
+            Virtual Size: '0x2416'
+        .rdata:
+            Entropy: 4.183312032190414
+            Virtual Size: '0x3ec'
+        .data:
+            Entropy: 0.378703493487675
+            Virtual Size: '0x2c0'
+        .pdata:
+            Entropy: 3.53594863841985
+            Virtual Size: '0xc0'
+        INIT:
+            Entropy: 5.076575853289
+            Virtual Size: '0x406'
+        .rsrc:
+            Entropy: 3.3943730160709853
+            Virtual Size: '0x350'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2010-11-09 06:33:36'
+    Imphash: 82942c060f79cefd3bf1acdf5c207561
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: cpuz.sys
+    MD5: 17719a7f571d4cd08223f0b30f71b8b8
+    SHA1: f9c916d163b85057414300ca214ebdf751172ecf
+    SHA256: 1f4d4db4abe26e765a33afb2501ac134d14cadeaa74ae8a0fae420e4ecf58e0c
+    Authentihash:
+        MD5: 93bf28533aa6e63dc8b80b998b0814af
+        SHA1: 413ed5609215f4a6cee3b7b357eb594902a817f5
+        SHA256: 1399e65aa55c898a6cd5fb32d4b19f5bbaf69c56c1383963c99b7a0804eb0203
+    Description: CPUID Driver
+    Company: Windows (R) Win 7 DDK provider
+    InternalName: cpuz.sys
+    OriginalFilename: cpuz.sys
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Product: Windows (R) Win 7 DDK driver
+    ProductVersion: 6.1.7600.16385
+    Copyright: "\xA9 Microsoft Corporation. All rights reserved."
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - RtlAnsiStringToUnicodeString
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeInitializeEvent
+    - RtlInitAnsiString
+    - MmUnmapIoSpace
+    - IoCancelIrp
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - ExFreePoolWithTag
+    - IofCompleteRequest
+    - KeWaitForSingleObject
+    - PsGetVersion
+    - IoCreateSymbolicLink
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - IofCallDriver
+    - KeBugCheckEx
+    - IoDeleteSymbolicLink
+    - IoBuildDeviceIoControlRequest
+    - MmMapIoSpace
+    - ExAllocatePoolWithTag
+    - RtlUnwindEx
+    - HalSetBusDataByOffset
+    - KeStallExecutionProcessor
+    - HalGetBusDataByOffset
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=CPUID
+            ValidFrom: '2009-02-02 00:00:00'
+            ValidTo: '2012-02-07 23:59:59'
+            Signature: 9a9bbecb393272aaedfd7a125e0fe581151a18a75a4094e082a38156f62018b9d59edef27429bbea60d6e146a2ce134546d54e00b6585c1d85e3aedfb3b9a5de7728a96b2bcc26106655bae6bc5ce3a72714f9e23282a2fba29fc870b394e832f07dc50ded3a042953fe91379769e424398278b6ed14ae4f6b4cce5fa7ba20fc8d157a78fd308214d177189bcd76b2bd62a861a8c1562e2748f338f7369f0f062804685399a6655fcb4564a644e7a8bee8330557376884cce9153992e8e205bc1474dbd0109b3c87991db9bb77a9dff5775267390431ce56ff49500d8ad70be34a0d9a0b112e07eb55f0fe07de9ac93a0b30cb36029b5ec41e032daf66627d4e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
+            Version: 3
+            TBS:
+                MD5: fb72fa311261c4fb6a786e5cc7ce1d2f
+                SHA1: 1006abcf3b1eb43fd4cc42a2cc25346b3b9002c3
+                SHA256: 01beb7dc0d29b16a5506fc611b435aa0f4d9c50408ca404e91135e493a20890a
+                SHA384: 759175ad5a7509fc3ea3678d14e568abd0edeb753b53af88af04869bea98a07314b88c26de077ab3bdb6dbb1df1b93f9
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 89dc670b5f7c06b577deeec9473dc96b
+        SHA1: af59c00ae531117ba9307257ab945cdf6c8309f6
+        SHA256: 35b9d8fc904c88f4df237edc610727f89c415e48bcf135191c43832bb2935ba6
+    Sections:
+        .text:
+            Entropy: 6.182386482362877
+            Virtual Size: '0x2256'
+        .rdata:
+            Entropy: 4.258631853520521
+            Virtual Size: '0x3d0'
+        .data:
+            Entropy: 0.378703493487675
+            Virtual Size: '0x2c0'
+        .pdata:
+            Entropy: 3.4326961450392584
+            Virtual Size: '0x90'
+        INIT:
+            Entropy: 5.067835669413665
+            Virtual Size: '0x406'
+        .rsrc:
+            Entropy: 3.4148190207283133
+            Virtual Size: '0x3d0'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2010-07-09 05:16:58'
+    Imphash: 82942c060f79cefd3bf1acdf5c207561
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: cpuz.sys
+    MD5: 21be10f66bb65c1d406407faa0b9ba95
+    SHA1: 86e59b17272a3e7d9976c980ded939bf8bf75069
+    SHA256: 2101d5e80e92c55ecfd8c24fcf2202a206a4fd70195a1378f88c4cc04d336f22
+    Authentihash:
+        MD5: 9328ac41d0afb80914780b9474c0bca0
+        SHA1: e8f4f4e2a672d845d897f36646d8339597135050
+        SHA256: c0ed71b491aec860932fe92e5527ef444d537b396186ac839d5ed0884cfcaf0c
+    Description: CPUID Driver
+    Company: CPUID
+    InternalName: cpuz.sys
+    OriginalFilename: cpuz.sys
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Product: CPUID service
+    ProductVersion: 6.1.7600.16385
+    Copyright: Copyright(C) 2014 CPUID
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - RtlAnsiStringToUnicodeString
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeInitializeEvent
+    - RtlInitAnsiString
+    - MmUnmapIoSpace
+    - IoCancelIrp
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - ExFreePoolWithTag
+    - IofCompleteRequest
+    - KeWaitForSingleObject
+    - PsGetVersion
+    - IoCreateSymbolicLink
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - IofCallDriver
+    - KeBugCheckEx
+    - IoDeleteSymbolicLink
+    - IoBuildDeviceIoControlRequest
+    - MmMapIoSpace
+    - ExAllocatePoolWithTag
+    - RtlUnwindEx
+    - HalSetBusDataByOffset
+    - KeStallExecutionProcessor
+    - HalGetBusDataByOffset
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=CPUID
+            ValidFrom: '2012-01-06 00:00:00'
+            ValidTo: '2015-02-06 23:59:59'
+            Signature: be6fb3b3b33e9108a9a2273d1cf5eb3209a8c3a86ba7d66069393587f6b451b75b327ea15d36b1604aad5509c0ace37fa66e220b35764b9c201169677738c06802d2f798383c256c690898a663b0aeb519491057f9f24149c513abba2a4cab9934a684e5d83a34105fe6681f2b85d5ee06332d1c05c3627758442fd2fc94f5f68bb30f085cb1d31174e1461394aeef7b124291a099654d1103df3deab81e9658b5b5cc817061d688ae39e702f1d0dd420d6de931bed331960e089233b8576482e48d5b769fdfa8df02e1d098912444b324057826e1f72c26f045b2479a9b39eadfd6b2e1bd6db4057ef6b12ca385cad9a7ad82c4414e619f97dfd08a55f59053
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 53c8b54713882d4d5439511804935e
+            Version: 3
+            TBS:
+                MD5: 49e7946e133b4aaa31899adb235d3fa9
+                SHA1: f9f38ec49a6ccb990805be6dda0efa5f7fe8f7e7
+                SHA256: 1bb998a806b890e3300be35de0daa1b691fa218ef3d58ee5ec1b43fd34250a74
+                SHA384: 0a2ca21b084e3b431a7150c49819934d64a8b259d5686706d879a90cc37d32005eb2bbe07558b312b1169ab8a3e3de39
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 53c8b54713882d4d5439511804935e
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: c046d6f14ec39d2a0f67a417bda83c5e
+        SHA1: 74661f1063b4c80566f75a1bee22c35f7af17fa9
+        SHA256: 440eebbdc09d290724d364056ba4e2725c75759819a6df0a1ed5c876ed7d2474
+    Sections:
+        .text:
+            Entropy: 6.184959788800412
+            Virtual Size: '0x3046'
+        .rdata:
+            Entropy: 4.1967199978388665
+            Virtual Size: '0x434'
+        .data:
+            Entropy: 0.378703493487675
+            Virtual Size: '0x2c0'
+        .pdata:
+            Entropy: 3.61540303809267
+            Virtual Size: '0xd8'
+        INIT:
+            Entropy: 5.133048134973059
+            Virtual Size: '0x406'
+        .rsrc:
+            Entropy: 3.3971374522271924
+            Virtual Size: '0x350'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2014-10-06 04:26:29'
+    Imphash: 82942c060f79cefd3bf1acdf5c207561
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: cpuz.sys
+    MD5: 4885e1bf1971c8fa9e7686fd5199f500
+    SHA1: 388068adc9ec46a0bbc8173bcb0d5f9cf8af6ea5
+    SHA256: 26e3bfef255efd052a84c3c43994c73222b14c95db9a4b1fc2e98f1a5cb26e43
+    Authentihash:
+        MD5: 92c5a8d936bb2ef7802aaa15c877e866
+        SHA1: 340024982f9ad5c2722bab8cddec9d32f0efdc7c
+        SHA256: 313a69d8eea6a933cffac0fa67d46ad9aef0815bb579fce7623d9be825888e30
+    Description: CPUID Driver
+    Company: CPUID
+    InternalName: cpuz.sys
+    OriginalFilename: cpuz.sys
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Product: CPUID service
+    ProductVersion: 6.1.7600.16385
+    Copyright: Copyright(C) 2013 CPUID
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - RtlAnsiStringToUnicodeString
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeInitializeEvent
+    - RtlInitAnsiString
+    - MmUnmapIoSpace
+    - IoCancelIrp
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - ExFreePoolWithTag
+    - IofCompleteRequest
+    - KeWaitForSingleObject
+    - PsGetVersion
+    - IoCreateSymbolicLink
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - IofCallDriver
+    - KeBugCheckEx
+    - IoDeleteSymbolicLink
+    - IoBuildDeviceIoControlRequest
+    - MmMapIoSpace
+    - ExAllocatePoolWithTag
+    - RtlUnwindEx
+    - HalSetBusDataByOffset
+    - KeStallExecutionProcessor
+    - HalGetBusDataByOffset
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=CPUID
+            ValidFrom: '2012-01-06 00:00:00'
+            ValidTo: '2015-02-06 23:59:59'
+            Signature: be6fb3b3b33e9108a9a2273d1cf5eb3209a8c3a86ba7d66069393587f6b451b75b327ea15d36b1604aad5509c0ace37fa66e220b35764b9c201169677738c06802d2f798383c256c690898a663b0aeb519491057f9f24149c513abba2a4cab9934a684e5d83a34105fe6681f2b85d5ee06332d1c05c3627758442fd2fc94f5f68bb30f085cb1d31174e1461394aeef7b124291a099654d1103df3deab81e9658b5b5cc817061d688ae39e702f1d0dd420d6de931bed331960e089233b8576482e48d5b769fdfa8df02e1d098912444b324057826e1f72c26f045b2479a9b39eadfd6b2e1bd6db4057ef6b12ca385cad9a7ad82c4414e619f97dfd08a55f59053
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 53c8b54713882d4d5439511804935e
+            Version: 3
+            TBS:
+                MD5: 49e7946e133b4aaa31899adb235d3fa9
+                SHA1: f9f38ec49a6ccb990805be6dda0efa5f7fe8f7e7
+                SHA256: 1bb998a806b890e3300be35de0daa1b691fa218ef3d58ee5ec1b43fd34250a74
+                SHA384: 0a2ca21b084e3b431a7150c49819934d64a8b259d5686706d879a90cc37d32005eb2bbe07558b312b1169ab8a3e3de39
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 53c8b54713882d4d5439511804935e
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 685a19a8e9f46a76067db83da501dca0
+        SHA1: 5f76e4cf5157450837536db016e9981cb41394d2
+        SHA256: 1a0c69ff029488d41c7d9413943c28d389016adb26698d9baf02c6f32739d591
+    Sections:
+        .text:
+            Entropy: 6.189630683612354
+            Virtual Size: '0x2c76'
+        .rdata:
+            Entropy: 4.1481713750399685
+            Virtual Size: '0x414'
+        .data:
+            Entropy: 0.378703493487675
+            Virtual Size: '0x2c0'
+        .pdata:
+            Entropy: 3.5274875201903875
+            Virtual Size: '0xc0'
+        INIT:
+            Entropy: 5.076575853289
+            Virtual Size: '0x406'
+        .rsrc:
+            Entropy: 3.3935766621226473
+            Virtual Size: '0x350'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2013-11-27 03:33:59'
+    Imphash: 82942c060f79cefd3bf1acdf5c207561
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: cpuz.sys
+    MD5: ab4ee84e09b09012ac86d3a875af9d43
+    SHA1: 3c81cdfd99d91c7c9de7921607be12233ed0dfd8
+    SHA256: 2a6db9facf9e13d35c37dd468be04bae5f70c6127a9aee76daebddbdec95d486
+    Authentihash:
+        MD5: 654f9a768f518e632c99309bd4c1145b
+        SHA1: a5f086835d7c2883ad8d985772d02a9a8815bcbb
+        SHA256: d4e93f592a8342b0eb582d24a114348ce40ecb3c1e7b238d731b02e17d5aae7d
+    Description: CPUID Driver
+    Company: CPUID
+    InternalName: cpuz.sys
+    OriginalFilename: cpuz.sys
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Product: CPUID service
+    ProductVersion: 6.1.7600.16385
+    Copyright: Copyright(C) 2012 CPUID
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - RtlAnsiStringToUnicodeString
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeInitializeEvent
+    - RtlInitAnsiString
+    - MmUnmapIoSpace
+    - IoCancelIrp
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - ExFreePoolWithTag
+    - IofCompleteRequest
+    - KeWaitForSingleObject
+    - PsGetVersion
+    - IoCreateSymbolicLink
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - IofCallDriver
+    - KeBugCheckEx
+    - IoDeleteSymbolicLink
+    - IoBuildDeviceIoControlRequest
+    - MmMapIoSpace
+    - ExAllocatePoolWithTag
+    - RtlUnwindEx
+    - HalSetBusDataByOffset
+    - KeStallExecutionProcessor
+    - HalGetBusDataByOffset
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=CPUID
+            ValidFrom: '2012-01-06 00:00:00'
+            ValidTo: '2015-02-06 23:59:59'
+            Signature: be6fb3b3b33e9108a9a2273d1cf5eb3209a8c3a86ba7d66069393587f6b451b75b327ea15d36b1604aad5509c0ace37fa66e220b35764b9c201169677738c06802d2f798383c256c690898a663b0aeb519491057f9f24149c513abba2a4cab9934a684e5d83a34105fe6681f2b85d5ee06332d1c05c3627758442fd2fc94f5f68bb30f085cb1d31174e1461394aeef7b124291a099654d1103df3deab81e9658b5b5cc817061d688ae39e702f1d0dd420d6de931bed331960e089233b8576482e48d5b769fdfa8df02e1d098912444b324057826e1f72c26f045b2479a9b39eadfd6b2e1bd6db4057ef6b12ca385cad9a7ad82c4414e619f97dfd08a55f59053
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 53c8b54713882d4d5439511804935e
+            Version: 3
+            TBS:
+                MD5: 49e7946e133b4aaa31899adb235d3fa9
+                SHA1: f9f38ec49a6ccb990805be6dda0efa5f7fe8f7e7
+                SHA256: 1bb998a806b890e3300be35de0daa1b691fa218ef3d58ee5ec1b43fd34250a74
+                SHA384: 0a2ca21b084e3b431a7150c49819934d64a8b259d5686706d879a90cc37d32005eb2bbe07558b312b1169ab8a3e3de39
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 53c8b54713882d4d5439511804935e
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 685a19a8e9f46a76067db83da501dca0
+        SHA1: 5f76e4cf5157450837536db016e9981cb41394d2
+        SHA256: 1a0c69ff029488d41c7d9413943c28d389016adb26698d9baf02c6f32739d591
+    Sections:
+        .text:
+            Entropy: 6.190388157802366
+            Virtual Size: '0x2616'
+        .rdata:
+            Entropy: 4.158462162346533
+            Virtual Size: '0x3d4'
+        .data:
+            Entropy: 0.378703493487675
+            Virtual Size: '0x2c0'
+        .pdata:
+            Entropy: 3.501505002731896
+            Virtual Size: '0xc0'
+        INIT:
+            Entropy: 5.076575853289
+            Virtual Size: '0x406'
+        .rsrc:
+            Entropy: 3.3935766621226473
+            Virtual Size: '0x350'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2013-05-10 06:42:51'
+    Imphash: 82942c060f79cefd3bf1acdf5c207561
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: cpuz.sys
+    MD5: 743c403d20a89db5ed84c874768b7119
+    SHA1: dc8fa4648c674e3a7148dd8e8c35f668a3701a52
+    SHA256: 2a9d481ffdc5c1e2cb50cf078be32be06b21f6e2b38e90e008edfc8c4f2a9c4e
+    Authentihash:
+        MD5: 4c2f42ab19a70ee6a2cb936329b34aff
+        SHA1: 742a9fc918c7bb2b1707412c703d7b7674ed1094
+        SHA256: fd8d61102719afb0b8a230d9e8c372af3396bec4a6d72aada42a1f1d36187751
+    Description: CPUID Driver
+    Company: Windows (R) Win 7 DDK provider
+    InternalName: cpuz.sys
+    OriginalFilename: cpuz.sys
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Product: Windows (R) Win 7 DDK driver
+    ProductVersion: 6.1.7600.16385
+    Copyright: "\xA9 Microsoft Corporation. All rights reserved."
+    MachineType: I386
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - RtlFreeUnicodeString
+    - ObfDereferenceObject
+    - MmIsAddressValid
+    - IoGetDeviceObjectPointer
+    - RtlAnsiStringToUnicodeString
+    - IofCompleteRequest
+    - MmMapIoSpace
+    - ProbeForWrite
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeTickCount
+    - KeBugCheckEx
+    - MmUnmapIoSpace
+    - RtlInitUnicodeString
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - PsGetVersion
+    - KeInitializeEvent
+    - IoBuildDeviceIoControlRequest
+    - IofCallDriver
+    - RtlInitAnsiString
+    - KeWaitForSingleObject
+    - RtlUnwind
+    - READ_PORT_USHORT
+    - READ_PORT_ULONG
+    - WRITE_PORT_UCHAR
+    - WRITE_PORT_USHORT
+    - WRITE_PORT_ULONG
+    - HalGetBusDataByOffset
+    - HalSetBusDataByOffset
+    - KeStallExecutionProcessor
+    - READ_PORT_UCHAR
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=CPUID
+            ValidFrom: '2009-02-02 00:00:00'
+            ValidTo: '2012-02-07 23:59:59'
+            Signature: 9a9bbecb393272aaedfd7a125e0fe581151a18a75a4094e082a38156f62018b9d59edef27429bbea60d6e146a2ce134546d54e00b6585c1d85e3aedfb3b9a5de7728a96b2bcc26106655bae6bc5ce3a72714f9e23282a2fba29fc870b394e832f07dc50ded3a042953fe91379769e424398278b6ed14ae4f6b4cce5fa7ba20fc8d157a78fd308214d177189bcd76b2bd62a861a8c1562e2748f338f7369f0f062804685399a6655fcb4564a644e7a8bee8330557376884cce9153992e8e205bc1474dbd0109b3c87991db9bb77a9dff5775267390431ce56ff49500d8ad70be34a0d9a0b112e07eb55f0fe07de9ac93a0b30cb36029b5ec41e032daf66627d4e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
+            Version: 3
+            TBS:
+                MD5: fb72fa311261c4fb6a786e5cc7ce1d2f
+                SHA1: 1006abcf3b1eb43fd4cc42a2cc25346b3b9002c3
+                SHA256: 01beb7dc0d29b16a5506fc611b435aa0f4d9c50408ca404e91135e493a20890a
+                SHA384: 759175ad5a7509fc3ea3678d14e568abd0edeb753b53af88af04869bea98a07314b88c26de077ab3bdb6dbb1df1b93f9
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 4ba73072bea66755a70f3a8c99951424
+        SHA1: d9ce039d736544c2d9b7fe44460d8e006a5c62f0
+        SHA256: 3b45bc2da9543317e7a22486f86a3f8c0eb289596d1d7661b47e35e99058861f
+    Sections:
+        .text:
+            Entropy: 6.221169838993626
+            Virtual Size: '0x2030'
+        .rdata:
+            Entropy: 4.564029507184391
+            Virtual Size: '0x2ec'
+        .data:
+            Entropy: 0.22396935932252834
+            Virtual Size: '0x1c0'
+        INIT:
+            Entropy: 5.46954214905682
+            Virtual Size: '0x3fc'
+        .rsrc:
+            Entropy: 3.413813063110847
+            Virtual Size: '0x3d0'
+        .reloc:
+            Entropy: 5.666994611221042
+            Virtual Size: '0x210'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2010-05-11 03:59:25'
+    Imphash: 744af2b62301859b4ccdffba53551b15
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: cpuz.sys
+    MD5: e0bfbdf3793ea2742c03f5a82cb305a5
+    SHA1: a6a71fb4f91080aff2a3a42811b4bd86fb22168d
+    SHA256: 2ef7df384e93951893b65500dac6ee09da6b8fe9128326caad41b8be4da49a1e
+    Authentihash:
+        MD5: a85d9912baf9994b0fabf924f6a66e9b
+        SHA1: 04defcae6548e92ea76bd7069a672a7e1067b995
+        SHA256: d1c71a98e10105faa0814fec3544474d86ae0e8f88efd77798a716adad3994a2
+    Description: CPUID Driver
+    Company: Windows (R) Codename Longhorn DDK provider
+    InternalName: cpuz.sys
+    OriginalFilename: cpuz.sys
+    FileVersion: '6.0.6000.16386 built by: WinDDK'
+    Product: Windows (R) Codename Longhorn DDK driver
+    ProductVersion: 6.0.6000.16386
+    Copyright: "\xA9 Microsoft Corporation. All rights reserved."
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoDeleteSymbolicLink
+    - IoCreateSymbolicLink
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - RtlAnsiStringToUnicodeString
+    - RtlFreeUnicodeString
+    - IoCreateDevice
+    - IofCallDriver
+    - IoGetDeviceObjectPointer
+    - IoBuildDeviceIoControlRequest
+    - IoDeleteDevice
+    - ProbeForWrite
+    - MmMapIoSpace
+    - KeInitializeEvent
+    - RtlInitAnsiString
+    - IofCompleteRequest
+    - KeWaitForSingleObject
+    - KeBugCheckEx
+    - MmUnmapIoSpace
+    - RtlInitUnicodeString
+    - PsGetVersion
+    - RtlUnwindEx
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=CPUID
+            ValidFrom: '2009-02-02 00:00:00'
+            ValidTo: '2012-02-07 23:59:59'
+            Signature: 9a9bbecb393272aaedfd7a125e0fe581151a18a75a4094e082a38156f62018b9d59edef27429bbea60d6e146a2ce134546d54e00b6585c1d85e3aedfb3b9a5de7728a96b2bcc26106655bae6bc5ce3a72714f9e23282a2fba29fc870b394e832f07dc50ded3a042953fe91379769e424398278b6ed14ae4f6b4cce5fa7ba20fc8d157a78fd308214d177189bcd76b2bd62a861a8c1562e2748f338f7369f0f062804685399a6655fcb4564a644e7a8bee8330557376884cce9153992e8e205bc1474dbd0109b3c87991db9bb77a9dff5775267390431ce56ff49500d8ad70be34a0d9a0b112e07eb55f0fe07de9ac93a0b30cb36029b5ec41e032daf66627d4e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
+            Version: 3
+            TBS:
+                MD5: fb72fa311261c4fb6a786e5cc7ce1d2f
+                SHA1: 1006abcf3b1eb43fd4cc42a2cc25346b3b9002c3
+                SHA256: 01beb7dc0d29b16a5506fc611b435aa0f4d9c50408ca404e91135e493a20890a
+                SHA384: 759175ad5a7509fc3ea3678d14e568abd0edeb753b53af88af04869bea98a07314b88c26de077ab3bdb6dbb1df1b93f9
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: a4919ba9bce5fa10c0659fe35e106bff
+        SHA1: c9062199c8b03518cf06dcc7212ff3c1ffbf0452
+        SHA256: f6f4beb34371f4eec6c80a94046382a70864524606df3fdcf4d08fe9ddacc1af
+    Sections:
+        .text:
+            Entropy: 6.139220942185034
+            Virtual Size: '0x1da6'
+        .rdata:
+            Entropy: 4.302697981700664
+            Virtual Size: '0x394'
+        .data:
+            Entropy: 0.378703493487675
+            Virtual Size: '0x2c0'
+        .pdata:
+            Entropy: 3.3507319703399823
+            Virtual Size: '0x84'
+        INIT:
+            Entropy: 4.945456847123696
+            Virtual Size: '0x388'
+        .rsrc:
+            Entropy: 3.393742999677783
+            Virtual Size: '0x400'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2009-03-07 03:03:14'
+    Imphash: cb8db41ab8c06472574e58b9466f4070
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: cpuz.sys
+    MD5: 22ca5fe8fb0e5e22e6fb0848108c03f4
+    SHA1: bec66e0a4842048c25732f7ea2bbe989ea400abf
+    SHA256: 34bee22c18ddbddbe115cf1ab55cabf0e482aba1eb2c343153577fb24b7226d3
+    Authentihash:
+        MD5: b1113bc5a8f67468ae6e0183c60be10a
+        SHA1: bbea7d9b8672ca30c6a8f49e913f110720d4753c
+        SHA256: 55e3b977402be076bfafe332a3fb29ddb6b02edf932d02e963df09adbe89eb91
+    Description: CPUID Driver
+    Company: CPUID
+    InternalName: cpuz.sys
+    OriginalFilename: cpuz.sys
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Product: CPUID service
+    ProductVersion: 6.1.7600.16385
+    Copyright: Copyright(C) 2017 CPUID
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeInitializeEvent
+    - RtlInitAnsiString
+    - MmUnmapIoSpace
+    - IoCancelIrp
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - RtlAnsiStringToUnicodeString
+    - IofCompleteRequest
+    - KeWaitForSingleObject
+    - PsGetVersion
+    - IoCreateSymbolicLink
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - IofCallDriver
+    - KeBugCheckEx
+    - ExFreePoolWithTag
+    - IoDeleteSymbolicLink
+    - IoBuildDeviceIoControlRequest
+    - MmMapIoSpace
+    - ExAllocatePoolWithTag
+    - RtlUnwindEx
+    - HalGetBusDataByOffset
+    - HalSetBusDataByOffset
+    - KeStallExecutionProcessor
+    - KeQueryPerformanceCounter
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, CN=CPUID
+            ValidFrom: '2014-12-02 00:00:00'
+            ValidTo: '2018-03-02 23:59:59'
+            Signature: a59808b35f916a1201f0987b958aaaf50b81f3e507cf9d1b902bc22787244617e38069e4ca74bcf505dfdfeb6bad8bee2ecba26a428c2b26c9b9987241b50ccfd895a7335b35534c5569fdef2554d773cb3b20f10e08eeff2701d2a3e8ef7c5bb759baf1995d1580dce4f0c5da90eff4f07e01e7c9273b24c14c514f2ae1d1fe940dd53bfa25572cd6f3c007c7f21aebc58ea32ca3aea83c731419c9dcc191158cbb52b0b70545a16c9b42aadd4dcb167443d6c15fa03ae7f6f0f644845a69cb8badb3f143fd916a70c5008c3486d1f0cc8e0527f76da5aeaca4925f6eb6861dd54e1ce8b80e6b000446d77ac8bd0299e38db3b8e4a9c43294367cd6a55351d0
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 2d8021d84f098e7abde199f818e211a4
+            Version: 3
+            TBS:
+                MD5: 8f8c7ccf1ef7e1ee347f49e8266008ca
+                SHA1: b856b993df73da9d824aa1e5161788bd10d1e10e
+                SHA256: 1dd13a417806106c76cfbcd3614fe27a0638d2aaf2731f6a110c05043e34ad91
+                SHA384: d24ede407b82f80a6f0703b59af267f227a956c21f642f4c3d717d6999728ba2acfde76966340f4334f8ecdcf294616e
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 2d8021d84f098e7abde199f818e211a4
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: c046d6f14ec39d2a0f67a417bda83c5e
+        SHA1: 74661f1063b4c80566f75a1bee22c35f7af17fa9
+        SHA256: 440eebbdc09d290724d364056ba4e2725c75759819a6df0a1ed5c876ed7d2474
+    Sections:
+        .text:
+            Entropy: 6.167627326915935
+            Virtual Size: '0x4536'
+        .rdata:
+            Entropy: 4.195082406902852
+            Virtual Size: '0x534'
+        .data:
+            Entropy: 0.378703493487675
+            Virtual Size: '0x440'
+        .pdata:
+            Entropy: 3.6289632983036624
+            Virtual Size: '0xfc'
+        INIT:
+            Entropy: 5.132100585029012
+            Virtual Size: '0x40e'
+        .rsrc:
+            Entropy: 3.394946071861716
+            Virtual Size: '0x350'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2017-04-24 05:12:14'
+    Imphash: 8f96c3ef5dda3fe697d4a4d6326dbe37
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: cpuz.sys
+    MD5: 3ab94fba7196e84a97e83b15f7bcb270
+    SHA1: bea745b598dd957924d3465ebc04c5b830d5724f
+    SHA256: 3e07bb866d329a2f9aaa4802bad04fdac9163de9bf9cfa1d035f5ca610b4b9bf
+    Authentihash:
+        MD5: 96c15399e89e9bca402ed660f90e1b98
+        SHA1: 1b4335f92c6137f56c8f98e5b79fc7af67af2a24
+        SHA256: 55a69f740a77fc07073c3d077d029dfb2dbe4b673171167e7310bd857eb55982
+    Description: CPUID Driver
+    Company: CPUID
+    InternalName: cpuz.sys
+    OriginalFilename: cpuz.sys
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Product: CPUID service
+    ProductVersion: 6.1.7600.16385
+    Copyright: Copyright(C) 2013 CPUID
+    MachineType: I386
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IofCompleteRequest
+    - ExFreePool
+    - ExAllocatePoolWithTag
+    - RtlFreeUnicodeString
+    - ObfDereferenceObject
+    - MmIsAddressValid
+    - IoGetDeviceObjectPointer
+    - MmUnmapIoSpace
+    - RtlInitAnsiString
+    - MmMapIoSpace
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - RtlUnwind
+    - KeTickCount
+    - KeBugCheckEx
+    - RtlInitUnicodeString
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - PsGetVersion
+    - KeInitializeEvent
+    - IoBuildDeviceIoControlRequest
+    - IofCallDriver
+    - KeWaitForSingleObject
+    - RtlAnsiStringToUnicodeString
+    - IoCancelIrp
+    - READ_PORT_USHORT
+    - READ_PORT_ULONG
+    - WRITE_PORT_UCHAR
+    - WRITE_PORT_USHORT
+    - WRITE_PORT_ULONG
+    - HalGetBusDataByOffset
+    - HalSetBusDataByOffset
+    - KeStallExecutionProcessor
+    - READ_PORT_UCHAR
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=CPUID
+            ValidFrom: '2012-01-06 00:00:00'
+            ValidTo: '2015-02-06 23:59:59'
+            Signature: be6fb3b3b33e9108a9a2273d1cf5eb3209a8c3a86ba7d66069393587f6b451b75b327ea15d36b1604aad5509c0ace37fa66e220b35764b9c201169677738c06802d2f798383c256c690898a663b0aeb519491057f9f24149c513abba2a4cab9934a684e5d83a34105fe6681f2b85d5ee06332d1c05c3627758442fd2fc94f5f68bb30f085cb1d31174e1461394aeef7b124291a099654d1103df3deab81e9658b5b5cc817061d688ae39e702f1d0dd420d6de931bed331960e089233b8576482e48d5b769fdfa8df02e1d098912444b324057826e1f72c26f045b2479a9b39eadfd6b2e1bd6db4057ef6b12ca385cad9a7ad82c4414e619f97dfd08a55f59053
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 53c8b54713882d4d5439511804935e
+            Version: 3
+            TBS:
+                MD5: 49e7946e133b4aaa31899adb235d3fa9
+                SHA1: f9f38ec49a6ccb990805be6dda0efa5f7fe8f7e7
+                SHA256: 1bb998a806b890e3300be35de0daa1b691fa218ef3d58ee5ec1b43fd34250a74
+                SHA384: 0a2ca21b084e3b431a7150c49819934d64a8b259d5686706d879a90cc37d32005eb2bbe07558b312b1169ab8a3e3de39
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 53c8b54713882d4d5439511804935e
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 41f15d0f328a165973b49de608ef72a2
+        SHA1: abcd9850775bd0a1a855e785a238e0e69525810f
+        SHA256: 02dc44b04a6426fcaedf26995bfa471f123a90a9c747e82cebaf95f394890631
+    Sections:
+        .text:
+            Entropy: 6.193679799265929
+            Virtual Size: '0x2860'
+        .rdata:
+            Entropy: 4.611976907005874
+            Virtual Size: '0x2c0'
+        .data:
+            Entropy: 0.335842300318532
+            Virtual Size: '0x1e0'
+        INIT:
+            Entropy: 5.42180997612463
+            Virtual Size: '0x3f4'
+        .rsrc:
+            Entropy: 3.391941258882184
+            Virtual Size: '0x350'
+        .reloc:
+            Entropy: 5.431068617797713
+            Virtual Size: '0x234'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2013-08-24 02:58:17'
+    Imphash: 958dd67f866ae27cf716e30a025b266f
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: cpuz.sys
+    MD5: e323413de3caec7f7730b43c551f26a0
+    SHA1: f3c20ce4282587c920e9ff5da2150fac7858172e
+    SHA256: 45c3d607cb57a1714c1c604a25cbadf2779f4734855d0e43aa394073b6966b26
+    Authentihash:
+        MD5: 972f2ce8097eda301f27a53fcf2b9865
+        SHA1: aba5185a6ebdb040c5e4b8b8eaa44382eb705aec
+        SHA256: 157ae92541eda2f5035435c63e1654adfa45c06e37b05cbb60d76a63daa93f04
+    Description: CPUID Driver
+    Company: CPUID
+    InternalName: cpuz.sys
+    OriginalFilename: cpuz.sys
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Product: CPUID service
+    ProductVersion: 6.1.7600.16385
+    Copyright: Copyright(C) 2014 CPUID
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - RtlAnsiStringToUnicodeString
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeInitializeEvent
+    - RtlInitAnsiString
+    - MmUnmapIoSpace
+    - IoCancelIrp
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - MmMapIoSpace
+    - ExFreePoolWithTag
+    - KeWaitForSingleObject
+    - PsGetVersion
+    - IoCreateSymbolicLink
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - DbgPrintEx
+    - IofCallDriver
+    - KeBugCheckEx
+    - IoDeleteSymbolicLink
+    - IoBuildDeviceIoControlRequest
+    - IofCompleteRequest
+    - ExAllocatePoolWithTag
+    - RtlUnwindEx
+    - HalSetBusDataByOffset
+    - KeStallExecutionProcessor
+    - HalGetBusDataByOffset
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=CPUID
+            ValidFrom: '2012-01-06 00:00:00'
+            ValidTo: '2015-02-06 23:59:59'
+            Signature: be6fb3b3b33e9108a9a2273d1cf5eb3209a8c3a86ba7d66069393587f6b451b75b327ea15d36b1604aad5509c0ace37fa66e220b35764b9c201169677738c06802d2f798383c256c690898a663b0aeb519491057f9f24149c513abba2a4cab9934a684e5d83a34105fe6681f2b85d5ee06332d1c05c3627758442fd2fc94f5f68bb30f085cb1d31174e1461394aeef7b124291a099654d1103df3deab81e9658b5b5cc817061d688ae39e702f1d0dd420d6de931bed331960e089233b8576482e48d5b769fdfa8df02e1d098912444b324057826e1f72c26f045b2479a9b39eadfd6b2e1bd6db4057ef6b12ca385cad9a7ad82c4414e619f97dfd08a55f59053
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 53c8b54713882d4d5439511804935e
+            Version: 3
+            TBS:
+                MD5: 49e7946e133b4aaa31899adb235d3fa9
+                SHA1: f9f38ec49a6ccb990805be6dda0efa5f7fe8f7e7
+                SHA256: 1bb998a806b890e3300be35de0daa1b691fa218ef3d58ee5ec1b43fd34250a74
+                SHA384: 0a2ca21b084e3b431a7150c49819934d64a8b259d5686706d879a90cc37d32005eb2bbe07558b312b1169ab8a3e3de39
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 53c8b54713882d4d5439511804935e
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: a2326d96aef2fdfe4c1d2ed909160ccc
+        SHA1: 48faced2ed09c60dd807398c1338259bddcd3c1f
+        SHA256: a125d206aeade4827dcce39aadbd8da6cad0d8ad799b46adfd7bf6bcd0acf11e
+    Sections:
+        .text:
+            Entropy: 6.223329975658994
+            Virtual Size: '0x3207'
+        .rdata:
+            Entropy: 4.1808537985567344
+            Virtual Size: '0x434'
+        .data:
+            Entropy: 0.378703493487675
+            Virtual Size: '0x2c0'
+        .pdata:
+            Entropy: 3.626263920579275
+            Virtual Size: '0xd8'
+        INIT:
+            Entropy: 5.120133577153886
+            Virtual Size: '0x41c'
+        .rsrc:
+            Entropy: 3.3971374522271924
+            Virtual Size: '0x350'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2014-10-23 09:03:05'
+    Imphash: 28c5045218461018dbde27212ab0f227
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: cpuz.sys
+    MD5: c9c25778efe890baa4087e32937016a0
+    SHA1: f4728f490d741b04b611164a7d997e34458e3a5e
+    SHA256: 49329fa09f584d1960b09c1b15df18c0bc1c4fdb90bf48b6b5703e872040b668
+    Authentihash:
+        MD5: ccc4847b99e359c72448de9f9f0981f1
+        SHA1: 9e771be7100b166ba79aeeea58aa3dee44c09d6b
+        SHA256: 6b9090296a10225be115810e29e8ada4f70e4d4a8f88b385ccd9a8a6d2eb6778
+    Description: CPUID Driver
+    Company: Windows (R) Codename Longhorn DDK provider
+    InternalName: cpuz.sys
+    OriginalFilename: cpuz.sys
+    FileVersion: '6.0.6000.16386 built by: WinDDK'
+    Product: Windows (R) Codename Longhorn DDK driver
+    ProductVersion: 6.0.6000.16386
+    Copyright: "\xA9 Microsoft Corporation. All rights reserved."
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoDeleteSymbolicLink
+    - IoCreateSymbolicLink
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - RtlAnsiStringToUnicodeString
+    - RtlFreeUnicodeString
+    - IoCreateDevice
+    - IofCallDriver
+    - IoGetDeviceObjectPointer
+    - IoBuildDeviceIoControlRequest
+    - IoDeleteDevice
+    - ProbeForWrite
+    - MmMapIoSpace
+    - KeInitializeEvent
+    - RtlInitAnsiString
+    - IofCompleteRequest
+    - KeWaitForSingleObject
+    - KeBugCheckEx
+    - MmUnmapIoSpace
+    - RtlInitUnicodeString
+    - PsGetVersion
+    - RtlUnwindEx
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=CPUID
+            ValidFrom: '2009-02-02 00:00:00'
+            ValidTo: '2012-02-07 23:59:59'
+            Signature: 9a9bbecb393272aaedfd7a125e0fe581151a18a75a4094e082a38156f62018b9d59edef27429bbea60d6e146a2ce134546d54e00b6585c1d85e3aedfb3b9a5de7728a96b2bcc26106655bae6bc5ce3a72714f9e23282a2fba29fc870b394e832f07dc50ded3a042953fe91379769e424398278b6ed14ae4f6b4cce5fa7ba20fc8d157a78fd308214d177189bcd76b2bd62a861a8c1562e2748f338f7369f0f062804685399a6655fcb4564a644e7a8bee8330557376884cce9153992e8e205bc1474dbd0109b3c87991db9bb77a9dff5775267390431ce56ff49500d8ad70be34a0d9a0b112e07eb55f0fe07de9ac93a0b30cb36029b5ec41e032daf66627d4e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
+            Version: 3
+            TBS:
+                MD5: fb72fa311261c4fb6a786e5cc7ce1d2f
+                SHA1: 1006abcf3b1eb43fd4cc42a2cc25346b3b9002c3
+                SHA256: 01beb7dc0d29b16a5506fc611b435aa0f4d9c50408ca404e91135e493a20890a
+                SHA384: 759175ad5a7509fc3ea3678d14e568abd0edeb753b53af88af04869bea98a07314b88c26de077ab3bdb6dbb1df1b93f9
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: a4919ba9bce5fa10c0659fe35e106bff
+        SHA1: c9062199c8b03518cf06dcc7212ff3c1ffbf0452
+        SHA256: f6f4beb34371f4eec6c80a94046382a70864524606df3fdcf4d08fe9ddacc1af
+    Sections:
+        .text:
+            Entropy: 6.154548729898717
+            Virtual Size: '0x1dd6'
+        .rdata:
+            Entropy: 4.332394275902173
+            Virtual Size: '0x39c'
+        .data:
+            Entropy: 0.378703493487675
+            Virtual Size: '0x2c0'
+        .pdata:
+            Entropy: 3.424516355212702
+            Virtual Size: '0x84'
+        INIT:
+            Entropy: 4.945456847123696
+            Virtual Size: '0x388'
+        .rsrc:
+            Entropy: 3.393742999677783
+            Virtual Size: '0x400'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2009-03-26 17:17:23'
+    Imphash: cb8db41ab8c06472574e58b9466f4070
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: cpuz.sys
+    MD5: 2f8653034a35526df88ea0c62b035a42
+    SHA1: 68ca9c27131aa35c7f433dc914da74f4b3d8793f
+    SHA256: 4d19ee789e101e5a76834fb411aadf8229f08b3ece671343ad57a6576a525036
+    Authentihash:
+        MD5: a5f87835956f86d2acccd4c8012a4fcd
+        SHA1: 2e37b05cd1bafe18e0a1a33560b0ec5aa99b0192
+        SHA256: e650b4e4b5a95cba582b9749cac4c40e67e854d78eb8494f46f6d11f1fcea4d6
+    Description: CPUID Driver
+    Company: Windows (R) Win 7 DDK provider
+    InternalName: cpuz.sys
+    OriginalFilename: cpuz.sys
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Product: Windows (R) Win 7 DDK driver
+    ProductVersion: 6.1.7600.16385
+    Copyright: "\xA9 Microsoft Corporation. All rights reserved."
+    MachineType: I386
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IofCompleteRequest
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - RtlFreeUnicodeString
+    - ObfDereferenceObject
+    - MmIsAddressValid
+    - IoGetDeviceObjectPointer
+    - RtlAnsiStringToUnicodeString
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - ProbeForWrite
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - RtlUnwind
+    - KeTickCount
+    - KeBugCheckEx
+    - RtlInitUnicodeString
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - PsGetVersion
+    - KeInitializeEvent
+    - IoBuildDeviceIoControlRequest
+    - IofCallDriver
+    - RtlInitAnsiString
+    - KeWaitForSingleObject
+    - READ_PORT_USHORT
+    - READ_PORT_ULONG
+    - WRITE_PORT_UCHAR
+    - WRITE_PORT_USHORT
+    - WRITE_PORT_ULONG
+    - HalGetBusDataByOffset
+    - HalSetBusDataByOffset
+    - READ_PORT_UCHAR
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=CPUID
+            ValidFrom: '2009-02-02 00:00:00'
+            ValidTo: '2012-02-07 23:59:59'
+            Signature: 9a9bbecb393272aaedfd7a125e0fe581151a18a75a4094e082a38156f62018b9d59edef27429bbea60d6e146a2ce134546d54e00b6585c1d85e3aedfb3b9a5de7728a96b2bcc26106655bae6bc5ce3a72714f9e23282a2fba29fc870b394e832f07dc50ded3a042953fe91379769e424398278b6ed14ae4f6b4cce5fa7ba20fc8d157a78fd308214d177189bcd76b2bd62a861a8c1562e2748f338f7369f0f062804685399a6655fcb4564a644e7a8bee8330557376884cce9153992e8e205bc1474dbd0109b3c87991db9bb77a9dff5775267390431ce56ff49500d8ad70be34a0d9a0b112e07eb55f0fe07de9ac93a0b30cb36029b5ec41e032daf66627d4e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
+            Version: 3
+            TBS:
+                MD5: fb72fa311261c4fb6a786e5cc7ce1d2f
+                SHA1: 1006abcf3b1eb43fd4cc42a2cc25346b3b9002c3
+                SHA256: 01beb7dc0d29b16a5506fc611b435aa0f4d9c50408ca404e91135e493a20890a
+                SHA384: 759175ad5a7509fc3ea3678d14e568abd0edeb753b53af88af04869bea98a07314b88c26de077ab3bdb6dbb1df1b93f9
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: ac22d2bffa82e1f2eeaff75340ddf502
+        SHA1: a884c8f5b8d433e30a79d959fb37fb0746ff537b
+        SHA256: 3e8f2e809174f7d618f3ce991f37c51a77d2a43db600925041b13fa3430146de
+    Sections:
+        .text:
+            Entropy: 6.237934687882857
+            Virtual Size: '0x2180'
+        .rdata:
+            Entropy: 4.44829003144624
+            Virtual Size: '0x2f4'
+        .data:
+            Entropy: 0.335842300318532
+            Virtual Size: '0x1e0'
+        INIT:
+            Entropy: 5.414827215159332
+            Virtual Size: '0x3dc'
+        .rsrc:
+            Entropy: 3.4140956924835417
+            Virtual Size: '0x3d0'
+        .reloc:
+            Entropy: 5.51200680030155
+            Virtual Size: '0x236'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2010-03-10 09:24:11'
+    Imphash: 29a1da8841f5363423dcba1a9773809a
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: cpuz.sys
+    MD5: e747f164fc89566f934f9ec5627cd8c3
+    SHA1: a958734d25865cbc6bcbc11090ab9d6b72799143
+    SHA256: 5177a3b7393fb5855b2ec0a45d4c91660b958ee077e76e5a7d0669f2e04bcf02
+    Authentihash:
+        MD5: b98238e731280f6d726e61b0016cb877
+        SHA1: 820a00a0e0fc628d06ac1f779eb9e88d613d8934
+        SHA256: b46fb3ed5a7a84ef594ab0b76f384aa2dca0614574478fb98308806612609465
+    Description: CPUID Driver
+    Company: CPUID
+    InternalName: cpuz.sys
+    OriginalFilename: cpuz.sys
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Product: CPUID service
+    ProductVersion: 6.1.7600.16385
+    Copyright: Copyright(C) 2017 CPUID
+    MachineType: IA64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - PsGetVersion
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeTickCount
+    - KeBugCheckEx
+    - IofCompleteRequest
+    - MmMapIoSpace
+    - MmUnmapIoSpace
+    - ProbeForWrite
+    - IoDeleteDevice
+    - RtlInitUnicodeString
+    - IoDeleteSymbolicLink
+    - RtlUnwindEx
+    - RtlPcToFileHeader
+    - READ_PORT_USHORT
+    - WRITE_PORT_ULONG
+    - HalGetBusDataByOffset
+    - HalSetBusDataByOffset
+    - READ_PORT_UCHAR
+    - HalCallPal
+    - WRITE_PORT_UCHAR
+    - KeStallExecutionProcessor
+    - WRITE_PORT_USHORT
+    - READ_PORT_ULONG
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, CN=CPUID
+            ValidFrom: '2014-12-02 00:00:00'
+            ValidTo: '2018-03-02 23:59:59'
+            Signature: a59808b35f916a1201f0987b958aaaf50b81f3e507cf9d1b902bc22787244617e38069e4ca74bcf505dfdfeb6bad8bee2ecba26a428c2b26c9b9987241b50ccfd895a7335b35534c5569fdef2554d773cb3b20f10e08eeff2701d2a3e8ef7c5bb759baf1995d1580dce4f0c5da90eff4f07e01e7c9273b24c14c514f2ae1d1fe940dd53bfa25572cd6f3c007c7f21aebc58ea32ca3aea83c731419c9dcc191158cbb52b0b70545a16c9b42aadd4dcb167443d6c15fa03ae7f6f0f644845a69cb8badb3f143fd916a70c5008c3486d1f0cc8e0527f76da5aeaca4925f6eb6861dd54e1ce8b80e6b000446d77ac8bd0299e38db3b8e4a9c43294367cd6a55351d0
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 2d8021d84f098e7abde199f818e211a4
+            Version: 3
+            TBS:
+                MD5: 8f8c7ccf1ef7e1ee347f49e8266008ca
+                SHA1: b856b993df73da9d824aa1e5161788bd10d1e10e
+                SHA256: 1dd13a417806106c76cfbcd3614fe27a0638d2aaf2731f6a110c05043e34ad91
+                SHA384: d24ede407b82f80a6f0703b59af267f227a956c21f642f4c3d717d6999728ba2acfde76966340f4334f8ecdcf294616e
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 2d8021d84f098e7abde199f818e211a4
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 756be87f8c768cb8bfd02af932dd7589
+        SHA1: 16c2ebba52ba9fb0ef5570c1d620daaaee63865a
+        SHA256: 48acdfbe5ad27d73c0fd9b115a49420f182d146bca52797ce33cc2a061ff0ced
+    Sections:
+        .text:
+            Entropy: 5.336714834529696
+            Virtual Size: '0x5780'
+        .rdata:
+            Entropy: 4.010151907627347
+            Virtual Size: '0x550'
+        .pdata:
+            Entropy: 3.4578065856245583
+            Virtual Size: '0xd8'
+        .sdata:
+            Entropy: 1.1203888318125959
+            Virtual Size: '0x420'
+        INIT:
+            Entropy: 5.015276332791068
+            Virtual Size: '0x3e8'
+        .rsrc:
+            Entropy: 3.388191426646717
+            Virtual Size: '0x350'
+        .reloc:
+            Entropy: 0.9012044915351938
+            Virtual Size: '0x188'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2017-03-23 05:27:23'
+    Imphash: a2d936fa82b7340d28a697fb344046d8
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: cpuz.sys
+    MD5: c08063f052308b6f5882482615387f30
+    SHA1: 252157ab2e33eed7aa112d1c93c720cadcee31ae
+    SHA256: 523d1d43e896077f32cd9acaa8e85b513bfb7b013a625e56f0d4e9675d9822ba
+    Authentihash:
+        MD5: a28d6b501a18377685e448a214f370a6
+        SHA1: 732fdb7d346543552b44e6d127fa907df7ef8d81
+        SHA256: 942a7b2ebca0edeff5803c8f899ee455c0ec279542c41d2db2664d58c1025c86
+    Description: CPUID Driver
+    Company: CPUID
+    InternalName: cpuz.sys
+    OriginalFilename: cpuz.sys
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Product: CPUID service
+    ProductVersion: 6.1.7600.16385
+    Copyright: Copyright(C) 2010 CPUID
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - RtlAnsiStringToUnicodeString
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeInitializeEvent
+    - RtlInitAnsiString
+    - MmUnmapIoSpace
+    - IoCancelIrp
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - ExFreePoolWithTag
+    - IofCompleteRequest
+    - KeWaitForSingleObject
+    - PsGetVersion
+    - IoCreateSymbolicLink
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - IofCallDriver
+    - KeBugCheckEx
+    - IoDeleteSymbolicLink
+    - IoBuildDeviceIoControlRequest
+    - MmMapIoSpace
+    - ExAllocatePoolWithTag
+    - RtlUnwindEx
+    - HalSetBusDataByOffset
+    - KeStallExecutionProcessor
+    - HalGetBusDataByOffset
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=CPUID
+            ValidFrom: '2009-02-02 00:00:00'
+            ValidTo: '2012-02-07 23:59:59'
+            Signature: 9a9bbecb393272aaedfd7a125e0fe581151a18a75a4094e082a38156f62018b9d59edef27429bbea60d6e146a2ce134546d54e00b6585c1d85e3aedfb3b9a5de7728a96b2bcc26106655bae6bc5ce3a72714f9e23282a2fba29fc870b394e832f07dc50ded3a042953fe91379769e424398278b6ed14ae4f6b4cce5fa7ba20fc8d157a78fd308214d177189bcd76b2bd62a861a8c1562e2748f338f7369f0f062804685399a6655fcb4564a644e7a8bee8330557376884cce9153992e8e205bc1474dbd0109b3c87991db9bb77a9dff5775267390431ce56ff49500d8ad70be34a0d9a0b112e07eb55f0fe07de9ac93a0b30cb36029b5ec41e032daf66627d4e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
+            Version: 3
+            TBS:
+                MD5: fb72fa311261c4fb6a786e5cc7ce1d2f
+                SHA1: 1006abcf3b1eb43fd4cc42a2cc25346b3b9002c3
+                SHA256: 01beb7dc0d29b16a5506fc611b435aa0f4d9c50408ca404e91135e493a20890a
+                SHA384: 759175ad5a7509fc3ea3678d14e568abd0edeb753b53af88af04869bea98a07314b88c26de077ab3bdb6dbb1df1b93f9
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 89dc670b5f7c06b577deeec9473dc96b
+        SHA1: af59c00ae531117ba9307257ab945cdf6c8309f6
+        SHA256: 35b9d8fc904c88f4df237edc610727f89c415e48bcf135191c43832bb2935ba6
+    Sections:
+        .text:
+            Entropy: 6.200416768922914
+            Virtual Size: '0x2586'
+        .rdata:
+            Entropy: 4.272735727458459
+            Virtual Size: '0x3e0'
+        .data:
+            Entropy: 0.378703493487675
+            Virtual Size: '0x2c0'
+        .pdata:
+            Entropy: 3.401514027013751
+            Virtual Size: '0x90'
+        INIT:
+            Entropy: 5.067835669413665
+            Virtual Size: '0x406'
+        .rsrc:
+            Entropy: 3.3943730160709853
+            Virtual Size: '0x350'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2011-09-21 02:23:41'
+    Imphash: 82942c060f79cefd3bf1acdf5c207561
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: cpuz.sys
+    MD5: 549e5148be5e7be17f9d416d8a0e333e
+    SHA1: 6d9e22a275a5477ea446e6c56ee45671fbcbb5f6
+    SHA256: 592f56b13e7dcaa285da64a0b9a48be7562bd9b0a190208b7c8b7d8de427cf6c
+    Authentihash:
+        MD5: 00556fc028ef505e2a528e054c435923
+        SHA1: f645fd2deb256b7e3b8dcb7213c4fb61f2e209ec
+        SHA256: c2159219e9986ab9e07e00a87fb83835230a2b99174e7f9b94096046c2dace55
+    Description: CPUID Driver
+    Company: Windows (R) Win 7 DDK provider
+    InternalName: cpuz.sys
+    OriginalFilename: cpuz.sys
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Product: Windows (R) Win 7 DDK driver
+    ProductVersion: 6.1.7600.16385
+    Copyright: "\xA9 Microsoft Corporation. All rights reserved."
+    MachineType: IA64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - PsGetVersion
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeTickCount
+    - KeBugCheckEx
+    - IofCompleteRequest
+    - MmMapIoSpace
+    - MmUnmapIoSpace
+    - ProbeForWrite
+    - IoDeleteDevice
+    - RtlInitUnicodeString
+    - IoDeleteSymbolicLink
+    - __C_specific_handler
+    - READ_PORT_USHORT
+    - WRITE_PORT_ULONG
+    - HalGetBusDataByOffset
+    - HalSetBusDataByOffset
+    - READ_PORT_UCHAR
+    - HalCallPal
+    - WRITE_PORT_UCHAR
+    - KeStallExecutionProcessor
+    - WRITE_PORT_USHORT
+    - READ_PORT_ULONG
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=CPUID
+            ValidFrom: '2009-02-02 00:00:00'
+            ValidTo: '2012-02-07 23:59:59'
+            Signature: 9a9bbecb393272aaedfd7a125e0fe581151a18a75a4094e082a38156f62018b9d59edef27429bbea60d6e146a2ce134546d54e00b6585c1d85e3aedfb3b9a5de7728a96b2bcc26106655bae6bc5ce3a72714f9e23282a2fba29fc870b394e832f07dc50ded3a042953fe91379769e424398278b6ed14ae4f6b4cce5fa7ba20fc8d157a78fd308214d177189bcd76b2bd62a861a8c1562e2748f338f7369f0f062804685399a6655fcb4564a644e7a8bee8330557376884cce9153992e8e205bc1474dbd0109b3c87991db9bb77a9dff5775267390431ce56ff49500d8ad70be34a0d9a0b112e07eb55f0fe07de9ac93a0b30cb36029b5ec41e032daf66627d4e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
+            Version: 3
+            TBS:
+                MD5: fb72fa311261c4fb6a786e5cc7ce1d2f
+                SHA1: 1006abcf3b1eb43fd4cc42a2cc25346b3b9002c3
+                SHA256: 01beb7dc0d29b16a5506fc611b435aa0f4d9c50408ca404e91135e493a20890a
+                SHA384: 759175ad5a7509fc3ea3678d14e568abd0edeb753b53af88af04869bea98a07314b88c26de077ab3bdb6dbb1df1b93f9
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 3e05f63a445c98b6831d9476006337f7
+        SHA1: 08c8e06efd3136ae964f86be406389c47f74e4dd
+        SHA256: e5965588f92317c7d220193aa42f12d30bae66f0008f4831568b8131edeeb70a
+    Sections:
+        .text:
+            Entropy: 5.396352784335148
+            Virtual Size: '0x3130'
+        .rdata:
+            Entropy: 4.150556480845234
+            Virtual Size: '0x348'
+        .pdata:
+            Entropy: 3.2551039363088288
+            Virtual Size: '0x84'
+        .sdata:
+            Entropy: 1.055945444608438
+            Virtual Size: '0x260'
+        INIT:
+            Entropy: 5.06628585370835
+            Virtual Size: '0x3d6'
+        .rsrc:
+            Entropy: 3.4181439310744572
+            Virtual Size: '0x3d0'
+        .reloc:
+            Entropy: 1.042907998495935
+            Virtual Size: '0x146'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2010-07-09 05:17:26'
+    Imphash: f0820e8f674e44e5c2a3f899ec561c1d
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: cpuz.sys
+    MD5: d0c2caa17c7b6d2200e1b5aa9d07135e
+    SHA1: bad84fca57ab0ef0af9230a93e0cc3d149f9ccd0
+    SHA256: 5b3705b47dc15f2b61ca3821b883b9cd114d83fcc3344d11eb1d3df495d75abe
+    Authentihash:
+        MD5: 1a595aaefa6bd782d63e97de4fcec464
+        SHA1: eae1ab9e3aac1a4de139993b7e63542befccf0df
+        SHA256: 6045d564286f00fc1efedd25ffd22ecb7eaf2b3a6c778e392319380c77e45658
+    Description: CPUID Driver
+    Company: CPUID
+    InternalName: cpuz.sys
+    OriginalFilename: cpuz.sys
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Product: CPUID service
+    ProductVersion: 6.1.7600.16385
+    Copyright: Copyright(C) 2010 CPUID
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - RtlAnsiStringToUnicodeString
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeInitializeEvent
+    - RtlInitAnsiString
+    - MmUnmapIoSpace
+    - IoCancelIrp
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - MmMapIoSpace
+    - ExFreePoolWithTag
+    - KeWaitForSingleObject
+    - PsGetVersion
+    - IoCreateSymbolicLink
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - DbgPrint
+    - IofCallDriver
+    - KeBugCheckEx
+    - IoDeleteSymbolicLink
+    - IoBuildDeviceIoControlRequest
+    - IofCompleteRequest
+    - ExAllocatePoolWithTag
+    - RtlUnwindEx
+    - HalSetBusDataByOffset
+    - KeStallExecutionProcessor
+    - HalGetBusDataByOffset
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G3
+            ValidFrom: '2012-05-01 00:00:00'
+            ValidTo: '2012-12-31 23:59:59'
+            Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
+            Version: 3
+            TBS:
+                MD5: e6d820afb23af20a65cf0b03247ea05e
+                SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
+                SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
+                SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=CPUID
+            ValidFrom: '2012-01-06 00:00:00'
+            ValidTo: '2015-02-06 23:59:59'
+            Signature: be6fb3b3b33e9108a9a2273d1cf5eb3209a8c3a86ba7d66069393587f6b451b75b327ea15d36b1604aad5509c0ace37fa66e220b35764b9c201169677738c06802d2f798383c256c690898a663b0aeb519491057f9f24149c513abba2a4cab9934a684e5d83a34105fe6681f2b85d5ee06332d1c05c3627758442fd2fc94f5f68bb30f085cb1d31174e1461394aeef7b124291a099654d1103df3deab81e9658b5b5cc817061d688ae39e702f1d0dd420d6de931bed331960e089233b8576482e48d5b769fdfa8df02e1d098912444b324057826e1f72c26f045b2479a9b39eadfd6b2e1bd6db4057ef6b12ca385cad9a7ad82c4414e619f97dfd08a55f59053
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 53c8b54713882d4d5439511804935e
+            Version: 3
+            TBS:
+                MD5: 49e7946e133b4aaa31899adb235d3fa9
+                SHA1: f9f38ec49a6ccb990805be6dda0efa5f7fe8f7e7
+                SHA256: 1bb998a806b890e3300be35de0daa1b691fa218ef3d58ee5ec1b43fd34250a74
+                SHA384: 0a2ca21b084e3b431a7150c49819934d64a8b259d5686706d879a90cc37d32005eb2bbe07558b312b1169ab8a3e3de39
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 53c8b54713882d4d5439511804935e
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: dd4b3ae5449a7da46b90bead31c1bab6
+        SHA1: 76abd50622838fcbb459166b2b42850bc5cfd18b
+        SHA256: 3bb0708613c56dbb77df753872797d73065432ac7c2ea3cde2569173972c7dac
+    Sections:
+        .text:
+            Entropy: 6.2041710477554854
+            Virtual Size: '0x2616'
+        .rdata:
+            Entropy: 4.177976296652285
+            Virtual Size: '0x3ec'
+        .data:
+            Entropy: 0.378703493487675
+            Virtual Size: '0x2c0'
+        .pdata:
+            Entropy: 3.499086286863614
+            Virtual Size: '0xc0'
+        INIT:
+            Entropy: 5.052256723807581
+            Virtual Size: '0x41a'
+        .rsrc:
+            Entropy: 3.3943730160709853
+            Virtual Size: '0x350'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2012-08-11 01:48:20'
+    Imphash: 2561727ac42d399030b3c46477c428f4
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: cpuz.sys
+    MD5: f310b453ac562f2c53d30aa6e35506bb
+    SHA1: eb44a05f8bba3d15e38454bd92999a856e6574eb
+    SHA256: 600a2119657973112025db3c0eeab2e69d528bccfeed75f40c6ef50b059ec8a0
+    Authentihash:
+        MD5: 423e8ee5a464bc64032924ee428b40af
+        SHA1: 37552fe06a39175032793e6317d124008a892f18
+        SHA256: abf635a246752555868f203a565ead519c9ada06ea007545a47bf352678c342a
+    Description: CPUID Driver
+    Company: CPUID
+    InternalName: cpuz.sys
+    OriginalFilename: cpuz.sys
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Product: CPUID service
+    ProductVersion: 6.1.7600.16385
+    Copyright: Copyright(C) 2014 CPUID
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - RtlAnsiStringToUnicodeString
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeInitializeEvent
+    - RtlInitAnsiString
+    - MmUnmapIoSpace
+    - IoCancelIrp
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - ExFreePoolWithTag
+    - IofCompleteRequest
+    - KeWaitForSingleObject
+    - PsGetVersion
+    - IoCreateSymbolicLink
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - IofCallDriver
+    - KeBugCheckEx
+    - IoDeleteSymbolicLink
+    - IoBuildDeviceIoControlRequest
+    - MmMapIoSpace
+    - ExAllocatePoolWithTag
+    - RtlUnwindEx
+    - HalSetBusDataByOffset
+    - KeStallExecutionProcessor
+    - HalGetBusDataByOffset
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, CN=CPUID
+            ValidFrom: '2014-12-02 00:00:00'
+            ValidTo: '2018-03-02 23:59:59'
+            Signature: a59808b35f916a1201f0987b958aaaf50b81f3e507cf9d1b902bc22787244617e38069e4ca74bcf505dfdfeb6bad8bee2ecba26a428c2b26c9b9987241b50ccfd895a7335b35534c5569fdef2554d773cb3b20f10e08eeff2701d2a3e8ef7c5bb759baf1995d1580dce4f0c5da90eff4f07e01e7c9273b24c14c514f2ae1d1fe940dd53bfa25572cd6f3c007c7f21aebc58ea32ca3aea83c731419c9dcc191158cbb52b0b70545a16c9b42aadd4dcb167443d6c15fa03ae7f6f0f644845a69cb8badb3f143fd916a70c5008c3486d1f0cc8e0527f76da5aeaca4925f6eb6861dd54e1ce8b80e6b000446d77ac8bd0299e38db3b8e4a9c43294367cd6a55351d0
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 2d8021d84f098e7abde199f818e211a4
+            Version: 3
+            TBS:
+                MD5: 8f8c7ccf1ef7e1ee347f49e8266008ca
+                SHA1: b856b993df73da9d824aa1e5161788bd10d1e10e
+                SHA256: 1dd13a417806106c76cfbcd3614fe27a0638d2aaf2731f6a110c05043e34ad91
+                SHA384: d24ede407b82f80a6f0703b59af267f227a956c21f642f4c3d717d6999728ba2acfde76966340f4334f8ecdcf294616e
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 2d8021d84f098e7abde199f818e211a4
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: b3dcf662ce69ad7b34717fb6aecf09a7
+        SHA1: 63be2c28ecee71a739bfbaf38466362e998bc5bc
+        SHA256: f4257b7e95b00b38e446b2708cc342fe32846266064b94c78ec1f987731c2226
+    Sections:
+        .text:
+            Entropy: 6.187068215362904
+            Virtual Size: '0x30c6'
+        .rdata:
+            Entropy: 4.212054484888266
+            Virtual Size: '0x424'
+        .data:
+            Entropy: 0.378703493487675
+            Virtual Size: '0x2c0'
+        .pdata:
+            Entropy: 3.5511621274596537
+            Virtual Size: '0xd8'
+        INIT:
+            Entropy: 5.131854482283732
+            Virtual Size: '0x3ea'
+        .rsrc:
+            Entropy: 3.3971374522271924
+            Virtual Size: '0x350'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2015-10-21 03:22:27'
+    Imphash: f12ae9073d95c22ed89247253d59f500
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: cpuz.sys
+    MD5: aa69b4255e786d968adbd75ba5cf3e93
+    SHA1: af5f642b105d86f82ba6d5e7a55d6404bfb50875
+    SHA256: 60b163776e7b95e0c2280d04476304d0c943b484909131f340e3ce6045a49289
+    Authentihash:
+        MD5: 2d28bedef20cc63f0ae1b726a5cb34e0
+        SHA1: 92524be5b5320c3e08d880ecbcd36a9c8037a921
+        SHA256: 47c9323ae818bd2a3b55fc04abd984bd940cd4e27b6d4af311edcb66988ce941
+    Description: CPUID Driver
+    Company: Windows (R) Win 7 DDK provider
+    InternalName: cpuz.sys
+    OriginalFilename: cpuz.sys
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Product: Windows (R) Win 7 DDK driver
+    ProductVersion: 6.1.7600.16385
+    Copyright: "\xA9 Microsoft Corporation. All rights reserved."
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - ExFreePoolWithTag
+    - RtlAnsiStringToUnicodeString
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - ProbeForWrite
+    - KeInitializeEvent
+    - RtlInitAnsiString
+    - MmUnmapIoSpace
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - IoDeleteSymbolicLink
+    - IofCompleteRequest
+    - KeWaitForSingleObject
+    - PsGetVersion
+    - IoCreateSymbolicLink
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - IofCallDriver
+    - KeBugCheckEx
+    - IoBuildDeviceIoControlRequest
+    - MmMapIoSpace
+    - ExAllocatePoolWithTag
+    - RtlUnwindEx
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=CPUID
+            ValidFrom: '2009-02-02 00:00:00'
+            ValidTo: '2012-02-07 23:59:59'
+            Signature: 9a9bbecb393272aaedfd7a125e0fe581151a18a75a4094e082a38156f62018b9d59edef27429bbea60d6e146a2ce134546d54e00b6585c1d85e3aedfb3b9a5de7728a96b2bcc26106655bae6bc5ce3a72714f9e23282a2fba29fc870b394e832f07dc50ded3a042953fe91379769e424398278b6ed14ae4f6b4cce5fa7ba20fc8d157a78fd308214d177189bcd76b2bd62a861a8c1562e2748f338f7369f0f062804685399a6655fcb4564a644e7a8bee8330557376884cce9153992e8e205bc1474dbd0109b3c87991db9bb77a9dff5775267390431ce56ff49500d8ad70be34a0d9a0b112e07eb55f0fe07de9ac93a0b30cb36029b5ec41e032daf66627d4e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
+            Version: 3
+            TBS:
+                MD5: fb72fa311261c4fb6a786e5cc7ce1d2f
+                SHA1: 1006abcf3b1eb43fd4cc42a2cc25346b3b9002c3
+                SHA256: 01beb7dc0d29b16a5506fc611b435aa0f4d9c50408ca404e91135e493a20890a
+                SHA384: 759175ad5a7509fc3ea3678d14e568abd0edeb753b53af88af04869bea98a07314b88c26de077ab3bdb6dbb1df1b93f9
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: a38f27f93ae0a47de0beccf18bdd9f0d
+        SHA1: cd1a8f9d3317d025efd043e634381412d74f38d3
+        SHA256: f570747684874e6d241bec749b182ef1902d578127bf1087132383695896986e
+    Sections:
+        .text:
+            Entropy: 6.169826234776459
+            Virtual Size: '0x2176'
+        .rdata:
+            Entropy: 4.207878001994479
+            Virtual Size: '0x3cc'
+        .data:
+            Entropy: 0.378703493487675
+            Virtual Size: '0x2c0'
+        .pdata:
+            Entropy: 3.4966307212281404
+            Virtual Size: '0xc0'
+        INIT:
+            Entropy: 5.089554733637361
+            Virtual Size: '0x3e4'
+        .rsrc:
+            Entropy: 3.4155760648585995
+            Virtual Size: '0x3d0'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2010-03-16 05:00:47'
+    Imphash: af34db96db910a3fa7a56f2fac8ed5e1
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: cpuz.sys
+    MD5: 3411fdf098aa20193eee5ffa36ba43b2
+    SHA1: ad05bff5fe45df9e08252717fc2bc2af57bf026f
+    SHA256: 67734c7c0130dd66c964f76965f09a2290da4b14c94412c0056046e700654bdc
+    Authentihash:
+        MD5: 41fd82e071d4afdfd8a895d0ab4fb568
+        SHA1: b72edd113acbd4bb98374b80c1d238eb1e348f15
+        SHA256: 3b2a3b74127c7ecf095e0fe5a65af31b9701d2ba6dc2a4d87882de65d84842c0
+    Description: CPUID Driver
+    Company: CPUID
+    InternalName: cpuz.sys
+    OriginalFilename: cpuz.sys
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Product: CPUID service
+    ProductVersion: 6.1.7600.16385
+    Copyright: Copyright(C) 2010 CPUID
+    MachineType: I386
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IofCompleteRequest
+    - ExFreePool
+    - ExAllocatePoolWithTag
+    - RtlFreeUnicodeString
+    - ObfDereferenceObject
+    - MmIsAddressValid
+    - IoGetDeviceObjectPointer
+    - MmUnmapIoSpace
+    - RtlInitAnsiString
+    - MmMapIoSpace
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeTickCount
+    - KeBugCheckEx
+    - RtlInitUnicodeString
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - PsGetVersion
+    - KeInitializeEvent
+    - IoBuildDeviceIoControlRequest
+    - IofCallDriver
+    - KeWaitForSingleObject
+    - RtlAnsiStringToUnicodeString
+    - IoCancelIrp
+    - RtlUnwind
+    - READ_PORT_USHORT
+    - READ_PORT_ULONG
+    - WRITE_PORT_UCHAR
+    - WRITE_PORT_USHORT
+    - WRITE_PORT_ULONG
+    - HalGetBusDataByOffset
+    - HalSetBusDataByOffset
+    - KeStallExecutionProcessor
+    - READ_PORT_UCHAR
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=CPUID
+            ValidFrom: '2009-02-02 00:00:00'
+            ValidTo: '2012-02-07 23:59:59'
+            Signature: 9a9bbecb393272aaedfd7a125e0fe581151a18a75a4094e082a38156f62018b9d59edef27429bbea60d6e146a2ce134546d54e00b6585c1d85e3aedfb3b9a5de7728a96b2bcc26106655bae6bc5ce3a72714f9e23282a2fba29fc870b394e832f07dc50ded3a042953fe91379769e424398278b6ed14ae4f6b4cce5fa7ba20fc8d157a78fd308214d177189bcd76b2bd62a861a8c1562e2748f338f7369f0f062804685399a6655fcb4564a644e7a8bee8330557376884cce9153992e8e205bc1474dbd0109b3c87991db9bb77a9dff5775267390431ce56ff49500d8ad70be34a0d9a0b112e07eb55f0fe07de9ac93a0b30cb36029b5ec41e032daf66627d4e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
+            Version: 3
+            TBS:
+                MD5: fb72fa311261c4fb6a786e5cc7ce1d2f
+                SHA1: 1006abcf3b1eb43fd4cc42a2cc25346b3b9002c3
+                SHA256: 01beb7dc0d29b16a5506fc611b435aa0f4d9c50408ca404e91135e493a20890a
+                SHA384: 759175ad5a7509fc3ea3678d14e568abd0edeb753b53af88af04869bea98a07314b88c26de077ab3bdb6dbb1df1b93f9
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 4ba73072bea66755a70f3a8c99951424
+        SHA1: d9ce039d736544c2d9b7fe44460d8e006a5c62f0
+        SHA256: 3b45bc2da9543317e7a22486f86a3f8c0eb289596d1d7661b47e35e99058861f
+    Sections:
+        .text:
+            Entropy: 6.1851356647481595
+            Virtual Size: '0x2600'
+        .rdata:
+            Entropy: 4.469676429308113
+            Virtual Size: '0x2f8'
+        .data:
+            Entropy: 0.22396935932252834
+            Virtual Size: '0x1c0'
+        INIT:
+            Entropy: 5.358436362596031
+            Virtual Size: '0x3f4'
+        .rsrc:
+            Entropy: 3.3927376128305218
+            Virtual Size: '0x350'
+        .reloc:
+            Entropy: 5.38153465292173
+            Virtual Size: '0x244'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2011-09-21 02:24:20'
+    Imphash: 5716c52252afe18d09f6c1bc6e5ef3ef
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: cpuz.sys
+    MD5: f60a9b88c6ff07d4990d8653d0025683
+    SHA1: 0cc60a56e245e70f664906b7b67dfe1b4a08a5b7
+    SHA256: 6befa481e8cca8084d9ec3a1925782cd3c28ef7a3e4384e034d48deaabb96b63
+    Authentihash:
+        MD5: a3d5faa9e1a6f47f8e0a23ef837afe38
+        SHA1: bb21b535fa0adaef1a9a29759e0d2b2a5faf1965
+        SHA256: 5e9099b95b2074fecc6efa6d59552651b1e082aaa3612889f417064d378a797f
+    Description: CPUID Driver
+    Company: CPUID
+    InternalName: cpuz.sys
+    OriginalFilename: cpuz.sys
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Product: CPUID service
+    ProductVersion: 6.1.7600.16385
+    Copyright: Copyright(C) 2014 CPUID
+    MachineType: IA64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - PsGetVersion
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeTickCount
+    - KeBugCheckEx
+    - IofCompleteRequest
+    - MmMapIoSpace
+    - MmUnmapIoSpace
+    - ProbeForWrite
+    - IoDeleteDevice
+    - RtlInitUnicodeString
+    - IoDeleteSymbolicLink
+    - RtlUnwindEx
+    - RtlPcToFileHeader
+    - READ_PORT_USHORT
+    - WRITE_PORT_ULONG
+    - HalGetBusDataByOffset
+    - HalSetBusDataByOffset
+    - READ_PORT_UCHAR
+    - HalCallPal
+    - WRITE_PORT_UCHAR
+    - KeStallExecutionProcessor
+    - WRITE_PORT_USHORT
+    - READ_PORT_ULONG
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=CPUID
+            ValidFrom: '2012-01-06 00:00:00'
+            ValidTo: '2015-02-06 23:59:59'
+            Signature: be6fb3b3b33e9108a9a2273d1cf5eb3209a8c3a86ba7d66069393587f6b451b75b327ea15d36b1604aad5509c0ace37fa66e220b35764b9c201169677738c06802d2f798383c256c690898a663b0aeb519491057f9f24149c513abba2a4cab9934a684e5d83a34105fe6681f2b85d5ee06332d1c05c3627758442fd2fc94f5f68bb30f085cb1d31174e1461394aeef7b124291a099654d1103df3deab81e9658b5b5cc817061d688ae39e702f1d0dd420d6de931bed331960e089233b8576482e48d5b769fdfa8df02e1d098912444b324057826e1f72c26f045b2479a9b39eadfd6b2e1bd6db4057ef6b12ca385cad9a7ad82c4414e619f97dfd08a55f59053
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 53c8b54713882d4d5439511804935e
+            Version: 3
+            TBS:
+                MD5: 49e7946e133b4aaa31899adb235d3fa9
+                SHA1: f9f38ec49a6ccb990805be6dda0efa5f7fe8f7e7
+                SHA256: 1bb998a806b890e3300be35de0daa1b691fa218ef3d58ee5ec1b43fd34250a74
+                SHA384: 0a2ca21b084e3b431a7150c49819934d64a8b259d5686706d879a90cc37d32005eb2bbe07558b312b1169ab8a3e3de39
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 53c8b54713882d4d5439511804935e
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: d6643b31d447dc612fb7920d936baf5a
+        SHA1: 0d2acfebbfb9a35446bb9ff7b915c8ff514fd7dc
+        SHA256: 98f7bc08e99aa659bfb0295c09adf8ccfdb7f7ad8cc065cfb4f0732585c1855c
+    Sections:
+        .text:
+            Entropy: 5.3484809966574
+            Virtual Size: '0x3b60'
+        .rdata:
+            Entropy: 4.154715674967178
+            Virtual Size: '0x3d8'
+        .pdata:
+            Entropy: 3.4060649759113413
+            Virtual Size: '0xb4'
+        .sdata:
+            Entropy: 1.1203888318125959
+            Virtual Size: '0x2a0'
+        INIT:
+            Entropy: 5.0324391219722715
+            Virtual Size: '0x3e8'
+        .rsrc:
+            Entropy: 3.3971374522271924
+            Virtual Size: '0x350'
+        .reloc:
+            Entropy: 0.9557665440658051
+            Virtual Size: '0x168'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2014-02-17 07:22:11'
+    Imphash: a2d936fa82b7340d28a697fb344046d8
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: cpuz.sys
+    MD5: c046ca4da48db1524ddf3a49a8d02b65
+    SHA1: 5635bb2478929010693bc3b23f8b7fe5fdbc3aed
+    SHA256: 771015b2620942919bb2e0683476635b7a09db55216d6fbf03534cb18513b20c
+    Authentihash:
+        MD5: 49da5e87cba74d3bd91bd589e49b0d1a
+        SHA1: e79179e0a586067e9d9654c2a8dfd45963ddcac3
+        SHA256: 36729c2c714e05ebf9bc7262bc7f0d5d25d9dc9c8e0c4fdce27143bbdd9d9aa7
+    Description: CPUID Driver
+    Company: CPUID
+    InternalName: cpuz.sys
+    OriginalFilename: cpuz.sys
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Product: CPUID service
+    ProductVersion: 6.1.7600.16385
+    Copyright: Copyright(C) 2015 CPUID
+    MachineType: IA64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - PsGetVersion
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeTickCount
+    - KeBugCheckEx
+    - IofCompleteRequest
+    - MmMapIoSpace
+    - MmUnmapIoSpace
+    - ProbeForWrite
+    - IoDeleteDevice
+    - RtlInitUnicodeString
+    - IoDeleteSymbolicLink
+    - __C_specific_handler
+    - READ_PORT_USHORT
+    - WRITE_PORT_ULONG
+    - HalGetBusDataByOffset
+    - HalSetBusDataByOffset
+    - READ_PORT_UCHAR
+    - HalCallPal
+    - WRITE_PORT_UCHAR
+    - KeStallExecutionProcessor
+    - WRITE_PORT_USHORT
+    - READ_PORT_ULONG
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, CN=CPUID
+            ValidFrom: '2014-12-02 00:00:00'
+            ValidTo: '2018-03-02 23:59:59'
+            Signature: a59808b35f916a1201f0987b958aaaf50b81f3e507cf9d1b902bc22787244617e38069e4ca74bcf505dfdfeb6bad8bee2ecba26a428c2b26c9b9987241b50ccfd895a7335b35534c5569fdef2554d773cb3b20f10e08eeff2701d2a3e8ef7c5bb759baf1995d1580dce4f0c5da90eff4f07e01e7c9273b24c14c514f2ae1d1fe940dd53bfa25572cd6f3c007c7f21aebc58ea32ca3aea83c731419c9dcc191158cbb52b0b70545a16c9b42aadd4dcb167443d6c15fa03ae7f6f0f644845a69cb8badb3f143fd916a70c5008c3486d1f0cc8e0527f76da5aeaca4925f6eb6861dd54e1ce8b80e6b000446d77ac8bd0299e38db3b8e4a9c43294367cd6a55351d0
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 2d8021d84f098e7abde199f818e211a4
+            Version: 3
+            TBS:
+                MD5: 8f8c7ccf1ef7e1ee347f49e8266008ca
+                SHA1: b856b993df73da9d824aa1e5161788bd10d1e10e
+                SHA256: 1dd13a417806106c76cfbcd3614fe27a0638d2aaf2731f6a110c05043e34ad91
+                SHA384: d24ede407b82f80a6f0703b59af267f227a956c21f642f4c3d717d6999728ba2acfde76966340f4334f8ecdcf294616e
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 2d8021d84f098e7abde199f818e211a4
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 8ea619be06260d53ffafd0dc9b610cb0
+        SHA1: c796bfcf888f2b8841388524d2117d3bb17c0e8c
+        SHA256: 0140c43b66ca9c67a08bcb7eaddab10203a2c2b75bd411d5eecf8d0d78dce9c6
+    Sections:
+        .text:
+            Entropy: 5.372120601484934
+            Virtual Size: '0x3850'
+        .rdata:
+            Entropy: 4.096307336199365
+            Virtual Size: '0x3a0'
+        .pdata:
+            Entropy: 3.3485198020390934
+            Virtual Size: '0x9c'
+        .sdata:
+            Entropy: 1.055945444608438
+            Virtual Size: '0x260'
+        INIT:
+            Entropy: 5.065598292840257
+            Virtual Size: '0x3d6'
+        .rsrc:
+            Entropy: 3.3958173868041217
+            Virtual Size: '0x350'
+        .reloc:
+            Entropy: 1.0164053768066021
+            Virtual Size: '0x14e'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2015-11-18 02:17:31'
+    Imphash: f0820e8f674e44e5c2a3f899ec561c1d
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: cpuz.sys
+    MD5: 0283b43c6bc965175a1c92b255d39556
+    SHA1: 8325e8d7fd2edc126dcf1089dee8da64e79fb12e
+    SHA256: 80eeb8c2890f3535ed14f5881baf2f2226e6763be099d09fb8aadaba5b4474c1
+    Authentihash:
+        MD5: b978a03408c0e9ea44ffdeecc35ab83e
+        SHA1: fed654a9c5f2bf2a1ad9a2e94da162633fb468c5
+        SHA256: 72f9cb24cfa641876f34967b96244259f95987ef24d1d729c0e483b3eb9a2740
+    Description: CPUID Driver
+    Company: CPUID
+    InternalName: cpuz.sys
+    OriginalFilename: cpuz.sys
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Product: CPUID service
+    ProductVersion: 6.1.7600.16385
+    Copyright: Copyright(C) 2010 CPUID
+    MachineType: I386
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IofCompleteRequest
+    - ExFreePool
+    - ExAllocatePoolWithTag
+    - RtlFreeUnicodeString
+    - ObfDereferenceObject
+    - MmIsAddressValid
+    - IoGetDeviceObjectPointer
+    - MmUnmapIoSpace
+    - RtlInitAnsiString
+    - MmMapIoSpace
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - RtlUnwind
+    - KeTickCount
+    - KeBugCheckEx
+    - RtlInitUnicodeString
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - PsGetVersion
+    - KeInitializeEvent
+    - IoBuildDeviceIoControlRequest
+    - IofCallDriver
+    - KeWaitForSingleObject
+    - RtlAnsiStringToUnicodeString
+    - IoCancelIrp
+    - READ_PORT_USHORT
+    - READ_PORT_ULONG
+    - WRITE_PORT_UCHAR
+    - WRITE_PORT_USHORT
+    - WRITE_PORT_ULONG
+    - HalGetBusDataByOffset
+    - HalSetBusDataByOffset
+    - KeStallExecutionProcessor
+    - READ_PORT_UCHAR
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=CPUID
+            ValidFrom: '2012-01-06 00:00:00'
+            ValidTo: '2015-02-06 23:59:59'
+            Signature: be6fb3b3b33e9108a9a2273d1cf5eb3209a8c3a86ba7d66069393587f6b451b75b327ea15d36b1604aad5509c0ace37fa66e220b35764b9c201169677738c06802d2f798383c256c690898a663b0aeb519491057f9f24149c513abba2a4cab9934a684e5d83a34105fe6681f2b85d5ee06332d1c05c3627758442fd2fc94f5f68bb30f085cb1d31174e1461394aeef7b124291a099654d1103df3deab81e9658b5b5cc817061d688ae39e702f1d0dd420d6de931bed331960e089233b8576482e48d5b769fdfa8df02e1d098912444b324057826e1f72c26f045b2479a9b39eadfd6b2e1bd6db4057ef6b12ca385cad9a7ad82c4414e619f97dfd08a55f59053
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 53c8b54713882d4d5439511804935e
+            Version: 3
+            TBS:
+                MD5: 49e7946e133b4aaa31899adb235d3fa9
+                SHA1: f9f38ec49a6ccb990805be6dda0efa5f7fe8f7e7
+                SHA256: 1bb998a806b890e3300be35de0daa1b691fa218ef3d58ee5ec1b43fd34250a74
+                SHA384: 0a2ca21b084e3b431a7150c49819934d64a8b259d5686706d879a90cc37d32005eb2bbe07558b312b1169ab8a3e3de39
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 53c8b54713882d4d5439511804935e
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 41f15d0f328a165973b49de608ef72a2
+        SHA1: abcd9850775bd0a1a855e785a238e0e69525810f
+        SHA256: 02dc44b04a6426fcaedf26995bfa471f123a90a9c747e82cebaf95f394890631
+    Sections:
+        .text:
+            Entropy: 6.217479588256463
+            Virtual Size: '0x2750'
+        .rdata:
+            Entropy: 4.550469836478717
+            Virtual Size: '0x2f0'
+        .data:
+            Entropy: 0.335842300318532
+            Virtual Size: '0x1e0'
+        INIT:
+            Entropy: 5.41983369153965
+            Virtual Size: '0x3f4'
+        .rsrc:
+            Entropy: 3.3927376128305218
+            Virtual Size: '0x350'
+        .reloc:
+            Entropy: 5.5051908528223255
+            Virtual Size: '0x254'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2012-02-07 08:44:19'
+    Imphash: 958dd67f866ae27cf716e30a025b266f
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: cpuz.sys
+    MD5: 4a85754636c694572ca9f440d254f5ce
+    SHA1: dd55015f5406f0051853fd7cca3ab0406b5a2d52
+    SHA256: 8688e43d94b41eeca2ed458b8fc0d02f74696a918e375ecd3842d8627e7a8f2b
+    Authentihash:
+        MD5: 3a19663e83c3569a86812ef915de52bc
+        SHA1: cd9a022e078eaa2364155e00942edbecb85619b0
+        SHA256: 8d3ed9427dcc4f79be3585d41ab9c0bb447d6a0258dd919c4d49e02dedbaa47b
+    Description: CPUID Driver
+    Company: Windows (R) Win 7 DDK provider
+    InternalName: cpuz.sys
+    OriginalFilename: cpuz.sys
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Product: Windows (R) Win 7 DDK driver
+    ProductVersion: 6.1.7600.16385
+    Copyright: "\xA9 Microsoft Corporation. All rights reserved."
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - RtlAnsiStringToUnicodeString
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeInitializeEvent
+    - RtlInitAnsiString
+    - MmUnmapIoSpace
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - MmMapIoSpace
+    - ExFreePoolWithTag
+    - KeWaitForSingleObject
+    - PsGetVersion
+    - IoCreateSymbolicLink
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - IofCallDriver
+    - KeBugCheckEx
+    - IoDeleteSymbolicLink
+    - IoBuildDeviceIoControlRequest
+    - IofCompleteRequest
+    - ExAllocatePoolWithTag
+    - RtlUnwindEx
+    - HalSetBusDataByOffset
+    - KeStallExecutionProcessor
+    - HalGetBusDataByOffset
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=CPUID
+            ValidFrom: '2009-02-02 00:00:00'
+            ValidTo: '2012-02-07 23:59:59'
+            Signature: 9a9bbecb393272aaedfd7a125e0fe581151a18a75a4094e082a38156f62018b9d59edef27429bbea60d6e146a2ce134546d54e00b6585c1d85e3aedfb3b9a5de7728a96b2bcc26106655bae6bc5ce3a72714f9e23282a2fba29fc870b394e832f07dc50ded3a042953fe91379769e424398278b6ed14ae4f6b4cce5fa7ba20fc8d157a78fd308214d177189bcd76b2bd62a861a8c1562e2748f338f7369f0f062804685399a6655fcb4564a644e7a8bee8330557376884cce9153992e8e205bc1474dbd0109b3c87991db9bb77a9dff5775267390431ce56ff49500d8ad70be34a0d9a0b112e07eb55f0fe07de9ac93a0b30cb36029b5ec41e032daf66627d4e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
+            Version: 3
+            TBS:
+                MD5: fb72fa311261c4fb6a786e5cc7ce1d2f
+                SHA1: 1006abcf3b1eb43fd4cc42a2cc25346b3b9002c3
+                SHA256: 01beb7dc0d29b16a5506fc611b435aa0f4d9c50408ca404e91135e493a20890a
+                SHA384: 759175ad5a7509fc3ea3678d14e568abd0edeb753b53af88af04869bea98a07314b88c26de077ab3bdb6dbb1df1b93f9
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 93394769f926489de472acbbd72c3d8b
+        SHA1: 6e6c943f13b82d4d46331de813914d4db63771f7
+        SHA256: 53362bef3277e59f67ebc5a085f1cbe60e5c9aef1a18a2ac391b2f4954fa9649
+    Sections:
+        .text:
+            Entropy: 6.206552850925677
+            Virtual Size: '0x21a6'
+        .rdata:
+            Entropy: 4.27776755944508
+            Virtual Size: '0x3c0'
+        .data:
+            Entropy: 0.378703493487675
+            Virtual Size: '0x2c0'
+        .pdata:
+            Entropy: 3.401674357474197
+            Virtual Size: '0x90'
+        INIT:
+            Entropy: 5.076342695575086
+            Virtual Size: '0x3f0'
+        .rsrc:
+            Entropy: 3.4148190207283133
+            Virtual Size: '0x3d0'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2010-06-04 07:51:45'
+    Imphash: 68062e8b9d3c1e6cc62a9cae16a12b81
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: cpuz.sys
+    MD5: 8741e6df191c805028b92cec44b1ba88
+    SHA1: ba0938512d7abab23a72279b914d0ea0fb46e498
+    SHA256: 8cf0cbbdc43f9b977f0fb79e0a0dd0e1adabe08a67d0f40d727c717c747de775
+    Authentihash:
+        MD5: a67c91579145d058cf7cd3f8f60bf613
+        SHA1: cb981516b9979025669c080a74c9308dca04963a
+        SHA256: 02fcbc5372c9bf31903376bde11d558ab7c7f13bde005120e24bdb1aef5d0134
+    Description: CPUID Driver
+    Company: CPUID
+    InternalName: cpuz.sys
+    OriginalFilename: cpuz.sys
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Product: CPUID service
+    ProductVersion: 6.1.7600.16385
+    Copyright: Copyright(C) 2014 CPUID
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - RtlAnsiStringToUnicodeString
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeInitializeEvent
+    - RtlInitAnsiString
+    - MmUnmapIoSpace
+    - IoCancelIrp
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - ExFreePoolWithTag
+    - IofCompleteRequest
+    - KeWaitForSingleObject
+    - PsGetVersion
+    - IoCreateSymbolicLink
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - IofCallDriver
+    - KeBugCheckEx
+    - IoDeleteSymbolicLink
+    - IoBuildDeviceIoControlRequest
+    - MmMapIoSpace
+    - ExAllocatePoolWithTag
+    - RtlUnwindEx
+    - HalSetBusDataByOffset
+    - KeStallExecutionProcessor
+    - HalGetBusDataByOffset
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, CN=CPUID
+            ValidFrom: '2014-12-02 00:00:00'
+            ValidTo: '2018-03-02 23:59:59'
+            Signature: a59808b35f916a1201f0987b958aaaf50b81f3e507cf9d1b902bc22787244617e38069e4ca74bcf505dfdfeb6bad8bee2ecba26a428c2b26c9b9987241b50ccfd895a7335b35534c5569fdef2554d773cb3b20f10e08eeff2701d2a3e8ef7c5bb759baf1995d1580dce4f0c5da90eff4f07e01e7c9273b24c14c514f2ae1d1fe940dd53bfa25572cd6f3c007c7f21aebc58ea32ca3aea83c731419c9dcc191158cbb52b0b70545a16c9b42aadd4dcb167443d6c15fa03ae7f6f0f644845a69cb8badb3f143fd916a70c5008c3486d1f0cc8e0527f76da5aeaca4925f6eb6861dd54e1ce8b80e6b000446d77ac8bd0299e38db3b8e4a9c43294367cd6a55351d0
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 2d8021d84f098e7abde199f818e211a4
+            Version: 3
+            TBS:
+                MD5: 8f8c7ccf1ef7e1ee347f49e8266008ca
+                SHA1: b856b993df73da9d824aa1e5161788bd10d1e10e
+                SHA256: 1dd13a417806106c76cfbcd3614fe27a0638d2aaf2731f6a110c05043e34ad91
+                SHA384: d24ede407b82f80a6f0703b59af267f227a956c21f642f4c3d717d6999728ba2acfde76966340f4334f8ecdcf294616e
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 2d8021d84f098e7abde199f818e211a4
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: b3dcf662ce69ad7b34717fb6aecf09a7
+        SHA1: 63be2c28ecee71a739bfbaf38466362e998bc5bc
+        SHA256: f4257b7e95b00b38e446b2708cc342fe32846266064b94c78ec1f987731c2226
+    Sections:
+        .text:
+            Entropy: 6.187068215362904
+            Virtual Size: '0x30c6'
+        .rdata:
+            Entropy: 4.226233458071221
+            Virtual Size: '0x424'
+        .data:
+            Entropy: 0.378703493487675
+            Virtual Size: '0x2c0'
+        .pdata:
+            Entropy: 3.5511621274596537
+            Virtual Size: '0xd8'
+        INIT:
+            Entropy: 5.131854482283732
+            Virtual Size: '0x3ea'
+        .rsrc:
+            Entropy: 3.3971374522271924
+            Virtual Size: '0x350'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2015-02-26 00:04:34'
+    Imphash: f12ae9073d95c22ed89247253d59f500
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: cpuz.sys
+    MD5: bf581e9eb91bace0b02a2c5a54bf1419
+    SHA1: 13df48ab4cd412651b2604829ce9b61d39a791bb
+    SHA256: 8d57e416ea4bb855b78a2ff3c80de1dfbb5dc5ee9bfbdddb23e46bd8619287e2
+    Authentihash:
+        MD5: b2c31454c057d73fb6d240356a32f8f1
+        SHA1: f965db8fa1ef4ce0a738aad55d82c0cf63a47915
+        SHA256: 16398965e9cea179b2e5ca884e3af032dece08d4ef33bdd83234ee441d71a5fa
+    Description: CPUID Driver
+    Company: CPUID
+    InternalName: cpuz.sys
+    OriginalFilename: cpuz.sys
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Product: CPUID service
+    ProductVersion: 6.1.7600.16385
+    Copyright: Copyright(C) 2015 CPUID
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - RtlAnsiStringToUnicodeString
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeInitializeEvent
+    - RtlInitAnsiString
+    - MmUnmapIoSpace
+    - IoCancelIrp
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - ExFreePoolWithTag
+    - IofCompleteRequest
+    - KeWaitForSingleObject
+    - PsGetVersion
+    - IoCreateSymbolicLink
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - IofCallDriver
+    - KeBugCheckEx
+    - IoDeleteSymbolicLink
+    - IoBuildDeviceIoControlRequest
+    - MmMapIoSpace
+    - ExAllocatePoolWithTag
+    - RtlUnwindEx
+    - HalSetBusDataByOffset
+    - KeStallExecutionProcessor
+    - HalGetBusDataByOffset
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, CN=CPUID
+            ValidFrom: '2014-12-02 00:00:00'
+            ValidTo: '2018-03-02 23:59:59'
+            Signature: a59808b35f916a1201f0987b958aaaf50b81f3e507cf9d1b902bc22787244617e38069e4ca74bcf505dfdfeb6bad8bee2ecba26a428c2b26c9b9987241b50ccfd895a7335b35534c5569fdef2554d773cb3b20f10e08eeff2701d2a3e8ef7c5bb759baf1995d1580dce4f0c5da90eff4f07e01e7c9273b24c14c514f2ae1d1fe940dd53bfa25572cd6f3c007c7f21aebc58ea32ca3aea83c731419c9dcc191158cbb52b0b70545a16c9b42aadd4dcb167443d6c15fa03ae7f6f0f644845a69cb8badb3f143fd916a70c5008c3486d1f0cc8e0527f76da5aeaca4925f6eb6861dd54e1ce8b80e6b000446d77ac8bd0299e38db3b8e4a9c43294367cd6a55351d0
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 2d8021d84f098e7abde199f818e211a4
+            Version: 3
+            TBS:
+                MD5: 8f8c7ccf1ef7e1ee347f49e8266008ca
+                SHA1: b856b993df73da9d824aa1e5161788bd10d1e10e
+                SHA256: 1dd13a417806106c76cfbcd3614fe27a0638d2aaf2731f6a110c05043e34ad91
+                SHA384: d24ede407b82f80a6f0703b59af267f227a956c21f642f4c3d717d6999728ba2acfde76966340f4334f8ecdcf294616e
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 2d8021d84f098e7abde199f818e211a4
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: b3dcf662ce69ad7b34717fb6aecf09a7
+        SHA1: 63be2c28ecee71a739bfbaf38466362e998bc5bc
+        SHA256: f4257b7e95b00b38e446b2708cc342fe32846266064b94c78ec1f987731c2226
+    Sections:
+        .text:
+            Entropy: 6.188258985068624
+            Virtual Size: '0x30c6'
+        .rdata:
+            Entropy: 4.223852822083244
+            Virtual Size: '0x424'
+        .data:
+            Entropy: 0.378703493487675
+            Virtual Size: '0x2c0'
+        .pdata:
+            Entropy: 3.5511621274596537
+            Virtual Size: '0xd8'
+        INIT:
+            Entropy: 5.131854482283732
+            Virtual Size: '0x3ea'
+        .rsrc:
+            Entropy: 3.3958173868041217
+            Virtual Size: '0x350'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2016-01-27 02:18:15'
+    Imphash: f12ae9073d95c22ed89247253d59f500
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: cpuz.sys
+    MD5: 94ccef76fda12ab0b8270f9b2980552b
+    SHA1: e4cbb48aa1aff6cf4ea94ef3b7afb6c245ac47e8
+    SHA256: 8e5aef7c66c0e92dfc037ee29ade1c8484b8d7fadebdcf521d2763b1d8215126
+    Authentihash:
+        MD5: ac9131c2fc8e77ef414ad451d35e4d1e
+        SHA1: 7b63ad1179825964aae9d1486fefed1b8f26a8a8
+        SHA256: 1a8a5aebf83d1fa6daf74e48fc600e22b8fdceafb5dd7c7e14db2aa2a28e8c24
+    Description: CPUID Driver
+    Company: Windows (R) Codename Longhorn DDK provider
+    InternalName: cpuz.sys
+    OriginalFilename: cpuz.sys
+    FileVersion: '6.0.6000.16386 built by: WinDDK'
+    Product: Windows (R) Codename Longhorn DDK driver
+    ProductVersion: 6.0.6000.16386
+    Copyright: "\xA9 Microsoft Corporation. All rights reserved."
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - KeWaitForSingleObject
+    - PsGetVersion
+    - MmUnmapIoSpace
+    - IoBuildDeviceIoControlRequest
+    - IoCreateSymbolicLink
+    - IoDeleteSymbolicLink
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - IofCompleteRequest
+    - RtlFreeUnicodeString
+    - RtlAnsiStringToUnicodeString
+    - IofCallDriver
+    - IoGetDeviceObjectPointer
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - MmMapIoSpace
+    - KeBugCheckEx
+    - RtlInitAnsiString
+    - IoCreateDevice
+    - KeInitializeEvent
+    - RtlUnwindEx
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=CPUID
+            ValidFrom: '2007-02-08 00:00:00'
+            ValidTo: '2009-02-07 23:59:59'
+            Signature: 6ca08361ce69863ade5289039d2e6eaf79729d950a57fc32158e56bc0bfc05ca3b76263b8e8a5e2279522eceed35495c697a2f1b1631e1a4f997c8b2e14cd08a3b4aaeca9f150126f5933e6a29fde1e3ef607f452219582ac034c3f95023fd6c5474008ecea3aab5ba096ae73a3dd76b296d3c8b06a72ca763698e49474d624c22ad57a3d11342be8a6d2a49e4af5893003fcf02900a0fbf4854858cc0468d23b9917cfe59ac8b7058de49ab25bbca0bc67f1f367309deed4827295173fad53932d12ad79b8c70175e640f7917fd60940be86d1af397dd5eb0ecb9e92f9e3dc03f2cbf51e9776b31a8cba38fabd8b27e561f66a5ddad46546d6bc984a6a8d8bc
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 10e29d74903d9c7cd58caa35a0944770
+            Version: 3
+            TBS:
+                MD5: 5e3b5587eb8c553dc279bb241c30689d
+                SHA1: 5b5631ff0033ed753a5c630a4d8d48772050db32
+                SHA256: 9b30d9d9f9fd9c0480c0503dd4ac86649d2cc180d1401ade6dd8048356d7f634
+                SHA384: 1886034ac8dc819ed45b8b48b0225cdb142d53d61bda992ee7e4923276c3c36dffbb0f8d929e1ad20c3437709df2399a
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 10e29d74903d9c7cd58caa35a0944770
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 59cd82b693e20fe9af1be9ea12f739b9
+        SHA1: 1842433338394740479c35b690fc50c41d9f6efa
+        SHA256: fa2e40c67651befa71893d8a672a90a1f996057b6f5c15d2304bbfe120cf9115
+    Sections:
+        .text:
+            Entropy: 6.050801271329098
+            Virtual Size: '0x1596'
+        .rdata:
+            Entropy: 4.266884457332851
+            Virtual Size: '0x304'
+        .data:
+            Entropy: 0.6099523004172788
+            Virtual Size: '0x124'
+        .pdata:
+            Entropy: 3.2933218797117716
+            Virtual Size: '0x6c'
+        INIT:
+            Entropy: 4.943162739985603
+            Virtual Size: '0x370'
+        .rsrc:
+            Entropy: 3.3933870153256342
+            Virtual Size: '0x400'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2008-01-25 04:39:05'
+    Imphash: aa54fa0523f677e56d6d8199e5e18732
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: cpuz.sys
+    MD5: 9b157f1261a8a42e4ef5ec23dd4cda9e
+    SHA1: 99bd8c1f5eeedd9f6a9252df5dbd0e42ef5999a4
+    SHA256: 900dd68ccc72d73774a347b3290c4b6153ae496a81de722ebb043e2e99496f88
+    Authentihash:
+        MD5: 99cba45243e4a9e5999224b5719ccc2d
+        SHA1: 43ffee630881d6ae82640c59c674e9ee57cb5eac
+        SHA256: 94f39e23194d01698b2d8e7bb1c212bf192e81df59766d4adf5f7e33bbe13181
+    Description: CPUID Driver
+    Company: CPUID
+    InternalName: cpuz.sys
+    OriginalFilename: cpuz.sys
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Product: CPUID service
+    ProductVersion: 6.1.7600.16385
+    Copyright: Copyright(C) 2015 CPUID
+    MachineType: I386
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IofCompleteRequest
+    - ExFreePool
+    - ExAllocatePoolWithTag
+    - RtlFreeUnicodeString
+    - ObfDereferenceObject
+    - IoGetDeviceObjectPointer
+    - RtlAnsiStringToUnicodeString
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - RtlUnwind
+    - KeTickCount
+    - KeBugCheckEx
+    - RtlInitUnicodeString
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - PsGetVersion
+    - KeInitializeEvent
+    - IoBuildDeviceIoControlRequest
+    - IofCallDriver
+    - KeWaitForSingleObject
+    - RtlInitAnsiString
+    - IoCancelIrp
+    - READ_PORT_USHORT
+    - READ_PORT_ULONG
+    - WRITE_PORT_UCHAR
+    - WRITE_PORT_USHORT
+    - WRITE_PORT_ULONG
+    - KeStallExecutionProcessor
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    - READ_PORT_UCHAR
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, CN=CPUID
+            ValidFrom: '2014-12-02 00:00:00'
+            ValidTo: '2018-03-02 23:59:59'
+            Signature: a59808b35f916a1201f0987b958aaaf50b81f3e507cf9d1b902bc22787244617e38069e4ca74bcf505dfdfeb6bad8bee2ecba26a428c2b26c9b9987241b50ccfd895a7335b35534c5569fdef2554d773cb3b20f10e08eeff2701d2a3e8ef7c5bb759baf1995d1580dce4f0c5da90eff4f07e01e7c9273b24c14c514f2ae1d1fe940dd53bfa25572cd6f3c007c7f21aebc58ea32ca3aea83c731419c9dcc191158cbb52b0b70545a16c9b42aadd4dcb167443d6c15fa03ae7f6f0f644845a69cb8badb3f143fd916a70c5008c3486d1f0cc8e0527f76da5aeaca4925f6eb6861dd54e1ce8b80e6b000446d77ac8bd0299e38db3b8e4a9c43294367cd6a55351d0
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 2d8021d84f098e7abde199f818e211a4
+            Version: 3
+            TBS:
+                MD5: 8f8c7ccf1ef7e1ee347f49e8266008ca
+                SHA1: b856b993df73da9d824aa1e5161788bd10d1e10e
+                SHA256: 1dd13a417806106c76cfbcd3614fe27a0638d2aaf2731f6a110c05043e34ad91
+                SHA384: d24ede407b82f80a6f0703b59af267f227a956c21f642f4c3d717d6999728ba2acfde76966340f4334f8ecdcf294616e
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 2d8021d84f098e7abde199f818e211a4
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 151279b238de6194a32d8ca426ceaeee
+        SHA1: 7836f9fa452c5a538aed446df8439f2f49cc74aa
+        SHA256: 1319e59df060332195af6318ab22fe3f5018b1498211216a28a48f73980ab3b0
+    Sections:
+        .text:
+            Entropy: 6.229266851006058
+            Virtual Size: '0x3260'
+        .rdata:
+            Entropy: 4.675179768119331
+            Virtual Size: '0x2f4'
+        .data:
+            Entropy: 0.335842300318532
+            Virtual Size: '0x1e0'
+        INIT:
+            Entropy: 5.428373271150746
+            Virtual Size: '0x3dc'
+        .rsrc:
+            Entropy: 3.3925686987119477
+            Virtual Size: '0x350'
+        .reloc:
+            Entropy: 5.597642275362914
+            Virtual Size: '0x27c'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2015-11-18 02:14:04'
+    Imphash: 643f4d79f35dddc9bb5cc04a0f0c18d3
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: cpuz.sys
+    MD5: 5212e0957468d3f94d90fa7a0f06b58f
+    SHA1: ad1616ea6dc17c91d983e829aa8a6706e81a3d27
+    SHA256: 955dac77a0148e9f9ed744f5d341cb9c9118261e52fe622ac6213965f2bc4cad
+    Authentihash:
+        MD5: 9b4bb5dc9df3edd0d7d859629c80c2dc
+        SHA1: 706789b1bf76e4d337957a36d60b96b7743f9f62
+        SHA256: eb6807c46e2d4808f07cca9242e7a59393fdab6ccf4da1aec124ef2a34398d43
+    Description: CPUID Driver
+    Company: CPUID
+    InternalName: cpuz.sys
+    OriginalFilename: cpuz.sys
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Product: CPUID service
+    ProductVersion: 6.1.7600.16385
+    Copyright: Copyright(C) 2014 CPUID
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - RtlAnsiStringToUnicodeString
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeInitializeEvent
+    - RtlInitAnsiString
+    - MmUnmapIoSpace
+    - IoCancelIrp
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - ExFreePoolWithTag
+    - IofCompleteRequest
+    - KeWaitForSingleObject
+    - PsGetVersion
+    - IoCreateSymbolicLink
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - IofCallDriver
+    - KeBugCheckEx
+    - IoDeleteSymbolicLink
+    - IoBuildDeviceIoControlRequest
+    - MmMapIoSpace
+    - ExAllocatePoolWithTag
+    - RtlUnwindEx
+    - HalSetBusDataByOffset
+    - KeStallExecutionProcessor
+    - HalGetBusDataByOffset
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=CPUID
+            ValidFrom: '2012-01-06 00:00:00'
+            ValidTo: '2015-02-06 23:59:59'
+            Signature: be6fb3b3b33e9108a9a2273d1cf5eb3209a8c3a86ba7d66069393587f6b451b75b327ea15d36b1604aad5509c0ace37fa66e220b35764b9c201169677738c06802d2f798383c256c690898a663b0aeb519491057f9f24149c513abba2a4cab9934a684e5d83a34105fe6681f2b85d5ee06332d1c05c3627758442fd2fc94f5f68bb30f085cb1d31174e1461394aeef7b124291a099654d1103df3deab81e9658b5b5cc817061d688ae39e702f1d0dd420d6de931bed331960e089233b8576482e48d5b769fdfa8df02e1d098912444b324057826e1f72c26f045b2479a9b39eadfd6b2e1bd6db4057ef6b12ca385cad9a7ad82c4414e619f97dfd08a55f59053
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 53c8b54713882d4d5439511804935e
+            Version: 3
+            TBS:
+                MD5: 49e7946e133b4aaa31899adb235d3fa9
+                SHA1: f9f38ec49a6ccb990805be6dda0efa5f7fe8f7e7
+                SHA256: 1bb998a806b890e3300be35de0daa1b691fa218ef3d58ee5ec1b43fd34250a74
+                SHA384: 0a2ca21b084e3b431a7150c49819934d64a8b259d5686706d879a90cc37d32005eb2bbe07558b312b1169ab8a3e3de39
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 53c8b54713882d4d5439511804935e
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 685a19a8e9f46a76067db83da501dca0
+        SHA1: 5f76e4cf5157450837536db016e9981cb41394d2
+        SHA256: 1a0c69ff029488d41c7d9413943c28d389016adb26698d9baf02c6f32739d591
+    Sections:
+        .text:
+            Entropy: 6.201540970632788
+            Virtual Size: '0x2c56'
+        .rdata:
+            Entropy: 4.139510166690065
+            Virtual Size: '0x424'
+        .data:
+            Entropy: 0.378703493487675
+            Virtual Size: '0x2c0'
+        .pdata:
+            Entropy: 3.603856484265247
+            Virtual Size: '0xc0'
+        INIT:
+            Entropy: 5.076575853289
+            Virtual Size: '0x406'
+        .rsrc:
+            Entropy: 3.3938887641350184
+            Virtual Size: '0x350'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2014-02-17 07:22:16'
+    Imphash: 82942c060f79cefd3bf1acdf5c207561
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: cpuz.sys
+    MD5: 56b54823a79a53747cbe11f8c4db7b1e
+    SHA1: 1d9fd846e12104ae31fd6f6040b93fc689abf047
+    SHA256: 9a523854fe84f15efc1635d7f5d3e71812c45d6a4d2c99c29fdc4b4d9c84954c
+    Authentihash:
+        MD5: c8b8d6e4b9b4f42714f3abfb66880ccf
+        SHA1: 5848f7c4dadcb1ea16f4d9e533a84a6d6f522f8b
+        SHA256: 057e45b47fe0ca96fe3741058bc4365c9a866dff925cab8cfea4c161b990e8e2
+    Description: CPUID Driver
+    Company: CPUID
+    InternalName: cpuz.sys
+    OriginalFilename: cpuz.sys
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Product: CPUID service
+    ProductVersion: 6.1.7600.16385
+    Copyright: Copyright(C) 2010 CPUID
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - RtlAnsiStringToUnicodeString
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeInitializeEvent
+    - RtlInitAnsiString
+    - MmUnmapIoSpace
+    - IoCancelIrp
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - MmMapIoSpace
+    - ExFreePoolWithTag
+    - KeWaitForSingleObject
+    - PsGetVersion
+    - IoCreateSymbolicLink
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - DbgPrint
+    - IofCallDriver
+    - KeBugCheckEx
+    - IoDeleteSymbolicLink
+    - IoBuildDeviceIoControlRequest
+    - IofCompleteRequest
+    - ExAllocatePoolWithTag
+    - RtlUnwindEx
+    - HalSetBusDataByOffset
+    - KeStallExecutionProcessor
+    - HalGetBusDataByOffset
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G3
+            ValidFrom: '2012-05-01 00:00:00'
+            ValidTo: '2012-12-31 23:59:59'
+            Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
+            Version: 3
+            TBS:
+                MD5: e6d820afb23af20a65cf0b03247ea05e
+                SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
+                SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
+                SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=CPUID
+            ValidFrom: '2012-01-06 00:00:00'
+            ValidTo: '2015-02-06 23:59:59'
+            Signature: be6fb3b3b33e9108a9a2273d1cf5eb3209a8c3a86ba7d66069393587f6b451b75b327ea15d36b1604aad5509c0ace37fa66e220b35764b9c201169677738c06802d2f798383c256c690898a663b0aeb519491057f9f24149c513abba2a4cab9934a684e5d83a34105fe6681f2b85d5ee06332d1c05c3627758442fd2fc94f5f68bb30f085cb1d31174e1461394aeef7b124291a099654d1103df3deab81e9658b5b5cc817061d688ae39e702f1d0dd420d6de931bed331960e089233b8576482e48d5b769fdfa8df02e1d098912444b324057826e1f72c26f045b2479a9b39eadfd6b2e1bd6db4057ef6b12ca385cad9a7ad82c4414e619f97dfd08a55f59053
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 53c8b54713882d4d5439511804935e
+            Version: 3
+            TBS:
+                MD5: 49e7946e133b4aaa31899adb235d3fa9
+                SHA1: f9f38ec49a6ccb990805be6dda0efa5f7fe8f7e7
+                SHA256: 1bb998a806b890e3300be35de0daa1b691fa218ef3d58ee5ec1b43fd34250a74
+                SHA384: 0a2ca21b084e3b431a7150c49819934d64a8b259d5686706d879a90cc37d32005eb2bbe07558b312b1169ab8a3e3de39
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 53c8b54713882d4d5439511804935e
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: dd4b3ae5449a7da46b90bead31c1bab6
+        SHA1: 76abd50622838fcbb459166b2b42850bc5cfd18b
+        SHA256: 3bb0708613c56dbb77df753872797d73065432ac7c2ea3cde2569173972c7dac
+    Sections:
+        .text:
+            Entropy: 6.203757143489118
+            Virtual Size: '0x2616'
+        .rdata:
+            Entropy: 4.1950691845593875
+            Virtual Size: '0x3ec'
+        .data:
+            Entropy: 0.378703493487675
+            Virtual Size: '0x2c0'
+        .pdata:
+            Entropy: 3.499086286863614
+            Virtual Size: '0xc0'
+        INIT:
+            Entropy: 5.052256723807581
+            Virtual Size: '0x41a'
+        .rsrc:
+            Entropy: 3.3943730160709853
+            Virtual Size: '0x350'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2012-05-23 08:53:22'
+    Imphash: 2561727ac42d399030b3c46477c428f4
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: cpuz.sys
+    MD5: 29872c7376c42e2a64fa838dad98aa11
+    SHA1: 8ec28d7da81cf202f03761842738d740c0bb2fed
+    SHA256: a072197177aad26c31960694e38e2cae85afbab070929e67e331b99d3a418cf4
+    Authentihash:
+        MD5: 3c2269699f0187275c2b144f9b60d5e6
+        SHA1: 69aabc267344bd9f98bd2fddc7213de735ba79d7
+        SHA256: 2fb8f2a0a32f2e73921a16a7836ff14122da45582aae742e6afd4d7ca15b3da3
+    Description: CPUID Driver
+    Company: CPUID
+    InternalName: cpuz.sys
+    OriginalFilename: cpuz.sys
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Product: CPUID service
+    ProductVersion: 6.1.7600.16385
+    Copyright: Copyright(C) 2016 CPUID
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - RtlAnsiStringToUnicodeString
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeInitializeEvent
+    - RtlInitAnsiString
+    - MmUnmapIoSpace
+    - IoCancelIrp
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - ExFreePoolWithTag
+    - IofCompleteRequest
+    - KeWaitForSingleObject
+    - PsGetVersion
+    - IoCreateSymbolicLink
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - IofCallDriver
+    - KeBugCheckEx
+    - IoDeleteSymbolicLink
+    - IoBuildDeviceIoControlRequest
+    - MmMapIoSpace
+    - ExAllocatePoolWithTag
+    - RtlUnwindEx
+    - HalSetBusDataByOffset
+    - KeStallExecutionProcessor
+    - HalGetBusDataByOffset
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, CN=CPUID
+            ValidFrom: '2014-12-02 00:00:00'
+            ValidTo: '2018-03-02 23:59:59'
+            Signature: a59808b35f916a1201f0987b958aaaf50b81f3e507cf9d1b902bc22787244617e38069e4ca74bcf505dfdfeb6bad8bee2ecba26a428c2b26c9b9987241b50ccfd895a7335b35534c5569fdef2554d773cb3b20f10e08eeff2701d2a3e8ef7c5bb759baf1995d1580dce4f0c5da90eff4f07e01e7c9273b24c14c514f2ae1d1fe940dd53bfa25572cd6f3c007c7f21aebc58ea32ca3aea83c731419c9dcc191158cbb52b0b70545a16c9b42aadd4dcb167443d6c15fa03ae7f6f0f644845a69cb8badb3f143fd916a70c5008c3486d1f0cc8e0527f76da5aeaca4925f6eb6861dd54e1ce8b80e6b000446d77ac8bd0299e38db3b8e4a9c43294367cd6a55351d0
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 2d8021d84f098e7abde199f818e211a4
+            Version: 3
+            TBS:
+                MD5: 8f8c7ccf1ef7e1ee347f49e8266008ca
+                SHA1: b856b993df73da9d824aa1e5161788bd10d1e10e
+                SHA256: 1dd13a417806106c76cfbcd3614fe27a0638d2aaf2731f6a110c05043e34ad91
+                SHA384: d24ede407b82f80a6f0703b59af267f227a956c21f642f4c3d717d6999728ba2acfde76966340f4334f8ecdcf294616e
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 2d8021d84f098e7abde199f818e211a4
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: b3dcf662ce69ad7b34717fb6aecf09a7
+        SHA1: 63be2c28ecee71a739bfbaf38466362e998bc5bc
+        SHA256: f4257b7e95b00b38e446b2708cc342fe32846266064b94c78ec1f987731c2226
+    Sections:
+        .text:
+            Entropy: 6.219876754346496
+            Virtual Size: '0x3366'
+        .rdata:
+            Entropy: 4.23881802889425
+            Virtual Size: '0x424'
+        .data:
+            Entropy: 0.378703493487675
+            Virtual Size: '0x440'
+        .pdata:
+            Entropy: 3.638628882332417
+            Virtual Size: '0xf0'
+        INIT:
+            Entropy: 5.131854482283732
+            Virtual Size: '0x3ea'
+        .rsrc:
+            Entropy: 3.38341382722288
+            Virtual Size: '0x350'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2016-08-14 13:15:42'
+    Imphash: f12ae9073d95c22ed89247253d59f500
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: cpuz.sys
+    MD5: 557fd33ee99db6fe263cfcb82b7866b3
+    SHA1: 0a6e0f9f3d7179a99345d40e409895c12919195b
+    SHA256: aebcbfca180e372a048b682a4859fd520c98b5b63f6e3a627c626cb35adc0399
+    Authentihash:
+        MD5: b8844b695f5170c70ac66f95324f836a
+        SHA1: 195024cc4a4adea16e6c2df8f2f8489a28f36beb
+        SHA256: 66cc007348a41fb33fab59f5ea265006534ba82db4eb7327039cbe2b4ce7e077
+    Description: CPUID Driver
+    Company: CPUID
+    InternalName: cpuz.sys
+    OriginalFilename: cpuz.sys
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Product: CPUID service
+    ProductVersion: 6.1.7600.16385
+    Copyright: Copyright(C) 2012 CPUID
+    MachineType: IA64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - PsGetVersion
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeTickCount
+    - KeBugCheckEx
+    - IofCompleteRequest
+    - MmMapIoSpace
+    - MmUnmapIoSpace
+    - ProbeForWrite
+    - IoDeleteDevice
+    - RtlInitUnicodeString
+    - IoDeleteSymbolicLink
+    - RtlUnwindEx
+    - RtlPcToFileHeader
+    - READ_PORT_USHORT
+    - WRITE_PORT_ULONG
+    - HalGetBusDataByOffset
+    - HalSetBusDataByOffset
+    - READ_PORT_UCHAR
+    - HalCallPal
+    - WRITE_PORT_UCHAR
+    - KeStallExecutionProcessor
+    - WRITE_PORT_USHORT
+    - READ_PORT_ULONG
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G3
+            ValidFrom: '2012-05-01 00:00:00'
+            ValidTo: '2012-12-31 23:59:59'
+            Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
+            Version: 3
+            TBS:
+                MD5: e6d820afb23af20a65cf0b03247ea05e
+                SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
+                SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
+                SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=CPUID
+            ValidFrom: '2012-01-06 00:00:00'
+            ValidTo: '2015-02-06 23:59:59'
+            Signature: be6fb3b3b33e9108a9a2273d1cf5eb3209a8c3a86ba7d66069393587f6b451b75b327ea15d36b1604aad5509c0ace37fa66e220b35764b9c201169677738c06802d2f798383c256c690898a663b0aeb519491057f9f24149c513abba2a4cab9934a684e5d83a34105fe6681f2b85d5ee06332d1c05c3627758442fd2fc94f5f68bb30f085cb1d31174e1461394aeef7b124291a099654d1103df3deab81e9658b5b5cc817061d688ae39e702f1d0dd420d6de931bed331960e089233b8576482e48d5b769fdfa8df02e1d098912444b324057826e1f72c26f045b2479a9b39eadfd6b2e1bd6db4057ef6b12ca385cad9a7ad82c4414e619f97dfd08a55f59053
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 53c8b54713882d4d5439511804935e
+            Version: 3
+            TBS:
+                MD5: 49e7946e133b4aaa31899adb235d3fa9
+                SHA1: f9f38ec49a6ccb990805be6dda0efa5f7fe8f7e7
+                SHA256: 1bb998a806b890e3300be35de0daa1b691fa218ef3d58ee5ec1b43fd34250a74
+                SHA384: 0a2ca21b084e3b431a7150c49819934d64a8b259d5686706d879a90cc37d32005eb2bbe07558b312b1169ab8a3e3de39
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 53c8b54713882d4d5439511804935e
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: d6643b31d447dc612fb7920d936baf5a
+        SHA1: 0d2acfebbfb9a35446bb9ff7b915c8ff514fd7dc
+        SHA256: 98f7bc08e99aa659bfb0295c09adf8ccfdb7f7ad8cc065cfb4f0732585c1855c
+    Sections:
+        .text:
+            Entropy: 5.406032855001113
+            Virtual Size: '0x39c0'
+        .rdata:
+            Entropy: 4.152970301277938
+            Virtual Size: '0x3d8'
+        .pdata:
+            Entropy: 3.3263502634141657
+            Virtual Size: '0xb4'
+        .sdata:
+            Entropy: 1.1203888318125959
+            Virtual Size: '0x2a0'
+        INIT:
+            Entropy: 5.0324391219722715
+            Virtual Size: '0x3e8'
+        .rsrc:
+            Entropy: 3.3968253502148213
+            Virtual Size: '0x350'
+        .reloc:
+            Entropy: 0.9613220996213607
+            Virtual Size: '0x168'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2012-10-06 05:54:39'
+    Imphash: a2d936fa82b7340d28a697fb344046d8
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: cpuz.sys
+    MD5: c516acb873c7f8c24a0431df8287756e
+    SHA1: f6f7b5776001149496092a95fb10218dea5d6a6b
+    SHA256: bac709c49ddee363c8e59e515f2f632324a0359e932b7d8cb1ce2d52a95981aa
+    Authentihash:
+        MD5: a14a1ba39405f52d67d289b65f0c7eb9
+        SHA1: 11172e3f08444d643f277be83aaabe9f2aea74ca
+        SHA256: 3ce4a30668938fb7785c9958772e3c171af320ecfea8fc298160e80fbf80fb73
+    Description: CPUID Driver
+    Company: CPUID
+    InternalName: cpuz.sys
+    OriginalFilename: cpuz.sys
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Product: CPUID service
+    ProductVersion: 6.1.7600.16385
+    Copyright: Copyright(C) 2017 CPUID
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeInitializeEvent
+    - RtlInitAnsiString
+    - MmUnmapIoSpace
+    - IoCancelIrp
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - RtlAnsiStringToUnicodeString
+    - IofCompleteRequest
+    - KeWaitForSingleObject
+    - PsGetVersion
+    - IoCreateSymbolicLink
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - IofCallDriver
+    - KeBugCheckEx
+    - ExFreePoolWithTag
+    - IoDeleteSymbolicLink
+    - IoBuildDeviceIoControlRequest
+    - MmMapIoSpace
+    - ExAllocatePoolWithTag
+    - RtlUnwindEx
+    - HalGetBusDataByOffset
+    - HalSetBusDataByOffset
+    - KeStallExecutionProcessor
+    - KeQueryPerformanceCounter
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, CN=CPUID
+            ValidFrom: '2014-12-02 00:00:00'
+            ValidTo: '2018-03-02 23:59:59'
+            Signature: a59808b35f916a1201f0987b958aaaf50b81f3e507cf9d1b902bc22787244617e38069e4ca74bcf505dfdfeb6bad8bee2ecba26a428c2b26c9b9987241b50ccfd895a7335b35534c5569fdef2554d773cb3b20f10e08eeff2701d2a3e8ef7c5bb759baf1995d1580dce4f0c5da90eff4f07e01e7c9273b24c14c514f2ae1d1fe940dd53bfa25572cd6f3c007c7f21aebc58ea32ca3aea83c731419c9dcc191158cbb52b0b70545a16c9b42aadd4dcb167443d6c15fa03ae7f6f0f644845a69cb8badb3f143fd916a70c5008c3486d1f0cc8e0527f76da5aeaca4925f6eb6861dd54e1ce8b80e6b000446d77ac8bd0299e38db3b8e4a9c43294367cd6a55351d0
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 2d8021d84f098e7abde199f818e211a4
+            Version: 3
+            TBS:
+                MD5: 8f8c7ccf1ef7e1ee347f49e8266008ca
+                SHA1: b856b993df73da9d824aa1e5161788bd10d1e10e
+                SHA256: 1dd13a417806106c76cfbcd3614fe27a0638d2aaf2731f6a110c05043e34ad91
+                SHA384: d24ede407b82f80a6f0703b59af267f227a956c21f642f4c3d717d6999728ba2acfde76966340f4334f8ecdcf294616e
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 2d8021d84f098e7abde199f818e211a4
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: c046d6f14ec39d2a0f67a417bda83c5e
+        SHA1: 74661f1063b4c80566f75a1bee22c35f7af17fa9
+        SHA256: 440eebbdc09d290724d364056ba4e2725c75759819a6df0a1ed5c876ed7d2474
+    Sections:
+        .text:
+            Entropy: 6.170317476121287
+            Virtual Size: '0x4536'
+        .rdata:
+            Entropy: 4.190423561703195
+            Virtual Size: '0x534'
+        .data:
+            Entropy: 0.378703493487675
+            Virtual Size: '0x440'
+        .pdata:
+            Entropy: 3.6289632983036624
+            Virtual Size: '0xfc'
+        INIT:
+            Entropy: 5.132100585029012
+            Virtual Size: '0x40e'
+        .rsrc:
+            Entropy: 3.394946071861716
+            Virtual Size: '0x350'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2017-03-23 05:26:40'
+    Imphash: 8f96c3ef5dda3fe697d4a4d6326dbe37
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: cpuz.sys
+    MD5: 641243746597fbd650e5000d95811ea3
+    SHA1: da42cefde56d673850f5ef69e7934d39a6de3025
+    SHA256: c3e150eb7e7292f70299d3054ed429156a4c32b1f7466a706a2b99249022979e
+    Authentihash:
+        MD5: 560b782df855c5ea30b76ee4a9930d28
+        SHA1: 6423659ab76fad7627fd7fb16f05a40b8df8da4d
+        SHA256: 62daa7ab93684d935cdada8af43cba552d7692cb992411d27ba1ee50a9fb1883
+    Description: CPUID Driver
+    Company: Windows (R) Win 7 DDK provider
+    InternalName: cpuz.sys
+    OriginalFilename: cpuz.sys
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Product: Windows (R) Win 7 DDK driver
+    ProductVersion: 6.1.7600.16385
+    Copyright: "\xA9 Microsoft Corporation. All rights reserved."
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - RtlAnsiStringToUnicodeString
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - ProbeForWrite
+    - KeInitializeEvent
+    - RtlInitAnsiString
+    - MmUnmapIoSpace
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - ExFreePoolWithTag
+    - IofCompleteRequest
+    - KeWaitForSingleObject
+    - PsGetVersion
+    - IoCreateSymbolicLink
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - IofCallDriver
+    - KeBugCheckEx
+    - IoDeleteSymbolicLink
+    - IoBuildDeviceIoControlRequest
+    - MmMapIoSpace
+    - ExAllocatePoolWithTag
+    - RtlUnwindEx
+    - HalSetBusDataByOffset
+    - KeStallExecutionProcessor
+    - HalGetBusDataByOffset
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=CPUID
+            ValidFrom: '2009-02-02 00:00:00'
+            ValidTo: '2012-02-07 23:59:59'
+            Signature: 9a9bbecb393272aaedfd7a125e0fe581151a18a75a4094e082a38156f62018b9d59edef27429bbea60d6e146a2ce134546d54e00b6585c1d85e3aedfb3b9a5de7728a96b2bcc26106655bae6bc5ce3a72714f9e23282a2fba29fc870b394e832f07dc50ded3a042953fe91379769e424398278b6ed14ae4f6b4cce5fa7ba20fc8d157a78fd308214d177189bcd76b2bd62a861a8c1562e2748f338f7369f0f062804685399a6655fcb4564a644e7a8bee8330557376884cce9153992e8e205bc1474dbd0109b3c87991db9bb77a9dff5775267390431ce56ff49500d8ad70be34a0d9a0b112e07eb55f0fe07de9ac93a0b30cb36029b5ec41e032daf66627d4e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
+            Version: 3
+            TBS:
+                MD5: fb72fa311261c4fb6a786e5cc7ce1d2f
+                SHA1: 1006abcf3b1eb43fd4cc42a2cc25346b3b9002c3
+                SHA256: 01beb7dc0d29b16a5506fc611b435aa0f4d9c50408ca404e91135e493a20890a
+                SHA384: 759175ad5a7509fc3ea3678d14e568abd0edeb753b53af88af04869bea98a07314b88c26de077ab3bdb6dbb1df1b93f9
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 89dc670b5f7c06b577deeec9473dc96b
+        SHA1: af59c00ae531117ba9307257ab945cdf6c8309f6
+        SHA256: 35b9d8fc904c88f4df237edc610727f89c415e48bcf135191c43832bb2935ba6
+    Sections:
+        .text:
+            Entropy: 6.180122394967694
+            Virtual Size: '0x2136'
+        .rdata:
+            Entropy: 4.244772424988803
+            Virtual Size: '0x3d0'
+        .data:
+            Entropy: 0.378703493487675
+            Virtual Size: '0x2c0'
+        .pdata:
+            Entropy: 3.5003735460865424
+            Virtual Size: '0x90'
+        INIT:
+            Entropy: 5.069433080691773
+            Virtual Size: '0x408'
+        .rsrc:
+            Entropy: 3.4155760648585995
+            Virtual Size: '0x3d0'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2010-03-30 15:34:16'
+    Imphash: be527e5f470fbc661f914c81bfc9af38
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: cpuz.sys
+    MD5: a453083b8f4ca7cb60cac327e97edbe2
+    SHA1: 53f7fc4feb66af748f2ab295394bf4de62ae9fcc
+    SHA256: c50f8ab8538c557963252b702c1bd3cee4604b5fc2497705d2a6a3fd87e3cc26
+    Authentihash:
+        MD5: b3bf90b99dec81a927b9fa8467d20e11
+        SHA1: 0632e0c8fdb6e629fd2efa5ccdf4a8415131bc58
+        SHA256: 536333c1fb9066a12c7791b740fcf637f6f86b45bd57baf0f27ae33c3b6c6cf1
+    Description: CPUID Driver
+    Company: CPUID
+    InternalName: cpuz.sys
+    OriginalFilename: cpuz.sys
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Product: CPUID service
+    ProductVersion: 6.1.7600.16385
+    Copyright: Copyright(C) 2013 CPUID
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - RtlAnsiStringToUnicodeString
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeInitializeEvent
+    - RtlInitAnsiString
+    - MmUnmapIoSpace
+    - IoCancelIrp
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - ExFreePoolWithTag
+    - IofCompleteRequest
+    - KeWaitForSingleObject
+    - PsGetVersion
+    - IoCreateSymbolicLink
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - IofCallDriver
+    - KeBugCheckEx
+    - IoDeleteSymbolicLink
+    - IoBuildDeviceIoControlRequest
+    - MmMapIoSpace
+    - ExAllocatePoolWithTag
+    - RtlUnwindEx
+    - HalSetBusDataByOffset
+    - KeStallExecutionProcessor
+    - HalGetBusDataByOffset
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=CPUID
+            ValidFrom: '2012-01-06 00:00:00'
+            ValidTo: '2015-02-06 23:59:59'
+            Signature: be6fb3b3b33e9108a9a2273d1cf5eb3209a8c3a86ba7d66069393587f6b451b75b327ea15d36b1604aad5509c0ace37fa66e220b35764b9c201169677738c06802d2f798383c256c690898a663b0aeb519491057f9f24149c513abba2a4cab9934a684e5d83a34105fe6681f2b85d5ee06332d1c05c3627758442fd2fc94f5f68bb30f085cb1d31174e1461394aeef7b124291a099654d1103df3deab81e9658b5b5cc817061d688ae39e702f1d0dd420d6de931bed331960e089233b8576482e48d5b769fdfa8df02e1d098912444b324057826e1f72c26f045b2479a9b39eadfd6b2e1bd6db4057ef6b12ca385cad9a7ad82c4414e619f97dfd08a55f59053
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 53c8b54713882d4d5439511804935e
+            Version: 3
+            TBS:
+                MD5: 49e7946e133b4aaa31899adb235d3fa9
+                SHA1: f9f38ec49a6ccb990805be6dda0efa5f7fe8f7e7
+                SHA256: 1bb998a806b890e3300be35de0daa1b691fa218ef3d58ee5ec1b43fd34250a74
+                SHA384: 0a2ca21b084e3b431a7150c49819934d64a8b259d5686706d879a90cc37d32005eb2bbe07558b312b1169ab8a3e3de39
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 53c8b54713882d4d5439511804935e
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 685a19a8e9f46a76067db83da501dca0
+        SHA1: 5f76e4cf5157450837536db016e9981cb41394d2
+        SHA256: 1a0c69ff029488d41c7d9413943c28d389016adb26698d9baf02c6f32739d591
+    Sections:
+        .text:
+            Entropy: 6.111492164689909
+            Virtual Size: '0x2836'
+        .rdata:
+            Entropy: 4.175526657333754
+            Virtual Size: '0x3d4'
+        .data:
+            Entropy: 0.378703493487675
+            Virtual Size: '0x2c0'
+        .pdata:
+            Entropy: 3.4970531643346394
+            Virtual Size: '0xc0'
+        INIT:
+            Entropy: 5.076575853289
+            Virtual Size: '0x406'
+        .rsrc:
+            Entropy: 3.3935766621226473
+            Virtual Size: '0x350'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2013-08-24 02:56:35'
+    Imphash: 82942c060f79cefd3bf1acdf5c207561
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: cpuz.sys
+    MD5: 07493c774aa406478005e8fe52c788b2
+    SHA1: 34a07ae39b232cc3dbbe657b34660e692ff2043a
+    SHA256: dbb457ae1bd07a945a1466ce4a206c625e590aee3922fa7d86fbe956beccfc98
+    Authentihash:
+        MD5: 63e4ba0a05ddac75e9f2b90c28291331
+        SHA1: 34c6aeb2bc32ff8da525641af75ff600e7249252
+        SHA256: 653601cf8c3c2c4b778f9025d4e964c887966cc3216bb35a73a3ae75477b4476
+    Description: CPUID Driver
+    Company: Windows (R) Codename Longhorn DDK provider
+    InternalName: cpuz.sys
+    OriginalFilename: cpuz.sys
+    FileVersion: '6.0.6000.16386 built by: WinDDK'
+    Product: Windows (R) Codename Longhorn DDK driver
+    ProductVersion: 6.0.6000.16386
+    Copyright: "\xA9 Microsoft Corporation. All rights reserved."
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - KeWaitForSingleObject
+    - PsGetVersion
+    - MmUnmapIoSpace
+    - IoBuildDeviceIoControlRequest
+    - IoDeleteSymbolicLink
+    - IoCreateSymbolicLink
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - RtlAnsiStringToUnicodeString
+    - IofCompleteRequest
+    - RtlFreeUnicodeString
+    - IofCallDriver
+    - IoGetDeviceObjectPointer
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - ProbeForWrite
+    - MmMapIoSpace
+    - KeBugCheckEx
+    - RtlInitAnsiString
+    - IoCreateDevice
+    - KeInitializeEvent
+    - RtlUnwindEx
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=CPUID
+            ValidFrom: '2007-02-08 00:00:00'
+            ValidTo: '2009-02-07 23:59:59'
+            Signature: 6ca08361ce69863ade5289039d2e6eaf79729d950a57fc32158e56bc0bfc05ca3b76263b8e8a5e2279522eceed35495c697a2f1b1631e1a4f997c8b2e14cd08a3b4aaeca9f150126f5933e6a29fde1e3ef607f452219582ac034c3f95023fd6c5474008ecea3aab5ba096ae73a3dd76b296d3c8b06a72ca763698e49474d624c22ad57a3d11342be8a6d2a49e4af5893003fcf02900a0fbf4854858cc0468d23b9917cfe59ac8b7058de49ab25bbca0bc67f1f367309deed4827295173fad53932d12ad79b8c70175e640f7917fd60940be86d1af397dd5eb0ecb9e92f9e3dc03f2cbf51e9776b31a8cba38fabd8b27e561f66a5ddad46546d6bc984a6a8d8bc
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 10e29d74903d9c7cd58caa35a0944770
+            Version: 3
+            TBS:
+                MD5: 5e3b5587eb8c553dc279bb241c30689d
+                SHA1: 5b5631ff0033ed753a5c630a4d8d48772050db32
+                SHA256: 9b30d9d9f9fd9c0480c0503dd4ac86649d2cc180d1401ade6dd8048356d7f634
+                SHA384: 1886034ac8dc819ed45b8b48b0225cdb142d53d61bda992ee7e4923276c3c36dffbb0f8d929e1ad20c3437709df2399a
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 10e29d74903d9c7cd58caa35a0944770
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 6633dd48aea31e9c4821fbc652e4701e
+        SHA1: 3fb6cdbdaa8959e6a79305a74981751e06506a6f
+        SHA256: 63b15db03090d5e7ba52906b2854fba693e17a5fac179397bd55f91e49d28859
+    Sections:
+        .text:
+            Entropy: 6.049517664101274
+            Virtual Size: '0x15a6'
+        .rdata:
+            Entropy: 4.2613924369366005
+            Virtual Size: '0x304'
+        .data:
+            Entropy: 0.6099523004172788
+            Virtual Size: '0x124'
+        .pdata:
+            Entropy: 3.3197547776031913
+            Virtual Size: '0x6c'
+        INIT:
+            Entropy: 4.94558496841094
+            Virtual Size: '0x388'
+        .rsrc:
+            Entropy: 3.3933870153256342
+            Virtual Size: '0x400'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2008-02-22 04:12:04'
+    Imphash: dc0a0f2d424a59b4d17033f58f01b027
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: cpuz.sys
+    MD5: e425c66663c96d5a9f030b0ad4d219a8
+    SHA1: bd87aecc0ac1d1c2ab72be1090d39fab657f7cc6
+    SHA256: deecbcd260849178de421d8e2f177dce5c63cf67a48abb23a0e3cf3aa3e00578
+    Authentihash:
+        MD5: a10d1df81f81710baf68826e4c32befa
+        SHA1: ecbde8d7d911f64666f89356ce6194d92741bdc4
+        SHA256: cd7754a6ec6bf19724fb266ec4f1d02607e9b310791d8725d7db5ac84d5430e2
+    Description: CPUID Driver
+    Company: CPUID
+    InternalName: cpuz.sys
+    OriginalFilename: cpuz.sys
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Product: CPUID service
+    ProductVersion: 6.1.7600.16385
+    Copyright: Copyright(C) 2014 CPUID
+    MachineType: I386
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IofCompleteRequest
+    - ExFreePool
+    - ExAllocatePoolWithTag
+    - RtlFreeUnicodeString
+    - ObfDereferenceObject
+    - MmIsAddressValid
+    - IoGetDeviceObjectPointer
+    - MmUnmapIoSpace
+    - RtlInitAnsiString
+    - MmMapIoSpace
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - RtlUnwind
+    - KeTickCount
+    - KeBugCheckEx
+    - RtlInitUnicodeString
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - PsGetVersion
+    - KeInitializeEvent
+    - IoBuildDeviceIoControlRequest
+    - IofCallDriver
+    - KeWaitForSingleObject
+    - RtlAnsiStringToUnicodeString
+    - IoCancelIrp
+    - READ_PORT_USHORT
+    - READ_PORT_ULONG
+    - WRITE_PORT_UCHAR
+    - WRITE_PORT_USHORT
+    - WRITE_PORT_ULONG
+    - HalGetBusDataByOffset
+    - HalSetBusDataByOffset
+    - KeStallExecutionProcessor
+    - READ_PORT_UCHAR
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=CPUID
+            ValidFrom: '2012-01-06 00:00:00'
+            ValidTo: '2015-02-06 23:59:59'
+            Signature: be6fb3b3b33e9108a9a2273d1cf5eb3209a8c3a86ba7d66069393587f6b451b75b327ea15d36b1604aad5509c0ace37fa66e220b35764b9c201169677738c06802d2f798383c256c690898a663b0aeb519491057f9f24149c513abba2a4cab9934a684e5d83a34105fe6681f2b85d5ee06332d1c05c3627758442fd2fc94f5f68bb30f085cb1d31174e1461394aeef7b124291a099654d1103df3deab81e9658b5b5cc817061d688ae39e702f1d0dd420d6de931bed331960e089233b8576482e48d5b769fdfa8df02e1d098912444b324057826e1f72c26f045b2479a9b39eadfd6b2e1bd6db4057ef6b12ca385cad9a7ad82c4414e619f97dfd08a55f59053
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 53c8b54713882d4d5439511804935e
+            Version: 3
+            TBS:
+                MD5: 49e7946e133b4aaa31899adb235d3fa9
+                SHA1: f9f38ec49a6ccb990805be6dda0efa5f7fe8f7e7
+                SHA256: 1bb998a806b890e3300be35de0daa1b691fa218ef3d58ee5ec1b43fd34250a74
+                SHA384: 0a2ca21b084e3b431a7150c49819934d64a8b259d5686706d879a90cc37d32005eb2bbe07558b312b1169ab8a3e3de39
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 53c8b54713882d4d5439511804935e
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 41f15d0f328a165973b49de608ef72a2
+        SHA1: abcd9850775bd0a1a855e785a238e0e69525810f
+        SHA256: 02dc44b04a6426fcaedf26995bfa471f123a90a9c747e82cebaf95f394890631
+    Sections:
+        .text:
+            Entropy: 6.204806970841105
+            Virtual Size: '0x2ed0'
+        .rdata:
+            Entropy: 4.656797686788462
+            Virtual Size: '0x2e8'
+        .data:
+            Entropy: 0.335842300318532
+            Virtual Size: '0x1e0'
+        INIT:
+            Entropy: 5.416266853126175
+            Virtual Size: '0x3f4'
+        .rsrc:
+            Entropy: 3.392253360894555
+            Virtual Size: '0x350'
+        .reloc:
+            Entropy: 5.600870307396892
+            Virtual Size: '0x26e'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2014-02-17 07:21:57'
+    Imphash: 958dd67f866ae27cf716e30a025b266f
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: cpuz.sys
+    MD5: ccb09eb78e047c931708149992c2e435
+    SHA1: ada23b709cb2bef8bedd612dc345db2e2fdbfaca
+    SHA256: df0dcfb3971829af79629efd036b8e1c6e2127481b3644ccc6e2ddd387489a15
+    Authentihash:
+        MD5: e4b3d527845f6574b5959b6381f925f8
+        SHA1: baf46ac272c1a6d8c32683965b1d849386908079
+        SHA256: 68b0a239031b158e2927bb5dc8844b662cb4616ee8c1363fa729aa8fa0d86cff
+    Description: CPUID Driver
+    Company: CPUID
+    InternalName: cpuz.sys
+    OriginalFilename: cpuz.sys
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Product: CPUID service
+    ProductVersion: 6.1.7600.16385
+    Copyright: Copyright(C) 2010 CPUID
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - RtlAnsiStringToUnicodeString
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeInitializeEvent
+    - RtlInitAnsiString
+    - MmUnmapIoSpace
+    - IoCancelIrp
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - ExFreePoolWithTag
+    - IofCompleteRequest
+    - KeWaitForSingleObject
+    - PsGetVersion
+    - IoCreateSymbolicLink
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - IofCallDriver
+    - KeBugCheckEx
+    - IoDeleteSymbolicLink
+    - IoBuildDeviceIoControlRequest
+    - MmMapIoSpace
+    - ExAllocatePoolWithTag
+    - RtlUnwindEx
+    - HalSetBusDataByOffset
+    - KeStallExecutionProcessor
+    - HalGetBusDataByOffset
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=CPUID
+            ValidFrom: '2009-02-02 00:00:00'
+            ValidTo: '2012-02-07 23:59:59'
+            Signature: 9a9bbecb393272aaedfd7a125e0fe581151a18a75a4094e082a38156f62018b9d59edef27429bbea60d6e146a2ce134546d54e00b6585c1d85e3aedfb3b9a5de7728a96b2bcc26106655bae6bc5ce3a72714f9e23282a2fba29fc870b394e832f07dc50ded3a042953fe91379769e424398278b6ed14ae4f6b4cce5fa7ba20fc8d157a78fd308214d177189bcd76b2bd62a861a8c1562e2748f338f7369f0f062804685399a6655fcb4564a644e7a8bee8330557376884cce9153992e8e205bc1474dbd0109b3c87991db9bb77a9dff5775267390431ce56ff49500d8ad70be34a0d9a0b112e07eb55f0fe07de9ac93a0b30cb36029b5ec41e032daf66627d4e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
+            Version: 3
+            TBS:
+                MD5: fb72fa311261c4fb6a786e5cc7ce1d2f
+                SHA1: 1006abcf3b1eb43fd4cc42a2cc25346b3b9002c3
+                SHA256: 01beb7dc0d29b16a5506fc611b435aa0f4d9c50408ca404e91135e493a20890a
+                SHA384: 759175ad5a7509fc3ea3678d14e568abd0edeb753b53af88af04869bea98a07314b88c26de077ab3bdb6dbb1df1b93f9
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 29f25a23906de1bbfa2c46067eba0ddd
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 89dc670b5f7c06b577deeec9473dc96b
+        SHA1: af59c00ae531117ba9307257ab945cdf6c8309f6
+        SHA256: 35b9d8fc904c88f4df237edc610727f89c415e48bcf135191c43832bb2935ba6
+    Sections:
+        .text:
+            Entropy: 6.199906453328244
+            Virtual Size: '0x2506'
+        .rdata:
+            Entropy: 4.25835240231724
+            Virtual Size: '0x3e0'
+        .data:
+            Entropy: 0.378703493487675
+            Virtual Size: '0x2c0'
+        .pdata:
+            Entropy: 3.3649784372301403
+            Virtual Size: '0x90'
+        INIT:
+            Entropy: 5.067835669413665
+            Virtual Size: '0x406'
+        .rsrc:
+            Entropy: 3.3943730160709853
+            Virtual Size: '0x350'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2011-01-19 09:42:06'
+    Imphash: 82942c060f79cefd3bf1acdf5c207561
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: cpuz.sys
+    MD5: 43bfc857406191963f4f3d9f1b76a7bf
+    SHA1: 9329a0ce2749a3a6bea2028ce7562d74c417db64
+    SHA256: e0b5a5f8333fc1213791af5c5814d7a99615b3951361ca75f8aa5022c9cfbc2b
+    Authentihash:
+        MD5: 68fb744e92133e8bb6b59fea9304667c
+        SHA1: de1a168f24f5da29b9f8bf8333fff57bfa0d21a4
+        SHA256: d70bfea03deeea92a253f2b4a8b7181a3064f62c5207f94b5f7ce5a9e62ab4cf
+    Description: CPUID Driver
+    Company: CPUID
+    InternalName: cpuz.sys
+    OriginalFilename: cpuz.sys
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Product: CPUID service
+    ProductVersion: 6.1.7600.16385
+    Copyright: Copyright(C) 2016 CPUID
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeInitializeEvent
+    - RtlInitAnsiString
+    - MmUnmapIoSpace
+    - IoCancelIrp
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - RtlAnsiStringToUnicodeString
+    - IofCompleteRequest
+    - KeWaitForSingleObject
+    - PsGetVersion
+    - IoCreateSymbolicLink
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - IofCallDriver
+    - KeBugCheckEx
+    - ExFreePoolWithTag
+    - IoDeleteSymbolicLink
+    - IoBuildDeviceIoControlRequest
+    - MmMapIoSpace
+    - ExAllocatePoolWithTag
+    - RtlUnwindEx
+    - HalGetBusDataByOffset
+    - HalSetBusDataByOffset
+    - KeStallExecutionProcessor
+    - KeQueryPerformanceCounter
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, CN=CPUID
+            ValidFrom: '2014-12-02 00:00:00'
+            ValidTo: '2018-03-02 23:59:59'
+            Signature: a59808b35f916a1201f0987b958aaaf50b81f3e507cf9d1b902bc22787244617e38069e4ca74bcf505dfdfeb6bad8bee2ecba26a428c2b26c9b9987241b50ccfd895a7335b35534c5569fdef2554d773cb3b20f10e08eeff2701d2a3e8ef7c5bb759baf1995d1580dce4f0c5da90eff4f07e01e7c9273b24c14c514f2ae1d1fe940dd53bfa25572cd6f3c007c7f21aebc58ea32ca3aea83c731419c9dcc191158cbb52b0b70545a16c9b42aadd4dcb167443d6c15fa03ae7f6f0f644845a69cb8badb3f143fd916a70c5008c3486d1f0cc8e0527f76da5aeaca4925f6eb6861dd54e1ce8b80e6b000446d77ac8bd0299e38db3b8e4a9c43294367cd6a55351d0
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 2d8021d84f098e7abde199f818e211a4
+            Version: 3
+            TBS:
+                MD5: 8f8c7ccf1ef7e1ee347f49e8266008ca
+                SHA1: b856b993df73da9d824aa1e5161788bd10d1e10e
+                SHA256: 1dd13a417806106c76cfbcd3614fe27a0638d2aaf2731f6a110c05043e34ad91
+                SHA384: d24ede407b82f80a6f0703b59af267f227a956c21f642f4c3d717d6999728ba2acfde76966340f4334f8ecdcf294616e
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 2d8021d84f098e7abde199f818e211a4
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: c046d6f14ec39d2a0f67a417bda83c5e
+        SHA1: 74661f1063b4c80566f75a1bee22c35f7af17fa9
+        SHA256: 440eebbdc09d290724d364056ba4e2725c75759819a6df0a1ed5c876ed7d2474
+    Sections:
+        .text:
+            Entropy: 6.202501650998955
+            Virtual Size: '0x38b6'
+        .rdata:
+            Entropy: 4.1722432536185465
+            Virtual Size: '0x464'
+        .data:
+            Entropy: 0.378703493487675
+            Virtual Size: '0x440'
+        .pdata:
+            Entropy: 3.6000408617955837
+            Virtual Size: '0xf0'
+        INIT:
+            Entropy: 5.116119018385266
+            Virtual Size: '0x40e'
+        .rsrc:
+            Entropy: 3.38341382722288
+            Virtual Size: '0x350'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2016-10-05 03:53:07'
+    Imphash: 8f96c3ef5dda3fe697d4a4d6326dbe37
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: cpuz.sys
+    MD5: 8f5b84350bfc4fe3a65d921b4bd0e737
+    SHA1: 76046978d8e4409e53d8126a8dcfc3bf8602c37f
+    SHA256: e58bbf3251906ff722aa63415bf169618e78be85cb92c8263d3715c260491e90
+    Authentihash:
+        MD5: 76a420a5ac2a6250c57d129de361695a
+        SHA1: 3736434ca3094fed9f1f3378e9fb966a5e9411f1
+        SHA256: 3e423caaff9002b38e1d90005df181aa2b3711ebbf6d1eb83941656ccc313811
+    Description: CPUID Driver
+    Company: CPUID
+    InternalName: cpuz.sys
+    OriginalFilename: cpuz.sys
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Product: CPUID service
+    ProductVersion: 6.1.7600.16385
+    Copyright: Copyright(C) 2010 CPUID
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - RtlAnsiStringToUnicodeString
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeInitializeEvent
+    - RtlInitAnsiString
+    - MmUnmapIoSpace
+    - IoCancelIrp
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - ExFreePoolWithTag
+    - IofCompleteRequest
+    - KeWaitForSingleObject
+    - PsGetVersion
+    - IoCreateSymbolicLink
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - IofCallDriver
+    - KeBugCheckEx
+    - IoDeleteSymbolicLink
+    - IoBuildDeviceIoControlRequest
+    - MmMapIoSpace
+    - ExAllocatePoolWithTag
+    - RtlUnwindEx
+    - HalSetBusDataByOffset
+    - KeStallExecutionProcessor
+    - HalGetBusDataByOffset
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=CPUID
+            ValidFrom: '2012-01-06 00:00:00'
+            ValidTo: '2015-02-06 23:59:59'
+            Signature: be6fb3b3b33e9108a9a2273d1cf5eb3209a8c3a86ba7d66069393587f6b451b75b327ea15d36b1604aad5509c0ace37fa66e220b35764b9c201169677738c06802d2f798383c256c690898a663b0aeb519491057f9f24149c513abba2a4cab9934a684e5d83a34105fe6681f2b85d5ee06332d1c05c3627758442fd2fc94f5f68bb30f085cb1d31174e1461394aeef7b124291a099654d1103df3deab81e9658b5b5cc817061d688ae39e702f1d0dd420d6de931bed331960e089233b8576482e48d5b769fdfa8df02e1d098912444b324057826e1f72c26f045b2479a9b39eadfd6b2e1bd6db4057ef6b12ca385cad9a7ad82c4414e619f97dfd08a55f59053
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 53c8b54713882d4d5439511804935e
+            Version: 3
+            TBS:
+                MD5: 49e7946e133b4aaa31899adb235d3fa9
+                SHA1: f9f38ec49a6ccb990805be6dda0efa5f7fe8f7e7
+                SHA256: 1bb998a806b890e3300be35de0daa1b691fa218ef3d58ee5ec1b43fd34250a74
+                SHA384: 0a2ca21b084e3b431a7150c49819934d64a8b259d5686706d879a90cc37d32005eb2bbe07558b312b1169ab8a3e3de39
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 53c8b54713882d4d5439511804935e
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 685a19a8e9f46a76067db83da501dca0
+        SHA1: 5f76e4cf5157450837536db016e9981cb41394d2
+        SHA256: 1a0c69ff029488d41c7d9413943c28d389016adb26698d9baf02c6f32739d591
+    Sections:
+        .text:
+            Entropy: 6.214010136736859
+            Virtual Size: '0x25d6'
+        .rdata:
+            Entropy: 4.171320307410102
+            Virtual Size: '0x3ec'
+        .data:
+            Entropy: 0.378703493487675
+            Virtual Size: '0x2c0'
+        .pdata:
+            Entropy: 3.503621523339014
+            Virtual Size: '0xc0'
+        INIT:
+            Entropy: 5.076575853289
+            Virtual Size: '0x406'
+        .rsrc:
+            Entropy: 3.3943730160709853
+            Virtual Size: '0x350'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2012-02-07 08:44:59'
+    Imphash: 82942c060f79cefd3bf1acdf5c207561
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: cpuz.sys
+    MD5: ce57844fb185d0cdd9d3ce9e5b6a891d
+    SHA1: 32888d789edc91095da2e0a5d6c564c2aebcee68
+    SHA256: ee45fd2d7315fd039f3585a66e7855ba4af9d4721e1448e602623de14e932bbe
+    Authentihash:
+        MD5: 649db3854efa0c9a10fdcca1bcc5fc0b
+        SHA1: 3c738ea73287a493a2254c6011c35f31569cf2b9
+        SHA256: 472e29b63e1d9d44269a99962b186113586fbd3603eac3a23c520c7ef73a69cf
+    Description: CPUID Driver
+    Company: CPUID
+    InternalName: cpuz.sys
+    OriginalFilename: cpuz.sys
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Product: CPUID service
+    ProductVersion: 6.1.7600.16385
+    Copyright: Copyright(C) 2017 CPUID
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeInitializeEvent
+    - RtlInitAnsiString
+    - MmUnmapIoSpace
+    - IoCancelIrp
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - RtlAnsiStringToUnicodeString
+    - IofCompleteRequest
+    - KeWaitForSingleObject
+    - PsGetVersion
+    - IoCreateSymbolicLink
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - IofCallDriver
+    - KeBugCheckEx
+    - ExFreePoolWithTag
+    - IoDeleteSymbolicLink
+    - IoBuildDeviceIoControlRequest
+    - MmMapIoSpace
+    - ExAllocatePoolWithTag
+    - RtlUnwindEx
+    - HalGetBusDataByOffset
+    - HalSetBusDataByOffset
+    - KeStallExecutionProcessor
+    - KeQueryPerformanceCounter
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, CN=CPUID
+            ValidFrom: '2014-12-02 00:00:00'
+            ValidTo: '2018-03-02 23:59:59'
+            Signature: a59808b35f916a1201f0987b958aaaf50b81f3e507cf9d1b902bc22787244617e38069e4ca74bcf505dfdfeb6bad8bee2ecba26a428c2b26c9b9987241b50ccfd895a7335b35534c5569fdef2554d773cb3b20f10e08eeff2701d2a3e8ef7c5bb759baf1995d1580dce4f0c5da90eff4f07e01e7c9273b24c14c514f2ae1d1fe940dd53bfa25572cd6f3c007c7f21aebc58ea32ca3aea83c731419c9dcc191158cbb52b0b70545a16c9b42aadd4dcb167443d6c15fa03ae7f6f0f644845a69cb8badb3f143fd916a70c5008c3486d1f0cc8e0527f76da5aeaca4925f6eb6861dd54e1ce8b80e6b000446d77ac8bd0299e38db3b8e4a9c43294367cd6a55351d0
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 2d8021d84f098e7abde199f818e211a4
+            Version: 3
+            TBS:
+                MD5: 8f8c7ccf1ef7e1ee347f49e8266008ca
+                SHA1: b856b993df73da9d824aa1e5161788bd10d1e10e
+                SHA256: 1dd13a417806106c76cfbcd3614fe27a0638d2aaf2731f6a110c05043e34ad91
+                SHA384: d24ede407b82f80a6f0703b59af267f227a956c21f642f4c3d717d6999728ba2acfde76966340f4334f8ecdcf294616e
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 2d8021d84f098e7abde199f818e211a4
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: c046d6f14ec39d2a0f67a417bda83c5e
+        SHA1: 74661f1063b4c80566f75a1bee22c35f7af17fa9
+        SHA256: 440eebbdc09d290724d364056ba4e2725c75759819a6df0a1ed5c876ed7d2474
+    Sections:
+        .text:
+            Entropy: 6.1689591912915125
+            Virtual Size: '0x4546'
+        .rdata:
+            Entropy: 4.191218153188012
+            Virtual Size: '0x534'
+        .data:
+            Entropy: 0.378703493487675
+            Virtual Size: '0x440'
+        .pdata:
+            Entropy: 3.6397736740131683
+            Virtual Size: '0xfc'
+        INIT:
+            Entropy: 5.132100585029012
+            Virtual Size: '0x40e'
+        .rsrc:
+            Entropy: 3.394946071861716
+            Virtual Size: '0x350'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2017-05-22 02:17:51'
+    Imphash: 8f96c3ef5dda3fe697d4a4d6326dbe37
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: cpuz.sys
+    MD5: 8ad9dfc971df71cd43788ade6acf8e7d
+    SHA1: 7241b25c3a3ee9f36b52de3db2fc27db7065af37
+    SHA256: f74ffd6916333662900cbecb90aca2d6475a714ce410adf9c5c3264abbe5732c
+    Authentihash:
+        MD5: fa889613bb0522d6e546e8cbd011105a
+        SHA1: 62ee17440edaf819966eb823a26dfd46c24447b4
+        SHA256: 991228f3ea6c1ae8083aa405d1d066e48cd6dbd7d6bc01c81599b2c28f3923f1
+    Description: CPUID Driver
+    Company: CPUID
+    InternalName: cpuz.sys
+    OriginalFilename: cpuz.sys
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Product: CPUID service
+    ProductVersion: 6.1.7600.16385
+    Copyright: Copyright(C) 2015 CPUID
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - RtlAnsiStringToUnicodeString
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeInitializeEvent
+    - RtlInitAnsiString
+    - MmUnmapIoSpace
+    - IoCancelIrp
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - ExFreePoolWithTag
+    - IofCompleteRequest
+    - KeWaitForSingleObject
+    - PsGetVersion
+    - IoCreateSymbolicLink
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - IofCallDriver
+    - KeBugCheckEx
+    - IoDeleteSymbolicLink
+    - IoBuildDeviceIoControlRequest
+    - MmMapIoSpace
+    - ExAllocatePoolWithTag
+    - RtlUnwindEx
+    - HalSetBusDataByOffset
+    - KeStallExecutionProcessor
+    - HalGetBusDataByOffset
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, CN=CPUID
+            ValidFrom: '2014-12-02 00:00:00'
+            ValidTo: '2018-03-02 23:59:59'
+            Signature: a59808b35f916a1201f0987b958aaaf50b81f3e507cf9d1b902bc22787244617e38069e4ca74bcf505dfdfeb6bad8bee2ecba26a428c2b26c9b9987241b50ccfd895a7335b35534c5569fdef2554d773cb3b20f10e08eeff2701d2a3e8ef7c5bb759baf1995d1580dce4f0c5da90eff4f07e01e7c9273b24c14c514f2ae1d1fe940dd53bfa25572cd6f3c007c7f21aebc58ea32ca3aea83c731419c9dcc191158cbb52b0b70545a16c9b42aadd4dcb167443d6c15fa03ae7f6f0f644845a69cb8badb3f143fd916a70c5008c3486d1f0cc8e0527f76da5aeaca4925f6eb6861dd54e1ce8b80e6b000446d77ac8bd0299e38db3b8e4a9c43294367cd6a55351d0
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 2d8021d84f098e7abde199f818e211a4
+            Version: 3
+            TBS:
+                MD5: 8f8c7ccf1ef7e1ee347f49e8266008ca
+                SHA1: b856b993df73da9d824aa1e5161788bd10d1e10e
+                SHA256: 1dd13a417806106c76cfbcd3614fe27a0638d2aaf2731f6a110c05043e34ad91
+                SHA384: d24ede407b82f80a6f0703b59af267f227a956c21f642f4c3d717d6999728ba2acfde76966340f4334f8ecdcf294616e
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 2d8021d84f098e7abde199f818e211a4
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: b3dcf662ce69ad7b34717fb6aecf09a7
+        SHA1: 63be2c28ecee71a739bfbaf38466362e998bc5bc
+        SHA256: f4257b7e95b00b38e446b2708cc342fe32846266064b94c78ec1f987731c2226
+    Sections:
+        .text:
+            Entropy: 6.1888286192821065
+            Virtual Size: '0x30b6'
+        .rdata:
+            Entropy: 4.210489806011185
+            Virtual Size: '0x424'
+        .data:
+            Entropy: 0.378703493487675
+            Virtual Size: '0x2c0'
+        .pdata:
+            Entropy: 3.6128209941554763
+            Virtual Size: '0xd8'
+        INIT:
+            Entropy: 5.131854482283732
+            Virtual Size: '0x3ea'
+        .rsrc:
+            Entropy: 3.3958173868041217
+            Virtual Size: '0x350'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2015-11-18 02:58:02'
+    Imphash: f12ae9073d95c22ed89247253d59f500
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/17cf4fac-88f1-467d-9f62-481d33accc5b.yaml b/yaml/17cf4fac-88f1-467d-9f62-481d33accc5b.yaml
index bf02315d6..b308931f2 100644
--- a/yaml/17cf4fac-88f1-467d-9f62-481d33accc5b.yaml
+++ b/yaml/17cf4fac-88f1-467d-9f62-481d33accc5b.yaml
@@ -1,206 +1,206 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 17cf4fac-88f1-467d-9f62-481d33accc5b
+Tags:
+- otipcibus.sys
+Verified: 'FALSE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create otipcibus.sys binPath=C:\windows\temp\otipcibus.sys type=kernel
-    && sc.exe start otipcibus.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/4e3eb5b9bce2fd9f6878ae36288211f0997f6149aa8c290ed91228ba4cdfae80.yara
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: 17cf4fac-88f1-467d-9f62-481d33accc5b
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 0fc8a346a333624a7b6645da7a1b6b8b
-    SHA1: fd172c7f8bdc81988fcf1642881078a8ca8415f6
-    SHA256: 1cda1a6e33d14d5dd06344425102bf840f8149e817ecfb01c59a2190d3367024
-  Company: OTi
-  Copyright: ''
-  CreationTimestamp: '2018-08-27 00:12:54'
-  Date: ''
-  Description: Hardware Access Driver
-  ExportedFunctions: ''
-  FileVersion: 1.1000.0.1
-  Filename: otipcibus.sys
-  ImportedFunctions:
-  - ExAllocatePool
-  - ExFreePoolWithTag
-  - MmBuildMdlForNonPagedPool
-  - MmMapLockedPages
-  - MmMapLockedPagesSpecifyCache
-  - MmUnmapLockedPages
-  - MmMapIoSpace
-  - MmUnmapIoSpace
-  - RtlInitUnicodeString
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - IoFreeMdl
-  - IoGetDeviceObjectPointer
-  - RtlCopyUnicodeString
-  - IofCallDriver
-  - IoBuildSynchronousFsdRequest
-  - KeWaitForSingleObject
-  - IoAllocateMdl
-  - KeInitializeEvent
-  - WdfVersionBindClass
-  - WdfVersionUnbind
-  - WdfVersionBind
-  - WdfVersionUnbindClass
-  Imports:
-  - ntoskrnl.exe
-  - WDFLDR.SYS
-  InternalName: otipcibus64.sys
-  MD5: d5a642329cce4df94b8dc1ba9660ae34
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: otipcibus64.sys
-  Product: Kernel Mode Driver To Access Physical Memory And Ports
-  ProductVersion: 1.1000.0.1
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: b34681d0b4e69df394a00475fc8b8e2b
-    SHA1: 610ef1c2343ce3e7b8fa2fe945b8d39c8c499db1
-    SHA256: 40b86a78a8cf7c02e7599b5a5c25ab085e206420923b6c718161c1fd248645fa
-  SHA1: ccdd3a1ebe9a1c8f8a72af20a05a10f11da1d308
-  SHA256: 4e3eb5b9bce2fd9f6878ae36288211f0997f6149aa8c290ed91228ba4cdfae80
-  Sections:
-    .text:
-      Entropy: 6.133933891984983
-      Virtual Size: '0xdf3'
-    .rdata:
-      Entropy: 4.417947833956902
-      Virtual Size: '0x6a2'
-    .data:
-      Entropy: 0.5780798803320499
-      Virtual Size: '0x1070'
-    .pdata:
-      Entropy: 3.42138799002103
-      Virtual Size: '0xa8'
-    INIT:
-      Entropy: 4.427979696753516
-      Virtual Size: '0x2d'
-    .rsrc:
-      Entropy: 3.272477164189334
-      Virtual Size: '0x3a8'
-    .reloc:
-      Entropy: 2.5625
-      Virtual Size: '0x20'
-  Signature:
-  - Ours Technology Inc.
-  - Symantec Class 3 SHA256 Code Signing CA
-  - VeriSign
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=TW, ST=Hsingchu Hsien, L=Hsinchu County, O=Ours Technology Inc.,
-        CN=Ours Technology Inc.
-      ValidFrom: '2018-07-09 00:00:00'
-      ValidTo: '2019-09-05 23:59:59'
-      Signature: 157696d20704ca4a7504961b5edd290d72580ee3cf1fb6fff495f95bcb872f1e9f94af12457ea351b1614568e3e459272eca93ba547ffc241728838133fd3331e9093d8a2a05ac50bc5009881466cc8d341a040ac6bdc6c1a88244824d76db728fef05ecb04501018462f10eb1d347355c8e2aa0a9103b4fc92070d675142e04c03bffe65c590ec5e5089346f20706291a97e28e5bd7f821e5797227e2f8f087fd95533db374c5f220129966060e10d8536fc0a91506a4062245d07906f6792ea9b100d6f1c1d9de50c6991076867f9267d74d040524e6b79be78d5c59e1225da69cba23f9b9ef79a94aac0f83985261b7422d7505dea910e7ad4b98403e6dbb
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 3d5fc3a4d1a54cf40abf37864a5effe7
-      Version: 3
-      TBS:
-        MD5: fffa36e195b3b63a83d3c588f0ebe5b7
-        SHA1: 0219cae154eee07fccab0c807cc0981b42b8f308
-        SHA256: e9e9699300bba6891efc24952734dc2c67ca2bdf8acada0edb6125183b184149
-        SHA384: ee4823abcf9aa949263ad6afd913f19fd996d1328dbeda146dfbf3e1a1ca9458820ec99549360856f4bd6aa6e7d984ce
-    - Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 SHA256 Code Signing CA
-      ValidFrom: '2013-12-10 00:00:00'
-      ValidTo: '2023-12-09 23:59:59'
-      Signature: 13851a1e69a937f7a0bda4af7e1d6153fe9d8c5e0ca6751e781723ddfdec1a035539fb7195c7655aa78e30d2445a61db706fda2105c22e73ba49f1d193fe5dc9cd5e03e0899e3f741ed7f7388ba9d6cfbb352f3358a89256d1c84d3b82e6798416fc28b0b147f31da23eee87d9a67fa456a53fad842e29de7cbca8aaa33d0401eaba93a20e502229174c87e43a115fd6a425899b056b2fb4c9014c277b0bac190522a060153fdac9fb4d4c8ffb726777fd2794c7ba350e8849fe8dfd28af4a12bd0db39705de440c15fa362b03dcc15001f1a1115d14e5e2bd274b54be2b845e0fa6c374050aef97c38922b11f77f3bdcd43d4f14ca93fb58b84af64f2d01421
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 3d78d7f9764960b2617df4f01eca862a
-      Version: 3
-      TBS:
-        MD5: 1f056ff7d5f874984dc605402b7cb042
-        SHA1: bdb348353a2203deb4b767914fa1bd7248dd728b
-        SHA256: a08e79c386083d875014c409c13d144e0a24386132980df11ff59737c8489eb1
-        SHA384: fa2729064b49e0d77540c1ee95d5f74acaf8eaf55197851a3a40383335f8113e51190bc48b552196edf8ac5cf0c89278
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    Signer:
-    - SerialNumber: 3d5fc3a4d1a54cf40abf37864a5effe7
-      Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 SHA256 Code Signing CA
-      Version: 1
-  Imphash: cf1a39b9408348cddaa4a2827283534c
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create otipcibus.sys binPath=C:\windows\temp\otipcibus.sys type=kernel
+        && sc.exe start otipcibus.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules
-Tags:
-- otipcibus.sys
-Verified: 'FALSE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/4e3eb5b9bce2fd9f6878ae36288211f0997f6149aa8c290ed91228ba4cdfae80.yara
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 0fc8a346a333624a7b6645da7a1b6b8b
+        SHA1: fd172c7f8bdc81988fcf1642881078a8ca8415f6
+        SHA256: 1cda1a6e33d14d5dd06344425102bf840f8149e817ecfb01c59a2190d3367024
+    Company: OTi
+    Copyright: ''
+    CreationTimestamp: '2018-08-27 00:12:54'
+    Date: ''
+    Description: Hardware Access Driver
+    ExportedFunctions: ''
+    FileVersion: 1.1000.0.1
+    Filename: otipcibus.sys
+    ImportedFunctions:
+    - ExAllocatePool
+    - ExFreePoolWithTag
+    - MmBuildMdlForNonPagedPool
+    - MmMapLockedPages
+    - MmMapLockedPagesSpecifyCache
+    - MmUnmapLockedPages
+    - MmMapIoSpace
+    - MmUnmapIoSpace
+    - RtlInitUnicodeString
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - IoFreeMdl
+    - IoGetDeviceObjectPointer
+    - RtlCopyUnicodeString
+    - IofCallDriver
+    - IoBuildSynchronousFsdRequest
+    - KeWaitForSingleObject
+    - IoAllocateMdl
+    - KeInitializeEvent
+    - WdfVersionBindClass
+    - WdfVersionUnbind
+    - WdfVersionBind
+    - WdfVersionUnbindClass
+    Imports:
+    - ntoskrnl.exe
+    - WDFLDR.SYS
+    InternalName: otipcibus64.sys
+    MD5: d5a642329cce4df94b8dc1ba9660ae34
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: otipcibus64.sys
+    Product: Kernel Mode Driver To Access Physical Memory And Ports
+    ProductVersion: 1.1000.0.1
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: b34681d0b4e69df394a00475fc8b8e2b
+        SHA1: 610ef1c2343ce3e7b8fa2fe945b8d39c8c499db1
+        SHA256: 40b86a78a8cf7c02e7599b5a5c25ab085e206420923b6c718161c1fd248645fa
+    SHA1: ccdd3a1ebe9a1c8f8a72af20a05a10f11da1d308
+    SHA256: 4e3eb5b9bce2fd9f6878ae36288211f0997f6149aa8c290ed91228ba4cdfae80
+    Sections:
+        .text:
+            Entropy: 6.133933891984983
+            Virtual Size: '0xdf3'
+        .rdata:
+            Entropy: 4.417947833956902
+            Virtual Size: '0x6a2'
+        .data:
+            Entropy: 0.5780798803320499
+            Virtual Size: '0x1070'
+        .pdata:
+            Entropy: 3.42138799002103
+            Virtual Size: '0xa8'
+        INIT:
+            Entropy: 4.427979696753516
+            Virtual Size: '0x2d'
+        .rsrc:
+            Entropy: 3.272477164189334
+            Virtual Size: '0x3a8'
+        .reloc:
+            Entropy: 2.5625
+            Virtual Size: '0x20'
+    Signature:
+    - Ours Technology Inc.
+    - Symantec Class 3 SHA256 Code Signing CA
+    - VeriSign
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=TW, ST=Hsingchu Hsien, L=Hsinchu County, O=Ours Technology
+                Inc., CN=Ours Technology Inc.
+            ValidFrom: '2018-07-09 00:00:00'
+            ValidTo: '2019-09-05 23:59:59'
+            Signature: 157696d20704ca4a7504961b5edd290d72580ee3cf1fb6fff495f95bcb872f1e9f94af12457ea351b1614568e3e459272eca93ba547ffc241728838133fd3331e9093d8a2a05ac50bc5009881466cc8d341a040ac6bdc6c1a88244824d76db728fef05ecb04501018462f10eb1d347355c8e2aa0a9103b4fc92070d675142e04c03bffe65c590ec5e5089346f20706291a97e28e5bd7f821e5797227e2f8f087fd95533db374c5f220129966060e10d8536fc0a91506a4062245d07906f6792ea9b100d6f1c1d9de50c6991076867f9267d74d040524e6b79be78d5c59e1225da69cba23f9b9ef79a94aac0f83985261b7422d7505dea910e7ad4b98403e6dbb
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 3d5fc3a4d1a54cf40abf37864a5effe7
+            Version: 3
+            TBS:
+                MD5: fffa36e195b3b63a83d3c588f0ebe5b7
+                SHA1: 0219cae154eee07fccab0c807cc0981b42b8f308
+                SHA256: e9e9699300bba6891efc24952734dc2c67ca2bdf8acada0edb6125183b184149
+                SHA384: ee4823abcf9aa949263ad6afd913f19fd996d1328dbeda146dfbf3e1a1ca9458820ec99549360856f4bd6aa6e7d984ce
+        -   Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 SHA256 Code Signing CA
+            ValidFrom: '2013-12-10 00:00:00'
+            ValidTo: '2023-12-09 23:59:59'
+            Signature: 13851a1e69a937f7a0bda4af7e1d6153fe9d8c5e0ca6751e781723ddfdec1a035539fb7195c7655aa78e30d2445a61db706fda2105c22e73ba49f1d193fe5dc9cd5e03e0899e3f741ed7f7388ba9d6cfbb352f3358a89256d1c84d3b82e6798416fc28b0b147f31da23eee87d9a67fa456a53fad842e29de7cbca8aaa33d0401eaba93a20e502229174c87e43a115fd6a425899b056b2fb4c9014c277b0bac190522a060153fdac9fb4d4c8ffb726777fd2794c7ba350e8849fe8dfd28af4a12bd0db39705de440c15fa362b03dcc15001f1a1115d14e5e2bd274b54be2b845e0fa6c374050aef97c38922b11f77f3bdcd43d4f14ca93fb58b84af64f2d01421
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 3d78d7f9764960b2617df4f01eca862a
+            Version: 3
+            TBS:
+                MD5: 1f056ff7d5f874984dc605402b7cb042
+                SHA1: bdb348353a2203deb4b767914fa1bd7248dd728b
+                SHA256: a08e79c386083d875014c409c13d144e0a24386132980df11ff59737c8489eb1
+                SHA384: fa2729064b49e0d77540c1ee95d5f74acaf8eaf55197851a3a40383335f8113e51190bc48b552196edf8ac5cf0c89278
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        Signer:
+        -   SerialNumber: 3d5fc3a4d1a54cf40abf37864a5effe7
+            Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 SHA256 Code Signing CA
+            Version: 1
+    Imphash: cf1a39b9408348cddaa4a2827283534c
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/181b89e5-4bdd-4e95-b1bc-a294a4adfb29.yaml b/yaml/181b89e5-4bdd-4e95-b1bc-a294a4adfb29.yaml
index 99680d65f..c36b41fb2 100644
--- a/yaml/181b89e5-4bdd-4e95-b1bc-a294a4adfb29.yaml
+++ b/yaml/181b89e5-4bdd-4e95-b1bc-a294a4adfb29.yaml
@@ -1,219 +1,219 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 181b89e5-4bdd-4e95-b1bc-a294a4adfb29
+Tags:
+- mhyprotrpg.sys
+Verified: 'TRUE'
 Author: Michael Haag
+Created: '2023-07-22'
+MitreID: T1068
 CVE:
 - ''
 Category: vulnerable drivers
 Commands:
-  Command: ''
-  Description: Confirmed vulnerable driver from Microsoft Block List
-  OperatingSystem: Windows
-  Privileges: kernel
-  Usecase: Elevate privileges
-Created: '2023-07-22'
-Detection:
-- type: ''
-  value: ''
-Id: 181b89e5-4bdd-4e95-b1bc-a294a4adfb29
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 851be1f42dc892ce408034b98dc035bb
-    SHA1: f631f67d11f2b06c0b3b0c7286997f2f7f538231
-    SHA256: 8ecd15521b2c37d2ff02a138700007f2aff28a0accfa6fb3480a4421194ef7d2
-  Company: ''
-  Copyright: "\xA9COGNOSPHERE"
-  CreationTimestamp: '2021-12-20 21:33:43'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - NtQuerySystemInformation
-  - RtlInitUnicodeString
-  - ExAllocatePool
-  - ExFreePoolWithTag
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - IoGetCurrentProcess
-  - _wcsicmp
-  - RtlInitString
-  - RtlAnsiStringToUnicodeString
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - ZwClose
-  - MmIsAddressValid
-  - ZwOpenDirectoryObject
-  - ZwQueryDirectoryObject
-  - ObReferenceObjectByName
-  - ZwQuerySystemInformation
-  - __C_specific_handler
-  - MmHighestUserAddress
-  - IoDriverObjectType
-  - KeQueryTimeIncrement
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - PsGetProcessWow64Process
-  - PsGetProcessPeb
-  - MmUnlockPages
-  - MmGetSystemRoutineAddress
-  - MmUnmapLockedPages
-  - IoFreeMdl
-  - ZwTerminateProcess
-  - PsGetProcessImageFileName
-  - ZwQueryObject
-  - ObOpenObjectByPointer
-  - PsReferenceProcessFilePointer
-  - IoQueryFileDosDeviceName
-  - MmProbeAndLockPages
-  - PsLookupProcessByProcessId
-  - MmMapLockedPagesSpecifyCache
-  - IoAllocateMdl
-  - MmCopyVirtualMemory
-  - KeClearEvent
-  - KeSetEvent
-  - KeWaitForSingleObject
-  - MmMapLockedPages
-  - ObReferenceObjectByHandle
-  - PsSetCreateProcessNotifyRoutineEx
-  - PsSetCreateThreadNotifyRoutine
-  - PsRemoveCreateThreadNotifyRoutine
-  - PsSetLoadImageNotifyRoutine
-  - PsRemoveLoadImageNotifyRoutine
-  - ExEventObjectType
-  - ObRegisterCallbacks
-  - ObUnRegisterCallbacks
-  - ObGetFilterVersion
-  - PsGetProcessId
-  - IoThreadToProcess
-  - strcmp
-  - PsProcessType
-  - PsThreadType
-  - RtlEqualUnicodeString
-  - RtlGetVersion
-  - ObfReferenceObject
-  - ObGetObjectType
-  - ExEnumHandleTable
-  - ExfUnblockPushLock
-  - PsAcquireProcessExitSynchronization
-  - PsReleaseProcessExitSynchronization
-  - _snprintf
-  - vsprintf_s
-  - ZwCreateFile
-  - ZwWriteFile
-  - PsLookupThreadByThreadId
-  - NtQueryInformationThread
-  - PsGetThreadProcess
-  - KeDelayExecutionThread
-  - KdDisableDebugger
-  - KdChangeOption
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - KdDebuggerEnabled
-  - PsGetVersion
-  - KeInitializeEvent
-  - RtlCopyUnicodeString
-  - ObfDereferenceObject
-  - ExReleaseFastMutex
-  - ExAcquireFastMutex
-  - MmBuildMdlForNonPagedPool
-  - WdfVersionBindClass
-  - WdfVersionBind
-  - WdfVersionUnbind
-  - WdfVersionUnbindClass
-  Imports:
-  - ntoskrnl.exe
-  - WDFLDR.SYS
-  InternalName: ''
-  MD5: 214a9aba01ee1ba067b2feb382748c16
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: ffdf660eb1ebf020a1d0a55a90712dfb
-    SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
-    SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
-  SHA1: 6aa92733aa7b654c3ead8c0a5e81a6b05cbaaeb0
-  SHA256: 8bf84bed9b5fa4576182c84d2f31679dc472acd0f83c9813498e9f71ed9fef3e
-  Sections:
-    .text:
-      Entropy: 6.1564610880161785
-      Virtual Size: '0x6b90'
-    .rdata:
-      Entropy: 4.743890654521716
-      Virtual Size: '0x152c'
-    .data:
-      Entropy: 0.807954115503613
-      Virtual Size: '0x15f8'
-    .pdata:
-      Entropy: 7.775990038700175
-      Virtual Size: '0x660'
-    PAGE:
-      Entropy: 5.569158564506279
-      Virtual Size: '0xb0e'
-    INIT:
-      Entropy: 5.377222505619038
-      Virtual Size: '0xeae'
-    .upx0:
-      Entropy: 7.112913211325938
-      Virtual Size: '0x139aa4'
-    .reloc:
-      Entropy: 3.978614618281868
-      Virtual Size: '0xc4'
-    .rsrc:
-      Entropy: 2.939036234999509
-      Virtual Size: '0x260'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Hardware Compatibility Publisher
-      ValidFrom: '2021-09-09 19:15:59'
-      ValidTo: '2022-09-01 19:15:59'
-      Signature: 1757782e797188079911866d54bd474a2432707984658c549a407e7fb4e5efa2ba72367a02b382d2116d4c4538836ddcd4616fcd231229df1ae5d0da6b3abe499ee5d8b47a7919940f6bbcbe2575018dca65eef4913e3d38410f2cd6cca3082d9ba2c061173cd828635665f76e8f0f685e03da24290b9d2cae7039da974de7b7e85798ba64cbe9ba34e0308c3bd6b4d68e9723fde74274fd3806fe799d04d6a3835f82d4fefc52088ccda4b4c817116f2f5a99445a3e952d78bc27753e65e97c6271c71ac7c9e3439b847e8984ab06a5904d150223f9ca92bbda86c02663c3f4964da5e106619b6eaff2768143cce9e5a8b0b2cba90e82cd87866d9fd6499c6cfbc96529a18b5653d12b54a6c928693a4e3d197ffbfcce7ed71a909b18d09b4345b24bc25eb8dfa1821a9cd0971ffc7d38a26580e2f118c4ac55bf926d0666b72ad7ba6ec20f0b54d694bc3b8a0dbddda27bd64194da085319841d1ebc9dc067ef72ea064a475bea865828b13077bc8e14e2f7544b90f0045f3cd84bcc0d5a80645a6fb65528e4f768ec775bdb0225399f3c81c0b667714676d0949f9ffaddc8549dc45e5ce4345c4ea7dc0aff4ac510f5527ad94a2181edc4b73bcfde813a83d81ca897854c98712346001a12e5d3bf9a45c807f9b3c7d3e0bb99c035ea54ee39e2c9af4147dbea7aabec85b47192b945e083ddf6061afb901e83b11135d24e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 330000004de597a775e3157f7b00000000004d
-      Version: 3
-      TBS:
-        MD5: 9f0782e89bd41cdd96ec55357457478a
-        SHA1: 35c2180572baad19019acca1334e6c653699c389
-        SHA256: 50814710213afec410f26e573d25267a2e21d3d15f158be8a43a666c9cc6fa08
-        SHA384: 8d48f066b0284071d64bbc556e018824a8388ccd142a56c7b7b04ef6d27cade07da57ac82d8067e18ad64d35af11e2a7
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2014
-      ValidFrom: '2014-10-15 20:31:27'
-      ValidTo: '2029-10-15 20:41:27'
-      Signature: 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 330000000d690d5d7893d076df00000000000d
-      Version: 3
-      TBS:
-        MD5: 83f69422963f11c3c340b81712eef319
-        SHA1: 0c5e5f24590b53bc291e28583acb78e5adc95601
-        SHA256: d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
-        SHA384: 260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63
-    Signer:
-    - SerialNumber: 330000004de597a775e3157f7b00000000004d
-      Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2014
-      Version: 1
-  Imphash: ebb99842fa08915eb8b7f67d8dc7a13a
-  LoadsDespiteHVCI: 'FALSE'
-MitreID: T1068
+    Command: ''
+    Description: Confirmed vulnerable driver from Microsoft Block List
+    OperatingSystem: Windows
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://gist.github.com/mgraeber-rc/1bde6a2a83237f17b463d051d32e802c
-Tags:
-- mhyprotrpg.sys
-Verified: 'TRUE'
+Detection:
+-   type: ''
+    value: ''
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 851be1f42dc892ce408034b98dc035bb
+        SHA1: f631f67d11f2b06c0b3b0c7286997f2f7f538231
+        SHA256: 8ecd15521b2c37d2ff02a138700007f2aff28a0accfa6fb3480a4421194ef7d2
+    Company: ''
+    Copyright: "\xA9COGNOSPHERE"
+    CreationTimestamp: '2021-12-20 21:33:43'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - NtQuerySystemInformation
+    - RtlInitUnicodeString
+    - ExAllocatePool
+    - ExFreePoolWithTag
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - IoGetCurrentProcess
+    - _wcsicmp
+    - RtlInitString
+    - RtlAnsiStringToUnicodeString
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - ZwClose
+    - MmIsAddressValid
+    - ZwOpenDirectoryObject
+    - ZwQueryDirectoryObject
+    - ObReferenceObjectByName
+    - ZwQuerySystemInformation
+    - __C_specific_handler
+    - MmHighestUserAddress
+    - IoDriverObjectType
+    - KeQueryTimeIncrement
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - PsGetProcessWow64Process
+    - PsGetProcessPeb
+    - MmUnlockPages
+    - MmGetSystemRoutineAddress
+    - MmUnmapLockedPages
+    - IoFreeMdl
+    - ZwTerminateProcess
+    - PsGetProcessImageFileName
+    - ZwQueryObject
+    - ObOpenObjectByPointer
+    - PsReferenceProcessFilePointer
+    - IoQueryFileDosDeviceName
+    - MmProbeAndLockPages
+    - PsLookupProcessByProcessId
+    - MmMapLockedPagesSpecifyCache
+    - IoAllocateMdl
+    - MmCopyVirtualMemory
+    - KeClearEvent
+    - KeSetEvent
+    - KeWaitForSingleObject
+    - MmMapLockedPages
+    - ObReferenceObjectByHandle
+    - PsSetCreateProcessNotifyRoutineEx
+    - PsSetCreateThreadNotifyRoutine
+    - PsRemoveCreateThreadNotifyRoutine
+    - PsSetLoadImageNotifyRoutine
+    - PsRemoveLoadImageNotifyRoutine
+    - ExEventObjectType
+    - ObRegisterCallbacks
+    - ObUnRegisterCallbacks
+    - ObGetFilterVersion
+    - PsGetProcessId
+    - IoThreadToProcess
+    - strcmp
+    - PsProcessType
+    - PsThreadType
+    - RtlEqualUnicodeString
+    - RtlGetVersion
+    - ObfReferenceObject
+    - ObGetObjectType
+    - ExEnumHandleTable
+    - ExfUnblockPushLock
+    - PsAcquireProcessExitSynchronization
+    - PsReleaseProcessExitSynchronization
+    - _snprintf
+    - vsprintf_s
+    - ZwCreateFile
+    - ZwWriteFile
+    - PsLookupThreadByThreadId
+    - NtQueryInformationThread
+    - PsGetThreadProcess
+    - KeDelayExecutionThread
+    - KdDisableDebugger
+    - KdChangeOption
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - KdDebuggerEnabled
+    - PsGetVersion
+    - KeInitializeEvent
+    - RtlCopyUnicodeString
+    - ObfDereferenceObject
+    - ExReleaseFastMutex
+    - ExAcquireFastMutex
+    - MmBuildMdlForNonPagedPool
+    - WdfVersionBindClass
+    - WdfVersionBind
+    - WdfVersionUnbind
+    - WdfVersionUnbindClass
+    Imports:
+    - ntoskrnl.exe
+    - WDFLDR.SYS
+    InternalName: ''
+    MD5: 214a9aba01ee1ba067b2feb382748c16
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: ffdf660eb1ebf020a1d0a55a90712dfb
+        SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
+        SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
+    SHA1: 6aa92733aa7b654c3ead8c0a5e81a6b05cbaaeb0
+    SHA256: 8bf84bed9b5fa4576182c84d2f31679dc472acd0f83c9813498e9f71ed9fef3e
+    Sections:
+        .text:
+            Entropy: 6.1564610880161785
+            Virtual Size: '0x6b90'
+        .rdata:
+            Entropy: 4.743890654521716
+            Virtual Size: '0x152c'
+        .data:
+            Entropy: 0.807954115503613
+            Virtual Size: '0x15f8'
+        .pdata:
+            Entropy: 7.775990038700175
+            Virtual Size: '0x660'
+        PAGE:
+            Entropy: 5.569158564506279
+            Virtual Size: '0xb0e'
+        INIT:
+            Entropy: 5.377222505619038
+            Virtual Size: '0xeae'
+        .upx0:
+            Entropy: 7.112913211325938
+            Virtual Size: '0x139aa4'
+        .reloc:
+            Entropy: 3.978614618281868
+            Virtual Size: '0xc4'
+        .rsrc:
+            Entropy: 2.939036234999509
+            Virtual Size: '0x260'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Hardware Compatibility Publisher
+            ValidFrom: '2021-09-09 19:15:59'
+            ValidTo: '2022-09-01 19:15:59'
+            Signature: 1757782e797188079911866d54bd474a2432707984658c549a407e7fb4e5efa2ba72367a02b382d2116d4c4538836ddcd4616fcd231229df1ae5d0da6b3abe499ee5d8b47a7919940f6bbcbe2575018dca65eef4913e3d38410f2cd6cca3082d9ba2c061173cd828635665f76e8f0f685e03da24290b9d2cae7039da974de7b7e85798ba64cbe9ba34e0308c3bd6b4d68e9723fde74274fd3806fe799d04d6a3835f82d4fefc52088ccda4b4c817116f2f5a99445a3e952d78bc27753e65e97c6271c71ac7c9e3439b847e8984ab06a5904d150223f9ca92bbda86c02663c3f4964da5e106619b6eaff2768143cce9e5a8b0b2cba90e82cd87866d9fd6499c6cfbc96529a18b5653d12b54a6c928693a4e3d197ffbfcce7ed71a909b18d09b4345b24bc25eb8dfa1821a9cd0971ffc7d38a26580e2f118c4ac55bf926d0666b72ad7ba6ec20f0b54d694bc3b8a0dbddda27bd64194da085319841d1ebc9dc067ef72ea064a475bea865828b13077bc8e14e2f7544b90f0045f3cd84bcc0d5a80645a6fb65528e4f768ec775bdb0225399f3c81c0b667714676d0949f9ffaddc8549dc45e5ce4345c4ea7dc0aff4ac510f5527ad94a2181edc4b73bcfde813a83d81ca897854c98712346001a12e5d3bf9a45c807f9b3c7d3e0bb99c035ea54ee39e2c9af4147dbea7aabec85b47192b945e083ddf6061afb901e83b11135d24e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 330000004de597a775e3157f7b00000000004d
+            Version: 3
+            TBS:
+                MD5: 9f0782e89bd41cdd96ec55357457478a
+                SHA1: 35c2180572baad19019acca1334e6c653699c389
+                SHA256: 50814710213afec410f26e573d25267a2e21d3d15f158be8a43a666c9cc6fa08
+                SHA384: 8d48f066b0284071d64bbc556e018824a8388ccd142a56c7b7b04ef6d27cade07da57ac82d8067e18ad64d35af11e2a7
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2014
+            ValidFrom: '2014-10-15 20:31:27'
+            ValidTo: '2029-10-15 20:41:27'
+            Signature: 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 330000000d690d5d7893d076df00000000000d
+            Version: 3
+            TBS:
+                MD5: 83f69422963f11c3c340b81712eef319
+                SHA1: 0c5e5f24590b53bc291e28583acb78e5adc95601
+                SHA256: d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
+                SHA384: 260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63
+        Signer:
+        -   SerialNumber: 330000004de597a775e3157f7b00000000004d
+            Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2014
+            Version: 1
+    Imphash: ebb99842fa08915eb8b7f67d8dc7a13a
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/18a842be-681a-4f32-97fd-57cb72ff5f3a.yaml b/yaml/18a842be-681a-4f32-97fd-57cb72ff5f3a.yaml
index 6172ed170..cfd8b41c2 100644
--- a/yaml/18a842be-681a-4f32-97fd-57cb72ff5f3a.yaml
+++ b/yaml/18a842be-681a-4f32-97fd-57cb72ff5f3a.yaml
@@ -1,221 +1,221 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 18a842be-681a-4f32-97fd-57cb72ff5f3a
+Tags:
+- NlsLexicons0024UvN.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: malicious
-Commands:
-  Command: sc.exe create NlsLexicons0024UvN.sys binPath=C:\windows\temp\NlsLexicons0024UvN.sys
-    type=kernel && sc.exe start NlsLexicons0024UvN.sys
-  Description: "Cisco Talos has identified multiple versions of an undocumented malicious\
-    \ driver named \u201CRedDriver,\u201D a driver-based browser hijacker that uses\
-    \ the Windows Filtering Platform (WFP) to intercept browser traffic. RedDriver\
-    \ has been active since at least 2021.\nRedDriver utilizes HookSignTool to forge\
-    \ its signature timestamp to bypass Windows driver-signing policies.\nCode from\
-    \ multiple open-source tools has been used in the development of RedDriver's infection\
-    \ chain, including HP-Socket and a custom implementation of ReflectiveLoader.\n\
-    The authors of RedDriver appear to be skilled in driver development and have deep\
-    \ knowledge of the Windows operating system.\nThis threat appears to target native\
-    \ Chinese speakers, as it searches for Chinese language browsers to hijack. Additionally,\
-    \ the authors are likely Chinese speakers themselves."
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-07-12'
-Detection: []
-Id: 18a842be-681a-4f32-97fd-57cb72ff5f3a
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 3dcdfa017206720c83d41ef7ed63fac6
-    SHA1: beae75723cef4aa97e6d0021838405802ead468a
-    SHA256: 6ce1073705194870175a8b9c9ebbbb7ad54df81849b111588ea8aeef910da987
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2023-04-28 00:10:45'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - FwpsReleaseClassifyHandle0
-  - FwpsAcquireClassifyHandle0
-  - FwpsApplyModifiedLayerData0
-  - FwpsAcquireWritableLayerDataPointer0
-  - FwpsCalloutRegister1
-  - RtlCompareMemory
-  - ExAllocatePool
-  - ExFreePoolWithTag
-  - CmRegisterCallback
-  - PsCreateSystemThread
-  - ZwClose
-  - MmIsAddressValid
-  - PsSetCreateProcessNotifyRoutine
-  - PsSetCreateThreadNotifyRoutine
-  - PsSetLoadImageNotifyRoutine
-  - __C_specific_handler
-  - RtlInitUnicodeString
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - ObfDereferenceObject
-  - PsGetCurrentProcessId
-  - ZwOpenProcess
-  - PsLookupProcessByProcessId
-  - ZwWaitForSingleObject
-  - PsReferenceProcessFilePointer
-  - RtlCompareUnicodeStrings
-  - KeEnterCriticalRegion
-  - KeLeaveCriticalRegion
-  - KeWaitForSingleObject
-  - ExQueryDepthSList
-  - ExpInterlockedPopEntrySList
-  - ExpInterlockedPushEntrySList
-  - ExInitializeNPagedLookasideList
-  - ExInitializeResourceLite
-  - ExAcquireResourceSharedLite
-  - ExAcquireResourceExclusiveLite
-  - ExReleaseResourceLite
-  - PsTerminateSystemThread
-  - ObReferenceObjectByHandle
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - PsGetProcessWow64Process
-  - PsGetProcessImageFileName
-  - ZwCreateFile
-  - ZwQueryInformationFile
-  - ZwReadFile
-  - ExAllocatePoolWithTag
-  - MmGetSystemRoutineAddress
-  - KeAcquireInStackQueuedSpinLock
-  - KeReleaseInStackQueuedSpinLock
-  - RtlIpv4AddressToStringA
-  - IoGetCurrentProcess
-  - PsGetProcessId
-  - PsProcessType
-  - PsGetProcessPeb
-  - RtlInitAnsiString
-  - RtlAnsiStringToUnicodeString
-  - RtlFreeUnicodeString
-  - _vsnprintf
-  - _vsnwprintf
-  - RtlGetVersion
-  - KeInitializeEvent
-  - KeQueryTimeIncrement
-  - RtlRandomEx
-  - ZwSetInformationFile
-  - ZwWriteFile
-  - IoFileObjectType
-  - ZwTerminateProcess
-  - RtlCopyUnicodeString
-  - KeBugCheckEx
-  - _wcslwr
-  - wcsstr
-  - ExSystemTimeToLocalTime
-  - RtlTimeToTimeFields
-  - WdfVersionBind
-  - WdfVersionBindClass
-  - WdfVersionUnbindClass
-  - WdfVersionUnbind
-  Imports:
-  - fwpkclnt.sys
-  - ntoskrnl.exe
-  - WDFLDR.SYS
-  InternalName: ''
-  MD5: bd91787b5dcb2189b856804e85dfa1d9
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: ceb1860de56dcebdf714302cb649ff71
-    SHA1: a03c600569d3c813667c3520788e423f1c5eed0f
-    SHA256: 39e0e1bb3f0a24fd42b1e55d492f5b87a926d6689b172c3475e1898f737be750
-  SHA1: 675cc00de7c1ef508ccd0c91770c82342c0ad4ab
-  SHA256: 7a84703552ae032a0d1699a081e422ed6c958bbe56d5b41839c8bfa6395bee1d
-  Sections:
-    .text:
-      Entropy: 6.259941019226518
-      Virtual Size: '0x6bb4'
-    .rdata:
-      Entropy: 4.4971641369869415
-      Virtual Size: '0xd38'
-    .data:
-      Entropy: 5.434886649336555
-      Virtual Size: '0x2f28'
-    .pdata:
-      Entropy: 4.420943866714438
-      Virtual Size: '0x57c'
-    .gfids:
-      Entropy: 0.8112781244591328
-      Virtual Size: '0x4'
-    INIT:
-      Entropy: 5.1734289362463395
-      Virtual Size: '0xad4'
-    .reloc:
-      Entropy: 3.084183719779188
-      Virtual Size: '0x28'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=CN, ST=, L=, O=, CN=
-      ValidFrom: '2015-04-02 00:00:00'
-      ValidTo: '2016-05-01 23:59:59'
-      Signature: 9331a576a43dc4e3a4132367b220e74c25851759c04d2db3b42beadbbd370c57aa3990faf580df88d99f8a5ac7836940ebce2b68b7b6b4e804e51b663a10d705b1dc5bc621a7b36ce633ae37e603fb0ae46d0fdaa1bf5ceb7d3262de99aaddeacd2672567bf55dda8e4b839cc1bc772574f0c6808763418a3cf63f596ef1ec038f05a2eab3c476b167fff75d6320069352409f4768f73c3af2b6438ab5279f511e1f8ebd3bed90a81c87338af839a538cb15f4b49de377c039847517a334f72130a8e4b7085a65ebe32cbdda528524dbdd27f74f4e75ff427d7bf40807faff55adcf287fc6aa06d10863511de08a00a546367efa0faeed0c587582d566f798db
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 2ac01de88063badb080008853fdd8c6c
-      Version: 3
-      TBS:
-        MD5: bac0d95b77a36eed50d84415420e56bd
-        SHA1: c107a2a8939e3ff203847e4ba576c7e3767c063a
-        SHA256: 7f648cc593ad1a699a8d5a5c972bf1cce89bf3dfd83a67f46de3230c61429fe2
-        SHA384: 8dbc1e5b1a805710fae35f16ba814f64758a8d683d1af74ce98ab5cf3a52daaa20ea783eb48d2dac3ba519eaad70ce9b
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 2ac01de88063badb080008853fdd8c6c
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: d51f0f6034eb5e45f0ed4e9b7bbc9c97
-  LoadsDespiteHVCI: 'TRUE'
 MitreID: T1068
+Category: malicious
+Commands:
+    Command: sc.exe create NlsLexicons0024UvN.sys binPath=C:\windows\temp\NlsLexicons0024UvN.sys
+        type=kernel && sc.exe start NlsLexicons0024UvN.sys
+    Description: "Cisco Talos has identified multiple versions of an undocumented\
+        \ malicious driver named \u201CRedDriver,\u201D a driver-based browser hijacker\
+        \ that uses the Windows Filtering Platform (WFP) to intercept browser traffic.\
+        \ RedDriver has been active since at least 2021.\nRedDriver utilizes HookSignTool\
+        \ to forge its signature timestamp to bypass Windows driver-signing policies.\n\
+        Code from multiple open-source tools has been used in the development of RedDriver's\
+        \ infection chain, including HP-Socket and a custom implementation of ReflectiveLoader.\n\
+        The authors of RedDriver appear to be skilled in driver development and have\
+        \ deep knowledge of the Windows operating system.\nThis threat appears to\
+        \ target native Chinese speakers, as it searches for Chinese language browsers\
+        \ to hijack. Additionally, the authors are likely Chinese speakers themselves."
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://blog.talosintelligence.com/undocumented-reddriver/
-Tags:
-- NlsLexicons0024UvN.sys
-Verified: 'TRUE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 3dcdfa017206720c83d41ef7ed63fac6
+        SHA1: beae75723cef4aa97e6d0021838405802ead468a
+        SHA256: 6ce1073705194870175a8b9c9ebbbb7ad54df81849b111588ea8aeef910da987
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2023-04-28 00:10:45'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - FwpsReleaseClassifyHandle0
+    - FwpsAcquireClassifyHandle0
+    - FwpsApplyModifiedLayerData0
+    - FwpsAcquireWritableLayerDataPointer0
+    - FwpsCalloutRegister1
+    - RtlCompareMemory
+    - ExAllocatePool
+    - ExFreePoolWithTag
+    - CmRegisterCallback
+    - PsCreateSystemThread
+    - ZwClose
+    - MmIsAddressValid
+    - PsSetCreateProcessNotifyRoutine
+    - PsSetCreateThreadNotifyRoutine
+    - PsSetLoadImageNotifyRoutine
+    - __C_specific_handler
+    - RtlInitUnicodeString
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - ObfDereferenceObject
+    - PsGetCurrentProcessId
+    - ZwOpenProcess
+    - PsLookupProcessByProcessId
+    - ZwWaitForSingleObject
+    - PsReferenceProcessFilePointer
+    - RtlCompareUnicodeStrings
+    - KeEnterCriticalRegion
+    - KeLeaveCriticalRegion
+    - KeWaitForSingleObject
+    - ExQueryDepthSList
+    - ExpInterlockedPopEntrySList
+    - ExpInterlockedPushEntrySList
+    - ExInitializeNPagedLookasideList
+    - ExInitializeResourceLite
+    - ExAcquireResourceSharedLite
+    - ExAcquireResourceExclusiveLite
+    - ExReleaseResourceLite
+    - PsTerminateSystemThread
+    - ObReferenceObjectByHandle
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - PsGetProcessWow64Process
+    - PsGetProcessImageFileName
+    - ZwCreateFile
+    - ZwQueryInformationFile
+    - ZwReadFile
+    - ExAllocatePoolWithTag
+    - MmGetSystemRoutineAddress
+    - KeAcquireInStackQueuedSpinLock
+    - KeReleaseInStackQueuedSpinLock
+    - RtlIpv4AddressToStringA
+    - IoGetCurrentProcess
+    - PsGetProcessId
+    - PsProcessType
+    - PsGetProcessPeb
+    - RtlInitAnsiString
+    - RtlAnsiStringToUnicodeString
+    - RtlFreeUnicodeString
+    - _vsnprintf
+    - _vsnwprintf
+    - RtlGetVersion
+    - KeInitializeEvent
+    - KeQueryTimeIncrement
+    - RtlRandomEx
+    - ZwSetInformationFile
+    - ZwWriteFile
+    - IoFileObjectType
+    - ZwTerminateProcess
+    - RtlCopyUnicodeString
+    - KeBugCheckEx
+    - _wcslwr
+    - wcsstr
+    - ExSystemTimeToLocalTime
+    - RtlTimeToTimeFields
+    - WdfVersionBind
+    - WdfVersionBindClass
+    - WdfVersionUnbindClass
+    - WdfVersionUnbind
+    Imports:
+    - fwpkclnt.sys
+    - ntoskrnl.exe
+    - WDFLDR.SYS
+    InternalName: ''
+    MD5: bd91787b5dcb2189b856804e85dfa1d9
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: ceb1860de56dcebdf714302cb649ff71
+        SHA1: a03c600569d3c813667c3520788e423f1c5eed0f
+        SHA256: 39e0e1bb3f0a24fd42b1e55d492f5b87a926d6689b172c3475e1898f737be750
+    SHA1: 675cc00de7c1ef508ccd0c91770c82342c0ad4ab
+    SHA256: 7a84703552ae032a0d1699a081e422ed6c958bbe56d5b41839c8bfa6395bee1d
+    Sections:
+        .text:
+            Entropy: 6.259941019226518
+            Virtual Size: '0x6bb4'
+        .rdata:
+            Entropy: 4.4971641369869415
+            Virtual Size: '0xd38'
+        .data:
+            Entropy: 5.434886649336555
+            Virtual Size: '0x2f28'
+        .pdata:
+            Entropy: 4.420943866714438
+            Virtual Size: '0x57c'
+        .gfids:
+            Entropy: 0.8112781244591328
+            Virtual Size: '0x4'
+        INIT:
+            Entropy: 5.1734289362463395
+            Virtual Size: '0xad4'
+        .reloc:
+            Entropy: 3.084183719779188
+            Virtual Size: '0x28'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=CN, ST=, L=, O=, CN=
+            ValidFrom: '2015-04-02 00:00:00'
+            ValidTo: '2016-05-01 23:59:59'
+            Signature: 9331a576a43dc4e3a4132367b220e74c25851759c04d2db3b42beadbbd370c57aa3990faf580df88d99f8a5ac7836940ebce2b68b7b6b4e804e51b663a10d705b1dc5bc621a7b36ce633ae37e603fb0ae46d0fdaa1bf5ceb7d3262de99aaddeacd2672567bf55dda8e4b839cc1bc772574f0c6808763418a3cf63f596ef1ec038f05a2eab3c476b167fff75d6320069352409f4768f73c3af2b6438ab5279f511e1f8ebd3bed90a81c87338af839a538cb15f4b49de377c039847517a334f72130a8e4b7085a65ebe32cbdda528524dbdd27f74f4e75ff427d7bf40807faff55adcf287fc6aa06d10863511de08a00a546367efa0faeed0c587582d566f798db
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 2ac01de88063badb080008853fdd8c6c
+            Version: 3
+            TBS:
+                MD5: bac0d95b77a36eed50d84415420e56bd
+                SHA1: c107a2a8939e3ff203847e4ba576c7e3767c063a
+                SHA256: 7f648cc593ad1a699a8d5a5c972bf1cce89bf3dfd83a67f46de3230c61429fe2
+                SHA384: 8dbc1e5b1a805710fae35f16ba814f64758a8d683d1af74ce98ab5cf3a52daaa20ea783eb48d2dac3ba519eaad70ce9b
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 2ac01de88063badb080008853fdd8c6c
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: d51f0f6034eb5e45f0ed4e9b7bbc9c97
+    LoadsDespiteHVCI: 'TRUE'
diff --git a/yaml/19003e00-d42d-4cbe-91f3-756451bdd7da.yaml b/yaml/19003e00-d42d-4cbe-91f3-756451bdd7da.yaml
index 1eef1651b..f6f068b07 100644
--- a/yaml/19003e00-d42d-4cbe-91f3-756451bdd7da.yaml
+++ b/yaml/19003e00-d42d-4cbe-91f3-756451bdd7da.yaml
@@ -1,544 +1,547 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 19003e00-d42d-4cbe-91f3-756451bdd7da
+Tags:
+- AsrSetupDrv103.sys
+Verified: 'TRUE'
 Author: Michael Haag, Guus Verbeek
+Created: '2023-01-09'
+MitreID: T1068
 Category: vulnerable driver
 Commands:
-  Command: sc.exe create AsrSetupDrv103.sys binPath=C:\windows\temp\AsrSetupDrv103.sys
-    type=kernel && sc.exe start AsrSetupDrv103.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
-Created: '2023-01-09'
+    Command: sc.exe create AsrSetupDrv103.sys binPath=C:\windows\temp\AsrSetupDrv103.sys
+        type=kernel && sc.exe start AsrSetupDrv103.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
+Resources:
+- https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules
 Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: 19003e00-d42d-4cbe-91f3-756451bdd7da
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
 KnownVulnerableSamples:
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: AsrSetupDrv103.sys
-  MachineType: ''
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: 0b6ec2aedc518849a1c61a70b1f9fb068ede2bc3
-  Signature: []
-  LoadsDespiteHVCI: 'FALSE'
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: AsrSetupDrv103.sys
-  MachineType: ''
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: 461882bd59887617cadc1c7b2b22d0a45458c070
-  Signature: []
-  LoadsDespiteHVCI: 'FALSE'
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: AsrSetupDrv103.sys
-  MachineType: ''
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: a7948a4e9a3a1a9ed0e4e41350e422464d8313cd
-  Signature: []
-  LoadsDespiteHVCI: 'FALSE'
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: AsrSetupDrv103.sys
-  MachineType: ''
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: f3cce7e79ab5bd055f311bb3ac44a838779270b6
-  Signature: []
-  LoadsDespiteHVCI: 'FALSE'
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: AsrSetupDrv103.sys
-  MD5: ''
-  MachineType: ''
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: ''
-  SHA256: 399EFFE75D32BDAB6FA0A6BFFE02DBF0A59219D940B654837C3BE1C0BD02E9AA
-  Signature:
-  - ''
-  LoadsDespiteHVCI: 'FALSE'
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: AsrSetupDrv103.sys
-  MD5: ''
-  MachineType: ''
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: ''
-  SHA256: 27CD05527FEB020084A4A76579C125458571DA8843CDFC3733211760A11DA970
-  Signature:
-  - ''
-  LoadsDespiteHVCI: 'FALSE'
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: AsrSetupDrv103.sys
-  MD5: ''
-  MachineType: ''
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: ''
-  SHA256: 7AAF2AA194B936E48BC90F01EE854768C8383C0BE50CFB41B346666AEC0CF853
-  Signature:
-  - ''
-  LoadsDespiteHVCI: 'FALSE'
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: AsrSetupDrv103.sys
-  MD5: ''
-  MachineType: ''
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: ''
-  SHA256: 727E8BA66A8FF07BDC778EACB463B65F2D7167A6616CA2F259EA32571CACF8AF
-  Signature:
-  - ''
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 8faa23dd62881edd4c9a04f51649c212
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: AsrSetupDrv103.sys
+    MachineType: ''
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
     SHA1: 0b6ec2aedc518849a1c61a70b1f9fb068ede2bc3
-    SHA256: 399effe75d32bdab6fa0a6bffe02dbf0a59219d940b654837c3be1c0bd02e9aa
-  Company: RW-Everything
-  Copyright: Copyright (C) 2011 RW-Everything
-  CreationTimestamp: '2022-01-04 01:19:15'
-  Date: ''
-  Description: AsrSetupDrv103 Driver
-  ExportedFunctions: ''
-  FileVersion: '1.00.00.0000 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - RtlQueryRegistryValues
-  - MmUnmapIoSpace
-  - IoFreeMdl
-  - MmGetPhysicalAddress
-  - IoBuildAsynchronousFsdRequest
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - IoFreeIrp
-  - RtlCompareMemory
-  - MmUnlockPages
-  - IoCreateSymbolicLink
-  - MmAllocateContiguousMemorySpecifyCache
-  - IofCallDriver
-  - KeBugCheckEx
-  - IoDeleteDevice
-  - MmGetSystemRoutineAddress
-  - IoCreateDevice
-  - ZwClose
-  - ObOpenObjectByPointer
-  - ZwSetSecurityObject
-  - IoDeviceObjectType
-  - _snwprintf
-  - RtlLengthSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - RtlCreateSecurityDescriptor
-  - RtlSetDaclSecurityDescriptor
-  - RtlAbsoluteToSelfRelativeSD
-  - IoIsWdmVersionAvailable
-  - SeExports
-  - wcschr
-  - _wcsnicmp
-  - RtlLengthSid
-  - RtlAddAccessAllowedAce
-  - RtlGetSaclSecurityDescriptor
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - ZwOpenKey
-  - ZwCreateKey
-  - ZwQueryValueKey
-  - ZwSetValueKey
-  - RtlFreeUnicodeString
-  - RtlInitUnicodeString
-  - MmFreeContiguousMemorySpecifyCache
-  - ExFreePoolWithTag
-  - IoDeleteSymbolicLink
-  - ExAllocatePoolWithTag
-  - KeStallExecutionProcessor
-  - BCryptCloseAlgorithmProvider
-  - BCryptGenerateSymmetricKey
-  - BCryptOpenAlgorithmProvider
-  - BCryptDecrypt
-  - BCryptDestroyKey
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  - cng.sys
-  InternalName: AsrSetupDrv103.sys
-  MD5: 9226339848e359f5e4cd519bef7dcd39
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: AsrSetupDrv103.sys
-  PDBPath: ''
-  Product: AsrSetupDrv103 Driver
-  ProductVersion: 1.00.00.0000
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 6540c04d181ea1395978a08c3d816451
-    SHA1: b3b7c684121b40f53751e0b7757ec248ef0670b4
-    SHA256: c68faaf4251928872474abfd81ef5ce8a2b5e5bd48c2edb586a4d2e518baa09d
-  SHA1: b33b99ae2653b4e675beb7d9eb2c925a1f105bd4
-  SHA256: 9d9346e6f46f831e263385a9bd32428e01919cca26a035bbb8e9cb00bf410bc3
-  Sections:
-    .text:
-      Entropy: 6.303345316333857
-      Virtual Size: '0x2248'
-    .rdata:
-      Entropy: 4.479896211803764
-      Virtual Size: '0x7b4'
-    .data:
-      Entropy: 1.3791658791138062
-      Virtual Size: '0x31c'
-    .pdata:
-      Entropy: 4.227444919844165
-      Virtual Size: '0x2b8'
-    PAGE:
-      Entropy: 6.220333128676603
-      Virtual Size: '0x1a47'
-    INIT:
-      Entropy: 5.419077179300342
-      Virtual Size: '0x94a'
-    .rsrc:
-      Entropy: 3.3084703257953634
-      Virtual Size: '0x3b8'
-    .reloc:
-      Entropy: 1.2280731978955797
-      Virtual Size: '0x60'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: OU=GlobalSign Root CA , R3, O=GlobalSign, CN=GlobalSign
-      ValidFrom: '2018-09-19 00:00:00'
-      ValidTo: '2028-01-28 12:00:00'
-      Signature: 2370e9cfe2bef559ae94426fc44333aacd3f3ab96417f262064b48f140880617a1feabd15f3cc633f2f38edd1f1d3ecc1a6099820bacc7fc7e9a872aa57d0fa657eeac3b6a85d6debd4063f8ada6c888b012fcf641df0f09971e38ea539fbe05f43eead39f501276be098bc20b487d1e2e51f68d53d3ab1f401b8a8eed7dfb4f7956705f0cd38e1bb3a7700d372b9795abdae0126b1c40cec5c77eedc26258ec77ed7322c28af5864388adea136efdd8fe422fb97d5ead18ef9490ca3d27ab26949975c7cbd37bf7ca4cd3af5121925b847d2b9f153f74cb51e89e830e166f1be746ce23bdf9e4a28bd2396baa791c912ce261242d8e2a487090c41ec5e8e070
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 01ee5f169dff97352b6465d66a
-      Version: 3
-      TBS:
-        MD5: 51c3959a45cecf3d21a3effb05762573
-        SHA1: ecfcd25fd0525448a74875ba271566bc0bfbf061
-        SHA256: de1da11668f0a8d5e13346ed3ab2755f5d25bebffcfd1d0bde5b9f87bc292c91
-        SHA384: f0eab75baf1f24a53d63bd795cd07292a312f603513c8cb0f40fe5acbdb477ed72607d309fad21471a16f6223fb3a838
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2011-04-15 19:55:08'
-      ValidTo: '2021-04-15 20:05:08'
-      Signature: 5ff8d065746a81c6a6ca5b03b6914ae84bbdef2ba142f0efb4a5adcd3389ec0b9585ac62501108aa58d25aa08310e5a6337af25af2c5fe787cf09c83df190ad97396002dd62ccde914d41d9de83f3c1a76f7904efb01350a6c9313a0c356eb67a0e4d17a96dec267f190f80a7bf5321b94ec5f751f8d1b34da6c58a7cb2d279e2226b7c9aa30cc0777b836e38201b5393ccc8dd9a75f7f23b3877fdb5798918bd7ce2520e39d644fdd87f72b68490318e0a5df7c5f68644d36838d4781f2e9e0a869abfa7b163c05a449ea8830190a6c73055178dfd41ddd3ad47f2de44e54be83431e7a7433b4a4ebd77073bc2a02988966eef6bc8f749378e329025a5a43e258ce7ccf9acad236893be25fda26054ec8d4e72c910e1797c5beee8b13112323294ffa83d050f6bafad53db3173df4ff034aa325dce67561d1fa35086bd62744d068b78d45e0eb852cc8a15d614474160e5958aed2b5eea5bcd6d7076ab62978fd976767dd8d4f17944fd2ed0caf972437c3a29c81da6be143b6577b4cecbf791319e79fe844e94781b75e701e91f83dd17b27f50b7056434805dda92fab86101d0b12e31ad04c6e75ded645b30b748887935c564a41029af7aeb799d8b67f88fa11f2457cf4d71b91c01cf1a0fbd4080a411a142acef4eb34486e66879ed54b7a397fbb0e3d3861cf735706e412066bd96b5308cd7018c22d4f974691bca9f0
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 6129152700000000002a
-      Version: 3
-      TBS:
-        MD5: 0bb058d116f02817737920f112d9fd3b
-        SHA1: fd116235171a4feafedee586b7a59185fb5fd7e6
-        SHA256: f970426cc46d2ae0fc5f899fa19dbe76e05f07e525654c60c3c9399492c291f4
-        SHA384: c0df876be008c26ca407fe904e6f5e7ccded17f9c16830ce9f8022309c9e64c97f494810f152811ae43e223b82ad7cc6
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Code Signing Root R45
-      ValidFrom: '2020-07-28 00:00:00'
-      ValidTo: '2029-03-18 00:00:00'
-      Signature: acf7cc158b3079a81d0b28881909d71c7ffe86bd7b5a336e0d670e7b62d9e1185cb0bd135d1d23ae39507637aa44fd5f01235986564cccadbc64131430a420a8e03fe89c72dc7ef3d80c23baa82daa3cf6ec9f87310765f539a7518275e1f22f97f6d1e165968364fea11d51fbb5249bf5d27769bc852c5cfa5877d1aea7b10be2d677bba9b4344aa96f3df4f30d955de6f97a45b02517312edbf70f68e6831fa9f7e5d49d988cd3614b2fc3287e7ade930eb47da00a6d92c4b4663f7da758eeacf7ecc30801ab38fc0a1ca9c597b288c8090219f65c9a1af14d6c30d4b306ab0060480d78abcf17ad9293622077756cbdc832b4dc4debd9dfc1909629bdc17f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.12
-      IsCertificateAuthority: true
-      SerialNumber: 7803184245708a41cf6f01b8eeb4a954
-      Version: 3
-      TBS:
-        MD5: a33260428269bc902bc1cd280e4b1837
-        SHA1: 254209ca172cffcc67bd2a88996556d2f09538f0
-        SHA256: a67411358594f2cf016741a63fd49f36de917f86531b3e3a43eb6a421c654868
-        SHA384: fec727af43d1569995cea26e8eb97167165842a5b185304425a92c03b71254c5d51222837515f33e60cb8ed2e8c625ba
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign GCC R45 EV CodeSigning CA 2020
-      ValidFrom: '2020-07-28 00:00:00'
-      ValidTo: '2030-07-28 00:00:00'
-      Signature: 2575a009c939bab7a139892f189fabd6eb1d4be8947c0d07689b1c9def71b6176a6b024fb33f864587cc659b4ce35806022266d56102c5638fd4a2f1b65e250b7796e9cd7140338829eceef3a26dbc4db53e064bc97333ca08142d3d4ce8b0ba75a6742da4583a6c1349f8a5150a149685b16a68342542af9656f410fa247df12b72c116e16bebe6a998c73e5af4d0189dfd74978677462a3d237d28738aaeef2b1b9abf6c53a7149e3c8771c05e8ec8fbd32a9233ea574d5e075ecac118ac812d1a21fa6ecf97617bdf717a3aca63f7d530443732febb4385dcbafca6ca33192b776ddbcb05f07e5f752ea2b6bf35aa3663c9ce64d9bdfcbc2cf3495600c8122bc627bb37af57efc4cf1e29c4f4e22dce2a61cf57edf50a40e2f518d61ee9902fcad3875f938a481a111de537859f2e66629a5e814e95ac555743dc538b257e3c610f8a0bbaf53fa6d78ef704565e21bb9fd76a7180bf96de7203d8d8222bf327164f38e851400cae92efbe3d7df780c64c36578495a7841548300e5227088d8ea2bd22c719c9a6ca0ea87a36db6aba615f112495a4e28e68ee19a949995ed0b434bdd6f940c710973152393529118724d3c4fba963cb7748d5fa62fc24e0047a4ed0e46edece9e385026f4217165d70925d4c907007ab8c7f377e8c5d4e255d0d31ef67f52e2498db911720c88442633660144dfe4330e21de62894807daf5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 77bd0e05b7590bb61d4761531e3f75ed
-      Version: 3
-      TBS:
-        MD5: 65fd1dac1f115d9507f4e1840c8cb36a
-        SHA1: c7cf5607e19b22fe60c055e71d9b555d70f71f66
-        SHA256: d9c7db0b704f07089440c56e69a0f31d730edf77cfbf7514630e8b5390a270fe
-        SHA384: defe810317bd1215b4d1ee0ec8a5fb38b21d094ef1173cae670956cd899232638e4f9473fd947bd550a4a77300bbb2ab
-    - Subject: ??=Private Organization, serialNumber=80333613, ??=TW, C=TW, ST=Taipei,
-        L=Taipei, ??=2F., No. 37, Sec. 2, Zhongyang S. Rd., Beitou Dist., O=ASROCK
-        INC., CN=ASROCK INC.
-      ValidFrom: '2021-09-17 08:05:26'
-      ValidTo: '2024-09-17 08:05:26'
-      Signature: a55d62e7c374666fc5f4d61d7c92d6a8c0b220441906ce5196674436a3f42f969875922d7a88766d7191ede53d1bcf28605c1a94a5b2fbe5598a686ee80ee3090a6cc96070fd98e7a975fdc7af0e12dbd070f5648a1b75d7f492448a1131dd6e4313a64293abaf9ba2a95fb1eaad5f20b04992d5e3b160501de906a7dc3c52d59bc106bc0b80928a1ad86cc4eb6e711e2d25c32ad092642679f257a32d7c0bc56af451d55e01473deac2c62d58c9e70d9d03dcaf493c5b4443caf3e120f0a5a8638c3a79d3b3c84554e90016bdcd301d9892193cc85a2e40a675ff543a78328be3b85c0cad5cfd9c59ed7a5e1978cc4f6af8d3b68640375405535be14e04a3c988992626fda57d1b3b30a10050c4aca6b499b53b9806b4b3620cbd458820c919bfdeccb5f7901ff7a3110fc2df7034acd4be5b4170395c4249c88ee70f11f20867623ba709a8788c40a7db56003ce5569303cd0ca7f14866b2170a559e0f70479c640b5a7076c91290ea7cb106262f87eb01e1167a842d116307f765e5632663e0f07b10139c17fd3732087602ec0a6f43dd57decad308e53f2a2a2ae45b10e7895a56ff73f0697e1e96f63324294b660a795bcf1e634ce94d77edc753157a70fc47628ef9c8fc764775fbe465dd8585c597d9d022a35a3662a289ec71351c325fe83370cababb5399e0882cbaf7aa3a58d00213097cb3eeb13ca1fb4a457d6e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 3be24b96d2c8d729eddb03e3
-      Version: 3
-      TBS:
-        MD5: bce317dc724ff8d4f6f02fca3e0e481e
-        SHA1: c84cd3e5f7120b9fcf38bbd968c2921dbd0a1e76
-        SHA256: 9b51dea8257984791d5cd3d82426595e92baba100bfd4cb0c960b1366f0a261e
-        SHA384: 403399db25033616ddd75c1e9f8df3fc60f3c235523ae77716568897bca0e2b7756a1fd7a12a2ebbeec5836c6ca7d5ac
-    Signer:
-    - SerialNumber: 3be24b96d2c8d729eddb03e3
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign GCC R45 EV CodeSigning CA 2020
-      Version: 1
-  Imphash: 88e21ed9e717781eaf87209acbdbb567
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: d8cbed27b67b802e00dd27a41400b762
+    Signature: []
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: AsrSetupDrv103.sys
+    MachineType: ''
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: 461882bd59887617cadc1c7b2b22d0a45458c070
+    Signature: []
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: AsrSetupDrv103.sys
+    MachineType: ''
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
     SHA1: a7948a4e9a3a1a9ed0e4e41350e422464d8313cd
-    SHA256: 7aaf2aa194b936e48bc90f01ee854768c8383c0be50cfb41b346666aec0cf853
-  Company: RW-Everything
-  Copyright: Copyright (C) 2011 RW-Everything
-  CreationTimestamp: '2015-01-14 02:11:44'
-  Date: ''
-  Description: AsrSetupDrv103 Driver
-  ExportedFunctions: ''
-  FileVersion: '1.00.00.0000 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - RtlQueryRegistryValues
-  - MmUnmapIoSpace
-  - IoFreeMdl
-  - MmGetPhysicalAddress
-  - IoBuildAsynchronousFsdRequest
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - IoFreeIrp
-  - RtlCompareMemory
-  - MmUnlockPages
-  - IoCreateSymbolicLink
-  - MmAllocateContiguousMemorySpecifyCache
-  - IofCallDriver
-  - KeBugCheckEx
-  - IoDeleteDevice
-  - MmGetSystemRoutineAddress
-  - IoCreateDevice
-  - ZwClose
-  - ObOpenObjectByPointer
-  - ZwSetSecurityObject
-  - IoDeviceObjectType
-  - _snwprintf
-  - RtlLengthSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - RtlCreateSecurityDescriptor
-  - RtlSetDaclSecurityDescriptor
-  - RtlAbsoluteToSelfRelativeSD
-  - IoIsWdmVersionAvailable
-  - SeExports
-  - wcschr
-  - _wcsnicmp
-  - RtlLengthSid
-  - RtlAddAccessAllowedAce
-  - RtlGetSaclSecurityDescriptor
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - ZwOpenKey
-  - ZwCreateKey
-  - ZwQueryValueKey
-  - ZwSetValueKey
-  - RtlFreeUnicodeString
-  - RtlInitUnicodeString
-  - MmFreeContiguousMemorySpecifyCache
-  - ExFreePoolWithTag
-  - IoDeleteSymbolicLink
-  - ExAllocatePoolWithTag
-  - KeStallExecutionProcessor
-  - BCryptCloseAlgorithmProvider
-  - BCryptGenerateSymmetricKey
-  - BCryptOpenAlgorithmProvider
-  - BCryptDecrypt
-  - BCryptDestroyKey
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  - cng.sys
-  InternalName: AsrSetupDrv103.sys
-  MD5: 5cd0ec261c8c2a39d9105fbbcad4e5b9
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: AsrSetupDrv103.sys
-  PDBPath: ''
-  Product: AsrSetupDrv103 Driver
-  ProductVersion: 1.00.00.0000
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 6540c04d181ea1395978a08c3d816451
-    SHA1: b3b7c684121b40f53751e0b7757ec248ef0670b4
-    SHA256: c68faaf4251928872474abfd81ef5ce8a2b5e5bd48c2edb586a4d2e518baa09d
-  SHA1: 0ac0c21ca05161eaa6a042f347391a2a2fc78c96
-  SHA256: a0728184caead84f2e88777d833765f2d8af6a20aad77b426e07e76ef91f5c3f
-  Sections:
-    .text:
-      Entropy: 6.303345316333857
-      Virtual Size: '0x2248'
-    .rdata:
-      Entropy: 4.4991617725747
-      Virtual Size: '0x7cc'
-    .data:
-      Entropy: 1.3791658791138062
-      Virtual Size: '0x31c'
-    .pdata:
-      Entropy: 4.164463138797536
-      Virtual Size: '0x2b8'
-    PAGE:
-      Entropy: 6.220333128676603
-      Virtual Size: '0x1a47'
-    INIT:
-      Entropy: 5.419077179300342
-      Virtual Size: '0x94a'
-    .rsrc:
-      Entropy: 3.3084703257953634
-      Virtual Size: '0x3b8'
-    .reloc:
-      Entropy: 1.2280731978955797
-      Virtual Size: '0x60'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=TW, ST=TAIWAN, L=Taipei, O=ASROCK Incorporation, OU=Digital ID Class
-        3 , Microsoft Software Validation v2, CN=ASROCK Incorporation
-      ValidFrom: '2014-03-07 00:00:00'
-      ValidTo: '2017-05-05 23:59:59'
-      Signature: 1a2d36e51fc7012c4b1548f12a0b4dbef774c3662171e0e1779f412648292619a8d74f8603af4fff5516d4859e7a26de9f0f688b2714b64ff296e56165afb0781c9a9dd23220d939c15cc218fe29d63d9ccd12f74127268c027d4041d392cad853e9da0a6d9379ac46efa8fe2099da7c49374b6c416139038143a94cc56334fad15ccbba2a821a22591d2c5b1449999e40af21e4f8280485d02056d904740e5c73a36e30c43376e7dbc8d0ccb7520e4bffc6501d0c0674a684398281b23d7dcb4386721fdece5817c74509fe6cc86751cd28e255dd47de330646d6bfe863fc50c773b90078f0332c3a02539c9e82b5e793c288063f91ed5f2036eb6cd4eae9e0
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03ffdaa3aac322387d7eb98acf9524bf
-      Version: 3
-      TBS:
-        MD5: 987b0fb90b05c0b59ba66fb1527c27e3
-        SHA1: 1b5d5279beed01b2355731588b1a26da29218b55
-        SHA256: b3cd9f313e55fce2d39d25dbe303777e5db9d0c01448dcd9ac70c2355bb5b4ea
-        SHA384: 4bb9546cdd73e2bff4224e021b54318e708c822a1a773a9e7246a46054aba1dd14c1651e8f01f5661b4ff4a3241c32ff
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 03ffdaa3aac322387d7eb98acf9524bf
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 88e21ed9e717781eaf87209acbdbb567
-  LoadsDespiteHVCI: 'FALSE'
-MitreID: T1068
-Resources:
-- https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules
-Tags:
-- AsrSetupDrv103.sys
-Verified: 'TRUE'
+    Signature: []
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: AsrSetupDrv103.sys
+    MachineType: ''
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: f3cce7e79ab5bd055f311bb3ac44a838779270b6
+    Signature: []
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: AsrSetupDrv103.sys
+    MD5: ''
+    MachineType: ''
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: ''
+    SHA256: 399EFFE75D32BDAB6FA0A6BFFE02DBF0A59219D940B654837C3BE1C0BD02E9AA
+    Signature:
+    - ''
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: AsrSetupDrv103.sys
+    MD5: ''
+    MachineType: ''
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: ''
+    SHA256: 27CD05527FEB020084A4A76579C125458571DA8843CDFC3733211760A11DA970
+    Signature:
+    - ''
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: AsrSetupDrv103.sys
+    MD5: ''
+    MachineType: ''
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: ''
+    SHA256: 7AAF2AA194B936E48BC90F01EE854768C8383C0BE50CFB41B346666AEC0CF853
+    Signature:
+    - ''
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: AsrSetupDrv103.sys
+    MD5: ''
+    MachineType: ''
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: ''
+    SHA256: 727E8BA66A8FF07BDC778EACB463B65F2D7167A6616CA2F259EA32571CACF8AF
+    Signature:
+    - ''
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 8faa23dd62881edd4c9a04f51649c212
+        SHA1: 0b6ec2aedc518849a1c61a70b1f9fb068ede2bc3
+        SHA256: 399effe75d32bdab6fa0a6bffe02dbf0a59219d940b654837c3be1c0bd02e9aa
+    Company: RW-Everything
+    Copyright: Copyright (C) 2011 RW-Everything
+    CreationTimestamp: '2022-01-04 01:19:15'
+    Date: ''
+    Description: AsrSetupDrv103 Driver
+    ExportedFunctions: ''
+    FileVersion: '1.00.00.0000 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - RtlQueryRegistryValues
+    - MmUnmapIoSpace
+    - IoFreeMdl
+    - MmGetPhysicalAddress
+    - IoBuildAsynchronousFsdRequest
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - IoFreeIrp
+    - RtlCompareMemory
+    - MmUnlockPages
+    - IoCreateSymbolicLink
+    - MmAllocateContiguousMemorySpecifyCache
+    - IofCallDriver
+    - KeBugCheckEx
+    - IoDeleteDevice
+    - MmGetSystemRoutineAddress
+    - IoCreateDevice
+    - ZwClose
+    - ObOpenObjectByPointer
+    - ZwSetSecurityObject
+    - IoDeviceObjectType
+    - _snwprintf
+    - RtlLengthSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - RtlCreateSecurityDescriptor
+    - RtlSetDaclSecurityDescriptor
+    - RtlAbsoluteToSelfRelativeSD
+    - IoIsWdmVersionAvailable
+    - SeExports
+    - wcschr
+    - _wcsnicmp
+    - RtlLengthSid
+    - RtlAddAccessAllowedAce
+    - RtlGetSaclSecurityDescriptor
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - ZwOpenKey
+    - ZwCreateKey
+    - ZwQueryValueKey
+    - ZwSetValueKey
+    - RtlFreeUnicodeString
+    - RtlInitUnicodeString
+    - MmFreeContiguousMemorySpecifyCache
+    - ExFreePoolWithTag
+    - IoDeleteSymbolicLink
+    - ExAllocatePoolWithTag
+    - KeStallExecutionProcessor
+    - BCryptCloseAlgorithmProvider
+    - BCryptGenerateSymmetricKey
+    - BCryptOpenAlgorithmProvider
+    - BCryptDecrypt
+    - BCryptDestroyKey
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    - cng.sys
+    InternalName: AsrSetupDrv103.sys
+    MD5: 9226339848e359f5e4cd519bef7dcd39
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: AsrSetupDrv103.sys
+    PDBPath: ''
+    Product: AsrSetupDrv103 Driver
+    ProductVersion: 1.00.00.0000
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 6540c04d181ea1395978a08c3d816451
+        SHA1: b3b7c684121b40f53751e0b7757ec248ef0670b4
+        SHA256: c68faaf4251928872474abfd81ef5ce8a2b5e5bd48c2edb586a4d2e518baa09d
+    SHA1: b33b99ae2653b4e675beb7d9eb2c925a1f105bd4
+    SHA256: 9d9346e6f46f831e263385a9bd32428e01919cca26a035bbb8e9cb00bf410bc3
+    Sections:
+        .text:
+            Entropy: 6.303345316333857
+            Virtual Size: '0x2248'
+        .rdata:
+            Entropy: 4.479896211803764
+            Virtual Size: '0x7b4'
+        .data:
+            Entropy: 1.3791658791138062
+            Virtual Size: '0x31c'
+        .pdata:
+            Entropy: 4.227444919844165
+            Virtual Size: '0x2b8'
+        PAGE:
+            Entropy: 6.220333128676603
+            Virtual Size: '0x1a47'
+        INIT:
+            Entropy: 5.419077179300342
+            Virtual Size: '0x94a'
+        .rsrc:
+            Entropy: 3.3084703257953634
+            Virtual Size: '0x3b8'
+        .reloc:
+            Entropy: 1.2280731978955797
+            Virtual Size: '0x60'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: OU=GlobalSign Root CA , R3, O=GlobalSign, CN=GlobalSign
+            ValidFrom: '2018-09-19 00:00:00'
+            ValidTo: '2028-01-28 12:00:00'
+            Signature: 2370e9cfe2bef559ae94426fc44333aacd3f3ab96417f262064b48f140880617a1feabd15f3cc633f2f38edd1f1d3ecc1a6099820bacc7fc7e9a872aa57d0fa657eeac3b6a85d6debd4063f8ada6c888b012fcf641df0f09971e38ea539fbe05f43eead39f501276be098bc20b487d1e2e51f68d53d3ab1f401b8a8eed7dfb4f7956705f0cd38e1bb3a7700d372b9795abdae0126b1c40cec5c77eedc26258ec77ed7322c28af5864388adea136efdd8fe422fb97d5ead18ef9490ca3d27ab26949975c7cbd37bf7ca4cd3af5121925b847d2b9f153f74cb51e89e830e166f1be746ce23bdf9e4a28bd2396baa791c912ce261242d8e2a487090c41ec5e8e070
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 01ee5f169dff97352b6465d66a
+            Version: 3
+            TBS:
+                MD5: 51c3959a45cecf3d21a3effb05762573
+                SHA1: ecfcd25fd0525448a74875ba271566bc0bfbf061
+                SHA256: de1da11668f0a8d5e13346ed3ab2755f5d25bebffcfd1d0bde5b9f87bc292c91
+                SHA384: f0eab75baf1f24a53d63bd795cd07292a312f603513c8cb0f40fe5acbdb477ed72607d309fad21471a16f6223fb3a838
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2011-04-15 19:55:08'
+            ValidTo: '2021-04-15 20:05:08'
+            Signature: 5ff8d065746a81c6a6ca5b03b6914ae84bbdef2ba142f0efb4a5adcd3389ec0b9585ac62501108aa58d25aa08310e5a6337af25af2c5fe787cf09c83df190ad97396002dd62ccde914d41d9de83f3c1a76f7904efb01350a6c9313a0c356eb67a0e4d17a96dec267f190f80a7bf5321b94ec5f751f8d1b34da6c58a7cb2d279e2226b7c9aa30cc0777b836e38201b5393ccc8dd9a75f7f23b3877fdb5798918bd7ce2520e39d644fdd87f72b68490318e0a5df7c5f68644d36838d4781f2e9e0a869abfa7b163c05a449ea8830190a6c73055178dfd41ddd3ad47f2de44e54be83431e7a7433b4a4ebd77073bc2a02988966eef6bc8f749378e329025a5a43e258ce7ccf9acad236893be25fda26054ec8d4e72c910e1797c5beee8b13112323294ffa83d050f6bafad53db3173df4ff034aa325dce67561d1fa35086bd62744d068b78d45e0eb852cc8a15d614474160e5958aed2b5eea5bcd6d7076ab62978fd976767dd8d4f17944fd2ed0caf972437c3a29c81da6be143b6577b4cecbf791319e79fe844e94781b75e701e91f83dd17b27f50b7056434805dda92fab86101d0b12e31ad04c6e75ded645b30b748887935c564a41029af7aeb799d8b67f88fa11f2457cf4d71b91c01cf1a0fbd4080a411a142acef4eb34486e66879ed54b7a397fbb0e3d3861cf735706e412066bd96b5308cd7018c22d4f974691bca9f0
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 6129152700000000002a
+            Version: 3
+            TBS:
+                MD5: 0bb058d116f02817737920f112d9fd3b
+                SHA1: fd116235171a4feafedee586b7a59185fb5fd7e6
+                SHA256: f970426cc46d2ae0fc5f899fa19dbe76e05f07e525654c60c3c9399492c291f4
+                SHA384: c0df876be008c26ca407fe904e6f5e7ccded17f9c16830ce9f8022309c9e64c97f494810f152811ae43e223b82ad7cc6
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Code Signing Root R45
+            ValidFrom: '2020-07-28 00:00:00'
+            ValidTo: '2029-03-18 00:00:00'
+            Signature: acf7cc158b3079a81d0b28881909d71c7ffe86bd7b5a336e0d670e7b62d9e1185cb0bd135d1d23ae39507637aa44fd5f01235986564cccadbc64131430a420a8e03fe89c72dc7ef3d80c23baa82daa3cf6ec9f87310765f539a7518275e1f22f97f6d1e165968364fea11d51fbb5249bf5d27769bc852c5cfa5877d1aea7b10be2d677bba9b4344aa96f3df4f30d955de6f97a45b02517312edbf70f68e6831fa9f7e5d49d988cd3614b2fc3287e7ade930eb47da00a6d92c4b4663f7da758eeacf7ecc30801ab38fc0a1ca9c597b288c8090219f65c9a1af14d6c30d4b306ab0060480d78abcf17ad9293622077756cbdc832b4dc4debd9dfc1909629bdc17f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.12
+            IsCertificateAuthority: true
+            SerialNumber: 7803184245708a41cf6f01b8eeb4a954
+            Version: 3
+            TBS:
+                MD5: a33260428269bc902bc1cd280e4b1837
+                SHA1: 254209ca172cffcc67bd2a88996556d2f09538f0
+                SHA256: a67411358594f2cf016741a63fd49f36de917f86531b3e3a43eb6a421c654868
+                SHA384: fec727af43d1569995cea26e8eb97167165842a5b185304425a92c03b71254c5d51222837515f33e60cb8ed2e8c625ba
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign GCC R45 EV CodeSigning
+                CA 2020
+            ValidFrom: '2020-07-28 00:00:00'
+            ValidTo: '2030-07-28 00:00:00'
+            Signature: 2575a009c939bab7a139892f189fabd6eb1d4be8947c0d07689b1c9def71b6176a6b024fb33f864587cc659b4ce35806022266d56102c5638fd4a2f1b65e250b7796e9cd7140338829eceef3a26dbc4db53e064bc97333ca08142d3d4ce8b0ba75a6742da4583a6c1349f8a5150a149685b16a68342542af9656f410fa247df12b72c116e16bebe6a998c73e5af4d0189dfd74978677462a3d237d28738aaeef2b1b9abf6c53a7149e3c8771c05e8ec8fbd32a9233ea574d5e075ecac118ac812d1a21fa6ecf97617bdf717a3aca63f7d530443732febb4385dcbafca6ca33192b776ddbcb05f07e5f752ea2b6bf35aa3663c9ce64d9bdfcbc2cf3495600c8122bc627bb37af57efc4cf1e29c4f4e22dce2a61cf57edf50a40e2f518d61ee9902fcad3875f938a481a111de537859f2e66629a5e814e95ac555743dc538b257e3c610f8a0bbaf53fa6d78ef704565e21bb9fd76a7180bf96de7203d8d8222bf327164f38e851400cae92efbe3d7df780c64c36578495a7841548300e5227088d8ea2bd22c719c9a6ca0ea87a36db6aba615f112495a4e28e68ee19a949995ed0b434bdd6f940c710973152393529118724d3c4fba963cb7748d5fa62fc24e0047a4ed0e46edece9e385026f4217165d70925d4c907007ab8c7f377e8c5d4e255d0d31ef67f52e2498db911720c88442633660144dfe4330e21de62894807daf5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 77bd0e05b7590bb61d4761531e3f75ed
+            Version: 3
+            TBS:
+                MD5: 65fd1dac1f115d9507f4e1840c8cb36a
+                SHA1: c7cf5607e19b22fe60c055e71d9b555d70f71f66
+                SHA256: d9c7db0b704f07089440c56e69a0f31d730edf77cfbf7514630e8b5390a270fe
+                SHA384: defe810317bd1215b4d1ee0ec8a5fb38b21d094ef1173cae670956cd899232638e4f9473fd947bd550a4a77300bbb2ab
+        -   Subject: ??=Private Organization, serialNumber=80333613, ??=TW, C=TW,
+                ST=Taipei, L=Taipei, ??=2F., No. 37, Sec. 2, Zhongyang S. Rd., Beitou
+                Dist., O=ASROCK INC., CN=ASROCK INC.
+            ValidFrom: '2021-09-17 08:05:26'
+            ValidTo: '2024-09-17 08:05:26'
+            Signature: a55d62e7c374666fc5f4d61d7c92d6a8c0b220441906ce5196674436a3f42f969875922d7a88766d7191ede53d1bcf28605c1a94a5b2fbe5598a686ee80ee3090a6cc96070fd98e7a975fdc7af0e12dbd070f5648a1b75d7f492448a1131dd6e4313a64293abaf9ba2a95fb1eaad5f20b04992d5e3b160501de906a7dc3c52d59bc106bc0b80928a1ad86cc4eb6e711e2d25c32ad092642679f257a32d7c0bc56af451d55e01473deac2c62d58c9e70d9d03dcaf493c5b4443caf3e120f0a5a8638c3a79d3b3c84554e90016bdcd301d9892193cc85a2e40a675ff543a78328be3b85c0cad5cfd9c59ed7a5e1978cc4f6af8d3b68640375405535be14e04a3c988992626fda57d1b3b30a10050c4aca6b499b53b9806b4b3620cbd458820c919bfdeccb5f7901ff7a3110fc2df7034acd4be5b4170395c4249c88ee70f11f20867623ba709a8788c40a7db56003ce5569303cd0ca7f14866b2170a559e0f70479c640b5a7076c91290ea7cb106262f87eb01e1167a842d116307f765e5632663e0f07b10139c17fd3732087602ec0a6f43dd57decad308e53f2a2a2ae45b10e7895a56ff73f0697e1e96f63324294b660a795bcf1e634ce94d77edc753157a70fc47628ef9c8fc764775fbe465dd8585c597d9d022a35a3662a289ec71351c325fe83370cababb5399e0882cbaf7aa3a58d00213097cb3eeb13ca1fb4a457d6e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 3be24b96d2c8d729eddb03e3
+            Version: 3
+            TBS:
+                MD5: bce317dc724ff8d4f6f02fca3e0e481e
+                SHA1: c84cd3e5f7120b9fcf38bbd968c2921dbd0a1e76
+                SHA256: 9b51dea8257984791d5cd3d82426595e92baba100bfd4cb0c960b1366f0a261e
+                SHA384: 403399db25033616ddd75c1e9f8df3fc60f3c235523ae77716568897bca0e2b7756a1fd7a12a2ebbeec5836c6ca7d5ac
+        Signer:
+        -   SerialNumber: 3be24b96d2c8d729eddb03e3
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign GCC R45 EV CodeSigning
+                CA 2020
+            Version: 1
+    Imphash: 88e21ed9e717781eaf87209acbdbb567
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: d8cbed27b67b802e00dd27a41400b762
+        SHA1: a7948a4e9a3a1a9ed0e4e41350e422464d8313cd
+        SHA256: 7aaf2aa194b936e48bc90f01ee854768c8383c0be50cfb41b346666aec0cf853
+    Company: RW-Everything
+    Copyright: Copyright (C) 2011 RW-Everything
+    CreationTimestamp: '2015-01-14 02:11:44'
+    Date: ''
+    Description: AsrSetupDrv103 Driver
+    ExportedFunctions: ''
+    FileVersion: '1.00.00.0000 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - RtlQueryRegistryValues
+    - MmUnmapIoSpace
+    - IoFreeMdl
+    - MmGetPhysicalAddress
+    - IoBuildAsynchronousFsdRequest
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - IoFreeIrp
+    - RtlCompareMemory
+    - MmUnlockPages
+    - IoCreateSymbolicLink
+    - MmAllocateContiguousMemorySpecifyCache
+    - IofCallDriver
+    - KeBugCheckEx
+    - IoDeleteDevice
+    - MmGetSystemRoutineAddress
+    - IoCreateDevice
+    - ZwClose
+    - ObOpenObjectByPointer
+    - ZwSetSecurityObject
+    - IoDeviceObjectType
+    - _snwprintf
+    - RtlLengthSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - RtlCreateSecurityDescriptor
+    - RtlSetDaclSecurityDescriptor
+    - RtlAbsoluteToSelfRelativeSD
+    - IoIsWdmVersionAvailable
+    - SeExports
+    - wcschr
+    - _wcsnicmp
+    - RtlLengthSid
+    - RtlAddAccessAllowedAce
+    - RtlGetSaclSecurityDescriptor
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - ZwOpenKey
+    - ZwCreateKey
+    - ZwQueryValueKey
+    - ZwSetValueKey
+    - RtlFreeUnicodeString
+    - RtlInitUnicodeString
+    - MmFreeContiguousMemorySpecifyCache
+    - ExFreePoolWithTag
+    - IoDeleteSymbolicLink
+    - ExAllocatePoolWithTag
+    - KeStallExecutionProcessor
+    - BCryptCloseAlgorithmProvider
+    - BCryptGenerateSymmetricKey
+    - BCryptOpenAlgorithmProvider
+    - BCryptDecrypt
+    - BCryptDestroyKey
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    - cng.sys
+    InternalName: AsrSetupDrv103.sys
+    MD5: 5cd0ec261c8c2a39d9105fbbcad4e5b9
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: AsrSetupDrv103.sys
+    PDBPath: ''
+    Product: AsrSetupDrv103 Driver
+    ProductVersion: 1.00.00.0000
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 6540c04d181ea1395978a08c3d816451
+        SHA1: b3b7c684121b40f53751e0b7757ec248ef0670b4
+        SHA256: c68faaf4251928872474abfd81ef5ce8a2b5e5bd48c2edb586a4d2e518baa09d
+    SHA1: 0ac0c21ca05161eaa6a042f347391a2a2fc78c96
+    SHA256: a0728184caead84f2e88777d833765f2d8af6a20aad77b426e07e76ef91f5c3f
+    Sections:
+        .text:
+            Entropy: 6.303345316333857
+            Virtual Size: '0x2248'
+        .rdata:
+            Entropy: 4.4991617725747
+            Virtual Size: '0x7cc'
+        .data:
+            Entropy: 1.3791658791138062
+            Virtual Size: '0x31c'
+        .pdata:
+            Entropy: 4.164463138797536
+            Virtual Size: '0x2b8'
+        PAGE:
+            Entropy: 6.220333128676603
+            Virtual Size: '0x1a47'
+        INIT:
+            Entropy: 5.419077179300342
+            Virtual Size: '0x94a'
+        .rsrc:
+            Entropy: 3.3084703257953634
+            Virtual Size: '0x3b8'
+        .reloc:
+            Entropy: 1.2280731978955797
+            Virtual Size: '0x60'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=TW, ST=TAIWAN, L=Taipei, O=ASROCK Incorporation, OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, CN=ASROCK Incorporation
+            ValidFrom: '2014-03-07 00:00:00'
+            ValidTo: '2017-05-05 23:59:59'
+            Signature: 1a2d36e51fc7012c4b1548f12a0b4dbef774c3662171e0e1779f412648292619a8d74f8603af4fff5516d4859e7a26de9f0f688b2714b64ff296e56165afb0781c9a9dd23220d939c15cc218fe29d63d9ccd12f74127268c027d4041d392cad853e9da0a6d9379ac46efa8fe2099da7c49374b6c416139038143a94cc56334fad15ccbba2a821a22591d2c5b1449999e40af21e4f8280485d02056d904740e5c73a36e30c43376e7dbc8d0ccb7520e4bffc6501d0c0674a684398281b23d7dcb4386721fdece5817c74509fe6cc86751cd28e255dd47de330646d6bfe863fc50c773b90078f0332c3a02539c9e82b5e793c288063f91ed5f2036eb6cd4eae9e0
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03ffdaa3aac322387d7eb98acf9524bf
+            Version: 3
+            TBS:
+                MD5: 987b0fb90b05c0b59ba66fb1527c27e3
+                SHA1: 1b5d5279beed01b2355731588b1a26da29218b55
+                SHA256: b3cd9f313e55fce2d39d25dbe303777e5db9d0c01448dcd9ac70c2355bb5b4ea
+                SHA384: 4bb9546cdd73e2bff4224e021b54318e708c822a1a773a9e7246a46054aba1dd14c1651e8f01f5661b4ff4a3241c32ff
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 03ffdaa3aac322387d7eb98acf9524bf
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 88e21ed9e717781eaf87209acbdbb567
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/193df066-c27c-4343-a4eb-ad2ac417a4cc.yaml b/yaml/193df066-c27c-4343-a4eb-ad2ac417a4cc.yaml
index ee47f0c16..fb80877f9 100644
--- a/yaml/193df066-c27c-4343-a4eb-ad2ac417a4cc.yaml
+++ b/yaml/193df066-c27c-4343-a4eb-ad2ac417a4cc.yaml
@@ -1,35 +1,35 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 193df066-c27c-4343-a4eb-ad2ac417a4cc
+Tags:
+- nt5.sys
+Verified: 'FALSE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create nt5.sys binPath=C:\windows\temp \n \n \n  t5.sys type=kernel
-    && sc.exe start nt5.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection: []
-Id: 193df066-c27c-4343-a4eb-ad2ac417a4cc
-KnownVulnerableSamples:
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: nt5.sys
-  MachineType: ''
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA256: fd33fb2735cc5ef466a54807d3436622407287e325276fcd3ed1290c98bd0533
-  Signature: []
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create nt5.sys binPath=C:\windows\temp \n \n \n  t5.sys type=kernel
+        && sc.exe start nt5.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules
-Tags:
-- nt5.sys
-Verified: 'FALSE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: nt5.sys
+    MachineType: ''
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA256: fd33fb2735cc5ef466a54807d3436622407287e325276fcd3ed1290c98bd0533
+    Signature: []
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/19897aed-9be8-4111-a7d8-35618b9d75b3.yaml b/yaml/19897aed-9be8-4111-a7d8-35618b9d75b3.yaml
index 4a99dd6eb..eb0976e29 100644
--- a/yaml/19897aed-9be8-4111-a7d8-35618b9d75b3.yaml
+++ b/yaml/19897aed-9be8-4111-a7d8-35618b9d75b3.yaml
@@ -1,160 +1,160 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 19897aed-9be8-4111-a7d8-35618b9d75b3
+Tags:
+- smep_capcom.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create smep_capcom.sys binPath=C:\windows\temp\smep_capcom.sys     type=kernel
-    && sc.exe start smep_capcom.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection: []
-Id: 19897aed-9be8-4111-a7d8-35618b9d75b3
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 37458813b5115cbf06552da28fefbbbb
-    SHA1: 1d1cafc73c97c6bcd2331f8777d90fdca57125a3
-    SHA256: faa08cb609a5b7be6bfdb61f1e4a5e8adf2f5a1d2492f262483df7326934f5d4
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2016-09-05 00:43:33'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: smep_capcom.sys
-  ImportedFunctions:
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - IofCompleteRequest
-  - MmGetSystemRoutineAddress
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - IoDeleteDevice
-  Imports:
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: f406c5536bcf9bacbeb7ce8a3c383bfa
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: b2f23c03be4553a744ff25735a80073c
-    SHA1: 2703d60c8f12df9d6adf5ae475bfeb1786486888
-    SHA256: 46ffd109664b6694974986a39d508002d564434d60a0fb9f861401f2cb2c83f1
-  SHA1: 21edff2937eb5cd6f6b0acb7ee5247681f624260
-  SHA256: db2a9247177e8cdd50fe9433d066b86ffd2a84301aa6b2eb60f361cfff077004
-  Sections:
-    .text:
-      Entropy: 5.848826218029174
-      Virtual Size: '0x4e0'
-    .data:
-      Entropy: -0.0
-      Virtual Size: '0xc0'
-    .pdata:
-      Entropy: 3.006469661076665
-      Virtual Size: '0x48'
-    .info:
-      Entropy: 1.3665783978789787
-      Virtual Size: '0xa0'
-    INIT:
-      Entropy: 4.123682579107587
-      Virtual Size: '0x114'
-  Signature:
-  - CAPCOM Co.,Ltd.
-  - Symantec Class 3 SHA256 Code Signing CA
-  - VeriSign
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=JP, ST=Osaka, L=Chuo,ku, O=CAPCOM Co.,Ltd., OU=R&D Asset Management
-        Section, CN=CAPCOM Co.,Ltd.
-      ValidFrom: '2016-05-02 00:00:00'
-      ValidTo: '2017-05-02 23:59:59'
-      Signature: 6b29c609e5a3bc4d2e3b59a22b42cfdcf409104be6cc7767624c4f96d585ef8243554de2513754867f64e7fdd39b00956903eee7ac6087641b82d8d49548202b8349085d9298c8e2498f2094190aa46cdda0510d937d4ab73ba469229672407822b47c4f1312475a14adcb291a101f0360acdcfa64a6aac9147b034fcea762c2a68a103885208922461990ef0bf3e602ba942257b36604ef4832c715d5320b99d5fd5ba7a76128ed6d0ba7cf90c4362ee2a96422fa4a69d5af070babf4ad786adfa43a21d1ae93fedfcef13b7e2f56b7c619f7d40bcaf8756e09797a9928daa90a582c8e7180cdb62f47c0873cc708f3e396820a7fdef929190fe86dea0b2566
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 7e59408d3c99c511a853fb2f73c03dc4
-      Version: 3
-      TBS:
-        MD5: a9f59eaae33b89f4e1abd1f49343dcac
-        SHA1: 070bcfc8c776cb0c28f80c39c84633e233bea90a
-        SHA256: 30107b5e2bcaa8ae8a2c0682c78b4b79377ca56f6a84c5610ebfc0adcf7b21ad
-        SHA384: b2dfce32fc217b83ce010a7f866e8dfc1dea72f11580521aa400c155b924432707abf72f279939ca1136d84800d445cf
-    - Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 SHA256 Code Signing CA
-      ValidFrom: '2013-12-10 00:00:00'
-      ValidTo: '2023-12-09 23:59:59'
-      Signature: 13851a1e69a937f7a0bda4af7e1d6153fe9d8c5e0ca6751e781723ddfdec1a035539fb7195c7655aa78e30d2445a61db706fda2105c22e73ba49f1d193fe5dc9cd5e03e0899e3f741ed7f7388ba9d6cfbb352f3358a89256d1c84d3b82e6798416fc28b0b147f31da23eee87d9a67fa456a53fad842e29de7cbca8aaa33d0401eaba93a20e502229174c87e43a115fd6a425899b056b2fb4c9014c277b0bac190522a060153fdac9fb4d4c8ffb726777fd2794c7ba350e8849fe8dfd28af4a12bd0db39705de440c15fa362b03dcc15001f1a1115d14e5e2bd274b54be2b845e0fa6c374050aef97c38922b11f77f3bdcd43d4f14ca93fb58b84af64f2d01421
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 3d78d7f9764960b2617df4f01eca862a
-      Version: 3
-      TBS:
-        MD5: 1f056ff7d5f874984dc605402b7cb042
-        SHA1: bdb348353a2203deb4b767914fa1bd7248dd728b
-        SHA256: a08e79c386083d875014c409c13d144e0a24386132980df11ff59737c8489eb1
-        SHA384: fa2729064b49e0d77540c1ee95d5f74acaf8eaf55197851a3a40383335f8113e51190bc48b552196edf8ac5cf0c89278
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    Signer:
-    - SerialNumber: 7e59408d3c99c511a853fb2f73c03dc4
-      Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 SHA256 Code Signing CA
-      Version: 1
-  Imphash: 45bfe170e0cd654bc1e2ae3fca3ac3f4
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create smep_capcom.sys binPath=C:\windows\temp\smep_capcom.sys     type=kernel
+        && sc.exe start smep_capcom.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://github.com/namazso/physmem_drivers
-Tags:
-- smep_capcom.sys
-Verified: 'TRUE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 37458813b5115cbf06552da28fefbbbb
+        SHA1: 1d1cafc73c97c6bcd2331f8777d90fdca57125a3
+        SHA256: faa08cb609a5b7be6bfdb61f1e4a5e8adf2f5a1d2492f262483df7326934f5d4
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2016-09-05 00:43:33'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: smep_capcom.sys
+    ImportedFunctions:
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - IofCompleteRequest
+    - MmGetSystemRoutineAddress
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - IoDeleteDevice
+    Imports:
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: f406c5536bcf9bacbeb7ce8a3c383bfa
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: b2f23c03be4553a744ff25735a80073c
+        SHA1: 2703d60c8f12df9d6adf5ae475bfeb1786486888
+        SHA256: 46ffd109664b6694974986a39d508002d564434d60a0fb9f861401f2cb2c83f1
+    SHA1: 21edff2937eb5cd6f6b0acb7ee5247681f624260
+    SHA256: db2a9247177e8cdd50fe9433d066b86ffd2a84301aa6b2eb60f361cfff077004
+    Sections:
+        .text:
+            Entropy: 5.848826218029174
+            Virtual Size: '0x4e0'
+        .data:
+            Entropy: -0.0
+            Virtual Size: '0xc0'
+        .pdata:
+            Entropy: 3.006469661076665
+            Virtual Size: '0x48'
+        .info:
+            Entropy: 1.3665783978789787
+            Virtual Size: '0xa0'
+        INIT:
+            Entropy: 4.123682579107587
+            Virtual Size: '0x114'
+    Signature:
+    - CAPCOM Co.,Ltd.
+    - Symantec Class 3 SHA256 Code Signing CA
+    - VeriSign
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=JP, ST=Osaka, L=Chuo,ku, O=CAPCOM Co.,Ltd., OU=R&D Asset Management
+                Section, CN=CAPCOM Co.,Ltd.
+            ValidFrom: '2016-05-02 00:00:00'
+            ValidTo: '2017-05-02 23:59:59'
+            Signature: 6b29c609e5a3bc4d2e3b59a22b42cfdcf409104be6cc7767624c4f96d585ef8243554de2513754867f64e7fdd39b00956903eee7ac6087641b82d8d49548202b8349085d9298c8e2498f2094190aa46cdda0510d937d4ab73ba469229672407822b47c4f1312475a14adcb291a101f0360acdcfa64a6aac9147b034fcea762c2a68a103885208922461990ef0bf3e602ba942257b36604ef4832c715d5320b99d5fd5ba7a76128ed6d0ba7cf90c4362ee2a96422fa4a69d5af070babf4ad786adfa43a21d1ae93fedfcef13b7e2f56b7c619f7d40bcaf8756e09797a9928daa90a582c8e7180cdb62f47c0873cc708f3e396820a7fdef929190fe86dea0b2566
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 7e59408d3c99c511a853fb2f73c03dc4
+            Version: 3
+            TBS:
+                MD5: a9f59eaae33b89f4e1abd1f49343dcac
+                SHA1: 070bcfc8c776cb0c28f80c39c84633e233bea90a
+                SHA256: 30107b5e2bcaa8ae8a2c0682c78b4b79377ca56f6a84c5610ebfc0adcf7b21ad
+                SHA384: b2dfce32fc217b83ce010a7f866e8dfc1dea72f11580521aa400c155b924432707abf72f279939ca1136d84800d445cf
+        -   Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 SHA256 Code Signing CA
+            ValidFrom: '2013-12-10 00:00:00'
+            ValidTo: '2023-12-09 23:59:59'
+            Signature: 13851a1e69a937f7a0bda4af7e1d6153fe9d8c5e0ca6751e781723ddfdec1a035539fb7195c7655aa78e30d2445a61db706fda2105c22e73ba49f1d193fe5dc9cd5e03e0899e3f741ed7f7388ba9d6cfbb352f3358a89256d1c84d3b82e6798416fc28b0b147f31da23eee87d9a67fa456a53fad842e29de7cbca8aaa33d0401eaba93a20e502229174c87e43a115fd6a425899b056b2fb4c9014c277b0bac190522a060153fdac9fb4d4c8ffb726777fd2794c7ba350e8849fe8dfd28af4a12bd0db39705de440c15fa362b03dcc15001f1a1115d14e5e2bd274b54be2b845e0fa6c374050aef97c38922b11f77f3bdcd43d4f14ca93fb58b84af64f2d01421
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 3d78d7f9764960b2617df4f01eca862a
+            Version: 3
+            TBS:
+                MD5: 1f056ff7d5f874984dc605402b7cb042
+                SHA1: bdb348353a2203deb4b767914fa1bd7248dd728b
+                SHA256: a08e79c386083d875014c409c13d144e0a24386132980df11ff59737c8489eb1
+                SHA384: fa2729064b49e0d77540c1ee95d5f74acaf8eaf55197851a3a40383335f8113e51190bc48b552196edf8ac5cf0c89278
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        Signer:
+        -   SerialNumber: 7e59408d3c99c511a853fb2f73c03dc4
+            Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 SHA256 Code Signing CA
+            Version: 1
+    Imphash: 45bfe170e0cd654bc1e2ae3fca3ac3f4
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/19d16518-4aee-4983-ba89-dbbe0fa8a3e7.yaml b/yaml/19d16518-4aee-4983-ba89-dbbe0fa8a3e7.yaml
index b90d02cb6..0590964d1 100644
--- a/yaml/19d16518-4aee-4983-ba89-dbbe0fa8a3e7.yaml
+++ b/yaml/19d16518-4aee-4983-ba89-dbbe0fa8a3e7.yaml
@@ -1,213 +1,214 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 19d16518-4aee-4983-ba89-dbbe0fa8a3e7
+Tags:
+- AsrRapidStartDrv.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create AsrRapidStartDrv.sys binPath=C:\windows\temp\AsrRapidStartDrv.sys     type=kernel
-    && sc.exe start AsrRapidStartDrv.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/0aafa9f47acf69d46c9542985994ff5321f00842a28df2396d4a3076776a83cb.yara
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: 19d16518-4aee-4983-ba89-dbbe0fa8a3e7
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 98a9518fefaf056f5804b631e735ff73
-    SHA1: 5ac05af283a3bda3b09ce8ad292ba5c689216b7a
-    SHA256: 913ab7134ea3460e76db753cf68f336ada8f0b9c397be88c75f9567a8694f4a5
-  Company: RW-Everything
-  Copyright: Copyright (C) 2008 RW-Everything
-  CreationTimestamp: '2012-02-07 08:17:24'
-  Date: ''
-  Description: RW-Everything Read & Write Driver
-  ExportedFunctions: ''
-  FileVersion: '1.00.00.0000 built by: WinDDK'
-  Filename: AsrRapidStartDrv.sys
-  ImportedFunctions:
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - MmFreeContiguousMemorySpecifyCache
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - RtlQueryRegistryValues
-  - MmUnmapIoSpace
-  - IoFreeMdl
-  - MmGetPhysicalAddress
-  - IoBuildAsynchronousFsdRequest
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - IoFreeIrp
-  - RtlCompareMemory
-  - MmUnlockPages
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - MmAllocateContiguousMemorySpecifyCache
-  - IofCallDriver
-  - KeBugCheckEx
-  - ExAllocatePoolWithTag
-  - KeStallExecutionProcessor
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: RwDrv.sys
-  MD5: 31469f1313871690e8dc2e8ee4799b22
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: RwDrv.sys
-  Product: RW-Everything Read & Write Driver
-  ProductVersion: 1.00.00.0000
-  Publisher: ASROCK Incorporation
-  RichPEHeaderHash:
-    MD5: a84c01eca8a6ca8e5221dbca3000c16e
-    SHA1: ff0ae5ad07f99ad2ac40b53c5215335a5d84e926
-    SHA256: 961a144592952461a785ff1f4d4f55c4132016b9fbbce3d881edf6131038533b
-  SHA1: 89cd760e8cb19d29ee08c430fb17a5fd4455c741
-  SHA256: 0aafa9f47acf69d46c9542985994ff5321f00842a28df2396d4a3076776a83cb
-  Sections:
-    .text:
-      Entropy: 6.33792036132721
-      Virtual Size: '0x1a28'
-    .rdata:
-      Entropy: 4.569601662787029
-      Virtual Size: '0x24c'
-    .data:
-      Entropy: 0.46979092711892695
-      Virtual Size: '0x130'
-    .pdata:
-      Entropy: 3.6846124142888885
-      Virtual Size: '0xf0'
-    INIT:
-      Entropy: 5.36094471500958
-      Virtual Size: '0x4e8'
-    .rsrc:
-      Entropy: 3.3169950909252863
-      Virtual Size: '0x3c0'
-  Signature:
-  - ASROCK Incorporation
-  - VeriSign Class 3 Code Signing 2010 CA
-  - VeriSign
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=TW, ST=TAIWAN, L=Taipei, O=ASROCK Incorporation, OU=Digital ID Class
-        3 , Microsoft Software Validation v2, CN=ASROCK Incorporation
-      ValidFrom: '2011-03-07 00:00:00'
-      ValidTo: '2014-04-03 23:59:59'
-      Signature: e457550022e1dc5fe5a4f5162ea4664b819458f2359662f932d0d95e5ea6fd9ddafef2e213e9b4a46fa9acd6d5a07919479d127beb7ec1c11f0bc376b8ebfa7f815ec4f9b97646c2297359d2d8fda71a21143f33696ca8f3e1f830ef73cddea63b38fe440779ac5ef4885c3e5158183efbd50ecac394edbe86ad65c8245bf56719cd0dd5a13b2baad92c65ab6b2fbfc7aad423fc082e067d6080a3fbc634e58361bb6aa25ef376c78795d025f425faf64d8771549f3f7acfa1a55d4d7c4d8da57cd78411925d37a515cccbd1f978fb26abd268b80ff67b64bd4262e63b04d4015c8af232d9f117bfcec950c5612adbbcd70106d5712f5c70c131fbd19db21e6c
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 45dfec7bb3d378c97feb24efd699bb4e
-      Version: 3
-      TBS:
-        MD5: 544af7037e76dccfe47a9dffd9b847fd
-        SHA1: ea7dceadac1b76a4a0ed5624632072f8aa6ce02c
-        SHA256: 87f5b27417a56e4175d0e0acb7a831961963fad217e5d82fbf699287e8fdab25
-        SHA384: 2b6eb82e226dcec715cc7c98e2bf9a9a0dcb3f4e471827fe95d9dbd452ce459c6ae9525771c673800fa84b679b14db89
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 45dfec7bb3d378c97feb24efd699bb4e
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 9d7183c1d8107495354c4fad9dae3452
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create AsrRapidStartDrv.sys binPath=C:\windows\temp\AsrRapidStartDrv.sys     type=kernel
+        && sc.exe start AsrRapidStartDrv.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://github.com/namazso/physmem_drivers
-Tags:
-- AsrRapidStartDrv.sys
-Verified: 'TRUE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/0aafa9f47acf69d46c9542985994ff5321f00842a28df2396d4a3076776a83cb.yara
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 98a9518fefaf056f5804b631e735ff73
+        SHA1: 5ac05af283a3bda3b09ce8ad292ba5c689216b7a
+        SHA256: 913ab7134ea3460e76db753cf68f336ada8f0b9c397be88c75f9567a8694f4a5
+    Company: RW-Everything
+    Copyright: Copyright (C) 2008 RW-Everything
+    CreationTimestamp: '2012-02-07 08:17:24'
+    Date: ''
+    Description: RW-Everything Read & Write Driver
+    ExportedFunctions: ''
+    FileVersion: '1.00.00.0000 built by: WinDDK'
+    Filename: AsrRapidStartDrv.sys
+    ImportedFunctions:
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - MmFreeContiguousMemorySpecifyCache
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - RtlQueryRegistryValues
+    - MmUnmapIoSpace
+    - IoFreeMdl
+    - MmGetPhysicalAddress
+    - IoBuildAsynchronousFsdRequest
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - IoFreeIrp
+    - RtlCompareMemory
+    - MmUnlockPages
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - MmAllocateContiguousMemorySpecifyCache
+    - IofCallDriver
+    - KeBugCheckEx
+    - ExAllocatePoolWithTag
+    - KeStallExecutionProcessor
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: RwDrv.sys
+    MD5: 31469f1313871690e8dc2e8ee4799b22
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: RwDrv.sys
+    Product: RW-Everything Read & Write Driver
+    ProductVersion: 1.00.00.0000
+    Publisher: ASROCK Incorporation
+    RichPEHeaderHash:
+        MD5: a84c01eca8a6ca8e5221dbca3000c16e
+        SHA1: ff0ae5ad07f99ad2ac40b53c5215335a5d84e926
+        SHA256: 961a144592952461a785ff1f4d4f55c4132016b9fbbce3d881edf6131038533b
+    SHA1: 89cd760e8cb19d29ee08c430fb17a5fd4455c741
+    SHA256: 0aafa9f47acf69d46c9542985994ff5321f00842a28df2396d4a3076776a83cb
+    Sections:
+        .text:
+            Entropy: 6.33792036132721
+            Virtual Size: '0x1a28'
+        .rdata:
+            Entropy: 4.569601662787029
+            Virtual Size: '0x24c'
+        .data:
+            Entropy: 0.46979092711892695
+            Virtual Size: '0x130'
+        .pdata:
+            Entropy: 3.6846124142888885
+            Virtual Size: '0xf0'
+        INIT:
+            Entropy: 5.36094471500958
+            Virtual Size: '0x4e8'
+        .rsrc:
+            Entropy: 3.3169950909252863
+            Virtual Size: '0x3c0'
+    Signature:
+    - ASROCK Incorporation
+    - VeriSign Class 3 Code Signing 2010 CA
+    - VeriSign
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=TW, ST=TAIWAN, L=Taipei, O=ASROCK Incorporation, OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, CN=ASROCK Incorporation
+            ValidFrom: '2011-03-07 00:00:00'
+            ValidTo: '2014-04-03 23:59:59'
+            Signature: e457550022e1dc5fe5a4f5162ea4664b819458f2359662f932d0d95e5ea6fd9ddafef2e213e9b4a46fa9acd6d5a07919479d127beb7ec1c11f0bc376b8ebfa7f815ec4f9b97646c2297359d2d8fda71a21143f33696ca8f3e1f830ef73cddea63b38fe440779ac5ef4885c3e5158183efbd50ecac394edbe86ad65c8245bf56719cd0dd5a13b2baad92c65ab6b2fbfc7aad423fc082e067d6080a3fbc634e58361bb6aa25ef376c78795d025f425faf64d8771549f3f7acfa1a55d4d7c4d8da57cd78411925d37a515cccbd1f978fb26abd268b80ff67b64bd4262e63b04d4015c8af232d9f117bfcec950c5612adbbcd70106d5712f5c70c131fbd19db21e6c
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 45dfec7bb3d378c97feb24efd699bb4e
+            Version: 3
+            TBS:
+                MD5: 544af7037e76dccfe47a9dffd9b847fd
+                SHA1: ea7dceadac1b76a4a0ed5624632072f8aa6ce02c
+                SHA256: 87f5b27417a56e4175d0e0acb7a831961963fad217e5d82fbf699287e8fdab25
+                SHA384: 2b6eb82e226dcec715cc7c98e2bf9a9a0dcb3f4e471827fe95d9dbd452ce459c6ae9525771c673800fa84b679b14db89
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 45dfec7bb3d378c97feb24efd699bb4e
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 9d7183c1d8107495354c4fad9dae3452
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/1a1cf88a-96d0-46cd-a24d-1535e4a5f6e3.yaml b/yaml/1a1cf88a-96d0-46cd-a24d-1535e4a5f6e3.yaml
index da2e33a58..dfcf3857a 100644
--- a/yaml/1a1cf88a-96d0-46cd-a24d-1535e4a5f6e3.yaml
+++ b/yaml/1a1cf88a-96d0-46cd-a24d-1535e4a5f6e3.yaml
@@ -1,186 +1,186 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 1a1cf88a-96d0-46cd-a24d-1535e4a5f6e3
+Tags:
+- msrhook.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create msrhook.sys binPath=C:\windows\temp\msrhook.sys type=kernel
-    && sc.exe start msrhook.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection: []
-Id: 1a1cf88a-96d0-46cd-a24d-1535e4a5f6e3
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 172df59ed493cc10ccca27239ff3b4e3
-    SHA1: ccce82f52142229c88746b06b198ea5c5e058961
-    SHA256: 37e33b54de1bbe4cf86fa58aeec39084afb35e0cbe5f69c763ecaec1d352daa0
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2014-03-27 18:36:23'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: msrhook.sys
-  ImportedFunctions:
-  - KeInitializeEvent
-  - KeDelayExecutionThread
-  - KeSetPriorityThread
-  - KeInitializeSpinLock
-  - KeAcquireSpinLockRaiseToDpc
-  - KeReleaseSpinLock
-  - KeQueryTimeIncrement
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - IoAttachDeviceToDeviceStack
-  - IofCallDriver
-  - IofCompleteRequest
-  - DbgPrint
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - IoDetachDevice
-  - PoCallDriver
-  - PoStartNextPowerIrp
-  - ObfDereferenceObject
-  - ZwClose
-  - ObReferenceObjectByName
-  - __C_specific_handler
-  - IoDriverObjectType
-  - IoCreateDevice
-  - RtlInitUnicodeString
-  - KeStallExecutionProcessor
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: c49a1956a6a25ffc25ad97d6762b0989
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: b39a70fb2c30cf4cc1682346d883041e
-    SHA1: 1ac564071b1cab56609d154c9b6e7ee798c970d8
-    SHA256: 7380b70b92ac4b9a4c151a1f18751b52a4523830da6d998745dbc822837162cc
-  SHA1: 89909fa481ff67d7449ee90d24c167b17b0612f1
-  SHA256: 6de84caa2ca18673e01b91af58220c60aecd5cccf269725ec3c7f226b2167492
-  Sections:
-    .text:
-      Entropy: 6.353601687080194
-      Virtual Size: '0x2511'
-    .rdata:
-      Entropy: 3.9145119966486024
-      Virtual Size: '0x414'
-    .data:
-      Entropy: 0.5673389940094367
-      Virtual Size: '0x2618'
-    .pdata:
-      Entropy: 3.9851918849242547
-      Virtual Size: '0x21c'
-    INIT:
-      Entropy: 4.886849659994224
-      Virtual Size: '0x3c0'
-    .reloc:
-      Entropy: 1.9669171866886992
-      Virtual Size: '0x10'
-  Signature:
-  - ID TECH
-  - VeriSign Class 3 Code Signing 2010 CA
-  - VeriSign
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, ST=California, L=Cypress, O=ID TECH, OU=Digital ID Class 3 ,
-        Microsoft Software Validation v2, CN=ID TECH
-      ValidFrom: '2013-03-19 00:00:00'
-      ValidTo: '2016-04-17 23:59:59'
-      Signature: 3ec485b2c22d56d59a02661d02788126082a776de8cfea0b5b99cec18a97567efec0daffbf6f3d3483baec05e3d9b2104ee085137b3ff2bf4be2ae549a08cc7abe57e30537e2d22a6c4928ca03ad0b960be5f9016ff818d15b2a2539c97d2458a68cfd7b433d7224454385d6cd03a2900656c915d8e4c5d04c5e4e5b431ecd9b700d8bc01c5e26ef3e0d9fea1c2727b601ea264f8cc4441309d712a7ad36b27e0b868fe3d64ceaf44fe66de2830f754fb86ee72d1052be89f72db0eb8cb9e734a7da03d4cbba7c4430462769a5e4e997ee212e67c36c1f68262f685ec5f3824d0e3eda8daf521a8b998ace5dbcaf7bae308ba96061a7b642bdf0b7e37a3cd9b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 15bd213c3742423afdeae3990f694e8e
-      Version: 3
-      TBS:
-        MD5: 6dfe3178bfb2c2ab04c53b9c386fd499
-        SHA1: c33456b439bda66ad91491edbe4694ef7e1f591d
-        SHA256: 6e99b4f15ec47d6f0e1d95dd8d37ce84bdfbb7a985fa7e7289f0c5bd0fc84b66
-        SHA384: 7b30081b6e7ed04d1b883e137a5756cb664acc56c1db6398d1376889acf2f334319ece30941f7540f5bb00bbe324d7ba
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 15bd213c3742423afdeae3990f694e8e
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 1429d5c551f71d3ce6a7cc54c9348e95
-  LoadsDespiteHVCI: 'TRUE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create msrhook.sys binPath=C:\windows\temp\msrhook.sys type=kernel
+        && sc.exe start msrhook.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://github.com/namazso/physmem_drivers
-Tags:
-- msrhook.sys
-Verified: 'TRUE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 172df59ed493cc10ccca27239ff3b4e3
+        SHA1: ccce82f52142229c88746b06b198ea5c5e058961
+        SHA256: 37e33b54de1bbe4cf86fa58aeec39084afb35e0cbe5f69c763ecaec1d352daa0
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2014-03-27 18:36:23'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: msrhook.sys
+    ImportedFunctions:
+    - KeInitializeEvent
+    - KeDelayExecutionThread
+    - KeSetPriorityThread
+    - KeInitializeSpinLock
+    - KeAcquireSpinLockRaiseToDpc
+    - KeReleaseSpinLock
+    - KeQueryTimeIncrement
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - IoAttachDeviceToDeviceStack
+    - IofCallDriver
+    - IofCompleteRequest
+    - DbgPrint
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - IoDetachDevice
+    - PoCallDriver
+    - PoStartNextPowerIrp
+    - ObfDereferenceObject
+    - ZwClose
+    - ObReferenceObjectByName
+    - __C_specific_handler
+    - IoDriverObjectType
+    - IoCreateDevice
+    - RtlInitUnicodeString
+    - KeStallExecutionProcessor
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: c49a1956a6a25ffc25ad97d6762b0989
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: b39a70fb2c30cf4cc1682346d883041e
+        SHA1: 1ac564071b1cab56609d154c9b6e7ee798c970d8
+        SHA256: 7380b70b92ac4b9a4c151a1f18751b52a4523830da6d998745dbc822837162cc
+    SHA1: 89909fa481ff67d7449ee90d24c167b17b0612f1
+    SHA256: 6de84caa2ca18673e01b91af58220c60aecd5cccf269725ec3c7f226b2167492
+    Sections:
+        .text:
+            Entropy: 6.353601687080194
+            Virtual Size: '0x2511'
+        .rdata:
+            Entropy: 3.9145119966486024
+            Virtual Size: '0x414'
+        .data:
+            Entropy: 0.5673389940094367
+            Virtual Size: '0x2618'
+        .pdata:
+            Entropy: 3.9851918849242547
+            Virtual Size: '0x21c'
+        INIT:
+            Entropy: 4.886849659994224
+            Virtual Size: '0x3c0'
+        .reloc:
+            Entropy: 1.9669171866886992
+            Virtual Size: '0x10'
+    Signature:
+    - ID TECH
+    - VeriSign Class 3 Code Signing 2010 CA
+    - VeriSign
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, ST=California, L=Cypress, O=ID TECH, OU=Digital ID Class
+                3 , Microsoft Software Validation v2, CN=ID TECH
+            ValidFrom: '2013-03-19 00:00:00'
+            ValidTo: '2016-04-17 23:59:59'
+            Signature: 3ec485b2c22d56d59a02661d02788126082a776de8cfea0b5b99cec18a97567efec0daffbf6f3d3483baec05e3d9b2104ee085137b3ff2bf4be2ae549a08cc7abe57e30537e2d22a6c4928ca03ad0b960be5f9016ff818d15b2a2539c97d2458a68cfd7b433d7224454385d6cd03a2900656c915d8e4c5d04c5e4e5b431ecd9b700d8bc01c5e26ef3e0d9fea1c2727b601ea264f8cc4441309d712a7ad36b27e0b868fe3d64ceaf44fe66de2830f754fb86ee72d1052be89f72db0eb8cb9e734a7da03d4cbba7c4430462769a5e4e997ee212e67c36c1f68262f685ec5f3824d0e3eda8daf521a8b998ace5dbcaf7bae308ba96061a7b642bdf0b7e37a3cd9b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 15bd213c3742423afdeae3990f694e8e
+            Version: 3
+            TBS:
+                MD5: 6dfe3178bfb2c2ab04c53b9c386fd499
+                SHA1: c33456b439bda66ad91491edbe4694ef7e1f591d
+                SHA256: 6e99b4f15ec47d6f0e1d95dd8d37ce84bdfbb7a985fa7e7289f0c5bd0fc84b66
+                SHA384: 7b30081b6e7ed04d1b883e137a5756cb664acc56c1db6398d1376889acf2f334319ece30941f7540f5bb00bbe324d7ba
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 15bd213c3742423afdeae3990f694e8e
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 1429d5c551f71d3ce6a7cc54c9348e95
+    LoadsDespiteHVCI: 'TRUE'
diff --git a/yaml/1ab1ec8c-1231-4ba4-8804-4a2cda103bb8.yaml b/yaml/1ab1ec8c-1231-4ba4-8804-4a2cda103bb8.yaml
index fe29d51db..1a327a714 100644
--- a/yaml/1ab1ec8c-1231-4ba4-8804-4a2cda103bb8.yaml
+++ b/yaml/1ab1ec8c-1231-4ba4-8804-4a2cda103bb8.yaml
@@ -1,203 +1,204 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 1ab1ec8c-1231-4ba4-8804-4a2cda103bb8
+Tags:
+- gametersafe.sys
+Verified: 'TRUE'
 Author: Michael Haag
+Created: '2023-07-22'
+MitreID: T1068
 CVE:
 - ''
 Category: vulnerable drivers
 Commands:
-  Command: ''
-  Description: Confirmed vulnerable driver from Microsoft Block List
-  OperatingSystem: Windows
-  Privileges: kernel
-  Usecase: Elevate privileges
-Created: '2023-07-22'
-Detection:
-- type: ''
-  value: ''
-Id: 1ab1ec8c-1231-4ba4-8804-4a2cda103bb8
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 406e0fb11faa06f2f417c75310932f75
-    SHA1: 39f934078a060bad2d58b5dba8f8884903d697a7
-    SHA256: 3e9b62d2ea2be50a2da670746c4dbe807db9601980af3a1014bcd72d0248d84c
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2020-02-08 02:17:56'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - IoDeleteSymbolicLink
-  - RtlImageNtHeader
-  - RtlInitAnsiString
-  - MmGetSystemRoutineAddress
-  - ExAllocatePoolWithTag
-  - IoCreateDevice
-  - MmFreePagesFromMdl
-  - ExFreePoolWithTag
-  - MmMapLockedPagesSpecifyCache
-  - IofCompleteRequest
-  - ZwQueryInformationFile
-  - MmAllocatePagesForMdl
-  - ZwClose
-  - __C_specific_handler
-  - MmUnlockPages
-  - MmProbeAndLockPages
-  - IoFreeIrp
-  - IoAllocateMdl
-  - KeSetEvent
-  - IoFreeMdl
-  - IoAllocateIrp
-  - KeInitializeEvent
-  - KeWaitForSingleObject
-  - ZwWriteFile
-  - IoDeleteDevice
-  - RtlInitUnicodeString
-  - _vsnprintf
-  - RtlFreeUnicodeString
-  - RtlRandomEx
-  - ZwCreateFile
-  - ZwQuerySystemInformation
-  - RtlImageDirectoryEntryToData
-  - RtlCopyUnicodeString
-  - RtlAnsiStringToUnicodeString
-  - ExAllocatePool
-  - IoCreateSymbolicLink
-  - RtlCompareUnicodeString
-  - WskCaptureProviderNPI
-  - WskRegister
-  - WskReleaseProviderNPI
-  - WskDeregister
-  - WdfVersionBind
-  - WdfVersionBindClass
-  - WdfVersionUnbind
-  - WdfVersionUnbindClass
-  Imports:
-  - ntoskrnl.exe
-  - NETIO.SYS
-  - WDFLDR.SYS
-  InternalName: ''
-  MD5: 7d0b8d03f0c985e27e5dc7263fa3f0ae
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 14a8a59145530d446445ab8773b70769
-    SHA1: 2a1725f87c33b0ce9056410d2f7d87f2e949a337
-    SHA256: 1d4731833137290604bc7b4cf7e5c46113a41673141fdf195b7d12d72180d1fb
-  SHA1: d057e709ae69b3bbb66e199b0e0858429790f995
-  SHA256: e2ec3b2a93c473d88bfdf2deb1969d15ab61737acc1ee8e08234bc5513ee87ea
-  Sections:
-    .text:
-      Entropy: 5.501194029641816
-      Virtual Size: '0x1f20'
-    .rdata:
-      Entropy: 4.049029918506814
-      Virtual Size: '0x7cc'
-    .data:
-      Entropy: 0.6333325201297626
-      Virtual Size: '0xf80'
-    .pdata:
-      Entropy: 7.347119965741041
-      Virtual Size: '0x1b0'
-    INIT:
-      Entropy: 5.119013096767569
-      Virtual Size: '0x64a'
-    .vmp0:
-      Entropy: 7.023334874263105
-      Virtual Size: '0x12b6c0'
-    .reloc:
-      Entropy: 3.84520519396212
-      Virtual Size: '0xcc'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: C=CN, ST=, L=, O=, OU=, CN=
-      ValidFrom: '2019-07-02 00:00:00'
-      ValidTo: '2020-07-08 12:00:00'
-      Signature: bbe447c3c9823460c47f5f8015ac71baf97943df9fb662e2a359f35f116c0701139e659661e758f5a5c8fcc0f7a41cb19b6328a357c2fe27492365f70c98c71bb943693f6120749ebaf0fb8d92d43623b37ed9f2c56003f054b090d85220febcf15a0e6261f05326b62bb9685b8e2b51dba2fde2407231f1fa44b1110c318611d4ea8e2c0f93cc6fe1886f5fa9ac8528aab31cee82f20dd3d1488633aa93a7fbb1d13b3b1871e567f59b312d6f56564656421b2bb2691d3b7ecbf9f5ee87bbd5927308269e0316c6573c7c84770ebd999f5a7379f55093b05591b1a78a3aded16995248aad311d675fafa73a860f95e0ec16516c22dfc8194d524ac5898e04ad
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0c59d46580f039af2c4ab6ba0ffed197
-      Version: 3
-      TBS:
-        MD5: 87b3e146e36d621cfa581f15a59a08de
-        SHA1: 5f65a1d664ca1ca64b7634143bad885981e94d0c
-        SHA256: b20fb8bcfcf6b544cbabc685aa3c19f61918f96a05192cd2987e897e13a9344c
-        SHA384: 3e298d8234d5106393c8146940d42b52e09ff15022ab512c6ac87164d4b1a9f7a0193c779198020ba923380a44f043b8
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
-      Version: 3
-      TBS:
-        MD5: 829995f702421dea833a24fb2c7f4442
-        SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
-        SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
-        SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 0c59d46580f039af2c4ab6ba0ffed197
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      Version: 1
-  Imphash: 120ea3462d2c279afe9f2bc72643da04
-  LoadsDespiteHVCI: 'FALSE'
-MitreID: T1068
+    Command: ''
+    Description: Confirmed vulnerable driver from Microsoft Block List
+    OperatingSystem: Windows
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://gist.github.com/mgraeber-rc/1bde6a2a83237f17b463d051d32e802c
-Tags:
-- gametersafe.sys
-Verified: 'TRUE'
+Detection:
+-   type: ''
+    value: ''
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 406e0fb11faa06f2f417c75310932f75
+        SHA1: 39f934078a060bad2d58b5dba8f8884903d697a7
+        SHA256: 3e9b62d2ea2be50a2da670746c4dbe807db9601980af3a1014bcd72d0248d84c
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2020-02-08 02:17:56'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - IoDeleteSymbolicLink
+    - RtlImageNtHeader
+    - RtlInitAnsiString
+    - MmGetSystemRoutineAddress
+    - ExAllocatePoolWithTag
+    - IoCreateDevice
+    - MmFreePagesFromMdl
+    - ExFreePoolWithTag
+    - MmMapLockedPagesSpecifyCache
+    - IofCompleteRequest
+    - ZwQueryInformationFile
+    - MmAllocatePagesForMdl
+    - ZwClose
+    - __C_specific_handler
+    - MmUnlockPages
+    - MmProbeAndLockPages
+    - IoFreeIrp
+    - IoAllocateMdl
+    - KeSetEvent
+    - IoFreeMdl
+    - IoAllocateIrp
+    - KeInitializeEvent
+    - KeWaitForSingleObject
+    - ZwWriteFile
+    - IoDeleteDevice
+    - RtlInitUnicodeString
+    - _vsnprintf
+    - RtlFreeUnicodeString
+    - RtlRandomEx
+    - ZwCreateFile
+    - ZwQuerySystemInformation
+    - RtlImageDirectoryEntryToData
+    - RtlCopyUnicodeString
+    - RtlAnsiStringToUnicodeString
+    - ExAllocatePool
+    - IoCreateSymbolicLink
+    - RtlCompareUnicodeString
+    - WskCaptureProviderNPI
+    - WskRegister
+    - WskReleaseProviderNPI
+    - WskDeregister
+    - WdfVersionBind
+    - WdfVersionBindClass
+    - WdfVersionUnbind
+    - WdfVersionUnbindClass
+    Imports:
+    - ntoskrnl.exe
+    - NETIO.SYS
+    - WDFLDR.SYS
+    InternalName: ''
+    MD5: 7d0b8d03f0c985e27e5dc7263fa3f0ae
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 14a8a59145530d446445ab8773b70769
+        SHA1: 2a1725f87c33b0ce9056410d2f7d87f2e949a337
+        SHA256: 1d4731833137290604bc7b4cf7e5c46113a41673141fdf195b7d12d72180d1fb
+    SHA1: d057e709ae69b3bbb66e199b0e0858429790f995
+    SHA256: e2ec3b2a93c473d88bfdf2deb1969d15ab61737acc1ee8e08234bc5513ee87ea
+    Sections:
+        .text:
+            Entropy: 5.501194029641816
+            Virtual Size: '0x1f20'
+        .rdata:
+            Entropy: 4.049029918506814
+            Virtual Size: '0x7cc'
+        .data:
+            Entropy: 0.6333325201297626
+            Virtual Size: '0xf80'
+        .pdata:
+            Entropy: 7.347119965741041
+            Virtual Size: '0x1b0'
+        INIT:
+            Entropy: 5.119013096767569
+            Virtual Size: '0x64a'
+        .vmp0:
+            Entropy: 7.023334874263105
+            Virtual Size: '0x12b6c0'
+        .reloc:
+            Entropy: 3.84520519396212
+            Virtual Size: '0xcc'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: C=CN, ST=, L=, O=, OU=, CN=
+            ValidFrom: '2019-07-02 00:00:00'
+            ValidTo: '2020-07-08 12:00:00'
+            Signature: bbe447c3c9823460c47f5f8015ac71baf97943df9fb662e2a359f35f116c0701139e659661e758f5a5c8fcc0f7a41cb19b6328a357c2fe27492365f70c98c71bb943693f6120749ebaf0fb8d92d43623b37ed9f2c56003f054b090d85220febcf15a0e6261f05326b62bb9685b8e2b51dba2fde2407231f1fa44b1110c318611d4ea8e2c0f93cc6fe1886f5fa9ac8528aab31cee82f20dd3d1488633aa93a7fbb1d13b3b1871e567f59b312d6f56564656421b2bb2691d3b7ecbf9f5ee87bbd5927308269e0316c6573c7c84770ebd999f5a7379f55093b05591b1a78a3aded16995248aad311d675fafa73a860f95e0ec16516c22dfc8194d524ac5898e04ad
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0c59d46580f039af2c4ab6ba0ffed197
+            Version: 3
+            TBS:
+                MD5: 87b3e146e36d621cfa581f15a59a08de
+                SHA1: 5f65a1d664ca1ca64b7634143bad885981e94d0c
+                SHA256: b20fb8bcfcf6b544cbabc685aa3c19f61918f96a05192cd2987e897e13a9344c
+                SHA384: 3e298d8234d5106393c8146940d42b52e09ff15022ab512c6ac87164d4b1a9f7a0193c779198020ba923380a44f043b8
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
+            Version: 3
+            TBS:
+                MD5: 829995f702421dea833a24fb2c7f4442
+                SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
+                SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
+                SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 0c59d46580f039af2c4ab6ba0ffed197
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            Version: 1
+    Imphash: 120ea3462d2c279afe9f2bc72643da04
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/1aeb1205-8b02-42b6-a563-b953ea337c19.yaml b/yaml/1aeb1205-8b02-42b6-a563-b953ea337c19.yaml
index 7a10a7c71..19ab87b74 100644
--- a/yaml/1aeb1205-8b02-42b6-a563-b953ea337c19.yaml
+++ b/yaml/1aeb1205-8b02-42b6-a563-b953ea337c19.yaml
@@ -1,398 +1,398 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 1aeb1205-8b02-42b6-a563-b953ea337c19
+Tags:
+- Tmel.sys
+Verified: 'TRUE'
 Author: Michael Haag
+Created: '2023-07-22'
+MitreID: T1068
 CVE:
 - ''
 Category: vulnerable drivers
 Commands:
-  Command: ''
-  Description: Confirmed vulnerable driver from Microsoft Block List
-  OperatingSystem: Windows
-  Privileges: kernel
-  Usecase: Elevate privileges
-Created: '2023-07-22'
-Detection:
-- type: ''
-  value: ''
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: 1aeb1205-8b02-42b6-a563-b953ea337c19
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 9452955f95c4dde4370d5ea363a86400
-    SHA1: 47d918b63158a297c44e3e8bbe1d2f99900e7fef
-    SHA256: 3de38ef40dbda07a537a7e48cb5d59dbd17bf27d5d399b32df737cd67c0cdb25
-  Company: Trend Micro Inc.
-  Copyright: Copyright (C) 2015 Trend Micro Incorporated. All rights reserved.
-  CreationTimestamp: '2015-05-08 00:06:46'
-  Date: ''
-  Description: TrendMicro ELAM Driver
-  ExportedFunctions: ''
-  FileVersion: 1.6.0.1002
-  Filename: ''
-  ImportedFunctions:
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - _purecall
-  - strncpy
-  - wcsncpy
-  - RtlInitUnicodeString
-  - RtlEqualUnicodeString
-  - DbgPrint
-  - KeQuerySystemTime
-  - ZwClose
-  - ZwOpenKey
-  - ZwQueryValueKey
-  - ZwSetValueKey
-  - memcpy
-  - memset
-  - KeInitializeEvent
-  - KeWaitForSingleObject
-  - IoBuildDeviceIoControlRequest
-  - IofCallDriver
-  - IofCompleteRequest
-  - IoGetDeviceObjectPointer
-  - ObfDereferenceObject
-  - IoRegisterBootDriverCallback
-  - IoUnregisterBootDriverCallback
-  - _stricmp
-  - MmIsAddressValid
-  - RtlImageNtHeader
-  - ZwQuerySystemInformation
-  - wcsncmp
-  - memcmp
-  - RtlUnwind
-  - Tbsi_Revoke_Attestation
-  Imports:
-  - ntoskrnl.exe
-  - tbs.sys
-  InternalName: Tmel.sys
-  MD5: d052dc4ac3c5bfe34f04abc62a153847
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: Tmel.sys
-  PDBPath: ''
-  Product: Trend Micro Early Launch Anti-Malware Driver
-  ProductVersion: '1.6'
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 5e73d8474cb1757ee6566d0416cc7aea
-    SHA1: 631a45aea3207ad70ac96c80e6c1e28d87b7a982
-    SHA256: 5e23e66bee07280a49103359030aa43aa4171df8887676fb7c75fa741496736d
-  SHA1: 6eece018896c250f15f778f0ccae667f315b8bd1
-  SHA256: dd628061d6e53f3f0b44f409ad914b3494c5d7b5ff6ff0e8fc3161aacec93e96
-  Sections:
-    .text:
-      Entropy: 6.361406803326352
-      Virtual Size: '0x3f32'
-    .rdata:
-      Entropy: 4.152220214860239
-      Virtual Size: '0x300'
-    .data:
-      Entropy: 0.6946247138069125
-      Virtual Size: '0x328'
-    INIT:
-      Entropy: 5.302438952697484
-      Virtual Size: '0x364'
-    .rsrc:
-      Entropy: 3.489216555517427
-      Virtual Size: '0x800'
-    .reloc:
-      Entropy: 6.073476767052889
-      Virtual Size: '0x4b6'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft
-        Windows Early Launch Anti,malware Publisher
-      ValidFrom: '2015-01-14 21:31:10'
-      ValidTo: '2016-04-14 21:31:10'
-      Signature: 18c72a193d7efedccdf640d0a9c0ff2e9fa9b7b1dc3ac28ea90d33df3ab44670eab692d7c90e5dfa97ea674905adf1578f2d14a6085d2904c8812991ccec229b9dd2f11516f894517e97c201eff48c998ccf6b5d7a0efd07190ab33927be386d62acaaf5b73f4f891af0ef8002648737e57e62e9798e097aacced862778b51cc92357e090203fe6cd2322b82c6bde16dfaf6e598d05b1a352263da413a766038e665108701d6ac7efbe7ec04785a4b4f99a46583d724a09440d4752fb3d40c3565b3d03d37234f1bed4e3ae0c59160650f38aef29d3cf6a920ab86040f09e9f8087e9a89d8c443b3916d87479c352fdb44982f4799753df5e754434759545b1624ebef4794fffc2e2c8957fa370cee7790da87b3dfec3750a9a4a3780454299766c8a77670511082c4765b75be6a94a43113f58e22dac6440a102faf25f10dcd021f2e25b311b641c635b3ae5d9f7f63b342feaa02159be5bb63f09327162a523029df7f44fa36f0665708523b63678748d09ddbe1298817549b9f600a42e2249b654b94276ac16a843f18d1531c0a8512ebdf0a8f8238529bfbf5587542d6cc038e7a5abc9d39d09f455f8f078ab1d26d57bf16eebfd1eb8ed9bf49da61ff138b362abb0a22718c322aada6bd26c1059ba8ebae619c15ddad5496d2a424c975bcc26cfded04ddb3d0f23342882b3bc97602329639df471c2541222b768127f8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 330000000a35c02110041db90300000000000a
-      Version: 3
-      TBS:
-        MD5: 3d599ae8f2823b242ef0b42a48eb116c
-        SHA1: 87d1616058dae44dd602ab9acd4ac4e736bbd451
-        SHA256: eda5653cc4fffbaeded2567b92aa03abb6c60ade2da823b8a07d826e0856c0af
-        SHA384: f3d5d7e6a53e96d5c44b92c6bd81d71c6ffaf0ed77c13229adb301bc10ba7c2d5afde3d6a5eb553244666b0ce9ec68af
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2014
-      ValidFrom: '2014-10-15 20:31:27'
-      ValidTo: '2029-10-15 20:41:27'
-      Signature: 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 330000000d690d5d7893d076df00000000000d
-      Version: 3
-      TBS:
-        MD5: 83f69422963f11c3c340b81712eef319
-        SHA1: 0c5e5f24590b53bc291e28583acb78e5adc95601
-        SHA256: d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
-        SHA384: 260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63
-    Signer:
-    - SerialNumber: 330000000a35c02110041db90300000000000a
-      Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2014
-      Version: 1
-  Imphash: e53133e314605f61696ede9f23dbc14e
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 93de89630be80425a0f5571498b89048
-    SHA1: 6f39048e31f8e835f7537998bbd3b6ac5cff2c04
-    SHA256: 4bef5f5160c6a981562597dda319f9a235c28d5beba5268a454f734500ec1f4f
-  Company: Trend Micro Inc.
-  Copyright: Copyright (C) 2015 Trend Micro Incorporated. All rights reserved.
-  CreationTimestamp: '2015-11-18 03:14:15'
-  Date: ''
-  Description: TrendMicro ELAM Driver (64-Bit)
-  ExportedFunctions: ''
-  FileVersion: 1.6.0.1004
-  Filename: ''
-  ImportedFunctions:
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - _purecall
-  - strncpy
-  - wcsncpy
-  - RtlInitUnicodeString
-  - RtlEqualUnicodeString
-  - DbgPrint
-  - ZwClose
-  - ZwOpenKey
-  - ZwQueryValueKey
-  - ZwSetValueKey
-  - KeInitializeEvent
-  - KeWaitForSingleObject
-  - PsGetVersion
-  - IoBuildDeviceIoControlRequest
-  - IofCallDriver
-  - IofCompleteRequest
-  - IoGetDeviceObjectPointer
-  - ObfDereferenceObject
-  - IoRegisterBootDriverCallback
-  - IoUnregisterBootDriverCallback
-  - _stricmp
-  - MmIsAddressValid
-  - RtlImageNtHeader
-  - ZwQuerySystemInformation
-  - wcsncmp
-  - Tbsi_Revoke_Attestation
-  Imports:
-  - ntoskrnl.exe
-  - tbs.sys
-  InternalName: Tmel.sys
-  MD5: 4064a81b6339992cbb4171b43b9a69dc
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: Tmel.sys
-  PDBPath: ''
-  Product: Trend Micro Early Launch Anti-Malware Driver
-  ProductVersion: '1.6'
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 2b90445ddec8a8d927ff6eed42b21531
-    SHA1: f49c75459256c711d9fc43aa63094e9059a9f60a
-    SHA256: 76890383bfcdb892dff16275a90fe117eef2e9733d56439f6580288b2148a10d
-  SHA1: 6cf7db611a351dbbf4e8cfde5b9912ddc329e43d
-  SHA256: e505569892551b2ba79d8792badff0a41faea033e8d8f85c3afea33463c70bd9
-  Sections:
-    .text:
-      Entropy: 6.195549645690676
-      Virtual Size: '0x5004'
-    .rdata:
-      Entropy: 4.271691496190218
-      Virtual Size: '0x86c'
-    .data:
-      Entropy: 0.7723664588396264
-      Virtual Size: '0x500'
-    .pdata:
-      Entropy: 4.188948162641279
-      Virtual Size: '0x3b4'
-    INIT:
-      Entropy: 4.901313477158036
-      Virtual Size: '0x3aa'
-    .rsrc:
-      Entropy: 3.4925070120773976
-      Virtual Size: '0x810'
-    .reloc:
-      Entropy: 3.624399326618123
-      Virtual Size: '0x126'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft
-        Windows Early Launch Anti,malware Publisher
-      ValidFrom: '2015-01-14 21:31:10'
-      ValidTo: '2016-04-14 21:31:10'
-      Signature: 18c72a193d7efedccdf640d0a9c0ff2e9fa9b7b1dc3ac28ea90d33df3ab44670eab692d7c90e5dfa97ea674905adf1578f2d14a6085d2904c8812991ccec229b9dd2f11516f894517e97c201eff48c998ccf6b5d7a0efd07190ab33927be386d62acaaf5b73f4f891af0ef8002648737e57e62e9798e097aacced862778b51cc92357e090203fe6cd2322b82c6bde16dfaf6e598d05b1a352263da413a766038e665108701d6ac7efbe7ec04785a4b4f99a46583d724a09440d4752fb3d40c3565b3d03d37234f1bed4e3ae0c59160650f38aef29d3cf6a920ab86040f09e9f8087e9a89d8c443b3916d87479c352fdb44982f4799753df5e754434759545b1624ebef4794fffc2e2c8957fa370cee7790da87b3dfec3750a9a4a3780454299766c8a77670511082c4765b75be6a94a43113f58e22dac6440a102faf25f10dcd021f2e25b311b641c635b3ae5d9f7f63b342feaa02159be5bb63f09327162a523029df7f44fa36f0665708523b63678748d09ddbe1298817549b9f600a42e2249b654b94276ac16a843f18d1531c0a8512ebdf0a8f8238529bfbf5587542d6cc038e7a5abc9d39d09f455f8f078ab1d26d57bf16eebfd1eb8ed9bf49da61ff138b362abb0a22718c322aada6bd26c1059ba8ebae619c15ddad5496d2a424c975bcc26cfded04ddb3d0f23342882b3bc97602329639df471c2541222b768127f8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 330000000a35c02110041db90300000000000a
-      Version: 3
-      TBS:
-        MD5: 3d599ae8f2823b242ef0b42a48eb116c
-        SHA1: 87d1616058dae44dd602ab9acd4ac4e736bbd451
-        SHA256: eda5653cc4fffbaeded2567b92aa03abb6c60ade2da823b8a07d826e0856c0af
-        SHA384: f3d5d7e6a53e96d5c44b92c6bd81d71c6ffaf0ed77c13229adb301bc10ba7c2d5afde3d6a5eb553244666b0ce9ec68af
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2014
-      ValidFrom: '2014-10-15 20:31:27'
-      ValidTo: '2029-10-15 20:41:27'
-      Signature: 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 330000000d690d5d7893d076df00000000000d
-      Version: 3
-      TBS:
-        MD5: 83f69422963f11c3c340b81712eef319
-        SHA1: 0c5e5f24590b53bc291e28583acb78e5adc95601
-        SHA256: d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
-        SHA384: 260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63
-    Signer:
-    - SerialNumber: 330000000a35c02110041db90300000000000a
-      Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2014
-      Version: 1
-  Imphash: f6aeb7d666f83d90492fb76d8af4e15b
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 517db4899b3d996cb6f902b0611d233f
-    SHA1: a9c9cb2548322748208199a7702d8056ad9a24fd
-    SHA256: 0e121d80264c51df9a6fca2f2201d75ccd4dc29d9566bbf0975bb05759e9c6c7
-  Company: Trend Micro Inc.
-  Copyright: Copyright (C) 2015 Trend Micro Incorporated. All rights reserved.
-  CreationTimestamp: '2015-05-08 01:13:56'
-  Date: ''
-  Description: TrendMicro ELAM Driver (64-Bit)
-  ExportedFunctions: ''
-  FileVersion: 1.6.0.1002
-  Filename: ''
-  ImportedFunctions:
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - _purecall
-  - strncpy
-  - wcsncpy
-  - RtlInitUnicodeString
-  - RtlEqualUnicodeString
-  - DbgPrint
-  - ZwClose
-  - ZwOpenKey
-  - ZwQueryValueKey
-  - ZwSetValueKey
-  - KeInitializeEvent
-  - KeWaitForSingleObject
-  - IoBuildDeviceIoControlRequest
-  - IofCallDriver
-  - IofCompleteRequest
-  - IoGetDeviceObjectPointer
-  - ObfDereferenceObject
-  - IoRegisterBootDriverCallback
-  - IoUnregisterBootDriverCallback
-  - _stricmp
-  - MmIsAddressValid
-  - RtlImageNtHeader
-  - ZwQuerySystemInformation
-  - wcsncmp
-  - Tbsi_Revoke_Attestation
-  Imports:
-  - ntoskrnl.exe
-  - tbs.sys
-  InternalName: Tmel.sys
-  MD5: e58491b5aec097f17e310f83e82ae0c8
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: Tmel.sys
-  PDBPath: ''
-  Product: Trend Micro Early Launch Anti-Malware Driver
-  ProductVersion: '1.6'
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: fed8b3a0eacb12baa3271fc6856838a1
-    SHA1: 173b7cc38568ee8dabd25b695d2ab5a03febc21a
-    SHA256: 91598130b4705df160c726ff59dee5a2e460cc731ad6ef0b0b062ed06c7cec38
-  SHA1: b667f48f5518632f3159f51e5e1f6332627c4fd8
-  SHA256: d0eb3ba0aff471d19260192784bf9f056d669b779b6eaff84e732b7124ce1d11
-  Sections:
-    .text:
-      Entropy: 6.211209396417356
-      Virtual Size: '0x4f84'
-    .rdata:
-      Entropy: 4.271822261614328
-      Virtual Size: '0x85c'
-    .data:
-      Entropy: 0.7723664588396264
-      Virtual Size: '0x4f8'
-    .pdata:
-      Entropy: 4.17152707941952
-      Virtual Size: '0x3a8'
-    INIT:
-      Entropy: 4.919554726416368
-      Virtual Size: '0x392'
-    .rsrc:
-      Entropy: 3.4851512565207843
-      Virtual Size: '0x810'
-    .reloc:
-      Entropy: 3.695966332799845
-      Virtual Size: '0x11c'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft
-        Windows Early Launch Anti,malware Publisher
-      ValidFrom: '2015-01-14 21:31:10'
-      ValidTo: '2016-04-14 21:31:10'
-      Signature: 18c72a193d7efedccdf640d0a9c0ff2e9fa9b7b1dc3ac28ea90d33df3ab44670eab692d7c90e5dfa97ea674905adf1578f2d14a6085d2904c8812991ccec229b9dd2f11516f894517e97c201eff48c998ccf6b5d7a0efd07190ab33927be386d62acaaf5b73f4f891af0ef8002648737e57e62e9798e097aacced862778b51cc92357e090203fe6cd2322b82c6bde16dfaf6e598d05b1a352263da413a766038e665108701d6ac7efbe7ec04785a4b4f99a46583d724a09440d4752fb3d40c3565b3d03d37234f1bed4e3ae0c59160650f38aef29d3cf6a920ab86040f09e9f8087e9a89d8c443b3916d87479c352fdb44982f4799753df5e754434759545b1624ebef4794fffc2e2c8957fa370cee7790da87b3dfec3750a9a4a3780454299766c8a77670511082c4765b75be6a94a43113f58e22dac6440a102faf25f10dcd021f2e25b311b641c635b3ae5d9f7f63b342feaa02159be5bb63f09327162a523029df7f44fa36f0665708523b63678748d09ddbe1298817549b9f600a42e2249b654b94276ac16a843f18d1531c0a8512ebdf0a8f8238529bfbf5587542d6cc038e7a5abc9d39d09f455f8f078ab1d26d57bf16eebfd1eb8ed9bf49da61ff138b362abb0a22718c322aada6bd26c1059ba8ebae619c15ddad5496d2a424c975bcc26cfded04ddb3d0f23342882b3bc97602329639df471c2541222b768127f8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 330000000a35c02110041db90300000000000a
-      Version: 3
-      TBS:
-        MD5: 3d599ae8f2823b242ef0b42a48eb116c
-        SHA1: 87d1616058dae44dd602ab9acd4ac4e736bbd451
-        SHA256: eda5653cc4fffbaeded2567b92aa03abb6c60ade2da823b8a07d826e0856c0af
-        SHA384: f3d5d7e6a53e96d5c44b92c6bd81d71c6ffaf0ed77c13229adb301bc10ba7c2d5afde3d6a5eb553244666b0ce9ec68af
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2014
-      ValidFrom: '2014-10-15 20:31:27'
-      ValidTo: '2029-10-15 20:41:27'
-      Signature: 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 330000000d690d5d7893d076df00000000000d
-      Version: 3
-      TBS:
-        MD5: 83f69422963f11c3c340b81712eef319
-        SHA1: 0c5e5f24590b53bc291e28583acb78e5adc95601
-        SHA256: d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
-        SHA384: 260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63
-    Signer:
-    - SerialNumber: 330000000a35c02110041db90300000000000a
-      Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2014
-      Version: 1
-  Imphash: e54f28e331d8e2b722551f3b280cc686
-  LoadsDespiteHVCI: 'FALSE'
-MitreID: T1068
+    Command: ''
+    Description: Confirmed vulnerable driver from Microsoft Block List
+    OperatingSystem: Windows
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://gist.github.com/mgraeber-rc/1bde6a2a83237f17b463d051d32e802c
-Tags:
-- Tmel.sys
-Verified: 'TRUE'
+Detection:
+-   type: ''
+    value: ''
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 9452955f95c4dde4370d5ea363a86400
+        SHA1: 47d918b63158a297c44e3e8bbe1d2f99900e7fef
+        SHA256: 3de38ef40dbda07a537a7e48cb5d59dbd17bf27d5d399b32df737cd67c0cdb25
+    Company: Trend Micro Inc.
+    Copyright: Copyright (C) 2015 Trend Micro Incorporated. All rights reserved.
+    CreationTimestamp: '2015-05-08 00:06:46'
+    Date: ''
+    Description: TrendMicro ELAM Driver
+    ExportedFunctions: ''
+    FileVersion: 1.6.0.1002
+    Filename: ''
+    ImportedFunctions:
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - _purecall
+    - strncpy
+    - wcsncpy
+    - RtlInitUnicodeString
+    - RtlEqualUnicodeString
+    - DbgPrint
+    - KeQuerySystemTime
+    - ZwClose
+    - ZwOpenKey
+    - ZwQueryValueKey
+    - ZwSetValueKey
+    - memcpy
+    - memset
+    - KeInitializeEvent
+    - KeWaitForSingleObject
+    - IoBuildDeviceIoControlRequest
+    - IofCallDriver
+    - IofCompleteRequest
+    - IoGetDeviceObjectPointer
+    - ObfDereferenceObject
+    - IoRegisterBootDriverCallback
+    - IoUnregisterBootDriverCallback
+    - _stricmp
+    - MmIsAddressValid
+    - RtlImageNtHeader
+    - ZwQuerySystemInformation
+    - wcsncmp
+    - memcmp
+    - RtlUnwind
+    - Tbsi_Revoke_Attestation
+    Imports:
+    - ntoskrnl.exe
+    - tbs.sys
+    InternalName: Tmel.sys
+    MD5: d052dc4ac3c5bfe34f04abc62a153847
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: Tmel.sys
+    PDBPath: ''
+    Product: Trend Micro Early Launch Anti-Malware Driver
+    ProductVersion: '1.6'
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 5e73d8474cb1757ee6566d0416cc7aea
+        SHA1: 631a45aea3207ad70ac96c80e6c1e28d87b7a982
+        SHA256: 5e23e66bee07280a49103359030aa43aa4171df8887676fb7c75fa741496736d
+    SHA1: 6eece018896c250f15f778f0ccae667f315b8bd1
+    SHA256: dd628061d6e53f3f0b44f409ad914b3494c5d7b5ff6ff0e8fc3161aacec93e96
+    Sections:
+        .text:
+            Entropy: 6.361406803326352
+            Virtual Size: '0x3f32'
+        .rdata:
+            Entropy: 4.152220214860239
+            Virtual Size: '0x300'
+        .data:
+            Entropy: 0.6946247138069125
+            Virtual Size: '0x328'
+        INIT:
+            Entropy: 5.302438952697484
+            Virtual Size: '0x364'
+        .rsrc:
+            Entropy: 3.489216555517427
+            Virtual Size: '0x800'
+        .reloc:
+            Entropy: 6.073476767052889
+            Virtual Size: '0x4b6'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR,
+                CN=Microsoft Windows Early Launch Anti,malware Publisher
+            ValidFrom: '2015-01-14 21:31:10'
+            ValidTo: '2016-04-14 21:31:10'
+            Signature: 18c72a193d7efedccdf640d0a9c0ff2e9fa9b7b1dc3ac28ea90d33df3ab44670eab692d7c90e5dfa97ea674905adf1578f2d14a6085d2904c8812991ccec229b9dd2f11516f894517e97c201eff48c998ccf6b5d7a0efd07190ab33927be386d62acaaf5b73f4f891af0ef8002648737e57e62e9798e097aacced862778b51cc92357e090203fe6cd2322b82c6bde16dfaf6e598d05b1a352263da413a766038e665108701d6ac7efbe7ec04785a4b4f99a46583d724a09440d4752fb3d40c3565b3d03d37234f1bed4e3ae0c59160650f38aef29d3cf6a920ab86040f09e9f8087e9a89d8c443b3916d87479c352fdb44982f4799753df5e754434759545b1624ebef4794fffc2e2c8957fa370cee7790da87b3dfec3750a9a4a3780454299766c8a77670511082c4765b75be6a94a43113f58e22dac6440a102faf25f10dcd021f2e25b311b641c635b3ae5d9f7f63b342feaa02159be5bb63f09327162a523029df7f44fa36f0665708523b63678748d09ddbe1298817549b9f600a42e2249b654b94276ac16a843f18d1531c0a8512ebdf0a8f8238529bfbf5587542d6cc038e7a5abc9d39d09f455f8f078ab1d26d57bf16eebfd1eb8ed9bf49da61ff138b362abb0a22718c322aada6bd26c1059ba8ebae619c15ddad5496d2a424c975bcc26cfded04ddb3d0f23342882b3bc97602329639df471c2541222b768127f8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 330000000a35c02110041db90300000000000a
+            Version: 3
+            TBS:
+                MD5: 3d599ae8f2823b242ef0b42a48eb116c
+                SHA1: 87d1616058dae44dd602ab9acd4ac4e736bbd451
+                SHA256: eda5653cc4fffbaeded2567b92aa03abb6c60ade2da823b8a07d826e0856c0af
+                SHA384: f3d5d7e6a53e96d5c44b92c6bd81d71c6ffaf0ed77c13229adb301bc10ba7c2d5afde3d6a5eb553244666b0ce9ec68af
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2014
+            ValidFrom: '2014-10-15 20:31:27'
+            ValidTo: '2029-10-15 20:41:27'
+            Signature: 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 330000000d690d5d7893d076df00000000000d
+            Version: 3
+            TBS:
+                MD5: 83f69422963f11c3c340b81712eef319
+                SHA1: 0c5e5f24590b53bc291e28583acb78e5adc95601
+                SHA256: d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
+                SHA384: 260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63
+        Signer:
+        -   SerialNumber: 330000000a35c02110041db90300000000000a
+            Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2014
+            Version: 1
+    Imphash: e53133e314605f61696ede9f23dbc14e
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 93de89630be80425a0f5571498b89048
+        SHA1: 6f39048e31f8e835f7537998bbd3b6ac5cff2c04
+        SHA256: 4bef5f5160c6a981562597dda319f9a235c28d5beba5268a454f734500ec1f4f
+    Company: Trend Micro Inc.
+    Copyright: Copyright (C) 2015 Trend Micro Incorporated. All rights reserved.
+    CreationTimestamp: '2015-11-18 03:14:15'
+    Date: ''
+    Description: TrendMicro ELAM Driver (64-Bit)
+    ExportedFunctions: ''
+    FileVersion: 1.6.0.1004
+    Filename: ''
+    ImportedFunctions:
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - _purecall
+    - strncpy
+    - wcsncpy
+    - RtlInitUnicodeString
+    - RtlEqualUnicodeString
+    - DbgPrint
+    - ZwClose
+    - ZwOpenKey
+    - ZwQueryValueKey
+    - ZwSetValueKey
+    - KeInitializeEvent
+    - KeWaitForSingleObject
+    - PsGetVersion
+    - IoBuildDeviceIoControlRequest
+    - IofCallDriver
+    - IofCompleteRequest
+    - IoGetDeviceObjectPointer
+    - ObfDereferenceObject
+    - IoRegisterBootDriverCallback
+    - IoUnregisterBootDriverCallback
+    - _stricmp
+    - MmIsAddressValid
+    - RtlImageNtHeader
+    - ZwQuerySystemInformation
+    - wcsncmp
+    - Tbsi_Revoke_Attestation
+    Imports:
+    - ntoskrnl.exe
+    - tbs.sys
+    InternalName: Tmel.sys
+    MD5: 4064a81b6339992cbb4171b43b9a69dc
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: Tmel.sys
+    PDBPath: ''
+    Product: Trend Micro Early Launch Anti-Malware Driver
+    ProductVersion: '1.6'
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 2b90445ddec8a8d927ff6eed42b21531
+        SHA1: f49c75459256c711d9fc43aa63094e9059a9f60a
+        SHA256: 76890383bfcdb892dff16275a90fe117eef2e9733d56439f6580288b2148a10d
+    SHA1: 6cf7db611a351dbbf4e8cfde5b9912ddc329e43d
+    SHA256: e505569892551b2ba79d8792badff0a41faea033e8d8f85c3afea33463c70bd9
+    Sections:
+        .text:
+            Entropy: 6.195549645690676
+            Virtual Size: '0x5004'
+        .rdata:
+            Entropy: 4.271691496190218
+            Virtual Size: '0x86c'
+        .data:
+            Entropy: 0.7723664588396264
+            Virtual Size: '0x500'
+        .pdata:
+            Entropy: 4.188948162641279
+            Virtual Size: '0x3b4'
+        INIT:
+            Entropy: 4.901313477158036
+            Virtual Size: '0x3aa'
+        .rsrc:
+            Entropy: 3.4925070120773976
+            Virtual Size: '0x810'
+        .reloc:
+            Entropy: 3.624399326618123
+            Virtual Size: '0x126'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR,
+                CN=Microsoft Windows Early Launch Anti,malware Publisher
+            ValidFrom: '2015-01-14 21:31:10'
+            ValidTo: '2016-04-14 21:31:10'
+            Signature: 18c72a193d7efedccdf640d0a9c0ff2e9fa9b7b1dc3ac28ea90d33df3ab44670eab692d7c90e5dfa97ea674905adf1578f2d14a6085d2904c8812991ccec229b9dd2f11516f894517e97c201eff48c998ccf6b5d7a0efd07190ab33927be386d62acaaf5b73f4f891af0ef8002648737e57e62e9798e097aacced862778b51cc92357e090203fe6cd2322b82c6bde16dfaf6e598d05b1a352263da413a766038e665108701d6ac7efbe7ec04785a4b4f99a46583d724a09440d4752fb3d40c3565b3d03d37234f1bed4e3ae0c59160650f38aef29d3cf6a920ab86040f09e9f8087e9a89d8c443b3916d87479c352fdb44982f4799753df5e754434759545b1624ebef4794fffc2e2c8957fa370cee7790da87b3dfec3750a9a4a3780454299766c8a77670511082c4765b75be6a94a43113f58e22dac6440a102faf25f10dcd021f2e25b311b641c635b3ae5d9f7f63b342feaa02159be5bb63f09327162a523029df7f44fa36f0665708523b63678748d09ddbe1298817549b9f600a42e2249b654b94276ac16a843f18d1531c0a8512ebdf0a8f8238529bfbf5587542d6cc038e7a5abc9d39d09f455f8f078ab1d26d57bf16eebfd1eb8ed9bf49da61ff138b362abb0a22718c322aada6bd26c1059ba8ebae619c15ddad5496d2a424c975bcc26cfded04ddb3d0f23342882b3bc97602329639df471c2541222b768127f8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 330000000a35c02110041db90300000000000a
+            Version: 3
+            TBS:
+                MD5: 3d599ae8f2823b242ef0b42a48eb116c
+                SHA1: 87d1616058dae44dd602ab9acd4ac4e736bbd451
+                SHA256: eda5653cc4fffbaeded2567b92aa03abb6c60ade2da823b8a07d826e0856c0af
+                SHA384: f3d5d7e6a53e96d5c44b92c6bd81d71c6ffaf0ed77c13229adb301bc10ba7c2d5afde3d6a5eb553244666b0ce9ec68af
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2014
+            ValidFrom: '2014-10-15 20:31:27'
+            ValidTo: '2029-10-15 20:41:27'
+            Signature: 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 330000000d690d5d7893d076df00000000000d
+            Version: 3
+            TBS:
+                MD5: 83f69422963f11c3c340b81712eef319
+                SHA1: 0c5e5f24590b53bc291e28583acb78e5adc95601
+                SHA256: d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
+                SHA384: 260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63
+        Signer:
+        -   SerialNumber: 330000000a35c02110041db90300000000000a
+            Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2014
+            Version: 1
+    Imphash: f6aeb7d666f83d90492fb76d8af4e15b
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 517db4899b3d996cb6f902b0611d233f
+        SHA1: a9c9cb2548322748208199a7702d8056ad9a24fd
+        SHA256: 0e121d80264c51df9a6fca2f2201d75ccd4dc29d9566bbf0975bb05759e9c6c7
+    Company: Trend Micro Inc.
+    Copyright: Copyright (C) 2015 Trend Micro Incorporated. All rights reserved.
+    CreationTimestamp: '2015-05-08 01:13:56'
+    Date: ''
+    Description: TrendMicro ELAM Driver (64-Bit)
+    ExportedFunctions: ''
+    FileVersion: 1.6.0.1002
+    Filename: ''
+    ImportedFunctions:
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - _purecall
+    - strncpy
+    - wcsncpy
+    - RtlInitUnicodeString
+    - RtlEqualUnicodeString
+    - DbgPrint
+    - ZwClose
+    - ZwOpenKey
+    - ZwQueryValueKey
+    - ZwSetValueKey
+    - KeInitializeEvent
+    - KeWaitForSingleObject
+    - IoBuildDeviceIoControlRequest
+    - IofCallDriver
+    - IofCompleteRequest
+    - IoGetDeviceObjectPointer
+    - ObfDereferenceObject
+    - IoRegisterBootDriverCallback
+    - IoUnregisterBootDriverCallback
+    - _stricmp
+    - MmIsAddressValid
+    - RtlImageNtHeader
+    - ZwQuerySystemInformation
+    - wcsncmp
+    - Tbsi_Revoke_Attestation
+    Imports:
+    - ntoskrnl.exe
+    - tbs.sys
+    InternalName: Tmel.sys
+    MD5: e58491b5aec097f17e310f83e82ae0c8
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: Tmel.sys
+    PDBPath: ''
+    Product: Trend Micro Early Launch Anti-Malware Driver
+    ProductVersion: '1.6'
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: fed8b3a0eacb12baa3271fc6856838a1
+        SHA1: 173b7cc38568ee8dabd25b695d2ab5a03febc21a
+        SHA256: 91598130b4705df160c726ff59dee5a2e460cc731ad6ef0b0b062ed06c7cec38
+    SHA1: b667f48f5518632f3159f51e5e1f6332627c4fd8
+    SHA256: d0eb3ba0aff471d19260192784bf9f056d669b779b6eaff84e732b7124ce1d11
+    Sections:
+        .text:
+            Entropy: 6.211209396417356
+            Virtual Size: '0x4f84'
+        .rdata:
+            Entropy: 4.271822261614328
+            Virtual Size: '0x85c'
+        .data:
+            Entropy: 0.7723664588396264
+            Virtual Size: '0x4f8'
+        .pdata:
+            Entropy: 4.17152707941952
+            Virtual Size: '0x3a8'
+        INIT:
+            Entropy: 4.919554726416368
+            Virtual Size: '0x392'
+        .rsrc:
+            Entropy: 3.4851512565207843
+            Virtual Size: '0x810'
+        .reloc:
+            Entropy: 3.695966332799845
+            Virtual Size: '0x11c'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR,
+                CN=Microsoft Windows Early Launch Anti,malware Publisher
+            ValidFrom: '2015-01-14 21:31:10'
+            ValidTo: '2016-04-14 21:31:10'
+            Signature: 18c72a193d7efedccdf640d0a9c0ff2e9fa9b7b1dc3ac28ea90d33df3ab44670eab692d7c90e5dfa97ea674905adf1578f2d14a6085d2904c8812991ccec229b9dd2f11516f894517e97c201eff48c998ccf6b5d7a0efd07190ab33927be386d62acaaf5b73f4f891af0ef8002648737e57e62e9798e097aacced862778b51cc92357e090203fe6cd2322b82c6bde16dfaf6e598d05b1a352263da413a766038e665108701d6ac7efbe7ec04785a4b4f99a46583d724a09440d4752fb3d40c3565b3d03d37234f1bed4e3ae0c59160650f38aef29d3cf6a920ab86040f09e9f8087e9a89d8c443b3916d87479c352fdb44982f4799753df5e754434759545b1624ebef4794fffc2e2c8957fa370cee7790da87b3dfec3750a9a4a3780454299766c8a77670511082c4765b75be6a94a43113f58e22dac6440a102faf25f10dcd021f2e25b311b641c635b3ae5d9f7f63b342feaa02159be5bb63f09327162a523029df7f44fa36f0665708523b63678748d09ddbe1298817549b9f600a42e2249b654b94276ac16a843f18d1531c0a8512ebdf0a8f8238529bfbf5587542d6cc038e7a5abc9d39d09f455f8f078ab1d26d57bf16eebfd1eb8ed9bf49da61ff138b362abb0a22718c322aada6bd26c1059ba8ebae619c15ddad5496d2a424c975bcc26cfded04ddb3d0f23342882b3bc97602329639df471c2541222b768127f8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 330000000a35c02110041db90300000000000a
+            Version: 3
+            TBS:
+                MD5: 3d599ae8f2823b242ef0b42a48eb116c
+                SHA1: 87d1616058dae44dd602ab9acd4ac4e736bbd451
+                SHA256: eda5653cc4fffbaeded2567b92aa03abb6c60ade2da823b8a07d826e0856c0af
+                SHA384: f3d5d7e6a53e96d5c44b92c6bd81d71c6ffaf0ed77c13229adb301bc10ba7c2d5afde3d6a5eb553244666b0ce9ec68af
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2014
+            ValidFrom: '2014-10-15 20:31:27'
+            ValidTo: '2029-10-15 20:41:27'
+            Signature: 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 330000000d690d5d7893d076df00000000000d
+            Version: 3
+            TBS:
+                MD5: 83f69422963f11c3c340b81712eef319
+                SHA1: 0c5e5f24590b53bc291e28583acb78e5adc95601
+                SHA256: d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
+                SHA384: 260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63
+        Signer:
+        -   SerialNumber: 330000000a35c02110041db90300000000000a
+            Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2014
+            Version: 1
+    Imphash: e54f28e331d8e2b722551f3b280cc686
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/1bf3b155-752a-4cc7-beb0-f202e525eb1a.yaml b/yaml/1bf3b155-752a-4cc7-beb0-f202e525eb1a.yaml
index adeed9ecf..18710207d 100644
--- a/yaml/1bf3b155-752a-4cc7-beb0-f202e525eb1a.yaml
+++ b/yaml/1bf3b155-752a-4cc7-beb0-f202e525eb1a.yaml
@@ -1,154 +1,154 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 1bf3b155-752a-4cc7-beb0-f202e525eb1a
+Tags:
+- daxin_blank1.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: malicious
-Commands:
-  Command: sc.exe create daxin_blank1.sys binPath=C:\windows\temp\daxin_blank1.sys     type=kernel
-    && sc.exe start daxin_blank1.sys
-  Description: Driver used in the Daxin malware campaign.
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-02-28'
-Detection: []
-Id: 1bf3b155-752a-4cc7-beb0-f202e525eb1a
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 7c9b3308f3eb98dd7ddb59b2f6b14656
-    SHA1: 6a9693e262ea82a33b6caee0426512f944366577
-    SHA256: 389d04a947be32b43eab5767f548fc193e9ac5fe5225a3b6dc26ddc80c326d7d
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2021-02-05 21:05:26'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: daxin_blank1.sys
-  ImportedFunctions:
-  - _stricmp
-  - NdisDeregisterProtocol
-  - ExAllocatePool
-  - NtQuerySystemInformation
-  - ExFreePoolWithTag
-  - IoAllocateMdl
-  - MmProbeAndLockPages
-  - MmMapLockedPagesSpecifyCache
-  - MmUnlockPages
-  - IoFreeMdl
-  - KeQueryActiveProcessors
-  - KeSetSystemAffinityThread
-  - KeRevertToUserAffinityThread
-  - DbgPrint
-  - KeQueryPerformanceCounter
-  Imports:
-  - ntoskrnl.exe
-  - NDIS.SYS
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: a6e9d6505f6d2326a8a9214667c61c67
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: Fuqing Yuntan Network Tech Co.,Ltd.
-  RichPEHeaderHash:
-    MD5: ffdf660eb1ebf020a1d0a55a90712dfb
-    SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
-    SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
-  SHA1: cb3f30809b05cf02bc29d4a7796fb0650271e542
-  SHA256: 5bc3994612624da168750455b363f2964e1861dba4f1c305df01b970ac02a7ae
-  Sections:
-    .text:
-      Entropy: 0.0
-      Virtual Size: '0xfd2c'
-    .rdata:
-      Entropy: 0.0
-      Virtual Size: '0x97c'
-    .data:
-      Entropy: 0.0
-      Virtual Size: '0x137b0'
-    .pdata:
-      Entropy: 0.0
-      Virtual Size: '0x9f0'
-    INIT:
-      Entropy: 0.0
-      Virtual Size: '0x10fa'
-    .vmp0:
-      Entropy: 0.0
-      Virtual Size: '0x14c4ff'
-    .vmp1:
-      Entropy: 7.704706089997662
-      Virtual Size: '0x297058'
-    .reloc:
-      Entropy: 3.8824949399771813
-      Virtual Size: '0x90'
-  Signature: A certificate was explicitly revoked by its issuer.
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=CN, ST=Fuzhou, L=Fuqing, O=Fuqing Yuntan Network Tech Co.,Ltd., OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, CN=Fuqing Yuntan Network Tech
-        Co.,Ltd.
-      ValidFrom: '2013-04-09 00:00:00'
-      ValidTo: '2014-04-09 23:59:59'
-      Signature: 6946a8e63d6d38e19d41b4b5f4a71715c2c03ea0f9775b97dd3bf2d343be21049f4b78a351a0b1b8d30121393af537dfee0828f051ea2a87bed271ccc0e85e7ed9911d1d36d35da6e1141edc77520be857cf00bf3ac9b7e80722dd3580dd9eb7fab6f4134e4f1f1b794f1c28bc521ee4abbf5be4b6f2b149fca0f2beb4ba69616a0a442b06093c04ece1b42b0c121b0703c6a7d7af421a880bf3e45bfe28bcc4da347397d3aa67c89e3656062e9397dec782863abe49df79527e06388885b9d28c4bd078cc002a41206a266bfbe584b35748d6d0526fef478931c7527be7095fc9c7ee088f1c889834bb2533c3f45cfe41d1b19d0b80863ed52bc8a9d1b1d2ea
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 516ceb03f17e10c24b45ffb6336e5915
-      Version: 3
-      TBS:
-        MD5: fe2cc3b135dc2f887e620d33a02ef639
-        SHA1: a92b0a710c038b8556fb3d74742118f75c5c3d57
-        SHA256: 4b98540e377559d976ea0a9e40920f4a308a060fd16b27665fc7a8f2273df483
-        SHA384: a713c1f2d1fb5bd88108f0241683b012083946779e31971206eef1a580f5813b26a2aae376162ac2193509ff8ce675fe
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 516ceb03f17e10c24b45ffb6336e5915
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: c9a6e83d931286d1604d1add8403e1e5
-  LoadsDespiteHVCI: 'TRUE'
 MitreID: T1068
+Category: malicious
+Commands:
+    Command: sc.exe create daxin_blank1.sys binPath=C:\windows\temp\daxin_blank1.sys     type=kernel
+        && sc.exe start daxin_blank1.sys
+    Description: Driver used in the Daxin malware campaign.
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://gist.github.com/MHaggis/9ab3bb795a6018d70fb11fa7c31f8f48
 - https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/daxin-backdoor-espionage
 - ''
-Tags:
-- daxin_blank1.sys
-Verified: 'TRUE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 7c9b3308f3eb98dd7ddb59b2f6b14656
+        SHA1: 6a9693e262ea82a33b6caee0426512f944366577
+        SHA256: 389d04a947be32b43eab5767f548fc193e9ac5fe5225a3b6dc26ddc80c326d7d
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2021-02-05 21:05:26'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: daxin_blank1.sys
+    ImportedFunctions:
+    - _stricmp
+    - NdisDeregisterProtocol
+    - ExAllocatePool
+    - NtQuerySystemInformation
+    - ExFreePoolWithTag
+    - IoAllocateMdl
+    - MmProbeAndLockPages
+    - MmMapLockedPagesSpecifyCache
+    - MmUnlockPages
+    - IoFreeMdl
+    - KeQueryActiveProcessors
+    - KeSetSystemAffinityThread
+    - KeRevertToUserAffinityThread
+    - DbgPrint
+    - KeQueryPerformanceCounter
+    Imports:
+    - ntoskrnl.exe
+    - NDIS.SYS
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: a6e9d6505f6d2326a8a9214667c61c67
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: Fuqing Yuntan Network Tech Co.,Ltd.
+    RichPEHeaderHash:
+        MD5: ffdf660eb1ebf020a1d0a55a90712dfb
+        SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
+        SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
+    SHA1: cb3f30809b05cf02bc29d4a7796fb0650271e542
+    SHA256: 5bc3994612624da168750455b363f2964e1861dba4f1c305df01b970ac02a7ae
+    Sections:
+        .text:
+            Entropy: 0.0
+            Virtual Size: '0xfd2c'
+        .rdata:
+            Entropy: 0.0
+            Virtual Size: '0x97c'
+        .data:
+            Entropy: 0.0
+            Virtual Size: '0x137b0'
+        .pdata:
+            Entropy: 0.0
+            Virtual Size: '0x9f0'
+        INIT:
+            Entropy: 0.0
+            Virtual Size: '0x10fa'
+        .vmp0:
+            Entropy: 0.0
+            Virtual Size: '0x14c4ff'
+        .vmp1:
+            Entropy: 7.704706089997662
+            Virtual Size: '0x297058'
+        .reloc:
+            Entropy: 3.8824949399771813
+            Virtual Size: '0x90'
+    Signature: A certificate was explicitly revoked by its issuer.
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=CN, ST=Fuzhou, L=Fuqing, O=Fuqing Yuntan Network Tech Co.,Ltd.,
+                OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=Fuqing
+                Yuntan Network Tech Co.,Ltd.
+            ValidFrom: '2013-04-09 00:00:00'
+            ValidTo: '2014-04-09 23:59:59'
+            Signature: 6946a8e63d6d38e19d41b4b5f4a71715c2c03ea0f9775b97dd3bf2d343be21049f4b78a351a0b1b8d30121393af537dfee0828f051ea2a87bed271ccc0e85e7ed9911d1d36d35da6e1141edc77520be857cf00bf3ac9b7e80722dd3580dd9eb7fab6f4134e4f1f1b794f1c28bc521ee4abbf5be4b6f2b149fca0f2beb4ba69616a0a442b06093c04ece1b42b0c121b0703c6a7d7af421a880bf3e45bfe28bcc4da347397d3aa67c89e3656062e9397dec782863abe49df79527e06388885b9d28c4bd078cc002a41206a266bfbe584b35748d6d0526fef478931c7527be7095fc9c7ee088f1c889834bb2533c3f45cfe41d1b19d0b80863ed52bc8a9d1b1d2ea
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 516ceb03f17e10c24b45ffb6336e5915
+            Version: 3
+            TBS:
+                MD5: fe2cc3b135dc2f887e620d33a02ef639
+                SHA1: a92b0a710c038b8556fb3d74742118f75c5c3d57
+                SHA256: 4b98540e377559d976ea0a9e40920f4a308a060fd16b27665fc7a8f2273df483
+                SHA384: a713c1f2d1fb5bd88108f0241683b012083946779e31971206eef1a580f5813b26a2aae376162ac2193509ff8ce675fe
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 516ceb03f17e10c24b45ffb6336e5915
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: c9a6e83d931286d1604d1add8403e1e5
+    LoadsDespiteHVCI: 'TRUE'
diff --git a/yaml/1c6e1d3b-f825-4065-9e0c-83386883e40f.yaml b/yaml/1c6e1d3b-f825-4065-9e0c-83386883e40f.yaml
index 0993795f3..e66bf21b6 100644
--- a/yaml/1c6e1d3b-f825-4065-9e0c-83386883e40f.yaml
+++ b/yaml/1c6e1d3b-f825-4065-9e0c-83386883e40f.yaml
@@ -1,4044 +1,4059 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 1c6e1d3b-f825-4065-9e0c-83386883e40f
+Tags:
+- rzpnk.sys
+Verified: 'TRUE'
 Author: Michael Haag
+Created: '2023-01-09'
+MitreID: T1068
 CVE:
 - CVE-2017-9769
 Category: vulnerable driver
 Commands:
-  Command: sc.exe create rzpnk.sys binPath=C:\windows\temp\rzpnk.sys type=kernel &&
-    sc.exe start rzpnk.sys
-  Description: A vulnerability exists in the latest version of Razer Synapse (v2.20.15.1104
-    as of the day of disclosure) which can be leveraged locally by a malicious application
-    to elevate its privileges to those of NT_AUTHORITY\SYSTEM. The vulnerability lies
-    in a specific IOCTL handler in the rzpnk.sys driver that passes a PID specified
-    by the user to ZwOpenProcess. CVE-2017-9769.
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
-Created: '2023-01-09'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/93d873cdf23d5edc622b74f9544cac7fe247d7a68e1e2a7bf2879fad97a3ae63.yara
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: 1c6e1d3b-f825-4065-9e0c-83386883e40f
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 76934be6e996e801ea4d68c504d427c3
-    SHA1: b2e03d9e602a6026f45c08b686c6810abd43bfac
-    SHA256: 982ad43111d8b7a7900df652c8873eeb6aa485bb429dee6c2ad44acf598bb5e6
-  Company: Razer, Inc.
-  Copyright: Copyright (C) 2010-2017. Razer, Inc.
-  CreationTimestamp: '2017-07-16 13:10:48'
-  Date: ''
-  Description: Razer Overlay Support
-  ExportedFunctions: ''
-  FileVersion: 1.0.12.10155
-  Filename: rzpnk.sys
-  ImportedFunctions:
-  - IoAcquireCancelSpinLock
-  - IoReleaseCancelSpinLock
-  - ObReferenceObjectByHandle
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - KeAcquireGuardedMutex
-  - KeReleaseGuardedMutex
-  - RtlInitUnicodeString
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - PoStartNextPowerIrp
-  - IoDeleteDevice
-  - KeInitializeEvent
-  - PsSetCreateProcessNotifyRoutine
-  - PsSetCreateThreadNotifyRoutine
-  - PsRemoveCreateThreadNotifyRoutine
-  - ZwSetEvent
-  - _wcslwr
-  - wcsstr
-  - ZwClose
-  - KeSetEvent
-  - ZwWaitForSingleObject
-  - _purecall
-  - KeGetCurrentThread
-  - _vsnprintf
-  - swprintf
-  - PsLookupProcessByProcessId
-  - PsReferencePrimaryToken
-  - SeQueryInformationToken
-  - RtlLengthRequiredSid
-  - RtlInitializeSid
-  - RtlSubAuthoritySid
-  - RtlEqualSid
-  - PsDereferencePrimaryToken
-  - MmGetSystemRoutineAddress
-  - MmIsAddressValid
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - wcsrchr
-  - ZwOpenProcess
-  - PsLookupThreadByThreadId
-  - ObOpenObjectByPointer
-  - PsThreadType
-  - ZwCreateEvent
-  - PsGetCurrentProcessId
-  - ZwOpenProcessTokenEx
-  - ZwQueryInformationToken
-  - RtlSubAuthorityCountSid
-  - KeTickCount
-  - KeBugCheckEx
-  - ObfDereferenceObject
-  - sprintf
-  - IofCompleteRequest
-  - memcpy
-  - memset
-  - RtlUnwind
-  - KfAcquireSpinLock
-  - ExReleaseFastMutex
-  - ExAcquireFastMutex
-  - KfReleaseSpinLock
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: Rzpnk
-  MD5: 4cc3ddd5ae268d9a154a426af2c23ef9
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: Rzpnk.sys
-  Product: Rzpnk
-  ProductVersion: 1.0.12.10155
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 4a9a353a14ee7f23eb41b8a45b487e20
-    SHA1: 6c6a81d70919694d3abe35859966f0d320d0b3a3
-    SHA256: 89faf986a8af825587e8da0861c420dad1d83ce6bb17589fd1d397352352159c
-  SHA1: 684786de4b3b3f53816eae9df5f943a22c89601f
-  SHA256: 93d873cdf23d5edc622b74f9544cac7fe247d7a68e1e2a7bf2879fad97a3ae63
-  Sections:
-    .text:
-      Entropy: 6.13737056754944
-      Virtual Size: '0x3870'
-    .rdata:
-      Entropy: 0.7745929346692745
-      Virtual Size: '0x8b34'
-    .data:
-      Entropy: 0.16801126406945746
-      Virtual Size: '0x308'
-    PAGE:
-      Entropy: 4.500559089030644
-      Virtual Size: '0x69'
-    INIT:
-      Entropy: 5.53827735746872
-      Virtual Size: '0x676'
-    .rsrc:
-      Entropy: 3.335903976976208
-      Virtual Size: '0x348'
-    .reloc:
-      Entropy: 6.523525927018517
-      Virtual Size: '0x3dc'
-  Signature:
-  - Razer USA Ltd.
-  - Symantec Class 3 SHA256 Code Signing CA
-  - VeriSign
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=California, L=Irvine, O=Razer USA Ltd., CN=Razer USA Ltd.
-      ValidFrom: '2016-02-10 00:00:00'
-      ValidTo: '2019-02-07 23:59:59'
-      Signature: 06b8b8ab165538f61a5033c866556c0dd5e0f3ccc78633965b7feb8b012f312c40d09a3916370efd6a1747fa6c39c0de0be5226f7de748d11854a396dfcdfb31bdf572c2fa2561204ea01d2a076a197f89b7cb084d4cdd2c788195309cd507be6847667b2c00b74d94f53291c03201e23c363928968cbe4596649a671458d82001d22205c3d4f6beb5405247d9ad1ad832c12a96e7e557426d8fc85b0069b512354557b7e2124305c0171df610bea39f8dabb973e3fec041fbce781db485d88fa826f74f0e0810e62b63615404c2daeaa354fa3c73baafcd5daca7146f3afee8c30cb257f6b25843c5df2317c1d05a619e86e843c081169e0dfd5036cd19f9ef
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 1834b81889070312b5c4ca72ea419a5e
-      Version: 3
-      TBS:
-        MD5: 966e59fada7c527111ba61f0cafcb355
-        SHA1: d72efbe2c9127b91fffcfa0825dc16c9f7580e44
-        SHA256: 506eaba716a689df7e0bb57b6f41afea02cce8c4af4d2392e96bd2e1bf483528
-        SHA384: 0edb1fa0ccc2600fcd37358eb158fae5b72cc13fd3ff6cd0518aa6c780377dd5a7e39145784d4b9c595f163be613f2f1
-    - Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 SHA256 Code Signing CA
-      ValidFrom: '2013-12-10 00:00:00'
-      ValidTo: '2023-12-09 23:59:59'
-      Signature: 13851a1e69a937f7a0bda4af7e1d6153fe9d8c5e0ca6751e781723ddfdec1a035539fb7195c7655aa78e30d2445a61db706fda2105c22e73ba49f1d193fe5dc9cd5e03e0899e3f741ed7f7388ba9d6cfbb352f3358a89256d1c84d3b82e6798416fc28b0b147f31da23eee87d9a67fa456a53fad842e29de7cbca8aaa33d0401eaba93a20e502229174c87e43a115fd6a425899b056b2fb4c9014c277b0bac190522a060153fdac9fb4d4c8ffb726777fd2794c7ba350e8849fe8dfd28af4a12bd0db39705de440c15fa362b03dcc15001f1a1115d14e5e2bd274b54be2b845e0fa6c374050aef97c38922b11f77f3bdcd43d4f14ca93fb58b84af64f2d01421
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 3d78d7f9764960b2617df4f01eca862a
-      Version: 3
-      TBS:
-        MD5: 1f056ff7d5f874984dc605402b7cb042
-        SHA1: bdb348353a2203deb4b767914fa1bd7248dd728b
-        SHA256: a08e79c386083d875014c409c13d144e0a24386132980df11ff59737c8489eb1
-        SHA384: fa2729064b49e0d77540c1ee95d5f74acaf8eaf55197851a3a40383335f8113e51190bc48b552196edf8ac5cf0c89278
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    Signer:
-    - SerialNumber: 1834b81889070312b5c4ca72ea419a5e
-      Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 SHA256 Code Signing CA
-      Version: 1
-  Imphash: 700a9350ac8b218ab9fc62cf25337ad3
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 76934be6e996e801ea4d68c504d427c3
-    SHA1: b2e03d9e602a6026f45c08b686c6810abd43bfac
-    SHA256: 982ad43111d8b7a7900df652c8873eeb6aa485bb429dee6c2ad44acf598bb5e6
-  Company: Razer, Inc.
-  Copyright: Copyright (C) 2010-2017. Razer, Inc.
-  CreationTimestamp: '2017-07-16 13:10:48'
-  Date: ''
-  Description: Razer Overlay Support
-  ExportedFunctions: ''
-  FileVersion: 1.0.12.10155
-  Filename: ''
-  ImportedFunctions:
-  - IoAcquireCancelSpinLock
-  - IoReleaseCancelSpinLock
-  - ObReferenceObjectByHandle
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - KeAcquireGuardedMutex
-  - KeReleaseGuardedMutex
-  - RtlInitUnicodeString
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - PoStartNextPowerIrp
-  - IoDeleteDevice
-  - KeInitializeEvent
-  - PsSetCreateProcessNotifyRoutine
-  - PsSetCreateThreadNotifyRoutine
-  - PsRemoveCreateThreadNotifyRoutine
-  - ZwSetEvent
-  - _wcslwr
-  - wcsstr
-  - ZwClose
-  - KeSetEvent
-  - ZwWaitForSingleObject
-  - _purecall
-  - KeGetCurrentThread
-  - _vsnprintf
-  - swprintf
-  - PsLookupProcessByProcessId
-  - PsReferencePrimaryToken
-  - SeQueryInformationToken
-  - RtlLengthRequiredSid
-  - RtlInitializeSid
-  - RtlSubAuthoritySid
-  - RtlEqualSid
-  - PsDereferencePrimaryToken
-  - MmGetSystemRoutineAddress
-  - MmIsAddressValid
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - wcsrchr
-  - ZwOpenProcess
-  - PsLookupThreadByThreadId
-  - ObOpenObjectByPointer
-  - PsThreadType
-  - ZwCreateEvent
-  - PsGetCurrentProcessId
-  - ZwOpenProcessTokenEx
-  - ZwQueryInformationToken
-  - RtlSubAuthorityCountSid
-  - KeTickCount
-  - KeBugCheckEx
-  - ObfDereferenceObject
-  - sprintf
-  - IofCompleteRequest
-  - memcpy
-  - memset
-  - RtlUnwind
-  - KfAcquireSpinLock
-  - ExReleaseFastMutex
-  - ExAcquireFastMutex
-  - KfReleaseSpinLock
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: Rzpnk
-  MD5: 2e7d824a49d731da9fc96262a29c85ce
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: Rzpnk.sys
-  PDBPath: ''
-  Product: Rzpnk
-  ProductVersion: 1.0.12.10155
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 4a9a353a14ee7f23eb41b8a45b487e20
-    SHA1: 6c6a81d70919694d3abe35859966f0d320d0b3a3
-    SHA256: 89faf986a8af825587e8da0861c420dad1d83ce6bb17589fd1d397352352159c
-  SHA1: a4e2e227f984f344d48f4bf088ca9d020c63db4e
-  SHA256: 2665d3127ddd9411af38a255787a4e2483d720aa021be8d6418e071da52ed266
-  Sections:
-    .text:
-      Entropy: 6.13737056754944
-      Virtual Size: '0x3870'
-    .rdata:
-      Entropy: 0.7745929346692745
-      Virtual Size: '0x8b34'
-    .data:
-      Entropy: 0.16801126406945746
-      Virtual Size: '0x308'
-    PAGE:
-      Entropy: 4.500559089030644
-      Virtual Size: '0x69'
-    INIT:
-      Entropy: 5.53827735746872
-      Virtual Size: '0x676'
-    .rsrc:
-      Entropy: 3.335903976976208
-      Virtual Size: '0x348'
-    .reloc:
-      Entropy: 6.523525927018517
-      Virtual Size: '0x3dc'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=California, L=Irvine, O=Razer USA Ltd., CN=Razer USA Ltd.
-      ValidFrom: '2016-02-10 00:00:00'
-      ValidTo: '2019-02-07 23:59:59'
-      Signature: 06b8b8ab165538f61a5033c866556c0dd5e0f3ccc78633965b7feb8b012f312c40d09a3916370efd6a1747fa6c39c0de0be5226f7de748d11854a396dfcdfb31bdf572c2fa2561204ea01d2a076a197f89b7cb084d4cdd2c788195309cd507be6847667b2c00b74d94f53291c03201e23c363928968cbe4596649a671458d82001d22205c3d4f6beb5405247d9ad1ad832c12a96e7e557426d8fc85b0069b512354557b7e2124305c0171df610bea39f8dabb973e3fec041fbce781db485d88fa826f74f0e0810e62b63615404c2daeaa354fa3c73baafcd5daca7146f3afee8c30cb257f6b25843c5df2317c1d05a619e86e843c081169e0dfd5036cd19f9ef
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 1834b81889070312b5c4ca72ea419a5e
-      Version: 3
-      TBS:
-        MD5: 966e59fada7c527111ba61f0cafcb355
-        SHA1: d72efbe2c9127b91fffcfa0825dc16c9f7580e44
-        SHA256: 506eaba716a689df7e0bb57b6f41afea02cce8c4af4d2392e96bd2e1bf483528
-        SHA384: 0edb1fa0ccc2600fcd37358eb158fae5b72cc13fd3ff6cd0518aa6c780377dd5a7e39145784d4b9c595f163be613f2f1
-    - Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 SHA256 Code Signing CA
-      ValidFrom: '2013-12-10 00:00:00'
-      ValidTo: '2023-12-09 23:59:59'
-      Signature: 13851a1e69a937f7a0bda4af7e1d6153fe9d8c5e0ca6751e781723ddfdec1a035539fb7195c7655aa78e30d2445a61db706fda2105c22e73ba49f1d193fe5dc9cd5e03e0899e3f741ed7f7388ba9d6cfbb352f3358a89256d1c84d3b82e6798416fc28b0b147f31da23eee87d9a67fa456a53fad842e29de7cbca8aaa33d0401eaba93a20e502229174c87e43a115fd6a425899b056b2fb4c9014c277b0bac190522a060153fdac9fb4d4c8ffb726777fd2794c7ba350e8849fe8dfd28af4a12bd0db39705de440c15fa362b03dcc15001f1a1115d14e5e2bd274b54be2b845e0fa6c374050aef97c38922b11f77f3bdcd43d4f14ca93fb58b84af64f2d01421
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 3d78d7f9764960b2617df4f01eca862a
-      Version: 3
-      TBS:
-        MD5: 1f056ff7d5f874984dc605402b7cb042
-        SHA1: bdb348353a2203deb4b767914fa1bd7248dd728b
-        SHA256: a08e79c386083d875014c409c13d144e0a24386132980df11ff59737c8489eb1
-        SHA384: fa2729064b49e0d77540c1ee95d5f74acaf8eaf55197851a3a40383335f8113e51190bc48b552196edf8ac5cf0c89278
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    Signer:
-    - SerialNumber: 1834b81889070312b5c4ca72ea419a5e
-      Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 SHA256 Code Signing CA
-      Version: 1
-  Imphash: 700a9350ac8b218ab9fc62cf25337ad3
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 64c80e12a495fb117c5db8f0ab70dc91
-    SHA1: 39c687c1c70ea61e122ef145364fa123ddeb3383
-    SHA256: 3e28142ad02a1ac63ab86f97834321f30bb28e19d5c997bb0a13807ddb414c0e
-  Company: Razer, Inc.
-  Copyright: Copyright (C) 2010-2017. Razer, Inc.
-  CreationTimestamp: '2017-09-20 16:35:30'
-  Date: ''
-  Description: Razer Overlay Support
-  ExportedFunctions: ''
-  FileVersion: 1.0.12.10177
-  Filename: ''
-  ImportedFunctions:
-  - IofCompleteRequest
-  - ObfDereferenceObject
-  - ObfReferenceObject
-  - KeClearEvent
-  - KeWaitForSingleObject
-  - IoAcquireCancelSpinLock
-  - IoReleaseCancelSpinLock
-  - ObReferenceObjectByHandle
-  - ExEventObjectType
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - ExAcquireFastMutex
-  - ExReleaseFastMutex
-  - KeAcquireGuardedMutex
-  - KeReleaseGuardedMutex
-  - KeAcquireSpinLockRaiseToDpc
-  - KeReleaseSpinLock
-  - RtlInitUnicodeString
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - PsGetCurrentProcessId
-  - _wcslwr
-  - wcsstr
-  - PoStartNextPowerIrp
-  - ZwLoadDriver
-  - IoGetDeviceObjectPointer
-  - ZwUnloadDriver
-  - IoAttachDeviceToDeviceStack
-  - IoDeleteDevice
-  - KeInitializeEvent
-  - IofCallDriver
-  - PoCallDriver
-  - PsSetCreateProcessNotifyRoutine
-  - PsSetCreateThreadNotifyRoutine
-  - PsRemoveCreateThreadNotifyRoutine
-  - ZwSetEvent
-  - ZwClose
-  - KeSetEvent
-  - ZwWaitForSingleObject
-  - _purecall
-  - sprintf
-  - _vsnprintf
-  - DbgPrint
-  - swprintf
-  - KeInitializeGuardedMutex
-  - PsLookupProcessByProcessId
-  - PsReferencePrimaryToken
-  - SeQueryInformationToken
-  - RtlLengthRequiredSid
-  - RtlInitializeSid
-  - RtlSubAuthoritySid
-  - RtlEqualSid
-  - PsDereferencePrimaryToken
-  - MmGetSystemRoutineAddress
-  - MmIsAddressValid
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - wcsrchr
-  - ZwOpenProcess
-  - PsLookupThreadByThreadId
-  - ObOpenObjectByPointer
-  - PsThreadType
-  - ZwCreateEvent
-  - RtlInitString
-  - RtlCompareString
-  - ZwMapViewOfSection
-  - ZwOpenProcessTokenEx
-  - ZwQueryInformationToken
-  - RtlSubAuthorityCountSid
-  - KeBugCheckEx
-  - __C_specific_handler
-  Imports:
-  - ntoskrnl.exe
-  InternalName: Rzpnk
-  MD5: 3fda3d414c31ad73efd8ccceeaa3bdc2
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: Rzpnk.sys
-  PDBPath: ''
-  Product: Rzpnk
-  ProductVersion: 1.0.12.10177
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: ce0bfa21df06f7d3067953da829fe299
-    SHA1: 49f5fdf333898858dd7297603f3b2347a01e777d
-    SHA256: c059cad135868369281fd57e51cf8d64ac50e012ce54e3efb9321d8b519bd2dd
-  SHA1: 537923c633d8fc94d9ae45ad9d89e5346f581f17
-  SHA256: f15962354d37089884abba417f58e9dbd521569b4f69037a24a37cfc2a490672
-  Sections:
-    .text:
-      Entropy: 6.029574446422592
-      Virtual Size: '0x7a9e'
-    .rdata:
-      Entropy: 2.166400944027784
-      Virtual Size: '0x145cc'
-    .data:
-      Entropy: 0.15812764646865457
-      Virtual Size: '0x3e4'
-    .pdata:
-      Entropy: 4.867440310144845
-      Virtual Size: '0xcf0'
-    PAGE:
-      Entropy: 4.405262522641727
-      Virtual Size: '0x87'
-    INIT:
-      Entropy: 5.35429740385259
-      Virtual Size: '0x8e8'
-    .rsrc:
-      Entropy: 3.3372398450648846
-      Virtual Size: '0x348'
-    .reloc:
-      Entropy: 4.323516902746281
-      Virtual Size: '0x8c'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=California, L=Irvine, O=Razer USA Ltd., CN=Razer USA Ltd.
-      ValidFrom: '2016-02-10 00:00:00'
-      ValidTo: '2019-02-07 23:59:59'
-      Signature: 06b8b8ab165538f61a5033c866556c0dd5e0f3ccc78633965b7feb8b012f312c40d09a3916370efd6a1747fa6c39c0de0be5226f7de748d11854a396dfcdfb31bdf572c2fa2561204ea01d2a076a197f89b7cb084d4cdd2c788195309cd507be6847667b2c00b74d94f53291c03201e23c363928968cbe4596649a671458d82001d22205c3d4f6beb5405247d9ad1ad832c12a96e7e557426d8fc85b0069b512354557b7e2124305c0171df610bea39f8dabb973e3fec041fbce781db485d88fa826f74f0e0810e62b63615404c2daeaa354fa3c73baafcd5daca7146f3afee8c30cb257f6b25843c5df2317c1d05a619e86e843c081169e0dfd5036cd19f9ef
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 1834b81889070312b5c4ca72ea419a5e
-      Version: 3
-      TBS:
-        MD5: 966e59fada7c527111ba61f0cafcb355
-        SHA1: d72efbe2c9127b91fffcfa0825dc16c9f7580e44
-        SHA256: 506eaba716a689df7e0bb57b6f41afea02cce8c4af4d2392e96bd2e1bf483528
-        SHA384: 0edb1fa0ccc2600fcd37358eb158fae5b72cc13fd3ff6cd0518aa6c780377dd5a7e39145784d4b9c595f163be613f2f1
-    - Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 SHA256 Code Signing CA
-      ValidFrom: '2013-12-10 00:00:00'
-      ValidTo: '2023-12-09 23:59:59'
-      Signature: 13851a1e69a937f7a0bda4af7e1d6153fe9d8c5e0ca6751e781723ddfdec1a035539fb7195c7655aa78e30d2445a61db706fda2105c22e73ba49f1d193fe5dc9cd5e03e0899e3f741ed7f7388ba9d6cfbb352f3358a89256d1c84d3b82e6798416fc28b0b147f31da23eee87d9a67fa456a53fad842e29de7cbca8aaa33d0401eaba93a20e502229174c87e43a115fd6a425899b056b2fb4c9014c277b0bac190522a060153fdac9fb4d4c8ffb726777fd2794c7ba350e8849fe8dfd28af4a12bd0db39705de440c15fa362b03dcc15001f1a1115d14e5e2bd274b54be2b845e0fa6c374050aef97c38922b11f77f3bdcd43d4f14ca93fb58b84af64f2d01421
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 3d78d7f9764960b2617df4f01eca862a
-      Version: 3
-      TBS:
-        MD5: 1f056ff7d5f874984dc605402b7cb042
-        SHA1: bdb348353a2203deb4b767914fa1bd7248dd728b
-        SHA256: a08e79c386083d875014c409c13d144e0a24386132980df11ff59737c8489eb1
-        SHA384: fa2729064b49e0d77540c1ee95d5f74acaf8eaf55197851a3a40383335f8113e51190bc48b552196edf8ac5cf0c89278
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    Signer:
-    - SerialNumber: 1834b81889070312b5c4ca72ea419a5e
-      Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 SHA256 Code Signing CA
-      Version: 1
-  Imphash: 74081c86ad3e9771011f162c107927de
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 43ffd546261cc9a839107caae118b47e
-    SHA1: cd5db11f0d5aa7c13242e424463266d9cfd7be44
-    SHA256: 30d737a6da29ad2fe035c0a5f1f7a423a8cd96b8f3dc9885fe95ef3333478dd7
-  Company: Razer, Inc.
-  Copyright: Copyright (C) 2010-2014
-  CreationTimestamp: '2014-10-17 13:36:56'
-  Date: ''
-  Description: Razer Overlay Support
-  ExportedFunctions: ''
-  FileVersion: 1.0.12.3137
-  Filename: ''
-  ImportedFunctions:
-  - IoAcquireCancelSpinLock
-  - IoReleaseCancelSpinLock
-  - ObReferenceObjectByHandle
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - KeAcquireGuardedMutex
-  - KeReleaseGuardedMutex
-  - RtlInitUnicodeString
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - PoStartNextPowerIrp
-  - IoDeleteDevice
-  - KeInitializeEvent
-  - PsSetCreateProcessNotifyRoutine
-  - PsSetCreateThreadNotifyRoutine
-  - PsRemoveCreateThreadNotifyRoutine
-  - ZwSetEvent
-  - _wcslwr
-  - wcsstr
-  - ZwClose
-  - KeSetEvent
-  - ZwWaitForSingleObject
-  - _purecall
-  - KeGetCurrentThread
-  - sprintf
-  - _vsnprintf
-  - swprintf
-  - PsLookupProcessByProcessId
-  - PsReferencePrimaryToken
-  - SeQueryInformationToken
-  - RtlLengthRequiredSid
-  - RtlInitializeSid
-  - RtlSubAuthoritySid
-  - RtlEqualSid
-  - PsDereferencePrimaryToken
-  - MmGetSystemRoutineAddress
-  - MmIsAddressValid
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - wcsrchr
-  - ZwOpenProcess
-  - PsLookupThreadByThreadId
-  - ObOpenObjectByPointer
-  - PsThreadType
-  - ZwCreateEvent
-  - PsGetCurrentProcessId
-  - KeTickCount
-  - KeBugCheckEx
-  - ObfDereferenceObject
-  - IofCompleteRequest
-  - memset
-  - memcpy
-  - RtlUnwind
-  - KfAcquireSpinLock
-  - ExReleaseFastMutex
-  - ExAcquireFastMutex
-  - KfReleaseSpinLock
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: Rzpnk
-  MD5: 560069dc51d3cc7f9cf1f4e940f93cae
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: Rzpnk.sys
-  PDBPath: ''
-  Product: Rzpnk
-  ProductVersion: 1.0.12.3137
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: d057638b27154020a709184ba7727e65
-    SHA1: 5ef2028df0810ed9c5c6f0f98056403e8fbafccf
-    SHA256: c43d8b1564531353b120234c6056e59fb2254e04d1a7d775171952d29612fd57
-  SHA1: 1a83c8b63d675c940aaec10f70c0c7698e9b0165
-  SHA256: 16e2b071991b470a76dff4b6312d3c7e2133ad9ac4b6a62dda4e32281952fb23
-  Sections:
-    .text:
-      Entropy: 6.145469415830601
-      Virtual Size: '0x3606'
-    .rdata:
-      Entropy: 0.5345726604843702
-      Virtual Size: '0x10954'
-    .data:
-      Entropy: 5.3767156460043655
-      Virtual Size: '0x754'
-    PAGE:
-      Entropy: 4.549744862533889
-      Virtual Size: '0x6a'
-    INIT:
-      Entropy: 5.570949806092893
-      Virtual Size: '0x61e'
-    .rsrc:
-      Entropy: 3.308209327501646
-      Virtual Size: '0x328'
-    .reloc:
-      Entropy: 4.7243644582145805
-      Virtual Size: '0x5e0'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=KY, ST=Cayman Islands, L=George Town, O=Razer Inc., OU=Digital ID
-        Class 3 , Microsoft Software Validation v2, CN=Razer Inc.
-      ValidFrom: '2013-09-13 00:00:00'
-      ValidTo: '2016-08-02 23:59:59'
-      Signature: 7fed5fa5da7959a757624348c39cb82555cbfa8fef504c4f9240c1832d551fa464a0f36ce293c269028849708ded45320d843e52e6e0a5c45d4c048f1c61db7831aa29bee4524cf538db8d5e3e810af96c8a2b4e85c17e6c6eefe399d57722554303e99d8b81d546bc42f89165b7c44efba44b0d073ed1d1fcae1b17e61a8e3995b5c61e33bf7c0c4d540ab2b925bcb7141159fa8095912ecccf2ad734a6362981e0248b1765df2a8815904dddf5817d76a2f493fb505624e2cd4341a39d40a3a0247a9886642d4f2f87d768efb8f08f89192eef8b635d8b76f97a3e84dfb4f05e6b1d16adc6101b7b2869aa277f886be34571d4f3af59744d4132bf2e694dc4
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 4e4563adead3fedac7bd44ec5c590577
-      Version: 3
-      TBS:
-        MD5: 62e336c644b79eb95f869025a59a0814
-        SHA1: a2f3feca99242c7df87dbe3676a64c4dba12b76b
-        SHA256: 3b43e76a05117b0ee9c87f7b98005a1a4b804d633660c8e3a43d342ba9184e1b
-        SHA384: 06fa6279fc3c74eade44518adb2b1c269e30736e11ff02f8e3b1f4a3e55a9f0b07ec215f9654d579c25c90627809182c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 4e4563adead3fedac7bd44ec5c590577
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 805e4a267f9495e7c0c430d92b78f8bd
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 151f2aa65417bbb3563e02d1f60484dc
-    SHA1: 970bd6388867c86b786d4e218d1a6967d7304ee4
-    SHA256: 9d61963c098b07fa7ee6dba40f476fc5d2f16301d79a3e8554319d66c69404a9
-  Company: Razer, Inc.
-  Copyright: Copyright (C) 2010-2018. Razer, Inc.
-  CreationTimestamp: '2018-03-19 12:55:13'
-  Date: ''
-  Description: Razer Overlay Support
-  ExportedFunctions: ''
-  FileVersion: 1.0.12.10201
-  Filename: ''
-  ImportedFunctions:
-  - IofCompleteRequest
-  - ObfDereferenceObject
-  - ObfReferenceObject
-  - KeClearEvent
-  - KeWaitForSingleObject
-  - IoAcquireCancelSpinLock
-  - IoReleaseCancelSpinLock
-  - ObReferenceObjectByHandle
-  - ExEventObjectType
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - ExAcquireFastMutex
-  - ExReleaseFastMutex
-  - KeAcquireGuardedMutex
-  - KeReleaseGuardedMutex
-  - KeAcquireSpinLockRaiseToDpc
-  - KeReleaseSpinLock
-  - RtlInitUnicodeString
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - PsGetCurrentProcessId
-  - _wcslwr
-  - wcsstr
-  - PoStartNextPowerIrp
-  - ZwLoadDriver
-  - IoGetDeviceObjectPointer
-  - ZwUnloadDriver
-  - IoAttachDeviceToDeviceStack
-  - IoDeleteDevice
-  - KeInitializeEvent
-  - IofCallDriver
-  - PoCallDriver
-  - PsSetCreateProcessNotifyRoutine
-  - PsSetCreateThreadNotifyRoutine
-  - PsRemoveCreateThreadNotifyRoutine
-  - ZwSetEvent
-  - ZwClose
-  - KeSetEvent
-  - ZwWaitForSingleObject
-  - _purecall
-  - sprintf
-  - _vsnprintf
-  - DbgPrint
-  - swprintf
-  - KeInitializeGuardedMutex
-  - PsLookupProcessByProcessId
-  - PsReferencePrimaryToken
-  - SeQueryInformationToken
-  - RtlLengthRequiredSid
-  - RtlInitializeSid
-  - RtlSubAuthoritySid
-  - RtlEqualSid
-  - PsDereferencePrimaryToken
-  - MmGetSystemRoutineAddress
-  - MmIsAddressValid
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - wcsrchr
-  - ZwOpenProcess
-  - PsLookupThreadByThreadId
-  - ObOpenObjectByPointer
-  - PsThreadType
-  - ZwCreateEvent
-  - RtlInitString
-  - RtlCompareString
-  - ZwOpenProcessTokenEx
-  - ZwQueryInformationToken
-  - RtlSubAuthorityCountSid
-  - KeBugCheckEx
-  - __C_specific_handler
-  Imports:
-  - ntoskrnl.exe
-  InternalName: Rzpnk
-  MD5: 8de7dcade65a1f51605a076c1d2b3456
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: Rzpnk.sys
-  PDBPath: ''
-  Product: Rzpnk
-  ProductVersion: 1.0.12.10201
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 38005c498229dd5f64251bb3e57a40bf
-    SHA1: 3ddcef7c8b8f8eeaccbc11703dd94c7d300ba1a0
-    SHA256: 27973d74dd877714939b06ddea7c9cad50ac645cd8569f068dc78575c14e6704
-  SHA1: a95a126b539989e29e68969bfab16df291e7fa8a
-  SHA256: dafa4459d88a8ab738b003b70953e0780f6b8f09344ce3cd631af70c78310b53
-  Sections:
-    .text:
-      Entropy: 6.032294908964451
-      Virtual Size: '0x7a82'
-    .rdata:
-      Entropy: 2.158939241562336
-      Virtual Size: '0x14564'
-    .data:
-      Entropy: 0.15812764646865457
-      Virtual Size: '0x3e4'
-    .pdata:
-      Entropy: 4.8892997126668325
-      Virtual Size: '0xcf0'
-    PAGE:
-      Entropy: 4.405262522641727
-      Virtual Size: '0x87'
-    INIT:
-      Entropy: 5.339799543825723
-      Virtual Size: '0x8ca'
-    .rsrc:
-      Entropy: 3.327497519552929
-      Virtual Size: '0x348'
-    .reloc:
-      Entropy: 4.323516902746281
-      Virtual Size: '0x8c'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=California, L=Irvine, O=Razer USA Ltd., CN=Razer USA Ltd.
-      ValidFrom: '2016-02-10 00:00:00'
-      ValidTo: '2019-02-07 23:59:59'
-      Signature: 06b8b8ab165538f61a5033c866556c0dd5e0f3ccc78633965b7feb8b012f312c40d09a3916370efd6a1747fa6c39c0de0be5226f7de748d11854a396dfcdfb31bdf572c2fa2561204ea01d2a076a197f89b7cb084d4cdd2c788195309cd507be6847667b2c00b74d94f53291c03201e23c363928968cbe4596649a671458d82001d22205c3d4f6beb5405247d9ad1ad832c12a96e7e557426d8fc85b0069b512354557b7e2124305c0171df610bea39f8dabb973e3fec041fbce781db485d88fa826f74f0e0810e62b63615404c2daeaa354fa3c73baafcd5daca7146f3afee8c30cb257f6b25843c5df2317c1d05a619e86e843c081169e0dfd5036cd19f9ef
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 1834b81889070312b5c4ca72ea419a5e
-      Version: 3
-      TBS:
-        MD5: 966e59fada7c527111ba61f0cafcb355
-        SHA1: d72efbe2c9127b91fffcfa0825dc16c9f7580e44
-        SHA256: 506eaba716a689df7e0bb57b6f41afea02cce8c4af4d2392e96bd2e1bf483528
-        SHA384: 0edb1fa0ccc2600fcd37358eb158fae5b72cc13fd3ff6cd0518aa6c780377dd5a7e39145784d4b9c595f163be613f2f1
-    - Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 SHA256 Code Signing CA
-      ValidFrom: '2013-12-10 00:00:00'
-      ValidTo: '2023-12-09 23:59:59'
-      Signature: 13851a1e69a937f7a0bda4af7e1d6153fe9d8c5e0ca6751e781723ddfdec1a035539fb7195c7655aa78e30d2445a61db706fda2105c22e73ba49f1d193fe5dc9cd5e03e0899e3f741ed7f7388ba9d6cfbb352f3358a89256d1c84d3b82e6798416fc28b0b147f31da23eee87d9a67fa456a53fad842e29de7cbca8aaa33d0401eaba93a20e502229174c87e43a115fd6a425899b056b2fb4c9014c277b0bac190522a060153fdac9fb4d4c8ffb726777fd2794c7ba350e8849fe8dfd28af4a12bd0db39705de440c15fa362b03dcc15001f1a1115d14e5e2bd274b54be2b845e0fa6c374050aef97c38922b11f77f3bdcd43d4f14ca93fb58b84af64f2d01421
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 3d78d7f9764960b2617df4f01eca862a
-      Version: 3
-      TBS:
-        MD5: 1f056ff7d5f874984dc605402b7cb042
-        SHA1: bdb348353a2203deb4b767914fa1bd7248dd728b
-        SHA256: a08e79c386083d875014c409c13d144e0a24386132980df11ff59737c8489eb1
-        SHA384: fa2729064b49e0d77540c1ee95d5f74acaf8eaf55197851a3a40383335f8113e51190bc48b552196edf8ac5cf0c89278
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    Signer:
-    - SerialNumber: 1834b81889070312b5c4ca72ea419a5e
-      Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 SHA256 Code Signing CA
-      Version: 1
-  Imphash: 5192bc7311bdeb1f3977bdc0d2e943e4
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 700c4e80369a63127263fb1702bbe07b
-    SHA1: d6729e750660410644fb73361bc7113523a70c05
-    SHA256: 7070ee6dd615538ca6a701e7bdc2c23a19b84ae8ca5f9edc6307fef47eb05abb
-  Company: Razer, Inc.
-  Copyright: Copyright (C) 2010-2014
-  CreationTimestamp: '2016-05-19 15:08:25'
-  Date: ''
-  Description: Razer Overlay Support
-  ExportedFunctions: ''
-  FileVersion: 1.0.12.9986
-  Filename: ''
-  ImportedFunctions:
-  - IoAcquireCancelSpinLock
-  - IoReleaseCancelSpinLock
-  - ObReferenceObjectByHandle
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - KeAcquireGuardedMutex
-  - KeReleaseGuardedMutex
-  - RtlInitUnicodeString
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - PoStartNextPowerIrp
-  - IoDeleteDevice
-  - KeInitializeEvent
-  - PsSetCreateProcessNotifyRoutine
-  - PsSetCreateThreadNotifyRoutine
-  - PsRemoveCreateThreadNotifyRoutine
-  - ZwSetEvent
-  - _wcslwr
-  - wcsstr
-  - ZwClose
-  - KeSetEvent
-  - ZwWaitForSingleObject
-  - _purecall
-  - KeGetCurrentThread
-  - sprintf
-  - _vsnprintf
-  - swprintf
-  - PsLookupProcessByProcessId
-  - PsReferencePrimaryToken
-  - SeQueryInformationToken
-  - RtlLengthRequiredSid
-  - RtlInitializeSid
-  - RtlSubAuthoritySid
-  - RtlEqualSid
-  - PsDereferencePrimaryToken
-  - MmGetSystemRoutineAddress
-  - MmIsAddressValid
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - wcsrchr
-  - ZwOpenProcess
-  - PsLookupThreadByThreadId
-  - ObOpenObjectByPointer
-  - PsThreadType
-  - ZwCreateEvent
-  - ZwMapViewOfSection
-  - KeTickCount
-  - KeBugCheckEx
-  - ObfDereferenceObject
-  - IofCompleteRequest
-  - memcpy
-  - memset
-  - RtlUnwind
-  - KfAcquireSpinLock
-  - ExReleaseFastMutex
-  - ExAcquireFastMutex
-  - KfReleaseSpinLock
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: Rzpnk
-  MD5: 4e92f1c677e08fd09b57032c5b47ca46
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: Rzpnk.sys
-  PDBPath: ''
-  Product: Rzpnk
-  ProductVersion: 1.0.12.9986
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: c723c2141747136a803cc8d5df9b0e9c
-    SHA1: ab3959e0fa2376ebca63456374e4454a4d711ec1
-    SHA256: 4d91707d4f7a8f5cbedd69ff24b76a642fe430fa85657e0622340935b9806df5
-  SHA1: 6e191d72b980c8f08a0f60efa01f0b5bf3b34afb
-  SHA256: ad8fd8300ed375e22463cea8767f68857d9a3b0ff8585fbeb60acef89bf4a7d7
-  Sections:
-    .text:
-      Entropy: 6.114856649345834
-      Virtual Size: '0x3670'
-    .rdata:
-      Entropy: 0.751113745545077
-      Virtual Size: '0x8ac4'
-    .data:
-      Entropy: 0.16801126406945746
-      Virtual Size: '0x308'
-    PAGE:
-      Entropy: 4.450605636670296
-      Virtual Size: '0x69'
-    INIT:
-      Entropy: 5.5079261670391375
-      Virtual Size: '0x61c'
-    .rsrc:
-      Entropy: 3.306152731455725
-      Virtual Size: '0x328'
-    .reloc:
-      Entropy: 6.471599422357952
-      Virtual Size: '0x3d4'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=California, L=Irvine, O=Razer USA Ltd., CN=Razer USA Ltd.
-      ValidFrom: '2016-02-10 00:00:00'
-      ValidTo: '2019-02-07 23:59:59'
-      Signature: 06b8b8ab165538f61a5033c866556c0dd5e0f3ccc78633965b7feb8b012f312c40d09a3916370efd6a1747fa6c39c0de0be5226f7de748d11854a396dfcdfb31bdf572c2fa2561204ea01d2a076a197f89b7cb084d4cdd2c788195309cd507be6847667b2c00b74d94f53291c03201e23c363928968cbe4596649a671458d82001d22205c3d4f6beb5405247d9ad1ad832c12a96e7e557426d8fc85b0069b512354557b7e2124305c0171df610bea39f8dabb973e3fec041fbce781db485d88fa826f74f0e0810e62b63615404c2daeaa354fa3c73baafcd5daca7146f3afee8c30cb257f6b25843c5df2317c1d05a619e86e843c081169e0dfd5036cd19f9ef
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 1834b81889070312b5c4ca72ea419a5e
-      Version: 3
-      TBS:
-        MD5: 966e59fada7c527111ba61f0cafcb355
-        SHA1: d72efbe2c9127b91fffcfa0825dc16c9f7580e44
-        SHA256: 506eaba716a689df7e0bb57b6f41afea02cce8c4af4d2392e96bd2e1bf483528
-        SHA384: 0edb1fa0ccc2600fcd37358eb158fae5b72cc13fd3ff6cd0518aa6c780377dd5a7e39145784d4b9c595f163be613f2f1
-    - Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 SHA256 Code Signing CA
-      ValidFrom: '2013-12-10 00:00:00'
-      ValidTo: '2023-12-09 23:59:59'
-      Signature: 13851a1e69a937f7a0bda4af7e1d6153fe9d8c5e0ca6751e781723ddfdec1a035539fb7195c7655aa78e30d2445a61db706fda2105c22e73ba49f1d193fe5dc9cd5e03e0899e3f741ed7f7388ba9d6cfbb352f3358a89256d1c84d3b82e6798416fc28b0b147f31da23eee87d9a67fa456a53fad842e29de7cbca8aaa33d0401eaba93a20e502229174c87e43a115fd6a425899b056b2fb4c9014c277b0bac190522a060153fdac9fb4d4c8ffb726777fd2794c7ba350e8849fe8dfd28af4a12bd0db39705de440c15fa362b03dcc15001f1a1115d14e5e2bd274b54be2b845e0fa6c374050aef97c38922b11f77f3bdcd43d4f14ca93fb58b84af64f2d01421
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 3d78d7f9764960b2617df4f01eca862a
-      Version: 3
-      TBS:
-        MD5: 1f056ff7d5f874984dc605402b7cb042
-        SHA1: bdb348353a2203deb4b767914fa1bd7248dd728b
-        SHA256: a08e79c386083d875014c409c13d144e0a24386132980df11ff59737c8489eb1
-        SHA384: fa2729064b49e0d77540c1ee95d5f74acaf8eaf55197851a3a40383335f8113e51190bc48b552196edf8ac5cf0c89278
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    Signer:
-    - SerialNumber: 1834b81889070312b5c4ca72ea419a5e
-      Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 SHA256 Code Signing CA
-      Version: 1
-  Imphash: 42e3f2ffa29901e572f2df03cb872159
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 78276d9e5e7111419e997b4ea0dc0bcc
-    SHA1: 876a391320ff8b3e545c53bb933d6afd8ace66e6
-    SHA256: a9e0f35da47fe91d887a28a0670d8e79ceef7c61ff6d9af3d0568a9737fe0673
-  Company: Razer, Inc.
-  Copyright: Copyright (C) 2010-2014
-  CreationTimestamp: '2015-05-28 13:22:11'
-  Date: ''
-  Description: Razer Overlay Support
-  ExportedFunctions: ''
-  FileVersion: 1.0.12.6087
-  Filename: ''
-  ImportedFunctions:
-  - IofCompleteRequest
-  - ObfDereferenceObject
-  - ObfReferenceObject
-  - KeClearEvent
-  - KeWaitForSingleObject
-  - IoAcquireCancelSpinLock
-  - IoReleaseCancelSpinLock
-  - ObReferenceObjectByHandle
-  - ExEventObjectType
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - ExAcquireFastMutex
-  - ExReleaseFastMutex
-  - KeAcquireGuardedMutex
-  - KeReleaseGuardedMutex
-  - KeAcquireSpinLockRaiseToDpc
-  - KeReleaseSpinLock
-  - RtlInitUnicodeString
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - PoStartNextPowerIrp
-  - ZwLoadDriver
-  - IoGetDeviceObjectPointer
-  - ZwUnloadDriver
-  - IoAttachDeviceToDeviceStack
-  - IoDeleteDevice
-  - KeInitializeEvent
-  - IofCallDriver
-  - PoCallDriver
-  - PsSetCreateProcessNotifyRoutine
-  - PsSetCreateThreadNotifyRoutine
-  - PsRemoveCreateThreadNotifyRoutine
-  - ZwSetEvent
-  - _wcslwr
-  - wcsstr
-  - ZwClose
-  - KeSetEvent
-  - ZwWaitForSingleObject
-  - _purecall
-  - sprintf
-  - _vsnprintf
-  - DbgPrint
-  - swprintf
-  - KeInitializeGuardedMutex
-  - PsLookupProcessByProcessId
-  - PsReferencePrimaryToken
-  - SeQueryInformationToken
-  - RtlLengthRequiredSid
-  - RtlInitializeSid
-  - RtlSubAuthoritySid
-  - RtlEqualSid
-  - PsDereferencePrimaryToken
-  - MmGetSystemRoutineAddress
-  - MmIsAddressValid
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - wcsrchr
-  - ZwOpenProcess
-  - PsLookupThreadByThreadId
-  - ObOpenObjectByPointer
-  - PsThreadType
-  - ZwCreateEvent
-  - PsGetCurrentProcessId
-  - RtlInitString
-  - RtlCompareString
-  - KeBugCheckEx
-  - __C_specific_handler
-  Imports:
-  - ntoskrnl.exe
-  InternalName: Rzpnk
-  MD5: 288471f132c7249f598032d03575f083
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: Rzpnk.sys
-  PDBPath: ''
-  Product: Rzpnk
-  ProductVersion: 1.0.12.6087
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 6f46839d81ff1d1b3e509d134f95c5a9
-    SHA1: 987e1f687c75f4e3bd6377359b2ed6b71e16b88e
-    SHA256: 011d63cf6e09f148f628424ead77cac9969f196a4bb773e8fbd60ab9b41d8c93
-  SHA1: 3fbe337b6ed1a1a63ae8b4240c01bd68ed531674
-  SHA256: 9e3430d5e0e93bc4a5dccc985053912065e65722bfc2eaf431bc1da91410434c
-  Sections:
-    .text:
-      Entropy: 5.9988823890417375
-      Virtual Size: '0x7360'
-    .rdata:
-      Entropy: 2.024740490753228
-      Virtual Size: '0x13f2c'
-    .data:
-      Entropy: 4.883228407116594
-      Virtual Size: '0x84c'
-    .pdata:
-      Entropy: 4.849576987895292
-      Virtual Size: '0xce4'
-    PAGE:
-      Entropy: 4.375632893012098
-      Virtual Size: '0x87'
-    INIT:
-      Entropy: 5.335573695740321
-      Virtual Size: '0x866'
-    .rsrc:
-      Entropy: 3.3151233781057714
-      Virtual Size: '0x328'
-    .reloc:
-      Entropy: 2.1849334100920914
-      Virtual Size: '0x1a4'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=KY, ST=Cayman Islands, L=George Town, O=Razer Inc., OU=Digital ID
-        Class 3 , Microsoft Software Validation v2, CN=Razer Inc.
-      ValidFrom: '2013-09-13 00:00:00'
-      ValidTo: '2016-08-02 23:59:59'
-      Signature: 7fed5fa5da7959a757624348c39cb82555cbfa8fef504c4f9240c1832d551fa464a0f36ce293c269028849708ded45320d843e52e6e0a5c45d4c048f1c61db7831aa29bee4524cf538db8d5e3e810af96c8a2b4e85c17e6c6eefe399d57722554303e99d8b81d546bc42f89165b7c44efba44b0d073ed1d1fcae1b17e61a8e3995b5c61e33bf7c0c4d540ab2b925bcb7141159fa8095912ecccf2ad734a6362981e0248b1765df2a8815904dddf5817d76a2f493fb505624e2cd4341a39d40a3a0247a9886642d4f2f87d768efb8f08f89192eef8b635d8b76f97a3e84dfb4f05e6b1d16adc6101b7b2869aa277f886be34571d4f3af59744d4132bf2e694dc4
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 4e4563adead3fedac7bd44ec5c590577
-      Version: 3
-      TBS:
-        MD5: 62e336c644b79eb95f869025a59a0814
-        SHA1: a2f3feca99242c7df87dbe3676a64c4dba12b76b
-        SHA256: 3b43e76a05117b0ee9c87f7b98005a1a4b804d633660c8e3a43d342ba9184e1b
-        SHA384: 06fa6279fc3c74eade44518adb2b1c269e30736e11ff02f8e3b1f4a3e55a9f0b07ec215f9654d579c25c90627809182c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 4e4563adead3fedac7bd44ec5c590577
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: dd7c5c0c762169d40ee01280e4ac74fc
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 13d7aa7733e7db4e391dba54f3f4b61f
-    SHA1: d466b8fa00d2fdd9834d5d3bafdf8cbc0ccf139c
-    SHA256: bedb1e28fd1cdf391edc859c58cb318a9ab686f254195246909b245e7aaf7669
-  Company: Razer, Inc.
-  Copyright: Copyright (C) 2010-2018. Razer, Inc.
-  CreationTimestamp: '2018-03-19 12:54:13'
-  Date: ''
-  Description: Razer Overlay Support
-  ExportedFunctions: ''
-  FileVersion: 1.0.12.10201
-  Filename: ''
-  ImportedFunctions:
-  - IoAcquireCancelSpinLock
-  - IoReleaseCancelSpinLock
-  - ObReferenceObjectByHandle
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - KeAcquireGuardedMutex
-  - KeReleaseGuardedMutex
-  - RtlInitUnicodeString
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - PsGetCurrentProcessId
-  - _wcslwr
-  - wcsstr
-  - PoStartNextPowerIrp
-  - IoDeleteDevice
-  - KeInitializeEvent
-  - PsSetCreateProcessNotifyRoutine
-  - PsSetCreateThreadNotifyRoutine
-  - PsRemoveCreateThreadNotifyRoutine
-  - ZwSetEvent
-  - ZwClose
-  - KeSetEvent
-  - ZwWaitForSingleObject
-  - _purecall
-  - KeGetCurrentThread
-  - sprintf
-  - _vsnprintf
-  - swprintf
-  - PsLookupProcessByProcessId
-  - PsReferencePrimaryToken
-  - SeQueryInformationToken
-  - RtlLengthRequiredSid
-  - RtlInitializeSid
-  - RtlSubAuthoritySid
-  - RtlEqualSid
-  - PsDereferencePrimaryToken
-  - MmGetSystemRoutineAddress
-  - MmIsAddressValid
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - wcsrchr
-  - ZwOpenProcess
-  - PsLookupThreadByThreadId
-  - ObOpenObjectByPointer
-  - PsThreadType
-  - ZwCreateEvent
-  - KeTickCount
-  - KeBugCheckEx
-  - ObfDereferenceObject
-  - IofCompleteRequest
-  - memcpy
-  - memset
-  - RtlUnwind
-  - KfAcquireSpinLock
-  - ExReleaseFastMutex
-  - ExAcquireFastMutex
-  - KfReleaseSpinLock
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: Rzpnk
-  MD5: f5e6ef0dcbb3d4a608e9e0bba4d80d0a
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: Rzpnk.sys
-  PDBPath: ''
-  Product: Rzpnk
-  ProductVersion: 1.0.12.10201
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 74246c83ad31479ca2853d2303658a0b
-    SHA1: 52345554a866b72e0e63cad68915f73877138d99
-    SHA256: 03ea97d4e2a7432508634ad865d3ec46fc3bf05c92874ae57fb5cfeacced2b2b
-  SHA1: 58ebfb7de214ee09f6bf71c8cc9c139dd4c8b016
-  SHA256: 46d1dc89cc5fa327e7adf3e3d6d498657240772b85548c17d2e356aac193dd28
-  Sections:
-    .text:
-      Entropy: 6.1267659551337
-      Virtual Size: '0x3888'
-    .rdata:
-      Entropy: 0.7774911680764585
-      Virtual Size: '0x8b54'
-    .data:
-      Entropy: 0.16801126406945746
-      Virtual Size: '0x308'
-    PAGE:
-      Entropy: 4.345324837503696
-      Virtual Size: '0x69'
-    INIT:
-      Entropy: 5.5036715965307845
-      Virtual Size: '0x61e'
-    .rsrc:
-      Entropy: 3.321864460423256
-      Virtual Size: '0x348'
-    .reloc:
-      Entropy: 6.534717310120353
-      Virtual Size: '0x3d8'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=California, L=Irvine, O=Razer USA Ltd., CN=Razer USA Ltd.
-      ValidFrom: '2016-02-10 00:00:00'
-      ValidTo: '2019-02-07 23:59:59'
-      Signature: 06b8b8ab165538f61a5033c866556c0dd5e0f3ccc78633965b7feb8b012f312c40d09a3916370efd6a1747fa6c39c0de0be5226f7de748d11854a396dfcdfb31bdf572c2fa2561204ea01d2a076a197f89b7cb084d4cdd2c788195309cd507be6847667b2c00b74d94f53291c03201e23c363928968cbe4596649a671458d82001d22205c3d4f6beb5405247d9ad1ad832c12a96e7e557426d8fc85b0069b512354557b7e2124305c0171df610bea39f8dabb973e3fec041fbce781db485d88fa826f74f0e0810e62b63615404c2daeaa354fa3c73baafcd5daca7146f3afee8c30cb257f6b25843c5df2317c1d05a619e86e843c081169e0dfd5036cd19f9ef
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 1834b81889070312b5c4ca72ea419a5e
-      Version: 3
-      TBS:
-        MD5: 966e59fada7c527111ba61f0cafcb355
-        SHA1: d72efbe2c9127b91fffcfa0825dc16c9f7580e44
-        SHA256: 506eaba716a689df7e0bb57b6f41afea02cce8c4af4d2392e96bd2e1bf483528
-        SHA384: 0edb1fa0ccc2600fcd37358eb158fae5b72cc13fd3ff6cd0518aa6c780377dd5a7e39145784d4b9c595f163be613f2f1
-    - Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 SHA256 Code Signing CA
-      ValidFrom: '2013-12-10 00:00:00'
-      ValidTo: '2023-12-09 23:59:59'
-      Signature: 13851a1e69a937f7a0bda4af7e1d6153fe9d8c5e0ca6751e781723ddfdec1a035539fb7195c7655aa78e30d2445a61db706fda2105c22e73ba49f1d193fe5dc9cd5e03e0899e3f741ed7f7388ba9d6cfbb352f3358a89256d1c84d3b82e6798416fc28b0b147f31da23eee87d9a67fa456a53fad842e29de7cbca8aaa33d0401eaba93a20e502229174c87e43a115fd6a425899b056b2fb4c9014c277b0bac190522a060153fdac9fb4d4c8ffb726777fd2794c7ba350e8849fe8dfd28af4a12bd0db39705de440c15fa362b03dcc15001f1a1115d14e5e2bd274b54be2b845e0fa6c374050aef97c38922b11f77f3bdcd43d4f14ca93fb58b84af64f2d01421
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 3d78d7f9764960b2617df4f01eca862a
-      Version: 3
-      TBS:
-        MD5: 1f056ff7d5f874984dc605402b7cb042
-        SHA1: bdb348353a2203deb4b767914fa1bd7248dd728b
-        SHA256: a08e79c386083d875014c409c13d144e0a24386132980df11ff59737c8489eb1
-        SHA384: fa2729064b49e0d77540c1ee95d5f74acaf8eaf55197851a3a40383335f8113e51190bc48b552196edf8ac5cf0c89278
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    Signer:
-    - SerialNumber: 1834b81889070312b5c4ca72ea419a5e
-      Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 SHA256 Code Signing CA
-      Version: 1
-  Imphash: d67b7c7501e5261df5e66b3219fa52ee
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 49143ee3e5fc7193b0826428979792c8
-    SHA1: 2fa99a65d8992e07ac5af3a935861b493669d870
-    SHA256: e269b4cb9df863c31ae13012429f67a0f3cd81481025d35ce6531b33b63b5976
-  Company: Razer, Inc.
-  Copyright: Copyright (C) 2010-2017. Razer, Inc.
-  CreationTimestamp: '2017-09-20 16:34:31'
-  Date: ''
-  Description: Razer Overlay Support
-  ExportedFunctions: ''
-  FileVersion: 1.0.12.10177
-  Filename: ''
-  ImportedFunctions:
-  - IoAcquireCancelSpinLock
-  - IoReleaseCancelSpinLock
-  - ObReferenceObjectByHandle
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - KeAcquireGuardedMutex
-  - KeReleaseGuardedMutex
-  - RtlInitUnicodeString
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - PsGetCurrentProcessId
-  - _wcslwr
-  - wcsstr
-  - PoStartNextPowerIrp
-  - IoDeleteDevice
-  - KeInitializeEvent
-  - PsSetCreateProcessNotifyRoutine
-  - PsSetCreateThreadNotifyRoutine
-  - PsRemoveCreateThreadNotifyRoutine
-  - ZwSetEvent
-  - ZwClose
-  - KeSetEvent
-  - ZwWaitForSingleObject
-  - _purecall
-  - sprintf
-  - _vsnprintf
-  - swprintf
-  - PsLookupProcessByProcessId
-  - PsReferencePrimaryToken
-  - SeQueryInformationToken
-  - RtlLengthRequiredSid
-  - RtlInitializeSid
-  - RtlSubAuthoritySid
-  - RtlEqualSid
-  - PsDereferencePrimaryToken
-  - MmGetSystemRoutineAddress
-  - MmIsAddressValid
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - wcsrchr
-  - ZwOpenProcess
-  - PsLookupThreadByThreadId
-  - ObOpenObjectByPointer
-  - PsThreadType
-  - ZwCreateEvent
-  - KeTickCount
-  - KeBugCheckEx
-  - ObfDereferenceObject
-  - KeGetCurrentThread
-  - IofCompleteRequest
-  - memcpy
-  - memset
-  - RtlUnwind
-  - KfAcquireSpinLock
-  - ExReleaseFastMutex
-  - ExAcquireFastMutex
-  - KfReleaseSpinLock
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: Rzpnk
-  MD5: 36527fdb70ed6f74b70a98129f82ad62
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: Rzpnk.sys
-  PDBPath: ''
-  Product: Rzpnk
-  ProductVersion: 1.0.12.10177
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 4a9a353a14ee7f23eb41b8a45b487e20
-    SHA1: 6c6a81d70919694d3abe35859966f0d320d0b3a3
-    SHA256: 89faf986a8af825587e8da0861c420dad1d83ce6bb17589fd1d397352352159c
-  SHA1: 986c1fdfe7c9731f4de15680a475a72cf2245121
-  SHA256: 9fa120bda98633e30480d8475c9ac6637470c4ca7c63763560bf869138091b01
-  Sections:
-    .text:
-      Entropy: 6.128458524856704
-      Virtual Size: '0x3878'
-    .rdata:
-      Entropy: 0.7781386812218317
-      Virtual Size: '0x8b54'
-    .data:
-      Entropy: 0.16801126406945746
-      Virtual Size: '0x308'
-    PAGE:
-      Entropy: 4.455274446152897
-      Virtual Size: '0x69'
-    INIT:
-      Entropy: 5.513410336591057
-      Virtual Size: '0x61e'
-    .rsrc:
-      Entropy: 3.331606785935212
-      Virtual Size: '0x348'
-    .reloc:
-      Entropy: 6.56214856252232
-      Virtual Size: '0x3d8'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=California, L=Irvine, O=Razer USA Ltd., CN=Razer USA Ltd.
-      ValidFrom: '2016-02-10 00:00:00'
-      ValidTo: '2019-02-07 23:59:59'
-      Signature: 06b8b8ab165538f61a5033c866556c0dd5e0f3ccc78633965b7feb8b012f312c40d09a3916370efd6a1747fa6c39c0de0be5226f7de748d11854a396dfcdfb31bdf572c2fa2561204ea01d2a076a197f89b7cb084d4cdd2c788195309cd507be6847667b2c00b74d94f53291c03201e23c363928968cbe4596649a671458d82001d22205c3d4f6beb5405247d9ad1ad832c12a96e7e557426d8fc85b0069b512354557b7e2124305c0171df610bea39f8dabb973e3fec041fbce781db485d88fa826f74f0e0810e62b63615404c2daeaa354fa3c73baafcd5daca7146f3afee8c30cb257f6b25843c5df2317c1d05a619e86e843c081169e0dfd5036cd19f9ef
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 1834b81889070312b5c4ca72ea419a5e
-      Version: 3
-      TBS:
-        MD5: 966e59fada7c527111ba61f0cafcb355
-        SHA1: d72efbe2c9127b91fffcfa0825dc16c9f7580e44
-        SHA256: 506eaba716a689df7e0bb57b6f41afea02cce8c4af4d2392e96bd2e1bf483528
-        SHA384: 0edb1fa0ccc2600fcd37358eb158fae5b72cc13fd3ff6cd0518aa6c780377dd5a7e39145784d4b9c595f163be613f2f1
-    - Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 SHA256 Code Signing CA
-      ValidFrom: '2013-12-10 00:00:00'
-      ValidTo: '2023-12-09 23:59:59'
-      Signature: 13851a1e69a937f7a0bda4af7e1d6153fe9d8c5e0ca6751e781723ddfdec1a035539fb7195c7655aa78e30d2445a61db706fda2105c22e73ba49f1d193fe5dc9cd5e03e0899e3f741ed7f7388ba9d6cfbb352f3358a89256d1c84d3b82e6798416fc28b0b147f31da23eee87d9a67fa456a53fad842e29de7cbca8aaa33d0401eaba93a20e502229174c87e43a115fd6a425899b056b2fb4c9014c277b0bac190522a060153fdac9fb4d4c8ffb726777fd2794c7ba350e8849fe8dfd28af4a12bd0db39705de440c15fa362b03dcc15001f1a1115d14e5e2bd274b54be2b845e0fa6c374050aef97c38922b11f77f3bdcd43d4f14ca93fb58b84af64f2d01421
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 3d78d7f9764960b2617df4f01eca862a
-      Version: 3
-      TBS:
-        MD5: 1f056ff7d5f874984dc605402b7cb042
-        SHA1: bdb348353a2203deb4b767914fa1bd7248dd728b
-        SHA256: a08e79c386083d875014c409c13d144e0a24386132980df11ff59737c8489eb1
-        SHA384: fa2729064b49e0d77540c1ee95d5f74acaf8eaf55197851a3a40383335f8113e51190bc48b552196edf8ac5cf0c89278
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    Signer:
-    - SerialNumber: 1834b81889070312b5c4ca72ea419a5e
-      Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 SHA256 Code Signing CA
-      Version: 1
-  Imphash: 7fb9382c0d754d5aac897d7a3e72b10c
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 3b53b1da67c8917786be48c57c6a2db1
-    SHA1: b2aac760470a4575bc0f6508179ed32d7c37a5d9
-    SHA256: 39789a159c1196255f1b6d83e23af4082fd4cffe2662e40b71631b4e2e4bc05d
-  Company: Razer, Inc.
-  Copyright: Copyright (C) 2010-2017. Razer, Inc.
-  CreationTimestamp: '2017-07-16 13:12:07'
-  Date: ''
-  Description: Razer Overlay Support
-  ExportedFunctions: ''
-  FileVersion: 1.0.12.10155
-  Filename: ''
-  ImportedFunctions:
-  - IofCompleteRequest
-  - ObfDereferenceObject
-  - ObfReferenceObject
-  - KeClearEvent
-  - KeWaitForSingleObject
-  - IoAcquireCancelSpinLock
-  - IoReleaseCancelSpinLock
-  - ObReferenceObjectByHandle
-  - ExEventObjectType
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - ExAcquireFastMutex
-  - ExReleaseFastMutex
-  - KeAcquireGuardedMutex
-  - KeReleaseGuardedMutex
-  - KeAcquireSpinLockRaiseToDpc
-  - KeReleaseSpinLock
-  - RtlInitUnicodeString
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - PoStartNextPowerIrp
-  - ZwLoadDriver
-  - IoGetDeviceObjectPointer
-  - ZwUnloadDriver
-  - IoAttachDeviceToDeviceStack
-  - IoDeleteDevice
-  - KeInitializeEvent
-  - IofCallDriver
-  - PoCallDriver
-  - PsSetCreateProcessNotifyRoutine
-  - PsSetCreateThreadNotifyRoutine
-  - PsRemoveCreateThreadNotifyRoutine
-  - ZwSetEvent
-  - _wcslwr
-  - wcsstr
-  - ZwClose
-  - KeSetEvent
-  - ZwWaitForSingleObject
-  - _purecall
-  - sprintf
-  - _vsnprintf
-  - DbgPrint
-  - swprintf
-  - KeInitializeGuardedMutex
-  - PsLookupProcessByProcessId
-  - PsReferencePrimaryToken
-  - SeQueryInformationToken
-  - RtlLengthRequiredSid
-  - RtlInitializeSid
-  - RtlSubAuthoritySid
-  - RtlEqualSid
-  - PsDereferencePrimaryToken
-  - MmGetSystemRoutineAddress
-  - MmIsAddressValid
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - wcsrchr
-  - ZwOpenProcess
-  - PsLookupThreadByThreadId
-  - ObOpenObjectByPointer
-  - PsThreadType
-  - ZwCreateEvent
-  - PsGetCurrentProcessId
-  - RtlInitString
-  - RtlCompareString
-  - ZwMapViewOfSection
-  - ZwOpenProcessTokenEx
-  - ZwQueryInformationToken
-  - RtlSubAuthorityCountSid
-  - KeBugCheckEx
-  - __C_specific_handler
-  Imports:
-  - ntoskrnl.exe
-  InternalName: Rzpnk
-  MD5: 935a7df222f19ac532e831e6bf9e8e45
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: Rzpnk.sys
-  PDBPath: ''
-  Product: Rzpnk
-  ProductVersion: 1.0.12.10155
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: ce0bfa21df06f7d3067953da829fe299
-    SHA1: 49f5fdf333898858dd7297603f3b2347a01e777d
-    SHA256: c059cad135868369281fd57e51cf8d64ac50e012ce54e3efb9321d8b519bd2dd
-  SHA1: a6aa7926aa46beaf9882a93053536b75ef2c7536
-  SHA256: 567809308cfb72d59b89364a6475f34a912d03889aa50866803ac3d0bf2c3270
-  Sections:
-    .text:
-      Entropy: 6.029813362546066
-      Virtual Size: '0x797e'
-    .rdata:
-      Entropy: 2.1638565406792596
-      Virtual Size: '0x1457c'
-    .data:
-      Entropy: 0.15812764646865457
-      Virtual Size: '0x3e4'
-    .pdata:
-      Entropy: 4.86837045917237
-      Virtual Size: '0xcf0'
-    PAGE:
-      Entropy: 4.405262522641727
-      Virtual Size: '0x87'
-    INIT:
-      Entropy: 5.362469333828446
-      Virtual Size: '0x8e8'
-    .rsrc:
-      Entropy: 3.3415370361058807
-      Virtual Size: '0x348'
-    .reloc:
-      Entropy: 4.425570968528865
-      Virtual Size: '0x8c'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=California, L=Irvine, O=Razer USA Ltd., CN=Razer USA Ltd.
-      ValidFrom: '2016-02-10 00:00:00'
-      ValidTo: '2019-02-07 23:59:59'
-      Signature: 06b8b8ab165538f61a5033c866556c0dd5e0f3ccc78633965b7feb8b012f312c40d09a3916370efd6a1747fa6c39c0de0be5226f7de748d11854a396dfcdfb31bdf572c2fa2561204ea01d2a076a197f89b7cb084d4cdd2c788195309cd507be6847667b2c00b74d94f53291c03201e23c363928968cbe4596649a671458d82001d22205c3d4f6beb5405247d9ad1ad832c12a96e7e557426d8fc85b0069b512354557b7e2124305c0171df610bea39f8dabb973e3fec041fbce781db485d88fa826f74f0e0810e62b63615404c2daeaa354fa3c73baafcd5daca7146f3afee8c30cb257f6b25843c5df2317c1d05a619e86e843c081169e0dfd5036cd19f9ef
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 1834b81889070312b5c4ca72ea419a5e
-      Version: 3
-      TBS:
-        MD5: 966e59fada7c527111ba61f0cafcb355
-        SHA1: d72efbe2c9127b91fffcfa0825dc16c9f7580e44
-        SHA256: 506eaba716a689df7e0bb57b6f41afea02cce8c4af4d2392e96bd2e1bf483528
-        SHA384: 0edb1fa0ccc2600fcd37358eb158fae5b72cc13fd3ff6cd0518aa6c780377dd5a7e39145784d4b9c595f163be613f2f1
-    - Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 SHA256 Code Signing CA
-      ValidFrom: '2013-12-10 00:00:00'
-      ValidTo: '2023-12-09 23:59:59'
-      Signature: 13851a1e69a937f7a0bda4af7e1d6153fe9d8c5e0ca6751e781723ddfdec1a035539fb7195c7655aa78e30d2445a61db706fda2105c22e73ba49f1d193fe5dc9cd5e03e0899e3f741ed7f7388ba9d6cfbb352f3358a89256d1c84d3b82e6798416fc28b0b147f31da23eee87d9a67fa456a53fad842e29de7cbca8aaa33d0401eaba93a20e502229174c87e43a115fd6a425899b056b2fb4c9014c277b0bac190522a060153fdac9fb4d4c8ffb726777fd2794c7ba350e8849fe8dfd28af4a12bd0db39705de440c15fa362b03dcc15001f1a1115d14e5e2bd274b54be2b845e0fa6c374050aef97c38922b11f77f3bdcd43d4f14ca93fb58b84af64f2d01421
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 3d78d7f9764960b2617df4f01eca862a
-      Version: 3
-      TBS:
-        MD5: 1f056ff7d5f874984dc605402b7cb042
-        SHA1: bdb348353a2203deb4b767914fa1bd7248dd728b
-        SHA256: a08e79c386083d875014c409c13d144e0a24386132980df11ff59737c8489eb1
-        SHA384: fa2729064b49e0d77540c1ee95d5f74acaf8eaf55197851a3a40383335f8113e51190bc48b552196edf8ac5cf0c89278
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    Signer:
-    - SerialNumber: 1834b81889070312b5c4ca72ea419a5e
-      Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 SHA256 Code Signing CA
-      Version: 1
-  Imphash: 6b7d4c6283b9b951b7b2f47a0c5be8c7
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 428e1d8063028ac66be9501b5bccb038
-    SHA1: e4e33d2ad37a0e7edf98f9384d0167dfaa540e77
-    SHA256: af9c600edb134fb8f21d585bbf7d0a4d3f1b792b6dd104c10d38f220f47671f8
-  Company: Razer, Inc.
-  Copyright: Copyright (C) 2010-2014
-  CreationTimestamp: '2016-05-19 15:09:43'
-  Date: ''
-  Description: Razer Overlay Support
-  ExportedFunctions: ''
-  FileVersion: 1.0.12.9986
-  Filename: ''
-  ImportedFunctions:
-  - IofCompleteRequest
-  - ObfDereferenceObject
-  - ObfReferenceObject
-  - KeClearEvent
-  - KeWaitForSingleObject
-  - IoAcquireCancelSpinLock
-  - IoReleaseCancelSpinLock
-  - ObReferenceObjectByHandle
-  - ExEventObjectType
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - ExAcquireFastMutex
-  - ExReleaseFastMutex
-  - KeAcquireGuardedMutex
-  - KeReleaseGuardedMutex
-  - KeAcquireSpinLockRaiseToDpc
-  - KeReleaseSpinLock
-  - RtlInitUnicodeString
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - PoStartNextPowerIrp
-  - ZwLoadDriver
-  - IoGetDeviceObjectPointer
-  - ZwUnloadDriver
-  - IoAttachDeviceToDeviceStack
-  - IoDeleteDevice
-  - KeInitializeEvent
-  - IofCallDriver
-  - PoCallDriver
-  - PsSetCreateProcessNotifyRoutine
-  - PsSetCreateThreadNotifyRoutine
-  - PsRemoveCreateThreadNotifyRoutine
-  - ZwSetEvent
-  - _wcslwr
-  - wcsstr
-  - ZwClose
-  - KeSetEvent
-  - ZwWaitForSingleObject
-  - _purecall
-  - sprintf
-  - _vsnprintf
-  - DbgPrint
-  - swprintf
-  - KeInitializeGuardedMutex
-  - PsLookupProcessByProcessId
-  - PsReferencePrimaryToken
-  - SeQueryInformationToken
-  - RtlLengthRequiredSid
-  - RtlInitializeSid
-  - RtlSubAuthoritySid
-  - RtlEqualSid
-  - PsDereferencePrimaryToken
-  - MmGetSystemRoutineAddress
-  - MmIsAddressValid
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - wcsrchr
-  - ZwOpenProcess
-  - PsLookupThreadByThreadId
-  - ObOpenObjectByPointer
-  - PsThreadType
-  - ZwCreateEvent
-  - PsGetCurrentProcessId
-  - RtlInitString
-  - RtlCompareString
-  - ZwMapViewOfSection
-  - KeBugCheckEx
-  - __C_specific_handler
-  Imports:
-  - ntoskrnl.exe
-  InternalName: Rzpnk
-  MD5: 2229d5a9a92b62df4df9cf51f48436f7
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: Rzpnk.sys
-  PDBPath: ''
-  Product: Rzpnk
-  ProductVersion: 1.0.12.9986
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: d95b83b1676185463804c7be60a5629a
-    SHA1: 1d9671d566106c909d9fb90ad6d433103705a06e
-    SHA256: 98a9df9ab526c9ccc780176b4ab4f0bdf1479789da7a463f76afa5ca5eeb57a8
-  SHA1: 63cf021c8662fa23ce3e4075a4f849431e473058
-  SHA256: 0507d893e3fd2917c81c1dc13ccb22ae5402ab6ca9fb8d89485010838050d08d
-  Sections:
-    .text:
-      Entropy: 6.019686004932245
-      Virtual Size: '0x76de'
-    .rdata:
-      Entropy: 2.1425402181335667
-      Virtual Size: '0x1441c'
-    .data:
-      Entropy: 0.15812764646865457
-      Virtual Size: '0x3e4'
-    .pdata:
-      Entropy: 4.833106417422371
-      Virtual Size: '0xc84'
-    PAGE:
-      Entropy: 4.405262522641727
-      Virtual Size: '0x87'
-    INIT:
-      Entropy: 5.3460375261506305
-      Virtual Size: '0x884'
-    .rsrc:
-      Entropy: 3.311949790337429
-      Virtual Size: '0x328'
-    .reloc:
-      Entropy: 4.342739465022854
-      Virtual Size: '0x94'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=California, L=Irvine, O=Razer USA Ltd., CN=Razer USA Ltd.
-      ValidFrom: '2016-02-10 00:00:00'
-      ValidTo: '2019-02-07 23:59:59'
-      Signature: 06b8b8ab165538f61a5033c866556c0dd5e0f3ccc78633965b7feb8b012f312c40d09a3916370efd6a1747fa6c39c0de0be5226f7de748d11854a396dfcdfb31bdf572c2fa2561204ea01d2a076a197f89b7cb084d4cdd2c788195309cd507be6847667b2c00b74d94f53291c03201e23c363928968cbe4596649a671458d82001d22205c3d4f6beb5405247d9ad1ad832c12a96e7e557426d8fc85b0069b512354557b7e2124305c0171df610bea39f8dabb973e3fec041fbce781db485d88fa826f74f0e0810e62b63615404c2daeaa354fa3c73baafcd5daca7146f3afee8c30cb257f6b25843c5df2317c1d05a619e86e843c081169e0dfd5036cd19f9ef
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 1834b81889070312b5c4ca72ea419a5e
-      Version: 3
-      TBS:
-        MD5: 966e59fada7c527111ba61f0cafcb355
-        SHA1: d72efbe2c9127b91fffcfa0825dc16c9f7580e44
-        SHA256: 506eaba716a689df7e0bb57b6f41afea02cce8c4af4d2392e96bd2e1bf483528
-        SHA384: 0edb1fa0ccc2600fcd37358eb158fae5b72cc13fd3ff6cd0518aa6c780377dd5a7e39145784d4b9c595f163be613f2f1
-    - Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 SHA256 Code Signing CA
-      ValidFrom: '2013-12-10 00:00:00'
-      ValidTo: '2023-12-09 23:59:59'
-      Signature: 13851a1e69a937f7a0bda4af7e1d6153fe9d8c5e0ca6751e781723ddfdec1a035539fb7195c7655aa78e30d2445a61db706fda2105c22e73ba49f1d193fe5dc9cd5e03e0899e3f741ed7f7388ba9d6cfbb352f3358a89256d1c84d3b82e6798416fc28b0b147f31da23eee87d9a67fa456a53fad842e29de7cbca8aaa33d0401eaba93a20e502229174c87e43a115fd6a425899b056b2fb4c9014c277b0bac190522a060153fdac9fb4d4c8ffb726777fd2794c7ba350e8849fe8dfd28af4a12bd0db39705de440c15fa362b03dcc15001f1a1115d14e5e2bd274b54be2b845e0fa6c374050aef97c38922b11f77f3bdcd43d4f14ca93fb58b84af64f2d01421
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 3d78d7f9764960b2617df4f01eca862a
-      Version: 3
-      TBS:
-        MD5: 1f056ff7d5f874984dc605402b7cb042
-        SHA1: bdb348353a2203deb4b767914fa1bd7248dd728b
-        SHA256: a08e79c386083d875014c409c13d144e0a24386132980df11ff59737c8489eb1
-        SHA384: fa2729064b49e0d77540c1ee95d5f74acaf8eaf55197851a3a40383335f8113e51190bc48b552196edf8ac5cf0c89278
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    Signer:
-    - SerialNumber: 1834b81889070312b5c4ca72ea419a5e
-      Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 SHA256 Code Signing CA
-      Version: 1
-  Imphash: e1ecbd956bd016618b07e7dddcaf6e60
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 49143ee3e5fc7193b0826428979792c8
-    SHA1: 2fa99a65d8992e07ac5af3a935861b493669d870
-    SHA256: e269b4cb9df863c31ae13012429f67a0f3cd81481025d35ce6531b33b63b5976
-  Company: Razer, Inc.
-  Copyright: Copyright (C) 2010-2017. Razer, Inc.
-  CreationTimestamp: '2017-09-20 16:34:31'
-  Date: ''
-  Description: Razer Overlay Support
-  ExportedFunctions: ''
-  FileVersion: 1.0.12.10177
-  Filename: ''
-  ImportedFunctions:
-  - IoAcquireCancelSpinLock
-  - IoReleaseCancelSpinLock
-  - ObReferenceObjectByHandle
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - KeAcquireGuardedMutex
-  - KeReleaseGuardedMutex
-  - RtlInitUnicodeString
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - PsGetCurrentProcessId
-  - _wcslwr
-  - wcsstr
-  - PoStartNextPowerIrp
-  - IoDeleteDevice
-  - KeInitializeEvent
-  - PsSetCreateProcessNotifyRoutine
-  - PsSetCreateThreadNotifyRoutine
-  - PsRemoveCreateThreadNotifyRoutine
-  - ZwSetEvent
-  - ZwClose
-  - KeSetEvent
-  - ZwWaitForSingleObject
-  - _purecall
-  - sprintf
-  - _vsnprintf
-  - swprintf
-  - PsLookupProcessByProcessId
-  - PsReferencePrimaryToken
-  - SeQueryInformationToken
-  - RtlLengthRequiredSid
-  - RtlInitializeSid
-  - RtlSubAuthoritySid
-  - RtlEqualSid
-  - PsDereferencePrimaryToken
-  - MmGetSystemRoutineAddress
-  - MmIsAddressValid
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - wcsrchr
-  - ZwOpenProcess
-  - PsLookupThreadByThreadId
-  - ObOpenObjectByPointer
-  - PsThreadType
-  - ZwCreateEvent
-  - KeTickCount
-  - KeBugCheckEx
-  - ObfDereferenceObject
-  - KeGetCurrentThread
-  - IofCompleteRequest
-  - memcpy
-  - memset
-  - RtlUnwind
-  - KfAcquireSpinLock
-  - ExReleaseFastMutex
-  - ExAcquireFastMutex
-  - KfReleaseSpinLock
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: Rzpnk
-  MD5: 1c9d2a993e99054050b596d88b307d95
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: Rzpnk.sys
-  PDBPath: ''
-  Product: Rzpnk
-  ProductVersion: 1.0.12.10177
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 4a9a353a14ee7f23eb41b8a45b487e20
-    SHA1: 6c6a81d70919694d3abe35859966f0d320d0b3a3
-    SHA256: 89faf986a8af825587e8da0861c420dad1d83ce6bb17589fd1d397352352159c
-  SHA1: 6293ff11805cd33bccbcca9f0132bff3ae2e2534
-  SHA256: 9eba5d1545fdbf37cf053ac3f3ba45bcb651b8abb7805cbfdfb5f91ea294fb95
-  Sections:
-    .text:
-      Entropy: 6.128458524856704
-      Virtual Size: '0x3878'
-    .rdata:
-      Entropy: 0.7781386812218317
-      Virtual Size: '0x8b54'
-    .data:
-      Entropy: 0.16801126406945746
-      Virtual Size: '0x308'
-    PAGE:
-      Entropy: 4.455274446152897
-      Virtual Size: '0x69'
-    INIT:
-      Entropy: 5.513410336591057
-      Virtual Size: '0x61e'
-    .rsrc:
-      Entropy: 3.331606785935212
-      Virtual Size: '0x348'
-    .reloc:
-      Entropy: 6.56214856252232
-      Virtual Size: '0x3d8'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=California, L=Irvine, O=Razer USA Ltd., CN=Razer USA Ltd.
-      ValidFrom: '2016-02-10 00:00:00'
-      ValidTo: '2019-02-07 23:59:59'
-      Signature: 06b8b8ab165538f61a5033c866556c0dd5e0f3ccc78633965b7feb8b012f312c40d09a3916370efd6a1747fa6c39c0de0be5226f7de748d11854a396dfcdfb31bdf572c2fa2561204ea01d2a076a197f89b7cb084d4cdd2c788195309cd507be6847667b2c00b74d94f53291c03201e23c363928968cbe4596649a671458d82001d22205c3d4f6beb5405247d9ad1ad832c12a96e7e557426d8fc85b0069b512354557b7e2124305c0171df610bea39f8dabb973e3fec041fbce781db485d88fa826f74f0e0810e62b63615404c2daeaa354fa3c73baafcd5daca7146f3afee8c30cb257f6b25843c5df2317c1d05a619e86e843c081169e0dfd5036cd19f9ef
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 1834b81889070312b5c4ca72ea419a5e
-      Version: 3
-      TBS:
-        MD5: 966e59fada7c527111ba61f0cafcb355
-        SHA1: d72efbe2c9127b91fffcfa0825dc16c9f7580e44
-        SHA256: 506eaba716a689df7e0bb57b6f41afea02cce8c4af4d2392e96bd2e1bf483528
-        SHA384: 0edb1fa0ccc2600fcd37358eb158fae5b72cc13fd3ff6cd0518aa6c780377dd5a7e39145784d4b9c595f163be613f2f1
-    - Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 SHA256 Code Signing CA
-      ValidFrom: '2013-12-10 00:00:00'
-      ValidTo: '2023-12-09 23:59:59'
-      Signature: 13851a1e69a937f7a0bda4af7e1d6153fe9d8c5e0ca6751e781723ddfdec1a035539fb7195c7655aa78e30d2445a61db706fda2105c22e73ba49f1d193fe5dc9cd5e03e0899e3f741ed7f7388ba9d6cfbb352f3358a89256d1c84d3b82e6798416fc28b0b147f31da23eee87d9a67fa456a53fad842e29de7cbca8aaa33d0401eaba93a20e502229174c87e43a115fd6a425899b056b2fb4c9014c277b0bac190522a060153fdac9fb4d4c8ffb726777fd2794c7ba350e8849fe8dfd28af4a12bd0db39705de440c15fa362b03dcc15001f1a1115d14e5e2bd274b54be2b845e0fa6c374050aef97c38922b11f77f3bdcd43d4f14ca93fb58b84af64f2d01421
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 3d78d7f9764960b2617df4f01eca862a
-      Version: 3
-      TBS:
-        MD5: 1f056ff7d5f874984dc605402b7cb042
-        SHA1: bdb348353a2203deb4b767914fa1bd7248dd728b
-        SHA256: a08e79c386083d875014c409c13d144e0a24386132980df11ff59737c8489eb1
-        SHA384: fa2729064b49e0d77540c1ee95d5f74acaf8eaf55197851a3a40383335f8113e51190bc48b552196edf8ac5cf0c89278
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    Signer:
-    - SerialNumber: 1834b81889070312b5c4ca72ea419a5e
-      Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 SHA256 Code Signing CA
-      Version: 1
-  Imphash: 7fb9382c0d754d5aac897d7a3e72b10c
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 4b6d5f6c61c9820aaf6dd10acbcc8385
-    SHA1: 1ac31466261a6da69fbeb8e99d0b7b772071ac7f
-    SHA256: d2e10e17bca5e85e6b84345b47aab14adf45d98c672db6acf90479a7faf20b5a
-  Company: Razer, Inc.
-  Copyright: Copyright (C) 2010-2014
-  CreationTimestamp: '2015-09-16 18:16:35'
-  Date: ''
-  Description: Razer Overlay Support
-  ExportedFunctions: ''
-  FileVersion: 1.0.12.7465
-  Filename: ''
-  ImportedFunctions:
-  - IofCompleteRequest
-  - ObfDereferenceObject
-  - ObfReferenceObject
-  - KeClearEvent
-  - KeWaitForSingleObject
-  - IoAcquireCancelSpinLock
-  - IoReleaseCancelSpinLock
-  - ObReferenceObjectByHandle
-  - ExEventObjectType
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - ExAcquireFastMutex
-  - ExReleaseFastMutex
-  - KeAcquireGuardedMutex
-  - KeReleaseGuardedMutex
-  - KeAcquireSpinLockRaiseToDpc
-  - KeReleaseSpinLock
-  - RtlInitUnicodeString
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - PoStartNextPowerIrp
-  - ZwLoadDriver
-  - IoGetDeviceObjectPointer
-  - ZwUnloadDriver
-  - IoAttachDeviceToDeviceStack
-  - IoDeleteDevice
-  - KeInitializeEvent
-  - IofCallDriver
-  - PoCallDriver
-  - PsSetCreateProcessNotifyRoutine
-  - PsSetCreateThreadNotifyRoutine
-  - PsRemoveCreateThreadNotifyRoutine
-  - ZwSetEvent
-  - _wcslwr
-  - wcsstr
-  - ZwClose
-  - KeSetEvent
-  - ZwWaitForSingleObject
-  - _purecall
-  - sprintf
-  - _vsnprintf
-  - DbgPrint
-  - swprintf
-  - KeInitializeGuardedMutex
-  - PsLookupProcessByProcessId
-  - PsReferencePrimaryToken
-  - SeQueryInformationToken
-  - RtlLengthRequiredSid
-  - RtlInitializeSid
-  - RtlSubAuthoritySid
-  - RtlEqualSid
-  - PsDereferencePrimaryToken
-  - MmGetSystemRoutineAddress
-  - MmIsAddressValid
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - wcsrchr
-  - ZwOpenProcess
-  - PsLookupThreadByThreadId
-  - ObOpenObjectByPointer
-  - PsThreadType
-  - ZwCreateEvent
-  - PsGetCurrentProcessId
-  - RtlInitString
-  - RtlCompareString
-  - ZwMapViewOfSection
-  - KeBugCheckEx
-  - __C_specific_handler
-  Imports:
-  - ntoskrnl.exe
-  InternalName: Rzpnk
-  MD5: b4598c05d5440250633e25933fff42b0
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: Rzpnk.sys
-  PDBPath: ''
-  Product: Rzpnk
-  ProductVersion: 1.0.12.7465
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: d95b83b1676185463804c7be60a5629a
-    SHA1: 1d9671d566106c909d9fb90ad6d433103705a06e
-    SHA256: 98a9df9ab526c9ccc780176b4ab4f0bdf1479789da7a463f76afa5ca5eeb57a8
-  SHA1: f999709e5b00a68a0f4fa912619fe6548ad0c42d
-  SHA256: a66d2fb7ef7350ea74d4290c57fb62bc59c6ea93f759d4ca93c3febca7aeb512
-  Sections:
-    .text:
-      Entropy: 6.022819869183744
-      Virtual Size: '0x786e'
-    .rdata:
-      Entropy: 2.156441781870166
-      Virtual Size: '0x144fc'
-    .data:
-      Entropy: 0.15812764646865457
-      Virtual Size: '0x3e4'
-    .pdata:
-      Entropy: 4.83123136246416
-      Virtual Size: '0xcb4'
-    PAGE:
-      Entropy: 4.405262522641727
-      Virtual Size: '0x87'
-    INIT:
-      Entropy: 5.345466868963517
-      Virtual Size: '0x884'
-    .rsrc:
-      Entropy: 3.3229086430258863
-      Virtual Size: '0x328'
-    .reloc:
-      Entropy: 4.404219521463952
-      Virtual Size: '0x94'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=KY, ST=Cayman Islands, L=George Town, O=Razer Inc., OU=Digital ID
-        Class 3 , Microsoft Software Validation v2, CN=Razer Inc.
-      ValidFrom: '2013-09-13 00:00:00'
-      ValidTo: '2016-08-02 23:59:59'
-      Signature: 7fed5fa5da7959a757624348c39cb82555cbfa8fef504c4f9240c1832d551fa464a0f36ce293c269028849708ded45320d843e52e6e0a5c45d4c048f1c61db7831aa29bee4524cf538db8d5e3e810af96c8a2b4e85c17e6c6eefe399d57722554303e99d8b81d546bc42f89165b7c44efba44b0d073ed1d1fcae1b17e61a8e3995b5c61e33bf7c0c4d540ab2b925bcb7141159fa8095912ecccf2ad734a6362981e0248b1765df2a8815904dddf5817d76a2f493fb505624e2cd4341a39d40a3a0247a9886642d4f2f87d768efb8f08f89192eef8b635d8b76f97a3e84dfb4f05e6b1d16adc6101b7b2869aa277f886be34571d4f3af59744d4132bf2e694dc4
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 4e4563adead3fedac7bd44ec5c590577
-      Version: 3
-      TBS:
-        MD5: 62e336c644b79eb95f869025a59a0814
-        SHA1: a2f3feca99242c7df87dbe3676a64c4dba12b76b
-        SHA256: 3b43e76a05117b0ee9c87f7b98005a1a4b804d633660c8e3a43d342ba9184e1b
-        SHA384: 06fa6279fc3c74eade44518adb2b1c269e30736e11ff02f8e3b1f4a3e55a9f0b07ec215f9654d579c25c90627809182c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 4e4563adead3fedac7bd44ec5c590577
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: e1ecbd956bd016618b07e7dddcaf6e60
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 870f5888401c299ad7b0cacabd53edc2
-    SHA1: fb21a2be31b336ac5da2f69c93c4ff4f8fe30a42
-    SHA256: def61560c0650717cb1da923f0d674b363b8f2051247719b34f06744bbb79000
-  Company: Razer, Inc.
-  Copyright: Copyright (C) 2010-2014
-  CreationTimestamp: '2015-09-16 18:15:26'
-  Date: ''
-  Description: Razer Overlay Support
-  ExportedFunctions: ''
-  FileVersion: 1.0.12.7465
-  Filename: ''
-  ImportedFunctions:
-  - IoAcquireCancelSpinLock
-  - IoReleaseCancelSpinLock
-  - ObReferenceObjectByHandle
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - KeAcquireGuardedMutex
-  - KeReleaseGuardedMutex
-  - RtlInitUnicodeString
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - PoStartNextPowerIrp
-  - IoDeleteDevice
-  - KeInitializeEvent
-  - PsSetCreateProcessNotifyRoutine
-  - PsSetCreateThreadNotifyRoutine
-  - PsRemoveCreateThreadNotifyRoutine
-  - ZwSetEvent
-  - _wcslwr
-  - wcsstr
-  - ZwClose
-  - KeSetEvent
-  - ZwWaitForSingleObject
-  - _purecall
-  - KeGetCurrentThread
-  - sprintf
-  - _vsnprintf
-  - swprintf
-  - PsLookupProcessByProcessId
-  - PsReferencePrimaryToken
-  - SeQueryInformationToken
-  - RtlLengthRequiredSid
-  - RtlInitializeSid
-  - RtlSubAuthoritySid
-  - RtlEqualSid
-  - PsDereferencePrimaryToken
-  - MmGetSystemRoutineAddress
-  - MmIsAddressValid
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - wcsrchr
-  - ZwOpenProcess
-  - PsLookupThreadByThreadId
-  - ObOpenObjectByPointer
-  - PsThreadType
-  - ZwCreateEvent
-  - PsGetCurrentProcessId
-  - ZwMapViewOfSection
-  - KeTickCount
-  - KeBugCheckEx
-  - ObfDereferenceObject
-  - IofCompleteRequest
-  - memcpy
-  - memset
-  - RtlUnwind
-  - KfAcquireSpinLock
-  - ExReleaseFastMutex
-  - ExAcquireFastMutex
-  - KfReleaseSpinLock
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: Rzpnk
-  MD5: 0d8daf471d871deb90225d2953c0eb95
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: Rzpnk.sys
-  PDBPath: ''
-  Product: Rzpnk
-  ProductVersion: 1.0.12.7465
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: c723c2141747136a803cc8d5df9b0e9c
-    SHA1: ab3959e0fa2376ebca63456374e4454a4d711ec1
-    SHA256: 4d91707d4f7a8f5cbedd69ff24b76a642fe430fa85657e0622340935b9806df5
-  SHA1: f0d6b0bcd5f47b41d3c3192e244314d99d1df409
-  SHA256: 9724488ca2ba4c787640c49131f4d1daae5bd47d6b2e7e5f9e8918b1d6f655be
-  Sections:
-    .text:
-      Entropy: 6.147790168427177
-      Virtual Size: '0x3820'
-    .rdata:
-      Entropy: 0.7852972442434865
-      Virtual Size: '0x8b54'
-    .data:
-      Entropy: 0.16801126406945746
-      Virtual Size: '0x308'
-    PAGE:
-      Entropy: 4.462463850935407
-      Virtual Size: '0x69'
-    INIT:
-      Entropy: 5.522612592290352
-      Virtual Size: '0x638'
-    .rsrc:
-      Entropy: 3.3171115841441816
-      Virtual Size: '0x328'
-    .reloc:
-      Entropy: 6.493689021459392
-      Virtual Size: '0x3ec'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=KY, ST=Cayman Islands, L=George Town, O=Razer Inc., OU=Digital ID
-        Class 3 , Microsoft Software Validation v2, CN=Razer Inc.
-      ValidFrom: '2013-09-13 00:00:00'
-      ValidTo: '2016-08-02 23:59:59'
-      Signature: 7fed5fa5da7959a757624348c39cb82555cbfa8fef504c4f9240c1832d551fa464a0f36ce293c269028849708ded45320d843e52e6e0a5c45d4c048f1c61db7831aa29bee4524cf538db8d5e3e810af96c8a2b4e85c17e6c6eefe399d57722554303e99d8b81d546bc42f89165b7c44efba44b0d073ed1d1fcae1b17e61a8e3995b5c61e33bf7c0c4d540ab2b925bcb7141159fa8095912ecccf2ad734a6362981e0248b1765df2a8815904dddf5817d76a2f493fb505624e2cd4341a39d40a3a0247a9886642d4f2f87d768efb8f08f89192eef8b635d8b76f97a3e84dfb4f05e6b1d16adc6101b7b2869aa277f886be34571d4f3af59744d4132bf2e694dc4
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 4e4563adead3fedac7bd44ec5c590577
-      Version: 3
-      TBS:
-        MD5: 62e336c644b79eb95f869025a59a0814
-        SHA1: a2f3feca99242c7df87dbe3676a64c4dba12b76b
-        SHA256: 3b43e76a05117b0ee9c87f7b98005a1a4b804d633660c8e3a43d342ba9184e1b
-        SHA384: 06fa6279fc3c74eade44518adb2b1c269e30736e11ff02f8e3b1f4a3e55a9f0b07ec215f9654d579c25c90627809182c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 4e4563adead3fedac7bd44ec5c590577
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: cc335217d6f7ab7a53dcfa55cbda5fb0
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 13d7aa7733e7db4e391dba54f3f4b61f
-    SHA1: d466b8fa00d2fdd9834d5d3bafdf8cbc0ccf139c
-    SHA256: bedb1e28fd1cdf391edc859c58cb318a9ab686f254195246909b245e7aaf7669
-  Company: Razer, Inc.
-  Copyright: Copyright (C) 2010-2018. Razer, Inc.
-  CreationTimestamp: '2018-03-19 12:54:13'
-  Date: ''
-  Description: Razer Overlay Support
-  ExportedFunctions: ''
-  FileVersion: 1.0.12.10201
-  Filename: ''
-  ImportedFunctions:
-  - IoAcquireCancelSpinLock
-  - IoReleaseCancelSpinLock
-  - ObReferenceObjectByHandle
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - KeAcquireGuardedMutex
-  - KeReleaseGuardedMutex
-  - RtlInitUnicodeString
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - PsGetCurrentProcessId
-  - _wcslwr
-  - wcsstr
-  - PoStartNextPowerIrp
-  - IoDeleteDevice
-  - KeInitializeEvent
-  - PsSetCreateProcessNotifyRoutine
-  - PsSetCreateThreadNotifyRoutine
-  - PsRemoveCreateThreadNotifyRoutine
-  - ZwSetEvent
-  - ZwClose
-  - KeSetEvent
-  - ZwWaitForSingleObject
-  - _purecall
-  - KeGetCurrentThread
-  - sprintf
-  - _vsnprintf
-  - swprintf
-  - PsLookupProcessByProcessId
-  - PsReferencePrimaryToken
-  - SeQueryInformationToken
-  - RtlLengthRequiredSid
-  - RtlInitializeSid
-  - RtlSubAuthoritySid
-  - RtlEqualSid
-  - PsDereferencePrimaryToken
-  - MmGetSystemRoutineAddress
-  - MmIsAddressValid
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - wcsrchr
-  - ZwOpenProcess
-  - PsLookupThreadByThreadId
-  - ObOpenObjectByPointer
-  - PsThreadType
-  - ZwCreateEvent
-  - KeTickCount
-  - KeBugCheckEx
-  - ObfDereferenceObject
-  - IofCompleteRequest
-  - memcpy
-  - memset
-  - RtlUnwind
-  - KfAcquireSpinLock
-  - ExReleaseFastMutex
-  - ExAcquireFastMutex
-  - KfReleaseSpinLock
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: Rzpnk
-  MD5: 3c1f92a1386fa6cf1ba51bae5e9a98dd
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: Rzpnk.sys
-  PDBPath: ''
-  Product: Rzpnk
-  ProductVersion: 1.0.12.10201
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 74246c83ad31479ca2853d2303658a0b
-    SHA1: 52345554a866b72e0e63cad68915f73877138d99
-    SHA256: 03ea97d4e2a7432508634ad865d3ec46fc3bf05c92874ae57fb5cfeacced2b2b
-  SHA1: d083e69055556a36df7c6e02115cbbf90726f35c
-  SHA256: 4c2d2122ef7a100e1651f2ec50528c0d1a2b8a71c075461f0dc58a1aca36bc61
-  Sections:
-    .text:
-      Entropy: 6.1267659551337
-      Virtual Size: '0x3888'
-    .rdata:
-      Entropy: 0.7774911680764585
-      Virtual Size: '0x8b54'
-    .data:
-      Entropy: 0.16801126406945746
-      Virtual Size: '0x308'
-    PAGE:
-      Entropy: 4.345324837503696
-      Virtual Size: '0x69'
-    INIT:
-      Entropy: 5.5036715965307845
-      Virtual Size: '0x61e'
-    .rsrc:
-      Entropy: 3.321864460423256
-      Virtual Size: '0x348'
-    .reloc:
-      Entropy: 6.534717310120353
-      Virtual Size: '0x3d8'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=California, L=Irvine, O=Razer USA Ltd., CN=Razer USA Ltd.
-      ValidFrom: '2016-02-10 00:00:00'
-      ValidTo: '2019-02-07 23:59:59'
-      Signature: 06b8b8ab165538f61a5033c866556c0dd5e0f3ccc78633965b7feb8b012f312c40d09a3916370efd6a1747fa6c39c0de0be5226f7de748d11854a396dfcdfb31bdf572c2fa2561204ea01d2a076a197f89b7cb084d4cdd2c788195309cd507be6847667b2c00b74d94f53291c03201e23c363928968cbe4596649a671458d82001d22205c3d4f6beb5405247d9ad1ad832c12a96e7e557426d8fc85b0069b512354557b7e2124305c0171df610bea39f8dabb973e3fec041fbce781db485d88fa826f74f0e0810e62b63615404c2daeaa354fa3c73baafcd5daca7146f3afee8c30cb257f6b25843c5df2317c1d05a619e86e843c081169e0dfd5036cd19f9ef
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 1834b81889070312b5c4ca72ea419a5e
-      Version: 3
-      TBS:
-        MD5: 966e59fada7c527111ba61f0cafcb355
-        SHA1: d72efbe2c9127b91fffcfa0825dc16c9f7580e44
-        SHA256: 506eaba716a689df7e0bb57b6f41afea02cce8c4af4d2392e96bd2e1bf483528
-        SHA384: 0edb1fa0ccc2600fcd37358eb158fae5b72cc13fd3ff6cd0518aa6c780377dd5a7e39145784d4b9c595f163be613f2f1
-    - Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 SHA256 Code Signing CA
-      ValidFrom: '2013-12-10 00:00:00'
-      ValidTo: '2023-12-09 23:59:59'
-      Signature: 13851a1e69a937f7a0bda4af7e1d6153fe9d8c5e0ca6751e781723ddfdec1a035539fb7195c7655aa78e30d2445a61db706fda2105c22e73ba49f1d193fe5dc9cd5e03e0899e3f741ed7f7388ba9d6cfbb352f3358a89256d1c84d3b82e6798416fc28b0b147f31da23eee87d9a67fa456a53fad842e29de7cbca8aaa33d0401eaba93a20e502229174c87e43a115fd6a425899b056b2fb4c9014c277b0bac190522a060153fdac9fb4d4c8ffb726777fd2794c7ba350e8849fe8dfd28af4a12bd0db39705de440c15fa362b03dcc15001f1a1115d14e5e2bd274b54be2b845e0fa6c374050aef97c38922b11f77f3bdcd43d4f14ca93fb58b84af64f2d01421
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 3d78d7f9764960b2617df4f01eca862a
-      Version: 3
-      TBS:
-        MD5: 1f056ff7d5f874984dc605402b7cb042
-        SHA1: bdb348353a2203deb4b767914fa1bd7248dd728b
-        SHA256: a08e79c386083d875014c409c13d144e0a24386132980df11ff59737c8489eb1
-        SHA384: fa2729064b49e0d77540c1ee95d5f74acaf8eaf55197851a3a40383335f8113e51190bc48b552196edf8ac5cf0c89278
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    Signer:
-    - SerialNumber: 1834b81889070312b5c4ca72ea419a5e
-      Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 SHA256 Code Signing CA
-      Version: 1
-  Imphash: d67b7c7501e5261df5e66b3219fa52ee
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 76934be6e996e801ea4d68c504d427c3
-    SHA1: b2e03d9e602a6026f45c08b686c6810abd43bfac
-    SHA256: 982ad43111d8b7a7900df652c8873eeb6aa485bb429dee6c2ad44acf598bb5e6
-  Company: Razer, Inc.
-  Copyright: Copyright (C) 2010-2017. Razer, Inc.
-  CreationTimestamp: '2017-07-16 13:10:48'
-  Date: ''
-  Description: Razer Overlay Support
-  ExportedFunctions: ''
-  FileVersion: 1.0.12.10155
-  Filename: ''
-  ImportedFunctions:
-  - IoAcquireCancelSpinLock
-  - IoReleaseCancelSpinLock
-  - ObReferenceObjectByHandle
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - KeAcquireGuardedMutex
-  - KeReleaseGuardedMutex
-  - RtlInitUnicodeString
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - PoStartNextPowerIrp
-  - IoDeleteDevice
-  - KeInitializeEvent
-  - PsSetCreateProcessNotifyRoutine
-  - PsSetCreateThreadNotifyRoutine
-  - PsRemoveCreateThreadNotifyRoutine
-  - ZwSetEvent
-  - _wcslwr
-  - wcsstr
-  - ZwClose
-  - KeSetEvent
-  - ZwWaitForSingleObject
-  - _purecall
-  - KeGetCurrentThread
-  - _vsnprintf
-  - swprintf
-  - PsLookupProcessByProcessId
-  - PsReferencePrimaryToken
-  - SeQueryInformationToken
-  - RtlLengthRequiredSid
-  - RtlInitializeSid
-  - RtlSubAuthoritySid
-  - RtlEqualSid
-  - PsDereferencePrimaryToken
-  - MmGetSystemRoutineAddress
-  - MmIsAddressValid
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - wcsrchr
-  - ZwOpenProcess
-  - PsLookupThreadByThreadId
-  - ObOpenObjectByPointer
-  - PsThreadType
-  - ZwCreateEvent
-  - PsGetCurrentProcessId
-  - ZwOpenProcessTokenEx
-  - ZwQueryInformationToken
-  - RtlSubAuthorityCountSid
-  - KeTickCount
-  - KeBugCheckEx
-  - ObfDereferenceObject
-  - sprintf
-  - IofCompleteRequest
-  - memcpy
-  - memset
-  - RtlUnwind
-  - KfAcquireSpinLock
-  - ExReleaseFastMutex
-  - ExAcquireFastMutex
-  - KfReleaseSpinLock
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: Rzpnk
-  MD5: 2e7d824a49d731da9fc96262a29c85ce
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: Rzpnk.sys
-  PDBPath: ''
-  Product: Rzpnk
-  ProductVersion: 1.0.12.10155
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 4a9a353a14ee7f23eb41b8a45b487e20
-    SHA1: 6c6a81d70919694d3abe35859966f0d320d0b3a3
-    SHA256: 89faf986a8af825587e8da0861c420dad1d83ce6bb17589fd1d397352352159c
-  SHA1: a4e2e227f984f344d48f4bf088ca9d020c63db4e
-  SHA256: 2665d3127ddd9411af38a255787a4e2483d720aa021be8d6418e071da52ed266
-  Sections:
-    .text:
-      Entropy: 6.13737056754944
-      Virtual Size: '0x3870'
-    .rdata:
-      Entropy: 0.7745929346692745
-      Virtual Size: '0x8b34'
-    .data:
-      Entropy: 0.16801126406945746
-      Virtual Size: '0x308'
-    PAGE:
-      Entropy: 4.500559089030644
-      Virtual Size: '0x69'
-    INIT:
-      Entropy: 5.53827735746872
-      Virtual Size: '0x676'
-    .rsrc:
-      Entropy: 3.335903976976208
-      Virtual Size: '0x348'
-    .reloc:
-      Entropy: 6.523525927018517
-      Virtual Size: '0x3dc'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=California, L=Irvine, O=Razer USA Ltd., CN=Razer USA Ltd.
-      ValidFrom: '2016-02-10 00:00:00'
-      ValidTo: '2019-02-07 23:59:59'
-      Signature: 06b8b8ab165538f61a5033c866556c0dd5e0f3ccc78633965b7feb8b012f312c40d09a3916370efd6a1747fa6c39c0de0be5226f7de748d11854a396dfcdfb31bdf572c2fa2561204ea01d2a076a197f89b7cb084d4cdd2c788195309cd507be6847667b2c00b74d94f53291c03201e23c363928968cbe4596649a671458d82001d22205c3d4f6beb5405247d9ad1ad832c12a96e7e557426d8fc85b0069b512354557b7e2124305c0171df610bea39f8dabb973e3fec041fbce781db485d88fa826f74f0e0810e62b63615404c2daeaa354fa3c73baafcd5daca7146f3afee8c30cb257f6b25843c5df2317c1d05a619e86e843c081169e0dfd5036cd19f9ef
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 1834b81889070312b5c4ca72ea419a5e
-      Version: 3
-      TBS:
-        MD5: 966e59fada7c527111ba61f0cafcb355
-        SHA1: d72efbe2c9127b91fffcfa0825dc16c9f7580e44
-        SHA256: 506eaba716a689df7e0bb57b6f41afea02cce8c4af4d2392e96bd2e1bf483528
-        SHA384: 0edb1fa0ccc2600fcd37358eb158fae5b72cc13fd3ff6cd0518aa6c780377dd5a7e39145784d4b9c595f163be613f2f1
-    - Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 SHA256 Code Signing CA
-      ValidFrom: '2013-12-10 00:00:00'
-      ValidTo: '2023-12-09 23:59:59'
-      Signature: 13851a1e69a937f7a0bda4af7e1d6153fe9d8c5e0ca6751e781723ddfdec1a035539fb7195c7655aa78e30d2445a61db706fda2105c22e73ba49f1d193fe5dc9cd5e03e0899e3f741ed7f7388ba9d6cfbb352f3358a89256d1c84d3b82e6798416fc28b0b147f31da23eee87d9a67fa456a53fad842e29de7cbca8aaa33d0401eaba93a20e502229174c87e43a115fd6a425899b056b2fb4c9014c277b0bac190522a060153fdac9fb4d4c8ffb726777fd2794c7ba350e8849fe8dfd28af4a12bd0db39705de440c15fa362b03dcc15001f1a1115d14e5e2bd274b54be2b845e0fa6c374050aef97c38922b11f77f3bdcd43d4f14ca93fb58b84af64f2d01421
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 3d78d7f9764960b2617df4f01eca862a
-      Version: 3
-      TBS:
-        MD5: 1f056ff7d5f874984dc605402b7cb042
-        SHA1: bdb348353a2203deb4b767914fa1bd7248dd728b
-        SHA256: a08e79c386083d875014c409c13d144e0a24386132980df11ff59737c8489eb1
-        SHA384: fa2729064b49e0d77540c1ee95d5f74acaf8eaf55197851a3a40383335f8113e51190bc48b552196edf8ac5cf0c89278
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    Signer:
-    - SerialNumber: 1834b81889070312b5c4ca72ea419a5e
-      Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 SHA256 Code Signing CA
-      Version: 1
-  Imphash: 700a9350ac8b218ab9fc62cf25337ad3
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 4b6d5f6c61c9820aaf6dd10acbcc8385
-    SHA1: 1ac31466261a6da69fbeb8e99d0b7b772071ac7f
-    SHA256: d2e10e17bca5e85e6b84345b47aab14adf45d98c672db6acf90479a7faf20b5a
-  Company: Razer, Inc.
-  Copyright: Copyright (C) 2010-2014
-  CreationTimestamp: '2015-09-16 18:16:35'
-  Date: ''
-  Description: Razer Overlay Support
-  ExportedFunctions: ''
-  FileVersion: 1.0.12.7465
-  Filename: ''
-  ImportedFunctions:
-  - IofCompleteRequest
-  - ObfDereferenceObject
-  - ObfReferenceObject
-  - KeClearEvent
-  - KeWaitForSingleObject
-  - IoAcquireCancelSpinLock
-  - IoReleaseCancelSpinLock
-  - ObReferenceObjectByHandle
-  - ExEventObjectType
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - ExAcquireFastMutex
-  - ExReleaseFastMutex
-  - KeAcquireGuardedMutex
-  - KeReleaseGuardedMutex
-  - KeAcquireSpinLockRaiseToDpc
-  - KeReleaseSpinLock
-  - RtlInitUnicodeString
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - PoStartNextPowerIrp
-  - ZwLoadDriver
-  - IoGetDeviceObjectPointer
-  - ZwUnloadDriver
-  - IoAttachDeviceToDeviceStack
-  - IoDeleteDevice
-  - KeInitializeEvent
-  - IofCallDriver
-  - PoCallDriver
-  - PsSetCreateProcessNotifyRoutine
-  - PsSetCreateThreadNotifyRoutine
-  - PsRemoveCreateThreadNotifyRoutine
-  - ZwSetEvent
-  - _wcslwr
-  - wcsstr
-  - ZwClose
-  - KeSetEvent
-  - ZwWaitForSingleObject
-  - _purecall
-  - sprintf
-  - _vsnprintf
-  - DbgPrint
-  - swprintf
-  - KeInitializeGuardedMutex
-  - PsLookupProcessByProcessId
-  - PsReferencePrimaryToken
-  - SeQueryInformationToken
-  - RtlLengthRequiredSid
-  - RtlInitializeSid
-  - RtlSubAuthoritySid
-  - RtlEqualSid
-  - PsDereferencePrimaryToken
-  - MmGetSystemRoutineAddress
-  - MmIsAddressValid
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - wcsrchr
-  - ZwOpenProcess
-  - PsLookupThreadByThreadId
-  - ObOpenObjectByPointer
-  - PsThreadType
-  - ZwCreateEvent
-  - PsGetCurrentProcessId
-  - RtlInitString
-  - RtlCompareString
-  - ZwMapViewOfSection
-  - KeBugCheckEx
-  - __C_specific_handler
-  Imports:
-  - ntoskrnl.exe
-  InternalName: Rzpnk
-  MD5: f8a13d4413a93dd005fad116cbd6b6f7
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: Rzpnk.sys
-  PDBPath: ''
-  Product: Rzpnk
-  ProductVersion: 1.0.12.7465
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: d95b83b1676185463804c7be60a5629a
-    SHA1: 1d9671d566106c909d9fb90ad6d433103705a06e
-    SHA256: 98a9df9ab526c9ccc780176b4ab4f0bdf1479789da7a463f76afa5ca5eeb57a8
-  SHA1: 8edcd4b35f5ae88d14e83252390659c6fc79eae3
-  SHA256: 8ed0c00920ce76e832701d45117ed00b12e20588cb6fe8039fbccdfef9841047
-  Sections:
-    .text:
-      Entropy: 6.022819869183744
-      Virtual Size: '0x786e'
-    .rdata:
-      Entropy: 2.156441781870166
-      Virtual Size: '0x144fc'
-    .data:
-      Entropy: 0.15812764646865457
-      Virtual Size: '0x3e4'
-    .pdata:
-      Entropy: 4.83123136246416
-      Virtual Size: '0xcb4'
-    PAGE:
-      Entropy: 4.405262522641727
-      Virtual Size: '0x87'
-    INIT:
-      Entropy: 5.345466868963517
-      Virtual Size: '0x884'
-    .rsrc:
-      Entropy: 3.3229086430258863
-      Virtual Size: '0x328'
-    .reloc:
-      Entropy: 4.404219521463952
-      Virtual Size: '0x94'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=KY, ST=Cayman Islands, L=George Town, O=Razer Inc., OU=Digital ID
-        Class 3 , Microsoft Software Validation v2, CN=Razer Inc.
-      ValidFrom: '2013-09-13 00:00:00'
-      ValidTo: '2016-08-02 23:59:59'
-      Signature: 7fed5fa5da7959a757624348c39cb82555cbfa8fef504c4f9240c1832d551fa464a0f36ce293c269028849708ded45320d843e52e6e0a5c45d4c048f1c61db7831aa29bee4524cf538db8d5e3e810af96c8a2b4e85c17e6c6eefe399d57722554303e99d8b81d546bc42f89165b7c44efba44b0d073ed1d1fcae1b17e61a8e3995b5c61e33bf7c0c4d540ab2b925bcb7141159fa8095912ecccf2ad734a6362981e0248b1765df2a8815904dddf5817d76a2f493fb505624e2cd4341a39d40a3a0247a9886642d4f2f87d768efb8f08f89192eef8b635d8b76f97a3e84dfb4f05e6b1d16adc6101b7b2869aa277f886be34571d4f3af59744d4132bf2e694dc4
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 4e4563adead3fedac7bd44ec5c590577
-      Version: 3
-      TBS:
-        MD5: 62e336c644b79eb95f869025a59a0814
-        SHA1: a2f3feca99242c7df87dbe3676a64c4dba12b76b
-        SHA256: 3b43e76a05117b0ee9c87f7b98005a1a4b804d633660c8e3a43d342ba9184e1b
-        SHA384: 06fa6279fc3c74eade44518adb2b1c269e30736e11ff02f8e3b1f4a3e55a9f0b07ec215f9654d579c25c90627809182c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 4e4563adead3fedac7bd44ec5c590577
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: e1ecbd956bd016618b07e7dddcaf6e60
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 3b53b1da67c8917786be48c57c6a2db1
-    SHA1: b2aac760470a4575bc0f6508179ed32d7c37a5d9
-    SHA256: 39789a159c1196255f1b6d83e23af4082fd4cffe2662e40b71631b4e2e4bc05d
-  Company: Razer, Inc.
-  Copyright: Copyright (C) 2010-2017. Razer, Inc.
-  CreationTimestamp: '2017-07-16 13:12:07'
-  Date: ''
-  Description: Razer Overlay Support
-  ExportedFunctions: ''
-  FileVersion: 1.0.12.10155
-  Filename: ''
-  ImportedFunctions:
-  - IofCompleteRequest
-  - ObfDereferenceObject
-  - ObfReferenceObject
-  - KeClearEvent
-  - KeWaitForSingleObject
-  - IoAcquireCancelSpinLock
-  - IoReleaseCancelSpinLock
-  - ObReferenceObjectByHandle
-  - ExEventObjectType
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - ExAcquireFastMutex
-  - ExReleaseFastMutex
-  - KeAcquireGuardedMutex
-  - KeReleaseGuardedMutex
-  - KeAcquireSpinLockRaiseToDpc
-  - KeReleaseSpinLock
-  - RtlInitUnicodeString
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - PoStartNextPowerIrp
-  - ZwLoadDriver
-  - IoGetDeviceObjectPointer
-  - ZwUnloadDriver
-  - IoAttachDeviceToDeviceStack
-  - IoDeleteDevice
-  - KeInitializeEvent
-  - IofCallDriver
-  - PoCallDriver
-  - PsSetCreateProcessNotifyRoutine
-  - PsSetCreateThreadNotifyRoutine
-  - PsRemoveCreateThreadNotifyRoutine
-  - ZwSetEvent
-  - _wcslwr
-  - wcsstr
-  - ZwClose
-  - KeSetEvent
-  - ZwWaitForSingleObject
-  - _purecall
-  - sprintf
-  - _vsnprintf
-  - DbgPrint
-  - swprintf
-  - KeInitializeGuardedMutex
-  - PsLookupProcessByProcessId
-  - PsReferencePrimaryToken
-  - SeQueryInformationToken
-  - RtlLengthRequiredSid
-  - RtlInitializeSid
-  - RtlSubAuthoritySid
-  - RtlEqualSid
-  - PsDereferencePrimaryToken
-  - MmGetSystemRoutineAddress
-  - MmIsAddressValid
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - wcsrchr
-  - ZwOpenProcess
-  - PsLookupThreadByThreadId
-  - ObOpenObjectByPointer
-  - PsThreadType
-  - ZwCreateEvent
-  - PsGetCurrentProcessId
-  - RtlInitString
-  - RtlCompareString
-  - ZwMapViewOfSection
-  - ZwOpenProcessTokenEx
-  - ZwQueryInformationToken
-  - RtlSubAuthorityCountSid
-  - KeBugCheckEx
-  - __C_specific_handler
-  Imports:
-  - ntoskrnl.exe
-  InternalName: Rzpnk
-  MD5: d4a299c595d35264b5cfd12490a138dc
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: Rzpnk.sys
-  PDBPath: ''
-  Product: Rzpnk
-  ProductVersion: 1.0.12.10155
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: ce0bfa21df06f7d3067953da829fe299
-    SHA1: 49f5fdf333898858dd7297603f3b2347a01e777d
-    SHA256: c059cad135868369281fd57e51cf8d64ac50e012ce54e3efb9321d8b519bd2dd
-  SHA1: 64df813dc0774ef57d21141dcb38d08059fd8660
-  SHA256: d7b743c3f98662c955c616e0d1bb0800c9602e5b6f2385336a72623037bfd6dd
-  Sections:
-    .text:
-      Entropy: 6.029813362546066
-      Virtual Size: '0x797e'
-    .rdata:
-      Entropy: 2.1638565406792596
-      Virtual Size: '0x1457c'
-    .data:
-      Entropy: 0.15812764646865457
-      Virtual Size: '0x3e4'
-    .pdata:
-      Entropy: 4.86837045917237
-      Virtual Size: '0xcf0'
-    PAGE:
-      Entropy: 4.405262522641727
-      Virtual Size: '0x87'
-    INIT:
-      Entropy: 5.362469333828446
-      Virtual Size: '0x8e8'
-    .rsrc:
-      Entropy: 3.3415370361058807
-      Virtual Size: '0x348'
-    .reloc:
-      Entropy: 4.425570968528865
-      Virtual Size: '0x8c'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=California, L=Irvine, O=Razer USA Ltd., CN=Razer USA Ltd.
-      ValidFrom: '2016-02-10 00:00:00'
-      ValidTo: '2019-02-07 23:59:59'
-      Signature: 06b8b8ab165538f61a5033c866556c0dd5e0f3ccc78633965b7feb8b012f312c40d09a3916370efd6a1747fa6c39c0de0be5226f7de748d11854a396dfcdfb31bdf572c2fa2561204ea01d2a076a197f89b7cb084d4cdd2c788195309cd507be6847667b2c00b74d94f53291c03201e23c363928968cbe4596649a671458d82001d22205c3d4f6beb5405247d9ad1ad832c12a96e7e557426d8fc85b0069b512354557b7e2124305c0171df610bea39f8dabb973e3fec041fbce781db485d88fa826f74f0e0810e62b63615404c2daeaa354fa3c73baafcd5daca7146f3afee8c30cb257f6b25843c5df2317c1d05a619e86e843c081169e0dfd5036cd19f9ef
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 1834b81889070312b5c4ca72ea419a5e
-      Version: 3
-      TBS:
-        MD5: 966e59fada7c527111ba61f0cafcb355
-        SHA1: d72efbe2c9127b91fffcfa0825dc16c9f7580e44
-        SHA256: 506eaba716a689df7e0bb57b6f41afea02cce8c4af4d2392e96bd2e1bf483528
-        SHA384: 0edb1fa0ccc2600fcd37358eb158fae5b72cc13fd3ff6cd0518aa6c780377dd5a7e39145784d4b9c595f163be613f2f1
-    - Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 SHA256 Code Signing CA
-      ValidFrom: '2013-12-10 00:00:00'
-      ValidTo: '2023-12-09 23:59:59'
-      Signature: 13851a1e69a937f7a0bda4af7e1d6153fe9d8c5e0ca6751e781723ddfdec1a035539fb7195c7655aa78e30d2445a61db706fda2105c22e73ba49f1d193fe5dc9cd5e03e0899e3f741ed7f7388ba9d6cfbb352f3358a89256d1c84d3b82e6798416fc28b0b147f31da23eee87d9a67fa456a53fad842e29de7cbca8aaa33d0401eaba93a20e502229174c87e43a115fd6a425899b056b2fb4c9014c277b0bac190522a060153fdac9fb4d4c8ffb726777fd2794c7ba350e8849fe8dfd28af4a12bd0db39705de440c15fa362b03dcc15001f1a1115d14e5e2bd274b54be2b845e0fa6c374050aef97c38922b11f77f3bdcd43d4f14ca93fb58b84af64f2d01421
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 3d78d7f9764960b2617df4f01eca862a
-      Version: 3
-      TBS:
-        MD5: 1f056ff7d5f874984dc605402b7cb042
-        SHA1: bdb348353a2203deb4b767914fa1bd7248dd728b
-        SHA256: a08e79c386083d875014c409c13d144e0a24386132980df11ff59737c8489eb1
-        SHA384: fa2729064b49e0d77540c1ee95d5f74acaf8eaf55197851a3a40383335f8113e51190bc48b552196edf8ac5cf0c89278
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    Signer:
-    - SerialNumber: 1834b81889070312b5c4ca72ea419a5e
-      Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 SHA256 Code Signing CA
-      Version: 1
-  Imphash: 6b7d4c6283b9b951b7b2f47a0c5be8c7
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 151f2aa65417bbb3563e02d1f60484dc
-    SHA1: 970bd6388867c86b786d4e218d1a6967d7304ee4
-    SHA256: 9d61963c098b07fa7ee6dba40f476fc5d2f16301d79a3e8554319d66c69404a9
-  Company: Razer, Inc.
-  Copyright: Copyright (C) 2010-2018. Razer, Inc.
-  CreationTimestamp: '2018-03-19 12:55:13'
-  Date: ''
-  Description: Razer Overlay Support
-  ExportedFunctions: ''
-  FileVersion: 1.0.12.10201
-  Filename: ''
-  ImportedFunctions:
-  - IofCompleteRequest
-  - ObfDereferenceObject
-  - ObfReferenceObject
-  - KeClearEvent
-  - KeWaitForSingleObject
-  - IoAcquireCancelSpinLock
-  - IoReleaseCancelSpinLock
-  - ObReferenceObjectByHandle
-  - ExEventObjectType
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - ExAcquireFastMutex
-  - ExReleaseFastMutex
-  - KeAcquireGuardedMutex
-  - KeReleaseGuardedMutex
-  - KeAcquireSpinLockRaiseToDpc
-  - KeReleaseSpinLock
-  - RtlInitUnicodeString
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - PsGetCurrentProcessId
-  - _wcslwr
-  - wcsstr
-  - PoStartNextPowerIrp
-  - ZwLoadDriver
-  - IoGetDeviceObjectPointer
-  - ZwUnloadDriver
-  - IoAttachDeviceToDeviceStack
-  - IoDeleteDevice
-  - KeInitializeEvent
-  - IofCallDriver
-  - PoCallDriver
-  - PsSetCreateProcessNotifyRoutine
-  - PsSetCreateThreadNotifyRoutine
-  - PsRemoveCreateThreadNotifyRoutine
-  - ZwSetEvent
-  - ZwClose
-  - KeSetEvent
-  - ZwWaitForSingleObject
-  - _purecall
-  - sprintf
-  - _vsnprintf
-  - DbgPrint
-  - swprintf
-  - KeInitializeGuardedMutex
-  - PsLookupProcessByProcessId
-  - PsReferencePrimaryToken
-  - SeQueryInformationToken
-  - RtlLengthRequiredSid
-  - RtlInitializeSid
-  - RtlSubAuthoritySid
-  - RtlEqualSid
-  - PsDereferencePrimaryToken
-  - MmGetSystemRoutineAddress
-  - MmIsAddressValid
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - wcsrchr
-  - ZwOpenProcess
-  - PsLookupThreadByThreadId
-  - ObOpenObjectByPointer
-  - PsThreadType
-  - ZwCreateEvent
-  - RtlInitString
-  - RtlCompareString
-  - ZwOpenProcessTokenEx
-  - ZwQueryInformationToken
-  - RtlSubAuthorityCountSid
-  - KeBugCheckEx
-  - __C_specific_handler
-  Imports:
-  - ntoskrnl.exe
-  InternalName: Rzpnk
-  MD5: f758e7d53184faab5bc51f751937fa36
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: Rzpnk.sys
-  PDBPath: ''
-  Product: Rzpnk
-  ProductVersion: 1.0.12.10201
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 38005c498229dd5f64251bb3e57a40bf
-    SHA1: 3ddcef7c8b8f8eeaccbc11703dd94c7d300ba1a0
-    SHA256: 27973d74dd877714939b06ddea7c9cad50ac645cd8569f068dc78575c14e6704
-  SHA1: 7e900b0370a1d3cb8a3ea5394d7d094f95ec5dc0
-  SHA256: d59cc3765a2a9fa510273dded5a9f9ac5190f1edf24a00ffd6a1bbd1cb34c757
-  Sections:
-    .text:
-      Entropy: 6.032294908964451
-      Virtual Size: '0x7a82'
-    .rdata:
-      Entropy: 2.158939241562336
-      Virtual Size: '0x14564'
-    .data:
-      Entropy: 0.15812764646865457
-      Virtual Size: '0x3e4'
-    .pdata:
-      Entropy: 4.8892997126668325
-      Virtual Size: '0xcf0'
-    PAGE:
-      Entropy: 4.405262522641727
-      Virtual Size: '0x87'
-    INIT:
-      Entropy: 5.339799543825723
-      Virtual Size: '0x8ca'
-    .rsrc:
-      Entropy: 3.327497519552929
-      Virtual Size: '0x348'
-    .reloc:
-      Entropy: 4.323516902746281
-      Virtual Size: '0x8c'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=California, L=Irvine, O=Razer USA Ltd., CN=Razer USA Ltd.
-      ValidFrom: '2016-02-10 00:00:00'
-      ValidTo: '2019-02-07 23:59:59'
-      Signature: 06b8b8ab165538f61a5033c866556c0dd5e0f3ccc78633965b7feb8b012f312c40d09a3916370efd6a1747fa6c39c0de0be5226f7de748d11854a396dfcdfb31bdf572c2fa2561204ea01d2a076a197f89b7cb084d4cdd2c788195309cd507be6847667b2c00b74d94f53291c03201e23c363928968cbe4596649a671458d82001d22205c3d4f6beb5405247d9ad1ad832c12a96e7e557426d8fc85b0069b512354557b7e2124305c0171df610bea39f8dabb973e3fec041fbce781db485d88fa826f74f0e0810e62b63615404c2daeaa354fa3c73baafcd5daca7146f3afee8c30cb257f6b25843c5df2317c1d05a619e86e843c081169e0dfd5036cd19f9ef
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 1834b81889070312b5c4ca72ea419a5e
-      Version: 3
-      TBS:
-        MD5: 966e59fada7c527111ba61f0cafcb355
-        SHA1: d72efbe2c9127b91fffcfa0825dc16c9f7580e44
-        SHA256: 506eaba716a689df7e0bb57b6f41afea02cce8c4af4d2392e96bd2e1bf483528
-        SHA384: 0edb1fa0ccc2600fcd37358eb158fae5b72cc13fd3ff6cd0518aa6c780377dd5a7e39145784d4b9c595f163be613f2f1
-    - Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 SHA256 Code Signing CA
-      ValidFrom: '2013-12-10 00:00:00'
-      ValidTo: '2023-12-09 23:59:59'
-      Signature: 13851a1e69a937f7a0bda4af7e1d6153fe9d8c5e0ca6751e781723ddfdec1a035539fb7195c7655aa78e30d2445a61db706fda2105c22e73ba49f1d193fe5dc9cd5e03e0899e3f741ed7f7388ba9d6cfbb352f3358a89256d1c84d3b82e6798416fc28b0b147f31da23eee87d9a67fa456a53fad842e29de7cbca8aaa33d0401eaba93a20e502229174c87e43a115fd6a425899b056b2fb4c9014c277b0bac190522a060153fdac9fb4d4c8ffb726777fd2794c7ba350e8849fe8dfd28af4a12bd0db39705de440c15fa362b03dcc15001f1a1115d14e5e2bd274b54be2b845e0fa6c374050aef97c38922b11f77f3bdcd43d4f14ca93fb58b84af64f2d01421
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 3d78d7f9764960b2617df4f01eca862a
-      Version: 3
-      TBS:
-        MD5: 1f056ff7d5f874984dc605402b7cb042
-        SHA1: bdb348353a2203deb4b767914fa1bd7248dd728b
-        SHA256: a08e79c386083d875014c409c13d144e0a24386132980df11ff59737c8489eb1
-        SHA384: fa2729064b49e0d77540c1ee95d5f74acaf8eaf55197851a3a40383335f8113e51190bc48b552196edf8ac5cf0c89278
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    Signer:
-    - SerialNumber: 1834b81889070312b5c4ca72ea419a5e
-      Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 SHA256 Code Signing CA
-      Version: 1
-  Imphash: 5192bc7311bdeb1f3977bdc0d2e943e4
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 870f5888401c299ad7b0cacabd53edc2
-    SHA1: fb21a2be31b336ac5da2f69c93c4ff4f8fe30a42
-    SHA256: def61560c0650717cb1da923f0d674b363b8f2051247719b34f06744bbb79000
-  Company: Razer, Inc.
-  Copyright: Copyright (C) 2010-2014
-  CreationTimestamp: '2015-09-16 18:15:26'
-  Date: ''
-  Description: Razer Overlay Support
-  ExportedFunctions: ''
-  FileVersion: 1.0.12.7465
-  Filename: ''
-  ImportedFunctions:
-  - IoAcquireCancelSpinLock
-  - IoReleaseCancelSpinLock
-  - ObReferenceObjectByHandle
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - KeAcquireGuardedMutex
-  - KeReleaseGuardedMutex
-  - RtlInitUnicodeString
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - PoStartNextPowerIrp
-  - IoDeleteDevice
-  - KeInitializeEvent
-  - PsSetCreateProcessNotifyRoutine
-  - PsSetCreateThreadNotifyRoutine
-  - PsRemoveCreateThreadNotifyRoutine
-  - ZwSetEvent
-  - _wcslwr
-  - wcsstr
-  - ZwClose
-  - KeSetEvent
-  - ZwWaitForSingleObject
-  - _purecall
-  - KeGetCurrentThread
-  - sprintf
-  - _vsnprintf
-  - swprintf
-  - PsLookupProcessByProcessId
-  - PsReferencePrimaryToken
-  - SeQueryInformationToken
-  - RtlLengthRequiredSid
-  - RtlInitializeSid
-  - RtlSubAuthoritySid
-  - RtlEqualSid
-  - PsDereferencePrimaryToken
-  - MmGetSystemRoutineAddress
-  - MmIsAddressValid
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - wcsrchr
-  - ZwOpenProcess
-  - PsLookupThreadByThreadId
-  - ObOpenObjectByPointer
-  - PsThreadType
-  - ZwCreateEvent
-  - PsGetCurrentProcessId
-  - ZwMapViewOfSection
-  - KeTickCount
-  - KeBugCheckEx
-  - ObfDereferenceObject
-  - IofCompleteRequest
-  - memcpy
-  - memset
-  - RtlUnwind
-  - KfAcquireSpinLock
-  - ExReleaseFastMutex
-  - ExAcquireFastMutex
-  - KfReleaseSpinLock
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: Rzpnk
-  MD5: 05a6f843c43d75fbce8e885bb8656aa4
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: Rzpnk.sys
-  PDBPath: ''
-  Product: Rzpnk
-  ProductVersion: 1.0.12.7465
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: c723c2141747136a803cc8d5df9b0e9c
-    SHA1: ab3959e0fa2376ebca63456374e4454a4d711ec1
-    SHA256: 4d91707d4f7a8f5cbedd69ff24b76a642fe430fa85657e0622340935b9806df5
-  SHA1: d72de7e8f0118153dd5cf784f724e725865fc523
-  SHA256: e77786b21dbe73e9619ac9aac5e7e92989333d559aa22b4b65c97f0a42ff2e21
-  Sections:
-    .text:
-      Entropy: 6.147790168427177
-      Virtual Size: '0x3820'
-    .rdata:
-      Entropy: 0.7852972442434865
-      Virtual Size: '0x8b54'
-    .data:
-      Entropy: 0.16801126406945746
-      Virtual Size: '0x308'
-    PAGE:
-      Entropy: 4.462463850935407
-      Virtual Size: '0x69'
-    INIT:
-      Entropy: 5.522612592290352
-      Virtual Size: '0x638'
-    .rsrc:
-      Entropy: 3.3171115841441816
-      Virtual Size: '0x328'
-    .reloc:
-      Entropy: 6.493689021459392
-      Virtual Size: '0x3ec'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=KY, ST=Cayman Islands, L=George Town, O=Razer Inc., OU=Digital ID
-        Class 3 , Microsoft Software Validation v2, CN=Razer Inc.
-      ValidFrom: '2013-09-13 00:00:00'
-      ValidTo: '2016-08-02 23:59:59'
-      Signature: 7fed5fa5da7959a757624348c39cb82555cbfa8fef504c4f9240c1832d551fa464a0f36ce293c269028849708ded45320d843e52e6e0a5c45d4c048f1c61db7831aa29bee4524cf538db8d5e3e810af96c8a2b4e85c17e6c6eefe399d57722554303e99d8b81d546bc42f89165b7c44efba44b0d073ed1d1fcae1b17e61a8e3995b5c61e33bf7c0c4d540ab2b925bcb7141159fa8095912ecccf2ad734a6362981e0248b1765df2a8815904dddf5817d76a2f493fb505624e2cd4341a39d40a3a0247a9886642d4f2f87d768efb8f08f89192eef8b635d8b76f97a3e84dfb4f05e6b1d16adc6101b7b2869aa277f886be34571d4f3af59744d4132bf2e694dc4
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 4e4563adead3fedac7bd44ec5c590577
-      Version: 3
-      TBS:
-        MD5: 62e336c644b79eb95f869025a59a0814
-        SHA1: a2f3feca99242c7df87dbe3676a64c4dba12b76b
-        SHA256: 3b43e76a05117b0ee9c87f7b98005a1a4b804d633660c8e3a43d342ba9184e1b
-        SHA384: 06fa6279fc3c74eade44518adb2b1c269e30736e11ff02f8e3b1f4a3e55a9f0b07ec215f9654d579c25c90627809182c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 4e4563adead3fedac7bd44ec5c590577
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: cc335217d6f7ab7a53dcfa55cbda5fb0
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 049d38cee6bf9975ca33274d57bb4666
-    SHA1: 1d96772942225757522ddd38d52e9616089377b2
-    SHA256: fec1c641c7151e931aeb0d1ac59a97d6d3b486c482c1df8794e6424e75e6da1a
-  Company: Razer, Inc.
-  Copyright: Copyright (C) 2010-2014
-  CreationTimestamp: '2014-10-17 13:38:10'
-  Date: ''
-  Description: Razer Overlay Support
-  ExportedFunctions: ''
-  FileVersion: 1.0.12.3137
-  Filename: ''
-  ImportedFunctions:
-  - IofCompleteRequest
-  - ObfDereferenceObject
-  - ObfReferenceObject
-  - KeClearEvent
-  - KeWaitForSingleObject
-  - IoAcquireCancelSpinLock
-  - IoReleaseCancelSpinLock
-  - ObReferenceObjectByHandle
-  - ExEventObjectType
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - ExAcquireFastMutex
-  - ExReleaseFastMutex
-  - KeAcquireGuardedMutex
-  - KeReleaseGuardedMutex
-  - KeAcquireSpinLockRaiseToDpc
-  - KeReleaseSpinLock
-  - RtlInitUnicodeString
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - PoStartNextPowerIrp
-  - ZwLoadDriver
-  - IoGetDeviceObjectPointer
-  - ZwUnloadDriver
-  - IoAttachDeviceToDeviceStack
-  - IoDeleteDevice
-  - KeInitializeEvent
-  - IofCallDriver
-  - PoCallDriver
-  - PsSetCreateProcessNotifyRoutine
-  - PsSetCreateThreadNotifyRoutine
-  - PsRemoveCreateThreadNotifyRoutine
-  - ZwSetEvent
-  - _wcslwr
-  - wcsstr
-  - ZwClose
-  - KeSetEvent
-  - ZwWaitForSingleObject
-  - _purecall
-  - sprintf
-  - _vsnprintf
-  - DbgPrint
-  - swprintf
-  - KeInitializeGuardedMutex
-  - PsLookupProcessByProcessId
-  - PsReferencePrimaryToken
-  - SeQueryInformationToken
-  - RtlLengthRequiredSid
-  - RtlInitializeSid
-  - RtlSubAuthoritySid
-  - RtlEqualSid
-  - PsDereferencePrimaryToken
-  - MmGetSystemRoutineAddress
-  - MmIsAddressValid
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - wcsrchr
-  - ZwOpenProcess
-  - PsLookupThreadByThreadId
-  - ObOpenObjectByPointer
-  - PsThreadType
-  - ZwCreateEvent
-  - PsGetCurrentProcessId
-  - RtlInitString
-  - RtlCompareString
-  - KeBugCheckEx
-  - __C_specific_handler
-  Imports:
-  - ntoskrnl.exe
-  InternalName: Rzpnk
-  MD5: fef60a37301e1f5a3020fa3487fb2cd7
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: Rzpnk.sys
-  PDBPath: ''
-  Product: Rzpnk
-  ProductVersion: 1.0.12.3137
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 6f46839d81ff1d1b3e509d134f95c5a9
-    SHA1: 987e1f687c75f4e3bd6377359b2ed6b71e16b88e
-    SHA256: 011d63cf6e09f148f628424ead77cac9969f196a4bb773e8fbd60ab9b41d8c93
-  SHA1: 838823f25436cadc9a145ddac076dce3e0b84d96
-  SHA256: 0c925468c3376458d0e1ec65e097bd1a81a03901035c0195e8f6ef904ef3f901
-  Sections:
-    .text:
-      Entropy: 6.001395877605703
-      Virtual Size: '0x7400'
-    .rdata:
-      Entropy: 2.0228543552827074
-      Virtual Size: '0x13f5c'
-    .data:
-      Entropy: 4.883228407116594
-      Virtual Size: '0x84c'
-    .pdata:
-      Entropy: 4.8259775115408505
-      Virtual Size: '0xcfc'
-    PAGE:
-      Entropy: 4.375632893012098
-      Virtual Size: '0x87'
-    INIT:
-      Entropy: 5.328254520489819
-      Virtual Size: '0x866'
-    .rsrc:
-      Entropy: 3.312676704326444
-      Virtual Size: '0x328'
-    .reloc:
-      Entropy: 2.1502919023967038
-      Virtual Size: '0x1a4'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=KY, ST=Cayman Islands, L=George Town, O=Razer Inc., OU=Digital ID
-        Class 3 , Microsoft Software Validation v2, CN=Razer Inc.
-      ValidFrom: '2013-09-13 00:00:00'
-      ValidTo: '2016-08-02 23:59:59'
-      Signature: 7fed5fa5da7959a757624348c39cb82555cbfa8fef504c4f9240c1832d551fa464a0f36ce293c269028849708ded45320d843e52e6e0a5c45d4c048f1c61db7831aa29bee4524cf538db8d5e3e810af96c8a2b4e85c17e6c6eefe399d57722554303e99d8b81d546bc42f89165b7c44efba44b0d073ed1d1fcae1b17e61a8e3995b5c61e33bf7c0c4d540ab2b925bcb7141159fa8095912ecccf2ad734a6362981e0248b1765df2a8815904dddf5817d76a2f493fb505624e2cd4341a39d40a3a0247a9886642d4f2f87d768efb8f08f89192eef8b635d8b76f97a3e84dfb4f05e6b1d16adc6101b7b2869aa277f886be34571d4f3af59744d4132bf2e694dc4
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 4e4563adead3fedac7bd44ec5c590577
-      Version: 3
-      TBS:
-        MD5: 62e336c644b79eb95f869025a59a0814
-        SHA1: a2f3feca99242c7df87dbe3676a64c4dba12b76b
-        SHA256: 3b43e76a05117b0ee9c87f7b98005a1a4b804d633660c8e3a43d342ba9184e1b
-        SHA384: 06fa6279fc3c74eade44518adb2b1c269e30736e11ff02f8e3b1f4a3e55a9f0b07ec215f9654d579c25c90627809182c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 4e4563adead3fedac7bd44ec5c590577
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: dd7c5c0c762169d40ee01280e4ac74fc
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 64c80e12a495fb117c5db8f0ab70dc91
-    SHA1: 39c687c1c70ea61e122ef145364fa123ddeb3383
-    SHA256: 3e28142ad02a1ac63ab86f97834321f30bb28e19d5c997bb0a13807ddb414c0e
-  Company: Razer, Inc.
-  Copyright: Copyright (C) 2010-2017. Razer, Inc.
-  CreationTimestamp: '2017-09-20 16:35:30'
-  Date: ''
-  Description: Razer Overlay Support
-  ExportedFunctions: ''
-  FileVersion: 1.0.12.10177
-  Filename: ''
-  ImportedFunctions:
-  - IofCompleteRequest
-  - ObfDereferenceObject
-  - ObfReferenceObject
-  - KeClearEvent
-  - KeWaitForSingleObject
-  - IoAcquireCancelSpinLock
-  - IoReleaseCancelSpinLock
-  - ObReferenceObjectByHandle
-  - ExEventObjectType
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - ExAcquireFastMutex
-  - ExReleaseFastMutex
-  - KeAcquireGuardedMutex
-  - KeReleaseGuardedMutex
-  - KeAcquireSpinLockRaiseToDpc
-  - KeReleaseSpinLock
-  - RtlInitUnicodeString
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - PsGetCurrentProcessId
-  - _wcslwr
-  - wcsstr
-  - PoStartNextPowerIrp
-  - ZwLoadDriver
-  - IoGetDeviceObjectPointer
-  - ZwUnloadDriver
-  - IoAttachDeviceToDeviceStack
-  - IoDeleteDevice
-  - KeInitializeEvent
-  - IofCallDriver
-  - PoCallDriver
-  - PsSetCreateProcessNotifyRoutine
-  - PsSetCreateThreadNotifyRoutine
-  - PsRemoveCreateThreadNotifyRoutine
-  - ZwSetEvent
-  - ZwClose
-  - KeSetEvent
-  - ZwWaitForSingleObject
-  - _purecall
-  - sprintf
-  - _vsnprintf
-  - DbgPrint
-  - swprintf
-  - KeInitializeGuardedMutex
-  - PsLookupProcessByProcessId
-  - PsReferencePrimaryToken
-  - SeQueryInformationToken
-  - RtlLengthRequiredSid
-  - RtlInitializeSid
-  - RtlSubAuthoritySid
-  - RtlEqualSid
-  - PsDereferencePrimaryToken
-  - MmGetSystemRoutineAddress
-  - MmIsAddressValid
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - wcsrchr
-  - ZwOpenProcess
-  - PsLookupThreadByThreadId
-  - ObOpenObjectByPointer
-  - PsThreadType
-  - ZwCreateEvent
-  - RtlInitString
-  - RtlCompareString
-  - ZwMapViewOfSection
-  - ZwOpenProcessTokenEx
-  - ZwQueryInformationToken
-  - RtlSubAuthorityCountSid
-  - KeBugCheckEx
-  - __C_specific_handler
-  Imports:
-  - ntoskrnl.exe
-  InternalName: Rzpnk
-  MD5: 6846c2035b4c56b488d2ce2c69a57261
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: Rzpnk.sys
-  PDBPath: ''
-  Product: Rzpnk
-  ProductVersion: 1.0.12.10177
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: ce0bfa21df06f7d3067953da829fe299
-    SHA1: 49f5fdf333898858dd7297603f3b2347a01e777d
-    SHA256: c059cad135868369281fd57e51cf8d64ac50e012ce54e3efb9321d8b519bd2dd
-  SHA1: e41808b022656befb7dc42bbeceaf867e2fec6b2
-  SHA256: 0b547368c03e0a584ae3c5e62af3728426c68b316a15f3290316844d193ad182
-  Sections:
-    .text:
-      Entropy: 6.029574446422592
-      Virtual Size: '0x7a9e'
-    .rdata:
-      Entropy: 2.166400944027784
-      Virtual Size: '0x145cc'
-    .data:
-      Entropy: 0.15812764646865457
-      Virtual Size: '0x3e4'
-    .pdata:
-      Entropy: 4.867440310144845
-      Virtual Size: '0xcf0'
-    PAGE:
-      Entropy: 4.405262522641727
-      Virtual Size: '0x87'
-    INIT:
-      Entropy: 5.35429740385259
-      Virtual Size: '0x8e8'
-    .rsrc:
-      Entropy: 3.3372398450648846
-      Virtual Size: '0x348'
-    .reloc:
-      Entropy: 4.323516902746281
-      Virtual Size: '0x8c'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=California, L=Irvine, O=Razer USA Ltd., CN=Razer USA Ltd.
-      ValidFrom: '2016-02-10 00:00:00'
-      ValidTo: '2019-02-07 23:59:59'
-      Signature: 06b8b8ab165538f61a5033c866556c0dd5e0f3ccc78633965b7feb8b012f312c40d09a3916370efd6a1747fa6c39c0de0be5226f7de748d11854a396dfcdfb31bdf572c2fa2561204ea01d2a076a197f89b7cb084d4cdd2c788195309cd507be6847667b2c00b74d94f53291c03201e23c363928968cbe4596649a671458d82001d22205c3d4f6beb5405247d9ad1ad832c12a96e7e557426d8fc85b0069b512354557b7e2124305c0171df610bea39f8dabb973e3fec041fbce781db485d88fa826f74f0e0810e62b63615404c2daeaa354fa3c73baafcd5daca7146f3afee8c30cb257f6b25843c5df2317c1d05a619e86e843c081169e0dfd5036cd19f9ef
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 1834b81889070312b5c4ca72ea419a5e
-      Version: 3
-      TBS:
-        MD5: 966e59fada7c527111ba61f0cafcb355
-        SHA1: d72efbe2c9127b91fffcfa0825dc16c9f7580e44
-        SHA256: 506eaba716a689df7e0bb57b6f41afea02cce8c4af4d2392e96bd2e1bf483528
-        SHA384: 0edb1fa0ccc2600fcd37358eb158fae5b72cc13fd3ff6cd0518aa6c780377dd5a7e39145784d4b9c595f163be613f2f1
-    - Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 SHA256 Code Signing CA
-      ValidFrom: '2013-12-10 00:00:00'
-      ValidTo: '2023-12-09 23:59:59'
-      Signature: 13851a1e69a937f7a0bda4af7e1d6153fe9d8c5e0ca6751e781723ddfdec1a035539fb7195c7655aa78e30d2445a61db706fda2105c22e73ba49f1d193fe5dc9cd5e03e0899e3f741ed7f7388ba9d6cfbb352f3358a89256d1c84d3b82e6798416fc28b0b147f31da23eee87d9a67fa456a53fad842e29de7cbca8aaa33d0401eaba93a20e502229174c87e43a115fd6a425899b056b2fb4c9014c277b0bac190522a060153fdac9fb4d4c8ffb726777fd2794c7ba350e8849fe8dfd28af4a12bd0db39705de440c15fa362b03dcc15001f1a1115d14e5e2bd274b54be2b845e0fa6c374050aef97c38922b11f77f3bdcd43d4f14ca93fb58b84af64f2d01421
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 3d78d7f9764960b2617df4f01eca862a
-      Version: 3
-      TBS:
-        MD5: 1f056ff7d5f874984dc605402b7cb042
-        SHA1: bdb348353a2203deb4b767914fa1bd7248dd728b
-        SHA256: a08e79c386083d875014c409c13d144e0a24386132980df11ff59737c8489eb1
-        SHA384: fa2729064b49e0d77540c1ee95d5f74acaf8eaf55197851a3a40383335f8113e51190bc48b552196edf8ac5cf0c89278
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    Signer:
-    - SerialNumber: 1834b81889070312b5c4ca72ea419a5e
-      Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 SHA256 Code Signing CA
-      Version: 1
-  Imphash: 74081c86ad3e9771011f162c107927de
-  LoadsDespiteHVCI: 'FALSE'
-MitreID: T1068
+    Command: sc.exe create rzpnk.sys binPath=C:\windows\temp\rzpnk.sys type=kernel
+        && sc.exe start rzpnk.sys
+    Description: A vulnerability exists in the latest version of Razer Synapse (v2.20.15.1104
+        as of the day of disclosure) which can be leveraged locally by a malicious
+        application to elevate its privileges to those of NT_AUTHORITY\SYSTEM. The
+        vulnerability lies in a specific IOCTL handler in the rzpnk.sys driver that
+        passes a PID specified by the user to ZwOpenProcess. CVE-2017-9769.
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://github.com/nomi-sec/PoC-in-GitHub/blob/2a85c15ed806287861a7adec6545c85aec618e3b/2017/CVE-2017-9769.json#L13
 - https://www.rapid7.com/db/modules/exploit/windows/local/razer_zwopenprocess/
-Tags:
-- rzpnk.sys
-Verified: 'TRUE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/93d873cdf23d5edc622b74f9544cac7fe247d7a68e1e2a7bf2879fad97a3ae63.yara
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 76934be6e996e801ea4d68c504d427c3
+        SHA1: b2e03d9e602a6026f45c08b686c6810abd43bfac
+        SHA256: 982ad43111d8b7a7900df652c8873eeb6aa485bb429dee6c2ad44acf598bb5e6
+    Company: Razer, Inc.
+    Copyright: Copyright (C) 2010-2017. Razer, Inc.
+    CreationTimestamp: '2017-07-16 13:10:48'
+    Date: ''
+    Description: Razer Overlay Support
+    ExportedFunctions: ''
+    FileVersion: 1.0.12.10155
+    Filename: rzpnk.sys
+    ImportedFunctions:
+    - IoAcquireCancelSpinLock
+    - IoReleaseCancelSpinLock
+    - ObReferenceObjectByHandle
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - KeAcquireGuardedMutex
+    - KeReleaseGuardedMutex
+    - RtlInitUnicodeString
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - PoStartNextPowerIrp
+    - IoDeleteDevice
+    - KeInitializeEvent
+    - PsSetCreateProcessNotifyRoutine
+    - PsSetCreateThreadNotifyRoutine
+    - PsRemoveCreateThreadNotifyRoutine
+    - ZwSetEvent
+    - _wcslwr
+    - wcsstr
+    - ZwClose
+    - KeSetEvent
+    - ZwWaitForSingleObject
+    - _purecall
+    - KeGetCurrentThread
+    - _vsnprintf
+    - swprintf
+    - PsLookupProcessByProcessId
+    - PsReferencePrimaryToken
+    - SeQueryInformationToken
+    - RtlLengthRequiredSid
+    - RtlInitializeSid
+    - RtlSubAuthoritySid
+    - RtlEqualSid
+    - PsDereferencePrimaryToken
+    - MmGetSystemRoutineAddress
+    - MmIsAddressValid
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - wcsrchr
+    - ZwOpenProcess
+    - PsLookupThreadByThreadId
+    - ObOpenObjectByPointer
+    - PsThreadType
+    - ZwCreateEvent
+    - PsGetCurrentProcessId
+    - ZwOpenProcessTokenEx
+    - ZwQueryInformationToken
+    - RtlSubAuthorityCountSid
+    - KeTickCount
+    - KeBugCheckEx
+    - ObfDereferenceObject
+    - sprintf
+    - IofCompleteRequest
+    - memcpy
+    - memset
+    - RtlUnwind
+    - KfAcquireSpinLock
+    - ExReleaseFastMutex
+    - ExAcquireFastMutex
+    - KfReleaseSpinLock
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: Rzpnk
+    MD5: 4cc3ddd5ae268d9a154a426af2c23ef9
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: Rzpnk.sys
+    Product: Rzpnk
+    ProductVersion: 1.0.12.10155
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 4a9a353a14ee7f23eb41b8a45b487e20
+        SHA1: 6c6a81d70919694d3abe35859966f0d320d0b3a3
+        SHA256: 89faf986a8af825587e8da0861c420dad1d83ce6bb17589fd1d397352352159c
+    SHA1: 684786de4b3b3f53816eae9df5f943a22c89601f
+    SHA256: 93d873cdf23d5edc622b74f9544cac7fe247d7a68e1e2a7bf2879fad97a3ae63
+    Sections:
+        .text:
+            Entropy: 6.13737056754944
+            Virtual Size: '0x3870'
+        .rdata:
+            Entropy: 0.7745929346692745
+            Virtual Size: '0x8b34'
+        .data:
+            Entropy: 0.16801126406945746
+            Virtual Size: '0x308'
+        PAGE:
+            Entropy: 4.500559089030644
+            Virtual Size: '0x69'
+        INIT:
+            Entropy: 5.53827735746872
+            Virtual Size: '0x676'
+        .rsrc:
+            Entropy: 3.335903976976208
+            Virtual Size: '0x348'
+        .reloc:
+            Entropy: 6.523525927018517
+            Virtual Size: '0x3dc'
+    Signature:
+    - Razer USA Ltd.
+    - Symantec Class 3 SHA256 Code Signing CA
+    - VeriSign
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=California, L=Irvine, O=Razer USA Ltd., CN=Razer USA
+                Ltd.
+            ValidFrom: '2016-02-10 00:00:00'
+            ValidTo: '2019-02-07 23:59:59'
+            Signature: 06b8b8ab165538f61a5033c866556c0dd5e0f3ccc78633965b7feb8b012f312c40d09a3916370efd6a1747fa6c39c0de0be5226f7de748d11854a396dfcdfb31bdf572c2fa2561204ea01d2a076a197f89b7cb084d4cdd2c788195309cd507be6847667b2c00b74d94f53291c03201e23c363928968cbe4596649a671458d82001d22205c3d4f6beb5405247d9ad1ad832c12a96e7e557426d8fc85b0069b512354557b7e2124305c0171df610bea39f8dabb973e3fec041fbce781db485d88fa826f74f0e0810e62b63615404c2daeaa354fa3c73baafcd5daca7146f3afee8c30cb257f6b25843c5df2317c1d05a619e86e843c081169e0dfd5036cd19f9ef
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 1834b81889070312b5c4ca72ea419a5e
+            Version: 3
+            TBS:
+                MD5: 966e59fada7c527111ba61f0cafcb355
+                SHA1: d72efbe2c9127b91fffcfa0825dc16c9f7580e44
+                SHA256: 506eaba716a689df7e0bb57b6f41afea02cce8c4af4d2392e96bd2e1bf483528
+                SHA384: 0edb1fa0ccc2600fcd37358eb158fae5b72cc13fd3ff6cd0518aa6c780377dd5a7e39145784d4b9c595f163be613f2f1
+        -   Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 SHA256 Code Signing CA
+            ValidFrom: '2013-12-10 00:00:00'
+            ValidTo: '2023-12-09 23:59:59'
+            Signature: 13851a1e69a937f7a0bda4af7e1d6153fe9d8c5e0ca6751e781723ddfdec1a035539fb7195c7655aa78e30d2445a61db706fda2105c22e73ba49f1d193fe5dc9cd5e03e0899e3f741ed7f7388ba9d6cfbb352f3358a89256d1c84d3b82e6798416fc28b0b147f31da23eee87d9a67fa456a53fad842e29de7cbca8aaa33d0401eaba93a20e502229174c87e43a115fd6a425899b056b2fb4c9014c277b0bac190522a060153fdac9fb4d4c8ffb726777fd2794c7ba350e8849fe8dfd28af4a12bd0db39705de440c15fa362b03dcc15001f1a1115d14e5e2bd274b54be2b845e0fa6c374050aef97c38922b11f77f3bdcd43d4f14ca93fb58b84af64f2d01421
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 3d78d7f9764960b2617df4f01eca862a
+            Version: 3
+            TBS:
+                MD5: 1f056ff7d5f874984dc605402b7cb042
+                SHA1: bdb348353a2203deb4b767914fa1bd7248dd728b
+                SHA256: a08e79c386083d875014c409c13d144e0a24386132980df11ff59737c8489eb1
+                SHA384: fa2729064b49e0d77540c1ee95d5f74acaf8eaf55197851a3a40383335f8113e51190bc48b552196edf8ac5cf0c89278
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        Signer:
+        -   SerialNumber: 1834b81889070312b5c4ca72ea419a5e
+            Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 SHA256 Code Signing CA
+            Version: 1
+    Imphash: 700a9350ac8b218ab9fc62cf25337ad3
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 76934be6e996e801ea4d68c504d427c3
+        SHA1: b2e03d9e602a6026f45c08b686c6810abd43bfac
+        SHA256: 982ad43111d8b7a7900df652c8873eeb6aa485bb429dee6c2ad44acf598bb5e6
+    Company: Razer, Inc.
+    Copyright: Copyright (C) 2010-2017. Razer, Inc.
+    CreationTimestamp: '2017-07-16 13:10:48'
+    Date: ''
+    Description: Razer Overlay Support
+    ExportedFunctions: ''
+    FileVersion: 1.0.12.10155
+    Filename: ''
+    ImportedFunctions:
+    - IoAcquireCancelSpinLock
+    - IoReleaseCancelSpinLock
+    - ObReferenceObjectByHandle
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - KeAcquireGuardedMutex
+    - KeReleaseGuardedMutex
+    - RtlInitUnicodeString
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - PoStartNextPowerIrp
+    - IoDeleteDevice
+    - KeInitializeEvent
+    - PsSetCreateProcessNotifyRoutine
+    - PsSetCreateThreadNotifyRoutine
+    - PsRemoveCreateThreadNotifyRoutine
+    - ZwSetEvent
+    - _wcslwr
+    - wcsstr
+    - ZwClose
+    - KeSetEvent
+    - ZwWaitForSingleObject
+    - _purecall
+    - KeGetCurrentThread
+    - _vsnprintf
+    - swprintf
+    - PsLookupProcessByProcessId
+    - PsReferencePrimaryToken
+    - SeQueryInformationToken
+    - RtlLengthRequiredSid
+    - RtlInitializeSid
+    - RtlSubAuthoritySid
+    - RtlEqualSid
+    - PsDereferencePrimaryToken
+    - MmGetSystemRoutineAddress
+    - MmIsAddressValid
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - wcsrchr
+    - ZwOpenProcess
+    - PsLookupThreadByThreadId
+    - ObOpenObjectByPointer
+    - PsThreadType
+    - ZwCreateEvent
+    - PsGetCurrentProcessId
+    - ZwOpenProcessTokenEx
+    - ZwQueryInformationToken
+    - RtlSubAuthorityCountSid
+    - KeTickCount
+    - KeBugCheckEx
+    - ObfDereferenceObject
+    - sprintf
+    - IofCompleteRequest
+    - memcpy
+    - memset
+    - RtlUnwind
+    - KfAcquireSpinLock
+    - ExReleaseFastMutex
+    - ExAcquireFastMutex
+    - KfReleaseSpinLock
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: Rzpnk
+    MD5: 2e7d824a49d731da9fc96262a29c85ce
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: Rzpnk.sys
+    PDBPath: ''
+    Product: Rzpnk
+    ProductVersion: 1.0.12.10155
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 4a9a353a14ee7f23eb41b8a45b487e20
+        SHA1: 6c6a81d70919694d3abe35859966f0d320d0b3a3
+        SHA256: 89faf986a8af825587e8da0861c420dad1d83ce6bb17589fd1d397352352159c
+    SHA1: a4e2e227f984f344d48f4bf088ca9d020c63db4e
+    SHA256: 2665d3127ddd9411af38a255787a4e2483d720aa021be8d6418e071da52ed266
+    Sections:
+        .text:
+            Entropy: 6.13737056754944
+            Virtual Size: '0x3870'
+        .rdata:
+            Entropy: 0.7745929346692745
+            Virtual Size: '0x8b34'
+        .data:
+            Entropy: 0.16801126406945746
+            Virtual Size: '0x308'
+        PAGE:
+            Entropy: 4.500559089030644
+            Virtual Size: '0x69'
+        INIT:
+            Entropy: 5.53827735746872
+            Virtual Size: '0x676'
+        .rsrc:
+            Entropy: 3.335903976976208
+            Virtual Size: '0x348'
+        .reloc:
+            Entropy: 6.523525927018517
+            Virtual Size: '0x3dc'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=California, L=Irvine, O=Razer USA Ltd., CN=Razer USA
+                Ltd.
+            ValidFrom: '2016-02-10 00:00:00'
+            ValidTo: '2019-02-07 23:59:59'
+            Signature: 06b8b8ab165538f61a5033c866556c0dd5e0f3ccc78633965b7feb8b012f312c40d09a3916370efd6a1747fa6c39c0de0be5226f7de748d11854a396dfcdfb31bdf572c2fa2561204ea01d2a076a197f89b7cb084d4cdd2c788195309cd507be6847667b2c00b74d94f53291c03201e23c363928968cbe4596649a671458d82001d22205c3d4f6beb5405247d9ad1ad832c12a96e7e557426d8fc85b0069b512354557b7e2124305c0171df610bea39f8dabb973e3fec041fbce781db485d88fa826f74f0e0810e62b63615404c2daeaa354fa3c73baafcd5daca7146f3afee8c30cb257f6b25843c5df2317c1d05a619e86e843c081169e0dfd5036cd19f9ef
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 1834b81889070312b5c4ca72ea419a5e
+            Version: 3
+            TBS:
+                MD5: 966e59fada7c527111ba61f0cafcb355
+                SHA1: d72efbe2c9127b91fffcfa0825dc16c9f7580e44
+                SHA256: 506eaba716a689df7e0bb57b6f41afea02cce8c4af4d2392e96bd2e1bf483528
+                SHA384: 0edb1fa0ccc2600fcd37358eb158fae5b72cc13fd3ff6cd0518aa6c780377dd5a7e39145784d4b9c595f163be613f2f1
+        -   Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 SHA256 Code Signing CA
+            ValidFrom: '2013-12-10 00:00:00'
+            ValidTo: '2023-12-09 23:59:59'
+            Signature: 13851a1e69a937f7a0bda4af7e1d6153fe9d8c5e0ca6751e781723ddfdec1a035539fb7195c7655aa78e30d2445a61db706fda2105c22e73ba49f1d193fe5dc9cd5e03e0899e3f741ed7f7388ba9d6cfbb352f3358a89256d1c84d3b82e6798416fc28b0b147f31da23eee87d9a67fa456a53fad842e29de7cbca8aaa33d0401eaba93a20e502229174c87e43a115fd6a425899b056b2fb4c9014c277b0bac190522a060153fdac9fb4d4c8ffb726777fd2794c7ba350e8849fe8dfd28af4a12bd0db39705de440c15fa362b03dcc15001f1a1115d14e5e2bd274b54be2b845e0fa6c374050aef97c38922b11f77f3bdcd43d4f14ca93fb58b84af64f2d01421
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 3d78d7f9764960b2617df4f01eca862a
+            Version: 3
+            TBS:
+                MD5: 1f056ff7d5f874984dc605402b7cb042
+                SHA1: bdb348353a2203deb4b767914fa1bd7248dd728b
+                SHA256: a08e79c386083d875014c409c13d144e0a24386132980df11ff59737c8489eb1
+                SHA384: fa2729064b49e0d77540c1ee95d5f74acaf8eaf55197851a3a40383335f8113e51190bc48b552196edf8ac5cf0c89278
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        Signer:
+        -   SerialNumber: 1834b81889070312b5c4ca72ea419a5e
+            Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 SHA256 Code Signing CA
+            Version: 1
+    Imphash: 700a9350ac8b218ab9fc62cf25337ad3
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 64c80e12a495fb117c5db8f0ab70dc91
+        SHA1: 39c687c1c70ea61e122ef145364fa123ddeb3383
+        SHA256: 3e28142ad02a1ac63ab86f97834321f30bb28e19d5c997bb0a13807ddb414c0e
+    Company: Razer, Inc.
+    Copyright: Copyright (C) 2010-2017. Razer, Inc.
+    CreationTimestamp: '2017-09-20 16:35:30'
+    Date: ''
+    Description: Razer Overlay Support
+    ExportedFunctions: ''
+    FileVersion: 1.0.12.10177
+    Filename: ''
+    ImportedFunctions:
+    - IofCompleteRequest
+    - ObfDereferenceObject
+    - ObfReferenceObject
+    - KeClearEvent
+    - KeWaitForSingleObject
+    - IoAcquireCancelSpinLock
+    - IoReleaseCancelSpinLock
+    - ObReferenceObjectByHandle
+    - ExEventObjectType
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - ExAcquireFastMutex
+    - ExReleaseFastMutex
+    - KeAcquireGuardedMutex
+    - KeReleaseGuardedMutex
+    - KeAcquireSpinLockRaiseToDpc
+    - KeReleaseSpinLock
+    - RtlInitUnicodeString
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - PsGetCurrentProcessId
+    - _wcslwr
+    - wcsstr
+    - PoStartNextPowerIrp
+    - ZwLoadDriver
+    - IoGetDeviceObjectPointer
+    - ZwUnloadDriver
+    - IoAttachDeviceToDeviceStack
+    - IoDeleteDevice
+    - KeInitializeEvent
+    - IofCallDriver
+    - PoCallDriver
+    - PsSetCreateProcessNotifyRoutine
+    - PsSetCreateThreadNotifyRoutine
+    - PsRemoveCreateThreadNotifyRoutine
+    - ZwSetEvent
+    - ZwClose
+    - KeSetEvent
+    - ZwWaitForSingleObject
+    - _purecall
+    - sprintf
+    - _vsnprintf
+    - DbgPrint
+    - swprintf
+    - KeInitializeGuardedMutex
+    - PsLookupProcessByProcessId
+    - PsReferencePrimaryToken
+    - SeQueryInformationToken
+    - RtlLengthRequiredSid
+    - RtlInitializeSid
+    - RtlSubAuthoritySid
+    - RtlEqualSid
+    - PsDereferencePrimaryToken
+    - MmGetSystemRoutineAddress
+    - MmIsAddressValid
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - wcsrchr
+    - ZwOpenProcess
+    - PsLookupThreadByThreadId
+    - ObOpenObjectByPointer
+    - PsThreadType
+    - ZwCreateEvent
+    - RtlInitString
+    - RtlCompareString
+    - ZwMapViewOfSection
+    - ZwOpenProcessTokenEx
+    - ZwQueryInformationToken
+    - RtlSubAuthorityCountSid
+    - KeBugCheckEx
+    - __C_specific_handler
+    Imports:
+    - ntoskrnl.exe
+    InternalName: Rzpnk
+    MD5: 3fda3d414c31ad73efd8ccceeaa3bdc2
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: Rzpnk.sys
+    PDBPath: ''
+    Product: Rzpnk
+    ProductVersion: 1.0.12.10177
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: ce0bfa21df06f7d3067953da829fe299
+        SHA1: 49f5fdf333898858dd7297603f3b2347a01e777d
+        SHA256: c059cad135868369281fd57e51cf8d64ac50e012ce54e3efb9321d8b519bd2dd
+    SHA1: 537923c633d8fc94d9ae45ad9d89e5346f581f17
+    SHA256: f15962354d37089884abba417f58e9dbd521569b4f69037a24a37cfc2a490672
+    Sections:
+        .text:
+            Entropy: 6.029574446422592
+            Virtual Size: '0x7a9e'
+        .rdata:
+            Entropy: 2.166400944027784
+            Virtual Size: '0x145cc'
+        .data:
+            Entropy: 0.15812764646865457
+            Virtual Size: '0x3e4'
+        .pdata:
+            Entropy: 4.867440310144845
+            Virtual Size: '0xcf0'
+        PAGE:
+            Entropy: 4.405262522641727
+            Virtual Size: '0x87'
+        INIT:
+            Entropy: 5.35429740385259
+            Virtual Size: '0x8e8'
+        .rsrc:
+            Entropy: 3.3372398450648846
+            Virtual Size: '0x348'
+        .reloc:
+            Entropy: 4.323516902746281
+            Virtual Size: '0x8c'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=California, L=Irvine, O=Razer USA Ltd., CN=Razer USA
+                Ltd.
+            ValidFrom: '2016-02-10 00:00:00'
+            ValidTo: '2019-02-07 23:59:59'
+            Signature: 06b8b8ab165538f61a5033c866556c0dd5e0f3ccc78633965b7feb8b012f312c40d09a3916370efd6a1747fa6c39c0de0be5226f7de748d11854a396dfcdfb31bdf572c2fa2561204ea01d2a076a197f89b7cb084d4cdd2c788195309cd507be6847667b2c00b74d94f53291c03201e23c363928968cbe4596649a671458d82001d22205c3d4f6beb5405247d9ad1ad832c12a96e7e557426d8fc85b0069b512354557b7e2124305c0171df610bea39f8dabb973e3fec041fbce781db485d88fa826f74f0e0810e62b63615404c2daeaa354fa3c73baafcd5daca7146f3afee8c30cb257f6b25843c5df2317c1d05a619e86e843c081169e0dfd5036cd19f9ef
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 1834b81889070312b5c4ca72ea419a5e
+            Version: 3
+            TBS:
+                MD5: 966e59fada7c527111ba61f0cafcb355
+                SHA1: d72efbe2c9127b91fffcfa0825dc16c9f7580e44
+                SHA256: 506eaba716a689df7e0bb57b6f41afea02cce8c4af4d2392e96bd2e1bf483528
+                SHA384: 0edb1fa0ccc2600fcd37358eb158fae5b72cc13fd3ff6cd0518aa6c780377dd5a7e39145784d4b9c595f163be613f2f1
+        -   Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 SHA256 Code Signing CA
+            ValidFrom: '2013-12-10 00:00:00'
+            ValidTo: '2023-12-09 23:59:59'
+            Signature: 13851a1e69a937f7a0bda4af7e1d6153fe9d8c5e0ca6751e781723ddfdec1a035539fb7195c7655aa78e30d2445a61db706fda2105c22e73ba49f1d193fe5dc9cd5e03e0899e3f741ed7f7388ba9d6cfbb352f3358a89256d1c84d3b82e6798416fc28b0b147f31da23eee87d9a67fa456a53fad842e29de7cbca8aaa33d0401eaba93a20e502229174c87e43a115fd6a425899b056b2fb4c9014c277b0bac190522a060153fdac9fb4d4c8ffb726777fd2794c7ba350e8849fe8dfd28af4a12bd0db39705de440c15fa362b03dcc15001f1a1115d14e5e2bd274b54be2b845e0fa6c374050aef97c38922b11f77f3bdcd43d4f14ca93fb58b84af64f2d01421
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 3d78d7f9764960b2617df4f01eca862a
+            Version: 3
+            TBS:
+                MD5: 1f056ff7d5f874984dc605402b7cb042
+                SHA1: bdb348353a2203deb4b767914fa1bd7248dd728b
+                SHA256: a08e79c386083d875014c409c13d144e0a24386132980df11ff59737c8489eb1
+                SHA384: fa2729064b49e0d77540c1ee95d5f74acaf8eaf55197851a3a40383335f8113e51190bc48b552196edf8ac5cf0c89278
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        Signer:
+        -   SerialNumber: 1834b81889070312b5c4ca72ea419a5e
+            Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 SHA256 Code Signing CA
+            Version: 1
+    Imphash: 74081c86ad3e9771011f162c107927de
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 43ffd546261cc9a839107caae118b47e
+        SHA1: cd5db11f0d5aa7c13242e424463266d9cfd7be44
+        SHA256: 30d737a6da29ad2fe035c0a5f1f7a423a8cd96b8f3dc9885fe95ef3333478dd7
+    Company: Razer, Inc.
+    Copyright: Copyright (C) 2010-2014
+    CreationTimestamp: '2014-10-17 13:36:56'
+    Date: ''
+    Description: Razer Overlay Support
+    ExportedFunctions: ''
+    FileVersion: 1.0.12.3137
+    Filename: ''
+    ImportedFunctions:
+    - IoAcquireCancelSpinLock
+    - IoReleaseCancelSpinLock
+    - ObReferenceObjectByHandle
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - KeAcquireGuardedMutex
+    - KeReleaseGuardedMutex
+    - RtlInitUnicodeString
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - PoStartNextPowerIrp
+    - IoDeleteDevice
+    - KeInitializeEvent
+    - PsSetCreateProcessNotifyRoutine
+    - PsSetCreateThreadNotifyRoutine
+    - PsRemoveCreateThreadNotifyRoutine
+    - ZwSetEvent
+    - _wcslwr
+    - wcsstr
+    - ZwClose
+    - KeSetEvent
+    - ZwWaitForSingleObject
+    - _purecall
+    - KeGetCurrentThread
+    - sprintf
+    - _vsnprintf
+    - swprintf
+    - PsLookupProcessByProcessId
+    - PsReferencePrimaryToken
+    - SeQueryInformationToken
+    - RtlLengthRequiredSid
+    - RtlInitializeSid
+    - RtlSubAuthoritySid
+    - RtlEqualSid
+    - PsDereferencePrimaryToken
+    - MmGetSystemRoutineAddress
+    - MmIsAddressValid
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - wcsrchr
+    - ZwOpenProcess
+    - PsLookupThreadByThreadId
+    - ObOpenObjectByPointer
+    - PsThreadType
+    - ZwCreateEvent
+    - PsGetCurrentProcessId
+    - KeTickCount
+    - KeBugCheckEx
+    - ObfDereferenceObject
+    - IofCompleteRequest
+    - memset
+    - memcpy
+    - RtlUnwind
+    - KfAcquireSpinLock
+    - ExReleaseFastMutex
+    - ExAcquireFastMutex
+    - KfReleaseSpinLock
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: Rzpnk
+    MD5: 560069dc51d3cc7f9cf1f4e940f93cae
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: Rzpnk.sys
+    PDBPath: ''
+    Product: Rzpnk
+    ProductVersion: 1.0.12.3137
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: d057638b27154020a709184ba7727e65
+        SHA1: 5ef2028df0810ed9c5c6f0f98056403e8fbafccf
+        SHA256: c43d8b1564531353b120234c6056e59fb2254e04d1a7d775171952d29612fd57
+    SHA1: 1a83c8b63d675c940aaec10f70c0c7698e9b0165
+    SHA256: 16e2b071991b470a76dff4b6312d3c7e2133ad9ac4b6a62dda4e32281952fb23
+    Sections:
+        .text:
+            Entropy: 6.145469415830601
+            Virtual Size: '0x3606'
+        .rdata:
+            Entropy: 0.5345726604843702
+            Virtual Size: '0x10954'
+        .data:
+            Entropy: 5.3767156460043655
+            Virtual Size: '0x754'
+        PAGE:
+            Entropy: 4.549744862533889
+            Virtual Size: '0x6a'
+        INIT:
+            Entropy: 5.570949806092893
+            Virtual Size: '0x61e'
+        .rsrc:
+            Entropy: 3.308209327501646
+            Virtual Size: '0x328'
+        .reloc:
+            Entropy: 4.7243644582145805
+            Virtual Size: '0x5e0'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=KY, ST=Cayman Islands, L=George Town, O=Razer Inc., OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, CN=Razer Inc.
+            ValidFrom: '2013-09-13 00:00:00'
+            ValidTo: '2016-08-02 23:59:59'
+            Signature: 7fed5fa5da7959a757624348c39cb82555cbfa8fef504c4f9240c1832d551fa464a0f36ce293c269028849708ded45320d843e52e6e0a5c45d4c048f1c61db7831aa29bee4524cf538db8d5e3e810af96c8a2b4e85c17e6c6eefe399d57722554303e99d8b81d546bc42f89165b7c44efba44b0d073ed1d1fcae1b17e61a8e3995b5c61e33bf7c0c4d540ab2b925bcb7141159fa8095912ecccf2ad734a6362981e0248b1765df2a8815904dddf5817d76a2f493fb505624e2cd4341a39d40a3a0247a9886642d4f2f87d768efb8f08f89192eef8b635d8b76f97a3e84dfb4f05e6b1d16adc6101b7b2869aa277f886be34571d4f3af59744d4132bf2e694dc4
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 4e4563adead3fedac7bd44ec5c590577
+            Version: 3
+            TBS:
+                MD5: 62e336c644b79eb95f869025a59a0814
+                SHA1: a2f3feca99242c7df87dbe3676a64c4dba12b76b
+                SHA256: 3b43e76a05117b0ee9c87f7b98005a1a4b804d633660c8e3a43d342ba9184e1b
+                SHA384: 06fa6279fc3c74eade44518adb2b1c269e30736e11ff02f8e3b1f4a3e55a9f0b07ec215f9654d579c25c90627809182c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 4e4563adead3fedac7bd44ec5c590577
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 805e4a267f9495e7c0c430d92b78f8bd
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 151f2aa65417bbb3563e02d1f60484dc
+        SHA1: 970bd6388867c86b786d4e218d1a6967d7304ee4
+        SHA256: 9d61963c098b07fa7ee6dba40f476fc5d2f16301d79a3e8554319d66c69404a9
+    Company: Razer, Inc.
+    Copyright: Copyright (C) 2010-2018. Razer, Inc.
+    CreationTimestamp: '2018-03-19 12:55:13'
+    Date: ''
+    Description: Razer Overlay Support
+    ExportedFunctions: ''
+    FileVersion: 1.0.12.10201
+    Filename: ''
+    ImportedFunctions:
+    - IofCompleteRequest
+    - ObfDereferenceObject
+    - ObfReferenceObject
+    - KeClearEvent
+    - KeWaitForSingleObject
+    - IoAcquireCancelSpinLock
+    - IoReleaseCancelSpinLock
+    - ObReferenceObjectByHandle
+    - ExEventObjectType
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - ExAcquireFastMutex
+    - ExReleaseFastMutex
+    - KeAcquireGuardedMutex
+    - KeReleaseGuardedMutex
+    - KeAcquireSpinLockRaiseToDpc
+    - KeReleaseSpinLock
+    - RtlInitUnicodeString
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - PsGetCurrentProcessId
+    - _wcslwr
+    - wcsstr
+    - PoStartNextPowerIrp
+    - ZwLoadDriver
+    - IoGetDeviceObjectPointer
+    - ZwUnloadDriver
+    - IoAttachDeviceToDeviceStack
+    - IoDeleteDevice
+    - KeInitializeEvent
+    - IofCallDriver
+    - PoCallDriver
+    - PsSetCreateProcessNotifyRoutine
+    - PsSetCreateThreadNotifyRoutine
+    - PsRemoveCreateThreadNotifyRoutine
+    - ZwSetEvent
+    - ZwClose
+    - KeSetEvent
+    - ZwWaitForSingleObject
+    - _purecall
+    - sprintf
+    - _vsnprintf
+    - DbgPrint
+    - swprintf
+    - KeInitializeGuardedMutex
+    - PsLookupProcessByProcessId
+    - PsReferencePrimaryToken
+    - SeQueryInformationToken
+    - RtlLengthRequiredSid
+    - RtlInitializeSid
+    - RtlSubAuthoritySid
+    - RtlEqualSid
+    - PsDereferencePrimaryToken
+    - MmGetSystemRoutineAddress
+    - MmIsAddressValid
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - wcsrchr
+    - ZwOpenProcess
+    - PsLookupThreadByThreadId
+    - ObOpenObjectByPointer
+    - PsThreadType
+    - ZwCreateEvent
+    - RtlInitString
+    - RtlCompareString
+    - ZwOpenProcessTokenEx
+    - ZwQueryInformationToken
+    - RtlSubAuthorityCountSid
+    - KeBugCheckEx
+    - __C_specific_handler
+    Imports:
+    - ntoskrnl.exe
+    InternalName: Rzpnk
+    MD5: 8de7dcade65a1f51605a076c1d2b3456
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: Rzpnk.sys
+    PDBPath: ''
+    Product: Rzpnk
+    ProductVersion: 1.0.12.10201
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 38005c498229dd5f64251bb3e57a40bf
+        SHA1: 3ddcef7c8b8f8eeaccbc11703dd94c7d300ba1a0
+        SHA256: 27973d74dd877714939b06ddea7c9cad50ac645cd8569f068dc78575c14e6704
+    SHA1: a95a126b539989e29e68969bfab16df291e7fa8a
+    SHA256: dafa4459d88a8ab738b003b70953e0780f6b8f09344ce3cd631af70c78310b53
+    Sections:
+        .text:
+            Entropy: 6.032294908964451
+            Virtual Size: '0x7a82'
+        .rdata:
+            Entropy: 2.158939241562336
+            Virtual Size: '0x14564'
+        .data:
+            Entropy: 0.15812764646865457
+            Virtual Size: '0x3e4'
+        .pdata:
+            Entropy: 4.8892997126668325
+            Virtual Size: '0xcf0'
+        PAGE:
+            Entropy: 4.405262522641727
+            Virtual Size: '0x87'
+        INIT:
+            Entropy: 5.339799543825723
+            Virtual Size: '0x8ca'
+        .rsrc:
+            Entropy: 3.327497519552929
+            Virtual Size: '0x348'
+        .reloc:
+            Entropy: 4.323516902746281
+            Virtual Size: '0x8c'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=California, L=Irvine, O=Razer USA Ltd., CN=Razer USA
+                Ltd.
+            ValidFrom: '2016-02-10 00:00:00'
+            ValidTo: '2019-02-07 23:59:59'
+            Signature: 06b8b8ab165538f61a5033c866556c0dd5e0f3ccc78633965b7feb8b012f312c40d09a3916370efd6a1747fa6c39c0de0be5226f7de748d11854a396dfcdfb31bdf572c2fa2561204ea01d2a076a197f89b7cb084d4cdd2c788195309cd507be6847667b2c00b74d94f53291c03201e23c363928968cbe4596649a671458d82001d22205c3d4f6beb5405247d9ad1ad832c12a96e7e557426d8fc85b0069b512354557b7e2124305c0171df610bea39f8dabb973e3fec041fbce781db485d88fa826f74f0e0810e62b63615404c2daeaa354fa3c73baafcd5daca7146f3afee8c30cb257f6b25843c5df2317c1d05a619e86e843c081169e0dfd5036cd19f9ef
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 1834b81889070312b5c4ca72ea419a5e
+            Version: 3
+            TBS:
+                MD5: 966e59fada7c527111ba61f0cafcb355
+                SHA1: d72efbe2c9127b91fffcfa0825dc16c9f7580e44
+                SHA256: 506eaba716a689df7e0bb57b6f41afea02cce8c4af4d2392e96bd2e1bf483528
+                SHA384: 0edb1fa0ccc2600fcd37358eb158fae5b72cc13fd3ff6cd0518aa6c780377dd5a7e39145784d4b9c595f163be613f2f1
+        -   Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 SHA256 Code Signing CA
+            ValidFrom: '2013-12-10 00:00:00'
+            ValidTo: '2023-12-09 23:59:59'
+            Signature: 13851a1e69a937f7a0bda4af7e1d6153fe9d8c5e0ca6751e781723ddfdec1a035539fb7195c7655aa78e30d2445a61db706fda2105c22e73ba49f1d193fe5dc9cd5e03e0899e3f741ed7f7388ba9d6cfbb352f3358a89256d1c84d3b82e6798416fc28b0b147f31da23eee87d9a67fa456a53fad842e29de7cbca8aaa33d0401eaba93a20e502229174c87e43a115fd6a425899b056b2fb4c9014c277b0bac190522a060153fdac9fb4d4c8ffb726777fd2794c7ba350e8849fe8dfd28af4a12bd0db39705de440c15fa362b03dcc15001f1a1115d14e5e2bd274b54be2b845e0fa6c374050aef97c38922b11f77f3bdcd43d4f14ca93fb58b84af64f2d01421
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 3d78d7f9764960b2617df4f01eca862a
+            Version: 3
+            TBS:
+                MD5: 1f056ff7d5f874984dc605402b7cb042
+                SHA1: bdb348353a2203deb4b767914fa1bd7248dd728b
+                SHA256: a08e79c386083d875014c409c13d144e0a24386132980df11ff59737c8489eb1
+                SHA384: fa2729064b49e0d77540c1ee95d5f74acaf8eaf55197851a3a40383335f8113e51190bc48b552196edf8ac5cf0c89278
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        Signer:
+        -   SerialNumber: 1834b81889070312b5c4ca72ea419a5e
+            Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 SHA256 Code Signing CA
+            Version: 1
+    Imphash: 5192bc7311bdeb1f3977bdc0d2e943e4
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 700c4e80369a63127263fb1702bbe07b
+        SHA1: d6729e750660410644fb73361bc7113523a70c05
+        SHA256: 7070ee6dd615538ca6a701e7bdc2c23a19b84ae8ca5f9edc6307fef47eb05abb
+    Company: Razer, Inc.
+    Copyright: Copyright (C) 2010-2014
+    CreationTimestamp: '2016-05-19 15:08:25'
+    Date: ''
+    Description: Razer Overlay Support
+    ExportedFunctions: ''
+    FileVersion: 1.0.12.9986
+    Filename: ''
+    ImportedFunctions:
+    - IoAcquireCancelSpinLock
+    - IoReleaseCancelSpinLock
+    - ObReferenceObjectByHandle
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - KeAcquireGuardedMutex
+    - KeReleaseGuardedMutex
+    - RtlInitUnicodeString
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - PoStartNextPowerIrp
+    - IoDeleteDevice
+    - KeInitializeEvent
+    - PsSetCreateProcessNotifyRoutine
+    - PsSetCreateThreadNotifyRoutine
+    - PsRemoveCreateThreadNotifyRoutine
+    - ZwSetEvent
+    - _wcslwr
+    - wcsstr
+    - ZwClose
+    - KeSetEvent
+    - ZwWaitForSingleObject
+    - _purecall
+    - KeGetCurrentThread
+    - sprintf
+    - _vsnprintf
+    - swprintf
+    - PsLookupProcessByProcessId
+    - PsReferencePrimaryToken
+    - SeQueryInformationToken
+    - RtlLengthRequiredSid
+    - RtlInitializeSid
+    - RtlSubAuthoritySid
+    - RtlEqualSid
+    - PsDereferencePrimaryToken
+    - MmGetSystemRoutineAddress
+    - MmIsAddressValid
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - wcsrchr
+    - ZwOpenProcess
+    - PsLookupThreadByThreadId
+    - ObOpenObjectByPointer
+    - PsThreadType
+    - ZwCreateEvent
+    - ZwMapViewOfSection
+    - KeTickCount
+    - KeBugCheckEx
+    - ObfDereferenceObject
+    - IofCompleteRequest
+    - memcpy
+    - memset
+    - RtlUnwind
+    - KfAcquireSpinLock
+    - ExReleaseFastMutex
+    - ExAcquireFastMutex
+    - KfReleaseSpinLock
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: Rzpnk
+    MD5: 4e92f1c677e08fd09b57032c5b47ca46
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: Rzpnk.sys
+    PDBPath: ''
+    Product: Rzpnk
+    ProductVersion: 1.0.12.9986
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: c723c2141747136a803cc8d5df9b0e9c
+        SHA1: ab3959e0fa2376ebca63456374e4454a4d711ec1
+        SHA256: 4d91707d4f7a8f5cbedd69ff24b76a642fe430fa85657e0622340935b9806df5
+    SHA1: 6e191d72b980c8f08a0f60efa01f0b5bf3b34afb
+    SHA256: ad8fd8300ed375e22463cea8767f68857d9a3b0ff8585fbeb60acef89bf4a7d7
+    Sections:
+        .text:
+            Entropy: 6.114856649345834
+            Virtual Size: '0x3670'
+        .rdata:
+            Entropy: 0.751113745545077
+            Virtual Size: '0x8ac4'
+        .data:
+            Entropy: 0.16801126406945746
+            Virtual Size: '0x308'
+        PAGE:
+            Entropy: 4.450605636670296
+            Virtual Size: '0x69'
+        INIT:
+            Entropy: 5.5079261670391375
+            Virtual Size: '0x61c'
+        .rsrc:
+            Entropy: 3.306152731455725
+            Virtual Size: '0x328'
+        .reloc:
+            Entropy: 6.471599422357952
+            Virtual Size: '0x3d4'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=California, L=Irvine, O=Razer USA Ltd., CN=Razer USA
+                Ltd.
+            ValidFrom: '2016-02-10 00:00:00'
+            ValidTo: '2019-02-07 23:59:59'
+            Signature: 06b8b8ab165538f61a5033c866556c0dd5e0f3ccc78633965b7feb8b012f312c40d09a3916370efd6a1747fa6c39c0de0be5226f7de748d11854a396dfcdfb31bdf572c2fa2561204ea01d2a076a197f89b7cb084d4cdd2c788195309cd507be6847667b2c00b74d94f53291c03201e23c363928968cbe4596649a671458d82001d22205c3d4f6beb5405247d9ad1ad832c12a96e7e557426d8fc85b0069b512354557b7e2124305c0171df610bea39f8dabb973e3fec041fbce781db485d88fa826f74f0e0810e62b63615404c2daeaa354fa3c73baafcd5daca7146f3afee8c30cb257f6b25843c5df2317c1d05a619e86e843c081169e0dfd5036cd19f9ef
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 1834b81889070312b5c4ca72ea419a5e
+            Version: 3
+            TBS:
+                MD5: 966e59fada7c527111ba61f0cafcb355
+                SHA1: d72efbe2c9127b91fffcfa0825dc16c9f7580e44
+                SHA256: 506eaba716a689df7e0bb57b6f41afea02cce8c4af4d2392e96bd2e1bf483528
+                SHA384: 0edb1fa0ccc2600fcd37358eb158fae5b72cc13fd3ff6cd0518aa6c780377dd5a7e39145784d4b9c595f163be613f2f1
+        -   Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 SHA256 Code Signing CA
+            ValidFrom: '2013-12-10 00:00:00'
+            ValidTo: '2023-12-09 23:59:59'
+            Signature: 13851a1e69a937f7a0bda4af7e1d6153fe9d8c5e0ca6751e781723ddfdec1a035539fb7195c7655aa78e30d2445a61db706fda2105c22e73ba49f1d193fe5dc9cd5e03e0899e3f741ed7f7388ba9d6cfbb352f3358a89256d1c84d3b82e6798416fc28b0b147f31da23eee87d9a67fa456a53fad842e29de7cbca8aaa33d0401eaba93a20e502229174c87e43a115fd6a425899b056b2fb4c9014c277b0bac190522a060153fdac9fb4d4c8ffb726777fd2794c7ba350e8849fe8dfd28af4a12bd0db39705de440c15fa362b03dcc15001f1a1115d14e5e2bd274b54be2b845e0fa6c374050aef97c38922b11f77f3bdcd43d4f14ca93fb58b84af64f2d01421
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 3d78d7f9764960b2617df4f01eca862a
+            Version: 3
+            TBS:
+                MD5: 1f056ff7d5f874984dc605402b7cb042
+                SHA1: bdb348353a2203deb4b767914fa1bd7248dd728b
+                SHA256: a08e79c386083d875014c409c13d144e0a24386132980df11ff59737c8489eb1
+                SHA384: fa2729064b49e0d77540c1ee95d5f74acaf8eaf55197851a3a40383335f8113e51190bc48b552196edf8ac5cf0c89278
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        Signer:
+        -   SerialNumber: 1834b81889070312b5c4ca72ea419a5e
+            Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 SHA256 Code Signing CA
+            Version: 1
+    Imphash: 42e3f2ffa29901e572f2df03cb872159
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 78276d9e5e7111419e997b4ea0dc0bcc
+        SHA1: 876a391320ff8b3e545c53bb933d6afd8ace66e6
+        SHA256: a9e0f35da47fe91d887a28a0670d8e79ceef7c61ff6d9af3d0568a9737fe0673
+    Company: Razer, Inc.
+    Copyright: Copyright (C) 2010-2014
+    CreationTimestamp: '2015-05-28 13:22:11'
+    Date: ''
+    Description: Razer Overlay Support
+    ExportedFunctions: ''
+    FileVersion: 1.0.12.6087
+    Filename: ''
+    ImportedFunctions:
+    - IofCompleteRequest
+    - ObfDereferenceObject
+    - ObfReferenceObject
+    - KeClearEvent
+    - KeWaitForSingleObject
+    - IoAcquireCancelSpinLock
+    - IoReleaseCancelSpinLock
+    - ObReferenceObjectByHandle
+    - ExEventObjectType
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - ExAcquireFastMutex
+    - ExReleaseFastMutex
+    - KeAcquireGuardedMutex
+    - KeReleaseGuardedMutex
+    - KeAcquireSpinLockRaiseToDpc
+    - KeReleaseSpinLock
+    - RtlInitUnicodeString
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - PoStartNextPowerIrp
+    - ZwLoadDriver
+    - IoGetDeviceObjectPointer
+    - ZwUnloadDriver
+    - IoAttachDeviceToDeviceStack
+    - IoDeleteDevice
+    - KeInitializeEvent
+    - IofCallDriver
+    - PoCallDriver
+    - PsSetCreateProcessNotifyRoutine
+    - PsSetCreateThreadNotifyRoutine
+    - PsRemoveCreateThreadNotifyRoutine
+    - ZwSetEvent
+    - _wcslwr
+    - wcsstr
+    - ZwClose
+    - KeSetEvent
+    - ZwWaitForSingleObject
+    - _purecall
+    - sprintf
+    - _vsnprintf
+    - DbgPrint
+    - swprintf
+    - KeInitializeGuardedMutex
+    - PsLookupProcessByProcessId
+    - PsReferencePrimaryToken
+    - SeQueryInformationToken
+    - RtlLengthRequiredSid
+    - RtlInitializeSid
+    - RtlSubAuthoritySid
+    - RtlEqualSid
+    - PsDereferencePrimaryToken
+    - MmGetSystemRoutineAddress
+    - MmIsAddressValid
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - wcsrchr
+    - ZwOpenProcess
+    - PsLookupThreadByThreadId
+    - ObOpenObjectByPointer
+    - PsThreadType
+    - ZwCreateEvent
+    - PsGetCurrentProcessId
+    - RtlInitString
+    - RtlCompareString
+    - KeBugCheckEx
+    - __C_specific_handler
+    Imports:
+    - ntoskrnl.exe
+    InternalName: Rzpnk
+    MD5: 288471f132c7249f598032d03575f083
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: Rzpnk.sys
+    PDBPath: ''
+    Product: Rzpnk
+    ProductVersion: 1.0.12.6087
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 6f46839d81ff1d1b3e509d134f95c5a9
+        SHA1: 987e1f687c75f4e3bd6377359b2ed6b71e16b88e
+        SHA256: 011d63cf6e09f148f628424ead77cac9969f196a4bb773e8fbd60ab9b41d8c93
+    SHA1: 3fbe337b6ed1a1a63ae8b4240c01bd68ed531674
+    SHA256: 9e3430d5e0e93bc4a5dccc985053912065e65722bfc2eaf431bc1da91410434c
+    Sections:
+        .text:
+            Entropy: 5.9988823890417375
+            Virtual Size: '0x7360'
+        .rdata:
+            Entropy: 2.024740490753228
+            Virtual Size: '0x13f2c'
+        .data:
+            Entropy: 4.883228407116594
+            Virtual Size: '0x84c'
+        .pdata:
+            Entropy: 4.849576987895292
+            Virtual Size: '0xce4'
+        PAGE:
+            Entropy: 4.375632893012098
+            Virtual Size: '0x87'
+        INIT:
+            Entropy: 5.335573695740321
+            Virtual Size: '0x866'
+        .rsrc:
+            Entropy: 3.3151233781057714
+            Virtual Size: '0x328'
+        .reloc:
+            Entropy: 2.1849334100920914
+            Virtual Size: '0x1a4'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=KY, ST=Cayman Islands, L=George Town, O=Razer Inc., OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, CN=Razer Inc.
+            ValidFrom: '2013-09-13 00:00:00'
+            ValidTo: '2016-08-02 23:59:59'
+            Signature: 7fed5fa5da7959a757624348c39cb82555cbfa8fef504c4f9240c1832d551fa464a0f36ce293c269028849708ded45320d843e52e6e0a5c45d4c048f1c61db7831aa29bee4524cf538db8d5e3e810af96c8a2b4e85c17e6c6eefe399d57722554303e99d8b81d546bc42f89165b7c44efba44b0d073ed1d1fcae1b17e61a8e3995b5c61e33bf7c0c4d540ab2b925bcb7141159fa8095912ecccf2ad734a6362981e0248b1765df2a8815904dddf5817d76a2f493fb505624e2cd4341a39d40a3a0247a9886642d4f2f87d768efb8f08f89192eef8b635d8b76f97a3e84dfb4f05e6b1d16adc6101b7b2869aa277f886be34571d4f3af59744d4132bf2e694dc4
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 4e4563adead3fedac7bd44ec5c590577
+            Version: 3
+            TBS:
+                MD5: 62e336c644b79eb95f869025a59a0814
+                SHA1: a2f3feca99242c7df87dbe3676a64c4dba12b76b
+                SHA256: 3b43e76a05117b0ee9c87f7b98005a1a4b804d633660c8e3a43d342ba9184e1b
+                SHA384: 06fa6279fc3c74eade44518adb2b1c269e30736e11ff02f8e3b1f4a3e55a9f0b07ec215f9654d579c25c90627809182c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 4e4563adead3fedac7bd44ec5c590577
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: dd7c5c0c762169d40ee01280e4ac74fc
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 13d7aa7733e7db4e391dba54f3f4b61f
+        SHA1: d466b8fa00d2fdd9834d5d3bafdf8cbc0ccf139c
+        SHA256: bedb1e28fd1cdf391edc859c58cb318a9ab686f254195246909b245e7aaf7669
+    Company: Razer, Inc.
+    Copyright: Copyright (C) 2010-2018. Razer, Inc.
+    CreationTimestamp: '2018-03-19 12:54:13'
+    Date: ''
+    Description: Razer Overlay Support
+    ExportedFunctions: ''
+    FileVersion: 1.0.12.10201
+    Filename: ''
+    ImportedFunctions:
+    - IoAcquireCancelSpinLock
+    - IoReleaseCancelSpinLock
+    - ObReferenceObjectByHandle
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - KeAcquireGuardedMutex
+    - KeReleaseGuardedMutex
+    - RtlInitUnicodeString
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - PsGetCurrentProcessId
+    - _wcslwr
+    - wcsstr
+    - PoStartNextPowerIrp
+    - IoDeleteDevice
+    - KeInitializeEvent
+    - PsSetCreateProcessNotifyRoutine
+    - PsSetCreateThreadNotifyRoutine
+    - PsRemoveCreateThreadNotifyRoutine
+    - ZwSetEvent
+    - ZwClose
+    - KeSetEvent
+    - ZwWaitForSingleObject
+    - _purecall
+    - KeGetCurrentThread
+    - sprintf
+    - _vsnprintf
+    - swprintf
+    - PsLookupProcessByProcessId
+    - PsReferencePrimaryToken
+    - SeQueryInformationToken
+    - RtlLengthRequiredSid
+    - RtlInitializeSid
+    - RtlSubAuthoritySid
+    - RtlEqualSid
+    - PsDereferencePrimaryToken
+    - MmGetSystemRoutineAddress
+    - MmIsAddressValid
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - wcsrchr
+    - ZwOpenProcess
+    - PsLookupThreadByThreadId
+    - ObOpenObjectByPointer
+    - PsThreadType
+    - ZwCreateEvent
+    - KeTickCount
+    - KeBugCheckEx
+    - ObfDereferenceObject
+    - IofCompleteRequest
+    - memcpy
+    - memset
+    - RtlUnwind
+    - KfAcquireSpinLock
+    - ExReleaseFastMutex
+    - ExAcquireFastMutex
+    - KfReleaseSpinLock
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: Rzpnk
+    MD5: f5e6ef0dcbb3d4a608e9e0bba4d80d0a
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: Rzpnk.sys
+    PDBPath: ''
+    Product: Rzpnk
+    ProductVersion: 1.0.12.10201
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 74246c83ad31479ca2853d2303658a0b
+        SHA1: 52345554a866b72e0e63cad68915f73877138d99
+        SHA256: 03ea97d4e2a7432508634ad865d3ec46fc3bf05c92874ae57fb5cfeacced2b2b
+    SHA1: 58ebfb7de214ee09f6bf71c8cc9c139dd4c8b016
+    SHA256: 46d1dc89cc5fa327e7adf3e3d6d498657240772b85548c17d2e356aac193dd28
+    Sections:
+        .text:
+            Entropy: 6.1267659551337
+            Virtual Size: '0x3888'
+        .rdata:
+            Entropy: 0.7774911680764585
+            Virtual Size: '0x8b54'
+        .data:
+            Entropy: 0.16801126406945746
+            Virtual Size: '0x308'
+        PAGE:
+            Entropy: 4.345324837503696
+            Virtual Size: '0x69'
+        INIT:
+            Entropy: 5.5036715965307845
+            Virtual Size: '0x61e'
+        .rsrc:
+            Entropy: 3.321864460423256
+            Virtual Size: '0x348'
+        .reloc:
+            Entropy: 6.534717310120353
+            Virtual Size: '0x3d8'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=California, L=Irvine, O=Razer USA Ltd., CN=Razer USA
+                Ltd.
+            ValidFrom: '2016-02-10 00:00:00'
+            ValidTo: '2019-02-07 23:59:59'
+            Signature: 06b8b8ab165538f61a5033c866556c0dd5e0f3ccc78633965b7feb8b012f312c40d09a3916370efd6a1747fa6c39c0de0be5226f7de748d11854a396dfcdfb31bdf572c2fa2561204ea01d2a076a197f89b7cb084d4cdd2c788195309cd507be6847667b2c00b74d94f53291c03201e23c363928968cbe4596649a671458d82001d22205c3d4f6beb5405247d9ad1ad832c12a96e7e557426d8fc85b0069b512354557b7e2124305c0171df610bea39f8dabb973e3fec041fbce781db485d88fa826f74f0e0810e62b63615404c2daeaa354fa3c73baafcd5daca7146f3afee8c30cb257f6b25843c5df2317c1d05a619e86e843c081169e0dfd5036cd19f9ef
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 1834b81889070312b5c4ca72ea419a5e
+            Version: 3
+            TBS:
+                MD5: 966e59fada7c527111ba61f0cafcb355
+                SHA1: d72efbe2c9127b91fffcfa0825dc16c9f7580e44
+                SHA256: 506eaba716a689df7e0bb57b6f41afea02cce8c4af4d2392e96bd2e1bf483528
+                SHA384: 0edb1fa0ccc2600fcd37358eb158fae5b72cc13fd3ff6cd0518aa6c780377dd5a7e39145784d4b9c595f163be613f2f1
+        -   Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 SHA256 Code Signing CA
+            ValidFrom: '2013-12-10 00:00:00'
+            ValidTo: '2023-12-09 23:59:59'
+            Signature: 13851a1e69a937f7a0bda4af7e1d6153fe9d8c5e0ca6751e781723ddfdec1a035539fb7195c7655aa78e30d2445a61db706fda2105c22e73ba49f1d193fe5dc9cd5e03e0899e3f741ed7f7388ba9d6cfbb352f3358a89256d1c84d3b82e6798416fc28b0b147f31da23eee87d9a67fa456a53fad842e29de7cbca8aaa33d0401eaba93a20e502229174c87e43a115fd6a425899b056b2fb4c9014c277b0bac190522a060153fdac9fb4d4c8ffb726777fd2794c7ba350e8849fe8dfd28af4a12bd0db39705de440c15fa362b03dcc15001f1a1115d14e5e2bd274b54be2b845e0fa6c374050aef97c38922b11f77f3bdcd43d4f14ca93fb58b84af64f2d01421
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 3d78d7f9764960b2617df4f01eca862a
+            Version: 3
+            TBS:
+                MD5: 1f056ff7d5f874984dc605402b7cb042
+                SHA1: bdb348353a2203deb4b767914fa1bd7248dd728b
+                SHA256: a08e79c386083d875014c409c13d144e0a24386132980df11ff59737c8489eb1
+                SHA384: fa2729064b49e0d77540c1ee95d5f74acaf8eaf55197851a3a40383335f8113e51190bc48b552196edf8ac5cf0c89278
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        Signer:
+        -   SerialNumber: 1834b81889070312b5c4ca72ea419a5e
+            Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 SHA256 Code Signing CA
+            Version: 1
+    Imphash: d67b7c7501e5261df5e66b3219fa52ee
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 49143ee3e5fc7193b0826428979792c8
+        SHA1: 2fa99a65d8992e07ac5af3a935861b493669d870
+        SHA256: e269b4cb9df863c31ae13012429f67a0f3cd81481025d35ce6531b33b63b5976
+    Company: Razer, Inc.
+    Copyright: Copyright (C) 2010-2017. Razer, Inc.
+    CreationTimestamp: '2017-09-20 16:34:31'
+    Date: ''
+    Description: Razer Overlay Support
+    ExportedFunctions: ''
+    FileVersion: 1.0.12.10177
+    Filename: ''
+    ImportedFunctions:
+    - IoAcquireCancelSpinLock
+    - IoReleaseCancelSpinLock
+    - ObReferenceObjectByHandle
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - KeAcquireGuardedMutex
+    - KeReleaseGuardedMutex
+    - RtlInitUnicodeString
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - PsGetCurrentProcessId
+    - _wcslwr
+    - wcsstr
+    - PoStartNextPowerIrp
+    - IoDeleteDevice
+    - KeInitializeEvent
+    - PsSetCreateProcessNotifyRoutine
+    - PsSetCreateThreadNotifyRoutine
+    - PsRemoveCreateThreadNotifyRoutine
+    - ZwSetEvent
+    - ZwClose
+    - KeSetEvent
+    - ZwWaitForSingleObject
+    - _purecall
+    - sprintf
+    - _vsnprintf
+    - swprintf
+    - PsLookupProcessByProcessId
+    - PsReferencePrimaryToken
+    - SeQueryInformationToken
+    - RtlLengthRequiredSid
+    - RtlInitializeSid
+    - RtlSubAuthoritySid
+    - RtlEqualSid
+    - PsDereferencePrimaryToken
+    - MmGetSystemRoutineAddress
+    - MmIsAddressValid
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - wcsrchr
+    - ZwOpenProcess
+    - PsLookupThreadByThreadId
+    - ObOpenObjectByPointer
+    - PsThreadType
+    - ZwCreateEvent
+    - KeTickCount
+    - KeBugCheckEx
+    - ObfDereferenceObject
+    - KeGetCurrentThread
+    - IofCompleteRequest
+    - memcpy
+    - memset
+    - RtlUnwind
+    - KfAcquireSpinLock
+    - ExReleaseFastMutex
+    - ExAcquireFastMutex
+    - KfReleaseSpinLock
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: Rzpnk
+    MD5: 36527fdb70ed6f74b70a98129f82ad62
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: Rzpnk.sys
+    PDBPath: ''
+    Product: Rzpnk
+    ProductVersion: 1.0.12.10177
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 4a9a353a14ee7f23eb41b8a45b487e20
+        SHA1: 6c6a81d70919694d3abe35859966f0d320d0b3a3
+        SHA256: 89faf986a8af825587e8da0861c420dad1d83ce6bb17589fd1d397352352159c
+    SHA1: 986c1fdfe7c9731f4de15680a475a72cf2245121
+    SHA256: 9fa120bda98633e30480d8475c9ac6637470c4ca7c63763560bf869138091b01
+    Sections:
+        .text:
+            Entropy: 6.128458524856704
+            Virtual Size: '0x3878'
+        .rdata:
+            Entropy: 0.7781386812218317
+            Virtual Size: '0x8b54'
+        .data:
+            Entropy: 0.16801126406945746
+            Virtual Size: '0x308'
+        PAGE:
+            Entropy: 4.455274446152897
+            Virtual Size: '0x69'
+        INIT:
+            Entropy: 5.513410336591057
+            Virtual Size: '0x61e'
+        .rsrc:
+            Entropy: 3.331606785935212
+            Virtual Size: '0x348'
+        .reloc:
+            Entropy: 6.56214856252232
+            Virtual Size: '0x3d8'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=California, L=Irvine, O=Razer USA Ltd., CN=Razer USA
+                Ltd.
+            ValidFrom: '2016-02-10 00:00:00'
+            ValidTo: '2019-02-07 23:59:59'
+            Signature: 06b8b8ab165538f61a5033c866556c0dd5e0f3ccc78633965b7feb8b012f312c40d09a3916370efd6a1747fa6c39c0de0be5226f7de748d11854a396dfcdfb31bdf572c2fa2561204ea01d2a076a197f89b7cb084d4cdd2c788195309cd507be6847667b2c00b74d94f53291c03201e23c363928968cbe4596649a671458d82001d22205c3d4f6beb5405247d9ad1ad832c12a96e7e557426d8fc85b0069b512354557b7e2124305c0171df610bea39f8dabb973e3fec041fbce781db485d88fa826f74f0e0810e62b63615404c2daeaa354fa3c73baafcd5daca7146f3afee8c30cb257f6b25843c5df2317c1d05a619e86e843c081169e0dfd5036cd19f9ef
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 1834b81889070312b5c4ca72ea419a5e
+            Version: 3
+            TBS:
+                MD5: 966e59fada7c527111ba61f0cafcb355
+                SHA1: d72efbe2c9127b91fffcfa0825dc16c9f7580e44
+                SHA256: 506eaba716a689df7e0bb57b6f41afea02cce8c4af4d2392e96bd2e1bf483528
+                SHA384: 0edb1fa0ccc2600fcd37358eb158fae5b72cc13fd3ff6cd0518aa6c780377dd5a7e39145784d4b9c595f163be613f2f1
+        -   Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 SHA256 Code Signing CA
+            ValidFrom: '2013-12-10 00:00:00'
+            ValidTo: '2023-12-09 23:59:59'
+            Signature: 13851a1e69a937f7a0bda4af7e1d6153fe9d8c5e0ca6751e781723ddfdec1a035539fb7195c7655aa78e30d2445a61db706fda2105c22e73ba49f1d193fe5dc9cd5e03e0899e3f741ed7f7388ba9d6cfbb352f3358a89256d1c84d3b82e6798416fc28b0b147f31da23eee87d9a67fa456a53fad842e29de7cbca8aaa33d0401eaba93a20e502229174c87e43a115fd6a425899b056b2fb4c9014c277b0bac190522a060153fdac9fb4d4c8ffb726777fd2794c7ba350e8849fe8dfd28af4a12bd0db39705de440c15fa362b03dcc15001f1a1115d14e5e2bd274b54be2b845e0fa6c374050aef97c38922b11f77f3bdcd43d4f14ca93fb58b84af64f2d01421
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 3d78d7f9764960b2617df4f01eca862a
+            Version: 3
+            TBS:
+                MD5: 1f056ff7d5f874984dc605402b7cb042
+                SHA1: bdb348353a2203deb4b767914fa1bd7248dd728b
+                SHA256: a08e79c386083d875014c409c13d144e0a24386132980df11ff59737c8489eb1
+                SHA384: fa2729064b49e0d77540c1ee95d5f74acaf8eaf55197851a3a40383335f8113e51190bc48b552196edf8ac5cf0c89278
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        Signer:
+        -   SerialNumber: 1834b81889070312b5c4ca72ea419a5e
+            Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 SHA256 Code Signing CA
+            Version: 1
+    Imphash: 7fb9382c0d754d5aac897d7a3e72b10c
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 3b53b1da67c8917786be48c57c6a2db1
+        SHA1: b2aac760470a4575bc0f6508179ed32d7c37a5d9
+        SHA256: 39789a159c1196255f1b6d83e23af4082fd4cffe2662e40b71631b4e2e4bc05d
+    Company: Razer, Inc.
+    Copyright: Copyright (C) 2010-2017. Razer, Inc.
+    CreationTimestamp: '2017-07-16 13:12:07'
+    Date: ''
+    Description: Razer Overlay Support
+    ExportedFunctions: ''
+    FileVersion: 1.0.12.10155
+    Filename: ''
+    ImportedFunctions:
+    - IofCompleteRequest
+    - ObfDereferenceObject
+    - ObfReferenceObject
+    - KeClearEvent
+    - KeWaitForSingleObject
+    - IoAcquireCancelSpinLock
+    - IoReleaseCancelSpinLock
+    - ObReferenceObjectByHandle
+    - ExEventObjectType
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - ExAcquireFastMutex
+    - ExReleaseFastMutex
+    - KeAcquireGuardedMutex
+    - KeReleaseGuardedMutex
+    - KeAcquireSpinLockRaiseToDpc
+    - KeReleaseSpinLock
+    - RtlInitUnicodeString
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - PoStartNextPowerIrp
+    - ZwLoadDriver
+    - IoGetDeviceObjectPointer
+    - ZwUnloadDriver
+    - IoAttachDeviceToDeviceStack
+    - IoDeleteDevice
+    - KeInitializeEvent
+    - IofCallDriver
+    - PoCallDriver
+    - PsSetCreateProcessNotifyRoutine
+    - PsSetCreateThreadNotifyRoutine
+    - PsRemoveCreateThreadNotifyRoutine
+    - ZwSetEvent
+    - _wcslwr
+    - wcsstr
+    - ZwClose
+    - KeSetEvent
+    - ZwWaitForSingleObject
+    - _purecall
+    - sprintf
+    - _vsnprintf
+    - DbgPrint
+    - swprintf
+    - KeInitializeGuardedMutex
+    - PsLookupProcessByProcessId
+    - PsReferencePrimaryToken
+    - SeQueryInformationToken
+    - RtlLengthRequiredSid
+    - RtlInitializeSid
+    - RtlSubAuthoritySid
+    - RtlEqualSid
+    - PsDereferencePrimaryToken
+    - MmGetSystemRoutineAddress
+    - MmIsAddressValid
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - wcsrchr
+    - ZwOpenProcess
+    - PsLookupThreadByThreadId
+    - ObOpenObjectByPointer
+    - PsThreadType
+    - ZwCreateEvent
+    - PsGetCurrentProcessId
+    - RtlInitString
+    - RtlCompareString
+    - ZwMapViewOfSection
+    - ZwOpenProcessTokenEx
+    - ZwQueryInformationToken
+    - RtlSubAuthorityCountSid
+    - KeBugCheckEx
+    - __C_specific_handler
+    Imports:
+    - ntoskrnl.exe
+    InternalName: Rzpnk
+    MD5: 935a7df222f19ac532e831e6bf9e8e45
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: Rzpnk.sys
+    PDBPath: ''
+    Product: Rzpnk
+    ProductVersion: 1.0.12.10155
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: ce0bfa21df06f7d3067953da829fe299
+        SHA1: 49f5fdf333898858dd7297603f3b2347a01e777d
+        SHA256: c059cad135868369281fd57e51cf8d64ac50e012ce54e3efb9321d8b519bd2dd
+    SHA1: a6aa7926aa46beaf9882a93053536b75ef2c7536
+    SHA256: 567809308cfb72d59b89364a6475f34a912d03889aa50866803ac3d0bf2c3270
+    Sections:
+        .text:
+            Entropy: 6.029813362546066
+            Virtual Size: '0x797e'
+        .rdata:
+            Entropy: 2.1638565406792596
+            Virtual Size: '0x1457c'
+        .data:
+            Entropy: 0.15812764646865457
+            Virtual Size: '0x3e4'
+        .pdata:
+            Entropy: 4.86837045917237
+            Virtual Size: '0xcf0'
+        PAGE:
+            Entropy: 4.405262522641727
+            Virtual Size: '0x87'
+        INIT:
+            Entropy: 5.362469333828446
+            Virtual Size: '0x8e8'
+        .rsrc:
+            Entropy: 3.3415370361058807
+            Virtual Size: '0x348'
+        .reloc:
+            Entropy: 4.425570968528865
+            Virtual Size: '0x8c'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=California, L=Irvine, O=Razer USA Ltd., CN=Razer USA
+                Ltd.
+            ValidFrom: '2016-02-10 00:00:00'
+            ValidTo: '2019-02-07 23:59:59'
+            Signature: 06b8b8ab165538f61a5033c866556c0dd5e0f3ccc78633965b7feb8b012f312c40d09a3916370efd6a1747fa6c39c0de0be5226f7de748d11854a396dfcdfb31bdf572c2fa2561204ea01d2a076a197f89b7cb084d4cdd2c788195309cd507be6847667b2c00b74d94f53291c03201e23c363928968cbe4596649a671458d82001d22205c3d4f6beb5405247d9ad1ad832c12a96e7e557426d8fc85b0069b512354557b7e2124305c0171df610bea39f8dabb973e3fec041fbce781db485d88fa826f74f0e0810e62b63615404c2daeaa354fa3c73baafcd5daca7146f3afee8c30cb257f6b25843c5df2317c1d05a619e86e843c081169e0dfd5036cd19f9ef
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 1834b81889070312b5c4ca72ea419a5e
+            Version: 3
+            TBS:
+                MD5: 966e59fada7c527111ba61f0cafcb355
+                SHA1: d72efbe2c9127b91fffcfa0825dc16c9f7580e44
+                SHA256: 506eaba716a689df7e0bb57b6f41afea02cce8c4af4d2392e96bd2e1bf483528
+                SHA384: 0edb1fa0ccc2600fcd37358eb158fae5b72cc13fd3ff6cd0518aa6c780377dd5a7e39145784d4b9c595f163be613f2f1
+        -   Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 SHA256 Code Signing CA
+            ValidFrom: '2013-12-10 00:00:00'
+            ValidTo: '2023-12-09 23:59:59'
+            Signature: 13851a1e69a937f7a0bda4af7e1d6153fe9d8c5e0ca6751e781723ddfdec1a035539fb7195c7655aa78e30d2445a61db706fda2105c22e73ba49f1d193fe5dc9cd5e03e0899e3f741ed7f7388ba9d6cfbb352f3358a89256d1c84d3b82e6798416fc28b0b147f31da23eee87d9a67fa456a53fad842e29de7cbca8aaa33d0401eaba93a20e502229174c87e43a115fd6a425899b056b2fb4c9014c277b0bac190522a060153fdac9fb4d4c8ffb726777fd2794c7ba350e8849fe8dfd28af4a12bd0db39705de440c15fa362b03dcc15001f1a1115d14e5e2bd274b54be2b845e0fa6c374050aef97c38922b11f77f3bdcd43d4f14ca93fb58b84af64f2d01421
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 3d78d7f9764960b2617df4f01eca862a
+            Version: 3
+            TBS:
+                MD5: 1f056ff7d5f874984dc605402b7cb042
+                SHA1: bdb348353a2203deb4b767914fa1bd7248dd728b
+                SHA256: a08e79c386083d875014c409c13d144e0a24386132980df11ff59737c8489eb1
+                SHA384: fa2729064b49e0d77540c1ee95d5f74acaf8eaf55197851a3a40383335f8113e51190bc48b552196edf8ac5cf0c89278
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        Signer:
+        -   SerialNumber: 1834b81889070312b5c4ca72ea419a5e
+            Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 SHA256 Code Signing CA
+            Version: 1
+    Imphash: 6b7d4c6283b9b951b7b2f47a0c5be8c7
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 428e1d8063028ac66be9501b5bccb038
+        SHA1: e4e33d2ad37a0e7edf98f9384d0167dfaa540e77
+        SHA256: af9c600edb134fb8f21d585bbf7d0a4d3f1b792b6dd104c10d38f220f47671f8
+    Company: Razer, Inc.
+    Copyright: Copyright (C) 2010-2014
+    CreationTimestamp: '2016-05-19 15:09:43'
+    Date: ''
+    Description: Razer Overlay Support
+    ExportedFunctions: ''
+    FileVersion: 1.0.12.9986
+    Filename: ''
+    ImportedFunctions:
+    - IofCompleteRequest
+    - ObfDereferenceObject
+    - ObfReferenceObject
+    - KeClearEvent
+    - KeWaitForSingleObject
+    - IoAcquireCancelSpinLock
+    - IoReleaseCancelSpinLock
+    - ObReferenceObjectByHandle
+    - ExEventObjectType
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - ExAcquireFastMutex
+    - ExReleaseFastMutex
+    - KeAcquireGuardedMutex
+    - KeReleaseGuardedMutex
+    - KeAcquireSpinLockRaiseToDpc
+    - KeReleaseSpinLock
+    - RtlInitUnicodeString
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - PoStartNextPowerIrp
+    - ZwLoadDriver
+    - IoGetDeviceObjectPointer
+    - ZwUnloadDriver
+    - IoAttachDeviceToDeviceStack
+    - IoDeleteDevice
+    - KeInitializeEvent
+    - IofCallDriver
+    - PoCallDriver
+    - PsSetCreateProcessNotifyRoutine
+    - PsSetCreateThreadNotifyRoutine
+    - PsRemoveCreateThreadNotifyRoutine
+    - ZwSetEvent
+    - _wcslwr
+    - wcsstr
+    - ZwClose
+    - KeSetEvent
+    - ZwWaitForSingleObject
+    - _purecall
+    - sprintf
+    - _vsnprintf
+    - DbgPrint
+    - swprintf
+    - KeInitializeGuardedMutex
+    - PsLookupProcessByProcessId
+    - PsReferencePrimaryToken
+    - SeQueryInformationToken
+    - RtlLengthRequiredSid
+    - RtlInitializeSid
+    - RtlSubAuthoritySid
+    - RtlEqualSid
+    - PsDereferencePrimaryToken
+    - MmGetSystemRoutineAddress
+    - MmIsAddressValid
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - wcsrchr
+    - ZwOpenProcess
+    - PsLookupThreadByThreadId
+    - ObOpenObjectByPointer
+    - PsThreadType
+    - ZwCreateEvent
+    - PsGetCurrentProcessId
+    - RtlInitString
+    - RtlCompareString
+    - ZwMapViewOfSection
+    - KeBugCheckEx
+    - __C_specific_handler
+    Imports:
+    - ntoskrnl.exe
+    InternalName: Rzpnk
+    MD5: 2229d5a9a92b62df4df9cf51f48436f7
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: Rzpnk.sys
+    PDBPath: ''
+    Product: Rzpnk
+    ProductVersion: 1.0.12.9986
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: d95b83b1676185463804c7be60a5629a
+        SHA1: 1d9671d566106c909d9fb90ad6d433103705a06e
+        SHA256: 98a9df9ab526c9ccc780176b4ab4f0bdf1479789da7a463f76afa5ca5eeb57a8
+    SHA1: 63cf021c8662fa23ce3e4075a4f849431e473058
+    SHA256: 0507d893e3fd2917c81c1dc13ccb22ae5402ab6ca9fb8d89485010838050d08d
+    Sections:
+        .text:
+            Entropy: 6.019686004932245
+            Virtual Size: '0x76de'
+        .rdata:
+            Entropy: 2.1425402181335667
+            Virtual Size: '0x1441c'
+        .data:
+            Entropy: 0.15812764646865457
+            Virtual Size: '0x3e4'
+        .pdata:
+            Entropy: 4.833106417422371
+            Virtual Size: '0xc84'
+        PAGE:
+            Entropy: 4.405262522641727
+            Virtual Size: '0x87'
+        INIT:
+            Entropy: 5.3460375261506305
+            Virtual Size: '0x884'
+        .rsrc:
+            Entropy: 3.311949790337429
+            Virtual Size: '0x328'
+        .reloc:
+            Entropy: 4.342739465022854
+            Virtual Size: '0x94'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=California, L=Irvine, O=Razer USA Ltd., CN=Razer USA
+                Ltd.
+            ValidFrom: '2016-02-10 00:00:00'
+            ValidTo: '2019-02-07 23:59:59'
+            Signature: 06b8b8ab165538f61a5033c866556c0dd5e0f3ccc78633965b7feb8b012f312c40d09a3916370efd6a1747fa6c39c0de0be5226f7de748d11854a396dfcdfb31bdf572c2fa2561204ea01d2a076a197f89b7cb084d4cdd2c788195309cd507be6847667b2c00b74d94f53291c03201e23c363928968cbe4596649a671458d82001d22205c3d4f6beb5405247d9ad1ad832c12a96e7e557426d8fc85b0069b512354557b7e2124305c0171df610bea39f8dabb973e3fec041fbce781db485d88fa826f74f0e0810e62b63615404c2daeaa354fa3c73baafcd5daca7146f3afee8c30cb257f6b25843c5df2317c1d05a619e86e843c081169e0dfd5036cd19f9ef
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 1834b81889070312b5c4ca72ea419a5e
+            Version: 3
+            TBS:
+                MD5: 966e59fada7c527111ba61f0cafcb355
+                SHA1: d72efbe2c9127b91fffcfa0825dc16c9f7580e44
+                SHA256: 506eaba716a689df7e0bb57b6f41afea02cce8c4af4d2392e96bd2e1bf483528
+                SHA384: 0edb1fa0ccc2600fcd37358eb158fae5b72cc13fd3ff6cd0518aa6c780377dd5a7e39145784d4b9c595f163be613f2f1
+        -   Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 SHA256 Code Signing CA
+            ValidFrom: '2013-12-10 00:00:00'
+            ValidTo: '2023-12-09 23:59:59'
+            Signature: 13851a1e69a937f7a0bda4af7e1d6153fe9d8c5e0ca6751e781723ddfdec1a035539fb7195c7655aa78e30d2445a61db706fda2105c22e73ba49f1d193fe5dc9cd5e03e0899e3f741ed7f7388ba9d6cfbb352f3358a89256d1c84d3b82e6798416fc28b0b147f31da23eee87d9a67fa456a53fad842e29de7cbca8aaa33d0401eaba93a20e502229174c87e43a115fd6a425899b056b2fb4c9014c277b0bac190522a060153fdac9fb4d4c8ffb726777fd2794c7ba350e8849fe8dfd28af4a12bd0db39705de440c15fa362b03dcc15001f1a1115d14e5e2bd274b54be2b845e0fa6c374050aef97c38922b11f77f3bdcd43d4f14ca93fb58b84af64f2d01421
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 3d78d7f9764960b2617df4f01eca862a
+            Version: 3
+            TBS:
+                MD5: 1f056ff7d5f874984dc605402b7cb042
+                SHA1: bdb348353a2203deb4b767914fa1bd7248dd728b
+                SHA256: a08e79c386083d875014c409c13d144e0a24386132980df11ff59737c8489eb1
+                SHA384: fa2729064b49e0d77540c1ee95d5f74acaf8eaf55197851a3a40383335f8113e51190bc48b552196edf8ac5cf0c89278
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        Signer:
+        -   SerialNumber: 1834b81889070312b5c4ca72ea419a5e
+            Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 SHA256 Code Signing CA
+            Version: 1
+    Imphash: e1ecbd956bd016618b07e7dddcaf6e60
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 49143ee3e5fc7193b0826428979792c8
+        SHA1: 2fa99a65d8992e07ac5af3a935861b493669d870
+        SHA256: e269b4cb9df863c31ae13012429f67a0f3cd81481025d35ce6531b33b63b5976
+    Company: Razer, Inc.
+    Copyright: Copyright (C) 2010-2017. Razer, Inc.
+    CreationTimestamp: '2017-09-20 16:34:31'
+    Date: ''
+    Description: Razer Overlay Support
+    ExportedFunctions: ''
+    FileVersion: 1.0.12.10177
+    Filename: ''
+    ImportedFunctions:
+    - IoAcquireCancelSpinLock
+    - IoReleaseCancelSpinLock
+    - ObReferenceObjectByHandle
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - KeAcquireGuardedMutex
+    - KeReleaseGuardedMutex
+    - RtlInitUnicodeString
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - PsGetCurrentProcessId
+    - _wcslwr
+    - wcsstr
+    - PoStartNextPowerIrp
+    - IoDeleteDevice
+    - KeInitializeEvent
+    - PsSetCreateProcessNotifyRoutine
+    - PsSetCreateThreadNotifyRoutine
+    - PsRemoveCreateThreadNotifyRoutine
+    - ZwSetEvent
+    - ZwClose
+    - KeSetEvent
+    - ZwWaitForSingleObject
+    - _purecall
+    - sprintf
+    - _vsnprintf
+    - swprintf
+    - PsLookupProcessByProcessId
+    - PsReferencePrimaryToken
+    - SeQueryInformationToken
+    - RtlLengthRequiredSid
+    - RtlInitializeSid
+    - RtlSubAuthoritySid
+    - RtlEqualSid
+    - PsDereferencePrimaryToken
+    - MmGetSystemRoutineAddress
+    - MmIsAddressValid
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - wcsrchr
+    - ZwOpenProcess
+    - PsLookupThreadByThreadId
+    - ObOpenObjectByPointer
+    - PsThreadType
+    - ZwCreateEvent
+    - KeTickCount
+    - KeBugCheckEx
+    - ObfDereferenceObject
+    - KeGetCurrentThread
+    - IofCompleteRequest
+    - memcpy
+    - memset
+    - RtlUnwind
+    - KfAcquireSpinLock
+    - ExReleaseFastMutex
+    - ExAcquireFastMutex
+    - KfReleaseSpinLock
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: Rzpnk
+    MD5: 1c9d2a993e99054050b596d88b307d95
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: Rzpnk.sys
+    PDBPath: ''
+    Product: Rzpnk
+    ProductVersion: 1.0.12.10177
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 4a9a353a14ee7f23eb41b8a45b487e20
+        SHA1: 6c6a81d70919694d3abe35859966f0d320d0b3a3
+        SHA256: 89faf986a8af825587e8da0861c420dad1d83ce6bb17589fd1d397352352159c
+    SHA1: 6293ff11805cd33bccbcca9f0132bff3ae2e2534
+    SHA256: 9eba5d1545fdbf37cf053ac3f3ba45bcb651b8abb7805cbfdfb5f91ea294fb95
+    Sections:
+        .text:
+            Entropy: 6.128458524856704
+            Virtual Size: '0x3878'
+        .rdata:
+            Entropy: 0.7781386812218317
+            Virtual Size: '0x8b54'
+        .data:
+            Entropy: 0.16801126406945746
+            Virtual Size: '0x308'
+        PAGE:
+            Entropy: 4.455274446152897
+            Virtual Size: '0x69'
+        INIT:
+            Entropy: 5.513410336591057
+            Virtual Size: '0x61e'
+        .rsrc:
+            Entropy: 3.331606785935212
+            Virtual Size: '0x348'
+        .reloc:
+            Entropy: 6.56214856252232
+            Virtual Size: '0x3d8'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=California, L=Irvine, O=Razer USA Ltd., CN=Razer USA
+                Ltd.
+            ValidFrom: '2016-02-10 00:00:00'
+            ValidTo: '2019-02-07 23:59:59'
+            Signature: 06b8b8ab165538f61a5033c866556c0dd5e0f3ccc78633965b7feb8b012f312c40d09a3916370efd6a1747fa6c39c0de0be5226f7de748d11854a396dfcdfb31bdf572c2fa2561204ea01d2a076a197f89b7cb084d4cdd2c788195309cd507be6847667b2c00b74d94f53291c03201e23c363928968cbe4596649a671458d82001d22205c3d4f6beb5405247d9ad1ad832c12a96e7e557426d8fc85b0069b512354557b7e2124305c0171df610bea39f8dabb973e3fec041fbce781db485d88fa826f74f0e0810e62b63615404c2daeaa354fa3c73baafcd5daca7146f3afee8c30cb257f6b25843c5df2317c1d05a619e86e843c081169e0dfd5036cd19f9ef
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 1834b81889070312b5c4ca72ea419a5e
+            Version: 3
+            TBS:
+                MD5: 966e59fada7c527111ba61f0cafcb355
+                SHA1: d72efbe2c9127b91fffcfa0825dc16c9f7580e44
+                SHA256: 506eaba716a689df7e0bb57b6f41afea02cce8c4af4d2392e96bd2e1bf483528
+                SHA384: 0edb1fa0ccc2600fcd37358eb158fae5b72cc13fd3ff6cd0518aa6c780377dd5a7e39145784d4b9c595f163be613f2f1
+        -   Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 SHA256 Code Signing CA
+            ValidFrom: '2013-12-10 00:00:00'
+            ValidTo: '2023-12-09 23:59:59'
+            Signature: 13851a1e69a937f7a0bda4af7e1d6153fe9d8c5e0ca6751e781723ddfdec1a035539fb7195c7655aa78e30d2445a61db706fda2105c22e73ba49f1d193fe5dc9cd5e03e0899e3f741ed7f7388ba9d6cfbb352f3358a89256d1c84d3b82e6798416fc28b0b147f31da23eee87d9a67fa456a53fad842e29de7cbca8aaa33d0401eaba93a20e502229174c87e43a115fd6a425899b056b2fb4c9014c277b0bac190522a060153fdac9fb4d4c8ffb726777fd2794c7ba350e8849fe8dfd28af4a12bd0db39705de440c15fa362b03dcc15001f1a1115d14e5e2bd274b54be2b845e0fa6c374050aef97c38922b11f77f3bdcd43d4f14ca93fb58b84af64f2d01421
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 3d78d7f9764960b2617df4f01eca862a
+            Version: 3
+            TBS:
+                MD5: 1f056ff7d5f874984dc605402b7cb042
+                SHA1: bdb348353a2203deb4b767914fa1bd7248dd728b
+                SHA256: a08e79c386083d875014c409c13d144e0a24386132980df11ff59737c8489eb1
+                SHA384: fa2729064b49e0d77540c1ee95d5f74acaf8eaf55197851a3a40383335f8113e51190bc48b552196edf8ac5cf0c89278
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        Signer:
+        -   SerialNumber: 1834b81889070312b5c4ca72ea419a5e
+            Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 SHA256 Code Signing CA
+            Version: 1
+    Imphash: 7fb9382c0d754d5aac897d7a3e72b10c
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 4b6d5f6c61c9820aaf6dd10acbcc8385
+        SHA1: 1ac31466261a6da69fbeb8e99d0b7b772071ac7f
+        SHA256: d2e10e17bca5e85e6b84345b47aab14adf45d98c672db6acf90479a7faf20b5a
+    Company: Razer, Inc.
+    Copyright: Copyright (C) 2010-2014
+    CreationTimestamp: '2015-09-16 18:16:35'
+    Date: ''
+    Description: Razer Overlay Support
+    ExportedFunctions: ''
+    FileVersion: 1.0.12.7465
+    Filename: ''
+    ImportedFunctions:
+    - IofCompleteRequest
+    - ObfDereferenceObject
+    - ObfReferenceObject
+    - KeClearEvent
+    - KeWaitForSingleObject
+    - IoAcquireCancelSpinLock
+    - IoReleaseCancelSpinLock
+    - ObReferenceObjectByHandle
+    - ExEventObjectType
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - ExAcquireFastMutex
+    - ExReleaseFastMutex
+    - KeAcquireGuardedMutex
+    - KeReleaseGuardedMutex
+    - KeAcquireSpinLockRaiseToDpc
+    - KeReleaseSpinLock
+    - RtlInitUnicodeString
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - PoStartNextPowerIrp
+    - ZwLoadDriver
+    - IoGetDeviceObjectPointer
+    - ZwUnloadDriver
+    - IoAttachDeviceToDeviceStack
+    - IoDeleteDevice
+    - KeInitializeEvent
+    - IofCallDriver
+    - PoCallDriver
+    - PsSetCreateProcessNotifyRoutine
+    - PsSetCreateThreadNotifyRoutine
+    - PsRemoveCreateThreadNotifyRoutine
+    - ZwSetEvent
+    - _wcslwr
+    - wcsstr
+    - ZwClose
+    - KeSetEvent
+    - ZwWaitForSingleObject
+    - _purecall
+    - sprintf
+    - _vsnprintf
+    - DbgPrint
+    - swprintf
+    - KeInitializeGuardedMutex
+    - PsLookupProcessByProcessId
+    - PsReferencePrimaryToken
+    - SeQueryInformationToken
+    - RtlLengthRequiredSid
+    - RtlInitializeSid
+    - RtlSubAuthoritySid
+    - RtlEqualSid
+    - PsDereferencePrimaryToken
+    - MmGetSystemRoutineAddress
+    - MmIsAddressValid
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - wcsrchr
+    - ZwOpenProcess
+    - PsLookupThreadByThreadId
+    - ObOpenObjectByPointer
+    - PsThreadType
+    - ZwCreateEvent
+    - PsGetCurrentProcessId
+    - RtlInitString
+    - RtlCompareString
+    - ZwMapViewOfSection
+    - KeBugCheckEx
+    - __C_specific_handler
+    Imports:
+    - ntoskrnl.exe
+    InternalName: Rzpnk
+    MD5: b4598c05d5440250633e25933fff42b0
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: Rzpnk.sys
+    PDBPath: ''
+    Product: Rzpnk
+    ProductVersion: 1.0.12.7465
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: d95b83b1676185463804c7be60a5629a
+        SHA1: 1d9671d566106c909d9fb90ad6d433103705a06e
+        SHA256: 98a9df9ab526c9ccc780176b4ab4f0bdf1479789da7a463f76afa5ca5eeb57a8
+    SHA1: f999709e5b00a68a0f4fa912619fe6548ad0c42d
+    SHA256: a66d2fb7ef7350ea74d4290c57fb62bc59c6ea93f759d4ca93c3febca7aeb512
+    Sections:
+        .text:
+            Entropy: 6.022819869183744
+            Virtual Size: '0x786e'
+        .rdata:
+            Entropy: 2.156441781870166
+            Virtual Size: '0x144fc'
+        .data:
+            Entropy: 0.15812764646865457
+            Virtual Size: '0x3e4'
+        .pdata:
+            Entropy: 4.83123136246416
+            Virtual Size: '0xcb4'
+        PAGE:
+            Entropy: 4.405262522641727
+            Virtual Size: '0x87'
+        INIT:
+            Entropy: 5.345466868963517
+            Virtual Size: '0x884'
+        .rsrc:
+            Entropy: 3.3229086430258863
+            Virtual Size: '0x328'
+        .reloc:
+            Entropy: 4.404219521463952
+            Virtual Size: '0x94'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=KY, ST=Cayman Islands, L=George Town, O=Razer Inc., OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, CN=Razer Inc.
+            ValidFrom: '2013-09-13 00:00:00'
+            ValidTo: '2016-08-02 23:59:59'
+            Signature: 7fed5fa5da7959a757624348c39cb82555cbfa8fef504c4f9240c1832d551fa464a0f36ce293c269028849708ded45320d843e52e6e0a5c45d4c048f1c61db7831aa29bee4524cf538db8d5e3e810af96c8a2b4e85c17e6c6eefe399d57722554303e99d8b81d546bc42f89165b7c44efba44b0d073ed1d1fcae1b17e61a8e3995b5c61e33bf7c0c4d540ab2b925bcb7141159fa8095912ecccf2ad734a6362981e0248b1765df2a8815904dddf5817d76a2f493fb505624e2cd4341a39d40a3a0247a9886642d4f2f87d768efb8f08f89192eef8b635d8b76f97a3e84dfb4f05e6b1d16adc6101b7b2869aa277f886be34571d4f3af59744d4132bf2e694dc4
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 4e4563adead3fedac7bd44ec5c590577
+            Version: 3
+            TBS:
+                MD5: 62e336c644b79eb95f869025a59a0814
+                SHA1: a2f3feca99242c7df87dbe3676a64c4dba12b76b
+                SHA256: 3b43e76a05117b0ee9c87f7b98005a1a4b804d633660c8e3a43d342ba9184e1b
+                SHA384: 06fa6279fc3c74eade44518adb2b1c269e30736e11ff02f8e3b1f4a3e55a9f0b07ec215f9654d579c25c90627809182c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 4e4563adead3fedac7bd44ec5c590577
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: e1ecbd956bd016618b07e7dddcaf6e60
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 870f5888401c299ad7b0cacabd53edc2
+        SHA1: fb21a2be31b336ac5da2f69c93c4ff4f8fe30a42
+        SHA256: def61560c0650717cb1da923f0d674b363b8f2051247719b34f06744bbb79000
+    Company: Razer, Inc.
+    Copyright: Copyright (C) 2010-2014
+    CreationTimestamp: '2015-09-16 18:15:26'
+    Date: ''
+    Description: Razer Overlay Support
+    ExportedFunctions: ''
+    FileVersion: 1.0.12.7465
+    Filename: ''
+    ImportedFunctions:
+    - IoAcquireCancelSpinLock
+    - IoReleaseCancelSpinLock
+    - ObReferenceObjectByHandle
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - KeAcquireGuardedMutex
+    - KeReleaseGuardedMutex
+    - RtlInitUnicodeString
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - PoStartNextPowerIrp
+    - IoDeleteDevice
+    - KeInitializeEvent
+    - PsSetCreateProcessNotifyRoutine
+    - PsSetCreateThreadNotifyRoutine
+    - PsRemoveCreateThreadNotifyRoutine
+    - ZwSetEvent
+    - _wcslwr
+    - wcsstr
+    - ZwClose
+    - KeSetEvent
+    - ZwWaitForSingleObject
+    - _purecall
+    - KeGetCurrentThread
+    - sprintf
+    - _vsnprintf
+    - swprintf
+    - PsLookupProcessByProcessId
+    - PsReferencePrimaryToken
+    - SeQueryInformationToken
+    - RtlLengthRequiredSid
+    - RtlInitializeSid
+    - RtlSubAuthoritySid
+    - RtlEqualSid
+    - PsDereferencePrimaryToken
+    - MmGetSystemRoutineAddress
+    - MmIsAddressValid
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - wcsrchr
+    - ZwOpenProcess
+    - PsLookupThreadByThreadId
+    - ObOpenObjectByPointer
+    - PsThreadType
+    - ZwCreateEvent
+    - PsGetCurrentProcessId
+    - ZwMapViewOfSection
+    - KeTickCount
+    - KeBugCheckEx
+    - ObfDereferenceObject
+    - IofCompleteRequest
+    - memcpy
+    - memset
+    - RtlUnwind
+    - KfAcquireSpinLock
+    - ExReleaseFastMutex
+    - ExAcquireFastMutex
+    - KfReleaseSpinLock
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: Rzpnk
+    MD5: 0d8daf471d871deb90225d2953c0eb95
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: Rzpnk.sys
+    PDBPath: ''
+    Product: Rzpnk
+    ProductVersion: 1.0.12.7465
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: c723c2141747136a803cc8d5df9b0e9c
+        SHA1: ab3959e0fa2376ebca63456374e4454a4d711ec1
+        SHA256: 4d91707d4f7a8f5cbedd69ff24b76a642fe430fa85657e0622340935b9806df5
+    SHA1: f0d6b0bcd5f47b41d3c3192e244314d99d1df409
+    SHA256: 9724488ca2ba4c787640c49131f4d1daae5bd47d6b2e7e5f9e8918b1d6f655be
+    Sections:
+        .text:
+            Entropy: 6.147790168427177
+            Virtual Size: '0x3820'
+        .rdata:
+            Entropy: 0.7852972442434865
+            Virtual Size: '0x8b54'
+        .data:
+            Entropy: 0.16801126406945746
+            Virtual Size: '0x308'
+        PAGE:
+            Entropy: 4.462463850935407
+            Virtual Size: '0x69'
+        INIT:
+            Entropy: 5.522612592290352
+            Virtual Size: '0x638'
+        .rsrc:
+            Entropy: 3.3171115841441816
+            Virtual Size: '0x328'
+        .reloc:
+            Entropy: 6.493689021459392
+            Virtual Size: '0x3ec'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=KY, ST=Cayman Islands, L=George Town, O=Razer Inc., OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, CN=Razer Inc.
+            ValidFrom: '2013-09-13 00:00:00'
+            ValidTo: '2016-08-02 23:59:59'
+            Signature: 7fed5fa5da7959a757624348c39cb82555cbfa8fef504c4f9240c1832d551fa464a0f36ce293c269028849708ded45320d843e52e6e0a5c45d4c048f1c61db7831aa29bee4524cf538db8d5e3e810af96c8a2b4e85c17e6c6eefe399d57722554303e99d8b81d546bc42f89165b7c44efba44b0d073ed1d1fcae1b17e61a8e3995b5c61e33bf7c0c4d540ab2b925bcb7141159fa8095912ecccf2ad734a6362981e0248b1765df2a8815904dddf5817d76a2f493fb505624e2cd4341a39d40a3a0247a9886642d4f2f87d768efb8f08f89192eef8b635d8b76f97a3e84dfb4f05e6b1d16adc6101b7b2869aa277f886be34571d4f3af59744d4132bf2e694dc4
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 4e4563adead3fedac7bd44ec5c590577
+            Version: 3
+            TBS:
+                MD5: 62e336c644b79eb95f869025a59a0814
+                SHA1: a2f3feca99242c7df87dbe3676a64c4dba12b76b
+                SHA256: 3b43e76a05117b0ee9c87f7b98005a1a4b804d633660c8e3a43d342ba9184e1b
+                SHA384: 06fa6279fc3c74eade44518adb2b1c269e30736e11ff02f8e3b1f4a3e55a9f0b07ec215f9654d579c25c90627809182c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 4e4563adead3fedac7bd44ec5c590577
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: cc335217d6f7ab7a53dcfa55cbda5fb0
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 13d7aa7733e7db4e391dba54f3f4b61f
+        SHA1: d466b8fa00d2fdd9834d5d3bafdf8cbc0ccf139c
+        SHA256: bedb1e28fd1cdf391edc859c58cb318a9ab686f254195246909b245e7aaf7669
+    Company: Razer, Inc.
+    Copyright: Copyright (C) 2010-2018. Razer, Inc.
+    CreationTimestamp: '2018-03-19 12:54:13'
+    Date: ''
+    Description: Razer Overlay Support
+    ExportedFunctions: ''
+    FileVersion: 1.0.12.10201
+    Filename: ''
+    ImportedFunctions:
+    - IoAcquireCancelSpinLock
+    - IoReleaseCancelSpinLock
+    - ObReferenceObjectByHandle
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - KeAcquireGuardedMutex
+    - KeReleaseGuardedMutex
+    - RtlInitUnicodeString
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - PsGetCurrentProcessId
+    - _wcslwr
+    - wcsstr
+    - PoStartNextPowerIrp
+    - IoDeleteDevice
+    - KeInitializeEvent
+    - PsSetCreateProcessNotifyRoutine
+    - PsSetCreateThreadNotifyRoutine
+    - PsRemoveCreateThreadNotifyRoutine
+    - ZwSetEvent
+    - ZwClose
+    - KeSetEvent
+    - ZwWaitForSingleObject
+    - _purecall
+    - KeGetCurrentThread
+    - sprintf
+    - _vsnprintf
+    - swprintf
+    - PsLookupProcessByProcessId
+    - PsReferencePrimaryToken
+    - SeQueryInformationToken
+    - RtlLengthRequiredSid
+    - RtlInitializeSid
+    - RtlSubAuthoritySid
+    - RtlEqualSid
+    - PsDereferencePrimaryToken
+    - MmGetSystemRoutineAddress
+    - MmIsAddressValid
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - wcsrchr
+    - ZwOpenProcess
+    - PsLookupThreadByThreadId
+    - ObOpenObjectByPointer
+    - PsThreadType
+    - ZwCreateEvent
+    - KeTickCount
+    - KeBugCheckEx
+    - ObfDereferenceObject
+    - IofCompleteRequest
+    - memcpy
+    - memset
+    - RtlUnwind
+    - KfAcquireSpinLock
+    - ExReleaseFastMutex
+    - ExAcquireFastMutex
+    - KfReleaseSpinLock
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: Rzpnk
+    MD5: 3c1f92a1386fa6cf1ba51bae5e9a98dd
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: Rzpnk.sys
+    PDBPath: ''
+    Product: Rzpnk
+    ProductVersion: 1.0.12.10201
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 74246c83ad31479ca2853d2303658a0b
+        SHA1: 52345554a866b72e0e63cad68915f73877138d99
+        SHA256: 03ea97d4e2a7432508634ad865d3ec46fc3bf05c92874ae57fb5cfeacced2b2b
+    SHA1: d083e69055556a36df7c6e02115cbbf90726f35c
+    SHA256: 4c2d2122ef7a100e1651f2ec50528c0d1a2b8a71c075461f0dc58a1aca36bc61
+    Sections:
+        .text:
+            Entropy: 6.1267659551337
+            Virtual Size: '0x3888'
+        .rdata:
+            Entropy: 0.7774911680764585
+            Virtual Size: '0x8b54'
+        .data:
+            Entropy: 0.16801126406945746
+            Virtual Size: '0x308'
+        PAGE:
+            Entropy: 4.345324837503696
+            Virtual Size: '0x69'
+        INIT:
+            Entropy: 5.5036715965307845
+            Virtual Size: '0x61e'
+        .rsrc:
+            Entropy: 3.321864460423256
+            Virtual Size: '0x348'
+        .reloc:
+            Entropy: 6.534717310120353
+            Virtual Size: '0x3d8'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=California, L=Irvine, O=Razer USA Ltd., CN=Razer USA
+                Ltd.
+            ValidFrom: '2016-02-10 00:00:00'
+            ValidTo: '2019-02-07 23:59:59'
+            Signature: 06b8b8ab165538f61a5033c866556c0dd5e0f3ccc78633965b7feb8b012f312c40d09a3916370efd6a1747fa6c39c0de0be5226f7de748d11854a396dfcdfb31bdf572c2fa2561204ea01d2a076a197f89b7cb084d4cdd2c788195309cd507be6847667b2c00b74d94f53291c03201e23c363928968cbe4596649a671458d82001d22205c3d4f6beb5405247d9ad1ad832c12a96e7e557426d8fc85b0069b512354557b7e2124305c0171df610bea39f8dabb973e3fec041fbce781db485d88fa826f74f0e0810e62b63615404c2daeaa354fa3c73baafcd5daca7146f3afee8c30cb257f6b25843c5df2317c1d05a619e86e843c081169e0dfd5036cd19f9ef
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 1834b81889070312b5c4ca72ea419a5e
+            Version: 3
+            TBS:
+                MD5: 966e59fada7c527111ba61f0cafcb355
+                SHA1: d72efbe2c9127b91fffcfa0825dc16c9f7580e44
+                SHA256: 506eaba716a689df7e0bb57b6f41afea02cce8c4af4d2392e96bd2e1bf483528
+                SHA384: 0edb1fa0ccc2600fcd37358eb158fae5b72cc13fd3ff6cd0518aa6c780377dd5a7e39145784d4b9c595f163be613f2f1
+        -   Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 SHA256 Code Signing CA
+            ValidFrom: '2013-12-10 00:00:00'
+            ValidTo: '2023-12-09 23:59:59'
+            Signature: 13851a1e69a937f7a0bda4af7e1d6153fe9d8c5e0ca6751e781723ddfdec1a035539fb7195c7655aa78e30d2445a61db706fda2105c22e73ba49f1d193fe5dc9cd5e03e0899e3f741ed7f7388ba9d6cfbb352f3358a89256d1c84d3b82e6798416fc28b0b147f31da23eee87d9a67fa456a53fad842e29de7cbca8aaa33d0401eaba93a20e502229174c87e43a115fd6a425899b056b2fb4c9014c277b0bac190522a060153fdac9fb4d4c8ffb726777fd2794c7ba350e8849fe8dfd28af4a12bd0db39705de440c15fa362b03dcc15001f1a1115d14e5e2bd274b54be2b845e0fa6c374050aef97c38922b11f77f3bdcd43d4f14ca93fb58b84af64f2d01421
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 3d78d7f9764960b2617df4f01eca862a
+            Version: 3
+            TBS:
+                MD5: 1f056ff7d5f874984dc605402b7cb042
+                SHA1: bdb348353a2203deb4b767914fa1bd7248dd728b
+                SHA256: a08e79c386083d875014c409c13d144e0a24386132980df11ff59737c8489eb1
+                SHA384: fa2729064b49e0d77540c1ee95d5f74acaf8eaf55197851a3a40383335f8113e51190bc48b552196edf8ac5cf0c89278
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        Signer:
+        -   SerialNumber: 1834b81889070312b5c4ca72ea419a5e
+            Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 SHA256 Code Signing CA
+            Version: 1
+    Imphash: d67b7c7501e5261df5e66b3219fa52ee
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 76934be6e996e801ea4d68c504d427c3
+        SHA1: b2e03d9e602a6026f45c08b686c6810abd43bfac
+        SHA256: 982ad43111d8b7a7900df652c8873eeb6aa485bb429dee6c2ad44acf598bb5e6
+    Company: Razer, Inc.
+    Copyright: Copyright (C) 2010-2017. Razer, Inc.
+    CreationTimestamp: '2017-07-16 13:10:48'
+    Date: ''
+    Description: Razer Overlay Support
+    ExportedFunctions: ''
+    FileVersion: 1.0.12.10155
+    Filename: ''
+    ImportedFunctions:
+    - IoAcquireCancelSpinLock
+    - IoReleaseCancelSpinLock
+    - ObReferenceObjectByHandle
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - KeAcquireGuardedMutex
+    - KeReleaseGuardedMutex
+    - RtlInitUnicodeString
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - PoStartNextPowerIrp
+    - IoDeleteDevice
+    - KeInitializeEvent
+    - PsSetCreateProcessNotifyRoutine
+    - PsSetCreateThreadNotifyRoutine
+    - PsRemoveCreateThreadNotifyRoutine
+    - ZwSetEvent
+    - _wcslwr
+    - wcsstr
+    - ZwClose
+    - KeSetEvent
+    - ZwWaitForSingleObject
+    - _purecall
+    - KeGetCurrentThread
+    - _vsnprintf
+    - swprintf
+    - PsLookupProcessByProcessId
+    - PsReferencePrimaryToken
+    - SeQueryInformationToken
+    - RtlLengthRequiredSid
+    - RtlInitializeSid
+    - RtlSubAuthoritySid
+    - RtlEqualSid
+    - PsDereferencePrimaryToken
+    - MmGetSystemRoutineAddress
+    - MmIsAddressValid
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - wcsrchr
+    - ZwOpenProcess
+    - PsLookupThreadByThreadId
+    - ObOpenObjectByPointer
+    - PsThreadType
+    - ZwCreateEvent
+    - PsGetCurrentProcessId
+    - ZwOpenProcessTokenEx
+    - ZwQueryInformationToken
+    - RtlSubAuthorityCountSid
+    - KeTickCount
+    - KeBugCheckEx
+    - ObfDereferenceObject
+    - sprintf
+    - IofCompleteRequest
+    - memcpy
+    - memset
+    - RtlUnwind
+    - KfAcquireSpinLock
+    - ExReleaseFastMutex
+    - ExAcquireFastMutex
+    - KfReleaseSpinLock
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: Rzpnk
+    MD5: 2e7d824a49d731da9fc96262a29c85ce
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: Rzpnk.sys
+    PDBPath: ''
+    Product: Rzpnk
+    ProductVersion: 1.0.12.10155
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 4a9a353a14ee7f23eb41b8a45b487e20
+        SHA1: 6c6a81d70919694d3abe35859966f0d320d0b3a3
+        SHA256: 89faf986a8af825587e8da0861c420dad1d83ce6bb17589fd1d397352352159c
+    SHA1: a4e2e227f984f344d48f4bf088ca9d020c63db4e
+    SHA256: 2665d3127ddd9411af38a255787a4e2483d720aa021be8d6418e071da52ed266
+    Sections:
+        .text:
+            Entropy: 6.13737056754944
+            Virtual Size: '0x3870'
+        .rdata:
+            Entropy: 0.7745929346692745
+            Virtual Size: '0x8b34'
+        .data:
+            Entropy: 0.16801126406945746
+            Virtual Size: '0x308'
+        PAGE:
+            Entropy: 4.500559089030644
+            Virtual Size: '0x69'
+        INIT:
+            Entropy: 5.53827735746872
+            Virtual Size: '0x676'
+        .rsrc:
+            Entropy: 3.335903976976208
+            Virtual Size: '0x348'
+        .reloc:
+            Entropy: 6.523525927018517
+            Virtual Size: '0x3dc'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=California, L=Irvine, O=Razer USA Ltd., CN=Razer USA
+                Ltd.
+            ValidFrom: '2016-02-10 00:00:00'
+            ValidTo: '2019-02-07 23:59:59'
+            Signature: 06b8b8ab165538f61a5033c866556c0dd5e0f3ccc78633965b7feb8b012f312c40d09a3916370efd6a1747fa6c39c0de0be5226f7de748d11854a396dfcdfb31bdf572c2fa2561204ea01d2a076a197f89b7cb084d4cdd2c788195309cd507be6847667b2c00b74d94f53291c03201e23c363928968cbe4596649a671458d82001d22205c3d4f6beb5405247d9ad1ad832c12a96e7e557426d8fc85b0069b512354557b7e2124305c0171df610bea39f8dabb973e3fec041fbce781db485d88fa826f74f0e0810e62b63615404c2daeaa354fa3c73baafcd5daca7146f3afee8c30cb257f6b25843c5df2317c1d05a619e86e843c081169e0dfd5036cd19f9ef
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 1834b81889070312b5c4ca72ea419a5e
+            Version: 3
+            TBS:
+                MD5: 966e59fada7c527111ba61f0cafcb355
+                SHA1: d72efbe2c9127b91fffcfa0825dc16c9f7580e44
+                SHA256: 506eaba716a689df7e0bb57b6f41afea02cce8c4af4d2392e96bd2e1bf483528
+                SHA384: 0edb1fa0ccc2600fcd37358eb158fae5b72cc13fd3ff6cd0518aa6c780377dd5a7e39145784d4b9c595f163be613f2f1
+        -   Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 SHA256 Code Signing CA
+            ValidFrom: '2013-12-10 00:00:00'
+            ValidTo: '2023-12-09 23:59:59'
+            Signature: 13851a1e69a937f7a0bda4af7e1d6153fe9d8c5e0ca6751e781723ddfdec1a035539fb7195c7655aa78e30d2445a61db706fda2105c22e73ba49f1d193fe5dc9cd5e03e0899e3f741ed7f7388ba9d6cfbb352f3358a89256d1c84d3b82e6798416fc28b0b147f31da23eee87d9a67fa456a53fad842e29de7cbca8aaa33d0401eaba93a20e502229174c87e43a115fd6a425899b056b2fb4c9014c277b0bac190522a060153fdac9fb4d4c8ffb726777fd2794c7ba350e8849fe8dfd28af4a12bd0db39705de440c15fa362b03dcc15001f1a1115d14e5e2bd274b54be2b845e0fa6c374050aef97c38922b11f77f3bdcd43d4f14ca93fb58b84af64f2d01421
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 3d78d7f9764960b2617df4f01eca862a
+            Version: 3
+            TBS:
+                MD5: 1f056ff7d5f874984dc605402b7cb042
+                SHA1: bdb348353a2203deb4b767914fa1bd7248dd728b
+                SHA256: a08e79c386083d875014c409c13d144e0a24386132980df11ff59737c8489eb1
+                SHA384: fa2729064b49e0d77540c1ee95d5f74acaf8eaf55197851a3a40383335f8113e51190bc48b552196edf8ac5cf0c89278
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        Signer:
+        -   SerialNumber: 1834b81889070312b5c4ca72ea419a5e
+            Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 SHA256 Code Signing CA
+            Version: 1
+    Imphash: 700a9350ac8b218ab9fc62cf25337ad3
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 4b6d5f6c61c9820aaf6dd10acbcc8385
+        SHA1: 1ac31466261a6da69fbeb8e99d0b7b772071ac7f
+        SHA256: d2e10e17bca5e85e6b84345b47aab14adf45d98c672db6acf90479a7faf20b5a
+    Company: Razer, Inc.
+    Copyright: Copyright (C) 2010-2014
+    CreationTimestamp: '2015-09-16 18:16:35'
+    Date: ''
+    Description: Razer Overlay Support
+    ExportedFunctions: ''
+    FileVersion: 1.0.12.7465
+    Filename: ''
+    ImportedFunctions:
+    - IofCompleteRequest
+    - ObfDereferenceObject
+    - ObfReferenceObject
+    - KeClearEvent
+    - KeWaitForSingleObject
+    - IoAcquireCancelSpinLock
+    - IoReleaseCancelSpinLock
+    - ObReferenceObjectByHandle
+    - ExEventObjectType
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - ExAcquireFastMutex
+    - ExReleaseFastMutex
+    - KeAcquireGuardedMutex
+    - KeReleaseGuardedMutex
+    - KeAcquireSpinLockRaiseToDpc
+    - KeReleaseSpinLock
+    - RtlInitUnicodeString
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - PoStartNextPowerIrp
+    - ZwLoadDriver
+    - IoGetDeviceObjectPointer
+    - ZwUnloadDriver
+    - IoAttachDeviceToDeviceStack
+    - IoDeleteDevice
+    - KeInitializeEvent
+    - IofCallDriver
+    - PoCallDriver
+    - PsSetCreateProcessNotifyRoutine
+    - PsSetCreateThreadNotifyRoutine
+    - PsRemoveCreateThreadNotifyRoutine
+    - ZwSetEvent
+    - _wcslwr
+    - wcsstr
+    - ZwClose
+    - KeSetEvent
+    - ZwWaitForSingleObject
+    - _purecall
+    - sprintf
+    - _vsnprintf
+    - DbgPrint
+    - swprintf
+    - KeInitializeGuardedMutex
+    - PsLookupProcessByProcessId
+    - PsReferencePrimaryToken
+    - SeQueryInformationToken
+    - RtlLengthRequiredSid
+    - RtlInitializeSid
+    - RtlSubAuthoritySid
+    - RtlEqualSid
+    - PsDereferencePrimaryToken
+    - MmGetSystemRoutineAddress
+    - MmIsAddressValid
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - wcsrchr
+    - ZwOpenProcess
+    - PsLookupThreadByThreadId
+    - ObOpenObjectByPointer
+    - PsThreadType
+    - ZwCreateEvent
+    - PsGetCurrentProcessId
+    - RtlInitString
+    - RtlCompareString
+    - ZwMapViewOfSection
+    - KeBugCheckEx
+    - __C_specific_handler
+    Imports:
+    - ntoskrnl.exe
+    InternalName: Rzpnk
+    MD5: f8a13d4413a93dd005fad116cbd6b6f7
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: Rzpnk.sys
+    PDBPath: ''
+    Product: Rzpnk
+    ProductVersion: 1.0.12.7465
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: d95b83b1676185463804c7be60a5629a
+        SHA1: 1d9671d566106c909d9fb90ad6d433103705a06e
+        SHA256: 98a9df9ab526c9ccc780176b4ab4f0bdf1479789da7a463f76afa5ca5eeb57a8
+    SHA1: 8edcd4b35f5ae88d14e83252390659c6fc79eae3
+    SHA256: 8ed0c00920ce76e832701d45117ed00b12e20588cb6fe8039fbccdfef9841047
+    Sections:
+        .text:
+            Entropy: 6.022819869183744
+            Virtual Size: '0x786e'
+        .rdata:
+            Entropy: 2.156441781870166
+            Virtual Size: '0x144fc'
+        .data:
+            Entropy: 0.15812764646865457
+            Virtual Size: '0x3e4'
+        .pdata:
+            Entropy: 4.83123136246416
+            Virtual Size: '0xcb4'
+        PAGE:
+            Entropy: 4.405262522641727
+            Virtual Size: '0x87'
+        INIT:
+            Entropy: 5.345466868963517
+            Virtual Size: '0x884'
+        .rsrc:
+            Entropy: 3.3229086430258863
+            Virtual Size: '0x328'
+        .reloc:
+            Entropy: 4.404219521463952
+            Virtual Size: '0x94'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=KY, ST=Cayman Islands, L=George Town, O=Razer Inc., OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, CN=Razer Inc.
+            ValidFrom: '2013-09-13 00:00:00'
+            ValidTo: '2016-08-02 23:59:59'
+            Signature: 7fed5fa5da7959a757624348c39cb82555cbfa8fef504c4f9240c1832d551fa464a0f36ce293c269028849708ded45320d843e52e6e0a5c45d4c048f1c61db7831aa29bee4524cf538db8d5e3e810af96c8a2b4e85c17e6c6eefe399d57722554303e99d8b81d546bc42f89165b7c44efba44b0d073ed1d1fcae1b17e61a8e3995b5c61e33bf7c0c4d540ab2b925bcb7141159fa8095912ecccf2ad734a6362981e0248b1765df2a8815904dddf5817d76a2f493fb505624e2cd4341a39d40a3a0247a9886642d4f2f87d768efb8f08f89192eef8b635d8b76f97a3e84dfb4f05e6b1d16adc6101b7b2869aa277f886be34571d4f3af59744d4132bf2e694dc4
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 4e4563adead3fedac7bd44ec5c590577
+            Version: 3
+            TBS:
+                MD5: 62e336c644b79eb95f869025a59a0814
+                SHA1: a2f3feca99242c7df87dbe3676a64c4dba12b76b
+                SHA256: 3b43e76a05117b0ee9c87f7b98005a1a4b804d633660c8e3a43d342ba9184e1b
+                SHA384: 06fa6279fc3c74eade44518adb2b1c269e30736e11ff02f8e3b1f4a3e55a9f0b07ec215f9654d579c25c90627809182c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 4e4563adead3fedac7bd44ec5c590577
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: e1ecbd956bd016618b07e7dddcaf6e60
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 3b53b1da67c8917786be48c57c6a2db1
+        SHA1: b2aac760470a4575bc0f6508179ed32d7c37a5d9
+        SHA256: 39789a159c1196255f1b6d83e23af4082fd4cffe2662e40b71631b4e2e4bc05d
+    Company: Razer, Inc.
+    Copyright: Copyright (C) 2010-2017. Razer, Inc.
+    CreationTimestamp: '2017-07-16 13:12:07'
+    Date: ''
+    Description: Razer Overlay Support
+    ExportedFunctions: ''
+    FileVersion: 1.0.12.10155
+    Filename: ''
+    ImportedFunctions:
+    - IofCompleteRequest
+    - ObfDereferenceObject
+    - ObfReferenceObject
+    - KeClearEvent
+    - KeWaitForSingleObject
+    - IoAcquireCancelSpinLock
+    - IoReleaseCancelSpinLock
+    - ObReferenceObjectByHandle
+    - ExEventObjectType
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - ExAcquireFastMutex
+    - ExReleaseFastMutex
+    - KeAcquireGuardedMutex
+    - KeReleaseGuardedMutex
+    - KeAcquireSpinLockRaiseToDpc
+    - KeReleaseSpinLock
+    - RtlInitUnicodeString
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - PoStartNextPowerIrp
+    - ZwLoadDriver
+    - IoGetDeviceObjectPointer
+    - ZwUnloadDriver
+    - IoAttachDeviceToDeviceStack
+    - IoDeleteDevice
+    - KeInitializeEvent
+    - IofCallDriver
+    - PoCallDriver
+    - PsSetCreateProcessNotifyRoutine
+    - PsSetCreateThreadNotifyRoutine
+    - PsRemoveCreateThreadNotifyRoutine
+    - ZwSetEvent
+    - _wcslwr
+    - wcsstr
+    - ZwClose
+    - KeSetEvent
+    - ZwWaitForSingleObject
+    - _purecall
+    - sprintf
+    - _vsnprintf
+    - DbgPrint
+    - swprintf
+    - KeInitializeGuardedMutex
+    - PsLookupProcessByProcessId
+    - PsReferencePrimaryToken
+    - SeQueryInformationToken
+    - RtlLengthRequiredSid
+    - RtlInitializeSid
+    - RtlSubAuthoritySid
+    - RtlEqualSid
+    - PsDereferencePrimaryToken
+    - MmGetSystemRoutineAddress
+    - MmIsAddressValid
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - wcsrchr
+    - ZwOpenProcess
+    - PsLookupThreadByThreadId
+    - ObOpenObjectByPointer
+    - PsThreadType
+    - ZwCreateEvent
+    - PsGetCurrentProcessId
+    - RtlInitString
+    - RtlCompareString
+    - ZwMapViewOfSection
+    - ZwOpenProcessTokenEx
+    - ZwQueryInformationToken
+    - RtlSubAuthorityCountSid
+    - KeBugCheckEx
+    - __C_specific_handler
+    Imports:
+    - ntoskrnl.exe
+    InternalName: Rzpnk
+    MD5: d4a299c595d35264b5cfd12490a138dc
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: Rzpnk.sys
+    PDBPath: ''
+    Product: Rzpnk
+    ProductVersion: 1.0.12.10155
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: ce0bfa21df06f7d3067953da829fe299
+        SHA1: 49f5fdf333898858dd7297603f3b2347a01e777d
+        SHA256: c059cad135868369281fd57e51cf8d64ac50e012ce54e3efb9321d8b519bd2dd
+    SHA1: 64df813dc0774ef57d21141dcb38d08059fd8660
+    SHA256: d7b743c3f98662c955c616e0d1bb0800c9602e5b6f2385336a72623037bfd6dd
+    Sections:
+        .text:
+            Entropy: 6.029813362546066
+            Virtual Size: '0x797e'
+        .rdata:
+            Entropy: 2.1638565406792596
+            Virtual Size: '0x1457c'
+        .data:
+            Entropy: 0.15812764646865457
+            Virtual Size: '0x3e4'
+        .pdata:
+            Entropy: 4.86837045917237
+            Virtual Size: '0xcf0'
+        PAGE:
+            Entropy: 4.405262522641727
+            Virtual Size: '0x87'
+        INIT:
+            Entropy: 5.362469333828446
+            Virtual Size: '0x8e8'
+        .rsrc:
+            Entropy: 3.3415370361058807
+            Virtual Size: '0x348'
+        .reloc:
+            Entropy: 4.425570968528865
+            Virtual Size: '0x8c'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=California, L=Irvine, O=Razer USA Ltd., CN=Razer USA
+                Ltd.
+            ValidFrom: '2016-02-10 00:00:00'
+            ValidTo: '2019-02-07 23:59:59'
+            Signature: 06b8b8ab165538f61a5033c866556c0dd5e0f3ccc78633965b7feb8b012f312c40d09a3916370efd6a1747fa6c39c0de0be5226f7de748d11854a396dfcdfb31bdf572c2fa2561204ea01d2a076a197f89b7cb084d4cdd2c788195309cd507be6847667b2c00b74d94f53291c03201e23c363928968cbe4596649a671458d82001d22205c3d4f6beb5405247d9ad1ad832c12a96e7e557426d8fc85b0069b512354557b7e2124305c0171df610bea39f8dabb973e3fec041fbce781db485d88fa826f74f0e0810e62b63615404c2daeaa354fa3c73baafcd5daca7146f3afee8c30cb257f6b25843c5df2317c1d05a619e86e843c081169e0dfd5036cd19f9ef
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 1834b81889070312b5c4ca72ea419a5e
+            Version: 3
+            TBS:
+                MD5: 966e59fada7c527111ba61f0cafcb355
+                SHA1: d72efbe2c9127b91fffcfa0825dc16c9f7580e44
+                SHA256: 506eaba716a689df7e0bb57b6f41afea02cce8c4af4d2392e96bd2e1bf483528
+                SHA384: 0edb1fa0ccc2600fcd37358eb158fae5b72cc13fd3ff6cd0518aa6c780377dd5a7e39145784d4b9c595f163be613f2f1
+        -   Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 SHA256 Code Signing CA
+            ValidFrom: '2013-12-10 00:00:00'
+            ValidTo: '2023-12-09 23:59:59'
+            Signature: 13851a1e69a937f7a0bda4af7e1d6153fe9d8c5e0ca6751e781723ddfdec1a035539fb7195c7655aa78e30d2445a61db706fda2105c22e73ba49f1d193fe5dc9cd5e03e0899e3f741ed7f7388ba9d6cfbb352f3358a89256d1c84d3b82e6798416fc28b0b147f31da23eee87d9a67fa456a53fad842e29de7cbca8aaa33d0401eaba93a20e502229174c87e43a115fd6a425899b056b2fb4c9014c277b0bac190522a060153fdac9fb4d4c8ffb726777fd2794c7ba350e8849fe8dfd28af4a12bd0db39705de440c15fa362b03dcc15001f1a1115d14e5e2bd274b54be2b845e0fa6c374050aef97c38922b11f77f3bdcd43d4f14ca93fb58b84af64f2d01421
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 3d78d7f9764960b2617df4f01eca862a
+            Version: 3
+            TBS:
+                MD5: 1f056ff7d5f874984dc605402b7cb042
+                SHA1: bdb348353a2203deb4b767914fa1bd7248dd728b
+                SHA256: a08e79c386083d875014c409c13d144e0a24386132980df11ff59737c8489eb1
+                SHA384: fa2729064b49e0d77540c1ee95d5f74acaf8eaf55197851a3a40383335f8113e51190bc48b552196edf8ac5cf0c89278
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        Signer:
+        -   SerialNumber: 1834b81889070312b5c4ca72ea419a5e
+            Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 SHA256 Code Signing CA
+            Version: 1
+    Imphash: 6b7d4c6283b9b951b7b2f47a0c5be8c7
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 151f2aa65417bbb3563e02d1f60484dc
+        SHA1: 970bd6388867c86b786d4e218d1a6967d7304ee4
+        SHA256: 9d61963c098b07fa7ee6dba40f476fc5d2f16301d79a3e8554319d66c69404a9
+    Company: Razer, Inc.
+    Copyright: Copyright (C) 2010-2018. Razer, Inc.
+    CreationTimestamp: '2018-03-19 12:55:13'
+    Date: ''
+    Description: Razer Overlay Support
+    ExportedFunctions: ''
+    FileVersion: 1.0.12.10201
+    Filename: ''
+    ImportedFunctions:
+    - IofCompleteRequest
+    - ObfDereferenceObject
+    - ObfReferenceObject
+    - KeClearEvent
+    - KeWaitForSingleObject
+    - IoAcquireCancelSpinLock
+    - IoReleaseCancelSpinLock
+    - ObReferenceObjectByHandle
+    - ExEventObjectType
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - ExAcquireFastMutex
+    - ExReleaseFastMutex
+    - KeAcquireGuardedMutex
+    - KeReleaseGuardedMutex
+    - KeAcquireSpinLockRaiseToDpc
+    - KeReleaseSpinLock
+    - RtlInitUnicodeString
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - PsGetCurrentProcessId
+    - _wcslwr
+    - wcsstr
+    - PoStartNextPowerIrp
+    - ZwLoadDriver
+    - IoGetDeviceObjectPointer
+    - ZwUnloadDriver
+    - IoAttachDeviceToDeviceStack
+    - IoDeleteDevice
+    - KeInitializeEvent
+    - IofCallDriver
+    - PoCallDriver
+    - PsSetCreateProcessNotifyRoutine
+    - PsSetCreateThreadNotifyRoutine
+    - PsRemoveCreateThreadNotifyRoutine
+    - ZwSetEvent
+    - ZwClose
+    - KeSetEvent
+    - ZwWaitForSingleObject
+    - _purecall
+    - sprintf
+    - _vsnprintf
+    - DbgPrint
+    - swprintf
+    - KeInitializeGuardedMutex
+    - PsLookupProcessByProcessId
+    - PsReferencePrimaryToken
+    - SeQueryInformationToken
+    - RtlLengthRequiredSid
+    - RtlInitializeSid
+    - RtlSubAuthoritySid
+    - RtlEqualSid
+    - PsDereferencePrimaryToken
+    - MmGetSystemRoutineAddress
+    - MmIsAddressValid
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - wcsrchr
+    - ZwOpenProcess
+    - PsLookupThreadByThreadId
+    - ObOpenObjectByPointer
+    - PsThreadType
+    - ZwCreateEvent
+    - RtlInitString
+    - RtlCompareString
+    - ZwOpenProcessTokenEx
+    - ZwQueryInformationToken
+    - RtlSubAuthorityCountSid
+    - KeBugCheckEx
+    - __C_specific_handler
+    Imports:
+    - ntoskrnl.exe
+    InternalName: Rzpnk
+    MD5: f758e7d53184faab5bc51f751937fa36
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: Rzpnk.sys
+    PDBPath: ''
+    Product: Rzpnk
+    ProductVersion: 1.0.12.10201
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 38005c498229dd5f64251bb3e57a40bf
+        SHA1: 3ddcef7c8b8f8eeaccbc11703dd94c7d300ba1a0
+        SHA256: 27973d74dd877714939b06ddea7c9cad50ac645cd8569f068dc78575c14e6704
+    SHA1: 7e900b0370a1d3cb8a3ea5394d7d094f95ec5dc0
+    SHA256: d59cc3765a2a9fa510273dded5a9f9ac5190f1edf24a00ffd6a1bbd1cb34c757
+    Sections:
+        .text:
+            Entropy: 6.032294908964451
+            Virtual Size: '0x7a82'
+        .rdata:
+            Entropy: 2.158939241562336
+            Virtual Size: '0x14564'
+        .data:
+            Entropy: 0.15812764646865457
+            Virtual Size: '0x3e4'
+        .pdata:
+            Entropy: 4.8892997126668325
+            Virtual Size: '0xcf0'
+        PAGE:
+            Entropy: 4.405262522641727
+            Virtual Size: '0x87'
+        INIT:
+            Entropy: 5.339799543825723
+            Virtual Size: '0x8ca'
+        .rsrc:
+            Entropy: 3.327497519552929
+            Virtual Size: '0x348'
+        .reloc:
+            Entropy: 4.323516902746281
+            Virtual Size: '0x8c'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=California, L=Irvine, O=Razer USA Ltd., CN=Razer USA
+                Ltd.
+            ValidFrom: '2016-02-10 00:00:00'
+            ValidTo: '2019-02-07 23:59:59'
+            Signature: 06b8b8ab165538f61a5033c866556c0dd5e0f3ccc78633965b7feb8b012f312c40d09a3916370efd6a1747fa6c39c0de0be5226f7de748d11854a396dfcdfb31bdf572c2fa2561204ea01d2a076a197f89b7cb084d4cdd2c788195309cd507be6847667b2c00b74d94f53291c03201e23c363928968cbe4596649a671458d82001d22205c3d4f6beb5405247d9ad1ad832c12a96e7e557426d8fc85b0069b512354557b7e2124305c0171df610bea39f8dabb973e3fec041fbce781db485d88fa826f74f0e0810e62b63615404c2daeaa354fa3c73baafcd5daca7146f3afee8c30cb257f6b25843c5df2317c1d05a619e86e843c081169e0dfd5036cd19f9ef
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 1834b81889070312b5c4ca72ea419a5e
+            Version: 3
+            TBS:
+                MD5: 966e59fada7c527111ba61f0cafcb355
+                SHA1: d72efbe2c9127b91fffcfa0825dc16c9f7580e44
+                SHA256: 506eaba716a689df7e0bb57b6f41afea02cce8c4af4d2392e96bd2e1bf483528
+                SHA384: 0edb1fa0ccc2600fcd37358eb158fae5b72cc13fd3ff6cd0518aa6c780377dd5a7e39145784d4b9c595f163be613f2f1
+        -   Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 SHA256 Code Signing CA
+            ValidFrom: '2013-12-10 00:00:00'
+            ValidTo: '2023-12-09 23:59:59'
+            Signature: 13851a1e69a937f7a0bda4af7e1d6153fe9d8c5e0ca6751e781723ddfdec1a035539fb7195c7655aa78e30d2445a61db706fda2105c22e73ba49f1d193fe5dc9cd5e03e0899e3f741ed7f7388ba9d6cfbb352f3358a89256d1c84d3b82e6798416fc28b0b147f31da23eee87d9a67fa456a53fad842e29de7cbca8aaa33d0401eaba93a20e502229174c87e43a115fd6a425899b056b2fb4c9014c277b0bac190522a060153fdac9fb4d4c8ffb726777fd2794c7ba350e8849fe8dfd28af4a12bd0db39705de440c15fa362b03dcc15001f1a1115d14e5e2bd274b54be2b845e0fa6c374050aef97c38922b11f77f3bdcd43d4f14ca93fb58b84af64f2d01421
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 3d78d7f9764960b2617df4f01eca862a
+            Version: 3
+            TBS:
+                MD5: 1f056ff7d5f874984dc605402b7cb042
+                SHA1: bdb348353a2203deb4b767914fa1bd7248dd728b
+                SHA256: a08e79c386083d875014c409c13d144e0a24386132980df11ff59737c8489eb1
+                SHA384: fa2729064b49e0d77540c1ee95d5f74acaf8eaf55197851a3a40383335f8113e51190bc48b552196edf8ac5cf0c89278
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        Signer:
+        -   SerialNumber: 1834b81889070312b5c4ca72ea419a5e
+            Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 SHA256 Code Signing CA
+            Version: 1
+    Imphash: 5192bc7311bdeb1f3977bdc0d2e943e4
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 870f5888401c299ad7b0cacabd53edc2
+        SHA1: fb21a2be31b336ac5da2f69c93c4ff4f8fe30a42
+        SHA256: def61560c0650717cb1da923f0d674b363b8f2051247719b34f06744bbb79000
+    Company: Razer, Inc.
+    Copyright: Copyright (C) 2010-2014
+    CreationTimestamp: '2015-09-16 18:15:26'
+    Date: ''
+    Description: Razer Overlay Support
+    ExportedFunctions: ''
+    FileVersion: 1.0.12.7465
+    Filename: ''
+    ImportedFunctions:
+    - IoAcquireCancelSpinLock
+    - IoReleaseCancelSpinLock
+    - ObReferenceObjectByHandle
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - KeAcquireGuardedMutex
+    - KeReleaseGuardedMutex
+    - RtlInitUnicodeString
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - PoStartNextPowerIrp
+    - IoDeleteDevice
+    - KeInitializeEvent
+    - PsSetCreateProcessNotifyRoutine
+    - PsSetCreateThreadNotifyRoutine
+    - PsRemoveCreateThreadNotifyRoutine
+    - ZwSetEvent
+    - _wcslwr
+    - wcsstr
+    - ZwClose
+    - KeSetEvent
+    - ZwWaitForSingleObject
+    - _purecall
+    - KeGetCurrentThread
+    - sprintf
+    - _vsnprintf
+    - swprintf
+    - PsLookupProcessByProcessId
+    - PsReferencePrimaryToken
+    - SeQueryInformationToken
+    - RtlLengthRequiredSid
+    - RtlInitializeSid
+    - RtlSubAuthoritySid
+    - RtlEqualSid
+    - PsDereferencePrimaryToken
+    - MmGetSystemRoutineAddress
+    - MmIsAddressValid
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - wcsrchr
+    - ZwOpenProcess
+    - PsLookupThreadByThreadId
+    - ObOpenObjectByPointer
+    - PsThreadType
+    - ZwCreateEvent
+    - PsGetCurrentProcessId
+    - ZwMapViewOfSection
+    - KeTickCount
+    - KeBugCheckEx
+    - ObfDereferenceObject
+    - IofCompleteRequest
+    - memcpy
+    - memset
+    - RtlUnwind
+    - KfAcquireSpinLock
+    - ExReleaseFastMutex
+    - ExAcquireFastMutex
+    - KfReleaseSpinLock
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: Rzpnk
+    MD5: 05a6f843c43d75fbce8e885bb8656aa4
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: Rzpnk.sys
+    PDBPath: ''
+    Product: Rzpnk
+    ProductVersion: 1.0.12.7465
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: c723c2141747136a803cc8d5df9b0e9c
+        SHA1: ab3959e0fa2376ebca63456374e4454a4d711ec1
+        SHA256: 4d91707d4f7a8f5cbedd69ff24b76a642fe430fa85657e0622340935b9806df5
+    SHA1: d72de7e8f0118153dd5cf784f724e725865fc523
+    SHA256: e77786b21dbe73e9619ac9aac5e7e92989333d559aa22b4b65c97f0a42ff2e21
+    Sections:
+        .text:
+            Entropy: 6.147790168427177
+            Virtual Size: '0x3820'
+        .rdata:
+            Entropy: 0.7852972442434865
+            Virtual Size: '0x8b54'
+        .data:
+            Entropy: 0.16801126406945746
+            Virtual Size: '0x308'
+        PAGE:
+            Entropy: 4.462463850935407
+            Virtual Size: '0x69'
+        INIT:
+            Entropy: 5.522612592290352
+            Virtual Size: '0x638'
+        .rsrc:
+            Entropy: 3.3171115841441816
+            Virtual Size: '0x328'
+        .reloc:
+            Entropy: 6.493689021459392
+            Virtual Size: '0x3ec'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=KY, ST=Cayman Islands, L=George Town, O=Razer Inc., OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, CN=Razer Inc.
+            ValidFrom: '2013-09-13 00:00:00'
+            ValidTo: '2016-08-02 23:59:59'
+            Signature: 7fed5fa5da7959a757624348c39cb82555cbfa8fef504c4f9240c1832d551fa464a0f36ce293c269028849708ded45320d843e52e6e0a5c45d4c048f1c61db7831aa29bee4524cf538db8d5e3e810af96c8a2b4e85c17e6c6eefe399d57722554303e99d8b81d546bc42f89165b7c44efba44b0d073ed1d1fcae1b17e61a8e3995b5c61e33bf7c0c4d540ab2b925bcb7141159fa8095912ecccf2ad734a6362981e0248b1765df2a8815904dddf5817d76a2f493fb505624e2cd4341a39d40a3a0247a9886642d4f2f87d768efb8f08f89192eef8b635d8b76f97a3e84dfb4f05e6b1d16adc6101b7b2869aa277f886be34571d4f3af59744d4132bf2e694dc4
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 4e4563adead3fedac7bd44ec5c590577
+            Version: 3
+            TBS:
+                MD5: 62e336c644b79eb95f869025a59a0814
+                SHA1: a2f3feca99242c7df87dbe3676a64c4dba12b76b
+                SHA256: 3b43e76a05117b0ee9c87f7b98005a1a4b804d633660c8e3a43d342ba9184e1b
+                SHA384: 06fa6279fc3c74eade44518adb2b1c269e30736e11ff02f8e3b1f4a3e55a9f0b07ec215f9654d579c25c90627809182c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 4e4563adead3fedac7bd44ec5c590577
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: cc335217d6f7ab7a53dcfa55cbda5fb0
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 049d38cee6bf9975ca33274d57bb4666
+        SHA1: 1d96772942225757522ddd38d52e9616089377b2
+        SHA256: fec1c641c7151e931aeb0d1ac59a97d6d3b486c482c1df8794e6424e75e6da1a
+    Company: Razer, Inc.
+    Copyright: Copyright (C) 2010-2014
+    CreationTimestamp: '2014-10-17 13:38:10'
+    Date: ''
+    Description: Razer Overlay Support
+    ExportedFunctions: ''
+    FileVersion: 1.0.12.3137
+    Filename: ''
+    ImportedFunctions:
+    - IofCompleteRequest
+    - ObfDereferenceObject
+    - ObfReferenceObject
+    - KeClearEvent
+    - KeWaitForSingleObject
+    - IoAcquireCancelSpinLock
+    - IoReleaseCancelSpinLock
+    - ObReferenceObjectByHandle
+    - ExEventObjectType
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - ExAcquireFastMutex
+    - ExReleaseFastMutex
+    - KeAcquireGuardedMutex
+    - KeReleaseGuardedMutex
+    - KeAcquireSpinLockRaiseToDpc
+    - KeReleaseSpinLock
+    - RtlInitUnicodeString
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - PoStartNextPowerIrp
+    - ZwLoadDriver
+    - IoGetDeviceObjectPointer
+    - ZwUnloadDriver
+    - IoAttachDeviceToDeviceStack
+    - IoDeleteDevice
+    - KeInitializeEvent
+    - IofCallDriver
+    - PoCallDriver
+    - PsSetCreateProcessNotifyRoutine
+    - PsSetCreateThreadNotifyRoutine
+    - PsRemoveCreateThreadNotifyRoutine
+    - ZwSetEvent
+    - _wcslwr
+    - wcsstr
+    - ZwClose
+    - KeSetEvent
+    - ZwWaitForSingleObject
+    - _purecall
+    - sprintf
+    - _vsnprintf
+    - DbgPrint
+    - swprintf
+    - KeInitializeGuardedMutex
+    - PsLookupProcessByProcessId
+    - PsReferencePrimaryToken
+    - SeQueryInformationToken
+    - RtlLengthRequiredSid
+    - RtlInitializeSid
+    - RtlSubAuthoritySid
+    - RtlEqualSid
+    - PsDereferencePrimaryToken
+    - MmGetSystemRoutineAddress
+    - MmIsAddressValid
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - wcsrchr
+    - ZwOpenProcess
+    - PsLookupThreadByThreadId
+    - ObOpenObjectByPointer
+    - PsThreadType
+    - ZwCreateEvent
+    - PsGetCurrentProcessId
+    - RtlInitString
+    - RtlCompareString
+    - KeBugCheckEx
+    - __C_specific_handler
+    Imports:
+    - ntoskrnl.exe
+    InternalName: Rzpnk
+    MD5: fef60a37301e1f5a3020fa3487fb2cd7
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: Rzpnk.sys
+    PDBPath: ''
+    Product: Rzpnk
+    ProductVersion: 1.0.12.3137
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 6f46839d81ff1d1b3e509d134f95c5a9
+        SHA1: 987e1f687c75f4e3bd6377359b2ed6b71e16b88e
+        SHA256: 011d63cf6e09f148f628424ead77cac9969f196a4bb773e8fbd60ab9b41d8c93
+    SHA1: 838823f25436cadc9a145ddac076dce3e0b84d96
+    SHA256: 0c925468c3376458d0e1ec65e097bd1a81a03901035c0195e8f6ef904ef3f901
+    Sections:
+        .text:
+            Entropy: 6.001395877605703
+            Virtual Size: '0x7400'
+        .rdata:
+            Entropy: 2.0228543552827074
+            Virtual Size: '0x13f5c'
+        .data:
+            Entropy: 4.883228407116594
+            Virtual Size: '0x84c'
+        .pdata:
+            Entropy: 4.8259775115408505
+            Virtual Size: '0xcfc'
+        PAGE:
+            Entropy: 4.375632893012098
+            Virtual Size: '0x87'
+        INIT:
+            Entropy: 5.328254520489819
+            Virtual Size: '0x866'
+        .rsrc:
+            Entropy: 3.312676704326444
+            Virtual Size: '0x328'
+        .reloc:
+            Entropy: 2.1502919023967038
+            Virtual Size: '0x1a4'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=KY, ST=Cayman Islands, L=George Town, O=Razer Inc., OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, CN=Razer Inc.
+            ValidFrom: '2013-09-13 00:00:00'
+            ValidTo: '2016-08-02 23:59:59'
+            Signature: 7fed5fa5da7959a757624348c39cb82555cbfa8fef504c4f9240c1832d551fa464a0f36ce293c269028849708ded45320d843e52e6e0a5c45d4c048f1c61db7831aa29bee4524cf538db8d5e3e810af96c8a2b4e85c17e6c6eefe399d57722554303e99d8b81d546bc42f89165b7c44efba44b0d073ed1d1fcae1b17e61a8e3995b5c61e33bf7c0c4d540ab2b925bcb7141159fa8095912ecccf2ad734a6362981e0248b1765df2a8815904dddf5817d76a2f493fb505624e2cd4341a39d40a3a0247a9886642d4f2f87d768efb8f08f89192eef8b635d8b76f97a3e84dfb4f05e6b1d16adc6101b7b2869aa277f886be34571d4f3af59744d4132bf2e694dc4
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 4e4563adead3fedac7bd44ec5c590577
+            Version: 3
+            TBS:
+                MD5: 62e336c644b79eb95f869025a59a0814
+                SHA1: a2f3feca99242c7df87dbe3676a64c4dba12b76b
+                SHA256: 3b43e76a05117b0ee9c87f7b98005a1a4b804d633660c8e3a43d342ba9184e1b
+                SHA384: 06fa6279fc3c74eade44518adb2b1c269e30736e11ff02f8e3b1f4a3e55a9f0b07ec215f9654d579c25c90627809182c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 4e4563adead3fedac7bd44ec5c590577
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: dd7c5c0c762169d40ee01280e4ac74fc
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 64c80e12a495fb117c5db8f0ab70dc91
+        SHA1: 39c687c1c70ea61e122ef145364fa123ddeb3383
+        SHA256: 3e28142ad02a1ac63ab86f97834321f30bb28e19d5c997bb0a13807ddb414c0e
+    Company: Razer, Inc.
+    Copyright: Copyright (C) 2010-2017. Razer, Inc.
+    CreationTimestamp: '2017-09-20 16:35:30'
+    Date: ''
+    Description: Razer Overlay Support
+    ExportedFunctions: ''
+    FileVersion: 1.0.12.10177
+    Filename: ''
+    ImportedFunctions:
+    - IofCompleteRequest
+    - ObfDereferenceObject
+    - ObfReferenceObject
+    - KeClearEvent
+    - KeWaitForSingleObject
+    - IoAcquireCancelSpinLock
+    - IoReleaseCancelSpinLock
+    - ObReferenceObjectByHandle
+    - ExEventObjectType
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - ExAcquireFastMutex
+    - ExReleaseFastMutex
+    - KeAcquireGuardedMutex
+    - KeReleaseGuardedMutex
+    - KeAcquireSpinLockRaiseToDpc
+    - KeReleaseSpinLock
+    - RtlInitUnicodeString
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - PsGetCurrentProcessId
+    - _wcslwr
+    - wcsstr
+    - PoStartNextPowerIrp
+    - ZwLoadDriver
+    - IoGetDeviceObjectPointer
+    - ZwUnloadDriver
+    - IoAttachDeviceToDeviceStack
+    - IoDeleteDevice
+    - KeInitializeEvent
+    - IofCallDriver
+    - PoCallDriver
+    - PsSetCreateProcessNotifyRoutine
+    - PsSetCreateThreadNotifyRoutine
+    - PsRemoveCreateThreadNotifyRoutine
+    - ZwSetEvent
+    - ZwClose
+    - KeSetEvent
+    - ZwWaitForSingleObject
+    - _purecall
+    - sprintf
+    - _vsnprintf
+    - DbgPrint
+    - swprintf
+    - KeInitializeGuardedMutex
+    - PsLookupProcessByProcessId
+    - PsReferencePrimaryToken
+    - SeQueryInformationToken
+    - RtlLengthRequiredSid
+    - RtlInitializeSid
+    - RtlSubAuthoritySid
+    - RtlEqualSid
+    - PsDereferencePrimaryToken
+    - MmGetSystemRoutineAddress
+    - MmIsAddressValid
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - wcsrchr
+    - ZwOpenProcess
+    - PsLookupThreadByThreadId
+    - ObOpenObjectByPointer
+    - PsThreadType
+    - ZwCreateEvent
+    - RtlInitString
+    - RtlCompareString
+    - ZwMapViewOfSection
+    - ZwOpenProcessTokenEx
+    - ZwQueryInformationToken
+    - RtlSubAuthorityCountSid
+    - KeBugCheckEx
+    - __C_specific_handler
+    Imports:
+    - ntoskrnl.exe
+    InternalName: Rzpnk
+    MD5: 6846c2035b4c56b488d2ce2c69a57261
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: Rzpnk.sys
+    PDBPath: ''
+    Product: Rzpnk
+    ProductVersion: 1.0.12.10177
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: ce0bfa21df06f7d3067953da829fe299
+        SHA1: 49f5fdf333898858dd7297603f3b2347a01e777d
+        SHA256: c059cad135868369281fd57e51cf8d64ac50e012ce54e3efb9321d8b519bd2dd
+    SHA1: e41808b022656befb7dc42bbeceaf867e2fec6b2
+    SHA256: 0b547368c03e0a584ae3c5e62af3728426c68b316a15f3290316844d193ad182
+    Sections:
+        .text:
+            Entropy: 6.029574446422592
+            Virtual Size: '0x7a9e'
+        .rdata:
+            Entropy: 2.166400944027784
+            Virtual Size: '0x145cc'
+        .data:
+            Entropy: 0.15812764646865457
+            Virtual Size: '0x3e4'
+        .pdata:
+            Entropy: 4.867440310144845
+            Virtual Size: '0xcf0'
+        PAGE:
+            Entropy: 4.405262522641727
+            Virtual Size: '0x87'
+        INIT:
+            Entropy: 5.35429740385259
+            Virtual Size: '0x8e8'
+        .rsrc:
+            Entropy: 3.3372398450648846
+            Virtual Size: '0x348'
+        .reloc:
+            Entropy: 4.323516902746281
+            Virtual Size: '0x8c'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=California, L=Irvine, O=Razer USA Ltd., CN=Razer USA
+                Ltd.
+            ValidFrom: '2016-02-10 00:00:00'
+            ValidTo: '2019-02-07 23:59:59'
+            Signature: 06b8b8ab165538f61a5033c866556c0dd5e0f3ccc78633965b7feb8b012f312c40d09a3916370efd6a1747fa6c39c0de0be5226f7de748d11854a396dfcdfb31bdf572c2fa2561204ea01d2a076a197f89b7cb084d4cdd2c788195309cd507be6847667b2c00b74d94f53291c03201e23c363928968cbe4596649a671458d82001d22205c3d4f6beb5405247d9ad1ad832c12a96e7e557426d8fc85b0069b512354557b7e2124305c0171df610bea39f8dabb973e3fec041fbce781db485d88fa826f74f0e0810e62b63615404c2daeaa354fa3c73baafcd5daca7146f3afee8c30cb257f6b25843c5df2317c1d05a619e86e843c081169e0dfd5036cd19f9ef
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 1834b81889070312b5c4ca72ea419a5e
+            Version: 3
+            TBS:
+                MD5: 966e59fada7c527111ba61f0cafcb355
+                SHA1: d72efbe2c9127b91fffcfa0825dc16c9f7580e44
+                SHA256: 506eaba716a689df7e0bb57b6f41afea02cce8c4af4d2392e96bd2e1bf483528
+                SHA384: 0edb1fa0ccc2600fcd37358eb158fae5b72cc13fd3ff6cd0518aa6c780377dd5a7e39145784d4b9c595f163be613f2f1
+        -   Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 SHA256 Code Signing CA
+            ValidFrom: '2013-12-10 00:00:00'
+            ValidTo: '2023-12-09 23:59:59'
+            Signature: 13851a1e69a937f7a0bda4af7e1d6153fe9d8c5e0ca6751e781723ddfdec1a035539fb7195c7655aa78e30d2445a61db706fda2105c22e73ba49f1d193fe5dc9cd5e03e0899e3f741ed7f7388ba9d6cfbb352f3358a89256d1c84d3b82e6798416fc28b0b147f31da23eee87d9a67fa456a53fad842e29de7cbca8aaa33d0401eaba93a20e502229174c87e43a115fd6a425899b056b2fb4c9014c277b0bac190522a060153fdac9fb4d4c8ffb726777fd2794c7ba350e8849fe8dfd28af4a12bd0db39705de440c15fa362b03dcc15001f1a1115d14e5e2bd274b54be2b845e0fa6c374050aef97c38922b11f77f3bdcd43d4f14ca93fb58b84af64f2d01421
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 3d78d7f9764960b2617df4f01eca862a
+            Version: 3
+            TBS:
+                MD5: 1f056ff7d5f874984dc605402b7cb042
+                SHA1: bdb348353a2203deb4b767914fa1bd7248dd728b
+                SHA256: a08e79c386083d875014c409c13d144e0a24386132980df11ff59737c8489eb1
+                SHA384: fa2729064b49e0d77540c1ee95d5f74acaf8eaf55197851a3a40383335f8113e51190bc48b552196edf8ac5cf0c89278
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        Signer:
+        -   SerialNumber: 1834b81889070312b5c4ca72ea419a5e
+            Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 SHA256 Code Signing CA
+            Version: 1
+    Imphash: 74081c86ad3e9771011f162c107927de
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/1c7631f0-f92f-4be5-8ba7-3eefb0601d45.yaml b/yaml/1c7631f0-f92f-4be5-8ba7-3eefb0601d45.yaml
index b91826162..988462f23 100644
--- a/yaml/1c7631f0-f92f-4be5-8ba7-3eefb0601d45.yaml
+++ b/yaml/1c7631f0-f92f-4be5-8ba7-3eefb0601d45.yaml
@@ -1,193 +1,193 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 1c7631f0-f92f-4be5-8ba7-3eefb0601d45
+Tags:
+- LHA.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create LHA.sys binPath=C:\windows\temp\LHA.sys type=kernel && sc.exe
-    start LHA.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/e75714f8e0ff45605f6fc7689a1a89c7dcd34aab66c6131c63fefaca584539cf.yara
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: 1c7631f0-f92f-4be5-8ba7-3eefb0601d45
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 8a3fb969d6edfb9a860e13a556a9d64f
-    SHA1: d9cf173dd75bf410c2f7f35247cd4db186af9a41
-    SHA256: fe14940b5d3068b7ceffd28a529196811f1d0e175522f4dfab26573e7aca0bb4
-  Company: LG Electronics Inc.
-  Copyright: ultrabios@hotmail.com
-  CreationTimestamp: '2018-12-27 16:06:43'
-  Date: ''
-  Description: LHA
-  ExportedFunctions: ''
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Filename: LHA.sys
-  ImportedFunctions:
-  - ExFreePoolWithTag
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - IoFreeWorkItem
-  - KeReleaseSpinLock
-  - MmUnmapIoSpace
-  - MmFreeNonCachedMemory
-  - MmGetPhysicalAddress
-  - IoAllocateWorkItem
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoDeleteSymbolicLink
-  - KeAcquireSpinLockRaiseToDpc
-  - ExUnregisterCallback
-  - PoRegisterPowerSettingCallback
-  - ExRegisterCallback
-  - ObfDereferenceObject
-  - IoQueueWorkItem
-  - ExCreateCallback
-  - DbgPrint
-  - IoWMIQueryAllData
-  - MmGetSystemRoutineAddress
-  - KeBugCheckEx
-  - ExAllocatePoolWithTag
-  - MmAllocateNonCachedMemory
-  - IoCreateDevice
-  - ZwClose
-  - ObOpenObjectByPointer
-  - ZwSetSecurityObject
-  - IoDeviceObjectType
-  - _snwprintf
-  - RtlLengthSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - RtlCreateSecurityDescriptor
-  - RtlSetDaclSecurityDescriptor
-  - RtlAbsoluteToSelfRelativeSD
-  - IoIsWdmVersionAvailable
-  - SeExports
-  - wcschr
-  - _wcsnicmp
-  - RtlLengthSid
-  - RtlAddAccessAllowedAce
-  - RtlGetSaclSecurityDescriptor
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - ZwOpenKey
-  - ZwCreateKey
-  - ZwQueryValueKey
-  - ZwSetValueKey
-  - RtlFreeUnicodeString
-  - KeStallExecutionProcessor
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: LHA.sys
-  MD5: 748cf64b95ca83abc35762ad2c25458f
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: LHA.sys
-  Product: "Microsoft\xAE Windows\xAE Operating System"
-  ProductVersion: 6.1.7600.16385
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 8de9ce6c09a8dc70b9c6399d53ed5752
-    SHA1: 28c10b23cbb09f205edb21dfabd65800df836b7e
-    SHA256: f662fa4a5aa3686ae214a0559bd422bc979b969f0f33abacc560c8b4af7d7a7d
-  SHA1: fcd615df88645d1f57ff5702bd6758b77efea6d0
-  SHA256: e75714f8e0ff45605f6fc7689a1a89c7dcd34aab66c6131c63fefaca584539cf
-  Sections:
-    .text:
-      Entropy: 6.3729713051901875
-      Virtual Size: '0x275e'
-    .rdata:
-      Entropy: 4.35894546013594
-      Virtual Size: '0x79c'
-    .data:
-      Entropy: 1.4282942392169038
-      Virtual Size: '0x381'
-    .pdata:
-      Entropy: 4.246697265407486
-      Virtual Size: '0x2b8'
-    PAGE:
-      Entropy: 6.214193657765831
-      Virtual Size: '0x1a47'
-    INIT:
-      Entropy: 5.174871630570359
-      Virtual Size: '0x728'
-    .rsrc:
-      Entropy: 3.40609004191681
-      Virtual Size: '0x380'
-    .reloc:
-      Entropy: 1.2280731978955797
-      Virtual Size: '0x60'
-  Signature:
-  - Microsoft Windows Hardware Compatibility Publisher
-  - Microsoft Windows Third Party Component CA 2014
-  - Microsoft Root Certificate Authority 2010
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Hardware Compatibility Publisher
-      ValidFrom: '2018-09-06 21:30:32'
-      ValidTo: '2019-09-06 21:30:32'
-      Signature: a5a2a99a97df110e18898e98fd07aaa52616e13f9c681d0f99cbafcb2914dd7a56a8324ab1fa926b26b9c5c87fd653c193cac3773f7750425d2090034461012f476d77005a079f2883e4cfa8b1dbab735f086c9692b3f6f53efb5db881bd94cdbda4c4c9597026a8fbf1eed41bf628879156fcacae96e751d4fe117f0f6dc985ef3bd72a7bd299bd507633600c9df2f92306fe4833a8d784019dbe8baaaa06fddae1d5066677c9bcce6506e6ebe455cc9f46b1e6e9d77f2a82159b2aac861eeb400de3dcef2bdfa85e0dc51628945f14b3f44340ba9f2a3af7ef1bf24f372b3a0d0fef4baafb86cf3ba43f29030b891d4b46b4ccb29b00506dc0ee0e44959f8369fc9e0fd4bc5fa12159a4cd6db8f9af57353c132654278784509635cf5e020c43757525a4d3dcbbd532986b46b2efaa2b6b3a00aa8d44cd0546efddb6ab2e30ccf75aba4bc8d9249262e408516b89cdd58c55b9af18baeb0201f7732724b4d3ca0c74ebc4afa19bb5583f948e9619232ece825e09465fdab93f6fe6ed0590d08435879ac1ba3cf41a8c4a8f5fea6a50e84a21a5ca38414e85de3867f4bce967cb45b62335b7416a0fdc08c1e3c049e85ef944f438e5f1296a659ff8e01a170001751f92b395bd7c9b4f33106a708a005c16c2b5439bac392253e1bcfbcb545d5f6243466205655a2e496098b9045d605b632b8f98d29f51e27e62fe63a4e8f2
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 33000000253a2738690a3451c1000000000025
-      Version: 3
-      TBS:
-        MD5: 60cb2d8488f8724a67bf3254e6a57ff1
-        SHA1: 37aef77a1afaa33ac5787fc43a2c1e2509a19eb1
-        SHA256: 495a6ff7ace92f915eb1753c4c0b32612056e6d320bb17ff90346db3aa357432
-        SHA384: 2a90dcf67abc92f070775de78ecf066e7730ea57b4c4d6c64cfdd66c3eb0f639ac188b24571a9f600ef017737a71decf
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2014
-      ValidFrom: '2014-10-15 20:31:27'
-      ValidTo: '2029-10-15 20:41:27'
-      Signature: 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 330000000d690d5d7893d076df00000000000d
-      Version: 3
-      TBS:
-        MD5: 83f69422963f11c3c340b81712eef319
-        SHA1: 0c5e5f24590b53bc291e28583acb78e5adc95601
-        SHA256: d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
-        SHA384: 260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63
-    Signer:
-    - SerialNumber: 33000000253a2738690a3451c1000000000025
-      Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2014
-      Version: 1
-  Imphash: c3fd2e688276a184b2528ee590054e5a
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create LHA.sys binPath=C:\windows\temp\LHA.sys type=kernel &&
+        sc.exe start LHA.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://github.com/elastic/protections-artifacts/search?q=VulnDriver
-Tags:
-- LHA.sys
-Verified: 'TRUE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/e75714f8e0ff45605f6fc7689a1a89c7dcd34aab66c6131c63fefaca584539cf.yara
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 8a3fb969d6edfb9a860e13a556a9d64f
+        SHA1: d9cf173dd75bf410c2f7f35247cd4db186af9a41
+        SHA256: fe14940b5d3068b7ceffd28a529196811f1d0e175522f4dfab26573e7aca0bb4
+    Company: LG Electronics Inc.
+    Copyright: ultrabios@hotmail.com
+    CreationTimestamp: '2018-12-27 16:06:43'
+    Date: ''
+    Description: LHA
+    ExportedFunctions: ''
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Filename: LHA.sys
+    ImportedFunctions:
+    - ExFreePoolWithTag
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - IoFreeWorkItem
+    - KeReleaseSpinLock
+    - MmUnmapIoSpace
+    - MmFreeNonCachedMemory
+    - MmGetPhysicalAddress
+    - IoAllocateWorkItem
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoDeleteSymbolicLink
+    - KeAcquireSpinLockRaiseToDpc
+    - ExUnregisterCallback
+    - PoRegisterPowerSettingCallback
+    - ExRegisterCallback
+    - ObfDereferenceObject
+    - IoQueueWorkItem
+    - ExCreateCallback
+    - DbgPrint
+    - IoWMIQueryAllData
+    - MmGetSystemRoutineAddress
+    - KeBugCheckEx
+    - ExAllocatePoolWithTag
+    - MmAllocateNonCachedMemory
+    - IoCreateDevice
+    - ZwClose
+    - ObOpenObjectByPointer
+    - ZwSetSecurityObject
+    - IoDeviceObjectType
+    - _snwprintf
+    - RtlLengthSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - RtlCreateSecurityDescriptor
+    - RtlSetDaclSecurityDescriptor
+    - RtlAbsoluteToSelfRelativeSD
+    - IoIsWdmVersionAvailable
+    - SeExports
+    - wcschr
+    - _wcsnicmp
+    - RtlLengthSid
+    - RtlAddAccessAllowedAce
+    - RtlGetSaclSecurityDescriptor
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - ZwOpenKey
+    - ZwCreateKey
+    - ZwQueryValueKey
+    - ZwSetValueKey
+    - RtlFreeUnicodeString
+    - KeStallExecutionProcessor
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: LHA.sys
+    MD5: 748cf64b95ca83abc35762ad2c25458f
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: LHA.sys
+    Product: "Microsoft\xAE Windows\xAE Operating System"
+    ProductVersion: 6.1.7600.16385
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 8de9ce6c09a8dc70b9c6399d53ed5752
+        SHA1: 28c10b23cbb09f205edb21dfabd65800df836b7e
+        SHA256: f662fa4a5aa3686ae214a0559bd422bc979b969f0f33abacc560c8b4af7d7a7d
+    SHA1: fcd615df88645d1f57ff5702bd6758b77efea6d0
+    SHA256: e75714f8e0ff45605f6fc7689a1a89c7dcd34aab66c6131c63fefaca584539cf
+    Sections:
+        .text:
+            Entropy: 6.3729713051901875
+            Virtual Size: '0x275e'
+        .rdata:
+            Entropy: 4.35894546013594
+            Virtual Size: '0x79c'
+        .data:
+            Entropy: 1.4282942392169038
+            Virtual Size: '0x381'
+        .pdata:
+            Entropy: 4.246697265407486
+            Virtual Size: '0x2b8'
+        PAGE:
+            Entropy: 6.214193657765831
+            Virtual Size: '0x1a47'
+        INIT:
+            Entropy: 5.174871630570359
+            Virtual Size: '0x728'
+        .rsrc:
+            Entropy: 3.40609004191681
+            Virtual Size: '0x380'
+        .reloc:
+            Entropy: 1.2280731978955797
+            Virtual Size: '0x60'
+    Signature:
+    - Microsoft Windows Hardware Compatibility Publisher
+    - Microsoft Windows Third Party Component CA 2014
+    - Microsoft Root Certificate Authority 2010
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Hardware Compatibility Publisher
+            ValidFrom: '2018-09-06 21:30:32'
+            ValidTo: '2019-09-06 21:30:32'
+            Signature: a5a2a99a97df110e18898e98fd07aaa52616e13f9c681d0f99cbafcb2914dd7a56a8324ab1fa926b26b9c5c87fd653c193cac3773f7750425d2090034461012f476d77005a079f2883e4cfa8b1dbab735f086c9692b3f6f53efb5db881bd94cdbda4c4c9597026a8fbf1eed41bf628879156fcacae96e751d4fe117f0f6dc985ef3bd72a7bd299bd507633600c9df2f92306fe4833a8d784019dbe8baaaa06fddae1d5066677c9bcce6506e6ebe455cc9f46b1e6e9d77f2a82159b2aac861eeb400de3dcef2bdfa85e0dc51628945f14b3f44340ba9f2a3af7ef1bf24f372b3a0d0fef4baafb86cf3ba43f29030b891d4b46b4ccb29b00506dc0ee0e44959f8369fc9e0fd4bc5fa12159a4cd6db8f9af57353c132654278784509635cf5e020c43757525a4d3dcbbd532986b46b2efaa2b6b3a00aa8d44cd0546efddb6ab2e30ccf75aba4bc8d9249262e408516b89cdd58c55b9af18baeb0201f7732724b4d3ca0c74ebc4afa19bb5583f948e9619232ece825e09465fdab93f6fe6ed0590d08435879ac1ba3cf41a8c4a8f5fea6a50e84a21a5ca38414e85de3867f4bce967cb45b62335b7416a0fdc08c1e3c049e85ef944f438e5f1296a659ff8e01a170001751f92b395bd7c9b4f33106a708a005c16c2b5439bac392253e1bcfbcb545d5f6243466205655a2e496098b9045d605b632b8f98d29f51e27e62fe63a4e8f2
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 33000000253a2738690a3451c1000000000025
+            Version: 3
+            TBS:
+                MD5: 60cb2d8488f8724a67bf3254e6a57ff1
+                SHA1: 37aef77a1afaa33ac5787fc43a2c1e2509a19eb1
+                SHA256: 495a6ff7ace92f915eb1753c4c0b32612056e6d320bb17ff90346db3aa357432
+                SHA384: 2a90dcf67abc92f070775de78ecf066e7730ea57b4c4d6c64cfdd66c3eb0f639ac188b24571a9f600ef017737a71decf
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2014
+            ValidFrom: '2014-10-15 20:31:27'
+            ValidTo: '2029-10-15 20:41:27'
+            Signature: 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 330000000d690d5d7893d076df00000000000d
+            Version: 3
+            TBS:
+                MD5: 83f69422963f11c3c340b81712eef319
+                SHA1: 0c5e5f24590b53bc291e28583acb78e5adc95601
+                SHA256: d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
+                SHA384: 260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63
+        Signer:
+        -   SerialNumber: 33000000253a2738690a3451c1000000000025
+            Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2014
+            Version: 1
+    Imphash: c3fd2e688276a184b2528ee590054e5a
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/1d2cdef1-de44-4849-80e5-e2fa288df681.yaml b/yaml/1d2cdef1-de44-4849-80e5-e2fa288df681.yaml
index d61132b1f..c41a43b74 100644
--- a/yaml/1d2cdef1-de44-4849-80e5-e2fa288df681.yaml
+++ b/yaml/1d2cdef1-de44-4849-80e5-e2fa288df681.yaml
@@ -1,222 +1,27 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 1d2cdef1-de44-4849-80e5-e2fa288df681
+Tags:
+- iqvw64e.sys
+- iQVW64.SYS
+- IQVW32.sys
+- NalDrv.sys
+Verified: 'TRUE'
 Author: Michael Haag, Guus Verbeek
+Created: '2023-01-09'
+MitreID: T1068
 CVE:
 - CVE-2015-2291
 Category: vulnerable driver
 Commands:
-  Command: sc.exe create iqvw64e.sys binPath=C:\windows\temp\iqvw64e.sys type=kernel
-    && sc.exe start iqvw64e.sys
-  Description: (1) IQVW32.sys before 1.3.1.0 and (2) IQVW64.sys before 1.3.1.0 in
-    the Intel Ethernet diagnostics driver for Windows allows local users to cause
-    a denial of service or possibly execute arbitrary code with kernel privileges
-    via a crafted (a) 0x80862013, (b) 0x8086200B, (c) 0x8086200F, or (d) 0x80862007
-    IOCTL call.
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
-Created: '2023-01-09'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/4429f32db1cc70567919d7d47b844a91cf1329a6cd116f582305f3b7b60cd60b.yara
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: 1d2cdef1-de44-4849-80e5-e2fa288df681
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 1789a16d20ca2b55f491ad71848166a2
-    SHA1: 2cbfe4ad0e1231ff3e19c19ca9311d952ce170b7
-    SHA256: 785e87bc23a1353fe0726554fd009aca69c320a98445a604a64e23ab45108087
-  Company: 'Intel Corporation '
-  Copyright: Copyright (C) 2002-2013 Intel Corporation All Rights Reserved.
-  CreationTimestamp: '2013-11-14 08:22:43'
-  Date: ''
-  Description: Intel(R) Network Adapter Diagnostic Driver
-  ExportedFunctions: ''
-  FileVersion: '1.03.0.7 built by: WinDDK'
-  Filename: iqvw64e.sys
-  ImportedFunctions:
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - IofCompleteRequest
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - MmGetPhysicalAddress
-  - DbgPrint
-  - strncpy
-  - vsprintf
-  - IoFreeMdl
-  - MmMapLockedPagesSpecifyCache
-  - MmBuildMdlForNonPagedPool
-  - IoAllocateMdl
-  - MmUnmapIoSpace
-  - MmUnmapLockedPages
-  - MmAllocateContiguousMemory
-  - MmFreeContiguousMemory
-  - RtlInitUnicodeString
-  - ObfDereferenceObject
-  - KeWaitForSingleObject
-  - IofCallDriver
-  - IoBuildSynchronousFsdRequest
-  - KeInitializeEvent
-  - ZwClose
-  - RtlFreeAnsiString
-  - strstr
-  - RtlUnicodeStringToAnsiString
-  - ZwEnumerateValueKey
-  - ZwOpenKey
-  - wcsncpy
-  - IoGetDeviceObjectPointer
-  - IoGetDeviceInterfaces
-  - ObReferenceObjectByPointer
-  - KeBugCheckEx
-  - IoDeleteSymbolicLink
-  - MmMapIoSpace
-  - IoDeleteDevice
-  - KeStallExecutionProcessor
-  - KeQueryPerformanceCounter
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: iQVW64.SYS
-  MD5: 1898ceda3247213c084f43637ef163b3
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: iQVW64.SYS
-  Product: Intel(R) iQVW64.SYS
-  ProductVersion: 1.03.0.7
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 4521e9ed78c16f8d1e49a1981dfb32eb
-    SHA1: 557230bdf881a5a09523f4b063c81e10594ee183
-    SHA256: 4d270337cbd39f54b308a8b11869c2d85075acb846ce369f90aeceb8dd87782f
-  SHA1: d04e5db5b6c848a29732bfd52029001f23c3da75
-  SHA256: 4429f32db1cc70567919d7d47b844a91cf1329a6cd116f582305f3b7b60cd60b
-  Sections:
-    .text:
-      Entropy: 6.312074870341971
-      Virtual Size: '0x4615'
-    .rdata:
-      Entropy: 4.765757053328623
-      Virtual Size: '0x7c0'
-    .data:
-      Entropy: 0.30140680731160896
-      Virtual Size: '0x5c9ec0'
-    .pdata:
-      Entropy: 4.307215755522235
-      Virtual Size: '0x408'
-    INIT:
-      Entropy: 5.835829282045137
-      Virtual Size: '0x7a8'
-    .rsrc:
-      Entropy: 3.423830950438437
-      Virtual Size: '0x3f8'
-  Signature:
-  - Intel Corporation
-  - VeriSign Class 3 Code Signing 2010 CA
-  - VeriSign
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, ST=Oregon, L=Hillsboro, O=Intel Corporation, OU=Digital ID Class
-        3 , Microsoft Software Validation v2, OU=LAN Access Division, CN=Intel Corporation
-      ValidFrom: '2012-05-17 00:00:00'
-      ValidTo: '2015-05-30 23:59:59'
-      Signature: 285fe626bdcc91182509755ed38bee901a395d2f11b14eb7857cb9b3624afadee423a07cca07804cd51a299716b3bd127c84e6d827dd786b29964aee3b6dd0193d366813ff62ab31f61e2c37bda7a2cd4c19a877cd410dcd066acefa7013e47436b8b4270238dbf631a4907c380f2397eda3a013d8d3d006a15b581edf946d7cc16896d2af8e79981802555b12bb1b177f7e9a85c0c92b8af3d423ecbd858a1aa0d8face738f4f4934b2a0f9654db4cc1e388afad699371e83992bd317de8ae0dce9df2f6de60191af4462eca8a2ba30e8b203b68bff09f4753cfbedbf41a64f1e0cc999f90c83dc3062dd62dd46773f8e93d1051f19a29a97377c1d0bee7f39
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 2776ab5cf2d09872f1ad05fbc3f21a87
-      Version: 3
-      TBS:
-        MD5: fa13cce803fbe5b5256430f9bfee76de
-        SHA1: ce566e0c55909bbf2bb0d43280ee78b4ba3d582f
-        SHA256: 7959ee2235998f36a9cdbd9b5ef7759e5846e0eecd7e868c5f042360a25482aa
-        SHA384: 82fcff4effee6971cfc9d0d684d13479eac42b53f23590e0df172e2804ff94abc1fbf0e2b6af0cf05b099fc97cf26789
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 2776ab5cf2d09872f1ad05fbc3f21a87
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 55db306bc2be3ff71a6b91fd9db051b8
-  LoadsDespiteHVCI: 'FALSE'
-MitreID: T1068
+    Command: sc.exe create iqvw64e.sys binPath=C:\windows\temp\iqvw64e.sys type=kernel
+        && sc.exe start iqvw64e.sys
+    Description: (1) IQVW32.sys before 1.3.1.0 and (2) IQVW64.sys before 1.3.1.0 in
+        the Intel Ethernet diagnostics driver for Windows allows local users to cause
+        a denial of service or possibly execute arbitrary code with kernel privileges
+        via a crafted (a) 0x80862013, (b) 0x8086200B, (c) 0x8086200F, or (d) 0x80862007
+        IOCTL call.
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://www.crowdstrike.com/blog/scattered-spider-attempts-to-avoid-detection-with-bring-your-own-vulnerable-driver-tactic/
 - https://expel.com/blog/well-that-escalated-quickly-how-a-red-team-went-from-domain-user-to-kernel-memory/
@@ -224,9 +29,205 @@ Resources:
 - https://github.com/Tare05/Intel-CVE-2015-2291
 - https://github.com/TheCruZ/kdmapper
 - https://gist.github.com/k4nfr3/af970e7facb09195e56f2112e1c9549c
-Tags:
-- iqvw64e.sys
-- iQVW64.SYS
-- IQVW32.sys
-- NalDrv.sys
-Verified: 'TRUE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/4429f32db1cc70567919d7d47b844a91cf1329a6cd116f582305f3b7b60cd60b.yara
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 1789a16d20ca2b55f491ad71848166a2
+        SHA1: 2cbfe4ad0e1231ff3e19c19ca9311d952ce170b7
+        SHA256: 785e87bc23a1353fe0726554fd009aca69c320a98445a604a64e23ab45108087
+    Company: 'Intel Corporation '
+    Copyright: Copyright (C) 2002-2013 Intel Corporation All Rights Reserved.
+    CreationTimestamp: '2013-11-14 08:22:43'
+    Date: ''
+    Description: Intel(R) Network Adapter Diagnostic Driver
+    ExportedFunctions: ''
+    FileVersion: '1.03.0.7 built by: WinDDK'
+    Filename: iqvw64e.sys
+    ImportedFunctions:
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - IofCompleteRequest
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - MmGetPhysicalAddress
+    - DbgPrint
+    - strncpy
+    - vsprintf
+    - IoFreeMdl
+    - MmMapLockedPagesSpecifyCache
+    - MmBuildMdlForNonPagedPool
+    - IoAllocateMdl
+    - MmUnmapIoSpace
+    - MmUnmapLockedPages
+    - MmAllocateContiguousMemory
+    - MmFreeContiguousMemory
+    - RtlInitUnicodeString
+    - ObfDereferenceObject
+    - KeWaitForSingleObject
+    - IofCallDriver
+    - IoBuildSynchronousFsdRequest
+    - KeInitializeEvent
+    - ZwClose
+    - RtlFreeAnsiString
+    - strstr
+    - RtlUnicodeStringToAnsiString
+    - ZwEnumerateValueKey
+    - ZwOpenKey
+    - wcsncpy
+    - IoGetDeviceObjectPointer
+    - IoGetDeviceInterfaces
+    - ObReferenceObjectByPointer
+    - KeBugCheckEx
+    - IoDeleteSymbolicLink
+    - MmMapIoSpace
+    - IoDeleteDevice
+    - KeStallExecutionProcessor
+    - KeQueryPerformanceCounter
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: iQVW64.SYS
+    MD5: 1898ceda3247213c084f43637ef163b3
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: iQVW64.SYS
+    Product: Intel(R) iQVW64.SYS
+    ProductVersion: 1.03.0.7
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 4521e9ed78c16f8d1e49a1981dfb32eb
+        SHA1: 557230bdf881a5a09523f4b063c81e10594ee183
+        SHA256: 4d270337cbd39f54b308a8b11869c2d85075acb846ce369f90aeceb8dd87782f
+    SHA1: d04e5db5b6c848a29732bfd52029001f23c3da75
+    SHA256: 4429f32db1cc70567919d7d47b844a91cf1329a6cd116f582305f3b7b60cd60b
+    Sections:
+        .text:
+            Entropy: 6.312074870341971
+            Virtual Size: '0x4615'
+        .rdata:
+            Entropy: 4.765757053328623
+            Virtual Size: '0x7c0'
+        .data:
+            Entropy: 0.30140680731160896
+            Virtual Size: '0x5c9ec0'
+        .pdata:
+            Entropy: 4.307215755522235
+            Virtual Size: '0x408'
+        INIT:
+            Entropy: 5.835829282045137
+            Virtual Size: '0x7a8'
+        .rsrc:
+            Entropy: 3.423830950438437
+            Virtual Size: '0x3f8'
+    Signature:
+    - Intel Corporation
+    - VeriSign Class 3 Code Signing 2010 CA
+    - VeriSign
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, ST=Oregon, L=Hillsboro, O=Intel Corporation, OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, OU=LAN Access Division,
+                CN=Intel Corporation
+            ValidFrom: '2012-05-17 00:00:00'
+            ValidTo: '2015-05-30 23:59:59'
+            Signature: 285fe626bdcc91182509755ed38bee901a395d2f11b14eb7857cb9b3624afadee423a07cca07804cd51a299716b3bd127c84e6d827dd786b29964aee3b6dd0193d366813ff62ab31f61e2c37bda7a2cd4c19a877cd410dcd066acefa7013e47436b8b4270238dbf631a4907c380f2397eda3a013d8d3d006a15b581edf946d7cc16896d2af8e79981802555b12bb1b177f7e9a85c0c92b8af3d423ecbd858a1aa0d8face738f4f4934b2a0f9654db4cc1e388afad699371e83992bd317de8ae0dce9df2f6de60191af4462eca8a2ba30e8b203b68bff09f4753cfbedbf41a64f1e0cc999f90c83dc3062dd62dd46773f8e93d1051f19a29a97377c1d0bee7f39
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 2776ab5cf2d09872f1ad05fbc3f21a87
+            Version: 3
+            TBS:
+                MD5: fa13cce803fbe5b5256430f9bfee76de
+                SHA1: ce566e0c55909bbf2bb0d43280ee78b4ba3d582f
+                SHA256: 7959ee2235998f36a9cdbd9b5ef7759e5846e0eecd7e868c5f042360a25482aa
+                SHA384: 82fcff4effee6971cfc9d0d684d13479eac42b53f23590e0df172e2804ff94abc1fbf0e2b6af0cf05b099fc97cf26789
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 2776ab5cf2d09872f1ad05fbc3f21a87
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 55db306bc2be3ff71a6b91fd9db051b8
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/1d4f7a3a-786b-4a74-b34f-14d44343de9e.yaml b/yaml/1d4f7a3a-786b-4a74-b34f-14d44343de9e.yaml
index d4122a7de..77305e54e 100644
--- a/yaml/1d4f7a3a-786b-4a74-b34f-14d44343de9e.yaml
+++ b/yaml/1d4f7a3a-786b-4a74-b34f-14d44343de9e.yaml
@@ -1,35 +1,35 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 1d4f7a3a-786b-4a74-b34f-14d44343de9e
+Tags:
+- nt4.sys
+Verified: 'FALSE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create nt4.sys binPath=C:\windows\temp \n \n \n  t4.sys type=kernel
-    && sc.exe start nt4.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection: []
-Id: 1d4f7a3a-786b-4a74-b34f-14d44343de9e
-KnownVulnerableSamples:
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: nt4.sys
-  MachineType: ''
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA256: d7bc7306cb489fe4c285bbeddc6d1a09e814ef55cf30bd5b8daf87a52396f102
-  Signature: []
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create nt4.sys binPath=C:\windows\temp \n \n \n  t4.sys type=kernel
+        && sc.exe start nt4.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules
-Tags:
-- nt4.sys
-Verified: 'FALSE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: nt4.sys
+    MachineType: ''
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA256: d7bc7306cb489fe4c285bbeddc6d1a09e814ef55cf30bd5b8daf87a52396f102
+    Signature: []
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/1ed9d02f-17cf-43dd-9645-a54452468a5e.yaml b/yaml/1ed9d02f-17cf-43dd-9645-a54452468a5e.yaml
index 44bfc55fe..57efbe772 100644
--- a/yaml/1ed9d02f-17cf-43dd-9645-a54452468a5e.yaml
+++ b/yaml/1ed9d02f-17cf-43dd-9645-a54452468a5e.yaml
@@ -1,49 +1,49 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 1ed9d02f-17cf-43dd-9645-a54452468a5e
+Tags:
+- WinIo64C.sys
+Verified: 'FALSE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create WinIo64C.sys binPath=C:\windows\temp\WinIo64C.sys type=kernel
-    && sc.exe start WinIo64C.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection: []
-Id: 1ed9d02f-17cf-43dd-9645-a54452468a5e
-KnownVulnerableSamples:
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: WinIo64C.sys
-  MachineType: ''
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: b242b0332b9c9e8e17ec27ef10d75503d20d97b6
-  Signature: []
-  LoadsDespiteHVCI: 'FALSE'
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: WinIo64C.sys
-  MachineType: ''
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: a65fabaf64aa1934314aae23f25cdf215cbaa4b6
-  Signature: []
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create WinIo64C.sys binPath=C:\windows\temp\WinIo64C.sys type=kernel
+        && sc.exe start WinIo64C.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - ' https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules'
 - https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules
-Tags:
-- WinIo64C.sys
-Verified: 'FALSE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: WinIo64C.sys
+    MachineType: ''
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: b242b0332b9c9e8e17ec27ef10d75503d20d97b6
+    Signature: []
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: WinIo64C.sys
+    MachineType: ''
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: a65fabaf64aa1934314aae23f25cdf215cbaa4b6
+    Signature: []
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/1ff757df-9a40-4f78-a28a-64830440abf7.yaml b/yaml/1ff757df-9a40-4f78-a28a-64830440abf7.yaml
index 970e1f04e..6bf985727 100644
--- a/yaml/1ff757df-9a40-4f78-a28a-64830440abf7.yaml
+++ b/yaml/1ff757df-9a40-4f78-a28a-64830440abf7.yaml
@@ -1,318 +1,318 @@
 Id: 1ff757df-9a40-4f78-a28a-64830440abf7
+Tags:
+- winio64.sys
+Verified: 'TRUE'
 Author: Nasreddine Bencherchali
 Created: '2023-05-06'
 MitreID: T1068
 Category: vulnerable driver
-Verified: 'TRUE'
 Commands:
-  Command: sc.exe create winio64.sys binPath=C:\windows\temp\winio64.sys type=kernel
-    && sc.exe start winio64.sys
-  Description: ''
-  Usecase: Elevate privileges
-  Privileges: kernel
-  OperatingSystem: Windows 10
+    Command: sc.exe create winio64.sys binPath=C:\windows\temp\winio64.sys type=kernel
+        && sc.exe start winio64.sys
+    Description: ''
+    Usecase: Elevate privileges
+    Privileges: kernel
+    OperatingSystem: Windows 10
 Resources:
 - Internal Research
-Acknowledgement:
-  Person: ''
-  Handle: ''
 Detection: []
+Acknowledgement:
+    Person: ''
+    Handle: ''
 KnownVulnerableSamples:
-- Filename: winio64.sys
-  MD5: 8fc6cafd4e63a3271edf6a1897a892ae
-  SHA1: f8d7369527cc6976283cc73cd761f93bd1cec49d
-  SHA256: 15fb486b6b8c2a2f1b067f48fba10c2f164638fe5e6cee618fb84463578ecac9
-  Authentihash:
-    MD5: 241252e4ebe7b4fdf6fd5a34ece5b127
-    SHA1: eaba3ed3a83a8ef75db88c1f0def5160c3835a8c
-    SHA256: cb5ebba562c33ef2ed93558913792726c8c2e5898531923589122ae31db64ebb
-  Description: ''
-  Company: ''
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  Product: ''
-  ProductVersion: ''
-  Copyright: ''
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  - WDFLDR.SYS
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - ObfDereferenceObject
-  - ZwClose
-  - ZwOpenSection
-  - ObReferenceObjectByHandle
-  - ZwUnmapViewOfSection
-  - KeBugCheckEx
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - RtlCopyUnicodeString
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - IofCompleteRequest
-  - ZwMapViewOfSection
-  - RtlInitUnicodeString
-  - HalTranslateBusAddress
-  - WdfVersionUnbind
-  - WdfVersionBind
-  - WdfVersionBindClass
-  - WdfVersionUnbindClass
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom
-        Certification Authority
-      ValidFrom: '2011-04-15 20:13:19'
-      ValidTo: '2021-04-15 20:23:19'
-      Signature: 375933ca5e487d489a5be42fdbdb59a8c61f77c0a58747e86508c6672688d95c58e2c631ac0c32b96f7cc58748db2c0a23484d0dcf1116ef60577ed5326e22de373cc7dc16f3c9ce2939fb37daf5e4e741d8a2f82db3498a601f64ef9c1364b3469a82cc650f18550776c9e9337790a644daefa64d551038316f3a58ed31486190c04615b4c0a64e5493c00db524e55017c6d62392226992e0abab297508255399959f50b65b6753aaa2ba905a6ea3e35b5c830e54426dbdb917a8205284b51a4fb24d68d2c28ff8f9ae837c24a6e6c17f9a932f2e550df87bc1be336fab0cd934585c9c40ce284a015529655d5bfd525a54591171470b3eff2c9ae931d9046a33871d2f880fc99aab14a8c20b4f8589ac25490dff54395513d6b84d6bf44aad1833bc8e0052b476c2eccd8beb60d57880844a0eb93d4d560d1b17176f60fcdbd867cd3d4082b55c567f8d274cc76d5da410b57c410c39912f41d2c6310686eb405087d8131e852f10448b7a0361693b29fedfcdd3e07d19ba3b84e34e9ad78c7cd73d9dd7fd50108f06683bd8be3bbbaa284552eadde83a334caf38c715e3e97cee83eb2a1cbdd8fdf5394e7c5f25b39349ca88e56152f0dd14f8394ead47182aefcc6b29493fd7a48e7abd6f6bee675db7b167a60055014532b842fe96fc06b9cecfcff9fb6eab728718451afce3846a414f36714c77eea3191ab87d098c01
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 6139bb9c000000000033
-      Version: 3
-      TBS:
-        MD5: 5b3304180221a8328ce477b1fd93898f
-        SHA1: 9b7f1e1653a52d801387f1e51d17fabb8d435d0c
-        SHA256: 67070bcf2ee304cedd252a1dd8a7222c1be50fd2d5eabef9446cb633e133d264
-        SHA384: be36b1ba9a006afb9eb53263634cb8ca38dd6ca7f95ec56f943324f3a26f9c34c2dff1a3a5c72c88513e23e1f20c8824
-    - Subject: C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom
-        Class 3 Primary Intermediate Object CA
-      ValidFrom: '2007-10-24 22:03:55'
-      ValidTo: '2017-10-24 22:03:55'
-      Signature: b8eba5382cab9038cfbe906919952f964e48103545b043712eb90e670f618458ed651ae0d8515c96c4df69cafb62bf35ea4a6923f2f67f60db652925e8ba5ef9485920745c9998fa7ed74eaf43963b88880e81f1d0a6a9af1df5e73e045be8927b624a531d3b7aaf94a20502da0fada1a732166a1d5d88f1ddc5da7e91b00a53124ddbefcdea9f48dfbfb27c0192f9816379a06f0e97d99044a550b8874b5cd89ca27aad4b91f31174e6a82342d4265ca83d85a035ec5308ddb62d1c21c8484ac4c83ab06e2f43e6df64097586fe0e68d26354a066e49eefdb5c74a0a8dc40e97b67d63b3ed286d31621d1e13252a3e6c2e1637e74431abeec29ae56e11811fa650b37340eb44799f86fb4994ed235b04764b5fee9afb69a23c282c838b6d4a42e3421ce03ef4c3841502f0dad40c82827e9eb7c2bd1704e2c8818c87c3f24505dcb5354679fd7a109980b0b8b2169ba72a6127bb05a0e697cc706ba2c7a950f079463235657a5382a63c4206a9e84438fdad8d03fd07d9592132916c0d868cae5fe7598b6f410e17c309eb990292035e31c56b30afd86717cfbbc0b2e8c94e35469c4784d1e0af80f33b9e256d789841c9cdf6fc50b8f998351066b441d6f30bcbef93a190bccfae6bc223f3d5475b80a647f7f65bba29049c3f227f7bbb97eb7688782cd43ec6cacab29c7d040e2bb3a0218315077ae33b1a9a8c62d4570ff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: '26'
-      Version: 3
-      TBS:
-        MD5: 40b719dc6e7a16f1672333943daca04b
-        SHA1: fbb05f9486d50f8f35013e531f1504e9f62cb3df
-        SHA256: 4997f6bbc707da19c7897e17a916d35dfbd8112bb671ac5d2d9397c690b7ba5c
-        SHA384: f73bf1c578a221661f96516389fd512e150551bab68487c981a2dfbb172419e2d2e5b00f52b50a251b9ff5dcb0be83df
-    - Subject: ??=Hdgwyqp6jNS97z8P, C=US, ST=Indiana, L=Fishers, O=Exacq Technologies,
-        Inc., CN=Exacq Technologies, Inc., emailAddress=info@exacq.com
-      ValidFrom: '2014-07-24 18:00:20'
-      ValidTo: '2017-07-24 09:00:56'
-      Signature: b4fea6e9fcf641e617b115ceca7bf10bbdcce8ed5a6644fe006af7a42a7e67ce269bef720dc937e258a7df51c342f9b00a5202ee5d651f76a3d1a7729cacb3db6a811d17df6042f447a26544de87b59d9d241a7446af330bd89fae3f9a07f8ea86ae276fb5f0c325ac0b7ba62c7e58a551e319daf55bfb4a1cde484b9519fb07f7f4801afe43ed99b6275cc66d36c23d0b1aebf05bebd79a1f16f7084c5bc1b2d935e6868ed0e1ca7100a6ef14af0194439e0e33de20ab71e5fe453c632c6686dbc5ecb969619e8519fd5f79da2ddf35936daa73c0c6216661e290de4d6473b3a1a964917567692568e8365de7ed1e4801749a004b915e58755de83a0e23f2e3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0f69
-      Version: 3
-      TBS:
-        MD5: f5497dbe7af27561736a3ba6935044e8
-        SHA1: 50728ba20d7ee0726bb8aa4a9d9659f7c938830f
-        SHA256: e468a80174391ca98a6720033afaec1f31468ac2aeee5938ff0350977ec443fe
-        SHA384: 5b5ae06ffc6250a52e3085bc0c8da4f74d722ff772535cb5f14588218b3dcad60f5b09c79afb2e189b4f60a11e286f63
-    Signer:
-    - SerialNumber: 0f69
-      Issuer: C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom
-        Class 3 Primary Intermediate Object CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 01fa87d3ec80d5af5f5d299a66795493
-    SHA1: 5957eeee532c4f376ed95fb03784c5051dd8c097
-    SHA256: 39f1dcdc4eeab157c00e38de7f5f1aff3b162318d5c9e33e8f63becae1850eb2
-  Sections:
-    .text:
-      Entropy: 6.0566282345703675
-      Virtual Size: '0xdbe'
-    .rdata:
-      Entropy: 3.918940983915505
-      Virtual Size: '0x2b4'
-    .data:
-      Entropy: 0.632570099181397
-      Virtual Size: '0x1028'
-    .pdata:
-      Entropy: 3.595150149062291
-      Virtual Size: '0xc0'
-    INIT:
-      Entropy: 4.92328698169394
-      Virtual Size: '0x326'
-    .reloc:
-      Entropy: 1.4575187496394217
-      Virtual Size: '0x30'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2014-05-19 09:29:34'
-  Imphash: 9e15ce38f071c916bea830247f1241bb
-  LoadsDespiteHVCI: 'TRUE'
-- Filename: WinIo64.sys
-  MD5: 7c0b186d1912686cfcb8cd9cdebabe58
-  SHA1: 6bb68e1894bfbc1ac86bcdc048f7fe7743de2f92
-  SHA256: dbe9f17313e1164f06401234b875fbc7f71d41dc7271de643865af1358841fef
-  Authentihash:
-    MD5: 241252e4ebe7b4fdf6fd5a34ece5b127
-    SHA1: eaba3ed3a83a8ef75db88c1f0def5160c3835a8c
-    SHA256: cb5ebba562c33ef2ed93558913792726c8c2e5898531923589122ae31db64ebb
-  Description: ''
-  Company: ''
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  Product: ''
-  ProductVersion: ''
-  Copyright: ''
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  - WDFLDR.SYS
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - ObfDereferenceObject
-  - ZwClose
-  - ZwOpenSection
-  - ObReferenceObjectByHandle
-  - ZwUnmapViewOfSection
-  - KeBugCheckEx
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - RtlCopyUnicodeString
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - IofCompleteRequest
-  - ZwMapViewOfSection
-  - RtlInitUnicodeString
-  - HalTranslateBusAddress
-  - WdfVersionUnbind
-  - WdfVersionBind
-  - WdfVersionBindClass
-  - WdfVersionUnbindClass
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom
-        Certification Authority
-      ValidFrom: '2011-04-15 20:13:19'
-      ValidTo: '2021-04-15 20:23:19'
-      Signature: 375933ca5e487d489a5be42fdbdb59a8c61f77c0a58747e86508c6672688d95c58e2c631ac0c32b96f7cc58748db2c0a23484d0dcf1116ef60577ed5326e22de373cc7dc16f3c9ce2939fb37daf5e4e741d8a2f82db3498a601f64ef9c1364b3469a82cc650f18550776c9e9337790a644daefa64d551038316f3a58ed31486190c04615b4c0a64e5493c00db524e55017c6d62392226992e0abab297508255399959f50b65b6753aaa2ba905a6ea3e35b5c830e54426dbdb917a8205284b51a4fb24d68d2c28ff8f9ae837c24a6e6c17f9a932f2e550df87bc1be336fab0cd934585c9c40ce284a015529655d5bfd525a54591171470b3eff2c9ae931d9046a33871d2f880fc99aab14a8c20b4f8589ac25490dff54395513d6b84d6bf44aad1833bc8e0052b476c2eccd8beb60d57880844a0eb93d4d560d1b17176f60fcdbd867cd3d4082b55c567f8d274cc76d5da410b57c410c39912f41d2c6310686eb405087d8131e852f10448b7a0361693b29fedfcdd3e07d19ba3b84e34e9ad78c7cd73d9dd7fd50108f06683bd8be3bbbaa284552eadde83a334caf38c715e3e97cee83eb2a1cbdd8fdf5394e7c5f25b39349ca88e56152f0dd14f8394ead47182aefcc6b29493fd7a48e7abd6f6bee675db7b167a60055014532b842fe96fc06b9cecfcff9fb6eab728718451afce3846a414f36714c77eea3191ab87d098c01
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 6139bb9c000000000033
-      Version: 3
-      TBS:
-        MD5: 5b3304180221a8328ce477b1fd93898f
-        SHA1: 9b7f1e1653a52d801387f1e51d17fabb8d435d0c
-        SHA256: 67070bcf2ee304cedd252a1dd8a7222c1be50fd2d5eabef9446cb633e133d264
-        SHA384: be36b1ba9a006afb9eb53263634cb8ca38dd6ca7f95ec56f943324f3a26f9c34c2dff1a3a5c72c88513e23e1f20c8824
-    - Subject: C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom
-        Class 3 Primary Intermediate Object CA
-      ValidFrom: '2007-10-24 22:03:55'
-      ValidTo: '2017-10-24 22:03:55'
-      Signature: b8eba5382cab9038cfbe906919952f964e48103545b043712eb90e670f618458ed651ae0d8515c96c4df69cafb62bf35ea4a6923f2f67f60db652925e8ba5ef9485920745c9998fa7ed74eaf43963b88880e81f1d0a6a9af1df5e73e045be8927b624a531d3b7aaf94a20502da0fada1a732166a1d5d88f1ddc5da7e91b00a53124ddbefcdea9f48dfbfb27c0192f9816379a06f0e97d99044a550b8874b5cd89ca27aad4b91f31174e6a82342d4265ca83d85a035ec5308ddb62d1c21c8484ac4c83ab06e2f43e6df64097586fe0e68d26354a066e49eefdb5c74a0a8dc40e97b67d63b3ed286d31621d1e13252a3e6c2e1637e74431abeec29ae56e11811fa650b37340eb44799f86fb4994ed235b04764b5fee9afb69a23c282c838b6d4a42e3421ce03ef4c3841502f0dad40c82827e9eb7c2bd1704e2c8818c87c3f24505dcb5354679fd7a109980b0b8b2169ba72a6127bb05a0e697cc706ba2c7a950f079463235657a5382a63c4206a9e84438fdad8d03fd07d9592132916c0d868cae5fe7598b6f410e17c309eb990292035e31c56b30afd86717cfbbc0b2e8c94e35469c4784d1e0af80f33b9e256d789841c9cdf6fc50b8f998351066b441d6f30bcbef93a190bccfae6bc223f3d5475b80a647f7f65bba29049c3f227f7bbb97eb7688782cd43ec6cacab29c7d040e2bb3a0218315077ae33b1a9a8c62d4570ff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: '26'
-      Version: 3
-      TBS:
-        MD5: 40b719dc6e7a16f1672333943daca04b
-        SHA1: fbb05f9486d50f8f35013e531f1504e9f62cb3df
-        SHA256: 4997f6bbc707da19c7897e17a916d35dfbd8112bb671ac5d2d9397c690b7ba5c
-        SHA384: f73bf1c578a221661f96516389fd512e150551bab68487c981a2dfbb172419e2d2e5b00f52b50a251b9ff5dcb0be83df
-    - Subject: ??=Hdgwyqp6jNS97z8P, C=US, ST=Indiana, L=Fishers, O=Exacq Technologies,
-        Inc., CN=Exacq Technologies, Inc., emailAddress=info@exacq.com
-      ValidFrom: '2014-07-24 18:00:20'
-      ValidTo: '2017-07-24 09:00:56'
-      Signature: b4fea6e9fcf641e617b115ceca7bf10bbdcce8ed5a6644fe006af7a42a7e67ce269bef720dc937e258a7df51c342f9b00a5202ee5d651f76a3d1a7729cacb3db6a811d17df6042f447a26544de87b59d9d241a7446af330bd89fae3f9a07f8ea86ae276fb5f0c325ac0b7ba62c7e58a551e319daf55bfb4a1cde484b9519fb07f7f4801afe43ed99b6275cc66d36c23d0b1aebf05bebd79a1f16f7084c5bc1b2d935e6868ed0e1ca7100a6ef14af0194439e0e33de20ab71e5fe453c632c6686dbc5ecb969619e8519fd5f79da2ddf35936daa73c0c6216661e290de4d6473b3a1a964917567692568e8365de7ed1e4801749a004b915e58755de83a0e23f2e3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0f69
-      Version: 3
-      TBS:
-        MD5: f5497dbe7af27561736a3ba6935044e8
-        SHA1: 50728ba20d7ee0726bb8aa4a9d9659f7c938830f
-        SHA256: e468a80174391ca98a6720033afaec1f31468ac2aeee5938ff0350977ec443fe
-        SHA384: 5b5ae06ffc6250a52e3085bc0c8da4f74d722ff772535cb5f14588218b3dcad60f5b09c79afb2e189b4f60a11e286f63
-    Signer:
-    - SerialNumber: 0f69
-      Issuer: C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom
-        Class 3 Primary Intermediate Object CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 01fa87d3ec80d5af5f5d299a66795493
-    SHA1: 5957eeee532c4f376ed95fb03784c5051dd8c097
-    SHA256: 39f1dcdc4eeab157c00e38de7f5f1aff3b162318d5c9e33e8f63becae1850eb2
-  Sections:
-    .text:
-      Entropy: 6.0566282345703675
-      Virtual Size: '0xdbe'
-    .rdata:
-      Entropy: 3.918940983915505
-      Virtual Size: '0x2b4'
-    .data:
-      Entropy: 0.632570099181397
-      Virtual Size: '0x1028'
-    .pdata:
-      Entropy: 3.595150149062291
-      Virtual Size: '0xc0'
-    INIT:
-      Entropy: 4.92328698169394
-      Virtual Size: '0x326'
-    .reloc:
-      Entropy: 1.4575187496394217
-      Virtual Size: '0x30'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2014-05-19 09:29:34'
-  Imphash: 9e15ce38f071c916bea830247f1241bb
-  LoadsDespiteHVCI: 'TRUE'
-Tags:
-- winio64.sys
+-   Filename: winio64.sys
+    MD5: 8fc6cafd4e63a3271edf6a1897a892ae
+    SHA1: f8d7369527cc6976283cc73cd761f93bd1cec49d
+    SHA256: 15fb486b6b8c2a2f1b067f48fba10c2f164638fe5e6cee618fb84463578ecac9
+    Authentihash:
+        MD5: 241252e4ebe7b4fdf6fd5a34ece5b127
+        SHA1: eaba3ed3a83a8ef75db88c1f0def5160c3835a8c
+        SHA256: cb5ebba562c33ef2ed93558913792726c8c2e5898531923589122ae31db64ebb
+    Description: ''
+    Company: ''
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    Product: ''
+    ProductVersion: ''
+    Copyright: ''
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    - WDFLDR.SYS
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - ObfDereferenceObject
+    - ZwClose
+    - ZwOpenSection
+    - ObReferenceObjectByHandle
+    - ZwUnmapViewOfSection
+    - KeBugCheckEx
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - RtlCopyUnicodeString
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - IofCompleteRequest
+    - ZwMapViewOfSection
+    - RtlInitUnicodeString
+    - HalTranslateBusAddress
+    - WdfVersionUnbind
+    - WdfVersionBind
+    - WdfVersionBindClass
+    - WdfVersionUnbindClass
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing,
+                CN=StartCom Certification Authority
+            ValidFrom: '2011-04-15 20:13:19'
+            ValidTo: '2021-04-15 20:23:19'
+            Signature: 375933ca5e487d489a5be42fdbdb59a8c61f77c0a58747e86508c6672688d95c58e2c631ac0c32b96f7cc58748db2c0a23484d0dcf1116ef60577ed5326e22de373cc7dc16f3c9ce2939fb37daf5e4e741d8a2f82db3498a601f64ef9c1364b3469a82cc650f18550776c9e9337790a644daefa64d551038316f3a58ed31486190c04615b4c0a64e5493c00db524e55017c6d62392226992e0abab297508255399959f50b65b6753aaa2ba905a6ea3e35b5c830e54426dbdb917a8205284b51a4fb24d68d2c28ff8f9ae837c24a6e6c17f9a932f2e550df87bc1be336fab0cd934585c9c40ce284a015529655d5bfd525a54591171470b3eff2c9ae931d9046a33871d2f880fc99aab14a8c20b4f8589ac25490dff54395513d6b84d6bf44aad1833bc8e0052b476c2eccd8beb60d57880844a0eb93d4d560d1b17176f60fcdbd867cd3d4082b55c567f8d274cc76d5da410b57c410c39912f41d2c6310686eb405087d8131e852f10448b7a0361693b29fedfcdd3e07d19ba3b84e34e9ad78c7cd73d9dd7fd50108f06683bd8be3bbbaa284552eadde83a334caf38c715e3e97cee83eb2a1cbdd8fdf5394e7c5f25b39349ca88e56152f0dd14f8394ead47182aefcc6b29493fd7a48e7abd6f6bee675db7b167a60055014532b842fe96fc06b9cecfcff9fb6eab728718451afce3846a414f36714c77eea3191ab87d098c01
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 6139bb9c000000000033
+            Version: 3
+            TBS:
+                MD5: 5b3304180221a8328ce477b1fd93898f
+                SHA1: 9b7f1e1653a52d801387f1e51d17fabb8d435d0c
+                SHA256: 67070bcf2ee304cedd252a1dd8a7222c1be50fd2d5eabef9446cb633e133d264
+                SHA384: be36b1ba9a006afb9eb53263634cb8ca38dd6ca7f95ec56f943324f3a26f9c34c2dff1a3a5c72c88513e23e1f20c8824
+        -   Subject: C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing,
+                CN=StartCom Class 3 Primary Intermediate Object CA
+            ValidFrom: '2007-10-24 22:03:55'
+            ValidTo: '2017-10-24 22:03:55'
+            Signature: b8eba5382cab9038cfbe906919952f964e48103545b043712eb90e670f618458ed651ae0d8515c96c4df69cafb62bf35ea4a6923f2f67f60db652925e8ba5ef9485920745c9998fa7ed74eaf43963b88880e81f1d0a6a9af1df5e73e045be8927b624a531d3b7aaf94a20502da0fada1a732166a1d5d88f1ddc5da7e91b00a53124ddbefcdea9f48dfbfb27c0192f9816379a06f0e97d99044a550b8874b5cd89ca27aad4b91f31174e6a82342d4265ca83d85a035ec5308ddb62d1c21c8484ac4c83ab06e2f43e6df64097586fe0e68d26354a066e49eefdb5c74a0a8dc40e97b67d63b3ed286d31621d1e13252a3e6c2e1637e74431abeec29ae56e11811fa650b37340eb44799f86fb4994ed235b04764b5fee9afb69a23c282c838b6d4a42e3421ce03ef4c3841502f0dad40c82827e9eb7c2bd1704e2c8818c87c3f24505dcb5354679fd7a109980b0b8b2169ba72a6127bb05a0e697cc706ba2c7a950f079463235657a5382a63c4206a9e84438fdad8d03fd07d9592132916c0d868cae5fe7598b6f410e17c309eb990292035e31c56b30afd86717cfbbc0b2e8c94e35469c4784d1e0af80f33b9e256d789841c9cdf6fc50b8f998351066b441d6f30bcbef93a190bccfae6bc223f3d5475b80a647f7f65bba29049c3f227f7bbb97eb7688782cd43ec6cacab29c7d040e2bb3a0218315077ae33b1a9a8c62d4570ff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: '26'
+            Version: 3
+            TBS:
+                MD5: 40b719dc6e7a16f1672333943daca04b
+                SHA1: fbb05f9486d50f8f35013e531f1504e9f62cb3df
+                SHA256: 4997f6bbc707da19c7897e17a916d35dfbd8112bb671ac5d2d9397c690b7ba5c
+                SHA384: f73bf1c578a221661f96516389fd512e150551bab68487c981a2dfbb172419e2d2e5b00f52b50a251b9ff5dcb0be83df
+        -   Subject: ??=Hdgwyqp6jNS97z8P, C=US, ST=Indiana, L=Fishers, O=Exacq Technologies,
+                Inc., CN=Exacq Technologies, Inc., emailAddress=info@exacq.com
+            ValidFrom: '2014-07-24 18:00:20'
+            ValidTo: '2017-07-24 09:00:56'
+            Signature: b4fea6e9fcf641e617b115ceca7bf10bbdcce8ed5a6644fe006af7a42a7e67ce269bef720dc937e258a7df51c342f9b00a5202ee5d651f76a3d1a7729cacb3db6a811d17df6042f447a26544de87b59d9d241a7446af330bd89fae3f9a07f8ea86ae276fb5f0c325ac0b7ba62c7e58a551e319daf55bfb4a1cde484b9519fb07f7f4801afe43ed99b6275cc66d36c23d0b1aebf05bebd79a1f16f7084c5bc1b2d935e6868ed0e1ca7100a6ef14af0194439e0e33de20ab71e5fe453c632c6686dbc5ecb969619e8519fd5f79da2ddf35936daa73c0c6216661e290de4d6473b3a1a964917567692568e8365de7ed1e4801749a004b915e58755de83a0e23f2e3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0f69
+            Version: 3
+            TBS:
+                MD5: f5497dbe7af27561736a3ba6935044e8
+                SHA1: 50728ba20d7ee0726bb8aa4a9d9659f7c938830f
+                SHA256: e468a80174391ca98a6720033afaec1f31468ac2aeee5938ff0350977ec443fe
+                SHA384: 5b5ae06ffc6250a52e3085bc0c8da4f74d722ff772535cb5f14588218b3dcad60f5b09c79afb2e189b4f60a11e286f63
+        Signer:
+        -   SerialNumber: 0f69
+            Issuer: C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing,
+                CN=StartCom Class 3 Primary Intermediate Object CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 01fa87d3ec80d5af5f5d299a66795493
+        SHA1: 5957eeee532c4f376ed95fb03784c5051dd8c097
+        SHA256: 39f1dcdc4eeab157c00e38de7f5f1aff3b162318d5c9e33e8f63becae1850eb2
+    Sections:
+        .text:
+            Entropy: 6.0566282345703675
+            Virtual Size: '0xdbe'
+        .rdata:
+            Entropy: 3.918940983915505
+            Virtual Size: '0x2b4'
+        .data:
+            Entropy: 0.632570099181397
+            Virtual Size: '0x1028'
+        .pdata:
+            Entropy: 3.595150149062291
+            Virtual Size: '0xc0'
+        INIT:
+            Entropy: 4.92328698169394
+            Virtual Size: '0x326'
+        .reloc:
+            Entropy: 1.4575187496394217
+            Virtual Size: '0x30'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2014-05-19 09:29:34'
+    Imphash: 9e15ce38f071c916bea830247f1241bb
+    LoadsDespiteHVCI: 'TRUE'
+-   Filename: WinIo64.sys
+    MD5: 7c0b186d1912686cfcb8cd9cdebabe58
+    SHA1: 6bb68e1894bfbc1ac86bcdc048f7fe7743de2f92
+    SHA256: dbe9f17313e1164f06401234b875fbc7f71d41dc7271de643865af1358841fef
+    Authentihash:
+        MD5: 241252e4ebe7b4fdf6fd5a34ece5b127
+        SHA1: eaba3ed3a83a8ef75db88c1f0def5160c3835a8c
+        SHA256: cb5ebba562c33ef2ed93558913792726c8c2e5898531923589122ae31db64ebb
+    Description: ''
+    Company: ''
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    Product: ''
+    ProductVersion: ''
+    Copyright: ''
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    - WDFLDR.SYS
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - ObfDereferenceObject
+    - ZwClose
+    - ZwOpenSection
+    - ObReferenceObjectByHandle
+    - ZwUnmapViewOfSection
+    - KeBugCheckEx
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - RtlCopyUnicodeString
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - IofCompleteRequest
+    - ZwMapViewOfSection
+    - RtlInitUnicodeString
+    - HalTranslateBusAddress
+    - WdfVersionUnbind
+    - WdfVersionBind
+    - WdfVersionBindClass
+    - WdfVersionUnbindClass
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing,
+                CN=StartCom Certification Authority
+            ValidFrom: '2011-04-15 20:13:19'
+            ValidTo: '2021-04-15 20:23:19'
+            Signature: 375933ca5e487d489a5be42fdbdb59a8c61f77c0a58747e86508c6672688d95c58e2c631ac0c32b96f7cc58748db2c0a23484d0dcf1116ef60577ed5326e22de373cc7dc16f3c9ce2939fb37daf5e4e741d8a2f82db3498a601f64ef9c1364b3469a82cc650f18550776c9e9337790a644daefa64d551038316f3a58ed31486190c04615b4c0a64e5493c00db524e55017c6d62392226992e0abab297508255399959f50b65b6753aaa2ba905a6ea3e35b5c830e54426dbdb917a8205284b51a4fb24d68d2c28ff8f9ae837c24a6e6c17f9a932f2e550df87bc1be336fab0cd934585c9c40ce284a015529655d5bfd525a54591171470b3eff2c9ae931d9046a33871d2f880fc99aab14a8c20b4f8589ac25490dff54395513d6b84d6bf44aad1833bc8e0052b476c2eccd8beb60d57880844a0eb93d4d560d1b17176f60fcdbd867cd3d4082b55c567f8d274cc76d5da410b57c410c39912f41d2c6310686eb405087d8131e852f10448b7a0361693b29fedfcdd3e07d19ba3b84e34e9ad78c7cd73d9dd7fd50108f06683bd8be3bbbaa284552eadde83a334caf38c715e3e97cee83eb2a1cbdd8fdf5394e7c5f25b39349ca88e56152f0dd14f8394ead47182aefcc6b29493fd7a48e7abd6f6bee675db7b167a60055014532b842fe96fc06b9cecfcff9fb6eab728718451afce3846a414f36714c77eea3191ab87d098c01
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 6139bb9c000000000033
+            Version: 3
+            TBS:
+                MD5: 5b3304180221a8328ce477b1fd93898f
+                SHA1: 9b7f1e1653a52d801387f1e51d17fabb8d435d0c
+                SHA256: 67070bcf2ee304cedd252a1dd8a7222c1be50fd2d5eabef9446cb633e133d264
+                SHA384: be36b1ba9a006afb9eb53263634cb8ca38dd6ca7f95ec56f943324f3a26f9c34c2dff1a3a5c72c88513e23e1f20c8824
+        -   Subject: C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing,
+                CN=StartCom Class 3 Primary Intermediate Object CA
+            ValidFrom: '2007-10-24 22:03:55'
+            ValidTo: '2017-10-24 22:03:55'
+            Signature: b8eba5382cab9038cfbe906919952f964e48103545b043712eb90e670f618458ed651ae0d8515c96c4df69cafb62bf35ea4a6923f2f67f60db652925e8ba5ef9485920745c9998fa7ed74eaf43963b88880e81f1d0a6a9af1df5e73e045be8927b624a531d3b7aaf94a20502da0fada1a732166a1d5d88f1ddc5da7e91b00a53124ddbefcdea9f48dfbfb27c0192f9816379a06f0e97d99044a550b8874b5cd89ca27aad4b91f31174e6a82342d4265ca83d85a035ec5308ddb62d1c21c8484ac4c83ab06e2f43e6df64097586fe0e68d26354a066e49eefdb5c74a0a8dc40e97b67d63b3ed286d31621d1e13252a3e6c2e1637e74431abeec29ae56e11811fa650b37340eb44799f86fb4994ed235b04764b5fee9afb69a23c282c838b6d4a42e3421ce03ef4c3841502f0dad40c82827e9eb7c2bd1704e2c8818c87c3f24505dcb5354679fd7a109980b0b8b2169ba72a6127bb05a0e697cc706ba2c7a950f079463235657a5382a63c4206a9e84438fdad8d03fd07d9592132916c0d868cae5fe7598b6f410e17c309eb990292035e31c56b30afd86717cfbbc0b2e8c94e35469c4784d1e0af80f33b9e256d789841c9cdf6fc50b8f998351066b441d6f30bcbef93a190bccfae6bc223f3d5475b80a647f7f65bba29049c3f227f7bbb97eb7688782cd43ec6cacab29c7d040e2bb3a0218315077ae33b1a9a8c62d4570ff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: '26'
+            Version: 3
+            TBS:
+                MD5: 40b719dc6e7a16f1672333943daca04b
+                SHA1: fbb05f9486d50f8f35013e531f1504e9f62cb3df
+                SHA256: 4997f6bbc707da19c7897e17a916d35dfbd8112bb671ac5d2d9397c690b7ba5c
+                SHA384: f73bf1c578a221661f96516389fd512e150551bab68487c981a2dfbb172419e2d2e5b00f52b50a251b9ff5dcb0be83df
+        -   Subject: ??=Hdgwyqp6jNS97z8P, C=US, ST=Indiana, L=Fishers, O=Exacq Technologies,
+                Inc., CN=Exacq Technologies, Inc., emailAddress=info@exacq.com
+            ValidFrom: '2014-07-24 18:00:20'
+            ValidTo: '2017-07-24 09:00:56'
+            Signature: b4fea6e9fcf641e617b115ceca7bf10bbdcce8ed5a6644fe006af7a42a7e67ce269bef720dc937e258a7df51c342f9b00a5202ee5d651f76a3d1a7729cacb3db6a811d17df6042f447a26544de87b59d9d241a7446af330bd89fae3f9a07f8ea86ae276fb5f0c325ac0b7ba62c7e58a551e319daf55bfb4a1cde484b9519fb07f7f4801afe43ed99b6275cc66d36c23d0b1aebf05bebd79a1f16f7084c5bc1b2d935e6868ed0e1ca7100a6ef14af0194439e0e33de20ab71e5fe453c632c6686dbc5ecb969619e8519fd5f79da2ddf35936daa73c0c6216661e290de4d6473b3a1a964917567692568e8365de7ed1e4801749a004b915e58755de83a0e23f2e3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0f69
+            Version: 3
+            TBS:
+                MD5: f5497dbe7af27561736a3ba6935044e8
+                SHA1: 50728ba20d7ee0726bb8aa4a9d9659f7c938830f
+                SHA256: e468a80174391ca98a6720033afaec1f31468ac2aeee5938ff0350977ec443fe
+                SHA384: 5b5ae06ffc6250a52e3085bc0c8da4f74d722ff772535cb5f14588218b3dcad60f5b09c79afb2e189b4f60a11e286f63
+        Signer:
+        -   SerialNumber: 0f69
+            Issuer: C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing,
+                CN=StartCom Class 3 Primary Intermediate Object CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 01fa87d3ec80d5af5f5d299a66795493
+        SHA1: 5957eeee532c4f376ed95fb03784c5051dd8c097
+        SHA256: 39f1dcdc4eeab157c00e38de7f5f1aff3b162318d5c9e33e8f63becae1850eb2
+    Sections:
+        .text:
+            Entropy: 6.0566282345703675
+            Virtual Size: '0xdbe'
+        .rdata:
+            Entropy: 3.918940983915505
+            Virtual Size: '0x2b4'
+        .data:
+            Entropy: 0.632570099181397
+            Virtual Size: '0x1028'
+        .pdata:
+            Entropy: 3.595150149062291
+            Virtual Size: '0xc0'
+        INIT:
+            Entropy: 4.92328698169394
+            Virtual Size: '0x326'
+        .reloc:
+            Entropy: 1.4575187496394217
+            Virtual Size: '0x30'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2014-05-19 09:29:34'
+    Imphash: 9e15ce38f071c916bea830247f1241bb
+    LoadsDespiteHVCI: 'TRUE'
diff --git a/yaml/204eccdf-99ca-4f2a-a325-8ebe34fd29a1.yaml b/yaml/204eccdf-99ca-4f2a-a325-8ebe34fd29a1.yaml
index d95a59e21..0b6f47ad6 100644
--- a/yaml/204eccdf-99ca-4f2a-a325-8ebe34fd29a1.yaml
+++ b/yaml/204eccdf-99ca-4f2a-a325-8ebe34fd29a1.yaml
@@ -1,35 +1,35 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 204eccdf-99ca-4f2a-a325-8ebe34fd29a1
+Tags:
+- bwrs.sys
+Verified: 'FALSE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create bwrs.sys binPath=C:\windows\temp\bwrs.sys type=kernel &&
-    sc.exe start bwrs.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection: []
-Id: 204eccdf-99ca-4f2a-a325-8ebe34fd29a1
-KnownVulnerableSamples:
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: bwrs.sys
-  MachineType: ''
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA256: 221dfbc74bbb255b0879360ccc71a74b756b2e0f16e9386b38a9ce9d4e2e34f9
-  Signature: []
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create bwrs.sys binPath=C:\windows\temp\bwrs.sys type=kernel &&
+        sc.exe start bwrs.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules
-Tags:
-- bwrs.sys
-Verified: 'FALSE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: bwrs.sys
+    MachineType: ''
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA256: 221dfbc74bbb255b0879360ccc71a74b756b2e0f16e9386b38a9ce9d4e2e34f9
+    Signature: []
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/205721b7-b83b-414a-b4b5-8bacb4a37777.yaml b/yaml/205721b7-b83b-414a-b4b5-8bacb4a37777.yaml
index c7ad245a7..b1df053ad 100644
--- a/yaml/205721b7-b83b-414a-b4b5-8bacb4a37777.yaml
+++ b/yaml/205721b7-b83b-414a-b4b5-8bacb4a37777.yaml
@@ -1,477 +1,479 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 205721b7-b83b-414a-b4b5-8bacb4a37777
+Tags:
+- elrawdsk.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create elrawdsk.sys binPath=C:\windows\temp\elrawdsk.sys type=kernel
-    && sc.exe start elrawdsk.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/4744df6ac02ff0a3f9ad0bf47b15854bbebb73c936dd02f7c79293a2828406f6.yara
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/5a826b4fa10891cf63aae832fc645ce680a483b915c608ca26cedbb173b1b80a.yara
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: 205721b7-b83b-414a-b4b5-8bacb4a37777
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 20f14b58e9548b6ea99b35006f631197
-    SHA1: 174bd2e0965b996cff4a26ac511e551788fbc894
-    SHA256: 98a55dc61046f4509d2465cbc373a9391c07125e5f4a242d2f475f14f32e5430
-  Company: EldoS Corporation
-  Copyright: 'Copyright (C) 2007-2011, EldoS Corporation '
-  CreationTimestamp: '2011-12-28 09:51:24'
-  Date: ''
-  Description: RawDisk Driver. Allows write access to files and raw disk sectors for
-    user mode applications in Windows 2000 and later.
-  ExportedFunctions: ''
-  FileVersion: 2, 1, 27, 106
-  Filename: elrawdsk.sys
-  ImportedFunctions:
-  - MmUnlockPages
-  - KeSetEvent
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - RtlPrefixUnicodeString
-  - FsRtlIsNtstatusExpected
-  - MmProbeAndLockPages
-  - ExRaiseStatus
-  - IoAllocateMdl
-  - MmMapLockedPagesSpecifyCache
-  - KeWaitForSingleObject
-  - IofCallDriver
-  - IoBuildDeviceIoControlRequest
-  - KeInitializeEvent
-  - ExAllocatePoolWithTag
-  - memcpy
-  - ZwClose
-  - ObfDereferenceObject
-  - ObQueryNameString
-  - ObReferenceObjectByHandle
-  - IoFileObjectType
-  - ZwOpenFile
-  - RtlAppendUnicodeStringToString
-  - KeUnstackDetachProcess
-  - MmSystemRangeStart
-  - KeStackAttachProcess
-  - ZwQueryInformationProcess
-  - ObOpenObjectByPointer
-  - PsLookupProcessByProcessId
-  - IoBuildAsynchronousFsdRequest
-  - IoBuildSynchronousFsdRequest
-  - IoFreeMdl
-  - PsGetCurrentProcessId
-  - KeQuerySystemTime
-  - RtlFreeAnsiString
-  - RtlUnicodeStringToAnsiString
-  - PsGetVersion
-  - MmGetSystemRoutineAddress
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - ObfReferenceObject
-  - IoGetAttachedDevice
-  - memset
-  - KeLeaveCriticalRegion
-  - ExReleaseFastMutexUnsafe
-  - IoGetRelatedDeviceObject
-  - ExAcquireFastMutexUnsafe
-  - KeEnterCriticalRegion
-  - KeGetCurrentThread
-  - ZwCreateFile
-  - IoAllocateIrp
-  - IoReuseIrp
-  - KeResetEvent
-  - CcPurgeCacheSection
-  - ExReleaseResourceLite
-  - ExAcquireResourceExclusiveLite
-  - CcFlushCache
-  - _allrem
-  - RtlCompareMemory
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - KeTickCount
-  - ExFreePoolWithTag
-  - IoFreeIrp
-  - RtlCompareUnicodeString
-  - IofCompleteRequest
-  - RtlUnwind
-  - KeBugCheckEx
-  - KeGetCurrentIrql
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: elrawdsk.sys
-  MD5: 1493d342e7a36553c56b2adea150949e
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: elrawdsk.sys
-  Product: RawDisk
-  ProductVersion: 2, 1, 27, 0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: d512dc1d3f0a51f472f64f6eb33ca3f5
-    SHA1: 483f250357611a1856163d84fa6ce1e4a9d1c8cf
-    SHA256: c5c2f6383bf7479ab69f7dd26d5c7167e512ca053bebf3dbdb670692f914aea2
-  SHA1: ce549714a11bd43b52be709581c6e144957136ec
-  SHA256: 4744df6ac02ff0a3f9ad0bf47b15854bbebb73c936dd02f7c79293a2828406f6
-  Sections:
-    .text:
-      Entropy: 6.064316199141177
-      Virtual Size: '0x55e'
-    .rdata:
-      Entropy: 4.05997020827267
-      Virtual Size: '0x364'
-    .data:
-      Entropy: 6.1533423871883475
-      Virtual Size: '0x254'
-    PAGE:
-      Entropy: 6.400618863867007
-      Virtual Size: '0x27cd'
-    INIT:
-      Entropy: 5.631401753063165
-      Virtual Size: '0x938'
-    .rsrc:
-      Entropy: 3.3620204666639477
-      Virtual Size: '0x4c0'
-    .reloc:
-      Entropy: 4.550590110458819
-      Virtual Size: '0x45a'
-  Signature:
-  - EldoS Corporation
-  - GlobalSign ObjectSign CA
-  - GlobalSign Primary Object Publishing CA
-  - GlobalSign Root CA - R1
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=VG, O=EldoS Corporation, CN=EldoS Corporation, emailAddress=info@eldos.com
-      ValidFrom: '2010-01-11 14:19:26'
-      ValidTo: '2013-01-11 14:19:23'
-      Signature: 02e496d4ad814ccf3a1e36f654112f8d27e3f3d9f1a76d22a2d90a15831a2721855c856b0d4b0da22f4e7a457089388ae61fbf0c016ded274f670b0f8a87ebc99dc124971ed3238238af3eaa8b408829e24fb20741c463d2bcff0695b323a7fb8653e02a3617823b33edbed0bae42aa0a3b986c97ef215d05658743164fd3b9758d3d6c52d06f644b15f9429be0d070fcc8390cc800d2a25fc0847389839edf162d11715a2d9d75e48553f76a06256a43e29635f8ef9a9051afb7b4fbf7b3ce6bb6318b37ce0339a84aec6d190ae791a1c91337cf31562728b9ca303e2d36e3cc6a0d1b9e4ae5f01b9b87ca4b6e739e8c47240513767ca0ffd538f7f657166b6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 010000000001261dec28f7
-      Version: 3
-      TBS:
-        MD5: ed6239e956d9b626e57a5167a2c220e2
-        SHA1: d055c8586761071ece10d426a3dd0efd03fc91bc
-        SHA256: 850084ee0da4f38de7dd7a11c10c1a7e51139cce79c9430f522565a28c0ed65d
-        SHA384: 8010768caf26e171b5481e07247cda624f5b992b6797ee2b8ad5bfcb616ef8e896580c5414473b223375f9557b6b9270
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
-        Primary Object Publishing CA
-      ValidFrom: '1999-01-28 13:00:00'
-      ValidTo: '2017-01-27 12:00:00'
-      Signature: b578a6a27c04b77fc97f7d6abc71fa293060c2f4621efe7f431e9b6ee2b21f730b85765b7df54e49062fd4fab79140efed6f8d8e138354c52a023d0aa4dc990b7abd772fcc40c18ff3c48c4e72ba107ce6ff642bc7ce6ca7fcd79a7c8e468d01834d423bdb9c3f9f326157d717b0b33666f0b3fd446f8137b1944ea7562589f58ad66d116262795c42900218d39c23fc08e86445b92d7e805b4eafc38a299283781f914134af85c5fd07994e2c5cfec7fd17bb2525314d72b5b5294b489a376f13c7114e4a451e7e2f319cabe852afd6679734885f0e276a6652d15ac7ac302c2038dd2bff3aebce104582a27b1ba12073569b2a93e60451066c1bdc2f899493
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 040000000001239e0facb3
-      Version: 3
-      TBS:
-        MD5: 5ccf05e4dec10d9d6fe15d8778325272
-        SHA1: 79f0a648bd7f1184f86bff43ae47c9ecc3ed3cec
-        SHA256: 33ea31b892ba274a4aefe545de45c42c218b6dff78146655cdea892545c2cccc
-        SHA384: 1350ebc11fd20f5f141bc545786506e6a154be054da7a6e603cb276a6d60a24f2a4016ecc2f5cabd1088e1905f60aabf
-    - Subject: OU=Timestamping CA, O=GlobalSign, CN=GlobalSign Timestamping CA
-      ValidFrom: '2009-03-18 11:00:00'
-      ValidTo: '2028-01-28 12:00:00'
-      Signature: 5df6cb2b0d0140849f857a43706ae0c5e7aa0600d76713c9089131654f14a8a905dc389e6aa0300abd8dc78028ee4245ca94f3de5845a9803204f5595c6a70003927944df5b44634e81c5331b2b35416e9cc42abd5d959301cfb462725b88723b1e8758824831ec876377b01494548a4ede25dd27c9ca2dc2dba105a126265abae00c710343bcb72bd14240cdcc37627b4a7fee15829f20e169f91391d89a6e60f1c878ce258ac927e243eaaec14e73a33348bc63bac83ab0f14627aba1a2d4d4b1bc530f00b92797d3c78e0f8e6d215965999392b3061e8b8f8c0a1e9221411787dc4dc89bec0bb94e172aeebb540404fef171e585ed0a88996ac9228e9babf
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012019c19066
-      Version: 3
-      TBS:
-        MD5: 42023b9487cafe46c1b6a49c369a362e
-        SHA1: 7c7b524d269334b9f073c32e888e09544c6acd98
-        SHA256: b7126567833f3daa4085ff41e73112daad3d1e3808a942c1936520e2d6c46c78
-        SHA384: 0ee4f63d6f157ec4f6990c3ebb411ccd76cb1e2123c7f692459e43f96c0da2dbf60a2bce6afeacc60621d3055028baea
-    - Subject: C=BE, O=GlobalSign NV, CN=GlobalSign Time Stamping Authority
-      ValidFrom: '2009-12-21 09:32:56'
-      ValidTo: '2020-12-22 09:32:56'
-      Signature: bc89ecfee63655935c79d4117a86808f17b693b26d9b91a1561811c655eaf608edad9b9ef52b81c8bbdd607b1b47991e6d403e1d80c213d58e04052fdbe7ae529e688472a1e54a603cf89bd52f46d8c3b2b79353ac9b6c432424d1f1fce9562e3411581843eaefff34746ca0c06c7fad031969881e9560cabbbd0cbb76efc724b081c63831cf36ad0c38b89020849b2e8f28b99ff6ca9427cdac396157e0e3955a9c769230f5dea6973d721c2a6032a8334d8635338a5cf3a4fdf7062ce16b4b30f5cbd34362f841b9de7d20cb058c8e2cf65f35fd338d42896508362ca389f45a858bb0b97bdb6ccba1f8d20e1bbb977cd12779be9d7c3be6a75634d8c991a9
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 01000000000125b0b4cc01
-      Version: 3
-      TBS:
-        MD5: e3369c8e5aec0504b3a50455f615d9f9
-        SHA1: 13c244a894b40ecd18aaf97c362f20385bd005a7
-        SHA256: 26da721a670c72836926032fee6920118bfb9bff89cc8d0ce30d9452c33f2532
-        SHA384: 1524902f0e25addc6d74039d439366d2b06199e215004fd8e145369f50ea94a021ce6312e8a62b35470da0309ccb975c
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      ValidFrom: '2004-01-22 10:00:00'
-      ValidTo: '2017-01-27 10:00:00'
-      Signature: 1e6af36df48ea922fe7008652ea15dab3330dd6c78fa4beaadc58dec107a6ac55897396b92f391e20ca7281cd15d768e8b077c136fadc43643b3c1bc3159cf1838d8a33bceffca6758bfe0f1ac613ea23b1ebc025b41ac446bf526f3ed5ea865f6ca65a63fcaf577eba5862a582956f8be161040e9d2fc572c636137662539202e0703a036032594bd7ceb7ed3a3c2c57616753092b9ff7641352168d10e5e5c8ec30360e68040fcc05da2546e6e9267a7811287a2a32bdbb74dffe4d5c7e505e6d5f1aefccd661821f33e47c9e59542612c9d2680b20fa83d0ec9a778df6e748c2c46f672e93c646b2855c44b6433cb78541338f0d57106d43e0d0a350ee0b3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 040000000001239e0faf24
-      Version: 3
-      TBS:
-        MD5: 7dd2351a85d3665eeb6720a21f4f7dee
-        SHA1: 77838c4d7f36958a581841d28f481d61ce0696ed
-        SHA256: 846725f4b0193468c1079d6127e9e6e420fc6ed66019ed02d732ba644decad57
-        SHA384: aaa45fe704bc66bb1842a2123c6e45e016dfbc7ba2ce07d7d2ee0b5d488a39c68bc6db582cb45d51f5fa52e60be8efd6
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 010000000001261dec28f7
-      Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      Version: 1
-  Imphash: c94e5ad0f33374535392364a5a193253
-  LoadsDespiteHVCI: 'TRUE'
-- Authentihash:
-    MD5: c1afcba807a13aa25a0b363a22c760d6
-    SHA1: 8422fb53e48b27a42cc7595ca7c7ae0597168db6
-    SHA256: 29a2ae6439381ea2aa3116df7025cbb5c6c7c07cc8d19508e6021e4d6177a565
-  Company: EldoS Corporation
-  Copyright: 'Copyright (C) 2007-2011, EldoS Corporation '
-  CreationTimestamp: '2011-12-28 09:51:29'
-  Date: ''
-  Description: RawDisk Driver. Allows write access to files and raw disk sectors for
-    user mode applications in Windows 2000 and later.
-  ExportedFunctions: ''
-  FileVersion: 2, 1, 27, 106
-  Filename: elrawdsk.sys
-  ImportedFunctions:
-  - MmSystemRangeStart
-  - ExAllocatePoolWithTag
-  - ExRaiseStatus
-  - IoBuildDeviceIoControlRequest
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - PsLookupProcessByProcessId
-  - IoBuildSynchronousFsdRequest
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeSetEvent
-  - MmGetSystemRoutineAddress
-  - KeInitializeEvent
-  - RtlUnicodeStringToAnsiString
-  - IoFreeMdl
-  - KeUnstackDetachProcess
-  - MmMapLockedPagesSpecifyCache
-  - IoBuildAsynchronousFsdRequest
-  - RtlPrefixUnicodeString
-  - ZwClose
-  - IofCompleteRequest
-  - ObReferenceObjectByHandle
-  - KeWaitForSingleObject
-  - IoFreeIrp
-  - RtlFreeAnsiString
-  - MmProbeAndLockPages
-  - PsGetVersion
-  - RtlCompareUnicodeString
-  - MmUnlockPages
-  - ZwQueryInformationProcess
-  - IoCreateSymbolicLink
-  - PsGetCurrentProcessId
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - ZwOpenFile
-  - FsRtlIsNtstatusExpected
-  - ObOpenObjectByPointer
-  - KeStackAttachProcess
-  - IoAllocateMdl
-  - IofCallDriver
-  - ExReleaseFastMutexUnsafe
-  - KeLeaveCriticalRegion
-  - IoGetAttachedDevice
-  - IoGetRelatedDeviceObject
-  - KeEnterCriticalRegion
-  - ExAcquireFastMutexUnsafe
-  - ObfReferenceObject
-  - ExAcquireResourceExclusiveLite
-  - IoReuseIrp
-  - KeResetEvent
-  - CcPurgeCacheSection
-  - CcFlushCache
-  - ZwCreateFile
-  - ExReleaseResourceLite
-  - IoAllocateIrp
-  - RtlCompareMemory
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - KeBugCheckEx
-  - __C_specific_handler
-  Imports:
-  - ntoskrnl.exe
-  InternalName: elrawdsk.sys
-  MD5: 76c643ab29d497317085e5db8c799960
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: elrawdsk.sys
-  Product: RawDisk
-  ProductVersion: 2, 1, 27, 0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: ebf1a803ddcd9f517aa01e0c06df63b4
-    SHA1: 69a75f765ad4245b1edca52d1fc2409072e8bcc5
-    SHA256: 77dfeecadaa96ff3f6eb22dae7e7d9696299764558668588bdd49ad93e2701ed
-  SHA1: 1292c7dd60214d96a71e7705e519006b9de7968f
-  SHA256: 5a826b4fa10891cf63aae832fc645ce680a483b915c608ca26cedbb173b1b80a
-  Sections:
-    .text:
-      Entropy: 5.988867629662927
-      Virtual Size: '0x837'
-    .rdata:
-      Entropy: 4.457231257472823
-      Virtual Size: '0x5c8'
-    .data:
-      Entropy: 4.811500896924898
-      Virtual Size: '0x360'
-    .pdata:
-      Entropy: 4.0091827632792
-      Virtual Size: '0x180'
-    PAGE:
-      Entropy: 6.215625995230105
-      Virtual Size: '0x2e87'
-    INIT:
-      Entropy: 5.372005883277131
-      Virtual Size: '0x9cc'
-    .rsrc:
-      Entropy: 3.363665203506053
-      Virtual Size: '0x4c0'
-    .reloc:
-      Entropy: 1.1876798536707462
-      Virtual Size: '0x24'
-  Signature:
-  - EldoS Corporation
-  - GlobalSign ObjectSign CA
-  - GlobalSign Primary Object Publishing CA
-  - GlobalSign Root CA - R1
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=VG, O=EldoS Corporation, CN=EldoS Corporation, emailAddress=info@eldos.com
-      ValidFrom: '2010-01-11 14:19:26'
-      ValidTo: '2013-01-11 14:19:23'
-      Signature: 02e496d4ad814ccf3a1e36f654112f8d27e3f3d9f1a76d22a2d90a15831a2721855c856b0d4b0da22f4e7a457089388ae61fbf0c016ded274f670b0f8a87ebc99dc124971ed3238238af3eaa8b408829e24fb20741c463d2bcff0695b323a7fb8653e02a3617823b33edbed0bae42aa0a3b986c97ef215d05658743164fd3b9758d3d6c52d06f644b15f9429be0d070fcc8390cc800d2a25fc0847389839edf162d11715a2d9d75e48553f76a06256a43e29635f8ef9a9051afb7b4fbf7b3ce6bb6318b37ce0339a84aec6d190ae791a1c91337cf31562728b9ca303e2d36e3cc6a0d1b9e4ae5f01b9b87ca4b6e739e8c47240513767ca0ffd538f7f657166b6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 010000000001261dec28f7
-      Version: 3
-      TBS:
-        MD5: ed6239e956d9b626e57a5167a2c220e2
-        SHA1: d055c8586761071ece10d426a3dd0efd03fc91bc
-        SHA256: 850084ee0da4f38de7dd7a11c10c1a7e51139cce79c9430f522565a28c0ed65d
-        SHA384: 8010768caf26e171b5481e07247cda624f5b992b6797ee2b8ad5bfcb616ef8e896580c5414473b223375f9557b6b9270
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
-        Primary Object Publishing CA
-      ValidFrom: '1999-01-28 13:00:00'
-      ValidTo: '2017-01-27 12:00:00'
-      Signature: b578a6a27c04b77fc97f7d6abc71fa293060c2f4621efe7f431e9b6ee2b21f730b85765b7df54e49062fd4fab79140efed6f8d8e138354c52a023d0aa4dc990b7abd772fcc40c18ff3c48c4e72ba107ce6ff642bc7ce6ca7fcd79a7c8e468d01834d423bdb9c3f9f326157d717b0b33666f0b3fd446f8137b1944ea7562589f58ad66d116262795c42900218d39c23fc08e86445b92d7e805b4eafc38a299283781f914134af85c5fd07994e2c5cfec7fd17bb2525314d72b5b5294b489a376f13c7114e4a451e7e2f319cabe852afd6679734885f0e276a6652d15ac7ac302c2038dd2bff3aebce104582a27b1ba12073569b2a93e60451066c1bdc2f899493
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 040000000001239e0facb3
-      Version: 3
-      TBS:
-        MD5: 5ccf05e4dec10d9d6fe15d8778325272
-        SHA1: 79f0a648bd7f1184f86bff43ae47c9ecc3ed3cec
-        SHA256: 33ea31b892ba274a4aefe545de45c42c218b6dff78146655cdea892545c2cccc
-        SHA384: 1350ebc11fd20f5f141bc545786506e6a154be054da7a6e603cb276a6d60a24f2a4016ecc2f5cabd1088e1905f60aabf
-    - Subject: OU=Timestamping CA, O=GlobalSign, CN=GlobalSign Timestamping CA
-      ValidFrom: '2009-03-18 11:00:00'
-      ValidTo: '2028-01-28 12:00:00'
-      Signature: 5df6cb2b0d0140849f857a43706ae0c5e7aa0600d76713c9089131654f14a8a905dc389e6aa0300abd8dc78028ee4245ca94f3de5845a9803204f5595c6a70003927944df5b44634e81c5331b2b35416e9cc42abd5d959301cfb462725b88723b1e8758824831ec876377b01494548a4ede25dd27c9ca2dc2dba105a126265abae00c710343bcb72bd14240cdcc37627b4a7fee15829f20e169f91391d89a6e60f1c878ce258ac927e243eaaec14e73a33348bc63bac83ab0f14627aba1a2d4d4b1bc530f00b92797d3c78e0f8e6d215965999392b3061e8b8f8c0a1e9221411787dc4dc89bec0bb94e172aeebb540404fef171e585ed0a88996ac9228e9babf
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012019c19066
-      Version: 3
-      TBS:
-        MD5: 42023b9487cafe46c1b6a49c369a362e
-        SHA1: 7c7b524d269334b9f073c32e888e09544c6acd98
-        SHA256: b7126567833f3daa4085ff41e73112daad3d1e3808a942c1936520e2d6c46c78
-        SHA384: 0ee4f63d6f157ec4f6990c3ebb411ccd76cb1e2123c7f692459e43f96c0da2dbf60a2bce6afeacc60621d3055028baea
-    - Subject: C=BE, O=GlobalSign NV, CN=GlobalSign Time Stamping Authority
-      ValidFrom: '2009-12-21 09:32:56'
-      ValidTo: '2020-12-22 09:32:56'
-      Signature: bc89ecfee63655935c79d4117a86808f17b693b26d9b91a1561811c655eaf608edad9b9ef52b81c8bbdd607b1b47991e6d403e1d80c213d58e04052fdbe7ae529e688472a1e54a603cf89bd52f46d8c3b2b79353ac9b6c432424d1f1fce9562e3411581843eaefff34746ca0c06c7fad031969881e9560cabbbd0cbb76efc724b081c63831cf36ad0c38b89020849b2e8f28b99ff6ca9427cdac396157e0e3955a9c769230f5dea6973d721c2a6032a8334d8635338a5cf3a4fdf7062ce16b4b30f5cbd34362f841b9de7d20cb058c8e2cf65f35fd338d42896508362ca389f45a858bb0b97bdb6ccba1f8d20e1bbb977cd12779be9d7c3be6a75634d8c991a9
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 01000000000125b0b4cc01
-      Version: 3
-      TBS:
-        MD5: e3369c8e5aec0504b3a50455f615d9f9
-        SHA1: 13c244a894b40ecd18aaf97c362f20385bd005a7
-        SHA256: 26da721a670c72836926032fee6920118bfb9bff89cc8d0ce30d9452c33f2532
-        SHA384: 1524902f0e25addc6d74039d439366d2b06199e215004fd8e145369f50ea94a021ce6312e8a62b35470da0309ccb975c
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      ValidFrom: '2004-01-22 10:00:00'
-      ValidTo: '2017-01-27 10:00:00'
-      Signature: 1e6af36df48ea922fe7008652ea15dab3330dd6c78fa4beaadc58dec107a6ac55897396b92f391e20ca7281cd15d768e8b077c136fadc43643b3c1bc3159cf1838d8a33bceffca6758bfe0f1ac613ea23b1ebc025b41ac446bf526f3ed5ea865f6ca65a63fcaf577eba5862a582956f8be161040e9d2fc572c636137662539202e0703a036032594bd7ceb7ed3a3c2c57616753092b9ff7641352168d10e5e5c8ec30360e68040fcc05da2546e6e9267a7811287a2a32bdbb74dffe4d5c7e505e6d5f1aefccd661821f33e47c9e59542612c9d2680b20fa83d0ec9a778df6e748c2c46f672e93c646b2855c44b6433cb78541338f0d57106d43e0d0a350ee0b3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 040000000001239e0faf24
-      Version: 3
-      TBS:
-        MD5: 7dd2351a85d3665eeb6720a21f4f7dee
-        SHA1: 77838c4d7f36958a581841d28f481d61ce0696ed
-        SHA256: 846725f4b0193468c1079d6127e9e6e420fc6ed66019ed02d732ba644decad57
-        SHA384: aaa45fe704bc66bb1842a2123c6e45e016dfbc7ba2ce07d7d2ee0b5d488a39c68bc6db582cb45d51f5fa52e60be8efd6
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 010000000001261dec28f7
-      Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      Version: 1
-  Imphash: 0cba56fa162378bc4ee09e94a4e2fe33
-  LoadsDespiteHVCI: 'TRUE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create elrawdsk.sys binPath=C:\windows\temp\elrawdsk.sys type=kernel
+        && sc.exe start elrawdsk.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://github.com/jbaines-r7/dellicious
 - https://www.rapid7.com/blog/post/2021/12/13/driver-based-attacks-past-and-present/
 - https://securelist.com/shamoon-the-wiper-further-details-part-ii/57784/
 - https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Shamoon.yar
-Tags:
-- elrawdsk.sys
-Verified: 'TRUE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/4744df6ac02ff0a3f9ad0bf47b15854bbebb73c936dd02f7c79293a2828406f6.yara
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/5a826b4fa10891cf63aae832fc645ce680a483b915c608ca26cedbb173b1b80a.yara
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 20f14b58e9548b6ea99b35006f631197
+        SHA1: 174bd2e0965b996cff4a26ac511e551788fbc894
+        SHA256: 98a55dc61046f4509d2465cbc373a9391c07125e5f4a242d2f475f14f32e5430
+    Company: EldoS Corporation
+    Copyright: 'Copyright (C) 2007-2011, EldoS Corporation '
+    CreationTimestamp: '2011-12-28 09:51:24'
+    Date: ''
+    Description: RawDisk Driver. Allows write access to files and raw disk sectors
+        for user mode applications in Windows 2000 and later.
+    ExportedFunctions: ''
+    FileVersion: 2, 1, 27, 106
+    Filename: elrawdsk.sys
+    ImportedFunctions:
+    - MmUnlockPages
+    - KeSetEvent
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - RtlPrefixUnicodeString
+    - FsRtlIsNtstatusExpected
+    - MmProbeAndLockPages
+    - ExRaiseStatus
+    - IoAllocateMdl
+    - MmMapLockedPagesSpecifyCache
+    - KeWaitForSingleObject
+    - IofCallDriver
+    - IoBuildDeviceIoControlRequest
+    - KeInitializeEvent
+    - ExAllocatePoolWithTag
+    - memcpy
+    - ZwClose
+    - ObfDereferenceObject
+    - ObQueryNameString
+    - ObReferenceObjectByHandle
+    - IoFileObjectType
+    - ZwOpenFile
+    - RtlAppendUnicodeStringToString
+    - KeUnstackDetachProcess
+    - MmSystemRangeStart
+    - KeStackAttachProcess
+    - ZwQueryInformationProcess
+    - ObOpenObjectByPointer
+    - PsLookupProcessByProcessId
+    - IoBuildAsynchronousFsdRequest
+    - IoBuildSynchronousFsdRequest
+    - IoFreeMdl
+    - PsGetCurrentProcessId
+    - KeQuerySystemTime
+    - RtlFreeAnsiString
+    - RtlUnicodeStringToAnsiString
+    - PsGetVersion
+    - MmGetSystemRoutineAddress
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - ObfReferenceObject
+    - IoGetAttachedDevice
+    - memset
+    - KeLeaveCriticalRegion
+    - ExReleaseFastMutexUnsafe
+    - IoGetRelatedDeviceObject
+    - ExAcquireFastMutexUnsafe
+    - KeEnterCriticalRegion
+    - KeGetCurrentThread
+    - ZwCreateFile
+    - IoAllocateIrp
+    - IoReuseIrp
+    - KeResetEvent
+    - CcPurgeCacheSection
+    - ExReleaseResourceLite
+    - ExAcquireResourceExclusiveLite
+    - CcFlushCache
+    - _allrem
+    - RtlCompareMemory
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - KeTickCount
+    - ExFreePoolWithTag
+    - IoFreeIrp
+    - RtlCompareUnicodeString
+    - IofCompleteRequest
+    - RtlUnwind
+    - KeBugCheckEx
+    - KeGetCurrentIrql
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: elrawdsk.sys
+    MD5: 1493d342e7a36553c56b2adea150949e
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: elrawdsk.sys
+    Product: RawDisk
+    ProductVersion: 2, 1, 27, 0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: d512dc1d3f0a51f472f64f6eb33ca3f5
+        SHA1: 483f250357611a1856163d84fa6ce1e4a9d1c8cf
+        SHA256: c5c2f6383bf7479ab69f7dd26d5c7167e512ca053bebf3dbdb670692f914aea2
+    SHA1: ce549714a11bd43b52be709581c6e144957136ec
+    SHA256: 4744df6ac02ff0a3f9ad0bf47b15854bbebb73c936dd02f7c79293a2828406f6
+    Sections:
+        .text:
+            Entropy: 6.064316199141177
+            Virtual Size: '0x55e'
+        .rdata:
+            Entropy: 4.05997020827267
+            Virtual Size: '0x364'
+        .data:
+            Entropy: 6.1533423871883475
+            Virtual Size: '0x254'
+        PAGE:
+            Entropy: 6.400618863867007
+            Virtual Size: '0x27cd'
+        INIT:
+            Entropy: 5.631401753063165
+            Virtual Size: '0x938'
+        .rsrc:
+            Entropy: 3.3620204666639477
+            Virtual Size: '0x4c0'
+        .reloc:
+            Entropy: 4.550590110458819
+            Virtual Size: '0x45a'
+    Signature:
+    - EldoS Corporation
+    - GlobalSign ObjectSign CA
+    - GlobalSign Primary Object Publishing CA
+    - GlobalSign Root CA - R1
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=VG, O=EldoS Corporation, CN=EldoS Corporation, emailAddress=info@eldos.com
+            ValidFrom: '2010-01-11 14:19:26'
+            ValidTo: '2013-01-11 14:19:23'
+            Signature: 02e496d4ad814ccf3a1e36f654112f8d27e3f3d9f1a76d22a2d90a15831a2721855c856b0d4b0da22f4e7a457089388ae61fbf0c016ded274f670b0f8a87ebc99dc124971ed3238238af3eaa8b408829e24fb20741c463d2bcff0695b323a7fb8653e02a3617823b33edbed0bae42aa0a3b986c97ef215d05658743164fd3b9758d3d6c52d06f644b15f9429be0d070fcc8390cc800d2a25fc0847389839edf162d11715a2d9d75e48553f76a06256a43e29635f8ef9a9051afb7b4fbf7b3ce6bb6318b37ce0339a84aec6d190ae791a1c91337cf31562728b9ca303e2d36e3cc6a0d1b9e4ae5f01b9b87ca4b6e739e8c47240513767ca0ffd538f7f657166b6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 010000000001261dec28f7
+            Version: 3
+            TBS:
+                MD5: ed6239e956d9b626e57a5167a2c220e2
+                SHA1: d055c8586761071ece10d426a3dd0efd03fc91bc
+                SHA256: 850084ee0da4f38de7dd7a11c10c1a7e51139cce79c9430f522565a28c0ed65d
+                SHA384: 8010768caf26e171b5481e07247cda624f5b992b6797ee2b8ad5bfcb616ef8e896580c5414473b223375f9557b6b9270
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
+                Primary Object Publishing CA
+            ValidFrom: '1999-01-28 13:00:00'
+            ValidTo: '2017-01-27 12:00:00'
+            Signature: b578a6a27c04b77fc97f7d6abc71fa293060c2f4621efe7f431e9b6ee2b21f730b85765b7df54e49062fd4fab79140efed6f8d8e138354c52a023d0aa4dc990b7abd772fcc40c18ff3c48c4e72ba107ce6ff642bc7ce6ca7fcd79a7c8e468d01834d423bdb9c3f9f326157d717b0b33666f0b3fd446f8137b1944ea7562589f58ad66d116262795c42900218d39c23fc08e86445b92d7e805b4eafc38a299283781f914134af85c5fd07994e2c5cfec7fd17bb2525314d72b5b5294b489a376f13c7114e4a451e7e2f319cabe852afd6679734885f0e276a6652d15ac7ac302c2038dd2bff3aebce104582a27b1ba12073569b2a93e60451066c1bdc2f899493
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 040000000001239e0facb3
+            Version: 3
+            TBS:
+                MD5: 5ccf05e4dec10d9d6fe15d8778325272
+                SHA1: 79f0a648bd7f1184f86bff43ae47c9ecc3ed3cec
+                SHA256: 33ea31b892ba274a4aefe545de45c42c218b6dff78146655cdea892545c2cccc
+                SHA384: 1350ebc11fd20f5f141bc545786506e6a154be054da7a6e603cb276a6d60a24f2a4016ecc2f5cabd1088e1905f60aabf
+        -   Subject: OU=Timestamping CA, O=GlobalSign, CN=GlobalSign Timestamping
+                CA
+            ValidFrom: '2009-03-18 11:00:00'
+            ValidTo: '2028-01-28 12:00:00'
+            Signature: 5df6cb2b0d0140849f857a43706ae0c5e7aa0600d76713c9089131654f14a8a905dc389e6aa0300abd8dc78028ee4245ca94f3de5845a9803204f5595c6a70003927944df5b44634e81c5331b2b35416e9cc42abd5d959301cfb462725b88723b1e8758824831ec876377b01494548a4ede25dd27c9ca2dc2dba105a126265abae00c710343bcb72bd14240cdcc37627b4a7fee15829f20e169f91391d89a6e60f1c878ce258ac927e243eaaec14e73a33348bc63bac83ab0f14627aba1a2d4d4b1bc530f00b92797d3c78e0f8e6d215965999392b3061e8b8f8c0a1e9221411787dc4dc89bec0bb94e172aeebb540404fef171e585ed0a88996ac9228e9babf
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012019c19066
+            Version: 3
+            TBS:
+                MD5: 42023b9487cafe46c1b6a49c369a362e
+                SHA1: 7c7b524d269334b9f073c32e888e09544c6acd98
+                SHA256: b7126567833f3daa4085ff41e73112daad3d1e3808a942c1936520e2d6c46c78
+                SHA384: 0ee4f63d6f157ec4f6990c3ebb411ccd76cb1e2123c7f692459e43f96c0da2dbf60a2bce6afeacc60621d3055028baea
+        -   Subject: C=BE, O=GlobalSign NV, CN=GlobalSign Time Stamping Authority
+            ValidFrom: '2009-12-21 09:32:56'
+            ValidTo: '2020-12-22 09:32:56'
+            Signature: bc89ecfee63655935c79d4117a86808f17b693b26d9b91a1561811c655eaf608edad9b9ef52b81c8bbdd607b1b47991e6d403e1d80c213d58e04052fdbe7ae529e688472a1e54a603cf89bd52f46d8c3b2b79353ac9b6c432424d1f1fce9562e3411581843eaefff34746ca0c06c7fad031969881e9560cabbbd0cbb76efc724b081c63831cf36ad0c38b89020849b2e8f28b99ff6ca9427cdac396157e0e3955a9c769230f5dea6973d721c2a6032a8334d8635338a5cf3a4fdf7062ce16b4b30f5cbd34362f841b9de7d20cb058c8e2cf65f35fd338d42896508362ca389f45a858bb0b97bdb6ccba1f8d20e1bbb977cd12779be9d7c3be6a75634d8c991a9
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 01000000000125b0b4cc01
+            Version: 3
+            TBS:
+                MD5: e3369c8e5aec0504b3a50455f615d9f9
+                SHA1: 13c244a894b40ecd18aaf97c362f20385bd005a7
+                SHA256: 26da721a670c72836926032fee6920118bfb9bff89cc8d0ce30d9452c33f2532
+                SHA384: 1524902f0e25addc6d74039d439366d2b06199e215004fd8e145369f50ea94a021ce6312e8a62b35470da0309ccb975c
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            ValidFrom: '2004-01-22 10:00:00'
+            ValidTo: '2017-01-27 10:00:00'
+            Signature: 1e6af36df48ea922fe7008652ea15dab3330dd6c78fa4beaadc58dec107a6ac55897396b92f391e20ca7281cd15d768e8b077c136fadc43643b3c1bc3159cf1838d8a33bceffca6758bfe0f1ac613ea23b1ebc025b41ac446bf526f3ed5ea865f6ca65a63fcaf577eba5862a582956f8be161040e9d2fc572c636137662539202e0703a036032594bd7ceb7ed3a3c2c57616753092b9ff7641352168d10e5e5c8ec30360e68040fcc05da2546e6e9267a7811287a2a32bdbb74dffe4d5c7e505e6d5f1aefccd661821f33e47c9e59542612c9d2680b20fa83d0ec9a778df6e748c2c46f672e93c646b2855c44b6433cb78541338f0d57106d43e0d0a350ee0b3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 040000000001239e0faf24
+            Version: 3
+            TBS:
+                MD5: 7dd2351a85d3665eeb6720a21f4f7dee
+                SHA1: 77838c4d7f36958a581841d28f481d61ce0696ed
+                SHA256: 846725f4b0193468c1079d6127e9e6e420fc6ed66019ed02d732ba644decad57
+                SHA384: aaa45fe704bc66bb1842a2123c6e45e016dfbc7ba2ce07d7d2ee0b5d488a39c68bc6db582cb45d51f5fa52e60be8efd6
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 010000000001261dec28f7
+            Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            Version: 1
+    Imphash: c94e5ad0f33374535392364a5a193253
+    LoadsDespiteHVCI: 'TRUE'
+-   Authentihash:
+        MD5: c1afcba807a13aa25a0b363a22c760d6
+        SHA1: 8422fb53e48b27a42cc7595ca7c7ae0597168db6
+        SHA256: 29a2ae6439381ea2aa3116df7025cbb5c6c7c07cc8d19508e6021e4d6177a565
+    Company: EldoS Corporation
+    Copyright: 'Copyright (C) 2007-2011, EldoS Corporation '
+    CreationTimestamp: '2011-12-28 09:51:29'
+    Date: ''
+    Description: RawDisk Driver. Allows write access to files and raw disk sectors
+        for user mode applications in Windows 2000 and later.
+    ExportedFunctions: ''
+    FileVersion: 2, 1, 27, 106
+    Filename: elrawdsk.sys
+    ImportedFunctions:
+    - MmSystemRangeStart
+    - ExAllocatePoolWithTag
+    - ExRaiseStatus
+    - IoBuildDeviceIoControlRequest
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - PsLookupProcessByProcessId
+    - IoBuildSynchronousFsdRequest
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeSetEvent
+    - MmGetSystemRoutineAddress
+    - KeInitializeEvent
+    - RtlUnicodeStringToAnsiString
+    - IoFreeMdl
+    - KeUnstackDetachProcess
+    - MmMapLockedPagesSpecifyCache
+    - IoBuildAsynchronousFsdRequest
+    - RtlPrefixUnicodeString
+    - ZwClose
+    - IofCompleteRequest
+    - ObReferenceObjectByHandle
+    - KeWaitForSingleObject
+    - IoFreeIrp
+    - RtlFreeAnsiString
+    - MmProbeAndLockPages
+    - PsGetVersion
+    - RtlCompareUnicodeString
+    - MmUnlockPages
+    - ZwQueryInformationProcess
+    - IoCreateSymbolicLink
+    - PsGetCurrentProcessId
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - ZwOpenFile
+    - FsRtlIsNtstatusExpected
+    - ObOpenObjectByPointer
+    - KeStackAttachProcess
+    - IoAllocateMdl
+    - IofCallDriver
+    - ExReleaseFastMutexUnsafe
+    - KeLeaveCriticalRegion
+    - IoGetAttachedDevice
+    - IoGetRelatedDeviceObject
+    - KeEnterCriticalRegion
+    - ExAcquireFastMutexUnsafe
+    - ObfReferenceObject
+    - ExAcquireResourceExclusiveLite
+    - IoReuseIrp
+    - KeResetEvent
+    - CcPurgeCacheSection
+    - CcFlushCache
+    - ZwCreateFile
+    - ExReleaseResourceLite
+    - IoAllocateIrp
+    - RtlCompareMemory
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - KeBugCheckEx
+    - __C_specific_handler
+    Imports:
+    - ntoskrnl.exe
+    InternalName: elrawdsk.sys
+    MD5: 76c643ab29d497317085e5db8c799960
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: elrawdsk.sys
+    Product: RawDisk
+    ProductVersion: 2, 1, 27, 0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: ebf1a803ddcd9f517aa01e0c06df63b4
+        SHA1: 69a75f765ad4245b1edca52d1fc2409072e8bcc5
+        SHA256: 77dfeecadaa96ff3f6eb22dae7e7d9696299764558668588bdd49ad93e2701ed
+    SHA1: 1292c7dd60214d96a71e7705e519006b9de7968f
+    SHA256: 5a826b4fa10891cf63aae832fc645ce680a483b915c608ca26cedbb173b1b80a
+    Sections:
+        .text:
+            Entropy: 5.988867629662927
+            Virtual Size: '0x837'
+        .rdata:
+            Entropy: 4.457231257472823
+            Virtual Size: '0x5c8'
+        .data:
+            Entropy: 4.811500896924898
+            Virtual Size: '0x360'
+        .pdata:
+            Entropy: 4.0091827632792
+            Virtual Size: '0x180'
+        PAGE:
+            Entropy: 6.215625995230105
+            Virtual Size: '0x2e87'
+        INIT:
+            Entropy: 5.372005883277131
+            Virtual Size: '0x9cc'
+        .rsrc:
+            Entropy: 3.363665203506053
+            Virtual Size: '0x4c0'
+        .reloc:
+            Entropy: 1.1876798536707462
+            Virtual Size: '0x24'
+    Signature:
+    - EldoS Corporation
+    - GlobalSign ObjectSign CA
+    - GlobalSign Primary Object Publishing CA
+    - GlobalSign Root CA - R1
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=VG, O=EldoS Corporation, CN=EldoS Corporation, emailAddress=info@eldos.com
+            ValidFrom: '2010-01-11 14:19:26'
+            ValidTo: '2013-01-11 14:19:23'
+            Signature: 02e496d4ad814ccf3a1e36f654112f8d27e3f3d9f1a76d22a2d90a15831a2721855c856b0d4b0da22f4e7a457089388ae61fbf0c016ded274f670b0f8a87ebc99dc124971ed3238238af3eaa8b408829e24fb20741c463d2bcff0695b323a7fb8653e02a3617823b33edbed0bae42aa0a3b986c97ef215d05658743164fd3b9758d3d6c52d06f644b15f9429be0d070fcc8390cc800d2a25fc0847389839edf162d11715a2d9d75e48553f76a06256a43e29635f8ef9a9051afb7b4fbf7b3ce6bb6318b37ce0339a84aec6d190ae791a1c91337cf31562728b9ca303e2d36e3cc6a0d1b9e4ae5f01b9b87ca4b6e739e8c47240513767ca0ffd538f7f657166b6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 010000000001261dec28f7
+            Version: 3
+            TBS:
+                MD5: ed6239e956d9b626e57a5167a2c220e2
+                SHA1: d055c8586761071ece10d426a3dd0efd03fc91bc
+                SHA256: 850084ee0da4f38de7dd7a11c10c1a7e51139cce79c9430f522565a28c0ed65d
+                SHA384: 8010768caf26e171b5481e07247cda624f5b992b6797ee2b8ad5bfcb616ef8e896580c5414473b223375f9557b6b9270
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
+                Primary Object Publishing CA
+            ValidFrom: '1999-01-28 13:00:00'
+            ValidTo: '2017-01-27 12:00:00'
+            Signature: b578a6a27c04b77fc97f7d6abc71fa293060c2f4621efe7f431e9b6ee2b21f730b85765b7df54e49062fd4fab79140efed6f8d8e138354c52a023d0aa4dc990b7abd772fcc40c18ff3c48c4e72ba107ce6ff642bc7ce6ca7fcd79a7c8e468d01834d423bdb9c3f9f326157d717b0b33666f0b3fd446f8137b1944ea7562589f58ad66d116262795c42900218d39c23fc08e86445b92d7e805b4eafc38a299283781f914134af85c5fd07994e2c5cfec7fd17bb2525314d72b5b5294b489a376f13c7114e4a451e7e2f319cabe852afd6679734885f0e276a6652d15ac7ac302c2038dd2bff3aebce104582a27b1ba12073569b2a93e60451066c1bdc2f899493
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 040000000001239e0facb3
+            Version: 3
+            TBS:
+                MD5: 5ccf05e4dec10d9d6fe15d8778325272
+                SHA1: 79f0a648bd7f1184f86bff43ae47c9ecc3ed3cec
+                SHA256: 33ea31b892ba274a4aefe545de45c42c218b6dff78146655cdea892545c2cccc
+                SHA384: 1350ebc11fd20f5f141bc545786506e6a154be054da7a6e603cb276a6d60a24f2a4016ecc2f5cabd1088e1905f60aabf
+        -   Subject: OU=Timestamping CA, O=GlobalSign, CN=GlobalSign Timestamping
+                CA
+            ValidFrom: '2009-03-18 11:00:00'
+            ValidTo: '2028-01-28 12:00:00'
+            Signature: 5df6cb2b0d0140849f857a43706ae0c5e7aa0600d76713c9089131654f14a8a905dc389e6aa0300abd8dc78028ee4245ca94f3de5845a9803204f5595c6a70003927944df5b44634e81c5331b2b35416e9cc42abd5d959301cfb462725b88723b1e8758824831ec876377b01494548a4ede25dd27c9ca2dc2dba105a126265abae00c710343bcb72bd14240cdcc37627b4a7fee15829f20e169f91391d89a6e60f1c878ce258ac927e243eaaec14e73a33348bc63bac83ab0f14627aba1a2d4d4b1bc530f00b92797d3c78e0f8e6d215965999392b3061e8b8f8c0a1e9221411787dc4dc89bec0bb94e172aeebb540404fef171e585ed0a88996ac9228e9babf
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012019c19066
+            Version: 3
+            TBS:
+                MD5: 42023b9487cafe46c1b6a49c369a362e
+                SHA1: 7c7b524d269334b9f073c32e888e09544c6acd98
+                SHA256: b7126567833f3daa4085ff41e73112daad3d1e3808a942c1936520e2d6c46c78
+                SHA384: 0ee4f63d6f157ec4f6990c3ebb411ccd76cb1e2123c7f692459e43f96c0da2dbf60a2bce6afeacc60621d3055028baea
+        -   Subject: C=BE, O=GlobalSign NV, CN=GlobalSign Time Stamping Authority
+            ValidFrom: '2009-12-21 09:32:56'
+            ValidTo: '2020-12-22 09:32:56'
+            Signature: bc89ecfee63655935c79d4117a86808f17b693b26d9b91a1561811c655eaf608edad9b9ef52b81c8bbdd607b1b47991e6d403e1d80c213d58e04052fdbe7ae529e688472a1e54a603cf89bd52f46d8c3b2b79353ac9b6c432424d1f1fce9562e3411581843eaefff34746ca0c06c7fad031969881e9560cabbbd0cbb76efc724b081c63831cf36ad0c38b89020849b2e8f28b99ff6ca9427cdac396157e0e3955a9c769230f5dea6973d721c2a6032a8334d8635338a5cf3a4fdf7062ce16b4b30f5cbd34362f841b9de7d20cb058c8e2cf65f35fd338d42896508362ca389f45a858bb0b97bdb6ccba1f8d20e1bbb977cd12779be9d7c3be6a75634d8c991a9
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 01000000000125b0b4cc01
+            Version: 3
+            TBS:
+                MD5: e3369c8e5aec0504b3a50455f615d9f9
+                SHA1: 13c244a894b40ecd18aaf97c362f20385bd005a7
+                SHA256: 26da721a670c72836926032fee6920118bfb9bff89cc8d0ce30d9452c33f2532
+                SHA384: 1524902f0e25addc6d74039d439366d2b06199e215004fd8e145369f50ea94a021ce6312e8a62b35470da0309ccb975c
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            ValidFrom: '2004-01-22 10:00:00'
+            ValidTo: '2017-01-27 10:00:00'
+            Signature: 1e6af36df48ea922fe7008652ea15dab3330dd6c78fa4beaadc58dec107a6ac55897396b92f391e20ca7281cd15d768e8b077c136fadc43643b3c1bc3159cf1838d8a33bceffca6758bfe0f1ac613ea23b1ebc025b41ac446bf526f3ed5ea865f6ca65a63fcaf577eba5862a582956f8be161040e9d2fc572c636137662539202e0703a036032594bd7ceb7ed3a3c2c57616753092b9ff7641352168d10e5e5c8ec30360e68040fcc05da2546e6e9267a7811287a2a32bdbb74dffe4d5c7e505e6d5f1aefccd661821f33e47c9e59542612c9d2680b20fa83d0ec9a778df6e748c2c46f672e93c646b2855c44b6433cb78541338f0d57106d43e0d0a350ee0b3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 040000000001239e0faf24
+            Version: 3
+            TBS:
+                MD5: 7dd2351a85d3665eeb6720a21f4f7dee
+                SHA1: 77838c4d7f36958a581841d28f481d61ce0696ed
+                SHA256: 846725f4b0193468c1079d6127e9e6e420fc6ed66019ed02d732ba644decad57
+                SHA384: aaa45fe704bc66bb1842a2123c6e45e016dfbc7ba2ce07d7d2ee0b5d488a39c68bc6db582cb45d51f5fa52e60be8efd6
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 010000000001261dec28f7
+            Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            Version: 1
+    Imphash: 0cba56fa162378bc4ee09e94a4e2fe33
+    LoadsDespiteHVCI: 'TRUE'
diff --git a/yaml/213676bb-ffb9-4d0d-a442-8cefee63acc1.yaml b/yaml/213676bb-ffb9-4d0d-a442-8cefee63acc1.yaml
index 9e58396e6..fa1c635a2 100644
--- a/yaml/213676bb-ffb9-4d0d-a442-8cefee63acc1.yaml
+++ b/yaml/213676bb-ffb9-4d0d-a442-8cefee63acc1.yaml
@@ -1,767 +1,770 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 213676bb-ffb9-4d0d-a442-8cefee63acc1
+Tags:
+- AsrDrv.sys
+Verified: 'TRUE'
 Author: Michael Haag
+Created: '2023-07-22'
+MitreID: T1068
 CVE:
 - ''
 Category: vulnerable drivers
 Commands:
-  Command: ''
-  Description: Confirmed vulnerable driver from Microsoft Block List
-  OperatingSystem: Windows
-  Privileges: kernel
-  Usecase: Elevate privileges
-Created: '2023-07-22'
-Detection:
-- type: ''
-  value: ''
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: 213676bb-ffb9-4d0d-a442-8cefee63acc1
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 590167dbbbdbdefefc8896ae7bc3647d
-    SHA1: 6c1bb3a72ebfb5359b9e22ca44d0a1ff825a68f2
-    SHA256: 904d8d0db7b3ed747ecfbb04386dfbe23b71ffd054f32ab17f65bc17d500f730
-  Company: ASRock Incorporation
-  Copyright: Copyright (C) 2012 ASRock Incorporation
-  CreationTimestamp: '2017-03-24 22:06:24'
-  Date: ''
-  Description: ASRock IO Driver
-  ExportedFunctions: ''
-  FileVersion: '1.00.00.0000 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - RtlQueryRegistryValues
-  - MmUnmapIoSpace
-  - IoFreeMdl
-  - MmGetPhysicalAddress
-  - IoBuildAsynchronousFsdRequest
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - IoFreeIrp
-  - RtlCompareMemory
-  - MmUnlockPages
-  - IoCreateSymbolicLink
-  - MmAllocateContiguousMemorySpecifyCache
-  - IofCallDriver
-  - KeBugCheckEx
-  - IoDeleteDevice
-  - MmGetSystemRoutineAddress
-  - IoCreateDevice
-  - ZwClose
-  - ObOpenObjectByPointer
-  - ZwSetSecurityObject
-  - IoDeviceObjectType
-  - _snwprintf
-  - RtlLengthSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - RtlCreateSecurityDescriptor
-  - RtlSetDaclSecurityDescriptor
-  - RtlAbsoluteToSelfRelativeSD
-  - IoIsWdmVersionAvailable
-  - SeExports
-  - wcschr
-  - _wcsnicmp
-  - RtlLengthSid
-  - RtlAddAccessAllowedAce
-  - RtlGetSaclSecurityDescriptor
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - ZwOpenKey
-  - ZwCreateKey
-  - ZwQueryValueKey
-  - ZwSetValueKey
-  - RtlFreeUnicodeString
-  - RtlInitUnicodeString
-  - MmFreeContiguousMemorySpecifyCache
-  - ExFreePoolWithTag
-  - IoDeleteSymbolicLink
-  - ExAllocatePoolWithTag
-  - KeStallExecutionProcessor
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: AsrDrv.sys
-  MD5: ab859723016484790c87b2218931d55f
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: AsrDrv.sys
-  PDBPath: ''
-  Product: ASRock IO Driver
-  ProductVersion: 1.00.00.0000
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 6540c04d181ea1395978a08c3d816451
-    SHA1: b3b7c684121b40f53751e0b7757ec248ef0670b4
-    SHA256: c68faaf4251928872474abfd81ef5ce8a2b5e5bd48c2edb586a4d2e518baa09d
-  SHA1: f42453c6a062bdc95d84e3c7cf1521a94ae615e5
-  SHA256: 4bf974f5d3489638a48ee508b4a8cfa0f0262909778ccdd2e871172b71654d89
-  Sections:
-    .text:
-      Entropy: 6.317180180523803
-      Virtual Size: '0x1d78'
-    .rdata:
-      Entropy: 4.495972157544269
-      Virtual Size: '0x748'
-    .data:
-      Entropy: 1.375820801701633
-      Virtual Size: '0x31c'
-    .pdata:
-      Entropy: 4.175208567718979
-      Virtual Size: '0x294'
-    PAGE:
-      Entropy: 6.213040199390471
-      Virtual Size: '0x1a47'
-    INIT:
-      Entropy: 5.465189779638788
-      Virtual Size: '0x872'
-    .rsrc:
-      Entropy: 3.2917593657396744
-      Virtual Size: '0x3a0'
-    .reloc:
-      Entropy: 1.2280731978955797
-      Virtual Size: '0x60'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=TW, ST=TAIWAN, L=Taipei, O=ASROCK Incorporation, OU=Digital ID Class
-        3 , Microsoft Software Validation v2, CN=ASROCK Incorporation
-      ValidFrom: '2014-03-07 00:00:00'
-      ValidTo: '2017-05-05 23:59:59'
-      Signature: 1a2d36e51fc7012c4b1548f12a0b4dbef774c3662171e0e1779f412648292619a8d74f8603af4fff5516d4859e7a26de9f0f688b2714b64ff296e56165afb0781c9a9dd23220d939c15cc218fe29d63d9ccd12f74127268c027d4041d392cad853e9da0a6d9379ac46efa8fe2099da7c49374b6c416139038143a94cc56334fad15ccbba2a821a22591d2c5b1449999e40af21e4f8280485d02056d904740e5c73a36e30c43376e7dbc8d0ccb7520e4bffc6501d0c0674a684398281b23d7dcb4386721fdece5817c74509fe6cc86751cd28e255dd47de330646d6bfe863fc50c773b90078f0332c3a02539c9e82b5e793c288063f91ed5f2036eb6cd4eae9e0
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03ffdaa3aac322387d7eb98acf9524bf
-      Version: 3
-      TBS:
-        MD5: 987b0fb90b05c0b59ba66fb1527c27e3
-        SHA1: 1b5d5279beed01b2355731588b1a26da29218b55
-        SHA256: b3cd9f313e55fce2d39d25dbe303777e5db9d0c01448dcd9ac70c2355bb5b4ea
-        SHA384: 4bb9546cdd73e2bff4224e021b54318e708c822a1a773a9e7246a46054aba1dd14c1651e8f01f5661b4ff4a3241c32ff
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 03ffdaa3aac322387d7eb98acf9524bf
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 3edc8a0f9cf180b3687025e17be537cc
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 594b8502120968f8c618ee9199086807
-    SHA1: 7eec3a1edf3b021883a4b5da450db63f7c0afeeb
-    SHA256: 3f44442f56f2ceb6213fce103466862ac750fb99038030003c1b42da35a43a83
-  Company: ASRock Incorporation
-  Copyright: Copyright (C) 2012 ASRock Incorporation
-  CreationTimestamp: '2017-03-24 22:06:25'
-  Date: ''
-  Description: ASRock IO Driver
-  ExportedFunctions: ''
-  FileVersion: '1.00.00.0000 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - RtlQueryRegistryValues
-  - MmUnmapIoSpace
-  - IoFreeMdl
-  - MmGetPhysicalAddress
-  - IoBuildAsynchronousFsdRequest
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - IoFreeIrp
-  - RtlCompareMemory
-  - MmUnlockPages
-  - IoCreateSymbolicLink
-  - MmAllocateContiguousMemorySpecifyCache
-  - IofCallDriver
-  - KeBugCheckEx
-  - IoDeleteDevice
-  - MmGetSystemRoutineAddress
-  - IoCreateDevice
-  - ZwClose
-  - ObOpenObjectByPointer
-  - ZwSetSecurityObject
-  - IoDeviceObjectType
-  - _snwprintf
-  - RtlLengthSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - RtlCreateSecurityDescriptor
-  - RtlSetDaclSecurityDescriptor
-  - RtlAbsoluteToSelfRelativeSD
-  - IoIsWdmVersionAvailable
-  - SeExports
-  - wcschr
-  - _wcsnicmp
-  - RtlLengthSid
-  - RtlAddAccessAllowedAce
-  - RtlGetSaclSecurityDescriptor
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - ZwOpenKey
-  - ZwCreateKey
-  - ZwQueryValueKey
-  - ZwSetValueKey
-  - RtlFreeUnicodeString
-  - RtlInitUnicodeString
-  - MmFreeContiguousMemorySpecifyCache
-  - ExFreePoolWithTag
-  - IoDeleteSymbolicLink
-  - ExAllocatePoolWithTag
-  - KeStallExecutionProcessor
-  - BCryptCloseAlgorithmProvider
-  - BCryptGenerateSymmetricKey
-  - BCryptOpenAlgorithmProvider
-  - BCryptDecrypt
-  - BCryptDestroyKey
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  - cng.sys
-  InternalName: AsrDrv.sys
-  MD5: dbdac970026703dfa5ccaf69b04086ec
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: AsrDrv.sys
-  PDBPath: ''
-  Product: ASRock IO Driver
-  ProductVersion: 1.00.00.0000
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 6540c04d181ea1395978a08c3d816451
-    SHA1: b3b7c684121b40f53751e0b7757ec248ef0670b4
-    SHA256: c68faaf4251928872474abfd81ef5ce8a2b5e5bd48c2edb586a4d2e518baa09d
-  SHA1: 46b479cec57aa09a582591726b10c30222b7d91d
-  SHA256: 53bb076e81f6104f41bc284eedae36bd99b53e42719573fa5960932720ebc854
-  Sections:
-    .text:
-      Entropy: 6.305427002234095
-      Virtual Size: '0x2238'
-    .rdata:
-      Entropy: 4.495452222719752
-      Virtual Size: '0x7c4'
-    .data:
-      Entropy: 1.3791658791138062
-      Virtual Size: '0x31c'
-    .pdata:
-      Entropy: 4.2004883967539595
-      Virtual Size: '0x2b8'
-    PAGE:
-      Entropy: 6.220333128676603
-      Virtual Size: '0x1a47'
-    INIT:
-      Entropy: 5.433417095639423
-      Virtual Size: '0x93a'
-    .rsrc:
-      Entropy: 3.2917593657396744
-      Virtual Size: '0x3a0'
-    .reloc:
-      Entropy: 1.2280731978955797
-      Virtual Size: '0x60'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=TW, ST=TAIWAN, L=Taipei, O=ASROCK Incorporation, OU=Digital ID Class
-        3 , Microsoft Software Validation v2, CN=ASROCK Incorporation
-      ValidFrom: '2014-03-07 00:00:00'
-      ValidTo: '2017-05-05 23:59:59'
-      Signature: 1a2d36e51fc7012c4b1548f12a0b4dbef774c3662171e0e1779f412648292619a8d74f8603af4fff5516d4859e7a26de9f0f688b2714b64ff296e56165afb0781c9a9dd23220d939c15cc218fe29d63d9ccd12f74127268c027d4041d392cad853e9da0a6d9379ac46efa8fe2099da7c49374b6c416139038143a94cc56334fad15ccbba2a821a22591d2c5b1449999e40af21e4f8280485d02056d904740e5c73a36e30c43376e7dbc8d0ccb7520e4bffc6501d0c0674a684398281b23d7dcb4386721fdece5817c74509fe6cc86751cd28e255dd47de330646d6bfe863fc50c773b90078f0332c3a02539c9e82b5e793c288063f91ed5f2036eb6cd4eae9e0
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03ffdaa3aac322387d7eb98acf9524bf
-      Version: 3
-      TBS:
-        MD5: 987b0fb90b05c0b59ba66fb1527c27e3
-        SHA1: 1b5d5279beed01b2355731588b1a26da29218b55
-        SHA256: b3cd9f313e55fce2d39d25dbe303777e5db9d0c01448dcd9ac70c2355bb5b4ea
-        SHA384: 4bb9546cdd73e2bff4224e021b54318e708c822a1a773a9e7246a46054aba1dd14c1651e8f01f5661b4ff4a3241c32ff
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 03ffdaa3aac322387d7eb98acf9524bf
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 88e21ed9e717781eaf87209acbdbb567
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: bb59340eceecb279389290775536523a
-    SHA1: b3410021ea5a46818d9ff05a96c2809a9abe8e4a
-    SHA256: b6bf2460e023b1005cc60e107b14a3cfdf9284cc378a086d92e5dcdf6e432e2c
-  Company: ASRock Incorporation
-  Copyright: Copyright (C) 2012 ASRock Incorporation
-  CreationTimestamp: '2016-04-08 21:22:23'
-  Date: ''
-  Description: ASRock IO Driver
-  ExportedFunctions: ''
-  FileVersion: '1.00.00.0000 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - RtlQueryRegistryValues
-  - MmUnmapIoSpace
-  - IoFreeMdl
-  - MmGetPhysicalAddress
-  - IoBuildAsynchronousFsdRequest
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - IoFreeIrp
-  - RtlCompareMemory
-  - MmUnlockPages
-  - IoCreateSymbolicLink
-  - MmAllocateContiguousMemorySpecifyCache
-  - IofCallDriver
-  - KeBugCheckEx
-  - IoDeleteDevice
-  - MmGetSystemRoutineAddress
-  - IoCreateDevice
-  - ZwClose
-  - ObOpenObjectByPointer
-  - ZwSetSecurityObject
-  - IoDeviceObjectType
-  - _snwprintf
-  - RtlLengthSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - RtlCreateSecurityDescriptor
-  - RtlSetDaclSecurityDescriptor
-  - RtlAbsoluteToSelfRelativeSD
-  - IoIsWdmVersionAvailable
-  - SeExports
-  - wcschr
-  - _wcsnicmp
-  - RtlLengthSid
-  - RtlAddAccessAllowedAce
-  - RtlGetSaclSecurityDescriptor
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - ZwOpenKey
-  - ZwCreateKey
-  - ZwQueryValueKey
-  - ZwSetValueKey
-  - RtlFreeUnicodeString
-  - RtlInitUnicodeString
-  - MmFreeContiguousMemorySpecifyCache
-  - ExFreePoolWithTag
-  - IoDeleteSymbolicLink
-  - ExAllocatePoolWithTag
-  - KeStallExecutionProcessor
-  - BCryptCloseAlgorithmProvider
-  - BCryptGenerateSymmetricKey
-  - BCryptOpenAlgorithmProvider
-  - BCryptDecrypt
-  - BCryptDestroyKey
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  - cng.sys
-  InternalName: AsrDrv.sys
-  MD5: 9c56e390589ceb75d773229567924dcd
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: AsrDrv.sys
-  PDBPath: ''
-  Product: ASRock IO Driver
-  ProductVersion: 1.00.00.0000
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 6540c04d181ea1395978a08c3d816451
-    SHA1: b3b7c684121b40f53751e0b7757ec248ef0670b4
-    SHA256: c68faaf4251928872474abfd81ef5ce8a2b5e5bd48c2edb586a4d2e518baa09d
-  SHA1: b41fe1d44e2b3d562166e698d732a1ef1b2372df
-  SHA256: 4d03a01257e156a3a018230059052791c3cde556e5cec7a4dd2f55f65c06e146
-  Sections:
-    .text:
-      Entropy: 6.3051619106052055
-      Virtual Size: '0x2238'
-    .rdata:
-      Entropy: 4.489737477422066
-      Virtual Size: '0x7c4'
-    .data:
-      Entropy: 1.3791658791138062
-      Virtual Size: '0x31c'
-    .pdata:
-      Entropy: 4.2004883967539595
-      Virtual Size: '0x2b8'
-    PAGE:
-      Entropy: 6.220333128676603
-      Virtual Size: '0x1a47'
-    INIT:
-      Entropy: 5.432528075542002
-      Virtual Size: '0x93a'
-    .rsrc:
-      Entropy: 3.2917593657396744
-      Virtual Size: '0x3a0'
-    .reloc:
-      Entropy: 1.2280731978955797
-      Virtual Size: '0x60'
-  Signature: ''
-  Signatures: {}
-  Imphash: 88e21ed9e717781eaf87209acbdbb567
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: aa22a4da941f51546e49ca1067fc28e4
-    SHA1: 2b4d0dead4c1a7cc95543748b3565cfa802e5256
-    SHA256: e6a2ac52a35d470dc336bae5c48a2ebf2d80519bfd57b703da6ce00ddd12163a
-  Company: ASRock Incorporation
-  Copyright: Copyright (C) 2012 ASRock Incorporation
-  CreationTimestamp: '2017-03-24 22:06:29'
-  Date: ''
-  Description: ASRock IO Driver
-  ExportedFunctions: ''
-  FileVersion: '1.00.00.0000 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - memset
-  - MmGetPhysicalAddress
-  - MmAllocateContiguousMemorySpecifyCache
-  - MmFreeContiguousMemorySpecifyCache
-  - IoFreeIrp
-  - IoFreeMdl
-  - MmUnlockPages
-  - IofCallDriver
-  - IoBuildAsynchronousFsdRequest
-  - RtlQueryRegistryValues
-  - IoCreateSymbolicLink
-  - KeTickCount
-  - KeBugCheckEx
-  - RtlCompareMemory
-  - MmMapIoSpace
-  - MmUnmapIoSpace
-  - memcpy
-  - MmGetSystemRoutineAddress
-  - ZwClose
-  - ZwSetSecurityObject
-  - ObOpenObjectByPointer
-  - IoDeviceObjectType
-  - IoCreateDevice
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetSaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - _snwprintf
-  - RtlLengthSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - SeExports
-  - IoIsWdmVersionAvailable
-  - _wcsnicmp
-  - RtlAddAccessAllowedAce
-  - RtlLengthSid
-  - wcschr
-  - RtlAbsoluteToSelfRelativeSD
-  - RtlSetDaclSecurityDescriptor
-  - RtlCreateSecurityDescriptor
-  - ZwOpenKey
-  - ZwCreateKey
-  - ZwQueryValueKey
-  - ZwSetValueKey
-  - RtlFreeUnicodeString
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - RtlInitUnicodeString
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - IofCompleteRequest
-  - KeStallExecutionProcessor
-  - BCryptGenerateSymmetricKey
-  - BCryptCloseAlgorithmProvider
-  - BCryptOpenAlgorithmProvider
-  - BCryptDestroyKey
-  - BCryptDecrypt
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  - cng.sys
-  InternalName: AsrDrv.sys
-  MD5: e4f8cab9d478d892ab076f182a951d0d
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: AsrDrv.sys
-  PDBPath: ''
-  Product: ASRock IO Driver
-  ProductVersion: 1.00.00.0000
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 6a040ce6cb149645c2ee94feff2864a5
-    SHA1: 50b80eb17b5728b9a40887c3b998bf565dd77920
-    SHA256: 6dba5e5edc047abf8b9eac9ca2dc7dec808e6b1656406542a8d3c150a6447940
-  SHA1: 187efbdbbb085ed8e268a3e31b5b39a51ff5c90c
-  SHA256: d20d8bf80017e98b6dfc9f6c3960271fa792a908758bef49a390e2692a2a4341
-  Sections:
-    .text:
-      Entropy: 6.364656828511862
-      Virtual Size: '0x18a7'
-    .rdata:
-      Entropy: 3.9722804080346172
-      Virtual Size: '0x3eb'
-    .data:
-      Entropy: 2.2015449012732216
-      Virtual Size: '0x198'
-    PAGE:
-      Entropy: 6.258332879320928
-      Virtual Size: '0x13e2'
-    INIT:
-      Entropy: 5.577901310875993
-      Virtual Size: '0x7d0'
-    .rsrc:
-      Entropy: 3.288790736965791
-      Virtual Size: '0x3a0'
-    .reloc:
-      Entropy: 5.0897276785189
-      Virtual Size: '0x2b0'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=TW, ST=TAIWAN, L=Taipei, O=ASROCK Incorporation, OU=Digital ID Class
-        3 , Microsoft Software Validation v2, CN=ASROCK Incorporation
-      ValidFrom: '2014-03-07 00:00:00'
-      ValidTo: '2017-05-05 23:59:59'
-      Signature: 1a2d36e51fc7012c4b1548f12a0b4dbef774c3662171e0e1779f412648292619a8d74f8603af4fff5516d4859e7a26de9f0f688b2714b64ff296e56165afb0781c9a9dd23220d939c15cc218fe29d63d9ccd12f74127268c027d4041d392cad853e9da0a6d9379ac46efa8fe2099da7c49374b6c416139038143a94cc56334fad15ccbba2a821a22591d2c5b1449999e40af21e4f8280485d02056d904740e5c73a36e30c43376e7dbc8d0ccb7520e4bffc6501d0c0674a684398281b23d7dcb4386721fdece5817c74509fe6cc86751cd28e255dd47de330646d6bfe863fc50c773b90078f0332c3a02539c9e82b5e793c288063f91ed5f2036eb6cd4eae9e0
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03ffdaa3aac322387d7eb98acf9524bf
-      Version: 3
-      TBS:
-        MD5: 987b0fb90b05c0b59ba66fb1527c27e3
-        SHA1: 1b5d5279beed01b2355731588b1a26da29218b55
-        SHA256: b3cd9f313e55fce2d39d25dbe303777e5db9d0c01448dcd9ac70c2355bb5b4ea
-        SHA384: 4bb9546cdd73e2bff4224e021b54318e708c822a1a773a9e7246a46054aba1dd14c1651e8f01f5661b4ff4a3241c32ff
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 03ffdaa3aac322387d7eb98acf9524bf
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 7c8c655791b5c853e45aa174e5cc1333
-  LoadsDespiteHVCI: 'FALSE'
-MitreID: T1068
+    Command: ''
+    Description: Confirmed vulnerable driver from Microsoft Block List
+    OperatingSystem: Windows
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://gist.github.com/mgraeber-rc/1bde6a2a83237f17b463d051d32e802c
-Tags:
-- AsrDrv.sys
-Verified: 'TRUE'
+Detection:
+-   type: ''
+    value: ''
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 590167dbbbdbdefefc8896ae7bc3647d
+        SHA1: 6c1bb3a72ebfb5359b9e22ca44d0a1ff825a68f2
+        SHA256: 904d8d0db7b3ed747ecfbb04386dfbe23b71ffd054f32ab17f65bc17d500f730
+    Company: ASRock Incorporation
+    Copyright: Copyright (C) 2012 ASRock Incorporation
+    CreationTimestamp: '2017-03-24 22:06:24'
+    Date: ''
+    Description: ASRock IO Driver
+    ExportedFunctions: ''
+    FileVersion: '1.00.00.0000 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - RtlQueryRegistryValues
+    - MmUnmapIoSpace
+    - IoFreeMdl
+    - MmGetPhysicalAddress
+    - IoBuildAsynchronousFsdRequest
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - IoFreeIrp
+    - RtlCompareMemory
+    - MmUnlockPages
+    - IoCreateSymbolicLink
+    - MmAllocateContiguousMemorySpecifyCache
+    - IofCallDriver
+    - KeBugCheckEx
+    - IoDeleteDevice
+    - MmGetSystemRoutineAddress
+    - IoCreateDevice
+    - ZwClose
+    - ObOpenObjectByPointer
+    - ZwSetSecurityObject
+    - IoDeviceObjectType
+    - _snwprintf
+    - RtlLengthSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - RtlCreateSecurityDescriptor
+    - RtlSetDaclSecurityDescriptor
+    - RtlAbsoluteToSelfRelativeSD
+    - IoIsWdmVersionAvailable
+    - SeExports
+    - wcschr
+    - _wcsnicmp
+    - RtlLengthSid
+    - RtlAddAccessAllowedAce
+    - RtlGetSaclSecurityDescriptor
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - ZwOpenKey
+    - ZwCreateKey
+    - ZwQueryValueKey
+    - ZwSetValueKey
+    - RtlFreeUnicodeString
+    - RtlInitUnicodeString
+    - MmFreeContiguousMemorySpecifyCache
+    - ExFreePoolWithTag
+    - IoDeleteSymbolicLink
+    - ExAllocatePoolWithTag
+    - KeStallExecutionProcessor
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: AsrDrv.sys
+    MD5: ab859723016484790c87b2218931d55f
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: AsrDrv.sys
+    PDBPath: ''
+    Product: ASRock IO Driver
+    ProductVersion: 1.00.00.0000
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 6540c04d181ea1395978a08c3d816451
+        SHA1: b3b7c684121b40f53751e0b7757ec248ef0670b4
+        SHA256: c68faaf4251928872474abfd81ef5ce8a2b5e5bd48c2edb586a4d2e518baa09d
+    SHA1: f42453c6a062bdc95d84e3c7cf1521a94ae615e5
+    SHA256: 4bf974f5d3489638a48ee508b4a8cfa0f0262909778ccdd2e871172b71654d89
+    Sections:
+        .text:
+            Entropy: 6.317180180523803
+            Virtual Size: '0x1d78'
+        .rdata:
+            Entropy: 4.495972157544269
+            Virtual Size: '0x748'
+        .data:
+            Entropy: 1.375820801701633
+            Virtual Size: '0x31c'
+        .pdata:
+            Entropy: 4.175208567718979
+            Virtual Size: '0x294'
+        PAGE:
+            Entropy: 6.213040199390471
+            Virtual Size: '0x1a47'
+        INIT:
+            Entropy: 5.465189779638788
+            Virtual Size: '0x872'
+        .rsrc:
+            Entropy: 3.2917593657396744
+            Virtual Size: '0x3a0'
+        .reloc:
+            Entropy: 1.2280731978955797
+            Virtual Size: '0x60'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=TW, ST=TAIWAN, L=Taipei, O=ASROCK Incorporation, OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, CN=ASROCK Incorporation
+            ValidFrom: '2014-03-07 00:00:00'
+            ValidTo: '2017-05-05 23:59:59'
+            Signature: 1a2d36e51fc7012c4b1548f12a0b4dbef774c3662171e0e1779f412648292619a8d74f8603af4fff5516d4859e7a26de9f0f688b2714b64ff296e56165afb0781c9a9dd23220d939c15cc218fe29d63d9ccd12f74127268c027d4041d392cad853e9da0a6d9379ac46efa8fe2099da7c49374b6c416139038143a94cc56334fad15ccbba2a821a22591d2c5b1449999e40af21e4f8280485d02056d904740e5c73a36e30c43376e7dbc8d0ccb7520e4bffc6501d0c0674a684398281b23d7dcb4386721fdece5817c74509fe6cc86751cd28e255dd47de330646d6bfe863fc50c773b90078f0332c3a02539c9e82b5e793c288063f91ed5f2036eb6cd4eae9e0
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03ffdaa3aac322387d7eb98acf9524bf
+            Version: 3
+            TBS:
+                MD5: 987b0fb90b05c0b59ba66fb1527c27e3
+                SHA1: 1b5d5279beed01b2355731588b1a26da29218b55
+                SHA256: b3cd9f313e55fce2d39d25dbe303777e5db9d0c01448dcd9ac70c2355bb5b4ea
+                SHA384: 4bb9546cdd73e2bff4224e021b54318e708c822a1a773a9e7246a46054aba1dd14c1651e8f01f5661b4ff4a3241c32ff
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 03ffdaa3aac322387d7eb98acf9524bf
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 3edc8a0f9cf180b3687025e17be537cc
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 594b8502120968f8c618ee9199086807
+        SHA1: 7eec3a1edf3b021883a4b5da450db63f7c0afeeb
+        SHA256: 3f44442f56f2ceb6213fce103466862ac750fb99038030003c1b42da35a43a83
+    Company: ASRock Incorporation
+    Copyright: Copyright (C) 2012 ASRock Incorporation
+    CreationTimestamp: '2017-03-24 22:06:25'
+    Date: ''
+    Description: ASRock IO Driver
+    ExportedFunctions: ''
+    FileVersion: '1.00.00.0000 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - RtlQueryRegistryValues
+    - MmUnmapIoSpace
+    - IoFreeMdl
+    - MmGetPhysicalAddress
+    - IoBuildAsynchronousFsdRequest
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - IoFreeIrp
+    - RtlCompareMemory
+    - MmUnlockPages
+    - IoCreateSymbolicLink
+    - MmAllocateContiguousMemorySpecifyCache
+    - IofCallDriver
+    - KeBugCheckEx
+    - IoDeleteDevice
+    - MmGetSystemRoutineAddress
+    - IoCreateDevice
+    - ZwClose
+    - ObOpenObjectByPointer
+    - ZwSetSecurityObject
+    - IoDeviceObjectType
+    - _snwprintf
+    - RtlLengthSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - RtlCreateSecurityDescriptor
+    - RtlSetDaclSecurityDescriptor
+    - RtlAbsoluteToSelfRelativeSD
+    - IoIsWdmVersionAvailable
+    - SeExports
+    - wcschr
+    - _wcsnicmp
+    - RtlLengthSid
+    - RtlAddAccessAllowedAce
+    - RtlGetSaclSecurityDescriptor
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - ZwOpenKey
+    - ZwCreateKey
+    - ZwQueryValueKey
+    - ZwSetValueKey
+    - RtlFreeUnicodeString
+    - RtlInitUnicodeString
+    - MmFreeContiguousMemorySpecifyCache
+    - ExFreePoolWithTag
+    - IoDeleteSymbolicLink
+    - ExAllocatePoolWithTag
+    - KeStallExecutionProcessor
+    - BCryptCloseAlgorithmProvider
+    - BCryptGenerateSymmetricKey
+    - BCryptOpenAlgorithmProvider
+    - BCryptDecrypt
+    - BCryptDestroyKey
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    - cng.sys
+    InternalName: AsrDrv.sys
+    MD5: dbdac970026703dfa5ccaf69b04086ec
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: AsrDrv.sys
+    PDBPath: ''
+    Product: ASRock IO Driver
+    ProductVersion: 1.00.00.0000
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 6540c04d181ea1395978a08c3d816451
+        SHA1: b3b7c684121b40f53751e0b7757ec248ef0670b4
+        SHA256: c68faaf4251928872474abfd81ef5ce8a2b5e5bd48c2edb586a4d2e518baa09d
+    SHA1: 46b479cec57aa09a582591726b10c30222b7d91d
+    SHA256: 53bb076e81f6104f41bc284eedae36bd99b53e42719573fa5960932720ebc854
+    Sections:
+        .text:
+            Entropy: 6.305427002234095
+            Virtual Size: '0x2238'
+        .rdata:
+            Entropy: 4.495452222719752
+            Virtual Size: '0x7c4'
+        .data:
+            Entropy: 1.3791658791138062
+            Virtual Size: '0x31c'
+        .pdata:
+            Entropy: 4.2004883967539595
+            Virtual Size: '0x2b8'
+        PAGE:
+            Entropy: 6.220333128676603
+            Virtual Size: '0x1a47'
+        INIT:
+            Entropy: 5.433417095639423
+            Virtual Size: '0x93a'
+        .rsrc:
+            Entropy: 3.2917593657396744
+            Virtual Size: '0x3a0'
+        .reloc:
+            Entropy: 1.2280731978955797
+            Virtual Size: '0x60'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=TW, ST=TAIWAN, L=Taipei, O=ASROCK Incorporation, OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, CN=ASROCK Incorporation
+            ValidFrom: '2014-03-07 00:00:00'
+            ValidTo: '2017-05-05 23:59:59'
+            Signature: 1a2d36e51fc7012c4b1548f12a0b4dbef774c3662171e0e1779f412648292619a8d74f8603af4fff5516d4859e7a26de9f0f688b2714b64ff296e56165afb0781c9a9dd23220d939c15cc218fe29d63d9ccd12f74127268c027d4041d392cad853e9da0a6d9379ac46efa8fe2099da7c49374b6c416139038143a94cc56334fad15ccbba2a821a22591d2c5b1449999e40af21e4f8280485d02056d904740e5c73a36e30c43376e7dbc8d0ccb7520e4bffc6501d0c0674a684398281b23d7dcb4386721fdece5817c74509fe6cc86751cd28e255dd47de330646d6bfe863fc50c773b90078f0332c3a02539c9e82b5e793c288063f91ed5f2036eb6cd4eae9e0
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03ffdaa3aac322387d7eb98acf9524bf
+            Version: 3
+            TBS:
+                MD5: 987b0fb90b05c0b59ba66fb1527c27e3
+                SHA1: 1b5d5279beed01b2355731588b1a26da29218b55
+                SHA256: b3cd9f313e55fce2d39d25dbe303777e5db9d0c01448dcd9ac70c2355bb5b4ea
+                SHA384: 4bb9546cdd73e2bff4224e021b54318e708c822a1a773a9e7246a46054aba1dd14c1651e8f01f5661b4ff4a3241c32ff
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 03ffdaa3aac322387d7eb98acf9524bf
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 88e21ed9e717781eaf87209acbdbb567
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: bb59340eceecb279389290775536523a
+        SHA1: b3410021ea5a46818d9ff05a96c2809a9abe8e4a
+        SHA256: b6bf2460e023b1005cc60e107b14a3cfdf9284cc378a086d92e5dcdf6e432e2c
+    Company: ASRock Incorporation
+    Copyright: Copyright (C) 2012 ASRock Incorporation
+    CreationTimestamp: '2016-04-08 21:22:23'
+    Date: ''
+    Description: ASRock IO Driver
+    ExportedFunctions: ''
+    FileVersion: '1.00.00.0000 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - RtlQueryRegistryValues
+    - MmUnmapIoSpace
+    - IoFreeMdl
+    - MmGetPhysicalAddress
+    - IoBuildAsynchronousFsdRequest
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - IoFreeIrp
+    - RtlCompareMemory
+    - MmUnlockPages
+    - IoCreateSymbolicLink
+    - MmAllocateContiguousMemorySpecifyCache
+    - IofCallDriver
+    - KeBugCheckEx
+    - IoDeleteDevice
+    - MmGetSystemRoutineAddress
+    - IoCreateDevice
+    - ZwClose
+    - ObOpenObjectByPointer
+    - ZwSetSecurityObject
+    - IoDeviceObjectType
+    - _snwprintf
+    - RtlLengthSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - RtlCreateSecurityDescriptor
+    - RtlSetDaclSecurityDescriptor
+    - RtlAbsoluteToSelfRelativeSD
+    - IoIsWdmVersionAvailable
+    - SeExports
+    - wcschr
+    - _wcsnicmp
+    - RtlLengthSid
+    - RtlAddAccessAllowedAce
+    - RtlGetSaclSecurityDescriptor
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - ZwOpenKey
+    - ZwCreateKey
+    - ZwQueryValueKey
+    - ZwSetValueKey
+    - RtlFreeUnicodeString
+    - RtlInitUnicodeString
+    - MmFreeContiguousMemorySpecifyCache
+    - ExFreePoolWithTag
+    - IoDeleteSymbolicLink
+    - ExAllocatePoolWithTag
+    - KeStallExecutionProcessor
+    - BCryptCloseAlgorithmProvider
+    - BCryptGenerateSymmetricKey
+    - BCryptOpenAlgorithmProvider
+    - BCryptDecrypt
+    - BCryptDestroyKey
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    - cng.sys
+    InternalName: AsrDrv.sys
+    MD5: 9c56e390589ceb75d773229567924dcd
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: AsrDrv.sys
+    PDBPath: ''
+    Product: ASRock IO Driver
+    ProductVersion: 1.00.00.0000
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 6540c04d181ea1395978a08c3d816451
+        SHA1: b3b7c684121b40f53751e0b7757ec248ef0670b4
+        SHA256: c68faaf4251928872474abfd81ef5ce8a2b5e5bd48c2edb586a4d2e518baa09d
+    SHA1: b41fe1d44e2b3d562166e698d732a1ef1b2372df
+    SHA256: 4d03a01257e156a3a018230059052791c3cde556e5cec7a4dd2f55f65c06e146
+    Sections:
+        .text:
+            Entropy: 6.3051619106052055
+            Virtual Size: '0x2238'
+        .rdata:
+            Entropy: 4.489737477422066
+            Virtual Size: '0x7c4'
+        .data:
+            Entropy: 1.3791658791138062
+            Virtual Size: '0x31c'
+        .pdata:
+            Entropy: 4.2004883967539595
+            Virtual Size: '0x2b8'
+        PAGE:
+            Entropy: 6.220333128676603
+            Virtual Size: '0x1a47'
+        INIT:
+            Entropy: 5.432528075542002
+            Virtual Size: '0x93a'
+        .rsrc:
+            Entropy: 3.2917593657396744
+            Virtual Size: '0x3a0'
+        .reloc:
+            Entropy: 1.2280731978955797
+            Virtual Size: '0x60'
+    Signature: ''
+    Signatures: {}
+    Imphash: 88e21ed9e717781eaf87209acbdbb567
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: aa22a4da941f51546e49ca1067fc28e4
+        SHA1: 2b4d0dead4c1a7cc95543748b3565cfa802e5256
+        SHA256: e6a2ac52a35d470dc336bae5c48a2ebf2d80519bfd57b703da6ce00ddd12163a
+    Company: ASRock Incorporation
+    Copyright: Copyright (C) 2012 ASRock Incorporation
+    CreationTimestamp: '2017-03-24 22:06:29'
+    Date: ''
+    Description: ASRock IO Driver
+    ExportedFunctions: ''
+    FileVersion: '1.00.00.0000 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - memset
+    - MmGetPhysicalAddress
+    - MmAllocateContiguousMemorySpecifyCache
+    - MmFreeContiguousMemorySpecifyCache
+    - IoFreeIrp
+    - IoFreeMdl
+    - MmUnlockPages
+    - IofCallDriver
+    - IoBuildAsynchronousFsdRequest
+    - RtlQueryRegistryValues
+    - IoCreateSymbolicLink
+    - KeTickCount
+    - KeBugCheckEx
+    - RtlCompareMemory
+    - MmMapIoSpace
+    - MmUnmapIoSpace
+    - memcpy
+    - MmGetSystemRoutineAddress
+    - ZwClose
+    - ZwSetSecurityObject
+    - ObOpenObjectByPointer
+    - IoDeviceObjectType
+    - IoCreateDevice
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetSaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - _snwprintf
+    - RtlLengthSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - SeExports
+    - IoIsWdmVersionAvailable
+    - _wcsnicmp
+    - RtlAddAccessAllowedAce
+    - RtlLengthSid
+    - wcschr
+    - RtlAbsoluteToSelfRelativeSD
+    - RtlSetDaclSecurityDescriptor
+    - RtlCreateSecurityDescriptor
+    - ZwOpenKey
+    - ZwCreateKey
+    - ZwQueryValueKey
+    - ZwSetValueKey
+    - RtlFreeUnicodeString
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - RtlInitUnicodeString
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - IofCompleteRequest
+    - KeStallExecutionProcessor
+    - BCryptGenerateSymmetricKey
+    - BCryptCloseAlgorithmProvider
+    - BCryptOpenAlgorithmProvider
+    - BCryptDestroyKey
+    - BCryptDecrypt
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    - cng.sys
+    InternalName: AsrDrv.sys
+    MD5: e4f8cab9d478d892ab076f182a951d0d
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: AsrDrv.sys
+    PDBPath: ''
+    Product: ASRock IO Driver
+    ProductVersion: 1.00.00.0000
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 6a040ce6cb149645c2ee94feff2864a5
+        SHA1: 50b80eb17b5728b9a40887c3b998bf565dd77920
+        SHA256: 6dba5e5edc047abf8b9eac9ca2dc7dec808e6b1656406542a8d3c150a6447940
+    SHA1: 187efbdbbb085ed8e268a3e31b5b39a51ff5c90c
+    SHA256: d20d8bf80017e98b6dfc9f6c3960271fa792a908758bef49a390e2692a2a4341
+    Sections:
+        .text:
+            Entropy: 6.364656828511862
+            Virtual Size: '0x18a7'
+        .rdata:
+            Entropy: 3.9722804080346172
+            Virtual Size: '0x3eb'
+        .data:
+            Entropy: 2.2015449012732216
+            Virtual Size: '0x198'
+        PAGE:
+            Entropy: 6.258332879320928
+            Virtual Size: '0x13e2'
+        INIT:
+            Entropy: 5.577901310875993
+            Virtual Size: '0x7d0'
+        .rsrc:
+            Entropy: 3.288790736965791
+            Virtual Size: '0x3a0'
+        .reloc:
+            Entropy: 5.0897276785189
+            Virtual Size: '0x2b0'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=TW, ST=TAIWAN, L=Taipei, O=ASROCK Incorporation, OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, CN=ASROCK Incorporation
+            ValidFrom: '2014-03-07 00:00:00'
+            ValidTo: '2017-05-05 23:59:59'
+            Signature: 1a2d36e51fc7012c4b1548f12a0b4dbef774c3662171e0e1779f412648292619a8d74f8603af4fff5516d4859e7a26de9f0f688b2714b64ff296e56165afb0781c9a9dd23220d939c15cc218fe29d63d9ccd12f74127268c027d4041d392cad853e9da0a6d9379ac46efa8fe2099da7c49374b6c416139038143a94cc56334fad15ccbba2a821a22591d2c5b1449999e40af21e4f8280485d02056d904740e5c73a36e30c43376e7dbc8d0ccb7520e4bffc6501d0c0674a684398281b23d7dcb4386721fdece5817c74509fe6cc86751cd28e255dd47de330646d6bfe863fc50c773b90078f0332c3a02539c9e82b5e793c288063f91ed5f2036eb6cd4eae9e0
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03ffdaa3aac322387d7eb98acf9524bf
+            Version: 3
+            TBS:
+                MD5: 987b0fb90b05c0b59ba66fb1527c27e3
+                SHA1: 1b5d5279beed01b2355731588b1a26da29218b55
+                SHA256: b3cd9f313e55fce2d39d25dbe303777e5db9d0c01448dcd9ac70c2355bb5b4ea
+                SHA384: 4bb9546cdd73e2bff4224e021b54318e708c822a1a773a9e7246a46054aba1dd14c1651e8f01f5661b4ff4a3241c32ff
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 03ffdaa3aac322387d7eb98acf9524bf
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 7c8c655791b5c853e45aa174e5cc1333
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/214654eb-90c4-48c8-a183-0157e50bf07f.yaml b/yaml/214654eb-90c4-48c8-a183-0157e50bf07f.yaml
index 1f22f61bb..d95b74678 100644
--- a/yaml/214654eb-90c4-48c8-a183-0157e50bf07f.yaml
+++ b/yaml/214654eb-90c4-48c8-a183-0157e50bf07f.yaml
@@ -1,561 +1,561 @@
 Id: 214654eb-90c4-48c8-a183-0157e50bf07f
+Tags:
+- MsIo64.sys
+Verified: 'TRUE'
 Author: Nasreddine Bencherchali
 Created: '2023-05-06'
 MitreID: T1068
 Category: vulnerable driver
-Verified: 'TRUE'
 Commands:
-  Command: sc.exe create MsIo64.sys binPath=C:\windows\temp\MsIo64.sys type=kernel
-    && sc.exe start MsIo64.sys
-  Description: ''
-  Usecase: Elevate privileges
-  Privileges: kernel
-  OperatingSystem: Windows 10
+    Command: sc.exe create MsIo64.sys binPath=C:\windows\temp\MsIo64.sys type=kernel
+        && sc.exe start MsIo64.sys
+    Description: ''
+    Usecase: Elevate privileges
+    Privileges: kernel
+    OperatingSystem: Windows 10
 Resources:
 - Internal Research
-Acknowledgement:
-  Person: ''
-  Handle: ''
 Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Person: ''
+    Handle: ''
 KnownVulnerableSamples:
-- Filename: MsIo64.sys
-  MD5: 88a6d84f4f1cc188741271ac1999a4e9
-  SHA1: 483e58ed495e4067a7c42ca48e8a5f600b14e018
-  SHA256: 0f035948848432bc243704041739e49b528f35c82a5be922d9e3b8a4c44398ff
-  Authentihash:
-    MD5: 404c94935da4ba9eb3d5eea83c68378c
-    SHA1: 086e6e37abad257b753c26e8c9e3e181e46b10c3
-    SHA256: d55dd56e24df201d1ad2204d565da5e8e6080d895c1ac2873a6afdcbb4c8b8c7
-  Description: MICSYS IO driver
-  Company: MICSYS Technology Co., LTd
-  InternalName: MsIo64.sys
-  OriginalFilename: MsIo64.sys
-  FileVersion: '1.3 x64 built by: WinDDK'
-  Product: MsIo64 Driver Version 1.3
-  ProductVersion: 1.3 x64
-  Copyright: Copyright (c) 2021 MICSYS
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - RtlInitUnicodeString
-  - DbgPrint
-  - ZwClose
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - IoDeleteSymbolicLink
-  - ZwUnmapViewOfSection
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - ObfDereferenceObject
-  - IoDeleteDevice
-  - HalTranslateBusAddress
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Hardware Compatibility Publisher
-      ValidFrom: '2021-09-09 19:15:59'
-      ValidTo: '2022-09-01 19:15:59'
-      Signature: 1757782e797188079911866d54bd474a2432707984658c549a407e7fb4e5efa2ba72367a02b382d2116d4c4538836ddcd4616fcd231229df1ae5d0da6b3abe499ee5d8b47a7919940f6bbcbe2575018dca65eef4913e3d38410f2cd6cca3082d9ba2c061173cd828635665f76e8f0f685e03da24290b9d2cae7039da974de7b7e85798ba64cbe9ba34e0308c3bd6b4d68e9723fde74274fd3806fe799d04d6a3835f82d4fefc52088ccda4b4c817116f2f5a99445a3e952d78bc27753e65e97c6271c71ac7c9e3439b847e8984ab06a5904d150223f9ca92bbda86c02663c3f4964da5e106619b6eaff2768143cce9e5a8b0b2cba90e82cd87866d9fd6499c6cfbc96529a18b5653d12b54a6c928693a4e3d197ffbfcce7ed71a909b18d09b4345b24bc25eb8dfa1821a9cd0971ffc7d38a26580e2f118c4ac55bf926d0666b72ad7ba6ec20f0b54d694bc3b8a0dbddda27bd64194da085319841d1ebc9dc067ef72ea064a475bea865828b13077bc8e14e2f7544b90f0045f3cd84bcc0d5a80645a6fb65528e4f768ec775bdb0225399f3c81c0b667714676d0949f9ffaddc8549dc45e5ce4345c4ea7dc0aff4ac510f5527ad94a2181edc4b73bcfde813a83d81ca897854c98712346001a12e5d3bf9a45c807f9b3c7d3e0bb99c035ea54ee39e2c9af4147dbea7aabec85b47192b945e083ddf6061afb901e83b11135d24e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 330000004de597a775e3157f7b00000000004d
-      Version: 3
-      TBS:
-        MD5: 9f0782e89bd41cdd96ec55357457478a
-        SHA1: 35c2180572baad19019acca1334e6c653699c389
-        SHA256: 50814710213afec410f26e573d25267a2e21d3d15f158be8a43a666c9cc6fa08
-        SHA384: 8d48f066b0284071d64bbc556e018824a8388ccd142a56c7b7b04ef6d27cade07da57ac82d8067e18ad64d35af11e2a7
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2014
-      ValidFrom: '2014-10-15 20:31:27'
-      ValidTo: '2029-10-15 20:41:27'
-      Signature: 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 330000000d690d5d7893d076df00000000000d
-      Version: 3
-      TBS:
-        MD5: 83f69422963f11c3c340b81712eef319
-        SHA1: 0c5e5f24590b53bc291e28583acb78e5adc95601
-        SHA256: d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
-        SHA384: 260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63
-    Signer:
-    - SerialNumber: 330000004de597a775e3157f7b00000000004d
-      Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2014
-      Version: 1
-  RichPEHeaderHash:
-    MD5: ca146dde5be4c188affdff2cb309138f
-    SHA1: 2ccd48af92b211fe134d5fa3c7888b95d648825e
-    SHA256: 1a49f88636cc1a3ab481d8a17a6bc61de8a93ff1dc8b6253dcc5e3cbcaac827c
-  Sections:
-    .text:
-      Entropy: 6.147792604910476
-      Virtual Size: '0xcff'
-    .rdata:
-      Entropy: 4.478250043699546
-      Virtual Size: '0x1a0'
-    .data:
-      Entropy: 0.8581604745030629
-      Virtual Size: '0x15c'
-    .pdata:
-      Entropy: 2.9485276044371007
-      Virtual Size: '0x60'
-    INIT:
-      Entropy: 4.7872869058901975
-      Virtual Size: '0x262'
-    .rsrc:
-      Entropy: 3.385724178395201
-      Virtual Size: '0x390'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2022-06-09 01:43:50'
-  Imphash: 8a424cd36ae3eab0d11332ce3b982a02
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: MsIo32.sys
-  MD5: 564d84a799db39b381a582a0b2f738c4
-  SHA1: fbc6d2448739ddec35bb5d6c94b46df4148f648d
-  SHA256: 2270a8144dabaf159c2888519b11b61e5e13acdaa997820c09798137bded3dd6
-  Authentihash:
-    MD5: d7acc8a58b2163f0b070d647e81c49fd
-    SHA1: 0cb0fd5bea730e4eaaec1426b0c15376ccac6d83
-    SHA256: 0d0962db9dc6879067270134801ad425c1f3e85b0dc39877c02aaa9c54aca14e
-  Description: ''
-  Company: ''
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  Product: ''
-  ProductVersion: ''
-  Copyright: ''
-  MachineType: I386
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - ObfDereferenceObject
-  - ZwUnmapViewOfSection
-  - IofCompleteRequest
-  - MmAllocateNonCachedMemory
-  - MmFreeNonCachedMemory
-  - Ke386SetIoAccessMap
-  - ZwOpenSection
-  - IoGetCurrentProcess
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeTickCount
-  - ObReferenceObjectByHandle
-  - ZwMapViewOfSection
-  - ZwClose
-  - DbgPrint
-  - RtlInitUnicodeString
-  - IoDeleteSymbolicLink
-  - Ke386IoSetAccessProcess
-  - IoDeleteDevice
-  - WRITE_PORT_USHORT
-  - WRITE_PORT_UCHAR
-  - READ_PORT_ULONG
-  - READ_PORT_USHORT
-  - READ_PORT_UCHAR
-  - HalTranslateBusAddress
-  - WRITE_PORT_ULONG
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 Extended Validation Code Signing CA , G2
-      ValidFrom: '2014-03-04 00:00:00'
-      ValidTo: '2024-03-03 23:59:59'
-      Signature: 3f5b19f3fa13d575382a5aee9f5aa04ca91dc5cc94eede15fef5106ea41ba56483541858c40b28a185c34e74e5ff897cfed5ed3cba719f5602268f162a88feb0a32722ce4be2388e00a63a865f9de53ea8de644941744121fd07c88417da1d653082cb264f39d60427a481b14b49c3238b7e02321827b7ab0bf31872b6a4ee67066f38a6588de0f17e5da460c6a8e5505fe0e8bae28f9958b6b5a0a876f1a2f11c8841727e52979b0a36998d50f701eb3ce7f0226ae5358c63368a1ab1d967665f971aefa8209df02fba6cced9948500f158f17dc97c22b5075d02c6e60bbfab9393ff27188e33367e5734f1c3af04c184f156b3e8878336f8d30a31dc6e2c6d
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 191a32cb759c97b8cfac118dd5127f49
-      Version: 3
-      TBS:
-        MD5: 788b61bd26da89253179e3de2cdb527f
-        SHA1: 7d06f16e7bf21bce4f71c2cb7a3e74351451bf69
-        SHA256: b3c925b4048c3f7c444d248a2b101186b57cba39596eb5dce0e17a4ee4b32f19
-        SHA384: 2955e28cb7ec0ea9730b499a0f189f9621eceb02591a9486b583f12bb845885a30d6a871826318a167cc5f06b274e58c
-    - Subject: ??=TW, ??=Taiwan, ??=New Taipei, ??=Private Organization, serialNumber=84948057,
-        C=TW, L=New Taipei, O=MICSYS Technology Co., Ltd., CN=MICSYS Technology Co.,
-        Ltd.
-      ValidFrom: '2019-05-21 00:00:00'
-      ValidTo: '2022-05-20 23:59:59'
-      Signature: 0a47cf1ef4f7db7a1839d16d6cf70ab0447bc7a47cc9cf2124024f5f1583c03d411fabd06dddd424db9702178172411dea6503e33b3f488a5d53b30fb4dd2b30456e3880dd32fd4dc39bbb240c450e930c282095d65a061fae6cfd46eb94cdf549d4813cdc468061bc739b76c7a10fe9e8b762727a3a8e440473a1e6b56ac3d92df16ca8331deaf39072ce2a09705bcec87bc508ecea9b274115fff278b15c0e6430ddce6f09311e5d64ca763e70e5cad8eb6127680d12279d78129214cb0857078ab6a1187e112c9b71d1f08fa60e570d9180a901de521222be67be4ad243a9ddbb4af1ef3a5bb1e58556753a8183ed400de32f846e0b49a74de1025d03b7d0
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 49f161119a491d2a3faf4220f09db107
-      Version: 3
-      TBS:
-        MD5: b6dc6eecc4959ec6a25ad56ed4bc2451
-        SHA1: 8c38527fd4e4db39db700ee86431a6670edb9005
-        SHA256: 3777c0b7223f4d570844461c938b379ba4a49fdfde0a08ea37a7be5c38a39db0
-        SHA384: 78a64d3b5ad313da9aeaaf82440843670f388b556b5e6d632a0f8fea413108cd7b296214ee90ef3928837f315fb56cea
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    Signer:
-    - SerialNumber: 49f161119a491d2a3faf4220f09db107
-      Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 Extended Validation Code Signing CA , G2
-      Version: 1
-  RichPEHeaderHash:
-    MD5: d1c5b39e151846c2dcb30d3116cba10d
-    SHA1: ef12b9e4550f27b0c74b09f9f6c4e1cfa6d757f7
-    SHA256: ace4fba2c26bcc6e806e2ad3abec8dd0852907ccd429053608e3c639a514d1bc
-  Sections:
-    .text:
-      Entropy: 6.282770026975047
-      Virtual Size: '0x9f0'
-    .rdata:
-      Entropy: 4.257419198996188
-      Virtual Size: '0xc3'
-    .data:
-      Entropy: 2.5
-      Virtual Size: '0x8'
-    INIT:
-      Entropy: 5.4236305547105035
-      Virtual Size: '0x32e'
-    .reloc:
-      Entropy: 4.3106029983367184
-      Virtual Size: '0xe8'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2018-02-12 00:57:28'
-  Imphash: 24b344cd341f8b20003ac85be08df979
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: MsIo64.sys
-  MD5: 55a7c51dc2aa959c41e391db8f6b8b4f
-  SHA1: bc949bc040333fdc9140b897b0066ef125343ef6
-  SHA256: ae42afa9be9aa6f6a5ae09fa9c05cd2dfb7861dc72d4fd8e0130e5843756c471
-  Authentihash:
-    MD5: 3cdda257c661f3c1eb256b61dba8147d
-    SHA1: 84a45f83a90b1a695ffeb915ea2a197b186857e6
-    SHA256: 9f3e67f9454cb009716b89c0a296dcde73aa29145b7dcf776b81605932785b91
-  Description: MICSYS IO driver
-  Company: MICSYS Technology Co., LTd
-  InternalName: MsIo64.sys
-  OriginalFilename: MsIo64.sys
-  FileVersion: '1.3 x64 built by: WinDDK'
-  Product: MsIo64 Driver Version 1.3
-  ProductVersion: 1.3 x64
-  Copyright: Copyright (c) 2021 MICSYS
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - RtlInitUnicodeString
-  - DbgPrint
-  - ZwClose
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - IoDeleteSymbolicLink
-  - ZwUnmapViewOfSection
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - ObfDereferenceObject
-  - IoDeleteDevice
-  - HalTranslateBusAddress
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 Extended Validation Code Signing CA , G2
-      ValidFrom: '2014-03-04 00:00:00'
-      ValidTo: '2024-03-03 23:59:59'
-      Signature: 3f5b19f3fa13d575382a5aee9f5aa04ca91dc5cc94eede15fef5106ea41ba56483541858c40b28a185c34e74e5ff897cfed5ed3cba719f5602268f162a88feb0a32722ce4be2388e00a63a865f9de53ea8de644941744121fd07c88417da1d653082cb264f39d60427a481b14b49c3238b7e02321827b7ab0bf31872b6a4ee67066f38a6588de0f17e5da460c6a8e5505fe0e8bae28f9958b6b5a0a876f1a2f11c8841727e52979b0a36998d50f701eb3ce7f0226ae5358c63368a1ab1d967665f971aefa8209df02fba6cced9948500f158f17dc97c22b5075d02c6e60bbfab9393ff27188e33367e5734f1c3af04c184f156b3e8878336f8d30a31dc6e2c6d
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 191a32cb759c97b8cfac118dd5127f49
-      Version: 3
-      TBS:
-        MD5: 788b61bd26da89253179e3de2cdb527f
-        SHA1: 7d06f16e7bf21bce4f71c2cb7a3e74351451bf69
-        SHA256: b3c925b4048c3f7c444d248a2b101186b57cba39596eb5dce0e17a4ee4b32f19
-        SHA384: 2955e28cb7ec0ea9730b499a0f189f9621eceb02591a9486b583f12bb845885a30d6a871826318a167cc5f06b274e58c
-    - Subject: ??=TW, ??=Taiwan, ??=New Taipei, ??=Private Organization, serialNumber=84948057,
-        C=TW, L=New Taipei, O=MICSYS Technology Co., Ltd., CN=MICSYS Technology Co.,
-        Ltd.
-      ValidFrom: '2019-05-21 00:00:00'
-      ValidTo: '2022-05-20 23:59:59'
-      Signature: 0a47cf1ef4f7db7a1839d16d6cf70ab0447bc7a47cc9cf2124024f5f1583c03d411fabd06dddd424db9702178172411dea6503e33b3f488a5d53b30fb4dd2b30456e3880dd32fd4dc39bbb240c450e930c282095d65a061fae6cfd46eb94cdf549d4813cdc468061bc739b76c7a10fe9e8b762727a3a8e440473a1e6b56ac3d92df16ca8331deaf39072ce2a09705bcec87bc508ecea9b274115fff278b15c0e6430ddce6f09311e5d64ca763e70e5cad8eb6127680d12279d78129214cb0857078ab6a1187e112c9b71d1f08fa60e570d9180a901de521222be67be4ad243a9ddbb4af1ef3a5bb1e58556753a8183ed400de32f846e0b49a74de1025d03b7d0
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 49f161119a491d2a3faf4220f09db107
-      Version: 3
-      TBS:
-        MD5: b6dc6eecc4959ec6a25ad56ed4bc2451
-        SHA1: 8c38527fd4e4db39db700ee86431a6670edb9005
-        SHA256: 3777c0b7223f4d570844461c938b379ba4a49fdfde0a08ea37a7be5c38a39db0
-        SHA384: 78a64d3b5ad313da9aeaaf82440843670f388b556b5e6d632a0f8fea413108cd7b296214ee90ef3928837f315fb56cea
-    Signer:
-    - SerialNumber: 49f161119a491d2a3faf4220f09db107
-      Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 Extended Validation Code Signing CA , G2
-      Version: 1
-  RichPEHeaderHash:
-    MD5: ca146dde5be4c188affdff2cb309138f
-    SHA1: 2ccd48af92b211fe134d5fa3c7888b95d648825e
-    SHA256: 1a49f88636cc1a3ab481d8a17a6bc61de8a93ff1dc8b6253dcc5e3cbcaac827c
-  Sections:
-    .text:
-      Entropy: 5.985349255484258
-      Virtual Size: '0xdb5'
-    .rdata:
-      Entropy: 4.508056386696043
-      Virtual Size: '0x1a8'
-    .data:
-      Entropy: 0.4975521352521052
-      Virtual Size: '0x11c'
-    .pdata:
-      Entropy: 3.087778287293878
-      Virtual Size: '0x60'
-    INIT:
-      Entropy: 4.784008217365608
-      Virtual Size: '0x262'
-    .rsrc:
-      Entropy: 3.388654065082743
-      Virtual Size: '0x390'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2021-04-14 22:18:47'
-  Imphash: 8a424cd36ae3eab0d11332ce3b982a02
-  LoadsDespiteHVCI: 'TRUE'
-- Filename: MsIo64.sys
-  MD5: de711decdd763a73098372f752bf5a1c
-  SHA1: 663803d7ab5aff28be37c2e7e8c7b98b91c5733e
-  SHA256: cfcf32f5662791f1f22a77acb6dddfbc970fe6e99506969b3ea67c03f67687ab
-  Authentihash:
-    MD5: a108434c7016659eca85bc755687c9d1
-    SHA1: 5b030639b3e83f945ea610eead115b213bb436f6
-    SHA256: 555ebe7901706dbf801b5dbda6660002d3b36e5c669ec98ccfc6884a7481c56e
-  Description: MICSYS IO driver
-  Company: MICSYS Technology Co., LTd
-  InternalName: MsIo64.sys
-  OriginalFilename: MsIo64.sys
-  FileVersion: '1.2 x64 built by: WinDDK'
-  Product: MsIo64 Driver Version 1.2
-  ProductVersion: 1.2 x64
-  Copyright: Copyright (c) 2019 MICSYS
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - RtlInitUnicodeString
-  - DbgPrint
-  - ZwClose
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - IoDeleteSymbolicLink
-  - ZwUnmapViewOfSection
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - ObfDereferenceObject
-  - IoDeleteDevice
-  - HalTranslateBusAddress
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Hardware Compatibility Publisher
-      ValidFrom: '2019-06-05 18:34:00'
-      ValidTo: '2020-06-03 18:34:00'
-      Signature: 312314217055afc1a5751181c7d2d7619b23ba17166e6ae6f358b16921c925c6e3b75c31b93035f357c154fe4d347019e927db1957193b741e3371b46f4d6212b3bec972d6ff2297e8b1f2391f840045471ee31c524d4f5bf1cae4a32b73f6e48f51f777bb5b8a726db2a387c7c8df42289540f4f3d27b37d4ab4854efba809021879f3257d5670d70003a51d62bbc68e345a769f37ccb3ad336b7b3c494f5d56ef8300228d29835e5129b070742a220f83b6c9d5e2589cf2e7a1f7b59cfc81cda3232fc2fa448d736db546dc4b274cad3da83433deaa3eb9919b23ad08dc4055a8026711adcfccdb47d7a7c1adb2671ecc7198a786973807699a0ee236a46771f88913b769693b0b8ce9b002a40c2aa426edfd9a98368f89817b0d174458a390e11628e21f77e751431fae13831228e0e357610a24d89806d85390e9b3831792f62688bf04f91ee9a854b252452de7e752f39e57765a09a4ff41ae96144593a8a99688c6c9ad6b9fcaba1189ef2372b99e96db3fe6402b0e125b17f36c6f70fc1eb83257ce639b6c691a9ec031dddb9fa6536bb8e6080c9db976533f4ddfb73309b6498543cc94d3283d43668d614dd60a4fe707eb3b871da3204c534c8cc73cbc66aeb36cefd765439eef68d7ee9c515eb617f051a72097d0a25003df2dceccc9a0c4be1fd27e473955cc83ee9dba626748b1cb723c3b1c8b8ebc59321a0f5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 33000000319479a318f5522d06000000000031
-      Version: 3
-      TBS:
-        MD5: 5b81fd0f706522a8d7c9f2957283c0b4
-        SHA1: 84d894599653a8ed0e0b2802db3197dc177908cc
-        SHA256: 4fa629304df4287c97ae5b7e481974316e9daf776b0cdeffab1671e7dca68fb4
-        SHA384: 0b89dc122fc7ebf80881a5047ffbbcb0bec30636516aff4f43307e2a925a476cabfc26e2cc392ad748d655f6ec4c8b75
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2014
-      ValidFrom: '2014-10-15 20:31:27'
-      ValidTo: '2029-10-15 20:41:27'
-      Signature: 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 330000000d690d5d7893d076df00000000000d
-      Version: 3
-      TBS:
-        MD5: 83f69422963f11c3c340b81712eef319
-        SHA1: 0c5e5f24590b53bc291e28583acb78e5adc95601
-        SHA256: d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
-        SHA384: 260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63
-    Signer:
-    - SerialNumber: 33000000319479a318f5522d06000000000031
-      Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2014
-      Version: 1
-  RichPEHeaderHash:
-    MD5: ca146dde5be4c188affdff2cb309138f
-    SHA1: 2ccd48af92b211fe134d5fa3c7888b95d648825e
-    SHA256: 1a49f88636cc1a3ab481d8a17a6bc61de8a93ff1dc8b6253dcc5e3cbcaac827c
-  Sections:
-    .text:
-      Entropy: 5.955984889090057
-      Virtual Size: '0xd25'
-    .rdata:
-      Entropy: 4.1696966334987575
-      Virtual Size: '0x174'
-    .data:
-      Entropy: 0.4975521352521052
-      Virtual Size: '0x11c'
-    .pdata:
-      Entropy: 3.1449604398835636
-      Virtual Size: '0x60'
-    INIT:
-      Entropy: 4.784008217365608
-      Virtual Size: '0x262'
-    .rsrc:
-      Entropy: 3.371121078414638
-      Virtual Size: '0x390'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2020-01-19 20:35:15'
-  Imphash: 8a424cd36ae3eab0d11332ce3b982a02
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: MsIo64.sys
-  MD5: 61b068b10abfa0776f3b96a208d75bf9
-  SHA1: 1de9f25d189faa294468517b15947a523538ce9d
-  SHA256: d636c011b8b2896572f5de260eb997182cc6955449b044a739bd19cbe6fdabd2
-  Authentihash:
-    MD5: aedaf6ec0809d26c9dc2f41754095790
-    SHA1: 2c7e97bafd3bc518778d78cfc5157d069714bc18
-    SHA256: 5f39b84cb5132d4facff213c630b05ec97ef9d83b93579530152310d63945762
-  Description: MICSYS IO driver
-  Company: MICSYS Technology Co., LTd
-  InternalName: MsIo64.sys
-  OriginalFilename: MsIo64.sys
-  FileVersion: '1.3 x64 built by: WinDDK'
-  Product: MsIo64 Driver Version 1.3
-  ProductVersion: 1.3 x64
-  Copyright: Copyright (c) 2021 MICSYS
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - RtlInitUnicodeString
-  - DbgPrint
-  - ZwClose
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - ObfDereferenceObject
-  - IoDeleteSymbolicLink
-  - __C_specific_handler
-  - IofCompleteRequest
-  - ProbeForWrite
-  - ProbeForRead
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - ZwUnmapViewOfSection
-  - IoDeleteDevice
-  - HalTranslateBusAddress
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Hardware Compatibility Publisher
-      ValidFrom: '2022-06-07 18:08:05'
-      ValidTo: '2023-06-01 18:08:05'
-      Signature: 0915e1bc394d6afd2453e27c2cb0907bb3a569ca2f39bc8e430a355013bd29a2aa0f8d724499e05b94f919195e917a198a754a790c8f4f49ebeea699d62e4b97b18055d6872b13e5c3866e8617fafb65a59cf0c463f75b45f870595677ecdda4ae3562b0f4a30d09626cef7f4e20e77385bd4e4db94fc77088d698236e92e1440cef351a1f3bff256df13c1a14b5c6787dad23e1e28d4148b69b3a92fe692bed7db3feb760db45fe1700983b834ab7805ba6105fdf94d5e0833679fae2fc051d745c6fab49c8aa9044d92da8c26fe7c87a9268bd1211117298b391752c08f98ffaa3731bbca891a83a0bdb9d94546d1bab380ade386213b3833327f48b9ff29971732bfe5810b51569da90676b459f8f6341ef9ff11f96f44f58181ef7ffe3ff19ba7874ad2e8c4faa9f8d1c5cd698bbdab1658f5f234f64a0063ecaa346f16e58690dea8c52e02733560027155457863b38775e24f30176cadd0d2738b4d90f2e4f688e25bc908a5fb1057be8372e58dc7c018b4663588fb1ab36855c09e54924951cff3b29810339efca415995a577e7db9d8b43c79b0bcb888b3647c7b28b9599bf0cbc7683e0e68c610d0071e79a3f1b4160dcfcb3002478ccc6bbf0c6dd27893169825f7b50356e01ea77aeae1b534d8c8801eda6bc60682a7b3a78b8b74eddb75044a789e7c4fd8f27ac8050196a7b1de4b5ac2e2b268c568534f75ca9
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 330000005635887ede1882ef76000000000056
-      Version: 3
-      TBS:
-        MD5: b2247e5539fb97f429f20b17b38c4bcb
-        SHA1: a3b745afc365e9ddf6abdb2f52f76f1714c0461c
-        SHA256: e0c84b42e07e8f56ed8dcd2103e98cd43816cf2e05a27b8ff09fdccccfbcffaa
-        SHA384: 70e84fe31ec8f61d70755ec61ba53db7741610d7348247c97796147dcaa77a55bc3887cedf16eb0a2f32867670d007c1
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2014
-      ValidFrom: '2014-10-15 20:31:27'
-      ValidTo: '2029-10-15 20:41:27'
-      Signature: 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 330000000d690d5d7893d076df00000000000d
-      Version: 3
-      TBS:
-        MD5: 83f69422963f11c3c340b81712eef319
-        SHA1: 0c5e5f24590b53bc291e28583acb78e5adc95601
-        SHA256: d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
-        SHA384: 260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63
-    Signer:
-    - SerialNumber: 330000005635887ede1882ef76000000000056
-      Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2014
-      Version: 1
-  RichPEHeaderHash:
-    MD5: feef182f5e6f350d0f0fbf6ac45c2460
-    SHA1: 69770e51d1449ed5f85d3758d01cdc9a1a0e7827
-    SHA256: 8dca05c1af4dd5e09c431a0bb260dd3287443231d8c55b15b02ed4257e312cec
-  Sections:
-    .text:
-      Entropy: 6.149721231513278
-      Virtual Size: '0xe1f'
-    .rdata:
-      Entropy: 4.310768861955645
-      Virtual Size: '0x1e8'
-    .data:
-      Entropy: 0.8603296914633027
-      Virtual Size: '0x15c'
-    .pdata:
-      Entropy: 2.9836116206272116
-      Virtual Size: '0x60'
-    INIT:
-      Entropy: 4.834422659066408
-      Virtual Size: '0x2b2'
-    .rsrc:
-      Entropy: 3.388654065082743
-      Virtual Size: '0x390'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2023-04-05 19:54:11'
-  Imphash: 12a08688ec92616a8b639d85cc13a3ed
-  LoadsDespiteHVCI: 'FALSE'
-Tags:
-- MsIo64.sys
+-   Filename: MsIo64.sys
+    MD5: 88a6d84f4f1cc188741271ac1999a4e9
+    SHA1: 483e58ed495e4067a7c42ca48e8a5f600b14e018
+    SHA256: 0f035948848432bc243704041739e49b528f35c82a5be922d9e3b8a4c44398ff
+    Authentihash:
+        MD5: 404c94935da4ba9eb3d5eea83c68378c
+        SHA1: 086e6e37abad257b753c26e8c9e3e181e46b10c3
+        SHA256: d55dd56e24df201d1ad2204d565da5e8e6080d895c1ac2873a6afdcbb4c8b8c7
+    Description: MICSYS IO driver
+    Company: MICSYS Technology Co., LTd
+    InternalName: MsIo64.sys
+    OriginalFilename: MsIo64.sys
+    FileVersion: '1.3 x64 built by: WinDDK'
+    Product: MsIo64 Driver Version 1.3
+    ProductVersion: 1.3 x64
+    Copyright: Copyright (c) 2021 MICSYS
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - RtlInitUnicodeString
+    - DbgPrint
+    - ZwClose
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - IoDeleteSymbolicLink
+    - ZwUnmapViewOfSection
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - ObfDereferenceObject
+    - IoDeleteDevice
+    - HalTranslateBusAddress
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Hardware Compatibility Publisher
+            ValidFrom: '2021-09-09 19:15:59'
+            ValidTo: '2022-09-01 19:15:59'
+            Signature: 1757782e797188079911866d54bd474a2432707984658c549a407e7fb4e5efa2ba72367a02b382d2116d4c4538836ddcd4616fcd231229df1ae5d0da6b3abe499ee5d8b47a7919940f6bbcbe2575018dca65eef4913e3d38410f2cd6cca3082d9ba2c061173cd828635665f76e8f0f685e03da24290b9d2cae7039da974de7b7e85798ba64cbe9ba34e0308c3bd6b4d68e9723fde74274fd3806fe799d04d6a3835f82d4fefc52088ccda4b4c817116f2f5a99445a3e952d78bc27753e65e97c6271c71ac7c9e3439b847e8984ab06a5904d150223f9ca92bbda86c02663c3f4964da5e106619b6eaff2768143cce9e5a8b0b2cba90e82cd87866d9fd6499c6cfbc96529a18b5653d12b54a6c928693a4e3d197ffbfcce7ed71a909b18d09b4345b24bc25eb8dfa1821a9cd0971ffc7d38a26580e2f118c4ac55bf926d0666b72ad7ba6ec20f0b54d694bc3b8a0dbddda27bd64194da085319841d1ebc9dc067ef72ea064a475bea865828b13077bc8e14e2f7544b90f0045f3cd84bcc0d5a80645a6fb65528e4f768ec775bdb0225399f3c81c0b667714676d0949f9ffaddc8549dc45e5ce4345c4ea7dc0aff4ac510f5527ad94a2181edc4b73bcfde813a83d81ca897854c98712346001a12e5d3bf9a45c807f9b3c7d3e0bb99c035ea54ee39e2c9af4147dbea7aabec85b47192b945e083ddf6061afb901e83b11135d24e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 330000004de597a775e3157f7b00000000004d
+            Version: 3
+            TBS:
+                MD5: 9f0782e89bd41cdd96ec55357457478a
+                SHA1: 35c2180572baad19019acca1334e6c653699c389
+                SHA256: 50814710213afec410f26e573d25267a2e21d3d15f158be8a43a666c9cc6fa08
+                SHA384: 8d48f066b0284071d64bbc556e018824a8388ccd142a56c7b7b04ef6d27cade07da57ac82d8067e18ad64d35af11e2a7
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2014
+            ValidFrom: '2014-10-15 20:31:27'
+            ValidTo: '2029-10-15 20:41:27'
+            Signature: 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 330000000d690d5d7893d076df00000000000d
+            Version: 3
+            TBS:
+                MD5: 83f69422963f11c3c340b81712eef319
+                SHA1: 0c5e5f24590b53bc291e28583acb78e5adc95601
+                SHA256: d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
+                SHA384: 260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63
+        Signer:
+        -   SerialNumber: 330000004de597a775e3157f7b00000000004d
+            Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2014
+            Version: 1
+    RichPEHeaderHash:
+        MD5: ca146dde5be4c188affdff2cb309138f
+        SHA1: 2ccd48af92b211fe134d5fa3c7888b95d648825e
+        SHA256: 1a49f88636cc1a3ab481d8a17a6bc61de8a93ff1dc8b6253dcc5e3cbcaac827c
+    Sections:
+        .text:
+            Entropy: 6.147792604910476
+            Virtual Size: '0xcff'
+        .rdata:
+            Entropy: 4.478250043699546
+            Virtual Size: '0x1a0'
+        .data:
+            Entropy: 0.8581604745030629
+            Virtual Size: '0x15c'
+        .pdata:
+            Entropy: 2.9485276044371007
+            Virtual Size: '0x60'
+        INIT:
+            Entropy: 4.7872869058901975
+            Virtual Size: '0x262'
+        .rsrc:
+            Entropy: 3.385724178395201
+            Virtual Size: '0x390'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2022-06-09 01:43:50'
+    Imphash: 8a424cd36ae3eab0d11332ce3b982a02
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: MsIo32.sys
+    MD5: 564d84a799db39b381a582a0b2f738c4
+    SHA1: fbc6d2448739ddec35bb5d6c94b46df4148f648d
+    SHA256: 2270a8144dabaf159c2888519b11b61e5e13acdaa997820c09798137bded3dd6
+    Authentihash:
+        MD5: d7acc8a58b2163f0b070d647e81c49fd
+        SHA1: 0cb0fd5bea730e4eaaec1426b0c15376ccac6d83
+        SHA256: 0d0962db9dc6879067270134801ad425c1f3e85b0dc39877c02aaa9c54aca14e
+    Description: ''
+    Company: ''
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    Product: ''
+    ProductVersion: ''
+    Copyright: ''
+    MachineType: I386
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - ObfDereferenceObject
+    - ZwUnmapViewOfSection
+    - IofCompleteRequest
+    - MmAllocateNonCachedMemory
+    - MmFreeNonCachedMemory
+    - Ke386SetIoAccessMap
+    - ZwOpenSection
+    - IoGetCurrentProcess
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeTickCount
+    - ObReferenceObjectByHandle
+    - ZwMapViewOfSection
+    - ZwClose
+    - DbgPrint
+    - RtlInitUnicodeString
+    - IoDeleteSymbolicLink
+    - Ke386IoSetAccessProcess
+    - IoDeleteDevice
+    - WRITE_PORT_USHORT
+    - WRITE_PORT_UCHAR
+    - READ_PORT_ULONG
+    - READ_PORT_USHORT
+    - READ_PORT_UCHAR
+    - HalTranslateBusAddress
+    - WRITE_PORT_ULONG
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 Extended Validation Code Signing CA , G2
+            ValidFrom: '2014-03-04 00:00:00'
+            ValidTo: '2024-03-03 23:59:59'
+            Signature: 3f5b19f3fa13d575382a5aee9f5aa04ca91dc5cc94eede15fef5106ea41ba56483541858c40b28a185c34e74e5ff897cfed5ed3cba719f5602268f162a88feb0a32722ce4be2388e00a63a865f9de53ea8de644941744121fd07c88417da1d653082cb264f39d60427a481b14b49c3238b7e02321827b7ab0bf31872b6a4ee67066f38a6588de0f17e5da460c6a8e5505fe0e8bae28f9958b6b5a0a876f1a2f11c8841727e52979b0a36998d50f701eb3ce7f0226ae5358c63368a1ab1d967665f971aefa8209df02fba6cced9948500f158f17dc97c22b5075d02c6e60bbfab9393ff27188e33367e5734f1c3af04c184f156b3e8878336f8d30a31dc6e2c6d
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 191a32cb759c97b8cfac118dd5127f49
+            Version: 3
+            TBS:
+                MD5: 788b61bd26da89253179e3de2cdb527f
+                SHA1: 7d06f16e7bf21bce4f71c2cb7a3e74351451bf69
+                SHA256: b3c925b4048c3f7c444d248a2b101186b57cba39596eb5dce0e17a4ee4b32f19
+                SHA384: 2955e28cb7ec0ea9730b499a0f189f9621eceb02591a9486b583f12bb845885a30d6a871826318a167cc5f06b274e58c
+        -   Subject: ??=TW, ??=Taiwan, ??=New Taipei, ??=Private Organization, serialNumber=84948057,
+                C=TW, L=New Taipei, O=MICSYS Technology Co., Ltd., CN=MICSYS Technology
+                Co., Ltd.
+            ValidFrom: '2019-05-21 00:00:00'
+            ValidTo: '2022-05-20 23:59:59'
+            Signature: 0a47cf1ef4f7db7a1839d16d6cf70ab0447bc7a47cc9cf2124024f5f1583c03d411fabd06dddd424db9702178172411dea6503e33b3f488a5d53b30fb4dd2b30456e3880dd32fd4dc39bbb240c450e930c282095d65a061fae6cfd46eb94cdf549d4813cdc468061bc739b76c7a10fe9e8b762727a3a8e440473a1e6b56ac3d92df16ca8331deaf39072ce2a09705bcec87bc508ecea9b274115fff278b15c0e6430ddce6f09311e5d64ca763e70e5cad8eb6127680d12279d78129214cb0857078ab6a1187e112c9b71d1f08fa60e570d9180a901de521222be67be4ad243a9ddbb4af1ef3a5bb1e58556753a8183ed400de32f846e0b49a74de1025d03b7d0
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 49f161119a491d2a3faf4220f09db107
+            Version: 3
+            TBS:
+                MD5: b6dc6eecc4959ec6a25ad56ed4bc2451
+                SHA1: 8c38527fd4e4db39db700ee86431a6670edb9005
+                SHA256: 3777c0b7223f4d570844461c938b379ba4a49fdfde0a08ea37a7be5c38a39db0
+                SHA384: 78a64d3b5ad313da9aeaaf82440843670f388b556b5e6d632a0f8fea413108cd7b296214ee90ef3928837f315fb56cea
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        Signer:
+        -   SerialNumber: 49f161119a491d2a3faf4220f09db107
+            Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 Extended Validation Code Signing CA , G2
+            Version: 1
+    RichPEHeaderHash:
+        MD5: d1c5b39e151846c2dcb30d3116cba10d
+        SHA1: ef12b9e4550f27b0c74b09f9f6c4e1cfa6d757f7
+        SHA256: ace4fba2c26bcc6e806e2ad3abec8dd0852907ccd429053608e3c639a514d1bc
+    Sections:
+        .text:
+            Entropy: 6.282770026975047
+            Virtual Size: '0x9f0'
+        .rdata:
+            Entropy: 4.257419198996188
+            Virtual Size: '0xc3'
+        .data:
+            Entropy: 2.5
+            Virtual Size: '0x8'
+        INIT:
+            Entropy: 5.4236305547105035
+            Virtual Size: '0x32e'
+        .reloc:
+            Entropy: 4.3106029983367184
+            Virtual Size: '0xe8'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2018-02-12 00:57:28'
+    Imphash: 24b344cd341f8b20003ac85be08df979
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: MsIo64.sys
+    MD5: 55a7c51dc2aa959c41e391db8f6b8b4f
+    SHA1: bc949bc040333fdc9140b897b0066ef125343ef6
+    SHA256: ae42afa9be9aa6f6a5ae09fa9c05cd2dfb7861dc72d4fd8e0130e5843756c471
+    Authentihash:
+        MD5: 3cdda257c661f3c1eb256b61dba8147d
+        SHA1: 84a45f83a90b1a695ffeb915ea2a197b186857e6
+        SHA256: 9f3e67f9454cb009716b89c0a296dcde73aa29145b7dcf776b81605932785b91
+    Description: MICSYS IO driver
+    Company: MICSYS Technology Co., LTd
+    InternalName: MsIo64.sys
+    OriginalFilename: MsIo64.sys
+    FileVersion: '1.3 x64 built by: WinDDK'
+    Product: MsIo64 Driver Version 1.3
+    ProductVersion: 1.3 x64
+    Copyright: Copyright (c) 2021 MICSYS
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - RtlInitUnicodeString
+    - DbgPrint
+    - ZwClose
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - IoDeleteSymbolicLink
+    - ZwUnmapViewOfSection
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - ObfDereferenceObject
+    - IoDeleteDevice
+    - HalTranslateBusAddress
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 Extended Validation Code Signing CA , G2
+            ValidFrom: '2014-03-04 00:00:00'
+            ValidTo: '2024-03-03 23:59:59'
+            Signature: 3f5b19f3fa13d575382a5aee9f5aa04ca91dc5cc94eede15fef5106ea41ba56483541858c40b28a185c34e74e5ff897cfed5ed3cba719f5602268f162a88feb0a32722ce4be2388e00a63a865f9de53ea8de644941744121fd07c88417da1d653082cb264f39d60427a481b14b49c3238b7e02321827b7ab0bf31872b6a4ee67066f38a6588de0f17e5da460c6a8e5505fe0e8bae28f9958b6b5a0a876f1a2f11c8841727e52979b0a36998d50f701eb3ce7f0226ae5358c63368a1ab1d967665f971aefa8209df02fba6cced9948500f158f17dc97c22b5075d02c6e60bbfab9393ff27188e33367e5734f1c3af04c184f156b3e8878336f8d30a31dc6e2c6d
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 191a32cb759c97b8cfac118dd5127f49
+            Version: 3
+            TBS:
+                MD5: 788b61bd26da89253179e3de2cdb527f
+                SHA1: 7d06f16e7bf21bce4f71c2cb7a3e74351451bf69
+                SHA256: b3c925b4048c3f7c444d248a2b101186b57cba39596eb5dce0e17a4ee4b32f19
+                SHA384: 2955e28cb7ec0ea9730b499a0f189f9621eceb02591a9486b583f12bb845885a30d6a871826318a167cc5f06b274e58c
+        -   Subject: ??=TW, ??=Taiwan, ??=New Taipei, ??=Private Organization, serialNumber=84948057,
+                C=TW, L=New Taipei, O=MICSYS Technology Co., Ltd., CN=MICSYS Technology
+                Co., Ltd.
+            ValidFrom: '2019-05-21 00:00:00'
+            ValidTo: '2022-05-20 23:59:59'
+            Signature: 0a47cf1ef4f7db7a1839d16d6cf70ab0447bc7a47cc9cf2124024f5f1583c03d411fabd06dddd424db9702178172411dea6503e33b3f488a5d53b30fb4dd2b30456e3880dd32fd4dc39bbb240c450e930c282095d65a061fae6cfd46eb94cdf549d4813cdc468061bc739b76c7a10fe9e8b762727a3a8e440473a1e6b56ac3d92df16ca8331deaf39072ce2a09705bcec87bc508ecea9b274115fff278b15c0e6430ddce6f09311e5d64ca763e70e5cad8eb6127680d12279d78129214cb0857078ab6a1187e112c9b71d1f08fa60e570d9180a901de521222be67be4ad243a9ddbb4af1ef3a5bb1e58556753a8183ed400de32f846e0b49a74de1025d03b7d0
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 49f161119a491d2a3faf4220f09db107
+            Version: 3
+            TBS:
+                MD5: b6dc6eecc4959ec6a25ad56ed4bc2451
+                SHA1: 8c38527fd4e4db39db700ee86431a6670edb9005
+                SHA256: 3777c0b7223f4d570844461c938b379ba4a49fdfde0a08ea37a7be5c38a39db0
+                SHA384: 78a64d3b5ad313da9aeaaf82440843670f388b556b5e6d632a0f8fea413108cd7b296214ee90ef3928837f315fb56cea
+        Signer:
+        -   SerialNumber: 49f161119a491d2a3faf4220f09db107
+            Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 Extended Validation Code Signing CA , G2
+            Version: 1
+    RichPEHeaderHash:
+        MD5: ca146dde5be4c188affdff2cb309138f
+        SHA1: 2ccd48af92b211fe134d5fa3c7888b95d648825e
+        SHA256: 1a49f88636cc1a3ab481d8a17a6bc61de8a93ff1dc8b6253dcc5e3cbcaac827c
+    Sections:
+        .text:
+            Entropy: 5.985349255484258
+            Virtual Size: '0xdb5'
+        .rdata:
+            Entropy: 4.508056386696043
+            Virtual Size: '0x1a8'
+        .data:
+            Entropy: 0.4975521352521052
+            Virtual Size: '0x11c'
+        .pdata:
+            Entropy: 3.087778287293878
+            Virtual Size: '0x60'
+        INIT:
+            Entropy: 4.784008217365608
+            Virtual Size: '0x262'
+        .rsrc:
+            Entropy: 3.388654065082743
+            Virtual Size: '0x390'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2021-04-14 22:18:47'
+    Imphash: 8a424cd36ae3eab0d11332ce3b982a02
+    LoadsDespiteHVCI: 'TRUE'
+-   Filename: MsIo64.sys
+    MD5: de711decdd763a73098372f752bf5a1c
+    SHA1: 663803d7ab5aff28be37c2e7e8c7b98b91c5733e
+    SHA256: cfcf32f5662791f1f22a77acb6dddfbc970fe6e99506969b3ea67c03f67687ab
+    Authentihash:
+        MD5: a108434c7016659eca85bc755687c9d1
+        SHA1: 5b030639b3e83f945ea610eead115b213bb436f6
+        SHA256: 555ebe7901706dbf801b5dbda6660002d3b36e5c669ec98ccfc6884a7481c56e
+    Description: MICSYS IO driver
+    Company: MICSYS Technology Co., LTd
+    InternalName: MsIo64.sys
+    OriginalFilename: MsIo64.sys
+    FileVersion: '1.2 x64 built by: WinDDK'
+    Product: MsIo64 Driver Version 1.2
+    ProductVersion: 1.2 x64
+    Copyright: Copyright (c) 2019 MICSYS
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - RtlInitUnicodeString
+    - DbgPrint
+    - ZwClose
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - IoDeleteSymbolicLink
+    - ZwUnmapViewOfSection
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - ObfDereferenceObject
+    - IoDeleteDevice
+    - HalTranslateBusAddress
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Hardware Compatibility Publisher
+            ValidFrom: '2019-06-05 18:34:00'
+            ValidTo: '2020-06-03 18:34:00'
+            Signature: 312314217055afc1a5751181c7d2d7619b23ba17166e6ae6f358b16921c925c6e3b75c31b93035f357c154fe4d347019e927db1957193b741e3371b46f4d6212b3bec972d6ff2297e8b1f2391f840045471ee31c524d4f5bf1cae4a32b73f6e48f51f777bb5b8a726db2a387c7c8df42289540f4f3d27b37d4ab4854efba809021879f3257d5670d70003a51d62bbc68e345a769f37ccb3ad336b7b3c494f5d56ef8300228d29835e5129b070742a220f83b6c9d5e2589cf2e7a1f7b59cfc81cda3232fc2fa448d736db546dc4b274cad3da83433deaa3eb9919b23ad08dc4055a8026711adcfccdb47d7a7c1adb2671ecc7198a786973807699a0ee236a46771f88913b769693b0b8ce9b002a40c2aa426edfd9a98368f89817b0d174458a390e11628e21f77e751431fae13831228e0e357610a24d89806d85390e9b3831792f62688bf04f91ee9a854b252452de7e752f39e57765a09a4ff41ae96144593a8a99688c6c9ad6b9fcaba1189ef2372b99e96db3fe6402b0e125b17f36c6f70fc1eb83257ce639b6c691a9ec031dddb9fa6536bb8e6080c9db976533f4ddfb73309b6498543cc94d3283d43668d614dd60a4fe707eb3b871da3204c534c8cc73cbc66aeb36cefd765439eef68d7ee9c515eb617f051a72097d0a25003df2dceccc9a0c4be1fd27e473955cc83ee9dba626748b1cb723c3b1c8b8ebc59321a0f5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 33000000319479a318f5522d06000000000031
+            Version: 3
+            TBS:
+                MD5: 5b81fd0f706522a8d7c9f2957283c0b4
+                SHA1: 84d894599653a8ed0e0b2802db3197dc177908cc
+                SHA256: 4fa629304df4287c97ae5b7e481974316e9daf776b0cdeffab1671e7dca68fb4
+                SHA384: 0b89dc122fc7ebf80881a5047ffbbcb0bec30636516aff4f43307e2a925a476cabfc26e2cc392ad748d655f6ec4c8b75
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2014
+            ValidFrom: '2014-10-15 20:31:27'
+            ValidTo: '2029-10-15 20:41:27'
+            Signature: 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 330000000d690d5d7893d076df00000000000d
+            Version: 3
+            TBS:
+                MD5: 83f69422963f11c3c340b81712eef319
+                SHA1: 0c5e5f24590b53bc291e28583acb78e5adc95601
+                SHA256: d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
+                SHA384: 260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63
+        Signer:
+        -   SerialNumber: 33000000319479a318f5522d06000000000031
+            Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2014
+            Version: 1
+    RichPEHeaderHash:
+        MD5: ca146dde5be4c188affdff2cb309138f
+        SHA1: 2ccd48af92b211fe134d5fa3c7888b95d648825e
+        SHA256: 1a49f88636cc1a3ab481d8a17a6bc61de8a93ff1dc8b6253dcc5e3cbcaac827c
+    Sections:
+        .text:
+            Entropy: 5.955984889090057
+            Virtual Size: '0xd25'
+        .rdata:
+            Entropy: 4.1696966334987575
+            Virtual Size: '0x174'
+        .data:
+            Entropy: 0.4975521352521052
+            Virtual Size: '0x11c'
+        .pdata:
+            Entropy: 3.1449604398835636
+            Virtual Size: '0x60'
+        INIT:
+            Entropy: 4.784008217365608
+            Virtual Size: '0x262'
+        .rsrc:
+            Entropy: 3.371121078414638
+            Virtual Size: '0x390'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2020-01-19 20:35:15'
+    Imphash: 8a424cd36ae3eab0d11332ce3b982a02
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: MsIo64.sys
+    MD5: 61b068b10abfa0776f3b96a208d75bf9
+    SHA1: 1de9f25d189faa294468517b15947a523538ce9d
+    SHA256: d636c011b8b2896572f5de260eb997182cc6955449b044a739bd19cbe6fdabd2
+    Authentihash:
+        MD5: aedaf6ec0809d26c9dc2f41754095790
+        SHA1: 2c7e97bafd3bc518778d78cfc5157d069714bc18
+        SHA256: 5f39b84cb5132d4facff213c630b05ec97ef9d83b93579530152310d63945762
+    Description: MICSYS IO driver
+    Company: MICSYS Technology Co., LTd
+    InternalName: MsIo64.sys
+    OriginalFilename: MsIo64.sys
+    FileVersion: '1.3 x64 built by: WinDDK'
+    Product: MsIo64 Driver Version 1.3
+    ProductVersion: 1.3 x64
+    Copyright: Copyright (c) 2021 MICSYS
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - RtlInitUnicodeString
+    - DbgPrint
+    - ZwClose
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - ObfDereferenceObject
+    - IoDeleteSymbolicLink
+    - __C_specific_handler
+    - IofCompleteRequest
+    - ProbeForWrite
+    - ProbeForRead
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - ZwUnmapViewOfSection
+    - IoDeleteDevice
+    - HalTranslateBusAddress
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Hardware Compatibility Publisher
+            ValidFrom: '2022-06-07 18:08:05'
+            ValidTo: '2023-06-01 18:08:05'
+            Signature: 0915e1bc394d6afd2453e27c2cb0907bb3a569ca2f39bc8e430a355013bd29a2aa0f8d724499e05b94f919195e917a198a754a790c8f4f49ebeea699d62e4b97b18055d6872b13e5c3866e8617fafb65a59cf0c463f75b45f870595677ecdda4ae3562b0f4a30d09626cef7f4e20e77385bd4e4db94fc77088d698236e92e1440cef351a1f3bff256df13c1a14b5c6787dad23e1e28d4148b69b3a92fe692bed7db3feb760db45fe1700983b834ab7805ba6105fdf94d5e0833679fae2fc051d745c6fab49c8aa9044d92da8c26fe7c87a9268bd1211117298b391752c08f98ffaa3731bbca891a83a0bdb9d94546d1bab380ade386213b3833327f48b9ff29971732bfe5810b51569da90676b459f8f6341ef9ff11f96f44f58181ef7ffe3ff19ba7874ad2e8c4faa9f8d1c5cd698bbdab1658f5f234f64a0063ecaa346f16e58690dea8c52e02733560027155457863b38775e24f30176cadd0d2738b4d90f2e4f688e25bc908a5fb1057be8372e58dc7c018b4663588fb1ab36855c09e54924951cff3b29810339efca415995a577e7db9d8b43c79b0bcb888b3647c7b28b9599bf0cbc7683e0e68c610d0071e79a3f1b4160dcfcb3002478ccc6bbf0c6dd27893169825f7b50356e01ea77aeae1b534d8c8801eda6bc60682a7b3a78b8b74eddb75044a789e7c4fd8f27ac8050196a7b1de4b5ac2e2b268c568534f75ca9
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 330000005635887ede1882ef76000000000056
+            Version: 3
+            TBS:
+                MD5: b2247e5539fb97f429f20b17b38c4bcb
+                SHA1: a3b745afc365e9ddf6abdb2f52f76f1714c0461c
+                SHA256: e0c84b42e07e8f56ed8dcd2103e98cd43816cf2e05a27b8ff09fdccccfbcffaa
+                SHA384: 70e84fe31ec8f61d70755ec61ba53db7741610d7348247c97796147dcaa77a55bc3887cedf16eb0a2f32867670d007c1
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2014
+            ValidFrom: '2014-10-15 20:31:27'
+            ValidTo: '2029-10-15 20:41:27'
+            Signature: 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 330000000d690d5d7893d076df00000000000d
+            Version: 3
+            TBS:
+                MD5: 83f69422963f11c3c340b81712eef319
+                SHA1: 0c5e5f24590b53bc291e28583acb78e5adc95601
+                SHA256: d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
+                SHA384: 260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63
+        Signer:
+        -   SerialNumber: 330000005635887ede1882ef76000000000056
+            Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2014
+            Version: 1
+    RichPEHeaderHash:
+        MD5: feef182f5e6f350d0f0fbf6ac45c2460
+        SHA1: 69770e51d1449ed5f85d3758d01cdc9a1a0e7827
+        SHA256: 8dca05c1af4dd5e09c431a0bb260dd3287443231d8c55b15b02ed4257e312cec
+    Sections:
+        .text:
+            Entropy: 6.149721231513278
+            Virtual Size: '0xe1f'
+        .rdata:
+            Entropy: 4.310768861955645
+            Virtual Size: '0x1e8'
+        .data:
+            Entropy: 0.8603296914633027
+            Virtual Size: '0x15c'
+        .pdata:
+            Entropy: 2.9836116206272116
+            Virtual Size: '0x60'
+        INIT:
+            Entropy: 4.834422659066408
+            Virtual Size: '0x2b2'
+        .rsrc:
+            Entropy: 3.388654065082743
+            Virtual Size: '0x390'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2023-04-05 19:54:11'
+    Imphash: 12a08688ec92616a8b639d85cc13a3ed
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/2225128d-a23f-434a-aaee-69a88ea64fbd.yaml b/yaml/2225128d-a23f-434a-aaee-69a88ea64fbd.yaml
index 671ebb9cb..9d0468287 100644
--- a/yaml/2225128d-a23f-434a-aaee-69a88ea64fbd.yaml
+++ b/yaml/2225128d-a23f-434a-aaee-69a88ea64fbd.yaml
@@ -1,2034 +1,2035 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 2225128d-a23f-434a-aaee-69a88ea64fbd
+Tags:
+- HWiNFO32.SYS
+Verified: 'TRUE'
 Author: Michael Haag
+Created: '2023-07-22'
+MitreID: T1068
 CVE:
 - ''
 Category: vulnerable drivers
 Commands:
-  Command: ''
-  Description: Confirmed vulnerable driver from Microsoft Block List
-  OperatingSystem: Windows
-  Privileges: kernel
-  Usecase: Elevate privileges
-Created: '2023-07-22'
-Detection:
-- type: ''
-  value: ''
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: 2225128d-a23f-434a-aaee-69a88ea64fbd
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 969796117a4fa98be98ac97f8f2b591e
-    SHA1: 3cacdf1da953824f860841528a3d59524dd51a2b
-    SHA256: c44b807e14e5da43a060cb36a83aa5b1e4b7b95620f9e41d289694f9daa8b77a
-  Company: REALiX(tm)
-  Copyright: "Copyright (c)1999-2010 Martin Mal\xEDk - REALiX"
-  CreationTimestamp: '2010-09-09 03:22:55'
-  Date: ''
-  Description: HWiNFO32 Kernel Driver
-  ExportedFunctions: ''
-  FileVersion: '7.80 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - KeRaiseIrql
-  - __C_specific_handler
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - KeLowerIrql
-  - ExInterlockedRemoveHeadList
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeTickCount
-  - RtlInitUnicodeString
-  - ZwOpenFile
-  - ZwDeviceIoControlFile
-  - ZwClose
-  - IofCompleteRequest
-  - KeAcquireSpinLockRaiseToDpc
-  - KeReleaseSpinLock
-  - MmMapIoSpace
-  - ExAllocatePoolWithTag
-  - MmUnmapIoSpace
-  - ExInterlockedInsertTailList
-  - READ_PORT_UCHAR
-  - READ_PORT_ULONG
-  - READ_PORT_USHORT
-  - HalGetBusDataByOffset
-  - WRITE_PORT_ULONG
-  - WRITE_PORT_USHORT
-  - HalSetBusDataByOffset
-  - HalCallPal
-  - KeStallExecutionProcessor
-  - WRITE_PORT_UCHAR
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: HWiNFO32.SYS
-  MD5: 76c8d022c6788a3b29ebc19e8d7956c4
-  MachineType: IA64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: HWiNFO32.SYS
-  PDBPath: ''
-  Product: HWiNFO32 Kernel Driver
-  ProductVersion: '7.80'
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 5d4e7ab49649a192043dd9fb437a8396
-    SHA1: f8beb273ccc432992c93d1b980e68a45adb8a8fa
-    SHA256: 3bfe2a8fafb0b419414bb641ecc437981b7a2815766fb9a77ef6336533a280a9
-  SHA1: 38238d15b27bc56a3092e31fafb28ef4d742d726
-  SHA256: 6e9e9e0b9a23deec5f28dc45f0bbe7423565f037f74be2957e82e5f72c886094
-  Sections:
-    .text:
-      Entropy: 5.463842854330419
-      Virtual Size: '0x5660'
-    .rdata:
-      Entropy: 3.110400028617797
-      Virtual Size: '0x5e8'
-    .pdata:
-      Entropy: 3.5734373183354293
-      Virtual Size: '0x168'
-    .srdata:
-      Entropy: 1.8468946812101659
-      Virtual Size: '0x38'
-    .sdata:
-      Entropy: 2.3991161789109956
-      Virtual Size: '0x130'
-    .data:
-      Entropy: 0.0
-      Virtual Size: '0x30'
-    INIT:
-      Entropy: 5.272062316111859
-      Virtual Size: '0x49c'
-    .rsrc:
-      Entropy: 3.3821876571495975
-      Virtual Size: '0x398'
-    .reloc:
-      Entropy: 0.6052620389809359
-      Virtual Size: '0x1fa'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=SK, L=Bratislava, O=REALiX, CN=REALiX
-      ValidFrom: '2009-07-16 13:59:23'
-      ValidTo: '2012-07-16 13:59:20'
-      Signature: 8df4772e78f08e0872af4bc472c4ee3c2f5ece224e8b2184bf7d965af06b1c82548b3f8593f824afe1bc343a0318e42379118602ff1253b7763526d857be6cdeafe2ac497de87a76fbb6fb1fd3bbabc84f0873d357a0b9d7d51d373db582a2300f87f5004635ccd1d8d519211406cc91c5724895cdf00f3cc4cfb8f907e37a048f47a1949e92e5a2faf60149ea1d4fdbbc3a2a5e224c1163f5023b4db7611cc916601d3ca8dc74fb99cd013033777a0a3f0a4ab88c67327c9aeb1489ac814b76d3fc67e293b58e39daf6506abae275224a72b4fb1c8c7b03b4d788a93baa902be4a346aec10f6c2c64b4cd0a61286eb8c42f9b2a25277a16a0a11af612dd02af
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 010000000001228403475b
-      Version: 3
-      TBS:
-        MD5: c08c341aadc50a4843dc7f12d2b7dda6
-        SHA1: 0077567a36c455505f2cfed87b2e47d6e836fb9e
-        SHA256: 5b17af75beca4abe098882f6b4fe2ed4975f428d81b964c648b1ac5df313233b
-        SHA384: b0ad18a16f199f8ee3efc9bc5d21bb209674a4e3d1013b7943c08eeae9b47ce706da1fd8707f86dbd31651ad4a2e886c
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
-        Primary Object Publishing CA
-      ValidFrom: '1999-01-28 13:00:00'
-      ValidTo: '2017-01-27 12:00:00'
-      Signature: 4016df43e479ce76f248f698483061e2f1b452708ed8c612214d4f28831a648e03f731840f1f01d4a418fc008b2c6f1bb837fa4b97c05727b83109267832eef4e45912bd45a159e23511c0d6fc1e987ad982f990f36e07eeb0939acb31ed2c17bc921afa92cd821e2f0f31d328c03ce81c2926ab5a8d9fa1f0303289b68e516f8b5b90ad21f3f4209c909bb0ac2b37161e1db859bb49a63b75ae99d9b64b870194df91e1720e75079fcb05b59e7226fc2e21f5f62377eb6614d3ca3deae6f20b40ae553d02718821eb6a04b0945e9d9274ef292ebd4a4d85a4233ce31066901d3b63d23c481030e9e35cb67729ff3406f27da103406617df628d2b34a7426725
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000011e44a5e24e
-      Version: 3
-      TBS:
-        MD5: 1523b60530a241a9dc96e8890e42a0fa
-        SHA1: 879269f3f467a6d59641960a62fe9cb419355ff6
-        SHA256: 6811f3e33268aef810dc3277f8f9356adcbc3c36446a0420593b82f3cd526022
-        SHA384: 92f5e55d6eb6d965c1b698e56cbb8087d80eda1a24eb6ed178abeddafe2fcf524e9f8311ca232be7f5b4555b89b97c6b
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      ValidFrom: '2004-01-22 10:00:00'
-      ValidTo: '2017-01-27 11:00:00'
-      Signature: 762e2fe996fef4c3678bf1b07e321701ddb41c0f9e42d179569684be68afa554dbc7a9b55981d41cded9606baec05214fbab2b8e75f853ad91308efc04e4c58803d13f1861eab3d2b1d899f0754509ce7874d4d79e70bd120be405b64d3cf6af38c2881858a7958e7d1671e9b40df726a98f55de60ebc48d046b7b068feefea9c9c80a64240169df2f182058aa3e854c64e3e3832f860d4cf076a982c464981ec3cf5c7c863ec2ee5e9268b1483c857959e93bb4de5123d26648d1f7db967b82fac971e4caa7baca47c34b9183d3cab18f39bb38cccdc14caa9a6353051e1dd75377054d8f8ff7679b5ecebfdc4905ff7ef55180a01638d8b680a0514facf698
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000011e44a5ecbe
-      Version: 3
-      TBS:
-        MD5: 16fb30314f4f5ff4dac603580f605778
-        SHA1: 55c862df1f775f6a4c8e4f963115962a5cffc4ee
-        SHA256: aec84e1206957180ccf4e598fa10864ef4ee18ff9fc126b9a54af79c618f0492
-        SHA384: a2b0c7b9ffe6e8244a4662099132406aea0a47889ecde7b336c4f09296da2ffbb3718597a0fb570bd1e97e88a24f8fbb
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 010000000001228403475b
-      Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      Version: 1
-  Imphash: 51a803d670d7387a629e352b6fe6cf1e
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 3fd8beaf2f09124dbe58df0e7a71a369
-    SHA1: 7079a8b908f9a8ef7f2d678596991dc141ecaff4
-    SHA256: 80b2c44b2cdb74bafcc1271c5338f1d80f3621308b6c9d24d52bb28c8983677c
-  Company: REALiX(tm)
-  Copyright: "Copyright (c)1999-2011 Martin Mal\xEDk - REALiX"
-  CreationTimestamp: '2011-12-19 01:47:57'
-  Date: ''
-  Description: HWiNFO32/64 Kernel Driver
-  ExportedFunctions: ''
-  FileVersion: '8.60 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - IofCompleteRequest
-  - ZwClose
-  - ZwDeviceIoControlFile
-  - ZwOpenFile
-  - RtlInitUnicodeString
-  - IoGetDeviceObjectPointer
-  - RtlAnsiStringToUnicodeString
-  - RtlInitAnsiString
-  - KeLowerIrql
-  - KeInitializeEvent
-  - __C_specific_handler
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - MmUnmapIoSpace
-  - ExInterlockedRemoveHeadList
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeTickCount
-  - IoAllocateIrp
-  - IofCallDriver
-  - KeWaitForSingleObject
-  - IoFreeIrp
-  - KeSetEvent
-  - KeAcquireSpinLockRaiseToDpc
-  - KeReleaseSpinLock
-  - MmMapIoSpace
-  - ExAllocatePoolWithTag
-  - KeRaiseIrql
-  - ExInterlockedInsertTailList
-  - READ_PORT_UCHAR
-  - READ_PORT_ULONG
-  - READ_PORT_USHORT
-  - HalGetBusDataByOffset
-  - WRITE_PORT_ULONG
-  - WRITE_PORT_USHORT
-  - HalSetBusDataByOffset
-  - HalCallPal
-  - KeStallExecutionProcessor
-  - WRITE_PORT_UCHAR
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: HWiNFO32.SYS
-  MD5: 28042093c08db49d0e0dc1903cf46907
-  MachineType: IA64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: HWiNFO32.SYS
-  PDBPath: ''
-  Product: HWiNFO32/64 Kernel Driver
-  ProductVersion: '8.60'
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: f59ce45a9c2cf63611d807e290a9f8e7
-    SHA1: 45bbb50d93478ab17ef53a07457cab8a00489824
-    SHA256: 41a66cb92b764f0d026e2cc735d594c72d2a2bba8723fecbca21250db6683baf
-  SHA1: 74a71f4ffd335823293370a6161199e78e923de5
-  SHA256: ff1ccef7374a1a5054a6f4437e3e0504b14ed76e17090cc6b1a4ec0e2da427a5
-  Sections:
-    .text:
-      Entropy: 5.45405238897237
-      Virtual Size: '0x5f60'
-    .rdata:
-      Entropy: 3.1155888517733477
-      Virtual Size: '0x680'
-    .pdata:
-      Entropy: 3.6110533198558286
-      Virtual Size: '0x18c'
-    .srdata:
-      Entropy: 1.8583589701134358
-      Virtual Size: '0x58'
-    .sdata:
-      Entropy: 2.3623249868173946
-      Virtual Size: '0x190'
-    .data:
-      Entropy: 0.0
-      Virtual Size: '0x70'
-    INIT:
-      Entropy: 5.290544135278689
-      Virtual Size: '0x59a'
-    .rsrc:
-      Entropy: 3.4286778385903047
-      Virtual Size: '0x3a0'
-    .reloc:
-      Entropy: 0.6879064653040092
-      Virtual Size: '0x23a'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=SK, L=Bratislava, O=REALiX, CN=REALiX
-      ValidFrom: '2009-07-16 13:59:23'
-      ValidTo: '2012-07-16 13:59:20'
-      Signature: 8df4772e78f08e0872af4bc472c4ee3c2f5ece224e8b2184bf7d965af06b1c82548b3f8593f824afe1bc343a0318e42379118602ff1253b7763526d857be6cdeafe2ac497de87a76fbb6fb1fd3bbabc84f0873d357a0b9d7d51d373db582a2300f87f5004635ccd1d8d519211406cc91c5724895cdf00f3cc4cfb8f907e37a048f47a1949e92e5a2faf60149ea1d4fdbbc3a2a5e224c1163f5023b4db7611cc916601d3ca8dc74fb99cd013033777a0a3f0a4ab88c67327c9aeb1489ac814b76d3fc67e293b58e39daf6506abae275224a72b4fb1c8c7b03b4d788a93baa902be4a346aec10f6c2c64b4cd0a61286eb8c42f9b2a25277a16a0a11af612dd02af
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 010000000001228403475b
-      Version: 3
-      TBS:
-        MD5: c08c341aadc50a4843dc7f12d2b7dda6
-        SHA1: 0077567a36c455505f2cfed87b2e47d6e836fb9e
-        SHA256: 5b17af75beca4abe098882f6b4fe2ed4975f428d81b964c648b1ac5df313233b
-        SHA384: b0ad18a16f199f8ee3efc9bc5d21bb209674a4e3d1013b7943c08eeae9b47ce706da1fd8707f86dbd31651ad4a2e886c
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
-        Primary Object Publishing CA
-      ValidFrom: '1999-01-28 13:00:00'
-      ValidTo: '2017-01-27 12:00:00'
-      Signature: 4016df43e479ce76f248f698483061e2f1b452708ed8c612214d4f28831a648e03f731840f1f01d4a418fc008b2c6f1bb837fa4b97c05727b83109267832eef4e45912bd45a159e23511c0d6fc1e987ad982f990f36e07eeb0939acb31ed2c17bc921afa92cd821e2f0f31d328c03ce81c2926ab5a8d9fa1f0303289b68e516f8b5b90ad21f3f4209c909bb0ac2b37161e1db859bb49a63b75ae99d9b64b870194df91e1720e75079fcb05b59e7226fc2e21f5f62377eb6614d3ca3deae6f20b40ae553d02718821eb6a04b0945e9d9274ef292ebd4a4d85a4233ce31066901d3b63d23c481030e9e35cb67729ff3406f27da103406617df628d2b34a7426725
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000011e44a5e24e
-      Version: 3
-      TBS:
-        MD5: 1523b60530a241a9dc96e8890e42a0fa
-        SHA1: 879269f3f467a6d59641960a62fe9cb419355ff6
-        SHA256: 6811f3e33268aef810dc3277f8f9356adcbc3c36446a0420593b82f3cd526022
-        SHA384: 92f5e55d6eb6d965c1b698e56cbb8087d80eda1a24eb6ed178abeddafe2fcf524e9f8311ca232be7f5b4555b89b97c6b
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      ValidFrom: '2004-01-22 10:00:00'
-      ValidTo: '2017-01-27 11:00:00'
-      Signature: 762e2fe996fef4c3678bf1b07e321701ddb41c0f9e42d179569684be68afa554dbc7a9b55981d41cded9606baec05214fbab2b8e75f853ad91308efc04e4c58803d13f1861eab3d2b1d899f0754509ce7874d4d79e70bd120be405b64d3cf6af38c2881858a7958e7d1671e9b40df726a98f55de60ebc48d046b7b068feefea9c9c80a64240169df2f182058aa3e854c64e3e3832f860d4cf076a982c464981ec3cf5c7c863ec2ee5e9268b1483c857959e93bb4de5123d26648d1f7db967b82fac971e4caa7baca47c34b9183d3cab18f39bb38cccdc14caa9a6353051e1dd75377054d8f8ff7679b5ecebfdc4905ff7ef55180a01638d8b680a0514facf698
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000011e44a5ecbe
-      Version: 3
-      TBS:
-        MD5: 16fb30314f4f5ff4dac603580f605778
-        SHA1: 55c862df1f775f6a4c8e4f963115962a5cffc4ee
-        SHA256: aec84e1206957180ccf4e598fa10864ef4ee18ff9fc126b9a54af79c618f0492
-        SHA384: a2b0c7b9ffe6e8244a4662099132406aea0a47889ecde7b336c4f09296da2ffbb3718597a0fb570bd1e97e88a24f8fbb
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 010000000001228403475b
-      Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      Version: 1
-  Imphash: d2fa238bfc29e657ae072c3e8da62b84
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 6881883968d95a082828577d3fbff303
-    SHA1: 07bc5786187e7d6fe43f56aed0b65a045a96fd6a
-    SHA256: 02f63773cdd991c891e10044633630154ae6fa63dbfe9b35082e48d4924f2dde
-  Company: REALiX(tm)
-  Copyright: "Copyright (c)1999-2011 Martin Mal\xEDk - REALiX"
-  CreationTimestamp: '2011-05-22 14:51:10'
-  Date: ''
-  Description: HWiNFO32 Kernel Driver
-  ExportedFunctions: ''
-  FileVersion: '8.00 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - KeRaiseIrql
-  - __C_specific_handler
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - KeLowerIrql
-  - ExInterlockedRemoveHeadList
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeTickCount
-  - RtlInitUnicodeString
-  - ZwOpenFile
-  - ZwDeviceIoControlFile
-  - ZwClose
-  - IofCompleteRequest
-  - KeAcquireSpinLockRaiseToDpc
-  - KeReleaseSpinLock
-  - MmMapIoSpace
-  - ExAllocatePoolWithTag
-  - MmUnmapIoSpace
-  - ExInterlockedInsertTailList
-  - READ_PORT_UCHAR
-  - READ_PORT_ULONG
-  - READ_PORT_USHORT
-  - HalGetBusDataByOffset
-  - WRITE_PORT_ULONG
-  - WRITE_PORT_USHORT
-  - HalSetBusDataByOffset
-  - HalCallPal
-  - KeStallExecutionProcessor
-  - WRITE_PORT_UCHAR
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: HWiNFO32.SYS
-  MD5: 8602bd2326f95beecf25fded10f5bc8a
-  MachineType: IA64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: HWiNFO32.SYS
-  PDBPath: ''
-  Product: HWiNFO32 Kernel Driver
-  ProductVersion: '8.00'
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 5d4e7ab49649a192043dd9fb437a8396
-    SHA1: f8beb273ccc432992c93d1b980e68a45adb8a8fa
-    SHA256: 3bfe2a8fafb0b419414bb641ecc437981b7a2815766fb9a77ef6336533a280a9
-  SHA1: db065f44371c966abbc81eb0ddc49e037eac67de
-  SHA256: ec9bd7fb90c3a2aa4605bd73fe1f74399e2cda75fd4c5fff84660ad4f797c4fe
-  Sections:
-    .text:
-      Entropy: 5.463601343497192
-      Virtual Size: '0x57e0'
-    .rdata:
-      Entropy: 3.099534097947698
-      Virtual Size: '0x5e8'
-    .pdata:
-      Entropy: 3.6188588776271744
-      Virtual Size: '0x168'
-    .srdata:
-      Entropy: 1.7977002615286752
-      Virtual Size: '0x38'
-    .sdata:
-      Entropy: 2.3991161789109956
-      Virtual Size: '0x130'
-    .data:
-      Entropy: 0.0
-      Virtual Size: '0x30'
-    INIT:
-      Entropy: 5.269101500371755
-      Virtual Size: '0x49c'
-    .rsrc:
-      Entropy: 3.3599342260805867
-      Virtual Size: '0x398'
-    .reloc:
-      Entropy: 0.6052620389809359
-      Virtual Size: '0x1fa'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=SK, L=Bratislava, O=REALiX, CN=REALiX
-      ValidFrom: '2009-07-16 13:59:23'
-      ValidTo: '2012-07-16 13:59:20'
-      Signature: 8df4772e78f08e0872af4bc472c4ee3c2f5ece224e8b2184bf7d965af06b1c82548b3f8593f824afe1bc343a0318e42379118602ff1253b7763526d857be6cdeafe2ac497de87a76fbb6fb1fd3bbabc84f0873d357a0b9d7d51d373db582a2300f87f5004635ccd1d8d519211406cc91c5724895cdf00f3cc4cfb8f907e37a048f47a1949e92e5a2faf60149ea1d4fdbbc3a2a5e224c1163f5023b4db7611cc916601d3ca8dc74fb99cd013033777a0a3f0a4ab88c67327c9aeb1489ac814b76d3fc67e293b58e39daf6506abae275224a72b4fb1c8c7b03b4d788a93baa902be4a346aec10f6c2c64b4cd0a61286eb8c42f9b2a25277a16a0a11af612dd02af
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 010000000001228403475b
-      Version: 3
-      TBS:
-        MD5: c08c341aadc50a4843dc7f12d2b7dda6
-        SHA1: 0077567a36c455505f2cfed87b2e47d6e836fb9e
-        SHA256: 5b17af75beca4abe098882f6b4fe2ed4975f428d81b964c648b1ac5df313233b
-        SHA384: b0ad18a16f199f8ee3efc9bc5d21bb209674a4e3d1013b7943c08eeae9b47ce706da1fd8707f86dbd31651ad4a2e886c
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
-        Primary Object Publishing CA
-      ValidFrom: '1999-01-28 13:00:00'
-      ValidTo: '2017-01-27 12:00:00'
-      Signature: 4016df43e479ce76f248f698483061e2f1b452708ed8c612214d4f28831a648e03f731840f1f01d4a418fc008b2c6f1bb837fa4b97c05727b83109267832eef4e45912bd45a159e23511c0d6fc1e987ad982f990f36e07eeb0939acb31ed2c17bc921afa92cd821e2f0f31d328c03ce81c2926ab5a8d9fa1f0303289b68e516f8b5b90ad21f3f4209c909bb0ac2b37161e1db859bb49a63b75ae99d9b64b870194df91e1720e75079fcb05b59e7226fc2e21f5f62377eb6614d3ca3deae6f20b40ae553d02718821eb6a04b0945e9d9274ef292ebd4a4d85a4233ce31066901d3b63d23c481030e9e35cb67729ff3406f27da103406617df628d2b34a7426725
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000011e44a5e24e
-      Version: 3
-      TBS:
-        MD5: 1523b60530a241a9dc96e8890e42a0fa
-        SHA1: 879269f3f467a6d59641960a62fe9cb419355ff6
-        SHA256: 6811f3e33268aef810dc3277f8f9356adcbc3c36446a0420593b82f3cd526022
-        SHA384: 92f5e55d6eb6d965c1b698e56cbb8087d80eda1a24eb6ed178abeddafe2fcf524e9f8311ca232be7f5b4555b89b97c6b
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      ValidFrom: '2004-01-22 10:00:00'
-      ValidTo: '2017-01-27 11:00:00'
-      Signature: 762e2fe996fef4c3678bf1b07e321701ddb41c0f9e42d179569684be68afa554dbc7a9b55981d41cded9606baec05214fbab2b8e75f853ad91308efc04e4c58803d13f1861eab3d2b1d899f0754509ce7874d4d79e70bd120be405b64d3cf6af38c2881858a7958e7d1671e9b40df726a98f55de60ebc48d046b7b068feefea9c9c80a64240169df2f182058aa3e854c64e3e3832f860d4cf076a982c464981ec3cf5c7c863ec2ee5e9268b1483c857959e93bb4de5123d26648d1f7db967b82fac971e4caa7baca47c34b9183d3cab18f39bb38cccdc14caa9a6353051e1dd75377054d8f8ff7679b5ecebfdc4905ff7ef55180a01638d8b680a0514facf698
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000011e44a5ecbe
-      Version: 3
-      TBS:
-        MD5: 16fb30314f4f5ff4dac603580f605778
-        SHA1: 55c862df1f775f6a4c8e4f963115962a5cffc4ee
-        SHA256: aec84e1206957180ccf4e598fa10864ef4ee18ff9fc126b9a54af79c618f0492
-        SHA384: a2b0c7b9ffe6e8244a4662099132406aea0a47889ecde7b336c4f09296da2ffbb3718597a0fb570bd1e97e88a24f8fbb
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 010000000001228403475b
-      Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      Version: 1
-  Imphash: 51a803d670d7387a629e352b6fe6cf1e
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 9c6685995569d4b18567aed8d8014b7d
-    SHA1: 63927811a735f7e761a26a1063901eb77b77492b
-    SHA256: 3bf77c52cc0e6b1b0f2b8ceffaadb156673768146950401c27fbfd7e2bedd618
-  Company: REALiX(tm)
-  Copyright: "Copyright (c)1999-2008 Martin Mal\xEDk - REALiX"
-  CreationTimestamp: '2008-11-21 01:48:44'
-  Date: ''
-  Description: HWiNFO32 Kernel Driver
-  ExportedFunctions: ''
-  FileVersion: '6.70 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - KeTickCount
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - RtlInitUnicodeString
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - __C_specific_handler
-  - MmMapIoSpace
-  - MmUnmapIoSpace
-  - KeRaiseIrql
-  - KeLowerIrql
-  - IofCompleteRequest
-  - READ_PORT_UCHAR
-  - READ_PORT_ULONG
-  - READ_PORT_USHORT
-  - HalGetBusDataByOffset
-  - WRITE_PORT_ULONG
-  - WRITE_PORT_USHORT
-  - HalSetBusDataByOffset
-  - HalCallPal
-  - KeStallExecutionProcessor
-  - WRITE_PORT_UCHAR
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: HWiNFO32.SYS
-  MD5: a058cb2f78d6c44d26def1e264d67e78
-  MachineType: IA64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: HWiNFO32.SYS
-  PDBPath: ''
-  Product: HWiNFO32 Kernel Driver
-  ProductVersion: '6.70'
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 62e6b2b6428daab8daa3b4494acaa9a1
-    SHA1: 4838e86c4f7d492d81f4c153de1767a95eccb10b
-    SHA256: d4ced110d5a3b14ade09b8069867862aa2a7842dc5a03ba16db4bb9c57da7721
-  SHA1: 7b706f7db6d2e46ca532e261a296d1f6afb30f03
-  SHA256: 76af3f9fa111d694e37058606f2636430bdd378c85b94f426fbfcd6666ebe6cc
-  Sections:
-    .text:
-      Entropy: 5.465356793578808
-      Virtual Size: '0x4602'
-    .rdata:
-      Entropy: 3.0742566055822693
-      Virtual Size: '0x580'
-    .pdata:
-      Entropy: 3.5069972717607123
-      Virtual Size: '0x144'
-    .srdata:
-      Entropy: 1.9604047768631525
-      Virtual Size: '0x28'
-    .sdata:
-      Entropy: 2.3733818957525035
-      Virtual Size: '0xe0'
-    INIT:
-      Entropy: 5.1971875289773655
-      Virtual Size: '0x38a'
-    .rsrc:
-      Entropy: 3.3760557844440275
-      Virtual Size: '0x398'
-    .reloc:
-      Entropy: 0.6225863028138227
-      Virtual Size: '0x1ba'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=SK, ST=Bratislava, L=Bratislava, O=Martin Malik , REALiX, OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, CN=Martin Malik , REALiX
-      ValidFrom: '2008-07-22 00:00:00'
-      ValidTo: '2009-07-22 23:59:59'
-      Signature: 336961c46da1c9c42fe2c4a7c14c80ed473c2348bff37c89b2d8bca4e9a593fe989253117bd14d7a2664b20755f167f1d9d482194a84674d349853cd9a798623be37e0732d16c004511413dfac303c3eaaefbad9194745514d7610c30ffd589acc5625bef10a085d5208dd407f91c0f98c26edeb05b0ef94f4916d02d38c1786cf75ce233acd5d3128cf1a0b1db277816178cc5c6fcb7feac9b3c4c95c89b95315610db67fdeb160f4d46cbdfe9d0fdcd9e79f876931762a9026f6eaefc5d0aa7989b95633b9a587b7301fcd6db3b0224d8b7bb87328f55108f993e9aaff2a82711acfcfb07bc7a00fdd2dc8c8bee4db1327cf61d05bcf84cfc608fa22131ef8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 6e476474a7abff3a7b04ae741f7e6ed1
-      Version: 3
-      TBS:
-        MD5: 5b7ee623fe90fcb14bd8367d9f739b70
-        SHA1: 06cda38f916ca04cbfe060ad324e6e7fbd0ec0a5
-        SHA256: daafde68491c6923c1555360e0d42781ea0ca7d11a073b347ca2f36e62aa5bc7
-        SHA384: 19c31f0d3c5c7e8931faa9c07901efbd6db913c70f1c0c0f02a7f87fd4e6b6e401ab5072adb59f8a72d72372aeadefbc
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 6e476474a7abff3a7b04ae741f7e6ed1
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  Imphash: 66a7ec523da3903012905eb161c9e50c
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: a8e9e298989cec5c398f4d95af201924
-    SHA1: 2de4fdd95dce93c31e7774411a1aedc0b814d27e
-    SHA256: 3e62730949b6cbbaf938d9b2015fe1b84eb63322c4287d0ce2b4c6f987c2dadd
-  Company: REALiX(tm)
-  Copyright: "Copyright (c)1999-2011 Martin Mal\xEDk - REALiX"
-  CreationTimestamp: '2011-09-22 00:45:00'
-  Date: ''
-  Description: HWiNFO32/64 Kernel Driver
-  ExportedFunctions: ''
-  FileVersion: '8.50 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - IofCompleteRequest
-  - ZwClose
-  - ZwDeviceIoControlFile
-  - ZwOpenFile
-  - RtlInitUnicodeString
-  - IoGetDeviceObjectPointer
-  - RtlAnsiStringToUnicodeString
-  - RtlInitAnsiString
-  - KeLowerIrql
-  - KeInitializeEvent
-  - __C_specific_handler
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - MmUnmapIoSpace
-  - ExInterlockedRemoveHeadList
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeTickCount
-  - IoAllocateIrp
-  - IofCallDriver
-  - KeWaitForSingleObject
-  - IoFreeIrp
-  - KeSetEvent
-  - KeAcquireSpinLockRaiseToDpc
-  - KeReleaseSpinLock
-  - MmMapIoSpace
-  - ExAllocatePoolWithTag
-  - KeRaiseIrql
-  - ExInterlockedInsertTailList
-  - READ_PORT_UCHAR
-  - READ_PORT_ULONG
-  - READ_PORT_USHORT
-  - HalGetBusDataByOffset
-  - WRITE_PORT_ULONG
-  - WRITE_PORT_USHORT
-  - HalSetBusDataByOffset
-  - HalCallPal
-  - KeStallExecutionProcessor
-  - WRITE_PORT_UCHAR
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: HWiNFO32.SYS
-  MD5: 6b5a579b2039eaa97b1694468dab2119
-  MachineType: IA64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: HWiNFO32.SYS
-  PDBPath: ''
-  Product: HWiNFO32/64 Kernel Driver
-  ProductVersion: '8.50'
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: f59ce45a9c2cf63611d807e290a9f8e7
-    SHA1: 45bbb50d93478ab17ef53a07457cab8a00489824
-    SHA256: 41a66cb92b764f0d026e2cc735d594c72d2a2bba8723fecbca21250db6683baf
-  SHA1: 9d038803e4f032e02c7c4b90eedf73e50b63fa80
-  SHA256: 7125c9831a52d89d3d59fb28043b67fbe0068d69732da006fabb95550d1fa730
-  Sections:
-    .text:
-      Entropy: 5.460085646044637
-      Virtual Size: '0x5ee0'
-    .rdata:
-      Entropy: 3.0858791564841086
-      Virtual Size: '0x680'
-    .pdata:
-      Entropy: 3.6395592528546747
-      Virtual Size: '0x18c'
-    .srdata:
-      Entropy: 1.8043261575888512
-      Virtual Size: '0x58'
-    .sdata:
-      Entropy: 2.3623249868173946
-      Virtual Size: '0x190'
-    .data:
-      Entropy: 0.0
-      Virtual Size: '0x70'
-    INIT:
-      Entropy: 5.289432818651469
-      Virtual Size: '0x59a'
-    .rsrc:
-      Entropy: 3.427398645694084
-      Virtual Size: '0x3a0'
-    .reloc:
-      Entropy: 0.6879064653040092
-      Virtual Size: '0x23a'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=SK, L=Bratislava, O=REALiX, CN=REALiX
-      ValidFrom: '2009-07-16 13:59:23'
-      ValidTo: '2012-07-16 13:59:20'
-      Signature: 8df4772e78f08e0872af4bc472c4ee3c2f5ece224e8b2184bf7d965af06b1c82548b3f8593f824afe1bc343a0318e42379118602ff1253b7763526d857be6cdeafe2ac497de87a76fbb6fb1fd3bbabc84f0873d357a0b9d7d51d373db582a2300f87f5004635ccd1d8d519211406cc91c5724895cdf00f3cc4cfb8f907e37a048f47a1949e92e5a2faf60149ea1d4fdbbc3a2a5e224c1163f5023b4db7611cc916601d3ca8dc74fb99cd013033777a0a3f0a4ab88c67327c9aeb1489ac814b76d3fc67e293b58e39daf6506abae275224a72b4fb1c8c7b03b4d788a93baa902be4a346aec10f6c2c64b4cd0a61286eb8c42f9b2a25277a16a0a11af612dd02af
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 010000000001228403475b
-      Version: 3
-      TBS:
-        MD5: c08c341aadc50a4843dc7f12d2b7dda6
-        SHA1: 0077567a36c455505f2cfed87b2e47d6e836fb9e
-        SHA256: 5b17af75beca4abe098882f6b4fe2ed4975f428d81b964c648b1ac5df313233b
-        SHA384: b0ad18a16f199f8ee3efc9bc5d21bb209674a4e3d1013b7943c08eeae9b47ce706da1fd8707f86dbd31651ad4a2e886c
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
-        Primary Object Publishing CA
-      ValidFrom: '1999-01-28 13:00:00'
-      ValidTo: '2017-01-27 12:00:00'
-      Signature: 4016df43e479ce76f248f698483061e2f1b452708ed8c612214d4f28831a648e03f731840f1f01d4a418fc008b2c6f1bb837fa4b97c05727b83109267832eef4e45912bd45a159e23511c0d6fc1e987ad982f990f36e07eeb0939acb31ed2c17bc921afa92cd821e2f0f31d328c03ce81c2926ab5a8d9fa1f0303289b68e516f8b5b90ad21f3f4209c909bb0ac2b37161e1db859bb49a63b75ae99d9b64b870194df91e1720e75079fcb05b59e7226fc2e21f5f62377eb6614d3ca3deae6f20b40ae553d02718821eb6a04b0945e9d9274ef292ebd4a4d85a4233ce31066901d3b63d23c481030e9e35cb67729ff3406f27da103406617df628d2b34a7426725
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000011e44a5e24e
-      Version: 3
-      TBS:
-        MD5: 1523b60530a241a9dc96e8890e42a0fa
-        SHA1: 879269f3f467a6d59641960a62fe9cb419355ff6
-        SHA256: 6811f3e33268aef810dc3277f8f9356adcbc3c36446a0420593b82f3cd526022
-        SHA384: 92f5e55d6eb6d965c1b698e56cbb8087d80eda1a24eb6ed178abeddafe2fcf524e9f8311ca232be7f5b4555b89b97c6b
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      ValidFrom: '2004-01-22 10:00:00'
-      ValidTo: '2017-01-27 11:00:00'
-      Signature: 762e2fe996fef4c3678bf1b07e321701ddb41c0f9e42d179569684be68afa554dbc7a9b55981d41cded9606baec05214fbab2b8e75f853ad91308efc04e4c58803d13f1861eab3d2b1d899f0754509ce7874d4d79e70bd120be405b64d3cf6af38c2881858a7958e7d1671e9b40df726a98f55de60ebc48d046b7b068feefea9c9c80a64240169df2f182058aa3e854c64e3e3832f860d4cf076a982c464981ec3cf5c7c863ec2ee5e9268b1483c857959e93bb4de5123d26648d1f7db967b82fac971e4caa7baca47c34b9183d3cab18f39bb38cccdc14caa9a6353051e1dd75377054d8f8ff7679b5ecebfdc4905ff7ef55180a01638d8b680a0514facf698
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000011e44a5ecbe
-      Version: 3
-      TBS:
-        MD5: 16fb30314f4f5ff4dac603580f605778
-        SHA1: 55c862df1f775f6a4c8e4f963115962a5cffc4ee
-        SHA256: aec84e1206957180ccf4e598fa10864ef4ee18ff9fc126b9a54af79c618f0492
-        SHA384: a2b0c7b9ffe6e8244a4662099132406aea0a47889ecde7b336c4f09296da2ffbb3718597a0fb570bd1e97e88a24f8fbb
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 010000000001228403475b
-      Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      Version: 1
-  Imphash: d2fa238bfc29e657ae072c3e8da62b84
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 928b862389f2292f01a565634187fc49
-    SHA1: 7d210df06c16ca3b1ca35d6e97f89a31df303376
-    SHA256: 742b102cc69403c669244f0efcf9ac8e5bbdb9b10f35f03c743651afe5ac32ba
-  Company: REALiX(tm)
-  Copyright: "Copyright (c)1999-2010 Martin Mal\xEDk - REALiX"
-  CreationTimestamp: '2010-07-25 06:37:28'
-  Date: ''
-  Description: HWiNFO32 Kernel Driver
-  ExportedFunctions: ''
-  FileVersion: '7.70 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - KeRaiseIrql
-  - __C_specific_handler
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - KeLowerIrql
-  - ExInterlockedRemoveHeadList
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeTickCount
-  - RtlInitUnicodeString
-  - ZwOpenFile
-  - ZwDeviceIoControlFile
-  - ZwClose
-  - IofCompleteRequest
-  - KeAcquireSpinLockRaiseToDpc
-  - KeReleaseSpinLock
-  - MmMapIoSpace
-  - ExAllocatePoolWithTag
-  - MmUnmapIoSpace
-  - ExInterlockedInsertTailList
-  - READ_PORT_UCHAR
-  - READ_PORT_ULONG
-  - READ_PORT_USHORT
-  - HalGetBusDataByOffset
-  - WRITE_PORT_ULONG
-  - WRITE_PORT_USHORT
-  - HalSetBusDataByOffset
-  - HalCallPal
-  - KeStallExecutionProcessor
-  - WRITE_PORT_UCHAR
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: HWiNFO32.SYS
-  MD5: 49dbc80ecf8e331ff828b964e491621b
-  MachineType: IA64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: HWiNFO32.SYS
-  PDBPath: ''
-  Product: HWiNFO32 Kernel Driver
-  ProductVersion: '7.70'
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 5d4e7ab49649a192043dd9fb437a8396
-    SHA1: f8beb273ccc432992c93d1b980e68a45adb8a8fa
-    SHA256: 3bfe2a8fafb0b419414bb641ecc437981b7a2815766fb9a77ef6336533a280a9
-  SHA1: 9917a514887f4cbdfb0aa3a61b9b2988d9be80c6
-  SHA256: 7702f240800528d8186e3e6a26e2680486fed65a6fb5a2a000ad12c1fb61a398
-  Sections:
-    .text:
-      Entropy: 5.462802401906941
-      Virtual Size: '0x5660'
-    .rdata:
-      Entropy: 3.1099442171632043
-      Virtual Size: '0x5e8'
-    .pdata:
-      Entropy: 3.5734373183354293
-      Virtual Size: '0x168'
-    .srdata:
-      Entropy: 1.8468946812101659
-      Virtual Size: '0x38'
-    .sdata:
-      Entropy: 2.3991161789109956
-      Virtual Size: '0x130'
-    .data:
-      Entropy: 0.0
-      Virtual Size: '0x30'
-    INIT:
-      Entropy: 5.272062316111859
-      Virtual Size: '0x49c'
-    .rsrc:
-      Entropy: 3.3780569299107057
-      Virtual Size: '0x398'
-    .reloc:
-      Entropy: 0.6052620389809359
-      Virtual Size: '0x1fa'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=SK, L=Bratislava, O=REALiX, CN=REALiX
-      ValidFrom: '2009-07-16 13:59:23'
-      ValidTo: '2012-07-16 13:59:20'
-      Signature: 8df4772e78f08e0872af4bc472c4ee3c2f5ece224e8b2184bf7d965af06b1c82548b3f8593f824afe1bc343a0318e42379118602ff1253b7763526d857be6cdeafe2ac497de87a76fbb6fb1fd3bbabc84f0873d357a0b9d7d51d373db582a2300f87f5004635ccd1d8d519211406cc91c5724895cdf00f3cc4cfb8f907e37a048f47a1949e92e5a2faf60149ea1d4fdbbc3a2a5e224c1163f5023b4db7611cc916601d3ca8dc74fb99cd013033777a0a3f0a4ab88c67327c9aeb1489ac814b76d3fc67e293b58e39daf6506abae275224a72b4fb1c8c7b03b4d788a93baa902be4a346aec10f6c2c64b4cd0a61286eb8c42f9b2a25277a16a0a11af612dd02af
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 010000000001228403475b
-      Version: 3
-      TBS:
-        MD5: c08c341aadc50a4843dc7f12d2b7dda6
-        SHA1: 0077567a36c455505f2cfed87b2e47d6e836fb9e
-        SHA256: 5b17af75beca4abe098882f6b4fe2ed4975f428d81b964c648b1ac5df313233b
-        SHA384: b0ad18a16f199f8ee3efc9bc5d21bb209674a4e3d1013b7943c08eeae9b47ce706da1fd8707f86dbd31651ad4a2e886c
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
-        Primary Object Publishing CA
-      ValidFrom: '1999-01-28 13:00:00'
-      ValidTo: '2017-01-27 12:00:00'
-      Signature: 4016df43e479ce76f248f698483061e2f1b452708ed8c612214d4f28831a648e03f731840f1f01d4a418fc008b2c6f1bb837fa4b97c05727b83109267832eef4e45912bd45a159e23511c0d6fc1e987ad982f990f36e07eeb0939acb31ed2c17bc921afa92cd821e2f0f31d328c03ce81c2926ab5a8d9fa1f0303289b68e516f8b5b90ad21f3f4209c909bb0ac2b37161e1db859bb49a63b75ae99d9b64b870194df91e1720e75079fcb05b59e7226fc2e21f5f62377eb6614d3ca3deae6f20b40ae553d02718821eb6a04b0945e9d9274ef292ebd4a4d85a4233ce31066901d3b63d23c481030e9e35cb67729ff3406f27da103406617df628d2b34a7426725
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000011e44a5e24e
-      Version: 3
-      TBS:
-        MD5: 1523b60530a241a9dc96e8890e42a0fa
-        SHA1: 879269f3f467a6d59641960a62fe9cb419355ff6
-        SHA256: 6811f3e33268aef810dc3277f8f9356adcbc3c36446a0420593b82f3cd526022
-        SHA384: 92f5e55d6eb6d965c1b698e56cbb8087d80eda1a24eb6ed178abeddafe2fcf524e9f8311ca232be7f5b4555b89b97c6b
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      ValidFrom: '2004-01-22 10:00:00'
-      ValidTo: '2017-01-27 11:00:00'
-      Signature: 762e2fe996fef4c3678bf1b07e321701ddb41c0f9e42d179569684be68afa554dbc7a9b55981d41cded9606baec05214fbab2b8e75f853ad91308efc04e4c58803d13f1861eab3d2b1d899f0754509ce7874d4d79e70bd120be405b64d3cf6af38c2881858a7958e7d1671e9b40df726a98f55de60ebc48d046b7b068feefea9c9c80a64240169df2f182058aa3e854c64e3e3832f860d4cf076a982c464981ec3cf5c7c863ec2ee5e9268b1483c857959e93bb4de5123d26648d1f7db967b82fac971e4caa7baca47c34b9183d3cab18f39bb38cccdc14caa9a6353051e1dd75377054d8f8ff7679b5ecebfdc4905ff7ef55180a01638d8b680a0514facf698
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000011e44a5ecbe
-      Version: 3
-      TBS:
-        MD5: 16fb30314f4f5ff4dac603580f605778
-        SHA1: 55c862df1f775f6a4c8e4f963115962a5cffc4ee
-        SHA256: aec84e1206957180ccf4e598fa10864ef4ee18ff9fc126b9a54af79c618f0492
-        SHA384: a2b0c7b9ffe6e8244a4662099132406aea0a47889ecde7b336c4f09296da2ffbb3718597a0fb570bd1e97e88a24f8fbb
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 010000000001228403475b
-      Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      Version: 1
-  Imphash: 51a803d670d7387a629e352b6fe6cf1e
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: f15ac2bf1b7a126c79176423b87320e4
-    SHA1: 2feca887d30672e52e0d39d7adbc1ddacdd9379b
-    SHA256: de09000bb9f5f81ff6c9ba239ea2498cff4e3decf6ae0220e4b0d64c3500acf8
-  Company: REALiX(tm)
-  Copyright: "Copyright (c)1999-2009 Martin Mal\xEDk - REALiX"
-  CreationTimestamp: '2009-07-16 08:22:02'
-  Date: ''
-  Description: HWiNFO32 Kernel Driver
-  ExportedFunctions: ''
-  FileVersion: '7.20 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - IoDeleteSymbolicLink
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - KeTickCount
-  - __C_specific_handler
-  - MmMapIoSpace
-  - MmUnmapIoSpace
-  - KeRaiseIrql
-  - KeLowerIrql
-  - RtlInitUnicodeString
-  - ZwOpenFile
-  - ZwDeviceIoControlFile
-  - ZwClose
-  - IoCreateDevice
-  - IofCompleteRequest
-  - READ_PORT_UCHAR
-  - READ_PORT_ULONG
-  - READ_PORT_USHORT
-  - HalGetBusDataByOffset
-  - WRITE_PORT_ULONG
-  - WRITE_PORT_USHORT
-  - HalSetBusDataByOffset
-  - HalCallPal
-  - KeStallExecutionProcessor
-  - WRITE_PORT_UCHAR
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: HWiNFO32.SYS
-  MD5: 2293aa65ada1c1d15a1ffb596612aee3
-  MachineType: IA64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: HWiNFO32.SYS
-  PDBPath: ''
-  Product: HWiNFO32 Kernel Driver
-  ProductVersion: '7.20'
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 6fdbfc3bac2ddbbe5ab20f15ed759e6b
-    SHA1: 892537d2ca11cf4e33e0d18a2f06d16b27ff26b3
-    SHA256: c12bce87354ed261603c874802faae70173dabeb4178b392995892554698d0b9
-  SHA1: 7a6bc9fc1eb4900039ee88e099e90fc19e248257
-  SHA256: 4e54e98df13110aac41f3207e400cce2a00df29ce18c32186e536c1de25a75ce
-  Sections:
-    .text:
-      Entropy: 5.518620495680425
-      Virtual Size: '0x5202'
-    .rdata:
-      Entropy: 3.0634282017515315
-      Virtual Size: '0x580'
-    .pdata:
-      Entropy: 3.4860181353362267
-      Virtual Size: '0x144'
-    .srdata:
-      Entropy: 1.9604047768631525
-      Virtual Size: '0x28'
-    .sdata:
-      Entropy: 2.38165853193268
-      Virtual Size: '0xf8'
-    INIT:
-      Entropy: 5.200504686380647
-      Virtual Size: '0x3d2'
-    .rsrc:
-      Entropy: 3.3770380367348327
-      Virtual Size: '0x398'
-    .reloc:
-      Entropy: 0.6003700907203152
-      Virtual Size: '0x1ce'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=SK, L=Bratislava, O=REALiX, CN=REALiX
-      ValidFrom: '2009-07-16 13:59:23'
-      ValidTo: '2012-07-16 13:59:20'
-      Signature: 8df4772e78f08e0872af4bc472c4ee3c2f5ece224e8b2184bf7d965af06b1c82548b3f8593f824afe1bc343a0318e42379118602ff1253b7763526d857be6cdeafe2ac497de87a76fbb6fb1fd3bbabc84f0873d357a0b9d7d51d373db582a2300f87f5004635ccd1d8d519211406cc91c5724895cdf00f3cc4cfb8f907e37a048f47a1949e92e5a2faf60149ea1d4fdbbc3a2a5e224c1163f5023b4db7611cc916601d3ca8dc74fb99cd013033777a0a3f0a4ab88c67327c9aeb1489ac814b76d3fc67e293b58e39daf6506abae275224a72b4fb1c8c7b03b4d788a93baa902be4a346aec10f6c2c64b4cd0a61286eb8c42f9b2a25277a16a0a11af612dd02af
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 010000000001228403475b
-      Version: 3
-      TBS:
-        MD5: c08c341aadc50a4843dc7f12d2b7dda6
-        SHA1: 0077567a36c455505f2cfed87b2e47d6e836fb9e
-        SHA256: 5b17af75beca4abe098882f6b4fe2ed4975f428d81b964c648b1ac5df313233b
-        SHA384: b0ad18a16f199f8ee3efc9bc5d21bb209674a4e3d1013b7943c08eeae9b47ce706da1fd8707f86dbd31651ad4a2e886c
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
-        Primary Object Publishing CA
-      ValidFrom: '1999-01-28 13:00:00'
-      ValidTo: '2017-01-27 12:00:00'
-      Signature: 4016df43e479ce76f248f698483061e2f1b452708ed8c612214d4f28831a648e03f731840f1f01d4a418fc008b2c6f1bb837fa4b97c05727b83109267832eef4e45912bd45a159e23511c0d6fc1e987ad982f990f36e07eeb0939acb31ed2c17bc921afa92cd821e2f0f31d328c03ce81c2926ab5a8d9fa1f0303289b68e516f8b5b90ad21f3f4209c909bb0ac2b37161e1db859bb49a63b75ae99d9b64b870194df91e1720e75079fcb05b59e7226fc2e21f5f62377eb6614d3ca3deae6f20b40ae553d02718821eb6a04b0945e9d9274ef292ebd4a4d85a4233ce31066901d3b63d23c481030e9e35cb67729ff3406f27da103406617df628d2b34a7426725
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000011e44a5e24e
-      Version: 3
-      TBS:
-        MD5: 1523b60530a241a9dc96e8890e42a0fa
-        SHA1: 879269f3f467a6d59641960a62fe9cb419355ff6
-        SHA256: 6811f3e33268aef810dc3277f8f9356adcbc3c36446a0420593b82f3cd526022
-        SHA384: 92f5e55d6eb6d965c1b698e56cbb8087d80eda1a24eb6ed178abeddafe2fcf524e9f8311ca232be7f5b4555b89b97c6b
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      ValidFrom: '2004-01-22 10:00:00'
-      ValidTo: '2017-01-27 11:00:00'
-      Signature: 762e2fe996fef4c3678bf1b07e321701ddb41c0f9e42d179569684be68afa554dbc7a9b55981d41cded9606baec05214fbab2b8e75f853ad91308efc04e4c58803d13f1861eab3d2b1d899f0754509ce7874d4d79e70bd120be405b64d3cf6af38c2881858a7958e7d1671e9b40df726a98f55de60ebc48d046b7b068feefea9c9c80a64240169df2f182058aa3e854c64e3e3832f860d4cf076a982c464981ec3cf5c7c863ec2ee5e9268b1483c857959e93bb4de5123d26648d1f7db967b82fac971e4caa7baca47c34b9183d3cab18f39bb38cccdc14caa9a6353051e1dd75377054d8f8ff7679b5ecebfdc4905ff7ef55180a01638d8b680a0514facf698
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000011e44a5ecbe
-      Version: 3
-      TBS:
-        MD5: 16fb30314f4f5ff4dac603580f605778
-        SHA1: 55c862df1f775f6a4c8e4f963115962a5cffc4ee
-        SHA256: aec84e1206957180ccf4e598fa10864ef4ee18ff9fc126b9a54af79c618f0492
-        SHA384: a2b0c7b9ffe6e8244a4662099132406aea0a47889ecde7b336c4f09296da2ffbb3718597a0fb570bd1e97e88a24f8fbb
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 010000000001228403475b
-      Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      Version: 1
-  Imphash: 280d5f0b7808e698f0875e61137fcd71
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 98fb0e1bc59ed4b47f15ddb13a1aa45b
-    SHA1: 42690535d571a8b1520a96d2e8bec3236138a329
-    SHA256: c191c7d4ec03c4ef0f51a67af42a90390f75ebd6f83dbc05e317fe5a90a1fb31
-  Company: REALiX(tm)
-  Copyright: "Copyright (c)1999-2010 Martin Mal\xEDk - REALiX"
-  CreationTimestamp: '2010-09-29 16:13:28'
-  Date: ''
-  Description: HWiNFO32 Kernel Driver
-  ExportedFunctions: ''
-  FileVersion: '7.90 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - KeRaiseIrql
-  - __C_specific_handler
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - KeLowerIrql
-  - ExInterlockedRemoveHeadList
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeTickCount
-  - RtlInitUnicodeString
-  - ZwOpenFile
-  - ZwDeviceIoControlFile
-  - ZwClose
-  - IofCompleteRequest
-  - KeAcquireSpinLockRaiseToDpc
-  - KeReleaseSpinLock
-  - MmMapIoSpace
-  - ExAllocatePoolWithTag
-  - MmUnmapIoSpace
-  - ExInterlockedInsertTailList
-  - READ_PORT_UCHAR
-  - READ_PORT_ULONG
-  - READ_PORT_USHORT
-  - HalGetBusDataByOffset
-  - WRITE_PORT_ULONG
-  - WRITE_PORT_USHORT
-  - HalSetBusDataByOffset
-  - HalCallPal
-  - KeStallExecutionProcessor
-  - WRITE_PORT_UCHAR
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: HWiNFO32.SYS
-  MD5: 7ceb48348ecd008c97bb5f74bdbea843
-  MachineType: IA64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: HWiNFO32.SYS
-  PDBPath: ''
-  Product: HWiNFO32 Kernel Driver
-  ProductVersion: '7.90'
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 5d4e7ab49649a192043dd9fb437a8396
-    SHA1: f8beb273ccc432992c93d1b980e68a45adb8a8fa
-    SHA256: 3bfe2a8fafb0b419414bb641ecc437981b7a2815766fb9a77ef6336533a280a9
-  SHA1: 4146c0612ec8de7a98e20d181312b5a4ef139227
-  SHA256: 4ac08a6035cfcafdac712d7c3cf2eef6e10258f14cee6e80e1ef2f71f5045173
-  Sections:
-    .text:
-      Entropy: 5.463801262229364
-      Virtual Size: '0x5660'
-    .rdata:
-      Entropy: 3.1035461685157335
-      Virtual Size: '0x5e8'
-    .pdata:
-      Entropy: 3.5734373183354293
-      Virtual Size: '0x168'
-    .srdata:
-      Entropy: 1.8468946812101659
-      Virtual Size: '0x38'
-    .sdata:
-      Entropy: 2.3991161789109956
-      Virtual Size: '0x130'
-    .data:
-      Entropy: 0.0
-      Virtual Size: '0x30'
-    INIT:
-      Entropy: 5.272062316111859
-      Virtual Size: '0x49c'
-    .rsrc:
-      Entropy: 3.384894423449242
-      Virtual Size: '0x398'
-    .reloc:
-      Entropy: 0.6052620389809359
-      Virtual Size: '0x1fa'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=SK, L=Bratislava, O=REALiX, CN=REALiX
-      ValidFrom: '2009-07-16 13:59:23'
-      ValidTo: '2012-07-16 13:59:20'
-      Signature: 8df4772e78f08e0872af4bc472c4ee3c2f5ece224e8b2184bf7d965af06b1c82548b3f8593f824afe1bc343a0318e42379118602ff1253b7763526d857be6cdeafe2ac497de87a76fbb6fb1fd3bbabc84f0873d357a0b9d7d51d373db582a2300f87f5004635ccd1d8d519211406cc91c5724895cdf00f3cc4cfb8f907e37a048f47a1949e92e5a2faf60149ea1d4fdbbc3a2a5e224c1163f5023b4db7611cc916601d3ca8dc74fb99cd013033777a0a3f0a4ab88c67327c9aeb1489ac814b76d3fc67e293b58e39daf6506abae275224a72b4fb1c8c7b03b4d788a93baa902be4a346aec10f6c2c64b4cd0a61286eb8c42f9b2a25277a16a0a11af612dd02af
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 010000000001228403475b
-      Version: 3
-      TBS:
-        MD5: c08c341aadc50a4843dc7f12d2b7dda6
-        SHA1: 0077567a36c455505f2cfed87b2e47d6e836fb9e
-        SHA256: 5b17af75beca4abe098882f6b4fe2ed4975f428d81b964c648b1ac5df313233b
-        SHA384: b0ad18a16f199f8ee3efc9bc5d21bb209674a4e3d1013b7943c08eeae9b47ce706da1fd8707f86dbd31651ad4a2e886c
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
-        Primary Object Publishing CA
-      ValidFrom: '1999-01-28 13:00:00'
-      ValidTo: '2017-01-27 12:00:00'
-      Signature: 4016df43e479ce76f248f698483061e2f1b452708ed8c612214d4f28831a648e03f731840f1f01d4a418fc008b2c6f1bb837fa4b97c05727b83109267832eef4e45912bd45a159e23511c0d6fc1e987ad982f990f36e07eeb0939acb31ed2c17bc921afa92cd821e2f0f31d328c03ce81c2926ab5a8d9fa1f0303289b68e516f8b5b90ad21f3f4209c909bb0ac2b37161e1db859bb49a63b75ae99d9b64b870194df91e1720e75079fcb05b59e7226fc2e21f5f62377eb6614d3ca3deae6f20b40ae553d02718821eb6a04b0945e9d9274ef292ebd4a4d85a4233ce31066901d3b63d23c481030e9e35cb67729ff3406f27da103406617df628d2b34a7426725
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000011e44a5e24e
-      Version: 3
-      TBS:
-        MD5: 1523b60530a241a9dc96e8890e42a0fa
-        SHA1: 879269f3f467a6d59641960a62fe9cb419355ff6
-        SHA256: 6811f3e33268aef810dc3277f8f9356adcbc3c36446a0420593b82f3cd526022
-        SHA384: 92f5e55d6eb6d965c1b698e56cbb8087d80eda1a24eb6ed178abeddafe2fcf524e9f8311ca232be7f5b4555b89b97c6b
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      ValidFrom: '2004-01-22 10:00:00'
-      ValidTo: '2017-01-27 11:00:00'
-      Signature: 762e2fe996fef4c3678bf1b07e321701ddb41c0f9e42d179569684be68afa554dbc7a9b55981d41cded9606baec05214fbab2b8e75f853ad91308efc04e4c58803d13f1861eab3d2b1d899f0754509ce7874d4d79e70bd120be405b64d3cf6af38c2881858a7958e7d1671e9b40df726a98f55de60ebc48d046b7b068feefea9c9c80a64240169df2f182058aa3e854c64e3e3832f860d4cf076a982c464981ec3cf5c7c863ec2ee5e9268b1483c857959e93bb4de5123d26648d1f7db967b82fac971e4caa7baca47c34b9183d3cab18f39bb38cccdc14caa9a6353051e1dd75377054d8f8ff7679b5ecebfdc4905ff7ef55180a01638d8b680a0514facf698
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000011e44a5ecbe
-      Version: 3
-      TBS:
-        MD5: 16fb30314f4f5ff4dac603580f605778
-        SHA1: 55c862df1f775f6a4c8e4f963115962a5cffc4ee
-        SHA256: aec84e1206957180ccf4e598fa10864ef4ee18ff9fc126b9a54af79c618f0492
-        SHA384: a2b0c7b9ffe6e8244a4662099132406aea0a47889ecde7b336c4f09296da2ffbb3718597a0fb570bd1e97e88a24f8fbb
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 010000000001228403475b
-      Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      Version: 1
-  Imphash: 51a803d670d7387a629e352b6fe6cf1e
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: d7f92dde8fdeaebe0e1d6f2a64d19222
-    SHA1: f1e0b049757aa5278fa27dc11569077aec71241f
-    SHA256: 52b9302507bccd7eb775137a4c17b0df9a5a99671968c01924cd0c52a0c69262
-  Company: REALiX(tm)
-  Copyright: "Copyright (c)1999-2010 Martin Mal\xEDk - REALiX"
-  CreationTimestamp: '2010-06-20 11:16:25'
-  Date: ''
-  Description: HWiNFO32 Kernel Driver
-  ExportedFunctions: ''
-  FileVersion: '7.50 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - KeRaiseIrql
-  - __C_specific_handler
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - KeLowerIrql
-  - ExInterlockedRemoveHeadList
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeTickCount
-  - RtlInitUnicodeString
-  - ZwOpenFile
-  - ZwDeviceIoControlFile
-  - ZwClose
-  - IofCompleteRequest
-  - KeAcquireSpinLockRaiseToDpc
-  - KeReleaseSpinLock
-  - MmMapIoSpace
-  - ExAllocatePoolWithTag
-  - MmUnmapIoSpace
-  - ExInterlockedInsertTailList
-  - READ_PORT_UCHAR
-  - READ_PORT_ULONG
-  - READ_PORT_USHORT
-  - HalGetBusDataByOffset
-  - WRITE_PORT_ULONG
-  - WRITE_PORT_USHORT
-  - HalSetBusDataByOffset
-  - HalCallPal
-  - KeStallExecutionProcessor
-  - WRITE_PORT_UCHAR
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: HWiNFO32.SYS
-  MD5: 52c7dac60d4b5c673441da38983df4ad
-  MachineType: IA64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: HWiNFO32.SYS
-  PDBPath: ''
-  Product: HWiNFO32 Kernel Driver
-  ProductVersion: '7.50'
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 5d4e7ab49649a192043dd9fb437a8396
-    SHA1: f8beb273ccc432992c93d1b980e68a45adb8a8fa
-    SHA256: 3bfe2a8fafb0b419414bb641ecc437981b7a2815766fb9a77ef6336533a280a9
-  SHA1: 712c1d34ea7883e79bc5714d14065a27607fe219
-  SHA256: 8dcec67a1f4903981c3e0ab938784c2f241e041e26748e1c22059e0e507cfb37
-  Sections:
-    .text:
-      Entropy: 5.523597494035855
-      Virtual Size: '0x5a30'
-    .rdata:
-      Entropy: 3.1193674975685135
-      Virtual Size: '0x5e0'
-    .pdata:
-      Entropy: 3.6190033374750774
-      Virtual Size: '0x168'
-    .srdata:
-      Entropy: 1.8468946812101659
-      Virtual Size: '0x38'
-    .sdata:
-      Entropy: 2.3991161789109956
-      Virtual Size: '0x130'
-    .data:
-      Entropy: 0.0
-      Virtual Size: '0x30'
-    INIT:
-      Entropy: 5.273757231366097
-      Virtual Size: '0x49c'
-    .rsrc:
-      Entropy: 3.3843160876061558
-      Virtual Size: '0x398'
-    .reloc:
-      Entropy: 0.5863303988495302
-      Virtual Size: '0x20e'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=SK, L=Bratislava, O=REALiX, CN=REALiX
-      ValidFrom: '2009-07-16 13:59:23'
-      ValidTo: '2012-07-16 13:59:20'
-      Signature: 8df4772e78f08e0872af4bc472c4ee3c2f5ece224e8b2184bf7d965af06b1c82548b3f8593f824afe1bc343a0318e42379118602ff1253b7763526d857be6cdeafe2ac497de87a76fbb6fb1fd3bbabc84f0873d357a0b9d7d51d373db582a2300f87f5004635ccd1d8d519211406cc91c5724895cdf00f3cc4cfb8f907e37a048f47a1949e92e5a2faf60149ea1d4fdbbc3a2a5e224c1163f5023b4db7611cc916601d3ca8dc74fb99cd013033777a0a3f0a4ab88c67327c9aeb1489ac814b76d3fc67e293b58e39daf6506abae275224a72b4fb1c8c7b03b4d788a93baa902be4a346aec10f6c2c64b4cd0a61286eb8c42f9b2a25277a16a0a11af612dd02af
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 010000000001228403475b
-      Version: 3
-      TBS:
-        MD5: c08c341aadc50a4843dc7f12d2b7dda6
-        SHA1: 0077567a36c455505f2cfed87b2e47d6e836fb9e
-        SHA256: 5b17af75beca4abe098882f6b4fe2ed4975f428d81b964c648b1ac5df313233b
-        SHA384: b0ad18a16f199f8ee3efc9bc5d21bb209674a4e3d1013b7943c08eeae9b47ce706da1fd8707f86dbd31651ad4a2e886c
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
-        Primary Object Publishing CA
-      ValidFrom: '1999-01-28 13:00:00'
-      ValidTo: '2017-01-27 12:00:00'
-      Signature: 4016df43e479ce76f248f698483061e2f1b452708ed8c612214d4f28831a648e03f731840f1f01d4a418fc008b2c6f1bb837fa4b97c05727b83109267832eef4e45912bd45a159e23511c0d6fc1e987ad982f990f36e07eeb0939acb31ed2c17bc921afa92cd821e2f0f31d328c03ce81c2926ab5a8d9fa1f0303289b68e516f8b5b90ad21f3f4209c909bb0ac2b37161e1db859bb49a63b75ae99d9b64b870194df91e1720e75079fcb05b59e7226fc2e21f5f62377eb6614d3ca3deae6f20b40ae553d02718821eb6a04b0945e9d9274ef292ebd4a4d85a4233ce31066901d3b63d23c481030e9e35cb67729ff3406f27da103406617df628d2b34a7426725
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000011e44a5e24e
-      Version: 3
-      TBS:
-        MD5: 1523b60530a241a9dc96e8890e42a0fa
-        SHA1: 879269f3f467a6d59641960a62fe9cb419355ff6
-        SHA256: 6811f3e33268aef810dc3277f8f9356adcbc3c36446a0420593b82f3cd526022
-        SHA384: 92f5e55d6eb6d965c1b698e56cbb8087d80eda1a24eb6ed178abeddafe2fcf524e9f8311ca232be7f5b4555b89b97c6b
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      ValidFrom: '2004-01-22 10:00:00'
-      ValidTo: '2017-01-27 11:00:00'
-      Signature: 762e2fe996fef4c3678bf1b07e321701ddb41c0f9e42d179569684be68afa554dbc7a9b55981d41cded9606baec05214fbab2b8e75f853ad91308efc04e4c58803d13f1861eab3d2b1d899f0754509ce7874d4d79e70bd120be405b64d3cf6af38c2881858a7958e7d1671e9b40df726a98f55de60ebc48d046b7b068feefea9c9c80a64240169df2f182058aa3e854c64e3e3832f860d4cf076a982c464981ec3cf5c7c863ec2ee5e9268b1483c857959e93bb4de5123d26648d1f7db967b82fac971e4caa7baca47c34b9183d3cab18f39bb38cccdc14caa9a6353051e1dd75377054d8f8ff7679b5ecebfdc4905ff7ef55180a01638d8b680a0514facf698
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000011e44a5ecbe
-      Version: 3
-      TBS:
-        MD5: 16fb30314f4f5ff4dac603580f605778
-        SHA1: 55c862df1f775f6a4c8e4f963115962a5cffc4ee
-        SHA256: aec84e1206957180ccf4e598fa10864ef4ee18ff9fc126b9a54af79c618f0492
-        SHA384: a2b0c7b9ffe6e8244a4662099132406aea0a47889ecde7b336c4f09296da2ffbb3718597a0fb570bd1e97e88a24f8fbb
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 010000000001228403475b
-      Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      Version: 1
-  Imphash: 51a803d670d7387a629e352b6fe6cf1e
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: ebf591cbc6be4ee0a92cda76d0594fff
-    SHA1: 6b517a42b4d9cce99091f6a67f9100ed1d7f3c62
-    SHA256: 13d7c729c019c1c5a4b3e9fb27d1dd0b992fb7099f4314e011aafcb3472b7107
-  Company: REALiX(tm)
-  Copyright: "Copyright (c)1999-2011 Martin Mal\xEDk - REALiX"
-  CreationTimestamp: '2011-08-23 01:06:20'
-  Date: ''
-  Description: HWiNFO32 Kernel Driver
-  ExportedFunctions: ''
-  FileVersion: '8.30 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - IofCompleteRequest
-  - ZwClose
-  - ZwDeviceIoControlFile
-  - ZwOpenFile
-  - RtlInitUnicodeString
-  - IoGetDeviceObjectPointer
-  - RtlAnsiStringToUnicodeString
-  - RtlInitAnsiString
-  - KeLowerIrql
-  - KeRaiseIrql
-  - KeInitializeEvent
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - MmUnmapIoSpace
-  - ExInterlockedRemoveHeadList
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeTickCount
-  - IoAllocateIrp
-  - IofCallDriver
-  - KeWaitForSingleObject
-  - IoFreeIrp
-  - KeSetEvent
-  - KeAcquireSpinLockRaiseToDpc
-  - KeReleaseSpinLock
-  - MmMapIoSpace
-  - ExAllocatePoolWithTag
-  - __C_specific_handler
-  - ExInterlockedInsertTailList
-  - READ_PORT_UCHAR
-  - READ_PORT_ULONG
-  - READ_PORT_USHORT
-  - HalGetBusDataByOffset
-  - WRITE_PORT_ULONG
-  - WRITE_PORT_USHORT
-  - HalSetBusDataByOffset
-  - HalCallPal
-  - KeStallExecutionProcessor
-  - WRITE_PORT_UCHAR
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: HWiNFO32.SYS
-  MD5: ecbc7e628a7ea22a3b90d9b16a948707
-  MachineType: IA64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: HWiNFO32.SYS
-  PDBPath: ''
-  Product: HWiNFO32 Kernel Driver
-  ProductVersion: '8.30'
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: c971695bf5c8b443588c57eb4d4aba35
-    SHA1: ac672d07a6447a409d772ce6ffad40d6d36499bc
-    SHA256: 0354e293bca60af1461b66f14abe5db9435b7a263b813084f90af161fde56642
-  SHA1: 61c88c44d20e79c5d39109d1d91ac8e9ed3c46ad
-  SHA256: 6701433861742c08eb50f1e785962378143ad5b6c374ac29118168599f8a0f1c
-  Sections:
-    .text:
-      Entropy: 5.46011657052177
-      Virtual Size: '0x5ee0'
-    .rdata:
-      Entropy: 3.096488004471368
-      Virtual Size: '0x680'
-    .pdata:
-      Entropy: 3.6395592528546747
-      Virtual Size: '0x18c'
-    .srdata:
-      Entropy: 1.8043261575888512
-      Virtual Size: '0x58'
-    .sdata:
-      Entropy: 2.3623249868173946
-      Virtual Size: '0x190'
-    .data:
-      Entropy: 0.0
-      Virtual Size: '0x70'
-    INIT:
-      Entropy: 5.289432818651469
-      Virtual Size: '0x59a'
-    .rsrc:
-      Entropy: 3.3824753337870868
-      Virtual Size: '0x398'
-    .reloc:
-      Entropy: 0.6958390817943604
-      Virtual Size: '0x232'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=SK, L=Bratislava, O=REALiX, CN=REALiX
-      ValidFrom: '2009-07-16 13:59:23'
-      ValidTo: '2012-07-16 13:59:20'
-      Signature: 8df4772e78f08e0872af4bc472c4ee3c2f5ece224e8b2184bf7d965af06b1c82548b3f8593f824afe1bc343a0318e42379118602ff1253b7763526d857be6cdeafe2ac497de87a76fbb6fb1fd3bbabc84f0873d357a0b9d7d51d373db582a2300f87f5004635ccd1d8d519211406cc91c5724895cdf00f3cc4cfb8f907e37a048f47a1949e92e5a2faf60149ea1d4fdbbc3a2a5e224c1163f5023b4db7611cc916601d3ca8dc74fb99cd013033777a0a3f0a4ab88c67327c9aeb1489ac814b76d3fc67e293b58e39daf6506abae275224a72b4fb1c8c7b03b4d788a93baa902be4a346aec10f6c2c64b4cd0a61286eb8c42f9b2a25277a16a0a11af612dd02af
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 010000000001228403475b
-      Version: 3
-      TBS:
-        MD5: c08c341aadc50a4843dc7f12d2b7dda6
-        SHA1: 0077567a36c455505f2cfed87b2e47d6e836fb9e
-        SHA256: 5b17af75beca4abe098882f6b4fe2ed4975f428d81b964c648b1ac5df313233b
-        SHA384: b0ad18a16f199f8ee3efc9bc5d21bb209674a4e3d1013b7943c08eeae9b47ce706da1fd8707f86dbd31651ad4a2e886c
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
-        Primary Object Publishing CA
-      ValidFrom: '1999-01-28 13:00:00'
-      ValidTo: '2017-01-27 12:00:00'
-      Signature: 4016df43e479ce76f248f698483061e2f1b452708ed8c612214d4f28831a648e03f731840f1f01d4a418fc008b2c6f1bb837fa4b97c05727b83109267832eef4e45912bd45a159e23511c0d6fc1e987ad982f990f36e07eeb0939acb31ed2c17bc921afa92cd821e2f0f31d328c03ce81c2926ab5a8d9fa1f0303289b68e516f8b5b90ad21f3f4209c909bb0ac2b37161e1db859bb49a63b75ae99d9b64b870194df91e1720e75079fcb05b59e7226fc2e21f5f62377eb6614d3ca3deae6f20b40ae553d02718821eb6a04b0945e9d9274ef292ebd4a4d85a4233ce31066901d3b63d23c481030e9e35cb67729ff3406f27da103406617df628d2b34a7426725
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000011e44a5e24e
-      Version: 3
-      TBS:
-        MD5: 1523b60530a241a9dc96e8890e42a0fa
-        SHA1: 879269f3f467a6d59641960a62fe9cb419355ff6
-        SHA256: 6811f3e33268aef810dc3277f8f9356adcbc3c36446a0420593b82f3cd526022
-        SHA384: 92f5e55d6eb6d965c1b698e56cbb8087d80eda1a24eb6ed178abeddafe2fcf524e9f8311ca232be7f5b4555b89b97c6b
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      ValidFrom: '2004-01-22 10:00:00'
-      ValidTo: '2017-01-27 11:00:00'
-      Signature: 762e2fe996fef4c3678bf1b07e321701ddb41c0f9e42d179569684be68afa554dbc7a9b55981d41cded9606baec05214fbab2b8e75f853ad91308efc04e4c58803d13f1861eab3d2b1d899f0754509ce7874d4d79e70bd120be405b64d3cf6af38c2881858a7958e7d1671e9b40df726a98f55de60ebc48d046b7b068feefea9c9c80a64240169df2f182058aa3e854c64e3e3832f860d4cf076a982c464981ec3cf5c7c863ec2ee5e9268b1483c857959e93bb4de5123d26648d1f7db967b82fac971e4caa7baca47c34b9183d3cab18f39bb38cccdc14caa9a6353051e1dd75377054d8f8ff7679b5ecebfdc4905ff7ef55180a01638d8b680a0514facf698
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000011e44a5ecbe
-      Version: 3
-      TBS:
-        MD5: 16fb30314f4f5ff4dac603580f605778
-        SHA1: 55c862df1f775f6a4c8e4f963115962a5cffc4ee
-        SHA256: aec84e1206957180ccf4e598fa10864ef4ee18ff9fc126b9a54af79c618f0492
-        SHA384: a2b0c7b9ffe6e8244a4662099132406aea0a47889ecde7b336c4f09296da2ffbb3718597a0fb570bd1e97e88a24f8fbb
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 010000000001228403475b
-      Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      Version: 1
-  Imphash: 925dac5c06451818cb2c5e37de425af9
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: e3038d0db9de4a5e65cb1a4f2c887572
-    SHA1: 61c0d4dc5608e82740b906755d53c0e34ef2ec58
-    SHA256: a082cdb569b9f1f82252402fa05785fd409222912d5b9e5423299819e6f940ed
-  Company: REALiX(tm)
-  Copyright: "Copyright (c)1999-2010 Martin Mal\xEDk - REALiX"
-  CreationTimestamp: '2010-02-16 14:45:04'
-  Date: ''
-  Description: HWiNFO32 Kernel Driver
-  ExportedFunctions: ''
-  FileVersion: '7.30 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - IoDeleteSymbolicLink
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - KeTickCount
-  - __C_specific_handler
-  - MmMapIoSpace
-  - MmUnmapIoSpace
-  - KeRaiseIrql
-  - KeLowerIrql
-  - RtlInitUnicodeString
-  - ZwOpenFile
-  - ZwDeviceIoControlFile
-  - ZwClose
-  - IoCreateDevice
-  - IofCompleteRequest
-  - READ_PORT_UCHAR
-  - READ_PORT_ULONG
-  - READ_PORT_USHORT
-  - HalGetBusDataByOffset
-  - WRITE_PORT_ULONG
-  - WRITE_PORT_USHORT
-  - HalSetBusDataByOffset
-  - HalCallPal
-  - KeStallExecutionProcessor
-  - WRITE_PORT_UCHAR
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: HWiNFO32.SYS
-  MD5: a57afed9703b5893fbfee5f9710b8aee
-  MachineType: IA64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: HWiNFO32.SYS
-  PDBPath: ''
-  Product: HWiNFO32 Kernel Driver
-  ProductVersion: '7.30'
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 6fdbfc3bac2ddbbe5ab20f15ed759e6b
-    SHA1: 892537d2ca11cf4e33e0d18a2f06d16b27ff26b3
-    SHA256: c12bce87354ed261603c874802faae70173dabeb4178b392995892554698d0b9
-  SHA1: cc48296d367e57a6523be40237f4a5ec6cc3d1a5
-  SHA256: 1b17d12076d047e74d15e6e51e10497ad49419bec7fbe93386c57d3efbaadc0b
-  Sections:
-    .text:
-      Entropy: 5.518699866362356
-      Virtual Size: '0x5202'
-    .rdata:
-      Entropy: 3.0657263053732686
-      Virtual Size: '0x580'
-    .pdata:
-      Entropy: 3.4860181353362267
-      Virtual Size: '0x144'
-    .srdata:
-      Entropy: 1.9604047768631525
-      Virtual Size: '0x28'
-    .sdata:
-      Entropy: 2.38165853193268
-      Virtual Size: '0xf8'
-    INIT:
-      Entropy: 5.200504686380647
-      Virtual Size: '0x3d2'
-    .rsrc:
-      Entropy: 3.3793659817892636
-      Virtual Size: '0x398'
-    .reloc:
-      Entropy: 0.6003700907203152
-      Virtual Size: '0x1ce'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=SK, L=Bratislava, O=REALiX, CN=REALiX
-      ValidFrom: '2009-07-16 13:59:23'
-      ValidTo: '2012-07-16 13:59:20'
-      Signature: 8df4772e78f08e0872af4bc472c4ee3c2f5ece224e8b2184bf7d965af06b1c82548b3f8593f824afe1bc343a0318e42379118602ff1253b7763526d857be6cdeafe2ac497de87a76fbb6fb1fd3bbabc84f0873d357a0b9d7d51d373db582a2300f87f5004635ccd1d8d519211406cc91c5724895cdf00f3cc4cfb8f907e37a048f47a1949e92e5a2faf60149ea1d4fdbbc3a2a5e224c1163f5023b4db7611cc916601d3ca8dc74fb99cd013033777a0a3f0a4ab88c67327c9aeb1489ac814b76d3fc67e293b58e39daf6506abae275224a72b4fb1c8c7b03b4d788a93baa902be4a346aec10f6c2c64b4cd0a61286eb8c42f9b2a25277a16a0a11af612dd02af
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 010000000001228403475b
-      Version: 3
-      TBS:
-        MD5: c08c341aadc50a4843dc7f12d2b7dda6
-        SHA1: 0077567a36c455505f2cfed87b2e47d6e836fb9e
-        SHA256: 5b17af75beca4abe098882f6b4fe2ed4975f428d81b964c648b1ac5df313233b
-        SHA384: b0ad18a16f199f8ee3efc9bc5d21bb209674a4e3d1013b7943c08eeae9b47ce706da1fd8707f86dbd31651ad4a2e886c
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
-        Primary Object Publishing CA
-      ValidFrom: '1999-01-28 13:00:00'
-      ValidTo: '2017-01-27 12:00:00'
-      Signature: 4016df43e479ce76f248f698483061e2f1b452708ed8c612214d4f28831a648e03f731840f1f01d4a418fc008b2c6f1bb837fa4b97c05727b83109267832eef4e45912bd45a159e23511c0d6fc1e987ad982f990f36e07eeb0939acb31ed2c17bc921afa92cd821e2f0f31d328c03ce81c2926ab5a8d9fa1f0303289b68e516f8b5b90ad21f3f4209c909bb0ac2b37161e1db859bb49a63b75ae99d9b64b870194df91e1720e75079fcb05b59e7226fc2e21f5f62377eb6614d3ca3deae6f20b40ae553d02718821eb6a04b0945e9d9274ef292ebd4a4d85a4233ce31066901d3b63d23c481030e9e35cb67729ff3406f27da103406617df628d2b34a7426725
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000011e44a5e24e
-      Version: 3
-      TBS:
-        MD5: 1523b60530a241a9dc96e8890e42a0fa
-        SHA1: 879269f3f467a6d59641960a62fe9cb419355ff6
-        SHA256: 6811f3e33268aef810dc3277f8f9356adcbc3c36446a0420593b82f3cd526022
-        SHA384: 92f5e55d6eb6d965c1b698e56cbb8087d80eda1a24eb6ed178abeddafe2fcf524e9f8311ca232be7f5b4555b89b97c6b
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      ValidFrom: '2004-01-22 10:00:00'
-      ValidTo: '2017-01-27 11:00:00'
-      Signature: 762e2fe996fef4c3678bf1b07e321701ddb41c0f9e42d179569684be68afa554dbc7a9b55981d41cded9606baec05214fbab2b8e75f853ad91308efc04e4c58803d13f1861eab3d2b1d899f0754509ce7874d4d79e70bd120be405b64d3cf6af38c2881858a7958e7d1671e9b40df726a98f55de60ebc48d046b7b068feefea9c9c80a64240169df2f182058aa3e854c64e3e3832f860d4cf076a982c464981ec3cf5c7c863ec2ee5e9268b1483c857959e93bb4de5123d26648d1f7db967b82fac971e4caa7baca47c34b9183d3cab18f39bb38cccdc14caa9a6353051e1dd75377054d8f8ff7679b5ecebfdc4905ff7ef55180a01638d8b680a0514facf698
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000011e44a5ecbe
-      Version: 3
-      TBS:
-        MD5: 16fb30314f4f5ff4dac603580f605778
-        SHA1: 55c862df1f775f6a4c8e4f963115962a5cffc4ee
-        SHA256: aec84e1206957180ccf4e598fa10864ef4ee18ff9fc126b9a54af79c618f0492
-        SHA384: a2b0c7b9ffe6e8244a4662099132406aea0a47889ecde7b336c4f09296da2ffbb3718597a0fb570bd1e97e88a24f8fbb
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 010000000001228403475b
-      Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      Version: 1
-  Imphash: 280d5f0b7808e698f0875e61137fcd71
-  LoadsDespiteHVCI: 'FALSE'
-MitreID: T1068
+    Command: ''
+    Description: Confirmed vulnerable driver from Microsoft Block List
+    OperatingSystem: Windows
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://gist.github.com/mgraeber-rc/1bde6a2a83237f17b463d051d32e802c
-Tags:
-- HWiNFO32.SYS
-Verified: 'TRUE'
+Detection:
+-   type: ''
+    value: ''
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 969796117a4fa98be98ac97f8f2b591e
+        SHA1: 3cacdf1da953824f860841528a3d59524dd51a2b
+        SHA256: c44b807e14e5da43a060cb36a83aa5b1e4b7b95620f9e41d289694f9daa8b77a
+    Company: REALiX(tm)
+    Copyright: "Copyright (c)1999-2010 Martin Mal\xEDk - REALiX"
+    CreationTimestamp: '2010-09-09 03:22:55'
+    Date: ''
+    Description: HWiNFO32 Kernel Driver
+    ExportedFunctions: ''
+    FileVersion: '7.80 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - KeRaiseIrql
+    - __C_specific_handler
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - KeLowerIrql
+    - ExInterlockedRemoveHeadList
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeTickCount
+    - RtlInitUnicodeString
+    - ZwOpenFile
+    - ZwDeviceIoControlFile
+    - ZwClose
+    - IofCompleteRequest
+    - KeAcquireSpinLockRaiseToDpc
+    - KeReleaseSpinLock
+    - MmMapIoSpace
+    - ExAllocatePoolWithTag
+    - MmUnmapIoSpace
+    - ExInterlockedInsertTailList
+    - READ_PORT_UCHAR
+    - READ_PORT_ULONG
+    - READ_PORT_USHORT
+    - HalGetBusDataByOffset
+    - WRITE_PORT_ULONG
+    - WRITE_PORT_USHORT
+    - HalSetBusDataByOffset
+    - HalCallPal
+    - KeStallExecutionProcessor
+    - WRITE_PORT_UCHAR
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: HWiNFO32.SYS
+    MD5: 76c8d022c6788a3b29ebc19e8d7956c4
+    MachineType: IA64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: HWiNFO32.SYS
+    PDBPath: ''
+    Product: HWiNFO32 Kernel Driver
+    ProductVersion: '7.80'
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 5d4e7ab49649a192043dd9fb437a8396
+        SHA1: f8beb273ccc432992c93d1b980e68a45adb8a8fa
+        SHA256: 3bfe2a8fafb0b419414bb641ecc437981b7a2815766fb9a77ef6336533a280a9
+    SHA1: 38238d15b27bc56a3092e31fafb28ef4d742d726
+    SHA256: 6e9e9e0b9a23deec5f28dc45f0bbe7423565f037f74be2957e82e5f72c886094
+    Sections:
+        .text:
+            Entropy: 5.463842854330419
+            Virtual Size: '0x5660'
+        .rdata:
+            Entropy: 3.110400028617797
+            Virtual Size: '0x5e8'
+        .pdata:
+            Entropy: 3.5734373183354293
+            Virtual Size: '0x168'
+        .srdata:
+            Entropy: 1.8468946812101659
+            Virtual Size: '0x38'
+        .sdata:
+            Entropy: 2.3991161789109956
+            Virtual Size: '0x130'
+        .data:
+            Entropy: 0.0
+            Virtual Size: '0x30'
+        INIT:
+            Entropy: 5.272062316111859
+            Virtual Size: '0x49c'
+        .rsrc:
+            Entropy: 3.3821876571495975
+            Virtual Size: '0x398'
+        .reloc:
+            Entropy: 0.6052620389809359
+            Virtual Size: '0x1fa'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=SK, L=Bratislava, O=REALiX, CN=REALiX
+            ValidFrom: '2009-07-16 13:59:23'
+            ValidTo: '2012-07-16 13:59:20'
+            Signature: 8df4772e78f08e0872af4bc472c4ee3c2f5ece224e8b2184bf7d965af06b1c82548b3f8593f824afe1bc343a0318e42379118602ff1253b7763526d857be6cdeafe2ac497de87a76fbb6fb1fd3bbabc84f0873d357a0b9d7d51d373db582a2300f87f5004635ccd1d8d519211406cc91c5724895cdf00f3cc4cfb8f907e37a048f47a1949e92e5a2faf60149ea1d4fdbbc3a2a5e224c1163f5023b4db7611cc916601d3ca8dc74fb99cd013033777a0a3f0a4ab88c67327c9aeb1489ac814b76d3fc67e293b58e39daf6506abae275224a72b4fb1c8c7b03b4d788a93baa902be4a346aec10f6c2c64b4cd0a61286eb8c42f9b2a25277a16a0a11af612dd02af
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 010000000001228403475b
+            Version: 3
+            TBS:
+                MD5: c08c341aadc50a4843dc7f12d2b7dda6
+                SHA1: 0077567a36c455505f2cfed87b2e47d6e836fb9e
+                SHA256: 5b17af75beca4abe098882f6b4fe2ed4975f428d81b964c648b1ac5df313233b
+                SHA384: b0ad18a16f199f8ee3efc9bc5d21bb209674a4e3d1013b7943c08eeae9b47ce706da1fd8707f86dbd31651ad4a2e886c
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
+                Primary Object Publishing CA
+            ValidFrom: '1999-01-28 13:00:00'
+            ValidTo: '2017-01-27 12:00:00'
+            Signature: 4016df43e479ce76f248f698483061e2f1b452708ed8c612214d4f28831a648e03f731840f1f01d4a418fc008b2c6f1bb837fa4b97c05727b83109267832eef4e45912bd45a159e23511c0d6fc1e987ad982f990f36e07eeb0939acb31ed2c17bc921afa92cd821e2f0f31d328c03ce81c2926ab5a8d9fa1f0303289b68e516f8b5b90ad21f3f4209c909bb0ac2b37161e1db859bb49a63b75ae99d9b64b870194df91e1720e75079fcb05b59e7226fc2e21f5f62377eb6614d3ca3deae6f20b40ae553d02718821eb6a04b0945e9d9274ef292ebd4a4d85a4233ce31066901d3b63d23c481030e9e35cb67729ff3406f27da103406617df628d2b34a7426725
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000011e44a5e24e
+            Version: 3
+            TBS:
+                MD5: 1523b60530a241a9dc96e8890e42a0fa
+                SHA1: 879269f3f467a6d59641960a62fe9cb419355ff6
+                SHA256: 6811f3e33268aef810dc3277f8f9356adcbc3c36446a0420593b82f3cd526022
+                SHA384: 92f5e55d6eb6d965c1b698e56cbb8087d80eda1a24eb6ed178abeddafe2fcf524e9f8311ca232be7f5b4555b89b97c6b
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            ValidFrom: '2004-01-22 10:00:00'
+            ValidTo: '2017-01-27 11:00:00'
+            Signature: 762e2fe996fef4c3678bf1b07e321701ddb41c0f9e42d179569684be68afa554dbc7a9b55981d41cded9606baec05214fbab2b8e75f853ad91308efc04e4c58803d13f1861eab3d2b1d899f0754509ce7874d4d79e70bd120be405b64d3cf6af38c2881858a7958e7d1671e9b40df726a98f55de60ebc48d046b7b068feefea9c9c80a64240169df2f182058aa3e854c64e3e3832f860d4cf076a982c464981ec3cf5c7c863ec2ee5e9268b1483c857959e93bb4de5123d26648d1f7db967b82fac971e4caa7baca47c34b9183d3cab18f39bb38cccdc14caa9a6353051e1dd75377054d8f8ff7679b5ecebfdc4905ff7ef55180a01638d8b680a0514facf698
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000011e44a5ecbe
+            Version: 3
+            TBS:
+                MD5: 16fb30314f4f5ff4dac603580f605778
+                SHA1: 55c862df1f775f6a4c8e4f963115962a5cffc4ee
+                SHA256: aec84e1206957180ccf4e598fa10864ef4ee18ff9fc126b9a54af79c618f0492
+                SHA384: a2b0c7b9ffe6e8244a4662099132406aea0a47889ecde7b336c4f09296da2ffbb3718597a0fb570bd1e97e88a24f8fbb
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 010000000001228403475b
+            Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            Version: 1
+    Imphash: 51a803d670d7387a629e352b6fe6cf1e
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 3fd8beaf2f09124dbe58df0e7a71a369
+        SHA1: 7079a8b908f9a8ef7f2d678596991dc141ecaff4
+        SHA256: 80b2c44b2cdb74bafcc1271c5338f1d80f3621308b6c9d24d52bb28c8983677c
+    Company: REALiX(tm)
+    Copyright: "Copyright (c)1999-2011 Martin Mal\xEDk - REALiX"
+    CreationTimestamp: '2011-12-19 01:47:57'
+    Date: ''
+    Description: HWiNFO32/64 Kernel Driver
+    ExportedFunctions: ''
+    FileVersion: '8.60 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - IofCompleteRequest
+    - ZwClose
+    - ZwDeviceIoControlFile
+    - ZwOpenFile
+    - RtlInitUnicodeString
+    - IoGetDeviceObjectPointer
+    - RtlAnsiStringToUnicodeString
+    - RtlInitAnsiString
+    - KeLowerIrql
+    - KeInitializeEvent
+    - __C_specific_handler
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - MmUnmapIoSpace
+    - ExInterlockedRemoveHeadList
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeTickCount
+    - IoAllocateIrp
+    - IofCallDriver
+    - KeWaitForSingleObject
+    - IoFreeIrp
+    - KeSetEvent
+    - KeAcquireSpinLockRaiseToDpc
+    - KeReleaseSpinLock
+    - MmMapIoSpace
+    - ExAllocatePoolWithTag
+    - KeRaiseIrql
+    - ExInterlockedInsertTailList
+    - READ_PORT_UCHAR
+    - READ_PORT_ULONG
+    - READ_PORT_USHORT
+    - HalGetBusDataByOffset
+    - WRITE_PORT_ULONG
+    - WRITE_PORT_USHORT
+    - HalSetBusDataByOffset
+    - HalCallPal
+    - KeStallExecutionProcessor
+    - WRITE_PORT_UCHAR
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: HWiNFO32.SYS
+    MD5: 28042093c08db49d0e0dc1903cf46907
+    MachineType: IA64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: HWiNFO32.SYS
+    PDBPath: ''
+    Product: HWiNFO32/64 Kernel Driver
+    ProductVersion: '8.60'
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: f59ce45a9c2cf63611d807e290a9f8e7
+        SHA1: 45bbb50d93478ab17ef53a07457cab8a00489824
+        SHA256: 41a66cb92b764f0d026e2cc735d594c72d2a2bba8723fecbca21250db6683baf
+    SHA1: 74a71f4ffd335823293370a6161199e78e923de5
+    SHA256: ff1ccef7374a1a5054a6f4437e3e0504b14ed76e17090cc6b1a4ec0e2da427a5
+    Sections:
+        .text:
+            Entropy: 5.45405238897237
+            Virtual Size: '0x5f60'
+        .rdata:
+            Entropy: 3.1155888517733477
+            Virtual Size: '0x680'
+        .pdata:
+            Entropy: 3.6110533198558286
+            Virtual Size: '0x18c'
+        .srdata:
+            Entropy: 1.8583589701134358
+            Virtual Size: '0x58'
+        .sdata:
+            Entropy: 2.3623249868173946
+            Virtual Size: '0x190'
+        .data:
+            Entropy: 0.0
+            Virtual Size: '0x70'
+        INIT:
+            Entropy: 5.290544135278689
+            Virtual Size: '0x59a'
+        .rsrc:
+            Entropy: 3.4286778385903047
+            Virtual Size: '0x3a0'
+        .reloc:
+            Entropy: 0.6879064653040092
+            Virtual Size: '0x23a'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=SK, L=Bratislava, O=REALiX, CN=REALiX
+            ValidFrom: '2009-07-16 13:59:23'
+            ValidTo: '2012-07-16 13:59:20'
+            Signature: 8df4772e78f08e0872af4bc472c4ee3c2f5ece224e8b2184bf7d965af06b1c82548b3f8593f824afe1bc343a0318e42379118602ff1253b7763526d857be6cdeafe2ac497de87a76fbb6fb1fd3bbabc84f0873d357a0b9d7d51d373db582a2300f87f5004635ccd1d8d519211406cc91c5724895cdf00f3cc4cfb8f907e37a048f47a1949e92e5a2faf60149ea1d4fdbbc3a2a5e224c1163f5023b4db7611cc916601d3ca8dc74fb99cd013033777a0a3f0a4ab88c67327c9aeb1489ac814b76d3fc67e293b58e39daf6506abae275224a72b4fb1c8c7b03b4d788a93baa902be4a346aec10f6c2c64b4cd0a61286eb8c42f9b2a25277a16a0a11af612dd02af
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 010000000001228403475b
+            Version: 3
+            TBS:
+                MD5: c08c341aadc50a4843dc7f12d2b7dda6
+                SHA1: 0077567a36c455505f2cfed87b2e47d6e836fb9e
+                SHA256: 5b17af75beca4abe098882f6b4fe2ed4975f428d81b964c648b1ac5df313233b
+                SHA384: b0ad18a16f199f8ee3efc9bc5d21bb209674a4e3d1013b7943c08eeae9b47ce706da1fd8707f86dbd31651ad4a2e886c
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
+                Primary Object Publishing CA
+            ValidFrom: '1999-01-28 13:00:00'
+            ValidTo: '2017-01-27 12:00:00'
+            Signature: 4016df43e479ce76f248f698483061e2f1b452708ed8c612214d4f28831a648e03f731840f1f01d4a418fc008b2c6f1bb837fa4b97c05727b83109267832eef4e45912bd45a159e23511c0d6fc1e987ad982f990f36e07eeb0939acb31ed2c17bc921afa92cd821e2f0f31d328c03ce81c2926ab5a8d9fa1f0303289b68e516f8b5b90ad21f3f4209c909bb0ac2b37161e1db859bb49a63b75ae99d9b64b870194df91e1720e75079fcb05b59e7226fc2e21f5f62377eb6614d3ca3deae6f20b40ae553d02718821eb6a04b0945e9d9274ef292ebd4a4d85a4233ce31066901d3b63d23c481030e9e35cb67729ff3406f27da103406617df628d2b34a7426725
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000011e44a5e24e
+            Version: 3
+            TBS:
+                MD5: 1523b60530a241a9dc96e8890e42a0fa
+                SHA1: 879269f3f467a6d59641960a62fe9cb419355ff6
+                SHA256: 6811f3e33268aef810dc3277f8f9356adcbc3c36446a0420593b82f3cd526022
+                SHA384: 92f5e55d6eb6d965c1b698e56cbb8087d80eda1a24eb6ed178abeddafe2fcf524e9f8311ca232be7f5b4555b89b97c6b
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            ValidFrom: '2004-01-22 10:00:00'
+            ValidTo: '2017-01-27 11:00:00'
+            Signature: 762e2fe996fef4c3678bf1b07e321701ddb41c0f9e42d179569684be68afa554dbc7a9b55981d41cded9606baec05214fbab2b8e75f853ad91308efc04e4c58803d13f1861eab3d2b1d899f0754509ce7874d4d79e70bd120be405b64d3cf6af38c2881858a7958e7d1671e9b40df726a98f55de60ebc48d046b7b068feefea9c9c80a64240169df2f182058aa3e854c64e3e3832f860d4cf076a982c464981ec3cf5c7c863ec2ee5e9268b1483c857959e93bb4de5123d26648d1f7db967b82fac971e4caa7baca47c34b9183d3cab18f39bb38cccdc14caa9a6353051e1dd75377054d8f8ff7679b5ecebfdc4905ff7ef55180a01638d8b680a0514facf698
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000011e44a5ecbe
+            Version: 3
+            TBS:
+                MD5: 16fb30314f4f5ff4dac603580f605778
+                SHA1: 55c862df1f775f6a4c8e4f963115962a5cffc4ee
+                SHA256: aec84e1206957180ccf4e598fa10864ef4ee18ff9fc126b9a54af79c618f0492
+                SHA384: a2b0c7b9ffe6e8244a4662099132406aea0a47889ecde7b336c4f09296da2ffbb3718597a0fb570bd1e97e88a24f8fbb
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 010000000001228403475b
+            Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            Version: 1
+    Imphash: d2fa238bfc29e657ae072c3e8da62b84
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 6881883968d95a082828577d3fbff303
+        SHA1: 07bc5786187e7d6fe43f56aed0b65a045a96fd6a
+        SHA256: 02f63773cdd991c891e10044633630154ae6fa63dbfe9b35082e48d4924f2dde
+    Company: REALiX(tm)
+    Copyright: "Copyright (c)1999-2011 Martin Mal\xEDk - REALiX"
+    CreationTimestamp: '2011-05-22 14:51:10'
+    Date: ''
+    Description: HWiNFO32 Kernel Driver
+    ExportedFunctions: ''
+    FileVersion: '8.00 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - KeRaiseIrql
+    - __C_specific_handler
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - KeLowerIrql
+    - ExInterlockedRemoveHeadList
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeTickCount
+    - RtlInitUnicodeString
+    - ZwOpenFile
+    - ZwDeviceIoControlFile
+    - ZwClose
+    - IofCompleteRequest
+    - KeAcquireSpinLockRaiseToDpc
+    - KeReleaseSpinLock
+    - MmMapIoSpace
+    - ExAllocatePoolWithTag
+    - MmUnmapIoSpace
+    - ExInterlockedInsertTailList
+    - READ_PORT_UCHAR
+    - READ_PORT_ULONG
+    - READ_PORT_USHORT
+    - HalGetBusDataByOffset
+    - WRITE_PORT_ULONG
+    - WRITE_PORT_USHORT
+    - HalSetBusDataByOffset
+    - HalCallPal
+    - KeStallExecutionProcessor
+    - WRITE_PORT_UCHAR
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: HWiNFO32.SYS
+    MD5: 8602bd2326f95beecf25fded10f5bc8a
+    MachineType: IA64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: HWiNFO32.SYS
+    PDBPath: ''
+    Product: HWiNFO32 Kernel Driver
+    ProductVersion: '8.00'
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 5d4e7ab49649a192043dd9fb437a8396
+        SHA1: f8beb273ccc432992c93d1b980e68a45adb8a8fa
+        SHA256: 3bfe2a8fafb0b419414bb641ecc437981b7a2815766fb9a77ef6336533a280a9
+    SHA1: db065f44371c966abbc81eb0ddc49e037eac67de
+    SHA256: ec9bd7fb90c3a2aa4605bd73fe1f74399e2cda75fd4c5fff84660ad4f797c4fe
+    Sections:
+        .text:
+            Entropy: 5.463601343497192
+            Virtual Size: '0x57e0'
+        .rdata:
+            Entropy: 3.099534097947698
+            Virtual Size: '0x5e8'
+        .pdata:
+            Entropy: 3.6188588776271744
+            Virtual Size: '0x168'
+        .srdata:
+            Entropy: 1.7977002615286752
+            Virtual Size: '0x38'
+        .sdata:
+            Entropy: 2.3991161789109956
+            Virtual Size: '0x130'
+        .data:
+            Entropy: 0.0
+            Virtual Size: '0x30'
+        INIT:
+            Entropy: 5.269101500371755
+            Virtual Size: '0x49c'
+        .rsrc:
+            Entropy: 3.3599342260805867
+            Virtual Size: '0x398'
+        .reloc:
+            Entropy: 0.6052620389809359
+            Virtual Size: '0x1fa'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=SK, L=Bratislava, O=REALiX, CN=REALiX
+            ValidFrom: '2009-07-16 13:59:23'
+            ValidTo: '2012-07-16 13:59:20'
+            Signature: 8df4772e78f08e0872af4bc472c4ee3c2f5ece224e8b2184bf7d965af06b1c82548b3f8593f824afe1bc343a0318e42379118602ff1253b7763526d857be6cdeafe2ac497de87a76fbb6fb1fd3bbabc84f0873d357a0b9d7d51d373db582a2300f87f5004635ccd1d8d519211406cc91c5724895cdf00f3cc4cfb8f907e37a048f47a1949e92e5a2faf60149ea1d4fdbbc3a2a5e224c1163f5023b4db7611cc916601d3ca8dc74fb99cd013033777a0a3f0a4ab88c67327c9aeb1489ac814b76d3fc67e293b58e39daf6506abae275224a72b4fb1c8c7b03b4d788a93baa902be4a346aec10f6c2c64b4cd0a61286eb8c42f9b2a25277a16a0a11af612dd02af
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 010000000001228403475b
+            Version: 3
+            TBS:
+                MD5: c08c341aadc50a4843dc7f12d2b7dda6
+                SHA1: 0077567a36c455505f2cfed87b2e47d6e836fb9e
+                SHA256: 5b17af75beca4abe098882f6b4fe2ed4975f428d81b964c648b1ac5df313233b
+                SHA384: b0ad18a16f199f8ee3efc9bc5d21bb209674a4e3d1013b7943c08eeae9b47ce706da1fd8707f86dbd31651ad4a2e886c
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
+                Primary Object Publishing CA
+            ValidFrom: '1999-01-28 13:00:00'
+            ValidTo: '2017-01-27 12:00:00'
+            Signature: 4016df43e479ce76f248f698483061e2f1b452708ed8c612214d4f28831a648e03f731840f1f01d4a418fc008b2c6f1bb837fa4b97c05727b83109267832eef4e45912bd45a159e23511c0d6fc1e987ad982f990f36e07eeb0939acb31ed2c17bc921afa92cd821e2f0f31d328c03ce81c2926ab5a8d9fa1f0303289b68e516f8b5b90ad21f3f4209c909bb0ac2b37161e1db859bb49a63b75ae99d9b64b870194df91e1720e75079fcb05b59e7226fc2e21f5f62377eb6614d3ca3deae6f20b40ae553d02718821eb6a04b0945e9d9274ef292ebd4a4d85a4233ce31066901d3b63d23c481030e9e35cb67729ff3406f27da103406617df628d2b34a7426725
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000011e44a5e24e
+            Version: 3
+            TBS:
+                MD5: 1523b60530a241a9dc96e8890e42a0fa
+                SHA1: 879269f3f467a6d59641960a62fe9cb419355ff6
+                SHA256: 6811f3e33268aef810dc3277f8f9356adcbc3c36446a0420593b82f3cd526022
+                SHA384: 92f5e55d6eb6d965c1b698e56cbb8087d80eda1a24eb6ed178abeddafe2fcf524e9f8311ca232be7f5b4555b89b97c6b
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            ValidFrom: '2004-01-22 10:00:00'
+            ValidTo: '2017-01-27 11:00:00'
+            Signature: 762e2fe996fef4c3678bf1b07e321701ddb41c0f9e42d179569684be68afa554dbc7a9b55981d41cded9606baec05214fbab2b8e75f853ad91308efc04e4c58803d13f1861eab3d2b1d899f0754509ce7874d4d79e70bd120be405b64d3cf6af38c2881858a7958e7d1671e9b40df726a98f55de60ebc48d046b7b068feefea9c9c80a64240169df2f182058aa3e854c64e3e3832f860d4cf076a982c464981ec3cf5c7c863ec2ee5e9268b1483c857959e93bb4de5123d26648d1f7db967b82fac971e4caa7baca47c34b9183d3cab18f39bb38cccdc14caa9a6353051e1dd75377054d8f8ff7679b5ecebfdc4905ff7ef55180a01638d8b680a0514facf698
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000011e44a5ecbe
+            Version: 3
+            TBS:
+                MD5: 16fb30314f4f5ff4dac603580f605778
+                SHA1: 55c862df1f775f6a4c8e4f963115962a5cffc4ee
+                SHA256: aec84e1206957180ccf4e598fa10864ef4ee18ff9fc126b9a54af79c618f0492
+                SHA384: a2b0c7b9ffe6e8244a4662099132406aea0a47889ecde7b336c4f09296da2ffbb3718597a0fb570bd1e97e88a24f8fbb
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 010000000001228403475b
+            Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            Version: 1
+    Imphash: 51a803d670d7387a629e352b6fe6cf1e
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 9c6685995569d4b18567aed8d8014b7d
+        SHA1: 63927811a735f7e761a26a1063901eb77b77492b
+        SHA256: 3bf77c52cc0e6b1b0f2b8ceffaadb156673768146950401c27fbfd7e2bedd618
+    Company: REALiX(tm)
+    Copyright: "Copyright (c)1999-2008 Martin Mal\xEDk - REALiX"
+    CreationTimestamp: '2008-11-21 01:48:44'
+    Date: ''
+    Description: HWiNFO32 Kernel Driver
+    ExportedFunctions: ''
+    FileVersion: '6.70 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - KeTickCount
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - RtlInitUnicodeString
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - __C_specific_handler
+    - MmMapIoSpace
+    - MmUnmapIoSpace
+    - KeRaiseIrql
+    - KeLowerIrql
+    - IofCompleteRequest
+    - READ_PORT_UCHAR
+    - READ_PORT_ULONG
+    - READ_PORT_USHORT
+    - HalGetBusDataByOffset
+    - WRITE_PORT_ULONG
+    - WRITE_PORT_USHORT
+    - HalSetBusDataByOffset
+    - HalCallPal
+    - KeStallExecutionProcessor
+    - WRITE_PORT_UCHAR
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: HWiNFO32.SYS
+    MD5: a058cb2f78d6c44d26def1e264d67e78
+    MachineType: IA64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: HWiNFO32.SYS
+    PDBPath: ''
+    Product: HWiNFO32 Kernel Driver
+    ProductVersion: '6.70'
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 62e6b2b6428daab8daa3b4494acaa9a1
+        SHA1: 4838e86c4f7d492d81f4c153de1767a95eccb10b
+        SHA256: d4ced110d5a3b14ade09b8069867862aa2a7842dc5a03ba16db4bb9c57da7721
+    SHA1: 7b706f7db6d2e46ca532e261a296d1f6afb30f03
+    SHA256: 76af3f9fa111d694e37058606f2636430bdd378c85b94f426fbfcd6666ebe6cc
+    Sections:
+        .text:
+            Entropy: 5.465356793578808
+            Virtual Size: '0x4602'
+        .rdata:
+            Entropy: 3.0742566055822693
+            Virtual Size: '0x580'
+        .pdata:
+            Entropy: 3.5069972717607123
+            Virtual Size: '0x144'
+        .srdata:
+            Entropy: 1.9604047768631525
+            Virtual Size: '0x28'
+        .sdata:
+            Entropy: 2.3733818957525035
+            Virtual Size: '0xe0'
+        INIT:
+            Entropy: 5.1971875289773655
+            Virtual Size: '0x38a'
+        .rsrc:
+            Entropy: 3.3760557844440275
+            Virtual Size: '0x398'
+        .reloc:
+            Entropy: 0.6225863028138227
+            Virtual Size: '0x1ba'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=SK, ST=Bratislava, L=Bratislava, O=Martin Malik , REALiX, OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, CN=Martin Malik , REALiX
+            ValidFrom: '2008-07-22 00:00:00'
+            ValidTo: '2009-07-22 23:59:59'
+            Signature: 336961c46da1c9c42fe2c4a7c14c80ed473c2348bff37c89b2d8bca4e9a593fe989253117bd14d7a2664b20755f167f1d9d482194a84674d349853cd9a798623be37e0732d16c004511413dfac303c3eaaefbad9194745514d7610c30ffd589acc5625bef10a085d5208dd407f91c0f98c26edeb05b0ef94f4916d02d38c1786cf75ce233acd5d3128cf1a0b1db277816178cc5c6fcb7feac9b3c4c95c89b95315610db67fdeb160f4d46cbdfe9d0fdcd9e79f876931762a9026f6eaefc5d0aa7989b95633b9a587b7301fcd6db3b0224d8b7bb87328f55108f993e9aaff2a82711acfcfb07bc7a00fdd2dc8c8bee4db1327cf61d05bcf84cfc608fa22131ef8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 6e476474a7abff3a7b04ae741f7e6ed1
+            Version: 3
+            TBS:
+                MD5: 5b7ee623fe90fcb14bd8367d9f739b70
+                SHA1: 06cda38f916ca04cbfe060ad324e6e7fbd0ec0a5
+                SHA256: daafde68491c6923c1555360e0d42781ea0ca7d11a073b347ca2f36e62aa5bc7
+                SHA384: 19c31f0d3c5c7e8931faa9c07901efbd6db913c70f1c0c0f02a7f87fd4e6b6e401ab5072adb59f8a72d72372aeadefbc
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 6e476474a7abff3a7b04ae741f7e6ed1
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    Imphash: 66a7ec523da3903012905eb161c9e50c
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: a8e9e298989cec5c398f4d95af201924
+        SHA1: 2de4fdd95dce93c31e7774411a1aedc0b814d27e
+        SHA256: 3e62730949b6cbbaf938d9b2015fe1b84eb63322c4287d0ce2b4c6f987c2dadd
+    Company: REALiX(tm)
+    Copyright: "Copyright (c)1999-2011 Martin Mal\xEDk - REALiX"
+    CreationTimestamp: '2011-09-22 00:45:00'
+    Date: ''
+    Description: HWiNFO32/64 Kernel Driver
+    ExportedFunctions: ''
+    FileVersion: '8.50 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - IofCompleteRequest
+    - ZwClose
+    - ZwDeviceIoControlFile
+    - ZwOpenFile
+    - RtlInitUnicodeString
+    - IoGetDeviceObjectPointer
+    - RtlAnsiStringToUnicodeString
+    - RtlInitAnsiString
+    - KeLowerIrql
+    - KeInitializeEvent
+    - __C_specific_handler
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - MmUnmapIoSpace
+    - ExInterlockedRemoveHeadList
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeTickCount
+    - IoAllocateIrp
+    - IofCallDriver
+    - KeWaitForSingleObject
+    - IoFreeIrp
+    - KeSetEvent
+    - KeAcquireSpinLockRaiseToDpc
+    - KeReleaseSpinLock
+    - MmMapIoSpace
+    - ExAllocatePoolWithTag
+    - KeRaiseIrql
+    - ExInterlockedInsertTailList
+    - READ_PORT_UCHAR
+    - READ_PORT_ULONG
+    - READ_PORT_USHORT
+    - HalGetBusDataByOffset
+    - WRITE_PORT_ULONG
+    - WRITE_PORT_USHORT
+    - HalSetBusDataByOffset
+    - HalCallPal
+    - KeStallExecutionProcessor
+    - WRITE_PORT_UCHAR
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: HWiNFO32.SYS
+    MD5: 6b5a579b2039eaa97b1694468dab2119
+    MachineType: IA64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: HWiNFO32.SYS
+    PDBPath: ''
+    Product: HWiNFO32/64 Kernel Driver
+    ProductVersion: '8.50'
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: f59ce45a9c2cf63611d807e290a9f8e7
+        SHA1: 45bbb50d93478ab17ef53a07457cab8a00489824
+        SHA256: 41a66cb92b764f0d026e2cc735d594c72d2a2bba8723fecbca21250db6683baf
+    SHA1: 9d038803e4f032e02c7c4b90eedf73e50b63fa80
+    SHA256: 7125c9831a52d89d3d59fb28043b67fbe0068d69732da006fabb95550d1fa730
+    Sections:
+        .text:
+            Entropy: 5.460085646044637
+            Virtual Size: '0x5ee0'
+        .rdata:
+            Entropy: 3.0858791564841086
+            Virtual Size: '0x680'
+        .pdata:
+            Entropy: 3.6395592528546747
+            Virtual Size: '0x18c'
+        .srdata:
+            Entropy: 1.8043261575888512
+            Virtual Size: '0x58'
+        .sdata:
+            Entropy: 2.3623249868173946
+            Virtual Size: '0x190'
+        .data:
+            Entropy: 0.0
+            Virtual Size: '0x70'
+        INIT:
+            Entropy: 5.289432818651469
+            Virtual Size: '0x59a'
+        .rsrc:
+            Entropy: 3.427398645694084
+            Virtual Size: '0x3a0'
+        .reloc:
+            Entropy: 0.6879064653040092
+            Virtual Size: '0x23a'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=SK, L=Bratislava, O=REALiX, CN=REALiX
+            ValidFrom: '2009-07-16 13:59:23'
+            ValidTo: '2012-07-16 13:59:20'
+            Signature: 8df4772e78f08e0872af4bc472c4ee3c2f5ece224e8b2184bf7d965af06b1c82548b3f8593f824afe1bc343a0318e42379118602ff1253b7763526d857be6cdeafe2ac497de87a76fbb6fb1fd3bbabc84f0873d357a0b9d7d51d373db582a2300f87f5004635ccd1d8d519211406cc91c5724895cdf00f3cc4cfb8f907e37a048f47a1949e92e5a2faf60149ea1d4fdbbc3a2a5e224c1163f5023b4db7611cc916601d3ca8dc74fb99cd013033777a0a3f0a4ab88c67327c9aeb1489ac814b76d3fc67e293b58e39daf6506abae275224a72b4fb1c8c7b03b4d788a93baa902be4a346aec10f6c2c64b4cd0a61286eb8c42f9b2a25277a16a0a11af612dd02af
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 010000000001228403475b
+            Version: 3
+            TBS:
+                MD5: c08c341aadc50a4843dc7f12d2b7dda6
+                SHA1: 0077567a36c455505f2cfed87b2e47d6e836fb9e
+                SHA256: 5b17af75beca4abe098882f6b4fe2ed4975f428d81b964c648b1ac5df313233b
+                SHA384: b0ad18a16f199f8ee3efc9bc5d21bb209674a4e3d1013b7943c08eeae9b47ce706da1fd8707f86dbd31651ad4a2e886c
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
+                Primary Object Publishing CA
+            ValidFrom: '1999-01-28 13:00:00'
+            ValidTo: '2017-01-27 12:00:00'
+            Signature: 4016df43e479ce76f248f698483061e2f1b452708ed8c612214d4f28831a648e03f731840f1f01d4a418fc008b2c6f1bb837fa4b97c05727b83109267832eef4e45912bd45a159e23511c0d6fc1e987ad982f990f36e07eeb0939acb31ed2c17bc921afa92cd821e2f0f31d328c03ce81c2926ab5a8d9fa1f0303289b68e516f8b5b90ad21f3f4209c909bb0ac2b37161e1db859bb49a63b75ae99d9b64b870194df91e1720e75079fcb05b59e7226fc2e21f5f62377eb6614d3ca3deae6f20b40ae553d02718821eb6a04b0945e9d9274ef292ebd4a4d85a4233ce31066901d3b63d23c481030e9e35cb67729ff3406f27da103406617df628d2b34a7426725
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000011e44a5e24e
+            Version: 3
+            TBS:
+                MD5: 1523b60530a241a9dc96e8890e42a0fa
+                SHA1: 879269f3f467a6d59641960a62fe9cb419355ff6
+                SHA256: 6811f3e33268aef810dc3277f8f9356adcbc3c36446a0420593b82f3cd526022
+                SHA384: 92f5e55d6eb6d965c1b698e56cbb8087d80eda1a24eb6ed178abeddafe2fcf524e9f8311ca232be7f5b4555b89b97c6b
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            ValidFrom: '2004-01-22 10:00:00'
+            ValidTo: '2017-01-27 11:00:00'
+            Signature: 762e2fe996fef4c3678bf1b07e321701ddb41c0f9e42d179569684be68afa554dbc7a9b55981d41cded9606baec05214fbab2b8e75f853ad91308efc04e4c58803d13f1861eab3d2b1d899f0754509ce7874d4d79e70bd120be405b64d3cf6af38c2881858a7958e7d1671e9b40df726a98f55de60ebc48d046b7b068feefea9c9c80a64240169df2f182058aa3e854c64e3e3832f860d4cf076a982c464981ec3cf5c7c863ec2ee5e9268b1483c857959e93bb4de5123d26648d1f7db967b82fac971e4caa7baca47c34b9183d3cab18f39bb38cccdc14caa9a6353051e1dd75377054d8f8ff7679b5ecebfdc4905ff7ef55180a01638d8b680a0514facf698
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000011e44a5ecbe
+            Version: 3
+            TBS:
+                MD5: 16fb30314f4f5ff4dac603580f605778
+                SHA1: 55c862df1f775f6a4c8e4f963115962a5cffc4ee
+                SHA256: aec84e1206957180ccf4e598fa10864ef4ee18ff9fc126b9a54af79c618f0492
+                SHA384: a2b0c7b9ffe6e8244a4662099132406aea0a47889ecde7b336c4f09296da2ffbb3718597a0fb570bd1e97e88a24f8fbb
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 010000000001228403475b
+            Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            Version: 1
+    Imphash: d2fa238bfc29e657ae072c3e8da62b84
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 928b862389f2292f01a565634187fc49
+        SHA1: 7d210df06c16ca3b1ca35d6e97f89a31df303376
+        SHA256: 742b102cc69403c669244f0efcf9ac8e5bbdb9b10f35f03c743651afe5ac32ba
+    Company: REALiX(tm)
+    Copyright: "Copyright (c)1999-2010 Martin Mal\xEDk - REALiX"
+    CreationTimestamp: '2010-07-25 06:37:28'
+    Date: ''
+    Description: HWiNFO32 Kernel Driver
+    ExportedFunctions: ''
+    FileVersion: '7.70 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - KeRaiseIrql
+    - __C_specific_handler
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - KeLowerIrql
+    - ExInterlockedRemoveHeadList
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeTickCount
+    - RtlInitUnicodeString
+    - ZwOpenFile
+    - ZwDeviceIoControlFile
+    - ZwClose
+    - IofCompleteRequest
+    - KeAcquireSpinLockRaiseToDpc
+    - KeReleaseSpinLock
+    - MmMapIoSpace
+    - ExAllocatePoolWithTag
+    - MmUnmapIoSpace
+    - ExInterlockedInsertTailList
+    - READ_PORT_UCHAR
+    - READ_PORT_ULONG
+    - READ_PORT_USHORT
+    - HalGetBusDataByOffset
+    - WRITE_PORT_ULONG
+    - WRITE_PORT_USHORT
+    - HalSetBusDataByOffset
+    - HalCallPal
+    - KeStallExecutionProcessor
+    - WRITE_PORT_UCHAR
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: HWiNFO32.SYS
+    MD5: 49dbc80ecf8e331ff828b964e491621b
+    MachineType: IA64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: HWiNFO32.SYS
+    PDBPath: ''
+    Product: HWiNFO32 Kernel Driver
+    ProductVersion: '7.70'
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 5d4e7ab49649a192043dd9fb437a8396
+        SHA1: f8beb273ccc432992c93d1b980e68a45adb8a8fa
+        SHA256: 3bfe2a8fafb0b419414bb641ecc437981b7a2815766fb9a77ef6336533a280a9
+    SHA1: 9917a514887f4cbdfb0aa3a61b9b2988d9be80c6
+    SHA256: 7702f240800528d8186e3e6a26e2680486fed65a6fb5a2a000ad12c1fb61a398
+    Sections:
+        .text:
+            Entropy: 5.462802401906941
+            Virtual Size: '0x5660'
+        .rdata:
+            Entropy: 3.1099442171632043
+            Virtual Size: '0x5e8'
+        .pdata:
+            Entropy: 3.5734373183354293
+            Virtual Size: '0x168'
+        .srdata:
+            Entropy: 1.8468946812101659
+            Virtual Size: '0x38'
+        .sdata:
+            Entropy: 2.3991161789109956
+            Virtual Size: '0x130'
+        .data:
+            Entropy: 0.0
+            Virtual Size: '0x30'
+        INIT:
+            Entropy: 5.272062316111859
+            Virtual Size: '0x49c'
+        .rsrc:
+            Entropy: 3.3780569299107057
+            Virtual Size: '0x398'
+        .reloc:
+            Entropy: 0.6052620389809359
+            Virtual Size: '0x1fa'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=SK, L=Bratislava, O=REALiX, CN=REALiX
+            ValidFrom: '2009-07-16 13:59:23'
+            ValidTo: '2012-07-16 13:59:20'
+            Signature: 8df4772e78f08e0872af4bc472c4ee3c2f5ece224e8b2184bf7d965af06b1c82548b3f8593f824afe1bc343a0318e42379118602ff1253b7763526d857be6cdeafe2ac497de87a76fbb6fb1fd3bbabc84f0873d357a0b9d7d51d373db582a2300f87f5004635ccd1d8d519211406cc91c5724895cdf00f3cc4cfb8f907e37a048f47a1949e92e5a2faf60149ea1d4fdbbc3a2a5e224c1163f5023b4db7611cc916601d3ca8dc74fb99cd013033777a0a3f0a4ab88c67327c9aeb1489ac814b76d3fc67e293b58e39daf6506abae275224a72b4fb1c8c7b03b4d788a93baa902be4a346aec10f6c2c64b4cd0a61286eb8c42f9b2a25277a16a0a11af612dd02af
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 010000000001228403475b
+            Version: 3
+            TBS:
+                MD5: c08c341aadc50a4843dc7f12d2b7dda6
+                SHA1: 0077567a36c455505f2cfed87b2e47d6e836fb9e
+                SHA256: 5b17af75beca4abe098882f6b4fe2ed4975f428d81b964c648b1ac5df313233b
+                SHA384: b0ad18a16f199f8ee3efc9bc5d21bb209674a4e3d1013b7943c08eeae9b47ce706da1fd8707f86dbd31651ad4a2e886c
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
+                Primary Object Publishing CA
+            ValidFrom: '1999-01-28 13:00:00'
+            ValidTo: '2017-01-27 12:00:00'
+            Signature: 4016df43e479ce76f248f698483061e2f1b452708ed8c612214d4f28831a648e03f731840f1f01d4a418fc008b2c6f1bb837fa4b97c05727b83109267832eef4e45912bd45a159e23511c0d6fc1e987ad982f990f36e07eeb0939acb31ed2c17bc921afa92cd821e2f0f31d328c03ce81c2926ab5a8d9fa1f0303289b68e516f8b5b90ad21f3f4209c909bb0ac2b37161e1db859bb49a63b75ae99d9b64b870194df91e1720e75079fcb05b59e7226fc2e21f5f62377eb6614d3ca3deae6f20b40ae553d02718821eb6a04b0945e9d9274ef292ebd4a4d85a4233ce31066901d3b63d23c481030e9e35cb67729ff3406f27da103406617df628d2b34a7426725
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000011e44a5e24e
+            Version: 3
+            TBS:
+                MD5: 1523b60530a241a9dc96e8890e42a0fa
+                SHA1: 879269f3f467a6d59641960a62fe9cb419355ff6
+                SHA256: 6811f3e33268aef810dc3277f8f9356adcbc3c36446a0420593b82f3cd526022
+                SHA384: 92f5e55d6eb6d965c1b698e56cbb8087d80eda1a24eb6ed178abeddafe2fcf524e9f8311ca232be7f5b4555b89b97c6b
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            ValidFrom: '2004-01-22 10:00:00'
+            ValidTo: '2017-01-27 11:00:00'
+            Signature: 762e2fe996fef4c3678bf1b07e321701ddb41c0f9e42d179569684be68afa554dbc7a9b55981d41cded9606baec05214fbab2b8e75f853ad91308efc04e4c58803d13f1861eab3d2b1d899f0754509ce7874d4d79e70bd120be405b64d3cf6af38c2881858a7958e7d1671e9b40df726a98f55de60ebc48d046b7b068feefea9c9c80a64240169df2f182058aa3e854c64e3e3832f860d4cf076a982c464981ec3cf5c7c863ec2ee5e9268b1483c857959e93bb4de5123d26648d1f7db967b82fac971e4caa7baca47c34b9183d3cab18f39bb38cccdc14caa9a6353051e1dd75377054d8f8ff7679b5ecebfdc4905ff7ef55180a01638d8b680a0514facf698
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000011e44a5ecbe
+            Version: 3
+            TBS:
+                MD5: 16fb30314f4f5ff4dac603580f605778
+                SHA1: 55c862df1f775f6a4c8e4f963115962a5cffc4ee
+                SHA256: aec84e1206957180ccf4e598fa10864ef4ee18ff9fc126b9a54af79c618f0492
+                SHA384: a2b0c7b9ffe6e8244a4662099132406aea0a47889ecde7b336c4f09296da2ffbb3718597a0fb570bd1e97e88a24f8fbb
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 010000000001228403475b
+            Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            Version: 1
+    Imphash: 51a803d670d7387a629e352b6fe6cf1e
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: f15ac2bf1b7a126c79176423b87320e4
+        SHA1: 2feca887d30672e52e0d39d7adbc1ddacdd9379b
+        SHA256: de09000bb9f5f81ff6c9ba239ea2498cff4e3decf6ae0220e4b0d64c3500acf8
+    Company: REALiX(tm)
+    Copyright: "Copyright (c)1999-2009 Martin Mal\xEDk - REALiX"
+    CreationTimestamp: '2009-07-16 08:22:02'
+    Date: ''
+    Description: HWiNFO32 Kernel Driver
+    ExportedFunctions: ''
+    FileVersion: '7.20 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - IoDeleteSymbolicLink
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - KeTickCount
+    - __C_specific_handler
+    - MmMapIoSpace
+    - MmUnmapIoSpace
+    - KeRaiseIrql
+    - KeLowerIrql
+    - RtlInitUnicodeString
+    - ZwOpenFile
+    - ZwDeviceIoControlFile
+    - ZwClose
+    - IoCreateDevice
+    - IofCompleteRequest
+    - READ_PORT_UCHAR
+    - READ_PORT_ULONG
+    - READ_PORT_USHORT
+    - HalGetBusDataByOffset
+    - WRITE_PORT_ULONG
+    - WRITE_PORT_USHORT
+    - HalSetBusDataByOffset
+    - HalCallPal
+    - KeStallExecutionProcessor
+    - WRITE_PORT_UCHAR
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: HWiNFO32.SYS
+    MD5: 2293aa65ada1c1d15a1ffb596612aee3
+    MachineType: IA64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: HWiNFO32.SYS
+    PDBPath: ''
+    Product: HWiNFO32 Kernel Driver
+    ProductVersion: '7.20'
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 6fdbfc3bac2ddbbe5ab20f15ed759e6b
+        SHA1: 892537d2ca11cf4e33e0d18a2f06d16b27ff26b3
+        SHA256: c12bce87354ed261603c874802faae70173dabeb4178b392995892554698d0b9
+    SHA1: 7a6bc9fc1eb4900039ee88e099e90fc19e248257
+    SHA256: 4e54e98df13110aac41f3207e400cce2a00df29ce18c32186e536c1de25a75ce
+    Sections:
+        .text:
+            Entropy: 5.518620495680425
+            Virtual Size: '0x5202'
+        .rdata:
+            Entropy: 3.0634282017515315
+            Virtual Size: '0x580'
+        .pdata:
+            Entropy: 3.4860181353362267
+            Virtual Size: '0x144'
+        .srdata:
+            Entropy: 1.9604047768631525
+            Virtual Size: '0x28'
+        .sdata:
+            Entropy: 2.38165853193268
+            Virtual Size: '0xf8'
+        INIT:
+            Entropy: 5.200504686380647
+            Virtual Size: '0x3d2'
+        .rsrc:
+            Entropy: 3.3770380367348327
+            Virtual Size: '0x398'
+        .reloc:
+            Entropy: 0.6003700907203152
+            Virtual Size: '0x1ce'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=SK, L=Bratislava, O=REALiX, CN=REALiX
+            ValidFrom: '2009-07-16 13:59:23'
+            ValidTo: '2012-07-16 13:59:20'
+            Signature: 8df4772e78f08e0872af4bc472c4ee3c2f5ece224e8b2184bf7d965af06b1c82548b3f8593f824afe1bc343a0318e42379118602ff1253b7763526d857be6cdeafe2ac497de87a76fbb6fb1fd3bbabc84f0873d357a0b9d7d51d373db582a2300f87f5004635ccd1d8d519211406cc91c5724895cdf00f3cc4cfb8f907e37a048f47a1949e92e5a2faf60149ea1d4fdbbc3a2a5e224c1163f5023b4db7611cc916601d3ca8dc74fb99cd013033777a0a3f0a4ab88c67327c9aeb1489ac814b76d3fc67e293b58e39daf6506abae275224a72b4fb1c8c7b03b4d788a93baa902be4a346aec10f6c2c64b4cd0a61286eb8c42f9b2a25277a16a0a11af612dd02af
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 010000000001228403475b
+            Version: 3
+            TBS:
+                MD5: c08c341aadc50a4843dc7f12d2b7dda6
+                SHA1: 0077567a36c455505f2cfed87b2e47d6e836fb9e
+                SHA256: 5b17af75beca4abe098882f6b4fe2ed4975f428d81b964c648b1ac5df313233b
+                SHA384: b0ad18a16f199f8ee3efc9bc5d21bb209674a4e3d1013b7943c08eeae9b47ce706da1fd8707f86dbd31651ad4a2e886c
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
+                Primary Object Publishing CA
+            ValidFrom: '1999-01-28 13:00:00'
+            ValidTo: '2017-01-27 12:00:00'
+            Signature: 4016df43e479ce76f248f698483061e2f1b452708ed8c612214d4f28831a648e03f731840f1f01d4a418fc008b2c6f1bb837fa4b97c05727b83109267832eef4e45912bd45a159e23511c0d6fc1e987ad982f990f36e07eeb0939acb31ed2c17bc921afa92cd821e2f0f31d328c03ce81c2926ab5a8d9fa1f0303289b68e516f8b5b90ad21f3f4209c909bb0ac2b37161e1db859bb49a63b75ae99d9b64b870194df91e1720e75079fcb05b59e7226fc2e21f5f62377eb6614d3ca3deae6f20b40ae553d02718821eb6a04b0945e9d9274ef292ebd4a4d85a4233ce31066901d3b63d23c481030e9e35cb67729ff3406f27da103406617df628d2b34a7426725
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000011e44a5e24e
+            Version: 3
+            TBS:
+                MD5: 1523b60530a241a9dc96e8890e42a0fa
+                SHA1: 879269f3f467a6d59641960a62fe9cb419355ff6
+                SHA256: 6811f3e33268aef810dc3277f8f9356adcbc3c36446a0420593b82f3cd526022
+                SHA384: 92f5e55d6eb6d965c1b698e56cbb8087d80eda1a24eb6ed178abeddafe2fcf524e9f8311ca232be7f5b4555b89b97c6b
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            ValidFrom: '2004-01-22 10:00:00'
+            ValidTo: '2017-01-27 11:00:00'
+            Signature: 762e2fe996fef4c3678bf1b07e321701ddb41c0f9e42d179569684be68afa554dbc7a9b55981d41cded9606baec05214fbab2b8e75f853ad91308efc04e4c58803d13f1861eab3d2b1d899f0754509ce7874d4d79e70bd120be405b64d3cf6af38c2881858a7958e7d1671e9b40df726a98f55de60ebc48d046b7b068feefea9c9c80a64240169df2f182058aa3e854c64e3e3832f860d4cf076a982c464981ec3cf5c7c863ec2ee5e9268b1483c857959e93bb4de5123d26648d1f7db967b82fac971e4caa7baca47c34b9183d3cab18f39bb38cccdc14caa9a6353051e1dd75377054d8f8ff7679b5ecebfdc4905ff7ef55180a01638d8b680a0514facf698
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000011e44a5ecbe
+            Version: 3
+            TBS:
+                MD5: 16fb30314f4f5ff4dac603580f605778
+                SHA1: 55c862df1f775f6a4c8e4f963115962a5cffc4ee
+                SHA256: aec84e1206957180ccf4e598fa10864ef4ee18ff9fc126b9a54af79c618f0492
+                SHA384: a2b0c7b9ffe6e8244a4662099132406aea0a47889ecde7b336c4f09296da2ffbb3718597a0fb570bd1e97e88a24f8fbb
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 010000000001228403475b
+            Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            Version: 1
+    Imphash: 280d5f0b7808e698f0875e61137fcd71
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 98fb0e1bc59ed4b47f15ddb13a1aa45b
+        SHA1: 42690535d571a8b1520a96d2e8bec3236138a329
+        SHA256: c191c7d4ec03c4ef0f51a67af42a90390f75ebd6f83dbc05e317fe5a90a1fb31
+    Company: REALiX(tm)
+    Copyright: "Copyright (c)1999-2010 Martin Mal\xEDk - REALiX"
+    CreationTimestamp: '2010-09-29 16:13:28'
+    Date: ''
+    Description: HWiNFO32 Kernel Driver
+    ExportedFunctions: ''
+    FileVersion: '7.90 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - KeRaiseIrql
+    - __C_specific_handler
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - KeLowerIrql
+    - ExInterlockedRemoveHeadList
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeTickCount
+    - RtlInitUnicodeString
+    - ZwOpenFile
+    - ZwDeviceIoControlFile
+    - ZwClose
+    - IofCompleteRequest
+    - KeAcquireSpinLockRaiseToDpc
+    - KeReleaseSpinLock
+    - MmMapIoSpace
+    - ExAllocatePoolWithTag
+    - MmUnmapIoSpace
+    - ExInterlockedInsertTailList
+    - READ_PORT_UCHAR
+    - READ_PORT_ULONG
+    - READ_PORT_USHORT
+    - HalGetBusDataByOffset
+    - WRITE_PORT_ULONG
+    - WRITE_PORT_USHORT
+    - HalSetBusDataByOffset
+    - HalCallPal
+    - KeStallExecutionProcessor
+    - WRITE_PORT_UCHAR
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: HWiNFO32.SYS
+    MD5: 7ceb48348ecd008c97bb5f74bdbea843
+    MachineType: IA64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: HWiNFO32.SYS
+    PDBPath: ''
+    Product: HWiNFO32 Kernel Driver
+    ProductVersion: '7.90'
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 5d4e7ab49649a192043dd9fb437a8396
+        SHA1: f8beb273ccc432992c93d1b980e68a45adb8a8fa
+        SHA256: 3bfe2a8fafb0b419414bb641ecc437981b7a2815766fb9a77ef6336533a280a9
+    SHA1: 4146c0612ec8de7a98e20d181312b5a4ef139227
+    SHA256: 4ac08a6035cfcafdac712d7c3cf2eef6e10258f14cee6e80e1ef2f71f5045173
+    Sections:
+        .text:
+            Entropy: 5.463801262229364
+            Virtual Size: '0x5660'
+        .rdata:
+            Entropy: 3.1035461685157335
+            Virtual Size: '0x5e8'
+        .pdata:
+            Entropy: 3.5734373183354293
+            Virtual Size: '0x168'
+        .srdata:
+            Entropy: 1.8468946812101659
+            Virtual Size: '0x38'
+        .sdata:
+            Entropy: 2.3991161789109956
+            Virtual Size: '0x130'
+        .data:
+            Entropy: 0.0
+            Virtual Size: '0x30'
+        INIT:
+            Entropy: 5.272062316111859
+            Virtual Size: '0x49c'
+        .rsrc:
+            Entropy: 3.384894423449242
+            Virtual Size: '0x398'
+        .reloc:
+            Entropy: 0.6052620389809359
+            Virtual Size: '0x1fa'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=SK, L=Bratislava, O=REALiX, CN=REALiX
+            ValidFrom: '2009-07-16 13:59:23'
+            ValidTo: '2012-07-16 13:59:20'
+            Signature: 8df4772e78f08e0872af4bc472c4ee3c2f5ece224e8b2184bf7d965af06b1c82548b3f8593f824afe1bc343a0318e42379118602ff1253b7763526d857be6cdeafe2ac497de87a76fbb6fb1fd3bbabc84f0873d357a0b9d7d51d373db582a2300f87f5004635ccd1d8d519211406cc91c5724895cdf00f3cc4cfb8f907e37a048f47a1949e92e5a2faf60149ea1d4fdbbc3a2a5e224c1163f5023b4db7611cc916601d3ca8dc74fb99cd013033777a0a3f0a4ab88c67327c9aeb1489ac814b76d3fc67e293b58e39daf6506abae275224a72b4fb1c8c7b03b4d788a93baa902be4a346aec10f6c2c64b4cd0a61286eb8c42f9b2a25277a16a0a11af612dd02af
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 010000000001228403475b
+            Version: 3
+            TBS:
+                MD5: c08c341aadc50a4843dc7f12d2b7dda6
+                SHA1: 0077567a36c455505f2cfed87b2e47d6e836fb9e
+                SHA256: 5b17af75beca4abe098882f6b4fe2ed4975f428d81b964c648b1ac5df313233b
+                SHA384: b0ad18a16f199f8ee3efc9bc5d21bb209674a4e3d1013b7943c08eeae9b47ce706da1fd8707f86dbd31651ad4a2e886c
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
+                Primary Object Publishing CA
+            ValidFrom: '1999-01-28 13:00:00'
+            ValidTo: '2017-01-27 12:00:00'
+            Signature: 4016df43e479ce76f248f698483061e2f1b452708ed8c612214d4f28831a648e03f731840f1f01d4a418fc008b2c6f1bb837fa4b97c05727b83109267832eef4e45912bd45a159e23511c0d6fc1e987ad982f990f36e07eeb0939acb31ed2c17bc921afa92cd821e2f0f31d328c03ce81c2926ab5a8d9fa1f0303289b68e516f8b5b90ad21f3f4209c909bb0ac2b37161e1db859bb49a63b75ae99d9b64b870194df91e1720e75079fcb05b59e7226fc2e21f5f62377eb6614d3ca3deae6f20b40ae553d02718821eb6a04b0945e9d9274ef292ebd4a4d85a4233ce31066901d3b63d23c481030e9e35cb67729ff3406f27da103406617df628d2b34a7426725
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000011e44a5e24e
+            Version: 3
+            TBS:
+                MD5: 1523b60530a241a9dc96e8890e42a0fa
+                SHA1: 879269f3f467a6d59641960a62fe9cb419355ff6
+                SHA256: 6811f3e33268aef810dc3277f8f9356adcbc3c36446a0420593b82f3cd526022
+                SHA384: 92f5e55d6eb6d965c1b698e56cbb8087d80eda1a24eb6ed178abeddafe2fcf524e9f8311ca232be7f5b4555b89b97c6b
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            ValidFrom: '2004-01-22 10:00:00'
+            ValidTo: '2017-01-27 11:00:00'
+            Signature: 762e2fe996fef4c3678bf1b07e321701ddb41c0f9e42d179569684be68afa554dbc7a9b55981d41cded9606baec05214fbab2b8e75f853ad91308efc04e4c58803d13f1861eab3d2b1d899f0754509ce7874d4d79e70bd120be405b64d3cf6af38c2881858a7958e7d1671e9b40df726a98f55de60ebc48d046b7b068feefea9c9c80a64240169df2f182058aa3e854c64e3e3832f860d4cf076a982c464981ec3cf5c7c863ec2ee5e9268b1483c857959e93bb4de5123d26648d1f7db967b82fac971e4caa7baca47c34b9183d3cab18f39bb38cccdc14caa9a6353051e1dd75377054d8f8ff7679b5ecebfdc4905ff7ef55180a01638d8b680a0514facf698
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000011e44a5ecbe
+            Version: 3
+            TBS:
+                MD5: 16fb30314f4f5ff4dac603580f605778
+                SHA1: 55c862df1f775f6a4c8e4f963115962a5cffc4ee
+                SHA256: aec84e1206957180ccf4e598fa10864ef4ee18ff9fc126b9a54af79c618f0492
+                SHA384: a2b0c7b9ffe6e8244a4662099132406aea0a47889ecde7b336c4f09296da2ffbb3718597a0fb570bd1e97e88a24f8fbb
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 010000000001228403475b
+            Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            Version: 1
+    Imphash: 51a803d670d7387a629e352b6fe6cf1e
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: d7f92dde8fdeaebe0e1d6f2a64d19222
+        SHA1: f1e0b049757aa5278fa27dc11569077aec71241f
+        SHA256: 52b9302507bccd7eb775137a4c17b0df9a5a99671968c01924cd0c52a0c69262
+    Company: REALiX(tm)
+    Copyright: "Copyright (c)1999-2010 Martin Mal\xEDk - REALiX"
+    CreationTimestamp: '2010-06-20 11:16:25'
+    Date: ''
+    Description: HWiNFO32 Kernel Driver
+    ExportedFunctions: ''
+    FileVersion: '7.50 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - KeRaiseIrql
+    - __C_specific_handler
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - KeLowerIrql
+    - ExInterlockedRemoveHeadList
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeTickCount
+    - RtlInitUnicodeString
+    - ZwOpenFile
+    - ZwDeviceIoControlFile
+    - ZwClose
+    - IofCompleteRequest
+    - KeAcquireSpinLockRaiseToDpc
+    - KeReleaseSpinLock
+    - MmMapIoSpace
+    - ExAllocatePoolWithTag
+    - MmUnmapIoSpace
+    - ExInterlockedInsertTailList
+    - READ_PORT_UCHAR
+    - READ_PORT_ULONG
+    - READ_PORT_USHORT
+    - HalGetBusDataByOffset
+    - WRITE_PORT_ULONG
+    - WRITE_PORT_USHORT
+    - HalSetBusDataByOffset
+    - HalCallPal
+    - KeStallExecutionProcessor
+    - WRITE_PORT_UCHAR
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: HWiNFO32.SYS
+    MD5: 52c7dac60d4b5c673441da38983df4ad
+    MachineType: IA64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: HWiNFO32.SYS
+    PDBPath: ''
+    Product: HWiNFO32 Kernel Driver
+    ProductVersion: '7.50'
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 5d4e7ab49649a192043dd9fb437a8396
+        SHA1: f8beb273ccc432992c93d1b980e68a45adb8a8fa
+        SHA256: 3bfe2a8fafb0b419414bb641ecc437981b7a2815766fb9a77ef6336533a280a9
+    SHA1: 712c1d34ea7883e79bc5714d14065a27607fe219
+    SHA256: 8dcec67a1f4903981c3e0ab938784c2f241e041e26748e1c22059e0e507cfb37
+    Sections:
+        .text:
+            Entropy: 5.523597494035855
+            Virtual Size: '0x5a30'
+        .rdata:
+            Entropy: 3.1193674975685135
+            Virtual Size: '0x5e0'
+        .pdata:
+            Entropy: 3.6190033374750774
+            Virtual Size: '0x168'
+        .srdata:
+            Entropy: 1.8468946812101659
+            Virtual Size: '0x38'
+        .sdata:
+            Entropy: 2.3991161789109956
+            Virtual Size: '0x130'
+        .data:
+            Entropy: 0.0
+            Virtual Size: '0x30'
+        INIT:
+            Entropy: 5.273757231366097
+            Virtual Size: '0x49c'
+        .rsrc:
+            Entropy: 3.3843160876061558
+            Virtual Size: '0x398'
+        .reloc:
+            Entropy: 0.5863303988495302
+            Virtual Size: '0x20e'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=SK, L=Bratislava, O=REALiX, CN=REALiX
+            ValidFrom: '2009-07-16 13:59:23'
+            ValidTo: '2012-07-16 13:59:20'
+            Signature: 8df4772e78f08e0872af4bc472c4ee3c2f5ece224e8b2184bf7d965af06b1c82548b3f8593f824afe1bc343a0318e42379118602ff1253b7763526d857be6cdeafe2ac497de87a76fbb6fb1fd3bbabc84f0873d357a0b9d7d51d373db582a2300f87f5004635ccd1d8d519211406cc91c5724895cdf00f3cc4cfb8f907e37a048f47a1949e92e5a2faf60149ea1d4fdbbc3a2a5e224c1163f5023b4db7611cc916601d3ca8dc74fb99cd013033777a0a3f0a4ab88c67327c9aeb1489ac814b76d3fc67e293b58e39daf6506abae275224a72b4fb1c8c7b03b4d788a93baa902be4a346aec10f6c2c64b4cd0a61286eb8c42f9b2a25277a16a0a11af612dd02af
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 010000000001228403475b
+            Version: 3
+            TBS:
+                MD5: c08c341aadc50a4843dc7f12d2b7dda6
+                SHA1: 0077567a36c455505f2cfed87b2e47d6e836fb9e
+                SHA256: 5b17af75beca4abe098882f6b4fe2ed4975f428d81b964c648b1ac5df313233b
+                SHA384: b0ad18a16f199f8ee3efc9bc5d21bb209674a4e3d1013b7943c08eeae9b47ce706da1fd8707f86dbd31651ad4a2e886c
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
+                Primary Object Publishing CA
+            ValidFrom: '1999-01-28 13:00:00'
+            ValidTo: '2017-01-27 12:00:00'
+            Signature: 4016df43e479ce76f248f698483061e2f1b452708ed8c612214d4f28831a648e03f731840f1f01d4a418fc008b2c6f1bb837fa4b97c05727b83109267832eef4e45912bd45a159e23511c0d6fc1e987ad982f990f36e07eeb0939acb31ed2c17bc921afa92cd821e2f0f31d328c03ce81c2926ab5a8d9fa1f0303289b68e516f8b5b90ad21f3f4209c909bb0ac2b37161e1db859bb49a63b75ae99d9b64b870194df91e1720e75079fcb05b59e7226fc2e21f5f62377eb6614d3ca3deae6f20b40ae553d02718821eb6a04b0945e9d9274ef292ebd4a4d85a4233ce31066901d3b63d23c481030e9e35cb67729ff3406f27da103406617df628d2b34a7426725
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000011e44a5e24e
+            Version: 3
+            TBS:
+                MD5: 1523b60530a241a9dc96e8890e42a0fa
+                SHA1: 879269f3f467a6d59641960a62fe9cb419355ff6
+                SHA256: 6811f3e33268aef810dc3277f8f9356adcbc3c36446a0420593b82f3cd526022
+                SHA384: 92f5e55d6eb6d965c1b698e56cbb8087d80eda1a24eb6ed178abeddafe2fcf524e9f8311ca232be7f5b4555b89b97c6b
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            ValidFrom: '2004-01-22 10:00:00'
+            ValidTo: '2017-01-27 11:00:00'
+            Signature: 762e2fe996fef4c3678bf1b07e321701ddb41c0f9e42d179569684be68afa554dbc7a9b55981d41cded9606baec05214fbab2b8e75f853ad91308efc04e4c58803d13f1861eab3d2b1d899f0754509ce7874d4d79e70bd120be405b64d3cf6af38c2881858a7958e7d1671e9b40df726a98f55de60ebc48d046b7b068feefea9c9c80a64240169df2f182058aa3e854c64e3e3832f860d4cf076a982c464981ec3cf5c7c863ec2ee5e9268b1483c857959e93bb4de5123d26648d1f7db967b82fac971e4caa7baca47c34b9183d3cab18f39bb38cccdc14caa9a6353051e1dd75377054d8f8ff7679b5ecebfdc4905ff7ef55180a01638d8b680a0514facf698
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000011e44a5ecbe
+            Version: 3
+            TBS:
+                MD5: 16fb30314f4f5ff4dac603580f605778
+                SHA1: 55c862df1f775f6a4c8e4f963115962a5cffc4ee
+                SHA256: aec84e1206957180ccf4e598fa10864ef4ee18ff9fc126b9a54af79c618f0492
+                SHA384: a2b0c7b9ffe6e8244a4662099132406aea0a47889ecde7b336c4f09296da2ffbb3718597a0fb570bd1e97e88a24f8fbb
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 010000000001228403475b
+            Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            Version: 1
+    Imphash: 51a803d670d7387a629e352b6fe6cf1e
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: ebf591cbc6be4ee0a92cda76d0594fff
+        SHA1: 6b517a42b4d9cce99091f6a67f9100ed1d7f3c62
+        SHA256: 13d7c729c019c1c5a4b3e9fb27d1dd0b992fb7099f4314e011aafcb3472b7107
+    Company: REALiX(tm)
+    Copyright: "Copyright (c)1999-2011 Martin Mal\xEDk - REALiX"
+    CreationTimestamp: '2011-08-23 01:06:20'
+    Date: ''
+    Description: HWiNFO32 Kernel Driver
+    ExportedFunctions: ''
+    FileVersion: '8.30 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - IofCompleteRequest
+    - ZwClose
+    - ZwDeviceIoControlFile
+    - ZwOpenFile
+    - RtlInitUnicodeString
+    - IoGetDeviceObjectPointer
+    - RtlAnsiStringToUnicodeString
+    - RtlInitAnsiString
+    - KeLowerIrql
+    - KeRaiseIrql
+    - KeInitializeEvent
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - MmUnmapIoSpace
+    - ExInterlockedRemoveHeadList
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeTickCount
+    - IoAllocateIrp
+    - IofCallDriver
+    - KeWaitForSingleObject
+    - IoFreeIrp
+    - KeSetEvent
+    - KeAcquireSpinLockRaiseToDpc
+    - KeReleaseSpinLock
+    - MmMapIoSpace
+    - ExAllocatePoolWithTag
+    - __C_specific_handler
+    - ExInterlockedInsertTailList
+    - READ_PORT_UCHAR
+    - READ_PORT_ULONG
+    - READ_PORT_USHORT
+    - HalGetBusDataByOffset
+    - WRITE_PORT_ULONG
+    - WRITE_PORT_USHORT
+    - HalSetBusDataByOffset
+    - HalCallPal
+    - KeStallExecutionProcessor
+    - WRITE_PORT_UCHAR
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: HWiNFO32.SYS
+    MD5: ecbc7e628a7ea22a3b90d9b16a948707
+    MachineType: IA64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: HWiNFO32.SYS
+    PDBPath: ''
+    Product: HWiNFO32 Kernel Driver
+    ProductVersion: '8.30'
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: c971695bf5c8b443588c57eb4d4aba35
+        SHA1: ac672d07a6447a409d772ce6ffad40d6d36499bc
+        SHA256: 0354e293bca60af1461b66f14abe5db9435b7a263b813084f90af161fde56642
+    SHA1: 61c88c44d20e79c5d39109d1d91ac8e9ed3c46ad
+    SHA256: 6701433861742c08eb50f1e785962378143ad5b6c374ac29118168599f8a0f1c
+    Sections:
+        .text:
+            Entropy: 5.46011657052177
+            Virtual Size: '0x5ee0'
+        .rdata:
+            Entropy: 3.096488004471368
+            Virtual Size: '0x680'
+        .pdata:
+            Entropy: 3.6395592528546747
+            Virtual Size: '0x18c'
+        .srdata:
+            Entropy: 1.8043261575888512
+            Virtual Size: '0x58'
+        .sdata:
+            Entropy: 2.3623249868173946
+            Virtual Size: '0x190'
+        .data:
+            Entropy: 0.0
+            Virtual Size: '0x70'
+        INIT:
+            Entropy: 5.289432818651469
+            Virtual Size: '0x59a'
+        .rsrc:
+            Entropy: 3.3824753337870868
+            Virtual Size: '0x398'
+        .reloc:
+            Entropy: 0.6958390817943604
+            Virtual Size: '0x232'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=SK, L=Bratislava, O=REALiX, CN=REALiX
+            ValidFrom: '2009-07-16 13:59:23'
+            ValidTo: '2012-07-16 13:59:20'
+            Signature: 8df4772e78f08e0872af4bc472c4ee3c2f5ece224e8b2184bf7d965af06b1c82548b3f8593f824afe1bc343a0318e42379118602ff1253b7763526d857be6cdeafe2ac497de87a76fbb6fb1fd3bbabc84f0873d357a0b9d7d51d373db582a2300f87f5004635ccd1d8d519211406cc91c5724895cdf00f3cc4cfb8f907e37a048f47a1949e92e5a2faf60149ea1d4fdbbc3a2a5e224c1163f5023b4db7611cc916601d3ca8dc74fb99cd013033777a0a3f0a4ab88c67327c9aeb1489ac814b76d3fc67e293b58e39daf6506abae275224a72b4fb1c8c7b03b4d788a93baa902be4a346aec10f6c2c64b4cd0a61286eb8c42f9b2a25277a16a0a11af612dd02af
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 010000000001228403475b
+            Version: 3
+            TBS:
+                MD5: c08c341aadc50a4843dc7f12d2b7dda6
+                SHA1: 0077567a36c455505f2cfed87b2e47d6e836fb9e
+                SHA256: 5b17af75beca4abe098882f6b4fe2ed4975f428d81b964c648b1ac5df313233b
+                SHA384: b0ad18a16f199f8ee3efc9bc5d21bb209674a4e3d1013b7943c08eeae9b47ce706da1fd8707f86dbd31651ad4a2e886c
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
+                Primary Object Publishing CA
+            ValidFrom: '1999-01-28 13:00:00'
+            ValidTo: '2017-01-27 12:00:00'
+            Signature: 4016df43e479ce76f248f698483061e2f1b452708ed8c612214d4f28831a648e03f731840f1f01d4a418fc008b2c6f1bb837fa4b97c05727b83109267832eef4e45912bd45a159e23511c0d6fc1e987ad982f990f36e07eeb0939acb31ed2c17bc921afa92cd821e2f0f31d328c03ce81c2926ab5a8d9fa1f0303289b68e516f8b5b90ad21f3f4209c909bb0ac2b37161e1db859bb49a63b75ae99d9b64b870194df91e1720e75079fcb05b59e7226fc2e21f5f62377eb6614d3ca3deae6f20b40ae553d02718821eb6a04b0945e9d9274ef292ebd4a4d85a4233ce31066901d3b63d23c481030e9e35cb67729ff3406f27da103406617df628d2b34a7426725
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000011e44a5e24e
+            Version: 3
+            TBS:
+                MD5: 1523b60530a241a9dc96e8890e42a0fa
+                SHA1: 879269f3f467a6d59641960a62fe9cb419355ff6
+                SHA256: 6811f3e33268aef810dc3277f8f9356adcbc3c36446a0420593b82f3cd526022
+                SHA384: 92f5e55d6eb6d965c1b698e56cbb8087d80eda1a24eb6ed178abeddafe2fcf524e9f8311ca232be7f5b4555b89b97c6b
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            ValidFrom: '2004-01-22 10:00:00'
+            ValidTo: '2017-01-27 11:00:00'
+            Signature: 762e2fe996fef4c3678bf1b07e321701ddb41c0f9e42d179569684be68afa554dbc7a9b55981d41cded9606baec05214fbab2b8e75f853ad91308efc04e4c58803d13f1861eab3d2b1d899f0754509ce7874d4d79e70bd120be405b64d3cf6af38c2881858a7958e7d1671e9b40df726a98f55de60ebc48d046b7b068feefea9c9c80a64240169df2f182058aa3e854c64e3e3832f860d4cf076a982c464981ec3cf5c7c863ec2ee5e9268b1483c857959e93bb4de5123d26648d1f7db967b82fac971e4caa7baca47c34b9183d3cab18f39bb38cccdc14caa9a6353051e1dd75377054d8f8ff7679b5ecebfdc4905ff7ef55180a01638d8b680a0514facf698
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000011e44a5ecbe
+            Version: 3
+            TBS:
+                MD5: 16fb30314f4f5ff4dac603580f605778
+                SHA1: 55c862df1f775f6a4c8e4f963115962a5cffc4ee
+                SHA256: aec84e1206957180ccf4e598fa10864ef4ee18ff9fc126b9a54af79c618f0492
+                SHA384: a2b0c7b9ffe6e8244a4662099132406aea0a47889ecde7b336c4f09296da2ffbb3718597a0fb570bd1e97e88a24f8fbb
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 010000000001228403475b
+            Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            Version: 1
+    Imphash: 925dac5c06451818cb2c5e37de425af9
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: e3038d0db9de4a5e65cb1a4f2c887572
+        SHA1: 61c0d4dc5608e82740b906755d53c0e34ef2ec58
+        SHA256: a082cdb569b9f1f82252402fa05785fd409222912d5b9e5423299819e6f940ed
+    Company: REALiX(tm)
+    Copyright: "Copyright (c)1999-2010 Martin Mal\xEDk - REALiX"
+    CreationTimestamp: '2010-02-16 14:45:04'
+    Date: ''
+    Description: HWiNFO32 Kernel Driver
+    ExportedFunctions: ''
+    FileVersion: '7.30 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - IoDeleteSymbolicLink
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - KeTickCount
+    - __C_specific_handler
+    - MmMapIoSpace
+    - MmUnmapIoSpace
+    - KeRaiseIrql
+    - KeLowerIrql
+    - RtlInitUnicodeString
+    - ZwOpenFile
+    - ZwDeviceIoControlFile
+    - ZwClose
+    - IoCreateDevice
+    - IofCompleteRequest
+    - READ_PORT_UCHAR
+    - READ_PORT_ULONG
+    - READ_PORT_USHORT
+    - HalGetBusDataByOffset
+    - WRITE_PORT_ULONG
+    - WRITE_PORT_USHORT
+    - HalSetBusDataByOffset
+    - HalCallPal
+    - KeStallExecutionProcessor
+    - WRITE_PORT_UCHAR
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: HWiNFO32.SYS
+    MD5: a57afed9703b5893fbfee5f9710b8aee
+    MachineType: IA64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: HWiNFO32.SYS
+    PDBPath: ''
+    Product: HWiNFO32 Kernel Driver
+    ProductVersion: '7.30'
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 6fdbfc3bac2ddbbe5ab20f15ed759e6b
+        SHA1: 892537d2ca11cf4e33e0d18a2f06d16b27ff26b3
+        SHA256: c12bce87354ed261603c874802faae70173dabeb4178b392995892554698d0b9
+    SHA1: cc48296d367e57a6523be40237f4a5ec6cc3d1a5
+    SHA256: 1b17d12076d047e74d15e6e51e10497ad49419bec7fbe93386c57d3efbaadc0b
+    Sections:
+        .text:
+            Entropy: 5.518699866362356
+            Virtual Size: '0x5202'
+        .rdata:
+            Entropy: 3.0657263053732686
+            Virtual Size: '0x580'
+        .pdata:
+            Entropy: 3.4860181353362267
+            Virtual Size: '0x144'
+        .srdata:
+            Entropy: 1.9604047768631525
+            Virtual Size: '0x28'
+        .sdata:
+            Entropy: 2.38165853193268
+            Virtual Size: '0xf8'
+        INIT:
+            Entropy: 5.200504686380647
+            Virtual Size: '0x3d2'
+        .rsrc:
+            Entropy: 3.3793659817892636
+            Virtual Size: '0x398'
+        .reloc:
+            Entropy: 0.6003700907203152
+            Virtual Size: '0x1ce'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=SK, L=Bratislava, O=REALiX, CN=REALiX
+            ValidFrom: '2009-07-16 13:59:23'
+            ValidTo: '2012-07-16 13:59:20'
+            Signature: 8df4772e78f08e0872af4bc472c4ee3c2f5ece224e8b2184bf7d965af06b1c82548b3f8593f824afe1bc343a0318e42379118602ff1253b7763526d857be6cdeafe2ac497de87a76fbb6fb1fd3bbabc84f0873d357a0b9d7d51d373db582a2300f87f5004635ccd1d8d519211406cc91c5724895cdf00f3cc4cfb8f907e37a048f47a1949e92e5a2faf60149ea1d4fdbbc3a2a5e224c1163f5023b4db7611cc916601d3ca8dc74fb99cd013033777a0a3f0a4ab88c67327c9aeb1489ac814b76d3fc67e293b58e39daf6506abae275224a72b4fb1c8c7b03b4d788a93baa902be4a346aec10f6c2c64b4cd0a61286eb8c42f9b2a25277a16a0a11af612dd02af
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 010000000001228403475b
+            Version: 3
+            TBS:
+                MD5: c08c341aadc50a4843dc7f12d2b7dda6
+                SHA1: 0077567a36c455505f2cfed87b2e47d6e836fb9e
+                SHA256: 5b17af75beca4abe098882f6b4fe2ed4975f428d81b964c648b1ac5df313233b
+                SHA384: b0ad18a16f199f8ee3efc9bc5d21bb209674a4e3d1013b7943c08eeae9b47ce706da1fd8707f86dbd31651ad4a2e886c
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
+                Primary Object Publishing CA
+            ValidFrom: '1999-01-28 13:00:00'
+            ValidTo: '2017-01-27 12:00:00'
+            Signature: 4016df43e479ce76f248f698483061e2f1b452708ed8c612214d4f28831a648e03f731840f1f01d4a418fc008b2c6f1bb837fa4b97c05727b83109267832eef4e45912bd45a159e23511c0d6fc1e987ad982f990f36e07eeb0939acb31ed2c17bc921afa92cd821e2f0f31d328c03ce81c2926ab5a8d9fa1f0303289b68e516f8b5b90ad21f3f4209c909bb0ac2b37161e1db859bb49a63b75ae99d9b64b870194df91e1720e75079fcb05b59e7226fc2e21f5f62377eb6614d3ca3deae6f20b40ae553d02718821eb6a04b0945e9d9274ef292ebd4a4d85a4233ce31066901d3b63d23c481030e9e35cb67729ff3406f27da103406617df628d2b34a7426725
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000011e44a5e24e
+            Version: 3
+            TBS:
+                MD5: 1523b60530a241a9dc96e8890e42a0fa
+                SHA1: 879269f3f467a6d59641960a62fe9cb419355ff6
+                SHA256: 6811f3e33268aef810dc3277f8f9356adcbc3c36446a0420593b82f3cd526022
+                SHA384: 92f5e55d6eb6d965c1b698e56cbb8087d80eda1a24eb6ed178abeddafe2fcf524e9f8311ca232be7f5b4555b89b97c6b
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            ValidFrom: '2004-01-22 10:00:00'
+            ValidTo: '2017-01-27 11:00:00'
+            Signature: 762e2fe996fef4c3678bf1b07e321701ddb41c0f9e42d179569684be68afa554dbc7a9b55981d41cded9606baec05214fbab2b8e75f853ad91308efc04e4c58803d13f1861eab3d2b1d899f0754509ce7874d4d79e70bd120be405b64d3cf6af38c2881858a7958e7d1671e9b40df726a98f55de60ebc48d046b7b068feefea9c9c80a64240169df2f182058aa3e854c64e3e3832f860d4cf076a982c464981ec3cf5c7c863ec2ee5e9268b1483c857959e93bb4de5123d26648d1f7db967b82fac971e4caa7baca47c34b9183d3cab18f39bb38cccdc14caa9a6353051e1dd75377054d8f8ff7679b5ecebfdc4905ff7ef55180a01638d8b680a0514facf698
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000011e44a5ecbe
+            Version: 3
+            TBS:
+                MD5: 16fb30314f4f5ff4dac603580f605778
+                SHA1: 55c862df1f775f6a4c8e4f963115962a5cffc4ee
+                SHA256: aec84e1206957180ccf4e598fa10864ef4ee18ff9fc126b9a54af79c618f0492
+                SHA384: a2b0c7b9ffe6e8244a4662099132406aea0a47889ecde7b336c4f09296da2ffbb3718597a0fb570bd1e97e88a24f8fbb
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 010000000001228403475b
+            Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            Version: 1
+    Imphash: 280d5f0b7808e698f0875e61137fcd71
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/22aa985b-5fdb-4e38-9382-a496220c27ec.yaml b/yaml/22aa985b-5fdb-4e38-9382-a496220c27ec.yaml
index b788eb45a..851fa8e85 100644
--- a/yaml/22aa985b-5fdb-4e38-9382-a496220c27ec.yaml
+++ b/yaml/22aa985b-5fdb-4e38-9382-a496220c27ec.yaml
@@ -1,895 +1,896 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 22aa985b-5fdb-4e38-9382-a496220c27ec
+Tags:
+- TmComm.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create TmComm.sys binPath=C:\windows\temp\TmComm.sys type=kernel
-    && sc.exe start TmComm.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/cc687fe3741bbde1dd142eac0ef59fd1d4457daee43cdde23bb162ef28d04e64.yara
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: 22aa985b-5fdb-4e38-9382-a496220c27ec
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 2d7f04ca689981b18fb8a4488e029843
-    SHA1: 6c0af836a89234e9a69363495719b686fbad8d7d
-    SHA256: d580349730ace5170e7c33850bdcb37cbf16b70d0d1adc2568fdd223c2a55a77
-  Company: Trend Micro Inc.
-  Copyright: Copyright  (C)  2018 Trend Micro Incorporated. All rights reserved.
-  CreationTimestamp: '2018-04-09 04:08:57'
-  Date: ''
-  Description: TrendMicro Common Module
-  ExportedFunctions:
-  - ??0CAutoUpdateConfigThread@@QEAA@AEBV0@@Z
-  - ??0CAutoUpdateConfigThread@@QEAA@PEAU_UNICODE_STRING@@P6AX0PEAX@Z1@Z
-  - ??0CBlobConfig@@QEAA@AEBV0@@Z
-  - ??0CBlobConfig@@QEAA@K@Z
-  - ??0CContext@@QEAA@AEBV0@@Z
-  - ??0CContext@@QEAA@KP6AJPEAU_EVENT_REPORT@@PEAXPEAU_TMCE_REPORT@@PEAU_TMCE_FEEDBACK@@@Z1K@Z
-  - ??0CContextList@@QEAA@AEBV0@@Z
-  - ??0CContextList@@QEAA@KPEAVIMemoryAllocator@@@Z
-  - ??0CDebugLog@@QEAA@AEBV0@@Z
-  - ??0CDebugLog@@QEAA@PEBG@Z
-  - ??0CDebugLogEx@@QEAA@AEBV0@@Z
-  - ??0CDebugLogEx@@QEAA@K@Z
-  - ??0CDelayLoadThread@@QEAA@AEBV0@@Z
-  - ??0CDelayLoadThread@@QEAA@XZ
-  - ??0CExclusionExtConfig@@QEAA@AEBV0@@Z
-  - ??0CExclusionExtConfig@@QEAA@KKE@Z
-  - ??0CExclusionFileNameConfig@@QEAA@AEBV0@@Z
-  - ??0CExclusionFileNameConfig@@QEAA@KK@Z
-  - ??0CExclusionFilePathConfig@@QEAA@AEBV0@@Z
-  - ??0CExclusionFilePathConfig@@QEAA@KK@Z
-  - ??0CExclusionFolderConfig@@QEAA@AEBV0@@Z
-  - ??0CExclusionFolderConfig@@QEAA@KK@Z
-  - ??0CExclusionRegistryConfig@@QEAA@AEBV0@@Z
-  - ??0CExclusionRegistryConfig@@QEAA@KK@Z
-  - ??0CFile@@QEAA@AEBV0@@Z
-  - ??0CFile@@QEAA@E@Z
-  - ??0CFileExtension@@QEAA@AEBV0@@Z
-  - ??0CFileExtension@@QEAA@KEEPEAVIMemoryAllocator@@@Z
-  - ??0CInclusionExtConfig@@QEAA@AEBV0@@Z
-  - ??0CInclusionExtConfig@@QEAA@KKE@Z
-  - ??0CInclusionFileNameConfig@@QEAA@AEBV0@@Z
-  - ??0CInclusionFileNameConfig@@QEAA@KK@Z
-  - ??0CInclusionFilePathConfig@@QEAA@AEBV0@@Z
-  - ??0CInclusionFilePathConfig@@QEAA@KK@Z
-  - ??0CInclusionFolderConfig@@QEAA@AEBV0@@Z
-  - ??0CInclusionFolderConfig@@QEAA@KK@Z
-  - ??0CKEvent@@QEAA@AEBV0@@Z
-  - ??0CKEvent@@QEAA@W4_EVENT_TYPE@@E@Z
-  - ??0CList@@QEAA@AEBV0@@Z
-  - ??0CList@@QEAA@KPEAVIMemoryAllocator@@@Z
-  - ??0CLockEvent@@QEAA@AEBV0@@Z
-  - ??0CLockEvent@@QEAA@XZ
-  - ??0CLockList@@QEAA@AEBV0@@Z
-  - ??0CLockList@@QEAA@KKPEAVIMemoryAllocator@@@Z
-  - ??0CMemoryAllocator@@IEAA@W4_POOL_TYPE@@K@Z
-  - ??0CMemoryAllocator@@QEAA@AEBV0@@Z
-  - ??0CMemoryPoolAllocator@@IEAA@W4_POOL_TYPE@@_K1K@Z
-  - ??0CMemoryPoolAllocator@@QEAA@AEBV0@@Z
-  - ??0CModuleConfig@@QEAA@AEBV0@@Z
-  - ??0CModuleConfig@@QEAA@XZ
-  - ??0CModuleConfigList@@QEAA@AEBV0@@Z
-  - ??0CModuleConfigList@@QEAA@KPEAVIMemoryAllocator@@@Z
-  - ??0CModuleFileExtConfig@@QEAA@AEBV0@@Z
-  - ??0CModuleFileExtConfig@@QEAA@KKE@Z
-  - ??0CModuleFlagConfig@@QEAA@AEBV0@@Z
-  - ??0CModuleFlagConfig@@QEAA@K@Z
-  - ??0CModuleMultiStringConfig@@QEAA@AEBV0@@Z
-  - ??0CModuleMultiStringConfig@@QEAA@KK@Z
-  - ??0CModuleStringConfig@@QEAA@AEBV0@@Z
-  - ??0CModuleStringConfig@@QEAA@K@Z
-  - ??0CNoLockList@@QEAA@AEBV0@@Z
-  - ??0CNoLockList@@QEAA@KKPEAVIMemoryAllocator@@@Z
-  - ??0CSmartLock@@QEAA@AEAVCLockEvent@@@Z
-  - ??0CSmartLock@@QEAA@XZ
-  - ??0CSmartReference@@QEAA@AEAJ@Z
-  - ??0CSmartReference@@QEAA@AEAK@Z
-  - ??0CSmartResource@@QEAA@AEAVCResource@@E@Z
-  - ??0CStrList@@QEAA@AEBV0@@Z
-  - ??0CStrList@@QEAA@KPEAVIMemoryAllocator@@@Z
-  - ??0CSystemThread@@QEAA@AEBV0@@Z
-  - ??0CSystemThread@@QEAA@K@Z
-  - ??0CUserFuncAdapterJob@@QEAA@AEBV0@@Z
-  - ??0CUserFuncAdapterJob@@QEAA@P6AXPEAX@Z01@Z
-  - ??0CWorkerThread@@IEAA@PEAVCWorkerThreadJobQueue@@@Z
-  - ??0CWorkerThread@@QEAA@AEBV0@@Z
-  - ??0CWorkerThreadJob@@QEAA@AEBV0@@Z
-  - ??0CWorkerThreadJob@@QEAA@E@Z
-  - ??0CWorkerThreadJobQueue@@QEAA@AEBV0@@Z
-  - ??0CWorkerThreadJobQueue@@QEAA@K@Z
-  - ??0CWorkerThreadPool@@QEAA@AEBV0@@Z
-  - ??0CWorkerThreadPool@@QEAA@K@Z
-  - ??0CWorkerThreadPoolEx@@QEAA@AEBV0@@Z
-  - ??0CWorkerThreadPoolEx@@QEAA@KK@Z
-  - ??0IMemoryAllocator@@QEAA@AEBV0@@Z
-  - ??0IMemoryAllocator@@QEAA@XZ
-  - ??1CAutoUpdateConfigThread@@UEAA@XZ
-  - ??1CBlobConfig@@UEAA@XZ
-  - ??1CContext@@UEAA@XZ
-  - ??1CContextList@@UEAA@XZ
-  - ??1CDebugLog@@UEAA@XZ
-  - ??1CDebugLogEx@@UEAA@XZ
-  - ??1CDelayLoadThread@@UEAA@XZ
-  - ??1CExclusionExtConfig@@UEAA@XZ
-  - ??1CExclusionFileNameConfig@@UEAA@XZ
-  - ??1CExclusionFilePathConfig@@UEAA@XZ
-  - ??1CExclusionFolderConfig@@UEAA@XZ
-  - ??1CExclusionRegistryConfig@@UEAA@XZ
-  - ??1CFile@@UEAA@XZ
-  - ??1CFileExtension@@UEAA@XZ
-  - ??1CInclusionExtConfig@@UEAA@XZ
-  - ??1CInclusionFileNameConfig@@UEAA@XZ
-  - ??1CInclusionFilePathConfig@@UEAA@XZ
-  - ??1CInclusionFolderConfig@@UEAA@XZ
-  - ??1CKEvent@@UEAA@XZ
-  - ??1CList@@UEAA@XZ
-  - ??1CLockEvent@@UEAA@XZ
-  - ??1CLockList@@UEAA@XZ
-  - ??1CMemoryAllocator@@UEAA@XZ
-  - ??1CMemoryPoolAllocator@@UEAA@XZ
-  - ??1CModuleConfig@@UEAA@XZ
-  - ??1CModuleConfigList@@UEAA@XZ
-  - ??1CModuleFileExtConfig@@UEAA@XZ
-  - ??1CModuleFlagConfig@@UEAA@XZ
-  - ??1CModuleMultiStringConfig@@UEAA@XZ
-  - ??1CModuleStringConfig@@UEAA@XZ
-  - ??1CNoLockList@@UEAA@XZ
-  - ??1CSmartLock@@QEAA@XZ
-  - ??1CSmartReference@@QEAA@XZ
-  - ??1CSmartResource@@QEAA@XZ
-  - ??1CStrList@@UEAA@XZ
-  - ??1CSystemThread@@UEAA@XZ
-  - ??1CUserFuncAdapterJob@@UEAA@XZ
-  - ??1CWorkerThread@@UEAA@XZ
-  - ??1CWorkerThreadJob@@UEAA@XZ
-  - ??1CWorkerThreadJobQueue@@UEAA@XZ
-  - ??1CWorkerThreadPool@@UEAA@XZ
-  - ??1CWorkerThreadPoolEx@@UEAA@XZ
-  - ??1IMemoryAllocator@@UEAA@XZ
-  - ??2@YAPEAX_KPEAVIMemoryAllocator@@PEBDK@Z
-  - ??2CMemoryAllocator@@SAPEAX_K@Z
-  - ??2CMemoryPoolAllocator@@SAPEAX_K@Z
-  - ??3@YAXPEAX@Z
-  - ??3@YAXPEAX_K@Z
-  - ??3IMemoryAllocator@@SAXPEAX@Z
-  - ??4CAutoUpdateConfigThread@@QEAAAEAV0@AEBV0@@Z
-  - ??4CBlobConfig@@QEAAAEAV0@AEBV0@@Z
-  - ??4CContext@@QEAAAEAV0@AEBV0@@Z
-  - ??4CDebugLog@@QEAAAEAV0@AEBV0@@Z
-  - ??4CDebugLogEx@@QEAAAEAV0@AEBV0@@Z
-  - ??4CDelayLoadThread@@QEAAAEAV0@AEBV0@@Z
-  - ??4CFile@@QEAAAEAV0@AEBV0@@Z
-  - ??4CKEvent@@QEAAAEAV0@AEBV0@@Z
-  - ??4CLockEvent@@QEAAAEAV0@AEBV0@@Z
-  - ??4CMemoryAllocator@@QEAAAEAV0@AEBV0@@Z
-  - ??4CMemoryPoolAllocator@@QEAAAEAV0@AEBV0@@Z
-  - ??4CModuleConfig@@QEAAAEAV0@AEBV0@@Z
-  - ??4CModuleFlagConfig@@QEAAAEAV0@AEBV0@@Z
-  - ??4CModuleStringConfig@@QEAAAEAV0@AEBV0@@Z
-  - ??4CSmartLock@@QEAAAEAV0@AEBV0@@Z
-  - ??4CSmartLock@@QEAAAEBV0@AEAVCLockEvent@@@Z
-  - ??4CSmartResource@@QEAAAEAV0@AEBV0@@Z
-  - ??4CSystemThread@@QEAAAEAV0@AEBV0@@Z
-  - ??4CUserFuncAdapterJob@@QEAAAEAV0@AEBV0@@Z
-  - ??4CWorkerThread@@QEAAAEAV0@AEBV0@@Z
-  - ??4CWorkerThreadJob@@QEAAAEAV0@AEBV0@@Z
-  - ??4IMemoryAllocator@@QEAAAEAV0@AEBV0@@Z
-  - ??_7CAutoUpdateConfigThread@@6B@
-  - ??_7CBlobConfig@@6B@
-  - ??_7CContext@@6B@
-  - ??_7CContextList@@6B@
-  - ??_7CDebugLog@@6B@
-  - ??_7CDebugLogEx@@6B@
-  - ??_7CDelayLoadThread@@6B@
-  - ??_7CExclusionExtConfig@@6B@
-  - ??_7CExclusionFileNameConfig@@6B@
-  - ??_7CExclusionFilePathConfig@@6B@
-  - ??_7CExclusionFolderConfig@@6B@
-  - ??_7CExclusionRegistryConfig@@6B@
-  - ??_7CFile@@6B@
-  - ??_7CFileExtension@@6B@
-  - ??_7CInclusionExtConfig@@6B@
-  - ??_7CInclusionFileNameConfig@@6B@
-  - ??_7CInclusionFilePathConfig@@6B@
-  - ??_7CInclusionFolderConfig@@6B@
-  - ??_7CKEvent@@6B@
-  - ??_7CList@@6B@
-  - ??_7CLockEvent@@6B@
-  - ??_7CLockList@@6B@
-  - ??_7CMemoryAllocator@@6B@
-  - ??_7CMemoryPoolAllocator@@6B@
-  - ??_7CModuleConfig@@6B@
-  - ??_7CModuleConfigList@@6B@
-  - ??_7CModuleFileExtConfig@@6B@
-  - ??_7CModuleFlagConfig@@6B@
-  - ??_7CModuleMultiStringConfig@@6B@
-  - ??_7CModuleStringConfig@@6B@
-  - ??_7CNoLockList@@6B@
-  - ??_7CStrList@@6B@
-  - ??_7CSystemThread@@6B@
-  - ??_7CUserFuncAdapterJob@@6B@
-  - ??_7CWorkerThread@@6B@
-  - ??_7CWorkerThreadJob@@6B@
-  - ??_7CWorkerThreadJobQueue@@6B@
-  - ??_7CWorkerThreadPool@@6B@
-  - ??_7CWorkerThreadPoolEx@@6B@
-  - ??_7IMemoryAllocator@@6B@
-  - ??_FCContextList@@QEAAXXZ
-  - ??_FCFile@@QEAAXXZ
-  - ??_FCFileExtension@@QEAAXXZ
-  - ??_FCModuleConfigList@@QEAAXXZ
-  - ??_FCStrList@@QEAAXXZ
-  - ??_FCSystemThread@@QEAAXXZ
-  - ??_FCWorkerThread@@QEAAXXZ
-  - ??_FCWorkerThreadJob@@QEAAXXZ
-  - ??_FCWorkerThreadJobQueue@@QEAAXXZ
-  - ??_U@YAPEAX_KPEAVIMemoryAllocator@@PEBDK@Z
-  - ??_V@YAXPEAX@Z
-  - ??_V@YAXPEAX_K@Z
-  - ?Acquire@CLockEvent@@QEAAXXZ
-  - ?Add@CContextList@@QEAAEPEAVCContext@@@Z
-  - ?Add@CFileExtension@@QEAAEPEBGK@Z
-  - ?Add@CModuleConfigList@@QEAAEPEAVCModuleConfig@@@Z
-  - ?Add@CStrList@@QEAAEPEBG@Z
-  - ?AddNode@CLockList@@UEAAEQEAXE@Z
-  - ?AddNode@CNoLockList@@UEAAEQEAXE@Z
-  - ?Alloc@CMemoryAllocator@@UEAAPEAX_KPEBDK@Z
-  - ?Alloc@CMemoryPoolAllocator@@UEAAPEAX_KPEBDK@Z
-  - ?AllocBlock@CMemoryPoolAllocator@@IEAAPEAX_K@Z
-  - ?AttachJobQueue@CWorkerThread@@QEAAXPEAVCWorkerThreadJobQueue@@@Z
-  - ?Cancel@CWorkerThreadJob@@QEAAXXZ
-  - ?CheckNode@CLockList@@UEAAHQEAX@Z
-  - ?CheckNode@CNoLockList@@UEAAHQEAX@Z
-  - ?CleanQueue@CWorkerThreadJobQueue@@QEAAXXZ
-  - ?Cleanup@CBlobConfig@@AEAAXXZ
-  - ?Cleanup@CModuleFileExtConfig@@IEAAXXZ
-  - ?Cleanup@CModuleMultiStringConfig@@IEAAXXZ
-  - ?Cleanup@CModuleStringConfig@@AEAAXXZ
-  - ?Close@CFile@@QEAAJXZ
-  - ?Count@CLockList@@QEAAKXZ
-  - ?Count@CNoLockList@@QEAAKXZ
-  - ?Create@CFile@@QEAAJPEBGKKKK@Z
-  - ?Create@CSystemThread@@QEAAEXZ
-  - ?CreateInstance@CMemoryAllocator@@SAPEAV1@W4_POOL_TYPE@@K@Z
-  - ?CreateInstance@CMemoryPoolAllocator@@SAPEAV1@W4_POOL_TYPE@@_K1K@Z
-  - ?CreatePool@CWorkerThreadPool@@QEAAEXZ
-  - ?CreatePool@CWorkerThreadPoolEx@@QEAAEXZ
-  - ?CreateThreads@CWorkerThreadPool@@QEAAEK@Z
-  - ?CreateThreads@CWorkerThreadPoolEx@@QEAAEK@Z
-  - ?CreateWIRP@CFile@@QEAAJPEBGKKKK@Z
-  - ?Delete@CFile@@QEAAJXZ
-  - ?Delete@CFileExtension@@QEAAEPEBGK@Z
-  - ?Delete@CStrList@@QEAAEPEBG@Z
-  - ?DeleteAll@CList@@UEAAXXZ
-  - ?DeleteAll@CLockList@@UEAAXXZ
-  - ?DeleteAll@CNoLockList@@UEAAXXZ
-  - ?DeleteNode@CContextList@@MEAAXPEAX@Z
-  - ?DeleteNode@CList@@UEAAXPEAX@Z
-  - ?DeleteNode@CModuleConfigList@@MEAAXPEAX@Z
-  - ?DeleteNode@CStrList@@EEAAXPEAU_STR_LIST_NODE@1@@Z
-  - ?DisableWriteProtectFromCR0@@YAXPEAPEAX@Z
-  - ?DoIt@CWorkerThreadJob@@QEAAJXZ
-  - ?EntryPoint@CSystemThread@@KAXPEAX@Z
-  - ?Find@CContextList@@QEAAPEAVCContext@@K@Z
-  - ?Find@CContextList@@QEAAPEAVCContext@@PEAX@Z
-  - ?Find@CFileExtension@@QEAAPEAU_STR_LIST_NODE@CStrList@@PEBGK@Z
-  - ?Find@CModuleConfigList@@QEAAPEAVCModuleConfig@@K@Z
-  - ?Find@CStrList@@QEAAPEAU_STR_LIST_NODE@1@PEBG@Z
-  - ?FindNode@CContextList@@IEAAPEAXPEAX@Z
-  - ?FindPartiallyAndAllMatch@CStrList@@QEAAPEAU_STR_LIST_NODE@1@PEBG@Z
-  - ?FinishFunction@CUserFuncAdapterJob@@MEAAXXZ
-  - ?FinishIt@CWorkerThreadJob@@QEAAJXZ
-  - ?First@CList@@UEAAPEAXXZ
-  - ?First@CLockList@@UEAAPEAXXZ
-  - ?First@CNoLockList@@UEAAPEAXXZ
-  - ?Free@CMemoryAllocator@@UEAAXPEAX@Z
-  - ?Free@CMemoryPoolAllocator@@UEAAXPEAX@Z
-  - ?GetAttributes@CFile@@QEAAKXZ
-  - ?GetBasicInfomration@CFile@@IEAAJXZ
-  - ?GetBlobCofig@CContext@@UEAAJKPEAXPEAK@Z
-  - ?GetCategory@CContext@@QEAAKXZ
-  - ?GetData@CBlobConfig@@QEAAHPEAXPEAK@Z
-  - ?GetData@CModuleFileExtConfig@@QEAAHPEAGPEAK@Z
-  - ?GetData@CModuleFileExtConfig@@QEAAPEAVCFileExtension@@XZ
-  - ?GetData@CModuleFlagConfig@@QEAAKXZ
-  - ?GetData@CModuleMultiStringConfig@@QEAAHPEAGPEAK@Z
-  - ?GetData@CModuleMultiStringConfig@@QEAAPEAVCStrList@@XZ
-  - ?GetData@CModuleStringConfig@@QEAAPEAGXZ
-  - ?GetData@CStrList@@QEAAEPEAGPEAK@Z
-  - ?GetDataType@CModuleConfig@@QEAAKXZ
-  - ?GetEngineContext@CContext@@QEAAPEAXXZ
-  - ?GetFileExtensionConfig@CContext@@QEAAPEAVCFileExtension@@K@Z
-  - ?GetFileExtensionConfig@CContext@@UEAAJKPEAGPEAK@Z
-  - ?GetFileSize@CFile@@QEAAJPEAT_LARGE_INTEGER@@@Z
-  - ?GetFileSizeWIRP@CFile@@QEAAJPEAT_LARGE_INTEGER@@@Z
-  - ?GetFlagConfig@CContext@@UEAAJKPEAK@Z
-  - ?GetID@CModuleConfig@@QEAAKXZ
-  - ?GetJob@CWorkerThreadJobQueue@@QEAAPEAVCWorkerThreadJob@@XZ
-  - ?GetLength@CModuleStringConfig@@QEAAKXZ
-  - ?GetLinkContext@CContext@@QEAAPEAXXZ
-  - ?GetLogFlag@CDebugLog@@QEAAKXZ
-  - ?GetLogFlag@CDebugLogEx@@QEAAKXZ
-  - ?GetModuleId@CModuleConfig@@QEAAKXZ
-  - ?GetMultiStringConfig@CContext@@QEAAPEAVCStrList@@K@Z
-  - ?GetMultiStringConfig@CContext@@UEAAJKPEAGPEAK@Z
-  - ?GetOneThreadTEB@CWorkerThreadPool@@QEAAPEAU_ETHREAD@@XZ
-  - ?GetOneThreadTEB@CWorkerThreadPool@@QEAAPEAU_KTHREAD@@XZ
-  - ?GetOneThreadTEB@CWorkerThreadPoolEx@@QEAAPEAU_ETHREAD@@XZ
-  - ?GetOneThreadTEB@CWorkerThreadPoolEx@@QEAAPEAU_KTHREAD@@XZ
-  - ?GetReportCallBackRoutine@CContext@@QEAA_KXZ
-  - ?GetSize@CBlobConfig@@QEAAKXZ
-  - ?GetStringConfig@CContext@@QEAAPEAGK@Z
-  - ?GetStringConfig@CContext@@UEAAJKPEAGPEAK@Z
-  - ?GetThreadCount@CWorkerThreadPool@@QEAAKXZ
-  - ?GetThreadCount@CWorkerThreadPoolEx@@QEAAKXZ
-  - ?GetThreadID@CSystemThread@@QEAA_KXZ
-  - ?GetType@CContext@@QEAAKXZ
-  - ?GetUserParameter@CContext@@QEAA_KXZ
-  - ?InitProcMon@CDebugLogEx@@IEAAXXZ
-  - ?InitializeBlobConfig@CContext@@QEAAHKPEAXK@Z
-  - ?InitializeFileExtensionConfig@CContext@@QEAAHKPEBG@Z
-  - ?InitializeFlagConfig@CContext@@QEAAHKK@Z
-  - ?InitializeMultiStringConfig@CContext@@QEAAHKPEBG@Z
-  - ?InitializeStringConfig@CContext@@QEAAHKPEBG@Z
-  - ?Insert@CList@@UEAAXQEAXE@Z
-  - ?Insert@CLockList@@UEAAXQEAXE@Z
-  - ?Insert@CNoLockList@@UEAAXQEAXE@Z
-  - ?InsertAfter@CList@@UEAAXPEAX0@Z
-  - ?InsertBefore@CList@@UEAAXPEAX0@Z
-  - ?Instance@CWorkerThreadPool@@SAPEAV1@XZ
-  - ?IsEmpty@CList@@UEAAEXZ
-  - ?IsEmpty@CLockList@@UEAAEXZ
-  - ?IsEmpty@CNoLockList@@UEAAEXZ
-  - ?IsExceedLimitation@CMemoryPoolAllocator@@IEAAEK@Z
-  - ?IsFull@CLockList@@QEBAEXZ
-  - ?IsFull@CNoLockList@@QEBAEXZ
-  - ?IsInExclusionList@CExclusionExtConfig@@QEAAEPEBG@Z
-  - ?IsInExclusionList@CExclusionFileNameConfig@@QEAAEPEBG@Z
-  - ?IsInExclusionList@CExclusionFilePathConfig@@QEAAEPEBG@Z
-  - ?IsInExclusionList@CExclusionFolderConfig@@QEAAEPEBG@Z
-  - ?IsInExclusionList@CExclusionRegistryConfig@@QEAAEPEBG@Z
-  - ?IsInInclusionList@CInclusionExtConfig@@QEAAEPEBG@Z
-  - ?IsInInclusionList@CInclusionFileNameConfig@@QEAAEPEBG@Z
-  - ?IsInInclusionList@CInclusionFilePathConfig@@QEAAEPEBG@Z
-  - ?IsInInclusionList@CInclusionFolderConfig@@QEAAEPEBG@Z
-  - ?IsOpened@CFile@@QEAAEXZ
-  - ?IsTerminated@CWorkerThreadPool@@QEAAEXZ
-  - ?IsTerminated@CWorkerThreadPoolEx@@QEAAEXZ
-  - ?IsValid@CMemoryAllocator@@UEAAEXZ
-  - ?IsValid@CMemoryPoolAllocator@@UEAAEXZ
-  - ?IsValid@IMemoryAllocator@@UEAAEXZ
-  - ?IsWorkerThread@CWorkerThreadPool@@QEAAE_K@Z
-  - ?IsWorkerThread@CWorkerThreadPoolEx@@QEAAE_K@Z
-  - ?JobFunction@CUserFuncAdapterJob@@MEAAXXZ
-  - ?JobQueue@CWorkerThreadPool@@QEAAAEAVCWorkerThreadJobQueue@@XZ
-  - ?JobQueue@CWorkerThreadPoolEx@@QEAAAEAVCWorkerThreadJobQueue@@XZ
-  - ?Limit@CLockList@@QEAAKXZ
-  - ?Limit@CNoLockList@@QEAAKXZ
-  - ?MatchAllExtensions@CFileExtension@@QEAAEXZ
-  - ?MatchNoExtensions@CFileExtension@@QEAAEXZ
-  - ?MergeLeft@CMemoryPoolAllocator@@IEAAPEAXPEAX@Z
-  - ?MergeRight@CMemoryPoolAllocator@@IEAAPEAXPEAX@Z
-  - ?NeedDelete@CWorkerThreadJob@@QEAAEXZ
-  - ?NeedDeleteWhenFinish@CWorkerThreadJob@@QEAAXE@Z
-  - ?NewNode@CList@@UEAAPEAXXZ
-  - ?NewNode@CStrList@@EEAAPEAXXZ
-  - ?NewNodeVariant@CList@@IEAAPEAXK@Z
-  - ?Next@CList@@UEBAPEAXQEAX@Z
-  - ?Next@CLockList@@UEBAPEAXQEAX@Z
-  - ?Next@CNoLockList@@UEBAPEAXQEAX@Z
-  - ?NextPool@CMemoryPoolAllocator@@QEAAPEAV1@XZ
-  - ?NotityTerminate@CWorkerThread@@QEAAXXZ
-  - ?PostJobToWorkerThread@CWorkerThreadPool@@QEAAJP6AXPEAX@Z0E@Z
-  - ?PostJobToWorkerThread@CWorkerThreadPoolEx@@QEAAJP6AXPEAX@Z0E1@Z
-  - ?Pulse@CKEvent@@QEAAJJE@Z
-  - ?QueueJob@CWorkerThreadJobQueue@@QEAAEPEAVCWorkerThreadJob@@@Z
-  - ?QueueJobItem@CWorkerThreadPool@@QEAAJPEAVCWorkerThreadJob@@@Z
-  - ?QueueJobItem@CWorkerThreadPoolEx@@QEAAJPEAVCWorkerThreadJob@@@Z
-  - ?RCMInstance@CWorkerThreadPool@@SAPEAV1@XZ
-  - ?Read@CFile@@QEAAJPEADKPEAK@Z
-  - ?ReadWIRP@CFile@@QEAAJPEADKPEAK@Z
-  - ?ReferenceCount@CContext@@QEAAAEAKXZ
-  - ?Release@CLockEvent@@QEAAXXZ
-  - ?Remove@CContextList@@UEAAEQEAX@Z
-  - ?Remove@CList@@UEAAEQEAX@Z
-  - ?Remove@CLockList@@UEAAEQEAX@Z
-  - ?Remove@CNoLockList@@UEAAEQEAX@Z
-  - ?RemoveHead@CList@@UEAAPEAXXZ
-  - ?RemoveHead@CLockList@@UEAAPEAXXZ
-  - ?RemoveHead@CNoLockList@@UEAAPEAXXZ
-  - ?RemoveTail@CList@@UEAAPEAXXZ
-  - ?RemoveTail@CLockList@@UEAAPEAXXZ
-  - ?RemoveTail@CNoLockList@@UEAAPEAXXZ
-  - ?Reset@CKEvent@@QEAAXXZ
-  - ?ResetData@CInclusionExtConfig@@QEAAXXZ
-  - ?ResetData@CInclusionFileNameConfig@@QEAAXXZ
-  - ?ResetData@CInclusionFilePathConfig@@QEAAXXZ
-  - ?ResetData@CInclusionFolderConfig@@QEAAXXZ
-  - ?RestoreCR0@@YAXPEAX@Z
-  - ?Run@CAutoUpdateConfigThread@@UEAAXXZ
-  - ?Run@CDelayLoadThread@@UEAAXXZ
-  - ?Run@CWorkerThread@@UEAAXXZ
-  - ?SeekToEnd@CFile@@QEAAJXZ
-  - ?Set@CKEvent@@QEAAJJE@Z
-  - ?SetAttributes@CFile@@QEAAJK@Z
-  - ?SetBlobCofig@CContext@@UEAAJKPEAXK@Z
-  - ?SetData@CBlobConfig@@QEAAHPEAXK@Z
-  - ?SetData@CModuleFileExtConfig@@QEAAHPEBG@Z
-  - ?SetData@CModuleFlagConfig@@QEAAHK@Z
-  - ?SetData@CModuleMultiStringConfig@@QEAAHPEBGK@Z
-  - ?SetData@CModuleStringConfig@@QEAAHPEBG@Z
-  - ?SetEngineContext@CContext@@QEAAXPEAX@Z
-  - ?SetFileExtensionConfig@CContext@@UEAAJKPEBG@Z
-  - ?SetFlagConfig@CContext@@UEAAJKK@Z
-  - ?SetLinkContext@CContext@@QEAAXPEAX@Z
-  - ?SetLogFlag@CDebugLog@@QEAAEK@Z
-  - ?SetLogFlag@CDebugLogEx@@QEAAEK@Z
-  - ?SetMatchAllExtensions@CFileExtension@@QEAAXE@Z
-  - ?SetMatchNoExtensions@CFileExtension@@QEAAXE@Z
-  - ?SetMultiStringConfig@CContext@@UEAAJKPEBG@Z
-  - ?SetNewJobItemEvent@CWorkerThreadJobQueue@@QEAAXXZ
-  - ?SetPriority@CSystemThread@@QEAAXK@Z
-  - ?SetStopUse@CContext@@QEAAXXZ
-  - ?SetStringConfig@CContext@@UEAAJKPEBG@Z
-  - ?Setup@CSystemThread@@MEAAXXZ
-  - ?StopUse@CContext@@QEAAHXZ
-  - ?TearDown@CSystemThread@@MEAAXXZ
-  - ?Terminate@CSystemThread@@QEAAXE@Z
-  - ?Terminate@CWorkerThreadPool@@QEAAEXZ
-  - ?Terminate@CWorkerThreadPoolEx@@QEAAEXZ
-  - ?TmExceptionFilter@@YAJPEAU_EXCEPTION_POINTERS@@@Z
-  - ?Wait@CKEvent@@QEAAJPEAT_LARGE_INTEGER@@E@Z
-  - ?WaitFinish@CWorkerThreadJob@@QEAAXXZ
-  - ?WaitForInit@CDelayLoadThread@@QEAAEXZ
-  - ?WaitForLoad@CDelayLoadThread@@QEAAEXZ
-  - ?WaitNewJobAvailable@CWorkerThreadJobQueue@@QEAAEXZ
-  - ?WaitQueueEmpty@CWorkerThreadJobQueue@@QEAAXXZ
-  - ?Write@CDebugLog@@QEAAXPEBDZZ
-  - ?Write@CDebugLogEx@@QEAAXPEBDZZ
-  - ?Write@CFile@@QEAAJPEADKPEAT_LARGE_INTEGER@@PEAK@Z
-  - ?WriteDataToFile@CDebugLogEx@@IEAAXPEADK@Z
-  - ?WriteDataToProcMonW@CDebugLogEx@@IEAAXPEAD@Z
-  - ?WriteSystemInformation@CDebugLog@@QEAAXXZ
-  - ?WriteSystemInformation@CDebugLogEx@@QEAAXXZ
-  - ?WriteSystemStringInformation@CDebugLog@@IEAAXPEBG@Z
-  - ?WriteSystemStringInformation@CDebugLogEx@@IEAAXPEBG@Z
-  - ?WriteToFile@CDebugLog@@IEAAXPEADK@Z
-  - ?WriteToProcMonW@CDebugLogEx@@IEAAXPEAU_UNICODE_STRING@@@Z
-  - ?_pNonPagedAllocator@@3PEAVCMemoryAllocator@@EA
-  - ?_pPagedAllocator@@3PEAVCMemoryAllocator@@EA
-  - ?m_lpInstance@CWorkerThreadPool@@1PEAV1@EA
-  - ?m_lpRCMInstance@CWorkerThreadPool@@1PEAV1@EA
-  - AllocFullFileName
-  - DeInitKm2UmCommunication
-  - DeInitKmLPC
-  - DuplicateFullFileName
-  - FreeFullFileName
-  - GetKm2UmMode
-  - GetModuleInfoByAddress
-  - GetModuleInfoByModuleName
-  - InitKm2UmCommunication
-  - InitKmLPC
-  - IsVerifierCodeCheckFlagOn
-  - IsWindows8_1_update
-  - KmCallUm
-  - KmCallUmByLPC
-  - KmCallUmEx
-  - KmCleanupCommPortAPIs
-  - KmGetUmInitProcess
-  - KmSetBackupCommPortAPIs
-  - KmSetCommPortAPIs
-  - ModGetExportProcAddress
-  - ModLoadDLLToBuffer
-  - ModLoadDLLToBufferWithImageSize
-  - ModLoadModule
-  - ModUnLoadModule
-  - NormalizeFileName
-  - NormalizeFullNtPathToDosName
-  - TmCommConfigRoutine
-  - UtilAddDeviceInDriveTable
-  - UtilAddReparsePointMapping
-  - UtilCleanFileReadOnly
-  - UtilCloseExclusiveHandle
-  - UtilCreateDosFileName
-  - UtilDeleteFileForce
-  - UtilGetDeviceObjectName
-  - UtilGetFileNameFromFileObject
-  - UtilGetFileObjectForProcessByEPROC
-  - UtilGetFileObjectFromFileName
-  - UtilGetProcessName
-  - UtilGetSystemDirectory
-  - UtilGetSystemDirectoryEx
-  - UtilGetSystemDirectoryLength
-  - UtilGetSystemTime
-  - UtilIoSetFileInfo
-  - UtilIopCreateFileIRP
-  - UtilKeGetLowFileDevice
-  - UtilModuleIATHook
-  - UtilModuleIATUnHook
-  - UtilPostJobToWorkerThread
-  - UtilQueryExclusiveHandle
-  - UtilQueryKeyValue
-  - UtilRemoveDeviceFromDriveTable
-  - UtilVolumeDeviceToDosName
-  - UtilWaitValueChangeToZero
-  - UtilWriteVersionToRegistry
-  - UtilbuildDynamicDiskMappingTable
-  - UtlWriteBinValueKeyToRegistry
-  - ValidateAddressWithSize
-  - _ResetProtectFromClose
-  - _UtilDosPathNameToNtPathName
-  FileVersion: 7.30.0.1099
-  Filename: TmComm.sys
-  ImportedFunctions:
-  - RtlInitUnicodeString
-  - KeInitializeEvent
-  - KeClearEvent
-  - KeSetEvent
-  - KeEnterCriticalRegion
-  - KeLeaveCriticalRegion
-  - KeWaitForSingleObject
-  - ExFreePoolWithTag
-  - ExAcquireFastMutexUnsafe
-  - ExReleaseFastMutexUnsafe
-  - ProbeForRead
-  - ProbeForWrite
-  - ExAcquireResourceSharedLite
-  - ExAcquireResourceExclusiveLite
-  - ExReleaseResourceLite
-  - MmProbeAndLockPages
-  - MmUnlockPages
-  - MmMapLockedPagesSpecifyCache
-  - IoAllocateMdl
-  - IoFreeMdl
-  - IoGetCurrentProcess
-  - ObfReferenceObject
-  - ObfDereferenceObject
-  - ZwClose
-  - ZwCreateSection
-  - ZwOpenSection
-  - ZwMapViewOfSection
-  - ZwUnmapViewOfSection
-  - ZwOpenEvent
-  - KePulseEvent
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - ObOpenObjectByPointer
-  - ZwAllocateVirtualMemory
-  - ZwFreeVirtualMemory
-  - ZwSetEvent
-  - __C_specific_handler
-  - PsProcessType
-  - wcslen
-  - wcsncpy
-  - wcsrchr
-  - RtlUnicodeStringToInteger
-  - ZwWaitForSingleObject
-  - ZwRequestWaitReplyPort
-  - ZwConnectPort
-  - _stricmp
-  - ExAllocatePoolWithTag
-  - MmIsAddressValid
-  - RtlImageNtHeader
-  - ZwQuerySystemInformation
-  - SeCaptureSubjectContext
-  - SeReleaseSubjectContext
-  - SeAccessCheck
-  - ObGetObjectSecurity
-  - ObReleaseObjectSecurity
-  - PsGetProcessExitTime
-  - PsThreadType
-  - MmSectionObjectType
-  - RtlCreateSecurityDescriptor
-  - RtlSetDaclSecurityDescriptor
-  - KeInitializeSemaphore
-  - KeReleaseSemaphore
-  - ExAcquireFastMutex
-  - ExReleaseFastMutex
-  - RtlCreateAcl
-  - RtlAddAccessAllowedAce
-  - RtlLengthRequiredSid
-  - RtlInitializeSid
-  - RtlSubAuthoritySid
-  - KeDelayExecutionThread
-  - ExGetPreviousMode
-  - DbgPrint
-  - swprintf
-  - RtlCopyUnicodeString
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ObReferenceObjectByHandle
-  - PsGetCurrentProcessId
-  - ZwCreateEvent
-  - ExEventObjectType
-  - _wcsnicmp
-  - PsSetCreateProcessNotifyRoutine
-  - ZwQueryInformationProcess
-  - PsLookupProcessByProcessId
-  - ZwOpenDirectoryObject
-  - ExInitializeResourceLite
-  - ExDeleteResourceLite
-  - ZwCreateFile
-  - ZwQueryInformationFile
-  - ZwSetInformationFile
-  - ZwReadFile
-  - ZwWriteFile
-  - towupper
-  - MmGetSystemRoutineAddress
-  - ObReferenceObjectByPointer
-  - PsGetCurrentThreadId
-  - ObQueryNameString
-  - PsGetVersion
-  - _snprintf
-  - _vsnprintf
-  - RtlInitAnsiString
-  - wcscat
-  - RtlFreeUnicodeString
-  - RtlTimeToTimeFields
-  - KeWaitForMultipleObjects
-  - ExSystemTimeToLocalTime
-  - ZwCreateKey
-  - ZwDeviceIoControlFile
-  - ZwNotifyChangeKey
-  - ZwOpenFile
-  - ZwQueryVolumeInformationFile
-  - mbstowcs
-  - IoGetDeviceObjectPointer
-  - IoBuildDeviceIoControlRequest
-  - IofCallDriver
-  - IoCreateFile
-  - RtlEqualUnicodeString
-  - RtlAppendUnicodeStringToString
-  - RtlUpcaseUnicodeChar
-  - _snwprintf
-  - strlen
-  - _strnicmp
-  - strncpy
-  - NtOpenProcess
-  - NtQueryInformationProcess
-  - ObOpenObjectByName
-  - KeSetPriorityThread
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - KeNumberProcessors
-  - RtlLengthSecurityDescriptor
-  - ZwOpenKey
-  - ZwDeleteKey
-  - ZwDeleteValueKey
-  - ZwEnumerateKey
-  - ZwEnumerateValueKey
-  - ZwQueryKey
-  - ZwQueryValueKey
-  - ZwSetValueKey
-  - ZwTerminateProcess
-  - ZwOpenProcess
-  - ZwDuplicateObject
-  - ZwQuerySecurityObject
-  - ZwSetSecurityObject
-  - ZwQueryDirectoryObject
-  - ZwQueryDirectoryFile
-  - NtCreateFile
-  - NtQueryInformationFile
-  - NtSetInformationFile
-  - IoFileObjectType
-  - ObInsertObject
-  - wcschr
-  - wcsncmp
-  - RtlQueryRegistryValues
-  - RtlAppendUnicodeToString
-  - RtlCompareMemory
-  - MmBuildMdlForNonPagedPool
-  - IoAllocateIrp
-  - IoFreeIrp
-  - ZwOpenSymbolicLinkObject
-  - ZwQuerySymbolicLinkObject
-  - RtlUpcaseUnicodeString
-  - NtClose
-  - ZwSetInformationObject
-  - SeQueryAuthenticationIdToken
-  - MmSystemRangeStart
-  - IoGetFileObjectGenericMapping
-  - ObCreateObject
-  - SeCreateAccessState
-  - IoAcquireVpbSpinLock
-  - IoReleaseVpbSpinLock
-  - wcstombs
-  - strncat
-  - wcsncat
-  - RtlUnicodeStringToAnsiString
-  - RtlFreeAnsiString
-  - strcpy
-  - wcsstr
-  - RtlCompareUnicodeString
-  - KeAcquireSpinLockRaiseToDpc
-  - KeReleaseSpinLock
-  - ExAllocatePool
-  - ExpInterlockedPopEntrySList
-  - IoBuildSynchronousFsdRequest
-  - IoGetStackLimits
-  - IoGetDeviceInterfaces
-  - IoRegisterPlugPlayNotification
-  - IoUnregisterPlugPlayNotification
-  - IoGetConfigurationInformation
-  - FsRtlIsNameInExpression
-  - IoDeviceObjectType
-  - IoCreateDevice
-  - RtlGetOwnerSecurityDescriptor
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetSaclSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - RtlLengthSid
-  - SeExports
-  - IoIsWdmVersionAvailable
-  - RtlAbsoluteToSelfRelativeSD
-  - RtlAnsiStringToUnicodeString
-  - _purecall
-  - KeBugCheckEx
-  Imports:
-  - ntoskrnl.exe
-  InternalName: TmComm.sys
-  MD5: 2e1f8a2a80221deb93496a861693c565
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: TmComm.sys
-  Product: Trend Micro Eyes
-  ProductVersion: '7.30'
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 1ef18db502f07590b0133ea93427886b
-    SHA1: 914fa70ff269481ce7c8e767d0e276b77de8e7af
-    SHA256: 704350b0e89fb3277a7ba93465a4cdcd8b21bbab537ec95548227dbe1d735ac2
-  SHA1: a00e444120449e35641d58e62ed64bb9c9f518d2
-  SHA256: cc687fe3741bbde1dd142eac0ef59fd1d4457daee43cdde23bb162ef28d04e64
-  Sections:
-    .text:
-      Entropy: 5.885154328803672
-      Virtual Size: '0x53645'
-    .rdata:
-      Entropy: 3.4521682563196063
-      Virtual Size: '0x6174'
-    .data:
-      Entropy: 4.6769393569967495
-      Virtual Size: '0x33fc'
-    .pdata:
-      Entropy: 5.59222376260237
-      Virtual Size: '0x3ae0'
-    .gfids:
-      Entropy: 2.0
-      Virtual Size: '0x4'
-    PAGE:
-      Entropy: 6.304005705274431
-      Virtual Size: '0x1ae4'
-    .edata:
-      Entropy: 5.8497108705685115
-      Virtual Size: '0x5834'
-    INIT:
-      Entropy: 5.349136401673575
-      Virtual Size: '0x1890'
-    .rsrc:
-      Entropy: 3.3806680083024423
-      Virtual Size: '0x568'
-    .reloc:
-      Entropy: 5.332144849624946
-      Virtual Size: '0x4c8'
-  Signature:
-  - Trend Micro, Inc.
-  - VeriSign Class 3 Code Signing 2010 CA
-  - VeriSign
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=TW, ST=Taiwan, L=Taipei, O=Trend Micro, Inc., CN=Trend Micro, Inc.
-      ValidFrom: '2017-04-27 00:00:00'
-      ValidTo: '2018-07-16 23:59:59'
-      Signature: f3b20c020c826fd9e2629408ffc97c9e245959d1050c9ce7708069d366d26af191812e16fce674eaca0d8f05b2a796280831737299800d2bfe0071efecf655117b7952a4d7c0701b97de034a1d42e928fd1a2082b081f9d22e9d39af3233cf05c1e61ae1f8fbfec872e78d9a0b29b4f147f1a053d1757a824601df2bb07c75c591fe7efbaf0021764b90cd446f85f80d14bc2cd42c83edfa7d2510f8f94c82d1b3ea999b1cff9093291977c7e996dc32904d3934f167077684ff76aa5327654a0bd7223d9d67657b47c5b46012dca6723d89e7fa051b3380d0c4977b9df537e75da3186ab149b27c089715a01bd695f408f7ded66bfbe920d27a6f6a7d4cc8b3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 497c4fad471540e6e453d0cafb155740
-      Version: 3
-      TBS:
-        MD5: 78eaa337666217b1c16a9a0ebd0b8434
-        SHA1: ff9cb835e78f6185eed4372096c3bae53b17d18d
-        SHA256: 1c0d9746725e176b4a7c2852878f14d7587f58e65d346bc1247f1c8ee6374250
-        SHA384: ffe3c75b860679a5de399c7d2c2844dbfac51d5d8581e24648d208daba1e4bed5c867808e02dc8d7cb3df1d4b2b53d10
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 497c4fad471540e6e453d0cafb155740
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 0579e15c488a56c544e8fac130d826ba
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create TmComm.sys binPath=C:\windows\temp\TmComm.sys type=kernel
+        && sc.exe start TmComm.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://github.com/elastic/protections-artifacts/search?q=VulnDriver
-Tags:
-- TmComm.sys
-Verified: 'TRUE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/cc687fe3741bbde1dd142eac0ef59fd1d4457daee43cdde23bb162ef28d04e64.yara
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 2d7f04ca689981b18fb8a4488e029843
+        SHA1: 6c0af836a89234e9a69363495719b686fbad8d7d
+        SHA256: d580349730ace5170e7c33850bdcb37cbf16b70d0d1adc2568fdd223c2a55a77
+    Company: Trend Micro Inc.
+    Copyright: Copyright  (C)  2018 Trend Micro Incorporated. All rights reserved.
+    CreationTimestamp: '2018-04-09 04:08:57'
+    Date: ''
+    Description: TrendMicro Common Module
+    ExportedFunctions:
+    - ??0CAutoUpdateConfigThread@@QEAA@AEBV0@@Z
+    - ??0CAutoUpdateConfigThread@@QEAA@PEAU_UNICODE_STRING@@P6AX0PEAX@Z1@Z
+    - ??0CBlobConfig@@QEAA@AEBV0@@Z
+    - ??0CBlobConfig@@QEAA@K@Z
+    - ??0CContext@@QEAA@AEBV0@@Z
+    - ??0CContext@@QEAA@KP6AJPEAU_EVENT_REPORT@@PEAXPEAU_TMCE_REPORT@@PEAU_TMCE_FEEDBACK@@@Z1K@Z
+    - ??0CContextList@@QEAA@AEBV0@@Z
+    - ??0CContextList@@QEAA@KPEAVIMemoryAllocator@@@Z
+    - ??0CDebugLog@@QEAA@AEBV0@@Z
+    - ??0CDebugLog@@QEAA@PEBG@Z
+    - ??0CDebugLogEx@@QEAA@AEBV0@@Z
+    - ??0CDebugLogEx@@QEAA@K@Z
+    - ??0CDelayLoadThread@@QEAA@AEBV0@@Z
+    - ??0CDelayLoadThread@@QEAA@XZ
+    - ??0CExclusionExtConfig@@QEAA@AEBV0@@Z
+    - ??0CExclusionExtConfig@@QEAA@KKE@Z
+    - ??0CExclusionFileNameConfig@@QEAA@AEBV0@@Z
+    - ??0CExclusionFileNameConfig@@QEAA@KK@Z
+    - ??0CExclusionFilePathConfig@@QEAA@AEBV0@@Z
+    - ??0CExclusionFilePathConfig@@QEAA@KK@Z
+    - ??0CExclusionFolderConfig@@QEAA@AEBV0@@Z
+    - ??0CExclusionFolderConfig@@QEAA@KK@Z
+    - ??0CExclusionRegistryConfig@@QEAA@AEBV0@@Z
+    - ??0CExclusionRegistryConfig@@QEAA@KK@Z
+    - ??0CFile@@QEAA@AEBV0@@Z
+    - ??0CFile@@QEAA@E@Z
+    - ??0CFileExtension@@QEAA@AEBV0@@Z
+    - ??0CFileExtension@@QEAA@KEEPEAVIMemoryAllocator@@@Z
+    - ??0CInclusionExtConfig@@QEAA@AEBV0@@Z
+    - ??0CInclusionExtConfig@@QEAA@KKE@Z
+    - ??0CInclusionFileNameConfig@@QEAA@AEBV0@@Z
+    - ??0CInclusionFileNameConfig@@QEAA@KK@Z
+    - ??0CInclusionFilePathConfig@@QEAA@AEBV0@@Z
+    - ??0CInclusionFilePathConfig@@QEAA@KK@Z
+    - ??0CInclusionFolderConfig@@QEAA@AEBV0@@Z
+    - ??0CInclusionFolderConfig@@QEAA@KK@Z
+    - ??0CKEvent@@QEAA@AEBV0@@Z
+    - ??0CKEvent@@QEAA@W4_EVENT_TYPE@@E@Z
+    - ??0CList@@QEAA@AEBV0@@Z
+    - ??0CList@@QEAA@KPEAVIMemoryAllocator@@@Z
+    - ??0CLockEvent@@QEAA@AEBV0@@Z
+    - ??0CLockEvent@@QEAA@XZ
+    - ??0CLockList@@QEAA@AEBV0@@Z
+    - ??0CLockList@@QEAA@KKPEAVIMemoryAllocator@@@Z
+    - ??0CMemoryAllocator@@IEAA@W4_POOL_TYPE@@K@Z
+    - ??0CMemoryAllocator@@QEAA@AEBV0@@Z
+    - ??0CMemoryPoolAllocator@@IEAA@W4_POOL_TYPE@@_K1K@Z
+    - ??0CMemoryPoolAllocator@@QEAA@AEBV0@@Z
+    - ??0CModuleConfig@@QEAA@AEBV0@@Z
+    - ??0CModuleConfig@@QEAA@XZ
+    - ??0CModuleConfigList@@QEAA@AEBV0@@Z
+    - ??0CModuleConfigList@@QEAA@KPEAVIMemoryAllocator@@@Z
+    - ??0CModuleFileExtConfig@@QEAA@AEBV0@@Z
+    - ??0CModuleFileExtConfig@@QEAA@KKE@Z
+    - ??0CModuleFlagConfig@@QEAA@AEBV0@@Z
+    - ??0CModuleFlagConfig@@QEAA@K@Z
+    - ??0CModuleMultiStringConfig@@QEAA@AEBV0@@Z
+    - ??0CModuleMultiStringConfig@@QEAA@KK@Z
+    - ??0CModuleStringConfig@@QEAA@AEBV0@@Z
+    - ??0CModuleStringConfig@@QEAA@K@Z
+    - ??0CNoLockList@@QEAA@AEBV0@@Z
+    - ??0CNoLockList@@QEAA@KKPEAVIMemoryAllocator@@@Z
+    - ??0CSmartLock@@QEAA@AEAVCLockEvent@@@Z
+    - ??0CSmartLock@@QEAA@XZ
+    - ??0CSmartReference@@QEAA@AEAJ@Z
+    - ??0CSmartReference@@QEAA@AEAK@Z
+    - ??0CSmartResource@@QEAA@AEAVCResource@@E@Z
+    - ??0CStrList@@QEAA@AEBV0@@Z
+    - ??0CStrList@@QEAA@KPEAVIMemoryAllocator@@@Z
+    - ??0CSystemThread@@QEAA@AEBV0@@Z
+    - ??0CSystemThread@@QEAA@K@Z
+    - ??0CUserFuncAdapterJob@@QEAA@AEBV0@@Z
+    - ??0CUserFuncAdapterJob@@QEAA@P6AXPEAX@Z01@Z
+    - ??0CWorkerThread@@IEAA@PEAVCWorkerThreadJobQueue@@@Z
+    - ??0CWorkerThread@@QEAA@AEBV0@@Z
+    - ??0CWorkerThreadJob@@QEAA@AEBV0@@Z
+    - ??0CWorkerThreadJob@@QEAA@E@Z
+    - ??0CWorkerThreadJobQueue@@QEAA@AEBV0@@Z
+    - ??0CWorkerThreadJobQueue@@QEAA@K@Z
+    - ??0CWorkerThreadPool@@QEAA@AEBV0@@Z
+    - ??0CWorkerThreadPool@@QEAA@K@Z
+    - ??0CWorkerThreadPoolEx@@QEAA@AEBV0@@Z
+    - ??0CWorkerThreadPoolEx@@QEAA@KK@Z
+    - ??0IMemoryAllocator@@QEAA@AEBV0@@Z
+    - ??0IMemoryAllocator@@QEAA@XZ
+    - ??1CAutoUpdateConfigThread@@UEAA@XZ
+    - ??1CBlobConfig@@UEAA@XZ
+    - ??1CContext@@UEAA@XZ
+    - ??1CContextList@@UEAA@XZ
+    - ??1CDebugLog@@UEAA@XZ
+    - ??1CDebugLogEx@@UEAA@XZ
+    - ??1CDelayLoadThread@@UEAA@XZ
+    - ??1CExclusionExtConfig@@UEAA@XZ
+    - ??1CExclusionFileNameConfig@@UEAA@XZ
+    - ??1CExclusionFilePathConfig@@UEAA@XZ
+    - ??1CExclusionFolderConfig@@UEAA@XZ
+    - ??1CExclusionRegistryConfig@@UEAA@XZ
+    - ??1CFile@@UEAA@XZ
+    - ??1CFileExtension@@UEAA@XZ
+    - ??1CInclusionExtConfig@@UEAA@XZ
+    - ??1CInclusionFileNameConfig@@UEAA@XZ
+    - ??1CInclusionFilePathConfig@@UEAA@XZ
+    - ??1CInclusionFolderConfig@@UEAA@XZ
+    - ??1CKEvent@@UEAA@XZ
+    - ??1CList@@UEAA@XZ
+    - ??1CLockEvent@@UEAA@XZ
+    - ??1CLockList@@UEAA@XZ
+    - ??1CMemoryAllocator@@UEAA@XZ
+    - ??1CMemoryPoolAllocator@@UEAA@XZ
+    - ??1CModuleConfig@@UEAA@XZ
+    - ??1CModuleConfigList@@UEAA@XZ
+    - ??1CModuleFileExtConfig@@UEAA@XZ
+    - ??1CModuleFlagConfig@@UEAA@XZ
+    - ??1CModuleMultiStringConfig@@UEAA@XZ
+    - ??1CModuleStringConfig@@UEAA@XZ
+    - ??1CNoLockList@@UEAA@XZ
+    - ??1CSmartLock@@QEAA@XZ
+    - ??1CSmartReference@@QEAA@XZ
+    - ??1CSmartResource@@QEAA@XZ
+    - ??1CStrList@@UEAA@XZ
+    - ??1CSystemThread@@UEAA@XZ
+    - ??1CUserFuncAdapterJob@@UEAA@XZ
+    - ??1CWorkerThread@@UEAA@XZ
+    - ??1CWorkerThreadJob@@UEAA@XZ
+    - ??1CWorkerThreadJobQueue@@UEAA@XZ
+    - ??1CWorkerThreadPool@@UEAA@XZ
+    - ??1CWorkerThreadPoolEx@@UEAA@XZ
+    - ??1IMemoryAllocator@@UEAA@XZ
+    - ??2@YAPEAX_KPEAVIMemoryAllocator@@PEBDK@Z
+    - ??2CMemoryAllocator@@SAPEAX_K@Z
+    - ??2CMemoryPoolAllocator@@SAPEAX_K@Z
+    - ??3@YAXPEAX@Z
+    - ??3@YAXPEAX_K@Z
+    - ??3IMemoryAllocator@@SAXPEAX@Z
+    - ??4CAutoUpdateConfigThread@@QEAAAEAV0@AEBV0@@Z
+    - ??4CBlobConfig@@QEAAAEAV0@AEBV0@@Z
+    - ??4CContext@@QEAAAEAV0@AEBV0@@Z
+    - ??4CDebugLog@@QEAAAEAV0@AEBV0@@Z
+    - ??4CDebugLogEx@@QEAAAEAV0@AEBV0@@Z
+    - ??4CDelayLoadThread@@QEAAAEAV0@AEBV0@@Z
+    - ??4CFile@@QEAAAEAV0@AEBV0@@Z
+    - ??4CKEvent@@QEAAAEAV0@AEBV0@@Z
+    - ??4CLockEvent@@QEAAAEAV0@AEBV0@@Z
+    - ??4CMemoryAllocator@@QEAAAEAV0@AEBV0@@Z
+    - ??4CMemoryPoolAllocator@@QEAAAEAV0@AEBV0@@Z
+    - ??4CModuleConfig@@QEAAAEAV0@AEBV0@@Z
+    - ??4CModuleFlagConfig@@QEAAAEAV0@AEBV0@@Z
+    - ??4CModuleStringConfig@@QEAAAEAV0@AEBV0@@Z
+    - ??4CSmartLock@@QEAAAEAV0@AEBV0@@Z
+    - ??4CSmartLock@@QEAAAEBV0@AEAVCLockEvent@@@Z
+    - ??4CSmartResource@@QEAAAEAV0@AEBV0@@Z
+    - ??4CSystemThread@@QEAAAEAV0@AEBV0@@Z
+    - ??4CUserFuncAdapterJob@@QEAAAEAV0@AEBV0@@Z
+    - ??4CWorkerThread@@QEAAAEAV0@AEBV0@@Z
+    - ??4CWorkerThreadJob@@QEAAAEAV0@AEBV0@@Z
+    - ??4IMemoryAllocator@@QEAAAEAV0@AEBV0@@Z
+    - ??_7CAutoUpdateConfigThread@@6B@
+    - ??_7CBlobConfig@@6B@
+    - ??_7CContext@@6B@
+    - ??_7CContextList@@6B@
+    - ??_7CDebugLog@@6B@
+    - ??_7CDebugLogEx@@6B@
+    - ??_7CDelayLoadThread@@6B@
+    - ??_7CExclusionExtConfig@@6B@
+    - ??_7CExclusionFileNameConfig@@6B@
+    - ??_7CExclusionFilePathConfig@@6B@
+    - ??_7CExclusionFolderConfig@@6B@
+    - ??_7CExclusionRegistryConfig@@6B@
+    - ??_7CFile@@6B@
+    - ??_7CFileExtension@@6B@
+    - ??_7CInclusionExtConfig@@6B@
+    - ??_7CInclusionFileNameConfig@@6B@
+    - ??_7CInclusionFilePathConfig@@6B@
+    - ??_7CInclusionFolderConfig@@6B@
+    - ??_7CKEvent@@6B@
+    - ??_7CList@@6B@
+    - ??_7CLockEvent@@6B@
+    - ??_7CLockList@@6B@
+    - ??_7CMemoryAllocator@@6B@
+    - ??_7CMemoryPoolAllocator@@6B@
+    - ??_7CModuleConfig@@6B@
+    - ??_7CModuleConfigList@@6B@
+    - ??_7CModuleFileExtConfig@@6B@
+    - ??_7CModuleFlagConfig@@6B@
+    - ??_7CModuleMultiStringConfig@@6B@
+    - ??_7CModuleStringConfig@@6B@
+    - ??_7CNoLockList@@6B@
+    - ??_7CStrList@@6B@
+    - ??_7CSystemThread@@6B@
+    - ??_7CUserFuncAdapterJob@@6B@
+    - ??_7CWorkerThread@@6B@
+    - ??_7CWorkerThreadJob@@6B@
+    - ??_7CWorkerThreadJobQueue@@6B@
+    - ??_7CWorkerThreadPool@@6B@
+    - ??_7CWorkerThreadPoolEx@@6B@
+    - ??_7IMemoryAllocator@@6B@
+    - ??_FCContextList@@QEAAXXZ
+    - ??_FCFile@@QEAAXXZ
+    - ??_FCFileExtension@@QEAAXXZ
+    - ??_FCModuleConfigList@@QEAAXXZ
+    - ??_FCStrList@@QEAAXXZ
+    - ??_FCSystemThread@@QEAAXXZ
+    - ??_FCWorkerThread@@QEAAXXZ
+    - ??_FCWorkerThreadJob@@QEAAXXZ
+    - ??_FCWorkerThreadJobQueue@@QEAAXXZ
+    - ??_U@YAPEAX_KPEAVIMemoryAllocator@@PEBDK@Z
+    - ??_V@YAXPEAX@Z
+    - ??_V@YAXPEAX_K@Z
+    - ?Acquire@CLockEvent@@QEAAXXZ
+    - ?Add@CContextList@@QEAAEPEAVCContext@@@Z
+    - ?Add@CFileExtension@@QEAAEPEBGK@Z
+    - ?Add@CModuleConfigList@@QEAAEPEAVCModuleConfig@@@Z
+    - ?Add@CStrList@@QEAAEPEBG@Z
+    - ?AddNode@CLockList@@UEAAEQEAXE@Z
+    - ?AddNode@CNoLockList@@UEAAEQEAXE@Z
+    - ?Alloc@CMemoryAllocator@@UEAAPEAX_KPEBDK@Z
+    - ?Alloc@CMemoryPoolAllocator@@UEAAPEAX_KPEBDK@Z
+    - ?AllocBlock@CMemoryPoolAllocator@@IEAAPEAX_K@Z
+    - ?AttachJobQueue@CWorkerThread@@QEAAXPEAVCWorkerThreadJobQueue@@@Z
+    - ?Cancel@CWorkerThreadJob@@QEAAXXZ
+    - ?CheckNode@CLockList@@UEAAHQEAX@Z
+    - ?CheckNode@CNoLockList@@UEAAHQEAX@Z
+    - ?CleanQueue@CWorkerThreadJobQueue@@QEAAXXZ
+    - ?Cleanup@CBlobConfig@@AEAAXXZ
+    - ?Cleanup@CModuleFileExtConfig@@IEAAXXZ
+    - ?Cleanup@CModuleMultiStringConfig@@IEAAXXZ
+    - ?Cleanup@CModuleStringConfig@@AEAAXXZ
+    - ?Close@CFile@@QEAAJXZ
+    - ?Count@CLockList@@QEAAKXZ
+    - ?Count@CNoLockList@@QEAAKXZ
+    - ?Create@CFile@@QEAAJPEBGKKKK@Z
+    - ?Create@CSystemThread@@QEAAEXZ
+    - ?CreateInstance@CMemoryAllocator@@SAPEAV1@W4_POOL_TYPE@@K@Z
+    - ?CreateInstance@CMemoryPoolAllocator@@SAPEAV1@W4_POOL_TYPE@@_K1K@Z
+    - ?CreatePool@CWorkerThreadPool@@QEAAEXZ
+    - ?CreatePool@CWorkerThreadPoolEx@@QEAAEXZ
+    - ?CreateThreads@CWorkerThreadPool@@QEAAEK@Z
+    - ?CreateThreads@CWorkerThreadPoolEx@@QEAAEK@Z
+    - ?CreateWIRP@CFile@@QEAAJPEBGKKKK@Z
+    - ?Delete@CFile@@QEAAJXZ
+    - ?Delete@CFileExtension@@QEAAEPEBGK@Z
+    - ?Delete@CStrList@@QEAAEPEBG@Z
+    - ?DeleteAll@CList@@UEAAXXZ
+    - ?DeleteAll@CLockList@@UEAAXXZ
+    - ?DeleteAll@CNoLockList@@UEAAXXZ
+    - ?DeleteNode@CContextList@@MEAAXPEAX@Z
+    - ?DeleteNode@CList@@UEAAXPEAX@Z
+    - ?DeleteNode@CModuleConfigList@@MEAAXPEAX@Z
+    - ?DeleteNode@CStrList@@EEAAXPEAU_STR_LIST_NODE@1@@Z
+    - ?DisableWriteProtectFromCR0@@YAXPEAPEAX@Z
+    - ?DoIt@CWorkerThreadJob@@QEAAJXZ
+    - ?EntryPoint@CSystemThread@@KAXPEAX@Z
+    - ?Find@CContextList@@QEAAPEAVCContext@@K@Z
+    - ?Find@CContextList@@QEAAPEAVCContext@@PEAX@Z
+    - ?Find@CFileExtension@@QEAAPEAU_STR_LIST_NODE@CStrList@@PEBGK@Z
+    - ?Find@CModuleConfigList@@QEAAPEAVCModuleConfig@@K@Z
+    - ?Find@CStrList@@QEAAPEAU_STR_LIST_NODE@1@PEBG@Z
+    - ?FindNode@CContextList@@IEAAPEAXPEAX@Z
+    - ?FindPartiallyAndAllMatch@CStrList@@QEAAPEAU_STR_LIST_NODE@1@PEBG@Z
+    - ?FinishFunction@CUserFuncAdapterJob@@MEAAXXZ
+    - ?FinishIt@CWorkerThreadJob@@QEAAJXZ
+    - ?First@CList@@UEAAPEAXXZ
+    - ?First@CLockList@@UEAAPEAXXZ
+    - ?First@CNoLockList@@UEAAPEAXXZ
+    - ?Free@CMemoryAllocator@@UEAAXPEAX@Z
+    - ?Free@CMemoryPoolAllocator@@UEAAXPEAX@Z
+    - ?GetAttributes@CFile@@QEAAKXZ
+    - ?GetBasicInfomration@CFile@@IEAAJXZ
+    - ?GetBlobCofig@CContext@@UEAAJKPEAXPEAK@Z
+    - ?GetCategory@CContext@@QEAAKXZ
+    - ?GetData@CBlobConfig@@QEAAHPEAXPEAK@Z
+    - ?GetData@CModuleFileExtConfig@@QEAAHPEAGPEAK@Z
+    - ?GetData@CModuleFileExtConfig@@QEAAPEAVCFileExtension@@XZ
+    - ?GetData@CModuleFlagConfig@@QEAAKXZ
+    - ?GetData@CModuleMultiStringConfig@@QEAAHPEAGPEAK@Z
+    - ?GetData@CModuleMultiStringConfig@@QEAAPEAVCStrList@@XZ
+    - ?GetData@CModuleStringConfig@@QEAAPEAGXZ
+    - ?GetData@CStrList@@QEAAEPEAGPEAK@Z
+    - ?GetDataType@CModuleConfig@@QEAAKXZ
+    - ?GetEngineContext@CContext@@QEAAPEAXXZ
+    - ?GetFileExtensionConfig@CContext@@QEAAPEAVCFileExtension@@K@Z
+    - ?GetFileExtensionConfig@CContext@@UEAAJKPEAGPEAK@Z
+    - ?GetFileSize@CFile@@QEAAJPEAT_LARGE_INTEGER@@@Z
+    - ?GetFileSizeWIRP@CFile@@QEAAJPEAT_LARGE_INTEGER@@@Z
+    - ?GetFlagConfig@CContext@@UEAAJKPEAK@Z
+    - ?GetID@CModuleConfig@@QEAAKXZ
+    - ?GetJob@CWorkerThreadJobQueue@@QEAAPEAVCWorkerThreadJob@@XZ
+    - ?GetLength@CModuleStringConfig@@QEAAKXZ
+    - ?GetLinkContext@CContext@@QEAAPEAXXZ
+    - ?GetLogFlag@CDebugLog@@QEAAKXZ
+    - ?GetLogFlag@CDebugLogEx@@QEAAKXZ
+    - ?GetModuleId@CModuleConfig@@QEAAKXZ
+    - ?GetMultiStringConfig@CContext@@QEAAPEAVCStrList@@K@Z
+    - ?GetMultiStringConfig@CContext@@UEAAJKPEAGPEAK@Z
+    - ?GetOneThreadTEB@CWorkerThreadPool@@QEAAPEAU_ETHREAD@@XZ
+    - ?GetOneThreadTEB@CWorkerThreadPool@@QEAAPEAU_KTHREAD@@XZ
+    - ?GetOneThreadTEB@CWorkerThreadPoolEx@@QEAAPEAU_ETHREAD@@XZ
+    - ?GetOneThreadTEB@CWorkerThreadPoolEx@@QEAAPEAU_KTHREAD@@XZ
+    - ?GetReportCallBackRoutine@CContext@@QEAA_KXZ
+    - ?GetSize@CBlobConfig@@QEAAKXZ
+    - ?GetStringConfig@CContext@@QEAAPEAGK@Z
+    - ?GetStringConfig@CContext@@UEAAJKPEAGPEAK@Z
+    - ?GetThreadCount@CWorkerThreadPool@@QEAAKXZ
+    - ?GetThreadCount@CWorkerThreadPoolEx@@QEAAKXZ
+    - ?GetThreadID@CSystemThread@@QEAA_KXZ
+    - ?GetType@CContext@@QEAAKXZ
+    - ?GetUserParameter@CContext@@QEAA_KXZ
+    - ?InitProcMon@CDebugLogEx@@IEAAXXZ
+    - ?InitializeBlobConfig@CContext@@QEAAHKPEAXK@Z
+    - ?InitializeFileExtensionConfig@CContext@@QEAAHKPEBG@Z
+    - ?InitializeFlagConfig@CContext@@QEAAHKK@Z
+    - ?InitializeMultiStringConfig@CContext@@QEAAHKPEBG@Z
+    - ?InitializeStringConfig@CContext@@QEAAHKPEBG@Z
+    - ?Insert@CList@@UEAAXQEAXE@Z
+    - ?Insert@CLockList@@UEAAXQEAXE@Z
+    - ?Insert@CNoLockList@@UEAAXQEAXE@Z
+    - ?InsertAfter@CList@@UEAAXPEAX0@Z
+    - ?InsertBefore@CList@@UEAAXPEAX0@Z
+    - ?Instance@CWorkerThreadPool@@SAPEAV1@XZ
+    - ?IsEmpty@CList@@UEAAEXZ
+    - ?IsEmpty@CLockList@@UEAAEXZ
+    - ?IsEmpty@CNoLockList@@UEAAEXZ
+    - ?IsExceedLimitation@CMemoryPoolAllocator@@IEAAEK@Z
+    - ?IsFull@CLockList@@QEBAEXZ
+    - ?IsFull@CNoLockList@@QEBAEXZ
+    - ?IsInExclusionList@CExclusionExtConfig@@QEAAEPEBG@Z
+    - ?IsInExclusionList@CExclusionFileNameConfig@@QEAAEPEBG@Z
+    - ?IsInExclusionList@CExclusionFilePathConfig@@QEAAEPEBG@Z
+    - ?IsInExclusionList@CExclusionFolderConfig@@QEAAEPEBG@Z
+    - ?IsInExclusionList@CExclusionRegistryConfig@@QEAAEPEBG@Z
+    - ?IsInInclusionList@CInclusionExtConfig@@QEAAEPEBG@Z
+    - ?IsInInclusionList@CInclusionFileNameConfig@@QEAAEPEBG@Z
+    - ?IsInInclusionList@CInclusionFilePathConfig@@QEAAEPEBG@Z
+    - ?IsInInclusionList@CInclusionFolderConfig@@QEAAEPEBG@Z
+    - ?IsOpened@CFile@@QEAAEXZ
+    - ?IsTerminated@CWorkerThreadPool@@QEAAEXZ
+    - ?IsTerminated@CWorkerThreadPoolEx@@QEAAEXZ
+    - ?IsValid@CMemoryAllocator@@UEAAEXZ
+    - ?IsValid@CMemoryPoolAllocator@@UEAAEXZ
+    - ?IsValid@IMemoryAllocator@@UEAAEXZ
+    - ?IsWorkerThread@CWorkerThreadPool@@QEAAE_K@Z
+    - ?IsWorkerThread@CWorkerThreadPoolEx@@QEAAE_K@Z
+    - ?JobFunction@CUserFuncAdapterJob@@MEAAXXZ
+    - ?JobQueue@CWorkerThreadPool@@QEAAAEAVCWorkerThreadJobQueue@@XZ
+    - ?JobQueue@CWorkerThreadPoolEx@@QEAAAEAVCWorkerThreadJobQueue@@XZ
+    - ?Limit@CLockList@@QEAAKXZ
+    - ?Limit@CNoLockList@@QEAAKXZ
+    - ?MatchAllExtensions@CFileExtension@@QEAAEXZ
+    - ?MatchNoExtensions@CFileExtension@@QEAAEXZ
+    - ?MergeLeft@CMemoryPoolAllocator@@IEAAPEAXPEAX@Z
+    - ?MergeRight@CMemoryPoolAllocator@@IEAAPEAXPEAX@Z
+    - ?NeedDelete@CWorkerThreadJob@@QEAAEXZ
+    - ?NeedDeleteWhenFinish@CWorkerThreadJob@@QEAAXE@Z
+    - ?NewNode@CList@@UEAAPEAXXZ
+    - ?NewNode@CStrList@@EEAAPEAXXZ
+    - ?NewNodeVariant@CList@@IEAAPEAXK@Z
+    - ?Next@CList@@UEBAPEAXQEAX@Z
+    - ?Next@CLockList@@UEBAPEAXQEAX@Z
+    - ?Next@CNoLockList@@UEBAPEAXQEAX@Z
+    - ?NextPool@CMemoryPoolAllocator@@QEAAPEAV1@XZ
+    - ?NotityTerminate@CWorkerThread@@QEAAXXZ
+    - ?PostJobToWorkerThread@CWorkerThreadPool@@QEAAJP6AXPEAX@Z0E@Z
+    - ?PostJobToWorkerThread@CWorkerThreadPoolEx@@QEAAJP6AXPEAX@Z0E1@Z
+    - ?Pulse@CKEvent@@QEAAJJE@Z
+    - ?QueueJob@CWorkerThreadJobQueue@@QEAAEPEAVCWorkerThreadJob@@@Z
+    - ?QueueJobItem@CWorkerThreadPool@@QEAAJPEAVCWorkerThreadJob@@@Z
+    - ?QueueJobItem@CWorkerThreadPoolEx@@QEAAJPEAVCWorkerThreadJob@@@Z
+    - ?RCMInstance@CWorkerThreadPool@@SAPEAV1@XZ
+    - ?Read@CFile@@QEAAJPEADKPEAK@Z
+    - ?ReadWIRP@CFile@@QEAAJPEADKPEAK@Z
+    - ?ReferenceCount@CContext@@QEAAAEAKXZ
+    - ?Release@CLockEvent@@QEAAXXZ
+    - ?Remove@CContextList@@UEAAEQEAX@Z
+    - ?Remove@CList@@UEAAEQEAX@Z
+    - ?Remove@CLockList@@UEAAEQEAX@Z
+    - ?Remove@CNoLockList@@UEAAEQEAX@Z
+    - ?RemoveHead@CList@@UEAAPEAXXZ
+    - ?RemoveHead@CLockList@@UEAAPEAXXZ
+    - ?RemoveHead@CNoLockList@@UEAAPEAXXZ
+    - ?RemoveTail@CList@@UEAAPEAXXZ
+    - ?RemoveTail@CLockList@@UEAAPEAXXZ
+    - ?RemoveTail@CNoLockList@@UEAAPEAXXZ
+    - ?Reset@CKEvent@@QEAAXXZ
+    - ?ResetData@CInclusionExtConfig@@QEAAXXZ
+    - ?ResetData@CInclusionFileNameConfig@@QEAAXXZ
+    - ?ResetData@CInclusionFilePathConfig@@QEAAXXZ
+    - ?ResetData@CInclusionFolderConfig@@QEAAXXZ
+    - ?RestoreCR0@@YAXPEAX@Z
+    - ?Run@CAutoUpdateConfigThread@@UEAAXXZ
+    - ?Run@CDelayLoadThread@@UEAAXXZ
+    - ?Run@CWorkerThread@@UEAAXXZ
+    - ?SeekToEnd@CFile@@QEAAJXZ
+    - ?Set@CKEvent@@QEAAJJE@Z
+    - ?SetAttributes@CFile@@QEAAJK@Z
+    - ?SetBlobCofig@CContext@@UEAAJKPEAXK@Z
+    - ?SetData@CBlobConfig@@QEAAHPEAXK@Z
+    - ?SetData@CModuleFileExtConfig@@QEAAHPEBG@Z
+    - ?SetData@CModuleFlagConfig@@QEAAHK@Z
+    - ?SetData@CModuleMultiStringConfig@@QEAAHPEBGK@Z
+    - ?SetData@CModuleStringConfig@@QEAAHPEBG@Z
+    - ?SetEngineContext@CContext@@QEAAXPEAX@Z
+    - ?SetFileExtensionConfig@CContext@@UEAAJKPEBG@Z
+    - ?SetFlagConfig@CContext@@UEAAJKK@Z
+    - ?SetLinkContext@CContext@@QEAAXPEAX@Z
+    - ?SetLogFlag@CDebugLog@@QEAAEK@Z
+    - ?SetLogFlag@CDebugLogEx@@QEAAEK@Z
+    - ?SetMatchAllExtensions@CFileExtension@@QEAAXE@Z
+    - ?SetMatchNoExtensions@CFileExtension@@QEAAXE@Z
+    - ?SetMultiStringConfig@CContext@@UEAAJKPEBG@Z
+    - ?SetNewJobItemEvent@CWorkerThreadJobQueue@@QEAAXXZ
+    - ?SetPriority@CSystemThread@@QEAAXK@Z
+    - ?SetStopUse@CContext@@QEAAXXZ
+    - ?SetStringConfig@CContext@@UEAAJKPEBG@Z
+    - ?Setup@CSystemThread@@MEAAXXZ
+    - ?StopUse@CContext@@QEAAHXZ
+    - ?TearDown@CSystemThread@@MEAAXXZ
+    - ?Terminate@CSystemThread@@QEAAXE@Z
+    - ?Terminate@CWorkerThreadPool@@QEAAEXZ
+    - ?Terminate@CWorkerThreadPoolEx@@QEAAEXZ
+    - ?TmExceptionFilter@@YAJPEAU_EXCEPTION_POINTERS@@@Z
+    - ?Wait@CKEvent@@QEAAJPEAT_LARGE_INTEGER@@E@Z
+    - ?WaitFinish@CWorkerThreadJob@@QEAAXXZ
+    - ?WaitForInit@CDelayLoadThread@@QEAAEXZ
+    - ?WaitForLoad@CDelayLoadThread@@QEAAEXZ
+    - ?WaitNewJobAvailable@CWorkerThreadJobQueue@@QEAAEXZ
+    - ?WaitQueueEmpty@CWorkerThreadJobQueue@@QEAAXXZ
+    - ?Write@CDebugLog@@QEAAXPEBDZZ
+    - ?Write@CDebugLogEx@@QEAAXPEBDZZ
+    - ?Write@CFile@@QEAAJPEADKPEAT_LARGE_INTEGER@@PEAK@Z
+    - ?WriteDataToFile@CDebugLogEx@@IEAAXPEADK@Z
+    - ?WriteDataToProcMonW@CDebugLogEx@@IEAAXPEAD@Z
+    - ?WriteSystemInformation@CDebugLog@@QEAAXXZ
+    - ?WriteSystemInformation@CDebugLogEx@@QEAAXXZ
+    - ?WriteSystemStringInformation@CDebugLog@@IEAAXPEBG@Z
+    - ?WriteSystemStringInformation@CDebugLogEx@@IEAAXPEBG@Z
+    - ?WriteToFile@CDebugLog@@IEAAXPEADK@Z
+    - ?WriteToProcMonW@CDebugLogEx@@IEAAXPEAU_UNICODE_STRING@@@Z
+    - ?_pNonPagedAllocator@@3PEAVCMemoryAllocator@@EA
+    - ?_pPagedAllocator@@3PEAVCMemoryAllocator@@EA
+    - ?m_lpInstance@CWorkerThreadPool@@1PEAV1@EA
+    - ?m_lpRCMInstance@CWorkerThreadPool@@1PEAV1@EA
+    - AllocFullFileName
+    - DeInitKm2UmCommunication
+    - DeInitKmLPC
+    - DuplicateFullFileName
+    - FreeFullFileName
+    - GetKm2UmMode
+    - GetModuleInfoByAddress
+    - GetModuleInfoByModuleName
+    - InitKm2UmCommunication
+    - InitKmLPC
+    - IsVerifierCodeCheckFlagOn
+    - IsWindows8_1_update
+    - KmCallUm
+    - KmCallUmByLPC
+    - KmCallUmEx
+    - KmCleanupCommPortAPIs
+    - KmGetUmInitProcess
+    - KmSetBackupCommPortAPIs
+    - KmSetCommPortAPIs
+    - ModGetExportProcAddress
+    - ModLoadDLLToBuffer
+    - ModLoadDLLToBufferWithImageSize
+    - ModLoadModule
+    - ModUnLoadModule
+    - NormalizeFileName
+    - NormalizeFullNtPathToDosName
+    - TmCommConfigRoutine
+    - UtilAddDeviceInDriveTable
+    - UtilAddReparsePointMapping
+    - UtilCleanFileReadOnly
+    - UtilCloseExclusiveHandle
+    - UtilCreateDosFileName
+    - UtilDeleteFileForce
+    - UtilGetDeviceObjectName
+    - UtilGetFileNameFromFileObject
+    - UtilGetFileObjectForProcessByEPROC
+    - UtilGetFileObjectFromFileName
+    - UtilGetProcessName
+    - UtilGetSystemDirectory
+    - UtilGetSystemDirectoryEx
+    - UtilGetSystemDirectoryLength
+    - UtilGetSystemTime
+    - UtilIoSetFileInfo
+    - UtilIopCreateFileIRP
+    - UtilKeGetLowFileDevice
+    - UtilModuleIATHook
+    - UtilModuleIATUnHook
+    - UtilPostJobToWorkerThread
+    - UtilQueryExclusiveHandle
+    - UtilQueryKeyValue
+    - UtilRemoveDeviceFromDriveTable
+    - UtilVolumeDeviceToDosName
+    - UtilWaitValueChangeToZero
+    - UtilWriteVersionToRegistry
+    - UtilbuildDynamicDiskMappingTable
+    - UtlWriteBinValueKeyToRegistry
+    - ValidateAddressWithSize
+    - _ResetProtectFromClose
+    - _UtilDosPathNameToNtPathName
+    FileVersion: 7.30.0.1099
+    Filename: TmComm.sys
+    ImportedFunctions:
+    - RtlInitUnicodeString
+    - KeInitializeEvent
+    - KeClearEvent
+    - KeSetEvent
+    - KeEnterCriticalRegion
+    - KeLeaveCriticalRegion
+    - KeWaitForSingleObject
+    - ExFreePoolWithTag
+    - ExAcquireFastMutexUnsafe
+    - ExReleaseFastMutexUnsafe
+    - ProbeForRead
+    - ProbeForWrite
+    - ExAcquireResourceSharedLite
+    - ExAcquireResourceExclusiveLite
+    - ExReleaseResourceLite
+    - MmProbeAndLockPages
+    - MmUnlockPages
+    - MmMapLockedPagesSpecifyCache
+    - IoAllocateMdl
+    - IoFreeMdl
+    - IoGetCurrentProcess
+    - ObfReferenceObject
+    - ObfDereferenceObject
+    - ZwClose
+    - ZwCreateSection
+    - ZwOpenSection
+    - ZwMapViewOfSection
+    - ZwUnmapViewOfSection
+    - ZwOpenEvent
+    - KePulseEvent
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - ObOpenObjectByPointer
+    - ZwAllocateVirtualMemory
+    - ZwFreeVirtualMemory
+    - ZwSetEvent
+    - __C_specific_handler
+    - PsProcessType
+    - wcslen
+    - wcsncpy
+    - wcsrchr
+    - RtlUnicodeStringToInteger
+    - ZwWaitForSingleObject
+    - ZwRequestWaitReplyPort
+    - ZwConnectPort
+    - _stricmp
+    - ExAllocatePoolWithTag
+    - MmIsAddressValid
+    - RtlImageNtHeader
+    - ZwQuerySystemInformation
+    - SeCaptureSubjectContext
+    - SeReleaseSubjectContext
+    - SeAccessCheck
+    - ObGetObjectSecurity
+    - ObReleaseObjectSecurity
+    - PsGetProcessExitTime
+    - PsThreadType
+    - MmSectionObjectType
+    - RtlCreateSecurityDescriptor
+    - RtlSetDaclSecurityDescriptor
+    - KeInitializeSemaphore
+    - KeReleaseSemaphore
+    - ExAcquireFastMutex
+    - ExReleaseFastMutex
+    - RtlCreateAcl
+    - RtlAddAccessAllowedAce
+    - RtlLengthRequiredSid
+    - RtlInitializeSid
+    - RtlSubAuthoritySid
+    - KeDelayExecutionThread
+    - ExGetPreviousMode
+    - DbgPrint
+    - swprintf
+    - RtlCopyUnicodeString
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - ObReferenceObjectByHandle
+    - PsGetCurrentProcessId
+    - ZwCreateEvent
+    - ExEventObjectType
+    - _wcsnicmp
+    - PsSetCreateProcessNotifyRoutine
+    - ZwQueryInformationProcess
+    - PsLookupProcessByProcessId
+    - ZwOpenDirectoryObject
+    - ExInitializeResourceLite
+    - ExDeleteResourceLite
+    - ZwCreateFile
+    - ZwQueryInformationFile
+    - ZwSetInformationFile
+    - ZwReadFile
+    - ZwWriteFile
+    - towupper
+    - MmGetSystemRoutineAddress
+    - ObReferenceObjectByPointer
+    - PsGetCurrentThreadId
+    - ObQueryNameString
+    - PsGetVersion
+    - _snprintf
+    - _vsnprintf
+    - RtlInitAnsiString
+    - wcscat
+    - RtlFreeUnicodeString
+    - RtlTimeToTimeFields
+    - KeWaitForMultipleObjects
+    - ExSystemTimeToLocalTime
+    - ZwCreateKey
+    - ZwDeviceIoControlFile
+    - ZwNotifyChangeKey
+    - ZwOpenFile
+    - ZwQueryVolumeInformationFile
+    - mbstowcs
+    - IoGetDeviceObjectPointer
+    - IoBuildDeviceIoControlRequest
+    - IofCallDriver
+    - IoCreateFile
+    - RtlEqualUnicodeString
+    - RtlAppendUnicodeStringToString
+    - RtlUpcaseUnicodeChar
+    - _snwprintf
+    - strlen
+    - _strnicmp
+    - strncpy
+    - NtOpenProcess
+    - NtQueryInformationProcess
+    - ObOpenObjectByName
+    - KeSetPriorityThread
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - KeNumberProcessors
+    - RtlLengthSecurityDescriptor
+    - ZwOpenKey
+    - ZwDeleteKey
+    - ZwDeleteValueKey
+    - ZwEnumerateKey
+    - ZwEnumerateValueKey
+    - ZwQueryKey
+    - ZwQueryValueKey
+    - ZwSetValueKey
+    - ZwTerminateProcess
+    - ZwOpenProcess
+    - ZwDuplicateObject
+    - ZwQuerySecurityObject
+    - ZwSetSecurityObject
+    - ZwQueryDirectoryObject
+    - ZwQueryDirectoryFile
+    - NtCreateFile
+    - NtQueryInformationFile
+    - NtSetInformationFile
+    - IoFileObjectType
+    - ObInsertObject
+    - wcschr
+    - wcsncmp
+    - RtlQueryRegistryValues
+    - RtlAppendUnicodeToString
+    - RtlCompareMemory
+    - MmBuildMdlForNonPagedPool
+    - IoAllocateIrp
+    - IoFreeIrp
+    - ZwOpenSymbolicLinkObject
+    - ZwQuerySymbolicLinkObject
+    - RtlUpcaseUnicodeString
+    - NtClose
+    - ZwSetInformationObject
+    - SeQueryAuthenticationIdToken
+    - MmSystemRangeStart
+    - IoGetFileObjectGenericMapping
+    - ObCreateObject
+    - SeCreateAccessState
+    - IoAcquireVpbSpinLock
+    - IoReleaseVpbSpinLock
+    - wcstombs
+    - strncat
+    - wcsncat
+    - RtlUnicodeStringToAnsiString
+    - RtlFreeAnsiString
+    - strcpy
+    - wcsstr
+    - RtlCompareUnicodeString
+    - KeAcquireSpinLockRaiseToDpc
+    - KeReleaseSpinLock
+    - ExAllocatePool
+    - ExpInterlockedPopEntrySList
+    - IoBuildSynchronousFsdRequest
+    - IoGetStackLimits
+    - IoGetDeviceInterfaces
+    - IoRegisterPlugPlayNotification
+    - IoUnregisterPlugPlayNotification
+    - IoGetConfigurationInformation
+    - FsRtlIsNameInExpression
+    - IoDeviceObjectType
+    - IoCreateDevice
+    - RtlGetOwnerSecurityDescriptor
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetSaclSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - RtlLengthSid
+    - SeExports
+    - IoIsWdmVersionAvailable
+    - RtlAbsoluteToSelfRelativeSD
+    - RtlAnsiStringToUnicodeString
+    - _purecall
+    - KeBugCheckEx
+    Imports:
+    - ntoskrnl.exe
+    InternalName: TmComm.sys
+    MD5: 2e1f8a2a80221deb93496a861693c565
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: TmComm.sys
+    Product: Trend Micro Eyes
+    ProductVersion: '7.30'
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 1ef18db502f07590b0133ea93427886b
+        SHA1: 914fa70ff269481ce7c8e767d0e276b77de8e7af
+        SHA256: 704350b0e89fb3277a7ba93465a4cdcd8b21bbab537ec95548227dbe1d735ac2
+    SHA1: a00e444120449e35641d58e62ed64bb9c9f518d2
+    SHA256: cc687fe3741bbde1dd142eac0ef59fd1d4457daee43cdde23bb162ef28d04e64
+    Sections:
+        .text:
+            Entropy: 5.885154328803672
+            Virtual Size: '0x53645'
+        .rdata:
+            Entropy: 3.4521682563196063
+            Virtual Size: '0x6174'
+        .data:
+            Entropy: 4.6769393569967495
+            Virtual Size: '0x33fc'
+        .pdata:
+            Entropy: 5.59222376260237
+            Virtual Size: '0x3ae0'
+        .gfids:
+            Entropy: 2.0
+            Virtual Size: '0x4'
+        PAGE:
+            Entropy: 6.304005705274431
+            Virtual Size: '0x1ae4'
+        .edata:
+            Entropy: 5.8497108705685115
+            Virtual Size: '0x5834'
+        INIT:
+            Entropy: 5.349136401673575
+            Virtual Size: '0x1890'
+        .rsrc:
+            Entropy: 3.3806680083024423
+            Virtual Size: '0x568'
+        .reloc:
+            Entropy: 5.332144849624946
+            Virtual Size: '0x4c8'
+    Signature:
+    - Trend Micro, Inc.
+    - VeriSign Class 3 Code Signing 2010 CA
+    - VeriSign
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=TW, ST=Taiwan, L=Taipei, O=Trend Micro, Inc., CN=Trend Micro,
+                Inc.
+            ValidFrom: '2017-04-27 00:00:00'
+            ValidTo: '2018-07-16 23:59:59'
+            Signature: f3b20c020c826fd9e2629408ffc97c9e245959d1050c9ce7708069d366d26af191812e16fce674eaca0d8f05b2a796280831737299800d2bfe0071efecf655117b7952a4d7c0701b97de034a1d42e928fd1a2082b081f9d22e9d39af3233cf05c1e61ae1f8fbfec872e78d9a0b29b4f147f1a053d1757a824601df2bb07c75c591fe7efbaf0021764b90cd446f85f80d14bc2cd42c83edfa7d2510f8f94c82d1b3ea999b1cff9093291977c7e996dc32904d3934f167077684ff76aa5327654a0bd7223d9d67657b47c5b46012dca6723d89e7fa051b3380d0c4977b9df537e75da3186ab149b27c089715a01bd695f408f7ded66bfbe920d27a6f6a7d4cc8b3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 497c4fad471540e6e453d0cafb155740
+            Version: 3
+            TBS:
+                MD5: 78eaa337666217b1c16a9a0ebd0b8434
+                SHA1: ff9cb835e78f6185eed4372096c3bae53b17d18d
+                SHA256: 1c0d9746725e176b4a7c2852878f14d7587f58e65d346bc1247f1c8ee6374250
+                SHA384: ffe3c75b860679a5de399c7d2c2844dbfac51d5d8581e24648d208daba1e4bed5c867808e02dc8d7cb3df1d4b2b53d10
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 497c4fad471540e6e453d0cafb155740
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 0579e15c488a56c544e8fac130d826ba
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/23f11e19-0776-4dd4-9c9c-7f6b60f8553f.yaml b/yaml/23f11e19-0776-4dd4-9c9c-7f6b60f8553f.yaml
index 0bcbd9106..32987b4dd 100644
--- a/yaml/23f11e19-0776-4dd4-9c9c-7f6b60f8553f.yaml
+++ b/yaml/23f11e19-0776-4dd4-9c9c-7f6b60f8553f.yaml
@@ -1,223 +1,224 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
-Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create ATSZIO.sys binPath=C:\windows\temp\ATSZIO.sys type=kernel
-    && sc.exe start ATSZIO.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
-Created: '2023-01-09'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/01e024cb14b34b6d525c642a710bfa14497ea20fd287c39ba404b10a8b143ece.yara
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
 Id: 23f11e19-0776-4dd4-9c9c-7f6b60f8553f
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 69a92cb6ac87c99f10b24eefa13f0b10
-    SHA1: b66bf2b1b07f8f2bab1418131ae66b0a55265f73
-    SHA256: 0ff8bcc7f938ec71ee33fbe089d38e40a8190603558d4765c47b1b09e1dd764a
-  Company: ASUSTek Computer Inc.
-  Copyright: Copyright (C) 2012
-  CreationTimestamp: '2014-09-18 06:04:29'
-  Date: ''
-  Description: ATSZIO Driver
-  ExportedFunctions: ''
-  FileVersion: 0.2.1.7
-  Filename: ATSZIO.sys
-  ImportedFunctions:
-  - KeWaitForSingleObject
-  - ExAllocatePool
-  - ExFreePoolWithTag
-  - MmAllocateContiguousMemory
-  - MmFreeContiguousMemory
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoCreateSynchronizationEvent
-  - KeSetEvent
-  - IoDeleteSymbolicLink
-  - ObReferenceObjectByHandle
-  - ZwClose
-  - ZwOpenSection
-  - ZwMapViewOfSection
-  - ZwUnmapViewOfSection
-  - MmGetPhysicalAddress
-  - __C_specific_handler
-  - DbgPrint
-  - IoDeleteDevice
-  - RtlInitUnicodeString
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ATSZIO.sys
-  MD5: b12d1630fd50b2a21fd91e45d522ba3a
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ATSZIO.sys
-  Product: ATSZIO Driver
-  ProductVersion: 0.2.1.7
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 5633aed816ac7f25c13e7f4286ee4097
-    SHA1: 65f5dfbb3adcd40e7bdac184b5f599df9317377a
-    SHA256: 63b956b0064047af48cfdc479899aa30c5f0c2944c96e6ad03e3c26171d83147
-  SHA1: 490109fa6739f114651f4199196c5121d1c6bdf2
-  SHA256: 01e024cb14b34b6d525c642a710bfa14497ea20fd287c39ba404b10a8b143ece
-  Sections:
-    .text:
-      Entropy: 5.55616133376499
-      Virtual Size: '0x5d4'
-    .rdata:
-      Entropy: 3.9257359466643256
-      Virtual Size: '0x2ec'
-    .data:
-      Entropy: 0.5035334969292564
-      Virtual Size: '0x118'
-    .pdata:
-      Entropy: 3.305451172213043
-      Virtual Size: '0x60'
-    PAGE:
-      Entropy: 6.205978336553792
-      Virtual Size: '0xcfe'
-    INIT:
-      Entropy: 5.6051981124019505
-      Virtual Size: '0x5dc'
-    .rsrc:
-      Entropy: 3.2691875406923323
-      Virtual Size: '0x330'
-    .reloc:
-      Entropy: 1.584962500721156
-      Virtual Size: '0xc'
-  Signature:
-  - ASUSTeK Computer Inc.
-  - VeriSign Class 3 Code Signing 2010 CA
-  - VeriSign
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=TW, ST=Taiwan, L=Taipei / Peitou, O=ASUSTeK Computer Inc., OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=Quality Testing Department,
-        CN=ASUSTeK Computer Inc.
-      ValidFrom: '2012-07-31 00:00:00'
-      ValidTo: '2015-08-03 23:59:59'
-      Signature: 03cd161c1960e13d0b06441f08fdfc9df8319f8d87a83ecc865bc20767841d4087e40dc9d770bdc5c0fe6ccb9cf3e08bee7364451b03fb3130356761cae54417e8a282ed7cd33b0becd72e8799b616a2766976a7172a1cc299e8321ebeb479f592e03f425da4b2ea6a0cd0b5cc32b9bdeec80aa3ef0a62d6e16b72765301d53ef883ab9210a4b868ff2e2724e37804feb5277d3e26da8ba9d0b6ef61769d1c0f62a78757779d7134a63320b1a692584f12162d3fa20ec6e1b038b1a8d7afc2fad7b692759c6a000159714271f40d608fed3c08213b757fa75baf4674380f5aea46b7125f17532c636876c1f3e0d4b0350822f2a640001fda794b969e2cc681c2
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 7d08d9bc130726de26ee4ef28e133084
-      Version: 3
-      TBS:
-        MD5: 72cafb0a175f0481177fa2c9803283c7
-        SHA1: b603167b958c5fcd7094552891ddc4e2ea4c149f
-        SHA256: a36a0024075771a4b30eab8f1288817059fe1a01003d0c1d92f647df17f3b688
-        SHA384: 33c28dc6857ce5d20a2e9ba8a47f6bc80a9a98fba518fd732963bedbbb408848b89b3d8438d413f8b933ee761ffa1653
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 7d08d9bc130726de26ee4ef28e133084
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: b19743993dc7f1d48b2a86fe9b9c91e3
-  LoadsDespiteHVCI: 'FALSE'
-MitreID: T1068
-Resources:
-- https://gist.github.com/k4nfr3/af970e7facb09195e56f2112e1c9549c
 Tags:
 - ATSZIO.sys
 - ATSZIO64.sys
 Verified: 'TRUE'
+Author: Michael Haag
+Created: '2023-01-09'
+MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create ATSZIO.sys binPath=C:\windows\temp\ATSZIO.sys type=kernel
+        && sc.exe start ATSZIO.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
+Resources:
+- https://gist.github.com/k4nfr3/af970e7facb09195e56f2112e1c9549c
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/01e024cb14b34b6d525c642a710bfa14497ea20fd287c39ba404b10a8b143ece.yara
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 69a92cb6ac87c99f10b24eefa13f0b10
+        SHA1: b66bf2b1b07f8f2bab1418131ae66b0a55265f73
+        SHA256: 0ff8bcc7f938ec71ee33fbe089d38e40a8190603558d4765c47b1b09e1dd764a
+    Company: ASUSTek Computer Inc.
+    Copyright: Copyright (C) 2012
+    CreationTimestamp: '2014-09-18 06:04:29'
+    Date: ''
+    Description: ATSZIO Driver
+    ExportedFunctions: ''
+    FileVersion: 0.2.1.7
+    Filename: ATSZIO.sys
+    ImportedFunctions:
+    - KeWaitForSingleObject
+    - ExAllocatePool
+    - ExFreePoolWithTag
+    - MmAllocateContiguousMemory
+    - MmFreeContiguousMemory
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoCreateSynchronizationEvent
+    - KeSetEvent
+    - IoDeleteSymbolicLink
+    - ObReferenceObjectByHandle
+    - ZwClose
+    - ZwOpenSection
+    - ZwMapViewOfSection
+    - ZwUnmapViewOfSection
+    - MmGetPhysicalAddress
+    - __C_specific_handler
+    - DbgPrint
+    - IoDeleteDevice
+    - RtlInitUnicodeString
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ATSZIO.sys
+    MD5: b12d1630fd50b2a21fd91e45d522ba3a
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ATSZIO.sys
+    Product: ATSZIO Driver
+    ProductVersion: 0.2.1.7
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 5633aed816ac7f25c13e7f4286ee4097
+        SHA1: 65f5dfbb3adcd40e7bdac184b5f599df9317377a
+        SHA256: 63b956b0064047af48cfdc479899aa30c5f0c2944c96e6ad03e3c26171d83147
+    SHA1: 490109fa6739f114651f4199196c5121d1c6bdf2
+    SHA256: 01e024cb14b34b6d525c642a710bfa14497ea20fd287c39ba404b10a8b143ece
+    Sections:
+        .text:
+            Entropy: 5.55616133376499
+            Virtual Size: '0x5d4'
+        .rdata:
+            Entropy: 3.9257359466643256
+            Virtual Size: '0x2ec'
+        .data:
+            Entropy: 0.5035334969292564
+            Virtual Size: '0x118'
+        .pdata:
+            Entropy: 3.305451172213043
+            Virtual Size: '0x60'
+        PAGE:
+            Entropy: 6.205978336553792
+            Virtual Size: '0xcfe'
+        INIT:
+            Entropy: 5.6051981124019505
+            Virtual Size: '0x5dc'
+        .rsrc:
+            Entropy: 3.2691875406923323
+            Virtual Size: '0x330'
+        .reloc:
+            Entropy: 1.584962500721156
+            Virtual Size: '0xc'
+    Signature:
+    - ASUSTeK Computer Inc.
+    - VeriSign Class 3 Code Signing 2010 CA
+    - VeriSign
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=TW, ST=Taiwan, L=Taipei / Peitou, O=ASUSTeK Computer Inc.,
+                OU=Digital ID Class 3 , Microsoft Software Validation v2, OU=Quality
+                Testing Department, CN=ASUSTeK Computer Inc.
+            ValidFrom: '2012-07-31 00:00:00'
+            ValidTo: '2015-08-03 23:59:59'
+            Signature: 03cd161c1960e13d0b06441f08fdfc9df8319f8d87a83ecc865bc20767841d4087e40dc9d770bdc5c0fe6ccb9cf3e08bee7364451b03fb3130356761cae54417e8a282ed7cd33b0becd72e8799b616a2766976a7172a1cc299e8321ebeb479f592e03f425da4b2ea6a0cd0b5cc32b9bdeec80aa3ef0a62d6e16b72765301d53ef883ab9210a4b868ff2e2724e37804feb5277d3e26da8ba9d0b6ef61769d1c0f62a78757779d7134a63320b1a692584f12162d3fa20ec6e1b038b1a8d7afc2fad7b692759c6a000159714271f40d608fed3c08213b757fa75baf4674380f5aea46b7125f17532c636876c1f3e0d4b0350822f2a640001fda794b969e2cc681c2
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 7d08d9bc130726de26ee4ef28e133084
+            Version: 3
+            TBS:
+                MD5: 72cafb0a175f0481177fa2c9803283c7
+                SHA1: b603167b958c5fcd7094552891ddc4e2ea4c149f
+                SHA256: a36a0024075771a4b30eab8f1288817059fe1a01003d0c1d92f647df17f3b688
+                SHA384: 33c28dc6857ce5d20a2e9ba8a47f6bc80a9a98fba518fd732963bedbbb408848b89b3d8438d413f8b933ee761ffa1653
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 7d08d9bc130726de26ee4ef28e133084
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: b19743993dc7f1d48b2a86fe9b9c91e3
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/24fb7bab-b8c3-46ea-a370-c84d2f0ff614.yaml b/yaml/24fb7bab-b8c3-46ea-a370-c84d2f0ff614.yaml
index c8e73871b..28739ec14 100644
--- a/yaml/24fb7bab-b8c3-46ea-a370-c84d2f0ff614.yaml
+++ b/yaml/24fb7bab-b8c3-46ea-a370-c84d2f0ff614.yaml
@@ -1,193 +1,194 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 24fb7bab-b8c3-46ea-a370-c84d2f0ff614
+Tags:
+- ADV64DRV.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create ADV64DRV.sys binPath=C:\windows\temp\ADV64DRV.sys type=kernel
-    && sc.exe start ADV64DRV.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection:
-- type: BlockRule
-  value: https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules
-- type: IOC
-  value: Utilize Windows Event Code 7045 to monitor for new kernel driver installation.
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/04a85e359525d662338cae86c1e59b1d7aa9bd12b920e8067503723dc1e03162.yara
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: 24fb7bab-b8c3-46ea-a370-c84d2f0ff614
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: e1c188570d8720f9c35e194e17a7fd36
-    SHA1: ca6b0d932e5ac9dbe1242aca48ba93a14cf9d151
-    SHA256: b2b37ef379ada79d2abe78375312bfcd4b518139bc525a522c2a6329ba097cc4
-  Company: FUJITSU LIMITED.
-  Copyright: Copyright(C) FUJITSU LIMITED 2005
-  CreationTimestamp: '2005-09-16 03:50:59'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: 2, 0, 0, 0
-  Filename: ADV64DRV.sys
-  ImportedFunctions:
-  - RtlAppendUnicodeToString
-  - RtlInitUnicodeString
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - IoWriteErrorLogEntry
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeBugCheckEx
-  - IoAllocateErrorLogEntry
-  - IofCompleteRequest
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ADV64DRV.sys
-  MD5: 778b7feea3c750d44745d3bf294bd4ce
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ADV64DRV.sys
-  Product: MicrosoftR WindowsR Operating System
-  ProductVersion: 2, 0, 0, 0
-  Publisher: FUJITSU LIMITED
-  RichPEHeaderHash:
-    MD5: 1b19b7c8c29ee1a90f9c2b13eb7d131b
-    SHA1: 7adbedde877708b811bc96acc23a31532d6f4f83
-    SHA256: 25afa73a325285db7c250742fbb2de5dc0ce869553c6dc16149ae0c66372c42b
-  SHA1: 2261198385d62d2117f50f631652eded0ecc71db
-  SHA256: 04a85e359525d662338cae86c1e59b1d7aa9bd12b920e8067503723dc1e03162
-  Sections:
-    .text:
-      Entropy: 5.903584171694268
-      Virtual Size: '0x962'
-    .rdata:
-      Entropy: 4.136425539237833
-      Virtual Size: '0x1d4'
-    .data:
-      Entropy: 0.5159719988134768
-      Virtual Size: '0x110'
-    .pdata:
-      Entropy: 3.195198013509955
-      Virtual Size: '0x90'
-    INIT:
-      Entropy: 4.823287376137565
-      Virtual Size: '0x252'
-    .rsrc:
-      Entropy: 3.331846154390591
-      Virtual Size: '0x3f0'
-  Signature:
-  - 'FUJITSU LIMITED '
-  - VeriSign Class 3 Code Signing 2004 CA
-  - VeriSign Class 3 Public Primary CA
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2008-12-03 23:59:59'
-      Signature: 877870da4e5201205be079c98230c4fdb91996bd9100c3bdcdcdc6f40ed8fff94dc033623011c5f5741bd492de5f9c2013b17c45be50cd83e7801783a72793671346fbcab8984103cc9b515b058b7fa86ff31b501b242ef2698d6c22f7bbca1695ed0c74c06877d9eb996287c17390f889747a23aba3987b97b1f78f29714d2e751b4841daf0b50d2054d677a097826369fd09cf8af075bb099bd9f91155269a6132be7a02b07b86bea2c38b222c78d13576bc92735cf9b9e64c150a23cce4d2d4342e4940153c0f607a24c6a566ef96cf70eb3ee7f40d7edcd17ca3767169c19c4f47303521b1a2af1a623c2bd98eaa2a077bd818b35c7be29da56ffe3c89ad
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0de92bf0d4d82988183205095e9a7688
-      Version: 3
-      TBS:
-        MD5: 45c204b8a20f6abb0188d2d38a3fb0c9
-        SHA1: cdf3a3c5c2eda4c29621f30fd3154f9f8c765739
-        SHA256: e32839dddc0f4ed2474efaf37f59d46db400c700fd19533cb0895a111124bc77
-        SHA384: ee9c75832cb252218b3201619852209df490d2ef7a5f7a28afdb37f1c1dd56f4604898838e558f615b1c798d4a488223
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: 'C=JP, ST=Kanagawa, L=Kawasaki, O=FUJITSU LIMITED , OU=Digital ID Class
-        3 , Microsoft Software Validation v2, OU=Personal Systems Business Unit, CN=FUJITSU
-        LIMITED '
-      ValidFrom: '2006-05-31 00:00:00'
-      ValidTo: '2007-06-01 23:59:59'
-      Signature: 78ab202d129483254db90615ecfc16a8057fe3f49f614b5d04d92d593ef3aad056d06e29f50323337adb77ef869b046e060dbc793f2142cfdf59de270f02c3d5486ddfda1456be32f76fb5047ef6eefc08c99305a9029753af10ac21b04e76ba8b0651e80d64eccec56353f1fd7082ec8d38737b2f13b6f2d8db5720fe070285bf8ab99d932b52ac8a614cdc11ed0d52b119219dea9b2eeb31a2ea229f0a9de4d770c124872fb0c1154395c8e8cc967205ece6fcc4c976744874f9409a7cab02e612f08924794f8d9f8c1f026acdd269516a43042ebc0d055cae803266e8cc70b0121d8946650c9cbe6cb7f5c359ab80174c0e9208ff07c44980930c244bfc43
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 6b7f98e2e421c2f95c47f321abf1aef1
-      Version: 3
-      TBS:
-        MD5: 3aef8abc12c5f5a0b32350fbb16f4548
-        SHA1: c568d06e1fd94c11c9f1db167c15497e84a86abf
-        SHA256: d0b6a09973254b6b93b041e24f6ecdb4a14bdc27a571bcefa81a4a39a5734600
-        SHA384: ff2116806abeab8dc17757bed5f000fcc14b4cc6cc3c91503caeef6863ff9d04887e6f14abfe1f26d3d4528156d2760b
-    Signer:
-    - SerialNumber: 6b7f98e2e421c2f95c47f321abf1aef1
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  Imphash: 1d9cdf46ff335712634c292180c06755
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create ADV64DRV.sys binPath=C:\windows\temp\ADV64DRV.sys type=kernel
+        && sc.exe start ADV64DRV.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://github.com/namazso/physmem_drivers
-Tags:
-- ADV64DRV.sys
-Verified: 'TRUE'
+Detection:
+-   type: BlockRule
+    value: https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules
+-   type: IOC
+    value: Utilize Windows Event Code 7045 to monitor for new kernel driver installation.
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/04a85e359525d662338cae86c1e59b1d7aa9bd12b920e8067503723dc1e03162.yara
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: e1c188570d8720f9c35e194e17a7fd36
+        SHA1: ca6b0d932e5ac9dbe1242aca48ba93a14cf9d151
+        SHA256: b2b37ef379ada79d2abe78375312bfcd4b518139bc525a522c2a6329ba097cc4
+    Company: FUJITSU LIMITED.
+    Copyright: Copyright(C) FUJITSU LIMITED 2005
+    CreationTimestamp: '2005-09-16 03:50:59'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: 2, 0, 0, 0
+    Filename: ADV64DRV.sys
+    ImportedFunctions:
+    - RtlAppendUnicodeToString
+    - RtlInitUnicodeString
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - IoWriteErrorLogEntry
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeBugCheckEx
+    - IoAllocateErrorLogEntry
+    - IofCompleteRequest
+    - HalTranslateBusAddress
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ADV64DRV.sys
+    MD5: 778b7feea3c750d44745d3bf294bd4ce
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ADV64DRV.sys
+    Product: MicrosoftR WindowsR Operating System
+    ProductVersion: 2, 0, 0, 0
+    Publisher: FUJITSU LIMITED
+    RichPEHeaderHash:
+        MD5: 1b19b7c8c29ee1a90f9c2b13eb7d131b
+        SHA1: 7adbedde877708b811bc96acc23a31532d6f4f83
+        SHA256: 25afa73a325285db7c250742fbb2de5dc0ce869553c6dc16149ae0c66372c42b
+    SHA1: 2261198385d62d2117f50f631652eded0ecc71db
+    SHA256: 04a85e359525d662338cae86c1e59b1d7aa9bd12b920e8067503723dc1e03162
+    Sections:
+        .text:
+            Entropy: 5.903584171694268
+            Virtual Size: '0x962'
+        .rdata:
+            Entropy: 4.136425539237833
+            Virtual Size: '0x1d4'
+        .data:
+            Entropy: 0.5159719988134768
+            Virtual Size: '0x110'
+        .pdata:
+            Entropy: 3.195198013509955
+            Virtual Size: '0x90'
+        INIT:
+            Entropy: 4.823287376137565
+            Virtual Size: '0x252'
+        .rsrc:
+            Entropy: 3.331846154390591
+            Virtual Size: '0x3f0'
+    Signature:
+    - 'FUJITSU LIMITED '
+    - VeriSign Class 3 Code Signing 2004 CA
+    - VeriSign Class 3 Public Primary CA
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2008-12-03 23:59:59'
+            Signature: 877870da4e5201205be079c98230c4fdb91996bd9100c3bdcdcdc6f40ed8fff94dc033623011c5f5741bd492de5f9c2013b17c45be50cd83e7801783a72793671346fbcab8984103cc9b515b058b7fa86ff31b501b242ef2698d6c22f7bbca1695ed0c74c06877d9eb996287c17390f889747a23aba3987b97b1f78f29714d2e751b4841daf0b50d2054d677a097826369fd09cf8af075bb099bd9f91155269a6132be7a02b07b86bea2c38b222c78d13576bc92735cf9b9e64c150a23cce4d2d4342e4940153c0f607a24c6a566ef96cf70eb3ee7f40d7edcd17ca3767169c19c4f47303521b1a2af1a623c2bd98eaa2a077bd818b35c7be29da56ffe3c89ad
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0de92bf0d4d82988183205095e9a7688
+            Version: 3
+            TBS:
+                MD5: 45c204b8a20f6abb0188d2d38a3fb0c9
+                SHA1: cdf3a3c5c2eda4c29621f30fd3154f9f8c765739
+                SHA256: e32839dddc0f4ed2474efaf37f59d46db400c700fd19533cb0895a111124bc77
+                SHA384: ee9c75832cb252218b3201619852209df490d2ef7a5f7a28afdb37f1c1dd56f4604898838e558f615b1c798d4a488223
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: 'C=JP, ST=Kanagawa, L=Kawasaki, O=FUJITSU LIMITED , OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, OU=Personal Systems
+                Business Unit, CN=FUJITSU LIMITED '
+            ValidFrom: '2006-05-31 00:00:00'
+            ValidTo: '2007-06-01 23:59:59'
+            Signature: 78ab202d129483254db90615ecfc16a8057fe3f49f614b5d04d92d593ef3aad056d06e29f50323337adb77ef869b046e060dbc793f2142cfdf59de270f02c3d5486ddfda1456be32f76fb5047ef6eefc08c99305a9029753af10ac21b04e76ba8b0651e80d64eccec56353f1fd7082ec8d38737b2f13b6f2d8db5720fe070285bf8ab99d932b52ac8a614cdc11ed0d52b119219dea9b2eeb31a2ea229f0a9de4d770c124872fb0c1154395c8e8cc967205ece6fcc4c976744874f9409a7cab02e612f08924794f8d9f8c1f026acdd269516a43042ebc0d055cae803266e8cc70b0121d8946650c9cbe6cb7f5c359ab80174c0e9208ff07c44980930c244bfc43
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 6b7f98e2e421c2f95c47f321abf1aef1
+            Version: 3
+            TBS:
+                MD5: 3aef8abc12c5f5a0b32350fbb16f4548
+                SHA1: c568d06e1fd94c11c9f1db167c15497e84a86abf
+                SHA256: d0b6a09973254b6b93b041e24f6ecdb4a14bdc27a571bcefa81a4a39a5734600
+                SHA384: ff2116806abeab8dc17757bed5f000fcc14b4cc6cc3c91503caeef6863ff9d04887e6f14abfe1f26d3d4528156d2760b
+        Signer:
+        -   SerialNumber: 6b7f98e2e421c2f95c47f321abf1aef1
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    Imphash: 1d9cdf46ff335712634c292180c06755
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/257d425f-f660-466c-8bee-c24cccf06daa.yaml b/yaml/257d425f-f660-466c-8bee-c24cccf06daa.yaml
index e61002b41..ca85a195f 100644
--- a/yaml/257d425f-f660-466c-8bee-c24cccf06daa.yaml
+++ b/yaml/257d425f-f660-466c-8bee-c24cccf06daa.yaml
@@ -1,192 +1,193 @@
 Id: 257d425f-f660-466c-8bee-c24cccf06daa
+Tags:
+- AsmIo64.sys
+Verified: 'TRUE'
 Author: Takahiro Haruyama
 Created: '2023-10-12'
 MitreID: T1542, T1068
 Category: vulnerable driver
-Verified: 'TRUE'
 Commands:
-  Command: sc.exe create AsmIo64.sys binPath=C:\windows\temp\AsmIo64.sys type=kernel
-    && sc.exe start AsmIo64.sys
-  Description: ''
-  Usecase: Elevate privileges, firmware erasing/modification
-  Privileges: kernel
-  OperatingSystem: Windows 11
+    Command: sc.exe create AsmIo64.sys binPath=C:\windows\temp\AsmIo64.sys type=kernel
+        && sc.exe start AsmIo64.sys
+    Description: ''
+    Usecase: Elevate privileges, firmware erasing/modification
+    Privileges: kernel
+    OperatingSystem: Windows 11
 Resources:
 - https://github.com/ucsb-seclab/popkorn-artifact/tree/main/evaluation
-Acknowledgement:
-  Person: ''
-  Handle: ''
 Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Person: ''
+    Handle: ''
 KnownVulnerableSamples:
-- Filename: ''
-  MD5: 8f73c1c48ffddfca7d1a98faf83d18ff
-  SHA1: 8b53284fb23d34ca144544b19f8fba63700830d8
-  SHA256: e4658d93544f69f5cb9aa6d9fec420fecc8750cb57e1e9798da38c139d44f2eb
-  Signature: ''
-  Date: ''
-  Publisher: ''
-  Company: Asmedia Technology  Inc.
-  Description: Asmedia PCI Driver
-  Product: Asmedia PCI Driver
-  ProductVersion: 1.0.1.0000
-  FileVersion: '1.0.1.0000 built by: WinDDK'
-  MachineType: AMD64
-  OriginalFilename: AsmIo.sys
-  Imphash: 0c2219c9c5eab786fa876f74356eea20
-  Authentihash:
-    MD5: 99f5e3f2ce4c4d50dfcf6ca02ca73ae9
-    SHA1: 4a127ea0beb39a525db4c95a4a690222945f5f22
-    SHA256: 1ca20c63d8f56c09c48d0faa1894f2e3fccd4b029fd711d9864355e5f29c19f8
-  RichPEHeaderHash:
-    MD5: f63ea2dd58c1c827e0782eaa925b3f89
-    SHA1: 12b2b973f610145de7a1e7a14b540bd1576bf458
-    SHA256: 3a75c6ee26ce098f085b2b62af2c019cf444815ac322108b1b3308c05f6b111d
-  Sections:
-    .text:
-      Entropy: 6.512585906736668
-      Virtual Size: '0x1c03'
-    .rdata:
-      Entropy: 4.170633367783203
-      Virtual Size: '0x1fc'
-    .data:
-      Entropy: 0.4702181866759453
-      Virtual Size: '0x148'
-    .pdata:
-      Entropy: 3.5076370502897625
-      Virtual Size: '0xcc'
-    INIT:
-      Entropy: 5.102526566590903
-      Virtual Size: '0x3d0'
-    .rsrc:
-      Entropy: 3.252725856961488
-      Virtual Size: '0x380'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2015-02-02 01:25:13'
-  InternalName: AsmIo.sys
-  Copyright: "\xA9 Asmedia Technology."
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoBuildSynchronousFsdRequest
-  - KeInitializeEvent
-  - KeWaitForSingleObject
-  - RtlAssert
-  - IofCallDriver
-  - _vsnprintf
-  - DbgPrint
-  - MmUnmapLockedPages
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeReleaseSpinLock
-  - MmUnmapIoSpace
-  - MmBuildMdlForNonPagedPool
-  - IoFreeMdl
-  - MmMapLockedPagesSpecifyCache
-  - IoGetDeviceObjectPointer
-  - ExAllocatePool
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - DbgSetDebugFilterState
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - IoAllocateMdl
-  - KeAcquireSpinLockRaiseToDpc
-  - KeBugCheckEx
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=TW, ST=Taipei, L=New Taipei City, O=ASMedia Technology Inc., OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, CN=ASMedia Technology Inc.
-      ValidFrom: '2013-04-27 00:00:00'
-      ValidTo: '2016-06-25 23:59:59'
-      Signature: 187e13899d21e0d28deac079465ffc9b2febc20639b43a16029aa44fe7ebf1f3549bc3b6cf2fb230f52f8c96f5e71b9acee80596f381be4e3c200cb6a64ebda32c5b32a565eafaa26fd11a02ce5536ae925b245cb1dc78ea427bf97da5e58f9a10139e25bd7ecb438167a4648282ccf600825725242263a265a4853426c14f098ac2249b81e7e205e05a3c2def3608a89c1f2d419502956ca774211cc37fa1d0a0a27acb9250837e32c902ef18064873108b04ff607a8ba37ff0b0d05b45a38b8fa6086dbb8ffd2b4eb753e1c436a73280389b9017115762ce214dad2a77a3c6f6c001950795897b726194ea173cd3c3e6c5d7a5629c897f97970de10558b365
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 7818ead53083ae1106a2d5a565786166
-      Version: 3
-      TBS:
-        MD5: 2ba4563cc7b153c752456fe1bb66230d
-        SHA1: 3c069ca2e4bdc4cf12982be3b200cdc1c89e1878
-        SHA256: 18edc5059f637786f76c3b6d9df9667092a11ba2e7574025b528d0014ee6a355
-        SHA384: 3abc81865df19eb337ce797d5ccb73dbf338e27ae77410110b81127b8d3a3cb354d113c5f4d73584261935a65f208b66
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 7818ead53083ae1106a2d5a565786166
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-Tags:
-- AsmIo64.sys
+-   Filename: ''
+    MD5: 8f73c1c48ffddfca7d1a98faf83d18ff
+    SHA1: 8b53284fb23d34ca144544b19f8fba63700830d8
+    SHA256: e4658d93544f69f5cb9aa6d9fec420fecc8750cb57e1e9798da38c139d44f2eb
+    Signature: ''
+    Date: ''
+    Publisher: ''
+    Company: Asmedia Technology  Inc.
+    Description: Asmedia PCI Driver
+    Product: Asmedia PCI Driver
+    ProductVersion: 1.0.1.0000
+    FileVersion: '1.0.1.0000 built by: WinDDK'
+    MachineType: AMD64
+    OriginalFilename: AsmIo.sys
+    Imphash: 0c2219c9c5eab786fa876f74356eea20
+    Authentihash:
+        MD5: 99f5e3f2ce4c4d50dfcf6ca02ca73ae9
+        SHA1: 4a127ea0beb39a525db4c95a4a690222945f5f22
+        SHA256: 1ca20c63d8f56c09c48d0faa1894f2e3fccd4b029fd711d9864355e5f29c19f8
+    RichPEHeaderHash:
+        MD5: f63ea2dd58c1c827e0782eaa925b3f89
+        SHA1: 12b2b973f610145de7a1e7a14b540bd1576bf458
+        SHA256: 3a75c6ee26ce098f085b2b62af2c019cf444815ac322108b1b3308c05f6b111d
+    Sections:
+        .text:
+            Entropy: 6.512585906736668
+            Virtual Size: '0x1c03'
+        .rdata:
+            Entropy: 4.170633367783203
+            Virtual Size: '0x1fc'
+        .data:
+            Entropy: 0.4702181866759453
+            Virtual Size: '0x148'
+        .pdata:
+            Entropy: 3.5076370502897625
+            Virtual Size: '0xcc'
+        INIT:
+            Entropy: 5.102526566590903
+            Virtual Size: '0x3d0'
+        .rsrc:
+            Entropy: 3.252725856961488
+            Virtual Size: '0x380'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2015-02-02 01:25:13'
+    InternalName: AsmIo.sys
+    Copyright: "\xA9 Asmedia Technology."
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoBuildSynchronousFsdRequest
+    - KeInitializeEvent
+    - KeWaitForSingleObject
+    - RtlAssert
+    - IofCallDriver
+    - _vsnprintf
+    - DbgPrint
+    - MmUnmapLockedPages
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeReleaseSpinLock
+    - MmUnmapIoSpace
+    - MmBuildMdlForNonPagedPool
+    - IoFreeMdl
+    - MmMapLockedPagesSpecifyCache
+    - IoGetDeviceObjectPointer
+    - ExAllocatePool
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - DbgSetDebugFilterState
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - IoAllocateMdl
+    - KeAcquireSpinLockRaiseToDpc
+    - KeBugCheckEx
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=TW, ST=Taipei, L=New Taipei City, O=ASMedia Technology Inc.,
+                OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=ASMedia
+                Technology Inc.
+            ValidFrom: '2013-04-27 00:00:00'
+            ValidTo: '2016-06-25 23:59:59'
+            Signature: 187e13899d21e0d28deac079465ffc9b2febc20639b43a16029aa44fe7ebf1f3549bc3b6cf2fb230f52f8c96f5e71b9acee80596f381be4e3c200cb6a64ebda32c5b32a565eafaa26fd11a02ce5536ae925b245cb1dc78ea427bf97da5e58f9a10139e25bd7ecb438167a4648282ccf600825725242263a265a4853426c14f098ac2249b81e7e205e05a3c2def3608a89c1f2d419502956ca774211cc37fa1d0a0a27acb9250837e32c902ef18064873108b04ff607a8ba37ff0b0d05b45a38b8fa6086dbb8ffd2b4eb753e1c436a73280389b9017115762ce214dad2a77a3c6f6c001950795897b726194ea173cd3c3e6c5d7a5629c897f97970de10558b365
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 7818ead53083ae1106a2d5a565786166
+            Version: 3
+            TBS:
+                MD5: 2ba4563cc7b153c752456fe1bb66230d
+                SHA1: 3c069ca2e4bdc4cf12982be3b200cdc1c89e1878
+                SHA256: 18edc5059f637786f76c3b6d9df9667092a11ba2e7574025b528d0014ee6a355
+                SHA384: 3abc81865df19eb337ce797d5ccb73dbf338e27ae77410110b81127b8d3a3cb354d113c5f4d73584261935a65f208b66
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 7818ead53083ae1106a2d5a565786166
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/25d5ebe3-e827-44a4-86fc-898844595c23.yaml b/yaml/25d5ebe3-e827-44a4-86fc-898844595c23.yaml
index def61bd6e..18be2337b 100644
--- a/yaml/25d5ebe3-e827-44a4-86fc-898844595c23.yaml
+++ b/yaml/25d5ebe3-e827-44a4-86fc-898844595c23.yaml
@@ -1,184 +1,184 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 25d5ebe3-e827-44a4-86fc-898844595c23
+Tags:
+- POORTRY.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: malicious
-Commands:
-  Command: sc.exe create POORTRY.sys binPath=C:\windows\temp\POORTRY.sys type=kernel
-    && sc.exe start POORTRY.sys
-  Description: Driver categorized as POORTRY by Mandiant.
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-03-04'
-Detection: []
-Id: 25d5ebe3-e827-44a4-86fc-898844595c23
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 103f3c1ce174dff5dfc79a428d4bf385
-    SHA1: b4d007b0c6ae6b4cfd96aab617f239cd8ebc8afb
-    SHA256: 45b9eee68266d1128bc252087f4a8ae18dbb0e0b6317e28bc248b25ca2431a56
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2022-06-07 06:29:24'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: POORTRY.sys
-  ImportedFunctions:
-  - WskCaptureProviderNPI
-  - WskReleaseProviderNPI
-  - WskDeregister
-  - WskRegister
-  - RtlDeleteElementGenericTableAvl
-  - vsprintf_s
-  - RtlEqualUnicodeString
-  - MmBuildMdlForNonPagedPool
-  - ObfDereferenceObject
-  - IoAllocateMdl
-  - ZwCreateSection
-  - ExAcquireResourceExclusiveLite
-  - ObCloseHandle
-  - IoCreateFileEx
-  - RtlInitUnicodeString
-  - RtlLookupElementGenericTableAvl
-  - ObReferenceObjectByHandleWithTag
-  - ZwQueryVirtualMemory
-  - IoFileObjectType
-  - KeStackAttachProcess
-  - ZwAllocateVirtualMemory
-  - PsLookupProcessByProcessId
-  - RtlImageNtHeader
-  - ZwMapViewOfSection
-  - RtlInitAnsiString
-  - RtlCaptureContext
-  - ExReleaseResourceLite
-  - _vsnprintf_s
-  - KeCapturePersistentThreadState
-  - IoFreeMdl
-  - wcsstr
-  - RtlCompareString
-  - ZwSetSystemInformation
-  - MmGetSystemRoutineAddress
-  - _stricmp
-  - ZwDeleteFile
-  - ExFreePoolWithTag
-  - ZwOpenFile
-  - ObReferenceObjectByName
-  - MmUnmapLockedPages
-  - IoDriverObjectType
-  - MmFlushImageSection
-  - ZwClose
-  - KeUnstackDetachProcess
-  - MmMapLockedPages
-  - __C_specific_handler
-  - MmIsAddressValid
-  - MmUnlockPages
-  - MmProbeAndLockPages
-  - IoFreeIrp
-  - KeSetEvent
-  - IoAllocateIrp
-  - KeInitializeEvent
-  - KeWaitForSingleObject
-  - ZwReadFile
-  - RtlCopyUnicodeString
-  - ZwUnmapViewOfSection
-  - ZwQuerySystemInformation
-  - ExAllocatePool
-  - RtlGetVersion
-  - __chkstk
-  - WdfVersionBindClass
-  - WdfVersionBind
-  - WdfVersionUnbind
-  - WdfVersionUnbindClass
-  Imports:
-  - NETIO.SYS
-  - ntoskrnl.exe
-  - WDFLDR.SYS
-  InternalName: ''
-  MD5: 7f9309f5e4defec132b622fadbcad511
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: ffdf660eb1ebf020a1d0a55a90712dfb
-    SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
-    SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
-  SHA1: a3ed5cbfbc17b58243289f3cf575bf04be49591d
-  SHA256: 6b5cf41512255237064e9274ca8f8a3fef820c45aa6067c9c6a0e6f5751a0421
-  Sections:
-    .text:
-      Entropy: 3.3215483068965117
-      Virtual Size: '0x6fda'
-    .rdata:
-      Entropy: 3.6296738296175355
-      Virtual Size: '0x3a04'
-    .data:
-      Entropy: 5.121133857019538
-      Virtual Size: '0x1c558'
-    .pdata:
-      Entropy: 7.476825033246972
-      Virtual Size: '0x264'
-    INIT:
-      Entropy: 5.314020433529914
-      Virtual Size: '0x858'
-    .vmp0:
-      Entropy: 7.625965054905161
-      Virtual Size: '0x2200f8'
-    .reloc:
-      Entropy: 3.87772027288033
-      Virtual Size: '0xb8'
-  Signature:
-  - Microsoft Windows Hardware Compatibility Publisher
-  - Microsoft Windows Third Party Component CA 2014
-  - Microsoft Root Certificate Authority 2010
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Hardware Compatibility Publisher
-      ValidFrom: '2022-06-07 18:08:06'
-      ValidTo: '2023-06-01 18:08:06'
-      Signature: 0a835e40cdb627d4f0a0d3dbbf64a46a05c132d0b5df9d11cd9c195d7037737057d57a342732ae68d67de47f460e7211c7c40dc29b0a079caff871c4834a9a2fc85e759de9b78659ad6fd79b7320e538e9ba5d52227ad67cc00b0a770ef662af3d743a558643ad89cfb015591709a69b6271a9b65db71898e7cb9964c6376dc474898301a6133198b486b518fdd9d7b9723dcffc441e026833f7c72e27986026c97b9184a0048b10d1fe6847ae467f02173f7a69120be780e5b6b9e6399402cc58735a31b537cc33578fbea443135a4a612359150bcf9ab316f6a9248bc71ef3f3480b9b3fa2341692bc3a121d80214688f7bd87d5ec56dcbd0ea61abf2c7ed2b739a07590adb596d401735d955f5f94c591d69ab4363a42f9fca549d439495711ff7990448c03724792ed4acf31f2b35b136c1b2f37aa82b1aabf7daf059dcb2e976e95311ec6e9cc53876dd09632cf512d39c801849a7c1088a565691953e07c7ff17b22518e982dd2dcc0feda8c834ca1f5e247aef1c3af5f13cd4b8cc1b6c0179bc876db88d677047c34366533e349796dbdea86389ad640710b7742ae8cc4ec88f10fa80ede4b1c93f81b55480fc8228216d54813df0327e74b3db9f3512a40c0568e4215827f9b7a2613deea72a7ec4df2def05e5559015049fe83edc83300526045cb128119e131b7d3573b268e24b0a25b9ad59f6301c8fc8f409322
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 3300000057ee4d659a923e7c10000000000057
-      Version: 3
-      TBS:
-        MD5: fdc11a5676aed4e9cc0c09eeb7450dfb
-        SHA1: 4902077d9a05d4231b791d3b05bafa4a79132f03
-        SHA256: 5db56c23d83bf67c7152e28ad4a684a7372b4ae4f52afe7a81ce91eef94caec3
-        SHA384: c952d7f0e0ea5216ce4400601fb7c0829f0f3fcd6eb2b5b9112fbe45d133e00c4abd660f8e1794f7ac4ef95123e2c0ab
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2014
-      ValidFrom: '2014-10-15 20:31:27'
-      ValidTo: '2029-10-15 20:41:27'
-      Signature: 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 330000000d690d5d7893d076df00000000000d
-      Version: 3
-      TBS:
-        MD5: 83f69422963f11c3c340b81712eef319
-        SHA1: 0c5e5f24590b53bc291e28583acb78e5adc95601
-        SHA256: d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
-        SHA384: 260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63
-    Signer:
-    - SerialNumber: 3300000057ee4d659a923e7c10000000000057
-      Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2014
-      Version: 1
-  Imphash: beceab354c66949088c9e5ed1f1ff2a4
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: malicious
+Commands:
+    Command: sc.exe create POORTRY.sys binPath=C:\windows\temp\POORTRY.sys type=kernel
+        && sc.exe start POORTRY.sys
+    Description: Driver categorized as POORTRY by Mandiant.
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://www.mandiant.com/resources/blog/hunting-attestation-signed-malware
 - ''
-Tags:
-- POORTRY.sys
-Verified: 'TRUE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 103f3c1ce174dff5dfc79a428d4bf385
+        SHA1: b4d007b0c6ae6b4cfd96aab617f239cd8ebc8afb
+        SHA256: 45b9eee68266d1128bc252087f4a8ae18dbb0e0b6317e28bc248b25ca2431a56
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2022-06-07 06:29:24'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: POORTRY.sys
+    ImportedFunctions:
+    - WskCaptureProviderNPI
+    - WskReleaseProviderNPI
+    - WskDeregister
+    - WskRegister
+    - RtlDeleteElementGenericTableAvl
+    - vsprintf_s
+    - RtlEqualUnicodeString
+    - MmBuildMdlForNonPagedPool
+    - ObfDereferenceObject
+    - IoAllocateMdl
+    - ZwCreateSection
+    - ExAcquireResourceExclusiveLite
+    - ObCloseHandle
+    - IoCreateFileEx
+    - RtlInitUnicodeString
+    - RtlLookupElementGenericTableAvl
+    - ObReferenceObjectByHandleWithTag
+    - ZwQueryVirtualMemory
+    - IoFileObjectType
+    - KeStackAttachProcess
+    - ZwAllocateVirtualMemory
+    - PsLookupProcessByProcessId
+    - RtlImageNtHeader
+    - ZwMapViewOfSection
+    - RtlInitAnsiString
+    - RtlCaptureContext
+    - ExReleaseResourceLite
+    - _vsnprintf_s
+    - KeCapturePersistentThreadState
+    - IoFreeMdl
+    - wcsstr
+    - RtlCompareString
+    - ZwSetSystemInformation
+    - MmGetSystemRoutineAddress
+    - _stricmp
+    - ZwDeleteFile
+    - ExFreePoolWithTag
+    - ZwOpenFile
+    - ObReferenceObjectByName
+    - MmUnmapLockedPages
+    - IoDriverObjectType
+    - MmFlushImageSection
+    - ZwClose
+    - KeUnstackDetachProcess
+    - MmMapLockedPages
+    - __C_specific_handler
+    - MmIsAddressValid
+    - MmUnlockPages
+    - MmProbeAndLockPages
+    - IoFreeIrp
+    - KeSetEvent
+    - IoAllocateIrp
+    - KeInitializeEvent
+    - KeWaitForSingleObject
+    - ZwReadFile
+    - RtlCopyUnicodeString
+    - ZwUnmapViewOfSection
+    - ZwQuerySystemInformation
+    - ExAllocatePool
+    - RtlGetVersion
+    - __chkstk
+    - WdfVersionBindClass
+    - WdfVersionBind
+    - WdfVersionUnbind
+    - WdfVersionUnbindClass
+    Imports:
+    - NETIO.SYS
+    - ntoskrnl.exe
+    - WDFLDR.SYS
+    InternalName: ''
+    MD5: 7f9309f5e4defec132b622fadbcad511
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: ffdf660eb1ebf020a1d0a55a90712dfb
+        SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
+        SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
+    SHA1: a3ed5cbfbc17b58243289f3cf575bf04be49591d
+    SHA256: 6b5cf41512255237064e9274ca8f8a3fef820c45aa6067c9c6a0e6f5751a0421
+    Sections:
+        .text:
+            Entropy: 3.3215483068965117
+            Virtual Size: '0x6fda'
+        .rdata:
+            Entropy: 3.6296738296175355
+            Virtual Size: '0x3a04'
+        .data:
+            Entropy: 5.121133857019538
+            Virtual Size: '0x1c558'
+        .pdata:
+            Entropy: 7.476825033246972
+            Virtual Size: '0x264'
+        INIT:
+            Entropy: 5.314020433529914
+            Virtual Size: '0x858'
+        .vmp0:
+            Entropy: 7.625965054905161
+            Virtual Size: '0x2200f8'
+        .reloc:
+            Entropy: 3.87772027288033
+            Virtual Size: '0xb8'
+    Signature:
+    - Microsoft Windows Hardware Compatibility Publisher
+    - Microsoft Windows Third Party Component CA 2014
+    - Microsoft Root Certificate Authority 2010
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Hardware Compatibility Publisher
+            ValidFrom: '2022-06-07 18:08:06'
+            ValidTo: '2023-06-01 18:08:06'
+            Signature: 0a835e40cdb627d4f0a0d3dbbf64a46a05c132d0b5df9d11cd9c195d7037737057d57a342732ae68d67de47f460e7211c7c40dc29b0a079caff871c4834a9a2fc85e759de9b78659ad6fd79b7320e538e9ba5d52227ad67cc00b0a770ef662af3d743a558643ad89cfb015591709a69b6271a9b65db71898e7cb9964c6376dc474898301a6133198b486b518fdd9d7b9723dcffc441e026833f7c72e27986026c97b9184a0048b10d1fe6847ae467f02173f7a69120be780e5b6b9e6399402cc58735a31b537cc33578fbea443135a4a612359150bcf9ab316f6a9248bc71ef3f3480b9b3fa2341692bc3a121d80214688f7bd87d5ec56dcbd0ea61abf2c7ed2b739a07590adb596d401735d955f5f94c591d69ab4363a42f9fca549d439495711ff7990448c03724792ed4acf31f2b35b136c1b2f37aa82b1aabf7daf059dcb2e976e95311ec6e9cc53876dd09632cf512d39c801849a7c1088a565691953e07c7ff17b22518e982dd2dcc0feda8c834ca1f5e247aef1c3af5f13cd4b8cc1b6c0179bc876db88d677047c34366533e349796dbdea86389ad640710b7742ae8cc4ec88f10fa80ede4b1c93f81b55480fc8228216d54813df0327e74b3db9f3512a40c0568e4215827f9b7a2613deea72a7ec4df2def05e5559015049fe83edc83300526045cb128119e131b7d3573b268e24b0a25b9ad59f6301c8fc8f409322
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 3300000057ee4d659a923e7c10000000000057
+            Version: 3
+            TBS:
+                MD5: fdc11a5676aed4e9cc0c09eeb7450dfb
+                SHA1: 4902077d9a05d4231b791d3b05bafa4a79132f03
+                SHA256: 5db56c23d83bf67c7152e28ad4a684a7372b4ae4f52afe7a81ce91eef94caec3
+                SHA384: c952d7f0e0ea5216ce4400601fb7c0829f0f3fcd6eb2b5b9112fbe45d133e00c4abd660f8e1794f7ac4ef95123e2c0ab
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2014
+            ValidFrom: '2014-10-15 20:31:27'
+            ValidTo: '2029-10-15 20:41:27'
+            Signature: 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 330000000d690d5d7893d076df00000000000d
+            Version: 3
+            TBS:
+                MD5: 83f69422963f11c3c340b81712eef319
+                SHA1: 0c5e5f24590b53bc291e28583acb78e5adc95601
+                SHA256: d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
+                SHA384: 260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63
+        Signer:
+        -   SerialNumber: 3300000057ee4d659a923e7c10000000000057
+            Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2014
+            Version: 1
+    Imphash: beceab354c66949088c9e5ed1f1ff2a4
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/2651f5c4-d9e1-4b06-92be-e9e7313f87c4.yaml b/yaml/2651f5c4-d9e1-4b06-92be-e9e7313f87c4.yaml
index 66f0edd6c..d411d1640 100644
--- a/yaml/2651f5c4-d9e1-4b06-92be-e9e7313f87c4.yaml
+++ b/yaml/2651f5c4-d9e1-4b06-92be-e9e7313f87c4.yaml
@@ -1,4511 +1,4532 @@
 Id: 2651f5c4-d9e1-4b06-92be-e9e7313f87c4
+Tags:
+- asio.sys
+- AsIO32.sys
+- AsIO3.sys
+- AsIO3_64.sys
+- AsIO2.sys
+Verified: 'TRUE'
 Author: Nasreddine Bencherchali, Michael Haag
 Created: '2023-01-09'
 MitreID: T1068
 Category: vulnerable driver
-Verified: 'TRUE'
 Commands:
-  Command: sc.exe create asio.sys binPath=C:\windows\temp\asio.sys type=kernel &&
-    sc.exe start asio.sys
-  Description: Confirmed vulnerable driver from Microsoft Block List
-  Usecase: Elevate privileges
-  Privileges: kernel
-  OperatingSystem: Windows 10
+    Command: sc.exe create asio.sys binPath=C:\windows\temp\asio.sys type=kernel &&
+        sc.exe start asio.sys
+    Description: Confirmed vulnerable driver from Microsoft Block List
+    Usecase: Elevate privileges
+    Privileges: kernel
+    OperatingSystem: Windows 10
 Resources:
 - Internal Research
 - https://github.com/namazso/physmem_drivers
 - https://gist.github.com/mgraeber-rc/1bde6a2a83237f17b463d051d32e802c
-Acknowledgement:
-  Person: ''
-  Handle: ''
 Detection: []
+Acknowledgement:
+    Person: ''
+    Handle: ''
 KnownVulnerableSamples:
-- Filename: asio.sys
-  MD5: bedc99bbcedaf89e2ee1aa574c5a2fa4
-  SHA1: 160a237295a9e5cbb64ca686a84e47553a14f71d
-  SHA256: 0ee5067ce48883701824c5b1ad91695998916a3702cf8086962fbe58af74b2d6
-  Authentihash:
-    MD5: 7bb2dcc29ba50372d08fea800c190f09
-    SHA1: e5c090903a20744ba3583a8ea684d035e8cecc34
-    SHA256: 9dcfd796e244d0687cc35eac9538f209f76c6df12de166f19dbc7d2c47fb16b3
-  Description: ''
-  Company: ''
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  Product: ''
-  ProductVersion: ''
-  Copyright: ''
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - RtlInitUnicodeString
-  - ZwClose
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ZwMapViewOfSection
-  - MmGetPhysicalAddress
-  - MmAllocateContiguousMemory
-  - ZwUnmapViewOfSection
-  - IoIs32bitProcess
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - IofCompleteRequest
-  - KeDelayExecutionThread
-  - HalTranslateBusAddress
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft
-        Windows Hardware Compatibility Publisher
-      ValidFrom: '2014-12-19 19:27:34'
-      ValidTo: '2016-03-19 19:27:34'
-      Signature: 9c8895d0b78e2fb9a8fff5d730270c52de3a7ead8c7e649a21d81298c0a56bed1fb109217ae8b55a5c3a4334ee73203e5d44c03ef843ef2b93621369e7079513d72985c1143d04b5f342dc3a92f554bd1a8a58943c177dda5dd7c3e5280891583cd251dac090051e36faa455e751498657c06ff9f886e6d431b498fce1ea596e21d8bc45c8ad97e2376158c2d18a1f1daaa694fd736ab959c8980358f5f83ccf340fc6594ddeb60587c567e7167ea1129a81f536222046cdde2706e30d6f2fb3b9984bace9f40afe2473a4b4ee4e1fb799259ba41101e08b546d55b55ecd52f10296d5ad0dadeba22cf7c250d5f029457c15f95dee91af4ee7ee0ed6f67ff4fc
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 330000001dc31a761624754f8000000000001d
-      Version: 3
-      TBS:
-        MD5: df2a0bc442ef65cd9973329be21c642f
-        SHA1: d13bcda797c6b986a1a45b7ce9184e87ba0f994c
-        SHA256: 41718d172e45eaa02ec88494587672cf50f96a310aebc5b49a66c0adae99edc5
-        SHA384: db7864a35b468726f3d431e07825ae860ddb0d6250b3bd8906f1b0ff98ce7b4c563c73288b01ec8f1ec5a2a06f31bc40
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2012
-      ValidFrom: '2012-04-18 23:48:38'
-      ValidTo: '2027-04-18 23:58:38'
-      Signature: 5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 610baac1000000000009
-      Version: 3
-      TBS:
-        MD5: a569061297e8e824767dbc3184a69bea
-        SHA1: adbb26a587a8f44b4fccaecb306f980d1c55a150
-        SHA256: cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46
-        SHA384: e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba
-    Signer:
-    - SerialNumber: 330000001dc31a761624754f8000000000001d
-      Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2012
-      Version: 1
-  RichPEHeaderHash:
-    MD5: fdbc1ff6c9321efd70ec149c3c8ccac6
-    SHA1: d77615c985da37ca9099b27c1be4785c6cb7ccf6
-    SHA256: 4dbce3e8c08dd544b78f87323f6d794fb990bb10cb6d239fe367da87a803f23c
-  Sections:
-    .text:
-      Entropy: 6.1181571322303645
-      Virtual Size: '0xd66'
-    .rdata:
-      Entropy: 4.313686441268313
-      Virtual Size: '0x188'
-    .data:
-      Entropy: 0.0
-      Virtual Size: '0xc'
-    .pdata:
-      Entropy: 3.3006321366120503
-      Virtual Size: '0x84'
-    INIT:
-      Entropy: 4.548019208277369
-      Virtual Size: '0x24a'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2012-08-22 03:54:47'
-  Imphash: d7de998e454f947f62d4a6b66490563b
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: AsIO32.sys
-  MD5: 2ca1044a04cb2f0ce5bd0a5832981e04
-  SHA1: 8b86c99328e4eb542663164685c6926e7e54ac20
-  SHA256: 1afa03118f87b62c59a97617e595ebb26dde8dbdd16ee47ef3ddd1097c30ef6a
-  Authentihash:
-    MD5: 3824dd56459d29ffc5d4bb51d7123778
-    SHA1: 5a7dd0da0aee0bdedc14c1b7831b9ce9178a0346
-    SHA256: 92edd48dfac025d4069eb6491b9730d9d131b77cceaa480af9b3c32bc8c5e3a9
-  Description: ''
-  Company: ''
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  Product: ''
-  ProductVersion: ''
-  Copyright: ''
-  MachineType: I386
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - ZwClose
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - WRITE_REGISTER_ULONG
-  - MmAllocateContiguousMemory
-  - IofCompleteRequest
-  - ZwUnmapViewOfSection
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeTickCount
-  - WRITE_REGISTER_USHORT
-  - WRITE_REGISTER_UCHAR
-  - READ_REGISTER_ULONG
-  - READ_REGISTER_USHORT
-  - READ_REGISTER_UCHAR
-  - KeQuerySystemTime
-  - MmGetPhysicalAddress
-  - KeDelayExecutionThread
-  - WRITE_PORT_USHORT
-  - WRITE_PORT_UCHAR
-  - HalTranslateBusAddress
-  - READ_PORT_ULONG
-  - READ_PORT_USHORT
-  - READ_PORT_UCHAR
-  - WRITE_PORT_ULONG
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft
-        Windows Hardware Compatibility Publisher
-      ValidFrom: '2014-12-19 19:27:34'
-      ValidTo: '2016-03-19 19:27:34'
-      Signature: 9c8895d0b78e2fb9a8fff5d730270c52de3a7ead8c7e649a21d81298c0a56bed1fb109217ae8b55a5c3a4334ee73203e5d44c03ef843ef2b93621369e7079513d72985c1143d04b5f342dc3a92f554bd1a8a58943c177dda5dd7c3e5280891583cd251dac090051e36faa455e751498657c06ff9f886e6d431b498fce1ea596e21d8bc45c8ad97e2376158c2d18a1f1daaa694fd736ab959c8980358f5f83ccf340fc6594ddeb60587c567e7167ea1129a81f536222046cdde2706e30d6f2fb3b9984bace9f40afe2473a4b4ee4e1fb799259ba41101e08b546d55b55ecd52f10296d5ad0dadeba22cf7c250d5f029457c15f95dee91af4ee7ee0ed6f67ff4fc
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 330000001dc31a761624754f8000000000001d
-      Version: 3
-      TBS:
-        MD5: df2a0bc442ef65cd9973329be21c642f
-        SHA1: d13bcda797c6b986a1a45b7ce9184e87ba0f994c
-        SHA256: 41718d172e45eaa02ec88494587672cf50f96a310aebc5b49a66c0adae99edc5
-        SHA384: db7864a35b468726f3d431e07825ae860ddb0d6250b3bd8906f1b0ff98ce7b4c563c73288b01ec8f1ec5a2a06f31bc40
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2012
-      ValidFrom: '2012-04-18 23:48:38'
-      ValidTo: '2027-04-18 23:58:38'
-      Signature: 5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 610baac1000000000009
-      Version: 3
-      TBS:
-        MD5: a569061297e8e824767dbc3184a69bea
-        SHA1: adbb26a587a8f44b4fccaecb306f980d1c55a150
-        SHA256: cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46
-        SHA384: e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba
-    Signer:
-    - SerialNumber: 330000001dc31a761624754f8000000000001d
-      Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2012
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 432a6583ab7bafb3773874586c68db85
-    SHA1: bb0833dab5efdcbfcad58fe4e9a35fc31de53442
-    SHA256: 1dffaf610cdef8285f0794d34bc503106b06dbe14d99da734436265b9461f6c9
-  Sections:
-    .text:
-      Entropy: 6.23937613305102
-      Virtual Size: '0x8ad'
-    .rdata:
-      Entropy: 4.36827815837928
-      Virtual Size: '0xe7'
-    .data:
-      Entropy: 1.311278124459133
-      Virtual Size: '0x10'
-    INIT:
-      Entropy: 5.344545644500133
-      Virtual Size: '0x370'
-    .reloc:
-      Entropy: 3.6862767817925604
-      Virtual Size: '0xc6'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2012-08-22 03:54:43'
-  Imphash: 2699b7ae36fcadd71425ebafd231d0d1
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: AsIO3.sys
-  MD5: 40f39a98fb513411dacdfc5b2d972206
-  SHA1: fe02ae340dc7fe08e4ad26dab9de418924e21603
-  SHA256: 26453afb1f808f64bec87a2532a9361b696c0ed501d6b973a1f1b5ae152a4d40
-  Authentihash:
-    MD5: 8c33214968ec9043fa1c6abf1911e06d
-    SHA1: 3075f1fc419a62544b291d02e9067783cb0fd1f3
-    SHA256: 5aa7a47c7abaf13453b8ab309ef16bdd80ceaf7407e67fa27932d4591f025d67
-  Description: ''
-  Company: ''
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  Product: ''
-  ProductVersion: ''
-  Copyright: ''
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - DbgPrint
-  - RtlGetVersion
-  - KeDelayExecutionThread
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - MmGetSystemRoutineAddress
-  - MmAllocateContiguousMemory
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - RtlCopyUnicodeString
-  - ObReferenceObjectByHandle
-  - ObfDereferenceObject
-  - ZwClose
-  - ZwOpenSection
-  - ZwMapViewOfSection
-  - ZwUnmapViewOfSection
-  - MmGetPhysicalAddress
-  - __C_specific_handler
-  - ZwOpenFile
-  - ZwQueryInformationFile
-  - ZwReadFile
-  - KeBugCheckEx
-  - IoIs32bitProcess
-  - RtlInitUnicodeString
-  - HalTranslateBusAddress
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert, Inc., CN=DigiCert Timestamp 2021
-      ValidFrom: '2021-01-01 00:00:00'
-      ValidTo: '2031-01-06 00:00:00'
-      Signature: 481cdcb5e99a23bce71ae7200e8e6746fd427251740a2347a3ab92d225c47059be14a0e52781a54d1415190779f0d104c386d93bbdfe4402664ded69a40ff6b870cf62e8f5514a7879367a27b7f3e7529f93a7ed439e7be7b4dd412289fb87a246034efcf4feb76477635f2352698382fa1a53ed90cc8da117730df4f36539704bf39cd67a7bda0cbc3d32d01bcbf561fc75080076bc810ef8c0e15ccfc41172e71b6449d8229a751542f52d323881daf460a2bab452fb5ce06124254fb2dfc929a8734351dabd63d61f5b9bf72e1b4f131df74a0d717e97b7f43f84ebc1e3a349a1facea7bf56cfba597661895f7ea7b48e6778f93698e1cb28da5b87a68a2f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 0d424ae0be3a88ff604021ce1400f0dd
-      Version: 3
-      TBS:
-        MD5: c0189c338449a42fe8358c2c1fbecc60
-        SHA1: b8ac0ee6875594b80ad86a6df6dd1fa3048c187c
-        SHA256: a43de6baf968a942da017b70769fdb65b3cfb1bbca1f9174da26a7d8aae78ec5
-        SHA384: 76d3a316a5a106050298418cce3beea16100524723d9e3220b0de51bfb6f1c35a5d4c7cd10b358fef7bf94c3e3562150
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Assured
-        ID Timestamping CA
-      ValidFrom: '2016-01-07 12:00:00'
-      ValidTo: '2031-01-07 12:00:00'
-      Signature: 719512e951875669cdefddda7caa637ab378cf06374084ef4b84bfcacf0302fdc5a7c30e20422caf77f32b1f0c215a2ab705341d6aae99f827a266bf09aa60df76a43a930ff8b2d1d87c1962e85e82251ec4ba1c7b2c21e2d65b2c1435430468b2db7502e072c798d63c64e51f4810185f8938614d62462487638c91522caf2989e5781fd60b14a580d7124770b375d59385937eb69267fb536189a8f56b96c0f458690d7cc801b1b92875b7996385228c61ca79947e59fc8c0fe36fb50126b66ca5ee875121e458609bba0c2d2b6da2c47ebbc4252b4702087c49ae13b6e17c424228c61856cf4134b6665db6747bf55633222f2236b24ba24a95d8f5a68e52
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 0aa125d6d6321b7e41e405da3697c215
-      Version: 3
-      TBS:
-        MD5: 8d26184fc613f89aba1cefb30fce1b53
-        SHA1: 63a7e376bad5ec2e419d514a403bcf46c8d31d95
-        SHA256: 56b5f0d9db578e3f142921daa387902722a76700375c7e1c4ae0ba004bacaa0c
-        SHA384: d8c9691fe9dbe182f07b49b07fbb4f589fa7b38b5c4d21f265d3a2e818f4b1bfb39e03faab2ec05bb10333a99914fb8a
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: ??=TW, ??=Private Organization, serialNumber=23638777, C=TW, L=Taipei
-        City, O=ASUSTeK Computer Inc., CN=ASUSTeK Computer Inc.
-      ValidFrom: '2019-04-01 00:00:00'
-      ValidTo: '2022-01-11 12:00:00'
-      Signature: 646eaa59a80117077ed7d80227a6c3be77f3d9acdc0927d1299369e5636dbb773b61e91390d181178f88e5b92c7cc0c1b851541ee781380f7ac0425fea8a292a9cf93c7f851701db11dd13c8c0e97fd254839b81fdfd7e0a9a520c43186f4c834daa920b8a8e7ddd0048a55a5b7034675394a914b91258751c59b6d9d60ce1d17565fbdcd99311bcbe7e386807ecc186248ddbbb4bae2e4192a0509d661cd307c28a79c6b914854728463b7b39515869858c4975e0fbdd74188afa81c729682705f73bf80e839897b1d61d8deeabb53744e938b4b918fced39ca7dff3076c7f2dca4ddda8621a81fc493480456966901e29041821b116294bc98b445ebb05c33
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 0c64962e4467edcc1579646b7337ec8c
-      Version: 3
-      TBS:
-        MD5: 69796942ecdfadbd806bdea1460a5115
-        SHA1: 0ce9329828324db04bd0a7b101b4fbfedb3be8b2
-        SHA256: efd9b83b154c3e805e1bf7fdfd6a7f7bfdcf2ff3e191d1c33bdc427b6c82039b
-        SHA384: e27d21dc30c40e7b675120062e69c438e9f448ceed7b0434dedd129848c6a8edf05ec07ac25f5ec300be0da46a4c6eab
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA (SHA2)
-      ValidFrom: '2012-04-18 12:00:00'
-      ValidTo: '2027-04-18 12:00:00'
-      Signature: 19334a0c813337dbad36c9e4c93abbb51b2e7aa2e2f44342179ebf4ea14de1b1dbe981dd9f01f2e488d5e9fe09fd21c1ec5d80d2f0d6c143c2fe772bdbf9d79133ce6cd5b2193be62ed6c9934f88408ecde1f57ef10fc6595672e8eb6a41bd1cd546d57c49ca663815c1bfe091707787dcc98d31c90c29a233ed8de287cd898d3f1bffd5e01a978b7cda6dfba8c6b23a666b7b01b3cdd8a634ec1201ab9558a5c45357a860e6e70212a0b92364a24dbb7c81256421becfee42184397bba53706af4dff26a54d614bec4641b865ceb8799e08960b818c8a3b8fc7998ca32a6e986d5e61c696b78ab9612d93b8eb0e0443d7f5fea6f062d4996aa5c1c1f0649480
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 03f1b4e15f3a82f1149678b3d7d8475c
-      Version: 3
-      TBS:
-        MD5: 83f5de89f641d0fbf60248e10a7b9534
-        SHA1: 382a73a059a08698d6eb98c87e1b36fc750933a4
-        SHA256: eec58131dc11cd7f512501b15fdbc6074c603b68ca91f7162d5a042054edb0cf
-        SHA384: 4a25018683cabfb8ec2cad136334f37f33c89aa8540326322991d997c8adfb7faf06ab602ebd46630fe75fe3d2edc6b1
-    Signer:
-    - SerialNumber: 0c64962e4467edcc1579646b7337ec8c
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA (SHA2)
-      Version: 1
-  RichPEHeaderHash:
-    MD5: bd657195a5248af37c088ce8712464a4
-    SHA1: 0bf831fc65d253f731f72b7f46c099ddcab406a2
-    SHA256: 7affe0e940b8c0536ddeef345f02a37077919e88f16b182663de8c7dd947e46c
-  Sections:
-    .text:
-      Entropy: 6.325844334310556
-      Virtual Size: '0x47f3'
-    .rdata:
-      Entropy: 5.476061155646105
-      Virtual Size: '0x84c'
-    .data:
-      Entropy: 0.9352337914257391
-      Virtual Size: '0x290'
-    .pdata:
-      Entropy: 3.923736262912225
-      Virtual Size: '0x174'
-    INIT:
-      Entropy: 5.255268621688079
-      Virtual Size: '0x42c'
-    .reloc:
-      Entropy: 2.9464393446710155
-      Virtual Size: '0x14'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2021-09-29 04:05:28'
-  Imphash: f5ebade1d3a6d3bde264b0c7f9f639e7
-  LoadsDespiteHVCI: 'TRUE'
-- Filename: AsIO3.sys
-  MD5: 19f32bf24b725f103f49dc3fa2f4f0bd
-  SHA1: e40ea8d498328b90c4afbb0bb0e8b91b826f688e
-  SHA256: 2d195cd4400754cc6f6c3f8ab1fe31627932c3c1bf8d5d0507c292232d1a2396
-  Authentihash:
-    MD5: cf61dd8f9a187de6219f930866defcbd
-    SHA1: 80bb26a2ef12a3d9d77fe5dd6059d5955b690b2e
-    SHA256: a7bb08f99a9701482ce693d71e95559b10a247c4e8f50deba8097b0d3f191532
-  Description: ''
-  Company: ''
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  Product: ''
-  ProductVersion: ''
-  Copyright: ''
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - KeSetEvent
-  - KeDelayExecutionThread
-  - KeWaitForSingleObject
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - MmGetSystemRoutineAddress
-  - MmAllocateContiguousMemory
-  - MmFreeContiguousMemory
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoCreateSynchronizationEvent
-  - IoDeleteDevice
-  - RtlGetVersion
-  - IoIs32bitProcess
-  - ObReferenceObjectByHandle
-  - ObfDereferenceObject
-  - ZwClose
-  - ZwOpenSection
-  - ZwMapViewOfSection
-  - ZwUnmapViewOfSection
-  - MmGetPhysicalAddress
-  - __C_specific_handler
-  - ZwOpenFile
-  - ZwQueryInformationFile
-  - ZwReadFile
-  - KeBugCheckEx
-  - DbgPrint
-  - RtlCopyUnicodeString
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  - HalTranslateBusAddress
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert, Inc., CN=DigiCert Trusted G4 Code Signing RSA4096
-        SHA384 2021 CA1
-      ValidFrom: '2021-04-29 00:00:00'
-      ValidTo: '2036-04-28 23:59:59'
-      Signature: 3a23443d8d0876ee8fbc3a99d356e0021aa5f84834f32cb6e67466f79472b100caaf6c302713129e90449f4bfd9ea37c26d537bc3a5d486d95d53f49f427bb16814550fd9cbdb685e0767e3771cb22f75aaa90cff5936ae3eb20d1d55079889a8a8ac1b6bda148187edcd8801a111918cd61998156f6c9e376e7c4e41b5f43f83e94ff76393d9ed499cf4add28eb5f26a1955848d51afed7273ffd90d17686dd1cb0605cf30da8eee089a1bd39e1384eda6ebb369dfbe521535ac3cae96af1a23edb43b833c84f38149299f5ddce546dd95d02141f40337c03e295b2c221757352cb46d8c4341ca2a54b8dcd6f76372c853f1ace26e918be9007b0437f9588208270f0cccaeffd29355c1f893855f7378a8b09a1cb0be9311aff2e195c3971e1be9ca70a06d62667b792e64e5fde7aac49cf2ea47492addb3ca49c861fe3c1561b2b23ff8fb5ea887b706be6a0bafd3a3f45a6c4e81691528b41c048844b964dab4440e38df01528ceedf11856072a2f10c40c08643c338fae288c3ccb8f880b0dbf3bf4ce1e7b8eefb5ebcbb7f07713e6e7283fac12aea52f226c41f9825c1566cc6c0ecac586c3f626330c074ba0d307026a6a4030484b34a85120bbad1b8508e2590d6dca05502bea4a1c9ea5fda0a71f0674e7f2d65290fdaf854821f9573bb49c03ed8645f4b4616ebf68e2266086eac8afa9fe941de7631b3a8656784e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.12
-      IsCertificateAuthority: true
-      SerialNumber: 08ad40b260d29c4c9f5ecda9bd93aed9
-      Version: 3
-      TBS:
-        MD5: 5d8003a64dfa5a4d88365da1566038cb
-        SHA1: 79465b56bc7ad55a37bdf633943da8bfc84db228
-        SHA256: 84bdc82e2f2a7f7aaa782667dac556ffcb2b33240c1f9c0a00a3264526a98332
-        SHA384: 65b1d4076a89ae273f57e6eeedecb3eae129b4168f76fa7671914cdf461d542255c59d9b85b916ae0ca6fc0fcf7a8e64
-    - Subject: ??=Private Organization, ??=TW, serialNumber=23638777, C=TW, ST=Taipei
-        City, L=Beitou District, O=ASUSTeK COMPUTER INC., CN=ASUSTeK COMPUTER INC.
-      ValidFrom: '2021-10-22 00:00:00'
-      ValidTo: '2024-10-22 23:59:59'
-      Signature: 1a8b6fd4e11cec34a3dfea314f0d59c6f41c56f76e1ac51f68e0285f1abdbda9e22628939dbd7acdf890d8ff3c7c4fff180c624b8434c6536bb61f1ff459d48a14c001d9d40ff1587cf64ce82edee2a24da8d80cd240e2af6d0e1c61aab24ce95f9c8ef50eeb0e153a343c1279fe6a003c44f3bd3ffa75ffbe314fc13bb36a9bbb3cea6026f5cb582992b016059074e4fcd8c16d4c5e8750bc9a196f94525317febcddb2d0121a235bb95136a0e4fc25611cd2915f4b488b66888168b90824e171d3214480c99fadb7b6c89cafc500eee468cb7faa9c1c1526d224ff389de012480480ced98831c324b129f2df3d3493d002ec8d4725e00eda33994f82493505861f61035c625d1c9ce2c7363799d3f1df9b17712b43cbf4c2027b54c796cbaca6b1523d028291e07774168a976ee3c879c850c1aaf65b1cec5c6dcb445487ab11b3967b8dd7726fe0dc529f7d624346a996adfd9dc6aab808edd9836a93e229ddbba4e8bb1c59719b6ebdcfc74d73f57ed946e936b5659783c199395bd2595458958edde6674bf08b3b650a8aeaa5507053b3f6ee7aedf16f55b849111535ca68ea11a5827551cba28023e230db7a209c763743ea22be0948ecf03d98ed447f66ecb97c0a525eb3b469779f2417f2082c4244b50936a9cb215745c71f3c27c98220f76395ba22a2f921a87655237977febd8b9a1564333af0cdf8e749bce0dd
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 0bbe02c8838fbf02ab56edabb1e34c19
-      Version: 3
-      TBS:
-        MD5: 0357e292e0e92b06c92b21cacfcfa451
-        SHA1: f52795bc8de5d803f09e20dd216d7df861f4cb34
-        SHA256: b33b80e64cdfb28fb9afb17259be19ffe1edf8aae62fcfbfe8ff301f786c500d
-        SHA384: 5fbe918c3fa1034d5671ae38b20773df18b8f9dd48e60f90c5c98708e73d6ca0c6dec4e2bcb0de22ba3efb59479db152
-    Signer:
-    - SerialNumber: 0bbe02c8838fbf02ab56edabb1e34c19
-      Issuer: C=US, O=DigiCert, Inc., CN=DigiCert Trusted G4 Code Signing RSA4096
-        SHA384 2021 CA1
-      Version: 1
-  RichPEHeaderHash:
-    MD5: dbe8b55f933a7abbc26d9f121bbf2b84
-    SHA1: 81e0e90f23b7d56dd1dccbbe04bb3c54892af7b8
-    SHA256: 270748ae970faf04f98d588b783073c9b24e3dae8630ad2e3f1a862731078f4b
-  Sections:
-    .text:
-      Entropy: 6.407232131831549
-      Virtual Size: '0x58d3'
-    .rdata:
-      Entropy: 5.437107960063165
-      Virtual Size: '0x8d4'
-    .data:
-      Entropy: 0.9313275414257391
-      Virtual Size: '0x290'
-    .pdata:
-      Entropy: 4.005604411589105
-      Virtual Size: '0x1bc'
-    INIT:
-      Entropy: 5.265885086539526
-      Virtual Size: '0x4ec'
-    .reloc:
-      Entropy: 3.1086949695628423
-      Virtual Size: '0x14'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2022-05-18 20:51:01'
-  Imphash: b3e26c5e0de2d01597dca208ef27cc38
-  LoadsDespiteHVCI: 'TRUE'
-- Filename: asio.sys
-  MD5: bfe96411cf67edb3cee2b9894b910cd5
-  SHA1: 67dfd415c729705396ce54166bd70faf09ac7f10
-  SHA256: 48891874441c6fa69e5518d98c53d83b723573e280c6c65ccfbde9039a6458c9
-  Authentihash:
-    MD5: 3824dd56459d29ffc5d4bb51d7123778
-    SHA1: 5a7dd0da0aee0bdedc14c1b7831b9ce9178a0346
-    SHA256: 92edd48dfac025d4069eb6491b9730d9d131b77cceaa480af9b3c32bc8c5e3a9
-  Description: ''
-  Company: ''
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  Product: ''
-  ProductVersion: ''
-  Copyright: ''
-  MachineType: I386
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - ZwClose
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - WRITE_REGISTER_ULONG
-  - MmAllocateContiguousMemory
-  - IofCompleteRequest
-  - ZwUnmapViewOfSection
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeTickCount
-  - WRITE_REGISTER_USHORT
-  - WRITE_REGISTER_UCHAR
-  - READ_REGISTER_ULONG
-  - READ_REGISTER_USHORT
-  - READ_REGISTER_UCHAR
-  - KeQuerySystemTime
-  - MmGetPhysicalAddress
-  - KeDelayExecutionThread
-  - WRITE_PORT_USHORT
-  - WRITE_PORT_UCHAR
-  - HalTranslateBusAddress
-  - READ_PORT_ULONG
-  - READ_PORT_USHORT
-  - READ_PORT_UCHAR
-  - WRITE_PORT_ULONG
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G3
-      ValidFrom: '2012-05-01 00:00:00'
-      ValidTo: '2012-12-31 23:59:59'
-      Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
-      Version: 3
-      TBS:
-        MD5: e6d820afb23af20a65cf0b03247ea05e
-        SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
-        SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
-        SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=TW, ST=Taiwan, L=Taipei / Peitou, O=ASUSTeK Computer Inc., OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=Quality Testing Department,
-        CN=ASUSTeK Computer Inc.
-      ValidFrom: '2012-07-31 00:00:00'
-      ValidTo: '2015-08-03 23:59:59'
-      Signature: 03cd161c1960e13d0b06441f08fdfc9df8319f8d87a83ecc865bc20767841d4087e40dc9d770bdc5c0fe6ccb9cf3e08bee7364451b03fb3130356761cae54417e8a282ed7cd33b0becd72e8799b616a2766976a7172a1cc299e8321ebeb479f592e03f425da4b2ea6a0cd0b5cc32b9bdeec80aa3ef0a62d6e16b72765301d53ef883ab9210a4b868ff2e2724e37804feb5277d3e26da8ba9d0b6ef61769d1c0f62a78757779d7134a63320b1a692584f12162d3fa20ec6e1b038b1a8d7afc2fad7b692759c6a000159714271f40d608fed3c08213b757fa75baf4674380f5aea46b7125f17532c636876c1f3e0d4b0350822f2a640001fda794b969e2cc681c2
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 7d08d9bc130726de26ee4ef28e133084
-      Version: 3
-      TBS:
-        MD5: 72cafb0a175f0481177fa2c9803283c7
-        SHA1: b603167b958c5fcd7094552891ddc4e2ea4c149f
-        SHA256: a36a0024075771a4b30eab8f1288817059fe1a01003d0c1d92f647df17f3b688
-        SHA384: 33c28dc6857ce5d20a2e9ba8a47f6bc80a9a98fba518fd732963bedbbb408848b89b3d8438d413f8b933ee761ffa1653
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 7d08d9bc130726de26ee4ef28e133084
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 432a6583ab7bafb3773874586c68db85
-    SHA1: bb0833dab5efdcbfcad58fe4e9a35fc31de53442
-    SHA256: 1dffaf610cdef8285f0794d34bc503106b06dbe14d99da734436265b9461f6c9
-  Sections:
-    .text:
-      Entropy: 6.23937613305102
-      Virtual Size: '0x8ad'
-    .rdata:
-      Entropy: 4.36827815837928
-      Virtual Size: '0xe7'
-    .data:
-      Entropy: 1.311278124459133
-      Virtual Size: '0x10'
-    INIT:
-      Entropy: 5.344545644500133
-      Virtual Size: '0x370'
-    .reloc:
-      Entropy: 3.6862767817925604
-      Virtual Size: '0xc6'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2012-08-22 03:54:43'
-  Imphash: 2699b7ae36fcadd71425ebafd231d0d1
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: asio.sys
-  MD5: ea14899d1bfba397bc731770765768d1
-  SHA1: c775ca665ed4858acc3f7e75e025cbbda1f8c687
-  SHA256: 506f953bbb285aeb8af0549eb24f52f3b7af36afe740afa36735bac70573ce28
-  Authentihash:
-    MD5: 9fd03554246c6c74c232919c680d7be8
-    SHA1: b25550309c902a21b03367ae27694c5a29b891b5
-    SHA256: c3e3719ca592ba65a67f594ec1a08d0d7ad724b088be77d48cb33627c56f4614
-  Description: ''
-  Company: ''
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  Product: ''
-  ProductVersion: ''
-  Copyright: ''
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ZwClose
-  - MmGetPhysicalAddress
-  - MmAllocateContiguousMemory
-  - ZwUnmapViewOfSection
-  - IoIs32bitProcess
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - IofCompleteRequest
-  - KeDelayExecutionThread
-  - HalTranslateBusAddress
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=California, L=Santa Clara, O=NVIDIA Corporation, OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=Software, CN=NVIDIA Corporation
-      ValidFrom: '2011-09-02 00:00:00'
-      ValidTo: '2014-09-01 23:59:59'
-      Signature: 5238793a97b2868da546597dbe0a1fba197ae635b9f53b53e26758194d749767e05fb1ce407fd31469376b37c67d5d48bc834f970ac733cd63d557e8a3be20a1fbf9d09e7a5c6c4ebd6fc18a68d0842d2ffdf6f79142d914c6521d227014040fa12f2afb3878aa065cfbed7fa29091b4fe54ea6237a0e1f8f183d0573ebb5bfe712cee4c49bd0b2f40c33bfcf0c7de0bc51ce01a70d14072d4d01216f36e388159220a4d8e3250ddccd71c7ef8a93a26edda2e959b598703a85fa391630e052454e31390dd82d69afee5df2f287bdce8f45f6363c27e6e23ab92faefc7e8d78c10cc1f936f33c36a134cb8820b5749ff479f70834bd99d8e15ad79a1cb3d7ebf
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 43bb437d609866286dd839e1d00309f5
-      Version: 3
-      TBS:
-        MD5: cef292b5c6cdb07e480ccbba0c9d56d1
-        SHA1: 15c37dbebe6fcc77108e3d7ad982676d3d5e77f7
-        SHA256: 3cb152375fa9e694fd2f9167c382005166871c783774997df1a42e0b6013d82a
-        SHA384: e64427dea71a71110ebc317f3552cd7193c5743f72d5cac9257abe80346d15ee42930d5a85e16c02ea06f56c7e8811fb
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 43bb437d609866286dd839e1d00309f5
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: fdbc1ff6c9321efd70ec149c3c8ccac6
-    SHA1: d77615c985da37ca9099b27c1be4785c6cb7ccf6
-    SHA256: 4dbce3e8c08dd544b78f87323f6d794fb990bb10cb6d239fe367da87a803f23c
-  Sections:
-    .text:
-      Entropy: 6.108859458208728
-      Virtual Size: '0xd86'
-    .rdata:
-      Entropy: 4.337980114178664
-      Virtual Size: '0x188'
-    .data:
-      Entropy: 0.0
-      Virtual Size: '0xc'
-    .pdata:
-      Entropy: 3.2608964358708645
-      Virtual Size: '0x84'
-    INIT:
-      Entropy: 4.571215641554434
-      Virtual Size: '0x24a'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2010-06-27 23:19:38'
-  Imphash: b4b90c1b054ebe273bff4b2fd6927990
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: AsIO2.sys
-  MD5: 09672532194b4bff5e0f7a7d782c7bf2
-  SHA1: aa2ea973bb248b18973e57339307cfb8d309f687
-  SHA256: 5ae23f1fcf3fb735fcf1fa27f27e610d9945d668a149c7b7b0c84ffd6409d99a
-  Authentihash:
-    MD5: 9387de920b7da0bd65f15323feed6a18
-    SHA1: 92fee95e32a727d135f1f46ca98c201fffbf6950
-    SHA256: 9c7ad854f6670452d7da064d4b429eb90c42155b6f7eaa52ee471d9ee8b61e6f
-  Description: ''
-  Company: ''
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  Product: ''
-  ProductVersion: ''
-  Copyright: ''
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - DbgPrint
-  - KeDelayExecutionThread
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - MmGetSystemRoutineAddress
-  - MmAllocateContiguousMemory
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - IoIs32bitProcess
-  - RtlCopyUnicodeString
-  - ObfDereferenceObject
-  - ZwClose
-  - ZwOpenSection
-  - ZwMapViewOfSection
-  - ZwUnmapViewOfSection
-  - MmGetPhysicalAddress
-  - RtlCompareUnicodeString
-  - ZwOpenFile
-  - ZwQueryInformationFile
-  - ZwReadFile
-  - __C_specific_handler
-  - KeBugCheckEx
-  - ObReferenceObjectByHandle
-  - RtlInitUnicodeString
-  - HalTranslateBusAddress
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: ??=TW, ??=Private Organization, serialNumber=23638777, C=TW, L=Taipei
-        City, O=ASUSTeK Computer Inc., CN=ASUSTeK Computer Inc.
-      ValidFrom: '2019-04-01 00:00:00'
-      ValidTo: '2022-01-11 12:00:00'
-      Signature: 646eaa59a80117077ed7d80227a6c3be77f3d9acdc0927d1299369e5636dbb773b61e91390d181178f88e5b92c7cc0c1b851541ee781380f7ac0425fea8a292a9cf93c7f851701db11dd13c8c0e97fd254839b81fdfd7e0a9a520c43186f4c834daa920b8a8e7ddd0048a55a5b7034675394a914b91258751c59b6d9d60ce1d17565fbdcd99311bcbe7e386807ecc186248ddbbb4bae2e4192a0509d661cd307c28a79c6b914854728463b7b39515869858c4975e0fbdd74188afa81c729682705f73bf80e839897b1d61d8deeabb53744e938b4b918fced39ca7dff3076c7f2dca4ddda8621a81fc493480456966901e29041821b116294bc98b445ebb05c33
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 0c64962e4467edcc1579646b7337ec8c
-      Version: 3
-      TBS:
-        MD5: 69796942ecdfadbd806bdea1460a5115
-        SHA1: 0ce9329828324db04bd0a7b101b4fbfedb3be8b2
-        SHA256: efd9b83b154c3e805e1bf7fdfd6a7f7bfdcf2ff3e191d1c33bdc427b6c82039b
-        SHA384: e27d21dc30c40e7b675120062e69c438e9f448ceed7b0434dedd129848c6a8edf05ec07ac25f5ec300be0da46a4c6eab
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA (SHA2)
-      ValidFrom: '2012-04-18 12:00:00'
-      ValidTo: '2027-04-18 12:00:00'
-      Signature: 19334a0c813337dbad36c9e4c93abbb51b2e7aa2e2f44342179ebf4ea14de1b1dbe981dd9f01f2e488d5e9fe09fd21c1ec5d80d2f0d6c143c2fe772bdbf9d79133ce6cd5b2193be62ed6c9934f88408ecde1f57ef10fc6595672e8eb6a41bd1cd546d57c49ca663815c1bfe091707787dcc98d31c90c29a233ed8de287cd898d3f1bffd5e01a978b7cda6dfba8c6b23a666b7b01b3cdd8a634ec1201ab9558a5c45357a860e6e70212a0b92364a24dbb7c81256421becfee42184397bba53706af4dff26a54d614bec4641b865ceb8799e08960b818c8a3b8fc7998ca32a6e986d5e61c696b78ab9612d93b8eb0e0443d7f5fea6f062d4996aa5c1c1f0649480
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 03f1b4e15f3a82f1149678b3d7d8475c
-      Version: 3
-      TBS:
-        MD5: 83f5de89f641d0fbf60248e10a7b9534
-        SHA1: 382a73a059a08698d6eb98c87e1b36fc750933a4
-        SHA256: eec58131dc11cd7f512501b15fdbc6074c603b68ca91f7162d5a042054edb0cf
-        SHA384: 4a25018683cabfb8ec2cad136334f37f33c89aa8540326322991d997c8adfb7faf06ab602ebd46630fe75fe3d2edc6b1
-    Signer:
-    - SerialNumber: 0c64962e4467edcc1579646b7337ec8c
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA (SHA2)
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 4d4124d64d3ec50417cbec6daeee88c6
-    SHA1: 8bda6992e8fd342be0abce910d9a992c8ebbce34
-    SHA256: 2e82cfe54b31c08c9ac79f9cfa2dc0681ae022435c35d74c9c5b0a8d62a578ff
-  Sections:
-    .text:
-      Entropy: 6.504139925831708
-      Virtual Size: '0x24d2'
-    .rdata:
-      Entropy: 5.447692050379133
-      Virtual Size: '0x874'
-    .data:
-      Entropy: 2.591917186688699
-      Virtual Size: '0x20'
-    .pdata:
-      Entropy: 3.9085448824956335
-      Virtual Size: '0x18c'
-    INIT:
-      Entropy: 5.215252524750182
-      Virtual Size: '0x436'
-    .reloc:
-      Entropy: 2.9464393446710155
-      Virtual Size: '0x14'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2019-04-09 03:59:16'
-  Imphash: 81e2eb25e24938b90806de865630a2b2
-  LoadsDespiteHVCI: 'TRUE'
-- Filename: AsIO3.sys
-  MD5: ba23266992ad964eff6d358d946b76bd
-  SHA1: d1670bd08cfd376fc2b70c6193f3099078f1d72f
-  SHA256: 71ff60722231c7641ad593756108cf6779dbaad21c7b08065fb1d4e225eab14d
-  Authentihash:
-    MD5: ace2d8ea30005bce12b1421f431bc39c
-    SHA1: f084b6ba134b23e06f5867e650ba4eb9d1007231
-    SHA256: 12af7c39519e16307c2c62a84ca40017b43acf7fa90ec97c182701ffcffa1b61
-  Description: ''
-  Company: ''
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  Product: ''
-  ProductVersion: ''
-  Copyright: ''
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - DbgPrint
-  - RtlGetVersion
-  - KeDelayExecutionThread
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - MmGetSystemRoutineAddress
-  - MmAllocateContiguousMemory
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - RtlCopyUnicodeString
-  - ObReferenceObjectByHandle
-  - ObfDereferenceObject
-  - ZwClose
-  - ZwOpenSection
-  - ZwMapViewOfSection
-  - ZwUnmapViewOfSection
-  - MmGetPhysicalAddress
-  - __C_specific_handler
-  - ZwOpenFile
-  - ZwQueryInformationFile
-  - ZwReadFile
-  - KeBugCheckEx
-  - IoIs32bitProcess
-  - RtlInitUnicodeString
-  - HalTranslateBusAddress
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert, Inc., CN=DigiCert Timestamp 2021
-      ValidFrom: '2021-01-01 00:00:00'
-      ValidTo: '2031-01-06 00:00:00'
-      Signature: 481cdcb5e99a23bce71ae7200e8e6746fd427251740a2347a3ab92d225c47059be14a0e52781a54d1415190779f0d104c386d93bbdfe4402664ded69a40ff6b870cf62e8f5514a7879367a27b7f3e7529f93a7ed439e7be7b4dd412289fb87a246034efcf4feb76477635f2352698382fa1a53ed90cc8da117730df4f36539704bf39cd67a7bda0cbc3d32d01bcbf561fc75080076bc810ef8c0e15ccfc41172e71b6449d8229a751542f52d323881daf460a2bab452fb5ce06124254fb2dfc929a8734351dabd63d61f5b9bf72e1b4f131df74a0d717e97b7f43f84ebc1e3a349a1facea7bf56cfba597661895f7ea7b48e6778f93698e1cb28da5b87a68a2f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 0d424ae0be3a88ff604021ce1400f0dd
-      Version: 3
-      TBS:
-        MD5: c0189c338449a42fe8358c2c1fbecc60
-        SHA1: b8ac0ee6875594b80ad86a6df6dd1fa3048c187c
-        SHA256: a43de6baf968a942da017b70769fdb65b3cfb1bbca1f9174da26a7d8aae78ec5
-        SHA384: 76d3a316a5a106050298418cce3beea16100524723d9e3220b0de51bfb6f1c35a5d4c7cd10b358fef7bf94c3e3562150
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Assured
-        ID Timestamping CA
-      ValidFrom: '2016-01-07 12:00:00'
-      ValidTo: '2031-01-07 12:00:00'
-      Signature: 719512e951875669cdefddda7caa637ab378cf06374084ef4b84bfcacf0302fdc5a7c30e20422caf77f32b1f0c215a2ab705341d6aae99f827a266bf09aa60df76a43a930ff8b2d1d87c1962e85e82251ec4ba1c7b2c21e2d65b2c1435430468b2db7502e072c798d63c64e51f4810185f8938614d62462487638c91522caf2989e5781fd60b14a580d7124770b375d59385937eb69267fb536189a8f56b96c0f458690d7cc801b1b92875b7996385228c61ca79947e59fc8c0fe36fb50126b66ca5ee875121e458609bba0c2d2b6da2c47ebbc4252b4702087c49ae13b6e17c424228c61856cf4134b6665db6747bf55633222f2236b24ba24a95d8f5a68e52
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 0aa125d6d6321b7e41e405da3697c215
-      Version: 3
-      TBS:
-        MD5: 8d26184fc613f89aba1cefb30fce1b53
-        SHA1: 63a7e376bad5ec2e419d514a403bcf46c8d31d95
-        SHA256: 56b5f0d9db578e3f142921daa387902722a76700375c7e1c4ae0ba004bacaa0c
-        SHA384: d8c9691fe9dbe182f07b49b07fbb4f589fa7b38b5c4d21f265d3a2e818f4b1bfb39e03faab2ec05bb10333a99914fb8a
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: ??=TW, ??=Private Organization, serialNumber=23638777, C=TW, L=Taipei
-        City, O=ASUSTeK Computer Inc., CN=ASUSTeK Computer Inc.
-      ValidFrom: '2019-04-01 00:00:00'
-      ValidTo: '2022-01-11 12:00:00'
-      Signature: 646eaa59a80117077ed7d80227a6c3be77f3d9acdc0927d1299369e5636dbb773b61e91390d181178f88e5b92c7cc0c1b851541ee781380f7ac0425fea8a292a9cf93c7f851701db11dd13c8c0e97fd254839b81fdfd7e0a9a520c43186f4c834daa920b8a8e7ddd0048a55a5b7034675394a914b91258751c59b6d9d60ce1d17565fbdcd99311bcbe7e386807ecc186248ddbbb4bae2e4192a0509d661cd307c28a79c6b914854728463b7b39515869858c4975e0fbdd74188afa81c729682705f73bf80e839897b1d61d8deeabb53744e938b4b918fced39ca7dff3076c7f2dca4ddda8621a81fc493480456966901e29041821b116294bc98b445ebb05c33
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 0c64962e4467edcc1579646b7337ec8c
-      Version: 3
-      TBS:
-        MD5: 69796942ecdfadbd806bdea1460a5115
-        SHA1: 0ce9329828324db04bd0a7b101b4fbfedb3be8b2
-        SHA256: efd9b83b154c3e805e1bf7fdfd6a7f7bfdcf2ff3e191d1c33bdc427b6c82039b
-        SHA384: e27d21dc30c40e7b675120062e69c438e9f448ceed7b0434dedd129848c6a8edf05ec07ac25f5ec300be0da46a4c6eab
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA (SHA2)
-      ValidFrom: '2012-04-18 12:00:00'
-      ValidTo: '2027-04-18 12:00:00'
-      Signature: 19334a0c813337dbad36c9e4c93abbb51b2e7aa2e2f44342179ebf4ea14de1b1dbe981dd9f01f2e488d5e9fe09fd21c1ec5d80d2f0d6c143c2fe772bdbf9d79133ce6cd5b2193be62ed6c9934f88408ecde1f57ef10fc6595672e8eb6a41bd1cd546d57c49ca663815c1bfe091707787dcc98d31c90c29a233ed8de287cd898d3f1bffd5e01a978b7cda6dfba8c6b23a666b7b01b3cdd8a634ec1201ab9558a5c45357a860e6e70212a0b92364a24dbb7c81256421becfee42184397bba53706af4dff26a54d614bec4641b865ceb8799e08960b818c8a3b8fc7998ca32a6e986d5e61c696b78ab9612d93b8eb0e0443d7f5fea6f062d4996aa5c1c1f0649480
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 03f1b4e15f3a82f1149678b3d7d8475c
-      Version: 3
-      TBS:
-        MD5: 83f5de89f641d0fbf60248e10a7b9534
-        SHA1: 382a73a059a08698d6eb98c87e1b36fc750933a4
-        SHA256: eec58131dc11cd7f512501b15fdbc6074c603b68ca91f7162d5a042054edb0cf
-        SHA384: 4a25018683cabfb8ec2cad136334f37f33c89aa8540326322991d997c8adfb7faf06ab602ebd46630fe75fe3d2edc6b1
-    Signer:
-    - SerialNumber: 0c64962e4467edcc1579646b7337ec8c
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA (SHA2)
-      Version: 1
-  RichPEHeaderHash:
-    MD5: b6539d5c7cfa1f973bd84a2b5f9e21ff
-    SHA1: 8cdb66c7de4ddc498383fafea692448ccbdfd066
-    SHA256: f3d0d00d01297987bc4c626fec0a82efb94cef8ebe74e46e7b8eb63abe087d7b
-  Sections:
-    .text:
-      Entropy: 6.323949092110609
-      Virtual Size: '0x4733'
-    .rdata:
-      Entropy: 5.459170046837529
-      Virtual Size: '0x83c'
-    .data:
-      Entropy: 0.9406144310784021
-      Virtual Size: '0x290'
-    .pdata:
-      Entropy: 3.8692348543800357
-      Virtual Size: '0x174'
-    INIT:
-      Entropy: 5.255268621688079
-      Virtual Size: '0x42c'
-    .reloc:
-      Entropy: 2.9464393446710155
-      Virtual Size: '0x14'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2021-05-31 19:44:39'
-  Imphash: f5ebade1d3a6d3bde264b0c7f9f639e7
-  LoadsDespiteHVCI: 'TRUE'
-- Filename: AsIO2.sys
-  MD5: f4e1997192d5a95a38965c9e15c687fc
-  SHA1: d3b23a0b70d6d279abd8db109f08a8b0721ce327
-  SHA256: 72322fa8bba20df6966acbcf41e83747893fd173cd29de99b5ad1a5d3bf8f2de
-  Authentihash:
-    MD5: 00222ac0100839199b77ebb2c911eda5
-    SHA1: bb4bff7156e15818a9e6344bad411587f3dcc0a1
-    SHA256: 0e955e57f078a2c0de7d113e85859bb3e0fcac772a5a1b9b9709a90a86ef4cd5
-  Description: ''
-  Company: ''
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  Product: ''
-  ProductVersion: ''
-  Copyright: ''
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - DbgPrint
-  - RtlGetVersion
-  - KeDelayExecutionThread
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - MmGetSystemRoutineAddress
-  - MmAllocateContiguousMemory
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - RtlCopyUnicodeString
-  - ObReferenceObjectByHandle
-  - ObfDereferenceObject
-  - ZwClose
-  - ZwOpenSection
-  - ZwMapViewOfSection
-  - ZwUnmapViewOfSection
-  - MmGetPhysicalAddress
-  - RtlCompareUnicodeString
-  - ZwOpenFile
-  - ZwQueryInformationFile
-  - ZwReadFile
-  - __C_specific_handler
-  - KeBugCheckEx
-  - IoIs32bitProcess
-  - RtlInitUnicodeString
-  - HalTranslateBusAddress
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: ??=TW, ??=Private Organization, serialNumber=23638777, C=TW, L=Taipei
-        City, O=ASUSTeK Computer Inc., CN=ASUSTeK Computer Inc.
-      ValidFrom: '2019-04-01 00:00:00'
-      ValidTo: '2022-01-11 12:00:00'
-      Signature: 646eaa59a80117077ed7d80227a6c3be77f3d9acdc0927d1299369e5636dbb773b61e91390d181178f88e5b92c7cc0c1b851541ee781380f7ac0425fea8a292a9cf93c7f851701db11dd13c8c0e97fd254839b81fdfd7e0a9a520c43186f4c834daa920b8a8e7ddd0048a55a5b7034675394a914b91258751c59b6d9d60ce1d17565fbdcd99311bcbe7e386807ecc186248ddbbb4bae2e4192a0509d661cd307c28a79c6b914854728463b7b39515869858c4975e0fbdd74188afa81c729682705f73bf80e839897b1d61d8deeabb53744e938b4b918fced39ca7dff3076c7f2dca4ddda8621a81fc493480456966901e29041821b116294bc98b445ebb05c33
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 0c64962e4467edcc1579646b7337ec8c
-      Version: 3
-      TBS:
-        MD5: 69796942ecdfadbd806bdea1460a5115
-        SHA1: 0ce9329828324db04bd0a7b101b4fbfedb3be8b2
-        SHA256: efd9b83b154c3e805e1bf7fdfd6a7f7bfdcf2ff3e191d1c33bdc427b6c82039b
-        SHA384: e27d21dc30c40e7b675120062e69c438e9f448ceed7b0434dedd129848c6a8edf05ec07ac25f5ec300be0da46a4c6eab
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA (SHA2)
-      ValidFrom: '2012-04-18 12:00:00'
-      ValidTo: '2027-04-18 12:00:00'
-      Signature: 19334a0c813337dbad36c9e4c93abbb51b2e7aa2e2f44342179ebf4ea14de1b1dbe981dd9f01f2e488d5e9fe09fd21c1ec5d80d2f0d6c143c2fe772bdbf9d79133ce6cd5b2193be62ed6c9934f88408ecde1f57ef10fc6595672e8eb6a41bd1cd546d57c49ca663815c1bfe091707787dcc98d31c90c29a233ed8de287cd898d3f1bffd5e01a978b7cda6dfba8c6b23a666b7b01b3cdd8a634ec1201ab9558a5c45357a860e6e70212a0b92364a24dbb7c81256421becfee42184397bba53706af4dff26a54d614bec4641b865ceb8799e08960b818c8a3b8fc7998ca32a6e986d5e61c696b78ab9612d93b8eb0e0443d7f5fea6f062d4996aa5c1c1f0649480
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 03f1b4e15f3a82f1149678b3d7d8475c
-      Version: 3
-      TBS:
-        MD5: 83f5de89f641d0fbf60248e10a7b9534
-        SHA1: 382a73a059a08698d6eb98c87e1b36fc750933a4
-        SHA256: eec58131dc11cd7f512501b15fdbc6074c603b68ca91f7162d5a042054edb0cf
-        SHA384: 4a25018683cabfb8ec2cad136334f37f33c89aa8540326322991d997c8adfb7faf06ab602ebd46630fe75fe3d2edc6b1
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 0c64962e4467edcc1579646b7337ec8c
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA (SHA2)
-      Version: 1
-  RichPEHeaderHash:
-    MD5: b19546fb2509abca52ddbc17db4bdb42
-    SHA1: 6d702f91bc9b3a73eba9f9c0417984b578ca200b
-    SHA256: 73a749678370e9cfeca10fc868e7a18cc3b499e01f7a97479cd909f44feb5b87
-  Sections:
-    .text:
-      Entropy: 6.497436117425461
-      Virtual Size: '0x2552'
-    .rdata:
-      Entropy: 5.458978412009734
-      Virtual Size: '0x88c'
-    .data:
-      Entropy: 2.2166422780956516
-      Virtual Size: '0x28'
-    .pdata:
-      Entropy: 3.90277567498223
-      Virtual Size: '0x18c'
-    INIT:
-      Entropy: 5.195052400903618
-      Virtual Size: '0x44e'
-    .reloc:
-      Entropy: 2.939353872167201
-      Virtual Size: '0x14'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2020-05-20 02:47:26'
-  Imphash: f74aa24adc713dbb957ccb18f3c16a71
-  LoadsDespiteHVCI: 'TRUE'
-- Filename: AsIO3_64.sys
-  MD5: 07efb8259b42975d502a058db8a3fd21
-  SHA1: 9f22ebcd2915471e7526f30aa53c24b557a689f5
-  SHA256: 7236c8ff33c0e5cfa956778aa7303f1979f3bf709c361399fa1ce101b7e355b8
-  Authentihash:
-    MD5: 9a476899b3d01439880bcc7ae9991d47
-    SHA1: ac07c5670916f6c3949a49036460ac08ec43a582
-    SHA256: 54231728c29f2d2003ec575729760369bb72be7b656b52b4f02ec198f4ee4dfd
-  Description: ''
-  Company: ''
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  Product: ''
-  ProductVersion: ''
-  Copyright: ''
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - KeSetEvent
-  - KeDelayExecutionThread
-  - KeWaitForSingleObject
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - MmGetSystemRoutineAddress
-  - MmAllocateContiguousMemory
-  - MmFreeContiguousMemory
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoCreateSynchronizationEvent
-  - IoDeleteDevice
-  - RtlGetVersion
-  - IoIs32bitProcess
-  - ObReferenceObjectByHandle
-  - ObfDereferenceObject
-  - ZwClose
-  - ZwOpenSection
-  - ZwMapViewOfSection
-  - ZwUnmapViewOfSection
-  - MmGetPhysicalAddress
-  - __C_specific_handler
-  - ZwOpenFile
-  - ZwQueryInformationFile
-  - ZwReadFile
-  - KeBugCheckEx
-  - DbgPrint
-  - RtlCopyUnicodeString
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  - HalTranslateBusAddress
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert, Inc., CN=DigiCert Trusted G4 Code Signing RSA4096
-        SHA384 2021 CA1
-      ValidFrom: '2021-04-29 00:00:00'
-      ValidTo: '2036-04-28 23:59:59'
-      Signature: 3a23443d8d0876ee8fbc3a99d356e0021aa5f84834f32cb6e67466f79472b100caaf6c302713129e90449f4bfd9ea37c26d537bc3a5d486d95d53f49f427bb16814550fd9cbdb685e0767e3771cb22f75aaa90cff5936ae3eb20d1d55079889a8a8ac1b6bda148187edcd8801a111918cd61998156f6c9e376e7c4e41b5f43f83e94ff76393d9ed499cf4add28eb5f26a1955848d51afed7273ffd90d17686dd1cb0605cf30da8eee089a1bd39e1384eda6ebb369dfbe521535ac3cae96af1a23edb43b833c84f38149299f5ddce546dd95d02141f40337c03e295b2c221757352cb46d8c4341ca2a54b8dcd6f76372c853f1ace26e918be9007b0437f9588208270f0cccaeffd29355c1f893855f7378a8b09a1cb0be9311aff2e195c3971e1be9ca70a06d62667b792e64e5fde7aac49cf2ea47492addb3ca49c861fe3c1561b2b23ff8fb5ea887b706be6a0bafd3a3f45a6c4e81691528b41c048844b964dab4440e38df01528ceedf11856072a2f10c40c08643c338fae288c3ccb8f880b0dbf3bf4ce1e7b8eefb5ebcbb7f07713e6e7283fac12aea52f226c41f9825c1566cc6c0ecac586c3f626330c074ba0d307026a6a4030484b34a85120bbad1b8508e2590d6dca05502bea4a1c9ea5fda0a71f0674e7f2d65290fdaf854821f9573bb49c03ed8645f4b4616ebf68e2266086eac8afa9fe941de7631b3a8656784e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.12
-      IsCertificateAuthority: true
-      SerialNumber: 08ad40b260d29c4c9f5ecda9bd93aed9
-      Version: 3
-      TBS:
-        MD5: 5d8003a64dfa5a4d88365da1566038cb
-        SHA1: 79465b56bc7ad55a37bdf633943da8bfc84db228
-        SHA256: 84bdc82e2f2a7f7aaa782667dac556ffcb2b33240c1f9c0a00a3264526a98332
-        SHA384: 65b1d4076a89ae273f57e6eeedecb3eae129b4168f76fa7671914cdf461d542255c59d9b85b916ae0ca6fc0fcf7a8e64
-    - Subject: ??=Private Organization, ??=TW, serialNumber=23638777, C=TW, ST=Taipei
-        City, L=Beitou District, O=ASUSTeK COMPUTER INC., CN=ASUSTeK COMPUTER INC.
-      ValidFrom: '2021-10-22 00:00:00'
-      ValidTo: '2024-10-22 23:59:59'
-      Signature: 1a8b6fd4e11cec34a3dfea314f0d59c6f41c56f76e1ac51f68e0285f1abdbda9e22628939dbd7acdf890d8ff3c7c4fff180c624b8434c6536bb61f1ff459d48a14c001d9d40ff1587cf64ce82edee2a24da8d80cd240e2af6d0e1c61aab24ce95f9c8ef50eeb0e153a343c1279fe6a003c44f3bd3ffa75ffbe314fc13bb36a9bbb3cea6026f5cb582992b016059074e4fcd8c16d4c5e8750bc9a196f94525317febcddb2d0121a235bb95136a0e4fc25611cd2915f4b488b66888168b90824e171d3214480c99fadb7b6c89cafc500eee468cb7faa9c1c1526d224ff389de012480480ced98831c324b129f2df3d3493d002ec8d4725e00eda33994f82493505861f61035c625d1c9ce2c7363799d3f1df9b17712b43cbf4c2027b54c796cbaca6b1523d028291e07774168a976ee3c879c850c1aaf65b1cec5c6dcb445487ab11b3967b8dd7726fe0dc529f7d624346a996adfd9dc6aab808edd9836a93e229ddbba4e8bb1c59719b6ebdcfc74d73f57ed946e936b5659783c199395bd2595458958edde6674bf08b3b650a8aeaa5507053b3f6ee7aedf16f55b849111535ca68ea11a5827551cba28023e230db7a209c763743ea22be0948ecf03d98ed447f66ecb97c0a525eb3b469779f2417f2082c4244b50936a9cb215745c71f3c27c98220f76395ba22a2f921a87655237977febd8b9a1564333af0cdf8e749bce0dd
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 0bbe02c8838fbf02ab56edabb1e34c19
-      Version: 3
-      TBS:
-        MD5: 0357e292e0e92b06c92b21cacfcfa451
-        SHA1: f52795bc8de5d803f09e20dd216d7df861f4cb34
-        SHA256: b33b80e64cdfb28fb9afb17259be19ffe1edf8aae62fcfbfe8ff301f786c500d
-        SHA384: 5fbe918c3fa1034d5671ae38b20773df18b8f9dd48e60f90c5c98708e73d6ca0c6dec4e2bcb0de22ba3efb59479db152
-    Signer:
-    - SerialNumber: 0bbe02c8838fbf02ab56edabb1e34c19
-      Issuer: C=US, O=DigiCert, Inc., CN=DigiCert Trusted G4 Code Signing RSA4096
-        SHA384 2021 CA1
-      Version: 1
-  RichPEHeaderHash:
-    MD5: dbe8b55f933a7abbc26d9f121bbf2b84
-    SHA1: 81e0e90f23b7d56dd1dccbbe04bb3c54892af7b8
-    SHA256: 270748ae970faf04f98d588b783073c9b24e3dae8630ad2e3f1a862731078f4b
-  Sections:
-    .text:
-      Entropy: 6.407232131831549
-      Virtual Size: '0x58d3'
-    .rdata:
-      Entropy: 5.43652038691502
-      Virtual Size: '0x8d4'
-    .data:
-      Entropy: 0.9367081810784021
-      Virtual Size: '0x290'
-    .pdata:
-      Entropy: 4.005604411589105
-      Virtual Size: '0x1bc'
-    INIT:
-      Entropy: 5.265885086539526
-      Virtual Size: '0x4ec'
-    .reloc:
-      Entropy: 3.1086949695628423
-      Virtual Size: '0x14'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2022-07-28 02:33:11'
-  Imphash: b3e26c5e0de2d01597dca208ef27cc38
-  LoadsDespiteHVCI: 'TRUE'
-- Filename: AsIO3.sys
-  MD5: 1414629b1ee93d2652ff49b2eb829940
-  SHA1: df58f9b193c6916aaec7606c0de5eba70c8ec665
-  SHA256: 7b0f442ac0bb183906700097d65aed0b4b9d8678f9a01aca864854189fe368e7
-  Authentihash:
-    MD5: cf61dd8f9a187de6219f930866defcbd
-    SHA1: 80bb26a2ef12a3d9d77fe5dd6059d5955b690b2e
-    SHA256: a7bb08f99a9701482ce693d71e95559b10a247c4e8f50deba8097b0d3f191532
-  Description: ''
-  Company: ''
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  Product: ''
-  ProductVersion: ''
-  Copyright: ''
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - KeSetEvent
-  - KeDelayExecutionThread
-  - KeWaitForSingleObject
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - MmGetSystemRoutineAddress
-  - MmAllocateContiguousMemory
-  - MmFreeContiguousMemory
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoCreateSynchronizationEvent
-  - IoDeleteDevice
-  - RtlGetVersion
-  - IoIs32bitProcess
-  - ObReferenceObjectByHandle
-  - ObfDereferenceObject
-  - ZwClose
-  - ZwOpenSection
-  - ZwMapViewOfSection
-  - ZwUnmapViewOfSection
-  - MmGetPhysicalAddress
-  - __C_specific_handler
-  - ZwOpenFile
-  - ZwQueryInformationFile
-  - ZwReadFile
-  - KeBugCheckEx
-  - DbgPrint
-  - RtlCopyUnicodeString
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  - HalTranslateBusAddress
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert, Inc., CN=DigiCert Trusted G4 Code Signing RSA4096
-        SHA384 2021 CA1
-      ValidFrom: '2021-04-29 00:00:00'
-      ValidTo: '2036-04-28 23:59:59'
-      Signature: 3a23443d8d0876ee8fbc3a99d356e0021aa5f84834f32cb6e67466f79472b100caaf6c302713129e90449f4bfd9ea37c26d537bc3a5d486d95d53f49f427bb16814550fd9cbdb685e0767e3771cb22f75aaa90cff5936ae3eb20d1d55079889a8a8ac1b6bda148187edcd8801a111918cd61998156f6c9e376e7c4e41b5f43f83e94ff76393d9ed499cf4add28eb5f26a1955848d51afed7273ffd90d17686dd1cb0605cf30da8eee089a1bd39e1384eda6ebb369dfbe521535ac3cae96af1a23edb43b833c84f38149299f5ddce546dd95d02141f40337c03e295b2c221757352cb46d8c4341ca2a54b8dcd6f76372c853f1ace26e918be9007b0437f9588208270f0cccaeffd29355c1f893855f7378a8b09a1cb0be9311aff2e195c3971e1be9ca70a06d62667b792e64e5fde7aac49cf2ea47492addb3ca49c861fe3c1561b2b23ff8fb5ea887b706be6a0bafd3a3f45a6c4e81691528b41c048844b964dab4440e38df01528ceedf11856072a2f10c40c08643c338fae288c3ccb8f880b0dbf3bf4ce1e7b8eefb5ebcbb7f07713e6e7283fac12aea52f226c41f9825c1566cc6c0ecac586c3f626330c074ba0d307026a6a4030484b34a85120bbad1b8508e2590d6dca05502bea4a1c9ea5fda0a71f0674e7f2d65290fdaf854821f9573bb49c03ed8645f4b4616ebf68e2266086eac8afa9fe941de7631b3a8656784e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.12
-      IsCertificateAuthority: true
-      SerialNumber: 08ad40b260d29c4c9f5ecda9bd93aed9
-      Version: 3
-      TBS:
-        MD5: 5d8003a64dfa5a4d88365da1566038cb
-        SHA1: 79465b56bc7ad55a37bdf633943da8bfc84db228
-        SHA256: 84bdc82e2f2a7f7aaa782667dac556ffcb2b33240c1f9c0a00a3264526a98332
-        SHA384: 65b1d4076a89ae273f57e6eeedecb3eae129b4168f76fa7671914cdf461d542255c59d9b85b916ae0ca6fc0fcf7a8e64
-    - Subject: ??=Private Organization, ??=TW, serialNumber=23638777, C=TW, ST=Taipei
-        City, L=Beitou District, O=ASUSTeK COMPUTER INC., CN=ASUSTeK COMPUTER INC.
-      ValidFrom: '2021-10-22 00:00:00'
-      ValidTo: '2024-10-22 23:59:59'
-      Signature: 1a8b6fd4e11cec34a3dfea314f0d59c6f41c56f76e1ac51f68e0285f1abdbda9e22628939dbd7acdf890d8ff3c7c4fff180c624b8434c6536bb61f1ff459d48a14c001d9d40ff1587cf64ce82edee2a24da8d80cd240e2af6d0e1c61aab24ce95f9c8ef50eeb0e153a343c1279fe6a003c44f3bd3ffa75ffbe314fc13bb36a9bbb3cea6026f5cb582992b016059074e4fcd8c16d4c5e8750bc9a196f94525317febcddb2d0121a235bb95136a0e4fc25611cd2915f4b488b66888168b90824e171d3214480c99fadb7b6c89cafc500eee468cb7faa9c1c1526d224ff389de012480480ced98831c324b129f2df3d3493d002ec8d4725e00eda33994f82493505861f61035c625d1c9ce2c7363799d3f1df9b17712b43cbf4c2027b54c796cbaca6b1523d028291e07774168a976ee3c879c850c1aaf65b1cec5c6dcb445487ab11b3967b8dd7726fe0dc529f7d624346a996adfd9dc6aab808edd9836a93e229ddbba4e8bb1c59719b6ebdcfc74d73f57ed946e936b5659783c199395bd2595458958edde6674bf08b3b650a8aeaa5507053b3f6ee7aedf16f55b849111535ca68ea11a5827551cba28023e230db7a209c763743ea22be0948ecf03d98ed447f66ecb97c0a525eb3b469779f2417f2082c4244b50936a9cb215745c71f3c27c98220f76395ba22a2f921a87655237977febd8b9a1564333af0cdf8e749bce0dd
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 0bbe02c8838fbf02ab56edabb1e34c19
-      Version: 3
-      TBS:
-        MD5: 0357e292e0e92b06c92b21cacfcfa451
-        SHA1: f52795bc8de5d803f09e20dd216d7df861f4cb34
-        SHA256: b33b80e64cdfb28fb9afb17259be19ffe1edf8aae62fcfbfe8ff301f786c500d
-        SHA384: 5fbe918c3fa1034d5671ae38b20773df18b8f9dd48e60f90c5c98708e73d6ca0c6dec4e2bcb0de22ba3efb59479db152
-    Signer:
-    - SerialNumber: 0bbe02c8838fbf02ab56edabb1e34c19
-      Issuer: C=US, O=DigiCert, Inc., CN=DigiCert Trusted G4 Code Signing RSA4096
-        SHA384 2021 CA1
-      Version: 1
-  RichPEHeaderHash:
-    MD5: dbe8b55f933a7abbc26d9f121bbf2b84
-    SHA1: 81e0e90f23b7d56dd1dccbbe04bb3c54892af7b8
-    SHA256: 270748ae970faf04f98d588b783073c9b24e3dae8630ad2e3f1a862731078f4b
-  Sections:
-    .text:
-      Entropy: 6.407232131831549
-      Virtual Size: '0x58d3'
-    .rdata:
-      Entropy: 5.437107960063165
-      Virtual Size: '0x8d4'
-    .data:
-      Entropy: 0.9313275414257391
-      Virtual Size: '0x290'
-    .pdata:
-      Entropy: 4.005604411589105
-      Virtual Size: '0x1bc'
-    INIT:
-      Entropy: 5.265885086539526
-      Virtual Size: '0x4ec'
-    .reloc:
-      Entropy: 3.1086949695628423
-      Virtual Size: '0x14'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2022-05-18 20:51:01'
-  Imphash: b3e26c5e0de2d01597dca208ef27cc38
-  LoadsDespiteHVCI: 'TRUE'
-- Filename: AsIO3.sys
-  MD5: 67e03f83c503c3f11843942df32efe5a
-  SHA1: b0c7ec472abf544c5524b644a7114cba0505951e
-  SHA256: 7e3b0b8d3e430074109d85729201d7c34bc5b918c0bcb9f64ce88c5e37e1a456
-  Authentihash:
-    MD5: a41fc38c2ffe9e5097c8d781a89bbbe9
-    SHA1: a248637b54b10942743e0caf8698ce8b84559f79
-    SHA256: 9512115b60e67fa268a7463119add2404150842bb3dffa41124b12dd9cb580a2
-  Description: ''
-  Company: ''
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  Product: ''
-  ProductVersion: ''
-  Copyright: ''
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - DbgPrint
-  - RtlGetVersion
-  - KeDelayExecutionThread
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - MmGetSystemRoutineAddress
-  - MmAllocateContiguousMemory
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - RtlCopyUnicodeString
-  - ObReferenceObjectByHandle
-  - ObfDereferenceObject
-  - ZwClose
-  - ZwOpenSection
-  - ZwMapViewOfSection
-  - ZwUnmapViewOfSection
-  - MmGetPhysicalAddress
-  - __C_specific_handler
-  - ZwOpenFile
-  - ZwQueryInformationFile
-  - ZwReadFile
-  - KeBugCheckEx
-  - IoIs32bitProcess
-  - RtlInitUnicodeString
-  - HalTranslateBusAddress
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert, Inc., CN=DigiCert Timestamp 2021
-      ValidFrom: '2021-01-01 00:00:00'
-      ValidTo: '2031-01-06 00:00:00'
-      Signature: 481cdcb5e99a23bce71ae7200e8e6746fd427251740a2347a3ab92d225c47059be14a0e52781a54d1415190779f0d104c386d93bbdfe4402664ded69a40ff6b870cf62e8f5514a7879367a27b7f3e7529f93a7ed439e7be7b4dd412289fb87a246034efcf4feb76477635f2352698382fa1a53ed90cc8da117730df4f36539704bf39cd67a7bda0cbc3d32d01bcbf561fc75080076bc810ef8c0e15ccfc41172e71b6449d8229a751542f52d323881daf460a2bab452fb5ce06124254fb2dfc929a8734351dabd63d61f5b9bf72e1b4f131df74a0d717e97b7f43f84ebc1e3a349a1facea7bf56cfba597661895f7ea7b48e6778f93698e1cb28da5b87a68a2f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 0d424ae0be3a88ff604021ce1400f0dd
-      Version: 3
-      TBS:
-        MD5: c0189c338449a42fe8358c2c1fbecc60
-        SHA1: b8ac0ee6875594b80ad86a6df6dd1fa3048c187c
-        SHA256: a43de6baf968a942da017b70769fdb65b3cfb1bbca1f9174da26a7d8aae78ec5
-        SHA384: 76d3a316a5a106050298418cce3beea16100524723d9e3220b0de51bfb6f1c35a5d4c7cd10b358fef7bf94c3e3562150
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Assured
-        ID Timestamping CA
-      ValidFrom: '2016-01-07 12:00:00'
-      ValidTo: '2031-01-07 12:00:00'
-      Signature: 719512e951875669cdefddda7caa637ab378cf06374084ef4b84bfcacf0302fdc5a7c30e20422caf77f32b1f0c215a2ab705341d6aae99f827a266bf09aa60df76a43a930ff8b2d1d87c1962e85e82251ec4ba1c7b2c21e2d65b2c1435430468b2db7502e072c798d63c64e51f4810185f8938614d62462487638c91522caf2989e5781fd60b14a580d7124770b375d59385937eb69267fb536189a8f56b96c0f458690d7cc801b1b92875b7996385228c61ca79947e59fc8c0fe36fb50126b66ca5ee875121e458609bba0c2d2b6da2c47ebbc4252b4702087c49ae13b6e17c424228c61856cf4134b6665db6747bf55633222f2236b24ba24a95d8f5a68e52
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 0aa125d6d6321b7e41e405da3697c215
-      Version: 3
-      TBS:
-        MD5: 8d26184fc613f89aba1cefb30fce1b53
-        SHA1: 63a7e376bad5ec2e419d514a403bcf46c8d31d95
-        SHA256: 56b5f0d9db578e3f142921daa387902722a76700375c7e1c4ae0ba004bacaa0c
-        SHA384: d8c9691fe9dbe182f07b49b07fbb4f589fa7b38b5c4d21f265d3a2e818f4b1bfb39e03faab2ec05bb10333a99914fb8a
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: ??=TW, ??=Private Organization, serialNumber=23638777, C=TW, L=Taipei
-        City, O=ASUSTeK Computer Inc., CN=ASUSTeK Computer Inc.
-      ValidFrom: '2019-04-01 00:00:00'
-      ValidTo: '2022-01-11 12:00:00'
-      Signature: 646eaa59a80117077ed7d80227a6c3be77f3d9acdc0927d1299369e5636dbb773b61e91390d181178f88e5b92c7cc0c1b851541ee781380f7ac0425fea8a292a9cf93c7f851701db11dd13c8c0e97fd254839b81fdfd7e0a9a520c43186f4c834daa920b8a8e7ddd0048a55a5b7034675394a914b91258751c59b6d9d60ce1d17565fbdcd99311bcbe7e386807ecc186248ddbbb4bae2e4192a0509d661cd307c28a79c6b914854728463b7b39515869858c4975e0fbdd74188afa81c729682705f73bf80e839897b1d61d8deeabb53744e938b4b918fced39ca7dff3076c7f2dca4ddda8621a81fc493480456966901e29041821b116294bc98b445ebb05c33
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 0c64962e4467edcc1579646b7337ec8c
-      Version: 3
-      TBS:
-        MD5: 69796942ecdfadbd806bdea1460a5115
-        SHA1: 0ce9329828324db04bd0a7b101b4fbfedb3be8b2
-        SHA256: efd9b83b154c3e805e1bf7fdfd6a7f7bfdcf2ff3e191d1c33bdc427b6c82039b
-        SHA384: e27d21dc30c40e7b675120062e69c438e9f448ceed7b0434dedd129848c6a8edf05ec07ac25f5ec300be0da46a4c6eab
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA (SHA2)
-      ValidFrom: '2012-04-18 12:00:00'
-      ValidTo: '2027-04-18 12:00:00'
-      Signature: 19334a0c813337dbad36c9e4c93abbb51b2e7aa2e2f44342179ebf4ea14de1b1dbe981dd9f01f2e488d5e9fe09fd21c1ec5d80d2f0d6c143c2fe772bdbf9d79133ce6cd5b2193be62ed6c9934f88408ecde1f57ef10fc6595672e8eb6a41bd1cd546d57c49ca663815c1bfe091707787dcc98d31c90c29a233ed8de287cd898d3f1bffd5e01a978b7cda6dfba8c6b23a666b7b01b3cdd8a634ec1201ab9558a5c45357a860e6e70212a0b92364a24dbb7c81256421becfee42184397bba53706af4dff26a54d614bec4641b865ceb8799e08960b818c8a3b8fc7998ca32a6e986d5e61c696b78ab9612d93b8eb0e0443d7f5fea6f062d4996aa5c1c1f0649480
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 03f1b4e15f3a82f1149678b3d7d8475c
-      Version: 3
-      TBS:
-        MD5: 83f5de89f641d0fbf60248e10a7b9534
-        SHA1: 382a73a059a08698d6eb98c87e1b36fc750933a4
-        SHA256: eec58131dc11cd7f512501b15fdbc6074c603b68ca91f7162d5a042054edb0cf
-        SHA384: 4a25018683cabfb8ec2cad136334f37f33c89aa8540326322991d997c8adfb7faf06ab602ebd46630fe75fe3d2edc6b1
-    Signer:
-    - SerialNumber: 0c64962e4467edcc1579646b7337ec8c
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA (SHA2)
-      Version: 1
-  RichPEHeaderHash:
-    MD5: e18ac3c1c174f9dd7f12cc8d339ad259
-    SHA1: 3ff5f57a82c8f78cff5a08583bc903c9bd16856a
-    SHA256: ccaa03ac8897c2e6efedd37e2e50e08105dc5249d516bbc5468343694398fe49
-  Sections:
-    .text:
-      Entropy: 6.317535926138567
-      Virtual Size: '0x4773'
-    .rdata:
-      Entropy: 5.444571678310986
-      Virtual Size: '0x86c'
-    .data:
-      Entropy: 0.9352337914257391
-      Virtual Size: '0x290'
-    .pdata:
-      Entropy: 3.9765553031924283
-      Virtual Size: '0x174'
-    INIT:
-      Entropy: 5.260485600682463
-      Virtual Size: '0x42c'
-    .reloc:
-      Entropy: 2.9464393446710155
-      Virtual Size: '0x14'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2021-09-15 20:17:14'
-  Imphash: f5ebade1d3a6d3bde264b0c7f9f639e7
-  LoadsDespiteHVCI: 'TRUE'
-- Filename: AsIO64.sys
-  MD5: 85b756463ab0c000f816260d49923cde
-  SHA1: de0c16e3812924212f04e15caa09763ae4770403
-  SHA256: 841335eeb6af68dce5b8b24151776281a751b95056a894991b23afae80e9f33b
-  Authentihash:
-    MD5: e0f8fb00de2a72c7808c94223cea5145
-    SHA1: cbe317096adb8eba45f7e8b22830257ff8625514
-    SHA256: e304e5d70d3f986f623fad7f4355d5218d8c1681e423b02db0946cbe1503eb76
-  Description: ''
-  Company: ''
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  Product: ''
-  ProductVersion: ''
-  Copyright: ''
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - ZwClose
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - DbgPrint
-  - IofCompleteRequest
-  - ZwUnmapViewOfSection
-  - IoIs32bitProcess
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - IoDeleteSymbolicLink
-  - KeDelayExecutionThread
-  - HalTranslateBusAddress
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2008-12-03 23:59:59'
-      Signature: 877870da4e5201205be079c98230c4fdb91996bd9100c3bdcdcdc6f40ed8fff94dc033623011c5f5741bd492de5f9c2013b17c45be50cd83e7801783a72793671346fbcab8984103cc9b515b058b7fa86ff31b501b242ef2698d6c22f7bbca1695ed0c74c06877d9eb996287c17390f889747a23aba3987b97b1f78f29714d2e751b4841daf0b50d2054d677a097826369fd09cf8af075bb099bd9f91155269a6132be7a02b07b86bea2c38b222c78d13576bc92735cf9b9e64c150a23cce4d2d4342e4940153c0f607a24c6a566ef96cf70eb3ee7f40d7edcd17ca3767169c19c4f47303521b1a2af1a623c2bd98eaa2a077bd818b35c7be29da56ffe3c89ad
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0de92bf0d4d82988183205095e9a7688
-      Version: 3
-      TBS:
-        MD5: 45c204b8a20f6abb0188d2d38a3fb0c9
-        SHA1: cdf3a3c5c2eda4c29621f30fd3154f9f8c765739
-        SHA256: e32839dddc0f4ed2474efaf37f59d46db400c700fd19533cb0895a111124bc77
-        SHA384: ee9c75832cb252218b3201619852209df490d2ef7a5f7a28afdb37f1c1dd56f4604898838e558f615b1c798d4a488223
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=TW, ST=Taiwan, L=Taipei / Peitou, O=ASUSTeK Computer Inc., OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=Quality Testing Department,
-        CN=ASUSTeK Computer Inc.
-      ValidFrom: '2006-06-27 00:00:00'
-      ValidTo: '2007-07-16 23:59:59'
-      Signature: 3e9083070ad85eabc973807c097269557b889eba86f794582fdc292452dcb7f8bcc45cd4743a1f6fb1b4a2186c7be5c62cea2cfa8d7a8cf6b343ddd3da952369aeea7cdbb7fb2d0c172e9bd3f834d838e598760aa04f073962665cce0382d2f549978ec5b9b3d039eddfb4c4b3403f5a7ba908e6523bd44e39705deee334eb3d4dba63ac71da30b5a6a3c9bde15f52b39732144d7e59acae08622c5f78f0097899265af6be9d1f1b868e500fca79fe967ddd6d777597d52c201210d4903c6929e59ca804518364ab1f75925a99b70591290cab0f4c079392a985797cc99b1fc87cf7237ec4ce715abd07f108e320e42c327d305be93dde94161251414fc46516
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 284649f592786c4851c1138e364185ae
-      Version: 3
-      TBS:
-        MD5: 2fc1a78b4874ed1ac403284a5d4084fb
-        SHA1: 9ae9b025b3a9ebfacdf55104f3fc1c143457a296
-        SHA256: 9ffd439139209f1a084cb30cd791558dc266265405f7c5c7444c5a941ff0c004
-        SHA384: 656817a3d8aa52cdc8fbff1dcb0ef1f07ea93f0c6b82067d7c6c5f68a125dc3b50f88974a66d59ecc5b996ca5e55eaa1
-    Signer:
-    - SerialNumber: 284649f592786c4851c1138e364185ae
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 59080883b71fd56bbf10ec0ae4b6bdd4
-    SHA1: 503a36a225568553cc9b05f63b3506c6ff21e12e
-    SHA256: bc812d4ddc3ecfbf38c4d0d185e368fc58bac6e07f722db032bf6303daa7c946
-  Sections:
-    .text:
-      Entropy: 6.172691138654025
-      Virtual Size: '0xd8c'
-    .rdata:
-      Entropy: 4.3738577464905095
-      Virtual Size: '0x18c'
-    .data:
-      Entropy: 0.0
-      Virtual Size: '0xc'
-    .pdata:
-      Entropy: 3.3303322930213435
-      Virtual Size: '0x84'
-    INIT:
-      Entropy: 4.4509406095000665
-      Virtual Size: '0x218'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2004-10-14 03:53:21'
-  Imphash: ccdeab2a83fbf2fef2e418cccd133ec1
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: AsIO3_64.sys
-  MD5: 598f8fb2317350e5f90b7bd16baf5738
-  SHA1: a8be6203c5a87ecc3ae1c452b7b6dbdf3a9f82ae
-  SHA256: 910479467ef17b9591d8d42305e7f6f247ad41c60ec890a1ffbe331f495ed135
-  Authentihash:
-    MD5: ace2d8ea30005bce12b1421f431bc39c
-    SHA1: f084b6ba134b23e06f5867e650ba4eb9d1007231
-    SHA256: 12af7c39519e16307c2c62a84ca40017b43acf7fa90ec97c182701ffcffa1b61
-  Description: ''
-  Company: ''
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  Product: ''
-  ProductVersion: ''
-  Copyright: ''
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - DbgPrint
-  - RtlGetVersion
-  - KeDelayExecutionThread
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - MmGetSystemRoutineAddress
-  - MmAllocateContiguousMemory
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - RtlCopyUnicodeString
-  - ObReferenceObjectByHandle
-  - ObfDereferenceObject
-  - ZwClose
-  - ZwOpenSection
-  - ZwMapViewOfSection
-  - ZwUnmapViewOfSection
-  - MmGetPhysicalAddress
-  - __C_specific_handler
-  - ZwOpenFile
-  - ZwQueryInformationFile
-  - ZwReadFile
-  - KeBugCheckEx
-  - IoIs32bitProcess
-  - RtlInitUnicodeString
-  - HalTranslateBusAddress
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert, Inc., CN=DigiCert Timestamp 2021
-      ValidFrom: '2021-01-01 00:00:00'
-      ValidTo: '2031-01-06 00:00:00'
-      Signature: 481cdcb5e99a23bce71ae7200e8e6746fd427251740a2347a3ab92d225c47059be14a0e52781a54d1415190779f0d104c386d93bbdfe4402664ded69a40ff6b870cf62e8f5514a7879367a27b7f3e7529f93a7ed439e7be7b4dd412289fb87a246034efcf4feb76477635f2352698382fa1a53ed90cc8da117730df4f36539704bf39cd67a7bda0cbc3d32d01bcbf561fc75080076bc810ef8c0e15ccfc41172e71b6449d8229a751542f52d323881daf460a2bab452fb5ce06124254fb2dfc929a8734351dabd63d61f5b9bf72e1b4f131df74a0d717e97b7f43f84ebc1e3a349a1facea7bf56cfba597661895f7ea7b48e6778f93698e1cb28da5b87a68a2f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 0d424ae0be3a88ff604021ce1400f0dd
-      Version: 3
-      TBS:
-        MD5: c0189c338449a42fe8358c2c1fbecc60
-        SHA1: b8ac0ee6875594b80ad86a6df6dd1fa3048c187c
-        SHA256: a43de6baf968a942da017b70769fdb65b3cfb1bbca1f9174da26a7d8aae78ec5
-        SHA384: 76d3a316a5a106050298418cce3beea16100524723d9e3220b0de51bfb6f1c35a5d4c7cd10b358fef7bf94c3e3562150
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Assured
-        ID Timestamping CA
-      ValidFrom: '2016-01-07 12:00:00'
-      ValidTo: '2031-01-07 12:00:00'
-      Signature: 719512e951875669cdefddda7caa637ab378cf06374084ef4b84bfcacf0302fdc5a7c30e20422caf77f32b1f0c215a2ab705341d6aae99f827a266bf09aa60df76a43a930ff8b2d1d87c1962e85e82251ec4ba1c7b2c21e2d65b2c1435430468b2db7502e072c798d63c64e51f4810185f8938614d62462487638c91522caf2989e5781fd60b14a580d7124770b375d59385937eb69267fb536189a8f56b96c0f458690d7cc801b1b92875b7996385228c61ca79947e59fc8c0fe36fb50126b66ca5ee875121e458609bba0c2d2b6da2c47ebbc4252b4702087c49ae13b6e17c424228c61856cf4134b6665db6747bf55633222f2236b24ba24a95d8f5a68e52
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 0aa125d6d6321b7e41e405da3697c215
-      Version: 3
-      TBS:
-        MD5: 8d26184fc613f89aba1cefb30fce1b53
-        SHA1: 63a7e376bad5ec2e419d514a403bcf46c8d31d95
-        SHA256: 56b5f0d9db578e3f142921daa387902722a76700375c7e1c4ae0ba004bacaa0c
-        SHA384: d8c9691fe9dbe182f07b49b07fbb4f589fa7b38b5c4d21f265d3a2e818f4b1bfb39e03faab2ec05bb10333a99914fb8a
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: ??=TW, ??=Private Organization, serialNumber=23638777, C=TW, L=Taipei
-        City, O=ASUSTeK Computer Inc., CN=ASUSTeK Computer Inc.
-      ValidFrom: '2019-04-01 00:00:00'
-      ValidTo: '2022-01-11 12:00:00'
-      Signature: 646eaa59a80117077ed7d80227a6c3be77f3d9acdc0927d1299369e5636dbb773b61e91390d181178f88e5b92c7cc0c1b851541ee781380f7ac0425fea8a292a9cf93c7f851701db11dd13c8c0e97fd254839b81fdfd7e0a9a520c43186f4c834daa920b8a8e7ddd0048a55a5b7034675394a914b91258751c59b6d9d60ce1d17565fbdcd99311bcbe7e386807ecc186248ddbbb4bae2e4192a0509d661cd307c28a79c6b914854728463b7b39515869858c4975e0fbdd74188afa81c729682705f73bf80e839897b1d61d8deeabb53744e938b4b918fced39ca7dff3076c7f2dca4ddda8621a81fc493480456966901e29041821b116294bc98b445ebb05c33
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 0c64962e4467edcc1579646b7337ec8c
-      Version: 3
-      TBS:
-        MD5: 69796942ecdfadbd806bdea1460a5115
-        SHA1: 0ce9329828324db04bd0a7b101b4fbfedb3be8b2
-        SHA256: efd9b83b154c3e805e1bf7fdfd6a7f7bfdcf2ff3e191d1c33bdc427b6c82039b
-        SHA384: e27d21dc30c40e7b675120062e69c438e9f448ceed7b0434dedd129848c6a8edf05ec07ac25f5ec300be0da46a4c6eab
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA (SHA2)
-      ValidFrom: '2012-04-18 12:00:00'
-      ValidTo: '2027-04-18 12:00:00'
-      Signature: 19334a0c813337dbad36c9e4c93abbb51b2e7aa2e2f44342179ebf4ea14de1b1dbe981dd9f01f2e488d5e9fe09fd21c1ec5d80d2f0d6c143c2fe772bdbf9d79133ce6cd5b2193be62ed6c9934f88408ecde1f57ef10fc6595672e8eb6a41bd1cd546d57c49ca663815c1bfe091707787dcc98d31c90c29a233ed8de287cd898d3f1bffd5e01a978b7cda6dfba8c6b23a666b7b01b3cdd8a634ec1201ab9558a5c45357a860e6e70212a0b92364a24dbb7c81256421becfee42184397bba53706af4dff26a54d614bec4641b865ceb8799e08960b818c8a3b8fc7998ca32a6e986d5e61c696b78ab9612d93b8eb0e0443d7f5fea6f062d4996aa5c1c1f0649480
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 03f1b4e15f3a82f1149678b3d7d8475c
-      Version: 3
-      TBS:
-        MD5: 83f5de89f641d0fbf60248e10a7b9534
-        SHA1: 382a73a059a08698d6eb98c87e1b36fc750933a4
-        SHA256: eec58131dc11cd7f512501b15fdbc6074c603b68ca91f7162d5a042054edb0cf
-        SHA384: 4a25018683cabfb8ec2cad136334f37f33c89aa8540326322991d997c8adfb7faf06ab602ebd46630fe75fe3d2edc6b1
-    Signer:
-    - SerialNumber: 0c64962e4467edcc1579646b7337ec8c
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA (SHA2)
-      Version: 1
-  RichPEHeaderHash:
-    MD5: b6539d5c7cfa1f973bd84a2b5f9e21ff
-    SHA1: 8cdb66c7de4ddc498383fafea692448ccbdfd066
-    SHA256: f3d0d00d01297987bc4c626fec0a82efb94cef8ebe74e46e7b8eb63abe087d7b
-  Sections:
-    .text:
-      Entropy: 6.323949092110609
-      Virtual Size: '0x4733'
-    .rdata:
-      Entropy: 5.459170046837529
-      Virtual Size: '0x83c'
-    .data:
-      Entropy: 0.9406144310784021
-      Virtual Size: '0x290'
-    .pdata:
-      Entropy: 3.8692348543800357
-      Virtual Size: '0x174'
-    INIT:
-      Entropy: 5.255268621688079
-      Virtual Size: '0x42c'
-    .reloc:
-      Entropy: 2.9464393446710155
-      Virtual Size: '0x14'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2021-05-31 19:44:39'
-  Imphash: f5ebade1d3a6d3bde264b0c7f9f639e7
-  LoadsDespiteHVCI: 'TRUE'
-- Filename: asio.sys
-  MD5: 2b4e66fac6503494a2c6f32bb6ab3826
-  SHA1: ed219d966a6e74275895cc0b975b79397760ea9f
-  SHA256: 923ebbe8111e73d5b8ecc2db10f8ea2629a3264c3a535d01c3c118a3b4c91782
-  Authentihash:
-    MD5: 1b20fb8ed378500e83656fd527ac48c4
-    SHA1: e471ba6d1327d1026eb2c6a905e2bad3952dabbd
-    SHA256: ed302ea33feb557b879f64c4b7835947a9ca31054573e1487f5bbc38449753ff
-  Description: ''
-  Company: ''
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  Product: ''
-  ProductVersion: ''
-  Copyright: ''
-  MachineType: I386
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - READ_REGISTER_UCHAR
-  - READ_REGISTER_USHORT
-  - READ_REGISTER_ULONG
-  - WRITE_REGISTER_UCHAR
-  - KeQuerySystemTime
-  - KeDelayExecutionThread
-  - IofCompleteRequest
-  - ZwClose
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - IoDeleteSymbolicLink
-  - DbgPrint
-  - ZwUnmapViewOfSection
-  - IoCreateSymbolicLink
-  - RtlInitUnicodeString
-  - IoCreateDevice
-  - WRITE_REGISTER_USHORT
-  - IoDeleteDevice
-  - WRITE_REGISTER_ULONG
-  - WRITE_PORT_ULONG
-  - WRITE_PORT_USHORT
-  - HalTranslateBusAddress
-  - READ_PORT_ULONG
-  - WRITE_PORT_UCHAR
-  - READ_PORT_UCHAR
-  - READ_PORT_USHORT
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=TW, ST=Taiwan, L=Taipei / Peitou, O=ASUSTeK Computer Inc., OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=Quality Testing Department,
-        CN=ASUSTeK Computer Inc.
-      ValidFrom: '2007-07-03 00:00:00'
-      ValidTo: '2008-07-26 23:59:59'
-      Signature: 2eca2db768d60f241f8c155b9db4bc91a02d16a3f1ec09059aa3b91a4ee0e44317d1f286d12133f44f4b282141287a8b9a3781b46184f732a599edb622e6057156d99221a130091c9f171f1a5f75125a68270d5c21ac379541136b8bf164a0ee6c9b9f5557754ea940f1c836e6d823528d764aaa41b038d84523e395c0ada5e17fea7912a0d10aa807fc0b89d4d116b92dbfc7028f1a23d5d679ac9a1023952a2cf98940ad5cc16bd9381403751ebd52c892205205d51d72b2a83ddb92547fce93e2b6617a42c7249312344ee0b9184859e8b1dd39bd5e61ab5999cbc8aa8807c8538c1926e49a9bbc29dcdf266a603c85f8df773c9659bcf08ffe2ba0f1cfa5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 23eab3ac30c7016a299c8d31d99f3ae8
-      Version: 3
-      TBS:
-        MD5: 54f73eaca10fe12ff2e14194e2f019b8
-        SHA1: 471cb77202e7d4941a5bff8ba813f5ed221dc32e
-        SHA256: 9dba2d4765226ca91fb7104e0cbd01308c4e8ed9727ea661eeaa473d7825ee35
-        SHA384: 272d877ad02e5487a0864e4d876a9e06fea5ead9cd149e7a48c4f111cfa8dc2f05f1042f2822b42360896da334e6390d
-    Signer:
-    - SerialNumber: 23eab3ac30c7016a299c8d31d99f3ae8
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: b39d8b5610182849a95fa415c9786274
-    SHA1: 47e24c8d5f1687b4811c2267b1519e4f53576005
-    SHA256: bde1051ba0a00c5223e7850f91b66678c6236ab82415e73114502cd4e9e2bef8
-  Sections:
-    .text:
-      Entropy: 6.417694814045169
-      Virtual Size: '0xcb4'
-    .rdata:
-      Entropy: 2.710450233592338
-      Virtual Size: '0xd4'
-    .data:
-      Entropy: -0.0
-      Virtual Size: '0xc'
-    INIT:
-      Entropy: 5.25231831216104
-      Virtual Size: '0x300'
-    .reloc:
-      Entropy: 4.595102637134157
-      Virtual Size: '0xcc'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2007-12-17 02:10:20'
-  Imphash: f4c5b0399665885a7dd34f7cdbbc586f
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: AsIO2.sys
-  MD5: 79329e2917623181888605bc5b302711
-  SHA1: 844d2345bde50bf8ee7e86117cf7b8c6e6f00be4
-  SHA256: a7860e110f7a292d621006b7208a634504fb5be417fd71e219060381b9a891e6
-  Authentihash:
-    MD5: 220f8ab33b94d37e06e465825c05a867
-    SHA1: 06dd63bd069498a712cdfe3d9ac27bfbf5d661f5
-    SHA256: 7ebc5906d7fd9c606dc6ef9b49f3e57b63af838f5807fcdcdd5ff47b5b05e39c
-  Description: ''
-  Company: ''
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  Product: ''
-  ProductVersion: ''
-  Copyright: ''
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - DbgPrint
-  - RtlGetVersion
-  - KeDelayExecutionThread
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - MmGetSystemRoutineAddress
-  - MmAllocateContiguousMemory
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - RtlCopyUnicodeString
-  - ObReferenceObjectByHandle
-  - ObfDereferenceObject
-  - ZwClose
-  - ZwOpenSection
-  - ZwMapViewOfSection
-  - ZwUnmapViewOfSection
-  - MmGetPhysicalAddress
-  - __C_specific_handler
-  - RtlCompareUnicodeString
-  - ZwOpenFile
-  - ZwQueryInformationFile
-  - ZwReadFile
-  - KeBugCheckEx
-  - IoIs32bitProcess
-  - RtlInitUnicodeString
-  - HalTranslateBusAddress
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert, Inc., CN=DigiCert Timestamp 2021
-      ValidFrom: '2021-01-01 00:00:00'
-      ValidTo: '2031-01-06 00:00:00'
-      Signature: 481cdcb5e99a23bce71ae7200e8e6746fd427251740a2347a3ab92d225c47059be14a0e52781a54d1415190779f0d104c386d93bbdfe4402664ded69a40ff6b870cf62e8f5514a7879367a27b7f3e7529f93a7ed439e7be7b4dd412289fb87a246034efcf4feb76477635f2352698382fa1a53ed90cc8da117730df4f36539704bf39cd67a7bda0cbc3d32d01bcbf561fc75080076bc810ef8c0e15ccfc41172e71b6449d8229a751542f52d323881daf460a2bab452fb5ce06124254fb2dfc929a8734351dabd63d61f5b9bf72e1b4f131df74a0d717e97b7f43f84ebc1e3a349a1facea7bf56cfba597661895f7ea7b48e6778f93698e1cb28da5b87a68a2f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 0d424ae0be3a88ff604021ce1400f0dd
-      Version: 3
-      TBS:
-        MD5: c0189c338449a42fe8358c2c1fbecc60
-        SHA1: b8ac0ee6875594b80ad86a6df6dd1fa3048c187c
-        SHA256: a43de6baf968a942da017b70769fdb65b3cfb1bbca1f9174da26a7d8aae78ec5
-        SHA384: 76d3a316a5a106050298418cce3beea16100524723d9e3220b0de51bfb6f1c35a5d4c7cd10b358fef7bf94c3e3562150
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Assured
-        ID Timestamping CA
-      ValidFrom: '2016-01-07 12:00:00'
-      ValidTo: '2031-01-07 12:00:00'
-      Signature: 719512e951875669cdefddda7caa637ab378cf06374084ef4b84bfcacf0302fdc5a7c30e20422caf77f32b1f0c215a2ab705341d6aae99f827a266bf09aa60df76a43a930ff8b2d1d87c1962e85e82251ec4ba1c7b2c21e2d65b2c1435430468b2db7502e072c798d63c64e51f4810185f8938614d62462487638c91522caf2989e5781fd60b14a580d7124770b375d59385937eb69267fb536189a8f56b96c0f458690d7cc801b1b92875b7996385228c61ca79947e59fc8c0fe36fb50126b66ca5ee875121e458609bba0c2d2b6da2c47ebbc4252b4702087c49ae13b6e17c424228c61856cf4134b6665db6747bf55633222f2236b24ba24a95d8f5a68e52
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 0aa125d6d6321b7e41e405da3697c215
-      Version: 3
-      TBS:
-        MD5: 8d26184fc613f89aba1cefb30fce1b53
-        SHA1: 63a7e376bad5ec2e419d514a403bcf46c8d31d95
-        SHA256: 56b5f0d9db578e3f142921daa387902722a76700375c7e1c4ae0ba004bacaa0c
-        SHA384: d8c9691fe9dbe182f07b49b07fbb4f589fa7b38b5c4d21f265d3a2e818f4b1bfb39e03faab2ec05bb10333a99914fb8a
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: ??=TW, ??=Private Organization, serialNumber=23638777, C=TW, L=Taipei
-        City, O=ASUSTeK Computer Inc., CN=ASUSTeK Computer Inc.
-      ValidFrom: '2019-04-01 00:00:00'
-      ValidTo: '2022-01-11 12:00:00'
-      Signature: 646eaa59a80117077ed7d80227a6c3be77f3d9acdc0927d1299369e5636dbb773b61e91390d181178f88e5b92c7cc0c1b851541ee781380f7ac0425fea8a292a9cf93c7f851701db11dd13c8c0e97fd254839b81fdfd7e0a9a520c43186f4c834daa920b8a8e7ddd0048a55a5b7034675394a914b91258751c59b6d9d60ce1d17565fbdcd99311bcbe7e386807ecc186248ddbbb4bae2e4192a0509d661cd307c28a79c6b914854728463b7b39515869858c4975e0fbdd74188afa81c729682705f73bf80e839897b1d61d8deeabb53744e938b4b918fced39ca7dff3076c7f2dca4ddda8621a81fc493480456966901e29041821b116294bc98b445ebb05c33
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 0c64962e4467edcc1579646b7337ec8c
-      Version: 3
-      TBS:
-        MD5: 69796942ecdfadbd806bdea1460a5115
-        SHA1: 0ce9329828324db04bd0a7b101b4fbfedb3be8b2
-        SHA256: efd9b83b154c3e805e1bf7fdfd6a7f7bfdcf2ff3e191d1c33bdc427b6c82039b
-        SHA384: e27d21dc30c40e7b675120062e69c438e9f448ceed7b0434dedd129848c6a8edf05ec07ac25f5ec300be0da46a4c6eab
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA (SHA2)
-      ValidFrom: '2012-04-18 12:00:00'
-      ValidTo: '2027-04-18 12:00:00'
-      Signature: 19334a0c813337dbad36c9e4c93abbb51b2e7aa2e2f44342179ebf4ea14de1b1dbe981dd9f01f2e488d5e9fe09fd21c1ec5d80d2f0d6c143c2fe772bdbf9d79133ce6cd5b2193be62ed6c9934f88408ecde1f57ef10fc6595672e8eb6a41bd1cd546d57c49ca663815c1bfe091707787dcc98d31c90c29a233ed8de287cd898d3f1bffd5e01a978b7cda6dfba8c6b23a666b7b01b3cdd8a634ec1201ab9558a5c45357a860e6e70212a0b92364a24dbb7c81256421becfee42184397bba53706af4dff26a54d614bec4641b865ceb8799e08960b818c8a3b8fc7998ca32a6e986d5e61c696b78ab9612d93b8eb0e0443d7f5fea6f062d4996aa5c1c1f0649480
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 03f1b4e15f3a82f1149678b3d7d8475c
-      Version: 3
-      TBS:
-        MD5: 83f5de89f641d0fbf60248e10a7b9534
-        SHA1: 382a73a059a08698d6eb98c87e1b36fc750933a4
-        SHA256: eec58131dc11cd7f512501b15fdbc6074c603b68ca91f7162d5a042054edb0cf
-        SHA384: 4a25018683cabfb8ec2cad136334f37f33c89aa8540326322991d997c8adfb7faf06ab602ebd46630fe75fe3d2edc6b1
-    Signer:
-    - SerialNumber: 0c64962e4467edcc1579646b7337ec8c
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA (SHA2)
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 55ace001f38a8911c5f09f16dabe7710
-    SHA1: 2d56cc62eb682f5f1db9ca8aff9cb013d02cb44a
-    SHA256: 7eea7e80cc820d9b0b6778881c2c81f86ec7229cf8315950217787e98b8a78fb
-  Sections:
-    .text:
-      Entropy: 6.4920388528757735
-      Virtual Size: '0x2592'
-    .rdata:
-      Entropy: 5.43615554646452
-      Virtual Size: '0x8a4'
-    .data:
-      Entropy: 2.2166422780956516
-      Virtual Size: '0x28'
-    .pdata:
-      Entropy: 3.9380649561842502
-      Virtual Size: '0x198'
-    INIT:
-      Entropy: 5.190250208066914
-      Virtual Size: '0x44e'
-    .reloc:
-      Entropy: 2.939353872167201
-      Virtual Size: '0x14'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2021-05-31 19:42:16'
-  Imphash: d6d76f43ccc3872b879b0df583364c78
-  LoadsDespiteHVCI: 'TRUE'
-- Filename: AsIO3.sys
-  MD5: 1ce19950e23c975f677b80ff59d04fae
-  SHA1: 4f30f64b5dfcdc889f4a5e25b039c93dd8551c71
-  SHA256: b6fd51e1f57a03006953e84fd56cc2821cc19e7c77c0474e1110aabaacaf03df
-  Authentihash:
-    MD5: cf61dd8f9a187de6219f930866defcbd
-    SHA1: 80bb26a2ef12a3d9d77fe5dd6059d5955b690b2e
-    SHA256: a7bb08f99a9701482ce693d71e95559b10a247c4e8f50deba8097b0d3f191532
-  Description: ''
-  Company: ''
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  Product: ''
-  ProductVersion: ''
-  Copyright: ''
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - KeSetEvent
-  - KeDelayExecutionThread
-  - KeWaitForSingleObject
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - MmGetSystemRoutineAddress
-  - MmAllocateContiguousMemory
-  - MmFreeContiguousMemory
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoCreateSynchronizationEvent
-  - IoDeleteDevice
-  - RtlGetVersion
-  - IoIs32bitProcess
-  - ObReferenceObjectByHandle
-  - ObfDereferenceObject
-  - ZwClose
-  - ZwOpenSection
-  - ZwMapViewOfSection
-  - ZwUnmapViewOfSection
-  - MmGetPhysicalAddress
-  - __C_specific_handler
-  - ZwOpenFile
-  - ZwQueryInformationFile
-  - ZwReadFile
-  - KeBugCheckEx
-  - DbgPrint
-  - RtlCopyUnicodeString
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  - HalTranslateBusAddress
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert, Inc., CN=DigiCert Trusted G4 Code Signing RSA4096
-        SHA384 2021 CA1
-      ValidFrom: '2021-04-29 00:00:00'
-      ValidTo: '2036-04-28 23:59:59'
-      Signature: 3a23443d8d0876ee8fbc3a99d356e0021aa5f84834f32cb6e67466f79472b100caaf6c302713129e90449f4bfd9ea37c26d537bc3a5d486d95d53f49f427bb16814550fd9cbdb685e0767e3771cb22f75aaa90cff5936ae3eb20d1d55079889a8a8ac1b6bda148187edcd8801a111918cd61998156f6c9e376e7c4e41b5f43f83e94ff76393d9ed499cf4add28eb5f26a1955848d51afed7273ffd90d17686dd1cb0605cf30da8eee089a1bd39e1384eda6ebb369dfbe521535ac3cae96af1a23edb43b833c84f38149299f5ddce546dd95d02141f40337c03e295b2c221757352cb46d8c4341ca2a54b8dcd6f76372c853f1ace26e918be9007b0437f9588208270f0cccaeffd29355c1f893855f7378a8b09a1cb0be9311aff2e195c3971e1be9ca70a06d62667b792e64e5fde7aac49cf2ea47492addb3ca49c861fe3c1561b2b23ff8fb5ea887b706be6a0bafd3a3f45a6c4e81691528b41c048844b964dab4440e38df01528ceedf11856072a2f10c40c08643c338fae288c3ccb8f880b0dbf3bf4ce1e7b8eefb5ebcbb7f07713e6e7283fac12aea52f226c41f9825c1566cc6c0ecac586c3f626330c074ba0d307026a6a4030484b34a85120bbad1b8508e2590d6dca05502bea4a1c9ea5fda0a71f0674e7f2d65290fdaf854821f9573bb49c03ed8645f4b4616ebf68e2266086eac8afa9fe941de7631b3a8656784e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.12
-      IsCertificateAuthority: true
-      SerialNumber: 08ad40b260d29c4c9f5ecda9bd93aed9
-      Version: 3
-      TBS:
-        MD5: 5d8003a64dfa5a4d88365da1566038cb
-        SHA1: 79465b56bc7ad55a37bdf633943da8bfc84db228
-        SHA256: 84bdc82e2f2a7f7aaa782667dac556ffcb2b33240c1f9c0a00a3264526a98332
-        SHA384: 65b1d4076a89ae273f57e6eeedecb3eae129b4168f76fa7671914cdf461d542255c59d9b85b916ae0ca6fc0fcf7a8e64
-    - Subject: ??=Private Organization, ??=TW, serialNumber=23638777, C=TW, ST=Taipei
-        City, L=Beitou District, O=ASUSTeK COMPUTER INC., CN=ASUSTeK COMPUTER INC.
-      ValidFrom: '2021-10-22 00:00:00'
-      ValidTo: '2024-10-22 23:59:59'
-      Signature: 1a8b6fd4e11cec34a3dfea314f0d59c6f41c56f76e1ac51f68e0285f1abdbda9e22628939dbd7acdf890d8ff3c7c4fff180c624b8434c6536bb61f1ff459d48a14c001d9d40ff1587cf64ce82edee2a24da8d80cd240e2af6d0e1c61aab24ce95f9c8ef50eeb0e153a343c1279fe6a003c44f3bd3ffa75ffbe314fc13bb36a9bbb3cea6026f5cb582992b016059074e4fcd8c16d4c5e8750bc9a196f94525317febcddb2d0121a235bb95136a0e4fc25611cd2915f4b488b66888168b90824e171d3214480c99fadb7b6c89cafc500eee468cb7faa9c1c1526d224ff389de012480480ced98831c324b129f2df3d3493d002ec8d4725e00eda33994f82493505861f61035c625d1c9ce2c7363799d3f1df9b17712b43cbf4c2027b54c796cbaca6b1523d028291e07774168a976ee3c879c850c1aaf65b1cec5c6dcb445487ab11b3967b8dd7726fe0dc529f7d624346a996adfd9dc6aab808edd9836a93e229ddbba4e8bb1c59719b6ebdcfc74d73f57ed946e936b5659783c199395bd2595458958edde6674bf08b3b650a8aeaa5507053b3f6ee7aedf16f55b849111535ca68ea11a5827551cba28023e230db7a209c763743ea22be0948ecf03d98ed447f66ecb97c0a525eb3b469779f2417f2082c4244b50936a9cb215745c71f3c27c98220f76395ba22a2f921a87655237977febd8b9a1564333af0cdf8e749bce0dd
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 0bbe02c8838fbf02ab56edabb1e34c19
-      Version: 3
-      TBS:
-        MD5: 0357e292e0e92b06c92b21cacfcfa451
-        SHA1: f52795bc8de5d803f09e20dd216d7df861f4cb34
-        SHA256: b33b80e64cdfb28fb9afb17259be19ffe1edf8aae62fcfbfe8ff301f786c500d
-        SHA384: 5fbe918c3fa1034d5671ae38b20773df18b8f9dd48e60f90c5c98708e73d6ca0c6dec4e2bcb0de22ba3efb59479db152
-    Signer:
-    - SerialNumber: 0bbe02c8838fbf02ab56edabb1e34c19
-      Issuer: C=US, O=DigiCert, Inc., CN=DigiCert Trusted G4 Code Signing RSA4096
-        SHA384 2021 CA1
-      Version: 1
-  RichPEHeaderHash:
-    MD5: dbe8b55f933a7abbc26d9f121bbf2b84
-    SHA1: 81e0e90f23b7d56dd1dccbbe04bb3c54892af7b8
-    SHA256: 270748ae970faf04f98d588b783073c9b24e3dae8630ad2e3f1a862731078f4b
-  Sections:
-    .text:
-      Entropy: 6.407232131831549
-      Virtual Size: '0x58d3'
-    .rdata:
-      Entropy: 5.437107960063165
-      Virtual Size: '0x8d4'
-    .data:
-      Entropy: 0.9313275414257391
-      Virtual Size: '0x290'
-    .pdata:
-      Entropy: 4.005604411589105
-      Virtual Size: '0x1bc'
-    INIT:
-      Entropy: 5.265885086539526
-      Virtual Size: '0x4ec'
-    .reloc:
-      Entropy: 3.1086949695628423
-      Virtual Size: '0x14'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2022-05-18 20:51:01'
-  Imphash: b3e26c5e0de2d01597dca208ef27cc38
-  LoadsDespiteHVCI: 'TRUE'
-- Filename: AsIO3.sys
-  MD5: 370a4ca29a7cf1d6bc0744afc12b236c
-  SHA1: cfa85a19d9a2f7f687b0decdc4a5480b6e30cb8c
-  SHA256: c344e92a6d06155a217a9af7b4b35e6653665eec6569292e7b2e70f3a3027646
-  Authentihash:
-    MD5: 2f131a8ffb55f70edd90f4cda9e4f84e
-    SHA1: 4bfc51e23494f7eaf27560f92cd6fbced2ffa4f6
-    SHA256: 9b1af050481bda270a08ae873224a142c8b2119eeda59d3a04b1f6d66715a8c8
-  Description: ''
-  Company: ''
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  Product: ''
-  ProductVersion: ''
-  Copyright: ''
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - DbgPrint
-  - RtlGetVersion
-  - KeDelayExecutionThread
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - MmGetSystemRoutineAddress
-  - MmAllocateContiguousMemory
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - RtlCopyUnicodeString
-  - ObReferenceObjectByHandle
-  - ObfDereferenceObject
-  - ZwClose
-  - ZwOpenSection
-  - ZwMapViewOfSection
-  - ZwUnmapViewOfSection
-  - MmGetPhysicalAddress
-  - ZwOpenFile
-  - ZwQueryInformationFile
-  - ZwReadFile
-  - __C_specific_handler
-  - KeBugCheckEx
-  - IoIs32bitProcess
-  - RtlInitUnicodeString
-  - HalTranslateBusAddress
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: ??=TW, ??=Private Organization, serialNumber=23638777, C=TW, L=Taipei
-        City, O=ASUSTeK Computer Inc., CN=ASUSTeK Computer Inc.
-      ValidFrom: '2019-04-01 00:00:00'
-      ValidTo: '2022-01-11 12:00:00'
-      Signature: 646eaa59a80117077ed7d80227a6c3be77f3d9acdc0927d1299369e5636dbb773b61e91390d181178f88e5b92c7cc0c1b851541ee781380f7ac0425fea8a292a9cf93c7f851701db11dd13c8c0e97fd254839b81fdfd7e0a9a520c43186f4c834daa920b8a8e7ddd0048a55a5b7034675394a914b91258751c59b6d9d60ce1d17565fbdcd99311bcbe7e386807ecc186248ddbbb4bae2e4192a0509d661cd307c28a79c6b914854728463b7b39515869858c4975e0fbdd74188afa81c729682705f73bf80e839897b1d61d8deeabb53744e938b4b918fced39ca7dff3076c7f2dca4ddda8621a81fc493480456966901e29041821b116294bc98b445ebb05c33
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 0c64962e4467edcc1579646b7337ec8c
-      Version: 3
-      TBS:
-        MD5: 69796942ecdfadbd806bdea1460a5115
-        SHA1: 0ce9329828324db04bd0a7b101b4fbfedb3be8b2
-        SHA256: efd9b83b154c3e805e1bf7fdfd6a7f7bfdcf2ff3e191d1c33bdc427b6c82039b
-        SHA384: e27d21dc30c40e7b675120062e69c438e9f448ceed7b0434dedd129848c6a8edf05ec07ac25f5ec300be0da46a4c6eab
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA (SHA2)
-      ValidFrom: '2012-04-18 12:00:00'
-      ValidTo: '2027-04-18 12:00:00'
-      Signature: 19334a0c813337dbad36c9e4c93abbb51b2e7aa2e2f44342179ebf4ea14de1b1dbe981dd9f01f2e488d5e9fe09fd21c1ec5d80d2f0d6c143c2fe772bdbf9d79133ce6cd5b2193be62ed6c9934f88408ecde1f57ef10fc6595672e8eb6a41bd1cd546d57c49ca663815c1bfe091707787dcc98d31c90c29a233ed8de287cd898d3f1bffd5e01a978b7cda6dfba8c6b23a666b7b01b3cdd8a634ec1201ab9558a5c45357a860e6e70212a0b92364a24dbb7c81256421becfee42184397bba53706af4dff26a54d614bec4641b865ceb8799e08960b818c8a3b8fc7998ca32a6e986d5e61c696b78ab9612d93b8eb0e0443d7f5fea6f062d4996aa5c1c1f0649480
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 03f1b4e15f3a82f1149678b3d7d8475c
-      Version: 3
-      TBS:
-        MD5: 83f5de89f641d0fbf60248e10a7b9534
-        SHA1: 382a73a059a08698d6eb98c87e1b36fc750933a4
-        SHA256: eec58131dc11cd7f512501b15fdbc6074c603b68ca91f7162d5a042054edb0cf
-        SHA384: 4a25018683cabfb8ec2cad136334f37f33c89aa8540326322991d997c8adfb7faf06ab602ebd46630fe75fe3d2edc6b1
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 0c64962e4467edcc1579646b7337ec8c
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA (SHA2)
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 7083a39914a09adba51ea04eeca7990e
-    SHA1: ae8af171da2509ddac02c0b559b44f8f5fd8da25
-    SHA256: 9ce58648fd2c5b9ba36584499ca7bf3ed1eca7da6c847f10d6e07f1e9c0a8880
-  Sections:
-    .text:
-      Entropy: 6.326590226061026
-      Virtual Size: '0x4733'
-    .rdata:
-      Entropy: 5.496552032776753
-      Virtual Size: '0x81c'
-    .data:
-      Entropy: 0.9406144310784021
-      Virtual Size: '0x290'
-    .pdata:
-      Entropy: 3.9063193538964076
-      Virtual Size: '0x168'
-    INIT:
-      Entropy: 5.257848104368007
-      Virtual Size: '0x42c'
-    .reloc:
-      Entropy: 2.9464393446710155
-      Virtual Size: '0x14'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2020-12-15 01:10:32'
-  Imphash: f0cd7cce1d03cf9df1b8266701f92b46
-  LoadsDespiteHVCI: 'TRUE'
-- Filename: asio.sys
-  MD5: 68726474c69b738eac3a62e06b33addc
-  SHA1: 8453fc3198349cf0561c87efc329c81e7240c3da
-  SHA256: c470c9db58840149ce002f3e6003382ecf740884a683bae8f9d10831be218fa2
-  Authentihash:
-    MD5: 9f79edf758e219929902ec7564e0f435
-    SHA1: c92148d0666f2235500805975be79738b84e48c2
-    SHA256: 19c74ea0e0baf04820e5642bd2fa224158801ed966be1041539e3c55bd65c471
-  Description: ''
-  Company: ''
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  Product: ''
-  ProductVersion: ''
-  Copyright: ''
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - ZwClose
-  - IofCompleteRequest
-  - ZwUnmapViewOfSection
-  - IoIs32bitProcess
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - IoDeleteSymbolicLink
-  - KeDelayExecutionThread
-  - HalTranslateBusAddress
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=TW, ST=Taiwan, L=Taipei / Peitou, O=ASUSTeK Computer Inc., OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=Quality Testing Department,
-        CN=ASUSTeK Computer Inc.
-      ValidFrom: '2008-07-22 00:00:00'
-      ValidTo: '2009-07-31 23:59:59'
-      Signature: 89ad20860cc0358a80a8a1a898ed70bff3f31496402a4cc453d2f0e46ad52635e6c42d305874ddb46fc271e5721ae1253f16050842c579562bdd0c470db15d1fdc1429d585118c27862594e46cbb8dd8f42379f0d3f074498e03d8242fb7c2917be7fee09fbb2b35ac52950881082e51171f6fec7b998b0e257bf42d33745ed6c673c23fed0a6d6d69024458b30244d8c58a1c92fba89e0d709264793ceeb8f69a39d0b1b6011855035003ce50e3ee3c7a59d394e589126e2ab96c3b243b0abbc1e485ce9ae9e70da5ba5d925cacbc054d78bd4fb82686509b0803e8526c5ab202d8307b9701b983e424919eeb1485981a5cff8f307c551266a89d499badb24e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 37ed9092bdd1dccf58d2afa47f961448
-      Version: 3
-      TBS:
-        MD5: 336ceef1b70541c73c4c4f7af221eac7
-        SHA1: 582a82a16246e3aa1e3534a2df1f33f7de90ad9d
-        SHA256: 6eb6b2bdb401d5172e19ce279574850c18e97bb0635dd89b62a92fc0442b73a3
-        SHA384: c1ff22f1feb811e669f8bf1c4b6f5334b72046c4ed2b81f07b96684747db19323a5c1dfb2fd08ad00a82538080c2689a
-    Signer:
-    - SerialNumber: 37ed9092bdd1dccf58d2afa47f961448
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: deb9c1e252f598099d70d2b33a313da3
-    SHA1: f0c2801e0091ed6f5e10ea7045e911aa90030290
-    SHA256: 914fb9761d50c3fa2ecf9fbd8af3735f9b8d6c4903e067c8af9546e79b6f22c7
-  Sections:
-    .text:
-      Entropy: 6.140846081676954
-      Virtual Size: '0xca6'
-    .rdata:
-      Entropy: 4.362536233544753
-      Virtual Size: '0x170'
-    .data:
-      Entropy: 0.0
-      Virtual Size: '0xc'
-    .pdata:
-      Entropy: 3.245354266022441
-      Virtual Size: '0x84'
-    INIT:
-      Entropy: 4.455848230056508
-      Virtual Size: '0x204'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2009-04-06 01:21:08'
-  Imphash: 12befc0a82dcb0585359d335ed47af19
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: AsIO3_64.sys
-  MD5: d5556c54c474cf0bff25804bfbe788d3
-  SHA1: c71597c89bd8e937886e3390bc8ac4f17cdeae7c
-  SHA256: fa875178ae2d7604d027510b0d0a7e2d9d675e10a4c9dda2d927ee891e0bcb91
-  Authentihash:
-    MD5: d9af966d89c5f045997042d35b9a7b91
-    SHA1: b6f1e92a8452c2aec22aaa7657e92d2aa48b3055
-    SHA256: 26b8e689a13d3434951559cff24fcfe55edeb7b78c7cc16db1a273c90aa694c1
-  Description: ''
-  Company: ''
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  Product: ''
-  ProductVersion: ''
-  Copyright: ''
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - KeSetEvent
-  - KeDelayExecutionThread
-  - KeWaitForSingleObject
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - MmGetSystemRoutineAddress
-  - MmAllocateContiguousMemory
-  - MmFreeContiguousMemory
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoCreateSynchronizationEvent
-  - IoDeleteDevice
-  - RtlGetVersion
-  - IoIs32bitProcess
-  - ObReferenceObjectByHandle
-  - ObfDereferenceObject
-  - ZwClose
-  - ZwOpenSection
-  - ZwMapViewOfSection
-  - ZwUnmapViewOfSection
-  - MmGetPhysicalAddress
-  - __C_specific_handler
-  - ZwOpenFile
-  - ZwQueryInformationFile
-  - ZwReadFile
-  - KeBugCheckEx
-  - DbgPrint
-  - RtlCopyUnicodeString
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  - HalTranslateBusAddress
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert, Inc., CN=DigiCert Trusted G4 Code Signing RSA4096
-        SHA384 2021 CA1
-      ValidFrom: '2021-04-29 00:00:00'
-      ValidTo: '2036-04-28 23:59:59'
-      Signature: 3a23443d8d0876ee8fbc3a99d356e0021aa5f84834f32cb6e67466f79472b100caaf6c302713129e90449f4bfd9ea37c26d537bc3a5d486d95d53f49f427bb16814550fd9cbdb685e0767e3771cb22f75aaa90cff5936ae3eb20d1d55079889a8a8ac1b6bda148187edcd8801a111918cd61998156f6c9e376e7c4e41b5f43f83e94ff76393d9ed499cf4add28eb5f26a1955848d51afed7273ffd90d17686dd1cb0605cf30da8eee089a1bd39e1384eda6ebb369dfbe521535ac3cae96af1a23edb43b833c84f38149299f5ddce546dd95d02141f40337c03e295b2c221757352cb46d8c4341ca2a54b8dcd6f76372c853f1ace26e918be9007b0437f9588208270f0cccaeffd29355c1f893855f7378a8b09a1cb0be9311aff2e195c3971e1be9ca70a06d62667b792e64e5fde7aac49cf2ea47492addb3ca49c861fe3c1561b2b23ff8fb5ea887b706be6a0bafd3a3f45a6c4e81691528b41c048844b964dab4440e38df01528ceedf11856072a2f10c40c08643c338fae288c3ccb8f880b0dbf3bf4ce1e7b8eefb5ebcbb7f07713e6e7283fac12aea52f226c41f9825c1566cc6c0ecac586c3f626330c074ba0d307026a6a4030484b34a85120bbad1b8508e2590d6dca05502bea4a1c9ea5fda0a71f0674e7f2d65290fdaf854821f9573bb49c03ed8645f4b4616ebf68e2266086eac8afa9fe941de7631b3a8656784e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.12
-      IsCertificateAuthority: true
-      SerialNumber: 08ad40b260d29c4c9f5ecda9bd93aed9
-      Version: 3
-      TBS:
-        MD5: 5d8003a64dfa5a4d88365da1566038cb
-        SHA1: 79465b56bc7ad55a37bdf633943da8bfc84db228
-        SHA256: 84bdc82e2f2a7f7aaa782667dac556ffcb2b33240c1f9c0a00a3264526a98332
-        SHA384: 65b1d4076a89ae273f57e6eeedecb3eae129b4168f76fa7671914cdf461d542255c59d9b85b916ae0ca6fc0fcf7a8e64
-    - Subject: ??=Private Organization, ??=TW, serialNumber=23638777, C=TW, ST=Taipei
-        City, L=Beitou District, O=ASUSTeK COMPUTER INC., CN=ASUSTeK COMPUTER INC.
-      ValidFrom: '2021-10-22 00:00:00'
-      ValidTo: '2024-10-22 23:59:59'
-      Signature: 1a8b6fd4e11cec34a3dfea314f0d59c6f41c56f76e1ac51f68e0285f1abdbda9e22628939dbd7acdf890d8ff3c7c4fff180c624b8434c6536bb61f1ff459d48a14c001d9d40ff1587cf64ce82edee2a24da8d80cd240e2af6d0e1c61aab24ce95f9c8ef50eeb0e153a343c1279fe6a003c44f3bd3ffa75ffbe314fc13bb36a9bbb3cea6026f5cb582992b016059074e4fcd8c16d4c5e8750bc9a196f94525317febcddb2d0121a235bb95136a0e4fc25611cd2915f4b488b66888168b90824e171d3214480c99fadb7b6c89cafc500eee468cb7faa9c1c1526d224ff389de012480480ced98831c324b129f2df3d3493d002ec8d4725e00eda33994f82493505861f61035c625d1c9ce2c7363799d3f1df9b17712b43cbf4c2027b54c796cbaca6b1523d028291e07774168a976ee3c879c850c1aaf65b1cec5c6dcb445487ab11b3967b8dd7726fe0dc529f7d624346a996adfd9dc6aab808edd9836a93e229ddbba4e8bb1c59719b6ebdcfc74d73f57ed946e936b5659783c199395bd2595458958edde6674bf08b3b650a8aeaa5507053b3f6ee7aedf16f55b849111535ca68ea11a5827551cba28023e230db7a209c763743ea22be0948ecf03d98ed447f66ecb97c0a525eb3b469779f2417f2082c4244b50936a9cb215745c71f3c27c98220f76395ba22a2f921a87655237977febd8b9a1564333af0cdf8e749bce0dd
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 0bbe02c8838fbf02ab56edabb1e34c19
-      Version: 3
-      TBS:
-        MD5: 0357e292e0e92b06c92b21cacfcfa451
-        SHA1: f52795bc8de5d803f09e20dd216d7df861f4cb34
-        SHA256: b33b80e64cdfb28fb9afb17259be19ffe1edf8aae62fcfbfe8ff301f786c500d
-        SHA384: 5fbe918c3fa1034d5671ae38b20773df18b8f9dd48e60f90c5c98708e73d6ca0c6dec4e2bcb0de22ba3efb59479db152
-    Signer:
-    - SerialNumber: 0bbe02c8838fbf02ab56edabb1e34c19
-      Issuer: C=US, O=DigiCert, Inc., CN=DigiCert Trusted G4 Code Signing RSA4096
-        SHA384 2021 CA1
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 3be7917d9cf3e4ac3371233a5a20d62d
-    SHA1: b7c8880dd8e1c5b626d55b5cfb0d2942e7162334
-    SHA256: 231cb707d547c553745056a7a5e03c8cd05307beb4e2208f607a1845b51d96f7
-  Sections:
-    .text:
-      Entropy: 6.407232131831549
-      Virtual Size: '0x58d3'
-    .rdata:
-      Entropy: 5.437540965006372
-      Virtual Size: '0x8d4'
-    .data:
-      Entropy: 0.9313275414257391
-      Virtual Size: '0x290'
-    .pdata:
-      Entropy: 4.005604411589105
-      Virtual Size: '0x1bc'
-    INIT:
-      Entropy: 5.265885086539526
-      Virtual Size: '0x4ec'
-    .reloc:
-      Entropy: 3.1086949695628423
-      Virtual Size: '0x14'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2022-02-17 05:12:10'
-  Imphash: b3e26c5e0de2d01597dca208ef27cc38
-  LoadsDespiteHVCI: 'TRUE'
-- Authentihash:
-    MD5: 9fd03554246c6c74c232919c680d7be8
-    SHA1: b25550309c902a21b03367ae27694c5a29b891b5
-    SHA256: c3e3719ca592ba65a67f594ec1a08d0d7ad724b088be77d48cb33627c56f4614
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2010-06-27 23:19:38'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: AsIO.sys
-  ImportedFunctions:
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ZwClose
-  - MmGetPhysicalAddress
-  - MmAllocateContiguousMemory
-  - ZwUnmapViewOfSection
-  - IoIs32bitProcess
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - IofCompleteRequest
-  - KeDelayExecutionThread
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: 1dc94a6a82697c62a04e461d7a94d0b0
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ASUSTeK Computer Inc.
-  RichPEHeaderHash:
-    MD5: fdbc1ff6c9321efd70ec149c3c8ccac6
-    SHA1: d77615c985da37ca9099b27c1be4785c6cb7ccf6
-    SHA256: 4dbce3e8c08dd544b78f87323f6d794fb990bb10cb6d239fe367da87a803f23c
-  SHA1: b97a8d506be2e7eaa4385f70c009b22adbd071ba
-  SHA256: 2da330a2088409efc351118445a824f11edbe51cf3d653b298053785097fe40e
-  Sections:
-    .text:
-      Entropy: 6.108859458208728
-      Virtual Size: '0xd86'
-    .rdata:
-      Entropy: 4.337980114178664
-      Virtual Size: '0x188'
-    .data:
-      Entropy: 0.0
-      Virtual Size: '0xc'
-    .pdata:
-      Entropy: 3.2608964358708645
-      Virtual Size: '0x84'
-    INIT:
-      Entropy: 4.571215641554434
-      Virtual Size: '0x24a'
-  Signature:
-  - ASUSTeK Computer Inc.
-  - VeriSign Class 3 Code Signing 2009-2 CA
-  - VeriSign Class 3 Public Primary CA
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=TW, ST=Taiwan, L=Taipei / Peitou, O=ASUSTeK Computer Inc., OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=Quality Testing Department,
-        CN=ASUSTeK Computer Inc.
-      ValidFrom: '2009-08-03 00:00:00'
-      ValidTo: '2012-08-03 23:59:59'
-      Signature: bdc1dedf888c617c55af86763028f36094aeaadb7ebe82208e02d910305a252b4156a62a7f17366536fde06c13ff2bd8891e303a1e8c5c3cdb5fb257627367e3b6446b76c8080f61feac4424c5ef89467a79dc55fcb929805b727a10b39493038f97535686250f46e169bc85a02fb1f8a2626235a540e058084d1b17dbb7c426e76a8d3c2b3e2c0c4f33b9d6cc8d7a3590f8f61358ea5380ee0af3df7197dc4a615bcef1bcd119dba007d955d1acd14b42ab89d3539047d13d3e767de04ab5aa289fa0a698a582e84a5a65a1c9fabed2f75576629e8ad1826b68f2fca2baa751745f5ec968ed91cdf9761244a80b8c0d957900297ac3523c7a20c64e35be1b0a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 12d5c9e2949d48abaccd3514f0fb22ad
-      Version: 3
-      TBS:
-        MD5: a8e2727ca2cb8705c02aaef015feb372
-        SHA1: 94a0711ecebe96729e048ae1c7de9c4ba5c25ec4
-        SHA256: dd670882ef38bfeecfb2865ad06f52e36b07f99fbf5937b2ede58178d2221961
-        SHA384: 508037c851d72d2bf8f35ba25436903a510d02d58f923b6d2c694a9a27f4a82b0b0953ee7b3c68078faafe3886a64aa4
-    Signer:
-    - SerialNumber: 12d5c9e2949d48abaccd3514f0fb22ad
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  Imphash: b4b90c1b054ebe273bff4b2fd6927990
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 7bb2dcc29ba50372d08fea800c190f09
-    SHA1: e5c090903a20744ba3583a8ea684d035e8cecc34
-    SHA256: 9dcfd796e244d0687cc35eac9538f209f76c6df12de166f19dbc7d2c47fb16b3
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2012-08-22 03:54:47'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: AsIO.sys
-  ImportedFunctions:
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - RtlInitUnicodeString
-  - ZwClose
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ZwMapViewOfSection
-  - MmGetPhysicalAddress
-  - MmAllocateContiguousMemory
-  - ZwUnmapViewOfSection
-  - IoIs32bitProcess
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - IofCompleteRequest
-  - KeDelayExecutionThread
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: 798de15f187c1f013095bbbeb6fb6197
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ASUSTeK Computer Inc.
-  RichPEHeaderHash:
-    MD5: fdbc1ff6c9321efd70ec149c3c8ccac6
-    SHA1: d77615c985da37ca9099b27c1be4785c6cb7ccf6
-    SHA256: 4dbce3e8c08dd544b78f87323f6d794fb990bb10cb6d239fe367da87a803f23c
-  SHA1: 92f251358b3fe86fd5e7aa9b17330afa0d64a705
-  SHA256: 436ccab6f62fa2d29827916e054ade7acae485b3de1d3e5c6c62d3debf1480e7
-  Sections:
-    .text:
-      Entropy: 6.1181571322303645
-      Virtual Size: '0xd66'
-    .rdata:
-      Entropy: 4.313686441268313
-      Virtual Size: '0x188'
-    .data:
-      Entropy: 0.0
-      Virtual Size: '0xc'
-    .pdata:
-      Entropy: 3.3006321366120503
-      Virtual Size: '0x84'
-    INIT:
-      Entropy: 4.548019208277369
-      Virtual Size: '0x24a'
-  Signature:
-  - ASUSTeK Computer Inc.
-  - VeriSign Class 3 Code Signing 2010 CA
-  - VeriSign
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G3
-      ValidFrom: '2012-05-01 00:00:00'
-      ValidTo: '2012-12-31 23:59:59'
-      Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
-      Version: 3
-      TBS:
-        MD5: e6d820afb23af20a65cf0b03247ea05e
-        SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
-        SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
-        SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=TW, ST=Taiwan, L=Taipei / Peitou, O=ASUSTeK Computer Inc., OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=Quality Testing Department,
-        CN=ASUSTeK Computer Inc.
-      ValidFrom: '2012-07-31 00:00:00'
-      ValidTo: '2015-08-03 23:59:59'
-      Signature: 03cd161c1960e13d0b06441f08fdfc9df8319f8d87a83ecc865bc20767841d4087e40dc9d770bdc5c0fe6ccb9cf3e08bee7364451b03fb3130356761cae54417e8a282ed7cd33b0becd72e8799b616a2766976a7172a1cc299e8321ebeb479f592e03f425da4b2ea6a0cd0b5cc32b9bdeec80aa3ef0a62d6e16b72765301d53ef883ab9210a4b868ff2e2724e37804feb5277d3e26da8ba9d0b6ef61769d1c0f62a78757779d7134a63320b1a692584f12162d3fa20ec6e1b038b1a8d7afc2fad7b692759c6a000159714271f40d608fed3c08213b757fa75baf4674380f5aea46b7125f17532c636876c1f3e0d4b0350822f2a640001fda794b969e2cc681c2
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 7d08d9bc130726de26ee4ef28e133084
-      Version: 3
-      TBS:
-        MD5: 72cafb0a175f0481177fa2c9803283c7
-        SHA1: b603167b958c5fcd7094552891ddc4e2ea4c149f
-        SHA256: a36a0024075771a4b30eab8f1288817059fe1a01003d0c1d92f647df17f3b688
-        SHA384: 33c28dc6857ce5d20a2e9ba8a47f6bc80a9a98fba518fd732963bedbbb408848b89b3d8438d413f8b933ee761ffa1653
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 7d08d9bc130726de26ee4ef28e133084
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: d7de998e454f947f62d4a6b66490563b
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 1e97ead4c5049f8fefe2b72edd5fa90e
-    SHA1: 2a95f882dd9bafcc57f144a2708a7ec67dd7844c
-    SHA256: 7f75d91844b0c162eeb24d14bcf63b7f230e111daa7b0a26eaa489eeb22d9057
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2010-08-02 20:47:59'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: AsIO.sys
-  ImportedFunctions:
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ZwClose
-  - MmGetPhysicalAddress
-  - MmAllocateContiguousMemory
-  - ZwUnmapViewOfSection
-  - IoIs32bitProcess
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - IofCompleteRequest
-  - KeDelayExecutionThread
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: 1392b92179b07b672720763d9b1028a5
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ASUSTeK Computer Inc.
-  RichPEHeaderHash:
-    MD5: 058831031bc182e09fd9501e62a8c8ce
-    SHA1: 23c55978de25c037af392054d26cc72818ee3a60
-    SHA256: 7890a60d1090102ce6bb8cacac02b827a9edbbdf8ec13c022a9170b0ee036c43
-  SHA1: 8b6aa5b2bff44766ef7afbe095966a71bc4183fa
-  SHA256: b4d47ea790920a4531e3df5a4b4b0721b7fea6b49a35679f0652f1e590422602
-  Sections:
-    .text:
-      Entropy: 6.128485959548185
-      Virtual Size: '0x10fc'
-    .rdata:
-      Entropy: 4.469326855336564
-      Virtual Size: '0x1a0'
-    .data:
-      Entropy: 0.0
-      Virtual Size: '0xc'
-    .pdata:
-      Entropy: 3.3216749799000778
-      Virtual Size: '0x90'
-    INIT:
-      Entropy: 4.5288929688981066
-      Virtual Size: '0x24a'
-  Signature:
-  - ASUSTeK Computer Inc.
-  - VeriSign Class 3 Code Signing 2009-2 CA
-  - VeriSign Class 3 Public Primary CA
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=TW, ST=Taiwan, L=Taipei / Peitou, O=ASUSTeK Computer Inc., OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=Quality Testing Department,
-        CN=ASUSTeK Computer Inc.
-      ValidFrom: '2009-08-03 00:00:00'
-      ValidTo: '2012-08-03 23:59:59'
-      Signature: bdc1dedf888c617c55af86763028f36094aeaadb7ebe82208e02d910305a252b4156a62a7f17366536fde06c13ff2bd8891e303a1e8c5c3cdb5fb257627367e3b6446b76c8080f61feac4424c5ef89467a79dc55fcb929805b727a10b39493038f97535686250f46e169bc85a02fb1f8a2626235a540e058084d1b17dbb7c426e76a8d3c2b3e2c0c4f33b9d6cc8d7a3590f8f61358ea5380ee0af3df7197dc4a615bcef1bcd119dba007d955d1acd14b42ab89d3539047d13d3e767de04ab5aa289fa0a698a582e84a5a65a1c9fabed2f75576629e8ad1826b68f2fca2baa751745f5ec968ed91cdf9761244a80b8c0d957900297ac3523c7a20c64e35be1b0a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 12d5c9e2949d48abaccd3514f0fb22ad
-      Version: 3
-      TBS:
-        MD5: a8e2727ca2cb8705c02aaef015feb372
-        SHA1: 94a0711ecebe96729e048ae1c7de9c4ba5c25ec4
-        SHA256: dd670882ef38bfeecfb2865ad06f52e36b07f99fbf5937b2ede58178d2221961
-        SHA384: 508037c851d72d2bf8f35ba25436903a510d02d58f923b6d2c694a9a27f4a82b0b0953ee7b3c68078faafe3886a64aa4
-    Signer:
-    - SerialNumber: 12d5c9e2949d48abaccd3514f0fb22ad
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  Imphash: b4b90c1b054ebe273bff4b2fd6927990
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 9e7fb1f3c75f1f5e6769813c545643fc
-    SHA1: 86f07797273b7f0e0805d2add8c1a0be116eb88c
-    SHA256: 191689c53195dbe828f406b206cb167dcd4671ecdab32b80e01c885f706a6baf
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2010-08-23 19:53:02'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: AsIO.sys
-  ImportedFunctions:
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ZwClose
-  - MmGetPhysicalAddress
-  - MmAllocateContiguousMemory
-  - ZwUnmapViewOfSection
-  - IoIs32bitProcess
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - IofCompleteRequest
-  - KeDelayExecutionThread
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: fef9dd9ea587f8886ade43c1befbdafe
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ASUSTeK Computer Inc.
-  RichPEHeaderHash:
-    MD5: fdbc1ff6c9321efd70ec149c3c8ccac6
-    SHA1: d77615c985da37ca9099b27c1be4785c6cb7ccf6
-    SHA256: 4dbce3e8c08dd544b78f87323f6d794fb990bb10cb6d239fe367da87a803f23c
-  SHA1: af6e1f2cfb230907476e8b2d676129b6d6657124
-  SHA256: dde6f28b3f7f2abbee59d4864435108791631e9cb4cdfb1f178e5aa9859956d8
-  Sections:
-    .text:
-      Entropy: 6.107404762164129
-      Virtual Size: '0xd86'
-    .rdata:
-      Entropy: 4.358520944651229
-      Virtual Size: '0x188'
-    .data:
-      Entropy: 0.0
-      Virtual Size: '0xc'
-    .pdata:
-      Entropy: 3.2608964358708645
-      Virtual Size: '0x84'
-    INIT:
-      Entropy: 4.571215641554434
-      Virtual Size: '0x24a'
-  Signature:
-  - ASUSTeK Computer Inc.
-  - VeriSign Class 3 Code Signing 2009-2 CA
-  - VeriSign Class 3 Public Primary CA
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=TW, ST=Taiwan, L=Taipei / Peitou, O=ASUSTeK Computer Inc., OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=Quality Testing Department,
-        CN=ASUSTeK Computer Inc.
-      ValidFrom: '2009-08-03 00:00:00'
-      ValidTo: '2012-08-03 23:59:59'
-      Signature: bdc1dedf888c617c55af86763028f36094aeaadb7ebe82208e02d910305a252b4156a62a7f17366536fde06c13ff2bd8891e303a1e8c5c3cdb5fb257627367e3b6446b76c8080f61feac4424c5ef89467a79dc55fcb929805b727a10b39493038f97535686250f46e169bc85a02fb1f8a2626235a540e058084d1b17dbb7c426e76a8d3c2b3e2c0c4f33b9d6cc8d7a3590f8f61358ea5380ee0af3df7197dc4a615bcef1bcd119dba007d955d1acd14b42ab89d3539047d13d3e767de04ab5aa289fa0a698a582e84a5a65a1c9fabed2f75576629e8ad1826b68f2fca2baa751745f5ec968ed91cdf9761244a80b8c0d957900297ac3523c7a20c64e35be1b0a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 12d5c9e2949d48abaccd3514f0fb22ad
-      Version: 3
-      TBS:
-        MD5: a8e2727ca2cb8705c02aaef015feb372
-        SHA1: 94a0711ecebe96729e048ae1c7de9c4ba5c25ec4
-        SHA256: dd670882ef38bfeecfb2865ad06f52e36b07f99fbf5937b2ede58178d2221961
-        SHA384: 508037c851d72d2bf8f35ba25436903a510d02d58f923b6d2c694a9a27f4a82b0b0953ee7b3c68078faafe3886a64aa4
-    Signer:
-    - SerialNumber: 12d5c9e2949d48abaccd3514f0fb22ad
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  Imphash: b4b90c1b054ebe273bff4b2fd6927990
-  LoadsDespiteHVCI: 'TRUE'
-- Authentihash:
-    MD5: 9f79edf758e219929902ec7564e0f435
-    SHA1: c92148d0666f2235500805975be79738b84e48c2
-    SHA256: 19c74ea0e0baf04820e5642bd2fa224158801ed966be1041539e3c55bd65c471
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2009-04-06 01:21:08'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - ZwClose
-  - IofCompleteRequest
-  - ZwUnmapViewOfSection
-  - IoIs32bitProcess
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - IoDeleteSymbolicLink
-  - KeDelayExecutionThread
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: 517d484bdbad4637188ec7a908335b86
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: deb9c1e252f598099d70d2b33a313da3
-    SHA1: f0c2801e0091ed6f5e10ea7045e911aa90030290
-    SHA256: 914fb9761d50c3fa2ecf9fbd8af3735f9b8d6c4903e067c8af9546e79b6f22c7
-  SHA1: 2207cdee7deaba1492ae2349392864f19eb4dfaf
-  SHA256: db73b0fa032be22405fa0b52fbfe3b30e56ac4787e620e4854c32668ae43bc33
-  Sections:
-    .text:
-      Entropy: 6.140846081676954
-      Virtual Size: '0xca6'
-    .rdata:
-      Entropy: 4.362536233544753
-      Virtual Size: '0x170'
-    .data:
-      Entropy: 0.0
-      Virtual Size: '0xc'
-    .pdata:
-      Entropy: 3.245354266022441
-      Virtual Size: '0x84'
-    INIT:
-      Entropy: 4.455848230056508
-      Virtual Size: '0x204'
-  Signature: ''
-  Signatures: {}
-  Imphash: 12befc0a82dcb0585359d335ed47af19
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 7bb2dcc29ba50372d08fea800c190f09
-    SHA1: e5c090903a20744ba3583a8ea684d035e8cecc34
-    SHA256: 9dcfd796e244d0687cc35eac9538f209f76c6df12de166f19dbc7d2c47fb16b3
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2012-08-22 03:54:47'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - RtlInitUnicodeString
-  - ZwClose
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ZwMapViewOfSection
-  - MmGetPhysicalAddress
-  - MmAllocateContiguousMemory
-  - ZwUnmapViewOfSection
-  - IoIs32bitProcess
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - IofCompleteRequest
-  - KeDelayExecutionThread
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: b2e4e588ce7b993cc31c18a0721d904d
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: fdbc1ff6c9321efd70ec149c3c8ccac6
-    SHA1: d77615c985da37ca9099b27c1be4785c6cb7ccf6
-    SHA256: 4dbce3e8c08dd544b78f87323f6d794fb990bb10cb6d239fe367da87a803f23c
-  SHA1: a714a2a045fa8f46d0165b78fe3eecf129c1de3a
-  SHA256: 707b4b5f5c4585156d8a4d8c39cf26729f5ad05d7f77b17f48e670e808e3e6a0
-  Sections:
-    .text:
-      Entropy: 6.1181571322303645
-      Virtual Size: '0xd66'
-    .rdata:
-      Entropy: 4.313686441268313
-      Virtual Size: '0x188'
-    .data:
-      Entropy: 0.0
-      Virtual Size: '0xc'
-    .pdata:
-      Entropy: 3.3006321366120503
-      Virtual Size: '0x84'
-    INIT:
-      Entropy: 4.548019208277369
-      Virtual Size: '0x24a'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft
-        Windows Hardware Compatibility Publisher
-      ValidFrom: '2014-12-19 19:27:34'
-      ValidTo: '2016-03-19 19:27:34'
-      Signature: 9c8895d0b78e2fb9a8fff5d730270c52de3a7ead8c7e649a21d81298c0a56bed1fb109217ae8b55a5c3a4334ee73203e5d44c03ef843ef2b93621369e7079513d72985c1143d04b5f342dc3a92f554bd1a8a58943c177dda5dd7c3e5280891583cd251dac090051e36faa455e751498657c06ff9f886e6d431b498fce1ea596e21d8bc45c8ad97e2376158c2d18a1f1daaa694fd736ab959c8980358f5f83ccf340fc6594ddeb60587c567e7167ea1129a81f536222046cdde2706e30d6f2fb3b9984bace9f40afe2473a4b4ee4e1fb799259ba41101e08b546d55b55ecd52f10296d5ad0dadeba22cf7c250d5f029457c15f95dee91af4ee7ee0ed6f67ff4fc
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 330000001dc31a761624754f8000000000001d
-      Version: 3
-      TBS:
-        MD5: df2a0bc442ef65cd9973329be21c642f
-        SHA1: d13bcda797c6b986a1a45b7ce9184e87ba0f994c
-        SHA256: 41718d172e45eaa02ec88494587672cf50f96a310aebc5b49a66c0adae99edc5
-        SHA384: db7864a35b468726f3d431e07825ae860ddb0d6250b3bd8906f1b0ff98ce7b4c563c73288b01ec8f1ec5a2a06f31bc40
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2012
-      ValidFrom: '2012-04-18 23:48:38'
-      ValidTo: '2027-04-18 23:58:38'
-      Signature: 5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 610baac1000000000009
-      Version: 3
-      TBS:
-        MD5: a569061297e8e824767dbc3184a69bea
-        SHA1: adbb26a587a8f44b4fccaecb306f980d1c55a150
-        SHA256: cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46
-        SHA384: e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba
-    Signer:
-    - SerialNumber: 330000001dc31a761624754f8000000000001d
-      Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2012
-      Version: 1
-  Imphash: d7de998e454f947f62d4a6b66490563b
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 5b13f61ef5173aaea45b31d934fa2b37
-    SHA1: 55ab7e27412eca433d76513edc7e6e03bcdd7eda
-    SHA256: c1b41d6b91448e2409bb2f4fbf4aeb952adf373d0decc9d052277b89ba401407
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2009-08-03 01:02:32'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - READ_REGISTER_UCHAR
-  - READ_REGISTER_USHORT
-  - READ_REGISTER_ULONG
-  - WRITE_REGISTER_UCHAR
-  - WRITE_REGISTER_USHORT
-  - KeQuerySystemTime
-  - ZwClose
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - IoDeleteSymbolicLink
-  - KeDelayExecutionThread
-  - ZwUnmapViewOfSection
-  - IofCompleteRequest
-  - RtlInitUnicodeString
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - WRITE_REGISTER_ULONG
-  - IoDeleteDevice
-  - WRITE_PORT_USHORT
-  - WRITE_PORT_UCHAR
-  - HalTranslateBusAddress
-  - READ_PORT_ULONG
-  - READ_PORT_USHORT
-  - READ_PORT_UCHAR
-  - WRITE_PORT_ULONG
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: 9d8cb58b9a9e177ddd599791a58a654d
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 1dca2593c812b9d1ad59cd6c601d9984
-    SHA1: ed8d9ab054b6e3b43e55dff40654162d6abc6657
-    SHA256: 332168c7827fb42ec1ee5e08f64bb7273db098da638241b85585b8daf24ba5fb
-  SHA1: e4e40032376279e29487afc18527804dce792883
-  SHA256: b3e645e8817696fa5d5e2255f9328f3b6a2e5fce91737f4d654ff155dc9851e5
-  Sections:
-    .text:
-      Entropy: 6.1960789663995905
-      Virtual Size: '0x872'
-    .rdata:
-      Entropy: 2.808152433711106
-      Virtual Size: '0xc4'
-    .data:
-      Entropy: -0.0
-      Virtual Size: '0xc'
-    INIT:
-      Entropy: 5.208673110075946
-      Virtual Size: '0x2f0'
-    .reloc:
-      Entropy: 3.9280891177162527
-      Virtual Size: '0x92'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=TW, ST=Taiwan, L=Taipei / Peitou, O=ASUSTeK Computer Inc., OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=Quality Testing Department,
-        CN=ASUSTeK Computer Inc.
-      ValidFrom: '2009-08-03 00:00:00'
-      ValidTo: '2012-08-03 23:59:59'
-      Signature: bdc1dedf888c617c55af86763028f36094aeaadb7ebe82208e02d910305a252b4156a62a7f17366536fde06c13ff2bd8891e303a1e8c5c3cdb5fb257627367e3b6446b76c8080f61feac4424c5ef89467a79dc55fcb929805b727a10b39493038f97535686250f46e169bc85a02fb1f8a2626235a540e058084d1b17dbb7c426e76a8d3c2b3e2c0c4f33b9d6cc8d7a3590f8f61358ea5380ee0af3df7197dc4a615bcef1bcd119dba007d955d1acd14b42ab89d3539047d13d3e767de04ab5aa289fa0a698a582e84a5a65a1c9fabed2f75576629e8ad1826b68f2fca2baa751745f5ec968ed91cdf9761244a80b8c0d957900297ac3523c7a20c64e35be1b0a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 12d5c9e2949d48abaccd3514f0fb22ad
-      Version: 3
-      TBS:
-        MD5: a8e2727ca2cb8705c02aaef015feb372
-        SHA1: 94a0711ecebe96729e048ae1c7de9c4ba5c25ec4
-        SHA256: dd670882ef38bfeecfb2865ad06f52e36b07f99fbf5937b2ede58178d2221961
-        SHA384: 508037c851d72d2bf8f35ba25436903a510d02d58f923b6d2c694a9a27f4a82b0b0953ee7b3c68078faafe3886a64aa4
-    Signer:
-    - SerialNumber: 12d5c9e2949d48abaccd3514f0fb22ad
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  Imphash: b0e74761cced2dde5173ae05ec562085
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 4fcf3854e63dee328f9deefa6ce069cb
-    SHA1: d569d4bab86e70efbcdfdac9d822139d6f477b7c
-    SHA256: 80599708ce61ec5d6dcfc5977208a2a0be2252820a88d9ba260d8cdf5dc7fbe4
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2005-12-21 01:55:21'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - READ_REGISTER_UCHAR
-  - READ_REGISTER_USHORT
-  - READ_REGISTER_ULONG
-  - WRITE_REGISTER_UCHAR
-  - KeQuerySystemTime
-  - KeDelayExecutionThread
-  - IofCompleteRequest
-  - ZwClose
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - IoDeleteSymbolicLink
-  - DbgPrint
-  - ZwUnmapViewOfSection
-  - IoCreateSymbolicLink
-  - RtlInitUnicodeString
-  - IoCreateDevice
-  - WRITE_REGISTER_USHORT
-  - IoDeleteDevice
-  - WRITE_REGISTER_ULONG
-  - WRITE_PORT_ULONG
-  - WRITE_PORT_USHORT
-  - HalTranslateBusAddress
-  - READ_PORT_ULONG
-  - WRITE_PORT_UCHAR
-  - READ_PORT_UCHAR
-  - READ_PORT_USHORT
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: 663f2fb92608073824ee3106886120f3
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: b39d8b5610182849a95fa415c9786274
-    SHA1: 47e24c8d5f1687b4811c2267b1519e4f53576005
-    SHA256: bde1051ba0a00c5223e7850f91b66678c6236ab82415e73114502cd4e9e2bef8
-  SHA1: 470633a3a1e1b1f13c3f6c5192ce881efd206d7c
-  SHA256: 41765151df57125286b398cc107ff8007972f4653527f876d133dac1548865d6
-  Sections:
-    .text:
-      Entropy: 6.41894248761542
-      Virtual Size: '0xcac'
-    .rdata:
-      Entropy: 2.710450233592338
-      Virtual Size: '0xd4'
-    .data:
-      Entropy: -0.0
-      Virtual Size: '0xc'
-    INIT:
-      Entropy: 5.25231831216104
-      Virtual Size: '0x300'
-    .reloc:
-      Entropy: 4.575666038623564
-      Virtual Size: '0xcc'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2008-12-03 23:59:59'
-      Signature: 877870da4e5201205be079c98230c4fdb91996bd9100c3bdcdcdc6f40ed8fff94dc033623011c5f5741bd492de5f9c2013b17c45be50cd83e7801783a72793671346fbcab8984103cc9b515b058b7fa86ff31b501b242ef2698d6c22f7bbca1695ed0c74c06877d9eb996287c17390f889747a23aba3987b97b1f78f29714d2e751b4841daf0b50d2054d677a097826369fd09cf8af075bb099bd9f91155269a6132be7a02b07b86bea2c38b222c78d13576bc92735cf9b9e64c150a23cce4d2d4342e4940153c0f607a24c6a566ef96cf70eb3ee7f40d7edcd17ca3767169c19c4f47303521b1a2af1a623c2bd98eaa2a077bd818b35c7be29da56ffe3c89ad
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0de92bf0d4d82988183205095e9a7688
-      Version: 3
-      TBS:
-        MD5: 45c204b8a20f6abb0188d2d38a3fb0c9
-        SHA1: cdf3a3c5c2eda4c29621f30fd3154f9f8c765739
-        SHA256: e32839dddc0f4ed2474efaf37f59d46db400c700fd19533cb0895a111124bc77
-        SHA384: ee9c75832cb252218b3201619852209df490d2ef7a5f7a28afdb37f1c1dd56f4604898838e558f615b1c798d4a488223
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=TW, ST=Taiwan, L=Taipei / Peitou, O=ASUSTeK Computer Inc., OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=Quality Testing Department,
-        CN=ASUSTeK Computer Inc.
-      ValidFrom: '2006-06-27 00:00:00'
-      ValidTo: '2007-07-16 23:59:59'
-      Signature: 3e9083070ad85eabc973807c097269557b889eba86f794582fdc292452dcb7f8bcc45cd4743a1f6fb1b4a2186c7be5c62cea2cfa8d7a8cf6b343ddd3da952369aeea7cdbb7fb2d0c172e9bd3f834d838e598760aa04f073962665cce0382d2f549978ec5b9b3d039eddfb4c4b3403f5a7ba908e6523bd44e39705deee334eb3d4dba63ac71da30b5a6a3c9bde15f52b39732144d7e59acae08622c5f78f0097899265af6be9d1f1b868e500fca79fe967ddd6d777597d52c201210d4903c6929e59ca804518364ab1f75925a99b70591290cab0f4c079392a985797cc99b1fc87cf7237ec4ce715abd07f108e320e42c327d305be93dde94161251414fc46516
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 284649f592786c4851c1138e364185ae
-      Version: 3
-      TBS:
-        MD5: 2fc1a78b4874ed1ac403284a5d4084fb
-        SHA1: 9ae9b025b3a9ebfacdf55104f3fc1c143457a296
-        SHA256: 9ffd439139209f1a084cb30cd791558dc266265405f7c5c7444c5a941ff0c004
-        SHA384: 656817a3d8aa52cdc8fbff1dcb0ef1f07ea93f0c6b82067d7c6c5f68a125dc3b50f88974a66d59ecc5b996ca5e55eaa1
-    Signer:
-    - SerialNumber: 284649f592786c4851c1138e364185ae
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  Imphash: f4c5b0399665885a7dd34f7cdbbc586f
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 09e04d9a1ba63e4db9e4b55a00d5050d
-    SHA1: 61e1b497a5df0797527d6d465a8f315a82ad35eb
-    SHA256: 739c11fdb8673ab5b78f1a874daf5ba3faddb7910a6d4e0cc49abd8b8537333f
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2009-08-03 01:03:16'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - ZwClose
-  - IofCompleteRequest
-  - ZwUnmapViewOfSection
-  - IoIs32bitProcess
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - IoDeleteSymbolicLink
-  - KeDelayExecutionThread
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: a82c01606dc27d05d9d3bfb6bb807e32
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: deb9c1e252f598099d70d2b33a313da3
-    SHA1: f0c2801e0091ed6f5e10ea7045e911aa90030290
-    SHA256: 914fb9761d50c3fa2ecf9fbd8af3735f9b8d6c4903e067c8af9546e79b6f22c7
-  SHA1: 1951ae94c6ee63fa801208771b5784f021c70c60
-  SHA256: ce231637422709d927fb6fa0c4f2215b9c0e3ebbd951fb2fa97b8e64da479b96
-  Sections:
-    .text:
-      Entropy: 6.1423523697958835
-      Virtual Size: '0xca6'
-    .rdata:
-      Entropy: 4.447540499473679
-      Virtual Size: '0x178'
-    .data:
-      Entropy: 0.0
-      Virtual Size: '0xc'
-    .pdata:
-      Entropy: 3.2844547164673656
-      Virtual Size: '0x84'
-    INIT:
-      Entropy: 4.455848230056508
-      Virtual Size: '0x204'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=TW, ST=Taiwan, L=Taipei / Peitou, O=ASUSTeK Computer Inc., OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=Quality Testing Department,
-        CN=ASUSTeK Computer Inc.
-      ValidFrom: '2009-08-03 00:00:00'
-      ValidTo: '2012-08-03 23:59:59'
-      Signature: bdc1dedf888c617c55af86763028f36094aeaadb7ebe82208e02d910305a252b4156a62a7f17366536fde06c13ff2bd8891e303a1e8c5c3cdb5fb257627367e3b6446b76c8080f61feac4424c5ef89467a79dc55fcb929805b727a10b39493038f97535686250f46e169bc85a02fb1f8a2626235a540e058084d1b17dbb7c426e76a8d3c2b3e2c0c4f33b9d6cc8d7a3590f8f61358ea5380ee0af3df7197dc4a615bcef1bcd119dba007d955d1acd14b42ab89d3539047d13d3e767de04ab5aa289fa0a698a582e84a5a65a1c9fabed2f75576629e8ad1826b68f2fca2baa751745f5ec968ed91cdf9761244a80b8c0d957900297ac3523c7a20c64e35be1b0a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 12d5c9e2949d48abaccd3514f0fb22ad
-      Version: 3
-      TBS:
-        MD5: a8e2727ca2cb8705c02aaef015feb372
-        SHA1: 94a0711ecebe96729e048ae1c7de9c4ba5c25ec4
-        SHA256: dd670882ef38bfeecfb2865ad06f52e36b07f99fbf5937b2ede58178d2221961
-        SHA384: 508037c851d72d2bf8f35ba25436903a510d02d58f923b6d2c694a9a27f4a82b0b0953ee7b3c68078faafe3886a64aa4
-    Signer:
-    - SerialNumber: 12d5c9e2949d48abaccd3514f0fb22ad
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  Imphash: 12befc0a82dcb0585359d335ed47af19
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 7bb2dcc29ba50372d08fea800c190f09
-    SHA1: e5c090903a20744ba3583a8ea684d035e8cecc34
-    SHA256: 9dcfd796e244d0687cc35eac9538f209f76c6df12de166f19dbc7d2c47fb16b3
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2012-08-22 03:54:47'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - RtlInitUnicodeString
-  - ZwClose
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ZwMapViewOfSection
-  - MmGetPhysicalAddress
-  - MmAllocateContiguousMemory
-  - ZwUnmapViewOfSection
-  - IoIs32bitProcess
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - IofCompleteRequest
-  - KeDelayExecutionThread
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: 94cdf2cf363be5a8749670bea4db65cd
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: fdbc1ff6c9321efd70ec149c3c8ccac6
-    SHA1: d77615c985da37ca9099b27c1be4785c6cb7ccf6
-    SHA256: 4dbce3e8c08dd544b78f87323f6d794fb990bb10cb6d239fe367da87a803f23c
-  SHA1: 96523f72e4283f9816d3da8f2270690dd1dd263e
-  SHA256: 20e52e0d7f579dc6884cc6e80266fddceda69ea5fdd0b095c0874b0d877e48a2
-  Sections:
-    .text:
-      Entropy: 6.1181571322303645
-      Virtual Size: '0xd66'
-    .rdata:
-      Entropy: 4.313686441268313
-      Virtual Size: '0x188'
-    .data:
-      Entropy: 0.0
-      Virtual Size: '0xc'
-    .pdata:
-      Entropy: 3.3006321366120503
-      Virtual Size: '0x84'
-    INIT:
-      Entropy: 4.548019208277369
-      Virtual Size: '0x24a'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: ??=TW, ??=Private Organization, serialNumber=23638777, C=TW, L=Taipei
-        City, O=ASUSTeK Computer Inc., CN=ASUSTeK Computer Inc.
-      ValidFrom: '2019-01-08 00:00:00'
-      ValidTo: '2022-01-11 12:00:00'
-      Signature: 084206939546981ffc713f3c3e53c49e5336fc644a0afef36e591fd0aa4ad0ae00b4d3b3939a7a19fbfaa95947c169841788886a96482e731770a4f932c19b90ec34bb3fcaf883ca940c960043e8ff31fefb05791bf1be967b527c147f8b834b0bed7c6ded0877736ffffdc8a9f17f34e7f9cbb64f08cb20c98f56c617a31ec6f02a7aa632d6161ff02a62cc491fc8577442352a03f15a03a10408f9247f5ca176f2c928226a1b3cc9ae2a474ed46e26b38d8b57b740b1e9e1420c9a978d1469ae9710186a2d94558b493617806688c5418c386d09552da2a9757fd75f16640c53331595c49077ad2a7e46662c9ce77f612faa06b8968887d9e27c6679898bdf
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 073501671dc61bf273a6daec906e40a5
-      Version: 3
-      TBS:
-        MD5: 40e2b5ee26c4990c33a5e669c600b8a3
-        SHA1: 30796f70d4552dd84ee58219d9f61df8c22bec18
-        SHA256: 3062c7ba0949c3e882ca9cc23a60b9e4e742c7e2e1d4c3a63b893019189dba13
-        SHA384: e215473c05b611248331b3b259cc483a94c2d830fa63a5b6e08d1e52b06d360ebd30519a73f6ffcf79be880975e94738
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 073501671dc61bf273a6daec906e40a5
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA (SHA2)
-      Version: 1
-  Imphash: d7de998e454f947f62d4a6b66490563b
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 3824dd56459d29ffc5d4bb51d7123778
-    SHA1: 5a7dd0da0aee0bdedc14c1b7831b9ce9178a0346
-    SHA256: 92edd48dfac025d4069eb6491b9730d9d131b77cceaa480af9b3c32bc8c5e3a9
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2012-08-22 03:54:43'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - ZwClose
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - WRITE_REGISTER_ULONG
-  - MmAllocateContiguousMemory
-  - IofCompleteRequest
-  - ZwUnmapViewOfSection
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeTickCount
-  - WRITE_REGISTER_USHORT
-  - WRITE_REGISTER_UCHAR
-  - READ_REGISTER_ULONG
-  - READ_REGISTER_USHORT
-  - READ_REGISTER_UCHAR
-  - KeQuerySystemTime
-  - MmGetPhysicalAddress
-  - KeDelayExecutionThread
-  - WRITE_PORT_USHORT
-  - WRITE_PORT_UCHAR
-  - HalTranslateBusAddress
-  - READ_PORT_ULONG
-  - READ_PORT_USHORT
-  - READ_PORT_UCHAR
-  - WRITE_PORT_ULONG
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: 272446de15c63095940a3dad0b426f21
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 432a6583ab7bafb3773874586c68db85
-    SHA1: bb0833dab5efdcbfcad58fe4e9a35fc31de53442
-    SHA256: 1dffaf610cdef8285f0794d34bc503106b06dbe14d99da734436265b9461f6c9
-  SHA1: 7eb34cc1fcffb4fdb5cb7e97184dd64a65cb9371
-  SHA256: 52a90fd1546c068b92add52c29fbb8a87d472a57e609146bbcb34862f9dcec15
-  Sections:
-    .text:
-      Entropy: 6.23937613305102
-      Virtual Size: '0x8ad'
-    .rdata:
-      Entropy: 4.36827815837928
-      Virtual Size: '0xe7'
-    .data:
-      Entropy: 1.311278124459133
-      Virtual Size: '0x10'
-    INIT:
-      Entropy: 5.344545644500133
-      Virtual Size: '0x370'
-    .reloc:
-      Entropy: 3.6862767817925604
-      Virtual Size: '0xc6'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft
-        Windows Hardware Compatibility Publisher
-      ValidFrom: '2014-12-19 19:27:34'
-      ValidTo: '2016-03-19 19:27:34'
-      Signature: 9c8895d0b78e2fb9a8fff5d730270c52de3a7ead8c7e649a21d81298c0a56bed1fb109217ae8b55a5c3a4334ee73203e5d44c03ef843ef2b93621369e7079513d72985c1143d04b5f342dc3a92f554bd1a8a58943c177dda5dd7c3e5280891583cd251dac090051e36faa455e751498657c06ff9f886e6d431b498fce1ea596e21d8bc45c8ad97e2376158c2d18a1f1daaa694fd736ab959c8980358f5f83ccf340fc6594ddeb60587c567e7167ea1129a81f536222046cdde2706e30d6f2fb3b9984bace9f40afe2473a4b4ee4e1fb799259ba41101e08b546d55b55ecd52f10296d5ad0dadeba22cf7c250d5f029457c15f95dee91af4ee7ee0ed6f67ff4fc
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 330000001dc31a761624754f8000000000001d
-      Version: 3
-      TBS:
-        MD5: df2a0bc442ef65cd9973329be21c642f
-        SHA1: d13bcda797c6b986a1a45b7ce9184e87ba0f994c
-        SHA256: 41718d172e45eaa02ec88494587672cf50f96a310aebc5b49a66c0adae99edc5
-        SHA384: db7864a35b468726f3d431e07825ae860ddb0d6250b3bd8906f1b0ff98ce7b4c563c73288b01ec8f1ec5a2a06f31bc40
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2012
-      ValidFrom: '2012-04-18 23:48:38'
-      ValidTo: '2027-04-18 23:58:38'
-      Signature: 5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 610baac1000000000009
-      Version: 3
-      TBS:
-        MD5: a569061297e8e824767dbc3184a69bea
-        SHA1: adbb26a587a8f44b4fccaecb306f980d1c55a150
-        SHA256: cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46
-        SHA384: e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba
-    Signer:
-    - SerialNumber: 330000001dc31a761624754f8000000000001d
-      Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2012
-      Version: 1
-  Imphash: 2699b7ae36fcadd71425ebafd231d0d1
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 7bb2dcc29ba50372d08fea800c190f09
-    SHA1: e5c090903a20744ba3583a8ea684d035e8cecc34
-    SHA256: 9dcfd796e244d0687cc35eac9538f209f76c6df12de166f19dbc7d2c47fb16b3
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2012-08-22 03:54:47'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - RtlInitUnicodeString
-  - ZwClose
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ZwMapViewOfSection
-  - MmGetPhysicalAddress
-  - MmAllocateContiguousMemory
-  - ZwUnmapViewOfSection
-  - IoIs32bitProcess
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - IofCompleteRequest
-  - KeDelayExecutionThread
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: f701ddcc7c51919413ddadd351ad2fef
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: fdbc1ff6c9321efd70ec149c3c8ccac6
-    SHA1: d77615c985da37ca9099b27c1be4785c6cb7ccf6
-    SHA256: 4dbce3e8c08dd544b78f87323f6d794fb990bb10cb6d239fe367da87a803f23c
-  SHA1: ca47bab2bea62ff58caea4741bcfbd7f3abb6c5f
-  SHA256: 2d36642135166bbb296624dca878925963c7da785e42e940f02d01beb7c477d5
-  Sections:
-    .text:
-      Entropy: 6.1181571322303645
-      Virtual Size: '0xd66'
-    .rdata:
-      Entropy: 4.313686441268313
-      Virtual Size: '0x188'
-    .data:
-      Entropy: 0.0
-      Virtual Size: '0xc'
-    .pdata:
-      Entropy: 3.3006321366120503
-      Virtual Size: '0x84'
-    INIT:
-      Entropy: 4.548019208277369
-      Virtual Size: '0x24a'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft
-        Windows Hardware Compatibility Publisher
-      ValidFrom: '2014-12-19 19:27:34'
-      ValidTo: '2016-03-19 19:27:34'
-      Signature: 9c8895d0b78e2fb9a8fff5d730270c52de3a7ead8c7e649a21d81298c0a56bed1fb109217ae8b55a5c3a4334ee73203e5d44c03ef843ef2b93621369e7079513d72985c1143d04b5f342dc3a92f554bd1a8a58943c177dda5dd7c3e5280891583cd251dac090051e36faa455e751498657c06ff9f886e6d431b498fce1ea596e21d8bc45c8ad97e2376158c2d18a1f1daaa694fd736ab959c8980358f5f83ccf340fc6594ddeb60587c567e7167ea1129a81f536222046cdde2706e30d6f2fb3b9984bace9f40afe2473a4b4ee4e1fb799259ba41101e08b546d55b55ecd52f10296d5ad0dadeba22cf7c250d5f029457c15f95dee91af4ee7ee0ed6f67ff4fc
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 330000001dc31a761624754f8000000000001d
-      Version: 3
-      TBS:
-        MD5: df2a0bc442ef65cd9973329be21c642f
-        SHA1: d13bcda797c6b986a1a45b7ce9184e87ba0f994c
-        SHA256: 41718d172e45eaa02ec88494587672cf50f96a310aebc5b49a66c0adae99edc5
-        SHA384: db7864a35b468726f3d431e07825ae860ddb0d6250b3bd8906f1b0ff98ce7b4c563c73288b01ec8f1ec5a2a06f31bc40
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2012
-      ValidFrom: '2012-04-18 23:48:38'
-      ValidTo: '2027-04-18 23:58:38'
-      Signature: 5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 610baac1000000000009
-      Version: 3
-      TBS:
-        MD5: a569061297e8e824767dbc3184a69bea
-        SHA1: adbb26a587a8f44b4fccaecb306f980d1c55a150
-        SHA256: cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46
-        SHA384: e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba
-    Signer:
-    - SerialNumber: 330000001dc31a761624754f8000000000001d
-      Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2012
-      Version: 1
-  Imphash: d7de998e454f947f62d4a6b66490563b
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: d593aec08f96fe410f7a6b53e49551a0
-    SHA1: 2ea631bfe3fd765e3a03b3165790faf8fdd8286b
-    SHA256: 906d8412b357379db9512e3f584fcda1f788acc1337e5b4d4eff5e6fa59324a6
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2007-12-17 02:11:49'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: AsIO64.sys
-  ImportedFunctions:
-  - ZwClose
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeDelayExecutionThread
-  - IofCompleteRequest
-  - ZwUnmapViewOfSection
-  - IoIs32bitProcess
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - IoDeleteSymbolicLink
-  - DbgPrint
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: 8065a7659562005127673ac52898675f
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ASUSTeK Computer Inc.
-  RichPEHeaderHash:
-    MD5: 59080883b71fd56bbf10ec0ae4b6bdd4
-    SHA1: 503a36a225568553cc9b05f63b3506c6ff21e12e
-    SHA256: bc812d4ddc3ecfbf38c4d0d185e368fc58bac6e07f722db032bf6303daa7c946
-  SHA1: fcde5275ee1913509927ce5f0f85e6681064c9d2
-  SHA256: b48a309ee0960da3caaaaf1e794e8c409993aeb3a2b64809f36b97aac8a1e62a
-  Sections:
-    .text:
-      Entropy: 6.269179908398606
-      Virtual Size: '0x106c'
-    .rdata:
-      Entropy: 4.398778967999751
-      Virtual Size: '0x19c'
-    .data:
-      Entropy: 0.0
-      Virtual Size: '0xc'
-    .pdata:
-      Entropy: 3.2766921576186183
-      Virtual Size: '0x84'
-    INIT:
-      Entropy: 4.419041794725205
-      Virtual Size: '0x218'
-  Signature:
-  - ASUSTeK Computer Inc.
-  - VeriSign Class 3 Code Signing 2004 CA
-  - VeriSign Class 3 Public Primary CA
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=TW, ST=Taiwan, L=Taipei / Peitou, O=ASUSTeK Computer Inc., OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=Quality Testing Department,
-        CN=ASUSTeK Computer Inc.
-      ValidFrom: '2007-07-03 00:00:00'
-      ValidTo: '2008-07-26 23:59:59'
-      Signature: 2eca2db768d60f241f8c155b9db4bc91a02d16a3f1ec09059aa3b91a4ee0e44317d1f286d12133f44f4b282141287a8b9a3781b46184f732a599edb622e6057156d99221a130091c9f171f1a5f75125a68270d5c21ac379541136b8bf164a0ee6c9b9f5557754ea940f1c836e6d823528d764aaa41b038d84523e395c0ada5e17fea7912a0d10aa807fc0b89d4d116b92dbfc7028f1a23d5d679ac9a1023952a2cf98940ad5cc16bd9381403751ebd52c892205205d51d72b2a83ddb92547fce93e2b6617a42c7249312344ee0b9184859e8b1dd39bd5e61ab5999cbc8aa8807c8538c1926e49a9bbc29dcdf266a603c85f8df773c9659bcf08ffe2ba0f1cfa5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 23eab3ac30c7016a299c8d31d99f3ae8
-      Version: 3
-      TBS:
-        MD5: 54f73eaca10fe12ff2e14194e2f019b8
-        SHA1: 471cb77202e7d4941a5bff8ba813f5ed221dc32e
-        SHA256: 9dba2d4765226ca91fb7104e0cbd01308c4e8ed9727ea661eeaa473d7825ee35
-        SHA384: 272d877ad02e5487a0864e4d876a9e06fea5ead9cd149e7a48c4f111cfa8dc2f05f1042f2822b42360896da334e6390d
-    Signer:
-    - SerialNumber: 23eab3ac30c7016a299c8d31d99f3ae8
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  Imphash: 5662b51943d85b7ca47a99cac81af985
-  LoadsDespiteHVCI: 'FALSE'
-Tags:
-- asio.sys
-- AsIO32.sys
-- AsIO3.sys
-- AsIO3_64.sys
-- AsIO2.sys
\ No newline at end of file
+-   Filename: asio.sys
+    MD5: bedc99bbcedaf89e2ee1aa574c5a2fa4
+    SHA1: 160a237295a9e5cbb64ca686a84e47553a14f71d
+    SHA256: 0ee5067ce48883701824c5b1ad91695998916a3702cf8086962fbe58af74b2d6
+    Authentihash:
+        MD5: 7bb2dcc29ba50372d08fea800c190f09
+        SHA1: e5c090903a20744ba3583a8ea684d035e8cecc34
+        SHA256: 9dcfd796e244d0687cc35eac9538f209f76c6df12de166f19dbc7d2c47fb16b3
+    Description: ''
+    Company: ''
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    Product: ''
+    ProductVersion: ''
+    Copyright: ''
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - RtlInitUnicodeString
+    - ZwClose
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - ZwMapViewOfSection
+    - MmGetPhysicalAddress
+    - MmAllocateContiguousMemory
+    - ZwUnmapViewOfSection
+    - IoIs32bitProcess
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - IofCompleteRequest
+    - KeDelayExecutionThread
+    - HalTranslateBusAddress
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR,
+                CN=Microsoft Windows Hardware Compatibility Publisher
+            ValidFrom: '2014-12-19 19:27:34'
+            ValidTo: '2016-03-19 19:27:34'
+            Signature: 9c8895d0b78e2fb9a8fff5d730270c52de3a7ead8c7e649a21d81298c0a56bed1fb109217ae8b55a5c3a4334ee73203e5d44c03ef843ef2b93621369e7079513d72985c1143d04b5f342dc3a92f554bd1a8a58943c177dda5dd7c3e5280891583cd251dac090051e36faa455e751498657c06ff9f886e6d431b498fce1ea596e21d8bc45c8ad97e2376158c2d18a1f1daaa694fd736ab959c8980358f5f83ccf340fc6594ddeb60587c567e7167ea1129a81f536222046cdde2706e30d6f2fb3b9984bace9f40afe2473a4b4ee4e1fb799259ba41101e08b546d55b55ecd52f10296d5ad0dadeba22cf7c250d5f029457c15f95dee91af4ee7ee0ed6f67ff4fc
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 330000001dc31a761624754f8000000000001d
+            Version: 3
+            TBS:
+                MD5: df2a0bc442ef65cd9973329be21c642f
+                SHA1: d13bcda797c6b986a1a45b7ce9184e87ba0f994c
+                SHA256: 41718d172e45eaa02ec88494587672cf50f96a310aebc5b49a66c0adae99edc5
+                SHA384: db7864a35b468726f3d431e07825ae860ddb0d6250b3bd8906f1b0ff98ce7b4c563c73288b01ec8f1ec5a2a06f31bc40
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2012
+            ValidFrom: '2012-04-18 23:48:38'
+            ValidTo: '2027-04-18 23:58:38'
+            Signature: 5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 610baac1000000000009
+            Version: 3
+            TBS:
+                MD5: a569061297e8e824767dbc3184a69bea
+                SHA1: adbb26a587a8f44b4fccaecb306f980d1c55a150
+                SHA256: cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46
+                SHA384: e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba
+        Signer:
+        -   SerialNumber: 330000001dc31a761624754f8000000000001d
+            Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2012
+            Version: 1
+    RichPEHeaderHash:
+        MD5: fdbc1ff6c9321efd70ec149c3c8ccac6
+        SHA1: d77615c985da37ca9099b27c1be4785c6cb7ccf6
+        SHA256: 4dbce3e8c08dd544b78f87323f6d794fb990bb10cb6d239fe367da87a803f23c
+    Sections:
+        .text:
+            Entropy: 6.1181571322303645
+            Virtual Size: '0xd66'
+        .rdata:
+            Entropy: 4.313686441268313
+            Virtual Size: '0x188'
+        .data:
+            Entropy: 0.0
+            Virtual Size: '0xc'
+        .pdata:
+            Entropy: 3.3006321366120503
+            Virtual Size: '0x84'
+        INIT:
+            Entropy: 4.548019208277369
+            Virtual Size: '0x24a'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2012-08-22 03:54:47'
+    Imphash: d7de998e454f947f62d4a6b66490563b
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: AsIO32.sys
+    MD5: 2ca1044a04cb2f0ce5bd0a5832981e04
+    SHA1: 8b86c99328e4eb542663164685c6926e7e54ac20
+    SHA256: 1afa03118f87b62c59a97617e595ebb26dde8dbdd16ee47ef3ddd1097c30ef6a
+    Authentihash:
+        MD5: 3824dd56459d29ffc5d4bb51d7123778
+        SHA1: 5a7dd0da0aee0bdedc14c1b7831b9ce9178a0346
+        SHA256: 92edd48dfac025d4069eb6491b9730d9d131b77cceaa480af9b3c32bc8c5e3a9
+    Description: ''
+    Company: ''
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    Product: ''
+    ProductVersion: ''
+    Copyright: ''
+    MachineType: I386
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - ZwClose
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - WRITE_REGISTER_ULONG
+    - MmAllocateContiguousMemory
+    - IofCompleteRequest
+    - ZwUnmapViewOfSection
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeTickCount
+    - WRITE_REGISTER_USHORT
+    - WRITE_REGISTER_UCHAR
+    - READ_REGISTER_ULONG
+    - READ_REGISTER_USHORT
+    - READ_REGISTER_UCHAR
+    - KeQuerySystemTime
+    - MmGetPhysicalAddress
+    - KeDelayExecutionThread
+    - WRITE_PORT_USHORT
+    - WRITE_PORT_UCHAR
+    - HalTranslateBusAddress
+    - READ_PORT_ULONG
+    - READ_PORT_USHORT
+    - READ_PORT_UCHAR
+    - WRITE_PORT_ULONG
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR,
+                CN=Microsoft Windows Hardware Compatibility Publisher
+            ValidFrom: '2014-12-19 19:27:34'
+            ValidTo: '2016-03-19 19:27:34'
+            Signature: 9c8895d0b78e2fb9a8fff5d730270c52de3a7ead8c7e649a21d81298c0a56bed1fb109217ae8b55a5c3a4334ee73203e5d44c03ef843ef2b93621369e7079513d72985c1143d04b5f342dc3a92f554bd1a8a58943c177dda5dd7c3e5280891583cd251dac090051e36faa455e751498657c06ff9f886e6d431b498fce1ea596e21d8bc45c8ad97e2376158c2d18a1f1daaa694fd736ab959c8980358f5f83ccf340fc6594ddeb60587c567e7167ea1129a81f536222046cdde2706e30d6f2fb3b9984bace9f40afe2473a4b4ee4e1fb799259ba41101e08b546d55b55ecd52f10296d5ad0dadeba22cf7c250d5f029457c15f95dee91af4ee7ee0ed6f67ff4fc
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 330000001dc31a761624754f8000000000001d
+            Version: 3
+            TBS:
+                MD5: df2a0bc442ef65cd9973329be21c642f
+                SHA1: d13bcda797c6b986a1a45b7ce9184e87ba0f994c
+                SHA256: 41718d172e45eaa02ec88494587672cf50f96a310aebc5b49a66c0adae99edc5
+                SHA384: db7864a35b468726f3d431e07825ae860ddb0d6250b3bd8906f1b0ff98ce7b4c563c73288b01ec8f1ec5a2a06f31bc40
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2012
+            ValidFrom: '2012-04-18 23:48:38'
+            ValidTo: '2027-04-18 23:58:38'
+            Signature: 5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 610baac1000000000009
+            Version: 3
+            TBS:
+                MD5: a569061297e8e824767dbc3184a69bea
+                SHA1: adbb26a587a8f44b4fccaecb306f980d1c55a150
+                SHA256: cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46
+                SHA384: e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba
+        Signer:
+        -   SerialNumber: 330000001dc31a761624754f8000000000001d
+            Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2012
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 432a6583ab7bafb3773874586c68db85
+        SHA1: bb0833dab5efdcbfcad58fe4e9a35fc31de53442
+        SHA256: 1dffaf610cdef8285f0794d34bc503106b06dbe14d99da734436265b9461f6c9
+    Sections:
+        .text:
+            Entropy: 6.23937613305102
+            Virtual Size: '0x8ad'
+        .rdata:
+            Entropy: 4.36827815837928
+            Virtual Size: '0xe7'
+        .data:
+            Entropy: 1.311278124459133
+            Virtual Size: '0x10'
+        INIT:
+            Entropy: 5.344545644500133
+            Virtual Size: '0x370'
+        .reloc:
+            Entropy: 3.6862767817925604
+            Virtual Size: '0xc6'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2012-08-22 03:54:43'
+    Imphash: 2699b7ae36fcadd71425ebafd231d0d1
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: AsIO3.sys
+    MD5: 40f39a98fb513411dacdfc5b2d972206
+    SHA1: fe02ae340dc7fe08e4ad26dab9de418924e21603
+    SHA256: 26453afb1f808f64bec87a2532a9361b696c0ed501d6b973a1f1b5ae152a4d40
+    Authentihash:
+        MD5: 8c33214968ec9043fa1c6abf1911e06d
+        SHA1: 3075f1fc419a62544b291d02e9067783cb0fd1f3
+        SHA256: 5aa7a47c7abaf13453b8ab309ef16bdd80ceaf7407e67fa27932d4591f025d67
+    Description: ''
+    Company: ''
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    Product: ''
+    ProductVersion: ''
+    Copyright: ''
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - DbgPrint
+    - RtlGetVersion
+    - KeDelayExecutionThread
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - MmGetSystemRoutineAddress
+    - MmAllocateContiguousMemory
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - RtlCopyUnicodeString
+    - ObReferenceObjectByHandle
+    - ObfDereferenceObject
+    - ZwClose
+    - ZwOpenSection
+    - ZwMapViewOfSection
+    - ZwUnmapViewOfSection
+    - MmGetPhysicalAddress
+    - __C_specific_handler
+    - ZwOpenFile
+    - ZwQueryInformationFile
+    - ZwReadFile
+    - KeBugCheckEx
+    - IoIs32bitProcess
+    - RtlInitUnicodeString
+    - HalTranslateBusAddress
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert, Inc., CN=DigiCert Timestamp 2021
+            ValidFrom: '2021-01-01 00:00:00'
+            ValidTo: '2031-01-06 00:00:00'
+            Signature: 481cdcb5e99a23bce71ae7200e8e6746fd427251740a2347a3ab92d225c47059be14a0e52781a54d1415190779f0d104c386d93bbdfe4402664ded69a40ff6b870cf62e8f5514a7879367a27b7f3e7529f93a7ed439e7be7b4dd412289fb87a246034efcf4feb76477635f2352698382fa1a53ed90cc8da117730df4f36539704bf39cd67a7bda0cbc3d32d01bcbf561fc75080076bc810ef8c0e15ccfc41172e71b6449d8229a751542f52d323881daf460a2bab452fb5ce06124254fb2dfc929a8734351dabd63d61f5b9bf72e1b4f131df74a0d717e97b7f43f84ebc1e3a349a1facea7bf56cfba597661895f7ea7b48e6778f93698e1cb28da5b87a68a2f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 0d424ae0be3a88ff604021ce1400f0dd
+            Version: 3
+            TBS:
+                MD5: c0189c338449a42fe8358c2c1fbecc60
+                SHA1: b8ac0ee6875594b80ad86a6df6dd1fa3048c187c
+                SHA256: a43de6baf968a942da017b70769fdb65b3cfb1bbca1f9174da26a7d8aae78ec5
+                SHA384: 76d3a316a5a106050298418cce3beea16100524723d9e3220b0de51bfb6f1c35a5d4c7cd10b358fef7bf94c3e3562150
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Assured
+                ID Timestamping CA
+            ValidFrom: '2016-01-07 12:00:00'
+            ValidTo: '2031-01-07 12:00:00'
+            Signature: 719512e951875669cdefddda7caa637ab378cf06374084ef4b84bfcacf0302fdc5a7c30e20422caf77f32b1f0c215a2ab705341d6aae99f827a266bf09aa60df76a43a930ff8b2d1d87c1962e85e82251ec4ba1c7b2c21e2d65b2c1435430468b2db7502e072c798d63c64e51f4810185f8938614d62462487638c91522caf2989e5781fd60b14a580d7124770b375d59385937eb69267fb536189a8f56b96c0f458690d7cc801b1b92875b7996385228c61ca79947e59fc8c0fe36fb50126b66ca5ee875121e458609bba0c2d2b6da2c47ebbc4252b4702087c49ae13b6e17c424228c61856cf4134b6665db6747bf55633222f2236b24ba24a95d8f5a68e52
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 0aa125d6d6321b7e41e405da3697c215
+            Version: 3
+            TBS:
+                MD5: 8d26184fc613f89aba1cefb30fce1b53
+                SHA1: 63a7e376bad5ec2e419d514a403bcf46c8d31d95
+                SHA256: 56b5f0d9db578e3f142921daa387902722a76700375c7e1c4ae0ba004bacaa0c
+                SHA384: d8c9691fe9dbe182f07b49b07fbb4f589fa7b38b5c4d21f265d3a2e818f4b1bfb39e03faab2ec05bb10333a99914fb8a
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: ??=TW, ??=Private Organization, serialNumber=23638777, C=TW,
+                L=Taipei City, O=ASUSTeK Computer Inc., CN=ASUSTeK Computer Inc.
+            ValidFrom: '2019-04-01 00:00:00'
+            ValidTo: '2022-01-11 12:00:00'
+            Signature: 646eaa59a80117077ed7d80227a6c3be77f3d9acdc0927d1299369e5636dbb773b61e91390d181178f88e5b92c7cc0c1b851541ee781380f7ac0425fea8a292a9cf93c7f851701db11dd13c8c0e97fd254839b81fdfd7e0a9a520c43186f4c834daa920b8a8e7ddd0048a55a5b7034675394a914b91258751c59b6d9d60ce1d17565fbdcd99311bcbe7e386807ecc186248ddbbb4bae2e4192a0509d661cd307c28a79c6b914854728463b7b39515869858c4975e0fbdd74188afa81c729682705f73bf80e839897b1d61d8deeabb53744e938b4b918fced39ca7dff3076c7f2dca4ddda8621a81fc493480456966901e29041821b116294bc98b445ebb05c33
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 0c64962e4467edcc1579646b7337ec8c
+            Version: 3
+            TBS:
+                MD5: 69796942ecdfadbd806bdea1460a5115
+                SHA1: 0ce9329828324db04bd0a7b101b4fbfedb3be8b2
+                SHA256: efd9b83b154c3e805e1bf7fdfd6a7f7bfdcf2ff3e191d1c33bdc427b6c82039b
+                SHA384: e27d21dc30c40e7b675120062e69c438e9f448ceed7b0434dedd129848c6a8edf05ec07ac25f5ec300be0da46a4c6eab
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA (SHA2)
+            ValidFrom: '2012-04-18 12:00:00'
+            ValidTo: '2027-04-18 12:00:00'
+            Signature: 19334a0c813337dbad36c9e4c93abbb51b2e7aa2e2f44342179ebf4ea14de1b1dbe981dd9f01f2e488d5e9fe09fd21c1ec5d80d2f0d6c143c2fe772bdbf9d79133ce6cd5b2193be62ed6c9934f88408ecde1f57ef10fc6595672e8eb6a41bd1cd546d57c49ca663815c1bfe091707787dcc98d31c90c29a233ed8de287cd898d3f1bffd5e01a978b7cda6dfba8c6b23a666b7b01b3cdd8a634ec1201ab9558a5c45357a860e6e70212a0b92364a24dbb7c81256421becfee42184397bba53706af4dff26a54d614bec4641b865ceb8799e08960b818c8a3b8fc7998ca32a6e986d5e61c696b78ab9612d93b8eb0e0443d7f5fea6f062d4996aa5c1c1f0649480
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 03f1b4e15f3a82f1149678b3d7d8475c
+            Version: 3
+            TBS:
+                MD5: 83f5de89f641d0fbf60248e10a7b9534
+                SHA1: 382a73a059a08698d6eb98c87e1b36fc750933a4
+                SHA256: eec58131dc11cd7f512501b15fdbc6074c603b68ca91f7162d5a042054edb0cf
+                SHA384: 4a25018683cabfb8ec2cad136334f37f33c89aa8540326322991d997c8adfb7faf06ab602ebd46630fe75fe3d2edc6b1
+        Signer:
+        -   SerialNumber: 0c64962e4467edcc1579646b7337ec8c
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA (SHA2)
+            Version: 1
+    RichPEHeaderHash:
+        MD5: bd657195a5248af37c088ce8712464a4
+        SHA1: 0bf831fc65d253f731f72b7f46c099ddcab406a2
+        SHA256: 7affe0e940b8c0536ddeef345f02a37077919e88f16b182663de8c7dd947e46c
+    Sections:
+        .text:
+            Entropy: 6.325844334310556
+            Virtual Size: '0x47f3'
+        .rdata:
+            Entropy: 5.476061155646105
+            Virtual Size: '0x84c'
+        .data:
+            Entropy: 0.9352337914257391
+            Virtual Size: '0x290'
+        .pdata:
+            Entropy: 3.923736262912225
+            Virtual Size: '0x174'
+        INIT:
+            Entropy: 5.255268621688079
+            Virtual Size: '0x42c'
+        .reloc:
+            Entropy: 2.9464393446710155
+            Virtual Size: '0x14'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2021-09-29 04:05:28'
+    Imphash: f5ebade1d3a6d3bde264b0c7f9f639e7
+    LoadsDespiteHVCI: 'TRUE'
+-   Filename: AsIO3.sys
+    MD5: 19f32bf24b725f103f49dc3fa2f4f0bd
+    SHA1: e40ea8d498328b90c4afbb0bb0e8b91b826f688e
+    SHA256: 2d195cd4400754cc6f6c3f8ab1fe31627932c3c1bf8d5d0507c292232d1a2396
+    Authentihash:
+        MD5: cf61dd8f9a187de6219f930866defcbd
+        SHA1: 80bb26a2ef12a3d9d77fe5dd6059d5955b690b2e
+        SHA256: a7bb08f99a9701482ce693d71e95559b10a247c4e8f50deba8097b0d3f191532
+    Description: ''
+    Company: ''
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    Product: ''
+    ProductVersion: ''
+    Copyright: ''
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - KeSetEvent
+    - KeDelayExecutionThread
+    - KeWaitForSingleObject
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - MmGetSystemRoutineAddress
+    - MmAllocateContiguousMemory
+    - MmFreeContiguousMemory
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoCreateSynchronizationEvent
+    - IoDeleteDevice
+    - RtlGetVersion
+    - IoIs32bitProcess
+    - ObReferenceObjectByHandle
+    - ObfDereferenceObject
+    - ZwClose
+    - ZwOpenSection
+    - ZwMapViewOfSection
+    - ZwUnmapViewOfSection
+    - MmGetPhysicalAddress
+    - __C_specific_handler
+    - ZwOpenFile
+    - ZwQueryInformationFile
+    - ZwReadFile
+    - KeBugCheckEx
+    - DbgPrint
+    - RtlCopyUnicodeString
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    - HalTranslateBusAddress
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert, Inc., CN=DigiCert Trusted G4 Code Signing RSA4096
+                SHA384 2021 CA1
+            ValidFrom: '2021-04-29 00:00:00'
+            ValidTo: '2036-04-28 23:59:59'
+            Signature: 3a23443d8d0876ee8fbc3a99d356e0021aa5f84834f32cb6e67466f79472b100caaf6c302713129e90449f4bfd9ea37c26d537bc3a5d486d95d53f49f427bb16814550fd9cbdb685e0767e3771cb22f75aaa90cff5936ae3eb20d1d55079889a8a8ac1b6bda148187edcd8801a111918cd61998156f6c9e376e7c4e41b5f43f83e94ff76393d9ed499cf4add28eb5f26a1955848d51afed7273ffd90d17686dd1cb0605cf30da8eee089a1bd39e1384eda6ebb369dfbe521535ac3cae96af1a23edb43b833c84f38149299f5ddce546dd95d02141f40337c03e295b2c221757352cb46d8c4341ca2a54b8dcd6f76372c853f1ace26e918be9007b0437f9588208270f0cccaeffd29355c1f893855f7378a8b09a1cb0be9311aff2e195c3971e1be9ca70a06d62667b792e64e5fde7aac49cf2ea47492addb3ca49c861fe3c1561b2b23ff8fb5ea887b706be6a0bafd3a3f45a6c4e81691528b41c048844b964dab4440e38df01528ceedf11856072a2f10c40c08643c338fae288c3ccb8f880b0dbf3bf4ce1e7b8eefb5ebcbb7f07713e6e7283fac12aea52f226c41f9825c1566cc6c0ecac586c3f626330c074ba0d307026a6a4030484b34a85120bbad1b8508e2590d6dca05502bea4a1c9ea5fda0a71f0674e7f2d65290fdaf854821f9573bb49c03ed8645f4b4616ebf68e2266086eac8afa9fe941de7631b3a8656784e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.12
+            IsCertificateAuthority: true
+            SerialNumber: 08ad40b260d29c4c9f5ecda9bd93aed9
+            Version: 3
+            TBS:
+                MD5: 5d8003a64dfa5a4d88365da1566038cb
+                SHA1: 79465b56bc7ad55a37bdf633943da8bfc84db228
+                SHA256: 84bdc82e2f2a7f7aaa782667dac556ffcb2b33240c1f9c0a00a3264526a98332
+                SHA384: 65b1d4076a89ae273f57e6eeedecb3eae129b4168f76fa7671914cdf461d542255c59d9b85b916ae0ca6fc0fcf7a8e64
+        -   Subject: ??=Private Organization, ??=TW, serialNumber=23638777, C=TW,
+                ST=Taipei City, L=Beitou District, O=ASUSTeK COMPUTER INC., CN=ASUSTeK
+                COMPUTER INC.
+            ValidFrom: '2021-10-22 00:00:00'
+            ValidTo: '2024-10-22 23:59:59'
+            Signature: 1a8b6fd4e11cec34a3dfea314f0d59c6f41c56f76e1ac51f68e0285f1abdbda9e22628939dbd7acdf890d8ff3c7c4fff180c624b8434c6536bb61f1ff459d48a14c001d9d40ff1587cf64ce82edee2a24da8d80cd240e2af6d0e1c61aab24ce95f9c8ef50eeb0e153a343c1279fe6a003c44f3bd3ffa75ffbe314fc13bb36a9bbb3cea6026f5cb582992b016059074e4fcd8c16d4c5e8750bc9a196f94525317febcddb2d0121a235bb95136a0e4fc25611cd2915f4b488b66888168b90824e171d3214480c99fadb7b6c89cafc500eee468cb7faa9c1c1526d224ff389de012480480ced98831c324b129f2df3d3493d002ec8d4725e00eda33994f82493505861f61035c625d1c9ce2c7363799d3f1df9b17712b43cbf4c2027b54c796cbaca6b1523d028291e07774168a976ee3c879c850c1aaf65b1cec5c6dcb445487ab11b3967b8dd7726fe0dc529f7d624346a996adfd9dc6aab808edd9836a93e229ddbba4e8bb1c59719b6ebdcfc74d73f57ed946e936b5659783c199395bd2595458958edde6674bf08b3b650a8aeaa5507053b3f6ee7aedf16f55b849111535ca68ea11a5827551cba28023e230db7a209c763743ea22be0948ecf03d98ed447f66ecb97c0a525eb3b469779f2417f2082c4244b50936a9cb215745c71f3c27c98220f76395ba22a2f921a87655237977febd8b9a1564333af0cdf8e749bce0dd
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 0bbe02c8838fbf02ab56edabb1e34c19
+            Version: 3
+            TBS:
+                MD5: 0357e292e0e92b06c92b21cacfcfa451
+                SHA1: f52795bc8de5d803f09e20dd216d7df861f4cb34
+                SHA256: b33b80e64cdfb28fb9afb17259be19ffe1edf8aae62fcfbfe8ff301f786c500d
+                SHA384: 5fbe918c3fa1034d5671ae38b20773df18b8f9dd48e60f90c5c98708e73d6ca0c6dec4e2bcb0de22ba3efb59479db152
+        Signer:
+        -   SerialNumber: 0bbe02c8838fbf02ab56edabb1e34c19
+            Issuer: C=US, O=DigiCert, Inc., CN=DigiCert Trusted G4 Code Signing RSA4096
+                SHA384 2021 CA1
+            Version: 1
+    RichPEHeaderHash:
+        MD5: dbe8b55f933a7abbc26d9f121bbf2b84
+        SHA1: 81e0e90f23b7d56dd1dccbbe04bb3c54892af7b8
+        SHA256: 270748ae970faf04f98d588b783073c9b24e3dae8630ad2e3f1a862731078f4b
+    Sections:
+        .text:
+            Entropy: 6.407232131831549
+            Virtual Size: '0x58d3'
+        .rdata:
+            Entropy: 5.437107960063165
+            Virtual Size: '0x8d4'
+        .data:
+            Entropy: 0.9313275414257391
+            Virtual Size: '0x290'
+        .pdata:
+            Entropy: 4.005604411589105
+            Virtual Size: '0x1bc'
+        INIT:
+            Entropy: 5.265885086539526
+            Virtual Size: '0x4ec'
+        .reloc:
+            Entropy: 3.1086949695628423
+            Virtual Size: '0x14'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2022-05-18 20:51:01'
+    Imphash: b3e26c5e0de2d01597dca208ef27cc38
+    LoadsDespiteHVCI: 'TRUE'
+-   Filename: asio.sys
+    MD5: bfe96411cf67edb3cee2b9894b910cd5
+    SHA1: 67dfd415c729705396ce54166bd70faf09ac7f10
+    SHA256: 48891874441c6fa69e5518d98c53d83b723573e280c6c65ccfbde9039a6458c9
+    Authentihash:
+        MD5: 3824dd56459d29ffc5d4bb51d7123778
+        SHA1: 5a7dd0da0aee0bdedc14c1b7831b9ce9178a0346
+        SHA256: 92edd48dfac025d4069eb6491b9730d9d131b77cceaa480af9b3c32bc8c5e3a9
+    Description: ''
+    Company: ''
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    Product: ''
+    ProductVersion: ''
+    Copyright: ''
+    MachineType: I386
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - ZwClose
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - WRITE_REGISTER_ULONG
+    - MmAllocateContiguousMemory
+    - IofCompleteRequest
+    - ZwUnmapViewOfSection
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeTickCount
+    - WRITE_REGISTER_USHORT
+    - WRITE_REGISTER_UCHAR
+    - READ_REGISTER_ULONG
+    - READ_REGISTER_USHORT
+    - READ_REGISTER_UCHAR
+    - KeQuerySystemTime
+    - MmGetPhysicalAddress
+    - KeDelayExecutionThread
+    - WRITE_PORT_USHORT
+    - WRITE_PORT_UCHAR
+    - HalTranslateBusAddress
+    - READ_PORT_ULONG
+    - READ_PORT_USHORT
+    - READ_PORT_UCHAR
+    - WRITE_PORT_ULONG
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G3
+            ValidFrom: '2012-05-01 00:00:00'
+            ValidTo: '2012-12-31 23:59:59'
+            Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
+            Version: 3
+            TBS:
+                MD5: e6d820afb23af20a65cf0b03247ea05e
+                SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
+                SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
+                SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=TW, ST=Taiwan, L=Taipei / Peitou, O=ASUSTeK Computer Inc.,
+                OU=Digital ID Class 3 , Microsoft Software Validation v2, OU=Quality
+                Testing Department, CN=ASUSTeK Computer Inc.
+            ValidFrom: '2012-07-31 00:00:00'
+            ValidTo: '2015-08-03 23:59:59'
+            Signature: 03cd161c1960e13d0b06441f08fdfc9df8319f8d87a83ecc865bc20767841d4087e40dc9d770bdc5c0fe6ccb9cf3e08bee7364451b03fb3130356761cae54417e8a282ed7cd33b0becd72e8799b616a2766976a7172a1cc299e8321ebeb479f592e03f425da4b2ea6a0cd0b5cc32b9bdeec80aa3ef0a62d6e16b72765301d53ef883ab9210a4b868ff2e2724e37804feb5277d3e26da8ba9d0b6ef61769d1c0f62a78757779d7134a63320b1a692584f12162d3fa20ec6e1b038b1a8d7afc2fad7b692759c6a000159714271f40d608fed3c08213b757fa75baf4674380f5aea46b7125f17532c636876c1f3e0d4b0350822f2a640001fda794b969e2cc681c2
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 7d08d9bc130726de26ee4ef28e133084
+            Version: 3
+            TBS:
+                MD5: 72cafb0a175f0481177fa2c9803283c7
+                SHA1: b603167b958c5fcd7094552891ddc4e2ea4c149f
+                SHA256: a36a0024075771a4b30eab8f1288817059fe1a01003d0c1d92f647df17f3b688
+                SHA384: 33c28dc6857ce5d20a2e9ba8a47f6bc80a9a98fba518fd732963bedbbb408848b89b3d8438d413f8b933ee761ffa1653
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 7d08d9bc130726de26ee4ef28e133084
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 432a6583ab7bafb3773874586c68db85
+        SHA1: bb0833dab5efdcbfcad58fe4e9a35fc31de53442
+        SHA256: 1dffaf610cdef8285f0794d34bc503106b06dbe14d99da734436265b9461f6c9
+    Sections:
+        .text:
+            Entropy: 6.23937613305102
+            Virtual Size: '0x8ad'
+        .rdata:
+            Entropy: 4.36827815837928
+            Virtual Size: '0xe7'
+        .data:
+            Entropy: 1.311278124459133
+            Virtual Size: '0x10'
+        INIT:
+            Entropy: 5.344545644500133
+            Virtual Size: '0x370'
+        .reloc:
+            Entropy: 3.6862767817925604
+            Virtual Size: '0xc6'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2012-08-22 03:54:43'
+    Imphash: 2699b7ae36fcadd71425ebafd231d0d1
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: asio.sys
+    MD5: ea14899d1bfba397bc731770765768d1
+    SHA1: c775ca665ed4858acc3f7e75e025cbbda1f8c687
+    SHA256: 506f953bbb285aeb8af0549eb24f52f3b7af36afe740afa36735bac70573ce28
+    Authentihash:
+        MD5: 9fd03554246c6c74c232919c680d7be8
+        SHA1: b25550309c902a21b03367ae27694c5a29b891b5
+        SHA256: c3e3719ca592ba65a67f594ec1a08d0d7ad724b088be77d48cb33627c56f4614
+    Description: ''
+    Company: ''
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    Product: ''
+    ProductVersion: ''
+    Copyright: ''
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - ZwClose
+    - MmGetPhysicalAddress
+    - MmAllocateContiguousMemory
+    - ZwUnmapViewOfSection
+    - IoIs32bitProcess
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - IofCompleteRequest
+    - KeDelayExecutionThread
+    - HalTranslateBusAddress
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=California, L=Santa Clara, O=NVIDIA Corporation, OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, OU=Software, CN=NVIDIA
+                Corporation
+            ValidFrom: '2011-09-02 00:00:00'
+            ValidTo: '2014-09-01 23:59:59'
+            Signature: 5238793a97b2868da546597dbe0a1fba197ae635b9f53b53e26758194d749767e05fb1ce407fd31469376b37c67d5d48bc834f970ac733cd63d557e8a3be20a1fbf9d09e7a5c6c4ebd6fc18a68d0842d2ffdf6f79142d914c6521d227014040fa12f2afb3878aa065cfbed7fa29091b4fe54ea6237a0e1f8f183d0573ebb5bfe712cee4c49bd0b2f40c33bfcf0c7de0bc51ce01a70d14072d4d01216f36e388159220a4d8e3250ddccd71c7ef8a93a26edda2e959b598703a85fa391630e052454e31390dd82d69afee5df2f287bdce8f45f6363c27e6e23ab92faefc7e8d78c10cc1f936f33c36a134cb8820b5749ff479f70834bd99d8e15ad79a1cb3d7ebf
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 43bb437d609866286dd839e1d00309f5
+            Version: 3
+            TBS:
+                MD5: cef292b5c6cdb07e480ccbba0c9d56d1
+                SHA1: 15c37dbebe6fcc77108e3d7ad982676d3d5e77f7
+                SHA256: 3cb152375fa9e694fd2f9167c382005166871c783774997df1a42e0b6013d82a
+                SHA384: e64427dea71a71110ebc317f3552cd7193c5743f72d5cac9257abe80346d15ee42930d5a85e16c02ea06f56c7e8811fb
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 43bb437d609866286dd839e1d00309f5
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: fdbc1ff6c9321efd70ec149c3c8ccac6
+        SHA1: d77615c985da37ca9099b27c1be4785c6cb7ccf6
+        SHA256: 4dbce3e8c08dd544b78f87323f6d794fb990bb10cb6d239fe367da87a803f23c
+    Sections:
+        .text:
+            Entropy: 6.108859458208728
+            Virtual Size: '0xd86'
+        .rdata:
+            Entropy: 4.337980114178664
+            Virtual Size: '0x188'
+        .data:
+            Entropy: 0.0
+            Virtual Size: '0xc'
+        .pdata:
+            Entropy: 3.2608964358708645
+            Virtual Size: '0x84'
+        INIT:
+            Entropy: 4.571215641554434
+            Virtual Size: '0x24a'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2010-06-27 23:19:38'
+    Imphash: b4b90c1b054ebe273bff4b2fd6927990
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: AsIO2.sys
+    MD5: 09672532194b4bff5e0f7a7d782c7bf2
+    SHA1: aa2ea973bb248b18973e57339307cfb8d309f687
+    SHA256: 5ae23f1fcf3fb735fcf1fa27f27e610d9945d668a149c7b7b0c84ffd6409d99a
+    Authentihash:
+        MD5: 9387de920b7da0bd65f15323feed6a18
+        SHA1: 92fee95e32a727d135f1f46ca98c201fffbf6950
+        SHA256: 9c7ad854f6670452d7da064d4b429eb90c42155b6f7eaa52ee471d9ee8b61e6f
+    Description: ''
+    Company: ''
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    Product: ''
+    ProductVersion: ''
+    Copyright: ''
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - DbgPrint
+    - KeDelayExecutionThread
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - MmGetSystemRoutineAddress
+    - MmAllocateContiguousMemory
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - IoIs32bitProcess
+    - RtlCopyUnicodeString
+    - ObfDereferenceObject
+    - ZwClose
+    - ZwOpenSection
+    - ZwMapViewOfSection
+    - ZwUnmapViewOfSection
+    - MmGetPhysicalAddress
+    - RtlCompareUnicodeString
+    - ZwOpenFile
+    - ZwQueryInformationFile
+    - ZwReadFile
+    - __C_specific_handler
+    - KeBugCheckEx
+    - ObReferenceObjectByHandle
+    - RtlInitUnicodeString
+    - HalTranslateBusAddress
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: ??=TW, ??=Private Organization, serialNumber=23638777, C=TW,
+                L=Taipei City, O=ASUSTeK Computer Inc., CN=ASUSTeK Computer Inc.
+            ValidFrom: '2019-04-01 00:00:00'
+            ValidTo: '2022-01-11 12:00:00'
+            Signature: 646eaa59a80117077ed7d80227a6c3be77f3d9acdc0927d1299369e5636dbb773b61e91390d181178f88e5b92c7cc0c1b851541ee781380f7ac0425fea8a292a9cf93c7f851701db11dd13c8c0e97fd254839b81fdfd7e0a9a520c43186f4c834daa920b8a8e7ddd0048a55a5b7034675394a914b91258751c59b6d9d60ce1d17565fbdcd99311bcbe7e386807ecc186248ddbbb4bae2e4192a0509d661cd307c28a79c6b914854728463b7b39515869858c4975e0fbdd74188afa81c729682705f73bf80e839897b1d61d8deeabb53744e938b4b918fced39ca7dff3076c7f2dca4ddda8621a81fc493480456966901e29041821b116294bc98b445ebb05c33
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 0c64962e4467edcc1579646b7337ec8c
+            Version: 3
+            TBS:
+                MD5: 69796942ecdfadbd806bdea1460a5115
+                SHA1: 0ce9329828324db04bd0a7b101b4fbfedb3be8b2
+                SHA256: efd9b83b154c3e805e1bf7fdfd6a7f7bfdcf2ff3e191d1c33bdc427b6c82039b
+                SHA384: e27d21dc30c40e7b675120062e69c438e9f448ceed7b0434dedd129848c6a8edf05ec07ac25f5ec300be0da46a4c6eab
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA (SHA2)
+            ValidFrom: '2012-04-18 12:00:00'
+            ValidTo: '2027-04-18 12:00:00'
+            Signature: 19334a0c813337dbad36c9e4c93abbb51b2e7aa2e2f44342179ebf4ea14de1b1dbe981dd9f01f2e488d5e9fe09fd21c1ec5d80d2f0d6c143c2fe772bdbf9d79133ce6cd5b2193be62ed6c9934f88408ecde1f57ef10fc6595672e8eb6a41bd1cd546d57c49ca663815c1bfe091707787dcc98d31c90c29a233ed8de287cd898d3f1bffd5e01a978b7cda6dfba8c6b23a666b7b01b3cdd8a634ec1201ab9558a5c45357a860e6e70212a0b92364a24dbb7c81256421becfee42184397bba53706af4dff26a54d614bec4641b865ceb8799e08960b818c8a3b8fc7998ca32a6e986d5e61c696b78ab9612d93b8eb0e0443d7f5fea6f062d4996aa5c1c1f0649480
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 03f1b4e15f3a82f1149678b3d7d8475c
+            Version: 3
+            TBS:
+                MD5: 83f5de89f641d0fbf60248e10a7b9534
+                SHA1: 382a73a059a08698d6eb98c87e1b36fc750933a4
+                SHA256: eec58131dc11cd7f512501b15fdbc6074c603b68ca91f7162d5a042054edb0cf
+                SHA384: 4a25018683cabfb8ec2cad136334f37f33c89aa8540326322991d997c8adfb7faf06ab602ebd46630fe75fe3d2edc6b1
+        Signer:
+        -   SerialNumber: 0c64962e4467edcc1579646b7337ec8c
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA (SHA2)
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 4d4124d64d3ec50417cbec6daeee88c6
+        SHA1: 8bda6992e8fd342be0abce910d9a992c8ebbce34
+        SHA256: 2e82cfe54b31c08c9ac79f9cfa2dc0681ae022435c35d74c9c5b0a8d62a578ff
+    Sections:
+        .text:
+            Entropy: 6.504139925831708
+            Virtual Size: '0x24d2'
+        .rdata:
+            Entropy: 5.447692050379133
+            Virtual Size: '0x874'
+        .data:
+            Entropy: 2.591917186688699
+            Virtual Size: '0x20'
+        .pdata:
+            Entropy: 3.9085448824956335
+            Virtual Size: '0x18c'
+        INIT:
+            Entropy: 5.215252524750182
+            Virtual Size: '0x436'
+        .reloc:
+            Entropy: 2.9464393446710155
+            Virtual Size: '0x14'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2019-04-09 03:59:16'
+    Imphash: 81e2eb25e24938b90806de865630a2b2
+    LoadsDespiteHVCI: 'TRUE'
+-   Filename: AsIO3.sys
+    MD5: ba23266992ad964eff6d358d946b76bd
+    SHA1: d1670bd08cfd376fc2b70c6193f3099078f1d72f
+    SHA256: 71ff60722231c7641ad593756108cf6779dbaad21c7b08065fb1d4e225eab14d
+    Authentihash:
+        MD5: ace2d8ea30005bce12b1421f431bc39c
+        SHA1: f084b6ba134b23e06f5867e650ba4eb9d1007231
+        SHA256: 12af7c39519e16307c2c62a84ca40017b43acf7fa90ec97c182701ffcffa1b61
+    Description: ''
+    Company: ''
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    Product: ''
+    ProductVersion: ''
+    Copyright: ''
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - DbgPrint
+    - RtlGetVersion
+    - KeDelayExecutionThread
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - MmGetSystemRoutineAddress
+    - MmAllocateContiguousMemory
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - RtlCopyUnicodeString
+    - ObReferenceObjectByHandle
+    - ObfDereferenceObject
+    - ZwClose
+    - ZwOpenSection
+    - ZwMapViewOfSection
+    - ZwUnmapViewOfSection
+    - MmGetPhysicalAddress
+    - __C_specific_handler
+    - ZwOpenFile
+    - ZwQueryInformationFile
+    - ZwReadFile
+    - KeBugCheckEx
+    - IoIs32bitProcess
+    - RtlInitUnicodeString
+    - HalTranslateBusAddress
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert, Inc., CN=DigiCert Timestamp 2021
+            ValidFrom: '2021-01-01 00:00:00'
+            ValidTo: '2031-01-06 00:00:00'
+            Signature: 481cdcb5e99a23bce71ae7200e8e6746fd427251740a2347a3ab92d225c47059be14a0e52781a54d1415190779f0d104c386d93bbdfe4402664ded69a40ff6b870cf62e8f5514a7879367a27b7f3e7529f93a7ed439e7be7b4dd412289fb87a246034efcf4feb76477635f2352698382fa1a53ed90cc8da117730df4f36539704bf39cd67a7bda0cbc3d32d01bcbf561fc75080076bc810ef8c0e15ccfc41172e71b6449d8229a751542f52d323881daf460a2bab452fb5ce06124254fb2dfc929a8734351dabd63d61f5b9bf72e1b4f131df74a0d717e97b7f43f84ebc1e3a349a1facea7bf56cfba597661895f7ea7b48e6778f93698e1cb28da5b87a68a2f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 0d424ae0be3a88ff604021ce1400f0dd
+            Version: 3
+            TBS:
+                MD5: c0189c338449a42fe8358c2c1fbecc60
+                SHA1: b8ac0ee6875594b80ad86a6df6dd1fa3048c187c
+                SHA256: a43de6baf968a942da017b70769fdb65b3cfb1bbca1f9174da26a7d8aae78ec5
+                SHA384: 76d3a316a5a106050298418cce3beea16100524723d9e3220b0de51bfb6f1c35a5d4c7cd10b358fef7bf94c3e3562150
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Assured
+                ID Timestamping CA
+            ValidFrom: '2016-01-07 12:00:00'
+            ValidTo: '2031-01-07 12:00:00'
+            Signature: 719512e951875669cdefddda7caa637ab378cf06374084ef4b84bfcacf0302fdc5a7c30e20422caf77f32b1f0c215a2ab705341d6aae99f827a266bf09aa60df76a43a930ff8b2d1d87c1962e85e82251ec4ba1c7b2c21e2d65b2c1435430468b2db7502e072c798d63c64e51f4810185f8938614d62462487638c91522caf2989e5781fd60b14a580d7124770b375d59385937eb69267fb536189a8f56b96c0f458690d7cc801b1b92875b7996385228c61ca79947e59fc8c0fe36fb50126b66ca5ee875121e458609bba0c2d2b6da2c47ebbc4252b4702087c49ae13b6e17c424228c61856cf4134b6665db6747bf55633222f2236b24ba24a95d8f5a68e52
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 0aa125d6d6321b7e41e405da3697c215
+            Version: 3
+            TBS:
+                MD5: 8d26184fc613f89aba1cefb30fce1b53
+                SHA1: 63a7e376bad5ec2e419d514a403bcf46c8d31d95
+                SHA256: 56b5f0d9db578e3f142921daa387902722a76700375c7e1c4ae0ba004bacaa0c
+                SHA384: d8c9691fe9dbe182f07b49b07fbb4f589fa7b38b5c4d21f265d3a2e818f4b1bfb39e03faab2ec05bb10333a99914fb8a
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: ??=TW, ??=Private Organization, serialNumber=23638777, C=TW,
+                L=Taipei City, O=ASUSTeK Computer Inc., CN=ASUSTeK Computer Inc.
+            ValidFrom: '2019-04-01 00:00:00'
+            ValidTo: '2022-01-11 12:00:00'
+            Signature: 646eaa59a80117077ed7d80227a6c3be77f3d9acdc0927d1299369e5636dbb773b61e91390d181178f88e5b92c7cc0c1b851541ee781380f7ac0425fea8a292a9cf93c7f851701db11dd13c8c0e97fd254839b81fdfd7e0a9a520c43186f4c834daa920b8a8e7ddd0048a55a5b7034675394a914b91258751c59b6d9d60ce1d17565fbdcd99311bcbe7e386807ecc186248ddbbb4bae2e4192a0509d661cd307c28a79c6b914854728463b7b39515869858c4975e0fbdd74188afa81c729682705f73bf80e839897b1d61d8deeabb53744e938b4b918fced39ca7dff3076c7f2dca4ddda8621a81fc493480456966901e29041821b116294bc98b445ebb05c33
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 0c64962e4467edcc1579646b7337ec8c
+            Version: 3
+            TBS:
+                MD5: 69796942ecdfadbd806bdea1460a5115
+                SHA1: 0ce9329828324db04bd0a7b101b4fbfedb3be8b2
+                SHA256: efd9b83b154c3e805e1bf7fdfd6a7f7bfdcf2ff3e191d1c33bdc427b6c82039b
+                SHA384: e27d21dc30c40e7b675120062e69c438e9f448ceed7b0434dedd129848c6a8edf05ec07ac25f5ec300be0da46a4c6eab
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA (SHA2)
+            ValidFrom: '2012-04-18 12:00:00'
+            ValidTo: '2027-04-18 12:00:00'
+            Signature: 19334a0c813337dbad36c9e4c93abbb51b2e7aa2e2f44342179ebf4ea14de1b1dbe981dd9f01f2e488d5e9fe09fd21c1ec5d80d2f0d6c143c2fe772bdbf9d79133ce6cd5b2193be62ed6c9934f88408ecde1f57ef10fc6595672e8eb6a41bd1cd546d57c49ca663815c1bfe091707787dcc98d31c90c29a233ed8de287cd898d3f1bffd5e01a978b7cda6dfba8c6b23a666b7b01b3cdd8a634ec1201ab9558a5c45357a860e6e70212a0b92364a24dbb7c81256421becfee42184397bba53706af4dff26a54d614bec4641b865ceb8799e08960b818c8a3b8fc7998ca32a6e986d5e61c696b78ab9612d93b8eb0e0443d7f5fea6f062d4996aa5c1c1f0649480
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 03f1b4e15f3a82f1149678b3d7d8475c
+            Version: 3
+            TBS:
+                MD5: 83f5de89f641d0fbf60248e10a7b9534
+                SHA1: 382a73a059a08698d6eb98c87e1b36fc750933a4
+                SHA256: eec58131dc11cd7f512501b15fdbc6074c603b68ca91f7162d5a042054edb0cf
+                SHA384: 4a25018683cabfb8ec2cad136334f37f33c89aa8540326322991d997c8adfb7faf06ab602ebd46630fe75fe3d2edc6b1
+        Signer:
+        -   SerialNumber: 0c64962e4467edcc1579646b7337ec8c
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA (SHA2)
+            Version: 1
+    RichPEHeaderHash:
+        MD5: b6539d5c7cfa1f973bd84a2b5f9e21ff
+        SHA1: 8cdb66c7de4ddc498383fafea692448ccbdfd066
+        SHA256: f3d0d00d01297987bc4c626fec0a82efb94cef8ebe74e46e7b8eb63abe087d7b
+    Sections:
+        .text:
+            Entropy: 6.323949092110609
+            Virtual Size: '0x4733'
+        .rdata:
+            Entropy: 5.459170046837529
+            Virtual Size: '0x83c'
+        .data:
+            Entropy: 0.9406144310784021
+            Virtual Size: '0x290'
+        .pdata:
+            Entropy: 3.8692348543800357
+            Virtual Size: '0x174'
+        INIT:
+            Entropy: 5.255268621688079
+            Virtual Size: '0x42c'
+        .reloc:
+            Entropy: 2.9464393446710155
+            Virtual Size: '0x14'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2021-05-31 19:44:39'
+    Imphash: f5ebade1d3a6d3bde264b0c7f9f639e7
+    LoadsDespiteHVCI: 'TRUE'
+-   Filename: AsIO2.sys
+    MD5: f4e1997192d5a95a38965c9e15c687fc
+    SHA1: d3b23a0b70d6d279abd8db109f08a8b0721ce327
+    SHA256: 72322fa8bba20df6966acbcf41e83747893fd173cd29de99b5ad1a5d3bf8f2de
+    Authentihash:
+        MD5: 00222ac0100839199b77ebb2c911eda5
+        SHA1: bb4bff7156e15818a9e6344bad411587f3dcc0a1
+        SHA256: 0e955e57f078a2c0de7d113e85859bb3e0fcac772a5a1b9b9709a90a86ef4cd5
+    Description: ''
+    Company: ''
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    Product: ''
+    ProductVersion: ''
+    Copyright: ''
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - DbgPrint
+    - RtlGetVersion
+    - KeDelayExecutionThread
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - MmGetSystemRoutineAddress
+    - MmAllocateContiguousMemory
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - RtlCopyUnicodeString
+    - ObReferenceObjectByHandle
+    - ObfDereferenceObject
+    - ZwClose
+    - ZwOpenSection
+    - ZwMapViewOfSection
+    - ZwUnmapViewOfSection
+    - MmGetPhysicalAddress
+    - RtlCompareUnicodeString
+    - ZwOpenFile
+    - ZwQueryInformationFile
+    - ZwReadFile
+    - __C_specific_handler
+    - KeBugCheckEx
+    - IoIs32bitProcess
+    - RtlInitUnicodeString
+    - HalTranslateBusAddress
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: ??=TW, ??=Private Organization, serialNumber=23638777, C=TW,
+                L=Taipei City, O=ASUSTeK Computer Inc., CN=ASUSTeK Computer Inc.
+            ValidFrom: '2019-04-01 00:00:00'
+            ValidTo: '2022-01-11 12:00:00'
+            Signature: 646eaa59a80117077ed7d80227a6c3be77f3d9acdc0927d1299369e5636dbb773b61e91390d181178f88e5b92c7cc0c1b851541ee781380f7ac0425fea8a292a9cf93c7f851701db11dd13c8c0e97fd254839b81fdfd7e0a9a520c43186f4c834daa920b8a8e7ddd0048a55a5b7034675394a914b91258751c59b6d9d60ce1d17565fbdcd99311bcbe7e386807ecc186248ddbbb4bae2e4192a0509d661cd307c28a79c6b914854728463b7b39515869858c4975e0fbdd74188afa81c729682705f73bf80e839897b1d61d8deeabb53744e938b4b918fced39ca7dff3076c7f2dca4ddda8621a81fc493480456966901e29041821b116294bc98b445ebb05c33
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 0c64962e4467edcc1579646b7337ec8c
+            Version: 3
+            TBS:
+                MD5: 69796942ecdfadbd806bdea1460a5115
+                SHA1: 0ce9329828324db04bd0a7b101b4fbfedb3be8b2
+                SHA256: efd9b83b154c3e805e1bf7fdfd6a7f7bfdcf2ff3e191d1c33bdc427b6c82039b
+                SHA384: e27d21dc30c40e7b675120062e69c438e9f448ceed7b0434dedd129848c6a8edf05ec07ac25f5ec300be0da46a4c6eab
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA (SHA2)
+            ValidFrom: '2012-04-18 12:00:00'
+            ValidTo: '2027-04-18 12:00:00'
+            Signature: 19334a0c813337dbad36c9e4c93abbb51b2e7aa2e2f44342179ebf4ea14de1b1dbe981dd9f01f2e488d5e9fe09fd21c1ec5d80d2f0d6c143c2fe772bdbf9d79133ce6cd5b2193be62ed6c9934f88408ecde1f57ef10fc6595672e8eb6a41bd1cd546d57c49ca663815c1bfe091707787dcc98d31c90c29a233ed8de287cd898d3f1bffd5e01a978b7cda6dfba8c6b23a666b7b01b3cdd8a634ec1201ab9558a5c45357a860e6e70212a0b92364a24dbb7c81256421becfee42184397bba53706af4dff26a54d614bec4641b865ceb8799e08960b818c8a3b8fc7998ca32a6e986d5e61c696b78ab9612d93b8eb0e0443d7f5fea6f062d4996aa5c1c1f0649480
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 03f1b4e15f3a82f1149678b3d7d8475c
+            Version: 3
+            TBS:
+                MD5: 83f5de89f641d0fbf60248e10a7b9534
+                SHA1: 382a73a059a08698d6eb98c87e1b36fc750933a4
+                SHA256: eec58131dc11cd7f512501b15fdbc6074c603b68ca91f7162d5a042054edb0cf
+                SHA384: 4a25018683cabfb8ec2cad136334f37f33c89aa8540326322991d997c8adfb7faf06ab602ebd46630fe75fe3d2edc6b1
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 0c64962e4467edcc1579646b7337ec8c
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA (SHA2)
+            Version: 1
+    RichPEHeaderHash:
+        MD5: b19546fb2509abca52ddbc17db4bdb42
+        SHA1: 6d702f91bc9b3a73eba9f9c0417984b578ca200b
+        SHA256: 73a749678370e9cfeca10fc868e7a18cc3b499e01f7a97479cd909f44feb5b87
+    Sections:
+        .text:
+            Entropy: 6.497436117425461
+            Virtual Size: '0x2552'
+        .rdata:
+            Entropy: 5.458978412009734
+            Virtual Size: '0x88c'
+        .data:
+            Entropy: 2.2166422780956516
+            Virtual Size: '0x28'
+        .pdata:
+            Entropy: 3.90277567498223
+            Virtual Size: '0x18c'
+        INIT:
+            Entropy: 5.195052400903618
+            Virtual Size: '0x44e'
+        .reloc:
+            Entropy: 2.939353872167201
+            Virtual Size: '0x14'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2020-05-20 02:47:26'
+    Imphash: f74aa24adc713dbb957ccb18f3c16a71
+    LoadsDespiteHVCI: 'TRUE'
+-   Filename: AsIO3_64.sys
+    MD5: 07efb8259b42975d502a058db8a3fd21
+    SHA1: 9f22ebcd2915471e7526f30aa53c24b557a689f5
+    SHA256: 7236c8ff33c0e5cfa956778aa7303f1979f3bf709c361399fa1ce101b7e355b8
+    Authentihash:
+        MD5: 9a476899b3d01439880bcc7ae9991d47
+        SHA1: ac07c5670916f6c3949a49036460ac08ec43a582
+        SHA256: 54231728c29f2d2003ec575729760369bb72be7b656b52b4f02ec198f4ee4dfd
+    Description: ''
+    Company: ''
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    Product: ''
+    ProductVersion: ''
+    Copyright: ''
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - KeSetEvent
+    - KeDelayExecutionThread
+    - KeWaitForSingleObject
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - MmGetSystemRoutineAddress
+    - MmAllocateContiguousMemory
+    - MmFreeContiguousMemory
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoCreateSynchronizationEvent
+    - IoDeleteDevice
+    - RtlGetVersion
+    - IoIs32bitProcess
+    - ObReferenceObjectByHandle
+    - ObfDereferenceObject
+    - ZwClose
+    - ZwOpenSection
+    - ZwMapViewOfSection
+    - ZwUnmapViewOfSection
+    - MmGetPhysicalAddress
+    - __C_specific_handler
+    - ZwOpenFile
+    - ZwQueryInformationFile
+    - ZwReadFile
+    - KeBugCheckEx
+    - DbgPrint
+    - RtlCopyUnicodeString
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    - HalTranslateBusAddress
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert, Inc., CN=DigiCert Trusted G4 Code Signing RSA4096
+                SHA384 2021 CA1
+            ValidFrom: '2021-04-29 00:00:00'
+            ValidTo: '2036-04-28 23:59:59'
+            Signature: 3a23443d8d0876ee8fbc3a99d356e0021aa5f84834f32cb6e67466f79472b100caaf6c302713129e90449f4bfd9ea37c26d537bc3a5d486d95d53f49f427bb16814550fd9cbdb685e0767e3771cb22f75aaa90cff5936ae3eb20d1d55079889a8a8ac1b6bda148187edcd8801a111918cd61998156f6c9e376e7c4e41b5f43f83e94ff76393d9ed499cf4add28eb5f26a1955848d51afed7273ffd90d17686dd1cb0605cf30da8eee089a1bd39e1384eda6ebb369dfbe521535ac3cae96af1a23edb43b833c84f38149299f5ddce546dd95d02141f40337c03e295b2c221757352cb46d8c4341ca2a54b8dcd6f76372c853f1ace26e918be9007b0437f9588208270f0cccaeffd29355c1f893855f7378a8b09a1cb0be9311aff2e195c3971e1be9ca70a06d62667b792e64e5fde7aac49cf2ea47492addb3ca49c861fe3c1561b2b23ff8fb5ea887b706be6a0bafd3a3f45a6c4e81691528b41c048844b964dab4440e38df01528ceedf11856072a2f10c40c08643c338fae288c3ccb8f880b0dbf3bf4ce1e7b8eefb5ebcbb7f07713e6e7283fac12aea52f226c41f9825c1566cc6c0ecac586c3f626330c074ba0d307026a6a4030484b34a85120bbad1b8508e2590d6dca05502bea4a1c9ea5fda0a71f0674e7f2d65290fdaf854821f9573bb49c03ed8645f4b4616ebf68e2266086eac8afa9fe941de7631b3a8656784e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.12
+            IsCertificateAuthority: true
+            SerialNumber: 08ad40b260d29c4c9f5ecda9bd93aed9
+            Version: 3
+            TBS:
+                MD5: 5d8003a64dfa5a4d88365da1566038cb
+                SHA1: 79465b56bc7ad55a37bdf633943da8bfc84db228
+                SHA256: 84bdc82e2f2a7f7aaa782667dac556ffcb2b33240c1f9c0a00a3264526a98332
+                SHA384: 65b1d4076a89ae273f57e6eeedecb3eae129b4168f76fa7671914cdf461d542255c59d9b85b916ae0ca6fc0fcf7a8e64
+        -   Subject: ??=Private Organization, ??=TW, serialNumber=23638777, C=TW,
+                ST=Taipei City, L=Beitou District, O=ASUSTeK COMPUTER INC., CN=ASUSTeK
+                COMPUTER INC.
+            ValidFrom: '2021-10-22 00:00:00'
+            ValidTo: '2024-10-22 23:59:59'
+            Signature: 1a8b6fd4e11cec34a3dfea314f0d59c6f41c56f76e1ac51f68e0285f1abdbda9e22628939dbd7acdf890d8ff3c7c4fff180c624b8434c6536bb61f1ff459d48a14c001d9d40ff1587cf64ce82edee2a24da8d80cd240e2af6d0e1c61aab24ce95f9c8ef50eeb0e153a343c1279fe6a003c44f3bd3ffa75ffbe314fc13bb36a9bbb3cea6026f5cb582992b016059074e4fcd8c16d4c5e8750bc9a196f94525317febcddb2d0121a235bb95136a0e4fc25611cd2915f4b488b66888168b90824e171d3214480c99fadb7b6c89cafc500eee468cb7faa9c1c1526d224ff389de012480480ced98831c324b129f2df3d3493d002ec8d4725e00eda33994f82493505861f61035c625d1c9ce2c7363799d3f1df9b17712b43cbf4c2027b54c796cbaca6b1523d028291e07774168a976ee3c879c850c1aaf65b1cec5c6dcb445487ab11b3967b8dd7726fe0dc529f7d624346a996adfd9dc6aab808edd9836a93e229ddbba4e8bb1c59719b6ebdcfc74d73f57ed946e936b5659783c199395bd2595458958edde6674bf08b3b650a8aeaa5507053b3f6ee7aedf16f55b849111535ca68ea11a5827551cba28023e230db7a209c763743ea22be0948ecf03d98ed447f66ecb97c0a525eb3b469779f2417f2082c4244b50936a9cb215745c71f3c27c98220f76395ba22a2f921a87655237977febd8b9a1564333af0cdf8e749bce0dd
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 0bbe02c8838fbf02ab56edabb1e34c19
+            Version: 3
+            TBS:
+                MD5: 0357e292e0e92b06c92b21cacfcfa451
+                SHA1: f52795bc8de5d803f09e20dd216d7df861f4cb34
+                SHA256: b33b80e64cdfb28fb9afb17259be19ffe1edf8aae62fcfbfe8ff301f786c500d
+                SHA384: 5fbe918c3fa1034d5671ae38b20773df18b8f9dd48e60f90c5c98708e73d6ca0c6dec4e2bcb0de22ba3efb59479db152
+        Signer:
+        -   SerialNumber: 0bbe02c8838fbf02ab56edabb1e34c19
+            Issuer: C=US, O=DigiCert, Inc., CN=DigiCert Trusted G4 Code Signing RSA4096
+                SHA384 2021 CA1
+            Version: 1
+    RichPEHeaderHash:
+        MD5: dbe8b55f933a7abbc26d9f121bbf2b84
+        SHA1: 81e0e90f23b7d56dd1dccbbe04bb3c54892af7b8
+        SHA256: 270748ae970faf04f98d588b783073c9b24e3dae8630ad2e3f1a862731078f4b
+    Sections:
+        .text:
+            Entropy: 6.407232131831549
+            Virtual Size: '0x58d3'
+        .rdata:
+            Entropy: 5.43652038691502
+            Virtual Size: '0x8d4'
+        .data:
+            Entropy: 0.9367081810784021
+            Virtual Size: '0x290'
+        .pdata:
+            Entropy: 4.005604411589105
+            Virtual Size: '0x1bc'
+        INIT:
+            Entropy: 5.265885086539526
+            Virtual Size: '0x4ec'
+        .reloc:
+            Entropy: 3.1086949695628423
+            Virtual Size: '0x14'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2022-07-28 02:33:11'
+    Imphash: b3e26c5e0de2d01597dca208ef27cc38
+    LoadsDespiteHVCI: 'TRUE'
+-   Filename: AsIO3.sys
+    MD5: 1414629b1ee93d2652ff49b2eb829940
+    SHA1: df58f9b193c6916aaec7606c0de5eba70c8ec665
+    SHA256: 7b0f442ac0bb183906700097d65aed0b4b9d8678f9a01aca864854189fe368e7
+    Authentihash:
+        MD5: cf61dd8f9a187de6219f930866defcbd
+        SHA1: 80bb26a2ef12a3d9d77fe5dd6059d5955b690b2e
+        SHA256: a7bb08f99a9701482ce693d71e95559b10a247c4e8f50deba8097b0d3f191532
+    Description: ''
+    Company: ''
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    Product: ''
+    ProductVersion: ''
+    Copyright: ''
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - KeSetEvent
+    - KeDelayExecutionThread
+    - KeWaitForSingleObject
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - MmGetSystemRoutineAddress
+    - MmAllocateContiguousMemory
+    - MmFreeContiguousMemory
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoCreateSynchronizationEvent
+    - IoDeleteDevice
+    - RtlGetVersion
+    - IoIs32bitProcess
+    - ObReferenceObjectByHandle
+    - ObfDereferenceObject
+    - ZwClose
+    - ZwOpenSection
+    - ZwMapViewOfSection
+    - ZwUnmapViewOfSection
+    - MmGetPhysicalAddress
+    - __C_specific_handler
+    - ZwOpenFile
+    - ZwQueryInformationFile
+    - ZwReadFile
+    - KeBugCheckEx
+    - DbgPrint
+    - RtlCopyUnicodeString
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    - HalTranslateBusAddress
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert, Inc., CN=DigiCert Trusted G4 Code Signing RSA4096
+                SHA384 2021 CA1
+            ValidFrom: '2021-04-29 00:00:00'
+            ValidTo: '2036-04-28 23:59:59'
+            Signature: 3a23443d8d0876ee8fbc3a99d356e0021aa5f84834f32cb6e67466f79472b100caaf6c302713129e90449f4bfd9ea37c26d537bc3a5d486d95d53f49f427bb16814550fd9cbdb685e0767e3771cb22f75aaa90cff5936ae3eb20d1d55079889a8a8ac1b6bda148187edcd8801a111918cd61998156f6c9e376e7c4e41b5f43f83e94ff76393d9ed499cf4add28eb5f26a1955848d51afed7273ffd90d17686dd1cb0605cf30da8eee089a1bd39e1384eda6ebb369dfbe521535ac3cae96af1a23edb43b833c84f38149299f5ddce546dd95d02141f40337c03e295b2c221757352cb46d8c4341ca2a54b8dcd6f76372c853f1ace26e918be9007b0437f9588208270f0cccaeffd29355c1f893855f7378a8b09a1cb0be9311aff2e195c3971e1be9ca70a06d62667b792e64e5fde7aac49cf2ea47492addb3ca49c861fe3c1561b2b23ff8fb5ea887b706be6a0bafd3a3f45a6c4e81691528b41c048844b964dab4440e38df01528ceedf11856072a2f10c40c08643c338fae288c3ccb8f880b0dbf3bf4ce1e7b8eefb5ebcbb7f07713e6e7283fac12aea52f226c41f9825c1566cc6c0ecac586c3f626330c074ba0d307026a6a4030484b34a85120bbad1b8508e2590d6dca05502bea4a1c9ea5fda0a71f0674e7f2d65290fdaf854821f9573bb49c03ed8645f4b4616ebf68e2266086eac8afa9fe941de7631b3a8656784e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.12
+            IsCertificateAuthority: true
+            SerialNumber: 08ad40b260d29c4c9f5ecda9bd93aed9
+            Version: 3
+            TBS:
+                MD5: 5d8003a64dfa5a4d88365da1566038cb
+                SHA1: 79465b56bc7ad55a37bdf633943da8bfc84db228
+                SHA256: 84bdc82e2f2a7f7aaa782667dac556ffcb2b33240c1f9c0a00a3264526a98332
+                SHA384: 65b1d4076a89ae273f57e6eeedecb3eae129b4168f76fa7671914cdf461d542255c59d9b85b916ae0ca6fc0fcf7a8e64
+        -   Subject: ??=Private Organization, ??=TW, serialNumber=23638777, C=TW,
+                ST=Taipei City, L=Beitou District, O=ASUSTeK COMPUTER INC., CN=ASUSTeK
+                COMPUTER INC.
+            ValidFrom: '2021-10-22 00:00:00'
+            ValidTo: '2024-10-22 23:59:59'
+            Signature: 1a8b6fd4e11cec34a3dfea314f0d59c6f41c56f76e1ac51f68e0285f1abdbda9e22628939dbd7acdf890d8ff3c7c4fff180c624b8434c6536bb61f1ff459d48a14c001d9d40ff1587cf64ce82edee2a24da8d80cd240e2af6d0e1c61aab24ce95f9c8ef50eeb0e153a343c1279fe6a003c44f3bd3ffa75ffbe314fc13bb36a9bbb3cea6026f5cb582992b016059074e4fcd8c16d4c5e8750bc9a196f94525317febcddb2d0121a235bb95136a0e4fc25611cd2915f4b488b66888168b90824e171d3214480c99fadb7b6c89cafc500eee468cb7faa9c1c1526d224ff389de012480480ced98831c324b129f2df3d3493d002ec8d4725e00eda33994f82493505861f61035c625d1c9ce2c7363799d3f1df9b17712b43cbf4c2027b54c796cbaca6b1523d028291e07774168a976ee3c879c850c1aaf65b1cec5c6dcb445487ab11b3967b8dd7726fe0dc529f7d624346a996adfd9dc6aab808edd9836a93e229ddbba4e8bb1c59719b6ebdcfc74d73f57ed946e936b5659783c199395bd2595458958edde6674bf08b3b650a8aeaa5507053b3f6ee7aedf16f55b849111535ca68ea11a5827551cba28023e230db7a209c763743ea22be0948ecf03d98ed447f66ecb97c0a525eb3b469779f2417f2082c4244b50936a9cb215745c71f3c27c98220f76395ba22a2f921a87655237977febd8b9a1564333af0cdf8e749bce0dd
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 0bbe02c8838fbf02ab56edabb1e34c19
+            Version: 3
+            TBS:
+                MD5: 0357e292e0e92b06c92b21cacfcfa451
+                SHA1: f52795bc8de5d803f09e20dd216d7df861f4cb34
+                SHA256: b33b80e64cdfb28fb9afb17259be19ffe1edf8aae62fcfbfe8ff301f786c500d
+                SHA384: 5fbe918c3fa1034d5671ae38b20773df18b8f9dd48e60f90c5c98708e73d6ca0c6dec4e2bcb0de22ba3efb59479db152
+        Signer:
+        -   SerialNumber: 0bbe02c8838fbf02ab56edabb1e34c19
+            Issuer: C=US, O=DigiCert, Inc., CN=DigiCert Trusted G4 Code Signing RSA4096
+                SHA384 2021 CA1
+            Version: 1
+    RichPEHeaderHash:
+        MD5: dbe8b55f933a7abbc26d9f121bbf2b84
+        SHA1: 81e0e90f23b7d56dd1dccbbe04bb3c54892af7b8
+        SHA256: 270748ae970faf04f98d588b783073c9b24e3dae8630ad2e3f1a862731078f4b
+    Sections:
+        .text:
+            Entropy: 6.407232131831549
+            Virtual Size: '0x58d3'
+        .rdata:
+            Entropy: 5.437107960063165
+            Virtual Size: '0x8d4'
+        .data:
+            Entropy: 0.9313275414257391
+            Virtual Size: '0x290'
+        .pdata:
+            Entropy: 4.005604411589105
+            Virtual Size: '0x1bc'
+        INIT:
+            Entropy: 5.265885086539526
+            Virtual Size: '0x4ec'
+        .reloc:
+            Entropy: 3.1086949695628423
+            Virtual Size: '0x14'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2022-05-18 20:51:01'
+    Imphash: b3e26c5e0de2d01597dca208ef27cc38
+    LoadsDespiteHVCI: 'TRUE'
+-   Filename: AsIO3.sys
+    MD5: 67e03f83c503c3f11843942df32efe5a
+    SHA1: b0c7ec472abf544c5524b644a7114cba0505951e
+    SHA256: 7e3b0b8d3e430074109d85729201d7c34bc5b918c0bcb9f64ce88c5e37e1a456
+    Authentihash:
+        MD5: a41fc38c2ffe9e5097c8d781a89bbbe9
+        SHA1: a248637b54b10942743e0caf8698ce8b84559f79
+        SHA256: 9512115b60e67fa268a7463119add2404150842bb3dffa41124b12dd9cb580a2
+    Description: ''
+    Company: ''
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    Product: ''
+    ProductVersion: ''
+    Copyright: ''
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - DbgPrint
+    - RtlGetVersion
+    - KeDelayExecutionThread
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - MmGetSystemRoutineAddress
+    - MmAllocateContiguousMemory
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - RtlCopyUnicodeString
+    - ObReferenceObjectByHandle
+    - ObfDereferenceObject
+    - ZwClose
+    - ZwOpenSection
+    - ZwMapViewOfSection
+    - ZwUnmapViewOfSection
+    - MmGetPhysicalAddress
+    - __C_specific_handler
+    - ZwOpenFile
+    - ZwQueryInformationFile
+    - ZwReadFile
+    - KeBugCheckEx
+    - IoIs32bitProcess
+    - RtlInitUnicodeString
+    - HalTranslateBusAddress
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert, Inc., CN=DigiCert Timestamp 2021
+            ValidFrom: '2021-01-01 00:00:00'
+            ValidTo: '2031-01-06 00:00:00'
+            Signature: 481cdcb5e99a23bce71ae7200e8e6746fd427251740a2347a3ab92d225c47059be14a0e52781a54d1415190779f0d104c386d93bbdfe4402664ded69a40ff6b870cf62e8f5514a7879367a27b7f3e7529f93a7ed439e7be7b4dd412289fb87a246034efcf4feb76477635f2352698382fa1a53ed90cc8da117730df4f36539704bf39cd67a7bda0cbc3d32d01bcbf561fc75080076bc810ef8c0e15ccfc41172e71b6449d8229a751542f52d323881daf460a2bab452fb5ce06124254fb2dfc929a8734351dabd63d61f5b9bf72e1b4f131df74a0d717e97b7f43f84ebc1e3a349a1facea7bf56cfba597661895f7ea7b48e6778f93698e1cb28da5b87a68a2f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 0d424ae0be3a88ff604021ce1400f0dd
+            Version: 3
+            TBS:
+                MD5: c0189c338449a42fe8358c2c1fbecc60
+                SHA1: b8ac0ee6875594b80ad86a6df6dd1fa3048c187c
+                SHA256: a43de6baf968a942da017b70769fdb65b3cfb1bbca1f9174da26a7d8aae78ec5
+                SHA384: 76d3a316a5a106050298418cce3beea16100524723d9e3220b0de51bfb6f1c35a5d4c7cd10b358fef7bf94c3e3562150
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Assured
+                ID Timestamping CA
+            ValidFrom: '2016-01-07 12:00:00'
+            ValidTo: '2031-01-07 12:00:00'
+            Signature: 719512e951875669cdefddda7caa637ab378cf06374084ef4b84bfcacf0302fdc5a7c30e20422caf77f32b1f0c215a2ab705341d6aae99f827a266bf09aa60df76a43a930ff8b2d1d87c1962e85e82251ec4ba1c7b2c21e2d65b2c1435430468b2db7502e072c798d63c64e51f4810185f8938614d62462487638c91522caf2989e5781fd60b14a580d7124770b375d59385937eb69267fb536189a8f56b96c0f458690d7cc801b1b92875b7996385228c61ca79947e59fc8c0fe36fb50126b66ca5ee875121e458609bba0c2d2b6da2c47ebbc4252b4702087c49ae13b6e17c424228c61856cf4134b6665db6747bf55633222f2236b24ba24a95d8f5a68e52
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 0aa125d6d6321b7e41e405da3697c215
+            Version: 3
+            TBS:
+                MD5: 8d26184fc613f89aba1cefb30fce1b53
+                SHA1: 63a7e376bad5ec2e419d514a403bcf46c8d31d95
+                SHA256: 56b5f0d9db578e3f142921daa387902722a76700375c7e1c4ae0ba004bacaa0c
+                SHA384: d8c9691fe9dbe182f07b49b07fbb4f589fa7b38b5c4d21f265d3a2e818f4b1bfb39e03faab2ec05bb10333a99914fb8a
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: ??=TW, ??=Private Organization, serialNumber=23638777, C=TW,
+                L=Taipei City, O=ASUSTeK Computer Inc., CN=ASUSTeK Computer Inc.
+            ValidFrom: '2019-04-01 00:00:00'
+            ValidTo: '2022-01-11 12:00:00'
+            Signature: 646eaa59a80117077ed7d80227a6c3be77f3d9acdc0927d1299369e5636dbb773b61e91390d181178f88e5b92c7cc0c1b851541ee781380f7ac0425fea8a292a9cf93c7f851701db11dd13c8c0e97fd254839b81fdfd7e0a9a520c43186f4c834daa920b8a8e7ddd0048a55a5b7034675394a914b91258751c59b6d9d60ce1d17565fbdcd99311bcbe7e386807ecc186248ddbbb4bae2e4192a0509d661cd307c28a79c6b914854728463b7b39515869858c4975e0fbdd74188afa81c729682705f73bf80e839897b1d61d8deeabb53744e938b4b918fced39ca7dff3076c7f2dca4ddda8621a81fc493480456966901e29041821b116294bc98b445ebb05c33
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 0c64962e4467edcc1579646b7337ec8c
+            Version: 3
+            TBS:
+                MD5: 69796942ecdfadbd806bdea1460a5115
+                SHA1: 0ce9329828324db04bd0a7b101b4fbfedb3be8b2
+                SHA256: efd9b83b154c3e805e1bf7fdfd6a7f7bfdcf2ff3e191d1c33bdc427b6c82039b
+                SHA384: e27d21dc30c40e7b675120062e69c438e9f448ceed7b0434dedd129848c6a8edf05ec07ac25f5ec300be0da46a4c6eab
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA (SHA2)
+            ValidFrom: '2012-04-18 12:00:00'
+            ValidTo: '2027-04-18 12:00:00'
+            Signature: 19334a0c813337dbad36c9e4c93abbb51b2e7aa2e2f44342179ebf4ea14de1b1dbe981dd9f01f2e488d5e9fe09fd21c1ec5d80d2f0d6c143c2fe772bdbf9d79133ce6cd5b2193be62ed6c9934f88408ecde1f57ef10fc6595672e8eb6a41bd1cd546d57c49ca663815c1bfe091707787dcc98d31c90c29a233ed8de287cd898d3f1bffd5e01a978b7cda6dfba8c6b23a666b7b01b3cdd8a634ec1201ab9558a5c45357a860e6e70212a0b92364a24dbb7c81256421becfee42184397bba53706af4dff26a54d614bec4641b865ceb8799e08960b818c8a3b8fc7998ca32a6e986d5e61c696b78ab9612d93b8eb0e0443d7f5fea6f062d4996aa5c1c1f0649480
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 03f1b4e15f3a82f1149678b3d7d8475c
+            Version: 3
+            TBS:
+                MD5: 83f5de89f641d0fbf60248e10a7b9534
+                SHA1: 382a73a059a08698d6eb98c87e1b36fc750933a4
+                SHA256: eec58131dc11cd7f512501b15fdbc6074c603b68ca91f7162d5a042054edb0cf
+                SHA384: 4a25018683cabfb8ec2cad136334f37f33c89aa8540326322991d997c8adfb7faf06ab602ebd46630fe75fe3d2edc6b1
+        Signer:
+        -   SerialNumber: 0c64962e4467edcc1579646b7337ec8c
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA (SHA2)
+            Version: 1
+    RichPEHeaderHash:
+        MD5: e18ac3c1c174f9dd7f12cc8d339ad259
+        SHA1: 3ff5f57a82c8f78cff5a08583bc903c9bd16856a
+        SHA256: ccaa03ac8897c2e6efedd37e2e50e08105dc5249d516bbc5468343694398fe49
+    Sections:
+        .text:
+            Entropy: 6.317535926138567
+            Virtual Size: '0x4773'
+        .rdata:
+            Entropy: 5.444571678310986
+            Virtual Size: '0x86c'
+        .data:
+            Entropy: 0.9352337914257391
+            Virtual Size: '0x290'
+        .pdata:
+            Entropy: 3.9765553031924283
+            Virtual Size: '0x174'
+        INIT:
+            Entropy: 5.260485600682463
+            Virtual Size: '0x42c'
+        .reloc:
+            Entropy: 2.9464393446710155
+            Virtual Size: '0x14'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2021-09-15 20:17:14'
+    Imphash: f5ebade1d3a6d3bde264b0c7f9f639e7
+    LoadsDespiteHVCI: 'TRUE'
+-   Filename: AsIO64.sys
+    MD5: 85b756463ab0c000f816260d49923cde
+    SHA1: de0c16e3812924212f04e15caa09763ae4770403
+    SHA256: 841335eeb6af68dce5b8b24151776281a751b95056a894991b23afae80e9f33b
+    Authentihash:
+        MD5: e0f8fb00de2a72c7808c94223cea5145
+        SHA1: cbe317096adb8eba45f7e8b22830257ff8625514
+        SHA256: e304e5d70d3f986f623fad7f4355d5218d8c1681e423b02db0946cbe1503eb76
+    Description: ''
+    Company: ''
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    Product: ''
+    ProductVersion: ''
+    Copyright: ''
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - ZwClose
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - DbgPrint
+    - IofCompleteRequest
+    - ZwUnmapViewOfSection
+    - IoIs32bitProcess
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - IoDeleteSymbolicLink
+    - KeDelayExecutionThread
+    - HalTranslateBusAddress
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2008-12-03 23:59:59'
+            Signature: 877870da4e5201205be079c98230c4fdb91996bd9100c3bdcdcdc6f40ed8fff94dc033623011c5f5741bd492de5f9c2013b17c45be50cd83e7801783a72793671346fbcab8984103cc9b515b058b7fa86ff31b501b242ef2698d6c22f7bbca1695ed0c74c06877d9eb996287c17390f889747a23aba3987b97b1f78f29714d2e751b4841daf0b50d2054d677a097826369fd09cf8af075bb099bd9f91155269a6132be7a02b07b86bea2c38b222c78d13576bc92735cf9b9e64c150a23cce4d2d4342e4940153c0f607a24c6a566ef96cf70eb3ee7f40d7edcd17ca3767169c19c4f47303521b1a2af1a623c2bd98eaa2a077bd818b35c7be29da56ffe3c89ad
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0de92bf0d4d82988183205095e9a7688
+            Version: 3
+            TBS:
+                MD5: 45c204b8a20f6abb0188d2d38a3fb0c9
+                SHA1: cdf3a3c5c2eda4c29621f30fd3154f9f8c765739
+                SHA256: e32839dddc0f4ed2474efaf37f59d46db400c700fd19533cb0895a111124bc77
+                SHA384: ee9c75832cb252218b3201619852209df490d2ef7a5f7a28afdb37f1c1dd56f4604898838e558f615b1c798d4a488223
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=TW, ST=Taiwan, L=Taipei / Peitou, O=ASUSTeK Computer Inc.,
+                OU=Digital ID Class 3 , Microsoft Software Validation v2, OU=Quality
+                Testing Department, CN=ASUSTeK Computer Inc.
+            ValidFrom: '2006-06-27 00:00:00'
+            ValidTo: '2007-07-16 23:59:59'
+            Signature: 3e9083070ad85eabc973807c097269557b889eba86f794582fdc292452dcb7f8bcc45cd4743a1f6fb1b4a2186c7be5c62cea2cfa8d7a8cf6b343ddd3da952369aeea7cdbb7fb2d0c172e9bd3f834d838e598760aa04f073962665cce0382d2f549978ec5b9b3d039eddfb4c4b3403f5a7ba908e6523bd44e39705deee334eb3d4dba63ac71da30b5a6a3c9bde15f52b39732144d7e59acae08622c5f78f0097899265af6be9d1f1b868e500fca79fe967ddd6d777597d52c201210d4903c6929e59ca804518364ab1f75925a99b70591290cab0f4c079392a985797cc99b1fc87cf7237ec4ce715abd07f108e320e42c327d305be93dde94161251414fc46516
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 284649f592786c4851c1138e364185ae
+            Version: 3
+            TBS:
+                MD5: 2fc1a78b4874ed1ac403284a5d4084fb
+                SHA1: 9ae9b025b3a9ebfacdf55104f3fc1c143457a296
+                SHA256: 9ffd439139209f1a084cb30cd791558dc266265405f7c5c7444c5a941ff0c004
+                SHA384: 656817a3d8aa52cdc8fbff1dcb0ef1f07ea93f0c6b82067d7c6c5f68a125dc3b50f88974a66d59ecc5b996ca5e55eaa1
+        Signer:
+        -   SerialNumber: 284649f592786c4851c1138e364185ae
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 59080883b71fd56bbf10ec0ae4b6bdd4
+        SHA1: 503a36a225568553cc9b05f63b3506c6ff21e12e
+        SHA256: bc812d4ddc3ecfbf38c4d0d185e368fc58bac6e07f722db032bf6303daa7c946
+    Sections:
+        .text:
+            Entropy: 6.172691138654025
+            Virtual Size: '0xd8c'
+        .rdata:
+            Entropy: 4.3738577464905095
+            Virtual Size: '0x18c'
+        .data:
+            Entropy: 0.0
+            Virtual Size: '0xc'
+        .pdata:
+            Entropy: 3.3303322930213435
+            Virtual Size: '0x84'
+        INIT:
+            Entropy: 4.4509406095000665
+            Virtual Size: '0x218'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2004-10-14 03:53:21'
+    Imphash: ccdeab2a83fbf2fef2e418cccd133ec1
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: AsIO3_64.sys
+    MD5: 598f8fb2317350e5f90b7bd16baf5738
+    SHA1: a8be6203c5a87ecc3ae1c452b7b6dbdf3a9f82ae
+    SHA256: 910479467ef17b9591d8d42305e7f6f247ad41c60ec890a1ffbe331f495ed135
+    Authentihash:
+        MD5: ace2d8ea30005bce12b1421f431bc39c
+        SHA1: f084b6ba134b23e06f5867e650ba4eb9d1007231
+        SHA256: 12af7c39519e16307c2c62a84ca40017b43acf7fa90ec97c182701ffcffa1b61
+    Description: ''
+    Company: ''
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    Product: ''
+    ProductVersion: ''
+    Copyright: ''
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - DbgPrint
+    - RtlGetVersion
+    - KeDelayExecutionThread
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - MmGetSystemRoutineAddress
+    - MmAllocateContiguousMemory
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - RtlCopyUnicodeString
+    - ObReferenceObjectByHandle
+    - ObfDereferenceObject
+    - ZwClose
+    - ZwOpenSection
+    - ZwMapViewOfSection
+    - ZwUnmapViewOfSection
+    - MmGetPhysicalAddress
+    - __C_specific_handler
+    - ZwOpenFile
+    - ZwQueryInformationFile
+    - ZwReadFile
+    - KeBugCheckEx
+    - IoIs32bitProcess
+    - RtlInitUnicodeString
+    - HalTranslateBusAddress
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert, Inc., CN=DigiCert Timestamp 2021
+            ValidFrom: '2021-01-01 00:00:00'
+            ValidTo: '2031-01-06 00:00:00'
+            Signature: 481cdcb5e99a23bce71ae7200e8e6746fd427251740a2347a3ab92d225c47059be14a0e52781a54d1415190779f0d104c386d93bbdfe4402664ded69a40ff6b870cf62e8f5514a7879367a27b7f3e7529f93a7ed439e7be7b4dd412289fb87a246034efcf4feb76477635f2352698382fa1a53ed90cc8da117730df4f36539704bf39cd67a7bda0cbc3d32d01bcbf561fc75080076bc810ef8c0e15ccfc41172e71b6449d8229a751542f52d323881daf460a2bab452fb5ce06124254fb2dfc929a8734351dabd63d61f5b9bf72e1b4f131df74a0d717e97b7f43f84ebc1e3a349a1facea7bf56cfba597661895f7ea7b48e6778f93698e1cb28da5b87a68a2f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 0d424ae0be3a88ff604021ce1400f0dd
+            Version: 3
+            TBS:
+                MD5: c0189c338449a42fe8358c2c1fbecc60
+                SHA1: b8ac0ee6875594b80ad86a6df6dd1fa3048c187c
+                SHA256: a43de6baf968a942da017b70769fdb65b3cfb1bbca1f9174da26a7d8aae78ec5
+                SHA384: 76d3a316a5a106050298418cce3beea16100524723d9e3220b0de51bfb6f1c35a5d4c7cd10b358fef7bf94c3e3562150
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Assured
+                ID Timestamping CA
+            ValidFrom: '2016-01-07 12:00:00'
+            ValidTo: '2031-01-07 12:00:00'
+            Signature: 719512e951875669cdefddda7caa637ab378cf06374084ef4b84bfcacf0302fdc5a7c30e20422caf77f32b1f0c215a2ab705341d6aae99f827a266bf09aa60df76a43a930ff8b2d1d87c1962e85e82251ec4ba1c7b2c21e2d65b2c1435430468b2db7502e072c798d63c64e51f4810185f8938614d62462487638c91522caf2989e5781fd60b14a580d7124770b375d59385937eb69267fb536189a8f56b96c0f458690d7cc801b1b92875b7996385228c61ca79947e59fc8c0fe36fb50126b66ca5ee875121e458609bba0c2d2b6da2c47ebbc4252b4702087c49ae13b6e17c424228c61856cf4134b6665db6747bf55633222f2236b24ba24a95d8f5a68e52
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 0aa125d6d6321b7e41e405da3697c215
+            Version: 3
+            TBS:
+                MD5: 8d26184fc613f89aba1cefb30fce1b53
+                SHA1: 63a7e376bad5ec2e419d514a403bcf46c8d31d95
+                SHA256: 56b5f0d9db578e3f142921daa387902722a76700375c7e1c4ae0ba004bacaa0c
+                SHA384: d8c9691fe9dbe182f07b49b07fbb4f589fa7b38b5c4d21f265d3a2e818f4b1bfb39e03faab2ec05bb10333a99914fb8a
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: ??=TW, ??=Private Organization, serialNumber=23638777, C=TW,
+                L=Taipei City, O=ASUSTeK Computer Inc., CN=ASUSTeK Computer Inc.
+            ValidFrom: '2019-04-01 00:00:00'
+            ValidTo: '2022-01-11 12:00:00'
+            Signature: 646eaa59a80117077ed7d80227a6c3be77f3d9acdc0927d1299369e5636dbb773b61e91390d181178f88e5b92c7cc0c1b851541ee781380f7ac0425fea8a292a9cf93c7f851701db11dd13c8c0e97fd254839b81fdfd7e0a9a520c43186f4c834daa920b8a8e7ddd0048a55a5b7034675394a914b91258751c59b6d9d60ce1d17565fbdcd99311bcbe7e386807ecc186248ddbbb4bae2e4192a0509d661cd307c28a79c6b914854728463b7b39515869858c4975e0fbdd74188afa81c729682705f73bf80e839897b1d61d8deeabb53744e938b4b918fced39ca7dff3076c7f2dca4ddda8621a81fc493480456966901e29041821b116294bc98b445ebb05c33
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 0c64962e4467edcc1579646b7337ec8c
+            Version: 3
+            TBS:
+                MD5: 69796942ecdfadbd806bdea1460a5115
+                SHA1: 0ce9329828324db04bd0a7b101b4fbfedb3be8b2
+                SHA256: efd9b83b154c3e805e1bf7fdfd6a7f7bfdcf2ff3e191d1c33bdc427b6c82039b
+                SHA384: e27d21dc30c40e7b675120062e69c438e9f448ceed7b0434dedd129848c6a8edf05ec07ac25f5ec300be0da46a4c6eab
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA (SHA2)
+            ValidFrom: '2012-04-18 12:00:00'
+            ValidTo: '2027-04-18 12:00:00'
+            Signature: 19334a0c813337dbad36c9e4c93abbb51b2e7aa2e2f44342179ebf4ea14de1b1dbe981dd9f01f2e488d5e9fe09fd21c1ec5d80d2f0d6c143c2fe772bdbf9d79133ce6cd5b2193be62ed6c9934f88408ecde1f57ef10fc6595672e8eb6a41bd1cd546d57c49ca663815c1bfe091707787dcc98d31c90c29a233ed8de287cd898d3f1bffd5e01a978b7cda6dfba8c6b23a666b7b01b3cdd8a634ec1201ab9558a5c45357a860e6e70212a0b92364a24dbb7c81256421becfee42184397bba53706af4dff26a54d614bec4641b865ceb8799e08960b818c8a3b8fc7998ca32a6e986d5e61c696b78ab9612d93b8eb0e0443d7f5fea6f062d4996aa5c1c1f0649480
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 03f1b4e15f3a82f1149678b3d7d8475c
+            Version: 3
+            TBS:
+                MD5: 83f5de89f641d0fbf60248e10a7b9534
+                SHA1: 382a73a059a08698d6eb98c87e1b36fc750933a4
+                SHA256: eec58131dc11cd7f512501b15fdbc6074c603b68ca91f7162d5a042054edb0cf
+                SHA384: 4a25018683cabfb8ec2cad136334f37f33c89aa8540326322991d997c8adfb7faf06ab602ebd46630fe75fe3d2edc6b1
+        Signer:
+        -   SerialNumber: 0c64962e4467edcc1579646b7337ec8c
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA (SHA2)
+            Version: 1
+    RichPEHeaderHash:
+        MD5: b6539d5c7cfa1f973bd84a2b5f9e21ff
+        SHA1: 8cdb66c7de4ddc498383fafea692448ccbdfd066
+        SHA256: f3d0d00d01297987bc4c626fec0a82efb94cef8ebe74e46e7b8eb63abe087d7b
+    Sections:
+        .text:
+            Entropy: 6.323949092110609
+            Virtual Size: '0x4733'
+        .rdata:
+            Entropy: 5.459170046837529
+            Virtual Size: '0x83c'
+        .data:
+            Entropy: 0.9406144310784021
+            Virtual Size: '0x290'
+        .pdata:
+            Entropy: 3.8692348543800357
+            Virtual Size: '0x174'
+        INIT:
+            Entropy: 5.255268621688079
+            Virtual Size: '0x42c'
+        .reloc:
+            Entropy: 2.9464393446710155
+            Virtual Size: '0x14'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2021-05-31 19:44:39'
+    Imphash: f5ebade1d3a6d3bde264b0c7f9f639e7
+    LoadsDespiteHVCI: 'TRUE'
+-   Filename: asio.sys
+    MD5: 2b4e66fac6503494a2c6f32bb6ab3826
+    SHA1: ed219d966a6e74275895cc0b975b79397760ea9f
+    SHA256: 923ebbe8111e73d5b8ecc2db10f8ea2629a3264c3a535d01c3c118a3b4c91782
+    Authentihash:
+        MD5: 1b20fb8ed378500e83656fd527ac48c4
+        SHA1: e471ba6d1327d1026eb2c6a905e2bad3952dabbd
+        SHA256: ed302ea33feb557b879f64c4b7835947a9ca31054573e1487f5bbc38449753ff
+    Description: ''
+    Company: ''
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    Product: ''
+    ProductVersion: ''
+    Copyright: ''
+    MachineType: I386
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - READ_REGISTER_UCHAR
+    - READ_REGISTER_USHORT
+    - READ_REGISTER_ULONG
+    - WRITE_REGISTER_UCHAR
+    - KeQuerySystemTime
+    - KeDelayExecutionThread
+    - IofCompleteRequest
+    - ZwClose
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - IoDeleteSymbolicLink
+    - DbgPrint
+    - ZwUnmapViewOfSection
+    - IoCreateSymbolicLink
+    - RtlInitUnicodeString
+    - IoCreateDevice
+    - WRITE_REGISTER_USHORT
+    - IoDeleteDevice
+    - WRITE_REGISTER_ULONG
+    - WRITE_PORT_ULONG
+    - WRITE_PORT_USHORT
+    - HalTranslateBusAddress
+    - READ_PORT_ULONG
+    - WRITE_PORT_UCHAR
+    - READ_PORT_UCHAR
+    - READ_PORT_USHORT
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=TW, ST=Taiwan, L=Taipei / Peitou, O=ASUSTeK Computer Inc.,
+                OU=Digital ID Class 3 , Microsoft Software Validation v2, OU=Quality
+                Testing Department, CN=ASUSTeK Computer Inc.
+            ValidFrom: '2007-07-03 00:00:00'
+            ValidTo: '2008-07-26 23:59:59'
+            Signature: 2eca2db768d60f241f8c155b9db4bc91a02d16a3f1ec09059aa3b91a4ee0e44317d1f286d12133f44f4b282141287a8b9a3781b46184f732a599edb622e6057156d99221a130091c9f171f1a5f75125a68270d5c21ac379541136b8bf164a0ee6c9b9f5557754ea940f1c836e6d823528d764aaa41b038d84523e395c0ada5e17fea7912a0d10aa807fc0b89d4d116b92dbfc7028f1a23d5d679ac9a1023952a2cf98940ad5cc16bd9381403751ebd52c892205205d51d72b2a83ddb92547fce93e2b6617a42c7249312344ee0b9184859e8b1dd39bd5e61ab5999cbc8aa8807c8538c1926e49a9bbc29dcdf266a603c85f8df773c9659bcf08ffe2ba0f1cfa5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 23eab3ac30c7016a299c8d31d99f3ae8
+            Version: 3
+            TBS:
+                MD5: 54f73eaca10fe12ff2e14194e2f019b8
+                SHA1: 471cb77202e7d4941a5bff8ba813f5ed221dc32e
+                SHA256: 9dba2d4765226ca91fb7104e0cbd01308c4e8ed9727ea661eeaa473d7825ee35
+                SHA384: 272d877ad02e5487a0864e4d876a9e06fea5ead9cd149e7a48c4f111cfa8dc2f05f1042f2822b42360896da334e6390d
+        Signer:
+        -   SerialNumber: 23eab3ac30c7016a299c8d31d99f3ae8
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: b39d8b5610182849a95fa415c9786274
+        SHA1: 47e24c8d5f1687b4811c2267b1519e4f53576005
+        SHA256: bde1051ba0a00c5223e7850f91b66678c6236ab82415e73114502cd4e9e2bef8
+    Sections:
+        .text:
+            Entropy: 6.417694814045169
+            Virtual Size: '0xcb4'
+        .rdata:
+            Entropy: 2.710450233592338
+            Virtual Size: '0xd4'
+        .data:
+            Entropy: -0.0
+            Virtual Size: '0xc'
+        INIT:
+            Entropy: 5.25231831216104
+            Virtual Size: '0x300'
+        .reloc:
+            Entropy: 4.595102637134157
+            Virtual Size: '0xcc'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2007-12-17 02:10:20'
+    Imphash: f4c5b0399665885a7dd34f7cdbbc586f
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: AsIO2.sys
+    MD5: 79329e2917623181888605bc5b302711
+    SHA1: 844d2345bde50bf8ee7e86117cf7b8c6e6f00be4
+    SHA256: a7860e110f7a292d621006b7208a634504fb5be417fd71e219060381b9a891e6
+    Authentihash:
+        MD5: 220f8ab33b94d37e06e465825c05a867
+        SHA1: 06dd63bd069498a712cdfe3d9ac27bfbf5d661f5
+        SHA256: 7ebc5906d7fd9c606dc6ef9b49f3e57b63af838f5807fcdcdd5ff47b5b05e39c
+    Description: ''
+    Company: ''
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    Product: ''
+    ProductVersion: ''
+    Copyright: ''
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - DbgPrint
+    - RtlGetVersion
+    - KeDelayExecutionThread
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - MmGetSystemRoutineAddress
+    - MmAllocateContiguousMemory
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - RtlCopyUnicodeString
+    - ObReferenceObjectByHandle
+    - ObfDereferenceObject
+    - ZwClose
+    - ZwOpenSection
+    - ZwMapViewOfSection
+    - ZwUnmapViewOfSection
+    - MmGetPhysicalAddress
+    - __C_specific_handler
+    - RtlCompareUnicodeString
+    - ZwOpenFile
+    - ZwQueryInformationFile
+    - ZwReadFile
+    - KeBugCheckEx
+    - IoIs32bitProcess
+    - RtlInitUnicodeString
+    - HalTranslateBusAddress
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert, Inc., CN=DigiCert Timestamp 2021
+            ValidFrom: '2021-01-01 00:00:00'
+            ValidTo: '2031-01-06 00:00:00'
+            Signature: 481cdcb5e99a23bce71ae7200e8e6746fd427251740a2347a3ab92d225c47059be14a0e52781a54d1415190779f0d104c386d93bbdfe4402664ded69a40ff6b870cf62e8f5514a7879367a27b7f3e7529f93a7ed439e7be7b4dd412289fb87a246034efcf4feb76477635f2352698382fa1a53ed90cc8da117730df4f36539704bf39cd67a7bda0cbc3d32d01bcbf561fc75080076bc810ef8c0e15ccfc41172e71b6449d8229a751542f52d323881daf460a2bab452fb5ce06124254fb2dfc929a8734351dabd63d61f5b9bf72e1b4f131df74a0d717e97b7f43f84ebc1e3a349a1facea7bf56cfba597661895f7ea7b48e6778f93698e1cb28da5b87a68a2f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 0d424ae0be3a88ff604021ce1400f0dd
+            Version: 3
+            TBS:
+                MD5: c0189c338449a42fe8358c2c1fbecc60
+                SHA1: b8ac0ee6875594b80ad86a6df6dd1fa3048c187c
+                SHA256: a43de6baf968a942da017b70769fdb65b3cfb1bbca1f9174da26a7d8aae78ec5
+                SHA384: 76d3a316a5a106050298418cce3beea16100524723d9e3220b0de51bfb6f1c35a5d4c7cd10b358fef7bf94c3e3562150
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Assured
+                ID Timestamping CA
+            ValidFrom: '2016-01-07 12:00:00'
+            ValidTo: '2031-01-07 12:00:00'
+            Signature: 719512e951875669cdefddda7caa637ab378cf06374084ef4b84bfcacf0302fdc5a7c30e20422caf77f32b1f0c215a2ab705341d6aae99f827a266bf09aa60df76a43a930ff8b2d1d87c1962e85e82251ec4ba1c7b2c21e2d65b2c1435430468b2db7502e072c798d63c64e51f4810185f8938614d62462487638c91522caf2989e5781fd60b14a580d7124770b375d59385937eb69267fb536189a8f56b96c0f458690d7cc801b1b92875b7996385228c61ca79947e59fc8c0fe36fb50126b66ca5ee875121e458609bba0c2d2b6da2c47ebbc4252b4702087c49ae13b6e17c424228c61856cf4134b6665db6747bf55633222f2236b24ba24a95d8f5a68e52
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 0aa125d6d6321b7e41e405da3697c215
+            Version: 3
+            TBS:
+                MD5: 8d26184fc613f89aba1cefb30fce1b53
+                SHA1: 63a7e376bad5ec2e419d514a403bcf46c8d31d95
+                SHA256: 56b5f0d9db578e3f142921daa387902722a76700375c7e1c4ae0ba004bacaa0c
+                SHA384: d8c9691fe9dbe182f07b49b07fbb4f589fa7b38b5c4d21f265d3a2e818f4b1bfb39e03faab2ec05bb10333a99914fb8a
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: ??=TW, ??=Private Organization, serialNumber=23638777, C=TW,
+                L=Taipei City, O=ASUSTeK Computer Inc., CN=ASUSTeK Computer Inc.
+            ValidFrom: '2019-04-01 00:00:00'
+            ValidTo: '2022-01-11 12:00:00'
+            Signature: 646eaa59a80117077ed7d80227a6c3be77f3d9acdc0927d1299369e5636dbb773b61e91390d181178f88e5b92c7cc0c1b851541ee781380f7ac0425fea8a292a9cf93c7f851701db11dd13c8c0e97fd254839b81fdfd7e0a9a520c43186f4c834daa920b8a8e7ddd0048a55a5b7034675394a914b91258751c59b6d9d60ce1d17565fbdcd99311bcbe7e386807ecc186248ddbbb4bae2e4192a0509d661cd307c28a79c6b914854728463b7b39515869858c4975e0fbdd74188afa81c729682705f73bf80e839897b1d61d8deeabb53744e938b4b918fced39ca7dff3076c7f2dca4ddda8621a81fc493480456966901e29041821b116294bc98b445ebb05c33
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 0c64962e4467edcc1579646b7337ec8c
+            Version: 3
+            TBS:
+                MD5: 69796942ecdfadbd806bdea1460a5115
+                SHA1: 0ce9329828324db04bd0a7b101b4fbfedb3be8b2
+                SHA256: efd9b83b154c3e805e1bf7fdfd6a7f7bfdcf2ff3e191d1c33bdc427b6c82039b
+                SHA384: e27d21dc30c40e7b675120062e69c438e9f448ceed7b0434dedd129848c6a8edf05ec07ac25f5ec300be0da46a4c6eab
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA (SHA2)
+            ValidFrom: '2012-04-18 12:00:00'
+            ValidTo: '2027-04-18 12:00:00'
+            Signature: 19334a0c813337dbad36c9e4c93abbb51b2e7aa2e2f44342179ebf4ea14de1b1dbe981dd9f01f2e488d5e9fe09fd21c1ec5d80d2f0d6c143c2fe772bdbf9d79133ce6cd5b2193be62ed6c9934f88408ecde1f57ef10fc6595672e8eb6a41bd1cd546d57c49ca663815c1bfe091707787dcc98d31c90c29a233ed8de287cd898d3f1bffd5e01a978b7cda6dfba8c6b23a666b7b01b3cdd8a634ec1201ab9558a5c45357a860e6e70212a0b92364a24dbb7c81256421becfee42184397bba53706af4dff26a54d614bec4641b865ceb8799e08960b818c8a3b8fc7998ca32a6e986d5e61c696b78ab9612d93b8eb0e0443d7f5fea6f062d4996aa5c1c1f0649480
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 03f1b4e15f3a82f1149678b3d7d8475c
+            Version: 3
+            TBS:
+                MD5: 83f5de89f641d0fbf60248e10a7b9534
+                SHA1: 382a73a059a08698d6eb98c87e1b36fc750933a4
+                SHA256: eec58131dc11cd7f512501b15fdbc6074c603b68ca91f7162d5a042054edb0cf
+                SHA384: 4a25018683cabfb8ec2cad136334f37f33c89aa8540326322991d997c8adfb7faf06ab602ebd46630fe75fe3d2edc6b1
+        Signer:
+        -   SerialNumber: 0c64962e4467edcc1579646b7337ec8c
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA (SHA2)
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 55ace001f38a8911c5f09f16dabe7710
+        SHA1: 2d56cc62eb682f5f1db9ca8aff9cb013d02cb44a
+        SHA256: 7eea7e80cc820d9b0b6778881c2c81f86ec7229cf8315950217787e98b8a78fb
+    Sections:
+        .text:
+            Entropy: 6.4920388528757735
+            Virtual Size: '0x2592'
+        .rdata:
+            Entropy: 5.43615554646452
+            Virtual Size: '0x8a4'
+        .data:
+            Entropy: 2.2166422780956516
+            Virtual Size: '0x28'
+        .pdata:
+            Entropy: 3.9380649561842502
+            Virtual Size: '0x198'
+        INIT:
+            Entropy: 5.190250208066914
+            Virtual Size: '0x44e'
+        .reloc:
+            Entropy: 2.939353872167201
+            Virtual Size: '0x14'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2021-05-31 19:42:16'
+    Imphash: d6d76f43ccc3872b879b0df583364c78
+    LoadsDespiteHVCI: 'TRUE'
+-   Filename: AsIO3.sys
+    MD5: 1ce19950e23c975f677b80ff59d04fae
+    SHA1: 4f30f64b5dfcdc889f4a5e25b039c93dd8551c71
+    SHA256: b6fd51e1f57a03006953e84fd56cc2821cc19e7c77c0474e1110aabaacaf03df
+    Authentihash:
+        MD5: cf61dd8f9a187de6219f930866defcbd
+        SHA1: 80bb26a2ef12a3d9d77fe5dd6059d5955b690b2e
+        SHA256: a7bb08f99a9701482ce693d71e95559b10a247c4e8f50deba8097b0d3f191532
+    Description: ''
+    Company: ''
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    Product: ''
+    ProductVersion: ''
+    Copyright: ''
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - KeSetEvent
+    - KeDelayExecutionThread
+    - KeWaitForSingleObject
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - MmGetSystemRoutineAddress
+    - MmAllocateContiguousMemory
+    - MmFreeContiguousMemory
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoCreateSynchronizationEvent
+    - IoDeleteDevice
+    - RtlGetVersion
+    - IoIs32bitProcess
+    - ObReferenceObjectByHandle
+    - ObfDereferenceObject
+    - ZwClose
+    - ZwOpenSection
+    - ZwMapViewOfSection
+    - ZwUnmapViewOfSection
+    - MmGetPhysicalAddress
+    - __C_specific_handler
+    - ZwOpenFile
+    - ZwQueryInformationFile
+    - ZwReadFile
+    - KeBugCheckEx
+    - DbgPrint
+    - RtlCopyUnicodeString
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    - HalTranslateBusAddress
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert, Inc., CN=DigiCert Trusted G4 Code Signing RSA4096
+                SHA384 2021 CA1
+            ValidFrom: '2021-04-29 00:00:00'
+            ValidTo: '2036-04-28 23:59:59'
+            Signature: 3a23443d8d0876ee8fbc3a99d356e0021aa5f84834f32cb6e67466f79472b100caaf6c302713129e90449f4bfd9ea37c26d537bc3a5d486d95d53f49f427bb16814550fd9cbdb685e0767e3771cb22f75aaa90cff5936ae3eb20d1d55079889a8a8ac1b6bda148187edcd8801a111918cd61998156f6c9e376e7c4e41b5f43f83e94ff76393d9ed499cf4add28eb5f26a1955848d51afed7273ffd90d17686dd1cb0605cf30da8eee089a1bd39e1384eda6ebb369dfbe521535ac3cae96af1a23edb43b833c84f38149299f5ddce546dd95d02141f40337c03e295b2c221757352cb46d8c4341ca2a54b8dcd6f76372c853f1ace26e918be9007b0437f9588208270f0cccaeffd29355c1f893855f7378a8b09a1cb0be9311aff2e195c3971e1be9ca70a06d62667b792e64e5fde7aac49cf2ea47492addb3ca49c861fe3c1561b2b23ff8fb5ea887b706be6a0bafd3a3f45a6c4e81691528b41c048844b964dab4440e38df01528ceedf11856072a2f10c40c08643c338fae288c3ccb8f880b0dbf3bf4ce1e7b8eefb5ebcbb7f07713e6e7283fac12aea52f226c41f9825c1566cc6c0ecac586c3f626330c074ba0d307026a6a4030484b34a85120bbad1b8508e2590d6dca05502bea4a1c9ea5fda0a71f0674e7f2d65290fdaf854821f9573bb49c03ed8645f4b4616ebf68e2266086eac8afa9fe941de7631b3a8656784e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.12
+            IsCertificateAuthority: true
+            SerialNumber: 08ad40b260d29c4c9f5ecda9bd93aed9
+            Version: 3
+            TBS:
+                MD5: 5d8003a64dfa5a4d88365da1566038cb
+                SHA1: 79465b56bc7ad55a37bdf633943da8bfc84db228
+                SHA256: 84bdc82e2f2a7f7aaa782667dac556ffcb2b33240c1f9c0a00a3264526a98332
+                SHA384: 65b1d4076a89ae273f57e6eeedecb3eae129b4168f76fa7671914cdf461d542255c59d9b85b916ae0ca6fc0fcf7a8e64
+        -   Subject: ??=Private Organization, ??=TW, serialNumber=23638777, C=TW,
+                ST=Taipei City, L=Beitou District, O=ASUSTeK COMPUTER INC., CN=ASUSTeK
+                COMPUTER INC.
+            ValidFrom: '2021-10-22 00:00:00'
+            ValidTo: '2024-10-22 23:59:59'
+            Signature: 1a8b6fd4e11cec34a3dfea314f0d59c6f41c56f76e1ac51f68e0285f1abdbda9e22628939dbd7acdf890d8ff3c7c4fff180c624b8434c6536bb61f1ff459d48a14c001d9d40ff1587cf64ce82edee2a24da8d80cd240e2af6d0e1c61aab24ce95f9c8ef50eeb0e153a343c1279fe6a003c44f3bd3ffa75ffbe314fc13bb36a9bbb3cea6026f5cb582992b016059074e4fcd8c16d4c5e8750bc9a196f94525317febcddb2d0121a235bb95136a0e4fc25611cd2915f4b488b66888168b90824e171d3214480c99fadb7b6c89cafc500eee468cb7faa9c1c1526d224ff389de012480480ced98831c324b129f2df3d3493d002ec8d4725e00eda33994f82493505861f61035c625d1c9ce2c7363799d3f1df9b17712b43cbf4c2027b54c796cbaca6b1523d028291e07774168a976ee3c879c850c1aaf65b1cec5c6dcb445487ab11b3967b8dd7726fe0dc529f7d624346a996adfd9dc6aab808edd9836a93e229ddbba4e8bb1c59719b6ebdcfc74d73f57ed946e936b5659783c199395bd2595458958edde6674bf08b3b650a8aeaa5507053b3f6ee7aedf16f55b849111535ca68ea11a5827551cba28023e230db7a209c763743ea22be0948ecf03d98ed447f66ecb97c0a525eb3b469779f2417f2082c4244b50936a9cb215745c71f3c27c98220f76395ba22a2f921a87655237977febd8b9a1564333af0cdf8e749bce0dd
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 0bbe02c8838fbf02ab56edabb1e34c19
+            Version: 3
+            TBS:
+                MD5: 0357e292e0e92b06c92b21cacfcfa451
+                SHA1: f52795bc8de5d803f09e20dd216d7df861f4cb34
+                SHA256: b33b80e64cdfb28fb9afb17259be19ffe1edf8aae62fcfbfe8ff301f786c500d
+                SHA384: 5fbe918c3fa1034d5671ae38b20773df18b8f9dd48e60f90c5c98708e73d6ca0c6dec4e2bcb0de22ba3efb59479db152
+        Signer:
+        -   SerialNumber: 0bbe02c8838fbf02ab56edabb1e34c19
+            Issuer: C=US, O=DigiCert, Inc., CN=DigiCert Trusted G4 Code Signing RSA4096
+                SHA384 2021 CA1
+            Version: 1
+    RichPEHeaderHash:
+        MD5: dbe8b55f933a7abbc26d9f121bbf2b84
+        SHA1: 81e0e90f23b7d56dd1dccbbe04bb3c54892af7b8
+        SHA256: 270748ae970faf04f98d588b783073c9b24e3dae8630ad2e3f1a862731078f4b
+    Sections:
+        .text:
+            Entropy: 6.407232131831549
+            Virtual Size: '0x58d3'
+        .rdata:
+            Entropy: 5.437107960063165
+            Virtual Size: '0x8d4'
+        .data:
+            Entropy: 0.9313275414257391
+            Virtual Size: '0x290'
+        .pdata:
+            Entropy: 4.005604411589105
+            Virtual Size: '0x1bc'
+        INIT:
+            Entropy: 5.265885086539526
+            Virtual Size: '0x4ec'
+        .reloc:
+            Entropy: 3.1086949695628423
+            Virtual Size: '0x14'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2022-05-18 20:51:01'
+    Imphash: b3e26c5e0de2d01597dca208ef27cc38
+    LoadsDespiteHVCI: 'TRUE'
+-   Filename: AsIO3.sys
+    MD5: 370a4ca29a7cf1d6bc0744afc12b236c
+    SHA1: cfa85a19d9a2f7f687b0decdc4a5480b6e30cb8c
+    SHA256: c344e92a6d06155a217a9af7b4b35e6653665eec6569292e7b2e70f3a3027646
+    Authentihash:
+        MD5: 2f131a8ffb55f70edd90f4cda9e4f84e
+        SHA1: 4bfc51e23494f7eaf27560f92cd6fbced2ffa4f6
+        SHA256: 9b1af050481bda270a08ae873224a142c8b2119eeda59d3a04b1f6d66715a8c8
+    Description: ''
+    Company: ''
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    Product: ''
+    ProductVersion: ''
+    Copyright: ''
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - DbgPrint
+    - RtlGetVersion
+    - KeDelayExecutionThread
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - MmGetSystemRoutineAddress
+    - MmAllocateContiguousMemory
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - RtlCopyUnicodeString
+    - ObReferenceObjectByHandle
+    - ObfDereferenceObject
+    - ZwClose
+    - ZwOpenSection
+    - ZwMapViewOfSection
+    - ZwUnmapViewOfSection
+    - MmGetPhysicalAddress
+    - ZwOpenFile
+    - ZwQueryInformationFile
+    - ZwReadFile
+    - __C_specific_handler
+    - KeBugCheckEx
+    - IoIs32bitProcess
+    - RtlInitUnicodeString
+    - HalTranslateBusAddress
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: ??=TW, ??=Private Organization, serialNumber=23638777, C=TW,
+                L=Taipei City, O=ASUSTeK Computer Inc., CN=ASUSTeK Computer Inc.
+            ValidFrom: '2019-04-01 00:00:00'
+            ValidTo: '2022-01-11 12:00:00'
+            Signature: 646eaa59a80117077ed7d80227a6c3be77f3d9acdc0927d1299369e5636dbb773b61e91390d181178f88e5b92c7cc0c1b851541ee781380f7ac0425fea8a292a9cf93c7f851701db11dd13c8c0e97fd254839b81fdfd7e0a9a520c43186f4c834daa920b8a8e7ddd0048a55a5b7034675394a914b91258751c59b6d9d60ce1d17565fbdcd99311bcbe7e386807ecc186248ddbbb4bae2e4192a0509d661cd307c28a79c6b914854728463b7b39515869858c4975e0fbdd74188afa81c729682705f73bf80e839897b1d61d8deeabb53744e938b4b918fced39ca7dff3076c7f2dca4ddda8621a81fc493480456966901e29041821b116294bc98b445ebb05c33
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 0c64962e4467edcc1579646b7337ec8c
+            Version: 3
+            TBS:
+                MD5: 69796942ecdfadbd806bdea1460a5115
+                SHA1: 0ce9329828324db04bd0a7b101b4fbfedb3be8b2
+                SHA256: efd9b83b154c3e805e1bf7fdfd6a7f7bfdcf2ff3e191d1c33bdc427b6c82039b
+                SHA384: e27d21dc30c40e7b675120062e69c438e9f448ceed7b0434dedd129848c6a8edf05ec07ac25f5ec300be0da46a4c6eab
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA (SHA2)
+            ValidFrom: '2012-04-18 12:00:00'
+            ValidTo: '2027-04-18 12:00:00'
+            Signature: 19334a0c813337dbad36c9e4c93abbb51b2e7aa2e2f44342179ebf4ea14de1b1dbe981dd9f01f2e488d5e9fe09fd21c1ec5d80d2f0d6c143c2fe772bdbf9d79133ce6cd5b2193be62ed6c9934f88408ecde1f57ef10fc6595672e8eb6a41bd1cd546d57c49ca663815c1bfe091707787dcc98d31c90c29a233ed8de287cd898d3f1bffd5e01a978b7cda6dfba8c6b23a666b7b01b3cdd8a634ec1201ab9558a5c45357a860e6e70212a0b92364a24dbb7c81256421becfee42184397bba53706af4dff26a54d614bec4641b865ceb8799e08960b818c8a3b8fc7998ca32a6e986d5e61c696b78ab9612d93b8eb0e0443d7f5fea6f062d4996aa5c1c1f0649480
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 03f1b4e15f3a82f1149678b3d7d8475c
+            Version: 3
+            TBS:
+                MD5: 83f5de89f641d0fbf60248e10a7b9534
+                SHA1: 382a73a059a08698d6eb98c87e1b36fc750933a4
+                SHA256: eec58131dc11cd7f512501b15fdbc6074c603b68ca91f7162d5a042054edb0cf
+                SHA384: 4a25018683cabfb8ec2cad136334f37f33c89aa8540326322991d997c8adfb7faf06ab602ebd46630fe75fe3d2edc6b1
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 0c64962e4467edcc1579646b7337ec8c
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA (SHA2)
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 7083a39914a09adba51ea04eeca7990e
+        SHA1: ae8af171da2509ddac02c0b559b44f8f5fd8da25
+        SHA256: 9ce58648fd2c5b9ba36584499ca7bf3ed1eca7da6c847f10d6e07f1e9c0a8880
+    Sections:
+        .text:
+            Entropy: 6.326590226061026
+            Virtual Size: '0x4733'
+        .rdata:
+            Entropy: 5.496552032776753
+            Virtual Size: '0x81c'
+        .data:
+            Entropy: 0.9406144310784021
+            Virtual Size: '0x290'
+        .pdata:
+            Entropy: 3.9063193538964076
+            Virtual Size: '0x168'
+        INIT:
+            Entropy: 5.257848104368007
+            Virtual Size: '0x42c'
+        .reloc:
+            Entropy: 2.9464393446710155
+            Virtual Size: '0x14'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2020-12-15 01:10:32'
+    Imphash: f0cd7cce1d03cf9df1b8266701f92b46
+    LoadsDespiteHVCI: 'TRUE'
+-   Filename: asio.sys
+    MD5: 68726474c69b738eac3a62e06b33addc
+    SHA1: 8453fc3198349cf0561c87efc329c81e7240c3da
+    SHA256: c470c9db58840149ce002f3e6003382ecf740884a683bae8f9d10831be218fa2
+    Authentihash:
+        MD5: 9f79edf758e219929902ec7564e0f435
+        SHA1: c92148d0666f2235500805975be79738b84e48c2
+        SHA256: 19c74ea0e0baf04820e5642bd2fa224158801ed966be1041539e3c55bd65c471
+    Description: ''
+    Company: ''
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    Product: ''
+    ProductVersion: ''
+    Copyright: ''
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - ZwClose
+    - IofCompleteRequest
+    - ZwUnmapViewOfSection
+    - IoIs32bitProcess
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - IoDeleteSymbolicLink
+    - KeDelayExecutionThread
+    - HalTranslateBusAddress
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=TW, ST=Taiwan, L=Taipei / Peitou, O=ASUSTeK Computer Inc.,
+                OU=Digital ID Class 3 , Microsoft Software Validation v2, OU=Quality
+                Testing Department, CN=ASUSTeK Computer Inc.
+            ValidFrom: '2008-07-22 00:00:00'
+            ValidTo: '2009-07-31 23:59:59'
+            Signature: 89ad20860cc0358a80a8a1a898ed70bff3f31496402a4cc453d2f0e46ad52635e6c42d305874ddb46fc271e5721ae1253f16050842c579562bdd0c470db15d1fdc1429d585118c27862594e46cbb8dd8f42379f0d3f074498e03d8242fb7c2917be7fee09fbb2b35ac52950881082e51171f6fec7b998b0e257bf42d33745ed6c673c23fed0a6d6d69024458b30244d8c58a1c92fba89e0d709264793ceeb8f69a39d0b1b6011855035003ce50e3ee3c7a59d394e589126e2ab96c3b243b0abbc1e485ce9ae9e70da5ba5d925cacbc054d78bd4fb82686509b0803e8526c5ab202d8307b9701b983e424919eeb1485981a5cff8f307c551266a89d499badb24e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 37ed9092bdd1dccf58d2afa47f961448
+            Version: 3
+            TBS:
+                MD5: 336ceef1b70541c73c4c4f7af221eac7
+                SHA1: 582a82a16246e3aa1e3534a2df1f33f7de90ad9d
+                SHA256: 6eb6b2bdb401d5172e19ce279574850c18e97bb0635dd89b62a92fc0442b73a3
+                SHA384: c1ff22f1feb811e669f8bf1c4b6f5334b72046c4ed2b81f07b96684747db19323a5c1dfb2fd08ad00a82538080c2689a
+        Signer:
+        -   SerialNumber: 37ed9092bdd1dccf58d2afa47f961448
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: deb9c1e252f598099d70d2b33a313da3
+        SHA1: f0c2801e0091ed6f5e10ea7045e911aa90030290
+        SHA256: 914fb9761d50c3fa2ecf9fbd8af3735f9b8d6c4903e067c8af9546e79b6f22c7
+    Sections:
+        .text:
+            Entropy: 6.140846081676954
+            Virtual Size: '0xca6'
+        .rdata:
+            Entropy: 4.362536233544753
+            Virtual Size: '0x170'
+        .data:
+            Entropy: 0.0
+            Virtual Size: '0xc'
+        .pdata:
+            Entropy: 3.245354266022441
+            Virtual Size: '0x84'
+        INIT:
+            Entropy: 4.455848230056508
+            Virtual Size: '0x204'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2009-04-06 01:21:08'
+    Imphash: 12befc0a82dcb0585359d335ed47af19
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: AsIO3_64.sys
+    MD5: d5556c54c474cf0bff25804bfbe788d3
+    SHA1: c71597c89bd8e937886e3390bc8ac4f17cdeae7c
+    SHA256: fa875178ae2d7604d027510b0d0a7e2d9d675e10a4c9dda2d927ee891e0bcb91
+    Authentihash:
+        MD5: d9af966d89c5f045997042d35b9a7b91
+        SHA1: b6f1e92a8452c2aec22aaa7657e92d2aa48b3055
+        SHA256: 26b8e689a13d3434951559cff24fcfe55edeb7b78c7cc16db1a273c90aa694c1
+    Description: ''
+    Company: ''
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    Product: ''
+    ProductVersion: ''
+    Copyright: ''
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - KeSetEvent
+    - KeDelayExecutionThread
+    - KeWaitForSingleObject
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - MmGetSystemRoutineAddress
+    - MmAllocateContiguousMemory
+    - MmFreeContiguousMemory
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoCreateSynchronizationEvent
+    - IoDeleteDevice
+    - RtlGetVersion
+    - IoIs32bitProcess
+    - ObReferenceObjectByHandle
+    - ObfDereferenceObject
+    - ZwClose
+    - ZwOpenSection
+    - ZwMapViewOfSection
+    - ZwUnmapViewOfSection
+    - MmGetPhysicalAddress
+    - __C_specific_handler
+    - ZwOpenFile
+    - ZwQueryInformationFile
+    - ZwReadFile
+    - KeBugCheckEx
+    - DbgPrint
+    - RtlCopyUnicodeString
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    - HalTranslateBusAddress
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert, Inc., CN=DigiCert Trusted G4 Code Signing RSA4096
+                SHA384 2021 CA1
+            ValidFrom: '2021-04-29 00:00:00'
+            ValidTo: '2036-04-28 23:59:59'
+            Signature: 3a23443d8d0876ee8fbc3a99d356e0021aa5f84834f32cb6e67466f79472b100caaf6c302713129e90449f4bfd9ea37c26d537bc3a5d486d95d53f49f427bb16814550fd9cbdb685e0767e3771cb22f75aaa90cff5936ae3eb20d1d55079889a8a8ac1b6bda148187edcd8801a111918cd61998156f6c9e376e7c4e41b5f43f83e94ff76393d9ed499cf4add28eb5f26a1955848d51afed7273ffd90d17686dd1cb0605cf30da8eee089a1bd39e1384eda6ebb369dfbe521535ac3cae96af1a23edb43b833c84f38149299f5ddce546dd95d02141f40337c03e295b2c221757352cb46d8c4341ca2a54b8dcd6f76372c853f1ace26e918be9007b0437f9588208270f0cccaeffd29355c1f893855f7378a8b09a1cb0be9311aff2e195c3971e1be9ca70a06d62667b792e64e5fde7aac49cf2ea47492addb3ca49c861fe3c1561b2b23ff8fb5ea887b706be6a0bafd3a3f45a6c4e81691528b41c048844b964dab4440e38df01528ceedf11856072a2f10c40c08643c338fae288c3ccb8f880b0dbf3bf4ce1e7b8eefb5ebcbb7f07713e6e7283fac12aea52f226c41f9825c1566cc6c0ecac586c3f626330c074ba0d307026a6a4030484b34a85120bbad1b8508e2590d6dca05502bea4a1c9ea5fda0a71f0674e7f2d65290fdaf854821f9573bb49c03ed8645f4b4616ebf68e2266086eac8afa9fe941de7631b3a8656784e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.12
+            IsCertificateAuthority: true
+            SerialNumber: 08ad40b260d29c4c9f5ecda9bd93aed9
+            Version: 3
+            TBS:
+                MD5: 5d8003a64dfa5a4d88365da1566038cb
+                SHA1: 79465b56bc7ad55a37bdf633943da8bfc84db228
+                SHA256: 84bdc82e2f2a7f7aaa782667dac556ffcb2b33240c1f9c0a00a3264526a98332
+                SHA384: 65b1d4076a89ae273f57e6eeedecb3eae129b4168f76fa7671914cdf461d542255c59d9b85b916ae0ca6fc0fcf7a8e64
+        -   Subject: ??=Private Organization, ??=TW, serialNumber=23638777, C=TW,
+                ST=Taipei City, L=Beitou District, O=ASUSTeK COMPUTER INC., CN=ASUSTeK
+                COMPUTER INC.
+            ValidFrom: '2021-10-22 00:00:00'
+            ValidTo: '2024-10-22 23:59:59'
+            Signature: 1a8b6fd4e11cec34a3dfea314f0d59c6f41c56f76e1ac51f68e0285f1abdbda9e22628939dbd7acdf890d8ff3c7c4fff180c624b8434c6536bb61f1ff459d48a14c001d9d40ff1587cf64ce82edee2a24da8d80cd240e2af6d0e1c61aab24ce95f9c8ef50eeb0e153a343c1279fe6a003c44f3bd3ffa75ffbe314fc13bb36a9bbb3cea6026f5cb582992b016059074e4fcd8c16d4c5e8750bc9a196f94525317febcddb2d0121a235bb95136a0e4fc25611cd2915f4b488b66888168b90824e171d3214480c99fadb7b6c89cafc500eee468cb7faa9c1c1526d224ff389de012480480ced98831c324b129f2df3d3493d002ec8d4725e00eda33994f82493505861f61035c625d1c9ce2c7363799d3f1df9b17712b43cbf4c2027b54c796cbaca6b1523d028291e07774168a976ee3c879c850c1aaf65b1cec5c6dcb445487ab11b3967b8dd7726fe0dc529f7d624346a996adfd9dc6aab808edd9836a93e229ddbba4e8bb1c59719b6ebdcfc74d73f57ed946e936b5659783c199395bd2595458958edde6674bf08b3b650a8aeaa5507053b3f6ee7aedf16f55b849111535ca68ea11a5827551cba28023e230db7a209c763743ea22be0948ecf03d98ed447f66ecb97c0a525eb3b469779f2417f2082c4244b50936a9cb215745c71f3c27c98220f76395ba22a2f921a87655237977febd8b9a1564333af0cdf8e749bce0dd
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 0bbe02c8838fbf02ab56edabb1e34c19
+            Version: 3
+            TBS:
+                MD5: 0357e292e0e92b06c92b21cacfcfa451
+                SHA1: f52795bc8de5d803f09e20dd216d7df861f4cb34
+                SHA256: b33b80e64cdfb28fb9afb17259be19ffe1edf8aae62fcfbfe8ff301f786c500d
+                SHA384: 5fbe918c3fa1034d5671ae38b20773df18b8f9dd48e60f90c5c98708e73d6ca0c6dec4e2bcb0de22ba3efb59479db152
+        Signer:
+        -   SerialNumber: 0bbe02c8838fbf02ab56edabb1e34c19
+            Issuer: C=US, O=DigiCert, Inc., CN=DigiCert Trusted G4 Code Signing RSA4096
+                SHA384 2021 CA1
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 3be7917d9cf3e4ac3371233a5a20d62d
+        SHA1: b7c8880dd8e1c5b626d55b5cfb0d2942e7162334
+        SHA256: 231cb707d547c553745056a7a5e03c8cd05307beb4e2208f607a1845b51d96f7
+    Sections:
+        .text:
+            Entropy: 6.407232131831549
+            Virtual Size: '0x58d3'
+        .rdata:
+            Entropy: 5.437540965006372
+            Virtual Size: '0x8d4'
+        .data:
+            Entropy: 0.9313275414257391
+            Virtual Size: '0x290'
+        .pdata:
+            Entropy: 4.005604411589105
+            Virtual Size: '0x1bc'
+        INIT:
+            Entropy: 5.265885086539526
+            Virtual Size: '0x4ec'
+        .reloc:
+            Entropy: 3.1086949695628423
+            Virtual Size: '0x14'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2022-02-17 05:12:10'
+    Imphash: b3e26c5e0de2d01597dca208ef27cc38
+    LoadsDespiteHVCI: 'TRUE'
+-   Authentihash:
+        MD5: 9fd03554246c6c74c232919c680d7be8
+        SHA1: b25550309c902a21b03367ae27694c5a29b891b5
+        SHA256: c3e3719ca592ba65a67f594ec1a08d0d7ad724b088be77d48cb33627c56f4614
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2010-06-27 23:19:38'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: AsIO.sys
+    ImportedFunctions:
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - ZwClose
+    - MmGetPhysicalAddress
+    - MmAllocateContiguousMemory
+    - ZwUnmapViewOfSection
+    - IoIs32bitProcess
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - IofCompleteRequest
+    - KeDelayExecutionThread
+    - HalTranslateBusAddress
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: 1dc94a6a82697c62a04e461d7a94d0b0
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ASUSTeK Computer Inc.
+    RichPEHeaderHash:
+        MD5: fdbc1ff6c9321efd70ec149c3c8ccac6
+        SHA1: d77615c985da37ca9099b27c1be4785c6cb7ccf6
+        SHA256: 4dbce3e8c08dd544b78f87323f6d794fb990bb10cb6d239fe367da87a803f23c
+    SHA1: b97a8d506be2e7eaa4385f70c009b22adbd071ba
+    SHA256: 2da330a2088409efc351118445a824f11edbe51cf3d653b298053785097fe40e
+    Sections:
+        .text:
+            Entropy: 6.108859458208728
+            Virtual Size: '0xd86'
+        .rdata:
+            Entropy: 4.337980114178664
+            Virtual Size: '0x188'
+        .data:
+            Entropy: 0.0
+            Virtual Size: '0xc'
+        .pdata:
+            Entropy: 3.2608964358708645
+            Virtual Size: '0x84'
+        INIT:
+            Entropy: 4.571215641554434
+            Virtual Size: '0x24a'
+    Signature:
+    - ASUSTeK Computer Inc.
+    - VeriSign Class 3 Code Signing 2009-2 CA
+    - VeriSign Class 3 Public Primary CA
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=TW, ST=Taiwan, L=Taipei / Peitou, O=ASUSTeK Computer Inc.,
+                OU=Digital ID Class 3 , Microsoft Software Validation v2, OU=Quality
+                Testing Department, CN=ASUSTeK Computer Inc.
+            ValidFrom: '2009-08-03 00:00:00'
+            ValidTo: '2012-08-03 23:59:59'
+            Signature: bdc1dedf888c617c55af86763028f36094aeaadb7ebe82208e02d910305a252b4156a62a7f17366536fde06c13ff2bd8891e303a1e8c5c3cdb5fb257627367e3b6446b76c8080f61feac4424c5ef89467a79dc55fcb929805b727a10b39493038f97535686250f46e169bc85a02fb1f8a2626235a540e058084d1b17dbb7c426e76a8d3c2b3e2c0c4f33b9d6cc8d7a3590f8f61358ea5380ee0af3df7197dc4a615bcef1bcd119dba007d955d1acd14b42ab89d3539047d13d3e767de04ab5aa289fa0a698a582e84a5a65a1c9fabed2f75576629e8ad1826b68f2fca2baa751745f5ec968ed91cdf9761244a80b8c0d957900297ac3523c7a20c64e35be1b0a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 12d5c9e2949d48abaccd3514f0fb22ad
+            Version: 3
+            TBS:
+                MD5: a8e2727ca2cb8705c02aaef015feb372
+                SHA1: 94a0711ecebe96729e048ae1c7de9c4ba5c25ec4
+                SHA256: dd670882ef38bfeecfb2865ad06f52e36b07f99fbf5937b2ede58178d2221961
+                SHA384: 508037c851d72d2bf8f35ba25436903a510d02d58f923b6d2c694a9a27f4a82b0b0953ee7b3c68078faafe3886a64aa4
+        Signer:
+        -   SerialNumber: 12d5c9e2949d48abaccd3514f0fb22ad
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    Imphash: b4b90c1b054ebe273bff4b2fd6927990
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 7bb2dcc29ba50372d08fea800c190f09
+        SHA1: e5c090903a20744ba3583a8ea684d035e8cecc34
+        SHA256: 9dcfd796e244d0687cc35eac9538f209f76c6df12de166f19dbc7d2c47fb16b3
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2012-08-22 03:54:47'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: AsIO.sys
+    ImportedFunctions:
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - RtlInitUnicodeString
+    - ZwClose
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - ZwMapViewOfSection
+    - MmGetPhysicalAddress
+    - MmAllocateContiguousMemory
+    - ZwUnmapViewOfSection
+    - IoIs32bitProcess
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - IofCompleteRequest
+    - KeDelayExecutionThread
+    - HalTranslateBusAddress
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: 798de15f187c1f013095bbbeb6fb6197
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ASUSTeK Computer Inc.
+    RichPEHeaderHash:
+        MD5: fdbc1ff6c9321efd70ec149c3c8ccac6
+        SHA1: d77615c985da37ca9099b27c1be4785c6cb7ccf6
+        SHA256: 4dbce3e8c08dd544b78f87323f6d794fb990bb10cb6d239fe367da87a803f23c
+    SHA1: 92f251358b3fe86fd5e7aa9b17330afa0d64a705
+    SHA256: 436ccab6f62fa2d29827916e054ade7acae485b3de1d3e5c6c62d3debf1480e7
+    Sections:
+        .text:
+            Entropy: 6.1181571322303645
+            Virtual Size: '0xd66'
+        .rdata:
+            Entropy: 4.313686441268313
+            Virtual Size: '0x188'
+        .data:
+            Entropy: 0.0
+            Virtual Size: '0xc'
+        .pdata:
+            Entropy: 3.3006321366120503
+            Virtual Size: '0x84'
+        INIT:
+            Entropy: 4.548019208277369
+            Virtual Size: '0x24a'
+    Signature:
+    - ASUSTeK Computer Inc.
+    - VeriSign Class 3 Code Signing 2010 CA
+    - VeriSign
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G3
+            ValidFrom: '2012-05-01 00:00:00'
+            ValidTo: '2012-12-31 23:59:59'
+            Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
+            Version: 3
+            TBS:
+                MD5: e6d820afb23af20a65cf0b03247ea05e
+                SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
+                SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
+                SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=TW, ST=Taiwan, L=Taipei / Peitou, O=ASUSTeK Computer Inc.,
+                OU=Digital ID Class 3 , Microsoft Software Validation v2, OU=Quality
+                Testing Department, CN=ASUSTeK Computer Inc.
+            ValidFrom: '2012-07-31 00:00:00'
+            ValidTo: '2015-08-03 23:59:59'
+            Signature: 03cd161c1960e13d0b06441f08fdfc9df8319f8d87a83ecc865bc20767841d4087e40dc9d770bdc5c0fe6ccb9cf3e08bee7364451b03fb3130356761cae54417e8a282ed7cd33b0becd72e8799b616a2766976a7172a1cc299e8321ebeb479f592e03f425da4b2ea6a0cd0b5cc32b9bdeec80aa3ef0a62d6e16b72765301d53ef883ab9210a4b868ff2e2724e37804feb5277d3e26da8ba9d0b6ef61769d1c0f62a78757779d7134a63320b1a692584f12162d3fa20ec6e1b038b1a8d7afc2fad7b692759c6a000159714271f40d608fed3c08213b757fa75baf4674380f5aea46b7125f17532c636876c1f3e0d4b0350822f2a640001fda794b969e2cc681c2
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 7d08d9bc130726de26ee4ef28e133084
+            Version: 3
+            TBS:
+                MD5: 72cafb0a175f0481177fa2c9803283c7
+                SHA1: b603167b958c5fcd7094552891ddc4e2ea4c149f
+                SHA256: a36a0024075771a4b30eab8f1288817059fe1a01003d0c1d92f647df17f3b688
+                SHA384: 33c28dc6857ce5d20a2e9ba8a47f6bc80a9a98fba518fd732963bedbbb408848b89b3d8438d413f8b933ee761ffa1653
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 7d08d9bc130726de26ee4ef28e133084
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: d7de998e454f947f62d4a6b66490563b
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 1e97ead4c5049f8fefe2b72edd5fa90e
+        SHA1: 2a95f882dd9bafcc57f144a2708a7ec67dd7844c
+        SHA256: 7f75d91844b0c162eeb24d14bcf63b7f230e111daa7b0a26eaa489eeb22d9057
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2010-08-02 20:47:59'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: AsIO.sys
+    ImportedFunctions:
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - ZwClose
+    - MmGetPhysicalAddress
+    - MmAllocateContiguousMemory
+    - ZwUnmapViewOfSection
+    - IoIs32bitProcess
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - IofCompleteRequest
+    - KeDelayExecutionThread
+    - HalTranslateBusAddress
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: 1392b92179b07b672720763d9b1028a5
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ASUSTeK Computer Inc.
+    RichPEHeaderHash:
+        MD5: 058831031bc182e09fd9501e62a8c8ce
+        SHA1: 23c55978de25c037af392054d26cc72818ee3a60
+        SHA256: 7890a60d1090102ce6bb8cacac02b827a9edbbdf8ec13c022a9170b0ee036c43
+    SHA1: 8b6aa5b2bff44766ef7afbe095966a71bc4183fa
+    SHA256: b4d47ea790920a4531e3df5a4b4b0721b7fea6b49a35679f0652f1e590422602
+    Sections:
+        .text:
+            Entropy: 6.128485959548185
+            Virtual Size: '0x10fc'
+        .rdata:
+            Entropy: 4.469326855336564
+            Virtual Size: '0x1a0'
+        .data:
+            Entropy: 0.0
+            Virtual Size: '0xc'
+        .pdata:
+            Entropy: 3.3216749799000778
+            Virtual Size: '0x90'
+        INIT:
+            Entropy: 4.5288929688981066
+            Virtual Size: '0x24a'
+    Signature:
+    - ASUSTeK Computer Inc.
+    - VeriSign Class 3 Code Signing 2009-2 CA
+    - VeriSign Class 3 Public Primary CA
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=TW, ST=Taiwan, L=Taipei / Peitou, O=ASUSTeK Computer Inc.,
+                OU=Digital ID Class 3 , Microsoft Software Validation v2, OU=Quality
+                Testing Department, CN=ASUSTeK Computer Inc.
+            ValidFrom: '2009-08-03 00:00:00'
+            ValidTo: '2012-08-03 23:59:59'
+            Signature: bdc1dedf888c617c55af86763028f36094aeaadb7ebe82208e02d910305a252b4156a62a7f17366536fde06c13ff2bd8891e303a1e8c5c3cdb5fb257627367e3b6446b76c8080f61feac4424c5ef89467a79dc55fcb929805b727a10b39493038f97535686250f46e169bc85a02fb1f8a2626235a540e058084d1b17dbb7c426e76a8d3c2b3e2c0c4f33b9d6cc8d7a3590f8f61358ea5380ee0af3df7197dc4a615bcef1bcd119dba007d955d1acd14b42ab89d3539047d13d3e767de04ab5aa289fa0a698a582e84a5a65a1c9fabed2f75576629e8ad1826b68f2fca2baa751745f5ec968ed91cdf9761244a80b8c0d957900297ac3523c7a20c64e35be1b0a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 12d5c9e2949d48abaccd3514f0fb22ad
+            Version: 3
+            TBS:
+                MD5: a8e2727ca2cb8705c02aaef015feb372
+                SHA1: 94a0711ecebe96729e048ae1c7de9c4ba5c25ec4
+                SHA256: dd670882ef38bfeecfb2865ad06f52e36b07f99fbf5937b2ede58178d2221961
+                SHA384: 508037c851d72d2bf8f35ba25436903a510d02d58f923b6d2c694a9a27f4a82b0b0953ee7b3c68078faafe3886a64aa4
+        Signer:
+        -   SerialNumber: 12d5c9e2949d48abaccd3514f0fb22ad
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    Imphash: b4b90c1b054ebe273bff4b2fd6927990
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 9e7fb1f3c75f1f5e6769813c545643fc
+        SHA1: 86f07797273b7f0e0805d2add8c1a0be116eb88c
+        SHA256: 191689c53195dbe828f406b206cb167dcd4671ecdab32b80e01c885f706a6baf
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2010-08-23 19:53:02'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: AsIO.sys
+    ImportedFunctions:
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - ZwClose
+    - MmGetPhysicalAddress
+    - MmAllocateContiguousMemory
+    - ZwUnmapViewOfSection
+    - IoIs32bitProcess
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - IofCompleteRequest
+    - KeDelayExecutionThread
+    - HalTranslateBusAddress
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: fef9dd9ea587f8886ade43c1befbdafe
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ASUSTeK Computer Inc.
+    RichPEHeaderHash:
+        MD5: fdbc1ff6c9321efd70ec149c3c8ccac6
+        SHA1: d77615c985da37ca9099b27c1be4785c6cb7ccf6
+        SHA256: 4dbce3e8c08dd544b78f87323f6d794fb990bb10cb6d239fe367da87a803f23c
+    SHA1: af6e1f2cfb230907476e8b2d676129b6d6657124
+    SHA256: dde6f28b3f7f2abbee59d4864435108791631e9cb4cdfb1f178e5aa9859956d8
+    Sections:
+        .text:
+            Entropy: 6.107404762164129
+            Virtual Size: '0xd86'
+        .rdata:
+            Entropy: 4.358520944651229
+            Virtual Size: '0x188'
+        .data:
+            Entropy: 0.0
+            Virtual Size: '0xc'
+        .pdata:
+            Entropy: 3.2608964358708645
+            Virtual Size: '0x84'
+        INIT:
+            Entropy: 4.571215641554434
+            Virtual Size: '0x24a'
+    Signature:
+    - ASUSTeK Computer Inc.
+    - VeriSign Class 3 Code Signing 2009-2 CA
+    - VeriSign Class 3 Public Primary CA
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=TW, ST=Taiwan, L=Taipei / Peitou, O=ASUSTeK Computer Inc.,
+                OU=Digital ID Class 3 , Microsoft Software Validation v2, OU=Quality
+                Testing Department, CN=ASUSTeK Computer Inc.
+            ValidFrom: '2009-08-03 00:00:00'
+            ValidTo: '2012-08-03 23:59:59'
+            Signature: bdc1dedf888c617c55af86763028f36094aeaadb7ebe82208e02d910305a252b4156a62a7f17366536fde06c13ff2bd8891e303a1e8c5c3cdb5fb257627367e3b6446b76c8080f61feac4424c5ef89467a79dc55fcb929805b727a10b39493038f97535686250f46e169bc85a02fb1f8a2626235a540e058084d1b17dbb7c426e76a8d3c2b3e2c0c4f33b9d6cc8d7a3590f8f61358ea5380ee0af3df7197dc4a615bcef1bcd119dba007d955d1acd14b42ab89d3539047d13d3e767de04ab5aa289fa0a698a582e84a5a65a1c9fabed2f75576629e8ad1826b68f2fca2baa751745f5ec968ed91cdf9761244a80b8c0d957900297ac3523c7a20c64e35be1b0a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 12d5c9e2949d48abaccd3514f0fb22ad
+            Version: 3
+            TBS:
+                MD5: a8e2727ca2cb8705c02aaef015feb372
+                SHA1: 94a0711ecebe96729e048ae1c7de9c4ba5c25ec4
+                SHA256: dd670882ef38bfeecfb2865ad06f52e36b07f99fbf5937b2ede58178d2221961
+                SHA384: 508037c851d72d2bf8f35ba25436903a510d02d58f923b6d2c694a9a27f4a82b0b0953ee7b3c68078faafe3886a64aa4
+        Signer:
+        -   SerialNumber: 12d5c9e2949d48abaccd3514f0fb22ad
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    Imphash: b4b90c1b054ebe273bff4b2fd6927990
+    LoadsDespiteHVCI: 'TRUE'
+-   Authentihash:
+        MD5: 9f79edf758e219929902ec7564e0f435
+        SHA1: c92148d0666f2235500805975be79738b84e48c2
+        SHA256: 19c74ea0e0baf04820e5642bd2fa224158801ed966be1041539e3c55bd65c471
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2009-04-06 01:21:08'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - ZwClose
+    - IofCompleteRequest
+    - ZwUnmapViewOfSection
+    - IoIs32bitProcess
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - IoDeleteSymbolicLink
+    - KeDelayExecutionThread
+    - HalTranslateBusAddress
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: 517d484bdbad4637188ec7a908335b86
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: deb9c1e252f598099d70d2b33a313da3
+        SHA1: f0c2801e0091ed6f5e10ea7045e911aa90030290
+        SHA256: 914fb9761d50c3fa2ecf9fbd8af3735f9b8d6c4903e067c8af9546e79b6f22c7
+    SHA1: 2207cdee7deaba1492ae2349392864f19eb4dfaf
+    SHA256: db73b0fa032be22405fa0b52fbfe3b30e56ac4787e620e4854c32668ae43bc33
+    Sections:
+        .text:
+            Entropy: 6.140846081676954
+            Virtual Size: '0xca6'
+        .rdata:
+            Entropy: 4.362536233544753
+            Virtual Size: '0x170'
+        .data:
+            Entropy: 0.0
+            Virtual Size: '0xc'
+        .pdata:
+            Entropy: 3.245354266022441
+            Virtual Size: '0x84'
+        INIT:
+            Entropy: 4.455848230056508
+            Virtual Size: '0x204'
+    Signature: ''
+    Signatures: {}
+    Imphash: 12befc0a82dcb0585359d335ed47af19
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 7bb2dcc29ba50372d08fea800c190f09
+        SHA1: e5c090903a20744ba3583a8ea684d035e8cecc34
+        SHA256: 9dcfd796e244d0687cc35eac9538f209f76c6df12de166f19dbc7d2c47fb16b3
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2012-08-22 03:54:47'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - RtlInitUnicodeString
+    - ZwClose
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - ZwMapViewOfSection
+    - MmGetPhysicalAddress
+    - MmAllocateContiguousMemory
+    - ZwUnmapViewOfSection
+    - IoIs32bitProcess
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - IofCompleteRequest
+    - KeDelayExecutionThread
+    - HalTranslateBusAddress
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: b2e4e588ce7b993cc31c18a0721d904d
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: fdbc1ff6c9321efd70ec149c3c8ccac6
+        SHA1: d77615c985da37ca9099b27c1be4785c6cb7ccf6
+        SHA256: 4dbce3e8c08dd544b78f87323f6d794fb990bb10cb6d239fe367da87a803f23c
+    SHA1: a714a2a045fa8f46d0165b78fe3eecf129c1de3a
+    SHA256: 707b4b5f5c4585156d8a4d8c39cf26729f5ad05d7f77b17f48e670e808e3e6a0
+    Sections:
+        .text:
+            Entropy: 6.1181571322303645
+            Virtual Size: '0xd66'
+        .rdata:
+            Entropy: 4.313686441268313
+            Virtual Size: '0x188'
+        .data:
+            Entropy: 0.0
+            Virtual Size: '0xc'
+        .pdata:
+            Entropy: 3.3006321366120503
+            Virtual Size: '0x84'
+        INIT:
+            Entropy: 4.548019208277369
+            Virtual Size: '0x24a'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR,
+                CN=Microsoft Windows Hardware Compatibility Publisher
+            ValidFrom: '2014-12-19 19:27:34'
+            ValidTo: '2016-03-19 19:27:34'
+            Signature: 9c8895d0b78e2fb9a8fff5d730270c52de3a7ead8c7e649a21d81298c0a56bed1fb109217ae8b55a5c3a4334ee73203e5d44c03ef843ef2b93621369e7079513d72985c1143d04b5f342dc3a92f554bd1a8a58943c177dda5dd7c3e5280891583cd251dac090051e36faa455e751498657c06ff9f886e6d431b498fce1ea596e21d8bc45c8ad97e2376158c2d18a1f1daaa694fd736ab959c8980358f5f83ccf340fc6594ddeb60587c567e7167ea1129a81f536222046cdde2706e30d6f2fb3b9984bace9f40afe2473a4b4ee4e1fb799259ba41101e08b546d55b55ecd52f10296d5ad0dadeba22cf7c250d5f029457c15f95dee91af4ee7ee0ed6f67ff4fc
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 330000001dc31a761624754f8000000000001d
+            Version: 3
+            TBS:
+                MD5: df2a0bc442ef65cd9973329be21c642f
+                SHA1: d13bcda797c6b986a1a45b7ce9184e87ba0f994c
+                SHA256: 41718d172e45eaa02ec88494587672cf50f96a310aebc5b49a66c0adae99edc5
+                SHA384: db7864a35b468726f3d431e07825ae860ddb0d6250b3bd8906f1b0ff98ce7b4c563c73288b01ec8f1ec5a2a06f31bc40
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2012
+            ValidFrom: '2012-04-18 23:48:38'
+            ValidTo: '2027-04-18 23:58:38'
+            Signature: 5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 610baac1000000000009
+            Version: 3
+            TBS:
+                MD5: a569061297e8e824767dbc3184a69bea
+                SHA1: adbb26a587a8f44b4fccaecb306f980d1c55a150
+                SHA256: cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46
+                SHA384: e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba
+        Signer:
+        -   SerialNumber: 330000001dc31a761624754f8000000000001d
+            Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2012
+            Version: 1
+    Imphash: d7de998e454f947f62d4a6b66490563b
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 5b13f61ef5173aaea45b31d934fa2b37
+        SHA1: 55ab7e27412eca433d76513edc7e6e03bcdd7eda
+        SHA256: c1b41d6b91448e2409bb2f4fbf4aeb952adf373d0decc9d052277b89ba401407
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2009-08-03 01:02:32'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - READ_REGISTER_UCHAR
+    - READ_REGISTER_USHORT
+    - READ_REGISTER_ULONG
+    - WRITE_REGISTER_UCHAR
+    - WRITE_REGISTER_USHORT
+    - KeQuerySystemTime
+    - ZwClose
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - IoDeleteSymbolicLink
+    - KeDelayExecutionThread
+    - ZwUnmapViewOfSection
+    - IofCompleteRequest
+    - RtlInitUnicodeString
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - WRITE_REGISTER_ULONG
+    - IoDeleteDevice
+    - WRITE_PORT_USHORT
+    - WRITE_PORT_UCHAR
+    - HalTranslateBusAddress
+    - READ_PORT_ULONG
+    - READ_PORT_USHORT
+    - READ_PORT_UCHAR
+    - WRITE_PORT_ULONG
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: 9d8cb58b9a9e177ddd599791a58a654d
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 1dca2593c812b9d1ad59cd6c601d9984
+        SHA1: ed8d9ab054b6e3b43e55dff40654162d6abc6657
+        SHA256: 332168c7827fb42ec1ee5e08f64bb7273db098da638241b85585b8daf24ba5fb
+    SHA1: e4e40032376279e29487afc18527804dce792883
+    SHA256: b3e645e8817696fa5d5e2255f9328f3b6a2e5fce91737f4d654ff155dc9851e5
+    Sections:
+        .text:
+            Entropy: 6.1960789663995905
+            Virtual Size: '0x872'
+        .rdata:
+            Entropy: 2.808152433711106
+            Virtual Size: '0xc4'
+        .data:
+            Entropy: -0.0
+            Virtual Size: '0xc'
+        INIT:
+            Entropy: 5.208673110075946
+            Virtual Size: '0x2f0'
+        .reloc:
+            Entropy: 3.9280891177162527
+            Virtual Size: '0x92'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=TW, ST=Taiwan, L=Taipei / Peitou, O=ASUSTeK Computer Inc.,
+                OU=Digital ID Class 3 , Microsoft Software Validation v2, OU=Quality
+                Testing Department, CN=ASUSTeK Computer Inc.
+            ValidFrom: '2009-08-03 00:00:00'
+            ValidTo: '2012-08-03 23:59:59'
+            Signature: bdc1dedf888c617c55af86763028f36094aeaadb7ebe82208e02d910305a252b4156a62a7f17366536fde06c13ff2bd8891e303a1e8c5c3cdb5fb257627367e3b6446b76c8080f61feac4424c5ef89467a79dc55fcb929805b727a10b39493038f97535686250f46e169bc85a02fb1f8a2626235a540e058084d1b17dbb7c426e76a8d3c2b3e2c0c4f33b9d6cc8d7a3590f8f61358ea5380ee0af3df7197dc4a615bcef1bcd119dba007d955d1acd14b42ab89d3539047d13d3e767de04ab5aa289fa0a698a582e84a5a65a1c9fabed2f75576629e8ad1826b68f2fca2baa751745f5ec968ed91cdf9761244a80b8c0d957900297ac3523c7a20c64e35be1b0a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 12d5c9e2949d48abaccd3514f0fb22ad
+            Version: 3
+            TBS:
+                MD5: a8e2727ca2cb8705c02aaef015feb372
+                SHA1: 94a0711ecebe96729e048ae1c7de9c4ba5c25ec4
+                SHA256: dd670882ef38bfeecfb2865ad06f52e36b07f99fbf5937b2ede58178d2221961
+                SHA384: 508037c851d72d2bf8f35ba25436903a510d02d58f923b6d2c694a9a27f4a82b0b0953ee7b3c68078faafe3886a64aa4
+        Signer:
+        -   SerialNumber: 12d5c9e2949d48abaccd3514f0fb22ad
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    Imphash: b0e74761cced2dde5173ae05ec562085
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 4fcf3854e63dee328f9deefa6ce069cb
+        SHA1: d569d4bab86e70efbcdfdac9d822139d6f477b7c
+        SHA256: 80599708ce61ec5d6dcfc5977208a2a0be2252820a88d9ba260d8cdf5dc7fbe4
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2005-12-21 01:55:21'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - READ_REGISTER_UCHAR
+    - READ_REGISTER_USHORT
+    - READ_REGISTER_ULONG
+    - WRITE_REGISTER_UCHAR
+    - KeQuerySystemTime
+    - KeDelayExecutionThread
+    - IofCompleteRequest
+    - ZwClose
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - IoDeleteSymbolicLink
+    - DbgPrint
+    - ZwUnmapViewOfSection
+    - IoCreateSymbolicLink
+    - RtlInitUnicodeString
+    - IoCreateDevice
+    - WRITE_REGISTER_USHORT
+    - IoDeleteDevice
+    - WRITE_REGISTER_ULONG
+    - WRITE_PORT_ULONG
+    - WRITE_PORT_USHORT
+    - HalTranslateBusAddress
+    - READ_PORT_ULONG
+    - WRITE_PORT_UCHAR
+    - READ_PORT_UCHAR
+    - READ_PORT_USHORT
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: 663f2fb92608073824ee3106886120f3
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: b39d8b5610182849a95fa415c9786274
+        SHA1: 47e24c8d5f1687b4811c2267b1519e4f53576005
+        SHA256: bde1051ba0a00c5223e7850f91b66678c6236ab82415e73114502cd4e9e2bef8
+    SHA1: 470633a3a1e1b1f13c3f6c5192ce881efd206d7c
+    SHA256: 41765151df57125286b398cc107ff8007972f4653527f876d133dac1548865d6
+    Sections:
+        .text:
+            Entropy: 6.41894248761542
+            Virtual Size: '0xcac'
+        .rdata:
+            Entropy: 2.710450233592338
+            Virtual Size: '0xd4'
+        .data:
+            Entropy: -0.0
+            Virtual Size: '0xc'
+        INIT:
+            Entropy: 5.25231831216104
+            Virtual Size: '0x300'
+        .reloc:
+            Entropy: 4.575666038623564
+            Virtual Size: '0xcc'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2008-12-03 23:59:59'
+            Signature: 877870da4e5201205be079c98230c4fdb91996bd9100c3bdcdcdc6f40ed8fff94dc033623011c5f5741bd492de5f9c2013b17c45be50cd83e7801783a72793671346fbcab8984103cc9b515b058b7fa86ff31b501b242ef2698d6c22f7bbca1695ed0c74c06877d9eb996287c17390f889747a23aba3987b97b1f78f29714d2e751b4841daf0b50d2054d677a097826369fd09cf8af075bb099bd9f91155269a6132be7a02b07b86bea2c38b222c78d13576bc92735cf9b9e64c150a23cce4d2d4342e4940153c0f607a24c6a566ef96cf70eb3ee7f40d7edcd17ca3767169c19c4f47303521b1a2af1a623c2bd98eaa2a077bd818b35c7be29da56ffe3c89ad
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0de92bf0d4d82988183205095e9a7688
+            Version: 3
+            TBS:
+                MD5: 45c204b8a20f6abb0188d2d38a3fb0c9
+                SHA1: cdf3a3c5c2eda4c29621f30fd3154f9f8c765739
+                SHA256: e32839dddc0f4ed2474efaf37f59d46db400c700fd19533cb0895a111124bc77
+                SHA384: ee9c75832cb252218b3201619852209df490d2ef7a5f7a28afdb37f1c1dd56f4604898838e558f615b1c798d4a488223
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=TW, ST=Taiwan, L=Taipei / Peitou, O=ASUSTeK Computer Inc.,
+                OU=Digital ID Class 3 , Microsoft Software Validation v2, OU=Quality
+                Testing Department, CN=ASUSTeK Computer Inc.
+            ValidFrom: '2006-06-27 00:00:00'
+            ValidTo: '2007-07-16 23:59:59'
+            Signature: 3e9083070ad85eabc973807c097269557b889eba86f794582fdc292452dcb7f8bcc45cd4743a1f6fb1b4a2186c7be5c62cea2cfa8d7a8cf6b343ddd3da952369aeea7cdbb7fb2d0c172e9bd3f834d838e598760aa04f073962665cce0382d2f549978ec5b9b3d039eddfb4c4b3403f5a7ba908e6523bd44e39705deee334eb3d4dba63ac71da30b5a6a3c9bde15f52b39732144d7e59acae08622c5f78f0097899265af6be9d1f1b868e500fca79fe967ddd6d777597d52c201210d4903c6929e59ca804518364ab1f75925a99b70591290cab0f4c079392a985797cc99b1fc87cf7237ec4ce715abd07f108e320e42c327d305be93dde94161251414fc46516
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 284649f592786c4851c1138e364185ae
+            Version: 3
+            TBS:
+                MD5: 2fc1a78b4874ed1ac403284a5d4084fb
+                SHA1: 9ae9b025b3a9ebfacdf55104f3fc1c143457a296
+                SHA256: 9ffd439139209f1a084cb30cd791558dc266265405f7c5c7444c5a941ff0c004
+                SHA384: 656817a3d8aa52cdc8fbff1dcb0ef1f07ea93f0c6b82067d7c6c5f68a125dc3b50f88974a66d59ecc5b996ca5e55eaa1
+        Signer:
+        -   SerialNumber: 284649f592786c4851c1138e364185ae
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    Imphash: f4c5b0399665885a7dd34f7cdbbc586f
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 09e04d9a1ba63e4db9e4b55a00d5050d
+        SHA1: 61e1b497a5df0797527d6d465a8f315a82ad35eb
+        SHA256: 739c11fdb8673ab5b78f1a874daf5ba3faddb7910a6d4e0cc49abd8b8537333f
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2009-08-03 01:03:16'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - ZwClose
+    - IofCompleteRequest
+    - ZwUnmapViewOfSection
+    - IoIs32bitProcess
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - IoDeleteSymbolicLink
+    - KeDelayExecutionThread
+    - HalTranslateBusAddress
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: a82c01606dc27d05d9d3bfb6bb807e32
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: deb9c1e252f598099d70d2b33a313da3
+        SHA1: f0c2801e0091ed6f5e10ea7045e911aa90030290
+        SHA256: 914fb9761d50c3fa2ecf9fbd8af3735f9b8d6c4903e067c8af9546e79b6f22c7
+    SHA1: 1951ae94c6ee63fa801208771b5784f021c70c60
+    SHA256: ce231637422709d927fb6fa0c4f2215b9c0e3ebbd951fb2fa97b8e64da479b96
+    Sections:
+        .text:
+            Entropy: 6.1423523697958835
+            Virtual Size: '0xca6'
+        .rdata:
+            Entropy: 4.447540499473679
+            Virtual Size: '0x178'
+        .data:
+            Entropy: 0.0
+            Virtual Size: '0xc'
+        .pdata:
+            Entropy: 3.2844547164673656
+            Virtual Size: '0x84'
+        INIT:
+            Entropy: 4.455848230056508
+            Virtual Size: '0x204'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=TW, ST=Taiwan, L=Taipei / Peitou, O=ASUSTeK Computer Inc.,
+                OU=Digital ID Class 3 , Microsoft Software Validation v2, OU=Quality
+                Testing Department, CN=ASUSTeK Computer Inc.
+            ValidFrom: '2009-08-03 00:00:00'
+            ValidTo: '2012-08-03 23:59:59'
+            Signature: bdc1dedf888c617c55af86763028f36094aeaadb7ebe82208e02d910305a252b4156a62a7f17366536fde06c13ff2bd8891e303a1e8c5c3cdb5fb257627367e3b6446b76c8080f61feac4424c5ef89467a79dc55fcb929805b727a10b39493038f97535686250f46e169bc85a02fb1f8a2626235a540e058084d1b17dbb7c426e76a8d3c2b3e2c0c4f33b9d6cc8d7a3590f8f61358ea5380ee0af3df7197dc4a615bcef1bcd119dba007d955d1acd14b42ab89d3539047d13d3e767de04ab5aa289fa0a698a582e84a5a65a1c9fabed2f75576629e8ad1826b68f2fca2baa751745f5ec968ed91cdf9761244a80b8c0d957900297ac3523c7a20c64e35be1b0a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 12d5c9e2949d48abaccd3514f0fb22ad
+            Version: 3
+            TBS:
+                MD5: a8e2727ca2cb8705c02aaef015feb372
+                SHA1: 94a0711ecebe96729e048ae1c7de9c4ba5c25ec4
+                SHA256: dd670882ef38bfeecfb2865ad06f52e36b07f99fbf5937b2ede58178d2221961
+                SHA384: 508037c851d72d2bf8f35ba25436903a510d02d58f923b6d2c694a9a27f4a82b0b0953ee7b3c68078faafe3886a64aa4
+        Signer:
+        -   SerialNumber: 12d5c9e2949d48abaccd3514f0fb22ad
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    Imphash: 12befc0a82dcb0585359d335ed47af19
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 7bb2dcc29ba50372d08fea800c190f09
+        SHA1: e5c090903a20744ba3583a8ea684d035e8cecc34
+        SHA256: 9dcfd796e244d0687cc35eac9538f209f76c6df12de166f19dbc7d2c47fb16b3
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2012-08-22 03:54:47'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - RtlInitUnicodeString
+    - ZwClose
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - ZwMapViewOfSection
+    - MmGetPhysicalAddress
+    - MmAllocateContiguousMemory
+    - ZwUnmapViewOfSection
+    - IoIs32bitProcess
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - IofCompleteRequest
+    - KeDelayExecutionThread
+    - HalTranslateBusAddress
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: 94cdf2cf363be5a8749670bea4db65cd
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: fdbc1ff6c9321efd70ec149c3c8ccac6
+        SHA1: d77615c985da37ca9099b27c1be4785c6cb7ccf6
+        SHA256: 4dbce3e8c08dd544b78f87323f6d794fb990bb10cb6d239fe367da87a803f23c
+    SHA1: 96523f72e4283f9816d3da8f2270690dd1dd263e
+    SHA256: 20e52e0d7f579dc6884cc6e80266fddceda69ea5fdd0b095c0874b0d877e48a2
+    Sections:
+        .text:
+            Entropy: 6.1181571322303645
+            Virtual Size: '0xd66'
+        .rdata:
+            Entropy: 4.313686441268313
+            Virtual Size: '0x188'
+        .data:
+            Entropy: 0.0
+            Virtual Size: '0xc'
+        .pdata:
+            Entropy: 3.3006321366120503
+            Virtual Size: '0x84'
+        INIT:
+            Entropy: 4.548019208277369
+            Virtual Size: '0x24a'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: ??=TW, ??=Private Organization, serialNumber=23638777, C=TW,
+                L=Taipei City, O=ASUSTeK Computer Inc., CN=ASUSTeK Computer Inc.
+            ValidFrom: '2019-01-08 00:00:00'
+            ValidTo: '2022-01-11 12:00:00'
+            Signature: 084206939546981ffc713f3c3e53c49e5336fc644a0afef36e591fd0aa4ad0ae00b4d3b3939a7a19fbfaa95947c169841788886a96482e731770a4f932c19b90ec34bb3fcaf883ca940c960043e8ff31fefb05791bf1be967b527c147f8b834b0bed7c6ded0877736ffffdc8a9f17f34e7f9cbb64f08cb20c98f56c617a31ec6f02a7aa632d6161ff02a62cc491fc8577442352a03f15a03a10408f9247f5ca176f2c928226a1b3cc9ae2a474ed46e26b38d8b57b740b1e9e1420c9a978d1469ae9710186a2d94558b493617806688c5418c386d09552da2a9757fd75f16640c53331595c49077ad2a7e46662c9ce77f612faa06b8968887d9e27c6679898bdf
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 073501671dc61bf273a6daec906e40a5
+            Version: 3
+            TBS:
+                MD5: 40e2b5ee26c4990c33a5e669c600b8a3
+                SHA1: 30796f70d4552dd84ee58219d9f61df8c22bec18
+                SHA256: 3062c7ba0949c3e882ca9cc23a60b9e4e742c7e2e1d4c3a63b893019189dba13
+                SHA384: e215473c05b611248331b3b259cc483a94c2d830fa63a5b6e08d1e52b06d360ebd30519a73f6ffcf79be880975e94738
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 073501671dc61bf273a6daec906e40a5
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA (SHA2)
+            Version: 1
+    Imphash: d7de998e454f947f62d4a6b66490563b
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 3824dd56459d29ffc5d4bb51d7123778
+        SHA1: 5a7dd0da0aee0bdedc14c1b7831b9ce9178a0346
+        SHA256: 92edd48dfac025d4069eb6491b9730d9d131b77cceaa480af9b3c32bc8c5e3a9
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2012-08-22 03:54:43'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - ZwClose
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - WRITE_REGISTER_ULONG
+    - MmAllocateContiguousMemory
+    - IofCompleteRequest
+    - ZwUnmapViewOfSection
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeTickCount
+    - WRITE_REGISTER_USHORT
+    - WRITE_REGISTER_UCHAR
+    - READ_REGISTER_ULONG
+    - READ_REGISTER_USHORT
+    - READ_REGISTER_UCHAR
+    - KeQuerySystemTime
+    - MmGetPhysicalAddress
+    - KeDelayExecutionThread
+    - WRITE_PORT_USHORT
+    - WRITE_PORT_UCHAR
+    - HalTranslateBusAddress
+    - READ_PORT_ULONG
+    - READ_PORT_USHORT
+    - READ_PORT_UCHAR
+    - WRITE_PORT_ULONG
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: 272446de15c63095940a3dad0b426f21
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 432a6583ab7bafb3773874586c68db85
+        SHA1: bb0833dab5efdcbfcad58fe4e9a35fc31de53442
+        SHA256: 1dffaf610cdef8285f0794d34bc503106b06dbe14d99da734436265b9461f6c9
+    SHA1: 7eb34cc1fcffb4fdb5cb7e97184dd64a65cb9371
+    SHA256: 52a90fd1546c068b92add52c29fbb8a87d472a57e609146bbcb34862f9dcec15
+    Sections:
+        .text:
+            Entropy: 6.23937613305102
+            Virtual Size: '0x8ad'
+        .rdata:
+            Entropy: 4.36827815837928
+            Virtual Size: '0xe7'
+        .data:
+            Entropy: 1.311278124459133
+            Virtual Size: '0x10'
+        INIT:
+            Entropy: 5.344545644500133
+            Virtual Size: '0x370'
+        .reloc:
+            Entropy: 3.6862767817925604
+            Virtual Size: '0xc6'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR,
+                CN=Microsoft Windows Hardware Compatibility Publisher
+            ValidFrom: '2014-12-19 19:27:34'
+            ValidTo: '2016-03-19 19:27:34'
+            Signature: 9c8895d0b78e2fb9a8fff5d730270c52de3a7ead8c7e649a21d81298c0a56bed1fb109217ae8b55a5c3a4334ee73203e5d44c03ef843ef2b93621369e7079513d72985c1143d04b5f342dc3a92f554bd1a8a58943c177dda5dd7c3e5280891583cd251dac090051e36faa455e751498657c06ff9f886e6d431b498fce1ea596e21d8bc45c8ad97e2376158c2d18a1f1daaa694fd736ab959c8980358f5f83ccf340fc6594ddeb60587c567e7167ea1129a81f536222046cdde2706e30d6f2fb3b9984bace9f40afe2473a4b4ee4e1fb799259ba41101e08b546d55b55ecd52f10296d5ad0dadeba22cf7c250d5f029457c15f95dee91af4ee7ee0ed6f67ff4fc
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 330000001dc31a761624754f8000000000001d
+            Version: 3
+            TBS:
+                MD5: df2a0bc442ef65cd9973329be21c642f
+                SHA1: d13bcda797c6b986a1a45b7ce9184e87ba0f994c
+                SHA256: 41718d172e45eaa02ec88494587672cf50f96a310aebc5b49a66c0adae99edc5
+                SHA384: db7864a35b468726f3d431e07825ae860ddb0d6250b3bd8906f1b0ff98ce7b4c563c73288b01ec8f1ec5a2a06f31bc40
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2012
+            ValidFrom: '2012-04-18 23:48:38'
+            ValidTo: '2027-04-18 23:58:38'
+            Signature: 5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 610baac1000000000009
+            Version: 3
+            TBS:
+                MD5: a569061297e8e824767dbc3184a69bea
+                SHA1: adbb26a587a8f44b4fccaecb306f980d1c55a150
+                SHA256: cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46
+                SHA384: e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba
+        Signer:
+        -   SerialNumber: 330000001dc31a761624754f8000000000001d
+            Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2012
+            Version: 1
+    Imphash: 2699b7ae36fcadd71425ebafd231d0d1
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 7bb2dcc29ba50372d08fea800c190f09
+        SHA1: e5c090903a20744ba3583a8ea684d035e8cecc34
+        SHA256: 9dcfd796e244d0687cc35eac9538f209f76c6df12de166f19dbc7d2c47fb16b3
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2012-08-22 03:54:47'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - RtlInitUnicodeString
+    - ZwClose
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - ZwMapViewOfSection
+    - MmGetPhysicalAddress
+    - MmAllocateContiguousMemory
+    - ZwUnmapViewOfSection
+    - IoIs32bitProcess
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - IofCompleteRequest
+    - KeDelayExecutionThread
+    - HalTranslateBusAddress
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: f701ddcc7c51919413ddadd351ad2fef
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: fdbc1ff6c9321efd70ec149c3c8ccac6
+        SHA1: d77615c985da37ca9099b27c1be4785c6cb7ccf6
+        SHA256: 4dbce3e8c08dd544b78f87323f6d794fb990bb10cb6d239fe367da87a803f23c
+    SHA1: ca47bab2bea62ff58caea4741bcfbd7f3abb6c5f
+    SHA256: 2d36642135166bbb296624dca878925963c7da785e42e940f02d01beb7c477d5
+    Sections:
+        .text:
+            Entropy: 6.1181571322303645
+            Virtual Size: '0xd66'
+        .rdata:
+            Entropy: 4.313686441268313
+            Virtual Size: '0x188'
+        .data:
+            Entropy: 0.0
+            Virtual Size: '0xc'
+        .pdata:
+            Entropy: 3.3006321366120503
+            Virtual Size: '0x84'
+        INIT:
+            Entropy: 4.548019208277369
+            Virtual Size: '0x24a'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR,
+                CN=Microsoft Windows Hardware Compatibility Publisher
+            ValidFrom: '2014-12-19 19:27:34'
+            ValidTo: '2016-03-19 19:27:34'
+            Signature: 9c8895d0b78e2fb9a8fff5d730270c52de3a7ead8c7e649a21d81298c0a56bed1fb109217ae8b55a5c3a4334ee73203e5d44c03ef843ef2b93621369e7079513d72985c1143d04b5f342dc3a92f554bd1a8a58943c177dda5dd7c3e5280891583cd251dac090051e36faa455e751498657c06ff9f886e6d431b498fce1ea596e21d8bc45c8ad97e2376158c2d18a1f1daaa694fd736ab959c8980358f5f83ccf340fc6594ddeb60587c567e7167ea1129a81f536222046cdde2706e30d6f2fb3b9984bace9f40afe2473a4b4ee4e1fb799259ba41101e08b546d55b55ecd52f10296d5ad0dadeba22cf7c250d5f029457c15f95dee91af4ee7ee0ed6f67ff4fc
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 330000001dc31a761624754f8000000000001d
+            Version: 3
+            TBS:
+                MD5: df2a0bc442ef65cd9973329be21c642f
+                SHA1: d13bcda797c6b986a1a45b7ce9184e87ba0f994c
+                SHA256: 41718d172e45eaa02ec88494587672cf50f96a310aebc5b49a66c0adae99edc5
+                SHA384: db7864a35b468726f3d431e07825ae860ddb0d6250b3bd8906f1b0ff98ce7b4c563c73288b01ec8f1ec5a2a06f31bc40
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2012
+            ValidFrom: '2012-04-18 23:48:38'
+            ValidTo: '2027-04-18 23:58:38'
+            Signature: 5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 610baac1000000000009
+            Version: 3
+            TBS:
+                MD5: a569061297e8e824767dbc3184a69bea
+                SHA1: adbb26a587a8f44b4fccaecb306f980d1c55a150
+                SHA256: cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46
+                SHA384: e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba
+        Signer:
+        -   SerialNumber: 330000001dc31a761624754f8000000000001d
+            Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2012
+            Version: 1
+    Imphash: d7de998e454f947f62d4a6b66490563b
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: d593aec08f96fe410f7a6b53e49551a0
+        SHA1: 2ea631bfe3fd765e3a03b3165790faf8fdd8286b
+        SHA256: 906d8412b357379db9512e3f584fcda1f788acc1337e5b4d4eff5e6fa59324a6
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2007-12-17 02:11:49'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: AsIO64.sys
+    ImportedFunctions:
+    - ZwClose
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeDelayExecutionThread
+    - IofCompleteRequest
+    - ZwUnmapViewOfSection
+    - IoIs32bitProcess
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - IoDeleteSymbolicLink
+    - DbgPrint
+    - HalTranslateBusAddress
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: 8065a7659562005127673ac52898675f
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ASUSTeK Computer Inc.
+    RichPEHeaderHash:
+        MD5: 59080883b71fd56bbf10ec0ae4b6bdd4
+        SHA1: 503a36a225568553cc9b05f63b3506c6ff21e12e
+        SHA256: bc812d4ddc3ecfbf38c4d0d185e368fc58bac6e07f722db032bf6303daa7c946
+    SHA1: fcde5275ee1913509927ce5f0f85e6681064c9d2
+    SHA256: b48a309ee0960da3caaaaf1e794e8c409993aeb3a2b64809f36b97aac8a1e62a
+    Sections:
+        .text:
+            Entropy: 6.269179908398606
+            Virtual Size: '0x106c'
+        .rdata:
+            Entropy: 4.398778967999751
+            Virtual Size: '0x19c'
+        .data:
+            Entropy: 0.0
+            Virtual Size: '0xc'
+        .pdata:
+            Entropy: 3.2766921576186183
+            Virtual Size: '0x84'
+        INIT:
+            Entropy: 4.419041794725205
+            Virtual Size: '0x218'
+    Signature:
+    - ASUSTeK Computer Inc.
+    - VeriSign Class 3 Code Signing 2004 CA
+    - VeriSign Class 3 Public Primary CA
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=TW, ST=Taiwan, L=Taipei / Peitou, O=ASUSTeK Computer Inc.,
+                OU=Digital ID Class 3 , Microsoft Software Validation v2, OU=Quality
+                Testing Department, CN=ASUSTeK Computer Inc.
+            ValidFrom: '2007-07-03 00:00:00'
+            ValidTo: '2008-07-26 23:59:59'
+            Signature: 2eca2db768d60f241f8c155b9db4bc91a02d16a3f1ec09059aa3b91a4ee0e44317d1f286d12133f44f4b282141287a8b9a3781b46184f732a599edb622e6057156d99221a130091c9f171f1a5f75125a68270d5c21ac379541136b8bf164a0ee6c9b9f5557754ea940f1c836e6d823528d764aaa41b038d84523e395c0ada5e17fea7912a0d10aa807fc0b89d4d116b92dbfc7028f1a23d5d679ac9a1023952a2cf98940ad5cc16bd9381403751ebd52c892205205d51d72b2a83ddb92547fce93e2b6617a42c7249312344ee0b9184859e8b1dd39bd5e61ab5999cbc8aa8807c8538c1926e49a9bbc29dcdf266a603c85f8df773c9659bcf08ffe2ba0f1cfa5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 23eab3ac30c7016a299c8d31d99f3ae8
+            Version: 3
+            TBS:
+                MD5: 54f73eaca10fe12ff2e14194e2f019b8
+                SHA1: 471cb77202e7d4941a5bff8ba813f5ed221dc32e
+                SHA256: 9dba2d4765226ca91fb7104e0cbd01308c4e8ed9727ea661eeaa473d7825ee35
+                SHA384: 272d877ad02e5487a0864e4d876a9e06fea5ead9cd149e7a48c4f111cfa8dc2f05f1042f2822b42360896da334e6390d
+        Signer:
+        -   SerialNumber: 23eab3ac30c7016a299c8d31d99f3ae8
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    Imphash: 5662b51943d85b7ca47a99cac81af985
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/268e87ba-ad44-4f3c-986f-26712cac68da.yaml b/yaml/268e87ba-ad44-4f3c-986f-26712cac68da.yaml
index 1798735e7..9c63bc2cb 100644
--- a/yaml/268e87ba-ad44-4f3c-986f-26712cac68da.yaml
+++ b/yaml/268e87ba-ad44-4f3c-986f-26712cac68da.yaml
@@ -1,337 +1,338 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 268e87ba-ad44-4f3c-986f-26712cac68da
+Tags:
+- Phymemx64.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create Phymemx64.sys binPath=C:\windows\temp\Phymemx64.sys type=kernel
-    && sc.exe start Phymemx64.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection: []
-Id: 268e87ba-ad44-4f3c-986f-26712cac68da
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 4325af5c85aa7bb0339389cf54d78817
-    SHA1: 3c9f40ac72b0202cb40627fdeb7298079187193a
-    SHA256: a6ae7364fd188c10d6b5a729a7ff58a3eb11e7feb0d107d18f9133655c11fb66
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2016-11-23 02:00:09'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: Phymemx64.sys
-  ImportedFunctions:
-  - ObfDereferenceObject
-  - ZwClose
-  - ZwOpenSection
-  - ObReferenceObjectByHandle
-  - ZwUnmapViewOfSection
-  - KeBugCheckEx
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - RtlCopyUnicodeString
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - IofCompleteRequest
-  - ZwMapViewOfSection
-  - RtlInitUnicodeString
-  - HalTranslateBusAddress
-  - WdfVersionUnbind
-  - WdfVersionBind
-  - WdfVersionBindClass
-  - WdfVersionUnbindClass
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  - WDFLDR.SYS
-  InternalName: ''
-  MD5: 715572dfe6fb10b16f980bfa242f3fa5
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: f4aa5622ff85e2086f92c9ac26b7d2b9
-    SHA1: a862ae538e1a011bc76d443f9899bb301d8fe21e
-    SHA256: 42dd8e27522c83dd188be1d03159a3cb141eda3d07f9fcb12aa2310e478f1066
-  SHA1: f42f28d164205d9f6dab9317c9fecad54c38d5d2
-  SHA256: 19a212e6fc324f4cb9ee5eba60f5c1fc0191799a4432265cbeaa3307c76a7fc0
-  Sections:
-    .text:
-      Entropy: 6.109907887975518
-      Virtual Size: '0xd3e'
-    .rdata:
-      Entropy: 4.038835060262648
-      Virtual Size: '0x4e4'
-    .data:
-      Entropy: 0.6146016951479871
-      Virtual Size: '0xf28'
-    .pdata:
-      Entropy: 3.5273168104817696
-      Virtual Size: '0xd8'
-    .gfids:
-      Entropy: 1.5
-      Virtual Size: '0x4'
-    INIT:
-      Entropy: 4.939906423726662
-      Virtual Size: '0x31e'
-    .reloc:
-      Entropy: 2.8820214465367484
-      Virtual Size: '0x24'
-  Signature:
-  - Huawei Technologies Co.,Ltd.
-  - VeriSign Class 3 Code Signing 2010 CA
-  - VeriSign
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=CN, ST=Guangdong, L=Shenzhen, O=Huawei Technologies Co.,Ltd., OU=Handset
-        Engineer Testing Department (Dongguan), CN=Huawei Technologies Co.,Ltd.
-      ValidFrom: '2014-08-26 00:00:00'
-      ValidTo: '2017-10-24 23:59:59'
-      Signature: 26ae5c92dcdd43ce7bb0268607a9ae0b1a0285edaf34485ad22397a5c488a1bb50d7bdd0920096ad9607b6f14e99e5678022730b02e37d19fa3ae2570290b232b26b816cba6ed7e040a8cb194c0ae2c904c4fa2374b568435655d3491e0df8c5ab2291d0b95135b425f05d79a46f6848d57c7b500f5cd136c1c505ad2513b235f3cc70fbe8e2322515d88c7e0b00d2be887ddc85a709baccf6999097ca01aa284136d0459b6c4af18ec967796e58411af5408ef5ce0e6570cffb3b5937af9c20d58b21416ac11dc09bcb4af20ab90ae95c04fc0a47129641eb7501954aa957c03181342ceb5371257a83307b5de647054be114f91076e8effdbc8dff85ed7a4d
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 4c1a3d7c5bdaef3e1166416afe8138e9
-      Version: 3
-      TBS:
-        MD5: 1a0a4179e76daa46743b2539b13fd821
-        SHA1: 2b9c5371e6b6dab977a12c14592a33a9827ccc63
-        SHA256: 2f093794212c50c6bf6bb6251bcbbcbee9b288538bc8f0561d3bd61321876bc0
-        SHA384: 7657965883c498864c4e30f49c9cc0ca47bb7cfca05febb54303e3d84964ebb59e979a6e55f59f4216ff11c84fdbafed
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 4c1a3d7c5bdaef3e1166416afe8138e9
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 9e15ce38f071c916bea830247f1241bb
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 4325af5c85aa7bb0339389cf54d78817
-    SHA1: 3c9f40ac72b0202cb40627fdeb7298079187193a
-    SHA256: a6ae7364fd188c10d6b5a729a7ff58a3eb11e7feb0d107d18f9133655c11fb66
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2016-11-23 02:00:09'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: Phymemx64.sys
-  ImportedFunctions:
-  - ObfDereferenceObject
-  - ZwClose
-  - ZwOpenSection
-  - ObReferenceObjectByHandle
-  - ZwUnmapViewOfSection
-  - KeBugCheckEx
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - RtlCopyUnicodeString
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - IofCompleteRequest
-  - ZwMapViewOfSection
-  - RtlInitUnicodeString
-  - HalTranslateBusAddress
-  - WdfVersionUnbind
-  - WdfVersionBind
-  - WdfVersionBindClass
-  - WdfVersionUnbindClass
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  - WDFLDR.SYS
-  InternalName: ''
-  MD5: e7ab83a655b0cd934a19d94ac81e4eec
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: f4aa5622ff85e2086f92c9ac26b7d2b9
-    SHA1: a862ae538e1a011bc76d443f9899bb301d8fe21e
-    SHA256: 42dd8e27522c83dd188be1d03159a3cb141eda3d07f9fcb12aa2310e478f1066
-  SHA1: 6ecfc7ccc4843812bfccfb7e91594c018f0a0ff9
-  SHA256: 88df37ede18bea511f1782c1a6c4915690b29591cf2c1bf5f52201fbbb4fa2b9
-  Sections:
-    .text:
-      Entropy: 6.109907887975518
-      Virtual Size: '0xd3e'
-    .rdata:
-      Entropy: 4.038835060262648
-      Virtual Size: '0x4e4'
-    .data:
-      Entropy: 0.6146016951479871
-      Virtual Size: '0xf28'
-    .pdata:
-      Entropy: 3.5273168104817696
-      Virtual Size: '0xd8'
-    .gfids:
-      Entropy: 1.5
-      Virtual Size: '0x4'
-    INIT:
-      Entropy: 4.939906423726662
-      Virtual Size: '0x31e'
-    .reloc:
-      Entropy: 2.8820214465367484
-      Virtual Size: '0x24'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=CN, ST=Guangdong, L=Shenzhen, O=Huawei Technologies Co., Ltd., OU=Consumer
-        Business Group, CN=Huawei Technologies Co., Ltd.
-      ValidFrom: '2017-10-30 00:00:00'
-      ValidTo: '2021-01-23 23:59:59'
-      Signature: 53d3330f00f18d9f5704ab37420ac867216e0cabf74f67b5da22f19db9bd3221a7f3dd478511cbe501c046d577fb2ff74393869d165bbb4d4c1c0554b73526375e69ce1cb3635070afa1998a4409090def6c19b855b690e95792d5fd469087ebd0243bebfeb0d7e61c88b6c0105f93f48f126bd20c624e547604ab1d88d2896086790ee5d63e184c27333d44d5e53b2d83de1711d3e85b550badc259f5b52f1c5c0092d2139479ec9aae77e444458fc6671111e79e401cde8e1f7cec7370e34364fa6d9dc64c4802ccf01f04af42c465fa3f05e4968c9d2ad6662f44aaa779a6ab37acd8610f1cf54609c4996a114c80c2c3d7e04946ee58e33f5bd8bdfddc04
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 6e715e33f17ad55bcbf98c1f14d21f2f
-      Version: 3
-      TBS:
-        MD5: aa829cf7369d285dbb428dc14444e6ae
-        SHA1: d5a4543912490c76c0a6d42d9a8dde8024d100c9
-        SHA256: 23c19e1c5a1aba427880a0c6c552ad0fb4ce5185a5e783594d77400883a534af
-        SHA384: 2e191d17c7390f5225f0abbade1c830576a7672bbd853e29d93bd0229ef50ec4913fab0df982a71db9b057195b742075
-    - Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 SHA256 Code Signing CA
-      ValidFrom: '2013-12-10 00:00:00'
-      ValidTo: '2023-12-09 23:59:59'
-      Signature: 13851a1e69a937f7a0bda4af7e1d6153fe9d8c5e0ca6751e781723ddfdec1a035539fb7195c7655aa78e30d2445a61db706fda2105c22e73ba49f1d193fe5dc9cd5e03e0899e3f741ed7f7388ba9d6cfbb352f3358a89256d1c84d3b82e6798416fc28b0b147f31da23eee87d9a67fa456a53fad842e29de7cbca8aaa33d0401eaba93a20e502229174c87e43a115fd6a425899b056b2fb4c9014c277b0bac190522a060153fdac9fb4d4c8ffb726777fd2794c7ba350e8849fe8dfd28af4a12bd0db39705de440c15fa362b03dcc15001f1a1115d14e5e2bd274b54be2b845e0fa6c374050aef97c38922b11f77f3bdcd43d4f14ca93fb58b84af64f2d01421
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 3d78d7f9764960b2617df4f01eca862a
-      Version: 3
-      TBS:
-        MD5: 1f056ff7d5f874984dc605402b7cb042
-        SHA1: bdb348353a2203deb4b767914fa1bd7248dd728b
-        SHA256: a08e79c386083d875014c409c13d144e0a24386132980df11ff59737c8489eb1
-        SHA384: fa2729064b49e0d77540c1ee95d5f74acaf8eaf55197851a3a40383335f8113e51190bc48b552196edf8ac5cf0c89278
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    Signer:
-    - SerialNumber: 6e715e33f17ad55bcbf98c1f14d21f2f
-      Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 SHA256 Code Signing CA
-      Version: 1
-  Imphash: 9e15ce38f071c916bea830247f1241bb
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create Phymemx64.sys binPath=C:\windows\temp\Phymemx64.sys type=kernel
+        && sc.exe start Phymemx64.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://github.com/eclypsium/Screwed-Drivers/blob/master/DRIVERS.md
-Tags:
-- Phymemx64.sys
-Verified: 'TRUE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 4325af5c85aa7bb0339389cf54d78817
+        SHA1: 3c9f40ac72b0202cb40627fdeb7298079187193a
+        SHA256: a6ae7364fd188c10d6b5a729a7ff58a3eb11e7feb0d107d18f9133655c11fb66
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2016-11-23 02:00:09'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: Phymemx64.sys
+    ImportedFunctions:
+    - ObfDereferenceObject
+    - ZwClose
+    - ZwOpenSection
+    - ObReferenceObjectByHandle
+    - ZwUnmapViewOfSection
+    - KeBugCheckEx
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - RtlCopyUnicodeString
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - IofCompleteRequest
+    - ZwMapViewOfSection
+    - RtlInitUnicodeString
+    - HalTranslateBusAddress
+    - WdfVersionUnbind
+    - WdfVersionBind
+    - WdfVersionBindClass
+    - WdfVersionUnbindClass
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    - WDFLDR.SYS
+    InternalName: ''
+    MD5: 715572dfe6fb10b16f980bfa242f3fa5
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: f4aa5622ff85e2086f92c9ac26b7d2b9
+        SHA1: a862ae538e1a011bc76d443f9899bb301d8fe21e
+        SHA256: 42dd8e27522c83dd188be1d03159a3cb141eda3d07f9fcb12aa2310e478f1066
+    SHA1: f42f28d164205d9f6dab9317c9fecad54c38d5d2
+    SHA256: 19a212e6fc324f4cb9ee5eba60f5c1fc0191799a4432265cbeaa3307c76a7fc0
+    Sections:
+        .text:
+            Entropy: 6.109907887975518
+            Virtual Size: '0xd3e'
+        .rdata:
+            Entropy: 4.038835060262648
+            Virtual Size: '0x4e4'
+        .data:
+            Entropy: 0.6146016951479871
+            Virtual Size: '0xf28'
+        .pdata:
+            Entropy: 3.5273168104817696
+            Virtual Size: '0xd8'
+        .gfids:
+            Entropy: 1.5
+            Virtual Size: '0x4'
+        INIT:
+            Entropy: 4.939906423726662
+            Virtual Size: '0x31e'
+        .reloc:
+            Entropy: 2.8820214465367484
+            Virtual Size: '0x24'
+    Signature:
+    - Huawei Technologies Co.,Ltd.
+    - VeriSign Class 3 Code Signing 2010 CA
+    - VeriSign
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=CN, ST=Guangdong, L=Shenzhen, O=Huawei Technologies Co.,Ltd.,
+                OU=Handset Engineer Testing Department (Dongguan), CN=Huawei Technologies
+                Co.,Ltd.
+            ValidFrom: '2014-08-26 00:00:00'
+            ValidTo: '2017-10-24 23:59:59'
+            Signature: 26ae5c92dcdd43ce7bb0268607a9ae0b1a0285edaf34485ad22397a5c488a1bb50d7bdd0920096ad9607b6f14e99e5678022730b02e37d19fa3ae2570290b232b26b816cba6ed7e040a8cb194c0ae2c904c4fa2374b568435655d3491e0df8c5ab2291d0b95135b425f05d79a46f6848d57c7b500f5cd136c1c505ad2513b235f3cc70fbe8e2322515d88c7e0b00d2be887ddc85a709baccf6999097ca01aa284136d0459b6c4af18ec967796e58411af5408ef5ce0e6570cffb3b5937af9c20d58b21416ac11dc09bcb4af20ab90ae95c04fc0a47129641eb7501954aa957c03181342ceb5371257a83307b5de647054be114f91076e8effdbc8dff85ed7a4d
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 4c1a3d7c5bdaef3e1166416afe8138e9
+            Version: 3
+            TBS:
+                MD5: 1a0a4179e76daa46743b2539b13fd821
+                SHA1: 2b9c5371e6b6dab977a12c14592a33a9827ccc63
+                SHA256: 2f093794212c50c6bf6bb6251bcbbcbee9b288538bc8f0561d3bd61321876bc0
+                SHA384: 7657965883c498864c4e30f49c9cc0ca47bb7cfca05febb54303e3d84964ebb59e979a6e55f59f4216ff11c84fdbafed
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 4c1a3d7c5bdaef3e1166416afe8138e9
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 9e15ce38f071c916bea830247f1241bb
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 4325af5c85aa7bb0339389cf54d78817
+        SHA1: 3c9f40ac72b0202cb40627fdeb7298079187193a
+        SHA256: a6ae7364fd188c10d6b5a729a7ff58a3eb11e7feb0d107d18f9133655c11fb66
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2016-11-23 02:00:09'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: Phymemx64.sys
+    ImportedFunctions:
+    - ObfDereferenceObject
+    - ZwClose
+    - ZwOpenSection
+    - ObReferenceObjectByHandle
+    - ZwUnmapViewOfSection
+    - KeBugCheckEx
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - RtlCopyUnicodeString
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - IofCompleteRequest
+    - ZwMapViewOfSection
+    - RtlInitUnicodeString
+    - HalTranslateBusAddress
+    - WdfVersionUnbind
+    - WdfVersionBind
+    - WdfVersionBindClass
+    - WdfVersionUnbindClass
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    - WDFLDR.SYS
+    InternalName: ''
+    MD5: e7ab83a655b0cd934a19d94ac81e4eec
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: f4aa5622ff85e2086f92c9ac26b7d2b9
+        SHA1: a862ae538e1a011bc76d443f9899bb301d8fe21e
+        SHA256: 42dd8e27522c83dd188be1d03159a3cb141eda3d07f9fcb12aa2310e478f1066
+    SHA1: 6ecfc7ccc4843812bfccfb7e91594c018f0a0ff9
+    SHA256: 88df37ede18bea511f1782c1a6c4915690b29591cf2c1bf5f52201fbbb4fa2b9
+    Sections:
+        .text:
+            Entropy: 6.109907887975518
+            Virtual Size: '0xd3e'
+        .rdata:
+            Entropy: 4.038835060262648
+            Virtual Size: '0x4e4'
+        .data:
+            Entropy: 0.6146016951479871
+            Virtual Size: '0xf28'
+        .pdata:
+            Entropy: 3.5273168104817696
+            Virtual Size: '0xd8'
+        .gfids:
+            Entropy: 1.5
+            Virtual Size: '0x4'
+        INIT:
+            Entropy: 4.939906423726662
+            Virtual Size: '0x31e'
+        .reloc:
+            Entropy: 2.8820214465367484
+            Virtual Size: '0x24'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=CN, ST=Guangdong, L=Shenzhen, O=Huawei Technologies Co., Ltd.,
+                OU=Consumer Business Group, CN=Huawei Technologies Co., Ltd.
+            ValidFrom: '2017-10-30 00:00:00'
+            ValidTo: '2021-01-23 23:59:59'
+            Signature: 53d3330f00f18d9f5704ab37420ac867216e0cabf74f67b5da22f19db9bd3221a7f3dd478511cbe501c046d577fb2ff74393869d165bbb4d4c1c0554b73526375e69ce1cb3635070afa1998a4409090def6c19b855b690e95792d5fd469087ebd0243bebfeb0d7e61c88b6c0105f93f48f126bd20c624e547604ab1d88d2896086790ee5d63e184c27333d44d5e53b2d83de1711d3e85b550badc259f5b52f1c5c0092d2139479ec9aae77e444458fc6671111e79e401cde8e1f7cec7370e34364fa6d9dc64c4802ccf01f04af42c465fa3f05e4968c9d2ad6662f44aaa779a6ab37acd8610f1cf54609c4996a114c80c2c3d7e04946ee58e33f5bd8bdfddc04
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 6e715e33f17ad55bcbf98c1f14d21f2f
+            Version: 3
+            TBS:
+                MD5: aa829cf7369d285dbb428dc14444e6ae
+                SHA1: d5a4543912490c76c0a6d42d9a8dde8024d100c9
+                SHA256: 23c19e1c5a1aba427880a0c6c552ad0fb4ce5185a5e783594d77400883a534af
+                SHA384: 2e191d17c7390f5225f0abbade1c830576a7672bbd853e29d93bd0229ef50ec4913fab0df982a71db9b057195b742075
+        -   Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 SHA256 Code Signing CA
+            ValidFrom: '2013-12-10 00:00:00'
+            ValidTo: '2023-12-09 23:59:59'
+            Signature: 13851a1e69a937f7a0bda4af7e1d6153fe9d8c5e0ca6751e781723ddfdec1a035539fb7195c7655aa78e30d2445a61db706fda2105c22e73ba49f1d193fe5dc9cd5e03e0899e3f741ed7f7388ba9d6cfbb352f3358a89256d1c84d3b82e6798416fc28b0b147f31da23eee87d9a67fa456a53fad842e29de7cbca8aaa33d0401eaba93a20e502229174c87e43a115fd6a425899b056b2fb4c9014c277b0bac190522a060153fdac9fb4d4c8ffb726777fd2794c7ba350e8849fe8dfd28af4a12bd0db39705de440c15fa362b03dcc15001f1a1115d14e5e2bd274b54be2b845e0fa6c374050aef97c38922b11f77f3bdcd43d4f14ca93fb58b84af64f2d01421
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 3d78d7f9764960b2617df4f01eca862a
+            Version: 3
+            TBS:
+                MD5: 1f056ff7d5f874984dc605402b7cb042
+                SHA1: bdb348353a2203deb4b767914fa1bd7248dd728b
+                SHA256: a08e79c386083d875014c409c13d144e0a24386132980df11ff59737c8489eb1
+                SHA384: fa2729064b49e0d77540c1ee95d5f74acaf8eaf55197851a3a40383335f8113e51190bc48b552196edf8ac5cf0c89278
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        Signer:
+        -   SerialNumber: 6e715e33f17ad55bcbf98c1f14d21f2f
+            Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 SHA256 Code Signing CA
+            Version: 1
+    Imphash: 9e15ce38f071c916bea830247f1241bb
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/2740a074-1e06-4f75-9c6a-dc57a3f85189.yaml b/yaml/2740a074-1e06-4f75-9c6a-dc57a3f85189.yaml
index 790b85536..134f4cb90 100644
--- a/yaml/2740a074-1e06-4f75-9c6a-dc57a3f85189.yaml
+++ b/yaml/2740a074-1e06-4f75-9c6a-dc57a3f85189.yaml
@@ -1,129 +1,129 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 2740a074-1e06-4f75-9c6a-dc57a3f85189
+Tags:
+- POORTRY1.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: malicious
-Commands:
-  Command: sc.exe create POORTRY1.sys binPath=C:\windows\temp\POORTRY1.sys type=kernel
-    && sc.exe start POORTRY1.sys
-  Description: Driver categorized as POORTRY by Mandiant.
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-03-04'
-Detection: []
-Id: 2740a074-1e06-4f75-9c6a-dc57a3f85189
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 887c566bdc8ed5231f45a37845d5ee89
-    SHA1: e6ab2bbad89502d8985381b33d7351eb97cb2b78
-    SHA256: 565733b6e6d8f7b9661f04a3b4f29372f5dec080512551204b92ac4916a144cb
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2013-12-12 10:14:51'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: POORTRY1.sys
-  ImportedFunctions:
-  - ExAllocatePoolWithTag
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - RtlAnsiStringToUnicodeString
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - IoCreateFile
-  - RtlInitString
-  - RtlFreeUnicodeString
-  - ZwQueryDirectoryFile
-  - ZwClose
-  - IofCompleteRequest
-  - IoIsWdmVersionAvailable
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - DbgPrint
-  - KeBugCheckEx
-  - __chkstk
-  Imports:
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: acac842a46f3501fe407b1db1b247a0b
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: b8bd897847f9fb59fd2cd13a53dd67bd
-    SHA1: 3db6a537756d68d4e961e37bc17960881214eca4
-    SHA256: 0418235f7944cd80b88942aa7c406a353062afb5f821b5d7e8bd9628e6db3325
-  SHA1: 31fac347aa26e92db4d8c9e1ba37a7c7a2234f08
-  SHA256: 575e58b62afab094c20c296604dc3b7dd2e1a50f5978d8ee24b7dca028e97316
-  Sections:
-    .text:
-      Entropy: 5.937121058090373
-      Virtual Size: '0xb9b'
-    .rdata:
-      Entropy: 4.490966677486938
-      Virtual Size: '0x1ac'
-    .data:
-      Entropy: 0.5159719988134768
-      Virtual Size: '0x110'
-    .pdata:
-      Entropy: 3.286805294060428
-      Virtual Size: '0x90'
-    INIT:
-      Entropy: 5.062533995350018
-      Virtual Size: '0x2c0'
-  Signature:
-  - Microsoft Windows Hardware Compatibility Publisher
-  - Microsoft Windows Third Party Component CA 2014
-  - Microsoft Root Certificate Authority 2010
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Hardware Compatibility Publisher
-      ValidFrom: '2022-06-07 18:08:06'
-      ValidTo: '2023-06-01 18:08:06'
-      Signature: 0a835e40cdb627d4f0a0d3dbbf64a46a05c132d0b5df9d11cd9c195d7037737057d57a342732ae68d67de47f460e7211c7c40dc29b0a079caff871c4834a9a2fc85e759de9b78659ad6fd79b7320e538e9ba5d52227ad67cc00b0a770ef662af3d743a558643ad89cfb015591709a69b6271a9b65db71898e7cb9964c6376dc474898301a6133198b486b518fdd9d7b9723dcffc441e026833f7c72e27986026c97b9184a0048b10d1fe6847ae467f02173f7a69120be780e5b6b9e6399402cc58735a31b537cc33578fbea443135a4a612359150bcf9ab316f6a9248bc71ef3f3480b9b3fa2341692bc3a121d80214688f7bd87d5ec56dcbd0ea61abf2c7ed2b739a07590adb596d401735d955f5f94c591d69ab4363a42f9fca549d439495711ff7990448c03724792ed4acf31f2b35b136c1b2f37aa82b1aabf7daf059dcb2e976e95311ec6e9cc53876dd09632cf512d39c801849a7c1088a565691953e07c7ff17b22518e982dd2dcc0feda8c834ca1f5e247aef1c3af5f13cd4b8cc1b6c0179bc876db88d677047c34366533e349796dbdea86389ad640710b7742ae8cc4ec88f10fa80ede4b1c93f81b55480fc8228216d54813df0327e74b3db9f3512a40c0568e4215827f9b7a2613deea72a7ec4df2def05e5559015049fe83edc83300526045cb128119e131b7d3573b268e24b0a25b9ad59f6301c8fc8f409322
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 3300000057ee4d659a923e7c10000000000057
-      Version: 3
-      TBS:
-        MD5: fdc11a5676aed4e9cc0c09eeb7450dfb
-        SHA1: 4902077d9a05d4231b791d3b05bafa4a79132f03
-        SHA256: 5db56c23d83bf67c7152e28ad4a684a7372b4ae4f52afe7a81ce91eef94caec3
-        SHA384: c952d7f0e0ea5216ce4400601fb7c0829f0f3fcd6eb2b5b9112fbe45d133e00c4abd660f8e1794f7ac4ef95123e2c0ab
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2014
-      ValidFrom: '2014-10-15 20:31:27'
-      ValidTo: '2029-10-15 20:41:27'
-      Signature: 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 330000000d690d5d7893d076df00000000000d
-      Version: 3
-      TBS:
-        MD5: 83f69422963f11c3c340b81712eef319
-        SHA1: 0c5e5f24590b53bc291e28583acb78e5adc95601
-        SHA256: d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
-        SHA384: 260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63
-    Signer:
-    - SerialNumber: 3300000057ee4d659a923e7c10000000000057
-      Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2014
-      Version: 1
-  Imphash: 3fd33d5b3b52e2db91983ac4b1d7a3c4
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: malicious
+Commands:
+    Command: sc.exe create POORTRY1.sys binPath=C:\windows\temp\POORTRY1.sys type=kernel
+        && sc.exe start POORTRY1.sys
+    Description: Driver categorized as POORTRY by Mandiant.
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://www.mandiant.com/resources/blog/hunting-attestation-signed-malware
 - ''
-Tags:
-- POORTRY1.sys
-Verified: 'TRUE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 887c566bdc8ed5231f45a37845d5ee89
+        SHA1: e6ab2bbad89502d8985381b33d7351eb97cb2b78
+        SHA256: 565733b6e6d8f7b9661f04a3b4f29372f5dec080512551204b92ac4916a144cb
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2013-12-12 10:14:51'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: POORTRY1.sys
+    ImportedFunctions:
+    - ExAllocatePoolWithTag
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - RtlAnsiStringToUnicodeString
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - IoCreateFile
+    - RtlInitString
+    - RtlFreeUnicodeString
+    - ZwQueryDirectoryFile
+    - ZwClose
+    - IofCompleteRequest
+    - IoIsWdmVersionAvailable
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - DbgPrint
+    - KeBugCheckEx
+    - __chkstk
+    Imports:
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: acac842a46f3501fe407b1db1b247a0b
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: b8bd897847f9fb59fd2cd13a53dd67bd
+        SHA1: 3db6a537756d68d4e961e37bc17960881214eca4
+        SHA256: 0418235f7944cd80b88942aa7c406a353062afb5f821b5d7e8bd9628e6db3325
+    SHA1: 31fac347aa26e92db4d8c9e1ba37a7c7a2234f08
+    SHA256: 575e58b62afab094c20c296604dc3b7dd2e1a50f5978d8ee24b7dca028e97316
+    Sections:
+        .text:
+            Entropy: 5.937121058090373
+            Virtual Size: '0xb9b'
+        .rdata:
+            Entropy: 4.490966677486938
+            Virtual Size: '0x1ac'
+        .data:
+            Entropy: 0.5159719988134768
+            Virtual Size: '0x110'
+        .pdata:
+            Entropy: 3.286805294060428
+            Virtual Size: '0x90'
+        INIT:
+            Entropy: 5.062533995350018
+            Virtual Size: '0x2c0'
+    Signature:
+    - Microsoft Windows Hardware Compatibility Publisher
+    - Microsoft Windows Third Party Component CA 2014
+    - Microsoft Root Certificate Authority 2010
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Hardware Compatibility Publisher
+            ValidFrom: '2022-06-07 18:08:06'
+            ValidTo: '2023-06-01 18:08:06'
+            Signature: 0a835e40cdb627d4f0a0d3dbbf64a46a05c132d0b5df9d11cd9c195d7037737057d57a342732ae68d67de47f460e7211c7c40dc29b0a079caff871c4834a9a2fc85e759de9b78659ad6fd79b7320e538e9ba5d52227ad67cc00b0a770ef662af3d743a558643ad89cfb015591709a69b6271a9b65db71898e7cb9964c6376dc474898301a6133198b486b518fdd9d7b9723dcffc441e026833f7c72e27986026c97b9184a0048b10d1fe6847ae467f02173f7a69120be780e5b6b9e6399402cc58735a31b537cc33578fbea443135a4a612359150bcf9ab316f6a9248bc71ef3f3480b9b3fa2341692bc3a121d80214688f7bd87d5ec56dcbd0ea61abf2c7ed2b739a07590adb596d401735d955f5f94c591d69ab4363a42f9fca549d439495711ff7990448c03724792ed4acf31f2b35b136c1b2f37aa82b1aabf7daf059dcb2e976e95311ec6e9cc53876dd09632cf512d39c801849a7c1088a565691953e07c7ff17b22518e982dd2dcc0feda8c834ca1f5e247aef1c3af5f13cd4b8cc1b6c0179bc876db88d677047c34366533e349796dbdea86389ad640710b7742ae8cc4ec88f10fa80ede4b1c93f81b55480fc8228216d54813df0327e74b3db9f3512a40c0568e4215827f9b7a2613deea72a7ec4df2def05e5559015049fe83edc83300526045cb128119e131b7d3573b268e24b0a25b9ad59f6301c8fc8f409322
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 3300000057ee4d659a923e7c10000000000057
+            Version: 3
+            TBS:
+                MD5: fdc11a5676aed4e9cc0c09eeb7450dfb
+                SHA1: 4902077d9a05d4231b791d3b05bafa4a79132f03
+                SHA256: 5db56c23d83bf67c7152e28ad4a684a7372b4ae4f52afe7a81ce91eef94caec3
+                SHA384: c952d7f0e0ea5216ce4400601fb7c0829f0f3fcd6eb2b5b9112fbe45d133e00c4abd660f8e1794f7ac4ef95123e2c0ab
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2014
+            ValidFrom: '2014-10-15 20:31:27'
+            ValidTo: '2029-10-15 20:41:27'
+            Signature: 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 330000000d690d5d7893d076df00000000000d
+            Version: 3
+            TBS:
+                MD5: 83f69422963f11c3c340b81712eef319
+                SHA1: 0c5e5f24590b53bc291e28583acb78e5adc95601
+                SHA256: d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
+                SHA384: 260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63
+        Signer:
+        -   SerialNumber: 3300000057ee4d659a923e7c10000000000057
+            Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2014
+            Version: 1
+    Imphash: 3fd33d5b3b52e2db91983ac4b1d7a3c4
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/275c80c5-a67c-4536-b29e-4e481242cb01.yaml b/yaml/275c80c5-a67c-4536-b29e-4e481242cb01.yaml
index 6e9453eda..ba273532a 100644
--- a/yaml/275c80c5-a67c-4536-b29e-4e481242cb01.yaml
+++ b/yaml/275c80c5-a67c-4536-b29e-4e481242cb01.yaml
@@ -1,4649 +1,4678 @@
 Id: 275c80c5-a67c-4536-b29e-4e481242cb01
+Tags:
+- RTCore64.sys
+Verified: 'TRUE'
 Author: Nasreddine Bencherchali
 Created: '2023-05-06'
 MitreID: T1068
 Category: vulnerable driver
-Verified: 'TRUE'
 Commands:
-  Command: sc.exe create RTCore64.sys binPath=C:\windows\temp\RTCore64.sys type=kernel
-    && sc.exe start RTCore64.sys
-  Description: ''
-  Usecase: Elevate privileges
-  Privileges: kernel
-  OperatingSystem: Windows 10
+    Command: sc.exe create RTCore64.sys binPath=C:\windows\temp\RTCore64.sys type=kernel
+        && sc.exe start RTCore64.sys
+    Description: ''
+    Usecase: Elevate privileges
+    Privileges: kernel
+    OperatingSystem: Windows 10
 Resources:
 - Internal Research
-Acknowledgement:
-  Person: ''
-  Handle: ''
 Detection: []
+Acknowledgement:
+    Person: ''
+    Handle: ''
 KnownVulnerableSamples:
-- Filename: RTCore64.sys
-  MD5: 3ecd3ca61ffc54b0d93f8b19161b83da
-  SHA1: 4f376b1d1439477a426ef3c52e8c1c69c2cb5305
-  SHA256: 03e0581432f5c8cc727a8aa387f5b69ff84d38d0df6f1226c19c6e960a81e1e9
-  Authentihash:
-    MD5: a17d227444e090ff69e24fcb6d43162b
-    SHA1: 43d3a3c1f7b14cfcc051cae2534dbbbb4c7fc120
-    SHA256: b8eb26b6f79020ae988e4fb752dc06e1b6779749bf4f8df2872fc2b92bab8020
-  Description: ''
-  Company: ''
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  Product: ''
-  ProductVersion: ''
-  Copyright: ''
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - RtlInitUnicodeString
-  - ZwClose
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - IoDeleteSymbolicLink
-  - IofCompleteRequest
-  - MmIsAddressValid
-  - ZwUnmapViewOfSection
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - __C_specific_handler
-  - IoDeleteDevice
-  - HalTranslateBusAddress
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
-        Primary Object Publishing CA
-      ValidFrom: '1999-01-28 12:00:00'
-      ValidTo: '2014-01-27 11:00:00'
-      Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9611cd6
-      Version: 3
-      TBS:
-        MD5: 698f075151097d84c0b1f3e7bc3d6fca
-        SHA1: 041750993d7c9e063f02dfe74699598640911aab
-        SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
-        SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
-    - Subject: C=TW, O=Micro,Star Int'l Co. Ltd., CN=Micro,Star Int'l Co. Ltd.
-      ValidFrom: '2008-08-28 09:49:45'
-      ValidTo: '2011-08-28 09:49:45'
-      Signature: 572df373e9b036711b3cf5ee882e5d75d8d50f012407cf0c1b554ff8f41c7b6477fa0b2ad579f2c1fe7b8b9d7374b690527c219eb979686fb67d0b4cf2885d8d7d1261f05cb72fe4c9f294c52aa05f3e5d1ceb0d77085dbd6af07978032505da666f353283a8982af26985e69c1599479945b591124183574b8a4cc34caa62e31b523dac3fedbd04951b3661399ed34f5c5868d9bbe3295fc09890d9521e1cdcae2ff129f547d4c8ce8aa08616107c555fac60e5b63c14ddfeb6962af3608b75d9c77c69260d8af9775b83afaa15b8ecef6840cb4ee87d451f9042b49735ea40931c0664c8c2bf6a139db6ac5b90edcea63a6bf5b54978f027b1046170d476d0
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0100000000011c08b7f67e
-      Version: 3
-      TBS:
-        MD5: 4566c37f56f951a0ce5b4ae966c0ea9f
-        SHA1: a51cbf2834eb6f8535bc5e44913a9ec979379782
-        SHA256: 88a8e9a799af515b9223e4cdf24d0ef1e72f12124be02786f026a3c26317b417
-        SHA384: d8d8769d5b6a0fe7c56fcde24c735475ee0e5d01c63dbf7690cdae5a3e251818bed42443d0c6424d39e81a19d6c83bdb
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      ValidFrom: '2004-01-22 09:00:00'
-      ValidTo: '2014-01-27 10:00:00'
-      Signature: 3c4a010267edf20a2e736e40252f1dccbc2db652141b27122cf1229e190a89b6ef352a29152b1a88c20f37168d2602d5e93080f608b9939ac0498f332c3035ff4ab9892aa75c38e761a778fe22851a07b4b9edcf21f25ddedff329c5d38d9e14c4285c88e590a300442912b23e759540244a6beee2d0ef862ddf6d741a4f1cc79424c443464f7b81015d23733cd9752e995361565e7ccd13e237d222e570f8a743f6154147fda24702c43651ca545da6cdcad61817533ff1d38e0f0aafda17941657a0991431c90e1611d2c04ca2a25978fbb6b933cff763c9d2c4c84953dd8a59525e7d3b385eed220360ac85cd58325dcdc31c07fa7ef67efbc8ac378be498
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000117ab50b915
-      Version: 3
-      TBS:
-        MD5: 5686b287d716c4d2428b092c4ef30f9c
-        SHA1: 306fb5fbeb3d531510bb4b663c4fd48adc121e14
-        SHA256: 60846fc990e271a707cd2d53d0bb21834a04f7652214aa0c12597ff6649d352d
-        SHA384: 6b37b28ca97b32a31b0fa53b5e961ae0f2d1aae2c5bf46de132e57834ee3968d9af7ad204821f9389cc4e0b5a8481fe8
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 0100000000011c08b7f67e
-      Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: deb9c1e252f598099d70d2b33a313da3
-    SHA1: f0c2801e0091ed6f5e10ea7045e911aa90030290
-    SHA256: 914fb9761d50c3fa2ecf9fbd8af3735f9b8d6c4903e067c8af9546e79b6f22c7
-  Sections:
-    .text:
-      Entropy: 5.7214393917162045
-      Virtual Size: '0xc74'
-    .rdata:
-      Entropy: 3.4063014058939425
-      Virtual Size: '0x130'
-    .data:
-      Entropy: 2.4884950805464947
-      Virtual Size: '0x58'
-    .pdata:
-      Entropy: 3.1879942043708462
-      Virtual Size: '0x60'
-    INIT:
-      Entropy: 4.4494366822955245
-      Virtual Size: '0x202'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2005-05-25 00:39:12'
-  Imphash: 543f80399f79401471523d335ea61642
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: RTCore64.sys
-  MD5: 925ee3f3227c3b63e141ba16bd83f024
-  SHA1: 57ea07ab767f11c81c6468b1f8a3d5f4618b800b
-  SHA256: 0466dac557ee161503f5dfbd3549f81ec760c3d6c7c4363a21a03e7a3f66aca8
-  Authentihash:
-    MD5: 55466195f0b2f4afc4243b43a806e6d9
-    SHA1: 38b353d8480885de5dcf299deca99ce4f26a1d20
-    SHA256: 5182caf10de9cec0740ecde5a081c21cdc100d7eb328ffe6f3f63183889fec6b
-  Description: ''
-  Company: ''
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  Product: ''
-  ProductVersion: ''
-  Copyright: ''
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - RtlInitUnicodeString
-  - ZwClose
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - MmMapIoSpace
-  - IoDeleteSymbolicLink
-  - IofCompleteRequest
-  - ZwUnmapViewOfSection
-  - MmUnmapIoSpace
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - __C_specific_handler
-  - IoDeleteDevice
-  - HalTranslateBusAddress
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: OU=Timestamping CA, O=GlobalSign, CN=GlobalSign Timestamping CA
-      ValidFrom: '2009-03-18 11:00:00'
-      ValidTo: '2028-01-28 12:00:00'
-      Signature: 5df6cb2b0d0140849f857a43706ae0c5e7aa0600d76713c9089131654f14a8a905dc389e6aa0300abd8dc78028ee4245ca94f3de5845a9803204f5595c6a70003927944df5b44634e81c5331b2b35416e9cc42abd5d959301cfb462725b88723b1e8758824831ec876377b01494548a4ede25dd27c9ca2dc2dba105a126265abae00c710343bcb72bd14240cdcc37627b4a7fee15829f20e169f91391d89a6e60f1c878ce258ac927e243eaaec14e73a33348bc63bac83ab0f14627aba1a2d4d4b1bc530f00b92797d3c78e0f8e6d215965999392b3061e8b8f8c0a1e9221411787dc4dc89bec0bb94e172aeebb540404fef171e585ed0a88996ac9228e9babf
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012019c19066
-      Version: 3
-      TBS:
-        MD5: 42023b9487cafe46c1b6a49c369a362e
-        SHA1: 7c7b524d269334b9f073c32e888e09544c6acd98
-        SHA256: b7126567833f3daa4085ff41e73112daad3d1e3808a942c1936520e2d6c46c78
-        SHA384: 0ee4f63d6f157ec4f6990c3ebb411ccd76cb1e2123c7f692459e43f96c0da2dbf60a2bce6afeacc60621d3055028baea
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=BE, O=GlobalSign NV, CN=GlobalSign Time Stamping Authority
-      ValidFrom: '2009-12-21 09:32:56'
-      ValidTo: '2020-12-22 09:32:56'
-      Signature: bc89ecfee63655935c79d4117a86808f17b693b26d9b91a1561811c655eaf608edad9b9ef52b81c8bbdd607b1b47991e6d403e1d80c213d58e04052fdbe7ae529e688472a1e54a603cf89bd52f46d8c3b2b79353ac9b6c432424d1f1fce9562e3411581843eaefff34746ca0c06c7fad031969881e9560cabbbd0cbb76efc724b081c63831cf36ad0c38b89020849b2e8f28b99ff6ca9427cdac396157e0e3955a9c769230f5dea6973d721c2a6032a8334d8635338a5cf3a4fdf7062ce16b4b30f5cbd34362f841b9de7d20cb058c8e2cf65f35fd338d42896508362ca389f45a858bb0b97bdb6ccba1f8d20e1bbb977cd12779be9d7c3be6a75634d8c991a9
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 01000000000125b0b4cc01
-      Version: 3
-      TBS:
-        MD5: e3369c8e5aec0504b3a50455f615d9f9
-        SHA1: 13c244a894b40ecd18aaf97c362f20385bd005a7
-        SHA256: 26da721a670c72836926032fee6920118bfb9bff89cc8d0ce30d9452c33f2532
-        SHA384: 1524902f0e25addc6d74039d439366d2b06199e215004fd8e145369f50ea94a021ce6312e8a62b35470da0309ccb975c
-    - Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL CO.,
-        LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL CO.,
-        LTD.
-      ValidFrom: '2011-08-30 06:46:09'
-      ValidTo: '2014-08-30 06:46:09'
-      Signature: 87bf57ab7ffd7e005076b34b14ddd924045ec7e389871661794f1ece1bef10e050893b28236cb650af1415f8cd95e86c2052d93311d73e0bbe6fb1c22ddea438a93c8b18bd4b8c0f81ad07032efb46d406bbaa730dd3ac92cbf0d9cc711a397a0e0320b213a5161e6be83ec69967a712b463129ea56d5a8ecd3ff8901be09dfaa0a0f10e879b307863e1b1c3a3149ac73bc3f3160db7012229b57bced6d47b875878663642a8cddd03da1e7f236b8cf16713a5e0f4c892aaca77a8c7dab41d84567e2bbf09b336a2824e0e18d54d199e6e024d2630bb210cd24a9ef4b377be0429e2ecc9bf8478a8c6a78c686e26f29c95925baee85e4bbb97b6eecffe44a25e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
-      Version: 3
-      TBS:
-        MD5: 3a98a18e8636f2a01e49e2a6d116c360
-        SHA1: a2938150e46525adcec2e3a2348824bc1cf532b2
-        SHA256: 01a2e2d31d0a4f3005753cce5972b5da2a7c08b0750fb6947e0fd231e64ae7ec
-        SHA384: 722398e51e6b5bbe064df372be6b6a9ccfcc9719ad775213cae46920e0a3e6c5a4dc8b912de3148abfc60ff4a59050ea
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 59080883b71fd56bbf10ec0ae4b6bdd4
-    SHA1: 503a36a225568553cc9b05f63b3506c6ff21e12e
-    SHA256: bc812d4ddc3ecfbf38c4d0d185e368fc58bac6e07f722db032bf6303daa7c946
-  Sections:
-    .text:
-      Entropy: 5.866767422382319
-      Virtual Size: '0x8b4'
-    .rdata:
-      Entropy: 3.095201756852517
-      Virtual Size: '0x110'
-    .data:
-      Entropy: 2.4884950805464947
-      Virtual Size: '0x58'
-    .pdata:
-      Entropy: 3.045843351790575
-      Virtual Size: '0x54'
-    INIT:
-      Entropy: 4.468159720315432
-      Virtual Size: '0x218'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2011-09-06 06:24:50'
-  Imphash: 690a0fb27a0c47c785d6bbbfc2e56501
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: rtcore64.sys
-  MD5: 483abeee17e4e30a760ec8c0d6d31d6d
-  SHA1: f56fec3f2012cd7fc4528626debc590909ed74b6
-  SHA256: 077aa8ff5e01747723b6d24cc8af460a7a00f30cd3bc80e41cc245ceb8305356
-  Authentihash:
-    MD5: 5860da7a094c5f2ff2787476c37b4b35
-    SHA1: da1bd3ad4a8fe1e28c1de28a7bf66ad82da0dd29
-    SHA256: 61a1f530a5d47339275657d7883911d64f64909569cf13d2e6868df01a2a72cb
-  Description: ''
-  Company: ''
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  Product: ''
-  ProductVersion: ''
-  Copyright: ''
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - MmUnmapIoSpace
-  - ZwUnmapViewOfSection
-  - MmMapIoSpace
-  - ZwClose
-  - IofCompleteRequest
-  - IoDeleteDevice
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - ZwOpenSection
-  - KeBugCheckEx
-  - RtlInitUnicodeString
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - IoDeleteSymbolicLink
-  - __C_specific_handler
-  - HalGetBusDataByOffset
-  - HalSetBusDataByOffset
-  - HalTranslateBusAddress
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Timestamping CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2028-01-28 12:00:00'
-      Signature: 4e5e56901e46b4d94931f3bb1739281bc216ddfd41dc0905049b6fb2a29ad6992e40990055b5ea3fa52076d38634d417cc553ac782eeefa8babcd8069f1550dfcd167b523a02d7191afdaff0785ce04bc518df3a241edaacb8a95804020730dbb0125efe31bef00448f4f070f83a5e5683cf3dfb0dbcf4c5ed979db9d4dba52784e3389b8ba735864420a43b6da46a0ba183fd28ebdaef28f6cc885dfb0a3b00abe021ebe22f356c0f8e344597eba2f79933357ecb9a8abb454de73f9fc2d98afa65b26ec77e65ffe892e12c31a2f7b02736488f266f3bee4d761f79c3e57f9635bc2d0ecc01b08e7fff518080a792d4b34446648c874f166307314b63b0dff3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee152d7
-      Version: 3
-      TBS:
-        MD5: e140543fe3256027cfa79fc3c19c1776
-        SHA1: c655f94eb1ecc93de319fc0c9a2dc6c5ec063728
-        SHA256: 3ca71e85908ff67368e4dc00253f5691b9e6d50c966e7784143d75fb92aa3448
-        SHA384: d9d366f9328f2b55ee19a32cc5fd5148b81d764282fe5dc196c872ae249caa51d2c212ef39f33945dfe0cda81925e326
-    - Subject: C=SG, O=GMO GlobalSign Pte Ltd, CN=GlobalSign TSA for MS Authenticode
-        , G2
-      ValidFrom: '2016-05-24 00:00:00'
-      ValidTo: '2027-06-24 00:00:00'
-      Signature: 8fa91a916d04a637200e8396de23d36b6e1f6edd643d682122b5f84736698ee1a545c724a222b72909cc545aaec6bccd638eb33d5048e5b4ccaecd928d9e288b134a11aabda3efd3b236fcb4a172bf6d9763798c44bc702f7ef3bcdd8253ab1af6ebfa1c97bcb6379ca41c30bcabbc2d4736df922003e871c658f675059a34f00b595a824434aa80e42f84f6475d96c9b6caca9db7a6bae450d3d437b8ba200ed0d3922a5bc459bba16ddb3cce449dc1382aade38dbdcd09771a10be670a02366488b9b31b26eee79e60c446a8bc61336ccf4eb99cb96af09f37feb53d4f9ad34dffde208e4e97a6fd9f09bc4dca1876c9b04d8550f280d21d06f5580407b118
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1121d699a764973ef1f8427ee919cc534114
-      Version: 3
-      TBS:
-        MD5: acb5170547d76873f1e4ff18ed5de2eb
-        SHA1: bd6e261e75b807381bada7287de04d259258a5fa
-        SHA256: 4783380498acf592286ef2dea0fcc5bdea3f54d5e374d3e3497df9d5f662cfb6
-        SHA384: 4f428f115cf3d008248f15f32007fc7c54bd454e1b48b765776b4c87c23ab8818d8fbcbb3646d35eca012b025260a3b8
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Extended Validation CodeSigning
-        CA , SHA256 , G3
-      ValidFrom: '2016-06-15 00:00:00'
-      ValidTo: '2024-06-15 00:00:00'
-      Signature: 7609c4cc2fd9ef1e4ba9f857f3403921ca4c3c1d9e292b20d42b44d288ce1a0d05cf8381bbeb69bc318d2ac4c744cc6060941ccfa1e102240ead5bbe2cc2271e67b7e8281f3251e339f398dfb89f2e8b2ab47b0a03bcbd36048fc9d09c4fa3022799b0f045e934dfe43aa3b70637d86f2a7990d4d44e5871ec53a96198f73969e0129c575872862729a51de532f32b99975abf2bb03cb406ea0e64ecb7cd65802417c2d937f5b1261035477b9a02ba54a24593ff79bf1a8cc59fb59fdf78e76b50f14794694b24b8da05e80c9d4f06ec4a31207e4f5d86842f35a3cd9cc184571f1fadc0e2a4b1ef296b2197a6d4feed0337b0fcf58d2abcdc8483e3dec3e75f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 481b6a07a9424c1eaafef3cdf10f
-      Version: 3
-      TBS:
-        MD5: fd8cfeea06be14fa89689909e1fc72dc
-        SHA1: 8bc3cd2f70abe543e0dbe721065a4076c8521f36
-        SHA256: 15e7050789df807f3e3174294a01b637a1239f603e42f4b5db9398efa9da9996
-        SHA384: 8b9f95e6d3dd45e4ef38e2f12fb893d7d1bb1ba867e152e4a73c49b3d51dd52bc83a05982deac29af90436061248546d
-    - Subject: O=GlobalSign, OU=GlobalSign Root CA , R3, CN=GlobalSign
-      ValidFrom: '2015-06-04 17:47:53'
-      ValidTo: '2025-06-04 17:47:53'
-      Signature: 6002ac0e090db46a7d590cad66450a180f5ea7255c14f6d35acf9d5e3bc77afc005f6e402b2de1ce6f76ab3cabd9f945cf779052ea21973ad25d3e57ba73ec007577a2754574c76226b054bad5c9c9da6ced66f2ff8b17b27959ca805465da96ca11de2abbc3d43d37fce6fdcb92866eb9ad4d1b68e047d9b08634231cda1ddd6e54edcb0ee17ad54db2a1abceda712fa23e0804ac2a53d713d93c6e338ca7b7b935afa559df305fea3ee8777123f8f9e91edbe214036a8aef64c17be05d56e0e4f2c84ce0d7ef07d3d620fade651998a7c6712b5d94aee9c90b91578690ccde9fd43c1995043efd5c2ba4fc39958fa88787b25bca804fc31638f50eb0edd7caf6fc774477d84ac89d9fff301798d712d590dde53a66e0f12c974799b60f0e56da9b410dc34bd5f0689ccaa5865c866612f23b8304ff46ed2d64d456952b7e799d01831318d568bd91cedd86fb08a0ab0c4564c3d126345e56a26c4c690c8b63ca84187ac573abb352ae8ddce22b03677d862a126f684f6481752d85e5b8ec80059bab3969ee1f316a6a2afb35bd63aac5ee65d3d696a43e99931ebeee3b6c646caecd140afcd88c20a31cf8627fa4c07d1f2c7f3a50c0269396379c8fa51363b473d816ab27487eaafeeb0f487f29989e3b499190f08f3ebadc9f26819d736631a727b6e4a94d04e5ea5331c0fa934a879dfc4a61e063a2ac4f88f4c5781f65
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 330000003b6ac01e2b21e615dc00000000003b
-      Version: 3
-      TBS:
-        MD5: b61c1ad0b5d89c8170aaa81f8b6218a3
-        SHA1: b84d6a44f86e112ef3ecb55e22527fd37f622de8
-        SHA256: 60c5e154e6794b6ac214b221c8b62a733eb8794092aa400729bbf88b72748230
-        SHA384: be8fab78dcd9709d29c973205e536a3994a93769c7032b72d9ab26106a5e00b5a3497e41baec9cf9824506ca0990ffac
-    - Subject: ??=Private Organization, serialNumber=22178368, ??=TW, C=TW, ST=New
-        Taipei, L=New Taipei, ??=NO.69, LI,DE ST., ZHONGHE DIST., O=MICRO,STAR INTERNATIONAL
-        CO., LTD., CN=MICRO,STAR INTERNATIONAL CO., LTD.
-      ValidFrom: '2019-09-16 08:28:21'
-      ValidTo: '2022-09-16 08:28:21'
-      Signature: 31d3e258a115d41cea97ae1122b5482d2df37785b800cd8b16ee0e42b12a04e5b75d4c3447e1ffb7da8be87e733164fd2ed0020ab3d1010bf21a78cda4d031c4a75cec091a5072b44e8946476eb7c04c69e2e46af012ce640075751baf523140e803c62108f3b9efff3024a0e27138ba6763d36ca957fb480006e9b824f677b980edb98903a116d529b318753b539854a15778dacc6e4db10e4f3c5748b399f7270b244fe83e59743dbe4576c110bde088b2224d91e0c32bc8e4e5c7a61516602b962d66b01a46ccd5814a71bf9e99aac9604179d90230caea6c1229ecd20d2638084d62ff053dcf29675a0a44de07b9e75d5c3f8aeb66900828b949ea9289a8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 6a7bb9e55c0bbf1def6c739c
-      Version: 3
-      TBS:
-        MD5: 86cb9d8321d25d44f040248ada40f6e3
-        SHA1: 463cc47327cdb8d04848de5595f0f5d52d7e97ba
-        SHA256: 5ac1448b6565bffa2dcc53738f6b01aed6d37aa0b9cda1c6497060fc14144fa6
-        SHA384: 5fb0ee916e64059bfd26e29f31b2cf2bf9086aaae1af19ccba781b165be2731dd322ce5e0d9105a9ec2bf11eba76ded2
-    Signer:
-    - SerialNumber: 6a7bb9e55c0bbf1def6c739c
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Extended Validation CodeSigning
-        CA , SHA256 , G3
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 114620ca437e9d453fdb1cdadf006b4b
-    SHA1: 50d5e7370672795c29e712fd461a01d2dcb3c803
-    SHA256: 908eb09dd38a899c259af4ab14f4dbecbbbc55c2755b482bc2d58b3429cbeb38
-  Sections:
-    .text:
-      Entropy: 6.027085743974895
-      Virtual Size: '0xc7e'
-    .rdata:
-      Entropy: 4.12172979146796
-      Virtual Size: '0x188'
-    .data:
-      Entropy: 0.9253228016668384
-      Virtual Size: '0xd80'
-    .pdata:
-      Entropy: 3.1619674481420286
-      Virtual Size: '0x60'
-    INIT:
-      Entropy: 5.101996629515978
-      Virtual Size: '0x2f0'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2019-09-19 04:45:31'
-  Imphash: b0356152212dc6e33752847235064fb0
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: RTCore64.sys
-  MD5: c508d28487121828c3a1c2b57acb05be
-  SHA1: 7c43d43d95232e37aa09c5e2bcd3a7699d6b7479
-  SHA256: 0cf6c6c2d231eaf67dfc87561cc9a56ecef89ab50baafee5a67962748d51faf3
-  Authentihash:
-    MD5: 55466195f0b2f4afc4243b43a806e6d9
-    SHA1: 38b353d8480885de5dcf299deca99ce4f26a1d20
-    SHA256: 5182caf10de9cec0740ecde5a081c21cdc100d7eb328ffe6f3f63183889fec6b
-  Description: ''
-  Company: ''
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  Product: ''
-  ProductVersion: ''
-  Copyright: ''
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - RtlInitUnicodeString
-  - ZwClose
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - MmMapIoSpace
-  - IoDeleteSymbolicLink
-  - IofCompleteRequest
-  - ZwUnmapViewOfSection
-  - MmUnmapIoSpace
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - __C_specific_handler
-  - IoDeleteDevice
-  - HalTranslateBusAddress
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: OU=Timestamping CA, O=GlobalSign, CN=GlobalSign Timestamping CA
-      ValidFrom: '2009-03-18 11:00:00'
-      ValidTo: '2028-01-28 12:00:00'
-      Signature: 5df6cb2b0d0140849f857a43706ae0c5e7aa0600d76713c9089131654f14a8a905dc389e6aa0300abd8dc78028ee4245ca94f3de5845a9803204f5595c6a70003927944df5b44634e81c5331b2b35416e9cc42abd5d959301cfb462725b88723b1e8758824831ec876377b01494548a4ede25dd27c9ca2dc2dba105a126265abae00c710343bcb72bd14240cdcc37627b4a7fee15829f20e169f91391d89a6e60f1c878ce258ac927e243eaaec14e73a33348bc63bac83ab0f14627aba1a2d4d4b1bc530f00b92797d3c78e0f8e6d215965999392b3061e8b8f8c0a1e9221411787dc4dc89bec0bb94e172aeebb540404fef171e585ed0a88996ac9228e9babf
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012019c19066
-      Version: 3
-      TBS:
-        MD5: 42023b9487cafe46c1b6a49c369a362e
-        SHA1: 7c7b524d269334b9f073c32e888e09544c6acd98
-        SHA256: b7126567833f3daa4085ff41e73112daad3d1e3808a942c1936520e2d6c46c78
-        SHA384: 0ee4f63d6f157ec4f6990c3ebb411ccd76cb1e2123c7f692459e43f96c0da2dbf60a2bce6afeacc60621d3055028baea
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=BE, O=GlobalSign NV, CN=GlobalSign Time Stamping Authority
-      ValidFrom: '2009-12-21 09:32:56'
-      ValidTo: '2020-12-22 09:32:56'
-      Signature: bc89ecfee63655935c79d4117a86808f17b693b26d9b91a1561811c655eaf608edad9b9ef52b81c8bbdd607b1b47991e6d403e1d80c213d58e04052fdbe7ae529e688472a1e54a603cf89bd52f46d8c3b2b79353ac9b6c432424d1f1fce9562e3411581843eaefff34746ca0c06c7fad031969881e9560cabbbd0cbb76efc724b081c63831cf36ad0c38b89020849b2e8f28b99ff6ca9427cdac396157e0e3955a9c769230f5dea6973d721c2a6032a8334d8635338a5cf3a4fdf7062ce16b4b30f5cbd34362f841b9de7d20cb058c8e2cf65f35fd338d42896508362ca389f45a858bb0b97bdb6ccba1f8d20e1bbb977cd12779be9d7c3be6a75634d8c991a9
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 01000000000125b0b4cc01
-      Version: 3
-      TBS:
-        MD5: e3369c8e5aec0504b3a50455f615d9f9
-        SHA1: 13c244a894b40ecd18aaf97c362f20385bd005a7
-        SHA256: 26da721a670c72836926032fee6920118bfb9bff89cc8d0ce30d9452c33f2532
-        SHA384: 1524902f0e25addc6d74039d439366d2b06199e215004fd8e145369f50ea94a021ce6312e8a62b35470da0309ccb975c
-    - Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL CO.,
-        LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL CO.,
-        LTD.
-      ValidFrom: '2011-08-30 06:46:09'
-      ValidTo: '2014-08-30 06:46:09'
-      Signature: 87bf57ab7ffd7e005076b34b14ddd924045ec7e389871661794f1ece1bef10e050893b28236cb650af1415f8cd95e86c2052d93311d73e0bbe6fb1c22ddea438a93c8b18bd4b8c0f81ad07032efb46d406bbaa730dd3ac92cbf0d9cc711a397a0e0320b213a5161e6be83ec69967a712b463129ea56d5a8ecd3ff8901be09dfaa0a0f10e879b307863e1b1c3a3149ac73bc3f3160db7012229b57bced6d47b875878663642a8cddd03da1e7f236b8cf16713a5e0f4c892aaca77a8c7dab41d84567e2bbf09b336a2824e0e18d54d199e6e024d2630bb210cd24a9ef4b377be0429e2ecc9bf8478a8c6a78c686e26f29c95925baee85e4bbb97b6eecffe44a25e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
-      Version: 3
-      TBS:
-        MD5: 3a98a18e8636f2a01e49e2a6d116c360
-        SHA1: a2938150e46525adcec2e3a2348824bc1cf532b2
-        SHA256: 01a2e2d31d0a4f3005753cce5972b5da2a7c08b0750fb6947e0fd231e64ae7ec
-        SHA384: 722398e51e6b5bbe064df372be6b6a9ccfcc9719ad775213cae46920e0a3e6c5a4dc8b912de3148abfc60ff4a59050ea
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 59080883b71fd56bbf10ec0ae4b6bdd4
-    SHA1: 503a36a225568553cc9b05f63b3506c6ff21e12e
-    SHA256: bc812d4ddc3ecfbf38c4d0d185e368fc58bac6e07f722db032bf6303daa7c946
-  Sections:
-    .text:
-      Entropy: 5.866767422382319
-      Virtual Size: '0x8b4'
-    .rdata:
-      Entropy: 3.095201756852517
-      Virtual Size: '0x110'
-    .data:
-      Entropy: 2.4884950805464947
-      Virtual Size: '0x58'
-    .pdata:
-      Entropy: 3.045843351790575
-      Virtual Size: '0x54'
-    INIT:
-      Entropy: 4.468159720315432
-      Virtual Size: '0x218'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2011-09-06 06:24:50'
-  Imphash: 690a0fb27a0c47c785d6bbbfc2e56501
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: RTCore64.sys
-  MD5: 08c1bce6627764c9f8c79439555c5636
-  SHA1: 4d4535c111c7b568cb8a3bece27a97d738512a6b
-  SHA256: 1766fd66f846d9a21e648d649ad35d1ff94f8ca17a40a9a738444d6b8e07aacb
-  Authentihash:
-    MD5: cfe667280acf69d4b5d0e2dbc76510e4
-    SHA1: b3249bacda6e43aa2c46c2af802c9ee0b7e2fd7b
-    SHA256: 3c9829a16eb85272b0e1a2917feffaab8ddb23e633b168b389669339a0cee0b5
-  Description: ''
-  Company: ''
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  Product: ''
-  ProductVersion: ''
-  Copyright: ''
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - MmMapIoSpace
-  - __C_specific_handler
-  - ZwClose
-  - ZwUnmapViewOfSection
-  - MmUnmapIoSpace
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - RtlInitUnicodeString
-  - IoDeleteSymbolicLink
-  - IofCompleteRequest
-  - IoDeleteDevice
-  - HalSetBusDataByOffset
-  - HalTranslateBusAddress
-  - HalGetBusDataByOffset
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Timestamping CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2028-01-28 12:00:00'
-      Signature: 4e5e56901e46b4d94931f3bb1739281bc216ddfd41dc0905049b6fb2a29ad6992e40990055b5ea3fa52076d38634d417cc553ac782eeefa8babcd8069f1550dfcd167b523a02d7191afdaff0785ce04bc518df3a241edaacb8a95804020730dbb0125efe31bef00448f4f070f83a5e5683cf3dfb0dbcf4c5ed979db9d4dba52784e3389b8ba735864420a43b6da46a0ba183fd28ebdaef28f6cc885dfb0a3b00abe021ebe22f356c0f8e344597eba2f79933357ecb9a8abb454de73f9fc2d98afa65b26ec77e65ffe892e12c31a2f7b02736488f266f3bee4d761f79c3e57f9635bc2d0ecc01b08e7fff518080a792d4b34446648c874f166307314b63b0dff3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee152d7
-      Version: 3
-      TBS:
-        MD5: e140543fe3256027cfa79fc3c19c1776
-        SHA1: c655f94eb1ecc93de319fc0c9a2dc6c5ec063728
-        SHA256: 3ca71e85908ff67368e4dc00253f5691b9e6d50c966e7784143d75fb92aa3448
-        SHA384: d9d366f9328f2b55ee19a32cc5fd5148b81d764282fe5dc196c872ae249caa51d2c212ef39f33945dfe0cda81925e326
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=SG, O=GMO GlobalSign Pte Ltd, CN=GlobalSign TSA for MS Authenticode
-        , G2
-      ValidFrom: '2015-02-03 00:00:00'
-      ValidTo: '2026-03-03 00:00:00'
-      Signature: 8032dc078d1ca09c9d3c2ae83d218b59a14d7ecc44ce03be7eaabcc4e67b73bb4bf188da904e7537283863b9d72b0f54a956ce7739973073cd9bd9d905451c8da4b8035d4fd91c2e98e0e988e6ecd7057e562a7bf7165ba3ad8f972512841bb25c634a0ad2ef10544782843569289c0ce41f141624fa75dc74726e4ecae36a43afcf7d3648d1bde906912c2fa6c871fdcfbdd89d2198fcafdbde228cafa7f377ef9ddca3704b441af078851ef2a58c39b5dc881c37edad14f5070b26bdbe6d025eb1b8b0586c853a0df6ff5a270cc5de53e7543c564cc94e4c30f6f25cfb1a8cc282bead5991f61b4d557bcf5b01dcfd7ad36f235c32479b01f3c15114468a9b
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112106a081d33fd87ae5824cc16b52094e03
-      Version: 3
-      TBS:
-        MD5: a0ac4d48fe852f7b3ed4e623d59a825f
-        SHA1: d4db9846bc4d7db142eeb364286f6de7c102420c
-        SHA256: 78d2e41a13eb4e9171bae2d2adb192cf39210b5231f77cda936bcfbe8c003bdf
-        SHA384: 990ed96dca5979deeedc98a012279f04efb5559d7e7f5084a12f3802ee9439326557aecefd081cff739b78515b5d7f50
-    - Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL CO.,
-        LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL CO.,
-        LTD.
-      ValidFrom: '2014-06-03 09:16:15'
-      ValidTo: '2017-09-03 09:16:15'
-      Signature: 8c35a5b5d3503f50119ab8f99b07a4bb4b71cafaf983206f744545c2997ae1762032fa2d37f4780cfe83bfa999d7bcbd863dc4a51ff39978160e2e191482ae6d7f08e8ffa337c96d8c2d38ddf476a497265a890c1bbf0dee89b1abd32343889a3757732d205ba06525fa8f6e15005405a53e55cef71ac0b6af3a640e4c8aef5e950ab8a8b5c8bcddb2ade96ad9473a3d860ae16fdbe3362cabfd916da089167d906d378dbf4534f7ffb77d87baba29f8f5bbbd9b4b7c127ac170a270dc7a7272d38fdf3bbadbfb448d47e5dd4d310a588666a0d66762e1b3704b1e00e39739190c02f4b981cf2d27ba07d2472ec320edf29e263f26278995d162102968c999b3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112158044863e4dc19cf29a85668b7f45842
-      Version: 3
-      TBS:
-        MD5: 403bb44a62aed1a94bd5df05b3292482
-        SHA1: e4a0353e75940ab1e8cbff2f433f186c7f0b0f09
-        SHA256: 5b81998ed98b343c04134c336e03f3051779eae0e9f882e8339593d18556375d
-        SHA384: db0076cad41a0ef4ea68754ef6905bd5ff772adcb745b05c0060344e43588abc95952dc3ad272f5a8f17b206e4089aca
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112158044863e4dc19cf29a85668b7f45842
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  RichPEHeaderHash:
-    MD5: ebe2ae976914018e88e9fc480e7b6269
-    SHA1: 960715bfbccb53b6c4eccca3b232b25640e15b52
-    SHA256: d755e9f3cb861f5227319238f1811265e332e36a922b9a25da38b122a791fdfa
-  Sections:
-    .text:
-      Entropy: 5.874422277751402
-      Virtual Size: '0x9b4'
-    .rdata:
-      Entropy: 3.0356607252090053
-      Virtual Size: '0x120'
-    .data:
-      Entropy: 2.4884950805464947
-      Virtual Size: '0x58'
-    .pdata:
-      Entropy: 2.979061917571089
-      Virtual Size: '0x54'
-    INIT:
-      Entropy: 4.523481595961036
-      Virtual Size: '0x258'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2015-04-24 01:01:47'
-  Imphash: cde9174249f04dad0f79890c976c0792
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: RTCore64.sys
-  MD5: 2d91d45cd09dfc3f8e89da1c261fd1ac
-  SHA1: 634b1e9d0aafac1ec4373291cefb52c121e8d265
-  SHA256: 18712a063574bfec315d58577dfe413ab45b650e54747d1e18a56c3c7337a12c
-  Authentihash:
-    MD5: a17d227444e090ff69e24fcb6d43162b
-    SHA1: 43d3a3c1f7b14cfcc051cae2534dbbbb4c7fc120
-    SHA256: b8eb26b6f79020ae988e4fb752dc06e1b6779749bf4f8df2872fc2b92bab8020
-  Description: ''
-  Company: ''
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  Product: ''
-  ProductVersion: ''
-  Copyright: ''
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - RtlInitUnicodeString
-  - ZwClose
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - IoDeleteSymbolicLink
-  - IofCompleteRequest
-  - MmIsAddressValid
-  - ZwUnmapViewOfSection
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - __C_specific_handler
-  - IoDeleteDevice
-  - HalTranslateBusAddress
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: OU=Timestamping CA, O=GlobalSign, CN=GlobalSign Timestamping CA
-      ValidFrom: '2009-03-18 11:00:00'
-      ValidTo: '2028-01-28 12:00:00'
-      Signature: 5df6cb2b0d0140849f857a43706ae0c5e7aa0600d76713c9089131654f14a8a905dc389e6aa0300abd8dc78028ee4245ca94f3de5845a9803204f5595c6a70003927944df5b44634e81c5331b2b35416e9cc42abd5d959301cfb462725b88723b1e8758824831ec876377b01494548a4ede25dd27c9ca2dc2dba105a126265abae00c710343bcb72bd14240cdcc37627b4a7fee15829f20e169f91391d89a6e60f1c878ce258ac927e243eaaec14e73a33348bc63bac83ab0f14627aba1a2d4d4b1bc530f00b92797d3c78e0f8e6d215965999392b3061e8b8f8c0a1e9221411787dc4dc89bec0bb94e172aeebb540404fef171e585ed0a88996ac9228e9babf
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012019c19066
-      Version: 3
-      TBS:
-        MD5: 42023b9487cafe46c1b6a49c369a362e
-        SHA1: 7c7b524d269334b9f073c32e888e09544c6acd98
-        SHA256: b7126567833f3daa4085ff41e73112daad3d1e3808a942c1936520e2d6c46c78
-        SHA384: 0ee4f63d6f157ec4f6990c3ebb411ccd76cb1e2123c7f692459e43f96c0da2dbf60a2bce6afeacc60621d3055028baea
-    - Subject: C=BE, O=GlobalSign NV, CN=GlobalSign Time Stamping Authority
-      ValidFrom: '2009-12-21 09:32:56'
-      ValidTo: '2020-12-22 09:32:56'
-      Signature: bc89ecfee63655935c79d4117a86808f17b693b26d9b91a1561811c655eaf608edad9b9ef52b81c8bbdd607b1b47991e6d403e1d80c213d58e04052fdbe7ae529e688472a1e54a603cf89bd52f46d8c3b2b79353ac9b6c432424d1f1fce9562e3411581843eaefff34746ca0c06c7fad031969881e9560cabbbd0cbb76efc724b081c63831cf36ad0c38b89020849b2e8f28b99ff6ca9427cdac396157e0e3955a9c769230f5dea6973d721c2a6032a8334d8635338a5cf3a4fdf7062ce16b4b30f5cbd34362f841b9de7d20cb058c8e2cf65f35fd338d42896508362ca389f45a858bb0b97bdb6ccba1f8d20e1bbb977cd12779be9d7c3be6a75634d8c991a9
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 01000000000125b0b4cc01
-      Version: 3
-      TBS:
-        MD5: e3369c8e5aec0504b3a50455f615d9f9
-        SHA1: 13c244a894b40ecd18aaf97c362f20385bd005a7
-        SHA256: 26da721a670c72836926032fee6920118bfb9bff89cc8d0ce30d9452c33f2532
-        SHA384: 1524902f0e25addc6d74039d439366d2b06199e215004fd8e145369f50ea94a021ce6312e8a62b35470da0309ccb975c
-    - Subject: C=US, ST=California, L=Brea, O=EVGA, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=EVGA
-      ValidFrom: '2010-04-14 00:00:00'
-      ValidTo: '2012-04-15 23:59:59'
-      Signature: ba96817224593697c9135d803c5fc87767f2a7ed8fa0aa18eab4030a3daed18c55fb7eda8835d0488d18136c0db39d8edf3224790842cdf8580b35324631de717e9279d28d605285615341aeea10a73005d59cbe3138bebfa5003cbcf2971249423d820d6d252a18bf4dd124a1ac0c2f66015cbb23690e1b0fb9d5ce3f047663f1fb6735e54f09cfb6162da298bdc956490586cfdadee74a5766c187223e19112d22f59c7f3f325449afebc42689ec4c9399bd0d97397c37230804a4e5bc17e904008aa9c5972e2332302e57648006d057c9ed8c6384fb42d138971c86079b155c202733b837b3eef122c866ce3e6d8a8d9f1685e618cc2466d623d212b73df6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 79c32d7ddd2458cf2eabe5b1b5c5290f
-      Version: 3
-      TBS:
-        MD5: 5ba772ec00357ae706016510775c7a00
-        SHA1: eeb31b244ea14abae1e947ecdca0d6ae4720031b
-        SHA256: c8e707c2615c26ac78ed06b42dd20bc8ff82bc5e02ddafe2c9af85755097691b
-        SHA384: a1d6af64a5eb3841d632438119fc954354caf3ccea61b69003a7fc9da166a9c653dc0359be2ae2463bffb7b53b0911ac
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 79c32d7ddd2458cf2eabe5b1b5c5290f
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: deb9c1e252f598099d70d2b33a313da3
-    SHA1: f0c2801e0091ed6f5e10ea7045e911aa90030290
-    SHA256: 914fb9761d50c3fa2ecf9fbd8af3735f9b8d6c4903e067c8af9546e79b6f22c7
-  Sections:
-    .text:
-      Entropy: 5.7214393917162045
-      Virtual Size: '0xc74'
-    .rdata:
-      Entropy: 3.4063014058939425
-      Virtual Size: '0x130'
-    .data:
-      Entropy: 2.4884950805464947
-      Virtual Size: '0x58'
-    .pdata:
-      Entropy: 3.1879942043708462
-      Virtual Size: '0x60'
-    INIT:
-      Entropy: 4.4494366822955245
-      Virtual Size: '0x202'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2005-05-25 00:39:12'
-  Imphash: 543f80399f79401471523d335ea61642
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: RTCore64.sys
-  MD5: bcd60bf152fdec05cd40562b466be252
-  SHA1: 6ce0094a9aacdc050ff568935014607b8f23ff00
-  SHA256: 3c5d7069f85ec1d6f58147431f88c4d7c48df73baf94ffdefd664f2606baf09c
-  Authentihash:
-    MD5: 5860da7a094c5f2ff2787476c37b4b35
-    SHA1: da1bd3ad4a8fe1e28c1de28a7bf66ad82da0dd29
-    SHA256: 61a1f530a5d47339275657d7883911d64f64909569cf13d2e6868df01a2a72cb
-  Description: ''
-  Company: ''
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  Product: ''
-  ProductVersion: ''
-  Copyright: ''
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - MmUnmapIoSpace
-  - ZwUnmapViewOfSection
-  - MmMapIoSpace
-  - ZwClose
-  - IofCompleteRequest
-  - IoDeleteDevice
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - ZwOpenSection
-  - KeBugCheckEx
-  - RtlInitUnicodeString
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - IoDeleteSymbolicLink
-  - __C_specific_handler
-  - HalGetBusDataByOffset
-  - HalSetBusDataByOffset
-  - HalTranslateBusAddress
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Timestamping CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2028-01-28 12:00:00'
-      Signature: 4e5e56901e46b4d94931f3bb1739281bc216ddfd41dc0905049b6fb2a29ad6992e40990055b5ea3fa52076d38634d417cc553ac782eeefa8babcd8069f1550dfcd167b523a02d7191afdaff0785ce04bc518df3a241edaacb8a95804020730dbb0125efe31bef00448f4f070f83a5e5683cf3dfb0dbcf4c5ed979db9d4dba52784e3389b8ba735864420a43b6da46a0ba183fd28ebdaef28f6cc885dfb0a3b00abe021ebe22f356c0f8e344597eba2f79933357ecb9a8abb454de73f9fc2d98afa65b26ec77e65ffe892e12c31a2f7b02736488f266f3bee4d761f79c3e57f9635bc2d0ecc01b08e7fff518080a792d4b34446648c874f166307314b63b0dff3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee152d7
-      Version: 3
-      TBS:
-        MD5: e140543fe3256027cfa79fc3c19c1776
-        SHA1: c655f94eb1ecc93de319fc0c9a2dc6c5ec063728
-        SHA256: 3ca71e85908ff67368e4dc00253f5691b9e6d50c966e7784143d75fb92aa3448
-        SHA384: d9d366f9328f2b55ee19a32cc5fd5148b81d764282fe5dc196c872ae249caa51d2c212ef39f33945dfe0cda81925e326
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G3
-      ValidFrom: '2016-03-16 00:00:00'
-      ValidTo: '2024-03-16 00:00:00'
-      Signature: 3b41bbc84f561182b719e3d96dc185ae9e690ec84326234b8d44c8e87d5f070e5341d563444a890bb874ac7db578792f8426e2d7f7bad1ae2dfd69cffa7c64dc24162a4adac097a9bbd5dd88e7a1929a0aa5f6f7bace85d6e4e3d455deeddc3e211f1bc87788cffc65fb05b48f12a630d30d66982f6c2e6f85187c8ff5f6fbb1ab10e183270885b07321ba5d2cba8330b73984dd5db67fd28bb455534c42a2bc4a6c78395b631ca37827bfbe34836b6d7b1e60fbc29b0d88ac8c72546bdc3b88ba81525e689783b8ce7fa3cdf9ea2f2676facd0b06ac4344497bf64c9442b2abcfd542d51942696e618664c7b37d078bdbe5767b6e5f65a91690a2cee4ae6492
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47c30ffefc22bb280f96fea75251
-      Version: 3
-      TBS:
-        MD5: 729cf4baceff4ef7aa199ad4f4ebed3d
-        SHA1: f478f0e790d5c8ec6056a3ab2567404a991d2837
-        SHA256: c3c88c2a500cb5a97abca837193a5bd382f6eb3aeb0008edbce65ea2a3dbfd5c
-        SHA384: e62bbb1ba1ad3df59f2c7265df5576af6b5d4a7473b74985a9d956975fdfc517ffbdd2172b0e3ea36befcb6a9026c872
-    - Subject: C=SG, O=GMO GlobalSign Pte Ltd, CN=GlobalSign TSA for MS Authenticode
-        , G2
-      ValidFrom: '2016-05-24 00:00:00'
-      ValidTo: '2027-06-24 00:00:00'
-      Signature: 8fa91a916d04a637200e8396de23d36b6e1f6edd643d682122b5f84736698ee1a545c724a222b72909cc545aaec6bccd638eb33d5048e5b4ccaecd928d9e288b134a11aabda3efd3b236fcb4a172bf6d9763798c44bc702f7ef3bcdd8253ab1af6ebfa1c97bcb6379ca41c30bcabbc2d4736df922003e871c658f675059a34f00b595a824434aa80e42f84f6475d96c9b6caca9db7a6bae450d3d437b8ba200ed0d3922a5bc459bba16ddb3cce449dc1382aade38dbdcd09771a10be670a02366488b9b31b26eee79e60c446a8bc61336ccf4eb99cb96af09f37feb53d4f9ad34dffde208e4e97a6fd9f09bc4dca1876c9b04d8550f280d21d06f5580407b118
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1121d699a764973ef1f8427ee919cc534114
-      Version: 3
-      TBS:
-        MD5: acb5170547d76873f1e4ff18ed5de2eb
-        SHA1: bd6e261e75b807381bada7287de04d259258a5fa
-        SHA256: 4783380498acf592286ef2dea0fcc5bdea3f54d5e374d3e3497df9d5f662cfb6
-        SHA384: 4f428f115cf3d008248f15f32007fc7c54bd454e1b48b765776b4c87c23ab8818d8fbcbb3646d35eca012b025260a3b8
-    - Subject: C=TW, ST=New Taipei, L=New Taipei, O=MICRO,STAR INTERNATIONAL CO.,
-        LTD., CN=MICRO,STAR INTERNATIONAL CO., LTD.
-      ValidFrom: '2019-10-21 14:23:20'
-      ValidTo: '2020-09-27 12:07:15'
-      Signature: 80eea00620eb4bfc1ad0ef7c9e79f1144fb3b03c826a99a76f7a6cab8262a09b0d976bf4d98c7a310ad80acbab76bbf5b068d5b1aaec1fcb55d5feef03a1f19a307788f4029b9bb26a12fe489d2f6b20b5b5bdeb3b8299143b3b30c1ca1736091fc6de585d63f8c095186e7cad6fecbba32d70e64b696458b8dd7f269e0ea199e7984bc3a49065314aba56cac457f0dff5cc71b2a1598306dfb31bb40fadaff604da5e7ee91581fe9868e524163eb47dce3dd54f6edb714a5a126d20e6d89b2567b6aceed6ef8f29938e95b22ee41d2a45229657e6c8bddbfd1d46320bd41d03b8b7b5da6763bbc0e82cdaea96ef23f81e221a3578e882ef3c38bfe790b92240
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 2636eab537f6156b78af523a
-      Version: 3
-      TBS:
-        MD5: afafe18984c1b75f71051a6d8d44a5c6
-        SHA1: 503d375c7f58060d3b98e297afb274339759d1d4
-        SHA256: 9c3b3e4058cde499217d75ce48382b5490fab6fdff14650f674a1776b87d251a
-        SHA384: 96cda05887310f4977443637fecc2d9bac5bb46fc0dd5eb37c84e4e0d87d4fbb05efd7d1901c1741a72328526f01012f
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2011-04-15 19:55:08'
-      ValidTo: '2021-04-15 20:05:08'
-      Signature: 5ff8d065746a81c6a6ca5b03b6914ae84bbdef2ba142f0efb4a5adcd3389ec0b9585ac62501108aa58d25aa08310e5a6337af25af2c5fe787cf09c83df190ad97396002dd62ccde914d41d9de83f3c1a76f7904efb01350a6c9313a0c356eb67a0e4d17a96dec267f190f80a7bf5321b94ec5f751f8d1b34da6c58a7cb2d279e2226b7c9aa30cc0777b836e38201b5393ccc8dd9a75f7f23b3877fdb5798918bd7ce2520e39d644fdd87f72b68490318e0a5df7c5f68644d36838d4781f2e9e0a869abfa7b163c05a449ea8830190a6c73055178dfd41ddd3ad47f2de44e54be83431e7a7433b4a4ebd77073bc2a02988966eef6bc8f749378e329025a5a43e258ce7ccf9acad236893be25fda26054ec8d4e72c910e1797c5beee8b13112323294ffa83d050f6bafad53db3173df4ff034aa325dce67561d1fa35086bd62744d068b78d45e0eb852cc8a15d614474160e5958aed2b5eea5bcd6d7076ab62978fd976767dd8d4f17944fd2ed0caf972437c3a29c81da6be143b6577b4cecbf791319e79fe844e94781b75e701e91f83dd17b27f50b7056434805dda92fab86101d0b12e31ad04c6e75ded645b30b748887935c564a41029af7aeb799d8b67f88fa11f2457cf4d71b91c01cf1a0fbd4080a411a142acef4eb34486e66879ed54b7a397fbb0e3d3861cf735706e412066bd96b5308cd7018c22d4f974691bca9f0
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 6129152700000000002a
-      Version: 3
-      TBS:
-        MD5: 0bb058d116f02817737920f112d9fd3b
-        SHA1: fd116235171a4feafedee586b7a59185fb5fd7e6
-        SHA256: f970426cc46d2ae0fc5f899fa19dbe76e05f07e525654c60c3c9399492c291f4
-        SHA384: c0df876be008c26ca407fe904e6f5e7ccded17f9c16830ce9f8022309c9e64c97f494810f152811ae43e223b82ad7cc6
-    Signer:
-    - SerialNumber: 2636eab537f6156b78af523a
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G3
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 114620ca437e9d453fdb1cdadf006b4b
-    SHA1: 50d5e7370672795c29e712fd461a01d2dcb3c803
-    SHA256: 908eb09dd38a899c259af4ab14f4dbecbbbc55c2755b482bc2d58b3429cbeb38
-  Sections:
-    .text:
-      Entropy: 6.027085743974895
-      Virtual Size: '0xc7e'
-    .rdata:
-      Entropy: 4.12172979146796
-      Virtual Size: '0x188'
-    .data:
-      Entropy: 0.9253228016668384
-      Virtual Size: '0xd80'
-    .pdata:
-      Entropy: 3.1619674481420286
-      Virtual Size: '0x60'
-    INIT:
-      Entropy: 5.101996629515978
-      Virtual Size: '0x2f0'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2019-09-19 04:45:31'
-  Imphash: b0356152212dc6e33752847235064fb0
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: RTCore64.sys
-  MD5: 69ac6165912cb263a656497cc70155e6
-  SHA1: 722aa0fa468b63c5d7ea308d77230ae3169d5f83
-  SHA256: 3ff50c67d51553c08dcb7c98342f68a0f54ad6658c5346c428bdcd1f185569f6
-  Authentihash:
-    MD5: cfe667280acf69d4b5d0e2dbc76510e4
-    SHA1: b3249bacda6e43aa2c46c2af802c9ee0b7e2fd7b
-    SHA256: 3c9829a16eb85272b0e1a2917feffaab8ddb23e633b168b389669339a0cee0b5
-  Description: ''
-  Company: ''
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  Product: ''
-  ProductVersion: ''
-  Copyright: ''
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - MmMapIoSpace
-  - __C_specific_handler
-  - ZwClose
-  - ZwUnmapViewOfSection
-  - MmUnmapIoSpace
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - RtlInitUnicodeString
-  - IoDeleteSymbolicLink
-  - IofCompleteRequest
-  - IoDeleteDevice
-  - HalSetBusDataByOffset
-  - HalTranslateBusAddress
-  - HalGetBusDataByOffset
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Timestamping CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2028-01-28 12:00:00'
-      Signature: 4e5e56901e46b4d94931f3bb1739281bc216ddfd41dc0905049b6fb2a29ad6992e40990055b5ea3fa52076d38634d417cc553ac782eeefa8babcd8069f1550dfcd167b523a02d7191afdaff0785ce04bc518df3a241edaacb8a95804020730dbb0125efe31bef00448f4f070f83a5e5683cf3dfb0dbcf4c5ed979db9d4dba52784e3389b8ba735864420a43b6da46a0ba183fd28ebdaef28f6cc885dfb0a3b00abe021ebe22f356c0f8e344597eba2f79933357ecb9a8abb454de73f9fc2d98afa65b26ec77e65ffe892e12c31a2f7b02736488f266f3bee4d761f79c3e57f9635bc2d0ecc01b08e7fff518080a792d4b34446648c874f166307314b63b0dff3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee152d7
-      Version: 3
-      TBS:
-        MD5: e140543fe3256027cfa79fc3c19c1776
-        SHA1: c655f94eb1ecc93de319fc0c9a2dc6c5ec063728
-        SHA256: 3ca71e85908ff67368e4dc00253f5691b9e6d50c966e7784143d75fb92aa3448
-        SHA384: d9d366f9328f2b55ee19a32cc5fd5148b81d764282fe5dc196c872ae249caa51d2c212ef39f33945dfe0cda81925e326
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=SG, O=GMO GlobalSign Pte Ltd, CN=GlobalSign TSA for MS Authenticode
-        , G2
-      ValidFrom: '2015-02-03 00:00:00'
-      ValidTo: '2026-03-03 00:00:00'
-      Signature: 8032dc078d1ca09c9d3c2ae83d218b59a14d7ecc44ce03be7eaabcc4e67b73bb4bf188da904e7537283863b9d72b0f54a956ce7739973073cd9bd9d905451c8da4b8035d4fd91c2e98e0e988e6ecd7057e562a7bf7165ba3ad8f972512841bb25c634a0ad2ef10544782843569289c0ce41f141624fa75dc74726e4ecae36a43afcf7d3648d1bde906912c2fa6c871fdcfbdd89d2198fcafdbde228cafa7f377ef9ddca3704b441af078851ef2a58c39b5dc881c37edad14f5070b26bdbe6d025eb1b8b0586c853a0df6ff5a270cc5de53e7543c564cc94e4c30f6f25cfb1a8cc282bead5991f61b4d557bcf5b01dcfd7ad36f235c32479b01f3c15114468a9b
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112106a081d33fd87ae5824cc16b52094e03
-      Version: 3
-      TBS:
-        MD5: a0ac4d48fe852f7b3ed4e623d59a825f
-        SHA1: d4db9846bc4d7db142eeb364286f6de7c102420c
-        SHA256: 78d2e41a13eb4e9171bae2d2adb192cf39210b5231f77cda936bcfbe8c003bdf
-        SHA384: 990ed96dca5979deeedc98a012279f04efb5559d7e7f5084a12f3802ee9439326557aecefd081cff739b78515b5d7f50
-    - Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL CO.,
-        LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL CO.,
-        LTD.
-      ValidFrom: '2014-06-03 09:16:15'
-      ValidTo: '2017-09-03 09:16:15'
-      Signature: 8c35a5b5d3503f50119ab8f99b07a4bb4b71cafaf983206f744545c2997ae1762032fa2d37f4780cfe83bfa999d7bcbd863dc4a51ff39978160e2e191482ae6d7f08e8ffa337c96d8c2d38ddf476a497265a890c1bbf0dee89b1abd32343889a3757732d205ba06525fa8f6e15005405a53e55cef71ac0b6af3a640e4c8aef5e950ab8a8b5c8bcddb2ade96ad9473a3d860ae16fdbe3362cabfd916da089167d906d378dbf4534f7ffb77d87baba29f8f5bbbd9b4b7c127ac170a270dc7a7272d38fdf3bbadbfb448d47e5dd4d310a588666a0d66762e1b3704b1e00e39739190c02f4b981cf2d27ba07d2472ec320edf29e263f26278995d162102968c999b3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112158044863e4dc19cf29a85668b7f45842
-      Version: 3
-      TBS:
-        MD5: 403bb44a62aed1a94bd5df05b3292482
-        SHA1: e4a0353e75940ab1e8cbff2f433f186c7f0b0f09
-        SHA256: 5b81998ed98b343c04134c336e03f3051779eae0e9f882e8339593d18556375d
-        SHA384: db0076cad41a0ef4ea68754ef6905bd5ff772adcb745b05c0060344e43588abc95952dc3ad272f5a8f17b206e4089aca
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112158044863e4dc19cf29a85668b7f45842
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  RichPEHeaderHash:
-    MD5: ebe2ae976914018e88e9fc480e7b6269
-    SHA1: 960715bfbccb53b6c4eccca3b232b25640e15b52
-    SHA256: d755e9f3cb861f5227319238f1811265e332e36a922b9a25da38b122a791fdfa
-  Sections:
-    .text:
-      Entropy: 5.874422277751402
-      Virtual Size: '0x9b4'
-    .rdata:
-      Entropy: 3.0356607252090053
-      Virtual Size: '0x120'
-    .data:
-      Entropy: 2.4884950805464947
-      Virtual Size: '0x58'
-    .pdata:
-      Entropy: 2.979061917571089
-      Virtual Size: '0x54'
-    INIT:
-      Entropy: 4.523481595961036
-      Virtual Size: '0x258'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2015-04-24 01:01:47'
-  Imphash: cde9174249f04dad0f79890c976c0792
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: RTCore64.sys
-  MD5: 4eb4069c230a5dc40cd5d60d2cb3e0d0
-  SHA1: cc3e5e45aca5b670035dfb008f0a88cecfd91cf7
-  SHA256: 40061b30b1243be76d5283cbc8abfe007e148097d4de7337670ff1536c4c7ba1
-  Authentihash:
-    MD5: bcd9f192e2f9321ed549c722f30206e5
-    SHA1: 8498265d4ca81b83ec1454d9ec013d7a9c0c87bf
-    SHA256: 606beced7746cdb684d3a44f41e48713c6bbe5bfb1486c52b5cca815e99d31b4
-  Description: ''
-  Company: ''
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  Product: ''
-  ProductVersion: ''
-  Copyright: ''
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - MmUnmapIoSpace
-  - ZwUnmapViewOfSection
-  - MmMapIoSpace
-  - ZwClose
-  - IoDeleteDevice
-  - ObReferenceObjectByHandle
-  - IoCreateSymbolicLink
-  - ZwOpenSection
-  - KeBugCheckEx
-  - RtlInitUnicodeString
-  - ZwMapViewOfSection
-  - IofCompleteRequest
-  - IoDeleteSymbolicLink
-  - MmGetSystemRoutineAddress
-  - IoCreateDevice
-  - ObOpenObjectByPointer
-  - ZwSetSecurityObject
-  - IoDeviceObjectType
-  - _snwprintf
-  - RtlLengthSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - ExFreePoolWithTag
-  - RtlCreateSecurityDescriptor
-  - RtlSetDaclSecurityDescriptor
-  - RtlAbsoluteToSelfRelativeSD
-  - IoIsWdmVersionAvailable
-  - SeExports
-  - wcschr
-  - _wcsnicmp
-  - ExAllocatePoolWithTag
-  - RtlLengthSid
-  - RtlAddAccessAllowedAce
-  - RtlGetSaclSecurityDescriptor
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - ZwOpenKey
-  - ZwCreateKey
-  - ZwQueryValueKey
-  - ZwSetValueKey
-  - RtlFreeUnicodeString
-  - __C_specific_handler
-  - HalGetBusDataByOffset
-  - HalSetBusDataByOffset
-  - HalTranslateBusAddress
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Timestamping CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2028-01-28 12:00:00'
-      Signature: 4e5e56901e46b4d94931f3bb1739281bc216ddfd41dc0905049b6fb2a29ad6992e40990055b5ea3fa52076d38634d417cc553ac782eeefa8babcd8069f1550dfcd167b523a02d7191afdaff0785ce04bc518df3a241edaacb8a95804020730dbb0125efe31bef00448f4f070f83a5e5683cf3dfb0dbcf4c5ed979db9d4dba52784e3389b8ba735864420a43b6da46a0ba183fd28ebdaef28f6cc885dfb0a3b00abe021ebe22f356c0f8e344597eba2f79933357ecb9a8abb454de73f9fc2d98afa65b26ec77e65ffe892e12c31a2f7b02736488f266f3bee4d761f79c3e57f9635bc2d0ecc01b08e7fff518080a792d4b34446648c874f166307314b63b0dff3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee152d7
-      Version: 3
-      TBS:
-        MD5: e140543fe3256027cfa79fc3c19c1776
-        SHA1: c655f94eb1ecc93de319fc0c9a2dc6c5ec063728
-        SHA256: 3ca71e85908ff67368e4dc00253f5691b9e6d50c966e7784143d75fb92aa3448
-        SHA384: d9d366f9328f2b55ee19a32cc5fd5148b81d764282fe5dc196c872ae249caa51d2c212ef39f33945dfe0cda81925e326
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G3
-      ValidFrom: '2016-03-16 00:00:00'
-      ValidTo: '2024-03-16 00:00:00'
-      Signature: 3b41bbc84f561182b719e3d96dc185ae9e690ec84326234b8d44c8e87d5f070e5341d563444a890bb874ac7db578792f8426e2d7f7bad1ae2dfd69cffa7c64dc24162a4adac097a9bbd5dd88e7a1929a0aa5f6f7bace85d6e4e3d455deeddc3e211f1bc87788cffc65fb05b48f12a630d30d66982f6c2e6f85187c8ff5f6fbb1ab10e183270885b07321ba5d2cba8330b73984dd5db67fd28bb455534c42a2bc4a6c78395b631ca37827bfbe34836b6d7b1e60fbc29b0d88ac8c72546bdc3b88ba81525e689783b8ce7fa3cdf9ea2f2676facd0b06ac4344497bf64c9442b2abcfd542d51942696e618664c7b37d078bdbe5767b6e5f65a91690a2cee4ae6492
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47c30ffefc22bb280f96fea75251
-      Version: 3
-      TBS:
-        MD5: 729cf4baceff4ef7aa199ad4f4ebed3d
-        SHA1: f478f0e790d5c8ec6056a3ab2567404a991d2837
-        SHA256: c3c88c2a500cb5a97abca837193a5bd382f6eb3aeb0008edbce65ea2a3dbfd5c
-        SHA384: e62bbb1ba1ad3df59f2c7265df5576af6b5d4a7473b74985a9d956975fdfc517ffbdd2172b0e3ea36befcb6a9026c872
-    - Subject: C=SG, O=GMO GlobalSign Pte Ltd, CN=GlobalSign TSA for MS Authenticode
-        , G2
-      ValidFrom: '2016-05-24 00:00:00'
-      ValidTo: '2027-06-24 00:00:00'
-      Signature: 8fa91a916d04a637200e8396de23d36b6e1f6edd643d682122b5f84736698ee1a545c724a222b72909cc545aaec6bccd638eb33d5048e5b4ccaecd928d9e288b134a11aabda3efd3b236fcb4a172bf6d9763798c44bc702f7ef3bcdd8253ab1af6ebfa1c97bcb6379ca41c30bcabbc2d4736df922003e871c658f675059a34f00b595a824434aa80e42f84f6475d96c9b6caca9db7a6bae450d3d437b8ba200ed0d3922a5bc459bba16ddb3cce449dc1382aade38dbdcd09771a10be670a02366488b9b31b26eee79e60c446a8bc61336ccf4eb99cb96af09f37feb53d4f9ad34dffde208e4e97a6fd9f09bc4dca1876c9b04d8550f280d21d06f5580407b118
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1121d699a764973ef1f8427ee919cc534114
-      Version: 3
-      TBS:
-        MD5: acb5170547d76873f1e4ff18ed5de2eb
-        SHA1: bd6e261e75b807381bada7287de04d259258a5fa
-        SHA256: 4783380498acf592286ef2dea0fcc5bdea3f54d5e374d3e3497df9d5f662cfb6
-        SHA384: 4f428f115cf3d008248f15f32007fc7c54bd454e1b48b765776b4c87c23ab8818d8fbcbb3646d35eca012b025260a3b8
-    - Subject: C=TW, ST=New Taipei, L=New Taipei, O=MICRO,STAR INTERNATIONAL CO.,
-        LTD., CN=MICRO,STAR INTERNATIONAL CO., LTD.
-      ValidFrom: '2019-10-21 14:23:20'
-      ValidTo: '2020-09-27 12:07:15'
-      Signature: 80eea00620eb4bfc1ad0ef7c9e79f1144fb3b03c826a99a76f7a6cab8262a09b0d976bf4d98c7a310ad80acbab76bbf5b068d5b1aaec1fcb55d5feef03a1f19a307788f4029b9bb26a12fe489d2f6b20b5b5bdeb3b8299143b3b30c1ca1736091fc6de585d63f8c095186e7cad6fecbba32d70e64b696458b8dd7f269e0ea199e7984bc3a49065314aba56cac457f0dff5cc71b2a1598306dfb31bb40fadaff604da5e7ee91581fe9868e524163eb47dce3dd54f6edb714a5a126d20e6d89b2567b6aceed6ef8f29938e95b22ee41d2a45229657e6c8bddbfd1d46320bd41d03b8b7b5da6763bbc0e82cdaea96ef23f81e221a3578e882ef3c38bfe790b92240
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 2636eab537f6156b78af523a
-      Version: 3
-      TBS:
-        MD5: afafe18984c1b75f71051a6d8d44a5c6
-        SHA1: 503d375c7f58060d3b98e297afb274339759d1d4
-        SHA256: 9c3b3e4058cde499217d75ce48382b5490fab6fdff14650f674a1776b87d251a
-        SHA384: 96cda05887310f4977443637fecc2d9bac5bb46fc0dd5eb37c84e4e0d87d4fbb05efd7d1901c1741a72328526f01012f
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2011-04-15 19:55:08'
-      ValidTo: '2021-04-15 20:05:08'
-      Signature: 5ff8d065746a81c6a6ca5b03b6914ae84bbdef2ba142f0efb4a5adcd3389ec0b9585ac62501108aa58d25aa08310e5a6337af25af2c5fe787cf09c83df190ad97396002dd62ccde914d41d9de83f3c1a76f7904efb01350a6c9313a0c356eb67a0e4d17a96dec267f190f80a7bf5321b94ec5f751f8d1b34da6c58a7cb2d279e2226b7c9aa30cc0777b836e38201b5393ccc8dd9a75f7f23b3877fdb5798918bd7ce2520e39d644fdd87f72b68490318e0a5df7c5f68644d36838d4781f2e9e0a869abfa7b163c05a449ea8830190a6c73055178dfd41ddd3ad47f2de44e54be83431e7a7433b4a4ebd77073bc2a02988966eef6bc8f749378e329025a5a43e258ce7ccf9acad236893be25fda26054ec8d4e72c910e1797c5beee8b13112323294ffa83d050f6bafad53db3173df4ff034aa325dce67561d1fa35086bd62744d068b78d45e0eb852cc8a15d614474160e5958aed2b5eea5bcd6d7076ab62978fd976767dd8d4f17944fd2ed0caf972437c3a29c81da6be143b6577b4cecbf791319e79fe844e94781b75e701e91f83dd17b27f50b7056434805dda92fab86101d0b12e31ad04c6e75ded645b30b748887935c564a41029af7aeb799d8b67f88fa11f2457cf4d71b91c01cf1a0fbd4080a411a142acef4eb34486e66879ed54b7a397fbb0e3d3861cf735706e412066bd96b5308cd7018c22d4f974691bca9f0
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 6129152700000000002a
-      Version: 3
-      TBS:
-        MD5: 0bb058d116f02817737920f112d9fd3b
-        SHA1: fd116235171a4feafedee586b7a59185fb5fd7e6
-        SHA256: f970426cc46d2ae0fc5f899fa19dbe76e05f07e525654c60c3c9399492c291f4
-        SHA384: c0df876be008c26ca407fe904e6f5e7ccded17f9c16830ce9f8022309c9e64c97f494810f152811ae43e223b82ad7cc6
-    Signer:
-    - SerialNumber: 2636eab537f6156b78af523a
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G3
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 70f300424f459e945ca5fbf9c94d69db
-    SHA1: 552917ba229bafc26ea412dde96e8f88df69a936
-    SHA256: 1f9a45c75fbda3dcbae918a5ded9c51ad9fbab9a1d5a60344d8735febd368b5d
-  Sections:
-    .text:
-      Entropy: 6.152825921491018
-      Virtual Size: '0x1238'
-    .rdata:
-      Entropy: 4.299997682941019
-      Virtual Size: '0x6d0'
-    .data:
-      Entropy: 1.452656690680622
-      Virtual Size: '0xf70'
-    .pdata:
-      Entropy: 4.07117693412078
-      Virtual Size: '0x210'
-    PAGE:
-      Entropy: 6.215171374164429
-      Virtual Size: '0x1a47'
-    INIT:
-      Entropy: 5.168930070566578
-      Virtual Size: '0x634'
-    .reloc:
-      Entropy: 1.2280731978955797
-      Virtual Size: '0x60'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2020-06-18 05:55:42'
-  Imphash: 37f7c6238c9ce110408e01ae1bc45635
-  LoadsDespiteHVCI: 'TRUE'
-- Filename: RTCore64.sys
-  MD5: 680dcb5c39c1ec40ac3897bb3e9f27b9
-  SHA1: 431550db5c160b56e801f220ceeb515dc16e68d2
-  SHA256: 4b4c925c3b8285aeeab9b954e8b2a0773b4d2d0e18d07d4a9d268f4be90f6cae
-  Authentihash:
-    MD5: a17d227444e090ff69e24fcb6d43162b
-    SHA1: 43d3a3c1f7b14cfcc051cae2534dbbbb4c7fc120
-    SHA256: b8eb26b6f79020ae988e4fb752dc06e1b6779749bf4f8df2872fc2b92bab8020
-  Description: ''
-  Company: ''
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  Product: ''
-  ProductVersion: ''
-  Copyright: ''
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - RtlInitUnicodeString
-  - ZwClose
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - IoDeleteSymbolicLink
-  - IofCompleteRequest
-  - MmIsAddressValid
-  - ZwUnmapViewOfSection
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - __C_specific_handler
-  - IoDeleteDevice
-  - HalTranslateBusAddress
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: OU=Timestamping CA, O=GlobalSign, CN=GlobalSign Timestamping CA
-      ValidFrom: '2009-03-18 11:00:00'
-      ValidTo: '2028-01-28 12:00:00'
-      Signature: 5df6cb2b0d0140849f857a43706ae0c5e7aa0600d76713c9089131654f14a8a905dc389e6aa0300abd8dc78028ee4245ca94f3de5845a9803204f5595c6a70003927944df5b44634e81c5331b2b35416e9cc42abd5d959301cfb462725b88723b1e8758824831ec876377b01494548a4ede25dd27c9ca2dc2dba105a126265abae00c710343bcb72bd14240cdcc37627b4a7fee15829f20e169f91391d89a6e60f1c878ce258ac927e243eaaec14e73a33348bc63bac83ab0f14627aba1a2d4d4b1bc530f00b92797d3c78e0f8e6d215965999392b3061e8b8f8c0a1e9221411787dc4dc89bec0bb94e172aeebb540404fef171e585ed0a88996ac9228e9babf
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012019c19066
-      Version: 3
-      TBS:
-        MD5: 42023b9487cafe46c1b6a49c369a362e
-        SHA1: 7c7b524d269334b9f073c32e888e09544c6acd98
-        SHA256: b7126567833f3daa4085ff41e73112daad3d1e3808a942c1936520e2d6c46c78
-        SHA384: 0ee4f63d6f157ec4f6990c3ebb411ccd76cb1e2123c7f692459e43f96c0da2dbf60a2bce6afeacc60621d3055028baea
-    - Subject: C=BE, O=GlobalSign NV, CN=GlobalSign Time Stamping Authority
-      ValidFrom: '2009-12-21 09:32:56'
-      ValidTo: '2020-12-22 09:32:56'
-      Signature: bc89ecfee63655935c79d4117a86808f17b693b26d9b91a1561811c655eaf608edad9b9ef52b81c8bbdd607b1b47991e6d403e1d80c213d58e04052fdbe7ae529e688472a1e54a603cf89bd52f46d8c3b2b79353ac9b6c432424d1f1fce9562e3411581843eaefff34746ca0c06c7fad031969881e9560cabbbd0cbb76efc724b081c63831cf36ad0c38b89020849b2e8f28b99ff6ca9427cdac396157e0e3955a9c769230f5dea6973d721c2a6032a8334d8635338a5cf3a4fdf7062ce16b4b30f5cbd34362f841b9de7d20cb058c8e2cf65f35fd338d42896508362ca389f45a858bb0b97bdb6ccba1f8d20e1bbb977cd12779be9d7c3be6a75634d8c991a9
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 01000000000125b0b4cc01
-      Version: 3
-      TBS:
-        MD5: e3369c8e5aec0504b3a50455f615d9f9
-        SHA1: 13c244a894b40ecd18aaf97c362f20385bd005a7
-        SHA256: 26da721a670c72836926032fee6920118bfb9bff89cc8d0ce30d9452c33f2532
-        SHA384: 1524902f0e25addc6d74039d439366d2b06199e215004fd8e145369f50ea94a021ce6312e8a62b35470da0309ccb975c
-    - Subject: C=US, ST=California, L=Brea, O=EVGA, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=EVGA
-      ValidFrom: '2010-04-14 00:00:00'
-      ValidTo: '2012-04-15 23:59:59'
-      Signature: ba96817224593697c9135d803c5fc87767f2a7ed8fa0aa18eab4030a3daed18c55fb7eda8835d0488d18136c0db39d8edf3224790842cdf8580b35324631de717e9279d28d605285615341aeea10a73005d59cbe3138bebfa5003cbcf2971249423d820d6d252a18bf4dd124a1ac0c2f66015cbb23690e1b0fb9d5ce3f047663f1fb6735e54f09cfb6162da298bdc956490586cfdadee74a5766c187223e19112d22f59c7f3f325449afebc42689ec4c9399bd0d97397c37230804a4e5bc17e904008aa9c5972e2332302e57648006d057c9ed8c6384fb42d138971c86079b155c202733b837b3eef122c866ce3e6d8a8d9f1685e618cc2466d623d212b73df6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 79c32d7ddd2458cf2eabe5b1b5c5290f
-      Version: 3
-      TBS:
-        MD5: 5ba772ec00357ae706016510775c7a00
-        SHA1: eeb31b244ea14abae1e947ecdca0d6ae4720031b
-        SHA256: c8e707c2615c26ac78ed06b42dd20bc8ff82bc5e02ddafe2c9af85755097691b
-        SHA384: a1d6af64a5eb3841d632438119fc954354caf3ccea61b69003a7fc9da166a9c653dc0359be2ae2463bffb7b53b0911ac
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 79c32d7ddd2458cf2eabe5b1b5c5290f
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: deb9c1e252f598099d70d2b33a313da3
-    SHA1: f0c2801e0091ed6f5e10ea7045e911aa90030290
-    SHA256: 914fb9761d50c3fa2ecf9fbd8af3735f9b8d6c4903e067c8af9546e79b6f22c7
-  Sections:
-    .text:
-      Entropy: 5.7214393917162045
-      Virtual Size: '0xc74'
-    .rdata:
-      Entropy: 3.4063014058939425
-      Virtual Size: '0x130'
-    .data:
-      Entropy: 2.4884950805464947
-      Virtual Size: '0x58'
-    .pdata:
-      Entropy: 3.1879942043708462
-      Virtual Size: '0x60'
-    INIT:
-      Entropy: 4.4494366822955245
-      Virtual Size: '0x202'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2005-05-25 00:39:12'
-  Imphash: 543f80399f79401471523d335ea61642
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: RTCore64.sys
-  MD5: f8fe655b7d63dbdc53b0983a0d143028
-  SHA1: d9c1913a6c76b883568910094dfa1d67aad80c84
-  SHA256: 53eaefba7e7dca9ab74e385abf18762f9f1aa51594e7f7db5ba612d6c787dd7e
-  Authentihash:
-    MD5: 55466195f0b2f4afc4243b43a806e6d9
-    SHA1: 38b353d8480885de5dcf299deca99ce4f26a1d20
-    SHA256: 5182caf10de9cec0740ecde5a081c21cdc100d7eb328ffe6f3f63183889fec6b
-  Description: ''
-  Company: ''
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  Product: ''
-  ProductVersion: ''
-  Copyright: ''
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - RtlInitUnicodeString
-  - ZwClose
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - MmMapIoSpace
-  - IoDeleteSymbolicLink
-  - IofCompleteRequest
-  - ZwUnmapViewOfSection
-  - MmUnmapIoSpace
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - __C_specific_handler
-  - IoDeleteDevice
-  - HalTranslateBusAddress
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: OU=Timestamping CA, O=GlobalSign, CN=GlobalSign Timestamping CA
-      ValidFrom: '2009-03-18 11:00:00'
-      ValidTo: '2028-01-28 12:00:00'
-      Signature: 5df6cb2b0d0140849f857a43706ae0c5e7aa0600d76713c9089131654f14a8a905dc389e6aa0300abd8dc78028ee4245ca94f3de5845a9803204f5595c6a70003927944df5b44634e81c5331b2b35416e9cc42abd5d959301cfb462725b88723b1e8758824831ec876377b01494548a4ede25dd27c9ca2dc2dba105a126265abae00c710343bcb72bd14240cdcc37627b4a7fee15829f20e169f91391d89a6e60f1c878ce258ac927e243eaaec14e73a33348bc63bac83ab0f14627aba1a2d4d4b1bc530f00b92797d3c78e0f8e6d215965999392b3061e8b8f8c0a1e9221411787dc4dc89bec0bb94e172aeebb540404fef171e585ed0a88996ac9228e9babf
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012019c19066
-      Version: 3
-      TBS:
-        MD5: 42023b9487cafe46c1b6a49c369a362e
-        SHA1: 7c7b524d269334b9f073c32e888e09544c6acd98
-        SHA256: b7126567833f3daa4085ff41e73112daad3d1e3808a942c1936520e2d6c46c78
-        SHA384: 0ee4f63d6f157ec4f6990c3ebb411ccd76cb1e2123c7f692459e43f96c0da2dbf60a2bce6afeacc60621d3055028baea
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=BE, O=GlobalSign NV, CN=GlobalSign Time Stamping Authority
-      ValidFrom: '2009-12-21 09:32:56'
-      ValidTo: '2020-12-22 09:32:56'
-      Signature: bc89ecfee63655935c79d4117a86808f17b693b26d9b91a1561811c655eaf608edad9b9ef52b81c8bbdd607b1b47991e6d403e1d80c213d58e04052fdbe7ae529e688472a1e54a603cf89bd52f46d8c3b2b79353ac9b6c432424d1f1fce9562e3411581843eaefff34746ca0c06c7fad031969881e9560cabbbd0cbb76efc724b081c63831cf36ad0c38b89020849b2e8f28b99ff6ca9427cdac396157e0e3955a9c769230f5dea6973d721c2a6032a8334d8635338a5cf3a4fdf7062ce16b4b30f5cbd34362f841b9de7d20cb058c8e2cf65f35fd338d42896508362ca389f45a858bb0b97bdb6ccba1f8d20e1bbb977cd12779be9d7c3be6a75634d8c991a9
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 01000000000125b0b4cc01
-      Version: 3
-      TBS:
-        MD5: e3369c8e5aec0504b3a50455f615d9f9
-        SHA1: 13c244a894b40ecd18aaf97c362f20385bd005a7
-        SHA256: 26da721a670c72836926032fee6920118bfb9bff89cc8d0ce30d9452c33f2532
-        SHA384: 1524902f0e25addc6d74039d439366d2b06199e215004fd8e145369f50ea94a021ce6312e8a62b35470da0309ccb975c
-    - Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL CO.,
-        LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL CO.,
-        LTD.
-      ValidFrom: '2011-08-30 06:46:09'
-      ValidTo: '2014-08-30 06:46:09'
-      Signature: 87bf57ab7ffd7e005076b34b14ddd924045ec7e389871661794f1ece1bef10e050893b28236cb650af1415f8cd95e86c2052d93311d73e0bbe6fb1c22ddea438a93c8b18bd4b8c0f81ad07032efb46d406bbaa730dd3ac92cbf0d9cc711a397a0e0320b213a5161e6be83ec69967a712b463129ea56d5a8ecd3ff8901be09dfaa0a0f10e879b307863e1b1c3a3149ac73bc3f3160db7012229b57bced6d47b875878663642a8cddd03da1e7f236b8cf16713a5e0f4c892aaca77a8c7dab41d84567e2bbf09b336a2824e0e18d54d199e6e024d2630bb210cd24a9ef4b377be0429e2ecc9bf8478a8c6a78c686e26f29c95925baee85e4bbb97b6eecffe44a25e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
-      Version: 3
-      TBS:
-        MD5: 3a98a18e8636f2a01e49e2a6d116c360
-        SHA1: a2938150e46525adcec2e3a2348824bc1cf532b2
-        SHA256: 01a2e2d31d0a4f3005753cce5972b5da2a7c08b0750fb6947e0fd231e64ae7ec
-        SHA384: 722398e51e6b5bbe064df372be6b6a9ccfcc9719ad775213cae46920e0a3e6c5a4dc8b912de3148abfc60ff4a59050ea
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 59080883b71fd56bbf10ec0ae4b6bdd4
-    SHA1: 503a36a225568553cc9b05f63b3506c6ff21e12e
-    SHA256: bc812d4ddc3ecfbf38c4d0d185e368fc58bac6e07f722db032bf6303daa7c946
-  Sections:
-    .text:
-      Entropy: 5.866767422382319
-      Virtual Size: '0x8b4'
-    .rdata:
-      Entropy: 3.095201756852517
-      Virtual Size: '0x110'
-    .data:
-      Entropy: 2.4884950805464947
-      Virtual Size: '0x58'
-    .pdata:
-      Entropy: 3.045843351790575
-      Virtual Size: '0x54'
-    INIT:
-      Entropy: 4.468159720315432
-      Virtual Size: '0x218'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2011-09-06 06:24:50'
-  Imphash: 690a0fb27a0c47c785d6bbbfc2e56501
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: RTCore64.sys
-  MD5: 880611326b768c4922e9da8a8effc582
-  SHA1: 96323381a98790b8ffac1654cb65e12dbbe6aff1
-  SHA256: 5f20541f859f21b3106e12d37182b1ea39bb75ffcfcddb2ece4f6edd42c0bab2
-  Authentihash:
-    MD5: cfe667280acf69d4b5d0e2dbc76510e4
-    SHA1: b3249bacda6e43aa2c46c2af802c9ee0b7e2fd7b
-    SHA256: 3c9829a16eb85272b0e1a2917feffaab8ddb23e633b168b389669339a0cee0b5
-  Description: ''
-  Company: ''
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  Product: ''
-  ProductVersion: ''
-  Copyright: ''
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - MmMapIoSpace
-  - __C_specific_handler
-  - ZwClose
-  - ZwUnmapViewOfSection
-  - MmUnmapIoSpace
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - RtlInitUnicodeString
-  - IoDeleteSymbolicLink
-  - IofCompleteRequest
-  - IoDeleteDevice
-  - HalSetBusDataByOffset
-  - HalTranslateBusAddress
-  - HalGetBusDataByOffset
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Timestamping CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2028-01-28 12:00:00'
-      Signature: 4e5e56901e46b4d94931f3bb1739281bc216ddfd41dc0905049b6fb2a29ad6992e40990055b5ea3fa52076d38634d417cc553ac782eeefa8babcd8069f1550dfcd167b523a02d7191afdaff0785ce04bc518df3a241edaacb8a95804020730dbb0125efe31bef00448f4f070f83a5e5683cf3dfb0dbcf4c5ed979db9d4dba52784e3389b8ba735864420a43b6da46a0ba183fd28ebdaef28f6cc885dfb0a3b00abe021ebe22f356c0f8e344597eba2f79933357ecb9a8abb454de73f9fc2d98afa65b26ec77e65ffe892e12c31a2f7b02736488f266f3bee4d761f79c3e57f9635bc2d0ecc01b08e7fff518080a792d4b34446648c874f166307314b63b0dff3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee152d7
-      Version: 3
-      TBS:
-        MD5: e140543fe3256027cfa79fc3c19c1776
-        SHA1: c655f94eb1ecc93de319fc0c9a2dc6c5ec063728
-        SHA256: 3ca71e85908ff67368e4dc00253f5691b9e6d50c966e7784143d75fb92aa3448
-        SHA384: d9d366f9328f2b55ee19a32cc5fd5148b81d764282fe5dc196c872ae249caa51d2c212ef39f33945dfe0cda81925e326
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=SG, O=GMO GlobalSign Pte Ltd, CN=GlobalSign TSA for MS Authenticode
-        , G2
-      ValidFrom: '2016-05-24 00:00:00'
-      ValidTo: '2027-06-24 00:00:00'
-      Signature: 8fa91a916d04a637200e8396de23d36b6e1f6edd643d682122b5f84736698ee1a545c724a222b72909cc545aaec6bccd638eb33d5048e5b4ccaecd928d9e288b134a11aabda3efd3b236fcb4a172bf6d9763798c44bc702f7ef3bcdd8253ab1af6ebfa1c97bcb6379ca41c30bcabbc2d4736df922003e871c658f675059a34f00b595a824434aa80e42f84f6475d96c9b6caca9db7a6bae450d3d437b8ba200ed0d3922a5bc459bba16ddb3cce449dc1382aade38dbdcd09771a10be670a02366488b9b31b26eee79e60c446a8bc61336ccf4eb99cb96af09f37feb53d4f9ad34dffde208e4e97a6fd9f09bc4dca1876c9b04d8550f280d21d06f5580407b118
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1121d699a764973ef1f8427ee919cc534114
-      Version: 3
-      TBS:
-        MD5: acb5170547d76873f1e4ff18ed5de2eb
-        SHA1: bd6e261e75b807381bada7287de04d259258a5fa
-        SHA256: 4783380498acf592286ef2dea0fcc5bdea3f54d5e374d3e3497df9d5f662cfb6
-        SHA384: 4f428f115cf3d008248f15f32007fc7c54bd454e1b48b765776b4c87c23ab8818d8fbcbb3646d35eca012b025260a3b8
-    - Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL CO.,
-        LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL CO.,
-        LTD.
-      ValidFrom: '2014-06-03 09:16:15'
-      ValidTo: '2017-09-03 09:16:15'
-      Signature: 8c35a5b5d3503f50119ab8f99b07a4bb4b71cafaf983206f744545c2997ae1762032fa2d37f4780cfe83bfa999d7bcbd863dc4a51ff39978160e2e191482ae6d7f08e8ffa337c96d8c2d38ddf476a497265a890c1bbf0dee89b1abd32343889a3757732d205ba06525fa8f6e15005405a53e55cef71ac0b6af3a640e4c8aef5e950ab8a8b5c8bcddb2ade96ad9473a3d860ae16fdbe3362cabfd916da089167d906d378dbf4534f7ffb77d87baba29f8f5bbbd9b4b7c127ac170a270dc7a7272d38fdf3bbadbfb448d47e5dd4d310a588666a0d66762e1b3704b1e00e39739190c02f4b981cf2d27ba07d2472ec320edf29e263f26278995d162102968c999b3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112158044863e4dc19cf29a85668b7f45842
-      Version: 3
-      TBS:
-        MD5: 403bb44a62aed1a94bd5df05b3292482
-        SHA1: e4a0353e75940ab1e8cbff2f433f186c7f0b0f09
-        SHA256: 5b81998ed98b343c04134c336e03f3051779eae0e9f882e8339593d18556375d
-        SHA384: db0076cad41a0ef4ea68754ef6905bd5ff772adcb745b05c0060344e43588abc95952dc3ad272f5a8f17b206e4089aca
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112158044863e4dc19cf29a85668b7f45842
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  RichPEHeaderHash:
-    MD5: ebe2ae976914018e88e9fc480e7b6269
-    SHA1: 960715bfbccb53b6c4eccca3b232b25640e15b52
-    SHA256: d755e9f3cb861f5227319238f1811265e332e36a922b9a25da38b122a791fdfa
-  Sections:
-    .text:
-      Entropy: 5.874422277751402
-      Virtual Size: '0x9b4'
-    .rdata:
-      Entropy: 3.0356607252090053
-      Virtual Size: '0x120'
-    .data:
-      Entropy: 2.4884950805464947
-      Virtual Size: '0x58'
-    .pdata:
-      Entropy: 2.979061917571089
-      Virtual Size: '0x54'
-    INIT:
-      Entropy: 4.523481595961036
-      Virtual Size: '0x258'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2015-04-24 01:01:47'
-  Imphash: cde9174249f04dad0f79890c976c0792
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: RTCore64.sys
-  MD5: 515c75d77c64909690c18c08ef3fc310
-  SHA1: 7877bd7da617ec92a5c47f0da1f0abcf6484d905
-  SHA256: 5f7e47d728ac3301eb47b409801a0f4726a435f78f1ed02c30d2a926259c71f3
-  Authentihash:
-    MD5: 55466195f0b2f4afc4243b43a806e6d9
-    SHA1: 38b353d8480885de5dcf299deca99ce4f26a1d20
-    SHA256: 5182caf10de9cec0740ecde5a081c21cdc100d7eb328ffe6f3f63183889fec6b
-  Description: ''
-  Company: ''
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  Product: ''
-  ProductVersion: ''
-  Copyright: ''
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - RtlInitUnicodeString
-  - ZwClose
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - MmMapIoSpace
-  - IoDeleteSymbolicLink
-  - IofCompleteRequest
-  - ZwUnmapViewOfSection
-  - MmUnmapIoSpace
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - __C_specific_handler
-  - IoDeleteDevice
-  - HalTranslateBusAddress
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: OU=Timestamping CA, O=GlobalSign, CN=GlobalSign Timestamping CA
-      ValidFrom: '2009-03-18 11:00:00'
-      ValidTo: '2028-01-28 12:00:00'
-      Signature: 5df6cb2b0d0140849f857a43706ae0c5e7aa0600d76713c9089131654f14a8a905dc389e6aa0300abd8dc78028ee4245ca94f3de5845a9803204f5595c6a70003927944df5b44634e81c5331b2b35416e9cc42abd5d959301cfb462725b88723b1e8758824831ec876377b01494548a4ede25dd27c9ca2dc2dba105a126265abae00c710343bcb72bd14240cdcc37627b4a7fee15829f20e169f91391d89a6e60f1c878ce258ac927e243eaaec14e73a33348bc63bac83ab0f14627aba1a2d4d4b1bc530f00b92797d3c78e0f8e6d215965999392b3061e8b8f8c0a1e9221411787dc4dc89bec0bb94e172aeebb540404fef171e585ed0a88996ac9228e9babf
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012019c19066
-      Version: 3
-      TBS:
-        MD5: 42023b9487cafe46c1b6a49c369a362e
-        SHA1: 7c7b524d269334b9f073c32e888e09544c6acd98
-        SHA256: b7126567833f3daa4085ff41e73112daad3d1e3808a942c1936520e2d6c46c78
-        SHA384: 0ee4f63d6f157ec4f6990c3ebb411ccd76cb1e2123c7f692459e43f96c0da2dbf60a2bce6afeacc60621d3055028baea
-    - Subject: C=BE, O=GlobalSign NV, CN=GlobalSign Time Stamping Authority
-      ValidFrom: '2009-12-21 09:32:56'
-      ValidTo: '2020-12-22 09:32:56'
-      Signature: bc89ecfee63655935c79d4117a86808f17b693b26d9b91a1561811c655eaf608edad9b9ef52b81c8bbdd607b1b47991e6d403e1d80c213d58e04052fdbe7ae529e688472a1e54a603cf89bd52f46d8c3b2b79353ac9b6c432424d1f1fce9562e3411581843eaefff34746ca0c06c7fad031969881e9560cabbbd0cbb76efc724b081c63831cf36ad0c38b89020849b2e8f28b99ff6ca9427cdac396157e0e3955a9c769230f5dea6973d721c2a6032a8334d8635338a5cf3a4fdf7062ce16b4b30f5cbd34362f841b9de7d20cb058c8e2cf65f35fd338d42896508362ca389f45a858bb0b97bdb6ccba1f8d20e1bbb977cd12779be9d7c3be6a75634d8c991a9
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 01000000000125b0b4cc01
-      Version: 3
-      TBS:
-        MD5: e3369c8e5aec0504b3a50455f615d9f9
-        SHA1: 13c244a894b40ecd18aaf97c362f20385bd005a7
-        SHA256: 26da721a670c72836926032fee6920118bfb9bff89cc8d0ce30d9452c33f2532
-        SHA384: 1524902f0e25addc6d74039d439366d2b06199e215004fd8e145369f50ea94a021ce6312e8a62b35470da0309ccb975c
-    - Subject: C=US, ST=California, L=Brea, O=EVGA, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=EVGA
-      ValidFrom: '2010-04-14 00:00:00'
-      ValidTo: '2012-04-15 23:59:59'
-      Signature: ba96817224593697c9135d803c5fc87767f2a7ed8fa0aa18eab4030a3daed18c55fb7eda8835d0488d18136c0db39d8edf3224790842cdf8580b35324631de717e9279d28d605285615341aeea10a73005d59cbe3138bebfa5003cbcf2971249423d820d6d252a18bf4dd124a1ac0c2f66015cbb23690e1b0fb9d5ce3f047663f1fb6735e54f09cfb6162da298bdc956490586cfdadee74a5766c187223e19112d22f59c7f3f325449afebc42689ec4c9399bd0d97397c37230804a4e5bc17e904008aa9c5972e2332302e57648006d057c9ed8c6384fb42d138971c86079b155c202733b837b3eef122c866ce3e6d8a8d9f1685e618cc2466d623d212b73df6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 79c32d7ddd2458cf2eabe5b1b5c5290f
-      Version: 3
-      TBS:
-        MD5: 5ba772ec00357ae706016510775c7a00
-        SHA1: eeb31b244ea14abae1e947ecdca0d6ae4720031b
-        SHA256: c8e707c2615c26ac78ed06b42dd20bc8ff82bc5e02ddafe2c9af85755097691b
-        SHA384: a1d6af64a5eb3841d632438119fc954354caf3ccea61b69003a7fc9da166a9c653dc0359be2ae2463bffb7b53b0911ac
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 79c32d7ddd2458cf2eabe5b1b5c5290f
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 59080883b71fd56bbf10ec0ae4b6bdd4
-    SHA1: 503a36a225568553cc9b05f63b3506c6ff21e12e
-    SHA256: bc812d4ddc3ecfbf38c4d0d185e368fc58bac6e07f722db032bf6303daa7c946
-  Sections:
-    .text:
-      Entropy: 5.866767422382319
-      Virtual Size: '0x8b4'
-    .rdata:
-      Entropy: 3.095201756852517
-      Virtual Size: '0x110'
-    .data:
-      Entropy: 2.4884950805464947
-      Virtual Size: '0x58'
-    .pdata:
-      Entropy: 3.045843351790575
-      Virtual Size: '0x54'
-    INIT:
-      Entropy: 4.468159720315432
-      Virtual Size: '0x218'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2011-09-06 06:24:50'
-  Imphash: 690a0fb27a0c47c785d6bbbfc2e56501
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: RTCore64.sys
-  MD5: 6fa271b6816affaef640808fc51ac8af
-  SHA1: 5291b17205accf847433388fe17553e96ad434ec
-  SHA256: 696679114f6a106ec94c21e2a33fe17af86368bcf9a796aaea37ea6e8748ad6a
-  Authentihash:
-    MD5: 55466195f0b2f4afc4243b43a806e6d9
-    SHA1: 38b353d8480885de5dcf299deca99ce4f26a1d20
-    SHA256: 5182caf10de9cec0740ecde5a081c21cdc100d7eb328ffe6f3f63183889fec6b
-  Description: ''
-  Company: ''
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  Product: ''
-  ProductVersion: ''
-  Copyright: ''
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - RtlInitUnicodeString
-  - ZwClose
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - MmMapIoSpace
-  - IoDeleteSymbolicLink
-  - IofCompleteRequest
-  - ZwUnmapViewOfSection
-  - MmUnmapIoSpace
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - __C_specific_handler
-  - IoDeleteDevice
-  - HalTranslateBusAddress
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: OU=Timestamping CA, O=GlobalSign, CN=GlobalSign Timestamping CA
-      ValidFrom: '2009-03-18 11:00:00'
-      ValidTo: '2028-01-28 12:00:00'
-      Signature: 5df6cb2b0d0140849f857a43706ae0c5e7aa0600d76713c9089131654f14a8a905dc389e6aa0300abd8dc78028ee4245ca94f3de5845a9803204f5595c6a70003927944df5b44634e81c5331b2b35416e9cc42abd5d959301cfb462725b88723b1e8758824831ec876377b01494548a4ede25dd27c9ca2dc2dba105a126265abae00c710343bcb72bd14240cdcc37627b4a7fee15829f20e169f91391d89a6e60f1c878ce258ac927e243eaaec14e73a33348bc63bac83ab0f14627aba1a2d4d4b1bc530f00b92797d3c78e0f8e6d215965999392b3061e8b8f8c0a1e9221411787dc4dc89bec0bb94e172aeebb540404fef171e585ed0a88996ac9228e9babf
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012019c19066
-      Version: 3
-      TBS:
-        MD5: 42023b9487cafe46c1b6a49c369a362e
-        SHA1: 7c7b524d269334b9f073c32e888e09544c6acd98
-        SHA256: b7126567833f3daa4085ff41e73112daad3d1e3808a942c1936520e2d6c46c78
-        SHA384: 0ee4f63d6f157ec4f6990c3ebb411ccd76cb1e2123c7f692459e43f96c0da2dbf60a2bce6afeacc60621d3055028baea
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=BE, O=GlobalSign NV, CN=GlobalSign Time Stamping Authority
-      ValidFrom: '2009-12-21 09:32:56'
-      ValidTo: '2020-12-22 09:32:56'
-      Signature: bc89ecfee63655935c79d4117a86808f17b693b26d9b91a1561811c655eaf608edad9b9ef52b81c8bbdd607b1b47991e6d403e1d80c213d58e04052fdbe7ae529e688472a1e54a603cf89bd52f46d8c3b2b79353ac9b6c432424d1f1fce9562e3411581843eaefff34746ca0c06c7fad031969881e9560cabbbd0cbb76efc724b081c63831cf36ad0c38b89020849b2e8f28b99ff6ca9427cdac396157e0e3955a9c769230f5dea6973d721c2a6032a8334d8635338a5cf3a4fdf7062ce16b4b30f5cbd34362f841b9de7d20cb058c8e2cf65f35fd338d42896508362ca389f45a858bb0b97bdb6ccba1f8d20e1bbb977cd12779be9d7c3be6a75634d8c991a9
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 01000000000125b0b4cc01
-      Version: 3
-      TBS:
-        MD5: e3369c8e5aec0504b3a50455f615d9f9
-        SHA1: 13c244a894b40ecd18aaf97c362f20385bd005a7
-        SHA256: 26da721a670c72836926032fee6920118bfb9bff89cc8d0ce30d9452c33f2532
-        SHA384: 1524902f0e25addc6d74039d439366d2b06199e215004fd8e145369f50ea94a021ce6312e8a62b35470da0309ccb975c
-    - Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL CO.,
-        LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL CO.,
-        LTD.
-      ValidFrom: '2011-08-30 06:46:09'
-      ValidTo: '2014-08-30 06:46:09'
-      Signature: 87bf57ab7ffd7e005076b34b14ddd924045ec7e389871661794f1ece1bef10e050893b28236cb650af1415f8cd95e86c2052d93311d73e0bbe6fb1c22ddea438a93c8b18bd4b8c0f81ad07032efb46d406bbaa730dd3ac92cbf0d9cc711a397a0e0320b213a5161e6be83ec69967a712b463129ea56d5a8ecd3ff8901be09dfaa0a0f10e879b307863e1b1c3a3149ac73bc3f3160db7012229b57bced6d47b875878663642a8cddd03da1e7f236b8cf16713a5e0f4c892aaca77a8c7dab41d84567e2bbf09b336a2824e0e18d54d199e6e024d2630bb210cd24a9ef4b377be0429e2ecc9bf8478a8c6a78c686e26f29c95925baee85e4bbb97b6eecffe44a25e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
-      Version: 3
-      TBS:
-        MD5: 3a98a18e8636f2a01e49e2a6d116c360
-        SHA1: a2938150e46525adcec2e3a2348824bc1cf532b2
-        SHA256: 01a2e2d31d0a4f3005753cce5972b5da2a7c08b0750fb6947e0fd231e64ae7ec
-        SHA384: 722398e51e6b5bbe064df372be6b6a9ccfcc9719ad775213cae46920e0a3e6c5a4dc8b912de3148abfc60ff4a59050ea
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 59080883b71fd56bbf10ec0ae4b6bdd4
-    SHA1: 503a36a225568553cc9b05f63b3506c6ff21e12e
-    SHA256: bc812d4ddc3ecfbf38c4d0d185e368fc58bac6e07f722db032bf6303daa7c946
-  Sections:
-    .text:
-      Entropy: 5.866767422382319
-      Virtual Size: '0x8b4'
-    .rdata:
-      Entropy: 3.095201756852517
-      Virtual Size: '0x110'
-    .data:
-      Entropy: 2.4884950805464947
-      Virtual Size: '0x58'
-    .pdata:
-      Entropy: 3.045843351790575
-      Virtual Size: '0x54'
-    INIT:
-      Entropy: 4.468159720315432
-      Virtual Size: '0x218'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2011-09-06 06:24:50'
-  Imphash: 690a0fb27a0c47c785d6bbbfc2e56501
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: RTCore64.sys
-  MD5: d63c9c1a427a134461258b7b8742858f
-  SHA1: ef0504dd90eb451f51d2c4f987fb7833c91c755b
-  SHA256: 6cb6e23ba516570bbd158c32f7c7c99f19b24ca4437340ecb39253662afe4293
-  Authentihash:
-    MD5: 55466195f0b2f4afc4243b43a806e6d9
-    SHA1: 38b353d8480885de5dcf299deca99ce4f26a1d20
-    SHA256: 5182caf10de9cec0740ecde5a081c21cdc100d7eb328ffe6f3f63183889fec6b
-  Description: ''
-  Company: ''
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  Product: ''
-  ProductVersion: ''
-  Copyright: ''
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - RtlInitUnicodeString
-  - ZwClose
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - MmMapIoSpace
-  - IoDeleteSymbolicLink
-  - IofCompleteRequest
-  - ZwUnmapViewOfSection
-  - MmUnmapIoSpace
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - __C_specific_handler
-  - IoDeleteDevice
-  - HalTranslateBusAddress
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: OU=Timestamping CA, O=GlobalSign, CN=GlobalSign Timestamping CA
-      ValidFrom: '2009-03-18 11:00:00'
-      ValidTo: '2028-01-28 12:00:00'
-      Signature: 5df6cb2b0d0140849f857a43706ae0c5e7aa0600d76713c9089131654f14a8a905dc389e6aa0300abd8dc78028ee4245ca94f3de5845a9803204f5595c6a70003927944df5b44634e81c5331b2b35416e9cc42abd5d959301cfb462725b88723b1e8758824831ec876377b01494548a4ede25dd27c9ca2dc2dba105a126265abae00c710343bcb72bd14240cdcc37627b4a7fee15829f20e169f91391d89a6e60f1c878ce258ac927e243eaaec14e73a33348bc63bac83ab0f14627aba1a2d4d4b1bc530f00b92797d3c78e0f8e6d215965999392b3061e8b8f8c0a1e9221411787dc4dc89bec0bb94e172aeebb540404fef171e585ed0a88996ac9228e9babf
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012019c19066
-      Version: 3
-      TBS:
-        MD5: 42023b9487cafe46c1b6a49c369a362e
-        SHA1: 7c7b524d269334b9f073c32e888e09544c6acd98
-        SHA256: b7126567833f3daa4085ff41e73112daad3d1e3808a942c1936520e2d6c46c78
-        SHA384: 0ee4f63d6f157ec4f6990c3ebb411ccd76cb1e2123c7f692459e43f96c0da2dbf60a2bce6afeacc60621d3055028baea
-    - Subject: C=BE, O=GlobalSign NV, CN=GlobalSign Time Stamping Authority
-      ValidFrom: '2009-12-21 09:32:56'
-      ValidTo: '2020-12-22 09:32:56'
-      Signature: bc89ecfee63655935c79d4117a86808f17b693b26d9b91a1561811c655eaf608edad9b9ef52b81c8bbdd607b1b47991e6d403e1d80c213d58e04052fdbe7ae529e688472a1e54a603cf89bd52f46d8c3b2b79353ac9b6c432424d1f1fce9562e3411581843eaefff34746ca0c06c7fad031969881e9560cabbbd0cbb76efc724b081c63831cf36ad0c38b89020849b2e8f28b99ff6ca9427cdac396157e0e3955a9c769230f5dea6973d721c2a6032a8334d8635338a5cf3a4fdf7062ce16b4b30f5cbd34362f841b9de7d20cb058c8e2cf65f35fd338d42896508362ca389f45a858bb0b97bdb6ccba1f8d20e1bbb977cd12779be9d7c3be6a75634d8c991a9
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 01000000000125b0b4cc01
-      Version: 3
-      TBS:
-        MD5: e3369c8e5aec0504b3a50455f615d9f9
-        SHA1: 13c244a894b40ecd18aaf97c362f20385bd005a7
-        SHA256: 26da721a670c72836926032fee6920118bfb9bff89cc8d0ce30d9452c33f2532
-        SHA384: 1524902f0e25addc6d74039d439366d2b06199e215004fd8e145369f50ea94a021ce6312e8a62b35470da0309ccb975c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=US, ST=California, L=Brea, O=EVGA, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=EVGA
-      ValidFrom: '2012-02-29 00:00:00'
-      ValidTo: '2014-04-15 23:59:59'
-      Signature: d77d9dbdeea6d42d15335f0b16117963e49d39b89af081160a467824968e611f0947648a83375d1380acca6cbe1117f488b428bcab943b20dad29e72dd48e7d01b080b12c444727bba415a098799abd5e5673dd7eda91787920c3cc53aac068e0a3d1faef713c14f7ec6f68f69a33340b70e81083db2ce1daf45592063235d05232a1d3d8052fc3f102b2b71e1c46275eff3d4a2dc5ee0d5d727d180da205055a3709a32ad6bd11317b1f109e7c5eca18c8293c937ba6f76278bc306c10f0f1bc865cedcf2c2331e7a7f5c0bcfab91786b8ff848d8ef9c59937ddb94f6369884162148f882e7d0c4343538ad23aeb6ab3db0f6d125a8e2fe3889e40ed66bc66a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 26d7f5563eb3e42a81f7c715fcd2799d
-      Version: 3
-      TBS:
-        MD5: e994671d8d440b7739cdd9775bbca72f
-        SHA1: ea9446b39b968aa6953e1bf74a36435759b3d2e3
-        SHA256: 37a9886a67c19d644c74505801f947d3b2756a5540cbd89a0c8d500511cb838d
-        SHA384: 41d34e73f1b002f885c80004e3c366299392258ce5ba880150875ed8811ebc9913dc34cdf7c9800a8303dd512207787c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 26d7f5563eb3e42a81f7c715fcd2799d
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 59080883b71fd56bbf10ec0ae4b6bdd4
-    SHA1: 503a36a225568553cc9b05f63b3506c6ff21e12e
-    SHA256: bc812d4ddc3ecfbf38c4d0d185e368fc58bac6e07f722db032bf6303daa7c946
-  Sections:
-    .text:
-      Entropy: 5.866767422382319
-      Virtual Size: '0x8b4'
-    .rdata:
-      Entropy: 3.095201756852517
-      Virtual Size: '0x110'
-    .data:
-      Entropy: 2.4884950805464947
-      Virtual Size: '0x58'
-    .pdata:
-      Entropy: 3.045843351790575
-      Virtual Size: '0x54'
-    INIT:
-      Entropy: 4.468159720315432
-      Virtual Size: '0x218'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2011-09-06 06:24:50'
-  Imphash: 690a0fb27a0c47c785d6bbbfc2e56501
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: RTCore64.sys
-  MD5: 3a7c69293fcd5688cc398691093ec06a
-  SHA1: aadebbcbde0e7edd35e29d98871289a75e744aad
-  SHA256: 7da6113183328d4fddf6937c0c85ef65ba69bfe133b1146193a25bcf6ae1f9dd
-  Authentihash:
-    MD5: a17d227444e090ff69e24fcb6d43162b
-    SHA1: 43d3a3c1f7b14cfcc051cae2534dbbbb4c7fc120
-    SHA256: b8eb26b6f79020ae988e4fb752dc06e1b6779749bf4f8df2872fc2b92bab8020
-  Description: ''
-  Company: ''
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  Product: ''
-  ProductVersion: ''
-  Copyright: ''
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - RtlInitUnicodeString
-  - ZwClose
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - IoDeleteSymbolicLink
-  - IofCompleteRequest
-  - MmIsAddressValid
-  - ZwUnmapViewOfSection
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - __C_specific_handler
-  - IoDeleteDevice
-  - HalTranslateBusAddress
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: OU=Timestamping CA, O=GlobalSign, CN=GlobalSign Timestamping CA
-      ValidFrom: '2009-03-18 11:00:00'
-      ValidTo: '2028-01-28 12:00:00'
-      Signature: 5df6cb2b0d0140849f857a43706ae0c5e7aa0600d76713c9089131654f14a8a905dc389e6aa0300abd8dc78028ee4245ca94f3de5845a9803204f5595c6a70003927944df5b44634e81c5331b2b35416e9cc42abd5d959301cfb462725b88723b1e8758824831ec876377b01494548a4ede25dd27c9ca2dc2dba105a126265abae00c710343bcb72bd14240cdcc37627b4a7fee15829f20e169f91391d89a6e60f1c878ce258ac927e243eaaec14e73a33348bc63bac83ab0f14627aba1a2d4d4b1bc530f00b92797d3c78e0f8e6d215965999392b3061e8b8f8c0a1e9221411787dc4dc89bec0bb94e172aeebb540404fef171e585ed0a88996ac9228e9babf
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012019c19066
-      Version: 3
-      TBS:
-        MD5: 42023b9487cafe46c1b6a49c369a362e
-        SHA1: 7c7b524d269334b9f073c32e888e09544c6acd98
-        SHA256: b7126567833f3daa4085ff41e73112daad3d1e3808a942c1936520e2d6c46c78
-        SHA384: 0ee4f63d6f157ec4f6990c3ebb411ccd76cb1e2123c7f692459e43f96c0da2dbf60a2bce6afeacc60621d3055028baea
-    - Subject: C=BE, O=GlobalSign NV, CN=GlobalSign Time Stamping Authority
-      ValidFrom: '2009-12-21 09:32:56'
-      ValidTo: '2020-12-22 09:32:56'
-      Signature: bc89ecfee63655935c79d4117a86808f17b693b26d9b91a1561811c655eaf608edad9b9ef52b81c8bbdd607b1b47991e6d403e1d80c213d58e04052fdbe7ae529e688472a1e54a603cf89bd52f46d8c3b2b79353ac9b6c432424d1f1fce9562e3411581843eaefff34746ca0c06c7fad031969881e9560cabbbd0cbb76efc724b081c63831cf36ad0c38b89020849b2e8f28b99ff6ca9427cdac396157e0e3955a9c769230f5dea6973d721c2a6032a8334d8635338a5cf3a4fdf7062ce16b4b30f5cbd34362f841b9de7d20cb058c8e2cf65f35fd338d42896508362ca389f45a858bb0b97bdb6ccba1f8d20e1bbb977cd12779be9d7c3be6a75634d8c991a9
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 01000000000125b0b4cc01
-      Version: 3
-      TBS:
-        MD5: e3369c8e5aec0504b3a50455f615d9f9
-        SHA1: 13c244a894b40ecd18aaf97c362f20385bd005a7
-        SHA256: 26da721a670c72836926032fee6920118bfb9bff89cc8d0ce30d9452c33f2532
-        SHA384: 1524902f0e25addc6d74039d439366d2b06199e215004fd8e145369f50ea94a021ce6312e8a62b35470da0309ccb975c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=US, ST=California, L=Brea, O=EVGA, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=EVGA
-      ValidFrom: '2008-04-16 00:00:00'
-      ValidTo: '2010-04-16 23:59:59'
-      Signature: 13a3b8caa6bd8d63308898b0c92b79574e5d122a3ecba9758ec450b7c8c848ee5bc486db6370a8dfeb4c96c2c25512f7a3e759cc57a4d92f1a44fba15ca0c1156d22c49251b4e6a01bb93e4a62522ee5af4286c759c01c66fa5ce4452a4f112d03560bfa9737a3d0f3008b3cc48f2042b4428643f1efb4b99a34d0545c9934f1a6f35819e469430b74ba475a2135660948131cf24c9b1fb84580a1fd63eb3218d282e4f7caf77f4adbecb51e4b8237937eda0b7fcc20fc2273bf38282ee69ae6730b21c5314bcdc3f2e3a1e6f6c3ccb2139800f69d3f2fadc235080214f1c9b11e6a8f2165a45e15cca3c3542c2bac7225208a84828456d2e93cfe8315b092a1
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 546ea040bf5075ce0a5c01d4c6ded19d
-      Version: 3
-      TBS:
-        MD5: 8f51b4e16b87e1cc89b9d0c997227546
-        SHA1: 8f3cdd2b86ae03653f0612911a2f01a9dca49a22
-        SHA256: c7f57b7287c808d2713aba9e368fe387b5825bfbda1bd1824f374beaa8e30be9
-        SHA384: 70423f071aae83c68149b7fca1181f65fd5ee37b1527bb989c3c6b0af7d78b19930c8b2cb517da35f66294eba8768e37
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 546ea040bf5075ce0a5c01d4c6ded19d
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: deb9c1e252f598099d70d2b33a313da3
-    SHA1: f0c2801e0091ed6f5e10ea7045e911aa90030290
-    SHA256: 914fb9761d50c3fa2ecf9fbd8af3735f9b8d6c4903e067c8af9546e79b6f22c7
-  Sections:
-    .text:
-      Entropy: 5.7214393917162045
-      Virtual Size: '0xc74'
-    .rdata:
-      Entropy: 3.4063014058939425
-      Virtual Size: '0x130'
-    .data:
-      Entropy: 2.4884950805464947
-      Virtual Size: '0x58'
-    .pdata:
-      Entropy: 3.1879942043708462
-      Virtual Size: '0x60'
-    INIT:
-      Entropy: 4.4494366822955245
-      Virtual Size: '0x202'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2005-05-25 00:39:12'
-  Imphash: 543f80399f79401471523d335ea61642
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: RTCore64.sys
-  MD5: d5e76d125d624f8025d534f49e3c4162
-  SHA1: 8a23735d9a143ad526bf73c6553e36e8a8d2e561
-  SHA256: 7f5dc63e5742096e4accaca39ae77a2a2142b438c10f97860dee4054b51d3b35
-  Authentihash:
-    MD5: a17d227444e090ff69e24fcb6d43162b
-    SHA1: 43d3a3c1f7b14cfcc051cae2534dbbbb4c7fc120
-    SHA256: b8eb26b6f79020ae988e4fb752dc06e1b6779749bf4f8df2872fc2b92bab8020
-  Description: ''
-  Company: ''
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  Product: ''
-  ProductVersion: ''
-  Copyright: ''
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - RtlInitUnicodeString
-  - ZwClose
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - IoDeleteSymbolicLink
-  - IofCompleteRequest
-  - MmIsAddressValid
-  - ZwUnmapViewOfSection
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - __C_specific_handler
-  - IoDeleteDevice
-  - HalTranslateBusAddress
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: OU=Timestamping CA, O=GlobalSign, CN=GlobalSign Timestamping CA
-      ValidFrom: '2009-03-18 11:00:00'
-      ValidTo: '2028-01-28 12:00:00'
-      Signature: 5df6cb2b0d0140849f857a43706ae0c5e7aa0600d76713c9089131654f14a8a905dc389e6aa0300abd8dc78028ee4245ca94f3de5845a9803204f5595c6a70003927944df5b44634e81c5331b2b35416e9cc42abd5d959301cfb462725b88723b1e8758824831ec876377b01494548a4ede25dd27c9ca2dc2dba105a126265abae00c710343bcb72bd14240cdcc37627b4a7fee15829f20e169f91391d89a6e60f1c878ce258ac927e243eaaec14e73a33348bc63bac83ab0f14627aba1a2d4d4b1bc530f00b92797d3c78e0f8e6d215965999392b3061e8b8f8c0a1e9221411787dc4dc89bec0bb94e172aeebb540404fef171e585ed0a88996ac9228e9babf
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012019c19066
-      Version: 3
-      TBS:
-        MD5: 42023b9487cafe46c1b6a49c369a362e
-        SHA1: 7c7b524d269334b9f073c32e888e09544c6acd98
-        SHA256: b7126567833f3daa4085ff41e73112daad3d1e3808a942c1936520e2d6c46c78
-        SHA384: 0ee4f63d6f157ec4f6990c3ebb411ccd76cb1e2123c7f692459e43f96c0da2dbf60a2bce6afeacc60621d3055028baea
-    - Subject: C=BE, O=GlobalSign NV, CN=GlobalSign Time Stamping Authority
-      ValidFrom: '2009-12-21 09:32:56'
-      ValidTo: '2020-12-22 09:32:56'
-      Signature: bc89ecfee63655935c79d4117a86808f17b693b26d9b91a1561811c655eaf608edad9b9ef52b81c8bbdd607b1b47991e6d403e1d80c213d58e04052fdbe7ae529e688472a1e54a603cf89bd52f46d8c3b2b79353ac9b6c432424d1f1fce9562e3411581843eaefff34746ca0c06c7fad031969881e9560cabbbd0cbb76efc724b081c63831cf36ad0c38b89020849b2e8f28b99ff6ca9427cdac396157e0e3955a9c769230f5dea6973d721c2a6032a8334d8635338a5cf3a4fdf7062ce16b4b30f5cbd34362f841b9de7d20cb058c8e2cf65f35fd338d42896508362ca389f45a858bb0b97bdb6ccba1f8d20e1bbb977cd12779be9d7c3be6a75634d8c991a9
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 01000000000125b0b4cc01
-      Version: 3
-      TBS:
-        MD5: e3369c8e5aec0504b3a50455f615d9f9
-        SHA1: 13c244a894b40ecd18aaf97c362f20385bd005a7
-        SHA256: 26da721a670c72836926032fee6920118bfb9bff89cc8d0ce30d9452c33f2532
-        SHA384: 1524902f0e25addc6d74039d439366d2b06199e215004fd8e145369f50ea94a021ce6312e8a62b35470da0309ccb975c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=US, ST=California, L=Brea, O=EVGA, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=EVGA
-      ValidFrom: '2008-04-16 00:00:00'
-      ValidTo: '2010-04-16 23:59:59'
-      Signature: 13a3b8caa6bd8d63308898b0c92b79574e5d122a3ecba9758ec450b7c8c848ee5bc486db6370a8dfeb4c96c2c25512f7a3e759cc57a4d92f1a44fba15ca0c1156d22c49251b4e6a01bb93e4a62522ee5af4286c759c01c66fa5ce4452a4f112d03560bfa9737a3d0f3008b3cc48f2042b4428643f1efb4b99a34d0545c9934f1a6f35819e469430b74ba475a2135660948131cf24c9b1fb84580a1fd63eb3218d282e4f7caf77f4adbecb51e4b8237937eda0b7fcc20fc2273bf38282ee69ae6730b21c5314bcdc3f2e3a1e6f6c3ccb2139800f69d3f2fadc235080214f1c9b11e6a8f2165a45e15cca3c3542c2bac7225208a84828456d2e93cfe8315b092a1
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 546ea040bf5075ce0a5c01d4c6ded19d
-      Version: 3
-      TBS:
-        MD5: 8f51b4e16b87e1cc89b9d0c997227546
-        SHA1: 8f3cdd2b86ae03653f0612911a2f01a9dca49a22
-        SHA256: c7f57b7287c808d2713aba9e368fe387b5825bfbda1bd1824f374beaa8e30be9
-        SHA384: 70423f071aae83c68149b7fca1181f65fd5ee37b1527bb989c3c6b0af7d78b19930c8b2cb517da35f66294eba8768e37
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 546ea040bf5075ce0a5c01d4c6ded19d
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: deb9c1e252f598099d70d2b33a313da3
-    SHA1: f0c2801e0091ed6f5e10ea7045e911aa90030290
-    SHA256: 914fb9761d50c3fa2ecf9fbd8af3735f9b8d6c4903e067c8af9546e79b6f22c7
-  Sections:
-    .text:
-      Entropy: 5.7214393917162045
-      Virtual Size: '0xc74'
-    .rdata:
-      Entropy: 3.4063014058939425
-      Virtual Size: '0x130'
-    .data:
-      Entropy: 2.4884950805464947
-      Virtual Size: '0x58'
-    .pdata:
-      Entropy: 3.1879942043708462
-      Virtual Size: '0x60'
-    INIT:
-      Entropy: 4.4494366822955245
-      Virtual Size: '0x202'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2005-05-25 00:39:12'
-  Imphash: 543f80399f79401471523d335ea61642
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: rtcore64.sys
-  MD5: ecdc79141b7002b246770d01606504f2
-  SHA1: 4d14d25b540bf8623d09c06107b8ca7bb7625c30
-  SHA256: 8399e5afd8e3e97139dffb1a9fb00db2186321b427f164403282217cab067c38
-  Authentihash:
-    MD5: 55466195f0b2f4afc4243b43a806e6d9
-    SHA1: 38b353d8480885de5dcf299deca99ce4f26a1d20
-    SHA256: 5182caf10de9cec0740ecde5a081c21cdc100d7eb328ffe6f3f63183889fec6b
-  Description: ''
-  Company: ''
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  Product: ''
-  ProductVersion: ''
-  Copyright: ''
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - RtlInitUnicodeString
-  - ZwClose
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - MmMapIoSpace
-  - IoDeleteSymbolicLink
-  - IofCompleteRequest
-  - ZwUnmapViewOfSection
-  - MmUnmapIoSpace
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - __C_specific_handler
-  - IoDeleteDevice
-  - HalTranslateBusAddress
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: OU=Timestamping CA, O=GlobalSign, CN=GlobalSign Timestamping CA
-      ValidFrom: '2009-03-18 11:00:00'
-      ValidTo: '2028-01-28 12:00:00'
-      Signature: 5df6cb2b0d0140849f857a43706ae0c5e7aa0600d76713c9089131654f14a8a905dc389e6aa0300abd8dc78028ee4245ca94f3de5845a9803204f5595c6a70003927944df5b44634e81c5331b2b35416e9cc42abd5d959301cfb462725b88723b1e8758824831ec876377b01494548a4ede25dd27c9ca2dc2dba105a126265abae00c710343bcb72bd14240cdcc37627b4a7fee15829f20e169f91391d89a6e60f1c878ce258ac927e243eaaec14e73a33348bc63bac83ab0f14627aba1a2d4d4b1bc530f00b92797d3c78e0f8e6d215965999392b3061e8b8f8c0a1e9221411787dc4dc89bec0bb94e172aeebb540404fef171e585ed0a88996ac9228e9babf
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012019c19066
-      Version: 3
-      TBS:
-        MD5: 42023b9487cafe46c1b6a49c369a362e
-        SHA1: 7c7b524d269334b9f073c32e888e09544c6acd98
-        SHA256: b7126567833f3daa4085ff41e73112daad3d1e3808a942c1936520e2d6c46c78
-        SHA384: 0ee4f63d6f157ec4f6990c3ebb411ccd76cb1e2123c7f692459e43f96c0da2dbf60a2bce6afeacc60621d3055028baea
-    - Subject: C=BE, O=GlobalSign NV, CN=GlobalSign Time Stamping Authority
-      ValidFrom: '2009-12-21 09:32:56'
-      ValidTo: '2020-12-22 09:32:56'
-      Signature: bc89ecfee63655935c79d4117a86808f17b693b26d9b91a1561811c655eaf608edad9b9ef52b81c8bbdd607b1b47991e6d403e1d80c213d58e04052fdbe7ae529e688472a1e54a603cf89bd52f46d8c3b2b79353ac9b6c432424d1f1fce9562e3411581843eaefff34746ca0c06c7fad031969881e9560cabbbd0cbb76efc724b081c63831cf36ad0c38b89020849b2e8f28b99ff6ca9427cdac396157e0e3955a9c769230f5dea6973d721c2a6032a8334d8635338a5cf3a4fdf7062ce16b4b30f5cbd34362f841b9de7d20cb058c8e2cf65f35fd338d42896508362ca389f45a858bb0b97bdb6ccba1f8d20e1bbb977cd12779be9d7c3be6a75634d8c991a9
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 01000000000125b0b4cc01
-      Version: 3
-      TBS:
-        MD5: e3369c8e5aec0504b3a50455f615d9f9
-        SHA1: 13c244a894b40ecd18aaf97c362f20385bd005a7
-        SHA256: 26da721a670c72836926032fee6920118bfb9bff89cc8d0ce30d9452c33f2532
-        SHA384: 1524902f0e25addc6d74039d439366d2b06199e215004fd8e145369f50ea94a021ce6312e8a62b35470da0309ccb975c
-    - Subject: C=US, ST=California, L=Brea, O=EVGA, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=EVGA
-      ValidFrom: '2010-04-14 00:00:00'
-      ValidTo: '2012-04-15 23:59:59'
-      Signature: ba96817224593697c9135d803c5fc87767f2a7ed8fa0aa18eab4030a3daed18c55fb7eda8835d0488d18136c0db39d8edf3224790842cdf8580b35324631de717e9279d28d605285615341aeea10a73005d59cbe3138bebfa5003cbcf2971249423d820d6d252a18bf4dd124a1ac0c2f66015cbb23690e1b0fb9d5ce3f047663f1fb6735e54f09cfb6162da298bdc956490586cfdadee74a5766c187223e19112d22f59c7f3f325449afebc42689ec4c9399bd0d97397c37230804a4e5bc17e904008aa9c5972e2332302e57648006d057c9ed8c6384fb42d138971c86079b155c202733b837b3eef122c866ce3e6d8a8d9f1685e618cc2466d623d212b73df6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 79c32d7ddd2458cf2eabe5b1b5c5290f
-      Version: 3
-      TBS:
-        MD5: 5ba772ec00357ae706016510775c7a00
-        SHA1: eeb31b244ea14abae1e947ecdca0d6ae4720031b
-        SHA256: c8e707c2615c26ac78ed06b42dd20bc8ff82bc5e02ddafe2c9af85755097691b
-        SHA384: a1d6af64a5eb3841d632438119fc954354caf3ccea61b69003a7fc9da166a9c653dc0359be2ae2463bffb7b53b0911ac
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 79c32d7ddd2458cf2eabe5b1b5c5290f
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 59080883b71fd56bbf10ec0ae4b6bdd4
-    SHA1: 503a36a225568553cc9b05f63b3506c6ff21e12e
-    SHA256: bc812d4ddc3ecfbf38c4d0d185e368fc58bac6e07f722db032bf6303daa7c946
-  Sections:
-    .text:
-      Entropy: 5.866767422382319
-      Virtual Size: '0x8b4'
-    .rdata:
-      Entropy: 3.095201756852517
-      Virtual Size: '0x110'
-    .data:
-      Entropy: 2.4884950805464947
-      Virtual Size: '0x58'
-    .pdata:
-      Entropy: 3.045843351790575
-      Virtual Size: '0x54'
-    INIT:
-      Entropy: 4.468159720315432
-      Virtual Size: '0x218'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2011-09-06 06:24:50'
-  Imphash: 690a0fb27a0c47c785d6bbbfc2e56501
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: RTCore64.sys
-  MD5: 3aacaa62758fa6d178043d78ba89bebc
-  SHA1: f77413ec3bd9ed3f31fc53a4c755dc4123e0068f
-  SHA256: 862d0ff27bb086145a33b9261142838651b0d2e1403be321145e197600eb5015
-  Authentihash:
-    MD5: 936e49d3eec0a2f433e9d0115a38a2b6
-    SHA1: 5717bf3e520accfff5ad9943e53a3b118fb67f2e
-    SHA256: 918d2e68a724b58d37443aea159e70bf8b1b5ebb089c395cad1d62745ecdaa19
-  Description: ''
-  Company: ''
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  Product: ''
-  ProductVersion: ''
-  Copyright: ''
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - RtlInitUnicodeString
-  - ZwClose
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - MmMapIoSpace
-  - IoDeleteSymbolicLink
-  - IofCompleteRequest
-  - ZwUnmapViewOfSection
-  - MmUnmapIoSpace
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - __C_specific_handler
-  - IoDeleteDevice
-  - HalTranslateBusAddress
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Timestamping CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2028-01-28 12:00:00'
-      Signature: 4e5e56901e46b4d94931f3bb1739281bc216ddfd41dc0905049b6fb2a29ad6992e40990055b5ea3fa52076d38634d417cc553ac782eeefa8babcd8069f1550dfcd167b523a02d7191afdaff0785ce04bc518df3a241edaacb8a95804020730dbb0125efe31bef00448f4f070f83a5e5683cf3dfb0dbcf4c5ed979db9d4dba52784e3389b8ba735864420a43b6da46a0ba183fd28ebdaef28f6cc885dfb0a3b00abe021ebe22f356c0f8e344597eba2f79933357ecb9a8abb454de73f9fc2d98afa65b26ec77e65ffe892e12c31a2f7b02736488f266f3bee4d761f79c3e57f9635bc2d0ecc01b08e7fff518080a792d4b34446648c874f166307314b63b0dff3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee152d7
-      Version: 3
-      TBS:
-        MD5: e140543fe3256027cfa79fc3c19c1776
-        SHA1: c655f94eb1ecc93de319fc0c9a2dc6c5ec063728
-        SHA256: 3ca71e85908ff67368e4dc00253f5691b9e6d50c966e7784143d75fb92aa3448
-        SHA384: d9d366f9328f2b55ee19a32cc5fd5148b81d764282fe5dc196c872ae249caa51d2c212ef39f33945dfe0cda81925e326
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=SG, O=GMO GlobalSign Pte Ltd, CN=GlobalSign TSA for MS Authenticode
-        , G1
-      ValidFrom: '2013-08-23 00:00:00'
-      ValidTo: '2024-09-23 00:00:00'
-      Signature: 0231142e5857644185e8af12753c881cc35eec2ce9a13cf5baaa531db9d12963dc436786d439dadec6c9ffbe4585f4a4d7c151ea18ee40585ee67bcca241291338c8ea21169cce90a62efba6cad994df401df902182bbef65d4f9fff9a48dbc50509ca80cea0f9dc4bc323e6038fb4b4af5b71296191181a6b7af2fd0dd1cd7d5e98ebba705ee5f4ea43de353dc514818adb3e105ebb72faa1a093ab031cc1653c91138b045d2bc4b9161bcc55c50ce8abe743c9b28328a5531347ab3964b91cea3430b176009521f1d43da8fda00032d76e983ca69c3b0b83becbb8bb2a268c59b8b9aeaf26ace234a2dc210d810b3813f745a3e3dbc4aca16d1bb7e5615cd7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1121405c1f0ed258882be54d8686ba11ea45
-      Version: 3
-      TBS:
-        MD5: b95cbc184d388718612d5933f7b36770
-        SHA1: ff124c5d160710720108616ffee99bbe090ed363
-        SHA256: 13027620255363f07bbf85ae7d0dc06c07d8b0f4368b12f983ee3f4fce605733
-        SHA384: f42ed00f615f2822dcd3d33794477428afb52ddab932ebcde3586f92a27e18f9faba6b3334ca4e59e0cb24bdbf8395a6
-    - Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL CO.,
-        LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL CO.,
-        LTD.
-      ValidFrom: '2011-08-30 06:46:09'
-      ValidTo: '2014-08-30 06:46:09'
-      Signature: 87bf57ab7ffd7e005076b34b14ddd924045ec7e389871661794f1ece1bef10e050893b28236cb650af1415f8cd95e86c2052d93311d73e0bbe6fb1c22ddea438a93c8b18bd4b8c0f81ad07032efb46d406bbaa730dd3ac92cbf0d9cc711a397a0e0320b213a5161e6be83ec69967a712b463129ea56d5a8ecd3ff8901be09dfaa0a0f10e879b307863e1b1c3a3149ac73bc3f3160db7012229b57bced6d47b875878663642a8cddd03da1e7f236b8cf16713a5e0f4c892aaca77a8c7dab41d84567e2bbf09b336a2824e0e18d54d199e6e024d2630bb210cd24a9ef4b377be0429e2ecc9bf8478a8c6a78c686e26f29c95925baee85e4bbb97b6eecffe44a25e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
-      Version: 3
-      TBS:
-        MD5: 3a98a18e8636f2a01e49e2a6d116c360
-        SHA1: a2938150e46525adcec2e3a2348824bc1cf532b2
-        SHA256: 01a2e2d31d0a4f3005753cce5972b5da2a7c08b0750fb6947e0fd231e64ae7ec
-        SHA384: 722398e51e6b5bbe064df372be6b6a9ccfcc9719ad775213cae46920e0a3e6c5a4dc8b912de3148abfc60ff4a59050ea
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 59080883b71fd56bbf10ec0ae4b6bdd4
-    SHA1: 503a36a225568553cc9b05f63b3506c6ff21e12e
-    SHA256: bc812d4ddc3ecfbf38c4d0d185e368fc58bac6e07f722db032bf6303daa7c946
-  Sections:
-    .text:
-      Entropy: 5.875896928498946
-      Virtual Size: '0x8c4'
-    .rdata:
-      Entropy: 3.077836082863532
-      Virtual Size: '0x110'
-    .data:
-      Entropy: 2.4884950805464947
-      Virtual Size: '0x58'
-    .pdata:
-      Entropy: 2.9223636591016042
-      Virtual Size: '0x54'
-    INIT:
-      Entropy: 4.468159720315432
-      Virtual Size: '0x218'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2013-03-10 23:32:06'
-  Imphash: 690a0fb27a0c47c785d6bbbfc2e56501
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: rtcore64.sys
-  MD5: 4e4b9bdcc6b8d97828ae1972d750a08d
-  SHA1: 82034032b30bbb78d634d6f52c7d7770a73b1b3c
-  SHA256: 9f1025601d17945c3a47026814bdec353ee363966e62dba7fe2673da5ce50def
-  Authentihash:
-    MD5: 936e49d3eec0a2f433e9d0115a38a2b6
-    SHA1: 5717bf3e520accfff5ad9943e53a3b118fb67f2e
-    SHA256: 918d2e68a724b58d37443aea159e70bf8b1b5ebb089c395cad1d62745ecdaa19
-  Description: ''
-  Company: ''
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  Product: ''
-  ProductVersion: ''
-  Copyright: ''
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - RtlInitUnicodeString
-  - ZwClose
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - MmMapIoSpace
-  - IoDeleteSymbolicLink
-  - IofCompleteRequest
-  - ZwUnmapViewOfSection
-  - MmUnmapIoSpace
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - __C_specific_handler
-  - IoDeleteDevice
-  - HalTranslateBusAddress
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: OU=Timestamping CA, O=GlobalSign, CN=GlobalSign Timestamping CA
-      ValidFrom: '2009-03-18 11:00:00'
-      ValidTo: '2028-01-28 12:00:00'
-      Signature: 5df6cb2b0d0140849f857a43706ae0c5e7aa0600d76713c9089131654f14a8a905dc389e6aa0300abd8dc78028ee4245ca94f3de5845a9803204f5595c6a70003927944df5b44634e81c5331b2b35416e9cc42abd5d959301cfb462725b88723b1e8758824831ec876377b01494548a4ede25dd27c9ca2dc2dba105a126265abae00c710343bcb72bd14240cdcc37627b4a7fee15829f20e169f91391d89a6e60f1c878ce258ac927e243eaaec14e73a33348bc63bac83ab0f14627aba1a2d4d4b1bc530f00b92797d3c78e0f8e6d215965999392b3061e8b8f8c0a1e9221411787dc4dc89bec0bb94e172aeebb540404fef171e585ed0a88996ac9228e9babf
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012019c19066
-      Version: 3
-      TBS:
-        MD5: 42023b9487cafe46c1b6a49c369a362e
-        SHA1: 7c7b524d269334b9f073c32e888e09544c6acd98
-        SHA256: b7126567833f3daa4085ff41e73112daad3d1e3808a942c1936520e2d6c46c78
-        SHA384: 0ee4f63d6f157ec4f6990c3ebb411ccd76cb1e2123c7f692459e43f96c0da2dbf60a2bce6afeacc60621d3055028baea
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=BE, O=GlobalSign NV, CN=GlobalSign Time Stamping Authority
-      ValidFrom: '2009-12-21 09:32:56'
-      ValidTo: '2020-12-22 09:32:56'
-      Signature: bc89ecfee63655935c79d4117a86808f17b693b26d9b91a1561811c655eaf608edad9b9ef52b81c8bbdd607b1b47991e6d403e1d80c213d58e04052fdbe7ae529e688472a1e54a603cf89bd52f46d8c3b2b79353ac9b6c432424d1f1fce9562e3411581843eaefff34746ca0c06c7fad031969881e9560cabbbd0cbb76efc724b081c63831cf36ad0c38b89020849b2e8f28b99ff6ca9427cdac396157e0e3955a9c769230f5dea6973d721c2a6032a8334d8635338a5cf3a4fdf7062ce16b4b30f5cbd34362f841b9de7d20cb058c8e2cf65f35fd338d42896508362ca389f45a858bb0b97bdb6ccba1f8d20e1bbb977cd12779be9d7c3be6a75634d8c991a9
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 01000000000125b0b4cc01
-      Version: 3
-      TBS:
-        MD5: e3369c8e5aec0504b3a50455f615d9f9
-        SHA1: 13c244a894b40ecd18aaf97c362f20385bd005a7
-        SHA256: 26da721a670c72836926032fee6920118bfb9bff89cc8d0ce30d9452c33f2532
-        SHA384: 1524902f0e25addc6d74039d439366d2b06199e215004fd8e145369f50ea94a021ce6312e8a62b35470da0309ccb975c
-    - Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL CO.,
-        LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL CO.,
-        LTD.
-      ValidFrom: '2011-08-30 06:46:09'
-      ValidTo: '2014-08-30 06:46:09'
-      Signature: 87bf57ab7ffd7e005076b34b14ddd924045ec7e389871661794f1ece1bef10e050893b28236cb650af1415f8cd95e86c2052d93311d73e0bbe6fb1c22ddea438a93c8b18bd4b8c0f81ad07032efb46d406bbaa730dd3ac92cbf0d9cc711a397a0e0320b213a5161e6be83ec69967a712b463129ea56d5a8ecd3ff8901be09dfaa0a0f10e879b307863e1b1c3a3149ac73bc3f3160db7012229b57bced6d47b875878663642a8cddd03da1e7f236b8cf16713a5e0f4c892aaca77a8c7dab41d84567e2bbf09b336a2824e0e18d54d199e6e024d2630bb210cd24a9ef4b377be0429e2ecc9bf8478a8c6a78c686e26f29c95925baee85e4bbb97b6eecffe44a25e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
-      Version: 3
-      TBS:
-        MD5: 3a98a18e8636f2a01e49e2a6d116c360
-        SHA1: a2938150e46525adcec2e3a2348824bc1cf532b2
-        SHA256: 01a2e2d31d0a4f3005753cce5972b5da2a7c08b0750fb6947e0fd231e64ae7ec
-        SHA384: 722398e51e6b5bbe064df372be6b6a9ccfcc9719ad775213cae46920e0a3e6c5a4dc8b912de3148abfc60ff4a59050ea
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 59080883b71fd56bbf10ec0ae4b6bdd4
-    SHA1: 503a36a225568553cc9b05f63b3506c6ff21e12e
-    SHA256: bc812d4ddc3ecfbf38c4d0d185e368fc58bac6e07f722db032bf6303daa7c946
-  Sections:
-    .text:
-      Entropy: 5.875896928498946
-      Virtual Size: '0x8c4'
-    .rdata:
-      Entropy: 3.077836082863532
-      Virtual Size: '0x110'
-    .data:
-      Entropy: 2.4884950805464947
-      Virtual Size: '0x58'
-    .pdata:
-      Entropy: 2.9223636591016042
-      Virtual Size: '0x54'
-    INIT:
-      Entropy: 4.468159720315432
-      Virtual Size: '0x218'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2013-03-10 23:32:06'
-  Imphash: 690a0fb27a0c47c785d6bbbfc2e56501
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: RTCore64.sys
-  MD5: 821adf5ba68fd8cc7f4f1bc915fe47de
-  SHA1: eb0021e29488c97a0e42a084a4fe5a0695eccb7b
-  SHA256: aafb95a443911e4c67d4e45ffa83cca103c91b42915b81100534dc439bec0c1b
-  Authentihash:
-    MD5: 936e49d3eec0a2f433e9d0115a38a2b6
-    SHA1: 5717bf3e520accfff5ad9943e53a3b118fb67f2e
-    SHA256: 918d2e68a724b58d37443aea159e70bf8b1b5ebb089c395cad1d62745ecdaa19
-  Description: ''
-  Company: ''
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  Product: ''
-  ProductVersion: ''
-  Copyright: ''
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - RtlInitUnicodeString
-  - ZwClose
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - MmMapIoSpace
-  - IoDeleteSymbolicLink
-  - IofCompleteRequest
-  - ZwUnmapViewOfSection
-  - MmUnmapIoSpace
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - __C_specific_handler
-  - IoDeleteDevice
-  - HalTranslateBusAddress
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Timestamping CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2028-01-28 12:00:00'
-      Signature: 4e5e56901e46b4d94931f3bb1739281bc216ddfd41dc0905049b6fb2a29ad6992e40990055b5ea3fa52076d38634d417cc553ac782eeefa8babcd8069f1550dfcd167b523a02d7191afdaff0785ce04bc518df3a241edaacb8a95804020730dbb0125efe31bef00448f4f070f83a5e5683cf3dfb0dbcf4c5ed979db9d4dba52784e3389b8ba735864420a43b6da46a0ba183fd28ebdaef28f6cc885dfb0a3b00abe021ebe22f356c0f8e344597eba2f79933357ecb9a8abb454de73f9fc2d98afa65b26ec77e65ffe892e12c31a2f7b02736488f266f3bee4d761f79c3e57f9635bc2d0ecc01b08e7fff518080a792d4b34446648c874f166307314b63b0dff3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee152d7
-      Version: 3
-      TBS:
-        MD5: e140543fe3256027cfa79fc3c19c1776
-        SHA1: c655f94eb1ecc93de319fc0c9a2dc6c5ec063728
-        SHA256: 3ca71e85908ff67368e4dc00253f5691b9e6d50c966e7784143d75fb92aa3448
-        SHA384: d9d366f9328f2b55ee19a32cc5fd5148b81d764282fe5dc196c872ae249caa51d2c212ef39f33945dfe0cda81925e326
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=SG, O=GMO GlobalSign Pte Ltd, CN=GlobalSign TSA for MS Authenticode
-        , G1
-      ValidFrom: '2013-08-23 00:00:00'
-      ValidTo: '2024-09-23 00:00:00'
-      Signature: 0231142e5857644185e8af12753c881cc35eec2ce9a13cf5baaa531db9d12963dc436786d439dadec6c9ffbe4585f4a4d7c151ea18ee40585ee67bcca241291338c8ea21169cce90a62efba6cad994df401df902182bbef65d4f9fff9a48dbc50509ca80cea0f9dc4bc323e6038fb4b4af5b71296191181a6b7af2fd0dd1cd7d5e98ebba705ee5f4ea43de353dc514818adb3e105ebb72faa1a093ab031cc1653c91138b045d2bc4b9161bcc55c50ce8abe743c9b28328a5531347ab3964b91cea3430b176009521f1d43da8fda00032d76e983ca69c3b0b83becbb8bb2a268c59b8b9aeaf26ace234a2dc210d810b3813f745a3e3dbc4aca16d1bb7e5615cd7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1121405c1f0ed258882be54d8686ba11ea45
-      Version: 3
-      TBS:
-        MD5: b95cbc184d388718612d5933f7b36770
-        SHA1: ff124c5d160710720108616ffee99bbe090ed363
-        SHA256: 13027620255363f07bbf85ae7d0dc06c07d8b0f4368b12f983ee3f4fce605733
-        SHA384: f42ed00f615f2822dcd3d33794477428afb52ddab932ebcde3586f92a27e18f9faba6b3334ca4e59e0cb24bdbf8395a6
-    - Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL CO.,
-        LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL CO.,
-        LTD.
-      ValidFrom: '2011-08-30 06:46:09'
-      ValidTo: '2014-08-30 06:46:09'
-      Signature: 87bf57ab7ffd7e005076b34b14ddd924045ec7e389871661794f1ece1bef10e050893b28236cb650af1415f8cd95e86c2052d93311d73e0bbe6fb1c22ddea438a93c8b18bd4b8c0f81ad07032efb46d406bbaa730dd3ac92cbf0d9cc711a397a0e0320b213a5161e6be83ec69967a712b463129ea56d5a8ecd3ff8901be09dfaa0a0f10e879b307863e1b1c3a3149ac73bc3f3160db7012229b57bced6d47b875878663642a8cddd03da1e7f236b8cf16713a5e0f4c892aaca77a8c7dab41d84567e2bbf09b336a2824e0e18d54d199e6e024d2630bb210cd24a9ef4b377be0429e2ecc9bf8478a8c6a78c686e26f29c95925baee85e4bbb97b6eecffe44a25e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
-      Version: 3
-      TBS:
-        MD5: 3a98a18e8636f2a01e49e2a6d116c360
-        SHA1: a2938150e46525adcec2e3a2348824bc1cf532b2
-        SHA256: 01a2e2d31d0a4f3005753cce5972b5da2a7c08b0750fb6947e0fd231e64ae7ec
-        SHA384: 722398e51e6b5bbe064df372be6b6a9ccfcc9719ad775213cae46920e0a3e6c5a4dc8b912de3148abfc60ff4a59050ea
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 59080883b71fd56bbf10ec0ae4b6bdd4
-    SHA1: 503a36a225568553cc9b05f63b3506c6ff21e12e
-    SHA256: bc812d4ddc3ecfbf38c4d0d185e368fc58bac6e07f722db032bf6303daa7c946
-  Sections:
-    .text:
-      Entropy: 5.875896928498946
-      Virtual Size: '0x8c4'
-    .rdata:
-      Entropy: 3.077836082863532
-      Virtual Size: '0x110'
-    .data:
-      Entropy: 2.4884950805464947
-      Virtual Size: '0x58'
-    .pdata:
-      Entropy: 2.9223636591016042
-      Virtual Size: '0x54'
-    INIT:
-      Entropy: 4.468159720315432
-      Virtual Size: '0x218'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2013-03-10 23:32:06'
-  Imphash: 690a0fb27a0c47c785d6bbbfc2e56501
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: RTCore64.sys
-  MD5: 0d5774527af6e30905317839686b449d
-  SHA1: 75d0b9bdfa79e5d43ec8b4c0996f559075723de7
-  SHA256: ae6fb53e4d8122dba3a65e5fa59185b36c3ac9df46e82fcfb6731ab55c6395aa
-  Authentihash:
-    MD5: 936e49d3eec0a2f433e9d0115a38a2b6
-    SHA1: 5717bf3e520accfff5ad9943e53a3b118fb67f2e
-    SHA256: 918d2e68a724b58d37443aea159e70bf8b1b5ebb089c395cad1d62745ecdaa19
-  Description: ''
-  Company: ''
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  Product: ''
-  ProductVersion: ''
-  Copyright: ''
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - RtlInitUnicodeString
-  - ZwClose
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - MmMapIoSpace
-  - IoDeleteSymbolicLink
-  - IofCompleteRequest
-  - ZwUnmapViewOfSection
-  - MmUnmapIoSpace
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - __C_specific_handler
-  - IoDeleteDevice
-  - HalTranslateBusAddress
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Timestamping CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2028-01-28 12:00:00'
-      Signature: 4e5e56901e46b4d94931f3bb1739281bc216ddfd41dc0905049b6fb2a29ad6992e40990055b5ea3fa52076d38634d417cc553ac782eeefa8babcd8069f1550dfcd167b523a02d7191afdaff0785ce04bc518df3a241edaacb8a95804020730dbb0125efe31bef00448f4f070f83a5e5683cf3dfb0dbcf4c5ed979db9d4dba52784e3389b8ba735864420a43b6da46a0ba183fd28ebdaef28f6cc885dfb0a3b00abe021ebe22f356c0f8e344597eba2f79933357ecb9a8abb454de73f9fc2d98afa65b26ec77e65ffe892e12c31a2f7b02736488f266f3bee4d761f79c3e57f9635bc2d0ecc01b08e7fff518080a792d4b34446648c874f166307314b63b0dff3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee152d7
-      Version: 3
-      TBS:
-        MD5: e140543fe3256027cfa79fc3c19c1776
-        SHA1: c655f94eb1ecc93de319fc0c9a2dc6c5ec063728
-        SHA256: 3ca71e85908ff67368e4dc00253f5691b9e6d50c966e7784143d75fb92aa3448
-        SHA384: d9d366f9328f2b55ee19a32cc5fd5148b81d764282fe5dc196c872ae249caa51d2c212ef39f33945dfe0cda81925e326
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=SG, O=GMO GlobalSign Pte Ltd, CN=GlobalSign TSA for MS Authenticode
-        , G1
-      ValidFrom: '2013-08-23 00:00:00'
-      ValidTo: '2024-09-23 00:00:00'
-      Signature: 0231142e5857644185e8af12753c881cc35eec2ce9a13cf5baaa531db9d12963dc436786d439dadec6c9ffbe4585f4a4d7c151ea18ee40585ee67bcca241291338c8ea21169cce90a62efba6cad994df401df902182bbef65d4f9fff9a48dbc50509ca80cea0f9dc4bc323e6038fb4b4af5b71296191181a6b7af2fd0dd1cd7d5e98ebba705ee5f4ea43de353dc514818adb3e105ebb72faa1a093ab031cc1653c91138b045d2bc4b9161bcc55c50ce8abe743c9b28328a5531347ab3964b91cea3430b176009521f1d43da8fda00032d76e983ca69c3b0b83becbb8bb2a268c59b8b9aeaf26ace234a2dc210d810b3813f745a3e3dbc4aca16d1bb7e5615cd7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1121405c1f0ed258882be54d8686ba11ea45
-      Version: 3
-      TBS:
-        MD5: b95cbc184d388718612d5933f7b36770
-        SHA1: ff124c5d160710720108616ffee99bbe090ed363
-        SHA256: 13027620255363f07bbf85ae7d0dc06c07d8b0f4368b12f983ee3f4fce605733
-        SHA384: f42ed00f615f2822dcd3d33794477428afb52ddab932ebcde3586f92a27e18f9faba6b3334ca4e59e0cb24bdbf8395a6
-    - Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL CO.,
-        LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL CO.,
-        LTD.
-      ValidFrom: '2011-08-30 06:46:09'
-      ValidTo: '2014-08-30 06:46:09'
-      Signature: 87bf57ab7ffd7e005076b34b14ddd924045ec7e389871661794f1ece1bef10e050893b28236cb650af1415f8cd95e86c2052d93311d73e0bbe6fb1c22ddea438a93c8b18bd4b8c0f81ad07032efb46d406bbaa730dd3ac92cbf0d9cc711a397a0e0320b213a5161e6be83ec69967a712b463129ea56d5a8ecd3ff8901be09dfaa0a0f10e879b307863e1b1c3a3149ac73bc3f3160db7012229b57bced6d47b875878663642a8cddd03da1e7f236b8cf16713a5e0f4c892aaca77a8c7dab41d84567e2bbf09b336a2824e0e18d54d199e6e024d2630bb210cd24a9ef4b377be0429e2ecc9bf8478a8c6a78c686e26f29c95925baee85e4bbb97b6eecffe44a25e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
-      Version: 3
-      TBS:
-        MD5: 3a98a18e8636f2a01e49e2a6d116c360
-        SHA1: a2938150e46525adcec2e3a2348824bc1cf532b2
-        SHA256: 01a2e2d31d0a4f3005753cce5972b5da2a7c08b0750fb6947e0fd231e64ae7ec
-        SHA384: 722398e51e6b5bbe064df372be6b6a9ccfcc9719ad775213cae46920e0a3e6c5a4dc8b912de3148abfc60ff4a59050ea
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 59080883b71fd56bbf10ec0ae4b6bdd4
-    SHA1: 503a36a225568553cc9b05f63b3506c6ff21e12e
-    SHA256: bc812d4ddc3ecfbf38c4d0d185e368fc58bac6e07f722db032bf6303daa7c946
-  Sections:
-    .text:
-      Entropy: 5.875896928498946
-      Virtual Size: '0x8c4'
-    .rdata:
-      Entropy: 3.077836082863532
-      Virtual Size: '0x110'
-    .data:
-      Entropy: 2.4884950805464947
-      Virtual Size: '0x58'
-    .pdata:
-      Entropy: 2.9223636591016042
-      Virtual Size: '0x54'
-    INIT:
-      Entropy: 4.468159720315432
-      Virtual Size: '0x218'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2013-03-10 23:32:06'
-  Imphash: 690a0fb27a0c47c785d6bbbfc2e56501
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: RTCore64.sys
-  MD5: 18439fe2aaeddfd355ef88091cb6c15f
-  SHA1: 52d9bbe41eea0b60507c469f7810d80343c03c2b
-  SHA256: b1867d13a4cab66a76f4d4448824ca0cb3a176064626f9618c0c103ee3cb4f47
-  Authentihash:
-    MD5: 936e49d3eec0a2f433e9d0115a38a2b6
-    SHA1: 5717bf3e520accfff5ad9943e53a3b118fb67f2e
-    SHA256: 918d2e68a724b58d37443aea159e70bf8b1b5ebb089c395cad1d62745ecdaa19
-  Description: ''
-  Company: ''
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  Product: ''
-  ProductVersion: ''
-  Copyright: ''
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - RtlInitUnicodeString
-  - ZwClose
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - MmMapIoSpace
-  - IoDeleteSymbolicLink
-  - IofCompleteRequest
-  - ZwUnmapViewOfSection
-  - MmUnmapIoSpace
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - __C_specific_handler
-  - IoDeleteDevice
-  - HalTranslateBusAddress
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: OU=Timestamping CA, O=GlobalSign, CN=GlobalSign Timestamping CA
-      ValidFrom: '2009-03-18 11:00:00'
-      ValidTo: '2028-01-28 12:00:00'
-      Signature: 5df6cb2b0d0140849f857a43706ae0c5e7aa0600d76713c9089131654f14a8a905dc389e6aa0300abd8dc78028ee4245ca94f3de5845a9803204f5595c6a70003927944df5b44634e81c5331b2b35416e9cc42abd5d959301cfb462725b88723b1e8758824831ec876377b01494548a4ede25dd27c9ca2dc2dba105a126265abae00c710343bcb72bd14240cdcc37627b4a7fee15829f20e169f91391d89a6e60f1c878ce258ac927e243eaaec14e73a33348bc63bac83ab0f14627aba1a2d4d4b1bc530f00b92797d3c78e0f8e6d215965999392b3061e8b8f8c0a1e9221411787dc4dc89bec0bb94e172aeebb540404fef171e585ed0a88996ac9228e9babf
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012019c19066
-      Version: 3
-      TBS:
-        MD5: 42023b9487cafe46c1b6a49c369a362e
-        SHA1: 7c7b524d269334b9f073c32e888e09544c6acd98
-        SHA256: b7126567833f3daa4085ff41e73112daad3d1e3808a942c1936520e2d6c46c78
-        SHA384: 0ee4f63d6f157ec4f6990c3ebb411ccd76cb1e2123c7f692459e43f96c0da2dbf60a2bce6afeacc60621d3055028baea
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=BE, O=GlobalSign NV, CN=GlobalSign Time Stamping Authority
-      ValidFrom: '2009-12-21 09:32:56'
-      ValidTo: '2020-12-22 09:32:56'
-      Signature: bc89ecfee63655935c79d4117a86808f17b693b26d9b91a1561811c655eaf608edad9b9ef52b81c8bbdd607b1b47991e6d403e1d80c213d58e04052fdbe7ae529e688472a1e54a603cf89bd52f46d8c3b2b79353ac9b6c432424d1f1fce9562e3411581843eaefff34746ca0c06c7fad031969881e9560cabbbd0cbb76efc724b081c63831cf36ad0c38b89020849b2e8f28b99ff6ca9427cdac396157e0e3955a9c769230f5dea6973d721c2a6032a8334d8635338a5cf3a4fdf7062ce16b4b30f5cbd34362f841b9de7d20cb058c8e2cf65f35fd338d42896508362ca389f45a858bb0b97bdb6ccba1f8d20e1bbb977cd12779be9d7c3be6a75634d8c991a9
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 01000000000125b0b4cc01
-      Version: 3
-      TBS:
-        MD5: e3369c8e5aec0504b3a50455f615d9f9
-        SHA1: 13c244a894b40ecd18aaf97c362f20385bd005a7
-        SHA256: 26da721a670c72836926032fee6920118bfb9bff89cc8d0ce30d9452c33f2532
-        SHA384: 1524902f0e25addc6d74039d439366d2b06199e215004fd8e145369f50ea94a021ce6312e8a62b35470da0309ccb975c
-    - Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL CO.,
-        LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL CO.,
-        LTD.
-      ValidFrom: '2011-08-30 06:46:09'
-      ValidTo: '2014-08-30 06:46:09'
-      Signature: 87bf57ab7ffd7e005076b34b14ddd924045ec7e389871661794f1ece1bef10e050893b28236cb650af1415f8cd95e86c2052d93311d73e0bbe6fb1c22ddea438a93c8b18bd4b8c0f81ad07032efb46d406bbaa730dd3ac92cbf0d9cc711a397a0e0320b213a5161e6be83ec69967a712b463129ea56d5a8ecd3ff8901be09dfaa0a0f10e879b307863e1b1c3a3149ac73bc3f3160db7012229b57bced6d47b875878663642a8cddd03da1e7f236b8cf16713a5e0f4c892aaca77a8c7dab41d84567e2bbf09b336a2824e0e18d54d199e6e024d2630bb210cd24a9ef4b377be0429e2ecc9bf8478a8c6a78c686e26f29c95925baee85e4bbb97b6eecffe44a25e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
-      Version: 3
-      TBS:
-        MD5: 3a98a18e8636f2a01e49e2a6d116c360
-        SHA1: a2938150e46525adcec2e3a2348824bc1cf532b2
-        SHA256: 01a2e2d31d0a4f3005753cce5972b5da2a7c08b0750fb6947e0fd231e64ae7ec
-        SHA384: 722398e51e6b5bbe064df372be6b6a9ccfcc9719ad775213cae46920e0a3e6c5a4dc8b912de3148abfc60ff4a59050ea
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 59080883b71fd56bbf10ec0ae4b6bdd4
-    SHA1: 503a36a225568553cc9b05f63b3506c6ff21e12e
-    SHA256: bc812d4ddc3ecfbf38c4d0d185e368fc58bac6e07f722db032bf6303daa7c946
-  Sections:
-    .text:
-      Entropy: 5.875896928498946
-      Virtual Size: '0x8c4'
-    .rdata:
-      Entropy: 3.077836082863532
-      Virtual Size: '0x110'
-    .data:
-      Entropy: 2.4884950805464947
-      Virtual Size: '0x58'
-    .pdata:
-      Entropy: 2.9223636591016042
-      Virtual Size: '0x54'
-    INIT:
-      Entropy: 4.468159720315432
-      Virtual Size: '0x218'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2013-03-10 23:32:06'
-  Imphash: 690a0fb27a0c47c785d6bbbfc2e56501
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: RTCore64.sys
-  MD5: 4b60ef388071e0baf299496e3d6590ae
-  SHA1: cf9b4d606467108e4b845ecb8ede2f5865bd6c33
-  SHA256: b61869b7945be062630f1dd4bae919aecee8927f7e1bc3954a21ff763f4c0867
-  Authentihash:
-    MD5: 55466195f0b2f4afc4243b43a806e6d9
-    SHA1: 38b353d8480885de5dcf299deca99ce4f26a1d20
-    SHA256: 5182caf10de9cec0740ecde5a081c21cdc100d7eb328ffe6f3f63183889fec6b
-  Description: ''
-  Company: ''
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  Product: ''
-  ProductVersion: ''
-  Copyright: ''
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - RtlInitUnicodeString
-  - ZwClose
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - MmMapIoSpace
-  - IoDeleteSymbolicLink
-  - IofCompleteRequest
-  - ZwUnmapViewOfSection
-  - MmUnmapIoSpace
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - __C_specific_handler
-  - IoDeleteDevice
-  - HalTranslateBusAddress
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL CO.,
-        LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL CO.,
-        LTD.
-      ValidFrom: '2011-08-30 06:46:09'
-      ValidTo: '2014-08-30 06:46:09'
-      Signature: 87bf57ab7ffd7e005076b34b14ddd924045ec7e389871661794f1ece1bef10e050893b28236cb650af1415f8cd95e86c2052d93311d73e0bbe6fb1c22ddea438a93c8b18bd4b8c0f81ad07032efb46d406bbaa730dd3ac92cbf0d9cc711a397a0e0320b213a5161e6be83ec69967a712b463129ea56d5a8ecd3ff8901be09dfaa0a0f10e879b307863e1b1c3a3149ac73bc3f3160db7012229b57bced6d47b875878663642a8cddd03da1e7f236b8cf16713a5e0f4c892aaca77a8c7dab41d84567e2bbf09b336a2824e0e18d54d199e6e024d2630bb210cd24a9ef4b377be0429e2ecc9bf8478a8c6a78c686e26f29c95925baee85e4bbb97b6eecffe44a25e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
-      Version: 3
-      TBS:
-        MD5: 3a98a18e8636f2a01e49e2a6d116c360
-        SHA1: a2938150e46525adcec2e3a2348824bc1cf532b2
-        SHA256: 01a2e2d31d0a4f3005753cce5972b5da2a7c08b0750fb6947e0fd231e64ae7ec
-        SHA384: 722398e51e6b5bbe064df372be6b6a9ccfcc9719ad775213cae46920e0a3e6c5a4dc8b912de3148abfc60ff4a59050ea
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 59080883b71fd56bbf10ec0ae4b6bdd4
-    SHA1: 503a36a225568553cc9b05f63b3506c6ff21e12e
-    SHA256: bc812d4ddc3ecfbf38c4d0d185e368fc58bac6e07f722db032bf6303daa7c946
-  Sections:
-    .text:
-      Entropy: 5.866767422382319
-      Virtual Size: '0x8b4'
-    .rdata:
-      Entropy: 3.095201756852517
-      Virtual Size: '0x110'
-    .data:
-      Entropy: 2.4884950805464947
-      Virtual Size: '0x58'
-    .pdata:
-      Entropy: 3.045843351790575
-      Virtual Size: '0x54'
-    INIT:
-      Entropy: 4.468159720315432
-      Virtual Size: '0x218'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2011-09-06 06:24:50'
-  Imphash: 690a0fb27a0c47c785d6bbbfc2e56501
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: RTCore64.sys
-  MD5: aa9adcf64008e13d7e68b56fdd307ead
-  SHA1: 562368c390b0dadf2356b8b3c747357ecef2dfc8
-  SHA256: bc13adeb6bf62b1e10ef41205ef92382e6c18d6a20669d288a0b11058e533d63
-  Authentihash:
-    MD5: 538e5e595c61d2ea8defb7b047784734
-    SHA1: 4a68c2d7a4c471e062a32c83a36eedb45a619683
-    SHA256: 478c36f8af7844a80e24c1822507beef6314519185717ec7ae224a0e04b2f330
-  Description: ''
-  Company: ''
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  Product: ''
-  ProductVersion: ''
-  Copyright: ''
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - MmMapIoSpace
-  - __C_specific_handler
-  - ZwClose
-  - ZwUnmapViewOfSection
-  - MmUnmapIoSpace
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - RtlInitUnicodeString
-  - IoDeleteSymbolicLink
-  - IofCompleteRequest
-  - IoDeleteDevice
-  - HalTranslateBusAddress
-  - HalGetBusDataByOffset
-  - HalSetBusDataByOffset
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Timestamping CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2028-01-28 12:00:00'
-      Signature: 4e5e56901e46b4d94931f3bb1739281bc216ddfd41dc0905049b6fb2a29ad6992e40990055b5ea3fa52076d38634d417cc553ac782eeefa8babcd8069f1550dfcd167b523a02d7191afdaff0785ce04bc518df3a241edaacb8a95804020730dbb0125efe31bef00448f4f070f83a5e5683cf3dfb0dbcf4c5ed979db9d4dba52784e3389b8ba735864420a43b6da46a0ba183fd28ebdaef28f6cc885dfb0a3b00abe021ebe22f356c0f8e344597eba2f79933357ecb9a8abb454de73f9fc2d98afa65b26ec77e65ffe892e12c31a2f7b02736488f266f3bee4d761f79c3e57f9635bc2d0ecc01b08e7fff518080a792d4b34446648c874f166307314b63b0dff3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee152d7
-      Version: 3
-      TBS:
-        MD5: e140543fe3256027cfa79fc3c19c1776
-        SHA1: c655f94eb1ecc93de319fc0c9a2dc6c5ec063728
-        SHA256: 3ca71e85908ff67368e4dc00253f5691b9e6d50c966e7784143d75fb92aa3448
-        SHA384: d9d366f9328f2b55ee19a32cc5fd5148b81d764282fe5dc196c872ae249caa51d2c212ef39f33945dfe0cda81925e326
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=SG, O=GMO GlobalSign Pte Ltd, CN=GlobalSign TSA for MS Authenticode
-        , G2
-      ValidFrom: '2016-05-24 00:00:00'
-      ValidTo: '2027-06-24 00:00:00'
-      Signature: 8fa91a916d04a637200e8396de23d36b6e1f6edd643d682122b5f84736698ee1a545c724a222b72909cc545aaec6bccd638eb33d5048e5b4ccaecd928d9e288b134a11aabda3efd3b236fcb4a172bf6d9763798c44bc702f7ef3bcdd8253ab1af6ebfa1c97bcb6379ca41c30bcabbc2d4736df922003e871c658f675059a34f00b595a824434aa80e42f84f6475d96c9b6caca9db7a6bae450d3d437b8ba200ed0d3922a5bc459bba16ddb3cce449dc1382aade38dbdcd09771a10be670a02366488b9b31b26eee79e60c446a8bc61336ccf4eb99cb96af09f37feb53d4f9ad34dffde208e4e97a6fd9f09bc4dca1876c9b04d8550f280d21d06f5580407b118
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1121d699a764973ef1f8427ee919cc534114
-      Version: 3
-      TBS:
-        MD5: acb5170547d76873f1e4ff18ed5de2eb
-        SHA1: bd6e261e75b807381bada7287de04d259258a5fa
-        SHA256: 4783380498acf592286ef2dea0fcc5bdea3f54d5e374d3e3497df9d5f662cfb6
-        SHA384: 4f428f115cf3d008248f15f32007fc7c54bd454e1b48b765776b4c87c23ab8818d8fbcbb3646d35eca012b025260a3b8
-    - Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL CO.,
-        LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL CO.,
-        LTD.
-      ValidFrom: '2014-06-03 09:16:15'
-      ValidTo: '2017-09-03 09:16:15'
-      Signature: 8c35a5b5d3503f50119ab8f99b07a4bb4b71cafaf983206f744545c2997ae1762032fa2d37f4780cfe83bfa999d7bcbd863dc4a51ff39978160e2e191482ae6d7f08e8ffa337c96d8c2d38ddf476a497265a890c1bbf0dee89b1abd32343889a3757732d205ba06525fa8f6e15005405a53e55cef71ac0b6af3a640e4c8aef5e950ab8a8b5c8bcddb2ade96ad9473a3d860ae16fdbe3362cabfd916da089167d906d378dbf4534f7ffb77d87baba29f8f5bbbd9b4b7c127ac170a270dc7a7272d38fdf3bbadbfb448d47e5dd4d310a588666a0d66762e1b3704b1e00e39739190c02f4b981cf2d27ba07d2472ec320edf29e263f26278995d162102968c999b3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112158044863e4dc19cf29a85668b7f45842
-      Version: 3
-      TBS:
-        MD5: 403bb44a62aed1a94bd5df05b3292482
-        SHA1: e4a0353e75940ab1e8cbff2f433f186c7f0b0f09
-        SHA256: 5b81998ed98b343c04134c336e03f3051779eae0e9f882e8339593d18556375d
-        SHA384: db0076cad41a0ef4ea68754ef6905bd5ff772adcb745b05c0060344e43588abc95952dc3ad272f5a8f17b206e4089aca
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112158044863e4dc19cf29a85668b7f45842
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  RichPEHeaderHash:
-    MD5: ebe2ae976914018e88e9fc480e7b6269
-    SHA1: 960715bfbccb53b6c4eccca3b232b25640e15b52
-    SHA256: d755e9f3cb861f5227319238f1811265e332e36a922b9a25da38b122a791fdfa
-  Sections:
-    .text:
-      Entropy: 5.9488831741487855
-      Virtual Size: '0xb64'
-    .rdata:
-      Entropy: 3.0845170472775276
-      Virtual Size: '0x12c'
-    .data:
-      Entropy: 2.4884950805464947
-      Virtual Size: '0x58'
-    .pdata:
-      Entropy: 3.0964706270496722
-      Virtual Size: '0x60'
-    INIT:
-      Entropy: 4.528890116790764
-      Virtual Size: '0x258'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2016-09-30 06:03:17'
-  Imphash: 7363079b9aae7d58bd33c691a613c83c
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: RTCore64.sys
-  MD5: 6a094d8e4b00dd1d93eb494099e98478
-  SHA1: fdf4a0af89f0c8276ad6d540c75beece380703ab
-  SHA256: d7ddf874304556f8a10942a29b3d387cb5155a7419f87813557fe728cb14806d
-  Authentihash:
-    MD5: 538e5e595c61d2ea8defb7b047784734
-    SHA1: 4a68c2d7a4c471e062a32c83a36eedb45a619683
-    SHA256: 478c36f8af7844a80e24c1822507beef6314519185717ec7ae224a0e04b2f330
-  Description: ''
-  Company: ''
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  Product: ''
-  ProductVersion: ''
-  Copyright: ''
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - MmMapIoSpace
-  - __C_specific_handler
-  - ZwClose
-  - ZwUnmapViewOfSection
-  - MmUnmapIoSpace
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - RtlInitUnicodeString
-  - IoDeleteSymbolicLink
-  - IofCompleteRequest
-  - IoDeleteDevice
-  - HalTranslateBusAddress
-  - HalGetBusDataByOffset
-  - HalSetBusDataByOffset
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Timestamping CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2028-01-28 12:00:00'
-      Signature: 4e5e56901e46b4d94931f3bb1739281bc216ddfd41dc0905049b6fb2a29ad6992e40990055b5ea3fa52076d38634d417cc553ac782eeefa8babcd8069f1550dfcd167b523a02d7191afdaff0785ce04bc518df3a241edaacb8a95804020730dbb0125efe31bef00448f4f070f83a5e5683cf3dfb0dbcf4c5ed979db9d4dba52784e3389b8ba735864420a43b6da46a0ba183fd28ebdaef28f6cc885dfb0a3b00abe021ebe22f356c0f8e344597eba2f79933357ecb9a8abb454de73f9fc2d98afa65b26ec77e65ffe892e12c31a2f7b02736488f266f3bee4d761f79c3e57f9635bc2d0ecc01b08e7fff518080a792d4b34446648c874f166307314b63b0dff3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee152d7
-      Version: 3
-      TBS:
-        MD5: e140543fe3256027cfa79fc3c19c1776
-        SHA1: c655f94eb1ecc93de319fc0c9a2dc6c5ec063728
-        SHA256: 3ca71e85908ff67368e4dc00253f5691b9e6d50c966e7784143d75fb92aa3448
-        SHA384: d9d366f9328f2b55ee19a32cc5fd5148b81d764282fe5dc196c872ae249caa51d2c212ef39f33945dfe0cda81925e326
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=SG, O=GMO GlobalSign Pte Ltd, CN=GlobalSign TSA for MS Authenticode
-        , G2
-      ValidFrom: '2016-05-24 00:00:00'
-      ValidTo: '2027-06-24 00:00:00'
-      Signature: 8fa91a916d04a637200e8396de23d36b6e1f6edd643d682122b5f84736698ee1a545c724a222b72909cc545aaec6bccd638eb33d5048e5b4ccaecd928d9e288b134a11aabda3efd3b236fcb4a172bf6d9763798c44bc702f7ef3bcdd8253ab1af6ebfa1c97bcb6379ca41c30bcabbc2d4736df922003e871c658f675059a34f00b595a824434aa80e42f84f6475d96c9b6caca9db7a6bae450d3d437b8ba200ed0d3922a5bc459bba16ddb3cce449dc1382aade38dbdcd09771a10be670a02366488b9b31b26eee79e60c446a8bc61336ccf4eb99cb96af09f37feb53d4f9ad34dffde208e4e97a6fd9f09bc4dca1876c9b04d8550f280d21d06f5580407b118
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1121d699a764973ef1f8427ee919cc534114
-      Version: 3
-      TBS:
-        MD5: acb5170547d76873f1e4ff18ed5de2eb
-        SHA1: bd6e261e75b807381bada7287de04d259258a5fa
-        SHA256: 4783380498acf592286ef2dea0fcc5bdea3f54d5e374d3e3497df9d5f662cfb6
-        SHA384: 4f428f115cf3d008248f15f32007fc7c54bd454e1b48b765776b4c87c23ab8818d8fbcbb3646d35eca012b025260a3b8
-    - Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL CO.,
-        LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL CO.,
-        LTD.
-      ValidFrom: '2014-06-03 09:16:15'
-      ValidTo: '2017-09-03 09:16:15'
-      Signature: 8c35a5b5d3503f50119ab8f99b07a4bb4b71cafaf983206f744545c2997ae1762032fa2d37f4780cfe83bfa999d7bcbd863dc4a51ff39978160e2e191482ae6d7f08e8ffa337c96d8c2d38ddf476a497265a890c1bbf0dee89b1abd32343889a3757732d205ba06525fa8f6e15005405a53e55cef71ac0b6af3a640e4c8aef5e950ab8a8b5c8bcddb2ade96ad9473a3d860ae16fdbe3362cabfd916da089167d906d378dbf4534f7ffb77d87baba29f8f5bbbd9b4b7c127ac170a270dc7a7272d38fdf3bbadbfb448d47e5dd4d310a588666a0d66762e1b3704b1e00e39739190c02f4b981cf2d27ba07d2472ec320edf29e263f26278995d162102968c999b3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112158044863e4dc19cf29a85668b7f45842
-      Version: 3
-      TBS:
-        MD5: 403bb44a62aed1a94bd5df05b3292482
-        SHA1: e4a0353e75940ab1e8cbff2f433f186c7f0b0f09
-        SHA256: 5b81998ed98b343c04134c336e03f3051779eae0e9f882e8339593d18556375d
-        SHA384: db0076cad41a0ef4ea68754ef6905bd5ff772adcb745b05c0060344e43588abc95952dc3ad272f5a8f17b206e4089aca
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112158044863e4dc19cf29a85668b7f45842
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  RichPEHeaderHash:
-    MD5: ebe2ae976914018e88e9fc480e7b6269
-    SHA1: 960715bfbccb53b6c4eccca3b232b25640e15b52
-    SHA256: d755e9f3cb861f5227319238f1811265e332e36a922b9a25da38b122a791fdfa
-  Sections:
-    .text:
-      Entropy: 5.9488831741487855
-      Virtual Size: '0xb64'
-    .rdata:
-      Entropy: 3.0845170472775276
-      Virtual Size: '0x12c'
-    .data:
-      Entropy: 2.4884950805464947
-      Virtual Size: '0x58'
-    .pdata:
-      Entropy: 3.0964706270496722
-      Virtual Size: '0x60'
-    INIT:
-      Entropy: 4.528890116790764
-      Virtual Size: '0x258'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2016-09-30 06:03:17'
-  Imphash: 7363079b9aae7d58bd33c691a613c83c
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: RTCore64.sys
-  MD5: 0fc2653b1c45f08ca0abd1eb7772e3c0
-  SHA1: 94144619920bd086028bb5647b1649a35438028c
-  SHA256: df0cc4e5c9802f8edaefeb130e375cad56b2c5490d8ebd77d8dbdcc6fdc7ecb6
-  Authentihash:
-    MD5: 55466195f0b2f4afc4243b43a806e6d9
-    SHA1: 38b353d8480885de5dcf299deca99ce4f26a1d20
-    SHA256: 5182caf10de9cec0740ecde5a081c21cdc100d7eb328ffe6f3f63183889fec6b
-  Description: ''
-  Company: ''
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  Product: ''
-  ProductVersion: ''
-  Copyright: ''
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - RtlInitUnicodeString
-  - ZwClose
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - MmMapIoSpace
-  - IoDeleteSymbolicLink
-  - IofCompleteRequest
-  - ZwUnmapViewOfSection
-  - MmUnmapIoSpace
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - __C_specific_handler
-  - IoDeleteDevice
-  - HalTranslateBusAddress
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: OU=Timestamping CA, O=GlobalSign, CN=GlobalSign Timestamping CA
-      ValidFrom: '2009-03-18 11:00:00'
-      ValidTo: '2028-01-28 12:00:00'
-      Signature: 5df6cb2b0d0140849f857a43706ae0c5e7aa0600d76713c9089131654f14a8a905dc389e6aa0300abd8dc78028ee4245ca94f3de5845a9803204f5595c6a70003927944df5b44634e81c5331b2b35416e9cc42abd5d959301cfb462725b88723b1e8758824831ec876377b01494548a4ede25dd27c9ca2dc2dba105a126265abae00c710343bcb72bd14240cdcc37627b4a7fee15829f20e169f91391d89a6e60f1c878ce258ac927e243eaaec14e73a33348bc63bac83ab0f14627aba1a2d4d4b1bc530f00b92797d3c78e0f8e6d215965999392b3061e8b8f8c0a1e9221411787dc4dc89bec0bb94e172aeebb540404fef171e585ed0a88996ac9228e9babf
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012019c19066
-      Version: 3
-      TBS:
-        MD5: 42023b9487cafe46c1b6a49c369a362e
-        SHA1: 7c7b524d269334b9f073c32e888e09544c6acd98
-        SHA256: b7126567833f3daa4085ff41e73112daad3d1e3808a942c1936520e2d6c46c78
-        SHA384: 0ee4f63d6f157ec4f6990c3ebb411ccd76cb1e2123c7f692459e43f96c0da2dbf60a2bce6afeacc60621d3055028baea
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=BE, O=GlobalSign NV, CN=GlobalSign Time Stamping Authority
-      ValidFrom: '2009-12-21 09:32:56'
-      ValidTo: '2020-12-22 09:32:56'
-      Signature: bc89ecfee63655935c79d4117a86808f17b693b26d9b91a1561811c655eaf608edad9b9ef52b81c8bbdd607b1b47991e6d403e1d80c213d58e04052fdbe7ae529e688472a1e54a603cf89bd52f46d8c3b2b79353ac9b6c432424d1f1fce9562e3411581843eaefff34746ca0c06c7fad031969881e9560cabbbd0cbb76efc724b081c63831cf36ad0c38b89020849b2e8f28b99ff6ca9427cdac396157e0e3955a9c769230f5dea6973d721c2a6032a8334d8635338a5cf3a4fdf7062ce16b4b30f5cbd34362f841b9de7d20cb058c8e2cf65f35fd338d42896508362ca389f45a858bb0b97bdb6ccba1f8d20e1bbb977cd12779be9d7c3be6a75634d8c991a9
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 01000000000125b0b4cc01
-      Version: 3
-      TBS:
-        MD5: e3369c8e5aec0504b3a50455f615d9f9
-        SHA1: 13c244a894b40ecd18aaf97c362f20385bd005a7
-        SHA256: 26da721a670c72836926032fee6920118bfb9bff89cc8d0ce30d9452c33f2532
-        SHA384: 1524902f0e25addc6d74039d439366d2b06199e215004fd8e145369f50ea94a021ce6312e8a62b35470da0309ccb975c
-    - Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL CO.,
-        LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL CO.,
-        LTD.
-      ValidFrom: '2011-08-30 06:46:09'
-      ValidTo: '2014-08-30 06:46:09'
-      Signature: 87bf57ab7ffd7e005076b34b14ddd924045ec7e389871661794f1ece1bef10e050893b28236cb650af1415f8cd95e86c2052d93311d73e0bbe6fb1c22ddea438a93c8b18bd4b8c0f81ad07032efb46d406bbaa730dd3ac92cbf0d9cc711a397a0e0320b213a5161e6be83ec69967a712b463129ea56d5a8ecd3ff8901be09dfaa0a0f10e879b307863e1b1c3a3149ac73bc3f3160db7012229b57bced6d47b875878663642a8cddd03da1e7f236b8cf16713a5e0f4c892aaca77a8c7dab41d84567e2bbf09b336a2824e0e18d54d199e6e024d2630bb210cd24a9ef4b377be0429e2ecc9bf8478a8c6a78c686e26f29c95925baee85e4bbb97b6eecffe44a25e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
-      Version: 3
-      TBS:
-        MD5: 3a98a18e8636f2a01e49e2a6d116c360
-        SHA1: a2938150e46525adcec2e3a2348824bc1cf532b2
-        SHA256: 01a2e2d31d0a4f3005753cce5972b5da2a7c08b0750fb6947e0fd231e64ae7ec
-        SHA384: 722398e51e6b5bbe064df372be6b6a9ccfcc9719ad775213cae46920e0a3e6c5a4dc8b912de3148abfc60ff4a59050ea
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 59080883b71fd56bbf10ec0ae4b6bdd4
-    SHA1: 503a36a225568553cc9b05f63b3506c6ff21e12e
-    SHA256: bc812d4ddc3ecfbf38c4d0d185e368fc58bac6e07f722db032bf6303daa7c946
-  Sections:
-    .text:
-      Entropy: 5.866767422382319
-      Virtual Size: '0x8b4'
-    .rdata:
-      Entropy: 3.095201756852517
-      Virtual Size: '0x110'
-    .data:
-      Entropy: 2.4884950805464947
-      Virtual Size: '0x58'
-    .pdata:
-      Entropy: 3.045843351790575
-      Virtual Size: '0x54'
-    INIT:
-      Entropy: 4.468159720315432
-      Virtual Size: '0x218'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2011-09-06 06:24:50'
-  Imphash: 690a0fb27a0c47c785d6bbbfc2e56501
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: RTCore64.sys
-  MD5: d424f369f7e010249619f0ecbe5f3805
-  SHA1: 5e4b93591f905854fb870011464291c3508aff44
-  SHA256: e2d8dd5dacc24051709f55a35184f5f99aef957a83bd358b0608b4479e1ec24f
-  Authentihash:
-    MD5: 55466195f0b2f4afc4243b43a806e6d9
-    SHA1: 38b353d8480885de5dcf299deca99ce4f26a1d20
-    SHA256: 5182caf10de9cec0740ecde5a081c21cdc100d7eb328ffe6f3f63183889fec6b
-  Description: ''
-  Company: ''
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  Product: ''
-  ProductVersion: ''
-  Copyright: ''
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - RtlInitUnicodeString
-  - ZwClose
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - MmMapIoSpace
-  - IoDeleteSymbolicLink
-  - IofCompleteRequest
-  - ZwUnmapViewOfSection
-  - MmUnmapIoSpace
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - __C_specific_handler
-  - IoDeleteDevice
-  - HalTranslateBusAddress
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: OU=Timestamping CA, O=GlobalSign, CN=GlobalSign Timestamping CA
-      ValidFrom: '2009-03-18 11:00:00'
-      ValidTo: '2028-01-28 12:00:00'
-      Signature: 5df6cb2b0d0140849f857a43706ae0c5e7aa0600d76713c9089131654f14a8a905dc389e6aa0300abd8dc78028ee4245ca94f3de5845a9803204f5595c6a70003927944df5b44634e81c5331b2b35416e9cc42abd5d959301cfb462725b88723b1e8758824831ec876377b01494548a4ede25dd27c9ca2dc2dba105a126265abae00c710343bcb72bd14240cdcc37627b4a7fee15829f20e169f91391d89a6e60f1c878ce258ac927e243eaaec14e73a33348bc63bac83ab0f14627aba1a2d4d4b1bc530f00b92797d3c78e0f8e6d215965999392b3061e8b8f8c0a1e9221411787dc4dc89bec0bb94e172aeebb540404fef171e585ed0a88996ac9228e9babf
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012019c19066
-      Version: 3
-      TBS:
-        MD5: 42023b9487cafe46c1b6a49c369a362e
-        SHA1: 7c7b524d269334b9f073c32e888e09544c6acd98
-        SHA256: b7126567833f3daa4085ff41e73112daad3d1e3808a942c1936520e2d6c46c78
-        SHA384: 0ee4f63d6f157ec4f6990c3ebb411ccd76cb1e2123c7f692459e43f96c0da2dbf60a2bce6afeacc60621d3055028baea
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=BE, O=GlobalSign NV, CN=GlobalSign Time Stamping Authority
-      ValidFrom: '2009-12-21 09:32:56'
-      ValidTo: '2020-12-22 09:32:56'
-      Signature: bc89ecfee63655935c79d4117a86808f17b693b26d9b91a1561811c655eaf608edad9b9ef52b81c8bbdd607b1b47991e6d403e1d80c213d58e04052fdbe7ae529e688472a1e54a603cf89bd52f46d8c3b2b79353ac9b6c432424d1f1fce9562e3411581843eaefff34746ca0c06c7fad031969881e9560cabbbd0cbb76efc724b081c63831cf36ad0c38b89020849b2e8f28b99ff6ca9427cdac396157e0e3955a9c769230f5dea6973d721c2a6032a8334d8635338a5cf3a4fdf7062ce16b4b30f5cbd34362f841b9de7d20cb058c8e2cf65f35fd338d42896508362ca389f45a858bb0b97bdb6ccba1f8d20e1bbb977cd12779be9d7c3be6a75634d8c991a9
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 01000000000125b0b4cc01
-      Version: 3
-      TBS:
-        MD5: e3369c8e5aec0504b3a50455f615d9f9
-        SHA1: 13c244a894b40ecd18aaf97c362f20385bd005a7
-        SHA256: 26da721a670c72836926032fee6920118bfb9bff89cc8d0ce30d9452c33f2532
-        SHA384: 1524902f0e25addc6d74039d439366d2b06199e215004fd8e145369f50ea94a021ce6312e8a62b35470da0309ccb975c
-    - Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL CO.,
-        LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL CO.,
-        LTD.
-      ValidFrom: '2011-08-30 06:46:09'
-      ValidTo: '2014-08-30 06:46:09'
-      Signature: 87bf57ab7ffd7e005076b34b14ddd924045ec7e389871661794f1ece1bef10e050893b28236cb650af1415f8cd95e86c2052d93311d73e0bbe6fb1c22ddea438a93c8b18bd4b8c0f81ad07032efb46d406bbaa730dd3ac92cbf0d9cc711a397a0e0320b213a5161e6be83ec69967a712b463129ea56d5a8ecd3ff8901be09dfaa0a0f10e879b307863e1b1c3a3149ac73bc3f3160db7012229b57bced6d47b875878663642a8cddd03da1e7f236b8cf16713a5e0f4c892aaca77a8c7dab41d84567e2bbf09b336a2824e0e18d54d199e6e024d2630bb210cd24a9ef4b377be0429e2ecc9bf8478a8c6a78c686e26f29c95925baee85e4bbb97b6eecffe44a25e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
-      Version: 3
-      TBS:
-        MD5: 3a98a18e8636f2a01e49e2a6d116c360
-        SHA1: a2938150e46525adcec2e3a2348824bc1cf532b2
-        SHA256: 01a2e2d31d0a4f3005753cce5972b5da2a7c08b0750fb6947e0fd231e64ae7ec
-        SHA384: 722398e51e6b5bbe064df372be6b6a9ccfcc9719ad775213cae46920e0a3e6c5a4dc8b912de3148abfc60ff4a59050ea
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 59080883b71fd56bbf10ec0ae4b6bdd4
-    SHA1: 503a36a225568553cc9b05f63b3506c6ff21e12e
-    SHA256: bc812d4ddc3ecfbf38c4d0d185e368fc58bac6e07f722db032bf6303daa7c946
-  Sections:
-    .text:
-      Entropy: 5.866767422382319
-      Virtual Size: '0x8b4'
-    .rdata:
-      Entropy: 3.095201756852517
-      Virtual Size: '0x110'
-    .data:
-      Entropy: 2.4884950805464947
-      Virtual Size: '0x58'
-    .pdata:
-      Entropy: 3.045843351790575
-      Virtual Size: '0x54'
-    INIT:
-      Entropy: 4.468159720315432
-      Virtual Size: '0x218'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2011-09-06 06:24:50'
-  Imphash: 690a0fb27a0c47c785d6bbbfc2e56501
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: RTCore64.sys
-  MD5: 9d884ecd3b6c3f2509851ea15ffefbef
-  SHA1: e11f48631c6e0277e21a8bdf9be513651305f0d5
-  SHA256: e50b25d94c1771937b2f632e10eea875ac6b19c57da703d52e23ad2b6299f0ae
-  Authentihash:
-    MD5: 55466195f0b2f4afc4243b43a806e6d9
-    SHA1: 38b353d8480885de5dcf299deca99ce4f26a1d20
-    SHA256: 5182caf10de9cec0740ecde5a081c21cdc100d7eb328ffe6f3f63183889fec6b
-  Description: ''
-  Company: ''
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  Product: ''
-  ProductVersion: ''
-  Copyright: ''
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - RtlInitUnicodeString
-  - ZwClose
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - MmMapIoSpace
-  - IoDeleteSymbolicLink
-  - IofCompleteRequest
-  - ZwUnmapViewOfSection
-  - MmUnmapIoSpace
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - __C_specific_handler
-  - IoDeleteDevice
-  - HalTranslateBusAddress
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: OU=Timestamping CA, O=GlobalSign, CN=GlobalSign Timestamping CA
-      ValidFrom: '2009-03-18 11:00:00'
-      ValidTo: '2028-01-28 12:00:00'
-      Signature: 5df6cb2b0d0140849f857a43706ae0c5e7aa0600d76713c9089131654f14a8a905dc389e6aa0300abd8dc78028ee4245ca94f3de5845a9803204f5595c6a70003927944df5b44634e81c5331b2b35416e9cc42abd5d959301cfb462725b88723b1e8758824831ec876377b01494548a4ede25dd27c9ca2dc2dba105a126265abae00c710343bcb72bd14240cdcc37627b4a7fee15829f20e169f91391d89a6e60f1c878ce258ac927e243eaaec14e73a33348bc63bac83ab0f14627aba1a2d4d4b1bc530f00b92797d3c78e0f8e6d215965999392b3061e8b8f8c0a1e9221411787dc4dc89bec0bb94e172aeebb540404fef171e585ed0a88996ac9228e9babf
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012019c19066
-      Version: 3
-      TBS:
-        MD5: 42023b9487cafe46c1b6a49c369a362e
-        SHA1: 7c7b524d269334b9f073c32e888e09544c6acd98
-        SHA256: b7126567833f3daa4085ff41e73112daad3d1e3808a942c1936520e2d6c46c78
-        SHA384: 0ee4f63d6f157ec4f6990c3ebb411ccd76cb1e2123c7f692459e43f96c0da2dbf60a2bce6afeacc60621d3055028baea
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=BE, O=GlobalSign NV, CN=GlobalSign Time Stamping Authority
-      ValidFrom: '2009-12-21 09:32:56'
-      ValidTo: '2020-12-22 09:32:56'
-      Signature: bc89ecfee63655935c79d4117a86808f17b693b26d9b91a1561811c655eaf608edad9b9ef52b81c8bbdd607b1b47991e6d403e1d80c213d58e04052fdbe7ae529e688472a1e54a603cf89bd52f46d8c3b2b79353ac9b6c432424d1f1fce9562e3411581843eaefff34746ca0c06c7fad031969881e9560cabbbd0cbb76efc724b081c63831cf36ad0c38b89020849b2e8f28b99ff6ca9427cdac396157e0e3955a9c769230f5dea6973d721c2a6032a8334d8635338a5cf3a4fdf7062ce16b4b30f5cbd34362f841b9de7d20cb058c8e2cf65f35fd338d42896508362ca389f45a858bb0b97bdb6ccba1f8d20e1bbb977cd12779be9d7c3be6a75634d8c991a9
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 01000000000125b0b4cc01
-      Version: 3
-      TBS:
-        MD5: e3369c8e5aec0504b3a50455f615d9f9
-        SHA1: 13c244a894b40ecd18aaf97c362f20385bd005a7
-        SHA256: 26da721a670c72836926032fee6920118bfb9bff89cc8d0ce30d9452c33f2532
-        SHA384: 1524902f0e25addc6d74039d439366d2b06199e215004fd8e145369f50ea94a021ce6312e8a62b35470da0309ccb975c
-    - Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL CO.,
-        LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL CO.,
-        LTD.
-      ValidFrom: '2011-08-30 06:46:09'
-      ValidTo: '2014-08-30 06:46:09'
-      Signature: 87bf57ab7ffd7e005076b34b14ddd924045ec7e389871661794f1ece1bef10e050893b28236cb650af1415f8cd95e86c2052d93311d73e0bbe6fb1c22ddea438a93c8b18bd4b8c0f81ad07032efb46d406bbaa730dd3ac92cbf0d9cc711a397a0e0320b213a5161e6be83ec69967a712b463129ea56d5a8ecd3ff8901be09dfaa0a0f10e879b307863e1b1c3a3149ac73bc3f3160db7012229b57bced6d47b875878663642a8cddd03da1e7f236b8cf16713a5e0f4c892aaca77a8c7dab41d84567e2bbf09b336a2824e0e18d54d199e6e024d2630bb210cd24a9ef4b377be0429e2ecc9bf8478a8c6a78c686e26f29c95925baee85e4bbb97b6eecffe44a25e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
-      Version: 3
-      TBS:
-        MD5: 3a98a18e8636f2a01e49e2a6d116c360
-        SHA1: a2938150e46525adcec2e3a2348824bc1cf532b2
-        SHA256: 01a2e2d31d0a4f3005753cce5972b5da2a7c08b0750fb6947e0fd231e64ae7ec
-        SHA384: 722398e51e6b5bbe064df372be6b6a9ccfcc9719ad775213cae46920e0a3e6c5a4dc8b912de3148abfc60ff4a59050ea
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 59080883b71fd56bbf10ec0ae4b6bdd4
-    SHA1: 503a36a225568553cc9b05f63b3506c6ff21e12e
-    SHA256: bc812d4ddc3ecfbf38c4d0d185e368fc58bac6e07f722db032bf6303daa7c946
-  Sections:
-    .text:
-      Entropy: 5.866767422382319
-      Virtual Size: '0x8b4'
-    .rdata:
-      Entropy: 3.095201756852517
-      Virtual Size: '0x110'
-    .data:
-      Entropy: 2.4884950805464947
-      Virtual Size: '0x58'
-    .pdata:
-      Entropy: 3.045843351790575
-      Virtual Size: '0x54'
-    INIT:
-      Entropy: 4.468159720315432
-      Virtual Size: '0x218'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2011-09-06 06:24:50'
-  Imphash: 690a0fb27a0c47c785d6bbbfc2e56501
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: rtcore64.sys
-  MD5: 5b1e1a9dade81f1e80fdc0a2d3f9006e
-  SHA1: 9b8c7eda28bfad07ffe5f84a892299bc7e118442
-  SHA256: f37d609ea1f06660d970415dd3916c4c153bb5940bf7d2beb47fa34e8a8ffbfc
-  Authentihash:
-    MD5: a17d227444e090ff69e24fcb6d43162b
-    SHA1: 43d3a3c1f7b14cfcc051cae2534dbbbb4c7fc120
-    SHA256: b8eb26b6f79020ae988e4fb752dc06e1b6779749bf4f8df2872fc2b92bab8020
-  Description: ''
-  Company: ''
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  Product: ''
-  ProductVersion: ''
-  Copyright: ''
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - RtlInitUnicodeString
-  - ZwClose
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - IoDeleteSymbolicLink
-  - IofCompleteRequest
-  - MmIsAddressValid
-  - ZwUnmapViewOfSection
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - __C_specific_handler
-  - IoDeleteDevice
-  - HalTranslateBusAddress
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: OU=Timestamping CA, O=GlobalSign, CN=GlobalSign Timestamping CA
-      ValidFrom: '2009-03-18 11:00:00'
-      ValidTo: '2028-01-28 12:00:00'
-      Signature: 5df6cb2b0d0140849f857a43706ae0c5e7aa0600d76713c9089131654f14a8a905dc389e6aa0300abd8dc78028ee4245ca94f3de5845a9803204f5595c6a70003927944df5b44634e81c5331b2b35416e9cc42abd5d959301cfb462725b88723b1e8758824831ec876377b01494548a4ede25dd27c9ca2dc2dba105a126265abae00c710343bcb72bd14240cdcc37627b4a7fee15829f20e169f91391d89a6e60f1c878ce258ac927e243eaaec14e73a33348bc63bac83ab0f14627aba1a2d4d4b1bc530f00b92797d3c78e0f8e6d215965999392b3061e8b8f8c0a1e9221411787dc4dc89bec0bb94e172aeebb540404fef171e585ed0a88996ac9228e9babf
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012019c19066
-      Version: 3
-      TBS:
-        MD5: 42023b9487cafe46c1b6a49c369a362e
-        SHA1: 7c7b524d269334b9f073c32e888e09544c6acd98
-        SHA256: b7126567833f3daa4085ff41e73112daad3d1e3808a942c1936520e2d6c46c78
-        SHA384: 0ee4f63d6f157ec4f6990c3ebb411ccd76cb1e2123c7f692459e43f96c0da2dbf60a2bce6afeacc60621d3055028baea
-    - Subject: C=BE, O=GlobalSign NV, CN=GlobalSign Time Stamping Authority
-      ValidFrom: '2009-12-21 09:32:56'
-      ValidTo: '2020-12-22 09:32:56'
-      Signature: bc89ecfee63655935c79d4117a86808f17b693b26d9b91a1561811c655eaf608edad9b9ef52b81c8bbdd607b1b47991e6d403e1d80c213d58e04052fdbe7ae529e688472a1e54a603cf89bd52f46d8c3b2b79353ac9b6c432424d1f1fce9562e3411581843eaefff34746ca0c06c7fad031969881e9560cabbbd0cbb76efc724b081c63831cf36ad0c38b89020849b2e8f28b99ff6ca9427cdac396157e0e3955a9c769230f5dea6973d721c2a6032a8334d8635338a5cf3a4fdf7062ce16b4b30f5cbd34362f841b9de7d20cb058c8e2cf65f35fd338d42896508362ca389f45a858bb0b97bdb6ccba1f8d20e1bbb977cd12779be9d7c3be6a75634d8c991a9
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 01000000000125b0b4cc01
-      Version: 3
-      TBS:
-        MD5: e3369c8e5aec0504b3a50455f615d9f9
-        SHA1: 13c244a894b40ecd18aaf97c362f20385bd005a7
-        SHA256: 26da721a670c72836926032fee6920118bfb9bff89cc8d0ce30d9452c33f2532
-        SHA384: 1524902f0e25addc6d74039d439366d2b06199e215004fd8e145369f50ea94a021ce6312e8a62b35470da0309ccb975c
-    - Subject: C=US, ST=California, L=Brea, O=EVGA, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=EVGA
-      ValidFrom: '2010-04-14 00:00:00'
-      ValidTo: '2012-04-15 23:59:59'
-      Signature: ba96817224593697c9135d803c5fc87767f2a7ed8fa0aa18eab4030a3daed18c55fb7eda8835d0488d18136c0db39d8edf3224790842cdf8580b35324631de717e9279d28d605285615341aeea10a73005d59cbe3138bebfa5003cbcf2971249423d820d6d252a18bf4dd124a1ac0c2f66015cbb23690e1b0fb9d5ce3f047663f1fb6735e54f09cfb6162da298bdc956490586cfdadee74a5766c187223e19112d22f59c7f3f325449afebc42689ec4c9399bd0d97397c37230804a4e5bc17e904008aa9c5972e2332302e57648006d057c9ed8c6384fb42d138971c86079b155c202733b837b3eef122c866ce3e6d8a8d9f1685e618cc2466d623d212b73df6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 79c32d7ddd2458cf2eabe5b1b5c5290f
-      Version: 3
-      TBS:
-        MD5: 5ba772ec00357ae706016510775c7a00
-        SHA1: eeb31b244ea14abae1e947ecdca0d6ae4720031b
-        SHA256: c8e707c2615c26ac78ed06b42dd20bc8ff82bc5e02ddafe2c9af85755097691b
-        SHA384: a1d6af64a5eb3841d632438119fc954354caf3ccea61b69003a7fc9da166a9c653dc0359be2ae2463bffb7b53b0911ac
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 79c32d7ddd2458cf2eabe5b1b5c5290f
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: deb9c1e252f598099d70d2b33a313da3
-    SHA1: f0c2801e0091ed6f5e10ea7045e911aa90030290
-    SHA256: 914fb9761d50c3fa2ecf9fbd8af3735f9b8d6c4903e067c8af9546e79b6f22c7
-  Sections:
-    .text:
-      Entropy: 5.7214393917162045
-      Virtual Size: '0xc74'
-    .rdata:
-      Entropy: 3.4063014058939425
-      Virtual Size: '0x130'
-    .data:
-      Entropy: 2.4884950805464947
-      Virtual Size: '0x58'
-    .pdata:
-      Entropy: 3.1879942043708462
-      Virtual Size: '0x60'
-    INIT:
-      Entropy: 4.4494366822955245
-      Virtual Size: '0x202'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2005-05-25 00:39:12'
-  Imphash: 543f80399f79401471523d335ea61642
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: RTCore64.sys
-  MD5: 24061b0958874c1cb2a5a8e9d25482d4
-  SHA1: 282fca60f0c37eb6d76400bca24567945e43c6d8
-  SHA256: f84f8173242b95f9f3c4fea99b5555b33f9ce37ca8188b643871d261cb081496
-  Authentihash:
-    MD5: cfe667280acf69d4b5d0e2dbc76510e4
-    SHA1: b3249bacda6e43aa2c46c2af802c9ee0b7e2fd7b
-    SHA256: 3c9829a16eb85272b0e1a2917feffaab8ddb23e633b168b389669339a0cee0b5
-  Description: ''
-  Company: ''
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  Product: ''
-  ProductVersion: ''
-  Copyright: ''
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - MmMapIoSpace
-  - __C_specific_handler
-  - ZwClose
-  - ZwUnmapViewOfSection
-  - MmUnmapIoSpace
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - RtlInitUnicodeString
-  - IoDeleteSymbolicLink
-  - IofCompleteRequest
-  - IoDeleteDevice
-  - HalSetBusDataByOffset
-  - HalTranslateBusAddress
-  - HalGetBusDataByOffset
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Timestamping CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2028-01-28 12:00:00'
-      Signature: 4e5e56901e46b4d94931f3bb1739281bc216ddfd41dc0905049b6fb2a29ad6992e40990055b5ea3fa52076d38634d417cc553ac782eeefa8babcd8069f1550dfcd167b523a02d7191afdaff0785ce04bc518df3a241edaacb8a95804020730dbb0125efe31bef00448f4f070f83a5e5683cf3dfb0dbcf4c5ed979db9d4dba52784e3389b8ba735864420a43b6da46a0ba183fd28ebdaef28f6cc885dfb0a3b00abe021ebe22f356c0f8e344597eba2f79933357ecb9a8abb454de73f9fc2d98afa65b26ec77e65ffe892e12c31a2f7b02736488f266f3bee4d761f79c3e57f9635bc2d0ecc01b08e7fff518080a792d4b34446648c874f166307314b63b0dff3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee152d7
-      Version: 3
-      TBS:
-        MD5: e140543fe3256027cfa79fc3c19c1776
-        SHA1: c655f94eb1ecc93de319fc0c9a2dc6c5ec063728
-        SHA256: 3ca71e85908ff67368e4dc00253f5691b9e6d50c966e7784143d75fb92aa3448
-        SHA384: d9d366f9328f2b55ee19a32cc5fd5148b81d764282fe5dc196c872ae249caa51d2c212ef39f33945dfe0cda81925e326
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=SG, O=GMO GlobalSign Pte Ltd, CN=GlobalSign TSA for MS Authenticode
-        , G2
-      ValidFrom: '2015-02-03 00:00:00'
-      ValidTo: '2026-03-03 00:00:00'
-      Signature: 8032dc078d1ca09c9d3c2ae83d218b59a14d7ecc44ce03be7eaabcc4e67b73bb4bf188da904e7537283863b9d72b0f54a956ce7739973073cd9bd9d905451c8da4b8035d4fd91c2e98e0e988e6ecd7057e562a7bf7165ba3ad8f972512841bb25c634a0ad2ef10544782843569289c0ce41f141624fa75dc74726e4ecae36a43afcf7d3648d1bde906912c2fa6c871fdcfbdd89d2198fcafdbde228cafa7f377ef9ddca3704b441af078851ef2a58c39b5dc881c37edad14f5070b26bdbe6d025eb1b8b0586c853a0df6ff5a270cc5de53e7543c564cc94e4c30f6f25cfb1a8cc282bead5991f61b4d557bcf5b01dcfd7ad36f235c32479b01f3c15114468a9b
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112106a081d33fd87ae5824cc16b52094e03
-      Version: 3
-      TBS:
-        MD5: a0ac4d48fe852f7b3ed4e623d59a825f
-        SHA1: d4db9846bc4d7db142eeb364286f6de7c102420c
-        SHA256: 78d2e41a13eb4e9171bae2d2adb192cf39210b5231f77cda936bcfbe8c003bdf
-        SHA384: 990ed96dca5979deeedc98a012279f04efb5559d7e7f5084a12f3802ee9439326557aecefd081cff739b78515b5d7f50
-    - Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL CO.,
-        LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL CO.,
-        LTD.
-      ValidFrom: '2014-06-03 09:16:15'
-      ValidTo: '2017-09-03 09:16:15'
-      Signature: 8c35a5b5d3503f50119ab8f99b07a4bb4b71cafaf983206f744545c2997ae1762032fa2d37f4780cfe83bfa999d7bcbd863dc4a51ff39978160e2e191482ae6d7f08e8ffa337c96d8c2d38ddf476a497265a890c1bbf0dee89b1abd32343889a3757732d205ba06525fa8f6e15005405a53e55cef71ac0b6af3a640e4c8aef5e950ab8a8b5c8bcddb2ade96ad9473a3d860ae16fdbe3362cabfd916da089167d906d378dbf4534f7ffb77d87baba29f8f5bbbd9b4b7c127ac170a270dc7a7272d38fdf3bbadbfb448d47e5dd4d310a588666a0d66762e1b3704b1e00e39739190c02f4b981cf2d27ba07d2472ec320edf29e263f26278995d162102968c999b3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112158044863e4dc19cf29a85668b7f45842
-      Version: 3
-      TBS:
-        MD5: 403bb44a62aed1a94bd5df05b3292482
-        SHA1: e4a0353e75940ab1e8cbff2f433f186c7f0b0f09
-        SHA256: 5b81998ed98b343c04134c336e03f3051779eae0e9f882e8339593d18556375d
-        SHA384: db0076cad41a0ef4ea68754ef6905bd5ff772adcb745b05c0060344e43588abc95952dc3ad272f5a8f17b206e4089aca
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112158044863e4dc19cf29a85668b7f45842
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  RichPEHeaderHash:
-    MD5: ebe2ae976914018e88e9fc480e7b6269
-    SHA1: 960715bfbccb53b6c4eccca3b232b25640e15b52
-    SHA256: d755e9f3cb861f5227319238f1811265e332e36a922b9a25da38b122a791fdfa
-  Sections:
-    .text:
-      Entropy: 5.874422277751402
-      Virtual Size: '0x9b4'
-    .rdata:
-      Entropy: 3.0356607252090053
-      Virtual Size: '0x120'
-    .data:
-      Entropy: 2.4884950805464947
-      Virtual Size: '0x58'
-    .pdata:
-      Entropy: 2.979061917571089
-      Virtual Size: '0x54'
-    INIT:
-      Entropy: 4.523481595961036
-      Virtual Size: '0x258'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2015-04-24 01:01:47'
-  Imphash: cde9174249f04dad0f79890c976c0792
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: RTCore64.sys
-  MD5: 70196d88c03f2ea557281b24dad85de5
-  SHA1: 55015f64783ddd148674a74d8137bcd6ccd6231d
-  SHA256: f9895458e73d4b0ef01eda347fb695bb00e6598d9f5e2506161b70ad96bb7298
-  Authentihash:
-    MD5: 538e5e595c61d2ea8defb7b047784734
-    SHA1: 4a68c2d7a4c471e062a32c83a36eedb45a619683
-    SHA256: 478c36f8af7844a80e24c1822507beef6314519185717ec7ae224a0e04b2f330
-  Description: ''
-  Company: ''
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  Product: ''
-  ProductVersion: ''
-  Copyright: ''
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - MmMapIoSpace
-  - __C_specific_handler
-  - ZwClose
-  - ZwUnmapViewOfSection
-  - MmUnmapIoSpace
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - RtlInitUnicodeString
-  - IoDeleteSymbolicLink
-  - IofCompleteRequest
-  - IoDeleteDevice
-  - HalTranslateBusAddress
-  - HalGetBusDataByOffset
-  - HalSetBusDataByOffset
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA
-        Certificate Services
-      ValidFrom: '2004-01-01 00:00:00'
-      ValidTo: '2028-12-31 23:59:59'
-      Signature: 0856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: '01'
-      Version: 3
-      TBS:
-        MD5: 93b601b98fc29a9e89a704048928b85f
-        SHA1: 3e8e6487f8fd27d322a269a71edaac5d57811286
-        SHA256: bedd4b1831f17c7ec1d507380f4c9836baa8ce20065a67db8b43acea14294ba4
-        SHA384: 5019d634bf6be7246128e117bfdf533f97aa574fae9080307b427fc77998fe9f280ba23b051cfbd6cf5d37c6e578d698
-    - Subject: C=GB, O=Sectigo Limited, CN=Sectigo Public Code Signing Root R46
-      ValidFrom: '2021-05-25 00:00:00'
-      ValidTo: '2028-12-31 23:59:59'
-      Signature: 12bfa1ef8b749a9844b86946b5ab240a0ca48a67b83a81bf458a7d5207a88d1f4e218539a36b5e2d2086bf10b8ae793b53cdb4fbd844be06d95c6367d44016874486722ad63215f51283c2f9e15d114067f6422772c523e202381a4c20e2db01f7cd464f26a27c66c05136b6890254c7fc58fb6c00eefe98a62e95a10c53291f6fd819a64f9ef7ac09ea5d82c68baf80a7bd8148528431da32ec15e4a64c3d6c3973d40b853920e0851a68e1a74838a9d1362577c18d1916c5884c667d2f63ce98e869dfac3ca85d9dc91c5baed8f32f74cfb87ef6d7839d1196629aae4513da7fdc47fbdfc3529fe60655e99d8cf23a6251bcec240f29d4588084e4457b5ad8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.12
-      IsCertificateAuthority: true
-      SerialNumber: 48fc93b46055948d36a7c98a89d69416
-      Version: 3
-      TBS:
-        MD5: 207045ce7b7ab131e78e459b13825902
-        SHA1: bcf7530a1ab309fb1926cb720f9fd58cff1cb88f
-        SHA256: 0f31a4237992e1ea623baf4c29480afb6d913e10f1fb1d56bb56f5b03fbff13b
-        SHA384: a229d2722bc6091d73b1d979b81088c977cb028a6f7cbf264bb81d5cc8f099f87d7c296e48bf09d7ebe275f5498661a4
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Trusted Root
-        G4
-      ValidFrom: '2022-08-01 00:00:00'
-      ValidTo: '2031-11-09 23:59:59'
-      Signature: 70a0bf435c55e7385fa0a3741b3db616d7f7bf5707bd9aaca1872cec855ea91abb22f8871a695422eda488776dbd1a14f4134a7a2f2db738eff4ff80b9f8a1f7f272de24bc5203c84ed02adefa2d56cff9f4f7ac307a9a8bb25ed4cfd143449b4321eb9672a148b499cb9d4fa7060313772744d4e77fe859a8f0bf2f0ba6e9f2343cecf703c787a8d24c401935466a6954b0b8a1568eeca4d53de8b1dcfd1cd8f4775a5c548c6fefa1503dfc760968849f6fcadb208d35601c0203cb20b0ac58a00e4063c59822c1b259f5556bcf27ab6c76ce6f232df47e716a236b22ff12b8542d277ed83ad9f0b68796fd5bd15cac18c34d9f73b701a99f57aa5e28e2b994
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.12
-      IsCertificateAuthority: true
-      SerialNumber: 0e9b188ef9d02de7efdb50e20840185a
-      Version: 3
-      TBS:
-        MD5: 21a266bd49f2778b24d13d95641ea6ac
-        SHA1: 21319f341fdf06bf6a104427afa8b7823b1ea7f3
-        SHA256: e933dc68ee65abd1f9b1aa6738eff60a6895d3d8cc4accf0c69069aa3decd757
-        SHA384: 11533efd6b326a4e065a936de300fe0586a479f93d569d2403bd62c7ad35f1b2199daee3adb510f429c4fc97b4b024e3
-    - Subject: C=GB, O=Sectigo Limited, CN=Sectigo Public Code Signing CA R36
-      ValidFrom: '2021-03-22 00:00:00'
-      ValidTo: '2036-03-21 23:59:59'
-      Signature: 06ff82e17763366e7ba115209b13ff04fe98754461c3569571d1913f85a1eb4040b1c8d6e072fd85ca64393cf98d4ba0da87ae9db600a306c50b600a2be70c7172010f465d39a593b32372041b0c2c7a9a7ef221ac2ca695a4bdf3e429a010b22a9a4fd0e731604754d21a6c6aa0412193ad05a8e3730e7ec3f29e16f3d87cb17f95d6299a51bebddd31aa5a9dd3df620a19f220cbd8e477b18ced809adb1ba559f43a135c59b583445ff7b01a7a7d65e1cfb0dc30be224c0592f8c55778d2e3d65273895284a2ba06b3d3258b38346d431b39a94e84e7c28a99f1f0268b65e5667b9c842e0d3d265a3c04c7bcd233b7ecf53c7a37e43fdfee3da93b54bc042cac4031c26cce4c9e89a7ab969870a0ac75b8747337213a6f1b9229cbad8acaa628be4e4ee9c0bed38d128b5e4a269b90f552676cfbea62a7cc07d9c4297fdddab7754370e2b837b130a08241d246a4ea94b312ee08eb853a819b3bb52fdd18d4a58dfd8e4929d1afb296cead37ce5f25ef98f2fa139db3d4d649e9cb6e305050647de9c16bea51147c02041d50b52faf18d461b1c78fde448f36badf376b11cc562c35fac5696cfc60e754db9e2a35941f77d3bf563c59d868ebdf1800347b4cdc7c5fccf605ebfa4a2bc104e1d8faeaa28ab66d834cbd4a14283f3982727eb74b26ad6adbf1d79ed82bd86570f995a1ad680c4e7f2fd528d9b0b96b8087d91c
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.12
-      IsCertificateAuthority: true
-      SerialNumber: 621d6d0c52019e3b9079152089211c0a
-      Version: 3
-      TBS:
-        MD5: 69409ee689cc94e90149ce9bccab49ae
-        SHA1: f3939507fa02c048647ede4cced7596339738157
-        SHA256: 3a42b4be5968e1e6489b8362a2a84cdbf7834f2aa9eb96cfb0dfeedeac4aa7d3
-        SHA384: 0eeb0f83c55ccaaf275cec9caaed00280b6dd9bd8e37bd8a191a5cf77a0e2d1298edb019e2a1e67e3f7bd4b1c7616dc0
-    - Subject: C=CA, ST=Ontario, O=Cold Air Systems Inc., CN=Cold Air Systems Inc.
-      ValidFrom: '2022-03-21 00:00:00'
-      ValidTo: '2023-03-21 23:59:59'
-      Signature: 899cc58baab9d8082af52a5a8c62d594e974a7f2d203905cb6165dc431bd5dae5c462a5bc84d32dec948286995c0c74c3450add6b4aec9b1162a19bccfb775f1c2a0bc54e1b252788dc528687347e316960caa524fa1b042cdf1a7dd147211a11de99d3513096b90923e8e24d2fb87da2beed19a91edbaca4d49efbd2d7af5a7f9a3a80b60de35850b969c22edfe268c5b76db79a0841da78b309b3258ca7ae2167876ccb1184c58f8af265e493345d86b419632c7dc2ebe9339216fb6664079c76aa9062603514b8a523084563b215b9aec378627dc7b64682097f3f8df7b4abb4bcd560331f64fbfd2a03074fd34cb09e8e8e335b5852acb05e6e96fa89138510b70bac8cf13ae8ab08640704fe55c1df075e0e7ce96592919126e452cc66b4e7ffce753bdf3ded2ca163030f8848d852097859344bb9cd6ee0319f4ad0deae33ddafaaedfd0c68d8d372a0fe1d8947b785547eab4c58f96846ad26a2ce2cf26deb5961906ee7ad1eec9cc64debbb5b1f8dd5bf1a036053f4dbfe425b57113
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.12
-      IsCertificateAuthority: false
-      SerialNumber: 0096c2ac9b7a12bd9588243110dc6b0519
-      Version: 3
-      TBS:
-        MD5: 466b9aa4bd3cf112cd4137ad2a126a6f
-        SHA1: da908b34622da9cd35e04241f7b75cb324bdbeba
-        SHA256: 6aa5da7e4e7ecc6c823702da039db9e3b84d474a1d04559162f212eb4468ab3e
-        SHA384: 63c064a3b7e9a04bb6caa5de429686291b11f6c4faf68929d70fac63b48a1ca5d0b51c871d1b61974163e776358876a3
-    - Subject: C=US, O=DigiCert, Inc., CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping
-        CA
-      ValidFrom: '2022-03-23 00:00:00'
-      ValidTo: '2037-03-22 23:59:59'
-      Signature: 7d598ec093b66f98a94422017e66d6d82142e1b0182e104d13cf3053cebf18fbc7505de24b29fb708a0daa2969fc69c1cf1d07e93e60c8d80be55c5bd76d87fa842025343167cdb612966fc4504c621d0c0882a816bda956cf15738d012225ce95693f4777fb727414d7ffab4f8a2c7aab85cd435fed60b6aa4f91669e2c9ee08aace5fd8cbc6426876c92bd9d7cd0700a7cefa8bc754fba5af7a910b25de9ff285489f0d58a717665daccf072a323fac0278244ae99271bab241e26c1b7de2aebf69eb1799981a35686ab0a45c9dfc48da0e798fbfba69d72afc4c7c1c16a71d9c6138009c4b69fcd878724bb4fa349b9776691f1729ce94b0252a7377e9353ac3b1d08490f94cd397addff256399272c3d3f6ba7f166c341cd4fb6409b212140d0b71324cddc1d783ae49eade5347192d7266be43873aba6014fbd3f3b78ad4cadfbc4957bed0a5f33398741787a38e99ce1dd23fd1d28d3c7f9e8f1985ffb2bd87ef2469d752c1e272c26db6f157b1e198b36b893d4e6f2179959ca70f037bf9800df20164f27fb606716a166badd55c03a2986b098a02bed9541b73ad5159831b462090f0abd81d913febfa4d1f357d9bc04fa82de32df0489f000cd5dc2f9d0237f000be4760226d9f0657642a6298709472be67f1aa4850ffc9896f655542b1f80fac0f20e2be5d6fba92f44154ae7130e1ddb37381aa12bf6edd67cfc
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 073637b724547cd847acfd28662a5e5b
-      Version: 3
-      TBS:
-        MD5: e4b8ad9932ff9205f580cf8fb2afbb86
-        SHA1: 5301f7044d78bf94dd2b6e4871083a17fdba1dcc
-        SHA256: c3d01499a5d1d2f71e0f44e78fbfa4b8aadb43dd4f226401e0c1d7a6d53357fa
-        SHA384: 84b5f399da5a4f4387269adfd951ef7d2197c29552ed2d2e449060664c3825d6bdb2acc3e563d999e54652f7384f445e
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp 2022 , 2
-      ValidFrom: '2022-09-21 00:00:00'
-      ValidTo: '2033-11-21 23:59:59'
-      Signature: 55aa2a1af346f378573730fc75e34fd68523f1fcf995399b25e6f7728a98c377d464fc15fb36c249512c7888635509463900fc69d4ca9b29fba33fc0c9009b131db09889dc78f2cd7c85cd539daf62e26166a3142a45874a98422b50fc1bb59e083009fae42dd7098979f909e688ce7d1bb86aa29bc1536009e8a3b89dd7ad1f1cb8ec9841f0f60e80fbe4ffdf9d10a7eb00ba5f4a8f1a3a52b4eabf0949153536599a0f54d2b21b7f7e5e09ad76548a746dcad205672b76ebff98b226953819884414e50a59a26be7223e4421d23f1cc09bed7c48b2d8920c914f3c6694af5d0253eb9ee29ee4d31f8601649c00c2e95a74750d3de17988bf1c0197c9192380d7365a5f9616b1630cc646403bce5d35d4593e439a18aec3c9cbc3fb9b135f6ab5c7e0f305c359df27622bde41c953b9ff341067f62632987bfe5c42948194829dac0a8bc64b154ad3989045603380e023def803a4f64547e5ceb8034247e841367177adfda2e897744e2eda1e1d8c5ac81e9ad5c2f0c622a84f9bbdd81c9a51c42f9af65fa72797ba962e8557c060e778567f6aefc2959a4b1102c8829cc91a057cba71b54e7a996cf4e89ed45a98c89fbf8dbb185c43f5d02ae8e262ee7804dbbdd1fb5b0aa8707ef0978478e308035d472c63a825389701d23f3adae5e5f6e69bdc7e2cccff174c4d00a2d8d6010eb88beee6e07255892c271961f677018c
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 0c4d69724b94fa3c2a4a3d2907803d5a
-      Version: 3
-      TBS:
-        MD5: 812cb8ca0c79b318780ec5128ad13c1d
-        SHA1: 3f8047d078307123301e50a25e9afb0dc4b6843d
-        SHA256: 0c0b121e6f807bc22d4e0f4945634c22eca7e4d5ca58a1526a40e918a35c1d79
-        SHA384: 86aab81948499b3c90833253a853e7b3fd82ccf7b65b35806831ab60814bfc6ad8848c990df262a1c89b6fc4267dad81
-    Signer:
-    - SerialNumber: 0096c2ac9b7a12bd9588243110dc6b0519
-      Issuer: C=GB, O=Sectigo Limited, CN=Sectigo Public Code Signing CA R36
-      Version: 1
-  RichPEHeaderHash:
-    MD5: ebe2ae976914018e88e9fc480e7b6269
-    SHA1: 960715bfbccb53b6c4eccca3b232b25640e15b52
-    SHA256: d755e9f3cb861f5227319238f1811265e332e36a922b9a25da38b122a791fdfa
-  Sections:
-    .text:
-      Entropy: 5.9488831741487855
-      Virtual Size: '0xb64'
-    .rdata:
-      Entropy: 3.0845170472775276
-      Virtual Size: '0x12c'
-    .data:
-      Entropy: 2.4884950805464947
-      Virtual Size: '0x58'
-    .pdata:
-      Entropy: 3.0964706270496722
-      Virtual Size: '0x60'
-    INIT:
-      Entropy: 4.528890116790764
-      Virtual Size: '0x258'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2016-09-30 06:03:17'
-  Imphash: 7363079b9aae7d58bd33c691a613c83c
-  LoadsDespiteHVCI: 'TRUE'
-- Authentihash:
-    MD5: 55466195f0b2f4afc4243b43a806e6d9
-    SHA1: 38b353d8480885de5dcf299deca99ce4f26a1d20
-    SHA256: 5182caf10de9cec0740ecde5a081c21cdc100d7eb328ffe6f3f63183889fec6b
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2011-09-06 06:24:50'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - RtlInitUnicodeString
-  - ZwClose
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - MmMapIoSpace
-  - IoDeleteSymbolicLink
-  - IofCompleteRequest
-  - ZwUnmapViewOfSection
-  - MmUnmapIoSpace
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - __C_specific_handler
-  - IoDeleteDevice
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: d78a29306f42d42cd48ad6bc6c6a7602
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 59080883b71fd56bbf10ec0ae4b6bdd4
-    SHA1: 503a36a225568553cc9b05f63b3506c6ff21e12e
-    SHA256: bc812d4ddc3ecfbf38c4d0d185e368fc58bac6e07f722db032bf6303daa7c946
-  SHA1: 4d516b1c9b7a81de2836ab24ba6b880c11807255
-  SHA256: bb0742036c82709e02f25f98a9ff37c36a8c228bcaa98e40629fac8cde95b421
-  Sections:
-    .text:
-      Entropy: 5.866767422382319
-      Virtual Size: '0x8b4'
-    .rdata:
-      Entropy: 3.095201756852517
-      Virtual Size: '0x110'
-    .data:
-      Entropy: 2.4884950805464947
-      Virtual Size: '0x58'
-    .pdata:
-      Entropy: 3.045843351790575
-      Virtual Size: '0x54'
-    INIT:
-      Entropy: 4.468159720315432
-      Virtual Size: '0x218'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: OU=Timestamping CA, O=GlobalSign, CN=GlobalSign Timestamping CA
-      ValidFrom: '2009-03-18 11:00:00'
-      ValidTo: '2028-01-28 12:00:00'
-      Signature: 5df6cb2b0d0140849f857a43706ae0c5e7aa0600d76713c9089131654f14a8a905dc389e6aa0300abd8dc78028ee4245ca94f3de5845a9803204f5595c6a70003927944df5b44634e81c5331b2b35416e9cc42abd5d959301cfb462725b88723b1e8758824831ec876377b01494548a4ede25dd27c9ca2dc2dba105a126265abae00c710343bcb72bd14240cdcc37627b4a7fee15829f20e169f91391d89a6e60f1c878ce258ac927e243eaaec14e73a33348bc63bac83ab0f14627aba1a2d4d4b1bc530f00b92797d3c78e0f8e6d215965999392b3061e8b8f8c0a1e9221411787dc4dc89bec0bb94e172aeebb540404fef171e585ed0a88996ac9228e9babf
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012019c19066
-      Version: 3
-      TBS:
-        MD5: 42023b9487cafe46c1b6a49c369a362e
-        SHA1: 7c7b524d269334b9f073c32e888e09544c6acd98
-        SHA256: b7126567833f3daa4085ff41e73112daad3d1e3808a942c1936520e2d6c46c78
-        SHA384: 0ee4f63d6f157ec4f6990c3ebb411ccd76cb1e2123c7f692459e43f96c0da2dbf60a2bce6afeacc60621d3055028baea
-    - Subject: C=BE, O=GlobalSign NV, CN=GlobalSign Time Stamping Authority
-      ValidFrom: '2009-12-21 09:32:56'
-      ValidTo: '2020-12-22 09:32:56'
-      Signature: bc89ecfee63655935c79d4117a86808f17b693b26d9b91a1561811c655eaf608edad9b9ef52b81c8bbdd607b1b47991e6d403e1d80c213d58e04052fdbe7ae529e688472a1e54a603cf89bd52f46d8c3b2b79353ac9b6c432424d1f1fce9562e3411581843eaefff34746ca0c06c7fad031969881e9560cabbbd0cbb76efc724b081c63831cf36ad0c38b89020849b2e8f28b99ff6ca9427cdac396157e0e3955a9c769230f5dea6973d721c2a6032a8334d8635338a5cf3a4fdf7062ce16b4b30f5cbd34362f841b9de7d20cb058c8e2cf65f35fd338d42896508362ca389f45a858bb0b97bdb6ccba1f8d20e1bbb977cd12779be9d7c3be6a75634d8c991a9
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 01000000000125b0b4cc01
-      Version: 3
-      TBS:
-        MD5: e3369c8e5aec0504b3a50455f615d9f9
-        SHA1: 13c244a894b40ecd18aaf97c362f20385bd005a7
-        SHA256: 26da721a670c72836926032fee6920118bfb9bff89cc8d0ce30d9452c33f2532
-        SHA384: 1524902f0e25addc6d74039d439366d2b06199e215004fd8e145369f50ea94a021ce6312e8a62b35470da0309ccb975c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=US, ST=California, L=Brea, O=EVGA, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=EVGA
-      ValidFrom: '2012-02-29 00:00:00'
-      ValidTo: '2014-04-15 23:59:59'
-      Signature: d77d9dbdeea6d42d15335f0b16117963e49d39b89af081160a467824968e611f0947648a83375d1380acca6cbe1117f488b428bcab943b20dad29e72dd48e7d01b080b12c444727bba415a098799abd5e5673dd7eda91787920c3cc53aac068e0a3d1faef713c14f7ec6f68f69a33340b70e81083db2ce1daf45592063235d05232a1d3d8052fc3f102b2b71e1c46275eff3d4a2dc5ee0d5d727d180da205055a3709a32ad6bd11317b1f109e7c5eca18c8293c937ba6f76278bc306c10f0f1bc865cedcf2c2331e7a7f5c0bcfab91786b8ff848d8ef9c59937ddb94f6369884162148f882e7d0c4343538ad23aeb6ab3db0f6d125a8e2fe3889e40ed66bc66a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 26d7f5563eb3e42a81f7c715fcd2799d
-      Version: 3
-      TBS:
-        MD5: e994671d8d440b7739cdd9775bbca72f
-        SHA1: ea9446b39b968aa6953e1bf74a36435759b3d2e3
-        SHA256: 37a9886a67c19d644c74505801f947d3b2756a5540cbd89a0c8d500511cb838d
-        SHA384: 41d34e73f1b002f885c80004e3c366299392258ce5ba880150875ed8811ebc9913dc34cdf7c9800a8303dd512207787c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 26d7f5563eb3e42a81f7c715fcd2799d
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 690a0fb27a0c47c785d6bbbfc2e56501
-  LoadsDespiteHVCI: 'FALSE'
-Tags:
-- RTCore64.sys
+-   Filename: RTCore64.sys
+    MD5: 3ecd3ca61ffc54b0d93f8b19161b83da
+    SHA1: 4f376b1d1439477a426ef3c52e8c1c69c2cb5305
+    SHA256: 03e0581432f5c8cc727a8aa387f5b69ff84d38d0df6f1226c19c6e960a81e1e9
+    Authentihash:
+        MD5: a17d227444e090ff69e24fcb6d43162b
+        SHA1: 43d3a3c1f7b14cfcc051cae2534dbbbb4c7fc120
+        SHA256: b8eb26b6f79020ae988e4fb752dc06e1b6779749bf4f8df2872fc2b92bab8020
+    Description: ''
+    Company: ''
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    Product: ''
+    ProductVersion: ''
+    Copyright: ''
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - RtlInitUnicodeString
+    - ZwClose
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - IoDeleteSymbolicLink
+    - IofCompleteRequest
+    - MmIsAddressValid
+    - ZwUnmapViewOfSection
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - __C_specific_handler
+    - IoDeleteDevice
+    - HalTranslateBusAddress
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
+                Primary Object Publishing CA
+            ValidFrom: '1999-01-28 12:00:00'
+            ValidTo: '2014-01-27 11:00:00'
+            Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9611cd6
+            Version: 3
+            TBS:
+                MD5: 698f075151097d84c0b1f3e7bc3d6fca
+                SHA1: 041750993d7c9e063f02dfe74699598640911aab
+                SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
+                SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
+        -   Subject: C=TW, O=Micro,Star Int'l Co. Ltd., CN=Micro,Star Int'l Co. Ltd.
+            ValidFrom: '2008-08-28 09:49:45'
+            ValidTo: '2011-08-28 09:49:45'
+            Signature: 572df373e9b036711b3cf5ee882e5d75d8d50f012407cf0c1b554ff8f41c7b6477fa0b2ad579f2c1fe7b8b9d7374b690527c219eb979686fb67d0b4cf2885d8d7d1261f05cb72fe4c9f294c52aa05f3e5d1ceb0d77085dbd6af07978032505da666f353283a8982af26985e69c1599479945b591124183574b8a4cc34caa62e31b523dac3fedbd04951b3661399ed34f5c5868d9bbe3295fc09890d9521e1cdcae2ff129f547d4c8ce8aa08616107c555fac60e5b63c14ddfeb6962af3608b75d9c77c69260d8af9775b83afaa15b8ecef6840cb4ee87d451f9042b49735ea40931c0664c8c2bf6a139db6ac5b90edcea63a6bf5b54978f027b1046170d476d0
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0100000000011c08b7f67e
+            Version: 3
+            TBS:
+                MD5: 4566c37f56f951a0ce5b4ae966c0ea9f
+                SHA1: a51cbf2834eb6f8535bc5e44913a9ec979379782
+                SHA256: 88a8e9a799af515b9223e4cdf24d0ef1e72f12124be02786f026a3c26317b417
+                SHA384: d8d8769d5b6a0fe7c56fcde24c735475ee0e5d01c63dbf7690cdae5a3e251818bed42443d0c6424d39e81a19d6c83bdb
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            ValidFrom: '2004-01-22 09:00:00'
+            ValidTo: '2014-01-27 10:00:00'
+            Signature: 3c4a010267edf20a2e736e40252f1dccbc2db652141b27122cf1229e190a89b6ef352a29152b1a88c20f37168d2602d5e93080f608b9939ac0498f332c3035ff4ab9892aa75c38e761a778fe22851a07b4b9edcf21f25ddedff329c5d38d9e14c4285c88e590a300442912b23e759540244a6beee2d0ef862ddf6d741a4f1cc79424c443464f7b81015d23733cd9752e995361565e7ccd13e237d222e570f8a743f6154147fda24702c43651ca545da6cdcad61817533ff1d38e0f0aafda17941657a0991431c90e1611d2c04ca2a25978fbb6b933cff763c9d2c4c84953dd8a59525e7d3b385eed220360ac85cd58325dcdc31c07fa7ef67efbc8ac378be498
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000117ab50b915
+            Version: 3
+            TBS:
+                MD5: 5686b287d716c4d2428b092c4ef30f9c
+                SHA1: 306fb5fbeb3d531510bb4b663c4fd48adc121e14
+                SHA256: 60846fc990e271a707cd2d53d0bb21834a04f7652214aa0c12597ff6649d352d
+                SHA384: 6b37b28ca97b32a31b0fa53b5e961ae0f2d1aae2c5bf46de132e57834ee3968d9af7ad204821f9389cc4e0b5a8481fe8
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 0100000000011c08b7f67e
+            Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: deb9c1e252f598099d70d2b33a313da3
+        SHA1: f0c2801e0091ed6f5e10ea7045e911aa90030290
+        SHA256: 914fb9761d50c3fa2ecf9fbd8af3735f9b8d6c4903e067c8af9546e79b6f22c7
+    Sections:
+        .text:
+            Entropy: 5.7214393917162045
+            Virtual Size: '0xc74'
+        .rdata:
+            Entropy: 3.4063014058939425
+            Virtual Size: '0x130'
+        .data:
+            Entropy: 2.4884950805464947
+            Virtual Size: '0x58'
+        .pdata:
+            Entropy: 3.1879942043708462
+            Virtual Size: '0x60'
+        INIT:
+            Entropy: 4.4494366822955245
+            Virtual Size: '0x202'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2005-05-25 00:39:12'
+    Imphash: 543f80399f79401471523d335ea61642
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: RTCore64.sys
+    MD5: 925ee3f3227c3b63e141ba16bd83f024
+    SHA1: 57ea07ab767f11c81c6468b1f8a3d5f4618b800b
+    SHA256: 0466dac557ee161503f5dfbd3549f81ec760c3d6c7c4363a21a03e7a3f66aca8
+    Authentihash:
+        MD5: 55466195f0b2f4afc4243b43a806e6d9
+        SHA1: 38b353d8480885de5dcf299deca99ce4f26a1d20
+        SHA256: 5182caf10de9cec0740ecde5a081c21cdc100d7eb328ffe6f3f63183889fec6b
+    Description: ''
+    Company: ''
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    Product: ''
+    ProductVersion: ''
+    Copyright: ''
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - RtlInitUnicodeString
+    - ZwClose
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - MmMapIoSpace
+    - IoDeleteSymbolicLink
+    - IofCompleteRequest
+    - ZwUnmapViewOfSection
+    - MmUnmapIoSpace
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - __C_specific_handler
+    - IoDeleteDevice
+    - HalTranslateBusAddress
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: OU=Timestamping CA, O=GlobalSign, CN=GlobalSign Timestamping
+                CA
+            ValidFrom: '2009-03-18 11:00:00'
+            ValidTo: '2028-01-28 12:00:00'
+            Signature: 5df6cb2b0d0140849f857a43706ae0c5e7aa0600d76713c9089131654f14a8a905dc389e6aa0300abd8dc78028ee4245ca94f3de5845a9803204f5595c6a70003927944df5b44634e81c5331b2b35416e9cc42abd5d959301cfb462725b88723b1e8758824831ec876377b01494548a4ede25dd27c9ca2dc2dba105a126265abae00c710343bcb72bd14240cdcc37627b4a7fee15829f20e169f91391d89a6e60f1c878ce258ac927e243eaaec14e73a33348bc63bac83ab0f14627aba1a2d4d4b1bc530f00b92797d3c78e0f8e6d215965999392b3061e8b8f8c0a1e9221411787dc4dc89bec0bb94e172aeebb540404fef171e585ed0a88996ac9228e9babf
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012019c19066
+            Version: 3
+            TBS:
+                MD5: 42023b9487cafe46c1b6a49c369a362e
+                SHA1: 7c7b524d269334b9f073c32e888e09544c6acd98
+                SHA256: b7126567833f3daa4085ff41e73112daad3d1e3808a942c1936520e2d6c46c78
+                SHA384: 0ee4f63d6f157ec4f6990c3ebb411ccd76cb1e2123c7f692459e43f96c0da2dbf60a2bce6afeacc60621d3055028baea
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=BE, O=GlobalSign NV, CN=GlobalSign Time Stamping Authority
+            ValidFrom: '2009-12-21 09:32:56'
+            ValidTo: '2020-12-22 09:32:56'
+            Signature: bc89ecfee63655935c79d4117a86808f17b693b26d9b91a1561811c655eaf608edad9b9ef52b81c8bbdd607b1b47991e6d403e1d80c213d58e04052fdbe7ae529e688472a1e54a603cf89bd52f46d8c3b2b79353ac9b6c432424d1f1fce9562e3411581843eaefff34746ca0c06c7fad031969881e9560cabbbd0cbb76efc724b081c63831cf36ad0c38b89020849b2e8f28b99ff6ca9427cdac396157e0e3955a9c769230f5dea6973d721c2a6032a8334d8635338a5cf3a4fdf7062ce16b4b30f5cbd34362f841b9de7d20cb058c8e2cf65f35fd338d42896508362ca389f45a858bb0b97bdb6ccba1f8d20e1bbb977cd12779be9d7c3be6a75634d8c991a9
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 01000000000125b0b4cc01
+            Version: 3
+            TBS:
+                MD5: e3369c8e5aec0504b3a50455f615d9f9
+                SHA1: 13c244a894b40ecd18aaf97c362f20385bd005a7
+                SHA256: 26da721a670c72836926032fee6920118bfb9bff89cc8d0ce30d9452c33f2532
+                SHA384: 1524902f0e25addc6d74039d439366d2b06199e215004fd8e145369f50ea94a021ce6312e8a62b35470da0309ccb975c
+        -   Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL
+                CO., LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL
+                CO., LTD.
+            ValidFrom: '2011-08-30 06:46:09'
+            ValidTo: '2014-08-30 06:46:09'
+            Signature: 87bf57ab7ffd7e005076b34b14ddd924045ec7e389871661794f1ece1bef10e050893b28236cb650af1415f8cd95e86c2052d93311d73e0bbe6fb1c22ddea438a93c8b18bd4b8c0f81ad07032efb46d406bbaa730dd3ac92cbf0d9cc711a397a0e0320b213a5161e6be83ec69967a712b463129ea56d5a8ecd3ff8901be09dfaa0a0f10e879b307863e1b1c3a3149ac73bc3f3160db7012229b57bced6d47b875878663642a8cddd03da1e7f236b8cf16713a5e0f4c892aaca77a8c7dab41d84567e2bbf09b336a2824e0e18d54d199e6e024d2630bb210cd24a9ef4b377be0429e2ecc9bf8478a8c6a78c686e26f29c95925baee85e4bbb97b6eecffe44a25e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
+            Version: 3
+            TBS:
+                MD5: 3a98a18e8636f2a01e49e2a6d116c360
+                SHA1: a2938150e46525adcec2e3a2348824bc1cf532b2
+                SHA256: 01a2e2d31d0a4f3005753cce5972b5da2a7c08b0750fb6947e0fd231e64ae7ec
+                SHA384: 722398e51e6b5bbe064df372be6b6a9ccfcc9719ad775213cae46920e0a3e6c5a4dc8b912de3148abfc60ff4a59050ea
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 59080883b71fd56bbf10ec0ae4b6bdd4
+        SHA1: 503a36a225568553cc9b05f63b3506c6ff21e12e
+        SHA256: bc812d4ddc3ecfbf38c4d0d185e368fc58bac6e07f722db032bf6303daa7c946
+    Sections:
+        .text:
+            Entropy: 5.866767422382319
+            Virtual Size: '0x8b4'
+        .rdata:
+            Entropy: 3.095201756852517
+            Virtual Size: '0x110'
+        .data:
+            Entropy: 2.4884950805464947
+            Virtual Size: '0x58'
+        .pdata:
+            Entropy: 3.045843351790575
+            Virtual Size: '0x54'
+        INIT:
+            Entropy: 4.468159720315432
+            Virtual Size: '0x218'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2011-09-06 06:24:50'
+    Imphash: 690a0fb27a0c47c785d6bbbfc2e56501
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: rtcore64.sys
+    MD5: 483abeee17e4e30a760ec8c0d6d31d6d
+    SHA1: f56fec3f2012cd7fc4528626debc590909ed74b6
+    SHA256: 077aa8ff5e01747723b6d24cc8af460a7a00f30cd3bc80e41cc245ceb8305356
+    Authentihash:
+        MD5: 5860da7a094c5f2ff2787476c37b4b35
+        SHA1: da1bd3ad4a8fe1e28c1de28a7bf66ad82da0dd29
+        SHA256: 61a1f530a5d47339275657d7883911d64f64909569cf13d2e6868df01a2a72cb
+    Description: ''
+    Company: ''
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    Product: ''
+    ProductVersion: ''
+    Copyright: ''
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - MmUnmapIoSpace
+    - ZwUnmapViewOfSection
+    - MmMapIoSpace
+    - ZwClose
+    - IofCompleteRequest
+    - IoDeleteDevice
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - ZwOpenSection
+    - KeBugCheckEx
+    - RtlInitUnicodeString
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - IoDeleteSymbolicLink
+    - __C_specific_handler
+    - HalGetBusDataByOffset
+    - HalSetBusDataByOffset
+    - HalTranslateBusAddress
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Timestamping CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2028-01-28 12:00:00'
+            Signature: 4e5e56901e46b4d94931f3bb1739281bc216ddfd41dc0905049b6fb2a29ad6992e40990055b5ea3fa52076d38634d417cc553ac782eeefa8babcd8069f1550dfcd167b523a02d7191afdaff0785ce04bc518df3a241edaacb8a95804020730dbb0125efe31bef00448f4f070f83a5e5683cf3dfb0dbcf4c5ed979db9d4dba52784e3389b8ba735864420a43b6da46a0ba183fd28ebdaef28f6cc885dfb0a3b00abe021ebe22f356c0f8e344597eba2f79933357ecb9a8abb454de73f9fc2d98afa65b26ec77e65ffe892e12c31a2f7b02736488f266f3bee4d761f79c3e57f9635bc2d0ecc01b08e7fff518080a792d4b34446648c874f166307314b63b0dff3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee152d7
+            Version: 3
+            TBS:
+                MD5: e140543fe3256027cfa79fc3c19c1776
+                SHA1: c655f94eb1ecc93de319fc0c9a2dc6c5ec063728
+                SHA256: 3ca71e85908ff67368e4dc00253f5691b9e6d50c966e7784143d75fb92aa3448
+                SHA384: d9d366f9328f2b55ee19a32cc5fd5148b81d764282fe5dc196c872ae249caa51d2c212ef39f33945dfe0cda81925e326
+        -   Subject: C=SG, O=GMO GlobalSign Pte Ltd, CN=GlobalSign TSA for MS Authenticode
+                , G2
+            ValidFrom: '2016-05-24 00:00:00'
+            ValidTo: '2027-06-24 00:00:00'
+            Signature: 8fa91a916d04a637200e8396de23d36b6e1f6edd643d682122b5f84736698ee1a545c724a222b72909cc545aaec6bccd638eb33d5048e5b4ccaecd928d9e288b134a11aabda3efd3b236fcb4a172bf6d9763798c44bc702f7ef3bcdd8253ab1af6ebfa1c97bcb6379ca41c30bcabbc2d4736df922003e871c658f675059a34f00b595a824434aa80e42f84f6475d96c9b6caca9db7a6bae450d3d437b8ba200ed0d3922a5bc459bba16ddb3cce449dc1382aade38dbdcd09771a10be670a02366488b9b31b26eee79e60c446a8bc61336ccf4eb99cb96af09f37feb53d4f9ad34dffde208e4e97a6fd9f09bc4dca1876c9b04d8550f280d21d06f5580407b118
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1121d699a764973ef1f8427ee919cc534114
+            Version: 3
+            TBS:
+                MD5: acb5170547d76873f1e4ff18ed5de2eb
+                SHA1: bd6e261e75b807381bada7287de04d259258a5fa
+                SHA256: 4783380498acf592286ef2dea0fcc5bdea3f54d5e374d3e3497df9d5f662cfb6
+                SHA384: 4f428f115cf3d008248f15f32007fc7c54bd454e1b48b765776b4c87c23ab8818d8fbcbb3646d35eca012b025260a3b8
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Extended Validation CodeSigning
+                CA , SHA256 , G3
+            ValidFrom: '2016-06-15 00:00:00'
+            ValidTo: '2024-06-15 00:00:00'
+            Signature: 7609c4cc2fd9ef1e4ba9f857f3403921ca4c3c1d9e292b20d42b44d288ce1a0d05cf8381bbeb69bc318d2ac4c744cc6060941ccfa1e102240ead5bbe2cc2271e67b7e8281f3251e339f398dfb89f2e8b2ab47b0a03bcbd36048fc9d09c4fa3022799b0f045e934dfe43aa3b70637d86f2a7990d4d44e5871ec53a96198f73969e0129c575872862729a51de532f32b99975abf2bb03cb406ea0e64ecb7cd65802417c2d937f5b1261035477b9a02ba54a24593ff79bf1a8cc59fb59fdf78e76b50f14794694b24b8da05e80c9d4f06ec4a31207e4f5d86842f35a3cd9cc184571f1fadc0e2a4b1ef296b2197a6d4feed0337b0fcf58d2abcdc8483e3dec3e75f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 481b6a07a9424c1eaafef3cdf10f
+            Version: 3
+            TBS:
+                MD5: fd8cfeea06be14fa89689909e1fc72dc
+                SHA1: 8bc3cd2f70abe543e0dbe721065a4076c8521f36
+                SHA256: 15e7050789df807f3e3174294a01b637a1239f603e42f4b5db9398efa9da9996
+                SHA384: 8b9f95e6d3dd45e4ef38e2f12fb893d7d1bb1ba867e152e4a73c49b3d51dd52bc83a05982deac29af90436061248546d
+        -   Subject: O=GlobalSign, OU=GlobalSign Root CA , R3, CN=GlobalSign
+            ValidFrom: '2015-06-04 17:47:53'
+            ValidTo: '2025-06-04 17:47:53'
+            Signature: 6002ac0e090db46a7d590cad66450a180f5ea7255c14f6d35acf9d5e3bc77afc005f6e402b2de1ce6f76ab3cabd9f945cf779052ea21973ad25d3e57ba73ec007577a2754574c76226b054bad5c9c9da6ced66f2ff8b17b27959ca805465da96ca11de2abbc3d43d37fce6fdcb92866eb9ad4d1b68e047d9b08634231cda1ddd6e54edcb0ee17ad54db2a1abceda712fa23e0804ac2a53d713d93c6e338ca7b7b935afa559df305fea3ee8777123f8f9e91edbe214036a8aef64c17be05d56e0e4f2c84ce0d7ef07d3d620fade651998a7c6712b5d94aee9c90b91578690ccde9fd43c1995043efd5c2ba4fc39958fa88787b25bca804fc31638f50eb0edd7caf6fc774477d84ac89d9fff301798d712d590dde53a66e0f12c974799b60f0e56da9b410dc34bd5f0689ccaa5865c866612f23b8304ff46ed2d64d456952b7e799d01831318d568bd91cedd86fb08a0ab0c4564c3d126345e56a26c4c690c8b63ca84187ac573abb352ae8ddce22b03677d862a126f684f6481752d85e5b8ec80059bab3969ee1f316a6a2afb35bd63aac5ee65d3d696a43e99931ebeee3b6c646caecd140afcd88c20a31cf8627fa4c07d1f2c7f3a50c0269396379c8fa51363b473d816ab27487eaafeeb0f487f29989e3b499190f08f3ebadc9f26819d736631a727b6e4a94d04e5ea5331c0fa934a879dfc4a61e063a2ac4f88f4c5781f65
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 330000003b6ac01e2b21e615dc00000000003b
+            Version: 3
+            TBS:
+                MD5: b61c1ad0b5d89c8170aaa81f8b6218a3
+                SHA1: b84d6a44f86e112ef3ecb55e22527fd37f622de8
+                SHA256: 60c5e154e6794b6ac214b221c8b62a733eb8794092aa400729bbf88b72748230
+                SHA384: be8fab78dcd9709d29c973205e536a3994a93769c7032b72d9ab26106a5e00b5a3497e41baec9cf9824506ca0990ffac
+        -   Subject: ??=Private Organization, serialNumber=22178368, ??=TW, C=TW,
+                ST=New Taipei, L=New Taipei, ??=NO.69, LI,DE ST., ZHONGHE DIST., O=MICRO,STAR
+                INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL CO., LTD.
+            ValidFrom: '2019-09-16 08:28:21'
+            ValidTo: '2022-09-16 08:28:21'
+            Signature: 31d3e258a115d41cea97ae1122b5482d2df37785b800cd8b16ee0e42b12a04e5b75d4c3447e1ffb7da8be87e733164fd2ed0020ab3d1010bf21a78cda4d031c4a75cec091a5072b44e8946476eb7c04c69e2e46af012ce640075751baf523140e803c62108f3b9efff3024a0e27138ba6763d36ca957fb480006e9b824f677b980edb98903a116d529b318753b539854a15778dacc6e4db10e4f3c5748b399f7270b244fe83e59743dbe4576c110bde088b2224d91e0c32bc8e4e5c7a61516602b962d66b01a46ccd5814a71bf9e99aac9604179d90230caea6c1229ecd20d2638084d62ff053dcf29675a0a44de07b9e75d5c3f8aeb66900828b949ea9289a8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 6a7bb9e55c0bbf1def6c739c
+            Version: 3
+            TBS:
+                MD5: 86cb9d8321d25d44f040248ada40f6e3
+                SHA1: 463cc47327cdb8d04848de5595f0f5d52d7e97ba
+                SHA256: 5ac1448b6565bffa2dcc53738f6b01aed6d37aa0b9cda1c6497060fc14144fa6
+                SHA384: 5fb0ee916e64059bfd26e29f31b2cf2bf9086aaae1af19ccba781b165be2731dd322ce5e0d9105a9ec2bf11eba76ded2
+        Signer:
+        -   SerialNumber: 6a7bb9e55c0bbf1def6c739c
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Extended Validation CodeSigning
+                CA , SHA256 , G3
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 114620ca437e9d453fdb1cdadf006b4b
+        SHA1: 50d5e7370672795c29e712fd461a01d2dcb3c803
+        SHA256: 908eb09dd38a899c259af4ab14f4dbecbbbc55c2755b482bc2d58b3429cbeb38
+    Sections:
+        .text:
+            Entropy: 6.027085743974895
+            Virtual Size: '0xc7e'
+        .rdata:
+            Entropy: 4.12172979146796
+            Virtual Size: '0x188'
+        .data:
+            Entropy: 0.9253228016668384
+            Virtual Size: '0xd80'
+        .pdata:
+            Entropy: 3.1619674481420286
+            Virtual Size: '0x60'
+        INIT:
+            Entropy: 5.101996629515978
+            Virtual Size: '0x2f0'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2019-09-19 04:45:31'
+    Imphash: b0356152212dc6e33752847235064fb0
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: RTCore64.sys
+    MD5: c508d28487121828c3a1c2b57acb05be
+    SHA1: 7c43d43d95232e37aa09c5e2bcd3a7699d6b7479
+    SHA256: 0cf6c6c2d231eaf67dfc87561cc9a56ecef89ab50baafee5a67962748d51faf3
+    Authentihash:
+        MD5: 55466195f0b2f4afc4243b43a806e6d9
+        SHA1: 38b353d8480885de5dcf299deca99ce4f26a1d20
+        SHA256: 5182caf10de9cec0740ecde5a081c21cdc100d7eb328ffe6f3f63183889fec6b
+    Description: ''
+    Company: ''
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    Product: ''
+    ProductVersion: ''
+    Copyright: ''
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - RtlInitUnicodeString
+    - ZwClose
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - MmMapIoSpace
+    - IoDeleteSymbolicLink
+    - IofCompleteRequest
+    - ZwUnmapViewOfSection
+    - MmUnmapIoSpace
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - __C_specific_handler
+    - IoDeleteDevice
+    - HalTranslateBusAddress
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: OU=Timestamping CA, O=GlobalSign, CN=GlobalSign Timestamping
+                CA
+            ValidFrom: '2009-03-18 11:00:00'
+            ValidTo: '2028-01-28 12:00:00'
+            Signature: 5df6cb2b0d0140849f857a43706ae0c5e7aa0600d76713c9089131654f14a8a905dc389e6aa0300abd8dc78028ee4245ca94f3de5845a9803204f5595c6a70003927944df5b44634e81c5331b2b35416e9cc42abd5d959301cfb462725b88723b1e8758824831ec876377b01494548a4ede25dd27c9ca2dc2dba105a126265abae00c710343bcb72bd14240cdcc37627b4a7fee15829f20e169f91391d89a6e60f1c878ce258ac927e243eaaec14e73a33348bc63bac83ab0f14627aba1a2d4d4b1bc530f00b92797d3c78e0f8e6d215965999392b3061e8b8f8c0a1e9221411787dc4dc89bec0bb94e172aeebb540404fef171e585ed0a88996ac9228e9babf
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012019c19066
+            Version: 3
+            TBS:
+                MD5: 42023b9487cafe46c1b6a49c369a362e
+                SHA1: 7c7b524d269334b9f073c32e888e09544c6acd98
+                SHA256: b7126567833f3daa4085ff41e73112daad3d1e3808a942c1936520e2d6c46c78
+                SHA384: 0ee4f63d6f157ec4f6990c3ebb411ccd76cb1e2123c7f692459e43f96c0da2dbf60a2bce6afeacc60621d3055028baea
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=BE, O=GlobalSign NV, CN=GlobalSign Time Stamping Authority
+            ValidFrom: '2009-12-21 09:32:56'
+            ValidTo: '2020-12-22 09:32:56'
+            Signature: bc89ecfee63655935c79d4117a86808f17b693b26d9b91a1561811c655eaf608edad9b9ef52b81c8bbdd607b1b47991e6d403e1d80c213d58e04052fdbe7ae529e688472a1e54a603cf89bd52f46d8c3b2b79353ac9b6c432424d1f1fce9562e3411581843eaefff34746ca0c06c7fad031969881e9560cabbbd0cbb76efc724b081c63831cf36ad0c38b89020849b2e8f28b99ff6ca9427cdac396157e0e3955a9c769230f5dea6973d721c2a6032a8334d8635338a5cf3a4fdf7062ce16b4b30f5cbd34362f841b9de7d20cb058c8e2cf65f35fd338d42896508362ca389f45a858bb0b97bdb6ccba1f8d20e1bbb977cd12779be9d7c3be6a75634d8c991a9
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 01000000000125b0b4cc01
+            Version: 3
+            TBS:
+                MD5: e3369c8e5aec0504b3a50455f615d9f9
+                SHA1: 13c244a894b40ecd18aaf97c362f20385bd005a7
+                SHA256: 26da721a670c72836926032fee6920118bfb9bff89cc8d0ce30d9452c33f2532
+                SHA384: 1524902f0e25addc6d74039d439366d2b06199e215004fd8e145369f50ea94a021ce6312e8a62b35470da0309ccb975c
+        -   Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL
+                CO., LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL
+                CO., LTD.
+            ValidFrom: '2011-08-30 06:46:09'
+            ValidTo: '2014-08-30 06:46:09'
+            Signature: 87bf57ab7ffd7e005076b34b14ddd924045ec7e389871661794f1ece1bef10e050893b28236cb650af1415f8cd95e86c2052d93311d73e0bbe6fb1c22ddea438a93c8b18bd4b8c0f81ad07032efb46d406bbaa730dd3ac92cbf0d9cc711a397a0e0320b213a5161e6be83ec69967a712b463129ea56d5a8ecd3ff8901be09dfaa0a0f10e879b307863e1b1c3a3149ac73bc3f3160db7012229b57bced6d47b875878663642a8cddd03da1e7f236b8cf16713a5e0f4c892aaca77a8c7dab41d84567e2bbf09b336a2824e0e18d54d199e6e024d2630bb210cd24a9ef4b377be0429e2ecc9bf8478a8c6a78c686e26f29c95925baee85e4bbb97b6eecffe44a25e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
+            Version: 3
+            TBS:
+                MD5: 3a98a18e8636f2a01e49e2a6d116c360
+                SHA1: a2938150e46525adcec2e3a2348824bc1cf532b2
+                SHA256: 01a2e2d31d0a4f3005753cce5972b5da2a7c08b0750fb6947e0fd231e64ae7ec
+                SHA384: 722398e51e6b5bbe064df372be6b6a9ccfcc9719ad775213cae46920e0a3e6c5a4dc8b912de3148abfc60ff4a59050ea
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 59080883b71fd56bbf10ec0ae4b6bdd4
+        SHA1: 503a36a225568553cc9b05f63b3506c6ff21e12e
+        SHA256: bc812d4ddc3ecfbf38c4d0d185e368fc58bac6e07f722db032bf6303daa7c946
+    Sections:
+        .text:
+            Entropy: 5.866767422382319
+            Virtual Size: '0x8b4'
+        .rdata:
+            Entropy: 3.095201756852517
+            Virtual Size: '0x110'
+        .data:
+            Entropy: 2.4884950805464947
+            Virtual Size: '0x58'
+        .pdata:
+            Entropy: 3.045843351790575
+            Virtual Size: '0x54'
+        INIT:
+            Entropy: 4.468159720315432
+            Virtual Size: '0x218'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2011-09-06 06:24:50'
+    Imphash: 690a0fb27a0c47c785d6bbbfc2e56501
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: RTCore64.sys
+    MD5: 08c1bce6627764c9f8c79439555c5636
+    SHA1: 4d4535c111c7b568cb8a3bece27a97d738512a6b
+    SHA256: 1766fd66f846d9a21e648d649ad35d1ff94f8ca17a40a9a738444d6b8e07aacb
+    Authentihash:
+        MD5: cfe667280acf69d4b5d0e2dbc76510e4
+        SHA1: b3249bacda6e43aa2c46c2af802c9ee0b7e2fd7b
+        SHA256: 3c9829a16eb85272b0e1a2917feffaab8ddb23e633b168b389669339a0cee0b5
+    Description: ''
+    Company: ''
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    Product: ''
+    ProductVersion: ''
+    Copyright: ''
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - MmMapIoSpace
+    - __C_specific_handler
+    - ZwClose
+    - ZwUnmapViewOfSection
+    - MmUnmapIoSpace
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - RtlInitUnicodeString
+    - IoDeleteSymbolicLink
+    - IofCompleteRequest
+    - IoDeleteDevice
+    - HalSetBusDataByOffset
+    - HalTranslateBusAddress
+    - HalGetBusDataByOffset
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Timestamping CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2028-01-28 12:00:00'
+            Signature: 4e5e56901e46b4d94931f3bb1739281bc216ddfd41dc0905049b6fb2a29ad6992e40990055b5ea3fa52076d38634d417cc553ac782eeefa8babcd8069f1550dfcd167b523a02d7191afdaff0785ce04bc518df3a241edaacb8a95804020730dbb0125efe31bef00448f4f070f83a5e5683cf3dfb0dbcf4c5ed979db9d4dba52784e3389b8ba735864420a43b6da46a0ba183fd28ebdaef28f6cc885dfb0a3b00abe021ebe22f356c0f8e344597eba2f79933357ecb9a8abb454de73f9fc2d98afa65b26ec77e65ffe892e12c31a2f7b02736488f266f3bee4d761f79c3e57f9635bc2d0ecc01b08e7fff518080a792d4b34446648c874f166307314b63b0dff3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee152d7
+            Version: 3
+            TBS:
+                MD5: e140543fe3256027cfa79fc3c19c1776
+                SHA1: c655f94eb1ecc93de319fc0c9a2dc6c5ec063728
+                SHA256: 3ca71e85908ff67368e4dc00253f5691b9e6d50c966e7784143d75fb92aa3448
+                SHA384: d9d366f9328f2b55ee19a32cc5fd5148b81d764282fe5dc196c872ae249caa51d2c212ef39f33945dfe0cda81925e326
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=SG, O=GMO GlobalSign Pte Ltd, CN=GlobalSign TSA for MS Authenticode
+                , G2
+            ValidFrom: '2015-02-03 00:00:00'
+            ValidTo: '2026-03-03 00:00:00'
+            Signature: 8032dc078d1ca09c9d3c2ae83d218b59a14d7ecc44ce03be7eaabcc4e67b73bb4bf188da904e7537283863b9d72b0f54a956ce7739973073cd9bd9d905451c8da4b8035d4fd91c2e98e0e988e6ecd7057e562a7bf7165ba3ad8f972512841bb25c634a0ad2ef10544782843569289c0ce41f141624fa75dc74726e4ecae36a43afcf7d3648d1bde906912c2fa6c871fdcfbdd89d2198fcafdbde228cafa7f377ef9ddca3704b441af078851ef2a58c39b5dc881c37edad14f5070b26bdbe6d025eb1b8b0586c853a0df6ff5a270cc5de53e7543c564cc94e4c30f6f25cfb1a8cc282bead5991f61b4d557bcf5b01dcfd7ad36f235c32479b01f3c15114468a9b
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112106a081d33fd87ae5824cc16b52094e03
+            Version: 3
+            TBS:
+                MD5: a0ac4d48fe852f7b3ed4e623d59a825f
+                SHA1: d4db9846bc4d7db142eeb364286f6de7c102420c
+                SHA256: 78d2e41a13eb4e9171bae2d2adb192cf39210b5231f77cda936bcfbe8c003bdf
+                SHA384: 990ed96dca5979deeedc98a012279f04efb5559d7e7f5084a12f3802ee9439326557aecefd081cff739b78515b5d7f50
+        -   Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL
+                CO., LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL
+                CO., LTD.
+            ValidFrom: '2014-06-03 09:16:15'
+            ValidTo: '2017-09-03 09:16:15'
+            Signature: 8c35a5b5d3503f50119ab8f99b07a4bb4b71cafaf983206f744545c2997ae1762032fa2d37f4780cfe83bfa999d7bcbd863dc4a51ff39978160e2e191482ae6d7f08e8ffa337c96d8c2d38ddf476a497265a890c1bbf0dee89b1abd32343889a3757732d205ba06525fa8f6e15005405a53e55cef71ac0b6af3a640e4c8aef5e950ab8a8b5c8bcddb2ade96ad9473a3d860ae16fdbe3362cabfd916da089167d906d378dbf4534f7ffb77d87baba29f8f5bbbd9b4b7c127ac170a270dc7a7272d38fdf3bbadbfb448d47e5dd4d310a588666a0d66762e1b3704b1e00e39739190c02f4b981cf2d27ba07d2472ec320edf29e263f26278995d162102968c999b3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112158044863e4dc19cf29a85668b7f45842
+            Version: 3
+            TBS:
+                MD5: 403bb44a62aed1a94bd5df05b3292482
+                SHA1: e4a0353e75940ab1e8cbff2f433f186c7f0b0f09
+                SHA256: 5b81998ed98b343c04134c336e03f3051779eae0e9f882e8339593d18556375d
+                SHA384: db0076cad41a0ef4ea68754ef6905bd5ff772adcb745b05c0060344e43588abc95952dc3ad272f5a8f17b206e4089aca
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112158044863e4dc19cf29a85668b7f45842
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    RichPEHeaderHash:
+        MD5: ebe2ae976914018e88e9fc480e7b6269
+        SHA1: 960715bfbccb53b6c4eccca3b232b25640e15b52
+        SHA256: d755e9f3cb861f5227319238f1811265e332e36a922b9a25da38b122a791fdfa
+    Sections:
+        .text:
+            Entropy: 5.874422277751402
+            Virtual Size: '0x9b4'
+        .rdata:
+            Entropy: 3.0356607252090053
+            Virtual Size: '0x120'
+        .data:
+            Entropy: 2.4884950805464947
+            Virtual Size: '0x58'
+        .pdata:
+            Entropy: 2.979061917571089
+            Virtual Size: '0x54'
+        INIT:
+            Entropy: 4.523481595961036
+            Virtual Size: '0x258'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2015-04-24 01:01:47'
+    Imphash: cde9174249f04dad0f79890c976c0792
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: RTCore64.sys
+    MD5: 2d91d45cd09dfc3f8e89da1c261fd1ac
+    SHA1: 634b1e9d0aafac1ec4373291cefb52c121e8d265
+    SHA256: 18712a063574bfec315d58577dfe413ab45b650e54747d1e18a56c3c7337a12c
+    Authentihash:
+        MD5: a17d227444e090ff69e24fcb6d43162b
+        SHA1: 43d3a3c1f7b14cfcc051cae2534dbbbb4c7fc120
+        SHA256: b8eb26b6f79020ae988e4fb752dc06e1b6779749bf4f8df2872fc2b92bab8020
+    Description: ''
+    Company: ''
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    Product: ''
+    ProductVersion: ''
+    Copyright: ''
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - RtlInitUnicodeString
+    - ZwClose
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - IoDeleteSymbolicLink
+    - IofCompleteRequest
+    - MmIsAddressValid
+    - ZwUnmapViewOfSection
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - __C_specific_handler
+    - IoDeleteDevice
+    - HalTranslateBusAddress
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: OU=Timestamping CA, O=GlobalSign, CN=GlobalSign Timestamping
+                CA
+            ValidFrom: '2009-03-18 11:00:00'
+            ValidTo: '2028-01-28 12:00:00'
+            Signature: 5df6cb2b0d0140849f857a43706ae0c5e7aa0600d76713c9089131654f14a8a905dc389e6aa0300abd8dc78028ee4245ca94f3de5845a9803204f5595c6a70003927944df5b44634e81c5331b2b35416e9cc42abd5d959301cfb462725b88723b1e8758824831ec876377b01494548a4ede25dd27c9ca2dc2dba105a126265abae00c710343bcb72bd14240cdcc37627b4a7fee15829f20e169f91391d89a6e60f1c878ce258ac927e243eaaec14e73a33348bc63bac83ab0f14627aba1a2d4d4b1bc530f00b92797d3c78e0f8e6d215965999392b3061e8b8f8c0a1e9221411787dc4dc89bec0bb94e172aeebb540404fef171e585ed0a88996ac9228e9babf
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012019c19066
+            Version: 3
+            TBS:
+                MD5: 42023b9487cafe46c1b6a49c369a362e
+                SHA1: 7c7b524d269334b9f073c32e888e09544c6acd98
+                SHA256: b7126567833f3daa4085ff41e73112daad3d1e3808a942c1936520e2d6c46c78
+                SHA384: 0ee4f63d6f157ec4f6990c3ebb411ccd76cb1e2123c7f692459e43f96c0da2dbf60a2bce6afeacc60621d3055028baea
+        -   Subject: C=BE, O=GlobalSign NV, CN=GlobalSign Time Stamping Authority
+            ValidFrom: '2009-12-21 09:32:56'
+            ValidTo: '2020-12-22 09:32:56'
+            Signature: bc89ecfee63655935c79d4117a86808f17b693b26d9b91a1561811c655eaf608edad9b9ef52b81c8bbdd607b1b47991e6d403e1d80c213d58e04052fdbe7ae529e688472a1e54a603cf89bd52f46d8c3b2b79353ac9b6c432424d1f1fce9562e3411581843eaefff34746ca0c06c7fad031969881e9560cabbbd0cbb76efc724b081c63831cf36ad0c38b89020849b2e8f28b99ff6ca9427cdac396157e0e3955a9c769230f5dea6973d721c2a6032a8334d8635338a5cf3a4fdf7062ce16b4b30f5cbd34362f841b9de7d20cb058c8e2cf65f35fd338d42896508362ca389f45a858bb0b97bdb6ccba1f8d20e1bbb977cd12779be9d7c3be6a75634d8c991a9
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 01000000000125b0b4cc01
+            Version: 3
+            TBS:
+                MD5: e3369c8e5aec0504b3a50455f615d9f9
+                SHA1: 13c244a894b40ecd18aaf97c362f20385bd005a7
+                SHA256: 26da721a670c72836926032fee6920118bfb9bff89cc8d0ce30d9452c33f2532
+                SHA384: 1524902f0e25addc6d74039d439366d2b06199e215004fd8e145369f50ea94a021ce6312e8a62b35470da0309ccb975c
+        -   Subject: C=US, ST=California, L=Brea, O=EVGA, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=EVGA
+            ValidFrom: '2010-04-14 00:00:00'
+            ValidTo: '2012-04-15 23:59:59'
+            Signature: ba96817224593697c9135d803c5fc87767f2a7ed8fa0aa18eab4030a3daed18c55fb7eda8835d0488d18136c0db39d8edf3224790842cdf8580b35324631de717e9279d28d605285615341aeea10a73005d59cbe3138bebfa5003cbcf2971249423d820d6d252a18bf4dd124a1ac0c2f66015cbb23690e1b0fb9d5ce3f047663f1fb6735e54f09cfb6162da298bdc956490586cfdadee74a5766c187223e19112d22f59c7f3f325449afebc42689ec4c9399bd0d97397c37230804a4e5bc17e904008aa9c5972e2332302e57648006d057c9ed8c6384fb42d138971c86079b155c202733b837b3eef122c866ce3e6d8a8d9f1685e618cc2466d623d212b73df6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 79c32d7ddd2458cf2eabe5b1b5c5290f
+            Version: 3
+            TBS:
+                MD5: 5ba772ec00357ae706016510775c7a00
+                SHA1: eeb31b244ea14abae1e947ecdca0d6ae4720031b
+                SHA256: c8e707c2615c26ac78ed06b42dd20bc8ff82bc5e02ddafe2c9af85755097691b
+                SHA384: a1d6af64a5eb3841d632438119fc954354caf3ccea61b69003a7fc9da166a9c653dc0359be2ae2463bffb7b53b0911ac
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 79c32d7ddd2458cf2eabe5b1b5c5290f
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: deb9c1e252f598099d70d2b33a313da3
+        SHA1: f0c2801e0091ed6f5e10ea7045e911aa90030290
+        SHA256: 914fb9761d50c3fa2ecf9fbd8af3735f9b8d6c4903e067c8af9546e79b6f22c7
+    Sections:
+        .text:
+            Entropy: 5.7214393917162045
+            Virtual Size: '0xc74'
+        .rdata:
+            Entropy: 3.4063014058939425
+            Virtual Size: '0x130'
+        .data:
+            Entropy: 2.4884950805464947
+            Virtual Size: '0x58'
+        .pdata:
+            Entropy: 3.1879942043708462
+            Virtual Size: '0x60'
+        INIT:
+            Entropy: 4.4494366822955245
+            Virtual Size: '0x202'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2005-05-25 00:39:12'
+    Imphash: 543f80399f79401471523d335ea61642
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: RTCore64.sys
+    MD5: bcd60bf152fdec05cd40562b466be252
+    SHA1: 6ce0094a9aacdc050ff568935014607b8f23ff00
+    SHA256: 3c5d7069f85ec1d6f58147431f88c4d7c48df73baf94ffdefd664f2606baf09c
+    Authentihash:
+        MD5: 5860da7a094c5f2ff2787476c37b4b35
+        SHA1: da1bd3ad4a8fe1e28c1de28a7bf66ad82da0dd29
+        SHA256: 61a1f530a5d47339275657d7883911d64f64909569cf13d2e6868df01a2a72cb
+    Description: ''
+    Company: ''
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    Product: ''
+    ProductVersion: ''
+    Copyright: ''
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - MmUnmapIoSpace
+    - ZwUnmapViewOfSection
+    - MmMapIoSpace
+    - ZwClose
+    - IofCompleteRequest
+    - IoDeleteDevice
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - ZwOpenSection
+    - KeBugCheckEx
+    - RtlInitUnicodeString
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - IoDeleteSymbolicLink
+    - __C_specific_handler
+    - HalGetBusDataByOffset
+    - HalSetBusDataByOffset
+    - HalTranslateBusAddress
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Timestamping CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2028-01-28 12:00:00'
+            Signature: 4e5e56901e46b4d94931f3bb1739281bc216ddfd41dc0905049b6fb2a29ad6992e40990055b5ea3fa52076d38634d417cc553ac782eeefa8babcd8069f1550dfcd167b523a02d7191afdaff0785ce04bc518df3a241edaacb8a95804020730dbb0125efe31bef00448f4f070f83a5e5683cf3dfb0dbcf4c5ed979db9d4dba52784e3389b8ba735864420a43b6da46a0ba183fd28ebdaef28f6cc885dfb0a3b00abe021ebe22f356c0f8e344597eba2f79933357ecb9a8abb454de73f9fc2d98afa65b26ec77e65ffe892e12c31a2f7b02736488f266f3bee4d761f79c3e57f9635bc2d0ecc01b08e7fff518080a792d4b34446648c874f166307314b63b0dff3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee152d7
+            Version: 3
+            TBS:
+                MD5: e140543fe3256027cfa79fc3c19c1776
+                SHA1: c655f94eb1ecc93de319fc0c9a2dc6c5ec063728
+                SHA256: 3ca71e85908ff67368e4dc00253f5691b9e6d50c966e7784143d75fb92aa3448
+                SHA384: d9d366f9328f2b55ee19a32cc5fd5148b81d764282fe5dc196c872ae249caa51d2c212ef39f33945dfe0cda81925e326
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G3
+            ValidFrom: '2016-03-16 00:00:00'
+            ValidTo: '2024-03-16 00:00:00'
+            Signature: 3b41bbc84f561182b719e3d96dc185ae9e690ec84326234b8d44c8e87d5f070e5341d563444a890bb874ac7db578792f8426e2d7f7bad1ae2dfd69cffa7c64dc24162a4adac097a9bbd5dd88e7a1929a0aa5f6f7bace85d6e4e3d455deeddc3e211f1bc87788cffc65fb05b48f12a630d30d66982f6c2e6f85187c8ff5f6fbb1ab10e183270885b07321ba5d2cba8330b73984dd5db67fd28bb455534c42a2bc4a6c78395b631ca37827bfbe34836b6d7b1e60fbc29b0d88ac8c72546bdc3b88ba81525e689783b8ce7fa3cdf9ea2f2676facd0b06ac4344497bf64c9442b2abcfd542d51942696e618664c7b37d078bdbe5767b6e5f65a91690a2cee4ae6492
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47c30ffefc22bb280f96fea75251
+            Version: 3
+            TBS:
+                MD5: 729cf4baceff4ef7aa199ad4f4ebed3d
+                SHA1: f478f0e790d5c8ec6056a3ab2567404a991d2837
+                SHA256: c3c88c2a500cb5a97abca837193a5bd382f6eb3aeb0008edbce65ea2a3dbfd5c
+                SHA384: e62bbb1ba1ad3df59f2c7265df5576af6b5d4a7473b74985a9d956975fdfc517ffbdd2172b0e3ea36befcb6a9026c872
+        -   Subject: C=SG, O=GMO GlobalSign Pte Ltd, CN=GlobalSign TSA for MS Authenticode
+                , G2
+            ValidFrom: '2016-05-24 00:00:00'
+            ValidTo: '2027-06-24 00:00:00'
+            Signature: 8fa91a916d04a637200e8396de23d36b6e1f6edd643d682122b5f84736698ee1a545c724a222b72909cc545aaec6bccd638eb33d5048e5b4ccaecd928d9e288b134a11aabda3efd3b236fcb4a172bf6d9763798c44bc702f7ef3bcdd8253ab1af6ebfa1c97bcb6379ca41c30bcabbc2d4736df922003e871c658f675059a34f00b595a824434aa80e42f84f6475d96c9b6caca9db7a6bae450d3d437b8ba200ed0d3922a5bc459bba16ddb3cce449dc1382aade38dbdcd09771a10be670a02366488b9b31b26eee79e60c446a8bc61336ccf4eb99cb96af09f37feb53d4f9ad34dffde208e4e97a6fd9f09bc4dca1876c9b04d8550f280d21d06f5580407b118
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1121d699a764973ef1f8427ee919cc534114
+            Version: 3
+            TBS:
+                MD5: acb5170547d76873f1e4ff18ed5de2eb
+                SHA1: bd6e261e75b807381bada7287de04d259258a5fa
+                SHA256: 4783380498acf592286ef2dea0fcc5bdea3f54d5e374d3e3497df9d5f662cfb6
+                SHA384: 4f428f115cf3d008248f15f32007fc7c54bd454e1b48b765776b4c87c23ab8818d8fbcbb3646d35eca012b025260a3b8
+        -   Subject: C=TW, ST=New Taipei, L=New Taipei, O=MICRO,STAR INTERNATIONAL
+                CO., LTD., CN=MICRO,STAR INTERNATIONAL CO., LTD.
+            ValidFrom: '2019-10-21 14:23:20'
+            ValidTo: '2020-09-27 12:07:15'
+            Signature: 80eea00620eb4bfc1ad0ef7c9e79f1144fb3b03c826a99a76f7a6cab8262a09b0d976bf4d98c7a310ad80acbab76bbf5b068d5b1aaec1fcb55d5feef03a1f19a307788f4029b9bb26a12fe489d2f6b20b5b5bdeb3b8299143b3b30c1ca1736091fc6de585d63f8c095186e7cad6fecbba32d70e64b696458b8dd7f269e0ea199e7984bc3a49065314aba56cac457f0dff5cc71b2a1598306dfb31bb40fadaff604da5e7ee91581fe9868e524163eb47dce3dd54f6edb714a5a126d20e6d89b2567b6aceed6ef8f29938e95b22ee41d2a45229657e6c8bddbfd1d46320bd41d03b8b7b5da6763bbc0e82cdaea96ef23f81e221a3578e882ef3c38bfe790b92240
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 2636eab537f6156b78af523a
+            Version: 3
+            TBS:
+                MD5: afafe18984c1b75f71051a6d8d44a5c6
+                SHA1: 503d375c7f58060d3b98e297afb274339759d1d4
+                SHA256: 9c3b3e4058cde499217d75ce48382b5490fab6fdff14650f674a1776b87d251a
+                SHA384: 96cda05887310f4977443637fecc2d9bac5bb46fc0dd5eb37c84e4e0d87d4fbb05efd7d1901c1741a72328526f01012f
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2011-04-15 19:55:08'
+            ValidTo: '2021-04-15 20:05:08'
+            Signature: 5ff8d065746a81c6a6ca5b03b6914ae84bbdef2ba142f0efb4a5adcd3389ec0b9585ac62501108aa58d25aa08310e5a6337af25af2c5fe787cf09c83df190ad97396002dd62ccde914d41d9de83f3c1a76f7904efb01350a6c9313a0c356eb67a0e4d17a96dec267f190f80a7bf5321b94ec5f751f8d1b34da6c58a7cb2d279e2226b7c9aa30cc0777b836e38201b5393ccc8dd9a75f7f23b3877fdb5798918bd7ce2520e39d644fdd87f72b68490318e0a5df7c5f68644d36838d4781f2e9e0a869abfa7b163c05a449ea8830190a6c73055178dfd41ddd3ad47f2de44e54be83431e7a7433b4a4ebd77073bc2a02988966eef6bc8f749378e329025a5a43e258ce7ccf9acad236893be25fda26054ec8d4e72c910e1797c5beee8b13112323294ffa83d050f6bafad53db3173df4ff034aa325dce67561d1fa35086bd62744d068b78d45e0eb852cc8a15d614474160e5958aed2b5eea5bcd6d7076ab62978fd976767dd8d4f17944fd2ed0caf972437c3a29c81da6be143b6577b4cecbf791319e79fe844e94781b75e701e91f83dd17b27f50b7056434805dda92fab86101d0b12e31ad04c6e75ded645b30b748887935c564a41029af7aeb799d8b67f88fa11f2457cf4d71b91c01cf1a0fbd4080a411a142acef4eb34486e66879ed54b7a397fbb0e3d3861cf735706e412066bd96b5308cd7018c22d4f974691bca9f0
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 6129152700000000002a
+            Version: 3
+            TBS:
+                MD5: 0bb058d116f02817737920f112d9fd3b
+                SHA1: fd116235171a4feafedee586b7a59185fb5fd7e6
+                SHA256: f970426cc46d2ae0fc5f899fa19dbe76e05f07e525654c60c3c9399492c291f4
+                SHA384: c0df876be008c26ca407fe904e6f5e7ccded17f9c16830ce9f8022309c9e64c97f494810f152811ae43e223b82ad7cc6
+        Signer:
+        -   SerialNumber: 2636eab537f6156b78af523a
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G3
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 114620ca437e9d453fdb1cdadf006b4b
+        SHA1: 50d5e7370672795c29e712fd461a01d2dcb3c803
+        SHA256: 908eb09dd38a899c259af4ab14f4dbecbbbc55c2755b482bc2d58b3429cbeb38
+    Sections:
+        .text:
+            Entropy: 6.027085743974895
+            Virtual Size: '0xc7e'
+        .rdata:
+            Entropy: 4.12172979146796
+            Virtual Size: '0x188'
+        .data:
+            Entropy: 0.9253228016668384
+            Virtual Size: '0xd80'
+        .pdata:
+            Entropy: 3.1619674481420286
+            Virtual Size: '0x60'
+        INIT:
+            Entropy: 5.101996629515978
+            Virtual Size: '0x2f0'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2019-09-19 04:45:31'
+    Imphash: b0356152212dc6e33752847235064fb0
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: RTCore64.sys
+    MD5: 69ac6165912cb263a656497cc70155e6
+    SHA1: 722aa0fa468b63c5d7ea308d77230ae3169d5f83
+    SHA256: 3ff50c67d51553c08dcb7c98342f68a0f54ad6658c5346c428bdcd1f185569f6
+    Authentihash:
+        MD5: cfe667280acf69d4b5d0e2dbc76510e4
+        SHA1: b3249bacda6e43aa2c46c2af802c9ee0b7e2fd7b
+        SHA256: 3c9829a16eb85272b0e1a2917feffaab8ddb23e633b168b389669339a0cee0b5
+    Description: ''
+    Company: ''
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    Product: ''
+    ProductVersion: ''
+    Copyright: ''
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - MmMapIoSpace
+    - __C_specific_handler
+    - ZwClose
+    - ZwUnmapViewOfSection
+    - MmUnmapIoSpace
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - RtlInitUnicodeString
+    - IoDeleteSymbolicLink
+    - IofCompleteRequest
+    - IoDeleteDevice
+    - HalSetBusDataByOffset
+    - HalTranslateBusAddress
+    - HalGetBusDataByOffset
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Timestamping CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2028-01-28 12:00:00'
+            Signature: 4e5e56901e46b4d94931f3bb1739281bc216ddfd41dc0905049b6fb2a29ad6992e40990055b5ea3fa52076d38634d417cc553ac782eeefa8babcd8069f1550dfcd167b523a02d7191afdaff0785ce04bc518df3a241edaacb8a95804020730dbb0125efe31bef00448f4f070f83a5e5683cf3dfb0dbcf4c5ed979db9d4dba52784e3389b8ba735864420a43b6da46a0ba183fd28ebdaef28f6cc885dfb0a3b00abe021ebe22f356c0f8e344597eba2f79933357ecb9a8abb454de73f9fc2d98afa65b26ec77e65ffe892e12c31a2f7b02736488f266f3bee4d761f79c3e57f9635bc2d0ecc01b08e7fff518080a792d4b34446648c874f166307314b63b0dff3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee152d7
+            Version: 3
+            TBS:
+                MD5: e140543fe3256027cfa79fc3c19c1776
+                SHA1: c655f94eb1ecc93de319fc0c9a2dc6c5ec063728
+                SHA256: 3ca71e85908ff67368e4dc00253f5691b9e6d50c966e7784143d75fb92aa3448
+                SHA384: d9d366f9328f2b55ee19a32cc5fd5148b81d764282fe5dc196c872ae249caa51d2c212ef39f33945dfe0cda81925e326
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=SG, O=GMO GlobalSign Pte Ltd, CN=GlobalSign TSA for MS Authenticode
+                , G2
+            ValidFrom: '2015-02-03 00:00:00'
+            ValidTo: '2026-03-03 00:00:00'
+            Signature: 8032dc078d1ca09c9d3c2ae83d218b59a14d7ecc44ce03be7eaabcc4e67b73bb4bf188da904e7537283863b9d72b0f54a956ce7739973073cd9bd9d905451c8da4b8035d4fd91c2e98e0e988e6ecd7057e562a7bf7165ba3ad8f972512841bb25c634a0ad2ef10544782843569289c0ce41f141624fa75dc74726e4ecae36a43afcf7d3648d1bde906912c2fa6c871fdcfbdd89d2198fcafdbde228cafa7f377ef9ddca3704b441af078851ef2a58c39b5dc881c37edad14f5070b26bdbe6d025eb1b8b0586c853a0df6ff5a270cc5de53e7543c564cc94e4c30f6f25cfb1a8cc282bead5991f61b4d557bcf5b01dcfd7ad36f235c32479b01f3c15114468a9b
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112106a081d33fd87ae5824cc16b52094e03
+            Version: 3
+            TBS:
+                MD5: a0ac4d48fe852f7b3ed4e623d59a825f
+                SHA1: d4db9846bc4d7db142eeb364286f6de7c102420c
+                SHA256: 78d2e41a13eb4e9171bae2d2adb192cf39210b5231f77cda936bcfbe8c003bdf
+                SHA384: 990ed96dca5979deeedc98a012279f04efb5559d7e7f5084a12f3802ee9439326557aecefd081cff739b78515b5d7f50
+        -   Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL
+                CO., LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL
+                CO., LTD.
+            ValidFrom: '2014-06-03 09:16:15'
+            ValidTo: '2017-09-03 09:16:15'
+            Signature: 8c35a5b5d3503f50119ab8f99b07a4bb4b71cafaf983206f744545c2997ae1762032fa2d37f4780cfe83bfa999d7bcbd863dc4a51ff39978160e2e191482ae6d7f08e8ffa337c96d8c2d38ddf476a497265a890c1bbf0dee89b1abd32343889a3757732d205ba06525fa8f6e15005405a53e55cef71ac0b6af3a640e4c8aef5e950ab8a8b5c8bcddb2ade96ad9473a3d860ae16fdbe3362cabfd916da089167d906d378dbf4534f7ffb77d87baba29f8f5bbbd9b4b7c127ac170a270dc7a7272d38fdf3bbadbfb448d47e5dd4d310a588666a0d66762e1b3704b1e00e39739190c02f4b981cf2d27ba07d2472ec320edf29e263f26278995d162102968c999b3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112158044863e4dc19cf29a85668b7f45842
+            Version: 3
+            TBS:
+                MD5: 403bb44a62aed1a94bd5df05b3292482
+                SHA1: e4a0353e75940ab1e8cbff2f433f186c7f0b0f09
+                SHA256: 5b81998ed98b343c04134c336e03f3051779eae0e9f882e8339593d18556375d
+                SHA384: db0076cad41a0ef4ea68754ef6905bd5ff772adcb745b05c0060344e43588abc95952dc3ad272f5a8f17b206e4089aca
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112158044863e4dc19cf29a85668b7f45842
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    RichPEHeaderHash:
+        MD5: ebe2ae976914018e88e9fc480e7b6269
+        SHA1: 960715bfbccb53b6c4eccca3b232b25640e15b52
+        SHA256: d755e9f3cb861f5227319238f1811265e332e36a922b9a25da38b122a791fdfa
+    Sections:
+        .text:
+            Entropy: 5.874422277751402
+            Virtual Size: '0x9b4'
+        .rdata:
+            Entropy: 3.0356607252090053
+            Virtual Size: '0x120'
+        .data:
+            Entropy: 2.4884950805464947
+            Virtual Size: '0x58'
+        .pdata:
+            Entropy: 2.979061917571089
+            Virtual Size: '0x54'
+        INIT:
+            Entropy: 4.523481595961036
+            Virtual Size: '0x258'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2015-04-24 01:01:47'
+    Imphash: cde9174249f04dad0f79890c976c0792
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: RTCore64.sys
+    MD5: 4eb4069c230a5dc40cd5d60d2cb3e0d0
+    SHA1: cc3e5e45aca5b670035dfb008f0a88cecfd91cf7
+    SHA256: 40061b30b1243be76d5283cbc8abfe007e148097d4de7337670ff1536c4c7ba1
+    Authentihash:
+        MD5: bcd9f192e2f9321ed549c722f30206e5
+        SHA1: 8498265d4ca81b83ec1454d9ec013d7a9c0c87bf
+        SHA256: 606beced7746cdb684d3a44f41e48713c6bbe5bfb1486c52b5cca815e99d31b4
+    Description: ''
+    Company: ''
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    Product: ''
+    ProductVersion: ''
+    Copyright: ''
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - MmUnmapIoSpace
+    - ZwUnmapViewOfSection
+    - MmMapIoSpace
+    - ZwClose
+    - IoDeleteDevice
+    - ObReferenceObjectByHandle
+    - IoCreateSymbolicLink
+    - ZwOpenSection
+    - KeBugCheckEx
+    - RtlInitUnicodeString
+    - ZwMapViewOfSection
+    - IofCompleteRequest
+    - IoDeleteSymbolicLink
+    - MmGetSystemRoutineAddress
+    - IoCreateDevice
+    - ObOpenObjectByPointer
+    - ZwSetSecurityObject
+    - IoDeviceObjectType
+    - _snwprintf
+    - RtlLengthSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - ExFreePoolWithTag
+    - RtlCreateSecurityDescriptor
+    - RtlSetDaclSecurityDescriptor
+    - RtlAbsoluteToSelfRelativeSD
+    - IoIsWdmVersionAvailable
+    - SeExports
+    - wcschr
+    - _wcsnicmp
+    - ExAllocatePoolWithTag
+    - RtlLengthSid
+    - RtlAddAccessAllowedAce
+    - RtlGetSaclSecurityDescriptor
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - ZwOpenKey
+    - ZwCreateKey
+    - ZwQueryValueKey
+    - ZwSetValueKey
+    - RtlFreeUnicodeString
+    - __C_specific_handler
+    - HalGetBusDataByOffset
+    - HalSetBusDataByOffset
+    - HalTranslateBusAddress
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Timestamping CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2028-01-28 12:00:00'
+            Signature: 4e5e56901e46b4d94931f3bb1739281bc216ddfd41dc0905049b6fb2a29ad6992e40990055b5ea3fa52076d38634d417cc553ac782eeefa8babcd8069f1550dfcd167b523a02d7191afdaff0785ce04bc518df3a241edaacb8a95804020730dbb0125efe31bef00448f4f070f83a5e5683cf3dfb0dbcf4c5ed979db9d4dba52784e3389b8ba735864420a43b6da46a0ba183fd28ebdaef28f6cc885dfb0a3b00abe021ebe22f356c0f8e344597eba2f79933357ecb9a8abb454de73f9fc2d98afa65b26ec77e65ffe892e12c31a2f7b02736488f266f3bee4d761f79c3e57f9635bc2d0ecc01b08e7fff518080a792d4b34446648c874f166307314b63b0dff3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee152d7
+            Version: 3
+            TBS:
+                MD5: e140543fe3256027cfa79fc3c19c1776
+                SHA1: c655f94eb1ecc93de319fc0c9a2dc6c5ec063728
+                SHA256: 3ca71e85908ff67368e4dc00253f5691b9e6d50c966e7784143d75fb92aa3448
+                SHA384: d9d366f9328f2b55ee19a32cc5fd5148b81d764282fe5dc196c872ae249caa51d2c212ef39f33945dfe0cda81925e326
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G3
+            ValidFrom: '2016-03-16 00:00:00'
+            ValidTo: '2024-03-16 00:00:00'
+            Signature: 3b41bbc84f561182b719e3d96dc185ae9e690ec84326234b8d44c8e87d5f070e5341d563444a890bb874ac7db578792f8426e2d7f7bad1ae2dfd69cffa7c64dc24162a4adac097a9bbd5dd88e7a1929a0aa5f6f7bace85d6e4e3d455deeddc3e211f1bc87788cffc65fb05b48f12a630d30d66982f6c2e6f85187c8ff5f6fbb1ab10e183270885b07321ba5d2cba8330b73984dd5db67fd28bb455534c42a2bc4a6c78395b631ca37827bfbe34836b6d7b1e60fbc29b0d88ac8c72546bdc3b88ba81525e689783b8ce7fa3cdf9ea2f2676facd0b06ac4344497bf64c9442b2abcfd542d51942696e618664c7b37d078bdbe5767b6e5f65a91690a2cee4ae6492
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47c30ffefc22bb280f96fea75251
+            Version: 3
+            TBS:
+                MD5: 729cf4baceff4ef7aa199ad4f4ebed3d
+                SHA1: f478f0e790d5c8ec6056a3ab2567404a991d2837
+                SHA256: c3c88c2a500cb5a97abca837193a5bd382f6eb3aeb0008edbce65ea2a3dbfd5c
+                SHA384: e62bbb1ba1ad3df59f2c7265df5576af6b5d4a7473b74985a9d956975fdfc517ffbdd2172b0e3ea36befcb6a9026c872
+        -   Subject: C=SG, O=GMO GlobalSign Pte Ltd, CN=GlobalSign TSA for MS Authenticode
+                , G2
+            ValidFrom: '2016-05-24 00:00:00'
+            ValidTo: '2027-06-24 00:00:00'
+            Signature: 8fa91a916d04a637200e8396de23d36b6e1f6edd643d682122b5f84736698ee1a545c724a222b72909cc545aaec6bccd638eb33d5048e5b4ccaecd928d9e288b134a11aabda3efd3b236fcb4a172bf6d9763798c44bc702f7ef3bcdd8253ab1af6ebfa1c97bcb6379ca41c30bcabbc2d4736df922003e871c658f675059a34f00b595a824434aa80e42f84f6475d96c9b6caca9db7a6bae450d3d437b8ba200ed0d3922a5bc459bba16ddb3cce449dc1382aade38dbdcd09771a10be670a02366488b9b31b26eee79e60c446a8bc61336ccf4eb99cb96af09f37feb53d4f9ad34dffde208e4e97a6fd9f09bc4dca1876c9b04d8550f280d21d06f5580407b118
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1121d699a764973ef1f8427ee919cc534114
+            Version: 3
+            TBS:
+                MD5: acb5170547d76873f1e4ff18ed5de2eb
+                SHA1: bd6e261e75b807381bada7287de04d259258a5fa
+                SHA256: 4783380498acf592286ef2dea0fcc5bdea3f54d5e374d3e3497df9d5f662cfb6
+                SHA384: 4f428f115cf3d008248f15f32007fc7c54bd454e1b48b765776b4c87c23ab8818d8fbcbb3646d35eca012b025260a3b8
+        -   Subject: C=TW, ST=New Taipei, L=New Taipei, O=MICRO,STAR INTERNATIONAL
+                CO., LTD., CN=MICRO,STAR INTERNATIONAL CO., LTD.
+            ValidFrom: '2019-10-21 14:23:20'
+            ValidTo: '2020-09-27 12:07:15'
+            Signature: 80eea00620eb4bfc1ad0ef7c9e79f1144fb3b03c826a99a76f7a6cab8262a09b0d976bf4d98c7a310ad80acbab76bbf5b068d5b1aaec1fcb55d5feef03a1f19a307788f4029b9bb26a12fe489d2f6b20b5b5bdeb3b8299143b3b30c1ca1736091fc6de585d63f8c095186e7cad6fecbba32d70e64b696458b8dd7f269e0ea199e7984bc3a49065314aba56cac457f0dff5cc71b2a1598306dfb31bb40fadaff604da5e7ee91581fe9868e524163eb47dce3dd54f6edb714a5a126d20e6d89b2567b6aceed6ef8f29938e95b22ee41d2a45229657e6c8bddbfd1d46320bd41d03b8b7b5da6763bbc0e82cdaea96ef23f81e221a3578e882ef3c38bfe790b92240
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 2636eab537f6156b78af523a
+            Version: 3
+            TBS:
+                MD5: afafe18984c1b75f71051a6d8d44a5c6
+                SHA1: 503d375c7f58060d3b98e297afb274339759d1d4
+                SHA256: 9c3b3e4058cde499217d75ce48382b5490fab6fdff14650f674a1776b87d251a
+                SHA384: 96cda05887310f4977443637fecc2d9bac5bb46fc0dd5eb37c84e4e0d87d4fbb05efd7d1901c1741a72328526f01012f
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2011-04-15 19:55:08'
+            ValidTo: '2021-04-15 20:05:08'
+            Signature: 5ff8d065746a81c6a6ca5b03b6914ae84bbdef2ba142f0efb4a5adcd3389ec0b9585ac62501108aa58d25aa08310e5a6337af25af2c5fe787cf09c83df190ad97396002dd62ccde914d41d9de83f3c1a76f7904efb01350a6c9313a0c356eb67a0e4d17a96dec267f190f80a7bf5321b94ec5f751f8d1b34da6c58a7cb2d279e2226b7c9aa30cc0777b836e38201b5393ccc8dd9a75f7f23b3877fdb5798918bd7ce2520e39d644fdd87f72b68490318e0a5df7c5f68644d36838d4781f2e9e0a869abfa7b163c05a449ea8830190a6c73055178dfd41ddd3ad47f2de44e54be83431e7a7433b4a4ebd77073bc2a02988966eef6bc8f749378e329025a5a43e258ce7ccf9acad236893be25fda26054ec8d4e72c910e1797c5beee8b13112323294ffa83d050f6bafad53db3173df4ff034aa325dce67561d1fa35086bd62744d068b78d45e0eb852cc8a15d614474160e5958aed2b5eea5bcd6d7076ab62978fd976767dd8d4f17944fd2ed0caf972437c3a29c81da6be143b6577b4cecbf791319e79fe844e94781b75e701e91f83dd17b27f50b7056434805dda92fab86101d0b12e31ad04c6e75ded645b30b748887935c564a41029af7aeb799d8b67f88fa11f2457cf4d71b91c01cf1a0fbd4080a411a142acef4eb34486e66879ed54b7a397fbb0e3d3861cf735706e412066bd96b5308cd7018c22d4f974691bca9f0
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 6129152700000000002a
+            Version: 3
+            TBS:
+                MD5: 0bb058d116f02817737920f112d9fd3b
+                SHA1: fd116235171a4feafedee586b7a59185fb5fd7e6
+                SHA256: f970426cc46d2ae0fc5f899fa19dbe76e05f07e525654c60c3c9399492c291f4
+                SHA384: c0df876be008c26ca407fe904e6f5e7ccded17f9c16830ce9f8022309c9e64c97f494810f152811ae43e223b82ad7cc6
+        Signer:
+        -   SerialNumber: 2636eab537f6156b78af523a
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G3
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 70f300424f459e945ca5fbf9c94d69db
+        SHA1: 552917ba229bafc26ea412dde96e8f88df69a936
+        SHA256: 1f9a45c75fbda3dcbae918a5ded9c51ad9fbab9a1d5a60344d8735febd368b5d
+    Sections:
+        .text:
+            Entropy: 6.152825921491018
+            Virtual Size: '0x1238'
+        .rdata:
+            Entropy: 4.299997682941019
+            Virtual Size: '0x6d0'
+        .data:
+            Entropy: 1.452656690680622
+            Virtual Size: '0xf70'
+        .pdata:
+            Entropy: 4.07117693412078
+            Virtual Size: '0x210'
+        PAGE:
+            Entropy: 6.215171374164429
+            Virtual Size: '0x1a47'
+        INIT:
+            Entropy: 5.168930070566578
+            Virtual Size: '0x634'
+        .reloc:
+            Entropy: 1.2280731978955797
+            Virtual Size: '0x60'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2020-06-18 05:55:42'
+    Imphash: 37f7c6238c9ce110408e01ae1bc45635
+    LoadsDespiteHVCI: 'TRUE'
+-   Filename: RTCore64.sys
+    MD5: 680dcb5c39c1ec40ac3897bb3e9f27b9
+    SHA1: 431550db5c160b56e801f220ceeb515dc16e68d2
+    SHA256: 4b4c925c3b8285aeeab9b954e8b2a0773b4d2d0e18d07d4a9d268f4be90f6cae
+    Authentihash:
+        MD5: a17d227444e090ff69e24fcb6d43162b
+        SHA1: 43d3a3c1f7b14cfcc051cae2534dbbbb4c7fc120
+        SHA256: b8eb26b6f79020ae988e4fb752dc06e1b6779749bf4f8df2872fc2b92bab8020
+    Description: ''
+    Company: ''
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    Product: ''
+    ProductVersion: ''
+    Copyright: ''
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - RtlInitUnicodeString
+    - ZwClose
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - IoDeleteSymbolicLink
+    - IofCompleteRequest
+    - MmIsAddressValid
+    - ZwUnmapViewOfSection
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - __C_specific_handler
+    - IoDeleteDevice
+    - HalTranslateBusAddress
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: OU=Timestamping CA, O=GlobalSign, CN=GlobalSign Timestamping
+                CA
+            ValidFrom: '2009-03-18 11:00:00'
+            ValidTo: '2028-01-28 12:00:00'
+            Signature: 5df6cb2b0d0140849f857a43706ae0c5e7aa0600d76713c9089131654f14a8a905dc389e6aa0300abd8dc78028ee4245ca94f3de5845a9803204f5595c6a70003927944df5b44634e81c5331b2b35416e9cc42abd5d959301cfb462725b88723b1e8758824831ec876377b01494548a4ede25dd27c9ca2dc2dba105a126265abae00c710343bcb72bd14240cdcc37627b4a7fee15829f20e169f91391d89a6e60f1c878ce258ac927e243eaaec14e73a33348bc63bac83ab0f14627aba1a2d4d4b1bc530f00b92797d3c78e0f8e6d215965999392b3061e8b8f8c0a1e9221411787dc4dc89bec0bb94e172aeebb540404fef171e585ed0a88996ac9228e9babf
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012019c19066
+            Version: 3
+            TBS:
+                MD5: 42023b9487cafe46c1b6a49c369a362e
+                SHA1: 7c7b524d269334b9f073c32e888e09544c6acd98
+                SHA256: b7126567833f3daa4085ff41e73112daad3d1e3808a942c1936520e2d6c46c78
+                SHA384: 0ee4f63d6f157ec4f6990c3ebb411ccd76cb1e2123c7f692459e43f96c0da2dbf60a2bce6afeacc60621d3055028baea
+        -   Subject: C=BE, O=GlobalSign NV, CN=GlobalSign Time Stamping Authority
+            ValidFrom: '2009-12-21 09:32:56'
+            ValidTo: '2020-12-22 09:32:56'
+            Signature: bc89ecfee63655935c79d4117a86808f17b693b26d9b91a1561811c655eaf608edad9b9ef52b81c8bbdd607b1b47991e6d403e1d80c213d58e04052fdbe7ae529e688472a1e54a603cf89bd52f46d8c3b2b79353ac9b6c432424d1f1fce9562e3411581843eaefff34746ca0c06c7fad031969881e9560cabbbd0cbb76efc724b081c63831cf36ad0c38b89020849b2e8f28b99ff6ca9427cdac396157e0e3955a9c769230f5dea6973d721c2a6032a8334d8635338a5cf3a4fdf7062ce16b4b30f5cbd34362f841b9de7d20cb058c8e2cf65f35fd338d42896508362ca389f45a858bb0b97bdb6ccba1f8d20e1bbb977cd12779be9d7c3be6a75634d8c991a9
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 01000000000125b0b4cc01
+            Version: 3
+            TBS:
+                MD5: e3369c8e5aec0504b3a50455f615d9f9
+                SHA1: 13c244a894b40ecd18aaf97c362f20385bd005a7
+                SHA256: 26da721a670c72836926032fee6920118bfb9bff89cc8d0ce30d9452c33f2532
+                SHA384: 1524902f0e25addc6d74039d439366d2b06199e215004fd8e145369f50ea94a021ce6312e8a62b35470da0309ccb975c
+        -   Subject: C=US, ST=California, L=Brea, O=EVGA, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=EVGA
+            ValidFrom: '2010-04-14 00:00:00'
+            ValidTo: '2012-04-15 23:59:59'
+            Signature: ba96817224593697c9135d803c5fc87767f2a7ed8fa0aa18eab4030a3daed18c55fb7eda8835d0488d18136c0db39d8edf3224790842cdf8580b35324631de717e9279d28d605285615341aeea10a73005d59cbe3138bebfa5003cbcf2971249423d820d6d252a18bf4dd124a1ac0c2f66015cbb23690e1b0fb9d5ce3f047663f1fb6735e54f09cfb6162da298bdc956490586cfdadee74a5766c187223e19112d22f59c7f3f325449afebc42689ec4c9399bd0d97397c37230804a4e5bc17e904008aa9c5972e2332302e57648006d057c9ed8c6384fb42d138971c86079b155c202733b837b3eef122c866ce3e6d8a8d9f1685e618cc2466d623d212b73df6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 79c32d7ddd2458cf2eabe5b1b5c5290f
+            Version: 3
+            TBS:
+                MD5: 5ba772ec00357ae706016510775c7a00
+                SHA1: eeb31b244ea14abae1e947ecdca0d6ae4720031b
+                SHA256: c8e707c2615c26ac78ed06b42dd20bc8ff82bc5e02ddafe2c9af85755097691b
+                SHA384: a1d6af64a5eb3841d632438119fc954354caf3ccea61b69003a7fc9da166a9c653dc0359be2ae2463bffb7b53b0911ac
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 79c32d7ddd2458cf2eabe5b1b5c5290f
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: deb9c1e252f598099d70d2b33a313da3
+        SHA1: f0c2801e0091ed6f5e10ea7045e911aa90030290
+        SHA256: 914fb9761d50c3fa2ecf9fbd8af3735f9b8d6c4903e067c8af9546e79b6f22c7
+    Sections:
+        .text:
+            Entropy: 5.7214393917162045
+            Virtual Size: '0xc74'
+        .rdata:
+            Entropy: 3.4063014058939425
+            Virtual Size: '0x130'
+        .data:
+            Entropy: 2.4884950805464947
+            Virtual Size: '0x58'
+        .pdata:
+            Entropy: 3.1879942043708462
+            Virtual Size: '0x60'
+        INIT:
+            Entropy: 4.4494366822955245
+            Virtual Size: '0x202'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2005-05-25 00:39:12'
+    Imphash: 543f80399f79401471523d335ea61642
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: RTCore64.sys
+    MD5: f8fe655b7d63dbdc53b0983a0d143028
+    SHA1: d9c1913a6c76b883568910094dfa1d67aad80c84
+    SHA256: 53eaefba7e7dca9ab74e385abf18762f9f1aa51594e7f7db5ba612d6c787dd7e
+    Authentihash:
+        MD5: 55466195f0b2f4afc4243b43a806e6d9
+        SHA1: 38b353d8480885de5dcf299deca99ce4f26a1d20
+        SHA256: 5182caf10de9cec0740ecde5a081c21cdc100d7eb328ffe6f3f63183889fec6b
+    Description: ''
+    Company: ''
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    Product: ''
+    ProductVersion: ''
+    Copyright: ''
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - RtlInitUnicodeString
+    - ZwClose
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - MmMapIoSpace
+    - IoDeleteSymbolicLink
+    - IofCompleteRequest
+    - ZwUnmapViewOfSection
+    - MmUnmapIoSpace
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - __C_specific_handler
+    - IoDeleteDevice
+    - HalTranslateBusAddress
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: OU=Timestamping CA, O=GlobalSign, CN=GlobalSign Timestamping
+                CA
+            ValidFrom: '2009-03-18 11:00:00'
+            ValidTo: '2028-01-28 12:00:00'
+            Signature: 5df6cb2b0d0140849f857a43706ae0c5e7aa0600d76713c9089131654f14a8a905dc389e6aa0300abd8dc78028ee4245ca94f3de5845a9803204f5595c6a70003927944df5b44634e81c5331b2b35416e9cc42abd5d959301cfb462725b88723b1e8758824831ec876377b01494548a4ede25dd27c9ca2dc2dba105a126265abae00c710343bcb72bd14240cdcc37627b4a7fee15829f20e169f91391d89a6e60f1c878ce258ac927e243eaaec14e73a33348bc63bac83ab0f14627aba1a2d4d4b1bc530f00b92797d3c78e0f8e6d215965999392b3061e8b8f8c0a1e9221411787dc4dc89bec0bb94e172aeebb540404fef171e585ed0a88996ac9228e9babf
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012019c19066
+            Version: 3
+            TBS:
+                MD5: 42023b9487cafe46c1b6a49c369a362e
+                SHA1: 7c7b524d269334b9f073c32e888e09544c6acd98
+                SHA256: b7126567833f3daa4085ff41e73112daad3d1e3808a942c1936520e2d6c46c78
+                SHA384: 0ee4f63d6f157ec4f6990c3ebb411ccd76cb1e2123c7f692459e43f96c0da2dbf60a2bce6afeacc60621d3055028baea
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=BE, O=GlobalSign NV, CN=GlobalSign Time Stamping Authority
+            ValidFrom: '2009-12-21 09:32:56'
+            ValidTo: '2020-12-22 09:32:56'
+            Signature: bc89ecfee63655935c79d4117a86808f17b693b26d9b91a1561811c655eaf608edad9b9ef52b81c8bbdd607b1b47991e6d403e1d80c213d58e04052fdbe7ae529e688472a1e54a603cf89bd52f46d8c3b2b79353ac9b6c432424d1f1fce9562e3411581843eaefff34746ca0c06c7fad031969881e9560cabbbd0cbb76efc724b081c63831cf36ad0c38b89020849b2e8f28b99ff6ca9427cdac396157e0e3955a9c769230f5dea6973d721c2a6032a8334d8635338a5cf3a4fdf7062ce16b4b30f5cbd34362f841b9de7d20cb058c8e2cf65f35fd338d42896508362ca389f45a858bb0b97bdb6ccba1f8d20e1bbb977cd12779be9d7c3be6a75634d8c991a9
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 01000000000125b0b4cc01
+            Version: 3
+            TBS:
+                MD5: e3369c8e5aec0504b3a50455f615d9f9
+                SHA1: 13c244a894b40ecd18aaf97c362f20385bd005a7
+                SHA256: 26da721a670c72836926032fee6920118bfb9bff89cc8d0ce30d9452c33f2532
+                SHA384: 1524902f0e25addc6d74039d439366d2b06199e215004fd8e145369f50ea94a021ce6312e8a62b35470da0309ccb975c
+        -   Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL
+                CO., LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL
+                CO., LTD.
+            ValidFrom: '2011-08-30 06:46:09'
+            ValidTo: '2014-08-30 06:46:09'
+            Signature: 87bf57ab7ffd7e005076b34b14ddd924045ec7e389871661794f1ece1bef10e050893b28236cb650af1415f8cd95e86c2052d93311d73e0bbe6fb1c22ddea438a93c8b18bd4b8c0f81ad07032efb46d406bbaa730dd3ac92cbf0d9cc711a397a0e0320b213a5161e6be83ec69967a712b463129ea56d5a8ecd3ff8901be09dfaa0a0f10e879b307863e1b1c3a3149ac73bc3f3160db7012229b57bced6d47b875878663642a8cddd03da1e7f236b8cf16713a5e0f4c892aaca77a8c7dab41d84567e2bbf09b336a2824e0e18d54d199e6e024d2630bb210cd24a9ef4b377be0429e2ecc9bf8478a8c6a78c686e26f29c95925baee85e4bbb97b6eecffe44a25e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
+            Version: 3
+            TBS:
+                MD5: 3a98a18e8636f2a01e49e2a6d116c360
+                SHA1: a2938150e46525adcec2e3a2348824bc1cf532b2
+                SHA256: 01a2e2d31d0a4f3005753cce5972b5da2a7c08b0750fb6947e0fd231e64ae7ec
+                SHA384: 722398e51e6b5bbe064df372be6b6a9ccfcc9719ad775213cae46920e0a3e6c5a4dc8b912de3148abfc60ff4a59050ea
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 59080883b71fd56bbf10ec0ae4b6bdd4
+        SHA1: 503a36a225568553cc9b05f63b3506c6ff21e12e
+        SHA256: bc812d4ddc3ecfbf38c4d0d185e368fc58bac6e07f722db032bf6303daa7c946
+    Sections:
+        .text:
+            Entropy: 5.866767422382319
+            Virtual Size: '0x8b4'
+        .rdata:
+            Entropy: 3.095201756852517
+            Virtual Size: '0x110'
+        .data:
+            Entropy: 2.4884950805464947
+            Virtual Size: '0x58'
+        .pdata:
+            Entropy: 3.045843351790575
+            Virtual Size: '0x54'
+        INIT:
+            Entropy: 4.468159720315432
+            Virtual Size: '0x218'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2011-09-06 06:24:50'
+    Imphash: 690a0fb27a0c47c785d6bbbfc2e56501
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: RTCore64.sys
+    MD5: 880611326b768c4922e9da8a8effc582
+    SHA1: 96323381a98790b8ffac1654cb65e12dbbe6aff1
+    SHA256: 5f20541f859f21b3106e12d37182b1ea39bb75ffcfcddb2ece4f6edd42c0bab2
+    Authentihash:
+        MD5: cfe667280acf69d4b5d0e2dbc76510e4
+        SHA1: b3249bacda6e43aa2c46c2af802c9ee0b7e2fd7b
+        SHA256: 3c9829a16eb85272b0e1a2917feffaab8ddb23e633b168b389669339a0cee0b5
+    Description: ''
+    Company: ''
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    Product: ''
+    ProductVersion: ''
+    Copyright: ''
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - MmMapIoSpace
+    - __C_specific_handler
+    - ZwClose
+    - ZwUnmapViewOfSection
+    - MmUnmapIoSpace
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - RtlInitUnicodeString
+    - IoDeleteSymbolicLink
+    - IofCompleteRequest
+    - IoDeleteDevice
+    - HalSetBusDataByOffset
+    - HalTranslateBusAddress
+    - HalGetBusDataByOffset
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Timestamping CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2028-01-28 12:00:00'
+            Signature: 4e5e56901e46b4d94931f3bb1739281bc216ddfd41dc0905049b6fb2a29ad6992e40990055b5ea3fa52076d38634d417cc553ac782eeefa8babcd8069f1550dfcd167b523a02d7191afdaff0785ce04bc518df3a241edaacb8a95804020730dbb0125efe31bef00448f4f070f83a5e5683cf3dfb0dbcf4c5ed979db9d4dba52784e3389b8ba735864420a43b6da46a0ba183fd28ebdaef28f6cc885dfb0a3b00abe021ebe22f356c0f8e344597eba2f79933357ecb9a8abb454de73f9fc2d98afa65b26ec77e65ffe892e12c31a2f7b02736488f266f3bee4d761f79c3e57f9635bc2d0ecc01b08e7fff518080a792d4b34446648c874f166307314b63b0dff3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee152d7
+            Version: 3
+            TBS:
+                MD5: e140543fe3256027cfa79fc3c19c1776
+                SHA1: c655f94eb1ecc93de319fc0c9a2dc6c5ec063728
+                SHA256: 3ca71e85908ff67368e4dc00253f5691b9e6d50c966e7784143d75fb92aa3448
+                SHA384: d9d366f9328f2b55ee19a32cc5fd5148b81d764282fe5dc196c872ae249caa51d2c212ef39f33945dfe0cda81925e326
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=SG, O=GMO GlobalSign Pte Ltd, CN=GlobalSign TSA for MS Authenticode
+                , G2
+            ValidFrom: '2016-05-24 00:00:00'
+            ValidTo: '2027-06-24 00:00:00'
+            Signature: 8fa91a916d04a637200e8396de23d36b6e1f6edd643d682122b5f84736698ee1a545c724a222b72909cc545aaec6bccd638eb33d5048e5b4ccaecd928d9e288b134a11aabda3efd3b236fcb4a172bf6d9763798c44bc702f7ef3bcdd8253ab1af6ebfa1c97bcb6379ca41c30bcabbc2d4736df922003e871c658f675059a34f00b595a824434aa80e42f84f6475d96c9b6caca9db7a6bae450d3d437b8ba200ed0d3922a5bc459bba16ddb3cce449dc1382aade38dbdcd09771a10be670a02366488b9b31b26eee79e60c446a8bc61336ccf4eb99cb96af09f37feb53d4f9ad34dffde208e4e97a6fd9f09bc4dca1876c9b04d8550f280d21d06f5580407b118
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1121d699a764973ef1f8427ee919cc534114
+            Version: 3
+            TBS:
+                MD5: acb5170547d76873f1e4ff18ed5de2eb
+                SHA1: bd6e261e75b807381bada7287de04d259258a5fa
+                SHA256: 4783380498acf592286ef2dea0fcc5bdea3f54d5e374d3e3497df9d5f662cfb6
+                SHA384: 4f428f115cf3d008248f15f32007fc7c54bd454e1b48b765776b4c87c23ab8818d8fbcbb3646d35eca012b025260a3b8
+        -   Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL
+                CO., LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL
+                CO., LTD.
+            ValidFrom: '2014-06-03 09:16:15'
+            ValidTo: '2017-09-03 09:16:15'
+            Signature: 8c35a5b5d3503f50119ab8f99b07a4bb4b71cafaf983206f744545c2997ae1762032fa2d37f4780cfe83bfa999d7bcbd863dc4a51ff39978160e2e191482ae6d7f08e8ffa337c96d8c2d38ddf476a497265a890c1bbf0dee89b1abd32343889a3757732d205ba06525fa8f6e15005405a53e55cef71ac0b6af3a640e4c8aef5e950ab8a8b5c8bcddb2ade96ad9473a3d860ae16fdbe3362cabfd916da089167d906d378dbf4534f7ffb77d87baba29f8f5bbbd9b4b7c127ac170a270dc7a7272d38fdf3bbadbfb448d47e5dd4d310a588666a0d66762e1b3704b1e00e39739190c02f4b981cf2d27ba07d2472ec320edf29e263f26278995d162102968c999b3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112158044863e4dc19cf29a85668b7f45842
+            Version: 3
+            TBS:
+                MD5: 403bb44a62aed1a94bd5df05b3292482
+                SHA1: e4a0353e75940ab1e8cbff2f433f186c7f0b0f09
+                SHA256: 5b81998ed98b343c04134c336e03f3051779eae0e9f882e8339593d18556375d
+                SHA384: db0076cad41a0ef4ea68754ef6905bd5ff772adcb745b05c0060344e43588abc95952dc3ad272f5a8f17b206e4089aca
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112158044863e4dc19cf29a85668b7f45842
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    RichPEHeaderHash:
+        MD5: ebe2ae976914018e88e9fc480e7b6269
+        SHA1: 960715bfbccb53b6c4eccca3b232b25640e15b52
+        SHA256: d755e9f3cb861f5227319238f1811265e332e36a922b9a25da38b122a791fdfa
+    Sections:
+        .text:
+            Entropy: 5.874422277751402
+            Virtual Size: '0x9b4'
+        .rdata:
+            Entropy: 3.0356607252090053
+            Virtual Size: '0x120'
+        .data:
+            Entropy: 2.4884950805464947
+            Virtual Size: '0x58'
+        .pdata:
+            Entropy: 2.979061917571089
+            Virtual Size: '0x54'
+        INIT:
+            Entropy: 4.523481595961036
+            Virtual Size: '0x258'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2015-04-24 01:01:47'
+    Imphash: cde9174249f04dad0f79890c976c0792
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: RTCore64.sys
+    MD5: 515c75d77c64909690c18c08ef3fc310
+    SHA1: 7877bd7da617ec92a5c47f0da1f0abcf6484d905
+    SHA256: 5f7e47d728ac3301eb47b409801a0f4726a435f78f1ed02c30d2a926259c71f3
+    Authentihash:
+        MD5: 55466195f0b2f4afc4243b43a806e6d9
+        SHA1: 38b353d8480885de5dcf299deca99ce4f26a1d20
+        SHA256: 5182caf10de9cec0740ecde5a081c21cdc100d7eb328ffe6f3f63183889fec6b
+    Description: ''
+    Company: ''
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    Product: ''
+    ProductVersion: ''
+    Copyright: ''
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - RtlInitUnicodeString
+    - ZwClose
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - MmMapIoSpace
+    - IoDeleteSymbolicLink
+    - IofCompleteRequest
+    - ZwUnmapViewOfSection
+    - MmUnmapIoSpace
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - __C_specific_handler
+    - IoDeleteDevice
+    - HalTranslateBusAddress
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: OU=Timestamping CA, O=GlobalSign, CN=GlobalSign Timestamping
+                CA
+            ValidFrom: '2009-03-18 11:00:00'
+            ValidTo: '2028-01-28 12:00:00'
+            Signature: 5df6cb2b0d0140849f857a43706ae0c5e7aa0600d76713c9089131654f14a8a905dc389e6aa0300abd8dc78028ee4245ca94f3de5845a9803204f5595c6a70003927944df5b44634e81c5331b2b35416e9cc42abd5d959301cfb462725b88723b1e8758824831ec876377b01494548a4ede25dd27c9ca2dc2dba105a126265abae00c710343bcb72bd14240cdcc37627b4a7fee15829f20e169f91391d89a6e60f1c878ce258ac927e243eaaec14e73a33348bc63bac83ab0f14627aba1a2d4d4b1bc530f00b92797d3c78e0f8e6d215965999392b3061e8b8f8c0a1e9221411787dc4dc89bec0bb94e172aeebb540404fef171e585ed0a88996ac9228e9babf
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012019c19066
+            Version: 3
+            TBS:
+                MD5: 42023b9487cafe46c1b6a49c369a362e
+                SHA1: 7c7b524d269334b9f073c32e888e09544c6acd98
+                SHA256: b7126567833f3daa4085ff41e73112daad3d1e3808a942c1936520e2d6c46c78
+                SHA384: 0ee4f63d6f157ec4f6990c3ebb411ccd76cb1e2123c7f692459e43f96c0da2dbf60a2bce6afeacc60621d3055028baea
+        -   Subject: C=BE, O=GlobalSign NV, CN=GlobalSign Time Stamping Authority
+            ValidFrom: '2009-12-21 09:32:56'
+            ValidTo: '2020-12-22 09:32:56'
+            Signature: bc89ecfee63655935c79d4117a86808f17b693b26d9b91a1561811c655eaf608edad9b9ef52b81c8bbdd607b1b47991e6d403e1d80c213d58e04052fdbe7ae529e688472a1e54a603cf89bd52f46d8c3b2b79353ac9b6c432424d1f1fce9562e3411581843eaefff34746ca0c06c7fad031969881e9560cabbbd0cbb76efc724b081c63831cf36ad0c38b89020849b2e8f28b99ff6ca9427cdac396157e0e3955a9c769230f5dea6973d721c2a6032a8334d8635338a5cf3a4fdf7062ce16b4b30f5cbd34362f841b9de7d20cb058c8e2cf65f35fd338d42896508362ca389f45a858bb0b97bdb6ccba1f8d20e1bbb977cd12779be9d7c3be6a75634d8c991a9
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 01000000000125b0b4cc01
+            Version: 3
+            TBS:
+                MD5: e3369c8e5aec0504b3a50455f615d9f9
+                SHA1: 13c244a894b40ecd18aaf97c362f20385bd005a7
+                SHA256: 26da721a670c72836926032fee6920118bfb9bff89cc8d0ce30d9452c33f2532
+                SHA384: 1524902f0e25addc6d74039d439366d2b06199e215004fd8e145369f50ea94a021ce6312e8a62b35470da0309ccb975c
+        -   Subject: C=US, ST=California, L=Brea, O=EVGA, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=EVGA
+            ValidFrom: '2010-04-14 00:00:00'
+            ValidTo: '2012-04-15 23:59:59'
+            Signature: ba96817224593697c9135d803c5fc87767f2a7ed8fa0aa18eab4030a3daed18c55fb7eda8835d0488d18136c0db39d8edf3224790842cdf8580b35324631de717e9279d28d605285615341aeea10a73005d59cbe3138bebfa5003cbcf2971249423d820d6d252a18bf4dd124a1ac0c2f66015cbb23690e1b0fb9d5ce3f047663f1fb6735e54f09cfb6162da298bdc956490586cfdadee74a5766c187223e19112d22f59c7f3f325449afebc42689ec4c9399bd0d97397c37230804a4e5bc17e904008aa9c5972e2332302e57648006d057c9ed8c6384fb42d138971c86079b155c202733b837b3eef122c866ce3e6d8a8d9f1685e618cc2466d623d212b73df6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 79c32d7ddd2458cf2eabe5b1b5c5290f
+            Version: 3
+            TBS:
+                MD5: 5ba772ec00357ae706016510775c7a00
+                SHA1: eeb31b244ea14abae1e947ecdca0d6ae4720031b
+                SHA256: c8e707c2615c26ac78ed06b42dd20bc8ff82bc5e02ddafe2c9af85755097691b
+                SHA384: a1d6af64a5eb3841d632438119fc954354caf3ccea61b69003a7fc9da166a9c653dc0359be2ae2463bffb7b53b0911ac
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 79c32d7ddd2458cf2eabe5b1b5c5290f
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 59080883b71fd56bbf10ec0ae4b6bdd4
+        SHA1: 503a36a225568553cc9b05f63b3506c6ff21e12e
+        SHA256: bc812d4ddc3ecfbf38c4d0d185e368fc58bac6e07f722db032bf6303daa7c946
+    Sections:
+        .text:
+            Entropy: 5.866767422382319
+            Virtual Size: '0x8b4'
+        .rdata:
+            Entropy: 3.095201756852517
+            Virtual Size: '0x110'
+        .data:
+            Entropy: 2.4884950805464947
+            Virtual Size: '0x58'
+        .pdata:
+            Entropy: 3.045843351790575
+            Virtual Size: '0x54'
+        INIT:
+            Entropy: 4.468159720315432
+            Virtual Size: '0x218'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2011-09-06 06:24:50'
+    Imphash: 690a0fb27a0c47c785d6bbbfc2e56501
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: RTCore64.sys
+    MD5: 6fa271b6816affaef640808fc51ac8af
+    SHA1: 5291b17205accf847433388fe17553e96ad434ec
+    SHA256: 696679114f6a106ec94c21e2a33fe17af86368bcf9a796aaea37ea6e8748ad6a
+    Authentihash:
+        MD5: 55466195f0b2f4afc4243b43a806e6d9
+        SHA1: 38b353d8480885de5dcf299deca99ce4f26a1d20
+        SHA256: 5182caf10de9cec0740ecde5a081c21cdc100d7eb328ffe6f3f63183889fec6b
+    Description: ''
+    Company: ''
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    Product: ''
+    ProductVersion: ''
+    Copyright: ''
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - RtlInitUnicodeString
+    - ZwClose
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - MmMapIoSpace
+    - IoDeleteSymbolicLink
+    - IofCompleteRequest
+    - ZwUnmapViewOfSection
+    - MmUnmapIoSpace
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - __C_specific_handler
+    - IoDeleteDevice
+    - HalTranslateBusAddress
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: OU=Timestamping CA, O=GlobalSign, CN=GlobalSign Timestamping
+                CA
+            ValidFrom: '2009-03-18 11:00:00'
+            ValidTo: '2028-01-28 12:00:00'
+            Signature: 5df6cb2b0d0140849f857a43706ae0c5e7aa0600d76713c9089131654f14a8a905dc389e6aa0300abd8dc78028ee4245ca94f3de5845a9803204f5595c6a70003927944df5b44634e81c5331b2b35416e9cc42abd5d959301cfb462725b88723b1e8758824831ec876377b01494548a4ede25dd27c9ca2dc2dba105a126265abae00c710343bcb72bd14240cdcc37627b4a7fee15829f20e169f91391d89a6e60f1c878ce258ac927e243eaaec14e73a33348bc63bac83ab0f14627aba1a2d4d4b1bc530f00b92797d3c78e0f8e6d215965999392b3061e8b8f8c0a1e9221411787dc4dc89bec0bb94e172aeebb540404fef171e585ed0a88996ac9228e9babf
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012019c19066
+            Version: 3
+            TBS:
+                MD5: 42023b9487cafe46c1b6a49c369a362e
+                SHA1: 7c7b524d269334b9f073c32e888e09544c6acd98
+                SHA256: b7126567833f3daa4085ff41e73112daad3d1e3808a942c1936520e2d6c46c78
+                SHA384: 0ee4f63d6f157ec4f6990c3ebb411ccd76cb1e2123c7f692459e43f96c0da2dbf60a2bce6afeacc60621d3055028baea
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=BE, O=GlobalSign NV, CN=GlobalSign Time Stamping Authority
+            ValidFrom: '2009-12-21 09:32:56'
+            ValidTo: '2020-12-22 09:32:56'
+            Signature: bc89ecfee63655935c79d4117a86808f17b693b26d9b91a1561811c655eaf608edad9b9ef52b81c8bbdd607b1b47991e6d403e1d80c213d58e04052fdbe7ae529e688472a1e54a603cf89bd52f46d8c3b2b79353ac9b6c432424d1f1fce9562e3411581843eaefff34746ca0c06c7fad031969881e9560cabbbd0cbb76efc724b081c63831cf36ad0c38b89020849b2e8f28b99ff6ca9427cdac396157e0e3955a9c769230f5dea6973d721c2a6032a8334d8635338a5cf3a4fdf7062ce16b4b30f5cbd34362f841b9de7d20cb058c8e2cf65f35fd338d42896508362ca389f45a858bb0b97bdb6ccba1f8d20e1bbb977cd12779be9d7c3be6a75634d8c991a9
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 01000000000125b0b4cc01
+            Version: 3
+            TBS:
+                MD5: e3369c8e5aec0504b3a50455f615d9f9
+                SHA1: 13c244a894b40ecd18aaf97c362f20385bd005a7
+                SHA256: 26da721a670c72836926032fee6920118bfb9bff89cc8d0ce30d9452c33f2532
+                SHA384: 1524902f0e25addc6d74039d439366d2b06199e215004fd8e145369f50ea94a021ce6312e8a62b35470da0309ccb975c
+        -   Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL
+                CO., LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL
+                CO., LTD.
+            ValidFrom: '2011-08-30 06:46:09'
+            ValidTo: '2014-08-30 06:46:09'
+            Signature: 87bf57ab7ffd7e005076b34b14ddd924045ec7e389871661794f1ece1bef10e050893b28236cb650af1415f8cd95e86c2052d93311d73e0bbe6fb1c22ddea438a93c8b18bd4b8c0f81ad07032efb46d406bbaa730dd3ac92cbf0d9cc711a397a0e0320b213a5161e6be83ec69967a712b463129ea56d5a8ecd3ff8901be09dfaa0a0f10e879b307863e1b1c3a3149ac73bc3f3160db7012229b57bced6d47b875878663642a8cddd03da1e7f236b8cf16713a5e0f4c892aaca77a8c7dab41d84567e2bbf09b336a2824e0e18d54d199e6e024d2630bb210cd24a9ef4b377be0429e2ecc9bf8478a8c6a78c686e26f29c95925baee85e4bbb97b6eecffe44a25e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
+            Version: 3
+            TBS:
+                MD5: 3a98a18e8636f2a01e49e2a6d116c360
+                SHA1: a2938150e46525adcec2e3a2348824bc1cf532b2
+                SHA256: 01a2e2d31d0a4f3005753cce5972b5da2a7c08b0750fb6947e0fd231e64ae7ec
+                SHA384: 722398e51e6b5bbe064df372be6b6a9ccfcc9719ad775213cae46920e0a3e6c5a4dc8b912de3148abfc60ff4a59050ea
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 59080883b71fd56bbf10ec0ae4b6bdd4
+        SHA1: 503a36a225568553cc9b05f63b3506c6ff21e12e
+        SHA256: bc812d4ddc3ecfbf38c4d0d185e368fc58bac6e07f722db032bf6303daa7c946
+    Sections:
+        .text:
+            Entropy: 5.866767422382319
+            Virtual Size: '0x8b4'
+        .rdata:
+            Entropy: 3.095201756852517
+            Virtual Size: '0x110'
+        .data:
+            Entropy: 2.4884950805464947
+            Virtual Size: '0x58'
+        .pdata:
+            Entropy: 3.045843351790575
+            Virtual Size: '0x54'
+        INIT:
+            Entropy: 4.468159720315432
+            Virtual Size: '0x218'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2011-09-06 06:24:50'
+    Imphash: 690a0fb27a0c47c785d6bbbfc2e56501
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: RTCore64.sys
+    MD5: d63c9c1a427a134461258b7b8742858f
+    SHA1: ef0504dd90eb451f51d2c4f987fb7833c91c755b
+    SHA256: 6cb6e23ba516570bbd158c32f7c7c99f19b24ca4437340ecb39253662afe4293
+    Authentihash:
+        MD5: 55466195f0b2f4afc4243b43a806e6d9
+        SHA1: 38b353d8480885de5dcf299deca99ce4f26a1d20
+        SHA256: 5182caf10de9cec0740ecde5a081c21cdc100d7eb328ffe6f3f63183889fec6b
+    Description: ''
+    Company: ''
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    Product: ''
+    ProductVersion: ''
+    Copyright: ''
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - RtlInitUnicodeString
+    - ZwClose
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - MmMapIoSpace
+    - IoDeleteSymbolicLink
+    - IofCompleteRequest
+    - ZwUnmapViewOfSection
+    - MmUnmapIoSpace
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - __C_specific_handler
+    - IoDeleteDevice
+    - HalTranslateBusAddress
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: OU=Timestamping CA, O=GlobalSign, CN=GlobalSign Timestamping
+                CA
+            ValidFrom: '2009-03-18 11:00:00'
+            ValidTo: '2028-01-28 12:00:00'
+            Signature: 5df6cb2b0d0140849f857a43706ae0c5e7aa0600d76713c9089131654f14a8a905dc389e6aa0300abd8dc78028ee4245ca94f3de5845a9803204f5595c6a70003927944df5b44634e81c5331b2b35416e9cc42abd5d959301cfb462725b88723b1e8758824831ec876377b01494548a4ede25dd27c9ca2dc2dba105a126265abae00c710343bcb72bd14240cdcc37627b4a7fee15829f20e169f91391d89a6e60f1c878ce258ac927e243eaaec14e73a33348bc63bac83ab0f14627aba1a2d4d4b1bc530f00b92797d3c78e0f8e6d215965999392b3061e8b8f8c0a1e9221411787dc4dc89bec0bb94e172aeebb540404fef171e585ed0a88996ac9228e9babf
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012019c19066
+            Version: 3
+            TBS:
+                MD5: 42023b9487cafe46c1b6a49c369a362e
+                SHA1: 7c7b524d269334b9f073c32e888e09544c6acd98
+                SHA256: b7126567833f3daa4085ff41e73112daad3d1e3808a942c1936520e2d6c46c78
+                SHA384: 0ee4f63d6f157ec4f6990c3ebb411ccd76cb1e2123c7f692459e43f96c0da2dbf60a2bce6afeacc60621d3055028baea
+        -   Subject: C=BE, O=GlobalSign NV, CN=GlobalSign Time Stamping Authority
+            ValidFrom: '2009-12-21 09:32:56'
+            ValidTo: '2020-12-22 09:32:56'
+            Signature: bc89ecfee63655935c79d4117a86808f17b693b26d9b91a1561811c655eaf608edad9b9ef52b81c8bbdd607b1b47991e6d403e1d80c213d58e04052fdbe7ae529e688472a1e54a603cf89bd52f46d8c3b2b79353ac9b6c432424d1f1fce9562e3411581843eaefff34746ca0c06c7fad031969881e9560cabbbd0cbb76efc724b081c63831cf36ad0c38b89020849b2e8f28b99ff6ca9427cdac396157e0e3955a9c769230f5dea6973d721c2a6032a8334d8635338a5cf3a4fdf7062ce16b4b30f5cbd34362f841b9de7d20cb058c8e2cf65f35fd338d42896508362ca389f45a858bb0b97bdb6ccba1f8d20e1bbb977cd12779be9d7c3be6a75634d8c991a9
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 01000000000125b0b4cc01
+            Version: 3
+            TBS:
+                MD5: e3369c8e5aec0504b3a50455f615d9f9
+                SHA1: 13c244a894b40ecd18aaf97c362f20385bd005a7
+                SHA256: 26da721a670c72836926032fee6920118bfb9bff89cc8d0ce30d9452c33f2532
+                SHA384: 1524902f0e25addc6d74039d439366d2b06199e215004fd8e145369f50ea94a021ce6312e8a62b35470da0309ccb975c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=US, ST=California, L=Brea, O=EVGA, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=EVGA
+            ValidFrom: '2012-02-29 00:00:00'
+            ValidTo: '2014-04-15 23:59:59'
+            Signature: d77d9dbdeea6d42d15335f0b16117963e49d39b89af081160a467824968e611f0947648a83375d1380acca6cbe1117f488b428bcab943b20dad29e72dd48e7d01b080b12c444727bba415a098799abd5e5673dd7eda91787920c3cc53aac068e0a3d1faef713c14f7ec6f68f69a33340b70e81083db2ce1daf45592063235d05232a1d3d8052fc3f102b2b71e1c46275eff3d4a2dc5ee0d5d727d180da205055a3709a32ad6bd11317b1f109e7c5eca18c8293c937ba6f76278bc306c10f0f1bc865cedcf2c2331e7a7f5c0bcfab91786b8ff848d8ef9c59937ddb94f6369884162148f882e7d0c4343538ad23aeb6ab3db0f6d125a8e2fe3889e40ed66bc66a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 26d7f5563eb3e42a81f7c715fcd2799d
+            Version: 3
+            TBS:
+                MD5: e994671d8d440b7739cdd9775bbca72f
+                SHA1: ea9446b39b968aa6953e1bf74a36435759b3d2e3
+                SHA256: 37a9886a67c19d644c74505801f947d3b2756a5540cbd89a0c8d500511cb838d
+                SHA384: 41d34e73f1b002f885c80004e3c366299392258ce5ba880150875ed8811ebc9913dc34cdf7c9800a8303dd512207787c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 26d7f5563eb3e42a81f7c715fcd2799d
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 59080883b71fd56bbf10ec0ae4b6bdd4
+        SHA1: 503a36a225568553cc9b05f63b3506c6ff21e12e
+        SHA256: bc812d4ddc3ecfbf38c4d0d185e368fc58bac6e07f722db032bf6303daa7c946
+    Sections:
+        .text:
+            Entropy: 5.866767422382319
+            Virtual Size: '0x8b4'
+        .rdata:
+            Entropy: 3.095201756852517
+            Virtual Size: '0x110'
+        .data:
+            Entropy: 2.4884950805464947
+            Virtual Size: '0x58'
+        .pdata:
+            Entropy: 3.045843351790575
+            Virtual Size: '0x54'
+        INIT:
+            Entropy: 4.468159720315432
+            Virtual Size: '0x218'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2011-09-06 06:24:50'
+    Imphash: 690a0fb27a0c47c785d6bbbfc2e56501
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: RTCore64.sys
+    MD5: 3a7c69293fcd5688cc398691093ec06a
+    SHA1: aadebbcbde0e7edd35e29d98871289a75e744aad
+    SHA256: 7da6113183328d4fddf6937c0c85ef65ba69bfe133b1146193a25bcf6ae1f9dd
+    Authentihash:
+        MD5: a17d227444e090ff69e24fcb6d43162b
+        SHA1: 43d3a3c1f7b14cfcc051cae2534dbbbb4c7fc120
+        SHA256: b8eb26b6f79020ae988e4fb752dc06e1b6779749bf4f8df2872fc2b92bab8020
+    Description: ''
+    Company: ''
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    Product: ''
+    ProductVersion: ''
+    Copyright: ''
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - RtlInitUnicodeString
+    - ZwClose
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - IoDeleteSymbolicLink
+    - IofCompleteRequest
+    - MmIsAddressValid
+    - ZwUnmapViewOfSection
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - __C_specific_handler
+    - IoDeleteDevice
+    - HalTranslateBusAddress
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: OU=Timestamping CA, O=GlobalSign, CN=GlobalSign Timestamping
+                CA
+            ValidFrom: '2009-03-18 11:00:00'
+            ValidTo: '2028-01-28 12:00:00'
+            Signature: 5df6cb2b0d0140849f857a43706ae0c5e7aa0600d76713c9089131654f14a8a905dc389e6aa0300abd8dc78028ee4245ca94f3de5845a9803204f5595c6a70003927944df5b44634e81c5331b2b35416e9cc42abd5d959301cfb462725b88723b1e8758824831ec876377b01494548a4ede25dd27c9ca2dc2dba105a126265abae00c710343bcb72bd14240cdcc37627b4a7fee15829f20e169f91391d89a6e60f1c878ce258ac927e243eaaec14e73a33348bc63bac83ab0f14627aba1a2d4d4b1bc530f00b92797d3c78e0f8e6d215965999392b3061e8b8f8c0a1e9221411787dc4dc89bec0bb94e172aeebb540404fef171e585ed0a88996ac9228e9babf
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012019c19066
+            Version: 3
+            TBS:
+                MD5: 42023b9487cafe46c1b6a49c369a362e
+                SHA1: 7c7b524d269334b9f073c32e888e09544c6acd98
+                SHA256: b7126567833f3daa4085ff41e73112daad3d1e3808a942c1936520e2d6c46c78
+                SHA384: 0ee4f63d6f157ec4f6990c3ebb411ccd76cb1e2123c7f692459e43f96c0da2dbf60a2bce6afeacc60621d3055028baea
+        -   Subject: C=BE, O=GlobalSign NV, CN=GlobalSign Time Stamping Authority
+            ValidFrom: '2009-12-21 09:32:56'
+            ValidTo: '2020-12-22 09:32:56'
+            Signature: bc89ecfee63655935c79d4117a86808f17b693b26d9b91a1561811c655eaf608edad9b9ef52b81c8bbdd607b1b47991e6d403e1d80c213d58e04052fdbe7ae529e688472a1e54a603cf89bd52f46d8c3b2b79353ac9b6c432424d1f1fce9562e3411581843eaefff34746ca0c06c7fad031969881e9560cabbbd0cbb76efc724b081c63831cf36ad0c38b89020849b2e8f28b99ff6ca9427cdac396157e0e3955a9c769230f5dea6973d721c2a6032a8334d8635338a5cf3a4fdf7062ce16b4b30f5cbd34362f841b9de7d20cb058c8e2cf65f35fd338d42896508362ca389f45a858bb0b97bdb6ccba1f8d20e1bbb977cd12779be9d7c3be6a75634d8c991a9
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 01000000000125b0b4cc01
+            Version: 3
+            TBS:
+                MD5: e3369c8e5aec0504b3a50455f615d9f9
+                SHA1: 13c244a894b40ecd18aaf97c362f20385bd005a7
+                SHA256: 26da721a670c72836926032fee6920118bfb9bff89cc8d0ce30d9452c33f2532
+                SHA384: 1524902f0e25addc6d74039d439366d2b06199e215004fd8e145369f50ea94a021ce6312e8a62b35470da0309ccb975c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=US, ST=California, L=Brea, O=EVGA, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=EVGA
+            ValidFrom: '2008-04-16 00:00:00'
+            ValidTo: '2010-04-16 23:59:59'
+            Signature: 13a3b8caa6bd8d63308898b0c92b79574e5d122a3ecba9758ec450b7c8c848ee5bc486db6370a8dfeb4c96c2c25512f7a3e759cc57a4d92f1a44fba15ca0c1156d22c49251b4e6a01bb93e4a62522ee5af4286c759c01c66fa5ce4452a4f112d03560bfa9737a3d0f3008b3cc48f2042b4428643f1efb4b99a34d0545c9934f1a6f35819e469430b74ba475a2135660948131cf24c9b1fb84580a1fd63eb3218d282e4f7caf77f4adbecb51e4b8237937eda0b7fcc20fc2273bf38282ee69ae6730b21c5314bcdc3f2e3a1e6f6c3ccb2139800f69d3f2fadc235080214f1c9b11e6a8f2165a45e15cca3c3542c2bac7225208a84828456d2e93cfe8315b092a1
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 546ea040bf5075ce0a5c01d4c6ded19d
+            Version: 3
+            TBS:
+                MD5: 8f51b4e16b87e1cc89b9d0c997227546
+                SHA1: 8f3cdd2b86ae03653f0612911a2f01a9dca49a22
+                SHA256: c7f57b7287c808d2713aba9e368fe387b5825bfbda1bd1824f374beaa8e30be9
+                SHA384: 70423f071aae83c68149b7fca1181f65fd5ee37b1527bb989c3c6b0af7d78b19930c8b2cb517da35f66294eba8768e37
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 546ea040bf5075ce0a5c01d4c6ded19d
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: deb9c1e252f598099d70d2b33a313da3
+        SHA1: f0c2801e0091ed6f5e10ea7045e911aa90030290
+        SHA256: 914fb9761d50c3fa2ecf9fbd8af3735f9b8d6c4903e067c8af9546e79b6f22c7
+    Sections:
+        .text:
+            Entropy: 5.7214393917162045
+            Virtual Size: '0xc74'
+        .rdata:
+            Entropy: 3.4063014058939425
+            Virtual Size: '0x130'
+        .data:
+            Entropy: 2.4884950805464947
+            Virtual Size: '0x58'
+        .pdata:
+            Entropy: 3.1879942043708462
+            Virtual Size: '0x60'
+        INIT:
+            Entropy: 4.4494366822955245
+            Virtual Size: '0x202'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2005-05-25 00:39:12'
+    Imphash: 543f80399f79401471523d335ea61642
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: RTCore64.sys
+    MD5: d5e76d125d624f8025d534f49e3c4162
+    SHA1: 8a23735d9a143ad526bf73c6553e36e8a8d2e561
+    SHA256: 7f5dc63e5742096e4accaca39ae77a2a2142b438c10f97860dee4054b51d3b35
+    Authentihash:
+        MD5: a17d227444e090ff69e24fcb6d43162b
+        SHA1: 43d3a3c1f7b14cfcc051cae2534dbbbb4c7fc120
+        SHA256: b8eb26b6f79020ae988e4fb752dc06e1b6779749bf4f8df2872fc2b92bab8020
+    Description: ''
+    Company: ''
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    Product: ''
+    ProductVersion: ''
+    Copyright: ''
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - RtlInitUnicodeString
+    - ZwClose
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - IoDeleteSymbolicLink
+    - IofCompleteRequest
+    - MmIsAddressValid
+    - ZwUnmapViewOfSection
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - __C_specific_handler
+    - IoDeleteDevice
+    - HalTranslateBusAddress
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: OU=Timestamping CA, O=GlobalSign, CN=GlobalSign Timestamping
+                CA
+            ValidFrom: '2009-03-18 11:00:00'
+            ValidTo: '2028-01-28 12:00:00'
+            Signature: 5df6cb2b0d0140849f857a43706ae0c5e7aa0600d76713c9089131654f14a8a905dc389e6aa0300abd8dc78028ee4245ca94f3de5845a9803204f5595c6a70003927944df5b44634e81c5331b2b35416e9cc42abd5d959301cfb462725b88723b1e8758824831ec876377b01494548a4ede25dd27c9ca2dc2dba105a126265abae00c710343bcb72bd14240cdcc37627b4a7fee15829f20e169f91391d89a6e60f1c878ce258ac927e243eaaec14e73a33348bc63bac83ab0f14627aba1a2d4d4b1bc530f00b92797d3c78e0f8e6d215965999392b3061e8b8f8c0a1e9221411787dc4dc89bec0bb94e172aeebb540404fef171e585ed0a88996ac9228e9babf
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012019c19066
+            Version: 3
+            TBS:
+                MD5: 42023b9487cafe46c1b6a49c369a362e
+                SHA1: 7c7b524d269334b9f073c32e888e09544c6acd98
+                SHA256: b7126567833f3daa4085ff41e73112daad3d1e3808a942c1936520e2d6c46c78
+                SHA384: 0ee4f63d6f157ec4f6990c3ebb411ccd76cb1e2123c7f692459e43f96c0da2dbf60a2bce6afeacc60621d3055028baea
+        -   Subject: C=BE, O=GlobalSign NV, CN=GlobalSign Time Stamping Authority
+            ValidFrom: '2009-12-21 09:32:56'
+            ValidTo: '2020-12-22 09:32:56'
+            Signature: bc89ecfee63655935c79d4117a86808f17b693b26d9b91a1561811c655eaf608edad9b9ef52b81c8bbdd607b1b47991e6d403e1d80c213d58e04052fdbe7ae529e688472a1e54a603cf89bd52f46d8c3b2b79353ac9b6c432424d1f1fce9562e3411581843eaefff34746ca0c06c7fad031969881e9560cabbbd0cbb76efc724b081c63831cf36ad0c38b89020849b2e8f28b99ff6ca9427cdac396157e0e3955a9c769230f5dea6973d721c2a6032a8334d8635338a5cf3a4fdf7062ce16b4b30f5cbd34362f841b9de7d20cb058c8e2cf65f35fd338d42896508362ca389f45a858bb0b97bdb6ccba1f8d20e1bbb977cd12779be9d7c3be6a75634d8c991a9
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 01000000000125b0b4cc01
+            Version: 3
+            TBS:
+                MD5: e3369c8e5aec0504b3a50455f615d9f9
+                SHA1: 13c244a894b40ecd18aaf97c362f20385bd005a7
+                SHA256: 26da721a670c72836926032fee6920118bfb9bff89cc8d0ce30d9452c33f2532
+                SHA384: 1524902f0e25addc6d74039d439366d2b06199e215004fd8e145369f50ea94a021ce6312e8a62b35470da0309ccb975c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=US, ST=California, L=Brea, O=EVGA, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=EVGA
+            ValidFrom: '2008-04-16 00:00:00'
+            ValidTo: '2010-04-16 23:59:59'
+            Signature: 13a3b8caa6bd8d63308898b0c92b79574e5d122a3ecba9758ec450b7c8c848ee5bc486db6370a8dfeb4c96c2c25512f7a3e759cc57a4d92f1a44fba15ca0c1156d22c49251b4e6a01bb93e4a62522ee5af4286c759c01c66fa5ce4452a4f112d03560bfa9737a3d0f3008b3cc48f2042b4428643f1efb4b99a34d0545c9934f1a6f35819e469430b74ba475a2135660948131cf24c9b1fb84580a1fd63eb3218d282e4f7caf77f4adbecb51e4b8237937eda0b7fcc20fc2273bf38282ee69ae6730b21c5314bcdc3f2e3a1e6f6c3ccb2139800f69d3f2fadc235080214f1c9b11e6a8f2165a45e15cca3c3542c2bac7225208a84828456d2e93cfe8315b092a1
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 546ea040bf5075ce0a5c01d4c6ded19d
+            Version: 3
+            TBS:
+                MD5: 8f51b4e16b87e1cc89b9d0c997227546
+                SHA1: 8f3cdd2b86ae03653f0612911a2f01a9dca49a22
+                SHA256: c7f57b7287c808d2713aba9e368fe387b5825bfbda1bd1824f374beaa8e30be9
+                SHA384: 70423f071aae83c68149b7fca1181f65fd5ee37b1527bb989c3c6b0af7d78b19930c8b2cb517da35f66294eba8768e37
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 546ea040bf5075ce0a5c01d4c6ded19d
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: deb9c1e252f598099d70d2b33a313da3
+        SHA1: f0c2801e0091ed6f5e10ea7045e911aa90030290
+        SHA256: 914fb9761d50c3fa2ecf9fbd8af3735f9b8d6c4903e067c8af9546e79b6f22c7
+    Sections:
+        .text:
+            Entropy: 5.7214393917162045
+            Virtual Size: '0xc74'
+        .rdata:
+            Entropy: 3.4063014058939425
+            Virtual Size: '0x130'
+        .data:
+            Entropy: 2.4884950805464947
+            Virtual Size: '0x58'
+        .pdata:
+            Entropy: 3.1879942043708462
+            Virtual Size: '0x60'
+        INIT:
+            Entropy: 4.4494366822955245
+            Virtual Size: '0x202'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2005-05-25 00:39:12'
+    Imphash: 543f80399f79401471523d335ea61642
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: rtcore64.sys
+    MD5: ecdc79141b7002b246770d01606504f2
+    SHA1: 4d14d25b540bf8623d09c06107b8ca7bb7625c30
+    SHA256: 8399e5afd8e3e97139dffb1a9fb00db2186321b427f164403282217cab067c38
+    Authentihash:
+        MD5: 55466195f0b2f4afc4243b43a806e6d9
+        SHA1: 38b353d8480885de5dcf299deca99ce4f26a1d20
+        SHA256: 5182caf10de9cec0740ecde5a081c21cdc100d7eb328ffe6f3f63183889fec6b
+    Description: ''
+    Company: ''
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    Product: ''
+    ProductVersion: ''
+    Copyright: ''
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - RtlInitUnicodeString
+    - ZwClose
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - MmMapIoSpace
+    - IoDeleteSymbolicLink
+    - IofCompleteRequest
+    - ZwUnmapViewOfSection
+    - MmUnmapIoSpace
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - __C_specific_handler
+    - IoDeleteDevice
+    - HalTranslateBusAddress
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: OU=Timestamping CA, O=GlobalSign, CN=GlobalSign Timestamping
+                CA
+            ValidFrom: '2009-03-18 11:00:00'
+            ValidTo: '2028-01-28 12:00:00'
+            Signature: 5df6cb2b0d0140849f857a43706ae0c5e7aa0600d76713c9089131654f14a8a905dc389e6aa0300abd8dc78028ee4245ca94f3de5845a9803204f5595c6a70003927944df5b44634e81c5331b2b35416e9cc42abd5d959301cfb462725b88723b1e8758824831ec876377b01494548a4ede25dd27c9ca2dc2dba105a126265abae00c710343bcb72bd14240cdcc37627b4a7fee15829f20e169f91391d89a6e60f1c878ce258ac927e243eaaec14e73a33348bc63bac83ab0f14627aba1a2d4d4b1bc530f00b92797d3c78e0f8e6d215965999392b3061e8b8f8c0a1e9221411787dc4dc89bec0bb94e172aeebb540404fef171e585ed0a88996ac9228e9babf
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012019c19066
+            Version: 3
+            TBS:
+                MD5: 42023b9487cafe46c1b6a49c369a362e
+                SHA1: 7c7b524d269334b9f073c32e888e09544c6acd98
+                SHA256: b7126567833f3daa4085ff41e73112daad3d1e3808a942c1936520e2d6c46c78
+                SHA384: 0ee4f63d6f157ec4f6990c3ebb411ccd76cb1e2123c7f692459e43f96c0da2dbf60a2bce6afeacc60621d3055028baea
+        -   Subject: C=BE, O=GlobalSign NV, CN=GlobalSign Time Stamping Authority
+            ValidFrom: '2009-12-21 09:32:56'
+            ValidTo: '2020-12-22 09:32:56'
+            Signature: bc89ecfee63655935c79d4117a86808f17b693b26d9b91a1561811c655eaf608edad9b9ef52b81c8bbdd607b1b47991e6d403e1d80c213d58e04052fdbe7ae529e688472a1e54a603cf89bd52f46d8c3b2b79353ac9b6c432424d1f1fce9562e3411581843eaefff34746ca0c06c7fad031969881e9560cabbbd0cbb76efc724b081c63831cf36ad0c38b89020849b2e8f28b99ff6ca9427cdac396157e0e3955a9c769230f5dea6973d721c2a6032a8334d8635338a5cf3a4fdf7062ce16b4b30f5cbd34362f841b9de7d20cb058c8e2cf65f35fd338d42896508362ca389f45a858bb0b97bdb6ccba1f8d20e1bbb977cd12779be9d7c3be6a75634d8c991a9
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 01000000000125b0b4cc01
+            Version: 3
+            TBS:
+                MD5: e3369c8e5aec0504b3a50455f615d9f9
+                SHA1: 13c244a894b40ecd18aaf97c362f20385bd005a7
+                SHA256: 26da721a670c72836926032fee6920118bfb9bff89cc8d0ce30d9452c33f2532
+                SHA384: 1524902f0e25addc6d74039d439366d2b06199e215004fd8e145369f50ea94a021ce6312e8a62b35470da0309ccb975c
+        -   Subject: C=US, ST=California, L=Brea, O=EVGA, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=EVGA
+            ValidFrom: '2010-04-14 00:00:00'
+            ValidTo: '2012-04-15 23:59:59'
+            Signature: ba96817224593697c9135d803c5fc87767f2a7ed8fa0aa18eab4030a3daed18c55fb7eda8835d0488d18136c0db39d8edf3224790842cdf8580b35324631de717e9279d28d605285615341aeea10a73005d59cbe3138bebfa5003cbcf2971249423d820d6d252a18bf4dd124a1ac0c2f66015cbb23690e1b0fb9d5ce3f047663f1fb6735e54f09cfb6162da298bdc956490586cfdadee74a5766c187223e19112d22f59c7f3f325449afebc42689ec4c9399bd0d97397c37230804a4e5bc17e904008aa9c5972e2332302e57648006d057c9ed8c6384fb42d138971c86079b155c202733b837b3eef122c866ce3e6d8a8d9f1685e618cc2466d623d212b73df6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 79c32d7ddd2458cf2eabe5b1b5c5290f
+            Version: 3
+            TBS:
+                MD5: 5ba772ec00357ae706016510775c7a00
+                SHA1: eeb31b244ea14abae1e947ecdca0d6ae4720031b
+                SHA256: c8e707c2615c26ac78ed06b42dd20bc8ff82bc5e02ddafe2c9af85755097691b
+                SHA384: a1d6af64a5eb3841d632438119fc954354caf3ccea61b69003a7fc9da166a9c653dc0359be2ae2463bffb7b53b0911ac
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 79c32d7ddd2458cf2eabe5b1b5c5290f
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 59080883b71fd56bbf10ec0ae4b6bdd4
+        SHA1: 503a36a225568553cc9b05f63b3506c6ff21e12e
+        SHA256: bc812d4ddc3ecfbf38c4d0d185e368fc58bac6e07f722db032bf6303daa7c946
+    Sections:
+        .text:
+            Entropy: 5.866767422382319
+            Virtual Size: '0x8b4'
+        .rdata:
+            Entropy: 3.095201756852517
+            Virtual Size: '0x110'
+        .data:
+            Entropy: 2.4884950805464947
+            Virtual Size: '0x58'
+        .pdata:
+            Entropy: 3.045843351790575
+            Virtual Size: '0x54'
+        INIT:
+            Entropy: 4.468159720315432
+            Virtual Size: '0x218'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2011-09-06 06:24:50'
+    Imphash: 690a0fb27a0c47c785d6bbbfc2e56501
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: RTCore64.sys
+    MD5: 3aacaa62758fa6d178043d78ba89bebc
+    SHA1: f77413ec3bd9ed3f31fc53a4c755dc4123e0068f
+    SHA256: 862d0ff27bb086145a33b9261142838651b0d2e1403be321145e197600eb5015
+    Authentihash:
+        MD5: 936e49d3eec0a2f433e9d0115a38a2b6
+        SHA1: 5717bf3e520accfff5ad9943e53a3b118fb67f2e
+        SHA256: 918d2e68a724b58d37443aea159e70bf8b1b5ebb089c395cad1d62745ecdaa19
+    Description: ''
+    Company: ''
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    Product: ''
+    ProductVersion: ''
+    Copyright: ''
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - RtlInitUnicodeString
+    - ZwClose
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - MmMapIoSpace
+    - IoDeleteSymbolicLink
+    - IofCompleteRequest
+    - ZwUnmapViewOfSection
+    - MmUnmapIoSpace
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - __C_specific_handler
+    - IoDeleteDevice
+    - HalTranslateBusAddress
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Timestamping CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2028-01-28 12:00:00'
+            Signature: 4e5e56901e46b4d94931f3bb1739281bc216ddfd41dc0905049b6fb2a29ad6992e40990055b5ea3fa52076d38634d417cc553ac782eeefa8babcd8069f1550dfcd167b523a02d7191afdaff0785ce04bc518df3a241edaacb8a95804020730dbb0125efe31bef00448f4f070f83a5e5683cf3dfb0dbcf4c5ed979db9d4dba52784e3389b8ba735864420a43b6da46a0ba183fd28ebdaef28f6cc885dfb0a3b00abe021ebe22f356c0f8e344597eba2f79933357ecb9a8abb454de73f9fc2d98afa65b26ec77e65ffe892e12c31a2f7b02736488f266f3bee4d761f79c3e57f9635bc2d0ecc01b08e7fff518080a792d4b34446648c874f166307314b63b0dff3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee152d7
+            Version: 3
+            TBS:
+                MD5: e140543fe3256027cfa79fc3c19c1776
+                SHA1: c655f94eb1ecc93de319fc0c9a2dc6c5ec063728
+                SHA256: 3ca71e85908ff67368e4dc00253f5691b9e6d50c966e7784143d75fb92aa3448
+                SHA384: d9d366f9328f2b55ee19a32cc5fd5148b81d764282fe5dc196c872ae249caa51d2c212ef39f33945dfe0cda81925e326
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=SG, O=GMO GlobalSign Pte Ltd, CN=GlobalSign TSA for MS Authenticode
+                , G1
+            ValidFrom: '2013-08-23 00:00:00'
+            ValidTo: '2024-09-23 00:00:00'
+            Signature: 0231142e5857644185e8af12753c881cc35eec2ce9a13cf5baaa531db9d12963dc436786d439dadec6c9ffbe4585f4a4d7c151ea18ee40585ee67bcca241291338c8ea21169cce90a62efba6cad994df401df902182bbef65d4f9fff9a48dbc50509ca80cea0f9dc4bc323e6038fb4b4af5b71296191181a6b7af2fd0dd1cd7d5e98ebba705ee5f4ea43de353dc514818adb3e105ebb72faa1a093ab031cc1653c91138b045d2bc4b9161bcc55c50ce8abe743c9b28328a5531347ab3964b91cea3430b176009521f1d43da8fda00032d76e983ca69c3b0b83becbb8bb2a268c59b8b9aeaf26ace234a2dc210d810b3813f745a3e3dbc4aca16d1bb7e5615cd7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1121405c1f0ed258882be54d8686ba11ea45
+            Version: 3
+            TBS:
+                MD5: b95cbc184d388718612d5933f7b36770
+                SHA1: ff124c5d160710720108616ffee99bbe090ed363
+                SHA256: 13027620255363f07bbf85ae7d0dc06c07d8b0f4368b12f983ee3f4fce605733
+                SHA384: f42ed00f615f2822dcd3d33794477428afb52ddab932ebcde3586f92a27e18f9faba6b3334ca4e59e0cb24bdbf8395a6
+        -   Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL
+                CO., LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL
+                CO., LTD.
+            ValidFrom: '2011-08-30 06:46:09'
+            ValidTo: '2014-08-30 06:46:09'
+            Signature: 87bf57ab7ffd7e005076b34b14ddd924045ec7e389871661794f1ece1bef10e050893b28236cb650af1415f8cd95e86c2052d93311d73e0bbe6fb1c22ddea438a93c8b18bd4b8c0f81ad07032efb46d406bbaa730dd3ac92cbf0d9cc711a397a0e0320b213a5161e6be83ec69967a712b463129ea56d5a8ecd3ff8901be09dfaa0a0f10e879b307863e1b1c3a3149ac73bc3f3160db7012229b57bced6d47b875878663642a8cddd03da1e7f236b8cf16713a5e0f4c892aaca77a8c7dab41d84567e2bbf09b336a2824e0e18d54d199e6e024d2630bb210cd24a9ef4b377be0429e2ecc9bf8478a8c6a78c686e26f29c95925baee85e4bbb97b6eecffe44a25e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
+            Version: 3
+            TBS:
+                MD5: 3a98a18e8636f2a01e49e2a6d116c360
+                SHA1: a2938150e46525adcec2e3a2348824bc1cf532b2
+                SHA256: 01a2e2d31d0a4f3005753cce5972b5da2a7c08b0750fb6947e0fd231e64ae7ec
+                SHA384: 722398e51e6b5bbe064df372be6b6a9ccfcc9719ad775213cae46920e0a3e6c5a4dc8b912de3148abfc60ff4a59050ea
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 59080883b71fd56bbf10ec0ae4b6bdd4
+        SHA1: 503a36a225568553cc9b05f63b3506c6ff21e12e
+        SHA256: bc812d4ddc3ecfbf38c4d0d185e368fc58bac6e07f722db032bf6303daa7c946
+    Sections:
+        .text:
+            Entropy: 5.875896928498946
+            Virtual Size: '0x8c4'
+        .rdata:
+            Entropy: 3.077836082863532
+            Virtual Size: '0x110'
+        .data:
+            Entropy: 2.4884950805464947
+            Virtual Size: '0x58'
+        .pdata:
+            Entropy: 2.9223636591016042
+            Virtual Size: '0x54'
+        INIT:
+            Entropy: 4.468159720315432
+            Virtual Size: '0x218'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2013-03-10 23:32:06'
+    Imphash: 690a0fb27a0c47c785d6bbbfc2e56501
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: rtcore64.sys
+    MD5: 4e4b9bdcc6b8d97828ae1972d750a08d
+    SHA1: 82034032b30bbb78d634d6f52c7d7770a73b1b3c
+    SHA256: 9f1025601d17945c3a47026814bdec353ee363966e62dba7fe2673da5ce50def
+    Authentihash:
+        MD5: 936e49d3eec0a2f433e9d0115a38a2b6
+        SHA1: 5717bf3e520accfff5ad9943e53a3b118fb67f2e
+        SHA256: 918d2e68a724b58d37443aea159e70bf8b1b5ebb089c395cad1d62745ecdaa19
+    Description: ''
+    Company: ''
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    Product: ''
+    ProductVersion: ''
+    Copyright: ''
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - RtlInitUnicodeString
+    - ZwClose
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - MmMapIoSpace
+    - IoDeleteSymbolicLink
+    - IofCompleteRequest
+    - ZwUnmapViewOfSection
+    - MmUnmapIoSpace
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - __C_specific_handler
+    - IoDeleteDevice
+    - HalTranslateBusAddress
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: OU=Timestamping CA, O=GlobalSign, CN=GlobalSign Timestamping
+                CA
+            ValidFrom: '2009-03-18 11:00:00'
+            ValidTo: '2028-01-28 12:00:00'
+            Signature: 5df6cb2b0d0140849f857a43706ae0c5e7aa0600d76713c9089131654f14a8a905dc389e6aa0300abd8dc78028ee4245ca94f3de5845a9803204f5595c6a70003927944df5b44634e81c5331b2b35416e9cc42abd5d959301cfb462725b88723b1e8758824831ec876377b01494548a4ede25dd27c9ca2dc2dba105a126265abae00c710343bcb72bd14240cdcc37627b4a7fee15829f20e169f91391d89a6e60f1c878ce258ac927e243eaaec14e73a33348bc63bac83ab0f14627aba1a2d4d4b1bc530f00b92797d3c78e0f8e6d215965999392b3061e8b8f8c0a1e9221411787dc4dc89bec0bb94e172aeebb540404fef171e585ed0a88996ac9228e9babf
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012019c19066
+            Version: 3
+            TBS:
+                MD5: 42023b9487cafe46c1b6a49c369a362e
+                SHA1: 7c7b524d269334b9f073c32e888e09544c6acd98
+                SHA256: b7126567833f3daa4085ff41e73112daad3d1e3808a942c1936520e2d6c46c78
+                SHA384: 0ee4f63d6f157ec4f6990c3ebb411ccd76cb1e2123c7f692459e43f96c0da2dbf60a2bce6afeacc60621d3055028baea
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=BE, O=GlobalSign NV, CN=GlobalSign Time Stamping Authority
+            ValidFrom: '2009-12-21 09:32:56'
+            ValidTo: '2020-12-22 09:32:56'
+            Signature: bc89ecfee63655935c79d4117a86808f17b693b26d9b91a1561811c655eaf608edad9b9ef52b81c8bbdd607b1b47991e6d403e1d80c213d58e04052fdbe7ae529e688472a1e54a603cf89bd52f46d8c3b2b79353ac9b6c432424d1f1fce9562e3411581843eaefff34746ca0c06c7fad031969881e9560cabbbd0cbb76efc724b081c63831cf36ad0c38b89020849b2e8f28b99ff6ca9427cdac396157e0e3955a9c769230f5dea6973d721c2a6032a8334d8635338a5cf3a4fdf7062ce16b4b30f5cbd34362f841b9de7d20cb058c8e2cf65f35fd338d42896508362ca389f45a858bb0b97bdb6ccba1f8d20e1bbb977cd12779be9d7c3be6a75634d8c991a9
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 01000000000125b0b4cc01
+            Version: 3
+            TBS:
+                MD5: e3369c8e5aec0504b3a50455f615d9f9
+                SHA1: 13c244a894b40ecd18aaf97c362f20385bd005a7
+                SHA256: 26da721a670c72836926032fee6920118bfb9bff89cc8d0ce30d9452c33f2532
+                SHA384: 1524902f0e25addc6d74039d439366d2b06199e215004fd8e145369f50ea94a021ce6312e8a62b35470da0309ccb975c
+        -   Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL
+                CO., LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL
+                CO., LTD.
+            ValidFrom: '2011-08-30 06:46:09'
+            ValidTo: '2014-08-30 06:46:09'
+            Signature: 87bf57ab7ffd7e005076b34b14ddd924045ec7e389871661794f1ece1bef10e050893b28236cb650af1415f8cd95e86c2052d93311d73e0bbe6fb1c22ddea438a93c8b18bd4b8c0f81ad07032efb46d406bbaa730dd3ac92cbf0d9cc711a397a0e0320b213a5161e6be83ec69967a712b463129ea56d5a8ecd3ff8901be09dfaa0a0f10e879b307863e1b1c3a3149ac73bc3f3160db7012229b57bced6d47b875878663642a8cddd03da1e7f236b8cf16713a5e0f4c892aaca77a8c7dab41d84567e2bbf09b336a2824e0e18d54d199e6e024d2630bb210cd24a9ef4b377be0429e2ecc9bf8478a8c6a78c686e26f29c95925baee85e4bbb97b6eecffe44a25e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
+            Version: 3
+            TBS:
+                MD5: 3a98a18e8636f2a01e49e2a6d116c360
+                SHA1: a2938150e46525adcec2e3a2348824bc1cf532b2
+                SHA256: 01a2e2d31d0a4f3005753cce5972b5da2a7c08b0750fb6947e0fd231e64ae7ec
+                SHA384: 722398e51e6b5bbe064df372be6b6a9ccfcc9719ad775213cae46920e0a3e6c5a4dc8b912de3148abfc60ff4a59050ea
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 59080883b71fd56bbf10ec0ae4b6bdd4
+        SHA1: 503a36a225568553cc9b05f63b3506c6ff21e12e
+        SHA256: bc812d4ddc3ecfbf38c4d0d185e368fc58bac6e07f722db032bf6303daa7c946
+    Sections:
+        .text:
+            Entropy: 5.875896928498946
+            Virtual Size: '0x8c4'
+        .rdata:
+            Entropy: 3.077836082863532
+            Virtual Size: '0x110'
+        .data:
+            Entropy: 2.4884950805464947
+            Virtual Size: '0x58'
+        .pdata:
+            Entropy: 2.9223636591016042
+            Virtual Size: '0x54'
+        INIT:
+            Entropy: 4.468159720315432
+            Virtual Size: '0x218'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2013-03-10 23:32:06'
+    Imphash: 690a0fb27a0c47c785d6bbbfc2e56501
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: RTCore64.sys
+    MD5: 821adf5ba68fd8cc7f4f1bc915fe47de
+    SHA1: eb0021e29488c97a0e42a084a4fe5a0695eccb7b
+    SHA256: aafb95a443911e4c67d4e45ffa83cca103c91b42915b81100534dc439bec0c1b
+    Authentihash:
+        MD5: 936e49d3eec0a2f433e9d0115a38a2b6
+        SHA1: 5717bf3e520accfff5ad9943e53a3b118fb67f2e
+        SHA256: 918d2e68a724b58d37443aea159e70bf8b1b5ebb089c395cad1d62745ecdaa19
+    Description: ''
+    Company: ''
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    Product: ''
+    ProductVersion: ''
+    Copyright: ''
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - RtlInitUnicodeString
+    - ZwClose
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - MmMapIoSpace
+    - IoDeleteSymbolicLink
+    - IofCompleteRequest
+    - ZwUnmapViewOfSection
+    - MmUnmapIoSpace
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - __C_specific_handler
+    - IoDeleteDevice
+    - HalTranslateBusAddress
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Timestamping CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2028-01-28 12:00:00'
+            Signature: 4e5e56901e46b4d94931f3bb1739281bc216ddfd41dc0905049b6fb2a29ad6992e40990055b5ea3fa52076d38634d417cc553ac782eeefa8babcd8069f1550dfcd167b523a02d7191afdaff0785ce04bc518df3a241edaacb8a95804020730dbb0125efe31bef00448f4f070f83a5e5683cf3dfb0dbcf4c5ed979db9d4dba52784e3389b8ba735864420a43b6da46a0ba183fd28ebdaef28f6cc885dfb0a3b00abe021ebe22f356c0f8e344597eba2f79933357ecb9a8abb454de73f9fc2d98afa65b26ec77e65ffe892e12c31a2f7b02736488f266f3bee4d761f79c3e57f9635bc2d0ecc01b08e7fff518080a792d4b34446648c874f166307314b63b0dff3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee152d7
+            Version: 3
+            TBS:
+                MD5: e140543fe3256027cfa79fc3c19c1776
+                SHA1: c655f94eb1ecc93de319fc0c9a2dc6c5ec063728
+                SHA256: 3ca71e85908ff67368e4dc00253f5691b9e6d50c966e7784143d75fb92aa3448
+                SHA384: d9d366f9328f2b55ee19a32cc5fd5148b81d764282fe5dc196c872ae249caa51d2c212ef39f33945dfe0cda81925e326
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=SG, O=GMO GlobalSign Pte Ltd, CN=GlobalSign TSA for MS Authenticode
+                , G1
+            ValidFrom: '2013-08-23 00:00:00'
+            ValidTo: '2024-09-23 00:00:00'
+            Signature: 0231142e5857644185e8af12753c881cc35eec2ce9a13cf5baaa531db9d12963dc436786d439dadec6c9ffbe4585f4a4d7c151ea18ee40585ee67bcca241291338c8ea21169cce90a62efba6cad994df401df902182bbef65d4f9fff9a48dbc50509ca80cea0f9dc4bc323e6038fb4b4af5b71296191181a6b7af2fd0dd1cd7d5e98ebba705ee5f4ea43de353dc514818adb3e105ebb72faa1a093ab031cc1653c91138b045d2bc4b9161bcc55c50ce8abe743c9b28328a5531347ab3964b91cea3430b176009521f1d43da8fda00032d76e983ca69c3b0b83becbb8bb2a268c59b8b9aeaf26ace234a2dc210d810b3813f745a3e3dbc4aca16d1bb7e5615cd7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1121405c1f0ed258882be54d8686ba11ea45
+            Version: 3
+            TBS:
+                MD5: b95cbc184d388718612d5933f7b36770
+                SHA1: ff124c5d160710720108616ffee99bbe090ed363
+                SHA256: 13027620255363f07bbf85ae7d0dc06c07d8b0f4368b12f983ee3f4fce605733
+                SHA384: f42ed00f615f2822dcd3d33794477428afb52ddab932ebcde3586f92a27e18f9faba6b3334ca4e59e0cb24bdbf8395a6
+        -   Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL
+                CO., LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL
+                CO., LTD.
+            ValidFrom: '2011-08-30 06:46:09'
+            ValidTo: '2014-08-30 06:46:09'
+            Signature: 87bf57ab7ffd7e005076b34b14ddd924045ec7e389871661794f1ece1bef10e050893b28236cb650af1415f8cd95e86c2052d93311d73e0bbe6fb1c22ddea438a93c8b18bd4b8c0f81ad07032efb46d406bbaa730dd3ac92cbf0d9cc711a397a0e0320b213a5161e6be83ec69967a712b463129ea56d5a8ecd3ff8901be09dfaa0a0f10e879b307863e1b1c3a3149ac73bc3f3160db7012229b57bced6d47b875878663642a8cddd03da1e7f236b8cf16713a5e0f4c892aaca77a8c7dab41d84567e2bbf09b336a2824e0e18d54d199e6e024d2630bb210cd24a9ef4b377be0429e2ecc9bf8478a8c6a78c686e26f29c95925baee85e4bbb97b6eecffe44a25e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
+            Version: 3
+            TBS:
+                MD5: 3a98a18e8636f2a01e49e2a6d116c360
+                SHA1: a2938150e46525adcec2e3a2348824bc1cf532b2
+                SHA256: 01a2e2d31d0a4f3005753cce5972b5da2a7c08b0750fb6947e0fd231e64ae7ec
+                SHA384: 722398e51e6b5bbe064df372be6b6a9ccfcc9719ad775213cae46920e0a3e6c5a4dc8b912de3148abfc60ff4a59050ea
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 59080883b71fd56bbf10ec0ae4b6bdd4
+        SHA1: 503a36a225568553cc9b05f63b3506c6ff21e12e
+        SHA256: bc812d4ddc3ecfbf38c4d0d185e368fc58bac6e07f722db032bf6303daa7c946
+    Sections:
+        .text:
+            Entropy: 5.875896928498946
+            Virtual Size: '0x8c4'
+        .rdata:
+            Entropy: 3.077836082863532
+            Virtual Size: '0x110'
+        .data:
+            Entropy: 2.4884950805464947
+            Virtual Size: '0x58'
+        .pdata:
+            Entropy: 2.9223636591016042
+            Virtual Size: '0x54'
+        INIT:
+            Entropy: 4.468159720315432
+            Virtual Size: '0x218'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2013-03-10 23:32:06'
+    Imphash: 690a0fb27a0c47c785d6bbbfc2e56501
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: RTCore64.sys
+    MD5: 0d5774527af6e30905317839686b449d
+    SHA1: 75d0b9bdfa79e5d43ec8b4c0996f559075723de7
+    SHA256: ae6fb53e4d8122dba3a65e5fa59185b36c3ac9df46e82fcfb6731ab55c6395aa
+    Authentihash:
+        MD5: 936e49d3eec0a2f433e9d0115a38a2b6
+        SHA1: 5717bf3e520accfff5ad9943e53a3b118fb67f2e
+        SHA256: 918d2e68a724b58d37443aea159e70bf8b1b5ebb089c395cad1d62745ecdaa19
+    Description: ''
+    Company: ''
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    Product: ''
+    ProductVersion: ''
+    Copyright: ''
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - RtlInitUnicodeString
+    - ZwClose
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - MmMapIoSpace
+    - IoDeleteSymbolicLink
+    - IofCompleteRequest
+    - ZwUnmapViewOfSection
+    - MmUnmapIoSpace
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - __C_specific_handler
+    - IoDeleteDevice
+    - HalTranslateBusAddress
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Timestamping CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2028-01-28 12:00:00'
+            Signature: 4e5e56901e46b4d94931f3bb1739281bc216ddfd41dc0905049b6fb2a29ad6992e40990055b5ea3fa52076d38634d417cc553ac782eeefa8babcd8069f1550dfcd167b523a02d7191afdaff0785ce04bc518df3a241edaacb8a95804020730dbb0125efe31bef00448f4f070f83a5e5683cf3dfb0dbcf4c5ed979db9d4dba52784e3389b8ba735864420a43b6da46a0ba183fd28ebdaef28f6cc885dfb0a3b00abe021ebe22f356c0f8e344597eba2f79933357ecb9a8abb454de73f9fc2d98afa65b26ec77e65ffe892e12c31a2f7b02736488f266f3bee4d761f79c3e57f9635bc2d0ecc01b08e7fff518080a792d4b34446648c874f166307314b63b0dff3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee152d7
+            Version: 3
+            TBS:
+                MD5: e140543fe3256027cfa79fc3c19c1776
+                SHA1: c655f94eb1ecc93de319fc0c9a2dc6c5ec063728
+                SHA256: 3ca71e85908ff67368e4dc00253f5691b9e6d50c966e7784143d75fb92aa3448
+                SHA384: d9d366f9328f2b55ee19a32cc5fd5148b81d764282fe5dc196c872ae249caa51d2c212ef39f33945dfe0cda81925e326
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=SG, O=GMO GlobalSign Pte Ltd, CN=GlobalSign TSA for MS Authenticode
+                , G1
+            ValidFrom: '2013-08-23 00:00:00'
+            ValidTo: '2024-09-23 00:00:00'
+            Signature: 0231142e5857644185e8af12753c881cc35eec2ce9a13cf5baaa531db9d12963dc436786d439dadec6c9ffbe4585f4a4d7c151ea18ee40585ee67bcca241291338c8ea21169cce90a62efba6cad994df401df902182bbef65d4f9fff9a48dbc50509ca80cea0f9dc4bc323e6038fb4b4af5b71296191181a6b7af2fd0dd1cd7d5e98ebba705ee5f4ea43de353dc514818adb3e105ebb72faa1a093ab031cc1653c91138b045d2bc4b9161bcc55c50ce8abe743c9b28328a5531347ab3964b91cea3430b176009521f1d43da8fda00032d76e983ca69c3b0b83becbb8bb2a268c59b8b9aeaf26ace234a2dc210d810b3813f745a3e3dbc4aca16d1bb7e5615cd7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1121405c1f0ed258882be54d8686ba11ea45
+            Version: 3
+            TBS:
+                MD5: b95cbc184d388718612d5933f7b36770
+                SHA1: ff124c5d160710720108616ffee99bbe090ed363
+                SHA256: 13027620255363f07bbf85ae7d0dc06c07d8b0f4368b12f983ee3f4fce605733
+                SHA384: f42ed00f615f2822dcd3d33794477428afb52ddab932ebcde3586f92a27e18f9faba6b3334ca4e59e0cb24bdbf8395a6
+        -   Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL
+                CO., LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL
+                CO., LTD.
+            ValidFrom: '2011-08-30 06:46:09'
+            ValidTo: '2014-08-30 06:46:09'
+            Signature: 87bf57ab7ffd7e005076b34b14ddd924045ec7e389871661794f1ece1bef10e050893b28236cb650af1415f8cd95e86c2052d93311d73e0bbe6fb1c22ddea438a93c8b18bd4b8c0f81ad07032efb46d406bbaa730dd3ac92cbf0d9cc711a397a0e0320b213a5161e6be83ec69967a712b463129ea56d5a8ecd3ff8901be09dfaa0a0f10e879b307863e1b1c3a3149ac73bc3f3160db7012229b57bced6d47b875878663642a8cddd03da1e7f236b8cf16713a5e0f4c892aaca77a8c7dab41d84567e2bbf09b336a2824e0e18d54d199e6e024d2630bb210cd24a9ef4b377be0429e2ecc9bf8478a8c6a78c686e26f29c95925baee85e4bbb97b6eecffe44a25e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
+            Version: 3
+            TBS:
+                MD5: 3a98a18e8636f2a01e49e2a6d116c360
+                SHA1: a2938150e46525adcec2e3a2348824bc1cf532b2
+                SHA256: 01a2e2d31d0a4f3005753cce5972b5da2a7c08b0750fb6947e0fd231e64ae7ec
+                SHA384: 722398e51e6b5bbe064df372be6b6a9ccfcc9719ad775213cae46920e0a3e6c5a4dc8b912de3148abfc60ff4a59050ea
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 59080883b71fd56bbf10ec0ae4b6bdd4
+        SHA1: 503a36a225568553cc9b05f63b3506c6ff21e12e
+        SHA256: bc812d4ddc3ecfbf38c4d0d185e368fc58bac6e07f722db032bf6303daa7c946
+    Sections:
+        .text:
+            Entropy: 5.875896928498946
+            Virtual Size: '0x8c4'
+        .rdata:
+            Entropy: 3.077836082863532
+            Virtual Size: '0x110'
+        .data:
+            Entropy: 2.4884950805464947
+            Virtual Size: '0x58'
+        .pdata:
+            Entropy: 2.9223636591016042
+            Virtual Size: '0x54'
+        INIT:
+            Entropy: 4.468159720315432
+            Virtual Size: '0x218'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2013-03-10 23:32:06'
+    Imphash: 690a0fb27a0c47c785d6bbbfc2e56501
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: RTCore64.sys
+    MD5: 18439fe2aaeddfd355ef88091cb6c15f
+    SHA1: 52d9bbe41eea0b60507c469f7810d80343c03c2b
+    SHA256: b1867d13a4cab66a76f4d4448824ca0cb3a176064626f9618c0c103ee3cb4f47
+    Authentihash:
+        MD5: 936e49d3eec0a2f433e9d0115a38a2b6
+        SHA1: 5717bf3e520accfff5ad9943e53a3b118fb67f2e
+        SHA256: 918d2e68a724b58d37443aea159e70bf8b1b5ebb089c395cad1d62745ecdaa19
+    Description: ''
+    Company: ''
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    Product: ''
+    ProductVersion: ''
+    Copyright: ''
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - RtlInitUnicodeString
+    - ZwClose
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - MmMapIoSpace
+    - IoDeleteSymbolicLink
+    - IofCompleteRequest
+    - ZwUnmapViewOfSection
+    - MmUnmapIoSpace
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - __C_specific_handler
+    - IoDeleteDevice
+    - HalTranslateBusAddress
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: OU=Timestamping CA, O=GlobalSign, CN=GlobalSign Timestamping
+                CA
+            ValidFrom: '2009-03-18 11:00:00'
+            ValidTo: '2028-01-28 12:00:00'
+            Signature: 5df6cb2b0d0140849f857a43706ae0c5e7aa0600d76713c9089131654f14a8a905dc389e6aa0300abd8dc78028ee4245ca94f3de5845a9803204f5595c6a70003927944df5b44634e81c5331b2b35416e9cc42abd5d959301cfb462725b88723b1e8758824831ec876377b01494548a4ede25dd27c9ca2dc2dba105a126265abae00c710343bcb72bd14240cdcc37627b4a7fee15829f20e169f91391d89a6e60f1c878ce258ac927e243eaaec14e73a33348bc63bac83ab0f14627aba1a2d4d4b1bc530f00b92797d3c78e0f8e6d215965999392b3061e8b8f8c0a1e9221411787dc4dc89bec0bb94e172aeebb540404fef171e585ed0a88996ac9228e9babf
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012019c19066
+            Version: 3
+            TBS:
+                MD5: 42023b9487cafe46c1b6a49c369a362e
+                SHA1: 7c7b524d269334b9f073c32e888e09544c6acd98
+                SHA256: b7126567833f3daa4085ff41e73112daad3d1e3808a942c1936520e2d6c46c78
+                SHA384: 0ee4f63d6f157ec4f6990c3ebb411ccd76cb1e2123c7f692459e43f96c0da2dbf60a2bce6afeacc60621d3055028baea
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=BE, O=GlobalSign NV, CN=GlobalSign Time Stamping Authority
+            ValidFrom: '2009-12-21 09:32:56'
+            ValidTo: '2020-12-22 09:32:56'
+            Signature: bc89ecfee63655935c79d4117a86808f17b693b26d9b91a1561811c655eaf608edad9b9ef52b81c8bbdd607b1b47991e6d403e1d80c213d58e04052fdbe7ae529e688472a1e54a603cf89bd52f46d8c3b2b79353ac9b6c432424d1f1fce9562e3411581843eaefff34746ca0c06c7fad031969881e9560cabbbd0cbb76efc724b081c63831cf36ad0c38b89020849b2e8f28b99ff6ca9427cdac396157e0e3955a9c769230f5dea6973d721c2a6032a8334d8635338a5cf3a4fdf7062ce16b4b30f5cbd34362f841b9de7d20cb058c8e2cf65f35fd338d42896508362ca389f45a858bb0b97bdb6ccba1f8d20e1bbb977cd12779be9d7c3be6a75634d8c991a9
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 01000000000125b0b4cc01
+            Version: 3
+            TBS:
+                MD5: e3369c8e5aec0504b3a50455f615d9f9
+                SHA1: 13c244a894b40ecd18aaf97c362f20385bd005a7
+                SHA256: 26da721a670c72836926032fee6920118bfb9bff89cc8d0ce30d9452c33f2532
+                SHA384: 1524902f0e25addc6d74039d439366d2b06199e215004fd8e145369f50ea94a021ce6312e8a62b35470da0309ccb975c
+        -   Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL
+                CO., LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL
+                CO., LTD.
+            ValidFrom: '2011-08-30 06:46:09'
+            ValidTo: '2014-08-30 06:46:09'
+            Signature: 87bf57ab7ffd7e005076b34b14ddd924045ec7e389871661794f1ece1bef10e050893b28236cb650af1415f8cd95e86c2052d93311d73e0bbe6fb1c22ddea438a93c8b18bd4b8c0f81ad07032efb46d406bbaa730dd3ac92cbf0d9cc711a397a0e0320b213a5161e6be83ec69967a712b463129ea56d5a8ecd3ff8901be09dfaa0a0f10e879b307863e1b1c3a3149ac73bc3f3160db7012229b57bced6d47b875878663642a8cddd03da1e7f236b8cf16713a5e0f4c892aaca77a8c7dab41d84567e2bbf09b336a2824e0e18d54d199e6e024d2630bb210cd24a9ef4b377be0429e2ecc9bf8478a8c6a78c686e26f29c95925baee85e4bbb97b6eecffe44a25e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
+            Version: 3
+            TBS:
+                MD5: 3a98a18e8636f2a01e49e2a6d116c360
+                SHA1: a2938150e46525adcec2e3a2348824bc1cf532b2
+                SHA256: 01a2e2d31d0a4f3005753cce5972b5da2a7c08b0750fb6947e0fd231e64ae7ec
+                SHA384: 722398e51e6b5bbe064df372be6b6a9ccfcc9719ad775213cae46920e0a3e6c5a4dc8b912de3148abfc60ff4a59050ea
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 59080883b71fd56bbf10ec0ae4b6bdd4
+        SHA1: 503a36a225568553cc9b05f63b3506c6ff21e12e
+        SHA256: bc812d4ddc3ecfbf38c4d0d185e368fc58bac6e07f722db032bf6303daa7c946
+    Sections:
+        .text:
+            Entropy: 5.875896928498946
+            Virtual Size: '0x8c4'
+        .rdata:
+            Entropy: 3.077836082863532
+            Virtual Size: '0x110'
+        .data:
+            Entropy: 2.4884950805464947
+            Virtual Size: '0x58'
+        .pdata:
+            Entropy: 2.9223636591016042
+            Virtual Size: '0x54'
+        INIT:
+            Entropy: 4.468159720315432
+            Virtual Size: '0x218'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2013-03-10 23:32:06'
+    Imphash: 690a0fb27a0c47c785d6bbbfc2e56501
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: RTCore64.sys
+    MD5: 4b60ef388071e0baf299496e3d6590ae
+    SHA1: cf9b4d606467108e4b845ecb8ede2f5865bd6c33
+    SHA256: b61869b7945be062630f1dd4bae919aecee8927f7e1bc3954a21ff763f4c0867
+    Authentihash:
+        MD5: 55466195f0b2f4afc4243b43a806e6d9
+        SHA1: 38b353d8480885de5dcf299deca99ce4f26a1d20
+        SHA256: 5182caf10de9cec0740ecde5a081c21cdc100d7eb328ffe6f3f63183889fec6b
+    Description: ''
+    Company: ''
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    Product: ''
+    ProductVersion: ''
+    Copyright: ''
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - RtlInitUnicodeString
+    - ZwClose
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - MmMapIoSpace
+    - IoDeleteSymbolicLink
+    - IofCompleteRequest
+    - ZwUnmapViewOfSection
+    - MmUnmapIoSpace
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - __C_specific_handler
+    - IoDeleteDevice
+    - HalTranslateBusAddress
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL
+                CO., LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL
+                CO., LTD.
+            ValidFrom: '2011-08-30 06:46:09'
+            ValidTo: '2014-08-30 06:46:09'
+            Signature: 87bf57ab7ffd7e005076b34b14ddd924045ec7e389871661794f1ece1bef10e050893b28236cb650af1415f8cd95e86c2052d93311d73e0bbe6fb1c22ddea438a93c8b18bd4b8c0f81ad07032efb46d406bbaa730dd3ac92cbf0d9cc711a397a0e0320b213a5161e6be83ec69967a712b463129ea56d5a8ecd3ff8901be09dfaa0a0f10e879b307863e1b1c3a3149ac73bc3f3160db7012229b57bced6d47b875878663642a8cddd03da1e7f236b8cf16713a5e0f4c892aaca77a8c7dab41d84567e2bbf09b336a2824e0e18d54d199e6e024d2630bb210cd24a9ef4b377be0429e2ecc9bf8478a8c6a78c686e26f29c95925baee85e4bbb97b6eecffe44a25e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
+            Version: 3
+            TBS:
+                MD5: 3a98a18e8636f2a01e49e2a6d116c360
+                SHA1: a2938150e46525adcec2e3a2348824bc1cf532b2
+                SHA256: 01a2e2d31d0a4f3005753cce5972b5da2a7c08b0750fb6947e0fd231e64ae7ec
+                SHA384: 722398e51e6b5bbe064df372be6b6a9ccfcc9719ad775213cae46920e0a3e6c5a4dc8b912de3148abfc60ff4a59050ea
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 59080883b71fd56bbf10ec0ae4b6bdd4
+        SHA1: 503a36a225568553cc9b05f63b3506c6ff21e12e
+        SHA256: bc812d4ddc3ecfbf38c4d0d185e368fc58bac6e07f722db032bf6303daa7c946
+    Sections:
+        .text:
+            Entropy: 5.866767422382319
+            Virtual Size: '0x8b4'
+        .rdata:
+            Entropy: 3.095201756852517
+            Virtual Size: '0x110'
+        .data:
+            Entropy: 2.4884950805464947
+            Virtual Size: '0x58'
+        .pdata:
+            Entropy: 3.045843351790575
+            Virtual Size: '0x54'
+        INIT:
+            Entropy: 4.468159720315432
+            Virtual Size: '0x218'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2011-09-06 06:24:50'
+    Imphash: 690a0fb27a0c47c785d6bbbfc2e56501
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: RTCore64.sys
+    MD5: aa9adcf64008e13d7e68b56fdd307ead
+    SHA1: 562368c390b0dadf2356b8b3c747357ecef2dfc8
+    SHA256: bc13adeb6bf62b1e10ef41205ef92382e6c18d6a20669d288a0b11058e533d63
+    Authentihash:
+        MD5: 538e5e595c61d2ea8defb7b047784734
+        SHA1: 4a68c2d7a4c471e062a32c83a36eedb45a619683
+        SHA256: 478c36f8af7844a80e24c1822507beef6314519185717ec7ae224a0e04b2f330
+    Description: ''
+    Company: ''
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    Product: ''
+    ProductVersion: ''
+    Copyright: ''
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - MmMapIoSpace
+    - __C_specific_handler
+    - ZwClose
+    - ZwUnmapViewOfSection
+    - MmUnmapIoSpace
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - RtlInitUnicodeString
+    - IoDeleteSymbolicLink
+    - IofCompleteRequest
+    - IoDeleteDevice
+    - HalTranslateBusAddress
+    - HalGetBusDataByOffset
+    - HalSetBusDataByOffset
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Timestamping CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2028-01-28 12:00:00'
+            Signature: 4e5e56901e46b4d94931f3bb1739281bc216ddfd41dc0905049b6fb2a29ad6992e40990055b5ea3fa52076d38634d417cc553ac782eeefa8babcd8069f1550dfcd167b523a02d7191afdaff0785ce04bc518df3a241edaacb8a95804020730dbb0125efe31bef00448f4f070f83a5e5683cf3dfb0dbcf4c5ed979db9d4dba52784e3389b8ba735864420a43b6da46a0ba183fd28ebdaef28f6cc885dfb0a3b00abe021ebe22f356c0f8e344597eba2f79933357ecb9a8abb454de73f9fc2d98afa65b26ec77e65ffe892e12c31a2f7b02736488f266f3bee4d761f79c3e57f9635bc2d0ecc01b08e7fff518080a792d4b34446648c874f166307314b63b0dff3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee152d7
+            Version: 3
+            TBS:
+                MD5: e140543fe3256027cfa79fc3c19c1776
+                SHA1: c655f94eb1ecc93de319fc0c9a2dc6c5ec063728
+                SHA256: 3ca71e85908ff67368e4dc00253f5691b9e6d50c966e7784143d75fb92aa3448
+                SHA384: d9d366f9328f2b55ee19a32cc5fd5148b81d764282fe5dc196c872ae249caa51d2c212ef39f33945dfe0cda81925e326
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=SG, O=GMO GlobalSign Pte Ltd, CN=GlobalSign TSA for MS Authenticode
+                , G2
+            ValidFrom: '2016-05-24 00:00:00'
+            ValidTo: '2027-06-24 00:00:00'
+            Signature: 8fa91a916d04a637200e8396de23d36b6e1f6edd643d682122b5f84736698ee1a545c724a222b72909cc545aaec6bccd638eb33d5048e5b4ccaecd928d9e288b134a11aabda3efd3b236fcb4a172bf6d9763798c44bc702f7ef3bcdd8253ab1af6ebfa1c97bcb6379ca41c30bcabbc2d4736df922003e871c658f675059a34f00b595a824434aa80e42f84f6475d96c9b6caca9db7a6bae450d3d437b8ba200ed0d3922a5bc459bba16ddb3cce449dc1382aade38dbdcd09771a10be670a02366488b9b31b26eee79e60c446a8bc61336ccf4eb99cb96af09f37feb53d4f9ad34dffde208e4e97a6fd9f09bc4dca1876c9b04d8550f280d21d06f5580407b118
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1121d699a764973ef1f8427ee919cc534114
+            Version: 3
+            TBS:
+                MD5: acb5170547d76873f1e4ff18ed5de2eb
+                SHA1: bd6e261e75b807381bada7287de04d259258a5fa
+                SHA256: 4783380498acf592286ef2dea0fcc5bdea3f54d5e374d3e3497df9d5f662cfb6
+                SHA384: 4f428f115cf3d008248f15f32007fc7c54bd454e1b48b765776b4c87c23ab8818d8fbcbb3646d35eca012b025260a3b8
+        -   Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL
+                CO., LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL
+                CO., LTD.
+            ValidFrom: '2014-06-03 09:16:15'
+            ValidTo: '2017-09-03 09:16:15'
+            Signature: 8c35a5b5d3503f50119ab8f99b07a4bb4b71cafaf983206f744545c2997ae1762032fa2d37f4780cfe83bfa999d7bcbd863dc4a51ff39978160e2e191482ae6d7f08e8ffa337c96d8c2d38ddf476a497265a890c1bbf0dee89b1abd32343889a3757732d205ba06525fa8f6e15005405a53e55cef71ac0b6af3a640e4c8aef5e950ab8a8b5c8bcddb2ade96ad9473a3d860ae16fdbe3362cabfd916da089167d906d378dbf4534f7ffb77d87baba29f8f5bbbd9b4b7c127ac170a270dc7a7272d38fdf3bbadbfb448d47e5dd4d310a588666a0d66762e1b3704b1e00e39739190c02f4b981cf2d27ba07d2472ec320edf29e263f26278995d162102968c999b3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112158044863e4dc19cf29a85668b7f45842
+            Version: 3
+            TBS:
+                MD5: 403bb44a62aed1a94bd5df05b3292482
+                SHA1: e4a0353e75940ab1e8cbff2f433f186c7f0b0f09
+                SHA256: 5b81998ed98b343c04134c336e03f3051779eae0e9f882e8339593d18556375d
+                SHA384: db0076cad41a0ef4ea68754ef6905bd5ff772adcb745b05c0060344e43588abc95952dc3ad272f5a8f17b206e4089aca
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112158044863e4dc19cf29a85668b7f45842
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    RichPEHeaderHash:
+        MD5: ebe2ae976914018e88e9fc480e7b6269
+        SHA1: 960715bfbccb53b6c4eccca3b232b25640e15b52
+        SHA256: d755e9f3cb861f5227319238f1811265e332e36a922b9a25da38b122a791fdfa
+    Sections:
+        .text:
+            Entropy: 5.9488831741487855
+            Virtual Size: '0xb64'
+        .rdata:
+            Entropy: 3.0845170472775276
+            Virtual Size: '0x12c'
+        .data:
+            Entropy: 2.4884950805464947
+            Virtual Size: '0x58'
+        .pdata:
+            Entropy: 3.0964706270496722
+            Virtual Size: '0x60'
+        INIT:
+            Entropy: 4.528890116790764
+            Virtual Size: '0x258'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2016-09-30 06:03:17'
+    Imphash: 7363079b9aae7d58bd33c691a613c83c
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: RTCore64.sys
+    MD5: 6a094d8e4b00dd1d93eb494099e98478
+    SHA1: fdf4a0af89f0c8276ad6d540c75beece380703ab
+    SHA256: d7ddf874304556f8a10942a29b3d387cb5155a7419f87813557fe728cb14806d
+    Authentihash:
+        MD5: 538e5e595c61d2ea8defb7b047784734
+        SHA1: 4a68c2d7a4c471e062a32c83a36eedb45a619683
+        SHA256: 478c36f8af7844a80e24c1822507beef6314519185717ec7ae224a0e04b2f330
+    Description: ''
+    Company: ''
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    Product: ''
+    ProductVersion: ''
+    Copyright: ''
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - MmMapIoSpace
+    - __C_specific_handler
+    - ZwClose
+    - ZwUnmapViewOfSection
+    - MmUnmapIoSpace
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - RtlInitUnicodeString
+    - IoDeleteSymbolicLink
+    - IofCompleteRequest
+    - IoDeleteDevice
+    - HalTranslateBusAddress
+    - HalGetBusDataByOffset
+    - HalSetBusDataByOffset
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Timestamping CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2028-01-28 12:00:00'
+            Signature: 4e5e56901e46b4d94931f3bb1739281bc216ddfd41dc0905049b6fb2a29ad6992e40990055b5ea3fa52076d38634d417cc553ac782eeefa8babcd8069f1550dfcd167b523a02d7191afdaff0785ce04bc518df3a241edaacb8a95804020730dbb0125efe31bef00448f4f070f83a5e5683cf3dfb0dbcf4c5ed979db9d4dba52784e3389b8ba735864420a43b6da46a0ba183fd28ebdaef28f6cc885dfb0a3b00abe021ebe22f356c0f8e344597eba2f79933357ecb9a8abb454de73f9fc2d98afa65b26ec77e65ffe892e12c31a2f7b02736488f266f3bee4d761f79c3e57f9635bc2d0ecc01b08e7fff518080a792d4b34446648c874f166307314b63b0dff3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee152d7
+            Version: 3
+            TBS:
+                MD5: e140543fe3256027cfa79fc3c19c1776
+                SHA1: c655f94eb1ecc93de319fc0c9a2dc6c5ec063728
+                SHA256: 3ca71e85908ff67368e4dc00253f5691b9e6d50c966e7784143d75fb92aa3448
+                SHA384: d9d366f9328f2b55ee19a32cc5fd5148b81d764282fe5dc196c872ae249caa51d2c212ef39f33945dfe0cda81925e326
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=SG, O=GMO GlobalSign Pte Ltd, CN=GlobalSign TSA for MS Authenticode
+                , G2
+            ValidFrom: '2016-05-24 00:00:00'
+            ValidTo: '2027-06-24 00:00:00'
+            Signature: 8fa91a916d04a637200e8396de23d36b6e1f6edd643d682122b5f84736698ee1a545c724a222b72909cc545aaec6bccd638eb33d5048e5b4ccaecd928d9e288b134a11aabda3efd3b236fcb4a172bf6d9763798c44bc702f7ef3bcdd8253ab1af6ebfa1c97bcb6379ca41c30bcabbc2d4736df922003e871c658f675059a34f00b595a824434aa80e42f84f6475d96c9b6caca9db7a6bae450d3d437b8ba200ed0d3922a5bc459bba16ddb3cce449dc1382aade38dbdcd09771a10be670a02366488b9b31b26eee79e60c446a8bc61336ccf4eb99cb96af09f37feb53d4f9ad34dffde208e4e97a6fd9f09bc4dca1876c9b04d8550f280d21d06f5580407b118
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1121d699a764973ef1f8427ee919cc534114
+            Version: 3
+            TBS:
+                MD5: acb5170547d76873f1e4ff18ed5de2eb
+                SHA1: bd6e261e75b807381bada7287de04d259258a5fa
+                SHA256: 4783380498acf592286ef2dea0fcc5bdea3f54d5e374d3e3497df9d5f662cfb6
+                SHA384: 4f428f115cf3d008248f15f32007fc7c54bd454e1b48b765776b4c87c23ab8818d8fbcbb3646d35eca012b025260a3b8
+        -   Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL
+                CO., LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL
+                CO., LTD.
+            ValidFrom: '2014-06-03 09:16:15'
+            ValidTo: '2017-09-03 09:16:15'
+            Signature: 8c35a5b5d3503f50119ab8f99b07a4bb4b71cafaf983206f744545c2997ae1762032fa2d37f4780cfe83bfa999d7bcbd863dc4a51ff39978160e2e191482ae6d7f08e8ffa337c96d8c2d38ddf476a497265a890c1bbf0dee89b1abd32343889a3757732d205ba06525fa8f6e15005405a53e55cef71ac0b6af3a640e4c8aef5e950ab8a8b5c8bcddb2ade96ad9473a3d860ae16fdbe3362cabfd916da089167d906d378dbf4534f7ffb77d87baba29f8f5bbbd9b4b7c127ac170a270dc7a7272d38fdf3bbadbfb448d47e5dd4d310a588666a0d66762e1b3704b1e00e39739190c02f4b981cf2d27ba07d2472ec320edf29e263f26278995d162102968c999b3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112158044863e4dc19cf29a85668b7f45842
+            Version: 3
+            TBS:
+                MD5: 403bb44a62aed1a94bd5df05b3292482
+                SHA1: e4a0353e75940ab1e8cbff2f433f186c7f0b0f09
+                SHA256: 5b81998ed98b343c04134c336e03f3051779eae0e9f882e8339593d18556375d
+                SHA384: db0076cad41a0ef4ea68754ef6905bd5ff772adcb745b05c0060344e43588abc95952dc3ad272f5a8f17b206e4089aca
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112158044863e4dc19cf29a85668b7f45842
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    RichPEHeaderHash:
+        MD5: ebe2ae976914018e88e9fc480e7b6269
+        SHA1: 960715bfbccb53b6c4eccca3b232b25640e15b52
+        SHA256: d755e9f3cb861f5227319238f1811265e332e36a922b9a25da38b122a791fdfa
+    Sections:
+        .text:
+            Entropy: 5.9488831741487855
+            Virtual Size: '0xb64'
+        .rdata:
+            Entropy: 3.0845170472775276
+            Virtual Size: '0x12c'
+        .data:
+            Entropy: 2.4884950805464947
+            Virtual Size: '0x58'
+        .pdata:
+            Entropy: 3.0964706270496722
+            Virtual Size: '0x60'
+        INIT:
+            Entropy: 4.528890116790764
+            Virtual Size: '0x258'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2016-09-30 06:03:17'
+    Imphash: 7363079b9aae7d58bd33c691a613c83c
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: RTCore64.sys
+    MD5: 0fc2653b1c45f08ca0abd1eb7772e3c0
+    SHA1: 94144619920bd086028bb5647b1649a35438028c
+    SHA256: df0cc4e5c9802f8edaefeb130e375cad56b2c5490d8ebd77d8dbdcc6fdc7ecb6
+    Authentihash:
+        MD5: 55466195f0b2f4afc4243b43a806e6d9
+        SHA1: 38b353d8480885de5dcf299deca99ce4f26a1d20
+        SHA256: 5182caf10de9cec0740ecde5a081c21cdc100d7eb328ffe6f3f63183889fec6b
+    Description: ''
+    Company: ''
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    Product: ''
+    ProductVersion: ''
+    Copyright: ''
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - RtlInitUnicodeString
+    - ZwClose
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - MmMapIoSpace
+    - IoDeleteSymbolicLink
+    - IofCompleteRequest
+    - ZwUnmapViewOfSection
+    - MmUnmapIoSpace
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - __C_specific_handler
+    - IoDeleteDevice
+    - HalTranslateBusAddress
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: OU=Timestamping CA, O=GlobalSign, CN=GlobalSign Timestamping
+                CA
+            ValidFrom: '2009-03-18 11:00:00'
+            ValidTo: '2028-01-28 12:00:00'
+            Signature: 5df6cb2b0d0140849f857a43706ae0c5e7aa0600d76713c9089131654f14a8a905dc389e6aa0300abd8dc78028ee4245ca94f3de5845a9803204f5595c6a70003927944df5b44634e81c5331b2b35416e9cc42abd5d959301cfb462725b88723b1e8758824831ec876377b01494548a4ede25dd27c9ca2dc2dba105a126265abae00c710343bcb72bd14240cdcc37627b4a7fee15829f20e169f91391d89a6e60f1c878ce258ac927e243eaaec14e73a33348bc63bac83ab0f14627aba1a2d4d4b1bc530f00b92797d3c78e0f8e6d215965999392b3061e8b8f8c0a1e9221411787dc4dc89bec0bb94e172aeebb540404fef171e585ed0a88996ac9228e9babf
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012019c19066
+            Version: 3
+            TBS:
+                MD5: 42023b9487cafe46c1b6a49c369a362e
+                SHA1: 7c7b524d269334b9f073c32e888e09544c6acd98
+                SHA256: b7126567833f3daa4085ff41e73112daad3d1e3808a942c1936520e2d6c46c78
+                SHA384: 0ee4f63d6f157ec4f6990c3ebb411ccd76cb1e2123c7f692459e43f96c0da2dbf60a2bce6afeacc60621d3055028baea
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=BE, O=GlobalSign NV, CN=GlobalSign Time Stamping Authority
+            ValidFrom: '2009-12-21 09:32:56'
+            ValidTo: '2020-12-22 09:32:56'
+            Signature: bc89ecfee63655935c79d4117a86808f17b693b26d9b91a1561811c655eaf608edad9b9ef52b81c8bbdd607b1b47991e6d403e1d80c213d58e04052fdbe7ae529e688472a1e54a603cf89bd52f46d8c3b2b79353ac9b6c432424d1f1fce9562e3411581843eaefff34746ca0c06c7fad031969881e9560cabbbd0cbb76efc724b081c63831cf36ad0c38b89020849b2e8f28b99ff6ca9427cdac396157e0e3955a9c769230f5dea6973d721c2a6032a8334d8635338a5cf3a4fdf7062ce16b4b30f5cbd34362f841b9de7d20cb058c8e2cf65f35fd338d42896508362ca389f45a858bb0b97bdb6ccba1f8d20e1bbb977cd12779be9d7c3be6a75634d8c991a9
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 01000000000125b0b4cc01
+            Version: 3
+            TBS:
+                MD5: e3369c8e5aec0504b3a50455f615d9f9
+                SHA1: 13c244a894b40ecd18aaf97c362f20385bd005a7
+                SHA256: 26da721a670c72836926032fee6920118bfb9bff89cc8d0ce30d9452c33f2532
+                SHA384: 1524902f0e25addc6d74039d439366d2b06199e215004fd8e145369f50ea94a021ce6312e8a62b35470da0309ccb975c
+        -   Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL
+                CO., LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL
+                CO., LTD.
+            ValidFrom: '2011-08-30 06:46:09'
+            ValidTo: '2014-08-30 06:46:09'
+            Signature: 87bf57ab7ffd7e005076b34b14ddd924045ec7e389871661794f1ece1bef10e050893b28236cb650af1415f8cd95e86c2052d93311d73e0bbe6fb1c22ddea438a93c8b18bd4b8c0f81ad07032efb46d406bbaa730dd3ac92cbf0d9cc711a397a0e0320b213a5161e6be83ec69967a712b463129ea56d5a8ecd3ff8901be09dfaa0a0f10e879b307863e1b1c3a3149ac73bc3f3160db7012229b57bced6d47b875878663642a8cddd03da1e7f236b8cf16713a5e0f4c892aaca77a8c7dab41d84567e2bbf09b336a2824e0e18d54d199e6e024d2630bb210cd24a9ef4b377be0429e2ecc9bf8478a8c6a78c686e26f29c95925baee85e4bbb97b6eecffe44a25e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
+            Version: 3
+            TBS:
+                MD5: 3a98a18e8636f2a01e49e2a6d116c360
+                SHA1: a2938150e46525adcec2e3a2348824bc1cf532b2
+                SHA256: 01a2e2d31d0a4f3005753cce5972b5da2a7c08b0750fb6947e0fd231e64ae7ec
+                SHA384: 722398e51e6b5bbe064df372be6b6a9ccfcc9719ad775213cae46920e0a3e6c5a4dc8b912de3148abfc60ff4a59050ea
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 59080883b71fd56bbf10ec0ae4b6bdd4
+        SHA1: 503a36a225568553cc9b05f63b3506c6ff21e12e
+        SHA256: bc812d4ddc3ecfbf38c4d0d185e368fc58bac6e07f722db032bf6303daa7c946
+    Sections:
+        .text:
+            Entropy: 5.866767422382319
+            Virtual Size: '0x8b4'
+        .rdata:
+            Entropy: 3.095201756852517
+            Virtual Size: '0x110'
+        .data:
+            Entropy: 2.4884950805464947
+            Virtual Size: '0x58'
+        .pdata:
+            Entropy: 3.045843351790575
+            Virtual Size: '0x54'
+        INIT:
+            Entropy: 4.468159720315432
+            Virtual Size: '0x218'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2011-09-06 06:24:50'
+    Imphash: 690a0fb27a0c47c785d6bbbfc2e56501
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: RTCore64.sys
+    MD5: d424f369f7e010249619f0ecbe5f3805
+    SHA1: 5e4b93591f905854fb870011464291c3508aff44
+    SHA256: e2d8dd5dacc24051709f55a35184f5f99aef957a83bd358b0608b4479e1ec24f
+    Authentihash:
+        MD5: 55466195f0b2f4afc4243b43a806e6d9
+        SHA1: 38b353d8480885de5dcf299deca99ce4f26a1d20
+        SHA256: 5182caf10de9cec0740ecde5a081c21cdc100d7eb328ffe6f3f63183889fec6b
+    Description: ''
+    Company: ''
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    Product: ''
+    ProductVersion: ''
+    Copyright: ''
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - RtlInitUnicodeString
+    - ZwClose
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - MmMapIoSpace
+    - IoDeleteSymbolicLink
+    - IofCompleteRequest
+    - ZwUnmapViewOfSection
+    - MmUnmapIoSpace
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - __C_specific_handler
+    - IoDeleteDevice
+    - HalTranslateBusAddress
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: OU=Timestamping CA, O=GlobalSign, CN=GlobalSign Timestamping
+                CA
+            ValidFrom: '2009-03-18 11:00:00'
+            ValidTo: '2028-01-28 12:00:00'
+            Signature: 5df6cb2b0d0140849f857a43706ae0c5e7aa0600d76713c9089131654f14a8a905dc389e6aa0300abd8dc78028ee4245ca94f3de5845a9803204f5595c6a70003927944df5b44634e81c5331b2b35416e9cc42abd5d959301cfb462725b88723b1e8758824831ec876377b01494548a4ede25dd27c9ca2dc2dba105a126265abae00c710343bcb72bd14240cdcc37627b4a7fee15829f20e169f91391d89a6e60f1c878ce258ac927e243eaaec14e73a33348bc63bac83ab0f14627aba1a2d4d4b1bc530f00b92797d3c78e0f8e6d215965999392b3061e8b8f8c0a1e9221411787dc4dc89bec0bb94e172aeebb540404fef171e585ed0a88996ac9228e9babf
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012019c19066
+            Version: 3
+            TBS:
+                MD5: 42023b9487cafe46c1b6a49c369a362e
+                SHA1: 7c7b524d269334b9f073c32e888e09544c6acd98
+                SHA256: b7126567833f3daa4085ff41e73112daad3d1e3808a942c1936520e2d6c46c78
+                SHA384: 0ee4f63d6f157ec4f6990c3ebb411ccd76cb1e2123c7f692459e43f96c0da2dbf60a2bce6afeacc60621d3055028baea
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=BE, O=GlobalSign NV, CN=GlobalSign Time Stamping Authority
+            ValidFrom: '2009-12-21 09:32:56'
+            ValidTo: '2020-12-22 09:32:56'
+            Signature: bc89ecfee63655935c79d4117a86808f17b693b26d9b91a1561811c655eaf608edad9b9ef52b81c8bbdd607b1b47991e6d403e1d80c213d58e04052fdbe7ae529e688472a1e54a603cf89bd52f46d8c3b2b79353ac9b6c432424d1f1fce9562e3411581843eaefff34746ca0c06c7fad031969881e9560cabbbd0cbb76efc724b081c63831cf36ad0c38b89020849b2e8f28b99ff6ca9427cdac396157e0e3955a9c769230f5dea6973d721c2a6032a8334d8635338a5cf3a4fdf7062ce16b4b30f5cbd34362f841b9de7d20cb058c8e2cf65f35fd338d42896508362ca389f45a858bb0b97bdb6ccba1f8d20e1bbb977cd12779be9d7c3be6a75634d8c991a9
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 01000000000125b0b4cc01
+            Version: 3
+            TBS:
+                MD5: e3369c8e5aec0504b3a50455f615d9f9
+                SHA1: 13c244a894b40ecd18aaf97c362f20385bd005a7
+                SHA256: 26da721a670c72836926032fee6920118bfb9bff89cc8d0ce30d9452c33f2532
+                SHA384: 1524902f0e25addc6d74039d439366d2b06199e215004fd8e145369f50ea94a021ce6312e8a62b35470da0309ccb975c
+        -   Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL
+                CO., LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL
+                CO., LTD.
+            ValidFrom: '2011-08-30 06:46:09'
+            ValidTo: '2014-08-30 06:46:09'
+            Signature: 87bf57ab7ffd7e005076b34b14ddd924045ec7e389871661794f1ece1bef10e050893b28236cb650af1415f8cd95e86c2052d93311d73e0bbe6fb1c22ddea438a93c8b18bd4b8c0f81ad07032efb46d406bbaa730dd3ac92cbf0d9cc711a397a0e0320b213a5161e6be83ec69967a712b463129ea56d5a8ecd3ff8901be09dfaa0a0f10e879b307863e1b1c3a3149ac73bc3f3160db7012229b57bced6d47b875878663642a8cddd03da1e7f236b8cf16713a5e0f4c892aaca77a8c7dab41d84567e2bbf09b336a2824e0e18d54d199e6e024d2630bb210cd24a9ef4b377be0429e2ecc9bf8478a8c6a78c686e26f29c95925baee85e4bbb97b6eecffe44a25e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
+            Version: 3
+            TBS:
+                MD5: 3a98a18e8636f2a01e49e2a6d116c360
+                SHA1: a2938150e46525adcec2e3a2348824bc1cf532b2
+                SHA256: 01a2e2d31d0a4f3005753cce5972b5da2a7c08b0750fb6947e0fd231e64ae7ec
+                SHA384: 722398e51e6b5bbe064df372be6b6a9ccfcc9719ad775213cae46920e0a3e6c5a4dc8b912de3148abfc60ff4a59050ea
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 59080883b71fd56bbf10ec0ae4b6bdd4
+        SHA1: 503a36a225568553cc9b05f63b3506c6ff21e12e
+        SHA256: bc812d4ddc3ecfbf38c4d0d185e368fc58bac6e07f722db032bf6303daa7c946
+    Sections:
+        .text:
+            Entropy: 5.866767422382319
+            Virtual Size: '0x8b4'
+        .rdata:
+            Entropy: 3.095201756852517
+            Virtual Size: '0x110'
+        .data:
+            Entropy: 2.4884950805464947
+            Virtual Size: '0x58'
+        .pdata:
+            Entropy: 3.045843351790575
+            Virtual Size: '0x54'
+        INIT:
+            Entropy: 4.468159720315432
+            Virtual Size: '0x218'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2011-09-06 06:24:50'
+    Imphash: 690a0fb27a0c47c785d6bbbfc2e56501
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: RTCore64.sys
+    MD5: 9d884ecd3b6c3f2509851ea15ffefbef
+    SHA1: e11f48631c6e0277e21a8bdf9be513651305f0d5
+    SHA256: e50b25d94c1771937b2f632e10eea875ac6b19c57da703d52e23ad2b6299f0ae
+    Authentihash:
+        MD5: 55466195f0b2f4afc4243b43a806e6d9
+        SHA1: 38b353d8480885de5dcf299deca99ce4f26a1d20
+        SHA256: 5182caf10de9cec0740ecde5a081c21cdc100d7eb328ffe6f3f63183889fec6b
+    Description: ''
+    Company: ''
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    Product: ''
+    ProductVersion: ''
+    Copyright: ''
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - RtlInitUnicodeString
+    - ZwClose
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - MmMapIoSpace
+    - IoDeleteSymbolicLink
+    - IofCompleteRequest
+    - ZwUnmapViewOfSection
+    - MmUnmapIoSpace
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - __C_specific_handler
+    - IoDeleteDevice
+    - HalTranslateBusAddress
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: OU=Timestamping CA, O=GlobalSign, CN=GlobalSign Timestamping
+                CA
+            ValidFrom: '2009-03-18 11:00:00'
+            ValidTo: '2028-01-28 12:00:00'
+            Signature: 5df6cb2b0d0140849f857a43706ae0c5e7aa0600d76713c9089131654f14a8a905dc389e6aa0300abd8dc78028ee4245ca94f3de5845a9803204f5595c6a70003927944df5b44634e81c5331b2b35416e9cc42abd5d959301cfb462725b88723b1e8758824831ec876377b01494548a4ede25dd27c9ca2dc2dba105a126265abae00c710343bcb72bd14240cdcc37627b4a7fee15829f20e169f91391d89a6e60f1c878ce258ac927e243eaaec14e73a33348bc63bac83ab0f14627aba1a2d4d4b1bc530f00b92797d3c78e0f8e6d215965999392b3061e8b8f8c0a1e9221411787dc4dc89bec0bb94e172aeebb540404fef171e585ed0a88996ac9228e9babf
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012019c19066
+            Version: 3
+            TBS:
+                MD5: 42023b9487cafe46c1b6a49c369a362e
+                SHA1: 7c7b524d269334b9f073c32e888e09544c6acd98
+                SHA256: b7126567833f3daa4085ff41e73112daad3d1e3808a942c1936520e2d6c46c78
+                SHA384: 0ee4f63d6f157ec4f6990c3ebb411ccd76cb1e2123c7f692459e43f96c0da2dbf60a2bce6afeacc60621d3055028baea
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=BE, O=GlobalSign NV, CN=GlobalSign Time Stamping Authority
+            ValidFrom: '2009-12-21 09:32:56'
+            ValidTo: '2020-12-22 09:32:56'
+            Signature: bc89ecfee63655935c79d4117a86808f17b693b26d9b91a1561811c655eaf608edad9b9ef52b81c8bbdd607b1b47991e6d403e1d80c213d58e04052fdbe7ae529e688472a1e54a603cf89bd52f46d8c3b2b79353ac9b6c432424d1f1fce9562e3411581843eaefff34746ca0c06c7fad031969881e9560cabbbd0cbb76efc724b081c63831cf36ad0c38b89020849b2e8f28b99ff6ca9427cdac396157e0e3955a9c769230f5dea6973d721c2a6032a8334d8635338a5cf3a4fdf7062ce16b4b30f5cbd34362f841b9de7d20cb058c8e2cf65f35fd338d42896508362ca389f45a858bb0b97bdb6ccba1f8d20e1bbb977cd12779be9d7c3be6a75634d8c991a9
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 01000000000125b0b4cc01
+            Version: 3
+            TBS:
+                MD5: e3369c8e5aec0504b3a50455f615d9f9
+                SHA1: 13c244a894b40ecd18aaf97c362f20385bd005a7
+                SHA256: 26da721a670c72836926032fee6920118bfb9bff89cc8d0ce30d9452c33f2532
+                SHA384: 1524902f0e25addc6d74039d439366d2b06199e215004fd8e145369f50ea94a021ce6312e8a62b35470da0309ccb975c
+        -   Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL
+                CO., LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL
+                CO., LTD.
+            ValidFrom: '2011-08-30 06:46:09'
+            ValidTo: '2014-08-30 06:46:09'
+            Signature: 87bf57ab7ffd7e005076b34b14ddd924045ec7e389871661794f1ece1bef10e050893b28236cb650af1415f8cd95e86c2052d93311d73e0bbe6fb1c22ddea438a93c8b18bd4b8c0f81ad07032efb46d406bbaa730dd3ac92cbf0d9cc711a397a0e0320b213a5161e6be83ec69967a712b463129ea56d5a8ecd3ff8901be09dfaa0a0f10e879b307863e1b1c3a3149ac73bc3f3160db7012229b57bced6d47b875878663642a8cddd03da1e7f236b8cf16713a5e0f4c892aaca77a8c7dab41d84567e2bbf09b336a2824e0e18d54d199e6e024d2630bb210cd24a9ef4b377be0429e2ecc9bf8478a8c6a78c686e26f29c95925baee85e4bbb97b6eecffe44a25e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
+            Version: 3
+            TBS:
+                MD5: 3a98a18e8636f2a01e49e2a6d116c360
+                SHA1: a2938150e46525adcec2e3a2348824bc1cf532b2
+                SHA256: 01a2e2d31d0a4f3005753cce5972b5da2a7c08b0750fb6947e0fd231e64ae7ec
+                SHA384: 722398e51e6b5bbe064df372be6b6a9ccfcc9719ad775213cae46920e0a3e6c5a4dc8b912de3148abfc60ff4a59050ea
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 59080883b71fd56bbf10ec0ae4b6bdd4
+        SHA1: 503a36a225568553cc9b05f63b3506c6ff21e12e
+        SHA256: bc812d4ddc3ecfbf38c4d0d185e368fc58bac6e07f722db032bf6303daa7c946
+    Sections:
+        .text:
+            Entropy: 5.866767422382319
+            Virtual Size: '0x8b4'
+        .rdata:
+            Entropy: 3.095201756852517
+            Virtual Size: '0x110'
+        .data:
+            Entropy: 2.4884950805464947
+            Virtual Size: '0x58'
+        .pdata:
+            Entropy: 3.045843351790575
+            Virtual Size: '0x54'
+        INIT:
+            Entropy: 4.468159720315432
+            Virtual Size: '0x218'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2011-09-06 06:24:50'
+    Imphash: 690a0fb27a0c47c785d6bbbfc2e56501
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: rtcore64.sys
+    MD5: 5b1e1a9dade81f1e80fdc0a2d3f9006e
+    SHA1: 9b8c7eda28bfad07ffe5f84a892299bc7e118442
+    SHA256: f37d609ea1f06660d970415dd3916c4c153bb5940bf7d2beb47fa34e8a8ffbfc
+    Authentihash:
+        MD5: a17d227444e090ff69e24fcb6d43162b
+        SHA1: 43d3a3c1f7b14cfcc051cae2534dbbbb4c7fc120
+        SHA256: b8eb26b6f79020ae988e4fb752dc06e1b6779749bf4f8df2872fc2b92bab8020
+    Description: ''
+    Company: ''
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    Product: ''
+    ProductVersion: ''
+    Copyright: ''
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - RtlInitUnicodeString
+    - ZwClose
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - IoDeleteSymbolicLink
+    - IofCompleteRequest
+    - MmIsAddressValid
+    - ZwUnmapViewOfSection
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - __C_specific_handler
+    - IoDeleteDevice
+    - HalTranslateBusAddress
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: OU=Timestamping CA, O=GlobalSign, CN=GlobalSign Timestamping
+                CA
+            ValidFrom: '2009-03-18 11:00:00'
+            ValidTo: '2028-01-28 12:00:00'
+            Signature: 5df6cb2b0d0140849f857a43706ae0c5e7aa0600d76713c9089131654f14a8a905dc389e6aa0300abd8dc78028ee4245ca94f3de5845a9803204f5595c6a70003927944df5b44634e81c5331b2b35416e9cc42abd5d959301cfb462725b88723b1e8758824831ec876377b01494548a4ede25dd27c9ca2dc2dba105a126265abae00c710343bcb72bd14240cdcc37627b4a7fee15829f20e169f91391d89a6e60f1c878ce258ac927e243eaaec14e73a33348bc63bac83ab0f14627aba1a2d4d4b1bc530f00b92797d3c78e0f8e6d215965999392b3061e8b8f8c0a1e9221411787dc4dc89bec0bb94e172aeebb540404fef171e585ed0a88996ac9228e9babf
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012019c19066
+            Version: 3
+            TBS:
+                MD5: 42023b9487cafe46c1b6a49c369a362e
+                SHA1: 7c7b524d269334b9f073c32e888e09544c6acd98
+                SHA256: b7126567833f3daa4085ff41e73112daad3d1e3808a942c1936520e2d6c46c78
+                SHA384: 0ee4f63d6f157ec4f6990c3ebb411ccd76cb1e2123c7f692459e43f96c0da2dbf60a2bce6afeacc60621d3055028baea
+        -   Subject: C=BE, O=GlobalSign NV, CN=GlobalSign Time Stamping Authority
+            ValidFrom: '2009-12-21 09:32:56'
+            ValidTo: '2020-12-22 09:32:56'
+            Signature: bc89ecfee63655935c79d4117a86808f17b693b26d9b91a1561811c655eaf608edad9b9ef52b81c8bbdd607b1b47991e6d403e1d80c213d58e04052fdbe7ae529e688472a1e54a603cf89bd52f46d8c3b2b79353ac9b6c432424d1f1fce9562e3411581843eaefff34746ca0c06c7fad031969881e9560cabbbd0cbb76efc724b081c63831cf36ad0c38b89020849b2e8f28b99ff6ca9427cdac396157e0e3955a9c769230f5dea6973d721c2a6032a8334d8635338a5cf3a4fdf7062ce16b4b30f5cbd34362f841b9de7d20cb058c8e2cf65f35fd338d42896508362ca389f45a858bb0b97bdb6ccba1f8d20e1bbb977cd12779be9d7c3be6a75634d8c991a9
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 01000000000125b0b4cc01
+            Version: 3
+            TBS:
+                MD5: e3369c8e5aec0504b3a50455f615d9f9
+                SHA1: 13c244a894b40ecd18aaf97c362f20385bd005a7
+                SHA256: 26da721a670c72836926032fee6920118bfb9bff89cc8d0ce30d9452c33f2532
+                SHA384: 1524902f0e25addc6d74039d439366d2b06199e215004fd8e145369f50ea94a021ce6312e8a62b35470da0309ccb975c
+        -   Subject: C=US, ST=California, L=Brea, O=EVGA, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=EVGA
+            ValidFrom: '2010-04-14 00:00:00'
+            ValidTo: '2012-04-15 23:59:59'
+            Signature: ba96817224593697c9135d803c5fc87767f2a7ed8fa0aa18eab4030a3daed18c55fb7eda8835d0488d18136c0db39d8edf3224790842cdf8580b35324631de717e9279d28d605285615341aeea10a73005d59cbe3138bebfa5003cbcf2971249423d820d6d252a18bf4dd124a1ac0c2f66015cbb23690e1b0fb9d5ce3f047663f1fb6735e54f09cfb6162da298bdc956490586cfdadee74a5766c187223e19112d22f59c7f3f325449afebc42689ec4c9399bd0d97397c37230804a4e5bc17e904008aa9c5972e2332302e57648006d057c9ed8c6384fb42d138971c86079b155c202733b837b3eef122c866ce3e6d8a8d9f1685e618cc2466d623d212b73df6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 79c32d7ddd2458cf2eabe5b1b5c5290f
+            Version: 3
+            TBS:
+                MD5: 5ba772ec00357ae706016510775c7a00
+                SHA1: eeb31b244ea14abae1e947ecdca0d6ae4720031b
+                SHA256: c8e707c2615c26ac78ed06b42dd20bc8ff82bc5e02ddafe2c9af85755097691b
+                SHA384: a1d6af64a5eb3841d632438119fc954354caf3ccea61b69003a7fc9da166a9c653dc0359be2ae2463bffb7b53b0911ac
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 79c32d7ddd2458cf2eabe5b1b5c5290f
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: deb9c1e252f598099d70d2b33a313da3
+        SHA1: f0c2801e0091ed6f5e10ea7045e911aa90030290
+        SHA256: 914fb9761d50c3fa2ecf9fbd8af3735f9b8d6c4903e067c8af9546e79b6f22c7
+    Sections:
+        .text:
+            Entropy: 5.7214393917162045
+            Virtual Size: '0xc74'
+        .rdata:
+            Entropy: 3.4063014058939425
+            Virtual Size: '0x130'
+        .data:
+            Entropy: 2.4884950805464947
+            Virtual Size: '0x58'
+        .pdata:
+            Entropy: 3.1879942043708462
+            Virtual Size: '0x60'
+        INIT:
+            Entropy: 4.4494366822955245
+            Virtual Size: '0x202'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2005-05-25 00:39:12'
+    Imphash: 543f80399f79401471523d335ea61642
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: RTCore64.sys
+    MD5: 24061b0958874c1cb2a5a8e9d25482d4
+    SHA1: 282fca60f0c37eb6d76400bca24567945e43c6d8
+    SHA256: f84f8173242b95f9f3c4fea99b5555b33f9ce37ca8188b643871d261cb081496
+    Authentihash:
+        MD5: cfe667280acf69d4b5d0e2dbc76510e4
+        SHA1: b3249bacda6e43aa2c46c2af802c9ee0b7e2fd7b
+        SHA256: 3c9829a16eb85272b0e1a2917feffaab8ddb23e633b168b389669339a0cee0b5
+    Description: ''
+    Company: ''
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    Product: ''
+    ProductVersion: ''
+    Copyright: ''
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - MmMapIoSpace
+    - __C_specific_handler
+    - ZwClose
+    - ZwUnmapViewOfSection
+    - MmUnmapIoSpace
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - RtlInitUnicodeString
+    - IoDeleteSymbolicLink
+    - IofCompleteRequest
+    - IoDeleteDevice
+    - HalSetBusDataByOffset
+    - HalTranslateBusAddress
+    - HalGetBusDataByOffset
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Timestamping CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2028-01-28 12:00:00'
+            Signature: 4e5e56901e46b4d94931f3bb1739281bc216ddfd41dc0905049b6fb2a29ad6992e40990055b5ea3fa52076d38634d417cc553ac782eeefa8babcd8069f1550dfcd167b523a02d7191afdaff0785ce04bc518df3a241edaacb8a95804020730dbb0125efe31bef00448f4f070f83a5e5683cf3dfb0dbcf4c5ed979db9d4dba52784e3389b8ba735864420a43b6da46a0ba183fd28ebdaef28f6cc885dfb0a3b00abe021ebe22f356c0f8e344597eba2f79933357ecb9a8abb454de73f9fc2d98afa65b26ec77e65ffe892e12c31a2f7b02736488f266f3bee4d761f79c3e57f9635bc2d0ecc01b08e7fff518080a792d4b34446648c874f166307314b63b0dff3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee152d7
+            Version: 3
+            TBS:
+                MD5: e140543fe3256027cfa79fc3c19c1776
+                SHA1: c655f94eb1ecc93de319fc0c9a2dc6c5ec063728
+                SHA256: 3ca71e85908ff67368e4dc00253f5691b9e6d50c966e7784143d75fb92aa3448
+                SHA384: d9d366f9328f2b55ee19a32cc5fd5148b81d764282fe5dc196c872ae249caa51d2c212ef39f33945dfe0cda81925e326
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=SG, O=GMO GlobalSign Pte Ltd, CN=GlobalSign TSA for MS Authenticode
+                , G2
+            ValidFrom: '2015-02-03 00:00:00'
+            ValidTo: '2026-03-03 00:00:00'
+            Signature: 8032dc078d1ca09c9d3c2ae83d218b59a14d7ecc44ce03be7eaabcc4e67b73bb4bf188da904e7537283863b9d72b0f54a956ce7739973073cd9bd9d905451c8da4b8035d4fd91c2e98e0e988e6ecd7057e562a7bf7165ba3ad8f972512841bb25c634a0ad2ef10544782843569289c0ce41f141624fa75dc74726e4ecae36a43afcf7d3648d1bde906912c2fa6c871fdcfbdd89d2198fcafdbde228cafa7f377ef9ddca3704b441af078851ef2a58c39b5dc881c37edad14f5070b26bdbe6d025eb1b8b0586c853a0df6ff5a270cc5de53e7543c564cc94e4c30f6f25cfb1a8cc282bead5991f61b4d557bcf5b01dcfd7ad36f235c32479b01f3c15114468a9b
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112106a081d33fd87ae5824cc16b52094e03
+            Version: 3
+            TBS:
+                MD5: a0ac4d48fe852f7b3ed4e623d59a825f
+                SHA1: d4db9846bc4d7db142eeb364286f6de7c102420c
+                SHA256: 78d2e41a13eb4e9171bae2d2adb192cf39210b5231f77cda936bcfbe8c003bdf
+                SHA384: 990ed96dca5979deeedc98a012279f04efb5559d7e7f5084a12f3802ee9439326557aecefd081cff739b78515b5d7f50
+        -   Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL
+                CO., LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL
+                CO., LTD.
+            ValidFrom: '2014-06-03 09:16:15'
+            ValidTo: '2017-09-03 09:16:15'
+            Signature: 8c35a5b5d3503f50119ab8f99b07a4bb4b71cafaf983206f744545c2997ae1762032fa2d37f4780cfe83bfa999d7bcbd863dc4a51ff39978160e2e191482ae6d7f08e8ffa337c96d8c2d38ddf476a497265a890c1bbf0dee89b1abd32343889a3757732d205ba06525fa8f6e15005405a53e55cef71ac0b6af3a640e4c8aef5e950ab8a8b5c8bcddb2ade96ad9473a3d860ae16fdbe3362cabfd916da089167d906d378dbf4534f7ffb77d87baba29f8f5bbbd9b4b7c127ac170a270dc7a7272d38fdf3bbadbfb448d47e5dd4d310a588666a0d66762e1b3704b1e00e39739190c02f4b981cf2d27ba07d2472ec320edf29e263f26278995d162102968c999b3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112158044863e4dc19cf29a85668b7f45842
+            Version: 3
+            TBS:
+                MD5: 403bb44a62aed1a94bd5df05b3292482
+                SHA1: e4a0353e75940ab1e8cbff2f433f186c7f0b0f09
+                SHA256: 5b81998ed98b343c04134c336e03f3051779eae0e9f882e8339593d18556375d
+                SHA384: db0076cad41a0ef4ea68754ef6905bd5ff772adcb745b05c0060344e43588abc95952dc3ad272f5a8f17b206e4089aca
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112158044863e4dc19cf29a85668b7f45842
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    RichPEHeaderHash:
+        MD5: ebe2ae976914018e88e9fc480e7b6269
+        SHA1: 960715bfbccb53b6c4eccca3b232b25640e15b52
+        SHA256: d755e9f3cb861f5227319238f1811265e332e36a922b9a25da38b122a791fdfa
+    Sections:
+        .text:
+            Entropy: 5.874422277751402
+            Virtual Size: '0x9b4'
+        .rdata:
+            Entropy: 3.0356607252090053
+            Virtual Size: '0x120'
+        .data:
+            Entropy: 2.4884950805464947
+            Virtual Size: '0x58'
+        .pdata:
+            Entropy: 2.979061917571089
+            Virtual Size: '0x54'
+        INIT:
+            Entropy: 4.523481595961036
+            Virtual Size: '0x258'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2015-04-24 01:01:47'
+    Imphash: cde9174249f04dad0f79890c976c0792
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: RTCore64.sys
+    MD5: 70196d88c03f2ea557281b24dad85de5
+    SHA1: 55015f64783ddd148674a74d8137bcd6ccd6231d
+    SHA256: f9895458e73d4b0ef01eda347fb695bb00e6598d9f5e2506161b70ad96bb7298
+    Authentihash:
+        MD5: 538e5e595c61d2ea8defb7b047784734
+        SHA1: 4a68c2d7a4c471e062a32c83a36eedb45a619683
+        SHA256: 478c36f8af7844a80e24c1822507beef6314519185717ec7ae224a0e04b2f330
+    Description: ''
+    Company: ''
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    Product: ''
+    ProductVersion: ''
+    Copyright: ''
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - MmMapIoSpace
+    - __C_specific_handler
+    - ZwClose
+    - ZwUnmapViewOfSection
+    - MmUnmapIoSpace
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - RtlInitUnicodeString
+    - IoDeleteSymbolicLink
+    - IofCompleteRequest
+    - IoDeleteDevice
+    - HalTranslateBusAddress
+    - HalGetBusDataByOffset
+    - HalSetBusDataByOffset
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited,
+                CN=AAA Certificate Services
+            ValidFrom: '2004-01-01 00:00:00'
+            ValidTo: '2028-12-31 23:59:59'
+            Signature: 0856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: '01'
+            Version: 3
+            TBS:
+                MD5: 93b601b98fc29a9e89a704048928b85f
+                SHA1: 3e8e6487f8fd27d322a269a71edaac5d57811286
+                SHA256: bedd4b1831f17c7ec1d507380f4c9836baa8ce20065a67db8b43acea14294ba4
+                SHA384: 5019d634bf6be7246128e117bfdf533f97aa574fae9080307b427fc77998fe9f280ba23b051cfbd6cf5d37c6e578d698
+        -   Subject: C=GB, O=Sectigo Limited, CN=Sectigo Public Code Signing Root
+                R46
+            ValidFrom: '2021-05-25 00:00:00'
+            ValidTo: '2028-12-31 23:59:59'
+            Signature: 12bfa1ef8b749a9844b86946b5ab240a0ca48a67b83a81bf458a7d5207a88d1f4e218539a36b5e2d2086bf10b8ae793b53cdb4fbd844be06d95c6367d44016874486722ad63215f51283c2f9e15d114067f6422772c523e202381a4c20e2db01f7cd464f26a27c66c05136b6890254c7fc58fb6c00eefe98a62e95a10c53291f6fd819a64f9ef7ac09ea5d82c68baf80a7bd8148528431da32ec15e4a64c3d6c3973d40b853920e0851a68e1a74838a9d1362577c18d1916c5884c667d2f63ce98e869dfac3ca85d9dc91c5baed8f32f74cfb87ef6d7839d1196629aae4513da7fdc47fbdfc3529fe60655e99d8cf23a6251bcec240f29d4588084e4457b5ad8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.12
+            IsCertificateAuthority: true
+            SerialNumber: 48fc93b46055948d36a7c98a89d69416
+            Version: 3
+            TBS:
+                MD5: 207045ce7b7ab131e78e459b13825902
+                SHA1: bcf7530a1ab309fb1926cb720f9fd58cff1cb88f
+                SHA256: 0f31a4237992e1ea623baf4c29480afb6d913e10f1fb1d56bb56f5b03fbff13b
+                SHA384: a229d2722bc6091d73b1d979b81088c977cb028a6f7cbf264bb81d5cc8f099f87d7c296e48bf09d7ebe275f5498661a4
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Trusted
+                Root G4
+            ValidFrom: '2022-08-01 00:00:00'
+            ValidTo: '2031-11-09 23:59:59'
+            Signature: 70a0bf435c55e7385fa0a3741b3db616d7f7bf5707bd9aaca1872cec855ea91abb22f8871a695422eda488776dbd1a14f4134a7a2f2db738eff4ff80b9f8a1f7f272de24bc5203c84ed02adefa2d56cff9f4f7ac307a9a8bb25ed4cfd143449b4321eb9672a148b499cb9d4fa7060313772744d4e77fe859a8f0bf2f0ba6e9f2343cecf703c787a8d24c401935466a6954b0b8a1568eeca4d53de8b1dcfd1cd8f4775a5c548c6fefa1503dfc760968849f6fcadb208d35601c0203cb20b0ac58a00e4063c59822c1b259f5556bcf27ab6c76ce6f232df47e716a236b22ff12b8542d277ed83ad9f0b68796fd5bd15cac18c34d9f73b701a99f57aa5e28e2b994
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.12
+            IsCertificateAuthority: true
+            SerialNumber: 0e9b188ef9d02de7efdb50e20840185a
+            Version: 3
+            TBS:
+                MD5: 21a266bd49f2778b24d13d95641ea6ac
+                SHA1: 21319f341fdf06bf6a104427afa8b7823b1ea7f3
+                SHA256: e933dc68ee65abd1f9b1aa6738eff60a6895d3d8cc4accf0c69069aa3decd757
+                SHA384: 11533efd6b326a4e065a936de300fe0586a479f93d569d2403bd62c7ad35f1b2199daee3adb510f429c4fc97b4b024e3
+        -   Subject: C=GB, O=Sectigo Limited, CN=Sectigo Public Code Signing CA R36
+            ValidFrom: '2021-03-22 00:00:00'
+            ValidTo: '2036-03-21 23:59:59'
+            Signature: 06ff82e17763366e7ba115209b13ff04fe98754461c3569571d1913f85a1eb4040b1c8d6e072fd85ca64393cf98d4ba0da87ae9db600a306c50b600a2be70c7172010f465d39a593b32372041b0c2c7a9a7ef221ac2ca695a4bdf3e429a010b22a9a4fd0e731604754d21a6c6aa0412193ad05a8e3730e7ec3f29e16f3d87cb17f95d6299a51bebddd31aa5a9dd3df620a19f220cbd8e477b18ced809adb1ba559f43a135c59b583445ff7b01a7a7d65e1cfb0dc30be224c0592f8c55778d2e3d65273895284a2ba06b3d3258b38346d431b39a94e84e7c28a99f1f0268b65e5667b9c842e0d3d265a3c04c7bcd233b7ecf53c7a37e43fdfee3da93b54bc042cac4031c26cce4c9e89a7ab969870a0ac75b8747337213a6f1b9229cbad8acaa628be4e4ee9c0bed38d128b5e4a269b90f552676cfbea62a7cc07d9c4297fdddab7754370e2b837b130a08241d246a4ea94b312ee08eb853a819b3bb52fdd18d4a58dfd8e4929d1afb296cead37ce5f25ef98f2fa139db3d4d649e9cb6e305050647de9c16bea51147c02041d50b52faf18d461b1c78fde448f36badf376b11cc562c35fac5696cfc60e754db9e2a35941f77d3bf563c59d868ebdf1800347b4cdc7c5fccf605ebfa4a2bc104e1d8faeaa28ab66d834cbd4a14283f3982727eb74b26ad6adbf1d79ed82bd86570f995a1ad680c4e7f2fd528d9b0b96b8087d91c
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.12
+            IsCertificateAuthority: true
+            SerialNumber: 621d6d0c52019e3b9079152089211c0a
+            Version: 3
+            TBS:
+                MD5: 69409ee689cc94e90149ce9bccab49ae
+                SHA1: f3939507fa02c048647ede4cced7596339738157
+                SHA256: 3a42b4be5968e1e6489b8362a2a84cdbf7834f2aa9eb96cfb0dfeedeac4aa7d3
+                SHA384: 0eeb0f83c55ccaaf275cec9caaed00280b6dd9bd8e37bd8a191a5cf77a0e2d1298edb019e2a1e67e3f7bd4b1c7616dc0
+        -   Subject: C=CA, ST=Ontario, O=Cold Air Systems Inc., CN=Cold Air Systems
+                Inc.
+            ValidFrom: '2022-03-21 00:00:00'
+            ValidTo: '2023-03-21 23:59:59'
+            Signature: 899cc58baab9d8082af52a5a8c62d594e974a7f2d203905cb6165dc431bd5dae5c462a5bc84d32dec948286995c0c74c3450add6b4aec9b1162a19bccfb775f1c2a0bc54e1b252788dc528687347e316960caa524fa1b042cdf1a7dd147211a11de99d3513096b90923e8e24d2fb87da2beed19a91edbaca4d49efbd2d7af5a7f9a3a80b60de35850b969c22edfe268c5b76db79a0841da78b309b3258ca7ae2167876ccb1184c58f8af265e493345d86b419632c7dc2ebe9339216fb6664079c76aa9062603514b8a523084563b215b9aec378627dc7b64682097f3f8df7b4abb4bcd560331f64fbfd2a03074fd34cb09e8e8e335b5852acb05e6e96fa89138510b70bac8cf13ae8ab08640704fe55c1df075e0e7ce96592919126e452cc66b4e7ffce753bdf3ded2ca163030f8848d852097859344bb9cd6ee0319f4ad0deae33ddafaaedfd0c68d8d372a0fe1d8947b785547eab4c58f96846ad26a2ce2cf26deb5961906ee7ad1eec9cc64debbb5b1f8dd5bf1a036053f4dbfe425b57113
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.12
+            IsCertificateAuthority: false
+            SerialNumber: 0096c2ac9b7a12bd9588243110dc6b0519
+            Version: 3
+            TBS:
+                MD5: 466b9aa4bd3cf112cd4137ad2a126a6f
+                SHA1: da908b34622da9cd35e04241f7b75cb324bdbeba
+                SHA256: 6aa5da7e4e7ecc6c823702da039db9e3b84d474a1d04559162f212eb4468ab3e
+                SHA384: 63c064a3b7e9a04bb6caa5de429686291b11f6c4faf68929d70fac63b48a1ca5d0b51c871d1b61974163e776358876a3
+        -   Subject: C=US, O=DigiCert, Inc., CN=DigiCert Trusted G4 RSA4096 SHA256
+                TimeStamping CA
+            ValidFrom: '2022-03-23 00:00:00'
+            ValidTo: '2037-03-22 23:59:59'
+            Signature: 7d598ec093b66f98a94422017e66d6d82142e1b0182e104d13cf3053cebf18fbc7505de24b29fb708a0daa2969fc69c1cf1d07e93e60c8d80be55c5bd76d87fa842025343167cdb612966fc4504c621d0c0882a816bda956cf15738d012225ce95693f4777fb727414d7ffab4f8a2c7aab85cd435fed60b6aa4f91669e2c9ee08aace5fd8cbc6426876c92bd9d7cd0700a7cefa8bc754fba5af7a910b25de9ff285489f0d58a717665daccf072a323fac0278244ae99271bab241e26c1b7de2aebf69eb1799981a35686ab0a45c9dfc48da0e798fbfba69d72afc4c7c1c16a71d9c6138009c4b69fcd878724bb4fa349b9776691f1729ce94b0252a7377e9353ac3b1d08490f94cd397addff256399272c3d3f6ba7f166c341cd4fb6409b212140d0b71324cddc1d783ae49eade5347192d7266be43873aba6014fbd3f3b78ad4cadfbc4957bed0a5f33398741787a38e99ce1dd23fd1d28d3c7f9e8f1985ffb2bd87ef2469d752c1e272c26db6f157b1e198b36b893d4e6f2179959ca70f037bf9800df20164f27fb606716a166badd55c03a2986b098a02bed9541b73ad5159831b462090f0abd81d913febfa4d1f357d9bc04fa82de32df0489f000cd5dc2f9d0237f000be4760226d9f0657642a6298709472be67f1aa4850ffc9896f655542b1f80fac0f20e2be5d6fba92f44154ae7130e1ddb37381aa12bf6edd67cfc
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 073637b724547cd847acfd28662a5e5b
+            Version: 3
+            TBS:
+                MD5: e4b8ad9932ff9205f580cf8fb2afbb86
+                SHA1: 5301f7044d78bf94dd2b6e4871083a17fdba1dcc
+                SHA256: c3d01499a5d1d2f71e0f44e78fbfa4b8aadb43dd4f226401e0c1d7a6d53357fa
+                SHA384: 84b5f399da5a4f4387269adfd951ef7d2197c29552ed2d2e449060664c3825d6bdb2acc3e563d999e54652f7384f445e
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp 2022 , 2
+            ValidFrom: '2022-09-21 00:00:00'
+            ValidTo: '2033-11-21 23:59:59'
+            Signature: 55aa2a1af346f378573730fc75e34fd68523f1fcf995399b25e6f7728a98c377d464fc15fb36c249512c7888635509463900fc69d4ca9b29fba33fc0c9009b131db09889dc78f2cd7c85cd539daf62e26166a3142a45874a98422b50fc1bb59e083009fae42dd7098979f909e688ce7d1bb86aa29bc1536009e8a3b89dd7ad1f1cb8ec9841f0f60e80fbe4ffdf9d10a7eb00ba5f4a8f1a3a52b4eabf0949153536599a0f54d2b21b7f7e5e09ad76548a746dcad205672b76ebff98b226953819884414e50a59a26be7223e4421d23f1cc09bed7c48b2d8920c914f3c6694af5d0253eb9ee29ee4d31f8601649c00c2e95a74750d3de17988bf1c0197c9192380d7365a5f9616b1630cc646403bce5d35d4593e439a18aec3c9cbc3fb9b135f6ab5c7e0f305c359df27622bde41c953b9ff341067f62632987bfe5c42948194829dac0a8bc64b154ad3989045603380e023def803a4f64547e5ceb8034247e841367177adfda2e897744e2eda1e1d8c5ac81e9ad5c2f0c622a84f9bbdd81c9a51c42f9af65fa72797ba962e8557c060e778567f6aefc2959a4b1102c8829cc91a057cba71b54e7a996cf4e89ed45a98c89fbf8dbb185c43f5d02ae8e262ee7804dbbdd1fb5b0aa8707ef0978478e308035d472c63a825389701d23f3adae5e5f6e69bdc7e2cccff174c4d00a2d8d6010eb88beee6e07255892c271961f677018c
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 0c4d69724b94fa3c2a4a3d2907803d5a
+            Version: 3
+            TBS:
+                MD5: 812cb8ca0c79b318780ec5128ad13c1d
+                SHA1: 3f8047d078307123301e50a25e9afb0dc4b6843d
+                SHA256: 0c0b121e6f807bc22d4e0f4945634c22eca7e4d5ca58a1526a40e918a35c1d79
+                SHA384: 86aab81948499b3c90833253a853e7b3fd82ccf7b65b35806831ab60814bfc6ad8848c990df262a1c89b6fc4267dad81
+        Signer:
+        -   SerialNumber: 0096c2ac9b7a12bd9588243110dc6b0519
+            Issuer: C=GB, O=Sectigo Limited, CN=Sectigo Public Code Signing CA R36
+            Version: 1
+    RichPEHeaderHash:
+        MD5: ebe2ae976914018e88e9fc480e7b6269
+        SHA1: 960715bfbccb53b6c4eccca3b232b25640e15b52
+        SHA256: d755e9f3cb861f5227319238f1811265e332e36a922b9a25da38b122a791fdfa
+    Sections:
+        .text:
+            Entropy: 5.9488831741487855
+            Virtual Size: '0xb64'
+        .rdata:
+            Entropy: 3.0845170472775276
+            Virtual Size: '0x12c'
+        .data:
+            Entropy: 2.4884950805464947
+            Virtual Size: '0x58'
+        .pdata:
+            Entropy: 3.0964706270496722
+            Virtual Size: '0x60'
+        INIT:
+            Entropy: 4.528890116790764
+            Virtual Size: '0x258'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2016-09-30 06:03:17'
+    Imphash: 7363079b9aae7d58bd33c691a613c83c
+    LoadsDespiteHVCI: 'TRUE'
+-   Authentihash:
+        MD5: 55466195f0b2f4afc4243b43a806e6d9
+        SHA1: 38b353d8480885de5dcf299deca99ce4f26a1d20
+        SHA256: 5182caf10de9cec0740ecde5a081c21cdc100d7eb328ffe6f3f63183889fec6b
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2011-09-06 06:24:50'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - RtlInitUnicodeString
+    - ZwClose
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - MmMapIoSpace
+    - IoDeleteSymbolicLink
+    - IofCompleteRequest
+    - ZwUnmapViewOfSection
+    - MmUnmapIoSpace
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - __C_specific_handler
+    - IoDeleteDevice
+    - HalTranslateBusAddress
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: d78a29306f42d42cd48ad6bc6c6a7602
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 59080883b71fd56bbf10ec0ae4b6bdd4
+        SHA1: 503a36a225568553cc9b05f63b3506c6ff21e12e
+        SHA256: bc812d4ddc3ecfbf38c4d0d185e368fc58bac6e07f722db032bf6303daa7c946
+    SHA1: 4d516b1c9b7a81de2836ab24ba6b880c11807255
+    SHA256: bb0742036c82709e02f25f98a9ff37c36a8c228bcaa98e40629fac8cde95b421
+    Sections:
+        .text:
+            Entropy: 5.866767422382319
+            Virtual Size: '0x8b4'
+        .rdata:
+            Entropy: 3.095201756852517
+            Virtual Size: '0x110'
+        .data:
+            Entropy: 2.4884950805464947
+            Virtual Size: '0x58'
+        .pdata:
+            Entropy: 3.045843351790575
+            Virtual Size: '0x54'
+        INIT:
+            Entropy: 4.468159720315432
+            Virtual Size: '0x218'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: OU=Timestamping CA, O=GlobalSign, CN=GlobalSign Timestamping
+                CA
+            ValidFrom: '2009-03-18 11:00:00'
+            ValidTo: '2028-01-28 12:00:00'
+            Signature: 5df6cb2b0d0140849f857a43706ae0c5e7aa0600d76713c9089131654f14a8a905dc389e6aa0300abd8dc78028ee4245ca94f3de5845a9803204f5595c6a70003927944df5b44634e81c5331b2b35416e9cc42abd5d959301cfb462725b88723b1e8758824831ec876377b01494548a4ede25dd27c9ca2dc2dba105a126265abae00c710343bcb72bd14240cdcc37627b4a7fee15829f20e169f91391d89a6e60f1c878ce258ac927e243eaaec14e73a33348bc63bac83ab0f14627aba1a2d4d4b1bc530f00b92797d3c78e0f8e6d215965999392b3061e8b8f8c0a1e9221411787dc4dc89bec0bb94e172aeebb540404fef171e585ed0a88996ac9228e9babf
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012019c19066
+            Version: 3
+            TBS:
+                MD5: 42023b9487cafe46c1b6a49c369a362e
+                SHA1: 7c7b524d269334b9f073c32e888e09544c6acd98
+                SHA256: b7126567833f3daa4085ff41e73112daad3d1e3808a942c1936520e2d6c46c78
+                SHA384: 0ee4f63d6f157ec4f6990c3ebb411ccd76cb1e2123c7f692459e43f96c0da2dbf60a2bce6afeacc60621d3055028baea
+        -   Subject: C=BE, O=GlobalSign NV, CN=GlobalSign Time Stamping Authority
+            ValidFrom: '2009-12-21 09:32:56'
+            ValidTo: '2020-12-22 09:32:56'
+            Signature: bc89ecfee63655935c79d4117a86808f17b693b26d9b91a1561811c655eaf608edad9b9ef52b81c8bbdd607b1b47991e6d403e1d80c213d58e04052fdbe7ae529e688472a1e54a603cf89bd52f46d8c3b2b79353ac9b6c432424d1f1fce9562e3411581843eaefff34746ca0c06c7fad031969881e9560cabbbd0cbb76efc724b081c63831cf36ad0c38b89020849b2e8f28b99ff6ca9427cdac396157e0e3955a9c769230f5dea6973d721c2a6032a8334d8635338a5cf3a4fdf7062ce16b4b30f5cbd34362f841b9de7d20cb058c8e2cf65f35fd338d42896508362ca389f45a858bb0b97bdb6ccba1f8d20e1bbb977cd12779be9d7c3be6a75634d8c991a9
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 01000000000125b0b4cc01
+            Version: 3
+            TBS:
+                MD5: e3369c8e5aec0504b3a50455f615d9f9
+                SHA1: 13c244a894b40ecd18aaf97c362f20385bd005a7
+                SHA256: 26da721a670c72836926032fee6920118bfb9bff89cc8d0ce30d9452c33f2532
+                SHA384: 1524902f0e25addc6d74039d439366d2b06199e215004fd8e145369f50ea94a021ce6312e8a62b35470da0309ccb975c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=US, ST=California, L=Brea, O=EVGA, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=EVGA
+            ValidFrom: '2012-02-29 00:00:00'
+            ValidTo: '2014-04-15 23:59:59'
+            Signature: d77d9dbdeea6d42d15335f0b16117963e49d39b89af081160a467824968e611f0947648a83375d1380acca6cbe1117f488b428bcab943b20dad29e72dd48e7d01b080b12c444727bba415a098799abd5e5673dd7eda91787920c3cc53aac068e0a3d1faef713c14f7ec6f68f69a33340b70e81083db2ce1daf45592063235d05232a1d3d8052fc3f102b2b71e1c46275eff3d4a2dc5ee0d5d727d180da205055a3709a32ad6bd11317b1f109e7c5eca18c8293c937ba6f76278bc306c10f0f1bc865cedcf2c2331e7a7f5c0bcfab91786b8ff848d8ef9c59937ddb94f6369884162148f882e7d0c4343538ad23aeb6ab3db0f6d125a8e2fe3889e40ed66bc66a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 26d7f5563eb3e42a81f7c715fcd2799d
+            Version: 3
+            TBS:
+                MD5: e994671d8d440b7739cdd9775bbca72f
+                SHA1: ea9446b39b968aa6953e1bf74a36435759b3d2e3
+                SHA256: 37a9886a67c19d644c74505801f947d3b2756a5540cbd89a0c8d500511cb838d
+                SHA384: 41d34e73f1b002f885c80004e3c366299392258ce5ba880150875ed8811ebc9913dc34cdf7c9800a8303dd512207787c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 26d7f5563eb3e42a81f7c715fcd2799d
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 690a0fb27a0c47c785d6bbbfc2e56501
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/2866bd72-a4b1-4764-a838-9ed0790c2631.yaml b/yaml/2866bd72-a4b1-4764-a838-9ed0790c2631.yaml
index 32c3e5a41..8449ea3c2 100644
--- a/yaml/2866bd72-a4b1-4764-a838-9ed0790c2631.yaml
+++ b/yaml/2866bd72-a4b1-4764-a838-9ed0790c2631.yaml
@@ -1,224 +1,225 @@
 Id: 2866bd72-a4b1-4764-a838-9ed0790c2631
+Tags:
+- a236e7d654cd932b7d11cb604629a2d0.sys
+Verified: 'TRUE'
 Author: Alice Climent-Pommeret
 Created: '2023-07-31'
 MitreID: T1014
 Category: malicious
-Verified: 'TRUE'
 Commands:
-  Command: sc.exe create a236e7d654cd932b7d11cb604629a2d0.sys binPath=C:\windows\temp\a236e7d654cd932b7d11cb604629a2d0.sys
-    type=kernel && sc.exe start a236e7d654cd932b7d11cb604629a2d0.sys
-  Description: "Cisco Talos has identified multiple versions of an undocumented malicious\
-    \ driver named \u201CRedDriver,\u201D a driver-based browser hijacker that uses\
-    \ the Windows Filtering Platform (WFP) to intercept browser traffic. RedDriver\
-    \ has been active since at least 2021. RedDriver utilizes HookSignTool to forge\
-    \ its signature timestamp to bypass Windows driver-signing policies. Code from\
-    \ multiple open-source tools has been used in the development of RedDriver's infection\
-    \ chain, including HP-Socket and a custom implementation of ReflectiveLoader.\
-    \ The authors of RedDriver appear to be skilled in driver development and have\
-    \ deep knowledge of the Windows operating system. This threat appears to target\
-    \ native Chinese speakers, as it searches for Chinese language browsers to hijack.\
-    \ Additionally, the authors are likely Chinese speakers themselves."
-  Usecase: ''
-  Privileges: kernel
-  OperatingSystem: Windows 10
+    Command: sc.exe create a236e7d654cd932b7d11cb604629a2d0.sys binPath=C:\windows\temp\a236e7d654cd932b7d11cb604629a2d0.sys
+        type=kernel && sc.exe start a236e7d654cd932b7d11cb604629a2d0.sys
+    Description: "Cisco Talos has identified multiple versions of an undocumented\
+        \ malicious driver named \u201CRedDriver,\u201D a driver-based browser hijacker\
+        \ that uses the Windows Filtering Platform (WFP) to intercept browser traffic.\
+        \ RedDriver has been active since at least 2021. RedDriver utilizes HookSignTool\
+        \ to forge its signature timestamp to bypass Windows driver-signing policies.\
+        \ Code from multiple open-source tools has been used in the development of\
+        \ RedDriver's infection chain, including HP-Socket and a custom implementation\
+        \ of ReflectiveLoader. The authors of RedDriver appear to be skilled in driver\
+        \ development and have deep knowledge of the Windows operating system. This\
+        \ threat appears to target native Chinese speakers, as it searches for Chinese\
+        \ language browsers to hijack. Additionally, the authors are likely Chinese\
+        \ speakers themselves."
+    Usecase: ''
+    Privileges: kernel
+    OperatingSystem: Windows 10
 Resources:
 - https://blog.talosintelligence.com/undocumented-reddriver/
-Acknowledgement:
-  Person: ''
-  Handle: ''
 Detection: []
+Acknowledgement:
+    Person: ''
+    Handle: ''
 KnownVulnerableSamples:
-- Filename: ''
-  MD5: a236e7d654cd932b7d11cb604629a2d0
-  SHA1: bf2f8ada4e80aed4710993cedf4c5d32c95cd509
-  SHA256: 497a836693be1b330993e2be64f6c71bf290c127faca1c056abd0dc374654830
-  Signature: ''
-  Date: ''
-  Publisher: ''
-  Company: ''
-  Description: ''
-  Product: ''
-  ProductVersion: ''
-  FileVersion: ''
-  MachineType: AMD64
-  OriginalFilename: ''
-  Authentihash:
-    MD5: bfb9d2676665a9791c81ebfd08054d8d
-    SHA1: 85c2a04f6c165640758466eb5f73a5070bc127f2
-    SHA256: d9d4e7d594b4b318ac78baa79f119e4c85493eec1c1f939ae10b1633346c6e9e
-  RichPEHeaderHash:
-    MD5: ecdd5c0e8a78b145a8e5d9443ff0f2eb
-    SHA1: 3ed3a76d965f1b5e387959ceedc84567a2f7bca4
-    SHA256: 1edc4e310bd57e5c317b972f0bdb9f1f0794009b7039364dd6a879ee5f342754
-  Sections:
-    .text:
-      Entropy: 6.2119592546505995
-      Virtual Size: '0xc1ee'
-    .rdata:
-      Entropy: 5.110403242864534
-      Virtual Size: '0xbac'
-    .data:
-      Entropy: 7.880065856311981
-      Virtual Size: '0xa5490'
-    .pdata:
-      Entropy: 4.5968345164469415
-      Virtual Size: '0x540'
-    PAGE:
-      Entropy: 6.308757256393646
-      Virtual Size: '0x9b5'
-    INIT:
-      Entropy: 5.268683087271941
-      Virtual Size: '0xa96'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2023-06-29 16:52:18'
-  InternalName: ''
-  Copyright: ''
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IoRegisterDriverReinitialization
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeSetEvent
-  - KeInitializeEvent
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - ZwClose
-  - IofCompleteRequest
-  - ObReferenceObjectByHandle
-  - KeWaitForSingleObject
-  - PsThreadType
-  - IoIsWdmVersionAvailable
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - ZwReadFile
-  - IoCreateFile
-  - ZwSetInformationFile
-  - ZwCreateFile
-  - ZwQueryDirectoryFile
-  - ZwDeleteFile
-  - ZwOpenFile
-  - RtlImageNtHeader
-  - ZwQueryInformationFile
-  - ZwWriteFile
-  - ZwSetValueKey
-  - ZwQueryValueKey
-  - _vsnprintf
-  - ZwFlushKey
-  - ZwDeleteKey
-  - ZwOpenKey
-  - _stricmp
-  - ZwCreateKey
-  - PsSetLoadImageNotifyRoutine
-  - PsGetProcessImageFileName
-  - PsLookupProcessByProcessId
-  - MmGetSystemRoutineAddress
-  - RtlGetVersion
-  - FsRtlIsNameInExpression
-  - wcsrchr
-  - PsRemoveLoadImageNotifyRoutine
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - KeUnstackDetachProcess
-  - ObOpenObjectByPointer
-  - KeStackAttachProcess
-  - ZwAllocateVirtualMemory
-  - KeClearEvent
-  - _wcsnicmp
-  - ObCreateObject
-  - IoFileObjectType
-  - IoDriverObjectType
-  - MmMapLockedPagesSpecifyCache
-  - IoGetCurrentProcess
-  - _vsnwprintf
-  - KeQueryTimeIncrement
-  - IoGetDeviceAttachmentBaseRef
-  - IoFreeIrp
-  - IoAllocateIrp
-  - RtlCompareUnicodeString
-  - CmRegisterCallback
-  - PsGetCurrentProcessId
-  - RtlCopyUnicodeString
-  - CmCallbackGetKeyObjectID
-  - ZwEnumerateKey
-  - strstr
-  - KeDelayExecutionThread
-  - ExSystemTimeToLocalTime
-  - RtlTimeToTimeFields
-  - RtlMultiByteToUnicodeN
-  - IoBuildDeviceIoControlRequest
-  - IoGetRelatedDeviceObject
-  - IoFreeMdl
-  - IoCancelIrp
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - IofCallDriver
-  - ZwMapViewOfSection
-  - ExGetPreviousMode
-  - ZwQuerySystemInformation
-  - ZwUnmapViewOfSection
-  - ZwCreateSection
-  - ExFreePool
-  - KeBugCheckEx
-  - __C_specific_handler
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=CN, ST=Beijing, L=Beijing, O=Beijing JoinHope Image Technology Ltd.,
-        CN=Beijing JoinHope Image Technology Ltd.
-      ValidFrom: '2014-05-16 00:00:00'
-      ValidTo: '2015-05-16 23:59:59'
-      Signature: e896f8811ed9938fcbdc8c37f8c029045bb36722791c608d7d59f1d50b9e8923777b3ce973553c8164d7445f038c3720516d74f2f95fd734cd1349c1e6cf17f1c9042f069fb94350f7cd8f36f676fd175742d32adbc5d143423e3bc38bea71f9d021110303529d578ba7aab16d53c61642cf1f7e16964718a083182429d4347a09ea0047d9e53bad112ca5a5a14a180539ceb64000a677709bb70e9e3aea68158977072e7f130f1f99b08c2593b4003523f3f6cd441a7e4d8e88f3a2b871e6a03627dd3dadd97487df1dc5b93119ec65b60d1e4e0248a1978ee7480c08b8b8e54d890e7941aa852cf65d731cf0a6cf66584a0d0fba70d6697ee22a8d859919f4
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0a005d2e2bcd4137168217d8c727747c
-      Version: 3
-      TBS:
-        MD5: 4d213d99215f488050faaa39765656d1
-        SHA1: 0308508b5a3fcd330bbf28931f8e1a9c93c3ee69
-        SHA256: ea947432de238a25fdb7892e436f4ef44f30ab16ae9e1eb914860f4808b25ef2
-        SHA384: 430e932514f35ed55f31f050f33bcc0b9244fd83c6d1d28ee240306e54292e93b5894ef4eb9c09bf84cdc8068c6a7230
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 0a005d2e2bcd4137168217d8c727747c
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: be0dd8b8e045356d600ee55a64d9d197
-  LoadsDespiteHVCI: 'TRUE'
-Tags:
-- a236e7d654cd932b7d11cb604629a2d0.sys
+-   Filename: ''
+    MD5: a236e7d654cd932b7d11cb604629a2d0
+    SHA1: bf2f8ada4e80aed4710993cedf4c5d32c95cd509
+    SHA256: 497a836693be1b330993e2be64f6c71bf290c127faca1c056abd0dc374654830
+    Signature: ''
+    Date: ''
+    Publisher: ''
+    Company: ''
+    Description: ''
+    Product: ''
+    ProductVersion: ''
+    FileVersion: ''
+    MachineType: AMD64
+    OriginalFilename: ''
+    Authentihash:
+        MD5: bfb9d2676665a9791c81ebfd08054d8d
+        SHA1: 85c2a04f6c165640758466eb5f73a5070bc127f2
+        SHA256: d9d4e7d594b4b318ac78baa79f119e4c85493eec1c1f939ae10b1633346c6e9e
+    RichPEHeaderHash:
+        MD5: ecdd5c0e8a78b145a8e5d9443ff0f2eb
+        SHA1: 3ed3a76d965f1b5e387959ceedc84567a2f7bca4
+        SHA256: 1edc4e310bd57e5c317b972f0bdb9f1f0794009b7039364dd6a879ee5f342754
+    Sections:
+        .text:
+            Entropy: 6.2119592546505995
+            Virtual Size: '0xc1ee'
+        .rdata:
+            Entropy: 5.110403242864534
+            Virtual Size: '0xbac'
+        .data:
+            Entropy: 7.880065856311981
+            Virtual Size: '0xa5490'
+        .pdata:
+            Entropy: 4.5968345164469415
+            Virtual Size: '0x540'
+        PAGE:
+            Entropy: 6.308757256393646
+            Virtual Size: '0x9b5'
+        INIT:
+            Entropy: 5.268683087271941
+            Virtual Size: '0xa96'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2023-06-29 16:52:18'
+    InternalName: ''
+    Copyright: ''
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - IoRegisterDriverReinitialization
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeSetEvent
+    - KeInitializeEvent
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - ZwClose
+    - IofCompleteRequest
+    - ObReferenceObjectByHandle
+    - KeWaitForSingleObject
+    - PsThreadType
+    - IoIsWdmVersionAvailable
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - ZwReadFile
+    - IoCreateFile
+    - ZwSetInformationFile
+    - ZwCreateFile
+    - ZwQueryDirectoryFile
+    - ZwDeleteFile
+    - ZwOpenFile
+    - RtlImageNtHeader
+    - ZwQueryInformationFile
+    - ZwWriteFile
+    - ZwSetValueKey
+    - ZwQueryValueKey
+    - _vsnprintf
+    - ZwFlushKey
+    - ZwDeleteKey
+    - ZwOpenKey
+    - _stricmp
+    - ZwCreateKey
+    - PsSetLoadImageNotifyRoutine
+    - PsGetProcessImageFileName
+    - PsLookupProcessByProcessId
+    - MmGetSystemRoutineAddress
+    - RtlGetVersion
+    - FsRtlIsNameInExpression
+    - wcsrchr
+    - PsRemoveLoadImageNotifyRoutine
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - KeUnstackDetachProcess
+    - ObOpenObjectByPointer
+    - KeStackAttachProcess
+    - ZwAllocateVirtualMemory
+    - KeClearEvent
+    - _wcsnicmp
+    - ObCreateObject
+    - IoFileObjectType
+    - IoDriverObjectType
+    - MmMapLockedPagesSpecifyCache
+    - IoGetCurrentProcess
+    - _vsnwprintf
+    - KeQueryTimeIncrement
+    - IoGetDeviceAttachmentBaseRef
+    - IoFreeIrp
+    - IoAllocateIrp
+    - RtlCompareUnicodeString
+    - CmRegisterCallback
+    - PsGetCurrentProcessId
+    - RtlCopyUnicodeString
+    - CmCallbackGetKeyObjectID
+    - ZwEnumerateKey
+    - strstr
+    - KeDelayExecutionThread
+    - ExSystemTimeToLocalTime
+    - RtlTimeToTimeFields
+    - RtlMultiByteToUnicodeN
+    - IoBuildDeviceIoControlRequest
+    - IoGetRelatedDeviceObject
+    - IoFreeMdl
+    - IoCancelIrp
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - IofCallDriver
+    - ZwMapViewOfSection
+    - ExGetPreviousMode
+    - ZwQuerySystemInformation
+    - ZwUnmapViewOfSection
+    - ZwCreateSection
+    - ExFreePool
+    - KeBugCheckEx
+    - __C_specific_handler
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=CN, ST=Beijing, L=Beijing, O=Beijing JoinHope Image Technology
+                Ltd., CN=Beijing JoinHope Image Technology Ltd.
+            ValidFrom: '2014-05-16 00:00:00'
+            ValidTo: '2015-05-16 23:59:59'
+            Signature: e896f8811ed9938fcbdc8c37f8c029045bb36722791c608d7d59f1d50b9e8923777b3ce973553c8164d7445f038c3720516d74f2f95fd734cd1349c1e6cf17f1c9042f069fb94350f7cd8f36f676fd175742d32adbc5d143423e3bc38bea71f9d021110303529d578ba7aab16d53c61642cf1f7e16964718a083182429d4347a09ea0047d9e53bad112ca5a5a14a180539ceb64000a677709bb70e9e3aea68158977072e7f130f1f99b08c2593b4003523f3f6cd441a7e4d8e88f3a2b871e6a03627dd3dadd97487df1dc5b93119ec65b60d1e4e0248a1978ee7480c08b8b8e54d890e7941aa852cf65d731cf0a6cf66584a0d0fba70d6697ee22a8d859919f4
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0a005d2e2bcd4137168217d8c727747c
+            Version: 3
+            TBS:
+                MD5: 4d213d99215f488050faaa39765656d1
+                SHA1: 0308508b5a3fcd330bbf28931f8e1a9c93c3ee69
+                SHA256: ea947432de238a25fdb7892e436f4ef44f30ab16ae9e1eb914860f4808b25ef2
+                SHA384: 430e932514f35ed55f31f050f33bcc0b9244fd83c6d1d28ee240306e54292e93b5894ef4eb9c09bf84cdc8068c6a7230
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 0a005d2e2bcd4137168217d8c727747c
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: be0dd8b8e045356d600ee55a64d9d197
+    LoadsDespiteHVCI: 'TRUE'
diff --git a/yaml/29cb263b-b0b0-40d5-a97d-5ddf4ba79c1e.yaml b/yaml/29cb263b-b0b0-40d5-a97d-5ddf4ba79c1e.yaml
index 342b61cd6..f7893287f 100644
--- a/yaml/29cb263b-b0b0-40d5-a97d-5ddf4ba79c1e.yaml
+++ b/yaml/29cb263b-b0b0-40d5-a97d-5ddf4ba79c1e.yaml
@@ -1,36 +1,36 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 29cb263b-b0b0-40d5-a97d-5ddf4ba79c1e
+Tags:
+- goad.sys
+Verified: 'FALSE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create goad.sys binPath=C:\windows\temp\goad.sys type=kernel &&
-    sc.exe start goad.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection: []
-Id: 29cb263b-b0b0-40d5-a97d-5ddf4ba79c1e
-KnownVulnerableSamples:
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: goad.sys
-  MD5: 312e31851e0fc2072dbf9a128557d6ef
-  MachineType: ''
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  Signature: []
-  LoadsDespiteHVCI: 'TRUE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create goad.sys binPath=C:\windows\temp\goad.sys type=kernel &&
+        sc.exe start goad.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://github.com/jbaines-r7/dellicious
 - https://www.rapid7.com/blog/post/2021/12/13/driver-based-attacks-past-and-present/
-Tags:
-- goad.sys
-Verified: 'FALSE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: goad.sys
+    MD5: 312e31851e0fc2072dbf9a128557d6ef
+    MachineType: ''
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    Signature: []
+    LoadsDespiteHVCI: 'TRUE'
diff --git a/yaml/2a6a38ca-f2e6-456e-9ccf-db59d8c80c9e.yaml b/yaml/2a6a38ca-f2e6-456e-9ccf-db59d8c80c9e.yaml
index b9de6fb6a..8980034f1 100644
--- a/yaml/2a6a38ca-f2e6-456e-9ccf-db59d8c80c9e.yaml
+++ b/yaml/2a6a38ca-f2e6-456e-9ccf-db59d8c80c9e.yaml
@@ -1,189 +1,191 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 2a6a38ca-f2e6-456e-9ccf-db59d8c80c9e
+Tags:
+- nvflash.sys
+Verified: 'TRUE'
 Author: Michael Haag
+Created: '2023-07-22'
+MitreID: T1068
 CVE:
 - ''
 Category: vulnerable drivers
 Commands:
-  Command: ''
-  Description: Confirmed vulnerable driver from Microsoft Block List
-  OperatingSystem: Windows
-  Privileges: kernel
-  Usecase: Elevate privileges
-Created: '2023-07-22'
-Detection:
-- type: ''
-  value: ''
-Id: 2a6a38ca-f2e6-456e-9ccf-db59d8c80c9e
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 7221126b272047b7ced2189f8a4bd484
-    SHA1: 0cb5fc2ee1ba75e5b8ed06f92d4edaf08b136333
-    SHA256: 4ae065383a4ef5564a515d12adf18427f8d74cc15140edb95e5e2a51ca44fe42
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2014-08-01 18:05:10'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - ZwOpenSection
-  - RtlInitUnicodeString
-  - ZwUnmapViewOfSection
-  - IofCompleteRequest
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ObReferenceObjectByHandle
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - ExAllocatePoolWithTag
-  - KeTickCount
-  - KeBugCheckEx
-  - ZwMapViewOfSection
-  - ObfDereferenceObject
-  - ExFreePoolWithTag
-  - ZwClose
-  - READ_PORT_ULONG
-  - HalTranslateBusAddress
-  - WRITE_PORT_ULONG
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: ba86e444ae837476e7ccdd06f8867795
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: e13d58791de2d0a78a75e7aa5895f01c
-    SHA1: b01e89baeba99bf6936438515a7908c0e67e1904
-    SHA256: 8c7a52aca95ef6b480d3aa8b2fc87809f8761197b6a2df4bae7a34da6664f6c6
-  SHA1: b9c3f4dcc7463cbec84b808d880194bbc304ccd0
-  SHA256: 9368e51ec98e2ad20893a5fc21e6a8b20c5bee158d5c49ca58649cff84db9d68
-  Sections:
-    .text:
-      Entropy: 6.103723738242973
-      Virtual Size: '0x730'
-    .rdata:
-      Entropy: 4.16260519377918
-      Virtual Size: '0xc3'
-    .data:
-      Entropy: 2.1258145836939115
-      Virtual Size: '0xc'
-    INIT:
-      Entropy: 5.339356970733769
-      Virtual Size: '0x27a'
-    .reloc:
-      Entropy: 4.318633733633229
-      Virtual Size: '0x8c'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=US, ST=California, L=Santa Clara, O=NVIDIA Corporation, OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=Software, CN=NVIDIA Corporation
-      ValidFrom: '2011-09-02 00:00:00'
-      ValidTo: '2014-09-01 23:59:59'
-      Signature: 5238793a97b2868da546597dbe0a1fba197ae635b9f53b53e26758194d749767e05fb1ce407fd31469376b37c67d5d48bc834f970ac733cd63d557e8a3be20a1fbf9d09e7a5c6c4ebd6fc18a68d0842d2ffdf6f79142d914c6521d227014040fa12f2afb3878aa065cfbed7fa29091b4fe54ea6237a0e1f8f183d0573ebb5bfe712cee4c49bd0b2f40c33bfcf0c7de0bc51ce01a70d14072d4d01216f36e388159220a4d8e3250ddccd71c7ef8a93a26edda2e959b598703a85fa391630e052454e31390dd82d69afee5df2f287bdce8f45f6363c27e6e23ab92faefc7e8d78c10cc1f936f33c36a134cb8820b5749ff479f70834bd99d8e15ad79a1cb3d7ebf
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 43bb437d609866286dd839e1d00309f5
-      Version: 3
-      TBS:
-        MD5: cef292b5c6cdb07e480ccbba0c9d56d1
-        SHA1: 15c37dbebe6fcc77108e3d7ad982676d3d5e77f7
-        SHA256: 3cb152375fa9e694fd2f9167c382005166871c783774997df1a42e0b6013d82a
-        SHA384: e64427dea71a71110ebc317f3552cd7193c5743f72d5cac9257abe80346d15ee42930d5a85e16c02ea06f56c7e8811fb
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 43bb437d609866286dd839e1d00309f5
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 528ac7a1e034801d1f20238971c6ec19
-  LoadsDespiteHVCI: 'FALSE'
-MitreID: T1068
+    Command: ''
+    Description: Confirmed vulnerable driver from Microsoft Block List
+    OperatingSystem: Windows
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://gist.github.com/mgraeber-rc/1bde6a2a83237f17b463d051d32e802c
-Tags:
-- nvflash.sys
-Verified: 'TRUE'
+Detection:
+-   type: ''
+    value: ''
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 7221126b272047b7ced2189f8a4bd484
+        SHA1: 0cb5fc2ee1ba75e5b8ed06f92d4edaf08b136333
+        SHA256: 4ae065383a4ef5564a515d12adf18427f8d74cc15140edb95e5e2a51ca44fe42
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2014-08-01 18:05:10'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - ZwOpenSection
+    - RtlInitUnicodeString
+    - ZwUnmapViewOfSection
+    - IofCompleteRequest
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - ObReferenceObjectByHandle
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - ExAllocatePoolWithTag
+    - KeTickCount
+    - KeBugCheckEx
+    - ZwMapViewOfSection
+    - ObfDereferenceObject
+    - ExFreePoolWithTag
+    - ZwClose
+    - READ_PORT_ULONG
+    - HalTranslateBusAddress
+    - WRITE_PORT_ULONG
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: ba86e444ae837476e7ccdd06f8867795
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: e13d58791de2d0a78a75e7aa5895f01c
+        SHA1: b01e89baeba99bf6936438515a7908c0e67e1904
+        SHA256: 8c7a52aca95ef6b480d3aa8b2fc87809f8761197b6a2df4bae7a34da6664f6c6
+    SHA1: b9c3f4dcc7463cbec84b808d880194bbc304ccd0
+    SHA256: 9368e51ec98e2ad20893a5fc21e6a8b20c5bee158d5c49ca58649cff84db9d68
+    Sections:
+        .text:
+            Entropy: 6.103723738242973
+            Virtual Size: '0x730'
+        .rdata:
+            Entropy: 4.16260519377918
+            Virtual Size: '0xc3'
+        .data:
+            Entropy: 2.1258145836939115
+            Virtual Size: '0xc'
+        INIT:
+            Entropy: 5.339356970733769
+            Virtual Size: '0x27a'
+        .reloc:
+            Entropy: 4.318633733633229
+            Virtual Size: '0x8c'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=US, ST=California, L=Santa Clara, O=NVIDIA Corporation, OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, OU=Software, CN=NVIDIA
+                Corporation
+            ValidFrom: '2011-09-02 00:00:00'
+            ValidTo: '2014-09-01 23:59:59'
+            Signature: 5238793a97b2868da546597dbe0a1fba197ae635b9f53b53e26758194d749767e05fb1ce407fd31469376b37c67d5d48bc834f970ac733cd63d557e8a3be20a1fbf9d09e7a5c6c4ebd6fc18a68d0842d2ffdf6f79142d914c6521d227014040fa12f2afb3878aa065cfbed7fa29091b4fe54ea6237a0e1f8f183d0573ebb5bfe712cee4c49bd0b2f40c33bfcf0c7de0bc51ce01a70d14072d4d01216f36e388159220a4d8e3250ddccd71c7ef8a93a26edda2e959b598703a85fa391630e052454e31390dd82d69afee5df2f287bdce8f45f6363c27e6e23ab92faefc7e8d78c10cc1f936f33c36a134cb8820b5749ff479f70834bd99d8e15ad79a1cb3d7ebf
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 43bb437d609866286dd839e1d00309f5
+            Version: 3
+            TBS:
+                MD5: cef292b5c6cdb07e480ccbba0c9d56d1
+                SHA1: 15c37dbebe6fcc77108e3d7ad982676d3d5e77f7
+                SHA256: 3cb152375fa9e694fd2f9167c382005166871c783774997df1a42e0b6013d82a
+                SHA384: e64427dea71a71110ebc317f3552cd7193c5743f72d5cac9257abe80346d15ee42930d5a85e16c02ea06f56c7e8811fb
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 43bb437d609866286dd839e1d00309f5
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 528ac7a1e034801d1f20238971c6ec19
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/2a7a59c1-35b8-42b6-a560-2fbf4247a584.yaml b/yaml/2a7a59c1-35b8-42b6-a560-2fbf4247a584.yaml
index 6874807ec..e6cfcd870 100644
--- a/yaml/2a7a59c1-35b8-42b6-a560-2fbf4247a584.yaml
+++ b/yaml/2a7a59c1-35b8-42b6-a560-2fbf4247a584.yaml
@@ -1,182 +1,184 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 2a7a59c1-35b8-42b6-a560-2fbf4247a584
+Tags:
+- SMARTEIO64.SYS
+Verified: 'TRUE'
 Author: Takahiro Haruyama
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create SMARTEIO64SYS binPath= C:\windows\temp\SMARTEIO64SYS.sys
-    type=kernel && sc.exe start SMARTEIO64SYS
-  Description: The Carbon Black Threat Analysis Unit (TAU) discovered 34 unique vulnerable
-    drivers (237 file hashes) accepting firmware access. Six allow kernel memory access.
-    All give full control of the devices to non-admin users. By exploiting the vulnerable
-    drivers, an attacker without the system privilege may erase/alter firmware, and/or
-    elevate privileges. As of the time of writing in October 2023, the filenames of
-    the vulnerable drivers have not been made public until now.
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-11-02'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: 2a7a59c1-35b8-42b6-a560-2fbf4247a584
-KnownVulnerableSamples:
-- Company: EVGA Technology Inc.
-  Date: ''
-  Description: Windows Vista64 Smart IO Device
-  FileVersion: 5.13.01.2008-1.00
-  Filename: ''
-  MD5: bdd8dc8880dfbc19d729ca51071de288
-  MachineType: AMD64
-  OriginalFilename: SMARTEIO64.SYS
-  Product: Windows Vista64 Smart IO Device
-  ProductVersion: 5.13.01.2008-1.00
-  Publisher: ''
-  SHA1: 87d2b638e5dfab1e37961d27ca734b83ece02804
-  SHA256: 3c95ebf3f1a87f67d2861dbd1c85dc26c118610af0c9fbf4180428e653ac3e50
-  Signature: ''
-  Imphash: b84820037d6a51ba108e0e81ce01db0b
-  Authentihash:
-    MD5: 4af56e8ccef0c6878fcbbc678748f508
-    SHA1: 4c3d1b103c3acb7120f0674fd33aba581736234b
-    SHA256: e928948ee36fa14c99a9147cd3b8d4c8c1917c52b50857d922ac72ed55d1f8e7
-  RichPEHeaderHash:
-    MD5: 03cb6a2d50e71b3810cd8ad02cadb97b
-    SHA1: 0671263a10aa857f347def2d1ecd285d2d99b64c
-    SHA256: ad753dc4e98c277fa7222e0141a4499d8f98f9d3114fad31652ef2337e7b252d
-  Sections:
-    .text:
-      Entropy: 6.365608965323283
-      Virtual Size: '0x1f46'
-    .rdata:
-      Entropy: 4.832733265414502
-      Virtual Size: '0x24c'
-    .data:
-      Entropy: 0.7341142083626954
-      Virtual Size: '0x130'
-    .pdata:
-      Entropy: 3.8036843083573166
-      Virtual Size: '0x150'
-    INIT:
-      Entropy: 4.905001453672311
-      Virtual Size: '0x24c'
-    .rsrc:
-      Entropy: 3.4551847693345743
-      Virtual Size: '0x468'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2008-11-18 04:53:50'
-  InternalName: Windows Vista64 Smart IO Device
-  Copyright: Copyright(c) 2007 EVGA Technology Inc.
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - MmUnmapLockedPages
-  - IoDeleteSymbolicLink
-  - MmMapLockedPages
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - MmUnmapIoSpace
-  - MmBuildMdlForNonPagedPool
-  - IoFreeMdl
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - RtlWriteRegistryValue
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - IoAllocateMdl
-  - KeBugCheckEx
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=US, ST=California, L=Brea, O=EVGA, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=EVGA
-      ValidFrom: '2008-04-16 00:00:00'
-      ValidTo: '2010-04-16 23:59:59'
-      Signature: 13a3b8caa6bd8d63308898b0c92b79574e5d122a3ecba9758ec450b7c8c848ee5bc486db6370a8dfeb4c96c2c25512f7a3e759cc57a4d92f1a44fba15ca0c1156d22c49251b4e6a01bb93e4a62522ee5af4286c759c01c66fa5ce4452a4f112d03560bfa9737a3d0f3008b3cc48f2042b4428643f1efb4b99a34d0545c9934f1a6f35819e469430b74ba475a2135660948131cf24c9b1fb84580a1fd63eb3218d282e4f7caf77f4adbecb51e4b8237937eda0b7fcc20fc2273bf38282ee69ae6730b21c5314bcdc3f2e3a1e6f6c3ccb2139800f69d3f2fadc235080214f1c9b11e6a8f2165a45e15cca3c3542c2bac7225208a84828456d2e93cfe8315b092a1
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 546ea040bf5075ce0a5c01d4c6ded19d
-      Version: 3
-      TBS:
-        MD5: 8f51b4e16b87e1cc89b9d0c997227546
-        SHA1: 8f3cdd2b86ae03653f0612911a2f01a9dca49a22
-        SHA256: c7f57b7287c808d2713aba9e368fe387b5825bfbda1bd1824f374beaa8e30be9
-        SHA384: 70423f071aae83c68149b7fca1181f65fd5ee37b1527bb989c3c6b0af7d78b19930c8b2cb517da35f66294eba8768e37
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 546ea040bf5075ce0a5c01d4c6ded19d
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create SMARTEIO64SYS binPath= C:\windows\temp\SMARTEIO64SYS.sys
+        type=kernel && sc.exe start SMARTEIO64SYS
+    Description: The Carbon Black Threat Analysis Unit (TAU) discovered 34 unique
+        vulnerable drivers (237 file hashes) accepting firmware access. Six allow
+        kernel memory access. All give full control of the devices to non-admin users.
+        By exploiting the vulnerable drivers, an attacker without the system privilege
+        may erase/alter firmware, and/or elevate privileges. As of the time of writing
+        in October 2023, the filenames of the vulnerable drivers have not been made
+        public until now.
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://blogs.vmware.com/security/2023/10/hunting-vulnerable-kernel-drivers.html
-Tags:
-- SMARTEIO64.SYS
-Verified: 'TRUE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Company: EVGA Technology Inc.
+    Date: ''
+    Description: Windows Vista64 Smart IO Device
+    FileVersion: 5.13.01.2008-1.00
+    Filename: ''
+    MD5: bdd8dc8880dfbc19d729ca51071de288
+    MachineType: AMD64
+    OriginalFilename: SMARTEIO64.SYS
+    Product: Windows Vista64 Smart IO Device
+    ProductVersion: 5.13.01.2008-1.00
+    Publisher: ''
+    SHA1: 87d2b638e5dfab1e37961d27ca734b83ece02804
+    SHA256: 3c95ebf3f1a87f67d2861dbd1c85dc26c118610af0c9fbf4180428e653ac3e50
+    Signature: ''
+    Imphash: b84820037d6a51ba108e0e81ce01db0b
+    Authentihash:
+        MD5: 4af56e8ccef0c6878fcbbc678748f508
+        SHA1: 4c3d1b103c3acb7120f0674fd33aba581736234b
+        SHA256: e928948ee36fa14c99a9147cd3b8d4c8c1917c52b50857d922ac72ed55d1f8e7
+    RichPEHeaderHash:
+        MD5: 03cb6a2d50e71b3810cd8ad02cadb97b
+        SHA1: 0671263a10aa857f347def2d1ecd285d2d99b64c
+        SHA256: ad753dc4e98c277fa7222e0141a4499d8f98f9d3114fad31652ef2337e7b252d
+    Sections:
+        .text:
+            Entropy: 6.365608965323283
+            Virtual Size: '0x1f46'
+        .rdata:
+            Entropy: 4.832733265414502
+            Virtual Size: '0x24c'
+        .data:
+            Entropy: 0.7341142083626954
+            Virtual Size: '0x130'
+        .pdata:
+            Entropy: 3.8036843083573166
+            Virtual Size: '0x150'
+        INIT:
+            Entropy: 4.905001453672311
+            Virtual Size: '0x24c'
+        .rsrc:
+            Entropy: 3.4551847693345743
+            Virtual Size: '0x468'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2008-11-18 04:53:50'
+    InternalName: Windows Vista64 Smart IO Device
+    Copyright: Copyright(c) 2007 EVGA Technology Inc.
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - MmUnmapLockedPages
+    - IoDeleteSymbolicLink
+    - MmMapLockedPages
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - MmUnmapIoSpace
+    - MmBuildMdlForNonPagedPool
+    - IoFreeMdl
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - RtlWriteRegistryValue
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - IoAllocateMdl
+    - KeBugCheckEx
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=US, ST=California, L=Brea, O=EVGA, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=EVGA
+            ValidFrom: '2008-04-16 00:00:00'
+            ValidTo: '2010-04-16 23:59:59'
+            Signature: 13a3b8caa6bd8d63308898b0c92b79574e5d122a3ecba9758ec450b7c8c848ee5bc486db6370a8dfeb4c96c2c25512f7a3e759cc57a4d92f1a44fba15ca0c1156d22c49251b4e6a01bb93e4a62522ee5af4286c759c01c66fa5ce4452a4f112d03560bfa9737a3d0f3008b3cc48f2042b4428643f1efb4b99a34d0545c9934f1a6f35819e469430b74ba475a2135660948131cf24c9b1fb84580a1fd63eb3218d282e4f7caf77f4adbecb51e4b8237937eda0b7fcc20fc2273bf38282ee69ae6730b21c5314bcdc3f2e3a1e6f6c3ccb2139800f69d3f2fadc235080214f1c9b11e6a8f2165a45e15cca3c3542c2bac7225208a84828456d2e93cfe8315b092a1
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 546ea040bf5075ce0a5c01d4c6ded19d
+            Version: 3
+            TBS:
+                MD5: 8f51b4e16b87e1cc89b9d0c997227546
+                SHA1: 8f3cdd2b86ae03653f0612911a2f01a9dca49a22
+                SHA256: c7f57b7287c808d2713aba9e368fe387b5825bfbda1bd1824f374beaa8e30be9
+                SHA384: 70423f071aae83c68149b7fca1181f65fd5ee37b1527bb989c3c6b0af7d78b19930c8b2cb517da35f66294eba8768e37
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 546ea040bf5075ce0a5c01d4c6ded19d
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/2aa003cd-5f36-46a6-ae3d-f5afc2c8baa3.yaml b/yaml/2aa003cd-5f36-46a6-ae3d-f5afc2c8baa3.yaml
index f6dbd93d8..64381959c 100644
--- a/yaml/2aa003cd-5f36-46a6-ae3d-f5afc2c8baa3.yaml
+++ b/yaml/2aa003cd-5f36-46a6-ae3d-f5afc2c8baa3.yaml
@@ -1,1323 +1,1323 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 2aa003cd-5f36-46a6-ae3d-f5afc2c8baa3
+Tags:
+- mhyprot3.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create mhyprot3.sys binPath=C:\windows\temp\mhyprot3.sys type=kernel
-    && sc.exe start mhyprot3.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection: []
-Id: 2aa003cd-5f36-46a6-ae3d-f5afc2c8baa3
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 7ce959fb5b40f1ba40bcac22c8d95c75
-    SHA1: 82fe9b69f358ef5851eeaa26a9a03f2e1b231358
-    SHA256: aac86a3143de3e18dea6eab813b285da0718e9fb6bc0bbb46c6e7638476061d8
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2022-02-28 06:09:58'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: mhyprot3.sys
-  ImportedFunctions:
-  - ExReleaseFastMutex
-  - ObfDereferenceObject
-  - PsLookupProcessByProcessId
-  - NtQuerySystemInformation
-  - RtlInitUnicodeString
-  - KeSetEvent
-  - KeEnterCriticalRegion
-  - KeLeaveCriticalRegion
-  - KeWaitForSingleObject
-  - ExAllocatePoolWithTag
-  - ExInitializeResourceLite
-  - ExAcquireResourceExclusiveLite
-  - ExReleaseResourceLite
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - IoGetCurrentProcess
-  - ObReferenceObjectByHandle
-  - ZwClose
-  - ZwOpenSection
-  - ZwMapViewOfSection
-  - MmIsAddressValid
-  - PsGetCurrentProcessId
-  - MmCopyVirtualMemory
-  - vsprintf_s
-  - swprintf_s
-  - ExEventObjectType
-  - _wcsicmp
-  - RtlInitString
-  - RtlAnsiStringToUnicodeString
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - ZwOpenDirectoryObject
-  - ZwQueryDirectoryObject
-  - ObReferenceObjectByName
-  - ZwQuerySystemInformation
-  - __C_specific_handler
-  - MmHighestUserAddress
-  - IoDriverObjectType
-  - KeQueryTimeIncrement
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - PsGetProcessWow64Process
-  - PsGetProcessPeb
-  - MmUnlockPages
-  - ExAcquireFastMutex
-  - MmUnmapLockedPages
-  - IoFreeMdl
-  - ZwTerminateProcess
-  - PsGetProcessImageFileName
-  - ZwQueryObject
-  - ObOpenObjectByPointer
-  - PsReferenceProcessFilePointer
-  - IoQueryFileDosDeviceName
-  - MmProbeAndLockPages
-  - MmBuildMdlForNonPagedPool
-  - MmMapLockedPagesSpecifyCache
-  - IoAllocateMdl
-  - KeClearEvent
-  - MmMapLockedPages
-  - PsSetCreateProcessNotifyRoutineEx
-  - PsSetCreateThreadNotifyRoutine
-  - PsRemoveCreateThreadNotifyRoutine
-  - PsSetLoadImageNotifyRoutine
-  - PsRemoveLoadImageNotifyRoutine
-  - RtlUpcaseUnicodeChar
-  - DbgPrint
-  - ObRegisterCallbacks
-  - ObUnRegisterCallbacks
-  - ObGetFilterVersion
-  - PsGetProcessId
-  - IoThreadToProcess
-  - strcmp
-  - PsProcessType
-  - PsThreadType
-  - RtlEqualUnicodeString
-  - RtlGetVersion
-  - ObfReferenceObject
-  - ObGetObjectType
-  - ExEnumHandleTable
-  - ExfUnblockPushLock
-  - PsAcquireProcessExitSynchronization
-  - PsReleaseProcessExitSynchronization
-  - _snprintf
-  - ZwCreateFile
-  - ZwWriteFile
-  - PsLookupThreadByThreadId
-  - NtQueryInformationThread
-  - PsGetThreadProcess
-  - KeDelayExecutionThread
-  - KdDisableDebugger
-  - KdChangeOption
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - KdDebuggerEnabled
-  - PsGetVersion
-  - RtlCopyUnicodeString
-  - ExFreePoolWithTag
-  - ExAllocatePool
-  - KeInitializeEvent
-  - MmGetSystemRoutineAddress
-  - WdfVersionBindClass
-  - WdfVersionBind
-  - WdfVersionUnbind
-  - WdfVersionUnbindClass
-  Imports:
-  - ntoskrnl.exe
-  - WDFLDR.SYS
-  InternalName: ''
-  MD5: 5cc5c26fc99175997d84fe95c61ab2c2
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: ffdf660eb1ebf020a1d0a55a90712dfb
-    SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
-    SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
-  SHA1: a197a02025946aca96d6e74746f84774df31249e
-  SHA256: 475e5016c9c0f5a127896f9179a1b1577a67b357f399ab5a1e68aab07134729a
-  Sections:
-    .text:
-      Entropy: 6.22010167046713
-      Virtual Size: '0x1760b'
-    .rdata:
-      Entropy: 5.233500396666824
-      Virtual Size: '0x2214'
-    .data:
-      Entropy: 4.796219615260608
-      Virtual Size: '0x1218'
-    .pdata:
-      Entropy: 7.869553916919501
-      Virtual Size: '0xc30'
-    INIT:
-      Entropy: 3.603812325014507
-      Virtual Size: '0x2b9c'
-    .upx0:
-      Entropy: 7.49758359587547
-      Virtual Size: '0x1d67f0'
-    .reloc:
-      Entropy: 4.132093916607371
-      Virtual Size: '0xc0'
-    .rsrc:
-      Entropy: 2.9106266625370485
-      Virtual Size: '0x22c'
-  Signature:
-  - miHoYo Co.,Ltd.
-  - DigiCert SHA2 Assured ID Code Signing CA
-  - DigiCert
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert, Inc., CN=DigiCert Timestamp 2021
-      ValidFrom: '2021-01-01 00:00:00'
-      ValidTo: '2031-01-06 00:00:00'
-      Signature: 481cdcb5e99a23bce71ae7200e8e6746fd427251740a2347a3ab92d225c47059be14a0e52781a54d1415190779f0d104c386d93bbdfe4402664ded69a40ff6b870cf62e8f5514a7879367a27b7f3e7529f93a7ed439e7be7b4dd412289fb87a246034efcf4feb76477635f2352698382fa1a53ed90cc8da117730df4f36539704bf39cd67a7bda0cbc3d32d01bcbf561fc75080076bc810ef8c0e15ccfc41172e71b6449d8229a751542f52d323881daf460a2bab452fb5ce06124254fb2dfc929a8734351dabd63d61f5b9bf72e1b4f131df74a0d717e97b7f43f84ebc1e3a349a1facea7bf56cfba597661895f7ea7b48e6778f93698e1cb28da5b87a68a2f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 0d424ae0be3a88ff604021ce1400f0dd
-      Version: 3
-      TBS:
-        MD5: c0189c338449a42fe8358c2c1fbecc60
-        SHA1: b8ac0ee6875594b80ad86a6df6dd1fa3048c187c
-        SHA256: a43de6baf968a942da017b70769fdb65b3cfb1bbca1f9174da26a7d8aae78ec5
-        SHA384: 76d3a316a5a106050298418cce3beea16100524723d9e3220b0de51bfb6f1c35a5d4c7cd10b358fef7bf94c3e3562150
-    - Subject: C=CN, L=Shanghai, O=miHoYo Co.,Ltd., OU=OPS, CN=miHoYo Co.,Ltd.
-      ValidFrom: '2019-04-04 00:00:00'
-      ValidTo: '2022-04-08 12:00:00'
-      Signature: 6a8b477edd819b3441be8cab0c2a07d82780ad3a65ff8064c039d44788740835910a4fa5e612987547bdc39e5d61b3204a3463be9dcb5ed1ad060c89943f8471c2960f8a80faae2b2731d5a37434e47f7eeffd43d8493ad2774e3550deb0e741389d22fe70f59e343a38ed2bb62163100055042797203364fcf94121ea5be8f8a20f85b7bc2b52efd87c1b4048c154c7c5a3a40d597c4cb99780f4378d25bff9ad5a1bc5e1f0bb57249efd238973b27f3a4ca6cffa37da752eba7734e3cee24036584b4317ef7ed61e486d8a7959275d2fa28cac8980333a5e2bf5ab6e7de2adcfe2f880972405fb10dad5a67a344e97d6da961c4fd0a1ad8299fbefdc5ebe10
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 053ad4f9ee8438ef1662ab8d599213ba
-      Version: 3
-      TBS:
-        MD5: cf1823794dca38d348ac92962c7d5169
-        SHA1: b8e9d958543069fdabf0c237726e0c7cc43b5dfe
-        SHA256: 86c52427d3191c4568149f56ace950e86fa9f8be719cc06575244c6a9f6513e8
-        SHA384: 50169f7ae27863c5c690fba1e7833c6de342cac8aa6e1abca4da93970425d92468a6e81c255e0fb66146823e5b250fc0
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Assured
-        ID Code Signing CA
-      ValidFrom: '2013-10-22 12:00:00'
-      ValidTo: '2028-10-22 12:00:00'
-      Signature: 3eec0d5a24b3f322d115c82c7c252976a81d5d1c2d3a1ac4ef3061d77e0b60fdc33d0fc4af8bfdef2adf205537b0e1f6d192750f51b46ea58e5ae25e24814e10a4ee3f718e630e134badd75f4479f33614068af79c464e5cff90b11b070e9115fbbaafb551c28d24ae24c6c7272aa129281a3a7128023c2e91a3c02511e29c1447a17a6868af9ba75c205cd971b10c8fbba8f8c512689fcf40cb4044a513f0e6640c25084232b2368a2402fe2f727e1cd7494596e8591de9fa74646bb2eb6643dab3b08cd5e90dddf60120ce9931633d081a18b3819b4fc6931006fc0781fa8bdaf98249f7626ea153fa129418852e9291ea686c4432b266a1e718a49a6451ef
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 0409181b5fd5bb66755343b56f955008
-      Version: 3
-      TBS:
-        MD5: 9359496ca4f021408b9d8923cab8b179
-        SHA1: 2aed40d7759997830870769be250199fd609e40e
-        SHA256: e767799478f64a34b3f53ff3bb9057fe1768f4ab178041b0dcc0ff1e210cba65
-        SHA384: 5cb7e7b4f1dbccd48d10db7e71b6f8c05fcb4bcb0085a6fefcfa0c2148f9a594e59f56ac4304004f3b398e259035c40c
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Assured
-        ID Timestamping CA
-      ValidFrom: '2016-01-07 12:00:00'
-      ValidTo: '2031-01-07 12:00:00'
-      Signature: 719512e951875669cdefddda7caa637ab378cf06374084ef4b84bfcacf0302fdc5a7c30e20422caf77f32b1f0c215a2ab705341d6aae99f827a266bf09aa60df76a43a930ff8b2d1d87c1962e85e82251ec4ba1c7b2c21e2d65b2c1435430468b2db7502e072c798d63c64e51f4810185f8938614d62462487638c91522caf2989e5781fd60b14a580d7124770b375d59385937eb69267fb536189a8f56b96c0f458690d7cc801b1b92875b7996385228c61ca79947e59fc8c0fe36fb50126b66ca5ee875121e458609bba0c2d2b6da2c47ebbc4252b4702087c49ae13b6e17c424228c61856cf4134b6665db6747bf55633222f2236b24ba24a95d8f5a68e52
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 0aa125d6d6321b7e41e405da3697c215
-      Version: 3
-      TBS:
-        MD5: 8d26184fc613f89aba1cefb30fce1b53
-        SHA1: 63a7e376bad5ec2e419d514a403bcf46c8d31d95
-        SHA256: 56b5f0d9db578e3f142921daa387902722a76700375c7e1c4ae0ba004bacaa0c
-        SHA384: d8c9691fe9dbe182f07b49b07fbb4f589fa7b38b5c4d21f265d3a2e818f4b1bfb39e03faab2ec05bb10333a99914fb8a
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root
-        CA
-      ValidFrom: '2011-04-15 19:41:37'
-      ValidTo: '2021-04-15 19:51:37'
-      Signature: 5cf5b22d02ceed01b53512d813f7aa4014c7a15ca08a55ed7e55ea6ac457176fd04722423658efc5ac61c5f62c52ce6ae6c80d85dab334420ea40225182672b92a4ea57e4b16f2a0e40c449ce24d9af474f0f927a6699031c244654348c74869d0fc8409f286140ac22996857f11eb8713176ed3ec6bff1d578ab17b1ea5a07ce9a27a68e5fac6b161d67263fa379163835599f81d614f0c6fa3f7bcb1152acc8d85e31417ef7e49443fb022c0f0acbe2fdbe10c86b0f4585c5a10a94bcdf3448a4652083e0a6210e9459504b78b8d4b074f500db7bbe7fb8ca27878c6c53b7663b2cfe521845a66fce04c79834ecfa8ee700586587cc29cd73ca3ad3c7e76625c87d0ed7cd5c55b1421f4be75a275d2e9e15ad020307841624d6b5e6e1b1710244ad8588775d015d762bbfd185665842561977faad49df4f35d6da031c2e19e02ac3e90c3327ee832903416d08b14cf95accee58c54a265b8bfed186a57073ed3e79a4a2f081a041c49871a8ae61b08a365d81c31c50d9cbab368ddf45076160675fec403e7d13edfdc862e10027e661296534e7af3365879b12042d8963f35be3f8ef2999743f5e40ce13c68728c8d49d75a52b573fb7a35943a61b08482c04885c19732d39b725fa0d2348f7ef0467cf28c7294c707b0d7b5b230b81965f09c8327b0a0abd0a2727e050fb3aeddb95b9b42bcc32663456b86f11d4643edc8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611cb28a000000000026
-      Version: 3
-      TBS:
-        MD5: 983a0c315a50542362f2bd6a5d71c8d0
-        SHA1: 8047f476001f5cb16a661d2a3fd0c3576168f5e2
-        SHA256: 5f6a519ed2e35cd0fa1cdfc90f4387162c36287bbf9e4d6648251d99542a9e83
-        SHA384: 5f014b60511ddab3247ef0b3c03fe82c622237ba76015e2911d1adc50dc632d56ebd1ee532f3c2b6cbfe68d80a2c91dc
-    Signer:
-    - SerialNumber: 053ad4f9ee8438ef1662ab8d599213ba
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Assured
-        ID Code Signing CA
-      Version: 1
-  Imphash: 89f925b54b95944513671d79eba5fe07
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 50cd2925db0948a464db9993e50bb8bb
-    SHA1: dbc894f12ad8135ae58149761ce10c41cb3c4757
-    SHA256: bb29eb4651e3276b14217628e96a1e5d83c4e883cd29ebd75aa704dda462e82d
-  Company: ''
-  Copyright: "\xA9COGNOSPHERE"
-  CreationTimestamp: '2021-12-13 23:25:51'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - ExReleaseFastMutex
-  - ObfDereferenceObject
-  - PsLookupProcessByProcessId
-  - NtQuerySystemInformation
-  - RtlInitUnicodeString
-  - KeSetEvent
-  - KeWaitForSingleObject
-  - ExAllocatePoolWithTag
-  - ExInitializeResourceLite
-  - ExAcquireResourceExclusiveLite
-  - ExReleaseResourceLite
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - IoGetCurrentProcess
-  - ObReferenceObjectByHandle
-  - ZwClose
-  - ZwOpenSection
-  - ZwMapViewOfSection
-  - MmIsAddressValid
-  - PsGetCurrentProcessId
-  - MmCopyVirtualMemory
-  - vsprintf_s
-  - swprintf_s
-  - ExEventObjectType
-  - _wcsicmp
-  - RtlInitString
-  - RtlAnsiStringToUnicodeString
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - ZwOpenDirectoryObject
-  - ZwQueryDirectoryObject
-  - ObReferenceObjectByName
-  - ZwQuerySystemInformation
-  - __C_specific_handler
-  - MmHighestUserAddress
-  - IoDriverObjectType
-  - KeQueryTimeIncrement
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - PsGetProcessWow64Process
-  - PsGetProcessPeb
-  - MmUnlockPages
-  - MmGetSystemRoutineAddress
-  - ExAcquireFastMutex
-  - IoFreeMdl
-  - ZwTerminateProcess
-  - PsGetProcessImageFileName
-  - ZwQueryObject
-  - ObOpenObjectByPointer
-  - PsReferenceProcessFilePointer
-  - IoQueryFileDosDeviceName
-  - MmProbeAndLockPages
-  - MmBuildMdlForNonPagedPool
-  - MmMapLockedPagesSpecifyCache
-  - IoAllocateMdl
-  - KeClearEvent
-  - MmMapLockedPages
-  - PsSetCreateProcessNotifyRoutineEx
-  - PsSetCreateThreadNotifyRoutine
-  - PsRemoveCreateThreadNotifyRoutine
-  - PsSetLoadImageNotifyRoutine
-  - PsRemoveLoadImageNotifyRoutine
-  - RtlUpcaseUnicodeChar
-  - ObRegisterCallbacks
-  - ObUnRegisterCallbacks
-  - ObGetFilterVersion
-  - PsGetProcessId
-  - IoThreadToProcess
-  - strcmp
-  - PsProcessType
-  - PsThreadType
-  - RtlEqualUnicodeString
-  - RtlGetVersion
-  - ObfReferenceObject
-  - ObGetObjectType
-  - ExEnumHandleTable
-  - ExfUnblockPushLock
-  - PsAcquireProcessExitSynchronization
-  - PsReleaseProcessExitSynchronization
-  - _snprintf
-  - ZwCreateFile
-  - ZwWriteFile
-  - PsLookupThreadByThreadId
-  - NtQueryInformationThread
-  - PsGetThreadProcess
-  - KeDelayExecutionThread
-  - KdDisableDebugger
-  - KdChangeOption
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - KdDebuggerEnabled
-  - PsGetVersion
-  - RtlCopyUnicodeString
-  - ExFreePoolWithTag
-  - ExAllocatePool
-  - KeInitializeEvent
-  - MmUnmapLockedPages
-  - WdfVersionBindClass
-  - WdfVersionBind
-  - WdfVersionUnbind
-  - WdfVersionUnbindClass
-  Imports:
-  - ntoskrnl.exe
-  - WDFLDR.SYS
-  InternalName: ''
-  MD5: fa63a634189bd4d6570964e2161426b0
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: ffdf660eb1ebf020a1d0a55a90712dfb
-    SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
-    SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
-  SHA1: 190ec384e6eb1dafca80df05055ead620b2502ba
-  SHA256: 7fd90500b57f9ac959c87f713fe9ca59e669e6e1512f77fccb6a75cdc0dfee8e
-  Sections:
-    .text:
-      Entropy: 6.225270895677928
-      Virtual Size: '0x1739b'
-    .rdata:
-      Entropy: 5.247209932487024
-      Virtual Size: '0x21f4'
-    .data:
-      Entropy: 4.800125865260608
-      Virtual Size: '0x1218'
-    .pdata:
-      Entropy: 7.800280121301597
-      Virtual Size: '0xc18'
-    PAGE:
-      Entropy: 1.8147395786261238
-      Virtual Size: '0x1c1a'
-    INIT:
-      Entropy: 5.272789406237971
-      Virtual Size: '0x1168'
-    .upx0:
-      Entropy: 7.484644302082685
-      Virtual Size: '0x1d3edc'
-    .reloc:
-      Entropy: 4.013729927370622
-      Virtual Size: '0xd8'
-    .rsrc:
-      Entropy: 2.9964634627055267
-      Virtual Size: '0x260'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Hardware Compatibility Publisher
-      ValidFrom: '2021-09-09 19:15:59'
-      ValidTo: '2022-09-01 19:15:59'
-      Signature: 1757782e797188079911866d54bd474a2432707984658c549a407e7fb4e5efa2ba72367a02b382d2116d4c4538836ddcd4616fcd231229df1ae5d0da6b3abe499ee5d8b47a7919940f6bbcbe2575018dca65eef4913e3d38410f2cd6cca3082d9ba2c061173cd828635665f76e8f0f685e03da24290b9d2cae7039da974de7b7e85798ba64cbe9ba34e0308c3bd6b4d68e9723fde74274fd3806fe799d04d6a3835f82d4fefc52088ccda4b4c817116f2f5a99445a3e952d78bc27753e65e97c6271c71ac7c9e3439b847e8984ab06a5904d150223f9ca92bbda86c02663c3f4964da5e106619b6eaff2768143cce9e5a8b0b2cba90e82cd87866d9fd6499c6cfbc96529a18b5653d12b54a6c928693a4e3d197ffbfcce7ed71a909b18d09b4345b24bc25eb8dfa1821a9cd0971ffc7d38a26580e2f118c4ac55bf926d0666b72ad7ba6ec20f0b54d694bc3b8a0dbddda27bd64194da085319841d1ebc9dc067ef72ea064a475bea865828b13077bc8e14e2f7544b90f0045f3cd84bcc0d5a80645a6fb65528e4f768ec775bdb0225399f3c81c0b667714676d0949f9ffaddc8549dc45e5ce4345c4ea7dc0aff4ac510f5527ad94a2181edc4b73bcfde813a83d81ca897854c98712346001a12e5d3bf9a45c807f9b3c7d3e0bb99c035ea54ee39e2c9af4147dbea7aabec85b47192b945e083ddf6061afb901e83b11135d24e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 330000004de597a775e3157f7b00000000004d
-      Version: 3
-      TBS:
-        MD5: 9f0782e89bd41cdd96ec55357457478a
-        SHA1: 35c2180572baad19019acca1334e6c653699c389
-        SHA256: 50814710213afec410f26e573d25267a2e21d3d15f158be8a43a666c9cc6fa08
-        SHA384: 8d48f066b0284071d64bbc556e018824a8388ccd142a56c7b7b04ef6d27cade07da57ac82d8067e18ad64d35af11e2a7
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2014
-      ValidFrom: '2014-10-15 20:31:27'
-      ValidTo: '2029-10-15 20:41:27'
-      Signature: 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 330000000d690d5d7893d076df00000000000d
-      Version: 3
-      TBS:
-        MD5: 83f69422963f11c3c340b81712eef319
-        SHA1: 0c5e5f24590b53bc291e28583acb78e5adc95601
-        SHA256: d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
-        SHA384: 260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63
-    Signer:
-    - SerialNumber: 330000004de597a775e3157f7b00000000004d
-      Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2014
-      Version: 1
-  Imphash: ad4586d21c9469bf636b5e8660e9d702
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 7ce959fb5b40f1ba40bcac22c8d95c75
-    SHA1: 82fe9b69f358ef5851eeaa26a9a03f2e1b231358
-    SHA256: aac86a3143de3e18dea6eab813b285da0718e9fb6bc0bbb46c6e7638476061d8
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2022-02-28 06:09:58'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - ExReleaseFastMutex
-  - ObfDereferenceObject
-  - PsLookupProcessByProcessId
-  - NtQuerySystemInformation
-  - RtlInitUnicodeString
-  - KeSetEvent
-  - KeEnterCriticalRegion
-  - KeLeaveCriticalRegion
-  - KeWaitForSingleObject
-  - ExAllocatePoolWithTag
-  - ExInitializeResourceLite
-  - ExAcquireResourceExclusiveLite
-  - ExReleaseResourceLite
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - IoGetCurrentProcess
-  - ObReferenceObjectByHandle
-  - ZwClose
-  - ZwOpenSection
-  - ZwMapViewOfSection
-  - MmIsAddressValid
-  - PsGetCurrentProcessId
-  - MmCopyVirtualMemory
-  - vsprintf_s
-  - swprintf_s
-  - ExEventObjectType
-  - _wcsicmp
-  - RtlInitString
-  - RtlAnsiStringToUnicodeString
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - ZwOpenDirectoryObject
-  - ZwQueryDirectoryObject
-  - ObReferenceObjectByName
-  - ZwQuerySystemInformation
-  - __C_specific_handler
-  - MmHighestUserAddress
-  - IoDriverObjectType
-  - KeQueryTimeIncrement
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - PsGetProcessWow64Process
-  - PsGetProcessPeb
-  - MmUnlockPages
-  - ExAcquireFastMutex
-  - MmUnmapLockedPages
-  - IoFreeMdl
-  - ZwTerminateProcess
-  - PsGetProcessImageFileName
-  - ZwQueryObject
-  - ObOpenObjectByPointer
-  - PsReferenceProcessFilePointer
-  - IoQueryFileDosDeviceName
-  - MmProbeAndLockPages
-  - MmBuildMdlForNonPagedPool
-  - MmMapLockedPagesSpecifyCache
-  - IoAllocateMdl
-  - KeClearEvent
-  - MmMapLockedPages
-  - PsSetCreateProcessNotifyRoutineEx
-  - PsSetCreateThreadNotifyRoutine
-  - PsRemoveCreateThreadNotifyRoutine
-  - PsSetLoadImageNotifyRoutine
-  - PsRemoveLoadImageNotifyRoutine
-  - RtlUpcaseUnicodeChar
-  - DbgPrint
-  - ObRegisterCallbacks
-  - ObUnRegisterCallbacks
-  - ObGetFilterVersion
-  - PsGetProcessId
-  - IoThreadToProcess
-  - strcmp
-  - PsProcessType
-  - PsThreadType
-  - RtlEqualUnicodeString
-  - RtlGetVersion
-  - ObfReferenceObject
-  - ObGetObjectType
-  - ExEnumHandleTable
-  - ExfUnblockPushLock
-  - PsAcquireProcessExitSynchronization
-  - PsReleaseProcessExitSynchronization
-  - _snprintf
-  - ZwCreateFile
-  - ZwWriteFile
-  - PsLookupThreadByThreadId
-  - NtQueryInformationThread
-  - PsGetThreadProcess
-  - KeDelayExecutionThread
-  - KdDisableDebugger
-  - KdChangeOption
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - KdDebuggerEnabled
-  - PsGetVersion
-  - RtlCopyUnicodeString
-  - ExFreePoolWithTag
-  - ExAllocatePool
-  - KeInitializeEvent
-  - MmGetSystemRoutineAddress
-  - WdfVersionBindClass
-  - WdfVersionBind
-  - WdfVersionUnbind
-  - WdfVersionUnbindClass
-  Imports:
-  - ntoskrnl.exe
-  - WDFLDR.SYS
-  InternalName: ''
-  MD5: fbf729350ca08a7673b115ce9c9eb7e5
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: ffdf660eb1ebf020a1d0a55a90712dfb
-    SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
-    SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
-  SHA1: 5bdd44eb321557c5d3ab056959397f0048ac90e6
-  SHA256: c3d479d7efd0f6b502d6829b893711bdd51aac07d66326b41ef5451bafdfcb29
-  Sections:
-    .text:
-      Entropy: 6.22010167046713
-      Virtual Size: '0x1760b'
-    .rdata:
-      Entropy: 5.233500396666824
-      Virtual Size: '0x2214'
-    .data:
-      Entropy: 4.796219615260608
-      Virtual Size: '0x1218'
-    .pdata:
-      Entropy: 7.869553916919501
-      Virtual Size: '0xc30'
-    INIT:
-      Entropy: 3.603812325014507
-      Virtual Size: '0x2b9c'
-    .upx0:
-      Entropy: 7.49758359587547
-      Virtual Size: '0x1d67f0'
-    .reloc:
-      Entropy: 4.132093916607371
-      Virtual Size: '0xc0'
-    .rsrc:
-      Entropy: 2.9106266625370485
-      Virtual Size: '0x22c'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Hardware Compatibility Publisher
-      ValidFrom: '2021-09-09 19:15:59'
-      ValidTo: '2022-09-01 19:15:59'
-      Signature: 1757782e797188079911866d54bd474a2432707984658c549a407e7fb4e5efa2ba72367a02b382d2116d4c4538836ddcd4616fcd231229df1ae5d0da6b3abe499ee5d8b47a7919940f6bbcbe2575018dca65eef4913e3d38410f2cd6cca3082d9ba2c061173cd828635665f76e8f0f685e03da24290b9d2cae7039da974de7b7e85798ba64cbe9ba34e0308c3bd6b4d68e9723fde74274fd3806fe799d04d6a3835f82d4fefc52088ccda4b4c817116f2f5a99445a3e952d78bc27753e65e97c6271c71ac7c9e3439b847e8984ab06a5904d150223f9ca92bbda86c02663c3f4964da5e106619b6eaff2768143cce9e5a8b0b2cba90e82cd87866d9fd6499c6cfbc96529a18b5653d12b54a6c928693a4e3d197ffbfcce7ed71a909b18d09b4345b24bc25eb8dfa1821a9cd0971ffc7d38a26580e2f118c4ac55bf926d0666b72ad7ba6ec20f0b54d694bc3b8a0dbddda27bd64194da085319841d1ebc9dc067ef72ea064a475bea865828b13077bc8e14e2f7544b90f0045f3cd84bcc0d5a80645a6fb65528e4f768ec775bdb0225399f3c81c0b667714676d0949f9ffaddc8549dc45e5ce4345c4ea7dc0aff4ac510f5527ad94a2181edc4b73bcfde813a83d81ca897854c98712346001a12e5d3bf9a45c807f9b3c7d3e0bb99c035ea54ee39e2c9af4147dbea7aabec85b47192b945e083ddf6061afb901e83b11135d24e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 330000004de597a775e3157f7b00000000004d
-      Version: 3
-      TBS:
-        MD5: 9f0782e89bd41cdd96ec55357457478a
-        SHA1: 35c2180572baad19019acca1334e6c653699c389
-        SHA256: 50814710213afec410f26e573d25267a2e21d3d15f158be8a43a666c9cc6fa08
-        SHA384: 8d48f066b0284071d64bbc556e018824a8388ccd142a56c7b7b04ef6d27cade07da57ac82d8067e18ad64d35af11e2a7
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2014
-      ValidFrom: '2014-10-15 20:31:27'
-      ValidTo: '2029-10-15 20:41:27'
-      Signature: 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 330000000d690d5d7893d076df00000000000d
-      Version: 3
-      TBS:
-        MD5: 83f69422963f11c3c340b81712eef319
-        SHA1: 0c5e5f24590b53bc291e28583acb78e5adc95601
-        SHA256: d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
-        SHA384: 260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63
-    Signer:
-    - SerialNumber: 330000004de597a775e3157f7b00000000004d
-      Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2014
-      Version: 1
-  Imphash: 89f925b54b95944513671d79eba5fe07
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: a5419f516e383eaf16a76174b3a8becd
-    SHA1: e19e10d97d7ecd4a4376196f7e3dfa2365872867
-    SHA256: 5a021532f0ac453256526428ccf3518cdba4c6373cc72f340ba208b6c41b3a9e
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2022-05-30 11:28:46'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - ExReleaseFastMutex
-  - ObfDereferenceObject
-  - PsLookupProcessByProcessId
-  - NtQuerySystemInformation
-  - RtlInitUnicodeString
-  - KeSetEvent
-  - KeEnterCriticalRegion
-  - KeLeaveCriticalRegion
-  - KeWaitForSingleObject
-  - ExAllocatePoolWithTag
-  - ExInitializeResourceLite
-  - ExAcquireResourceExclusiveLite
-  - ExReleaseResourceLite
-  - ExDeleteResourceLite
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - IoGetCurrentProcess
-  - ObReferenceObjectByHandle
-  - ZwClose
-  - ZwOpenSection
-  - ZwMapViewOfSection
-  - MmIsAddressValid
-  - PsGetCurrentProcessId
-  - MmCopyVirtualMemory
-  - vsprintf_s
-  - swprintf_s
-  - ExEventObjectType
-  - _wcsicmp
-  - RtlInitString
-  - RtlAnsiStringToUnicodeString
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - ZwOpenDirectoryObject
-  - ZwQueryDirectoryObject
-  - ObReferenceObjectByName
-  - ZwQuerySystemInformation
-  - __C_specific_handler
-  - MmHighestUserAddress
-  - IoDriverObjectType
-  - KeQueryTimeIncrement
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - PsGetProcessWow64Process
-  - PsGetProcessPeb
-  - ExAcquireFastMutex
-  - MmGetSystemRoutineAddress
-  - MmUnmapLockedPages
-  - IoFreeMdl
-  - ZwTerminateProcess
-  - PsGetProcessImageFileName
-  - ZwQueryObject
-  - ObOpenObjectByPointer
-  - PsReferenceProcessFilePointer
-  - IoQueryFileDosDeviceName
-  - MmProbeAndLockPages
-  - MmBuildMdlForNonPagedPool
-  - MmMapLockedPagesSpecifyCache
-  - IoAllocateMdl
-  - KeClearEvent
-  - PsSetCreateProcessNotifyRoutineEx
-  - PsSetCreateThreadNotifyRoutine
-  - PsRemoveCreateThreadNotifyRoutine
-  - PsSetLoadImageNotifyRoutine
-  - PsRemoveLoadImageNotifyRoutine
-  - RtlUpcaseUnicodeChar
-  - DbgPrint
-  - ObRegisterCallbacks
-  - ObUnRegisterCallbacks
-  - ObGetFilterVersion
-  - PsGetProcessId
-  - IoThreadToProcess
-  - strcmp
-  - PsProcessType
-  - PsThreadType
-  - RtlEqualUnicodeString
-  - RtlGetVersion
-  - ObfReferenceObject
-  - ObGetObjectType
-  - ExEnumHandleTable
-  - ExfUnblockPushLock
-  - PsAcquireProcessExitSynchronization
-  - PsReleaseProcessExitSynchronization
-  - _snprintf
-  - ZwCreateFile
-  - ZwWriteFile
-  - PsLookupThreadByThreadId
-  - NtQueryInformationThread
-  - PsGetThreadProcess
-  - KeDelayExecutionThread
-  - KdDisableDebugger
-  - KdChangeOption
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - KdDebuggerEnabled
-  - PsGetVersion
-  - RtlCopyUnicodeString
-  - ExFreePoolWithTag
-  - ExAllocatePool
-  - KeInitializeEvent
-  - MmUnlockPages
-  - WdfVersionBindClass
-  - WdfVersionBind
-  - WdfVersionUnbind
-  - WdfVersionUnbindClass
-  Imports:
-  - ntoskrnl.exe
-  - WDFLDR.SYS
-  InternalName: ''
-  MD5: 766f9ea38918827df59a6aed204d2b09
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: ffdf660eb1ebf020a1d0a55a90712dfb
-    SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
-    SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
-  SHA1: 12154f58b68902a40a7165035d37974128deb902
-  SHA256: 24e70c87d58fa5771f02b9ddf0d8870cba6b26e35c6455a2c77f482e2080d3e9
-  Sections:
-    .text:
-      Entropy: 6.065533725912548
-      Virtual Size: '0x191bb'
-    .rdata:
-      Entropy: 5.23236423623771
-      Virtual Size: '0x21a4'
-    .data:
-      Entropy: 4.804032115260608
-      Virtual Size: '0x1218'
-    .pdata:
-      Entropy: 7.827342878613383
-      Virtual Size: '0xc00'
-    INIT:
-      Entropy: 5.273527796423258
-      Virtual Size: '0x11c0'
-    .upx0:
-      Entropy: 7.503659602576496
-      Virtual Size: '0x1dad08'
-    .reloc:
-      Entropy: 4.029480459734737
-      Virtual Size: '0xc0'
-    .rsrc:
-      Entropy: 2.9106266625370485
-      Virtual Size: '0x22c'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Hardware Compatibility Publisher
-      ValidFrom: '2021-09-09 19:15:59'
-      ValidTo: '2022-09-01 19:15:59'
-      Signature: 1757782e797188079911866d54bd474a2432707984658c549a407e7fb4e5efa2ba72367a02b382d2116d4c4538836ddcd4616fcd231229df1ae5d0da6b3abe499ee5d8b47a7919940f6bbcbe2575018dca65eef4913e3d38410f2cd6cca3082d9ba2c061173cd828635665f76e8f0f685e03da24290b9d2cae7039da974de7b7e85798ba64cbe9ba34e0308c3bd6b4d68e9723fde74274fd3806fe799d04d6a3835f82d4fefc52088ccda4b4c817116f2f5a99445a3e952d78bc27753e65e97c6271c71ac7c9e3439b847e8984ab06a5904d150223f9ca92bbda86c02663c3f4964da5e106619b6eaff2768143cce9e5a8b0b2cba90e82cd87866d9fd6499c6cfbc96529a18b5653d12b54a6c928693a4e3d197ffbfcce7ed71a909b18d09b4345b24bc25eb8dfa1821a9cd0971ffc7d38a26580e2f118c4ac55bf926d0666b72ad7ba6ec20f0b54d694bc3b8a0dbddda27bd64194da085319841d1ebc9dc067ef72ea064a475bea865828b13077bc8e14e2f7544b90f0045f3cd84bcc0d5a80645a6fb65528e4f768ec775bdb0225399f3c81c0b667714676d0949f9ffaddc8549dc45e5ce4345c4ea7dc0aff4ac510f5527ad94a2181edc4b73bcfde813a83d81ca897854c98712346001a12e5d3bf9a45c807f9b3c7d3e0bb99c035ea54ee39e2c9af4147dbea7aabec85b47192b945e083ddf6061afb901e83b11135d24e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 330000004de597a775e3157f7b00000000004d
-      Version: 3
-      TBS:
-        MD5: 9f0782e89bd41cdd96ec55357457478a
-        SHA1: 35c2180572baad19019acca1334e6c653699c389
-        SHA256: 50814710213afec410f26e573d25267a2e21d3d15f158be8a43a666c9cc6fa08
-        SHA384: 8d48f066b0284071d64bbc556e018824a8388ccd142a56c7b7b04ef6d27cade07da57ac82d8067e18ad64d35af11e2a7
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2014
-      ValidFrom: '2014-10-15 20:31:27'
-      ValidTo: '2029-10-15 20:41:27'
-      Signature: 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 330000000d690d5d7893d076df00000000000d
-      Version: 3
-      TBS:
-        MD5: 83f69422963f11c3c340b81712eef319
-        SHA1: 0c5e5f24590b53bc291e28583acb78e5adc95601
-        SHA256: d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
-        SHA384: 260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63
-    Signer:
-    - SerialNumber: 330000004de597a775e3157f7b00000000004d
-      Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2014
-      Version: 1
-  Imphash: d221afaadf43ceedb581e665435c56c7
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: e46017a78ed80d665a2fac51eb5c49f3
-    SHA1: dba3175fbe67b69a002161d718afb1507d9eb774
-    SHA256: 91793baa79b630f452267c408cc7509f25aa7ac0e39e88576e3daed3dcd5d8e5
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2021-12-03 02:33:16'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - ExReleaseFastMutex
-  - ObfDereferenceObject
-  - PsLookupProcessByProcessId
-  - NtQuerySystemInformation
-  - RtlInitUnicodeString
-  - KeSetEvent
-  - KeWaitForSingleObject
-  - ExAllocatePoolWithTag
-  - ExInitializeResourceLite
-  - ExAcquireResourceExclusiveLite
-  - ExReleaseResourceLite
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - IoGetCurrentProcess
-  - ObReferenceObjectByHandle
-  - ZwClose
-  - ZwOpenSection
-  - ZwMapViewOfSection
-  - MmIsAddressValid
-  - PsGetCurrentProcessId
-  - MmCopyVirtualMemory
-  - vsprintf_s
-  - swprintf_s
-  - ExEventObjectType
-  - _wcsicmp
-  - RtlInitString
-  - RtlAnsiStringToUnicodeString
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - ZwOpenDirectoryObject
-  - ZwQueryDirectoryObject
-  - ObReferenceObjectByName
-  - ZwQuerySystemInformation
-  - __C_specific_handler
-  - MmHighestUserAddress
-  - IoDriverObjectType
-  - KeQueryTimeIncrement
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - PsGetProcessWow64Process
-  - PsGetProcessPeb
-  - MmUnlockPages
-  - MmGetSystemRoutineAddress
-  - ExAcquireFastMutex
-  - IoFreeMdl
-  - ZwTerminateProcess
-  - PsGetProcessImageFileName
-  - ZwQueryObject
-  - ObOpenObjectByPointer
-  - PsReferenceProcessFilePointer
-  - IoQueryFileDosDeviceName
-  - MmProbeAndLockPages
-  - MmBuildMdlForNonPagedPool
-  - MmMapLockedPagesSpecifyCache
-  - IoAllocateMdl
-  - KeClearEvent
-  - MmMapLockedPages
-  - PsSetCreateProcessNotifyRoutineEx
-  - PsSetCreateThreadNotifyRoutine
-  - PsRemoveCreateThreadNotifyRoutine
-  - PsSetLoadImageNotifyRoutine
-  - PsRemoveLoadImageNotifyRoutine
-  - RtlUpcaseUnicodeChar
-  - ObRegisterCallbacks
-  - ObUnRegisterCallbacks
-  - ObGetFilterVersion
-  - PsGetProcessId
-  - IoThreadToProcess
-  - strcmp
-  - PsProcessType
-  - PsThreadType
-  - RtlEqualUnicodeString
-  - RtlGetVersion
-  - ObfReferenceObject
-  - ObGetObjectType
-  - ExEnumHandleTable
-  - ExfUnblockPushLock
-  - PsAcquireProcessExitSynchronization
-  - PsReleaseProcessExitSynchronization
-  - _snprintf
-  - ZwCreateFile
-  - ZwWriteFile
-  - PsLookupThreadByThreadId
-  - NtQueryInformationThread
-  - PsGetThreadProcess
-  - KeDelayExecutionThread
-  - KdDisableDebugger
-  - KdChangeOption
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - KdDebuggerEnabled
-  - PsGetVersion
-  - RtlCopyUnicodeString
-  - ExFreePoolWithTag
-  - ExAllocatePool
-  - KeInitializeEvent
-  - MmUnmapLockedPages
-  - WdfVersionBindClass
-  - WdfVersionBind
-  - WdfVersionUnbind
-  - WdfVersionUnbindClass
-  Imports:
-  - ntoskrnl.exe
-  - WDFLDR.SYS
-  InternalName: ''
-  MD5: 00f887e74faad40e6e97d9d0e9c71370
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: ffdf660eb1ebf020a1d0a55a90712dfb
-    SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
-    SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
-  SHA1: 6e58421e37c022410455b1c7b01f1e3c949df1cd
-  SHA256: b617a072c578cea38c460e2851f3d122ba1b7cfa1f5ee3e9f5927663ac37af61
-  Sections:
-    .text:
-      Entropy: 6.224625347669578
-      Virtual Size: '0x1739b'
-    .rdata:
-      Entropy: 5.257508421672409
-      Virtual Size: '0x21f4'
-    .data:
-      Entropy: 4.800125865260608
-      Virtual Size: '0x1218'
-    .pdata:
-      Entropy: 7.911280580518773
-      Virtual Size: '0xc18'
-    PAGE:
-      Entropy: 1.8182317397917946
-      Virtual Size: '0x1c1a'
-    INIT:
-      Entropy: 5.261323934534699
-      Virtual Size: '0x1168'
-    .upx0:
-      Entropy: 7.50967553410201
-      Virtual Size: '0x1d67ec'
-    .reloc:
-      Entropy: 4.0407774440334165
-      Virtual Size: '0xb4'
-    .rsrc:
-      Entropy: 2.9070295402348902
-      Virtual Size: '0x22c'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=CN, L=Shanghai, O=miHoYo Co.,Ltd., OU=OPS, CN=miHoYo Co.,Ltd.
-      ValidFrom: '2019-04-08 00:00:00'
-      ValidTo: '2022-04-08 12:00:00'
-      Signature: 46a5e6f6c38a63b314f7e2677bb86d4bcd7839eef8e006048ddd58c6783ff0657456e61c800efb31966c611f7ca7d1de1785e006e3f4c0b24cb652842e42cbae016320a774724537fc30e8f09895fdb626daa26b5740c7538aa1df1f97dcab12c3a743c2048f6c9a754f66189ac0f21544399798fb780cd347c9cac0443c8d778736938e17cdd5eca8a2338d8171efd61e13c868dff862da9df4ca8c653a227e0971030aa7e6b44dc2199d1ebd9cae00c6f0a3e91bb883cc509fb297902ba5c13e5826071d92178ace51f1a0653b0445cf7ba17226401c92d7db4f67a37d1243f9094ad5f32873891ea5004a8cbfec77129d4955e344492aaee456f852001ded
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 05a7559541e0fdc678d79e3272468907
-      Version: 3
-      TBS:
-        MD5: 3e83a7572d1c522dd9072ba6399029d7
-        SHA1: e2c2d59b70f028a66a8711bfa97f842475f84639
-        SHA256: 5a504a929cb21f72008d5d57bcd992a7cac13f6aa90cbb886b5ecd809e3b59dd
-        SHA384: 72916ab6c7eb3f5cb7444b3d7d2ac8cb52944605477c5a0f181d060e4edb4c37ebe5eb3c0566dda9de2d2707636ec355
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root
-        CA
-      ValidFrom: '2011-04-15 19:41:37'
-      ValidTo: '2021-04-15 19:51:37'
-      Signature: 5cf5b22d02ceed01b53512d813f7aa4014c7a15ca08a55ed7e55ea6ac457176fd04722423658efc5ac61c5f62c52ce6ae6c80d85dab334420ea40225182672b92a4ea57e4b16f2a0e40c449ce24d9af474f0f927a6699031c244654348c74869d0fc8409f286140ac22996857f11eb8713176ed3ec6bff1d578ab17b1ea5a07ce9a27a68e5fac6b161d67263fa379163835599f81d614f0c6fa3f7bcb1152acc8d85e31417ef7e49443fb022c0f0acbe2fdbe10c86b0f4585c5a10a94bcdf3448a4652083e0a6210e9459504b78b8d4b074f500db7bbe7fb8ca27878c6c53b7663b2cfe521845a66fce04c79834ecfa8ee700586587cc29cd73ca3ad3c7e76625c87d0ed7cd5c55b1421f4be75a275d2e9e15ad020307841624d6b5e6e1b1710244ad8588775d015d762bbfd185665842561977faad49df4f35d6da031c2e19e02ac3e90c3327ee832903416d08b14cf95accee58c54a265b8bfed186a57073ed3e79a4a2f081a041c49871a8ae61b08a365d81c31c50d9cbab368ddf45076160675fec403e7d13edfdc862e10027e661296534e7af3365879b12042d8963f35be3f8ef2999743f5e40ce13c68728c8d49d75a52b573fb7a35943a61b08482c04885c19732d39b725fa0d2348f7ef0467cf28c7294c707b0d7b5b230b81965f09c8327b0a0abd0a2727e050fb3aeddb95b9b42bcc32663456b86f11d4643edc8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611cb28a000000000026
-      Version: 3
-      TBS:
-        MD5: 983a0c315a50542362f2bd6a5d71c8d0
-        SHA1: 8047f476001f5cb16a661d2a3fd0c3576168f5e2
-        SHA256: 5f6a519ed2e35cd0fa1cdfc90f4387162c36287bbf9e4d6648251d99542a9e83
-        SHA384: 5f014b60511ddab3247ef0b3c03fe82c622237ba76015e2911d1adc50dc632d56ebd1ee532f3c2b6cbfe68d80a2c91dc
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code
-        Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 7b721d64ff88c83ac1b7e9e7a9c487bbdb9492d7905933fa2b87dea85b80253f138f9b831b7c43c4e68cdf393ec315ecb0da3b21257b24c1725db84791811346fa9c3f6a5138deb425cbf0abdfc528015479104624d1380f26a161904dbabd28e63ff1c4aa9bf6da35534fc9f23dd36cdc23edaaa04d6709f33a803d3cfb364c90e776a4ddf23abf56352fa24c65e8e0d4dad1c7c8916a2d234f373b199418d4d59c103cd5b11c19ff8fc86b9b9ef8ae9c999678d1cd9c51155b4226725a8d0a4a239240e886de22c2933ad49b68a6df297f06b93c0ebd9fc4869c82474271328609997209794b9d7169f541ff7f397764f1848dbe8b1eb27d68a3a590b10cff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0fa8490615d700a0be2176fdc5ec6dbd
-      Version: 3
-      TBS:
-        MD5: a9a31555bbc92b6033975c5428fb3679
-        SHA1: 47f4b9898631773231b32844ec0d49990ac4eb1e
-        SHA256: c826846e4b1d73edb7561ab1b41c949354e237a91e82fe1be5b7e2e1701f52d1
-        SHA384: 86f49574f368a561914a52d7ae043ec6784ef8c718960700f834e123594605d25d39f1ad45f1eb5052c9567f3edd0e16
-    - Subject: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo
-        RSA Time Stamping CA
-      ValidFrom: '2019-05-02 00:00:00'
-      ValidTo: '2038-01-18 23:59:59'
-      Signature: 6d5481a5335d16e1b553819175df037a320b2d258411b2b0db2a7d2a05f5bc3b27f45aa0b9495990296c61cbb550dbe27df99f00ef40c3add3e2e456f95841cff142e5107dffb0741f8fc65c09f9335eeaa01c26585cf3b4110fd5d5c3e2bcd55878bf4876e144676d8fb043100f8de4f93862bf1301c585a34cc5ccb2533095a4d6f4965608b8cd5c7f0196be72526a3b42377c1678399393949bb1dcb26d416d67cdc96f903d7f4572c11b23d6c2558466e4b3c56606f6f3d64b5eada32b428a2192fea86f5a2570628173635ea0bbd8dcd74ad33daf830638121d24872de4fc02d63e7704bc0436b5e777cb9c2e8d2318b9a3c2471df05dd6a1735705689aa7c937651dbeeabcd842834305a58ba609ffd1a194a64eaa3d09f5056cb7d2645ad82a22c24b9df1395e4cde483d9b34969a095f8efdf7b15291ce3f89f61ca1b5a9751f71bf5b435d653d50816eabf0d0d3fcb2b31fb6999626f43c798b5c64cccdee279ae5a0c00c7287c16e4d5ad31eeaf044e6326f1ceb174e94c37865203b0f41aa1fe9a1419dfeb1b8a0652a34e0dea8f93ce6c130bbc0a0632cfc5c1600a8d0c47fea119d1e06c6a66d325db438092b4907aafdec30daf1a72fcfb7fdfad0a384d9279efb016677b95610e1206ec6aeb1f9b6bac8355d33768ef17c200c2a77aeb5a20286ba29eeb45a00b18cabe3f90ac9545dd4b96a749ebd48ae98
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.12
-      IsCertificateAuthority: true
-      SerialNumber: 300f6facdd6698747ca94636a7782db9
-      Version: 3
-      TBS:
-        MD5: 63499ed59a1293b786649470e4ce0bd7
-        SHA1: 7309d8eaa65da1f3da7030c08f00a3b0a20fa908
-        SHA256: 8c8d2046b29e792e71b28705fe67c435208a336dde074a75452d98e72c734937
-        SHA384: 5dbc5eae13908fee4c4e5216f87e3e87208fff0d1052f5fa9f0856a429d6a6c422c625f2318f2f29aea26ece09c1e811
-    - Subject: 'C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo
-        RSA Time Stamping Signer #2'
-      ValidFrom: '2020-10-23 00:00:00'
-      ValidTo: '2032-01-22 23:59:59'
-      Signature: 4a0378904233ec7b1a830936339855bb9d4006306b456af1940e1950ff5b255e3be139c45bbae995903737bddffb64ece582b795cc5755704b4ef4a887dd2285a657bbb82127d4a02a31948a07219e8abda71af50215cb4450998cec3eba0377a6820290c22e93a9be21347563b9e02d0fcf0137cb8da2fab85a9aaea17a9e139319558f09902edfea881716eb69d6e125bd45089780d75420284fca7bb3b3a5d200b0603465c4e3c5c3a5e4ba85aa7a69db75a43e79689a368b43ae36d461723c0e85620da05e70db642f01c7c1a1c72494a3b23c6eb25ea2d0faa8d1b8251c16e6c0d57f681ac46529352a2d88bceaae74d682e7c088b8e14f78f05ccac0405cc29fd5321c2cda3cac36f706529aa3403017b0291699c9aab78849f7e80b2533b53f6daf9f5f0a56df12b1c3eece9177e82013e95c24c7ea440b4ae613841c4deb0db5b886a030a78ba19fb42cccc01623c991e542034b80cee44de62a013ec05e85a024a11740d5dbdbe79810a4f1ea191b8054fa4789e89881a975c00edfd0689479a1a09e8eb6b74266cbd9d96b2f4dd8de3e321e20e4ec9c4d428d9dc73399823744d4262926408e782fb9eefa2ff1f18ffe50b878dd1496de1c0e70b02a856ab16c68e92ae4102b6e21fdd37c9d37e42a06d6c3f1d768e34f0779810813feb2645ee9b13ce6d07823b2092ce22662bf3ba99751ccc7443281b2afcfdf
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.12
-      IsCertificateAuthority: false
-      SerialNumber: 008c77a0008ff4d1b0c63d9f3a48838d6b
-      Version: 3
-      TBS:
-        MD5: 6efd500ce038df7aa3087c1e63a5eb5c
-        SHA1: 1c961712a02fb995c585080eda53a753656ca3ad
-        SHA256: f60d4f8f7b56499de889264b1e64890694c5b106129d3db068976ed33495577a
-        SHA384: 031fdf7c078e205b4d3ffaff40de36f48f91f87c3b0005b482ff614b320f5e47785045cb87a3e6a75085c24ae8409498
-    Signer:
-    - SerialNumber: 05a7559541e0fdc678d79e3272468907
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code
-        Signing CA,1
-      Version: 1
-  Imphash: ad4586d21c9469bf636b5e8660e9d702
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: a5419f516e383eaf16a76174b3a8becd
-    SHA1: e19e10d97d7ecd4a4376196f7e3dfa2365872867
-    SHA256: 5a021532f0ac453256526428ccf3518cdba4c6373cc72f340ba208b6c41b3a9e
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2022-05-30 11:28:46'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - ExReleaseFastMutex
-  - ObfDereferenceObject
-  - PsLookupProcessByProcessId
-  - NtQuerySystemInformation
-  - RtlInitUnicodeString
-  - KeSetEvent
-  - KeEnterCriticalRegion
-  - KeLeaveCriticalRegion
-  - KeWaitForSingleObject
-  - ExAllocatePoolWithTag
-  - ExInitializeResourceLite
-  - ExAcquireResourceExclusiveLite
-  - ExReleaseResourceLite
-  - ExDeleteResourceLite
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - IoGetCurrentProcess
-  - ObReferenceObjectByHandle
-  - ZwClose
-  - ZwOpenSection
-  - ZwMapViewOfSection
-  - MmIsAddressValid
-  - PsGetCurrentProcessId
-  - MmCopyVirtualMemory
-  - vsprintf_s
-  - swprintf_s
-  - ExEventObjectType
-  - _wcsicmp
-  - RtlInitString
-  - RtlAnsiStringToUnicodeString
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - ZwOpenDirectoryObject
-  - ZwQueryDirectoryObject
-  - ObReferenceObjectByName
-  - ZwQuerySystemInformation
-  - __C_specific_handler
-  - MmHighestUserAddress
-  - IoDriverObjectType
-  - KeQueryTimeIncrement
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - PsGetProcessWow64Process
-  - PsGetProcessPeb
-  - ExAcquireFastMutex
-  - MmGetSystemRoutineAddress
-  - MmUnmapLockedPages
-  - IoFreeMdl
-  - ZwTerminateProcess
-  - PsGetProcessImageFileName
-  - ZwQueryObject
-  - ObOpenObjectByPointer
-  - PsReferenceProcessFilePointer
-  - IoQueryFileDosDeviceName
-  - MmProbeAndLockPages
-  - MmBuildMdlForNonPagedPool
-  - MmMapLockedPagesSpecifyCache
-  - IoAllocateMdl
-  - KeClearEvent
-  - PsSetCreateProcessNotifyRoutineEx
-  - PsSetCreateThreadNotifyRoutine
-  - PsRemoveCreateThreadNotifyRoutine
-  - PsSetLoadImageNotifyRoutine
-  - PsRemoveLoadImageNotifyRoutine
-  - RtlUpcaseUnicodeChar
-  - DbgPrint
-  - ObRegisterCallbacks
-  - ObUnRegisterCallbacks
-  - ObGetFilterVersion
-  - PsGetProcessId
-  - IoThreadToProcess
-  - strcmp
-  - PsProcessType
-  - PsThreadType
-  - RtlEqualUnicodeString
-  - RtlGetVersion
-  - ObfReferenceObject
-  - ObGetObjectType
-  - ExEnumHandleTable
-  - ExfUnblockPushLock
-  - PsAcquireProcessExitSynchronization
-  - PsReleaseProcessExitSynchronization
-  - _snprintf
-  - ZwCreateFile
-  - ZwWriteFile
-  - PsLookupThreadByThreadId
-  - NtQueryInformationThread
-  - PsGetThreadProcess
-  - KeDelayExecutionThread
-  - KdDisableDebugger
-  - KdChangeOption
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - KdDebuggerEnabled
-  - PsGetVersion
-  - RtlCopyUnicodeString
-  - ExFreePoolWithTag
-  - ExAllocatePool
-  - KeInitializeEvent
-  - MmUnlockPages
-  - WdfVersionBindClass
-  - WdfVersionBind
-  - WdfVersionUnbind
-  - WdfVersionUnbindClass
-  Imports:
-  - ntoskrnl.exe
-  - WDFLDR.SYS
-  InternalName: ''
-  MD5: 5c9f240e0b83df758993837d18859cbe
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: ffdf660eb1ebf020a1d0a55a90712dfb
-    SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
-    SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
-  SHA1: 4075de7d7d2169d650c5ccede8251463913511e6
-  SHA256: b531f0a11ca481d5125c93c977325e135a04058019f939169ce3cdedaddd422d
-  Sections:
-    .text:
-      Entropy: 6.065533725912548
-      Virtual Size: '0x191bb'
-    .rdata:
-      Entropy: 5.23236423623771
-      Virtual Size: '0x21a4'
-    .data:
-      Entropy: 4.804032115260608
-      Virtual Size: '0x1218'
-    .pdata:
-      Entropy: 7.827342878613383
-      Virtual Size: '0xc00'
-    INIT:
-      Entropy: 5.273527796423258
-      Virtual Size: '0x11c0'
-    .upx0:
-      Entropy: 7.503659602576496
-      Virtual Size: '0x1dad08'
-    .reloc:
-      Entropy: 4.029480459734737
-      Virtual Size: '0xc0'
-    .rsrc:
-      Entropy: 2.9106266625370485
-      Virtual Size: '0x22c'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Hardware Compatibility Publisher
-      ValidFrom: '2021-09-09 19:15:59'
-      ValidTo: '2022-09-01 19:15:59'
-      Signature: 1757782e797188079911866d54bd474a2432707984658c549a407e7fb4e5efa2ba72367a02b382d2116d4c4538836ddcd4616fcd231229df1ae5d0da6b3abe499ee5d8b47a7919940f6bbcbe2575018dca65eef4913e3d38410f2cd6cca3082d9ba2c061173cd828635665f76e8f0f685e03da24290b9d2cae7039da974de7b7e85798ba64cbe9ba34e0308c3bd6b4d68e9723fde74274fd3806fe799d04d6a3835f82d4fefc52088ccda4b4c817116f2f5a99445a3e952d78bc27753e65e97c6271c71ac7c9e3439b847e8984ab06a5904d150223f9ca92bbda86c02663c3f4964da5e106619b6eaff2768143cce9e5a8b0b2cba90e82cd87866d9fd6499c6cfbc96529a18b5653d12b54a6c928693a4e3d197ffbfcce7ed71a909b18d09b4345b24bc25eb8dfa1821a9cd0971ffc7d38a26580e2f118c4ac55bf926d0666b72ad7ba6ec20f0b54d694bc3b8a0dbddda27bd64194da085319841d1ebc9dc067ef72ea064a475bea865828b13077bc8e14e2f7544b90f0045f3cd84bcc0d5a80645a6fb65528e4f768ec775bdb0225399f3c81c0b667714676d0949f9ffaddc8549dc45e5ce4345c4ea7dc0aff4ac510f5527ad94a2181edc4b73bcfde813a83d81ca897854c98712346001a12e5d3bf9a45c807f9b3c7d3e0bb99c035ea54ee39e2c9af4147dbea7aabec85b47192b945e083ddf6061afb901e83b11135d24e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 330000004de597a775e3157f7b00000000004d
-      Version: 3
-      TBS:
-        MD5: 9f0782e89bd41cdd96ec55357457478a
-        SHA1: 35c2180572baad19019acca1334e6c653699c389
-        SHA256: 50814710213afec410f26e573d25267a2e21d3d15f158be8a43a666c9cc6fa08
-        SHA384: 8d48f066b0284071d64bbc556e018824a8388ccd142a56c7b7b04ef6d27cade07da57ac82d8067e18ad64d35af11e2a7
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2014
-      ValidFrom: '2014-10-15 20:31:27'
-      ValidTo: '2029-10-15 20:41:27'
-      Signature: 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 330000000d690d5d7893d076df00000000000d
-      Version: 3
-      TBS:
-        MD5: 83f69422963f11c3c340b81712eef319
-        SHA1: 0c5e5f24590b53bc291e28583acb78e5adc95601
-        SHA256: d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
-        SHA384: 260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63
-    Signer:
-    - SerialNumber: 330000004de597a775e3157f7b00000000004d
-      Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2014
-      Version: 1
-  Imphash: d221afaadf43ceedb581e665435c56c7
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create mhyprot3.sys binPath=C:\windows\temp\mhyprot3.sys type=kernel
+        && sc.exe start mhyprot3.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules
-Tags:
-- mhyprot3.sys
-Verified: 'TRUE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 7ce959fb5b40f1ba40bcac22c8d95c75
+        SHA1: 82fe9b69f358ef5851eeaa26a9a03f2e1b231358
+        SHA256: aac86a3143de3e18dea6eab813b285da0718e9fb6bc0bbb46c6e7638476061d8
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2022-02-28 06:09:58'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: mhyprot3.sys
+    ImportedFunctions:
+    - ExReleaseFastMutex
+    - ObfDereferenceObject
+    - PsLookupProcessByProcessId
+    - NtQuerySystemInformation
+    - RtlInitUnicodeString
+    - KeSetEvent
+    - KeEnterCriticalRegion
+    - KeLeaveCriticalRegion
+    - KeWaitForSingleObject
+    - ExAllocatePoolWithTag
+    - ExInitializeResourceLite
+    - ExAcquireResourceExclusiveLite
+    - ExReleaseResourceLite
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - IoGetCurrentProcess
+    - ObReferenceObjectByHandle
+    - ZwClose
+    - ZwOpenSection
+    - ZwMapViewOfSection
+    - MmIsAddressValid
+    - PsGetCurrentProcessId
+    - MmCopyVirtualMemory
+    - vsprintf_s
+    - swprintf_s
+    - ExEventObjectType
+    - _wcsicmp
+    - RtlInitString
+    - RtlAnsiStringToUnicodeString
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - ZwOpenDirectoryObject
+    - ZwQueryDirectoryObject
+    - ObReferenceObjectByName
+    - ZwQuerySystemInformation
+    - __C_specific_handler
+    - MmHighestUserAddress
+    - IoDriverObjectType
+    - KeQueryTimeIncrement
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - PsGetProcessWow64Process
+    - PsGetProcessPeb
+    - MmUnlockPages
+    - ExAcquireFastMutex
+    - MmUnmapLockedPages
+    - IoFreeMdl
+    - ZwTerminateProcess
+    - PsGetProcessImageFileName
+    - ZwQueryObject
+    - ObOpenObjectByPointer
+    - PsReferenceProcessFilePointer
+    - IoQueryFileDosDeviceName
+    - MmProbeAndLockPages
+    - MmBuildMdlForNonPagedPool
+    - MmMapLockedPagesSpecifyCache
+    - IoAllocateMdl
+    - KeClearEvent
+    - MmMapLockedPages
+    - PsSetCreateProcessNotifyRoutineEx
+    - PsSetCreateThreadNotifyRoutine
+    - PsRemoveCreateThreadNotifyRoutine
+    - PsSetLoadImageNotifyRoutine
+    - PsRemoveLoadImageNotifyRoutine
+    - RtlUpcaseUnicodeChar
+    - DbgPrint
+    - ObRegisterCallbacks
+    - ObUnRegisterCallbacks
+    - ObGetFilterVersion
+    - PsGetProcessId
+    - IoThreadToProcess
+    - strcmp
+    - PsProcessType
+    - PsThreadType
+    - RtlEqualUnicodeString
+    - RtlGetVersion
+    - ObfReferenceObject
+    - ObGetObjectType
+    - ExEnumHandleTable
+    - ExfUnblockPushLock
+    - PsAcquireProcessExitSynchronization
+    - PsReleaseProcessExitSynchronization
+    - _snprintf
+    - ZwCreateFile
+    - ZwWriteFile
+    - PsLookupThreadByThreadId
+    - NtQueryInformationThread
+    - PsGetThreadProcess
+    - KeDelayExecutionThread
+    - KdDisableDebugger
+    - KdChangeOption
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - KdDebuggerEnabled
+    - PsGetVersion
+    - RtlCopyUnicodeString
+    - ExFreePoolWithTag
+    - ExAllocatePool
+    - KeInitializeEvent
+    - MmGetSystemRoutineAddress
+    - WdfVersionBindClass
+    - WdfVersionBind
+    - WdfVersionUnbind
+    - WdfVersionUnbindClass
+    Imports:
+    - ntoskrnl.exe
+    - WDFLDR.SYS
+    InternalName: ''
+    MD5: 5cc5c26fc99175997d84fe95c61ab2c2
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: ffdf660eb1ebf020a1d0a55a90712dfb
+        SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
+        SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
+    SHA1: a197a02025946aca96d6e74746f84774df31249e
+    SHA256: 475e5016c9c0f5a127896f9179a1b1577a67b357f399ab5a1e68aab07134729a
+    Sections:
+        .text:
+            Entropy: 6.22010167046713
+            Virtual Size: '0x1760b'
+        .rdata:
+            Entropy: 5.233500396666824
+            Virtual Size: '0x2214'
+        .data:
+            Entropy: 4.796219615260608
+            Virtual Size: '0x1218'
+        .pdata:
+            Entropy: 7.869553916919501
+            Virtual Size: '0xc30'
+        INIT:
+            Entropy: 3.603812325014507
+            Virtual Size: '0x2b9c'
+        .upx0:
+            Entropy: 7.49758359587547
+            Virtual Size: '0x1d67f0'
+        .reloc:
+            Entropy: 4.132093916607371
+            Virtual Size: '0xc0'
+        .rsrc:
+            Entropy: 2.9106266625370485
+            Virtual Size: '0x22c'
+    Signature:
+    - miHoYo Co.,Ltd.
+    - DigiCert SHA2 Assured ID Code Signing CA
+    - DigiCert
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert, Inc., CN=DigiCert Timestamp 2021
+            ValidFrom: '2021-01-01 00:00:00'
+            ValidTo: '2031-01-06 00:00:00'
+            Signature: 481cdcb5e99a23bce71ae7200e8e6746fd427251740a2347a3ab92d225c47059be14a0e52781a54d1415190779f0d104c386d93bbdfe4402664ded69a40ff6b870cf62e8f5514a7879367a27b7f3e7529f93a7ed439e7be7b4dd412289fb87a246034efcf4feb76477635f2352698382fa1a53ed90cc8da117730df4f36539704bf39cd67a7bda0cbc3d32d01bcbf561fc75080076bc810ef8c0e15ccfc41172e71b6449d8229a751542f52d323881daf460a2bab452fb5ce06124254fb2dfc929a8734351dabd63d61f5b9bf72e1b4f131df74a0d717e97b7f43f84ebc1e3a349a1facea7bf56cfba597661895f7ea7b48e6778f93698e1cb28da5b87a68a2f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 0d424ae0be3a88ff604021ce1400f0dd
+            Version: 3
+            TBS:
+                MD5: c0189c338449a42fe8358c2c1fbecc60
+                SHA1: b8ac0ee6875594b80ad86a6df6dd1fa3048c187c
+                SHA256: a43de6baf968a942da017b70769fdb65b3cfb1bbca1f9174da26a7d8aae78ec5
+                SHA384: 76d3a316a5a106050298418cce3beea16100524723d9e3220b0de51bfb6f1c35a5d4c7cd10b358fef7bf94c3e3562150
+        -   Subject: C=CN, L=Shanghai, O=miHoYo Co.,Ltd., OU=OPS, CN=miHoYo Co.,Ltd.
+            ValidFrom: '2019-04-04 00:00:00'
+            ValidTo: '2022-04-08 12:00:00'
+            Signature: 6a8b477edd819b3441be8cab0c2a07d82780ad3a65ff8064c039d44788740835910a4fa5e612987547bdc39e5d61b3204a3463be9dcb5ed1ad060c89943f8471c2960f8a80faae2b2731d5a37434e47f7eeffd43d8493ad2774e3550deb0e741389d22fe70f59e343a38ed2bb62163100055042797203364fcf94121ea5be8f8a20f85b7bc2b52efd87c1b4048c154c7c5a3a40d597c4cb99780f4378d25bff9ad5a1bc5e1f0bb57249efd238973b27f3a4ca6cffa37da752eba7734e3cee24036584b4317ef7ed61e486d8a7959275d2fa28cac8980333a5e2bf5ab6e7de2adcfe2f880972405fb10dad5a67a344e97d6da961c4fd0a1ad8299fbefdc5ebe10
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 053ad4f9ee8438ef1662ab8d599213ba
+            Version: 3
+            TBS:
+                MD5: cf1823794dca38d348ac92962c7d5169
+                SHA1: b8e9d958543069fdabf0c237726e0c7cc43b5dfe
+                SHA256: 86c52427d3191c4568149f56ace950e86fa9f8be719cc06575244c6a9f6513e8
+                SHA384: 50169f7ae27863c5c690fba1e7833c6de342cac8aa6e1abca4da93970425d92468a6e81c255e0fb66146823e5b250fc0
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Assured
+                ID Code Signing CA
+            ValidFrom: '2013-10-22 12:00:00'
+            ValidTo: '2028-10-22 12:00:00'
+            Signature: 3eec0d5a24b3f322d115c82c7c252976a81d5d1c2d3a1ac4ef3061d77e0b60fdc33d0fc4af8bfdef2adf205537b0e1f6d192750f51b46ea58e5ae25e24814e10a4ee3f718e630e134badd75f4479f33614068af79c464e5cff90b11b070e9115fbbaafb551c28d24ae24c6c7272aa129281a3a7128023c2e91a3c02511e29c1447a17a6868af9ba75c205cd971b10c8fbba8f8c512689fcf40cb4044a513f0e6640c25084232b2368a2402fe2f727e1cd7494596e8591de9fa74646bb2eb6643dab3b08cd5e90dddf60120ce9931633d081a18b3819b4fc6931006fc0781fa8bdaf98249f7626ea153fa129418852e9291ea686c4432b266a1e718a49a6451ef
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 0409181b5fd5bb66755343b56f955008
+            Version: 3
+            TBS:
+                MD5: 9359496ca4f021408b9d8923cab8b179
+                SHA1: 2aed40d7759997830870769be250199fd609e40e
+                SHA256: e767799478f64a34b3f53ff3bb9057fe1768f4ab178041b0dcc0ff1e210cba65
+                SHA384: 5cb7e7b4f1dbccd48d10db7e71b6f8c05fcb4bcb0085a6fefcfa0c2148f9a594e59f56ac4304004f3b398e259035c40c
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Assured
+                ID Timestamping CA
+            ValidFrom: '2016-01-07 12:00:00'
+            ValidTo: '2031-01-07 12:00:00'
+            Signature: 719512e951875669cdefddda7caa637ab378cf06374084ef4b84bfcacf0302fdc5a7c30e20422caf77f32b1f0c215a2ab705341d6aae99f827a266bf09aa60df76a43a930ff8b2d1d87c1962e85e82251ec4ba1c7b2c21e2d65b2c1435430468b2db7502e072c798d63c64e51f4810185f8938614d62462487638c91522caf2989e5781fd60b14a580d7124770b375d59385937eb69267fb536189a8f56b96c0f458690d7cc801b1b92875b7996385228c61ca79947e59fc8c0fe36fb50126b66ca5ee875121e458609bba0c2d2b6da2c47ebbc4252b4702087c49ae13b6e17c424228c61856cf4134b6665db6747bf55633222f2236b24ba24a95d8f5a68e52
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 0aa125d6d6321b7e41e405da3697c215
+            Version: 3
+            TBS:
+                MD5: 8d26184fc613f89aba1cefb30fce1b53
+                SHA1: 63a7e376bad5ec2e419d514a403bcf46c8d31d95
+                SHA256: 56b5f0d9db578e3f142921daa387902722a76700375c7e1c4ae0ba004bacaa0c
+                SHA384: d8c9691fe9dbe182f07b49b07fbb4f589fa7b38b5c4d21f265d3a2e818f4b1bfb39e03faab2ec05bb10333a99914fb8a
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID Root CA
+            ValidFrom: '2011-04-15 19:41:37'
+            ValidTo: '2021-04-15 19:51:37'
+            Signature: 5cf5b22d02ceed01b53512d813f7aa4014c7a15ca08a55ed7e55ea6ac457176fd04722423658efc5ac61c5f62c52ce6ae6c80d85dab334420ea40225182672b92a4ea57e4b16f2a0e40c449ce24d9af474f0f927a6699031c244654348c74869d0fc8409f286140ac22996857f11eb8713176ed3ec6bff1d578ab17b1ea5a07ce9a27a68e5fac6b161d67263fa379163835599f81d614f0c6fa3f7bcb1152acc8d85e31417ef7e49443fb022c0f0acbe2fdbe10c86b0f4585c5a10a94bcdf3448a4652083e0a6210e9459504b78b8d4b074f500db7bbe7fb8ca27878c6c53b7663b2cfe521845a66fce04c79834ecfa8ee700586587cc29cd73ca3ad3c7e76625c87d0ed7cd5c55b1421f4be75a275d2e9e15ad020307841624d6b5e6e1b1710244ad8588775d015d762bbfd185665842561977faad49df4f35d6da031c2e19e02ac3e90c3327ee832903416d08b14cf95accee58c54a265b8bfed186a57073ed3e79a4a2f081a041c49871a8ae61b08a365d81c31c50d9cbab368ddf45076160675fec403e7d13edfdc862e10027e661296534e7af3365879b12042d8963f35be3f8ef2999743f5e40ce13c68728c8d49d75a52b573fb7a35943a61b08482c04885c19732d39b725fa0d2348f7ef0467cf28c7294c707b0d7b5b230b81965f09c8327b0a0abd0a2727e050fb3aeddb95b9b42bcc32663456b86f11d4643edc8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611cb28a000000000026
+            Version: 3
+            TBS:
+                MD5: 983a0c315a50542362f2bd6a5d71c8d0
+                SHA1: 8047f476001f5cb16a661d2a3fd0c3576168f5e2
+                SHA256: 5f6a519ed2e35cd0fa1cdfc90f4387162c36287bbf9e4d6648251d99542a9e83
+                SHA384: 5f014b60511ddab3247ef0b3c03fe82c622237ba76015e2911d1adc50dc632d56ebd1ee532f3c2b6cbfe68d80a2c91dc
+        Signer:
+        -   SerialNumber: 053ad4f9ee8438ef1662ab8d599213ba
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Assured
+                ID Code Signing CA
+            Version: 1
+    Imphash: 89f925b54b95944513671d79eba5fe07
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 50cd2925db0948a464db9993e50bb8bb
+        SHA1: dbc894f12ad8135ae58149761ce10c41cb3c4757
+        SHA256: bb29eb4651e3276b14217628e96a1e5d83c4e883cd29ebd75aa704dda462e82d
+    Company: ''
+    Copyright: "\xA9COGNOSPHERE"
+    CreationTimestamp: '2021-12-13 23:25:51'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - ExReleaseFastMutex
+    - ObfDereferenceObject
+    - PsLookupProcessByProcessId
+    - NtQuerySystemInformation
+    - RtlInitUnicodeString
+    - KeSetEvent
+    - KeWaitForSingleObject
+    - ExAllocatePoolWithTag
+    - ExInitializeResourceLite
+    - ExAcquireResourceExclusiveLite
+    - ExReleaseResourceLite
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - IoGetCurrentProcess
+    - ObReferenceObjectByHandle
+    - ZwClose
+    - ZwOpenSection
+    - ZwMapViewOfSection
+    - MmIsAddressValid
+    - PsGetCurrentProcessId
+    - MmCopyVirtualMemory
+    - vsprintf_s
+    - swprintf_s
+    - ExEventObjectType
+    - _wcsicmp
+    - RtlInitString
+    - RtlAnsiStringToUnicodeString
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - ZwOpenDirectoryObject
+    - ZwQueryDirectoryObject
+    - ObReferenceObjectByName
+    - ZwQuerySystemInformation
+    - __C_specific_handler
+    - MmHighestUserAddress
+    - IoDriverObjectType
+    - KeQueryTimeIncrement
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - PsGetProcessWow64Process
+    - PsGetProcessPeb
+    - MmUnlockPages
+    - MmGetSystemRoutineAddress
+    - ExAcquireFastMutex
+    - IoFreeMdl
+    - ZwTerminateProcess
+    - PsGetProcessImageFileName
+    - ZwQueryObject
+    - ObOpenObjectByPointer
+    - PsReferenceProcessFilePointer
+    - IoQueryFileDosDeviceName
+    - MmProbeAndLockPages
+    - MmBuildMdlForNonPagedPool
+    - MmMapLockedPagesSpecifyCache
+    - IoAllocateMdl
+    - KeClearEvent
+    - MmMapLockedPages
+    - PsSetCreateProcessNotifyRoutineEx
+    - PsSetCreateThreadNotifyRoutine
+    - PsRemoveCreateThreadNotifyRoutine
+    - PsSetLoadImageNotifyRoutine
+    - PsRemoveLoadImageNotifyRoutine
+    - RtlUpcaseUnicodeChar
+    - ObRegisterCallbacks
+    - ObUnRegisterCallbacks
+    - ObGetFilterVersion
+    - PsGetProcessId
+    - IoThreadToProcess
+    - strcmp
+    - PsProcessType
+    - PsThreadType
+    - RtlEqualUnicodeString
+    - RtlGetVersion
+    - ObfReferenceObject
+    - ObGetObjectType
+    - ExEnumHandleTable
+    - ExfUnblockPushLock
+    - PsAcquireProcessExitSynchronization
+    - PsReleaseProcessExitSynchronization
+    - _snprintf
+    - ZwCreateFile
+    - ZwWriteFile
+    - PsLookupThreadByThreadId
+    - NtQueryInformationThread
+    - PsGetThreadProcess
+    - KeDelayExecutionThread
+    - KdDisableDebugger
+    - KdChangeOption
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - KdDebuggerEnabled
+    - PsGetVersion
+    - RtlCopyUnicodeString
+    - ExFreePoolWithTag
+    - ExAllocatePool
+    - KeInitializeEvent
+    - MmUnmapLockedPages
+    - WdfVersionBindClass
+    - WdfVersionBind
+    - WdfVersionUnbind
+    - WdfVersionUnbindClass
+    Imports:
+    - ntoskrnl.exe
+    - WDFLDR.SYS
+    InternalName: ''
+    MD5: fa63a634189bd4d6570964e2161426b0
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: ffdf660eb1ebf020a1d0a55a90712dfb
+        SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
+        SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
+    SHA1: 190ec384e6eb1dafca80df05055ead620b2502ba
+    SHA256: 7fd90500b57f9ac959c87f713fe9ca59e669e6e1512f77fccb6a75cdc0dfee8e
+    Sections:
+        .text:
+            Entropy: 6.225270895677928
+            Virtual Size: '0x1739b'
+        .rdata:
+            Entropy: 5.247209932487024
+            Virtual Size: '0x21f4'
+        .data:
+            Entropy: 4.800125865260608
+            Virtual Size: '0x1218'
+        .pdata:
+            Entropy: 7.800280121301597
+            Virtual Size: '0xc18'
+        PAGE:
+            Entropy: 1.8147395786261238
+            Virtual Size: '0x1c1a'
+        INIT:
+            Entropy: 5.272789406237971
+            Virtual Size: '0x1168'
+        .upx0:
+            Entropy: 7.484644302082685
+            Virtual Size: '0x1d3edc'
+        .reloc:
+            Entropy: 4.013729927370622
+            Virtual Size: '0xd8'
+        .rsrc:
+            Entropy: 2.9964634627055267
+            Virtual Size: '0x260'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Hardware Compatibility Publisher
+            ValidFrom: '2021-09-09 19:15:59'
+            ValidTo: '2022-09-01 19:15:59'
+            Signature: 1757782e797188079911866d54bd474a2432707984658c549a407e7fb4e5efa2ba72367a02b382d2116d4c4538836ddcd4616fcd231229df1ae5d0da6b3abe499ee5d8b47a7919940f6bbcbe2575018dca65eef4913e3d38410f2cd6cca3082d9ba2c061173cd828635665f76e8f0f685e03da24290b9d2cae7039da974de7b7e85798ba64cbe9ba34e0308c3bd6b4d68e9723fde74274fd3806fe799d04d6a3835f82d4fefc52088ccda4b4c817116f2f5a99445a3e952d78bc27753e65e97c6271c71ac7c9e3439b847e8984ab06a5904d150223f9ca92bbda86c02663c3f4964da5e106619b6eaff2768143cce9e5a8b0b2cba90e82cd87866d9fd6499c6cfbc96529a18b5653d12b54a6c928693a4e3d197ffbfcce7ed71a909b18d09b4345b24bc25eb8dfa1821a9cd0971ffc7d38a26580e2f118c4ac55bf926d0666b72ad7ba6ec20f0b54d694bc3b8a0dbddda27bd64194da085319841d1ebc9dc067ef72ea064a475bea865828b13077bc8e14e2f7544b90f0045f3cd84bcc0d5a80645a6fb65528e4f768ec775bdb0225399f3c81c0b667714676d0949f9ffaddc8549dc45e5ce4345c4ea7dc0aff4ac510f5527ad94a2181edc4b73bcfde813a83d81ca897854c98712346001a12e5d3bf9a45c807f9b3c7d3e0bb99c035ea54ee39e2c9af4147dbea7aabec85b47192b945e083ddf6061afb901e83b11135d24e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 330000004de597a775e3157f7b00000000004d
+            Version: 3
+            TBS:
+                MD5: 9f0782e89bd41cdd96ec55357457478a
+                SHA1: 35c2180572baad19019acca1334e6c653699c389
+                SHA256: 50814710213afec410f26e573d25267a2e21d3d15f158be8a43a666c9cc6fa08
+                SHA384: 8d48f066b0284071d64bbc556e018824a8388ccd142a56c7b7b04ef6d27cade07da57ac82d8067e18ad64d35af11e2a7
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2014
+            ValidFrom: '2014-10-15 20:31:27'
+            ValidTo: '2029-10-15 20:41:27'
+            Signature: 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 330000000d690d5d7893d076df00000000000d
+            Version: 3
+            TBS:
+                MD5: 83f69422963f11c3c340b81712eef319
+                SHA1: 0c5e5f24590b53bc291e28583acb78e5adc95601
+                SHA256: d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
+                SHA384: 260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63
+        Signer:
+        -   SerialNumber: 330000004de597a775e3157f7b00000000004d
+            Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2014
+            Version: 1
+    Imphash: ad4586d21c9469bf636b5e8660e9d702
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 7ce959fb5b40f1ba40bcac22c8d95c75
+        SHA1: 82fe9b69f358ef5851eeaa26a9a03f2e1b231358
+        SHA256: aac86a3143de3e18dea6eab813b285da0718e9fb6bc0bbb46c6e7638476061d8
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2022-02-28 06:09:58'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - ExReleaseFastMutex
+    - ObfDereferenceObject
+    - PsLookupProcessByProcessId
+    - NtQuerySystemInformation
+    - RtlInitUnicodeString
+    - KeSetEvent
+    - KeEnterCriticalRegion
+    - KeLeaveCriticalRegion
+    - KeWaitForSingleObject
+    - ExAllocatePoolWithTag
+    - ExInitializeResourceLite
+    - ExAcquireResourceExclusiveLite
+    - ExReleaseResourceLite
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - IoGetCurrentProcess
+    - ObReferenceObjectByHandle
+    - ZwClose
+    - ZwOpenSection
+    - ZwMapViewOfSection
+    - MmIsAddressValid
+    - PsGetCurrentProcessId
+    - MmCopyVirtualMemory
+    - vsprintf_s
+    - swprintf_s
+    - ExEventObjectType
+    - _wcsicmp
+    - RtlInitString
+    - RtlAnsiStringToUnicodeString
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - ZwOpenDirectoryObject
+    - ZwQueryDirectoryObject
+    - ObReferenceObjectByName
+    - ZwQuerySystemInformation
+    - __C_specific_handler
+    - MmHighestUserAddress
+    - IoDriverObjectType
+    - KeQueryTimeIncrement
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - PsGetProcessWow64Process
+    - PsGetProcessPeb
+    - MmUnlockPages
+    - ExAcquireFastMutex
+    - MmUnmapLockedPages
+    - IoFreeMdl
+    - ZwTerminateProcess
+    - PsGetProcessImageFileName
+    - ZwQueryObject
+    - ObOpenObjectByPointer
+    - PsReferenceProcessFilePointer
+    - IoQueryFileDosDeviceName
+    - MmProbeAndLockPages
+    - MmBuildMdlForNonPagedPool
+    - MmMapLockedPagesSpecifyCache
+    - IoAllocateMdl
+    - KeClearEvent
+    - MmMapLockedPages
+    - PsSetCreateProcessNotifyRoutineEx
+    - PsSetCreateThreadNotifyRoutine
+    - PsRemoveCreateThreadNotifyRoutine
+    - PsSetLoadImageNotifyRoutine
+    - PsRemoveLoadImageNotifyRoutine
+    - RtlUpcaseUnicodeChar
+    - DbgPrint
+    - ObRegisterCallbacks
+    - ObUnRegisterCallbacks
+    - ObGetFilterVersion
+    - PsGetProcessId
+    - IoThreadToProcess
+    - strcmp
+    - PsProcessType
+    - PsThreadType
+    - RtlEqualUnicodeString
+    - RtlGetVersion
+    - ObfReferenceObject
+    - ObGetObjectType
+    - ExEnumHandleTable
+    - ExfUnblockPushLock
+    - PsAcquireProcessExitSynchronization
+    - PsReleaseProcessExitSynchronization
+    - _snprintf
+    - ZwCreateFile
+    - ZwWriteFile
+    - PsLookupThreadByThreadId
+    - NtQueryInformationThread
+    - PsGetThreadProcess
+    - KeDelayExecutionThread
+    - KdDisableDebugger
+    - KdChangeOption
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - KdDebuggerEnabled
+    - PsGetVersion
+    - RtlCopyUnicodeString
+    - ExFreePoolWithTag
+    - ExAllocatePool
+    - KeInitializeEvent
+    - MmGetSystemRoutineAddress
+    - WdfVersionBindClass
+    - WdfVersionBind
+    - WdfVersionUnbind
+    - WdfVersionUnbindClass
+    Imports:
+    - ntoskrnl.exe
+    - WDFLDR.SYS
+    InternalName: ''
+    MD5: fbf729350ca08a7673b115ce9c9eb7e5
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: ffdf660eb1ebf020a1d0a55a90712dfb
+        SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
+        SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
+    SHA1: 5bdd44eb321557c5d3ab056959397f0048ac90e6
+    SHA256: c3d479d7efd0f6b502d6829b893711bdd51aac07d66326b41ef5451bafdfcb29
+    Sections:
+        .text:
+            Entropy: 6.22010167046713
+            Virtual Size: '0x1760b'
+        .rdata:
+            Entropy: 5.233500396666824
+            Virtual Size: '0x2214'
+        .data:
+            Entropy: 4.796219615260608
+            Virtual Size: '0x1218'
+        .pdata:
+            Entropy: 7.869553916919501
+            Virtual Size: '0xc30'
+        INIT:
+            Entropy: 3.603812325014507
+            Virtual Size: '0x2b9c'
+        .upx0:
+            Entropy: 7.49758359587547
+            Virtual Size: '0x1d67f0'
+        .reloc:
+            Entropy: 4.132093916607371
+            Virtual Size: '0xc0'
+        .rsrc:
+            Entropy: 2.9106266625370485
+            Virtual Size: '0x22c'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Hardware Compatibility Publisher
+            ValidFrom: '2021-09-09 19:15:59'
+            ValidTo: '2022-09-01 19:15:59'
+            Signature: 1757782e797188079911866d54bd474a2432707984658c549a407e7fb4e5efa2ba72367a02b382d2116d4c4538836ddcd4616fcd231229df1ae5d0da6b3abe499ee5d8b47a7919940f6bbcbe2575018dca65eef4913e3d38410f2cd6cca3082d9ba2c061173cd828635665f76e8f0f685e03da24290b9d2cae7039da974de7b7e85798ba64cbe9ba34e0308c3bd6b4d68e9723fde74274fd3806fe799d04d6a3835f82d4fefc52088ccda4b4c817116f2f5a99445a3e952d78bc27753e65e97c6271c71ac7c9e3439b847e8984ab06a5904d150223f9ca92bbda86c02663c3f4964da5e106619b6eaff2768143cce9e5a8b0b2cba90e82cd87866d9fd6499c6cfbc96529a18b5653d12b54a6c928693a4e3d197ffbfcce7ed71a909b18d09b4345b24bc25eb8dfa1821a9cd0971ffc7d38a26580e2f118c4ac55bf926d0666b72ad7ba6ec20f0b54d694bc3b8a0dbddda27bd64194da085319841d1ebc9dc067ef72ea064a475bea865828b13077bc8e14e2f7544b90f0045f3cd84bcc0d5a80645a6fb65528e4f768ec775bdb0225399f3c81c0b667714676d0949f9ffaddc8549dc45e5ce4345c4ea7dc0aff4ac510f5527ad94a2181edc4b73bcfde813a83d81ca897854c98712346001a12e5d3bf9a45c807f9b3c7d3e0bb99c035ea54ee39e2c9af4147dbea7aabec85b47192b945e083ddf6061afb901e83b11135d24e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 330000004de597a775e3157f7b00000000004d
+            Version: 3
+            TBS:
+                MD5: 9f0782e89bd41cdd96ec55357457478a
+                SHA1: 35c2180572baad19019acca1334e6c653699c389
+                SHA256: 50814710213afec410f26e573d25267a2e21d3d15f158be8a43a666c9cc6fa08
+                SHA384: 8d48f066b0284071d64bbc556e018824a8388ccd142a56c7b7b04ef6d27cade07da57ac82d8067e18ad64d35af11e2a7
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2014
+            ValidFrom: '2014-10-15 20:31:27'
+            ValidTo: '2029-10-15 20:41:27'
+            Signature: 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 330000000d690d5d7893d076df00000000000d
+            Version: 3
+            TBS:
+                MD5: 83f69422963f11c3c340b81712eef319
+                SHA1: 0c5e5f24590b53bc291e28583acb78e5adc95601
+                SHA256: d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
+                SHA384: 260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63
+        Signer:
+        -   SerialNumber: 330000004de597a775e3157f7b00000000004d
+            Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2014
+            Version: 1
+    Imphash: 89f925b54b95944513671d79eba5fe07
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: a5419f516e383eaf16a76174b3a8becd
+        SHA1: e19e10d97d7ecd4a4376196f7e3dfa2365872867
+        SHA256: 5a021532f0ac453256526428ccf3518cdba4c6373cc72f340ba208b6c41b3a9e
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2022-05-30 11:28:46'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - ExReleaseFastMutex
+    - ObfDereferenceObject
+    - PsLookupProcessByProcessId
+    - NtQuerySystemInformation
+    - RtlInitUnicodeString
+    - KeSetEvent
+    - KeEnterCriticalRegion
+    - KeLeaveCriticalRegion
+    - KeWaitForSingleObject
+    - ExAllocatePoolWithTag
+    - ExInitializeResourceLite
+    - ExAcquireResourceExclusiveLite
+    - ExReleaseResourceLite
+    - ExDeleteResourceLite
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - IoGetCurrentProcess
+    - ObReferenceObjectByHandle
+    - ZwClose
+    - ZwOpenSection
+    - ZwMapViewOfSection
+    - MmIsAddressValid
+    - PsGetCurrentProcessId
+    - MmCopyVirtualMemory
+    - vsprintf_s
+    - swprintf_s
+    - ExEventObjectType
+    - _wcsicmp
+    - RtlInitString
+    - RtlAnsiStringToUnicodeString
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - ZwOpenDirectoryObject
+    - ZwQueryDirectoryObject
+    - ObReferenceObjectByName
+    - ZwQuerySystemInformation
+    - __C_specific_handler
+    - MmHighestUserAddress
+    - IoDriverObjectType
+    - KeQueryTimeIncrement
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - PsGetProcessWow64Process
+    - PsGetProcessPeb
+    - ExAcquireFastMutex
+    - MmGetSystemRoutineAddress
+    - MmUnmapLockedPages
+    - IoFreeMdl
+    - ZwTerminateProcess
+    - PsGetProcessImageFileName
+    - ZwQueryObject
+    - ObOpenObjectByPointer
+    - PsReferenceProcessFilePointer
+    - IoQueryFileDosDeviceName
+    - MmProbeAndLockPages
+    - MmBuildMdlForNonPagedPool
+    - MmMapLockedPagesSpecifyCache
+    - IoAllocateMdl
+    - KeClearEvent
+    - PsSetCreateProcessNotifyRoutineEx
+    - PsSetCreateThreadNotifyRoutine
+    - PsRemoveCreateThreadNotifyRoutine
+    - PsSetLoadImageNotifyRoutine
+    - PsRemoveLoadImageNotifyRoutine
+    - RtlUpcaseUnicodeChar
+    - DbgPrint
+    - ObRegisterCallbacks
+    - ObUnRegisterCallbacks
+    - ObGetFilterVersion
+    - PsGetProcessId
+    - IoThreadToProcess
+    - strcmp
+    - PsProcessType
+    - PsThreadType
+    - RtlEqualUnicodeString
+    - RtlGetVersion
+    - ObfReferenceObject
+    - ObGetObjectType
+    - ExEnumHandleTable
+    - ExfUnblockPushLock
+    - PsAcquireProcessExitSynchronization
+    - PsReleaseProcessExitSynchronization
+    - _snprintf
+    - ZwCreateFile
+    - ZwWriteFile
+    - PsLookupThreadByThreadId
+    - NtQueryInformationThread
+    - PsGetThreadProcess
+    - KeDelayExecutionThread
+    - KdDisableDebugger
+    - KdChangeOption
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - KdDebuggerEnabled
+    - PsGetVersion
+    - RtlCopyUnicodeString
+    - ExFreePoolWithTag
+    - ExAllocatePool
+    - KeInitializeEvent
+    - MmUnlockPages
+    - WdfVersionBindClass
+    - WdfVersionBind
+    - WdfVersionUnbind
+    - WdfVersionUnbindClass
+    Imports:
+    - ntoskrnl.exe
+    - WDFLDR.SYS
+    InternalName: ''
+    MD5: 766f9ea38918827df59a6aed204d2b09
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: ffdf660eb1ebf020a1d0a55a90712dfb
+        SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
+        SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
+    SHA1: 12154f58b68902a40a7165035d37974128deb902
+    SHA256: 24e70c87d58fa5771f02b9ddf0d8870cba6b26e35c6455a2c77f482e2080d3e9
+    Sections:
+        .text:
+            Entropy: 6.065533725912548
+            Virtual Size: '0x191bb'
+        .rdata:
+            Entropy: 5.23236423623771
+            Virtual Size: '0x21a4'
+        .data:
+            Entropy: 4.804032115260608
+            Virtual Size: '0x1218'
+        .pdata:
+            Entropy: 7.827342878613383
+            Virtual Size: '0xc00'
+        INIT:
+            Entropy: 5.273527796423258
+            Virtual Size: '0x11c0'
+        .upx0:
+            Entropy: 7.503659602576496
+            Virtual Size: '0x1dad08'
+        .reloc:
+            Entropy: 4.029480459734737
+            Virtual Size: '0xc0'
+        .rsrc:
+            Entropy: 2.9106266625370485
+            Virtual Size: '0x22c'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Hardware Compatibility Publisher
+            ValidFrom: '2021-09-09 19:15:59'
+            ValidTo: '2022-09-01 19:15:59'
+            Signature: 1757782e797188079911866d54bd474a2432707984658c549a407e7fb4e5efa2ba72367a02b382d2116d4c4538836ddcd4616fcd231229df1ae5d0da6b3abe499ee5d8b47a7919940f6bbcbe2575018dca65eef4913e3d38410f2cd6cca3082d9ba2c061173cd828635665f76e8f0f685e03da24290b9d2cae7039da974de7b7e85798ba64cbe9ba34e0308c3bd6b4d68e9723fde74274fd3806fe799d04d6a3835f82d4fefc52088ccda4b4c817116f2f5a99445a3e952d78bc27753e65e97c6271c71ac7c9e3439b847e8984ab06a5904d150223f9ca92bbda86c02663c3f4964da5e106619b6eaff2768143cce9e5a8b0b2cba90e82cd87866d9fd6499c6cfbc96529a18b5653d12b54a6c928693a4e3d197ffbfcce7ed71a909b18d09b4345b24bc25eb8dfa1821a9cd0971ffc7d38a26580e2f118c4ac55bf926d0666b72ad7ba6ec20f0b54d694bc3b8a0dbddda27bd64194da085319841d1ebc9dc067ef72ea064a475bea865828b13077bc8e14e2f7544b90f0045f3cd84bcc0d5a80645a6fb65528e4f768ec775bdb0225399f3c81c0b667714676d0949f9ffaddc8549dc45e5ce4345c4ea7dc0aff4ac510f5527ad94a2181edc4b73bcfde813a83d81ca897854c98712346001a12e5d3bf9a45c807f9b3c7d3e0bb99c035ea54ee39e2c9af4147dbea7aabec85b47192b945e083ddf6061afb901e83b11135d24e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 330000004de597a775e3157f7b00000000004d
+            Version: 3
+            TBS:
+                MD5: 9f0782e89bd41cdd96ec55357457478a
+                SHA1: 35c2180572baad19019acca1334e6c653699c389
+                SHA256: 50814710213afec410f26e573d25267a2e21d3d15f158be8a43a666c9cc6fa08
+                SHA384: 8d48f066b0284071d64bbc556e018824a8388ccd142a56c7b7b04ef6d27cade07da57ac82d8067e18ad64d35af11e2a7
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2014
+            ValidFrom: '2014-10-15 20:31:27'
+            ValidTo: '2029-10-15 20:41:27'
+            Signature: 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 330000000d690d5d7893d076df00000000000d
+            Version: 3
+            TBS:
+                MD5: 83f69422963f11c3c340b81712eef319
+                SHA1: 0c5e5f24590b53bc291e28583acb78e5adc95601
+                SHA256: d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
+                SHA384: 260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63
+        Signer:
+        -   SerialNumber: 330000004de597a775e3157f7b00000000004d
+            Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2014
+            Version: 1
+    Imphash: d221afaadf43ceedb581e665435c56c7
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: e46017a78ed80d665a2fac51eb5c49f3
+        SHA1: dba3175fbe67b69a002161d718afb1507d9eb774
+        SHA256: 91793baa79b630f452267c408cc7509f25aa7ac0e39e88576e3daed3dcd5d8e5
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2021-12-03 02:33:16'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - ExReleaseFastMutex
+    - ObfDereferenceObject
+    - PsLookupProcessByProcessId
+    - NtQuerySystemInformation
+    - RtlInitUnicodeString
+    - KeSetEvent
+    - KeWaitForSingleObject
+    - ExAllocatePoolWithTag
+    - ExInitializeResourceLite
+    - ExAcquireResourceExclusiveLite
+    - ExReleaseResourceLite
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - IoGetCurrentProcess
+    - ObReferenceObjectByHandle
+    - ZwClose
+    - ZwOpenSection
+    - ZwMapViewOfSection
+    - MmIsAddressValid
+    - PsGetCurrentProcessId
+    - MmCopyVirtualMemory
+    - vsprintf_s
+    - swprintf_s
+    - ExEventObjectType
+    - _wcsicmp
+    - RtlInitString
+    - RtlAnsiStringToUnicodeString
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - ZwOpenDirectoryObject
+    - ZwQueryDirectoryObject
+    - ObReferenceObjectByName
+    - ZwQuerySystemInformation
+    - __C_specific_handler
+    - MmHighestUserAddress
+    - IoDriverObjectType
+    - KeQueryTimeIncrement
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - PsGetProcessWow64Process
+    - PsGetProcessPeb
+    - MmUnlockPages
+    - MmGetSystemRoutineAddress
+    - ExAcquireFastMutex
+    - IoFreeMdl
+    - ZwTerminateProcess
+    - PsGetProcessImageFileName
+    - ZwQueryObject
+    - ObOpenObjectByPointer
+    - PsReferenceProcessFilePointer
+    - IoQueryFileDosDeviceName
+    - MmProbeAndLockPages
+    - MmBuildMdlForNonPagedPool
+    - MmMapLockedPagesSpecifyCache
+    - IoAllocateMdl
+    - KeClearEvent
+    - MmMapLockedPages
+    - PsSetCreateProcessNotifyRoutineEx
+    - PsSetCreateThreadNotifyRoutine
+    - PsRemoveCreateThreadNotifyRoutine
+    - PsSetLoadImageNotifyRoutine
+    - PsRemoveLoadImageNotifyRoutine
+    - RtlUpcaseUnicodeChar
+    - ObRegisterCallbacks
+    - ObUnRegisterCallbacks
+    - ObGetFilterVersion
+    - PsGetProcessId
+    - IoThreadToProcess
+    - strcmp
+    - PsProcessType
+    - PsThreadType
+    - RtlEqualUnicodeString
+    - RtlGetVersion
+    - ObfReferenceObject
+    - ObGetObjectType
+    - ExEnumHandleTable
+    - ExfUnblockPushLock
+    - PsAcquireProcessExitSynchronization
+    - PsReleaseProcessExitSynchronization
+    - _snprintf
+    - ZwCreateFile
+    - ZwWriteFile
+    - PsLookupThreadByThreadId
+    - NtQueryInformationThread
+    - PsGetThreadProcess
+    - KeDelayExecutionThread
+    - KdDisableDebugger
+    - KdChangeOption
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - KdDebuggerEnabled
+    - PsGetVersion
+    - RtlCopyUnicodeString
+    - ExFreePoolWithTag
+    - ExAllocatePool
+    - KeInitializeEvent
+    - MmUnmapLockedPages
+    - WdfVersionBindClass
+    - WdfVersionBind
+    - WdfVersionUnbind
+    - WdfVersionUnbindClass
+    Imports:
+    - ntoskrnl.exe
+    - WDFLDR.SYS
+    InternalName: ''
+    MD5: 00f887e74faad40e6e97d9d0e9c71370
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: ffdf660eb1ebf020a1d0a55a90712dfb
+        SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
+        SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
+    SHA1: 6e58421e37c022410455b1c7b01f1e3c949df1cd
+    SHA256: b617a072c578cea38c460e2851f3d122ba1b7cfa1f5ee3e9f5927663ac37af61
+    Sections:
+        .text:
+            Entropy: 6.224625347669578
+            Virtual Size: '0x1739b'
+        .rdata:
+            Entropy: 5.257508421672409
+            Virtual Size: '0x21f4'
+        .data:
+            Entropy: 4.800125865260608
+            Virtual Size: '0x1218'
+        .pdata:
+            Entropy: 7.911280580518773
+            Virtual Size: '0xc18'
+        PAGE:
+            Entropy: 1.8182317397917946
+            Virtual Size: '0x1c1a'
+        INIT:
+            Entropy: 5.261323934534699
+            Virtual Size: '0x1168'
+        .upx0:
+            Entropy: 7.50967553410201
+            Virtual Size: '0x1d67ec'
+        .reloc:
+            Entropy: 4.0407774440334165
+            Virtual Size: '0xb4'
+        .rsrc:
+            Entropy: 2.9070295402348902
+            Virtual Size: '0x22c'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=CN, L=Shanghai, O=miHoYo Co.,Ltd., OU=OPS, CN=miHoYo Co.,Ltd.
+            ValidFrom: '2019-04-08 00:00:00'
+            ValidTo: '2022-04-08 12:00:00'
+            Signature: 46a5e6f6c38a63b314f7e2677bb86d4bcd7839eef8e006048ddd58c6783ff0657456e61c800efb31966c611f7ca7d1de1785e006e3f4c0b24cb652842e42cbae016320a774724537fc30e8f09895fdb626daa26b5740c7538aa1df1f97dcab12c3a743c2048f6c9a754f66189ac0f21544399798fb780cd347c9cac0443c8d778736938e17cdd5eca8a2338d8171efd61e13c868dff862da9df4ca8c653a227e0971030aa7e6b44dc2199d1ebd9cae00c6f0a3e91bb883cc509fb297902ba5c13e5826071d92178ace51f1a0653b0445cf7ba17226401c92d7db4f67a37d1243f9094ad5f32873891ea5004a8cbfec77129d4955e344492aaee456f852001ded
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 05a7559541e0fdc678d79e3272468907
+            Version: 3
+            TBS:
+                MD5: 3e83a7572d1c522dd9072ba6399029d7
+                SHA1: e2c2d59b70f028a66a8711bfa97f842475f84639
+                SHA256: 5a504a929cb21f72008d5d57bcd992a7cac13f6aa90cbb886b5ecd809e3b59dd
+                SHA384: 72916ab6c7eb3f5cb7444b3d7d2ac8cb52944605477c5a0f181d060e4edb4c37ebe5eb3c0566dda9de2d2707636ec355
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID Root CA
+            ValidFrom: '2011-04-15 19:41:37'
+            ValidTo: '2021-04-15 19:51:37'
+            Signature: 5cf5b22d02ceed01b53512d813f7aa4014c7a15ca08a55ed7e55ea6ac457176fd04722423658efc5ac61c5f62c52ce6ae6c80d85dab334420ea40225182672b92a4ea57e4b16f2a0e40c449ce24d9af474f0f927a6699031c244654348c74869d0fc8409f286140ac22996857f11eb8713176ed3ec6bff1d578ab17b1ea5a07ce9a27a68e5fac6b161d67263fa379163835599f81d614f0c6fa3f7bcb1152acc8d85e31417ef7e49443fb022c0f0acbe2fdbe10c86b0f4585c5a10a94bcdf3448a4652083e0a6210e9459504b78b8d4b074f500db7bbe7fb8ca27878c6c53b7663b2cfe521845a66fce04c79834ecfa8ee700586587cc29cd73ca3ad3c7e76625c87d0ed7cd5c55b1421f4be75a275d2e9e15ad020307841624d6b5e6e1b1710244ad8588775d015d762bbfd185665842561977faad49df4f35d6da031c2e19e02ac3e90c3327ee832903416d08b14cf95accee58c54a265b8bfed186a57073ed3e79a4a2f081a041c49871a8ae61b08a365d81c31c50d9cbab368ddf45076160675fec403e7d13edfdc862e10027e661296534e7af3365879b12042d8963f35be3f8ef2999743f5e40ce13c68728c8d49d75a52b573fb7a35943a61b08482c04885c19732d39b725fa0d2348f7ef0467cf28c7294c707b0d7b5b230b81965f09c8327b0a0abd0a2727e050fb3aeddb95b9b42bcc32663456b86f11d4643edc8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611cb28a000000000026
+            Version: 3
+            TBS:
+                MD5: 983a0c315a50542362f2bd6a5d71c8d0
+                SHA1: 8047f476001f5cb16a661d2a3fd0c3576168f5e2
+                SHA256: 5f6a519ed2e35cd0fa1cdfc90f4387162c36287bbf9e4d6648251d99542a9e83
+                SHA384: 5f014b60511ddab3247ef0b3c03fe82c622237ba76015e2911d1adc50dc632d56ebd1ee532f3c2b6cbfe68d80a2c91dc
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 7b721d64ff88c83ac1b7e9e7a9c487bbdb9492d7905933fa2b87dea85b80253f138f9b831b7c43c4e68cdf393ec315ecb0da3b21257b24c1725db84791811346fa9c3f6a5138deb425cbf0abdfc528015479104624d1380f26a161904dbabd28e63ff1c4aa9bf6da35534fc9f23dd36cdc23edaaa04d6709f33a803d3cfb364c90e776a4ddf23abf56352fa24c65e8e0d4dad1c7c8916a2d234f373b199418d4d59c103cd5b11c19ff8fc86b9b9ef8ae9c999678d1cd9c51155b4226725a8d0a4a239240e886de22c2933ad49b68a6df297f06b93c0ebd9fc4869c82474271328609997209794b9d7169f541ff7f397764f1848dbe8b1eb27d68a3a590b10cff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0fa8490615d700a0be2176fdc5ec6dbd
+            Version: 3
+            TBS:
+                MD5: a9a31555bbc92b6033975c5428fb3679
+                SHA1: 47f4b9898631773231b32844ec0d49990ac4eb1e
+                SHA256: c826846e4b1d73edb7561ab1b41c949354e237a91e82fe1be5b7e2e1701f52d1
+                SHA384: 86f49574f368a561914a52d7ae043ec6784ef8c718960700f834e123594605d25d39f1ad45f1eb5052c9567f3edd0e16
+        -   Subject: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo
+                RSA Time Stamping CA
+            ValidFrom: '2019-05-02 00:00:00'
+            ValidTo: '2038-01-18 23:59:59'
+            Signature: 6d5481a5335d16e1b553819175df037a320b2d258411b2b0db2a7d2a05f5bc3b27f45aa0b9495990296c61cbb550dbe27df99f00ef40c3add3e2e456f95841cff142e5107dffb0741f8fc65c09f9335eeaa01c26585cf3b4110fd5d5c3e2bcd55878bf4876e144676d8fb043100f8de4f93862bf1301c585a34cc5ccb2533095a4d6f4965608b8cd5c7f0196be72526a3b42377c1678399393949bb1dcb26d416d67cdc96f903d7f4572c11b23d6c2558466e4b3c56606f6f3d64b5eada32b428a2192fea86f5a2570628173635ea0bbd8dcd74ad33daf830638121d24872de4fc02d63e7704bc0436b5e777cb9c2e8d2318b9a3c2471df05dd6a1735705689aa7c937651dbeeabcd842834305a58ba609ffd1a194a64eaa3d09f5056cb7d2645ad82a22c24b9df1395e4cde483d9b34969a095f8efdf7b15291ce3f89f61ca1b5a9751f71bf5b435d653d50816eabf0d0d3fcb2b31fb6999626f43c798b5c64cccdee279ae5a0c00c7287c16e4d5ad31eeaf044e6326f1ceb174e94c37865203b0f41aa1fe9a1419dfeb1b8a0652a34e0dea8f93ce6c130bbc0a0632cfc5c1600a8d0c47fea119d1e06c6a66d325db438092b4907aafdec30daf1a72fcfb7fdfad0a384d9279efb016677b95610e1206ec6aeb1f9b6bac8355d33768ef17c200c2a77aeb5a20286ba29eeb45a00b18cabe3f90ac9545dd4b96a749ebd48ae98
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.12
+            IsCertificateAuthority: true
+            SerialNumber: 300f6facdd6698747ca94636a7782db9
+            Version: 3
+            TBS:
+                MD5: 63499ed59a1293b786649470e4ce0bd7
+                SHA1: 7309d8eaa65da1f3da7030c08f00a3b0a20fa908
+                SHA256: 8c8d2046b29e792e71b28705fe67c435208a336dde074a75452d98e72c734937
+                SHA384: 5dbc5eae13908fee4c4e5216f87e3e87208fff0d1052f5fa9f0856a429d6a6c422c625f2318f2f29aea26ece09c1e811
+        -   Subject: 'C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo
+                RSA Time Stamping Signer #2'
+            ValidFrom: '2020-10-23 00:00:00'
+            ValidTo: '2032-01-22 23:59:59'
+            Signature: 4a0378904233ec7b1a830936339855bb9d4006306b456af1940e1950ff5b255e3be139c45bbae995903737bddffb64ece582b795cc5755704b4ef4a887dd2285a657bbb82127d4a02a31948a07219e8abda71af50215cb4450998cec3eba0377a6820290c22e93a9be21347563b9e02d0fcf0137cb8da2fab85a9aaea17a9e139319558f09902edfea881716eb69d6e125bd45089780d75420284fca7bb3b3a5d200b0603465c4e3c5c3a5e4ba85aa7a69db75a43e79689a368b43ae36d461723c0e85620da05e70db642f01c7c1a1c72494a3b23c6eb25ea2d0faa8d1b8251c16e6c0d57f681ac46529352a2d88bceaae74d682e7c088b8e14f78f05ccac0405cc29fd5321c2cda3cac36f706529aa3403017b0291699c9aab78849f7e80b2533b53f6daf9f5f0a56df12b1c3eece9177e82013e95c24c7ea440b4ae613841c4deb0db5b886a030a78ba19fb42cccc01623c991e542034b80cee44de62a013ec05e85a024a11740d5dbdbe79810a4f1ea191b8054fa4789e89881a975c00edfd0689479a1a09e8eb6b74266cbd9d96b2f4dd8de3e321e20e4ec9c4d428d9dc73399823744d4262926408e782fb9eefa2ff1f18ffe50b878dd1496de1c0e70b02a856ab16c68e92ae4102b6e21fdd37c9d37e42a06d6c3f1d768e34f0779810813feb2645ee9b13ce6d07823b2092ce22662bf3ba99751ccc7443281b2afcfdf
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.12
+            IsCertificateAuthority: false
+            SerialNumber: 008c77a0008ff4d1b0c63d9f3a48838d6b
+            Version: 3
+            TBS:
+                MD5: 6efd500ce038df7aa3087c1e63a5eb5c
+                SHA1: 1c961712a02fb995c585080eda53a753656ca3ad
+                SHA256: f60d4f8f7b56499de889264b1e64890694c5b106129d3db068976ed33495577a
+                SHA384: 031fdf7c078e205b4d3ffaff40de36f48f91f87c3b0005b482ff614b320f5e47785045cb87a3e6a75085c24ae8409498
+        Signer:
+        -   SerialNumber: 05a7559541e0fdc678d79e3272468907
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID Code Signing CA,1
+            Version: 1
+    Imphash: ad4586d21c9469bf636b5e8660e9d702
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: a5419f516e383eaf16a76174b3a8becd
+        SHA1: e19e10d97d7ecd4a4376196f7e3dfa2365872867
+        SHA256: 5a021532f0ac453256526428ccf3518cdba4c6373cc72f340ba208b6c41b3a9e
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2022-05-30 11:28:46'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - ExReleaseFastMutex
+    - ObfDereferenceObject
+    - PsLookupProcessByProcessId
+    - NtQuerySystemInformation
+    - RtlInitUnicodeString
+    - KeSetEvent
+    - KeEnterCriticalRegion
+    - KeLeaveCriticalRegion
+    - KeWaitForSingleObject
+    - ExAllocatePoolWithTag
+    - ExInitializeResourceLite
+    - ExAcquireResourceExclusiveLite
+    - ExReleaseResourceLite
+    - ExDeleteResourceLite
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - IoGetCurrentProcess
+    - ObReferenceObjectByHandle
+    - ZwClose
+    - ZwOpenSection
+    - ZwMapViewOfSection
+    - MmIsAddressValid
+    - PsGetCurrentProcessId
+    - MmCopyVirtualMemory
+    - vsprintf_s
+    - swprintf_s
+    - ExEventObjectType
+    - _wcsicmp
+    - RtlInitString
+    - RtlAnsiStringToUnicodeString
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - ZwOpenDirectoryObject
+    - ZwQueryDirectoryObject
+    - ObReferenceObjectByName
+    - ZwQuerySystemInformation
+    - __C_specific_handler
+    - MmHighestUserAddress
+    - IoDriverObjectType
+    - KeQueryTimeIncrement
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - PsGetProcessWow64Process
+    - PsGetProcessPeb
+    - ExAcquireFastMutex
+    - MmGetSystemRoutineAddress
+    - MmUnmapLockedPages
+    - IoFreeMdl
+    - ZwTerminateProcess
+    - PsGetProcessImageFileName
+    - ZwQueryObject
+    - ObOpenObjectByPointer
+    - PsReferenceProcessFilePointer
+    - IoQueryFileDosDeviceName
+    - MmProbeAndLockPages
+    - MmBuildMdlForNonPagedPool
+    - MmMapLockedPagesSpecifyCache
+    - IoAllocateMdl
+    - KeClearEvent
+    - PsSetCreateProcessNotifyRoutineEx
+    - PsSetCreateThreadNotifyRoutine
+    - PsRemoveCreateThreadNotifyRoutine
+    - PsSetLoadImageNotifyRoutine
+    - PsRemoveLoadImageNotifyRoutine
+    - RtlUpcaseUnicodeChar
+    - DbgPrint
+    - ObRegisterCallbacks
+    - ObUnRegisterCallbacks
+    - ObGetFilterVersion
+    - PsGetProcessId
+    - IoThreadToProcess
+    - strcmp
+    - PsProcessType
+    - PsThreadType
+    - RtlEqualUnicodeString
+    - RtlGetVersion
+    - ObfReferenceObject
+    - ObGetObjectType
+    - ExEnumHandleTable
+    - ExfUnblockPushLock
+    - PsAcquireProcessExitSynchronization
+    - PsReleaseProcessExitSynchronization
+    - _snprintf
+    - ZwCreateFile
+    - ZwWriteFile
+    - PsLookupThreadByThreadId
+    - NtQueryInformationThread
+    - PsGetThreadProcess
+    - KeDelayExecutionThread
+    - KdDisableDebugger
+    - KdChangeOption
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - KdDebuggerEnabled
+    - PsGetVersion
+    - RtlCopyUnicodeString
+    - ExFreePoolWithTag
+    - ExAllocatePool
+    - KeInitializeEvent
+    - MmUnlockPages
+    - WdfVersionBindClass
+    - WdfVersionBind
+    - WdfVersionUnbind
+    - WdfVersionUnbindClass
+    Imports:
+    - ntoskrnl.exe
+    - WDFLDR.SYS
+    InternalName: ''
+    MD5: 5c9f240e0b83df758993837d18859cbe
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: ffdf660eb1ebf020a1d0a55a90712dfb
+        SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
+        SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
+    SHA1: 4075de7d7d2169d650c5ccede8251463913511e6
+    SHA256: b531f0a11ca481d5125c93c977325e135a04058019f939169ce3cdedaddd422d
+    Sections:
+        .text:
+            Entropy: 6.065533725912548
+            Virtual Size: '0x191bb'
+        .rdata:
+            Entropy: 5.23236423623771
+            Virtual Size: '0x21a4'
+        .data:
+            Entropy: 4.804032115260608
+            Virtual Size: '0x1218'
+        .pdata:
+            Entropy: 7.827342878613383
+            Virtual Size: '0xc00'
+        INIT:
+            Entropy: 5.273527796423258
+            Virtual Size: '0x11c0'
+        .upx0:
+            Entropy: 7.503659602576496
+            Virtual Size: '0x1dad08'
+        .reloc:
+            Entropy: 4.029480459734737
+            Virtual Size: '0xc0'
+        .rsrc:
+            Entropy: 2.9106266625370485
+            Virtual Size: '0x22c'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Hardware Compatibility Publisher
+            ValidFrom: '2021-09-09 19:15:59'
+            ValidTo: '2022-09-01 19:15:59'
+            Signature: 1757782e797188079911866d54bd474a2432707984658c549a407e7fb4e5efa2ba72367a02b382d2116d4c4538836ddcd4616fcd231229df1ae5d0da6b3abe499ee5d8b47a7919940f6bbcbe2575018dca65eef4913e3d38410f2cd6cca3082d9ba2c061173cd828635665f76e8f0f685e03da24290b9d2cae7039da974de7b7e85798ba64cbe9ba34e0308c3bd6b4d68e9723fde74274fd3806fe799d04d6a3835f82d4fefc52088ccda4b4c817116f2f5a99445a3e952d78bc27753e65e97c6271c71ac7c9e3439b847e8984ab06a5904d150223f9ca92bbda86c02663c3f4964da5e106619b6eaff2768143cce9e5a8b0b2cba90e82cd87866d9fd6499c6cfbc96529a18b5653d12b54a6c928693a4e3d197ffbfcce7ed71a909b18d09b4345b24bc25eb8dfa1821a9cd0971ffc7d38a26580e2f118c4ac55bf926d0666b72ad7ba6ec20f0b54d694bc3b8a0dbddda27bd64194da085319841d1ebc9dc067ef72ea064a475bea865828b13077bc8e14e2f7544b90f0045f3cd84bcc0d5a80645a6fb65528e4f768ec775bdb0225399f3c81c0b667714676d0949f9ffaddc8549dc45e5ce4345c4ea7dc0aff4ac510f5527ad94a2181edc4b73bcfde813a83d81ca897854c98712346001a12e5d3bf9a45c807f9b3c7d3e0bb99c035ea54ee39e2c9af4147dbea7aabec85b47192b945e083ddf6061afb901e83b11135d24e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 330000004de597a775e3157f7b00000000004d
+            Version: 3
+            TBS:
+                MD5: 9f0782e89bd41cdd96ec55357457478a
+                SHA1: 35c2180572baad19019acca1334e6c653699c389
+                SHA256: 50814710213afec410f26e573d25267a2e21d3d15f158be8a43a666c9cc6fa08
+                SHA384: 8d48f066b0284071d64bbc556e018824a8388ccd142a56c7b7b04ef6d27cade07da57ac82d8067e18ad64d35af11e2a7
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2014
+            ValidFrom: '2014-10-15 20:31:27'
+            ValidTo: '2029-10-15 20:41:27'
+            Signature: 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 330000000d690d5d7893d076df00000000000d
+            Version: 3
+            TBS:
+                MD5: 83f69422963f11c3c340b81712eef319
+                SHA1: 0c5e5f24590b53bc291e28583acb78e5adc95601
+                SHA256: d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
+                SHA384: 260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63
+        Signer:
+        -   SerialNumber: 330000004de597a775e3157f7b00000000004d
+            Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2014
+            Version: 1
+    Imphash: d221afaadf43ceedb581e665435c56c7
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/2ada18ae-2c52-49b6-b1a0-cf3b267f6dc7.yaml b/yaml/2ada18ae-2c52-49b6-b1a0-cf3b267f6dc7.yaml
index f26b1a4a3..ff36fab71 100644
--- a/yaml/2ada18ae-2c52-49b6-b1a0-cf3b267f6dc7.yaml
+++ b/yaml/2ada18ae-2c52-49b6-b1a0-cf3b267f6dc7.yaml
@@ -1,187 +1,189 @@
 Id: 2ada18ae-2c52-49b6-b1a0-cf3b267f6dc7
+Tags:
+- sfdrvx32.sys
+Verified: 'TRUE'
 Author: Nasreddine Bencherchali
 Created: '2023-05-06'
 MitreID: T1068
 Category: vulnerable driver
-Verified: 'TRUE'
 Commands:
-  Command: sc.exe create sfdrvx32.sys binPath=C:\windows\temp\sfdrvx32.sys type=kernel
-    && sc.exe start sfdrvx32.sys
-  Description: ''
-  Usecase: Elevate privileges
-  Privileges: kernel
-  OperatingSystem: Windows 10
+    Command: sc.exe create sfdrvx32.sys binPath=C:\windows\temp\sfdrvx32.sys type=kernel
+        && sc.exe start sfdrvx32.sys
+    Description: ''
+    Usecase: Elevate privileges
+    Privileges: kernel
+    OperatingSystem: Windows 10
 Resources:
 - Internal Research
-Acknowledgement:
-  Person: ''
-  Handle: ''
 Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Person: ''
+    Handle: ''
 KnownVulnerableSamples:
-- Filename: sfdrvx32.sys
-  MD5: 9f70cd5edcc4efc48ae21e04fb03be9d
-  SHA1: 42bb38b0b93d83b62fe2604b154ada9314c98df7
-  SHA256: ad23d77a38655acb71216824e363df8ac41a48a1a0080f35a0d23aa14b54460b
-  Authentihash:
-    MD5: b67247d2d35a3ff9c8ba26d4eeb0d40f
-    SHA1: e838b0bb0ebbe76e5f53ba6e508b71c7f077f3af
-    SHA256: f9fead3227d5cf7daf8c5312db672bc7a684e2216b2f48ff2fcd14493bc9c254
-  Description: Speed Fan x32 Driver
-  Company: Almico Software
-  InternalName: sfdrvx32.sys
-  OriginalFilename: sfdrvx32.sys
-  FileVersion: X4.43.04
-  Product: Speed Fan
-  ProductVersion: X4.43.04
-  Copyright: "Copyright \xA9 Almico Software 2001-2010"
-  MachineType: I386
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoDeleteDevice
-  - DbgPrint
-  - IoDeleteSymbolicLink
-  - IofCompleteRequest
-  - ExFreePoolWithTag
-  - ObfDereferenceObject
-  - PsGetVersion
-  - MmGetSystemRoutineAddress
-  - RtlInitUnicodeString
-  - RtlQueryRegistryValues
-  - ExAllocatePoolWithTag
-  - ObfReferenceObject
-  - IoGetDeviceObjectPointer
-  - IoCancelIrp
-  - KeWaitForSingleObject
-  - IofCallDriver
-  - IoBuildDeviceIoControlRequest
-  - KeInitializeEvent
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeTickCount
-  - RtlUnwind
-  - KeBugCheckEx
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=IT, ST=Marche, L=Ancona, O=Sokno S.R.L., OU=Digital ID Class 3 ,
-        Microsoft Software Validation v2, OU=Software Development, CN=Sokno S.R.L.
-      ValidFrom: '2010-02-06 00:00:00'
-      ValidTo: '2011-02-11 23:59:59'
-      Signature: 4af5c78740fff4400227bf9855994728dc50952f5fbfca91e51daf991c11699fc4471de9aba215c56b166966a7a7faa933de560a7dc2f747b5050d8d21c2f49c7c44e40378b8b0cfe243eb0ca6a44afdda2d830de6e4a4402aafd96af9e0370dde4aa7076d2eec26e7f63a89ee80a6fa37b733dd9cfc107289ea7a37b0247922ca9f2da216ac3763e36358035284a87f9ca3207c0a1d56e972466efbefcca77179787c990266e4773c686ebe44c3e865280b1c9410d711bf4af210c4af8d606602a2616bc4ef864a4873d0b315a3e8a4b8d621295a37b6e51d79511656dbcadb92c59816dc1be44536352d1a6eec740ed3be6d988d8eed2419498fcb5ffe2a44
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 202ed4a0a58d3214998c9a2bed089580
-      Version: 3
-      TBS:
-        MD5: 55742be12a3eedd1220df04ce0bf919b
-        SHA1: e385f5f8c52ddad2a1f19e6d43a289e012e5f478
-        SHA256: 34213e50739ea1768a9bf3c3eed6dabbb5d8ab444636ec35f9d6c71a4c73863d
-        SHA384: eefa42b51c6c31c434858a27a4717af9c186e8850bc2aa49b92a4205f59f3fd329fa4b1911a08b17b137cf37c35aae6c
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 202ed4a0a58d3214998c9a2bed089580
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: eb1de85a826ce3014afc6f1b75fbbb5e
-    SHA1: e7acb271725bfd3b9c46cc271eebfb22ff72db95
-    SHA256: 242af8aec339dbf89a98c94c5a7854bac50697c1a5d8416462a22f508720d68d
-  Sections:
-    .text:
-      Entropy: 6.59340421173457
-      Virtual Size: '0x2141'
-    .rdata:
-      Entropy: 4.517985554033445
-      Virtual Size: '0x118'
-    .data:
-      Entropy: 2.709147917027245
-      Virtual Size: '0x18'
-    PAGE:
-      Entropy: 6.040362768579528
-      Virtual Size: '0x77c'
-    INIT:
-      Entropy: 6.028057441714965
-      Virtual Size: '0x466'
-    .rsrc:
-      Entropy: 3.314057859058699
-      Virtual Size: '0x3f8'
-    .reloc:
-      Entropy: 5.771203435719941
-      Virtual Size: '0x1ec'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2010-12-18 04:03:50'
-  Imphash: c3c9e6c0c33bad17eb055ec795fc113e
-  LoadsDespiteHVCI: 'TRUE'
-Tags:
-- sfdrvx32.sys
+-   Filename: sfdrvx32.sys
+    MD5: 9f70cd5edcc4efc48ae21e04fb03be9d
+    SHA1: 42bb38b0b93d83b62fe2604b154ada9314c98df7
+    SHA256: ad23d77a38655acb71216824e363df8ac41a48a1a0080f35a0d23aa14b54460b
+    Authentihash:
+        MD5: b67247d2d35a3ff9c8ba26d4eeb0d40f
+        SHA1: e838b0bb0ebbe76e5f53ba6e508b71c7f077f3af
+        SHA256: f9fead3227d5cf7daf8c5312db672bc7a684e2216b2f48ff2fcd14493bc9c254
+    Description: Speed Fan x32 Driver
+    Company: Almico Software
+    InternalName: sfdrvx32.sys
+    OriginalFilename: sfdrvx32.sys
+    FileVersion: X4.43.04
+    Product: Speed Fan
+    ProductVersion: X4.43.04
+    Copyright: "Copyright \xA9 Almico Software 2001-2010"
+    MachineType: I386
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoDeleteDevice
+    - DbgPrint
+    - IoDeleteSymbolicLink
+    - IofCompleteRequest
+    - ExFreePoolWithTag
+    - ObfDereferenceObject
+    - PsGetVersion
+    - MmGetSystemRoutineAddress
+    - RtlInitUnicodeString
+    - RtlQueryRegistryValues
+    - ExAllocatePoolWithTag
+    - ObfReferenceObject
+    - IoGetDeviceObjectPointer
+    - IoCancelIrp
+    - KeWaitForSingleObject
+    - IofCallDriver
+    - IoBuildDeviceIoControlRequest
+    - KeInitializeEvent
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeTickCount
+    - RtlUnwind
+    - KeBugCheckEx
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        -   Subject: C=IT, ST=Marche, L=Ancona, O=Sokno S.R.L., OU=Digital ID Class
+                3 , Microsoft Software Validation v2, OU=Software Development, CN=Sokno
+                S.R.L.
+            ValidFrom: '2010-02-06 00:00:00'
+            ValidTo: '2011-02-11 23:59:59'
+            Signature: 4af5c78740fff4400227bf9855994728dc50952f5fbfca91e51daf991c11699fc4471de9aba215c56b166966a7a7faa933de560a7dc2f747b5050d8d21c2f49c7c44e40378b8b0cfe243eb0ca6a44afdda2d830de6e4a4402aafd96af9e0370dde4aa7076d2eec26e7f63a89ee80a6fa37b733dd9cfc107289ea7a37b0247922ca9f2da216ac3763e36358035284a87f9ca3207c0a1d56e972466efbefcca77179787c990266e4773c686ebe44c3e865280b1c9410d711bf4af210c4af8d606602a2616bc4ef864a4873d0b315a3e8a4b8d621295a37b6e51d79511656dbcadb92c59816dc1be44536352d1a6eec740ed3be6d988d8eed2419498fcb5ffe2a44
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 202ed4a0a58d3214998c9a2bed089580
+            Version: 3
+            TBS:
+                MD5: 55742be12a3eedd1220df04ce0bf919b
+                SHA1: e385f5f8c52ddad2a1f19e6d43a289e012e5f478
+                SHA256: 34213e50739ea1768a9bf3c3eed6dabbb5d8ab444636ec35f9d6c71a4c73863d
+                SHA384: eefa42b51c6c31c434858a27a4717af9c186e8850bc2aa49b92a4205f59f3fd329fa4b1911a08b17b137cf37c35aae6c
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 202ed4a0a58d3214998c9a2bed089580
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: eb1de85a826ce3014afc6f1b75fbbb5e
+        SHA1: e7acb271725bfd3b9c46cc271eebfb22ff72db95
+        SHA256: 242af8aec339dbf89a98c94c5a7854bac50697c1a5d8416462a22f508720d68d
+    Sections:
+        .text:
+            Entropy: 6.59340421173457
+            Virtual Size: '0x2141'
+        .rdata:
+            Entropy: 4.517985554033445
+            Virtual Size: '0x118'
+        .data:
+            Entropy: 2.709147917027245
+            Virtual Size: '0x18'
+        PAGE:
+            Entropy: 6.040362768579528
+            Virtual Size: '0x77c'
+        INIT:
+            Entropy: 6.028057441714965
+            Virtual Size: '0x466'
+        .rsrc:
+            Entropy: 3.314057859058699
+            Virtual Size: '0x3f8'
+        .reloc:
+            Entropy: 5.771203435719941
+            Virtual Size: '0x1ec'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2010-12-18 04:03:50'
+    Imphash: c3c9e6c0c33bad17eb055ec795fc113e
+    LoadsDespiteHVCI: 'TRUE'
diff --git a/yaml/2b918b1a-badb-4a85-9214-961607b21219.yaml b/yaml/2b918b1a-badb-4a85-9214-961607b21219.yaml
index 6dbd0e90b..1a9731457 100644
--- a/yaml/2b918b1a-badb-4a85-9214-961607b21219.yaml
+++ b/yaml/2b918b1a-badb-4a85-9214-961607b21219.yaml
@@ -1,532 +1,533 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 2b918b1a-badb-4a85-9214-961607b21219
+Tags:
+- phymem_ext64.sys
+Verified: 'TRUE'
 Author: Takahiro Haruyama
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create phymem_ext64sys binPath= C:\windows\temp\phymem_ext64sys.sys
-    type=kernel && sc.exe start phymem_ext64sys
-  Description: The Carbon Black Threat Analysis Unit (TAU) discovered 34 unique vulnerable
-    drivers (237 file hashes) accepting firmware access. Six allow kernel memory access.
-    All give full control of the devices to non-admin users. By exploiting the vulnerable
-    drivers, an attacker without the system privilege may erase/alter firmware, and/or
-    elevate privileges. As of the time of writing in October 2023, the filenames of
-    the vulnerable drivers have not been made public until now.
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-11-02'
-Detection: []
-Id: 2b918b1a-badb-4a85-9214-961607b21219
-KnownVulnerableSamples:
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: ''
-  MD5: affe4764d880e78b2afb2643b15b8d41
-  MachineType: AMD64
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: 928d26cce64ad458e1f602cc2aea848e0b04eaaf
-  SHA256: 4ec7af309a9359c332d300861655faeceb68bb1cd836dd66d10dd4fac9c01a28
-  Signature: ''
-  Imphash: 05d3de62beab8e88de1dafd3b24a16f6
-  Authentihash:
-    MD5: 8f3890ebc1854d6b014daf1cd58a683c
-    SHA1: 85f0ac83889df6d3feb439fe2026ce3a7968e263
-    SHA256: d6cb3418c1a512aef6b15586bf5234689d4e471e854103a72d80a8597d263403
-  RichPEHeaderHash:
-    MD5: 9c3a27e39a5e503f8e7a328f3d23c7d1
-    SHA1: ad62f47b829e51043a7c1554326d1e7a64f69ece
-    SHA256: d857baa340c7338dffd557b7409c2ddc259a88807a2583770407513e30ed7bbf
-  Sections:
-    .text:
-      Entropy: 6.075980194368059
-      Virtual Size: '0xc90'
-    .rdata:
-      Entropy: 3.9931177119501067
-      Virtual Size: '0x194'
-    .data:
-      Entropy: 0.46979092711892695
-      Virtual Size: '0x130'
-    .pdata:
-      Entropy: 3.320601478050092
-      Virtual Size: '0x6c'
-    INIT:
-      Entropy: 5.129844326298507
-      Virtual Size: '0x30a'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2014-08-19 21:33:26'
-  InternalName: ''
-  Copyright: ''
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - MmUnmapLockedPages
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - MmMapLockedPages
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - IoIs32bitProcess
-  - MmUnmapIoSpace
-  - MmBuildMdlForNonPagedPool
-  - IoFreeMdl
-  - MmMapLockedPagesSpecifyCache
-  - IoGetDeviceObjectPointer
-  - ExAllocatePool
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - IoAllocateMdl
-  - KeBugCheckEx
-  - __C_specific_handler
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert, Inc., CN=DigiCert Trusted G4 Code Signing RSA4096
-        SHA384 2021 CA1
-      ValidFrom: '2021-04-29 00:00:00'
-      ValidTo: '2036-04-28 23:59:59'
-      Signature: 3a23443d8d0876ee8fbc3a99d356e0021aa5f84834f32cb6e67466f79472b100caaf6c302713129e90449f4bfd9ea37c26d537bc3a5d486d95d53f49f427bb16814550fd9cbdb685e0767e3771cb22f75aaa90cff5936ae3eb20d1d55079889a8a8ac1b6bda148187edcd8801a111918cd61998156f6c9e376e7c4e41b5f43f83e94ff76393d9ed499cf4add28eb5f26a1955848d51afed7273ffd90d17686dd1cb0605cf30da8eee089a1bd39e1384eda6ebb369dfbe521535ac3cae96af1a23edb43b833c84f38149299f5ddce546dd95d02141f40337c03e295b2c221757352cb46d8c4341ca2a54b8dcd6f76372c853f1ace26e918be9007b0437f9588208270f0cccaeffd29355c1f893855f7378a8b09a1cb0be9311aff2e195c3971e1be9ca70a06d62667b792e64e5fde7aac49cf2ea47492addb3ca49c861fe3c1561b2b23ff8fb5ea887b706be6a0bafd3a3f45a6c4e81691528b41c048844b964dab4440e38df01528ceedf11856072a2f10c40c08643c338fae288c3ccb8f880b0dbf3bf4ce1e7b8eefb5ebcbb7f07713e6e7283fac12aea52f226c41f9825c1566cc6c0ecac586c3f626330c074ba0d307026a6a4030484b34a85120bbad1b8508e2590d6dca05502bea4a1c9ea5fda0a71f0674e7f2d65290fdaf854821f9573bb49c03ed8645f4b4616ebf68e2266086eac8afa9fe941de7631b3a8656784e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.12
-      IsCertificateAuthority: true
-      SerialNumber: 08ad40b260d29c4c9f5ecda9bd93aed9
-      Version: 3
-      TBS:
-        MD5: 5d8003a64dfa5a4d88365da1566038cb
-        SHA1: 79465b56bc7ad55a37bdf633943da8bfc84db228
-        SHA256: 84bdc82e2f2a7f7aaa782667dac556ffcb2b33240c1f9c0a00a3264526a98332
-        SHA384: 65b1d4076a89ae273f57e6eeedecb3eae129b4168f76fa7671914cdf461d542255c59d9b85b916ae0ca6fc0fcf7a8e64
-    - Subject: C=CN, ST=Guangdong Province, L=Shenzhen, O=Shenzhen Moyea Software,
-        CN=Shenzhen Moyea Software
-      ValidFrom: '2021-10-14 00:00:00'
-      ValidTo: '2024-10-16 23:59:59'
-      Signature: 3b0f3ae78dd863d21287b9c3c9b2708a857a104282d3dfe0f8a25e54015cd2b538e5952c295539447eaaaa6ff2804fcf737f62a633c090dc4d250a6738bed4f60ffea1aba18b6a1f2240b72b1c9ff3ffbb0e592178284d375dfdefb2c6f67675c6fe060b426811643081b74f433f473b80ae4918600bbde8f0cf8fa9d4237f3f89dd5bdbc8fb8698066307446fcedc640df539dd8b773ad5bda1d4b9083bc83c88fb3685fdde177bf80a1f1d66fdb492960a1334bd9b17141d1ff1c52b380aca6f092d746509ef5291b8a18f325871a51034cf51eaff0a7f54604ceb3ef9f64532326d28091aa4f4bfd93e0715b961c1b3fbdac691da09006dff68bf6148bb55979beceac4db9f47dda3958cd40b3013a1258974a25d7ba59ab118332dc848d2a60fb63b84e0796d80ab0f877351b1a0ce4a2c31de78acdcd38c44d63d0751abed776d0d86d62082f11c4d8c8c8a2c5b187db26bb551edb1ccdc8138478937ec522639b1c450318f16c0c9011ececbfcc1d12dfb270af59cb828bee6ec93623b5ef1e4e6083917047f3f7c2a199ae84653ec14f8749f105773e9a039764b087065aa1c77aa892b3ac33e9e1dcc03c7ef3a108a1d3477966d09aa5e0597a704b912842ebfaa7a19aeeda7fc9aca5a9fde4c0169bf1746d5a5567894d3f23a89ba90a44542de1c0ee6c09f227fc87c07c76eb9834bffe79d50bdfc5482b13f51ee
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 07c1044c6a0de08e13cc1b5e2c6d1fc0
-      Version: 3
-      TBS:
-        MD5: 71dd0345e896c6033cef5840c28346ba
-        SHA1: a8f17de69b591a80015e33f290808d5072f5fb4a
-        SHA256: 01be120134997087d356bd5d50fa89eed3447aeff1b66d7327373693e4879d42
-        SHA384: 269e4987cca4027fe44741ac54963d53289aea17cd951cffbf014790a02639417cd7e489b409dea04c41c630abff6da0
-    Signer:
-    - SerialNumber: 07c1044c6a0de08e13cc1b5e2c6d1fc0
-      Issuer: C=US, O=DigiCert, Inc., CN=DigiCert Trusted G4 Code Signing RSA4096
-        SHA384 2021 CA1
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: ''
-  MD5: a664904f69756834049e9e272abb6fea
-  MachineType: AMD64
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: c45d03076fa6e66c1b8b74b020ad84712755e3df
-  SHA256: 793a26c5c4c154a40f84c3d3165deb807062b26796acaae94b72f453e95230d5
-  Signature: ''
-  Imphash: 05d3de62beab8e88de1dafd3b24a16f6
-  Authentihash:
-    MD5: 8f3890ebc1854d6b014daf1cd58a683c
-    SHA1: 85f0ac83889df6d3feb439fe2026ce3a7968e263
-    SHA256: d6cb3418c1a512aef6b15586bf5234689d4e471e854103a72d80a8597d263403
-  RichPEHeaderHash:
-    MD5: 9c3a27e39a5e503f8e7a328f3d23c7d1
-    SHA1: ad62f47b829e51043a7c1554326d1e7a64f69ece
-    SHA256: d857baa340c7338dffd557b7409c2ddc259a88807a2583770407513e30ed7bbf
-  Sections:
-    .text:
-      Entropy: 6.075980194368059
-      Virtual Size: '0xc90'
-    .rdata:
-      Entropy: 3.9931177119501067
-      Virtual Size: '0x194'
-    .data:
-      Entropy: 0.46979092711892695
-      Virtual Size: '0x130'
-    .pdata:
-      Entropy: 3.320601478050092
-      Virtual Size: '0x6c'
-    INIT:
-      Entropy: 5.129844326298507
-      Virtual Size: '0x30a'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2014-08-19 21:33:26'
-  InternalName: ''
-  Copyright: ''
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - MmUnmapLockedPages
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - MmMapLockedPages
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - IoIs32bitProcess
-  - MmUnmapIoSpace
-  - MmBuildMdlForNonPagedPool
-  - IoFreeMdl
-  - MmMapLockedPagesSpecifyCache
-  - IoGetDeviceObjectPointer
-  - ExAllocatePool
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - IoAllocateMdl
-  - KeBugCheckEx
-  - __C_specific_handler
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert, Inc., CN=DigiCert Trusted G4 Code Signing RSA4096
-        SHA384 2021 CA1
-      ValidFrom: '2021-04-29 00:00:00'
-      ValidTo: '2036-04-28 23:59:59'
-      Signature: 3a23443d8d0876ee8fbc3a99d356e0021aa5f84834f32cb6e67466f79472b100caaf6c302713129e90449f4bfd9ea37c26d537bc3a5d486d95d53f49f427bb16814550fd9cbdb685e0767e3771cb22f75aaa90cff5936ae3eb20d1d55079889a8a8ac1b6bda148187edcd8801a111918cd61998156f6c9e376e7c4e41b5f43f83e94ff76393d9ed499cf4add28eb5f26a1955848d51afed7273ffd90d17686dd1cb0605cf30da8eee089a1bd39e1384eda6ebb369dfbe521535ac3cae96af1a23edb43b833c84f38149299f5ddce546dd95d02141f40337c03e295b2c221757352cb46d8c4341ca2a54b8dcd6f76372c853f1ace26e918be9007b0437f9588208270f0cccaeffd29355c1f893855f7378a8b09a1cb0be9311aff2e195c3971e1be9ca70a06d62667b792e64e5fde7aac49cf2ea47492addb3ca49c861fe3c1561b2b23ff8fb5ea887b706be6a0bafd3a3f45a6c4e81691528b41c048844b964dab4440e38df01528ceedf11856072a2f10c40c08643c338fae288c3ccb8f880b0dbf3bf4ce1e7b8eefb5ebcbb7f07713e6e7283fac12aea52f226c41f9825c1566cc6c0ecac586c3f626330c074ba0d307026a6a4030484b34a85120bbad1b8508e2590d6dca05502bea4a1c9ea5fda0a71f0674e7f2d65290fdaf854821f9573bb49c03ed8645f4b4616ebf68e2266086eac8afa9fe941de7631b3a8656784e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.12
-      IsCertificateAuthority: true
-      SerialNumber: 08ad40b260d29c4c9f5ecda9bd93aed9
-      Version: 3
-      TBS:
-        MD5: 5d8003a64dfa5a4d88365da1566038cb
-        SHA1: 79465b56bc7ad55a37bdf633943da8bfc84db228
-        SHA256: 84bdc82e2f2a7f7aaa782667dac556ffcb2b33240c1f9c0a00a3264526a98332
-        SHA384: 65b1d4076a89ae273f57e6eeedecb3eae129b4168f76fa7671914cdf461d542255c59d9b85b916ae0ca6fc0fcf7a8e64
-    - Subject: C=CN, ST=Guangdong Province, L=Shenzhen, O=Shenzhen Moyea Software,
-        CN=Shenzhen Moyea Software
-      ValidFrom: '2021-10-14 00:00:00'
-      ValidTo: '2024-10-16 23:59:59'
-      Signature: 3b0f3ae78dd863d21287b9c3c9b2708a857a104282d3dfe0f8a25e54015cd2b538e5952c295539447eaaaa6ff2804fcf737f62a633c090dc4d250a6738bed4f60ffea1aba18b6a1f2240b72b1c9ff3ffbb0e592178284d375dfdefb2c6f67675c6fe060b426811643081b74f433f473b80ae4918600bbde8f0cf8fa9d4237f3f89dd5bdbc8fb8698066307446fcedc640df539dd8b773ad5bda1d4b9083bc83c88fb3685fdde177bf80a1f1d66fdb492960a1334bd9b17141d1ff1c52b380aca6f092d746509ef5291b8a18f325871a51034cf51eaff0a7f54604ceb3ef9f64532326d28091aa4f4bfd93e0715b961c1b3fbdac691da09006dff68bf6148bb55979beceac4db9f47dda3958cd40b3013a1258974a25d7ba59ab118332dc848d2a60fb63b84e0796d80ab0f877351b1a0ce4a2c31de78acdcd38c44d63d0751abed776d0d86d62082f11c4d8c8c8a2c5b187db26bb551edb1ccdc8138478937ec522639b1c450318f16c0c9011ececbfcc1d12dfb270af59cb828bee6ec93623b5ef1e4e6083917047f3f7c2a199ae84653ec14f8749f105773e9a039764b087065aa1c77aa892b3ac33e9e1dcc03c7ef3a108a1d3477966d09aa5e0597a704b912842ebfaa7a19aeeda7fc9aca5a9fde4c0169bf1746d5a5567894d3f23a89ba90a44542de1c0ee6c09f227fc87c07c76eb9834bffe79d50bdfc5482b13f51ee
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 07c1044c6a0de08e13cc1b5e2c6d1fc0
-      Version: 3
-      TBS:
-        MD5: 71dd0345e896c6033cef5840c28346ba
-        SHA1: a8f17de69b591a80015e33f290808d5072f5fb4a
-        SHA256: 01be120134997087d356bd5d50fa89eed3447aeff1b66d7327373693e4879d42
-        SHA384: 269e4987cca4027fe44741ac54963d53289aea17cd951cffbf014790a02639417cd7e489b409dea04c41c630abff6da0
-    Signer:
-    - SerialNumber: 07c1044c6a0de08e13cc1b5e2c6d1fc0
-      Issuer: C=US, O=DigiCert, Inc., CN=DigiCert Trusted G4 Code Signing RSA4096
-        SHA384 2021 CA1
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: ''
-  MD5: a125390293d50091b643cfa096c2148c
-  MachineType: AMD64
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: ff9887cfd695916a06319b3a96f7ab2e6343a20e
-  SHA256: e26a21e1b79ecaee7033e05edb0bd72aca463c23bd6fdf5835916ce2dfdf1a63
-  Signature: ''
-  Imphash: 05d3de62beab8e88de1dafd3b24a16f6
-  Authentihash:
-    MD5: 8f3890ebc1854d6b014daf1cd58a683c
-    SHA1: 85f0ac83889df6d3feb439fe2026ce3a7968e263
-    SHA256: d6cb3418c1a512aef6b15586bf5234689d4e471e854103a72d80a8597d263403
-  RichPEHeaderHash:
-    MD5: 9c3a27e39a5e503f8e7a328f3d23c7d1
-    SHA1: ad62f47b829e51043a7c1554326d1e7a64f69ece
-    SHA256: d857baa340c7338dffd557b7409c2ddc259a88807a2583770407513e30ed7bbf
-  Sections:
-    .text:
-      Entropy: 6.075980194368059
-      Virtual Size: '0xc90'
-    .rdata:
-      Entropy: 3.9931177119501067
-      Virtual Size: '0x194'
-    .data:
-      Entropy: 0.46979092711892695
-      Virtual Size: '0x130'
-    .pdata:
-      Entropy: 3.320601478050092
-      Virtual Size: '0x6c'
-    INIT:
-      Entropy: 5.129844326298507
-      Virtual Size: '0x30a'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2014-08-19 21:33:26'
-  InternalName: ''
-  Copyright: ''
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - MmUnmapLockedPages
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - MmMapLockedPages
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - IoIs32bitProcess
-  - MmUnmapIoSpace
-  - MmBuildMdlForNonPagedPool
-  - IoFreeMdl
-  - MmMapLockedPagesSpecifyCache
-  - IoGetDeviceObjectPointer
-  - ExAllocatePool
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - IoAllocateMdl
-  - KeBugCheckEx
-  - __C_specific_handler
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Timestamping CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2028-01-28 12:00:00'
-      Signature: 4e5e56901e46b4d94931f3bb1739281bc216ddfd41dc0905049b6fb2a29ad6992e40990055b5ea3fa52076d38634d417cc553ac782eeefa8babcd8069f1550dfcd167b523a02d7191afdaff0785ce04bc518df3a241edaacb8a95804020730dbb0125efe31bef00448f4f070f83a5e5683cf3dfb0dbcf4c5ed979db9d4dba52784e3389b8ba735864420a43b6da46a0ba183fd28ebdaef28f6cc885dfb0a3b00abe021ebe22f356c0f8e344597eba2f79933357ecb9a8abb454de73f9fc2d98afa65b26ec77e65ffe892e12c31a2f7b02736488f266f3bee4d761f79c3e57f9635bc2d0ecc01b08e7fff518080a792d4b34446648c874f166307314b63b0dff3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee152d7
-      Version: 3
-      TBS:
-        MD5: e140543fe3256027cfa79fc3c19c1776
-        SHA1: c655f94eb1ecc93de319fc0c9a2dc6c5ec063728
-        SHA256: 3ca71e85908ff67368e4dc00253f5691b9e6d50c966e7784143d75fb92aa3448
-        SHA384: d9d366f9328f2b55ee19a32cc5fd5148b81d764282fe5dc196c872ae249caa51d2c212ef39f33945dfe0cda81925e326
-    - Subject: C=SG, O=GMO GlobalSign Pte Ltd, CN=GlobalSign TSA for MS Authenticode
-        , G1
-      ValidFrom: '2013-08-23 00:00:00'
-      ValidTo: '2024-09-23 00:00:00'
-      Signature: 0231142e5857644185e8af12753c881cc35eec2ce9a13cf5baaa531db9d12963dc436786d439dadec6c9ffbe4585f4a4d7c151ea18ee40585ee67bcca241291338c8ea21169cce90a62efba6cad994df401df902182bbef65d4f9fff9a48dbc50509ca80cea0f9dc4bc323e6038fb4b4af5b71296191181a6b7af2fd0dd1cd7d5e98ebba705ee5f4ea43de353dc514818adb3e105ebb72faa1a093ab031cc1653c91138b045d2bc4b9161bcc55c50ce8abe743c9b28328a5531347ab3964b91cea3430b176009521f1d43da8fda00032d76e983ca69c3b0b83becbb8bb2a268c59b8b9aeaf26ace234a2dc210d810b3813f745a3e3dbc4aca16d1bb7e5615cd7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1121405c1f0ed258882be54d8686ba11ea45
-      Version: 3
-      TBS:
-        MD5: b95cbc184d388718612d5933f7b36770
-        SHA1: ff124c5d160710720108616ffee99bbe090ed363
-        SHA256: 13027620255363f07bbf85ae7d0dc06c07d8b0f4368b12f983ee3f4fce605733
-        SHA384: f42ed00f615f2822dcd3d33794477428afb52ddab932ebcde3586f92a27e18f9faba6b3334ca4e59e0cb24bdbf8395a6
-    - Subject: C=CN, ST=GuangDong, L=ShenZhen, O=Shenzhen Moyea Software, OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, CN=Shenzhen Moyea Software
-      ValidFrom: '2013-06-26 00:00:00'
-      ValidTo: '2015-07-26 23:59:59'
-      Signature: 9fae06239933edda24c66ceed64d273ced1af9e27f353ca00c242ddda14e2ed348797fe4ac70004ed786c4861c489cac5c166c3cdd1df2b55f19270dfa38ae21ee464154efb02c00a384ed1c59f3978438341a8cd5aa4d99e477d7a63dbb48f928ce43e9551b1ef9282a411f07dab2bd773dd55e074397c64ec677d060b1c64027f56d9c65d1e3714dd204361abe1e39af47fad59068172a89625f600f52517e833af5a88dd4e3d5c6c11c7721ec854f522ec1b504d7ef458f3431c4a8525f1a0e9fdc4d3fe030aacbafebc0a817ca9e407dc6f4e1b0022778bde96f274cc791834239fa131570fb4ad8a2a62cc7703e2905ea60e33f456516796b680d31060f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3c4080057de4b37a48e6a7ba6ccf0e07
-      Version: 3
-      TBS:
-        MD5: 7c755dc4cf3054f9ccaf400c6dde5e3e
-        SHA1: bc3f88dc6acdfdcce7ca7f6703dab970bcd88c36
-        SHA256: 37dab5ac1313736d65f5b08813415b85f13d6265ba97edf8e1d965059710de77
-        SHA384: b9302fba34d79663aa82dfd35063d8a710a30cf88dc82dd015b6cdaf5db827116fd017780ad458c9b4a844b861b06778
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 3c4080057de4b37a48e6a7ba6ccf0e07
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: ''
-  MD5: 0c55128c301921ce71991a6d546756ad
-  MachineType: AMD64
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: ef8de780cfe839ecf6dc0dc161ae645bff9b853c
-  SHA256: fc3e8554602c476e2edfa92ba4f6fb2e5ba0db433b9fbd7d8be1036e454d2584
-  Signature: ''
-  Imphash: 05d3de62beab8e88de1dafd3b24a16f6
-  Authentihash:
-    MD5: 8f3890ebc1854d6b014daf1cd58a683c
-    SHA1: 85f0ac83889df6d3feb439fe2026ce3a7968e263
-    SHA256: d6cb3418c1a512aef6b15586bf5234689d4e471e854103a72d80a8597d263403
-  RichPEHeaderHash:
-    MD5: 9c3a27e39a5e503f8e7a328f3d23c7d1
-    SHA1: ad62f47b829e51043a7c1554326d1e7a64f69ece
-    SHA256: d857baa340c7338dffd557b7409c2ddc259a88807a2583770407513e30ed7bbf
-  Sections:
-    .text:
-      Entropy: 6.075980194368059
-      Virtual Size: '0xc90'
-    .rdata:
-      Entropy: 3.9931177119501067
-      Virtual Size: '0x194'
-    .data:
-      Entropy: 0.46979092711892695
-      Virtual Size: '0x130'
-    .pdata:
-      Entropy: 3.320601478050092
-      Virtual Size: '0x6c'
-    INIT:
-      Entropy: 5.129844326298507
-      Virtual Size: '0x30a'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2014-08-19 21:33:26'
-  InternalName: ''
-  Copyright: ''
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - MmUnmapLockedPages
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - MmMapLockedPages
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - IoIs32bitProcess
-  - MmUnmapIoSpace
-  - MmBuildMdlForNonPagedPool
-  - IoFreeMdl
-  - MmMapLockedPagesSpecifyCache
-  - IoGetDeviceObjectPointer
-  - ExAllocatePool
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - IoAllocateMdl
-  - KeBugCheckEx
-  - __C_specific_handler
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert, Inc., CN=DigiCert Timestamp 2021
-      ValidFrom: '2021-01-01 00:00:00'
-      ValidTo: '2031-01-06 00:00:00'
-      Signature: 481cdcb5e99a23bce71ae7200e8e6746fd427251740a2347a3ab92d225c47059be14a0e52781a54d1415190779f0d104c386d93bbdfe4402664ded69a40ff6b870cf62e8f5514a7879367a27b7f3e7529f93a7ed439e7be7b4dd412289fb87a246034efcf4feb76477635f2352698382fa1a53ed90cc8da117730df4f36539704bf39cd67a7bda0cbc3d32d01bcbf561fc75080076bc810ef8c0e15ccfc41172e71b6449d8229a751542f52d323881daf460a2bab452fb5ce06124254fb2dfc929a8734351dabd63d61f5b9bf72e1b4f131df74a0d717e97b7f43f84ebc1e3a349a1facea7bf56cfba597661895f7ea7b48e6778f93698e1cb28da5b87a68a2f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 0d424ae0be3a88ff604021ce1400f0dd
-      Version: 3
-      TBS:
-        MD5: c0189c338449a42fe8358c2c1fbecc60
-        SHA1: b8ac0ee6875594b80ad86a6df6dd1fa3048c187c
-        SHA256: a43de6baf968a942da017b70769fdb65b3cfb1bbca1f9174da26a7d8aae78ec5
-        SHA384: 76d3a316a5a106050298418cce3beea16100524723d9e3220b0de51bfb6f1c35a5d4c7cd10b358fef7bf94c3e3562150
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Assured
-        ID Timestamping CA
-      ValidFrom: '2016-01-07 12:00:00'
-      ValidTo: '2031-01-07 12:00:00'
-      Signature: 719512e951875669cdefddda7caa637ab378cf06374084ef4b84bfcacf0302fdc5a7c30e20422caf77f32b1f0c215a2ab705341d6aae99f827a266bf09aa60df76a43a930ff8b2d1d87c1962e85e82251ec4ba1c7b2c21e2d65b2c1435430468b2db7502e072c798d63c64e51f4810185f8938614d62462487638c91522caf2989e5781fd60b14a580d7124770b375d59385937eb69267fb536189a8f56b96c0f458690d7cc801b1b92875b7996385228c61ca79947e59fc8c0fe36fb50126b66ca5ee875121e458609bba0c2d2b6da2c47ebbc4252b4702087c49ae13b6e17c424228c61856cf4134b6665db6747bf55633222f2236b24ba24a95d8f5a68e52
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 0aa125d6d6321b7e41e405da3697c215
-      Version: 3
-      TBS:
-        MD5: 8d26184fc613f89aba1cefb30fce1b53
-        SHA1: 63a7e376bad5ec2e419d514a403bcf46c8d31d95
-        SHA256: 56b5f0d9db578e3f142921daa387902722a76700375c7e1c4ae0ba004bacaa0c
-        SHA384: d8c9691fe9dbe182f07b49b07fbb4f589fa7b38b5c4d21f265d3a2e818f4b1bfb39e03faab2ec05bb10333a99914fb8a
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Trusted Root
-        G4
-      ValidFrom: '2013-08-01 12:00:00'
-      ValidTo: '2038-01-15 12:00:00'
-      Signature: bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.12
-      IsCertificateAuthority: true
-      SerialNumber: 059b1b579e8e2132e23907bda777755c
-      Version: 3
-      TBS:
-        MD5: 41b622dd54995550fdc2f31ea12f8d9b
-        SHA1: 420704040c93dfe9d3ad01a26c07f2be1f4888c1
-        SHA256: 4816e2e9e37ba61e1def6f7a4c623e981c7af355e51349b5554a3d56c5252e24
-        SHA384: 4ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996
-    - Subject: C=US, O=DigiCert, Inc., CN=DigiCert Trusted G4 Code Signing RSA4096
-        SHA384 2021 CA1
-      ValidFrom: '2021-04-29 00:00:00'
-      ValidTo: '2036-04-28 23:59:59'
-      Signature: 3a23443d8d0876ee8fbc3a99d356e0021aa5f84834f32cb6e67466f79472b100caaf6c302713129e90449f4bfd9ea37c26d537bc3a5d486d95d53f49f427bb16814550fd9cbdb685e0767e3771cb22f75aaa90cff5936ae3eb20d1d55079889a8a8ac1b6bda148187edcd8801a111918cd61998156f6c9e376e7c4e41b5f43f83e94ff76393d9ed499cf4add28eb5f26a1955848d51afed7273ffd90d17686dd1cb0605cf30da8eee089a1bd39e1384eda6ebb369dfbe521535ac3cae96af1a23edb43b833c84f38149299f5ddce546dd95d02141f40337c03e295b2c221757352cb46d8c4341ca2a54b8dcd6f76372c853f1ace26e918be9007b0437f9588208270f0cccaeffd29355c1f893855f7378a8b09a1cb0be9311aff2e195c3971e1be9ca70a06d62667b792e64e5fde7aac49cf2ea47492addb3ca49c861fe3c1561b2b23ff8fb5ea887b706be6a0bafd3a3f45a6c4e81691528b41c048844b964dab4440e38df01528ceedf11856072a2f10c40c08643c338fae288c3ccb8f880b0dbf3bf4ce1e7b8eefb5ebcbb7f07713e6e7283fac12aea52f226c41f9825c1566cc6c0ecac586c3f626330c074ba0d307026a6a4030484b34a85120bbad1b8508e2590d6dca05502bea4a1c9ea5fda0a71f0674e7f2d65290fdaf854821f9573bb49c03ed8645f4b4616ebf68e2266086eac8afa9fe941de7631b3a8656784e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.12
-      IsCertificateAuthority: true
-      SerialNumber: 08ad40b260d29c4c9f5ecda9bd93aed9
-      Version: 3
-      TBS:
-        MD5: 5d8003a64dfa5a4d88365da1566038cb
-        SHA1: 79465b56bc7ad55a37bdf633943da8bfc84db228
-        SHA256: 84bdc82e2f2a7f7aaa782667dac556ffcb2b33240c1f9c0a00a3264526a98332
-        SHA384: 65b1d4076a89ae273f57e6eeedecb3eae129b4168f76fa7671914cdf461d542255c59d9b85b916ae0ca6fc0fcf7a8e64
-    - Subject: C=CN, ST=Guangdong Province, L=Shenzhen, O=Shenzhen Moyea Software,
-        CN=Shenzhen Moyea Software
-      ValidFrom: '2021-10-14 00:00:00'
-      ValidTo: '2024-10-16 23:59:59'
-      Signature: 3b0f3ae78dd863d21287b9c3c9b2708a857a104282d3dfe0f8a25e54015cd2b538e5952c295539447eaaaa6ff2804fcf737f62a633c090dc4d250a6738bed4f60ffea1aba18b6a1f2240b72b1c9ff3ffbb0e592178284d375dfdefb2c6f67675c6fe060b426811643081b74f433f473b80ae4918600bbde8f0cf8fa9d4237f3f89dd5bdbc8fb8698066307446fcedc640df539dd8b773ad5bda1d4b9083bc83c88fb3685fdde177bf80a1f1d66fdb492960a1334bd9b17141d1ff1c52b380aca6f092d746509ef5291b8a18f325871a51034cf51eaff0a7f54604ceb3ef9f64532326d28091aa4f4bfd93e0715b961c1b3fbdac691da09006dff68bf6148bb55979beceac4db9f47dda3958cd40b3013a1258974a25d7ba59ab118332dc848d2a60fb63b84e0796d80ab0f877351b1a0ce4a2c31de78acdcd38c44d63d0751abed776d0d86d62082f11c4d8c8c8a2c5b187db26bb551edb1ccdc8138478937ec522639b1c450318f16c0c9011ececbfcc1d12dfb270af59cb828bee6ec93623b5ef1e4e6083917047f3f7c2a199ae84653ec14f8749f105773e9a039764b087065aa1c77aa892b3ac33e9e1dcc03c7ef3a108a1d3477966d09aa5e0597a704b912842ebfaa7a19aeeda7fc9aca5a9fde4c0169bf1746d5a5567894d3f23a89ba90a44542de1c0ee6c09f227fc87c07c76eb9834bffe79d50bdfc5482b13f51ee
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 07c1044c6a0de08e13cc1b5e2c6d1fc0
-      Version: 3
-      TBS:
-        MD5: 71dd0345e896c6033cef5840c28346ba
-        SHA1: a8f17de69b591a80015e33f290808d5072f5fb4a
-        SHA256: 01be120134997087d356bd5d50fa89eed3447aeff1b66d7327373693e4879d42
-        SHA384: 269e4987cca4027fe44741ac54963d53289aea17cd951cffbf014790a02639417cd7e489b409dea04c41c630abff6da0
-    Signer:
-    - SerialNumber: 07c1044c6a0de08e13cc1b5e2c6d1fc0
-      Issuer: C=US, O=DigiCert, Inc., CN=DigiCert Trusted G4 Code Signing RSA4096
-        SHA384 2021 CA1
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create phymem_ext64sys binPath= C:\windows\temp\phymem_ext64sys.sys
+        type=kernel && sc.exe start phymem_ext64sys
+    Description: The Carbon Black Threat Analysis Unit (TAU) discovered 34 unique
+        vulnerable drivers (237 file hashes) accepting firmware access. Six allow
+        kernel memory access. All give full control of the devices to non-admin users.
+        By exploiting the vulnerable drivers, an attacker without the system privilege
+        may erase/alter firmware, and/or elevate privileges. As of the time of writing
+        in October 2023, the filenames of the vulnerable drivers have not been made
+        public until now.
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://blogs.vmware.com/security/2023/10/hunting-vulnerable-kernel-drivers.html
-Tags:
-- phymem_ext64.sys
-Verified: 'TRUE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: ''
+    MD5: affe4764d880e78b2afb2643b15b8d41
+    MachineType: AMD64
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: 928d26cce64ad458e1f602cc2aea848e0b04eaaf
+    SHA256: 4ec7af309a9359c332d300861655faeceb68bb1cd836dd66d10dd4fac9c01a28
+    Signature: ''
+    Imphash: 05d3de62beab8e88de1dafd3b24a16f6
+    Authentihash:
+        MD5: 8f3890ebc1854d6b014daf1cd58a683c
+        SHA1: 85f0ac83889df6d3feb439fe2026ce3a7968e263
+        SHA256: d6cb3418c1a512aef6b15586bf5234689d4e471e854103a72d80a8597d263403
+    RichPEHeaderHash:
+        MD5: 9c3a27e39a5e503f8e7a328f3d23c7d1
+        SHA1: ad62f47b829e51043a7c1554326d1e7a64f69ece
+        SHA256: d857baa340c7338dffd557b7409c2ddc259a88807a2583770407513e30ed7bbf
+    Sections:
+        .text:
+            Entropy: 6.075980194368059
+            Virtual Size: '0xc90'
+        .rdata:
+            Entropy: 3.9931177119501067
+            Virtual Size: '0x194'
+        .data:
+            Entropy: 0.46979092711892695
+            Virtual Size: '0x130'
+        .pdata:
+            Entropy: 3.320601478050092
+            Virtual Size: '0x6c'
+        INIT:
+            Entropy: 5.129844326298507
+            Virtual Size: '0x30a'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2014-08-19 21:33:26'
+    InternalName: ''
+    Copyright: ''
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - MmUnmapLockedPages
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - MmMapLockedPages
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - IoIs32bitProcess
+    - MmUnmapIoSpace
+    - MmBuildMdlForNonPagedPool
+    - IoFreeMdl
+    - MmMapLockedPagesSpecifyCache
+    - IoGetDeviceObjectPointer
+    - ExAllocatePool
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - IoAllocateMdl
+    - KeBugCheckEx
+    - __C_specific_handler
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert, Inc., CN=DigiCert Trusted G4 Code Signing RSA4096
+                SHA384 2021 CA1
+            ValidFrom: '2021-04-29 00:00:00'
+            ValidTo: '2036-04-28 23:59:59'
+            Signature: 3a23443d8d0876ee8fbc3a99d356e0021aa5f84834f32cb6e67466f79472b100caaf6c302713129e90449f4bfd9ea37c26d537bc3a5d486d95d53f49f427bb16814550fd9cbdb685e0767e3771cb22f75aaa90cff5936ae3eb20d1d55079889a8a8ac1b6bda148187edcd8801a111918cd61998156f6c9e376e7c4e41b5f43f83e94ff76393d9ed499cf4add28eb5f26a1955848d51afed7273ffd90d17686dd1cb0605cf30da8eee089a1bd39e1384eda6ebb369dfbe521535ac3cae96af1a23edb43b833c84f38149299f5ddce546dd95d02141f40337c03e295b2c221757352cb46d8c4341ca2a54b8dcd6f76372c853f1ace26e918be9007b0437f9588208270f0cccaeffd29355c1f893855f7378a8b09a1cb0be9311aff2e195c3971e1be9ca70a06d62667b792e64e5fde7aac49cf2ea47492addb3ca49c861fe3c1561b2b23ff8fb5ea887b706be6a0bafd3a3f45a6c4e81691528b41c048844b964dab4440e38df01528ceedf11856072a2f10c40c08643c338fae288c3ccb8f880b0dbf3bf4ce1e7b8eefb5ebcbb7f07713e6e7283fac12aea52f226c41f9825c1566cc6c0ecac586c3f626330c074ba0d307026a6a4030484b34a85120bbad1b8508e2590d6dca05502bea4a1c9ea5fda0a71f0674e7f2d65290fdaf854821f9573bb49c03ed8645f4b4616ebf68e2266086eac8afa9fe941de7631b3a8656784e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.12
+            IsCertificateAuthority: true
+            SerialNumber: 08ad40b260d29c4c9f5ecda9bd93aed9
+            Version: 3
+            TBS:
+                MD5: 5d8003a64dfa5a4d88365da1566038cb
+                SHA1: 79465b56bc7ad55a37bdf633943da8bfc84db228
+                SHA256: 84bdc82e2f2a7f7aaa782667dac556ffcb2b33240c1f9c0a00a3264526a98332
+                SHA384: 65b1d4076a89ae273f57e6eeedecb3eae129b4168f76fa7671914cdf461d542255c59d9b85b916ae0ca6fc0fcf7a8e64
+        -   Subject: C=CN, ST=Guangdong Province, L=Shenzhen, O=Shenzhen Moyea Software,
+                CN=Shenzhen Moyea Software
+            ValidFrom: '2021-10-14 00:00:00'
+            ValidTo: '2024-10-16 23:59:59'
+            Signature: 3b0f3ae78dd863d21287b9c3c9b2708a857a104282d3dfe0f8a25e54015cd2b538e5952c295539447eaaaa6ff2804fcf737f62a633c090dc4d250a6738bed4f60ffea1aba18b6a1f2240b72b1c9ff3ffbb0e592178284d375dfdefb2c6f67675c6fe060b426811643081b74f433f473b80ae4918600bbde8f0cf8fa9d4237f3f89dd5bdbc8fb8698066307446fcedc640df539dd8b773ad5bda1d4b9083bc83c88fb3685fdde177bf80a1f1d66fdb492960a1334bd9b17141d1ff1c52b380aca6f092d746509ef5291b8a18f325871a51034cf51eaff0a7f54604ceb3ef9f64532326d28091aa4f4bfd93e0715b961c1b3fbdac691da09006dff68bf6148bb55979beceac4db9f47dda3958cd40b3013a1258974a25d7ba59ab118332dc848d2a60fb63b84e0796d80ab0f877351b1a0ce4a2c31de78acdcd38c44d63d0751abed776d0d86d62082f11c4d8c8c8a2c5b187db26bb551edb1ccdc8138478937ec522639b1c450318f16c0c9011ececbfcc1d12dfb270af59cb828bee6ec93623b5ef1e4e6083917047f3f7c2a199ae84653ec14f8749f105773e9a039764b087065aa1c77aa892b3ac33e9e1dcc03c7ef3a108a1d3477966d09aa5e0597a704b912842ebfaa7a19aeeda7fc9aca5a9fde4c0169bf1746d5a5567894d3f23a89ba90a44542de1c0ee6c09f227fc87c07c76eb9834bffe79d50bdfc5482b13f51ee
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 07c1044c6a0de08e13cc1b5e2c6d1fc0
+            Version: 3
+            TBS:
+                MD5: 71dd0345e896c6033cef5840c28346ba
+                SHA1: a8f17de69b591a80015e33f290808d5072f5fb4a
+                SHA256: 01be120134997087d356bd5d50fa89eed3447aeff1b66d7327373693e4879d42
+                SHA384: 269e4987cca4027fe44741ac54963d53289aea17cd951cffbf014790a02639417cd7e489b409dea04c41c630abff6da0
+        Signer:
+        -   SerialNumber: 07c1044c6a0de08e13cc1b5e2c6d1fc0
+            Issuer: C=US, O=DigiCert, Inc., CN=DigiCert Trusted G4 Code Signing RSA4096
+                SHA384 2021 CA1
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: ''
+    MD5: a664904f69756834049e9e272abb6fea
+    MachineType: AMD64
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: c45d03076fa6e66c1b8b74b020ad84712755e3df
+    SHA256: 793a26c5c4c154a40f84c3d3165deb807062b26796acaae94b72f453e95230d5
+    Signature: ''
+    Imphash: 05d3de62beab8e88de1dafd3b24a16f6
+    Authentihash:
+        MD5: 8f3890ebc1854d6b014daf1cd58a683c
+        SHA1: 85f0ac83889df6d3feb439fe2026ce3a7968e263
+        SHA256: d6cb3418c1a512aef6b15586bf5234689d4e471e854103a72d80a8597d263403
+    RichPEHeaderHash:
+        MD5: 9c3a27e39a5e503f8e7a328f3d23c7d1
+        SHA1: ad62f47b829e51043a7c1554326d1e7a64f69ece
+        SHA256: d857baa340c7338dffd557b7409c2ddc259a88807a2583770407513e30ed7bbf
+    Sections:
+        .text:
+            Entropy: 6.075980194368059
+            Virtual Size: '0xc90'
+        .rdata:
+            Entropy: 3.9931177119501067
+            Virtual Size: '0x194'
+        .data:
+            Entropy: 0.46979092711892695
+            Virtual Size: '0x130'
+        .pdata:
+            Entropy: 3.320601478050092
+            Virtual Size: '0x6c'
+        INIT:
+            Entropy: 5.129844326298507
+            Virtual Size: '0x30a'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2014-08-19 21:33:26'
+    InternalName: ''
+    Copyright: ''
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - MmUnmapLockedPages
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - MmMapLockedPages
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - IoIs32bitProcess
+    - MmUnmapIoSpace
+    - MmBuildMdlForNonPagedPool
+    - IoFreeMdl
+    - MmMapLockedPagesSpecifyCache
+    - IoGetDeviceObjectPointer
+    - ExAllocatePool
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - IoAllocateMdl
+    - KeBugCheckEx
+    - __C_specific_handler
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert, Inc., CN=DigiCert Trusted G4 Code Signing RSA4096
+                SHA384 2021 CA1
+            ValidFrom: '2021-04-29 00:00:00'
+            ValidTo: '2036-04-28 23:59:59'
+            Signature: 3a23443d8d0876ee8fbc3a99d356e0021aa5f84834f32cb6e67466f79472b100caaf6c302713129e90449f4bfd9ea37c26d537bc3a5d486d95d53f49f427bb16814550fd9cbdb685e0767e3771cb22f75aaa90cff5936ae3eb20d1d55079889a8a8ac1b6bda148187edcd8801a111918cd61998156f6c9e376e7c4e41b5f43f83e94ff76393d9ed499cf4add28eb5f26a1955848d51afed7273ffd90d17686dd1cb0605cf30da8eee089a1bd39e1384eda6ebb369dfbe521535ac3cae96af1a23edb43b833c84f38149299f5ddce546dd95d02141f40337c03e295b2c221757352cb46d8c4341ca2a54b8dcd6f76372c853f1ace26e918be9007b0437f9588208270f0cccaeffd29355c1f893855f7378a8b09a1cb0be9311aff2e195c3971e1be9ca70a06d62667b792e64e5fde7aac49cf2ea47492addb3ca49c861fe3c1561b2b23ff8fb5ea887b706be6a0bafd3a3f45a6c4e81691528b41c048844b964dab4440e38df01528ceedf11856072a2f10c40c08643c338fae288c3ccb8f880b0dbf3bf4ce1e7b8eefb5ebcbb7f07713e6e7283fac12aea52f226c41f9825c1566cc6c0ecac586c3f626330c074ba0d307026a6a4030484b34a85120bbad1b8508e2590d6dca05502bea4a1c9ea5fda0a71f0674e7f2d65290fdaf854821f9573bb49c03ed8645f4b4616ebf68e2266086eac8afa9fe941de7631b3a8656784e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.12
+            IsCertificateAuthority: true
+            SerialNumber: 08ad40b260d29c4c9f5ecda9bd93aed9
+            Version: 3
+            TBS:
+                MD5: 5d8003a64dfa5a4d88365da1566038cb
+                SHA1: 79465b56bc7ad55a37bdf633943da8bfc84db228
+                SHA256: 84bdc82e2f2a7f7aaa782667dac556ffcb2b33240c1f9c0a00a3264526a98332
+                SHA384: 65b1d4076a89ae273f57e6eeedecb3eae129b4168f76fa7671914cdf461d542255c59d9b85b916ae0ca6fc0fcf7a8e64
+        -   Subject: C=CN, ST=Guangdong Province, L=Shenzhen, O=Shenzhen Moyea Software,
+                CN=Shenzhen Moyea Software
+            ValidFrom: '2021-10-14 00:00:00'
+            ValidTo: '2024-10-16 23:59:59'
+            Signature: 3b0f3ae78dd863d21287b9c3c9b2708a857a104282d3dfe0f8a25e54015cd2b538e5952c295539447eaaaa6ff2804fcf737f62a633c090dc4d250a6738bed4f60ffea1aba18b6a1f2240b72b1c9ff3ffbb0e592178284d375dfdefb2c6f67675c6fe060b426811643081b74f433f473b80ae4918600bbde8f0cf8fa9d4237f3f89dd5bdbc8fb8698066307446fcedc640df539dd8b773ad5bda1d4b9083bc83c88fb3685fdde177bf80a1f1d66fdb492960a1334bd9b17141d1ff1c52b380aca6f092d746509ef5291b8a18f325871a51034cf51eaff0a7f54604ceb3ef9f64532326d28091aa4f4bfd93e0715b961c1b3fbdac691da09006dff68bf6148bb55979beceac4db9f47dda3958cd40b3013a1258974a25d7ba59ab118332dc848d2a60fb63b84e0796d80ab0f877351b1a0ce4a2c31de78acdcd38c44d63d0751abed776d0d86d62082f11c4d8c8c8a2c5b187db26bb551edb1ccdc8138478937ec522639b1c450318f16c0c9011ececbfcc1d12dfb270af59cb828bee6ec93623b5ef1e4e6083917047f3f7c2a199ae84653ec14f8749f105773e9a039764b087065aa1c77aa892b3ac33e9e1dcc03c7ef3a108a1d3477966d09aa5e0597a704b912842ebfaa7a19aeeda7fc9aca5a9fde4c0169bf1746d5a5567894d3f23a89ba90a44542de1c0ee6c09f227fc87c07c76eb9834bffe79d50bdfc5482b13f51ee
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 07c1044c6a0de08e13cc1b5e2c6d1fc0
+            Version: 3
+            TBS:
+                MD5: 71dd0345e896c6033cef5840c28346ba
+                SHA1: a8f17de69b591a80015e33f290808d5072f5fb4a
+                SHA256: 01be120134997087d356bd5d50fa89eed3447aeff1b66d7327373693e4879d42
+                SHA384: 269e4987cca4027fe44741ac54963d53289aea17cd951cffbf014790a02639417cd7e489b409dea04c41c630abff6da0
+        Signer:
+        -   SerialNumber: 07c1044c6a0de08e13cc1b5e2c6d1fc0
+            Issuer: C=US, O=DigiCert, Inc., CN=DigiCert Trusted G4 Code Signing RSA4096
+                SHA384 2021 CA1
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: ''
+    MD5: a125390293d50091b643cfa096c2148c
+    MachineType: AMD64
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: ff9887cfd695916a06319b3a96f7ab2e6343a20e
+    SHA256: e26a21e1b79ecaee7033e05edb0bd72aca463c23bd6fdf5835916ce2dfdf1a63
+    Signature: ''
+    Imphash: 05d3de62beab8e88de1dafd3b24a16f6
+    Authentihash:
+        MD5: 8f3890ebc1854d6b014daf1cd58a683c
+        SHA1: 85f0ac83889df6d3feb439fe2026ce3a7968e263
+        SHA256: d6cb3418c1a512aef6b15586bf5234689d4e471e854103a72d80a8597d263403
+    RichPEHeaderHash:
+        MD5: 9c3a27e39a5e503f8e7a328f3d23c7d1
+        SHA1: ad62f47b829e51043a7c1554326d1e7a64f69ece
+        SHA256: d857baa340c7338dffd557b7409c2ddc259a88807a2583770407513e30ed7bbf
+    Sections:
+        .text:
+            Entropy: 6.075980194368059
+            Virtual Size: '0xc90'
+        .rdata:
+            Entropy: 3.9931177119501067
+            Virtual Size: '0x194'
+        .data:
+            Entropy: 0.46979092711892695
+            Virtual Size: '0x130'
+        .pdata:
+            Entropy: 3.320601478050092
+            Virtual Size: '0x6c'
+        INIT:
+            Entropy: 5.129844326298507
+            Virtual Size: '0x30a'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2014-08-19 21:33:26'
+    InternalName: ''
+    Copyright: ''
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - MmUnmapLockedPages
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - MmMapLockedPages
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - IoIs32bitProcess
+    - MmUnmapIoSpace
+    - MmBuildMdlForNonPagedPool
+    - IoFreeMdl
+    - MmMapLockedPagesSpecifyCache
+    - IoGetDeviceObjectPointer
+    - ExAllocatePool
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - IoAllocateMdl
+    - KeBugCheckEx
+    - __C_specific_handler
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Timestamping CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2028-01-28 12:00:00'
+            Signature: 4e5e56901e46b4d94931f3bb1739281bc216ddfd41dc0905049b6fb2a29ad6992e40990055b5ea3fa52076d38634d417cc553ac782eeefa8babcd8069f1550dfcd167b523a02d7191afdaff0785ce04bc518df3a241edaacb8a95804020730dbb0125efe31bef00448f4f070f83a5e5683cf3dfb0dbcf4c5ed979db9d4dba52784e3389b8ba735864420a43b6da46a0ba183fd28ebdaef28f6cc885dfb0a3b00abe021ebe22f356c0f8e344597eba2f79933357ecb9a8abb454de73f9fc2d98afa65b26ec77e65ffe892e12c31a2f7b02736488f266f3bee4d761f79c3e57f9635bc2d0ecc01b08e7fff518080a792d4b34446648c874f166307314b63b0dff3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee152d7
+            Version: 3
+            TBS:
+                MD5: e140543fe3256027cfa79fc3c19c1776
+                SHA1: c655f94eb1ecc93de319fc0c9a2dc6c5ec063728
+                SHA256: 3ca71e85908ff67368e4dc00253f5691b9e6d50c966e7784143d75fb92aa3448
+                SHA384: d9d366f9328f2b55ee19a32cc5fd5148b81d764282fe5dc196c872ae249caa51d2c212ef39f33945dfe0cda81925e326
+        -   Subject: C=SG, O=GMO GlobalSign Pte Ltd, CN=GlobalSign TSA for MS Authenticode
+                , G1
+            ValidFrom: '2013-08-23 00:00:00'
+            ValidTo: '2024-09-23 00:00:00'
+            Signature: 0231142e5857644185e8af12753c881cc35eec2ce9a13cf5baaa531db9d12963dc436786d439dadec6c9ffbe4585f4a4d7c151ea18ee40585ee67bcca241291338c8ea21169cce90a62efba6cad994df401df902182bbef65d4f9fff9a48dbc50509ca80cea0f9dc4bc323e6038fb4b4af5b71296191181a6b7af2fd0dd1cd7d5e98ebba705ee5f4ea43de353dc514818adb3e105ebb72faa1a093ab031cc1653c91138b045d2bc4b9161bcc55c50ce8abe743c9b28328a5531347ab3964b91cea3430b176009521f1d43da8fda00032d76e983ca69c3b0b83becbb8bb2a268c59b8b9aeaf26ace234a2dc210d810b3813f745a3e3dbc4aca16d1bb7e5615cd7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1121405c1f0ed258882be54d8686ba11ea45
+            Version: 3
+            TBS:
+                MD5: b95cbc184d388718612d5933f7b36770
+                SHA1: ff124c5d160710720108616ffee99bbe090ed363
+                SHA256: 13027620255363f07bbf85ae7d0dc06c07d8b0f4368b12f983ee3f4fce605733
+                SHA384: f42ed00f615f2822dcd3d33794477428afb52ddab932ebcde3586f92a27e18f9faba6b3334ca4e59e0cb24bdbf8395a6
+        -   Subject: C=CN, ST=GuangDong, L=ShenZhen, O=Shenzhen Moyea Software, OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, CN=Shenzhen Moyea Software
+            ValidFrom: '2013-06-26 00:00:00'
+            ValidTo: '2015-07-26 23:59:59'
+            Signature: 9fae06239933edda24c66ceed64d273ced1af9e27f353ca00c242ddda14e2ed348797fe4ac70004ed786c4861c489cac5c166c3cdd1df2b55f19270dfa38ae21ee464154efb02c00a384ed1c59f3978438341a8cd5aa4d99e477d7a63dbb48f928ce43e9551b1ef9282a411f07dab2bd773dd55e074397c64ec677d060b1c64027f56d9c65d1e3714dd204361abe1e39af47fad59068172a89625f600f52517e833af5a88dd4e3d5c6c11c7721ec854f522ec1b504d7ef458f3431c4a8525f1a0e9fdc4d3fe030aacbafebc0a817ca9e407dc6f4e1b0022778bde96f274cc791834239fa131570fb4ad8a2a62cc7703e2905ea60e33f456516796b680d31060f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3c4080057de4b37a48e6a7ba6ccf0e07
+            Version: 3
+            TBS:
+                MD5: 7c755dc4cf3054f9ccaf400c6dde5e3e
+                SHA1: bc3f88dc6acdfdcce7ca7f6703dab970bcd88c36
+                SHA256: 37dab5ac1313736d65f5b08813415b85f13d6265ba97edf8e1d965059710de77
+                SHA384: b9302fba34d79663aa82dfd35063d8a710a30cf88dc82dd015b6cdaf5db827116fd017780ad458c9b4a844b861b06778
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 3c4080057de4b37a48e6a7ba6ccf0e07
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: ''
+    MD5: 0c55128c301921ce71991a6d546756ad
+    MachineType: AMD64
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: ef8de780cfe839ecf6dc0dc161ae645bff9b853c
+    SHA256: fc3e8554602c476e2edfa92ba4f6fb2e5ba0db433b9fbd7d8be1036e454d2584
+    Signature: ''
+    Imphash: 05d3de62beab8e88de1dafd3b24a16f6
+    Authentihash:
+        MD5: 8f3890ebc1854d6b014daf1cd58a683c
+        SHA1: 85f0ac83889df6d3feb439fe2026ce3a7968e263
+        SHA256: d6cb3418c1a512aef6b15586bf5234689d4e471e854103a72d80a8597d263403
+    RichPEHeaderHash:
+        MD5: 9c3a27e39a5e503f8e7a328f3d23c7d1
+        SHA1: ad62f47b829e51043a7c1554326d1e7a64f69ece
+        SHA256: d857baa340c7338dffd557b7409c2ddc259a88807a2583770407513e30ed7bbf
+    Sections:
+        .text:
+            Entropy: 6.075980194368059
+            Virtual Size: '0xc90'
+        .rdata:
+            Entropy: 3.9931177119501067
+            Virtual Size: '0x194'
+        .data:
+            Entropy: 0.46979092711892695
+            Virtual Size: '0x130'
+        .pdata:
+            Entropy: 3.320601478050092
+            Virtual Size: '0x6c'
+        INIT:
+            Entropy: 5.129844326298507
+            Virtual Size: '0x30a'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2014-08-19 21:33:26'
+    InternalName: ''
+    Copyright: ''
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - MmUnmapLockedPages
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - MmMapLockedPages
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - IoIs32bitProcess
+    - MmUnmapIoSpace
+    - MmBuildMdlForNonPagedPool
+    - IoFreeMdl
+    - MmMapLockedPagesSpecifyCache
+    - IoGetDeviceObjectPointer
+    - ExAllocatePool
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - IoAllocateMdl
+    - KeBugCheckEx
+    - __C_specific_handler
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert, Inc., CN=DigiCert Timestamp 2021
+            ValidFrom: '2021-01-01 00:00:00'
+            ValidTo: '2031-01-06 00:00:00'
+            Signature: 481cdcb5e99a23bce71ae7200e8e6746fd427251740a2347a3ab92d225c47059be14a0e52781a54d1415190779f0d104c386d93bbdfe4402664ded69a40ff6b870cf62e8f5514a7879367a27b7f3e7529f93a7ed439e7be7b4dd412289fb87a246034efcf4feb76477635f2352698382fa1a53ed90cc8da117730df4f36539704bf39cd67a7bda0cbc3d32d01bcbf561fc75080076bc810ef8c0e15ccfc41172e71b6449d8229a751542f52d323881daf460a2bab452fb5ce06124254fb2dfc929a8734351dabd63d61f5b9bf72e1b4f131df74a0d717e97b7f43f84ebc1e3a349a1facea7bf56cfba597661895f7ea7b48e6778f93698e1cb28da5b87a68a2f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 0d424ae0be3a88ff604021ce1400f0dd
+            Version: 3
+            TBS:
+                MD5: c0189c338449a42fe8358c2c1fbecc60
+                SHA1: b8ac0ee6875594b80ad86a6df6dd1fa3048c187c
+                SHA256: a43de6baf968a942da017b70769fdb65b3cfb1bbca1f9174da26a7d8aae78ec5
+                SHA384: 76d3a316a5a106050298418cce3beea16100524723d9e3220b0de51bfb6f1c35a5d4c7cd10b358fef7bf94c3e3562150
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Assured
+                ID Timestamping CA
+            ValidFrom: '2016-01-07 12:00:00'
+            ValidTo: '2031-01-07 12:00:00'
+            Signature: 719512e951875669cdefddda7caa637ab378cf06374084ef4b84bfcacf0302fdc5a7c30e20422caf77f32b1f0c215a2ab705341d6aae99f827a266bf09aa60df76a43a930ff8b2d1d87c1962e85e82251ec4ba1c7b2c21e2d65b2c1435430468b2db7502e072c798d63c64e51f4810185f8938614d62462487638c91522caf2989e5781fd60b14a580d7124770b375d59385937eb69267fb536189a8f56b96c0f458690d7cc801b1b92875b7996385228c61ca79947e59fc8c0fe36fb50126b66ca5ee875121e458609bba0c2d2b6da2c47ebbc4252b4702087c49ae13b6e17c424228c61856cf4134b6665db6747bf55633222f2236b24ba24a95d8f5a68e52
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 0aa125d6d6321b7e41e405da3697c215
+            Version: 3
+            TBS:
+                MD5: 8d26184fc613f89aba1cefb30fce1b53
+                SHA1: 63a7e376bad5ec2e419d514a403bcf46c8d31d95
+                SHA256: 56b5f0d9db578e3f142921daa387902722a76700375c7e1c4ae0ba004bacaa0c
+                SHA384: d8c9691fe9dbe182f07b49b07fbb4f589fa7b38b5c4d21f265d3a2e818f4b1bfb39e03faab2ec05bb10333a99914fb8a
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Trusted
+                Root G4
+            ValidFrom: '2013-08-01 12:00:00'
+            ValidTo: '2038-01-15 12:00:00'
+            Signature: bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.12
+            IsCertificateAuthority: true
+            SerialNumber: 059b1b579e8e2132e23907bda777755c
+            Version: 3
+            TBS:
+                MD5: 41b622dd54995550fdc2f31ea12f8d9b
+                SHA1: 420704040c93dfe9d3ad01a26c07f2be1f4888c1
+                SHA256: 4816e2e9e37ba61e1def6f7a4c623e981c7af355e51349b5554a3d56c5252e24
+                SHA384: 4ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996
+        -   Subject: C=US, O=DigiCert, Inc., CN=DigiCert Trusted G4 Code Signing RSA4096
+                SHA384 2021 CA1
+            ValidFrom: '2021-04-29 00:00:00'
+            ValidTo: '2036-04-28 23:59:59'
+            Signature: 3a23443d8d0876ee8fbc3a99d356e0021aa5f84834f32cb6e67466f79472b100caaf6c302713129e90449f4bfd9ea37c26d537bc3a5d486d95d53f49f427bb16814550fd9cbdb685e0767e3771cb22f75aaa90cff5936ae3eb20d1d55079889a8a8ac1b6bda148187edcd8801a111918cd61998156f6c9e376e7c4e41b5f43f83e94ff76393d9ed499cf4add28eb5f26a1955848d51afed7273ffd90d17686dd1cb0605cf30da8eee089a1bd39e1384eda6ebb369dfbe521535ac3cae96af1a23edb43b833c84f38149299f5ddce546dd95d02141f40337c03e295b2c221757352cb46d8c4341ca2a54b8dcd6f76372c853f1ace26e918be9007b0437f9588208270f0cccaeffd29355c1f893855f7378a8b09a1cb0be9311aff2e195c3971e1be9ca70a06d62667b792e64e5fde7aac49cf2ea47492addb3ca49c861fe3c1561b2b23ff8fb5ea887b706be6a0bafd3a3f45a6c4e81691528b41c048844b964dab4440e38df01528ceedf11856072a2f10c40c08643c338fae288c3ccb8f880b0dbf3bf4ce1e7b8eefb5ebcbb7f07713e6e7283fac12aea52f226c41f9825c1566cc6c0ecac586c3f626330c074ba0d307026a6a4030484b34a85120bbad1b8508e2590d6dca05502bea4a1c9ea5fda0a71f0674e7f2d65290fdaf854821f9573bb49c03ed8645f4b4616ebf68e2266086eac8afa9fe941de7631b3a8656784e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.12
+            IsCertificateAuthority: true
+            SerialNumber: 08ad40b260d29c4c9f5ecda9bd93aed9
+            Version: 3
+            TBS:
+                MD5: 5d8003a64dfa5a4d88365da1566038cb
+                SHA1: 79465b56bc7ad55a37bdf633943da8bfc84db228
+                SHA256: 84bdc82e2f2a7f7aaa782667dac556ffcb2b33240c1f9c0a00a3264526a98332
+                SHA384: 65b1d4076a89ae273f57e6eeedecb3eae129b4168f76fa7671914cdf461d542255c59d9b85b916ae0ca6fc0fcf7a8e64
+        -   Subject: C=CN, ST=Guangdong Province, L=Shenzhen, O=Shenzhen Moyea Software,
+                CN=Shenzhen Moyea Software
+            ValidFrom: '2021-10-14 00:00:00'
+            ValidTo: '2024-10-16 23:59:59'
+            Signature: 3b0f3ae78dd863d21287b9c3c9b2708a857a104282d3dfe0f8a25e54015cd2b538e5952c295539447eaaaa6ff2804fcf737f62a633c090dc4d250a6738bed4f60ffea1aba18b6a1f2240b72b1c9ff3ffbb0e592178284d375dfdefb2c6f67675c6fe060b426811643081b74f433f473b80ae4918600bbde8f0cf8fa9d4237f3f89dd5bdbc8fb8698066307446fcedc640df539dd8b773ad5bda1d4b9083bc83c88fb3685fdde177bf80a1f1d66fdb492960a1334bd9b17141d1ff1c52b380aca6f092d746509ef5291b8a18f325871a51034cf51eaff0a7f54604ceb3ef9f64532326d28091aa4f4bfd93e0715b961c1b3fbdac691da09006dff68bf6148bb55979beceac4db9f47dda3958cd40b3013a1258974a25d7ba59ab118332dc848d2a60fb63b84e0796d80ab0f877351b1a0ce4a2c31de78acdcd38c44d63d0751abed776d0d86d62082f11c4d8c8c8a2c5b187db26bb551edb1ccdc8138478937ec522639b1c450318f16c0c9011ececbfcc1d12dfb270af59cb828bee6ec93623b5ef1e4e6083917047f3f7c2a199ae84653ec14f8749f105773e9a039764b087065aa1c77aa892b3ac33e9e1dcc03c7ef3a108a1d3477966d09aa5e0597a704b912842ebfaa7a19aeeda7fc9aca5a9fde4c0169bf1746d5a5567894d3f23a89ba90a44542de1c0ee6c09f227fc87c07c76eb9834bffe79d50bdfc5482b13f51ee
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 07c1044c6a0de08e13cc1b5e2c6d1fc0
+            Version: 3
+            TBS:
+                MD5: 71dd0345e896c6033cef5840c28346ba
+                SHA1: a8f17de69b591a80015e33f290808d5072f5fb4a
+                SHA256: 01be120134997087d356bd5d50fa89eed3447aeff1b66d7327373693e4879d42
+                SHA384: 269e4987cca4027fe44741ac54963d53289aea17cd951cffbf014790a02639417cd7e489b409dea04c41c630abff6da0
+        Signer:
+        -   SerialNumber: 07c1044c6a0de08e13cc1b5e2c6d1fc0
+            Issuer: C=US, O=DigiCert, Inc., CN=DigiCert Trusted G4 Code Signing RSA4096
+                SHA384 2021 CA1
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/2b949a0d-939f-456a-a34f-4589d7712227.yaml b/yaml/2b949a0d-939f-456a-a34f-4589d7712227.yaml
index 45c890491..911f5cceb 100644
--- a/yaml/2b949a0d-939f-456a-a34f-4589d7712227.yaml
+++ b/yaml/2b949a0d-939f-456a-a34f-4589d7712227.yaml
@@ -1,3997 +1,4017 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 2b949a0d-939f-456a-a34f-4589d7712227
+Tags:
+- libnicm.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create libnicm.sys binPath=C:\windows\temp\libnicm.sys type=kernel
-    && sc.exe start libnicm.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/95d50c69cdbf10c9c9d61e64fe864ac91e6f6caa637d128eb20e1d3510e776d3.yara
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: 2b949a0d-939f-456a-a34f-4589d7712227
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: b30004dbb5ad9b8320c964273875a103
-    SHA1: 7678c8c5a3153f4c06db097e1c3e1b2942149c7a
-    SHA256: b756d234559ee0ed93328bb598352ead2efb27eabaf1afac5fb3e2f43b9901f3
-  Company: Novell, Inc.
-  Copyright: (C) Copyright 2000-2014, Novell, Inc. All Rights Reserved.
-  CreationTimestamp: '2014-08-26 13:52:25'
-  Date: ''
-  Description: Novell XTCOM Services Driver
-  ExportedFunctions:
-  - NicmCreateInstance
-  - NicmDeregisterClassFactory
-  - NicmGetVersion
-  - NicmRegisterClassFactory
-  - XTComCreateInstance
-  - XTComDeregisterClassFactory
-  - XTComFreeUnusedLibrariesEx
-  - XTComGetClassObject
-  - XTComGetVersion
-  - XTComInitialize
-  - XTComRegisterClassFactory
-  FileVersion: 3.1.11.0
-  Filename: ''
-  ImportedFunctions:
-  - ExAcquireResourceExclusiveLite
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - strstr
-  - RtlInitAnsiString
-  - ExAcquireResourceSharedLite
-  - ExReleaseResourceLite
-  - RtlEqualString
-  - MmUnmapLockedPages
-  - ProbeForRead
-  - IoDeleteSymbolicLink
-  - IoRegisterShutdownNotification
-  - KeInitializeMutex
-  - KeLeaveCriticalRegion
-  - IoDeleteDevice
-  - ProbeForWrite
-  - IoFreeMdl
-  - KeEnterCriticalRegion
-  - KeReleaseMutex
-  - ZwCreateFile
-  - MmMapLockedPagesSpecifyCache
-  - IoUnregisterShutdownNotification
-  - ZwClose
-  - IofCompleteRequest
-  - IoSetTopLevelIrp
-  - KeWaitForSingleObject
-  - MmProbeAndLockPages
-  - MmUnlockPages
-  - ExDeleteResourceLite
-  - IoGetTopLevelIrp
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - ExInitializeResourceLite
-  - NtSetSecurityObject
-  - DbgPrintEx
-  - DbgPrint
-  - IoAllocateMdl
-  - RtlCreateSecurityDescriptor
-  - IoGetCurrentProcess
-  - ZwCreateKey
-  - RtlAnsiStringToUnicodeString
-  - ZwReadFile
-  - RtlInitUnicodeString
-  - RtlAppendUnicodeToString
-  - RtlUnicodeStringToAnsiString
-  - ZwSetValueKey
-  - ZwQuerySystemInformation
-  - RtlInitString
-  - KeDelayExecutionThread
-  - RtlFreeUnicodeString
-  - ZwWaitForSingleObject
-  - ZwQueryValueKey
-  - ZwQueryDirectoryFile
-  - RtlAppendUnicodeStringToString
-  - RtlCopyString
-  - MmIsAddressValid
-  - ZwOpenFile
-  - ZwQueryInformationFile
-  - ZwLoadDriver
-  - ZwOpenKey
-  - KeBugCheckEx
-  - __C_specific_handler
-  Imports:
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: f026460a7a720d0b8394f28a1f9203dc
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: libnicm.sys
-  PDBPath: ''
-  Product: Novell XTier
-  ProductVersion: 3.1.11
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 8850702894d4f93edec22b7062734311
-    SHA1: b03ec8e4976ac440ec91c83869fd957a840a115a
-    SHA256: 7a395513b36fa940ad02212cddc492f51aaf9ceb39f1dc1aa684da55e4fd3cfc
-  SHA1: 116679c4b2cca6ec69453309d9d85d3793cbe05f
-  SHA256: 00c02901472d74e8276743c847b8148be3799b0e3037c1dfdca21fa81ad4b922
-  Sections:
-    .text:
-      Entropy: 6.322257190894552
-      Virtual Size: '0x3b20'
-    .rdata:
-      Entropy: 4.752905558770538
-      Virtual Size: '0x584'
-    .data:
-      Entropy: 2.7659755587497967
-      Virtual Size: '0x968'
-    .pdata:
-      Entropy: 4.125409691380965
-      Virtual Size: '0x234'
-    .edata:
-      Entropy: 4.838481909443069
-      Virtual Size: '0x18e'
-    INIT:
-      Entropy: 5.789752688284005
-      Virtual Size: '0xb4c'
-    .rsrc:
-      Entropy: 3.295401800857674
-      Virtual Size: '0x360'
-    .reloc:
-      Entropy: 1.3741854163060885
-      Virtual Size: '0x18'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=Novell, Inc.
-      ValidFrom: '2013-03-05 00:00:00'
-      ValidTo: '2016-06-03 23:59:59'
-      Signature: dbb57cdba61b53b01c104cf3d4e6d31a0b127402fa3a5213dd686a48a858b7581868cb93fe789e249ef175deca865e2387ba579d8088691b5475c836d8c9fcafcca373a0d43c5a07029da9915827d5ca8fb80c0c676ce33f8f028e00d7a197b7ae7b0f726a1eed35d30591fffdbb14bd78c01c1d47cc18de85424fc81bbbbb1733498a35712ed119db159f3939fae462bcf5e2bde54b32c1cbe38a40f6389d5d849459a9401c4c0edeec46fe8dde11e184efb79298c1aa8f0a776e32be63d49b072d7f24c88eded44e6345e5df49a5592094278f8605402082896432b788f3bf1ea2e3912bc3c4bdaf6d609ee52d38fb25b9245441277b5ab7d70b0bda6fbfee
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 22184f284c89a9c053cd2b78b4189eea
-      Version: 3
-      TBS:
-        MD5: 5b1207ffffc0eff3784003d17b3e71a9
-        SHA1: 564b29bd3d1ae704393bf72a6e3e6931d3d4184d
-        SHA256: 2b9c106aae9a1675874a797c8571eb9fcec0a503ca4ddff69603321350fe3e68
-        SHA384: eac8e04313e7d424d650203026e3011abf7f02f40fecd7ab1a139aa229fabe40ac62b1f262780c4b27758214b08f7e87
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 22184f284c89a9c053cd2b78b4189eea
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: ad34ea17f90a34f6f84a399a96383ada
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: e6998e382a753d8ca44f7959e293f770
-    SHA1: ef4e66576fd736dc05419b33267eef99dd90e628
-    SHA256: ae85245fcb873d6fbf61f1923b8c10f0680abeaf2bf5527aef1c4a52aae321d0
-  Company: Novell, Inc.
-  Copyright: (C) Copyright 2000-2015, Novell, Inc. All Rights Reserved.
-  CreationTimestamp: '2015-12-22 01:29:03'
-  Date: ''
-  Description: Novell XTCOM Services Driver
-  ExportedFunctions:
-  - NicmCreateInstance
-  - NicmDeregisterClassFactory
-  - NicmGetVersion
-  - NicmRegisterClassFactory
-  - XTComCreateInstance
-  - XTComDeregisterClassFactory
-  - XTComFreeUnusedLibrariesEx
-  - XTComGetClassObject
-  - XTComGetVersion
-  - XTComInitialize
-  - XTComRegisterClassFactory
-  FileVersion: 3.1.12.0
-  Filename: ''
-  ImportedFunctions:
-  - ExAcquireResourceExclusiveLite
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - strstr
-  - RtlInitAnsiString
-  - ExAcquireResourceSharedLite
-  - ExReleaseResourceLite
-  - RtlEqualString
-  - MmUnmapLockedPages
-  - ProbeForRead
-  - IoDeleteSymbolicLink
-  - IoRegisterShutdownNotification
-  - KeInitializeMutex
-  - KeLeaveCriticalRegion
-  - IoDeleteDevice
-  - ProbeForWrite
-  - IoFreeMdl
-  - KeEnterCriticalRegion
-  - KeReleaseMutex
-  - ZwCreateFile
-  - MmMapLockedPagesSpecifyCache
-  - IoUnregisterShutdownNotification
-  - ZwClose
-  - IofCompleteRequest
-  - IoSetTopLevelIrp
-  - KeWaitForSingleObject
-  - MmProbeAndLockPages
-  - MmUnlockPages
-  - ExDeleteResourceLite
-  - IoGetTopLevelIrp
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - ExInitializeResourceLite
-  - NtSetSecurityObject
-  - DbgPrintEx
-  - DbgPrint
-  - IoAllocateMdl
-  - RtlCreateSecurityDescriptor
-  - IoGetCurrentProcess
-  - ZwCreateKey
-  - RtlAnsiStringToUnicodeString
-  - ZwReadFile
-  - RtlInitUnicodeString
-  - RtlAppendUnicodeToString
-  - RtlUnicodeStringToAnsiString
-  - ZwSetValueKey
-  - ZwQuerySystemInformation
-  - RtlInitString
-  - KeDelayExecutionThread
-  - RtlFreeUnicodeString
-  - ZwWaitForSingleObject
-  - ZwQueryValueKey
-  - ZwQueryDirectoryFile
-  - RtlAppendUnicodeStringToString
-  - RtlCopyString
-  - MmIsAddressValid
-  - ZwOpenFile
-  - ZwQueryInformationFile
-  - ZwLoadDriver
-  - ZwOpenKey
-  - KeBugCheckEx
-  - __C_specific_handler
-  Imports:
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: 21e72a43aedefcd70ca8999cc353b51b
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: libnicm.sys
-  PDBPath: ''
-  Product: Novell XTier
-  ProductVersion: 3.1.12
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 8850702894d4f93edec22b7062734311
-    SHA1: b03ec8e4976ac440ec91c83869fd957a840a115a
-    SHA256: 7a395513b36fa940ad02212cddc492f51aaf9ceb39f1dc1aa684da55e4fd3cfc
-  SHA1: 63f9ee1e7aefd961cf36eeffd455977f1b940f6c
-  SHA256: 72b67b6b38f5e5447880447a55fead7f1de51ca37ae4a0c2b2f23a4cb7455f35
-  Sections:
-    .text:
-      Entropy: 6.322257190894552
-      Virtual Size: '0x3b20'
-    .rdata:
-      Entropy: 4.754876708092806
-      Virtual Size: '0x58c'
-    .data:
-      Entropy: 2.7659755587497967
-      Virtual Size: '0x968'
-    .pdata:
-      Entropy: 4.172123664005516
-      Virtual Size: '0x234'
-    .edata:
-      Entropy: 4.8198640462917695
-      Virtual Size: '0x18e'
-    INIT:
-      Entropy: 5.789752688284005
-      Virtual Size: '0xb4c'
-    .rsrc:
-      Entropy: 3.297006918852943
-      Virtual Size: '0x360'
-    .reloc:
-      Entropy: 1.3741854163060885
-      Virtual Size: '0x18'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=Novell, Inc.
-      ValidFrom: '2013-03-05 00:00:00'
-      ValidTo: '2016-06-03 23:59:59'
-      Signature: dbb57cdba61b53b01c104cf3d4e6d31a0b127402fa3a5213dd686a48a858b7581868cb93fe789e249ef175deca865e2387ba579d8088691b5475c836d8c9fcafcca373a0d43c5a07029da9915827d5ca8fb80c0c676ce33f8f028e00d7a197b7ae7b0f726a1eed35d30591fffdbb14bd78c01c1d47cc18de85424fc81bbbbb1733498a35712ed119db159f3939fae462bcf5e2bde54b32c1cbe38a40f6389d5d849459a9401c4c0edeec46fe8dde11e184efb79298c1aa8f0a776e32be63d49b072d7f24c88eded44e6345e5df49a5592094278f8605402082896432b788f3bf1ea2e3912bc3c4bdaf6d609ee52d38fb25b9245441277b5ab7d70b0bda6fbfee
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 22184f284c89a9c053cd2b78b4189eea
-      Version: 3
-      TBS:
-        MD5: 5b1207ffffc0eff3784003d17b3e71a9
-        SHA1: 564b29bd3d1ae704393bf72a6e3e6931d3d4184d
-        SHA256: 2b9c106aae9a1675874a797c8571eb9fcec0a503ca4ddff69603321350fe3e68
-        SHA384: eac8e04313e7d424d650203026e3011abf7f02f40fecd7ab1a139aa229fabe40ac62b1f262780c4b27758214b08f7e87
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 22184f284c89a9c053cd2b78b4189eea
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: ad34ea17f90a34f6f84a399a96383ada
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: cc4471fe044c4ef3e14b12bc1a406d37
-    SHA1: 364af2f39c71999cf403d29b8dab412862f1994d
-    SHA256: 83e993691aa4f5f599dddd1fab2bc3e0791587c9e93eeb9e405c130922096343
-  Company: Novell, Inc.
-  Copyright: "Copyright \xA9 1997-2007 Novell, Inc."
-  CreationTimestamp: '2007-08-09 13:32:46'
-  Date: ''
-  Description: Novell XTCOM Services Driver
-  ExportedFunctions:
-  - NicmCreateInstance
-  - NicmDeregisterClassFactory
-  - NicmGetVersion
-  - NicmRegisterClassFactory
-  - XTComCreateInstance
-  - XTComDeregisterClassFactory
-  - XTComFreeUnusedLibrariesEx
-  - XTComGetClassObject
-  - XTComGetVersion
-  - XTComInitialize
-  - XTComRegisterClassFactory
-  FileVersion: 3.1.5.0
-  Filename: ''
-  ImportedFunctions:
-  - ExFreePoolWithTag
-  - RtlInitAnsiString
-  - ExAcquireResourceSharedLite
-  - ExReleaseResourceLite
-  - RtlEqualString
-  - ExAcquireResourceExclusiveLite
-  - ExAllocatePoolWithTag
-  - strstr
-  - IoFreeMdl
-  - RtlCreateSecurityDescriptor
-  - KeEnterCriticalRegion
-  - KeReleaseMutex
-  - ZwCreateFile
-  - MmMapLockedPagesSpecifyCache
-  - IoUnregisterShutdownNotification
-  - ZwClose
-  - IofCompleteRequest
-  - IoSetTopLevelIrp
-  - KeWaitForSingleObject
-  - MmUnmapLockedPages
-  - MmProbeAndLockPages
-  - IoDeleteSymbolicLink
-  - MmUnlockPages
-  - IoRegisterShutdownNotification
-  - ExDeleteResourceLite
-  - KeInitializeMutex
-  - IoGetTopLevelIrp
-  - KeLeaveCriticalRegion
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - IoDeleteDevice
-  - ExInitializeResourceLite
-  - NtSetSecurityObject
-  - DbgPrintEx
-  - IoAllocateMdl
-  - IoGetCurrentProcess
-  - RtlAnsiStringToUnicodeString
-  - ZwQueryInformationFile
-  - ZwLoadDriver
-  - ZwReadFile
-  - RtlInitUnicodeString
-  - ZwOpenKey
-  - RtlAppendUnicodeToString
-  - RtlUnicodeStringToAnsiString
-  - ZwSetValueKey
-  - ZwQuerySystemInformation
-  - RtlInitString
-  - KeDelayExecutionThread
-  - RtlFreeUnicodeString
-  - ZwWaitForSingleObject
-  - ZwQueryValueKey
-  - ZwQueryDirectoryFile
-  - RtlAppendUnicodeStringToString
-  - RtlCopyString
-  - MmIsAddressValid
-  - ZwCreateKey
-  - ZwOpenFile
-  - KeBugCheckEx
-  - __C_specific_handler
-  Imports:
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: 1bd38ac06ef8709ad23af666622609c9
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: libnicm.sys
-  PDBPath: ''
-  Product: Novell XTier for Windows
-  ProductVersion: v3.1.5 (20060828)
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: c494b59abc401ff89dd4da62031a1572
-    SHA1: 9d5d9d78b6080f55536298f02f085c5459c6467f
-    SHA256: cb60296eed243028928d2d554b7cd806a4b97a088e5b8cec2192c8176a209bda
-  SHA1: c3a893680cd33706546a7a3e8fbcc4bd063ce07e
-  SHA256: c190e4a7f1781ec9fa8c17506b4745a1369dcdf174ce07f85de1a66cf4b5ed8a
-  Sections:
-    .text:
-      Entropy: 6.311381336140919
-      Virtual Size: '0x37cc'
-    .rdata:
-      Entropy: 4.809589665432749
-      Virtual Size: '0x4fc'
-    .data:
-      Entropy: 2.7659755587497967
-      Virtual Size: '0x968'
-    .pdata:
-      Entropy: 4.106741915733068
-      Virtual Size: '0x1d4'
-    .edata:
-      Entropy: 4.821509830291904
-      Virtual Size: '0x18e'
-    INIT:
-      Entropy: 5.762675988472001
-      Virtual Size: '0xae8'
-    .rsrc:
-      Entropy: 3.3379941558325337
-      Virtual Size: '0x358'
-    .reloc:
-      Entropy: 1.3741854163060885
-      Virtual Size: '0x18'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, OU=Novell Products Group, CN=Novell, Inc.
-      ValidFrom: '2007-04-04 00:00:00'
-      ValidTo: '2010-04-27 23:59:59'
-      Signature: 267f71f6ee43755fd6395f85c34bb15a72a6f2a959c2074627d294395fb1aaa4c7bbeff369d735628b233bde7e5c95a0f1837e5ad03704270834ce9c1b07649a256027930f44e064568666b06e7f9dc3cd299b38b0a6766301200ab58434a05a34a369ab99bbbf2aaa6b3603481e0393a80ea09e78a7cf55317a9590c49887f02e1fd948c3b1f6d203e91782ce423d0569f45e7f074205df5f92be6ccd9836641439af4390022242e0ca84aedb0d71c5a50f2dbd1ed30e5ac9c1bda67c694f94f2fe4aa83945ed32e426afe26f44dcb6dcc8186728f86f1a1bddc1ea7dd82b76578a42d1e63bf5f8f348fbcd509094858978e375d277394529df1dd5d78abab2
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 4808d93b14b8600dbfa18dab5d15310f
-      Version: 3
-      TBS:
-        MD5: adddb65a3a360b3c1a55cb33e426f32a
-        SHA1: 93d9b282265288a94ee4f1a01c5fb3a08badb7ac
-        SHA256: d98d63f26125a94eb767fdd2526f6c74bfb40cb4d117a1d87ca3ed0d99bd6f0b
-        SHA384: cf20d9d6343b52b05ebaeace8a75ad950089e2d55508571cf5b153583fdf2d7b11bc61b8f38bfa70f09b2e7ac63d9ef5
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 4808d93b14b8600dbfa18dab5d15310f
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  Imphash: 3f4a90b2976641ad2c0164792b24d322
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 1bc4bf123f43b3ce055593d1b830b48f
-    SHA1: 10054d42b03ef3bc3800524673e2ce6b9cf05a63
-    SHA256: 6d4cb02a826973521678309a0076b2fd50894c09dda87ca86089e815f4bc9bce
-  Company: Novell, Inc.
-  Copyright: (C) Copyright 2000-2012, Novell, Inc. All Rights Reserved.
-  CreationTimestamp: '2012-03-18 19:30:06'
-  Date: ''
-  Description: Novell XTCOM Services Driver
-  ExportedFunctions:
-  - NicmCreateInstance
-  - NicmDeregisterClassFactory
-  - NicmGetVersion
-  - NicmRegisterClassFactory
-  - XTComCreateInstance
-  - XTComDeregisterClassFactory
-  - XTComFreeUnusedLibrariesEx
-  - XTComGetClassObject
-  - XTComGetVersion
-  - XTComInitialize
-  - XTComRegisterClassFactory
-  FileVersion: 3.1.10.0
-  Filename: ''
-  ImportedFunctions:
-  - ExAcquireResourceExclusiveLite
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - strstr
-  - RtlInitAnsiString
-  - ExAcquireResourceSharedLite
-  - ExReleaseResourceLite
-  - RtlEqualString
-  - MmUnmapLockedPages
-  - ProbeForRead
-  - IoDeleteSymbolicLink
-  - IoRegisterShutdownNotification
-  - KeInitializeMutex
-  - KeLeaveCriticalRegion
-  - IoDeleteDevice
-  - ProbeForWrite
-  - IoFreeMdl
-  - KeEnterCriticalRegion
-  - KeReleaseMutex
-  - ZwCreateFile
-  - MmMapLockedPagesSpecifyCache
-  - IoUnregisterShutdownNotification
-  - ZwClose
-  - IofCompleteRequest
-  - IoSetTopLevelIrp
-  - KeWaitForSingleObject
-  - MmProbeAndLockPages
-  - MmUnlockPages
-  - ExDeleteResourceLite
-  - IoGetTopLevelIrp
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - ExInitializeResourceLite
-  - NtSetSecurityObject
-  - DbgPrintEx
-  - IoAllocateMdl
-  - RtlCreateSecurityDescriptor
-  - IoGetCurrentProcess
-  - ZwCreateKey
-  - RtlAnsiStringToUnicodeString
-  - ZwReadFile
-  - RtlInitUnicodeString
-  - RtlAppendUnicodeToString
-  - RtlUnicodeStringToAnsiString
-  - ZwSetValueKey
-  - ZwQuerySystemInformation
-  - RtlInitString
-  - KeDelayExecutionThread
-  - RtlFreeUnicodeString
-  - ZwWaitForSingleObject
-  - ZwQueryValueKey
-  - ZwQueryDirectoryFile
-  - RtlAppendUnicodeStringToString
-  - RtlCopyString
-  - MmIsAddressValid
-  - ZwOpenFile
-  - ZwQueryInformationFile
-  - ZwLoadDriver
-  - ZwOpenKey
-  - KeBugCheckEx
-  - __C_specific_handler
-  Imports:
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: 55c36d43dd930069148008902f431ea5
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: libnicm.sys
-  PDBPath: ''
-  Product: Novell XTier
-  ProductVersion: 3.1.10
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 4a53ed67faf49ecb288c974cd66ea496
-    SHA1: f83f49f155f801d8ce781070309c4ce878f8f87f
-    SHA256: 93963bed2c58da923a8df184e6443740eba6ecb6949996b6568f42fe525bf906
-  SHA1: a4ae87b7802c82dfb6a4d26ab52788410af98532
-  SHA256: e89cb7217ec1568b43ad9ca35bf059b17c3e26f093e373ab6ebdeee24272db21
-  Sections:
-    .text:
-      Entropy: 6.307312732264105
-      Virtual Size: '0x3980'
-    .rdata:
-      Entropy: 4.750103343591694
-      Virtual Size: '0x564'
-    .data:
-      Entropy: 2.7659755587497967
-      Virtual Size: '0x968'
-    .pdata:
-      Entropy: 4.13602197611248
-      Virtual Size: '0x228'
-    .edata:
-      Entropy: 4.838481909443069
-      Virtual Size: '0x18e'
-    INIT:
-      Entropy: 5.7784312613823845
-      Virtual Size: '0xb38'
-    .rsrc:
-      Entropy: 3.2936858531585265
-      Virtual Size: '0x360'
-    .reloc:
-      Entropy: 1.3741854163060885
-      Virtual Size: '0x18'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, OU=Novell Products Group, CN=Novell, Inc.
-      ValidFrom: '2010-04-03 00:00:00'
-      ValidTo: '2013-04-26 23:59:59'
-      Signature: 2d2eec4636a0c1f359ef30a107e6c2301ad12c09ab9fdac02211aaef81323d1daee3a14a150bf9f4c7d0d788d5f486ea75e40abeb502a2267171be53030fe7614af7a2015eabd4c26e887ec9220beb3666fc68158d2b8dd659e3fe55245821c10e37ddeebac63eb1848512c64a543a13ba6735b156c6dc13395890e8003e03e7c2613e2c1de1dfadfe072cd7655e3b4166fe973233b4f81ecf810541382d67c92f29d76e220543a7179b606011b932cee250f99f260b29e79236cec10b67e0e0e48cb74593a7ce2e3cfafb6c58ac7ae5c10a591037c380b5f7516cac8f4ec695b020ca2445cb9bf97eb56c09d4a62618871b482ef97c5894349e10f62e2ee68b
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 41ec87c0295f2c734169b8a23c66ac9a
-      Version: 3
-      TBS:
-        MD5: b1504f143b89a6080710bafcededb833
-        SHA1: 5c2696893ebba1e81d918a4fadda143c25c77286
-        SHA256: ae1dc09d08e93ace95fe203adfbfadcd4c029529d3f99ab381c368064b58d9a0
-        SHA384: 18c6db711578cfcd4bce87c63d053e242c7c196efc892c2d4a8733cb75bb7dc3cac3f702e0e1d4b7fa2c590acb53fdee
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 41ec87c0295f2c734169b8a23c66ac9a
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  Imphash: 262d8fbbf1f514399bb3f230cddc12af
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 73c68c141f839f59d677542d06dbfdfc
-    SHA1: 51bd5e3567352d021979026eb2b7c3bd1cf2ac1c
-    SHA256: 3ad340c8a4a6e071e15095fd286b600847cd600b7312bd573802f26a73600da7
-  Company: Novell, Inc.
-  Copyright: (C) Copyright 2000-2011, Novell, Inc. All Rights Reserved.
-  CreationTimestamp: '2011-04-01 19:14:26'
-  Date: ''
-  Description: Novell XTCOM Services Driver
-  ExportedFunctions:
-  - NicmCreateInstance
-  - NicmDeregisterClassFactory
-  - NicmGetVersion
-  - NicmRegisterClassFactory
-  - XTComCreateInstance
-  - XTComDeregisterClassFactory
-  - XTComFreeUnusedLibrariesEx
-  - XTComGetClassObject
-  - XTComGetVersion
-  - XTComInitialize
-  - XTComRegisterClassFactory
-  FileVersion: 3.1.6.0
-  Filename: ''
-  ImportedFunctions:
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - RtlEqualString
-  - RtlInitAnsiString
-  - strstr
-  - ExReleaseResourceLite
-  - ExAcquireResourceExclusiveLite
-  - ExAcquireResourceSharedLite
-  - ExInitializeResourceLite
-  - ExDeleteResourceLite
-  - ZwClose
-  - NtSetSecurityObject
-  - ZwCreateFile
-  - RtlCreateSecurityDescriptor
-  - IoSetTopLevelIrp
-  - IoGetTopLevelIrp
-  - IofCompleteRequest
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - KeReleaseMutex
-  - KeWaitForSingleObject
-  - KeLeaveCriticalRegion
-  - IoFreeMdl
-  - MmUnlockPages
-  - MmUnmapLockedPages
-  - MmMapLockedPagesSpecifyCache
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - ProbeForWrite
-  - ProbeForRead
-  - KeEnterCriticalRegion
-  - IoUnregisterShutdownNotification
-  - IoCreateSymbolicLink
-  - IoRegisterShutdownNotification
-  - IoCreateDevice
-  - KeInitializeMutex
-  - DbgPrintEx
-  - IoGetCurrentProcess
-  - KeDelayExecutionThread
-  - RtlAnsiStringToUnicodeString
-  - RtlFreeUnicodeString
-  - ZwSetValueKey
-  - RtlInitUnicodeString
-  - ZwCreateKey
-  - RtlAppendUnicodeStringToString
-  - memset
-  - ZwQuerySystemInformation
-  - RtlUnicodeStringToAnsiString
-  - ZwQueryValueKey
-  - ZwOpenKey
-  - ZwOpenFile
-  - RtlCopyString
-  - MmIsAddressValid
-  - ZwWaitForSingleObject
-  - ZwReadFile
-  - ZwQueryInformationFile
-  - RtlInitString
-  - ZwQueryDirectoryFile
-  - ZwLoadDriver
-  - RtlAppendUnicodeToString
-  - KeTickCount
-  - KeBugCheckEx
-  - RtlUnwind
-  Imports:
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: 6822566b28be75b2a76446a57064369f
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: libnicm.sys
-  PDBPath: ''
-  Product: Novell XTier
-  ProductVersion: 3.1.6
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 1057b10c078b885e3f08290c07a28c50
-    SHA1: 0ffa7dfa0ba19fb7b801bc37ee18c31964d8f68c
-    SHA256: 159cb8b8bd40916edc60562397b13c91c0f1dadc1c5d63eebadbe165c0cc327b
-  SHA1: 34ec04159d2c653a583a73285e6e2ac3c7b416dd
-  SHA256: 66f8bd2b29763acfbb7423f4c3c9c3af9f3ca4113bd580ab32f6e3ee4a4fc64e
-  Sections:
-    .text:
-      Entropy: 6.395790606354113
-      Virtual Size: '0x2e12'
-    .rdata:
-      Entropy: 5.325268122544918
-      Virtual Size: '0x328'
-    .data:
-      Entropy: 2.732784594862837
-      Virtual Size: '0x574'
-    .edata:
-      Entropy: 4.767295545231396
-      Virtual Size: '0x18e'
-    INIT:
-      Entropy: 5.762298150076783
-      Virtual Size: '0x8b8'
-    .rsrc:
-      Entropy: 3.2932335878052723
-      Virtual Size: '0x358'
-    .reloc:
-      Entropy: 5.7733896730533685
-      Virtual Size: '0x3d0'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, OU=Novell Products Group, CN=Novell, Inc.
-      ValidFrom: '2010-04-03 00:00:00'
-      ValidTo: '2013-04-26 23:59:59'
-      Signature: 2d2eec4636a0c1f359ef30a107e6c2301ad12c09ab9fdac02211aaef81323d1daee3a14a150bf9f4c7d0d788d5f486ea75e40abeb502a2267171be53030fe7614af7a2015eabd4c26e887ec9220beb3666fc68158d2b8dd659e3fe55245821c10e37ddeebac63eb1848512c64a543a13ba6735b156c6dc13395890e8003e03e7c2613e2c1de1dfadfe072cd7655e3b4166fe973233b4f81ecf810541382d67c92f29d76e220543a7179b606011b932cee250f99f260b29e79236cec10b67e0e0e48cb74593a7ce2e3cfafb6c58ac7ae5c10a591037c380b5f7516cac8f4ec695b020ca2445cb9bf97eb56c09d4a62618871b482ef97c5894349e10f62e2ee68b
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 41ec87c0295f2c734169b8a23c66ac9a
-      Version: 3
-      TBS:
-        MD5: b1504f143b89a6080710bafcededb833
-        SHA1: 5c2696893ebba1e81d918a4fadda143c25c77286
-        SHA256: ae1dc09d08e93ace95fe203adfbfadcd4c029529d3f99ab381c368064b58d9a0
-        SHA384: 18c6db711578cfcd4bce87c63d053e242c7c196efc892c2d4a8733cb75bb7dc3cac3f702e0e1d4b7fa2c590acb53fdee
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 41ec87c0295f2c734169b8a23c66ac9a
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  Imphash: 28d780857f0f6616f938aca3a38b5072
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: f386df5a06d6c8e4cc55a328c706f9a5
-    SHA1: d2aba6c93eec7bfed77d10e9f01671d9a07ab0ae
-    SHA256: 1aee4d8a00f126582c4488025c7451fdbb9d0becbbfd58a396a2ac52011fac14
-  Company: Novell, Inc.
-  Copyright: (C) Copyright 2000-2010, Novell, Inc. All Rights Reserved.
-  CreationTimestamp: '2010-03-10 13:42:24'
-  Date: ''
-  Description: Novell XTCOM Services Driver
-  ExportedFunctions:
-  - NicmCreateInstance
-  - NicmDeregisterClassFactory
-  - NicmGetVersion
-  - NicmRegisterClassFactory
-  - XTComCreateInstance
-  - XTComDeregisterClassFactory
-  - XTComFreeUnusedLibrariesEx
-  - XTComGetClassObject
-  - XTComGetVersion
-  - XTComInitialize
-  - XTComRegisterClassFactory
-  FileVersion: 3.1.6.0
-  Filename: ''
-  ImportedFunctions:
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - RtlEqualString
-  - RtlInitAnsiString
-  - strstr
-  - ExReleaseResourceLite
-  - ExAcquireResourceExclusiveLite
-  - ExAcquireResourceSharedLite
-  - ExInitializeResourceLite
-  - ExDeleteResourceLite
-  - ZwClose
-  - NtSetSecurityObject
-  - ZwCreateFile
-  - RtlCreateSecurityDescriptor
-  - IoSetTopLevelIrp
-  - IoGetTopLevelIrp
-  - IofCompleteRequest
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - KeReleaseMutex
-  - KeWaitForSingleObject
-  - KeLeaveCriticalRegion
-  - IoFreeMdl
-  - MmUnlockPages
-  - MmUnmapLockedPages
-  - MmMapLockedPagesSpecifyCache
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - ProbeForWrite
-  - ProbeForRead
-  - KeEnterCriticalRegion
-  - IoUnregisterShutdownNotification
-  - IoCreateSymbolicLink
-  - IoRegisterShutdownNotification
-  - IoCreateDevice
-  - KeInitializeMutex
-  - DbgPrintEx
-  - IoGetCurrentProcess
-  - KeDelayExecutionThread
-  - RtlAnsiStringToUnicodeString
-  - RtlFreeUnicodeString
-  - ZwSetValueKey
-  - RtlInitUnicodeString
-  - ZwCreateKey
-  - RtlAppendUnicodeStringToString
-  - memset
-  - ZwQuerySystemInformation
-  - RtlUnicodeStringToAnsiString
-  - ZwQueryValueKey
-  - ZwOpenKey
-  - ZwOpenFile
-  - RtlCopyString
-  - MmIsAddressValid
-  - ZwWaitForSingleObject
-  - ZwReadFile
-  - ZwQueryInformationFile
-  - RtlInitString
-  - ZwQueryDirectoryFile
-  - ZwLoadDriver
-  - RtlAppendUnicodeToString
-  - KeTickCount
-  - KeBugCheckEx
-  - RtlUnwind
-  Imports:
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: 46cae59443ae41f4dbb42e050a9b501a
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: libnicm.sys
-  PDBPath: ''
-  Product: Novell XTier
-  ProductVersion: 3.1.6
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 1057b10c078b885e3f08290c07a28c50
-    SHA1: 0ffa7dfa0ba19fb7b801bc37ee18c31964d8f68c
-    SHA256: 159cb8b8bd40916edc60562397b13c91c0f1dadc1c5d63eebadbe165c0cc327b
-  SHA1: b671677079bf7c660579bee08b8875a48ff61896
-  SHA256: 6cf1cac0e97d30bb445b710fd8513879678a8b07be95d309cbf29e9b328ff259
-  Sections:
-    .text:
-      Entropy: 6.395790606354113
-      Virtual Size: '0x2e12'
-    .rdata:
-      Entropy: 5.32052936150663
-      Virtual Size: '0x328'
-    .data:
-      Entropy: 2.732784594862837
-      Virtual Size: '0x574'
-    .edata:
-      Entropy: 4.7723206708595365
-      Virtual Size: '0x18e'
-    INIT:
-      Entropy: 5.762298150076783
-      Virtual Size: '0x8b8'
-    .rsrc:
-      Entropy: 3.2910828239859455
-      Virtual Size: '0x358'
-    .reloc:
-      Entropy: 5.7733896730533685
-      Virtual Size: '0x3d0'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, OU=Novell Products Group, CN=Novell, Inc.
-      ValidFrom: '2007-04-04 00:00:00'
-      ValidTo: '2010-04-27 23:59:59'
-      Signature: 267f71f6ee43755fd6395f85c34bb15a72a6f2a959c2074627d294395fb1aaa4c7bbeff369d735628b233bde7e5c95a0f1837e5ad03704270834ce9c1b07649a256027930f44e064568666b06e7f9dc3cd299b38b0a6766301200ab58434a05a34a369ab99bbbf2aaa6b3603481e0393a80ea09e78a7cf55317a9590c49887f02e1fd948c3b1f6d203e91782ce423d0569f45e7f074205df5f92be6ccd9836641439af4390022242e0ca84aedb0d71c5a50f2dbd1ed30e5ac9c1bda67c694f94f2fe4aa83945ed32e426afe26f44dcb6dcc8186728f86f1a1bddc1ea7dd82b76578a42d1e63bf5f8f348fbcd509094858978e375d277394529df1dd5d78abab2
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 4808d93b14b8600dbfa18dab5d15310f
-      Version: 3
-      TBS:
-        MD5: adddb65a3a360b3c1a55cb33e426f32a
-        SHA1: 93d9b282265288a94ee4f1a01c5fb3a08badb7ac
-        SHA256: d98d63f26125a94eb767fdd2526f6c74bfb40cb4d117a1d87ca3ed0d99bd6f0b
-        SHA384: cf20d9d6343b52b05ebaeace8a75ad950089e2d55508571cf5b153583fdf2d7b11bc61b8f38bfa70f09b2e7ac63d9ef5
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 4808d93b14b8600dbfa18dab5d15310f
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  Imphash: 28d780857f0f6616f938aca3a38b5072
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 04fd9292c73e5cc527eae867e930dfbb
-    SHA1: 04fa843bbb3e54e9a3566e769d476034fbaab240
-    SHA256: 9ce5188745ffcb5dc8304dac97cd037360600d8eb4739cfdbfb06bcd0efd72e4
-  Company: Novell, Inc.
-  Copyright: (C) Copyright 2000-2014, Novell, Inc. All Rights Reserved.
-  CreationTimestamp: '2014-11-18 01:05:43'
-  Date: ''
-  Description: Novell XTCOM Services Driver
-  ExportedFunctions:
-  - NicmCreateInstance
-  - NicmDeregisterClassFactory
-  - NicmGetVersion
-  - NicmRegisterClassFactory
-  - XTComCreateInstance
-  - XTComDeregisterClassFactory
-  - XTComFreeUnusedLibrariesEx
-  - XTComGetClassObject
-  - XTComGetVersion
-  - XTComInitialize
-  - XTComRegisterClassFactory
-  FileVersion: 3.1.11.0
-  Filename: ''
-  ImportedFunctions:
-  - ExAcquireResourceExclusiveLite
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - strstr
-  - RtlInitAnsiString
-  - ExAcquireResourceSharedLite
-  - ExReleaseResourceLite
-  - RtlEqualString
-  - MmUnmapLockedPages
-  - ProbeForRead
-  - IoDeleteSymbolicLink
-  - IoRegisterShutdownNotification
-  - KeInitializeMutex
-  - KeLeaveCriticalRegion
-  - IoDeleteDevice
-  - ProbeForWrite
-  - IoFreeMdl
-  - KeEnterCriticalRegion
-  - KeReleaseMutex
-  - ZwCreateFile
-  - MmMapLockedPagesSpecifyCache
-  - IoUnregisterShutdownNotification
-  - ZwClose
-  - IofCompleteRequest
-  - IoSetTopLevelIrp
-  - KeWaitForSingleObject
-  - MmProbeAndLockPages
-  - MmUnlockPages
-  - ExDeleteResourceLite
-  - IoGetTopLevelIrp
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - ExInitializeResourceLite
-  - NtSetSecurityObject
-  - DbgPrintEx
-  - DbgPrint
-  - IoAllocateMdl
-  - RtlCreateSecurityDescriptor
-  - IoGetCurrentProcess
-  - ZwCreateKey
-  - RtlAnsiStringToUnicodeString
-  - ZwReadFile
-  - RtlInitUnicodeString
-  - RtlAppendUnicodeToString
-  - RtlUnicodeStringToAnsiString
-  - ZwSetValueKey
-  - ZwQuerySystemInformation
-  - RtlInitString
-  - KeDelayExecutionThread
-  - RtlFreeUnicodeString
-  - ZwWaitForSingleObject
-  - ZwQueryValueKey
-  - ZwQueryDirectoryFile
-  - RtlAppendUnicodeStringToString
-  - RtlCopyString
-  - MmIsAddressValid
-  - ZwOpenFile
-  - ZwQueryInformationFile
-  - ZwLoadDriver
-  - ZwOpenKey
-  - KeBugCheckEx
-  - __C_specific_handler
-  Imports:
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: 5dd25029499cd5656927e9c559955b07
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: libnicm.sys
-  PDBPath: ''
-  Product: Novell XTier
-  ProductVersion: 3.1.11
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 8850702894d4f93edec22b7062734311
-    SHA1: b03ec8e4976ac440ec91c83869fd957a840a115a
-    SHA256: 7a395513b36fa940ad02212cddc492f51aaf9ceb39f1dc1aa684da55e4fd3cfc
-  SHA1: f52c2d897fa00910d5566503dd5a297970f13dc6
-  SHA256: 4cd80f4e33b713570f6a16b9f77679efa45a466737e41db45b41924e7d7caef4
-  Sections:
-    .text:
-      Entropy: 6.322257190894552
-      Virtual Size: '0x3b20'
-    .rdata:
-      Entropy: 4.764863704194836
-      Virtual Size: '0x58c'
-    .data:
-      Entropy: 2.7659755587497967
-      Virtual Size: '0x968'
-    .pdata:
-      Entropy: 4.172123664005516
-      Virtual Size: '0x234'
-    .edata:
-      Entropy: 4.826698100558916
-      Virtual Size: '0x18e'
-    INIT:
-      Entropy: 5.789752688284005
-      Virtual Size: '0xb4c'
-    .rsrc:
-      Entropy: 3.295401800857674
-      Virtual Size: '0x360'
-    .reloc:
-      Entropy: 1.3741854163060885
-      Virtual Size: '0x18'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=Novell, Inc.
-      ValidFrom: '2013-03-05 00:00:00'
-      ValidTo: '2016-06-03 23:59:59'
-      Signature: dbb57cdba61b53b01c104cf3d4e6d31a0b127402fa3a5213dd686a48a858b7581868cb93fe789e249ef175deca865e2387ba579d8088691b5475c836d8c9fcafcca373a0d43c5a07029da9915827d5ca8fb80c0c676ce33f8f028e00d7a197b7ae7b0f726a1eed35d30591fffdbb14bd78c01c1d47cc18de85424fc81bbbbb1733498a35712ed119db159f3939fae462bcf5e2bde54b32c1cbe38a40f6389d5d849459a9401c4c0edeec46fe8dde11e184efb79298c1aa8f0a776e32be63d49b072d7f24c88eded44e6345e5df49a5592094278f8605402082896432b788f3bf1ea2e3912bc3c4bdaf6d609ee52d38fb25b9245441277b5ab7d70b0bda6fbfee
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 22184f284c89a9c053cd2b78b4189eea
-      Version: 3
-      TBS:
-        MD5: 5b1207ffffc0eff3784003d17b3e71a9
-        SHA1: 564b29bd3d1ae704393bf72a6e3e6931d3d4184d
-        SHA256: 2b9c106aae9a1675874a797c8571eb9fcec0a503ca4ddff69603321350fe3e68
-        SHA384: eac8e04313e7d424d650203026e3011abf7f02f40fecd7ab1a139aa229fabe40ac62b1f262780c4b27758214b08f7e87
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 22184f284c89a9c053cd2b78b4189eea
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: ad34ea17f90a34f6f84a399a96383ada
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: efa641bd31d86547dedc5bd0a678170b
-    SHA1: c20217149ac84ed17db7a13d3a07f642866adb64
-    SHA256: 3b22adc61900fbdc26629dc1135344d878f6a368ec6df0d4ec374559cb669182
-  Company: Novell, Inc.
-  Copyright: (C) Copyright 2000-2008, Novell, Inc. All Rights Reserved.
-  CreationTimestamp: '2009-12-18 07:20:49'
-  Date: ''
-  Description: Novell XTCOM Services Driver
-  ExportedFunctions:
-  - NicmCreateInstance
-  - NicmDeregisterClassFactory
-  - NicmGetVersion
-  - NicmRegisterClassFactory
-  - XTComCreateInstance
-  - XTComDeregisterClassFactory
-  - XTComFreeUnusedLibrariesEx
-  - XTComGetClassObject
-  - XTComGetVersion
-  - XTComInitialize
-  - XTComRegisterClassFactory
-  FileVersion: 3.1.6.0
-  Filename: ''
-  ImportedFunctions:
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - RtlEqualString
-  - RtlInitAnsiString
-  - strstr
-  - ExReleaseResourceLite
-  - ExAcquireResourceExclusiveLite
-  - ExAcquireResourceSharedLite
-  - ExInitializeResourceLite
-  - ExDeleteResourceLite
-  - ZwClose
-  - NtSetSecurityObject
-  - ZwCreateFile
-  - RtlCreateSecurityDescriptor
-  - IoSetTopLevelIrp
-  - IoGetTopLevelIrp
-  - IofCompleteRequest
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - KeReleaseMutex
-  - KeWaitForSingleObject
-  - KeLeaveCriticalRegion
-  - IoFreeMdl
-  - MmUnlockPages
-  - MmUnmapLockedPages
-  - MmMapLockedPagesSpecifyCache
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - ProbeForWrite
-  - ProbeForRead
-  - KeEnterCriticalRegion
-  - IoUnregisterShutdownNotification
-  - IoCreateSymbolicLink
-  - IoRegisterShutdownNotification
-  - IoCreateDevice
-  - KeInitializeMutex
-  - DbgPrintEx
-  - IoGetCurrentProcess
-  - KeDelayExecutionThread
-  - RtlAnsiStringToUnicodeString
-  - RtlFreeUnicodeString
-  - ZwSetValueKey
-  - RtlInitUnicodeString
-  - ZwCreateKey
-  - RtlAppendUnicodeStringToString
-  - memset
-  - ZwQuerySystemInformation
-  - RtlUnicodeStringToAnsiString
-  - ZwQueryValueKey
-  - ZwOpenKey
-  - ZwOpenFile
-  - RtlCopyString
-  - MmIsAddressValid
-  - ZwWaitForSingleObject
-  - ZwReadFile
-  - ZwQueryInformationFile
-  - RtlInitString
-  - ZwQueryDirectoryFile
-  - ZwLoadDriver
-  - RtlAppendUnicodeToString
-  - KeTickCount
-  - KeBugCheckEx
-  - RtlUnwind
-  Imports:
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: 1c591efa8660d4d36a75db9b82474174
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: libnicm.sys
-  PDBPath: ''
-  Product: Novell XTier
-  ProductVersion: 3.1.6
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 1057b10c078b885e3f08290c07a28c50
-    SHA1: 0ffa7dfa0ba19fb7b801bc37ee18c31964d8f68c
-    SHA256: 159cb8b8bd40916edc60562397b13c91c0f1dadc1c5d63eebadbe165c0cc327b
-  SHA1: a5f9aef55c64722ff2db96039af3b9c7dd8163e3
-  SHA256: 0cfb7ea2cc515a7fe913ab3619cbfcf1ca96d8cf72dc350905634a5782907a49
-  Sections:
-    .text:
-      Entropy: 6.395790606354113
-      Virtual Size: '0x2e12'
-    .rdata:
-      Entropy: 5.256258546162871
-      Virtual Size: '0x328'
-    .data:
-      Entropy: 2.732784594862837
-      Virtual Size: '0x574'
-    .edata:
-      Entropy: 4.777345796487677
-      Virtual Size: '0x18e'
-    INIT:
-      Entropy: 5.762298150076783
-      Virtual Size: '0x8b8'
-    .rsrc:
-      Entropy: 3.294301150507165
-      Virtual Size: '0x358'
-    .reloc:
-      Entropy: 5.7733896730533685
-      Virtual Size: '0x3d0'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, OU=Novell Products Group, CN=Novell, Inc.
-      ValidFrom: '2007-04-04 00:00:00'
-      ValidTo: '2010-04-27 23:59:59'
-      Signature: 267f71f6ee43755fd6395f85c34bb15a72a6f2a959c2074627d294395fb1aaa4c7bbeff369d735628b233bde7e5c95a0f1837e5ad03704270834ce9c1b07649a256027930f44e064568666b06e7f9dc3cd299b38b0a6766301200ab58434a05a34a369ab99bbbf2aaa6b3603481e0393a80ea09e78a7cf55317a9590c49887f02e1fd948c3b1f6d203e91782ce423d0569f45e7f074205df5f92be6ccd9836641439af4390022242e0ca84aedb0d71c5a50f2dbd1ed30e5ac9c1bda67c694f94f2fe4aa83945ed32e426afe26f44dcb6dcc8186728f86f1a1bddc1ea7dd82b76578a42d1e63bf5f8f348fbcd509094858978e375d277394529df1dd5d78abab2
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 4808d93b14b8600dbfa18dab5d15310f
-      Version: 3
-      TBS:
-        MD5: adddb65a3a360b3c1a55cb33e426f32a
-        SHA1: 93d9b282265288a94ee4f1a01c5fb3a08badb7ac
-        SHA256: d98d63f26125a94eb767fdd2526f6c74bfb40cb4d117a1d87ca3ed0d99bd6f0b
-        SHA384: cf20d9d6343b52b05ebaeace8a75ad950089e2d55508571cf5b153583fdf2d7b11bc61b8f38bfa70f09b2e7ac63d9ef5
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 4808d93b14b8600dbfa18dab5d15310f
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  Imphash: 28d780857f0f6616f938aca3a38b5072
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: fa31cbbfe06a2f4f6b29c60b76de5c30
-    SHA1: 8e7500a8d24c5a6cd6dce5679bab065e58b4dbb5
-    SHA256: 5ebfc2c2fc43fc34cc98378f627e6147af473cb37076f4c2ba278210bd88b2bf
-  Company: Novell, Inc.
-  Copyright: (C) Copyright 2000-2011, Novell, Inc. All Rights Reserved.
-  CreationTimestamp: '2011-09-29 19:29:05'
-  Date: ''
-  Description: Novell XTCOM Services Driver
-  ExportedFunctions:
-  - NicmCreateInstance
-  - NicmDeregisterClassFactory
-  - NicmGetVersion
-  - NicmRegisterClassFactory
-  - XTComCreateInstance
-  - XTComDeregisterClassFactory
-  - XTComFreeUnusedLibrariesEx
-  - XTComGetClassObject
-  - XTComGetVersion
-  - XTComInitialize
-  - XTComRegisterClassFactory
-  FileVersion: 3.1.6.0
-  Filename: ''
-  ImportedFunctions:
-  - ExFreePoolWithTag
-  - RtlInitAnsiString
-  - ExAcquireResourceSharedLite
-  - ExReleaseResourceLite
-  - RtlEqualString
-  - ExAcquireResourceExclusiveLite
-  - ExAllocatePoolWithTag
-  - strstr
-  - IoFreeMdl
-  - RtlCreateSecurityDescriptor
-  - KeEnterCriticalRegion
-  - KeReleaseMutex
-  - ZwCreateFile
-  - MmMapLockedPagesSpecifyCache
-  - IoUnregisterShutdownNotification
-  - ZwClose
-  - IofCompleteRequest
-  - IoSetTopLevelIrp
-  - MmUnmapLockedPages
-  - KeWaitForSingleObject
-  - ProbeForRead
-  - MmProbeAndLockPages
-  - IoDeleteSymbolicLink
-  - IoRegisterShutdownNotification
-  - MmUnlockPages
-  - KeInitializeMutex
-  - ExDeleteResourceLite
-  - KeLeaveCriticalRegion
-  - IoGetTopLevelIrp
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoCreateDevice
-  - ProbeForWrite
-  - ExInitializeResourceLite
-  - NtSetSecurityObject
-  - DbgPrintEx
-  - IoAllocateMdl
-  - IoGetCurrentProcess
-  - ZwLoadDriver
-  - ZwReadFile
-  - RtlInitUnicodeString
-  - ZwOpenKey
-  - RtlAppendUnicodeToString
-  - RtlUnicodeStringToAnsiString
-  - ZwSetValueKey
-  - ZwQuerySystemInformation
-  - RtlInitString
-  - KeDelayExecutionThread
-  - RtlFreeUnicodeString
-  - ZwWaitForSingleObject
-  - ZwQueryValueKey
-  - ZwQueryDirectoryFile
-  - RtlAppendUnicodeStringToString
-  - RtlCopyString
-  - MmIsAddressValid
-  - ZwCreateKey
-  - ZwOpenFile
-  - RtlAnsiStringToUnicodeString
-  - ZwQueryInformationFile
-  - KeBugCheckEx
-  - __C_specific_handler
-  Imports:
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: fc6dadb97bd3b7a61d06f20d0d2e1bac
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: libnicm.sys
-  PDBPath: ''
-  Product: Novell XTier
-  ProductVersion: 3.1.6
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: c93ac24ebf03669439ddaedcdec40816
-    SHA1: 5fa20de9a3815959d4a524edfd3e84d75d9057a9
-    SHA256: 143c2b92a334ff7919b92c2360f8a38b2ba578796bef13a77df8bbc2cefeee47
-  SHA1: bca4bbe4388ebeb834688e97fac281c09b0f3ac1
-  SHA256: 7f84f009704bc36f0e97c7be3de90648a5e7c21b4f870e4f210514d4418079a0
-  Sections:
-    .text:
-      Entropy: 6.3070137011324565
-      Virtual Size: '0x398c'
-    .rdata:
-      Entropy: 4.784577919725393
-      Virtual Size: '0x548'
-    .data:
-      Entropy: 2.7659755587497967
-      Virtual Size: '0x968'
-    .pdata:
-      Entropy: 4.09810523618847
-      Virtual Size: '0x204'
-    .edata:
-      Entropy: 4.819362209758554
-      Virtual Size: '0x18e'
-    INIT:
-      Entropy: 5.762789017450717
-      Virtual Size: '0xb18'
-    .rsrc:
-      Entropy: 3.296451914326491
-      Virtual Size: '0x358'
-    .reloc:
-      Entropy: 1.3741854163060885
-      Virtual Size: '0x18'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, OU=Novell Products Group, CN=Novell, Inc.
-      ValidFrom: '2010-04-03 00:00:00'
-      ValidTo: '2013-04-26 23:59:59'
-      Signature: 2d2eec4636a0c1f359ef30a107e6c2301ad12c09ab9fdac02211aaef81323d1daee3a14a150bf9f4c7d0d788d5f486ea75e40abeb502a2267171be53030fe7614af7a2015eabd4c26e887ec9220beb3666fc68158d2b8dd659e3fe55245821c10e37ddeebac63eb1848512c64a543a13ba6735b156c6dc13395890e8003e03e7c2613e2c1de1dfadfe072cd7655e3b4166fe973233b4f81ecf810541382d67c92f29d76e220543a7179b606011b932cee250f99f260b29e79236cec10b67e0e0e48cb74593a7ce2e3cfafb6c58ac7ae5c10a591037c380b5f7516cac8f4ec695b020ca2445cb9bf97eb56c09d4a62618871b482ef97c5894349e10f62e2ee68b
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 41ec87c0295f2c734169b8a23c66ac9a
-      Version: 3
-      TBS:
-        MD5: b1504f143b89a6080710bafcededb833
-        SHA1: 5c2696893ebba1e81d918a4fadda143c25c77286
-        SHA256: ae1dc09d08e93ace95fe203adfbfadcd4c029529d3f99ab381c368064b58d9a0
-        SHA384: 18c6db711578cfcd4bce87c63d053e242c7c196efc892c2d4a8733cb75bb7dc3cac3f702e0e1d4b7fa2c590acb53fdee
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 41ec87c0295f2c734169b8a23c66ac9a
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  Imphash: 96f270be3f73ec3fc2f2237fe84efca0
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 9aee04fa1bdb51eb3122c1c9b5e9b3c1
-    SHA1: 7e2db8140582d0d606627ff4d97e294080d4d334
-    SHA256: e2a330131ca4a9499736fdc72e819a6ff1f883b1c6dc7b83d5b69d288508e0fe
-  Company: Novell, Inc.
-  Copyright: (C) Copyright 2000-2014, Novell, Inc. All Rights Reserved.
-  CreationTimestamp: '2014-08-26 13:52:33'
-  Date: ''
-  Description: Novell XTCOM Services Driver
-  ExportedFunctions:
-  - NicmCreateInstance
-  - NicmDeregisterClassFactory
-  - NicmGetVersion
-  - NicmRegisterClassFactory
-  - XTComCreateInstance
-  - XTComDeregisterClassFactory
-  - XTComFreeUnusedLibrariesEx
-  - XTComGetClassObject
-  - XTComGetVersion
-  - XTComInitialize
-  - XTComRegisterClassFactory
-  FileVersion: 3.1.11.0
-  Filename: ''
-  ImportedFunctions:
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - RtlEqualString
-  - RtlInitAnsiString
-  - strstr
-  - ExReleaseResourceLite
-  - ExAcquireResourceExclusiveLite
-  - ExAcquireResourceSharedLite
-  - ExInitializeResourceLite
-  - ExDeleteResourceLite
-  - ZwClose
-  - NtSetSecurityObject
-  - ZwCreateFile
-  - RtlCreateSecurityDescriptor
-  - IoSetTopLevelIrp
-  - IoGetTopLevelIrp
-  - IofCompleteRequest
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - KeReleaseMutex
-  - KeWaitForSingleObject
-  - KeLeaveCriticalRegion
-  - DbgPrint
-  - IoFreeMdl
-  - MmUnlockPages
-  - MmUnmapLockedPages
-  - MmMapLockedPagesSpecifyCache
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - ProbeForWrite
-  - ProbeForRead
-  - KeEnterCriticalRegion
-  - IoUnregisterShutdownNotification
-  - IoCreateSymbolicLink
-  - IoRegisterShutdownNotification
-  - IoCreateDevice
-  - KeInitializeMutex
-  - DbgPrintEx
-  - IoGetCurrentProcess
-  - KeDelayExecutionThread
-  - RtlAnsiStringToUnicodeString
-  - RtlFreeUnicodeString
-  - ZwSetValueKey
-  - RtlInitUnicodeString
-  - ZwCreateKey
-  - RtlAppendUnicodeStringToString
-  - memset
-  - ZwQuerySystemInformation
-  - RtlUnicodeStringToAnsiString
-  - ZwQueryValueKey
-  - ZwOpenKey
-  - ZwOpenFile
-  - RtlCopyString
-  - MmIsAddressValid
-  - ZwWaitForSingleObject
-  - ZwReadFile
-  - ZwQueryInformationFile
-  - RtlInitString
-  - ZwQueryDirectoryFile
-  - ZwLoadDriver
-  - RtlAppendUnicodeToString
-  - KeTickCount
-  - KeBugCheckEx
-  - RtlUnwind
-  Imports:
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: 0703c1e07186cb98837a2ae76f50d42e
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: libnicm.sys
-  PDBPath: ''
-  Product: Novell XTier
-  ProductVersion: 3.1.11
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 5fa7f0eaf5758a703ef3f6b22d70dc13
-    SHA1: d4018d89c433452d1c47553f7853e191394a439b
-    SHA256: 96fa045d2bdfd41e5eb7f16d064df9fca8c2cd6c694bb428d1ee496a886b28c6
-  SHA1: e1bf5dd17f84bce3b2891dffa855d81a21914418
-  SHA256: 66a20fc2658c70facd420f5437a73fa07a5175998e569255cfb16c2f14c5e796
-  Sections:
-    .text:
-      Entropy: 6.3977880395770095
-      Virtual Size: '0x2f5e'
-    .rdata:
-      Entropy: 5.261559226615346
-      Virtual Size: '0x328'
-    .data:
-      Entropy: 2.732784594862837
-      Virtual Size: '0x574'
-    .edata:
-      Entropy: 4.777345796487677
-      Virtual Size: '0x18e'
-    INIT:
-      Entropy: 5.770074623444129
-      Virtual Size: '0x8d0'
-    .rsrc:
-      Entropy: 3.292213273656096
-      Virtual Size: '0x360'
-    .reloc:
-      Entropy: 5.779707361998735
-      Virtual Size: '0x3dc'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=Novell, Inc.
-      ValidFrom: '2013-03-05 00:00:00'
-      ValidTo: '2016-06-03 23:59:59'
-      Signature: dbb57cdba61b53b01c104cf3d4e6d31a0b127402fa3a5213dd686a48a858b7581868cb93fe789e249ef175deca865e2387ba579d8088691b5475c836d8c9fcafcca373a0d43c5a07029da9915827d5ca8fb80c0c676ce33f8f028e00d7a197b7ae7b0f726a1eed35d30591fffdbb14bd78c01c1d47cc18de85424fc81bbbbb1733498a35712ed119db159f3939fae462bcf5e2bde54b32c1cbe38a40f6389d5d849459a9401c4c0edeec46fe8dde11e184efb79298c1aa8f0a776e32be63d49b072d7f24c88eded44e6345e5df49a5592094278f8605402082896432b788f3bf1ea2e3912bc3c4bdaf6d609ee52d38fb25b9245441277b5ab7d70b0bda6fbfee
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 22184f284c89a9c053cd2b78b4189eea
-      Version: 3
-      TBS:
-        MD5: 5b1207ffffc0eff3784003d17b3e71a9
-        SHA1: 564b29bd3d1ae704393bf72a6e3e6931d3d4184d
-        SHA256: 2b9c106aae9a1675874a797c8571eb9fcec0a503ca4ddff69603321350fe3e68
-        SHA384: eac8e04313e7d424d650203026e3011abf7f02f40fecd7ab1a139aa229fabe40ac62b1f262780c4b27758214b08f7e87
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 22184f284c89a9c053cd2b78b4189eea
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: acd1b0130287133223d26c91f27f6899
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: dc077cd1d4adde370496ba2ea39e9397
-    SHA1: fa064d914e051cfb54bebfeec92f38d7b4f714d3
-    SHA256: 6429f89dd7e9f8f7784736b6d3471be3c480d4eb4c9a573c698ede1dd64f5010
-  Company: Novell, Inc.
-  Copyright: (C) Copyright 2000-2013, Novell, Inc. All Rights Reserved.
-  CreationTimestamp: '2013-12-18 02:18:10'
-  Date: ''
-  Description: Novell XTCOM Services Driver
-  ExportedFunctions:
-  - NicmCreateInstance
-  - NicmDeregisterClassFactory
-  - NicmGetVersion
-  - NicmRegisterClassFactory
-  - XTComCreateInstance
-  - XTComDeregisterClassFactory
-  - XTComFreeUnusedLibrariesEx
-  - XTComGetClassObject
-  - XTComGetVersion
-  - XTComInitialize
-  - XTComRegisterClassFactory
-  FileVersion: 3.1.11.0
-  Filename: ''
-  ImportedFunctions:
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - RtlEqualString
-  - RtlInitAnsiString
-  - strstr
-  - ExReleaseResourceLite
-  - ExAcquireResourceExclusiveLite
-  - ExAcquireResourceSharedLite
-  - ExInitializeResourceLite
-  - ExDeleteResourceLite
-  - ZwClose
-  - NtSetSecurityObject
-  - ZwCreateFile
-  - RtlCreateSecurityDescriptor
-  - IoSetTopLevelIrp
-  - IoGetTopLevelIrp
-  - IofCompleteRequest
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - KeReleaseMutex
-  - KeWaitForSingleObject
-  - KeLeaveCriticalRegion
-  - DbgPrint
-  - IoFreeMdl
-  - MmUnlockPages
-  - MmUnmapLockedPages
-  - MmMapLockedPagesSpecifyCache
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - ProbeForWrite
-  - ProbeForRead
-  - KeEnterCriticalRegion
-  - IoUnregisterShutdownNotification
-  - IoCreateSymbolicLink
-  - IoRegisterShutdownNotification
-  - IoCreateDevice
-  - KeInitializeMutex
-  - DbgPrintEx
-  - IoGetCurrentProcess
-  - KeDelayExecutionThread
-  - RtlAnsiStringToUnicodeString
-  - RtlFreeUnicodeString
-  - ZwSetValueKey
-  - RtlInitUnicodeString
-  - ZwCreateKey
-  - RtlAppendUnicodeStringToString
-  - memset
-  - ZwQuerySystemInformation
-  - RtlUnicodeStringToAnsiString
-  - ZwQueryValueKey
-  - ZwOpenKey
-  - ZwOpenFile
-  - RtlCopyString
-  - MmIsAddressValid
-  - ZwWaitForSingleObject
-  - ZwReadFile
-  - ZwQueryInformationFile
-  - RtlInitString
-  - ZwQueryDirectoryFile
-  - ZwLoadDriver
-  - RtlAppendUnicodeToString
-  - KeTickCount
-  - KeBugCheckEx
-  - RtlUnwind
-  Imports:
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: 41339c852c6e8e4c94323f500c87a79c
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: libnicm.sys
-  PDBPath: ''
-  Product: Novell XTier
-  ProductVersion: 3.1.11
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 5fa7f0eaf5758a703ef3f6b22d70dc13
-    SHA1: d4018d89c433452d1c47553f7853e191394a439b
-    SHA256: 96fa045d2bdfd41e5eb7f16d064df9fca8c2cd6c694bb428d1ee496a886b28c6
-  SHA1: 9ca90642cff9ca71c7022c0f9dfd87da2b6a0bff
-  SHA256: 8138b219a2b1be2b0be61e5338be470c18ad6975f11119aee3a771d4584ed750
-  Sections:
-    .text:
-      Entropy: 6.3978203284619255
-      Virtual Size: '0x2f5e'
-    .rdata:
-      Entropy: 5.236273583093875
-      Virtual Size: '0x338'
-    .data:
-      Entropy: 2.732784594862837
-      Virtual Size: '0x574'
-    .edata:
-      Entropy: 4.770423968592794
-      Virtual Size: '0x18e'
-    INIT:
-      Entropy: 5.770074623444129
-      Virtual Size: '0x8d0'
-    .rsrc:
-      Entropy: 3.293202571077708
-      Virtual Size: '0x360'
-    .reloc:
-      Entropy: 5.776010088933396
-      Virtual Size: '0x3dc'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=Novell, Inc.
-      ValidFrom: '2013-03-05 00:00:00'
-      ValidTo: '2016-06-03 23:59:59'
-      Signature: dbb57cdba61b53b01c104cf3d4e6d31a0b127402fa3a5213dd686a48a858b7581868cb93fe789e249ef175deca865e2387ba579d8088691b5475c836d8c9fcafcca373a0d43c5a07029da9915827d5ca8fb80c0c676ce33f8f028e00d7a197b7ae7b0f726a1eed35d30591fffdbb14bd78c01c1d47cc18de85424fc81bbbbb1733498a35712ed119db159f3939fae462bcf5e2bde54b32c1cbe38a40f6389d5d849459a9401c4c0edeec46fe8dde11e184efb79298c1aa8f0a776e32be63d49b072d7f24c88eded44e6345e5df49a5592094278f8605402082896432b788f3bf1ea2e3912bc3c4bdaf6d609ee52d38fb25b9245441277b5ab7d70b0bda6fbfee
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 22184f284c89a9c053cd2b78b4189eea
-      Version: 3
-      TBS:
-        MD5: 5b1207ffffc0eff3784003d17b3e71a9
-        SHA1: 564b29bd3d1ae704393bf72a6e3e6931d3d4184d
-        SHA256: 2b9c106aae9a1675874a797c8571eb9fcec0a503ca4ddff69603321350fe3e68
-        SHA384: eac8e04313e7d424d650203026e3011abf7f02f40fecd7ab1a139aa229fabe40ac62b1f262780c4b27758214b08f7e87
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 22184f284c89a9c053cd2b78b4189eea
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: acd1b0130287133223d26c91f27f6899
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 31ea879f360e292dc09e69d8098e5dbe
-    SHA1: d6f4650669233ba26c47c7b252867b4ffa2e7f06
-    SHA256: 615c391666b0fdaa0a8096320d35c7b951e6a0ee7f984ab3e892f838cb212b60
-  Company: Novell, Inc.
-  Copyright: (C) Copyright 2000-2015, Novell, Inc. All Rights Reserved.
-  CreationTimestamp: '2015-06-26 06:07:19'
-  Date: ''
-  Description: Novell XTCOM Services Driver
-  ExportedFunctions:
-  - NicmCreateInstance
-  - NicmDeregisterClassFactory
-  - NicmGetVersion
-  - NicmRegisterClassFactory
-  - XTComCreateInstance
-  - XTComDeregisterClassFactory
-  - XTComFreeUnusedLibrariesEx
-  - XTComGetClassObject
-  - XTComGetVersion
-  - XTComInitialize
-  - XTComRegisterClassFactory
-  FileVersion: 3.1.12.0
-  Filename: ''
-  ImportedFunctions:
-  - ExAcquireResourceExclusiveLite
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - strstr
-  - RtlInitAnsiString
-  - ExAcquireResourceSharedLite
-  - ExReleaseResourceLite
-  - RtlEqualString
-  - MmUnmapLockedPages
-  - ProbeForRead
-  - IoDeleteSymbolicLink
-  - IoRegisterShutdownNotification
-  - KeInitializeMutex
-  - KeLeaveCriticalRegion
-  - IoDeleteDevice
-  - ProbeForWrite
-  - IoFreeMdl
-  - KeEnterCriticalRegion
-  - KeReleaseMutex
-  - ZwCreateFile
-  - MmMapLockedPagesSpecifyCache
-  - IoUnregisterShutdownNotification
-  - ZwClose
-  - IofCompleteRequest
-  - IoSetTopLevelIrp
-  - KeWaitForSingleObject
-  - MmProbeAndLockPages
-  - MmUnlockPages
-  - ExDeleteResourceLite
-  - IoGetTopLevelIrp
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - ExInitializeResourceLite
-  - NtSetSecurityObject
-  - DbgPrintEx
-  - DbgPrint
-  - IoAllocateMdl
-  - RtlCreateSecurityDescriptor
-  - IoGetCurrentProcess
-  - ZwCreateKey
-  - RtlAnsiStringToUnicodeString
-  - ZwReadFile
-  - RtlInitUnicodeString
-  - RtlAppendUnicodeToString
-  - RtlUnicodeStringToAnsiString
-  - ZwSetValueKey
-  - ZwQuerySystemInformation
-  - RtlInitString
-  - KeDelayExecutionThread
-  - RtlFreeUnicodeString
-  - ZwWaitForSingleObject
-  - ZwQueryValueKey
-  - ZwQueryDirectoryFile
-  - RtlAppendUnicodeStringToString
-  - RtlCopyString
-  - MmIsAddressValid
-  - ZwOpenFile
-  - ZwQueryInformationFile
-  - ZwLoadDriver
-  - ZwOpenKey
-  - KeBugCheckEx
-  - __C_specific_handler
-  Imports:
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: d48f681f70e19d2fa521df63bc72ab9e
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: libnicm.sys
-  PDBPath: ''
-  Product: Novell XTier
-  ProductVersion: 3.1.12
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 8850702894d4f93edec22b7062734311
-    SHA1: b03ec8e4976ac440ec91c83869fd957a840a115a
-    SHA256: 7a395513b36fa940ad02212cddc492f51aaf9ceb39f1dc1aa684da55e4fd3cfc
-  SHA1: 10fc6933deb7de9813e07d864ce03334a4f489d9
-  SHA256: d04c72fd31e7d36b101ad30e119e14f6df9cbc7a761526da9b77f9e0b9888bc4
-  Sections:
-    .text:
-      Entropy: 6.322257190894552
-      Virtual Size: '0x3b20'
-    .rdata:
-      Entropy: 4.758059398135914
-      Virtual Size: '0x584'
-    .data:
-      Entropy: 2.7659755587497967
-      Virtual Size: '0x968'
-    .pdata:
-      Entropy: 4.125409691380965
-      Virtual Size: '0x234'
-    .edata:
-      Entropy: 4.819255847308731
-      Virtual Size: '0x18e'
-    INIT:
-      Entropy: 5.789752688284005
-      Virtual Size: '0xb4c'
-    .rsrc:
-      Entropy: 3.297006918852943
-      Virtual Size: '0x360'
-    .reloc:
-      Entropy: 1.3741854163060885
-      Virtual Size: '0x18'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=Novell, Inc.
-      ValidFrom: '2013-03-05 00:00:00'
-      ValidTo: '2016-06-03 23:59:59'
-      Signature: dbb57cdba61b53b01c104cf3d4e6d31a0b127402fa3a5213dd686a48a858b7581868cb93fe789e249ef175deca865e2387ba579d8088691b5475c836d8c9fcafcca373a0d43c5a07029da9915827d5ca8fb80c0c676ce33f8f028e00d7a197b7ae7b0f726a1eed35d30591fffdbb14bd78c01c1d47cc18de85424fc81bbbbb1733498a35712ed119db159f3939fae462bcf5e2bde54b32c1cbe38a40f6389d5d849459a9401c4c0edeec46fe8dde11e184efb79298c1aa8f0a776e32be63d49b072d7f24c88eded44e6345e5df49a5592094278f8605402082896432b788f3bf1ea2e3912bc3c4bdaf6d609ee52d38fb25b9245441277b5ab7d70b0bda6fbfee
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 22184f284c89a9c053cd2b78b4189eea
-      Version: 3
-      TBS:
-        MD5: 5b1207ffffc0eff3784003d17b3e71a9
-        SHA1: 564b29bd3d1ae704393bf72a6e3e6931d3d4184d
-        SHA256: 2b9c106aae9a1675874a797c8571eb9fcec0a503ca4ddff69603321350fe3e68
-        SHA384: eac8e04313e7d424d650203026e3011abf7f02f40fecd7ab1a139aa229fabe40ac62b1f262780c4b27758214b08f7e87
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 22184f284c89a9c053cd2b78b4189eea
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: ad34ea17f90a34f6f84a399a96383ada
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 468460d75f9141ee3e1bfba845ef8c13
-    SHA1: 22fcace035c25521bdfca64df32a67fb16ee87bc
-    SHA256: d0b918d766e6ce4218a833314525dd6eaeba83c597e9e1a9efefa7f95ec64a95
-  Company: Novell, Inc.
-  Copyright: (C) Copyright 2000-2015, Novell, Inc. All Rights Reserved.
-  CreationTimestamp: '2015-06-26 06:07:25'
-  Date: ''
-  Description: Novell XTCOM Services Driver
-  ExportedFunctions:
-  - NicmCreateInstance
-  - NicmDeregisterClassFactory
-  - NicmGetVersion
-  - NicmRegisterClassFactory
-  - XTComCreateInstance
-  - XTComDeregisterClassFactory
-  - XTComFreeUnusedLibrariesEx
-  - XTComGetClassObject
-  - XTComGetVersion
-  - XTComInitialize
-  - XTComRegisterClassFactory
-  FileVersion: 3.1.12.0
-  Filename: ''
-  ImportedFunctions:
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - RtlEqualString
-  - RtlInitAnsiString
-  - strstr
-  - ExReleaseResourceLite
-  - ExAcquireResourceExclusiveLite
-  - ExAcquireResourceSharedLite
-  - ExInitializeResourceLite
-  - ExDeleteResourceLite
-  - ZwClose
-  - NtSetSecurityObject
-  - ZwCreateFile
-  - RtlCreateSecurityDescriptor
-  - IoSetTopLevelIrp
-  - IoGetTopLevelIrp
-  - IofCompleteRequest
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - KeReleaseMutex
-  - KeWaitForSingleObject
-  - KeLeaveCriticalRegion
-  - DbgPrint
-  - IoFreeMdl
-  - MmUnlockPages
-  - MmUnmapLockedPages
-  - MmMapLockedPagesSpecifyCache
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - ProbeForWrite
-  - ProbeForRead
-  - KeEnterCriticalRegion
-  - IoUnregisterShutdownNotification
-  - IoCreateSymbolicLink
-  - IoRegisterShutdownNotification
-  - IoCreateDevice
-  - KeInitializeMutex
-  - DbgPrintEx
-  - IoGetCurrentProcess
-  - KeDelayExecutionThread
-  - RtlAnsiStringToUnicodeString
-  - RtlFreeUnicodeString
-  - ZwSetValueKey
-  - RtlInitUnicodeString
-  - ZwCreateKey
-  - RtlAppendUnicodeStringToString
-  - memset
-  - ZwQuerySystemInformation
-  - RtlUnicodeStringToAnsiString
-  - ZwQueryValueKey
-  - ZwOpenKey
-  - ZwOpenFile
-  - RtlCopyString
-  - MmIsAddressValid
-  - ZwWaitForSingleObject
-  - ZwReadFile
-  - ZwQueryInformationFile
-  - RtlInitString
-  - ZwQueryDirectoryFile
-  - ZwLoadDriver
-  - RtlAppendUnicodeToString
-  - KeTickCount
-  - KeBugCheckEx
-  - RtlUnwind
-  Imports:
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: da7e98b23b49b7293ee06713032c74f6
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: libnicm.sys
-  PDBPath: ''
-  Product: Novell XTier
-  ProductVersion: 3.1.12
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 5fa7f0eaf5758a703ef3f6b22d70dc13
-    SHA1: d4018d89c433452d1c47553f7853e191394a439b
-    SHA256: 96fa045d2bdfd41e5eb7f16d064df9fca8c2cd6c694bb428d1ee496a886b28c6
-  SHA1: c22c28a32a5e43a76514faf4fac14d135e0d4ffd
-  SHA256: 87e094214feb56a482cd8ae7ee7c7882b5a8dccce7947fdaa04a660fa19f41e5
-  Sections:
-    .text:
-      Entropy: 6.3977880395770095
-      Virtual Size: '0x2f5e'
-    .rdata:
-      Entropy: 5.274989904818917
-      Virtual Size: '0x328'
-    .data:
-      Entropy: 2.732784594862837
-      Virtual Size: '0x574'
-    .edata:
-      Entropy: 4.767295545231396
-      Virtual Size: '0x18e'
-    INIT:
-      Entropy: 5.770074623444129
-      Virtual Size: '0x8d0'
-    .rsrc:
-      Entropy: 3.293818391651365
-      Virtual Size: '0x360'
-    .reloc:
-      Entropy: 5.779707361998735
-      Virtual Size: '0x3dc'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=Novell, Inc.
-      ValidFrom: '2013-03-05 00:00:00'
-      ValidTo: '2016-06-03 23:59:59'
-      Signature: dbb57cdba61b53b01c104cf3d4e6d31a0b127402fa3a5213dd686a48a858b7581868cb93fe789e249ef175deca865e2387ba579d8088691b5475c836d8c9fcafcca373a0d43c5a07029da9915827d5ca8fb80c0c676ce33f8f028e00d7a197b7ae7b0f726a1eed35d30591fffdbb14bd78c01c1d47cc18de85424fc81bbbbb1733498a35712ed119db159f3939fae462bcf5e2bde54b32c1cbe38a40f6389d5d849459a9401c4c0edeec46fe8dde11e184efb79298c1aa8f0a776e32be63d49b072d7f24c88eded44e6345e5df49a5592094278f8605402082896432b788f3bf1ea2e3912bc3c4bdaf6d609ee52d38fb25b9245441277b5ab7d70b0bda6fbfee
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 22184f284c89a9c053cd2b78b4189eea
-      Version: 3
-      TBS:
-        MD5: 5b1207ffffc0eff3784003d17b3e71a9
-        SHA1: 564b29bd3d1ae704393bf72a6e3e6931d3d4184d
-        SHA256: 2b9c106aae9a1675874a797c8571eb9fcec0a503ca4ddff69603321350fe3e68
-        SHA384: eac8e04313e7d424d650203026e3011abf7f02f40fecd7ab1a139aa229fabe40ac62b1f262780c4b27758214b08f7e87
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 22184f284c89a9c053cd2b78b4189eea
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: acd1b0130287133223d26c91f27f6899
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 25c0efa043f90ef63f9fdb49bae0342e
-    SHA1: dc1295fe99e5908dd0569acbffdb2d31652accbf
-    SHA256: 5e789b6d535b49c66c658978099e50fa2f8d02c2511bdaf9358bb8e40bdcef8e
-  Company: Novell, Inc.
-  Copyright: (C) Copyright 2000-2008, Novell, Inc. All Rights Reserved.
-  CreationTimestamp: '2009-09-08 13:26:55'
-  Date: ''
-  Description: Novell XTCOM Services Driver
-  ExportedFunctions:
-  - NicmCreateInstance
-  - NicmDeregisterClassFactory
-  - NicmGetVersion
-  - NicmRegisterClassFactory
-  - XTComCreateInstance
-  - XTComDeregisterClassFactory
-  - XTComFreeUnusedLibrariesEx
-  - XTComGetClassObject
-  - XTComGetVersion
-  - XTComInitialize
-  - XTComRegisterClassFactory
-  FileVersion: 3.1.6.0
-  Filename: ''
-  ImportedFunctions:
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - RtlEqualString
-  - RtlInitAnsiString
-  - strstr
-  - ExReleaseResourceLite
-  - ExAcquireResourceExclusiveLite
-  - ExAcquireResourceSharedLite
-  - ExInitializeResourceLite
-  - ExDeleteResourceLite
-  - ZwClose
-  - NtSetSecurityObject
-  - ZwCreateFile
-  - RtlCreateSecurityDescriptor
-  - IoSetTopLevelIrp
-  - IoGetTopLevelIrp
-  - IofCompleteRequest
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - KeReleaseMutex
-  - KeWaitForSingleObject
-  - KeLeaveCriticalRegion
-  - IoFreeMdl
-  - MmUnlockPages
-  - MmUnmapLockedPages
-  - MmMapLockedPagesSpecifyCache
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - ProbeForWrite
-  - ProbeForRead
-  - KeEnterCriticalRegion
-  - IoUnregisterShutdownNotification
-  - IoCreateSymbolicLink
-  - IoRegisterShutdownNotification
-  - IoCreateDevice
-  - KeInitializeMutex
-  - DbgPrintEx
-  - IoGetCurrentProcess
-  - KeDelayExecutionThread
-  - RtlAnsiStringToUnicodeString
-  - RtlFreeUnicodeString
-  - ZwSetValueKey
-  - RtlInitUnicodeString
-  - ZwCreateKey
-  - RtlAppendUnicodeStringToString
-  - memset
-  - ZwQuerySystemInformation
-  - RtlUnicodeStringToAnsiString
-  - ZwQueryValueKey
-  - ZwOpenKey
-  - ZwOpenFile
-  - RtlCopyString
-  - MmIsAddressValid
-  - ZwWaitForSingleObject
-  - ZwReadFile
-  - ZwQueryInformationFile
-  - RtlInitString
-  - ZwQueryDirectoryFile
-  - ZwLoadDriver
-  - RtlAppendUnicodeToString
-  - KeTickCount
-  - KeBugCheckEx
-  - RtlUnwind
-  Imports:
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: aae268c4b593156bdae25af5a2a4af21
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: libnicm.sys
-  PDBPath: ''
-  Product: Novell XTier
-  ProductVersion: 3.1.6
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 1057b10c078b885e3f08290c07a28c50
-    SHA1: 0ffa7dfa0ba19fb7b801bc37ee18c31964d8f68c
-    SHA256: 159cb8b8bd40916edc60562397b13c91c0f1dadc1c5d63eebadbe165c0cc327b
-  SHA1: e3266b046d278194ade4d8f677772d0cb4ecfaf1
-  SHA256: d1c78c8ba70368e96515fb0596598938a8f9efa8f9f5d9e068ee008f03020fee
-  Sections:
-    .text:
-      Entropy: 6.402214162342275
-      Virtual Size: '0x2eb2'
-    .rdata:
-      Entropy: 5.246886867271846
-      Virtual Size: '0x318'
-    .data:
-      Entropy: 2.732784594862837
-      Virtual Size: '0x574'
-    .edata:
-      Entropy: 4.80662088305653
-      Virtual Size: '0x18e'
-    INIT:
-      Entropy: 5.758686784808341
-      Virtual Size: '0x8b8'
-    .rsrc:
-      Entropy: 3.294301150507165
-      Virtual Size: '0x358'
-    .reloc:
-      Entropy: 5.763922075902202
-      Virtual Size: '0x3d2'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, OU=Novell Products Group, CN=Novell, Inc.
-      ValidFrom: '2007-04-04 00:00:00'
-      ValidTo: '2010-04-27 23:59:59'
-      Signature: 267f71f6ee43755fd6395f85c34bb15a72a6f2a959c2074627d294395fb1aaa4c7bbeff369d735628b233bde7e5c95a0f1837e5ad03704270834ce9c1b07649a256027930f44e064568666b06e7f9dc3cd299b38b0a6766301200ab58434a05a34a369ab99bbbf2aaa6b3603481e0393a80ea09e78a7cf55317a9590c49887f02e1fd948c3b1f6d203e91782ce423d0569f45e7f074205df5f92be6ccd9836641439af4390022242e0ca84aedb0d71c5a50f2dbd1ed30e5ac9c1bda67c694f94f2fe4aa83945ed32e426afe26f44dcb6dcc8186728f86f1a1bddc1ea7dd82b76578a42d1e63bf5f8f348fbcd509094858978e375d277394529df1dd5d78abab2
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 4808d93b14b8600dbfa18dab5d15310f
-      Version: 3
-      TBS:
-        MD5: adddb65a3a360b3c1a55cb33e426f32a
-        SHA1: 93d9b282265288a94ee4f1a01c5fb3a08badb7ac
-        SHA256: d98d63f26125a94eb767fdd2526f6c74bfb40cb4d117a1d87ca3ed0d99bd6f0b
-        SHA384: cf20d9d6343b52b05ebaeace8a75ad950089e2d55508571cf5b153583fdf2d7b11bc61b8f38bfa70f09b2e7ac63d9ef5
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 4808d93b14b8600dbfa18dab5d15310f
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  Imphash: 28d780857f0f6616f938aca3a38b5072
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: c9fb69b3569b42eed1b945c068245fb7
-    SHA1: f9af5075200f0d08359e8ee5bfcbfae5e31ac002
-    SHA256: 30accf1de5969ff5bf958786b9c9deb9001d1a19d121aac8b3c92c5b463a087e
-  Company: Novell, Inc.
-  Copyright: (C) Copyright 2000-2012, Novell, Inc. All Rights Reserved.
-  CreationTimestamp: '2012-03-18 19:27:38'
-  Date: ''
-  Description: Novell XTCOM Services Driver
-  ExportedFunctions:
-  - NicmCreateInstance
-  - NicmDeregisterClassFactory
-  - NicmGetVersion
-  - NicmRegisterClassFactory
-  - XTComCreateInstance
-  - XTComDeregisterClassFactory
-  - XTComFreeUnusedLibrariesEx
-  - XTComGetClassObject
-  - XTComGetVersion
-  - XTComInitialize
-  - XTComRegisterClassFactory
-  FileVersion: 3.1.10.0
-  Filename: ''
-  ImportedFunctions:
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - RtlEqualString
-  - RtlInitAnsiString
-  - strstr
-  - ExReleaseResourceLite
-  - ExAcquireResourceExclusiveLite
-  - ExAcquireResourceSharedLite
-  - ExInitializeResourceLite
-  - ExDeleteResourceLite
-  - ZwClose
-  - NtSetSecurityObject
-  - ZwCreateFile
-  - RtlCreateSecurityDescriptor
-  - IoSetTopLevelIrp
-  - IoGetTopLevelIrp
-  - IofCompleteRequest
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - KeReleaseMutex
-  - KeWaitForSingleObject
-  - KeLeaveCriticalRegion
-  - IoFreeMdl
-  - MmUnlockPages
-  - MmUnmapLockedPages
-  - MmMapLockedPagesSpecifyCache
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - ProbeForWrite
-  - ProbeForRead
-  - KeEnterCriticalRegion
-  - IoUnregisterShutdownNotification
-  - IoCreateSymbolicLink
-  - IoRegisterShutdownNotification
-  - IoCreateDevice
-  - KeInitializeMutex
-  - DbgPrintEx
-  - IoGetCurrentProcess
-  - KeDelayExecutionThread
-  - RtlAnsiStringToUnicodeString
-  - RtlFreeUnicodeString
-  - ZwSetValueKey
-  - RtlInitUnicodeString
-  - ZwCreateKey
-  - RtlAppendUnicodeStringToString
-  - memset
-  - ZwQuerySystemInformation
-  - RtlUnicodeStringToAnsiString
-  - ZwQueryValueKey
-  - ZwOpenKey
-  - ZwOpenFile
-  - RtlCopyString
-  - MmIsAddressValid
-  - ZwWaitForSingleObject
-  - ZwReadFile
-  - ZwQueryInformationFile
-  - RtlInitString
-  - ZwQueryDirectoryFile
-  - ZwLoadDriver
-  - RtlAppendUnicodeToString
-  - KeTickCount
-  - KeBugCheckEx
-  - RtlUnwind
-  Imports:
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: 20afd54ca260e2bf6589fac72935fecf
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: libnicm.sys
-  PDBPath: ''
-  Product: Novell XTier
-  ProductVersion: 3.1.10
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 3a47368eb1de45f496d5ab77e5376986
-    SHA1: 3cd4b05433eebaf9a0c2f069a84c0de1146ea0b1
-    SHA256: a506b807681ea2fea75bedde727894b9f5ae4eb3837fc1d0645823ae1a1b61dc
-  SHA1: e9f576137181c261dc3b23871d1d822731d54a12
-  SHA256: 834a3d755b5ae798561f8e5fbb18cf28dfcae7a111dc6a03967888e9d10f6d78
-  Sections:
-    .text:
-      Entropy: 6.390310950936035
-      Virtual Size: '0x2e22'
-    .rdata:
-      Entropy: 5.293527716565188
-      Virtual Size: '0x318'
-    .data:
-      Entropy: 2.732784594862837
-      Virtual Size: '0x574'
-    .edata:
-      Entropy: 4.7723206708595365
-      Virtual Size: '0x18e'
-    INIT:
-      Entropy: 5.770541512844784
-      Virtual Size: '0x8c0'
-    .rsrc:
-      Entropy: 3.2904973259569483
-      Virtual Size: '0x360'
-    .reloc:
-      Entropy: 5.783333067425757
-      Virtual Size: '0x3ce'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, OU=Novell Products Group, CN=Novell, Inc.
-      ValidFrom: '2010-04-03 00:00:00'
-      ValidTo: '2013-04-26 23:59:59'
-      Signature: 2d2eec4636a0c1f359ef30a107e6c2301ad12c09ab9fdac02211aaef81323d1daee3a14a150bf9f4c7d0d788d5f486ea75e40abeb502a2267171be53030fe7614af7a2015eabd4c26e887ec9220beb3666fc68158d2b8dd659e3fe55245821c10e37ddeebac63eb1848512c64a543a13ba6735b156c6dc13395890e8003e03e7c2613e2c1de1dfadfe072cd7655e3b4166fe973233b4f81ecf810541382d67c92f29d76e220543a7179b606011b932cee250f99f260b29e79236cec10b67e0e0e48cb74593a7ce2e3cfafb6c58ac7ae5c10a591037c380b5f7516cac8f4ec695b020ca2445cb9bf97eb56c09d4a62618871b482ef97c5894349e10f62e2ee68b
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 41ec87c0295f2c734169b8a23c66ac9a
-      Version: 3
-      TBS:
-        MD5: b1504f143b89a6080710bafcededb833
-        SHA1: 5c2696893ebba1e81d918a4fadda143c25c77286
-        SHA256: ae1dc09d08e93ace95fe203adfbfadcd4c029529d3f99ab381c368064b58d9a0
-        SHA384: 18c6db711578cfcd4bce87c63d053e242c7c196efc892c2d4a8733cb75bb7dc3cac3f702e0e1d4b7fa2c590acb53fdee
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 41ec87c0295f2c734169b8a23c66ac9a
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  Imphash: 28d780857f0f6616f938aca3a38b5072
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: d296fda4ade4f49f4defb49740ce23ca
-    SHA1: dd62a35fd568dd79419e151bce6e7c5a8c9819f3
-    SHA256: e03d8492926408a299100ef02c46bf3510a816bd9eed2f988b47c066049e9111
-  Company: Novell, Inc.
-  Copyright: (C) Copyright 2000-2015, Novell, Inc. All Rights Reserved.
-  CreationTimestamp: '2015-09-26 07:20:01'
-  Date: ''
-  Description: Novell XTCOM Services Driver
-  ExportedFunctions:
-  - NicmCreateInstance
-  - NicmDeregisterClassFactory
-  - NicmGetVersion
-  - NicmRegisterClassFactory
-  - XTComCreateInstance
-  - XTComDeregisterClassFactory
-  - XTComFreeUnusedLibrariesEx
-  - XTComGetClassObject
-  - XTComGetVersion
-  - XTComInitialize
-  - XTComRegisterClassFactory
-  FileVersion: 3.1.12.0
-  Filename: ''
-  ImportedFunctions:
-  - ExAcquireResourceExclusiveLite
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - strstr
-  - RtlInitAnsiString
-  - ExAcquireResourceSharedLite
-  - ExReleaseResourceLite
-  - RtlEqualString
-  - MmUnmapLockedPages
-  - ProbeForRead
-  - IoDeleteSymbolicLink
-  - IoRegisterShutdownNotification
-  - KeInitializeMutex
-  - KeLeaveCriticalRegion
-  - IoDeleteDevice
-  - ProbeForWrite
-  - IoFreeMdl
-  - KeEnterCriticalRegion
-  - KeReleaseMutex
-  - ZwCreateFile
-  - MmMapLockedPagesSpecifyCache
-  - IoUnregisterShutdownNotification
-  - ZwClose
-  - IofCompleteRequest
-  - IoSetTopLevelIrp
-  - KeWaitForSingleObject
-  - MmProbeAndLockPages
-  - MmUnlockPages
-  - ExDeleteResourceLite
-  - IoGetTopLevelIrp
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - ExInitializeResourceLite
-  - NtSetSecurityObject
-  - DbgPrintEx
-  - DbgPrint
-  - IoAllocateMdl
-  - RtlCreateSecurityDescriptor
-  - IoGetCurrentProcess
-  - ZwCreateKey
-  - RtlAnsiStringToUnicodeString
-  - ZwReadFile
-  - RtlInitUnicodeString
-  - RtlAppendUnicodeToString
-  - RtlUnicodeStringToAnsiString
-  - ZwSetValueKey
-  - ZwQuerySystemInformation
-  - RtlInitString
-  - KeDelayExecutionThread
-  - RtlFreeUnicodeString
-  - ZwWaitForSingleObject
-  - ZwQueryValueKey
-  - ZwQueryDirectoryFile
-  - RtlAppendUnicodeStringToString
-  - RtlCopyString
-  - MmIsAddressValid
-  - ZwOpenFile
-  - ZwQueryInformationFile
-  - ZwLoadDriver
-  - ZwOpenKey
-  - KeBugCheckEx
-  - __C_specific_handler
-  Imports:
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: 7eeb4c0cb786a409b94066986addf315
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: libnicm.sys
-  PDBPath: ''
-  Product: Novell XTier
-  ProductVersion: 3.1.12
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 8850702894d4f93edec22b7062734311
-    SHA1: b03ec8e4976ac440ec91c83869fd957a840a115a
-    SHA256: 7a395513b36fa940ad02212cddc492f51aaf9ceb39f1dc1aa684da55e4fd3cfc
-  SHA1: 005ac9213a8a4a6c421787a7b25c0bc7b9f3b309
-  SHA256: 3b7177e9a10c1392633c5f605600bb23c8629379f7f42957972374a05d4dc458
-  Sections:
-    .text:
-      Entropy: 6.322257190894552
-      Virtual Size: '0x3b20'
-    .rdata:
-      Entropy: 4.7192120759121075
-      Virtual Size: '0x584'
-    .data:
-      Entropy: 2.7659755587497967
-      Virtual Size: '0x968'
-    .pdata:
-      Entropy: 4.125409691380965
-      Virtual Size: '0x234'
-    .edata:
-      Entropy: 4.819413179899602
-      Virtual Size: '0x18e'
-    INIT:
-      Entropy: 5.789752688284005
-      Virtual Size: '0xb4c'
-    .rsrc:
-      Entropy: 3.297006918852943
-      Virtual Size: '0x360'
-    .reloc:
-      Entropy: 1.3741854163060885
-      Virtual Size: '0x18'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=Novell, Inc.
-      ValidFrom: '2013-03-05 00:00:00'
-      ValidTo: '2016-06-03 23:59:59'
-      Signature: dbb57cdba61b53b01c104cf3d4e6d31a0b127402fa3a5213dd686a48a858b7581868cb93fe789e249ef175deca865e2387ba579d8088691b5475c836d8c9fcafcca373a0d43c5a07029da9915827d5ca8fb80c0c676ce33f8f028e00d7a197b7ae7b0f726a1eed35d30591fffdbb14bd78c01c1d47cc18de85424fc81bbbbb1733498a35712ed119db159f3939fae462bcf5e2bde54b32c1cbe38a40f6389d5d849459a9401c4c0edeec46fe8dde11e184efb79298c1aa8f0a776e32be63d49b072d7f24c88eded44e6345e5df49a5592094278f8605402082896432b788f3bf1ea2e3912bc3c4bdaf6d609ee52d38fb25b9245441277b5ab7d70b0bda6fbfee
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 22184f284c89a9c053cd2b78b4189eea
-      Version: 3
-      TBS:
-        MD5: 5b1207ffffc0eff3784003d17b3e71a9
-        SHA1: 564b29bd3d1ae704393bf72a6e3e6931d3d4184d
-        SHA256: 2b9c106aae9a1675874a797c8571eb9fcec0a503ca4ddff69603321350fe3e68
-        SHA384: eac8e04313e7d424d650203026e3011abf7f02f40fecd7ab1a139aa229fabe40ac62b1f262780c4b27758214b08f7e87
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 22184f284c89a9c053cd2b78b4189eea
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: ad34ea17f90a34f6f84a399a96383ada
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 9af58e71b9b5720a3b8b2dec0a26f917
-    SHA1: ddb8f39d27ee3124553dac4b929898a261c021f7
-    SHA256: a1b56ae08d822bb5d041c2a67584371ffddcb7f6d69191efec5b8189e0028331
-  Company: Novell, Inc.
-  Copyright: (C) Copyright 2000-2013, Novell, Inc. All Rights Reserved.
-  CreationTimestamp: '2013-01-15 23:19:24'
-  Date: ''
-  Description: Novell XTCOM Services Driver
-  ExportedFunctions:
-  - NicmCreateInstance
-  - NicmDeregisterClassFactory
-  - NicmGetVersion
-  - NicmRegisterClassFactory
-  - XTComCreateInstance
-  - XTComDeregisterClassFactory
-  - XTComFreeUnusedLibrariesEx
-  - XTComGetClassObject
-  - XTComGetVersion
-  - XTComInitialize
-  - XTComRegisterClassFactory
-  FileVersion: 3.1.11.0
-  Filename: ''
-  ImportedFunctions:
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - RtlEqualString
-  - RtlInitAnsiString
-  - strstr
-  - ExReleaseResourceLite
-  - ExAcquireResourceExclusiveLite
-  - ExAcquireResourceSharedLite
-  - ExInitializeResourceLite
-  - ExDeleteResourceLite
-  - ZwClose
-  - NtSetSecurityObject
-  - ZwCreateFile
-  - RtlCreateSecurityDescriptor
-  - IoSetTopLevelIrp
-  - IoGetTopLevelIrp
-  - IofCompleteRequest
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - KeReleaseMutex
-  - KeWaitForSingleObject
-  - KeLeaveCriticalRegion
-  - IoFreeMdl
-  - MmUnlockPages
-  - MmUnmapLockedPages
-  - MmMapLockedPagesSpecifyCache
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - ProbeForWrite
-  - ProbeForRead
-  - KeEnterCriticalRegion
-  - IoUnregisterShutdownNotification
-  - IoCreateSymbolicLink
-  - IoRegisterShutdownNotification
-  - IoCreateDevice
-  - KeInitializeMutex
-  - DbgPrintEx
-  - IoGetCurrentProcess
-  - KeDelayExecutionThread
-  - RtlAnsiStringToUnicodeString
-  - RtlFreeUnicodeString
-  - ZwSetValueKey
-  - RtlInitUnicodeString
-  - ZwCreateKey
-  - RtlAppendUnicodeStringToString
-  - memset
-  - ZwQuerySystemInformation
-  - RtlUnicodeStringToAnsiString
-  - ZwQueryValueKey
-  - ZwOpenKey
-  - ZwOpenFile
-  - RtlCopyString
-  - MmIsAddressValid
-  - ZwWaitForSingleObject
-  - ZwReadFile
-  - ZwQueryInformationFile
-  - RtlInitString
-  - ZwQueryDirectoryFile
-  - ZwLoadDriver
-  - RtlAppendUnicodeToString
-  - KeTickCount
-  - KeBugCheckEx
-  - RtlUnwind
-  Imports:
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: fb7637cfe8562095937f4d6cff420784
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: libnicm.sys
-  PDBPath: ''
-  Product: Novell XTier
-  ProductVersion: 3.1.11
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 3a47368eb1de45f496d5ab77e5376986
-    SHA1: 3cd4b05433eebaf9a0c2f069a84c0de1146ea0b1
-    SHA256: a506b807681ea2fea75bedde727894b9f5ae4eb3837fc1d0645823ae1a1b61dc
-  SHA1: 19bf65bdd9d77f54f1e8ccf189dc114e752344b0
-  SHA256: f27febff1be9e89e48a9128e2121c7754d15f8a5b2e88c50102cecee5fe60229
-  Sections:
-    .text:
-      Entropy: 6.390147577837227
-      Virtual Size: '0x2e22'
-    .rdata:
-      Entropy: 5.285134093762338
-      Virtual Size: '0x328'
-    .data:
-      Entropy: 2.732784594862837
-      Virtual Size: '0x574'
-    .edata:
-      Entropy: 4.748735236610426
-      Virtual Size: '0x18e'
-    INIT:
-      Entropy: 5.770541512844784
-      Virtual Size: '0x8c0'
-    .rsrc:
-      Entropy: 3.293202571077708
-      Virtual Size: '0x360'
-    .reloc:
-      Entropy: 5.775021540790981
-      Virtual Size: '0x3ce'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, OU=Novell Products Group, CN=Novell, Inc.
-      ValidFrom: '2010-04-03 00:00:00'
-      ValidTo: '2013-04-26 23:59:59'
-      Signature: 2d2eec4636a0c1f359ef30a107e6c2301ad12c09ab9fdac02211aaef81323d1daee3a14a150bf9f4c7d0d788d5f486ea75e40abeb502a2267171be53030fe7614af7a2015eabd4c26e887ec9220beb3666fc68158d2b8dd659e3fe55245821c10e37ddeebac63eb1848512c64a543a13ba6735b156c6dc13395890e8003e03e7c2613e2c1de1dfadfe072cd7655e3b4166fe973233b4f81ecf810541382d67c92f29d76e220543a7179b606011b932cee250f99f260b29e79236cec10b67e0e0e48cb74593a7ce2e3cfafb6c58ac7ae5c10a591037c380b5f7516cac8f4ec695b020ca2445cb9bf97eb56c09d4a62618871b482ef97c5894349e10f62e2ee68b
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 41ec87c0295f2c734169b8a23c66ac9a
-      Version: 3
-      TBS:
-        MD5: b1504f143b89a6080710bafcededb833
-        SHA1: 5c2696893ebba1e81d918a4fadda143c25c77286
-        SHA256: ae1dc09d08e93ace95fe203adfbfadcd4c029529d3f99ab381c368064b58d9a0
-        SHA384: 18c6db711578cfcd4bce87c63d053e242c7c196efc892c2d4a8733cb75bb7dc3cac3f702e0e1d4b7fa2c590acb53fdee
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 41ec87c0295f2c734169b8a23c66ac9a
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  Imphash: 28d780857f0f6616f938aca3a38b5072
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 93d6f10e70096a91206b6bca05e1f63a
-    SHA1: ced518548a4800f50ab31a24eda3475d46a5e0ac
-    SHA256: e0e65416f40cf3bea00d77515a7d8ab508d3aa2b7b622a8799a49635c4d5dbb5
-  Company: Novell, Inc.
-  Copyright: (C) Copyright 2000-2008, Novell, Inc. All Rights Reserved.
-  CreationTimestamp: '2009-09-08 13:35:51'
-  Date: ''
-  Description: Novell XTCOM Services Driver
-  ExportedFunctions:
-  - NicmCreateInstance
-  - NicmDeregisterClassFactory
-  - NicmGetVersion
-  - NicmRegisterClassFactory
-  - XTComCreateInstance
-  - XTComDeregisterClassFactory
-  - XTComFreeUnusedLibrariesEx
-  - XTComGetClassObject
-  - XTComGetVersion
-  - XTComInitialize
-  - XTComRegisterClassFactory
-  FileVersion: 3.1.6.0
-  Filename: ''
-  ImportedFunctions:
-  - ExFreePoolWithTag
-  - RtlInitAnsiString
-  - ExAcquireResourceSharedLite
-  - ExReleaseResourceLite
-  - RtlEqualString
-  - ExAcquireResourceExclusiveLite
-  - ExAllocatePoolWithTag
-  - strstr
-  - IoFreeMdl
-  - RtlCreateSecurityDescriptor
-  - KeEnterCriticalRegion
-  - KeReleaseMutex
-  - ZwCreateFile
-  - MmMapLockedPagesSpecifyCache
-  - IoUnregisterShutdownNotification
-  - ZwClose
-  - IofCompleteRequest
-  - IoSetTopLevelIrp
-  - MmUnmapLockedPages
-  - KeWaitForSingleObject
-  - ProbeForRead
-  - MmProbeAndLockPages
-  - IoDeleteSymbolicLink
-  - IoRegisterShutdownNotification
-  - MmUnlockPages
-  - KeInitializeMutex
-  - ExDeleteResourceLite
-  - KeLeaveCriticalRegion
-  - IoGetTopLevelIrp
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoCreateDevice
-  - ProbeForWrite
-  - ExInitializeResourceLite
-  - NtSetSecurityObject
-  - DbgPrintEx
-  - IoAllocateMdl
-  - IoGetCurrentProcess
-  - ZwLoadDriver
-  - ZwReadFile
-  - RtlInitUnicodeString
-  - ZwOpenKey
-  - RtlAppendUnicodeToString
-  - RtlUnicodeStringToAnsiString
-  - ZwSetValueKey
-  - ZwQuerySystemInformation
-  - RtlInitString
-  - KeDelayExecutionThread
-  - RtlFreeUnicodeString
-  - ZwWaitForSingleObject
-  - ZwQueryValueKey
-  - ZwQueryDirectoryFile
-  - RtlAppendUnicodeStringToString
-  - RtlCopyString
-  - MmIsAddressValid
-  - ZwCreateKey
-  - ZwOpenFile
-  - RtlAnsiStringToUnicodeString
-  - ZwQueryInformationFile
-  - KeBugCheckEx
-  - __C_specific_handler
-  Imports:
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: bafd6bad121e42f940a0b8abc587eadf
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: libnicm.sys
-  PDBPath: ''
-  Product: Novell XTier
-  ProductVersion: 3.1.6
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: c93ac24ebf03669439ddaedcdec40816
-    SHA1: 5fa20de9a3815959d4a524edfd3e84d75d9057a9
-    SHA256: 143c2b92a334ff7919b92c2360f8a38b2ba578796bef13a77df8bbc2cefeee47
-  SHA1: 3def50587309440e3b9e595bdbe4dde8d69a64e7
-  SHA256: dd2f1f7012fb1f4b2fb49be57af515cb462aa9c438e5756285d914d65da3745b
-  Sections:
-    .text:
-      Entropy: 6.3095364913748115
-      Virtual Size: '0x396c'
-    .rdata:
-      Entropy: 4.746906962556568
-      Virtual Size: '0x530'
-    .data:
-      Entropy: 2.7659755587497967
-      Virtual Size: '0x968'
-    .pdata:
-      Entropy: 4.108343771081182
-      Virtual Size: '0x1f8'
-    .edata:
-      Entropy: 4.831309163281578
-      Virtual Size: '0x18e'
-    INIT:
-      Entropy: 5.7600622039931295
-      Virtual Size: '0xb18'
-    .rsrc:
-      Entropy: 3.2975194770283838
-      Virtual Size: '0x358'
-    .reloc:
-      Entropy: 1.3741854163060885
-      Virtual Size: '0x18'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, OU=Novell Products Group, CN=Novell, Inc.
-      ValidFrom: '2007-04-04 00:00:00'
-      ValidTo: '2010-04-27 23:59:59'
-      Signature: 267f71f6ee43755fd6395f85c34bb15a72a6f2a959c2074627d294395fb1aaa4c7bbeff369d735628b233bde7e5c95a0f1837e5ad03704270834ce9c1b07649a256027930f44e064568666b06e7f9dc3cd299b38b0a6766301200ab58434a05a34a369ab99bbbf2aaa6b3603481e0393a80ea09e78a7cf55317a9590c49887f02e1fd948c3b1f6d203e91782ce423d0569f45e7f074205df5f92be6ccd9836641439af4390022242e0ca84aedb0d71c5a50f2dbd1ed30e5ac9c1bda67c694f94f2fe4aa83945ed32e426afe26f44dcb6dcc8186728f86f1a1bddc1ea7dd82b76578a42d1e63bf5f8f348fbcd509094858978e375d277394529df1dd5d78abab2
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 4808d93b14b8600dbfa18dab5d15310f
-      Version: 3
-      TBS:
-        MD5: adddb65a3a360b3c1a55cb33e426f32a
-        SHA1: 93d9b282265288a94ee4f1a01c5fb3a08badb7ac
-        SHA256: d98d63f26125a94eb767fdd2526f6c74bfb40cb4d117a1d87ca3ed0d99bd6f0b
-        SHA384: cf20d9d6343b52b05ebaeace8a75ad950089e2d55508571cf5b153583fdf2d7b11bc61b8f38bfa70f09b2e7ac63d9ef5
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 4808d93b14b8600dbfa18dab5d15310f
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  Imphash: 96f270be3f73ec3fc2f2237fe84efca0
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: f4c87edbb9a270058e01fdc58f29692a
-    SHA1: e82346880e59a3d7652896128eb91512f5ee3d53
-    SHA256: bd1d579a15ec3c1120cc6e0c8ff6b265623980de3570a5dd2f57d0c5981334d8
-  Company: Micro Focus
-  Copyright: (C) Copyright 2000-2017, Micro Focus. All Rights Reserved.
-  CreationTimestamp: '2022-03-03 03:49:58'
-  Date: ''
-  Description: XTier COM Services Driver
-  ExportedFunctions:
-  - NicmCreateInstance
-  - NicmDeregisterClassFactory
-  - NicmGetVersion
-  - NicmRegisterClassFactory
-  - XTComCreateInstance
-  - XTComDeregisterClassFactory
-  - XTComFreeUnusedLibrariesEx
-  - XTComGetClassObject
-  - XTComGetVersion
-  - XTComInitialize
-  - XTComRegisterClassFactory
-  FileVersion: 3.1.12.0
-  Filename: libnicm.sys
-  ImportedFunctions:
-  - ExAcquireResourceExclusiveLite
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - strstr
-  - RtlInitAnsiString
-  - ExAcquireResourceSharedLite
-  - ExReleaseResourceLite
-  - RtlEqualString
-  - MmUnmapLockedPages
-  - ProbeForRead
-  - IoDeleteSymbolicLink
-  - IoRegisterShutdownNotification
-  - KeInitializeMutex
-  - KeLeaveCriticalRegion
-  - IoDeleteDevice
-  - ProbeForWrite
-  - IoFreeMdl
-  - KeEnterCriticalRegion
-  - KeReleaseMutex
-  - ZwCreateFile
-  - MmMapLockedPagesSpecifyCache
-  - IoUnregisterShutdownNotification
-  - ZwClose
-  - IofCompleteRequest
-  - IoSetTopLevelIrp
-  - KeWaitForSingleObject
-  - MmProbeAndLockPages
-  - MmUnlockPages
-  - ExDeleteResourceLite
-  - IoGetTopLevelIrp
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - ExInitializeResourceLite
-  - NtSetSecurityObject
-  - DbgPrintEx
-  - DbgPrint
-  - IoAllocateMdl
-  - RtlCreateSecurityDescriptor
-  - IoGetCurrentProcess
-  - ZwCreateKey
-  - RtlAnsiStringToUnicodeString
-  - ZwReadFile
-  - RtlInitUnicodeString
-  - RtlAppendUnicodeToString
-  - RtlUnicodeStringToAnsiString
-  - ZwSetValueKey
-  - ZwQuerySystemInformation
-  - RtlInitString
-  - KeDelayExecutionThread
-  - RtlFreeUnicodeString
-  - ZwWaitForSingleObject
-  - ZwQueryValueKey
-  - ZwQueryDirectoryFile
-  - RtlAppendUnicodeStringToString
-  - RtlCopyString
-  - MmIsAddressValid
-  - ZwOpenFile
-  - ZwQueryInformationFile
-  - ZwLoadDriver
-  - ZwOpenKey
-  - KeBugCheckEx
-  - __C_specific_handler
-  Imports:
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: c1fce7aac4e9dd7a730997e2979fa1e2
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: libnicm.sys
-  Product: Micro Focus XTier
-  ProductVersion: 3.1.12
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 8850702894d4f93edec22b7062734311
-    SHA1: b03ec8e4976ac440ec91c83869fd957a840a115a
-    SHA256: 7a395513b36fa940ad02212cddc492f51aaf9ceb39f1dc1aa684da55e4fd3cfc
-  SHA1: 25d812a5ece19ea375178ef9d60415841087726e
-  SHA256: 95d50c69cdbf10c9c9d61e64fe864ac91e6f6caa637d128eb20e1d3510e776d3
-  Sections:
-    .text:
-      Entropy: 6.322257190894552
-      Virtual Size: '0x3b20'
-    .rdata:
-      Entropy: 4.729785285634881
-      Virtual Size: '0x584'
-    .data:
-      Entropy: 2.7659755587497967
-      Virtual Size: '0x968'
-    .pdata:
-      Entropy: 4.125409691380965
-      Virtual Size: '0x234'
-    .edata:
-      Entropy: 4.826534955920045
-      Virtual Size: '0x18e'
-    INIT:
-      Entropy: 5.789752688284005
-      Virtual Size: '0xb4c'
-    .rsrc:
-      Entropy: 3.313981481012639
-      Virtual Size: '0x358'
-    .reloc:
-      Entropy: 1.3741854163060885
-      Virtual Size: '0x18'
-  Signature:
-  - Microsoft Windows Hardware Compatibility Publisher
-  - Microsoft Windows Third Party Component CA 2014
-  - Microsoft Root Certificate Authority 2010
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Hardware Compatibility Publisher
-      ValidFrom: '2021-09-09 19:15:59'
-      ValidTo: '2022-09-01 19:15:59'
-      Signature: 1757782e797188079911866d54bd474a2432707984658c549a407e7fb4e5efa2ba72367a02b382d2116d4c4538836ddcd4616fcd231229df1ae5d0da6b3abe499ee5d8b47a7919940f6bbcbe2575018dca65eef4913e3d38410f2cd6cca3082d9ba2c061173cd828635665f76e8f0f685e03da24290b9d2cae7039da974de7b7e85798ba64cbe9ba34e0308c3bd6b4d68e9723fde74274fd3806fe799d04d6a3835f82d4fefc52088ccda4b4c817116f2f5a99445a3e952d78bc27753e65e97c6271c71ac7c9e3439b847e8984ab06a5904d150223f9ca92bbda86c02663c3f4964da5e106619b6eaff2768143cce9e5a8b0b2cba90e82cd87866d9fd6499c6cfbc96529a18b5653d12b54a6c928693a4e3d197ffbfcce7ed71a909b18d09b4345b24bc25eb8dfa1821a9cd0971ffc7d38a26580e2f118c4ac55bf926d0666b72ad7ba6ec20f0b54d694bc3b8a0dbddda27bd64194da085319841d1ebc9dc067ef72ea064a475bea865828b13077bc8e14e2f7544b90f0045f3cd84bcc0d5a80645a6fb65528e4f768ec775bdb0225399f3c81c0b667714676d0949f9ffaddc8549dc45e5ce4345c4ea7dc0aff4ac510f5527ad94a2181edc4b73bcfde813a83d81ca897854c98712346001a12e5d3bf9a45c807f9b3c7d3e0bb99c035ea54ee39e2c9af4147dbea7aabec85b47192b945e083ddf6061afb901e83b11135d24e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 330000004de597a775e3157f7b00000000004d
-      Version: 3
-      TBS:
-        MD5: 9f0782e89bd41cdd96ec55357457478a
-        SHA1: 35c2180572baad19019acca1334e6c653699c389
-        SHA256: 50814710213afec410f26e573d25267a2e21d3d15f158be8a43a666c9cc6fa08
-        SHA384: 8d48f066b0284071d64bbc556e018824a8388ccd142a56c7b7b04ef6d27cade07da57ac82d8067e18ad64d35af11e2a7
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2014
-      ValidFrom: '2014-10-15 20:31:27'
-      ValidTo: '2029-10-15 20:41:27'
-      Signature: 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 330000000d690d5d7893d076df00000000000d
-      Version: 3
-      TBS:
-        MD5: 83f69422963f11c3c340b81712eef319
-        SHA1: 0c5e5f24590b53bc291e28583acb78e5adc95601
-        SHA256: d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
-        SHA384: 260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63
-    Signer:
-    - SerialNumber: 330000004de597a775e3157f7b00000000004d
-      Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2014
-      Version: 1
-  Imphash: ad34ea17f90a34f6f84a399a96383ada
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create libnicm.sys binPath=C:\windows\temp\libnicm.sys type=kernel
+        && sc.exe start libnicm.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://github.com/elastic/protections-artifacts/search?q=VulnDriver
 - https://github.com/elastic/protections-artifacts/search?q=VulnDriver
-Tags:
-- libnicm.sys
-Verified: 'TRUE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/95d50c69cdbf10c9c9d61e64fe864ac91e6f6caa637d128eb20e1d3510e776d3.yara
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: b30004dbb5ad9b8320c964273875a103
+        SHA1: 7678c8c5a3153f4c06db097e1c3e1b2942149c7a
+        SHA256: b756d234559ee0ed93328bb598352ead2efb27eabaf1afac5fb3e2f43b9901f3
+    Company: Novell, Inc.
+    Copyright: (C) Copyright 2000-2014, Novell, Inc. All Rights Reserved.
+    CreationTimestamp: '2014-08-26 13:52:25'
+    Date: ''
+    Description: Novell XTCOM Services Driver
+    ExportedFunctions:
+    - NicmCreateInstance
+    - NicmDeregisterClassFactory
+    - NicmGetVersion
+    - NicmRegisterClassFactory
+    - XTComCreateInstance
+    - XTComDeregisterClassFactory
+    - XTComFreeUnusedLibrariesEx
+    - XTComGetClassObject
+    - XTComGetVersion
+    - XTComInitialize
+    - XTComRegisterClassFactory
+    FileVersion: 3.1.11.0
+    Filename: ''
+    ImportedFunctions:
+    - ExAcquireResourceExclusiveLite
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - strstr
+    - RtlInitAnsiString
+    - ExAcquireResourceSharedLite
+    - ExReleaseResourceLite
+    - RtlEqualString
+    - MmUnmapLockedPages
+    - ProbeForRead
+    - IoDeleteSymbolicLink
+    - IoRegisterShutdownNotification
+    - KeInitializeMutex
+    - KeLeaveCriticalRegion
+    - IoDeleteDevice
+    - ProbeForWrite
+    - IoFreeMdl
+    - KeEnterCriticalRegion
+    - KeReleaseMutex
+    - ZwCreateFile
+    - MmMapLockedPagesSpecifyCache
+    - IoUnregisterShutdownNotification
+    - ZwClose
+    - IofCompleteRequest
+    - IoSetTopLevelIrp
+    - KeWaitForSingleObject
+    - MmProbeAndLockPages
+    - MmUnlockPages
+    - ExDeleteResourceLite
+    - IoGetTopLevelIrp
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - ExInitializeResourceLite
+    - NtSetSecurityObject
+    - DbgPrintEx
+    - DbgPrint
+    - IoAllocateMdl
+    - RtlCreateSecurityDescriptor
+    - IoGetCurrentProcess
+    - ZwCreateKey
+    - RtlAnsiStringToUnicodeString
+    - ZwReadFile
+    - RtlInitUnicodeString
+    - RtlAppendUnicodeToString
+    - RtlUnicodeStringToAnsiString
+    - ZwSetValueKey
+    - ZwQuerySystemInformation
+    - RtlInitString
+    - KeDelayExecutionThread
+    - RtlFreeUnicodeString
+    - ZwWaitForSingleObject
+    - ZwQueryValueKey
+    - ZwQueryDirectoryFile
+    - RtlAppendUnicodeStringToString
+    - RtlCopyString
+    - MmIsAddressValid
+    - ZwOpenFile
+    - ZwQueryInformationFile
+    - ZwLoadDriver
+    - ZwOpenKey
+    - KeBugCheckEx
+    - __C_specific_handler
+    Imports:
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: f026460a7a720d0b8394f28a1f9203dc
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: libnicm.sys
+    PDBPath: ''
+    Product: Novell XTier
+    ProductVersion: 3.1.11
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 8850702894d4f93edec22b7062734311
+        SHA1: b03ec8e4976ac440ec91c83869fd957a840a115a
+        SHA256: 7a395513b36fa940ad02212cddc492f51aaf9ceb39f1dc1aa684da55e4fd3cfc
+    SHA1: 116679c4b2cca6ec69453309d9d85d3793cbe05f
+    SHA256: 00c02901472d74e8276743c847b8148be3799b0e3037c1dfdca21fa81ad4b922
+    Sections:
+        .text:
+            Entropy: 6.322257190894552
+            Virtual Size: '0x3b20'
+        .rdata:
+            Entropy: 4.752905558770538
+            Virtual Size: '0x584'
+        .data:
+            Entropy: 2.7659755587497967
+            Virtual Size: '0x968'
+        .pdata:
+            Entropy: 4.125409691380965
+            Virtual Size: '0x234'
+        .edata:
+            Entropy: 4.838481909443069
+            Virtual Size: '0x18e'
+        INIT:
+            Entropy: 5.789752688284005
+            Virtual Size: '0xb4c'
+        .rsrc:
+            Entropy: 3.295401800857674
+            Virtual Size: '0x360'
+        .reloc:
+            Entropy: 1.3741854163060885
+            Virtual Size: '0x18'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3
+                , Microsoft Software Validation v2, CN=Novell, Inc.
+            ValidFrom: '2013-03-05 00:00:00'
+            ValidTo: '2016-06-03 23:59:59'
+            Signature: dbb57cdba61b53b01c104cf3d4e6d31a0b127402fa3a5213dd686a48a858b7581868cb93fe789e249ef175deca865e2387ba579d8088691b5475c836d8c9fcafcca373a0d43c5a07029da9915827d5ca8fb80c0c676ce33f8f028e00d7a197b7ae7b0f726a1eed35d30591fffdbb14bd78c01c1d47cc18de85424fc81bbbbb1733498a35712ed119db159f3939fae462bcf5e2bde54b32c1cbe38a40f6389d5d849459a9401c4c0edeec46fe8dde11e184efb79298c1aa8f0a776e32be63d49b072d7f24c88eded44e6345e5df49a5592094278f8605402082896432b788f3bf1ea2e3912bc3c4bdaf6d609ee52d38fb25b9245441277b5ab7d70b0bda6fbfee
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 22184f284c89a9c053cd2b78b4189eea
+            Version: 3
+            TBS:
+                MD5: 5b1207ffffc0eff3784003d17b3e71a9
+                SHA1: 564b29bd3d1ae704393bf72a6e3e6931d3d4184d
+                SHA256: 2b9c106aae9a1675874a797c8571eb9fcec0a503ca4ddff69603321350fe3e68
+                SHA384: eac8e04313e7d424d650203026e3011abf7f02f40fecd7ab1a139aa229fabe40ac62b1f262780c4b27758214b08f7e87
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 22184f284c89a9c053cd2b78b4189eea
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: ad34ea17f90a34f6f84a399a96383ada
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: e6998e382a753d8ca44f7959e293f770
+        SHA1: ef4e66576fd736dc05419b33267eef99dd90e628
+        SHA256: ae85245fcb873d6fbf61f1923b8c10f0680abeaf2bf5527aef1c4a52aae321d0
+    Company: Novell, Inc.
+    Copyright: (C) Copyright 2000-2015, Novell, Inc. All Rights Reserved.
+    CreationTimestamp: '2015-12-22 01:29:03'
+    Date: ''
+    Description: Novell XTCOM Services Driver
+    ExportedFunctions:
+    - NicmCreateInstance
+    - NicmDeregisterClassFactory
+    - NicmGetVersion
+    - NicmRegisterClassFactory
+    - XTComCreateInstance
+    - XTComDeregisterClassFactory
+    - XTComFreeUnusedLibrariesEx
+    - XTComGetClassObject
+    - XTComGetVersion
+    - XTComInitialize
+    - XTComRegisterClassFactory
+    FileVersion: 3.1.12.0
+    Filename: ''
+    ImportedFunctions:
+    - ExAcquireResourceExclusiveLite
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - strstr
+    - RtlInitAnsiString
+    - ExAcquireResourceSharedLite
+    - ExReleaseResourceLite
+    - RtlEqualString
+    - MmUnmapLockedPages
+    - ProbeForRead
+    - IoDeleteSymbolicLink
+    - IoRegisterShutdownNotification
+    - KeInitializeMutex
+    - KeLeaveCriticalRegion
+    - IoDeleteDevice
+    - ProbeForWrite
+    - IoFreeMdl
+    - KeEnterCriticalRegion
+    - KeReleaseMutex
+    - ZwCreateFile
+    - MmMapLockedPagesSpecifyCache
+    - IoUnregisterShutdownNotification
+    - ZwClose
+    - IofCompleteRequest
+    - IoSetTopLevelIrp
+    - KeWaitForSingleObject
+    - MmProbeAndLockPages
+    - MmUnlockPages
+    - ExDeleteResourceLite
+    - IoGetTopLevelIrp
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - ExInitializeResourceLite
+    - NtSetSecurityObject
+    - DbgPrintEx
+    - DbgPrint
+    - IoAllocateMdl
+    - RtlCreateSecurityDescriptor
+    - IoGetCurrentProcess
+    - ZwCreateKey
+    - RtlAnsiStringToUnicodeString
+    - ZwReadFile
+    - RtlInitUnicodeString
+    - RtlAppendUnicodeToString
+    - RtlUnicodeStringToAnsiString
+    - ZwSetValueKey
+    - ZwQuerySystemInformation
+    - RtlInitString
+    - KeDelayExecutionThread
+    - RtlFreeUnicodeString
+    - ZwWaitForSingleObject
+    - ZwQueryValueKey
+    - ZwQueryDirectoryFile
+    - RtlAppendUnicodeStringToString
+    - RtlCopyString
+    - MmIsAddressValid
+    - ZwOpenFile
+    - ZwQueryInformationFile
+    - ZwLoadDriver
+    - ZwOpenKey
+    - KeBugCheckEx
+    - __C_specific_handler
+    Imports:
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: 21e72a43aedefcd70ca8999cc353b51b
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: libnicm.sys
+    PDBPath: ''
+    Product: Novell XTier
+    ProductVersion: 3.1.12
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 8850702894d4f93edec22b7062734311
+        SHA1: b03ec8e4976ac440ec91c83869fd957a840a115a
+        SHA256: 7a395513b36fa940ad02212cddc492f51aaf9ceb39f1dc1aa684da55e4fd3cfc
+    SHA1: 63f9ee1e7aefd961cf36eeffd455977f1b940f6c
+    SHA256: 72b67b6b38f5e5447880447a55fead7f1de51ca37ae4a0c2b2f23a4cb7455f35
+    Sections:
+        .text:
+            Entropy: 6.322257190894552
+            Virtual Size: '0x3b20'
+        .rdata:
+            Entropy: 4.754876708092806
+            Virtual Size: '0x58c'
+        .data:
+            Entropy: 2.7659755587497967
+            Virtual Size: '0x968'
+        .pdata:
+            Entropy: 4.172123664005516
+            Virtual Size: '0x234'
+        .edata:
+            Entropy: 4.8198640462917695
+            Virtual Size: '0x18e'
+        INIT:
+            Entropy: 5.789752688284005
+            Virtual Size: '0xb4c'
+        .rsrc:
+            Entropy: 3.297006918852943
+            Virtual Size: '0x360'
+        .reloc:
+            Entropy: 1.3741854163060885
+            Virtual Size: '0x18'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3
+                , Microsoft Software Validation v2, CN=Novell, Inc.
+            ValidFrom: '2013-03-05 00:00:00'
+            ValidTo: '2016-06-03 23:59:59'
+            Signature: dbb57cdba61b53b01c104cf3d4e6d31a0b127402fa3a5213dd686a48a858b7581868cb93fe789e249ef175deca865e2387ba579d8088691b5475c836d8c9fcafcca373a0d43c5a07029da9915827d5ca8fb80c0c676ce33f8f028e00d7a197b7ae7b0f726a1eed35d30591fffdbb14bd78c01c1d47cc18de85424fc81bbbbb1733498a35712ed119db159f3939fae462bcf5e2bde54b32c1cbe38a40f6389d5d849459a9401c4c0edeec46fe8dde11e184efb79298c1aa8f0a776e32be63d49b072d7f24c88eded44e6345e5df49a5592094278f8605402082896432b788f3bf1ea2e3912bc3c4bdaf6d609ee52d38fb25b9245441277b5ab7d70b0bda6fbfee
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 22184f284c89a9c053cd2b78b4189eea
+            Version: 3
+            TBS:
+                MD5: 5b1207ffffc0eff3784003d17b3e71a9
+                SHA1: 564b29bd3d1ae704393bf72a6e3e6931d3d4184d
+                SHA256: 2b9c106aae9a1675874a797c8571eb9fcec0a503ca4ddff69603321350fe3e68
+                SHA384: eac8e04313e7d424d650203026e3011abf7f02f40fecd7ab1a139aa229fabe40ac62b1f262780c4b27758214b08f7e87
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 22184f284c89a9c053cd2b78b4189eea
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: ad34ea17f90a34f6f84a399a96383ada
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: cc4471fe044c4ef3e14b12bc1a406d37
+        SHA1: 364af2f39c71999cf403d29b8dab412862f1994d
+        SHA256: 83e993691aa4f5f599dddd1fab2bc3e0791587c9e93eeb9e405c130922096343
+    Company: Novell, Inc.
+    Copyright: "Copyright \xA9 1997-2007 Novell, Inc."
+    CreationTimestamp: '2007-08-09 13:32:46'
+    Date: ''
+    Description: Novell XTCOM Services Driver
+    ExportedFunctions:
+    - NicmCreateInstance
+    - NicmDeregisterClassFactory
+    - NicmGetVersion
+    - NicmRegisterClassFactory
+    - XTComCreateInstance
+    - XTComDeregisterClassFactory
+    - XTComFreeUnusedLibrariesEx
+    - XTComGetClassObject
+    - XTComGetVersion
+    - XTComInitialize
+    - XTComRegisterClassFactory
+    FileVersion: 3.1.5.0
+    Filename: ''
+    ImportedFunctions:
+    - ExFreePoolWithTag
+    - RtlInitAnsiString
+    - ExAcquireResourceSharedLite
+    - ExReleaseResourceLite
+    - RtlEqualString
+    - ExAcquireResourceExclusiveLite
+    - ExAllocatePoolWithTag
+    - strstr
+    - IoFreeMdl
+    - RtlCreateSecurityDescriptor
+    - KeEnterCriticalRegion
+    - KeReleaseMutex
+    - ZwCreateFile
+    - MmMapLockedPagesSpecifyCache
+    - IoUnregisterShutdownNotification
+    - ZwClose
+    - IofCompleteRequest
+    - IoSetTopLevelIrp
+    - KeWaitForSingleObject
+    - MmUnmapLockedPages
+    - MmProbeAndLockPages
+    - IoDeleteSymbolicLink
+    - MmUnlockPages
+    - IoRegisterShutdownNotification
+    - ExDeleteResourceLite
+    - KeInitializeMutex
+    - IoGetTopLevelIrp
+    - KeLeaveCriticalRegion
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - IoDeleteDevice
+    - ExInitializeResourceLite
+    - NtSetSecurityObject
+    - DbgPrintEx
+    - IoAllocateMdl
+    - IoGetCurrentProcess
+    - RtlAnsiStringToUnicodeString
+    - ZwQueryInformationFile
+    - ZwLoadDriver
+    - ZwReadFile
+    - RtlInitUnicodeString
+    - ZwOpenKey
+    - RtlAppendUnicodeToString
+    - RtlUnicodeStringToAnsiString
+    - ZwSetValueKey
+    - ZwQuerySystemInformation
+    - RtlInitString
+    - KeDelayExecutionThread
+    - RtlFreeUnicodeString
+    - ZwWaitForSingleObject
+    - ZwQueryValueKey
+    - ZwQueryDirectoryFile
+    - RtlAppendUnicodeStringToString
+    - RtlCopyString
+    - MmIsAddressValid
+    - ZwCreateKey
+    - ZwOpenFile
+    - KeBugCheckEx
+    - __C_specific_handler
+    Imports:
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: 1bd38ac06ef8709ad23af666622609c9
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: libnicm.sys
+    PDBPath: ''
+    Product: Novell XTier for Windows
+    ProductVersion: v3.1.5 (20060828)
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: c494b59abc401ff89dd4da62031a1572
+        SHA1: 9d5d9d78b6080f55536298f02f085c5459c6467f
+        SHA256: cb60296eed243028928d2d554b7cd806a4b97a088e5b8cec2192c8176a209bda
+    SHA1: c3a893680cd33706546a7a3e8fbcc4bd063ce07e
+    SHA256: c190e4a7f1781ec9fa8c17506b4745a1369dcdf174ce07f85de1a66cf4b5ed8a
+    Sections:
+        .text:
+            Entropy: 6.311381336140919
+            Virtual Size: '0x37cc'
+        .rdata:
+            Entropy: 4.809589665432749
+            Virtual Size: '0x4fc'
+        .data:
+            Entropy: 2.7659755587497967
+            Virtual Size: '0x968'
+        .pdata:
+            Entropy: 4.106741915733068
+            Virtual Size: '0x1d4'
+        .edata:
+            Entropy: 4.821509830291904
+            Virtual Size: '0x18e'
+        INIT:
+            Entropy: 5.762675988472001
+            Virtual Size: '0xae8'
+        .rsrc:
+            Entropy: 3.3379941558325337
+            Virtual Size: '0x358'
+        .reloc:
+            Entropy: 1.3741854163060885
+            Virtual Size: '0x18'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3
+                , Microsoft Software Validation v2, OU=Novell Products Group, CN=Novell,
+                Inc.
+            ValidFrom: '2007-04-04 00:00:00'
+            ValidTo: '2010-04-27 23:59:59'
+            Signature: 267f71f6ee43755fd6395f85c34bb15a72a6f2a959c2074627d294395fb1aaa4c7bbeff369d735628b233bde7e5c95a0f1837e5ad03704270834ce9c1b07649a256027930f44e064568666b06e7f9dc3cd299b38b0a6766301200ab58434a05a34a369ab99bbbf2aaa6b3603481e0393a80ea09e78a7cf55317a9590c49887f02e1fd948c3b1f6d203e91782ce423d0569f45e7f074205df5f92be6ccd9836641439af4390022242e0ca84aedb0d71c5a50f2dbd1ed30e5ac9c1bda67c694f94f2fe4aa83945ed32e426afe26f44dcb6dcc8186728f86f1a1bddc1ea7dd82b76578a42d1e63bf5f8f348fbcd509094858978e375d277394529df1dd5d78abab2
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 4808d93b14b8600dbfa18dab5d15310f
+            Version: 3
+            TBS:
+                MD5: adddb65a3a360b3c1a55cb33e426f32a
+                SHA1: 93d9b282265288a94ee4f1a01c5fb3a08badb7ac
+                SHA256: d98d63f26125a94eb767fdd2526f6c74bfb40cb4d117a1d87ca3ed0d99bd6f0b
+                SHA384: cf20d9d6343b52b05ebaeace8a75ad950089e2d55508571cf5b153583fdf2d7b11bc61b8f38bfa70f09b2e7ac63d9ef5
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 4808d93b14b8600dbfa18dab5d15310f
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    Imphash: 3f4a90b2976641ad2c0164792b24d322
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 1bc4bf123f43b3ce055593d1b830b48f
+        SHA1: 10054d42b03ef3bc3800524673e2ce6b9cf05a63
+        SHA256: 6d4cb02a826973521678309a0076b2fd50894c09dda87ca86089e815f4bc9bce
+    Company: Novell, Inc.
+    Copyright: (C) Copyright 2000-2012, Novell, Inc. All Rights Reserved.
+    CreationTimestamp: '2012-03-18 19:30:06'
+    Date: ''
+    Description: Novell XTCOM Services Driver
+    ExportedFunctions:
+    - NicmCreateInstance
+    - NicmDeregisterClassFactory
+    - NicmGetVersion
+    - NicmRegisterClassFactory
+    - XTComCreateInstance
+    - XTComDeregisterClassFactory
+    - XTComFreeUnusedLibrariesEx
+    - XTComGetClassObject
+    - XTComGetVersion
+    - XTComInitialize
+    - XTComRegisterClassFactory
+    FileVersion: 3.1.10.0
+    Filename: ''
+    ImportedFunctions:
+    - ExAcquireResourceExclusiveLite
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - strstr
+    - RtlInitAnsiString
+    - ExAcquireResourceSharedLite
+    - ExReleaseResourceLite
+    - RtlEqualString
+    - MmUnmapLockedPages
+    - ProbeForRead
+    - IoDeleteSymbolicLink
+    - IoRegisterShutdownNotification
+    - KeInitializeMutex
+    - KeLeaveCriticalRegion
+    - IoDeleteDevice
+    - ProbeForWrite
+    - IoFreeMdl
+    - KeEnterCriticalRegion
+    - KeReleaseMutex
+    - ZwCreateFile
+    - MmMapLockedPagesSpecifyCache
+    - IoUnregisterShutdownNotification
+    - ZwClose
+    - IofCompleteRequest
+    - IoSetTopLevelIrp
+    - KeWaitForSingleObject
+    - MmProbeAndLockPages
+    - MmUnlockPages
+    - ExDeleteResourceLite
+    - IoGetTopLevelIrp
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - ExInitializeResourceLite
+    - NtSetSecurityObject
+    - DbgPrintEx
+    - IoAllocateMdl
+    - RtlCreateSecurityDescriptor
+    - IoGetCurrentProcess
+    - ZwCreateKey
+    - RtlAnsiStringToUnicodeString
+    - ZwReadFile
+    - RtlInitUnicodeString
+    - RtlAppendUnicodeToString
+    - RtlUnicodeStringToAnsiString
+    - ZwSetValueKey
+    - ZwQuerySystemInformation
+    - RtlInitString
+    - KeDelayExecutionThread
+    - RtlFreeUnicodeString
+    - ZwWaitForSingleObject
+    - ZwQueryValueKey
+    - ZwQueryDirectoryFile
+    - RtlAppendUnicodeStringToString
+    - RtlCopyString
+    - MmIsAddressValid
+    - ZwOpenFile
+    - ZwQueryInformationFile
+    - ZwLoadDriver
+    - ZwOpenKey
+    - KeBugCheckEx
+    - __C_specific_handler
+    Imports:
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: 55c36d43dd930069148008902f431ea5
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: libnicm.sys
+    PDBPath: ''
+    Product: Novell XTier
+    ProductVersion: 3.1.10
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 4a53ed67faf49ecb288c974cd66ea496
+        SHA1: f83f49f155f801d8ce781070309c4ce878f8f87f
+        SHA256: 93963bed2c58da923a8df184e6443740eba6ecb6949996b6568f42fe525bf906
+    SHA1: a4ae87b7802c82dfb6a4d26ab52788410af98532
+    SHA256: e89cb7217ec1568b43ad9ca35bf059b17c3e26f093e373ab6ebdeee24272db21
+    Sections:
+        .text:
+            Entropy: 6.307312732264105
+            Virtual Size: '0x3980'
+        .rdata:
+            Entropy: 4.750103343591694
+            Virtual Size: '0x564'
+        .data:
+            Entropy: 2.7659755587497967
+            Virtual Size: '0x968'
+        .pdata:
+            Entropy: 4.13602197611248
+            Virtual Size: '0x228'
+        .edata:
+            Entropy: 4.838481909443069
+            Virtual Size: '0x18e'
+        INIT:
+            Entropy: 5.7784312613823845
+            Virtual Size: '0xb38'
+        .rsrc:
+            Entropy: 3.2936858531585265
+            Virtual Size: '0x360'
+        .reloc:
+            Entropy: 1.3741854163060885
+            Virtual Size: '0x18'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        -   Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3
+                , Microsoft Software Validation v2, OU=Novell Products Group, CN=Novell,
+                Inc.
+            ValidFrom: '2010-04-03 00:00:00'
+            ValidTo: '2013-04-26 23:59:59'
+            Signature: 2d2eec4636a0c1f359ef30a107e6c2301ad12c09ab9fdac02211aaef81323d1daee3a14a150bf9f4c7d0d788d5f486ea75e40abeb502a2267171be53030fe7614af7a2015eabd4c26e887ec9220beb3666fc68158d2b8dd659e3fe55245821c10e37ddeebac63eb1848512c64a543a13ba6735b156c6dc13395890e8003e03e7c2613e2c1de1dfadfe072cd7655e3b4166fe973233b4f81ecf810541382d67c92f29d76e220543a7179b606011b932cee250f99f260b29e79236cec10b67e0e0e48cb74593a7ce2e3cfafb6c58ac7ae5c10a591037c380b5f7516cac8f4ec695b020ca2445cb9bf97eb56c09d4a62618871b482ef97c5894349e10f62e2ee68b
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 41ec87c0295f2c734169b8a23c66ac9a
+            Version: 3
+            TBS:
+                MD5: b1504f143b89a6080710bafcededb833
+                SHA1: 5c2696893ebba1e81d918a4fadda143c25c77286
+                SHA256: ae1dc09d08e93ace95fe203adfbfadcd4c029529d3f99ab381c368064b58d9a0
+                SHA384: 18c6db711578cfcd4bce87c63d053e242c7c196efc892c2d4a8733cb75bb7dc3cac3f702e0e1d4b7fa2c590acb53fdee
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 41ec87c0295f2c734169b8a23c66ac9a
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    Imphash: 262d8fbbf1f514399bb3f230cddc12af
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 73c68c141f839f59d677542d06dbfdfc
+        SHA1: 51bd5e3567352d021979026eb2b7c3bd1cf2ac1c
+        SHA256: 3ad340c8a4a6e071e15095fd286b600847cd600b7312bd573802f26a73600da7
+    Company: Novell, Inc.
+    Copyright: (C) Copyright 2000-2011, Novell, Inc. All Rights Reserved.
+    CreationTimestamp: '2011-04-01 19:14:26'
+    Date: ''
+    Description: Novell XTCOM Services Driver
+    ExportedFunctions:
+    - NicmCreateInstance
+    - NicmDeregisterClassFactory
+    - NicmGetVersion
+    - NicmRegisterClassFactory
+    - XTComCreateInstance
+    - XTComDeregisterClassFactory
+    - XTComFreeUnusedLibrariesEx
+    - XTComGetClassObject
+    - XTComGetVersion
+    - XTComInitialize
+    - XTComRegisterClassFactory
+    FileVersion: 3.1.6.0
+    Filename: ''
+    ImportedFunctions:
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - RtlEqualString
+    - RtlInitAnsiString
+    - strstr
+    - ExReleaseResourceLite
+    - ExAcquireResourceExclusiveLite
+    - ExAcquireResourceSharedLite
+    - ExInitializeResourceLite
+    - ExDeleteResourceLite
+    - ZwClose
+    - NtSetSecurityObject
+    - ZwCreateFile
+    - RtlCreateSecurityDescriptor
+    - IoSetTopLevelIrp
+    - IoGetTopLevelIrp
+    - IofCompleteRequest
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - KeReleaseMutex
+    - KeWaitForSingleObject
+    - KeLeaveCriticalRegion
+    - IoFreeMdl
+    - MmUnlockPages
+    - MmUnmapLockedPages
+    - MmMapLockedPagesSpecifyCache
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - ProbeForWrite
+    - ProbeForRead
+    - KeEnterCriticalRegion
+    - IoUnregisterShutdownNotification
+    - IoCreateSymbolicLink
+    - IoRegisterShutdownNotification
+    - IoCreateDevice
+    - KeInitializeMutex
+    - DbgPrintEx
+    - IoGetCurrentProcess
+    - KeDelayExecutionThread
+    - RtlAnsiStringToUnicodeString
+    - RtlFreeUnicodeString
+    - ZwSetValueKey
+    - RtlInitUnicodeString
+    - ZwCreateKey
+    - RtlAppendUnicodeStringToString
+    - memset
+    - ZwQuerySystemInformation
+    - RtlUnicodeStringToAnsiString
+    - ZwQueryValueKey
+    - ZwOpenKey
+    - ZwOpenFile
+    - RtlCopyString
+    - MmIsAddressValid
+    - ZwWaitForSingleObject
+    - ZwReadFile
+    - ZwQueryInformationFile
+    - RtlInitString
+    - ZwQueryDirectoryFile
+    - ZwLoadDriver
+    - RtlAppendUnicodeToString
+    - KeTickCount
+    - KeBugCheckEx
+    - RtlUnwind
+    Imports:
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: 6822566b28be75b2a76446a57064369f
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: libnicm.sys
+    PDBPath: ''
+    Product: Novell XTier
+    ProductVersion: 3.1.6
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 1057b10c078b885e3f08290c07a28c50
+        SHA1: 0ffa7dfa0ba19fb7b801bc37ee18c31964d8f68c
+        SHA256: 159cb8b8bd40916edc60562397b13c91c0f1dadc1c5d63eebadbe165c0cc327b
+    SHA1: 34ec04159d2c653a583a73285e6e2ac3c7b416dd
+    SHA256: 66f8bd2b29763acfbb7423f4c3c9c3af9f3ca4113bd580ab32f6e3ee4a4fc64e
+    Sections:
+        .text:
+            Entropy: 6.395790606354113
+            Virtual Size: '0x2e12'
+        .rdata:
+            Entropy: 5.325268122544918
+            Virtual Size: '0x328'
+        .data:
+            Entropy: 2.732784594862837
+            Virtual Size: '0x574'
+        .edata:
+            Entropy: 4.767295545231396
+            Virtual Size: '0x18e'
+        INIT:
+            Entropy: 5.762298150076783
+            Virtual Size: '0x8b8'
+        .rsrc:
+            Entropy: 3.2932335878052723
+            Virtual Size: '0x358'
+        .reloc:
+            Entropy: 5.7733896730533685
+            Virtual Size: '0x3d0'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        -   Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3
+                , Microsoft Software Validation v2, OU=Novell Products Group, CN=Novell,
+                Inc.
+            ValidFrom: '2010-04-03 00:00:00'
+            ValidTo: '2013-04-26 23:59:59'
+            Signature: 2d2eec4636a0c1f359ef30a107e6c2301ad12c09ab9fdac02211aaef81323d1daee3a14a150bf9f4c7d0d788d5f486ea75e40abeb502a2267171be53030fe7614af7a2015eabd4c26e887ec9220beb3666fc68158d2b8dd659e3fe55245821c10e37ddeebac63eb1848512c64a543a13ba6735b156c6dc13395890e8003e03e7c2613e2c1de1dfadfe072cd7655e3b4166fe973233b4f81ecf810541382d67c92f29d76e220543a7179b606011b932cee250f99f260b29e79236cec10b67e0e0e48cb74593a7ce2e3cfafb6c58ac7ae5c10a591037c380b5f7516cac8f4ec695b020ca2445cb9bf97eb56c09d4a62618871b482ef97c5894349e10f62e2ee68b
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 41ec87c0295f2c734169b8a23c66ac9a
+            Version: 3
+            TBS:
+                MD5: b1504f143b89a6080710bafcededb833
+                SHA1: 5c2696893ebba1e81d918a4fadda143c25c77286
+                SHA256: ae1dc09d08e93ace95fe203adfbfadcd4c029529d3f99ab381c368064b58d9a0
+                SHA384: 18c6db711578cfcd4bce87c63d053e242c7c196efc892c2d4a8733cb75bb7dc3cac3f702e0e1d4b7fa2c590acb53fdee
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 41ec87c0295f2c734169b8a23c66ac9a
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    Imphash: 28d780857f0f6616f938aca3a38b5072
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: f386df5a06d6c8e4cc55a328c706f9a5
+        SHA1: d2aba6c93eec7bfed77d10e9f01671d9a07ab0ae
+        SHA256: 1aee4d8a00f126582c4488025c7451fdbb9d0becbbfd58a396a2ac52011fac14
+    Company: Novell, Inc.
+    Copyright: (C) Copyright 2000-2010, Novell, Inc. All Rights Reserved.
+    CreationTimestamp: '2010-03-10 13:42:24'
+    Date: ''
+    Description: Novell XTCOM Services Driver
+    ExportedFunctions:
+    - NicmCreateInstance
+    - NicmDeregisterClassFactory
+    - NicmGetVersion
+    - NicmRegisterClassFactory
+    - XTComCreateInstance
+    - XTComDeregisterClassFactory
+    - XTComFreeUnusedLibrariesEx
+    - XTComGetClassObject
+    - XTComGetVersion
+    - XTComInitialize
+    - XTComRegisterClassFactory
+    FileVersion: 3.1.6.0
+    Filename: ''
+    ImportedFunctions:
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - RtlEqualString
+    - RtlInitAnsiString
+    - strstr
+    - ExReleaseResourceLite
+    - ExAcquireResourceExclusiveLite
+    - ExAcquireResourceSharedLite
+    - ExInitializeResourceLite
+    - ExDeleteResourceLite
+    - ZwClose
+    - NtSetSecurityObject
+    - ZwCreateFile
+    - RtlCreateSecurityDescriptor
+    - IoSetTopLevelIrp
+    - IoGetTopLevelIrp
+    - IofCompleteRequest
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - KeReleaseMutex
+    - KeWaitForSingleObject
+    - KeLeaveCriticalRegion
+    - IoFreeMdl
+    - MmUnlockPages
+    - MmUnmapLockedPages
+    - MmMapLockedPagesSpecifyCache
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - ProbeForWrite
+    - ProbeForRead
+    - KeEnterCriticalRegion
+    - IoUnregisterShutdownNotification
+    - IoCreateSymbolicLink
+    - IoRegisterShutdownNotification
+    - IoCreateDevice
+    - KeInitializeMutex
+    - DbgPrintEx
+    - IoGetCurrentProcess
+    - KeDelayExecutionThread
+    - RtlAnsiStringToUnicodeString
+    - RtlFreeUnicodeString
+    - ZwSetValueKey
+    - RtlInitUnicodeString
+    - ZwCreateKey
+    - RtlAppendUnicodeStringToString
+    - memset
+    - ZwQuerySystemInformation
+    - RtlUnicodeStringToAnsiString
+    - ZwQueryValueKey
+    - ZwOpenKey
+    - ZwOpenFile
+    - RtlCopyString
+    - MmIsAddressValid
+    - ZwWaitForSingleObject
+    - ZwReadFile
+    - ZwQueryInformationFile
+    - RtlInitString
+    - ZwQueryDirectoryFile
+    - ZwLoadDriver
+    - RtlAppendUnicodeToString
+    - KeTickCount
+    - KeBugCheckEx
+    - RtlUnwind
+    Imports:
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: 46cae59443ae41f4dbb42e050a9b501a
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: libnicm.sys
+    PDBPath: ''
+    Product: Novell XTier
+    ProductVersion: 3.1.6
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 1057b10c078b885e3f08290c07a28c50
+        SHA1: 0ffa7dfa0ba19fb7b801bc37ee18c31964d8f68c
+        SHA256: 159cb8b8bd40916edc60562397b13c91c0f1dadc1c5d63eebadbe165c0cc327b
+    SHA1: b671677079bf7c660579bee08b8875a48ff61896
+    SHA256: 6cf1cac0e97d30bb445b710fd8513879678a8b07be95d309cbf29e9b328ff259
+    Sections:
+        .text:
+            Entropy: 6.395790606354113
+            Virtual Size: '0x2e12'
+        .rdata:
+            Entropy: 5.32052936150663
+            Virtual Size: '0x328'
+        .data:
+            Entropy: 2.732784594862837
+            Virtual Size: '0x574'
+        .edata:
+            Entropy: 4.7723206708595365
+            Virtual Size: '0x18e'
+        INIT:
+            Entropy: 5.762298150076783
+            Virtual Size: '0x8b8'
+        .rsrc:
+            Entropy: 3.2910828239859455
+            Virtual Size: '0x358'
+        .reloc:
+            Entropy: 5.7733896730533685
+            Virtual Size: '0x3d0'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3
+                , Microsoft Software Validation v2, OU=Novell Products Group, CN=Novell,
+                Inc.
+            ValidFrom: '2007-04-04 00:00:00'
+            ValidTo: '2010-04-27 23:59:59'
+            Signature: 267f71f6ee43755fd6395f85c34bb15a72a6f2a959c2074627d294395fb1aaa4c7bbeff369d735628b233bde7e5c95a0f1837e5ad03704270834ce9c1b07649a256027930f44e064568666b06e7f9dc3cd299b38b0a6766301200ab58434a05a34a369ab99bbbf2aaa6b3603481e0393a80ea09e78a7cf55317a9590c49887f02e1fd948c3b1f6d203e91782ce423d0569f45e7f074205df5f92be6ccd9836641439af4390022242e0ca84aedb0d71c5a50f2dbd1ed30e5ac9c1bda67c694f94f2fe4aa83945ed32e426afe26f44dcb6dcc8186728f86f1a1bddc1ea7dd82b76578a42d1e63bf5f8f348fbcd509094858978e375d277394529df1dd5d78abab2
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 4808d93b14b8600dbfa18dab5d15310f
+            Version: 3
+            TBS:
+                MD5: adddb65a3a360b3c1a55cb33e426f32a
+                SHA1: 93d9b282265288a94ee4f1a01c5fb3a08badb7ac
+                SHA256: d98d63f26125a94eb767fdd2526f6c74bfb40cb4d117a1d87ca3ed0d99bd6f0b
+                SHA384: cf20d9d6343b52b05ebaeace8a75ad950089e2d55508571cf5b153583fdf2d7b11bc61b8f38bfa70f09b2e7ac63d9ef5
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 4808d93b14b8600dbfa18dab5d15310f
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    Imphash: 28d780857f0f6616f938aca3a38b5072
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 04fd9292c73e5cc527eae867e930dfbb
+        SHA1: 04fa843bbb3e54e9a3566e769d476034fbaab240
+        SHA256: 9ce5188745ffcb5dc8304dac97cd037360600d8eb4739cfdbfb06bcd0efd72e4
+    Company: Novell, Inc.
+    Copyright: (C) Copyright 2000-2014, Novell, Inc. All Rights Reserved.
+    CreationTimestamp: '2014-11-18 01:05:43'
+    Date: ''
+    Description: Novell XTCOM Services Driver
+    ExportedFunctions:
+    - NicmCreateInstance
+    - NicmDeregisterClassFactory
+    - NicmGetVersion
+    - NicmRegisterClassFactory
+    - XTComCreateInstance
+    - XTComDeregisterClassFactory
+    - XTComFreeUnusedLibrariesEx
+    - XTComGetClassObject
+    - XTComGetVersion
+    - XTComInitialize
+    - XTComRegisterClassFactory
+    FileVersion: 3.1.11.0
+    Filename: ''
+    ImportedFunctions:
+    - ExAcquireResourceExclusiveLite
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - strstr
+    - RtlInitAnsiString
+    - ExAcquireResourceSharedLite
+    - ExReleaseResourceLite
+    - RtlEqualString
+    - MmUnmapLockedPages
+    - ProbeForRead
+    - IoDeleteSymbolicLink
+    - IoRegisterShutdownNotification
+    - KeInitializeMutex
+    - KeLeaveCriticalRegion
+    - IoDeleteDevice
+    - ProbeForWrite
+    - IoFreeMdl
+    - KeEnterCriticalRegion
+    - KeReleaseMutex
+    - ZwCreateFile
+    - MmMapLockedPagesSpecifyCache
+    - IoUnregisterShutdownNotification
+    - ZwClose
+    - IofCompleteRequest
+    - IoSetTopLevelIrp
+    - KeWaitForSingleObject
+    - MmProbeAndLockPages
+    - MmUnlockPages
+    - ExDeleteResourceLite
+    - IoGetTopLevelIrp
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - ExInitializeResourceLite
+    - NtSetSecurityObject
+    - DbgPrintEx
+    - DbgPrint
+    - IoAllocateMdl
+    - RtlCreateSecurityDescriptor
+    - IoGetCurrentProcess
+    - ZwCreateKey
+    - RtlAnsiStringToUnicodeString
+    - ZwReadFile
+    - RtlInitUnicodeString
+    - RtlAppendUnicodeToString
+    - RtlUnicodeStringToAnsiString
+    - ZwSetValueKey
+    - ZwQuerySystemInformation
+    - RtlInitString
+    - KeDelayExecutionThread
+    - RtlFreeUnicodeString
+    - ZwWaitForSingleObject
+    - ZwQueryValueKey
+    - ZwQueryDirectoryFile
+    - RtlAppendUnicodeStringToString
+    - RtlCopyString
+    - MmIsAddressValid
+    - ZwOpenFile
+    - ZwQueryInformationFile
+    - ZwLoadDriver
+    - ZwOpenKey
+    - KeBugCheckEx
+    - __C_specific_handler
+    Imports:
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: 5dd25029499cd5656927e9c559955b07
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: libnicm.sys
+    PDBPath: ''
+    Product: Novell XTier
+    ProductVersion: 3.1.11
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 8850702894d4f93edec22b7062734311
+        SHA1: b03ec8e4976ac440ec91c83869fd957a840a115a
+        SHA256: 7a395513b36fa940ad02212cddc492f51aaf9ceb39f1dc1aa684da55e4fd3cfc
+    SHA1: f52c2d897fa00910d5566503dd5a297970f13dc6
+    SHA256: 4cd80f4e33b713570f6a16b9f77679efa45a466737e41db45b41924e7d7caef4
+    Sections:
+        .text:
+            Entropy: 6.322257190894552
+            Virtual Size: '0x3b20'
+        .rdata:
+            Entropy: 4.764863704194836
+            Virtual Size: '0x58c'
+        .data:
+            Entropy: 2.7659755587497967
+            Virtual Size: '0x968'
+        .pdata:
+            Entropy: 4.172123664005516
+            Virtual Size: '0x234'
+        .edata:
+            Entropy: 4.826698100558916
+            Virtual Size: '0x18e'
+        INIT:
+            Entropy: 5.789752688284005
+            Virtual Size: '0xb4c'
+        .rsrc:
+            Entropy: 3.295401800857674
+            Virtual Size: '0x360'
+        .reloc:
+            Entropy: 1.3741854163060885
+            Virtual Size: '0x18'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3
+                , Microsoft Software Validation v2, CN=Novell, Inc.
+            ValidFrom: '2013-03-05 00:00:00'
+            ValidTo: '2016-06-03 23:59:59'
+            Signature: dbb57cdba61b53b01c104cf3d4e6d31a0b127402fa3a5213dd686a48a858b7581868cb93fe789e249ef175deca865e2387ba579d8088691b5475c836d8c9fcafcca373a0d43c5a07029da9915827d5ca8fb80c0c676ce33f8f028e00d7a197b7ae7b0f726a1eed35d30591fffdbb14bd78c01c1d47cc18de85424fc81bbbbb1733498a35712ed119db159f3939fae462bcf5e2bde54b32c1cbe38a40f6389d5d849459a9401c4c0edeec46fe8dde11e184efb79298c1aa8f0a776e32be63d49b072d7f24c88eded44e6345e5df49a5592094278f8605402082896432b788f3bf1ea2e3912bc3c4bdaf6d609ee52d38fb25b9245441277b5ab7d70b0bda6fbfee
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 22184f284c89a9c053cd2b78b4189eea
+            Version: 3
+            TBS:
+                MD5: 5b1207ffffc0eff3784003d17b3e71a9
+                SHA1: 564b29bd3d1ae704393bf72a6e3e6931d3d4184d
+                SHA256: 2b9c106aae9a1675874a797c8571eb9fcec0a503ca4ddff69603321350fe3e68
+                SHA384: eac8e04313e7d424d650203026e3011abf7f02f40fecd7ab1a139aa229fabe40ac62b1f262780c4b27758214b08f7e87
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 22184f284c89a9c053cd2b78b4189eea
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: ad34ea17f90a34f6f84a399a96383ada
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: efa641bd31d86547dedc5bd0a678170b
+        SHA1: c20217149ac84ed17db7a13d3a07f642866adb64
+        SHA256: 3b22adc61900fbdc26629dc1135344d878f6a368ec6df0d4ec374559cb669182
+    Company: Novell, Inc.
+    Copyright: (C) Copyright 2000-2008, Novell, Inc. All Rights Reserved.
+    CreationTimestamp: '2009-12-18 07:20:49'
+    Date: ''
+    Description: Novell XTCOM Services Driver
+    ExportedFunctions:
+    - NicmCreateInstance
+    - NicmDeregisterClassFactory
+    - NicmGetVersion
+    - NicmRegisterClassFactory
+    - XTComCreateInstance
+    - XTComDeregisterClassFactory
+    - XTComFreeUnusedLibrariesEx
+    - XTComGetClassObject
+    - XTComGetVersion
+    - XTComInitialize
+    - XTComRegisterClassFactory
+    FileVersion: 3.1.6.0
+    Filename: ''
+    ImportedFunctions:
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - RtlEqualString
+    - RtlInitAnsiString
+    - strstr
+    - ExReleaseResourceLite
+    - ExAcquireResourceExclusiveLite
+    - ExAcquireResourceSharedLite
+    - ExInitializeResourceLite
+    - ExDeleteResourceLite
+    - ZwClose
+    - NtSetSecurityObject
+    - ZwCreateFile
+    - RtlCreateSecurityDescriptor
+    - IoSetTopLevelIrp
+    - IoGetTopLevelIrp
+    - IofCompleteRequest
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - KeReleaseMutex
+    - KeWaitForSingleObject
+    - KeLeaveCriticalRegion
+    - IoFreeMdl
+    - MmUnlockPages
+    - MmUnmapLockedPages
+    - MmMapLockedPagesSpecifyCache
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - ProbeForWrite
+    - ProbeForRead
+    - KeEnterCriticalRegion
+    - IoUnregisterShutdownNotification
+    - IoCreateSymbolicLink
+    - IoRegisterShutdownNotification
+    - IoCreateDevice
+    - KeInitializeMutex
+    - DbgPrintEx
+    - IoGetCurrentProcess
+    - KeDelayExecutionThread
+    - RtlAnsiStringToUnicodeString
+    - RtlFreeUnicodeString
+    - ZwSetValueKey
+    - RtlInitUnicodeString
+    - ZwCreateKey
+    - RtlAppendUnicodeStringToString
+    - memset
+    - ZwQuerySystemInformation
+    - RtlUnicodeStringToAnsiString
+    - ZwQueryValueKey
+    - ZwOpenKey
+    - ZwOpenFile
+    - RtlCopyString
+    - MmIsAddressValid
+    - ZwWaitForSingleObject
+    - ZwReadFile
+    - ZwQueryInformationFile
+    - RtlInitString
+    - ZwQueryDirectoryFile
+    - ZwLoadDriver
+    - RtlAppendUnicodeToString
+    - KeTickCount
+    - KeBugCheckEx
+    - RtlUnwind
+    Imports:
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: 1c591efa8660d4d36a75db9b82474174
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: libnicm.sys
+    PDBPath: ''
+    Product: Novell XTier
+    ProductVersion: 3.1.6
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 1057b10c078b885e3f08290c07a28c50
+        SHA1: 0ffa7dfa0ba19fb7b801bc37ee18c31964d8f68c
+        SHA256: 159cb8b8bd40916edc60562397b13c91c0f1dadc1c5d63eebadbe165c0cc327b
+    SHA1: a5f9aef55c64722ff2db96039af3b9c7dd8163e3
+    SHA256: 0cfb7ea2cc515a7fe913ab3619cbfcf1ca96d8cf72dc350905634a5782907a49
+    Sections:
+        .text:
+            Entropy: 6.395790606354113
+            Virtual Size: '0x2e12'
+        .rdata:
+            Entropy: 5.256258546162871
+            Virtual Size: '0x328'
+        .data:
+            Entropy: 2.732784594862837
+            Virtual Size: '0x574'
+        .edata:
+            Entropy: 4.777345796487677
+            Virtual Size: '0x18e'
+        INIT:
+            Entropy: 5.762298150076783
+            Virtual Size: '0x8b8'
+        .rsrc:
+            Entropy: 3.294301150507165
+            Virtual Size: '0x358'
+        .reloc:
+            Entropy: 5.7733896730533685
+            Virtual Size: '0x3d0'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3
+                , Microsoft Software Validation v2, OU=Novell Products Group, CN=Novell,
+                Inc.
+            ValidFrom: '2007-04-04 00:00:00'
+            ValidTo: '2010-04-27 23:59:59'
+            Signature: 267f71f6ee43755fd6395f85c34bb15a72a6f2a959c2074627d294395fb1aaa4c7bbeff369d735628b233bde7e5c95a0f1837e5ad03704270834ce9c1b07649a256027930f44e064568666b06e7f9dc3cd299b38b0a6766301200ab58434a05a34a369ab99bbbf2aaa6b3603481e0393a80ea09e78a7cf55317a9590c49887f02e1fd948c3b1f6d203e91782ce423d0569f45e7f074205df5f92be6ccd9836641439af4390022242e0ca84aedb0d71c5a50f2dbd1ed30e5ac9c1bda67c694f94f2fe4aa83945ed32e426afe26f44dcb6dcc8186728f86f1a1bddc1ea7dd82b76578a42d1e63bf5f8f348fbcd509094858978e375d277394529df1dd5d78abab2
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 4808d93b14b8600dbfa18dab5d15310f
+            Version: 3
+            TBS:
+                MD5: adddb65a3a360b3c1a55cb33e426f32a
+                SHA1: 93d9b282265288a94ee4f1a01c5fb3a08badb7ac
+                SHA256: d98d63f26125a94eb767fdd2526f6c74bfb40cb4d117a1d87ca3ed0d99bd6f0b
+                SHA384: cf20d9d6343b52b05ebaeace8a75ad950089e2d55508571cf5b153583fdf2d7b11bc61b8f38bfa70f09b2e7ac63d9ef5
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 4808d93b14b8600dbfa18dab5d15310f
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    Imphash: 28d780857f0f6616f938aca3a38b5072
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: fa31cbbfe06a2f4f6b29c60b76de5c30
+        SHA1: 8e7500a8d24c5a6cd6dce5679bab065e58b4dbb5
+        SHA256: 5ebfc2c2fc43fc34cc98378f627e6147af473cb37076f4c2ba278210bd88b2bf
+    Company: Novell, Inc.
+    Copyright: (C) Copyright 2000-2011, Novell, Inc. All Rights Reserved.
+    CreationTimestamp: '2011-09-29 19:29:05'
+    Date: ''
+    Description: Novell XTCOM Services Driver
+    ExportedFunctions:
+    - NicmCreateInstance
+    - NicmDeregisterClassFactory
+    - NicmGetVersion
+    - NicmRegisterClassFactory
+    - XTComCreateInstance
+    - XTComDeregisterClassFactory
+    - XTComFreeUnusedLibrariesEx
+    - XTComGetClassObject
+    - XTComGetVersion
+    - XTComInitialize
+    - XTComRegisterClassFactory
+    FileVersion: 3.1.6.0
+    Filename: ''
+    ImportedFunctions:
+    - ExFreePoolWithTag
+    - RtlInitAnsiString
+    - ExAcquireResourceSharedLite
+    - ExReleaseResourceLite
+    - RtlEqualString
+    - ExAcquireResourceExclusiveLite
+    - ExAllocatePoolWithTag
+    - strstr
+    - IoFreeMdl
+    - RtlCreateSecurityDescriptor
+    - KeEnterCriticalRegion
+    - KeReleaseMutex
+    - ZwCreateFile
+    - MmMapLockedPagesSpecifyCache
+    - IoUnregisterShutdownNotification
+    - ZwClose
+    - IofCompleteRequest
+    - IoSetTopLevelIrp
+    - MmUnmapLockedPages
+    - KeWaitForSingleObject
+    - ProbeForRead
+    - MmProbeAndLockPages
+    - IoDeleteSymbolicLink
+    - IoRegisterShutdownNotification
+    - MmUnlockPages
+    - KeInitializeMutex
+    - ExDeleteResourceLite
+    - KeLeaveCriticalRegion
+    - IoGetTopLevelIrp
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoCreateDevice
+    - ProbeForWrite
+    - ExInitializeResourceLite
+    - NtSetSecurityObject
+    - DbgPrintEx
+    - IoAllocateMdl
+    - IoGetCurrentProcess
+    - ZwLoadDriver
+    - ZwReadFile
+    - RtlInitUnicodeString
+    - ZwOpenKey
+    - RtlAppendUnicodeToString
+    - RtlUnicodeStringToAnsiString
+    - ZwSetValueKey
+    - ZwQuerySystemInformation
+    - RtlInitString
+    - KeDelayExecutionThread
+    - RtlFreeUnicodeString
+    - ZwWaitForSingleObject
+    - ZwQueryValueKey
+    - ZwQueryDirectoryFile
+    - RtlAppendUnicodeStringToString
+    - RtlCopyString
+    - MmIsAddressValid
+    - ZwCreateKey
+    - ZwOpenFile
+    - RtlAnsiStringToUnicodeString
+    - ZwQueryInformationFile
+    - KeBugCheckEx
+    - __C_specific_handler
+    Imports:
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: fc6dadb97bd3b7a61d06f20d0d2e1bac
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: libnicm.sys
+    PDBPath: ''
+    Product: Novell XTier
+    ProductVersion: 3.1.6
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: c93ac24ebf03669439ddaedcdec40816
+        SHA1: 5fa20de9a3815959d4a524edfd3e84d75d9057a9
+        SHA256: 143c2b92a334ff7919b92c2360f8a38b2ba578796bef13a77df8bbc2cefeee47
+    SHA1: bca4bbe4388ebeb834688e97fac281c09b0f3ac1
+    SHA256: 7f84f009704bc36f0e97c7be3de90648a5e7c21b4f870e4f210514d4418079a0
+    Sections:
+        .text:
+            Entropy: 6.3070137011324565
+            Virtual Size: '0x398c'
+        .rdata:
+            Entropy: 4.784577919725393
+            Virtual Size: '0x548'
+        .data:
+            Entropy: 2.7659755587497967
+            Virtual Size: '0x968'
+        .pdata:
+            Entropy: 4.09810523618847
+            Virtual Size: '0x204'
+        .edata:
+            Entropy: 4.819362209758554
+            Virtual Size: '0x18e'
+        INIT:
+            Entropy: 5.762789017450717
+            Virtual Size: '0xb18'
+        .rsrc:
+            Entropy: 3.296451914326491
+            Virtual Size: '0x358'
+        .reloc:
+            Entropy: 1.3741854163060885
+            Virtual Size: '0x18'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        -   Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3
+                , Microsoft Software Validation v2, OU=Novell Products Group, CN=Novell,
+                Inc.
+            ValidFrom: '2010-04-03 00:00:00'
+            ValidTo: '2013-04-26 23:59:59'
+            Signature: 2d2eec4636a0c1f359ef30a107e6c2301ad12c09ab9fdac02211aaef81323d1daee3a14a150bf9f4c7d0d788d5f486ea75e40abeb502a2267171be53030fe7614af7a2015eabd4c26e887ec9220beb3666fc68158d2b8dd659e3fe55245821c10e37ddeebac63eb1848512c64a543a13ba6735b156c6dc13395890e8003e03e7c2613e2c1de1dfadfe072cd7655e3b4166fe973233b4f81ecf810541382d67c92f29d76e220543a7179b606011b932cee250f99f260b29e79236cec10b67e0e0e48cb74593a7ce2e3cfafb6c58ac7ae5c10a591037c380b5f7516cac8f4ec695b020ca2445cb9bf97eb56c09d4a62618871b482ef97c5894349e10f62e2ee68b
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 41ec87c0295f2c734169b8a23c66ac9a
+            Version: 3
+            TBS:
+                MD5: b1504f143b89a6080710bafcededb833
+                SHA1: 5c2696893ebba1e81d918a4fadda143c25c77286
+                SHA256: ae1dc09d08e93ace95fe203adfbfadcd4c029529d3f99ab381c368064b58d9a0
+                SHA384: 18c6db711578cfcd4bce87c63d053e242c7c196efc892c2d4a8733cb75bb7dc3cac3f702e0e1d4b7fa2c590acb53fdee
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 41ec87c0295f2c734169b8a23c66ac9a
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    Imphash: 96f270be3f73ec3fc2f2237fe84efca0
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 9aee04fa1bdb51eb3122c1c9b5e9b3c1
+        SHA1: 7e2db8140582d0d606627ff4d97e294080d4d334
+        SHA256: e2a330131ca4a9499736fdc72e819a6ff1f883b1c6dc7b83d5b69d288508e0fe
+    Company: Novell, Inc.
+    Copyright: (C) Copyright 2000-2014, Novell, Inc. All Rights Reserved.
+    CreationTimestamp: '2014-08-26 13:52:33'
+    Date: ''
+    Description: Novell XTCOM Services Driver
+    ExportedFunctions:
+    - NicmCreateInstance
+    - NicmDeregisterClassFactory
+    - NicmGetVersion
+    - NicmRegisterClassFactory
+    - XTComCreateInstance
+    - XTComDeregisterClassFactory
+    - XTComFreeUnusedLibrariesEx
+    - XTComGetClassObject
+    - XTComGetVersion
+    - XTComInitialize
+    - XTComRegisterClassFactory
+    FileVersion: 3.1.11.0
+    Filename: ''
+    ImportedFunctions:
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - RtlEqualString
+    - RtlInitAnsiString
+    - strstr
+    - ExReleaseResourceLite
+    - ExAcquireResourceExclusiveLite
+    - ExAcquireResourceSharedLite
+    - ExInitializeResourceLite
+    - ExDeleteResourceLite
+    - ZwClose
+    - NtSetSecurityObject
+    - ZwCreateFile
+    - RtlCreateSecurityDescriptor
+    - IoSetTopLevelIrp
+    - IoGetTopLevelIrp
+    - IofCompleteRequest
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - KeReleaseMutex
+    - KeWaitForSingleObject
+    - KeLeaveCriticalRegion
+    - DbgPrint
+    - IoFreeMdl
+    - MmUnlockPages
+    - MmUnmapLockedPages
+    - MmMapLockedPagesSpecifyCache
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - ProbeForWrite
+    - ProbeForRead
+    - KeEnterCriticalRegion
+    - IoUnregisterShutdownNotification
+    - IoCreateSymbolicLink
+    - IoRegisterShutdownNotification
+    - IoCreateDevice
+    - KeInitializeMutex
+    - DbgPrintEx
+    - IoGetCurrentProcess
+    - KeDelayExecutionThread
+    - RtlAnsiStringToUnicodeString
+    - RtlFreeUnicodeString
+    - ZwSetValueKey
+    - RtlInitUnicodeString
+    - ZwCreateKey
+    - RtlAppendUnicodeStringToString
+    - memset
+    - ZwQuerySystemInformation
+    - RtlUnicodeStringToAnsiString
+    - ZwQueryValueKey
+    - ZwOpenKey
+    - ZwOpenFile
+    - RtlCopyString
+    - MmIsAddressValid
+    - ZwWaitForSingleObject
+    - ZwReadFile
+    - ZwQueryInformationFile
+    - RtlInitString
+    - ZwQueryDirectoryFile
+    - ZwLoadDriver
+    - RtlAppendUnicodeToString
+    - KeTickCount
+    - KeBugCheckEx
+    - RtlUnwind
+    Imports:
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: 0703c1e07186cb98837a2ae76f50d42e
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: libnicm.sys
+    PDBPath: ''
+    Product: Novell XTier
+    ProductVersion: 3.1.11
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 5fa7f0eaf5758a703ef3f6b22d70dc13
+        SHA1: d4018d89c433452d1c47553f7853e191394a439b
+        SHA256: 96fa045d2bdfd41e5eb7f16d064df9fca8c2cd6c694bb428d1ee496a886b28c6
+    SHA1: e1bf5dd17f84bce3b2891dffa855d81a21914418
+    SHA256: 66a20fc2658c70facd420f5437a73fa07a5175998e569255cfb16c2f14c5e796
+    Sections:
+        .text:
+            Entropy: 6.3977880395770095
+            Virtual Size: '0x2f5e'
+        .rdata:
+            Entropy: 5.261559226615346
+            Virtual Size: '0x328'
+        .data:
+            Entropy: 2.732784594862837
+            Virtual Size: '0x574'
+        .edata:
+            Entropy: 4.777345796487677
+            Virtual Size: '0x18e'
+        INIT:
+            Entropy: 5.770074623444129
+            Virtual Size: '0x8d0'
+        .rsrc:
+            Entropy: 3.292213273656096
+            Virtual Size: '0x360'
+        .reloc:
+            Entropy: 5.779707361998735
+            Virtual Size: '0x3dc'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3
+                , Microsoft Software Validation v2, CN=Novell, Inc.
+            ValidFrom: '2013-03-05 00:00:00'
+            ValidTo: '2016-06-03 23:59:59'
+            Signature: dbb57cdba61b53b01c104cf3d4e6d31a0b127402fa3a5213dd686a48a858b7581868cb93fe789e249ef175deca865e2387ba579d8088691b5475c836d8c9fcafcca373a0d43c5a07029da9915827d5ca8fb80c0c676ce33f8f028e00d7a197b7ae7b0f726a1eed35d30591fffdbb14bd78c01c1d47cc18de85424fc81bbbbb1733498a35712ed119db159f3939fae462bcf5e2bde54b32c1cbe38a40f6389d5d849459a9401c4c0edeec46fe8dde11e184efb79298c1aa8f0a776e32be63d49b072d7f24c88eded44e6345e5df49a5592094278f8605402082896432b788f3bf1ea2e3912bc3c4bdaf6d609ee52d38fb25b9245441277b5ab7d70b0bda6fbfee
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 22184f284c89a9c053cd2b78b4189eea
+            Version: 3
+            TBS:
+                MD5: 5b1207ffffc0eff3784003d17b3e71a9
+                SHA1: 564b29bd3d1ae704393bf72a6e3e6931d3d4184d
+                SHA256: 2b9c106aae9a1675874a797c8571eb9fcec0a503ca4ddff69603321350fe3e68
+                SHA384: eac8e04313e7d424d650203026e3011abf7f02f40fecd7ab1a139aa229fabe40ac62b1f262780c4b27758214b08f7e87
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 22184f284c89a9c053cd2b78b4189eea
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: acd1b0130287133223d26c91f27f6899
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: dc077cd1d4adde370496ba2ea39e9397
+        SHA1: fa064d914e051cfb54bebfeec92f38d7b4f714d3
+        SHA256: 6429f89dd7e9f8f7784736b6d3471be3c480d4eb4c9a573c698ede1dd64f5010
+    Company: Novell, Inc.
+    Copyright: (C) Copyright 2000-2013, Novell, Inc. All Rights Reserved.
+    CreationTimestamp: '2013-12-18 02:18:10'
+    Date: ''
+    Description: Novell XTCOM Services Driver
+    ExportedFunctions:
+    - NicmCreateInstance
+    - NicmDeregisterClassFactory
+    - NicmGetVersion
+    - NicmRegisterClassFactory
+    - XTComCreateInstance
+    - XTComDeregisterClassFactory
+    - XTComFreeUnusedLibrariesEx
+    - XTComGetClassObject
+    - XTComGetVersion
+    - XTComInitialize
+    - XTComRegisterClassFactory
+    FileVersion: 3.1.11.0
+    Filename: ''
+    ImportedFunctions:
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - RtlEqualString
+    - RtlInitAnsiString
+    - strstr
+    - ExReleaseResourceLite
+    - ExAcquireResourceExclusiveLite
+    - ExAcquireResourceSharedLite
+    - ExInitializeResourceLite
+    - ExDeleteResourceLite
+    - ZwClose
+    - NtSetSecurityObject
+    - ZwCreateFile
+    - RtlCreateSecurityDescriptor
+    - IoSetTopLevelIrp
+    - IoGetTopLevelIrp
+    - IofCompleteRequest
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - KeReleaseMutex
+    - KeWaitForSingleObject
+    - KeLeaveCriticalRegion
+    - DbgPrint
+    - IoFreeMdl
+    - MmUnlockPages
+    - MmUnmapLockedPages
+    - MmMapLockedPagesSpecifyCache
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - ProbeForWrite
+    - ProbeForRead
+    - KeEnterCriticalRegion
+    - IoUnregisterShutdownNotification
+    - IoCreateSymbolicLink
+    - IoRegisterShutdownNotification
+    - IoCreateDevice
+    - KeInitializeMutex
+    - DbgPrintEx
+    - IoGetCurrentProcess
+    - KeDelayExecutionThread
+    - RtlAnsiStringToUnicodeString
+    - RtlFreeUnicodeString
+    - ZwSetValueKey
+    - RtlInitUnicodeString
+    - ZwCreateKey
+    - RtlAppendUnicodeStringToString
+    - memset
+    - ZwQuerySystemInformation
+    - RtlUnicodeStringToAnsiString
+    - ZwQueryValueKey
+    - ZwOpenKey
+    - ZwOpenFile
+    - RtlCopyString
+    - MmIsAddressValid
+    - ZwWaitForSingleObject
+    - ZwReadFile
+    - ZwQueryInformationFile
+    - RtlInitString
+    - ZwQueryDirectoryFile
+    - ZwLoadDriver
+    - RtlAppendUnicodeToString
+    - KeTickCount
+    - KeBugCheckEx
+    - RtlUnwind
+    Imports:
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: 41339c852c6e8e4c94323f500c87a79c
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: libnicm.sys
+    PDBPath: ''
+    Product: Novell XTier
+    ProductVersion: 3.1.11
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 5fa7f0eaf5758a703ef3f6b22d70dc13
+        SHA1: d4018d89c433452d1c47553f7853e191394a439b
+        SHA256: 96fa045d2bdfd41e5eb7f16d064df9fca8c2cd6c694bb428d1ee496a886b28c6
+    SHA1: 9ca90642cff9ca71c7022c0f9dfd87da2b6a0bff
+    SHA256: 8138b219a2b1be2b0be61e5338be470c18ad6975f11119aee3a771d4584ed750
+    Sections:
+        .text:
+            Entropy: 6.3978203284619255
+            Virtual Size: '0x2f5e'
+        .rdata:
+            Entropy: 5.236273583093875
+            Virtual Size: '0x338'
+        .data:
+            Entropy: 2.732784594862837
+            Virtual Size: '0x574'
+        .edata:
+            Entropy: 4.770423968592794
+            Virtual Size: '0x18e'
+        INIT:
+            Entropy: 5.770074623444129
+            Virtual Size: '0x8d0'
+        .rsrc:
+            Entropy: 3.293202571077708
+            Virtual Size: '0x360'
+        .reloc:
+            Entropy: 5.776010088933396
+            Virtual Size: '0x3dc'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3
+                , Microsoft Software Validation v2, CN=Novell, Inc.
+            ValidFrom: '2013-03-05 00:00:00'
+            ValidTo: '2016-06-03 23:59:59'
+            Signature: dbb57cdba61b53b01c104cf3d4e6d31a0b127402fa3a5213dd686a48a858b7581868cb93fe789e249ef175deca865e2387ba579d8088691b5475c836d8c9fcafcca373a0d43c5a07029da9915827d5ca8fb80c0c676ce33f8f028e00d7a197b7ae7b0f726a1eed35d30591fffdbb14bd78c01c1d47cc18de85424fc81bbbbb1733498a35712ed119db159f3939fae462bcf5e2bde54b32c1cbe38a40f6389d5d849459a9401c4c0edeec46fe8dde11e184efb79298c1aa8f0a776e32be63d49b072d7f24c88eded44e6345e5df49a5592094278f8605402082896432b788f3bf1ea2e3912bc3c4bdaf6d609ee52d38fb25b9245441277b5ab7d70b0bda6fbfee
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 22184f284c89a9c053cd2b78b4189eea
+            Version: 3
+            TBS:
+                MD5: 5b1207ffffc0eff3784003d17b3e71a9
+                SHA1: 564b29bd3d1ae704393bf72a6e3e6931d3d4184d
+                SHA256: 2b9c106aae9a1675874a797c8571eb9fcec0a503ca4ddff69603321350fe3e68
+                SHA384: eac8e04313e7d424d650203026e3011abf7f02f40fecd7ab1a139aa229fabe40ac62b1f262780c4b27758214b08f7e87
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 22184f284c89a9c053cd2b78b4189eea
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: acd1b0130287133223d26c91f27f6899
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 31ea879f360e292dc09e69d8098e5dbe
+        SHA1: d6f4650669233ba26c47c7b252867b4ffa2e7f06
+        SHA256: 615c391666b0fdaa0a8096320d35c7b951e6a0ee7f984ab3e892f838cb212b60
+    Company: Novell, Inc.
+    Copyright: (C) Copyright 2000-2015, Novell, Inc. All Rights Reserved.
+    CreationTimestamp: '2015-06-26 06:07:19'
+    Date: ''
+    Description: Novell XTCOM Services Driver
+    ExportedFunctions:
+    - NicmCreateInstance
+    - NicmDeregisterClassFactory
+    - NicmGetVersion
+    - NicmRegisterClassFactory
+    - XTComCreateInstance
+    - XTComDeregisterClassFactory
+    - XTComFreeUnusedLibrariesEx
+    - XTComGetClassObject
+    - XTComGetVersion
+    - XTComInitialize
+    - XTComRegisterClassFactory
+    FileVersion: 3.1.12.0
+    Filename: ''
+    ImportedFunctions:
+    - ExAcquireResourceExclusiveLite
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - strstr
+    - RtlInitAnsiString
+    - ExAcquireResourceSharedLite
+    - ExReleaseResourceLite
+    - RtlEqualString
+    - MmUnmapLockedPages
+    - ProbeForRead
+    - IoDeleteSymbolicLink
+    - IoRegisterShutdownNotification
+    - KeInitializeMutex
+    - KeLeaveCriticalRegion
+    - IoDeleteDevice
+    - ProbeForWrite
+    - IoFreeMdl
+    - KeEnterCriticalRegion
+    - KeReleaseMutex
+    - ZwCreateFile
+    - MmMapLockedPagesSpecifyCache
+    - IoUnregisterShutdownNotification
+    - ZwClose
+    - IofCompleteRequest
+    - IoSetTopLevelIrp
+    - KeWaitForSingleObject
+    - MmProbeAndLockPages
+    - MmUnlockPages
+    - ExDeleteResourceLite
+    - IoGetTopLevelIrp
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - ExInitializeResourceLite
+    - NtSetSecurityObject
+    - DbgPrintEx
+    - DbgPrint
+    - IoAllocateMdl
+    - RtlCreateSecurityDescriptor
+    - IoGetCurrentProcess
+    - ZwCreateKey
+    - RtlAnsiStringToUnicodeString
+    - ZwReadFile
+    - RtlInitUnicodeString
+    - RtlAppendUnicodeToString
+    - RtlUnicodeStringToAnsiString
+    - ZwSetValueKey
+    - ZwQuerySystemInformation
+    - RtlInitString
+    - KeDelayExecutionThread
+    - RtlFreeUnicodeString
+    - ZwWaitForSingleObject
+    - ZwQueryValueKey
+    - ZwQueryDirectoryFile
+    - RtlAppendUnicodeStringToString
+    - RtlCopyString
+    - MmIsAddressValid
+    - ZwOpenFile
+    - ZwQueryInformationFile
+    - ZwLoadDriver
+    - ZwOpenKey
+    - KeBugCheckEx
+    - __C_specific_handler
+    Imports:
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: d48f681f70e19d2fa521df63bc72ab9e
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: libnicm.sys
+    PDBPath: ''
+    Product: Novell XTier
+    ProductVersion: 3.1.12
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 8850702894d4f93edec22b7062734311
+        SHA1: b03ec8e4976ac440ec91c83869fd957a840a115a
+        SHA256: 7a395513b36fa940ad02212cddc492f51aaf9ceb39f1dc1aa684da55e4fd3cfc
+    SHA1: 10fc6933deb7de9813e07d864ce03334a4f489d9
+    SHA256: d04c72fd31e7d36b101ad30e119e14f6df9cbc7a761526da9b77f9e0b9888bc4
+    Sections:
+        .text:
+            Entropy: 6.322257190894552
+            Virtual Size: '0x3b20'
+        .rdata:
+            Entropy: 4.758059398135914
+            Virtual Size: '0x584'
+        .data:
+            Entropy: 2.7659755587497967
+            Virtual Size: '0x968'
+        .pdata:
+            Entropy: 4.125409691380965
+            Virtual Size: '0x234'
+        .edata:
+            Entropy: 4.819255847308731
+            Virtual Size: '0x18e'
+        INIT:
+            Entropy: 5.789752688284005
+            Virtual Size: '0xb4c'
+        .rsrc:
+            Entropy: 3.297006918852943
+            Virtual Size: '0x360'
+        .reloc:
+            Entropy: 1.3741854163060885
+            Virtual Size: '0x18'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3
+                , Microsoft Software Validation v2, CN=Novell, Inc.
+            ValidFrom: '2013-03-05 00:00:00'
+            ValidTo: '2016-06-03 23:59:59'
+            Signature: dbb57cdba61b53b01c104cf3d4e6d31a0b127402fa3a5213dd686a48a858b7581868cb93fe789e249ef175deca865e2387ba579d8088691b5475c836d8c9fcafcca373a0d43c5a07029da9915827d5ca8fb80c0c676ce33f8f028e00d7a197b7ae7b0f726a1eed35d30591fffdbb14bd78c01c1d47cc18de85424fc81bbbbb1733498a35712ed119db159f3939fae462bcf5e2bde54b32c1cbe38a40f6389d5d849459a9401c4c0edeec46fe8dde11e184efb79298c1aa8f0a776e32be63d49b072d7f24c88eded44e6345e5df49a5592094278f8605402082896432b788f3bf1ea2e3912bc3c4bdaf6d609ee52d38fb25b9245441277b5ab7d70b0bda6fbfee
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 22184f284c89a9c053cd2b78b4189eea
+            Version: 3
+            TBS:
+                MD5: 5b1207ffffc0eff3784003d17b3e71a9
+                SHA1: 564b29bd3d1ae704393bf72a6e3e6931d3d4184d
+                SHA256: 2b9c106aae9a1675874a797c8571eb9fcec0a503ca4ddff69603321350fe3e68
+                SHA384: eac8e04313e7d424d650203026e3011abf7f02f40fecd7ab1a139aa229fabe40ac62b1f262780c4b27758214b08f7e87
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 22184f284c89a9c053cd2b78b4189eea
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: ad34ea17f90a34f6f84a399a96383ada
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 468460d75f9141ee3e1bfba845ef8c13
+        SHA1: 22fcace035c25521bdfca64df32a67fb16ee87bc
+        SHA256: d0b918d766e6ce4218a833314525dd6eaeba83c597e9e1a9efefa7f95ec64a95
+    Company: Novell, Inc.
+    Copyright: (C) Copyright 2000-2015, Novell, Inc. All Rights Reserved.
+    CreationTimestamp: '2015-06-26 06:07:25'
+    Date: ''
+    Description: Novell XTCOM Services Driver
+    ExportedFunctions:
+    - NicmCreateInstance
+    - NicmDeregisterClassFactory
+    - NicmGetVersion
+    - NicmRegisterClassFactory
+    - XTComCreateInstance
+    - XTComDeregisterClassFactory
+    - XTComFreeUnusedLibrariesEx
+    - XTComGetClassObject
+    - XTComGetVersion
+    - XTComInitialize
+    - XTComRegisterClassFactory
+    FileVersion: 3.1.12.0
+    Filename: ''
+    ImportedFunctions:
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - RtlEqualString
+    - RtlInitAnsiString
+    - strstr
+    - ExReleaseResourceLite
+    - ExAcquireResourceExclusiveLite
+    - ExAcquireResourceSharedLite
+    - ExInitializeResourceLite
+    - ExDeleteResourceLite
+    - ZwClose
+    - NtSetSecurityObject
+    - ZwCreateFile
+    - RtlCreateSecurityDescriptor
+    - IoSetTopLevelIrp
+    - IoGetTopLevelIrp
+    - IofCompleteRequest
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - KeReleaseMutex
+    - KeWaitForSingleObject
+    - KeLeaveCriticalRegion
+    - DbgPrint
+    - IoFreeMdl
+    - MmUnlockPages
+    - MmUnmapLockedPages
+    - MmMapLockedPagesSpecifyCache
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - ProbeForWrite
+    - ProbeForRead
+    - KeEnterCriticalRegion
+    - IoUnregisterShutdownNotification
+    - IoCreateSymbolicLink
+    - IoRegisterShutdownNotification
+    - IoCreateDevice
+    - KeInitializeMutex
+    - DbgPrintEx
+    - IoGetCurrentProcess
+    - KeDelayExecutionThread
+    - RtlAnsiStringToUnicodeString
+    - RtlFreeUnicodeString
+    - ZwSetValueKey
+    - RtlInitUnicodeString
+    - ZwCreateKey
+    - RtlAppendUnicodeStringToString
+    - memset
+    - ZwQuerySystemInformation
+    - RtlUnicodeStringToAnsiString
+    - ZwQueryValueKey
+    - ZwOpenKey
+    - ZwOpenFile
+    - RtlCopyString
+    - MmIsAddressValid
+    - ZwWaitForSingleObject
+    - ZwReadFile
+    - ZwQueryInformationFile
+    - RtlInitString
+    - ZwQueryDirectoryFile
+    - ZwLoadDriver
+    - RtlAppendUnicodeToString
+    - KeTickCount
+    - KeBugCheckEx
+    - RtlUnwind
+    Imports:
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: da7e98b23b49b7293ee06713032c74f6
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: libnicm.sys
+    PDBPath: ''
+    Product: Novell XTier
+    ProductVersion: 3.1.12
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 5fa7f0eaf5758a703ef3f6b22d70dc13
+        SHA1: d4018d89c433452d1c47553f7853e191394a439b
+        SHA256: 96fa045d2bdfd41e5eb7f16d064df9fca8c2cd6c694bb428d1ee496a886b28c6
+    SHA1: c22c28a32a5e43a76514faf4fac14d135e0d4ffd
+    SHA256: 87e094214feb56a482cd8ae7ee7c7882b5a8dccce7947fdaa04a660fa19f41e5
+    Sections:
+        .text:
+            Entropy: 6.3977880395770095
+            Virtual Size: '0x2f5e'
+        .rdata:
+            Entropy: 5.274989904818917
+            Virtual Size: '0x328'
+        .data:
+            Entropy: 2.732784594862837
+            Virtual Size: '0x574'
+        .edata:
+            Entropy: 4.767295545231396
+            Virtual Size: '0x18e'
+        INIT:
+            Entropy: 5.770074623444129
+            Virtual Size: '0x8d0'
+        .rsrc:
+            Entropy: 3.293818391651365
+            Virtual Size: '0x360'
+        .reloc:
+            Entropy: 5.779707361998735
+            Virtual Size: '0x3dc'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3
+                , Microsoft Software Validation v2, CN=Novell, Inc.
+            ValidFrom: '2013-03-05 00:00:00'
+            ValidTo: '2016-06-03 23:59:59'
+            Signature: dbb57cdba61b53b01c104cf3d4e6d31a0b127402fa3a5213dd686a48a858b7581868cb93fe789e249ef175deca865e2387ba579d8088691b5475c836d8c9fcafcca373a0d43c5a07029da9915827d5ca8fb80c0c676ce33f8f028e00d7a197b7ae7b0f726a1eed35d30591fffdbb14bd78c01c1d47cc18de85424fc81bbbbb1733498a35712ed119db159f3939fae462bcf5e2bde54b32c1cbe38a40f6389d5d849459a9401c4c0edeec46fe8dde11e184efb79298c1aa8f0a776e32be63d49b072d7f24c88eded44e6345e5df49a5592094278f8605402082896432b788f3bf1ea2e3912bc3c4bdaf6d609ee52d38fb25b9245441277b5ab7d70b0bda6fbfee
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 22184f284c89a9c053cd2b78b4189eea
+            Version: 3
+            TBS:
+                MD5: 5b1207ffffc0eff3784003d17b3e71a9
+                SHA1: 564b29bd3d1ae704393bf72a6e3e6931d3d4184d
+                SHA256: 2b9c106aae9a1675874a797c8571eb9fcec0a503ca4ddff69603321350fe3e68
+                SHA384: eac8e04313e7d424d650203026e3011abf7f02f40fecd7ab1a139aa229fabe40ac62b1f262780c4b27758214b08f7e87
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 22184f284c89a9c053cd2b78b4189eea
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: acd1b0130287133223d26c91f27f6899
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 25c0efa043f90ef63f9fdb49bae0342e
+        SHA1: dc1295fe99e5908dd0569acbffdb2d31652accbf
+        SHA256: 5e789b6d535b49c66c658978099e50fa2f8d02c2511bdaf9358bb8e40bdcef8e
+    Company: Novell, Inc.
+    Copyright: (C) Copyright 2000-2008, Novell, Inc. All Rights Reserved.
+    CreationTimestamp: '2009-09-08 13:26:55'
+    Date: ''
+    Description: Novell XTCOM Services Driver
+    ExportedFunctions:
+    - NicmCreateInstance
+    - NicmDeregisterClassFactory
+    - NicmGetVersion
+    - NicmRegisterClassFactory
+    - XTComCreateInstance
+    - XTComDeregisterClassFactory
+    - XTComFreeUnusedLibrariesEx
+    - XTComGetClassObject
+    - XTComGetVersion
+    - XTComInitialize
+    - XTComRegisterClassFactory
+    FileVersion: 3.1.6.0
+    Filename: ''
+    ImportedFunctions:
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - RtlEqualString
+    - RtlInitAnsiString
+    - strstr
+    - ExReleaseResourceLite
+    - ExAcquireResourceExclusiveLite
+    - ExAcquireResourceSharedLite
+    - ExInitializeResourceLite
+    - ExDeleteResourceLite
+    - ZwClose
+    - NtSetSecurityObject
+    - ZwCreateFile
+    - RtlCreateSecurityDescriptor
+    - IoSetTopLevelIrp
+    - IoGetTopLevelIrp
+    - IofCompleteRequest
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - KeReleaseMutex
+    - KeWaitForSingleObject
+    - KeLeaveCriticalRegion
+    - IoFreeMdl
+    - MmUnlockPages
+    - MmUnmapLockedPages
+    - MmMapLockedPagesSpecifyCache
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - ProbeForWrite
+    - ProbeForRead
+    - KeEnterCriticalRegion
+    - IoUnregisterShutdownNotification
+    - IoCreateSymbolicLink
+    - IoRegisterShutdownNotification
+    - IoCreateDevice
+    - KeInitializeMutex
+    - DbgPrintEx
+    - IoGetCurrentProcess
+    - KeDelayExecutionThread
+    - RtlAnsiStringToUnicodeString
+    - RtlFreeUnicodeString
+    - ZwSetValueKey
+    - RtlInitUnicodeString
+    - ZwCreateKey
+    - RtlAppendUnicodeStringToString
+    - memset
+    - ZwQuerySystemInformation
+    - RtlUnicodeStringToAnsiString
+    - ZwQueryValueKey
+    - ZwOpenKey
+    - ZwOpenFile
+    - RtlCopyString
+    - MmIsAddressValid
+    - ZwWaitForSingleObject
+    - ZwReadFile
+    - ZwQueryInformationFile
+    - RtlInitString
+    - ZwQueryDirectoryFile
+    - ZwLoadDriver
+    - RtlAppendUnicodeToString
+    - KeTickCount
+    - KeBugCheckEx
+    - RtlUnwind
+    Imports:
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: aae268c4b593156bdae25af5a2a4af21
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: libnicm.sys
+    PDBPath: ''
+    Product: Novell XTier
+    ProductVersion: 3.1.6
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 1057b10c078b885e3f08290c07a28c50
+        SHA1: 0ffa7dfa0ba19fb7b801bc37ee18c31964d8f68c
+        SHA256: 159cb8b8bd40916edc60562397b13c91c0f1dadc1c5d63eebadbe165c0cc327b
+    SHA1: e3266b046d278194ade4d8f677772d0cb4ecfaf1
+    SHA256: d1c78c8ba70368e96515fb0596598938a8f9efa8f9f5d9e068ee008f03020fee
+    Sections:
+        .text:
+            Entropy: 6.402214162342275
+            Virtual Size: '0x2eb2'
+        .rdata:
+            Entropy: 5.246886867271846
+            Virtual Size: '0x318'
+        .data:
+            Entropy: 2.732784594862837
+            Virtual Size: '0x574'
+        .edata:
+            Entropy: 4.80662088305653
+            Virtual Size: '0x18e'
+        INIT:
+            Entropy: 5.758686784808341
+            Virtual Size: '0x8b8'
+        .rsrc:
+            Entropy: 3.294301150507165
+            Virtual Size: '0x358'
+        .reloc:
+            Entropy: 5.763922075902202
+            Virtual Size: '0x3d2'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3
+                , Microsoft Software Validation v2, OU=Novell Products Group, CN=Novell,
+                Inc.
+            ValidFrom: '2007-04-04 00:00:00'
+            ValidTo: '2010-04-27 23:59:59'
+            Signature: 267f71f6ee43755fd6395f85c34bb15a72a6f2a959c2074627d294395fb1aaa4c7bbeff369d735628b233bde7e5c95a0f1837e5ad03704270834ce9c1b07649a256027930f44e064568666b06e7f9dc3cd299b38b0a6766301200ab58434a05a34a369ab99bbbf2aaa6b3603481e0393a80ea09e78a7cf55317a9590c49887f02e1fd948c3b1f6d203e91782ce423d0569f45e7f074205df5f92be6ccd9836641439af4390022242e0ca84aedb0d71c5a50f2dbd1ed30e5ac9c1bda67c694f94f2fe4aa83945ed32e426afe26f44dcb6dcc8186728f86f1a1bddc1ea7dd82b76578a42d1e63bf5f8f348fbcd509094858978e375d277394529df1dd5d78abab2
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 4808d93b14b8600dbfa18dab5d15310f
+            Version: 3
+            TBS:
+                MD5: adddb65a3a360b3c1a55cb33e426f32a
+                SHA1: 93d9b282265288a94ee4f1a01c5fb3a08badb7ac
+                SHA256: d98d63f26125a94eb767fdd2526f6c74bfb40cb4d117a1d87ca3ed0d99bd6f0b
+                SHA384: cf20d9d6343b52b05ebaeace8a75ad950089e2d55508571cf5b153583fdf2d7b11bc61b8f38bfa70f09b2e7ac63d9ef5
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 4808d93b14b8600dbfa18dab5d15310f
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    Imphash: 28d780857f0f6616f938aca3a38b5072
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: c9fb69b3569b42eed1b945c068245fb7
+        SHA1: f9af5075200f0d08359e8ee5bfcbfae5e31ac002
+        SHA256: 30accf1de5969ff5bf958786b9c9deb9001d1a19d121aac8b3c92c5b463a087e
+    Company: Novell, Inc.
+    Copyright: (C) Copyright 2000-2012, Novell, Inc. All Rights Reserved.
+    CreationTimestamp: '2012-03-18 19:27:38'
+    Date: ''
+    Description: Novell XTCOM Services Driver
+    ExportedFunctions:
+    - NicmCreateInstance
+    - NicmDeregisterClassFactory
+    - NicmGetVersion
+    - NicmRegisterClassFactory
+    - XTComCreateInstance
+    - XTComDeregisterClassFactory
+    - XTComFreeUnusedLibrariesEx
+    - XTComGetClassObject
+    - XTComGetVersion
+    - XTComInitialize
+    - XTComRegisterClassFactory
+    FileVersion: 3.1.10.0
+    Filename: ''
+    ImportedFunctions:
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - RtlEqualString
+    - RtlInitAnsiString
+    - strstr
+    - ExReleaseResourceLite
+    - ExAcquireResourceExclusiveLite
+    - ExAcquireResourceSharedLite
+    - ExInitializeResourceLite
+    - ExDeleteResourceLite
+    - ZwClose
+    - NtSetSecurityObject
+    - ZwCreateFile
+    - RtlCreateSecurityDescriptor
+    - IoSetTopLevelIrp
+    - IoGetTopLevelIrp
+    - IofCompleteRequest
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - KeReleaseMutex
+    - KeWaitForSingleObject
+    - KeLeaveCriticalRegion
+    - IoFreeMdl
+    - MmUnlockPages
+    - MmUnmapLockedPages
+    - MmMapLockedPagesSpecifyCache
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - ProbeForWrite
+    - ProbeForRead
+    - KeEnterCriticalRegion
+    - IoUnregisterShutdownNotification
+    - IoCreateSymbolicLink
+    - IoRegisterShutdownNotification
+    - IoCreateDevice
+    - KeInitializeMutex
+    - DbgPrintEx
+    - IoGetCurrentProcess
+    - KeDelayExecutionThread
+    - RtlAnsiStringToUnicodeString
+    - RtlFreeUnicodeString
+    - ZwSetValueKey
+    - RtlInitUnicodeString
+    - ZwCreateKey
+    - RtlAppendUnicodeStringToString
+    - memset
+    - ZwQuerySystemInformation
+    - RtlUnicodeStringToAnsiString
+    - ZwQueryValueKey
+    - ZwOpenKey
+    - ZwOpenFile
+    - RtlCopyString
+    - MmIsAddressValid
+    - ZwWaitForSingleObject
+    - ZwReadFile
+    - ZwQueryInformationFile
+    - RtlInitString
+    - ZwQueryDirectoryFile
+    - ZwLoadDriver
+    - RtlAppendUnicodeToString
+    - KeTickCount
+    - KeBugCheckEx
+    - RtlUnwind
+    Imports:
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: 20afd54ca260e2bf6589fac72935fecf
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: libnicm.sys
+    PDBPath: ''
+    Product: Novell XTier
+    ProductVersion: 3.1.10
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 3a47368eb1de45f496d5ab77e5376986
+        SHA1: 3cd4b05433eebaf9a0c2f069a84c0de1146ea0b1
+        SHA256: a506b807681ea2fea75bedde727894b9f5ae4eb3837fc1d0645823ae1a1b61dc
+    SHA1: e9f576137181c261dc3b23871d1d822731d54a12
+    SHA256: 834a3d755b5ae798561f8e5fbb18cf28dfcae7a111dc6a03967888e9d10f6d78
+    Sections:
+        .text:
+            Entropy: 6.390310950936035
+            Virtual Size: '0x2e22'
+        .rdata:
+            Entropy: 5.293527716565188
+            Virtual Size: '0x318'
+        .data:
+            Entropy: 2.732784594862837
+            Virtual Size: '0x574'
+        .edata:
+            Entropy: 4.7723206708595365
+            Virtual Size: '0x18e'
+        INIT:
+            Entropy: 5.770541512844784
+            Virtual Size: '0x8c0'
+        .rsrc:
+            Entropy: 3.2904973259569483
+            Virtual Size: '0x360'
+        .reloc:
+            Entropy: 5.783333067425757
+            Virtual Size: '0x3ce'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        -   Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3
+                , Microsoft Software Validation v2, OU=Novell Products Group, CN=Novell,
+                Inc.
+            ValidFrom: '2010-04-03 00:00:00'
+            ValidTo: '2013-04-26 23:59:59'
+            Signature: 2d2eec4636a0c1f359ef30a107e6c2301ad12c09ab9fdac02211aaef81323d1daee3a14a150bf9f4c7d0d788d5f486ea75e40abeb502a2267171be53030fe7614af7a2015eabd4c26e887ec9220beb3666fc68158d2b8dd659e3fe55245821c10e37ddeebac63eb1848512c64a543a13ba6735b156c6dc13395890e8003e03e7c2613e2c1de1dfadfe072cd7655e3b4166fe973233b4f81ecf810541382d67c92f29d76e220543a7179b606011b932cee250f99f260b29e79236cec10b67e0e0e48cb74593a7ce2e3cfafb6c58ac7ae5c10a591037c380b5f7516cac8f4ec695b020ca2445cb9bf97eb56c09d4a62618871b482ef97c5894349e10f62e2ee68b
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 41ec87c0295f2c734169b8a23c66ac9a
+            Version: 3
+            TBS:
+                MD5: b1504f143b89a6080710bafcededb833
+                SHA1: 5c2696893ebba1e81d918a4fadda143c25c77286
+                SHA256: ae1dc09d08e93ace95fe203adfbfadcd4c029529d3f99ab381c368064b58d9a0
+                SHA384: 18c6db711578cfcd4bce87c63d053e242c7c196efc892c2d4a8733cb75bb7dc3cac3f702e0e1d4b7fa2c590acb53fdee
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 41ec87c0295f2c734169b8a23c66ac9a
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    Imphash: 28d780857f0f6616f938aca3a38b5072
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: d296fda4ade4f49f4defb49740ce23ca
+        SHA1: dd62a35fd568dd79419e151bce6e7c5a8c9819f3
+        SHA256: e03d8492926408a299100ef02c46bf3510a816bd9eed2f988b47c066049e9111
+    Company: Novell, Inc.
+    Copyright: (C) Copyright 2000-2015, Novell, Inc. All Rights Reserved.
+    CreationTimestamp: '2015-09-26 07:20:01'
+    Date: ''
+    Description: Novell XTCOM Services Driver
+    ExportedFunctions:
+    - NicmCreateInstance
+    - NicmDeregisterClassFactory
+    - NicmGetVersion
+    - NicmRegisterClassFactory
+    - XTComCreateInstance
+    - XTComDeregisterClassFactory
+    - XTComFreeUnusedLibrariesEx
+    - XTComGetClassObject
+    - XTComGetVersion
+    - XTComInitialize
+    - XTComRegisterClassFactory
+    FileVersion: 3.1.12.0
+    Filename: ''
+    ImportedFunctions:
+    - ExAcquireResourceExclusiveLite
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - strstr
+    - RtlInitAnsiString
+    - ExAcquireResourceSharedLite
+    - ExReleaseResourceLite
+    - RtlEqualString
+    - MmUnmapLockedPages
+    - ProbeForRead
+    - IoDeleteSymbolicLink
+    - IoRegisterShutdownNotification
+    - KeInitializeMutex
+    - KeLeaveCriticalRegion
+    - IoDeleteDevice
+    - ProbeForWrite
+    - IoFreeMdl
+    - KeEnterCriticalRegion
+    - KeReleaseMutex
+    - ZwCreateFile
+    - MmMapLockedPagesSpecifyCache
+    - IoUnregisterShutdownNotification
+    - ZwClose
+    - IofCompleteRequest
+    - IoSetTopLevelIrp
+    - KeWaitForSingleObject
+    - MmProbeAndLockPages
+    - MmUnlockPages
+    - ExDeleteResourceLite
+    - IoGetTopLevelIrp
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - ExInitializeResourceLite
+    - NtSetSecurityObject
+    - DbgPrintEx
+    - DbgPrint
+    - IoAllocateMdl
+    - RtlCreateSecurityDescriptor
+    - IoGetCurrentProcess
+    - ZwCreateKey
+    - RtlAnsiStringToUnicodeString
+    - ZwReadFile
+    - RtlInitUnicodeString
+    - RtlAppendUnicodeToString
+    - RtlUnicodeStringToAnsiString
+    - ZwSetValueKey
+    - ZwQuerySystemInformation
+    - RtlInitString
+    - KeDelayExecutionThread
+    - RtlFreeUnicodeString
+    - ZwWaitForSingleObject
+    - ZwQueryValueKey
+    - ZwQueryDirectoryFile
+    - RtlAppendUnicodeStringToString
+    - RtlCopyString
+    - MmIsAddressValid
+    - ZwOpenFile
+    - ZwQueryInformationFile
+    - ZwLoadDriver
+    - ZwOpenKey
+    - KeBugCheckEx
+    - __C_specific_handler
+    Imports:
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: 7eeb4c0cb786a409b94066986addf315
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: libnicm.sys
+    PDBPath: ''
+    Product: Novell XTier
+    ProductVersion: 3.1.12
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 8850702894d4f93edec22b7062734311
+        SHA1: b03ec8e4976ac440ec91c83869fd957a840a115a
+        SHA256: 7a395513b36fa940ad02212cddc492f51aaf9ceb39f1dc1aa684da55e4fd3cfc
+    SHA1: 005ac9213a8a4a6c421787a7b25c0bc7b9f3b309
+    SHA256: 3b7177e9a10c1392633c5f605600bb23c8629379f7f42957972374a05d4dc458
+    Sections:
+        .text:
+            Entropy: 6.322257190894552
+            Virtual Size: '0x3b20'
+        .rdata:
+            Entropy: 4.7192120759121075
+            Virtual Size: '0x584'
+        .data:
+            Entropy: 2.7659755587497967
+            Virtual Size: '0x968'
+        .pdata:
+            Entropy: 4.125409691380965
+            Virtual Size: '0x234'
+        .edata:
+            Entropy: 4.819413179899602
+            Virtual Size: '0x18e'
+        INIT:
+            Entropy: 5.789752688284005
+            Virtual Size: '0xb4c'
+        .rsrc:
+            Entropy: 3.297006918852943
+            Virtual Size: '0x360'
+        .reloc:
+            Entropy: 1.3741854163060885
+            Virtual Size: '0x18'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3
+                , Microsoft Software Validation v2, CN=Novell, Inc.
+            ValidFrom: '2013-03-05 00:00:00'
+            ValidTo: '2016-06-03 23:59:59'
+            Signature: dbb57cdba61b53b01c104cf3d4e6d31a0b127402fa3a5213dd686a48a858b7581868cb93fe789e249ef175deca865e2387ba579d8088691b5475c836d8c9fcafcca373a0d43c5a07029da9915827d5ca8fb80c0c676ce33f8f028e00d7a197b7ae7b0f726a1eed35d30591fffdbb14bd78c01c1d47cc18de85424fc81bbbbb1733498a35712ed119db159f3939fae462bcf5e2bde54b32c1cbe38a40f6389d5d849459a9401c4c0edeec46fe8dde11e184efb79298c1aa8f0a776e32be63d49b072d7f24c88eded44e6345e5df49a5592094278f8605402082896432b788f3bf1ea2e3912bc3c4bdaf6d609ee52d38fb25b9245441277b5ab7d70b0bda6fbfee
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 22184f284c89a9c053cd2b78b4189eea
+            Version: 3
+            TBS:
+                MD5: 5b1207ffffc0eff3784003d17b3e71a9
+                SHA1: 564b29bd3d1ae704393bf72a6e3e6931d3d4184d
+                SHA256: 2b9c106aae9a1675874a797c8571eb9fcec0a503ca4ddff69603321350fe3e68
+                SHA384: eac8e04313e7d424d650203026e3011abf7f02f40fecd7ab1a139aa229fabe40ac62b1f262780c4b27758214b08f7e87
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 22184f284c89a9c053cd2b78b4189eea
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: ad34ea17f90a34f6f84a399a96383ada
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 9af58e71b9b5720a3b8b2dec0a26f917
+        SHA1: ddb8f39d27ee3124553dac4b929898a261c021f7
+        SHA256: a1b56ae08d822bb5d041c2a67584371ffddcb7f6d69191efec5b8189e0028331
+    Company: Novell, Inc.
+    Copyright: (C) Copyright 2000-2013, Novell, Inc. All Rights Reserved.
+    CreationTimestamp: '2013-01-15 23:19:24'
+    Date: ''
+    Description: Novell XTCOM Services Driver
+    ExportedFunctions:
+    - NicmCreateInstance
+    - NicmDeregisterClassFactory
+    - NicmGetVersion
+    - NicmRegisterClassFactory
+    - XTComCreateInstance
+    - XTComDeregisterClassFactory
+    - XTComFreeUnusedLibrariesEx
+    - XTComGetClassObject
+    - XTComGetVersion
+    - XTComInitialize
+    - XTComRegisterClassFactory
+    FileVersion: 3.1.11.0
+    Filename: ''
+    ImportedFunctions:
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - RtlEqualString
+    - RtlInitAnsiString
+    - strstr
+    - ExReleaseResourceLite
+    - ExAcquireResourceExclusiveLite
+    - ExAcquireResourceSharedLite
+    - ExInitializeResourceLite
+    - ExDeleteResourceLite
+    - ZwClose
+    - NtSetSecurityObject
+    - ZwCreateFile
+    - RtlCreateSecurityDescriptor
+    - IoSetTopLevelIrp
+    - IoGetTopLevelIrp
+    - IofCompleteRequest
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - KeReleaseMutex
+    - KeWaitForSingleObject
+    - KeLeaveCriticalRegion
+    - IoFreeMdl
+    - MmUnlockPages
+    - MmUnmapLockedPages
+    - MmMapLockedPagesSpecifyCache
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - ProbeForWrite
+    - ProbeForRead
+    - KeEnterCriticalRegion
+    - IoUnregisterShutdownNotification
+    - IoCreateSymbolicLink
+    - IoRegisterShutdownNotification
+    - IoCreateDevice
+    - KeInitializeMutex
+    - DbgPrintEx
+    - IoGetCurrentProcess
+    - KeDelayExecutionThread
+    - RtlAnsiStringToUnicodeString
+    - RtlFreeUnicodeString
+    - ZwSetValueKey
+    - RtlInitUnicodeString
+    - ZwCreateKey
+    - RtlAppendUnicodeStringToString
+    - memset
+    - ZwQuerySystemInformation
+    - RtlUnicodeStringToAnsiString
+    - ZwQueryValueKey
+    - ZwOpenKey
+    - ZwOpenFile
+    - RtlCopyString
+    - MmIsAddressValid
+    - ZwWaitForSingleObject
+    - ZwReadFile
+    - ZwQueryInformationFile
+    - RtlInitString
+    - ZwQueryDirectoryFile
+    - ZwLoadDriver
+    - RtlAppendUnicodeToString
+    - KeTickCount
+    - KeBugCheckEx
+    - RtlUnwind
+    Imports:
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: fb7637cfe8562095937f4d6cff420784
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: libnicm.sys
+    PDBPath: ''
+    Product: Novell XTier
+    ProductVersion: 3.1.11
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 3a47368eb1de45f496d5ab77e5376986
+        SHA1: 3cd4b05433eebaf9a0c2f069a84c0de1146ea0b1
+        SHA256: a506b807681ea2fea75bedde727894b9f5ae4eb3837fc1d0645823ae1a1b61dc
+    SHA1: 19bf65bdd9d77f54f1e8ccf189dc114e752344b0
+    SHA256: f27febff1be9e89e48a9128e2121c7754d15f8a5b2e88c50102cecee5fe60229
+    Sections:
+        .text:
+            Entropy: 6.390147577837227
+            Virtual Size: '0x2e22'
+        .rdata:
+            Entropy: 5.285134093762338
+            Virtual Size: '0x328'
+        .data:
+            Entropy: 2.732784594862837
+            Virtual Size: '0x574'
+        .edata:
+            Entropy: 4.748735236610426
+            Virtual Size: '0x18e'
+        INIT:
+            Entropy: 5.770541512844784
+            Virtual Size: '0x8c0'
+        .rsrc:
+            Entropy: 3.293202571077708
+            Virtual Size: '0x360'
+        .reloc:
+            Entropy: 5.775021540790981
+            Virtual Size: '0x3ce'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        -   Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3
+                , Microsoft Software Validation v2, OU=Novell Products Group, CN=Novell,
+                Inc.
+            ValidFrom: '2010-04-03 00:00:00'
+            ValidTo: '2013-04-26 23:59:59'
+            Signature: 2d2eec4636a0c1f359ef30a107e6c2301ad12c09ab9fdac02211aaef81323d1daee3a14a150bf9f4c7d0d788d5f486ea75e40abeb502a2267171be53030fe7614af7a2015eabd4c26e887ec9220beb3666fc68158d2b8dd659e3fe55245821c10e37ddeebac63eb1848512c64a543a13ba6735b156c6dc13395890e8003e03e7c2613e2c1de1dfadfe072cd7655e3b4166fe973233b4f81ecf810541382d67c92f29d76e220543a7179b606011b932cee250f99f260b29e79236cec10b67e0e0e48cb74593a7ce2e3cfafb6c58ac7ae5c10a591037c380b5f7516cac8f4ec695b020ca2445cb9bf97eb56c09d4a62618871b482ef97c5894349e10f62e2ee68b
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 41ec87c0295f2c734169b8a23c66ac9a
+            Version: 3
+            TBS:
+                MD5: b1504f143b89a6080710bafcededb833
+                SHA1: 5c2696893ebba1e81d918a4fadda143c25c77286
+                SHA256: ae1dc09d08e93ace95fe203adfbfadcd4c029529d3f99ab381c368064b58d9a0
+                SHA384: 18c6db711578cfcd4bce87c63d053e242c7c196efc892c2d4a8733cb75bb7dc3cac3f702e0e1d4b7fa2c590acb53fdee
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 41ec87c0295f2c734169b8a23c66ac9a
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    Imphash: 28d780857f0f6616f938aca3a38b5072
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 93d6f10e70096a91206b6bca05e1f63a
+        SHA1: ced518548a4800f50ab31a24eda3475d46a5e0ac
+        SHA256: e0e65416f40cf3bea00d77515a7d8ab508d3aa2b7b622a8799a49635c4d5dbb5
+    Company: Novell, Inc.
+    Copyright: (C) Copyright 2000-2008, Novell, Inc. All Rights Reserved.
+    CreationTimestamp: '2009-09-08 13:35:51'
+    Date: ''
+    Description: Novell XTCOM Services Driver
+    ExportedFunctions:
+    - NicmCreateInstance
+    - NicmDeregisterClassFactory
+    - NicmGetVersion
+    - NicmRegisterClassFactory
+    - XTComCreateInstance
+    - XTComDeregisterClassFactory
+    - XTComFreeUnusedLibrariesEx
+    - XTComGetClassObject
+    - XTComGetVersion
+    - XTComInitialize
+    - XTComRegisterClassFactory
+    FileVersion: 3.1.6.0
+    Filename: ''
+    ImportedFunctions:
+    - ExFreePoolWithTag
+    - RtlInitAnsiString
+    - ExAcquireResourceSharedLite
+    - ExReleaseResourceLite
+    - RtlEqualString
+    - ExAcquireResourceExclusiveLite
+    - ExAllocatePoolWithTag
+    - strstr
+    - IoFreeMdl
+    - RtlCreateSecurityDescriptor
+    - KeEnterCriticalRegion
+    - KeReleaseMutex
+    - ZwCreateFile
+    - MmMapLockedPagesSpecifyCache
+    - IoUnregisterShutdownNotification
+    - ZwClose
+    - IofCompleteRequest
+    - IoSetTopLevelIrp
+    - MmUnmapLockedPages
+    - KeWaitForSingleObject
+    - ProbeForRead
+    - MmProbeAndLockPages
+    - IoDeleteSymbolicLink
+    - IoRegisterShutdownNotification
+    - MmUnlockPages
+    - KeInitializeMutex
+    - ExDeleteResourceLite
+    - KeLeaveCriticalRegion
+    - IoGetTopLevelIrp
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoCreateDevice
+    - ProbeForWrite
+    - ExInitializeResourceLite
+    - NtSetSecurityObject
+    - DbgPrintEx
+    - IoAllocateMdl
+    - IoGetCurrentProcess
+    - ZwLoadDriver
+    - ZwReadFile
+    - RtlInitUnicodeString
+    - ZwOpenKey
+    - RtlAppendUnicodeToString
+    - RtlUnicodeStringToAnsiString
+    - ZwSetValueKey
+    - ZwQuerySystemInformation
+    - RtlInitString
+    - KeDelayExecutionThread
+    - RtlFreeUnicodeString
+    - ZwWaitForSingleObject
+    - ZwQueryValueKey
+    - ZwQueryDirectoryFile
+    - RtlAppendUnicodeStringToString
+    - RtlCopyString
+    - MmIsAddressValid
+    - ZwCreateKey
+    - ZwOpenFile
+    - RtlAnsiStringToUnicodeString
+    - ZwQueryInformationFile
+    - KeBugCheckEx
+    - __C_specific_handler
+    Imports:
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: bafd6bad121e42f940a0b8abc587eadf
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: libnicm.sys
+    PDBPath: ''
+    Product: Novell XTier
+    ProductVersion: 3.1.6
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: c93ac24ebf03669439ddaedcdec40816
+        SHA1: 5fa20de9a3815959d4a524edfd3e84d75d9057a9
+        SHA256: 143c2b92a334ff7919b92c2360f8a38b2ba578796bef13a77df8bbc2cefeee47
+    SHA1: 3def50587309440e3b9e595bdbe4dde8d69a64e7
+    SHA256: dd2f1f7012fb1f4b2fb49be57af515cb462aa9c438e5756285d914d65da3745b
+    Sections:
+        .text:
+            Entropy: 6.3095364913748115
+            Virtual Size: '0x396c'
+        .rdata:
+            Entropy: 4.746906962556568
+            Virtual Size: '0x530'
+        .data:
+            Entropy: 2.7659755587497967
+            Virtual Size: '0x968'
+        .pdata:
+            Entropy: 4.108343771081182
+            Virtual Size: '0x1f8'
+        .edata:
+            Entropy: 4.831309163281578
+            Virtual Size: '0x18e'
+        INIT:
+            Entropy: 5.7600622039931295
+            Virtual Size: '0xb18'
+        .rsrc:
+            Entropy: 3.2975194770283838
+            Virtual Size: '0x358'
+        .reloc:
+            Entropy: 1.3741854163060885
+            Virtual Size: '0x18'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3
+                , Microsoft Software Validation v2, OU=Novell Products Group, CN=Novell,
+                Inc.
+            ValidFrom: '2007-04-04 00:00:00'
+            ValidTo: '2010-04-27 23:59:59'
+            Signature: 267f71f6ee43755fd6395f85c34bb15a72a6f2a959c2074627d294395fb1aaa4c7bbeff369d735628b233bde7e5c95a0f1837e5ad03704270834ce9c1b07649a256027930f44e064568666b06e7f9dc3cd299b38b0a6766301200ab58434a05a34a369ab99bbbf2aaa6b3603481e0393a80ea09e78a7cf55317a9590c49887f02e1fd948c3b1f6d203e91782ce423d0569f45e7f074205df5f92be6ccd9836641439af4390022242e0ca84aedb0d71c5a50f2dbd1ed30e5ac9c1bda67c694f94f2fe4aa83945ed32e426afe26f44dcb6dcc8186728f86f1a1bddc1ea7dd82b76578a42d1e63bf5f8f348fbcd509094858978e375d277394529df1dd5d78abab2
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 4808d93b14b8600dbfa18dab5d15310f
+            Version: 3
+            TBS:
+                MD5: adddb65a3a360b3c1a55cb33e426f32a
+                SHA1: 93d9b282265288a94ee4f1a01c5fb3a08badb7ac
+                SHA256: d98d63f26125a94eb767fdd2526f6c74bfb40cb4d117a1d87ca3ed0d99bd6f0b
+                SHA384: cf20d9d6343b52b05ebaeace8a75ad950089e2d55508571cf5b153583fdf2d7b11bc61b8f38bfa70f09b2e7ac63d9ef5
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 4808d93b14b8600dbfa18dab5d15310f
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    Imphash: 96f270be3f73ec3fc2f2237fe84efca0
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: f4c87edbb9a270058e01fdc58f29692a
+        SHA1: e82346880e59a3d7652896128eb91512f5ee3d53
+        SHA256: bd1d579a15ec3c1120cc6e0c8ff6b265623980de3570a5dd2f57d0c5981334d8
+    Company: Micro Focus
+    Copyright: (C) Copyright 2000-2017, Micro Focus. All Rights Reserved.
+    CreationTimestamp: '2022-03-03 03:49:58'
+    Date: ''
+    Description: XTier COM Services Driver
+    ExportedFunctions:
+    - NicmCreateInstance
+    - NicmDeregisterClassFactory
+    - NicmGetVersion
+    - NicmRegisterClassFactory
+    - XTComCreateInstance
+    - XTComDeregisterClassFactory
+    - XTComFreeUnusedLibrariesEx
+    - XTComGetClassObject
+    - XTComGetVersion
+    - XTComInitialize
+    - XTComRegisterClassFactory
+    FileVersion: 3.1.12.0
+    Filename: libnicm.sys
+    ImportedFunctions:
+    - ExAcquireResourceExclusiveLite
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - strstr
+    - RtlInitAnsiString
+    - ExAcquireResourceSharedLite
+    - ExReleaseResourceLite
+    - RtlEqualString
+    - MmUnmapLockedPages
+    - ProbeForRead
+    - IoDeleteSymbolicLink
+    - IoRegisterShutdownNotification
+    - KeInitializeMutex
+    - KeLeaveCriticalRegion
+    - IoDeleteDevice
+    - ProbeForWrite
+    - IoFreeMdl
+    - KeEnterCriticalRegion
+    - KeReleaseMutex
+    - ZwCreateFile
+    - MmMapLockedPagesSpecifyCache
+    - IoUnregisterShutdownNotification
+    - ZwClose
+    - IofCompleteRequest
+    - IoSetTopLevelIrp
+    - KeWaitForSingleObject
+    - MmProbeAndLockPages
+    - MmUnlockPages
+    - ExDeleteResourceLite
+    - IoGetTopLevelIrp
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - ExInitializeResourceLite
+    - NtSetSecurityObject
+    - DbgPrintEx
+    - DbgPrint
+    - IoAllocateMdl
+    - RtlCreateSecurityDescriptor
+    - IoGetCurrentProcess
+    - ZwCreateKey
+    - RtlAnsiStringToUnicodeString
+    - ZwReadFile
+    - RtlInitUnicodeString
+    - RtlAppendUnicodeToString
+    - RtlUnicodeStringToAnsiString
+    - ZwSetValueKey
+    - ZwQuerySystemInformation
+    - RtlInitString
+    - KeDelayExecutionThread
+    - RtlFreeUnicodeString
+    - ZwWaitForSingleObject
+    - ZwQueryValueKey
+    - ZwQueryDirectoryFile
+    - RtlAppendUnicodeStringToString
+    - RtlCopyString
+    - MmIsAddressValid
+    - ZwOpenFile
+    - ZwQueryInformationFile
+    - ZwLoadDriver
+    - ZwOpenKey
+    - KeBugCheckEx
+    - __C_specific_handler
+    Imports:
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: c1fce7aac4e9dd7a730997e2979fa1e2
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: libnicm.sys
+    Product: Micro Focus XTier
+    ProductVersion: 3.1.12
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 8850702894d4f93edec22b7062734311
+        SHA1: b03ec8e4976ac440ec91c83869fd957a840a115a
+        SHA256: 7a395513b36fa940ad02212cddc492f51aaf9ceb39f1dc1aa684da55e4fd3cfc
+    SHA1: 25d812a5ece19ea375178ef9d60415841087726e
+    SHA256: 95d50c69cdbf10c9c9d61e64fe864ac91e6f6caa637d128eb20e1d3510e776d3
+    Sections:
+        .text:
+            Entropy: 6.322257190894552
+            Virtual Size: '0x3b20'
+        .rdata:
+            Entropy: 4.729785285634881
+            Virtual Size: '0x584'
+        .data:
+            Entropy: 2.7659755587497967
+            Virtual Size: '0x968'
+        .pdata:
+            Entropy: 4.125409691380965
+            Virtual Size: '0x234'
+        .edata:
+            Entropy: 4.826534955920045
+            Virtual Size: '0x18e'
+        INIT:
+            Entropy: 5.789752688284005
+            Virtual Size: '0xb4c'
+        .rsrc:
+            Entropy: 3.313981481012639
+            Virtual Size: '0x358'
+        .reloc:
+            Entropy: 1.3741854163060885
+            Virtual Size: '0x18'
+    Signature:
+    - Microsoft Windows Hardware Compatibility Publisher
+    - Microsoft Windows Third Party Component CA 2014
+    - Microsoft Root Certificate Authority 2010
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Hardware Compatibility Publisher
+            ValidFrom: '2021-09-09 19:15:59'
+            ValidTo: '2022-09-01 19:15:59'
+            Signature: 1757782e797188079911866d54bd474a2432707984658c549a407e7fb4e5efa2ba72367a02b382d2116d4c4538836ddcd4616fcd231229df1ae5d0da6b3abe499ee5d8b47a7919940f6bbcbe2575018dca65eef4913e3d38410f2cd6cca3082d9ba2c061173cd828635665f76e8f0f685e03da24290b9d2cae7039da974de7b7e85798ba64cbe9ba34e0308c3bd6b4d68e9723fde74274fd3806fe799d04d6a3835f82d4fefc52088ccda4b4c817116f2f5a99445a3e952d78bc27753e65e97c6271c71ac7c9e3439b847e8984ab06a5904d150223f9ca92bbda86c02663c3f4964da5e106619b6eaff2768143cce9e5a8b0b2cba90e82cd87866d9fd6499c6cfbc96529a18b5653d12b54a6c928693a4e3d197ffbfcce7ed71a909b18d09b4345b24bc25eb8dfa1821a9cd0971ffc7d38a26580e2f118c4ac55bf926d0666b72ad7ba6ec20f0b54d694bc3b8a0dbddda27bd64194da085319841d1ebc9dc067ef72ea064a475bea865828b13077bc8e14e2f7544b90f0045f3cd84bcc0d5a80645a6fb65528e4f768ec775bdb0225399f3c81c0b667714676d0949f9ffaddc8549dc45e5ce4345c4ea7dc0aff4ac510f5527ad94a2181edc4b73bcfde813a83d81ca897854c98712346001a12e5d3bf9a45c807f9b3c7d3e0bb99c035ea54ee39e2c9af4147dbea7aabec85b47192b945e083ddf6061afb901e83b11135d24e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 330000004de597a775e3157f7b00000000004d
+            Version: 3
+            TBS:
+                MD5: 9f0782e89bd41cdd96ec55357457478a
+                SHA1: 35c2180572baad19019acca1334e6c653699c389
+                SHA256: 50814710213afec410f26e573d25267a2e21d3d15f158be8a43a666c9cc6fa08
+                SHA384: 8d48f066b0284071d64bbc556e018824a8388ccd142a56c7b7b04ef6d27cade07da57ac82d8067e18ad64d35af11e2a7
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2014
+            ValidFrom: '2014-10-15 20:31:27'
+            ValidTo: '2029-10-15 20:41:27'
+            Signature: 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 330000000d690d5d7893d076df00000000000d
+            Version: 3
+            TBS:
+                MD5: 83f69422963f11c3c340b81712eef319
+                SHA1: 0c5e5f24590b53bc291e28583acb78e5adc95601
+                SHA256: d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
+                SHA384: 260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63
+        Signer:
+        -   SerialNumber: 330000004de597a775e3157f7b00000000004d
+            Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2014
+            Version: 1
+    Imphash: ad34ea17f90a34f6f84a399a96383ada
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/2bea1bca-753c-4f09-bc9f-566ab0193f4a.yaml b/yaml/2bea1bca-753c-4f09-bc9f-566ab0193f4a.yaml
index 8536b3b13..435fa2881 100644
--- a/yaml/2bea1bca-753c-4f09-bc9f-566ab0193f4a.yaml
+++ b/yaml/2bea1bca-753c-4f09-bc9f-566ab0193f4a.yaml
@@ -1,548 +1,23 @@
-Acknowledgement:
-  Handle: '@mattnotmax'
-  Person: MattNotMax
+Id: 2bea1bca-753c-4f09-bc9f-566ab0193f4a
+Tags:
+- gdrv.sys
+Verified: 'TRUE'
 Author: Michael Haag, rasta-mouse, goosvorbook
-CVEs:
-- CVE-2018-19320
-- CVE-2018-19322
-- CVE-2018-19323
-- CVE-2018-19321
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create gdrv.sys binPath=C:\windows\temp\gdrv.sys type=kernel &&
-    sc.exe start gdrv.sys
-  Description: 'gdrv.sys is vulnerable to multiple CVEs: CVE-2018-19320, CVE-2018-19322,
-    CVE-2018-19323, CVE-2018-19321. Read/Write Physical memory, read/write to/from
-    IO ports, exposes ring0 memcpy-like functionality,  read and write Machine Specific
-    Registers (MSRs). Affected versions: GIGABYTE APP Center v1.05.21 and previous,
-    AORUS GRAPHICS ENGINE v1.33 and previous, XTREME GAMING ENGINE v1.25 and previous,
-    OC GURU II v2.08'
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges, tamper with PPL or system processes
 Created: '2023-01-09'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/31f4cfb4c71da44120752721103a16512444c13c2ac2d857a7e6f13cb679b427.yara
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/ff6729518a380bf57f1bc6f1ec0aa7f3012e1618b8d9b0f31a61d299ee2b4339.yara
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: 2bea1bca-753c-4f09-bc9f-566ab0193f4a
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: b18b1bff521337695d2d6a0768340252
-    SHA1: 0f5034fcf5b34be22a72d2ecc29e348e93b6f00f
-    SHA256: 9c0e80958b907c8df345ec2f8d711acefb4951ee3e6e84892ecd429f5e1f3acb
-  Company: Windows (R) Server 2003 DDK provider
-  Copyright: "\xA9 Microsoft Corporation. All rights reserved."
-  CreationTimestamp: '2013-07-03 22:27:55'
-  Date: ''
-  Description: GIGABYTE Tools
-  ExportedFunctions: ''
-  FileVersion: '5.2.3790.1830 built by: WinDDK'
-  Filename: gdrv.sys
-  ImportedFunctions:
-  - IoCreateDevice
-  - RtlInitUnicodeString
-  - DbgPrint
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - MmUnmapIoSpace
-  - IoFreeMdl
-  - MmUnmapLockedPages
-  - MmMapIoSpace
-  - ZwClose
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - IoCreateSymbolicLink
-  - KeAcquireInStackQueuedSpinLock
-  - MmFreeContiguousMemory
-  - MmIsAddressValid
-  - MmAllocateContiguousMemory
-  - MmGetPhysicalAddress
-  - IofCompleteRequest
-  - ExAllocatePoolWithTag
-  - MmMapLockedPages
-  - MmBuildMdlForNonPagedPool
-  - IoAllocateMdl
-  - ZwUnmapViewOfSection
-  - KeReleaseInStackQueuedSpinLock
-  - IoDeleteDevice
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: gdrv.sys
-  MD5: 9ab9f3b75a2eb87fafb1b7361be9dfb3
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: gdrv.sys
-  Product: Windows (R) Server 2003 DDK driver
-  ProductVersion: 5.2.3790.1830
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 2c77dbb41d635860b678106d8fa08bb9
-    SHA1: 4051f5ac448fe8692e040214388d39e15e328d94
-    SHA256: 6254640a7abc96cdb67d146d6295362aaff6ef9f6a04015883379d7008d86322
-  SHA1: fe10018af723986db50701c8532df5ed98b17c39
-  SHA256: 31f4cfb4c71da44120752721103a16512444c13c2ac2d857a7e6f13cb679b427
-  Sections:
-    .text:
-      Entropy: 6.2502047491555315
-      Virtual Size: '0x2dc8'
-    .rdata:
-      Entropy: 4.431694959682769
-      Virtual Size: '0x610'
-    .data:
-      Entropy: 0.4231266687750792
-      Virtual Size: '0x158'
-    .pdata:
-      Entropy: 4.120326366692263
-      Virtual Size: '0x2dc'
-    INIT:
-      Entropy: 4.963482726390094
-      Virtual Size: '0x412'
-    .rsrc:
-      Entropy: 3.471909950512757
-      Virtual Size: '0x3e8'
-  Signature:
-  - Giga-Byte Technology
-  - VeriSign Class 3 Code Signing 2009-2 CA
-  - VeriSign Class 3 Public Primary CA
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=TW, ST=Taiwan, L=Taipei Hsien, O=Giga,Byte Technology, OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=Testing Department, CN=Giga,Byte
-        Technology
-      ValidFrom: '2010-08-23 00:00:00'
-      ValidTo: '2013-10-17 23:59:59'
-      Signature: a91cbb579fbb2bc2ed2fe0fa0055cc881ce21e175262d28efea8bd12eff1095eb750b2fc7b842c4c739c2e4ef41d1065df039d1d62e0c5db62340fd1989efcc16e97b23caaa71e40dcabaf4aa34dd7d53a3ef5c0f2fec1b964798d2a1c8b11d68ea326495fbede162652faa523ce52ed60ca5227dddeab211b90965b866425adc84465117f3ec040cb005aa590ef69a70db0de17af66f3e52da6b8c93237fc1975e2891c89712971266c80956a21542c71e1962b16655373911c3ea09bd0b26c866eb1a9fe4f1d0f7be30888c529b148990b4f226897e2a4a651c80cc79196f2731949d190c67be01b82362956317bc3487f490b460924ad135d97c6f9526292
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 248472542c24ab8e429229acf121ca26
-      Version: 3
-      TBS:
-        MD5: dc48abdae01614d4607b1f5760dfce88
-        SHA1: 467c1868ddb5ef8db746e66acbaab9fdd03fb740
-        SHA256: a7f448e2fe327e481adfd1e89db612d5c58ff7891373a6e398ab98ddaeae74c5
-        SHA384: eb0d25fdcfab622d1c80a92ecd689bde520ed2b8099b4120194daa1a0013cabc5bd5792b0c1f12ca9c93fa4518aa2ca7
-    Signer:
-    - SerialNumber: 248472542c24ab8e429229acf121ca26
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  Imphash: cc81a908891587ccac8059435eda4c66
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: bf45a5d10968424666abede02113a509
-    SHA1: 5c26f130f6a5ad8bdd2eed29140542dae0885b17
-    SHA256: 34da66774ba09c4a8fc59349401ca1fefaaf4e66a9c620c7782c072a16089ba3
-  Company: GIGA-BYTE TECHNOLOGY CO., LTD.
-  Copyright: Copyright (C) 2017
-  CreationTimestamp: '2017-11-30 22:40:53'
-  Date: 2013-07-03 17:32:00 UTC, 2017-11-30 18:40:00 UTC
-  Description: GIGA-BYTE NonPNP Driver
-  ExportedFunctions: ''
-  FileVersion: 1.0.0.1
-  Filename: gdrv.sys
-  ImportedFunctions:
-  - KeAcquireInStackQueuedSpinLock
-  - KeReleaseInStackQueuedSpinLock
-  - ExAllocatePool
-  - ExFreePoolWithTag
-  - MmBuildMdlForNonPagedPool
-  - MmMapLockedPages
-  - MmUnmapLockedPages
-  - MmMapIoSpace
-  - MmUnmapIoSpace
-  - MmAllocateContiguousMemory
-  - MmFreeContiguousMemory
-  - IoAllocateMdl
-  - IofCompleteRequest
-  - DbgPrint
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - IoFreeMdl
-  - ObReferenceObjectByHandle
-  - ZwClose
-  - ZwOpenSection
-  - ZwMapViewOfSection
-  - ZwUnmapViewOfSection
-  - MmGetPhysicalAddress
-  - MmIsAddressValid
-  - KeBugCheckEx
-  - IoCreateDevice
-  - RtlInitUnicodeString
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: gdrv.sys
-  MD5: 1cff7b947f8c3dea1d34dc791fc78cdc
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: gdrv.sys
-  Product: gdrv64
-  ProductVersion: '17120101'
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 70b1ee9be3128d3a3c5bf7c1f897432b
-    SHA1: c014187bfa0e24bebb124cb9ec8f15c032a84dfd
-    SHA256: 6a6338f1e739e18916862bfc84b364e3f8669e92eb2cd15505fff4f9bb5637ee
-  SHA1: 8d59fd14a445c8f3f0f7991fa6cd717d466b3754
-  SHA256: ff6729518a380bf57f1bc6f1ec0aa7f3012e1618b8d9b0f31a61d299ee2b4339
-  Sections:
-    .text:
-      Entropy: 6.467558996526725
-      Virtual Size: '0x2a8f'
-    .rdata:
-      Entropy: 4.214092846808287
-      Virtual Size: '0x6a0'
-    .data:
-      Entropy: 1.2607720515150977
-      Virtual Size: '0x54'
-    .pdata:
-      Entropy: 3.937251533548631
-      Virtual Size: '0x1ec'
-    .gfids:
-      Entropy: 0.8112781244591328
-      Virtual Size: '0x4'
-    INIT:
-      Entropy: 5.256526972951585
-      Virtual Size: '0x44c'
-    .rsrc:
-      Entropy: 3.3029113366937604
-      Virtual Size: '0x348'
-    .reloc:
-      Entropy: 2.7500000000000004
-      Virtual Size: '0x18'
-  Signature:
-  - GIGA-BYTE TECHNOLOGY CO., LTD.
-  - Symantec Class 3 SHA256 Code Signing CA
-  - VeriSign
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=TW, ST=Taiwan, L=NEW TAIPEI, O=GIGA,BYTE TECHNOLOGY CO., LTD., CN=GIGA,BYTE
-        TECHNOLOGY CO., LTD.
-      ValidFrom: '2016-07-21 00:00:00'
-      ValidTo: '2019-09-19 23:59:59'
-      Signature: 088e59029abef549a30601c39db2cb687032de13f40c63bd0d88dbe858d6ddddbdc235044f1f31ddf3f6c960583264c9b7306dadb38eb64160a40e804bfee6deac624b7283eba48591daa22ca7523b1518ce792115fbbc4d9c312d824dd0c4566aa985e8a60cb486447fbba0f2c1de3eff0d98cbdeef89653f045203fda3b6a421d08ed13e45616e7c196ed56284b68d16e24e62ba8222fa6b15c7b586132dd3777b42908d930ab082f549516d886449ae87c20bb0c8474777de6c91917d8f173468f72ef3f89898fed2d861c31a8ea2659eabc3cc023e2008fca26f4c1c7d05594faecb6e437d61c11e947f6fdb6cc0db9cdfd6546d5212c94ed8a37fb723e7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 2ad22e071f61cafe7884bfa43a31b21b
-      Version: 3
-      TBS:
-        MD5: 50709ce3a9d9947196f8c152ac6b7e98
-        SHA1: 5132abcc111cb532cccd06ff4f92bd9269fd9c8b
-        SHA256: 163f38b3e76f73f6ed3909bae3036f6e3a923b202d3a9f994aa084ee81f3788a
-        SHA384: 6cab2d8d58f99daa3b8d7dd9b711172d5953748a8368ecd1e8e15af8ff0fac8e66c126f952be97321b75fe7a1bc87cb8
-    - Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 SHA256 Code Signing CA
-      ValidFrom: '2013-12-10 00:00:00'
-      ValidTo: '2023-12-09 23:59:59'
-      Signature: 13851a1e69a937f7a0bda4af7e1d6153fe9d8c5e0ca6751e781723ddfdec1a035539fb7195c7655aa78e30d2445a61db706fda2105c22e73ba49f1d193fe5dc9cd5e03e0899e3f741ed7f7388ba9d6cfbb352f3358a89256d1c84d3b82e6798416fc28b0b147f31da23eee87d9a67fa456a53fad842e29de7cbca8aaa33d0401eaba93a20e502229174c87e43a115fd6a425899b056b2fb4c9014c277b0bac190522a060153fdac9fb4d4c8ffb726777fd2794c7ba350e8849fe8dfd28af4a12bd0db39705de440c15fa362b03dcc15001f1a1115d14e5e2bd274b54be2b845e0fa6c374050aef97c38922b11f77f3bdcd43d4f14ca93fb58b84af64f2d01421
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 3d78d7f9764960b2617df4f01eca862a
-      Version: 3
-      TBS:
-        MD5: 1f056ff7d5f874984dc605402b7cb042
-        SHA1: bdb348353a2203deb4b767914fa1bd7248dd728b
-        SHA256: a08e79c386083d875014c409c13d144e0a24386132980df11ff59737c8489eb1
-        SHA384: fa2729064b49e0d77540c1ee95d5f74acaf8eaf55197851a3a40383335f8113e51190bc48b552196edf8ac5cf0c89278
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    Signer:
-    - SerialNumber: 2ad22e071f61cafe7884bfa43a31b21b
-      Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 SHA256 Code Signing CA
-      Version: 1
-  Imphash: 1d774a94ad511efe5ebfe70acc6f8c85
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: b18b1bff521337695d2d6a0768340252
-    SHA1: 0f5034fcf5b34be22a72d2ecc29e348e93b6f00f
-    SHA256: 9c0e80958b907c8df345ec2f8d711acefb4951ee3e6e84892ecd429f5e1f3acb
-  Company: Windows (R) Server 2003 DDK provider
-  Copyright: "\xA9 Microsoft Corporation. All rights reserved."
-  CreationTimestamp: '2013-07-03 22:27:55'
-  Date: ''
-  Description: GIGABYTE Tools
-  ExportedFunctions: ''
-  FileVersion: '5.2.3790.1830 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - IoCreateDevice
-  - RtlInitUnicodeString
-  - DbgPrint
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - MmUnmapIoSpace
-  - IoFreeMdl
-  - MmUnmapLockedPages
-  - MmMapIoSpace
-  - ZwClose
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - IoCreateSymbolicLink
-  - KeAcquireInStackQueuedSpinLock
-  - MmFreeContiguousMemory
-  - MmIsAddressValid
-  - MmAllocateContiguousMemory
-  - MmGetPhysicalAddress
-  - IofCompleteRequest
-  - ExAllocatePoolWithTag
-  - MmMapLockedPages
-  - MmBuildMdlForNonPagedPool
-  - IoAllocateMdl
-  - ZwUnmapViewOfSection
-  - KeReleaseInStackQueuedSpinLock
-  - IoDeleteDevice
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: gdrv.sys
-  MD5: 95a95e28cf5ee4ece6ffbaf169358192
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: gdrv.sys
-  PDBPath: ''
-  Product: Windows (R) Server 2003 DDK driver
-  ProductVersion: 5.2.3790.1830
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 2c77dbb41d635860b678106d8fa08bb9
-    SHA1: 4051f5ac448fe8692e040214388d39e15e328d94
-    SHA256: 6254640a7abc96cdb67d146d6295362aaff6ef9f6a04015883379d7008d86322
-  SHA1: 84341ed15d645c4daedcdd39863998761e4cb0e3
-  SHA256: 88992ddcb9aaedb8bfcc9b4354138d1f7b0d7dddb9e7fcc28590f27824bee5c3
-  Sections:
-    .text:
-      Entropy: 6.2502047491555315
-      Virtual Size: '0x2dc8'
-    .rdata:
-      Entropy: 4.431694959682769
-      Virtual Size: '0x610'
-    .data:
-      Entropy: 0.4231266687750792
-      Virtual Size: '0x158'
-    .pdata:
-      Entropy: 4.120326366692263
-      Virtual Size: '0x2dc'
-    INIT:
-      Entropy: 4.963482726390094
-      Virtual Size: '0x412'
-    .rsrc:
-      Entropy: 3.471909950512757
-      Virtual Size: '0x3e8'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=TW, ST=Taiwan, L=Taipei Hsien, O=Giga,Byte Technology, OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=Testing Department, CN=Giga,Byte
-        Technology
-      ValidFrom: '2010-08-23 00:00:00'
-      ValidTo: '2013-10-17 23:59:59'
-      Signature: a91cbb579fbb2bc2ed2fe0fa0055cc881ce21e175262d28efea8bd12eff1095eb750b2fc7b842c4c739c2e4ef41d1065df039d1d62e0c5db62340fd1989efcc16e97b23caaa71e40dcabaf4aa34dd7d53a3ef5c0f2fec1b964798d2a1c8b11d68ea326495fbede162652faa523ce52ed60ca5227dddeab211b90965b866425adc84465117f3ec040cb005aa590ef69a70db0de17af66f3e52da6b8c93237fc1975e2891c89712971266c80956a21542c71e1962b16655373911c3ea09bd0b26c866eb1a9fe4f1d0f7be30888c529b148990b4f226897e2a4a651c80cc79196f2731949d190c67be01b82362956317bc3487f490b460924ad135d97c6f9526292
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 248472542c24ab8e429229acf121ca26
-      Version: 3
-      TBS:
-        MD5: dc48abdae01614d4607b1f5760dfce88
-        SHA1: 467c1868ddb5ef8db746e66acbaab9fdd03fb740
-        SHA256: a7f448e2fe327e481adfd1e89db612d5c58ff7891373a6e398ab98ddaeae74c5
-        SHA384: eb0d25fdcfab622d1c80a92ecd689bde520ed2b8099b4120194daa1a0013cabc5bd5792b0c1f12ca9c93fa4518aa2ca7
-    Signer:
-    - SerialNumber: 248472542c24ab8e429229acf121ca26
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  Imphash: cc81a908891587ccac8059435eda4c66
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create gdrv.sys binPath=C:\windows\temp\gdrv.sys type=kernel &&
+        sc.exe start gdrv.sys
+    Description: 'gdrv.sys is vulnerable to multiple CVEs: CVE-2018-19320, CVE-2018-19322,
+        CVE-2018-19323, CVE-2018-19321. Read/Write Physical memory, read/write to/from
+        IO ports, exposes ring0 memcpy-like functionality,  read and write Machine
+        Specific Registers (MSRs). Affected versions: GIGABYTE APP Center v1.05.21
+        and previous, AORUS GRAPHICS ENGINE v1.33 and previous, XTREME GAMING ENGINE
+        v1.25 and previous, OC GURU II v2.08'
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges, tamper with PPL or system processes
 Resources:
 - https://github.com/hoangprod/DanSpecial
 - https://github.com/namazso/physmem_drivers
@@ -550,6 +25,533 @@ Resources:
 - https://medium.com/@fsx30/weaponizing-vulnerable-driver-for-privilege-escalation-gigabyte-edition-e73ee523598b
 - https://github.com/namazso/physmem_drivers
 - https://github.com/hmnthabit/CVE-2018-19320-LPE
-Tags:
-- gdrv.sys
-Verified: 'TRUE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/31f4cfb4c71da44120752721103a16512444c13c2ac2d857a7e6f13cb679b427.yara
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/ff6729518a380bf57f1bc6f1ec0aa7f3012e1618b8d9b0f31a61d299ee2b4339.yara
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: '@mattnotmax'
+    Person: MattNotMax
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: b18b1bff521337695d2d6a0768340252
+        SHA1: 0f5034fcf5b34be22a72d2ecc29e348e93b6f00f
+        SHA256: 9c0e80958b907c8df345ec2f8d711acefb4951ee3e6e84892ecd429f5e1f3acb
+    Company: Windows (R) Server 2003 DDK provider
+    Copyright: "\xA9 Microsoft Corporation. All rights reserved."
+    CreationTimestamp: '2013-07-03 22:27:55'
+    Date: ''
+    Description: GIGABYTE Tools
+    ExportedFunctions: ''
+    FileVersion: '5.2.3790.1830 built by: WinDDK'
+    Filename: gdrv.sys
+    ImportedFunctions:
+    - IoCreateDevice
+    - RtlInitUnicodeString
+    - DbgPrint
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - MmUnmapIoSpace
+    - IoFreeMdl
+    - MmUnmapLockedPages
+    - MmMapIoSpace
+    - ZwClose
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - IoCreateSymbolicLink
+    - KeAcquireInStackQueuedSpinLock
+    - MmFreeContiguousMemory
+    - MmIsAddressValid
+    - MmAllocateContiguousMemory
+    - MmGetPhysicalAddress
+    - IofCompleteRequest
+    - ExAllocatePoolWithTag
+    - MmMapLockedPages
+    - MmBuildMdlForNonPagedPool
+    - IoAllocateMdl
+    - ZwUnmapViewOfSection
+    - KeReleaseInStackQueuedSpinLock
+    - IoDeleteDevice
+    - HalTranslateBusAddress
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: gdrv.sys
+    MD5: 9ab9f3b75a2eb87fafb1b7361be9dfb3
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: gdrv.sys
+    Product: Windows (R) Server 2003 DDK driver
+    ProductVersion: 5.2.3790.1830
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 2c77dbb41d635860b678106d8fa08bb9
+        SHA1: 4051f5ac448fe8692e040214388d39e15e328d94
+        SHA256: 6254640a7abc96cdb67d146d6295362aaff6ef9f6a04015883379d7008d86322
+    SHA1: fe10018af723986db50701c8532df5ed98b17c39
+    SHA256: 31f4cfb4c71da44120752721103a16512444c13c2ac2d857a7e6f13cb679b427
+    Sections:
+        .text:
+            Entropy: 6.2502047491555315
+            Virtual Size: '0x2dc8'
+        .rdata:
+            Entropy: 4.431694959682769
+            Virtual Size: '0x610'
+        .data:
+            Entropy: 0.4231266687750792
+            Virtual Size: '0x158'
+        .pdata:
+            Entropy: 4.120326366692263
+            Virtual Size: '0x2dc'
+        INIT:
+            Entropy: 4.963482726390094
+            Virtual Size: '0x412'
+        .rsrc:
+            Entropy: 3.471909950512757
+            Virtual Size: '0x3e8'
+    Signature:
+    - Giga-Byte Technology
+    - VeriSign Class 3 Code Signing 2009-2 CA
+    - VeriSign Class 3 Public Primary CA
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=TW, ST=Taiwan, L=Taipei Hsien, O=Giga,Byte Technology, OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, OU=Testing Department,
+                CN=Giga,Byte Technology
+            ValidFrom: '2010-08-23 00:00:00'
+            ValidTo: '2013-10-17 23:59:59'
+            Signature: a91cbb579fbb2bc2ed2fe0fa0055cc881ce21e175262d28efea8bd12eff1095eb750b2fc7b842c4c739c2e4ef41d1065df039d1d62e0c5db62340fd1989efcc16e97b23caaa71e40dcabaf4aa34dd7d53a3ef5c0f2fec1b964798d2a1c8b11d68ea326495fbede162652faa523ce52ed60ca5227dddeab211b90965b866425adc84465117f3ec040cb005aa590ef69a70db0de17af66f3e52da6b8c93237fc1975e2891c89712971266c80956a21542c71e1962b16655373911c3ea09bd0b26c866eb1a9fe4f1d0f7be30888c529b148990b4f226897e2a4a651c80cc79196f2731949d190c67be01b82362956317bc3487f490b460924ad135d97c6f9526292
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 248472542c24ab8e429229acf121ca26
+            Version: 3
+            TBS:
+                MD5: dc48abdae01614d4607b1f5760dfce88
+                SHA1: 467c1868ddb5ef8db746e66acbaab9fdd03fb740
+                SHA256: a7f448e2fe327e481adfd1e89db612d5c58ff7891373a6e398ab98ddaeae74c5
+                SHA384: eb0d25fdcfab622d1c80a92ecd689bde520ed2b8099b4120194daa1a0013cabc5bd5792b0c1f12ca9c93fa4518aa2ca7
+        Signer:
+        -   SerialNumber: 248472542c24ab8e429229acf121ca26
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    Imphash: cc81a908891587ccac8059435eda4c66
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: bf45a5d10968424666abede02113a509
+        SHA1: 5c26f130f6a5ad8bdd2eed29140542dae0885b17
+        SHA256: 34da66774ba09c4a8fc59349401ca1fefaaf4e66a9c620c7782c072a16089ba3
+    Company: GIGA-BYTE TECHNOLOGY CO., LTD.
+    Copyright: Copyright (C) 2017
+    CreationTimestamp: '2017-11-30 22:40:53'
+    Date: 2013-07-03 17:32:00 UTC, 2017-11-30 18:40:00 UTC
+    Description: GIGA-BYTE NonPNP Driver
+    ExportedFunctions: ''
+    FileVersion: 1.0.0.1
+    Filename: gdrv.sys
+    ImportedFunctions:
+    - KeAcquireInStackQueuedSpinLock
+    - KeReleaseInStackQueuedSpinLock
+    - ExAllocatePool
+    - ExFreePoolWithTag
+    - MmBuildMdlForNonPagedPool
+    - MmMapLockedPages
+    - MmUnmapLockedPages
+    - MmMapIoSpace
+    - MmUnmapIoSpace
+    - MmAllocateContiguousMemory
+    - MmFreeContiguousMemory
+    - IoAllocateMdl
+    - IofCompleteRequest
+    - DbgPrint
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - IoFreeMdl
+    - ObReferenceObjectByHandle
+    - ZwClose
+    - ZwOpenSection
+    - ZwMapViewOfSection
+    - ZwUnmapViewOfSection
+    - MmGetPhysicalAddress
+    - MmIsAddressValid
+    - KeBugCheckEx
+    - IoCreateDevice
+    - RtlInitUnicodeString
+    - HalTranslateBusAddress
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: gdrv.sys
+    MD5: 1cff7b947f8c3dea1d34dc791fc78cdc
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: gdrv.sys
+    Product: gdrv64
+    ProductVersion: '17120101'
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 70b1ee9be3128d3a3c5bf7c1f897432b
+        SHA1: c014187bfa0e24bebb124cb9ec8f15c032a84dfd
+        SHA256: 6a6338f1e739e18916862bfc84b364e3f8669e92eb2cd15505fff4f9bb5637ee
+    SHA1: 8d59fd14a445c8f3f0f7991fa6cd717d466b3754
+    SHA256: ff6729518a380bf57f1bc6f1ec0aa7f3012e1618b8d9b0f31a61d299ee2b4339
+    Sections:
+        .text:
+            Entropy: 6.467558996526725
+            Virtual Size: '0x2a8f'
+        .rdata:
+            Entropy: 4.214092846808287
+            Virtual Size: '0x6a0'
+        .data:
+            Entropy: 1.2607720515150977
+            Virtual Size: '0x54'
+        .pdata:
+            Entropy: 3.937251533548631
+            Virtual Size: '0x1ec'
+        .gfids:
+            Entropy: 0.8112781244591328
+            Virtual Size: '0x4'
+        INIT:
+            Entropy: 5.256526972951585
+            Virtual Size: '0x44c'
+        .rsrc:
+            Entropy: 3.3029113366937604
+            Virtual Size: '0x348'
+        .reloc:
+            Entropy: 2.7500000000000004
+            Virtual Size: '0x18'
+    Signature:
+    - GIGA-BYTE TECHNOLOGY CO., LTD.
+    - Symantec Class 3 SHA256 Code Signing CA
+    - VeriSign
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=TW, ST=Taiwan, L=NEW TAIPEI, O=GIGA,BYTE TECHNOLOGY CO., LTD.,
+                CN=GIGA,BYTE TECHNOLOGY CO., LTD.
+            ValidFrom: '2016-07-21 00:00:00'
+            ValidTo: '2019-09-19 23:59:59'
+            Signature: 088e59029abef549a30601c39db2cb687032de13f40c63bd0d88dbe858d6ddddbdc235044f1f31ddf3f6c960583264c9b7306dadb38eb64160a40e804bfee6deac624b7283eba48591daa22ca7523b1518ce792115fbbc4d9c312d824dd0c4566aa985e8a60cb486447fbba0f2c1de3eff0d98cbdeef89653f045203fda3b6a421d08ed13e45616e7c196ed56284b68d16e24e62ba8222fa6b15c7b586132dd3777b42908d930ab082f549516d886449ae87c20bb0c8474777de6c91917d8f173468f72ef3f89898fed2d861c31a8ea2659eabc3cc023e2008fca26f4c1c7d05594faecb6e437d61c11e947f6fdb6cc0db9cdfd6546d5212c94ed8a37fb723e7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 2ad22e071f61cafe7884bfa43a31b21b
+            Version: 3
+            TBS:
+                MD5: 50709ce3a9d9947196f8c152ac6b7e98
+                SHA1: 5132abcc111cb532cccd06ff4f92bd9269fd9c8b
+                SHA256: 163f38b3e76f73f6ed3909bae3036f6e3a923b202d3a9f994aa084ee81f3788a
+                SHA384: 6cab2d8d58f99daa3b8d7dd9b711172d5953748a8368ecd1e8e15af8ff0fac8e66c126f952be97321b75fe7a1bc87cb8
+        -   Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 SHA256 Code Signing CA
+            ValidFrom: '2013-12-10 00:00:00'
+            ValidTo: '2023-12-09 23:59:59'
+            Signature: 13851a1e69a937f7a0bda4af7e1d6153fe9d8c5e0ca6751e781723ddfdec1a035539fb7195c7655aa78e30d2445a61db706fda2105c22e73ba49f1d193fe5dc9cd5e03e0899e3f741ed7f7388ba9d6cfbb352f3358a89256d1c84d3b82e6798416fc28b0b147f31da23eee87d9a67fa456a53fad842e29de7cbca8aaa33d0401eaba93a20e502229174c87e43a115fd6a425899b056b2fb4c9014c277b0bac190522a060153fdac9fb4d4c8ffb726777fd2794c7ba350e8849fe8dfd28af4a12bd0db39705de440c15fa362b03dcc15001f1a1115d14e5e2bd274b54be2b845e0fa6c374050aef97c38922b11f77f3bdcd43d4f14ca93fb58b84af64f2d01421
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 3d78d7f9764960b2617df4f01eca862a
+            Version: 3
+            TBS:
+                MD5: 1f056ff7d5f874984dc605402b7cb042
+                SHA1: bdb348353a2203deb4b767914fa1bd7248dd728b
+                SHA256: a08e79c386083d875014c409c13d144e0a24386132980df11ff59737c8489eb1
+                SHA384: fa2729064b49e0d77540c1ee95d5f74acaf8eaf55197851a3a40383335f8113e51190bc48b552196edf8ac5cf0c89278
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        Signer:
+        -   SerialNumber: 2ad22e071f61cafe7884bfa43a31b21b
+            Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 SHA256 Code Signing CA
+            Version: 1
+    Imphash: 1d774a94ad511efe5ebfe70acc6f8c85
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: b18b1bff521337695d2d6a0768340252
+        SHA1: 0f5034fcf5b34be22a72d2ecc29e348e93b6f00f
+        SHA256: 9c0e80958b907c8df345ec2f8d711acefb4951ee3e6e84892ecd429f5e1f3acb
+    Company: Windows (R) Server 2003 DDK provider
+    Copyright: "\xA9 Microsoft Corporation. All rights reserved."
+    CreationTimestamp: '2013-07-03 22:27:55'
+    Date: ''
+    Description: GIGABYTE Tools
+    ExportedFunctions: ''
+    FileVersion: '5.2.3790.1830 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - IoCreateDevice
+    - RtlInitUnicodeString
+    - DbgPrint
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - MmUnmapIoSpace
+    - IoFreeMdl
+    - MmUnmapLockedPages
+    - MmMapIoSpace
+    - ZwClose
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - IoCreateSymbolicLink
+    - KeAcquireInStackQueuedSpinLock
+    - MmFreeContiguousMemory
+    - MmIsAddressValid
+    - MmAllocateContiguousMemory
+    - MmGetPhysicalAddress
+    - IofCompleteRequest
+    - ExAllocatePoolWithTag
+    - MmMapLockedPages
+    - MmBuildMdlForNonPagedPool
+    - IoAllocateMdl
+    - ZwUnmapViewOfSection
+    - KeReleaseInStackQueuedSpinLock
+    - IoDeleteDevice
+    - HalTranslateBusAddress
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: gdrv.sys
+    MD5: 95a95e28cf5ee4ece6ffbaf169358192
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: gdrv.sys
+    PDBPath: ''
+    Product: Windows (R) Server 2003 DDK driver
+    ProductVersion: 5.2.3790.1830
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 2c77dbb41d635860b678106d8fa08bb9
+        SHA1: 4051f5ac448fe8692e040214388d39e15e328d94
+        SHA256: 6254640a7abc96cdb67d146d6295362aaff6ef9f6a04015883379d7008d86322
+    SHA1: 84341ed15d645c4daedcdd39863998761e4cb0e3
+    SHA256: 88992ddcb9aaedb8bfcc9b4354138d1f7b0d7dddb9e7fcc28590f27824bee5c3
+    Sections:
+        .text:
+            Entropy: 6.2502047491555315
+            Virtual Size: '0x2dc8'
+        .rdata:
+            Entropy: 4.431694959682769
+            Virtual Size: '0x610'
+        .data:
+            Entropy: 0.4231266687750792
+            Virtual Size: '0x158'
+        .pdata:
+            Entropy: 4.120326366692263
+            Virtual Size: '0x2dc'
+        INIT:
+            Entropy: 4.963482726390094
+            Virtual Size: '0x412'
+        .rsrc:
+            Entropy: 3.471909950512757
+            Virtual Size: '0x3e8'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=TW, ST=Taiwan, L=Taipei Hsien, O=Giga,Byte Technology, OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, OU=Testing Department,
+                CN=Giga,Byte Technology
+            ValidFrom: '2010-08-23 00:00:00'
+            ValidTo: '2013-10-17 23:59:59'
+            Signature: a91cbb579fbb2bc2ed2fe0fa0055cc881ce21e175262d28efea8bd12eff1095eb750b2fc7b842c4c739c2e4ef41d1065df039d1d62e0c5db62340fd1989efcc16e97b23caaa71e40dcabaf4aa34dd7d53a3ef5c0f2fec1b964798d2a1c8b11d68ea326495fbede162652faa523ce52ed60ca5227dddeab211b90965b866425adc84465117f3ec040cb005aa590ef69a70db0de17af66f3e52da6b8c93237fc1975e2891c89712971266c80956a21542c71e1962b16655373911c3ea09bd0b26c866eb1a9fe4f1d0f7be30888c529b148990b4f226897e2a4a651c80cc79196f2731949d190c67be01b82362956317bc3487f490b460924ad135d97c6f9526292
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 248472542c24ab8e429229acf121ca26
+            Version: 3
+            TBS:
+                MD5: dc48abdae01614d4607b1f5760dfce88
+                SHA1: 467c1868ddb5ef8db746e66acbaab9fdd03fb740
+                SHA256: a7f448e2fe327e481adfd1e89db612d5c58ff7891373a6e398ab98ddaeae74c5
+                SHA384: eb0d25fdcfab622d1c80a92ecd689bde520ed2b8099b4120194daa1a0013cabc5bd5792b0c1f12ca9c93fa4518aa2ca7
+        Signer:
+        -   SerialNumber: 248472542c24ab8e429229acf121ca26
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    Imphash: cc81a908891587ccac8059435eda4c66
+    LoadsDespiteHVCI: 'FALSE'
+CVEs:
+- CVE-2018-19320
+- CVE-2018-19322
+- CVE-2018-19323
+- CVE-2018-19321
diff --git a/yaml/2c3884d3-9e4f-4519-b18b-0969612621bc.yaml b/yaml/2c3884d3-9e4f-4519-b18b-0969612621bc.yaml
index 2cf5e2bd3..119cf3b7a 100644
--- a/yaml/2c3884d3-9e4f-4519-b18b-0969612621bc.yaml
+++ b/yaml/2c3884d3-9e4f-4519-b18b-0969612621bc.yaml
@@ -1,250 +1,250 @@
-Acknowledgement:
-  Handle: Void_Sec
-  Person: Paolo Stagno
+Id: 2c3884d3-9e4f-4519-b18b-0969612621bc
+Tags:
+- LgCoreTemp.sys
+Verified: 'TRUE'
 Author: Nasreddine Bencherchali
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create LgCoreTemp.sys binPath=C:\windows\temp\LgCoreTemp.sys     type=kernel
-    && sc.exe start LgCoreTemp.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Denial of Service
 Created: '2023-04-15'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: 2c3884d3-9e4f-4519-b18b-0969612621bc
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: a4c810e750095e71c0288c1ce6669115
-    SHA1: e05304325b24fc9f76c106de27ffbef2d7eb3315
-    SHA256: 7f0eef1ed4c1278372348cb52e27dc3aa2f51a8b6a62db39d2af75031e55a8db
-  Company: Logitech
-  Copyright: "Copyright \xA9 Logitech, Inc"
-  Date: ''
-  Description: CPU Core Temperature Monitor
-  ExportedFunctions: ''
-  FileVersion: 1.0.0.1
-  Filename: LgCoreTemp.sys
-  ImportedFunctions:
-  - IofCompleteRequest
-  - IoCreateDevice
-  - KeSetSystemAffinityThread
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - __C_specific_handler
-  - KeRevertToUserAffinityThread
-  - IoCreateSymbolicLink
-  - RtlInitUnicodeString
-  - HalGetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: LgCoreTemp.sys
-  MD5: 2d7f1c02b94d6f0f3e10107e5ea8e141
-  MachineType: AMD64
-  OriginalFilename: LgCoreTemp.sys
-  Product: LgCoreTemp
-  ProductVersion: 1.0.0.1
-  Publisher: N/A
-  SHA1: 471ca4b5bb5fe68543264dd52acb99fddd7b3c6d
-  SHA256: 93b266f38c3c3eaab475d81597abbd7cc07943035068bb6fd670dbbe15de0131
-  Signature: N/A
-  Signatures:
-  - Certificates:
-    - Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-    - Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-    - Signature: 8b12188765bda73964384c2644835bbd9b46b11b98230aca9ae6d31a2288244f75d3c6d06fae2ef7625676d2a3a0b4c2e978302d461ba5e165ec71a0a7a25c2c99972c0e8bb0194efab03034f581974934fcf3e2536a264de077493370531dd394429d692ca13a84d69d0aaf561d561f73c87b9f6fded706a759d2a1095789596a295795b686c90674ea1a3b582e32e5f5d0a08c685639ee5e9d8381ec102352a6bb4774fd8af770d88bc14abba20c5bcfe543ac7d71937873dbc033e68f81a1220571b348ac80c9b3ce8036252a6d5b4ebcfb381e540d0c4f7eaa4e1978056e261997a70a7b063ff7b3902985db8063e45664f59e7b5a583448883873b7de53
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      Subject: C=US, ST=California, L=Newark, O=Logitech, CN=Logitech
-      ValidFrom: '2015-04-16 00:00:00'
-      ValidTo: '2017-06-14 23:59:59'
-    - Signature: 13851a1e69a937f7a0bda4af7e1d6153fe9d8c5e0ca6751e781723ddfdec1a035539fb7195c7655aa78e30d2445a61db706fda2105c22e73ba49f1d193fe5dc9cd5e03e0899e3f741ed7f7388ba9d6cfbb352f3358a89256d1c84d3b82e6798416fc28b0b147f31da23eee87d9a67fa456a53fad842e29de7cbca8aaa33d0401eaba93a20e502229174c87e43a115fd6a425899b056b2fb4c9014c277b0bac190522a060153fdac9fb4d4c8ffb726777fd2794c7ba350e8849fe8dfd28af4a12bd0db39705de440c15fa362b03dcc15001f1a1115d14e5e2bd274b54be2b845e0fa6c374050aef97c38922b11f77f3bdcd43d4f14ca93fb58b84af64f2d01421
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 SHA256 Code Signing CA
-      ValidFrom: '2013-12-10 00:00:00'
-      ValidTo: '2023-12-09 23:59:59'
-    - Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-    CertificatesInfo: ''
-    Signer:
-    - Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 SHA256 Code Signing CA
-      SerialNumber: 6f20ba7d552fb9c436caf4cc7cbea4b3
-    SignerInfo: ''
-  LoadsDespiteHVCI: 'TRUE'
-- Authentihash:
-    MD5: 8ca1704038d6c48680707e8135672da6
-    SHA1: bf20c99129a768b3d2d5c621ab50375984ab9351
-    SHA256: 9c4db6ee983fd4fa74f8212031ade343a1b9abdb258d05bef1aabd7ab49fbc16
-  Company: Logitech
-  Copyright: "Copyright \xA9 Logitech, Inc"
-  CreationTimestamp: '2015-06-09 10:52:04'
-  Date: ''
-  Description: CPU Core Temperature Monitor
-  ExportedFunctions: ''
-  FileVersion: 1.0.0.1
-  Filename: ''
-  ImportedFunctions:
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IofCompleteRequest
-  - _allshl
-  - RtlUnwind
-  - KeSetSystemAffinityThread
-  - KeRevertToUserAffinityThread
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - KeBugCheckEx
-  - HalGetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: LgCoreTemp.sys
-  MD5: b94ffce20e36b2930eb3ac72f72c00d6
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: LgCoreTemp.sys
-  PDBPath: ''
-  Product: LgCoreTemp
-  ProductVersion: 1.0.0.1
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 5d6ec1c84d4b9928d235f4a95525d9cd
-    SHA1: 514ac94ab960cc3f30abbe362a4a14c21215a1e1
-    SHA256: 8ea35b0407679ba43ad82ad270dc49eddd5ef7c646d864ebaef9432c914b370d
-  SHA1: a7baff6666fc2d259c22f986b8a153c7b1d1d8be
-  SHA256: e0cb07a0624ddfacaa882af49e3783ae02c9fbd0ab232541a05a95b4a8abd8ef
-  Sections:
-    .text:
-      Entropy: 6.2073365191410375
-      Virtual Size: '0x69c'
-    .rdata:
-      Entropy: 3.3720266275598267
-      Virtual Size: '0x184'
-    .data:
-      Entropy: 2.450212064914747
-      Virtual Size: '0x1c'
-    INIT:
-      Entropy: 5.2687991634093105
-      Virtual Size: '0x1d2'
-    .rsrc:
-      Entropy: 3.18656571586942
-      Virtual Size: '0x350'
-    .reloc:
-      Entropy: 4.84009258268497
-      Virtual Size: '0x84'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, ST=California, L=Newark, O=Logitech, CN=Logitech
-      ValidFrom: '2015-04-16 00:00:00'
-      ValidTo: '2017-06-14 23:59:59'
-      Signature: 8b12188765bda73964384c2644835bbd9b46b11b98230aca9ae6d31a2288244f75d3c6d06fae2ef7625676d2a3a0b4c2e978302d461ba5e165ec71a0a7a25c2c99972c0e8bb0194efab03034f581974934fcf3e2536a264de077493370531dd394429d692ca13a84d69d0aaf561d561f73c87b9f6fded706a759d2a1095789596a295795b686c90674ea1a3b582e32e5f5d0a08c685639ee5e9d8381ec102352a6bb4774fd8af770d88bc14abba20c5bcfe543ac7d71937873dbc033e68f81a1220571b348ac80c9b3ce8036252a6d5b4ebcfb381e540d0c4f7eaa4e1978056e261997a70a7b063ff7b3902985db8063e45664f59e7b5a583448883873b7de53
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 6f20ba7d552fb9c436caf4cc7cbea4b3
-      Version: 3
-      TBS:
-        MD5: ec45634a826b6d64211848832ef8dab1
-        SHA1: 95e4adc0349ce66b62decc081bdd04bae5bfab64
-        SHA256: 52e2c146848749590f3db28d87fce836aedf704d5369ab5edfc860246ad00b3f
-        SHA384: 10d17951c16594097046bfbc5572d620818199f9810ec96c60e8bcfa80137e73e6fc7f07588f33869236408af807d4ec
-    - Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 SHA256 Code Signing CA
-      ValidFrom: '2013-12-10 00:00:00'
-      ValidTo: '2023-12-09 23:59:59'
-      Signature: 13851a1e69a937f7a0bda4af7e1d6153fe9d8c5e0ca6751e781723ddfdec1a035539fb7195c7655aa78e30d2445a61db706fda2105c22e73ba49f1d193fe5dc9cd5e03e0899e3f741ed7f7388ba9d6cfbb352f3358a89256d1c84d3b82e6798416fc28b0b147f31da23eee87d9a67fa456a53fad842e29de7cbca8aaa33d0401eaba93a20e502229174c87e43a115fd6a425899b056b2fb4c9014c277b0bac190522a060153fdac9fb4d4c8ffb726777fd2794c7ba350e8849fe8dfd28af4a12bd0db39705de440c15fa362b03dcc15001f1a1115d14e5e2bd274b54be2b845e0fa6c374050aef97c38922b11f77f3bdcd43d4f14ca93fb58b84af64f2d01421
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 3d78d7f9764960b2617df4f01eca862a
-      Version: 3
-      TBS:
-        MD5: 1f056ff7d5f874984dc605402b7cb042
-        SHA1: bdb348353a2203deb4b767914fa1bd7248dd728b
-        SHA256: a08e79c386083d875014c409c13d144e0a24386132980df11ff59737c8489eb1
-        SHA384: fa2729064b49e0d77540c1ee95d5f74acaf8eaf55197851a3a40383335f8113e51190bc48b552196edf8ac5cf0c89278
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    Signer:
-    - SerialNumber: 6f20ba7d552fb9c436caf4cc7cbea4b3
-      Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 SHA256 Code Signing CA
-      Version: 1
-  Imphash: 5ea78a193212fe61ac722f45f0b0eab9
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create LgCoreTemp.sys binPath=C:\windows\temp\LgCoreTemp.sys     type=kernel
+        && sc.exe start LgCoreTemp.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Denial of Service
 Resources:
 - https://github.com/VoidSec/Exploit-Development/tree/b82b6d3ac1cce66221101d3e0f4634aa64cb4ca7/windows/x64/kernel/logitech_v.9.02.65_DoS
-Tags:
-- LgCoreTemp.sys
-Verified: 'TRUE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: Void_Sec
+    Person: Paolo Stagno
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: a4c810e750095e71c0288c1ce6669115
+        SHA1: e05304325b24fc9f76c106de27ffbef2d7eb3315
+        SHA256: 7f0eef1ed4c1278372348cb52e27dc3aa2f51a8b6a62db39d2af75031e55a8db
+    Company: Logitech
+    Copyright: "Copyright \xA9 Logitech, Inc"
+    Date: ''
+    Description: CPU Core Temperature Monitor
+    ExportedFunctions: ''
+    FileVersion: 1.0.0.1
+    Filename: LgCoreTemp.sys
+    ImportedFunctions:
+    - IofCompleteRequest
+    - IoCreateDevice
+    - KeSetSystemAffinityThread
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - __C_specific_handler
+    - KeRevertToUserAffinityThread
+    - IoCreateSymbolicLink
+    - RtlInitUnicodeString
+    - HalGetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: LgCoreTemp.sys
+    MD5: 2d7f1c02b94d6f0f3e10107e5ea8e141
+    MachineType: AMD64
+    OriginalFilename: LgCoreTemp.sys
+    Product: LgCoreTemp
+    ProductVersion: 1.0.0.1
+    Publisher: N/A
+    SHA1: 471ca4b5bb5fe68543264dd52acb99fddd7b3c6d
+    SHA256: 93b266f38c3c3eaab475d81597abbd7cc07943035068bb6fd670dbbe15de0131
+    Signature: N/A
+    Signatures:
+    -   Certificates:
+        -   Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+        -   Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+        -   Signature: 8b12188765bda73964384c2644835bbd9b46b11b98230aca9ae6d31a2288244f75d3c6d06fae2ef7625676d2a3a0b4c2e978302d461ba5e165ec71a0a7a25c2c99972c0e8bb0194efab03034f581974934fcf3e2536a264de077493370531dd394429d692ca13a84d69d0aaf561d561f73c87b9f6fded706a759d2a1095789596a295795b686c90674ea1a3b582e32e5f5d0a08c685639ee5e9d8381ec102352a6bb4774fd8af770d88bc14abba20c5bcfe543ac7d71937873dbc033e68f81a1220571b348ac80c9b3ce8036252a6d5b4ebcfb381e540d0c4f7eaa4e1978056e261997a70a7b063ff7b3902985db8063e45664f59e7b5a583448883873b7de53
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            Subject: C=US, ST=California, L=Newark, O=Logitech, CN=Logitech
+            ValidFrom: '2015-04-16 00:00:00'
+            ValidTo: '2017-06-14 23:59:59'
+        -   Signature: 13851a1e69a937f7a0bda4af7e1d6153fe9d8c5e0ca6751e781723ddfdec1a035539fb7195c7655aa78e30d2445a61db706fda2105c22e73ba49f1d193fe5dc9cd5e03e0899e3f741ed7f7388ba9d6cfbb352f3358a89256d1c84d3b82e6798416fc28b0b147f31da23eee87d9a67fa456a53fad842e29de7cbca8aaa33d0401eaba93a20e502229174c87e43a115fd6a425899b056b2fb4c9014c277b0bac190522a060153fdac9fb4d4c8ffb726777fd2794c7ba350e8849fe8dfd28af4a12bd0db39705de440c15fa362b03dcc15001f1a1115d14e5e2bd274b54be2b845e0fa6c374050aef97c38922b11f77f3bdcd43d4f14ca93fb58b84af64f2d01421
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 SHA256 Code Signing CA
+            ValidFrom: '2013-12-10 00:00:00'
+            ValidTo: '2023-12-09 23:59:59'
+        -   Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+        CertificatesInfo: ''
+        Signer:
+        -   Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 SHA256 Code Signing CA
+            SerialNumber: 6f20ba7d552fb9c436caf4cc7cbea4b3
+        SignerInfo: ''
+    LoadsDespiteHVCI: 'TRUE'
+-   Authentihash:
+        MD5: 8ca1704038d6c48680707e8135672da6
+        SHA1: bf20c99129a768b3d2d5c621ab50375984ab9351
+        SHA256: 9c4db6ee983fd4fa74f8212031ade343a1b9abdb258d05bef1aabd7ab49fbc16
+    Company: Logitech
+    Copyright: "Copyright \xA9 Logitech, Inc"
+    CreationTimestamp: '2015-06-09 10:52:04'
+    Date: ''
+    Description: CPU Core Temperature Monitor
+    ExportedFunctions: ''
+    FileVersion: 1.0.0.1
+    Filename: ''
+    ImportedFunctions:
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IofCompleteRequest
+    - _allshl
+    - RtlUnwind
+    - KeSetSystemAffinityThread
+    - KeRevertToUserAffinityThread
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - KeBugCheckEx
+    - HalGetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: LgCoreTemp.sys
+    MD5: b94ffce20e36b2930eb3ac72f72c00d6
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: LgCoreTemp.sys
+    PDBPath: ''
+    Product: LgCoreTemp
+    ProductVersion: 1.0.0.1
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 5d6ec1c84d4b9928d235f4a95525d9cd
+        SHA1: 514ac94ab960cc3f30abbe362a4a14c21215a1e1
+        SHA256: 8ea35b0407679ba43ad82ad270dc49eddd5ef7c646d864ebaef9432c914b370d
+    SHA1: a7baff6666fc2d259c22f986b8a153c7b1d1d8be
+    SHA256: e0cb07a0624ddfacaa882af49e3783ae02c9fbd0ab232541a05a95b4a8abd8ef
+    Sections:
+        .text:
+            Entropy: 6.2073365191410375
+            Virtual Size: '0x69c'
+        .rdata:
+            Entropy: 3.3720266275598267
+            Virtual Size: '0x184'
+        .data:
+            Entropy: 2.450212064914747
+            Virtual Size: '0x1c'
+        INIT:
+            Entropy: 5.2687991634093105
+            Virtual Size: '0x1d2'
+        .rsrc:
+            Entropy: 3.18656571586942
+            Virtual Size: '0x350'
+        .reloc:
+            Entropy: 4.84009258268497
+            Virtual Size: '0x84'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, ST=California, L=Newark, O=Logitech, CN=Logitech
+            ValidFrom: '2015-04-16 00:00:00'
+            ValidTo: '2017-06-14 23:59:59'
+            Signature: 8b12188765bda73964384c2644835bbd9b46b11b98230aca9ae6d31a2288244f75d3c6d06fae2ef7625676d2a3a0b4c2e978302d461ba5e165ec71a0a7a25c2c99972c0e8bb0194efab03034f581974934fcf3e2536a264de077493370531dd394429d692ca13a84d69d0aaf561d561f73c87b9f6fded706a759d2a1095789596a295795b686c90674ea1a3b582e32e5f5d0a08c685639ee5e9d8381ec102352a6bb4774fd8af770d88bc14abba20c5bcfe543ac7d71937873dbc033e68f81a1220571b348ac80c9b3ce8036252a6d5b4ebcfb381e540d0c4f7eaa4e1978056e261997a70a7b063ff7b3902985db8063e45664f59e7b5a583448883873b7de53
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 6f20ba7d552fb9c436caf4cc7cbea4b3
+            Version: 3
+            TBS:
+                MD5: ec45634a826b6d64211848832ef8dab1
+                SHA1: 95e4adc0349ce66b62decc081bdd04bae5bfab64
+                SHA256: 52e2c146848749590f3db28d87fce836aedf704d5369ab5edfc860246ad00b3f
+                SHA384: 10d17951c16594097046bfbc5572d620818199f9810ec96c60e8bcfa80137e73e6fc7f07588f33869236408af807d4ec
+        -   Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 SHA256 Code Signing CA
+            ValidFrom: '2013-12-10 00:00:00'
+            ValidTo: '2023-12-09 23:59:59'
+            Signature: 13851a1e69a937f7a0bda4af7e1d6153fe9d8c5e0ca6751e781723ddfdec1a035539fb7195c7655aa78e30d2445a61db706fda2105c22e73ba49f1d193fe5dc9cd5e03e0899e3f741ed7f7388ba9d6cfbb352f3358a89256d1c84d3b82e6798416fc28b0b147f31da23eee87d9a67fa456a53fad842e29de7cbca8aaa33d0401eaba93a20e502229174c87e43a115fd6a425899b056b2fb4c9014c277b0bac190522a060153fdac9fb4d4c8ffb726777fd2794c7ba350e8849fe8dfd28af4a12bd0db39705de440c15fa362b03dcc15001f1a1115d14e5e2bd274b54be2b845e0fa6c374050aef97c38922b11f77f3bdcd43d4f14ca93fb58b84af64f2d01421
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 3d78d7f9764960b2617df4f01eca862a
+            Version: 3
+            TBS:
+                MD5: 1f056ff7d5f874984dc605402b7cb042
+                SHA1: bdb348353a2203deb4b767914fa1bd7248dd728b
+                SHA256: a08e79c386083d875014c409c13d144e0a24386132980df11ff59737c8489eb1
+                SHA384: fa2729064b49e0d77540c1ee95d5f74acaf8eaf55197851a3a40383335f8113e51190bc48b552196edf8ac5cf0c89278
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        Signer:
+        -   SerialNumber: 6f20ba7d552fb9c436caf4cc7cbea4b3
+            Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 SHA256 Code Signing CA
+            Version: 1
+    Imphash: 5ea78a193212fe61ac722f45f0b0eab9
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/2cc3dd4f-8a1e-4f1f-9871-0a14815949b4.yaml b/yaml/2cc3dd4f-8a1e-4f1f-9871-0a14815949b4.yaml
index ce7b1135d..20118768c 100644
--- a/yaml/2cc3dd4f-8a1e-4f1f-9871-0a14815949b4.yaml
+++ b/yaml/2cc3dd4f-8a1e-4f1f-9871-0a14815949b4.yaml
@@ -1,35 +1,35 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 2cc3dd4f-8a1e-4f1f-9871-0a14815949b4
+Tags:
+- 80.sys
+Verified: 'FALSE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create 80.sys binPath=C:\windows\temp\80.sys type=kernel && sc.exe
-    start 80.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection: []
-Id: 2cc3dd4f-8a1e-4f1f-9871-0a14815949b4
-KnownVulnerableSamples:
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: 80.sys
-  MachineType: ''
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: bc2f3850c7b858340d7ed27b90e63b036881fd6c
-  Signature: []
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create 80.sys binPath=C:\windows\temp\80.sys type=kernel && sc.exe
+        start 80.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules
-Tags:
-- 80.sys
-Verified: 'FALSE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: 80.sys
+    MachineType: ''
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: bc2f3850c7b858340d7ed27b90e63b036881fd6c
+    Signature: []
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/2cfede23-67f4-4af7-830f-c95ba30a43ae.yaml b/yaml/2cfede23-67f4-4af7-830f-c95ba30a43ae.yaml
index 28f076f83..b6f8a205a 100644
--- a/yaml/2cfede23-67f4-4af7-830f-c95ba30a43ae.yaml
+++ b/yaml/2cfede23-67f4-4af7-830f-c95ba30a43ae.yaml
@@ -1,35 +1,35 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 2cfede23-67f4-4af7-830f-c95ba30a43ae
+Tags:
+- WinIo64A.sys
+Verified: 'FALSE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create WinIo64A.sys binPath=C:\windows\temp\WinIo64A.sys type=kernel
-    && sc.exe start WinIo64A.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection: []
-Id: 2cfede23-67f4-4af7-830f-c95ba30a43ae
-KnownVulnerableSamples:
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: WinIo64A.sys
-  MachineType: ''
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: 0c74d09da7baf7c05360346e4c3512d0cd433d59
-  Signature: []
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create WinIo64A.sys binPath=C:\windows\temp\WinIo64A.sys type=kernel
+        && sc.exe start WinIo64A.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules
-Tags:
-- WinIo64A.sys
-Verified: 'FALSE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: WinIo64A.sys
+    MachineType: ''
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: 0c74d09da7baf7c05360346e4c3512d0cd433d59
+    Signature: []
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/2d6c1da6-17e2-4385-ad93-1430f83bde83.yaml b/yaml/2d6c1da6-17e2-4385-ad93-1430f83bde83.yaml
index 27e9831b0..653c47a30 100644
--- a/yaml/2d6c1da6-17e2-4385-ad93-1430f83bde83.yaml
+++ b/yaml/2d6c1da6-17e2-4385-ad93-1430f83bde83.yaml
@@ -1,224 +1,225 @@
 Id: 2d6c1da6-17e2-4385-ad93-1430f83bde83
+Tags:
+- 4748696211bd56c2d93c21cab91e82a5.sys
+Verified: 'TRUE'
 Author: Alice Climent-Pommeret
 Created: '2023-07-31'
 MitreID: T1014
 Category: malicious
-Verified: 'TRUE'
 Commands:
-  Command: sc.exe create 4748696211bd56c2d93c21cab91e82a5.sys binPath=C:\windows\temp\4748696211bd56c2d93c21cab91e82a5.sys
-    type=kernel && sc.exe start 4748696211bd56c2d93c21cab91e82a5.sys
-  Description: "Cisco Talos has identified multiple versions of an undocumented malicious\
-    \ driver named \u201CRedDriver,\u201D a driver-based browser hijacker that uses\
-    \ the Windows Filtering Platform (WFP) to intercept browser traffic. RedDriver\
-    \ has been active since at least 2021. RedDriver utilizes HookSignTool to forge\
-    \ its signature timestamp to bypass Windows driver-signing policies. Code from\
-    \ multiple open-source tools has been used in the development of RedDriver's infection\
-    \ chain, including HP-Socket and a custom implementation of ReflectiveLoader.\
-    \ The authors of RedDriver appear to be skilled in driver development and have\
-    \ deep knowledge of the Windows operating system. This threat appears to target\
-    \ native Chinese speakers, as it searches for Chinese language browsers to hijack.\
-    \ Additionally, the authors are likely Chinese speakers themselves."
-  Usecase: ''
-  Privileges: kernel
-  OperatingSystem: Windows 10
+    Command: sc.exe create 4748696211bd56c2d93c21cab91e82a5.sys binPath=C:\windows\temp\4748696211bd56c2d93c21cab91e82a5.sys
+        type=kernel && sc.exe start 4748696211bd56c2d93c21cab91e82a5.sys
+    Description: "Cisco Talos has identified multiple versions of an undocumented\
+        \ malicious driver named \u201CRedDriver,\u201D a driver-based browser hijacker\
+        \ that uses the Windows Filtering Platform (WFP) to intercept browser traffic.\
+        \ RedDriver has been active since at least 2021. RedDriver utilizes HookSignTool\
+        \ to forge its signature timestamp to bypass Windows driver-signing policies.\
+        \ Code from multiple open-source tools has been used in the development of\
+        \ RedDriver's infection chain, including HP-Socket and a custom implementation\
+        \ of ReflectiveLoader. The authors of RedDriver appear to be skilled in driver\
+        \ development and have deep knowledge of the Windows operating system. This\
+        \ threat appears to target native Chinese speakers, as it searches for Chinese\
+        \ language browsers to hijack. Additionally, the authors are likely Chinese\
+        \ speakers themselves."
+    Usecase: ''
+    Privileges: kernel
+    OperatingSystem: Windows 10
 Resources:
 - https://blog.talosintelligence.com/undocumented-reddriver/
-Acknowledgement:
-  Person: ''
-  Handle: ''
 Detection: []
+Acknowledgement:
+    Person: ''
+    Handle: ''
 KnownVulnerableSamples:
-- Filename: ''
-  MD5: 4748696211bd56c2d93c21cab91e82a5
-  SHA1: d4cf9296271a9c5c40b0fa34f69b6125c2d14457
-  SHA256: 888491196bd8ff528b773a3e453eae49063ad31fb4ca0f9f2e433f8d35445440
-  Signature: ''
-  Date: ''
-  Publisher: ''
-  Company: ''
-  Description: ''
-  Product: ''
-  ProductVersion: ''
-  FileVersion: ''
-  MachineType: AMD64
-  OriginalFilename: ''
-  Authentihash:
-    MD5: 529310cd6840d1f3288e33acb9dd5096
-    SHA1: 670f181a172ae68a675cf4c0ce52c0b6be0196e9
-    SHA256: e6a53d4cf39b4b0b5069359d0a3b32eb1aa7b56c427487c9f838eb279c6a90d1
-  RichPEHeaderHash:
-    MD5: ecdd5c0e8a78b145a8e5d9443ff0f2eb
-    SHA1: 3ed3a76d965f1b5e387959ceedc84567a2f7bca4
-    SHA256: 1edc4e310bd57e5c317b972f0bdb9f1f0794009b7039364dd6a879ee5f342754
-  Sections:
-    .text:
-      Entropy: 6.2119592546505995
-      Virtual Size: '0xc1ee'
-    .rdata:
-      Entropy: 5.110403242864534
-      Virtual Size: '0xbac'
-    .data:
-      Entropy: 7.880053215052199
-      Virtual Size: '0xa5490'
-    .pdata:
-      Entropy: 4.5968345164469415
-      Virtual Size: '0x540'
-    PAGE:
-      Entropy: 6.308757256393646
-      Virtual Size: '0x9b5'
-    INIT:
-      Entropy: 5.268683087271941
-      Virtual Size: '0xa96'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2023-07-12 12:00:31'
-  InternalName: ''
-  Copyright: ''
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IoRegisterDriverReinitialization
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeSetEvent
-  - KeInitializeEvent
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - ZwClose
-  - IofCompleteRequest
-  - ObReferenceObjectByHandle
-  - KeWaitForSingleObject
-  - PsThreadType
-  - IoIsWdmVersionAvailable
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - ZwReadFile
-  - IoCreateFile
-  - ZwSetInformationFile
-  - ZwCreateFile
-  - ZwQueryDirectoryFile
-  - ZwDeleteFile
-  - ZwOpenFile
-  - RtlImageNtHeader
-  - ZwQueryInformationFile
-  - ZwWriteFile
-  - ZwSetValueKey
-  - ZwQueryValueKey
-  - _vsnprintf
-  - ZwFlushKey
-  - ZwDeleteKey
-  - ZwOpenKey
-  - _stricmp
-  - ZwCreateKey
-  - PsSetLoadImageNotifyRoutine
-  - PsGetProcessImageFileName
-  - PsLookupProcessByProcessId
-  - MmGetSystemRoutineAddress
-  - RtlGetVersion
-  - FsRtlIsNameInExpression
-  - wcsrchr
-  - PsRemoveLoadImageNotifyRoutine
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - KeUnstackDetachProcess
-  - ObOpenObjectByPointer
-  - KeStackAttachProcess
-  - ZwAllocateVirtualMemory
-  - KeClearEvent
-  - _wcsnicmp
-  - ObCreateObject
-  - IoFileObjectType
-  - IoDriverObjectType
-  - MmMapLockedPagesSpecifyCache
-  - IoGetCurrentProcess
-  - _vsnwprintf
-  - KeQueryTimeIncrement
-  - IoGetDeviceAttachmentBaseRef
-  - IoFreeIrp
-  - IoAllocateIrp
-  - RtlCompareUnicodeString
-  - CmRegisterCallback
-  - PsGetCurrentProcessId
-  - RtlCopyUnicodeString
-  - CmCallbackGetKeyObjectID
-  - ZwEnumerateKey
-  - strstr
-  - KeDelayExecutionThread
-  - ExSystemTimeToLocalTime
-  - RtlTimeToTimeFields
-  - RtlMultiByteToUnicodeN
-  - IoBuildDeviceIoControlRequest
-  - IoGetRelatedDeviceObject
-  - IoFreeMdl
-  - IoCancelIrp
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - IofCallDriver
-  - ZwMapViewOfSection
-  - ExGetPreviousMode
-  - ZwQuerySystemInformation
-  - ZwUnmapViewOfSection
-  - ZwCreateSection
-  - ExFreePool
-  - KeBugCheckEx
-  - __C_specific_handler
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=CN, ST=Beijing, L=Beijing, O=Beijing JoinHope Image Technology Ltd.,
-        CN=Beijing JoinHope Image Technology Ltd.
-      ValidFrom: '2014-05-16 00:00:00'
-      ValidTo: '2015-05-16 23:59:59'
-      Signature: e896f8811ed9938fcbdc8c37f8c029045bb36722791c608d7d59f1d50b9e8923777b3ce973553c8164d7445f038c3720516d74f2f95fd734cd1349c1e6cf17f1c9042f069fb94350f7cd8f36f676fd175742d32adbc5d143423e3bc38bea71f9d021110303529d578ba7aab16d53c61642cf1f7e16964718a083182429d4347a09ea0047d9e53bad112ca5a5a14a180539ceb64000a677709bb70e9e3aea68158977072e7f130f1f99b08c2593b4003523f3f6cd441a7e4d8e88f3a2b871e6a03627dd3dadd97487df1dc5b93119ec65b60d1e4e0248a1978ee7480c08b8b8e54d890e7941aa852cf65d731cf0a6cf66584a0d0fba70d6697ee22a8d859919f4
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0a005d2e2bcd4137168217d8c727747c
-      Version: 3
-      TBS:
-        MD5: 4d213d99215f488050faaa39765656d1
-        SHA1: 0308508b5a3fcd330bbf28931f8e1a9c93c3ee69
-        SHA256: ea947432de238a25fdb7892e436f4ef44f30ab16ae9e1eb914860f4808b25ef2
-        SHA384: 430e932514f35ed55f31f050f33bcc0b9244fd83c6d1d28ee240306e54292e93b5894ef4eb9c09bf84cdc8068c6a7230
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 0a005d2e2bcd4137168217d8c727747c
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: be0dd8b8e045356d600ee55a64d9d197
-  LoadsDespiteHVCI: 'TRUE'
-Tags:
-- 4748696211bd56c2d93c21cab91e82a5.sys
+-   Filename: ''
+    MD5: 4748696211bd56c2d93c21cab91e82a5
+    SHA1: d4cf9296271a9c5c40b0fa34f69b6125c2d14457
+    SHA256: 888491196bd8ff528b773a3e453eae49063ad31fb4ca0f9f2e433f8d35445440
+    Signature: ''
+    Date: ''
+    Publisher: ''
+    Company: ''
+    Description: ''
+    Product: ''
+    ProductVersion: ''
+    FileVersion: ''
+    MachineType: AMD64
+    OriginalFilename: ''
+    Authentihash:
+        MD5: 529310cd6840d1f3288e33acb9dd5096
+        SHA1: 670f181a172ae68a675cf4c0ce52c0b6be0196e9
+        SHA256: e6a53d4cf39b4b0b5069359d0a3b32eb1aa7b56c427487c9f838eb279c6a90d1
+    RichPEHeaderHash:
+        MD5: ecdd5c0e8a78b145a8e5d9443ff0f2eb
+        SHA1: 3ed3a76d965f1b5e387959ceedc84567a2f7bca4
+        SHA256: 1edc4e310bd57e5c317b972f0bdb9f1f0794009b7039364dd6a879ee5f342754
+    Sections:
+        .text:
+            Entropy: 6.2119592546505995
+            Virtual Size: '0xc1ee'
+        .rdata:
+            Entropy: 5.110403242864534
+            Virtual Size: '0xbac'
+        .data:
+            Entropy: 7.880053215052199
+            Virtual Size: '0xa5490'
+        .pdata:
+            Entropy: 4.5968345164469415
+            Virtual Size: '0x540'
+        PAGE:
+            Entropy: 6.308757256393646
+            Virtual Size: '0x9b5'
+        INIT:
+            Entropy: 5.268683087271941
+            Virtual Size: '0xa96'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2023-07-12 12:00:31'
+    InternalName: ''
+    Copyright: ''
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - IoRegisterDriverReinitialization
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeSetEvent
+    - KeInitializeEvent
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - ZwClose
+    - IofCompleteRequest
+    - ObReferenceObjectByHandle
+    - KeWaitForSingleObject
+    - PsThreadType
+    - IoIsWdmVersionAvailable
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - ZwReadFile
+    - IoCreateFile
+    - ZwSetInformationFile
+    - ZwCreateFile
+    - ZwQueryDirectoryFile
+    - ZwDeleteFile
+    - ZwOpenFile
+    - RtlImageNtHeader
+    - ZwQueryInformationFile
+    - ZwWriteFile
+    - ZwSetValueKey
+    - ZwQueryValueKey
+    - _vsnprintf
+    - ZwFlushKey
+    - ZwDeleteKey
+    - ZwOpenKey
+    - _stricmp
+    - ZwCreateKey
+    - PsSetLoadImageNotifyRoutine
+    - PsGetProcessImageFileName
+    - PsLookupProcessByProcessId
+    - MmGetSystemRoutineAddress
+    - RtlGetVersion
+    - FsRtlIsNameInExpression
+    - wcsrchr
+    - PsRemoveLoadImageNotifyRoutine
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - KeUnstackDetachProcess
+    - ObOpenObjectByPointer
+    - KeStackAttachProcess
+    - ZwAllocateVirtualMemory
+    - KeClearEvent
+    - _wcsnicmp
+    - ObCreateObject
+    - IoFileObjectType
+    - IoDriverObjectType
+    - MmMapLockedPagesSpecifyCache
+    - IoGetCurrentProcess
+    - _vsnwprintf
+    - KeQueryTimeIncrement
+    - IoGetDeviceAttachmentBaseRef
+    - IoFreeIrp
+    - IoAllocateIrp
+    - RtlCompareUnicodeString
+    - CmRegisterCallback
+    - PsGetCurrentProcessId
+    - RtlCopyUnicodeString
+    - CmCallbackGetKeyObjectID
+    - ZwEnumerateKey
+    - strstr
+    - KeDelayExecutionThread
+    - ExSystemTimeToLocalTime
+    - RtlTimeToTimeFields
+    - RtlMultiByteToUnicodeN
+    - IoBuildDeviceIoControlRequest
+    - IoGetRelatedDeviceObject
+    - IoFreeMdl
+    - IoCancelIrp
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - IofCallDriver
+    - ZwMapViewOfSection
+    - ExGetPreviousMode
+    - ZwQuerySystemInformation
+    - ZwUnmapViewOfSection
+    - ZwCreateSection
+    - ExFreePool
+    - KeBugCheckEx
+    - __C_specific_handler
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=CN, ST=Beijing, L=Beijing, O=Beijing JoinHope Image Technology
+                Ltd., CN=Beijing JoinHope Image Technology Ltd.
+            ValidFrom: '2014-05-16 00:00:00'
+            ValidTo: '2015-05-16 23:59:59'
+            Signature: e896f8811ed9938fcbdc8c37f8c029045bb36722791c608d7d59f1d50b9e8923777b3ce973553c8164d7445f038c3720516d74f2f95fd734cd1349c1e6cf17f1c9042f069fb94350f7cd8f36f676fd175742d32adbc5d143423e3bc38bea71f9d021110303529d578ba7aab16d53c61642cf1f7e16964718a083182429d4347a09ea0047d9e53bad112ca5a5a14a180539ceb64000a677709bb70e9e3aea68158977072e7f130f1f99b08c2593b4003523f3f6cd441a7e4d8e88f3a2b871e6a03627dd3dadd97487df1dc5b93119ec65b60d1e4e0248a1978ee7480c08b8b8e54d890e7941aa852cf65d731cf0a6cf66584a0d0fba70d6697ee22a8d859919f4
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0a005d2e2bcd4137168217d8c727747c
+            Version: 3
+            TBS:
+                MD5: 4d213d99215f488050faaa39765656d1
+                SHA1: 0308508b5a3fcd330bbf28931f8e1a9c93c3ee69
+                SHA256: ea947432de238a25fdb7892e436f4ef44f30ab16ae9e1eb914860f4808b25ef2
+                SHA384: 430e932514f35ed55f31f050f33bcc0b9244fd83c6d1d28ee240306e54292e93b5894ef4eb9c09bf84cdc8068c6a7230
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 0a005d2e2bcd4137168217d8c727747c
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: be0dd8b8e045356d600ee55a64d9d197
+    LoadsDespiteHVCI: 'TRUE'
diff --git a/yaml/2d7c96d3-2d6c-44cd-a8a1-5239f571a24a.yaml b/yaml/2d7c96d3-2d6c-44cd-a8a1-5239f571a24a.yaml
index 0f547963e..db97160f5 100644
--- a/yaml/2d7c96d3-2d6c-44cd-a8a1-5239f571a24a.yaml
+++ b/yaml/2d7c96d3-2d6c-44cd-a8a1-5239f571a24a.yaml
@@ -1,212 +1,212 @@
 Id: 2d7c96d3-2d6c-44cd-a8a1-5239f571a24a
+Tags:
+- HW.sys
+Verified: 'TRUE'
 Author: Nasreddine Bencherchali
 Created: '2023-05-06'
 MitreID: T1068
 Category: vulnerable driver
-Verified: 'TRUE'
 Commands:
-  Command: sc.exe create HW.sys binPath=C:\windows\temp\HW.sys type=kernel && sc.exe
-    start HW.sys
-  Description: ''
-  Usecase: Elevate privileges
-  Privileges: kernel
-  OperatingSystem: Windows 10
+    Command: sc.exe create HW.sys binPath=C:\windows\temp\HW.sys type=kernel && sc.exe
+        start HW.sys
+    Description: ''
+    Usecase: Elevate privileges
+    Privileges: kernel
+    OperatingSystem: Windows 10
 Resources:
 - Internal Research
-Acknowledgement:
-  Person: ''
-  Handle: ''
 Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/fd388cf1df06d419b14dedbeb24c6f4dff37bea26018775f09d56b3067f0de2c.yara
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/fd388cf1df06d419b14dedbeb24c6f4dff37bea26018775f09d56b3067f0de2c.yara
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Person: ''
+    Handle: ''
 KnownVulnerableSamples:
-- Filename: HW.sys
-  MD5: 3cf7a55ec897cc938aebb8161cb8e74f
-  SHA1: 22fc833e07dd163315095d32ebcd3b3e377c33a4
-  SHA256: fd388cf1df06d419b14dedbeb24c6f4dff37bea26018775f09d56b3067f0de2c
-  Authentihash:
-    MD5: 22db74f3f2e50ccdeb471c81e3a62532
-    SHA1: 6e87cd3b027a07a810164d618e3f2fce61eb6ec4
-    SHA256: 734b74798a680d2e534c14a033858c4081c7879af1f48037d9d5483aa27a7e90
-  Description: HW - Windows NT-8 (32/64 bit) kernel mode driver for PC ports/memory/PCI
-    access
-  Company: Marvin Test Solutions, Inc.
-  InternalName: Hw.sys
-  OriginalFilename: HW.sys
-  FileVersion: 4.8.2.0
-  Product: HW
-  ProductVersion: 4.8.2.0
-  Copyright: "Copyright \xA9 1996-2015 Marvin Test Solutions, Inc. All Rights Reserved."
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - RtlInitUnicodeString
-  - RtlAppendUnicodeStringToString
-  - ZwClose
-  - ZwOpenProcess
-  - KeReleaseMutex
-  - KeWaitForSingleObject
-  - PsGetCurrentProcessId
-  - KeInitializeDpc
-  - MmGetSystemRoutineAddress
-  - IoDeleteDevice
-  - IoCreateSymbolicLink
-  - KeInitializeMutex
-  - IoCreateDevice
-  - IoDeleteSymbolicLink
-  - PsGetVersion
-  - ZwUnmapViewOfSection
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - ExFreePoolWithTag
-  - MmMapLockedPages
-  - MmBuildMdlForNonPagedPool
-  - IoAllocateMdl
-  - MmMapIoSpace
-  - MmUnmapLockedPages
-  - MmUnmapIoSpace
-  - MmFreeContiguousMemory
-  - MmGetPhysicalAddress
-  - MmAllocateContiguousMemory
-  - IofCallDriver
-  - IoBuildSynchronousFsdRequest
-  - IoGetDeviceProperty
-  - KeInitializeEvent
-  - ObfDereferenceObject
-  - ExAllocatePoolWithTag
-  - ObReferenceObjectByName
-  - IoDriverObjectType
-  - IofCompleteRequest
-  - IoDisconnectInterrupt
-  - KeReleaseInterruptSpinLock
-  - KeAcquireInterruptSpinLock
-  - ExEventObjectType
-  - KeFlushQueuedDpcs
-  - KeInsertQueueDpc
-  - KeSetEvent
-  - IoFreeMdl
-  - ExAllocatePool
-  - HalGetBusDataByOffset
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Timestamping CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2028-01-28 12:00:00'
-      Signature: 4e5e56901e46b4d94931f3bb1739281bc216ddfd41dc0905049b6fb2a29ad6992e40990055b5ea3fa52076d38634d417cc553ac782eeefa8babcd8069f1550dfcd167b523a02d7191afdaff0785ce04bc518df3a241edaacb8a95804020730dbb0125efe31bef00448f4f070f83a5e5683cf3dfb0dbcf4c5ed979db9d4dba52784e3389b8ba735864420a43b6da46a0ba183fd28ebdaef28f6cc885dfb0a3b00abe021ebe22f356c0f8e344597eba2f79933357ecb9a8abb454de73f9fc2d98afa65b26ec77e65ffe892e12c31a2f7b02736488f266f3bee4d761f79c3e57f9635bc2d0ecc01b08e7fff518080a792d4b34446648c874f166307314b63b0dff3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee152d7
-      Version: 3
-      TBS:
-        MD5: e140543fe3256027cfa79fc3c19c1776
-        SHA1: c655f94eb1ecc93de319fc0c9a2dc6c5ec063728
-        SHA256: 3ca71e85908ff67368e4dc00253f5691b9e6d50c966e7784143d75fb92aa3448
-        SHA384: d9d366f9328f2b55ee19a32cc5fd5148b81d764282fe5dc196c872ae249caa51d2c212ef39f33945dfe0cda81925e326
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=SG, O=GMO GlobalSign Pte Ltd, CN=GlobalSign TSA for MS Authenticode
-        , G2
-      ValidFrom: '2015-02-03 00:00:00'
-      ValidTo: '2026-03-03 00:00:00'
-      Signature: 8032dc078d1ca09c9d3c2ae83d218b59a14d7ecc44ce03be7eaabcc4e67b73bb4bf188da904e7537283863b9d72b0f54a956ce7739973073cd9bd9d905451c8da4b8035d4fd91c2e98e0e988e6ecd7057e562a7bf7165ba3ad8f972512841bb25c634a0ad2ef10544782843569289c0ce41f141624fa75dc74726e4ecae36a43afcf7d3648d1bde906912c2fa6c871fdcfbdd89d2198fcafdbde228cafa7f377ef9ddca3704b441af078851ef2a58c39b5dc881c37edad14f5070b26bdbe6d025eb1b8b0586c853a0df6ff5a270cc5de53e7543c564cc94e4c30f6f25cfb1a8cc282bead5991f61b4d557bcf5b01dcfd7ad36f235c32479b01f3c15114468a9b
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112106a081d33fd87ae5824cc16b52094e03
-      Version: 3
-      TBS:
-        MD5: a0ac4d48fe852f7b3ed4e623d59a825f
-        SHA1: d4db9846bc4d7db142eeb364286f6de7c102420c
-        SHA256: 78d2e41a13eb4e9171bae2d2adb192cf39210b5231f77cda936bcfbe8c003bdf
-        SHA384: 990ed96dca5979deeedc98a012279f04efb5559d7e7f5084a12f3802ee9439326557aecefd081cff739b78515b5d7f50
-    - Subject: C=US, ST=CA, L=Irvine, O=Marvin Test Solutions, Inc., CN=Marvin Test
-        Solutions, Inc., emailAddress=it@marvintest.com
-      ValidFrom: '2015-06-17 17:46:36'
-      ValidTo: '2018-05-04 18:44:13'
-      Signature: ab38f2c50cf023223b1fd78c4204cff8fbe1c71ca14bd3dc5d1f7833604526265abcc71a97faae04edf79563c97a75f4587852b1c8cb972771427710112f8fab1c1a01ca13d04301d551ff4c1728798bd5d8e9038ca079a7c1e5fe268f2c87b397bf2038bbee8dabb80be0f2158a468feca435ff9ed8611cf1a7cf0a6756d2defda9934a4c8a6f6dd1577070ca3e6d2ea155f01bae4e0cf05596226810c52e256bf6f7d0632a34bbe3926e083f5eb95bfa614ac331bee378d5a158222731b1edbf1bb3db3915376764e10cffca289cf0478bf9a8e0cf74a85a2a0147aa3ab1b6fb88b69de8c706dc91155126d3b7aaa0fd98b62357a7e30e7c34ef4809009f5d
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1121f0942b1e09a2573e8ab9ce0e3955b2de
-      Version: 3
-      TBS:
-        MD5: 5bdf35241e1bbd3dd8560aba2c4305f1
-        SHA1: 34e844721f998e3b40ee75329c4e5df87e52dc61
-        SHA256: 9441743aa497acefe2535a284e44a4cd55a201965900add8c7d770b0af7a8845
-        SHA384: 83003cfcb03f6cff7f5ca49603bcd9db4b5ebf62dd48a892b7d78e98ecf42726f0e77e9318050b71f5d6c649f92938c8
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2011-04-15 19:55:08'
-      ValidTo: '2021-04-15 20:05:08'
-      Signature: 5ff8d065746a81c6a6ca5b03b6914ae84bbdef2ba142f0efb4a5adcd3389ec0b9585ac62501108aa58d25aa08310e5a6337af25af2c5fe787cf09c83df190ad97396002dd62ccde914d41d9de83f3c1a76f7904efb01350a6c9313a0c356eb67a0e4d17a96dec267f190f80a7bf5321b94ec5f751f8d1b34da6c58a7cb2d279e2226b7c9aa30cc0777b836e38201b5393ccc8dd9a75f7f23b3877fdb5798918bd7ce2520e39d644fdd87f72b68490318e0a5df7c5f68644d36838d4781f2e9e0a869abfa7b163c05a449ea8830190a6c73055178dfd41ddd3ad47f2de44e54be83431e7a7433b4a4ebd77073bc2a02988966eef6bc8f749378e329025a5a43e258ce7ccf9acad236893be25fda26054ec8d4e72c910e1797c5beee8b13112323294ffa83d050f6bafad53db3173df4ff034aa325dce67561d1fa35086bd62744d068b78d45e0eb852cc8a15d614474160e5958aed2b5eea5bcd6d7076ab62978fd976767dd8d4f17944fd2ed0caf972437c3a29c81da6be143b6577b4cecbf791319e79fe844e94781b75e701e91f83dd17b27f50b7056434805dda92fab86101d0b12e31ad04c6e75ded645b30b748887935c564a41029af7aeb799d8b67f88fa11f2457cf4d71b91c01cf1a0fbd4080a411a142acef4eb34486e66879ed54b7a397fbb0e3d3861cf735706e412066bd96b5308cd7018c22d4f974691bca9f0
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 6129152700000000002a
-      Version: 3
-      TBS:
-        MD5: 0bb058d116f02817737920f112d9fd3b
-        SHA1: fd116235171a4feafedee586b7a59185fb5fd7e6
-        SHA256: f970426cc46d2ae0fc5f899fa19dbe76e05f07e525654c60c3c9399492c291f4
-        SHA384: c0df876be008c26ca407fe904e6f5e7ccded17f9c16830ce9f8022309c9e64c97f494810f152811ae43e223b82ad7cc6
-    Signer:
-    - SerialNumber: 1121f0942b1e09a2573e8ab9ce0e3955b2de
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 3389ab434a886ca939bbb64de33ea971
-    SHA1: 38d029a7b63d45c7c386558117cda903c1b15102
-    SHA256: 517ea8a886737da4ba8f7bcdc6041dc0da9073a76e514be5a73d10836ebcbbf0
-  Sections:
-    .text:
-      Entropy: 5.475629198747561
-      Virtual Size: '0x3694'
-    INIT:
-      Entropy: 5.133620054689875
-      Virtual Size: '0x2151'
-    .rdata:
-      Entropy: 4.569984356691087
-      Virtual Size: '0xaec'
-    .pdata:
-      Entropy: 3.983331164222992
-      Virtual Size: '0x318'
-    .rsrc:
-      Entropy: 3.6769129984563755
-      Virtual Size: '0x49c'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2015-06-24 17:52:05'
-  Imphash: bd093a7d5ba5632ee52f3466a688ee55
-  LoadsDespiteHVCI: 'FALSE'
-Tags:
-- HW.sys
+-   Filename: HW.sys
+    MD5: 3cf7a55ec897cc938aebb8161cb8e74f
+    SHA1: 22fc833e07dd163315095d32ebcd3b3e377c33a4
+    SHA256: fd388cf1df06d419b14dedbeb24c6f4dff37bea26018775f09d56b3067f0de2c
+    Authentihash:
+        MD5: 22db74f3f2e50ccdeb471c81e3a62532
+        SHA1: 6e87cd3b027a07a810164d618e3f2fce61eb6ec4
+        SHA256: 734b74798a680d2e534c14a033858c4081c7879af1f48037d9d5483aa27a7e90
+    Description: HW - Windows NT-8 (32/64 bit) kernel mode driver for PC ports/memory/PCI
+        access
+    Company: Marvin Test Solutions, Inc.
+    InternalName: Hw.sys
+    OriginalFilename: HW.sys
+    FileVersion: 4.8.2.0
+    Product: HW
+    ProductVersion: 4.8.2.0
+    Copyright: "Copyright \xA9 1996-2015 Marvin Test Solutions, Inc. All Rights Reserved."
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - RtlInitUnicodeString
+    - RtlAppendUnicodeStringToString
+    - ZwClose
+    - ZwOpenProcess
+    - KeReleaseMutex
+    - KeWaitForSingleObject
+    - PsGetCurrentProcessId
+    - KeInitializeDpc
+    - MmGetSystemRoutineAddress
+    - IoDeleteDevice
+    - IoCreateSymbolicLink
+    - KeInitializeMutex
+    - IoCreateDevice
+    - IoDeleteSymbolicLink
+    - PsGetVersion
+    - ZwUnmapViewOfSection
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - ExFreePoolWithTag
+    - MmMapLockedPages
+    - MmBuildMdlForNonPagedPool
+    - IoAllocateMdl
+    - MmMapIoSpace
+    - MmUnmapLockedPages
+    - MmUnmapIoSpace
+    - MmFreeContiguousMemory
+    - MmGetPhysicalAddress
+    - MmAllocateContiguousMemory
+    - IofCallDriver
+    - IoBuildSynchronousFsdRequest
+    - IoGetDeviceProperty
+    - KeInitializeEvent
+    - ObfDereferenceObject
+    - ExAllocatePoolWithTag
+    - ObReferenceObjectByName
+    - IoDriverObjectType
+    - IofCompleteRequest
+    - IoDisconnectInterrupt
+    - KeReleaseInterruptSpinLock
+    - KeAcquireInterruptSpinLock
+    - ExEventObjectType
+    - KeFlushQueuedDpcs
+    - KeInsertQueueDpc
+    - KeSetEvent
+    - IoFreeMdl
+    - ExAllocatePool
+    - HalGetBusDataByOffset
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Timestamping CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2028-01-28 12:00:00'
+            Signature: 4e5e56901e46b4d94931f3bb1739281bc216ddfd41dc0905049b6fb2a29ad6992e40990055b5ea3fa52076d38634d417cc553ac782eeefa8babcd8069f1550dfcd167b523a02d7191afdaff0785ce04bc518df3a241edaacb8a95804020730dbb0125efe31bef00448f4f070f83a5e5683cf3dfb0dbcf4c5ed979db9d4dba52784e3389b8ba735864420a43b6da46a0ba183fd28ebdaef28f6cc885dfb0a3b00abe021ebe22f356c0f8e344597eba2f79933357ecb9a8abb454de73f9fc2d98afa65b26ec77e65ffe892e12c31a2f7b02736488f266f3bee4d761f79c3e57f9635bc2d0ecc01b08e7fff518080a792d4b34446648c874f166307314b63b0dff3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee152d7
+            Version: 3
+            TBS:
+                MD5: e140543fe3256027cfa79fc3c19c1776
+                SHA1: c655f94eb1ecc93de319fc0c9a2dc6c5ec063728
+                SHA256: 3ca71e85908ff67368e4dc00253f5691b9e6d50c966e7784143d75fb92aa3448
+                SHA384: d9d366f9328f2b55ee19a32cc5fd5148b81d764282fe5dc196c872ae249caa51d2c212ef39f33945dfe0cda81925e326
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=SG, O=GMO GlobalSign Pte Ltd, CN=GlobalSign TSA for MS Authenticode
+                , G2
+            ValidFrom: '2015-02-03 00:00:00'
+            ValidTo: '2026-03-03 00:00:00'
+            Signature: 8032dc078d1ca09c9d3c2ae83d218b59a14d7ecc44ce03be7eaabcc4e67b73bb4bf188da904e7537283863b9d72b0f54a956ce7739973073cd9bd9d905451c8da4b8035d4fd91c2e98e0e988e6ecd7057e562a7bf7165ba3ad8f972512841bb25c634a0ad2ef10544782843569289c0ce41f141624fa75dc74726e4ecae36a43afcf7d3648d1bde906912c2fa6c871fdcfbdd89d2198fcafdbde228cafa7f377ef9ddca3704b441af078851ef2a58c39b5dc881c37edad14f5070b26bdbe6d025eb1b8b0586c853a0df6ff5a270cc5de53e7543c564cc94e4c30f6f25cfb1a8cc282bead5991f61b4d557bcf5b01dcfd7ad36f235c32479b01f3c15114468a9b
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112106a081d33fd87ae5824cc16b52094e03
+            Version: 3
+            TBS:
+                MD5: a0ac4d48fe852f7b3ed4e623d59a825f
+                SHA1: d4db9846bc4d7db142eeb364286f6de7c102420c
+                SHA256: 78d2e41a13eb4e9171bae2d2adb192cf39210b5231f77cda936bcfbe8c003bdf
+                SHA384: 990ed96dca5979deeedc98a012279f04efb5559d7e7f5084a12f3802ee9439326557aecefd081cff739b78515b5d7f50
+        -   Subject: C=US, ST=CA, L=Irvine, O=Marvin Test Solutions, Inc., CN=Marvin
+                Test Solutions, Inc., emailAddress=it@marvintest.com
+            ValidFrom: '2015-06-17 17:46:36'
+            ValidTo: '2018-05-04 18:44:13'
+            Signature: ab38f2c50cf023223b1fd78c4204cff8fbe1c71ca14bd3dc5d1f7833604526265abcc71a97faae04edf79563c97a75f4587852b1c8cb972771427710112f8fab1c1a01ca13d04301d551ff4c1728798bd5d8e9038ca079a7c1e5fe268f2c87b397bf2038bbee8dabb80be0f2158a468feca435ff9ed8611cf1a7cf0a6756d2defda9934a4c8a6f6dd1577070ca3e6d2ea155f01bae4e0cf05596226810c52e256bf6f7d0632a34bbe3926e083f5eb95bfa614ac331bee378d5a158222731b1edbf1bb3db3915376764e10cffca289cf0478bf9a8e0cf74a85a2a0147aa3ab1b6fb88b69de8c706dc91155126d3b7aaa0fd98b62357a7e30e7c34ef4809009f5d
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1121f0942b1e09a2573e8ab9ce0e3955b2de
+            Version: 3
+            TBS:
+                MD5: 5bdf35241e1bbd3dd8560aba2c4305f1
+                SHA1: 34e844721f998e3b40ee75329c4e5df87e52dc61
+                SHA256: 9441743aa497acefe2535a284e44a4cd55a201965900add8c7d770b0af7a8845
+                SHA384: 83003cfcb03f6cff7f5ca49603bcd9db4b5ebf62dd48a892b7d78e98ecf42726f0e77e9318050b71f5d6c649f92938c8
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2011-04-15 19:55:08'
+            ValidTo: '2021-04-15 20:05:08'
+            Signature: 5ff8d065746a81c6a6ca5b03b6914ae84bbdef2ba142f0efb4a5adcd3389ec0b9585ac62501108aa58d25aa08310e5a6337af25af2c5fe787cf09c83df190ad97396002dd62ccde914d41d9de83f3c1a76f7904efb01350a6c9313a0c356eb67a0e4d17a96dec267f190f80a7bf5321b94ec5f751f8d1b34da6c58a7cb2d279e2226b7c9aa30cc0777b836e38201b5393ccc8dd9a75f7f23b3877fdb5798918bd7ce2520e39d644fdd87f72b68490318e0a5df7c5f68644d36838d4781f2e9e0a869abfa7b163c05a449ea8830190a6c73055178dfd41ddd3ad47f2de44e54be83431e7a7433b4a4ebd77073bc2a02988966eef6bc8f749378e329025a5a43e258ce7ccf9acad236893be25fda26054ec8d4e72c910e1797c5beee8b13112323294ffa83d050f6bafad53db3173df4ff034aa325dce67561d1fa35086bd62744d068b78d45e0eb852cc8a15d614474160e5958aed2b5eea5bcd6d7076ab62978fd976767dd8d4f17944fd2ed0caf972437c3a29c81da6be143b6577b4cecbf791319e79fe844e94781b75e701e91f83dd17b27f50b7056434805dda92fab86101d0b12e31ad04c6e75ded645b30b748887935c564a41029af7aeb799d8b67f88fa11f2457cf4d71b91c01cf1a0fbd4080a411a142acef4eb34486e66879ed54b7a397fbb0e3d3861cf735706e412066bd96b5308cd7018c22d4f974691bca9f0
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 6129152700000000002a
+            Version: 3
+            TBS:
+                MD5: 0bb058d116f02817737920f112d9fd3b
+                SHA1: fd116235171a4feafedee586b7a59185fb5fd7e6
+                SHA256: f970426cc46d2ae0fc5f899fa19dbe76e05f07e525654c60c3c9399492c291f4
+                SHA384: c0df876be008c26ca407fe904e6f5e7ccded17f9c16830ce9f8022309c9e64c97f494810f152811ae43e223b82ad7cc6
+        Signer:
+        -   SerialNumber: 1121f0942b1e09a2573e8ab9ce0e3955b2de
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 3389ab434a886ca939bbb64de33ea971
+        SHA1: 38d029a7b63d45c7c386558117cda903c1b15102
+        SHA256: 517ea8a886737da4ba8f7bcdc6041dc0da9073a76e514be5a73d10836ebcbbf0
+    Sections:
+        .text:
+            Entropy: 5.475629198747561
+            Virtual Size: '0x3694'
+        INIT:
+            Entropy: 5.133620054689875
+            Virtual Size: '0x2151'
+        .rdata:
+            Entropy: 4.569984356691087
+            Virtual Size: '0xaec'
+        .pdata:
+            Entropy: 3.983331164222992
+            Virtual Size: '0x318'
+        .rsrc:
+            Entropy: 3.6769129984563755
+            Virtual Size: '0x49c'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2015-06-24 17:52:05'
+    Imphash: bd093a7d5ba5632ee52f3466a688ee55
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/2da3a276-9e38-4ee6-903d-d15f7c355e7c.yaml b/yaml/2da3a276-9e38-4ee6-903d-d15f7c355e7c.yaml
index 7df88986b..7a5e87e1f 100644
--- a/yaml/2da3a276-9e38-4ee6-903d-d15f7c355e7c.yaml
+++ b/yaml/2da3a276-9e38-4ee6-903d-d15f7c355e7c.yaml
@@ -1,2193 +1,2195 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 2da3a276-9e38-4ee6-903d-d15f7c355e7c
+Tags:
+- vboxdrv.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create vboxdrv.sys binPath=C:\windows\temp\vboxdrv.sys type=kernel
-    && sc.exe start vboxdrv.sys
-  Description: Used by unknown actor in Acid Rain malware. vboxdrv.sys is a vulnerable
-    driver.
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/78827fa00ea48d96ac9af8d1c1e317d02ce11793e7f7f6e4c7aac7b5d7dd490f.yara
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: 2da3a276-9e38-4ee6-903d-d15f7c355e7c
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 368a4f14c62575191a0f1f3464513964
-    SHA1: 3ce88266cfc41e8980d4c185235fd55999f5a67a
-    SHA256: a5a2fe8ab935cf47f21e0c5e0de11a98271054109827dc930293b947d3b05079
-  Company: Sun Microsystems, Inc.
-  Copyright: Copyright (C) 2009 Sun Microsystems, Inc.
-  CreationTimestamp: '2009-04-07 12:30:47'
-  Date: ''
-  Description: VirtualBox Support Driver
-  ExportedFunctions:
-  - AssertMsg1
-  - AssertMsg2
-  - RTAssertShouldPanic
-  - RTErrConvertFromNtStatus
-  - RTLogCloneRC
-  - RTLogComPrintf
-  - RTLogComPrintfV
-  - RTLogCopyGroupsAndFlags
-  - RTLogCreate
-  - RTLogCreateEx
-  - RTLogCreateExV
-  - RTLogDefaultInit
-  - RTLogDefaultInstance
-  - RTLogDestroy
-  - RTLogFlags
-  - RTLogFlush
-  - RTLogFlushRC
-  - RTLogFlushToLogger
-  - RTLogFormatV
-  - RTLogGetDefaultInstance
-  - RTLogGroupSettings
-  - RTLogLogger
-  - RTLogLoggerEx
-  - RTLogLoggerExV
-  - RTLogLoggerV
-  - RTLogPrintf
-  - RTLogPrintfV
-  - RTLogRelDefaultInstance
-  - RTLogRelLoggerV
-  - RTLogRelPrintfV
-  - RTLogRelSetDefaultInstance
-  - RTLogSetDefaultInstance
-  - RTLogSetDefaultInstanceThread
-  - RTLogWriteCom
-  - RTLogWriteDebugger
-  - RTLogWriteStdErr
-  - RTLogWriteStdOut
-  - RTLogWriteUser
-  - RTMemAlloc
-  - RTMemAllocZ
-  - RTMemContAlloc
-  - RTMemContFree
-  - RTMemDup
-  - RTMemDupEx
-  - RTMemExecAlloc
-  - RTMemExecFree
-  - RTMemFree
-  - RTMemRealloc
-  - RTMemTmpAlloc
-  - RTMemTmpAllocZ
-  - RTMemTmpFree
-  - RTMpCpuId
-  - RTMpCpuIdFromSetIndex
-  - RTMpCpuIdToSetIndex
-  - RTMpGetCount
-  - RTMpGetMaxCpuId
-  - RTMpGetOnlineCount
-  - RTMpGetOnlineSet
-  - RTMpGetSet
-  - RTMpIsCpuOnline
-  - RTMpIsCpuPossible
-  - RTMpIsCpuWorkPending
-  - RTMpNotificationDeregister
-  - RTMpNotificationRegister
-  - RTMpOnAll
-  - RTMpOnOthers
-  - RTMpOnSpecific
-  - RTPowerNotificationDeregister
-  - RTPowerNotificationRegister
-  - RTPowerSignalEvent
-  - RTProcSelf
-  - RTR0Init
-  - RTR0MemObjAddress
-  - RTR0MemObjAddressR3
-  - RTR0MemObjAllocCont
-  - RTR0MemObjAllocLow
-  - RTR0MemObjAllocPage
-  - RTR0MemObjAllocPhys
-  - RTR0MemObjAllocPhysNC
-  - RTR0MemObjEnterPhys
-  - RTR0MemObjFree
-  - RTR0MemObjGetPagePhysAddr
-  - RTR0MemObjIsMapping
-  - RTR0MemObjLockKernel
-  - RTR0MemObjLockUser
-  - RTR0MemObjMapKernel
-  - RTR0MemObjMapKernelEx
-  - RTR0MemObjMapUser
-  - RTR0MemObjReserveKernel
-  - RTR0MemObjReserveUser
-  - RTR0MemObjSize
-  - RTR0ProcHandleSelf
-  - RTR0Term
-  - RTSemEventCreate
-  - RTSemEventDestroy
-  - RTSemEventMultiCreate
-  - RTSemEventMultiDestroy
-  - RTSemEventMultiReset
-  - RTSemEventMultiSignal
-  - RTSemEventMultiWait
-  - RTSemEventMultiWaitNoResume
-  - RTSemEventSignal
-  - RTSemEventWait
-  - RTSemEventWaitNoResume
-  - RTSemFastMutexCreate
-  - RTSemFastMutexDestroy
-  - RTSemFastMutexRelease
-  - RTSemFastMutexRequest
-  - RTSpinlockAcquire
-  - RTSpinlockAcquireNoInts
-  - RTSpinlockCreate
-  - RTSpinlockDestroy
-  - RTSpinlockRelease
-  - RTSpinlockReleaseNoInts
-  - RTStrFormat
-  - RTStrFormatNumber
-  - RTStrFormatTypeDeregister
-  - RTStrFormatTypeRegister
-  - RTStrFormatTypeSetUser
-  - RTStrFormatV
-  - RTStrPrintf
-  - RTStrPrintfEx
-  - RTStrPrintfExV
-  - RTStrPrintfV
-  - RTStrToInt16
-  - RTStrToInt16Ex
-  - RTStrToInt16Full
-  - RTStrToInt32
-  - RTStrToInt32Ex
-  - RTStrToInt32Full
-  - RTStrToInt64
-  - RTStrToInt64Ex
-  - RTStrToInt64Full
-  - RTStrToInt8
-  - RTStrToInt8Ex
-  - RTStrToInt8Full
-  - RTStrToUInt16
-  - RTStrToUInt16Ex
-  - RTStrToUInt16Full
-  - RTStrToUInt32
-  - RTStrToUInt32Ex
-  - RTStrToUInt32Full
-  - RTStrToUInt64
-  - RTStrToUInt64Ex
-  - RTStrToUInt64Full
-  - RTStrToUInt8
-  - RTStrToUInt8Ex
-  - RTStrToUInt8Full
-  - RTThreadNativeSelf
-  - RTThreadPreemptDisable
-  - RTThreadPreemptIsEnabled
-  - RTThreadPreemptRestore
-  - RTThreadSleep
-  - RTThreadYield
-  - RTTimeMilliTS
-  - RTTimeNanoTS
-  - RTTimeNow
-  - RTTimeSystemMilliTS
-  - RTTimeSystemNanoTS
-  - RTTimerCreateEx
-  - RTTimerDestroy
-  - RTTimerGetSystemGranularity
-  - RTTimerReleaseSystemGranularity
-  - RTTimerRequestSystemGranularity
-  - RTTimerStart
-  - RTTimerStop
-  - SUPR0ComponentDeregisterFactory
-  - SUPR0ComponentQueryFactory
-  - SUPR0ComponentRegisterFactory
-  - SUPR0ContAlloc
-  - SUPR0ContFree
-  - SUPR0EnableVTx
-  - SUPR0GetPagingMode
-  - SUPR0GipMap
-  - SUPR0GipUnmap
-  - SUPR0LockMem
-  - SUPR0LowAlloc
-  - SUPR0LowFree
-  - SUPR0MemAlloc
-  - SUPR0MemFree
-  - SUPR0MemGetPhys
-  - SUPR0ObjAddRef
-  - SUPR0ObjAddRefEx
-  - SUPR0ObjRegister
-  - SUPR0ObjRelease
-  - SUPR0ObjVerifyAccess
-  - SUPR0PageAlloc
-  - SUPR0PageAllocEx
-  - SUPR0PageFree
-  - SUPR0PageMapKernel
-  - SUPR0UnlockMem
-  - g_szRTAssertMsg1
-  - g_szRTAssertMsg2
-  FileVersion: 2.2.0.r45846
-  Filename: vboxdrv.sys
-  ImportedFunctions:
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - ObfDereferenceObject
-  - ExUnregisterCallback
-  - IofCompleteRequest
-  - DbgPrint
-  - IoIs32bitProcess
-  - ExRegisterCallback
-  - ExCreateCallback
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - IoGetStackLimits
-  - memchr
-  - strncmp
-  - KeInitializeEvent
-  - ExAcquireFastMutex
-  - ExReleaseFastMutex
-  - KeSetEvent
-  - KeWaitForSingleObject
-  - KeResetEvent
-  - KeAcquireSpinLockRaiseToDpc
-  - KeReleaseSpinLock
-  - KeDelayExecutionThread
-  - ZwYieldExecution
-  - ExFreePoolWithTag
-  - KeInsertQueueDpc
-  - KeSetTargetProcessorDpc
-  - KeSetImportanceDpc
-  - KeInitializeDpc
-  - ExAllocatePoolWithTag
-  - KeQueryActiveProcessors
-  - strchr
-  - PsGetCurrentProcessId
-  - IoGetCurrentProcess
-  - KeSetTimerEx
-  - KeRemoveQueueDpc
-  - KeCancelTimer
-  - KeInitializeTimerEx
-  - KeQueryTimeIncrement
-  - MmGetSystemRoutineAddress
-  - MmFreeContiguousMemory
-  - MmGetPhysicalAddress
-  - MmAllocateContiguousMemory
-  - MmUnmapIoSpace
-  - MmUnlockPages
-  - IoFreeMdl
-  - MmFreePagesFromMdl
-  - MmUnsecureVirtualMemory
-  - MmUnmapLockedPages
-  - MmProtectMdlSystemAddress
-  - MmBuildMdlForNonPagedPool
-  - IoAllocateMdl
-  - MmAllocatePagesForMdl
-  - __C_specific_handler
-  - MmSecureVirtualMemory
-  - MmProbeAndLockPages
-  - MmMapIoSpace
-  - MmMapLockedPagesSpecifyCache
-  Imports:
-  - ntoskrnl.exe
-  InternalName: VBoxDrv.sys
-  MD5: bce7f34912ff59a3926216b206deb09f
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: VBoxDrv.sys
-  Product: Sun VirtualBox
-  ProductVersion: 2.2.0.r45846
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 778da7e612af67a3de121ab863ceed34
-    SHA1: 4c054a77104d0843f0a0f79ba3cdd6f7a500a261
-    SHA256: c7ad11fb172299df62c32563cb4c0c6c44c833b76897b86057a544ce552b39ca
-  SHA1: 696d68bdbe1d684029aaad2861c49af56694473a
-  SHA256: 78827fa00ea48d96ac9af8d1c1e317d02ce11793e7f7f6e4c7aac7b5d7dd490f
-  Sections:
-    .text:
-      Entropy: 6.374436237194225
-      Virtual Size: '0x14d26'
-    .rdata:
-      Entropy: 5.492063385586473
-      Virtual Size: '0x6ca4'
-    .data:
-      Entropy: 2.136306008585543
-      Virtual Size: '0x35b4'
-    .pdata:
-      Entropy: 5.201973567849435
-      Virtual Size: '0x1f20'
-    .edata:
-      Entropy: 5.704943815176372
-      Virtual Size: '0x14d5'
-    INIT:
-      Entropy: 4.983784792331664
-      Virtual Size: '0x6fc'
-    .rsrc:
-      Entropy: 3.308916632980912
-      Virtual Size: '0x398'
-    .reloc:
-      Entropy: 4.900332523869931
-      Virtual Size: '0x672'
-  Signature:
-  - Sun Microsystems, Inc.
-  - VeriSign Class 3 Code Signing 2004 CA
-  - VeriSign Class 3 Public Primary CA
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=US, ST=California, L=Menlo Park, O=Sun Microsystems, Inc., OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, CN=Sun Microsystems, Inc.
-      ValidFrom: '2008-06-11 00:00:00'
-      ValidTo: '2011-06-11 23:59:59'
-      Signature: 537c2adf2d3f7cf7cfc86476029fe81f7b8f12596a595cda0d5fbbfd227cce6bce2f8ad1af7fbb1a92a8b8de23a8797748094aae39bc845308e3ccd8fb9dc09b51bdf7b26c4eb8fb4052a8bdc714eaf36fca04d720e06798e36308c2fcaf50c48e61087a3ba0c4b0e77972a69af1ecc9d05e3f001e02ad94db98aa5e1453b541b0c257337fd78bb0372dc7841987424e0abce9cb1f0102a934bd037475b39cfe29dc27e77b3eb89fe805f8c6b1574d768dd2805d1a4b98143b7b6208abfebe7645a607084b1fd13ec7f088ac49cd5adc916090bcebe2e63786a7b80a009abd81349a9f34e135a7f4a2d569be474fe316b1b9f06ddf4d90a6650f7340181a27e1
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 693a64818c1e086b1b15aee63fa054a2
-      Version: 3
-      TBS:
-        MD5: 50b256a55cdc23561dd4aa76abed4fd9
-        SHA1: b3ee591b9218cfdcd394180558bd01bb674df627
-        SHA256: fc1c2199740f069b26f02d81313408734051ecb7fa216b2a86458938fac6a909
-        SHA384: 81c9c8b202f6fe3354dd5503ef9ee6d418b9a28064968506bc2c49d7bd0efbaa9da9ce51d7c384992aa531ca905442a7
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 693a64818c1e086b1b15aee63fa054a2
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  Imphash: 6723b1d5bd0f1fc13216cb44541e619e
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: d146876f270e848875465ed081396d3b
-    SHA1: c54fe31ff5c3cfe1937b7b0906882a1786f453b6
-    SHA256: 597e7d5feb149d9087888926d1454dc06f1078ab18c948b44f090910da8645f8
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2008-05-30 20:18:53'
-  Date: ''
-  Description: ''
-  ExportedFunctions:
-  - AssertMsg1
-  - RTAssertDoBreakpoint
-  - RTErrConvertFromNtStatus
-  - RTLogDefaultInstance
-  - RTLogLogger
-  - RTLogLoggerEx
-  - RTLogLoggerExV
-  - RTLogPrintf
-  - RTLogPrintfV
-  - RTLogRelDefaultInstance
-  - RTLogSetDefaultInstanceThread
-  - RTMemAlloc
-  - RTMemAllocZ
-  - RTMemContAlloc
-  - RTMemContFree
-  - RTMemExecAlloc
-  - RTMemExecFree
-  - RTMemFree
-  - RTMemRealloc
-  - RTMemTmpAlloc
-  - RTMemTmpAllocZ
-  - RTMemTmpFree
-  - RTMpCpuId
-  - RTMpCpuIdFromSetIndex
-  - RTMpCpuIdToSetIndex
-  - RTMpDoesCpuExist
-  - RTMpGetCount
-  - RTMpGetMaxCpuId
-  - RTMpGetOnlineCount
-  - RTMpGetOnlineSet
-  - RTMpGetSet
-  - RTMpIsCpuOnline
-  - RTMpOnAll
-  - RTMpOnOthers
-  - RTMpOnSpecific
-  - RTProcSelf
-  - RTR0MemObjAddress
-  - RTR0MemObjAddressR3
-  - RTR0MemObjAllocCont
-  - RTR0MemObjAllocLow
-  - RTR0MemObjAllocPage
-  - RTR0MemObjAllocPhys
-  - RTR0MemObjAllocPhysNC
-  - RTR0MemObjEnterPhys
-  - RTR0MemObjFree
-  - RTR0MemObjGetPagePhysAddr
-  - RTR0MemObjIsMapping
-  - RTR0MemObjLockKernel
-  - RTR0MemObjLockUser
-  - RTR0MemObjMapKernel
-  - RTR0MemObjMapUser
-  - RTR0MemObjReserveKernel
-  - RTR0MemObjReserveUser
-  - RTR0MemObjSize
-  - RTR0ProcHandleSelf
-  - RTSemEventCreate
-  - RTSemEventDestroy
-  - RTSemEventMultiCreate
-  - RTSemEventMultiDestroy
-  - RTSemEventMultiReset
-  - RTSemEventMultiSignal
-  - RTSemEventMultiWait
-  - RTSemEventMultiWaitNoResume
-  - RTSemEventSignal
-  - RTSemEventWait
-  - RTSemEventWaitNoResume
-  - RTSemFastMutexCreate
-  - RTSemFastMutexDestroy
-  - RTSemFastMutexRelease
-  - RTSemFastMutexRequest
-  - RTSpinlockAcquire
-  - RTSpinlockAcquireNoInts
-  - RTSpinlockCreate
-  - RTSpinlockDestroy
-  - RTSpinlockRelease
-  - RTSpinlockReleaseNoInts
-  - RTThreadNativeSelf
-  - RTThreadSleep
-  - RTThreadYield
-  - SUPR0ContAlloc
-  - SUPR0ContFree
-  - SUPR0GipMap
-  - SUPR0GipUnmap
-  - SUPR0LockMem
-  - SUPR0LowAlloc
-  - SUPR0LowFree
-  - SUPR0MemAlloc
-  - SUPR0MemFree
-  - SUPR0MemGetPhys
-  - SUPR0ObjAddRef
-  - SUPR0ObjRegister
-  - SUPR0ObjRelease
-  - SUPR0ObjVerifyAccess
-  - SUPR0PageAlloc
-  - SUPR0PageFree
-  - SUPR0UnlockMem
-  FileVersion: ''
-  Filename: vboxdrv.sys
-  ImportedFunctions:
-  - IofCompleteRequest
-  - DbgPrint
-  - IoIs32bitProcess
-  - MmFreeContiguousMemory
-  - IoFreeMdl
-  - MmGetSystemRoutineAddress
-  - RtlInitUnicodeString
-  - KeCancelTimer
-  - KeInsertQueueDpc
-  - __C_specific_handler
-  - MmMapLockedPagesSpecifyCache
-  - MmUnmapLockedPages
-  - KeSetTimerEx
-  - ExSetTimerResolution
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - KeSetTargetProcessorDpc
-  - KeSetImportanceDpc
-  - KeInitializeDpc
-  - KeInitializeTimerEx
-  - MmGetPhysicalAddress
-  - KeQueryActiveProcessors
-  - MmBuildMdlForNonPagedPool
-  - IoAllocateMdl
-  - MmAllocateContiguousMemory
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - memchr
-  - strncmp
-  - PsGetCurrentProcessId
-  - IoGetCurrentProcess
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - KeDelayExecutionThread
-  - ZwYieldExecution
-  - KeAcquireSpinLockRaiseToDpc
-  - KeReleaseSpinLock
-  - KeInitializeEvent
-  - KeSetEvent
-  - KeResetEvent
-  - KeWaitForSingleObject
-  - ExAcquireFastMutex
-  - ExReleaseFastMutex
-  - MmUnmapIoSpace
-  - MmUnlockPages
-  - MmFreePagesFromMdl
-  - MmUnsecureVirtualMemory
-  - MmProtectMdlSystemAddress
-  - MmAllocatePagesForMdl
-  - MmSecureVirtualMemory
-  - MmProbeAndLockPages
-  - MmMapIoSpace
-  Imports:
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: eaea9ccb40c82af8f3867cd0f4dd5e9d
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 3b563e832ffe657653773aabadea926a
-    SHA1: 910da2f8bdc0e1356a2a9f1b160740665b223894
-    SHA256: d782f2dfed49e4cd3b9496d9190619a0984ef2c034a6f866915323122f3a036f
-  SHA1: 7c1b25518dee1e30b5a6eaa1ea8e4a3780c24d0c
-  SHA256: cf3a7d4285d65bf8688215407bce1b51d7c6b22497f09021f0fce31cbeb78986
-  Sections:
-    .text:
-      Entropy: 6.2039165195201695
-      Virtual Size: '0x856e'
-    .rdata:
-      Entropy: 5.607114485004288
-      Virtual Size: '0x2a58'
-    .data:
-      Entropy: 1.9666645281474864
-      Virtual Size: '0x1d00'
-    .pdata:
-      Entropy: 4.674336635214751
-      Virtual Size: '0xcf0'
-    .edata:
-      Entropy: 5.350712994836838
-      Virtual Size: '0xa72'
-    INIT:
-      Entropy: 4.871003292573194
-      Virtual Size: '0x638'
-    .reloc:
-      Entropy: 3.745971599596066
-      Virtual Size: '0x13c'
-  Signature:
-  - innotek GmbH
-  - GlobalSign ObjectSign CA
-  - GlobalSign Primary Object Publishing CA
-  - GlobalSign Root CA - R1
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=DE, O=innotek GmbH, CN=innotek GmbH, emailAddress=info@innotek.de
-      ValidFrom: '2007-12-27 14:37:17'
-      ValidTo: '2010-12-27 14:37:17'
-      Signature: 2a6d31919705290526ee3286d2825883af75a52ec1257276e9ab0eeff47a83adeab4bc2068eb7f76f84a356d466012e17b91d4f5c2913d28c73ee15018243e2ba7487f70d21f954eeeefb9854fc980d1ee61bf9a779e6e9a661938d7d9d6d101ddb49a9917264622f0ce4d63ac106b50769c38e9361a34f6cf5c5cae3ef50eb2a49d0f02c001af28d1f1fe250f2c99e5436b485a107eab17295180e5750eb31faee1ea0937a827bc140906a014b85409d8c48afbfcee20bf53f4e74661c1f555823c4bee18fde06e1e3e44fb8930e3ea84385e5006fd994fe8e69205a84ed7ed0f25c7b9f8fcb6f7d5b30188c27bf99050175afb1fc60f89ed2462ce999ca5dc
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 010000000001171c092665
-      Version: 3
-      TBS:
-        MD5: 5cfd8530475b20ed5a2bed70b37ee977
-        SHA1: 4761dbd41ba2b01f21b9306ca21e8add93a30f09
-        SHA256: 219041cc8d9e3248c69d9b116d440a0bbaa6aa500aa0c5de2d5af15908d83c7f
-        SHA384: 46dcdf272bf47e608519abe5183dae12858d1b3763b78d7f5212be2adc021325e7f7a2ff3e18cc9b5307f43a61b184c5
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
-        Primary Object Publishing CA
-      ValidFrom: '1999-01-28 12:00:00'
-      ValidTo: '2014-01-27 11:00:00'
-      Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9611cd6
-      Version: 3
-      TBS:
-        MD5: 698f075151097d84c0b1f3e7bc3d6fca
-        SHA1: 041750993d7c9e063f02dfe74699598640911aab
-        SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
-        SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      ValidFrom: '2004-01-22 09:00:00'
-      ValidTo: '2014-01-27 10:00:00'
-      Signature: 11d45d8af43d0d9d7e4fa70071610b56b34caa70e1b2d1dec7886d1d897c2ba946e58b1f8e4cc26695911fe34d394ae31b70b7446edc068a4d6d25e89812dcbca0dd864eae8f81130540905a542529944acaf165b4ef0679dae7cb86f004c918dcee72b320015748dfe333e12ccd9c077f9447278d888d340ca67c5c20c17d07b3736b648c26d29bd7e87965a6a891a174862a050282c1847cf279cd3c2a2b0f99291eea8c8a1ab16aeaa266380e65e1add8c6c91f888d3976ee1782c4138d97ce6341e77af5b4b66c15c33813b3930b620688dde1447f10a950248b60dc05f75ba514b27b56720b96eabffc057090659e051ca4dd07af4b57dec639673bc574
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9612448
-      Version: 3
-      TBS:
-        MD5: 2fc76031fc24eec1ef3db2d246d21d6a
-        SHA1: 75c3a1f76b9dfa31ef6bf56325e7bd0bf6e4779d
-        SHA256: 9238292d441c56dc89684c253343c17de3ed9cecd7f83d1d8f793b5ebc91f7b9
-        SHA384: 9279c1377eb701fdd79ef85038ff151cd8902169ba55fca84b9850f003563f73a1daaf869544252a2e42f06f58d2275f
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 010000000001171c092665
-      Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      Version: 1
-  Imphash: b262e8d078ede007ebd0aa71b9152863
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 8dee0a554d557c93b06a9f03f028c7f6
-    SHA1: cbe79825ff30fef67ee1f9ba01e7b880759f1f25
-    SHA256: 1d1bd2235d422954506b1bdb3070d9d8bada3fb7f9e4f658036031294b3a95df
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2008-05-30 20:18:53'
-  Date: ''
-  Description: ''
-  ExportedFunctions:
-  - AssertMsg1
-  - RTAssertDoBreakpoint
-  - RTErrConvertFromNtStatus
-  - RTLogDefaultInstance
-  - RTLogLogger
-  - RTLogLoggerEx
-  - RTLogLoggerExV
-  - RTLogPrintf
-  - RTLogPrintfV
-  - RTLogRelDefaultInstance
-  - RTLogSetDefaultInstanceThread
-  - RTMemAlloc
-  - RTMemAllocZ
-  - RTMemContAlloc
-  - RTMemContFree
-  - RTMemExecAlloc
-  - RTMemExecFree
-  - RTMemFree
-  - RTMemRealloc
-  - RTMemTmpAlloc
-  - RTMemTmpAllocZ
-  - RTMemTmpFree
-  - RTMpCpuId
-  - RTMpCpuIdFromSetIndex
-  - RTMpCpuIdToSetIndex
-  - RTMpDoesCpuExist
-  - RTMpGetCount
-  - RTMpGetMaxCpuId
-  - RTMpGetOnlineCount
-  - RTMpGetOnlineSet
-  - RTMpGetSet
-  - RTMpIsCpuOnline
-  - RTMpOnAll
-  - RTMpOnOthers
-  - RTMpOnSpecific
-  - RTProcSelf
-  - RTR0MemObjAddress
-  - RTR0MemObjAddressR3
-  - RTR0MemObjAllocCont
-  - RTR0MemObjAllocLow
-  - RTR0MemObjAllocPage
-  - RTR0MemObjAllocPhys
-  - RTR0MemObjAllocPhysNC
-  - RTR0MemObjEnterPhys
-  - RTR0MemObjFree
-  - RTR0MemObjGetPagePhysAddr
-  - RTR0MemObjIsMapping
-  - RTR0MemObjLockKernel
-  - RTR0MemObjLockUser
-  - RTR0MemObjMapKernel
-  - RTR0MemObjMapUser
-  - RTR0MemObjReserveKernel
-  - RTR0MemObjReserveUser
-  - RTR0MemObjSize
-  - RTR0ProcHandleSelf
-  - RTSemEventCreate
-  - RTSemEventDestroy
-  - RTSemEventMultiCreate
-  - RTSemEventMultiDestroy
-  - RTSemEventMultiReset
-  - RTSemEventMultiSignal
-  - RTSemEventMultiWait
-  - RTSemEventMultiWaitNoResume
-  - RTSemEventSignal
-  - RTSemEventWait
-  - RTSemEventWaitNoResume
-  - RTSemFastMutexCreate
-  - RTSemFastMutexDestroy
-  - RTSemFastMutexRelease
-  - RTSemFastMutexRequest
-  - RTSpinlockAcquire
-  - RTSpinlockAcquireNoInts
-  - RTSpinlockCreate
-  - RTSpinlockDestroy
-  - RTSpinlockRelease
-  - RTSpinlockReleaseNoInts
-  - RTThreadNativeSelf
-  - RTThreadSleep
-  - RTThreadYield
-  - SUPR0ContAlloc
-  - SUPR0ContFree
-  - SUPR0GipMap
-  - SUPR0GipUnmap
-  - SUPR0LockMem
-  - SUPR0LowAlloc
-  - SUPR0LowFree
-  - SUPR0MemAlloc
-  - SUPR0MemFree
-  - SUPR0MemGetPhys
-  - SUPR0ObjAddRef
-  - SUPR0ObjRegister
-  - SUPR0ObjRelease
-  - SUPR0ObjVerifyAccess
-  - SUPR0PageAlloc
-  - SUPR0PageFree
-  - SUPR0UnlockMem
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - IofCompleteRequest
-  - DbgPrint
-  - IoIs32bitProcess
-  - MmFreeContiguousMemory
-  - IoFreeMdl
-  - MmGetSystemRoutineAddress
-  - RtlInitUnicodeString
-  - KeCancelTimer
-  - KeInsertQueueDpc
-  - __C_specific_handler
-  - MmMapLockedPagesSpecifyCache
-  - MmUnmapLockedPages
-  - KeSetTimerEx
-  - ExSetTimerResolution
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - KeSetTargetProcessorDpc
-  - KeSetImportanceDpc
-  - KeInitializeDpc
-  - KeInitializeTimerEx
-  - MmGetPhysicalAddress
-  - KeQueryActiveProcessors
-  - MmBuildMdlForNonPagedPool
-  - IoAllocateMdl
-  - MmAllocateContiguousMemory
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - memchr
-  - strncmp
-  - PsGetCurrentProcessId
-  - IoGetCurrentProcess
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - KeDelayExecutionThread
-  - ZwYieldExecution
-  - KeAcquireSpinLockRaiseToDpc
-  - KeReleaseSpinLock
-  - KeInitializeEvent
-  - KeSetEvent
-  - KeResetEvent
-  - KeWaitForSingleObject
-  - ExAcquireFastMutex
-  - ExReleaseFastMutex
-  - MmUnmapIoSpace
-  - MmUnlockPages
-  - MmFreePagesFromMdl
-  - MmUnsecureVirtualMemory
-  - MmProtectMdlSystemAddress
-  - MmAllocatePagesForMdl
-  - MmSecureVirtualMemory
-  - MmProbeAndLockPages
-  - Space
-  Imports:
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: 154fd286c96665946d55a7d49923ad7e
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 3b563e832ffe657653773aabadea926a
-    SHA1: 910da2f8bdc0e1356a2a9f1b160740665b223894
-    SHA256: d782f2dfed49e4cd3b9496d9190619a0984ef2c034a6f866915323122f3a036f
-  SHA1: 2ae1456bb0fa5a016954b03967878fb6db4d81eb
-  SHA256: b50b11e2203942695380869c6072e15479290bc57da2ec5df3481a36b8a8561e
-  Sections:
-    .text:
-      Entropy: 6.2039165195201695
-      Virtual Size: '0x856e'
-    .rdata:
-      Entropy: 5.607114485004288
-      Virtual Size: '0x2a58'
-    .data:
-      Entropy: 1.9666645281474864
-      Virtual Size: '0x1d00'
-    .pdata:
-      Entropy: 4.674336635214751
-      Virtual Size: '0xcf0'
-    .edata:
-      Entropy: 5.350712994836838
-      Virtual Size: '0xa72'
-    INIT:
-      Entropy: 4.872259573980229
-      Virtual Size: '0x638'
-    .reloc:
-      Entropy: 3.745971599596066
-      Virtual Size: '0x13c'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=DE, O=innotek GmbH, CN=innotek GmbH, emailAddress=info@innotek.de
-      ValidFrom: '2007-12-27 14:37:17'
-      ValidTo: '2010-12-27 14:37:17'
-      Signature: 2a6d31919705290526ee3286d2825883af75a52ec1257276e9ab0eeff47a83adeab4bc2068eb7f76f84a356d466012e17b91d4f5c2913d28c73ee15018243e2ba7487f70d21f954eeeefb9854fc980d1ee61bf9a779e6e9a661938d7d9d6d101ddb49a9917264622f0ce4d63ac106b50769c38e9361a34f6cf5c5cae3ef50eb2a49d0f02c001af28d1f1fe250f2c99e5436b485a107eab17295180e5750eb31faee1ea0937a827bc140906a014b85409d8c48afbfcee20bf53f4e74661c1f555823c4bee18fde06e1e3e44fb8930e3ea84385e5006fd994fe8e69205a84ed7ed0f25c7b9f8fcb6f7d5b30188c27bf99050175afb1fc60f89ed2462ce999ca5dc
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 010000000001171c092665
-      Version: 3
-      TBS:
-        MD5: 5cfd8530475b20ed5a2bed70b37ee977
-        SHA1: 4761dbd41ba2b01f21b9306ca21e8add93a30f09
-        SHA256: 219041cc8d9e3248c69d9b116d440a0bbaa6aa500aa0c5de2d5af15908d83c7f
-        SHA384: 46dcdf272bf47e608519abe5183dae12858d1b3763b78d7f5212be2adc021325e7f7a2ff3e18cc9b5307f43a61b184c5
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
-        Primary Object Publishing CA
-      ValidFrom: '1999-01-28 12:00:00'
-      ValidTo: '2014-01-27 11:00:00'
-      Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9611cd6
-      Version: 3
-      TBS:
-        MD5: 698f075151097d84c0b1f3e7bc3d6fca
-        SHA1: 041750993d7c9e063f02dfe74699598640911aab
-        SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
-        SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      ValidFrom: '2004-01-22 09:00:00'
-      ValidTo: '2014-01-27 10:00:00'
-      Signature: 11d45d8af43d0d9d7e4fa70071610b56b34caa70e1b2d1dec7886d1d897c2ba946e58b1f8e4cc26695911fe34d394ae31b70b7446edc068a4d6d25e89812dcbca0dd864eae8f81130540905a542529944acaf165b4ef0679dae7cb86f004c918dcee72b320015748dfe333e12ccd9c077f9447278d888d340ca67c5c20c17d07b3736b648c26d29bd7e87965a6a891a174862a050282c1847cf279cd3c2a2b0f99291eea8c8a1ab16aeaa266380e65e1add8c6c91f888d3976ee1782c4138d97ce6341e77af5b4b66c15c33813b3930b620688dde1447f10a950248b60dc05f75ba514b27b56720b96eabffc057090659e051ca4dd07af4b57dec639673bc574
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9612448
-      Version: 3
-      TBS:
-        MD5: 2fc76031fc24eec1ef3db2d246d21d6a
-        SHA1: 75c3a1f76b9dfa31ef6bf56325e7bd0bf6e4779d
-        SHA256: 9238292d441c56dc89684c253343c17de3ed9cecd7f83d1d8f793b5ebc91f7b9
-        SHA384: 9279c1377eb701fdd79ef85038ff151cd8902169ba55fca84b9850f003563f73a1daaf869544252a2e42f06f58d2275f
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 010000000001171c092665
-      Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      Version: 1
-  Imphash: 4c5fc4519f1417f0630c3343aab7c9d2
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: a16b80ddf8f535c1ff695f7eaf0cdcc5
-    SHA1: 1ed5e0fadb97e30fa8708833f19ccf5e717f48e2
-    SHA256: 4ef8c776a6acd4fd360b22e7d053bba961d687c36ec4fcc0b3e2ff1ef7be967e
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2008-05-30 17:34:52'
-  Date: ''
-  Description: ''
-  ExportedFunctions:
-  - AssertMsg1
-  - RTAssertDoBreakpoint
-  - RTErrConvertFromNtStatus
-  - RTLogDefaultInstance
-  - RTLogLogger
-  - RTLogLoggerEx
-  - RTLogLoggerExV
-  - RTLogPrintf
-  - RTLogPrintfV
-  - RTLogRelDefaultInstance
-  - RTLogSetDefaultInstanceThread
-  - RTMemAlloc
-  - RTMemAllocZ
-  - RTMemContAlloc
-  - RTMemContFree
-  - RTMemExecAlloc
-  - RTMemExecFree
-  - RTMemFree
-  - RTMemRealloc
-  - RTMemTmpAlloc
-  - RTMemTmpAllocZ
-  - RTMemTmpFree
-  - RTMpCpuId
-  - RTMpCpuIdFromSetIndex
-  - RTMpCpuIdToSetIndex
-  - RTMpDoesCpuExist
-  - RTMpGetCount
-  - RTMpGetMaxCpuId
-  - RTMpGetOnlineCount
-  - RTMpGetOnlineSet
-  - RTMpGetSet
-  - RTMpIsCpuOnline
-  - RTMpOnAll
-  - RTMpOnOthers
-  - RTMpOnSpecific
-  - RTProcSelf
-  - RTR0MemObjAddress
-  - RTR0MemObjAddressR3
-  - RTR0MemObjAllocCont
-  - RTR0MemObjAllocLow
-  - RTR0MemObjAllocPage
-  - RTR0MemObjAllocPhys
-  - RTR0MemObjAllocPhysNC
-  - RTR0MemObjEnterPhys
-  - RTR0MemObjFree
-  - RTR0MemObjGetPagePhysAddr
-  - RTR0MemObjIsMapping
-  - RTR0MemObjLockKernel
-  - RTR0MemObjLockUser
-  - RTR0MemObjMapKernel
-  - RTR0MemObjMapUser
-  - RTR0MemObjReserveKernel
-  - RTR0MemObjReserveUser
-  - RTR0MemObjSize
-  - RTR0ProcHandleSelf
-  - RTSemEventCreate
-  - RTSemEventDestroy
-  - RTSemEventMultiCreate
-  - RTSemEventMultiDestroy
-  - RTSemEventMultiReset
-  - RTSemEventMultiSignal
-  - RTSemEventMultiWait
-  - RTSemEventMultiWaitNoResume
-  - RTSemEventSignal
-  - RTSemEventWait
-  - RTSemEventWaitNoResume
-  - RTSemFastMutexCreate
-  - RTSemFastMutexDestroy
-  - RTSemFastMutexRelease
-  - RTSemFastMutexRequest
-  - RTSpinlockAcquire
-  - RTSpinlockAcquireNoInts
-  - RTSpinlockCreate
-  - RTSpinlockDestroy
-  - RTSpinlockRelease
-  - RTSpinlockReleaseNoInts
-  - RTThreadNativeSelf
-  - RTThreadSleep
-  - RTThreadYield
-  - SUPR0ContAlloc
-  - SUPR0ContFree
-  - SUPR0GipMap
-  - SUPR0GipUnmap
-  - SUPR0LockMem
-  - SUPR0LowAlloc
-  - SUPR0LowFree
-  - SUPR0MemAlloc
-  - SUPR0MemFree
-  - SUPR0MemGetPhys
-  - SUPR0ObjAddRef
-  - SUPR0ObjRegister
-  - SUPR0ObjRelease
-  - SUPR0ObjVerifyAccess
-  - SUPR0PageAlloc
-  - SUPR0PageFree
-  - SUPR0UnlockMem
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - RtlInitUnicodeString
-  - KeCancelTimer
-  - KeInsertQueueDpc
-  - _allshl
-  - MmMapLockedPagesSpecifyCache
-  - _except_handler3
-  - MmUnmapLockedPages
-  - KeSetTimerEx
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - KeSetTargetProcessorDpc
-  - KeSetImportanceDpc
-  - KeInitializeDpc
-  - KeInitializeTimerEx
-  - MmGetPhysicalAddress
-  - KeQueryActiveProcessors
-  - ExSetTimerResolution
-  - MmBuildMdlForNonPagedPool
-  - IoAllocateMdl
-  - MmAllocateContiguousMemory
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - MmGetSystemRoutineAddress
-  - strncmp
-  - IoFreeMdl
-  - MmFreeContiguousMemory
-  - _allmul
-  - PsGetCurrentProcessId
-  - IoGetCurrentProcess
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - KeGetCurrentThread
-  - KeDelayExecutionThread
-  - ZwYieldExecution
-  - KeInitializeSpinLock
-  - KeInitializeEvent
-  - KeSetEvent
-  - KeResetEvent
-  - KeWaitForSingleObject
-  - MmUnmapIoSpace
-  - MmUnlockPages
-  - MmFreePagesFromMdl
-  - MmUnsecureVirtualMemory
-  - MmAllocatePagesForMdl
-  - MmSecureVirtualMemory
-  - MmProbeAndLockPages
-  - MmMapIoSpace
-  - KeQueryInterruptTime
-  - DbgPrint
-  - memchr
-  - IofCompleteRequest
-  - ExReleaseFastMutex
-  - KfReleaseSpinLock
-  - KfAcquireSpinLock
-  - KfRaiseIrql
-  - KfLowerIrql
-  - ExAcquireFastMutex
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: ee91da973bebe6442527b3d1abcc3c80
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 5f57854adbd1e5c955b74bee2a0da686
-    SHA1: 744192af8f346e24f067553de75ff27e89fdd71b
-    SHA256: b1f609edc9ffa87173741f486213b75d472e9d7446fcfcc9b21101d36d22e0b2
-  SHA1: b7fa8278ab7bc485727d075e761a72042c4595f7
-  SHA256: d998ea6d0051e17c1387c9f295b1c79bacb2f61c23809903445f60313d36c7fd
-  Sections:
-    .text:
-      Entropy: 6.333734197575781
-      Virtual Size: '0x7094'
-    .rdata:
-      Entropy: 5.531194049051287
-      Virtual Size: '0x68c'
-    .data:
-      Entropy: 3.929686423189371
-      Virtual Size: '0x2e00'
-    .edata:
-      Entropy: 5.3508787714387545
-      Virtual Size: '0xa72'
-    INIT:
-      Entropy: 5.277979675350674
-      Virtual Size: '0x5d0'
-    .reloc:
-      Entropy: 6.15094236572427
-      Virtual Size: '0x488'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=DE, O=innotek GmbH, CN=innotek GmbH, emailAddress=info@innotek.de
-      ValidFrom: '2007-12-27 14:37:17'
-      ValidTo: '2010-12-27 14:37:17'
-      Signature: 2a6d31919705290526ee3286d2825883af75a52ec1257276e9ab0eeff47a83adeab4bc2068eb7f76f84a356d466012e17b91d4f5c2913d28c73ee15018243e2ba7487f70d21f954eeeefb9854fc980d1ee61bf9a779e6e9a661938d7d9d6d101ddb49a9917264622f0ce4d63ac106b50769c38e9361a34f6cf5c5cae3ef50eb2a49d0f02c001af28d1f1fe250f2c99e5436b485a107eab17295180e5750eb31faee1ea0937a827bc140906a014b85409d8c48afbfcee20bf53f4e74661c1f555823c4bee18fde06e1e3e44fb8930e3ea84385e5006fd994fe8e69205a84ed7ed0f25c7b9f8fcb6f7d5b30188c27bf99050175afb1fc60f89ed2462ce999ca5dc
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 010000000001171c092665
-      Version: 3
-      TBS:
-        MD5: 5cfd8530475b20ed5a2bed70b37ee977
-        SHA1: 4761dbd41ba2b01f21b9306ca21e8add93a30f09
-        SHA256: 219041cc8d9e3248c69d9b116d440a0bbaa6aa500aa0c5de2d5af15908d83c7f
-        SHA384: 46dcdf272bf47e608519abe5183dae12858d1b3763b78d7f5212be2adc021325e7f7a2ff3e18cc9b5307f43a61b184c5
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
-        Primary Object Publishing CA
-      ValidFrom: '1999-01-28 12:00:00'
-      ValidTo: '2014-01-27 11:00:00'
-      Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9611cd6
-      Version: 3
-      TBS:
-        MD5: 698f075151097d84c0b1f3e7bc3d6fca
-        SHA1: 041750993d7c9e063f02dfe74699598640911aab
-        SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
-        SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      ValidFrom: '2004-01-22 09:00:00'
-      ValidTo: '2014-01-27 10:00:00'
-      Signature: 11d45d8af43d0d9d7e4fa70071610b56b34caa70e1b2d1dec7886d1d897c2ba946e58b1f8e4cc26695911fe34d394ae31b70b7446edc068a4d6d25e89812dcbca0dd864eae8f81130540905a542529944acaf165b4ef0679dae7cb86f004c918dcee72b320015748dfe333e12ccd9c077f9447278d888d340ca67c5c20c17d07b3736b648c26d29bd7e87965a6a891a174862a050282c1847cf279cd3c2a2b0f99291eea8c8a1ab16aeaa266380e65e1add8c6c91f888d3976ee1782c4138d97ce6341e77af5b4b66c15c33813b3930b620688dde1447f10a950248b60dc05f75ba514b27b56720b96eabffc057090659e051ca4dd07af4b57dec639673bc574
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9612448
-      Version: 3
-      TBS:
-        MD5: 2fc76031fc24eec1ef3db2d246d21d6a
-        SHA1: 75c3a1f76b9dfa31ef6bf56325e7bd0bf6e4779d
-        SHA256: 9238292d441c56dc89684c253343c17de3ed9cecd7f83d1d8f793b5ebc91f7b9
-        SHA384: 9279c1377eb701fdd79ef85038ff151cd8902169ba55fca84b9850f003563f73a1daaf869544252a2e42f06f58d2275f
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 010000000001171c092665
-      Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      Version: 1
-  Imphash: c17c0bd619c1e188ffe27bd328dd7d08
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 4b67c5cc8038b488359fbd1c08779fcf
-    SHA1: a5b298457abe85bfb86b289328ef82823b0cc173
-    SHA256: a2d9f91ede8aed51960ca67318ea337152bb311c03275c0650e4421e6af6b7ee
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2008-05-30 20:18:53'
-  Date: ''
-  Description: ''
-  ExportedFunctions:
-  - AssertMsg1
-  - RTAssertDoBreakpoint
-  - RTErrConvertFromNtStatus
-  - RTLogDefaultInstance
-  - RTLogLogger
-  - RTLogLoggerEx
-  - RTLogLoggerExV
-  - RTLogPrintf
-  - RTLogPrintfV
-  - RTLogRelDefaultInstance
-  - RTLogSetDefaultInstanceThread
-  - RTMemAlloc
-  - RTMemAllocZ
-  - RTMemContAlloc
-  - RTMemContFree
-  - RTMemExecAlloc
-  - RTMemExecFree
-  - RTMemFree
-  - RTMemRealloc
-  - RTMemTmpAlloc
-  - RTMemTmpAllocZ
-  - RTMemTmpFree
-  - RTMpCpuId
-  - RTMpCpuIdFromSetIndex
-  - RTMpCpuIdToSetIndex
-  - RTMpDoesCpuExist
-  - RTMpGetCount
-  - RTMpGetMaxCpuId
-  - RTMpGetOnlineCount
-  - RTMpGetOnlineSet
-  - RTMpGetSet
-  - RTMpIsCpuOnline
-  - RTMpOnAll
-  - RTMpOnOthers
-  - RTMpOnSpecific
-  - RTProcSelf
-  - RTR0MemObjAddress
-  - RTR0MemObjAddressR3
-  - RTR0MemObjAllocCont
-  - RTR0MemObjAllocLow
-  - RTR0MemObjAllocPage
-  - RTR0MemObjAllocPhys
-  - RTR0MemObjAllocPhysNC
-  - RTR0MemObjEnterPhys
-  - RTR0MemObjFree
-  - RTR0MemObjGetPagePhysAddr
-  - RTR0MemObjIsMapping
-  - RTR0MemObjLockKernel
-  - RTR0MemObjLockUser
-  - RTR0MemObjMapKernel
-  - RTR0MemObjMapUser
-  - RTR0MemObjReserveKernel
-  - RTR0MemObjReserveUser
-  - RTR0MemObjSize
-  - RTR0ProcHandleSelf
-  - RTSemEventCreate
-  - RTSemEventDestroy
-  - RTSemEventMultiCreate
-  - RTSemEventMultiDestroy
-  - RTSemEventMultiReset
-  - RTSemEventMultiSignal
-  - RTSemEventMultiWait
-  - RTSemEventMultiWaitNoResume
-  - RTSemEventSignal
-  - RTSemEventWait
-  - RTSemEventWaitNoResume
-  - RTSemFastMutexCreate
-  - RTSemFastMutexDestroy
-  - RTSemFastMutexRelease
-  - RTSemFastMutexRequest
-  - RTSpinlockAcquire
-  - RTSpinlockAcquireNoInts
-  - RTSpinlockCreate
-  - RTSpinlockDestroy
-  - RTSpinlockRelease
-  - RTSpinlockReleaseNoInts
-  - RTThreadNativeSelf
-  - RTThreadSleep
-  - RTThreadYield
-  - SUPR0ContAlloc
-  - SUPR0ContFree
-  - SUPR0GipMap
-  - SUPR0GipUnmap
-  - SUPR0LockMem
-  - SUPR0LowAlloc
-  - SUPR0LowFree
-  - SUPR0MemAlloc
-  - SUPR0MemFree
-  - SUPR0MemGetPhys
-  - SUPR0ObjAddRef
-  - SUPR0ObjRegister
-  - SUPR0ObjRelease
-  - SUPR0ObjVerifyAccess
-  - SUPR0PageAlloc
-  - SUPR0PageFree
-  - SUPR0UnlockMem
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - IofCompleteRequest
-  - DbgPrint
-  - IoIs32bitProcess
-  - MmFreeContiguousMemory
-  - IoFreeMdl
-  - MmGetSystemRoutineAddress
-  - RtlInitUnicodeString
-  - KeCancelTimer
-  - KeInsertQueueDpc
-  - __C_specific_handler
-  - MmMapLockedPagesSpecifyCache
-  - MmUnmapLockedPages
-  - KeSetTimerEx
-  - ExSetTimerResolution
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - KeSetTargetProcessorDpc
-  - KeSetImportanceDpc
-  - KeInitializeDpc
-  - KeInitializeTimerEx
-  - MmGetPhysicalAddress
-  - KeQueryActiveProcessors
-  - MmBuildMdlForNonPagedPool
-  - IoAllocateMdl
-  - MmAllocateContiguousMemory
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - memchr
-  - strncmp
-  - PsGetCurrentProcessId
-  - IoGetCurrentProcess
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - KeDelayExecutionThread
-  - ZwYieldExecution
-  - KeAcquireSpinLockRaiseToDpc
-  - KeReleaseSpinLock
-  - KeInitializeEvent
-  - KeSetEvent
-  - KeResetEvent
-  - KeWaitForSingleObject
-  - ExAcquireFastMutex
-  - ExReleaseFastMutex
-  - MmUnmapIoSpace
-  - MmUnlockPages
-  - MmFreePagesFromMdl
-  - MmUnsecureVirtualMemory
-  - MmProtectMdlSystemAddress
-  - MmAllocatePagesForMdl
-  - MmSecureVirtualMemory
-  - MmProbeAndLockPages
-  - MmMapIoSpace
-  Imports:
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: 3b23808de1403961205352e94b8f2f9b
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 3b563e832ffe657653773aabadea926a
-    SHA1: 910da2f8bdc0e1356a2a9f1b160740665b223894
-    SHA256: d782f2dfed49e4cd3b9496d9190619a0984ef2c034a6f866915323122f3a036f
-  SHA1: eaddeefe13bca118369faf95eee85b0a2a553221
-  SHA256: 775000c4083c8e4dcfc879d83fcd27b40b46820c9834ae4662861386a4d81fe9
-  Sections:
-    .text:
-      Entropy: 6.2039165195201695
-      Virtual Size: '0x856e'
-    .rdata:
-      Entropy: 5.607114485004288
-      Virtual Size: '0x2a58'
-    .data:
-      Entropy: 1.9666645281474864
-      Virtual Size: '0x1d00'
-    .pdata:
-      Entropy: 4.674336635214751
-      Virtual Size: '0xcf0'
-    .edata:
-      Entropy: 5.350712994836838
-      Virtual Size: '0xa72'
-    INIT:
-      Entropy: 4.862248023480571
-      Virtual Size: '0x638'
-    .reloc:
-      Entropy: -0.0
-      Virtual Size: '0x13c'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=DE, O=innotek GmbH, CN=innotek GmbH, emailAddress=info@innotek.de
-      ValidFrom: '2007-12-27 14:37:17'
-      ValidTo: '2010-12-27 14:37:17'
-      Signature: 2a6d31919705290526ee3286d2825883af75a52ec1257276e9ab0eeff47a83adeab4bc2068eb7f76f84a356d466012e17b91d4f5c2913d28c73ee15018243e2ba7487f70d21f954eeeefb9854fc980d1ee61bf9a779e6e9a661938d7d9d6d101ddb49a9917264622f0ce4d63ac106b50769c38e9361a34f6cf5c5cae3ef50eb2a49d0f02c001af28d1f1fe250f2c99e5436b485a107eab17295180e5750eb31faee1ea0937a827bc140906a014b85409d8c48afbfcee20bf53f4e74661c1f555823c4bee18fde06e1e3e44fb8930e3ea84385e5006fd994fe8e69205a84ed7ed0f25c7b9f8fcb6f7d5b30188c27bf99050175afb1fc60f89ed2462ce999ca5dc
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 010000000001171c092665
-      Version: 3
-      TBS:
-        MD5: 5cfd8530475b20ed5a2bed70b37ee977
-        SHA1: 4761dbd41ba2b01f21b9306ca21e8add93a30f09
-        SHA256: 219041cc8d9e3248c69d9b116d440a0bbaa6aa500aa0c5de2d5af15908d83c7f
-        SHA384: 46dcdf272bf47e608519abe5183dae12858d1b3763b78d7f5212be2adc021325e7f7a2ff3e18cc9b5307f43a61b184c5
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
-        Primary Object Publishing CA
-      ValidFrom: '1999-01-28 12:00:00'
-      ValidTo: '2014-01-27 11:00:00'
-      Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9611cd6
-      Version: 3
-      TBS:
-        MD5: 698f075151097d84c0b1f3e7bc3d6fca
-        SHA1: 041750993d7c9e063f02dfe74699598640911aab
-        SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
-        SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      ValidFrom: '2004-01-22 09:00:00'
-      ValidTo: '2014-01-27 10:00:00'
-      Signature: 11d45d8af43d0d9d7e4fa70071610b56b34caa70e1b2d1dec7886d1d897c2ba946e58b1f8e4cc26695911fe34d394ae31b70b7446edc068a4d6d25e89812dcbca0dd864eae8f81130540905a542529944acaf165b4ef0679dae7cb86f004c918dcee72b320015748dfe333e12ccd9c077f9447278d888d340ca67c5c20c17d07b3736b648c26d29bd7e87965a6a891a174862a050282c1847cf279cd3c2a2b0f99291eea8c8a1ab16aeaa266380e65e1add8c6c91f888d3976ee1782c4138d97ce6341e77af5b4b66c15c33813b3930b620688dde1447f10a950248b60dc05f75ba514b27b56720b96eabffc057090659e051ca4dd07af4b57dec639673bc574
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9612448
-      Version: 3
-      TBS:
-        MD5: 2fc76031fc24eec1ef3db2d246d21d6a
-        SHA1: 75c3a1f76b9dfa31ef6bf56325e7bd0bf6e4779d
-        SHA256: 9238292d441c56dc89684c253343c17de3ed9cecd7f83d1d8f793b5ebc91f7b9
-        SHA384: 9279c1377eb701fdd79ef85038ff151cd8902169ba55fca84b9850f003563f73a1daaf869544252a2e42f06f58d2275f
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 010000000001171c092665
-      Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      Version: 1
-  Imphash: b262e8d078ede007ebd0aa71b9152863
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: d97b34a86af237bc03339236b32e78d1
-    SHA1: 3aaf86c2b226b5f8901af51c9bb37b1847430250
-    SHA256: 8561c82c5ae1ab2a5d9214adc620875d83ed7cb9a01253988f5e5aceffe7a901
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2008-05-30 20:18:53'
-  Date: ''
-  Description: ''
-  ExportedFunctions:
-  - AssertMsg1
-  - RTAssertDoBreakpoint
-  - RTErrConvertFromNtStatus
-  - RTLogDefaultInstance
-  - RTLogLogger
-  - RTLogLoggerEx
-  - RTLogLoggerExV
-  - RTLogPrintf
-  - RTLogPrintfV
-  - RTLogRelDefaultInstance
-  - RTLogSetDefaultInstanceThread
-  - RTMemAlloc
-  - RTMemAllocZ
-  - RTMemContAlloc
-  - RTMemContFree
-  - RTMemExecAlloc
-  - RTMemExecFree
-  - RTMemFree
-  - RTMemRealloc
-  - RTMemTmpAlloc
-  - RTMemTmpAllocZ
-  - RTMemTmpFree
-  - RTMpCpuId
-  - RTMpCpuIdFromSetIndex
-  - RTMpCpuIdToSetIndex
-  - RTMpDoesCpuExist
-  - RTMpGetCount
-  - RTMpGetMaxCpuId
-  - RTMpGetOnlineCount
-  - RTMpGetOnlineSet
-  - RTMpGetSet
-  - RTMpIsCpuOnline
-  - RTMpOnAll
-  - RTMpOnOthers
-  - RTMpOnSpecific
-  - RTProcSelf
-  - RTR0MemObjAddress
-  - RTR0MemObjAddressR3
-  - RTR0MemObjAllocCont
-  - RTR0MemObjAllocLow
-  - RTR0MemObjAllocPage
-  - RTR0MemObjAllocPhys
-  - RTR0MemObjAllocPhysNC
-  - RTR0MemObjEnterPhys
-  - RTR0MemObjFree
-  - RTR0MemObjGetPagePhysAddr
-  - RTR0MemObjIsMapping
-  - RTR0MemObjLockKernel
-  - RTR0MemObjLockUser
-  - RTR0MemObjMapKernel
-  - RTR0MemObjMapUser
-  - RTR0MemObjReserveKernel
-  - RTR0MemObjReserveUser
-  - RTR0MemObjSize
-  - RTR0ProcHandleSelf
-  - RTSemEventCreate
-  - RTSemEventDestroy
-  - RTSemEventMultiCreate
-  - RTSemEventMultiDestroy
-  - RTSemEventMultiReset
-  - RTSemEventMultiSignal
-  - RTSemEventMultiWait
-  - RTSemEventMultiWaitNoResume
-  - RTSemEventSignal
-  - RTSemEventWait
-  - RTSemEventWaitNoResume
-  - RTSemFastMutexCreate
-  - RTSemFastMutexDestroy
-  - RTSemFastMutexRelease
-  - RTSemFastMutexRequest
-  - RTSpinlockAcquire
-  - RTSpinlockAcquireNoInts
-  - RTSpinlockCreate
-  - RTSpinlockDestroy
-  - RTSpinlockRelease
-  - RTSpinlockReleaseNoInts
-  - RTThreadNativeSelf
-  - RTThreadSleep
-  - RTThreadYield
-  - SUPR0ContAlloc
-  - SUPR0ContFree
-  - SUPR0GipMap
-  - SUPR0GipUnmap
-  - SUPR0LockMem
-  - SUPR0LowAlloc
-  - SUPR0LowFree
-  - SUPR0MemAlloc
-  - SUPR0MemFree
-  - SUPR0MemGetPhys
-  - SUPR0ObjAddRef
-  - SUPR0ObjRegister
-  - SUPR0ObjRelease
-  - SUPR0ObjVerifyAccess
-  - SUPR0PageAlloc
-  - SUPR0PageFree
-  - SUPR0UnlockMem
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - IofCompleteRequest
-  - DbgPrint
-  - IoIs32bitProcess
-  - MmFreeContiguousMemory
-  - IoFreeMdl
-  - MmGetSystemRoutineAddress
-  - RtlInitUnicodeString
-  - KeCancelTimer
-  - KeInsertQueueDpc
-  - __C_specific_handler
-  - MmMapLockedPagesSpecifyCache
-  - MmUnmapLockedPages
-  - KeSetTimerEx
-  - ExSetTimerResolution
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - KeSetTargetProcessorDpc
-  - KeSetImportanceDpc
-  - KeInitializeDpc
-  - KeInitializeTimerEx
-  - MmGetPhysicalAddress
-  - KeQueryActiveProcessors
-  - MmBuildMdlForNonPagedPool
-  - IoAllocateMdl
-  - MmAllocateContiguousMemory
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - memchr
-  - strncmp
-  - PsGetCurrentProcessId
-  - IoGetCurrentProcess
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - KeDelayExecutionThread
-  - ZwYieldExecution
-  - KeAcquireSpinLockRaiseToDpc
-  - KeReleaseSpinLock
-  - KeInitializeEvent
-  - KeSetEvent
-  - KeResetEvent
-  - KeWaitForSingleObject
-  - ExAcquireFastMutex
-  - ExReleaseFastMutex
-  - MmUnmapIoSpace
-  - MmUnlockPages
-  - MmFreePagesFromMdl
-  - MmUnsecureVirtualMemory
-  - MmProtectMdlSystemAddress
-  - MmAllocatePagesForMdl
-  - MmSecureVirtualMemory
-  - MmProbeAndLockPages
-  - MmMapIoSpace
-  Imports:
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: 9f94028cbcf6789103cb5bb6fcef355d
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 3b563e832ffe657653773aabadea926a
-    SHA1: 910da2f8bdc0e1356a2a9f1b160740665b223894
-    SHA256: d782f2dfed49e4cd3b9496d9190619a0984ef2c034a6f866915323122f3a036f
-  SHA1: 356172a2e12fd3d54e758aaa4ff0759074259144
-  SHA256: d44848d3e845f8293974e8b621b72a61ec00c8d3cf95fcf41698bbbd4bdf5565
-  Sections:
-    .text:
-      Entropy: 6.2039165195201695
-      Virtual Size: '0x856e'
-    .rdata:
-      Entropy: 5.607114485004288
-      Virtual Size: '0x2a58'
-    .data:
-      Entropy: 1.9666645281474864
-      Virtual Size: '0x1d00'
-    .pdata:
-      Entropy: 4.672051855182832
-      Virtual Size: '0xcf0'
-    .edata:
-      Entropy: 5.350712994836838
-      Virtual Size: '0xa72'
-    INIT:
-      Entropy: 4.871003292573194
-      Virtual Size: '0x638'
-    .reloc:
-      Entropy: 3.745971599596066
-      Virtual Size: '0x13c'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=DE, O=innotek GmbH, CN=innotek GmbH, emailAddress=info@innotek.de
-      ValidFrom: '2007-12-27 14:37:17'
-      ValidTo: '2010-12-27 14:37:17'
-      Signature: 2a6d31919705290526ee3286d2825883af75a52ec1257276e9ab0eeff47a83adeab4bc2068eb7f76f84a356d466012e17b91d4f5c2913d28c73ee15018243e2ba7487f70d21f954eeeefb9854fc980d1ee61bf9a779e6e9a661938d7d9d6d101ddb49a9917264622f0ce4d63ac106b50769c38e9361a34f6cf5c5cae3ef50eb2a49d0f02c001af28d1f1fe250f2c99e5436b485a107eab17295180e5750eb31faee1ea0937a827bc140906a014b85409d8c48afbfcee20bf53f4e74661c1f555823c4bee18fde06e1e3e44fb8930e3ea84385e5006fd994fe8e69205a84ed7ed0f25c7b9f8fcb6f7d5b30188c27bf99050175afb1fc60f89ed2462ce999ca5dc
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 010000000001171c092665
-      Version: 3
-      TBS:
-        MD5: 5cfd8530475b20ed5a2bed70b37ee977
-        SHA1: 4761dbd41ba2b01f21b9306ca21e8add93a30f09
-        SHA256: 219041cc8d9e3248c69d9b116d440a0bbaa6aa500aa0c5de2d5af15908d83c7f
-        SHA384: 46dcdf272bf47e608519abe5183dae12858d1b3763b78d7f5212be2adc021325e7f7a2ff3e18cc9b5307f43a61b184c5
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
-        Primary Object Publishing CA
-      ValidFrom: '1999-01-28 12:00:00'
-      ValidTo: '2014-01-27 11:00:00'
-      Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9611cd6
-      Version: 3
-      TBS:
-        MD5: 698f075151097d84c0b1f3e7bc3d6fca
-        SHA1: 041750993d7c9e063f02dfe74699598640911aab
-        SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
-        SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      ValidFrom: '2004-01-22 09:00:00'
-      ValidTo: '2014-01-27 10:00:00'
-      Signature: 11d45d8af43d0d9d7e4fa70071610b56b34caa70e1b2d1dec7886d1d897c2ba946e58b1f8e4cc26695911fe34d394ae31b70b7446edc068a4d6d25e89812dcbca0dd864eae8f81130540905a542529944acaf165b4ef0679dae7cb86f004c918dcee72b320015748dfe333e12ccd9c077f9447278d888d340ca67c5c20c17d07b3736b648c26d29bd7e87965a6a891a174862a050282c1847cf279cd3c2a2b0f99291eea8c8a1ab16aeaa266380e65e1add8c6c91f888d3976ee1782c4138d97ce6341e77af5b4b66c15c33813b3930b620688dde1447f10a950248b60dc05f75ba514b27b56720b96eabffc057090659e051ca4dd07af4b57dec639673bc574
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9612448
-      Version: 3
-      TBS:
-        MD5: 2fc76031fc24eec1ef3db2d246d21d6a
-        SHA1: 75c3a1f76b9dfa31ef6bf56325e7bd0bf6e4779d
-        SHA256: 9238292d441c56dc89684c253343c17de3ed9cecd7f83d1d8f793b5ebc91f7b9
-        SHA384: 9279c1377eb701fdd79ef85038ff151cd8902169ba55fca84b9850f003563f73a1daaf869544252a2e42f06f58d2275f
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 010000000001171c092665
-      Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      Version: 1
-  Imphash: b262e8d078ede007ebd0aa71b9152863
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: da7c063c8f8dab54afddd9b05c602bfd
-    SHA1: 24d47cea65e118d12c6896fdf141bb5dcfe31b98
-    SHA256: b5d0849fc567c169176c2002dd358240d75ca0aacfca92c79d252006c6e0444e
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2008-04-30 14:07:13'
-  Date: ''
-  Description: ''
-  ExportedFunctions:
-  - AssertMsg1
-  - RTAssertDoBreakpoint
-  - RTErrConvertFromNtStatus
-  - RTLogDefaultInstance
-  - RTLogLogger
-  - RTLogLoggerEx
-  - RTLogLoggerExV
-  - RTLogPrintf
-  - RTLogPrintfV
-  - RTLogRelDefaultInstance
-  - RTLogSetDefaultInstanceThread
-  - RTMemAlloc
-  - RTMemAllocZ
-  - RTMemContAlloc
-  - RTMemContFree
-  - RTMemExecAlloc
-  - RTMemExecFree
-  - RTMemFree
-  - RTMemRealloc
-  - RTMemTmpAlloc
-  - RTMemTmpAllocZ
-  - RTMemTmpFree
-  - RTMpCpuId
-  - RTMpCpuIdFromSetIndex
-  - RTMpCpuIdToSetIndex
-  - RTMpDoesCpuExist
-  - RTMpGetCount
-  - RTMpGetMaxCpuId
-  - RTMpGetOnlineCount
-  - RTMpGetOnlineSet
-  - RTMpGetSet
-  - RTMpIsCpuOnline
-  - RTMpOnAll
-  - RTMpOnOthers
-  - RTMpOnSpecific
-  - RTProcSelf
-  - RTR0MemObjAddress
-  - RTR0MemObjAddressR3
-  - RTR0MemObjAllocCont
-  - RTR0MemObjAllocLow
-  - RTR0MemObjAllocPage
-  - RTR0MemObjAllocPhys
-  - RTR0MemObjAllocPhysNC
-  - RTR0MemObjEnterPhys
-  - RTR0MemObjFree
-  - RTR0MemObjGetPagePhysAddr
-  - RTR0MemObjIsMapping
-  - RTR0MemObjLockKernel
-  - RTR0MemObjLockUser
-  - RTR0MemObjMapKernel
-  - RTR0MemObjMapUser
-  - RTR0MemObjReserveKernel
-  - RTR0MemObjReserveUser
-  - RTR0MemObjSize
-  - RTR0ProcHandleSelf
-  - RTSemEventCreate
-  - RTSemEventDestroy
-  - RTSemEventMultiCreate
-  - RTSemEventMultiDestroy
-  - RTSemEventMultiReset
-  - RTSemEventMultiSignal
-  - RTSemEventMultiWait
-  - RTSemEventMultiWaitNoResume
-  - RTSemEventSignal
-  - RTSemEventWait
-  - RTSemEventWaitNoResume
-  - RTSemFastMutexCreate
-  - RTSemFastMutexDestroy
-  - RTSemFastMutexRelease
-  - RTSemFastMutexRequest
-  - RTSpinlockAcquire
-  - RTSpinlockAcquireNoInts
-  - RTSpinlockCreate
-  - RTSpinlockDestroy
-  - RTSpinlockRelease
-  - RTSpinlockReleaseNoInts
-  - RTThreadNativeSelf
-  - RTThreadSleep
-  - RTThreadYield
-  - SUPR0ContAlloc
-  - SUPR0ContFree
-  - SUPR0GipMap
-  - SUPR0GipUnmap
-  - SUPR0LockMem
-  - SUPR0LowAlloc
-  - SUPR0LowFree
-  - SUPR0MemAlloc
-  - SUPR0MemFree
-  - SUPR0MemGetPhys
-  - SUPR0ObjAddRef
-  - SUPR0ObjRegister
-  - SUPR0ObjRelease
-  - SUPR0ObjVerifyAccess
-  - SUPR0PageAlloc
-  - SUPR0PageFree
-  - SUPR0UnlockMem
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - RtlInitUnicodeString
-  - KeCancelTimer
-  - KeInsertQueueDpc
-  - KeQueryActiveProcessors
-  - _allshl
-  - MmMapLockedPagesSpecifyCache
-  - _except_handler3
-  - MmUnmapLockedPages
-  - KeSetTimerEx
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - KeSetTargetProcessorDpc
-  - KeSetImportanceDpc
-  - KeInitializeDpc
-  - KeInitializeTimerEx
-  - MmGetPhysicalAddress
-  - ExSetTimerResolution
-  - MmBuildMdlForNonPagedPool
-  - IoAllocateMdl
-  - MmAllocateContiguousMemory
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - MmGetSystemRoutineAddress
-  - strncmp
-  - IoFreeMdl
-  - MmFreeContiguousMemory
-  - _allmul
-  - PsGetCurrentProcessId
-  - IoGetCurrentProcess
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - KeGetCurrentThread
-  - KeDelayExecutionThread
-  - ZwYieldExecution
-  - KeInitializeSpinLock
-  - KeInitializeEvent
-  - KeSetEvent
-  - KeResetEvent
-  - KeWaitForSingleObject
-  - MmUnmapIoSpace
-  - MmUnlockPages
-  - MmFreePagesFromMdl
-  - MmUnsecureVirtualMemory
-  - MmAllocatePagesForMdl
-  - MmSecureVirtualMemory
-  - MmProbeAndLockPages
-  - MmMapIoSpace
-  - KeQueryInterruptTime
-  - DbgPrint
-  - memchr
-  - IofCompleteRequest
-  - ExReleaseFastMutex
-  - KfReleaseSpinLock
-  - KfAcquireSpinLock
-  - KfRaiseIrql
-  - KfLowerIrql
-  - ExAcquireFastMutex
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: 1c31d4e9ad2d2b5600ae9d0c0969fe59
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 5f57854adbd1e5c955b74bee2a0da686
-    SHA1: 744192af8f346e24f067553de75ff27e89fdd71b
-    SHA256: b1f609edc9ffa87173741f486213b75d472e9d7446fcfcc9b21101d36d22e0b2
-  SHA1: c8ec23066a50800d42913d5e439700c5cd6a2287
-  SHA256: 73fddd441a764e808ed6d6b8f3d0d13713e61221aa3cfef7da91cdaf112fe061
-  Sections:
-    .text:
-      Entropy: 6.337013968704709
-      Virtual Size: '0x7064'
-    .rdata:
-      Entropy: 5.495656091270382
-      Virtual Size: '0x670'
-    .data:
-      Entropy: 3.933952480103163
-      Virtual Size: '0x2dd8'
-    .edata:
-      Entropy: 5.371945361152913
-      Virtual Size: '0xa72'
-    INIT:
-      Entropy: 5.289533643406638
-      Virtual Size: '0x5d0'
-    .reloc:
-      Entropy: 6.153118387701222
-      Virtual Size: '0x488'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=DE, O=innotek GmbH, CN=innotek GmbH, emailAddress=info@innotek.de
-      ValidFrom: '2007-12-27 14:37:17'
-      ValidTo: '2010-12-27 14:37:17'
-      Signature: 2a6d31919705290526ee3286d2825883af75a52ec1257276e9ab0eeff47a83adeab4bc2068eb7f76f84a356d466012e17b91d4f5c2913d28c73ee15018243e2ba7487f70d21f954eeeefb9854fc980d1ee61bf9a779e6e9a661938d7d9d6d101ddb49a9917264622f0ce4d63ac106b50769c38e9361a34f6cf5c5cae3ef50eb2a49d0f02c001af28d1f1fe250f2c99e5436b485a107eab17295180e5750eb31faee1ea0937a827bc140906a014b85409d8c48afbfcee20bf53f4e74661c1f555823c4bee18fde06e1e3e44fb8930e3ea84385e5006fd994fe8e69205a84ed7ed0f25c7b9f8fcb6f7d5b30188c27bf99050175afb1fc60f89ed2462ce999ca5dc
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 010000000001171c092665
-      Version: 3
-      TBS:
-        MD5: 5cfd8530475b20ed5a2bed70b37ee977
-        SHA1: 4761dbd41ba2b01f21b9306ca21e8add93a30f09
-        SHA256: 219041cc8d9e3248c69d9b116d440a0bbaa6aa500aa0c5de2d5af15908d83c7f
-        SHA384: 46dcdf272bf47e608519abe5183dae12858d1b3763b78d7f5212be2adc021325e7f7a2ff3e18cc9b5307f43a61b184c5
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
-        Primary Object Publishing CA
-      ValidFrom: '1999-01-28 12:00:00'
-      ValidTo: '2014-01-27 11:00:00'
-      Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9611cd6
-      Version: 3
-      TBS:
-        MD5: 698f075151097d84c0b1f3e7bc3d6fca
-        SHA1: 041750993d7c9e063f02dfe74699598640911aab
-        SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
-        SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      ValidFrom: '2004-01-22 09:00:00'
-      ValidTo: '2014-01-27 10:00:00'
-      Signature: 11d45d8af43d0d9d7e4fa70071610b56b34caa70e1b2d1dec7886d1d897c2ba946e58b1f8e4cc26695911fe34d394ae31b70b7446edc068a4d6d25e89812dcbca0dd864eae8f81130540905a542529944acaf165b4ef0679dae7cb86f004c918dcee72b320015748dfe333e12ccd9c077f9447278d888d340ca67c5c20c17d07b3736b648c26d29bd7e87965a6a891a174862a050282c1847cf279cd3c2a2b0f99291eea8c8a1ab16aeaa266380e65e1add8c6c91f888d3976ee1782c4138d97ce6341e77af5b4b66c15c33813b3930b620688dde1447f10a950248b60dc05f75ba514b27b56720b96eabffc057090659e051ca4dd07af4b57dec639673bc574
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9612448
-      Version: 3
-      TBS:
-        MD5: 2fc76031fc24eec1ef3db2d246d21d6a
-        SHA1: 75c3a1f76b9dfa31ef6bf56325e7bd0bf6e4779d
-        SHA256: 9238292d441c56dc89684c253343c17de3ed9cecd7f83d1d8f793b5ebc91f7b9
-        SHA384: 9279c1377eb701fdd79ef85038ff151cd8902169ba55fca84b9850f003563f73a1daaf869544252a2e42f06f58d2275f
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 010000000001171c092665
-      Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      Version: 1
-  Imphash: a7ff164c1ee5113a0a09e66b2cd03544
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create vboxdrv.sys binPath=C:\windows\temp\vboxdrv.sys type=kernel
+        && sc.exe start vboxdrv.sys
+    Description: Used by unknown actor in Acid Rain malware. vboxdrv.sys is a vulnerable
+        driver.
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://unit42.paloaltonetworks.com/acidbox-rare-malware/
 - https://www.coresecurity.com/core-labs/advisories/virtualbox-privilege-escalation-vulnerability
 - https://unit42.paloaltonetworks.com/acidbox-rare-malware/
-Tags:
-- vboxdrv.sys
-Verified: 'TRUE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/78827fa00ea48d96ac9af8d1c1e317d02ce11793e7f7f6e4c7aac7b5d7dd490f.yara
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 368a4f14c62575191a0f1f3464513964
+        SHA1: 3ce88266cfc41e8980d4c185235fd55999f5a67a
+        SHA256: a5a2fe8ab935cf47f21e0c5e0de11a98271054109827dc930293b947d3b05079
+    Company: Sun Microsystems, Inc.
+    Copyright: Copyright (C) 2009 Sun Microsystems, Inc.
+    CreationTimestamp: '2009-04-07 12:30:47'
+    Date: ''
+    Description: VirtualBox Support Driver
+    ExportedFunctions:
+    - AssertMsg1
+    - AssertMsg2
+    - RTAssertShouldPanic
+    - RTErrConvertFromNtStatus
+    - RTLogCloneRC
+    - RTLogComPrintf
+    - RTLogComPrintfV
+    - RTLogCopyGroupsAndFlags
+    - RTLogCreate
+    - RTLogCreateEx
+    - RTLogCreateExV
+    - RTLogDefaultInit
+    - RTLogDefaultInstance
+    - RTLogDestroy
+    - RTLogFlags
+    - RTLogFlush
+    - RTLogFlushRC
+    - RTLogFlushToLogger
+    - RTLogFormatV
+    - RTLogGetDefaultInstance
+    - RTLogGroupSettings
+    - RTLogLogger
+    - RTLogLoggerEx
+    - RTLogLoggerExV
+    - RTLogLoggerV
+    - RTLogPrintf
+    - RTLogPrintfV
+    - RTLogRelDefaultInstance
+    - RTLogRelLoggerV
+    - RTLogRelPrintfV
+    - RTLogRelSetDefaultInstance
+    - RTLogSetDefaultInstance
+    - RTLogSetDefaultInstanceThread
+    - RTLogWriteCom
+    - RTLogWriteDebugger
+    - RTLogWriteStdErr
+    - RTLogWriteStdOut
+    - RTLogWriteUser
+    - RTMemAlloc
+    - RTMemAllocZ
+    - RTMemContAlloc
+    - RTMemContFree
+    - RTMemDup
+    - RTMemDupEx
+    - RTMemExecAlloc
+    - RTMemExecFree
+    - RTMemFree
+    - RTMemRealloc
+    - RTMemTmpAlloc
+    - RTMemTmpAllocZ
+    - RTMemTmpFree
+    - RTMpCpuId
+    - RTMpCpuIdFromSetIndex
+    - RTMpCpuIdToSetIndex
+    - RTMpGetCount
+    - RTMpGetMaxCpuId
+    - RTMpGetOnlineCount
+    - RTMpGetOnlineSet
+    - RTMpGetSet
+    - RTMpIsCpuOnline
+    - RTMpIsCpuPossible
+    - RTMpIsCpuWorkPending
+    - RTMpNotificationDeregister
+    - RTMpNotificationRegister
+    - RTMpOnAll
+    - RTMpOnOthers
+    - RTMpOnSpecific
+    - RTPowerNotificationDeregister
+    - RTPowerNotificationRegister
+    - RTPowerSignalEvent
+    - RTProcSelf
+    - RTR0Init
+    - RTR0MemObjAddress
+    - RTR0MemObjAddressR3
+    - RTR0MemObjAllocCont
+    - RTR0MemObjAllocLow
+    - RTR0MemObjAllocPage
+    - RTR0MemObjAllocPhys
+    - RTR0MemObjAllocPhysNC
+    - RTR0MemObjEnterPhys
+    - RTR0MemObjFree
+    - RTR0MemObjGetPagePhysAddr
+    - RTR0MemObjIsMapping
+    - RTR0MemObjLockKernel
+    - RTR0MemObjLockUser
+    - RTR0MemObjMapKernel
+    - RTR0MemObjMapKernelEx
+    - RTR0MemObjMapUser
+    - RTR0MemObjReserveKernel
+    - RTR0MemObjReserveUser
+    - RTR0MemObjSize
+    - RTR0ProcHandleSelf
+    - RTR0Term
+    - RTSemEventCreate
+    - RTSemEventDestroy
+    - RTSemEventMultiCreate
+    - RTSemEventMultiDestroy
+    - RTSemEventMultiReset
+    - RTSemEventMultiSignal
+    - RTSemEventMultiWait
+    - RTSemEventMultiWaitNoResume
+    - RTSemEventSignal
+    - RTSemEventWait
+    - RTSemEventWaitNoResume
+    - RTSemFastMutexCreate
+    - RTSemFastMutexDestroy
+    - RTSemFastMutexRelease
+    - RTSemFastMutexRequest
+    - RTSpinlockAcquire
+    - RTSpinlockAcquireNoInts
+    - RTSpinlockCreate
+    - RTSpinlockDestroy
+    - RTSpinlockRelease
+    - RTSpinlockReleaseNoInts
+    - RTStrFormat
+    - RTStrFormatNumber
+    - RTStrFormatTypeDeregister
+    - RTStrFormatTypeRegister
+    - RTStrFormatTypeSetUser
+    - RTStrFormatV
+    - RTStrPrintf
+    - RTStrPrintfEx
+    - RTStrPrintfExV
+    - RTStrPrintfV
+    - RTStrToInt16
+    - RTStrToInt16Ex
+    - RTStrToInt16Full
+    - RTStrToInt32
+    - RTStrToInt32Ex
+    - RTStrToInt32Full
+    - RTStrToInt64
+    - RTStrToInt64Ex
+    - RTStrToInt64Full
+    - RTStrToInt8
+    - RTStrToInt8Ex
+    - RTStrToInt8Full
+    - RTStrToUInt16
+    - RTStrToUInt16Ex
+    - RTStrToUInt16Full
+    - RTStrToUInt32
+    - RTStrToUInt32Ex
+    - RTStrToUInt32Full
+    - RTStrToUInt64
+    - RTStrToUInt64Ex
+    - RTStrToUInt64Full
+    - RTStrToUInt8
+    - RTStrToUInt8Ex
+    - RTStrToUInt8Full
+    - RTThreadNativeSelf
+    - RTThreadPreemptDisable
+    - RTThreadPreemptIsEnabled
+    - RTThreadPreemptRestore
+    - RTThreadSleep
+    - RTThreadYield
+    - RTTimeMilliTS
+    - RTTimeNanoTS
+    - RTTimeNow
+    - RTTimeSystemMilliTS
+    - RTTimeSystemNanoTS
+    - RTTimerCreateEx
+    - RTTimerDestroy
+    - RTTimerGetSystemGranularity
+    - RTTimerReleaseSystemGranularity
+    - RTTimerRequestSystemGranularity
+    - RTTimerStart
+    - RTTimerStop
+    - SUPR0ComponentDeregisterFactory
+    - SUPR0ComponentQueryFactory
+    - SUPR0ComponentRegisterFactory
+    - SUPR0ContAlloc
+    - SUPR0ContFree
+    - SUPR0EnableVTx
+    - SUPR0GetPagingMode
+    - SUPR0GipMap
+    - SUPR0GipUnmap
+    - SUPR0LockMem
+    - SUPR0LowAlloc
+    - SUPR0LowFree
+    - SUPR0MemAlloc
+    - SUPR0MemFree
+    - SUPR0MemGetPhys
+    - SUPR0ObjAddRef
+    - SUPR0ObjAddRefEx
+    - SUPR0ObjRegister
+    - SUPR0ObjRelease
+    - SUPR0ObjVerifyAccess
+    - SUPR0PageAlloc
+    - SUPR0PageAllocEx
+    - SUPR0PageFree
+    - SUPR0PageMapKernel
+    - SUPR0UnlockMem
+    - g_szRTAssertMsg1
+    - g_szRTAssertMsg2
+    FileVersion: 2.2.0.r45846
+    Filename: vboxdrv.sys
+    ImportedFunctions:
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - ObfDereferenceObject
+    - ExUnregisterCallback
+    - IofCompleteRequest
+    - DbgPrint
+    - IoIs32bitProcess
+    - ExRegisterCallback
+    - ExCreateCallback
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - IoGetStackLimits
+    - memchr
+    - strncmp
+    - KeInitializeEvent
+    - ExAcquireFastMutex
+    - ExReleaseFastMutex
+    - KeSetEvent
+    - KeWaitForSingleObject
+    - KeResetEvent
+    - KeAcquireSpinLockRaiseToDpc
+    - KeReleaseSpinLock
+    - KeDelayExecutionThread
+    - ZwYieldExecution
+    - ExFreePoolWithTag
+    - KeInsertQueueDpc
+    - KeSetTargetProcessorDpc
+    - KeSetImportanceDpc
+    - KeInitializeDpc
+    - ExAllocatePoolWithTag
+    - KeQueryActiveProcessors
+    - strchr
+    - PsGetCurrentProcessId
+    - IoGetCurrentProcess
+    - KeSetTimerEx
+    - KeRemoveQueueDpc
+    - KeCancelTimer
+    - KeInitializeTimerEx
+    - KeQueryTimeIncrement
+    - MmGetSystemRoutineAddress
+    - MmFreeContiguousMemory
+    - MmGetPhysicalAddress
+    - MmAllocateContiguousMemory
+    - MmUnmapIoSpace
+    - MmUnlockPages
+    - IoFreeMdl
+    - MmFreePagesFromMdl
+    - MmUnsecureVirtualMemory
+    - MmUnmapLockedPages
+    - MmProtectMdlSystemAddress
+    - MmBuildMdlForNonPagedPool
+    - IoAllocateMdl
+    - MmAllocatePagesForMdl
+    - __C_specific_handler
+    - MmSecureVirtualMemory
+    - MmProbeAndLockPages
+    - MmMapIoSpace
+    - MmMapLockedPagesSpecifyCache
+    Imports:
+    - ntoskrnl.exe
+    InternalName: VBoxDrv.sys
+    MD5: bce7f34912ff59a3926216b206deb09f
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: VBoxDrv.sys
+    Product: Sun VirtualBox
+    ProductVersion: 2.2.0.r45846
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 778da7e612af67a3de121ab863ceed34
+        SHA1: 4c054a77104d0843f0a0f79ba3cdd6f7a500a261
+        SHA256: c7ad11fb172299df62c32563cb4c0c6c44c833b76897b86057a544ce552b39ca
+    SHA1: 696d68bdbe1d684029aaad2861c49af56694473a
+    SHA256: 78827fa00ea48d96ac9af8d1c1e317d02ce11793e7f7f6e4c7aac7b5d7dd490f
+    Sections:
+        .text:
+            Entropy: 6.374436237194225
+            Virtual Size: '0x14d26'
+        .rdata:
+            Entropy: 5.492063385586473
+            Virtual Size: '0x6ca4'
+        .data:
+            Entropy: 2.136306008585543
+            Virtual Size: '0x35b4'
+        .pdata:
+            Entropy: 5.201973567849435
+            Virtual Size: '0x1f20'
+        .edata:
+            Entropy: 5.704943815176372
+            Virtual Size: '0x14d5'
+        INIT:
+            Entropy: 4.983784792331664
+            Virtual Size: '0x6fc'
+        .rsrc:
+            Entropy: 3.308916632980912
+            Virtual Size: '0x398'
+        .reloc:
+            Entropy: 4.900332523869931
+            Virtual Size: '0x672'
+    Signature:
+    - Sun Microsystems, Inc.
+    - VeriSign Class 3 Code Signing 2004 CA
+    - VeriSign Class 3 Public Primary CA
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=US, ST=California, L=Menlo Park, O=Sun Microsystems, Inc.,
+                OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=Sun Microsystems,
+                Inc.
+            ValidFrom: '2008-06-11 00:00:00'
+            ValidTo: '2011-06-11 23:59:59'
+            Signature: 537c2adf2d3f7cf7cfc86476029fe81f7b8f12596a595cda0d5fbbfd227cce6bce2f8ad1af7fbb1a92a8b8de23a8797748094aae39bc845308e3ccd8fb9dc09b51bdf7b26c4eb8fb4052a8bdc714eaf36fca04d720e06798e36308c2fcaf50c48e61087a3ba0c4b0e77972a69af1ecc9d05e3f001e02ad94db98aa5e1453b541b0c257337fd78bb0372dc7841987424e0abce9cb1f0102a934bd037475b39cfe29dc27e77b3eb89fe805f8c6b1574d768dd2805d1a4b98143b7b6208abfebe7645a607084b1fd13ec7f088ac49cd5adc916090bcebe2e63786a7b80a009abd81349a9f34e135a7f4a2d569be474fe316b1b9f06ddf4d90a6650f7340181a27e1
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 693a64818c1e086b1b15aee63fa054a2
+            Version: 3
+            TBS:
+                MD5: 50b256a55cdc23561dd4aa76abed4fd9
+                SHA1: b3ee591b9218cfdcd394180558bd01bb674df627
+                SHA256: fc1c2199740f069b26f02d81313408734051ecb7fa216b2a86458938fac6a909
+                SHA384: 81c9c8b202f6fe3354dd5503ef9ee6d418b9a28064968506bc2c49d7bd0efbaa9da9ce51d7c384992aa531ca905442a7
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 693a64818c1e086b1b15aee63fa054a2
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    Imphash: 6723b1d5bd0f1fc13216cb44541e619e
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: d146876f270e848875465ed081396d3b
+        SHA1: c54fe31ff5c3cfe1937b7b0906882a1786f453b6
+        SHA256: 597e7d5feb149d9087888926d1454dc06f1078ab18c948b44f090910da8645f8
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2008-05-30 20:18:53'
+    Date: ''
+    Description: ''
+    ExportedFunctions:
+    - AssertMsg1
+    - RTAssertDoBreakpoint
+    - RTErrConvertFromNtStatus
+    - RTLogDefaultInstance
+    - RTLogLogger
+    - RTLogLoggerEx
+    - RTLogLoggerExV
+    - RTLogPrintf
+    - RTLogPrintfV
+    - RTLogRelDefaultInstance
+    - RTLogSetDefaultInstanceThread
+    - RTMemAlloc
+    - RTMemAllocZ
+    - RTMemContAlloc
+    - RTMemContFree
+    - RTMemExecAlloc
+    - RTMemExecFree
+    - RTMemFree
+    - RTMemRealloc
+    - RTMemTmpAlloc
+    - RTMemTmpAllocZ
+    - RTMemTmpFree
+    - RTMpCpuId
+    - RTMpCpuIdFromSetIndex
+    - RTMpCpuIdToSetIndex
+    - RTMpDoesCpuExist
+    - RTMpGetCount
+    - RTMpGetMaxCpuId
+    - RTMpGetOnlineCount
+    - RTMpGetOnlineSet
+    - RTMpGetSet
+    - RTMpIsCpuOnline
+    - RTMpOnAll
+    - RTMpOnOthers
+    - RTMpOnSpecific
+    - RTProcSelf
+    - RTR0MemObjAddress
+    - RTR0MemObjAddressR3
+    - RTR0MemObjAllocCont
+    - RTR0MemObjAllocLow
+    - RTR0MemObjAllocPage
+    - RTR0MemObjAllocPhys
+    - RTR0MemObjAllocPhysNC
+    - RTR0MemObjEnterPhys
+    - RTR0MemObjFree
+    - RTR0MemObjGetPagePhysAddr
+    - RTR0MemObjIsMapping
+    - RTR0MemObjLockKernel
+    - RTR0MemObjLockUser
+    - RTR0MemObjMapKernel
+    - RTR0MemObjMapUser
+    - RTR0MemObjReserveKernel
+    - RTR0MemObjReserveUser
+    - RTR0MemObjSize
+    - RTR0ProcHandleSelf
+    - RTSemEventCreate
+    - RTSemEventDestroy
+    - RTSemEventMultiCreate
+    - RTSemEventMultiDestroy
+    - RTSemEventMultiReset
+    - RTSemEventMultiSignal
+    - RTSemEventMultiWait
+    - RTSemEventMultiWaitNoResume
+    - RTSemEventSignal
+    - RTSemEventWait
+    - RTSemEventWaitNoResume
+    - RTSemFastMutexCreate
+    - RTSemFastMutexDestroy
+    - RTSemFastMutexRelease
+    - RTSemFastMutexRequest
+    - RTSpinlockAcquire
+    - RTSpinlockAcquireNoInts
+    - RTSpinlockCreate
+    - RTSpinlockDestroy
+    - RTSpinlockRelease
+    - RTSpinlockReleaseNoInts
+    - RTThreadNativeSelf
+    - RTThreadSleep
+    - RTThreadYield
+    - SUPR0ContAlloc
+    - SUPR0ContFree
+    - SUPR0GipMap
+    - SUPR0GipUnmap
+    - SUPR0LockMem
+    - SUPR0LowAlloc
+    - SUPR0LowFree
+    - SUPR0MemAlloc
+    - SUPR0MemFree
+    - SUPR0MemGetPhys
+    - SUPR0ObjAddRef
+    - SUPR0ObjRegister
+    - SUPR0ObjRelease
+    - SUPR0ObjVerifyAccess
+    - SUPR0PageAlloc
+    - SUPR0PageFree
+    - SUPR0UnlockMem
+    FileVersion: ''
+    Filename: vboxdrv.sys
+    ImportedFunctions:
+    - IofCompleteRequest
+    - DbgPrint
+    - IoIs32bitProcess
+    - MmFreeContiguousMemory
+    - IoFreeMdl
+    - MmGetSystemRoutineAddress
+    - RtlInitUnicodeString
+    - KeCancelTimer
+    - KeInsertQueueDpc
+    - __C_specific_handler
+    - MmMapLockedPagesSpecifyCache
+    - MmUnmapLockedPages
+    - KeSetTimerEx
+    - ExSetTimerResolution
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - KeSetTargetProcessorDpc
+    - KeSetImportanceDpc
+    - KeInitializeDpc
+    - KeInitializeTimerEx
+    - MmGetPhysicalAddress
+    - KeQueryActiveProcessors
+    - MmBuildMdlForNonPagedPool
+    - IoAllocateMdl
+    - MmAllocateContiguousMemory
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - memchr
+    - strncmp
+    - PsGetCurrentProcessId
+    - IoGetCurrentProcess
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - KeDelayExecutionThread
+    - ZwYieldExecution
+    - KeAcquireSpinLockRaiseToDpc
+    - KeReleaseSpinLock
+    - KeInitializeEvent
+    - KeSetEvent
+    - KeResetEvent
+    - KeWaitForSingleObject
+    - ExAcquireFastMutex
+    - ExReleaseFastMutex
+    - MmUnmapIoSpace
+    - MmUnlockPages
+    - MmFreePagesFromMdl
+    - MmUnsecureVirtualMemory
+    - MmProtectMdlSystemAddress
+    - MmAllocatePagesForMdl
+    - MmSecureVirtualMemory
+    - MmProbeAndLockPages
+    - MmMapIoSpace
+    Imports:
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: eaea9ccb40c82af8f3867cd0f4dd5e9d
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 3b563e832ffe657653773aabadea926a
+        SHA1: 910da2f8bdc0e1356a2a9f1b160740665b223894
+        SHA256: d782f2dfed49e4cd3b9496d9190619a0984ef2c034a6f866915323122f3a036f
+    SHA1: 7c1b25518dee1e30b5a6eaa1ea8e4a3780c24d0c
+    SHA256: cf3a7d4285d65bf8688215407bce1b51d7c6b22497f09021f0fce31cbeb78986
+    Sections:
+        .text:
+            Entropy: 6.2039165195201695
+            Virtual Size: '0x856e'
+        .rdata:
+            Entropy: 5.607114485004288
+            Virtual Size: '0x2a58'
+        .data:
+            Entropy: 1.9666645281474864
+            Virtual Size: '0x1d00'
+        .pdata:
+            Entropy: 4.674336635214751
+            Virtual Size: '0xcf0'
+        .edata:
+            Entropy: 5.350712994836838
+            Virtual Size: '0xa72'
+        INIT:
+            Entropy: 4.871003292573194
+            Virtual Size: '0x638'
+        .reloc:
+            Entropy: 3.745971599596066
+            Virtual Size: '0x13c'
+    Signature:
+    - innotek GmbH
+    - GlobalSign ObjectSign CA
+    - GlobalSign Primary Object Publishing CA
+    - GlobalSign Root CA - R1
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=DE, O=innotek GmbH, CN=innotek GmbH, emailAddress=info@innotek.de
+            ValidFrom: '2007-12-27 14:37:17'
+            ValidTo: '2010-12-27 14:37:17'
+            Signature: 2a6d31919705290526ee3286d2825883af75a52ec1257276e9ab0eeff47a83adeab4bc2068eb7f76f84a356d466012e17b91d4f5c2913d28c73ee15018243e2ba7487f70d21f954eeeefb9854fc980d1ee61bf9a779e6e9a661938d7d9d6d101ddb49a9917264622f0ce4d63ac106b50769c38e9361a34f6cf5c5cae3ef50eb2a49d0f02c001af28d1f1fe250f2c99e5436b485a107eab17295180e5750eb31faee1ea0937a827bc140906a014b85409d8c48afbfcee20bf53f4e74661c1f555823c4bee18fde06e1e3e44fb8930e3ea84385e5006fd994fe8e69205a84ed7ed0f25c7b9f8fcb6f7d5b30188c27bf99050175afb1fc60f89ed2462ce999ca5dc
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 010000000001171c092665
+            Version: 3
+            TBS:
+                MD5: 5cfd8530475b20ed5a2bed70b37ee977
+                SHA1: 4761dbd41ba2b01f21b9306ca21e8add93a30f09
+                SHA256: 219041cc8d9e3248c69d9b116d440a0bbaa6aa500aa0c5de2d5af15908d83c7f
+                SHA384: 46dcdf272bf47e608519abe5183dae12858d1b3763b78d7f5212be2adc021325e7f7a2ff3e18cc9b5307f43a61b184c5
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
+                Primary Object Publishing CA
+            ValidFrom: '1999-01-28 12:00:00'
+            ValidTo: '2014-01-27 11:00:00'
+            Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9611cd6
+            Version: 3
+            TBS:
+                MD5: 698f075151097d84c0b1f3e7bc3d6fca
+                SHA1: 041750993d7c9e063f02dfe74699598640911aab
+                SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
+                SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            ValidFrom: '2004-01-22 09:00:00'
+            ValidTo: '2014-01-27 10:00:00'
+            Signature: 11d45d8af43d0d9d7e4fa70071610b56b34caa70e1b2d1dec7886d1d897c2ba946e58b1f8e4cc26695911fe34d394ae31b70b7446edc068a4d6d25e89812dcbca0dd864eae8f81130540905a542529944acaf165b4ef0679dae7cb86f004c918dcee72b320015748dfe333e12ccd9c077f9447278d888d340ca67c5c20c17d07b3736b648c26d29bd7e87965a6a891a174862a050282c1847cf279cd3c2a2b0f99291eea8c8a1ab16aeaa266380e65e1add8c6c91f888d3976ee1782c4138d97ce6341e77af5b4b66c15c33813b3930b620688dde1447f10a950248b60dc05f75ba514b27b56720b96eabffc057090659e051ca4dd07af4b57dec639673bc574
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9612448
+            Version: 3
+            TBS:
+                MD5: 2fc76031fc24eec1ef3db2d246d21d6a
+                SHA1: 75c3a1f76b9dfa31ef6bf56325e7bd0bf6e4779d
+                SHA256: 9238292d441c56dc89684c253343c17de3ed9cecd7f83d1d8f793b5ebc91f7b9
+                SHA384: 9279c1377eb701fdd79ef85038ff151cd8902169ba55fca84b9850f003563f73a1daaf869544252a2e42f06f58d2275f
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 010000000001171c092665
+            Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            Version: 1
+    Imphash: b262e8d078ede007ebd0aa71b9152863
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 8dee0a554d557c93b06a9f03f028c7f6
+        SHA1: cbe79825ff30fef67ee1f9ba01e7b880759f1f25
+        SHA256: 1d1bd2235d422954506b1bdb3070d9d8bada3fb7f9e4f658036031294b3a95df
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2008-05-30 20:18:53'
+    Date: ''
+    Description: ''
+    ExportedFunctions:
+    - AssertMsg1
+    - RTAssertDoBreakpoint
+    - RTErrConvertFromNtStatus
+    - RTLogDefaultInstance
+    - RTLogLogger
+    - RTLogLoggerEx
+    - RTLogLoggerExV
+    - RTLogPrintf
+    - RTLogPrintfV
+    - RTLogRelDefaultInstance
+    - RTLogSetDefaultInstanceThread
+    - RTMemAlloc
+    - RTMemAllocZ
+    - RTMemContAlloc
+    - RTMemContFree
+    - RTMemExecAlloc
+    - RTMemExecFree
+    - RTMemFree
+    - RTMemRealloc
+    - RTMemTmpAlloc
+    - RTMemTmpAllocZ
+    - RTMemTmpFree
+    - RTMpCpuId
+    - RTMpCpuIdFromSetIndex
+    - RTMpCpuIdToSetIndex
+    - RTMpDoesCpuExist
+    - RTMpGetCount
+    - RTMpGetMaxCpuId
+    - RTMpGetOnlineCount
+    - RTMpGetOnlineSet
+    - RTMpGetSet
+    - RTMpIsCpuOnline
+    - RTMpOnAll
+    - RTMpOnOthers
+    - RTMpOnSpecific
+    - RTProcSelf
+    - RTR0MemObjAddress
+    - RTR0MemObjAddressR3
+    - RTR0MemObjAllocCont
+    - RTR0MemObjAllocLow
+    - RTR0MemObjAllocPage
+    - RTR0MemObjAllocPhys
+    - RTR0MemObjAllocPhysNC
+    - RTR0MemObjEnterPhys
+    - RTR0MemObjFree
+    - RTR0MemObjGetPagePhysAddr
+    - RTR0MemObjIsMapping
+    - RTR0MemObjLockKernel
+    - RTR0MemObjLockUser
+    - RTR0MemObjMapKernel
+    - RTR0MemObjMapUser
+    - RTR0MemObjReserveKernel
+    - RTR0MemObjReserveUser
+    - RTR0MemObjSize
+    - RTR0ProcHandleSelf
+    - RTSemEventCreate
+    - RTSemEventDestroy
+    - RTSemEventMultiCreate
+    - RTSemEventMultiDestroy
+    - RTSemEventMultiReset
+    - RTSemEventMultiSignal
+    - RTSemEventMultiWait
+    - RTSemEventMultiWaitNoResume
+    - RTSemEventSignal
+    - RTSemEventWait
+    - RTSemEventWaitNoResume
+    - RTSemFastMutexCreate
+    - RTSemFastMutexDestroy
+    - RTSemFastMutexRelease
+    - RTSemFastMutexRequest
+    - RTSpinlockAcquire
+    - RTSpinlockAcquireNoInts
+    - RTSpinlockCreate
+    - RTSpinlockDestroy
+    - RTSpinlockRelease
+    - RTSpinlockReleaseNoInts
+    - RTThreadNativeSelf
+    - RTThreadSleep
+    - RTThreadYield
+    - SUPR0ContAlloc
+    - SUPR0ContFree
+    - SUPR0GipMap
+    - SUPR0GipUnmap
+    - SUPR0LockMem
+    - SUPR0LowAlloc
+    - SUPR0LowFree
+    - SUPR0MemAlloc
+    - SUPR0MemFree
+    - SUPR0MemGetPhys
+    - SUPR0ObjAddRef
+    - SUPR0ObjRegister
+    - SUPR0ObjRelease
+    - SUPR0ObjVerifyAccess
+    - SUPR0PageAlloc
+    - SUPR0PageFree
+    - SUPR0UnlockMem
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - IofCompleteRequest
+    - DbgPrint
+    - IoIs32bitProcess
+    - MmFreeContiguousMemory
+    - IoFreeMdl
+    - MmGetSystemRoutineAddress
+    - RtlInitUnicodeString
+    - KeCancelTimer
+    - KeInsertQueueDpc
+    - __C_specific_handler
+    - MmMapLockedPagesSpecifyCache
+    - MmUnmapLockedPages
+    - KeSetTimerEx
+    - ExSetTimerResolution
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - KeSetTargetProcessorDpc
+    - KeSetImportanceDpc
+    - KeInitializeDpc
+    - KeInitializeTimerEx
+    - MmGetPhysicalAddress
+    - KeQueryActiveProcessors
+    - MmBuildMdlForNonPagedPool
+    - IoAllocateMdl
+    - MmAllocateContiguousMemory
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - memchr
+    - strncmp
+    - PsGetCurrentProcessId
+    - IoGetCurrentProcess
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - KeDelayExecutionThread
+    - ZwYieldExecution
+    - KeAcquireSpinLockRaiseToDpc
+    - KeReleaseSpinLock
+    - KeInitializeEvent
+    - KeSetEvent
+    - KeResetEvent
+    - KeWaitForSingleObject
+    - ExAcquireFastMutex
+    - ExReleaseFastMutex
+    - MmUnmapIoSpace
+    - MmUnlockPages
+    - MmFreePagesFromMdl
+    - MmUnsecureVirtualMemory
+    - MmProtectMdlSystemAddress
+    - MmAllocatePagesForMdl
+    - MmSecureVirtualMemory
+    - MmProbeAndLockPages
+    - Space
+    Imports:
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: 154fd286c96665946d55a7d49923ad7e
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 3b563e832ffe657653773aabadea926a
+        SHA1: 910da2f8bdc0e1356a2a9f1b160740665b223894
+        SHA256: d782f2dfed49e4cd3b9496d9190619a0984ef2c034a6f866915323122f3a036f
+    SHA1: 2ae1456bb0fa5a016954b03967878fb6db4d81eb
+    SHA256: b50b11e2203942695380869c6072e15479290bc57da2ec5df3481a36b8a8561e
+    Sections:
+        .text:
+            Entropy: 6.2039165195201695
+            Virtual Size: '0x856e'
+        .rdata:
+            Entropy: 5.607114485004288
+            Virtual Size: '0x2a58'
+        .data:
+            Entropy: 1.9666645281474864
+            Virtual Size: '0x1d00'
+        .pdata:
+            Entropy: 4.674336635214751
+            Virtual Size: '0xcf0'
+        .edata:
+            Entropy: 5.350712994836838
+            Virtual Size: '0xa72'
+        INIT:
+            Entropy: 4.872259573980229
+            Virtual Size: '0x638'
+        .reloc:
+            Entropy: 3.745971599596066
+            Virtual Size: '0x13c'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=DE, O=innotek GmbH, CN=innotek GmbH, emailAddress=info@innotek.de
+            ValidFrom: '2007-12-27 14:37:17'
+            ValidTo: '2010-12-27 14:37:17'
+            Signature: 2a6d31919705290526ee3286d2825883af75a52ec1257276e9ab0eeff47a83adeab4bc2068eb7f76f84a356d466012e17b91d4f5c2913d28c73ee15018243e2ba7487f70d21f954eeeefb9854fc980d1ee61bf9a779e6e9a661938d7d9d6d101ddb49a9917264622f0ce4d63ac106b50769c38e9361a34f6cf5c5cae3ef50eb2a49d0f02c001af28d1f1fe250f2c99e5436b485a107eab17295180e5750eb31faee1ea0937a827bc140906a014b85409d8c48afbfcee20bf53f4e74661c1f555823c4bee18fde06e1e3e44fb8930e3ea84385e5006fd994fe8e69205a84ed7ed0f25c7b9f8fcb6f7d5b30188c27bf99050175afb1fc60f89ed2462ce999ca5dc
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 010000000001171c092665
+            Version: 3
+            TBS:
+                MD5: 5cfd8530475b20ed5a2bed70b37ee977
+                SHA1: 4761dbd41ba2b01f21b9306ca21e8add93a30f09
+                SHA256: 219041cc8d9e3248c69d9b116d440a0bbaa6aa500aa0c5de2d5af15908d83c7f
+                SHA384: 46dcdf272bf47e608519abe5183dae12858d1b3763b78d7f5212be2adc021325e7f7a2ff3e18cc9b5307f43a61b184c5
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
+                Primary Object Publishing CA
+            ValidFrom: '1999-01-28 12:00:00'
+            ValidTo: '2014-01-27 11:00:00'
+            Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9611cd6
+            Version: 3
+            TBS:
+                MD5: 698f075151097d84c0b1f3e7bc3d6fca
+                SHA1: 041750993d7c9e063f02dfe74699598640911aab
+                SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
+                SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            ValidFrom: '2004-01-22 09:00:00'
+            ValidTo: '2014-01-27 10:00:00'
+            Signature: 11d45d8af43d0d9d7e4fa70071610b56b34caa70e1b2d1dec7886d1d897c2ba946e58b1f8e4cc26695911fe34d394ae31b70b7446edc068a4d6d25e89812dcbca0dd864eae8f81130540905a542529944acaf165b4ef0679dae7cb86f004c918dcee72b320015748dfe333e12ccd9c077f9447278d888d340ca67c5c20c17d07b3736b648c26d29bd7e87965a6a891a174862a050282c1847cf279cd3c2a2b0f99291eea8c8a1ab16aeaa266380e65e1add8c6c91f888d3976ee1782c4138d97ce6341e77af5b4b66c15c33813b3930b620688dde1447f10a950248b60dc05f75ba514b27b56720b96eabffc057090659e051ca4dd07af4b57dec639673bc574
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9612448
+            Version: 3
+            TBS:
+                MD5: 2fc76031fc24eec1ef3db2d246d21d6a
+                SHA1: 75c3a1f76b9dfa31ef6bf56325e7bd0bf6e4779d
+                SHA256: 9238292d441c56dc89684c253343c17de3ed9cecd7f83d1d8f793b5ebc91f7b9
+                SHA384: 9279c1377eb701fdd79ef85038ff151cd8902169ba55fca84b9850f003563f73a1daaf869544252a2e42f06f58d2275f
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 010000000001171c092665
+            Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            Version: 1
+    Imphash: 4c5fc4519f1417f0630c3343aab7c9d2
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: a16b80ddf8f535c1ff695f7eaf0cdcc5
+        SHA1: 1ed5e0fadb97e30fa8708833f19ccf5e717f48e2
+        SHA256: 4ef8c776a6acd4fd360b22e7d053bba961d687c36ec4fcc0b3e2ff1ef7be967e
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2008-05-30 17:34:52'
+    Date: ''
+    Description: ''
+    ExportedFunctions:
+    - AssertMsg1
+    - RTAssertDoBreakpoint
+    - RTErrConvertFromNtStatus
+    - RTLogDefaultInstance
+    - RTLogLogger
+    - RTLogLoggerEx
+    - RTLogLoggerExV
+    - RTLogPrintf
+    - RTLogPrintfV
+    - RTLogRelDefaultInstance
+    - RTLogSetDefaultInstanceThread
+    - RTMemAlloc
+    - RTMemAllocZ
+    - RTMemContAlloc
+    - RTMemContFree
+    - RTMemExecAlloc
+    - RTMemExecFree
+    - RTMemFree
+    - RTMemRealloc
+    - RTMemTmpAlloc
+    - RTMemTmpAllocZ
+    - RTMemTmpFree
+    - RTMpCpuId
+    - RTMpCpuIdFromSetIndex
+    - RTMpCpuIdToSetIndex
+    - RTMpDoesCpuExist
+    - RTMpGetCount
+    - RTMpGetMaxCpuId
+    - RTMpGetOnlineCount
+    - RTMpGetOnlineSet
+    - RTMpGetSet
+    - RTMpIsCpuOnline
+    - RTMpOnAll
+    - RTMpOnOthers
+    - RTMpOnSpecific
+    - RTProcSelf
+    - RTR0MemObjAddress
+    - RTR0MemObjAddressR3
+    - RTR0MemObjAllocCont
+    - RTR0MemObjAllocLow
+    - RTR0MemObjAllocPage
+    - RTR0MemObjAllocPhys
+    - RTR0MemObjAllocPhysNC
+    - RTR0MemObjEnterPhys
+    - RTR0MemObjFree
+    - RTR0MemObjGetPagePhysAddr
+    - RTR0MemObjIsMapping
+    - RTR0MemObjLockKernel
+    - RTR0MemObjLockUser
+    - RTR0MemObjMapKernel
+    - RTR0MemObjMapUser
+    - RTR0MemObjReserveKernel
+    - RTR0MemObjReserveUser
+    - RTR0MemObjSize
+    - RTR0ProcHandleSelf
+    - RTSemEventCreate
+    - RTSemEventDestroy
+    - RTSemEventMultiCreate
+    - RTSemEventMultiDestroy
+    - RTSemEventMultiReset
+    - RTSemEventMultiSignal
+    - RTSemEventMultiWait
+    - RTSemEventMultiWaitNoResume
+    - RTSemEventSignal
+    - RTSemEventWait
+    - RTSemEventWaitNoResume
+    - RTSemFastMutexCreate
+    - RTSemFastMutexDestroy
+    - RTSemFastMutexRelease
+    - RTSemFastMutexRequest
+    - RTSpinlockAcquire
+    - RTSpinlockAcquireNoInts
+    - RTSpinlockCreate
+    - RTSpinlockDestroy
+    - RTSpinlockRelease
+    - RTSpinlockReleaseNoInts
+    - RTThreadNativeSelf
+    - RTThreadSleep
+    - RTThreadYield
+    - SUPR0ContAlloc
+    - SUPR0ContFree
+    - SUPR0GipMap
+    - SUPR0GipUnmap
+    - SUPR0LockMem
+    - SUPR0LowAlloc
+    - SUPR0LowFree
+    - SUPR0MemAlloc
+    - SUPR0MemFree
+    - SUPR0MemGetPhys
+    - SUPR0ObjAddRef
+    - SUPR0ObjRegister
+    - SUPR0ObjRelease
+    - SUPR0ObjVerifyAccess
+    - SUPR0PageAlloc
+    - SUPR0PageFree
+    - SUPR0UnlockMem
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - RtlInitUnicodeString
+    - KeCancelTimer
+    - KeInsertQueueDpc
+    - _allshl
+    - MmMapLockedPagesSpecifyCache
+    - _except_handler3
+    - MmUnmapLockedPages
+    - KeSetTimerEx
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - KeSetTargetProcessorDpc
+    - KeSetImportanceDpc
+    - KeInitializeDpc
+    - KeInitializeTimerEx
+    - MmGetPhysicalAddress
+    - KeQueryActiveProcessors
+    - ExSetTimerResolution
+    - MmBuildMdlForNonPagedPool
+    - IoAllocateMdl
+    - MmAllocateContiguousMemory
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - MmGetSystemRoutineAddress
+    - strncmp
+    - IoFreeMdl
+    - MmFreeContiguousMemory
+    - _allmul
+    - PsGetCurrentProcessId
+    - IoGetCurrentProcess
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - KeGetCurrentThread
+    - KeDelayExecutionThread
+    - ZwYieldExecution
+    - KeInitializeSpinLock
+    - KeInitializeEvent
+    - KeSetEvent
+    - KeResetEvent
+    - KeWaitForSingleObject
+    - MmUnmapIoSpace
+    - MmUnlockPages
+    - MmFreePagesFromMdl
+    - MmUnsecureVirtualMemory
+    - MmAllocatePagesForMdl
+    - MmSecureVirtualMemory
+    - MmProbeAndLockPages
+    - MmMapIoSpace
+    - KeQueryInterruptTime
+    - DbgPrint
+    - memchr
+    - IofCompleteRequest
+    - ExReleaseFastMutex
+    - KfReleaseSpinLock
+    - KfAcquireSpinLock
+    - KfRaiseIrql
+    - KfLowerIrql
+    - ExAcquireFastMutex
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: ee91da973bebe6442527b3d1abcc3c80
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 5f57854adbd1e5c955b74bee2a0da686
+        SHA1: 744192af8f346e24f067553de75ff27e89fdd71b
+        SHA256: b1f609edc9ffa87173741f486213b75d472e9d7446fcfcc9b21101d36d22e0b2
+    SHA1: b7fa8278ab7bc485727d075e761a72042c4595f7
+    SHA256: d998ea6d0051e17c1387c9f295b1c79bacb2f61c23809903445f60313d36c7fd
+    Sections:
+        .text:
+            Entropy: 6.333734197575781
+            Virtual Size: '0x7094'
+        .rdata:
+            Entropy: 5.531194049051287
+            Virtual Size: '0x68c'
+        .data:
+            Entropy: 3.929686423189371
+            Virtual Size: '0x2e00'
+        .edata:
+            Entropy: 5.3508787714387545
+            Virtual Size: '0xa72'
+        INIT:
+            Entropy: 5.277979675350674
+            Virtual Size: '0x5d0'
+        .reloc:
+            Entropy: 6.15094236572427
+            Virtual Size: '0x488'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=DE, O=innotek GmbH, CN=innotek GmbH, emailAddress=info@innotek.de
+            ValidFrom: '2007-12-27 14:37:17'
+            ValidTo: '2010-12-27 14:37:17'
+            Signature: 2a6d31919705290526ee3286d2825883af75a52ec1257276e9ab0eeff47a83adeab4bc2068eb7f76f84a356d466012e17b91d4f5c2913d28c73ee15018243e2ba7487f70d21f954eeeefb9854fc980d1ee61bf9a779e6e9a661938d7d9d6d101ddb49a9917264622f0ce4d63ac106b50769c38e9361a34f6cf5c5cae3ef50eb2a49d0f02c001af28d1f1fe250f2c99e5436b485a107eab17295180e5750eb31faee1ea0937a827bc140906a014b85409d8c48afbfcee20bf53f4e74661c1f555823c4bee18fde06e1e3e44fb8930e3ea84385e5006fd994fe8e69205a84ed7ed0f25c7b9f8fcb6f7d5b30188c27bf99050175afb1fc60f89ed2462ce999ca5dc
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 010000000001171c092665
+            Version: 3
+            TBS:
+                MD5: 5cfd8530475b20ed5a2bed70b37ee977
+                SHA1: 4761dbd41ba2b01f21b9306ca21e8add93a30f09
+                SHA256: 219041cc8d9e3248c69d9b116d440a0bbaa6aa500aa0c5de2d5af15908d83c7f
+                SHA384: 46dcdf272bf47e608519abe5183dae12858d1b3763b78d7f5212be2adc021325e7f7a2ff3e18cc9b5307f43a61b184c5
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
+                Primary Object Publishing CA
+            ValidFrom: '1999-01-28 12:00:00'
+            ValidTo: '2014-01-27 11:00:00'
+            Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9611cd6
+            Version: 3
+            TBS:
+                MD5: 698f075151097d84c0b1f3e7bc3d6fca
+                SHA1: 041750993d7c9e063f02dfe74699598640911aab
+                SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
+                SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            ValidFrom: '2004-01-22 09:00:00'
+            ValidTo: '2014-01-27 10:00:00'
+            Signature: 11d45d8af43d0d9d7e4fa70071610b56b34caa70e1b2d1dec7886d1d897c2ba946e58b1f8e4cc26695911fe34d394ae31b70b7446edc068a4d6d25e89812dcbca0dd864eae8f81130540905a542529944acaf165b4ef0679dae7cb86f004c918dcee72b320015748dfe333e12ccd9c077f9447278d888d340ca67c5c20c17d07b3736b648c26d29bd7e87965a6a891a174862a050282c1847cf279cd3c2a2b0f99291eea8c8a1ab16aeaa266380e65e1add8c6c91f888d3976ee1782c4138d97ce6341e77af5b4b66c15c33813b3930b620688dde1447f10a950248b60dc05f75ba514b27b56720b96eabffc057090659e051ca4dd07af4b57dec639673bc574
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9612448
+            Version: 3
+            TBS:
+                MD5: 2fc76031fc24eec1ef3db2d246d21d6a
+                SHA1: 75c3a1f76b9dfa31ef6bf56325e7bd0bf6e4779d
+                SHA256: 9238292d441c56dc89684c253343c17de3ed9cecd7f83d1d8f793b5ebc91f7b9
+                SHA384: 9279c1377eb701fdd79ef85038ff151cd8902169ba55fca84b9850f003563f73a1daaf869544252a2e42f06f58d2275f
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 010000000001171c092665
+            Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            Version: 1
+    Imphash: c17c0bd619c1e188ffe27bd328dd7d08
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 4b67c5cc8038b488359fbd1c08779fcf
+        SHA1: a5b298457abe85bfb86b289328ef82823b0cc173
+        SHA256: a2d9f91ede8aed51960ca67318ea337152bb311c03275c0650e4421e6af6b7ee
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2008-05-30 20:18:53'
+    Date: ''
+    Description: ''
+    ExportedFunctions:
+    - AssertMsg1
+    - RTAssertDoBreakpoint
+    - RTErrConvertFromNtStatus
+    - RTLogDefaultInstance
+    - RTLogLogger
+    - RTLogLoggerEx
+    - RTLogLoggerExV
+    - RTLogPrintf
+    - RTLogPrintfV
+    - RTLogRelDefaultInstance
+    - RTLogSetDefaultInstanceThread
+    - RTMemAlloc
+    - RTMemAllocZ
+    - RTMemContAlloc
+    - RTMemContFree
+    - RTMemExecAlloc
+    - RTMemExecFree
+    - RTMemFree
+    - RTMemRealloc
+    - RTMemTmpAlloc
+    - RTMemTmpAllocZ
+    - RTMemTmpFree
+    - RTMpCpuId
+    - RTMpCpuIdFromSetIndex
+    - RTMpCpuIdToSetIndex
+    - RTMpDoesCpuExist
+    - RTMpGetCount
+    - RTMpGetMaxCpuId
+    - RTMpGetOnlineCount
+    - RTMpGetOnlineSet
+    - RTMpGetSet
+    - RTMpIsCpuOnline
+    - RTMpOnAll
+    - RTMpOnOthers
+    - RTMpOnSpecific
+    - RTProcSelf
+    - RTR0MemObjAddress
+    - RTR0MemObjAddressR3
+    - RTR0MemObjAllocCont
+    - RTR0MemObjAllocLow
+    - RTR0MemObjAllocPage
+    - RTR0MemObjAllocPhys
+    - RTR0MemObjAllocPhysNC
+    - RTR0MemObjEnterPhys
+    - RTR0MemObjFree
+    - RTR0MemObjGetPagePhysAddr
+    - RTR0MemObjIsMapping
+    - RTR0MemObjLockKernel
+    - RTR0MemObjLockUser
+    - RTR0MemObjMapKernel
+    - RTR0MemObjMapUser
+    - RTR0MemObjReserveKernel
+    - RTR0MemObjReserveUser
+    - RTR0MemObjSize
+    - RTR0ProcHandleSelf
+    - RTSemEventCreate
+    - RTSemEventDestroy
+    - RTSemEventMultiCreate
+    - RTSemEventMultiDestroy
+    - RTSemEventMultiReset
+    - RTSemEventMultiSignal
+    - RTSemEventMultiWait
+    - RTSemEventMultiWaitNoResume
+    - RTSemEventSignal
+    - RTSemEventWait
+    - RTSemEventWaitNoResume
+    - RTSemFastMutexCreate
+    - RTSemFastMutexDestroy
+    - RTSemFastMutexRelease
+    - RTSemFastMutexRequest
+    - RTSpinlockAcquire
+    - RTSpinlockAcquireNoInts
+    - RTSpinlockCreate
+    - RTSpinlockDestroy
+    - RTSpinlockRelease
+    - RTSpinlockReleaseNoInts
+    - RTThreadNativeSelf
+    - RTThreadSleep
+    - RTThreadYield
+    - SUPR0ContAlloc
+    - SUPR0ContFree
+    - SUPR0GipMap
+    - SUPR0GipUnmap
+    - SUPR0LockMem
+    - SUPR0LowAlloc
+    - SUPR0LowFree
+    - SUPR0MemAlloc
+    - SUPR0MemFree
+    - SUPR0MemGetPhys
+    - SUPR0ObjAddRef
+    - SUPR0ObjRegister
+    - SUPR0ObjRelease
+    - SUPR0ObjVerifyAccess
+    - SUPR0PageAlloc
+    - SUPR0PageFree
+    - SUPR0UnlockMem
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - IofCompleteRequest
+    - DbgPrint
+    - IoIs32bitProcess
+    - MmFreeContiguousMemory
+    - IoFreeMdl
+    - MmGetSystemRoutineAddress
+    - RtlInitUnicodeString
+    - KeCancelTimer
+    - KeInsertQueueDpc
+    - __C_specific_handler
+    - MmMapLockedPagesSpecifyCache
+    - MmUnmapLockedPages
+    - KeSetTimerEx
+    - ExSetTimerResolution
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - KeSetTargetProcessorDpc
+    - KeSetImportanceDpc
+    - KeInitializeDpc
+    - KeInitializeTimerEx
+    - MmGetPhysicalAddress
+    - KeQueryActiveProcessors
+    - MmBuildMdlForNonPagedPool
+    - IoAllocateMdl
+    - MmAllocateContiguousMemory
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - memchr
+    - strncmp
+    - PsGetCurrentProcessId
+    - IoGetCurrentProcess
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - KeDelayExecutionThread
+    - ZwYieldExecution
+    - KeAcquireSpinLockRaiseToDpc
+    - KeReleaseSpinLock
+    - KeInitializeEvent
+    - KeSetEvent
+    - KeResetEvent
+    - KeWaitForSingleObject
+    - ExAcquireFastMutex
+    - ExReleaseFastMutex
+    - MmUnmapIoSpace
+    - MmUnlockPages
+    - MmFreePagesFromMdl
+    - MmUnsecureVirtualMemory
+    - MmProtectMdlSystemAddress
+    - MmAllocatePagesForMdl
+    - MmSecureVirtualMemory
+    - MmProbeAndLockPages
+    - MmMapIoSpace
+    Imports:
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: 3b23808de1403961205352e94b8f2f9b
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 3b563e832ffe657653773aabadea926a
+        SHA1: 910da2f8bdc0e1356a2a9f1b160740665b223894
+        SHA256: d782f2dfed49e4cd3b9496d9190619a0984ef2c034a6f866915323122f3a036f
+    SHA1: eaddeefe13bca118369faf95eee85b0a2a553221
+    SHA256: 775000c4083c8e4dcfc879d83fcd27b40b46820c9834ae4662861386a4d81fe9
+    Sections:
+        .text:
+            Entropy: 6.2039165195201695
+            Virtual Size: '0x856e'
+        .rdata:
+            Entropy: 5.607114485004288
+            Virtual Size: '0x2a58'
+        .data:
+            Entropy: 1.9666645281474864
+            Virtual Size: '0x1d00'
+        .pdata:
+            Entropy: 4.674336635214751
+            Virtual Size: '0xcf0'
+        .edata:
+            Entropy: 5.350712994836838
+            Virtual Size: '0xa72'
+        INIT:
+            Entropy: 4.862248023480571
+            Virtual Size: '0x638'
+        .reloc:
+            Entropy: -0.0
+            Virtual Size: '0x13c'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=DE, O=innotek GmbH, CN=innotek GmbH, emailAddress=info@innotek.de
+            ValidFrom: '2007-12-27 14:37:17'
+            ValidTo: '2010-12-27 14:37:17'
+            Signature: 2a6d31919705290526ee3286d2825883af75a52ec1257276e9ab0eeff47a83adeab4bc2068eb7f76f84a356d466012e17b91d4f5c2913d28c73ee15018243e2ba7487f70d21f954eeeefb9854fc980d1ee61bf9a779e6e9a661938d7d9d6d101ddb49a9917264622f0ce4d63ac106b50769c38e9361a34f6cf5c5cae3ef50eb2a49d0f02c001af28d1f1fe250f2c99e5436b485a107eab17295180e5750eb31faee1ea0937a827bc140906a014b85409d8c48afbfcee20bf53f4e74661c1f555823c4bee18fde06e1e3e44fb8930e3ea84385e5006fd994fe8e69205a84ed7ed0f25c7b9f8fcb6f7d5b30188c27bf99050175afb1fc60f89ed2462ce999ca5dc
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 010000000001171c092665
+            Version: 3
+            TBS:
+                MD5: 5cfd8530475b20ed5a2bed70b37ee977
+                SHA1: 4761dbd41ba2b01f21b9306ca21e8add93a30f09
+                SHA256: 219041cc8d9e3248c69d9b116d440a0bbaa6aa500aa0c5de2d5af15908d83c7f
+                SHA384: 46dcdf272bf47e608519abe5183dae12858d1b3763b78d7f5212be2adc021325e7f7a2ff3e18cc9b5307f43a61b184c5
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
+                Primary Object Publishing CA
+            ValidFrom: '1999-01-28 12:00:00'
+            ValidTo: '2014-01-27 11:00:00'
+            Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9611cd6
+            Version: 3
+            TBS:
+                MD5: 698f075151097d84c0b1f3e7bc3d6fca
+                SHA1: 041750993d7c9e063f02dfe74699598640911aab
+                SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
+                SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            ValidFrom: '2004-01-22 09:00:00'
+            ValidTo: '2014-01-27 10:00:00'
+            Signature: 11d45d8af43d0d9d7e4fa70071610b56b34caa70e1b2d1dec7886d1d897c2ba946e58b1f8e4cc26695911fe34d394ae31b70b7446edc068a4d6d25e89812dcbca0dd864eae8f81130540905a542529944acaf165b4ef0679dae7cb86f004c918dcee72b320015748dfe333e12ccd9c077f9447278d888d340ca67c5c20c17d07b3736b648c26d29bd7e87965a6a891a174862a050282c1847cf279cd3c2a2b0f99291eea8c8a1ab16aeaa266380e65e1add8c6c91f888d3976ee1782c4138d97ce6341e77af5b4b66c15c33813b3930b620688dde1447f10a950248b60dc05f75ba514b27b56720b96eabffc057090659e051ca4dd07af4b57dec639673bc574
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9612448
+            Version: 3
+            TBS:
+                MD5: 2fc76031fc24eec1ef3db2d246d21d6a
+                SHA1: 75c3a1f76b9dfa31ef6bf56325e7bd0bf6e4779d
+                SHA256: 9238292d441c56dc89684c253343c17de3ed9cecd7f83d1d8f793b5ebc91f7b9
+                SHA384: 9279c1377eb701fdd79ef85038ff151cd8902169ba55fca84b9850f003563f73a1daaf869544252a2e42f06f58d2275f
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 010000000001171c092665
+            Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            Version: 1
+    Imphash: b262e8d078ede007ebd0aa71b9152863
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: d97b34a86af237bc03339236b32e78d1
+        SHA1: 3aaf86c2b226b5f8901af51c9bb37b1847430250
+        SHA256: 8561c82c5ae1ab2a5d9214adc620875d83ed7cb9a01253988f5e5aceffe7a901
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2008-05-30 20:18:53'
+    Date: ''
+    Description: ''
+    ExportedFunctions:
+    - AssertMsg1
+    - RTAssertDoBreakpoint
+    - RTErrConvertFromNtStatus
+    - RTLogDefaultInstance
+    - RTLogLogger
+    - RTLogLoggerEx
+    - RTLogLoggerExV
+    - RTLogPrintf
+    - RTLogPrintfV
+    - RTLogRelDefaultInstance
+    - RTLogSetDefaultInstanceThread
+    - RTMemAlloc
+    - RTMemAllocZ
+    - RTMemContAlloc
+    - RTMemContFree
+    - RTMemExecAlloc
+    - RTMemExecFree
+    - RTMemFree
+    - RTMemRealloc
+    - RTMemTmpAlloc
+    - RTMemTmpAllocZ
+    - RTMemTmpFree
+    - RTMpCpuId
+    - RTMpCpuIdFromSetIndex
+    - RTMpCpuIdToSetIndex
+    - RTMpDoesCpuExist
+    - RTMpGetCount
+    - RTMpGetMaxCpuId
+    - RTMpGetOnlineCount
+    - RTMpGetOnlineSet
+    - RTMpGetSet
+    - RTMpIsCpuOnline
+    - RTMpOnAll
+    - RTMpOnOthers
+    - RTMpOnSpecific
+    - RTProcSelf
+    - RTR0MemObjAddress
+    - RTR0MemObjAddressR3
+    - RTR0MemObjAllocCont
+    - RTR0MemObjAllocLow
+    - RTR0MemObjAllocPage
+    - RTR0MemObjAllocPhys
+    - RTR0MemObjAllocPhysNC
+    - RTR0MemObjEnterPhys
+    - RTR0MemObjFree
+    - RTR0MemObjGetPagePhysAddr
+    - RTR0MemObjIsMapping
+    - RTR0MemObjLockKernel
+    - RTR0MemObjLockUser
+    - RTR0MemObjMapKernel
+    - RTR0MemObjMapUser
+    - RTR0MemObjReserveKernel
+    - RTR0MemObjReserveUser
+    - RTR0MemObjSize
+    - RTR0ProcHandleSelf
+    - RTSemEventCreate
+    - RTSemEventDestroy
+    - RTSemEventMultiCreate
+    - RTSemEventMultiDestroy
+    - RTSemEventMultiReset
+    - RTSemEventMultiSignal
+    - RTSemEventMultiWait
+    - RTSemEventMultiWaitNoResume
+    - RTSemEventSignal
+    - RTSemEventWait
+    - RTSemEventWaitNoResume
+    - RTSemFastMutexCreate
+    - RTSemFastMutexDestroy
+    - RTSemFastMutexRelease
+    - RTSemFastMutexRequest
+    - RTSpinlockAcquire
+    - RTSpinlockAcquireNoInts
+    - RTSpinlockCreate
+    - RTSpinlockDestroy
+    - RTSpinlockRelease
+    - RTSpinlockReleaseNoInts
+    - RTThreadNativeSelf
+    - RTThreadSleep
+    - RTThreadYield
+    - SUPR0ContAlloc
+    - SUPR0ContFree
+    - SUPR0GipMap
+    - SUPR0GipUnmap
+    - SUPR0LockMem
+    - SUPR0LowAlloc
+    - SUPR0LowFree
+    - SUPR0MemAlloc
+    - SUPR0MemFree
+    - SUPR0MemGetPhys
+    - SUPR0ObjAddRef
+    - SUPR0ObjRegister
+    - SUPR0ObjRelease
+    - SUPR0ObjVerifyAccess
+    - SUPR0PageAlloc
+    - SUPR0PageFree
+    - SUPR0UnlockMem
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - IofCompleteRequest
+    - DbgPrint
+    - IoIs32bitProcess
+    - MmFreeContiguousMemory
+    - IoFreeMdl
+    - MmGetSystemRoutineAddress
+    - RtlInitUnicodeString
+    - KeCancelTimer
+    - KeInsertQueueDpc
+    - __C_specific_handler
+    - MmMapLockedPagesSpecifyCache
+    - MmUnmapLockedPages
+    - KeSetTimerEx
+    - ExSetTimerResolution
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - KeSetTargetProcessorDpc
+    - KeSetImportanceDpc
+    - KeInitializeDpc
+    - KeInitializeTimerEx
+    - MmGetPhysicalAddress
+    - KeQueryActiveProcessors
+    - MmBuildMdlForNonPagedPool
+    - IoAllocateMdl
+    - MmAllocateContiguousMemory
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - memchr
+    - strncmp
+    - PsGetCurrentProcessId
+    - IoGetCurrentProcess
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - KeDelayExecutionThread
+    - ZwYieldExecution
+    - KeAcquireSpinLockRaiseToDpc
+    - KeReleaseSpinLock
+    - KeInitializeEvent
+    - KeSetEvent
+    - KeResetEvent
+    - KeWaitForSingleObject
+    - ExAcquireFastMutex
+    - ExReleaseFastMutex
+    - MmUnmapIoSpace
+    - MmUnlockPages
+    - MmFreePagesFromMdl
+    - MmUnsecureVirtualMemory
+    - MmProtectMdlSystemAddress
+    - MmAllocatePagesForMdl
+    - MmSecureVirtualMemory
+    - MmProbeAndLockPages
+    - MmMapIoSpace
+    Imports:
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: 9f94028cbcf6789103cb5bb6fcef355d
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 3b563e832ffe657653773aabadea926a
+        SHA1: 910da2f8bdc0e1356a2a9f1b160740665b223894
+        SHA256: d782f2dfed49e4cd3b9496d9190619a0984ef2c034a6f866915323122f3a036f
+    SHA1: 356172a2e12fd3d54e758aaa4ff0759074259144
+    SHA256: d44848d3e845f8293974e8b621b72a61ec00c8d3cf95fcf41698bbbd4bdf5565
+    Sections:
+        .text:
+            Entropy: 6.2039165195201695
+            Virtual Size: '0x856e'
+        .rdata:
+            Entropy: 5.607114485004288
+            Virtual Size: '0x2a58'
+        .data:
+            Entropy: 1.9666645281474864
+            Virtual Size: '0x1d00'
+        .pdata:
+            Entropy: 4.672051855182832
+            Virtual Size: '0xcf0'
+        .edata:
+            Entropy: 5.350712994836838
+            Virtual Size: '0xa72'
+        INIT:
+            Entropy: 4.871003292573194
+            Virtual Size: '0x638'
+        .reloc:
+            Entropy: 3.745971599596066
+            Virtual Size: '0x13c'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=DE, O=innotek GmbH, CN=innotek GmbH, emailAddress=info@innotek.de
+            ValidFrom: '2007-12-27 14:37:17'
+            ValidTo: '2010-12-27 14:37:17'
+            Signature: 2a6d31919705290526ee3286d2825883af75a52ec1257276e9ab0eeff47a83adeab4bc2068eb7f76f84a356d466012e17b91d4f5c2913d28c73ee15018243e2ba7487f70d21f954eeeefb9854fc980d1ee61bf9a779e6e9a661938d7d9d6d101ddb49a9917264622f0ce4d63ac106b50769c38e9361a34f6cf5c5cae3ef50eb2a49d0f02c001af28d1f1fe250f2c99e5436b485a107eab17295180e5750eb31faee1ea0937a827bc140906a014b85409d8c48afbfcee20bf53f4e74661c1f555823c4bee18fde06e1e3e44fb8930e3ea84385e5006fd994fe8e69205a84ed7ed0f25c7b9f8fcb6f7d5b30188c27bf99050175afb1fc60f89ed2462ce999ca5dc
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 010000000001171c092665
+            Version: 3
+            TBS:
+                MD5: 5cfd8530475b20ed5a2bed70b37ee977
+                SHA1: 4761dbd41ba2b01f21b9306ca21e8add93a30f09
+                SHA256: 219041cc8d9e3248c69d9b116d440a0bbaa6aa500aa0c5de2d5af15908d83c7f
+                SHA384: 46dcdf272bf47e608519abe5183dae12858d1b3763b78d7f5212be2adc021325e7f7a2ff3e18cc9b5307f43a61b184c5
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
+                Primary Object Publishing CA
+            ValidFrom: '1999-01-28 12:00:00'
+            ValidTo: '2014-01-27 11:00:00'
+            Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9611cd6
+            Version: 3
+            TBS:
+                MD5: 698f075151097d84c0b1f3e7bc3d6fca
+                SHA1: 041750993d7c9e063f02dfe74699598640911aab
+                SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
+                SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            ValidFrom: '2004-01-22 09:00:00'
+            ValidTo: '2014-01-27 10:00:00'
+            Signature: 11d45d8af43d0d9d7e4fa70071610b56b34caa70e1b2d1dec7886d1d897c2ba946e58b1f8e4cc26695911fe34d394ae31b70b7446edc068a4d6d25e89812dcbca0dd864eae8f81130540905a542529944acaf165b4ef0679dae7cb86f004c918dcee72b320015748dfe333e12ccd9c077f9447278d888d340ca67c5c20c17d07b3736b648c26d29bd7e87965a6a891a174862a050282c1847cf279cd3c2a2b0f99291eea8c8a1ab16aeaa266380e65e1add8c6c91f888d3976ee1782c4138d97ce6341e77af5b4b66c15c33813b3930b620688dde1447f10a950248b60dc05f75ba514b27b56720b96eabffc057090659e051ca4dd07af4b57dec639673bc574
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9612448
+            Version: 3
+            TBS:
+                MD5: 2fc76031fc24eec1ef3db2d246d21d6a
+                SHA1: 75c3a1f76b9dfa31ef6bf56325e7bd0bf6e4779d
+                SHA256: 9238292d441c56dc89684c253343c17de3ed9cecd7f83d1d8f793b5ebc91f7b9
+                SHA384: 9279c1377eb701fdd79ef85038ff151cd8902169ba55fca84b9850f003563f73a1daaf869544252a2e42f06f58d2275f
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 010000000001171c092665
+            Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            Version: 1
+    Imphash: b262e8d078ede007ebd0aa71b9152863
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: da7c063c8f8dab54afddd9b05c602bfd
+        SHA1: 24d47cea65e118d12c6896fdf141bb5dcfe31b98
+        SHA256: b5d0849fc567c169176c2002dd358240d75ca0aacfca92c79d252006c6e0444e
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2008-04-30 14:07:13'
+    Date: ''
+    Description: ''
+    ExportedFunctions:
+    - AssertMsg1
+    - RTAssertDoBreakpoint
+    - RTErrConvertFromNtStatus
+    - RTLogDefaultInstance
+    - RTLogLogger
+    - RTLogLoggerEx
+    - RTLogLoggerExV
+    - RTLogPrintf
+    - RTLogPrintfV
+    - RTLogRelDefaultInstance
+    - RTLogSetDefaultInstanceThread
+    - RTMemAlloc
+    - RTMemAllocZ
+    - RTMemContAlloc
+    - RTMemContFree
+    - RTMemExecAlloc
+    - RTMemExecFree
+    - RTMemFree
+    - RTMemRealloc
+    - RTMemTmpAlloc
+    - RTMemTmpAllocZ
+    - RTMemTmpFree
+    - RTMpCpuId
+    - RTMpCpuIdFromSetIndex
+    - RTMpCpuIdToSetIndex
+    - RTMpDoesCpuExist
+    - RTMpGetCount
+    - RTMpGetMaxCpuId
+    - RTMpGetOnlineCount
+    - RTMpGetOnlineSet
+    - RTMpGetSet
+    - RTMpIsCpuOnline
+    - RTMpOnAll
+    - RTMpOnOthers
+    - RTMpOnSpecific
+    - RTProcSelf
+    - RTR0MemObjAddress
+    - RTR0MemObjAddressR3
+    - RTR0MemObjAllocCont
+    - RTR0MemObjAllocLow
+    - RTR0MemObjAllocPage
+    - RTR0MemObjAllocPhys
+    - RTR0MemObjAllocPhysNC
+    - RTR0MemObjEnterPhys
+    - RTR0MemObjFree
+    - RTR0MemObjGetPagePhysAddr
+    - RTR0MemObjIsMapping
+    - RTR0MemObjLockKernel
+    - RTR0MemObjLockUser
+    - RTR0MemObjMapKernel
+    - RTR0MemObjMapUser
+    - RTR0MemObjReserveKernel
+    - RTR0MemObjReserveUser
+    - RTR0MemObjSize
+    - RTR0ProcHandleSelf
+    - RTSemEventCreate
+    - RTSemEventDestroy
+    - RTSemEventMultiCreate
+    - RTSemEventMultiDestroy
+    - RTSemEventMultiReset
+    - RTSemEventMultiSignal
+    - RTSemEventMultiWait
+    - RTSemEventMultiWaitNoResume
+    - RTSemEventSignal
+    - RTSemEventWait
+    - RTSemEventWaitNoResume
+    - RTSemFastMutexCreate
+    - RTSemFastMutexDestroy
+    - RTSemFastMutexRelease
+    - RTSemFastMutexRequest
+    - RTSpinlockAcquire
+    - RTSpinlockAcquireNoInts
+    - RTSpinlockCreate
+    - RTSpinlockDestroy
+    - RTSpinlockRelease
+    - RTSpinlockReleaseNoInts
+    - RTThreadNativeSelf
+    - RTThreadSleep
+    - RTThreadYield
+    - SUPR0ContAlloc
+    - SUPR0ContFree
+    - SUPR0GipMap
+    - SUPR0GipUnmap
+    - SUPR0LockMem
+    - SUPR0LowAlloc
+    - SUPR0LowFree
+    - SUPR0MemAlloc
+    - SUPR0MemFree
+    - SUPR0MemGetPhys
+    - SUPR0ObjAddRef
+    - SUPR0ObjRegister
+    - SUPR0ObjRelease
+    - SUPR0ObjVerifyAccess
+    - SUPR0PageAlloc
+    - SUPR0PageFree
+    - SUPR0UnlockMem
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - RtlInitUnicodeString
+    - KeCancelTimer
+    - KeInsertQueueDpc
+    - KeQueryActiveProcessors
+    - _allshl
+    - MmMapLockedPagesSpecifyCache
+    - _except_handler3
+    - MmUnmapLockedPages
+    - KeSetTimerEx
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - KeSetTargetProcessorDpc
+    - KeSetImportanceDpc
+    - KeInitializeDpc
+    - KeInitializeTimerEx
+    - MmGetPhysicalAddress
+    - ExSetTimerResolution
+    - MmBuildMdlForNonPagedPool
+    - IoAllocateMdl
+    - MmAllocateContiguousMemory
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - MmGetSystemRoutineAddress
+    - strncmp
+    - IoFreeMdl
+    - MmFreeContiguousMemory
+    - _allmul
+    - PsGetCurrentProcessId
+    - IoGetCurrentProcess
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - KeGetCurrentThread
+    - KeDelayExecutionThread
+    - ZwYieldExecution
+    - KeInitializeSpinLock
+    - KeInitializeEvent
+    - KeSetEvent
+    - KeResetEvent
+    - KeWaitForSingleObject
+    - MmUnmapIoSpace
+    - MmUnlockPages
+    - MmFreePagesFromMdl
+    - MmUnsecureVirtualMemory
+    - MmAllocatePagesForMdl
+    - MmSecureVirtualMemory
+    - MmProbeAndLockPages
+    - MmMapIoSpace
+    - KeQueryInterruptTime
+    - DbgPrint
+    - memchr
+    - IofCompleteRequest
+    - ExReleaseFastMutex
+    - KfReleaseSpinLock
+    - KfAcquireSpinLock
+    - KfRaiseIrql
+    - KfLowerIrql
+    - ExAcquireFastMutex
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: 1c31d4e9ad2d2b5600ae9d0c0969fe59
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 5f57854adbd1e5c955b74bee2a0da686
+        SHA1: 744192af8f346e24f067553de75ff27e89fdd71b
+        SHA256: b1f609edc9ffa87173741f486213b75d472e9d7446fcfcc9b21101d36d22e0b2
+    SHA1: c8ec23066a50800d42913d5e439700c5cd6a2287
+    SHA256: 73fddd441a764e808ed6d6b8f3d0d13713e61221aa3cfef7da91cdaf112fe061
+    Sections:
+        .text:
+            Entropy: 6.337013968704709
+            Virtual Size: '0x7064'
+        .rdata:
+            Entropy: 5.495656091270382
+            Virtual Size: '0x670'
+        .data:
+            Entropy: 3.933952480103163
+            Virtual Size: '0x2dd8'
+        .edata:
+            Entropy: 5.371945361152913
+            Virtual Size: '0xa72'
+        INIT:
+            Entropy: 5.289533643406638
+            Virtual Size: '0x5d0'
+        .reloc:
+            Entropy: 6.153118387701222
+            Virtual Size: '0x488'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=DE, O=innotek GmbH, CN=innotek GmbH, emailAddress=info@innotek.de
+            ValidFrom: '2007-12-27 14:37:17'
+            ValidTo: '2010-12-27 14:37:17'
+            Signature: 2a6d31919705290526ee3286d2825883af75a52ec1257276e9ab0eeff47a83adeab4bc2068eb7f76f84a356d466012e17b91d4f5c2913d28c73ee15018243e2ba7487f70d21f954eeeefb9854fc980d1ee61bf9a779e6e9a661938d7d9d6d101ddb49a9917264622f0ce4d63ac106b50769c38e9361a34f6cf5c5cae3ef50eb2a49d0f02c001af28d1f1fe250f2c99e5436b485a107eab17295180e5750eb31faee1ea0937a827bc140906a014b85409d8c48afbfcee20bf53f4e74661c1f555823c4bee18fde06e1e3e44fb8930e3ea84385e5006fd994fe8e69205a84ed7ed0f25c7b9f8fcb6f7d5b30188c27bf99050175afb1fc60f89ed2462ce999ca5dc
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 010000000001171c092665
+            Version: 3
+            TBS:
+                MD5: 5cfd8530475b20ed5a2bed70b37ee977
+                SHA1: 4761dbd41ba2b01f21b9306ca21e8add93a30f09
+                SHA256: 219041cc8d9e3248c69d9b116d440a0bbaa6aa500aa0c5de2d5af15908d83c7f
+                SHA384: 46dcdf272bf47e608519abe5183dae12858d1b3763b78d7f5212be2adc021325e7f7a2ff3e18cc9b5307f43a61b184c5
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
+                Primary Object Publishing CA
+            ValidFrom: '1999-01-28 12:00:00'
+            ValidTo: '2014-01-27 11:00:00'
+            Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9611cd6
+            Version: 3
+            TBS:
+                MD5: 698f075151097d84c0b1f3e7bc3d6fca
+                SHA1: 041750993d7c9e063f02dfe74699598640911aab
+                SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
+                SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            ValidFrom: '2004-01-22 09:00:00'
+            ValidTo: '2014-01-27 10:00:00'
+            Signature: 11d45d8af43d0d9d7e4fa70071610b56b34caa70e1b2d1dec7886d1d897c2ba946e58b1f8e4cc26695911fe34d394ae31b70b7446edc068a4d6d25e89812dcbca0dd864eae8f81130540905a542529944acaf165b4ef0679dae7cb86f004c918dcee72b320015748dfe333e12ccd9c077f9447278d888d340ca67c5c20c17d07b3736b648c26d29bd7e87965a6a891a174862a050282c1847cf279cd3c2a2b0f99291eea8c8a1ab16aeaa266380e65e1add8c6c91f888d3976ee1782c4138d97ce6341e77af5b4b66c15c33813b3930b620688dde1447f10a950248b60dc05f75ba514b27b56720b96eabffc057090659e051ca4dd07af4b57dec639673bc574
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9612448
+            Version: 3
+            TBS:
+                MD5: 2fc76031fc24eec1ef3db2d246d21d6a
+                SHA1: 75c3a1f76b9dfa31ef6bf56325e7bd0bf6e4779d
+                SHA256: 9238292d441c56dc89684c253343c17de3ed9cecd7f83d1d8f793b5ebc91f7b9
+                SHA384: 9279c1377eb701fdd79ef85038ff151cd8902169ba55fca84b9850f003563f73a1daaf869544252a2e42f06f58d2275f
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 010000000001171c092665
+            Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            Version: 1
+    Imphash: a7ff164c1ee5113a0a09e66b2cd03544
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/2e1531b2-d370-4543-9e2e-5319a1c13c22.yaml b/yaml/2e1531b2-d370-4543-9e2e-5319a1c13c22.yaml
index 996a32e32..cbbcd41e3 100644
--- a/yaml/2e1531b2-d370-4543-9e2e-5319a1c13c22.yaml
+++ b/yaml/2e1531b2-d370-4543-9e2e-5319a1c13c22.yaml
@@ -1,150 +1,150 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 2e1531b2-d370-4543-9e2e-5319a1c13c22
+Tags:
+- daxin_blank2.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: malicious
-Commands:
-  Command: sc.exe create daxin_blank2.sys binPath=C:\windows\temp\daxin_blank2.sys     type=kernel
-    && sc.exe start daxin_blank2.sys
-  Description: Driver used in the Daxin malware campaign.
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-02-28'
-Detection: []
-Id: 2e1531b2-d370-4543-9e2e-5319a1c13c22
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 9853eedacdfe3384f34b8eaa771f4f70
-    SHA1: d7254e751cd3a49176a547a5bb70f8a0662d8d28
-    SHA256: 4b10f4f03eaa545d2fdb3b88890917a6fa24142689d3c43a7c39fc5bed5725bf
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2021-02-05 21:05:26'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: daxin_blank2.sys
-  ImportedFunctions:
-  - vsprintf
-  - NdisMSendNetBufferListsComplete
-  - IoAllocateMdl
-  - MmProbeAndLockPages
-  - MmMapLockedPagesSpecifyCache
-  - MmUnlockPages
-  - IoFreeMdl
-  - ExAllocatePool
-  - ExFreePool
-  - NtQuerySystemInformation
-  - HalMakeBeep
-  Imports:
-  - ntoskrnl.exe
-  - NDIS.SYS
-  - ntoskrnl.exe
-  - hal.dll
-  InternalName: ''
-  MD5: 1cd158a64f3d886357535382a6fdad75
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: Fuqing Yuntan Network Tech Co.,Ltd.
-  RichPEHeaderHash:
-    MD5: 986c450e6ee0c98c62235a1d3066a54a
-    SHA1: 988baae29accb89b13a742369f020dfa40511225
-    SHA256: 4a5f8a3aefca29bce6b45b59661fee1d9196a19825396d1315620b7d49de7b81
-  SHA1: a48aa80942fc8e0699f518de4fd6512e341d4196
-  SHA256: 5c1585b1a1c956c7755429544f3596515dfdf928373620c51b0606a520c6245a
-  Sections:
-    .text:
-      Entropy: 0.0
-      Virtual Size: '0xfd2c'
-    .rdata:
-      Entropy: 0.0
-      Virtual Size: '0x97c'
-    .data:
-      Entropy: 0.0
-      Virtual Size: '0x137b0'
-    .pdata:
-      Entropy: 0.0
-      Virtual Size: '0x9f0'
-    INIT:
-      Entropy: 0.0
-      Virtual Size: '0x10fa'
-    .vmp0:
-      Entropy: 0.0
-      Virtual Size: '0x16455'
-    .vmp1:
-      Entropy: 7.825531504080949
-      Virtual Size: '0x2d523'
-    .reloc:
-      Entropy: 2.292481250360578
-      Virtual Size: '0xc'
-  Signature: A certificate was explicitly revoked by its issuer.
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=CN, ST=Fuzhou, L=Fuqing, O=Fuqing Yuntan Network Tech Co.,Ltd., OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, CN=Fuqing Yuntan Network Tech
-        Co.,Ltd.
-      ValidFrom: '2013-04-09 00:00:00'
-      ValidTo: '2014-04-09 23:59:59'
-      Signature: 6946a8e63d6d38e19d41b4b5f4a71715c2c03ea0f9775b97dd3bf2d343be21049f4b78a351a0b1b8d30121393af537dfee0828f051ea2a87bed271ccc0e85e7ed9911d1d36d35da6e1141edc77520be857cf00bf3ac9b7e80722dd3580dd9eb7fab6f4134e4f1f1b794f1c28bc521ee4abbf5be4b6f2b149fca0f2beb4ba69616a0a442b06093c04ece1b42b0c121b0703c6a7d7af421a880bf3e45bfe28bcc4da347397d3aa67c89e3656062e9397dec782863abe49df79527e06388885b9d28c4bd078cc002a41206a266bfbe584b35748d6d0526fef478931c7527be7095fc9c7ee088f1c889834bb2533c3f45cfe41d1b19d0b80863ed52bc8a9d1b1d2ea
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 516ceb03f17e10c24b45ffb6336e5915
-      Version: 3
-      TBS:
-        MD5: fe2cc3b135dc2f887e620d33a02ef639
-        SHA1: a92b0a710c038b8556fb3d74742118f75c5c3d57
-        SHA256: 4b98540e377559d976ea0a9e40920f4a308a060fd16b27665fc7a8f2273df483
-        SHA384: a713c1f2d1fb5bd88108f0241683b012083946779e31971206eef1a580f5813b26a2aae376162ac2193509ff8ce675fe
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 516ceb03f17e10c24b45ffb6336e5915
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: bf9d32a6ab9effcd2fd6a734e5be98f9
-  LoadsDespiteHVCI: 'TRUE'
 MitreID: T1068
+Category: malicious
+Commands:
+    Command: sc.exe create daxin_blank2.sys binPath=C:\windows\temp\daxin_blank2.sys     type=kernel
+        && sc.exe start daxin_blank2.sys
+    Description: Driver used in the Daxin malware campaign.
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://gist.github.com/MHaggis/9ab3bb795a6018d70fb11fa7c31f8f48
 - https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/daxin-backdoor-espionage
 - ''
-Tags:
-- daxin_blank2.sys
-Verified: 'TRUE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 9853eedacdfe3384f34b8eaa771f4f70
+        SHA1: d7254e751cd3a49176a547a5bb70f8a0662d8d28
+        SHA256: 4b10f4f03eaa545d2fdb3b88890917a6fa24142689d3c43a7c39fc5bed5725bf
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2021-02-05 21:05:26'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: daxin_blank2.sys
+    ImportedFunctions:
+    - vsprintf
+    - NdisMSendNetBufferListsComplete
+    - IoAllocateMdl
+    - MmProbeAndLockPages
+    - MmMapLockedPagesSpecifyCache
+    - MmUnlockPages
+    - IoFreeMdl
+    - ExAllocatePool
+    - ExFreePool
+    - NtQuerySystemInformation
+    - HalMakeBeep
+    Imports:
+    - ntoskrnl.exe
+    - NDIS.SYS
+    - ntoskrnl.exe
+    - hal.dll
+    InternalName: ''
+    MD5: 1cd158a64f3d886357535382a6fdad75
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: Fuqing Yuntan Network Tech Co.,Ltd.
+    RichPEHeaderHash:
+        MD5: 986c450e6ee0c98c62235a1d3066a54a
+        SHA1: 988baae29accb89b13a742369f020dfa40511225
+        SHA256: 4a5f8a3aefca29bce6b45b59661fee1d9196a19825396d1315620b7d49de7b81
+    SHA1: a48aa80942fc8e0699f518de4fd6512e341d4196
+    SHA256: 5c1585b1a1c956c7755429544f3596515dfdf928373620c51b0606a520c6245a
+    Sections:
+        .text:
+            Entropy: 0.0
+            Virtual Size: '0xfd2c'
+        .rdata:
+            Entropy: 0.0
+            Virtual Size: '0x97c'
+        .data:
+            Entropy: 0.0
+            Virtual Size: '0x137b0'
+        .pdata:
+            Entropy: 0.0
+            Virtual Size: '0x9f0'
+        INIT:
+            Entropy: 0.0
+            Virtual Size: '0x10fa'
+        .vmp0:
+            Entropy: 0.0
+            Virtual Size: '0x16455'
+        .vmp1:
+            Entropy: 7.825531504080949
+            Virtual Size: '0x2d523'
+        .reloc:
+            Entropy: 2.292481250360578
+            Virtual Size: '0xc'
+    Signature: A certificate was explicitly revoked by its issuer.
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=CN, ST=Fuzhou, L=Fuqing, O=Fuqing Yuntan Network Tech Co.,Ltd.,
+                OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=Fuqing
+                Yuntan Network Tech Co.,Ltd.
+            ValidFrom: '2013-04-09 00:00:00'
+            ValidTo: '2014-04-09 23:59:59'
+            Signature: 6946a8e63d6d38e19d41b4b5f4a71715c2c03ea0f9775b97dd3bf2d343be21049f4b78a351a0b1b8d30121393af537dfee0828f051ea2a87bed271ccc0e85e7ed9911d1d36d35da6e1141edc77520be857cf00bf3ac9b7e80722dd3580dd9eb7fab6f4134e4f1f1b794f1c28bc521ee4abbf5be4b6f2b149fca0f2beb4ba69616a0a442b06093c04ece1b42b0c121b0703c6a7d7af421a880bf3e45bfe28bcc4da347397d3aa67c89e3656062e9397dec782863abe49df79527e06388885b9d28c4bd078cc002a41206a266bfbe584b35748d6d0526fef478931c7527be7095fc9c7ee088f1c889834bb2533c3f45cfe41d1b19d0b80863ed52bc8a9d1b1d2ea
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 516ceb03f17e10c24b45ffb6336e5915
+            Version: 3
+            TBS:
+                MD5: fe2cc3b135dc2f887e620d33a02ef639
+                SHA1: a92b0a710c038b8556fb3d74742118f75c5c3d57
+                SHA256: 4b98540e377559d976ea0a9e40920f4a308a060fd16b27665fc7a8f2273df483
+                SHA384: a713c1f2d1fb5bd88108f0241683b012083946779e31971206eef1a580f5813b26a2aae376162ac2193509ff8ce675fe
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 516ceb03f17e10c24b45ffb6336e5915
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: bf9d32a6ab9effcd2fd6a734e5be98f9
+    LoadsDespiteHVCI: 'TRUE'
diff --git a/yaml/2e4fedb0-30ed-400d-b4e1-b2b2004c1607.yaml b/yaml/2e4fedb0-30ed-400d-b4e1-b2b2004c1607.yaml
index 8d4ce47ac..e22a16b8f 100644
--- a/yaml/2e4fedb0-30ed-400d-b4e1-b2b2004c1607.yaml
+++ b/yaml/2e4fedb0-30ed-400d-b4e1-b2b2004c1607.yaml
@@ -1,360 +1,360 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 2e4fedb0-30ed-400d-b4e1-b2b2004c1607
+Tags:
+- OpenLibSys.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create OpenLibSys.sys binPath=C:\windows\temp\OpenLibSys.sys type=kernel
-    && sc.exe start OpenLibSys.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/91314768da140999e682d2a290d48b78bb25a35525ea12c1b1f9634d14602b2c.yara
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/f0605dda1def240dc7e14efa73927d6c6d89988c01ea8647b671667b2b167008.yara
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: 2e4fedb0-30ed-400d-b4e1-b2b2004c1607
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 1244664c7917f03f2b43b30e132f64b5
-    SHA1: d6f015693e56a3ebba725a6591cc07443d0e1661
-    SHA256: db68a9cbe22b22cba782592eef76e63e080ee8d30943be6da694701f44b6c33e
-  Company: OpenLibSys.org
-  Copyright: Copyright (C) 2007 OpenLibSys.org
-  CreationTimestamp: '2007-10-18 23:03:47'
-  Date: ''
-  Description: OpenLibSys
-  ExportedFunctions: ''
-  FileVersion: 1.0.0.2
-  Filename: OpenLibSys.sys
-  ImportedFunctions:
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - IoDeleteDevice
-  - IoCreateDevice
-  - KeBugCheckEx
-  - RtlInitUnicodeString
-  - IoCreateSymbolicLink
-  - IoDeleteSymbolicLink
-  - __C_specific_handler
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: OpenLibSys.sys
-  MD5: ccf523b951afaa0147f22e2a7aae4976
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: OpenLibSys.sys
-  Product: OpenLibSys
-  ProductVersion: 1.0.0.2
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 6c9272bb390e89b75934eea3b15a1858
-    SHA1: 16dab615286d22f060143bb9316a28122f8e4d1b
-    SHA256: 4a41cc91e3a5794be7d9088e93b0277f123a88d3b6568c5f92fe084bb5c78b4a
-  SHA1: ac600a2bc06b312d92e649b7b55e3e91e9d63451
-  SHA256: 91314768da140999e682d2a290d48b78bb25a35525ea12c1b1f9634d14602b2c
-  Sections:
-    .text:
-      Entropy: 5.970389527326947
-      Virtual Size: '0x75e'
-    .rdata:
-      Entropy: 4.133596535147301
-      Virtual Size: '0x194'
-    .data:
-      Entropy: 0.5096713223407059
-      Virtual Size: '0x114'
-    .pdata:
-      Entropy: 3.2442905991594793
-      Virtual Size: '0x6c'
-    INIT:
-      Entropy: 4.864582637105269
-      Virtual Size: '0x222'
-    .rsrc:
-      Entropy: 3.2128018204308373
-      Virtual Size: '0x398'
-  Signature:
-  - Noriyuki MIYAZAKI
-  - GlobalSign ObjectSign CA
-  - GlobalSign Primary Object Publishing CA
-  - GlobalSign Root CA - R1
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=JP, CN=Noriyuki MIYAZAKI, emailAddress=hiyohiyo@crystalmark.info
-      ValidFrom: '2007-09-24 10:50:55'
-      ValidTo: '2008-09-24 10:50:55'
-      Signature: 4b6c4ea808b550cbae0f97c27726a0445d0e3e021ee0e0087bfe5bbc290e3e45ca35333f2a97fb7667f64326629f7a99fe2fec4da9fe14f0d858419982b983457848fbd6a9115769db6c5626b4d2f87fc77019a755a9efdf81b1968dfbfa638bf87bd25a8adf1c6c3bba3735f06b54d127462ed40dc364ad4c4f29c9f9692b29ff9557300a7c0d395f250172e312ff253b7ce8885ef8c1fe60c448676180e4ca09b34b52ae116b01f22b446b827a748ca80aee5f8e9ff6725e1dce5a7984c26eb72a615a9ef272f6f7b2e03e6d34665caf506b93cb5a2de127177eb1923cf5bc499e312d6c43ff5a26124ea63a4dc9a3340daa6449c2322857adf98166423cfb
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 01000000000115372421a8
-      Version: 3
-      TBS:
-        MD5: c11203d7c1fcb38e1eaff246bb8e7595
-        SHA1: 99f00de6eefb2076662465e682a2429373ebcb26
-        SHA256: 08a073aa77d42d608a9457a6b1d63eadcf5113407d8a55025ea1bbef0716dca5
-        SHA384: ef57f44999a39185b9ebf97894ce5a3cca2894e15bc0733a865501c3a41ea9054be5d7517aa59006b04a853cadbed567
-    - Subject: CN=GlobalSign RootSign Partners CA, OU=RootSign Partners CA, O=GlobalSign
-        nv,sa, C=BE
-      ValidFrom: '2003-12-16 13:00:00'
-      ValidTo: '2014-01-27 11:00:00'
-      Signature: 5c2f2e674a26b3e7b53f353cdda003ed569af9443752163065c7d14ea20f8db7b6b6678ee74cec8d95bee6cea7227874acd7f87499b3f7ce8b1338d596cc8d76c52f38b23aae61be0b8799e321626423398d84f6858df777ffb03806f07ec1485fb5ee582606660522749283a7dbb5f992e3e8c3192c2e63efbb1fdff9f70747660d0789977ef8332c9ecbae143df11cdfa3f179afc8928f9471c4d144c554db1eb50b0aa942a3afd643391dee8f9398585bbe6e9c0bf563ec5e99c2f954fa010746da0db06424cf8ed1061d4f3ca26377455ba4bc5fb080bb31e00b54015c161d724ed52a6947d11b667e5f016ef135916be02efeb045d81627b5c58bc2da53
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 040000000000f97faa2e1e
-      Version: 3
-      TBS:
-        MD5: 59466cb0c1788b2f251fce3495837102
-        SHA1: c5cfc5f6a131a3a77c3905c9893c99bb1b2baa0b
-        SHA256: eedda02668f7636eeec69429a7164cc47ca3de0539122d37f5b8078df7ee56db
-        SHA384: 982b72c3ee7066ce80ee642444c91adc60e7009fc6ef981a32edf666591d6aedb09d258e10e86f4ef265eae8149bbd92
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
-        Primary Object Publishing CA
-      ValidFrom: '1999-01-28 12:00:00'
-      ValidTo: '2014-01-27 11:00:00'
-      Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9611cd6
-      Version: 3
-      TBS:
-        MD5: 698f075151097d84c0b1f3e7bc3d6fca
-        SHA1: 041750993d7c9e063f02dfe74699598640911aab
-        SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
-        SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
-    - Subject: O=GlobalSign, CN=GlobalSign Time Stamping Authority, emailAddress=timestampinfo@globalsign.com
-      ValidFrom: '2007-02-05 09:00:00'
-      ValidTo: '2014-01-27 09:00:00'
-      Signature: 649b07caaccc411e37ef6f349cb5e8ca48f9daeafaf7172e5cad193b7311ec5adbfd7b213161c092515bb166b07c64d8fe10b471a8bc9e75379c5f6ff2da0437b8ecc003e256b7785995581d7a7c3e18d74c32bdf91ee723457fdee08d65825b45fd64c66fc3d7ea12411d0c395ef696f8c3cd9e1fff51886976988b8eb42788821ad63c7aabb04eb73ee8d434d2c1a439533cb2747b15373054a6ebb924cc2f084b4364f14aaf8d9ce8546cb2dbdc3bb1c722849f558e72a8b2a8f6f0ff03c996ebab8273dabe45561936fdba6cbc71f0d3c7c376d7e4bce2a1a67200cfbdb200ed92aa39ab09d16e3953862ad43b517398b754e9972d9977ee123e3642257f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000011092eb8295
-      Version: 3
-      TBS:
-        MD5: 11d73a3638fc78e0bac6c459feadcc42
-        SHA1: 6636f7dcf81b370b919966f9063295ec84422f91
-        SHA256: 1eb5fc1d2e3254b1e3c4587a6efed87ee65306525e684b4cfa4b51893cfe86a3
-        SHA384: a13c07e505c79c58654ad2cffe219c6c801fa092c52f18c489a6061420c6475706f11c200f4dadd51718c660e49b3f24
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      ValidFrom: '2004-01-22 09:00:00'
-      ValidTo: '2014-01-27 10:00:00'
-      Signature: 11d45d8af43d0d9d7e4fa70071610b56b34caa70e1b2d1dec7886d1d897c2ba946e58b1f8e4cc26695911fe34d394ae31b70b7446edc068a4d6d25e89812dcbca0dd864eae8f81130540905a542529944acaf165b4ef0679dae7cb86f004c918dcee72b320015748dfe333e12ccd9c077f9447278d888d340ca67c5c20c17d07b3736b648c26d29bd7e87965a6a891a174862a050282c1847cf279cd3c2a2b0f99291eea8c8a1ab16aeaa266380e65e1add8c6c91f888d3976ee1782c4138d97ce6341e77af5b4b66c15c33813b3930b620688dde1447f10a950248b60dc05f75ba514b27b56720b96eabffc057090659e051ca4dd07af4b57dec639673bc574
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9612448
-      Version: 3
-      TBS:
-        MD5: 2fc76031fc24eec1ef3db2d246d21d6a
-        SHA1: 75c3a1f76b9dfa31ef6bf56325e7bd0bf6e4779d
-        SHA256: 9238292d441c56dc89684c253343c17de3ed9cecd7f83d1d8f793b5ebc91f7b9
-        SHA384: 9279c1377eb701fdd79ef85038ff151cd8902169ba55fca84b9850f003563f73a1daaf869544252a2e42f06f58d2275f
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 01000000000115372421a8
-      Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      Version: 1
-  Imphash: d6f977640d4810a784d152e4d3c63a6b
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: bd94d3a0abc78f87147bf8ea41aad734
-    SHA1: 7ecbd5098c4161b95dd7e674003dd53069374f3e
-    SHA256: 6f3937451f0170a0aec3033cadceeb86ab30ee3c67add3926e116ccc20c0d9a7
-  Company: OpenLibSys.org
-  Copyright: Copyright (C) 2007 OpenLibSys.org
-  CreationTimestamp: '2007-10-23 08:03:27'
-  Date: ''
-  Description: OpenLibSys
-  ExportedFunctions: ''
-  FileVersion: 1.0.1.3
-  Filename: OpenLibSys.sys
-  ImportedFunctions:
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - IoDeleteDevice
-  - IoCreateDevice
-  - KeBugCheckEx
-  - RtlInitUnicodeString
-  - IoCreateSymbolicLink
-  - IoDeleteSymbolicLink
-  - __C_specific_handler
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: OpenLibSys.sys
-  MD5: 96421b56dbda73e9b965f027a3bda7ba
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: OpenLibSys.sys
-  Product: OpenLibSys
-  ProductVersion: 1.0.1.3
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 6c9272bb390e89b75934eea3b15a1858
-    SHA1: 16dab615286d22f060143bb9316a28122f8e4d1b
-    SHA256: 4a41cc91e3a5794be7d9088e93b0277f123a88d3b6568c5f92fe084bb5c78b4a
-  SHA1: da9cea92f996f938f699902482ac5313d5e8b28e
-  SHA256: f0605dda1def240dc7e14efa73927d6c6d89988c01ea8647b671667b2b167008
-  Sections:
-    .text:
-      Entropy: 6.018428693793998
-      Virtual Size: '0x78e'
-    .rdata:
-      Entropy: 4.151140831854776
-      Virtual Size: '0x194'
-    .data:
-      Entropy: 0.5096713223407059
-      Virtual Size: '0x114'
-    .pdata:
-      Entropy: 3.2996069737061187
-      Virtual Size: '0x6c'
-    INIT:
-      Entropy: 4.864582637105269
-      Virtual Size: '0x222'
-    .rsrc:
-      Entropy: 3.2292647896337443
-      Virtual Size: '0x398'
-  Signature:
-  - Noriyuki MIYAZAKI
-  - GlobalSign ObjectSign CA
-  - GlobalSign Primary Object Publishing CA
-  - GlobalSign Root CA - R1
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=JP, CN=Noriyuki MIYAZAKI, emailAddress=hiyohiyo@crystalmark.info
-      ValidFrom: '2007-09-24 10:50:55'
-      ValidTo: '2008-09-24 10:50:55'
-      Signature: 4b6c4ea808b550cbae0f97c27726a0445d0e3e021ee0e0087bfe5bbc290e3e45ca35333f2a97fb7667f64326629f7a99fe2fec4da9fe14f0d858419982b983457848fbd6a9115769db6c5626b4d2f87fc77019a755a9efdf81b1968dfbfa638bf87bd25a8adf1c6c3bba3735f06b54d127462ed40dc364ad4c4f29c9f9692b29ff9557300a7c0d395f250172e312ff253b7ce8885ef8c1fe60c448676180e4ca09b34b52ae116b01f22b446b827a748ca80aee5f8e9ff6725e1dce5a7984c26eb72a615a9ef272f6f7b2e03e6d34665caf506b93cb5a2de127177eb1923cf5bc499e312d6c43ff5a26124ea63a4dc9a3340daa6449c2322857adf98166423cfb
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 01000000000115372421a8
-      Version: 3
-      TBS:
-        MD5: c11203d7c1fcb38e1eaff246bb8e7595
-        SHA1: 99f00de6eefb2076662465e682a2429373ebcb26
-        SHA256: 08a073aa77d42d608a9457a6b1d63eadcf5113407d8a55025ea1bbef0716dca5
-        SHA384: ef57f44999a39185b9ebf97894ce5a3cca2894e15bc0733a865501c3a41ea9054be5d7517aa59006b04a853cadbed567
-    - Subject: CN=GlobalSign RootSign Partners CA, OU=RootSign Partners CA, O=GlobalSign
-        nv,sa, C=BE
-      ValidFrom: '2003-12-16 13:00:00'
-      ValidTo: '2014-01-27 11:00:00'
-      Signature: 5c2f2e674a26b3e7b53f353cdda003ed569af9443752163065c7d14ea20f8db7b6b6678ee74cec8d95bee6cea7227874acd7f87499b3f7ce8b1338d596cc8d76c52f38b23aae61be0b8799e321626423398d84f6858df777ffb03806f07ec1485fb5ee582606660522749283a7dbb5f992e3e8c3192c2e63efbb1fdff9f70747660d0789977ef8332c9ecbae143df11cdfa3f179afc8928f9471c4d144c554db1eb50b0aa942a3afd643391dee8f9398585bbe6e9c0bf563ec5e99c2f954fa010746da0db06424cf8ed1061d4f3ca26377455ba4bc5fb080bb31e00b54015c161d724ed52a6947d11b667e5f016ef135916be02efeb045d81627b5c58bc2da53
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 040000000000f97faa2e1e
-      Version: 3
-      TBS:
-        MD5: 59466cb0c1788b2f251fce3495837102
-        SHA1: c5cfc5f6a131a3a77c3905c9893c99bb1b2baa0b
-        SHA256: eedda02668f7636eeec69429a7164cc47ca3de0539122d37f5b8078df7ee56db
-        SHA384: 982b72c3ee7066ce80ee642444c91adc60e7009fc6ef981a32edf666591d6aedb09d258e10e86f4ef265eae8149bbd92
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
-        Primary Object Publishing CA
-      ValidFrom: '1999-01-28 12:00:00'
-      ValidTo: '2014-01-27 11:00:00'
-      Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9611cd6
-      Version: 3
-      TBS:
-        MD5: 698f075151097d84c0b1f3e7bc3d6fca
-        SHA1: 041750993d7c9e063f02dfe74699598640911aab
-        SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
-        SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
-    - Subject: O=GlobalSign, CN=GlobalSign Time Stamping Authority, emailAddress=timestampinfo@globalsign.com
-      ValidFrom: '2007-02-05 09:00:00'
-      ValidTo: '2014-01-27 09:00:00'
-      Signature: 649b07caaccc411e37ef6f349cb5e8ca48f9daeafaf7172e5cad193b7311ec5adbfd7b213161c092515bb166b07c64d8fe10b471a8bc9e75379c5f6ff2da0437b8ecc003e256b7785995581d7a7c3e18d74c32bdf91ee723457fdee08d65825b45fd64c66fc3d7ea12411d0c395ef696f8c3cd9e1fff51886976988b8eb42788821ad63c7aabb04eb73ee8d434d2c1a439533cb2747b15373054a6ebb924cc2f084b4364f14aaf8d9ce8546cb2dbdc3bb1c722849f558e72a8b2a8f6f0ff03c996ebab8273dabe45561936fdba6cbc71f0d3c7c376d7e4bce2a1a67200cfbdb200ed92aa39ab09d16e3953862ad43b517398b754e9972d9977ee123e3642257f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000011092eb8295
-      Version: 3
-      TBS:
-        MD5: 11d73a3638fc78e0bac6c459feadcc42
-        SHA1: 6636f7dcf81b370b919966f9063295ec84422f91
-        SHA256: 1eb5fc1d2e3254b1e3c4587a6efed87ee65306525e684b4cfa4b51893cfe86a3
-        SHA384: a13c07e505c79c58654ad2cffe219c6c801fa092c52f18c489a6061420c6475706f11c200f4dadd51718c660e49b3f24
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      ValidFrom: '2004-01-22 09:00:00'
-      ValidTo: '2014-01-27 10:00:00'
-      Signature: 11d45d8af43d0d9d7e4fa70071610b56b34caa70e1b2d1dec7886d1d897c2ba946e58b1f8e4cc26695911fe34d394ae31b70b7446edc068a4d6d25e89812dcbca0dd864eae8f81130540905a542529944acaf165b4ef0679dae7cb86f004c918dcee72b320015748dfe333e12ccd9c077f9447278d888d340ca67c5c20c17d07b3736b648c26d29bd7e87965a6a891a174862a050282c1847cf279cd3c2a2b0f99291eea8c8a1ab16aeaa266380e65e1add8c6c91f888d3976ee1782c4138d97ce6341e77af5b4b66c15c33813b3930b620688dde1447f10a950248b60dc05f75ba514b27b56720b96eabffc057090659e051ca4dd07af4b57dec639673bc574
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9612448
-      Version: 3
-      TBS:
-        MD5: 2fc76031fc24eec1ef3db2d246d21d6a
-        SHA1: 75c3a1f76b9dfa31ef6bf56325e7bd0bf6e4779d
-        SHA256: 9238292d441c56dc89684c253343c17de3ed9cecd7f83d1d8f793b5ebc91f7b9
-        SHA384: 9279c1377eb701fdd79ef85038ff151cd8902169ba55fca84b9850f003563f73a1daaf869544252a2e42f06f58d2275f
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 01000000000115372421a8
-      Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      Version: 1
-  Imphash: d6f977640d4810a784d152e4d3c63a6b
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create OpenLibSys.sys binPath=C:\windows\temp\OpenLibSys.sys type=kernel
+        && sc.exe start OpenLibSys.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://github.com/namazso/physmem_drivers
-Tags:
-- OpenLibSys.sys
-Verified: 'TRUE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/91314768da140999e682d2a290d48b78bb25a35525ea12c1b1f9634d14602b2c.yara
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/f0605dda1def240dc7e14efa73927d6c6d89988c01ea8647b671667b2b167008.yara
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 1244664c7917f03f2b43b30e132f64b5
+        SHA1: d6f015693e56a3ebba725a6591cc07443d0e1661
+        SHA256: db68a9cbe22b22cba782592eef76e63e080ee8d30943be6da694701f44b6c33e
+    Company: OpenLibSys.org
+    Copyright: Copyright (C) 2007 OpenLibSys.org
+    CreationTimestamp: '2007-10-18 23:03:47'
+    Date: ''
+    Description: OpenLibSys
+    ExportedFunctions: ''
+    FileVersion: 1.0.0.2
+    Filename: OpenLibSys.sys
+    ImportedFunctions:
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - IoDeleteDevice
+    - IoCreateDevice
+    - KeBugCheckEx
+    - RtlInitUnicodeString
+    - IoCreateSymbolicLink
+    - IoDeleteSymbolicLink
+    - __C_specific_handler
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: OpenLibSys.sys
+    MD5: ccf523b951afaa0147f22e2a7aae4976
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: OpenLibSys.sys
+    Product: OpenLibSys
+    ProductVersion: 1.0.0.2
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 6c9272bb390e89b75934eea3b15a1858
+        SHA1: 16dab615286d22f060143bb9316a28122f8e4d1b
+        SHA256: 4a41cc91e3a5794be7d9088e93b0277f123a88d3b6568c5f92fe084bb5c78b4a
+    SHA1: ac600a2bc06b312d92e649b7b55e3e91e9d63451
+    SHA256: 91314768da140999e682d2a290d48b78bb25a35525ea12c1b1f9634d14602b2c
+    Sections:
+        .text:
+            Entropy: 5.970389527326947
+            Virtual Size: '0x75e'
+        .rdata:
+            Entropy: 4.133596535147301
+            Virtual Size: '0x194'
+        .data:
+            Entropy: 0.5096713223407059
+            Virtual Size: '0x114'
+        .pdata:
+            Entropy: 3.2442905991594793
+            Virtual Size: '0x6c'
+        INIT:
+            Entropy: 4.864582637105269
+            Virtual Size: '0x222'
+        .rsrc:
+            Entropy: 3.2128018204308373
+            Virtual Size: '0x398'
+    Signature:
+    - Noriyuki MIYAZAKI
+    - GlobalSign ObjectSign CA
+    - GlobalSign Primary Object Publishing CA
+    - GlobalSign Root CA - R1
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=JP, CN=Noriyuki MIYAZAKI, emailAddress=hiyohiyo@crystalmark.info
+            ValidFrom: '2007-09-24 10:50:55'
+            ValidTo: '2008-09-24 10:50:55'
+            Signature: 4b6c4ea808b550cbae0f97c27726a0445d0e3e021ee0e0087bfe5bbc290e3e45ca35333f2a97fb7667f64326629f7a99fe2fec4da9fe14f0d858419982b983457848fbd6a9115769db6c5626b4d2f87fc77019a755a9efdf81b1968dfbfa638bf87bd25a8adf1c6c3bba3735f06b54d127462ed40dc364ad4c4f29c9f9692b29ff9557300a7c0d395f250172e312ff253b7ce8885ef8c1fe60c448676180e4ca09b34b52ae116b01f22b446b827a748ca80aee5f8e9ff6725e1dce5a7984c26eb72a615a9ef272f6f7b2e03e6d34665caf506b93cb5a2de127177eb1923cf5bc499e312d6c43ff5a26124ea63a4dc9a3340daa6449c2322857adf98166423cfb
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 01000000000115372421a8
+            Version: 3
+            TBS:
+                MD5: c11203d7c1fcb38e1eaff246bb8e7595
+                SHA1: 99f00de6eefb2076662465e682a2429373ebcb26
+                SHA256: 08a073aa77d42d608a9457a6b1d63eadcf5113407d8a55025ea1bbef0716dca5
+                SHA384: ef57f44999a39185b9ebf97894ce5a3cca2894e15bc0733a865501c3a41ea9054be5d7517aa59006b04a853cadbed567
+        -   Subject: CN=GlobalSign RootSign Partners CA, OU=RootSign Partners CA,
+                O=GlobalSign nv,sa, C=BE
+            ValidFrom: '2003-12-16 13:00:00'
+            ValidTo: '2014-01-27 11:00:00'
+            Signature: 5c2f2e674a26b3e7b53f353cdda003ed569af9443752163065c7d14ea20f8db7b6b6678ee74cec8d95bee6cea7227874acd7f87499b3f7ce8b1338d596cc8d76c52f38b23aae61be0b8799e321626423398d84f6858df777ffb03806f07ec1485fb5ee582606660522749283a7dbb5f992e3e8c3192c2e63efbb1fdff9f70747660d0789977ef8332c9ecbae143df11cdfa3f179afc8928f9471c4d144c554db1eb50b0aa942a3afd643391dee8f9398585bbe6e9c0bf563ec5e99c2f954fa010746da0db06424cf8ed1061d4f3ca26377455ba4bc5fb080bb31e00b54015c161d724ed52a6947d11b667e5f016ef135916be02efeb045d81627b5c58bc2da53
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 040000000000f97faa2e1e
+            Version: 3
+            TBS:
+                MD5: 59466cb0c1788b2f251fce3495837102
+                SHA1: c5cfc5f6a131a3a77c3905c9893c99bb1b2baa0b
+                SHA256: eedda02668f7636eeec69429a7164cc47ca3de0539122d37f5b8078df7ee56db
+                SHA384: 982b72c3ee7066ce80ee642444c91adc60e7009fc6ef981a32edf666591d6aedb09d258e10e86f4ef265eae8149bbd92
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
+                Primary Object Publishing CA
+            ValidFrom: '1999-01-28 12:00:00'
+            ValidTo: '2014-01-27 11:00:00'
+            Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9611cd6
+            Version: 3
+            TBS:
+                MD5: 698f075151097d84c0b1f3e7bc3d6fca
+                SHA1: 041750993d7c9e063f02dfe74699598640911aab
+                SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
+                SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
+        -   Subject: O=GlobalSign, CN=GlobalSign Time Stamping Authority, emailAddress=timestampinfo@globalsign.com
+            ValidFrom: '2007-02-05 09:00:00'
+            ValidTo: '2014-01-27 09:00:00'
+            Signature: 649b07caaccc411e37ef6f349cb5e8ca48f9daeafaf7172e5cad193b7311ec5adbfd7b213161c092515bb166b07c64d8fe10b471a8bc9e75379c5f6ff2da0437b8ecc003e256b7785995581d7a7c3e18d74c32bdf91ee723457fdee08d65825b45fd64c66fc3d7ea12411d0c395ef696f8c3cd9e1fff51886976988b8eb42788821ad63c7aabb04eb73ee8d434d2c1a439533cb2747b15373054a6ebb924cc2f084b4364f14aaf8d9ce8546cb2dbdc3bb1c722849f558e72a8b2a8f6f0ff03c996ebab8273dabe45561936fdba6cbc71f0d3c7c376d7e4bce2a1a67200cfbdb200ed92aa39ab09d16e3953862ad43b517398b754e9972d9977ee123e3642257f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000011092eb8295
+            Version: 3
+            TBS:
+                MD5: 11d73a3638fc78e0bac6c459feadcc42
+                SHA1: 6636f7dcf81b370b919966f9063295ec84422f91
+                SHA256: 1eb5fc1d2e3254b1e3c4587a6efed87ee65306525e684b4cfa4b51893cfe86a3
+                SHA384: a13c07e505c79c58654ad2cffe219c6c801fa092c52f18c489a6061420c6475706f11c200f4dadd51718c660e49b3f24
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            ValidFrom: '2004-01-22 09:00:00'
+            ValidTo: '2014-01-27 10:00:00'
+            Signature: 11d45d8af43d0d9d7e4fa70071610b56b34caa70e1b2d1dec7886d1d897c2ba946e58b1f8e4cc26695911fe34d394ae31b70b7446edc068a4d6d25e89812dcbca0dd864eae8f81130540905a542529944acaf165b4ef0679dae7cb86f004c918dcee72b320015748dfe333e12ccd9c077f9447278d888d340ca67c5c20c17d07b3736b648c26d29bd7e87965a6a891a174862a050282c1847cf279cd3c2a2b0f99291eea8c8a1ab16aeaa266380e65e1add8c6c91f888d3976ee1782c4138d97ce6341e77af5b4b66c15c33813b3930b620688dde1447f10a950248b60dc05f75ba514b27b56720b96eabffc057090659e051ca4dd07af4b57dec639673bc574
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9612448
+            Version: 3
+            TBS:
+                MD5: 2fc76031fc24eec1ef3db2d246d21d6a
+                SHA1: 75c3a1f76b9dfa31ef6bf56325e7bd0bf6e4779d
+                SHA256: 9238292d441c56dc89684c253343c17de3ed9cecd7f83d1d8f793b5ebc91f7b9
+                SHA384: 9279c1377eb701fdd79ef85038ff151cd8902169ba55fca84b9850f003563f73a1daaf869544252a2e42f06f58d2275f
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 01000000000115372421a8
+            Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            Version: 1
+    Imphash: d6f977640d4810a784d152e4d3c63a6b
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: bd94d3a0abc78f87147bf8ea41aad734
+        SHA1: 7ecbd5098c4161b95dd7e674003dd53069374f3e
+        SHA256: 6f3937451f0170a0aec3033cadceeb86ab30ee3c67add3926e116ccc20c0d9a7
+    Company: OpenLibSys.org
+    Copyright: Copyright (C) 2007 OpenLibSys.org
+    CreationTimestamp: '2007-10-23 08:03:27'
+    Date: ''
+    Description: OpenLibSys
+    ExportedFunctions: ''
+    FileVersion: 1.0.1.3
+    Filename: OpenLibSys.sys
+    ImportedFunctions:
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - IoDeleteDevice
+    - IoCreateDevice
+    - KeBugCheckEx
+    - RtlInitUnicodeString
+    - IoCreateSymbolicLink
+    - IoDeleteSymbolicLink
+    - __C_specific_handler
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: OpenLibSys.sys
+    MD5: 96421b56dbda73e9b965f027a3bda7ba
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: OpenLibSys.sys
+    Product: OpenLibSys
+    ProductVersion: 1.0.1.3
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 6c9272bb390e89b75934eea3b15a1858
+        SHA1: 16dab615286d22f060143bb9316a28122f8e4d1b
+        SHA256: 4a41cc91e3a5794be7d9088e93b0277f123a88d3b6568c5f92fe084bb5c78b4a
+    SHA1: da9cea92f996f938f699902482ac5313d5e8b28e
+    SHA256: f0605dda1def240dc7e14efa73927d6c6d89988c01ea8647b671667b2b167008
+    Sections:
+        .text:
+            Entropy: 6.018428693793998
+            Virtual Size: '0x78e'
+        .rdata:
+            Entropy: 4.151140831854776
+            Virtual Size: '0x194'
+        .data:
+            Entropy: 0.5096713223407059
+            Virtual Size: '0x114'
+        .pdata:
+            Entropy: 3.2996069737061187
+            Virtual Size: '0x6c'
+        INIT:
+            Entropy: 4.864582637105269
+            Virtual Size: '0x222'
+        .rsrc:
+            Entropy: 3.2292647896337443
+            Virtual Size: '0x398'
+    Signature:
+    - Noriyuki MIYAZAKI
+    - GlobalSign ObjectSign CA
+    - GlobalSign Primary Object Publishing CA
+    - GlobalSign Root CA - R1
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=JP, CN=Noriyuki MIYAZAKI, emailAddress=hiyohiyo@crystalmark.info
+            ValidFrom: '2007-09-24 10:50:55'
+            ValidTo: '2008-09-24 10:50:55'
+            Signature: 4b6c4ea808b550cbae0f97c27726a0445d0e3e021ee0e0087bfe5bbc290e3e45ca35333f2a97fb7667f64326629f7a99fe2fec4da9fe14f0d858419982b983457848fbd6a9115769db6c5626b4d2f87fc77019a755a9efdf81b1968dfbfa638bf87bd25a8adf1c6c3bba3735f06b54d127462ed40dc364ad4c4f29c9f9692b29ff9557300a7c0d395f250172e312ff253b7ce8885ef8c1fe60c448676180e4ca09b34b52ae116b01f22b446b827a748ca80aee5f8e9ff6725e1dce5a7984c26eb72a615a9ef272f6f7b2e03e6d34665caf506b93cb5a2de127177eb1923cf5bc499e312d6c43ff5a26124ea63a4dc9a3340daa6449c2322857adf98166423cfb
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 01000000000115372421a8
+            Version: 3
+            TBS:
+                MD5: c11203d7c1fcb38e1eaff246bb8e7595
+                SHA1: 99f00de6eefb2076662465e682a2429373ebcb26
+                SHA256: 08a073aa77d42d608a9457a6b1d63eadcf5113407d8a55025ea1bbef0716dca5
+                SHA384: ef57f44999a39185b9ebf97894ce5a3cca2894e15bc0733a865501c3a41ea9054be5d7517aa59006b04a853cadbed567
+        -   Subject: CN=GlobalSign RootSign Partners CA, OU=RootSign Partners CA,
+                O=GlobalSign nv,sa, C=BE
+            ValidFrom: '2003-12-16 13:00:00'
+            ValidTo: '2014-01-27 11:00:00'
+            Signature: 5c2f2e674a26b3e7b53f353cdda003ed569af9443752163065c7d14ea20f8db7b6b6678ee74cec8d95bee6cea7227874acd7f87499b3f7ce8b1338d596cc8d76c52f38b23aae61be0b8799e321626423398d84f6858df777ffb03806f07ec1485fb5ee582606660522749283a7dbb5f992e3e8c3192c2e63efbb1fdff9f70747660d0789977ef8332c9ecbae143df11cdfa3f179afc8928f9471c4d144c554db1eb50b0aa942a3afd643391dee8f9398585bbe6e9c0bf563ec5e99c2f954fa010746da0db06424cf8ed1061d4f3ca26377455ba4bc5fb080bb31e00b54015c161d724ed52a6947d11b667e5f016ef135916be02efeb045d81627b5c58bc2da53
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 040000000000f97faa2e1e
+            Version: 3
+            TBS:
+                MD5: 59466cb0c1788b2f251fce3495837102
+                SHA1: c5cfc5f6a131a3a77c3905c9893c99bb1b2baa0b
+                SHA256: eedda02668f7636eeec69429a7164cc47ca3de0539122d37f5b8078df7ee56db
+                SHA384: 982b72c3ee7066ce80ee642444c91adc60e7009fc6ef981a32edf666591d6aedb09d258e10e86f4ef265eae8149bbd92
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
+                Primary Object Publishing CA
+            ValidFrom: '1999-01-28 12:00:00'
+            ValidTo: '2014-01-27 11:00:00'
+            Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9611cd6
+            Version: 3
+            TBS:
+                MD5: 698f075151097d84c0b1f3e7bc3d6fca
+                SHA1: 041750993d7c9e063f02dfe74699598640911aab
+                SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
+                SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
+        -   Subject: O=GlobalSign, CN=GlobalSign Time Stamping Authority, emailAddress=timestampinfo@globalsign.com
+            ValidFrom: '2007-02-05 09:00:00'
+            ValidTo: '2014-01-27 09:00:00'
+            Signature: 649b07caaccc411e37ef6f349cb5e8ca48f9daeafaf7172e5cad193b7311ec5adbfd7b213161c092515bb166b07c64d8fe10b471a8bc9e75379c5f6ff2da0437b8ecc003e256b7785995581d7a7c3e18d74c32bdf91ee723457fdee08d65825b45fd64c66fc3d7ea12411d0c395ef696f8c3cd9e1fff51886976988b8eb42788821ad63c7aabb04eb73ee8d434d2c1a439533cb2747b15373054a6ebb924cc2f084b4364f14aaf8d9ce8546cb2dbdc3bb1c722849f558e72a8b2a8f6f0ff03c996ebab8273dabe45561936fdba6cbc71f0d3c7c376d7e4bce2a1a67200cfbdb200ed92aa39ab09d16e3953862ad43b517398b754e9972d9977ee123e3642257f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000011092eb8295
+            Version: 3
+            TBS:
+                MD5: 11d73a3638fc78e0bac6c459feadcc42
+                SHA1: 6636f7dcf81b370b919966f9063295ec84422f91
+                SHA256: 1eb5fc1d2e3254b1e3c4587a6efed87ee65306525e684b4cfa4b51893cfe86a3
+                SHA384: a13c07e505c79c58654ad2cffe219c6c801fa092c52f18c489a6061420c6475706f11c200f4dadd51718c660e49b3f24
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            ValidFrom: '2004-01-22 09:00:00'
+            ValidTo: '2014-01-27 10:00:00'
+            Signature: 11d45d8af43d0d9d7e4fa70071610b56b34caa70e1b2d1dec7886d1d897c2ba946e58b1f8e4cc26695911fe34d394ae31b70b7446edc068a4d6d25e89812dcbca0dd864eae8f81130540905a542529944acaf165b4ef0679dae7cb86f004c918dcee72b320015748dfe333e12ccd9c077f9447278d888d340ca67c5c20c17d07b3736b648c26d29bd7e87965a6a891a174862a050282c1847cf279cd3c2a2b0f99291eea8c8a1ab16aeaa266380e65e1add8c6c91f888d3976ee1782c4138d97ce6341e77af5b4b66c15c33813b3930b620688dde1447f10a950248b60dc05f75ba514b27b56720b96eabffc057090659e051ca4dd07af4b57dec639673bc574
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9612448
+            Version: 3
+            TBS:
+                MD5: 2fc76031fc24eec1ef3db2d246d21d6a
+                SHA1: 75c3a1f76b9dfa31ef6bf56325e7bd0bf6e4779d
+                SHA256: 9238292d441c56dc89684c253343c17de3ed9cecd7f83d1d8f793b5ebc91f7b9
+                SHA384: 9279c1377eb701fdd79ef85038ff151cd8902169ba55fca84b9850f003563f73a1daaf869544252a2e42f06f58d2275f
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 01000000000115372421a8
+            Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            Version: 1
+    Imphash: d6f977640d4810a784d152e4d3c63a6b
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/2ea12acc-95b6-4f91-afb7-8ded7a2fe9d9.yaml b/yaml/2ea12acc-95b6-4f91-afb7-8ded7a2fe9d9.yaml
index 062f8cde5..43cb763c6 100644
--- a/yaml/2ea12acc-95b6-4f91-afb7-8ded7a2fe9d9.yaml
+++ b/yaml/2ea12acc-95b6-4f91-afb7-8ded7a2fe9d9.yaml
@@ -1,308 +1,308 @@
 Id: 2ea12acc-95b6-4f91-afb7-8ded7a2fe9d9
+Tags:
+- vmdrv.sys
+Verified: 'TRUE'
 Author: Nasreddine Bencherchali
 Created: '2023-05-06'
 MitreID: T1068
 Category: vulnerable driver
-Verified: 'TRUE'
 Commands:
-  Command: sc.exe create vmdrv.sys binPath=C:\windows\temp\vmdrv.sys type=kernel &&
-    sc.exe start vmdrv.sys
-  Description: ''
-  Usecase: Elevate privileges
-  Privileges: kernel
-  OperatingSystem: Windows 10
+    Command: sc.exe create vmdrv.sys binPath=C:\windows\temp\vmdrv.sys type=kernel
+        && sc.exe start vmdrv.sys
+    Description: ''
+    Usecase: Elevate privileges
+    Privileges: kernel
+    OperatingSystem: Windows 10
 Resources:
 - Internal Research
-Acknowledgement:
-  Person: ''
-  Handle: ''
 Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Person: ''
+    Handle: ''
 KnownVulnerableSamples:
-- Filename: vmdrv.sys
-  MD5: 6d67da13cf84f15f6797ed929dd8cf5d
-  SHA1: 1a17cc64e47d3db7085a4dc365049a2d4552dc8a
-  SHA256: 5c0b429e5935814457934fa9c10ac7a88e19068fa1bd152879e4e9b89c103921
-  Authentihash:
-    MD5: 9ee5190f4bd124445626451cc09d49ce
-    SHA1: b73a1aae1e15b9a7e2cc0d486449e132671aebec
-    SHA256: fabe94809d90ade89dad012b22243e3fb755a131800140f8f8b30c989c371301
-  Description: Voicemod Virtual Audio Device (WDM)
-  Company: Windows (R) Win 7 DDK provider
-  InternalName: vmdrv.sys
-  OriginalFilename: vmdrv.sys
-  FileVersion: 10.0.10011.16384
-  Product: Windows (R) Win 7 DDK driver
-  ProductVersion: 10.0.10011.16384
-  Copyright: Copyright (C) Voicemod S.L.2010-2020
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - portcls.sys
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - RtlInitUnicodeString
-  - KeClearEvent
-  - KeSetEvent
-  - ExFreePool
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ObReferenceObjectByHandle
-  - ObfDereferenceObject
-  - ExEventObjectType
-  - KeAcquireSpinLockRaiseToDpc
-  - KeReleaseSpinLock
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - ExSystemTimeToLocalTime
-  - _purecall
-  - KeInitializeDpc
-  - KeFlushQueuedDpcs
-  - KeInitializeMutex
-  - KeReleaseMutex
-  - KeInitializeTimerEx
-  - KeCancelTimer
-  - KeSetTimerEx
-  - KeWaitForSingleObject
-  - KeInitializeSpinLock
-  - IoAllocateWorkItem
-  - IoFreeWorkItem
-  - IoQueueWorkItem
-  - RtlIsNtDdiVersionAvailable
-  - PcInitializeAdapterDriver
-  - PcDispatchIrp
-  - PcAddAdapterDevice
-  - PcRegisterAdapterPowerManagement
-  - PcNewServiceGroup
-  - PcRegisterSubdevice
-  - PcRegisterPhysicalConnection
-  - PcNewPort
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: ??=ES, ??=Private Organization, serialNumber=B98657844, C=ES, L=Valencia,
-        O=Voicemod Sociedad Limitada, CN=Voicemod Sociedad Limitada
-      ValidFrom: '2019-12-13 00:00:00'
-      ValidTo: '2020-12-17 12:00:00'
-      Signature: 3d61f91d3417ea68406f8f16faa42f704866212beb1e47ede42931cefc8e5a240a6320d9cdc2eb1911c5a72db5514cdfa4a40e554c2874d9da134ef850077c6859f540b5d89f3e2168a0ad1b26ffa730588d98ec52b386174b06e96f6254c86315cb6c982c1f6c3748ec1f28b779cfee301ab12ce5fc1b817b018637dd93ac6419957f3d3dd4e362b8f34b41664444e4743c12309e9c14996430719db60684117206890b140b5e87f708838b3b53b5395a1e1a562840c2939c64e2e5f50c40d148830fdeb425077e74fbabfde856bf8ccb0036fbec5d49e58056200cdb24eba2382fc9a1b60ba342759097634855dfd66520763cf7c04c2b85abebd5b5057052
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 02c5372170daa825b5e24b614268c5b5
-      Version: 3
-      TBS:
-        MD5: 8431e52b92e0051577de716f75313854
-        SHA1: 8ad5802e684da7297a1f3ef73bed0ea370b42db9
-        SHA256: a6ad079dada95f4b49268f60d4b44ca44a4efc0af30632accdad536b27ab2790
-        SHA384: f7d20854c88556d3598f58487b32ae7f7a119abcd0c30d386d50248b5dafd00601a47339a2e4f822ee3b848a74c08666
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA (SHA2)
-      ValidFrom: '2012-04-18 12:00:00'
-      ValidTo: '2027-04-18 12:00:00'
-      Signature: 19334a0c813337dbad36c9e4c93abbb51b2e7aa2e2f44342179ebf4ea14de1b1dbe981dd9f01f2e488d5e9fe09fd21c1ec5d80d2f0d6c143c2fe772bdbf9d79133ce6cd5b2193be62ed6c9934f88408ecde1f57ef10fc6595672e8eb6a41bd1cd546d57c49ca663815c1bfe091707787dcc98d31c90c29a233ed8de287cd898d3f1bffd5e01a978b7cda6dfba8c6b23a666b7b01b3cdd8a634ec1201ab9558a5c45357a860e6e70212a0b92364a24dbb7c81256421becfee42184397bba53706af4dff26a54d614bec4641b865ceb8799e08960b818c8a3b8fc7998ca32a6e986d5e61c696b78ab9612d93b8eb0e0443d7f5fea6f062d4996aa5c1c1f0649480
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 03f1b4e15f3a82f1149678b3d7d8475c
-      Version: 3
-      TBS:
-        MD5: 83f5de89f641d0fbf60248e10a7b9534
-        SHA1: 382a73a059a08698d6eb98c87e1b36fc750933a4
-        SHA256: eec58131dc11cd7f512501b15fdbc6074c603b68ca91f7162d5a042054edb0cf
-        SHA384: 4a25018683cabfb8ec2cad136334f37f33c89aa8540326322991d997c8adfb7faf06ab602ebd46630fe75fe3d2edc6b1
-    Signer:
-    - SerialNumber: 02c5372170daa825b5e24b614268c5b5
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA (SHA2)
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 72836637897036e534b5e731b414f81c
-    SHA1: 8aec3f05873113378949bbe027f0c20e9c4f208f
-    SHA256: ad09cf6b4c41c6d657c0d992413a027d578820132dc62d380ee3cce7ebf81d20
-  Sections:
-    .text:
-      Entropy: 5.686954773683641
-      Virtual Size: '0x1369'
-    .rdata:
-      Entropy: 4.725013018730029
-      Virtual Size: '0x1464'
-    .data:
-      Entropy: 2.0394505047903047
-      Virtual Size: '0x824'
-    .pdata:
-      Entropy: 4.358296639004959
-      Virtual Size: '0x540'
-    PAGE:
-      Entropy: 6.041466988516918
-      Virtual Size: '0x2e8a'
-    INIT:
-      Entropy: 5.4451192295882445
-      Virtual Size: '0x6da'
-    .rsrc:
-      Entropy: 3.595344946345435
-      Virtual Size: '0x460'
-    .reloc:
-      Entropy: 5.080566974333831
-      Virtual Size: '0x19c'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2020-05-15 15:19:53'
-  Imphash: 02a27dc9a48b694b7df4b821eb65178c
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: vmdrv.sys
-  MD5: 0e625b7a7c3f75524e307b160f8db337
-  SHA1: 5088c71a740ef7c4156dcaa31e543052fe226e1c
-  SHA256: d884ca8cc4ef1826ca3ab03eb3c2d8f356ba25f2d20db0a7d9fc251c565be7f3
-  Authentihash:
-    MD5: b402effbea875040846c88d9b8b08b36
-    SHA1: 08e1ee43f0e00155730448f017a4616efa2afdf0
-    SHA256: 57ae8d2d962cdde554831415725583fcf4ae5fc844c19983a7c37e31b12109a3
-  Description: Voicemod Virtual Audio Device (WDM)
-  Company: Windows (R) Win 7 DDK provider
-  InternalName: vmdrv.sys
-  OriginalFilename: vmdrv.sys
-  FileVersion: 10.0.10011.16384
-  Product: Windows (R) Win 7 DDK driver
-  ProductVersion: 10.0.10011.16384
-  Copyright: Copyright (C) Voicemod S.L.2010-2020
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - portcls.sys
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - RtlInitUnicodeString
-  - KeClearEvent
-  - KeSetEvent
-  - ExFreePool
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ObReferenceObjectByHandle
-  - ObfDereferenceObject
-  - ExEventObjectType
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - ExSystemTimeToLocalTime
-  - _purecall
-  - KeInitializeDpc
-  - KeFlushQueuedDpcs
-  - KeInitializeMutex
-  - KeReleaseMutex
-  - KeInitializeTimerEx
-  - KeCancelTimer
-  - KeSetTimerEx
-  - KeWaitForSingleObject
-  - KeInitializeSpinLock
-  - KeAcquireSpinLockRaiseToDpc
-  - KeReleaseSpinLock
-  - IoAllocateWorkItem
-  - IoFreeWorkItem
-  - IoQueueWorkItem
-  - RtlIsNtDdiVersionAvailable
-  - PcInitializeAdapterDriver
-  - PcDispatchIrp
-  - PcAddAdapterDevice
-  - PcRegisterAdapterPowerManagement
-  - PcNewServiceGroup
-  - PcRegisterSubdevice
-  - PcRegisterPhysicalConnection
-  - PcNewPort
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: ??=ES, ??=Private Organization, serialNumber=B98657844, C=ES, L=Valencia,
-        O=Voicemod Sociedad Limitada, CN=Voicemod Sociedad Limitada
-      ValidFrom: '2019-12-13 00:00:00'
-      ValidTo: '2020-12-17 12:00:00'
-      Signature: 3d61f91d3417ea68406f8f16faa42f704866212beb1e47ede42931cefc8e5a240a6320d9cdc2eb1911c5a72db5514cdfa4a40e554c2874d9da134ef850077c6859f540b5d89f3e2168a0ad1b26ffa730588d98ec52b386174b06e96f6254c86315cb6c982c1f6c3748ec1f28b779cfee301ab12ce5fc1b817b018637dd93ac6419957f3d3dd4e362b8f34b41664444e4743c12309e9c14996430719db60684117206890b140b5e87f708838b3b53b5395a1e1a562840c2939c64e2e5f50c40d148830fdeb425077e74fbabfde856bf8ccb0036fbec5d49e58056200cdb24eba2382fc9a1b60ba342759097634855dfd66520763cf7c04c2b85abebd5b5057052
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 02c5372170daa825b5e24b614268c5b5
-      Version: 3
-      TBS:
-        MD5: 8431e52b92e0051577de716f75313854
-        SHA1: 8ad5802e684da7297a1f3ef73bed0ea370b42db9
-        SHA256: a6ad079dada95f4b49268f60d4b44ca44a4efc0af30632accdad536b27ab2790
-        SHA384: f7d20854c88556d3598f58487b32ae7f7a119abcd0c30d386d50248b5dafd00601a47339a2e4f822ee3b848a74c08666
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA (SHA2)
-      ValidFrom: '2012-04-18 12:00:00'
-      ValidTo: '2027-04-18 12:00:00'
-      Signature: 19334a0c813337dbad36c9e4c93abbb51b2e7aa2e2f44342179ebf4ea14de1b1dbe981dd9f01f2e488d5e9fe09fd21c1ec5d80d2f0d6c143c2fe772bdbf9d79133ce6cd5b2193be62ed6c9934f88408ecde1f57ef10fc6595672e8eb6a41bd1cd546d57c49ca663815c1bfe091707787dcc98d31c90c29a233ed8de287cd898d3f1bffd5e01a978b7cda6dfba8c6b23a666b7b01b3cdd8a634ec1201ab9558a5c45357a860e6e70212a0b92364a24dbb7c81256421becfee42184397bba53706af4dff26a54d614bec4641b865ceb8799e08960b818c8a3b8fc7998ca32a6e986d5e61c696b78ab9612d93b8eb0e0443d7f5fea6f062d4996aa5c1c1f0649480
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 03f1b4e15f3a82f1149678b3d7d8475c
-      Version: 3
-      TBS:
-        MD5: 83f5de89f641d0fbf60248e10a7b9534
-        SHA1: 382a73a059a08698d6eb98c87e1b36fc750933a4
-        SHA256: eec58131dc11cd7f512501b15fdbc6074c603b68ca91f7162d5a042054edb0cf
-        SHA384: 4a25018683cabfb8ec2cad136334f37f33c89aa8540326322991d997c8adfb7faf06ab602ebd46630fe75fe3d2edc6b1
-    Signer:
-    - SerialNumber: 02c5372170daa825b5e24b614268c5b5
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA (SHA2)
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 19ecccfbe7a6b85392ca6116a3103ea8
-    SHA1: 53afe9a0529323b43e81f67c2daf13e6aeb3f168
-    SHA256: 3b669335809523cae02edc8c37736f6e09e63a84db56676add938707d429b8d0
-  Sections:
-    .text:
-      Entropy: 5.691349408485953
-      Virtual Size: '0x1329'
-    .rdata:
-      Entropy: 4.733949835411843
-      Virtual Size: '0x1394'
-    .data:
-      Entropy: 1.9660177310110125
-      Virtual Size: '0x724'
-    .pdata:
-      Entropy: 4.330677426801091
-      Virtual Size: '0x540'
-    PAGE:
-      Entropy: 6.041055951240552
-      Virtual Size: '0x2e8a'
-    INIT:
-      Entropy: 5.45085560732551
-      Virtual Size: '0x6da'
-    .rsrc:
-      Entropy: 3.595344946345435
-      Virtual Size: '0x460'
-    .reloc:
-      Entropy: 4.9921117821079095
-      Virtual Size: '0x17c'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2020-09-25 07:11:31'
-  Imphash: 7c24141cdcfc23f5eb0e2b6792d80740
-  LoadsDespiteHVCI: 'FALSE'
-Tags:
-- vmdrv.sys
+-   Filename: vmdrv.sys
+    MD5: 6d67da13cf84f15f6797ed929dd8cf5d
+    SHA1: 1a17cc64e47d3db7085a4dc365049a2d4552dc8a
+    SHA256: 5c0b429e5935814457934fa9c10ac7a88e19068fa1bd152879e4e9b89c103921
+    Authentihash:
+        MD5: 9ee5190f4bd124445626451cc09d49ce
+        SHA1: b73a1aae1e15b9a7e2cc0d486449e132671aebec
+        SHA256: fabe94809d90ade89dad012b22243e3fb755a131800140f8f8b30c989c371301
+    Description: Voicemod Virtual Audio Device (WDM)
+    Company: Windows (R) Win 7 DDK provider
+    InternalName: vmdrv.sys
+    OriginalFilename: vmdrv.sys
+    FileVersion: 10.0.10011.16384
+    Product: Windows (R) Win 7 DDK driver
+    ProductVersion: 10.0.10011.16384
+    Copyright: Copyright (C) Voicemod S.L.2010-2020
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - portcls.sys
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - RtlInitUnicodeString
+    - KeClearEvent
+    - KeSetEvent
+    - ExFreePool
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - ObReferenceObjectByHandle
+    - ObfDereferenceObject
+    - ExEventObjectType
+    - KeAcquireSpinLockRaiseToDpc
+    - KeReleaseSpinLock
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - ExSystemTimeToLocalTime
+    - _purecall
+    - KeInitializeDpc
+    - KeFlushQueuedDpcs
+    - KeInitializeMutex
+    - KeReleaseMutex
+    - KeInitializeTimerEx
+    - KeCancelTimer
+    - KeSetTimerEx
+    - KeWaitForSingleObject
+    - KeInitializeSpinLock
+    - IoAllocateWorkItem
+    - IoFreeWorkItem
+    - IoQueueWorkItem
+    - RtlIsNtDdiVersionAvailable
+    - PcInitializeAdapterDriver
+    - PcDispatchIrp
+    - PcAddAdapterDevice
+    - PcRegisterAdapterPowerManagement
+    - PcNewServiceGroup
+    - PcRegisterSubdevice
+    - PcRegisterPhysicalConnection
+    - PcNewPort
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: ??=ES, ??=Private Organization, serialNumber=B98657844, C=ES,
+                L=Valencia, O=Voicemod Sociedad Limitada, CN=Voicemod Sociedad Limitada
+            ValidFrom: '2019-12-13 00:00:00'
+            ValidTo: '2020-12-17 12:00:00'
+            Signature: 3d61f91d3417ea68406f8f16faa42f704866212beb1e47ede42931cefc8e5a240a6320d9cdc2eb1911c5a72db5514cdfa4a40e554c2874d9da134ef850077c6859f540b5d89f3e2168a0ad1b26ffa730588d98ec52b386174b06e96f6254c86315cb6c982c1f6c3748ec1f28b779cfee301ab12ce5fc1b817b018637dd93ac6419957f3d3dd4e362b8f34b41664444e4743c12309e9c14996430719db60684117206890b140b5e87f708838b3b53b5395a1e1a562840c2939c64e2e5f50c40d148830fdeb425077e74fbabfde856bf8ccb0036fbec5d49e58056200cdb24eba2382fc9a1b60ba342759097634855dfd66520763cf7c04c2b85abebd5b5057052
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 02c5372170daa825b5e24b614268c5b5
+            Version: 3
+            TBS:
+                MD5: 8431e52b92e0051577de716f75313854
+                SHA1: 8ad5802e684da7297a1f3ef73bed0ea370b42db9
+                SHA256: a6ad079dada95f4b49268f60d4b44ca44a4efc0af30632accdad536b27ab2790
+                SHA384: f7d20854c88556d3598f58487b32ae7f7a119abcd0c30d386d50248b5dafd00601a47339a2e4f822ee3b848a74c08666
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA (SHA2)
+            ValidFrom: '2012-04-18 12:00:00'
+            ValidTo: '2027-04-18 12:00:00'
+            Signature: 19334a0c813337dbad36c9e4c93abbb51b2e7aa2e2f44342179ebf4ea14de1b1dbe981dd9f01f2e488d5e9fe09fd21c1ec5d80d2f0d6c143c2fe772bdbf9d79133ce6cd5b2193be62ed6c9934f88408ecde1f57ef10fc6595672e8eb6a41bd1cd546d57c49ca663815c1bfe091707787dcc98d31c90c29a233ed8de287cd898d3f1bffd5e01a978b7cda6dfba8c6b23a666b7b01b3cdd8a634ec1201ab9558a5c45357a860e6e70212a0b92364a24dbb7c81256421becfee42184397bba53706af4dff26a54d614bec4641b865ceb8799e08960b818c8a3b8fc7998ca32a6e986d5e61c696b78ab9612d93b8eb0e0443d7f5fea6f062d4996aa5c1c1f0649480
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 03f1b4e15f3a82f1149678b3d7d8475c
+            Version: 3
+            TBS:
+                MD5: 83f5de89f641d0fbf60248e10a7b9534
+                SHA1: 382a73a059a08698d6eb98c87e1b36fc750933a4
+                SHA256: eec58131dc11cd7f512501b15fdbc6074c603b68ca91f7162d5a042054edb0cf
+                SHA384: 4a25018683cabfb8ec2cad136334f37f33c89aa8540326322991d997c8adfb7faf06ab602ebd46630fe75fe3d2edc6b1
+        Signer:
+        -   SerialNumber: 02c5372170daa825b5e24b614268c5b5
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA (SHA2)
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 72836637897036e534b5e731b414f81c
+        SHA1: 8aec3f05873113378949bbe027f0c20e9c4f208f
+        SHA256: ad09cf6b4c41c6d657c0d992413a027d578820132dc62d380ee3cce7ebf81d20
+    Sections:
+        .text:
+            Entropy: 5.686954773683641
+            Virtual Size: '0x1369'
+        .rdata:
+            Entropy: 4.725013018730029
+            Virtual Size: '0x1464'
+        .data:
+            Entropy: 2.0394505047903047
+            Virtual Size: '0x824'
+        .pdata:
+            Entropy: 4.358296639004959
+            Virtual Size: '0x540'
+        PAGE:
+            Entropy: 6.041466988516918
+            Virtual Size: '0x2e8a'
+        INIT:
+            Entropy: 5.4451192295882445
+            Virtual Size: '0x6da'
+        .rsrc:
+            Entropy: 3.595344946345435
+            Virtual Size: '0x460'
+        .reloc:
+            Entropy: 5.080566974333831
+            Virtual Size: '0x19c'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2020-05-15 15:19:53'
+    Imphash: 02a27dc9a48b694b7df4b821eb65178c
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: vmdrv.sys
+    MD5: 0e625b7a7c3f75524e307b160f8db337
+    SHA1: 5088c71a740ef7c4156dcaa31e543052fe226e1c
+    SHA256: d884ca8cc4ef1826ca3ab03eb3c2d8f356ba25f2d20db0a7d9fc251c565be7f3
+    Authentihash:
+        MD5: b402effbea875040846c88d9b8b08b36
+        SHA1: 08e1ee43f0e00155730448f017a4616efa2afdf0
+        SHA256: 57ae8d2d962cdde554831415725583fcf4ae5fc844c19983a7c37e31b12109a3
+    Description: Voicemod Virtual Audio Device (WDM)
+    Company: Windows (R) Win 7 DDK provider
+    InternalName: vmdrv.sys
+    OriginalFilename: vmdrv.sys
+    FileVersion: 10.0.10011.16384
+    Product: Windows (R) Win 7 DDK driver
+    ProductVersion: 10.0.10011.16384
+    Copyright: Copyright (C) Voicemod S.L.2010-2020
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - portcls.sys
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - RtlInitUnicodeString
+    - KeClearEvent
+    - KeSetEvent
+    - ExFreePool
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - ObReferenceObjectByHandle
+    - ObfDereferenceObject
+    - ExEventObjectType
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - ExSystemTimeToLocalTime
+    - _purecall
+    - KeInitializeDpc
+    - KeFlushQueuedDpcs
+    - KeInitializeMutex
+    - KeReleaseMutex
+    - KeInitializeTimerEx
+    - KeCancelTimer
+    - KeSetTimerEx
+    - KeWaitForSingleObject
+    - KeInitializeSpinLock
+    - KeAcquireSpinLockRaiseToDpc
+    - KeReleaseSpinLock
+    - IoAllocateWorkItem
+    - IoFreeWorkItem
+    - IoQueueWorkItem
+    - RtlIsNtDdiVersionAvailable
+    - PcInitializeAdapterDriver
+    - PcDispatchIrp
+    - PcAddAdapterDevice
+    - PcRegisterAdapterPowerManagement
+    - PcNewServiceGroup
+    - PcRegisterSubdevice
+    - PcRegisterPhysicalConnection
+    - PcNewPort
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: ??=ES, ??=Private Organization, serialNumber=B98657844, C=ES,
+                L=Valencia, O=Voicemod Sociedad Limitada, CN=Voicemod Sociedad Limitada
+            ValidFrom: '2019-12-13 00:00:00'
+            ValidTo: '2020-12-17 12:00:00'
+            Signature: 3d61f91d3417ea68406f8f16faa42f704866212beb1e47ede42931cefc8e5a240a6320d9cdc2eb1911c5a72db5514cdfa4a40e554c2874d9da134ef850077c6859f540b5d89f3e2168a0ad1b26ffa730588d98ec52b386174b06e96f6254c86315cb6c982c1f6c3748ec1f28b779cfee301ab12ce5fc1b817b018637dd93ac6419957f3d3dd4e362b8f34b41664444e4743c12309e9c14996430719db60684117206890b140b5e87f708838b3b53b5395a1e1a562840c2939c64e2e5f50c40d148830fdeb425077e74fbabfde856bf8ccb0036fbec5d49e58056200cdb24eba2382fc9a1b60ba342759097634855dfd66520763cf7c04c2b85abebd5b5057052
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 02c5372170daa825b5e24b614268c5b5
+            Version: 3
+            TBS:
+                MD5: 8431e52b92e0051577de716f75313854
+                SHA1: 8ad5802e684da7297a1f3ef73bed0ea370b42db9
+                SHA256: a6ad079dada95f4b49268f60d4b44ca44a4efc0af30632accdad536b27ab2790
+                SHA384: f7d20854c88556d3598f58487b32ae7f7a119abcd0c30d386d50248b5dafd00601a47339a2e4f822ee3b848a74c08666
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA (SHA2)
+            ValidFrom: '2012-04-18 12:00:00'
+            ValidTo: '2027-04-18 12:00:00'
+            Signature: 19334a0c813337dbad36c9e4c93abbb51b2e7aa2e2f44342179ebf4ea14de1b1dbe981dd9f01f2e488d5e9fe09fd21c1ec5d80d2f0d6c143c2fe772bdbf9d79133ce6cd5b2193be62ed6c9934f88408ecde1f57ef10fc6595672e8eb6a41bd1cd546d57c49ca663815c1bfe091707787dcc98d31c90c29a233ed8de287cd898d3f1bffd5e01a978b7cda6dfba8c6b23a666b7b01b3cdd8a634ec1201ab9558a5c45357a860e6e70212a0b92364a24dbb7c81256421becfee42184397bba53706af4dff26a54d614bec4641b865ceb8799e08960b818c8a3b8fc7998ca32a6e986d5e61c696b78ab9612d93b8eb0e0443d7f5fea6f062d4996aa5c1c1f0649480
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 03f1b4e15f3a82f1149678b3d7d8475c
+            Version: 3
+            TBS:
+                MD5: 83f5de89f641d0fbf60248e10a7b9534
+                SHA1: 382a73a059a08698d6eb98c87e1b36fc750933a4
+                SHA256: eec58131dc11cd7f512501b15fdbc6074c603b68ca91f7162d5a042054edb0cf
+                SHA384: 4a25018683cabfb8ec2cad136334f37f33c89aa8540326322991d997c8adfb7faf06ab602ebd46630fe75fe3d2edc6b1
+        Signer:
+        -   SerialNumber: 02c5372170daa825b5e24b614268c5b5
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA (SHA2)
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 19ecccfbe7a6b85392ca6116a3103ea8
+        SHA1: 53afe9a0529323b43e81f67c2daf13e6aeb3f168
+        SHA256: 3b669335809523cae02edc8c37736f6e09e63a84db56676add938707d429b8d0
+    Sections:
+        .text:
+            Entropy: 5.691349408485953
+            Virtual Size: '0x1329'
+        .rdata:
+            Entropy: 4.733949835411843
+            Virtual Size: '0x1394'
+        .data:
+            Entropy: 1.9660177310110125
+            Virtual Size: '0x724'
+        .pdata:
+            Entropy: 4.330677426801091
+            Virtual Size: '0x540'
+        PAGE:
+            Entropy: 6.041055951240552
+            Virtual Size: '0x2e8a'
+        INIT:
+            Entropy: 5.45085560732551
+            Virtual Size: '0x6da'
+        .rsrc:
+            Entropy: 3.595344946345435
+            Virtual Size: '0x460'
+        .reloc:
+            Entropy: 4.9921117821079095
+            Virtual Size: '0x17c'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2020-09-25 07:11:31'
+    Imphash: 7c24141cdcfc23f5eb0e2b6792d80740
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/30d6c39c-1d93-4101-8dd3-322ff0ab7fb3.yaml b/yaml/30d6c39c-1d93-4101-8dd3-322ff0ab7fb3.yaml
index 76a088a37..9b1eb3215 100644
--- a/yaml/30d6c39c-1d93-4101-8dd3-322ff0ab7fb3.yaml
+++ b/yaml/30d6c39c-1d93-4101-8dd3-322ff0ab7fb3.yaml
@@ -1,203 +1,203 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 30d6c39c-1d93-4101-8dd3-322ff0ab7fb3
+Tags:
+- NetFlt.sys
+Verified: 'FALSE'
 Author: Michael Haag
+Created: '2023-01-09'
+MitreID: T1068
 Category: vulnerable driver
 Commands:
-  Command: sc.exe create NetFlt.sys binPath=C:\windows\temp\NetFlt.sys type=kernel
-    && sc.exe start NetFlt.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
-Created: '2023-01-09'
+    Command: sc.exe create NetFlt.sys binPath=C:\windows\temp\NetFlt.sys type=kernel
+        && sc.exe start NetFlt.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
+Resources:
+- https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules
 Detection: []
-Id: 30d6c39c-1d93-4101-8dd3-322ff0ab7fb3
+Acknowledgement:
+    Handle: ''
+    Person: ''
 KnownVulnerableSamples:
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: NetFlt.sys
-  MachineType: ''
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA256: f8886a9c759e0426e08d55e410b02c5b05af3c287b15970175e4874316ffaf13
-  Signature: []
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: e6afe5e6540dab647a06673be116690b
-    SHA1: b04ecc8dd0d52fe4552d2c4d693d67fae20c460f
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: NetFlt.sys
+    MachineType: ''
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
     SHA256: f8886a9c759e0426e08d55e410b02c5b05af3c287b15970175e4874316ffaf13
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2018-09-29 14:21:09'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: 10.0.0.2
-  Filename: ''
-  ImportedFunctions:
-  - KeBugCheckEx
-  - ZwOpenKey
-  - ZwClose
-  - ZwQueryValueKey
-  - IofCompleteRequest
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - _vsnprintf
-  - MmMapLockedPagesSpecifyCache
-  - KeAcquireSpinLockRaiseToDpc
-  - DbgPrint
-  - KeAcquireSpinLockAtDpcLevel
-  - KeReleaseSpinLockFromDpcLevel
-  - KeReleaseSpinLock
-  - RtlInitUnicodeString
-  - NdisInitializeEvent
-  - NdisRegisterDeviceEx
-  - NdisDeregisterDeviceEx
-  - NdisFSendNetBufferLists
-  - NdisFIndicateReceiveNetBufferLists
-  - NdisFReturnNetBufferLists
-  - NdisFIndicateStatus
-  - NdisWaitEvent
-  - NdisFCancelSendNetBufferLists
-  - NdisFSendNetBufferListsComplete
-  - NdisSetEvent
-  - NdisResetEvent
-  - NdisRetreatNetBufferDataStart
-  - NdisAdvanceNetBufferDataStart
-  - NdisFSetAttributes
-  - NdisFDeregisterFilterDriver
-  - NdisAllocateMemoryWithTagPriority
-  - NdisFRegisterFilterDriver
-  - NdisFreeMemory
-  Imports:
-  - ntoskrnl.exe
-  - NDIS.SYS
-  InternalName: ''
-  MD5: 165178829b5587a628977bfca6fd6900
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: '0.0'
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 31ff42aa5ca7dd66d08b22acf09fc77b
-    SHA1: 4714126b3344521afd77ab9af0c0c7f02cad7214
-    SHA256: f01b7291df1bce93e3b404221cf8cee691cb1b79871cce7978d99936d9406ee8
-  SHA1: e3048cd05573dc1d30b1088859bc728ef67aaad0
-  SHA256: 760be95d4c04b10df89a78414facf91c0961020e80561eee6e2cb94b43b76510
-  Sections:
-    .text:
-      Entropy: 6.434641089980122
-      Virtual Size: '0x2978'
-    .rdata:
-      Entropy: 4.633162531132468
-      Virtual Size: '0x31c'
-    .data:
-      Entropy: 0.39704400406686285
-      Virtual Size: '0x1a0'
-    .pdata:
-      Entropy: 3.8812217396242468
-      Virtual Size: '0x15c'
-    INIT:
-      Entropy: 5.546551932389904
-      Virtual Size: '0x838'
-    .rsrc:
-      Entropy: 2.7484228256782828
-      Virtual Size: '0x1a0'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=CN, ST=, L=, O=, OU=, CN=
-      ValidFrom: '2017-07-12 00:00:00'
-      ValidTo: '2019-10-11 23:59:59'
-      Signature: 66054a913dde7f2816a209d078362671f9f875b38df2c564fb60288eab00536e96b19b4226330797a4b17376b096a952ac9694328cf09ad080e169ec1e1f04c22f87fa8c61fa54f1398316b2b5e2854009a06af391bbfa7d887b89f9d321ee930d3c5b9fcf0fc9cb6d5dfd77526470968d6fcc224052d891b90618b3830a798150235d4b72535accdec987e46c3469906266bf4705f4c2730e6fad70210172bd85a6f6c5a8e976d3ba1601592e5e421f7cf18e1fecb1f0e1eae8d2d7b4de6de5d4e3c88fbfe90ae699239765d24e9232e5b74a20ab25d0911069017f004cc5a4a492dacef0adffb6ee796e359f6f5f6d6692eaedd9ef71071da40577cbadd79b
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 06ac27b7c8985c4d40006b362e4b42ef
-      Version: 3
-      TBS:
-        MD5: b4f984fa296ebed6a2de0fd41e3a8943
-        SHA1: 1ef4fb65a78f8986bf07cbfadf337c0b7adfa0b9
-        SHA256: 7d0c90a2709a9f0286d90e509680b02696769a960da897dfadeb8d6ecd8b86eb
-        SHA384: fa882fd00b886094491157551f1219e508ede02776edd1b52ec08f8fe28ac7f927274d5c90de802586a9d1d22ebae999
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 06ac27b7c8985c4d40006b362e4b42ef
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 9c8c681f74950997cd571fd838a847b8
-  LoadsDespiteHVCI: 'FALSE'
-MitreID: T1068
-Resources:
-- https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules
-Tags:
-- NetFlt.sys
-Verified: 'FALSE'
+    Signature: []
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: e6afe5e6540dab647a06673be116690b
+        SHA1: b04ecc8dd0d52fe4552d2c4d693d67fae20c460f
+        SHA256: f8886a9c759e0426e08d55e410b02c5b05af3c287b15970175e4874316ffaf13
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2018-09-29 14:21:09'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: 10.0.0.2
+    Filename: ''
+    ImportedFunctions:
+    - KeBugCheckEx
+    - ZwOpenKey
+    - ZwClose
+    - ZwQueryValueKey
+    - IofCompleteRequest
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - _vsnprintf
+    - MmMapLockedPagesSpecifyCache
+    - KeAcquireSpinLockRaiseToDpc
+    - DbgPrint
+    - KeAcquireSpinLockAtDpcLevel
+    - KeReleaseSpinLockFromDpcLevel
+    - KeReleaseSpinLock
+    - RtlInitUnicodeString
+    - NdisInitializeEvent
+    - NdisRegisterDeviceEx
+    - NdisDeregisterDeviceEx
+    - NdisFSendNetBufferLists
+    - NdisFIndicateReceiveNetBufferLists
+    - NdisFReturnNetBufferLists
+    - NdisFIndicateStatus
+    - NdisWaitEvent
+    - NdisFCancelSendNetBufferLists
+    - NdisFSendNetBufferListsComplete
+    - NdisSetEvent
+    - NdisResetEvent
+    - NdisRetreatNetBufferDataStart
+    - NdisAdvanceNetBufferDataStart
+    - NdisFSetAttributes
+    - NdisFDeregisterFilterDriver
+    - NdisAllocateMemoryWithTagPriority
+    - NdisFRegisterFilterDriver
+    - NdisFreeMemory
+    Imports:
+    - ntoskrnl.exe
+    - NDIS.SYS
+    InternalName: ''
+    MD5: 165178829b5587a628977bfca6fd6900
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: '0.0'
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 31ff42aa5ca7dd66d08b22acf09fc77b
+        SHA1: 4714126b3344521afd77ab9af0c0c7f02cad7214
+        SHA256: f01b7291df1bce93e3b404221cf8cee691cb1b79871cce7978d99936d9406ee8
+    SHA1: e3048cd05573dc1d30b1088859bc728ef67aaad0
+    SHA256: 760be95d4c04b10df89a78414facf91c0961020e80561eee6e2cb94b43b76510
+    Sections:
+        .text:
+            Entropy: 6.434641089980122
+            Virtual Size: '0x2978'
+        .rdata:
+            Entropy: 4.633162531132468
+            Virtual Size: '0x31c'
+        .data:
+            Entropy: 0.39704400406686285
+            Virtual Size: '0x1a0'
+        .pdata:
+            Entropy: 3.8812217396242468
+            Virtual Size: '0x15c'
+        INIT:
+            Entropy: 5.546551932389904
+            Virtual Size: '0x838'
+        .rsrc:
+            Entropy: 2.7484228256782828
+            Virtual Size: '0x1a0'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=CN, ST=, L=, O=, OU=, CN=
+            ValidFrom: '2017-07-12 00:00:00'
+            ValidTo: '2019-10-11 23:59:59'
+            Signature: 66054a913dde7f2816a209d078362671f9f875b38df2c564fb60288eab00536e96b19b4226330797a4b17376b096a952ac9694328cf09ad080e169ec1e1f04c22f87fa8c61fa54f1398316b2b5e2854009a06af391bbfa7d887b89f9d321ee930d3c5b9fcf0fc9cb6d5dfd77526470968d6fcc224052d891b90618b3830a798150235d4b72535accdec987e46c3469906266bf4705f4c2730e6fad70210172bd85a6f6c5a8e976d3ba1601592e5e421f7cf18e1fecb1f0e1eae8d2d7b4de6de5d4e3c88fbfe90ae699239765d24e9232e5b74a20ab25d0911069017f004cc5a4a492dacef0adffb6ee796e359f6f5f6d6692eaedd9ef71071da40577cbadd79b
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 06ac27b7c8985c4d40006b362e4b42ef
+            Version: 3
+            TBS:
+                MD5: b4f984fa296ebed6a2de0fd41e3a8943
+                SHA1: 1ef4fb65a78f8986bf07cbfadf337c0b7adfa0b9
+                SHA256: 7d0c90a2709a9f0286d90e509680b02696769a960da897dfadeb8d6ecd8b86eb
+                SHA384: fa882fd00b886094491157551f1219e508ede02776edd1b52ec08f8fe28ac7f927274d5c90de802586a9d1d22ebae999
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 06ac27b7c8985c4d40006b362e4b42ef
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 9c8c681f74950997cd571fd838a847b8
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/31686f0e-3748-48c2-be09-fc8f3252e780.yaml b/yaml/31686f0e-3748-48c2-be09-fc8f3252e780.yaml
index 7fb2c2eca..e697c4991 100644
--- a/yaml/31686f0e-3748-48c2-be09-fc8f3252e780.yaml
+++ b/yaml/31686f0e-3748-48c2-be09-fc8f3252e780.yaml
@@ -1,213 +1,214 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 31686f0e-3748-48c2-be09-fc8f3252e780
+Tags:
+- FairplayKD.sys
+Verified: 'FALSE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create FairplayKD.sys binPath=C:\windows\temp\FairplayKD.sys type=kernel
-    && sc.exe start FairplayKD.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/9f4ce6ab5e8d44f355426d9a6ab79833709f39b300733b5b251a0766e895e0e5.yara
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: 31686f0e-3748-48c2-be09-fc8f3252e780
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 5fb82230ba512d33a6e3090985a29e49
-    SHA1: 0eaa4cf7d1944f6259dd9941209dec15a4029c4a
-    SHA256: 66d59e646f3965bc5225eca4285ae65f34b8681fb1bee3eaf440f6795b2fa70f
-  Company: Multi Theft Auto
-  Copyright: (C) 2003 - 2017 Multi Theft Auto
-  CreationTimestamp: '2017-07-15 18:25:00'
-  Date: ''
-  Description: Multi Theft Auto patch driver
-  ExportedFunctions: ''
-  FileVersion: 367.3269.61.64
-  Filename: FairplayKD.sys
-  ImportedFunctions:
-  - PsProcessType
-  - RtlAnsiStringToUnicodeString
-  - KeUnstackDetachProcess
-  - ObReferenceObjectByHandle
-  - KeStackAttachProcess
-  - RtlInitUnicodeString
-  - PsThreadType
-  - PsGetThreadProcessId
-  - MmGetSystemRoutineAddress
-  - _vsnwprintf
-  - RtlCompareUnicodeString
-  - RtlCompareMemory
-  - RtlCopyUnicodeString
-  - RtlGetVersion
-  - MmUnmapLockedPages
-  - ExAllocatePoolWithTag
-  - ProbeForRead
-  - ExRaiseStatus
-  - ExFreePoolWithTag
-  - ProbeForWrite
-  - MmHighestUserAddress
-  - MmMapLockedPagesSpecifyCache
-  - IoGetCurrentProcess
-  - MmProbeAndLockPages
-  - MmUnlockPages
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - KeBugCheckEx
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - __C_specific_handler
-  Imports:
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: 4e90cd77509738d30d3181a4d0880bfa
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: MTA San Andreas
-  ProductVersion: 367.3269.61.64
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 0cfd4733c24065eb45f253c4cb122750
-    SHA1: e32f8f9859bd361c03f962f2c0a07ca346464c7d
-    SHA256: 0a8551c7118d23e193be05fd6d9427dcbecf1038bd5c2b7c991bc444a6c2a184
-  SHA1: b4dcdbd97f38b24d729b986f84a9cdb3fc34d59f
-  SHA256: 9f4ce6ab5e8d44f355426d9a6ab79833709f39b300733b5b251a0766e895e0e5
-  Sections:
-    .text:
-      Entropy: 6.323352332673226
-      Virtual Size: '0xde09'
-    .rdata:
-      Entropy: 4.933506136276985
-      Virtual Size: '0x87c'
-    .data:
-      Entropy: 0.520333943502828
-      Virtual Size: '0x3179'
-    .pdata:
-      Entropy: 4.471532261778057
-      Virtual Size: '0x4c8'
-    PAGE:
-      Entropy: 6.087997650342493
-      Virtual Size: '0x28d'
-    INIT:
-      Entropy: 5.249508633671543
-      Virtual Size: '0x488'
-    .rsrc:
-      Entropy: 3.3888439455803665
-      Virtual Size: '0x308'
-    .reloc:
-      Entropy: 1.751629167387823
-      Virtual Size: '0x18'
-  Signature:
-  - Hans Roes
-  - Thawte Code Signing CA - G2
-  - thawte
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 56fe535ce1c79ebca7ed7e536d6a144b518c405e805faaa4e82fef38c804c9ca3ecfdf3a584eb0d4b663c52957fa02059a454d68db2a1bd4343d9f00c35acb9549a56ee1b0c5fc414d414a6fd377c8d7388de419de18f31f1565836d450c53f90a9a2ea55dbf6f32811892196a5500ad631c52067e55d92968ae4a7c189a79886b2323d827382a298776cafbc7b662231fed7a564cdd9c325bf53d0c4618953b2a2368836441d9006d0f1924156872bdc571676eac4cdb90eb51a51a6207d0be6a00473c722fec4f613e7385ce5a0ab7bac01c1375e3223928dd6d1d09469d4fbae8408191c6a4ce94721b01cf2a6e15679589ae7db7b7cdf90a3d75b66b3c25
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47974d7873a5bcab0d2fb370192fce5e
-      Version: 3
-      TBS:
-        MD5: e3a93dc2a8a8a668fdbb286bfe9afab5
-        SHA1: 95795d2aa2a554a423bc8c6e5b0a016d14887d35
-        SHA256: d8844186775bddbccaf3dc017064df7d760fd4b85c5d07561a3efd7da950f89e
-        SHA384: 78d972495720b43a6470b18ae1226bcca20707628087717a9364c14ca053ba264e6d149718b103542d9942200138a69d
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=BE, ST=Antwerpen, L=Kasterlee, O=No Organization Affiliation, OU=Individual
-        Developer, CN=Hans Roes
-      ValidFrom: '2016-07-06 00:00:00'
-      ValidTo: '2018-07-06 23:59:59'
-      Signature: 8e7c473dcbc241b3f17748f8144534fd278052b0ce46a6f86849323c04ad1d558a109d51583480f1e9db3a010800c6d930db6f9daad6c80caec40fef353b9c5b6bd7a438c5d5c3c9736d44e98d2ae6eb4aa202aa1af72439d60cab335a5027d1b3203df74c811eaf51aa5bfad4517dee3fd410450fdc4b9c3a8a8f0861a2a39202d8981e2a9bf98b31304fbb05ca33baf0c8140084f26c545ef24b0f1d9572354f552379f7cedd37344f720baaff27b61dfafdfd541b35027402ed88852853d8925eb2b3418ff3f0e6169ed7571d6416ec3f6815b23774be20d80d811f094f82c5a7c909a74c7f187d63780a0738d7f86629adca71c05d31b27f6e217724174e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 371fc099cdb143347b4424e9dc1f3b30
-      Version: 3
-      TBS:
-        MD5: 494b9765c3a2b4a874439b1afcdde928
-        SHA1: be00543b1d5c59f704618fb5e4de9d6bcc18a2fd
-        SHA256: d748797bfa645ea26b7761c3d4cde817f9c036debfa38f3a167963655eba8a10
-        SHA384: f9655d60f4641898f82591f7568e41e5f7034c7395b22b05a684b2bc2bfbdcf75db2b955061196d5f86d41fd29f240f8
-    - Subject: C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006
-        thawte, Inc. , For authorized use only, CN=thawte Primary Root CA
-      ValidFrom: '2011-02-22 19:31:57'
-      ValidTo: '2021-02-22 19:41:57'
-      Signature: 2dcc71b5e8ba94ff5ee64467007b6afc412c3ee70e41855ab12a932ba95b89f2f72b499c8003f297b8e760a80ed7fd5de545467594f4ed1c9de166228b61fb29f2c6a8bdf387c98f7f47e1c058b64a1aa2e7f718606969e083069e26c775c40c0d79da746b52b9fae8ea3359b9bb18dd291a14dfd36a37277a9da0dacffffc22c4faf009ff33e93e17ba1cc742cfce2743d30c0c5581303db96060ce02ece19ee81ddc852ce0a18d966d95ac17a4713ea16741b6281d2ce3b615e5b7e5a2f6256d86e320acf9f8314f8e629b9833376d6af735523e90feb03b5fc5b852a9e06ea0479a279e97aea24a9e531939ec357ec659de3ae0aaf533f06abda0821812dea18c4570ca2bd62e959145995a5c240049bd23b30ceca43df5b9e1d1b1825a38eea3fba1ab483a8c5dffa065223fd3d3fe4990db1446a3852e8a554b09ab38b2ab63a008d1fdad48e273d812bcc26ca516fad09ac05e38383a2b718e553aac42197a1f0d4220e7ab5d8c6880524ca1c0d488d02321fb901309007b4937afa9df486022abf4f6c2363bf8513c34bbc586e43ae19f4b90fe5461024b159c34176aa94b8d4cb69d2326c83af1d6b805cdda1d6240183a2f1b41cd3a993a0aa9d1d77eb8c4aff7b8c980105ed55df6ce7a9a02c50f6381efb564e9fc5bd8d2619a68c37cf9c78df91e87d5fa2cf816ae9dab068fc86dc741cda14e84e3dac26ebcfb
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611fb0a400000000001d
-      Version: 3
-      TBS:
-        MD5: a3f222107d4e1085e73b5b589c2f480b
-        SHA1: b94aa26cd77c48d91a53ac44506cbd255e1d362c
-        SHA256: a39ed0d6fd4eb1a6f7fed60f726e23eae668b7591bc004644625d22c701213fa
-        SHA384: 64b7643e4146016cbf83c911eb67e4601b6bb8d66f8ee8dcee67b815f91770d86ab23678b984430f22a963e5484881b7
-    Signer:
-    - SerialNumber: 371fc099cdb143347b4424e9dc1f3b30
-      Issuer: C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2
-      Version: 1
-  Imphash: cb15f8046e159c17b0510738fa18f758
-  LoadsDespiteHVCI: 'TRUE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create FairplayKD.sys binPath=C:\windows\temp\FairplayKD.sys type=kernel
+        && sc.exe start FairplayKD.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://www.unknowncheats.me/forum/anti-cheat-bypass/334557-vulnerable-driver-megathread.html
 - https://www.unknowncheats.me/forum/anti-cheat-bypass/244386-mta-fairplaykd-driver-reversed-exploited-rpm.html
 - ''
-Tags:
-- FairplayKD.sys
-Verified: 'FALSE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/9f4ce6ab5e8d44f355426d9a6ab79833709f39b300733b5b251a0766e895e0e5.yara
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 5fb82230ba512d33a6e3090985a29e49
+        SHA1: 0eaa4cf7d1944f6259dd9941209dec15a4029c4a
+        SHA256: 66d59e646f3965bc5225eca4285ae65f34b8681fb1bee3eaf440f6795b2fa70f
+    Company: Multi Theft Auto
+    Copyright: (C) 2003 - 2017 Multi Theft Auto
+    CreationTimestamp: '2017-07-15 18:25:00'
+    Date: ''
+    Description: Multi Theft Auto patch driver
+    ExportedFunctions: ''
+    FileVersion: 367.3269.61.64
+    Filename: FairplayKD.sys
+    ImportedFunctions:
+    - PsProcessType
+    - RtlAnsiStringToUnicodeString
+    - KeUnstackDetachProcess
+    - ObReferenceObjectByHandle
+    - KeStackAttachProcess
+    - RtlInitUnicodeString
+    - PsThreadType
+    - PsGetThreadProcessId
+    - MmGetSystemRoutineAddress
+    - _vsnwprintf
+    - RtlCompareUnicodeString
+    - RtlCompareMemory
+    - RtlCopyUnicodeString
+    - RtlGetVersion
+    - MmUnmapLockedPages
+    - ExAllocatePoolWithTag
+    - ProbeForRead
+    - ExRaiseStatus
+    - ExFreePoolWithTag
+    - ProbeForWrite
+    - MmHighestUserAddress
+    - MmMapLockedPagesSpecifyCache
+    - IoGetCurrentProcess
+    - MmProbeAndLockPages
+    - MmUnlockPages
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - KeBugCheckEx
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - __C_specific_handler
+    Imports:
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: 4e90cd77509738d30d3181a4d0880bfa
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: MTA San Andreas
+    ProductVersion: 367.3269.61.64
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 0cfd4733c24065eb45f253c4cb122750
+        SHA1: e32f8f9859bd361c03f962f2c0a07ca346464c7d
+        SHA256: 0a8551c7118d23e193be05fd6d9427dcbecf1038bd5c2b7c991bc444a6c2a184
+    SHA1: b4dcdbd97f38b24d729b986f84a9cdb3fc34d59f
+    SHA256: 9f4ce6ab5e8d44f355426d9a6ab79833709f39b300733b5b251a0766e895e0e5
+    Sections:
+        .text:
+            Entropy: 6.323352332673226
+            Virtual Size: '0xde09'
+        .rdata:
+            Entropy: 4.933506136276985
+            Virtual Size: '0x87c'
+        .data:
+            Entropy: 0.520333943502828
+            Virtual Size: '0x3179'
+        .pdata:
+            Entropy: 4.471532261778057
+            Virtual Size: '0x4c8'
+        PAGE:
+            Entropy: 6.087997650342493
+            Virtual Size: '0x28d'
+        INIT:
+            Entropy: 5.249508633671543
+            Virtual Size: '0x488'
+        .rsrc:
+            Entropy: 3.3888439455803665
+            Virtual Size: '0x308'
+        .reloc:
+            Entropy: 1.751629167387823
+            Virtual Size: '0x18'
+    Signature:
+    - Hans Roes
+    - Thawte Code Signing CA - G2
+    - thawte
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 56fe535ce1c79ebca7ed7e536d6a144b518c405e805faaa4e82fef38c804c9ca3ecfdf3a584eb0d4b663c52957fa02059a454d68db2a1bd4343d9f00c35acb9549a56ee1b0c5fc414d414a6fd377c8d7388de419de18f31f1565836d450c53f90a9a2ea55dbf6f32811892196a5500ad631c52067e55d92968ae4a7c189a79886b2323d827382a298776cafbc7b662231fed7a564cdd9c325bf53d0c4618953b2a2368836441d9006d0f1924156872bdc571676eac4cdb90eb51a51a6207d0be6a00473c722fec4f613e7385ce5a0ab7bac01c1375e3223928dd6d1d09469d4fbae8408191c6a4ce94721b01cf2a6e15679589ae7db7b7cdf90a3d75b66b3c25
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47974d7873a5bcab0d2fb370192fce5e
+            Version: 3
+            TBS:
+                MD5: e3a93dc2a8a8a668fdbb286bfe9afab5
+                SHA1: 95795d2aa2a554a423bc8c6e5b0a016d14887d35
+                SHA256: d8844186775bddbccaf3dc017064df7d760fd4b85c5d07561a3efd7da950f89e
+                SHA384: 78d972495720b43a6470b18ae1226bcca20707628087717a9364c14ca053ba264e6d149718b103542d9942200138a69d
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=BE, ST=Antwerpen, L=Kasterlee, O=No Organization Affiliation,
+                OU=Individual Developer, CN=Hans Roes
+            ValidFrom: '2016-07-06 00:00:00'
+            ValidTo: '2018-07-06 23:59:59'
+            Signature: 8e7c473dcbc241b3f17748f8144534fd278052b0ce46a6f86849323c04ad1d558a109d51583480f1e9db3a010800c6d930db6f9daad6c80caec40fef353b9c5b6bd7a438c5d5c3c9736d44e98d2ae6eb4aa202aa1af72439d60cab335a5027d1b3203df74c811eaf51aa5bfad4517dee3fd410450fdc4b9c3a8a8f0861a2a39202d8981e2a9bf98b31304fbb05ca33baf0c8140084f26c545ef24b0f1d9572354f552379f7cedd37344f720baaff27b61dfafdfd541b35027402ed88852853d8925eb2b3418ff3f0e6169ed7571d6416ec3f6815b23774be20d80d811f094f82c5a7c909a74c7f187d63780a0738d7f86629adca71c05d31b27f6e217724174e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 371fc099cdb143347b4424e9dc1f3b30
+            Version: 3
+            TBS:
+                MD5: 494b9765c3a2b4a874439b1afcdde928
+                SHA1: be00543b1d5c59f704618fb5e4de9d6bcc18a2fd
+                SHA256: d748797bfa645ea26b7761c3d4cde817f9c036debfa38f3a167963655eba8a10
+                SHA384: f9655d60f4641898f82591f7568e41e5f7034c7395b22b05a684b2bc2bfbdcf75db2b955061196d5f86d41fd29f240f8
+        -   Subject: C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c)
+                2006 thawte, Inc. , For authorized use only, CN=thawte Primary Root
+                CA
+            ValidFrom: '2011-02-22 19:31:57'
+            ValidTo: '2021-02-22 19:41:57'
+            Signature: 2dcc71b5e8ba94ff5ee64467007b6afc412c3ee70e41855ab12a932ba95b89f2f72b499c8003f297b8e760a80ed7fd5de545467594f4ed1c9de166228b61fb29f2c6a8bdf387c98f7f47e1c058b64a1aa2e7f718606969e083069e26c775c40c0d79da746b52b9fae8ea3359b9bb18dd291a14dfd36a37277a9da0dacffffc22c4faf009ff33e93e17ba1cc742cfce2743d30c0c5581303db96060ce02ece19ee81ddc852ce0a18d966d95ac17a4713ea16741b6281d2ce3b615e5b7e5a2f6256d86e320acf9f8314f8e629b9833376d6af735523e90feb03b5fc5b852a9e06ea0479a279e97aea24a9e531939ec357ec659de3ae0aaf533f06abda0821812dea18c4570ca2bd62e959145995a5c240049bd23b30ceca43df5b9e1d1b1825a38eea3fba1ab483a8c5dffa065223fd3d3fe4990db1446a3852e8a554b09ab38b2ab63a008d1fdad48e273d812bcc26ca516fad09ac05e38383a2b718e553aac42197a1f0d4220e7ab5d8c6880524ca1c0d488d02321fb901309007b4937afa9df486022abf4f6c2363bf8513c34bbc586e43ae19f4b90fe5461024b159c34176aa94b8d4cb69d2326c83af1d6b805cdda1d6240183a2f1b41cd3a993a0aa9d1d77eb8c4aff7b8c980105ed55df6ce7a9a02c50f6381efb564e9fc5bd8d2619a68c37cf9c78df91e87d5fa2cf816ae9dab068fc86dc741cda14e84e3dac26ebcfb
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611fb0a400000000001d
+            Version: 3
+            TBS:
+                MD5: a3f222107d4e1085e73b5b589c2f480b
+                SHA1: b94aa26cd77c48d91a53ac44506cbd255e1d362c
+                SHA256: a39ed0d6fd4eb1a6f7fed60f726e23eae668b7591bc004644625d22c701213fa
+                SHA384: 64b7643e4146016cbf83c911eb67e4601b6bb8d66f8ee8dcee67b815f91770d86ab23678b984430f22a963e5484881b7
+        Signer:
+        -   SerialNumber: 371fc099cdb143347b4424e9dc1f3b30
+            Issuer: C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2
+            Version: 1
+    Imphash: cb15f8046e159c17b0510738fa18f758
+    LoadsDespiteHVCI: 'TRUE'
diff --git a/yaml/31797996-6973-402d-a4a0-d01ce51e02c0.yaml b/yaml/31797996-6973-402d-a4a0-d01ce51e02c0.yaml
index 04b24f2a3..b4499b025 100644
--- a/yaml/31797996-6973-402d-a4a0-d01ce51e02c0.yaml
+++ b/yaml/31797996-6973-402d-a4a0-d01ce51e02c0.yaml
@@ -1,213 +1,214 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 31797996-6973-402d-a4a0-d01ce51e02c0
+Tags:
+- AsrIbDrv.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create AsrIbDrv.sys binPath=C:\windows\temp\AsrIbDrv.sys type=kernel
-    && sc.exe start AsrIbDrv.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/2a652de6b680d5ad92376ad323021850dab2c653abf06edf26120f7714b8e08a.yara
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: 31797996-6973-402d-a4a0-d01ce51e02c0
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: a2bb232491925c750971c731b5fe0769
-    SHA1: dd71b95f82ae2c31008da781c4de64d6059c5fca
-    SHA256: b8d748834fb982fa033cd2671843de727999b21fad30979ac4acc4828910ef8b
-  Company: RW-Everything
-  Copyright: Copyright (C) 2008 RW-Everything
-  CreationTimestamp: '2011-06-03 01:33:22'
-  Date: ''
-  Description: RW-Everything Read & Write Driver
-  ExportedFunctions: ''
-  FileVersion: '1.00.00.0000 built by: WinDDK'
-  Filename: AsrIbDrv.sys
-  ImportedFunctions:
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - MmFreeContiguousMemorySpecifyCache
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - RtlQueryRegistryValues
-  - MmUnmapIoSpace
-  - IoFreeMdl
-  - MmGetPhysicalAddress
-  - IoBuildAsynchronousFsdRequest
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - IoFreeIrp
-  - RtlCompareMemory
-  - MmUnlockPages
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - MmAllocateContiguousMemorySpecifyCache
-  - IofCallDriver
-  - KeBugCheckEx
-  - ExAllocatePoolWithTag
-  - KeStallExecutionProcessor
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: RwDrv.sys
-  MD5: 5bab40019419a2713298a5c9173e5d30
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: RwDrv.sys
-  Product: RW-Everything Read & Write Driver
-  ProductVersion: 1.00.00.0000
-  Publisher: ASROCK Incorporation
-  RichPEHeaderHash:
-    MD5: a84c01eca8a6ca8e5221dbca3000c16e
-    SHA1: ff0ae5ad07f99ad2ac40b53c5215335a5d84e926
-    SHA256: 961a144592952461a785ff1f4d4f55c4132016b9fbbce3d881edf6131038533b
-  SHA1: 2d503a2457a787014a1fdd48a2ece2e6cbe98ea7
-  SHA256: 2a652de6b680d5ad92376ad323021850dab2c653abf06edf26120f7714b8e08a
-  Sections:
-    .text:
-      Entropy: 6.334876452209388
-      Virtual Size: '0x1a28'
-    .rdata:
-      Entropy: 4.623173422623631
-      Virtual Size: '0x244'
-    .data:
-      Entropy: 0.46979092711892695
-      Virtual Size: '0x130'
-    .pdata:
-      Entropy: 3.699130454305684
-      Virtual Size: '0xf0'
-    INIT:
-      Entropy: 5.396099208639449
-      Virtual Size: '0x4c8'
-    .rsrc:
-      Entropy: 3.3169950909252863
-      Virtual Size: '0x3c0'
-  Signature:
-  - ASROCK Incorporation
-  - VeriSign Class 3 Code Signing 2010 CA
-  - VeriSign
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=TW, ST=TAIWAN, L=Taipei, O=ASROCK Incorporation, OU=Digital ID Class
-        3 , Microsoft Software Validation v2, CN=ASROCK Incorporation
-      ValidFrom: '2011-03-07 00:00:00'
-      ValidTo: '2014-04-03 23:59:59'
-      Signature: e457550022e1dc5fe5a4f5162ea4664b819458f2359662f932d0d95e5ea6fd9ddafef2e213e9b4a46fa9acd6d5a07919479d127beb7ec1c11f0bc376b8ebfa7f815ec4f9b97646c2297359d2d8fda71a21143f33696ca8f3e1f830ef73cddea63b38fe440779ac5ef4885c3e5158183efbd50ecac394edbe86ad65c8245bf56719cd0dd5a13b2baad92c65ab6b2fbfc7aad423fc082e067d6080a3fbc634e58361bb6aa25ef376c78795d025f425faf64d8771549f3f7acfa1a55d4d7c4d8da57cd78411925d37a515cccbd1f978fb26abd268b80ff67b64bd4262e63b04d4015c8af232d9f117bfcec950c5612adbbcd70106d5712f5c70c131fbd19db21e6c
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 45dfec7bb3d378c97feb24efd699bb4e
-      Version: 3
-      TBS:
-        MD5: 544af7037e76dccfe47a9dffd9b847fd
-        SHA1: ea7dceadac1b76a4a0ed5624632072f8aa6ce02c
-        SHA256: 87f5b27417a56e4175d0e0acb7a831961963fad217e5d82fbf699287e8fdab25
-        SHA384: 2b6eb82e226dcec715cc7c98e2bf9a9a0dcb3f4e471827fe95d9dbd452ce459c6ae9525771c673800fa84b679b14db89
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 45dfec7bb3d378c97feb24efd699bb4e
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 9d7183c1d8107495354c4fad9dae3452
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create AsrIbDrv.sys binPath=C:\windows\temp\AsrIbDrv.sys type=kernel
+        && sc.exe start AsrIbDrv.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://github.com/namazso/physmem_drivers
-Tags:
-- AsrIbDrv.sys
-Verified: 'TRUE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/2a652de6b680d5ad92376ad323021850dab2c653abf06edf26120f7714b8e08a.yara
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: a2bb232491925c750971c731b5fe0769
+        SHA1: dd71b95f82ae2c31008da781c4de64d6059c5fca
+        SHA256: b8d748834fb982fa033cd2671843de727999b21fad30979ac4acc4828910ef8b
+    Company: RW-Everything
+    Copyright: Copyright (C) 2008 RW-Everything
+    CreationTimestamp: '2011-06-03 01:33:22'
+    Date: ''
+    Description: RW-Everything Read & Write Driver
+    ExportedFunctions: ''
+    FileVersion: '1.00.00.0000 built by: WinDDK'
+    Filename: AsrIbDrv.sys
+    ImportedFunctions:
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - MmFreeContiguousMemorySpecifyCache
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - RtlQueryRegistryValues
+    - MmUnmapIoSpace
+    - IoFreeMdl
+    - MmGetPhysicalAddress
+    - IoBuildAsynchronousFsdRequest
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - IoFreeIrp
+    - RtlCompareMemory
+    - MmUnlockPages
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - MmAllocateContiguousMemorySpecifyCache
+    - IofCallDriver
+    - KeBugCheckEx
+    - ExAllocatePoolWithTag
+    - KeStallExecutionProcessor
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: RwDrv.sys
+    MD5: 5bab40019419a2713298a5c9173e5d30
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: RwDrv.sys
+    Product: RW-Everything Read & Write Driver
+    ProductVersion: 1.00.00.0000
+    Publisher: ASROCK Incorporation
+    RichPEHeaderHash:
+        MD5: a84c01eca8a6ca8e5221dbca3000c16e
+        SHA1: ff0ae5ad07f99ad2ac40b53c5215335a5d84e926
+        SHA256: 961a144592952461a785ff1f4d4f55c4132016b9fbbce3d881edf6131038533b
+    SHA1: 2d503a2457a787014a1fdd48a2ece2e6cbe98ea7
+    SHA256: 2a652de6b680d5ad92376ad323021850dab2c653abf06edf26120f7714b8e08a
+    Sections:
+        .text:
+            Entropy: 6.334876452209388
+            Virtual Size: '0x1a28'
+        .rdata:
+            Entropy: 4.623173422623631
+            Virtual Size: '0x244'
+        .data:
+            Entropy: 0.46979092711892695
+            Virtual Size: '0x130'
+        .pdata:
+            Entropy: 3.699130454305684
+            Virtual Size: '0xf0'
+        INIT:
+            Entropy: 5.396099208639449
+            Virtual Size: '0x4c8'
+        .rsrc:
+            Entropy: 3.3169950909252863
+            Virtual Size: '0x3c0'
+    Signature:
+    - ASROCK Incorporation
+    - VeriSign Class 3 Code Signing 2010 CA
+    - VeriSign
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=TW, ST=TAIWAN, L=Taipei, O=ASROCK Incorporation, OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, CN=ASROCK Incorporation
+            ValidFrom: '2011-03-07 00:00:00'
+            ValidTo: '2014-04-03 23:59:59'
+            Signature: e457550022e1dc5fe5a4f5162ea4664b819458f2359662f932d0d95e5ea6fd9ddafef2e213e9b4a46fa9acd6d5a07919479d127beb7ec1c11f0bc376b8ebfa7f815ec4f9b97646c2297359d2d8fda71a21143f33696ca8f3e1f830ef73cddea63b38fe440779ac5ef4885c3e5158183efbd50ecac394edbe86ad65c8245bf56719cd0dd5a13b2baad92c65ab6b2fbfc7aad423fc082e067d6080a3fbc634e58361bb6aa25ef376c78795d025f425faf64d8771549f3f7acfa1a55d4d7c4d8da57cd78411925d37a515cccbd1f978fb26abd268b80ff67b64bd4262e63b04d4015c8af232d9f117bfcec950c5612adbbcd70106d5712f5c70c131fbd19db21e6c
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 45dfec7bb3d378c97feb24efd699bb4e
+            Version: 3
+            TBS:
+                MD5: 544af7037e76dccfe47a9dffd9b847fd
+                SHA1: ea7dceadac1b76a4a0ed5624632072f8aa6ce02c
+                SHA256: 87f5b27417a56e4175d0e0acb7a831961963fad217e5d82fbf699287e8fdab25
+                SHA384: 2b6eb82e226dcec715cc7c98e2bf9a9a0dcb3f4e471827fe95d9dbd452ce459c6ae9525771c673800fa84b679b14db89
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 45dfec7bb3d378c97feb24efd699bb4e
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 9d7183c1d8107495354c4fad9dae3452
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/31a962ce-43ef-410f-873a-7ccc8f00332b.yaml b/yaml/31a962ce-43ef-410f-873a-7ccc8f00332b.yaml
index 1a0c77d08..51ebbbfc3 100644
--- a/yaml/31a962ce-43ef-410f-873a-7ccc8f00332b.yaml
+++ b/yaml/31a962ce-43ef-410f-873a-7ccc8f00332b.yaml
@@ -1,35 +1,35 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 31a962ce-43ef-410f-873a-7ccc8f00332b
+Tags:
+- t3.sys
+Verified: 'FALSE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create t3.sys binPath=C:\windows\temp\t3.sys type=kernel && sc.exe
-    start t3.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection: []
-Id: 31a962ce-43ef-410f-873a-7ccc8f00332b
-KnownVulnerableSamples:
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: t3.sys
-  MachineType: ''
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA256: 4cff6e53430b81ecc4fae453e59a0353bcfe73dd5780abfc35f299c16a97998e
-  Signature: []
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create t3.sys binPath=C:\windows\temp\t3.sys type=kernel && sc.exe
+        start t3.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules
-Tags:
-- t3.sys
-Verified: 'FALSE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: t3.sys
+    MachineType: ''
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA256: 4cff6e53430b81ecc4fae453e59a0353bcfe73dd5780abfc35f299c16a97998e
+    Signature: []
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/3277cecc-f4b4-4a00-be01-9da83e013bcd.yaml b/yaml/3277cecc-f4b4-4a00-be01-9da83e013bcd.yaml
index a247d6050..2b7c090b3 100644
--- a/yaml/3277cecc-f4b4-4a00-be01-9da83e013bcd.yaml
+++ b/yaml/3277cecc-f4b4-4a00-be01-9da83e013bcd.yaml
@@ -1,234 +1,234 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 3277cecc-f4b4-4a00-be01-9da83e013bcd
+Tags:
+- wantd_5.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: malicious
-Commands:
-  Command: sc.exe create wantd_5.sys binPath=C:\windows\temp\wantd_5.sys type=kernel
-    && sc.exe start wantd_5.sys
-  Description: Driver used in the Daxin malware campaign.
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-02-28'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/b9dad0131c51e2645e761b74a71ebad2bf175645fa9f42a4ab0e6921b83306e3.yara
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_mal_drivers_strict.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: 3277cecc-f4b4-4a00-be01-9da83e013bcd
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 7c35b7a9bf59a63b84f252906732edde
-    SHA1: ea0d2851b890d39d85bfb0dd1404c87f73aed47f
-    SHA256: 448a507774886c1745beaa86cd0867d93f142f5d2b58d452c5a8250d93359779
-  Company: Microsoft Corporation
-  Copyright: Microsoft Corporation. All rights reserved.
-  CreationTimestamp: '2013-11-27 16:59:02'
-  Date: ''
-  Description: WAN Transport Driver
-  ExportedFunctions: ''
-  FileVersion: 6.1.7600.1172
-  Filename: wantd_5.sys
-  ImportedFunctions:
-  - wcsncmp
-  - IoAllocateMdl
-  - _stricmp
-  - sprintf
-  - RtlLengthRequiredSid
-  - _strnicmp
-  - ExAllocatePoolWithTag
-  - vsprintf
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - RtlAnsiStringToUnicodeString
-  - NtWriteFile
-  - RtlCreateAcl
-  - PsLookupProcessByProcessId
-  - NtQuerySystemInformation
-  - _wcsnicmp
-  - ZwReadFile
-  - RtlSetDaclSecurityDescriptor
-  - KeInitializeApc
-  - IoDeleteDevice
-  - NtFsControlFile
-  - KeInsertQueueApc
-  - MmGetSystemRoutineAddress
-  - IoCreateFile
-  - atoi
-  - _snprintf
-  - ZwQuerySystemInformation
-  - KeReleaseSpinLock
-  - RtlAddAccessAllowedAce
-  - RtlImageDirectoryEntryToData
-  - KeDetachProcess
-  - ZwOpenFile
-  - ZwCreateFile
-  - PsCreateSystemThread
-  - ZwQueryValueKey
-  - PsTerminateSystemThread
-  - ZwFreeVirtualMemory
-  - KeQueryTimeIncrement
-  - ObReferenceObjectByHandle
-  - KeWaitForSingleObject
-  - KeAttachProcess
-  - PsGetVersion
-  - PsThreadType
-  - RtlCompareUnicodeString
-  - ZwOpenProcess
-  - ZwQueryInformationProcess
-  - IoCreateSymbolicLink
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - ZwTerminateProcess
-  - ZwQueryInformationFile
-  - KeWaitForMultipleObjects
-  - ZwWriteFile
-  - NtReadFile
-  - PsLookupThreadByThreadId
-  - RtlLengthSid
-  - RtlCreateSecurityDescriptor
-  - ZwAllocateVirtualMemory
-  - ZwOpenKey
-  - KeAcquireSpinLockRaiseToDpc
-  - RtlUnicodeStringToInteger
-  - MmIsAddressValid
-  - ZwDeviceIoControlFile
-  - IofCompleteRequest
-  - ZwClose
-  - MmMapLockedPagesSpecifyCache
-  - KeDelayExecutionThread
-  - MmUserProbeAddress
-  - MmBuildMdlForNonPagedPool
-  - memchr
-  - ZwWaitForSingleObject
-  - RtlInitUnicodeString
-  - NdisAllocateMemoryWithTag
-  - NdisAllocateNetBufferAndNetBufferList
-  - NdisMSendNetBufferListsComplete
-  - NdisReturnNetBufferLists
-  - NdisAllocateNetBufferListPool
-  - NdisFreeMemory
-  - NdisMIndicateStatus
-  - NdisFreeMdl
-  - NdisFreeNetBufferListPool
-  - NdisFreeNetBufferList
-  - NdisSendNetBufferLists
-  Imports:
-  - ntoskrnl.exe
-  - NDIS.SYS
-  InternalName: wantd.sys
-  MD5: 6d131a7462e568213b44ef69156f10a5
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: wantd.sys
-  Product: Microsoft Windows Operating System
-  ProductVersion: 6.1.7600.1172
-  Publisher: Anhua Xinda (Beijing) Technology Co., Ltd.
-  RichPEHeaderHash:
-    MD5: 8cdd468850a9084b109fb26005e28d1f
-    SHA1: abee83f631fc7792dc07a572a003c103903f305e
-    SHA256: aa49c3910540c2edd0e4a9154e5741d5cc65662a1364616e057ca3fc74243755
-  SHA1: 25bf4e30a94df9b8f8ab900d1a43fd056d285c9d
-  SHA256: b9dad0131c51e2645e761b74a71ebad2bf175645fa9f42a4ab0e6921b83306e3
-  Sections:
-    .text:
-      Entropy: 6.377473699773856
-      Virtual Size: '0xd88c'
-    .rdata:
-      Entropy: 4.702371843577182
-      Virtual Size: '0x84c'
-    .data:
-      Entropy: 1.0571423331776753
-      Virtual Size: '0x12590'
-    .pdata:
-      Entropy: 4.5393227380510455
-      Virtual Size: '0x8c4'
-    INIT:
-      Entropy: 5.794638723454717
-      Virtual Size: '0xd8c'
-    .rsrc:
-      Entropy: 3.262685485179719
-      Virtual Size: '0x3b0'
-  Signature: The digital signature of the object did not verify.
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=CN, ST=Beijing, L=Beijing, O=Anhua Xinda (Beijing) Technology Co.,
-        Ltd., OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=Anhua Xinda
-        (Beijing) Technology Co., Ltd.
-      ValidFrom: '2011-06-28 00:00:00'
-      ValidTo: '2014-06-27 23:59:59'
-      Signature: 75446640570a5790bb9af0f472df1738c47e362aedd568599f66a121e1c27b51008ca2e0d72ed727e61ee0c76a578dc56de22c5ee58136db144fc68aca0fd0196d70716bd8c9d19b5fdd8a147d749367a953604b24502efdd039577033df13b8d20a8cc7ca4829a303c11e7f6bf3c370d98b64b875ca3745546285bb70c204467968b1c4a416b0636c590dff6f7a3091ed00351c626e32e859bdd58d363940a5ed33d121e423d2ba1b8ad85c5c1296e23d627e0aafe9268945bce9567c38719621eecdde83a74139fb3e0920a32e558fd64c0149cfec10f4b82fdcc8cdaed4011977c2169035b71edc68fabaf43d59f989ee5d97ec94eaa05ef2a62bfc480fa9
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 387c9476e28320264594846317d46540
-      Version: 3
-      TBS:
-        MD5: ce372214eabe9d311e4a156fe2044327
-        SHA1: 7f7eb1a547c9b0b2e41b0f44515dfd20c16edceb
-        SHA256: 03d59cc81c6960a93ab4b02e5521aa9fb349e8d7df9dfdf675201e48c23b5a34
-        SHA384: 4b8829bc6980e82affeb7ad29efb59fc3ca9b02d015e6c0f385b9f2cf275609cd45936659f41fce579c073e34c2ca308
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 387c9476e28320264594846317d46540
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: c32d9a9af7f702814e1368c689877f3a
-  LoadsDespiteHVCI: 'TRUE'
 MitreID: T1068
+Category: malicious
+Commands:
+    Command: sc.exe create wantd_5.sys binPath=C:\windows\temp\wantd_5.sys type=kernel
+        && sc.exe start wantd_5.sys
+    Description: Driver used in the Daxin malware campaign.
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://gist.github.com/MHaggis/9ab3bb795a6018d70fb11fa7c31f8f48
 - https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/daxin-backdoor-espionage
 - ''
-Tags:
-- wantd_5.sys
-Verified: 'TRUE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/b9dad0131c51e2645e761b74a71ebad2bf175645fa9f42a4ab0e6921b83306e3.yara
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_mal_drivers_strict.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 7c35b7a9bf59a63b84f252906732edde
+        SHA1: ea0d2851b890d39d85bfb0dd1404c87f73aed47f
+        SHA256: 448a507774886c1745beaa86cd0867d93f142f5d2b58d452c5a8250d93359779
+    Company: Microsoft Corporation
+    Copyright: Microsoft Corporation. All rights reserved.
+    CreationTimestamp: '2013-11-27 16:59:02'
+    Date: ''
+    Description: WAN Transport Driver
+    ExportedFunctions: ''
+    FileVersion: 6.1.7600.1172
+    Filename: wantd_5.sys
+    ImportedFunctions:
+    - wcsncmp
+    - IoAllocateMdl
+    - _stricmp
+    - sprintf
+    - RtlLengthRequiredSid
+    - _strnicmp
+    - ExAllocatePoolWithTag
+    - vsprintf
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - RtlAnsiStringToUnicodeString
+    - NtWriteFile
+    - RtlCreateAcl
+    - PsLookupProcessByProcessId
+    - NtQuerySystemInformation
+    - _wcsnicmp
+    - ZwReadFile
+    - RtlSetDaclSecurityDescriptor
+    - KeInitializeApc
+    - IoDeleteDevice
+    - NtFsControlFile
+    - KeInsertQueueApc
+    - MmGetSystemRoutineAddress
+    - IoCreateFile
+    - atoi
+    - _snprintf
+    - ZwQuerySystemInformation
+    - KeReleaseSpinLock
+    - RtlAddAccessAllowedAce
+    - RtlImageDirectoryEntryToData
+    - KeDetachProcess
+    - ZwOpenFile
+    - ZwCreateFile
+    - PsCreateSystemThread
+    - ZwQueryValueKey
+    - PsTerminateSystemThread
+    - ZwFreeVirtualMemory
+    - KeQueryTimeIncrement
+    - ObReferenceObjectByHandle
+    - KeWaitForSingleObject
+    - KeAttachProcess
+    - PsGetVersion
+    - PsThreadType
+    - RtlCompareUnicodeString
+    - ZwOpenProcess
+    - ZwQueryInformationProcess
+    - IoCreateSymbolicLink
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - ZwTerminateProcess
+    - ZwQueryInformationFile
+    - KeWaitForMultipleObjects
+    - ZwWriteFile
+    - NtReadFile
+    - PsLookupThreadByThreadId
+    - RtlLengthSid
+    - RtlCreateSecurityDescriptor
+    - ZwAllocateVirtualMemory
+    - ZwOpenKey
+    - KeAcquireSpinLockRaiseToDpc
+    - RtlUnicodeStringToInteger
+    - MmIsAddressValid
+    - ZwDeviceIoControlFile
+    - IofCompleteRequest
+    - ZwClose
+    - MmMapLockedPagesSpecifyCache
+    - KeDelayExecutionThread
+    - MmUserProbeAddress
+    - MmBuildMdlForNonPagedPool
+    - memchr
+    - ZwWaitForSingleObject
+    - RtlInitUnicodeString
+    - NdisAllocateMemoryWithTag
+    - NdisAllocateNetBufferAndNetBufferList
+    - NdisMSendNetBufferListsComplete
+    - NdisReturnNetBufferLists
+    - NdisAllocateNetBufferListPool
+    - NdisFreeMemory
+    - NdisMIndicateStatus
+    - NdisFreeMdl
+    - NdisFreeNetBufferListPool
+    - NdisFreeNetBufferList
+    - NdisSendNetBufferLists
+    Imports:
+    - ntoskrnl.exe
+    - NDIS.SYS
+    InternalName: wantd.sys
+    MD5: 6d131a7462e568213b44ef69156f10a5
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: wantd.sys
+    Product: Microsoft Windows Operating System
+    ProductVersion: 6.1.7600.1172
+    Publisher: Anhua Xinda (Beijing) Technology Co., Ltd.
+    RichPEHeaderHash:
+        MD5: 8cdd468850a9084b109fb26005e28d1f
+        SHA1: abee83f631fc7792dc07a572a003c103903f305e
+        SHA256: aa49c3910540c2edd0e4a9154e5741d5cc65662a1364616e057ca3fc74243755
+    SHA1: 25bf4e30a94df9b8f8ab900d1a43fd056d285c9d
+    SHA256: b9dad0131c51e2645e761b74a71ebad2bf175645fa9f42a4ab0e6921b83306e3
+    Sections:
+        .text:
+            Entropy: 6.377473699773856
+            Virtual Size: '0xd88c'
+        .rdata:
+            Entropy: 4.702371843577182
+            Virtual Size: '0x84c'
+        .data:
+            Entropy: 1.0571423331776753
+            Virtual Size: '0x12590'
+        .pdata:
+            Entropy: 4.5393227380510455
+            Virtual Size: '0x8c4'
+        INIT:
+            Entropy: 5.794638723454717
+            Virtual Size: '0xd8c'
+        .rsrc:
+            Entropy: 3.262685485179719
+            Virtual Size: '0x3b0'
+    Signature: The digital signature of the object did not verify.
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=CN, ST=Beijing, L=Beijing, O=Anhua Xinda (Beijing) Technology
+                Co., Ltd., OU=Digital ID Class 3 , Microsoft Software Validation v2,
+                CN=Anhua Xinda (Beijing) Technology Co., Ltd.
+            ValidFrom: '2011-06-28 00:00:00'
+            ValidTo: '2014-06-27 23:59:59'
+            Signature: 75446640570a5790bb9af0f472df1738c47e362aedd568599f66a121e1c27b51008ca2e0d72ed727e61ee0c76a578dc56de22c5ee58136db144fc68aca0fd0196d70716bd8c9d19b5fdd8a147d749367a953604b24502efdd039577033df13b8d20a8cc7ca4829a303c11e7f6bf3c370d98b64b875ca3745546285bb70c204467968b1c4a416b0636c590dff6f7a3091ed00351c626e32e859bdd58d363940a5ed33d121e423d2ba1b8ad85c5c1296e23d627e0aafe9268945bce9567c38719621eecdde83a74139fb3e0920a32e558fd64c0149cfec10f4b82fdcc8cdaed4011977c2169035b71edc68fabaf43d59f989ee5d97ec94eaa05ef2a62bfc480fa9
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 387c9476e28320264594846317d46540
+            Version: 3
+            TBS:
+                MD5: ce372214eabe9d311e4a156fe2044327
+                SHA1: 7f7eb1a547c9b0b2e41b0f44515dfd20c16edceb
+                SHA256: 03d59cc81c6960a93ab4b02e5521aa9fb349e8d7df9dfdf675201e48c23b5a34
+                SHA384: 4b8829bc6980e82affeb7ad29efb59fc3ca9b02d015e6c0f385b9f2cf275609cd45936659f41fce579c073e34c2ca308
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 387c9476e28320264594846317d46540
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: c32d9a9af7f702814e1368c689877f3a
+    LoadsDespiteHVCI: 'TRUE'
diff --git a/yaml/32ccd436-eb13-4ab3-83d4-3e5471f4e364.yaml b/yaml/32ccd436-eb13-4ab3-83d4-3e5471f4e364.yaml
index eb589dc5e..d1f61882c 100644
--- a/yaml/32ccd436-eb13-4ab3-83d4-3e5471f4e364.yaml
+++ b/yaml/32ccd436-eb13-4ab3-83d4-3e5471f4e364.yaml
@@ -1,252 +1,253 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 32ccd436-eb13-4ab3-83d4-3e5471f4e364
+Tags:
+- AsrDrv103.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create AsrDrv103.sys binPath=C:\windows\temp\AsrDrv103.sys type=kernel
-    && sc.exe start AsrDrv103.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/2003b478b9fd1b3d76ec5bf4172c2e8915babbbee7ad1783794acbf8d4c2519d.yara
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: 32ccd436-eb13-4ab3-83d4-3e5471f4e364
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: bb59340eceecb279389290775536523a
-    SHA1: b3410021ea5a46818d9ff05a96c2809a9abe8e4a
-    SHA256: b6bf2460e023b1005cc60e107b14a3cfdf9284cc378a086d92e5dcdf6e432e2c
-  Company: ASRock Incorporation
-  Copyright: Copyright (C) 2012 ASRock Incorporation
-  CreationTimestamp: '2016-04-08 21:22:23'
-  Date: ''
-  Description: ASRock IO Driver
-  ExportedFunctions: ''
-  FileVersion: '1.00.00.0000 built by: WinDDK'
-  Filename: AsrDrv103.sys
-  ImportedFunctions:
-  - RtlQueryRegistryValues
-  - MmUnmapIoSpace
-  - IoFreeMdl
-  - MmGetPhysicalAddress
-  - IoBuildAsynchronousFsdRequest
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - IoFreeIrp
-  - RtlCompareMemory
-  - MmUnlockPages
-  - IoCreateSymbolicLink
-  - MmAllocateContiguousMemorySpecifyCache
-  - IofCallDriver
-  - KeBugCheckEx
-  - IoDeleteDevice
-  - MmGetSystemRoutineAddress
-  - IoCreateDevice
-  - ZwClose
-  - ObOpenObjectByPointer
-  - ZwSetSecurityObject
-  - IoDeviceObjectType
-  - _snwprintf
-  - RtlLengthSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - RtlCreateSecurityDescriptor
-  - RtlSetDaclSecurityDescriptor
-  - RtlAbsoluteToSelfRelativeSD
-  - IoIsWdmVersionAvailable
-  - SeExports
-  - wcschr
-  - _wcsnicmp
-  - RtlLengthSid
-  - RtlAddAccessAllowedAce
-  - RtlGetSaclSecurityDescriptor
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - ZwOpenKey
-  - ZwCreateKey
-  - ZwQueryValueKey
-  - ZwSetValueKey
-  - RtlFreeUnicodeString
-  - RtlInitUnicodeString
-  - MmFreeContiguousMemorySpecifyCache
-  - ExFreePoolWithTag
-  - IoDeleteSymbolicLink
-  - ExAllocatePoolWithTag
-  - KeStallExecutionProcessor
-  - BCryptCloseAlgorithmProvider
-  - BCryptGenerateSymmetricKey
-  - BCryptOpenAlgorithmProvider
-  - BCryptDecrypt
-  - BCryptDestroyKey
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  - cng.sys
-  InternalName: AsrDrv.sys
-  MD5: 7c72a7e1d42b0790773efd8700e24952
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: AsrDrv.sys
-  Product: ASRock IO Driver
-  ProductVersion: 1.00.00.0000
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 6540c04d181ea1395978a08c3d816451
-    SHA1: b3b7c684121b40f53751e0b7757ec248ef0670b4
-    SHA256: c68faaf4251928872474abfd81ef5ce8a2b5e5bd48c2edb586a4d2e518baa09d
-  SHA1: 15d1a6a904c8409fb47a82aefa42f8c3c7d8c370
-  SHA256: 2003b478b9fd1b3d76ec5bf4172c2e8915babbbee7ad1783794acbf8d4c2519d
-  Sections:
-    .text:
-      Entropy: 6.3051619106052055
-      Virtual Size: '0x2238'
-    .rdata:
-      Entropy: 4.489737477422066
-      Virtual Size: '0x7c4'
-    .data:
-      Entropy: 1.3791658791138062
-      Virtual Size: '0x31c'
-    .pdata:
-      Entropy: 4.2004883967539595
-      Virtual Size: '0x2b8'
-    PAGE:
-      Entropy: 6.220333128676603
-      Virtual Size: '0x1a47'
-    INIT:
-      Entropy: 5.432528075542002
-      Virtual Size: '0x93a'
-    .rsrc:
-      Entropy: 3.2917593657396744
-      Virtual Size: '0x3a0'
-    .reloc:
-      Entropy: 1.2280731978955797
-      Virtual Size: '0x60'
-  Signature:
-  - ASROCK Incorporation
-  - VeriSign Class 3 Code Signing 2010 CA
-  - VeriSign
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=TW, ST=TAIWAN, L=Taipei, O=ASROCK Incorporation, OU=Digital ID Class
-        3 , Microsoft Software Validation v2, CN=ASROCK Incorporation
-      ValidFrom: '2014-03-07 00:00:00'
-      ValidTo: '2017-05-05 23:59:59'
-      Signature: 1a2d36e51fc7012c4b1548f12a0b4dbef774c3662171e0e1779f412648292619a8d74f8603af4fff5516d4859e7a26de9f0f688b2714b64ff296e56165afb0781c9a9dd23220d939c15cc218fe29d63d9ccd12f74127268c027d4041d392cad853e9da0a6d9379ac46efa8fe2099da7c49374b6c416139038143a94cc56334fad15ccbba2a821a22591d2c5b1449999e40af21e4f8280485d02056d904740e5c73a36e30c43376e7dbc8d0ccb7520e4bffc6501d0c0674a684398281b23d7dcb4386721fdece5817c74509fe6cc86751cd28e255dd47de330646d6bfe863fc50c773b90078f0332c3a02539c9e82b5e793c288063f91ed5f2036eb6cd4eae9e0
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03ffdaa3aac322387d7eb98acf9524bf
-      Version: 3
-      TBS:
-        MD5: 987b0fb90b05c0b59ba66fb1527c27e3
-        SHA1: 1b5d5279beed01b2355731588b1a26da29218b55
-        SHA256: b3cd9f313e55fce2d39d25dbe303777e5db9d0c01448dcd9ac70c2355bb5b4ea
-        SHA384: 4bb9546cdd73e2bff4224e021b54318e708c822a1a773a9e7246a46054aba1dd14c1651e8f01f5661b4ff4a3241c32ff
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 03ffdaa3aac322387d7eb98acf9524bf
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 88e21ed9e717781eaf87209acbdbb567
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create AsrDrv103.sys binPath=C:\windows\temp\AsrDrv103.sys type=kernel
+        && sc.exe start AsrDrv103.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://github.com/eclypsium/Screwed-Drivers/blob/master/DRIVERS.md
-Tags:
-- AsrDrv103.sys
-Verified: 'TRUE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/2003b478b9fd1b3d76ec5bf4172c2e8915babbbee7ad1783794acbf8d4c2519d.yara
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: bb59340eceecb279389290775536523a
+        SHA1: b3410021ea5a46818d9ff05a96c2809a9abe8e4a
+        SHA256: b6bf2460e023b1005cc60e107b14a3cfdf9284cc378a086d92e5dcdf6e432e2c
+    Company: ASRock Incorporation
+    Copyright: Copyright (C) 2012 ASRock Incorporation
+    CreationTimestamp: '2016-04-08 21:22:23'
+    Date: ''
+    Description: ASRock IO Driver
+    ExportedFunctions: ''
+    FileVersion: '1.00.00.0000 built by: WinDDK'
+    Filename: AsrDrv103.sys
+    ImportedFunctions:
+    - RtlQueryRegistryValues
+    - MmUnmapIoSpace
+    - IoFreeMdl
+    - MmGetPhysicalAddress
+    - IoBuildAsynchronousFsdRequest
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - IoFreeIrp
+    - RtlCompareMemory
+    - MmUnlockPages
+    - IoCreateSymbolicLink
+    - MmAllocateContiguousMemorySpecifyCache
+    - IofCallDriver
+    - KeBugCheckEx
+    - IoDeleteDevice
+    - MmGetSystemRoutineAddress
+    - IoCreateDevice
+    - ZwClose
+    - ObOpenObjectByPointer
+    - ZwSetSecurityObject
+    - IoDeviceObjectType
+    - _snwprintf
+    - RtlLengthSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - RtlCreateSecurityDescriptor
+    - RtlSetDaclSecurityDescriptor
+    - RtlAbsoluteToSelfRelativeSD
+    - IoIsWdmVersionAvailable
+    - SeExports
+    - wcschr
+    - _wcsnicmp
+    - RtlLengthSid
+    - RtlAddAccessAllowedAce
+    - RtlGetSaclSecurityDescriptor
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - ZwOpenKey
+    - ZwCreateKey
+    - ZwQueryValueKey
+    - ZwSetValueKey
+    - RtlFreeUnicodeString
+    - RtlInitUnicodeString
+    - MmFreeContiguousMemorySpecifyCache
+    - ExFreePoolWithTag
+    - IoDeleteSymbolicLink
+    - ExAllocatePoolWithTag
+    - KeStallExecutionProcessor
+    - BCryptCloseAlgorithmProvider
+    - BCryptGenerateSymmetricKey
+    - BCryptOpenAlgorithmProvider
+    - BCryptDecrypt
+    - BCryptDestroyKey
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    - cng.sys
+    InternalName: AsrDrv.sys
+    MD5: 7c72a7e1d42b0790773efd8700e24952
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: AsrDrv.sys
+    Product: ASRock IO Driver
+    ProductVersion: 1.00.00.0000
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 6540c04d181ea1395978a08c3d816451
+        SHA1: b3b7c684121b40f53751e0b7757ec248ef0670b4
+        SHA256: c68faaf4251928872474abfd81ef5ce8a2b5e5bd48c2edb586a4d2e518baa09d
+    SHA1: 15d1a6a904c8409fb47a82aefa42f8c3c7d8c370
+    SHA256: 2003b478b9fd1b3d76ec5bf4172c2e8915babbbee7ad1783794acbf8d4c2519d
+    Sections:
+        .text:
+            Entropy: 6.3051619106052055
+            Virtual Size: '0x2238'
+        .rdata:
+            Entropy: 4.489737477422066
+            Virtual Size: '0x7c4'
+        .data:
+            Entropy: 1.3791658791138062
+            Virtual Size: '0x31c'
+        .pdata:
+            Entropy: 4.2004883967539595
+            Virtual Size: '0x2b8'
+        PAGE:
+            Entropy: 6.220333128676603
+            Virtual Size: '0x1a47'
+        INIT:
+            Entropy: 5.432528075542002
+            Virtual Size: '0x93a'
+        .rsrc:
+            Entropy: 3.2917593657396744
+            Virtual Size: '0x3a0'
+        .reloc:
+            Entropy: 1.2280731978955797
+            Virtual Size: '0x60'
+    Signature:
+    - ASROCK Incorporation
+    - VeriSign Class 3 Code Signing 2010 CA
+    - VeriSign
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=TW, ST=TAIWAN, L=Taipei, O=ASROCK Incorporation, OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, CN=ASROCK Incorporation
+            ValidFrom: '2014-03-07 00:00:00'
+            ValidTo: '2017-05-05 23:59:59'
+            Signature: 1a2d36e51fc7012c4b1548f12a0b4dbef774c3662171e0e1779f412648292619a8d74f8603af4fff5516d4859e7a26de9f0f688b2714b64ff296e56165afb0781c9a9dd23220d939c15cc218fe29d63d9ccd12f74127268c027d4041d392cad853e9da0a6d9379ac46efa8fe2099da7c49374b6c416139038143a94cc56334fad15ccbba2a821a22591d2c5b1449999e40af21e4f8280485d02056d904740e5c73a36e30c43376e7dbc8d0ccb7520e4bffc6501d0c0674a684398281b23d7dcb4386721fdece5817c74509fe6cc86751cd28e255dd47de330646d6bfe863fc50c773b90078f0332c3a02539c9e82b5e793c288063f91ed5f2036eb6cd4eae9e0
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03ffdaa3aac322387d7eb98acf9524bf
+            Version: 3
+            TBS:
+                MD5: 987b0fb90b05c0b59ba66fb1527c27e3
+                SHA1: 1b5d5279beed01b2355731588b1a26da29218b55
+                SHA256: b3cd9f313e55fce2d39d25dbe303777e5db9d0c01448dcd9ac70c2355bb5b4ea
+                SHA384: 4bb9546cdd73e2bff4224e021b54318e708c822a1a773a9e7246a46054aba1dd14c1651e8f01f5661b4ff4a3241c32ff
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 03ffdaa3aac322387d7eb98acf9524bf
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 88e21ed9e717781eaf87209acbdbb567
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/33a9c9ae-5ca3-442d-9f0f-2615637c1c57.yaml b/yaml/33a9c9ae-5ca3-442d-9f0f-2615637c1c57.yaml
index 51f42a199..8f2ab97e6 100644
--- a/yaml/33a9c9ae-5ca3-442d-9f0f-2615637c1c57.yaml
+++ b/yaml/33a9c9ae-5ca3-442d-9f0f-2615637c1c57.yaml
@@ -1,160 +1,160 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 33a9c9ae-5ca3-442d-9f0f-2615637c1c57
+Tags:
+- ntbios_2.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: malicious
-Commands:
-  Command: sc.exe create ntbios_2.sys binPath=C:\windows\temp \n \n \n  tbios_2.sys
-    type=kernel && sc.exe start ntbios_2.sys
-  Description: Driver used in the Daxin malware campaign.
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-02-28'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/c0d88db11d0f529754d290ed5f4c34b4dba8c4f2e5c4148866daabeab0d25f9c.yara
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_mal_drivers_strict.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: 33a9c9ae-5ca3-442d-9f0f-2615637c1c57
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: a8e3b56b72814a842b557bfb6638b484
-    SHA1: 50231e21b8d8b2916d0fd53f3f58c6314473de1f
-    SHA256: 59177fb7a0b11837368af1cc115f0d011ea19551070bd153795204ae1bd12e52
-  Company: Microsoft Corporation
-  Copyright: "\u7248\u6743\u6240\u6709 (C) 2003"
-  CreationTimestamp: '2009-05-17 21:04:06'
-  Date: ''
-  Description: ntbios driver
-  ExportedFunctions: ''
-  FileVersion: 5, 0, 2, 1
-  Filename: ntbios_2.sys
-  ImportedFunctions:
-  - MmUnlockPages
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - IoQueueWorkItem
-  - IoAllocateWorkItem
-  - IoGetCurrentProcess
-  - _stricmp
-  - IoFreeWorkItem
-  - RtlFreeUnicodeString
-  - ZwClose
-  - ZwWriteFile
-  - ZwCreateFile
-  - RtlAnsiStringToUnicodeString
-  - _strnicmp
-  - RtlUnwind
-  - RtlCopyUnicodeString
-  - wcsncmp
-  - swprintf
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - KeInitializeSpinLock
-  - ExfInterlockedInsertTailList
-  - RtlInitUnicodeString
-  - MmMapLockedPagesSpecifyCache
-  - IoFreeMdl
-  - InterlockedDecrement
-  - InterlockedIncrement
-  - InterlockedExchange
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - ExfInterlockedRemoveHeadList
-  - IofCompleteRequest
-  - ExAllocatePoolWithTag
-  - strncmp
-  - ExFreePool
-  - KfAcquireSpinLock
-  - KfReleaseSpinLock
-  - KeInitializeApc
-  - KeInsertQueueApc
-  - KeAttachProcess
-  - KeDetachProcess
-  - NtQuerySystemInformation
-  - NdisAllocatePacket
-  - NdisCopyFromPacketToPacket
-  - NdisAllocateMemory
-  - NdisFreePacket
-  - NdisAllocateBuffer
-  - NdisSetEvent
-  - NdisResetEvent
-  - NdisFreeBufferPool
-  - NdisFreePacketPool
-  - NdisFreeMemory
-  - NdisWaitEvent
-  - NdisQueryAdapterInstanceName
-  - NdisOpenAdapter
-  - NdisInitializeEvent
-  - NdisAllocatePacketPool
-  - NdisRegisterProtocol
-  - NdisAllocateBufferPool
-  - NdisCloseAdapter
-  - NdisDeregisterProtocol
-  Imports:
-  - NTOSKRNL.EXE
-  - HAL.DLL
-  - ntoskrnl.exe
-  - NDIS.SYS
-  InternalName: ntbio.sys
-  MD5: 50b39072d0ee9af5ef4824eca34be6e3
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ntbios.sys
-  Product: ' Microsoft(R) Windows (R) NT Operating System'
-  ProductVersion: 5, 0, 2, 1
-  Publisher: n/a
-  RichPEHeaderHash:
-    MD5: ebd225fe8cf34907033d6b6123047339
-    SHA1: 642936e6d95c6231c8427a1c7a76dd99910fc635
-    SHA256: b04e0a7d507b0838174bb9df686e4ce60c5b81e183867441ed5951a5d3555510
-  SHA1: 064de88dbbea67c149e779aac05228e5405985c7
-  SHA256: c0d88db11d0f529754d290ed5f4c34b4dba8c4f2e5c4148866daabeab0d25f9c
-  Sections:
-    .text:
-      Entropy: 6.39712903422247
-      Virtual Size: '0x39c8'
-    .rdata:
-      Entropy: 4.150368588724922
-      Virtual Size: '0x221'
-    .data:
-      Entropy: 1.9267671732967222
-      Virtual Size: '0x4eb9c'
-    INIT:
-      Entropy: 5.1775498523671
-      Virtual Size: '0x67c'
-    .rsrc:
-      Entropy: 3.325586936369158
-      Virtual Size: '0x370'
-    .reloc:
-      Entropy: 4.179231503019422
-      Virtual Size: '0x774'
-  Signature: Unsigned
-  Signatures: {}
-  Imphash: a7bd820fa5b895fab06f20739c9f24b8
-  LoadsDespiteHVCI: 'TRUE'
 MitreID: T1068
+Category: malicious
+Commands:
+    Command: sc.exe create ntbios_2.sys binPath=C:\windows\temp \n \n \n  tbios_2.sys
+        type=kernel && sc.exe start ntbios_2.sys
+    Description: Driver used in the Daxin malware campaign.
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://gist.github.com/MHaggis/9ab3bb795a6018d70fb11fa7c31f8f48
 - https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/daxin-backdoor-espionage
 - ''
-Tags:
-- ntbios_2.sys
-Verified: 'TRUE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/c0d88db11d0f529754d290ed5f4c34b4dba8c4f2e5c4148866daabeab0d25f9c.yara
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_mal_drivers_strict.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: a8e3b56b72814a842b557bfb6638b484
+        SHA1: 50231e21b8d8b2916d0fd53f3f58c6314473de1f
+        SHA256: 59177fb7a0b11837368af1cc115f0d011ea19551070bd153795204ae1bd12e52
+    Company: Microsoft Corporation
+    Copyright: "\u7248\u6743\u6240\u6709 (C) 2003"
+    CreationTimestamp: '2009-05-17 21:04:06'
+    Date: ''
+    Description: ntbios driver
+    ExportedFunctions: ''
+    FileVersion: 5, 0, 2, 1
+    Filename: ntbios_2.sys
+    ImportedFunctions:
+    - MmUnlockPages
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - IoQueueWorkItem
+    - IoAllocateWorkItem
+    - IoGetCurrentProcess
+    - _stricmp
+    - IoFreeWorkItem
+    - RtlFreeUnicodeString
+    - ZwClose
+    - ZwWriteFile
+    - ZwCreateFile
+    - RtlAnsiStringToUnicodeString
+    - _strnicmp
+    - RtlUnwind
+    - RtlCopyUnicodeString
+    - wcsncmp
+    - swprintf
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - KeInitializeSpinLock
+    - ExfInterlockedInsertTailList
+    - RtlInitUnicodeString
+    - MmMapLockedPagesSpecifyCache
+    - IoFreeMdl
+    - InterlockedDecrement
+    - InterlockedIncrement
+    - InterlockedExchange
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - ExfInterlockedRemoveHeadList
+    - IofCompleteRequest
+    - ExAllocatePoolWithTag
+    - strncmp
+    - ExFreePool
+    - KfAcquireSpinLock
+    - KfReleaseSpinLock
+    - KeInitializeApc
+    - KeInsertQueueApc
+    - KeAttachProcess
+    - KeDetachProcess
+    - NtQuerySystemInformation
+    - NdisAllocatePacket
+    - NdisCopyFromPacketToPacket
+    - NdisAllocateMemory
+    - NdisFreePacket
+    - NdisAllocateBuffer
+    - NdisSetEvent
+    - NdisResetEvent
+    - NdisFreeBufferPool
+    - NdisFreePacketPool
+    - NdisFreeMemory
+    - NdisWaitEvent
+    - NdisQueryAdapterInstanceName
+    - NdisOpenAdapter
+    - NdisInitializeEvent
+    - NdisAllocatePacketPool
+    - NdisRegisterProtocol
+    - NdisAllocateBufferPool
+    - NdisCloseAdapter
+    - NdisDeregisterProtocol
+    Imports:
+    - NTOSKRNL.EXE
+    - HAL.DLL
+    - ntoskrnl.exe
+    - NDIS.SYS
+    InternalName: ntbio.sys
+    MD5: 50b39072d0ee9af5ef4824eca34be6e3
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ntbios.sys
+    Product: ' Microsoft(R) Windows (R) NT Operating System'
+    ProductVersion: 5, 0, 2, 1
+    Publisher: n/a
+    RichPEHeaderHash:
+        MD5: ebd225fe8cf34907033d6b6123047339
+        SHA1: 642936e6d95c6231c8427a1c7a76dd99910fc635
+        SHA256: b04e0a7d507b0838174bb9df686e4ce60c5b81e183867441ed5951a5d3555510
+    SHA1: 064de88dbbea67c149e779aac05228e5405985c7
+    SHA256: c0d88db11d0f529754d290ed5f4c34b4dba8c4f2e5c4148866daabeab0d25f9c
+    Sections:
+        .text:
+            Entropy: 6.39712903422247
+            Virtual Size: '0x39c8'
+        .rdata:
+            Entropy: 4.150368588724922
+            Virtual Size: '0x221'
+        .data:
+            Entropy: 1.9267671732967222
+            Virtual Size: '0x4eb9c'
+        INIT:
+            Entropy: 5.1775498523671
+            Virtual Size: '0x67c'
+        .rsrc:
+            Entropy: 3.325586936369158
+            Virtual Size: '0x370'
+        .reloc:
+            Entropy: 4.179231503019422
+            Virtual Size: '0x774'
+    Signature: Unsigned
+    Signatures: {}
+    Imphash: a7bd820fa5b895fab06f20739c9f24b8
+    LoadsDespiteHVCI: 'TRUE'
diff --git a/yaml/34fa6ba4-dc7c-4fd6-b947-8a0bb8ebd031.yaml b/yaml/34fa6ba4-dc7c-4fd6-b947-8a0bb8ebd031.yaml
index 47e31473f..69a06d8d7 100644
--- a/yaml/34fa6ba4-dc7c-4fd6-b947-8a0bb8ebd031.yaml
+++ b/yaml/34fa6ba4-dc7c-4fd6-b947-8a0bb8ebd031.yaml
@@ -1,3506 +1,3525 @@
 Id: 34fa6ba4-dc7c-4fd6-b947-8a0bb8ebd031
+Tags:
+- amifldrv64.sys
+- amifldrv.sys
+Verified: 'TRUE'
 Author: Michael Haag, Nasreddine Bencherchali
 Created: '2023-01-09'
 MitreID: T1068
 Category: vulnerable driver
-Verified: 'TRUE'
 Commands:
-  Command: sc.exe create amifldrv64.sys binPath=C:\windows\temp\amifldrv64.sys type=kernel
-    && sc.exe start amifldrv64.sys
-  Description: ''
-  Usecase: Elevate privileges
-  Privileges: kernel
-  OperatingSystem: Windows 10
+    Command: sc.exe create amifldrv64.sys binPath=C:\windows\temp\amifldrv64.sys type=kernel
+        && sc.exe start amifldrv64.sys
+    Description: ''
+    Usecase: Elevate privileges
+    Privileges: kernel
+    OperatingSystem: Windows 10
 Resources:
 - Internal Research
 - https://github.com/namazso/physmem_drivers
 - https://gist.github.com/mgraeber-rc/1bde6a2a83237f17b463d051d32e802c
-Acknowledgement:
-  Person: ''
-  Handle: ''
 Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/38d87b51f4b69ba2dae1477684a1415f1a3b578eee5e1126673b1beaefee9a20.yara
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/ffc72f0bde21ba20aa97bee99d9e96870e5aa40cce9884e44c612757f939494f.yara
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/38d87b51f4b69ba2dae1477684a1415f1a3b578eee5e1126673b1beaefee9a20.yara
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/ffc72f0bde21ba20aa97bee99d9e96870e5aa40cce9884e44c612757f939494f.yara
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Person: ''
+    Handle: ''
 KnownVulnerableSamples:
-- Filename: amifldrv64.sys
-  MD5: 0dff47f3b14fb1c1bad47cc517f0581a
-  SHA1: db3538f324f9e52defaba7be1ab991008e43d012
-  SHA256: 20f11a64bc4548f4edb47e3d3418da0f6d54a83158224b71662a6292bf45b5fb
-  Authentihash:
-    MD5: d63561be67c8adae1db28b0e503b3ba1
-    SHA1: 8e67628743959e8b73d82ae5b9ee7a387a51925d
-    SHA256: 6999caca67b37860abb5e6d95420d1b0d04966bc6674aac3bfde4e2394ad37fd
-  Description: ''
-  Company: ''
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  Product: ''
-  ProductVersion: ''
-  Copyright: ''
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - ZwMapViewOfSection
-  - RtlInitUnicodeString
-  - ZwUnmapViewOfSection
-  - ZwClose
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - MmUnmapLockedPages
-  - MmFreeContiguousMemory
-  - MmBuildMdlForNonPagedPool
-  - IoFreeMdl
-  - MmMapIoSpace
-  - MmMapLockedPagesSpecifyCache
-  - IoAllocateMdl
-  - MmAllocateContiguousMemory
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeBugCheckEx
-  - MmGetPhysicalAddress
-  - MmUnmapIoSpace
-  - HalTranslateBusAddress
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: ??=US, ??=Georgia, ??=Private Organization, serialNumber=J912954, C=US,
-        ST=Georgia, L=Norcross, O=American Megatrends, Inc., CN=American Megatrends,
-        Inc.
-      ValidFrom: '2017-08-30 00:00:00'
-      ValidTo: '2020-09-24 12:00:00'
-      Signature: 5a00ce1b66cc04a3be37c0926957fc54b1f2904c69a3555d90a15e3c7b7133e76583a0fe5c13c21cdddda40e6f0ba958964796abcfbb7fbe4de15a009f80e653556e29cac9d208645b8154f52f6045fa268f6e6b57536f21833f2cc92c5e9a51636cfeaa74f0b8ab80a8649d68c7c46f51a534c0697a426aa37337c7956268f4cdc8d88adbd1aa0cb620abeb7166172e914016c84e00824751b4f7142b54c56b74d578fd97aadda3e8e777ec22c34460a8dc7e0392a9adab018b16699d9ddd7551fd5c5924f3d1ccb9e6ef67ca0ab2107d1abf158add6d42ba18dee5ec35e3445627df4744d71f73ee3a199aaa42993ebaaa7f91f8b6d1b623350744853c1b38
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 0e55cdb4e7e8eeb9dd5d89fc1d7588ca
-      Version: 3
-      TBS:
-        MD5: a5de00a04f3cc5cb19818f21f9dfb050
-        SHA1: ca921c1b360b04765d8eec4edb88438ba7a28049
-        SHA256: 4c8b0e0cfde13478b5bc8b7e58a4b5f0971d324c17fa908b79816e5efa86e10c
-        SHA384: bea7d7bb51b76f219104dd211fec73f9951d47e116bdf3095b28bb02a33b675069ef5c283950f523828fd5434150c71a
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA (SHA2)
-      ValidFrom: '2012-04-18 12:00:00'
-      ValidTo: '2027-04-18 12:00:00'
-      Signature: 19334a0c813337dbad36c9e4c93abbb51b2e7aa2e2f44342179ebf4ea14de1b1dbe981dd9f01f2e488d5e9fe09fd21c1ec5d80d2f0d6c143c2fe772bdbf9d79133ce6cd5b2193be62ed6c9934f88408ecde1f57ef10fc6595672e8eb6a41bd1cd546d57c49ca663815c1bfe091707787dcc98d31c90c29a233ed8de287cd898d3f1bffd5e01a978b7cda6dfba8c6b23a666b7b01b3cdd8a634ec1201ab9558a5c45357a860e6e70212a0b92364a24dbb7c81256421becfee42184397bba53706af4dff26a54d614bec4641b865ceb8799e08960b818c8a3b8fc7998ca32a6e986d5e61c696b78ab9612d93b8eb0e0443d7f5fea6f062d4996aa5c1c1f0649480
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 03f1b4e15f3a82f1149678b3d7d8475c
-      Version: 3
-      TBS:
-        MD5: 83f5de89f641d0fbf60248e10a7b9534
-        SHA1: 382a73a059a08698d6eb98c87e1b36fc750933a4
-        SHA256: eec58131dc11cd7f512501b15fdbc6074c603b68ca91f7162d5a042054edb0cf
-        SHA384: 4a25018683cabfb8ec2cad136334f37f33c89aa8540326322991d997c8adfb7faf06ab602ebd46630fe75fe3d2edc6b1
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 0e55cdb4e7e8eeb9dd5d89fc1d7588ca
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA (SHA2)
-      Version: 1
-  RichPEHeaderHash:
-    MD5: ef56fc9d56485c17dd1c03070dd4ee5a
-    SHA1: d5eae5456214e9f56cb7e3642e4021df1e0cd05a
-    SHA256: 6021a5d2b54abfd1988a1671700cf8b01a009cd4f31242beb383303d8623c6e2
-  Sections:
-    .text:
-      Entropy: 6.247707800469627
-      Virtual Size: '0x1b9e'
-    .rdata:
-      Entropy: 4.463570504310669
-      Virtual Size: '0x25c'
-    .data:
-      Entropy: 0.39557408985753395
-      Virtual Size: '0x1c0'
-    .pdata:
-      Entropy: 3.794557073208479
-      Virtual Size: '0x108'
-    INIT:
-      Entropy: 5.112552923478557
-      Virtual Size: '0x38e'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2020-08-24 02:57:32'
-  Imphash: 4fbdc03e4487f98fb59360ea5b3e640d
-  LoadsDespiteHVCI: 'TRUE'
-- Filename: amifldrv64.sys
-  MD5: ee57cbe6ec6a703678eaa6c59542ff57
-  SHA1: c614ab686e844c7a7d2b20bc7061ab15290e2cfd
-  SHA256: 2f60536b25ba8c9014e4a57d7a9a681bd3189fa414eea88c256d029750e15cae
-  Authentihash:
-    MD5: 05c371cbcccf828fd3c9251ba2f61442
-    SHA1: 73265b25f043d2520b81a68ad0342baaff30e7cf
-    SHA256: bee62b69023212a5a964d323f60e5858d7cbd767a39f3d5ef87cacb080b1dbf2
-  Description: ''
-  Company: ''
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  Product: ''
-  ProductVersion: ''
-  Copyright: ''
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - ZwMapViewOfSection
-  - RtlInitUnicodeString
-  - ZwUnmapViewOfSection
-  - ZwClose
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - MmUnmapLockedPages
-  - MmMapLockedPages
-  - MmFreeContiguousMemory
-  - MmBuildMdlForNonPagedPool
-  - IoFreeMdl
-  - MmGetPhysicalAddress
-  - MmMapIoSpace
-  - PsGetVersion
-  - MmIsAddressValid
-  - IoAllocateMdl
-  - MmAllocateContiguousMemory
-  - DbgPrint
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeBugCheckEx
-  - MmMapLockedPagesSpecifyCache
-  - MmUnmapIoSpace
-  - HalTranslateBusAddress
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: ??=Private Organization, ??=US, ??=Georgia, serialNumber=780491, ??=5555
-        Oakbrook Parkway Suite 200, postalCode=30093, C=US, ST=Georgia, L=Norcross,
-        O=American Megatrends, Inc., CN=American Megatrends, Inc.
-      ValidFrom: '2014-06-24 00:00:00'
-      ValidTo: '2017-08-30 12:00:00'
-      Signature: 7cc232dd164435ef5e3342e94757a355725f119e6888ab1d3e142039b69f3fc1f6f4b4d38a11573c592b5d99daa9d0b8cc6d0cd5da37a39a9918af563cc31d551f13f361fe68e77d311e4c94e284e49f11ee9f28a723db51bd051ebaaf62d86c07cfaa2d07e16a3b6eb3cd24fcf5d8b0f2fb231072245c32c9b2f4285bef59a6eead9887a9dc6f3ddd4acaac72ea5baff2210389c32291e9e10c05bbb91d3284dcf5ffd10eaffd2db9dd99598d947143d8a079c29f1bd98a92892645758a1321e43c99639067465a3c5018c1a9a7bb1d4c1731e84dd719e7ed4818b332a6106a4d2ee4c92046ea90ab7a9331bf399ade08d0f826e7ba7a80ab07658a03f32fe6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 09f43c81c1eb27876ee1aefeaa5a0f5d
-      Version: 3
-      TBS:
-        MD5: 90e6c94c3b8f3accb81e8db8a3aa7ae4
-        SHA1: f270ef9003d6a22832346ff9072d18c93989255e
-        SHA256: 76478a3ed2305a70e603cf54250c769a6c084c9eb77e2bcbd818ba3cffbf2e12
-        SHA384: 1992987400c2d7713fbf0ba3f871076565ce70f76e524ac2fe15b3a905b29af0db9654ba0d6be5537ef48616f4b004b3
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA (SHA2)
-      ValidFrom: '2012-04-18 12:00:00'
-      ValidTo: '2027-04-18 12:00:00'
-      Signature: 19334a0c813337dbad36c9e4c93abbb51b2e7aa2e2f44342179ebf4ea14de1b1dbe981dd9f01f2e488d5e9fe09fd21c1ec5d80d2f0d6c143c2fe772bdbf9d79133ce6cd5b2193be62ed6c9934f88408ecde1f57ef10fc6595672e8eb6a41bd1cd546d57c49ca663815c1bfe091707787dcc98d31c90c29a233ed8de287cd898d3f1bffd5e01a978b7cda6dfba8c6b23a666b7b01b3cdd8a634ec1201ab9558a5c45357a860e6e70212a0b92364a24dbb7c81256421becfee42184397bba53706af4dff26a54d614bec4641b865ceb8799e08960b818c8a3b8fc7998ca32a6e986d5e61c696b78ab9612d93b8eb0e0443d7f5fea6f062d4996aa5c1c1f0649480
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 03f1b4e15f3a82f1149678b3d7d8475c
-      Version: 3
-      TBS:
-        MD5: 83f5de89f641d0fbf60248e10a7b9534
-        SHA1: 382a73a059a08698d6eb98c87e1b36fc750933a4
-        SHA256: eec58131dc11cd7f512501b15fdbc6074c603b68ca91f7162d5a042054edb0cf
-        SHA384: 4a25018683cabfb8ec2cad136334f37f33c89aa8540326322991d997c8adfb7faf06ab602ebd46630fe75fe3d2edc6b1
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 09f43c81c1eb27876ee1aefeaa5a0f5d
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA (SHA2)
-      Version: 1
-  RichPEHeaderHash:
-    MD5: c00cf23e0046a177de4bc1e505e3aab8
-    SHA1: 22294b742e5e9a98ee5cde08bfc7b38bed3b8dfc
-    SHA256: b1ad7c2951f77267f3557f4ac3008b34d24538a221eacb44df3de75b0b4e093f
-  Sections:
-    .text:
-      Entropy: 6.217959497237586
-      Virtual Size: '0x16de'
-    .rdata:
-      Entropy: 4.289274396912148
-      Virtual Size: '0x23c'
-    .data:
-      Entropy: 0.5159719988134768
-      Virtual Size: '0x110'
-    .pdata:
-      Entropy: 3.727224349251308
-      Virtual Size: '0xc0'
-    INIT:
-      Entropy: 5.080431277889913
-      Virtual Size: '0x3f2'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2017-03-15 05:47:37'
-  Imphash: 363922cc73591e60f2af113182414230
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: amifldrv64.sys
-  MD5: df5f8e118a97d1b38833fcdf7127ab29
-  SHA1: 5fece994f2409810a0ad050b3ca9b633c93919e4
-  SHA256: 36aafa127736c7226c50061ea065f71e14f64ec60321f705bc52686d24117e0d
-  Authentihash:
-    MD5: 28f8b0bdf1fc0b1d065ed3236931fab3
-    SHA1: b7b33ed598425c008e51ff90cf28b288f7250cdd
-    SHA256: a4e850e7847499e7d4c2754f8a4973fc5b4adeb728e1e142d1d35d519edf3274
-  Description: ''
-  Company: ''
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  Product: ''
-  ProductVersion: ''
-  Copyright: ''
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - ZwMapViewOfSection
-  - RtlInitUnicodeString
-  - ZwUnmapViewOfSection
-  - ZwClose
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - MmUnmapLockedPages
-  - MmFreeContiguousMemory
-  - MmBuildMdlForNonPagedPool
-  - IoFreeMdl
-  - MmMapIoSpace
-  - MmMapLockedPagesSpecifyCache
-  - IoAllocateMdl
-  - MmAllocateContiguousMemory
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeBugCheckEx
-  - MmGetPhysicalAddress
-  - MmUnmapIoSpace
-  - HalTranslateBusAddress
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: ??=US, ??=Georgia, ??=Private Organization, serialNumber=J912954, C=US,
-        ST=Georgia, L=Norcross, O=American Megatrends, Inc., CN=American Megatrends,
-        Inc.
-      ValidFrom: '2017-08-30 00:00:00'
-      ValidTo: '2020-09-24 12:00:00'
-      Signature: 5a00ce1b66cc04a3be37c0926957fc54b1f2904c69a3555d90a15e3c7b7133e76583a0fe5c13c21cdddda40e6f0ba958964796abcfbb7fbe4de15a009f80e653556e29cac9d208645b8154f52f6045fa268f6e6b57536f21833f2cc92c5e9a51636cfeaa74f0b8ab80a8649d68c7c46f51a534c0697a426aa37337c7956268f4cdc8d88adbd1aa0cb620abeb7166172e914016c84e00824751b4f7142b54c56b74d578fd97aadda3e8e777ec22c34460a8dc7e0392a9adab018b16699d9ddd7551fd5c5924f3d1ccb9e6ef67ca0ab2107d1abf158add6d42ba18dee5ec35e3445627df4744d71f73ee3a199aaa42993ebaaa7f91f8b6d1b623350744853c1b38
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 0e55cdb4e7e8eeb9dd5d89fc1d7588ca
-      Version: 3
-      TBS:
-        MD5: a5de00a04f3cc5cb19818f21f9dfb050
-        SHA1: ca921c1b360b04765d8eec4edb88438ba7a28049
-        SHA256: 4c8b0e0cfde13478b5bc8b7e58a4b5f0971d324c17fa908b79816e5efa86e10c
-        SHA384: bea7d7bb51b76f219104dd211fec73f9951d47e116bdf3095b28bb02a33b675069ef5c283950f523828fd5434150c71a
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA (SHA2)
-      ValidFrom: '2012-04-18 12:00:00'
-      ValidTo: '2027-04-18 12:00:00'
-      Signature: 19334a0c813337dbad36c9e4c93abbb51b2e7aa2e2f44342179ebf4ea14de1b1dbe981dd9f01f2e488d5e9fe09fd21c1ec5d80d2f0d6c143c2fe772bdbf9d79133ce6cd5b2193be62ed6c9934f88408ecde1f57ef10fc6595672e8eb6a41bd1cd546d57c49ca663815c1bfe091707787dcc98d31c90c29a233ed8de287cd898d3f1bffd5e01a978b7cda6dfba8c6b23a666b7b01b3cdd8a634ec1201ab9558a5c45357a860e6e70212a0b92364a24dbb7c81256421becfee42184397bba53706af4dff26a54d614bec4641b865ceb8799e08960b818c8a3b8fc7998ca32a6e986d5e61c696b78ab9612d93b8eb0e0443d7f5fea6f062d4996aa5c1c1f0649480
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 03f1b4e15f3a82f1149678b3d7d8475c
-      Version: 3
-      TBS:
-        MD5: 83f5de89f641d0fbf60248e10a7b9534
-        SHA1: 382a73a059a08698d6eb98c87e1b36fc750933a4
-        SHA256: eec58131dc11cd7f512501b15fdbc6074c603b68ca91f7162d5a042054edb0cf
-        SHA384: 4a25018683cabfb8ec2cad136334f37f33c89aa8540326322991d997c8adfb7faf06ab602ebd46630fe75fe3d2edc6b1
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 0e55cdb4e7e8eeb9dd5d89fc1d7588ca
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA (SHA2)
-      Version: 1
-  RichPEHeaderHash:
-    MD5: ef56fc9d56485c17dd1c03070dd4ee5a
-    SHA1: d5eae5456214e9f56cb7e3642e4021df1e0cd05a
-    SHA256: 6021a5d2b54abfd1988a1671700cf8b01a009cd4f31242beb383303d8623c6e2
-  Sections:
-    .text:
-      Entropy: 6.240395044842424
-      Virtual Size: '0x1bbe'
-    .rdata:
-      Entropy: 4.499576408806053
-      Virtual Size: '0x26c'
-    .data:
-      Entropy: 0.39557408985753395
-      Virtual Size: '0x1c0'
-    .pdata:
-      Entropy: 3.7866919593735844
-      Virtual Size: '0x114'
-    INIT:
-      Entropy: 5.113382470184231
-      Virtual Size: '0x38e'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2019-10-31 01:38:06'
-  Imphash: 4fbdc03e4487f98fb59360ea5b3e640d
-  LoadsDespiteHVCI: 'TRUE'
-- Filename: amifldrv64.sys
-  MD5: 785045f8b25cd2e937ddc6b09debe01a
-  SHA1: 029c678674f482ababe8bbfdb93152392457109d
-  SHA256: 37073e42ffa0322500f90cd7e3c8d02c4cdd695d31c77e81560abec20bfb68ba
-  Authentihash:
-    MD5: 51219fe8395e9ac49d271ccf7fde2512
-    SHA1: 6aeb587edcd01289abc84316ae88959c235663fe
-    SHA256: af20c1b4eb703083979e6f4e211327495f7a0a27ace9a52bd22dd3737be7a8b1
-  Description: ''
-  Company: ''
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  Product: ''
-  ProductVersion: ''
-  Copyright: ''
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - ZwMapViewOfSection
-  - RtlInitUnicodeString
-  - ZwUnmapViewOfSection
-  - ZwClose
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - MmUnmapLockedPages
-  - MmMapLockedPages
-  - MmFreeContiguousMemory
-  - MmBuildMdlForNonPagedPool
-  - IoFreeMdl
-  - MmGetPhysicalAddress
-  - MmMapIoSpace
-  - PsGetVersion
-  - MmIsAddressValid
-  - IoAllocateMdl
-  - MmAllocateContiguousMemory
-  - DbgPrint
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeBugCheckEx
-  - MmMapLockedPagesSpecifyCache
-  - MmUnmapIoSpace
-  - HalTranslateBusAddress
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: ??=Private Organization, ??=US, ??=Georgia, serialNumber=780491, ??=5555
-        Oakbrook Parkway Suite 200, postalCode=30093, C=US, ST=Georgia, L=Norcross,
-        O=American Megatrends, Inc., CN=American Megatrends, Inc.
-      ValidFrom: '2014-06-24 00:00:00'
-      ValidTo: '2017-08-30 12:00:00'
-      Signature: 7cc232dd164435ef5e3342e94757a355725f119e6888ab1d3e142039b69f3fc1f6f4b4d38a11573c592b5d99daa9d0b8cc6d0cd5da37a39a9918af563cc31d551f13f361fe68e77d311e4c94e284e49f11ee9f28a723db51bd051ebaaf62d86c07cfaa2d07e16a3b6eb3cd24fcf5d8b0f2fb231072245c32c9b2f4285bef59a6eead9887a9dc6f3ddd4acaac72ea5baff2210389c32291e9e10c05bbb91d3284dcf5ffd10eaffd2db9dd99598d947143d8a079c29f1bd98a92892645758a1321e43c99639067465a3c5018c1a9a7bb1d4c1731e84dd719e7ed4818b332a6106a4d2ee4c92046ea90ab7a9331bf399ade08d0f826e7ba7a80ab07658a03f32fe6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 09f43c81c1eb27876ee1aefeaa5a0f5d
-      Version: 3
-      TBS:
-        MD5: 90e6c94c3b8f3accb81e8db8a3aa7ae4
-        SHA1: f270ef9003d6a22832346ff9072d18c93989255e
-        SHA256: 76478a3ed2305a70e603cf54250c769a6c084c9eb77e2bcbd818ba3cffbf2e12
-        SHA384: 1992987400c2d7713fbf0ba3f871076565ce70f76e524ac2fe15b3a905b29af0db9654ba0d6be5537ef48616f4b004b3
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA (SHA2)
-      ValidFrom: '2012-04-18 12:00:00'
-      ValidTo: '2027-04-18 12:00:00'
-      Signature: 19334a0c813337dbad36c9e4c93abbb51b2e7aa2e2f44342179ebf4ea14de1b1dbe981dd9f01f2e488d5e9fe09fd21c1ec5d80d2f0d6c143c2fe772bdbf9d79133ce6cd5b2193be62ed6c9934f88408ecde1f57ef10fc6595672e8eb6a41bd1cd546d57c49ca663815c1bfe091707787dcc98d31c90c29a233ed8de287cd898d3f1bffd5e01a978b7cda6dfba8c6b23a666b7b01b3cdd8a634ec1201ab9558a5c45357a860e6e70212a0b92364a24dbb7c81256421becfee42184397bba53706af4dff26a54d614bec4641b865ceb8799e08960b818c8a3b8fc7998ca32a6e986d5e61c696b78ab9612d93b8eb0e0443d7f5fea6f062d4996aa5c1c1f0649480
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 03f1b4e15f3a82f1149678b3d7d8475c
-      Version: 3
-      TBS:
-        MD5: 83f5de89f641d0fbf60248e10a7b9534
-        SHA1: 382a73a059a08698d6eb98c87e1b36fc750933a4
-        SHA256: eec58131dc11cd7f512501b15fdbc6074c603b68ca91f7162d5a042054edb0cf
-        SHA384: 4a25018683cabfb8ec2cad136334f37f33c89aa8540326322991d997c8adfb7faf06ab602ebd46630fe75fe3d2edc6b1
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 09f43c81c1eb27876ee1aefeaa5a0f5d
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA (SHA2)
-      Version: 1
-  RichPEHeaderHash:
-    MD5: c00cf23e0046a177de4bc1e505e3aab8
-    SHA1: 22294b742e5e9a98ee5cde08bfc7b38bed3b8dfc
-    SHA256: b1ad7c2951f77267f3557f4ac3008b34d24538a221eacb44df3de75b0b4e093f
-  Sections:
-    .text:
-      Entropy: 6.217959497237586
-      Virtual Size: '0x16de'
-    .rdata:
-      Entropy: 4.289274396912148
-      Virtual Size: '0x23c'
-    .data:
-      Entropy: 0.5159719988134768
-      Virtual Size: '0x110'
-    .pdata:
-      Entropy: 3.727224349251308
-      Virtual Size: '0xc0'
-    INIT:
-      Entropy: 5.080431277889913
-      Virtual Size: '0x3f2'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2017-03-15 05:47:37'
-  Imphash: 363922cc73591e60f2af113182414230
-  LoadsDespiteHVCI: 'TRUE'
-- Filename: amifldrv.sys
-  MD5: 119f0656ab4bb872f79ee5d421e2b9f9
-  SHA1: e35969966769e7760094cbcffb294d0d04a09db6
-  SHA256: 38d87b51f4b69ba2dae1477684a1415f1a3b578eee5e1126673b1beaefee9a20
-  Authentihash:
-    MD5: 973ff01a8901563e12119ca09b427e8e
-    SHA1: 9f8870ec272933ee6f4e1eda975a6d5db5f9fbde
-    SHA256: 4f35cf1f2e0fb87a2728303091ee505a0bc546cf63dcd38178adf48477ec0f91
-  Description: AMI Generic Utility Driver
-  Company: Windows (R) Win 7 DDK provider
-  InternalName: amifldrv.sys
-  OriginalFilename: amifldrv.sys
-  FileVersion: 10.0.10011.16384
-  Product: Windows (R) Win 7 DDK driver
-  ProductVersion: 10.0.10011.16384
-  Copyright: "\xA9 Microsoft Corporation. All rights reserved."
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - MmMapLockedPagesSpecifyCache
-  - MmUnmapLockedPages
-  - MmAllocateContiguousMemory
-  - MmFreeContiguousMemory
-  - IoAllocateMdl
-  - IoFreeMdl
-  - MmGetPhysicalAddress
-  - RtlInitUnicodeString
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - KeLowerIrql
-  - MmBuildMdlForNonPagedPool
-  - MmMapIoSpace
-  - MmUnmapIoSpace
-  - ObReferenceObjectByHandle
-  - ZwClose
-  - ZwOpenSection
-  - ZwMapViewOfSection
-  - ZwUnmapViewOfSection
-  - ExFreePoolWithTag
-  - MmGetSystemRoutineAddress
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - KfRaiseIrql
-  - RtlCompareMemory
-  - HalTranslateBusAddress
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: ??=US, ??=Georgia, ??=Private Organization, serialNumber=J912954, C=US,
-        ST=Georgia, L=Norcross, O=American Megatrends, Inc., CN=American Megatrends,
-        Inc.
-      ValidFrom: '2017-08-30 00:00:00'
-      ValidTo: '2020-09-24 12:00:00'
-      Signature: 5a00ce1b66cc04a3be37c0926957fc54b1f2904c69a3555d90a15e3c7b7133e76583a0fe5c13c21cdddda40e6f0ba958964796abcfbb7fbe4de15a009f80e653556e29cac9d208645b8154f52f6045fa268f6e6b57536f21833f2cc92c5e9a51636cfeaa74f0b8ab80a8649d68c7c46f51a534c0697a426aa37337c7956268f4cdc8d88adbd1aa0cb620abeb7166172e914016c84e00824751b4f7142b54c56b74d578fd97aadda3e8e777ec22c34460a8dc7e0392a9adab018b16699d9ddd7551fd5c5924f3d1ccb9e6ef67ca0ab2107d1abf158add6d42ba18dee5ec35e3445627df4744d71f73ee3a199aaa42993ebaaa7f91f8b6d1b623350744853c1b38
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 0e55cdb4e7e8eeb9dd5d89fc1d7588ca
-      Version: 3
-      TBS:
-        MD5: a5de00a04f3cc5cb19818f21f9dfb050
-        SHA1: ca921c1b360b04765d8eec4edb88438ba7a28049
-        SHA256: 4c8b0e0cfde13478b5bc8b7e58a4b5f0971d324c17fa908b79816e5efa86e10c
-        SHA384: bea7d7bb51b76f219104dd211fec73f9951d47e116bdf3095b28bb02a33b675069ef5c283950f523828fd5434150c71a
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA (SHA2)
-      ValidFrom: '2012-04-18 12:00:00'
-      ValidTo: '2027-04-18 12:00:00'
-      Signature: 19334a0c813337dbad36c9e4c93abbb51b2e7aa2e2f44342179ebf4ea14de1b1dbe981dd9f01f2e488d5e9fe09fd21c1ec5d80d2f0d6c143c2fe772bdbf9d79133ce6cd5b2193be62ed6c9934f88408ecde1f57ef10fc6595672e8eb6a41bd1cd546d57c49ca663815c1bfe091707787dcc98d31c90c29a233ed8de287cd898d3f1bffd5e01a978b7cda6dfba8c6b23a666b7b01b3cdd8a634ec1201ab9558a5c45357a860e6e70212a0b92364a24dbb7c81256421becfee42184397bba53706af4dff26a54d614bec4641b865ceb8799e08960b818c8a3b8fc7998ca32a6e986d5e61c696b78ab9612d93b8eb0e0443d7f5fea6f062d4996aa5c1c1f0649480
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 03f1b4e15f3a82f1149678b3d7d8475c
-      Version: 3
-      TBS:
-        MD5: 83f5de89f641d0fbf60248e10a7b9534
-        SHA1: 382a73a059a08698d6eb98c87e1b36fc750933a4
-        SHA256: eec58131dc11cd7f512501b15fdbc6074c603b68ca91f7162d5a042054edb0cf
-        SHA384: 4a25018683cabfb8ec2cad136334f37f33c89aa8540326322991d997c8adfb7faf06ab602ebd46630fe75fe3d2edc6b1
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 0e55cdb4e7e8eeb9dd5d89fc1d7588ca
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA (SHA2)
-      Version: 1
-  RichPEHeaderHash:
-    MD5: a1566c4c51fba223b42bcf16e9028638
-    SHA1: 7a6706209527ceae68d7f0e18983472dd6163177
-    SHA256: 42f78a461ed14e570a478480556a7a5080f89599e4cbc71653939ef634ec9131
-  Sections:
-    .text:
-      Entropy: 6.356712625314794
-      Virtual Size: '0x216e'
-    .rdata:
-      Entropy: 4.128210970466196
-      Virtual Size: '0x6e4'
-    .data:
-      Entropy: 0.6627058304164626
-      Virtual Size: '0x1fc'
-    .pdata:
-      Entropy: 3.94471136074808
-      Virtual Size: '0x1bc'
-    PAGE:
-      Entropy: 5.761547010517613
-      Virtual Size: '0x175'
-    INIT:
-      Entropy: 5.141802934652441
-      Virtual Size: '0x438'
-    .rsrc:
-      Entropy: 3.585664604917059
-      Virtual Size: '0x470'
-    .reloc:
-      Entropy: 2.6981203125901447
-      Virtual Size: '0x18'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2020-07-28 02:31:47'
-  Imphash: f9141c3df8f7ec7b3f2d46265a3b5528
-  LoadsDespiteHVCI: 'TRUE'
-- Filename: amifldrv64.sys
-  MD5: 530feb1e37831302f58b7c219be6b844
-  SHA1: 1e09f3dd6ba9386fa9126f0116e49c2371401e01
-  SHA256: 3cb75429944e60f6c820c7638adbf688883ad44951bca3f8912428afe72bc134
-  Authentihash:
-    MD5: aefe7422cfe20a6f576092d04a592311
-    SHA1: 943a16dde2e44f7bae629f62cf937cceb10ec1b4
-    SHA256: 7e8e7bc080b4c32ce703b3e8b3cc7e13fa9ef2422dc6f370a2c2b82496564aae
-  Description: ''
-  Company: ''
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  Product: ''
-  ProductVersion: ''
-  Copyright: ''
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - KeLowerIrql
-  - KfRaiseIrql
-  - ZwClose
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - RtlInitUnicodeString
-  - ZwUnmapViewOfSection
-  - MmFreeContiguousMemory
-  - IoFreeMdl
-  - MmMapLockedPages
-  - MmBuildMdlForNonPagedPool
-  - MmUnmapIoSpace
-  - MmGetPhysicalAddress
-  - MmIsAddressValid
-  - MmAllocateContiguousMemory
-  - MmUnmapLockedPages
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - RtlMoveMemory
-  - IofCompleteRequest
-  - RtlZeroMemory
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - IoAllocateMdl
-  - MmMapIoSpace
-  - HalTranslateBusAddress
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=US, ST=Georgia, L=Norcross, O=American Megatrends, Inc., OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=Headquarters, CN=American
-        Megatrends, Inc.
-      ValidFrom: '2006-09-30 00:00:00'
-      ValidTo: '2009-11-16 23:59:59'
-      Signature: 7cb6b8f10c441fc01d130c6ae39a287be5cb175f02ae6c214f0034c77f262006f866180e4db8619079a50fef4fde71927b061ef79f3d0e1be1bba040afd81f202bb10892ce7a0549506158a1d15067dd7a82488cc4bd2c3f408ee928c85117ee0d080d9dc24b571b5d75e3ef1e87d3d6b755ab6f9c07ff92e3b2d515ab1219424bf288aed36595d534d91b905b80378c02bd470dd0fb8150888cd0ac3c98cd62becd7c274469167be833f226b05b822d875efa40863faa10e358edd17e3f4d1ee7d62590d1d3e26e9c953be9e1d9a309990e0bb9c06cdfaa89f7b021aaa8d933440d432eab2e7676bda57841b3e7a8933da8b1e047e9cde29ea89b62b4eb48b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 08dfd80b2826716554b1fb8cfa5043d7
-      Version: 3
-      TBS:
-        MD5: 960327b70b290ec28fa2e85cbb7a41fa
-        SHA1: a2ac59e0c82196d6661212232bd3bcf0588e40ea
-        SHA256: 8bb26b4dc7c105fd9cdd0604cedbf3647a700dc4ddadcad839d8e27312253e73
-        SHA384: 7cfe0dfecc1d1abfa204d28c446f706736b73a35cb37e4c2a40c7f3b68eef14ebfb665a6f23e3c0413cd8caf5979607e
-    Signer:
-    - SerialNumber: 08dfd80b2826716554b1fb8cfa5043d7
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: aed85172bab3a87661d275310bb49448
-    SHA1: 5d0d32316a3cf8853dd1aaacdd7a61b0e44153a4
-    SHA256: 57efd778c9cb9f19af7c15791ec042aa8649a34f79f40555ce7bbd908179dae8
-  Sections:
-    .text:
-      Entropy: 5.916679164125288
-      Virtual Size: '0xd46'
-    .rdata:
-      Entropy: 4.163766107235004
-      Virtual Size: '0x20c'
-    .pdata:
-      Entropy: 3.359622069995356
-      Virtual Size: '0x9c'
-    INIT:
-      Entropy: 4.645780413972533
-      Virtual Size: '0x362'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2009-10-07 10:50:32'
-  Imphash: 4199ed50502e00f57d9b66e9305450f5
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: amifldrv64.sys
-  MD5: c098f8aeb67eeb2262dbf681690a9306
-  SHA1: 7e8efd93a1dad02385ec56c8f3b1cfd23aa47977
-  SHA256: 5f487829527802983d5c120e3b99f3cf89333ca14f5e49ac32df0798cfb1f7aa
-  Authentihash:
-    MD5: f2a4fd2aae63ffe766a7a8d2d775a59e
-    SHA1: 52008f007e84756ba84dacb7cbb465e592dfe260
-    SHA256: d259e9b1d04b5fa966094f15f8edbaeba5da2a14bf34bf0a5490a0e308c025d7
-  Description: ''
-  Company: ''
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  Product: ''
-  ProductVersion: ''
-  Copyright: ''
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - ZwClose
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - RtlInitUnicodeString
-  - ZwUnmapViewOfSection
-  - MmFreeContiguousMemory
-  - IoFreeMdl
-  - MmMapLockedPages
-  - MmBuildMdlForNonPagedPool
-  - MmUnmapIoSpace
-  - MmGetPhysicalAddress
-  - MmIsAddressValid
-  - MmAllocateContiguousMemory
-  - MmUnmapLockedPages
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - IoAllocateMdl
-  - MmMapIoSpace
-  - HalTranslateBusAddress
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=US, ST=Georgia, L=Norcross, O=American Megatrends, Inc., OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=Headquarters, CN=American
-        Megatrends, Inc.
-      ValidFrom: '2010-05-07 00:00:00'
-      ValidTo: '2012-05-06 23:59:59'
-      Signature: 41aa6f714033d64479b8e3492829a9435eeaaa4d4d82b4a95192c18a07ab08afe25582abe5acaea015492a737f7bdd4591fdb50b670888a4d66dae5fc240fbd68276b8264e9f438df308568bbae1a06544acd767d960475aaf62cbce8e8feea6eafd802954e28ecf016620e7686727c6b75ddfb2818317e1e333641aae42d1cf6ec8f95bcc96a647143801547c6b3857323c08b552602724268d3c35569e83368bfed55c81cee51ac4a16db9f81fff47687ad82c20ef5fb7ea9102a43de699caa0b86c1a07b4a4b6f949c28cec24892a74461a0d3f8659f2abfc58818ba2b44393970d08bde058c694a73e335eab3a17df129668db432e2ea659f1f4774a1bdc
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1ecbf523c0f14748fe14841dbb88c365
-      Version: 3
-      TBS:
-        MD5: 64f5c20bac3ca9a20857800f4df459c1
-        SHA1: a74a6dc7bbed636d0dd81f4c568e8ba9a1b4f63c
-        SHA256: b719be4421509ea4032925e523e7045900feda002cc27f69031630da48e7c132
-        SHA384: 2ba2a3529dfbfaef4d681335a89d21e7a909249870e12e04e3257a7f76d638ffd5d1318b07525e87e61e9819610b6e64
-    Signer:
-    - SerialNumber: 1ecbf523c0f14748fe14841dbb88c365
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 1f44b746a7f3063e2a8fdd3d0d19b55e
-    SHA1: 93c45eb6cc3a19b2a3c714b15e9eaa6460232124
-    SHA256: 07ede27cc723134153668c011d01210e82f50b6d45471edbc77aba4a5c9c5413
-  Sections:
-    .text:
-      Entropy: 6.012507478420489
-      Virtual Size: '0x1226'
-    .rdata:
-      Entropy: 4.443008293370459
-      Virtual Size: '0x244'
-    .data:
-      Entropy: 0.5159719988134768
-      Virtual Size: '0x110'
-    .pdata:
-      Entropy: 3.504567295189878
-      Virtual Size: '0x9c'
-    INIT:
-      Entropy: 4.891266027306224
-      Virtual Size: '0x36e'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2011-09-13 00:30:53'
-  Imphash: 4c304943af1b07b15a5efa80f17d9b89
-  LoadsDespiteHVCI: 'TRUE'
-- Filename: amifldrv64.sys
-  MD5: f22740ba54a400fd2be7690bb204aa08
-  SHA1: 5812387783d61c6ab5702213bb968590a18065e3
-  SHA256: 65c26276cadda7a36f8977d1d01120edb5c3418be2317d501761092d5f9916c9
-  Authentihash:
-    MD5: 4bb9654a5a20bc189b000d4a2fba5856
-    SHA1: 444ce1608768884d1e9742f80ccf4f53e0aa709d
-    SHA256: d052299252f0f0bd70b5e7c46b9ca71a99a052b47f693582becb6f0d567e8245
-  Description: ''
-  Company: ''
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  Product: ''
-  ProductVersion: ''
-  Copyright: ''
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - ZwMapViewOfSection
-  - RtlInitUnicodeString
-  - ZwUnmapViewOfSection
-  - ZwClose
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - MmUnmapLockedPages
-  - MmFreeContiguousMemory
-  - MmBuildMdlForNonPagedPool
-  - IoFreeMdl
-  - MmGetPhysicalAddress
-  - MmMapIoSpace
-  - PsGetVersion
-  - IoAllocateMdl
-  - MmAllocateContiguousMemory
-  - DbgPrint
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeBugCheckEx
-  - MmMapLockedPagesSpecifyCache
-  - MmUnmapIoSpace
-  - HalTranslateBusAddress
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: ??=US, ??=Georgia, ??=Private Organization, serialNumber=J912954, C=US,
-        ST=Georgia, L=Norcross, O=American Megatrends, Inc., CN=American Megatrends,
-        Inc.
-      ValidFrom: '2017-08-30 00:00:00'
-      ValidTo: '2020-09-24 12:00:00'
-      Signature: 5a00ce1b66cc04a3be37c0926957fc54b1f2904c69a3555d90a15e3c7b7133e76583a0fe5c13c21cdddda40e6f0ba958964796abcfbb7fbe4de15a009f80e653556e29cac9d208645b8154f52f6045fa268f6e6b57536f21833f2cc92c5e9a51636cfeaa74f0b8ab80a8649d68c7c46f51a534c0697a426aa37337c7956268f4cdc8d88adbd1aa0cb620abeb7166172e914016c84e00824751b4f7142b54c56b74d578fd97aadda3e8e777ec22c34460a8dc7e0392a9adab018b16699d9ddd7551fd5c5924f3d1ccb9e6ef67ca0ab2107d1abf158add6d42ba18dee5ec35e3445627df4744d71f73ee3a199aaa42993ebaaa7f91f8b6d1b623350744853c1b38
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 0e55cdb4e7e8eeb9dd5d89fc1d7588ca
-      Version: 3
-      TBS:
-        MD5: a5de00a04f3cc5cb19818f21f9dfb050
-        SHA1: ca921c1b360b04765d8eec4edb88438ba7a28049
-        SHA256: 4c8b0e0cfde13478b5bc8b7e58a4b5f0971d324c17fa908b79816e5efa86e10c
-        SHA384: bea7d7bb51b76f219104dd211fec73f9951d47e116bdf3095b28bb02a33b675069ef5c283950f523828fd5434150c71a
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA (SHA2)
-      ValidFrom: '2012-04-18 12:00:00'
-      ValidTo: '2027-04-18 12:00:00'
-      Signature: 19334a0c813337dbad36c9e4c93abbb51b2e7aa2e2f44342179ebf4ea14de1b1dbe981dd9f01f2e488d5e9fe09fd21c1ec5d80d2f0d6c143c2fe772bdbf9d79133ce6cd5b2193be62ed6c9934f88408ecde1f57ef10fc6595672e8eb6a41bd1cd546d57c49ca663815c1bfe091707787dcc98d31c90c29a233ed8de287cd898d3f1bffd5e01a978b7cda6dfba8c6b23a666b7b01b3cdd8a634ec1201ab9558a5c45357a860e6e70212a0b92364a24dbb7c81256421becfee42184397bba53706af4dff26a54d614bec4641b865ceb8799e08960b818c8a3b8fc7998ca32a6e986d5e61c696b78ab9612d93b8eb0e0443d7f5fea6f062d4996aa5c1c1f0649480
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 03f1b4e15f3a82f1149678b3d7d8475c
-      Version: 3
-      TBS:
-        MD5: 83f5de89f641d0fbf60248e10a7b9534
-        SHA1: 382a73a059a08698d6eb98c87e1b36fc750933a4
-        SHA256: eec58131dc11cd7f512501b15fdbc6074c603b68ca91f7162d5a042054edb0cf
-        SHA384: 4a25018683cabfb8ec2cad136334f37f33c89aa8540326322991d997c8adfb7faf06ab602ebd46630fe75fe3d2edc6b1
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 0e55cdb4e7e8eeb9dd5d89fc1d7588ca
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA (SHA2)
-      Version: 1
-  RichPEHeaderHash:
-    MD5: b38df74a16ccc2b566119146a7a1b9f4
-    SHA1: c1ab4797ed704c0b6f8b55c51806756e0ac383b2
-    SHA256: b6e3bfceb30922134310682e6739ee977179beb280fb658c861dbdb674d0b9b3
-  Sections:
-    .text:
-      Entropy: 6.255870039704506
-      Virtual Size: '0x1d3e'
-    .rdata:
-      Entropy: 4.372538706454062
-      Virtual Size: '0x26c'
-    .data:
-      Entropy: 0.4411373632813633
-      Virtual Size: '0x18a'
-    .pdata:
-      Entropy: 3.850446798595462
-      Virtual Size: '0x108'
-    INIT:
-      Entropy: 5.080449314433511
-      Virtual Size: '0x3ba'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2019-07-23 02:00:28'
-  Imphash: b05ee5c816a30bc52378c759486af0b9
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: amifldrv64.sys
-  MD5: 24156523b923fd9dcfdd0ac684dcdb20
-  SHA1: ff9048c451644c9c5ff2ba1408b194a0970b49e6
-  SHA256: 6c64688444d3e004da77dcfb769d064bb38afceeef7ff915dfc71e60e19ff18a
-  Authentihash:
-    MD5: 229a8958720d362fab81a2b527e717a2
-    SHA1: 2cea31932e00c69e6f1bb0b0bf6b16b8c72dc3f6
-    SHA256: aef3985caa213c9e5e0a0d5e75a9a7918a92c08690b5a04a6b14d6372c2dd71c
-  Description: ''
-  Company: ''
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  Product: ''
-  ProductVersion: ''
-  Copyright: ''
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - ZwMapViewOfSection
-  - RtlInitUnicodeString
-  - ZwUnmapViewOfSection
-  - ZwClose
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - MmUnmapLockedPages
-  - MmMapLockedPages
-  - MmFreeContiguousMemory
-  - MmBuildMdlForNonPagedPool
-  - IoFreeMdl
-  - MmMapIoSpace
-  - MmMapLockedPagesSpecifyCache
-  - PsGetVersion
-  - MmIsAddressValid
-  - IoAllocateMdl
-  - MmAllocateContiguousMemory
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeBugCheckEx
-  - MmGetPhysicalAddress
-  - MmUnmapIoSpace
-  - HalTranslateBusAddress
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: ??=Private Organization, ??=US, ??=Georgia, serialNumber=780491, ??=5555
-        Oakbrook Parkway Suite 200, postalCode=30093, C=US, ST=Georgia, L=Norcross,
-        O=American Megatrends, Inc., CN=American Megatrends, Inc.
-      ValidFrom: '2014-06-24 00:00:00'
-      ValidTo: '2017-08-30 12:00:00'
-      Signature: 7cc232dd164435ef5e3342e94757a355725f119e6888ab1d3e142039b69f3fc1f6f4b4d38a11573c592b5d99daa9d0b8cc6d0cd5da37a39a9918af563cc31d551f13f361fe68e77d311e4c94e284e49f11ee9f28a723db51bd051ebaaf62d86c07cfaa2d07e16a3b6eb3cd24fcf5d8b0f2fb231072245c32c9b2f4285bef59a6eead9887a9dc6f3ddd4acaac72ea5baff2210389c32291e9e10c05bbb91d3284dcf5ffd10eaffd2db9dd99598d947143d8a079c29f1bd98a92892645758a1321e43c99639067465a3c5018c1a9a7bb1d4c1731e84dd719e7ed4818b332a6106a4d2ee4c92046ea90ab7a9331bf399ade08d0f826e7ba7a80ab07658a03f32fe6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 09f43c81c1eb27876ee1aefeaa5a0f5d
-      Version: 3
-      TBS:
-        MD5: 90e6c94c3b8f3accb81e8db8a3aa7ae4
-        SHA1: f270ef9003d6a22832346ff9072d18c93989255e
-        SHA256: 76478a3ed2305a70e603cf54250c769a6c084c9eb77e2bcbd818ba3cffbf2e12
-        SHA384: 1992987400c2d7713fbf0ba3f871076565ce70f76e524ac2fe15b3a905b29af0db9654ba0d6be5537ef48616f4b004b3
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA (SHA2)
-      ValidFrom: '2012-04-18 12:00:00'
-      ValidTo: '2027-04-18 12:00:00'
-      Signature: 19334a0c813337dbad36c9e4c93abbb51b2e7aa2e2f44342179ebf4ea14de1b1dbe981dd9f01f2e488d5e9fe09fd21c1ec5d80d2f0d6c143c2fe772bdbf9d79133ce6cd5b2193be62ed6c9934f88408ecde1f57ef10fc6595672e8eb6a41bd1cd546d57c49ca663815c1bfe091707787dcc98d31c90c29a233ed8de287cd898d3f1bffd5e01a978b7cda6dfba8c6b23a666b7b01b3cdd8a634ec1201ab9558a5c45357a860e6e70212a0b92364a24dbb7c81256421becfee42184397bba53706af4dff26a54d614bec4641b865ceb8799e08960b818c8a3b8fc7998ca32a6e986d5e61c696b78ab9612d93b8eb0e0443d7f5fea6f062d4996aa5c1c1f0649480
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 03f1b4e15f3a82f1149678b3d7d8475c
-      Version: 3
-      TBS:
-        MD5: 83f5de89f641d0fbf60248e10a7b9534
-        SHA1: 382a73a059a08698d6eb98c87e1b36fc750933a4
-        SHA256: eec58131dc11cd7f512501b15fdbc6074c603b68ca91f7162d5a042054edb0cf
-        SHA384: 4a25018683cabfb8ec2cad136334f37f33c89aa8540326322991d997c8adfb7faf06ab602ebd46630fe75fe3d2edc6b1
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 09f43c81c1eb27876ee1aefeaa5a0f5d
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA (SHA2)
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 0a2c5c1cab851d3fbeb5eb9efe5739a2
-    SHA1: fabf3aa82ebd5686a6b1e3a67df82231d0fb72f6
-    SHA256: fe8505e06a8a700a1b7aa52c3925391a7e0cfd96a5d1d2f98aef6d12d88046b3
-  Sections:
-    .text:
-      Entropy: 6.137353400999014
-      Virtual Size: '0x117e'
-    .rdata:
-      Entropy: 4.292537325528917
-      Virtual Size: '0x21c'
-    .data:
-      Entropy: 0.5159719988134768
-      Virtual Size: '0x110'
-    .pdata:
-      Entropy: 3.6075048245466346
-      Virtual Size: '0xa8'
-    INIT:
-      Entropy: 5.097766085646503
-      Virtual Size: '0x3de'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2017-01-03 20:29:59'
-  Imphash: bd607d71fdc1444aa96dc431591c5c44
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: amifldrv64.sys
-  MD5: 7331720a5522d5cd972623326cf87a3f
-  SHA1: 456a1acacaa02664517c2f2fb854216e8e967f9d
-  SHA256: b95b2d9b29bd25659f1c7ba5a187f8d23cde01162d9b5b1a2c4aea8f64b38441
-  Authentihash:
-    MD5: d5816277859ccb21e901e3ce39f6e929
-    SHA1: d240db93654ce2685d3b903db809edcc82322dfc
-    SHA256: 05e2d2f2b58da5391598d30d7f5f33ae38cfeb0d9b9ae19b4312de39c678f301
-  Description: ''
-  Company: ''
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  Product: ''
-  ProductVersion: ''
-  Copyright: ''
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - ZwClose
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - RtlInitUnicodeString
-  - ZwUnmapViewOfSection
-  - MmFreeContiguousMemory
-  - IoFreeMdl
-  - MmMapLockedPages
-  - MmBuildMdlForNonPagedPool
-  - MmUnmapIoSpace
-  - MmGetPhysicalAddress
-  - MmIsAddressValid
-  - MmAllocateContiguousMemory
-  - MmUnmapLockedPages
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - IoAllocateMdl
-  - MmMapIoSpace
-  - HalTranslateBusAddress
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=US, ST=Georgia, L=Norcross, O=American Megatrends, Inc., OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=Headquarters, CN=American
-        Megatrends, Inc.
-      ValidFrom: '2006-09-30 00:00:00'
-      ValidTo: '2009-11-16 23:59:59'
-      Signature: 7cb6b8f10c441fc01d130c6ae39a287be5cb175f02ae6c214f0034c77f262006f866180e4db8619079a50fef4fde71927b061ef79f3d0e1be1bba040afd81f202bb10892ce7a0549506158a1d15067dd7a82488cc4bd2c3f408ee928c85117ee0d080d9dc24b571b5d75e3ef1e87d3d6b755ab6f9c07ff92e3b2d515ab1219424bf288aed36595d534d91b905b80378c02bd470dd0fb8150888cd0ac3c98cd62becd7c274469167be833f226b05b822d875efa40863faa10e358edd17e3f4d1ee7d62590d1d3e26e9c953be9e1d9a309990e0bb9c06cdfaa89f7b021aaa8d933440d432eab2e7676bda57841b3e7a8933da8b1e047e9cde29ea89b62b4eb48b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 08dfd80b2826716554b1fb8cfa5043d7
-      Version: 3
-      TBS:
-        MD5: 960327b70b290ec28fa2e85cbb7a41fa
-        SHA1: a2ac59e0c82196d6661212232bd3bcf0588e40ea
-        SHA256: 8bb26b4dc7c105fd9cdd0604cedbf3647a700dc4ddadcad839d8e27312253e73
-        SHA384: 7cfe0dfecc1d1abfa204d28c446f706736b73a35cb37e4c2a40c7f3b68eef14ebfb665a6f23e3c0413cd8caf5979607e
-    Signer:
-    - SerialNumber: 08dfd80b2826716554b1fb8cfa5043d7
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 9f334698254c92ce933257bc672850e4
-    SHA1: 2873eeac59f168bf8f1a29b5dccf7a310f9ac7f7
-    SHA256: 61ec7fee8a31996254d6d7f32e6332ccd9d36fe8b7fe0cf5a407840ef4381027
-  Sections:
-    .text:
-      Entropy: 6.002893997944836
-      Virtual Size: '0x1166'
-    .rdata:
-      Entropy: 4.405240287195404
-      Virtual Size: '0x264'
-    .data:
-      Entropy: 0.5159719988134768
-      Virtual Size: '0x110'
-    .pdata:
-      Entropy: 3.524185420396862
-      Virtual Size: '0xb4'
-    INIT:
-      Entropy: 4.8944037123884145
-      Virtual Size: '0x36e'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2009-02-09 20:39:06'
-  Imphash: 4c304943af1b07b15a5efa80f17d9b89
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: amifldrv64.sys
-  MD5: 2971d4ee95f640d2818e38d8877c8984
-  SHA1: 28fa0e9429af24197134306b6c7189263e939136
-  SHA256: bc7ebd191e0991fd0865a5c956a92e63792a0bb2ff888af43f7a63bb65a22248
-  Authentihash:
-    MD5: fac2590714168b1e586ff99a1f2322de
-    SHA1: 2d6cd59a2df6883bfec777ddfe7d10c50555e2cb
-    SHA256: 846cc7c9bf2eab3400e66481568a010fb0dfbac01416a99258a4baabf1e10d35
-  Description: ''
-  Company: ''
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  Product: ''
-  ProductVersion: ''
-  Copyright: ''
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - ZwClose
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - RtlInitUnicodeString
-  - ZwUnmapViewOfSection
-  - MmFreeContiguousMemory
-  - IoFreeMdl
-  - MmMapLockedPages
-  - MmBuildMdlForNonPagedPool
-  - MmUnmapIoSpace
-  - MmGetPhysicalAddress
-  - MmIsAddressValid
-  - MmAllocateContiguousMemory
-  - MmUnmapLockedPages
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - IoAllocateMdl
-  - MmMapIoSpace
-  - HalTranslateBusAddress
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=US, ST=Georgia, L=Norcross, O=American Megatrends, Inc., OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=Headquarters, CN=American
-        Megatrends, Inc.
-      ValidFrom: '2010-05-07 00:00:00'
-      ValidTo: '2012-05-06 23:59:59'
-      Signature: 41aa6f714033d64479b8e3492829a9435eeaaa4d4d82b4a95192c18a07ab08afe25582abe5acaea015492a737f7bdd4591fdb50b670888a4d66dae5fc240fbd68276b8264e9f438df308568bbae1a06544acd767d960475aaf62cbce8e8feea6eafd802954e28ecf016620e7686727c6b75ddfb2818317e1e333641aae42d1cf6ec8f95bcc96a647143801547c6b3857323c08b552602724268d3c35569e83368bfed55c81cee51ac4a16db9f81fff47687ad82c20ef5fb7ea9102a43de699caa0b86c1a07b4a4b6f949c28cec24892a74461a0d3f8659f2abfc58818ba2b44393970d08bde058c694a73e335eab3a17df129668db432e2ea659f1f4774a1bdc
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1ecbf523c0f14748fe14841dbb88c365
-      Version: 3
-      TBS:
-        MD5: 64f5c20bac3ca9a20857800f4df459c1
-        SHA1: a74a6dc7bbed636d0dd81f4c568e8ba9a1b4f63c
-        SHA256: b719be4421509ea4032925e523e7045900feda002cc27f69031630da48e7c132
-        SHA384: 2ba2a3529dfbfaef4d681335a89d21e7a909249870e12e04e3257a7f76d638ffd5d1318b07525e87e61e9819610b6e64
-    Signer:
-    - SerialNumber: 1ecbf523c0f14748fe14841dbb88c365
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 1f44b746a7f3063e2a8fdd3d0d19b55e
-    SHA1: 93c45eb6cc3a19b2a3c714b15e9eaa6460232124
-    SHA256: 07ede27cc723134153668c011d01210e82f50b6d45471edbc77aba4a5c9c5413
-  Sections:
-    .text:
-      Entropy: 6.014310825644326
-      Virtual Size: '0x1256'
-    .rdata:
-      Entropy: 4.559308378075733
-      Virtual Size: '0x264'
-    .data:
-      Entropy: 0.5159719988134768
-      Virtual Size: '0x110'
-    .pdata:
-      Entropy: 3.463098667301449
-      Virtual Size: '0x9c'
-    INIT:
-      Entropy: 4.8944037123884145
-      Virtual Size: '0x36e'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2011-06-21 20:54:13'
-  Imphash: 4c304943af1b07b15a5efa80f17d9b89
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: amifldrv64.sys
-  MD5: 2503c4cf31588f0b011eb992ca3ee7ff
-  SHA1: e700fcfae0582275dbaee740f4f44b081703d20d
-  SHA256: c2fcc0fec64d5647813b84b9049d430406c4c6a7b9f8b725da21bcae2ff12247
-  Authentihash:
-    MD5: b1ea291940f1ae17794e05b8275fd130
-    SHA1: dc0d3d244d27b85e10135fff8d34a76c17022ee1
-    SHA256: 96cb847fab0befab75a6f39080dd444d022d4bec73017c9d7187fe6282a0faa1
-  Description: ''
-  Company: ''
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  Product: ''
-  ProductVersion: ''
-  Copyright: ''
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - ZwMapViewOfSection
-  - RtlInitUnicodeString
-  - ZwUnmapViewOfSection
-  - ZwClose
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - MmUnmapLockedPages
-  - MmFreeContiguousMemory
-  - MmBuildMdlForNonPagedPool
-  - IoFreeMdl
-  - MmGetPhysicalAddress
-  - MmMapIoSpace
-  - PsGetVersion
-  - IoAllocateMdl
-  - MmAllocateContiguousMemory
-  - DbgPrint
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeBugCheckEx
-  - MmMapLockedPagesSpecifyCache
-  - MmUnmapIoSpace
-  - HalTranslateBusAddress
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: ??=US, ??=Georgia, ??=Private Organization, serialNumber=J912954, C=US,
-        ST=Georgia, L=Norcross, O=American Megatrends, Inc., CN=American Megatrends,
-        Inc.
-      ValidFrom: '2017-08-30 00:00:00'
-      ValidTo: '2020-09-24 12:00:00'
-      Signature: 5a00ce1b66cc04a3be37c0926957fc54b1f2904c69a3555d90a15e3c7b7133e76583a0fe5c13c21cdddda40e6f0ba958964796abcfbb7fbe4de15a009f80e653556e29cac9d208645b8154f52f6045fa268f6e6b57536f21833f2cc92c5e9a51636cfeaa74f0b8ab80a8649d68c7c46f51a534c0697a426aa37337c7956268f4cdc8d88adbd1aa0cb620abeb7166172e914016c84e00824751b4f7142b54c56b74d578fd97aadda3e8e777ec22c34460a8dc7e0392a9adab018b16699d9ddd7551fd5c5924f3d1ccb9e6ef67ca0ab2107d1abf158add6d42ba18dee5ec35e3445627df4744d71f73ee3a199aaa42993ebaaa7f91f8b6d1b623350744853c1b38
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 0e55cdb4e7e8eeb9dd5d89fc1d7588ca
-      Version: 3
-      TBS:
-        MD5: a5de00a04f3cc5cb19818f21f9dfb050
-        SHA1: ca921c1b360b04765d8eec4edb88438ba7a28049
-        SHA256: 4c8b0e0cfde13478b5bc8b7e58a4b5f0971d324c17fa908b79816e5efa86e10c
-        SHA384: bea7d7bb51b76f219104dd211fec73f9951d47e116bdf3095b28bb02a33b675069ef5c283950f523828fd5434150c71a
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA (SHA2)
-      ValidFrom: '2012-04-18 12:00:00'
-      ValidTo: '2027-04-18 12:00:00'
-      Signature: 19334a0c813337dbad36c9e4c93abbb51b2e7aa2e2f44342179ebf4ea14de1b1dbe981dd9f01f2e488d5e9fe09fd21c1ec5d80d2f0d6c143c2fe772bdbf9d79133ce6cd5b2193be62ed6c9934f88408ecde1f57ef10fc6595672e8eb6a41bd1cd546d57c49ca663815c1bfe091707787dcc98d31c90c29a233ed8de287cd898d3f1bffd5e01a978b7cda6dfba8c6b23a666b7b01b3cdd8a634ec1201ab9558a5c45357a860e6e70212a0b92364a24dbb7c81256421becfee42184397bba53706af4dff26a54d614bec4641b865ceb8799e08960b818c8a3b8fc7998ca32a6e986d5e61c696b78ab9612d93b8eb0e0443d7f5fea6f062d4996aa5c1c1f0649480
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 03f1b4e15f3a82f1149678b3d7d8475c
-      Version: 3
-      TBS:
-        MD5: 83f5de89f641d0fbf60248e10a7b9534
-        SHA1: 382a73a059a08698d6eb98c87e1b36fc750933a4
-        SHA256: eec58131dc11cd7f512501b15fdbc6074c603b68ca91f7162d5a042054edb0cf
-        SHA384: 4a25018683cabfb8ec2cad136334f37f33c89aa8540326322991d997c8adfb7faf06ab602ebd46630fe75fe3d2edc6b1
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 0e55cdb4e7e8eeb9dd5d89fc1d7588ca
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA (SHA2)
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 37fafb0be0a03b0bd26c56c3bcf4fd8c
-    SHA1: fdc0adcad88124f803c820304ea91cb3e21a43ba
-    SHA256: 2059d94bbcf46705cbe2d88968197f1af1e4286afcf7ecc184d1521e10d1d5a3
-  Sections:
-    .text:
-      Entropy: 6.222025814777585
-      Virtual Size: '0x183e'
-    .rdata:
-      Entropy: 4.316666644738919
-      Virtual Size: '0x22c'
-    .data:
-      Entropy: 0.5159719988134768
-      Virtual Size: '0x110'
-    .pdata:
-      Entropy: 3.6993554490759406
-      Virtual Size: '0xc0'
-    INIT:
-      Entropy: 5.0855381540270885
-      Virtual Size: '0x3ba'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2018-11-04 23:20:44'
-  Imphash: b05ee5c816a30bc52378c759486af0b9
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: amifldrv64.sys
-  MD5: e5e8ecb20bc5630414707295327d755e
-  SHA1: 06ecf73790f0277b8e27c8138e2c9ad0fc876438
-  SHA256: e7cbfb16261de1c7f009431d374d90e9eb049ba78246e38bc4c8b9e06f324b6f
-  Authentihash:
-    MD5: 83a8c462f323e93e725875f6e96c8727
-    SHA1: c42feaa6c9788b7161b765f725070204f7b5e3ec
-    SHA256: 709ab95302bb44c7a7dafaf342ca933422ea03ed7b492be204a319161feb350e
-  Description: ''
-  Company: ''
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  Product: ''
-  ProductVersion: ''
-  Copyright: ''
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - ZwMapViewOfSection
-  - RtlInitUnicodeString
-  - ZwUnmapViewOfSection
-  - ZwClose
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - MmUnmapLockedPages
-  - MmFreeContiguousMemory
-  - MmBuildMdlForNonPagedPool
-  - IoFreeMdl
-  - MmMapIoSpace
-  - MmMapLockedPagesSpecifyCache
-  - IoAllocateMdl
-  - MmAllocateContiguousMemory
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeBugCheckEx
-  - MmGetPhysicalAddress
-  - MmUnmapIoSpace
-  - HalTranslateBusAddress
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: ??=US, ??=Georgia, ??=Private Organization, serialNumber=J912954, C=US,
-        ST=Georgia, L=Norcross, O=American Megatrends, Inc., CN=American Megatrends,
-        Inc.
-      ValidFrom: '2017-08-30 00:00:00'
-      ValidTo: '2020-09-24 12:00:00'
-      Signature: 5a00ce1b66cc04a3be37c0926957fc54b1f2904c69a3555d90a15e3c7b7133e76583a0fe5c13c21cdddda40e6f0ba958964796abcfbb7fbe4de15a009f80e653556e29cac9d208645b8154f52f6045fa268f6e6b57536f21833f2cc92c5e9a51636cfeaa74f0b8ab80a8649d68c7c46f51a534c0697a426aa37337c7956268f4cdc8d88adbd1aa0cb620abeb7166172e914016c84e00824751b4f7142b54c56b74d578fd97aadda3e8e777ec22c34460a8dc7e0392a9adab018b16699d9ddd7551fd5c5924f3d1ccb9e6ef67ca0ab2107d1abf158add6d42ba18dee5ec35e3445627df4744d71f73ee3a199aaa42993ebaaa7f91f8b6d1b623350744853c1b38
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 0e55cdb4e7e8eeb9dd5d89fc1d7588ca
-      Version: 3
-      TBS:
-        MD5: a5de00a04f3cc5cb19818f21f9dfb050
-        SHA1: ca921c1b360b04765d8eec4edb88438ba7a28049
-        SHA256: 4c8b0e0cfde13478b5bc8b7e58a4b5f0971d324c17fa908b79816e5efa86e10c
-        SHA384: bea7d7bb51b76f219104dd211fec73f9951d47e116bdf3095b28bb02a33b675069ef5c283950f523828fd5434150c71a
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA (SHA2)
-      ValidFrom: '2012-04-18 12:00:00'
-      ValidTo: '2027-04-18 12:00:00'
-      Signature: 19334a0c813337dbad36c9e4c93abbb51b2e7aa2e2f44342179ebf4ea14de1b1dbe981dd9f01f2e488d5e9fe09fd21c1ec5d80d2f0d6c143c2fe772bdbf9d79133ce6cd5b2193be62ed6c9934f88408ecde1f57ef10fc6595672e8eb6a41bd1cd546d57c49ca663815c1bfe091707787dcc98d31c90c29a233ed8de287cd898d3f1bffd5e01a978b7cda6dfba8c6b23a666b7b01b3cdd8a634ec1201ab9558a5c45357a860e6e70212a0b92364a24dbb7c81256421becfee42184397bba53706af4dff26a54d614bec4641b865ceb8799e08960b818c8a3b8fc7998ca32a6e986d5e61c696b78ab9612d93b8eb0e0443d7f5fea6f062d4996aa5c1c1f0649480
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 03f1b4e15f3a82f1149678b3d7d8475c
-      Version: 3
-      TBS:
-        MD5: 83f5de89f641d0fbf60248e10a7b9534
-        SHA1: 382a73a059a08698d6eb98c87e1b36fc750933a4
-        SHA256: eec58131dc11cd7f512501b15fdbc6074c603b68ca91f7162d5a042054edb0cf
-        SHA384: 4a25018683cabfb8ec2cad136334f37f33c89aa8540326322991d997c8adfb7faf06ab602ebd46630fe75fe3d2edc6b1
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 0e55cdb4e7e8eeb9dd5d89fc1d7588ca
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA (SHA2)
-      Version: 1
-  RichPEHeaderHash:
-    MD5: ef56fc9d56485c17dd1c03070dd4ee5a
-    SHA1: d5eae5456214e9f56cb7e3642e4021df1e0cd05a
-    SHA256: 6021a5d2b54abfd1988a1671700cf8b01a009cd4f31242beb383303d8623c6e2
-  Sections:
-    .text:
-      Entropy: 6.237884437720332
-      Virtual Size: '0x1b7e'
-    .rdata:
-      Entropy: 4.467064388656255
-      Virtual Size: '0x25c'
-    .data:
-      Entropy: 0.39557408985753395
-      Virtual Size: '0x1c0'
-    .pdata:
-      Entropy: 3.7790272797610935
-      Virtual Size: '0x108'
-    INIT:
-      Entropy: 5.1116136344980365
-      Virtual Size: '0x38e'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2020-09-10 20:51:41'
-  Imphash: 4fbdc03e4487f98fb59360ea5b3e640d
-  LoadsDespiteHVCI: 'TRUE'
-- Filename: amifldrv64.sys
-  MD5: 1f7b2a00fe0c55d17d1b04c5e0507970
-  SHA1: eb1ecad3d37bb980f908bf1a912415cff32e79e6
-  SHA256: fc22977ff721b3d718b71c42440ee2d8a144f3fbc7755e4331ddd5bcc65158d2
-  Authentihash:
-    MD5: 9e725819820804fbf377917e9e7a3333
-    SHA1: b0ec7d971da8ae84c0ed8f88a5d46b23996e636c
-    SHA256: 038f39558035292f1d794b7cf49f8e751e8633daec31454fe85cccbea83ba3fb
-  Description: ''
-  Company: ''
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  Product: ''
-  ProductVersion: ''
-  Copyright: ''
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - ZwClose
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - RtlInitUnicodeString
-  - ZwUnmapViewOfSection
-  - MmFreeContiguousMemory
-  - IoFreeMdl
-  - MmMapLockedPages
-  - MmBuildMdlForNonPagedPool
-  - MmUnmapIoSpace
-  - MmGetPhysicalAddress
-  - MmIsAddressValid
-  - MmAllocateContiguousMemory
-  - MmUnmapLockedPages
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - IoAllocateMdl
-  - MmMapIoSpace
-  - HalTranslateBusAddress
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=US, ST=Georgia, L=Norcross, O=American Megatrends, Inc., OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=Headquarters, CN=American
-        Megatrends, Inc.
-      ValidFrom: '2006-09-30 00:00:00'
-      ValidTo: '2009-11-16 23:59:59'
-      Signature: 7cb6b8f10c441fc01d130c6ae39a287be5cb175f02ae6c214f0034c77f262006f866180e4db8619079a50fef4fde71927b061ef79f3d0e1be1bba040afd81f202bb10892ce7a0549506158a1d15067dd7a82488cc4bd2c3f408ee928c85117ee0d080d9dc24b571b5d75e3ef1e87d3d6b755ab6f9c07ff92e3b2d515ab1219424bf288aed36595d534d91b905b80378c02bd470dd0fb8150888cd0ac3c98cd62becd7c274469167be833f226b05b822d875efa40863faa10e358edd17e3f4d1ee7d62590d1d3e26e9c953be9e1d9a309990e0bb9c06cdfaa89f7b021aaa8d933440d432eab2e7676bda57841b3e7a8933da8b1e047e9cde29ea89b62b4eb48b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 08dfd80b2826716554b1fb8cfa5043d7
-      Version: 3
-      TBS:
-        MD5: 960327b70b290ec28fa2e85cbb7a41fa
-        SHA1: a2ac59e0c82196d6661212232bd3bcf0588e40ea
-        SHA256: 8bb26b4dc7c105fd9cdd0604cedbf3647a700dc4ddadcad839d8e27312253e73
-        SHA384: 7cfe0dfecc1d1abfa204d28c446f706736b73a35cb37e4c2a40c7f3b68eef14ebfb665a6f23e3c0413cd8caf5979607e
-    Signer:
-    - SerialNumber: 08dfd80b2826716554b1fb8cfa5043d7
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 9f334698254c92ce933257bc672850e4
-    SHA1: 2873eeac59f168bf8f1a29b5dccf7a310f9ac7f7
-    SHA256: 61ec7fee8a31996254d6d7f32e6332ccd9d36fe8b7fe0cf5a407840ef4381027
-  Sections:
-    .text:
-      Entropy: 5.99821129939302
-      Virtual Size: '0x1176'
-    .rdata:
-      Entropy: 4.414177314559514
-      Virtual Size: '0x264'
-    .data:
-      Entropy: 0.5159719988134768
-      Virtual Size: '0x110'
-    .pdata:
-      Entropy: 3.4895989621236247
-      Virtual Size: '0xb4'
-    INIT:
-      Entropy: 4.891266027306224
-      Virtual Size: '0x36e'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2009-08-20 04:07:22'
-  Imphash: 4c304943af1b07b15a5efa80f17d9b89
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: amifldrv.sys
-  MD5: 7b9717c608a5f5a1c816128a609e9575
-  SHA1: ec457a53ea03287cbbd1edcd5f27835a518ef144
-  SHA256: ffc72f0bde21ba20aa97bee99d9e96870e5aa40cce9884e44c612757f939494f
-  Authentihash:
-    MD5: 08cac606d72411c22b1400d755a2b6e3
-    SHA1: 6055dbc453c111e57c85ec8cfad9e6e11421c8d4
-    SHA256: 5167b33a95b4db0a1244cb3b95d4024587d9a5a95222babb033210e6b111d2fb
-  Description: AMI Generic Utility Driver
-  Company: Windows (R) Win 7 DDK provider
-  InternalName: amifldrv.sys
-  OriginalFilename: amifldrv.sys
-  FileVersion: 10.0.10011.16384
-  Product: Windows (R) Win 7 DDK driver
-  ProductVersion: 10.0.10011.16384
-  Copyright: "\xA9 Microsoft Corporation. All rights reserved."
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - MmMapLockedPagesSpecifyCache
-  - MmUnmapLockedPages
-  - MmAllocateContiguousMemory
-  - MmFreeContiguousMemory
-  - IoAllocateMdl
-  - IoFreeMdl
-  - MmGetPhysicalAddress
-  - RtlInitUnicodeString
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - KeLowerIrql
-  - KfRaiseIrql
-  - MmBuildMdlForNonPagedPool
-  - MmUnmapIoSpace
-  - ObReferenceObjectByHandle
-  - ZwClose
-  - ZwOpenSection
-  - ZwMapViewOfSection
-  - ZwUnmapViewOfSection
-  - ExFreePoolWithTag
-  - MmGetSystemRoutineAddress
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - MmMapIoSpace
-  - RtlCompareMemory
-  - HalTranslateBusAddress
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: ??=US, ??=Georgia, ??=Private Organization, serialNumber=J912954, C=US,
-        ST=Georgia, L=Norcross, O=American Megatrends, Inc., CN=American Megatrends,
-        Inc.
-      ValidFrom: '2017-08-30 00:00:00'
-      ValidTo: '2020-09-24 12:00:00'
-      Signature: 5a00ce1b66cc04a3be37c0926957fc54b1f2904c69a3555d90a15e3c7b7133e76583a0fe5c13c21cdddda40e6f0ba958964796abcfbb7fbe4de15a009f80e653556e29cac9d208645b8154f52f6045fa268f6e6b57536f21833f2cc92c5e9a51636cfeaa74f0b8ab80a8649d68c7c46f51a534c0697a426aa37337c7956268f4cdc8d88adbd1aa0cb620abeb7166172e914016c84e00824751b4f7142b54c56b74d578fd97aadda3e8e777ec22c34460a8dc7e0392a9adab018b16699d9ddd7551fd5c5924f3d1ccb9e6ef67ca0ab2107d1abf158add6d42ba18dee5ec35e3445627df4744d71f73ee3a199aaa42993ebaaa7f91f8b6d1b623350744853c1b38
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 0e55cdb4e7e8eeb9dd5d89fc1d7588ca
-      Version: 3
-      TBS:
-        MD5: a5de00a04f3cc5cb19818f21f9dfb050
-        SHA1: ca921c1b360b04765d8eec4edb88438ba7a28049
-        SHA256: 4c8b0e0cfde13478b5bc8b7e58a4b5f0971d324c17fa908b79816e5efa86e10c
-        SHA384: bea7d7bb51b76f219104dd211fec73f9951d47e116bdf3095b28bb02a33b675069ef5c283950f523828fd5434150c71a
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA (SHA2)
-      ValidFrom: '2012-04-18 12:00:00'
-      ValidTo: '2027-04-18 12:00:00'
-      Signature: 19334a0c813337dbad36c9e4c93abbb51b2e7aa2e2f44342179ebf4ea14de1b1dbe981dd9f01f2e488d5e9fe09fd21c1ec5d80d2f0d6c143c2fe772bdbf9d79133ce6cd5b2193be62ed6c9934f88408ecde1f57ef10fc6595672e8eb6a41bd1cd546d57c49ca663815c1bfe091707787dcc98d31c90c29a233ed8de287cd898d3f1bffd5e01a978b7cda6dfba8c6b23a666b7b01b3cdd8a634ec1201ab9558a5c45357a860e6e70212a0b92364a24dbb7c81256421becfee42184397bba53706af4dff26a54d614bec4641b865ceb8799e08960b818c8a3b8fc7998ca32a6e986d5e61c696b78ab9612d93b8eb0e0443d7f5fea6f062d4996aa5c1c1f0649480
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 03f1b4e15f3a82f1149678b3d7d8475c
-      Version: 3
-      TBS:
-        MD5: 83f5de89f641d0fbf60248e10a7b9534
-        SHA1: 382a73a059a08698d6eb98c87e1b36fc750933a4
-        SHA256: eec58131dc11cd7f512501b15fdbc6074c603b68ca91f7162d5a042054edb0cf
-        SHA384: 4a25018683cabfb8ec2cad136334f37f33c89aa8540326322991d997c8adfb7faf06ab602ebd46630fe75fe3d2edc6b1
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 0e55cdb4e7e8eeb9dd5d89fc1d7588ca
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA (SHA2)
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 22c1aa4fd648b9e83a61fb46cccca57a
-    SHA1: 869c3ac1eeb8a57bf54702c225c98170cdf596dd
-    SHA256: 2b7e106cfd1c70b544af1544f1e4efc46a8cb812a907bbf89d9e73eac42f7b03
-  Sections:
-    .text:
-      Entropy: 6.377894790652307
-      Virtual Size: '0x20fe'
-    .rdata:
-      Entropy: 4.187746427960226
-      Virtual Size: '0x6c8'
-    .data:
-      Entropy: 0.6627058304164626
-      Virtual Size: '0x1fc'
-    .pdata:
-      Entropy: 3.9618307720615737
-      Virtual Size: '0x1e0'
-    .gfids:
-      Entropy: 0.8112781244591328
-      Virtual Size: '0x4'
-    PAGE:
-      Entropy: 5.772669094690347
-      Virtual Size: '0x148'
-    INIT:
-      Entropy: 5.163068093359347
-      Virtual Size: '0x438'
-    .rsrc:
-      Entropy: 3.585664604917059
-      Virtual Size: '0x470'
-    .reloc:
-      Entropy: 2.9176286494293437
-      Virtual Size: '0x18'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2020-09-18 00:26:30'
-  Imphash: 07a42e80559d960b176c0fc8fd309bfe
-  LoadsDespiteHVCI: 'TRUE'
-- Filename: amifldrv64.sys
-  MD5: 6ab7b8ef0c44e7d2d5909fdb58d37fa5
-  SHA1: bb962c9a8dda93e94fef504c4159de881e4706fe
-  SHA256: 42579a759f3f95f20a2c51d5ac2047a2662a2675b3fb9f46c1ed7f23393a0f00
-  Signature:
-  - American Megatrends, Inc.
-  - VeriSign Class 3 Code Signing 2010 CA
-  - VeriSign
-  Date: ''
-  Publisher: '"American Megatrends, Inc."'
-  Company: ''
-  Description: ''
-  Product: ''
-  ProductVersion: ''
-  FileVersion: ''
-  MachineType: AMD64
-  OriginalFilename: ''
-  Authentihash:
-    MD5: fc9e48051c2b957ed1cc7b69a29a66c8
-    SHA1: 716bce2ce697883eba0c051ed487de6304d73cd3
-    SHA256: d7841ee6dac956cc0923368d6722063a19c9fa131e55c6f3b7484cce78d826f0
-  InternalName: ''
-  Copyright: ''
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - ZwClose
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - RtlInitUnicodeString
-  - ZwUnmapViewOfSection
-  - MmFreeContiguousMemory
-  - IoFreeMdl
-  - MmMapLockedPages
-  - MmMapLockedPagesSpecifyCache
-  - PsGetVersion
-  - MmUnmapIoSpace
-  - IoAllocateMdl
-  - MmGetPhysicalAddress
-  - MmIsAddressValid
-  - MmAllocateContiguousMemory
-  - MmUnmapLockedPages
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - MmBuildMdlForNonPagedPool
-  - MmMapIoSpace
-  - HalTranslateBusAddress
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, ST=Georgia, L=Norcross, O=American Megatrends, Inc., OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=Headquarters, CN=American
-        Megatrends, Inc.
-      ValidFrom: '2012-06-26 00:00:00'
-      ValidTo: '2015-06-26 23:59:59'
-      Signature: 5460beb703f166c9e6162d718f8e007272cb4311c796179a1d9f961bf90afd5019666505230d293cec6536bdeb283d167d4aa10d10e1693a9203ac123052e9a85dd70e698e1d4d27609892c789a423afb9f4db6063873df482e41c4533931ba6e85bf70f6ba1ffeed4dbb4a9d8d64698eca2b119fdb150d1d371cf7bf66f91ee76c743a8da01a13748dcd300def65d094ea4c9298d897e7c2e35c1445445b8570fd3cf14e966c35206d738b2074cc4e1a09e467e4d817a4bb8ba5c4ae69e30682ce55df79f9bc796dc0fc60fba1b5ecca4c3b963e7b666cd1b7eddc0dd4f0f1ec95e1c77aeb4081e4d0e44ff28c243945a6e6e14eaf39b76856e93b0f4843384
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 5ba2905d11f5cfbbc53ab21bfd39defe
-      Version: 3
-      TBS:
-        MD5: 5fa5fe411cf2f824dba6ce8c34a7c1a2
-        SHA1: 3c83886e28508f0cf5222ae6e8ffdb874144d42d
-        SHA256: 9a70952ea856e2791bbdfad165dea69c7e57236053401fca97c67f95799efc41
-        SHA384: 485bdb94bb6c9f8bcaea54c102f710d6f5b6b85a77431bed08697ad7c2386db4fc34e8860369fd6ecaa5fc37b8577ecc
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 5ba2905d11f5cfbbc53ab21bfd39defe
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 11043dc4782ab6f558b2f54a5734da6d
-    SHA1: b77cba260bebc385e5e1c645a075e780afe12016
-    SHA256: 104d53607e0a82726e7fa522d2f9430be286cfa1738933236ecd2576398203e7
-  Sections:
-    .text:
-      Entropy: 6.0530124452382665
-      Virtual Size: '0x1406'
-    .rdata:
-      Entropy: 4.4254098566782165
-      Virtual Size: '0x2b0'
-    .data:
-      Entropy: 0.5159719988134768
-      Virtual Size: '0x110'
-    .pdata:
-      Entropy: 3.6014977715294747
-      Virtual Size: '0xd8'
-    INIT:
-      Entropy: 4.923446652280529
-      Virtual Size: '0x3ae'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2014-12-03 23:04:12'
-  Imphash: 4c0161f638d5acafe23fcee3c5e86f15
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 9e725819820804fbf377917e9e7a3333
-    SHA1: b0ec7d971da8ae84c0ed8f88a5d46b23996e636c
-    SHA256: 038f39558035292f1d794b7cf49f8e751e8633daec31454fe85cccbea83ba3fb
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2009-08-20 04:07:22'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - ZwClose
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - RtlInitUnicodeString
-  - ZwUnmapViewOfSection
-  - MmFreeContiguousMemory
-  - IoFreeMdl
-  - MmMapLockedPages
-  - MmBuildMdlForNonPagedPool
-  - MmUnmapIoSpace
-  - MmGetPhysicalAddress
-  - MmIsAddressValid
-  - MmAllocateContiguousMemory
-  - MmUnmapLockedPages
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - IoAllocateMdl
-  - MmMapIoSpace
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: f41f65189b796534d8ef6bf9caa06853
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 9f334698254c92ce933257bc672850e4
-    SHA1: 2873eeac59f168bf8f1a29b5dccf7a310f9ac7f7
-    SHA256: 61ec7fee8a31996254d6d7f32e6332ccd9d36fe8b7fe0cf5a407840ef4381027
-  SHA1: 4d7d514b13de9bd3e9753bf058958e7f03f36983
-  SHA256: 5e238d351e16d4909ca394f1db0326a60d33c9ac7b4d78aefcf17a6d9cc72be9
-  Sections:
-    .text:
-      Entropy: 5.99821129939302
-      Virtual Size: '0x1176'
-    .rdata:
-      Entropy: 4.414177314559514
-      Virtual Size: '0x264'
-    .data:
-      Entropy: 0.5159719988134768
-      Virtual Size: '0x110'
-    .pdata:
-      Entropy: 3.4895989621236247
-      Virtual Size: '0xb4'
-    INIT:
-      Entropy: 4.891266027306224
-      Virtual Size: '0x36e'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=DE, postalCode=81673, ST=Bayern, L=Mnchen, ??=Tomannweg 6, O=NOVENTI
-        Health SE, CN=NOVENTI Health SE
-      ValidFrom: '2021-03-25 00:00:00'
-      ValidTo: '2024-03-24 23:59:59'
-      Signature: 519d68e4d16da2927761a469f3e722556dc89310e1cc9b215e8992da99d01a265aba54680568e7addbc248e894045a18190d3e05ac35109fbc8518bdf7e68a28e853bff1b2291d84ec03550569a0fa8331c5de89c4c9c47911c902a40cd4772b2086b541a8c57d3a30c05858d717dec7f859c66895ee1bea0b5a9c871a297efed221348320c85aebcda9a210e7f7b3ac88325041ea330fa5ca0cba6ecf07861e3e665c8095df135706b033b38d9567fd9b2c745e3afab8048e7aa41a4b7b0ef7ef39315a98026983b9fa9fe775c15452d18b124890fb9b52db063cbd3dc0d58b3eeb894262c74bd791efe66bf49f071ee4796aa7b3c983b29b05a53c3a0bd507
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 00bae5fa7e148e727ecf4481e69416f9a0
-      Version: 3
-      TBS:
-        MD5: e60d2ebd77b703a3f6628183b0ad1262
-        SHA1: 9e82200e82226ceae142ac8b8cd9580dd585c0c7
-        SHA256: 587d3e589c526256b69c3836ba380c292f11cba42bd7ad847cdb8922d5c0c66a
-        SHA384: 266ef698aa66c7948f7a0f9989e4e086e7821b768ebbe85f439aa3fafccbc5eefbde84ac00ad3a18aeb2777b3a682d42
-    - Subject: C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust
-        RSA Certification Authority
-      ValidFrom: '2019-03-12 00:00:00'
-      ValidTo: '2028-12-31 23:59:59'
-      Signature: 188751dc74213d9c8ae027b733d02eccecf0e6cb5e11de226f9b758e9e72fee4d6feaa1f9c962def034a7eaef48d6f723c433bc03febb8df5caaa9c6aef2fcd8eea37b43f686367c14e0cdf4f73ffedeb8b48af09196fefd43647efdccd201a17d7df81919c9422b13bf588bbaa4a266047688914e0c8914cea24dc932b3bae8141abc71f15bf0410b98000a220310e50cb1f9cd923719ed3bf1e43ab6f945132675afbbaaef3f7b773bd2c402913d1900d3175c39db3f7b180d45cd9385962f5ddf59164f3f51bdd545183fed4a8ee80661742316b50d50732744477f105d892a6b853114c4e8a96a4c80bc6a78cfb87f8e7672990c9dfed7910816a1a35f95
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.12
-      IsCertificateAuthority: true
-      SerialNumber: 3972443af922b751d7d36c10dd313595
-      Version: 3
-      TBS:
-        MD5: 3f5b269ded03667a7bad47c1885062b0
-        SHA1: 0f01247aaf8b46e3617880e0f5f5dfac696ed7a3
-        SHA256: 593e2d49a74023555526aef9b7422b19e5b8b167391b6dee5ed292b1ca23a74c
-        SHA384: 13baa039635f1c5292a8c2f36aae7e1d25c025202e9092f5b0f53f5f752dfa9c71b3d1b8d9a6358fcee6ec75622fabf9
-    - Subject: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo
-        RSA Code Signing CA
-      ValidFrom: '2018-11-02 00:00:00'
-      ValidTo: '2030-12-31 23:59:59'
-      Signature: 4d6350ed47344a61a4dbde6a2a8c9bf100001e1d627b3ad732c2f6b3e063b3fb6100889a1b6d1007044fbeb8ea897822eb0f46ecf3465e40468912f40b775a9c2a413afcd6f4ebe7f7159533c3a18328b7de2fe494f78533832d4a4048bf9ac24f4ab18f24f4b38137d3b764b0a6236a596852425fff04ebe174657908f5a993de6b71409996ba78f1b9c8e2c30816b1ab635ac815806d745e4a757ea5b8c36cb5cfdf4a79875cc7404d6335f630d3cfb50a0e0b047fa04baebba3a5d08400933e535d34a50035696cbe9f2025100d19fb509061be398f7a8e4df69f0e1efe075112668326194895ce4ac9c17ff33a059bf96fdf887fc0239ed21e437a4531c19c4da9f059b25919e86a8d290402777c4b4bcd70be3ab2555a783ebcbb6f0310257715348af936cc4392e4ba4ff1629328255729fb5119c7a125406a8457c6b29db1bc1c0ada7c677e7d2ee9284c187ec47b3141719a4b29ec0b3d5750d2caddfd9e0551e54478dd01deb175980d5424fdf04ee3e2f883bd72bacb3d3aeef05e1792686dc861f9a6f12a0a0ba5b9f49eee983205859eebf98329d3c62c7dbd3a772e8b3742a06a82ed3b4aaa9410a4e10df817c5b65a79331892e3b575f8a1e98e0a251ee41ef19f5a8723ff9fa4519efb398011cddbb5c4a7a8806fe553d4e0e3a2c2d25b1afa32262d6a57701c3ca4582ea3f35b4b07dc3259f387a71a6d58
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.12
-      IsCertificateAuthority: true
-      SerialNumber: 1da248306f9b2618d082e0967d33d36a
-      Version: 3
-      TBS:
-        MD5: c1eabfb5994258ad955adb7c2df165e6
-        SHA1: fa33b3c00cebc469b269220d9eab26926c9b8ad8
-        SHA256: 70dffac37eb787b2198816982c7d44f541d2e39a7dac069d37b367dc9f354b32
-        SHA384: 20adc5b59cb532e215f01ba09a9c745898c206555613512fea7c295ccfd17ced4fe2c5bc3274ca8a270fc68799b8343c
-    Signer:
-    - SerialNumber: 00bae5fa7e148e727ecf4481e69416f9a0
-      Issuer: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo
-        RSA Code Signing CA
-      Version: 1
-  Imphash: 4c304943af1b07b15a5efa80f17d9b89
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: ea34e232fa33735e7ec30ffecd39e9b7
-    SHA1: 89817cfa2603b582c1e9f7f66db5847ec6661b36
-    SHA256: df4566edea7c02e29d7dc56ff3f7da6c1ef846e1063b2805a5180bb0d6db37e8
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2018-03-06 02:32:52'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - ZwMapViewOfSection
-  - RtlInitUnicodeString
-  - ZwUnmapViewOfSection
-  - ZwClose
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - MmUnmapLockedPages
-  - MmMapLockedPages
-  - MmFreeContiguousMemory
-  - MmBuildMdlForNonPagedPool
-  - IoFreeMdl
-  - MmGetPhysicalAddress
-  - MmMapIoSpace
-  - PsGetVersion
-  - MmIsAddressValid
-  - IoAllocateMdl
-  - MmAllocateContiguousMemory
-  - DbgPrint
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeBugCheckEx
-  - MmMapLockedPagesSpecifyCache
-  - MmUnmapIoSpace
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: 304f7b25251e688516aa452411c0d439
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: c00cf23e0046a177de4bc1e505e3aab8
-    SHA1: 22294b742e5e9a98ee5cde08bfc7b38bed3b8dfc
-    SHA256: b1ad7c2951f77267f3557f4ac3008b34d24538a221eacb44df3de75b0b4e093f
-  SHA1: 3a2e9523fa861714f1acf76009c2b024aa78ad03
-  SHA256: f06fdfe50ebc8d1d2daf5811b66288563f26a09a2ec9c2a21e2a71ff19756062
-  Sections:
-    .text:
-      Entropy: 6.233864044218723
-      Virtual Size: '0x185e'
-    .rdata:
-      Entropy: 4.19939457022358
-      Virtual Size: '0x234'
-    .data:
-      Entropy: 0.5159719988134768
-      Virtual Size: '0x110'
-    .pdata:
-      Entropy: 3.646261220984394
-      Virtual Size: '0xc0'
-    INIT:
-      Entropy: 5.080431277889913
-      Virtual Size: '0x3f2'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: ??=US, ??=Georgia, ??=Private Organization, serialNumber=J912954, C=US,
-        ST=Georgia, L=Norcross, O=American Megatrends, Inc., CN=American Megatrends,
-        Inc.
-      ValidFrom: '2017-08-30 00:00:00'
-      ValidTo: '2020-09-24 12:00:00'
-      Signature: 5a00ce1b66cc04a3be37c0926957fc54b1f2904c69a3555d90a15e3c7b7133e76583a0fe5c13c21cdddda40e6f0ba958964796abcfbb7fbe4de15a009f80e653556e29cac9d208645b8154f52f6045fa268f6e6b57536f21833f2cc92c5e9a51636cfeaa74f0b8ab80a8649d68c7c46f51a534c0697a426aa37337c7956268f4cdc8d88adbd1aa0cb620abeb7166172e914016c84e00824751b4f7142b54c56b74d578fd97aadda3e8e777ec22c34460a8dc7e0392a9adab018b16699d9ddd7551fd5c5924f3d1ccb9e6ef67ca0ab2107d1abf158add6d42ba18dee5ec35e3445627df4744d71f73ee3a199aaa42993ebaaa7f91f8b6d1b623350744853c1b38
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 0e55cdb4e7e8eeb9dd5d89fc1d7588ca
-      Version: 3
-      TBS:
-        MD5: a5de00a04f3cc5cb19818f21f9dfb050
-        SHA1: ca921c1b360b04765d8eec4edb88438ba7a28049
-        SHA256: 4c8b0e0cfde13478b5bc8b7e58a4b5f0971d324c17fa908b79816e5efa86e10c
-        SHA384: bea7d7bb51b76f219104dd211fec73f9951d47e116bdf3095b28bb02a33b675069ef5c283950f523828fd5434150c71a
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA (SHA2)
-      ValidFrom: '2012-04-18 12:00:00'
-      ValidTo: '2027-04-18 12:00:00'
-      Signature: 19334a0c813337dbad36c9e4c93abbb51b2e7aa2e2f44342179ebf4ea14de1b1dbe981dd9f01f2e488d5e9fe09fd21c1ec5d80d2f0d6c143c2fe772bdbf9d79133ce6cd5b2193be62ed6c9934f88408ecde1f57ef10fc6595672e8eb6a41bd1cd546d57c49ca663815c1bfe091707787dcc98d31c90c29a233ed8de287cd898d3f1bffd5e01a978b7cda6dfba8c6b23a666b7b01b3cdd8a634ec1201ab9558a5c45357a860e6e70212a0b92364a24dbb7c81256421becfee42184397bba53706af4dff26a54d614bec4641b865ceb8799e08960b818c8a3b8fc7998ca32a6e986d5e61c696b78ab9612d93b8eb0e0443d7f5fea6f062d4996aa5c1c1f0649480
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 03f1b4e15f3a82f1149678b3d7d8475c
-      Version: 3
-      TBS:
-        MD5: 83f5de89f641d0fbf60248e10a7b9534
-        SHA1: 382a73a059a08698d6eb98c87e1b36fc750933a4
-        SHA256: eec58131dc11cd7f512501b15fdbc6074c603b68ca91f7162d5a042054edb0cf
-        SHA384: 4a25018683cabfb8ec2cad136334f37f33c89aa8540326322991d997c8adfb7faf06ab602ebd46630fe75fe3d2edc6b1
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 0e55cdb4e7e8eeb9dd5d89fc1d7588ca
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA (SHA2)
-      Version: 1
-  Imphash: 363922cc73591e60f2af113182414230
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 055ae7ceb7439b6f8de45c1143b8d84b
-    SHA1: e91ea7fece914edc7f398a05bec3fcfb765328bb
-    SHA256: 2ee914c20b3e4a321bcd2ea2f0f437cda6da09dc0819cd6f06960c0567f4cb19
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2011-06-13 02:41:57'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - ZwClose
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - RtlInitUnicodeString
-  - ZwUnmapViewOfSection
-  - MmFreeContiguousMemory
-  - IoFreeMdl
-  - MmMapLockedPages
-  - MmBuildMdlForNonPagedPool
-  - MmUnmapIoSpace
-  - MmGetPhysicalAddress
-  - MmIsAddressValid
-  - MmAllocateContiguousMemory
-  - MmUnmapLockedPages
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - IoAllocateMdl
-  - MmMapIoSpace
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: cb6173824b31a721e5cf332c75bb2473
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 9f334698254c92ce933257bc672850e4
-    SHA1: 2873eeac59f168bf8f1a29b5dccf7a310f9ac7f7
-    SHA256: 61ec7fee8a31996254d6d7f32e6332ccd9d36fe8b7fe0cf5a407840ef4381027
-  SHA1: 41f2d0f9863bce8920c207b1ef5d3d32b603edef
-  SHA256: fda506e2aa85dc41a4cbc23d3ecc71ab34e06f1def736e58862dc449acbc2330
-  Sections:
-    .text:
-      Entropy: 6.001236000314558
-      Virtual Size: '0x1176'
-    .rdata:
-      Entropy: 4.514613046184404
-      Virtual Size: '0x278'
-    .data:
-      Entropy: 0.5159719988134768
-      Virtual Size: '0x110'
-    .pdata:
-      Entropy: 3.48065651504342
-      Virtual Size: '0xb4'
-    INIT:
-      Entropy: 4.891266027306224
-      Virtual Size: '0x36e'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=US, ST=Georgia, L=Norcross, O=American Megatrends, Inc., OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=Headquarters, CN=American
-        Megatrends, Inc.
-      ValidFrom: '2010-05-07 00:00:00'
-      ValidTo: '2012-05-06 23:59:59'
-      Signature: 41aa6f714033d64479b8e3492829a9435eeaaa4d4d82b4a95192c18a07ab08afe25582abe5acaea015492a737f7bdd4591fdb50b670888a4d66dae5fc240fbd68276b8264e9f438df308568bbae1a06544acd767d960475aaf62cbce8e8feea6eafd802954e28ecf016620e7686727c6b75ddfb2818317e1e333641aae42d1cf6ec8f95bcc96a647143801547c6b3857323c08b552602724268d3c35569e83368bfed55c81cee51ac4a16db9f81fff47687ad82c20ef5fb7ea9102a43de699caa0b86c1a07b4a4b6f949c28cec24892a74461a0d3f8659f2abfc58818ba2b44393970d08bde058c694a73e335eab3a17df129668db432e2ea659f1f4774a1bdc
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1ecbf523c0f14748fe14841dbb88c365
-      Version: 3
-      TBS:
-        MD5: 64f5c20bac3ca9a20857800f4df459c1
-        SHA1: a74a6dc7bbed636d0dd81f4c568e8ba9a1b4f63c
-        SHA256: b719be4421509ea4032925e523e7045900feda002cc27f69031630da48e7c132
-        SHA384: 2ba2a3529dfbfaef4d681335a89d21e7a909249870e12e04e3257a7f76d638ffd5d1318b07525e87e61e9819610b6e64
-    Signer:
-    - SerialNumber: 1ecbf523c0f14748fe14841dbb88c365
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  Imphash: 4c304943af1b07b15a5efa80f17d9b89
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: f7b9cfa7e07f5c516f65bbe9f7976634
-    SHA1: 40603c7230d74ff33524a11c0b09f9459e7afe91
-    SHA256: 8b4cbd2bc16071a1868597ec86857dba1140f981e3e943b0857341daffff4e69
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2012-07-23 01:53:08'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - ZwMapViewOfSection
-  - RtlInitUnicodeString
-  - ZwUnmapViewOfSection
-  - ZwClose
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - MmUnmapLockedPages
-  - MmMapLockedPages
-  - MmFreeContiguousMemory
-  - MmBuildMdlForNonPagedPool
-  - MmMapIoSpace
-  - MmGetPhysicalAddress
-  - MmIsAddressValid
-  - IoAllocateMdl
-  - MmAllocateContiguousMemory
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeBugCheckEx
-  - IoFreeMdl
-  - MmUnmapIoSpace
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: 73fc2954829a49fc8eb178b000d10120
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 4514064220e4df532f9e1c494dcf525b
-    SHA1: 2c8246e50cf577a458ea6c41dbdbce96b1cd935c
-    SHA256: cf1a7659682ded15bdb0f509de52b3e4aaa2bffb9e19b98208b8615bd9138433
-  SHA1: 4040f6974119ff2486f9a0cbd749ce240cbee2aa
-  SHA256: 26ba58c9af9c8a7aebf222f491f786daa0626be44d34f170fea3623d92828e63
-  Sections:
-    .text:
-      Entropy: 6.111427747435866
-      Virtual Size: '0x111e'
-    .rdata:
-      Entropy: 4.155346525091322
-      Virtual Size: '0x1fc'
-    .data:
-      Entropy: 0.5159719988134768
-      Virtual Size: '0x110'
-    .pdata:
-      Entropy: 3.5513818130711634
-      Virtual Size: '0xa8'
-    INIT:
-      Entropy: 5.084386508092528
-      Virtual Size: '0x39e'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G3
-      ValidFrom: '2012-05-01 00:00:00'
-      ValidTo: '2012-12-31 23:59:59'
-      Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
-      Version: 3
-      TBS:
-        MD5: e6d820afb23af20a65cf0b03247ea05e
-        SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
-        SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
-        SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, ST=Georgia, L=Norcross, O=American Megatrends, Inc., OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=Headquarters, CN=American
-        Megatrends, Inc.
-      ValidFrom: '2012-06-26 00:00:00'
-      ValidTo: '2015-06-26 23:59:59'
-      Signature: 5460beb703f166c9e6162d718f8e007272cb4311c796179a1d9f961bf90afd5019666505230d293cec6536bdeb283d167d4aa10d10e1693a9203ac123052e9a85dd70e698e1d4d27609892c789a423afb9f4db6063873df482e41c4533931ba6e85bf70f6ba1ffeed4dbb4a9d8d64698eca2b119fdb150d1d371cf7bf66f91ee76c743a8da01a13748dcd300def65d094ea4c9298d897e7c2e35c1445445b8570fd3cf14e966c35206d738b2074cc4e1a09e467e4d817a4bb8ba5c4ae69e30682ce55df79f9bc796dc0fc60fba1b5ecca4c3b963e7b666cd1b7eddc0dd4f0f1ec95e1c77aeb4081e4d0e44ff28c243945a6e6e14eaf39b76856e93b0f4843384
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 5ba2905d11f5cfbbc53ab21bfd39defe
-      Version: 3
-      TBS:
-        MD5: 5fa5fe411cf2f824dba6ce8c34a7c1a2
-        SHA1: 3c83886e28508f0cf5222ae6e8ffdb874144d42d
-        SHA256: 9a70952ea856e2791bbdfad165dea69c7e57236053401fca97c67f95799efc41
-        SHA384: 485bdb94bb6c9f8bcaea54c102f710d6f5b6b85a77431bed08697ad7c2386db4fc34e8860369fd6ecaa5fc37b8577ecc
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 5ba2905d11f5cfbbc53ab21bfd39defe
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 9943d029b8ce940ac6c9a8ab0737bf35
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 8d9eae0e8d075f0ddfaac56869fb4b12
-    SHA1: a6d2266a4e27c71666ce5964570e87a8b0227e91
-    SHA256: 9022cdd52aa3420757d5c16fe61a4fd4d538fe74981ddf3f29de00eb7a3be849
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2011-07-15 00:02:29'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - ZwClose
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - RtlInitUnicodeString
-  - ZwUnmapViewOfSection
-  - MmFreeContiguousMemory
-  - IoFreeMdl
-  - MmMapLockedPages
-  - MmBuildMdlForNonPagedPool
-  - MmUnmapIoSpace
-  - MmGetPhysicalAddress
-  - MmIsAddressValid
-  - MmAllocateContiguousMemory
-  - MmUnmapLockedPages
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - IoAllocateMdl
-  - MmMapIoSpace
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: 28463a6a70f9a686a45934f6559b9b17
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 1f44b746a7f3063e2a8fdd3d0d19b55e
-    SHA1: 93c45eb6cc3a19b2a3c714b15e9eaa6460232124
-    SHA256: 07ede27cc723134153668c011d01210e82f50b6d45471edbc77aba4a5c9c5413
-  SHA1: 27661f6a951a7fa031644bdf014e864c4ee6ec76
-  SHA256: 990165725debccea7ca15aa4ed7a0e3a2a25b4a72cb309a27c899bd0e4b5148f
-  Sections:
-    .text:
-      Entropy: 6.012130762301222
-      Virtual Size: '0x1226'
-    .rdata:
-      Entropy: 4.446456569232528
-      Virtual Size: '0x244'
-    .data:
-      Entropy: 0.5159719988134768
-      Virtual Size: '0x110'
-    .pdata:
-      Entropy: 3.504567295189878
-      Virtual Size: '0x9c'
-    INIT:
-      Entropy: 4.891266027306224
-      Virtual Size: '0x36e'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=US, ST=Georgia, L=Norcross, O=American Megatrends, Inc., OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=Headquarters, CN=American
-        Megatrends, Inc.
-      ValidFrom: '2010-05-07 00:00:00'
-      ValidTo: '2012-05-06 23:59:59'
-      Signature: 41aa6f714033d64479b8e3492829a9435eeaaa4d4d82b4a95192c18a07ab08afe25582abe5acaea015492a737f7bdd4591fdb50b670888a4d66dae5fc240fbd68276b8264e9f438df308568bbae1a06544acd767d960475aaf62cbce8e8feea6eafd802954e28ecf016620e7686727c6b75ddfb2818317e1e333641aae42d1cf6ec8f95bcc96a647143801547c6b3857323c08b552602724268d3c35569e83368bfed55c81cee51ac4a16db9f81fff47687ad82c20ef5fb7ea9102a43de699caa0b86c1a07b4a4b6f949c28cec24892a74461a0d3f8659f2abfc58818ba2b44393970d08bde058c694a73e335eab3a17df129668db432e2ea659f1f4774a1bdc
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1ecbf523c0f14748fe14841dbb88c365
-      Version: 3
-      TBS:
-        MD5: 64f5c20bac3ca9a20857800f4df459c1
-        SHA1: a74a6dc7bbed636d0dd81f4c568e8ba9a1b4f63c
-        SHA256: b719be4421509ea4032925e523e7045900feda002cc27f69031630da48e7c132
-        SHA384: 2ba2a3529dfbfaef4d681335a89d21e7a909249870e12e04e3257a7f76d638ffd5d1318b07525e87e61e9819610b6e64
-    Signer:
-    - SerialNumber: 1ecbf523c0f14748fe14841dbb88c365
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  Imphash: 4c304943af1b07b15a5efa80f17d9b89
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 87f85bfe34bc87a88c131a034dc171ba
-    SHA1: 169d8790ec6c0415b111411faf36c9e2626c3e98
-    SHA256: 7ccc32e11372896cc01d7780e1176ed6fedd17f846001bc3bf78699e4448105f
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2008-05-23 01:59:34'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - ZwClose
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - RtlInitUnicodeString
-  - ZwUnmapViewOfSection
-  - MmFreeContiguousMemory
-  - IoFreeMdl
-  - MmMapLockedPages
-  - MmBuildMdlForNonPagedPool
-  - MmUnmapIoSpace
-  - MmGetPhysicalAddress
-  - MmIsAddressValid
-  - MmAllocateContiguousMemory
-  - MmUnmapLockedPages
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - IoAllocateMdl
-  - MmMapIoSpace
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: b15a6de1b4a01c73a16f158c2b6b979f
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 9f334698254c92ce933257bc672850e4
-    SHA1: 2873eeac59f168bf8f1a29b5dccf7a310f9ac7f7
-    SHA256: 61ec7fee8a31996254d6d7f32e6332ccd9d36fe8b7fe0cf5a407840ef4381027
-  SHA1: a0e95166bb6f80ef56cd645717d93174e47b750a
-  SHA256: 7c942801884999057aabdc01707570371afdb077979ee2f318c05276123b78e7
-  Sections:
-    .text:
-      Entropy: 6.003768789888146
-      Virtual Size: '0x1186'
-    .rdata:
-      Entropy: 4.392959551890208
-      Virtual Size: '0x29c'
-    .data:
-      Entropy: 0.5159719988134768
-      Virtual Size: '0x110'
-    .pdata:
-      Entropy: 3.5078933972637767
-      Virtual Size: '0xd8'
-    INIT:
-      Entropy: 4.8944037123884145
-      Virtual Size: '0x36e'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=US, ST=Georgia, L=Norcross, O=American Megatrends, Inc., OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=Headquarters, CN=American
-        Megatrends, Inc.
-      ValidFrom: '2006-09-30 00:00:00'
-      ValidTo: '2009-11-16 23:59:59'
-      Signature: 7cb6b8f10c441fc01d130c6ae39a287be5cb175f02ae6c214f0034c77f262006f866180e4db8619079a50fef4fde71927b061ef79f3d0e1be1bba040afd81f202bb10892ce7a0549506158a1d15067dd7a82488cc4bd2c3f408ee928c85117ee0d080d9dc24b571b5d75e3ef1e87d3d6b755ab6f9c07ff92e3b2d515ab1219424bf288aed36595d534d91b905b80378c02bd470dd0fb8150888cd0ac3c98cd62becd7c274469167be833f226b05b822d875efa40863faa10e358edd17e3f4d1ee7d62590d1d3e26e9c953be9e1d9a309990e0bb9c06cdfaa89f7b021aaa8d933440d432eab2e7676bda57841b3e7a8933da8b1e047e9cde29ea89b62b4eb48b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 08dfd80b2826716554b1fb8cfa5043d7
-      Version: 3
-      TBS:
-        MD5: 960327b70b290ec28fa2e85cbb7a41fa
-        SHA1: a2ac59e0c82196d6661212232bd3bcf0588e40ea
-        SHA256: 8bb26b4dc7c105fd9cdd0604cedbf3647a700dc4ddadcad839d8e27312253e73
-        SHA384: 7cfe0dfecc1d1abfa204d28c446f706736b73a35cb37e4c2a40c7f3b68eef14ebfb665a6f23e3c0413cd8caf5979607e
-    Signer:
-    - SerialNumber: 08dfd80b2826716554b1fb8cfa5043d7
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  Imphash: 4c304943af1b07b15a5efa80f17d9b89
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: f7b9cfa7e07f5c516f65bbe9f7976634
-    SHA1: 40603c7230d74ff33524a11c0b09f9459e7afe91
-    SHA256: 8b4cbd2bc16071a1868597ec86857dba1140f981e3e943b0857341daffff4e69
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2012-07-23 01:53:08'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - ZwMapViewOfSection
-  - RtlInitUnicodeString
-  - ZwUnmapViewOfSection
-  - ZwClose
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - MmUnmapLockedPages
-  - MmMapLockedPages
-  - MmFreeContiguousMemory
-  - MmBuildMdlForNonPagedPool
-  - MmMapIoSpace
-  - MmGetPhysicalAddress
-  - MmIsAddressValid
-  - IoAllocateMdl
-  - MmAllocateContiguousMemory
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeBugCheckEx
-  - IoFreeMdl
-  - MmUnmapIoSpace
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: 6b53c79248a6699da703c4c3ff9d4a7e
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 4514064220e4df532f9e1c494dcf525b
-    SHA1: 2c8246e50cf577a458ea6c41dbdbce96b1cd935c
-    SHA256: cf1a7659682ded15bdb0f509de52b3e4aaa2bffb9e19b98208b8615bd9138433
-  SHA1: 61ec6cb5de378948ef036ff627c87c32f7308bad
-  SHA256: 3972159a58fd04da06f648c3828648cf394d3eb6af89538166cae8e6184c3eb6
-  Sections:
-    .text:
-      Entropy: 6.111427747435866
-      Virtual Size: '0x111e'
-    .rdata:
-      Entropy: 4.155346525091322
-      Virtual Size: '0x1fc'
-    .data:
-      Entropy: 0.5159719988134768
-      Virtual Size: '0x110'
-    .pdata:
-      Entropy: 3.5513818130711634
-      Virtual Size: '0xa8'
-    INIT:
-      Entropy: 5.084386508092528
-      Virtual Size: '0x39e'
-  Signature: ''
-  Signatures: {}
-  Imphash: 9943d029b8ce940ac6c9a8ab0737bf35
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 9e725819820804fbf377917e9e7a3333
-    SHA1: b0ec7d971da8ae84c0ed8f88a5d46b23996e636c
-    SHA256: 038f39558035292f1d794b7cf49f8e751e8633daec31454fe85cccbea83ba3fb
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2009-08-20 04:07:22'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - ZwClose
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - RtlInitUnicodeString
-  - ZwUnmapViewOfSection
-  - MmFreeContiguousMemory
-  - IoFreeMdl
-  - MmMapLockedPages
-  - MmBuildMdlForNonPagedPool
-  - MmUnmapIoSpace
-  - MmGetPhysicalAddress
-  - MmIsAddressValid
-  - MmAllocateContiguousMemory
-  - MmUnmapLockedPages
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - IoAllocateMdl
-  - MmMapIoSpace
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: 5f463e27d90035be365077d1d1ebb3d7
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 9f334698254c92ce933257bc672850e4
-    SHA1: 2873eeac59f168bf8f1a29b5dccf7a310f9ac7f7
-    SHA256: 61ec7fee8a31996254d6d7f32e6332ccd9d36fe8b7fe0cf5a407840ef4381027
-  SHA1: 7019169a8348050774aa49a0e31c3670ee867277
-  SHA256: 3482f671cb1b6414e43ab2c9bccc94c1fba67ceac6e9831249f18f31ad68880c
-  Sections:
-    .text:
-      Entropy: 5.99821129939302
-      Virtual Size: '0x1176'
-    .rdata:
-      Entropy: 4.414177314559514
-      Virtual Size: '0x264'
-    .data:
-      Entropy: 0.5159719988134768
-      Virtual Size: '0x110'
-    .pdata:
-      Entropy: 3.4895989621236247
-      Virtual Size: '0xb4'
-    INIT:
-      Entropy: 4.891266027306224
-      Virtual Size: '0x36e'
-  Signature: ''
-  Signatures: {}
-  Imphash: 4c304943af1b07b15a5efa80f17d9b89
-  LoadsDespiteHVCI: 'FALSE'
-Tags:
-- amifldrv64.sys
-- amifldrv.sys
+-   Filename: amifldrv64.sys
+    MD5: 0dff47f3b14fb1c1bad47cc517f0581a
+    SHA1: db3538f324f9e52defaba7be1ab991008e43d012
+    SHA256: 20f11a64bc4548f4edb47e3d3418da0f6d54a83158224b71662a6292bf45b5fb
+    Authentihash:
+        MD5: d63561be67c8adae1db28b0e503b3ba1
+        SHA1: 8e67628743959e8b73d82ae5b9ee7a387a51925d
+        SHA256: 6999caca67b37860abb5e6d95420d1b0d04966bc6674aac3bfde4e2394ad37fd
+    Description: ''
+    Company: ''
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    Product: ''
+    ProductVersion: ''
+    Copyright: ''
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - ZwMapViewOfSection
+    - RtlInitUnicodeString
+    - ZwUnmapViewOfSection
+    - ZwClose
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - MmUnmapLockedPages
+    - MmFreeContiguousMemory
+    - MmBuildMdlForNonPagedPool
+    - IoFreeMdl
+    - MmMapIoSpace
+    - MmMapLockedPagesSpecifyCache
+    - IoAllocateMdl
+    - MmAllocateContiguousMemory
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeBugCheckEx
+    - MmGetPhysicalAddress
+    - MmUnmapIoSpace
+    - HalTranslateBusAddress
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: ??=US, ??=Georgia, ??=Private Organization, serialNumber=J912954,
+                C=US, ST=Georgia, L=Norcross, O=American Megatrends, Inc., CN=American
+                Megatrends, Inc.
+            ValidFrom: '2017-08-30 00:00:00'
+            ValidTo: '2020-09-24 12:00:00'
+            Signature: 5a00ce1b66cc04a3be37c0926957fc54b1f2904c69a3555d90a15e3c7b7133e76583a0fe5c13c21cdddda40e6f0ba958964796abcfbb7fbe4de15a009f80e653556e29cac9d208645b8154f52f6045fa268f6e6b57536f21833f2cc92c5e9a51636cfeaa74f0b8ab80a8649d68c7c46f51a534c0697a426aa37337c7956268f4cdc8d88adbd1aa0cb620abeb7166172e914016c84e00824751b4f7142b54c56b74d578fd97aadda3e8e777ec22c34460a8dc7e0392a9adab018b16699d9ddd7551fd5c5924f3d1ccb9e6ef67ca0ab2107d1abf158add6d42ba18dee5ec35e3445627df4744d71f73ee3a199aaa42993ebaaa7f91f8b6d1b623350744853c1b38
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 0e55cdb4e7e8eeb9dd5d89fc1d7588ca
+            Version: 3
+            TBS:
+                MD5: a5de00a04f3cc5cb19818f21f9dfb050
+                SHA1: ca921c1b360b04765d8eec4edb88438ba7a28049
+                SHA256: 4c8b0e0cfde13478b5bc8b7e58a4b5f0971d324c17fa908b79816e5efa86e10c
+                SHA384: bea7d7bb51b76f219104dd211fec73f9951d47e116bdf3095b28bb02a33b675069ef5c283950f523828fd5434150c71a
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA (SHA2)
+            ValidFrom: '2012-04-18 12:00:00'
+            ValidTo: '2027-04-18 12:00:00'
+            Signature: 19334a0c813337dbad36c9e4c93abbb51b2e7aa2e2f44342179ebf4ea14de1b1dbe981dd9f01f2e488d5e9fe09fd21c1ec5d80d2f0d6c143c2fe772bdbf9d79133ce6cd5b2193be62ed6c9934f88408ecde1f57ef10fc6595672e8eb6a41bd1cd546d57c49ca663815c1bfe091707787dcc98d31c90c29a233ed8de287cd898d3f1bffd5e01a978b7cda6dfba8c6b23a666b7b01b3cdd8a634ec1201ab9558a5c45357a860e6e70212a0b92364a24dbb7c81256421becfee42184397bba53706af4dff26a54d614bec4641b865ceb8799e08960b818c8a3b8fc7998ca32a6e986d5e61c696b78ab9612d93b8eb0e0443d7f5fea6f062d4996aa5c1c1f0649480
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 03f1b4e15f3a82f1149678b3d7d8475c
+            Version: 3
+            TBS:
+                MD5: 83f5de89f641d0fbf60248e10a7b9534
+                SHA1: 382a73a059a08698d6eb98c87e1b36fc750933a4
+                SHA256: eec58131dc11cd7f512501b15fdbc6074c603b68ca91f7162d5a042054edb0cf
+                SHA384: 4a25018683cabfb8ec2cad136334f37f33c89aa8540326322991d997c8adfb7faf06ab602ebd46630fe75fe3d2edc6b1
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 0e55cdb4e7e8eeb9dd5d89fc1d7588ca
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA (SHA2)
+            Version: 1
+    RichPEHeaderHash:
+        MD5: ef56fc9d56485c17dd1c03070dd4ee5a
+        SHA1: d5eae5456214e9f56cb7e3642e4021df1e0cd05a
+        SHA256: 6021a5d2b54abfd1988a1671700cf8b01a009cd4f31242beb383303d8623c6e2
+    Sections:
+        .text:
+            Entropy: 6.247707800469627
+            Virtual Size: '0x1b9e'
+        .rdata:
+            Entropy: 4.463570504310669
+            Virtual Size: '0x25c'
+        .data:
+            Entropy: 0.39557408985753395
+            Virtual Size: '0x1c0'
+        .pdata:
+            Entropy: 3.794557073208479
+            Virtual Size: '0x108'
+        INIT:
+            Entropy: 5.112552923478557
+            Virtual Size: '0x38e'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2020-08-24 02:57:32'
+    Imphash: 4fbdc03e4487f98fb59360ea5b3e640d
+    LoadsDespiteHVCI: 'TRUE'
+-   Filename: amifldrv64.sys
+    MD5: ee57cbe6ec6a703678eaa6c59542ff57
+    SHA1: c614ab686e844c7a7d2b20bc7061ab15290e2cfd
+    SHA256: 2f60536b25ba8c9014e4a57d7a9a681bd3189fa414eea88c256d029750e15cae
+    Authentihash:
+        MD5: 05c371cbcccf828fd3c9251ba2f61442
+        SHA1: 73265b25f043d2520b81a68ad0342baaff30e7cf
+        SHA256: bee62b69023212a5a964d323f60e5858d7cbd767a39f3d5ef87cacb080b1dbf2
+    Description: ''
+    Company: ''
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    Product: ''
+    ProductVersion: ''
+    Copyright: ''
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - ZwMapViewOfSection
+    - RtlInitUnicodeString
+    - ZwUnmapViewOfSection
+    - ZwClose
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - MmUnmapLockedPages
+    - MmMapLockedPages
+    - MmFreeContiguousMemory
+    - MmBuildMdlForNonPagedPool
+    - IoFreeMdl
+    - MmGetPhysicalAddress
+    - MmMapIoSpace
+    - PsGetVersion
+    - MmIsAddressValid
+    - IoAllocateMdl
+    - MmAllocateContiguousMemory
+    - DbgPrint
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeBugCheckEx
+    - MmMapLockedPagesSpecifyCache
+    - MmUnmapIoSpace
+    - HalTranslateBusAddress
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: ??=Private Organization, ??=US, ??=Georgia, serialNumber=780491,
+                ??=5555 Oakbrook Parkway Suite 200, postalCode=30093, C=US, ST=Georgia,
+                L=Norcross, O=American Megatrends, Inc., CN=American Megatrends, Inc.
+            ValidFrom: '2014-06-24 00:00:00'
+            ValidTo: '2017-08-30 12:00:00'
+            Signature: 7cc232dd164435ef5e3342e94757a355725f119e6888ab1d3e142039b69f3fc1f6f4b4d38a11573c592b5d99daa9d0b8cc6d0cd5da37a39a9918af563cc31d551f13f361fe68e77d311e4c94e284e49f11ee9f28a723db51bd051ebaaf62d86c07cfaa2d07e16a3b6eb3cd24fcf5d8b0f2fb231072245c32c9b2f4285bef59a6eead9887a9dc6f3ddd4acaac72ea5baff2210389c32291e9e10c05bbb91d3284dcf5ffd10eaffd2db9dd99598d947143d8a079c29f1bd98a92892645758a1321e43c99639067465a3c5018c1a9a7bb1d4c1731e84dd719e7ed4818b332a6106a4d2ee4c92046ea90ab7a9331bf399ade08d0f826e7ba7a80ab07658a03f32fe6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 09f43c81c1eb27876ee1aefeaa5a0f5d
+            Version: 3
+            TBS:
+                MD5: 90e6c94c3b8f3accb81e8db8a3aa7ae4
+                SHA1: f270ef9003d6a22832346ff9072d18c93989255e
+                SHA256: 76478a3ed2305a70e603cf54250c769a6c084c9eb77e2bcbd818ba3cffbf2e12
+                SHA384: 1992987400c2d7713fbf0ba3f871076565ce70f76e524ac2fe15b3a905b29af0db9654ba0d6be5537ef48616f4b004b3
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA (SHA2)
+            ValidFrom: '2012-04-18 12:00:00'
+            ValidTo: '2027-04-18 12:00:00'
+            Signature: 19334a0c813337dbad36c9e4c93abbb51b2e7aa2e2f44342179ebf4ea14de1b1dbe981dd9f01f2e488d5e9fe09fd21c1ec5d80d2f0d6c143c2fe772bdbf9d79133ce6cd5b2193be62ed6c9934f88408ecde1f57ef10fc6595672e8eb6a41bd1cd546d57c49ca663815c1bfe091707787dcc98d31c90c29a233ed8de287cd898d3f1bffd5e01a978b7cda6dfba8c6b23a666b7b01b3cdd8a634ec1201ab9558a5c45357a860e6e70212a0b92364a24dbb7c81256421becfee42184397bba53706af4dff26a54d614bec4641b865ceb8799e08960b818c8a3b8fc7998ca32a6e986d5e61c696b78ab9612d93b8eb0e0443d7f5fea6f062d4996aa5c1c1f0649480
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 03f1b4e15f3a82f1149678b3d7d8475c
+            Version: 3
+            TBS:
+                MD5: 83f5de89f641d0fbf60248e10a7b9534
+                SHA1: 382a73a059a08698d6eb98c87e1b36fc750933a4
+                SHA256: eec58131dc11cd7f512501b15fdbc6074c603b68ca91f7162d5a042054edb0cf
+                SHA384: 4a25018683cabfb8ec2cad136334f37f33c89aa8540326322991d997c8adfb7faf06ab602ebd46630fe75fe3d2edc6b1
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 09f43c81c1eb27876ee1aefeaa5a0f5d
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA (SHA2)
+            Version: 1
+    RichPEHeaderHash:
+        MD5: c00cf23e0046a177de4bc1e505e3aab8
+        SHA1: 22294b742e5e9a98ee5cde08bfc7b38bed3b8dfc
+        SHA256: b1ad7c2951f77267f3557f4ac3008b34d24538a221eacb44df3de75b0b4e093f
+    Sections:
+        .text:
+            Entropy: 6.217959497237586
+            Virtual Size: '0x16de'
+        .rdata:
+            Entropy: 4.289274396912148
+            Virtual Size: '0x23c'
+        .data:
+            Entropy: 0.5159719988134768
+            Virtual Size: '0x110'
+        .pdata:
+            Entropy: 3.727224349251308
+            Virtual Size: '0xc0'
+        INIT:
+            Entropy: 5.080431277889913
+            Virtual Size: '0x3f2'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2017-03-15 05:47:37'
+    Imphash: 363922cc73591e60f2af113182414230
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: amifldrv64.sys
+    MD5: df5f8e118a97d1b38833fcdf7127ab29
+    SHA1: 5fece994f2409810a0ad050b3ca9b633c93919e4
+    SHA256: 36aafa127736c7226c50061ea065f71e14f64ec60321f705bc52686d24117e0d
+    Authentihash:
+        MD5: 28f8b0bdf1fc0b1d065ed3236931fab3
+        SHA1: b7b33ed598425c008e51ff90cf28b288f7250cdd
+        SHA256: a4e850e7847499e7d4c2754f8a4973fc5b4adeb728e1e142d1d35d519edf3274
+    Description: ''
+    Company: ''
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    Product: ''
+    ProductVersion: ''
+    Copyright: ''
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - ZwMapViewOfSection
+    - RtlInitUnicodeString
+    - ZwUnmapViewOfSection
+    - ZwClose
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - MmUnmapLockedPages
+    - MmFreeContiguousMemory
+    - MmBuildMdlForNonPagedPool
+    - IoFreeMdl
+    - MmMapIoSpace
+    - MmMapLockedPagesSpecifyCache
+    - IoAllocateMdl
+    - MmAllocateContiguousMemory
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeBugCheckEx
+    - MmGetPhysicalAddress
+    - MmUnmapIoSpace
+    - HalTranslateBusAddress
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: ??=US, ??=Georgia, ??=Private Organization, serialNumber=J912954,
+                C=US, ST=Georgia, L=Norcross, O=American Megatrends, Inc., CN=American
+                Megatrends, Inc.
+            ValidFrom: '2017-08-30 00:00:00'
+            ValidTo: '2020-09-24 12:00:00'
+            Signature: 5a00ce1b66cc04a3be37c0926957fc54b1f2904c69a3555d90a15e3c7b7133e76583a0fe5c13c21cdddda40e6f0ba958964796abcfbb7fbe4de15a009f80e653556e29cac9d208645b8154f52f6045fa268f6e6b57536f21833f2cc92c5e9a51636cfeaa74f0b8ab80a8649d68c7c46f51a534c0697a426aa37337c7956268f4cdc8d88adbd1aa0cb620abeb7166172e914016c84e00824751b4f7142b54c56b74d578fd97aadda3e8e777ec22c34460a8dc7e0392a9adab018b16699d9ddd7551fd5c5924f3d1ccb9e6ef67ca0ab2107d1abf158add6d42ba18dee5ec35e3445627df4744d71f73ee3a199aaa42993ebaaa7f91f8b6d1b623350744853c1b38
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 0e55cdb4e7e8eeb9dd5d89fc1d7588ca
+            Version: 3
+            TBS:
+                MD5: a5de00a04f3cc5cb19818f21f9dfb050
+                SHA1: ca921c1b360b04765d8eec4edb88438ba7a28049
+                SHA256: 4c8b0e0cfde13478b5bc8b7e58a4b5f0971d324c17fa908b79816e5efa86e10c
+                SHA384: bea7d7bb51b76f219104dd211fec73f9951d47e116bdf3095b28bb02a33b675069ef5c283950f523828fd5434150c71a
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA (SHA2)
+            ValidFrom: '2012-04-18 12:00:00'
+            ValidTo: '2027-04-18 12:00:00'
+            Signature: 19334a0c813337dbad36c9e4c93abbb51b2e7aa2e2f44342179ebf4ea14de1b1dbe981dd9f01f2e488d5e9fe09fd21c1ec5d80d2f0d6c143c2fe772bdbf9d79133ce6cd5b2193be62ed6c9934f88408ecde1f57ef10fc6595672e8eb6a41bd1cd546d57c49ca663815c1bfe091707787dcc98d31c90c29a233ed8de287cd898d3f1bffd5e01a978b7cda6dfba8c6b23a666b7b01b3cdd8a634ec1201ab9558a5c45357a860e6e70212a0b92364a24dbb7c81256421becfee42184397bba53706af4dff26a54d614bec4641b865ceb8799e08960b818c8a3b8fc7998ca32a6e986d5e61c696b78ab9612d93b8eb0e0443d7f5fea6f062d4996aa5c1c1f0649480
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 03f1b4e15f3a82f1149678b3d7d8475c
+            Version: 3
+            TBS:
+                MD5: 83f5de89f641d0fbf60248e10a7b9534
+                SHA1: 382a73a059a08698d6eb98c87e1b36fc750933a4
+                SHA256: eec58131dc11cd7f512501b15fdbc6074c603b68ca91f7162d5a042054edb0cf
+                SHA384: 4a25018683cabfb8ec2cad136334f37f33c89aa8540326322991d997c8adfb7faf06ab602ebd46630fe75fe3d2edc6b1
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 0e55cdb4e7e8eeb9dd5d89fc1d7588ca
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA (SHA2)
+            Version: 1
+    RichPEHeaderHash:
+        MD5: ef56fc9d56485c17dd1c03070dd4ee5a
+        SHA1: d5eae5456214e9f56cb7e3642e4021df1e0cd05a
+        SHA256: 6021a5d2b54abfd1988a1671700cf8b01a009cd4f31242beb383303d8623c6e2
+    Sections:
+        .text:
+            Entropy: 6.240395044842424
+            Virtual Size: '0x1bbe'
+        .rdata:
+            Entropy: 4.499576408806053
+            Virtual Size: '0x26c'
+        .data:
+            Entropy: 0.39557408985753395
+            Virtual Size: '0x1c0'
+        .pdata:
+            Entropy: 3.7866919593735844
+            Virtual Size: '0x114'
+        INIT:
+            Entropy: 5.113382470184231
+            Virtual Size: '0x38e'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2019-10-31 01:38:06'
+    Imphash: 4fbdc03e4487f98fb59360ea5b3e640d
+    LoadsDespiteHVCI: 'TRUE'
+-   Filename: amifldrv64.sys
+    MD5: 785045f8b25cd2e937ddc6b09debe01a
+    SHA1: 029c678674f482ababe8bbfdb93152392457109d
+    SHA256: 37073e42ffa0322500f90cd7e3c8d02c4cdd695d31c77e81560abec20bfb68ba
+    Authentihash:
+        MD5: 51219fe8395e9ac49d271ccf7fde2512
+        SHA1: 6aeb587edcd01289abc84316ae88959c235663fe
+        SHA256: af20c1b4eb703083979e6f4e211327495f7a0a27ace9a52bd22dd3737be7a8b1
+    Description: ''
+    Company: ''
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    Product: ''
+    ProductVersion: ''
+    Copyright: ''
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - ZwMapViewOfSection
+    - RtlInitUnicodeString
+    - ZwUnmapViewOfSection
+    - ZwClose
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - MmUnmapLockedPages
+    - MmMapLockedPages
+    - MmFreeContiguousMemory
+    - MmBuildMdlForNonPagedPool
+    - IoFreeMdl
+    - MmGetPhysicalAddress
+    - MmMapIoSpace
+    - PsGetVersion
+    - MmIsAddressValid
+    - IoAllocateMdl
+    - MmAllocateContiguousMemory
+    - DbgPrint
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeBugCheckEx
+    - MmMapLockedPagesSpecifyCache
+    - MmUnmapIoSpace
+    - HalTranslateBusAddress
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: ??=Private Organization, ??=US, ??=Georgia, serialNumber=780491,
+                ??=5555 Oakbrook Parkway Suite 200, postalCode=30093, C=US, ST=Georgia,
+                L=Norcross, O=American Megatrends, Inc., CN=American Megatrends, Inc.
+            ValidFrom: '2014-06-24 00:00:00'
+            ValidTo: '2017-08-30 12:00:00'
+            Signature: 7cc232dd164435ef5e3342e94757a355725f119e6888ab1d3e142039b69f3fc1f6f4b4d38a11573c592b5d99daa9d0b8cc6d0cd5da37a39a9918af563cc31d551f13f361fe68e77d311e4c94e284e49f11ee9f28a723db51bd051ebaaf62d86c07cfaa2d07e16a3b6eb3cd24fcf5d8b0f2fb231072245c32c9b2f4285bef59a6eead9887a9dc6f3ddd4acaac72ea5baff2210389c32291e9e10c05bbb91d3284dcf5ffd10eaffd2db9dd99598d947143d8a079c29f1bd98a92892645758a1321e43c99639067465a3c5018c1a9a7bb1d4c1731e84dd719e7ed4818b332a6106a4d2ee4c92046ea90ab7a9331bf399ade08d0f826e7ba7a80ab07658a03f32fe6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 09f43c81c1eb27876ee1aefeaa5a0f5d
+            Version: 3
+            TBS:
+                MD5: 90e6c94c3b8f3accb81e8db8a3aa7ae4
+                SHA1: f270ef9003d6a22832346ff9072d18c93989255e
+                SHA256: 76478a3ed2305a70e603cf54250c769a6c084c9eb77e2bcbd818ba3cffbf2e12
+                SHA384: 1992987400c2d7713fbf0ba3f871076565ce70f76e524ac2fe15b3a905b29af0db9654ba0d6be5537ef48616f4b004b3
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA (SHA2)
+            ValidFrom: '2012-04-18 12:00:00'
+            ValidTo: '2027-04-18 12:00:00'
+            Signature: 19334a0c813337dbad36c9e4c93abbb51b2e7aa2e2f44342179ebf4ea14de1b1dbe981dd9f01f2e488d5e9fe09fd21c1ec5d80d2f0d6c143c2fe772bdbf9d79133ce6cd5b2193be62ed6c9934f88408ecde1f57ef10fc6595672e8eb6a41bd1cd546d57c49ca663815c1bfe091707787dcc98d31c90c29a233ed8de287cd898d3f1bffd5e01a978b7cda6dfba8c6b23a666b7b01b3cdd8a634ec1201ab9558a5c45357a860e6e70212a0b92364a24dbb7c81256421becfee42184397bba53706af4dff26a54d614bec4641b865ceb8799e08960b818c8a3b8fc7998ca32a6e986d5e61c696b78ab9612d93b8eb0e0443d7f5fea6f062d4996aa5c1c1f0649480
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 03f1b4e15f3a82f1149678b3d7d8475c
+            Version: 3
+            TBS:
+                MD5: 83f5de89f641d0fbf60248e10a7b9534
+                SHA1: 382a73a059a08698d6eb98c87e1b36fc750933a4
+                SHA256: eec58131dc11cd7f512501b15fdbc6074c603b68ca91f7162d5a042054edb0cf
+                SHA384: 4a25018683cabfb8ec2cad136334f37f33c89aa8540326322991d997c8adfb7faf06ab602ebd46630fe75fe3d2edc6b1
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 09f43c81c1eb27876ee1aefeaa5a0f5d
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA (SHA2)
+            Version: 1
+    RichPEHeaderHash:
+        MD5: c00cf23e0046a177de4bc1e505e3aab8
+        SHA1: 22294b742e5e9a98ee5cde08bfc7b38bed3b8dfc
+        SHA256: b1ad7c2951f77267f3557f4ac3008b34d24538a221eacb44df3de75b0b4e093f
+    Sections:
+        .text:
+            Entropy: 6.217959497237586
+            Virtual Size: '0x16de'
+        .rdata:
+            Entropy: 4.289274396912148
+            Virtual Size: '0x23c'
+        .data:
+            Entropy: 0.5159719988134768
+            Virtual Size: '0x110'
+        .pdata:
+            Entropy: 3.727224349251308
+            Virtual Size: '0xc0'
+        INIT:
+            Entropy: 5.080431277889913
+            Virtual Size: '0x3f2'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2017-03-15 05:47:37'
+    Imphash: 363922cc73591e60f2af113182414230
+    LoadsDespiteHVCI: 'TRUE'
+-   Filename: amifldrv.sys
+    MD5: 119f0656ab4bb872f79ee5d421e2b9f9
+    SHA1: e35969966769e7760094cbcffb294d0d04a09db6
+    SHA256: 38d87b51f4b69ba2dae1477684a1415f1a3b578eee5e1126673b1beaefee9a20
+    Authentihash:
+        MD5: 973ff01a8901563e12119ca09b427e8e
+        SHA1: 9f8870ec272933ee6f4e1eda975a6d5db5f9fbde
+        SHA256: 4f35cf1f2e0fb87a2728303091ee505a0bc546cf63dcd38178adf48477ec0f91
+    Description: AMI Generic Utility Driver
+    Company: Windows (R) Win 7 DDK provider
+    InternalName: amifldrv.sys
+    OriginalFilename: amifldrv.sys
+    FileVersion: 10.0.10011.16384
+    Product: Windows (R) Win 7 DDK driver
+    ProductVersion: 10.0.10011.16384
+    Copyright: "\xA9 Microsoft Corporation. All rights reserved."
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - MmMapLockedPagesSpecifyCache
+    - MmUnmapLockedPages
+    - MmAllocateContiguousMemory
+    - MmFreeContiguousMemory
+    - IoAllocateMdl
+    - IoFreeMdl
+    - MmGetPhysicalAddress
+    - RtlInitUnicodeString
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - KeLowerIrql
+    - MmBuildMdlForNonPagedPool
+    - MmMapIoSpace
+    - MmUnmapIoSpace
+    - ObReferenceObjectByHandle
+    - ZwClose
+    - ZwOpenSection
+    - ZwMapViewOfSection
+    - ZwUnmapViewOfSection
+    - ExFreePoolWithTag
+    - MmGetSystemRoutineAddress
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - KfRaiseIrql
+    - RtlCompareMemory
+    - HalTranslateBusAddress
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: ??=US, ??=Georgia, ??=Private Organization, serialNumber=J912954,
+                C=US, ST=Georgia, L=Norcross, O=American Megatrends, Inc., CN=American
+                Megatrends, Inc.
+            ValidFrom: '2017-08-30 00:00:00'
+            ValidTo: '2020-09-24 12:00:00'
+            Signature: 5a00ce1b66cc04a3be37c0926957fc54b1f2904c69a3555d90a15e3c7b7133e76583a0fe5c13c21cdddda40e6f0ba958964796abcfbb7fbe4de15a009f80e653556e29cac9d208645b8154f52f6045fa268f6e6b57536f21833f2cc92c5e9a51636cfeaa74f0b8ab80a8649d68c7c46f51a534c0697a426aa37337c7956268f4cdc8d88adbd1aa0cb620abeb7166172e914016c84e00824751b4f7142b54c56b74d578fd97aadda3e8e777ec22c34460a8dc7e0392a9adab018b16699d9ddd7551fd5c5924f3d1ccb9e6ef67ca0ab2107d1abf158add6d42ba18dee5ec35e3445627df4744d71f73ee3a199aaa42993ebaaa7f91f8b6d1b623350744853c1b38
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 0e55cdb4e7e8eeb9dd5d89fc1d7588ca
+            Version: 3
+            TBS:
+                MD5: a5de00a04f3cc5cb19818f21f9dfb050
+                SHA1: ca921c1b360b04765d8eec4edb88438ba7a28049
+                SHA256: 4c8b0e0cfde13478b5bc8b7e58a4b5f0971d324c17fa908b79816e5efa86e10c
+                SHA384: bea7d7bb51b76f219104dd211fec73f9951d47e116bdf3095b28bb02a33b675069ef5c283950f523828fd5434150c71a
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA (SHA2)
+            ValidFrom: '2012-04-18 12:00:00'
+            ValidTo: '2027-04-18 12:00:00'
+            Signature: 19334a0c813337dbad36c9e4c93abbb51b2e7aa2e2f44342179ebf4ea14de1b1dbe981dd9f01f2e488d5e9fe09fd21c1ec5d80d2f0d6c143c2fe772bdbf9d79133ce6cd5b2193be62ed6c9934f88408ecde1f57ef10fc6595672e8eb6a41bd1cd546d57c49ca663815c1bfe091707787dcc98d31c90c29a233ed8de287cd898d3f1bffd5e01a978b7cda6dfba8c6b23a666b7b01b3cdd8a634ec1201ab9558a5c45357a860e6e70212a0b92364a24dbb7c81256421becfee42184397bba53706af4dff26a54d614bec4641b865ceb8799e08960b818c8a3b8fc7998ca32a6e986d5e61c696b78ab9612d93b8eb0e0443d7f5fea6f062d4996aa5c1c1f0649480
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 03f1b4e15f3a82f1149678b3d7d8475c
+            Version: 3
+            TBS:
+                MD5: 83f5de89f641d0fbf60248e10a7b9534
+                SHA1: 382a73a059a08698d6eb98c87e1b36fc750933a4
+                SHA256: eec58131dc11cd7f512501b15fdbc6074c603b68ca91f7162d5a042054edb0cf
+                SHA384: 4a25018683cabfb8ec2cad136334f37f33c89aa8540326322991d997c8adfb7faf06ab602ebd46630fe75fe3d2edc6b1
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 0e55cdb4e7e8eeb9dd5d89fc1d7588ca
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA (SHA2)
+            Version: 1
+    RichPEHeaderHash:
+        MD5: a1566c4c51fba223b42bcf16e9028638
+        SHA1: 7a6706209527ceae68d7f0e18983472dd6163177
+        SHA256: 42f78a461ed14e570a478480556a7a5080f89599e4cbc71653939ef634ec9131
+    Sections:
+        .text:
+            Entropy: 6.356712625314794
+            Virtual Size: '0x216e'
+        .rdata:
+            Entropy: 4.128210970466196
+            Virtual Size: '0x6e4'
+        .data:
+            Entropy: 0.6627058304164626
+            Virtual Size: '0x1fc'
+        .pdata:
+            Entropy: 3.94471136074808
+            Virtual Size: '0x1bc'
+        PAGE:
+            Entropy: 5.761547010517613
+            Virtual Size: '0x175'
+        INIT:
+            Entropy: 5.141802934652441
+            Virtual Size: '0x438'
+        .rsrc:
+            Entropy: 3.585664604917059
+            Virtual Size: '0x470'
+        .reloc:
+            Entropy: 2.6981203125901447
+            Virtual Size: '0x18'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2020-07-28 02:31:47'
+    Imphash: f9141c3df8f7ec7b3f2d46265a3b5528
+    LoadsDespiteHVCI: 'TRUE'
+-   Filename: amifldrv64.sys
+    MD5: 530feb1e37831302f58b7c219be6b844
+    SHA1: 1e09f3dd6ba9386fa9126f0116e49c2371401e01
+    SHA256: 3cb75429944e60f6c820c7638adbf688883ad44951bca3f8912428afe72bc134
+    Authentihash:
+        MD5: aefe7422cfe20a6f576092d04a592311
+        SHA1: 943a16dde2e44f7bae629f62cf937cceb10ec1b4
+        SHA256: 7e8e7bc080b4c32ce703b3e8b3cc7e13fa9ef2422dc6f370a2c2b82496564aae
+    Description: ''
+    Company: ''
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    Product: ''
+    ProductVersion: ''
+    Copyright: ''
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - KeLowerIrql
+    - KfRaiseIrql
+    - ZwClose
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - RtlInitUnicodeString
+    - ZwUnmapViewOfSection
+    - MmFreeContiguousMemory
+    - IoFreeMdl
+    - MmMapLockedPages
+    - MmBuildMdlForNonPagedPool
+    - MmUnmapIoSpace
+    - MmGetPhysicalAddress
+    - MmIsAddressValid
+    - MmAllocateContiguousMemory
+    - MmUnmapLockedPages
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - RtlMoveMemory
+    - IofCompleteRequest
+    - RtlZeroMemory
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - IoAllocateMdl
+    - MmMapIoSpace
+    - HalTranslateBusAddress
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=US, ST=Georgia, L=Norcross, O=American Megatrends, Inc., OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, OU=Headquarters, CN=American
+                Megatrends, Inc.
+            ValidFrom: '2006-09-30 00:00:00'
+            ValidTo: '2009-11-16 23:59:59'
+            Signature: 7cb6b8f10c441fc01d130c6ae39a287be5cb175f02ae6c214f0034c77f262006f866180e4db8619079a50fef4fde71927b061ef79f3d0e1be1bba040afd81f202bb10892ce7a0549506158a1d15067dd7a82488cc4bd2c3f408ee928c85117ee0d080d9dc24b571b5d75e3ef1e87d3d6b755ab6f9c07ff92e3b2d515ab1219424bf288aed36595d534d91b905b80378c02bd470dd0fb8150888cd0ac3c98cd62becd7c274469167be833f226b05b822d875efa40863faa10e358edd17e3f4d1ee7d62590d1d3e26e9c953be9e1d9a309990e0bb9c06cdfaa89f7b021aaa8d933440d432eab2e7676bda57841b3e7a8933da8b1e047e9cde29ea89b62b4eb48b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 08dfd80b2826716554b1fb8cfa5043d7
+            Version: 3
+            TBS:
+                MD5: 960327b70b290ec28fa2e85cbb7a41fa
+                SHA1: a2ac59e0c82196d6661212232bd3bcf0588e40ea
+                SHA256: 8bb26b4dc7c105fd9cdd0604cedbf3647a700dc4ddadcad839d8e27312253e73
+                SHA384: 7cfe0dfecc1d1abfa204d28c446f706736b73a35cb37e4c2a40c7f3b68eef14ebfb665a6f23e3c0413cd8caf5979607e
+        Signer:
+        -   SerialNumber: 08dfd80b2826716554b1fb8cfa5043d7
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: aed85172bab3a87661d275310bb49448
+        SHA1: 5d0d32316a3cf8853dd1aaacdd7a61b0e44153a4
+        SHA256: 57efd778c9cb9f19af7c15791ec042aa8649a34f79f40555ce7bbd908179dae8
+    Sections:
+        .text:
+            Entropy: 5.916679164125288
+            Virtual Size: '0xd46'
+        .rdata:
+            Entropy: 4.163766107235004
+            Virtual Size: '0x20c'
+        .pdata:
+            Entropy: 3.359622069995356
+            Virtual Size: '0x9c'
+        INIT:
+            Entropy: 4.645780413972533
+            Virtual Size: '0x362'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2009-10-07 10:50:32'
+    Imphash: 4199ed50502e00f57d9b66e9305450f5
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: amifldrv64.sys
+    MD5: c098f8aeb67eeb2262dbf681690a9306
+    SHA1: 7e8efd93a1dad02385ec56c8f3b1cfd23aa47977
+    SHA256: 5f487829527802983d5c120e3b99f3cf89333ca14f5e49ac32df0798cfb1f7aa
+    Authentihash:
+        MD5: f2a4fd2aae63ffe766a7a8d2d775a59e
+        SHA1: 52008f007e84756ba84dacb7cbb465e592dfe260
+        SHA256: d259e9b1d04b5fa966094f15f8edbaeba5da2a14bf34bf0a5490a0e308c025d7
+    Description: ''
+    Company: ''
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    Product: ''
+    ProductVersion: ''
+    Copyright: ''
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - ZwClose
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - RtlInitUnicodeString
+    - ZwUnmapViewOfSection
+    - MmFreeContiguousMemory
+    - IoFreeMdl
+    - MmMapLockedPages
+    - MmBuildMdlForNonPagedPool
+    - MmUnmapIoSpace
+    - MmGetPhysicalAddress
+    - MmIsAddressValid
+    - MmAllocateContiguousMemory
+    - MmUnmapLockedPages
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - IoAllocateMdl
+    - MmMapIoSpace
+    - HalTranslateBusAddress
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=US, ST=Georgia, L=Norcross, O=American Megatrends, Inc., OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, OU=Headquarters, CN=American
+                Megatrends, Inc.
+            ValidFrom: '2010-05-07 00:00:00'
+            ValidTo: '2012-05-06 23:59:59'
+            Signature: 41aa6f714033d64479b8e3492829a9435eeaaa4d4d82b4a95192c18a07ab08afe25582abe5acaea015492a737f7bdd4591fdb50b670888a4d66dae5fc240fbd68276b8264e9f438df308568bbae1a06544acd767d960475aaf62cbce8e8feea6eafd802954e28ecf016620e7686727c6b75ddfb2818317e1e333641aae42d1cf6ec8f95bcc96a647143801547c6b3857323c08b552602724268d3c35569e83368bfed55c81cee51ac4a16db9f81fff47687ad82c20ef5fb7ea9102a43de699caa0b86c1a07b4a4b6f949c28cec24892a74461a0d3f8659f2abfc58818ba2b44393970d08bde058c694a73e335eab3a17df129668db432e2ea659f1f4774a1bdc
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1ecbf523c0f14748fe14841dbb88c365
+            Version: 3
+            TBS:
+                MD5: 64f5c20bac3ca9a20857800f4df459c1
+                SHA1: a74a6dc7bbed636d0dd81f4c568e8ba9a1b4f63c
+                SHA256: b719be4421509ea4032925e523e7045900feda002cc27f69031630da48e7c132
+                SHA384: 2ba2a3529dfbfaef4d681335a89d21e7a909249870e12e04e3257a7f76d638ffd5d1318b07525e87e61e9819610b6e64
+        Signer:
+        -   SerialNumber: 1ecbf523c0f14748fe14841dbb88c365
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 1f44b746a7f3063e2a8fdd3d0d19b55e
+        SHA1: 93c45eb6cc3a19b2a3c714b15e9eaa6460232124
+        SHA256: 07ede27cc723134153668c011d01210e82f50b6d45471edbc77aba4a5c9c5413
+    Sections:
+        .text:
+            Entropy: 6.012507478420489
+            Virtual Size: '0x1226'
+        .rdata:
+            Entropy: 4.443008293370459
+            Virtual Size: '0x244'
+        .data:
+            Entropy: 0.5159719988134768
+            Virtual Size: '0x110'
+        .pdata:
+            Entropy: 3.504567295189878
+            Virtual Size: '0x9c'
+        INIT:
+            Entropy: 4.891266027306224
+            Virtual Size: '0x36e'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2011-09-13 00:30:53'
+    Imphash: 4c304943af1b07b15a5efa80f17d9b89
+    LoadsDespiteHVCI: 'TRUE'
+-   Filename: amifldrv64.sys
+    MD5: f22740ba54a400fd2be7690bb204aa08
+    SHA1: 5812387783d61c6ab5702213bb968590a18065e3
+    SHA256: 65c26276cadda7a36f8977d1d01120edb5c3418be2317d501761092d5f9916c9
+    Authentihash:
+        MD5: 4bb9654a5a20bc189b000d4a2fba5856
+        SHA1: 444ce1608768884d1e9742f80ccf4f53e0aa709d
+        SHA256: d052299252f0f0bd70b5e7c46b9ca71a99a052b47f693582becb6f0d567e8245
+    Description: ''
+    Company: ''
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    Product: ''
+    ProductVersion: ''
+    Copyright: ''
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - ZwMapViewOfSection
+    - RtlInitUnicodeString
+    - ZwUnmapViewOfSection
+    - ZwClose
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - MmUnmapLockedPages
+    - MmFreeContiguousMemory
+    - MmBuildMdlForNonPagedPool
+    - IoFreeMdl
+    - MmGetPhysicalAddress
+    - MmMapIoSpace
+    - PsGetVersion
+    - IoAllocateMdl
+    - MmAllocateContiguousMemory
+    - DbgPrint
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeBugCheckEx
+    - MmMapLockedPagesSpecifyCache
+    - MmUnmapIoSpace
+    - HalTranslateBusAddress
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: ??=US, ??=Georgia, ??=Private Organization, serialNumber=J912954,
+                C=US, ST=Georgia, L=Norcross, O=American Megatrends, Inc., CN=American
+                Megatrends, Inc.
+            ValidFrom: '2017-08-30 00:00:00'
+            ValidTo: '2020-09-24 12:00:00'
+            Signature: 5a00ce1b66cc04a3be37c0926957fc54b1f2904c69a3555d90a15e3c7b7133e76583a0fe5c13c21cdddda40e6f0ba958964796abcfbb7fbe4de15a009f80e653556e29cac9d208645b8154f52f6045fa268f6e6b57536f21833f2cc92c5e9a51636cfeaa74f0b8ab80a8649d68c7c46f51a534c0697a426aa37337c7956268f4cdc8d88adbd1aa0cb620abeb7166172e914016c84e00824751b4f7142b54c56b74d578fd97aadda3e8e777ec22c34460a8dc7e0392a9adab018b16699d9ddd7551fd5c5924f3d1ccb9e6ef67ca0ab2107d1abf158add6d42ba18dee5ec35e3445627df4744d71f73ee3a199aaa42993ebaaa7f91f8b6d1b623350744853c1b38
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 0e55cdb4e7e8eeb9dd5d89fc1d7588ca
+            Version: 3
+            TBS:
+                MD5: a5de00a04f3cc5cb19818f21f9dfb050
+                SHA1: ca921c1b360b04765d8eec4edb88438ba7a28049
+                SHA256: 4c8b0e0cfde13478b5bc8b7e58a4b5f0971d324c17fa908b79816e5efa86e10c
+                SHA384: bea7d7bb51b76f219104dd211fec73f9951d47e116bdf3095b28bb02a33b675069ef5c283950f523828fd5434150c71a
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA (SHA2)
+            ValidFrom: '2012-04-18 12:00:00'
+            ValidTo: '2027-04-18 12:00:00'
+            Signature: 19334a0c813337dbad36c9e4c93abbb51b2e7aa2e2f44342179ebf4ea14de1b1dbe981dd9f01f2e488d5e9fe09fd21c1ec5d80d2f0d6c143c2fe772bdbf9d79133ce6cd5b2193be62ed6c9934f88408ecde1f57ef10fc6595672e8eb6a41bd1cd546d57c49ca663815c1bfe091707787dcc98d31c90c29a233ed8de287cd898d3f1bffd5e01a978b7cda6dfba8c6b23a666b7b01b3cdd8a634ec1201ab9558a5c45357a860e6e70212a0b92364a24dbb7c81256421becfee42184397bba53706af4dff26a54d614bec4641b865ceb8799e08960b818c8a3b8fc7998ca32a6e986d5e61c696b78ab9612d93b8eb0e0443d7f5fea6f062d4996aa5c1c1f0649480
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 03f1b4e15f3a82f1149678b3d7d8475c
+            Version: 3
+            TBS:
+                MD5: 83f5de89f641d0fbf60248e10a7b9534
+                SHA1: 382a73a059a08698d6eb98c87e1b36fc750933a4
+                SHA256: eec58131dc11cd7f512501b15fdbc6074c603b68ca91f7162d5a042054edb0cf
+                SHA384: 4a25018683cabfb8ec2cad136334f37f33c89aa8540326322991d997c8adfb7faf06ab602ebd46630fe75fe3d2edc6b1
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 0e55cdb4e7e8eeb9dd5d89fc1d7588ca
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA (SHA2)
+            Version: 1
+    RichPEHeaderHash:
+        MD5: b38df74a16ccc2b566119146a7a1b9f4
+        SHA1: c1ab4797ed704c0b6f8b55c51806756e0ac383b2
+        SHA256: b6e3bfceb30922134310682e6739ee977179beb280fb658c861dbdb674d0b9b3
+    Sections:
+        .text:
+            Entropy: 6.255870039704506
+            Virtual Size: '0x1d3e'
+        .rdata:
+            Entropy: 4.372538706454062
+            Virtual Size: '0x26c'
+        .data:
+            Entropy: 0.4411373632813633
+            Virtual Size: '0x18a'
+        .pdata:
+            Entropy: 3.850446798595462
+            Virtual Size: '0x108'
+        INIT:
+            Entropy: 5.080449314433511
+            Virtual Size: '0x3ba'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2019-07-23 02:00:28'
+    Imphash: b05ee5c816a30bc52378c759486af0b9
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: amifldrv64.sys
+    MD5: 24156523b923fd9dcfdd0ac684dcdb20
+    SHA1: ff9048c451644c9c5ff2ba1408b194a0970b49e6
+    SHA256: 6c64688444d3e004da77dcfb769d064bb38afceeef7ff915dfc71e60e19ff18a
+    Authentihash:
+        MD5: 229a8958720d362fab81a2b527e717a2
+        SHA1: 2cea31932e00c69e6f1bb0b0bf6b16b8c72dc3f6
+        SHA256: aef3985caa213c9e5e0a0d5e75a9a7918a92c08690b5a04a6b14d6372c2dd71c
+    Description: ''
+    Company: ''
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    Product: ''
+    ProductVersion: ''
+    Copyright: ''
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - ZwMapViewOfSection
+    - RtlInitUnicodeString
+    - ZwUnmapViewOfSection
+    - ZwClose
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - MmUnmapLockedPages
+    - MmMapLockedPages
+    - MmFreeContiguousMemory
+    - MmBuildMdlForNonPagedPool
+    - IoFreeMdl
+    - MmMapIoSpace
+    - MmMapLockedPagesSpecifyCache
+    - PsGetVersion
+    - MmIsAddressValid
+    - IoAllocateMdl
+    - MmAllocateContiguousMemory
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeBugCheckEx
+    - MmGetPhysicalAddress
+    - MmUnmapIoSpace
+    - HalTranslateBusAddress
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: ??=Private Organization, ??=US, ??=Georgia, serialNumber=780491,
+                ??=5555 Oakbrook Parkway Suite 200, postalCode=30093, C=US, ST=Georgia,
+                L=Norcross, O=American Megatrends, Inc., CN=American Megatrends, Inc.
+            ValidFrom: '2014-06-24 00:00:00'
+            ValidTo: '2017-08-30 12:00:00'
+            Signature: 7cc232dd164435ef5e3342e94757a355725f119e6888ab1d3e142039b69f3fc1f6f4b4d38a11573c592b5d99daa9d0b8cc6d0cd5da37a39a9918af563cc31d551f13f361fe68e77d311e4c94e284e49f11ee9f28a723db51bd051ebaaf62d86c07cfaa2d07e16a3b6eb3cd24fcf5d8b0f2fb231072245c32c9b2f4285bef59a6eead9887a9dc6f3ddd4acaac72ea5baff2210389c32291e9e10c05bbb91d3284dcf5ffd10eaffd2db9dd99598d947143d8a079c29f1bd98a92892645758a1321e43c99639067465a3c5018c1a9a7bb1d4c1731e84dd719e7ed4818b332a6106a4d2ee4c92046ea90ab7a9331bf399ade08d0f826e7ba7a80ab07658a03f32fe6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 09f43c81c1eb27876ee1aefeaa5a0f5d
+            Version: 3
+            TBS:
+                MD5: 90e6c94c3b8f3accb81e8db8a3aa7ae4
+                SHA1: f270ef9003d6a22832346ff9072d18c93989255e
+                SHA256: 76478a3ed2305a70e603cf54250c769a6c084c9eb77e2bcbd818ba3cffbf2e12
+                SHA384: 1992987400c2d7713fbf0ba3f871076565ce70f76e524ac2fe15b3a905b29af0db9654ba0d6be5537ef48616f4b004b3
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA (SHA2)
+            ValidFrom: '2012-04-18 12:00:00'
+            ValidTo: '2027-04-18 12:00:00'
+            Signature: 19334a0c813337dbad36c9e4c93abbb51b2e7aa2e2f44342179ebf4ea14de1b1dbe981dd9f01f2e488d5e9fe09fd21c1ec5d80d2f0d6c143c2fe772bdbf9d79133ce6cd5b2193be62ed6c9934f88408ecde1f57ef10fc6595672e8eb6a41bd1cd546d57c49ca663815c1bfe091707787dcc98d31c90c29a233ed8de287cd898d3f1bffd5e01a978b7cda6dfba8c6b23a666b7b01b3cdd8a634ec1201ab9558a5c45357a860e6e70212a0b92364a24dbb7c81256421becfee42184397bba53706af4dff26a54d614bec4641b865ceb8799e08960b818c8a3b8fc7998ca32a6e986d5e61c696b78ab9612d93b8eb0e0443d7f5fea6f062d4996aa5c1c1f0649480
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 03f1b4e15f3a82f1149678b3d7d8475c
+            Version: 3
+            TBS:
+                MD5: 83f5de89f641d0fbf60248e10a7b9534
+                SHA1: 382a73a059a08698d6eb98c87e1b36fc750933a4
+                SHA256: eec58131dc11cd7f512501b15fdbc6074c603b68ca91f7162d5a042054edb0cf
+                SHA384: 4a25018683cabfb8ec2cad136334f37f33c89aa8540326322991d997c8adfb7faf06ab602ebd46630fe75fe3d2edc6b1
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 09f43c81c1eb27876ee1aefeaa5a0f5d
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA (SHA2)
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 0a2c5c1cab851d3fbeb5eb9efe5739a2
+        SHA1: fabf3aa82ebd5686a6b1e3a67df82231d0fb72f6
+        SHA256: fe8505e06a8a700a1b7aa52c3925391a7e0cfd96a5d1d2f98aef6d12d88046b3
+    Sections:
+        .text:
+            Entropy: 6.137353400999014
+            Virtual Size: '0x117e'
+        .rdata:
+            Entropy: 4.292537325528917
+            Virtual Size: '0x21c'
+        .data:
+            Entropy: 0.5159719988134768
+            Virtual Size: '0x110'
+        .pdata:
+            Entropy: 3.6075048245466346
+            Virtual Size: '0xa8'
+        INIT:
+            Entropy: 5.097766085646503
+            Virtual Size: '0x3de'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2017-01-03 20:29:59'
+    Imphash: bd607d71fdc1444aa96dc431591c5c44
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: amifldrv64.sys
+    MD5: 7331720a5522d5cd972623326cf87a3f
+    SHA1: 456a1acacaa02664517c2f2fb854216e8e967f9d
+    SHA256: b95b2d9b29bd25659f1c7ba5a187f8d23cde01162d9b5b1a2c4aea8f64b38441
+    Authentihash:
+        MD5: d5816277859ccb21e901e3ce39f6e929
+        SHA1: d240db93654ce2685d3b903db809edcc82322dfc
+        SHA256: 05e2d2f2b58da5391598d30d7f5f33ae38cfeb0d9b9ae19b4312de39c678f301
+    Description: ''
+    Company: ''
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    Product: ''
+    ProductVersion: ''
+    Copyright: ''
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - ZwClose
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - RtlInitUnicodeString
+    - ZwUnmapViewOfSection
+    - MmFreeContiguousMemory
+    - IoFreeMdl
+    - MmMapLockedPages
+    - MmBuildMdlForNonPagedPool
+    - MmUnmapIoSpace
+    - MmGetPhysicalAddress
+    - MmIsAddressValid
+    - MmAllocateContiguousMemory
+    - MmUnmapLockedPages
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - IoAllocateMdl
+    - MmMapIoSpace
+    - HalTranslateBusAddress
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=US, ST=Georgia, L=Norcross, O=American Megatrends, Inc., OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, OU=Headquarters, CN=American
+                Megatrends, Inc.
+            ValidFrom: '2006-09-30 00:00:00'
+            ValidTo: '2009-11-16 23:59:59'
+            Signature: 7cb6b8f10c441fc01d130c6ae39a287be5cb175f02ae6c214f0034c77f262006f866180e4db8619079a50fef4fde71927b061ef79f3d0e1be1bba040afd81f202bb10892ce7a0549506158a1d15067dd7a82488cc4bd2c3f408ee928c85117ee0d080d9dc24b571b5d75e3ef1e87d3d6b755ab6f9c07ff92e3b2d515ab1219424bf288aed36595d534d91b905b80378c02bd470dd0fb8150888cd0ac3c98cd62becd7c274469167be833f226b05b822d875efa40863faa10e358edd17e3f4d1ee7d62590d1d3e26e9c953be9e1d9a309990e0bb9c06cdfaa89f7b021aaa8d933440d432eab2e7676bda57841b3e7a8933da8b1e047e9cde29ea89b62b4eb48b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 08dfd80b2826716554b1fb8cfa5043d7
+            Version: 3
+            TBS:
+                MD5: 960327b70b290ec28fa2e85cbb7a41fa
+                SHA1: a2ac59e0c82196d6661212232bd3bcf0588e40ea
+                SHA256: 8bb26b4dc7c105fd9cdd0604cedbf3647a700dc4ddadcad839d8e27312253e73
+                SHA384: 7cfe0dfecc1d1abfa204d28c446f706736b73a35cb37e4c2a40c7f3b68eef14ebfb665a6f23e3c0413cd8caf5979607e
+        Signer:
+        -   SerialNumber: 08dfd80b2826716554b1fb8cfa5043d7
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 9f334698254c92ce933257bc672850e4
+        SHA1: 2873eeac59f168bf8f1a29b5dccf7a310f9ac7f7
+        SHA256: 61ec7fee8a31996254d6d7f32e6332ccd9d36fe8b7fe0cf5a407840ef4381027
+    Sections:
+        .text:
+            Entropy: 6.002893997944836
+            Virtual Size: '0x1166'
+        .rdata:
+            Entropy: 4.405240287195404
+            Virtual Size: '0x264'
+        .data:
+            Entropy: 0.5159719988134768
+            Virtual Size: '0x110'
+        .pdata:
+            Entropy: 3.524185420396862
+            Virtual Size: '0xb4'
+        INIT:
+            Entropy: 4.8944037123884145
+            Virtual Size: '0x36e'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2009-02-09 20:39:06'
+    Imphash: 4c304943af1b07b15a5efa80f17d9b89
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: amifldrv64.sys
+    MD5: 2971d4ee95f640d2818e38d8877c8984
+    SHA1: 28fa0e9429af24197134306b6c7189263e939136
+    SHA256: bc7ebd191e0991fd0865a5c956a92e63792a0bb2ff888af43f7a63bb65a22248
+    Authentihash:
+        MD5: fac2590714168b1e586ff99a1f2322de
+        SHA1: 2d6cd59a2df6883bfec777ddfe7d10c50555e2cb
+        SHA256: 846cc7c9bf2eab3400e66481568a010fb0dfbac01416a99258a4baabf1e10d35
+    Description: ''
+    Company: ''
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    Product: ''
+    ProductVersion: ''
+    Copyright: ''
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - ZwClose
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - RtlInitUnicodeString
+    - ZwUnmapViewOfSection
+    - MmFreeContiguousMemory
+    - IoFreeMdl
+    - MmMapLockedPages
+    - MmBuildMdlForNonPagedPool
+    - MmUnmapIoSpace
+    - MmGetPhysicalAddress
+    - MmIsAddressValid
+    - MmAllocateContiguousMemory
+    - MmUnmapLockedPages
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - IoAllocateMdl
+    - MmMapIoSpace
+    - HalTranslateBusAddress
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=US, ST=Georgia, L=Norcross, O=American Megatrends, Inc., OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, OU=Headquarters, CN=American
+                Megatrends, Inc.
+            ValidFrom: '2010-05-07 00:00:00'
+            ValidTo: '2012-05-06 23:59:59'
+            Signature: 41aa6f714033d64479b8e3492829a9435eeaaa4d4d82b4a95192c18a07ab08afe25582abe5acaea015492a737f7bdd4591fdb50b670888a4d66dae5fc240fbd68276b8264e9f438df308568bbae1a06544acd767d960475aaf62cbce8e8feea6eafd802954e28ecf016620e7686727c6b75ddfb2818317e1e333641aae42d1cf6ec8f95bcc96a647143801547c6b3857323c08b552602724268d3c35569e83368bfed55c81cee51ac4a16db9f81fff47687ad82c20ef5fb7ea9102a43de699caa0b86c1a07b4a4b6f949c28cec24892a74461a0d3f8659f2abfc58818ba2b44393970d08bde058c694a73e335eab3a17df129668db432e2ea659f1f4774a1bdc
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1ecbf523c0f14748fe14841dbb88c365
+            Version: 3
+            TBS:
+                MD5: 64f5c20bac3ca9a20857800f4df459c1
+                SHA1: a74a6dc7bbed636d0dd81f4c568e8ba9a1b4f63c
+                SHA256: b719be4421509ea4032925e523e7045900feda002cc27f69031630da48e7c132
+                SHA384: 2ba2a3529dfbfaef4d681335a89d21e7a909249870e12e04e3257a7f76d638ffd5d1318b07525e87e61e9819610b6e64
+        Signer:
+        -   SerialNumber: 1ecbf523c0f14748fe14841dbb88c365
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 1f44b746a7f3063e2a8fdd3d0d19b55e
+        SHA1: 93c45eb6cc3a19b2a3c714b15e9eaa6460232124
+        SHA256: 07ede27cc723134153668c011d01210e82f50b6d45471edbc77aba4a5c9c5413
+    Sections:
+        .text:
+            Entropy: 6.014310825644326
+            Virtual Size: '0x1256'
+        .rdata:
+            Entropy: 4.559308378075733
+            Virtual Size: '0x264'
+        .data:
+            Entropy: 0.5159719988134768
+            Virtual Size: '0x110'
+        .pdata:
+            Entropy: 3.463098667301449
+            Virtual Size: '0x9c'
+        INIT:
+            Entropy: 4.8944037123884145
+            Virtual Size: '0x36e'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2011-06-21 20:54:13'
+    Imphash: 4c304943af1b07b15a5efa80f17d9b89
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: amifldrv64.sys
+    MD5: 2503c4cf31588f0b011eb992ca3ee7ff
+    SHA1: e700fcfae0582275dbaee740f4f44b081703d20d
+    SHA256: c2fcc0fec64d5647813b84b9049d430406c4c6a7b9f8b725da21bcae2ff12247
+    Authentihash:
+        MD5: b1ea291940f1ae17794e05b8275fd130
+        SHA1: dc0d3d244d27b85e10135fff8d34a76c17022ee1
+        SHA256: 96cb847fab0befab75a6f39080dd444d022d4bec73017c9d7187fe6282a0faa1
+    Description: ''
+    Company: ''
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    Product: ''
+    ProductVersion: ''
+    Copyright: ''
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - ZwMapViewOfSection
+    - RtlInitUnicodeString
+    - ZwUnmapViewOfSection
+    - ZwClose
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - MmUnmapLockedPages
+    - MmFreeContiguousMemory
+    - MmBuildMdlForNonPagedPool
+    - IoFreeMdl
+    - MmGetPhysicalAddress
+    - MmMapIoSpace
+    - PsGetVersion
+    - IoAllocateMdl
+    - MmAllocateContiguousMemory
+    - DbgPrint
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeBugCheckEx
+    - MmMapLockedPagesSpecifyCache
+    - MmUnmapIoSpace
+    - HalTranslateBusAddress
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: ??=US, ??=Georgia, ??=Private Organization, serialNumber=J912954,
+                C=US, ST=Georgia, L=Norcross, O=American Megatrends, Inc., CN=American
+                Megatrends, Inc.
+            ValidFrom: '2017-08-30 00:00:00'
+            ValidTo: '2020-09-24 12:00:00'
+            Signature: 5a00ce1b66cc04a3be37c0926957fc54b1f2904c69a3555d90a15e3c7b7133e76583a0fe5c13c21cdddda40e6f0ba958964796abcfbb7fbe4de15a009f80e653556e29cac9d208645b8154f52f6045fa268f6e6b57536f21833f2cc92c5e9a51636cfeaa74f0b8ab80a8649d68c7c46f51a534c0697a426aa37337c7956268f4cdc8d88adbd1aa0cb620abeb7166172e914016c84e00824751b4f7142b54c56b74d578fd97aadda3e8e777ec22c34460a8dc7e0392a9adab018b16699d9ddd7551fd5c5924f3d1ccb9e6ef67ca0ab2107d1abf158add6d42ba18dee5ec35e3445627df4744d71f73ee3a199aaa42993ebaaa7f91f8b6d1b623350744853c1b38
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 0e55cdb4e7e8eeb9dd5d89fc1d7588ca
+            Version: 3
+            TBS:
+                MD5: a5de00a04f3cc5cb19818f21f9dfb050
+                SHA1: ca921c1b360b04765d8eec4edb88438ba7a28049
+                SHA256: 4c8b0e0cfde13478b5bc8b7e58a4b5f0971d324c17fa908b79816e5efa86e10c
+                SHA384: bea7d7bb51b76f219104dd211fec73f9951d47e116bdf3095b28bb02a33b675069ef5c283950f523828fd5434150c71a
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA (SHA2)
+            ValidFrom: '2012-04-18 12:00:00'
+            ValidTo: '2027-04-18 12:00:00'
+            Signature: 19334a0c813337dbad36c9e4c93abbb51b2e7aa2e2f44342179ebf4ea14de1b1dbe981dd9f01f2e488d5e9fe09fd21c1ec5d80d2f0d6c143c2fe772bdbf9d79133ce6cd5b2193be62ed6c9934f88408ecde1f57ef10fc6595672e8eb6a41bd1cd546d57c49ca663815c1bfe091707787dcc98d31c90c29a233ed8de287cd898d3f1bffd5e01a978b7cda6dfba8c6b23a666b7b01b3cdd8a634ec1201ab9558a5c45357a860e6e70212a0b92364a24dbb7c81256421becfee42184397bba53706af4dff26a54d614bec4641b865ceb8799e08960b818c8a3b8fc7998ca32a6e986d5e61c696b78ab9612d93b8eb0e0443d7f5fea6f062d4996aa5c1c1f0649480
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 03f1b4e15f3a82f1149678b3d7d8475c
+            Version: 3
+            TBS:
+                MD5: 83f5de89f641d0fbf60248e10a7b9534
+                SHA1: 382a73a059a08698d6eb98c87e1b36fc750933a4
+                SHA256: eec58131dc11cd7f512501b15fdbc6074c603b68ca91f7162d5a042054edb0cf
+                SHA384: 4a25018683cabfb8ec2cad136334f37f33c89aa8540326322991d997c8adfb7faf06ab602ebd46630fe75fe3d2edc6b1
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 0e55cdb4e7e8eeb9dd5d89fc1d7588ca
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA (SHA2)
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 37fafb0be0a03b0bd26c56c3bcf4fd8c
+        SHA1: fdc0adcad88124f803c820304ea91cb3e21a43ba
+        SHA256: 2059d94bbcf46705cbe2d88968197f1af1e4286afcf7ecc184d1521e10d1d5a3
+    Sections:
+        .text:
+            Entropy: 6.222025814777585
+            Virtual Size: '0x183e'
+        .rdata:
+            Entropy: 4.316666644738919
+            Virtual Size: '0x22c'
+        .data:
+            Entropy: 0.5159719988134768
+            Virtual Size: '0x110'
+        .pdata:
+            Entropy: 3.6993554490759406
+            Virtual Size: '0xc0'
+        INIT:
+            Entropy: 5.0855381540270885
+            Virtual Size: '0x3ba'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2018-11-04 23:20:44'
+    Imphash: b05ee5c816a30bc52378c759486af0b9
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: amifldrv64.sys
+    MD5: e5e8ecb20bc5630414707295327d755e
+    SHA1: 06ecf73790f0277b8e27c8138e2c9ad0fc876438
+    SHA256: e7cbfb16261de1c7f009431d374d90e9eb049ba78246e38bc4c8b9e06f324b6f
+    Authentihash:
+        MD5: 83a8c462f323e93e725875f6e96c8727
+        SHA1: c42feaa6c9788b7161b765f725070204f7b5e3ec
+        SHA256: 709ab95302bb44c7a7dafaf342ca933422ea03ed7b492be204a319161feb350e
+    Description: ''
+    Company: ''
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    Product: ''
+    ProductVersion: ''
+    Copyright: ''
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - ZwMapViewOfSection
+    - RtlInitUnicodeString
+    - ZwUnmapViewOfSection
+    - ZwClose
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - MmUnmapLockedPages
+    - MmFreeContiguousMemory
+    - MmBuildMdlForNonPagedPool
+    - IoFreeMdl
+    - MmMapIoSpace
+    - MmMapLockedPagesSpecifyCache
+    - IoAllocateMdl
+    - MmAllocateContiguousMemory
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeBugCheckEx
+    - MmGetPhysicalAddress
+    - MmUnmapIoSpace
+    - HalTranslateBusAddress
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: ??=US, ??=Georgia, ??=Private Organization, serialNumber=J912954,
+                C=US, ST=Georgia, L=Norcross, O=American Megatrends, Inc., CN=American
+                Megatrends, Inc.
+            ValidFrom: '2017-08-30 00:00:00'
+            ValidTo: '2020-09-24 12:00:00'
+            Signature: 5a00ce1b66cc04a3be37c0926957fc54b1f2904c69a3555d90a15e3c7b7133e76583a0fe5c13c21cdddda40e6f0ba958964796abcfbb7fbe4de15a009f80e653556e29cac9d208645b8154f52f6045fa268f6e6b57536f21833f2cc92c5e9a51636cfeaa74f0b8ab80a8649d68c7c46f51a534c0697a426aa37337c7956268f4cdc8d88adbd1aa0cb620abeb7166172e914016c84e00824751b4f7142b54c56b74d578fd97aadda3e8e777ec22c34460a8dc7e0392a9adab018b16699d9ddd7551fd5c5924f3d1ccb9e6ef67ca0ab2107d1abf158add6d42ba18dee5ec35e3445627df4744d71f73ee3a199aaa42993ebaaa7f91f8b6d1b623350744853c1b38
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 0e55cdb4e7e8eeb9dd5d89fc1d7588ca
+            Version: 3
+            TBS:
+                MD5: a5de00a04f3cc5cb19818f21f9dfb050
+                SHA1: ca921c1b360b04765d8eec4edb88438ba7a28049
+                SHA256: 4c8b0e0cfde13478b5bc8b7e58a4b5f0971d324c17fa908b79816e5efa86e10c
+                SHA384: bea7d7bb51b76f219104dd211fec73f9951d47e116bdf3095b28bb02a33b675069ef5c283950f523828fd5434150c71a
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA (SHA2)
+            ValidFrom: '2012-04-18 12:00:00'
+            ValidTo: '2027-04-18 12:00:00'
+            Signature: 19334a0c813337dbad36c9e4c93abbb51b2e7aa2e2f44342179ebf4ea14de1b1dbe981dd9f01f2e488d5e9fe09fd21c1ec5d80d2f0d6c143c2fe772bdbf9d79133ce6cd5b2193be62ed6c9934f88408ecde1f57ef10fc6595672e8eb6a41bd1cd546d57c49ca663815c1bfe091707787dcc98d31c90c29a233ed8de287cd898d3f1bffd5e01a978b7cda6dfba8c6b23a666b7b01b3cdd8a634ec1201ab9558a5c45357a860e6e70212a0b92364a24dbb7c81256421becfee42184397bba53706af4dff26a54d614bec4641b865ceb8799e08960b818c8a3b8fc7998ca32a6e986d5e61c696b78ab9612d93b8eb0e0443d7f5fea6f062d4996aa5c1c1f0649480
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 03f1b4e15f3a82f1149678b3d7d8475c
+            Version: 3
+            TBS:
+                MD5: 83f5de89f641d0fbf60248e10a7b9534
+                SHA1: 382a73a059a08698d6eb98c87e1b36fc750933a4
+                SHA256: eec58131dc11cd7f512501b15fdbc6074c603b68ca91f7162d5a042054edb0cf
+                SHA384: 4a25018683cabfb8ec2cad136334f37f33c89aa8540326322991d997c8adfb7faf06ab602ebd46630fe75fe3d2edc6b1
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 0e55cdb4e7e8eeb9dd5d89fc1d7588ca
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA (SHA2)
+            Version: 1
+    RichPEHeaderHash:
+        MD5: ef56fc9d56485c17dd1c03070dd4ee5a
+        SHA1: d5eae5456214e9f56cb7e3642e4021df1e0cd05a
+        SHA256: 6021a5d2b54abfd1988a1671700cf8b01a009cd4f31242beb383303d8623c6e2
+    Sections:
+        .text:
+            Entropy: 6.237884437720332
+            Virtual Size: '0x1b7e'
+        .rdata:
+            Entropy: 4.467064388656255
+            Virtual Size: '0x25c'
+        .data:
+            Entropy: 0.39557408985753395
+            Virtual Size: '0x1c0'
+        .pdata:
+            Entropy: 3.7790272797610935
+            Virtual Size: '0x108'
+        INIT:
+            Entropy: 5.1116136344980365
+            Virtual Size: '0x38e'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2020-09-10 20:51:41'
+    Imphash: 4fbdc03e4487f98fb59360ea5b3e640d
+    LoadsDespiteHVCI: 'TRUE'
+-   Filename: amifldrv64.sys
+    MD5: 1f7b2a00fe0c55d17d1b04c5e0507970
+    SHA1: eb1ecad3d37bb980f908bf1a912415cff32e79e6
+    SHA256: fc22977ff721b3d718b71c42440ee2d8a144f3fbc7755e4331ddd5bcc65158d2
+    Authentihash:
+        MD5: 9e725819820804fbf377917e9e7a3333
+        SHA1: b0ec7d971da8ae84c0ed8f88a5d46b23996e636c
+        SHA256: 038f39558035292f1d794b7cf49f8e751e8633daec31454fe85cccbea83ba3fb
+    Description: ''
+    Company: ''
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    Product: ''
+    ProductVersion: ''
+    Copyright: ''
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - ZwClose
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - RtlInitUnicodeString
+    - ZwUnmapViewOfSection
+    - MmFreeContiguousMemory
+    - IoFreeMdl
+    - MmMapLockedPages
+    - MmBuildMdlForNonPagedPool
+    - MmUnmapIoSpace
+    - MmGetPhysicalAddress
+    - MmIsAddressValid
+    - MmAllocateContiguousMemory
+    - MmUnmapLockedPages
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - IoAllocateMdl
+    - MmMapIoSpace
+    - HalTranslateBusAddress
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=US, ST=Georgia, L=Norcross, O=American Megatrends, Inc., OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, OU=Headquarters, CN=American
+                Megatrends, Inc.
+            ValidFrom: '2006-09-30 00:00:00'
+            ValidTo: '2009-11-16 23:59:59'
+            Signature: 7cb6b8f10c441fc01d130c6ae39a287be5cb175f02ae6c214f0034c77f262006f866180e4db8619079a50fef4fde71927b061ef79f3d0e1be1bba040afd81f202bb10892ce7a0549506158a1d15067dd7a82488cc4bd2c3f408ee928c85117ee0d080d9dc24b571b5d75e3ef1e87d3d6b755ab6f9c07ff92e3b2d515ab1219424bf288aed36595d534d91b905b80378c02bd470dd0fb8150888cd0ac3c98cd62becd7c274469167be833f226b05b822d875efa40863faa10e358edd17e3f4d1ee7d62590d1d3e26e9c953be9e1d9a309990e0bb9c06cdfaa89f7b021aaa8d933440d432eab2e7676bda57841b3e7a8933da8b1e047e9cde29ea89b62b4eb48b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 08dfd80b2826716554b1fb8cfa5043d7
+            Version: 3
+            TBS:
+                MD5: 960327b70b290ec28fa2e85cbb7a41fa
+                SHA1: a2ac59e0c82196d6661212232bd3bcf0588e40ea
+                SHA256: 8bb26b4dc7c105fd9cdd0604cedbf3647a700dc4ddadcad839d8e27312253e73
+                SHA384: 7cfe0dfecc1d1abfa204d28c446f706736b73a35cb37e4c2a40c7f3b68eef14ebfb665a6f23e3c0413cd8caf5979607e
+        Signer:
+        -   SerialNumber: 08dfd80b2826716554b1fb8cfa5043d7
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 9f334698254c92ce933257bc672850e4
+        SHA1: 2873eeac59f168bf8f1a29b5dccf7a310f9ac7f7
+        SHA256: 61ec7fee8a31996254d6d7f32e6332ccd9d36fe8b7fe0cf5a407840ef4381027
+    Sections:
+        .text:
+            Entropy: 5.99821129939302
+            Virtual Size: '0x1176'
+        .rdata:
+            Entropy: 4.414177314559514
+            Virtual Size: '0x264'
+        .data:
+            Entropy: 0.5159719988134768
+            Virtual Size: '0x110'
+        .pdata:
+            Entropy: 3.4895989621236247
+            Virtual Size: '0xb4'
+        INIT:
+            Entropy: 4.891266027306224
+            Virtual Size: '0x36e'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2009-08-20 04:07:22'
+    Imphash: 4c304943af1b07b15a5efa80f17d9b89
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: amifldrv.sys
+    MD5: 7b9717c608a5f5a1c816128a609e9575
+    SHA1: ec457a53ea03287cbbd1edcd5f27835a518ef144
+    SHA256: ffc72f0bde21ba20aa97bee99d9e96870e5aa40cce9884e44c612757f939494f
+    Authentihash:
+        MD5: 08cac606d72411c22b1400d755a2b6e3
+        SHA1: 6055dbc453c111e57c85ec8cfad9e6e11421c8d4
+        SHA256: 5167b33a95b4db0a1244cb3b95d4024587d9a5a95222babb033210e6b111d2fb
+    Description: AMI Generic Utility Driver
+    Company: Windows (R) Win 7 DDK provider
+    InternalName: amifldrv.sys
+    OriginalFilename: amifldrv.sys
+    FileVersion: 10.0.10011.16384
+    Product: Windows (R) Win 7 DDK driver
+    ProductVersion: 10.0.10011.16384
+    Copyright: "\xA9 Microsoft Corporation. All rights reserved."
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - MmMapLockedPagesSpecifyCache
+    - MmUnmapLockedPages
+    - MmAllocateContiguousMemory
+    - MmFreeContiguousMemory
+    - IoAllocateMdl
+    - IoFreeMdl
+    - MmGetPhysicalAddress
+    - RtlInitUnicodeString
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - KeLowerIrql
+    - KfRaiseIrql
+    - MmBuildMdlForNonPagedPool
+    - MmUnmapIoSpace
+    - ObReferenceObjectByHandle
+    - ZwClose
+    - ZwOpenSection
+    - ZwMapViewOfSection
+    - ZwUnmapViewOfSection
+    - ExFreePoolWithTag
+    - MmGetSystemRoutineAddress
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - MmMapIoSpace
+    - RtlCompareMemory
+    - HalTranslateBusAddress
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: ??=US, ??=Georgia, ??=Private Organization, serialNumber=J912954,
+                C=US, ST=Georgia, L=Norcross, O=American Megatrends, Inc., CN=American
+                Megatrends, Inc.
+            ValidFrom: '2017-08-30 00:00:00'
+            ValidTo: '2020-09-24 12:00:00'
+            Signature: 5a00ce1b66cc04a3be37c0926957fc54b1f2904c69a3555d90a15e3c7b7133e76583a0fe5c13c21cdddda40e6f0ba958964796abcfbb7fbe4de15a009f80e653556e29cac9d208645b8154f52f6045fa268f6e6b57536f21833f2cc92c5e9a51636cfeaa74f0b8ab80a8649d68c7c46f51a534c0697a426aa37337c7956268f4cdc8d88adbd1aa0cb620abeb7166172e914016c84e00824751b4f7142b54c56b74d578fd97aadda3e8e777ec22c34460a8dc7e0392a9adab018b16699d9ddd7551fd5c5924f3d1ccb9e6ef67ca0ab2107d1abf158add6d42ba18dee5ec35e3445627df4744d71f73ee3a199aaa42993ebaaa7f91f8b6d1b623350744853c1b38
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 0e55cdb4e7e8eeb9dd5d89fc1d7588ca
+            Version: 3
+            TBS:
+                MD5: a5de00a04f3cc5cb19818f21f9dfb050
+                SHA1: ca921c1b360b04765d8eec4edb88438ba7a28049
+                SHA256: 4c8b0e0cfde13478b5bc8b7e58a4b5f0971d324c17fa908b79816e5efa86e10c
+                SHA384: bea7d7bb51b76f219104dd211fec73f9951d47e116bdf3095b28bb02a33b675069ef5c283950f523828fd5434150c71a
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA (SHA2)
+            ValidFrom: '2012-04-18 12:00:00'
+            ValidTo: '2027-04-18 12:00:00'
+            Signature: 19334a0c813337dbad36c9e4c93abbb51b2e7aa2e2f44342179ebf4ea14de1b1dbe981dd9f01f2e488d5e9fe09fd21c1ec5d80d2f0d6c143c2fe772bdbf9d79133ce6cd5b2193be62ed6c9934f88408ecde1f57ef10fc6595672e8eb6a41bd1cd546d57c49ca663815c1bfe091707787dcc98d31c90c29a233ed8de287cd898d3f1bffd5e01a978b7cda6dfba8c6b23a666b7b01b3cdd8a634ec1201ab9558a5c45357a860e6e70212a0b92364a24dbb7c81256421becfee42184397bba53706af4dff26a54d614bec4641b865ceb8799e08960b818c8a3b8fc7998ca32a6e986d5e61c696b78ab9612d93b8eb0e0443d7f5fea6f062d4996aa5c1c1f0649480
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 03f1b4e15f3a82f1149678b3d7d8475c
+            Version: 3
+            TBS:
+                MD5: 83f5de89f641d0fbf60248e10a7b9534
+                SHA1: 382a73a059a08698d6eb98c87e1b36fc750933a4
+                SHA256: eec58131dc11cd7f512501b15fdbc6074c603b68ca91f7162d5a042054edb0cf
+                SHA384: 4a25018683cabfb8ec2cad136334f37f33c89aa8540326322991d997c8adfb7faf06ab602ebd46630fe75fe3d2edc6b1
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 0e55cdb4e7e8eeb9dd5d89fc1d7588ca
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA (SHA2)
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 22c1aa4fd648b9e83a61fb46cccca57a
+        SHA1: 869c3ac1eeb8a57bf54702c225c98170cdf596dd
+        SHA256: 2b7e106cfd1c70b544af1544f1e4efc46a8cb812a907bbf89d9e73eac42f7b03
+    Sections:
+        .text:
+            Entropy: 6.377894790652307
+            Virtual Size: '0x20fe'
+        .rdata:
+            Entropy: 4.187746427960226
+            Virtual Size: '0x6c8'
+        .data:
+            Entropy: 0.6627058304164626
+            Virtual Size: '0x1fc'
+        .pdata:
+            Entropy: 3.9618307720615737
+            Virtual Size: '0x1e0'
+        .gfids:
+            Entropy: 0.8112781244591328
+            Virtual Size: '0x4'
+        PAGE:
+            Entropy: 5.772669094690347
+            Virtual Size: '0x148'
+        INIT:
+            Entropy: 5.163068093359347
+            Virtual Size: '0x438'
+        .rsrc:
+            Entropy: 3.585664604917059
+            Virtual Size: '0x470'
+        .reloc:
+            Entropy: 2.9176286494293437
+            Virtual Size: '0x18'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2020-09-18 00:26:30'
+    Imphash: 07a42e80559d960b176c0fc8fd309bfe
+    LoadsDespiteHVCI: 'TRUE'
+-   Filename: amifldrv64.sys
+    MD5: 6ab7b8ef0c44e7d2d5909fdb58d37fa5
+    SHA1: bb962c9a8dda93e94fef504c4159de881e4706fe
+    SHA256: 42579a759f3f95f20a2c51d5ac2047a2662a2675b3fb9f46c1ed7f23393a0f00
+    Signature:
+    - American Megatrends, Inc.
+    - VeriSign Class 3 Code Signing 2010 CA
+    - VeriSign
+    Date: ''
+    Publisher: '"American Megatrends, Inc."'
+    Company: ''
+    Description: ''
+    Product: ''
+    ProductVersion: ''
+    FileVersion: ''
+    MachineType: AMD64
+    OriginalFilename: ''
+    Authentihash:
+        MD5: fc9e48051c2b957ed1cc7b69a29a66c8
+        SHA1: 716bce2ce697883eba0c051ed487de6304d73cd3
+        SHA256: d7841ee6dac956cc0923368d6722063a19c9fa131e55c6f3b7484cce78d826f0
+    InternalName: ''
+    Copyright: ''
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - ZwClose
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - RtlInitUnicodeString
+    - ZwUnmapViewOfSection
+    - MmFreeContiguousMemory
+    - IoFreeMdl
+    - MmMapLockedPages
+    - MmMapLockedPagesSpecifyCache
+    - PsGetVersion
+    - MmUnmapIoSpace
+    - IoAllocateMdl
+    - MmGetPhysicalAddress
+    - MmIsAddressValid
+    - MmAllocateContiguousMemory
+    - MmUnmapLockedPages
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - MmBuildMdlForNonPagedPool
+    - MmMapIoSpace
+    - HalTranslateBusAddress
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, ST=Georgia, L=Norcross, O=American Megatrends, Inc., OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, OU=Headquarters, CN=American
+                Megatrends, Inc.
+            ValidFrom: '2012-06-26 00:00:00'
+            ValidTo: '2015-06-26 23:59:59'
+            Signature: 5460beb703f166c9e6162d718f8e007272cb4311c796179a1d9f961bf90afd5019666505230d293cec6536bdeb283d167d4aa10d10e1693a9203ac123052e9a85dd70e698e1d4d27609892c789a423afb9f4db6063873df482e41c4533931ba6e85bf70f6ba1ffeed4dbb4a9d8d64698eca2b119fdb150d1d371cf7bf66f91ee76c743a8da01a13748dcd300def65d094ea4c9298d897e7c2e35c1445445b8570fd3cf14e966c35206d738b2074cc4e1a09e467e4d817a4bb8ba5c4ae69e30682ce55df79f9bc796dc0fc60fba1b5ecca4c3b963e7b666cd1b7eddc0dd4f0f1ec95e1c77aeb4081e4d0e44ff28c243945a6e6e14eaf39b76856e93b0f4843384
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 5ba2905d11f5cfbbc53ab21bfd39defe
+            Version: 3
+            TBS:
+                MD5: 5fa5fe411cf2f824dba6ce8c34a7c1a2
+                SHA1: 3c83886e28508f0cf5222ae6e8ffdb874144d42d
+                SHA256: 9a70952ea856e2791bbdfad165dea69c7e57236053401fca97c67f95799efc41
+                SHA384: 485bdb94bb6c9f8bcaea54c102f710d6f5b6b85a77431bed08697ad7c2386db4fc34e8860369fd6ecaa5fc37b8577ecc
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 5ba2905d11f5cfbbc53ab21bfd39defe
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 11043dc4782ab6f558b2f54a5734da6d
+        SHA1: b77cba260bebc385e5e1c645a075e780afe12016
+        SHA256: 104d53607e0a82726e7fa522d2f9430be286cfa1738933236ecd2576398203e7
+    Sections:
+        .text:
+            Entropy: 6.0530124452382665
+            Virtual Size: '0x1406'
+        .rdata:
+            Entropy: 4.4254098566782165
+            Virtual Size: '0x2b0'
+        .data:
+            Entropy: 0.5159719988134768
+            Virtual Size: '0x110'
+        .pdata:
+            Entropy: 3.6014977715294747
+            Virtual Size: '0xd8'
+        INIT:
+            Entropy: 4.923446652280529
+            Virtual Size: '0x3ae'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2014-12-03 23:04:12'
+    Imphash: 4c0161f638d5acafe23fcee3c5e86f15
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 9e725819820804fbf377917e9e7a3333
+        SHA1: b0ec7d971da8ae84c0ed8f88a5d46b23996e636c
+        SHA256: 038f39558035292f1d794b7cf49f8e751e8633daec31454fe85cccbea83ba3fb
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2009-08-20 04:07:22'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - ZwClose
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - RtlInitUnicodeString
+    - ZwUnmapViewOfSection
+    - MmFreeContiguousMemory
+    - IoFreeMdl
+    - MmMapLockedPages
+    - MmBuildMdlForNonPagedPool
+    - MmUnmapIoSpace
+    - MmGetPhysicalAddress
+    - MmIsAddressValid
+    - MmAllocateContiguousMemory
+    - MmUnmapLockedPages
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - IoAllocateMdl
+    - MmMapIoSpace
+    - HalTranslateBusAddress
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: f41f65189b796534d8ef6bf9caa06853
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 9f334698254c92ce933257bc672850e4
+        SHA1: 2873eeac59f168bf8f1a29b5dccf7a310f9ac7f7
+        SHA256: 61ec7fee8a31996254d6d7f32e6332ccd9d36fe8b7fe0cf5a407840ef4381027
+    SHA1: 4d7d514b13de9bd3e9753bf058958e7f03f36983
+    SHA256: 5e238d351e16d4909ca394f1db0326a60d33c9ac7b4d78aefcf17a6d9cc72be9
+    Sections:
+        .text:
+            Entropy: 5.99821129939302
+            Virtual Size: '0x1176'
+        .rdata:
+            Entropy: 4.414177314559514
+            Virtual Size: '0x264'
+        .data:
+            Entropy: 0.5159719988134768
+            Virtual Size: '0x110'
+        .pdata:
+            Entropy: 3.4895989621236247
+            Virtual Size: '0xb4'
+        INIT:
+            Entropy: 4.891266027306224
+            Virtual Size: '0x36e'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=DE, postalCode=81673, ST=Bayern, L=Mnchen, ??=Tomannweg 6,
+                O=NOVENTI Health SE, CN=NOVENTI Health SE
+            ValidFrom: '2021-03-25 00:00:00'
+            ValidTo: '2024-03-24 23:59:59'
+            Signature: 519d68e4d16da2927761a469f3e722556dc89310e1cc9b215e8992da99d01a265aba54680568e7addbc248e894045a18190d3e05ac35109fbc8518bdf7e68a28e853bff1b2291d84ec03550569a0fa8331c5de89c4c9c47911c902a40cd4772b2086b541a8c57d3a30c05858d717dec7f859c66895ee1bea0b5a9c871a297efed221348320c85aebcda9a210e7f7b3ac88325041ea330fa5ca0cba6ecf07861e3e665c8095df135706b033b38d9567fd9b2c745e3afab8048e7aa41a4b7b0ef7ef39315a98026983b9fa9fe775c15452d18b124890fb9b52db063cbd3dc0d58b3eeb894262c74bd791efe66bf49f071ee4796aa7b3c983b29b05a53c3a0bd507
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 00bae5fa7e148e727ecf4481e69416f9a0
+            Version: 3
+            TBS:
+                MD5: e60d2ebd77b703a3f6628183b0ad1262
+                SHA1: 9e82200e82226ceae142ac8b8cd9580dd585c0c7
+                SHA256: 587d3e589c526256b69c3836ba380c292f11cba42bd7ad847cdb8922d5c0c66a
+                SHA384: 266ef698aa66c7948f7a0f9989e4e086e7821b768ebbe85f439aa3fafccbc5eefbde84ac00ad3a18aeb2777b3a682d42
+        -   Subject: C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network,
+                CN=USERTrust RSA Certification Authority
+            ValidFrom: '2019-03-12 00:00:00'
+            ValidTo: '2028-12-31 23:59:59'
+            Signature: 188751dc74213d9c8ae027b733d02eccecf0e6cb5e11de226f9b758e9e72fee4d6feaa1f9c962def034a7eaef48d6f723c433bc03febb8df5caaa9c6aef2fcd8eea37b43f686367c14e0cdf4f73ffedeb8b48af09196fefd43647efdccd201a17d7df81919c9422b13bf588bbaa4a266047688914e0c8914cea24dc932b3bae8141abc71f15bf0410b98000a220310e50cb1f9cd923719ed3bf1e43ab6f945132675afbbaaef3f7b773bd2c402913d1900d3175c39db3f7b180d45cd9385962f5ddf59164f3f51bdd545183fed4a8ee80661742316b50d50732744477f105d892a6b853114c4e8a96a4c80bc6a78cfb87f8e7672990c9dfed7910816a1a35f95
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.12
+            IsCertificateAuthority: true
+            SerialNumber: 3972443af922b751d7d36c10dd313595
+            Version: 3
+            TBS:
+                MD5: 3f5b269ded03667a7bad47c1885062b0
+                SHA1: 0f01247aaf8b46e3617880e0f5f5dfac696ed7a3
+                SHA256: 593e2d49a74023555526aef9b7422b19e5b8b167391b6dee5ed292b1ca23a74c
+                SHA384: 13baa039635f1c5292a8c2f36aae7e1d25c025202e9092f5b0f53f5f752dfa9c71b3d1b8d9a6358fcee6ec75622fabf9
+        -   Subject: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo
+                RSA Code Signing CA
+            ValidFrom: '2018-11-02 00:00:00'
+            ValidTo: '2030-12-31 23:59:59'
+            Signature: 4d6350ed47344a61a4dbde6a2a8c9bf100001e1d627b3ad732c2f6b3e063b3fb6100889a1b6d1007044fbeb8ea897822eb0f46ecf3465e40468912f40b775a9c2a413afcd6f4ebe7f7159533c3a18328b7de2fe494f78533832d4a4048bf9ac24f4ab18f24f4b38137d3b764b0a6236a596852425fff04ebe174657908f5a993de6b71409996ba78f1b9c8e2c30816b1ab635ac815806d745e4a757ea5b8c36cb5cfdf4a79875cc7404d6335f630d3cfb50a0e0b047fa04baebba3a5d08400933e535d34a50035696cbe9f2025100d19fb509061be398f7a8e4df69f0e1efe075112668326194895ce4ac9c17ff33a059bf96fdf887fc0239ed21e437a4531c19c4da9f059b25919e86a8d290402777c4b4bcd70be3ab2555a783ebcbb6f0310257715348af936cc4392e4ba4ff1629328255729fb5119c7a125406a8457c6b29db1bc1c0ada7c677e7d2ee9284c187ec47b3141719a4b29ec0b3d5750d2caddfd9e0551e54478dd01deb175980d5424fdf04ee3e2f883bd72bacb3d3aeef05e1792686dc861f9a6f12a0a0ba5b9f49eee983205859eebf98329d3c62c7dbd3a772e8b3742a06a82ed3b4aaa9410a4e10df817c5b65a79331892e3b575f8a1e98e0a251ee41ef19f5a8723ff9fa4519efb398011cddbb5c4a7a8806fe553d4e0e3a2c2d25b1afa32262d6a57701c3ca4582ea3f35b4b07dc3259f387a71a6d58
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.12
+            IsCertificateAuthority: true
+            SerialNumber: 1da248306f9b2618d082e0967d33d36a
+            Version: 3
+            TBS:
+                MD5: c1eabfb5994258ad955adb7c2df165e6
+                SHA1: fa33b3c00cebc469b269220d9eab26926c9b8ad8
+                SHA256: 70dffac37eb787b2198816982c7d44f541d2e39a7dac069d37b367dc9f354b32
+                SHA384: 20adc5b59cb532e215f01ba09a9c745898c206555613512fea7c295ccfd17ced4fe2c5bc3274ca8a270fc68799b8343c
+        Signer:
+        -   SerialNumber: 00bae5fa7e148e727ecf4481e69416f9a0
+            Issuer: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo
+                RSA Code Signing CA
+            Version: 1
+    Imphash: 4c304943af1b07b15a5efa80f17d9b89
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: ea34e232fa33735e7ec30ffecd39e9b7
+        SHA1: 89817cfa2603b582c1e9f7f66db5847ec6661b36
+        SHA256: df4566edea7c02e29d7dc56ff3f7da6c1ef846e1063b2805a5180bb0d6db37e8
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2018-03-06 02:32:52'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - ZwMapViewOfSection
+    - RtlInitUnicodeString
+    - ZwUnmapViewOfSection
+    - ZwClose
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - MmUnmapLockedPages
+    - MmMapLockedPages
+    - MmFreeContiguousMemory
+    - MmBuildMdlForNonPagedPool
+    - IoFreeMdl
+    - MmGetPhysicalAddress
+    - MmMapIoSpace
+    - PsGetVersion
+    - MmIsAddressValid
+    - IoAllocateMdl
+    - MmAllocateContiguousMemory
+    - DbgPrint
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeBugCheckEx
+    - MmMapLockedPagesSpecifyCache
+    - MmUnmapIoSpace
+    - HalTranslateBusAddress
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: 304f7b25251e688516aa452411c0d439
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: c00cf23e0046a177de4bc1e505e3aab8
+        SHA1: 22294b742e5e9a98ee5cde08bfc7b38bed3b8dfc
+        SHA256: b1ad7c2951f77267f3557f4ac3008b34d24538a221eacb44df3de75b0b4e093f
+    SHA1: 3a2e9523fa861714f1acf76009c2b024aa78ad03
+    SHA256: f06fdfe50ebc8d1d2daf5811b66288563f26a09a2ec9c2a21e2a71ff19756062
+    Sections:
+        .text:
+            Entropy: 6.233864044218723
+            Virtual Size: '0x185e'
+        .rdata:
+            Entropy: 4.19939457022358
+            Virtual Size: '0x234'
+        .data:
+            Entropy: 0.5159719988134768
+            Virtual Size: '0x110'
+        .pdata:
+            Entropy: 3.646261220984394
+            Virtual Size: '0xc0'
+        INIT:
+            Entropy: 5.080431277889913
+            Virtual Size: '0x3f2'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: ??=US, ??=Georgia, ??=Private Organization, serialNumber=J912954,
+                C=US, ST=Georgia, L=Norcross, O=American Megatrends, Inc., CN=American
+                Megatrends, Inc.
+            ValidFrom: '2017-08-30 00:00:00'
+            ValidTo: '2020-09-24 12:00:00'
+            Signature: 5a00ce1b66cc04a3be37c0926957fc54b1f2904c69a3555d90a15e3c7b7133e76583a0fe5c13c21cdddda40e6f0ba958964796abcfbb7fbe4de15a009f80e653556e29cac9d208645b8154f52f6045fa268f6e6b57536f21833f2cc92c5e9a51636cfeaa74f0b8ab80a8649d68c7c46f51a534c0697a426aa37337c7956268f4cdc8d88adbd1aa0cb620abeb7166172e914016c84e00824751b4f7142b54c56b74d578fd97aadda3e8e777ec22c34460a8dc7e0392a9adab018b16699d9ddd7551fd5c5924f3d1ccb9e6ef67ca0ab2107d1abf158add6d42ba18dee5ec35e3445627df4744d71f73ee3a199aaa42993ebaaa7f91f8b6d1b623350744853c1b38
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 0e55cdb4e7e8eeb9dd5d89fc1d7588ca
+            Version: 3
+            TBS:
+                MD5: a5de00a04f3cc5cb19818f21f9dfb050
+                SHA1: ca921c1b360b04765d8eec4edb88438ba7a28049
+                SHA256: 4c8b0e0cfde13478b5bc8b7e58a4b5f0971d324c17fa908b79816e5efa86e10c
+                SHA384: bea7d7bb51b76f219104dd211fec73f9951d47e116bdf3095b28bb02a33b675069ef5c283950f523828fd5434150c71a
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA (SHA2)
+            ValidFrom: '2012-04-18 12:00:00'
+            ValidTo: '2027-04-18 12:00:00'
+            Signature: 19334a0c813337dbad36c9e4c93abbb51b2e7aa2e2f44342179ebf4ea14de1b1dbe981dd9f01f2e488d5e9fe09fd21c1ec5d80d2f0d6c143c2fe772bdbf9d79133ce6cd5b2193be62ed6c9934f88408ecde1f57ef10fc6595672e8eb6a41bd1cd546d57c49ca663815c1bfe091707787dcc98d31c90c29a233ed8de287cd898d3f1bffd5e01a978b7cda6dfba8c6b23a666b7b01b3cdd8a634ec1201ab9558a5c45357a860e6e70212a0b92364a24dbb7c81256421becfee42184397bba53706af4dff26a54d614bec4641b865ceb8799e08960b818c8a3b8fc7998ca32a6e986d5e61c696b78ab9612d93b8eb0e0443d7f5fea6f062d4996aa5c1c1f0649480
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 03f1b4e15f3a82f1149678b3d7d8475c
+            Version: 3
+            TBS:
+                MD5: 83f5de89f641d0fbf60248e10a7b9534
+                SHA1: 382a73a059a08698d6eb98c87e1b36fc750933a4
+                SHA256: eec58131dc11cd7f512501b15fdbc6074c603b68ca91f7162d5a042054edb0cf
+                SHA384: 4a25018683cabfb8ec2cad136334f37f33c89aa8540326322991d997c8adfb7faf06ab602ebd46630fe75fe3d2edc6b1
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 0e55cdb4e7e8eeb9dd5d89fc1d7588ca
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA (SHA2)
+            Version: 1
+    Imphash: 363922cc73591e60f2af113182414230
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 055ae7ceb7439b6f8de45c1143b8d84b
+        SHA1: e91ea7fece914edc7f398a05bec3fcfb765328bb
+        SHA256: 2ee914c20b3e4a321bcd2ea2f0f437cda6da09dc0819cd6f06960c0567f4cb19
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2011-06-13 02:41:57'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - ZwClose
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - RtlInitUnicodeString
+    - ZwUnmapViewOfSection
+    - MmFreeContiguousMemory
+    - IoFreeMdl
+    - MmMapLockedPages
+    - MmBuildMdlForNonPagedPool
+    - MmUnmapIoSpace
+    - MmGetPhysicalAddress
+    - MmIsAddressValid
+    - MmAllocateContiguousMemory
+    - MmUnmapLockedPages
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - IoAllocateMdl
+    - MmMapIoSpace
+    - HalTranslateBusAddress
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: cb6173824b31a721e5cf332c75bb2473
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 9f334698254c92ce933257bc672850e4
+        SHA1: 2873eeac59f168bf8f1a29b5dccf7a310f9ac7f7
+        SHA256: 61ec7fee8a31996254d6d7f32e6332ccd9d36fe8b7fe0cf5a407840ef4381027
+    SHA1: 41f2d0f9863bce8920c207b1ef5d3d32b603edef
+    SHA256: fda506e2aa85dc41a4cbc23d3ecc71ab34e06f1def736e58862dc449acbc2330
+    Sections:
+        .text:
+            Entropy: 6.001236000314558
+            Virtual Size: '0x1176'
+        .rdata:
+            Entropy: 4.514613046184404
+            Virtual Size: '0x278'
+        .data:
+            Entropy: 0.5159719988134768
+            Virtual Size: '0x110'
+        .pdata:
+            Entropy: 3.48065651504342
+            Virtual Size: '0xb4'
+        INIT:
+            Entropy: 4.891266027306224
+            Virtual Size: '0x36e'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=US, ST=Georgia, L=Norcross, O=American Megatrends, Inc., OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, OU=Headquarters, CN=American
+                Megatrends, Inc.
+            ValidFrom: '2010-05-07 00:00:00'
+            ValidTo: '2012-05-06 23:59:59'
+            Signature: 41aa6f714033d64479b8e3492829a9435eeaaa4d4d82b4a95192c18a07ab08afe25582abe5acaea015492a737f7bdd4591fdb50b670888a4d66dae5fc240fbd68276b8264e9f438df308568bbae1a06544acd767d960475aaf62cbce8e8feea6eafd802954e28ecf016620e7686727c6b75ddfb2818317e1e333641aae42d1cf6ec8f95bcc96a647143801547c6b3857323c08b552602724268d3c35569e83368bfed55c81cee51ac4a16db9f81fff47687ad82c20ef5fb7ea9102a43de699caa0b86c1a07b4a4b6f949c28cec24892a74461a0d3f8659f2abfc58818ba2b44393970d08bde058c694a73e335eab3a17df129668db432e2ea659f1f4774a1bdc
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1ecbf523c0f14748fe14841dbb88c365
+            Version: 3
+            TBS:
+                MD5: 64f5c20bac3ca9a20857800f4df459c1
+                SHA1: a74a6dc7bbed636d0dd81f4c568e8ba9a1b4f63c
+                SHA256: b719be4421509ea4032925e523e7045900feda002cc27f69031630da48e7c132
+                SHA384: 2ba2a3529dfbfaef4d681335a89d21e7a909249870e12e04e3257a7f76d638ffd5d1318b07525e87e61e9819610b6e64
+        Signer:
+        -   SerialNumber: 1ecbf523c0f14748fe14841dbb88c365
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    Imphash: 4c304943af1b07b15a5efa80f17d9b89
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: f7b9cfa7e07f5c516f65bbe9f7976634
+        SHA1: 40603c7230d74ff33524a11c0b09f9459e7afe91
+        SHA256: 8b4cbd2bc16071a1868597ec86857dba1140f981e3e943b0857341daffff4e69
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2012-07-23 01:53:08'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - ZwMapViewOfSection
+    - RtlInitUnicodeString
+    - ZwUnmapViewOfSection
+    - ZwClose
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - MmUnmapLockedPages
+    - MmMapLockedPages
+    - MmFreeContiguousMemory
+    - MmBuildMdlForNonPagedPool
+    - MmMapIoSpace
+    - MmGetPhysicalAddress
+    - MmIsAddressValid
+    - IoAllocateMdl
+    - MmAllocateContiguousMemory
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeBugCheckEx
+    - IoFreeMdl
+    - MmUnmapIoSpace
+    - HalTranslateBusAddress
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: 73fc2954829a49fc8eb178b000d10120
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 4514064220e4df532f9e1c494dcf525b
+        SHA1: 2c8246e50cf577a458ea6c41dbdbce96b1cd935c
+        SHA256: cf1a7659682ded15bdb0f509de52b3e4aaa2bffb9e19b98208b8615bd9138433
+    SHA1: 4040f6974119ff2486f9a0cbd749ce240cbee2aa
+    SHA256: 26ba58c9af9c8a7aebf222f491f786daa0626be44d34f170fea3623d92828e63
+    Sections:
+        .text:
+            Entropy: 6.111427747435866
+            Virtual Size: '0x111e'
+        .rdata:
+            Entropy: 4.155346525091322
+            Virtual Size: '0x1fc'
+        .data:
+            Entropy: 0.5159719988134768
+            Virtual Size: '0x110'
+        .pdata:
+            Entropy: 3.5513818130711634
+            Virtual Size: '0xa8'
+        INIT:
+            Entropy: 5.084386508092528
+            Virtual Size: '0x39e'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G3
+            ValidFrom: '2012-05-01 00:00:00'
+            ValidTo: '2012-12-31 23:59:59'
+            Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
+            Version: 3
+            TBS:
+                MD5: e6d820afb23af20a65cf0b03247ea05e
+                SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
+                SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
+                SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, ST=Georgia, L=Norcross, O=American Megatrends, Inc., OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, OU=Headquarters, CN=American
+                Megatrends, Inc.
+            ValidFrom: '2012-06-26 00:00:00'
+            ValidTo: '2015-06-26 23:59:59'
+            Signature: 5460beb703f166c9e6162d718f8e007272cb4311c796179a1d9f961bf90afd5019666505230d293cec6536bdeb283d167d4aa10d10e1693a9203ac123052e9a85dd70e698e1d4d27609892c789a423afb9f4db6063873df482e41c4533931ba6e85bf70f6ba1ffeed4dbb4a9d8d64698eca2b119fdb150d1d371cf7bf66f91ee76c743a8da01a13748dcd300def65d094ea4c9298d897e7c2e35c1445445b8570fd3cf14e966c35206d738b2074cc4e1a09e467e4d817a4bb8ba5c4ae69e30682ce55df79f9bc796dc0fc60fba1b5ecca4c3b963e7b666cd1b7eddc0dd4f0f1ec95e1c77aeb4081e4d0e44ff28c243945a6e6e14eaf39b76856e93b0f4843384
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 5ba2905d11f5cfbbc53ab21bfd39defe
+            Version: 3
+            TBS:
+                MD5: 5fa5fe411cf2f824dba6ce8c34a7c1a2
+                SHA1: 3c83886e28508f0cf5222ae6e8ffdb874144d42d
+                SHA256: 9a70952ea856e2791bbdfad165dea69c7e57236053401fca97c67f95799efc41
+                SHA384: 485bdb94bb6c9f8bcaea54c102f710d6f5b6b85a77431bed08697ad7c2386db4fc34e8860369fd6ecaa5fc37b8577ecc
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 5ba2905d11f5cfbbc53ab21bfd39defe
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 9943d029b8ce940ac6c9a8ab0737bf35
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 8d9eae0e8d075f0ddfaac56869fb4b12
+        SHA1: a6d2266a4e27c71666ce5964570e87a8b0227e91
+        SHA256: 9022cdd52aa3420757d5c16fe61a4fd4d538fe74981ddf3f29de00eb7a3be849
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2011-07-15 00:02:29'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - ZwClose
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - RtlInitUnicodeString
+    - ZwUnmapViewOfSection
+    - MmFreeContiguousMemory
+    - IoFreeMdl
+    - MmMapLockedPages
+    - MmBuildMdlForNonPagedPool
+    - MmUnmapIoSpace
+    - MmGetPhysicalAddress
+    - MmIsAddressValid
+    - MmAllocateContiguousMemory
+    - MmUnmapLockedPages
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - IoAllocateMdl
+    - MmMapIoSpace
+    - HalTranslateBusAddress
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: 28463a6a70f9a686a45934f6559b9b17
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 1f44b746a7f3063e2a8fdd3d0d19b55e
+        SHA1: 93c45eb6cc3a19b2a3c714b15e9eaa6460232124
+        SHA256: 07ede27cc723134153668c011d01210e82f50b6d45471edbc77aba4a5c9c5413
+    SHA1: 27661f6a951a7fa031644bdf014e864c4ee6ec76
+    SHA256: 990165725debccea7ca15aa4ed7a0e3a2a25b4a72cb309a27c899bd0e4b5148f
+    Sections:
+        .text:
+            Entropy: 6.012130762301222
+            Virtual Size: '0x1226'
+        .rdata:
+            Entropy: 4.446456569232528
+            Virtual Size: '0x244'
+        .data:
+            Entropy: 0.5159719988134768
+            Virtual Size: '0x110'
+        .pdata:
+            Entropy: 3.504567295189878
+            Virtual Size: '0x9c'
+        INIT:
+            Entropy: 4.891266027306224
+            Virtual Size: '0x36e'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=US, ST=Georgia, L=Norcross, O=American Megatrends, Inc., OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, OU=Headquarters, CN=American
+                Megatrends, Inc.
+            ValidFrom: '2010-05-07 00:00:00'
+            ValidTo: '2012-05-06 23:59:59'
+            Signature: 41aa6f714033d64479b8e3492829a9435eeaaa4d4d82b4a95192c18a07ab08afe25582abe5acaea015492a737f7bdd4591fdb50b670888a4d66dae5fc240fbd68276b8264e9f438df308568bbae1a06544acd767d960475aaf62cbce8e8feea6eafd802954e28ecf016620e7686727c6b75ddfb2818317e1e333641aae42d1cf6ec8f95bcc96a647143801547c6b3857323c08b552602724268d3c35569e83368bfed55c81cee51ac4a16db9f81fff47687ad82c20ef5fb7ea9102a43de699caa0b86c1a07b4a4b6f949c28cec24892a74461a0d3f8659f2abfc58818ba2b44393970d08bde058c694a73e335eab3a17df129668db432e2ea659f1f4774a1bdc
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1ecbf523c0f14748fe14841dbb88c365
+            Version: 3
+            TBS:
+                MD5: 64f5c20bac3ca9a20857800f4df459c1
+                SHA1: a74a6dc7bbed636d0dd81f4c568e8ba9a1b4f63c
+                SHA256: b719be4421509ea4032925e523e7045900feda002cc27f69031630da48e7c132
+                SHA384: 2ba2a3529dfbfaef4d681335a89d21e7a909249870e12e04e3257a7f76d638ffd5d1318b07525e87e61e9819610b6e64
+        Signer:
+        -   SerialNumber: 1ecbf523c0f14748fe14841dbb88c365
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    Imphash: 4c304943af1b07b15a5efa80f17d9b89
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 87f85bfe34bc87a88c131a034dc171ba
+        SHA1: 169d8790ec6c0415b111411faf36c9e2626c3e98
+        SHA256: 7ccc32e11372896cc01d7780e1176ed6fedd17f846001bc3bf78699e4448105f
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2008-05-23 01:59:34'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - ZwClose
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - RtlInitUnicodeString
+    - ZwUnmapViewOfSection
+    - MmFreeContiguousMemory
+    - IoFreeMdl
+    - MmMapLockedPages
+    - MmBuildMdlForNonPagedPool
+    - MmUnmapIoSpace
+    - MmGetPhysicalAddress
+    - MmIsAddressValid
+    - MmAllocateContiguousMemory
+    - MmUnmapLockedPages
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - IoAllocateMdl
+    - MmMapIoSpace
+    - HalTranslateBusAddress
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: b15a6de1b4a01c73a16f158c2b6b979f
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 9f334698254c92ce933257bc672850e4
+        SHA1: 2873eeac59f168bf8f1a29b5dccf7a310f9ac7f7
+        SHA256: 61ec7fee8a31996254d6d7f32e6332ccd9d36fe8b7fe0cf5a407840ef4381027
+    SHA1: a0e95166bb6f80ef56cd645717d93174e47b750a
+    SHA256: 7c942801884999057aabdc01707570371afdb077979ee2f318c05276123b78e7
+    Sections:
+        .text:
+            Entropy: 6.003768789888146
+            Virtual Size: '0x1186'
+        .rdata:
+            Entropy: 4.392959551890208
+            Virtual Size: '0x29c'
+        .data:
+            Entropy: 0.5159719988134768
+            Virtual Size: '0x110'
+        .pdata:
+            Entropy: 3.5078933972637767
+            Virtual Size: '0xd8'
+        INIT:
+            Entropy: 4.8944037123884145
+            Virtual Size: '0x36e'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=US, ST=Georgia, L=Norcross, O=American Megatrends, Inc., OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, OU=Headquarters, CN=American
+                Megatrends, Inc.
+            ValidFrom: '2006-09-30 00:00:00'
+            ValidTo: '2009-11-16 23:59:59'
+            Signature: 7cb6b8f10c441fc01d130c6ae39a287be5cb175f02ae6c214f0034c77f262006f866180e4db8619079a50fef4fde71927b061ef79f3d0e1be1bba040afd81f202bb10892ce7a0549506158a1d15067dd7a82488cc4bd2c3f408ee928c85117ee0d080d9dc24b571b5d75e3ef1e87d3d6b755ab6f9c07ff92e3b2d515ab1219424bf288aed36595d534d91b905b80378c02bd470dd0fb8150888cd0ac3c98cd62becd7c274469167be833f226b05b822d875efa40863faa10e358edd17e3f4d1ee7d62590d1d3e26e9c953be9e1d9a309990e0bb9c06cdfaa89f7b021aaa8d933440d432eab2e7676bda57841b3e7a8933da8b1e047e9cde29ea89b62b4eb48b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 08dfd80b2826716554b1fb8cfa5043d7
+            Version: 3
+            TBS:
+                MD5: 960327b70b290ec28fa2e85cbb7a41fa
+                SHA1: a2ac59e0c82196d6661212232bd3bcf0588e40ea
+                SHA256: 8bb26b4dc7c105fd9cdd0604cedbf3647a700dc4ddadcad839d8e27312253e73
+                SHA384: 7cfe0dfecc1d1abfa204d28c446f706736b73a35cb37e4c2a40c7f3b68eef14ebfb665a6f23e3c0413cd8caf5979607e
+        Signer:
+        -   SerialNumber: 08dfd80b2826716554b1fb8cfa5043d7
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    Imphash: 4c304943af1b07b15a5efa80f17d9b89
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: f7b9cfa7e07f5c516f65bbe9f7976634
+        SHA1: 40603c7230d74ff33524a11c0b09f9459e7afe91
+        SHA256: 8b4cbd2bc16071a1868597ec86857dba1140f981e3e943b0857341daffff4e69
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2012-07-23 01:53:08'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - ZwMapViewOfSection
+    - RtlInitUnicodeString
+    - ZwUnmapViewOfSection
+    - ZwClose
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - MmUnmapLockedPages
+    - MmMapLockedPages
+    - MmFreeContiguousMemory
+    - MmBuildMdlForNonPagedPool
+    - MmMapIoSpace
+    - MmGetPhysicalAddress
+    - MmIsAddressValid
+    - IoAllocateMdl
+    - MmAllocateContiguousMemory
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeBugCheckEx
+    - IoFreeMdl
+    - MmUnmapIoSpace
+    - HalTranslateBusAddress
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: 6b53c79248a6699da703c4c3ff9d4a7e
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 4514064220e4df532f9e1c494dcf525b
+        SHA1: 2c8246e50cf577a458ea6c41dbdbce96b1cd935c
+        SHA256: cf1a7659682ded15bdb0f509de52b3e4aaa2bffb9e19b98208b8615bd9138433
+    SHA1: 61ec6cb5de378948ef036ff627c87c32f7308bad
+    SHA256: 3972159a58fd04da06f648c3828648cf394d3eb6af89538166cae8e6184c3eb6
+    Sections:
+        .text:
+            Entropy: 6.111427747435866
+            Virtual Size: '0x111e'
+        .rdata:
+            Entropy: 4.155346525091322
+            Virtual Size: '0x1fc'
+        .data:
+            Entropy: 0.5159719988134768
+            Virtual Size: '0x110'
+        .pdata:
+            Entropy: 3.5513818130711634
+            Virtual Size: '0xa8'
+        INIT:
+            Entropy: 5.084386508092528
+            Virtual Size: '0x39e'
+    Signature: ''
+    Signatures: {}
+    Imphash: 9943d029b8ce940ac6c9a8ab0737bf35
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 9e725819820804fbf377917e9e7a3333
+        SHA1: b0ec7d971da8ae84c0ed8f88a5d46b23996e636c
+        SHA256: 038f39558035292f1d794b7cf49f8e751e8633daec31454fe85cccbea83ba3fb
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2009-08-20 04:07:22'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - ZwClose
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - RtlInitUnicodeString
+    - ZwUnmapViewOfSection
+    - MmFreeContiguousMemory
+    - IoFreeMdl
+    - MmMapLockedPages
+    - MmBuildMdlForNonPagedPool
+    - MmUnmapIoSpace
+    - MmGetPhysicalAddress
+    - MmIsAddressValid
+    - MmAllocateContiguousMemory
+    - MmUnmapLockedPages
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - IoAllocateMdl
+    - MmMapIoSpace
+    - HalTranslateBusAddress
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: 5f463e27d90035be365077d1d1ebb3d7
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 9f334698254c92ce933257bc672850e4
+        SHA1: 2873eeac59f168bf8f1a29b5dccf7a310f9ac7f7
+        SHA256: 61ec7fee8a31996254d6d7f32e6332ccd9d36fe8b7fe0cf5a407840ef4381027
+    SHA1: 7019169a8348050774aa49a0e31c3670ee867277
+    SHA256: 3482f671cb1b6414e43ab2c9bccc94c1fba67ceac6e9831249f18f31ad68880c
+    Sections:
+        .text:
+            Entropy: 5.99821129939302
+            Virtual Size: '0x1176'
+        .rdata:
+            Entropy: 4.414177314559514
+            Virtual Size: '0x264'
+        .data:
+            Entropy: 0.5159719988134768
+            Virtual Size: '0x110'
+        .pdata:
+            Entropy: 3.4895989621236247
+            Virtual Size: '0xb4'
+        INIT:
+            Entropy: 4.891266027306224
+            Virtual Size: '0x36e'
+    Signature: ''
+    Signatures: {}
+    Imphash: 4c304943af1b07b15a5efa80f17d9b89
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/351ff5ca-f07b-4eb6-9300-d5d31514defb.yaml b/yaml/351ff5ca-f07b-4eb6-9300-d5d31514defb.yaml
index 17ec6fae5..e6c154614 100644
--- a/yaml/351ff5ca-f07b-4eb6-9300-d5d31514defb.yaml
+++ b/yaml/351ff5ca-f07b-4eb6-9300-d5d31514defb.yaml
@@ -1,5125 +1,5161 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 351ff5ca-f07b-4eb6-9300-d5d31514defb
+Tags:
+- nscm.sys
+Verified: 'TRUE'
 Author: Michael Haag
+Created: '2023-01-09'
+MitreID: T1068
 CVE:
 - CVE-2013-3956
 Category: vulnerable driver
 Commands:
-  Command: sc.exe create nscm.sys binPath=C:\windows\temp \n \n \n  scm.sys type=kernel
-    && sc.exe start nscm.sys
-  Description: nscm.sys is a vulnerable driver. CVE-2013-3956.
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
-Created: '2023-01-09'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/76660e91f1ff3cb89630df5af4fe09de6098d09baa66b1a130c89c3c5edd5b22.yara
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: 351ff5ca-f07b-4eb6-9300-d5d31514defb
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 0d1a4e506e7c928f1683a9cf38eb0835
-    SHA1: 50471608c91621cb84ba646974311da0abf6b3e9
-    SHA256: 0e291148da43ea6a491b8b94bdf573365087940c9b90f6a15a4e589da86a518d
-  Company: Novell, Inc.
-  Copyright: (C) Copyright 2000-2013, Novell, Inc. All Rights Reserved.
-  CreationTimestamp: '2013-01-15 23:24:57'
-  Date: ''
-  Description: Novell XTier Session Manager
-  ExportedFunctions:
-  - DllGetClassObject
-  - XTCOM_Table
-  FileVersion: 3.1.11.0
-  Filename: nscm.sys
-  ImportedFunctions:
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - KeInitializeMutex
-  - IoQueueWorkItemEx
-  - IoDeleteDevice
-  - IoFreeWorkItem
-  - RtlEqualUnicodeString
-  - ZwOpenProcessTokenEx
-  - IoAllocateWorkItem
-  - ZwClose
-  - ZwOpenProcess
-  - DbgPrint
-  - PsGetCurrentProcessId
-  - IoCreateDevice
-  - ZwQueryInformationToken
-  - PsSetCreateProcessNotifyRoutine
-  - SeRegisterLogonSessionTerminatedRoutine
-  - SeUnregisterLogonSessionTerminatedRoutine
-  - ZwOpenThreadTokenEx
-  - IoGetCurrentProcess
-  - SeMarkLogonSessionForTerminationNotification
-  - KeBugCheckEx
-  - KeWaitForSingleObject
-  - ZwQueryInformationProcess
-  - KeReleaseMutex
-  - NicmCreateInstance
-  - NicmDeregisterClassFactory
-  Imports:
-  - ntoskrnl.exe
-  - nicm.sys
-  InternalName: ''
-  MD5: 4a23e0f2c6f926a41b28d574cbc6ac30
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: nscm.sys
-  Product: Novell XTier
-  ProductVersion: 3.1.11
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 0d646b28e804b652211b8f3e0feac906
-    SHA1: 1169ececb349b1d1a50626a2565e85cc6e9049ea
-    SHA256: 097828b6f5705aca00605777868f774f37fd5ecf705e958c6dbdb860c4934be4
-  SHA1: 64e4ac8b9ea2f050933b7ec76a55dd04e97773b4
-  SHA256: 76660e91f1ff3cb89630df5af4fe09de6098d09baa66b1a130c89c3c5edd5b22
-  Sections:
-    .text:
-      Entropy: 5.9944111351941185
-      Virtual Size: '0x5736'
-    .rdata:
-      Entropy: 5.542492779395016
-      Virtual Size: '0x570'
-    .data:
-      Entropy: 1.445115035315444
-      Virtual Size: '0x5a8'
-    .pdata:
-      Entropy: 4.268472946152158
-      Virtual Size: '0x42c'
-    .edata:
-      Entropy: 3.9636482963781448
-      Virtual Size: '0x63'
-    INIT:
-      Entropy: 5.324738401510091
-      Virtual Size: '0x4b6'
-    .rsrc:
-      Entropy: 3.275995301680775
-      Virtual Size: '0x358'
-    .reloc:
-      Entropy: 1.2355823247516717
-      Virtual Size: '0x48'
-  Signature:
-  - Novell, Inc.
-  - VeriSign Class 3 Code Signing 2009-2 CA
-  - VeriSign Class 3 Public Primary CA
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, OU=Novell Products Group, CN=Novell, Inc.
-      ValidFrom: '2010-04-03 00:00:00'
-      ValidTo: '2013-04-26 23:59:59'
-      Signature: 2d2eec4636a0c1f359ef30a107e6c2301ad12c09ab9fdac02211aaef81323d1daee3a14a150bf9f4c7d0d788d5f486ea75e40abeb502a2267171be53030fe7614af7a2015eabd4c26e887ec9220beb3666fc68158d2b8dd659e3fe55245821c10e37ddeebac63eb1848512c64a543a13ba6735b156c6dc13395890e8003e03e7c2613e2c1de1dfadfe072cd7655e3b4166fe973233b4f81ecf810541382d67c92f29d76e220543a7179b606011b932cee250f99f260b29e79236cec10b67e0e0e48cb74593a7ce2e3cfafb6c58ac7ae5c10a591037c380b5f7516cac8f4ec695b020ca2445cb9bf97eb56c09d4a62618871b482ef97c5894349e10f62e2ee68b
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 41ec87c0295f2c734169b8a23c66ac9a
-      Version: 3
-      TBS:
-        MD5: b1504f143b89a6080710bafcededb833
-        SHA1: 5c2696893ebba1e81d918a4fadda143c25c77286
-        SHA256: ae1dc09d08e93ace95fe203adfbfadcd4c029529d3f99ab381c368064b58d9a0
-        SHA384: 18c6db711578cfcd4bce87c63d053e242c7c196efc892c2d4a8733cb75bb7dc3cac3f702e0e1d4b7fa2c590acb53fdee
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 41ec87c0295f2c734169b8a23c66ac9a
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  Imphash: 8b7e7c20da6ca9ac4bdb3927fe2b266a
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 3a5b83215c9ea17f8d3ad3812c30a340
-    SHA1: 533e0690528ff3f0d59edeed9dd53b4f37c0a110
-    SHA256: 1622ac0c618a86be17e0f97daa061f9aaa0e721dc0fd30d76bbc5c958e9a9d92
-  Company: Novell, Inc.
-  Copyright: (C) Copyright 2000-2008, Novell, Inc. All Rights Reserved.
-  CreationTimestamp: '2009-03-27 11:56:49'
-  Description: Novell XTier Session Manager
-  ExportedFunctions:
-  - DllGetClassObject
-  - XTCOM_Table
-  FileVersion: 3.1.6.0
-  Filename: nscm.sys
-  ImportedFunctions:
-  - IoCreateDevice
-  - SeUnregisterLogonSessionTerminatedRoutine
-  - KeInitializeMutex
-  - IoDeleteDevice
-  - SeRegisterLogonSessionTerminatedRoutine
-  - ZwOpenProcessTokenEx
-  - KeReleaseMutex
-  - ZwClose
-  - SeMarkLogonSessionForTerminationNotification
-  - ZwQueryInformationToken
-  - ZwOpenThreadTokenEx
-  - KeBugCheckEx
-  - KeWaitForSingleObject
-  - IoGetCurrentProcess
-  - DbgPrint
-  - NicmCreateInstance
-  - NicmDeregisterClassFactory
-  Imports:
-  - ntoskrnl.exe
-  - nicm.sys
-  InternalName: ''
-  MD5: ba2c0fa201c74621cddd8638497b3c70
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: nscm.sys
-  Product: Novell XTier
-  ProductVersion: 3.1.6
-  RichPEHeaderHash:
-    MD5: 4a07178c85358a7450e421019955ccee
-    SHA1: 0e0b4edfb21b1a41b2f00f341bc1c6de6a650546
-    SHA256: dd7717af9d41e7c2d7c773f3e063d396ad8676b3d940732451acc1fc28ec9989
-  SHA1: 8f540936f2484d020e270e41529624407b7e107e
-  SHA256: 28999af32b55ddb7dcfc26376a244aa2fe297233ce7abe4919a1aef2f7e2cee7
-  Sections:
-    .text:
-      Entropy: 5.981323117886685
-      Virtual Size: '0x4a25'
-    .rdata:
-      Entropy: 5.681127753509768
-      Virtual Size: '0x480'
-    .data:
-      Entropy: 0.8264834692004682
-      Virtual Size: '0x548'
-    .pdata:
-      Entropy: 4.218145333940637
-      Virtual Size: '0x3c0'
-    .edata:
-      Entropy: 3.983850316580165
-      Virtual Size: '0x63'
-    INIT:
-      Entropy: 5.26537545088398
-      Virtual Size: '0x360'
-    .rsrc:
-      Entropy: 3.289150653685818
-      Virtual Size: '0x350'
-    .reloc:
-      Entropy: 1.2454265871243133
-      Virtual Size: '0x3c'
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, OU=Novell Products Group, CN=Novell, Inc.
-      ValidFrom: '2007-04-04 00:00:00'
-      ValidTo: '2010-04-27 23:59:59'
-      Signature: 267f71f6ee43755fd6395f85c34bb15a72a6f2a959c2074627d294395fb1aaa4c7bbeff369d735628b233bde7e5c95a0f1837e5ad03704270834ce9c1b07649a256027930f44e064568666b06e7f9dc3cd299b38b0a6766301200ab58434a05a34a369ab99bbbf2aaa6b3603481e0393a80ea09e78a7cf55317a9590c49887f02e1fd948c3b1f6d203e91782ce423d0569f45e7f074205df5f92be6ccd9836641439af4390022242e0ca84aedb0d71c5a50f2dbd1ed30e5ac9c1bda67c694f94f2fe4aa83945ed32e426afe26f44dcb6dcc8186728f86f1a1bddc1ea7dd82b76578a42d1e63bf5f8f348fbcd509094858978e375d277394529df1dd5d78abab2
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 4808d93b14b8600dbfa18dab5d15310f
-      Version: 3
-      TBS:
-        MD5: adddb65a3a360b3c1a55cb33e426f32a
-        SHA1: 93d9b282265288a94ee4f1a01c5fb3a08badb7ac
-        SHA256: d98d63f26125a94eb767fdd2526f6c74bfb40cb4d117a1d87ca3ed0d99bd6f0b
-        SHA384: cf20d9d6343b52b05ebaeace8a75ad950089e2d55508571cf5b153583fdf2d7b11bc61b8f38bfa70f09b2e7ac63d9ef5
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 4808d93b14b8600dbfa18dab5d15310f
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  Imphash: 7d004bbe0f546a91c93562d324307fa7
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: b546d6b223a9e1a42f8359dbf9d9737c
-    SHA1: 41f6704252efa14de0d72eeaf7475886ba7f3bdc
-    SHA256: 92ca1aec3afc90b44861c2e0be084a3db38d22d52f35e1697643d6477151392f
-  Company: Novell, Inc.
-  Copyright: (C) Copyright 2000-2013, Novell, Inc. All Rights Reserved.
-  CreationTimestamp: '2013-01-15 23:24:57'
-  Description: Novell XTier Session Manager
-  ExportedFunctions:
-  - DllGetClassObject
-  - XTCOM_Table
-  FileVersion: 3.1.11.0
-  Filename: nscm.sys
-  ImportedFunctions:
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - KeInitializeMutex
-  - IoQueueWorkItemEx
-  - IoDeleteDevice
-  - IoFreeWorkItem
-  - RtlEqualUnicodeString
-  - ZwOpenProcessTokenEx
-  - IoAllocateWorkItem
-  - ZwClose
-  - ZwOpenProcess
-  - DbgPrint
-  - PsGetCurrentProcessId
-  - IoCreateDevice
-  - ZwQueryInformationToken
-  - PsSetCreateProcessNotifyRoutine
-  - SeRegisterLogonSessionTerminatedRoutine
-  - SeUnregisterLogonSessionTerminatedRoutine
-  - ZwOpenThreadTokenEx
-  - IoGetCurrentProcess
-  - SeMarkLogonSessionForTerminationNotification
-  - KeBugCheckEx
-  - KeWaitForSingleObject
-  - ZwQueryInformationProcess
-  - KeReleaseMutex
-  - NicmCreateInstance
-  - NicmDeregisterClassFactory
-  Imports:
-  - ntoskrnl.exe
-  - nicm.sys
-  InternalName: ''
-  MD5: 4c76554d9a72653c6156ca0024d21a8e
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: nscm.sys
-  Product: Novell XTier
-  ProductVersion: 3.1.11
-  RichPEHeaderHash:
-    MD5: 0d646b28e804b652211b8f3e0feac906
-    SHA1: 1169ececb349b1d1a50626a2565e85cc6e9049ea
-    SHA256: 097828b6f5705aca00605777868f774f37fd5ecf705e958c6dbdb860c4934be4
-  SHA1: 6d3c760251d6e6ea7ff4f4fcac14876fac829cf9
-  SHA256: 2e665962c827ce0adbd29fe6bcf09bbb1d7a7022075d162ff9b65d0af9794ac0
-  Sections:
-    .text:
-      Entropy: 5.9944111351941185
-      Virtual Size: '0x5736'
-    .rdata:
-      Entropy: 5.542492779395016
-      Virtual Size: '0x570'
-    .data:
-      Entropy: 1.445115035315444
-      Virtual Size: '0x5a8'
-    .pdata:
-      Entropy: 4.268472946152158
-      Virtual Size: '0x42c'
-    .edata:
-      Entropy: 3.9636482963781448
-      Virtual Size: '0x63'
-    INIT:
-      Entropy: 5.429528792402954
-      Virtual Size: '0x4b6'
-    .rsrc:
-      Entropy: 6.472426446171854
-      Virtual Size: '0x14a24'
-    .reloc:
-      Entropy: 5.039009418592025
-      Virtual Size: '0x48'
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Publisher
-      ValidFrom: '2022-01-27 19:31:19'
-      ValidTo: '2023-01-26 19:31:19'
-      Signature: 941777115fcaf24c60c4a8c891758c491887aa5e9f0902a704191e75dd6f99be3d14a24aa35b1f2a1c1c42dde08da3fa75a73edbf7b5ae0fe94b3716e43b838ff30149e19c51b8b87cc53377ae08bfc0f54c7fafa398db43e839de108493510bc34d0fe998a44fcd0a11b0dc0c7315421dac79ab09ca47f847f9fa88e15d57a564f7b074664409c0ce01c697b2dcfd31676fc908fbc6bb928f82170f0b5a54f52f4327797278b78188b87e37b192b493d00eaf661e30f12b9e67fbd1df9cc5843e6a1c68b45d4f62423450cdc990fab2367d7f57719cb8272f59d4f300284a36d88adfc976cb08c6b0da33d5e988be0e1a3cef2a9669b5227a5b8d027f804908
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 330000036ce57eeb5d1cc2be1700000000036c
-      Version: 3
-      TBS:
-        MD5: 7ece739fdaa27d96b67f587db04186a7
-        SHA1: b8701efa0ab12b8fea2293c9cff8772ecca084d0
-        SHA256: c1392bdcbb0b50215fca8c78f25c2d857e515dce06c87ce86527c88c91d5d7e4
-        SHA384: 8d292e8db16824f3ac9d668816c4cf521a9eb251069694c92932683afcaa4e53d5fa3a1f58356749e655299ed83fe191
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Production PCA 2011
-      ValidFrom: '2011-10-19 18:41:42'
-      ValidTo: '2026-10-19 18:51:42'
-      Signature: 14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: '61077656000000000008'
-      Version: 3
-      TBS:
-        MD5: 30a3f0b64324ed7f465e7fc618cb69e7
-        SHA1: 002de3561519b662c5e3f5faba1b92c403fb7c41
-        SHA256: 4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146
-        SHA384: 4f9a02c3eac5e83c38074d54c0bf270e03a1d668e0001c9812c509eb08a19075ee778a7630e65598e4608fc66e2d1c66
-    Signer:
-    - SerialNumber: 330000036ce57eeb5d1cc2be1700000000036c
-      Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Production PCA 2011
-      Version: 1
-  Imphash: 8b7e7c20da6ca9ac4bdb3927fe2b266a
-  LoadsDespiteHVCI: 'TRUE'
-- Authentihash:
-    MD5: 5d62cae57be434a4d56924574498c4f2
-    SHA1: 1a99d3141d75a3ef1998944b2d107089ce3ef6e4
-    SHA256: a363deaf1790e9c0610e07a7203749aab8b60f5ededc944abc0ef3010f5e2105
-  Company: Micro Focus
-  Copyright: (C) Copyright 2000-2017, Micro Focus. All Rights Reserved.
-  CreationTimestamp: '2022-03-03 03:52:58'
-  Description: XTier Security Context Manager
-  ExportedFunctions:
-  - DllGetClassObject
-  - XTCOM_Table
-  FileVersion: 3.1.12.0
-  Filename: nscm.sys
-  ImportedFunctions:
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - KeInitializeMutex
-  - PsLookupProcessByProcessId
-  - IoDeleteDevice
-  - RtlEqualUnicodeString
-  - ZwOpenProcessTokenEx
-  - _vsnwprintf
-  - ZwClose
-  - ZwOpenProcess
-  - ZwQueryInformationProcess
-  - DbgPrint
-  - IoCreateDevice
-  - ZwQueryInformationToken
-  - RtlDeleteRegistryValue
-  - PsSetCreateProcessNotifyRoutine
-  - SeRegisterLogonSessionTerminatedRoutine
-  - SeUnregisterLogonSessionTerminatedRoutine
-  - ZwOpenThreadTokenEx
-  - IoGetCurrentProcess
-  - SeMarkLogonSessionForTerminationNotification
-  - PsGetCurrentProcessId
-  - KeBugCheckEx
-  - KeWaitForSingleObject
-  - ObfDereferenceObject
-  - KeReleaseMutex
-  - NicmCreateInstance
-  - NicmDeregisterClassFactory
-  Imports:
-  - ntoskrnl.exe
-  - nicm.sys
-  InternalName: ''
-  MD5: 5f4a232d92480a1bebbe025ef64dc760
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: nscm.sys
-  Product: Micro Focus XTier
-  ProductVersion: 3.1.12
-  RichPEHeaderHash:
-    MD5: 827395be6a60ed22c16a6eeea1843d8a
-    SHA1: 61171f78fedd9cc13cfa2fad18219d2aaf9ab83f
-    SHA256: d9b5607af39de0f2fc8d411d18fc86f6a1394c2b512b8876caef597f9c56dcad
-  SHA1: 0cb14c1049c0e81c8655ab7ee7d698c11758ea06
-  SHA256: 5351c81b4ec5a0d79c39d24bac7600d10eac30c13546fde43d23636b3f421e7c
-  Sections:
-    .text:
-      Entropy: 6.0164645838764494
-      Virtual Size: '0x5a66'
-    .rdata:
-      Entropy: 5.545815315316552
-      Virtual Size: '0x590'
-    .data:
-      Entropy: 1.445115035315444
-      Virtual Size: '0x5a8'
-    .pdata:
-      Entropy: 4.277709228070346
-      Virtual Size: '0x450'
-    .edata:
-      Entropy: 3.956023170093665
-      Virtual Size: '0x63'
-    INIT:
-      Entropy: 5.349379600291399
-      Virtual Size: '0x4e0'
-    .rsrc:
-      Entropy: 3.2835150258002495
-      Virtual Size: '0x360'
-    .reloc:
-      Entropy: 1.2355823247516717
-      Virtual Size: '0x48'
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Hardware Compatibility Publisher
-      ValidFrom: '2021-09-09 19:15:59'
-      ValidTo: '2022-09-01 19:15:59'
-      Signature: 1757782e797188079911866d54bd474a2432707984658c549a407e7fb4e5efa2ba72367a02b382d2116d4c4538836ddcd4616fcd231229df1ae5d0da6b3abe499ee5d8b47a7919940f6bbcbe2575018dca65eef4913e3d38410f2cd6cca3082d9ba2c061173cd828635665f76e8f0f685e03da24290b9d2cae7039da974de7b7e85798ba64cbe9ba34e0308c3bd6b4d68e9723fde74274fd3806fe799d04d6a3835f82d4fefc52088ccda4b4c817116f2f5a99445a3e952d78bc27753e65e97c6271c71ac7c9e3439b847e8984ab06a5904d150223f9ca92bbda86c02663c3f4964da5e106619b6eaff2768143cce9e5a8b0b2cba90e82cd87866d9fd6499c6cfbc96529a18b5653d12b54a6c928693a4e3d197ffbfcce7ed71a909b18d09b4345b24bc25eb8dfa1821a9cd0971ffc7d38a26580e2f118c4ac55bf926d0666b72ad7ba6ec20f0b54d694bc3b8a0dbddda27bd64194da085319841d1ebc9dc067ef72ea064a475bea865828b13077bc8e14e2f7544b90f0045f3cd84bcc0d5a80645a6fb65528e4f768ec775bdb0225399f3c81c0b667714676d0949f9ffaddc8549dc45e5ce4345c4ea7dc0aff4ac510f5527ad94a2181edc4b73bcfde813a83d81ca897854c98712346001a12e5d3bf9a45c807f9b3c7d3e0bb99c035ea54ee39e2c9af4147dbea7aabec85b47192b945e083ddf6061afb901e83b11135d24e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 330000004de597a775e3157f7b00000000004d
-      Version: 3
-      TBS:
-        MD5: 9f0782e89bd41cdd96ec55357457478a
-        SHA1: 35c2180572baad19019acca1334e6c653699c389
-        SHA256: 50814710213afec410f26e573d25267a2e21d3d15f158be8a43a666c9cc6fa08
-        SHA384: 8d48f066b0284071d64bbc556e018824a8388ccd142a56c7b7b04ef6d27cade07da57ac82d8067e18ad64d35af11e2a7
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2014
-      ValidFrom: '2014-10-15 20:31:27'
-      ValidTo: '2029-10-15 20:41:27'
-      Signature: 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 330000000d690d5d7893d076df00000000000d
-      Version: 3
-      TBS:
-        MD5: 83f69422963f11c3c340b81712eef319
-        SHA1: 0c5e5f24590b53bc291e28583acb78e5adc95601
-        SHA256: d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
-        SHA384: 260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63
-    Signer:
-    - SerialNumber: 330000004de597a775e3157f7b00000000004d
-      Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2014
-      Version: 1
-  Imphash: 01aa65221a48929f0a34a27c4e3011b1
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 3050ced748b80cc81892435fd0868bfc
-    SHA1: 579e23f2b6ce2221ba435abc20801e98ab91a360
-    SHA256: 34f36a59ecf6174eeac15994e54c41fe1e3e3b1eee8ed4c399ec8c63212373d7
-  Company: Novell, Inc.
-  Copyright: (C) Copyright 2000-2011, Novell, Inc. All Rights Reserved.
-  CreationTimestamp: '2011-04-01 19:18:14'
-  Description: Novell XTier Session Manager
-  ExportedFunctions:
-  - DllGetClassObject
-  - XTCOM_Table
-  FileVersion: 3.1.6.0
-  Filename: nscm.sys
-  ImportedFunctions:
-  - IoCreateDevice
-  - SeUnregisterLogonSessionTerminatedRoutine
-  - KeInitializeMutex
-  - IoDeleteDevice
-  - SeRegisterLogonSessionTerminatedRoutine
-  - SeMarkLogonSessionForTerminationNotification
-  - KeReleaseMutex
-  - ZwOpenThreadTokenEx
-  - ZwOpenProcessTokenEx
-  - IoGetCurrentProcess
-  - ZwClose
-  - KeBugCheckEx
-  - KeWaitForSingleObject
-  - ZwQueryInformationToken
-  - DbgPrint
-  - NicmCreateInstance
-  - NicmDeregisterClassFactory
-  Imports:
-  - ntoskrnl.exe
-  - nicm.sys
-  InternalName: ''
-  MD5: f56f30ac68c35dd4680054cdfd8f3f00
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: nscm.sys
-  Product: Novell XTier
-  ProductVersion: 3.1.6
-  RichPEHeaderHash:
-    MD5: 4a07178c85358a7450e421019955ccee
-    SHA1: 0e0b4edfb21b1a41b2f00f341bc1c6de6a650546
-    SHA256: dd7717af9d41e7c2d7c773f3e063d396ad8676b3d940732451acc1fc28ec9989
-  SHA1: fce3a95b222c810c56e7ed5a3d7fb059eb693682
-  SHA256: 8e88cb80328c3dbaa2752591692e74a2fae7e146d7d8aabc9b9ac9a6fe561e6c
-  Sections:
-    .text:
-      Entropy: 5.98589698052852
-      Virtual Size: '0x4c15'
-    .rdata:
-      Entropy: 5.645994240527473
-      Virtual Size: '0x4b8'
-    .data:
-      Entropy: 0.8264834692004682
-      Virtual Size: '0x568'
-    .pdata:
-      Entropy: 4.238276468304064
-      Virtual Size: '0x3d8'
-    .edata:
-      Entropy: 3.956023170093665
-      Virtual Size: '0x63'
-    INIT:
-      Entropy: 5.259964214601351
-      Virtual Size: '0x360'
-    .rsrc:
-      Entropy: 3.287931080812757
-      Virtual Size: '0x350'
-    .reloc:
-      Entropy: 1.2454265871243133
-      Virtual Size: '0x3c'
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, OU=Novell Products Group, CN=Novell, Inc.
-      ValidFrom: '2010-04-03 00:00:00'
-      ValidTo: '2013-04-26 23:59:59'
-      Signature: 2d2eec4636a0c1f359ef30a107e6c2301ad12c09ab9fdac02211aaef81323d1daee3a14a150bf9f4c7d0d788d5f486ea75e40abeb502a2267171be53030fe7614af7a2015eabd4c26e887ec9220beb3666fc68158d2b8dd659e3fe55245821c10e37ddeebac63eb1848512c64a543a13ba6735b156c6dc13395890e8003e03e7c2613e2c1de1dfadfe072cd7655e3b4166fe973233b4f81ecf810541382d67c92f29d76e220543a7179b606011b932cee250f99f260b29e79236cec10b67e0e0e48cb74593a7ce2e3cfafb6c58ac7ae5c10a591037c380b5f7516cac8f4ec695b020ca2445cb9bf97eb56c09d4a62618871b482ef97c5894349e10f62e2ee68b
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 41ec87c0295f2c734169b8a23c66ac9a
-      Version: 3
-      TBS:
-        MD5: b1504f143b89a6080710bafcededb833
-        SHA1: 5c2696893ebba1e81d918a4fadda143c25c77286
-        SHA256: ae1dc09d08e93ace95fe203adfbfadcd4c029529d3f99ab381c368064b58d9a0
-        SHA384: 18c6db711578cfcd4bce87c63d053e242c7c196efc892c2d4a8733cb75bb7dc3cac3f702e0e1d4b7fa2c590acb53fdee
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 41ec87c0295f2c734169b8a23c66ac9a
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  Imphash: b8d0a36d2b14d79dfa08fb2e121f0920
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 7e245f8b1d1bddfd217d1cd060b91657
-    SHA1: 8c89db8dd4d7947cb5eb13c7a12907564576cb91
-    SHA256: 00dfeab446afecac7b44b0b1680d5ca7d421eda243e16db8c08706bb593a8391
-  Company: Novell, Inc.
-  Copyright: (C) Copyright 2000-2008, Novell, Inc. All Rights Reserved.
-  CreationTimestamp: '2009-03-27 11:52:17'
-  Description: Novell XTier Session Manager
-  ExportedFunctions:
-  - DllGetClassObject
-  - XTCOM_Table
-  FileVersion: 3.1.6.0
-  Filename: nscm.sys
-  ImportedFunctions:
-  - IoDeleteDevice
-  - SeUnregisterLogonSessionTerminatedRoutine
-  - SeRegisterLogonSessionTerminatedRoutine
-  - KeInitializeMutex
-  - IoCreateDevice
-  - ZwClose
-  - KeWaitForSingleObject
-  - ZwOpenProcessTokenEx
-  - ZwOpenThreadTokenEx
-  - IoGetCurrentProcess
-  - SeMarkLogonSessionForTerminationNotification
-  - KeTickCount
-  - DbgPrint
-  - ZwQueryInformationToken
-  - KeReleaseMutex
-  - NicmCreateInstance
-  - NicmDeregisterClassFactory
-  Imports:
-  - ntoskrnl.exe
-  - nicm.sys
-  InternalName: ''
-  MD5: a1547e8b2ca0516d0d9191a55b8536c0
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: nscm.sys
-  Product: Novell XTier
-  ProductVersion: 3.1.6
-  RichPEHeaderHash:
-    MD5: e92edbb3d49ed0e7c3de680c901221a8
-    SHA1: 17f6d8284edd12372405ea1e0edb59249d6d2a02
-    SHA256: 94fef4d39e3ffb29a749b7b8511c7ce76b9f824cb724eeef2529476a7b9af465
-  SHA1: 7cd4aea9c1f82111bf7f9d4934be95e9bb6f8ae0
-  SHA256: ce23c2dae4cca4771ea50ec737093dfafac06c64db0f924a1ccbbf687e33f5a2
-  Sections:
-    .text:
-      Entropy: 6.133436661587974
-      Virtual Size: '0x337b'
-    .rdata:
-      Entropy: 5.95443123338063
-      Virtual Size: '0x2cc'
-    .data:
-      Entropy: 0.6992933847552781
-      Virtual Size: '0x294'
-    .edata:
-      Entropy: 3.88787733918592
-      Virtual Size: '0x63'
-    INIT:
-      Entropy: 5.407607088870612
-      Virtual Size: '0x2d6'
-    .rsrc:
-      Entropy: 3.289150653685818
-      Virtual Size: '0x350'
-    .reloc:
-      Entropy: 6.220983522762253
-      Virtual Size: '0x4f2'
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, OU=Novell Products Group, CN=Novell, Inc.
-      ValidFrom: '2007-04-04 00:00:00'
-      ValidTo: '2010-04-27 23:59:59'
-      Signature: 267f71f6ee43755fd6395f85c34bb15a72a6f2a959c2074627d294395fb1aaa4c7bbeff369d735628b233bde7e5c95a0f1837e5ad03704270834ce9c1b07649a256027930f44e064568666b06e7f9dc3cd299b38b0a6766301200ab58434a05a34a369ab99bbbf2aaa6b3603481e0393a80ea09e78a7cf55317a9590c49887f02e1fd948c3b1f6d203e91782ce423d0569f45e7f074205df5f92be6ccd9836641439af4390022242e0ca84aedb0d71c5a50f2dbd1ed30e5ac9c1bda67c694f94f2fe4aa83945ed32e426afe26f44dcb6dcc8186728f86f1a1bddc1ea7dd82b76578a42d1e63bf5f8f348fbcd509094858978e375d277394529df1dd5d78abab2
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 4808d93b14b8600dbfa18dab5d15310f
-      Version: 3
-      TBS:
-        MD5: adddb65a3a360b3c1a55cb33e426f32a
-        SHA1: 93d9b282265288a94ee4f1a01c5fb3a08badb7ac
-        SHA256: d98d63f26125a94eb767fdd2526f6c74bfb40cb4d117a1d87ca3ed0d99bd6f0b
-        SHA384: cf20d9d6343b52b05ebaeace8a75ad950089e2d55508571cf5b153583fdf2d7b11bc61b8f38bfa70f09b2e7ac63d9ef5
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 4808d93b14b8600dbfa18dab5d15310f
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  Imphash: 65181bc89a1c2b5854548236269846c1
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 32265ccdfe3d7f66269cbee0d5555e5b
-    SHA1: 72e5f5f6f266410d827fef10dc82c7ec8541e036
-    SHA256: 253ed7f5c7115e957dfdb1f5c6c51592b491a70b27787903c8fd848e45b9cf22
-  Company: Novell, Inc.
-  Copyright: (C) Copyright 2000-2013, Novell, Inc. All Rights Reserved.
-  CreationTimestamp: '2013-01-15 23:24:57'
-  Description: Novell XTier Session Manager
-  ExportedFunctions:
-  - DllGetClassObject
-  - XTCOM_Table
-  FileVersion: 3.1.11.0
-  Filename: nscm.sys
-  ImportedFunctions:
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - KeInitializeMutex
-  - IoQueueWorkItemEx
-  - IoDeleteDevice
-  - IoFreeWorkItem
-  - RtlEqualUnicodeString
-  - ZwOpenProcessTokenEx
-  - IoAllocateWorkItem
-  - ZwClose
-  - ZwOpenProcess
-  - DbgPrint
-  - PsGetCurrentProcessId
-  - IoCreateDevice
-  - ZwQueryInformationToken
-  - PsSetCreateProcessNotifyRoutine
-  - SeRegisterLogonSessionTerminatedRoutine
-  - SeUnregisterLogonSessionTerminatedRoutine
-  - ZwOpenThreadTokenEx
-  - IoGetCurrentProcess
-  - SeMarkLogonSessionForTerminationNotification
-  - KeBugCheckEx
-  - KeWaitForSingleObject
-  - ZwQueryInformationProcess
-  - KeReleaseMutex
-  - NicmCreateInstance
-  - NicmDeregisterClassFactory
-  Imports:
-  - ntoskrnl.exe
-  - nicm.sys
-  InternalName: ''
-  MD5: bd5d4d07ae09e9f418d6b4ac6d9f2ed5
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: nscm.sys
-  Product: Novell XTier
-  ProductVersion: 3.1.11
-  RichPEHeaderHash:
-    MD5: 0d646b28e804b652211b8f3e0feac906
-    SHA1: 1169ececb349b1d1a50626a2565e85cc6e9049ea
-    SHA256: 097828b6f5705aca00605777868f774f37fd5ecf705e958c6dbdb860c4934be4
-  SHA1: d61acd857242185a56e101642d15b9b5f0558c26
-  SHA256: fb81b5f8bf69637dbdf050181499088a67d24577587bc520de94b5ee8996240f
-  Sections:
-    .text:
-      Entropy: 5.9944111351941185
-      Virtual Size: '0x5736'
-    .rdata:
-      Entropy: 5.542492779395016
-      Virtual Size: '0x570'
-    .data:
-      Entropy: 1.445115035315444
-      Virtual Size: '0x5a8'
-    .pdata:
-      Entropy: 4.268472946152158
-      Virtual Size: '0x42c'
-    .edata:
-      Entropy: 3.9636482963781448
-      Virtual Size: '0x63'
-    INIT:
-      Entropy: 5.324738401510091
-      Virtual Size: '0x4b6'
-    .rsrc:
-      Entropy: 3.275995301680775
-      Virtual Size: '0x358'
-    .reloc:
-      Entropy: 1.2355823247516717
-      Virtual Size: '0x48'
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Corporation
-      ValidFrom: '2021-09-02 18:32:59'
-      ValidTo: '2022-09-01 18:32:59'
-      Signature: 164937b92c644c4061d4db4097b062bc812c0167605f5a99f847593186d029ab18e888522d744cc45d41dce29d47d2bf91c72992f35c1a5f03ed8c984b89a109430147e54bae0ddff0f523dfc03d5796a2636fc9a24ed66453809a33d134d1a7c9e83b974953893845a84fb668eb3afa179e82a01d7a51a03492911cb591ba118ab8b230e65920c7d2b2f90bd9ae7fc3762f2e4c88162a9f8c186f3163a3c1bef8e0b7d8d04a19673eb677518f01bf0cbaaf29e15c1695d15d134cbd20131ede87f2b5a3c3226abbbab3fec5caa38b7944b8bd31e1f538012f90edc4262ead76d2055b4bd458f8e3e39dffa7260bd9a6bebb62c86ef4f58dd177761d263d9fdc626aed8eca756ab441885ab4a8417a0e1fc63860d32badda0e9a3359b18cd3eb138f33e87582346bbd80c2b966e765751c386b8e59d3a02892da1fd02a8ec9312bbead188e81385e96b4fbced3fcf5545cda9fed8faa494efef4bb4b42e318478c377123e3b8dbacbcb7fd8019dc87946a33b91a0ed6160e02f2078d847ecc5e32ac0a5b003e4d58b41eb591a9f4b1da895b139ea125c1243233922b3dec46eba91425f752ba3261fe762feda2553add6bc5d67ac3c6eb63279f74fc02e2dfcde245b806df392111c7b20564ef7650fa17135b848cbe6c925d724d907732e6e0380e05f0aa11361be21401124fe9c6f1cf2e22c6d979bd3c49e61032a8d51269
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 33000002528b33aaf895f339db000000000252
-      Version: 3
-      TBS:
-        MD5: 92b6022918bc02eb361b8a02fb1da57d
-        SHA1: 8ceb945fac0f6d623d464e21740ae6eb60351652
-        SHA256: c1446860a1cd9db490d3ea85e9df05df44af8d44e2bb803a2a2018f3b6c41bcb
-        SHA384: 322ed1a62a9f2ed7c7f601e99a8db15371e3ba1039a73c81801165ea987679023bc36f8c357f74354dce65532b71be3c
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Code Signing PCA 2011
-      ValidFrom: '2011-07-08 20:59:09'
-      ValidTo: '2026-07-08 21:09:09'
-      Signature: 67f286a598e054791a2ed3d87467229b0b9611e163929942967dd2790c90c1655f2e2c3ef8c372d16d83febe3fe80aca3bbf47a9a3f369db63bf2235a5975d6584907d8b465055d80c927cd21a4b1cf33c428b52d0b0fd6be33e072e299be63d1ba5d4b51d779439e2e964c9443d787a23f3137da69074838df4cb2602462ac28a10bba4a9050c9bed68fa682e95a02a3f2a6b5849631f09696e5a9896e483f4c08ff3462bdefc3bd0bd35ef6e25aee5af27edd0ddf30eaf992897984d0e3d0bf20889d61fc33218e2f0c52dce5b9eb449390ac60ac2c6adaee5b2d9db1588514558383271271a7fb1f427f8de2c3a206998b25989686e6fa7b774c3400506a6012a283e823f134d660bc0b34df5e18f7f1c6f157d45a776e5402a65a3c35d526286c31d63369786dfdaf3f8f216a19a27e1cda597d0ee5d6341e35b079c873e067706d106b1751f14be6161b5f0dcc61b04bedf41c70e28eede652fec97f6a15c96d800d6a146bd59f397a5094b481099801fd00029c5b19ba53f45771e35c6d2a2a29f7a7a22fa48951fabfb472380f59ef8bf6bb74b97e2eb75781aecea379979184bffd6b3236875e6affafc8beb0b80ea693baffc30ed044c8edfdf756d63913dd19d564e4fbf805722a1781132217aef410ab13ffba8cca45dc1a1889b5771564e4845c042c99b765b0a80486bfd799fc1bd6d6d6ac95273130d7a50cd
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 610e90d2000000000003
-      Version: 3
-      TBS:
-        MD5: b4ec95434f1d45b8055077cf90540a5f
-        SHA1: 71f74db41d045d6eaf81a849bbb3e21544edcff4
-        SHA256: f6f717a43ad9abddc8cefdde1c505462535e7d1307e630f9544a2d14fe8bf26e
-        SHA384: 25cbac323e740588a1ea3ca39ea907647440884ad75fc4bd99be6c82202aba42e95049fa7b66884977e60b819b21a2a5
-    Signer:
-    - SerialNumber: 33000002528b33aaf895f339db000000000252
-      Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Code Signing PCA 2011
-      Version: 1
-  Imphash: 8b7e7c20da6ca9ac4bdb3927fe2b266a
-  LoadsDespiteHVCI: 'TRUE'
-- Authentihash:
-    MD5: 0d1a4e506e7c928f1683a9cf38eb0835
-    SHA1: 50471608c91621cb84ba646974311da0abf6b3e9
-    SHA256: 0e291148da43ea6a491b8b94bdf573365087940c9b90f6a15a4e589da86a518d
-  Company: Novell, Inc.
-  Copyright: (C) Copyright 2000-2013, Novell, Inc. All Rights Reserved.
-  CreationTimestamp: '2013-01-15 23:24:57'
-  Date: ''
-  Description: Novell XTier Session Manager
-  ExportedFunctions:
-  - DllGetClassObject
-  - XTCOM_Table
-  FileVersion: 3.1.11.0
-  Filename: nscm.sys
-  ImportedFunctions:
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - KeInitializeMutex
-  - IoQueueWorkItemEx
-  - IoDeleteDevice
-  - IoFreeWorkItem
-  - RtlEqualUnicodeString
-  - ZwOpenProcessTokenEx
-  - IoAllocateWorkItem
-  - ZwClose
-  - ZwOpenProcess
-  - DbgPrint
-  - PsGetCurrentProcessId
-  - IoCreateDevice
-  - ZwQueryInformationToken
-  - PsSetCreateProcessNotifyRoutine
-  - SeRegisterLogonSessionTerminatedRoutine
-  - SeUnregisterLogonSessionTerminatedRoutine
-  - ZwOpenThreadTokenEx
-  - IoGetCurrentProcess
-  - SeMarkLogonSessionForTerminationNotification
-  - KeBugCheckEx
-  - KeWaitForSingleObject
-  - ZwQueryInformationProcess
-  - KeReleaseMutex
-  - NicmCreateInstance
-  - NicmDeregisterClassFactory
-  Imports:
-  - ntoskrnl.exe
-  - nicm.sys
-  InternalName: ''
-  MD5: 4a23e0f2c6f926a41b28d574cbc6ac30
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: nscm.sys
-  Product: Novell XTier
-  ProductVersion: 3.1.11
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 0d646b28e804b652211b8f3e0feac906
-    SHA1: 1169ececb349b1d1a50626a2565e85cc6e9049ea
-    SHA256: 097828b6f5705aca00605777868f774f37fd5ecf705e958c6dbdb860c4934be4
-  SHA1: 64e4ac8b9ea2f050933b7ec76a55dd04e97773b4
-  SHA256: 76660e91f1ff3cb89630df5af4fe09de6098d09baa66b1a130c89c3c5edd5b22
-  Sections:
-    .text:
-      Entropy: 5.9944111351941185
-      Virtual Size: '0x5736'
-    .rdata:
-      Entropy: 5.542492779395016
-      Virtual Size: '0x570'
-    .data:
-      Entropy: 1.445115035315444
-      Virtual Size: '0x5a8'
-    .pdata:
-      Entropy: 4.268472946152158
-      Virtual Size: '0x42c'
-    .edata:
-      Entropy: 3.9636482963781448
-      Virtual Size: '0x63'
-    INIT:
-      Entropy: 5.324738401510091
-      Virtual Size: '0x4b6'
-    .rsrc:
-      Entropy: 3.275995301680775
-      Virtual Size: '0x358'
-    .reloc:
-      Entropy: 1.2355823247516717
-      Virtual Size: '0x48'
-  Signature:
-  - Novell, Inc.
-  - VeriSign Class 3 Code Signing 2009-2 CA
-  - VeriSign Class 3 Public Primary CA
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, OU=Novell Products Group, CN=Novell, Inc.
-      ValidFrom: '2010-04-03 00:00:00'
-      ValidTo: '2013-04-26 23:59:59'
-      Signature: 2d2eec4636a0c1f359ef30a107e6c2301ad12c09ab9fdac02211aaef81323d1daee3a14a150bf9f4c7d0d788d5f486ea75e40abeb502a2267171be53030fe7614af7a2015eabd4c26e887ec9220beb3666fc68158d2b8dd659e3fe55245821c10e37ddeebac63eb1848512c64a543a13ba6735b156c6dc13395890e8003e03e7c2613e2c1de1dfadfe072cd7655e3b4166fe973233b4f81ecf810541382d67c92f29d76e220543a7179b606011b932cee250f99f260b29e79236cec10b67e0e0e48cb74593a7ce2e3cfafb6c58ac7ae5c10a591037c380b5f7516cac8f4ec695b020ca2445cb9bf97eb56c09d4a62618871b482ef97c5894349e10f62e2ee68b
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 41ec87c0295f2c734169b8a23c66ac9a
-      Version: 3
-      TBS:
-        MD5: b1504f143b89a6080710bafcededb833
-        SHA1: 5c2696893ebba1e81d918a4fadda143c25c77286
-        SHA256: ae1dc09d08e93ace95fe203adfbfadcd4c029529d3f99ab381c368064b58d9a0
-        SHA384: 18c6db711578cfcd4bce87c63d053e242c7c196efc892c2d4a8733cb75bb7dc3cac3f702e0e1d4b7fa2c590acb53fdee
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 41ec87c0295f2c734169b8a23c66ac9a
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  Imphash: 8b7e7c20da6ca9ac4bdb3927fe2b266a
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 3a5b83215c9ea17f8d3ad3812c30a340
-    SHA1: 533e0690528ff3f0d59edeed9dd53b4f37c0a110
-    SHA256: 1622ac0c618a86be17e0f97daa061f9aaa0e721dc0fd30d76bbc5c958e9a9d92
-  Company: Novell, Inc.
-  Copyright: (C) Copyright 2000-2008, Novell, Inc. All Rights Reserved.
-  CreationTimestamp: '2009-03-27 11:56:49'
-  Description: Novell XTier Session Manager
-  ExportedFunctions:
-  - DllGetClassObject
-  - XTCOM_Table
-  FileVersion: 3.1.6.0
-  Filename: nscm.sys
-  ImportedFunctions:
-  - IoCreateDevice
-  - SeUnregisterLogonSessionTerminatedRoutine
-  - KeInitializeMutex
-  - IoDeleteDevice
-  - SeRegisterLogonSessionTerminatedRoutine
-  - ZwOpenProcessTokenEx
-  - KeReleaseMutex
-  - ZwClose
-  - SeMarkLogonSessionForTerminationNotification
-  - ZwQueryInformationToken
-  - ZwOpenThreadTokenEx
-  - KeBugCheckEx
-  - KeWaitForSingleObject
-  - IoGetCurrentProcess
-  - DbgPrint
-  - NicmCreateInstance
-  - NicmDeregisterClassFactory
-  Imports:
-  - ntoskrnl.exe
-  - nicm.sys
-  InternalName: ''
-  MD5: ba2c0fa201c74621cddd8638497b3c70
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: nscm.sys
-  Product: Novell XTier
-  ProductVersion: 3.1.6
-  RichPEHeaderHash:
-    MD5: 4a07178c85358a7450e421019955ccee
-    SHA1: 0e0b4edfb21b1a41b2f00f341bc1c6de6a650546
-    SHA256: dd7717af9d41e7c2d7c773f3e063d396ad8676b3d940732451acc1fc28ec9989
-  SHA1: 8f540936f2484d020e270e41529624407b7e107e
-  SHA256: 28999af32b55ddb7dcfc26376a244aa2fe297233ce7abe4919a1aef2f7e2cee7
-  Sections:
-    .text:
-      Entropy: 5.981323117886685
-      Virtual Size: '0x4a25'
-    .rdata:
-      Entropy: 5.681127753509768
-      Virtual Size: '0x480'
-    .data:
-      Entropy: 0.8264834692004682
-      Virtual Size: '0x548'
-    .pdata:
-      Entropy: 4.218145333940637
-      Virtual Size: '0x3c0'
-    .edata:
-      Entropy: 3.983850316580165
-      Virtual Size: '0x63'
-    INIT:
-      Entropy: 5.26537545088398
-      Virtual Size: '0x360'
-    .rsrc:
-      Entropy: 3.289150653685818
-      Virtual Size: '0x350'
-    .reloc:
-      Entropy: 1.2454265871243133
-      Virtual Size: '0x3c'
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, OU=Novell Products Group, CN=Novell, Inc.
-      ValidFrom: '2007-04-04 00:00:00'
-      ValidTo: '2010-04-27 23:59:59'
-      Signature: 267f71f6ee43755fd6395f85c34bb15a72a6f2a959c2074627d294395fb1aaa4c7bbeff369d735628b233bde7e5c95a0f1837e5ad03704270834ce9c1b07649a256027930f44e064568666b06e7f9dc3cd299b38b0a6766301200ab58434a05a34a369ab99bbbf2aaa6b3603481e0393a80ea09e78a7cf55317a9590c49887f02e1fd948c3b1f6d203e91782ce423d0569f45e7f074205df5f92be6ccd9836641439af4390022242e0ca84aedb0d71c5a50f2dbd1ed30e5ac9c1bda67c694f94f2fe4aa83945ed32e426afe26f44dcb6dcc8186728f86f1a1bddc1ea7dd82b76578a42d1e63bf5f8f348fbcd509094858978e375d277394529df1dd5d78abab2
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 4808d93b14b8600dbfa18dab5d15310f
-      Version: 3
-      TBS:
-        MD5: adddb65a3a360b3c1a55cb33e426f32a
-        SHA1: 93d9b282265288a94ee4f1a01c5fb3a08badb7ac
-        SHA256: d98d63f26125a94eb767fdd2526f6c74bfb40cb4d117a1d87ca3ed0d99bd6f0b
-        SHA384: cf20d9d6343b52b05ebaeace8a75ad950089e2d55508571cf5b153583fdf2d7b11bc61b8f38bfa70f09b2e7ac63d9ef5
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 4808d93b14b8600dbfa18dab5d15310f
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  Imphash: 7d004bbe0f546a91c93562d324307fa7
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: b546d6b223a9e1a42f8359dbf9d9737c
-    SHA1: 41f6704252efa14de0d72eeaf7475886ba7f3bdc
-    SHA256: 92ca1aec3afc90b44861c2e0be084a3db38d22d52f35e1697643d6477151392f
-  Company: Novell, Inc.
-  Copyright: (C) Copyright 2000-2013, Novell, Inc. All Rights Reserved.
-  CreationTimestamp: '2013-01-15 23:24:57'
-  Description: Novell XTier Session Manager
-  ExportedFunctions:
-  - DllGetClassObject
-  - XTCOM_Table
-  FileVersion: 3.1.11.0
-  Filename: nscm.sys
-  ImportedFunctions:
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - KeInitializeMutex
-  - IoQueueWorkItemEx
-  - IoDeleteDevice
-  - IoFreeWorkItem
-  - RtlEqualUnicodeString
-  - ZwOpenProcessTokenEx
-  - IoAllocateWorkItem
-  - ZwClose
-  - ZwOpenProcess
-  - DbgPrint
-  - PsGetCurrentProcessId
-  - IoCreateDevice
-  - ZwQueryInformationToken
-  - PsSetCreateProcessNotifyRoutine
-  - SeRegisterLogonSessionTerminatedRoutine
-  - SeUnregisterLogonSessionTerminatedRoutine
-  - ZwOpenThreadTokenEx
-  - IoGetCurrentProcess
-  - SeMarkLogonSessionForTerminationNotification
-  - KeBugCheckEx
-  - KeWaitForSingleObject
-  - ZwQueryInformationProcess
-  - KeReleaseMutex
-  - NicmCreateInstance
-  - NicmDeregisterClassFactory
-  Imports:
-  - ntoskrnl.exe
-  - nicm.sys
-  InternalName: ''
-  MD5: 4c76554d9a72653c6156ca0024d21a8e
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: nscm.sys
-  Product: Novell XTier
-  ProductVersion: 3.1.11
-  RichPEHeaderHash:
-    MD5: 0d646b28e804b652211b8f3e0feac906
-    SHA1: 1169ececb349b1d1a50626a2565e85cc6e9049ea
-    SHA256: 097828b6f5705aca00605777868f774f37fd5ecf705e958c6dbdb860c4934be4
-  SHA1: 6d3c760251d6e6ea7ff4f4fcac14876fac829cf9
-  SHA256: 2e665962c827ce0adbd29fe6bcf09bbb1d7a7022075d162ff9b65d0af9794ac0
-  Sections:
-    .text:
-      Entropy: 5.9944111351941185
-      Virtual Size: '0x5736'
-    .rdata:
-      Entropy: 5.542492779395016
-      Virtual Size: '0x570'
-    .data:
-      Entropy: 1.445115035315444
-      Virtual Size: '0x5a8'
-    .pdata:
-      Entropy: 4.268472946152158
-      Virtual Size: '0x42c'
-    .edata:
-      Entropy: 3.9636482963781448
-      Virtual Size: '0x63'
-    INIT:
-      Entropy: 5.429528792402954
-      Virtual Size: '0x4b6'
-    .rsrc:
-      Entropy: 6.472426446171854
-      Virtual Size: '0x14a24'
-    .reloc:
-      Entropy: 5.039009418592025
-      Virtual Size: '0x48'
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Publisher
-      ValidFrom: '2022-01-27 19:31:19'
-      ValidTo: '2023-01-26 19:31:19'
-      Signature: 941777115fcaf24c60c4a8c891758c491887aa5e9f0902a704191e75dd6f99be3d14a24aa35b1f2a1c1c42dde08da3fa75a73edbf7b5ae0fe94b3716e43b838ff30149e19c51b8b87cc53377ae08bfc0f54c7fafa398db43e839de108493510bc34d0fe998a44fcd0a11b0dc0c7315421dac79ab09ca47f847f9fa88e15d57a564f7b074664409c0ce01c697b2dcfd31676fc908fbc6bb928f82170f0b5a54f52f4327797278b78188b87e37b192b493d00eaf661e30f12b9e67fbd1df9cc5843e6a1c68b45d4f62423450cdc990fab2367d7f57719cb8272f59d4f300284a36d88adfc976cb08c6b0da33d5e988be0e1a3cef2a9669b5227a5b8d027f804908
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 330000036ce57eeb5d1cc2be1700000000036c
-      Version: 3
-      TBS:
-        MD5: 7ece739fdaa27d96b67f587db04186a7
-        SHA1: b8701efa0ab12b8fea2293c9cff8772ecca084d0
-        SHA256: c1392bdcbb0b50215fca8c78f25c2d857e515dce06c87ce86527c88c91d5d7e4
-        SHA384: 8d292e8db16824f3ac9d668816c4cf521a9eb251069694c92932683afcaa4e53d5fa3a1f58356749e655299ed83fe191
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Production PCA 2011
-      ValidFrom: '2011-10-19 18:41:42'
-      ValidTo: '2026-10-19 18:51:42'
-      Signature: 14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: '61077656000000000008'
-      Version: 3
-      TBS:
-        MD5: 30a3f0b64324ed7f465e7fc618cb69e7
-        SHA1: 002de3561519b662c5e3f5faba1b92c403fb7c41
-        SHA256: 4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146
-        SHA384: 4f9a02c3eac5e83c38074d54c0bf270e03a1d668e0001c9812c509eb08a19075ee778a7630e65598e4608fc66e2d1c66
-    Signer:
-    - SerialNumber: 330000036ce57eeb5d1cc2be1700000000036c
-      Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Production PCA 2011
-      Version: 1
-  Imphash: 8b7e7c20da6ca9ac4bdb3927fe2b266a
-  LoadsDespiteHVCI: 'TRUE'
-- Authentihash:
-    MD5: 5d62cae57be434a4d56924574498c4f2
-    SHA1: 1a99d3141d75a3ef1998944b2d107089ce3ef6e4
-    SHA256: a363deaf1790e9c0610e07a7203749aab8b60f5ededc944abc0ef3010f5e2105
-  Company: Micro Focus
-  Copyright: (C) Copyright 2000-2017, Micro Focus. All Rights Reserved.
-  CreationTimestamp: '2022-03-03 03:52:58'
-  Description: XTier Security Context Manager
-  ExportedFunctions:
-  - DllGetClassObject
-  - XTCOM_Table
-  FileVersion: 3.1.12.0
-  Filename: nscm.sys
-  ImportedFunctions:
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - KeInitializeMutex
-  - PsLookupProcessByProcessId
-  - IoDeleteDevice
-  - RtlEqualUnicodeString
-  - ZwOpenProcessTokenEx
-  - _vsnwprintf
-  - ZwClose
-  - ZwOpenProcess
-  - ZwQueryInformationProcess
-  - DbgPrint
-  - IoCreateDevice
-  - ZwQueryInformationToken
-  - RtlDeleteRegistryValue
-  - PsSetCreateProcessNotifyRoutine
-  - SeRegisterLogonSessionTerminatedRoutine
-  - SeUnregisterLogonSessionTerminatedRoutine
-  - ZwOpenThreadTokenEx
-  - IoGetCurrentProcess
-  - SeMarkLogonSessionForTerminationNotification
-  - PsGetCurrentProcessId
-  - KeBugCheckEx
-  - KeWaitForSingleObject
-  - ObfDereferenceObject
-  - KeReleaseMutex
-  - NicmCreateInstance
-  - NicmDeregisterClassFactory
-  Imports:
-  - ntoskrnl.exe
-  - nicm.sys
-  InternalName: ''
-  MD5: 5f4a232d92480a1bebbe025ef64dc760
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: nscm.sys
-  Product: Micro Focus XTier
-  ProductVersion: 3.1.12
-  RichPEHeaderHash:
-    MD5: 827395be6a60ed22c16a6eeea1843d8a
-    SHA1: 61171f78fedd9cc13cfa2fad18219d2aaf9ab83f
-    SHA256: d9b5607af39de0f2fc8d411d18fc86f6a1394c2b512b8876caef597f9c56dcad
-  SHA1: 0cb14c1049c0e81c8655ab7ee7d698c11758ea06
-  SHA256: 5351c81b4ec5a0d79c39d24bac7600d10eac30c13546fde43d23636b3f421e7c
-  Sections:
-    .text:
-      Entropy: 6.0164645838764494
-      Virtual Size: '0x5a66'
-    .rdata:
-      Entropy: 5.545815315316552
-      Virtual Size: '0x590'
-    .data:
-      Entropy: 1.445115035315444
-      Virtual Size: '0x5a8'
-    .pdata:
-      Entropy: 4.277709228070346
-      Virtual Size: '0x450'
-    .edata:
-      Entropy: 3.956023170093665
-      Virtual Size: '0x63'
-    INIT:
-      Entropy: 5.349379600291399
-      Virtual Size: '0x4e0'
-    .rsrc:
-      Entropy: 3.2835150258002495
-      Virtual Size: '0x360'
-    .reloc:
-      Entropy: 1.2355823247516717
-      Virtual Size: '0x48'
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Hardware Compatibility Publisher
-      ValidFrom: '2021-09-09 19:15:59'
-      ValidTo: '2022-09-01 19:15:59'
-      Signature: 1757782e797188079911866d54bd474a2432707984658c549a407e7fb4e5efa2ba72367a02b382d2116d4c4538836ddcd4616fcd231229df1ae5d0da6b3abe499ee5d8b47a7919940f6bbcbe2575018dca65eef4913e3d38410f2cd6cca3082d9ba2c061173cd828635665f76e8f0f685e03da24290b9d2cae7039da974de7b7e85798ba64cbe9ba34e0308c3bd6b4d68e9723fde74274fd3806fe799d04d6a3835f82d4fefc52088ccda4b4c817116f2f5a99445a3e952d78bc27753e65e97c6271c71ac7c9e3439b847e8984ab06a5904d150223f9ca92bbda86c02663c3f4964da5e106619b6eaff2768143cce9e5a8b0b2cba90e82cd87866d9fd6499c6cfbc96529a18b5653d12b54a6c928693a4e3d197ffbfcce7ed71a909b18d09b4345b24bc25eb8dfa1821a9cd0971ffc7d38a26580e2f118c4ac55bf926d0666b72ad7ba6ec20f0b54d694bc3b8a0dbddda27bd64194da085319841d1ebc9dc067ef72ea064a475bea865828b13077bc8e14e2f7544b90f0045f3cd84bcc0d5a80645a6fb65528e4f768ec775bdb0225399f3c81c0b667714676d0949f9ffaddc8549dc45e5ce4345c4ea7dc0aff4ac510f5527ad94a2181edc4b73bcfde813a83d81ca897854c98712346001a12e5d3bf9a45c807f9b3c7d3e0bb99c035ea54ee39e2c9af4147dbea7aabec85b47192b945e083ddf6061afb901e83b11135d24e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 330000004de597a775e3157f7b00000000004d
-      Version: 3
-      TBS:
-        MD5: 9f0782e89bd41cdd96ec55357457478a
-        SHA1: 35c2180572baad19019acca1334e6c653699c389
-        SHA256: 50814710213afec410f26e573d25267a2e21d3d15f158be8a43a666c9cc6fa08
-        SHA384: 8d48f066b0284071d64bbc556e018824a8388ccd142a56c7b7b04ef6d27cade07da57ac82d8067e18ad64d35af11e2a7
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2014
-      ValidFrom: '2014-10-15 20:31:27'
-      ValidTo: '2029-10-15 20:41:27'
-      Signature: 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 330000000d690d5d7893d076df00000000000d
-      Version: 3
-      TBS:
-        MD5: 83f69422963f11c3c340b81712eef319
-        SHA1: 0c5e5f24590b53bc291e28583acb78e5adc95601
-        SHA256: d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
-        SHA384: 260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63
-    Signer:
-    - SerialNumber: 330000004de597a775e3157f7b00000000004d
-      Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2014
-      Version: 1
-  Imphash: 01aa65221a48929f0a34a27c4e3011b1
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 3050ced748b80cc81892435fd0868bfc
-    SHA1: 579e23f2b6ce2221ba435abc20801e98ab91a360
-    SHA256: 34f36a59ecf6174eeac15994e54c41fe1e3e3b1eee8ed4c399ec8c63212373d7
-  Company: Novell, Inc.
-  Copyright: (C) Copyright 2000-2011, Novell, Inc. All Rights Reserved.
-  CreationTimestamp: '2011-04-01 19:18:14'
-  Description: Novell XTier Session Manager
-  ExportedFunctions:
-  - DllGetClassObject
-  - XTCOM_Table
-  FileVersion: 3.1.6.0
-  Filename: nscm.sys
-  ImportedFunctions:
-  - IoCreateDevice
-  - SeUnregisterLogonSessionTerminatedRoutine
-  - KeInitializeMutex
-  - IoDeleteDevice
-  - SeRegisterLogonSessionTerminatedRoutine
-  - SeMarkLogonSessionForTerminationNotification
-  - KeReleaseMutex
-  - ZwOpenThreadTokenEx
-  - ZwOpenProcessTokenEx
-  - IoGetCurrentProcess
-  - ZwClose
-  - KeBugCheckEx
-  - KeWaitForSingleObject
-  - ZwQueryInformationToken
-  - DbgPrint
-  - NicmCreateInstance
-  - NicmDeregisterClassFactory
-  Imports:
-  - ntoskrnl.exe
-  - nicm.sys
-  InternalName: ''
-  MD5: f56f30ac68c35dd4680054cdfd8f3f00
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: nscm.sys
-  Product: Novell XTier
-  ProductVersion: 3.1.6
-  RichPEHeaderHash:
-    MD5: 4a07178c85358a7450e421019955ccee
-    SHA1: 0e0b4edfb21b1a41b2f00f341bc1c6de6a650546
-    SHA256: dd7717af9d41e7c2d7c773f3e063d396ad8676b3d940732451acc1fc28ec9989
-  SHA1: fce3a95b222c810c56e7ed5a3d7fb059eb693682
-  SHA256: 8e88cb80328c3dbaa2752591692e74a2fae7e146d7d8aabc9b9ac9a6fe561e6c
-  Sections:
-    .text:
-      Entropy: 5.98589698052852
-      Virtual Size: '0x4c15'
-    .rdata:
-      Entropy: 5.645994240527473
-      Virtual Size: '0x4b8'
-    .data:
-      Entropy: 0.8264834692004682
-      Virtual Size: '0x568'
-    .pdata:
-      Entropy: 4.238276468304064
-      Virtual Size: '0x3d8'
-    .edata:
-      Entropy: 3.956023170093665
-      Virtual Size: '0x63'
-    INIT:
-      Entropy: 5.259964214601351
-      Virtual Size: '0x360'
-    .rsrc:
-      Entropy: 3.287931080812757
-      Virtual Size: '0x350'
-    .reloc:
-      Entropy: 1.2454265871243133
-      Virtual Size: '0x3c'
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, OU=Novell Products Group, CN=Novell, Inc.
-      ValidFrom: '2010-04-03 00:00:00'
-      ValidTo: '2013-04-26 23:59:59'
-      Signature: 2d2eec4636a0c1f359ef30a107e6c2301ad12c09ab9fdac02211aaef81323d1daee3a14a150bf9f4c7d0d788d5f486ea75e40abeb502a2267171be53030fe7614af7a2015eabd4c26e887ec9220beb3666fc68158d2b8dd659e3fe55245821c10e37ddeebac63eb1848512c64a543a13ba6735b156c6dc13395890e8003e03e7c2613e2c1de1dfadfe072cd7655e3b4166fe973233b4f81ecf810541382d67c92f29d76e220543a7179b606011b932cee250f99f260b29e79236cec10b67e0e0e48cb74593a7ce2e3cfafb6c58ac7ae5c10a591037c380b5f7516cac8f4ec695b020ca2445cb9bf97eb56c09d4a62618871b482ef97c5894349e10f62e2ee68b
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 41ec87c0295f2c734169b8a23c66ac9a
-      Version: 3
-      TBS:
-        MD5: b1504f143b89a6080710bafcededb833
-        SHA1: 5c2696893ebba1e81d918a4fadda143c25c77286
-        SHA256: ae1dc09d08e93ace95fe203adfbfadcd4c029529d3f99ab381c368064b58d9a0
-        SHA384: 18c6db711578cfcd4bce87c63d053e242c7c196efc892c2d4a8733cb75bb7dc3cac3f702e0e1d4b7fa2c590acb53fdee
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 41ec87c0295f2c734169b8a23c66ac9a
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  Imphash: b8d0a36d2b14d79dfa08fb2e121f0920
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 7e245f8b1d1bddfd217d1cd060b91657
-    SHA1: 8c89db8dd4d7947cb5eb13c7a12907564576cb91
-    SHA256: 00dfeab446afecac7b44b0b1680d5ca7d421eda243e16db8c08706bb593a8391
-  Company: Novell, Inc.
-  Copyright: (C) Copyright 2000-2008, Novell, Inc. All Rights Reserved.
-  CreationTimestamp: '2009-03-27 11:52:17'
-  Description: Novell XTier Session Manager
-  ExportedFunctions:
-  - DllGetClassObject
-  - XTCOM_Table
-  FileVersion: 3.1.6.0
-  Filename: nscm.sys
-  ImportedFunctions:
-  - IoDeleteDevice
-  - SeUnregisterLogonSessionTerminatedRoutine
-  - SeRegisterLogonSessionTerminatedRoutine
-  - KeInitializeMutex
-  - IoCreateDevice
-  - ZwClose
-  - KeWaitForSingleObject
-  - ZwOpenProcessTokenEx
-  - ZwOpenThreadTokenEx
-  - IoGetCurrentProcess
-  - SeMarkLogonSessionForTerminationNotification
-  - KeTickCount
-  - DbgPrint
-  - ZwQueryInformationToken
-  - KeReleaseMutex
-  - NicmCreateInstance
-  - NicmDeregisterClassFactory
-  Imports:
-  - ntoskrnl.exe
-  - nicm.sys
-  InternalName: ''
-  MD5: a1547e8b2ca0516d0d9191a55b8536c0
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: nscm.sys
-  Product: Novell XTier
-  ProductVersion: 3.1.6
-  RichPEHeaderHash:
-    MD5: e92edbb3d49ed0e7c3de680c901221a8
-    SHA1: 17f6d8284edd12372405ea1e0edb59249d6d2a02
-    SHA256: 94fef4d39e3ffb29a749b7b8511c7ce76b9f824cb724eeef2529476a7b9af465
-  SHA1: 7cd4aea9c1f82111bf7f9d4934be95e9bb6f8ae0
-  SHA256: ce23c2dae4cca4771ea50ec737093dfafac06c64db0f924a1ccbbf687e33f5a2
-  Sections:
-    .text:
-      Entropy: 6.133436661587974
-      Virtual Size: '0x337b'
-    .rdata:
-      Entropy: 5.95443123338063
-      Virtual Size: '0x2cc'
-    .data:
-      Entropy: 0.6992933847552781
-      Virtual Size: '0x294'
-    .edata:
-      Entropy: 3.88787733918592
-      Virtual Size: '0x63'
-    INIT:
-      Entropy: 5.407607088870612
-      Virtual Size: '0x2d6'
-    .rsrc:
-      Entropy: 3.289150653685818
-      Virtual Size: '0x350'
-    .reloc:
-      Entropy: 6.220983522762253
-      Virtual Size: '0x4f2'
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, OU=Novell Products Group, CN=Novell, Inc.
-      ValidFrom: '2007-04-04 00:00:00'
-      ValidTo: '2010-04-27 23:59:59'
-      Signature: 267f71f6ee43755fd6395f85c34bb15a72a6f2a959c2074627d294395fb1aaa4c7bbeff369d735628b233bde7e5c95a0f1837e5ad03704270834ce9c1b07649a256027930f44e064568666b06e7f9dc3cd299b38b0a6766301200ab58434a05a34a369ab99bbbf2aaa6b3603481e0393a80ea09e78a7cf55317a9590c49887f02e1fd948c3b1f6d203e91782ce423d0569f45e7f074205df5f92be6ccd9836641439af4390022242e0ca84aedb0d71c5a50f2dbd1ed30e5ac9c1bda67c694f94f2fe4aa83945ed32e426afe26f44dcb6dcc8186728f86f1a1bddc1ea7dd82b76578a42d1e63bf5f8f348fbcd509094858978e375d277394529df1dd5d78abab2
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 4808d93b14b8600dbfa18dab5d15310f
-      Version: 3
-      TBS:
-        MD5: adddb65a3a360b3c1a55cb33e426f32a
-        SHA1: 93d9b282265288a94ee4f1a01c5fb3a08badb7ac
-        SHA256: d98d63f26125a94eb767fdd2526f6c74bfb40cb4d117a1d87ca3ed0d99bd6f0b
-        SHA384: cf20d9d6343b52b05ebaeace8a75ad950089e2d55508571cf5b153583fdf2d7b11bc61b8f38bfa70f09b2e7ac63d9ef5
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 4808d93b14b8600dbfa18dab5d15310f
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  Imphash: 65181bc89a1c2b5854548236269846c1
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 32265ccdfe3d7f66269cbee0d5555e5b
-    SHA1: 72e5f5f6f266410d827fef10dc82c7ec8541e036
-    SHA256: 253ed7f5c7115e957dfdb1f5c6c51592b491a70b27787903c8fd848e45b9cf22
-  Company: Novell, Inc.
-  Copyright: (C) Copyright 2000-2013, Novell, Inc. All Rights Reserved.
-  CreationTimestamp: '2013-01-15 23:24:57'
-  Description: Novell XTier Session Manager
-  ExportedFunctions:
-  - DllGetClassObject
-  - XTCOM_Table
-  FileVersion: 3.1.11.0
-  Filename: nscm.sys
-  ImportedFunctions:
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - KeInitializeMutex
-  - IoQueueWorkItemEx
-  - IoDeleteDevice
-  - IoFreeWorkItem
-  - RtlEqualUnicodeString
-  - ZwOpenProcessTokenEx
-  - IoAllocateWorkItem
-  - ZwClose
-  - ZwOpenProcess
-  - DbgPrint
-  - PsGetCurrentProcessId
-  - IoCreateDevice
-  - ZwQueryInformationToken
-  - PsSetCreateProcessNotifyRoutine
-  - SeRegisterLogonSessionTerminatedRoutine
-  - SeUnregisterLogonSessionTerminatedRoutine
-  - ZwOpenThreadTokenEx
-  - IoGetCurrentProcess
-  - SeMarkLogonSessionForTerminationNotification
-  - KeBugCheckEx
-  - KeWaitForSingleObject
-  - ZwQueryInformationProcess
-  - KeReleaseMutex
-  - NicmCreateInstance
-  - NicmDeregisterClassFactory
-  Imports:
-  - ntoskrnl.exe
-  - nicm.sys
-  InternalName: ''
-  MD5: bd5d4d07ae09e9f418d6b4ac6d9f2ed5
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: nscm.sys
-  Product: Novell XTier
-  ProductVersion: 3.1.11
-  RichPEHeaderHash:
-    MD5: 0d646b28e804b652211b8f3e0feac906
-    SHA1: 1169ececb349b1d1a50626a2565e85cc6e9049ea
-    SHA256: 097828b6f5705aca00605777868f774f37fd5ecf705e958c6dbdb860c4934be4
-  SHA1: d61acd857242185a56e101642d15b9b5f0558c26
-  SHA256: fb81b5f8bf69637dbdf050181499088a67d24577587bc520de94b5ee8996240f
-  Sections:
-    .text:
-      Entropy: 5.9944111351941185
-      Virtual Size: '0x5736'
-    .rdata:
-      Entropy: 5.542492779395016
-      Virtual Size: '0x570'
-    .data:
-      Entropy: 1.445115035315444
-      Virtual Size: '0x5a8'
-    .pdata:
-      Entropy: 4.268472946152158
-      Virtual Size: '0x42c'
-    .edata:
-      Entropy: 3.9636482963781448
-      Virtual Size: '0x63'
-    INIT:
-      Entropy: 5.324738401510091
-      Virtual Size: '0x4b6'
-    .rsrc:
-      Entropy: 3.275995301680775
-      Virtual Size: '0x358'
-    .reloc:
-      Entropy: 1.2355823247516717
-      Virtual Size: '0x48'
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Corporation
-      ValidFrom: '2021-09-02 18:32:59'
-      ValidTo: '2022-09-01 18:32:59'
-      Signature: 164937b92c644c4061d4db4097b062bc812c0167605f5a99f847593186d029ab18e888522d744cc45d41dce29d47d2bf91c72992f35c1a5f03ed8c984b89a109430147e54bae0ddff0f523dfc03d5796a2636fc9a24ed66453809a33d134d1a7c9e83b974953893845a84fb668eb3afa179e82a01d7a51a03492911cb591ba118ab8b230e65920c7d2b2f90bd9ae7fc3762f2e4c88162a9f8c186f3163a3c1bef8e0b7d8d04a19673eb677518f01bf0cbaaf29e15c1695d15d134cbd20131ede87f2b5a3c3226abbbab3fec5caa38b7944b8bd31e1f538012f90edc4262ead76d2055b4bd458f8e3e39dffa7260bd9a6bebb62c86ef4f58dd177761d263d9fdc626aed8eca756ab441885ab4a8417a0e1fc63860d32badda0e9a3359b18cd3eb138f33e87582346bbd80c2b966e765751c386b8e59d3a02892da1fd02a8ec9312bbead188e81385e96b4fbced3fcf5545cda9fed8faa494efef4bb4b42e318478c377123e3b8dbacbcb7fd8019dc87946a33b91a0ed6160e02f2078d847ecc5e32ac0a5b003e4d58b41eb591a9f4b1da895b139ea125c1243233922b3dec46eba91425f752ba3261fe762feda2553add6bc5d67ac3c6eb63279f74fc02e2dfcde245b806df392111c7b20564ef7650fa17135b848cbe6c925d724d907732e6e0380e05f0aa11361be21401124fe9c6f1cf2e22c6d979bd3c49e61032a8d51269
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 33000002528b33aaf895f339db000000000252
-      Version: 3
-      TBS:
-        MD5: 92b6022918bc02eb361b8a02fb1da57d
-        SHA1: 8ceb945fac0f6d623d464e21740ae6eb60351652
-        SHA256: c1446860a1cd9db490d3ea85e9df05df44af8d44e2bb803a2a2018f3b6c41bcb
-        SHA384: 322ed1a62a9f2ed7c7f601e99a8db15371e3ba1039a73c81801165ea987679023bc36f8c357f74354dce65532b71be3c
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Code Signing PCA 2011
-      ValidFrom: '2011-07-08 20:59:09'
-      ValidTo: '2026-07-08 21:09:09'
-      Signature: 67f286a598e054791a2ed3d87467229b0b9611e163929942967dd2790c90c1655f2e2c3ef8c372d16d83febe3fe80aca3bbf47a9a3f369db63bf2235a5975d6584907d8b465055d80c927cd21a4b1cf33c428b52d0b0fd6be33e072e299be63d1ba5d4b51d779439e2e964c9443d787a23f3137da69074838df4cb2602462ac28a10bba4a9050c9bed68fa682e95a02a3f2a6b5849631f09696e5a9896e483f4c08ff3462bdefc3bd0bd35ef6e25aee5af27edd0ddf30eaf992897984d0e3d0bf20889d61fc33218e2f0c52dce5b9eb449390ac60ac2c6adaee5b2d9db1588514558383271271a7fb1f427f8de2c3a206998b25989686e6fa7b774c3400506a6012a283e823f134d660bc0b34df5e18f7f1c6f157d45a776e5402a65a3c35d526286c31d63369786dfdaf3f8f216a19a27e1cda597d0ee5d6341e35b079c873e067706d106b1751f14be6161b5f0dcc61b04bedf41c70e28eede652fec97f6a15c96d800d6a146bd59f397a5094b481099801fd00029c5b19ba53f45771e35c6d2a2a29f7a7a22fa48951fabfb472380f59ef8bf6bb74b97e2eb75781aecea379979184bffd6b3236875e6affafc8beb0b80ea693baffc30ed044c8edfdf756d63913dd19d564e4fbf805722a1781132217aef410ab13ffba8cca45dc1a1889b5771564e4845c042c99b765b0a80486bfd799fc1bd6d6d6ac95273130d7a50cd
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 610e90d2000000000003
-      Version: 3
-      TBS:
-        MD5: b4ec95434f1d45b8055077cf90540a5f
-        SHA1: 71f74db41d045d6eaf81a849bbb3e21544edcff4
-        SHA256: f6f717a43ad9abddc8cefdde1c505462535e7d1307e630f9544a2d14fe8bf26e
-        SHA384: 25cbac323e740588a1ea3ca39ea907647440884ad75fc4bd99be6c82202aba42e95049fa7b66884977e60b819b21a2a5
-    Signer:
-    - SerialNumber: 33000002528b33aaf895f339db000000000252
-      Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Code Signing PCA 2011
-      Version: 1
-  Imphash: 8b7e7c20da6ca9ac4bdb3927fe2b266a
-  LoadsDespiteHVCI: 'TRUE'
-- Authentihash:
-    MD5: b5668ca76edf23b8329578964f97f552
-    SHA1: 99848c658086ecb326e83cf3521e3440ecee6c35
-    SHA256: 410d79a49c02da50f4567166d5acef977b5dbc3aafb67522939bf902e65596a5
-  Company: Novell, Inc.
-  Copyright: (C) Copyright 2000-2015, Novell, Inc. All Rights Reserved.
-  CreationTimestamp: '2015-12-22 01:35:10'
-  Date: ''
-  Description: Novell XTier Session Manager
-  ExportedFunctions:
-  - DllGetClassObject
-  - XTCOM_Table
-  FileVersion: 3.1.12.0
-  Filename: ''
-  ImportedFunctions:
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - KeInitializeMutex
-  - PsLookupProcessByProcessId
-  - IoDeleteDevice
-  - RtlEqualUnicodeString
-  - ZwOpenProcessTokenEx
-  - _vsnwprintf
-  - ZwClose
-  - ZwOpenProcess
-  - ZwQueryInformationProcess
-  - DbgPrint
-  - IoCreateDevice
-  - ZwQueryInformationToken
-  - RtlDeleteRegistryValue
-  - PsSetCreateProcessNotifyRoutine
-  - SeRegisterLogonSessionTerminatedRoutine
-  - SeUnregisterLogonSessionTerminatedRoutine
-  - ZwOpenThreadTokenEx
-  - IoGetCurrentProcess
-  - SeMarkLogonSessionForTerminationNotification
-  - PsGetCurrentProcessId
-  - KeBugCheckEx
-  - KeWaitForSingleObject
-  - ObfDereferenceObject
-  - KeReleaseMutex
-  - NicmCreateInstance
-  - NicmDeregisterClassFactory
-  Imports:
-  - ntoskrnl.exe
-  - nicm.sys
-  InternalName: ''
-  MD5: 1cb26adeca26aefb5a61065e990402da
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: nscm.sys
-  PDBPath: ''
-  Product: Novell XTier
-  ProductVersion: 3.1.12
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 827395be6a60ed22c16a6eeea1843d8a
-    SHA1: 61171f78fedd9cc13cfa2fad18219d2aaf9ab83f
-    SHA256: d9b5607af39de0f2fc8d411d18fc86f6a1394c2b512b8876caef597f9c56dcad
-  SHA1: 5b866f522bcdf80e6a9fda71b385f917317f6551
-  SHA256: c6feb3f4932387df7598e29d4f5bdacec0b9ce98db3f51d96fc4ffdcc6eb10e1
-  Sections:
-    .text:
-      Entropy: 6.015399864614518
-      Virtual Size: '0x5a46'
-    .rdata:
-      Entropy: 5.555982444894318
-      Virtual Size: '0x598'
-    .data:
-      Entropy: 1.445115035315444
-      Virtual Size: '0x5a8'
-    .pdata:
-      Entropy: 4.280897322389318
-      Virtual Size: '0x450'
-    .edata:
-      Entropy: 3.9636482963781448
-      Virtual Size: '0x63'
-    INIT:
-      Entropy: 5.349379600291399
-      Virtual Size: '0x4e0'
-    .rsrc:
-      Entropy: 3.2792136282019944
-      Virtual Size: '0x358'
-    .reloc:
-      Entropy: 1.2355823247516717
-      Virtual Size: '0x48'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=Novell, Inc.
-      ValidFrom: '2013-03-05 00:00:00'
-      ValidTo: '2016-06-03 23:59:59'
-      Signature: dbb57cdba61b53b01c104cf3d4e6d31a0b127402fa3a5213dd686a48a858b7581868cb93fe789e249ef175deca865e2387ba579d8088691b5475c836d8c9fcafcca373a0d43c5a07029da9915827d5ca8fb80c0c676ce33f8f028e00d7a197b7ae7b0f726a1eed35d30591fffdbb14bd78c01c1d47cc18de85424fc81bbbbb1733498a35712ed119db159f3939fae462bcf5e2bde54b32c1cbe38a40f6389d5d849459a9401c4c0edeec46fe8dde11e184efb79298c1aa8f0a776e32be63d49b072d7f24c88eded44e6345e5df49a5592094278f8605402082896432b788f3bf1ea2e3912bc3c4bdaf6d609ee52d38fb25b9245441277b5ab7d70b0bda6fbfee
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 22184f284c89a9c053cd2b78b4189eea
-      Version: 3
-      TBS:
-        MD5: 5b1207ffffc0eff3784003d17b3e71a9
-        SHA1: 564b29bd3d1ae704393bf72a6e3e6931d3d4184d
-        SHA256: 2b9c106aae9a1675874a797c8571eb9fcec0a503ca4ddff69603321350fe3e68
-        SHA384: eac8e04313e7d424d650203026e3011abf7f02f40fecd7ab1a139aa229fabe40ac62b1f262780c4b27758214b08f7e87
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 22184f284c89a9c053cd2b78b4189eea
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 01aa65221a48929f0a34a27c4e3011b1
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 948889eac3cc3134cf6f45bcabc52858
-    SHA1: 45227aa1232e6c321ce40939f144bb6c1cf58e12
-    SHA256: 1d640783395631c1b4878ac7945f227c4c4f64fe26dd30cbed755dc440931e85
-  Company: Novell, Inc.
-  Copyright: (C) Copyright 2000-2015, Novell, Inc. All Rights Reserved.
-  CreationTimestamp: '2015-06-26 06:12:50'
-  Date: ''
-  Description: Novell XTier Session Manager
-  ExportedFunctions:
-  - DllGetClassObject
-  - XTCOM_Table
-  FileVersion: 3.1.12.0
-  Filename: ''
-  ImportedFunctions:
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - KeInitializeMutex
-  - PsLookupProcessByProcessId
-  - IoDeleteDevice
-  - RtlEqualUnicodeString
-  - ZwOpenProcessTokenEx
-  - _vsnwprintf
-  - ZwClose
-  - ZwOpenProcess
-  - ZwQueryInformationProcess
-  - DbgPrint
-  - IoCreateDevice
-  - ZwQueryInformationToken
-  - RtlDeleteRegistryValue
-  - PsSetCreateProcessNotifyRoutine
-  - SeRegisterLogonSessionTerminatedRoutine
-  - SeUnregisterLogonSessionTerminatedRoutine
-  - ZwOpenThreadTokenEx
-  - IoGetCurrentProcess
-  - SeMarkLogonSessionForTerminationNotification
-  - PsGetCurrentProcessId
-  - KeBugCheckEx
-  - KeWaitForSingleObject
-  - ObfDereferenceObject
-  - KeReleaseMutex
-  - NicmCreateInstance
-  - NicmDeregisterClassFactory
-  Imports:
-  - ntoskrnl.exe
-  - nicm.sys
-  InternalName: ''
-  MD5: 750d1f07ea9d10b38a33636036c30cca
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: nscm.sys
-  PDBPath: ''
-  Product: Novell XTier
-  ProductVersion: 3.1.12
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 827395be6a60ed22c16a6eeea1843d8a
-    SHA1: 61171f78fedd9cc13cfa2fad18219d2aaf9ab83f
-    SHA256: d9b5607af39de0f2fc8d411d18fc86f6a1394c2b512b8876caef597f9c56dcad
-  SHA1: 085c0ea6980cb93a3afa076764b7866467ac987c
-  SHA256: e7b79fe1377b3da749590c080d4d96e59e622b1013b2183b98c81baa8bf2fffe
-  Sections:
-    .text:
-      Entropy: 6.015399864614518
-      Virtual Size: '0x5a46'
-    .rdata:
-      Entropy: 5.565340382412743
-      Virtual Size: '0x594'
-    .data:
-      Entropy: 1.445115035315444
-      Virtual Size: '0x5a8'
-    .pdata:
-      Entropy: 4.293741702821105
-      Virtual Size: '0x450'
-    .edata:
-      Entropy: 3.9838503165801646
-      Virtual Size: '0x63'
-    INIT:
-      Entropy: 5.349379600291399
-      Virtual Size: '0x4e0'
-    .rsrc:
-      Entropy: 3.2792136282019944
-      Virtual Size: '0x358'
-    .reloc:
-      Entropy: 1.2355823247516717
-      Virtual Size: '0x48'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=Novell, Inc.
-      ValidFrom: '2013-03-05 00:00:00'
-      ValidTo: '2016-06-03 23:59:59'
-      Signature: dbb57cdba61b53b01c104cf3d4e6d31a0b127402fa3a5213dd686a48a858b7581868cb93fe789e249ef175deca865e2387ba579d8088691b5475c836d8c9fcafcca373a0d43c5a07029da9915827d5ca8fb80c0c676ce33f8f028e00d7a197b7ae7b0f726a1eed35d30591fffdbb14bd78c01c1d47cc18de85424fc81bbbbb1733498a35712ed119db159f3939fae462bcf5e2bde54b32c1cbe38a40f6389d5d849459a9401c4c0edeec46fe8dde11e184efb79298c1aa8f0a776e32be63d49b072d7f24c88eded44e6345e5df49a5592094278f8605402082896432b788f3bf1ea2e3912bc3c4bdaf6d609ee52d38fb25b9245441277b5ab7d70b0bda6fbfee
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 22184f284c89a9c053cd2b78b4189eea
-      Version: 3
-      TBS:
-        MD5: 5b1207ffffc0eff3784003d17b3e71a9
-        SHA1: 564b29bd3d1ae704393bf72a6e3e6931d3d4184d
-        SHA256: 2b9c106aae9a1675874a797c8571eb9fcec0a503ca4ddff69603321350fe3e68
-        SHA384: eac8e04313e7d424d650203026e3011abf7f02f40fecd7ab1a139aa229fabe40ac62b1f262780c4b27758214b08f7e87
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 22184f284c89a9c053cd2b78b4189eea
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 01aa65221a48929f0a34a27c4e3011b1
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 81c87e8e69594a5970f8034743c82b45
-    SHA1: cbf74b634b651c2c60a72b294a60d37232ea3e84
-    SHA256: 37b9fbd6547091b83b2595bb0f9f9035ae95111868a4393aab52bf22087233d7
-  Company: Novell, Inc.
-  Copyright: (C) Copyright 2000-2012, Novell, Inc. All Rights Reserved.
-  CreationTimestamp: '2012-03-18 19:29:20'
-  Date: ''
-  Description: Novell XTier Session Manager
-  ExportedFunctions:
-  - DllGetClassObject
-  - XTCOM_Table
-  FileVersion: 3.1.10.0
-  Filename: ''
-  ImportedFunctions:
-  - IoDeleteDevice
-  - SeUnregisterLogonSessionTerminatedRoutine
-  - SeRegisterLogonSessionTerminatedRoutine
-  - KeInitializeMutex
-  - IoCreateDevice
-  - KeGetCurrentThread
-  - KeWaitForSingleObject
-  - ZwClose
-  - ZwQueryInformationToken
-  - IoGetCurrentProcess
-  - ZwOpenProcessTokenEx
-  - ZwOpenThreadTokenEx
-  - KeTickCount
-  - DbgPrint
-  - SeMarkLogonSessionForTerminationNotification
-  - KeReleaseMutex
-  - NicmCreateInstance
-  - NicmDeregisterClassFactory
-  Imports:
-  - ntoskrnl.exe
-  - nicm.sys
-  InternalName: ''
-  MD5: 270052c61f4de95ebfbf3a49fb39235f
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: nscm.sys
-  PDBPath: ''
-  Product: Novell XTier
-  ProductVersion: 3.1.10
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: ae2ba4ab28309050013e34523f55d28b
-    SHA1: 87a2ac80c201eae4c50bbd1f7a409014f88a4d2a
-    SHA256: f171d3a30917f5723989ef85e253a97ff4c2b4d968607d7afccf427dd648e364
-  SHA1: ad60e40a148accec0950d8d13bf7182c2bd5dfef
-  SHA256: 0cf91e8f64a7c98dbeab21597bd76723aee892ed8fa4ee44b09f9e75089308e2
-  Sections:
-    .text:
-      Entropy: 6.152906583797422
-      Virtual Size: '0x3505'
-    .rdata:
-      Entropy: 5.934931906449255
-      Virtual Size: '0x2c0'
-    .data:
-      Entropy: 0.6992933847552781
-      Virtual Size: '0x294'
-    .edata:
-      Entropy: 3.8878773391859194
-      Virtual Size: '0x63'
-    INIT:
-      Entropy: 5.3979225181347195
-      Virtual Size: '0x2f8'
-    .rsrc:
-      Entropy: 3.2729254116810207
-      Virtual Size: '0x358'
-    .reloc:
-      Entropy: 6.189610877444558
-      Virtual Size: '0x512'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, OU=Novell Products Group, CN=Novell, Inc.
-      ValidFrom: '2010-04-03 00:00:00'
-      ValidTo: '2013-04-26 23:59:59'
-      Signature: 2d2eec4636a0c1f359ef30a107e6c2301ad12c09ab9fdac02211aaef81323d1daee3a14a150bf9f4c7d0d788d5f486ea75e40abeb502a2267171be53030fe7614af7a2015eabd4c26e887ec9220beb3666fc68158d2b8dd659e3fe55245821c10e37ddeebac63eb1848512c64a543a13ba6735b156c6dc13395890e8003e03e7c2613e2c1de1dfadfe072cd7655e3b4166fe973233b4f81ecf810541382d67c92f29d76e220543a7179b606011b932cee250f99f260b29e79236cec10b67e0e0e48cb74593a7ce2e3cfafb6c58ac7ae5c10a591037c380b5f7516cac8f4ec695b020ca2445cb9bf97eb56c09d4a62618871b482ef97c5894349e10f62e2ee68b
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 41ec87c0295f2c734169b8a23c66ac9a
-      Version: 3
-      TBS:
-        MD5: b1504f143b89a6080710bafcededb833
-        SHA1: 5c2696893ebba1e81d918a4fadda143c25c77286
-        SHA256: ae1dc09d08e93ace95fe203adfbfadcd4c029529d3f99ab381c368064b58d9a0
-        SHA384: 18c6db711578cfcd4bce87c63d053e242c7c196efc892c2d4a8733cb75bb7dc3cac3f702e0e1d4b7fa2c590acb53fdee
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 41ec87c0295f2c734169b8a23c66ac9a
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  Imphash: 29a2e15ac1622a3daf7da5a78f0cef08
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 8fd0912006f7d1f320c95b39673f7ee3
-    SHA1: 0eb2a02bddee973aef2fdb9f587cdfec7c136407
-    SHA256: 748b6350472e21bab16497e4296794619dede7fcdb188fea1574f89498a2ff54
-  Company: Novell, Inc.
-  Copyright: (C) Copyright 2000-2008, Novell, Inc. All Rights Reserved.
-  CreationTimestamp: '2008-08-18 10:18:12'
-  Date: ''
-  Description: Novell XTier Session Manager
-  ExportedFunctions:
-  - DllGetClassObject
-  - XTCOM_Table
-  FileVersion: 3.1.6.0
-  Filename: ''
-  ImportedFunctions:
-  - IoCreateDevice
-  - SeUnregisterLogonSessionTerminatedRoutine
-  - KeInitializeMutex
-  - IoDeleteDevice
-  - SeRegisterLogonSessionTerminatedRoutine
-  - ZwOpenProcessTokenEx
-  - KeReleaseMutex
-  - ZwClose
-  - SeMarkLogonSessionForTerminationNotification
-  - ZwQueryInformationToken
-  - ZwOpenThreadTokenEx
-  - KeBugCheckEx
-  - KeWaitForSingleObject
-  - IoGetCurrentProcess
-  - DbgPrint
-  - NicmCreateInstance
-  - NicmDeregisterClassFactory
-  Imports:
-  - ntoskrnl.exe
-  - nicm.sys
-  InternalName: ''
-  MD5: ce65b7adcf954eb36df62ea3d4a628c7
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: nscm.sys
-  PDBPath: ''
-  Product: Novell XTier
-  ProductVersion: 3.1.6
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 4a07178c85358a7450e421019955ccee
-    SHA1: 0e0b4edfb21b1a41b2f00f341bc1c6de6a650546
-    SHA256: dd7717af9d41e7c2d7c773f3e063d396ad8676b3d940732451acc1fc28ec9989
-  SHA1: 272ffcda920a8e2440eb0d31dcd05485e0d597ad
-  SHA256: a495ffa623a5220179b0dd519935e255dd6910b7b7bc3d68906528496561ff53
-  Sections:
-    .text:
-      Entropy: 5.981323117886685
-      Virtual Size: '0x4a25'
-    .rdata:
-      Entropy: 5.674341417857536
-      Virtual Size: '0x480'
-    .data:
-      Entropy: 0.8264834692004682
-      Virtual Size: '0x548'
-    .pdata:
-      Entropy: 4.218145333940637
-      Virtual Size: '0x3c0'
-    .edata:
-      Entropy: 3.9838503165801646
-      Virtual Size: '0x63'
-    INIT:
-      Entropy: 5.26537545088398
-      Virtual Size: '0x360'
-    .rsrc:
-      Entropy: 3.289150653685818
-      Virtual Size: '0x350'
-    .reloc:
-      Entropy: 1.2454265871243133
-      Virtual Size: '0x3c'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, OU=Novell Products Group, CN=Novell, Inc.
-      ValidFrom: '2007-04-04 00:00:00'
-      ValidTo: '2010-04-27 23:59:59'
-      Signature: 267f71f6ee43755fd6395f85c34bb15a72a6f2a959c2074627d294395fb1aaa4c7bbeff369d735628b233bde7e5c95a0f1837e5ad03704270834ce9c1b07649a256027930f44e064568666b06e7f9dc3cd299b38b0a6766301200ab58434a05a34a369ab99bbbf2aaa6b3603481e0393a80ea09e78a7cf55317a9590c49887f02e1fd948c3b1f6d203e91782ce423d0569f45e7f074205df5f92be6ccd9836641439af4390022242e0ca84aedb0d71c5a50f2dbd1ed30e5ac9c1bda67c694f94f2fe4aa83945ed32e426afe26f44dcb6dcc8186728f86f1a1bddc1ea7dd82b76578a42d1e63bf5f8f348fbcd509094858978e375d277394529df1dd5d78abab2
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 4808d93b14b8600dbfa18dab5d15310f
-      Version: 3
-      TBS:
-        MD5: adddb65a3a360b3c1a55cb33e426f32a
-        SHA1: 93d9b282265288a94ee4f1a01c5fb3a08badb7ac
-        SHA256: d98d63f26125a94eb767fdd2526f6c74bfb40cb4d117a1d87ca3ed0d99bd6f0b
-        SHA384: cf20d9d6343b52b05ebaeace8a75ad950089e2d55508571cf5b153583fdf2d7b11bc61b8f38bfa70f09b2e7ac63d9ef5
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 4808d93b14b8600dbfa18dab5d15310f
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  Imphash: 7d004bbe0f546a91c93562d324307fa7
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 6b6c8f2c44df5aade507397b36071a45
-    SHA1: 9510465b38ab1e05b2c5e9d40f962430916296da
-    SHA256: 0f4ca9e9507724526f2b624d165750344473d388da38b7f3f6a8366dbc15140b
-  Company: Novell, Inc.
-  Copyright: (C) Copyright 2000-2008, Novell, Inc. All Rights Reserved.
-  CreationTimestamp: '2009-09-08 13:40:51'
-  Date: ''
-  Description: Novell XTier Session Manager
-  ExportedFunctions:
-  - DllGetClassObject
-  - XTCOM_Table
-  FileVersion: 3.1.6.0
-  Filename: ''
-  ImportedFunctions:
-  - IoCreateDevice
-  - SeUnregisterLogonSessionTerminatedRoutine
-  - KeInitializeMutex
-  - IoDeleteDevice
-  - SeRegisterLogonSessionTerminatedRoutine
-  - SeMarkLogonSessionForTerminationNotification
-  - KeReleaseMutex
-  - ZwOpenThreadTokenEx
-  - ZwOpenProcessTokenEx
-  - IoGetCurrentProcess
-  - ZwClose
-  - KeBugCheckEx
-  - KeWaitForSingleObject
-  - ZwQueryInformationToken
-  - DbgPrint
-  - NicmCreateInstance
-  - NicmDeregisterClassFactory
-  Imports:
-  - ntoskrnl.exe
-  - nicm.sys
-  InternalName: ''
-  MD5: 8291dcbcbccc2ce28195d04ac616a1b5
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: nscm.sys
-  PDBPath: ''
-  Product: Novell XTier
-  ProductVersion: 3.1.6
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 4a07178c85358a7450e421019955ccee
-    SHA1: 0e0b4edfb21b1a41b2f00f341bc1c6de6a650546
-    SHA256: dd7717af9d41e7c2d7c773f3e063d396ad8676b3d940732451acc1fc28ec9989
-  SHA1: 32f27451c377c8b5ea66be5475c2f2733cffe306
-  SHA256: 14938f68957ede6e2b742a550042119a8fbc9f14427fb89fa53fff12d243561c
-  Sections:
-    .text:
-      Entropy: 5.984908350932489
-      Virtual Size: '0x4c05'
-    .rdata:
-      Entropy: 5.608591774799332
-      Virtual Size: '0x49c'
-    .data:
-      Entropy: 0.8264834692004682
-      Virtual Size: '0x568'
-    .pdata:
-      Entropy: 4.239573253931084
-      Virtual Size: '0x3d8'
-    .edata:
-      Entropy: 3.983850316580165
-      Virtual Size: '0x63'
-    INIT:
-      Entropy: 5.259964214601351
-      Virtual Size: '0x360'
-    .rsrc:
-      Entropy: 3.289150653685818
-      Virtual Size: '0x350'
-    .reloc:
-      Entropy: 1.2454265871243133
-      Virtual Size: '0x3c'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, OU=Novell Products Group, CN=Novell, Inc.
-      ValidFrom: '2007-04-04 00:00:00'
-      ValidTo: '2010-04-27 23:59:59'
-      Signature: 267f71f6ee43755fd6395f85c34bb15a72a6f2a959c2074627d294395fb1aaa4c7bbeff369d735628b233bde7e5c95a0f1837e5ad03704270834ce9c1b07649a256027930f44e064568666b06e7f9dc3cd299b38b0a6766301200ab58434a05a34a369ab99bbbf2aaa6b3603481e0393a80ea09e78a7cf55317a9590c49887f02e1fd948c3b1f6d203e91782ce423d0569f45e7f074205df5f92be6ccd9836641439af4390022242e0ca84aedb0d71c5a50f2dbd1ed30e5ac9c1bda67c694f94f2fe4aa83945ed32e426afe26f44dcb6dcc8186728f86f1a1bddc1ea7dd82b76578a42d1e63bf5f8f348fbcd509094858978e375d277394529df1dd5d78abab2
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 4808d93b14b8600dbfa18dab5d15310f
-      Version: 3
-      TBS:
-        MD5: adddb65a3a360b3c1a55cb33e426f32a
-        SHA1: 93d9b282265288a94ee4f1a01c5fb3a08badb7ac
-        SHA256: d98d63f26125a94eb767fdd2526f6c74bfb40cb4d117a1d87ca3ed0d99bd6f0b
-        SHA384: cf20d9d6343b52b05ebaeace8a75ad950089e2d55508571cf5b153583fdf2d7b11bc61b8f38bfa70f09b2e7ac63d9ef5
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 4808d93b14b8600dbfa18dab5d15310f
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  Imphash: b8d0a36d2b14d79dfa08fb2e121f0920
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: e27fcbf5c5155f962e8734d698d38680
-    SHA1: dc05bc4f8de1c51ea6cdca68df880908e1d49eed
-    SHA256: 4c21b7065cb961127ab9e2a0251ab8d50cfd65369a41e88e36bc2908af2b1d8d
-  Company: Novell, Inc.
-  Copyright: (C) Copyright 2000-2013, Novell, Inc. All Rights Reserved.
-  CreationTimestamp: '2013-12-18 02:23:27'
-  Date: ''
-  Description: Novell XTier Session Manager
-  ExportedFunctions:
-  - DllGetClassObject
-  - XTCOM_Table
-  FileVersion: 3.1.11.0
-  Filename: ''
-  ImportedFunctions:
-  - _vsnwprintf
-  - IoDeleteDevice
-  - ZwQueryInformationToken
-  - ZwClose
-  - ZwOpenProcessTokenEx
-  - ZwOpenProcess
-  - PsGetCurrentProcessId
-  - KeInitializeMutex
-  - IoCreateDevice
-  - IoFreeWorkItem
-  - ExFreePoolWithTag
-  - RtlDeleteRegistryValue
-  - KeWaitForSingleObject
-  - ZwQueryInformationProcess
-  - ExAllocatePoolWithTag
-  - IoQueueWorkItemEx
-  - IoAllocateWorkItem
-  - PsSetCreateProcessNotifyRoutine
-  - SeRegisterLogonSessionTerminatedRoutine
-  - SeUnregisterLogonSessionTerminatedRoutine
-  - SeMarkLogonSessionForTerminationNotification
-  - ZwOpenThreadTokenEx
-  - IoGetCurrentProcess
-  - KeTickCount
-  - DbgPrint
-  - RtlEqualUnicodeString
-  - KeReleaseMutex
-  - NicmCreateInstance
-  - NicmDeregisterClassFactory
-  Imports:
-  - ntoskrnl.exe
-  - nicm.sys
-  InternalName: ''
-  MD5: c8f88ca47b393da6acf87fa190e81333
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: nscm.sys
-  PDBPath: ''
-  Product: Novell XTier
-  ProductVersion: 3.1.11
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 12a6588743897399103a71a7b8424725
-    SHA1: 89722c63ce0ed56ed1dd53df18e56c1d83a9c60c
-    SHA256: 27d2e5007a373792d154bcf729da29f4c94c882690b36411bd70b1e00ac49380
-  SHA1: d19d1d3aa30391922989f4c6e3f7dc4937dcefbf
-  SHA256: 202d9703a5b8d06c5f92d2c5218a93431aa55af389007826a9bfaaf900812213
-  Sections:
-    .text:
-      Entropy: 6.2126827062968815
-      Virtual Size: '0x3e80'
-    .rdata:
-      Entropy: 5.967010163773201
-      Virtual Size: '0x317'
-    .data:
-      Entropy: 1.31505443956947
-      Virtual Size: '0x2f4'
-    .edata:
-      Entropy: 3.9157044856724195
-      Virtual Size: '0x63'
-    INIT:
-      Entropy: 5.4937509169523615
-      Virtual Size: '0x414'
-    .rsrc:
-      Entropy: 3.275995301680775
-      Virtual Size: '0x358'
-    .reloc:
-      Entropy: 6.2966285478887905
-      Virtual Size: '0x59c'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=Novell, Inc.
-      ValidFrom: '2013-03-05 00:00:00'
-      ValidTo: '2016-06-03 23:59:59'
-      Signature: dbb57cdba61b53b01c104cf3d4e6d31a0b127402fa3a5213dd686a48a858b7581868cb93fe789e249ef175deca865e2387ba579d8088691b5475c836d8c9fcafcca373a0d43c5a07029da9915827d5ca8fb80c0c676ce33f8f028e00d7a197b7ae7b0f726a1eed35d30591fffdbb14bd78c01c1d47cc18de85424fc81bbbbb1733498a35712ed119db159f3939fae462bcf5e2bde54b32c1cbe38a40f6389d5d849459a9401c4c0edeec46fe8dde11e184efb79298c1aa8f0a776e32be63d49b072d7f24c88eded44e6345e5df49a5592094278f8605402082896432b788f3bf1ea2e3912bc3c4bdaf6d609ee52d38fb25b9245441277b5ab7d70b0bda6fbfee
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 22184f284c89a9c053cd2b78b4189eea
-      Version: 3
-      TBS:
-        MD5: 5b1207ffffc0eff3784003d17b3e71a9
-        SHA1: 564b29bd3d1ae704393bf72a6e3e6931d3d4184d
-        SHA256: 2b9c106aae9a1675874a797c8571eb9fcec0a503ca4ddff69603321350fe3e68
-        SHA384: eac8e04313e7d424d650203026e3011abf7f02f40fecd7ab1a139aa229fabe40ac62b1f262780c4b27758214b08f7e87
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 22184f284c89a9c053cd2b78b4189eea
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: e1a5435877b427be967867a25b1d263e
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 3d6cb9acf4c080dd83a0033feef09a4e
-    SHA1: c966a8f171c40ffea5b8464bb7d4e737db0ec175
-    SHA256: 234fc829bfd4d8d5dca351be176f5a06cb29bbfd5632a93cc218936d32a44851
-  Company: Novell, Inc.
-  Copyright: (C) Copyright 2000-2014, Novell, Inc. All Rights Reserved.
-  CreationTimestamp: '2014-08-26 13:58:19'
-  Date: ''
-  Description: Novell XTier Session Manager
-  ExportedFunctions:
-  - DllGetClassObject
-  - XTCOM_Table
-  FileVersion: 3.1.11.0
-  Filename: ''
-  ImportedFunctions:
-  - _vsnwprintf
-  - IoDeleteDevice
-  - ZwQueryInformationToken
-  - ZwClose
-  - ZwOpenProcessTokenEx
-  - ZwOpenProcess
-  - KeInitializeMutex
-  - IoCreateDevice
-  - IoFreeWorkItem
-  - ExFreePoolWithTag
-  - RtlDeleteRegistryValue
-  - RtlEqualUnicodeString
-  - KeWaitForSingleObject
-  - ExAllocatePoolWithTag
-  - IoQueueWorkItemEx
-  - IoAllocateWorkItem
-  - PsSetCreateProcessNotifyRoutine
-  - SeRegisterLogonSessionTerminatedRoutine
-  - SeUnregisterLogonSessionTerminatedRoutine
-  - SeMarkLogonSessionForTerminationNotification
-  - ZwOpenThreadTokenEx
-  - PsGetCurrentProcessId
-  - IoGetCurrentProcess
-  - KeTickCount
-  - DbgPrint
-  - ZwQueryInformationProcess
-  - KeReleaseMutex
-  - NicmCreateInstance
-  - NicmDeregisterClassFactory
-  Imports:
-  - ntoskrnl.exe
-  - nicm.sys
-  InternalName: ''
-  MD5: ba21bfa3d05661ba216873a9ef66a6e2
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: nscm.sys
-  PDBPath: ''
-  Product: Novell XTier
-  ProductVersion: 3.1.11
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 12a6588743897399103a71a7b8424725
-    SHA1: 89722c63ce0ed56ed1dd53df18e56c1d83a9c60c
-    SHA256: 27d2e5007a373792d154bcf729da29f4c94c882690b36411bd70b1e00ac49380
-  SHA1: 7329bb4a7ca98556fa6b05bd4f9b236186e845d1
-  SHA256: 653f6a65e0e608cae217bea2f90f05d8125cf23f83ba01a60de0f5659cfa5d4d
-  Sections:
-    .text:
-      Entropy: 6.214029038984061
-      Virtual Size: '0x3ed8'
-    .rdata:
-      Entropy: 5.951631279530424
-      Virtual Size: '0x311'
-    .data:
-      Entropy: 1.31505443956947
-      Virtual Size: '0x2f4'
-    .edata:
-      Entropy: 3.882925571552858
-      Virtual Size: '0x63'
-    INIT:
-      Entropy: 5.491127473397609
-      Virtual Size: '0x414'
-    .rsrc:
-      Entropy: 3.274996758488867
-      Virtual Size: '0x358'
-    .reloc:
-      Entropy: 6.285236926922213
-      Virtual Size: '0x5a2'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=Novell, Inc.
-      ValidFrom: '2013-03-05 00:00:00'
-      ValidTo: '2016-06-03 23:59:59'
-      Signature: dbb57cdba61b53b01c104cf3d4e6d31a0b127402fa3a5213dd686a48a858b7581868cb93fe789e249ef175deca865e2387ba579d8088691b5475c836d8c9fcafcca373a0d43c5a07029da9915827d5ca8fb80c0c676ce33f8f028e00d7a197b7ae7b0f726a1eed35d30591fffdbb14bd78c01c1d47cc18de85424fc81bbbbb1733498a35712ed119db159f3939fae462bcf5e2bde54b32c1cbe38a40f6389d5d849459a9401c4c0edeec46fe8dde11e184efb79298c1aa8f0a776e32be63d49b072d7f24c88eded44e6345e5df49a5592094278f8605402082896432b788f3bf1ea2e3912bc3c4bdaf6d609ee52d38fb25b9245441277b5ab7d70b0bda6fbfee
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 22184f284c89a9c053cd2b78b4189eea
-      Version: 3
-      TBS:
-        MD5: 5b1207ffffc0eff3784003d17b3e71a9
-        SHA1: 564b29bd3d1ae704393bf72a6e3e6931d3d4184d
-        SHA256: 2b9c106aae9a1675874a797c8571eb9fcec0a503ca4ddff69603321350fe3e68
-        SHA384: eac8e04313e7d424d650203026e3011abf7f02f40fecd7ab1a139aa229fabe40ac62b1f262780c4b27758214b08f7e87
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 22184f284c89a9c053cd2b78b4189eea
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 9fc4a96d982ebfd6b9d87c0f3ebef681
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 0d2b36f1bf3378239f699e508290e746
-    SHA1: ccba48d017eb2a19cc9b6b14d3762158dcb02b43
-    SHA256: 8ac341d36e1af8959de6410a976400ded8554f5ffb6a462a8080c38a0140f4d4
-  Company: Novell, Inc.
-  Copyright: (C) Copyright 2000-2011, Novell, Inc. All Rights Reserved.
-  CreationTimestamp: '2011-07-17 21:25:32'
-  Date: ''
-  Description: Novell XTier Session Manager
-  ExportedFunctions:
-  - DllGetClassObject
-  - XTCOM_Table
-  FileVersion: 3.1.6.0
-  Filename: ''
-  ImportedFunctions:
-  - IoDeleteDevice
-  - SeUnregisterLogonSessionTerminatedRoutine
-  - SeRegisterLogonSessionTerminatedRoutine
-  - KeInitializeMutex
-  - IoCreateDevice
-  - SeMarkLogonSessionForTerminationNotification
-  - KeWaitForSingleObject
-  - ZwQueryInformationToken
-  - IoGetCurrentProcess
-  - KeGetCurrentThread
-  - ZwOpenProcessTokenEx
-  - ZwOpenThreadTokenEx
-  - KeTickCount
-  - DbgPrint
-  - ZwClose
-  - KeReleaseMutex
-  - NicmCreateInstance
-  - NicmDeregisterClassFactory
-  Imports:
-  - ntoskrnl.exe
-  - nicm.sys
-  InternalName: ''
-  MD5: 936729b8dc2282037bc1504c2680e3ad
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: nscm.sys
-  PDBPath: ''
-  Product: Novell XTier
-  ProductVersion: 3.1.6
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: a02cb14b3079ba92db28e034cd4eb46b
-    SHA1: 689ab02cafe1533f83f0c290524e175f92949618
-    SHA256: 0e9bdca9f3da40100a47c9cb2af1e7bc370dfb9a1532f19af91e008b2bb6b370
-  SHA1: a5596d4d329add26b9ca9fa7005302148dfacfd8
-  SHA256: 53810ca98e07a567bb082628d95d796f14c218762cbbaa79704740284dccda4b
-  Sections:
-    .text:
-      Entropy: 6.148140674179319
-      Virtual Size: '0x3517'
-    .rdata:
-      Entropy: 5.94388104788726
-      Virtual Size: '0x2c0'
-    .data:
-      Entropy: 0.6992933847552781
-      Virtual Size: '0x294'
-    .edata:
-      Entropy: 3.895502465470399
-      Virtual Size: '0x63'
-    INIT:
-      Entropy: 5.398186625335333
-      Virtual Size: '0x2f0'
-    .rsrc:
-      Entropy: 3.287931080812757
-      Virtual Size: '0x350'
-    .reloc:
-      Entropy: 6.193609607432911
-      Virtual Size: '0x510'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, OU=Novell Products Group, CN=Novell, Inc.
-      ValidFrom: '2010-04-03 00:00:00'
-      ValidTo: '2013-04-26 23:59:59'
-      Signature: 2d2eec4636a0c1f359ef30a107e6c2301ad12c09ab9fdac02211aaef81323d1daee3a14a150bf9f4c7d0d788d5f486ea75e40abeb502a2267171be53030fe7614af7a2015eabd4c26e887ec9220beb3666fc68158d2b8dd659e3fe55245821c10e37ddeebac63eb1848512c64a543a13ba6735b156c6dc13395890e8003e03e7c2613e2c1de1dfadfe072cd7655e3b4166fe973233b4f81ecf810541382d67c92f29d76e220543a7179b606011b932cee250f99f260b29e79236cec10b67e0e0e48cb74593a7ce2e3cfafb6c58ac7ae5c10a591037c380b5f7516cac8f4ec695b020ca2445cb9bf97eb56c09d4a62618871b482ef97c5894349e10f62e2ee68b
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 41ec87c0295f2c734169b8a23c66ac9a
-      Version: 3
-      TBS:
-        MD5: b1504f143b89a6080710bafcededb833
-        SHA1: 5c2696893ebba1e81d918a4fadda143c25c77286
-        SHA256: ae1dc09d08e93ace95fe203adfbfadcd4c029529d3f99ab381c368064b58d9a0
-        SHA384: 18c6db711578cfcd4bce87c63d053e242c7c196efc892c2d4a8733cb75bb7dc3cac3f702e0e1d4b7fa2c590acb53fdee
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 41ec87c0295f2c734169b8a23c66ac9a
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  Imphash: 052280a42374b8d779c10cd0d8118691
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: aac45578e5c6ab044107b52ce2888349
-    SHA1: e48f528493b963c8660f8c989281fd5b2277f359
-    SHA256: 5271f526b19331c7f8526a5e10b9aedc0ddd325958aa0e908ceaee40692f7ae2
-  Company: Novell, Inc.
-  Copyright: (C) Copyright 2000-2015, Novell, Inc. All Rights Reserved.
-  CreationTimestamp: '2015-06-26 06:12:59'
-  Date: ''
-  Description: Novell XTier Session Manager
-  ExportedFunctions:
-  - DllGetClassObject
-  - XTCOM_Table
-  FileVersion: 3.1.12.0
-  Filename: ''
-  ImportedFunctions:
-  - _vsnwprintf
-  - IoDeleteDevice
-  - ZwQueryInformationToken
-  - ZwClose
-  - ZwOpenProcessTokenEx
-  - ZwOpenProcess
-  - KeInitializeMutex
-  - IoCreateDevice
-  - ExFreePoolWithTag
-  - RtlDeleteRegistryValue
-  - RtlEqualUnicodeString
-  - ZwQueryInformationProcess
-  - KeWaitForSingleObject
-  - ObfDereferenceObject
-  - PsLookupProcessByProcessId
-  - PsSetCreateProcessNotifyRoutine
-  - SeRegisterLogonSessionTerminatedRoutine
-  - SeUnregisterLogonSessionTerminatedRoutine
-  - SeMarkLogonSessionForTerminationNotification
-  - ZwOpenThreadTokenEx
-  - PsGetCurrentProcessId
-  - IoGetCurrentProcess
-  - KeTickCount
-  - KeBugCheckEx
-  - DbgPrint
-  - ExAllocatePoolWithTag
-  - KeReleaseMutex
-  - NicmCreateInstance
-  - NicmDeregisterClassFactory
-  Imports:
-  - ntoskrnl.exe
-  - nicm.sys
-  InternalName: ''
-  MD5: dd38cc344d2a0da1c03e92eb4b89a193
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: nscm.sys
-  PDBPath: ''
-  Product: Novell XTier
-  ProductVersion: 3.1.12
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 05f8ba050a0bc8cacc2ea38ec5bff7bc
-    SHA1: cbf24de195bf2f27d33f360a2e4dbf6a7b4f9f43
-    SHA256: a30dee85df24c564765fe905a90d1e6aa140c185b7f4870fc6fc6680dd0075b2
-  SHA1: 82dbac75b73ff4b92bdcbf6977a6683e1dcfe995
-  SHA256: f77fe6b1e0e913ac109335a8fa2ac4961d35cbbd50729936059aba8700690a9e
-  Sections:
-    .text:
-      Entropy: 6.216974830222535
-      Virtual Size: '0x3f4c'
-    .rdata:
-      Entropy: 5.980250864123602
-      Virtual Size: '0x313'
-    .data:
-      Entropy: 1.31505443956947
-      Virtual Size: '0x2f4'
-    .edata:
-      Entropy: 3.9157044856724195
-      Virtual Size: '0x63'
-    INIT:
-      Entropy: 5.5039626875648695
-      Virtual Size: '0x41e'
-    .rsrc:
-      Entropy: 3.2792136282019944
-      Virtual Size: '0x358'
-    .reloc:
-      Entropy: 6.244068053409568
-      Virtual Size: '0x5a2'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=Novell, Inc.
-      ValidFrom: '2013-03-05 00:00:00'
-      ValidTo: '2016-06-03 23:59:59'
-      Signature: dbb57cdba61b53b01c104cf3d4e6d31a0b127402fa3a5213dd686a48a858b7581868cb93fe789e249ef175deca865e2387ba579d8088691b5475c836d8c9fcafcca373a0d43c5a07029da9915827d5ca8fb80c0c676ce33f8f028e00d7a197b7ae7b0f726a1eed35d30591fffdbb14bd78c01c1d47cc18de85424fc81bbbbb1733498a35712ed119db159f3939fae462bcf5e2bde54b32c1cbe38a40f6389d5d849459a9401c4c0edeec46fe8dde11e184efb79298c1aa8f0a776e32be63d49b072d7f24c88eded44e6345e5df49a5592094278f8605402082896432b788f3bf1ea2e3912bc3c4bdaf6d609ee52d38fb25b9245441277b5ab7d70b0bda6fbfee
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 22184f284c89a9c053cd2b78b4189eea
-      Version: 3
-      TBS:
-        MD5: 5b1207ffffc0eff3784003d17b3e71a9
-        SHA1: 564b29bd3d1ae704393bf72a6e3e6931d3d4184d
-        SHA256: 2b9c106aae9a1675874a797c8571eb9fcec0a503ca4ddff69603321350fe3e68
-        SHA384: eac8e04313e7d424d650203026e3011abf7f02f40fecd7ab1a139aa229fabe40ac62b1f262780c4b27758214b08f7e87
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 22184f284c89a9c053cd2b78b4189eea
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 5899e93373114ca9e458e906675132b7
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 0d2b0c403b11961ee8fb42c7c114815f
-    SHA1: b9b60fb3b1c3560b824e168428f0827713aa2f24
-    SHA256: f62282e44713d7d2f4c780027c7bbb82ba0b491c8836dfae33a2d82e8b5a43d2
-  Company: Novell, Inc.
-  Copyright: "Copyright \xA9 1997-2007 Novell, Inc."
-  CreationTimestamp: '2007-08-09 13:35:11'
-  Date: ''
-  Description: Novell XTier Session Manager
-  ExportedFunctions:
-  - DllGetClassObject
-  - XTCOM_Table
-  FileVersion: 2.0.0.0
-  Filename: ''
-  ImportedFunctions:
-  - IoCreateDevice
-  - SeUnregisterLogonSessionTerminatedRoutine
-  - KeInitializeMutex
-  - IoDeleteDevice
-  - SeRegisterLogonSessionTerminatedRoutine
-  - ZwOpenProcessTokenEx
-  - KeReleaseMutex
-  - ZwClose
-  - SeMarkLogonSessionForTerminationNotification
-  - ZwQueryInformationToken
-  - ZwOpenThreadTokenEx
-  - KeBugCheckEx
-  - KeWaitForSingleObject
-  - IoGetCurrentProcess
-  - DbgPrint
-  - NicmCreateInstance
-  - NicmDeregisterClassFactory
-  Imports:
-  - ntoskrnl.exe
-  - nicm.sys
-  InternalName: ''
-  MD5: 5c4df33951d20253a98aa7b5e78e571a
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: nscm.sys
-  PDBPath: ''
-  Product: Novell XTier for Windows
-  ProductVersion: v2.0 (20060808)
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 4a07178c85358a7450e421019955ccee
-    SHA1: 0e0b4edfb21b1a41b2f00f341bc1c6de6a650546
-    SHA256: dd7717af9d41e7c2d7c773f3e063d396ad8676b3d940732451acc1fc28ec9989
-  SHA1: 72f16e6a18ba87248dd72f52445c916ad2e4edc2
-  SHA256: ca34f945117ec853a713183fa4e8cf85ea0c2c49ca26e73d869fee021f7b491d
-  Sections:
-    .text:
-      Entropy: 5.981323117886685
-      Virtual Size: '0x4a25'
-    .rdata:
-      Entropy: 5.666396857833603
-      Virtual Size: '0x480'
-    .data:
-      Entropy: 0.8264834692004682
-      Virtual Size: '0x548'
-    .pdata:
-      Entropy: 4.218145333940637
-      Virtual Size: '0x3c0'
-    .edata:
-      Entropy: 3.9473893016868637
-      Virtual Size: '0x63'
-    INIT:
-      Entropy: 5.26537545088398
-      Virtual Size: '0x360'
-    .rsrc:
-      Entropy: 3.2545231002082082
-      Virtual Size: '0x350'
-    .reloc:
-      Entropy: 1.2454265871243133
-      Virtual Size: '0x3c'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, OU=Novell Products Group, CN=Novell, Inc.
-      ValidFrom: '2007-04-04 00:00:00'
-      ValidTo: '2010-04-27 23:59:59'
-      Signature: 267f71f6ee43755fd6395f85c34bb15a72a6f2a959c2074627d294395fb1aaa4c7bbeff369d735628b233bde7e5c95a0f1837e5ad03704270834ce9c1b07649a256027930f44e064568666b06e7f9dc3cd299b38b0a6766301200ab58434a05a34a369ab99bbbf2aaa6b3603481e0393a80ea09e78a7cf55317a9590c49887f02e1fd948c3b1f6d203e91782ce423d0569f45e7f074205df5f92be6ccd9836641439af4390022242e0ca84aedb0d71c5a50f2dbd1ed30e5ac9c1bda67c694f94f2fe4aa83945ed32e426afe26f44dcb6dcc8186728f86f1a1bddc1ea7dd82b76578a42d1e63bf5f8f348fbcd509094858978e375d277394529df1dd5d78abab2
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 4808d93b14b8600dbfa18dab5d15310f
-      Version: 3
-      TBS:
-        MD5: adddb65a3a360b3c1a55cb33e426f32a
-        SHA1: 93d9b282265288a94ee4f1a01c5fb3a08badb7ac
-        SHA256: d98d63f26125a94eb767fdd2526f6c74bfb40cb4d117a1d87ca3ed0d99bd6f0b
-        SHA384: cf20d9d6343b52b05ebaeace8a75ad950089e2d55508571cf5b153583fdf2d7b11bc61b8f38bfa70f09b2e7ac63d9ef5
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 4808d93b14b8600dbfa18dab5d15310f
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  Imphash: 7d004bbe0f546a91c93562d324307fa7
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 985c950cb09a516571021db7e3ad9dde
-    SHA1: a4566fef7b427142afe4b1adf10509e79a91dc32
-    SHA256: cf2ea0e4d21d3774bbacf10a14c75583b448829f87a90b869678fbc4de9b2a99
-  Company: Novell, Inc.
-  Copyright: (C) Copyright 2000-2012, Novell, Inc. All Rights Reserved.
-  CreationTimestamp: '2012-03-18 19:31:45'
-  Date: ''
-  Description: Novell XTier Session Manager
-  ExportedFunctions:
-  - DllGetClassObject
-  - XTCOM_Table
-  FileVersion: 3.1.10.0
-  Filename: ''
-  ImportedFunctions:
-  - KeInitializeMutex
-  - IoDeleteDevice
-  - SeRegisterLogonSessionTerminatedRoutine
-  - IoCreateDevice
-  - SeUnregisterLogonSessionTerminatedRoutine
-  - ZwOpenThreadTokenEx
-  - DbgPrint
-  - IoGetCurrentProcess
-  - ZwClose
-  - SeMarkLogonSessionForTerminationNotification
-  - ZwQueryInformationToken
-  - KeBugCheckEx
-  - KeWaitForSingleObject
-  - ZwOpenProcessTokenEx
-  - KeReleaseMutex
-  - NicmCreateInstance
-  - NicmDeregisterClassFactory
-  Imports:
-  - ntoskrnl.exe
-  - nicm.sys
-  InternalName: ''
-  MD5: 2348508499406dec3b508f349949cb51
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: nscm.sys
-  PDBPath: ''
-  Product: Novell XTier
-  ProductVersion: 3.1.10
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 59cc1d0748cb4a607153e266f1588301
-    SHA1: 7a93a9773c8a5a61a124dc2d7050f6d16b4a747f
-    SHA256: 582ec0f6c156bffd6f8393af28004d47697f3945e9f8d864f979c1576baa6af4
-  SHA1: 6a60f5fa0dfc6c1fa55b24a29df7464ee01a9717
-  SHA256: f62911334068c9edd44b9c3e8dee8155a0097aa331dd4566a61afa3549f35f65
-  Sections:
-    .text:
-      Entropy: 5.988597248647215
-      Virtual Size: '0x4c15'
-    .rdata:
-      Entropy: 5.61556426827557
-      Virtual Size: '0x4ac'
-    .data:
-      Entropy: 0.8264834692004682
-      Virtual Size: '0x568'
-    .pdata:
-      Entropy: 4.204698702019221
-      Virtual Size: '0x3e4'
-    .edata:
-      Entropy: 3.956023170093665
-      Virtual Size: '0x63'
-    INIT:
-      Entropy: 5.304469238732931
-      Virtual Size: '0x380'
-    .rsrc:
-      Entropy: 3.2729254116810207
-      Virtual Size: '0x358'
-    .reloc:
-      Entropy: 1.2454265871243133
-      Virtual Size: '0x3c'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, OU=Novell Products Group, CN=Novell, Inc.
-      ValidFrom: '2010-04-03 00:00:00'
-      ValidTo: '2013-04-26 23:59:59'
-      Signature: 2d2eec4636a0c1f359ef30a107e6c2301ad12c09ab9fdac02211aaef81323d1daee3a14a150bf9f4c7d0d788d5f486ea75e40abeb502a2267171be53030fe7614af7a2015eabd4c26e887ec9220beb3666fc68158d2b8dd659e3fe55245821c10e37ddeebac63eb1848512c64a543a13ba6735b156c6dc13395890e8003e03e7c2613e2c1de1dfadfe072cd7655e3b4166fe973233b4f81ecf810541382d67c92f29d76e220543a7179b606011b932cee250f99f260b29e79236cec10b67e0e0e48cb74593a7ce2e3cfafb6c58ac7ae5c10a591037c380b5f7516cac8f4ec695b020ca2445cb9bf97eb56c09d4a62618871b482ef97c5894349e10f62e2ee68b
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 41ec87c0295f2c734169b8a23c66ac9a
-      Version: 3
-      TBS:
-        MD5: b1504f143b89a6080710bafcededb833
-        SHA1: 5c2696893ebba1e81d918a4fadda143c25c77286
-        SHA256: ae1dc09d08e93ace95fe203adfbfadcd4c029529d3f99ab381c368064b58d9a0
-        SHA384: 18c6db711578cfcd4bce87c63d053e242c7c196efc892c2d4a8733cb75bb7dc3cac3f702e0e1d4b7fa2c590acb53fdee
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 41ec87c0295f2c734169b8a23c66ac9a
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  Imphash: 0707fe3c02c8d2a4d6219bd0596d76f3
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: be114b63574e247ecf51e79063dbd19b
-    SHA1: 61433a484870ba379064ba353b118497c67c7a7e
-    SHA256: 1204026fdc9c859960ee561eb9f1fd9ebf6c88c78c5d4cee35ef029ad5050ec6
-  Company: Novell, Inc.
-  Copyright: (C) Copyright 2000-2015, Novell, Inc. All Rights Reserved.
-  CreationTimestamp: '2015-09-26 07:24:31'
-  Date: ''
-  Description: Novell XTier Session Manager
-  ExportedFunctions:
-  - DllGetClassObject
-  - XTCOM_Table
-  FileVersion: 3.1.12.0
-  Filename: ''
-  ImportedFunctions:
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - KeInitializeMutex
-  - PsLookupProcessByProcessId
-  - IoDeleteDevice
-  - RtlEqualUnicodeString
-  - ZwOpenProcessTokenEx
-  - _vsnwprintf
-  - ZwClose
-  - ZwOpenProcess
-  - ZwQueryInformationProcess
-  - DbgPrint
-  - IoCreateDevice
-  - ZwQueryInformationToken
-  - RtlDeleteRegistryValue
-  - PsSetCreateProcessNotifyRoutine
-  - SeRegisterLogonSessionTerminatedRoutine
-  - SeUnregisterLogonSessionTerminatedRoutine
-  - ZwOpenThreadTokenEx
-  - IoGetCurrentProcess
-  - SeMarkLogonSessionForTerminationNotification
-  - PsGetCurrentProcessId
-  - KeBugCheckEx
-  - KeWaitForSingleObject
-  - ObfDereferenceObject
-  - KeReleaseMutex
-  - NicmCreateInstance
-  - NicmDeregisterClassFactory
-  Imports:
-  - ntoskrnl.exe
-  - nicm.sys
-  InternalName: ''
-  MD5: 353e5d424668d785f13c904fde3bac84
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: nscm.sys
-  PDBPath: ''
-  Product: Novell XTier
-  ProductVersion: 3.1.12
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 827395be6a60ed22c16a6eeea1843d8a
-    SHA1: 61171f78fedd9cc13cfa2fad18219d2aaf9ab83f
-    SHA256: d9b5607af39de0f2fc8d411d18fc86f6a1394c2b512b8876caef597f9c56dcad
-  SHA1: 1568117f691b41f989f10562f354ee574a6abc2d
-  SHA256: 1675eedd4c7f2ec47002d623bb4ec689ca9683020e0fdb0729a9047c8fb953dd
-  Sections:
-    .text:
-      Entropy: 6.015399864614518
-      Virtual Size: '0x5a46'
-    .rdata:
-      Entropy: 5.541678329889591
-      Virtual Size: '0x590'
-    .data:
-      Entropy: 1.445115035315444
-      Virtual Size: '0x5a8'
-    .pdata:
-      Entropy: 4.281479078212438
-      Virtual Size: '0x450'
-    .edata:
-      Entropy: 3.9838503165801646
-      Virtual Size: '0x63'
-    INIT:
-      Entropy: 5.349379600291399
-      Virtual Size: '0x4e0'
-    .rsrc:
-      Entropy: 3.2792136282019944
-      Virtual Size: '0x358'
-    .reloc:
-      Entropy: 1.2355823247516717
-      Virtual Size: '0x48'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=Novell, Inc.
-      ValidFrom: '2013-03-05 00:00:00'
-      ValidTo: '2016-06-03 23:59:59'
-      Signature: dbb57cdba61b53b01c104cf3d4e6d31a0b127402fa3a5213dd686a48a858b7581868cb93fe789e249ef175deca865e2387ba579d8088691b5475c836d8c9fcafcca373a0d43c5a07029da9915827d5ca8fb80c0c676ce33f8f028e00d7a197b7ae7b0f726a1eed35d30591fffdbb14bd78c01c1d47cc18de85424fc81bbbbb1733498a35712ed119db159f3939fae462bcf5e2bde54b32c1cbe38a40f6389d5d849459a9401c4c0edeec46fe8dde11e184efb79298c1aa8f0a776e32be63d49b072d7f24c88eded44e6345e5df49a5592094278f8605402082896432b788f3bf1ea2e3912bc3c4bdaf6d609ee52d38fb25b9245441277b5ab7d70b0bda6fbfee
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 22184f284c89a9c053cd2b78b4189eea
-      Version: 3
-      TBS:
-        MD5: 5b1207ffffc0eff3784003d17b3e71a9
-        SHA1: 564b29bd3d1ae704393bf72a6e3e6931d3d4184d
-        SHA256: 2b9c106aae9a1675874a797c8571eb9fcec0a503ca4ddff69603321350fe3e68
-        SHA384: eac8e04313e7d424d650203026e3011abf7f02f40fecd7ab1a139aa229fabe40ac62b1f262780c4b27758214b08f7e87
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 22184f284c89a9c053cd2b78b4189eea
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 01aa65221a48929f0a34a27c4e3011b1
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 3758930d9496e57668292eba34653f43
-    SHA1: 871a3a9cb2b7288f6e7f5dd21a06c7e04bcdf4ee
-    SHA256: cdcf71696db4031fe3e70969bbe6169744ff91eebb24d6ffb734f922a850183b
-  Company: Novell, Inc.
-  Copyright: (C) Copyright 2000-2013, Novell, Inc. All Rights Reserved.
-  CreationTimestamp: '2013-01-15 23:25:05'
-  Date: ''
-  Description: Novell XTier Session Manager
-  ExportedFunctions:
-  - DllGetClassObject
-  - XTCOM_Table
-  FileVersion: 3.1.11.0
-  Filename: ''
-  ImportedFunctions:
-  - IoDeleteDevice
-  - ZwQueryInformationToken
-  - ZwClose
-  - ZwOpenProcessTokenEx
-  - ZwOpenProcess
-  - PsGetCurrentProcessId
-  - IoFreeWorkItem
-  - ExFreePoolWithTag
-  - RtlEqualUnicodeString
-  - ZwQueryInformationProcess
-  - ExAllocatePoolWithTag
-  - KeWaitForSingleObject
-  - IoAllocateWorkItem
-  - KeInitializeMutex
-  - IoCreateDevice
-  - PsSetCreateProcessNotifyRoutine
-  - SeRegisterLogonSessionTerminatedRoutine
-  - SeUnregisterLogonSessionTerminatedRoutine
-  - SeMarkLogonSessionForTerminationNotification
-  - ZwOpenThreadTokenEx
-  - IoGetCurrentProcess
-  - KeTickCount
-  - DbgPrint
-  - IoQueueWorkItemEx
-  - KeReleaseMutex
-  - NicmCreateInstance
-  - NicmDeregisterClassFactory
-  Imports:
-  - ntoskrnl.exe
-  - nicm.sys
-  InternalName: ''
-  MD5: 81df475ab8d37343f0ad2a55b1397a8f
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: nscm.sys
-  PDBPath: ''
-  Product: Novell XTier
-  ProductVersion: 3.1.11
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 5564e34da652fc7ae9d585925305240b
-    SHA1: 22100f086e6701f0c2d08529a50e32490c1f7992
-    SHA256: 892bc3d48c3a534f764f61a23e33a00474c3abf0bf1280ab3f3e1da1e3fc51c2
-  SHA1: e067024ec42b556fb1e89ca52ef6719aa09cdf89
-  SHA256: 5a661e26cfe5d8dedf8c9644129039cfa40aebb448895187b96a8b7441d52aaa
-  Sections:
-    .text:
-      Entropy: 6.203445234172961
-      Virtual Size: '0x3d1e'
-    .rdata:
-      Entropy: 5.965429698658006
-      Virtual Size: '0x319'
-    .data:
-      Entropy: 1.31505443956947
-      Virtual Size: '0x2f4'
-    .edata:
-      Entropy: 3.895502465470399
-      Virtual Size: '0x63'
-    INIT:
-      Entropy: 5.46396678361327
-      Virtual Size: '0x3e4'
-    .rsrc:
-      Entropy: 3.275995301680775
-      Virtual Size: '0x358'
-    .reloc:
-      Entropy: 6.3111395868300635
-      Virtual Size: '0x58a'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, OU=Novell Products Group, CN=Novell, Inc.
-      ValidFrom: '2010-04-03 00:00:00'
-      ValidTo: '2013-04-26 23:59:59'
-      Signature: 2d2eec4636a0c1f359ef30a107e6c2301ad12c09ab9fdac02211aaef81323d1daee3a14a150bf9f4c7d0d788d5f486ea75e40abeb502a2267171be53030fe7614af7a2015eabd4c26e887ec9220beb3666fc68158d2b8dd659e3fe55245821c10e37ddeebac63eb1848512c64a543a13ba6735b156c6dc13395890e8003e03e7c2613e2c1de1dfadfe072cd7655e3b4166fe973233b4f81ecf810541382d67c92f29d76e220543a7179b606011b932cee250f99f260b29e79236cec10b67e0e0e48cb74593a7ce2e3cfafb6c58ac7ae5c10a591037c380b5f7516cac8f4ec695b020ca2445cb9bf97eb56c09d4a62618871b482ef97c5894349e10f62e2ee68b
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 41ec87c0295f2c734169b8a23c66ac9a
-      Version: 3
-      TBS:
-        MD5: b1504f143b89a6080710bafcededb833
-        SHA1: 5c2696893ebba1e81d918a4fadda143c25c77286
-        SHA256: ae1dc09d08e93ace95fe203adfbfadcd4c029529d3f99ab381c368064b58d9a0
-        SHA384: 18c6db711578cfcd4bce87c63d053e242c7c196efc892c2d4a8733cb75bb7dc3cac3f702e0e1d4b7fa2c590acb53fdee
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 41ec87c0295f2c734169b8a23c66ac9a
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  Imphash: 61b719638eacc2c5ca299805d4819e69
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: c6ccce2e7b4566f54a6fae9adb1b1c13
-    SHA1: 9e576add0418f0eb1866857633003be454595eb8
-    SHA256: 058c4fbd3a12f0d7ddfc771067f03dea88cc33dd4b61139edcb0b2d17905f084
-  Company: Novell, Inc.
-  Copyright: (C) Copyright 2000-2013, Novell, Inc. All Rights Reserved.
-  CreationTimestamp: '2013-05-29 04:48:33'
-  Date: ''
-  Description: Novell XTier Session Manager
-  ExportedFunctions:
-  - DllGetClassObject
-  - XTCOM_Table
-  FileVersion: 3.1.11.0
-  Filename: ''
-  ImportedFunctions:
-  - IoDeleteDevice
-  - ZwQueryInformationToken
-  - ZwClose
-  - ZwOpenProcessTokenEx
-  - ZwOpenProcess
-  - PsGetCurrentProcessId
-  - IoFreeWorkItem
-  - ExFreePoolWithTag
-  - RtlEqualUnicodeString
-  - ZwQueryInformationProcess
-  - ExAllocatePoolWithTag
-  - KeWaitForSingleObject
-  - IoAllocateWorkItem
-  - KeInitializeMutex
-  - IoCreateDevice
-  - PsSetCreateProcessNotifyRoutine
-  - SeRegisterLogonSessionTerminatedRoutine
-  - SeUnregisterLogonSessionTerminatedRoutine
-  - SeMarkLogonSessionForTerminationNotification
-  - ZwOpenThreadTokenEx
-  - IoGetCurrentProcess
-  - KeTickCount
-  - DbgPrint
-  - IoQueueWorkItemEx
-  - KeReleaseMutex
-  - NicmCreateInstance
-  - NicmDeregisterClassFactory
-  Imports:
-  - ntoskrnl.exe
-  - nicm.sys
-  InternalName: ''
-  MD5: eb61616a7bc58e3f5b8cf855d04808c3
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: nscm.sys
-  PDBPath: ''
-  Product: Novell XTier
-  ProductVersion: 3.1.11
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 5564e34da652fc7ae9d585925305240b
-    SHA1: 22100f086e6701f0c2d08529a50e32490c1f7992
-    SHA256: 892bc3d48c3a534f764f61a23e33a00474c3abf0bf1280ab3f3e1da1e3fc51c2
-  SHA1: fb25e6886d98fe044d0eb7bd42d24a93286266e0
-  SHA256: b0b6a410c22cc36f478ff874d4a23d2e4b4e37c6e55f2a095fc4c3ef32bcb763
-  Sections:
-    .text:
-      Entropy: 6.203445234172961
-      Virtual Size: '0x3d1e'
-    .rdata:
-      Entropy: 5.9628504398204285
-      Virtual Size: '0x317'
-    .data:
-      Entropy: 1.31505443956947
-      Virtual Size: '0x2f4'
-    .edata:
-      Entropy: 3.847194299875986
-      Virtual Size: '0x63'
-    INIT:
-      Entropy: 5.46396678361327
-      Virtual Size: '0x3e4'
-    .rsrc:
-      Entropy: 3.275995301680775
-      Virtual Size: '0x358'
-    .reloc:
-      Entropy: 6.3111395868300635
-      Virtual Size: '0x58a'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=Novell, Inc.
-      ValidFrom: '2013-03-05 00:00:00'
-      ValidTo: '2016-06-03 23:59:59'
-      Signature: dbb57cdba61b53b01c104cf3d4e6d31a0b127402fa3a5213dd686a48a858b7581868cb93fe789e249ef175deca865e2387ba579d8088691b5475c836d8c9fcafcca373a0d43c5a07029da9915827d5ca8fb80c0c676ce33f8f028e00d7a197b7ae7b0f726a1eed35d30591fffdbb14bd78c01c1d47cc18de85424fc81bbbbb1733498a35712ed119db159f3939fae462bcf5e2bde54b32c1cbe38a40f6389d5d849459a9401c4c0edeec46fe8dde11e184efb79298c1aa8f0a776e32be63d49b072d7f24c88eded44e6345e5df49a5592094278f8605402082896432b788f3bf1ea2e3912bc3c4bdaf6d609ee52d38fb25b9245441277b5ab7d70b0bda6fbfee
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 22184f284c89a9c053cd2b78b4189eea
-      Version: 3
-      TBS:
-        MD5: 5b1207ffffc0eff3784003d17b3e71a9
-        SHA1: 564b29bd3d1ae704393bf72a6e3e6931d3d4184d
-        SHA256: 2b9c106aae9a1675874a797c8571eb9fcec0a503ca4ddff69603321350fe3e68
-        SHA384: eac8e04313e7d424d650203026e3011abf7f02f40fecd7ab1a139aa229fabe40ac62b1f262780c4b27758214b08f7e87
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 22184f284c89a9c053cd2b78b4189eea
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 61b719638eacc2c5ca299805d4819e69
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 971c1a374c811eac22b6fbfc2511b41c
-    SHA1: 6ba91ab77af48446e377efdcc817d902e1b22fd9
-    SHA256: 52c7b29023ac2a98b7a9c73de790d820d3d6d095bea0b077d4dad53fa97b0731
-  Company: Novell, Inc.
-  Copyright: (C) Copyright 2000-2008, Novell, Inc. All Rights Reserved.
-  CreationTimestamp: '2009-12-18 07:22:32'
-  Date: ''
-  Description: Novell XTier Session Manager
-  ExportedFunctions:
-  - DllGetClassObject
-  - XTCOM_Table
-  FileVersion: 3.1.6.0
-  Filename: ''
-  ImportedFunctions:
-  - IoDeleteDevice
-  - SeUnregisterLogonSessionTerminatedRoutine
-  - SeRegisterLogonSessionTerminatedRoutine
-  - KeInitializeMutex
-  - IoCreateDevice
-  - SeMarkLogonSessionForTerminationNotification
-  - KeWaitForSingleObject
-  - ZwQueryInformationToken
-  - IoGetCurrentProcess
-  - KeGetCurrentThread
-  - ZwOpenProcessTokenEx
-  - ZwOpenThreadTokenEx
-  - KeTickCount
-  - DbgPrint
-  - ZwClose
-  - KeReleaseMutex
-  - NicmCreateInstance
-  - NicmDeregisterClassFactory
-  Imports:
-  - ntoskrnl.exe
-  - nicm.sys
-  InternalName: ''
-  MD5: 5bb840db439eb281927588dbce5f5418
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: nscm.sys
-  PDBPath: ''
-  Product: Novell XTier
-  ProductVersion: 3.1.6
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: a02cb14b3079ba92db28e034cd4eb46b
-    SHA1: 689ab02cafe1533f83f0c290524e175f92949618
-    SHA256: 0e9bdca9f3da40100a47c9cb2af1e7bc370dfb9a1532f19af91e008b2bb6b370
-  SHA1: fa60a89980aad30db3a358fb1c1536a4d31dff6c
-  SHA256: e4cf438838dc10b188b3d4a318fd9ba2479abb078458d7f97591c723e2d637ce
-  Sections:
-    .text:
-      Entropy: 6.149831920888144
-      Virtual Size: '0x3505'
-    .rdata:
-      Entropy: 5.915581864636488
-      Virtual Size: '0x2c7'
-    .data:
-      Entropy: 0.6992933847552781
-      Virtual Size: '0x294'
-    .edata:
-      Entropy: 3.9157044856724195
-      Virtual Size: '0x63'
-    INIT:
-      Entropy: 5.403372974444229
-      Virtual Size: '0x2f0'
-    .rsrc:
-      Entropy: 3.289150653685818
-      Virtual Size: '0x350'
-    .reloc:
-      Entropy: 6.217652346351421
-      Virtual Size: '0x510'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, OU=Novell Products Group, CN=Novell, Inc.
-      ValidFrom: '2007-04-04 00:00:00'
-      ValidTo: '2010-04-27 23:59:59'
-      Signature: 267f71f6ee43755fd6395f85c34bb15a72a6f2a959c2074627d294395fb1aaa4c7bbeff369d735628b233bde7e5c95a0f1837e5ad03704270834ce9c1b07649a256027930f44e064568666b06e7f9dc3cd299b38b0a6766301200ab58434a05a34a369ab99bbbf2aaa6b3603481e0393a80ea09e78a7cf55317a9590c49887f02e1fd948c3b1f6d203e91782ce423d0569f45e7f074205df5f92be6ccd9836641439af4390022242e0ca84aedb0d71c5a50f2dbd1ed30e5ac9c1bda67c694f94f2fe4aa83945ed32e426afe26f44dcb6dcc8186728f86f1a1bddc1ea7dd82b76578a42d1e63bf5f8f348fbcd509094858978e375d277394529df1dd5d78abab2
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 4808d93b14b8600dbfa18dab5d15310f
-      Version: 3
-      TBS:
-        MD5: adddb65a3a360b3c1a55cb33e426f32a
-        SHA1: 93d9b282265288a94ee4f1a01c5fb3a08badb7ac
-        SHA256: d98d63f26125a94eb767fdd2526f6c74bfb40cb4d117a1d87ca3ed0d99bd6f0b
-        SHA384: cf20d9d6343b52b05ebaeace8a75ad950089e2d55508571cf5b153583fdf2d7b11bc61b8f38bfa70f09b2e7ac63d9ef5
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 4808d93b14b8600dbfa18dab5d15310f
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  Imphash: 052280a42374b8d779c10cd0d8118691
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: b372031d7a2000669e5de1d85071025b
-    SHA1: 8aa0e754ef4a5f94ae72b76d54fa052264faefbc
-    SHA256: 0174cea1dd70b374f355126ae6be650dff95897d8c8200caac91d4f9e5e5b871
-  Company: Novell, Inc.
-  Copyright: (C) Copyright 2000-2011, Novell, Inc. All Rights Reserved.
-  CreationTimestamp: '2011-09-29 19:30:09'
-  Date: ''
-  Description: Novell XTier Session Manager
-  ExportedFunctions:
-  - DllGetClassObject
-  - XTCOM_Table
-  FileVersion: 3.1.6.0
-  Filename: ''
-  ImportedFunctions:
-  - IoCreateDevice
-  - SeUnregisterLogonSessionTerminatedRoutine
-  - KeInitializeMutex
-  - IoDeleteDevice
-  - SeRegisterLogonSessionTerminatedRoutine
-  - SeMarkLogonSessionForTerminationNotification
-  - KeReleaseMutex
-  - ZwOpenThreadTokenEx
-  - ZwOpenProcessTokenEx
-  - IoGetCurrentProcess
-  - ZwClose
-  - KeBugCheckEx
-  - KeWaitForSingleObject
-  - ZwQueryInformationToken
-  - DbgPrint
-  - NicmCreateInstance
-  - NicmDeregisterClassFactory
-  Imports:
-  - ntoskrnl.exe
-  - nicm.sys
-  InternalName: ''
-  MD5: ddf2655068467d981242ea96e3b88614
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: nscm.sys
-  PDBPath: ''
-  Product: Novell XTier
-  ProductVersion: 3.1.6
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 4a07178c85358a7450e421019955ccee
-    SHA1: 0e0b4edfb21b1a41b2f00f341bc1c6de6a650546
-    SHA256: dd7717af9d41e7c2d7c773f3e063d396ad8676b3d940732451acc1fc28ec9989
-  SHA1: 08efd5e24b5ebfef63b5e488144dc9fb6524eaf1
-  SHA256: 003e61358878c7e49e18420ee0b4a37b51880be40929a76e529c7b3fb18e81b4
-  Sections:
-    .text:
-      Entropy: 5.98589698052852
-      Virtual Size: '0x4c15'
-    .rdata:
-      Entropy: 5.621901106382278
-      Virtual Size: '0x4a8'
-    .data:
-      Entropy: 0.8264834692004682
-      Virtual Size: '0x568'
-    .pdata:
-      Entropy: 4.111090558168592
-      Virtual Size: '0x3d8'
-    .edata:
-      Entropy: 3.9636482963781448
-      Virtual Size: '0x63'
-    INIT:
-      Entropy: 5.259964214601351
-      Virtual Size: '0x360'
-    .rsrc:
-      Entropy: 3.287931080812757
-      Virtual Size: '0x350'
-    .reloc:
-      Entropy: 1.2454265871243133
-      Virtual Size: '0x3c'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, OU=Novell Products Group, CN=Novell, Inc.
-      ValidFrom: '2010-04-03 00:00:00'
-      ValidTo: '2013-04-26 23:59:59'
-      Signature: 2d2eec4636a0c1f359ef30a107e6c2301ad12c09ab9fdac02211aaef81323d1daee3a14a150bf9f4c7d0d788d5f486ea75e40abeb502a2267171be53030fe7614af7a2015eabd4c26e887ec9220beb3666fc68158d2b8dd659e3fe55245821c10e37ddeebac63eb1848512c64a543a13ba6735b156c6dc13395890e8003e03e7c2613e2c1de1dfadfe072cd7655e3b4166fe973233b4f81ecf810541382d67c92f29d76e220543a7179b606011b932cee250f99f260b29e79236cec10b67e0e0e48cb74593a7ce2e3cfafb6c58ac7ae5c10a591037c380b5f7516cac8f4ec695b020ca2445cb9bf97eb56c09d4a62618871b482ef97c5894349e10f62e2ee68b
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 41ec87c0295f2c734169b8a23c66ac9a
-      Version: 3
-      TBS:
-        MD5: b1504f143b89a6080710bafcededb833
-        SHA1: 5c2696893ebba1e81d918a4fadda143c25c77286
-        SHA256: ae1dc09d08e93ace95fe203adfbfadcd4c029529d3f99ab381c368064b58d9a0
-        SHA384: 18c6db711578cfcd4bce87c63d053e242c7c196efc892c2d4a8733cb75bb7dc3cac3f702e0e1d4b7fa2c590acb53fdee
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 41ec87c0295f2c734169b8a23c66ac9a
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  Imphash: b8d0a36d2b14d79dfa08fb2e121f0920
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: e688b6a82cdde6f902e0a8a5c3a060e6
-    SHA1: 8281e161d667835b26397b4d944b55bb2dea01f9
-    SHA256: 5173b9240e9bcd0d9b25290bb0aa45d156fd5a0080841515ab44f61e0e6bd894
-  Company: Novell, Inc.
-  Copyright: (C) Copyright 2000-2014, Novell, Inc. All Rights Reserved.
-  CreationTimestamp: '2014-11-18 01:10:41'
-  Date: ''
-  Description: Novell XTier Session Manager
-  ExportedFunctions:
-  - DllGetClassObject
-  - XTCOM_Table
-  FileVersion: 3.1.11.0
-  Filename: ''
-  ImportedFunctions:
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - KeInitializeMutex
-  - PsLookupProcessByProcessId
-  - IoDeleteDevice
-  - RtlEqualUnicodeString
-  - ZwOpenProcessTokenEx
-  - _vsnwprintf
-  - ZwClose
-  - ZwOpenProcess
-  - ZwQueryInformationProcess
-  - DbgPrint
-  - IoCreateDevice
-  - ZwQueryInformationToken
-  - RtlDeleteRegistryValue
-  - PsSetCreateProcessNotifyRoutine
-  - SeRegisterLogonSessionTerminatedRoutine
-  - SeUnregisterLogonSessionTerminatedRoutine
-  - ZwOpenThreadTokenEx
-  - IoGetCurrentProcess
-  - SeMarkLogonSessionForTerminationNotification
-  - PsGetCurrentProcessId
-  - KeBugCheckEx
-  - KeWaitForSingleObject
-  - ObfDereferenceObject
-  - KeReleaseMutex
-  - NicmCreateInstance
-  - NicmDeregisterClassFactory
-  Imports:
-  - ntoskrnl.exe
-  - nicm.sys
-  InternalName: ''
-  MD5: d1440503d1528c55fdc569678a663667
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: nscm.sys
-  PDBPath: ''
-  Product: Novell XTier
-  ProductVersion: 3.1.11
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 827395be6a60ed22c16a6eeea1843d8a
-    SHA1: 61171f78fedd9cc13cfa2fad18219d2aaf9ab83f
-    SHA256: d9b5607af39de0f2fc8d411d18fc86f6a1394c2b512b8876caef597f9c56dcad
-  SHA1: d7b20ac695002334f804ffc67705ce6ac5732f91
-  SHA256: 49ef680510e3dac6979a20629d10f06822c78f45b9a62ec209b71827a526be94
-  Sections:
-    .text:
-      Entropy: 6.015399864614518
-      Virtual Size: '0x5a46'
-    .rdata:
-      Entropy: 5.576540355113173
-      Virtual Size: '0x59c'
-    .data:
-      Entropy: 1.445115035315444
-      Virtual Size: '0x5a8'
-    .pdata:
-      Entropy: 4.28138480911378
-      Virtual Size: '0x450'
-    .edata:
-      Entropy: 3.935821149891645
-      Virtual Size: '0x63'
-    INIT:
-      Entropy: 5.349379600291399
-      Virtual Size: '0x4e0'
-    .rsrc:
-      Entropy: 3.274996758488867
-      Virtual Size: '0x358'
-    .reloc:
-      Entropy: 1.2355823247516717
-      Virtual Size: '0x48'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=Novell, Inc.
-      ValidFrom: '2013-03-05 00:00:00'
-      ValidTo: '2016-06-03 23:59:59'
-      Signature: dbb57cdba61b53b01c104cf3d4e6d31a0b127402fa3a5213dd686a48a858b7581868cb93fe789e249ef175deca865e2387ba579d8088691b5475c836d8c9fcafcca373a0d43c5a07029da9915827d5ca8fb80c0c676ce33f8f028e00d7a197b7ae7b0f726a1eed35d30591fffdbb14bd78c01c1d47cc18de85424fc81bbbbb1733498a35712ed119db159f3939fae462bcf5e2bde54b32c1cbe38a40f6389d5d849459a9401c4c0edeec46fe8dde11e184efb79298c1aa8f0a776e32be63d49b072d7f24c88eded44e6345e5df49a5592094278f8605402082896432b788f3bf1ea2e3912bc3c4bdaf6d609ee52d38fb25b9245441277b5ab7d70b0bda6fbfee
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 22184f284c89a9c053cd2b78b4189eea
-      Version: 3
-      TBS:
-        MD5: 5b1207ffffc0eff3784003d17b3e71a9
-        SHA1: 564b29bd3d1ae704393bf72a6e3e6931d3d4184d
-        SHA256: 2b9c106aae9a1675874a797c8571eb9fcec0a503ca4ddff69603321350fe3e68
-        SHA384: eac8e04313e7d424d650203026e3011abf7f02f40fecd7ab1a139aa229fabe40ac62b1f262780c4b27758214b08f7e87
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 22184f284c89a9c053cd2b78b4189eea
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 01aa65221a48929f0a34a27c4e3011b1
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 86c7e1fbe71ce4a51fc4842efbe4e80d
-    SHA1: ad20f4fce0a45f0da0a52c077b324daa3aaa4cc9
-    SHA256: aa1c07fc6289ddc2182b11e555073e66b7acbfc17c38efb44ecaa19a6aaf722f
-  Company: Novell, Inc.
-  Copyright: (C) Copyright 2000-2014, Novell, Inc. All Rights Reserved.
-  CreationTimestamp: '2014-08-26 13:58:08'
-  Date: ''
-  Description: Novell XTier Session Manager
-  ExportedFunctions:
-  - DllGetClassObject
-  - XTCOM_Table
-  FileVersion: 3.1.11.0
-  Filename: ''
-  ImportedFunctions:
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - KeInitializeMutex
-  - IoQueueWorkItemEx
-  - IoDeleteDevice
-  - IoFreeWorkItem
-  - RtlEqualUnicodeString
-  - ZwOpenProcessTokenEx
-  - IoAllocateWorkItem
-  - _vsnwprintf
-  - ZwClose
-  - ZwOpenProcess
-  - DbgPrint
-  - IoCreateDevice
-  - ZwQueryInformationToken
-  - RtlDeleteRegistryValue
-  - PsSetCreateProcessNotifyRoutine
-  - SeRegisterLogonSessionTerminatedRoutine
-  - SeUnregisterLogonSessionTerminatedRoutine
-  - ZwOpenThreadTokenEx
-  - IoGetCurrentProcess
-  - SeMarkLogonSessionForTerminationNotification
-  - PsGetCurrentProcessId
-  - KeBugCheckEx
-  - KeWaitForSingleObject
-  - ZwQueryInformationProcess
-  - KeReleaseMutex
-  - NicmCreateInstance
-  - NicmDeregisterClassFactory
-  Imports:
-  - ntoskrnl.exe
-  - nicm.sys
-  InternalName: ''
-  MD5: 71858fa117e6f3309606d5cdb57e6e09
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: nscm.sys
-  PDBPath: ''
-  Product: Novell XTier
-  ProductVersion: 3.1.11
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: e3f809adc7209deac4fee4537f435785
-    SHA1: 5e3af18762ce914887ebf89382c5d285cf246dde
-    SHA256: 1984e5db1da017058f5b288e0517840fdf15983a08932af7e80bf6408eb19efb
-  SHA1: 77a011b5d5d5aaf421a543fcee22cb7979807c60
-  SHA256: a855b6ec385b3369c547a3c54e88a013dd028865aba0f3f08be84cdcbaa9a0f6
-  Sections:
-    .text:
-      Entropy: 6.005303811091079
-      Virtual Size: '0x5956'
-    .rdata:
-      Entropy: 5.502369510844811
-      Virtual Size: '0x598'
-    .data:
-      Entropy: 1.4266625052332786
-      Virtual Size: '0x5a8'
-    .pdata:
-      Entropy: 4.308130710944577
-      Virtual Size: '0x438'
-    .edata:
-      Entropy: 3.9510714024606037
-      Virtual Size: '0x63'
-    INIT:
-      Entropy: 5.340825447936182
-      Virtual Size: '0x4ee'
-    .rsrc:
-      Entropy: 3.274996758488867
-      Virtual Size: '0x358'
-    .reloc:
-      Entropy: 1.2355823247516717
-      Virtual Size: '0x48'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=Novell, Inc.
-      ValidFrom: '2013-03-05 00:00:00'
-      ValidTo: '2016-06-03 23:59:59'
-      Signature: dbb57cdba61b53b01c104cf3d4e6d31a0b127402fa3a5213dd686a48a858b7581868cb93fe789e249ef175deca865e2387ba579d8088691b5475c836d8c9fcafcca373a0d43c5a07029da9915827d5ca8fb80c0c676ce33f8f028e00d7a197b7ae7b0f726a1eed35d30591fffdbb14bd78c01c1d47cc18de85424fc81bbbbb1733498a35712ed119db159f3939fae462bcf5e2bde54b32c1cbe38a40f6389d5d849459a9401c4c0edeec46fe8dde11e184efb79298c1aa8f0a776e32be63d49b072d7f24c88eded44e6345e5df49a5592094278f8605402082896432b788f3bf1ea2e3912bc3c4bdaf6d609ee52d38fb25b9245441277b5ab7d70b0bda6fbfee
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 22184f284c89a9c053cd2b78b4189eea
-      Version: 3
-      TBS:
-        MD5: 5b1207ffffc0eff3784003d17b3e71a9
-        SHA1: 564b29bd3d1ae704393bf72a6e3e6931d3d4184d
-        SHA256: 2b9c106aae9a1675874a797c8571eb9fcec0a503ca4ddff69603321350fe3e68
-        SHA384: eac8e04313e7d424d650203026e3011abf7f02f40fecd7ab1a139aa229fabe40ac62b1f262780c4b27758214b08f7e87
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 22184f284c89a9c053cd2b78b4189eea
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 0a8eeabf5981efb2116244785cb03900
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 8e14a79b10ada5719e402ea12dd77111
-    SHA1: 0466c42d770bf9350948d15810f04965f8ab658a
-    SHA256: 11b0e5d7971aaa2a6c4621f068af390f291fd796c202369605c2e0c7940f50ee
-  Company: Novell, Inc.
-  Copyright: (C) Copyright 2000-2008, Novell, Inc. All Rights Reserved.
-  CreationTimestamp: '2009-09-08 13:31:34'
-  Date: ''
-  Description: Novell XTier Session Manager
-  ExportedFunctions:
-  - DllGetClassObject
-  - XTCOM_Table
-  FileVersion: 3.1.6.0
-  Filename: ''
-  ImportedFunctions:
-  - IoDeleteDevice
-  - SeUnregisterLogonSessionTerminatedRoutine
-  - SeRegisterLogonSessionTerminatedRoutine
-  - KeInitializeMutex
-  - IoCreateDevice
-  - SeMarkLogonSessionForTerminationNotification
-  - KeWaitForSingleObject
-  - ZwQueryInformationToken
-  - IoGetCurrentProcess
-  - KeGetCurrentThread
-  - ZwOpenProcessTokenEx
-  - ZwOpenThreadTokenEx
-  - KeTickCount
-  - DbgPrint
-  - ZwClose
-  - KeReleaseMutex
-  - NicmCreateInstance
-  - NicmDeregisterClassFactory
-  Imports:
-  - ntoskrnl.exe
-  - nicm.sys
-  InternalName: ''
-  MD5: 71fffc05cff351a6f26f78441cfebe26
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: nscm.sys
-  PDBPath: ''
-  Product: Novell XTier
-  ProductVersion: 3.1.6
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: a02cb14b3079ba92db28e034cd4eb46b
-    SHA1: 689ab02cafe1533f83f0c290524e175f92949618
-    SHA256: 0e9bdca9f3da40100a47c9cb2af1e7bc370dfb9a1532f19af91e008b2bb6b370
-  SHA1: c1fe7870e202733123715cacae9b02c29494d94d
-  SHA256: 41eeeb0472c7e9c3a7146a2133341cd74dd3f8b5064c9dee2c70e5daa060954f
-  Sections:
-    .text:
-      Entropy: 6.149831920888144
-      Virtual Size: '0x3505'
-    .rdata:
-      Entropy: 5.935542810040417
-      Virtual Size: '0x2b6'
-    .data:
-      Entropy: 0.6992933847552781
-      Virtual Size: '0x294'
-    .edata:
-      Entropy: 3.9157044856724195
-      Virtual Size: '0x63'
-    INIT:
-      Entropy: 5.403372974444229
-      Virtual Size: '0x2f0'
-    .rsrc:
-      Entropy: 3.289150653685818
-      Virtual Size: '0x350'
-    .reloc:
-      Entropy: 6.217652346351421
-      Virtual Size: '0x510'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, OU=Novell Products Group, CN=Novell, Inc.
-      ValidFrom: '2007-04-04 00:00:00'
-      ValidTo: '2010-04-27 23:59:59'
-      Signature: 267f71f6ee43755fd6395f85c34bb15a72a6f2a959c2074627d294395fb1aaa4c7bbeff369d735628b233bde7e5c95a0f1837e5ad03704270834ce9c1b07649a256027930f44e064568666b06e7f9dc3cd299b38b0a6766301200ab58434a05a34a369ab99bbbf2aaa6b3603481e0393a80ea09e78a7cf55317a9590c49887f02e1fd948c3b1f6d203e91782ce423d0569f45e7f074205df5f92be6ccd9836641439af4390022242e0ca84aedb0d71c5a50f2dbd1ed30e5ac9c1bda67c694f94f2fe4aa83945ed32e426afe26f44dcb6dcc8186728f86f1a1bddc1ea7dd82b76578a42d1e63bf5f8f348fbcd509094858978e375d277394529df1dd5d78abab2
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 4808d93b14b8600dbfa18dab5d15310f
-      Version: 3
-      TBS:
-        MD5: adddb65a3a360b3c1a55cb33e426f32a
-        SHA1: 93d9b282265288a94ee4f1a01c5fb3a08badb7ac
-        SHA256: d98d63f26125a94eb767fdd2526f6c74bfb40cb4d117a1d87ca3ed0d99bd6f0b
-        SHA384: cf20d9d6343b52b05ebaeace8a75ad950089e2d55508571cf5b153583fdf2d7b11bc61b8f38bfa70f09b2e7ac63d9ef5
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 4808d93b14b8600dbfa18dab5d15310f
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  Imphash: 052280a42374b8d779c10cd0d8118691
-  LoadsDespiteHVCI: 'FALSE'
-MitreID: T1068
+    Command: sc.exe create nscm.sys binPath=C:\windows\temp \n \n \n  scm.sys type=kernel
+        && sc.exe start nscm.sys
+    Description: nscm.sys is a vulnerable driver. CVE-2013-3956.
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://github.com/jbaines-r7/dellicious
 - https://www.rapid7.com/blog/post/2021/12/13/driver-based-attacks-past-and-present/
-Tags:
-- nscm.sys
-Verified: 'TRUE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/76660e91f1ff3cb89630df5af4fe09de6098d09baa66b1a130c89c3c5edd5b22.yara
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 0d1a4e506e7c928f1683a9cf38eb0835
+        SHA1: 50471608c91621cb84ba646974311da0abf6b3e9
+        SHA256: 0e291148da43ea6a491b8b94bdf573365087940c9b90f6a15a4e589da86a518d
+    Company: Novell, Inc.
+    Copyright: (C) Copyright 2000-2013, Novell, Inc. All Rights Reserved.
+    CreationTimestamp: '2013-01-15 23:24:57'
+    Date: ''
+    Description: Novell XTier Session Manager
+    ExportedFunctions:
+    - DllGetClassObject
+    - XTCOM_Table
+    FileVersion: 3.1.11.0
+    Filename: nscm.sys
+    ImportedFunctions:
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - KeInitializeMutex
+    - IoQueueWorkItemEx
+    - IoDeleteDevice
+    - IoFreeWorkItem
+    - RtlEqualUnicodeString
+    - ZwOpenProcessTokenEx
+    - IoAllocateWorkItem
+    - ZwClose
+    - ZwOpenProcess
+    - DbgPrint
+    - PsGetCurrentProcessId
+    - IoCreateDevice
+    - ZwQueryInformationToken
+    - PsSetCreateProcessNotifyRoutine
+    - SeRegisterLogonSessionTerminatedRoutine
+    - SeUnregisterLogonSessionTerminatedRoutine
+    - ZwOpenThreadTokenEx
+    - IoGetCurrentProcess
+    - SeMarkLogonSessionForTerminationNotification
+    - KeBugCheckEx
+    - KeWaitForSingleObject
+    - ZwQueryInformationProcess
+    - KeReleaseMutex
+    - NicmCreateInstance
+    - NicmDeregisterClassFactory
+    Imports:
+    - ntoskrnl.exe
+    - nicm.sys
+    InternalName: ''
+    MD5: 4a23e0f2c6f926a41b28d574cbc6ac30
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: nscm.sys
+    Product: Novell XTier
+    ProductVersion: 3.1.11
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 0d646b28e804b652211b8f3e0feac906
+        SHA1: 1169ececb349b1d1a50626a2565e85cc6e9049ea
+        SHA256: 097828b6f5705aca00605777868f774f37fd5ecf705e958c6dbdb860c4934be4
+    SHA1: 64e4ac8b9ea2f050933b7ec76a55dd04e97773b4
+    SHA256: 76660e91f1ff3cb89630df5af4fe09de6098d09baa66b1a130c89c3c5edd5b22
+    Sections:
+        .text:
+            Entropy: 5.9944111351941185
+            Virtual Size: '0x5736'
+        .rdata:
+            Entropy: 5.542492779395016
+            Virtual Size: '0x570'
+        .data:
+            Entropy: 1.445115035315444
+            Virtual Size: '0x5a8'
+        .pdata:
+            Entropy: 4.268472946152158
+            Virtual Size: '0x42c'
+        .edata:
+            Entropy: 3.9636482963781448
+            Virtual Size: '0x63'
+        INIT:
+            Entropy: 5.324738401510091
+            Virtual Size: '0x4b6'
+        .rsrc:
+            Entropy: 3.275995301680775
+            Virtual Size: '0x358'
+        .reloc:
+            Entropy: 1.2355823247516717
+            Virtual Size: '0x48'
+    Signature:
+    - Novell, Inc.
+    - VeriSign Class 3 Code Signing 2009-2 CA
+    - VeriSign Class 3 Public Primary CA
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        -   Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3
+                , Microsoft Software Validation v2, OU=Novell Products Group, CN=Novell,
+                Inc.
+            ValidFrom: '2010-04-03 00:00:00'
+            ValidTo: '2013-04-26 23:59:59'
+            Signature: 2d2eec4636a0c1f359ef30a107e6c2301ad12c09ab9fdac02211aaef81323d1daee3a14a150bf9f4c7d0d788d5f486ea75e40abeb502a2267171be53030fe7614af7a2015eabd4c26e887ec9220beb3666fc68158d2b8dd659e3fe55245821c10e37ddeebac63eb1848512c64a543a13ba6735b156c6dc13395890e8003e03e7c2613e2c1de1dfadfe072cd7655e3b4166fe973233b4f81ecf810541382d67c92f29d76e220543a7179b606011b932cee250f99f260b29e79236cec10b67e0e0e48cb74593a7ce2e3cfafb6c58ac7ae5c10a591037c380b5f7516cac8f4ec695b020ca2445cb9bf97eb56c09d4a62618871b482ef97c5894349e10f62e2ee68b
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 41ec87c0295f2c734169b8a23c66ac9a
+            Version: 3
+            TBS:
+                MD5: b1504f143b89a6080710bafcededb833
+                SHA1: 5c2696893ebba1e81d918a4fadda143c25c77286
+                SHA256: ae1dc09d08e93ace95fe203adfbfadcd4c029529d3f99ab381c368064b58d9a0
+                SHA384: 18c6db711578cfcd4bce87c63d053e242c7c196efc892c2d4a8733cb75bb7dc3cac3f702e0e1d4b7fa2c590acb53fdee
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 41ec87c0295f2c734169b8a23c66ac9a
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    Imphash: 8b7e7c20da6ca9ac4bdb3927fe2b266a
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 3a5b83215c9ea17f8d3ad3812c30a340
+        SHA1: 533e0690528ff3f0d59edeed9dd53b4f37c0a110
+        SHA256: 1622ac0c618a86be17e0f97daa061f9aaa0e721dc0fd30d76bbc5c958e9a9d92
+    Company: Novell, Inc.
+    Copyright: (C) Copyright 2000-2008, Novell, Inc. All Rights Reserved.
+    CreationTimestamp: '2009-03-27 11:56:49'
+    Description: Novell XTier Session Manager
+    ExportedFunctions:
+    - DllGetClassObject
+    - XTCOM_Table
+    FileVersion: 3.1.6.0
+    Filename: nscm.sys
+    ImportedFunctions:
+    - IoCreateDevice
+    - SeUnregisterLogonSessionTerminatedRoutine
+    - KeInitializeMutex
+    - IoDeleteDevice
+    - SeRegisterLogonSessionTerminatedRoutine
+    - ZwOpenProcessTokenEx
+    - KeReleaseMutex
+    - ZwClose
+    - SeMarkLogonSessionForTerminationNotification
+    - ZwQueryInformationToken
+    - ZwOpenThreadTokenEx
+    - KeBugCheckEx
+    - KeWaitForSingleObject
+    - IoGetCurrentProcess
+    - DbgPrint
+    - NicmCreateInstance
+    - NicmDeregisterClassFactory
+    Imports:
+    - ntoskrnl.exe
+    - nicm.sys
+    InternalName: ''
+    MD5: ba2c0fa201c74621cddd8638497b3c70
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: nscm.sys
+    Product: Novell XTier
+    ProductVersion: 3.1.6
+    RichPEHeaderHash:
+        MD5: 4a07178c85358a7450e421019955ccee
+        SHA1: 0e0b4edfb21b1a41b2f00f341bc1c6de6a650546
+        SHA256: dd7717af9d41e7c2d7c773f3e063d396ad8676b3d940732451acc1fc28ec9989
+    SHA1: 8f540936f2484d020e270e41529624407b7e107e
+    SHA256: 28999af32b55ddb7dcfc26376a244aa2fe297233ce7abe4919a1aef2f7e2cee7
+    Sections:
+        .text:
+            Entropy: 5.981323117886685
+            Virtual Size: '0x4a25'
+        .rdata:
+            Entropy: 5.681127753509768
+            Virtual Size: '0x480'
+        .data:
+            Entropy: 0.8264834692004682
+            Virtual Size: '0x548'
+        .pdata:
+            Entropy: 4.218145333940637
+            Virtual Size: '0x3c0'
+        .edata:
+            Entropy: 3.983850316580165
+            Virtual Size: '0x63'
+        INIT:
+            Entropy: 5.26537545088398
+            Virtual Size: '0x360'
+        .rsrc:
+            Entropy: 3.289150653685818
+            Virtual Size: '0x350'
+        .reloc:
+            Entropy: 1.2454265871243133
+            Virtual Size: '0x3c'
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3
+                , Microsoft Software Validation v2, OU=Novell Products Group, CN=Novell,
+                Inc.
+            ValidFrom: '2007-04-04 00:00:00'
+            ValidTo: '2010-04-27 23:59:59'
+            Signature: 267f71f6ee43755fd6395f85c34bb15a72a6f2a959c2074627d294395fb1aaa4c7bbeff369d735628b233bde7e5c95a0f1837e5ad03704270834ce9c1b07649a256027930f44e064568666b06e7f9dc3cd299b38b0a6766301200ab58434a05a34a369ab99bbbf2aaa6b3603481e0393a80ea09e78a7cf55317a9590c49887f02e1fd948c3b1f6d203e91782ce423d0569f45e7f074205df5f92be6ccd9836641439af4390022242e0ca84aedb0d71c5a50f2dbd1ed30e5ac9c1bda67c694f94f2fe4aa83945ed32e426afe26f44dcb6dcc8186728f86f1a1bddc1ea7dd82b76578a42d1e63bf5f8f348fbcd509094858978e375d277394529df1dd5d78abab2
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 4808d93b14b8600dbfa18dab5d15310f
+            Version: 3
+            TBS:
+                MD5: adddb65a3a360b3c1a55cb33e426f32a
+                SHA1: 93d9b282265288a94ee4f1a01c5fb3a08badb7ac
+                SHA256: d98d63f26125a94eb767fdd2526f6c74bfb40cb4d117a1d87ca3ed0d99bd6f0b
+                SHA384: cf20d9d6343b52b05ebaeace8a75ad950089e2d55508571cf5b153583fdf2d7b11bc61b8f38bfa70f09b2e7ac63d9ef5
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 4808d93b14b8600dbfa18dab5d15310f
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    Imphash: 7d004bbe0f546a91c93562d324307fa7
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: b546d6b223a9e1a42f8359dbf9d9737c
+        SHA1: 41f6704252efa14de0d72eeaf7475886ba7f3bdc
+        SHA256: 92ca1aec3afc90b44861c2e0be084a3db38d22d52f35e1697643d6477151392f
+    Company: Novell, Inc.
+    Copyright: (C) Copyright 2000-2013, Novell, Inc. All Rights Reserved.
+    CreationTimestamp: '2013-01-15 23:24:57'
+    Description: Novell XTier Session Manager
+    ExportedFunctions:
+    - DllGetClassObject
+    - XTCOM_Table
+    FileVersion: 3.1.11.0
+    Filename: nscm.sys
+    ImportedFunctions:
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - KeInitializeMutex
+    - IoQueueWorkItemEx
+    - IoDeleteDevice
+    - IoFreeWorkItem
+    - RtlEqualUnicodeString
+    - ZwOpenProcessTokenEx
+    - IoAllocateWorkItem
+    - ZwClose
+    - ZwOpenProcess
+    - DbgPrint
+    - PsGetCurrentProcessId
+    - IoCreateDevice
+    - ZwQueryInformationToken
+    - PsSetCreateProcessNotifyRoutine
+    - SeRegisterLogonSessionTerminatedRoutine
+    - SeUnregisterLogonSessionTerminatedRoutine
+    - ZwOpenThreadTokenEx
+    - IoGetCurrentProcess
+    - SeMarkLogonSessionForTerminationNotification
+    - KeBugCheckEx
+    - KeWaitForSingleObject
+    - ZwQueryInformationProcess
+    - KeReleaseMutex
+    - NicmCreateInstance
+    - NicmDeregisterClassFactory
+    Imports:
+    - ntoskrnl.exe
+    - nicm.sys
+    InternalName: ''
+    MD5: 4c76554d9a72653c6156ca0024d21a8e
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: nscm.sys
+    Product: Novell XTier
+    ProductVersion: 3.1.11
+    RichPEHeaderHash:
+        MD5: 0d646b28e804b652211b8f3e0feac906
+        SHA1: 1169ececb349b1d1a50626a2565e85cc6e9049ea
+        SHA256: 097828b6f5705aca00605777868f774f37fd5ecf705e958c6dbdb860c4934be4
+    SHA1: 6d3c760251d6e6ea7ff4f4fcac14876fac829cf9
+    SHA256: 2e665962c827ce0adbd29fe6bcf09bbb1d7a7022075d162ff9b65d0af9794ac0
+    Sections:
+        .text:
+            Entropy: 5.9944111351941185
+            Virtual Size: '0x5736'
+        .rdata:
+            Entropy: 5.542492779395016
+            Virtual Size: '0x570'
+        .data:
+            Entropy: 1.445115035315444
+            Virtual Size: '0x5a8'
+        .pdata:
+            Entropy: 4.268472946152158
+            Virtual Size: '0x42c'
+        .edata:
+            Entropy: 3.9636482963781448
+            Virtual Size: '0x63'
+        INIT:
+            Entropy: 5.429528792402954
+            Virtual Size: '0x4b6'
+        .rsrc:
+            Entropy: 6.472426446171854
+            Virtual Size: '0x14a24'
+        .reloc:
+            Entropy: 5.039009418592025
+            Virtual Size: '0x48'
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Publisher
+            ValidFrom: '2022-01-27 19:31:19'
+            ValidTo: '2023-01-26 19:31:19'
+            Signature: 941777115fcaf24c60c4a8c891758c491887aa5e9f0902a704191e75dd6f99be3d14a24aa35b1f2a1c1c42dde08da3fa75a73edbf7b5ae0fe94b3716e43b838ff30149e19c51b8b87cc53377ae08bfc0f54c7fafa398db43e839de108493510bc34d0fe998a44fcd0a11b0dc0c7315421dac79ab09ca47f847f9fa88e15d57a564f7b074664409c0ce01c697b2dcfd31676fc908fbc6bb928f82170f0b5a54f52f4327797278b78188b87e37b192b493d00eaf661e30f12b9e67fbd1df9cc5843e6a1c68b45d4f62423450cdc990fab2367d7f57719cb8272f59d4f300284a36d88adfc976cb08c6b0da33d5e988be0e1a3cef2a9669b5227a5b8d027f804908
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 330000036ce57eeb5d1cc2be1700000000036c
+            Version: 3
+            TBS:
+                MD5: 7ece739fdaa27d96b67f587db04186a7
+                SHA1: b8701efa0ab12b8fea2293c9cff8772ecca084d0
+                SHA256: c1392bdcbb0b50215fca8c78f25c2d857e515dce06c87ce86527c88c91d5d7e4
+                SHA384: 8d292e8db16824f3ac9d668816c4cf521a9eb251069694c92932683afcaa4e53d5fa3a1f58356749e655299ed83fe191
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Production PCA 2011
+            ValidFrom: '2011-10-19 18:41:42'
+            ValidTo: '2026-10-19 18:51:42'
+            Signature: 14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: '61077656000000000008'
+            Version: 3
+            TBS:
+                MD5: 30a3f0b64324ed7f465e7fc618cb69e7
+                SHA1: 002de3561519b662c5e3f5faba1b92c403fb7c41
+                SHA256: 4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146
+                SHA384: 4f9a02c3eac5e83c38074d54c0bf270e03a1d668e0001c9812c509eb08a19075ee778a7630e65598e4608fc66e2d1c66
+        Signer:
+        -   SerialNumber: 330000036ce57eeb5d1cc2be1700000000036c
+            Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Production PCA 2011
+            Version: 1
+    Imphash: 8b7e7c20da6ca9ac4bdb3927fe2b266a
+    LoadsDespiteHVCI: 'TRUE'
+-   Authentihash:
+        MD5: 5d62cae57be434a4d56924574498c4f2
+        SHA1: 1a99d3141d75a3ef1998944b2d107089ce3ef6e4
+        SHA256: a363deaf1790e9c0610e07a7203749aab8b60f5ededc944abc0ef3010f5e2105
+    Company: Micro Focus
+    Copyright: (C) Copyright 2000-2017, Micro Focus. All Rights Reserved.
+    CreationTimestamp: '2022-03-03 03:52:58'
+    Description: XTier Security Context Manager
+    ExportedFunctions:
+    - DllGetClassObject
+    - XTCOM_Table
+    FileVersion: 3.1.12.0
+    Filename: nscm.sys
+    ImportedFunctions:
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - KeInitializeMutex
+    - PsLookupProcessByProcessId
+    - IoDeleteDevice
+    - RtlEqualUnicodeString
+    - ZwOpenProcessTokenEx
+    - _vsnwprintf
+    - ZwClose
+    - ZwOpenProcess
+    - ZwQueryInformationProcess
+    - DbgPrint
+    - IoCreateDevice
+    - ZwQueryInformationToken
+    - RtlDeleteRegistryValue
+    - PsSetCreateProcessNotifyRoutine
+    - SeRegisterLogonSessionTerminatedRoutine
+    - SeUnregisterLogonSessionTerminatedRoutine
+    - ZwOpenThreadTokenEx
+    - IoGetCurrentProcess
+    - SeMarkLogonSessionForTerminationNotification
+    - PsGetCurrentProcessId
+    - KeBugCheckEx
+    - KeWaitForSingleObject
+    - ObfDereferenceObject
+    - KeReleaseMutex
+    - NicmCreateInstance
+    - NicmDeregisterClassFactory
+    Imports:
+    - ntoskrnl.exe
+    - nicm.sys
+    InternalName: ''
+    MD5: 5f4a232d92480a1bebbe025ef64dc760
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: nscm.sys
+    Product: Micro Focus XTier
+    ProductVersion: 3.1.12
+    RichPEHeaderHash:
+        MD5: 827395be6a60ed22c16a6eeea1843d8a
+        SHA1: 61171f78fedd9cc13cfa2fad18219d2aaf9ab83f
+        SHA256: d9b5607af39de0f2fc8d411d18fc86f6a1394c2b512b8876caef597f9c56dcad
+    SHA1: 0cb14c1049c0e81c8655ab7ee7d698c11758ea06
+    SHA256: 5351c81b4ec5a0d79c39d24bac7600d10eac30c13546fde43d23636b3f421e7c
+    Sections:
+        .text:
+            Entropy: 6.0164645838764494
+            Virtual Size: '0x5a66'
+        .rdata:
+            Entropy: 5.545815315316552
+            Virtual Size: '0x590'
+        .data:
+            Entropy: 1.445115035315444
+            Virtual Size: '0x5a8'
+        .pdata:
+            Entropy: 4.277709228070346
+            Virtual Size: '0x450'
+        .edata:
+            Entropy: 3.956023170093665
+            Virtual Size: '0x63'
+        INIT:
+            Entropy: 5.349379600291399
+            Virtual Size: '0x4e0'
+        .rsrc:
+            Entropy: 3.2835150258002495
+            Virtual Size: '0x360'
+        .reloc:
+            Entropy: 1.2355823247516717
+            Virtual Size: '0x48'
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Hardware Compatibility Publisher
+            ValidFrom: '2021-09-09 19:15:59'
+            ValidTo: '2022-09-01 19:15:59'
+            Signature: 1757782e797188079911866d54bd474a2432707984658c549a407e7fb4e5efa2ba72367a02b382d2116d4c4538836ddcd4616fcd231229df1ae5d0da6b3abe499ee5d8b47a7919940f6bbcbe2575018dca65eef4913e3d38410f2cd6cca3082d9ba2c061173cd828635665f76e8f0f685e03da24290b9d2cae7039da974de7b7e85798ba64cbe9ba34e0308c3bd6b4d68e9723fde74274fd3806fe799d04d6a3835f82d4fefc52088ccda4b4c817116f2f5a99445a3e952d78bc27753e65e97c6271c71ac7c9e3439b847e8984ab06a5904d150223f9ca92bbda86c02663c3f4964da5e106619b6eaff2768143cce9e5a8b0b2cba90e82cd87866d9fd6499c6cfbc96529a18b5653d12b54a6c928693a4e3d197ffbfcce7ed71a909b18d09b4345b24bc25eb8dfa1821a9cd0971ffc7d38a26580e2f118c4ac55bf926d0666b72ad7ba6ec20f0b54d694bc3b8a0dbddda27bd64194da085319841d1ebc9dc067ef72ea064a475bea865828b13077bc8e14e2f7544b90f0045f3cd84bcc0d5a80645a6fb65528e4f768ec775bdb0225399f3c81c0b667714676d0949f9ffaddc8549dc45e5ce4345c4ea7dc0aff4ac510f5527ad94a2181edc4b73bcfde813a83d81ca897854c98712346001a12e5d3bf9a45c807f9b3c7d3e0bb99c035ea54ee39e2c9af4147dbea7aabec85b47192b945e083ddf6061afb901e83b11135d24e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 330000004de597a775e3157f7b00000000004d
+            Version: 3
+            TBS:
+                MD5: 9f0782e89bd41cdd96ec55357457478a
+                SHA1: 35c2180572baad19019acca1334e6c653699c389
+                SHA256: 50814710213afec410f26e573d25267a2e21d3d15f158be8a43a666c9cc6fa08
+                SHA384: 8d48f066b0284071d64bbc556e018824a8388ccd142a56c7b7b04ef6d27cade07da57ac82d8067e18ad64d35af11e2a7
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2014
+            ValidFrom: '2014-10-15 20:31:27'
+            ValidTo: '2029-10-15 20:41:27'
+            Signature: 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 330000000d690d5d7893d076df00000000000d
+            Version: 3
+            TBS:
+                MD5: 83f69422963f11c3c340b81712eef319
+                SHA1: 0c5e5f24590b53bc291e28583acb78e5adc95601
+                SHA256: d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
+                SHA384: 260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63
+        Signer:
+        -   SerialNumber: 330000004de597a775e3157f7b00000000004d
+            Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2014
+            Version: 1
+    Imphash: 01aa65221a48929f0a34a27c4e3011b1
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 3050ced748b80cc81892435fd0868bfc
+        SHA1: 579e23f2b6ce2221ba435abc20801e98ab91a360
+        SHA256: 34f36a59ecf6174eeac15994e54c41fe1e3e3b1eee8ed4c399ec8c63212373d7
+    Company: Novell, Inc.
+    Copyright: (C) Copyright 2000-2011, Novell, Inc. All Rights Reserved.
+    CreationTimestamp: '2011-04-01 19:18:14'
+    Description: Novell XTier Session Manager
+    ExportedFunctions:
+    - DllGetClassObject
+    - XTCOM_Table
+    FileVersion: 3.1.6.0
+    Filename: nscm.sys
+    ImportedFunctions:
+    - IoCreateDevice
+    - SeUnregisterLogonSessionTerminatedRoutine
+    - KeInitializeMutex
+    - IoDeleteDevice
+    - SeRegisterLogonSessionTerminatedRoutine
+    - SeMarkLogonSessionForTerminationNotification
+    - KeReleaseMutex
+    - ZwOpenThreadTokenEx
+    - ZwOpenProcessTokenEx
+    - IoGetCurrentProcess
+    - ZwClose
+    - KeBugCheckEx
+    - KeWaitForSingleObject
+    - ZwQueryInformationToken
+    - DbgPrint
+    - NicmCreateInstance
+    - NicmDeregisterClassFactory
+    Imports:
+    - ntoskrnl.exe
+    - nicm.sys
+    InternalName: ''
+    MD5: f56f30ac68c35dd4680054cdfd8f3f00
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: nscm.sys
+    Product: Novell XTier
+    ProductVersion: 3.1.6
+    RichPEHeaderHash:
+        MD5: 4a07178c85358a7450e421019955ccee
+        SHA1: 0e0b4edfb21b1a41b2f00f341bc1c6de6a650546
+        SHA256: dd7717af9d41e7c2d7c773f3e063d396ad8676b3d940732451acc1fc28ec9989
+    SHA1: fce3a95b222c810c56e7ed5a3d7fb059eb693682
+    SHA256: 8e88cb80328c3dbaa2752591692e74a2fae7e146d7d8aabc9b9ac9a6fe561e6c
+    Sections:
+        .text:
+            Entropy: 5.98589698052852
+            Virtual Size: '0x4c15'
+        .rdata:
+            Entropy: 5.645994240527473
+            Virtual Size: '0x4b8'
+        .data:
+            Entropy: 0.8264834692004682
+            Virtual Size: '0x568'
+        .pdata:
+            Entropy: 4.238276468304064
+            Virtual Size: '0x3d8'
+        .edata:
+            Entropy: 3.956023170093665
+            Virtual Size: '0x63'
+        INIT:
+            Entropy: 5.259964214601351
+            Virtual Size: '0x360'
+        .rsrc:
+            Entropy: 3.287931080812757
+            Virtual Size: '0x350'
+        .reloc:
+            Entropy: 1.2454265871243133
+            Virtual Size: '0x3c'
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        -   Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3
+                , Microsoft Software Validation v2, OU=Novell Products Group, CN=Novell,
+                Inc.
+            ValidFrom: '2010-04-03 00:00:00'
+            ValidTo: '2013-04-26 23:59:59'
+            Signature: 2d2eec4636a0c1f359ef30a107e6c2301ad12c09ab9fdac02211aaef81323d1daee3a14a150bf9f4c7d0d788d5f486ea75e40abeb502a2267171be53030fe7614af7a2015eabd4c26e887ec9220beb3666fc68158d2b8dd659e3fe55245821c10e37ddeebac63eb1848512c64a543a13ba6735b156c6dc13395890e8003e03e7c2613e2c1de1dfadfe072cd7655e3b4166fe973233b4f81ecf810541382d67c92f29d76e220543a7179b606011b932cee250f99f260b29e79236cec10b67e0e0e48cb74593a7ce2e3cfafb6c58ac7ae5c10a591037c380b5f7516cac8f4ec695b020ca2445cb9bf97eb56c09d4a62618871b482ef97c5894349e10f62e2ee68b
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 41ec87c0295f2c734169b8a23c66ac9a
+            Version: 3
+            TBS:
+                MD5: b1504f143b89a6080710bafcededb833
+                SHA1: 5c2696893ebba1e81d918a4fadda143c25c77286
+                SHA256: ae1dc09d08e93ace95fe203adfbfadcd4c029529d3f99ab381c368064b58d9a0
+                SHA384: 18c6db711578cfcd4bce87c63d053e242c7c196efc892c2d4a8733cb75bb7dc3cac3f702e0e1d4b7fa2c590acb53fdee
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 41ec87c0295f2c734169b8a23c66ac9a
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    Imphash: b8d0a36d2b14d79dfa08fb2e121f0920
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 7e245f8b1d1bddfd217d1cd060b91657
+        SHA1: 8c89db8dd4d7947cb5eb13c7a12907564576cb91
+        SHA256: 00dfeab446afecac7b44b0b1680d5ca7d421eda243e16db8c08706bb593a8391
+    Company: Novell, Inc.
+    Copyright: (C) Copyright 2000-2008, Novell, Inc. All Rights Reserved.
+    CreationTimestamp: '2009-03-27 11:52:17'
+    Description: Novell XTier Session Manager
+    ExportedFunctions:
+    - DllGetClassObject
+    - XTCOM_Table
+    FileVersion: 3.1.6.0
+    Filename: nscm.sys
+    ImportedFunctions:
+    - IoDeleteDevice
+    - SeUnregisterLogonSessionTerminatedRoutine
+    - SeRegisterLogonSessionTerminatedRoutine
+    - KeInitializeMutex
+    - IoCreateDevice
+    - ZwClose
+    - KeWaitForSingleObject
+    - ZwOpenProcessTokenEx
+    - ZwOpenThreadTokenEx
+    - IoGetCurrentProcess
+    - SeMarkLogonSessionForTerminationNotification
+    - KeTickCount
+    - DbgPrint
+    - ZwQueryInformationToken
+    - KeReleaseMutex
+    - NicmCreateInstance
+    - NicmDeregisterClassFactory
+    Imports:
+    - ntoskrnl.exe
+    - nicm.sys
+    InternalName: ''
+    MD5: a1547e8b2ca0516d0d9191a55b8536c0
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: nscm.sys
+    Product: Novell XTier
+    ProductVersion: 3.1.6
+    RichPEHeaderHash:
+        MD5: e92edbb3d49ed0e7c3de680c901221a8
+        SHA1: 17f6d8284edd12372405ea1e0edb59249d6d2a02
+        SHA256: 94fef4d39e3ffb29a749b7b8511c7ce76b9f824cb724eeef2529476a7b9af465
+    SHA1: 7cd4aea9c1f82111bf7f9d4934be95e9bb6f8ae0
+    SHA256: ce23c2dae4cca4771ea50ec737093dfafac06c64db0f924a1ccbbf687e33f5a2
+    Sections:
+        .text:
+            Entropy: 6.133436661587974
+            Virtual Size: '0x337b'
+        .rdata:
+            Entropy: 5.95443123338063
+            Virtual Size: '0x2cc'
+        .data:
+            Entropy: 0.6992933847552781
+            Virtual Size: '0x294'
+        .edata:
+            Entropy: 3.88787733918592
+            Virtual Size: '0x63'
+        INIT:
+            Entropy: 5.407607088870612
+            Virtual Size: '0x2d6'
+        .rsrc:
+            Entropy: 3.289150653685818
+            Virtual Size: '0x350'
+        .reloc:
+            Entropy: 6.220983522762253
+            Virtual Size: '0x4f2'
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3
+                , Microsoft Software Validation v2, OU=Novell Products Group, CN=Novell,
+                Inc.
+            ValidFrom: '2007-04-04 00:00:00'
+            ValidTo: '2010-04-27 23:59:59'
+            Signature: 267f71f6ee43755fd6395f85c34bb15a72a6f2a959c2074627d294395fb1aaa4c7bbeff369d735628b233bde7e5c95a0f1837e5ad03704270834ce9c1b07649a256027930f44e064568666b06e7f9dc3cd299b38b0a6766301200ab58434a05a34a369ab99bbbf2aaa6b3603481e0393a80ea09e78a7cf55317a9590c49887f02e1fd948c3b1f6d203e91782ce423d0569f45e7f074205df5f92be6ccd9836641439af4390022242e0ca84aedb0d71c5a50f2dbd1ed30e5ac9c1bda67c694f94f2fe4aa83945ed32e426afe26f44dcb6dcc8186728f86f1a1bddc1ea7dd82b76578a42d1e63bf5f8f348fbcd509094858978e375d277394529df1dd5d78abab2
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 4808d93b14b8600dbfa18dab5d15310f
+            Version: 3
+            TBS:
+                MD5: adddb65a3a360b3c1a55cb33e426f32a
+                SHA1: 93d9b282265288a94ee4f1a01c5fb3a08badb7ac
+                SHA256: d98d63f26125a94eb767fdd2526f6c74bfb40cb4d117a1d87ca3ed0d99bd6f0b
+                SHA384: cf20d9d6343b52b05ebaeace8a75ad950089e2d55508571cf5b153583fdf2d7b11bc61b8f38bfa70f09b2e7ac63d9ef5
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 4808d93b14b8600dbfa18dab5d15310f
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    Imphash: 65181bc89a1c2b5854548236269846c1
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 32265ccdfe3d7f66269cbee0d5555e5b
+        SHA1: 72e5f5f6f266410d827fef10dc82c7ec8541e036
+        SHA256: 253ed7f5c7115e957dfdb1f5c6c51592b491a70b27787903c8fd848e45b9cf22
+    Company: Novell, Inc.
+    Copyright: (C) Copyright 2000-2013, Novell, Inc. All Rights Reserved.
+    CreationTimestamp: '2013-01-15 23:24:57'
+    Description: Novell XTier Session Manager
+    ExportedFunctions:
+    - DllGetClassObject
+    - XTCOM_Table
+    FileVersion: 3.1.11.0
+    Filename: nscm.sys
+    ImportedFunctions:
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - KeInitializeMutex
+    - IoQueueWorkItemEx
+    - IoDeleteDevice
+    - IoFreeWorkItem
+    - RtlEqualUnicodeString
+    - ZwOpenProcessTokenEx
+    - IoAllocateWorkItem
+    - ZwClose
+    - ZwOpenProcess
+    - DbgPrint
+    - PsGetCurrentProcessId
+    - IoCreateDevice
+    - ZwQueryInformationToken
+    - PsSetCreateProcessNotifyRoutine
+    - SeRegisterLogonSessionTerminatedRoutine
+    - SeUnregisterLogonSessionTerminatedRoutine
+    - ZwOpenThreadTokenEx
+    - IoGetCurrentProcess
+    - SeMarkLogonSessionForTerminationNotification
+    - KeBugCheckEx
+    - KeWaitForSingleObject
+    - ZwQueryInformationProcess
+    - KeReleaseMutex
+    - NicmCreateInstance
+    - NicmDeregisterClassFactory
+    Imports:
+    - ntoskrnl.exe
+    - nicm.sys
+    InternalName: ''
+    MD5: bd5d4d07ae09e9f418d6b4ac6d9f2ed5
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: nscm.sys
+    Product: Novell XTier
+    ProductVersion: 3.1.11
+    RichPEHeaderHash:
+        MD5: 0d646b28e804b652211b8f3e0feac906
+        SHA1: 1169ececb349b1d1a50626a2565e85cc6e9049ea
+        SHA256: 097828b6f5705aca00605777868f774f37fd5ecf705e958c6dbdb860c4934be4
+    SHA1: d61acd857242185a56e101642d15b9b5f0558c26
+    SHA256: fb81b5f8bf69637dbdf050181499088a67d24577587bc520de94b5ee8996240f
+    Sections:
+        .text:
+            Entropy: 5.9944111351941185
+            Virtual Size: '0x5736'
+        .rdata:
+            Entropy: 5.542492779395016
+            Virtual Size: '0x570'
+        .data:
+            Entropy: 1.445115035315444
+            Virtual Size: '0x5a8'
+        .pdata:
+            Entropy: 4.268472946152158
+            Virtual Size: '0x42c'
+        .edata:
+            Entropy: 3.9636482963781448
+            Virtual Size: '0x63'
+        INIT:
+            Entropy: 5.324738401510091
+            Virtual Size: '0x4b6'
+        .rsrc:
+            Entropy: 3.275995301680775
+            Virtual Size: '0x358'
+        .reloc:
+            Entropy: 1.2355823247516717
+            Virtual Size: '0x48'
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Corporation
+            ValidFrom: '2021-09-02 18:32:59'
+            ValidTo: '2022-09-01 18:32:59'
+            Signature: 164937b92c644c4061d4db4097b062bc812c0167605f5a99f847593186d029ab18e888522d744cc45d41dce29d47d2bf91c72992f35c1a5f03ed8c984b89a109430147e54bae0ddff0f523dfc03d5796a2636fc9a24ed66453809a33d134d1a7c9e83b974953893845a84fb668eb3afa179e82a01d7a51a03492911cb591ba118ab8b230e65920c7d2b2f90bd9ae7fc3762f2e4c88162a9f8c186f3163a3c1bef8e0b7d8d04a19673eb677518f01bf0cbaaf29e15c1695d15d134cbd20131ede87f2b5a3c3226abbbab3fec5caa38b7944b8bd31e1f538012f90edc4262ead76d2055b4bd458f8e3e39dffa7260bd9a6bebb62c86ef4f58dd177761d263d9fdc626aed8eca756ab441885ab4a8417a0e1fc63860d32badda0e9a3359b18cd3eb138f33e87582346bbd80c2b966e765751c386b8e59d3a02892da1fd02a8ec9312bbead188e81385e96b4fbced3fcf5545cda9fed8faa494efef4bb4b42e318478c377123e3b8dbacbcb7fd8019dc87946a33b91a0ed6160e02f2078d847ecc5e32ac0a5b003e4d58b41eb591a9f4b1da895b139ea125c1243233922b3dec46eba91425f752ba3261fe762feda2553add6bc5d67ac3c6eb63279f74fc02e2dfcde245b806df392111c7b20564ef7650fa17135b848cbe6c925d724d907732e6e0380e05f0aa11361be21401124fe9c6f1cf2e22c6d979bd3c49e61032a8d51269
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 33000002528b33aaf895f339db000000000252
+            Version: 3
+            TBS:
+                MD5: 92b6022918bc02eb361b8a02fb1da57d
+                SHA1: 8ceb945fac0f6d623d464e21740ae6eb60351652
+                SHA256: c1446860a1cd9db490d3ea85e9df05df44af8d44e2bb803a2a2018f3b6c41bcb
+                SHA384: 322ed1a62a9f2ed7c7f601e99a8db15371e3ba1039a73c81801165ea987679023bc36f8c357f74354dce65532b71be3c
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Code Signing PCA 2011
+            ValidFrom: '2011-07-08 20:59:09'
+            ValidTo: '2026-07-08 21:09:09'
+            Signature: 67f286a598e054791a2ed3d87467229b0b9611e163929942967dd2790c90c1655f2e2c3ef8c372d16d83febe3fe80aca3bbf47a9a3f369db63bf2235a5975d6584907d8b465055d80c927cd21a4b1cf33c428b52d0b0fd6be33e072e299be63d1ba5d4b51d779439e2e964c9443d787a23f3137da69074838df4cb2602462ac28a10bba4a9050c9bed68fa682e95a02a3f2a6b5849631f09696e5a9896e483f4c08ff3462bdefc3bd0bd35ef6e25aee5af27edd0ddf30eaf992897984d0e3d0bf20889d61fc33218e2f0c52dce5b9eb449390ac60ac2c6adaee5b2d9db1588514558383271271a7fb1f427f8de2c3a206998b25989686e6fa7b774c3400506a6012a283e823f134d660bc0b34df5e18f7f1c6f157d45a776e5402a65a3c35d526286c31d63369786dfdaf3f8f216a19a27e1cda597d0ee5d6341e35b079c873e067706d106b1751f14be6161b5f0dcc61b04bedf41c70e28eede652fec97f6a15c96d800d6a146bd59f397a5094b481099801fd00029c5b19ba53f45771e35c6d2a2a29f7a7a22fa48951fabfb472380f59ef8bf6bb74b97e2eb75781aecea379979184bffd6b3236875e6affafc8beb0b80ea693baffc30ed044c8edfdf756d63913dd19d564e4fbf805722a1781132217aef410ab13ffba8cca45dc1a1889b5771564e4845c042c99b765b0a80486bfd799fc1bd6d6d6ac95273130d7a50cd
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 610e90d2000000000003
+            Version: 3
+            TBS:
+                MD5: b4ec95434f1d45b8055077cf90540a5f
+                SHA1: 71f74db41d045d6eaf81a849bbb3e21544edcff4
+                SHA256: f6f717a43ad9abddc8cefdde1c505462535e7d1307e630f9544a2d14fe8bf26e
+                SHA384: 25cbac323e740588a1ea3ca39ea907647440884ad75fc4bd99be6c82202aba42e95049fa7b66884977e60b819b21a2a5
+        Signer:
+        -   SerialNumber: 33000002528b33aaf895f339db000000000252
+            Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Code Signing PCA 2011
+            Version: 1
+    Imphash: 8b7e7c20da6ca9ac4bdb3927fe2b266a
+    LoadsDespiteHVCI: 'TRUE'
+-   Authentihash:
+        MD5: 0d1a4e506e7c928f1683a9cf38eb0835
+        SHA1: 50471608c91621cb84ba646974311da0abf6b3e9
+        SHA256: 0e291148da43ea6a491b8b94bdf573365087940c9b90f6a15a4e589da86a518d
+    Company: Novell, Inc.
+    Copyright: (C) Copyright 2000-2013, Novell, Inc. All Rights Reserved.
+    CreationTimestamp: '2013-01-15 23:24:57'
+    Date: ''
+    Description: Novell XTier Session Manager
+    ExportedFunctions:
+    - DllGetClassObject
+    - XTCOM_Table
+    FileVersion: 3.1.11.0
+    Filename: nscm.sys
+    ImportedFunctions:
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - KeInitializeMutex
+    - IoQueueWorkItemEx
+    - IoDeleteDevice
+    - IoFreeWorkItem
+    - RtlEqualUnicodeString
+    - ZwOpenProcessTokenEx
+    - IoAllocateWorkItem
+    - ZwClose
+    - ZwOpenProcess
+    - DbgPrint
+    - PsGetCurrentProcessId
+    - IoCreateDevice
+    - ZwQueryInformationToken
+    - PsSetCreateProcessNotifyRoutine
+    - SeRegisterLogonSessionTerminatedRoutine
+    - SeUnregisterLogonSessionTerminatedRoutine
+    - ZwOpenThreadTokenEx
+    - IoGetCurrentProcess
+    - SeMarkLogonSessionForTerminationNotification
+    - KeBugCheckEx
+    - KeWaitForSingleObject
+    - ZwQueryInformationProcess
+    - KeReleaseMutex
+    - NicmCreateInstance
+    - NicmDeregisterClassFactory
+    Imports:
+    - ntoskrnl.exe
+    - nicm.sys
+    InternalName: ''
+    MD5: 4a23e0f2c6f926a41b28d574cbc6ac30
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: nscm.sys
+    Product: Novell XTier
+    ProductVersion: 3.1.11
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 0d646b28e804b652211b8f3e0feac906
+        SHA1: 1169ececb349b1d1a50626a2565e85cc6e9049ea
+        SHA256: 097828b6f5705aca00605777868f774f37fd5ecf705e958c6dbdb860c4934be4
+    SHA1: 64e4ac8b9ea2f050933b7ec76a55dd04e97773b4
+    SHA256: 76660e91f1ff3cb89630df5af4fe09de6098d09baa66b1a130c89c3c5edd5b22
+    Sections:
+        .text:
+            Entropy: 5.9944111351941185
+            Virtual Size: '0x5736'
+        .rdata:
+            Entropy: 5.542492779395016
+            Virtual Size: '0x570'
+        .data:
+            Entropy: 1.445115035315444
+            Virtual Size: '0x5a8'
+        .pdata:
+            Entropy: 4.268472946152158
+            Virtual Size: '0x42c'
+        .edata:
+            Entropy: 3.9636482963781448
+            Virtual Size: '0x63'
+        INIT:
+            Entropy: 5.324738401510091
+            Virtual Size: '0x4b6'
+        .rsrc:
+            Entropy: 3.275995301680775
+            Virtual Size: '0x358'
+        .reloc:
+            Entropy: 1.2355823247516717
+            Virtual Size: '0x48'
+    Signature:
+    - Novell, Inc.
+    - VeriSign Class 3 Code Signing 2009-2 CA
+    - VeriSign Class 3 Public Primary CA
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        -   Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3
+                , Microsoft Software Validation v2, OU=Novell Products Group, CN=Novell,
+                Inc.
+            ValidFrom: '2010-04-03 00:00:00'
+            ValidTo: '2013-04-26 23:59:59'
+            Signature: 2d2eec4636a0c1f359ef30a107e6c2301ad12c09ab9fdac02211aaef81323d1daee3a14a150bf9f4c7d0d788d5f486ea75e40abeb502a2267171be53030fe7614af7a2015eabd4c26e887ec9220beb3666fc68158d2b8dd659e3fe55245821c10e37ddeebac63eb1848512c64a543a13ba6735b156c6dc13395890e8003e03e7c2613e2c1de1dfadfe072cd7655e3b4166fe973233b4f81ecf810541382d67c92f29d76e220543a7179b606011b932cee250f99f260b29e79236cec10b67e0e0e48cb74593a7ce2e3cfafb6c58ac7ae5c10a591037c380b5f7516cac8f4ec695b020ca2445cb9bf97eb56c09d4a62618871b482ef97c5894349e10f62e2ee68b
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 41ec87c0295f2c734169b8a23c66ac9a
+            Version: 3
+            TBS:
+                MD5: b1504f143b89a6080710bafcededb833
+                SHA1: 5c2696893ebba1e81d918a4fadda143c25c77286
+                SHA256: ae1dc09d08e93ace95fe203adfbfadcd4c029529d3f99ab381c368064b58d9a0
+                SHA384: 18c6db711578cfcd4bce87c63d053e242c7c196efc892c2d4a8733cb75bb7dc3cac3f702e0e1d4b7fa2c590acb53fdee
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 41ec87c0295f2c734169b8a23c66ac9a
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    Imphash: 8b7e7c20da6ca9ac4bdb3927fe2b266a
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 3a5b83215c9ea17f8d3ad3812c30a340
+        SHA1: 533e0690528ff3f0d59edeed9dd53b4f37c0a110
+        SHA256: 1622ac0c618a86be17e0f97daa061f9aaa0e721dc0fd30d76bbc5c958e9a9d92
+    Company: Novell, Inc.
+    Copyright: (C) Copyright 2000-2008, Novell, Inc. All Rights Reserved.
+    CreationTimestamp: '2009-03-27 11:56:49'
+    Description: Novell XTier Session Manager
+    ExportedFunctions:
+    - DllGetClassObject
+    - XTCOM_Table
+    FileVersion: 3.1.6.0
+    Filename: nscm.sys
+    ImportedFunctions:
+    - IoCreateDevice
+    - SeUnregisterLogonSessionTerminatedRoutine
+    - KeInitializeMutex
+    - IoDeleteDevice
+    - SeRegisterLogonSessionTerminatedRoutine
+    - ZwOpenProcessTokenEx
+    - KeReleaseMutex
+    - ZwClose
+    - SeMarkLogonSessionForTerminationNotification
+    - ZwQueryInformationToken
+    - ZwOpenThreadTokenEx
+    - KeBugCheckEx
+    - KeWaitForSingleObject
+    - IoGetCurrentProcess
+    - DbgPrint
+    - NicmCreateInstance
+    - NicmDeregisterClassFactory
+    Imports:
+    - ntoskrnl.exe
+    - nicm.sys
+    InternalName: ''
+    MD5: ba2c0fa201c74621cddd8638497b3c70
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: nscm.sys
+    Product: Novell XTier
+    ProductVersion: 3.1.6
+    RichPEHeaderHash:
+        MD5: 4a07178c85358a7450e421019955ccee
+        SHA1: 0e0b4edfb21b1a41b2f00f341bc1c6de6a650546
+        SHA256: dd7717af9d41e7c2d7c773f3e063d396ad8676b3d940732451acc1fc28ec9989
+    SHA1: 8f540936f2484d020e270e41529624407b7e107e
+    SHA256: 28999af32b55ddb7dcfc26376a244aa2fe297233ce7abe4919a1aef2f7e2cee7
+    Sections:
+        .text:
+            Entropy: 5.981323117886685
+            Virtual Size: '0x4a25'
+        .rdata:
+            Entropy: 5.681127753509768
+            Virtual Size: '0x480'
+        .data:
+            Entropy: 0.8264834692004682
+            Virtual Size: '0x548'
+        .pdata:
+            Entropy: 4.218145333940637
+            Virtual Size: '0x3c0'
+        .edata:
+            Entropy: 3.983850316580165
+            Virtual Size: '0x63'
+        INIT:
+            Entropy: 5.26537545088398
+            Virtual Size: '0x360'
+        .rsrc:
+            Entropy: 3.289150653685818
+            Virtual Size: '0x350'
+        .reloc:
+            Entropy: 1.2454265871243133
+            Virtual Size: '0x3c'
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3
+                , Microsoft Software Validation v2, OU=Novell Products Group, CN=Novell,
+                Inc.
+            ValidFrom: '2007-04-04 00:00:00'
+            ValidTo: '2010-04-27 23:59:59'
+            Signature: 267f71f6ee43755fd6395f85c34bb15a72a6f2a959c2074627d294395fb1aaa4c7bbeff369d735628b233bde7e5c95a0f1837e5ad03704270834ce9c1b07649a256027930f44e064568666b06e7f9dc3cd299b38b0a6766301200ab58434a05a34a369ab99bbbf2aaa6b3603481e0393a80ea09e78a7cf55317a9590c49887f02e1fd948c3b1f6d203e91782ce423d0569f45e7f074205df5f92be6ccd9836641439af4390022242e0ca84aedb0d71c5a50f2dbd1ed30e5ac9c1bda67c694f94f2fe4aa83945ed32e426afe26f44dcb6dcc8186728f86f1a1bddc1ea7dd82b76578a42d1e63bf5f8f348fbcd509094858978e375d277394529df1dd5d78abab2
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 4808d93b14b8600dbfa18dab5d15310f
+            Version: 3
+            TBS:
+                MD5: adddb65a3a360b3c1a55cb33e426f32a
+                SHA1: 93d9b282265288a94ee4f1a01c5fb3a08badb7ac
+                SHA256: d98d63f26125a94eb767fdd2526f6c74bfb40cb4d117a1d87ca3ed0d99bd6f0b
+                SHA384: cf20d9d6343b52b05ebaeace8a75ad950089e2d55508571cf5b153583fdf2d7b11bc61b8f38bfa70f09b2e7ac63d9ef5
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 4808d93b14b8600dbfa18dab5d15310f
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    Imphash: 7d004bbe0f546a91c93562d324307fa7
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: b546d6b223a9e1a42f8359dbf9d9737c
+        SHA1: 41f6704252efa14de0d72eeaf7475886ba7f3bdc
+        SHA256: 92ca1aec3afc90b44861c2e0be084a3db38d22d52f35e1697643d6477151392f
+    Company: Novell, Inc.
+    Copyright: (C) Copyright 2000-2013, Novell, Inc. All Rights Reserved.
+    CreationTimestamp: '2013-01-15 23:24:57'
+    Description: Novell XTier Session Manager
+    ExportedFunctions:
+    - DllGetClassObject
+    - XTCOM_Table
+    FileVersion: 3.1.11.0
+    Filename: nscm.sys
+    ImportedFunctions:
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - KeInitializeMutex
+    - IoQueueWorkItemEx
+    - IoDeleteDevice
+    - IoFreeWorkItem
+    - RtlEqualUnicodeString
+    - ZwOpenProcessTokenEx
+    - IoAllocateWorkItem
+    - ZwClose
+    - ZwOpenProcess
+    - DbgPrint
+    - PsGetCurrentProcessId
+    - IoCreateDevice
+    - ZwQueryInformationToken
+    - PsSetCreateProcessNotifyRoutine
+    - SeRegisterLogonSessionTerminatedRoutine
+    - SeUnregisterLogonSessionTerminatedRoutine
+    - ZwOpenThreadTokenEx
+    - IoGetCurrentProcess
+    - SeMarkLogonSessionForTerminationNotification
+    - KeBugCheckEx
+    - KeWaitForSingleObject
+    - ZwQueryInformationProcess
+    - KeReleaseMutex
+    - NicmCreateInstance
+    - NicmDeregisterClassFactory
+    Imports:
+    - ntoskrnl.exe
+    - nicm.sys
+    InternalName: ''
+    MD5: 4c76554d9a72653c6156ca0024d21a8e
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: nscm.sys
+    Product: Novell XTier
+    ProductVersion: 3.1.11
+    RichPEHeaderHash:
+        MD5: 0d646b28e804b652211b8f3e0feac906
+        SHA1: 1169ececb349b1d1a50626a2565e85cc6e9049ea
+        SHA256: 097828b6f5705aca00605777868f774f37fd5ecf705e958c6dbdb860c4934be4
+    SHA1: 6d3c760251d6e6ea7ff4f4fcac14876fac829cf9
+    SHA256: 2e665962c827ce0adbd29fe6bcf09bbb1d7a7022075d162ff9b65d0af9794ac0
+    Sections:
+        .text:
+            Entropy: 5.9944111351941185
+            Virtual Size: '0x5736'
+        .rdata:
+            Entropy: 5.542492779395016
+            Virtual Size: '0x570'
+        .data:
+            Entropy: 1.445115035315444
+            Virtual Size: '0x5a8'
+        .pdata:
+            Entropy: 4.268472946152158
+            Virtual Size: '0x42c'
+        .edata:
+            Entropy: 3.9636482963781448
+            Virtual Size: '0x63'
+        INIT:
+            Entropy: 5.429528792402954
+            Virtual Size: '0x4b6'
+        .rsrc:
+            Entropy: 6.472426446171854
+            Virtual Size: '0x14a24'
+        .reloc:
+            Entropy: 5.039009418592025
+            Virtual Size: '0x48'
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Publisher
+            ValidFrom: '2022-01-27 19:31:19'
+            ValidTo: '2023-01-26 19:31:19'
+            Signature: 941777115fcaf24c60c4a8c891758c491887aa5e9f0902a704191e75dd6f99be3d14a24aa35b1f2a1c1c42dde08da3fa75a73edbf7b5ae0fe94b3716e43b838ff30149e19c51b8b87cc53377ae08bfc0f54c7fafa398db43e839de108493510bc34d0fe998a44fcd0a11b0dc0c7315421dac79ab09ca47f847f9fa88e15d57a564f7b074664409c0ce01c697b2dcfd31676fc908fbc6bb928f82170f0b5a54f52f4327797278b78188b87e37b192b493d00eaf661e30f12b9e67fbd1df9cc5843e6a1c68b45d4f62423450cdc990fab2367d7f57719cb8272f59d4f300284a36d88adfc976cb08c6b0da33d5e988be0e1a3cef2a9669b5227a5b8d027f804908
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 330000036ce57eeb5d1cc2be1700000000036c
+            Version: 3
+            TBS:
+                MD5: 7ece739fdaa27d96b67f587db04186a7
+                SHA1: b8701efa0ab12b8fea2293c9cff8772ecca084d0
+                SHA256: c1392bdcbb0b50215fca8c78f25c2d857e515dce06c87ce86527c88c91d5d7e4
+                SHA384: 8d292e8db16824f3ac9d668816c4cf521a9eb251069694c92932683afcaa4e53d5fa3a1f58356749e655299ed83fe191
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Production PCA 2011
+            ValidFrom: '2011-10-19 18:41:42'
+            ValidTo: '2026-10-19 18:51:42'
+            Signature: 14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: '61077656000000000008'
+            Version: 3
+            TBS:
+                MD5: 30a3f0b64324ed7f465e7fc618cb69e7
+                SHA1: 002de3561519b662c5e3f5faba1b92c403fb7c41
+                SHA256: 4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146
+                SHA384: 4f9a02c3eac5e83c38074d54c0bf270e03a1d668e0001c9812c509eb08a19075ee778a7630e65598e4608fc66e2d1c66
+        Signer:
+        -   SerialNumber: 330000036ce57eeb5d1cc2be1700000000036c
+            Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Production PCA 2011
+            Version: 1
+    Imphash: 8b7e7c20da6ca9ac4bdb3927fe2b266a
+    LoadsDespiteHVCI: 'TRUE'
+-   Authentihash:
+        MD5: 5d62cae57be434a4d56924574498c4f2
+        SHA1: 1a99d3141d75a3ef1998944b2d107089ce3ef6e4
+        SHA256: a363deaf1790e9c0610e07a7203749aab8b60f5ededc944abc0ef3010f5e2105
+    Company: Micro Focus
+    Copyright: (C) Copyright 2000-2017, Micro Focus. All Rights Reserved.
+    CreationTimestamp: '2022-03-03 03:52:58'
+    Description: XTier Security Context Manager
+    ExportedFunctions:
+    - DllGetClassObject
+    - XTCOM_Table
+    FileVersion: 3.1.12.0
+    Filename: nscm.sys
+    ImportedFunctions:
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - KeInitializeMutex
+    - PsLookupProcessByProcessId
+    - IoDeleteDevice
+    - RtlEqualUnicodeString
+    - ZwOpenProcessTokenEx
+    - _vsnwprintf
+    - ZwClose
+    - ZwOpenProcess
+    - ZwQueryInformationProcess
+    - DbgPrint
+    - IoCreateDevice
+    - ZwQueryInformationToken
+    - RtlDeleteRegistryValue
+    - PsSetCreateProcessNotifyRoutine
+    - SeRegisterLogonSessionTerminatedRoutine
+    - SeUnregisterLogonSessionTerminatedRoutine
+    - ZwOpenThreadTokenEx
+    - IoGetCurrentProcess
+    - SeMarkLogonSessionForTerminationNotification
+    - PsGetCurrentProcessId
+    - KeBugCheckEx
+    - KeWaitForSingleObject
+    - ObfDereferenceObject
+    - KeReleaseMutex
+    - NicmCreateInstance
+    - NicmDeregisterClassFactory
+    Imports:
+    - ntoskrnl.exe
+    - nicm.sys
+    InternalName: ''
+    MD5: 5f4a232d92480a1bebbe025ef64dc760
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: nscm.sys
+    Product: Micro Focus XTier
+    ProductVersion: 3.1.12
+    RichPEHeaderHash:
+        MD5: 827395be6a60ed22c16a6eeea1843d8a
+        SHA1: 61171f78fedd9cc13cfa2fad18219d2aaf9ab83f
+        SHA256: d9b5607af39de0f2fc8d411d18fc86f6a1394c2b512b8876caef597f9c56dcad
+    SHA1: 0cb14c1049c0e81c8655ab7ee7d698c11758ea06
+    SHA256: 5351c81b4ec5a0d79c39d24bac7600d10eac30c13546fde43d23636b3f421e7c
+    Sections:
+        .text:
+            Entropy: 6.0164645838764494
+            Virtual Size: '0x5a66'
+        .rdata:
+            Entropy: 5.545815315316552
+            Virtual Size: '0x590'
+        .data:
+            Entropy: 1.445115035315444
+            Virtual Size: '0x5a8'
+        .pdata:
+            Entropy: 4.277709228070346
+            Virtual Size: '0x450'
+        .edata:
+            Entropy: 3.956023170093665
+            Virtual Size: '0x63'
+        INIT:
+            Entropy: 5.349379600291399
+            Virtual Size: '0x4e0'
+        .rsrc:
+            Entropy: 3.2835150258002495
+            Virtual Size: '0x360'
+        .reloc:
+            Entropy: 1.2355823247516717
+            Virtual Size: '0x48'
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Hardware Compatibility Publisher
+            ValidFrom: '2021-09-09 19:15:59'
+            ValidTo: '2022-09-01 19:15:59'
+            Signature: 1757782e797188079911866d54bd474a2432707984658c549a407e7fb4e5efa2ba72367a02b382d2116d4c4538836ddcd4616fcd231229df1ae5d0da6b3abe499ee5d8b47a7919940f6bbcbe2575018dca65eef4913e3d38410f2cd6cca3082d9ba2c061173cd828635665f76e8f0f685e03da24290b9d2cae7039da974de7b7e85798ba64cbe9ba34e0308c3bd6b4d68e9723fde74274fd3806fe799d04d6a3835f82d4fefc52088ccda4b4c817116f2f5a99445a3e952d78bc27753e65e97c6271c71ac7c9e3439b847e8984ab06a5904d150223f9ca92bbda86c02663c3f4964da5e106619b6eaff2768143cce9e5a8b0b2cba90e82cd87866d9fd6499c6cfbc96529a18b5653d12b54a6c928693a4e3d197ffbfcce7ed71a909b18d09b4345b24bc25eb8dfa1821a9cd0971ffc7d38a26580e2f118c4ac55bf926d0666b72ad7ba6ec20f0b54d694bc3b8a0dbddda27bd64194da085319841d1ebc9dc067ef72ea064a475bea865828b13077bc8e14e2f7544b90f0045f3cd84bcc0d5a80645a6fb65528e4f768ec775bdb0225399f3c81c0b667714676d0949f9ffaddc8549dc45e5ce4345c4ea7dc0aff4ac510f5527ad94a2181edc4b73bcfde813a83d81ca897854c98712346001a12e5d3bf9a45c807f9b3c7d3e0bb99c035ea54ee39e2c9af4147dbea7aabec85b47192b945e083ddf6061afb901e83b11135d24e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 330000004de597a775e3157f7b00000000004d
+            Version: 3
+            TBS:
+                MD5: 9f0782e89bd41cdd96ec55357457478a
+                SHA1: 35c2180572baad19019acca1334e6c653699c389
+                SHA256: 50814710213afec410f26e573d25267a2e21d3d15f158be8a43a666c9cc6fa08
+                SHA384: 8d48f066b0284071d64bbc556e018824a8388ccd142a56c7b7b04ef6d27cade07da57ac82d8067e18ad64d35af11e2a7
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2014
+            ValidFrom: '2014-10-15 20:31:27'
+            ValidTo: '2029-10-15 20:41:27'
+            Signature: 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 330000000d690d5d7893d076df00000000000d
+            Version: 3
+            TBS:
+                MD5: 83f69422963f11c3c340b81712eef319
+                SHA1: 0c5e5f24590b53bc291e28583acb78e5adc95601
+                SHA256: d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
+                SHA384: 260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63
+        Signer:
+        -   SerialNumber: 330000004de597a775e3157f7b00000000004d
+            Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2014
+            Version: 1
+    Imphash: 01aa65221a48929f0a34a27c4e3011b1
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 3050ced748b80cc81892435fd0868bfc
+        SHA1: 579e23f2b6ce2221ba435abc20801e98ab91a360
+        SHA256: 34f36a59ecf6174eeac15994e54c41fe1e3e3b1eee8ed4c399ec8c63212373d7
+    Company: Novell, Inc.
+    Copyright: (C) Copyright 2000-2011, Novell, Inc. All Rights Reserved.
+    CreationTimestamp: '2011-04-01 19:18:14'
+    Description: Novell XTier Session Manager
+    ExportedFunctions:
+    - DllGetClassObject
+    - XTCOM_Table
+    FileVersion: 3.1.6.0
+    Filename: nscm.sys
+    ImportedFunctions:
+    - IoCreateDevice
+    - SeUnregisterLogonSessionTerminatedRoutine
+    - KeInitializeMutex
+    - IoDeleteDevice
+    - SeRegisterLogonSessionTerminatedRoutine
+    - SeMarkLogonSessionForTerminationNotification
+    - KeReleaseMutex
+    - ZwOpenThreadTokenEx
+    - ZwOpenProcessTokenEx
+    - IoGetCurrentProcess
+    - ZwClose
+    - KeBugCheckEx
+    - KeWaitForSingleObject
+    - ZwQueryInformationToken
+    - DbgPrint
+    - NicmCreateInstance
+    - NicmDeregisterClassFactory
+    Imports:
+    - ntoskrnl.exe
+    - nicm.sys
+    InternalName: ''
+    MD5: f56f30ac68c35dd4680054cdfd8f3f00
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: nscm.sys
+    Product: Novell XTier
+    ProductVersion: 3.1.6
+    RichPEHeaderHash:
+        MD5: 4a07178c85358a7450e421019955ccee
+        SHA1: 0e0b4edfb21b1a41b2f00f341bc1c6de6a650546
+        SHA256: dd7717af9d41e7c2d7c773f3e063d396ad8676b3d940732451acc1fc28ec9989
+    SHA1: fce3a95b222c810c56e7ed5a3d7fb059eb693682
+    SHA256: 8e88cb80328c3dbaa2752591692e74a2fae7e146d7d8aabc9b9ac9a6fe561e6c
+    Sections:
+        .text:
+            Entropy: 5.98589698052852
+            Virtual Size: '0x4c15'
+        .rdata:
+            Entropy: 5.645994240527473
+            Virtual Size: '0x4b8'
+        .data:
+            Entropy: 0.8264834692004682
+            Virtual Size: '0x568'
+        .pdata:
+            Entropy: 4.238276468304064
+            Virtual Size: '0x3d8'
+        .edata:
+            Entropy: 3.956023170093665
+            Virtual Size: '0x63'
+        INIT:
+            Entropy: 5.259964214601351
+            Virtual Size: '0x360'
+        .rsrc:
+            Entropy: 3.287931080812757
+            Virtual Size: '0x350'
+        .reloc:
+            Entropy: 1.2454265871243133
+            Virtual Size: '0x3c'
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        -   Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3
+                , Microsoft Software Validation v2, OU=Novell Products Group, CN=Novell,
+                Inc.
+            ValidFrom: '2010-04-03 00:00:00'
+            ValidTo: '2013-04-26 23:59:59'
+            Signature: 2d2eec4636a0c1f359ef30a107e6c2301ad12c09ab9fdac02211aaef81323d1daee3a14a150bf9f4c7d0d788d5f486ea75e40abeb502a2267171be53030fe7614af7a2015eabd4c26e887ec9220beb3666fc68158d2b8dd659e3fe55245821c10e37ddeebac63eb1848512c64a543a13ba6735b156c6dc13395890e8003e03e7c2613e2c1de1dfadfe072cd7655e3b4166fe973233b4f81ecf810541382d67c92f29d76e220543a7179b606011b932cee250f99f260b29e79236cec10b67e0e0e48cb74593a7ce2e3cfafb6c58ac7ae5c10a591037c380b5f7516cac8f4ec695b020ca2445cb9bf97eb56c09d4a62618871b482ef97c5894349e10f62e2ee68b
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 41ec87c0295f2c734169b8a23c66ac9a
+            Version: 3
+            TBS:
+                MD5: b1504f143b89a6080710bafcededb833
+                SHA1: 5c2696893ebba1e81d918a4fadda143c25c77286
+                SHA256: ae1dc09d08e93ace95fe203adfbfadcd4c029529d3f99ab381c368064b58d9a0
+                SHA384: 18c6db711578cfcd4bce87c63d053e242c7c196efc892c2d4a8733cb75bb7dc3cac3f702e0e1d4b7fa2c590acb53fdee
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 41ec87c0295f2c734169b8a23c66ac9a
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    Imphash: b8d0a36d2b14d79dfa08fb2e121f0920
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 7e245f8b1d1bddfd217d1cd060b91657
+        SHA1: 8c89db8dd4d7947cb5eb13c7a12907564576cb91
+        SHA256: 00dfeab446afecac7b44b0b1680d5ca7d421eda243e16db8c08706bb593a8391
+    Company: Novell, Inc.
+    Copyright: (C) Copyright 2000-2008, Novell, Inc. All Rights Reserved.
+    CreationTimestamp: '2009-03-27 11:52:17'
+    Description: Novell XTier Session Manager
+    ExportedFunctions:
+    - DllGetClassObject
+    - XTCOM_Table
+    FileVersion: 3.1.6.0
+    Filename: nscm.sys
+    ImportedFunctions:
+    - IoDeleteDevice
+    - SeUnregisterLogonSessionTerminatedRoutine
+    - SeRegisterLogonSessionTerminatedRoutine
+    - KeInitializeMutex
+    - IoCreateDevice
+    - ZwClose
+    - KeWaitForSingleObject
+    - ZwOpenProcessTokenEx
+    - ZwOpenThreadTokenEx
+    - IoGetCurrentProcess
+    - SeMarkLogonSessionForTerminationNotification
+    - KeTickCount
+    - DbgPrint
+    - ZwQueryInformationToken
+    - KeReleaseMutex
+    - NicmCreateInstance
+    - NicmDeregisterClassFactory
+    Imports:
+    - ntoskrnl.exe
+    - nicm.sys
+    InternalName: ''
+    MD5: a1547e8b2ca0516d0d9191a55b8536c0
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: nscm.sys
+    Product: Novell XTier
+    ProductVersion: 3.1.6
+    RichPEHeaderHash:
+        MD5: e92edbb3d49ed0e7c3de680c901221a8
+        SHA1: 17f6d8284edd12372405ea1e0edb59249d6d2a02
+        SHA256: 94fef4d39e3ffb29a749b7b8511c7ce76b9f824cb724eeef2529476a7b9af465
+    SHA1: 7cd4aea9c1f82111bf7f9d4934be95e9bb6f8ae0
+    SHA256: ce23c2dae4cca4771ea50ec737093dfafac06c64db0f924a1ccbbf687e33f5a2
+    Sections:
+        .text:
+            Entropy: 6.133436661587974
+            Virtual Size: '0x337b'
+        .rdata:
+            Entropy: 5.95443123338063
+            Virtual Size: '0x2cc'
+        .data:
+            Entropy: 0.6992933847552781
+            Virtual Size: '0x294'
+        .edata:
+            Entropy: 3.88787733918592
+            Virtual Size: '0x63'
+        INIT:
+            Entropy: 5.407607088870612
+            Virtual Size: '0x2d6'
+        .rsrc:
+            Entropy: 3.289150653685818
+            Virtual Size: '0x350'
+        .reloc:
+            Entropy: 6.220983522762253
+            Virtual Size: '0x4f2'
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3
+                , Microsoft Software Validation v2, OU=Novell Products Group, CN=Novell,
+                Inc.
+            ValidFrom: '2007-04-04 00:00:00'
+            ValidTo: '2010-04-27 23:59:59'
+            Signature: 267f71f6ee43755fd6395f85c34bb15a72a6f2a959c2074627d294395fb1aaa4c7bbeff369d735628b233bde7e5c95a0f1837e5ad03704270834ce9c1b07649a256027930f44e064568666b06e7f9dc3cd299b38b0a6766301200ab58434a05a34a369ab99bbbf2aaa6b3603481e0393a80ea09e78a7cf55317a9590c49887f02e1fd948c3b1f6d203e91782ce423d0569f45e7f074205df5f92be6ccd9836641439af4390022242e0ca84aedb0d71c5a50f2dbd1ed30e5ac9c1bda67c694f94f2fe4aa83945ed32e426afe26f44dcb6dcc8186728f86f1a1bddc1ea7dd82b76578a42d1e63bf5f8f348fbcd509094858978e375d277394529df1dd5d78abab2
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 4808d93b14b8600dbfa18dab5d15310f
+            Version: 3
+            TBS:
+                MD5: adddb65a3a360b3c1a55cb33e426f32a
+                SHA1: 93d9b282265288a94ee4f1a01c5fb3a08badb7ac
+                SHA256: d98d63f26125a94eb767fdd2526f6c74bfb40cb4d117a1d87ca3ed0d99bd6f0b
+                SHA384: cf20d9d6343b52b05ebaeace8a75ad950089e2d55508571cf5b153583fdf2d7b11bc61b8f38bfa70f09b2e7ac63d9ef5
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 4808d93b14b8600dbfa18dab5d15310f
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    Imphash: 65181bc89a1c2b5854548236269846c1
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 32265ccdfe3d7f66269cbee0d5555e5b
+        SHA1: 72e5f5f6f266410d827fef10dc82c7ec8541e036
+        SHA256: 253ed7f5c7115e957dfdb1f5c6c51592b491a70b27787903c8fd848e45b9cf22
+    Company: Novell, Inc.
+    Copyright: (C) Copyright 2000-2013, Novell, Inc. All Rights Reserved.
+    CreationTimestamp: '2013-01-15 23:24:57'
+    Description: Novell XTier Session Manager
+    ExportedFunctions:
+    - DllGetClassObject
+    - XTCOM_Table
+    FileVersion: 3.1.11.0
+    Filename: nscm.sys
+    ImportedFunctions:
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - KeInitializeMutex
+    - IoQueueWorkItemEx
+    - IoDeleteDevice
+    - IoFreeWorkItem
+    - RtlEqualUnicodeString
+    - ZwOpenProcessTokenEx
+    - IoAllocateWorkItem
+    - ZwClose
+    - ZwOpenProcess
+    - DbgPrint
+    - PsGetCurrentProcessId
+    - IoCreateDevice
+    - ZwQueryInformationToken
+    - PsSetCreateProcessNotifyRoutine
+    - SeRegisterLogonSessionTerminatedRoutine
+    - SeUnregisterLogonSessionTerminatedRoutine
+    - ZwOpenThreadTokenEx
+    - IoGetCurrentProcess
+    - SeMarkLogonSessionForTerminationNotification
+    - KeBugCheckEx
+    - KeWaitForSingleObject
+    - ZwQueryInformationProcess
+    - KeReleaseMutex
+    - NicmCreateInstance
+    - NicmDeregisterClassFactory
+    Imports:
+    - ntoskrnl.exe
+    - nicm.sys
+    InternalName: ''
+    MD5: bd5d4d07ae09e9f418d6b4ac6d9f2ed5
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: nscm.sys
+    Product: Novell XTier
+    ProductVersion: 3.1.11
+    RichPEHeaderHash:
+        MD5: 0d646b28e804b652211b8f3e0feac906
+        SHA1: 1169ececb349b1d1a50626a2565e85cc6e9049ea
+        SHA256: 097828b6f5705aca00605777868f774f37fd5ecf705e958c6dbdb860c4934be4
+    SHA1: d61acd857242185a56e101642d15b9b5f0558c26
+    SHA256: fb81b5f8bf69637dbdf050181499088a67d24577587bc520de94b5ee8996240f
+    Sections:
+        .text:
+            Entropy: 5.9944111351941185
+            Virtual Size: '0x5736'
+        .rdata:
+            Entropy: 5.542492779395016
+            Virtual Size: '0x570'
+        .data:
+            Entropy: 1.445115035315444
+            Virtual Size: '0x5a8'
+        .pdata:
+            Entropy: 4.268472946152158
+            Virtual Size: '0x42c'
+        .edata:
+            Entropy: 3.9636482963781448
+            Virtual Size: '0x63'
+        INIT:
+            Entropy: 5.324738401510091
+            Virtual Size: '0x4b6'
+        .rsrc:
+            Entropy: 3.275995301680775
+            Virtual Size: '0x358'
+        .reloc:
+            Entropy: 1.2355823247516717
+            Virtual Size: '0x48'
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Corporation
+            ValidFrom: '2021-09-02 18:32:59'
+            ValidTo: '2022-09-01 18:32:59'
+            Signature: 164937b92c644c4061d4db4097b062bc812c0167605f5a99f847593186d029ab18e888522d744cc45d41dce29d47d2bf91c72992f35c1a5f03ed8c984b89a109430147e54bae0ddff0f523dfc03d5796a2636fc9a24ed66453809a33d134d1a7c9e83b974953893845a84fb668eb3afa179e82a01d7a51a03492911cb591ba118ab8b230e65920c7d2b2f90bd9ae7fc3762f2e4c88162a9f8c186f3163a3c1bef8e0b7d8d04a19673eb677518f01bf0cbaaf29e15c1695d15d134cbd20131ede87f2b5a3c3226abbbab3fec5caa38b7944b8bd31e1f538012f90edc4262ead76d2055b4bd458f8e3e39dffa7260bd9a6bebb62c86ef4f58dd177761d263d9fdc626aed8eca756ab441885ab4a8417a0e1fc63860d32badda0e9a3359b18cd3eb138f33e87582346bbd80c2b966e765751c386b8e59d3a02892da1fd02a8ec9312bbead188e81385e96b4fbced3fcf5545cda9fed8faa494efef4bb4b42e318478c377123e3b8dbacbcb7fd8019dc87946a33b91a0ed6160e02f2078d847ecc5e32ac0a5b003e4d58b41eb591a9f4b1da895b139ea125c1243233922b3dec46eba91425f752ba3261fe762feda2553add6bc5d67ac3c6eb63279f74fc02e2dfcde245b806df392111c7b20564ef7650fa17135b848cbe6c925d724d907732e6e0380e05f0aa11361be21401124fe9c6f1cf2e22c6d979bd3c49e61032a8d51269
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 33000002528b33aaf895f339db000000000252
+            Version: 3
+            TBS:
+                MD5: 92b6022918bc02eb361b8a02fb1da57d
+                SHA1: 8ceb945fac0f6d623d464e21740ae6eb60351652
+                SHA256: c1446860a1cd9db490d3ea85e9df05df44af8d44e2bb803a2a2018f3b6c41bcb
+                SHA384: 322ed1a62a9f2ed7c7f601e99a8db15371e3ba1039a73c81801165ea987679023bc36f8c357f74354dce65532b71be3c
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Code Signing PCA 2011
+            ValidFrom: '2011-07-08 20:59:09'
+            ValidTo: '2026-07-08 21:09:09'
+            Signature: 67f286a598e054791a2ed3d87467229b0b9611e163929942967dd2790c90c1655f2e2c3ef8c372d16d83febe3fe80aca3bbf47a9a3f369db63bf2235a5975d6584907d8b465055d80c927cd21a4b1cf33c428b52d0b0fd6be33e072e299be63d1ba5d4b51d779439e2e964c9443d787a23f3137da69074838df4cb2602462ac28a10bba4a9050c9bed68fa682e95a02a3f2a6b5849631f09696e5a9896e483f4c08ff3462bdefc3bd0bd35ef6e25aee5af27edd0ddf30eaf992897984d0e3d0bf20889d61fc33218e2f0c52dce5b9eb449390ac60ac2c6adaee5b2d9db1588514558383271271a7fb1f427f8de2c3a206998b25989686e6fa7b774c3400506a6012a283e823f134d660bc0b34df5e18f7f1c6f157d45a776e5402a65a3c35d526286c31d63369786dfdaf3f8f216a19a27e1cda597d0ee5d6341e35b079c873e067706d106b1751f14be6161b5f0dcc61b04bedf41c70e28eede652fec97f6a15c96d800d6a146bd59f397a5094b481099801fd00029c5b19ba53f45771e35c6d2a2a29f7a7a22fa48951fabfb472380f59ef8bf6bb74b97e2eb75781aecea379979184bffd6b3236875e6affafc8beb0b80ea693baffc30ed044c8edfdf756d63913dd19d564e4fbf805722a1781132217aef410ab13ffba8cca45dc1a1889b5771564e4845c042c99b765b0a80486bfd799fc1bd6d6d6ac95273130d7a50cd
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 610e90d2000000000003
+            Version: 3
+            TBS:
+                MD5: b4ec95434f1d45b8055077cf90540a5f
+                SHA1: 71f74db41d045d6eaf81a849bbb3e21544edcff4
+                SHA256: f6f717a43ad9abddc8cefdde1c505462535e7d1307e630f9544a2d14fe8bf26e
+                SHA384: 25cbac323e740588a1ea3ca39ea907647440884ad75fc4bd99be6c82202aba42e95049fa7b66884977e60b819b21a2a5
+        Signer:
+        -   SerialNumber: 33000002528b33aaf895f339db000000000252
+            Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Code Signing PCA 2011
+            Version: 1
+    Imphash: 8b7e7c20da6ca9ac4bdb3927fe2b266a
+    LoadsDespiteHVCI: 'TRUE'
+-   Authentihash:
+        MD5: b5668ca76edf23b8329578964f97f552
+        SHA1: 99848c658086ecb326e83cf3521e3440ecee6c35
+        SHA256: 410d79a49c02da50f4567166d5acef977b5dbc3aafb67522939bf902e65596a5
+    Company: Novell, Inc.
+    Copyright: (C) Copyright 2000-2015, Novell, Inc. All Rights Reserved.
+    CreationTimestamp: '2015-12-22 01:35:10'
+    Date: ''
+    Description: Novell XTier Session Manager
+    ExportedFunctions:
+    - DllGetClassObject
+    - XTCOM_Table
+    FileVersion: 3.1.12.0
+    Filename: ''
+    ImportedFunctions:
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - KeInitializeMutex
+    - PsLookupProcessByProcessId
+    - IoDeleteDevice
+    - RtlEqualUnicodeString
+    - ZwOpenProcessTokenEx
+    - _vsnwprintf
+    - ZwClose
+    - ZwOpenProcess
+    - ZwQueryInformationProcess
+    - DbgPrint
+    - IoCreateDevice
+    - ZwQueryInformationToken
+    - RtlDeleteRegistryValue
+    - PsSetCreateProcessNotifyRoutine
+    - SeRegisterLogonSessionTerminatedRoutine
+    - SeUnregisterLogonSessionTerminatedRoutine
+    - ZwOpenThreadTokenEx
+    - IoGetCurrentProcess
+    - SeMarkLogonSessionForTerminationNotification
+    - PsGetCurrentProcessId
+    - KeBugCheckEx
+    - KeWaitForSingleObject
+    - ObfDereferenceObject
+    - KeReleaseMutex
+    - NicmCreateInstance
+    - NicmDeregisterClassFactory
+    Imports:
+    - ntoskrnl.exe
+    - nicm.sys
+    InternalName: ''
+    MD5: 1cb26adeca26aefb5a61065e990402da
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: nscm.sys
+    PDBPath: ''
+    Product: Novell XTier
+    ProductVersion: 3.1.12
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 827395be6a60ed22c16a6eeea1843d8a
+        SHA1: 61171f78fedd9cc13cfa2fad18219d2aaf9ab83f
+        SHA256: d9b5607af39de0f2fc8d411d18fc86f6a1394c2b512b8876caef597f9c56dcad
+    SHA1: 5b866f522bcdf80e6a9fda71b385f917317f6551
+    SHA256: c6feb3f4932387df7598e29d4f5bdacec0b9ce98db3f51d96fc4ffdcc6eb10e1
+    Sections:
+        .text:
+            Entropy: 6.015399864614518
+            Virtual Size: '0x5a46'
+        .rdata:
+            Entropy: 5.555982444894318
+            Virtual Size: '0x598'
+        .data:
+            Entropy: 1.445115035315444
+            Virtual Size: '0x5a8'
+        .pdata:
+            Entropy: 4.280897322389318
+            Virtual Size: '0x450'
+        .edata:
+            Entropy: 3.9636482963781448
+            Virtual Size: '0x63'
+        INIT:
+            Entropy: 5.349379600291399
+            Virtual Size: '0x4e0'
+        .rsrc:
+            Entropy: 3.2792136282019944
+            Virtual Size: '0x358'
+        .reloc:
+            Entropy: 1.2355823247516717
+            Virtual Size: '0x48'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3
+                , Microsoft Software Validation v2, CN=Novell, Inc.
+            ValidFrom: '2013-03-05 00:00:00'
+            ValidTo: '2016-06-03 23:59:59'
+            Signature: dbb57cdba61b53b01c104cf3d4e6d31a0b127402fa3a5213dd686a48a858b7581868cb93fe789e249ef175deca865e2387ba579d8088691b5475c836d8c9fcafcca373a0d43c5a07029da9915827d5ca8fb80c0c676ce33f8f028e00d7a197b7ae7b0f726a1eed35d30591fffdbb14bd78c01c1d47cc18de85424fc81bbbbb1733498a35712ed119db159f3939fae462bcf5e2bde54b32c1cbe38a40f6389d5d849459a9401c4c0edeec46fe8dde11e184efb79298c1aa8f0a776e32be63d49b072d7f24c88eded44e6345e5df49a5592094278f8605402082896432b788f3bf1ea2e3912bc3c4bdaf6d609ee52d38fb25b9245441277b5ab7d70b0bda6fbfee
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 22184f284c89a9c053cd2b78b4189eea
+            Version: 3
+            TBS:
+                MD5: 5b1207ffffc0eff3784003d17b3e71a9
+                SHA1: 564b29bd3d1ae704393bf72a6e3e6931d3d4184d
+                SHA256: 2b9c106aae9a1675874a797c8571eb9fcec0a503ca4ddff69603321350fe3e68
+                SHA384: eac8e04313e7d424d650203026e3011abf7f02f40fecd7ab1a139aa229fabe40ac62b1f262780c4b27758214b08f7e87
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 22184f284c89a9c053cd2b78b4189eea
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 01aa65221a48929f0a34a27c4e3011b1
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 948889eac3cc3134cf6f45bcabc52858
+        SHA1: 45227aa1232e6c321ce40939f144bb6c1cf58e12
+        SHA256: 1d640783395631c1b4878ac7945f227c4c4f64fe26dd30cbed755dc440931e85
+    Company: Novell, Inc.
+    Copyright: (C) Copyright 2000-2015, Novell, Inc. All Rights Reserved.
+    CreationTimestamp: '2015-06-26 06:12:50'
+    Date: ''
+    Description: Novell XTier Session Manager
+    ExportedFunctions:
+    - DllGetClassObject
+    - XTCOM_Table
+    FileVersion: 3.1.12.0
+    Filename: ''
+    ImportedFunctions:
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - KeInitializeMutex
+    - PsLookupProcessByProcessId
+    - IoDeleteDevice
+    - RtlEqualUnicodeString
+    - ZwOpenProcessTokenEx
+    - _vsnwprintf
+    - ZwClose
+    - ZwOpenProcess
+    - ZwQueryInformationProcess
+    - DbgPrint
+    - IoCreateDevice
+    - ZwQueryInformationToken
+    - RtlDeleteRegistryValue
+    - PsSetCreateProcessNotifyRoutine
+    - SeRegisterLogonSessionTerminatedRoutine
+    - SeUnregisterLogonSessionTerminatedRoutine
+    - ZwOpenThreadTokenEx
+    - IoGetCurrentProcess
+    - SeMarkLogonSessionForTerminationNotification
+    - PsGetCurrentProcessId
+    - KeBugCheckEx
+    - KeWaitForSingleObject
+    - ObfDereferenceObject
+    - KeReleaseMutex
+    - NicmCreateInstance
+    - NicmDeregisterClassFactory
+    Imports:
+    - ntoskrnl.exe
+    - nicm.sys
+    InternalName: ''
+    MD5: 750d1f07ea9d10b38a33636036c30cca
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: nscm.sys
+    PDBPath: ''
+    Product: Novell XTier
+    ProductVersion: 3.1.12
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 827395be6a60ed22c16a6eeea1843d8a
+        SHA1: 61171f78fedd9cc13cfa2fad18219d2aaf9ab83f
+        SHA256: d9b5607af39de0f2fc8d411d18fc86f6a1394c2b512b8876caef597f9c56dcad
+    SHA1: 085c0ea6980cb93a3afa076764b7866467ac987c
+    SHA256: e7b79fe1377b3da749590c080d4d96e59e622b1013b2183b98c81baa8bf2fffe
+    Sections:
+        .text:
+            Entropy: 6.015399864614518
+            Virtual Size: '0x5a46'
+        .rdata:
+            Entropy: 5.565340382412743
+            Virtual Size: '0x594'
+        .data:
+            Entropy: 1.445115035315444
+            Virtual Size: '0x5a8'
+        .pdata:
+            Entropy: 4.293741702821105
+            Virtual Size: '0x450'
+        .edata:
+            Entropy: 3.9838503165801646
+            Virtual Size: '0x63'
+        INIT:
+            Entropy: 5.349379600291399
+            Virtual Size: '0x4e0'
+        .rsrc:
+            Entropy: 3.2792136282019944
+            Virtual Size: '0x358'
+        .reloc:
+            Entropy: 1.2355823247516717
+            Virtual Size: '0x48'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3
+                , Microsoft Software Validation v2, CN=Novell, Inc.
+            ValidFrom: '2013-03-05 00:00:00'
+            ValidTo: '2016-06-03 23:59:59'
+            Signature: dbb57cdba61b53b01c104cf3d4e6d31a0b127402fa3a5213dd686a48a858b7581868cb93fe789e249ef175deca865e2387ba579d8088691b5475c836d8c9fcafcca373a0d43c5a07029da9915827d5ca8fb80c0c676ce33f8f028e00d7a197b7ae7b0f726a1eed35d30591fffdbb14bd78c01c1d47cc18de85424fc81bbbbb1733498a35712ed119db159f3939fae462bcf5e2bde54b32c1cbe38a40f6389d5d849459a9401c4c0edeec46fe8dde11e184efb79298c1aa8f0a776e32be63d49b072d7f24c88eded44e6345e5df49a5592094278f8605402082896432b788f3bf1ea2e3912bc3c4bdaf6d609ee52d38fb25b9245441277b5ab7d70b0bda6fbfee
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 22184f284c89a9c053cd2b78b4189eea
+            Version: 3
+            TBS:
+                MD5: 5b1207ffffc0eff3784003d17b3e71a9
+                SHA1: 564b29bd3d1ae704393bf72a6e3e6931d3d4184d
+                SHA256: 2b9c106aae9a1675874a797c8571eb9fcec0a503ca4ddff69603321350fe3e68
+                SHA384: eac8e04313e7d424d650203026e3011abf7f02f40fecd7ab1a139aa229fabe40ac62b1f262780c4b27758214b08f7e87
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 22184f284c89a9c053cd2b78b4189eea
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 01aa65221a48929f0a34a27c4e3011b1
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 81c87e8e69594a5970f8034743c82b45
+        SHA1: cbf74b634b651c2c60a72b294a60d37232ea3e84
+        SHA256: 37b9fbd6547091b83b2595bb0f9f9035ae95111868a4393aab52bf22087233d7
+    Company: Novell, Inc.
+    Copyright: (C) Copyright 2000-2012, Novell, Inc. All Rights Reserved.
+    CreationTimestamp: '2012-03-18 19:29:20'
+    Date: ''
+    Description: Novell XTier Session Manager
+    ExportedFunctions:
+    - DllGetClassObject
+    - XTCOM_Table
+    FileVersion: 3.1.10.0
+    Filename: ''
+    ImportedFunctions:
+    - IoDeleteDevice
+    - SeUnregisterLogonSessionTerminatedRoutine
+    - SeRegisterLogonSessionTerminatedRoutine
+    - KeInitializeMutex
+    - IoCreateDevice
+    - KeGetCurrentThread
+    - KeWaitForSingleObject
+    - ZwClose
+    - ZwQueryInformationToken
+    - IoGetCurrentProcess
+    - ZwOpenProcessTokenEx
+    - ZwOpenThreadTokenEx
+    - KeTickCount
+    - DbgPrint
+    - SeMarkLogonSessionForTerminationNotification
+    - KeReleaseMutex
+    - NicmCreateInstance
+    - NicmDeregisterClassFactory
+    Imports:
+    - ntoskrnl.exe
+    - nicm.sys
+    InternalName: ''
+    MD5: 270052c61f4de95ebfbf3a49fb39235f
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: nscm.sys
+    PDBPath: ''
+    Product: Novell XTier
+    ProductVersion: 3.1.10
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: ae2ba4ab28309050013e34523f55d28b
+        SHA1: 87a2ac80c201eae4c50bbd1f7a409014f88a4d2a
+        SHA256: f171d3a30917f5723989ef85e253a97ff4c2b4d968607d7afccf427dd648e364
+    SHA1: ad60e40a148accec0950d8d13bf7182c2bd5dfef
+    SHA256: 0cf91e8f64a7c98dbeab21597bd76723aee892ed8fa4ee44b09f9e75089308e2
+    Sections:
+        .text:
+            Entropy: 6.152906583797422
+            Virtual Size: '0x3505'
+        .rdata:
+            Entropy: 5.934931906449255
+            Virtual Size: '0x2c0'
+        .data:
+            Entropy: 0.6992933847552781
+            Virtual Size: '0x294'
+        .edata:
+            Entropy: 3.8878773391859194
+            Virtual Size: '0x63'
+        INIT:
+            Entropy: 5.3979225181347195
+            Virtual Size: '0x2f8'
+        .rsrc:
+            Entropy: 3.2729254116810207
+            Virtual Size: '0x358'
+        .reloc:
+            Entropy: 6.189610877444558
+            Virtual Size: '0x512'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        -   Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3
+                , Microsoft Software Validation v2, OU=Novell Products Group, CN=Novell,
+                Inc.
+            ValidFrom: '2010-04-03 00:00:00'
+            ValidTo: '2013-04-26 23:59:59'
+            Signature: 2d2eec4636a0c1f359ef30a107e6c2301ad12c09ab9fdac02211aaef81323d1daee3a14a150bf9f4c7d0d788d5f486ea75e40abeb502a2267171be53030fe7614af7a2015eabd4c26e887ec9220beb3666fc68158d2b8dd659e3fe55245821c10e37ddeebac63eb1848512c64a543a13ba6735b156c6dc13395890e8003e03e7c2613e2c1de1dfadfe072cd7655e3b4166fe973233b4f81ecf810541382d67c92f29d76e220543a7179b606011b932cee250f99f260b29e79236cec10b67e0e0e48cb74593a7ce2e3cfafb6c58ac7ae5c10a591037c380b5f7516cac8f4ec695b020ca2445cb9bf97eb56c09d4a62618871b482ef97c5894349e10f62e2ee68b
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 41ec87c0295f2c734169b8a23c66ac9a
+            Version: 3
+            TBS:
+                MD5: b1504f143b89a6080710bafcededb833
+                SHA1: 5c2696893ebba1e81d918a4fadda143c25c77286
+                SHA256: ae1dc09d08e93ace95fe203adfbfadcd4c029529d3f99ab381c368064b58d9a0
+                SHA384: 18c6db711578cfcd4bce87c63d053e242c7c196efc892c2d4a8733cb75bb7dc3cac3f702e0e1d4b7fa2c590acb53fdee
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 41ec87c0295f2c734169b8a23c66ac9a
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    Imphash: 29a2e15ac1622a3daf7da5a78f0cef08
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 8fd0912006f7d1f320c95b39673f7ee3
+        SHA1: 0eb2a02bddee973aef2fdb9f587cdfec7c136407
+        SHA256: 748b6350472e21bab16497e4296794619dede7fcdb188fea1574f89498a2ff54
+    Company: Novell, Inc.
+    Copyright: (C) Copyright 2000-2008, Novell, Inc. All Rights Reserved.
+    CreationTimestamp: '2008-08-18 10:18:12'
+    Date: ''
+    Description: Novell XTier Session Manager
+    ExportedFunctions:
+    - DllGetClassObject
+    - XTCOM_Table
+    FileVersion: 3.1.6.0
+    Filename: ''
+    ImportedFunctions:
+    - IoCreateDevice
+    - SeUnregisterLogonSessionTerminatedRoutine
+    - KeInitializeMutex
+    - IoDeleteDevice
+    - SeRegisterLogonSessionTerminatedRoutine
+    - ZwOpenProcessTokenEx
+    - KeReleaseMutex
+    - ZwClose
+    - SeMarkLogonSessionForTerminationNotification
+    - ZwQueryInformationToken
+    - ZwOpenThreadTokenEx
+    - KeBugCheckEx
+    - KeWaitForSingleObject
+    - IoGetCurrentProcess
+    - DbgPrint
+    - NicmCreateInstance
+    - NicmDeregisterClassFactory
+    Imports:
+    - ntoskrnl.exe
+    - nicm.sys
+    InternalName: ''
+    MD5: ce65b7adcf954eb36df62ea3d4a628c7
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: nscm.sys
+    PDBPath: ''
+    Product: Novell XTier
+    ProductVersion: 3.1.6
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 4a07178c85358a7450e421019955ccee
+        SHA1: 0e0b4edfb21b1a41b2f00f341bc1c6de6a650546
+        SHA256: dd7717af9d41e7c2d7c773f3e063d396ad8676b3d940732451acc1fc28ec9989
+    SHA1: 272ffcda920a8e2440eb0d31dcd05485e0d597ad
+    SHA256: a495ffa623a5220179b0dd519935e255dd6910b7b7bc3d68906528496561ff53
+    Sections:
+        .text:
+            Entropy: 5.981323117886685
+            Virtual Size: '0x4a25'
+        .rdata:
+            Entropy: 5.674341417857536
+            Virtual Size: '0x480'
+        .data:
+            Entropy: 0.8264834692004682
+            Virtual Size: '0x548'
+        .pdata:
+            Entropy: 4.218145333940637
+            Virtual Size: '0x3c0'
+        .edata:
+            Entropy: 3.9838503165801646
+            Virtual Size: '0x63'
+        INIT:
+            Entropy: 5.26537545088398
+            Virtual Size: '0x360'
+        .rsrc:
+            Entropy: 3.289150653685818
+            Virtual Size: '0x350'
+        .reloc:
+            Entropy: 1.2454265871243133
+            Virtual Size: '0x3c'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3
+                , Microsoft Software Validation v2, OU=Novell Products Group, CN=Novell,
+                Inc.
+            ValidFrom: '2007-04-04 00:00:00'
+            ValidTo: '2010-04-27 23:59:59'
+            Signature: 267f71f6ee43755fd6395f85c34bb15a72a6f2a959c2074627d294395fb1aaa4c7bbeff369d735628b233bde7e5c95a0f1837e5ad03704270834ce9c1b07649a256027930f44e064568666b06e7f9dc3cd299b38b0a6766301200ab58434a05a34a369ab99bbbf2aaa6b3603481e0393a80ea09e78a7cf55317a9590c49887f02e1fd948c3b1f6d203e91782ce423d0569f45e7f074205df5f92be6ccd9836641439af4390022242e0ca84aedb0d71c5a50f2dbd1ed30e5ac9c1bda67c694f94f2fe4aa83945ed32e426afe26f44dcb6dcc8186728f86f1a1bddc1ea7dd82b76578a42d1e63bf5f8f348fbcd509094858978e375d277394529df1dd5d78abab2
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 4808d93b14b8600dbfa18dab5d15310f
+            Version: 3
+            TBS:
+                MD5: adddb65a3a360b3c1a55cb33e426f32a
+                SHA1: 93d9b282265288a94ee4f1a01c5fb3a08badb7ac
+                SHA256: d98d63f26125a94eb767fdd2526f6c74bfb40cb4d117a1d87ca3ed0d99bd6f0b
+                SHA384: cf20d9d6343b52b05ebaeace8a75ad950089e2d55508571cf5b153583fdf2d7b11bc61b8f38bfa70f09b2e7ac63d9ef5
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 4808d93b14b8600dbfa18dab5d15310f
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    Imphash: 7d004bbe0f546a91c93562d324307fa7
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 6b6c8f2c44df5aade507397b36071a45
+        SHA1: 9510465b38ab1e05b2c5e9d40f962430916296da
+        SHA256: 0f4ca9e9507724526f2b624d165750344473d388da38b7f3f6a8366dbc15140b
+    Company: Novell, Inc.
+    Copyright: (C) Copyright 2000-2008, Novell, Inc. All Rights Reserved.
+    CreationTimestamp: '2009-09-08 13:40:51'
+    Date: ''
+    Description: Novell XTier Session Manager
+    ExportedFunctions:
+    - DllGetClassObject
+    - XTCOM_Table
+    FileVersion: 3.1.6.0
+    Filename: ''
+    ImportedFunctions:
+    - IoCreateDevice
+    - SeUnregisterLogonSessionTerminatedRoutine
+    - KeInitializeMutex
+    - IoDeleteDevice
+    - SeRegisterLogonSessionTerminatedRoutine
+    - SeMarkLogonSessionForTerminationNotification
+    - KeReleaseMutex
+    - ZwOpenThreadTokenEx
+    - ZwOpenProcessTokenEx
+    - IoGetCurrentProcess
+    - ZwClose
+    - KeBugCheckEx
+    - KeWaitForSingleObject
+    - ZwQueryInformationToken
+    - DbgPrint
+    - NicmCreateInstance
+    - NicmDeregisterClassFactory
+    Imports:
+    - ntoskrnl.exe
+    - nicm.sys
+    InternalName: ''
+    MD5: 8291dcbcbccc2ce28195d04ac616a1b5
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: nscm.sys
+    PDBPath: ''
+    Product: Novell XTier
+    ProductVersion: 3.1.6
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 4a07178c85358a7450e421019955ccee
+        SHA1: 0e0b4edfb21b1a41b2f00f341bc1c6de6a650546
+        SHA256: dd7717af9d41e7c2d7c773f3e063d396ad8676b3d940732451acc1fc28ec9989
+    SHA1: 32f27451c377c8b5ea66be5475c2f2733cffe306
+    SHA256: 14938f68957ede6e2b742a550042119a8fbc9f14427fb89fa53fff12d243561c
+    Sections:
+        .text:
+            Entropy: 5.984908350932489
+            Virtual Size: '0x4c05'
+        .rdata:
+            Entropy: 5.608591774799332
+            Virtual Size: '0x49c'
+        .data:
+            Entropy: 0.8264834692004682
+            Virtual Size: '0x568'
+        .pdata:
+            Entropy: 4.239573253931084
+            Virtual Size: '0x3d8'
+        .edata:
+            Entropy: 3.983850316580165
+            Virtual Size: '0x63'
+        INIT:
+            Entropy: 5.259964214601351
+            Virtual Size: '0x360'
+        .rsrc:
+            Entropy: 3.289150653685818
+            Virtual Size: '0x350'
+        .reloc:
+            Entropy: 1.2454265871243133
+            Virtual Size: '0x3c'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3
+                , Microsoft Software Validation v2, OU=Novell Products Group, CN=Novell,
+                Inc.
+            ValidFrom: '2007-04-04 00:00:00'
+            ValidTo: '2010-04-27 23:59:59'
+            Signature: 267f71f6ee43755fd6395f85c34bb15a72a6f2a959c2074627d294395fb1aaa4c7bbeff369d735628b233bde7e5c95a0f1837e5ad03704270834ce9c1b07649a256027930f44e064568666b06e7f9dc3cd299b38b0a6766301200ab58434a05a34a369ab99bbbf2aaa6b3603481e0393a80ea09e78a7cf55317a9590c49887f02e1fd948c3b1f6d203e91782ce423d0569f45e7f074205df5f92be6ccd9836641439af4390022242e0ca84aedb0d71c5a50f2dbd1ed30e5ac9c1bda67c694f94f2fe4aa83945ed32e426afe26f44dcb6dcc8186728f86f1a1bddc1ea7dd82b76578a42d1e63bf5f8f348fbcd509094858978e375d277394529df1dd5d78abab2
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 4808d93b14b8600dbfa18dab5d15310f
+            Version: 3
+            TBS:
+                MD5: adddb65a3a360b3c1a55cb33e426f32a
+                SHA1: 93d9b282265288a94ee4f1a01c5fb3a08badb7ac
+                SHA256: d98d63f26125a94eb767fdd2526f6c74bfb40cb4d117a1d87ca3ed0d99bd6f0b
+                SHA384: cf20d9d6343b52b05ebaeace8a75ad950089e2d55508571cf5b153583fdf2d7b11bc61b8f38bfa70f09b2e7ac63d9ef5
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 4808d93b14b8600dbfa18dab5d15310f
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    Imphash: b8d0a36d2b14d79dfa08fb2e121f0920
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: e27fcbf5c5155f962e8734d698d38680
+        SHA1: dc05bc4f8de1c51ea6cdca68df880908e1d49eed
+        SHA256: 4c21b7065cb961127ab9e2a0251ab8d50cfd65369a41e88e36bc2908af2b1d8d
+    Company: Novell, Inc.
+    Copyright: (C) Copyright 2000-2013, Novell, Inc. All Rights Reserved.
+    CreationTimestamp: '2013-12-18 02:23:27'
+    Date: ''
+    Description: Novell XTier Session Manager
+    ExportedFunctions:
+    - DllGetClassObject
+    - XTCOM_Table
+    FileVersion: 3.1.11.0
+    Filename: ''
+    ImportedFunctions:
+    - _vsnwprintf
+    - IoDeleteDevice
+    - ZwQueryInformationToken
+    - ZwClose
+    - ZwOpenProcessTokenEx
+    - ZwOpenProcess
+    - PsGetCurrentProcessId
+    - KeInitializeMutex
+    - IoCreateDevice
+    - IoFreeWorkItem
+    - ExFreePoolWithTag
+    - RtlDeleteRegistryValue
+    - KeWaitForSingleObject
+    - ZwQueryInformationProcess
+    - ExAllocatePoolWithTag
+    - IoQueueWorkItemEx
+    - IoAllocateWorkItem
+    - PsSetCreateProcessNotifyRoutine
+    - SeRegisterLogonSessionTerminatedRoutine
+    - SeUnregisterLogonSessionTerminatedRoutine
+    - SeMarkLogonSessionForTerminationNotification
+    - ZwOpenThreadTokenEx
+    - IoGetCurrentProcess
+    - KeTickCount
+    - DbgPrint
+    - RtlEqualUnicodeString
+    - KeReleaseMutex
+    - NicmCreateInstance
+    - NicmDeregisterClassFactory
+    Imports:
+    - ntoskrnl.exe
+    - nicm.sys
+    InternalName: ''
+    MD5: c8f88ca47b393da6acf87fa190e81333
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: nscm.sys
+    PDBPath: ''
+    Product: Novell XTier
+    ProductVersion: 3.1.11
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 12a6588743897399103a71a7b8424725
+        SHA1: 89722c63ce0ed56ed1dd53df18e56c1d83a9c60c
+        SHA256: 27d2e5007a373792d154bcf729da29f4c94c882690b36411bd70b1e00ac49380
+    SHA1: d19d1d3aa30391922989f4c6e3f7dc4937dcefbf
+    SHA256: 202d9703a5b8d06c5f92d2c5218a93431aa55af389007826a9bfaaf900812213
+    Sections:
+        .text:
+            Entropy: 6.2126827062968815
+            Virtual Size: '0x3e80'
+        .rdata:
+            Entropy: 5.967010163773201
+            Virtual Size: '0x317'
+        .data:
+            Entropy: 1.31505443956947
+            Virtual Size: '0x2f4'
+        .edata:
+            Entropy: 3.9157044856724195
+            Virtual Size: '0x63'
+        INIT:
+            Entropy: 5.4937509169523615
+            Virtual Size: '0x414'
+        .rsrc:
+            Entropy: 3.275995301680775
+            Virtual Size: '0x358'
+        .reloc:
+            Entropy: 6.2966285478887905
+            Virtual Size: '0x59c'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3
+                , Microsoft Software Validation v2, CN=Novell, Inc.
+            ValidFrom: '2013-03-05 00:00:00'
+            ValidTo: '2016-06-03 23:59:59'
+            Signature: dbb57cdba61b53b01c104cf3d4e6d31a0b127402fa3a5213dd686a48a858b7581868cb93fe789e249ef175deca865e2387ba579d8088691b5475c836d8c9fcafcca373a0d43c5a07029da9915827d5ca8fb80c0c676ce33f8f028e00d7a197b7ae7b0f726a1eed35d30591fffdbb14bd78c01c1d47cc18de85424fc81bbbbb1733498a35712ed119db159f3939fae462bcf5e2bde54b32c1cbe38a40f6389d5d849459a9401c4c0edeec46fe8dde11e184efb79298c1aa8f0a776e32be63d49b072d7f24c88eded44e6345e5df49a5592094278f8605402082896432b788f3bf1ea2e3912bc3c4bdaf6d609ee52d38fb25b9245441277b5ab7d70b0bda6fbfee
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 22184f284c89a9c053cd2b78b4189eea
+            Version: 3
+            TBS:
+                MD5: 5b1207ffffc0eff3784003d17b3e71a9
+                SHA1: 564b29bd3d1ae704393bf72a6e3e6931d3d4184d
+                SHA256: 2b9c106aae9a1675874a797c8571eb9fcec0a503ca4ddff69603321350fe3e68
+                SHA384: eac8e04313e7d424d650203026e3011abf7f02f40fecd7ab1a139aa229fabe40ac62b1f262780c4b27758214b08f7e87
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 22184f284c89a9c053cd2b78b4189eea
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: e1a5435877b427be967867a25b1d263e
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 3d6cb9acf4c080dd83a0033feef09a4e
+        SHA1: c966a8f171c40ffea5b8464bb7d4e737db0ec175
+        SHA256: 234fc829bfd4d8d5dca351be176f5a06cb29bbfd5632a93cc218936d32a44851
+    Company: Novell, Inc.
+    Copyright: (C) Copyright 2000-2014, Novell, Inc. All Rights Reserved.
+    CreationTimestamp: '2014-08-26 13:58:19'
+    Date: ''
+    Description: Novell XTier Session Manager
+    ExportedFunctions:
+    - DllGetClassObject
+    - XTCOM_Table
+    FileVersion: 3.1.11.0
+    Filename: ''
+    ImportedFunctions:
+    - _vsnwprintf
+    - IoDeleteDevice
+    - ZwQueryInformationToken
+    - ZwClose
+    - ZwOpenProcessTokenEx
+    - ZwOpenProcess
+    - KeInitializeMutex
+    - IoCreateDevice
+    - IoFreeWorkItem
+    - ExFreePoolWithTag
+    - RtlDeleteRegistryValue
+    - RtlEqualUnicodeString
+    - KeWaitForSingleObject
+    - ExAllocatePoolWithTag
+    - IoQueueWorkItemEx
+    - IoAllocateWorkItem
+    - PsSetCreateProcessNotifyRoutine
+    - SeRegisterLogonSessionTerminatedRoutine
+    - SeUnregisterLogonSessionTerminatedRoutine
+    - SeMarkLogonSessionForTerminationNotification
+    - ZwOpenThreadTokenEx
+    - PsGetCurrentProcessId
+    - IoGetCurrentProcess
+    - KeTickCount
+    - DbgPrint
+    - ZwQueryInformationProcess
+    - KeReleaseMutex
+    - NicmCreateInstance
+    - NicmDeregisterClassFactory
+    Imports:
+    - ntoskrnl.exe
+    - nicm.sys
+    InternalName: ''
+    MD5: ba21bfa3d05661ba216873a9ef66a6e2
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: nscm.sys
+    PDBPath: ''
+    Product: Novell XTier
+    ProductVersion: 3.1.11
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 12a6588743897399103a71a7b8424725
+        SHA1: 89722c63ce0ed56ed1dd53df18e56c1d83a9c60c
+        SHA256: 27d2e5007a373792d154bcf729da29f4c94c882690b36411bd70b1e00ac49380
+    SHA1: 7329bb4a7ca98556fa6b05bd4f9b236186e845d1
+    SHA256: 653f6a65e0e608cae217bea2f90f05d8125cf23f83ba01a60de0f5659cfa5d4d
+    Sections:
+        .text:
+            Entropy: 6.214029038984061
+            Virtual Size: '0x3ed8'
+        .rdata:
+            Entropy: 5.951631279530424
+            Virtual Size: '0x311'
+        .data:
+            Entropy: 1.31505443956947
+            Virtual Size: '0x2f4'
+        .edata:
+            Entropy: 3.882925571552858
+            Virtual Size: '0x63'
+        INIT:
+            Entropy: 5.491127473397609
+            Virtual Size: '0x414'
+        .rsrc:
+            Entropy: 3.274996758488867
+            Virtual Size: '0x358'
+        .reloc:
+            Entropy: 6.285236926922213
+            Virtual Size: '0x5a2'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3
+                , Microsoft Software Validation v2, CN=Novell, Inc.
+            ValidFrom: '2013-03-05 00:00:00'
+            ValidTo: '2016-06-03 23:59:59'
+            Signature: dbb57cdba61b53b01c104cf3d4e6d31a0b127402fa3a5213dd686a48a858b7581868cb93fe789e249ef175deca865e2387ba579d8088691b5475c836d8c9fcafcca373a0d43c5a07029da9915827d5ca8fb80c0c676ce33f8f028e00d7a197b7ae7b0f726a1eed35d30591fffdbb14bd78c01c1d47cc18de85424fc81bbbbb1733498a35712ed119db159f3939fae462bcf5e2bde54b32c1cbe38a40f6389d5d849459a9401c4c0edeec46fe8dde11e184efb79298c1aa8f0a776e32be63d49b072d7f24c88eded44e6345e5df49a5592094278f8605402082896432b788f3bf1ea2e3912bc3c4bdaf6d609ee52d38fb25b9245441277b5ab7d70b0bda6fbfee
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 22184f284c89a9c053cd2b78b4189eea
+            Version: 3
+            TBS:
+                MD5: 5b1207ffffc0eff3784003d17b3e71a9
+                SHA1: 564b29bd3d1ae704393bf72a6e3e6931d3d4184d
+                SHA256: 2b9c106aae9a1675874a797c8571eb9fcec0a503ca4ddff69603321350fe3e68
+                SHA384: eac8e04313e7d424d650203026e3011abf7f02f40fecd7ab1a139aa229fabe40ac62b1f262780c4b27758214b08f7e87
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 22184f284c89a9c053cd2b78b4189eea
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 9fc4a96d982ebfd6b9d87c0f3ebef681
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 0d2b36f1bf3378239f699e508290e746
+        SHA1: ccba48d017eb2a19cc9b6b14d3762158dcb02b43
+        SHA256: 8ac341d36e1af8959de6410a976400ded8554f5ffb6a462a8080c38a0140f4d4
+    Company: Novell, Inc.
+    Copyright: (C) Copyright 2000-2011, Novell, Inc. All Rights Reserved.
+    CreationTimestamp: '2011-07-17 21:25:32'
+    Date: ''
+    Description: Novell XTier Session Manager
+    ExportedFunctions:
+    - DllGetClassObject
+    - XTCOM_Table
+    FileVersion: 3.1.6.0
+    Filename: ''
+    ImportedFunctions:
+    - IoDeleteDevice
+    - SeUnregisterLogonSessionTerminatedRoutine
+    - SeRegisterLogonSessionTerminatedRoutine
+    - KeInitializeMutex
+    - IoCreateDevice
+    - SeMarkLogonSessionForTerminationNotification
+    - KeWaitForSingleObject
+    - ZwQueryInformationToken
+    - IoGetCurrentProcess
+    - KeGetCurrentThread
+    - ZwOpenProcessTokenEx
+    - ZwOpenThreadTokenEx
+    - KeTickCount
+    - DbgPrint
+    - ZwClose
+    - KeReleaseMutex
+    - NicmCreateInstance
+    - NicmDeregisterClassFactory
+    Imports:
+    - ntoskrnl.exe
+    - nicm.sys
+    InternalName: ''
+    MD5: 936729b8dc2282037bc1504c2680e3ad
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: nscm.sys
+    PDBPath: ''
+    Product: Novell XTier
+    ProductVersion: 3.1.6
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: a02cb14b3079ba92db28e034cd4eb46b
+        SHA1: 689ab02cafe1533f83f0c290524e175f92949618
+        SHA256: 0e9bdca9f3da40100a47c9cb2af1e7bc370dfb9a1532f19af91e008b2bb6b370
+    SHA1: a5596d4d329add26b9ca9fa7005302148dfacfd8
+    SHA256: 53810ca98e07a567bb082628d95d796f14c218762cbbaa79704740284dccda4b
+    Sections:
+        .text:
+            Entropy: 6.148140674179319
+            Virtual Size: '0x3517'
+        .rdata:
+            Entropy: 5.94388104788726
+            Virtual Size: '0x2c0'
+        .data:
+            Entropy: 0.6992933847552781
+            Virtual Size: '0x294'
+        .edata:
+            Entropy: 3.895502465470399
+            Virtual Size: '0x63'
+        INIT:
+            Entropy: 5.398186625335333
+            Virtual Size: '0x2f0'
+        .rsrc:
+            Entropy: 3.287931080812757
+            Virtual Size: '0x350'
+        .reloc:
+            Entropy: 6.193609607432911
+            Virtual Size: '0x510'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        -   Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3
+                , Microsoft Software Validation v2, OU=Novell Products Group, CN=Novell,
+                Inc.
+            ValidFrom: '2010-04-03 00:00:00'
+            ValidTo: '2013-04-26 23:59:59'
+            Signature: 2d2eec4636a0c1f359ef30a107e6c2301ad12c09ab9fdac02211aaef81323d1daee3a14a150bf9f4c7d0d788d5f486ea75e40abeb502a2267171be53030fe7614af7a2015eabd4c26e887ec9220beb3666fc68158d2b8dd659e3fe55245821c10e37ddeebac63eb1848512c64a543a13ba6735b156c6dc13395890e8003e03e7c2613e2c1de1dfadfe072cd7655e3b4166fe973233b4f81ecf810541382d67c92f29d76e220543a7179b606011b932cee250f99f260b29e79236cec10b67e0e0e48cb74593a7ce2e3cfafb6c58ac7ae5c10a591037c380b5f7516cac8f4ec695b020ca2445cb9bf97eb56c09d4a62618871b482ef97c5894349e10f62e2ee68b
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 41ec87c0295f2c734169b8a23c66ac9a
+            Version: 3
+            TBS:
+                MD5: b1504f143b89a6080710bafcededb833
+                SHA1: 5c2696893ebba1e81d918a4fadda143c25c77286
+                SHA256: ae1dc09d08e93ace95fe203adfbfadcd4c029529d3f99ab381c368064b58d9a0
+                SHA384: 18c6db711578cfcd4bce87c63d053e242c7c196efc892c2d4a8733cb75bb7dc3cac3f702e0e1d4b7fa2c590acb53fdee
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 41ec87c0295f2c734169b8a23c66ac9a
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    Imphash: 052280a42374b8d779c10cd0d8118691
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: aac45578e5c6ab044107b52ce2888349
+        SHA1: e48f528493b963c8660f8c989281fd5b2277f359
+        SHA256: 5271f526b19331c7f8526a5e10b9aedc0ddd325958aa0e908ceaee40692f7ae2
+    Company: Novell, Inc.
+    Copyright: (C) Copyright 2000-2015, Novell, Inc. All Rights Reserved.
+    CreationTimestamp: '2015-06-26 06:12:59'
+    Date: ''
+    Description: Novell XTier Session Manager
+    ExportedFunctions:
+    - DllGetClassObject
+    - XTCOM_Table
+    FileVersion: 3.1.12.0
+    Filename: ''
+    ImportedFunctions:
+    - _vsnwprintf
+    - IoDeleteDevice
+    - ZwQueryInformationToken
+    - ZwClose
+    - ZwOpenProcessTokenEx
+    - ZwOpenProcess
+    - KeInitializeMutex
+    - IoCreateDevice
+    - ExFreePoolWithTag
+    - RtlDeleteRegistryValue
+    - RtlEqualUnicodeString
+    - ZwQueryInformationProcess
+    - KeWaitForSingleObject
+    - ObfDereferenceObject
+    - PsLookupProcessByProcessId
+    - PsSetCreateProcessNotifyRoutine
+    - SeRegisterLogonSessionTerminatedRoutine
+    - SeUnregisterLogonSessionTerminatedRoutine
+    - SeMarkLogonSessionForTerminationNotification
+    - ZwOpenThreadTokenEx
+    - PsGetCurrentProcessId
+    - IoGetCurrentProcess
+    - KeTickCount
+    - KeBugCheckEx
+    - DbgPrint
+    - ExAllocatePoolWithTag
+    - KeReleaseMutex
+    - NicmCreateInstance
+    - NicmDeregisterClassFactory
+    Imports:
+    - ntoskrnl.exe
+    - nicm.sys
+    InternalName: ''
+    MD5: dd38cc344d2a0da1c03e92eb4b89a193
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: nscm.sys
+    PDBPath: ''
+    Product: Novell XTier
+    ProductVersion: 3.1.12
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 05f8ba050a0bc8cacc2ea38ec5bff7bc
+        SHA1: cbf24de195bf2f27d33f360a2e4dbf6a7b4f9f43
+        SHA256: a30dee85df24c564765fe905a90d1e6aa140c185b7f4870fc6fc6680dd0075b2
+    SHA1: 82dbac75b73ff4b92bdcbf6977a6683e1dcfe995
+    SHA256: f77fe6b1e0e913ac109335a8fa2ac4961d35cbbd50729936059aba8700690a9e
+    Sections:
+        .text:
+            Entropy: 6.216974830222535
+            Virtual Size: '0x3f4c'
+        .rdata:
+            Entropy: 5.980250864123602
+            Virtual Size: '0x313'
+        .data:
+            Entropy: 1.31505443956947
+            Virtual Size: '0x2f4'
+        .edata:
+            Entropy: 3.9157044856724195
+            Virtual Size: '0x63'
+        INIT:
+            Entropy: 5.5039626875648695
+            Virtual Size: '0x41e'
+        .rsrc:
+            Entropy: 3.2792136282019944
+            Virtual Size: '0x358'
+        .reloc:
+            Entropy: 6.244068053409568
+            Virtual Size: '0x5a2'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3
+                , Microsoft Software Validation v2, CN=Novell, Inc.
+            ValidFrom: '2013-03-05 00:00:00'
+            ValidTo: '2016-06-03 23:59:59'
+            Signature: dbb57cdba61b53b01c104cf3d4e6d31a0b127402fa3a5213dd686a48a858b7581868cb93fe789e249ef175deca865e2387ba579d8088691b5475c836d8c9fcafcca373a0d43c5a07029da9915827d5ca8fb80c0c676ce33f8f028e00d7a197b7ae7b0f726a1eed35d30591fffdbb14bd78c01c1d47cc18de85424fc81bbbbb1733498a35712ed119db159f3939fae462bcf5e2bde54b32c1cbe38a40f6389d5d849459a9401c4c0edeec46fe8dde11e184efb79298c1aa8f0a776e32be63d49b072d7f24c88eded44e6345e5df49a5592094278f8605402082896432b788f3bf1ea2e3912bc3c4bdaf6d609ee52d38fb25b9245441277b5ab7d70b0bda6fbfee
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 22184f284c89a9c053cd2b78b4189eea
+            Version: 3
+            TBS:
+                MD5: 5b1207ffffc0eff3784003d17b3e71a9
+                SHA1: 564b29bd3d1ae704393bf72a6e3e6931d3d4184d
+                SHA256: 2b9c106aae9a1675874a797c8571eb9fcec0a503ca4ddff69603321350fe3e68
+                SHA384: eac8e04313e7d424d650203026e3011abf7f02f40fecd7ab1a139aa229fabe40ac62b1f262780c4b27758214b08f7e87
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 22184f284c89a9c053cd2b78b4189eea
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 5899e93373114ca9e458e906675132b7
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 0d2b0c403b11961ee8fb42c7c114815f
+        SHA1: b9b60fb3b1c3560b824e168428f0827713aa2f24
+        SHA256: f62282e44713d7d2f4c780027c7bbb82ba0b491c8836dfae33a2d82e8b5a43d2
+    Company: Novell, Inc.
+    Copyright: "Copyright \xA9 1997-2007 Novell, Inc."
+    CreationTimestamp: '2007-08-09 13:35:11'
+    Date: ''
+    Description: Novell XTier Session Manager
+    ExportedFunctions:
+    - DllGetClassObject
+    - XTCOM_Table
+    FileVersion: 2.0.0.0
+    Filename: ''
+    ImportedFunctions:
+    - IoCreateDevice
+    - SeUnregisterLogonSessionTerminatedRoutine
+    - KeInitializeMutex
+    - IoDeleteDevice
+    - SeRegisterLogonSessionTerminatedRoutine
+    - ZwOpenProcessTokenEx
+    - KeReleaseMutex
+    - ZwClose
+    - SeMarkLogonSessionForTerminationNotification
+    - ZwQueryInformationToken
+    - ZwOpenThreadTokenEx
+    - KeBugCheckEx
+    - KeWaitForSingleObject
+    - IoGetCurrentProcess
+    - DbgPrint
+    - NicmCreateInstance
+    - NicmDeregisterClassFactory
+    Imports:
+    - ntoskrnl.exe
+    - nicm.sys
+    InternalName: ''
+    MD5: 5c4df33951d20253a98aa7b5e78e571a
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: nscm.sys
+    PDBPath: ''
+    Product: Novell XTier for Windows
+    ProductVersion: v2.0 (20060808)
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 4a07178c85358a7450e421019955ccee
+        SHA1: 0e0b4edfb21b1a41b2f00f341bc1c6de6a650546
+        SHA256: dd7717af9d41e7c2d7c773f3e063d396ad8676b3d940732451acc1fc28ec9989
+    SHA1: 72f16e6a18ba87248dd72f52445c916ad2e4edc2
+    SHA256: ca34f945117ec853a713183fa4e8cf85ea0c2c49ca26e73d869fee021f7b491d
+    Sections:
+        .text:
+            Entropy: 5.981323117886685
+            Virtual Size: '0x4a25'
+        .rdata:
+            Entropy: 5.666396857833603
+            Virtual Size: '0x480'
+        .data:
+            Entropy: 0.8264834692004682
+            Virtual Size: '0x548'
+        .pdata:
+            Entropy: 4.218145333940637
+            Virtual Size: '0x3c0'
+        .edata:
+            Entropy: 3.9473893016868637
+            Virtual Size: '0x63'
+        INIT:
+            Entropy: 5.26537545088398
+            Virtual Size: '0x360'
+        .rsrc:
+            Entropy: 3.2545231002082082
+            Virtual Size: '0x350'
+        .reloc:
+            Entropy: 1.2454265871243133
+            Virtual Size: '0x3c'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3
+                , Microsoft Software Validation v2, OU=Novell Products Group, CN=Novell,
+                Inc.
+            ValidFrom: '2007-04-04 00:00:00'
+            ValidTo: '2010-04-27 23:59:59'
+            Signature: 267f71f6ee43755fd6395f85c34bb15a72a6f2a959c2074627d294395fb1aaa4c7bbeff369d735628b233bde7e5c95a0f1837e5ad03704270834ce9c1b07649a256027930f44e064568666b06e7f9dc3cd299b38b0a6766301200ab58434a05a34a369ab99bbbf2aaa6b3603481e0393a80ea09e78a7cf55317a9590c49887f02e1fd948c3b1f6d203e91782ce423d0569f45e7f074205df5f92be6ccd9836641439af4390022242e0ca84aedb0d71c5a50f2dbd1ed30e5ac9c1bda67c694f94f2fe4aa83945ed32e426afe26f44dcb6dcc8186728f86f1a1bddc1ea7dd82b76578a42d1e63bf5f8f348fbcd509094858978e375d277394529df1dd5d78abab2
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 4808d93b14b8600dbfa18dab5d15310f
+            Version: 3
+            TBS:
+                MD5: adddb65a3a360b3c1a55cb33e426f32a
+                SHA1: 93d9b282265288a94ee4f1a01c5fb3a08badb7ac
+                SHA256: d98d63f26125a94eb767fdd2526f6c74bfb40cb4d117a1d87ca3ed0d99bd6f0b
+                SHA384: cf20d9d6343b52b05ebaeace8a75ad950089e2d55508571cf5b153583fdf2d7b11bc61b8f38bfa70f09b2e7ac63d9ef5
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 4808d93b14b8600dbfa18dab5d15310f
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    Imphash: 7d004bbe0f546a91c93562d324307fa7
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 985c950cb09a516571021db7e3ad9dde
+        SHA1: a4566fef7b427142afe4b1adf10509e79a91dc32
+        SHA256: cf2ea0e4d21d3774bbacf10a14c75583b448829f87a90b869678fbc4de9b2a99
+    Company: Novell, Inc.
+    Copyright: (C) Copyright 2000-2012, Novell, Inc. All Rights Reserved.
+    CreationTimestamp: '2012-03-18 19:31:45'
+    Date: ''
+    Description: Novell XTier Session Manager
+    ExportedFunctions:
+    - DllGetClassObject
+    - XTCOM_Table
+    FileVersion: 3.1.10.0
+    Filename: ''
+    ImportedFunctions:
+    - KeInitializeMutex
+    - IoDeleteDevice
+    - SeRegisterLogonSessionTerminatedRoutine
+    - IoCreateDevice
+    - SeUnregisterLogonSessionTerminatedRoutine
+    - ZwOpenThreadTokenEx
+    - DbgPrint
+    - IoGetCurrentProcess
+    - ZwClose
+    - SeMarkLogonSessionForTerminationNotification
+    - ZwQueryInformationToken
+    - KeBugCheckEx
+    - KeWaitForSingleObject
+    - ZwOpenProcessTokenEx
+    - KeReleaseMutex
+    - NicmCreateInstance
+    - NicmDeregisterClassFactory
+    Imports:
+    - ntoskrnl.exe
+    - nicm.sys
+    InternalName: ''
+    MD5: 2348508499406dec3b508f349949cb51
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: nscm.sys
+    PDBPath: ''
+    Product: Novell XTier
+    ProductVersion: 3.1.10
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 59cc1d0748cb4a607153e266f1588301
+        SHA1: 7a93a9773c8a5a61a124dc2d7050f6d16b4a747f
+        SHA256: 582ec0f6c156bffd6f8393af28004d47697f3945e9f8d864f979c1576baa6af4
+    SHA1: 6a60f5fa0dfc6c1fa55b24a29df7464ee01a9717
+    SHA256: f62911334068c9edd44b9c3e8dee8155a0097aa331dd4566a61afa3549f35f65
+    Sections:
+        .text:
+            Entropy: 5.988597248647215
+            Virtual Size: '0x4c15'
+        .rdata:
+            Entropy: 5.61556426827557
+            Virtual Size: '0x4ac'
+        .data:
+            Entropy: 0.8264834692004682
+            Virtual Size: '0x568'
+        .pdata:
+            Entropy: 4.204698702019221
+            Virtual Size: '0x3e4'
+        .edata:
+            Entropy: 3.956023170093665
+            Virtual Size: '0x63'
+        INIT:
+            Entropy: 5.304469238732931
+            Virtual Size: '0x380'
+        .rsrc:
+            Entropy: 3.2729254116810207
+            Virtual Size: '0x358'
+        .reloc:
+            Entropy: 1.2454265871243133
+            Virtual Size: '0x3c'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        -   Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3
+                , Microsoft Software Validation v2, OU=Novell Products Group, CN=Novell,
+                Inc.
+            ValidFrom: '2010-04-03 00:00:00'
+            ValidTo: '2013-04-26 23:59:59'
+            Signature: 2d2eec4636a0c1f359ef30a107e6c2301ad12c09ab9fdac02211aaef81323d1daee3a14a150bf9f4c7d0d788d5f486ea75e40abeb502a2267171be53030fe7614af7a2015eabd4c26e887ec9220beb3666fc68158d2b8dd659e3fe55245821c10e37ddeebac63eb1848512c64a543a13ba6735b156c6dc13395890e8003e03e7c2613e2c1de1dfadfe072cd7655e3b4166fe973233b4f81ecf810541382d67c92f29d76e220543a7179b606011b932cee250f99f260b29e79236cec10b67e0e0e48cb74593a7ce2e3cfafb6c58ac7ae5c10a591037c380b5f7516cac8f4ec695b020ca2445cb9bf97eb56c09d4a62618871b482ef97c5894349e10f62e2ee68b
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 41ec87c0295f2c734169b8a23c66ac9a
+            Version: 3
+            TBS:
+                MD5: b1504f143b89a6080710bafcededb833
+                SHA1: 5c2696893ebba1e81d918a4fadda143c25c77286
+                SHA256: ae1dc09d08e93ace95fe203adfbfadcd4c029529d3f99ab381c368064b58d9a0
+                SHA384: 18c6db711578cfcd4bce87c63d053e242c7c196efc892c2d4a8733cb75bb7dc3cac3f702e0e1d4b7fa2c590acb53fdee
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 41ec87c0295f2c734169b8a23c66ac9a
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    Imphash: 0707fe3c02c8d2a4d6219bd0596d76f3
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: be114b63574e247ecf51e79063dbd19b
+        SHA1: 61433a484870ba379064ba353b118497c67c7a7e
+        SHA256: 1204026fdc9c859960ee561eb9f1fd9ebf6c88c78c5d4cee35ef029ad5050ec6
+    Company: Novell, Inc.
+    Copyright: (C) Copyright 2000-2015, Novell, Inc. All Rights Reserved.
+    CreationTimestamp: '2015-09-26 07:24:31'
+    Date: ''
+    Description: Novell XTier Session Manager
+    ExportedFunctions:
+    - DllGetClassObject
+    - XTCOM_Table
+    FileVersion: 3.1.12.0
+    Filename: ''
+    ImportedFunctions:
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - KeInitializeMutex
+    - PsLookupProcessByProcessId
+    - IoDeleteDevice
+    - RtlEqualUnicodeString
+    - ZwOpenProcessTokenEx
+    - _vsnwprintf
+    - ZwClose
+    - ZwOpenProcess
+    - ZwQueryInformationProcess
+    - DbgPrint
+    - IoCreateDevice
+    - ZwQueryInformationToken
+    - RtlDeleteRegistryValue
+    - PsSetCreateProcessNotifyRoutine
+    - SeRegisterLogonSessionTerminatedRoutine
+    - SeUnregisterLogonSessionTerminatedRoutine
+    - ZwOpenThreadTokenEx
+    - IoGetCurrentProcess
+    - SeMarkLogonSessionForTerminationNotification
+    - PsGetCurrentProcessId
+    - KeBugCheckEx
+    - KeWaitForSingleObject
+    - ObfDereferenceObject
+    - KeReleaseMutex
+    - NicmCreateInstance
+    - NicmDeregisterClassFactory
+    Imports:
+    - ntoskrnl.exe
+    - nicm.sys
+    InternalName: ''
+    MD5: 353e5d424668d785f13c904fde3bac84
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: nscm.sys
+    PDBPath: ''
+    Product: Novell XTier
+    ProductVersion: 3.1.12
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 827395be6a60ed22c16a6eeea1843d8a
+        SHA1: 61171f78fedd9cc13cfa2fad18219d2aaf9ab83f
+        SHA256: d9b5607af39de0f2fc8d411d18fc86f6a1394c2b512b8876caef597f9c56dcad
+    SHA1: 1568117f691b41f989f10562f354ee574a6abc2d
+    SHA256: 1675eedd4c7f2ec47002d623bb4ec689ca9683020e0fdb0729a9047c8fb953dd
+    Sections:
+        .text:
+            Entropy: 6.015399864614518
+            Virtual Size: '0x5a46'
+        .rdata:
+            Entropy: 5.541678329889591
+            Virtual Size: '0x590'
+        .data:
+            Entropy: 1.445115035315444
+            Virtual Size: '0x5a8'
+        .pdata:
+            Entropy: 4.281479078212438
+            Virtual Size: '0x450'
+        .edata:
+            Entropy: 3.9838503165801646
+            Virtual Size: '0x63'
+        INIT:
+            Entropy: 5.349379600291399
+            Virtual Size: '0x4e0'
+        .rsrc:
+            Entropy: 3.2792136282019944
+            Virtual Size: '0x358'
+        .reloc:
+            Entropy: 1.2355823247516717
+            Virtual Size: '0x48'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3
+                , Microsoft Software Validation v2, CN=Novell, Inc.
+            ValidFrom: '2013-03-05 00:00:00'
+            ValidTo: '2016-06-03 23:59:59'
+            Signature: dbb57cdba61b53b01c104cf3d4e6d31a0b127402fa3a5213dd686a48a858b7581868cb93fe789e249ef175deca865e2387ba579d8088691b5475c836d8c9fcafcca373a0d43c5a07029da9915827d5ca8fb80c0c676ce33f8f028e00d7a197b7ae7b0f726a1eed35d30591fffdbb14bd78c01c1d47cc18de85424fc81bbbbb1733498a35712ed119db159f3939fae462bcf5e2bde54b32c1cbe38a40f6389d5d849459a9401c4c0edeec46fe8dde11e184efb79298c1aa8f0a776e32be63d49b072d7f24c88eded44e6345e5df49a5592094278f8605402082896432b788f3bf1ea2e3912bc3c4bdaf6d609ee52d38fb25b9245441277b5ab7d70b0bda6fbfee
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 22184f284c89a9c053cd2b78b4189eea
+            Version: 3
+            TBS:
+                MD5: 5b1207ffffc0eff3784003d17b3e71a9
+                SHA1: 564b29bd3d1ae704393bf72a6e3e6931d3d4184d
+                SHA256: 2b9c106aae9a1675874a797c8571eb9fcec0a503ca4ddff69603321350fe3e68
+                SHA384: eac8e04313e7d424d650203026e3011abf7f02f40fecd7ab1a139aa229fabe40ac62b1f262780c4b27758214b08f7e87
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 22184f284c89a9c053cd2b78b4189eea
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 01aa65221a48929f0a34a27c4e3011b1
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 3758930d9496e57668292eba34653f43
+        SHA1: 871a3a9cb2b7288f6e7f5dd21a06c7e04bcdf4ee
+        SHA256: cdcf71696db4031fe3e70969bbe6169744ff91eebb24d6ffb734f922a850183b
+    Company: Novell, Inc.
+    Copyright: (C) Copyright 2000-2013, Novell, Inc. All Rights Reserved.
+    CreationTimestamp: '2013-01-15 23:25:05'
+    Date: ''
+    Description: Novell XTier Session Manager
+    ExportedFunctions:
+    - DllGetClassObject
+    - XTCOM_Table
+    FileVersion: 3.1.11.0
+    Filename: ''
+    ImportedFunctions:
+    - IoDeleteDevice
+    - ZwQueryInformationToken
+    - ZwClose
+    - ZwOpenProcessTokenEx
+    - ZwOpenProcess
+    - PsGetCurrentProcessId
+    - IoFreeWorkItem
+    - ExFreePoolWithTag
+    - RtlEqualUnicodeString
+    - ZwQueryInformationProcess
+    - ExAllocatePoolWithTag
+    - KeWaitForSingleObject
+    - IoAllocateWorkItem
+    - KeInitializeMutex
+    - IoCreateDevice
+    - PsSetCreateProcessNotifyRoutine
+    - SeRegisterLogonSessionTerminatedRoutine
+    - SeUnregisterLogonSessionTerminatedRoutine
+    - SeMarkLogonSessionForTerminationNotification
+    - ZwOpenThreadTokenEx
+    - IoGetCurrentProcess
+    - KeTickCount
+    - DbgPrint
+    - IoQueueWorkItemEx
+    - KeReleaseMutex
+    - NicmCreateInstance
+    - NicmDeregisterClassFactory
+    Imports:
+    - ntoskrnl.exe
+    - nicm.sys
+    InternalName: ''
+    MD5: 81df475ab8d37343f0ad2a55b1397a8f
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: nscm.sys
+    PDBPath: ''
+    Product: Novell XTier
+    ProductVersion: 3.1.11
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 5564e34da652fc7ae9d585925305240b
+        SHA1: 22100f086e6701f0c2d08529a50e32490c1f7992
+        SHA256: 892bc3d48c3a534f764f61a23e33a00474c3abf0bf1280ab3f3e1da1e3fc51c2
+    SHA1: e067024ec42b556fb1e89ca52ef6719aa09cdf89
+    SHA256: 5a661e26cfe5d8dedf8c9644129039cfa40aebb448895187b96a8b7441d52aaa
+    Sections:
+        .text:
+            Entropy: 6.203445234172961
+            Virtual Size: '0x3d1e'
+        .rdata:
+            Entropy: 5.965429698658006
+            Virtual Size: '0x319'
+        .data:
+            Entropy: 1.31505443956947
+            Virtual Size: '0x2f4'
+        .edata:
+            Entropy: 3.895502465470399
+            Virtual Size: '0x63'
+        INIT:
+            Entropy: 5.46396678361327
+            Virtual Size: '0x3e4'
+        .rsrc:
+            Entropy: 3.275995301680775
+            Virtual Size: '0x358'
+        .reloc:
+            Entropy: 6.3111395868300635
+            Virtual Size: '0x58a'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        -   Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3
+                , Microsoft Software Validation v2, OU=Novell Products Group, CN=Novell,
+                Inc.
+            ValidFrom: '2010-04-03 00:00:00'
+            ValidTo: '2013-04-26 23:59:59'
+            Signature: 2d2eec4636a0c1f359ef30a107e6c2301ad12c09ab9fdac02211aaef81323d1daee3a14a150bf9f4c7d0d788d5f486ea75e40abeb502a2267171be53030fe7614af7a2015eabd4c26e887ec9220beb3666fc68158d2b8dd659e3fe55245821c10e37ddeebac63eb1848512c64a543a13ba6735b156c6dc13395890e8003e03e7c2613e2c1de1dfadfe072cd7655e3b4166fe973233b4f81ecf810541382d67c92f29d76e220543a7179b606011b932cee250f99f260b29e79236cec10b67e0e0e48cb74593a7ce2e3cfafb6c58ac7ae5c10a591037c380b5f7516cac8f4ec695b020ca2445cb9bf97eb56c09d4a62618871b482ef97c5894349e10f62e2ee68b
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 41ec87c0295f2c734169b8a23c66ac9a
+            Version: 3
+            TBS:
+                MD5: b1504f143b89a6080710bafcededb833
+                SHA1: 5c2696893ebba1e81d918a4fadda143c25c77286
+                SHA256: ae1dc09d08e93ace95fe203adfbfadcd4c029529d3f99ab381c368064b58d9a0
+                SHA384: 18c6db711578cfcd4bce87c63d053e242c7c196efc892c2d4a8733cb75bb7dc3cac3f702e0e1d4b7fa2c590acb53fdee
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 41ec87c0295f2c734169b8a23c66ac9a
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    Imphash: 61b719638eacc2c5ca299805d4819e69
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: c6ccce2e7b4566f54a6fae9adb1b1c13
+        SHA1: 9e576add0418f0eb1866857633003be454595eb8
+        SHA256: 058c4fbd3a12f0d7ddfc771067f03dea88cc33dd4b61139edcb0b2d17905f084
+    Company: Novell, Inc.
+    Copyright: (C) Copyright 2000-2013, Novell, Inc. All Rights Reserved.
+    CreationTimestamp: '2013-05-29 04:48:33'
+    Date: ''
+    Description: Novell XTier Session Manager
+    ExportedFunctions:
+    - DllGetClassObject
+    - XTCOM_Table
+    FileVersion: 3.1.11.0
+    Filename: ''
+    ImportedFunctions:
+    - IoDeleteDevice
+    - ZwQueryInformationToken
+    - ZwClose
+    - ZwOpenProcessTokenEx
+    - ZwOpenProcess
+    - PsGetCurrentProcessId
+    - IoFreeWorkItem
+    - ExFreePoolWithTag
+    - RtlEqualUnicodeString
+    - ZwQueryInformationProcess
+    - ExAllocatePoolWithTag
+    - KeWaitForSingleObject
+    - IoAllocateWorkItem
+    - KeInitializeMutex
+    - IoCreateDevice
+    - PsSetCreateProcessNotifyRoutine
+    - SeRegisterLogonSessionTerminatedRoutine
+    - SeUnregisterLogonSessionTerminatedRoutine
+    - SeMarkLogonSessionForTerminationNotification
+    - ZwOpenThreadTokenEx
+    - IoGetCurrentProcess
+    - KeTickCount
+    - DbgPrint
+    - IoQueueWorkItemEx
+    - KeReleaseMutex
+    - NicmCreateInstance
+    - NicmDeregisterClassFactory
+    Imports:
+    - ntoskrnl.exe
+    - nicm.sys
+    InternalName: ''
+    MD5: eb61616a7bc58e3f5b8cf855d04808c3
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: nscm.sys
+    PDBPath: ''
+    Product: Novell XTier
+    ProductVersion: 3.1.11
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 5564e34da652fc7ae9d585925305240b
+        SHA1: 22100f086e6701f0c2d08529a50e32490c1f7992
+        SHA256: 892bc3d48c3a534f764f61a23e33a00474c3abf0bf1280ab3f3e1da1e3fc51c2
+    SHA1: fb25e6886d98fe044d0eb7bd42d24a93286266e0
+    SHA256: b0b6a410c22cc36f478ff874d4a23d2e4b4e37c6e55f2a095fc4c3ef32bcb763
+    Sections:
+        .text:
+            Entropy: 6.203445234172961
+            Virtual Size: '0x3d1e'
+        .rdata:
+            Entropy: 5.9628504398204285
+            Virtual Size: '0x317'
+        .data:
+            Entropy: 1.31505443956947
+            Virtual Size: '0x2f4'
+        .edata:
+            Entropy: 3.847194299875986
+            Virtual Size: '0x63'
+        INIT:
+            Entropy: 5.46396678361327
+            Virtual Size: '0x3e4'
+        .rsrc:
+            Entropy: 3.275995301680775
+            Virtual Size: '0x358'
+        .reloc:
+            Entropy: 6.3111395868300635
+            Virtual Size: '0x58a'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3
+                , Microsoft Software Validation v2, CN=Novell, Inc.
+            ValidFrom: '2013-03-05 00:00:00'
+            ValidTo: '2016-06-03 23:59:59'
+            Signature: dbb57cdba61b53b01c104cf3d4e6d31a0b127402fa3a5213dd686a48a858b7581868cb93fe789e249ef175deca865e2387ba579d8088691b5475c836d8c9fcafcca373a0d43c5a07029da9915827d5ca8fb80c0c676ce33f8f028e00d7a197b7ae7b0f726a1eed35d30591fffdbb14bd78c01c1d47cc18de85424fc81bbbbb1733498a35712ed119db159f3939fae462bcf5e2bde54b32c1cbe38a40f6389d5d849459a9401c4c0edeec46fe8dde11e184efb79298c1aa8f0a776e32be63d49b072d7f24c88eded44e6345e5df49a5592094278f8605402082896432b788f3bf1ea2e3912bc3c4bdaf6d609ee52d38fb25b9245441277b5ab7d70b0bda6fbfee
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 22184f284c89a9c053cd2b78b4189eea
+            Version: 3
+            TBS:
+                MD5: 5b1207ffffc0eff3784003d17b3e71a9
+                SHA1: 564b29bd3d1ae704393bf72a6e3e6931d3d4184d
+                SHA256: 2b9c106aae9a1675874a797c8571eb9fcec0a503ca4ddff69603321350fe3e68
+                SHA384: eac8e04313e7d424d650203026e3011abf7f02f40fecd7ab1a139aa229fabe40ac62b1f262780c4b27758214b08f7e87
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 22184f284c89a9c053cd2b78b4189eea
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 61b719638eacc2c5ca299805d4819e69
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 971c1a374c811eac22b6fbfc2511b41c
+        SHA1: 6ba91ab77af48446e377efdcc817d902e1b22fd9
+        SHA256: 52c7b29023ac2a98b7a9c73de790d820d3d6d095bea0b077d4dad53fa97b0731
+    Company: Novell, Inc.
+    Copyright: (C) Copyright 2000-2008, Novell, Inc. All Rights Reserved.
+    CreationTimestamp: '2009-12-18 07:22:32'
+    Date: ''
+    Description: Novell XTier Session Manager
+    ExportedFunctions:
+    - DllGetClassObject
+    - XTCOM_Table
+    FileVersion: 3.1.6.0
+    Filename: ''
+    ImportedFunctions:
+    - IoDeleteDevice
+    - SeUnregisterLogonSessionTerminatedRoutine
+    - SeRegisterLogonSessionTerminatedRoutine
+    - KeInitializeMutex
+    - IoCreateDevice
+    - SeMarkLogonSessionForTerminationNotification
+    - KeWaitForSingleObject
+    - ZwQueryInformationToken
+    - IoGetCurrentProcess
+    - KeGetCurrentThread
+    - ZwOpenProcessTokenEx
+    - ZwOpenThreadTokenEx
+    - KeTickCount
+    - DbgPrint
+    - ZwClose
+    - KeReleaseMutex
+    - NicmCreateInstance
+    - NicmDeregisterClassFactory
+    Imports:
+    - ntoskrnl.exe
+    - nicm.sys
+    InternalName: ''
+    MD5: 5bb840db439eb281927588dbce5f5418
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: nscm.sys
+    PDBPath: ''
+    Product: Novell XTier
+    ProductVersion: 3.1.6
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: a02cb14b3079ba92db28e034cd4eb46b
+        SHA1: 689ab02cafe1533f83f0c290524e175f92949618
+        SHA256: 0e9bdca9f3da40100a47c9cb2af1e7bc370dfb9a1532f19af91e008b2bb6b370
+    SHA1: fa60a89980aad30db3a358fb1c1536a4d31dff6c
+    SHA256: e4cf438838dc10b188b3d4a318fd9ba2479abb078458d7f97591c723e2d637ce
+    Sections:
+        .text:
+            Entropy: 6.149831920888144
+            Virtual Size: '0x3505'
+        .rdata:
+            Entropy: 5.915581864636488
+            Virtual Size: '0x2c7'
+        .data:
+            Entropy: 0.6992933847552781
+            Virtual Size: '0x294'
+        .edata:
+            Entropy: 3.9157044856724195
+            Virtual Size: '0x63'
+        INIT:
+            Entropy: 5.403372974444229
+            Virtual Size: '0x2f0'
+        .rsrc:
+            Entropy: 3.289150653685818
+            Virtual Size: '0x350'
+        .reloc:
+            Entropy: 6.217652346351421
+            Virtual Size: '0x510'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3
+                , Microsoft Software Validation v2, OU=Novell Products Group, CN=Novell,
+                Inc.
+            ValidFrom: '2007-04-04 00:00:00'
+            ValidTo: '2010-04-27 23:59:59'
+            Signature: 267f71f6ee43755fd6395f85c34bb15a72a6f2a959c2074627d294395fb1aaa4c7bbeff369d735628b233bde7e5c95a0f1837e5ad03704270834ce9c1b07649a256027930f44e064568666b06e7f9dc3cd299b38b0a6766301200ab58434a05a34a369ab99bbbf2aaa6b3603481e0393a80ea09e78a7cf55317a9590c49887f02e1fd948c3b1f6d203e91782ce423d0569f45e7f074205df5f92be6ccd9836641439af4390022242e0ca84aedb0d71c5a50f2dbd1ed30e5ac9c1bda67c694f94f2fe4aa83945ed32e426afe26f44dcb6dcc8186728f86f1a1bddc1ea7dd82b76578a42d1e63bf5f8f348fbcd509094858978e375d277394529df1dd5d78abab2
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 4808d93b14b8600dbfa18dab5d15310f
+            Version: 3
+            TBS:
+                MD5: adddb65a3a360b3c1a55cb33e426f32a
+                SHA1: 93d9b282265288a94ee4f1a01c5fb3a08badb7ac
+                SHA256: d98d63f26125a94eb767fdd2526f6c74bfb40cb4d117a1d87ca3ed0d99bd6f0b
+                SHA384: cf20d9d6343b52b05ebaeace8a75ad950089e2d55508571cf5b153583fdf2d7b11bc61b8f38bfa70f09b2e7ac63d9ef5
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 4808d93b14b8600dbfa18dab5d15310f
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    Imphash: 052280a42374b8d779c10cd0d8118691
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: b372031d7a2000669e5de1d85071025b
+        SHA1: 8aa0e754ef4a5f94ae72b76d54fa052264faefbc
+        SHA256: 0174cea1dd70b374f355126ae6be650dff95897d8c8200caac91d4f9e5e5b871
+    Company: Novell, Inc.
+    Copyright: (C) Copyright 2000-2011, Novell, Inc. All Rights Reserved.
+    CreationTimestamp: '2011-09-29 19:30:09'
+    Date: ''
+    Description: Novell XTier Session Manager
+    ExportedFunctions:
+    - DllGetClassObject
+    - XTCOM_Table
+    FileVersion: 3.1.6.0
+    Filename: ''
+    ImportedFunctions:
+    - IoCreateDevice
+    - SeUnregisterLogonSessionTerminatedRoutine
+    - KeInitializeMutex
+    - IoDeleteDevice
+    - SeRegisterLogonSessionTerminatedRoutine
+    - SeMarkLogonSessionForTerminationNotification
+    - KeReleaseMutex
+    - ZwOpenThreadTokenEx
+    - ZwOpenProcessTokenEx
+    - IoGetCurrentProcess
+    - ZwClose
+    - KeBugCheckEx
+    - KeWaitForSingleObject
+    - ZwQueryInformationToken
+    - DbgPrint
+    - NicmCreateInstance
+    - NicmDeregisterClassFactory
+    Imports:
+    - ntoskrnl.exe
+    - nicm.sys
+    InternalName: ''
+    MD5: ddf2655068467d981242ea96e3b88614
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: nscm.sys
+    PDBPath: ''
+    Product: Novell XTier
+    ProductVersion: 3.1.6
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 4a07178c85358a7450e421019955ccee
+        SHA1: 0e0b4edfb21b1a41b2f00f341bc1c6de6a650546
+        SHA256: dd7717af9d41e7c2d7c773f3e063d396ad8676b3d940732451acc1fc28ec9989
+    SHA1: 08efd5e24b5ebfef63b5e488144dc9fb6524eaf1
+    SHA256: 003e61358878c7e49e18420ee0b4a37b51880be40929a76e529c7b3fb18e81b4
+    Sections:
+        .text:
+            Entropy: 5.98589698052852
+            Virtual Size: '0x4c15'
+        .rdata:
+            Entropy: 5.621901106382278
+            Virtual Size: '0x4a8'
+        .data:
+            Entropy: 0.8264834692004682
+            Virtual Size: '0x568'
+        .pdata:
+            Entropy: 4.111090558168592
+            Virtual Size: '0x3d8'
+        .edata:
+            Entropy: 3.9636482963781448
+            Virtual Size: '0x63'
+        INIT:
+            Entropy: 5.259964214601351
+            Virtual Size: '0x360'
+        .rsrc:
+            Entropy: 3.287931080812757
+            Virtual Size: '0x350'
+        .reloc:
+            Entropy: 1.2454265871243133
+            Virtual Size: '0x3c'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        -   Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3
+                , Microsoft Software Validation v2, OU=Novell Products Group, CN=Novell,
+                Inc.
+            ValidFrom: '2010-04-03 00:00:00'
+            ValidTo: '2013-04-26 23:59:59'
+            Signature: 2d2eec4636a0c1f359ef30a107e6c2301ad12c09ab9fdac02211aaef81323d1daee3a14a150bf9f4c7d0d788d5f486ea75e40abeb502a2267171be53030fe7614af7a2015eabd4c26e887ec9220beb3666fc68158d2b8dd659e3fe55245821c10e37ddeebac63eb1848512c64a543a13ba6735b156c6dc13395890e8003e03e7c2613e2c1de1dfadfe072cd7655e3b4166fe973233b4f81ecf810541382d67c92f29d76e220543a7179b606011b932cee250f99f260b29e79236cec10b67e0e0e48cb74593a7ce2e3cfafb6c58ac7ae5c10a591037c380b5f7516cac8f4ec695b020ca2445cb9bf97eb56c09d4a62618871b482ef97c5894349e10f62e2ee68b
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 41ec87c0295f2c734169b8a23c66ac9a
+            Version: 3
+            TBS:
+                MD5: b1504f143b89a6080710bafcededb833
+                SHA1: 5c2696893ebba1e81d918a4fadda143c25c77286
+                SHA256: ae1dc09d08e93ace95fe203adfbfadcd4c029529d3f99ab381c368064b58d9a0
+                SHA384: 18c6db711578cfcd4bce87c63d053e242c7c196efc892c2d4a8733cb75bb7dc3cac3f702e0e1d4b7fa2c590acb53fdee
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 41ec87c0295f2c734169b8a23c66ac9a
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    Imphash: b8d0a36d2b14d79dfa08fb2e121f0920
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: e688b6a82cdde6f902e0a8a5c3a060e6
+        SHA1: 8281e161d667835b26397b4d944b55bb2dea01f9
+        SHA256: 5173b9240e9bcd0d9b25290bb0aa45d156fd5a0080841515ab44f61e0e6bd894
+    Company: Novell, Inc.
+    Copyright: (C) Copyright 2000-2014, Novell, Inc. All Rights Reserved.
+    CreationTimestamp: '2014-11-18 01:10:41'
+    Date: ''
+    Description: Novell XTier Session Manager
+    ExportedFunctions:
+    - DllGetClassObject
+    - XTCOM_Table
+    FileVersion: 3.1.11.0
+    Filename: ''
+    ImportedFunctions:
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - KeInitializeMutex
+    - PsLookupProcessByProcessId
+    - IoDeleteDevice
+    - RtlEqualUnicodeString
+    - ZwOpenProcessTokenEx
+    - _vsnwprintf
+    - ZwClose
+    - ZwOpenProcess
+    - ZwQueryInformationProcess
+    - DbgPrint
+    - IoCreateDevice
+    - ZwQueryInformationToken
+    - RtlDeleteRegistryValue
+    - PsSetCreateProcessNotifyRoutine
+    - SeRegisterLogonSessionTerminatedRoutine
+    - SeUnregisterLogonSessionTerminatedRoutine
+    - ZwOpenThreadTokenEx
+    - IoGetCurrentProcess
+    - SeMarkLogonSessionForTerminationNotification
+    - PsGetCurrentProcessId
+    - KeBugCheckEx
+    - KeWaitForSingleObject
+    - ObfDereferenceObject
+    - KeReleaseMutex
+    - NicmCreateInstance
+    - NicmDeregisterClassFactory
+    Imports:
+    - ntoskrnl.exe
+    - nicm.sys
+    InternalName: ''
+    MD5: d1440503d1528c55fdc569678a663667
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: nscm.sys
+    PDBPath: ''
+    Product: Novell XTier
+    ProductVersion: 3.1.11
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 827395be6a60ed22c16a6eeea1843d8a
+        SHA1: 61171f78fedd9cc13cfa2fad18219d2aaf9ab83f
+        SHA256: d9b5607af39de0f2fc8d411d18fc86f6a1394c2b512b8876caef597f9c56dcad
+    SHA1: d7b20ac695002334f804ffc67705ce6ac5732f91
+    SHA256: 49ef680510e3dac6979a20629d10f06822c78f45b9a62ec209b71827a526be94
+    Sections:
+        .text:
+            Entropy: 6.015399864614518
+            Virtual Size: '0x5a46'
+        .rdata:
+            Entropy: 5.576540355113173
+            Virtual Size: '0x59c'
+        .data:
+            Entropy: 1.445115035315444
+            Virtual Size: '0x5a8'
+        .pdata:
+            Entropy: 4.28138480911378
+            Virtual Size: '0x450'
+        .edata:
+            Entropy: 3.935821149891645
+            Virtual Size: '0x63'
+        INIT:
+            Entropy: 5.349379600291399
+            Virtual Size: '0x4e0'
+        .rsrc:
+            Entropy: 3.274996758488867
+            Virtual Size: '0x358'
+        .reloc:
+            Entropy: 1.2355823247516717
+            Virtual Size: '0x48'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3
+                , Microsoft Software Validation v2, CN=Novell, Inc.
+            ValidFrom: '2013-03-05 00:00:00'
+            ValidTo: '2016-06-03 23:59:59'
+            Signature: dbb57cdba61b53b01c104cf3d4e6d31a0b127402fa3a5213dd686a48a858b7581868cb93fe789e249ef175deca865e2387ba579d8088691b5475c836d8c9fcafcca373a0d43c5a07029da9915827d5ca8fb80c0c676ce33f8f028e00d7a197b7ae7b0f726a1eed35d30591fffdbb14bd78c01c1d47cc18de85424fc81bbbbb1733498a35712ed119db159f3939fae462bcf5e2bde54b32c1cbe38a40f6389d5d849459a9401c4c0edeec46fe8dde11e184efb79298c1aa8f0a776e32be63d49b072d7f24c88eded44e6345e5df49a5592094278f8605402082896432b788f3bf1ea2e3912bc3c4bdaf6d609ee52d38fb25b9245441277b5ab7d70b0bda6fbfee
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 22184f284c89a9c053cd2b78b4189eea
+            Version: 3
+            TBS:
+                MD5: 5b1207ffffc0eff3784003d17b3e71a9
+                SHA1: 564b29bd3d1ae704393bf72a6e3e6931d3d4184d
+                SHA256: 2b9c106aae9a1675874a797c8571eb9fcec0a503ca4ddff69603321350fe3e68
+                SHA384: eac8e04313e7d424d650203026e3011abf7f02f40fecd7ab1a139aa229fabe40ac62b1f262780c4b27758214b08f7e87
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 22184f284c89a9c053cd2b78b4189eea
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 01aa65221a48929f0a34a27c4e3011b1
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 86c7e1fbe71ce4a51fc4842efbe4e80d
+        SHA1: ad20f4fce0a45f0da0a52c077b324daa3aaa4cc9
+        SHA256: aa1c07fc6289ddc2182b11e555073e66b7acbfc17c38efb44ecaa19a6aaf722f
+    Company: Novell, Inc.
+    Copyright: (C) Copyright 2000-2014, Novell, Inc. All Rights Reserved.
+    CreationTimestamp: '2014-08-26 13:58:08'
+    Date: ''
+    Description: Novell XTier Session Manager
+    ExportedFunctions:
+    - DllGetClassObject
+    - XTCOM_Table
+    FileVersion: 3.1.11.0
+    Filename: ''
+    ImportedFunctions:
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - KeInitializeMutex
+    - IoQueueWorkItemEx
+    - IoDeleteDevice
+    - IoFreeWorkItem
+    - RtlEqualUnicodeString
+    - ZwOpenProcessTokenEx
+    - IoAllocateWorkItem
+    - _vsnwprintf
+    - ZwClose
+    - ZwOpenProcess
+    - DbgPrint
+    - IoCreateDevice
+    - ZwQueryInformationToken
+    - RtlDeleteRegistryValue
+    - PsSetCreateProcessNotifyRoutine
+    - SeRegisterLogonSessionTerminatedRoutine
+    - SeUnregisterLogonSessionTerminatedRoutine
+    - ZwOpenThreadTokenEx
+    - IoGetCurrentProcess
+    - SeMarkLogonSessionForTerminationNotification
+    - PsGetCurrentProcessId
+    - KeBugCheckEx
+    - KeWaitForSingleObject
+    - ZwQueryInformationProcess
+    - KeReleaseMutex
+    - NicmCreateInstance
+    - NicmDeregisterClassFactory
+    Imports:
+    - ntoskrnl.exe
+    - nicm.sys
+    InternalName: ''
+    MD5: 71858fa117e6f3309606d5cdb57e6e09
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: nscm.sys
+    PDBPath: ''
+    Product: Novell XTier
+    ProductVersion: 3.1.11
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: e3f809adc7209deac4fee4537f435785
+        SHA1: 5e3af18762ce914887ebf89382c5d285cf246dde
+        SHA256: 1984e5db1da017058f5b288e0517840fdf15983a08932af7e80bf6408eb19efb
+    SHA1: 77a011b5d5d5aaf421a543fcee22cb7979807c60
+    SHA256: a855b6ec385b3369c547a3c54e88a013dd028865aba0f3f08be84cdcbaa9a0f6
+    Sections:
+        .text:
+            Entropy: 6.005303811091079
+            Virtual Size: '0x5956'
+        .rdata:
+            Entropy: 5.502369510844811
+            Virtual Size: '0x598'
+        .data:
+            Entropy: 1.4266625052332786
+            Virtual Size: '0x5a8'
+        .pdata:
+            Entropy: 4.308130710944577
+            Virtual Size: '0x438'
+        .edata:
+            Entropy: 3.9510714024606037
+            Virtual Size: '0x63'
+        INIT:
+            Entropy: 5.340825447936182
+            Virtual Size: '0x4ee'
+        .rsrc:
+            Entropy: 3.274996758488867
+            Virtual Size: '0x358'
+        .reloc:
+            Entropy: 1.2355823247516717
+            Virtual Size: '0x48'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3
+                , Microsoft Software Validation v2, CN=Novell, Inc.
+            ValidFrom: '2013-03-05 00:00:00'
+            ValidTo: '2016-06-03 23:59:59'
+            Signature: dbb57cdba61b53b01c104cf3d4e6d31a0b127402fa3a5213dd686a48a858b7581868cb93fe789e249ef175deca865e2387ba579d8088691b5475c836d8c9fcafcca373a0d43c5a07029da9915827d5ca8fb80c0c676ce33f8f028e00d7a197b7ae7b0f726a1eed35d30591fffdbb14bd78c01c1d47cc18de85424fc81bbbbb1733498a35712ed119db159f3939fae462bcf5e2bde54b32c1cbe38a40f6389d5d849459a9401c4c0edeec46fe8dde11e184efb79298c1aa8f0a776e32be63d49b072d7f24c88eded44e6345e5df49a5592094278f8605402082896432b788f3bf1ea2e3912bc3c4bdaf6d609ee52d38fb25b9245441277b5ab7d70b0bda6fbfee
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 22184f284c89a9c053cd2b78b4189eea
+            Version: 3
+            TBS:
+                MD5: 5b1207ffffc0eff3784003d17b3e71a9
+                SHA1: 564b29bd3d1ae704393bf72a6e3e6931d3d4184d
+                SHA256: 2b9c106aae9a1675874a797c8571eb9fcec0a503ca4ddff69603321350fe3e68
+                SHA384: eac8e04313e7d424d650203026e3011abf7f02f40fecd7ab1a139aa229fabe40ac62b1f262780c4b27758214b08f7e87
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 22184f284c89a9c053cd2b78b4189eea
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 0a8eeabf5981efb2116244785cb03900
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 8e14a79b10ada5719e402ea12dd77111
+        SHA1: 0466c42d770bf9350948d15810f04965f8ab658a
+        SHA256: 11b0e5d7971aaa2a6c4621f068af390f291fd796c202369605c2e0c7940f50ee
+    Company: Novell, Inc.
+    Copyright: (C) Copyright 2000-2008, Novell, Inc. All Rights Reserved.
+    CreationTimestamp: '2009-09-08 13:31:34'
+    Date: ''
+    Description: Novell XTier Session Manager
+    ExportedFunctions:
+    - DllGetClassObject
+    - XTCOM_Table
+    FileVersion: 3.1.6.0
+    Filename: ''
+    ImportedFunctions:
+    - IoDeleteDevice
+    - SeUnregisterLogonSessionTerminatedRoutine
+    - SeRegisterLogonSessionTerminatedRoutine
+    - KeInitializeMutex
+    - IoCreateDevice
+    - SeMarkLogonSessionForTerminationNotification
+    - KeWaitForSingleObject
+    - ZwQueryInformationToken
+    - IoGetCurrentProcess
+    - KeGetCurrentThread
+    - ZwOpenProcessTokenEx
+    - ZwOpenThreadTokenEx
+    - KeTickCount
+    - DbgPrint
+    - ZwClose
+    - KeReleaseMutex
+    - NicmCreateInstance
+    - NicmDeregisterClassFactory
+    Imports:
+    - ntoskrnl.exe
+    - nicm.sys
+    InternalName: ''
+    MD5: 71fffc05cff351a6f26f78441cfebe26
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: nscm.sys
+    PDBPath: ''
+    Product: Novell XTier
+    ProductVersion: 3.1.6
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: a02cb14b3079ba92db28e034cd4eb46b
+        SHA1: 689ab02cafe1533f83f0c290524e175f92949618
+        SHA256: 0e9bdca9f3da40100a47c9cb2af1e7bc370dfb9a1532f19af91e008b2bb6b370
+    SHA1: c1fe7870e202733123715cacae9b02c29494d94d
+    SHA256: 41eeeb0472c7e9c3a7146a2133341cd74dd3f8b5064c9dee2c70e5daa060954f
+    Sections:
+        .text:
+            Entropy: 6.149831920888144
+            Virtual Size: '0x3505'
+        .rdata:
+            Entropy: 5.935542810040417
+            Virtual Size: '0x2b6'
+        .data:
+            Entropy: 0.6992933847552781
+            Virtual Size: '0x294'
+        .edata:
+            Entropy: 3.9157044856724195
+            Virtual Size: '0x63'
+        INIT:
+            Entropy: 5.403372974444229
+            Virtual Size: '0x2f0'
+        .rsrc:
+            Entropy: 3.289150653685818
+            Virtual Size: '0x350'
+        .reloc:
+            Entropy: 6.217652346351421
+            Virtual Size: '0x510'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3
+                , Microsoft Software Validation v2, OU=Novell Products Group, CN=Novell,
+                Inc.
+            ValidFrom: '2007-04-04 00:00:00'
+            ValidTo: '2010-04-27 23:59:59'
+            Signature: 267f71f6ee43755fd6395f85c34bb15a72a6f2a959c2074627d294395fb1aaa4c7bbeff369d735628b233bde7e5c95a0f1837e5ad03704270834ce9c1b07649a256027930f44e064568666b06e7f9dc3cd299b38b0a6766301200ab58434a05a34a369ab99bbbf2aaa6b3603481e0393a80ea09e78a7cf55317a9590c49887f02e1fd948c3b1f6d203e91782ce423d0569f45e7f074205df5f92be6ccd9836641439af4390022242e0ca84aedb0d71c5a50f2dbd1ed30e5ac9c1bda67c694f94f2fe4aa83945ed32e426afe26f44dcb6dcc8186728f86f1a1bddc1ea7dd82b76578a42d1e63bf5f8f348fbcd509094858978e375d277394529df1dd5d78abab2
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 4808d93b14b8600dbfa18dab5d15310f
+            Version: 3
+            TBS:
+                MD5: adddb65a3a360b3c1a55cb33e426f32a
+                SHA1: 93d9b282265288a94ee4f1a01c5fb3a08badb7ac
+                SHA256: d98d63f26125a94eb767fdd2526f6c74bfb40cb4d117a1d87ca3ed0d99bd6f0b
+                SHA384: cf20d9d6343b52b05ebaeace8a75ad950089e2d55508571cf5b153583fdf2d7b11bc61b8f38bfa70f09b2e7ac63d9ef5
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 4808d93b14b8600dbfa18dab5d15310f
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    Imphash: 052280a42374b8d779c10cd0d8118691
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/354a9fcf-acf1-4151-94d2-af88116f605c.yaml b/yaml/354a9fcf-acf1-4151-94d2-af88116f605c.yaml
index 4c4488944..c872a079c 100644
--- a/yaml/354a9fcf-acf1-4151-94d2-af88116f605c.yaml
+++ b/yaml/354a9fcf-acf1-4151-94d2-af88116f605c.yaml
@@ -1,48 +1,48 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 354a9fcf-acf1-4151-94d2-af88116f605c
+Tags:
+- piddrv.sys
+Verified: 'FALSE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create piddrv.sys binPath=C:\windows\temp\piddrv.sys type=kernel
-    && sc.exe start piddrv.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection: []
-Id: 354a9fcf-acf1-4151-94d2-af88116f605c
-KnownVulnerableSamples:
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: piddrv.sys
-  MachineType: ''
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: a7d827a41b2c4b7638495cd1d77926f1ba902978
-  Signature: []
-  LoadsDespiteHVCI: 'FALSE'
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: piddrv.sys
-  MachineType: ''
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: 877c6c36a155109888fe1f9797b93cb30b4957ef
-  Signature: []
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create piddrv.sys binPath=C:\windows\temp\piddrv.sys type=kernel
+        && sc.exe start piddrv.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules
-Tags:
-- piddrv.sys
-Verified: 'FALSE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: piddrv.sys
+    MachineType: ''
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: a7d827a41b2c4b7638495cd1d77926f1ba902978
+    Signature: []
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: piddrv.sys
+    MachineType: ''
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: 877c6c36a155109888fe1f9797b93cb30b4957ef
+    Signature: []
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/35a9afeb-18f1-4c02-a3aa-830e300138ae.yaml b/yaml/35a9afeb-18f1-4c02-a3aa-830e300138ae.yaml
index 37596795d..56fc5cc90 100644
--- a/yaml/35a9afeb-18f1-4c02-a3aa-830e300138ae.yaml
+++ b/yaml/35a9afeb-18f1-4c02-a3aa-830e300138ae.yaml
@@ -1,193 +1,193 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 35a9afeb-18f1-4c02-a3aa-830e300138ae
+Tags:
+- netflt.sys
+Verified: 'TRUE'
 Author: Michael Haag
+Created: '2023-07-22'
+MitreID: T1068
 CVE:
 - ''
 Category: vulnerable drivers
 Commands:
-  Command: ''
-  Description: Confirmed vulnerable driver from Microsoft Block List
-  OperatingSystem: Windows
-  Privileges: kernel
-  Usecase: Elevate privileges
-Created: '2023-07-22'
-Detection:
-- type: ''
-  value: ''
-Id: 35a9afeb-18f1-4c02-a3aa-830e300138ae
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: e6afe5e6540dab647a06673be116690b
-    SHA1: b04ecc8dd0d52fe4552d2c4d693d67fae20c460f
-    SHA256: f8886a9c759e0426e08d55e410b02c5b05af3c287b15970175e4874316ffaf13
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2018-09-29 14:21:09'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: 10.0.0.2
-  Filename: ''
-  ImportedFunctions:
-  - KeBugCheckEx
-  - ZwOpenKey
-  - ZwClose
-  - ZwQueryValueKey
-  - IofCompleteRequest
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - _vsnprintf
-  - MmMapLockedPagesSpecifyCache
-  - KeAcquireSpinLockRaiseToDpc
-  - DbgPrint
-  - KeAcquireSpinLockAtDpcLevel
-  - KeReleaseSpinLockFromDpcLevel
-  - KeReleaseSpinLock
-  - RtlInitUnicodeString
-  - NdisInitializeEvent
-  - NdisRegisterDeviceEx
-  - NdisDeregisterDeviceEx
-  - NdisFSendNetBufferLists
-  - NdisFIndicateReceiveNetBufferLists
-  - NdisFReturnNetBufferLists
-  - NdisFIndicateStatus
-  - NdisWaitEvent
-  - NdisFCancelSendNetBufferLists
-  - NdisFSendNetBufferListsComplete
-  - NdisSetEvent
-  - NdisResetEvent
-  - NdisRetreatNetBufferDataStart
-  - NdisAdvanceNetBufferDataStart
-  - NdisFSetAttributes
-  - NdisFDeregisterFilterDriver
-  - NdisAllocateMemoryWithTagPriority
-  - NdisFRegisterFilterDriver
-  - NdisFreeMemory
-  Imports:
-  - ntoskrnl.exe
-  - NDIS.SYS
-  InternalName: ''
-  MD5: a5ce055e8970dc56498e3525d61e4982
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: '0.0'
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 31ff42aa5ca7dd66d08b22acf09fc77b
-    SHA1: 4714126b3344521afd77ab9af0c0c7f02cad7214
-    SHA256: f01b7291df1bce93e3b404221cf8cee691cb1b79871cce7978d99936d9406ee8
-  SHA1: 51ea4bed7f62e483dc116e9cffd95d8c2e1c9aa8
-  SHA256: cf16a2218fc8a3b6fa5aa4a0bc6205792798078c380ccc7e5041476e0f1bc53d
-  Sections:
-    .text:
-      Entropy: 6.434641089980122
-      Virtual Size: '0x2978'
-    .rdata:
-      Entropy: 4.633162531132468
-      Virtual Size: '0x31c'
-    .data:
-      Entropy: 0.39704400406686285
-      Virtual Size: '0x1a0'
-    .pdata:
-      Entropy: 3.8812217396242468
-      Virtual Size: '0x15c'
-    INIT:
-      Entropy: 5.546551932389904
-      Virtual Size: '0x838'
-    .rsrc:
-      Entropy: 2.7484228256782828
-      Virtual Size: '0x1a0'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=CN, ST=, L=, O=, OU=, CN=
-      ValidFrom: '2017-07-12 00:00:00'
-      ValidTo: '2019-10-11 23:59:59'
-      Signature: 66054a913dde7f2816a209d078362671f9f875b38df2c564fb60288eab00536e96b19b4226330797a4b17376b096a952ac9694328cf09ad080e169ec1e1f04c22f87fa8c61fa54f1398316b2b5e2854009a06af391bbfa7d887b89f9d321ee930d3c5b9fcf0fc9cb6d5dfd77526470968d6fcc224052d891b90618b3830a798150235d4b72535accdec987e46c3469906266bf4705f4c2730e6fad70210172bd85a6f6c5a8e976d3ba1601592e5e421f7cf18e1fecb1f0e1eae8d2d7b4de6de5d4e3c88fbfe90ae699239765d24e9232e5b74a20ab25d0911069017f004cc5a4a492dacef0adffb6ee796e359f6f5f6d6692eaedd9ef71071da40577cbadd79b
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 06ac27b7c8985c4d40006b362e4b42ef
-      Version: 3
-      TBS:
-        MD5: b4f984fa296ebed6a2de0fd41e3a8943
-        SHA1: 1ef4fb65a78f8986bf07cbfadf337c0b7adfa0b9
-        SHA256: 7d0c90a2709a9f0286d90e509680b02696769a960da897dfadeb8d6ecd8b86eb
-        SHA384: fa882fd00b886094491157551f1219e508ede02776edd1b52ec08f8fe28ac7f927274d5c90de802586a9d1d22ebae999
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 06ac27b7c8985c4d40006b362e4b42ef
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 9c8c681f74950997cd571fd838a847b8
-  LoadsDespiteHVCI: 'FALSE'
-MitreID: T1068
+    Command: ''
+    Description: Confirmed vulnerable driver from Microsoft Block List
+    OperatingSystem: Windows
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://gist.github.com/mgraeber-rc/1bde6a2a83237f17b463d051d32e802c
-Tags:
-- netflt.sys
-Verified: 'TRUE'
+Detection:
+-   type: ''
+    value: ''
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: e6afe5e6540dab647a06673be116690b
+        SHA1: b04ecc8dd0d52fe4552d2c4d693d67fae20c460f
+        SHA256: f8886a9c759e0426e08d55e410b02c5b05af3c287b15970175e4874316ffaf13
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2018-09-29 14:21:09'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: 10.0.0.2
+    Filename: ''
+    ImportedFunctions:
+    - KeBugCheckEx
+    - ZwOpenKey
+    - ZwClose
+    - ZwQueryValueKey
+    - IofCompleteRequest
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - _vsnprintf
+    - MmMapLockedPagesSpecifyCache
+    - KeAcquireSpinLockRaiseToDpc
+    - DbgPrint
+    - KeAcquireSpinLockAtDpcLevel
+    - KeReleaseSpinLockFromDpcLevel
+    - KeReleaseSpinLock
+    - RtlInitUnicodeString
+    - NdisInitializeEvent
+    - NdisRegisterDeviceEx
+    - NdisDeregisterDeviceEx
+    - NdisFSendNetBufferLists
+    - NdisFIndicateReceiveNetBufferLists
+    - NdisFReturnNetBufferLists
+    - NdisFIndicateStatus
+    - NdisWaitEvent
+    - NdisFCancelSendNetBufferLists
+    - NdisFSendNetBufferListsComplete
+    - NdisSetEvent
+    - NdisResetEvent
+    - NdisRetreatNetBufferDataStart
+    - NdisAdvanceNetBufferDataStart
+    - NdisFSetAttributes
+    - NdisFDeregisterFilterDriver
+    - NdisAllocateMemoryWithTagPriority
+    - NdisFRegisterFilterDriver
+    - NdisFreeMemory
+    Imports:
+    - ntoskrnl.exe
+    - NDIS.SYS
+    InternalName: ''
+    MD5: a5ce055e8970dc56498e3525d61e4982
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: '0.0'
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 31ff42aa5ca7dd66d08b22acf09fc77b
+        SHA1: 4714126b3344521afd77ab9af0c0c7f02cad7214
+        SHA256: f01b7291df1bce93e3b404221cf8cee691cb1b79871cce7978d99936d9406ee8
+    SHA1: 51ea4bed7f62e483dc116e9cffd95d8c2e1c9aa8
+    SHA256: cf16a2218fc8a3b6fa5aa4a0bc6205792798078c380ccc7e5041476e0f1bc53d
+    Sections:
+        .text:
+            Entropy: 6.434641089980122
+            Virtual Size: '0x2978'
+        .rdata:
+            Entropy: 4.633162531132468
+            Virtual Size: '0x31c'
+        .data:
+            Entropy: 0.39704400406686285
+            Virtual Size: '0x1a0'
+        .pdata:
+            Entropy: 3.8812217396242468
+            Virtual Size: '0x15c'
+        INIT:
+            Entropy: 5.546551932389904
+            Virtual Size: '0x838'
+        .rsrc:
+            Entropy: 2.7484228256782828
+            Virtual Size: '0x1a0'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=CN, ST=, L=, O=, OU=, CN=
+            ValidFrom: '2017-07-12 00:00:00'
+            ValidTo: '2019-10-11 23:59:59'
+            Signature: 66054a913dde7f2816a209d078362671f9f875b38df2c564fb60288eab00536e96b19b4226330797a4b17376b096a952ac9694328cf09ad080e169ec1e1f04c22f87fa8c61fa54f1398316b2b5e2854009a06af391bbfa7d887b89f9d321ee930d3c5b9fcf0fc9cb6d5dfd77526470968d6fcc224052d891b90618b3830a798150235d4b72535accdec987e46c3469906266bf4705f4c2730e6fad70210172bd85a6f6c5a8e976d3ba1601592e5e421f7cf18e1fecb1f0e1eae8d2d7b4de6de5d4e3c88fbfe90ae699239765d24e9232e5b74a20ab25d0911069017f004cc5a4a492dacef0adffb6ee796e359f6f5f6d6692eaedd9ef71071da40577cbadd79b
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 06ac27b7c8985c4d40006b362e4b42ef
+            Version: 3
+            TBS:
+                MD5: b4f984fa296ebed6a2de0fd41e3a8943
+                SHA1: 1ef4fb65a78f8986bf07cbfadf337c0b7adfa0b9
+                SHA256: 7d0c90a2709a9f0286d90e509680b02696769a960da897dfadeb8d6ecd8b86eb
+                SHA384: fa882fd00b886094491157551f1219e508ede02776edd1b52ec08f8fe28ac7f927274d5c90de802586a9d1d22ebae999
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 06ac27b7c8985c4d40006b362e4b42ef
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 9c8c681f74950997cd571fd838a847b8
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/36227ce7-2bf6-4963-bfae-c399000a1079.yaml b/yaml/36227ce7-2bf6-4963-bfae-c399000a1079.yaml
index 45100b64b..51ce8a52b 100644
--- a/yaml/36227ce7-2bf6-4963-bfae-c399000a1079.yaml
+++ b/yaml/36227ce7-2bf6-4963-bfae-c399000a1079.yaml
@@ -1,1582 +1,1588 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 36227ce7-2bf6-4963-bfae-c399000a1079
+Tags:
+- rtif.sys
+Verified: 'TRUE'
 Author: Takahiro Haruyama
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create rtifsys binPath= C:\windows\temp\rtifsys.sys type=kernel
-    && sc.exe start rtifsys
-  Description: The Carbon Black Threat Analysis Unit (TAU) discovered 34 unique vulnerable
-    drivers (237 file hashes) accepting firmware access. Six allow kernel memory access.
-    All give full control of the devices to non-admin users. By exploiting the vulnerable
-    drivers, an attacker without the system privilege may erase/alter firmware, and/or
-    elevate privileges. As of the time of writing in October 2023, the filenames of
-    the vulnerable drivers have not been made public until now.
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-11-02'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: 36227ce7-2bf6-4963-bfae-c399000a1079
-KnownVulnerableSamples:
-- Company: TenAsys Corporation
-  Date: ''
-  Description: INtime PnP RT Kernel Interface Driver
-  FileVersion: '500 built by: WinDDK'
-  Filename: ''
-  MD5: a15235fcec1c9b65d736661d4bec0d38
-  MachineType: AMD64
-  OriginalFilename: rtif.sys
-  Product: INtime
-  ProductVersion: 6.2.17052.1
-  Publisher: ''
-  SHA1: 3c956b524e73586195d704b874e36d49fe42cb6a
-  SHA256: 0d133ced666c798ea63b6d8026ec507d429e834daa7c74e4e091e462e5815180
-  Signature: ''
-  Imphash: 3e8e7e5e779c7064e6bab177167e9e7a
-  Authentihash:
-    MD5: 923686e31f947b09e375b0ff00ee04ee
-    SHA1: efec1e9d398ace84337c6c47cb6faabf25306f61
-    SHA256: 42b528fdde50a21afed0cbdc07a6cb9d22d421eb0228d4782f18d22a83873223
-  RichPEHeaderHash:
-    MD5: bd1a1b47cc595b8cfb7149b488f3a97a
-    SHA1: 29f469189ca25d35b22c3247ea5b72e7329fe047
-    SHA256: 025aad79c2efdc5f9b9de29f3f0bbc8825374fb5322d6170f850af2d466f91e7
-  Sections:
-    .text:
-      Entropy: 6.42952308951736
-      Virtual Size: '0xd732'
-    .rdata:
-      Entropy: 4.907391515300349
-      Virtual Size: '0xb54'
-    .data:
-      Entropy: 2.4272508950715737
-      Virtual Size: '0x1228'
-    .pdata:
-      Entropy: 4.473261789501917
-      Virtual Size: '0x48c'
-    fixupseg:
-      Entropy: 2.130565711500572
-      Virtual Size: '0x90'
-    INIT:
-      Entropy: 5.258083162724522
-      Virtual Size: '0xb42'
-    .rsrc:
-      Entropy: 3.499774553813321
-      Virtual Size: '0x868'
-    .reloc:
-      Entropy: 3.298022087682721
-      Virtual Size: '0x18a'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2017-02-23 00:38:34'
-  InternalName: rtif.sys
-  Copyright: "Copyright \xA9 2002-2017 by TenAsys Corporation."
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - vsprintf
-  - KeSetImportanceDpc
-  - IoWriteErrorLogEntry
-  - KeSetTargetProcessorDpc
-  - KeQueryActiveProcessors
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - IoRegisterShutdownNotification
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeSetEvent
-  - ProbeForWrite
-  - RtlCheckRegistryKey
-  - MmGetSystemRoutineAddress
-  - RtlAppendUnicodeToString
-  - KeInitializeEvent
-  - RtlQueryRegistryValues
-  - KeInitializeDpc
-  - KeReleaseSpinLock
-  - MmFreeContiguousMemory
-  - IoDetachDevice
-  - MmUnmapIoSpace
-  - MmBuildMdlForNonPagedPool
-  - IoFreeMdl
-  - IoAllocateErrorLogEntry
-  - KeDelayExecutionThread
-  - MmGetPhysicalAddress
-  - PsCreateSystemThread
-  - MmMapLockedPagesSpecifyCache
-  - ExAllocatePool
-  - KeRegisterBugCheckCallback
-  - ExInterlockedInsertTailList
-  - PsTerminateSystemThread
-  - MmMapIoSpace
-  - PoStartNextPowerIrp
-  - KeInsertQueueDpc
-  - KeQueryTimeIncrement
-  - ZwClose
-  - IofCompleteRequest
-  - IoConnectInterrupt
-  - KeInitializeSemaphore
-  - ProbeForRead
-  - KeWaitForSingleObject
-  - KeBugCheckEx
-  - RtlWriteRegistryValue
-  - MmProbeAndLockPages
-  - IoAttachDeviceToDeviceStack
-  - PoCallDriver
-  - PsGetVersion
-  - KeReleaseSemaphore
-  - ExInterlockedRemoveHeadList
-  - MmUnlockPages
-  - IoCreateSymbolicLink
-  - PsGetCurrentProcessId
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - IoDisconnectInterrupt
-  - MmGetPhysicalMemoryRanges
-  - ExSetTimerResolution
-  - KeDeregisterBugCheckCallback
-  - RtlCreateRegistryKey
-  - MmAllocateContiguousMemorySpecifyCache
-  - DbgPrint
-  - IoAllocateMdl
-  - MmAllocateContiguousMemory
-  - IofCallDriver
-  - KeAcquireSpinLockRaiseToDpc
-  - qsort
-  - ZwQueryValueKey
-  - ZwEnumerateKey
-  - ZwOpenKey
-  - _strnicmp
-  - ZwCreateKey
-  - RtlAnsiStringToUnicodeString
-  - RtlInitAnsiString
-  - ZwDeleteValueKey
-  - ZwSetValueKey
-  - RtlFreeUnicodeString
-  - ZwEnumerateValueKey
-  - RtlAppendUnicodeStringToString
-  - ZwDeleteKey
-  - ZwQueryKey
-  - ExAllocatePoolWithTag
-  - ObReferenceObjectByHandle
-  - MmUnmapLockedPages
-  - __C_specific_handler
-  - KeStallExecutionProcessor
-  - HalSetBusDataByOffset
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, ST=Oregon, L=Beaverton, O=TenAsys Corporation, CN=TenAsys Corporation
-      ValidFrom: '2016-01-26 00:00:00'
-      ValidTo: '2019-02-24 23:59:59'
-      Signature: 6bd65ca638e319d95314b25cd934e3b93dfe0fd0a45123b253614bf02fa046d4326211369af0b0f1988ad29782701d61af07f7f634efc70629fb1dd50516734e782eabcdc7f1ad6b8688c5c76d126d606d2682e47161beea2975cb77c2c8800461b8efdfd4bcb71f9a3bce4d05443986bf681844c23506bf93ffb898f9b10e4303357499b7796367fc830318dc56b858f1b176b59c85a3cc70f82f788ebb3c5eeeea61e4d6ef9ab459e72d2ed29fb2fd37c0bd4877fc20e72a5cb383e65eadf55d63f6a2e6826234998a2a89cb26026d952dd214be4b50019cc8d81d8d53140ed344c19d73ac5c8a409241a1de1439e6380d86fbb445d1866f6ebff417f5c619
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 48144e98914632372cfb97f19d0ee4be
-      Version: 3
-      TBS:
-        MD5: 0e9a3389871e543043e804810ec35578
-        SHA1: b9490c80c0c0eea4c32883344f8b7538baf933b4
-        SHA256: 1ae6947dea0d79584c9678bea92bae639831ccceb8123668f6999cc9595c4208
-        SHA384: 8d6517b399feaae8a88957a932f54f0e78ad577b94ea177acd7aa4ddabda5a69e93d44c6fa6824191e2c331ec581b910
-    - Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 SHA256 Code Signing CA
-      ValidFrom: '2013-12-10 00:00:00'
-      ValidTo: '2023-12-09 23:59:59'
-      Signature: 13851a1e69a937f7a0bda4af7e1d6153fe9d8c5e0ca6751e781723ddfdec1a035539fb7195c7655aa78e30d2445a61db706fda2105c22e73ba49f1d193fe5dc9cd5e03e0899e3f741ed7f7388ba9d6cfbb352f3358a89256d1c84d3b82e6798416fc28b0b147f31da23eee87d9a67fa456a53fad842e29de7cbca8aaa33d0401eaba93a20e502229174c87e43a115fd6a425899b056b2fb4c9014c277b0bac190522a060153fdac9fb4d4c8ffb726777fd2794c7ba350e8849fe8dfd28af4a12bd0db39705de440c15fa362b03dcc15001f1a1115d14e5e2bd274b54be2b845e0fa6c374050aef97c38922b11f77f3bdcd43d4f14ca93fb58b84af64f2d01421
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 3d78d7f9764960b2617df4f01eca862a
-      Version: 3
-      TBS:
-        MD5: 1f056ff7d5f874984dc605402b7cb042
-        SHA1: bdb348353a2203deb4b767914fa1bd7248dd728b
-        SHA256: a08e79c386083d875014c409c13d144e0a24386132980df11ff59737c8489eb1
-        SHA384: fa2729064b49e0d77540c1ee95d5f74acaf8eaf55197851a3a40383335f8113e51190bc48b552196edf8ac5cf0c89278
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    Signer:
-    - SerialNumber: 48144e98914632372cfb97f19d0ee4be
-      Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 SHA256 Code Signing CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: TenAsys Corporation
-  Date: ''
-  Description: INtime PnP RT Kernel Interface Driver
-  FileVersion: '500 built by: WinDDK'
-  Filename: ''
-  MD5: 1873a2ce2df273d409c47094bc269285
-  MachineType: I386
-  OriginalFilename: rtif.sys
-  Product: INtime
-  ProductVersion: 6.2.17052.1
-  Publisher: ''
-  SHA1: f049e68720a5f377a5c529ca82d1147fe21b4c33
-  SHA256: 3670ccd9515d529bb31751fcd613066348057741adeaf0bffd1b9a54eb8baa76
-  Signature: ''
-  Imphash: d61d30746681d0fda9bfd9e8af061b2a
-  Authentihash:
-    MD5: 7af3a3a48cb2049abc8c62efcd984bd0
-    SHA1: f679711f5625ce95c6ebaaf554e9c26d89db0564
-    SHA256: f46c524b79b9b1eb7efd5275dd1604de94560b52edca70ba4e47037f4b55da47
-  RichPEHeaderHash:
-    MD5: 8af78de3036a1a61c2f7960f304e2fd8
-    SHA1: 9b85ed0afe26a8379ad12783d99bfffaca008da0
-    SHA256: bf1fc947f315f3d5b99704872d19fb65dbef65beeeeb9b72df2d998e6845ef63
-  Sections:
-    .text:
-      Entropy: 6.587141921945886
-      Virtual Size: '0x10ac9'
-    .rdata:
-      Entropy: 4.617227098056416
-      Virtual Size: '0x544'
-    .data:
-      Entropy: 2.302558601990261
-      Virtual Size: '0x3eac'
-    fixupseg:
-      Entropy: 3.876717193094394
-      Virtual Size: '0x38'
-    INIT:
-      Entropy: 5.660866508935075
-      Virtual Size: '0xade'
-    .rsrc:
-      Entropy: 3.502457842619463
-      Virtual Size: '0x868'
-    .reloc:
-      Entropy: 6.577761371802183
-      Virtual Size: '0x1338'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2017-02-23 00:38:31'
-  InternalName: rtif.sys
-  Copyright: "Copyright \xA9 2002-2017 by TenAsys Corporation."
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - ProbeForWrite
-  - memcpy
-  - KeReleaseSemaphore
-  - MmFreeContiguousMemory
-  - MmUnmapIoSpace
-  - _aullshr
-  - KeSetEvent
-  - KeWaitForSingleObject
-  - IofCallDriver
-  - KeInitializeEvent
-  - MmBuildMdlForNonPagedPool
-  - MmUnmapLockedPages
-  - IoFreeMdl
-  - MmMapLockedPagesSpecifyCache
-  - IoAllocateMdl
-  - RtlQueryRegistryValues
-  - memset
-  - ExAllocatePoolWithTag
-  - RtlWriteRegistryValue
-  - RtlCreateRegistryKey
-  - RtlCheckRegistryKey
-  - RtlAppendUnicodeToString
-  - memmove
-  - RtlInitUnicodeString
-  - IoWriteErrorLogEntry
-  - IoAllocateErrorLogEntry
-  - vsprintf
-  - KeInsertQueueDpc
-  - PsTerminateSystemThread
-  - KeDelayExecutionThread
-  - KeBugCheckEx
-  - KeInitializeSemaphore
-  - PsGetCurrentProcessId
-  - ExSetTimerResolution
-  - KeQueryTimeIncrement
-  - ExfInterlockedInsertTailList
-  - ExfInterlockedRemoveHeadList
-  - MmUnlockPages
-  - MmProbeAndLockPages
-  - PsGetVersion
-  - KeDeregisterBugCheckCallback
-  - ExFreePoolWithTag
-  - KeRegisterBugCheckCallback
-  - ProbeForRead
-  - ZwClose
-  - ZwSetInformationThread
-  - PsCreateSystemThread
-  - _aulldiv
-  - IoDisconnectInterrupt
-  - ObfDereferenceObject
-  - PoCallDriver
-  - IofCompleteRequest
-  - PoStartNextPowerIrp
-  - IoConnectInterrupt
-  - IoDeleteDevice
-  - IoDetachDevice
-  - IoDeleteSymbolicLink
-  - IoRegisterShutdownNotification
-  - IoAttachDeviceToDeviceStack
-  - KeSetImportanceDpc
-  - KeInitializeDpc
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - ObReferenceObjectByHandle
-  - MmGetPhysicalMemoryRanges
-  - KeSetTargetProcessorDpc
-  - KeQueryActiveProcessors
-  - MmGetSystemRoutineAddress
-  - RtlFreeUnicodeString
-  - ZwCreateKey
-  - RtlAppendUnicodeStringToString
-  - RtlxAnsiStringToUnicodeSize
-  - NlsMbCodePageTag
-  - RtlAnsiStringToUnicodeString
-  - RtlInitAnsiString
-  - ZwDeleteValueKey
-  - ZwEnumerateKey
-  - ZwEnumerateValueKey
-  - ZwOpenKey
-  - ZwQueryKey
-  - ZwQueryValueKey
-  - ZwSetValueKey
-  - ZwDeleteKey
-  - qsort
-  - _allshl
-  - KeTickCount
-  - RtlUnwind
-  - MmMapIoSpace
-  - MmAllocateContiguousMemorySpecifyCache
-  - MmAllocateContiguousMemory
-  - MmGetPhysicalAddress
-  - DbgPrint
-  - _allmul
-  - KeGetCurrentThread
-  - ExAllocatePool
-  - Kei386EoiHelper
-  - KfRaiseIrql
-  - KfLowerIrql
-  - KeStallExecutionProcessor
-  - KfReleaseSpinLock
-  - KfAcquireSpinLock
-  - HalEndSystemInterrupt
-  - HalBeginSystemInterrupt
-  - KeGetCurrentIrql
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, ST=Oregon, L=Beaverton, O=TenAsys Corporation, CN=TenAsys Corporation
-      ValidFrom: '2016-01-26 00:00:00'
-      ValidTo: '2019-02-24 23:59:59'
-      Signature: 6bd65ca638e319d95314b25cd934e3b93dfe0fd0a45123b253614bf02fa046d4326211369af0b0f1988ad29782701d61af07f7f634efc70629fb1dd50516734e782eabcdc7f1ad6b8688c5c76d126d606d2682e47161beea2975cb77c2c8800461b8efdfd4bcb71f9a3bce4d05443986bf681844c23506bf93ffb898f9b10e4303357499b7796367fc830318dc56b858f1b176b59c85a3cc70f82f788ebb3c5eeeea61e4d6ef9ab459e72d2ed29fb2fd37c0bd4877fc20e72a5cb383e65eadf55d63f6a2e6826234998a2a89cb26026d952dd214be4b50019cc8d81d8d53140ed344c19d73ac5c8a409241a1de1439e6380d86fbb445d1866f6ebff417f5c619
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 48144e98914632372cfb97f19d0ee4be
-      Version: 3
-      TBS:
-        MD5: 0e9a3389871e543043e804810ec35578
-        SHA1: b9490c80c0c0eea4c32883344f8b7538baf933b4
-        SHA256: 1ae6947dea0d79584c9678bea92bae639831ccceb8123668f6999cc9595c4208
-        SHA384: 8d6517b399feaae8a88957a932f54f0e78ad577b94ea177acd7aa4ddabda5a69e93d44c6fa6824191e2c331ec581b910
-    - Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 SHA256 Code Signing CA
-      ValidFrom: '2013-12-10 00:00:00'
-      ValidTo: '2023-12-09 23:59:59'
-      Signature: 13851a1e69a937f7a0bda4af7e1d6153fe9d8c5e0ca6751e781723ddfdec1a035539fb7195c7655aa78e30d2445a61db706fda2105c22e73ba49f1d193fe5dc9cd5e03e0899e3f741ed7f7388ba9d6cfbb352f3358a89256d1c84d3b82e6798416fc28b0b147f31da23eee87d9a67fa456a53fad842e29de7cbca8aaa33d0401eaba93a20e502229174c87e43a115fd6a425899b056b2fb4c9014c277b0bac190522a060153fdac9fb4d4c8ffb726777fd2794c7ba350e8849fe8dfd28af4a12bd0db39705de440c15fa362b03dcc15001f1a1115d14e5e2bd274b54be2b845e0fa6c374050aef97c38922b11f77f3bdcd43d4f14ca93fb58b84af64f2d01421
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 3d78d7f9764960b2617df4f01eca862a
-      Version: 3
-      TBS:
-        MD5: 1f056ff7d5f874984dc605402b7cb042
-        SHA1: bdb348353a2203deb4b767914fa1bd7248dd728b
-        SHA256: a08e79c386083d875014c409c13d144e0a24386132980df11ff59737c8489eb1
-        SHA384: fa2729064b49e0d77540c1ee95d5f74acaf8eaf55197851a3a40383335f8113e51190bc48b552196edf8ac5cf0c89278
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    Signer:
-    - SerialNumber: 48144e98914632372cfb97f19d0ee4be
-      Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 SHA256 Code Signing CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: TenAsys Corporation
-  Date: ''
-  Description: INtime PnP RT Kernel Interface Driver
-  FileVersion: '420 built by: WinDDK'
-  Filename: ''
-  MD5: 112b4a6d8c205c1287c66ad0009c3226
-  MachineType: AMD64
-  OriginalFilename: rtif.sys
-  Product: INtime
-  ProductVersion: 4.2.11285.1
-  Publisher: ''
-  SHA1: 0caf4e86b14aaab7e10815389fcd635988bc6637
-  SHA256: 4ce8583768720be90fae66eed3b6b4a8c7c64e033be53d4cd98246d6e06086d0
-  Signature: ''
-  Imphash: c12f7aec6ebe84a8390c82720adfc237
-  Authentihash:
-    MD5: e6dc1afaf3f32d09e92e237291b0e634
-    SHA1: 7c594957e490db58473132f699b4bac82f4928ed
-    SHA256: ba6c0c9b64fa739158b5f4465d53e67e574e4b954c8e143cf4e299f5daa65b60
-  RichPEHeaderHash:
-    MD5: 997e86308bb3d4c9955a3f0e555bbb27
-    SHA1: a8e0bae7f09f9a80fadb797b1b49e08365f0c100
-    SHA256: 0aff0c81695a78ab174c12bf46bea5496ea265cd6a997b22aa7b2299d38f420b
-  Sections:
-    .text:
-      Entropy: 6.44011759982148
-      Virtual Size: '0xa5c6'
-    .rdata:
-      Entropy: 4.742166212153357
-      Virtual Size: '0x9ac'
-    .data:
-      Entropy: 2.278701113566387
-      Virtual Size: '0x112c'
-    .pdata:
-      Entropy: 4.385610410851554
-      Virtual Size: '0x390'
-    fixupseg:
-      Entropy: 2.1424575919897277
-      Virtual Size: '0x90'
-    INIT:
-      Entropy: 5.224428786014072
-      Virtual Size: '0xace'
-    .rsrc:
-      Entropy: 3.491997169876269
-      Virtual Size: '0x868'
-    .reloc:
-      Entropy: 3.3374282311041794
-      Virtual Size: '0x158'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2011-10-12 11:36:49'
-  InternalName: rtif.sys
-  Copyright: "Copyright \xA9 2000-2011 by TenAsys Corporation."
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoCreateDevice
-  - vsprintf
-  - KeReleaseSpinLock
-  - IoDisconnectInterrupt
-  - MmFreeContiguousMemory
-  - IoConnectInterrupt
-  - KeSetImportanceDpc
-  - IoWriteErrorLogEntry
-  - KeInitializeSemaphore
-  - KeSetTargetProcessorDpc
-  - IoDetachDevice
-  - ObReferenceObjectByHandle
-  - MmGetPhysicalMemoryRanges
-  - KeWaitForSingleObject
-  - MmUnmapIoSpace
-  - KeBugCheckEx
-  - ExSetTimerResolution
-  - KeQueryActiveProcessors
-  - MmBuildMdlForNonPagedPool
-  - IoFreeMdl
-  - KeDeregisterBugCheckCallback
-  - IoAllocateErrorLogEntry
-  - RtlWriteRegistryValue
-  - IoDeleteSymbolicLink
-  - RtlCreateRegistryKey
-  - ExFreePoolWithTag
-  - MmProbeAndLockPages
-  - KeDelayExecutionThread
-  - MmAllocateContiguousMemorySpecifyCache
-  - IoRegisterShutdownNotification
-  - MmGetPhysicalAddress
-  - IoAttachDeviceToDeviceStack
-  - DbgPrint
-  - PoCallDriver
-  - PsCreateSystemThread
-  - IoAllocateMdl
-  - PsGetVersion
-  - MmAllocateContiguousMemory
-  - MmMapLockedPagesSpecifyCache
-  - IofCompleteRequest
-  - IofCallDriver
-  - ExAllocatePool
-  - KeRegisterBugCheckCallback
-  - ExInterlockedRemoveHeadList
-  - KeAcquireSpinLockRaiseToDpc
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - ExInterlockedInsertTailList
-  - KeSetEvent
-  - MmUnlockPages
-  - RtlCheckRegistryKey
-  - PsTerminateSystemThread
-  - MmMapIoSpace
-  - PoStartNextPowerIrp
-  - RtlAppendUnicodeToString
-  - IoCreateSymbolicLink
-  - KeInitializeEvent
-  - KeInsertQueueDpc
-  - PsGetCurrentProcessId
-  - RtlQueryRegistryValues
-  - KeQueryTimeIncrement
-  - MmUnmapLockedPages
-  - ZwClose
-  - ObfDereferenceObject
-  - qsort
-  - ZwSetValueKey
-  - RtlFreeUnicodeString
-  - ZwQueryValueKey
-  - ZwEnumerateValueKey
-  - RtlAppendUnicodeStringToString
-  - ZwDeleteKey
-  - ZwEnumerateKey
-  - ZwQueryKey
-  - ZwOpenKey
-  - _strnicmp
-  - ZwCreateKey
-  - RtlAnsiStringToUnicodeString
-  - RtlInitAnsiString
-  - ZwDeleteValueKey
-  - ExAllocatePoolWithTag
-  - KeReleaseSemaphore
-  - KeInitializeDpc
-  - __C_specific_handler
-  - KeStallExecutionProcessor
-  - HalSetBusDataByOffset
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, ST=Oregon, O=TenAsys Corporation, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=TenAsys Corporation
-      ValidFrom: '2009-11-10 00:00:00'
-      ValidTo: '2013-01-06 23:59:59'
-      Signature: 262c2f37a476974743e60dea46e83c8b4f65e6080c0ad73557ae2262c5721ef497d887050c3750baaf8d442a40f94e45ea242af60d001e3a63b274125909eaf0a5ca5a1958e52b455e78709ec5e25edd7905501cd98a76dd067013f5f3097df87fc7640cdbfa2e927088ba6c802ce950ecd8b2d31b19844dab4fb762117b685443fadb0b98ec5ebfab39e258189876a130dd632db1a835098089efda7577f306a3fe0f98101c61fe3c47d982e49b15da79af2be683539ffbb0db498c828e26d181a2c870df943f3afcb6821a0c5f9d5c5738b37f76dea2a8edf5f616489325755ba599e893bfaab9db2d7b27f2fdfea22ff39d8ae67632ee0b05fed784519d8a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 51bcef5e74e1e3b240d5810567ce302c
-      Version: 3
-      TBS:
-        MD5: 73212ac71d9ad2c80562d2b9c9731baf
-        SHA1: 56bc1887672e29ec35d3616eb18842f939f10189
-        SHA256: d66372658e2b18b256863b7744069002eccb9cb315fc86709cf9d2721e6f70bc
-        SHA384: 458ceb8f5cd2b86fb13ca1c1ac1c69aa60c8848f3f1735bbeb59d4286eb73f1270513282e8144066b9e1fc641a881fb6
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 51bcef5e74e1e3b240d5810567ce302c
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: TenAsys Corporation
-  Date: ''
-  Description: INtime PnP RT Kernel Interface Driver
-  FileVersion: '500 built by: WinDDK'
-  Filename: ''
-  MD5: 35fbc4c04c31c1a40e666be6529c6321
-  MachineType: AMD64
-  OriginalFilename: rtif.sys
-  Product: INtime
-  ProductVersion: 6.4.21343.1
-  Publisher: ''
-  SHA1: f130e82524d8f5af403c3b0e0ffa4b64fedeec92
-  SHA256: 9399f35b90f09b41f9eeda55c8e37f6d1cb22de6e224e54567d1f0865a718727
-  Signature: ''
-  Imphash: c61a46ffe79d3f7d6307c0d2ae5f391e
-  Authentihash:
-    MD5: 290543f10941cfee914bdd8dda18265b
-    SHA1: d5ecb45182c0abe8797cd44811e8149728c3be88
-    SHA256: c662ed197a5849cf491ee099885f8855b4f8a3d0f5b664c772f2b89c0314b44e
-  RichPEHeaderHash:
-    MD5: d6fb66aaac430a7dc9c7713f79d69cca
-    SHA1: d6b38a27252781d408366fedf64b511430abc6c4
-    SHA256: 216010c066da2a14201dd77209feba952fd16158edddee4747f2587041501963
-  Sections:
-    .text:
-      Entropy: 6.44001479611193
-      Virtual Size: '0xe5b2'
-    .rdata:
-      Entropy: 4.918478454999801
-      Virtual Size: '0xc7c'
-    .data:
-      Entropy: 2.439249315977124
-      Virtual Size: '0x1558'
-    .pdata:
-      Entropy: 4.792418577201328
-      Virtual Size: '0x4a4'
-    fixupseg:
-      Entropy: 2.1620193574240503
-      Virtual Size: '0x90'
-    INIT:
-      Entropy: 5.281621749998813
-      Virtual Size: '0xb32'
-    .rsrc:
-      Entropy: 3.496623662060939
-      Virtual Size: '0x868'
-    .reloc:
-      Entropy: 3.2671345238840304
-      Virtual Size: '0x194'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2021-12-09 14:10:02'
-  InternalName: rtif.sys
-  Copyright: "Copyright \xA9 2002-2021 by TenAsys Corporation."
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - vsprintf
-  - KeSetImportanceDpc
-  - IoWriteErrorLogEntry
-  - KeSetTargetProcessorDpc
-  - KeQueryActiveProcessors
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - IoRegisterShutdownNotification
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeSetEvent
-  - ProbeForWrite
-  - RtlCheckRegistryKey
-  - MmGetSystemRoutineAddress
-  - RtlAppendUnicodeToString
-  - KeInitializeEvent
-  - RtlQueryRegistryValues
-  - KeInitializeDpc
-  - KeReleaseSpinLock
-  - MmFreeContiguousMemory
-  - IoDetachDevice
-  - MmUnmapIoSpace
-  - MmBuildMdlForNonPagedPool
-  - IoFreeMdl
-  - IoAllocateErrorLogEntry
-  - KeDelayExecutionThread
-  - MmGetPhysicalAddress
-  - PsCreateSystemThread
-  - MmMapLockedPagesSpecifyCache
-  - ExAllocatePool
-  - KeRegisterBugCheckCallback
-  - ExInterlockedInsertTailList
-  - PsTerminateSystemThread
-  - MmMapIoSpace
-  - PoStartNextPowerIrp
-  - KeInsertQueueDpc
-  - KeQueryTimeIncrement
-  - ZwClose
-  - IofCompleteRequest
-  - IoConnectInterrupt
-  - ProbeForRead
-  - ObReferenceObjectByHandle
-  - KeWaitForSingleObject
-  - KeBugCheckEx
-  - RtlWriteRegistryValue
-  - MmProbeAndLockPages
-  - IoAttachDeviceToDeviceStack
-  - PoCallDriver
-  - PsGetVersion
-  - KeReleaseSemaphore
-  - ExInterlockedRemoveHeadList
-  - MmUnlockPages
-  - IoCreateSymbolicLink
-  - PsGetCurrentProcessId
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - IoDisconnectInterrupt
-  - MmGetPhysicalMemoryRanges
-  - ExSetTimerResolution
-  - KeDeregisterBugCheckCallback
-  - RtlCreateRegistryKey
-  - MmAllocateContiguousMemorySpecifyCache
-  - DbgPrint
-  - IoAllocateMdl
-  - MmAllocateContiguousMemory
-  - IofCallDriver
-  - KeAcquireSpinLockRaiseToDpc
-  - ZwQueryValueKey
-  - ZwEnumerateKey
-  - ZwOpenKey
-  - _strnicmp
-  - ZwCreateKey
-  - RtlAnsiStringToUnicodeString
-  - RtlInitAnsiString
-  - ZwDeleteValueKey
-  - ZwSetValueKey
-  - RtlFreeUnicodeString
-  - ZwEnumerateValueKey
-  - RtlAppendUnicodeStringToString
-  - ZwDeleteKey
-  - ZwQueryKey
-  - ExAllocatePoolWithTag
-  - KeInitializeSemaphore
-  - MmUnmapLockedPages
-  - __C_specific_handler
-  - KeStallExecutionProcessor
-  - HalSetBusDataByOffset
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Oregon, L=Hillsboro, O=TenAsys Corporation, CN=TenAsys Corporation
-      ValidFrom: '2019-02-05 00:00:00'
-      ValidTo: '2022-03-11 23:59:59'
-      Signature: 0ec0ec4f04c6912e3fa420ef365e84de1c2fcd1eba4f8b6e3524e045204247759ed47f8abe6c76d5d48eed16af8155b179f730f13dca29a43be524a3554d890a80544fe7b181a8764c7a305f0ed8c0917bc888e31539aab264236d9fb1c7198f8999c9902fc91e616f9390a7a31b3717d2efb4f2be4f24380baf625bd01623d75d3c1bb3f7affbecd3127a9c18cb467b12aefc3796ea0957a055c23d12dfaf756a9772e05c23543f3eefb5af751c8be2b2fdc6dfc062730042a8da50a76fb6a0204bba0452670860ff9e2326dfbc092f634d7735b6a7705dd5248734ed5705a60e964726c304ae4267e236a2332ce7e02a24733439f7a301fb33885c4115744a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 37d0405e434278e6e7a0e83dc459f6a1
-      Version: 3
-      TBS:
-        MD5: 16a5271a8c1c607cb7f8e39f9983bfe1
-        SHA1: 674b0b16bf2685f979517b6337ecff57fb949821
-        SHA256: 881fcc016d5774f69cbd3610e8982804499226f7172b3ebd42a4f860e88f0a97
-        SHA384: c3ed616e80e3efbbf9ff8a32718c8cafdac6b0f6f665a2d94f237937b8517c54ec2df471d6d305e773d331e868017ffd
-    - Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 SHA256 Code Signing CA
-      ValidFrom: '2013-12-10 00:00:00'
-      ValidTo: '2023-12-09 23:59:59'
-      Signature: 13851a1e69a937f7a0bda4af7e1d6153fe9d8c5e0ca6751e781723ddfdec1a035539fb7195c7655aa78e30d2445a61db706fda2105c22e73ba49f1d193fe5dc9cd5e03e0899e3f741ed7f7388ba9d6cfbb352f3358a89256d1c84d3b82e6798416fc28b0b147f31da23eee87d9a67fa456a53fad842e29de7cbca8aaa33d0401eaba93a20e502229174c87e43a115fd6a425899b056b2fb4c9014c277b0bac190522a060153fdac9fb4d4c8ffb726777fd2794c7ba350e8849fe8dfd28af4a12bd0db39705de440c15fa362b03dcc15001f1a1115d14e5e2bd274b54be2b845e0fa6c374050aef97c38922b11f77f3bdcd43d4f14ca93fb58b84af64f2d01421
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 3d78d7f9764960b2617df4f01eca862a
-      Version: 3
-      TBS:
-        MD5: 1f056ff7d5f874984dc605402b7cb042
-        SHA1: bdb348353a2203deb4b767914fa1bd7248dd728b
-        SHA256: a08e79c386083d875014c409c13d144e0a24386132980df11ff59737c8489eb1
-        SHA384: fa2729064b49e0d77540c1ee95d5f74acaf8eaf55197851a3a40383335f8113e51190bc48b552196edf8ac5cf0c89278
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    Signer:
-    - SerialNumber: 37d0405e434278e6e7a0e83dc459f6a1
-      Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 SHA256 Code Signing CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: TenAsys Corporation
-  Date: ''
-  Description: INtime PnP RT Kernel Interface Driver
-  FileVersion: '500 built by: WinDDK'
-  Filename: ''
-  MD5: 6c5e50ef2069896f408cdaaddd307893
-  MachineType: I386
-  OriginalFilename: rtif.sys
-  Product: INtime
-  ProductVersion: 6.4.21343.1
-  Publisher: ''
-  SHA1: 8d676504c2680cf71c0c91afb18af40ea83b6c22
-  SHA256: a66b4420fa1df81a517e2bbea1a414b57721c67a4aa1df1967894f77e81d036e
-  Signature: ''
-  Imphash: e1d88d0526dfa369c3661355dbd8773d
-  Authentihash:
-    MD5: e8e61cae63a99c97074c083bca2b4231
-    SHA1: 2ab81656c1eece7b9b05e0d28257acdca216336a
-    SHA256: a2dee316cd07963c2eb7ebb1b4189eca78786c835aaafeb6467b37c1353d821a
-  RichPEHeaderHash:
-    MD5: 8af78de3036a1a61c2f7960f304e2fd8
-    SHA1: 9b85ed0afe26a8379ad12783d99bfffaca008da0
-    SHA256: bf1fc947f315f3d5b99704872d19fb65dbef65beeeeb9b72df2d998e6845ef63
-  Sections:
-    .text:
-      Entropy: 6.611390928364727
-      Virtual Size: '0x11bc1'
-    .rdata:
-      Entropy: 4.501948591854601
-      Virtual Size: '0x634'
-    .data:
-      Entropy: 2.2875585804731453
-      Virtual Size: '0x418c'
-    fixupseg:
-      Entropy: 3.7598332194665756
-      Virtual Size: '0x38'
-    INIT:
-      Entropy: 5.6467030835991
-      Virtual Size: '0xae2'
-    .rsrc:
-      Entropy: 3.497873641585053
-      Virtual Size: '0x868'
-    .reloc:
-      Entropy: 6.589111544688887
-      Virtual Size: '0x14ae'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2021-12-09 14:09:58'
-  InternalName: rtif.sys
-  Copyright: "Copyright \xA9 2002-2021 by TenAsys Corporation."
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - ProbeForWrite
-  - memcpy
-  - KeReleaseSemaphore
-  - MmFreeContiguousMemory
-  - MmUnmapIoSpace
-  - _allshl
-  - _aullshr
-  - KeSetEvent
-  - KeWaitForSingleObject
-  - IofCallDriver
-  - KeInitializeEvent
-  - MmUnmapLockedPages
-  - MmBuildMdlForNonPagedPool
-  - IoFreeMdl
-  - MmMapLockedPagesSpecifyCache
-  - IoAllocateMdl
-  - _aullrem
-  - RtlQueryRegistryValues
-  - memset
-  - ExAllocatePoolWithTag
-  - RtlWriteRegistryValue
-  - RtlCreateRegistryKey
-  - RtlCheckRegistryKey
-  - ExFreePoolWithTag
-  - RtlAppendUnicodeToString
-  - memmove
-  - RtlInitUnicodeString
-  - IoWriteErrorLogEntry
-  - IoAllocateErrorLogEntry
-  - vsprintf
-  - KeInsertQueueDpc
-  - PsTerminateSystemThread
-  - KeDelayExecutionThread
-  - KeBugCheckEx
-  - KeInitializeSemaphore
-  - PsGetCurrentProcessId
-  - ExSetTimerResolution
-  - KeQueryTimeIncrement
-  - ExfInterlockedInsertTailList
-  - ExfInterlockedRemoveHeadList
-  - MmUnlockPages
-  - MmProbeAndLockPages
-  - PsGetVersion
-  - ProbeForRead
-  - KeRegisterBugCheckCallback
-  - ExAllocatePool
-  - ZwClose
-  - ZwSetInformationThread
-  - PsCreateSystemThread
-  - _aulldiv
-  - IoDisconnectInterrupt
-  - ObfDereferenceObject
-  - PoCallDriver
-  - IofCompleteRequest
-  - PoStartNextPowerIrp
-  - IoConnectInterrupt
-  - IoDeleteDevice
-  - IoDetachDevice
-  - IoDeleteSymbolicLink
-  - IoRegisterShutdownNotification
-  - IoAttachDeviceToDeviceStack
-  - KeSetImportanceDpc
-  - KeInitializeDpc
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - ObReferenceObjectByHandle
-  - MmGetPhysicalMemoryRanges
-  - KeSetTargetProcessorDpc
-  - KeQueryActiveProcessors
-  - MmGetSystemRoutineAddress
-  - RtlFreeUnicodeString
-  - ZwCreateKey
-  - RtlAppendUnicodeStringToString
-  - RtlxAnsiStringToUnicodeSize
-  - NlsMbCodePageTag
-  - RtlAnsiStringToUnicodeString
-  - RtlInitAnsiString
-  - ZwDeleteValueKey
-  - ZwEnumerateKey
-  - ZwEnumerateValueKey
-  - ZwOpenKey
-  - ZwQueryKey
-  - ZwQueryValueKey
-  - ZwSetValueKey
-  - ZwDeleteKey
-  - KeTickCount
-  - RtlUnwind
-  - MmMapIoSpace
-  - MmAllocateContiguousMemorySpecifyCache
-  - MmAllocateContiguousMemory
-  - MmGetPhysicalAddress
-  - DbgPrint
-  - _allmul
-  - KeGetCurrentThread
-  - KeDeregisterBugCheckCallback
-  - Kei386EoiHelper
-  - KfRaiseIrql
-  - KfLowerIrql
-  - KeStallExecutionProcessor
-  - KfReleaseSpinLock
-  - KfAcquireSpinLock
-  - HalEndSystemInterrupt
-  - HalBeginSystemInterrupt
-  - KeGetCurrentIrql
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Oregon, L=Hillsboro, O=TenAsys Corporation, CN=TenAsys Corporation
-      ValidFrom: '2019-02-05 00:00:00'
-      ValidTo: '2022-03-11 23:59:59'
-      Signature: 0ec0ec4f04c6912e3fa420ef365e84de1c2fcd1eba4f8b6e3524e045204247759ed47f8abe6c76d5d48eed16af8155b179f730f13dca29a43be524a3554d890a80544fe7b181a8764c7a305f0ed8c0917bc888e31539aab264236d9fb1c7198f8999c9902fc91e616f9390a7a31b3717d2efb4f2be4f24380baf625bd01623d75d3c1bb3f7affbecd3127a9c18cb467b12aefc3796ea0957a055c23d12dfaf756a9772e05c23543f3eefb5af751c8be2b2fdc6dfc062730042a8da50a76fb6a0204bba0452670860ff9e2326dfbc092f634d7735b6a7705dd5248734ed5705a60e964726c304ae4267e236a2332ce7e02a24733439f7a301fb33885c4115744a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 37d0405e434278e6e7a0e83dc459f6a1
-      Version: 3
-      TBS:
-        MD5: 16a5271a8c1c607cb7f8e39f9983bfe1
-        SHA1: 674b0b16bf2685f979517b6337ecff57fb949821
-        SHA256: 881fcc016d5774f69cbd3610e8982804499226f7172b3ebd42a4f860e88f0a97
-        SHA384: c3ed616e80e3efbbf9ff8a32718c8cafdac6b0f6f665a2d94f237937b8517c54ec2df471d6d305e773d331e868017ffd
-    - Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 SHA256 Code Signing CA
-      ValidFrom: '2013-12-10 00:00:00'
-      ValidTo: '2023-12-09 23:59:59'
-      Signature: 13851a1e69a937f7a0bda4af7e1d6153fe9d8c5e0ca6751e781723ddfdec1a035539fb7195c7655aa78e30d2445a61db706fda2105c22e73ba49f1d193fe5dc9cd5e03e0899e3f741ed7f7388ba9d6cfbb352f3358a89256d1c84d3b82e6798416fc28b0b147f31da23eee87d9a67fa456a53fad842e29de7cbca8aaa33d0401eaba93a20e502229174c87e43a115fd6a425899b056b2fb4c9014c277b0bac190522a060153fdac9fb4d4c8ffb726777fd2794c7ba350e8849fe8dfd28af4a12bd0db39705de440c15fa362b03dcc15001f1a1115d14e5e2bd274b54be2b845e0fa6c374050aef97c38922b11f77f3bdcd43d4f14ca93fb58b84af64f2d01421
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 3d78d7f9764960b2617df4f01eca862a
-      Version: 3
-      TBS:
-        MD5: 1f056ff7d5f874984dc605402b7cb042
-        SHA1: bdb348353a2203deb4b767914fa1bd7248dd728b
-        SHA256: a08e79c386083d875014c409c13d144e0a24386132980df11ff59737c8489eb1
-        SHA384: fa2729064b49e0d77540c1ee95d5f74acaf8eaf55197851a3a40383335f8113e51190bc48b552196edf8ac5cf0c89278
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    Signer:
-    - SerialNumber: 37d0405e434278e6e7a0e83dc459f6a1
-      Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 SHA256 Code Signing CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: TenAsys Corporation
-  Date: ''
-  Description: INtime PnP RT Kernel Interface Driver
-  FileVersion: '500 built by: WinDDK'
-  Filename: ''
-  MD5: 4b42a7a6327827a8dbdecf367832c0cd
-  MachineType: AMD64
-  OriginalFilename: rtif.sys
-  Product: INtime
-  ProductVersion: 6.0.14175.1
-  Publisher: ''
-  SHA1: ce1d0ebaeaa4fe3ecb49242f1e80bc7a4e43fd8c
-  SHA256: ba40b1fc798c2f78165e78997b4baf3d99858ee39a372ca6fbc303057793e50d
-  Signature: ''
-  Imphash: 3e8e7e5e779c7064e6bab177167e9e7a
-  Authentihash:
-    MD5: 41cb3bf0ce126d2e909ef8918312578c
-    SHA1: 54bed9a75d950714920d1415be6e273c0ac987e4
-    SHA256: 19595c3de596f8b705eef1b135768d3051305698ceed083401f8acfba4bd5393
-  RichPEHeaderHash:
-    MD5: bd1a1b47cc595b8cfb7149b488f3a97a
-    SHA1: 29f469189ca25d35b22c3247ea5b72e7329fe047
-    SHA256: 025aad79c2efdc5f9b9de29f3f0bbc8825374fb5322d6170f850af2d466f91e7
-  Sections:
-    .text:
-      Entropy: 6.410108417426959
-      Virtual Size: '0xb9c2'
-    .rdata:
-      Entropy: 4.842622218133403
-      Virtual Size: '0xa94'
-    .data:
-      Entropy: 2.687030222106283
-      Virtual Size: '0x1160'
-    .pdata:
-      Entropy: 4.457711986438197
-      Virtual Size: '0x420'
-    fixupseg:
-      Entropy: 2.1424575919897277
-      Virtual Size: '0x90'
-    INIT:
-      Entropy: 5.313487977603218
-      Virtual Size: '0xb42'
-    .rsrc:
-      Entropy: 3.4923506860842393
-      Virtual Size: '0x868'
-    .reloc:
-      Entropy: 3.3188012062753227
-      Virtual Size: '0x16c'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2014-09-24 00:39:12'
-  InternalName: rtif.sys
-  Copyright: "Copyright \xA9 2002-2014 by TenAsys Corporation."
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - vsprintf
-  - KeSetImportanceDpc
-  - IoWriteErrorLogEntry
-  - KeSetTargetProcessorDpc
-  - KeQueryActiveProcessors
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - IoRegisterShutdownNotification
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeSetEvent
-  - ProbeForWrite
-  - RtlCheckRegistryKey
-  - MmGetSystemRoutineAddress
-  - RtlAppendUnicodeToString
-  - KeInitializeEvent
-  - RtlQueryRegistryValues
-  - KeInitializeDpc
-  - KeReleaseSpinLock
-  - MmFreeContiguousMemory
-  - IoDetachDevice
-  - MmUnmapIoSpace
-  - MmBuildMdlForNonPagedPool
-  - IoFreeMdl
-  - IoAllocateErrorLogEntry
-  - KeDelayExecutionThread
-  - MmGetPhysicalAddress
-  - PsCreateSystemThread
-  - MmMapLockedPagesSpecifyCache
-  - ExAllocatePool
-  - KeRegisterBugCheckCallback
-  - ExInterlockedInsertTailList
-  - PsTerminateSystemThread
-  - MmMapIoSpace
-  - PoStartNextPowerIrp
-  - KeInsertQueueDpc
-  - KeQueryTimeIncrement
-  - ZwClose
-  - IofCompleteRequest
-  - IoConnectInterrupt
-  - KeInitializeSemaphore
-  - ProbeForRead
-  - KeWaitForSingleObject
-  - KeBugCheckEx
-  - RtlWriteRegistryValue
-  - MmProbeAndLockPages
-  - IoAttachDeviceToDeviceStack
-  - PoCallDriver
-  - PsGetVersion
-  - KeReleaseSemaphore
-  - ExInterlockedRemoveHeadList
-  - MmUnlockPages
-  - IoCreateSymbolicLink
-  - PsGetCurrentProcessId
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - IoDisconnectInterrupt
-  - MmGetPhysicalMemoryRanges
-  - ExSetTimerResolution
-  - KeDeregisterBugCheckCallback
-  - RtlCreateRegistryKey
-  - MmAllocateContiguousMemorySpecifyCache
-  - DbgPrint
-  - IoAllocateMdl
-  - MmAllocateContiguousMemory
-  - IofCallDriver
-  - KeAcquireSpinLockRaiseToDpc
-  - qsort
-  - ZwQueryValueKey
-  - ZwEnumerateKey
-  - ZwOpenKey
-  - _strnicmp
-  - ZwCreateKey
-  - RtlAnsiStringToUnicodeString
-  - RtlInitAnsiString
-  - ZwDeleteValueKey
-  - ZwSetValueKey
-  - RtlFreeUnicodeString
-  - ZwEnumerateValueKey
-  - RtlAppendUnicodeStringToString
-  - ZwDeleteKey
-  - ZwQueryKey
-  - ExAllocatePoolWithTag
-  - ObReferenceObjectByHandle
-  - MmUnmapLockedPages
-  - __C_specific_handler
-  - KeStallExecutionProcessor
-  - HalSetBusDataByOffset
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, ST=Oregon, L=Beaverton, O=TenAsys Corporation, OU=Digital ID
-        Class 3 , Microsoft Software Validation v2, CN=TenAsys Corporation
-      ValidFrom: '2012-11-09 00:00:00'
-      ValidTo: '2016-02-08 23:59:59'
-      Signature: cafd0647d75ebf938b2174bd975296645111e85e40a73ca4b6383ba868a76b7843d80b323b3b81c3b62bfc1c3b7c8ea6741feb755933dcb26a2aff220b485ad468b5535a4a679f30dbc91001356a5816f0a49884636bc7ea9d6b5e9c3f73d450dc495d5788f8f8c2ef34370354c0242919abe86223ce3b5460dc41a9335a9ba65c613a37c1801f268f9f10df31c11021d757cedbfd8ddad0acbced73bc41dc2b6f5fb55add1781b9cc8454d3c05d1399cbc37c6b92880069475fef20d1446b820eb11bd145e3dc3a7335bd7bff0be31cba3c5454d954084ca7214a598b398b449aafbe94bdf0c207e55a7d386d3e2b08866376727e23058c10bdb701d18aa333
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1dd16244250a5187fb55951ad3c3bc6b
-      Version: 3
-      TBS:
-        MD5: 280d8570801ef8d255171e7f7e2573d3
-        SHA1: 099a6d7560bef4c1b9a25e11a7298ec7e15b97da
-        SHA256: af89dd187fff2c8aa46f7b79c9d4fa18cf2c6916ba124fec64b7cce5dfbcb299
-        SHA384: c1a7273a8c438c778848868e347b0d030d674665580fb6abc794c0f09e4d0bf339dcb1cd3bea7bf3d78afbafeda2fe24
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 1dd16244250a5187fb55951ad3c3bc6b
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: TenAsys Corporation
-  Date: ''
-  Description: INtime PnP RT Kernel Interface Driver
-  FileVersion: '500 built by: WinDDK'
-  Filename: ''
-  MD5: ff795e4f387c3e22291083b7d6b92ffb
-  MachineType: AMD64
-  OriginalFilename: rtif.sys
-  Product: INtime
-  ProductVersion: 6.0.14091.1
-  Publisher: ''
-  SHA1: 5eb693c9cc49c7d6a03f7960ddcfd8f468e5656b
-  SHA256: eae5c993b250dcc5fee01deeb30045b0e5ee7cf9306ef6edd8c58e4dc743a8ed
-  Signature: ''
-  Imphash: 3d42ff70269b824dd9d4a8cb905669f9
-  Authentihash:
-    MD5: 0a889f7961b83dc1d637bcc92560074b
-    SHA1: 0e4691a2e125f4f61f37654252cd46bba76d9987
-    SHA256: c9aeead632435bda4f5723fff5c48dc60451072bfc8649f2ad6e066ca910934a
-  RichPEHeaderHash:
-    MD5: d81e83b51349be2642cc2c864adf6c87
-    SHA1: d6dbea33d7267fa631c0632aaff1c3e5142639c5
-    SHA256: 74739de917e2aebbe337b52ec0ccb104516a3df9b9b373802f0506a0d2a74abb
-  Sections:
-    .text:
-      Entropy: 6.414410444162882
-      Virtual Size: '0xb692'
-    .rdata:
-      Entropy: 4.809552537003447
-      Virtual Size: '0xa64'
-    .data:
-      Entropy: 2.680405412897324
-      Virtual Size: '0x1160'
-    .pdata:
-      Entropy: 4.413489143500231
-      Virtual Size: '0x420'
-    fixupseg:
-      Entropy: 2.1424575919897277
-      Virtual Size: '0x90'
-    INIT:
-      Entropy: 5.3224584364088
-      Virtual Size: '0xb12'
-    .rsrc:
-      Entropy: 3.49190189323868
-      Virtual Size: '0x868'
-    .reloc:
-      Entropy: 3.3188012062753227
-      Virtual Size: '0x16c'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2014-04-01 21:08:39'
-  InternalName: rtif.sys
-  Copyright: "Copyright \xA9 2002-2014 by TenAsys Corporation."
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - KeSetImportanceDpc
-  - IoWriteErrorLogEntry
-  - KeSetTargetProcessorDpc
-  - KeQueryActiveProcessors
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - IoRegisterShutdownNotification
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeSetEvent
-  - RtlCheckRegistryKey
-  - MmGetSystemRoutineAddress
-  - RtlAppendUnicodeToString
-  - KeInitializeEvent
-  - RtlQueryRegistryValues
-  - KeInitializeDpc
-  - KeReleaseSpinLock
-  - MmFreeContiguousMemory
-  - IoDetachDevice
-  - MmUnmapIoSpace
-  - MmBuildMdlForNonPagedPool
-  - IoFreeMdl
-  - IoAllocateErrorLogEntry
-  - KeDelayExecutionThread
-  - MmGetPhysicalAddress
-  - PsCreateSystemThread
-  - MmMapLockedPagesSpecifyCache
-  - ExAllocatePool
-  - KeRegisterBugCheckCallback
-  - ExInterlockedInsertTailList
-  - PsTerminateSystemThread
-  - MmMapIoSpace
-  - PoStartNextPowerIrp
-  - KeInsertQueueDpc
-  - KeQueryTimeIncrement
-  - ZwClose
-  - IofCompleteRequest
-  - IoConnectInterrupt
-  - KeInitializeSemaphore
-  - ObReferenceObjectByHandle
-  - vsprintf
-  - KeBugCheckEx
-  - RtlWriteRegistryValue
-  - MmProbeAndLockPages
-  - IoAttachDeviceToDeviceStack
-  - PoCallDriver
-  - PsGetVersion
-  - KeReleaseSemaphore
-  - ExInterlockedRemoveHeadList
-  - MmUnlockPages
-  - IoCreateSymbolicLink
-  - PsGetCurrentProcessId
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - IoDisconnectInterrupt
-  - MmGetPhysicalMemoryRanges
-  - ExSetTimerResolution
-  - KeDeregisterBugCheckCallback
-  - RtlCreateRegistryKey
-  - MmAllocateContiguousMemorySpecifyCache
-  - DbgPrint
-  - IoAllocateMdl
-  - MmAllocateContiguousMemory
-  - IofCallDriver
-  - KeAcquireSpinLockRaiseToDpc
-  - qsort
-  - ZwQueryValueKey
-  - ZwEnumerateKey
-  - ZwOpenKey
-  - _strnicmp
-  - ZwCreateKey
-  - RtlAnsiStringToUnicodeString
-  - RtlInitAnsiString
-  - ZwDeleteValueKey
-  - ZwSetValueKey
-  - RtlFreeUnicodeString
-  - ZwEnumerateValueKey
-  - RtlAppendUnicodeStringToString
-  - ZwDeleteKey
-  - ZwQueryKey
-  - ExAllocatePoolWithTag
-  - KeWaitForSingleObject
-  - MmUnmapLockedPages
-  - __C_specific_handler
-  - KeStallExecutionProcessor
-  - HalSetBusDataByOffset
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, ST=Oregon, L=Beaverton, O=TenAsys Corporation, OU=Digital ID
-        Class 3 , Microsoft Software Validation v2, CN=TenAsys Corporation
-      ValidFrom: '2012-11-09 00:00:00'
-      ValidTo: '2016-02-08 23:59:59'
-      Signature: cafd0647d75ebf938b2174bd975296645111e85e40a73ca4b6383ba868a76b7843d80b323b3b81c3b62bfc1c3b7c8ea6741feb755933dcb26a2aff220b485ad468b5535a4a679f30dbc91001356a5816f0a49884636bc7ea9d6b5e9c3f73d450dc495d5788f8f8c2ef34370354c0242919abe86223ce3b5460dc41a9335a9ba65c613a37c1801f268f9f10df31c11021d757cedbfd8ddad0acbced73bc41dc2b6f5fb55add1781b9cc8454d3c05d1399cbc37c6b92880069475fef20d1446b820eb11bd145e3dc3a7335bd7bff0be31cba3c5454d954084ca7214a598b398b449aafbe94bdf0c207e55a7d386d3e2b08866376727e23058c10bdb701d18aa333
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1dd16244250a5187fb55951ad3c3bc6b
-      Version: 3
-      TBS:
-        MD5: 280d8570801ef8d255171e7f7e2573d3
-        SHA1: 099a6d7560bef4c1b9a25e11a7298ec7e15b97da
-        SHA256: af89dd187fff2c8aa46f7b79c9d4fa18cf2c6916ba124fec64b7cce5dfbcb299
-        SHA384: c1a7273a8c438c778848868e347b0d030d674665580fb6abc794c0f09e4d0bf339dcb1cd3bea7bf3d78afbafeda2fe24
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 1dd16244250a5187fb55951ad3c3bc6b
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create rtifsys binPath= C:\windows\temp\rtifsys.sys type=kernel
+        && sc.exe start rtifsys
+    Description: The Carbon Black Threat Analysis Unit (TAU) discovered 34 unique
+        vulnerable drivers (237 file hashes) accepting firmware access. Six allow
+        kernel memory access. All give full control of the devices to non-admin users.
+        By exploiting the vulnerable drivers, an attacker without the system privilege
+        may erase/alter firmware, and/or elevate privileges. As of the time of writing
+        in October 2023, the filenames of the vulnerable drivers have not been made
+        public until now.
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://blogs.vmware.com/security/2023/10/hunting-vulnerable-kernel-drivers.html
-Tags:
-- rtif.sys
-Verified: 'TRUE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Company: TenAsys Corporation
+    Date: ''
+    Description: INtime PnP RT Kernel Interface Driver
+    FileVersion: '500 built by: WinDDK'
+    Filename: ''
+    MD5: a15235fcec1c9b65d736661d4bec0d38
+    MachineType: AMD64
+    OriginalFilename: rtif.sys
+    Product: INtime
+    ProductVersion: 6.2.17052.1
+    Publisher: ''
+    SHA1: 3c956b524e73586195d704b874e36d49fe42cb6a
+    SHA256: 0d133ced666c798ea63b6d8026ec507d429e834daa7c74e4e091e462e5815180
+    Signature: ''
+    Imphash: 3e8e7e5e779c7064e6bab177167e9e7a
+    Authentihash:
+        MD5: 923686e31f947b09e375b0ff00ee04ee
+        SHA1: efec1e9d398ace84337c6c47cb6faabf25306f61
+        SHA256: 42b528fdde50a21afed0cbdc07a6cb9d22d421eb0228d4782f18d22a83873223
+    RichPEHeaderHash:
+        MD5: bd1a1b47cc595b8cfb7149b488f3a97a
+        SHA1: 29f469189ca25d35b22c3247ea5b72e7329fe047
+        SHA256: 025aad79c2efdc5f9b9de29f3f0bbc8825374fb5322d6170f850af2d466f91e7
+    Sections:
+        .text:
+            Entropy: 6.42952308951736
+            Virtual Size: '0xd732'
+        .rdata:
+            Entropy: 4.907391515300349
+            Virtual Size: '0xb54'
+        .data:
+            Entropy: 2.4272508950715737
+            Virtual Size: '0x1228'
+        .pdata:
+            Entropy: 4.473261789501917
+            Virtual Size: '0x48c'
+        fixupseg:
+            Entropy: 2.130565711500572
+            Virtual Size: '0x90'
+        INIT:
+            Entropy: 5.258083162724522
+            Virtual Size: '0xb42'
+        .rsrc:
+            Entropy: 3.499774553813321
+            Virtual Size: '0x868'
+        .reloc:
+            Entropy: 3.298022087682721
+            Virtual Size: '0x18a'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2017-02-23 00:38:34'
+    InternalName: rtif.sys
+    Copyright: "Copyright \xA9 2002-2017 by TenAsys Corporation."
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - vsprintf
+    - KeSetImportanceDpc
+    - IoWriteErrorLogEntry
+    - KeSetTargetProcessorDpc
+    - KeQueryActiveProcessors
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - IoRegisterShutdownNotification
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeSetEvent
+    - ProbeForWrite
+    - RtlCheckRegistryKey
+    - MmGetSystemRoutineAddress
+    - RtlAppendUnicodeToString
+    - KeInitializeEvent
+    - RtlQueryRegistryValues
+    - KeInitializeDpc
+    - KeReleaseSpinLock
+    - MmFreeContiguousMemory
+    - IoDetachDevice
+    - MmUnmapIoSpace
+    - MmBuildMdlForNonPagedPool
+    - IoFreeMdl
+    - IoAllocateErrorLogEntry
+    - KeDelayExecutionThread
+    - MmGetPhysicalAddress
+    - PsCreateSystemThread
+    - MmMapLockedPagesSpecifyCache
+    - ExAllocatePool
+    - KeRegisterBugCheckCallback
+    - ExInterlockedInsertTailList
+    - PsTerminateSystemThread
+    - MmMapIoSpace
+    - PoStartNextPowerIrp
+    - KeInsertQueueDpc
+    - KeQueryTimeIncrement
+    - ZwClose
+    - IofCompleteRequest
+    - IoConnectInterrupt
+    - KeInitializeSemaphore
+    - ProbeForRead
+    - KeWaitForSingleObject
+    - KeBugCheckEx
+    - RtlWriteRegistryValue
+    - MmProbeAndLockPages
+    - IoAttachDeviceToDeviceStack
+    - PoCallDriver
+    - PsGetVersion
+    - KeReleaseSemaphore
+    - ExInterlockedRemoveHeadList
+    - MmUnlockPages
+    - IoCreateSymbolicLink
+    - PsGetCurrentProcessId
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - IoDisconnectInterrupt
+    - MmGetPhysicalMemoryRanges
+    - ExSetTimerResolution
+    - KeDeregisterBugCheckCallback
+    - RtlCreateRegistryKey
+    - MmAllocateContiguousMemorySpecifyCache
+    - DbgPrint
+    - IoAllocateMdl
+    - MmAllocateContiguousMemory
+    - IofCallDriver
+    - KeAcquireSpinLockRaiseToDpc
+    - qsort
+    - ZwQueryValueKey
+    - ZwEnumerateKey
+    - ZwOpenKey
+    - _strnicmp
+    - ZwCreateKey
+    - RtlAnsiStringToUnicodeString
+    - RtlInitAnsiString
+    - ZwDeleteValueKey
+    - ZwSetValueKey
+    - RtlFreeUnicodeString
+    - ZwEnumerateValueKey
+    - RtlAppendUnicodeStringToString
+    - ZwDeleteKey
+    - ZwQueryKey
+    - ExAllocatePoolWithTag
+    - ObReferenceObjectByHandle
+    - MmUnmapLockedPages
+    - __C_specific_handler
+    - KeStallExecutionProcessor
+    - HalSetBusDataByOffset
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, ST=Oregon, L=Beaverton, O=TenAsys Corporation, CN=TenAsys
+                Corporation
+            ValidFrom: '2016-01-26 00:00:00'
+            ValidTo: '2019-02-24 23:59:59'
+            Signature: 6bd65ca638e319d95314b25cd934e3b93dfe0fd0a45123b253614bf02fa046d4326211369af0b0f1988ad29782701d61af07f7f634efc70629fb1dd50516734e782eabcdc7f1ad6b8688c5c76d126d606d2682e47161beea2975cb77c2c8800461b8efdfd4bcb71f9a3bce4d05443986bf681844c23506bf93ffb898f9b10e4303357499b7796367fc830318dc56b858f1b176b59c85a3cc70f82f788ebb3c5eeeea61e4d6ef9ab459e72d2ed29fb2fd37c0bd4877fc20e72a5cb383e65eadf55d63f6a2e6826234998a2a89cb26026d952dd214be4b50019cc8d81d8d53140ed344c19d73ac5c8a409241a1de1439e6380d86fbb445d1866f6ebff417f5c619
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 48144e98914632372cfb97f19d0ee4be
+            Version: 3
+            TBS:
+                MD5: 0e9a3389871e543043e804810ec35578
+                SHA1: b9490c80c0c0eea4c32883344f8b7538baf933b4
+                SHA256: 1ae6947dea0d79584c9678bea92bae639831ccceb8123668f6999cc9595c4208
+                SHA384: 8d6517b399feaae8a88957a932f54f0e78ad577b94ea177acd7aa4ddabda5a69e93d44c6fa6824191e2c331ec581b910
+        -   Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 SHA256 Code Signing CA
+            ValidFrom: '2013-12-10 00:00:00'
+            ValidTo: '2023-12-09 23:59:59'
+            Signature: 13851a1e69a937f7a0bda4af7e1d6153fe9d8c5e0ca6751e781723ddfdec1a035539fb7195c7655aa78e30d2445a61db706fda2105c22e73ba49f1d193fe5dc9cd5e03e0899e3f741ed7f7388ba9d6cfbb352f3358a89256d1c84d3b82e6798416fc28b0b147f31da23eee87d9a67fa456a53fad842e29de7cbca8aaa33d0401eaba93a20e502229174c87e43a115fd6a425899b056b2fb4c9014c277b0bac190522a060153fdac9fb4d4c8ffb726777fd2794c7ba350e8849fe8dfd28af4a12bd0db39705de440c15fa362b03dcc15001f1a1115d14e5e2bd274b54be2b845e0fa6c374050aef97c38922b11f77f3bdcd43d4f14ca93fb58b84af64f2d01421
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 3d78d7f9764960b2617df4f01eca862a
+            Version: 3
+            TBS:
+                MD5: 1f056ff7d5f874984dc605402b7cb042
+                SHA1: bdb348353a2203deb4b767914fa1bd7248dd728b
+                SHA256: a08e79c386083d875014c409c13d144e0a24386132980df11ff59737c8489eb1
+                SHA384: fa2729064b49e0d77540c1ee95d5f74acaf8eaf55197851a3a40383335f8113e51190bc48b552196edf8ac5cf0c89278
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        Signer:
+        -   SerialNumber: 48144e98914632372cfb97f19d0ee4be
+            Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 SHA256 Code Signing CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: TenAsys Corporation
+    Date: ''
+    Description: INtime PnP RT Kernel Interface Driver
+    FileVersion: '500 built by: WinDDK'
+    Filename: ''
+    MD5: 1873a2ce2df273d409c47094bc269285
+    MachineType: I386
+    OriginalFilename: rtif.sys
+    Product: INtime
+    ProductVersion: 6.2.17052.1
+    Publisher: ''
+    SHA1: f049e68720a5f377a5c529ca82d1147fe21b4c33
+    SHA256: 3670ccd9515d529bb31751fcd613066348057741adeaf0bffd1b9a54eb8baa76
+    Signature: ''
+    Imphash: d61d30746681d0fda9bfd9e8af061b2a
+    Authentihash:
+        MD5: 7af3a3a48cb2049abc8c62efcd984bd0
+        SHA1: f679711f5625ce95c6ebaaf554e9c26d89db0564
+        SHA256: f46c524b79b9b1eb7efd5275dd1604de94560b52edca70ba4e47037f4b55da47
+    RichPEHeaderHash:
+        MD5: 8af78de3036a1a61c2f7960f304e2fd8
+        SHA1: 9b85ed0afe26a8379ad12783d99bfffaca008da0
+        SHA256: bf1fc947f315f3d5b99704872d19fb65dbef65beeeeb9b72df2d998e6845ef63
+    Sections:
+        .text:
+            Entropy: 6.587141921945886
+            Virtual Size: '0x10ac9'
+        .rdata:
+            Entropy: 4.617227098056416
+            Virtual Size: '0x544'
+        .data:
+            Entropy: 2.302558601990261
+            Virtual Size: '0x3eac'
+        fixupseg:
+            Entropy: 3.876717193094394
+            Virtual Size: '0x38'
+        INIT:
+            Entropy: 5.660866508935075
+            Virtual Size: '0xade'
+        .rsrc:
+            Entropy: 3.502457842619463
+            Virtual Size: '0x868'
+        .reloc:
+            Entropy: 6.577761371802183
+            Virtual Size: '0x1338'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2017-02-23 00:38:31'
+    InternalName: rtif.sys
+    Copyright: "Copyright \xA9 2002-2017 by TenAsys Corporation."
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - ProbeForWrite
+    - memcpy
+    - KeReleaseSemaphore
+    - MmFreeContiguousMemory
+    - MmUnmapIoSpace
+    - _aullshr
+    - KeSetEvent
+    - KeWaitForSingleObject
+    - IofCallDriver
+    - KeInitializeEvent
+    - MmBuildMdlForNonPagedPool
+    - MmUnmapLockedPages
+    - IoFreeMdl
+    - MmMapLockedPagesSpecifyCache
+    - IoAllocateMdl
+    - RtlQueryRegistryValues
+    - memset
+    - ExAllocatePoolWithTag
+    - RtlWriteRegistryValue
+    - RtlCreateRegistryKey
+    - RtlCheckRegistryKey
+    - RtlAppendUnicodeToString
+    - memmove
+    - RtlInitUnicodeString
+    - IoWriteErrorLogEntry
+    - IoAllocateErrorLogEntry
+    - vsprintf
+    - KeInsertQueueDpc
+    - PsTerminateSystemThread
+    - KeDelayExecutionThread
+    - KeBugCheckEx
+    - KeInitializeSemaphore
+    - PsGetCurrentProcessId
+    - ExSetTimerResolution
+    - KeQueryTimeIncrement
+    - ExfInterlockedInsertTailList
+    - ExfInterlockedRemoveHeadList
+    - MmUnlockPages
+    - MmProbeAndLockPages
+    - PsGetVersion
+    - KeDeregisterBugCheckCallback
+    - ExFreePoolWithTag
+    - KeRegisterBugCheckCallback
+    - ProbeForRead
+    - ZwClose
+    - ZwSetInformationThread
+    - PsCreateSystemThread
+    - _aulldiv
+    - IoDisconnectInterrupt
+    - ObfDereferenceObject
+    - PoCallDriver
+    - IofCompleteRequest
+    - PoStartNextPowerIrp
+    - IoConnectInterrupt
+    - IoDeleteDevice
+    - IoDetachDevice
+    - IoDeleteSymbolicLink
+    - IoRegisterShutdownNotification
+    - IoAttachDeviceToDeviceStack
+    - KeSetImportanceDpc
+    - KeInitializeDpc
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - ObReferenceObjectByHandle
+    - MmGetPhysicalMemoryRanges
+    - KeSetTargetProcessorDpc
+    - KeQueryActiveProcessors
+    - MmGetSystemRoutineAddress
+    - RtlFreeUnicodeString
+    - ZwCreateKey
+    - RtlAppendUnicodeStringToString
+    - RtlxAnsiStringToUnicodeSize
+    - NlsMbCodePageTag
+    - RtlAnsiStringToUnicodeString
+    - RtlInitAnsiString
+    - ZwDeleteValueKey
+    - ZwEnumerateKey
+    - ZwEnumerateValueKey
+    - ZwOpenKey
+    - ZwQueryKey
+    - ZwQueryValueKey
+    - ZwSetValueKey
+    - ZwDeleteKey
+    - qsort
+    - _allshl
+    - KeTickCount
+    - RtlUnwind
+    - MmMapIoSpace
+    - MmAllocateContiguousMemorySpecifyCache
+    - MmAllocateContiguousMemory
+    - MmGetPhysicalAddress
+    - DbgPrint
+    - _allmul
+    - KeGetCurrentThread
+    - ExAllocatePool
+    - Kei386EoiHelper
+    - KfRaiseIrql
+    - KfLowerIrql
+    - KeStallExecutionProcessor
+    - KfReleaseSpinLock
+    - KfAcquireSpinLock
+    - HalEndSystemInterrupt
+    - HalBeginSystemInterrupt
+    - KeGetCurrentIrql
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, ST=Oregon, L=Beaverton, O=TenAsys Corporation, CN=TenAsys
+                Corporation
+            ValidFrom: '2016-01-26 00:00:00'
+            ValidTo: '2019-02-24 23:59:59'
+            Signature: 6bd65ca638e319d95314b25cd934e3b93dfe0fd0a45123b253614bf02fa046d4326211369af0b0f1988ad29782701d61af07f7f634efc70629fb1dd50516734e782eabcdc7f1ad6b8688c5c76d126d606d2682e47161beea2975cb77c2c8800461b8efdfd4bcb71f9a3bce4d05443986bf681844c23506bf93ffb898f9b10e4303357499b7796367fc830318dc56b858f1b176b59c85a3cc70f82f788ebb3c5eeeea61e4d6ef9ab459e72d2ed29fb2fd37c0bd4877fc20e72a5cb383e65eadf55d63f6a2e6826234998a2a89cb26026d952dd214be4b50019cc8d81d8d53140ed344c19d73ac5c8a409241a1de1439e6380d86fbb445d1866f6ebff417f5c619
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 48144e98914632372cfb97f19d0ee4be
+            Version: 3
+            TBS:
+                MD5: 0e9a3389871e543043e804810ec35578
+                SHA1: b9490c80c0c0eea4c32883344f8b7538baf933b4
+                SHA256: 1ae6947dea0d79584c9678bea92bae639831ccceb8123668f6999cc9595c4208
+                SHA384: 8d6517b399feaae8a88957a932f54f0e78ad577b94ea177acd7aa4ddabda5a69e93d44c6fa6824191e2c331ec581b910
+        -   Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 SHA256 Code Signing CA
+            ValidFrom: '2013-12-10 00:00:00'
+            ValidTo: '2023-12-09 23:59:59'
+            Signature: 13851a1e69a937f7a0bda4af7e1d6153fe9d8c5e0ca6751e781723ddfdec1a035539fb7195c7655aa78e30d2445a61db706fda2105c22e73ba49f1d193fe5dc9cd5e03e0899e3f741ed7f7388ba9d6cfbb352f3358a89256d1c84d3b82e6798416fc28b0b147f31da23eee87d9a67fa456a53fad842e29de7cbca8aaa33d0401eaba93a20e502229174c87e43a115fd6a425899b056b2fb4c9014c277b0bac190522a060153fdac9fb4d4c8ffb726777fd2794c7ba350e8849fe8dfd28af4a12bd0db39705de440c15fa362b03dcc15001f1a1115d14e5e2bd274b54be2b845e0fa6c374050aef97c38922b11f77f3bdcd43d4f14ca93fb58b84af64f2d01421
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 3d78d7f9764960b2617df4f01eca862a
+            Version: 3
+            TBS:
+                MD5: 1f056ff7d5f874984dc605402b7cb042
+                SHA1: bdb348353a2203deb4b767914fa1bd7248dd728b
+                SHA256: a08e79c386083d875014c409c13d144e0a24386132980df11ff59737c8489eb1
+                SHA384: fa2729064b49e0d77540c1ee95d5f74acaf8eaf55197851a3a40383335f8113e51190bc48b552196edf8ac5cf0c89278
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        Signer:
+        -   SerialNumber: 48144e98914632372cfb97f19d0ee4be
+            Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 SHA256 Code Signing CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: TenAsys Corporation
+    Date: ''
+    Description: INtime PnP RT Kernel Interface Driver
+    FileVersion: '420 built by: WinDDK'
+    Filename: ''
+    MD5: 112b4a6d8c205c1287c66ad0009c3226
+    MachineType: AMD64
+    OriginalFilename: rtif.sys
+    Product: INtime
+    ProductVersion: 4.2.11285.1
+    Publisher: ''
+    SHA1: 0caf4e86b14aaab7e10815389fcd635988bc6637
+    SHA256: 4ce8583768720be90fae66eed3b6b4a8c7c64e033be53d4cd98246d6e06086d0
+    Signature: ''
+    Imphash: c12f7aec6ebe84a8390c82720adfc237
+    Authentihash:
+        MD5: e6dc1afaf3f32d09e92e237291b0e634
+        SHA1: 7c594957e490db58473132f699b4bac82f4928ed
+        SHA256: ba6c0c9b64fa739158b5f4465d53e67e574e4b954c8e143cf4e299f5daa65b60
+    RichPEHeaderHash:
+        MD5: 997e86308bb3d4c9955a3f0e555bbb27
+        SHA1: a8e0bae7f09f9a80fadb797b1b49e08365f0c100
+        SHA256: 0aff0c81695a78ab174c12bf46bea5496ea265cd6a997b22aa7b2299d38f420b
+    Sections:
+        .text:
+            Entropy: 6.44011759982148
+            Virtual Size: '0xa5c6'
+        .rdata:
+            Entropy: 4.742166212153357
+            Virtual Size: '0x9ac'
+        .data:
+            Entropy: 2.278701113566387
+            Virtual Size: '0x112c'
+        .pdata:
+            Entropy: 4.385610410851554
+            Virtual Size: '0x390'
+        fixupseg:
+            Entropy: 2.1424575919897277
+            Virtual Size: '0x90'
+        INIT:
+            Entropy: 5.224428786014072
+            Virtual Size: '0xace'
+        .rsrc:
+            Entropy: 3.491997169876269
+            Virtual Size: '0x868'
+        .reloc:
+            Entropy: 3.3374282311041794
+            Virtual Size: '0x158'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2011-10-12 11:36:49'
+    InternalName: rtif.sys
+    Copyright: "Copyright \xA9 2000-2011 by TenAsys Corporation."
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoCreateDevice
+    - vsprintf
+    - KeReleaseSpinLock
+    - IoDisconnectInterrupt
+    - MmFreeContiguousMemory
+    - IoConnectInterrupt
+    - KeSetImportanceDpc
+    - IoWriteErrorLogEntry
+    - KeInitializeSemaphore
+    - KeSetTargetProcessorDpc
+    - IoDetachDevice
+    - ObReferenceObjectByHandle
+    - MmGetPhysicalMemoryRanges
+    - KeWaitForSingleObject
+    - MmUnmapIoSpace
+    - KeBugCheckEx
+    - ExSetTimerResolution
+    - KeQueryActiveProcessors
+    - MmBuildMdlForNonPagedPool
+    - IoFreeMdl
+    - KeDeregisterBugCheckCallback
+    - IoAllocateErrorLogEntry
+    - RtlWriteRegistryValue
+    - IoDeleteSymbolicLink
+    - RtlCreateRegistryKey
+    - ExFreePoolWithTag
+    - MmProbeAndLockPages
+    - KeDelayExecutionThread
+    - MmAllocateContiguousMemorySpecifyCache
+    - IoRegisterShutdownNotification
+    - MmGetPhysicalAddress
+    - IoAttachDeviceToDeviceStack
+    - DbgPrint
+    - PoCallDriver
+    - PsCreateSystemThread
+    - IoAllocateMdl
+    - PsGetVersion
+    - MmAllocateContiguousMemory
+    - MmMapLockedPagesSpecifyCache
+    - IofCompleteRequest
+    - IofCallDriver
+    - ExAllocatePool
+    - KeRegisterBugCheckCallback
+    - ExInterlockedRemoveHeadList
+    - KeAcquireSpinLockRaiseToDpc
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - ExInterlockedInsertTailList
+    - KeSetEvent
+    - MmUnlockPages
+    - RtlCheckRegistryKey
+    - PsTerminateSystemThread
+    - MmMapIoSpace
+    - PoStartNextPowerIrp
+    - RtlAppendUnicodeToString
+    - IoCreateSymbolicLink
+    - KeInitializeEvent
+    - KeInsertQueueDpc
+    - PsGetCurrentProcessId
+    - RtlQueryRegistryValues
+    - KeQueryTimeIncrement
+    - MmUnmapLockedPages
+    - ZwClose
+    - ObfDereferenceObject
+    - qsort
+    - ZwSetValueKey
+    - RtlFreeUnicodeString
+    - ZwQueryValueKey
+    - ZwEnumerateValueKey
+    - RtlAppendUnicodeStringToString
+    - ZwDeleteKey
+    - ZwEnumerateKey
+    - ZwQueryKey
+    - ZwOpenKey
+    - _strnicmp
+    - ZwCreateKey
+    - RtlAnsiStringToUnicodeString
+    - RtlInitAnsiString
+    - ZwDeleteValueKey
+    - ExAllocatePoolWithTag
+    - KeReleaseSemaphore
+    - KeInitializeDpc
+    - __C_specific_handler
+    - KeStallExecutionProcessor
+    - HalSetBusDataByOffset
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, ST=Oregon, O=TenAsys Corporation, OU=Digital ID Class 3
+                , Microsoft Software Validation v2, CN=TenAsys Corporation
+            ValidFrom: '2009-11-10 00:00:00'
+            ValidTo: '2013-01-06 23:59:59'
+            Signature: 262c2f37a476974743e60dea46e83c8b4f65e6080c0ad73557ae2262c5721ef497d887050c3750baaf8d442a40f94e45ea242af60d001e3a63b274125909eaf0a5ca5a1958e52b455e78709ec5e25edd7905501cd98a76dd067013f5f3097df87fc7640cdbfa2e927088ba6c802ce950ecd8b2d31b19844dab4fb762117b685443fadb0b98ec5ebfab39e258189876a130dd632db1a835098089efda7577f306a3fe0f98101c61fe3c47d982e49b15da79af2be683539ffbb0db498c828e26d181a2c870df943f3afcb6821a0c5f9d5c5738b37f76dea2a8edf5f616489325755ba599e893bfaab9db2d7b27f2fdfea22ff39d8ae67632ee0b05fed784519d8a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 51bcef5e74e1e3b240d5810567ce302c
+            Version: 3
+            TBS:
+                MD5: 73212ac71d9ad2c80562d2b9c9731baf
+                SHA1: 56bc1887672e29ec35d3616eb18842f939f10189
+                SHA256: d66372658e2b18b256863b7744069002eccb9cb315fc86709cf9d2721e6f70bc
+                SHA384: 458ceb8f5cd2b86fb13ca1c1ac1c69aa60c8848f3f1735bbeb59d4286eb73f1270513282e8144066b9e1fc641a881fb6
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 51bcef5e74e1e3b240d5810567ce302c
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: TenAsys Corporation
+    Date: ''
+    Description: INtime PnP RT Kernel Interface Driver
+    FileVersion: '500 built by: WinDDK'
+    Filename: ''
+    MD5: 35fbc4c04c31c1a40e666be6529c6321
+    MachineType: AMD64
+    OriginalFilename: rtif.sys
+    Product: INtime
+    ProductVersion: 6.4.21343.1
+    Publisher: ''
+    SHA1: f130e82524d8f5af403c3b0e0ffa4b64fedeec92
+    SHA256: 9399f35b90f09b41f9eeda55c8e37f6d1cb22de6e224e54567d1f0865a718727
+    Signature: ''
+    Imphash: c61a46ffe79d3f7d6307c0d2ae5f391e
+    Authentihash:
+        MD5: 290543f10941cfee914bdd8dda18265b
+        SHA1: d5ecb45182c0abe8797cd44811e8149728c3be88
+        SHA256: c662ed197a5849cf491ee099885f8855b4f8a3d0f5b664c772f2b89c0314b44e
+    RichPEHeaderHash:
+        MD5: d6fb66aaac430a7dc9c7713f79d69cca
+        SHA1: d6b38a27252781d408366fedf64b511430abc6c4
+        SHA256: 216010c066da2a14201dd77209feba952fd16158edddee4747f2587041501963
+    Sections:
+        .text:
+            Entropy: 6.44001479611193
+            Virtual Size: '0xe5b2'
+        .rdata:
+            Entropy: 4.918478454999801
+            Virtual Size: '0xc7c'
+        .data:
+            Entropy: 2.439249315977124
+            Virtual Size: '0x1558'
+        .pdata:
+            Entropy: 4.792418577201328
+            Virtual Size: '0x4a4'
+        fixupseg:
+            Entropy: 2.1620193574240503
+            Virtual Size: '0x90'
+        INIT:
+            Entropy: 5.281621749998813
+            Virtual Size: '0xb32'
+        .rsrc:
+            Entropy: 3.496623662060939
+            Virtual Size: '0x868'
+        .reloc:
+            Entropy: 3.2671345238840304
+            Virtual Size: '0x194'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2021-12-09 14:10:02'
+    InternalName: rtif.sys
+    Copyright: "Copyright \xA9 2002-2021 by TenAsys Corporation."
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - vsprintf
+    - KeSetImportanceDpc
+    - IoWriteErrorLogEntry
+    - KeSetTargetProcessorDpc
+    - KeQueryActiveProcessors
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - IoRegisterShutdownNotification
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeSetEvent
+    - ProbeForWrite
+    - RtlCheckRegistryKey
+    - MmGetSystemRoutineAddress
+    - RtlAppendUnicodeToString
+    - KeInitializeEvent
+    - RtlQueryRegistryValues
+    - KeInitializeDpc
+    - KeReleaseSpinLock
+    - MmFreeContiguousMemory
+    - IoDetachDevice
+    - MmUnmapIoSpace
+    - MmBuildMdlForNonPagedPool
+    - IoFreeMdl
+    - IoAllocateErrorLogEntry
+    - KeDelayExecutionThread
+    - MmGetPhysicalAddress
+    - PsCreateSystemThread
+    - MmMapLockedPagesSpecifyCache
+    - ExAllocatePool
+    - KeRegisterBugCheckCallback
+    - ExInterlockedInsertTailList
+    - PsTerminateSystemThread
+    - MmMapIoSpace
+    - PoStartNextPowerIrp
+    - KeInsertQueueDpc
+    - KeQueryTimeIncrement
+    - ZwClose
+    - IofCompleteRequest
+    - IoConnectInterrupt
+    - ProbeForRead
+    - ObReferenceObjectByHandle
+    - KeWaitForSingleObject
+    - KeBugCheckEx
+    - RtlWriteRegistryValue
+    - MmProbeAndLockPages
+    - IoAttachDeviceToDeviceStack
+    - PoCallDriver
+    - PsGetVersion
+    - KeReleaseSemaphore
+    - ExInterlockedRemoveHeadList
+    - MmUnlockPages
+    - IoCreateSymbolicLink
+    - PsGetCurrentProcessId
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - IoDisconnectInterrupt
+    - MmGetPhysicalMemoryRanges
+    - ExSetTimerResolution
+    - KeDeregisterBugCheckCallback
+    - RtlCreateRegistryKey
+    - MmAllocateContiguousMemorySpecifyCache
+    - DbgPrint
+    - IoAllocateMdl
+    - MmAllocateContiguousMemory
+    - IofCallDriver
+    - KeAcquireSpinLockRaiseToDpc
+    - ZwQueryValueKey
+    - ZwEnumerateKey
+    - ZwOpenKey
+    - _strnicmp
+    - ZwCreateKey
+    - RtlAnsiStringToUnicodeString
+    - RtlInitAnsiString
+    - ZwDeleteValueKey
+    - ZwSetValueKey
+    - RtlFreeUnicodeString
+    - ZwEnumerateValueKey
+    - RtlAppendUnicodeStringToString
+    - ZwDeleteKey
+    - ZwQueryKey
+    - ExAllocatePoolWithTag
+    - KeInitializeSemaphore
+    - MmUnmapLockedPages
+    - __C_specific_handler
+    - KeStallExecutionProcessor
+    - HalSetBusDataByOffset
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=Oregon, L=Hillsboro, O=TenAsys Corporation, CN=TenAsys
+                Corporation
+            ValidFrom: '2019-02-05 00:00:00'
+            ValidTo: '2022-03-11 23:59:59'
+            Signature: 0ec0ec4f04c6912e3fa420ef365e84de1c2fcd1eba4f8b6e3524e045204247759ed47f8abe6c76d5d48eed16af8155b179f730f13dca29a43be524a3554d890a80544fe7b181a8764c7a305f0ed8c0917bc888e31539aab264236d9fb1c7198f8999c9902fc91e616f9390a7a31b3717d2efb4f2be4f24380baf625bd01623d75d3c1bb3f7affbecd3127a9c18cb467b12aefc3796ea0957a055c23d12dfaf756a9772e05c23543f3eefb5af751c8be2b2fdc6dfc062730042a8da50a76fb6a0204bba0452670860ff9e2326dfbc092f634d7735b6a7705dd5248734ed5705a60e964726c304ae4267e236a2332ce7e02a24733439f7a301fb33885c4115744a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 37d0405e434278e6e7a0e83dc459f6a1
+            Version: 3
+            TBS:
+                MD5: 16a5271a8c1c607cb7f8e39f9983bfe1
+                SHA1: 674b0b16bf2685f979517b6337ecff57fb949821
+                SHA256: 881fcc016d5774f69cbd3610e8982804499226f7172b3ebd42a4f860e88f0a97
+                SHA384: c3ed616e80e3efbbf9ff8a32718c8cafdac6b0f6f665a2d94f237937b8517c54ec2df471d6d305e773d331e868017ffd
+        -   Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 SHA256 Code Signing CA
+            ValidFrom: '2013-12-10 00:00:00'
+            ValidTo: '2023-12-09 23:59:59'
+            Signature: 13851a1e69a937f7a0bda4af7e1d6153fe9d8c5e0ca6751e781723ddfdec1a035539fb7195c7655aa78e30d2445a61db706fda2105c22e73ba49f1d193fe5dc9cd5e03e0899e3f741ed7f7388ba9d6cfbb352f3358a89256d1c84d3b82e6798416fc28b0b147f31da23eee87d9a67fa456a53fad842e29de7cbca8aaa33d0401eaba93a20e502229174c87e43a115fd6a425899b056b2fb4c9014c277b0bac190522a060153fdac9fb4d4c8ffb726777fd2794c7ba350e8849fe8dfd28af4a12bd0db39705de440c15fa362b03dcc15001f1a1115d14e5e2bd274b54be2b845e0fa6c374050aef97c38922b11f77f3bdcd43d4f14ca93fb58b84af64f2d01421
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 3d78d7f9764960b2617df4f01eca862a
+            Version: 3
+            TBS:
+                MD5: 1f056ff7d5f874984dc605402b7cb042
+                SHA1: bdb348353a2203deb4b767914fa1bd7248dd728b
+                SHA256: a08e79c386083d875014c409c13d144e0a24386132980df11ff59737c8489eb1
+                SHA384: fa2729064b49e0d77540c1ee95d5f74acaf8eaf55197851a3a40383335f8113e51190bc48b552196edf8ac5cf0c89278
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        Signer:
+        -   SerialNumber: 37d0405e434278e6e7a0e83dc459f6a1
+            Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 SHA256 Code Signing CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: TenAsys Corporation
+    Date: ''
+    Description: INtime PnP RT Kernel Interface Driver
+    FileVersion: '500 built by: WinDDK'
+    Filename: ''
+    MD5: 6c5e50ef2069896f408cdaaddd307893
+    MachineType: I386
+    OriginalFilename: rtif.sys
+    Product: INtime
+    ProductVersion: 6.4.21343.1
+    Publisher: ''
+    SHA1: 8d676504c2680cf71c0c91afb18af40ea83b6c22
+    SHA256: a66b4420fa1df81a517e2bbea1a414b57721c67a4aa1df1967894f77e81d036e
+    Signature: ''
+    Imphash: e1d88d0526dfa369c3661355dbd8773d
+    Authentihash:
+        MD5: e8e61cae63a99c97074c083bca2b4231
+        SHA1: 2ab81656c1eece7b9b05e0d28257acdca216336a
+        SHA256: a2dee316cd07963c2eb7ebb1b4189eca78786c835aaafeb6467b37c1353d821a
+    RichPEHeaderHash:
+        MD5: 8af78de3036a1a61c2f7960f304e2fd8
+        SHA1: 9b85ed0afe26a8379ad12783d99bfffaca008da0
+        SHA256: bf1fc947f315f3d5b99704872d19fb65dbef65beeeeb9b72df2d998e6845ef63
+    Sections:
+        .text:
+            Entropy: 6.611390928364727
+            Virtual Size: '0x11bc1'
+        .rdata:
+            Entropy: 4.501948591854601
+            Virtual Size: '0x634'
+        .data:
+            Entropy: 2.2875585804731453
+            Virtual Size: '0x418c'
+        fixupseg:
+            Entropy: 3.7598332194665756
+            Virtual Size: '0x38'
+        INIT:
+            Entropy: 5.6467030835991
+            Virtual Size: '0xae2'
+        .rsrc:
+            Entropy: 3.497873641585053
+            Virtual Size: '0x868'
+        .reloc:
+            Entropy: 6.589111544688887
+            Virtual Size: '0x14ae'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2021-12-09 14:09:58'
+    InternalName: rtif.sys
+    Copyright: "Copyright \xA9 2002-2021 by TenAsys Corporation."
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - ProbeForWrite
+    - memcpy
+    - KeReleaseSemaphore
+    - MmFreeContiguousMemory
+    - MmUnmapIoSpace
+    - _allshl
+    - _aullshr
+    - KeSetEvent
+    - KeWaitForSingleObject
+    - IofCallDriver
+    - KeInitializeEvent
+    - MmUnmapLockedPages
+    - MmBuildMdlForNonPagedPool
+    - IoFreeMdl
+    - MmMapLockedPagesSpecifyCache
+    - IoAllocateMdl
+    - _aullrem
+    - RtlQueryRegistryValues
+    - memset
+    - ExAllocatePoolWithTag
+    - RtlWriteRegistryValue
+    - RtlCreateRegistryKey
+    - RtlCheckRegistryKey
+    - ExFreePoolWithTag
+    - RtlAppendUnicodeToString
+    - memmove
+    - RtlInitUnicodeString
+    - IoWriteErrorLogEntry
+    - IoAllocateErrorLogEntry
+    - vsprintf
+    - KeInsertQueueDpc
+    - PsTerminateSystemThread
+    - KeDelayExecutionThread
+    - KeBugCheckEx
+    - KeInitializeSemaphore
+    - PsGetCurrentProcessId
+    - ExSetTimerResolution
+    - KeQueryTimeIncrement
+    - ExfInterlockedInsertTailList
+    - ExfInterlockedRemoveHeadList
+    - MmUnlockPages
+    - MmProbeAndLockPages
+    - PsGetVersion
+    - ProbeForRead
+    - KeRegisterBugCheckCallback
+    - ExAllocatePool
+    - ZwClose
+    - ZwSetInformationThread
+    - PsCreateSystemThread
+    - _aulldiv
+    - IoDisconnectInterrupt
+    - ObfDereferenceObject
+    - PoCallDriver
+    - IofCompleteRequest
+    - PoStartNextPowerIrp
+    - IoConnectInterrupt
+    - IoDeleteDevice
+    - IoDetachDevice
+    - IoDeleteSymbolicLink
+    - IoRegisterShutdownNotification
+    - IoAttachDeviceToDeviceStack
+    - KeSetImportanceDpc
+    - KeInitializeDpc
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - ObReferenceObjectByHandle
+    - MmGetPhysicalMemoryRanges
+    - KeSetTargetProcessorDpc
+    - KeQueryActiveProcessors
+    - MmGetSystemRoutineAddress
+    - RtlFreeUnicodeString
+    - ZwCreateKey
+    - RtlAppendUnicodeStringToString
+    - RtlxAnsiStringToUnicodeSize
+    - NlsMbCodePageTag
+    - RtlAnsiStringToUnicodeString
+    - RtlInitAnsiString
+    - ZwDeleteValueKey
+    - ZwEnumerateKey
+    - ZwEnumerateValueKey
+    - ZwOpenKey
+    - ZwQueryKey
+    - ZwQueryValueKey
+    - ZwSetValueKey
+    - ZwDeleteKey
+    - KeTickCount
+    - RtlUnwind
+    - MmMapIoSpace
+    - MmAllocateContiguousMemorySpecifyCache
+    - MmAllocateContiguousMemory
+    - MmGetPhysicalAddress
+    - DbgPrint
+    - _allmul
+    - KeGetCurrentThread
+    - KeDeregisterBugCheckCallback
+    - Kei386EoiHelper
+    - KfRaiseIrql
+    - KfLowerIrql
+    - KeStallExecutionProcessor
+    - KfReleaseSpinLock
+    - KfAcquireSpinLock
+    - HalEndSystemInterrupt
+    - HalBeginSystemInterrupt
+    - KeGetCurrentIrql
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=Oregon, L=Hillsboro, O=TenAsys Corporation, CN=TenAsys
+                Corporation
+            ValidFrom: '2019-02-05 00:00:00'
+            ValidTo: '2022-03-11 23:59:59'
+            Signature: 0ec0ec4f04c6912e3fa420ef365e84de1c2fcd1eba4f8b6e3524e045204247759ed47f8abe6c76d5d48eed16af8155b179f730f13dca29a43be524a3554d890a80544fe7b181a8764c7a305f0ed8c0917bc888e31539aab264236d9fb1c7198f8999c9902fc91e616f9390a7a31b3717d2efb4f2be4f24380baf625bd01623d75d3c1bb3f7affbecd3127a9c18cb467b12aefc3796ea0957a055c23d12dfaf756a9772e05c23543f3eefb5af751c8be2b2fdc6dfc062730042a8da50a76fb6a0204bba0452670860ff9e2326dfbc092f634d7735b6a7705dd5248734ed5705a60e964726c304ae4267e236a2332ce7e02a24733439f7a301fb33885c4115744a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 37d0405e434278e6e7a0e83dc459f6a1
+            Version: 3
+            TBS:
+                MD5: 16a5271a8c1c607cb7f8e39f9983bfe1
+                SHA1: 674b0b16bf2685f979517b6337ecff57fb949821
+                SHA256: 881fcc016d5774f69cbd3610e8982804499226f7172b3ebd42a4f860e88f0a97
+                SHA384: c3ed616e80e3efbbf9ff8a32718c8cafdac6b0f6f665a2d94f237937b8517c54ec2df471d6d305e773d331e868017ffd
+        -   Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 SHA256 Code Signing CA
+            ValidFrom: '2013-12-10 00:00:00'
+            ValidTo: '2023-12-09 23:59:59'
+            Signature: 13851a1e69a937f7a0bda4af7e1d6153fe9d8c5e0ca6751e781723ddfdec1a035539fb7195c7655aa78e30d2445a61db706fda2105c22e73ba49f1d193fe5dc9cd5e03e0899e3f741ed7f7388ba9d6cfbb352f3358a89256d1c84d3b82e6798416fc28b0b147f31da23eee87d9a67fa456a53fad842e29de7cbca8aaa33d0401eaba93a20e502229174c87e43a115fd6a425899b056b2fb4c9014c277b0bac190522a060153fdac9fb4d4c8ffb726777fd2794c7ba350e8849fe8dfd28af4a12bd0db39705de440c15fa362b03dcc15001f1a1115d14e5e2bd274b54be2b845e0fa6c374050aef97c38922b11f77f3bdcd43d4f14ca93fb58b84af64f2d01421
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 3d78d7f9764960b2617df4f01eca862a
+            Version: 3
+            TBS:
+                MD5: 1f056ff7d5f874984dc605402b7cb042
+                SHA1: bdb348353a2203deb4b767914fa1bd7248dd728b
+                SHA256: a08e79c386083d875014c409c13d144e0a24386132980df11ff59737c8489eb1
+                SHA384: fa2729064b49e0d77540c1ee95d5f74acaf8eaf55197851a3a40383335f8113e51190bc48b552196edf8ac5cf0c89278
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        Signer:
+        -   SerialNumber: 37d0405e434278e6e7a0e83dc459f6a1
+            Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 SHA256 Code Signing CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: TenAsys Corporation
+    Date: ''
+    Description: INtime PnP RT Kernel Interface Driver
+    FileVersion: '500 built by: WinDDK'
+    Filename: ''
+    MD5: 4b42a7a6327827a8dbdecf367832c0cd
+    MachineType: AMD64
+    OriginalFilename: rtif.sys
+    Product: INtime
+    ProductVersion: 6.0.14175.1
+    Publisher: ''
+    SHA1: ce1d0ebaeaa4fe3ecb49242f1e80bc7a4e43fd8c
+    SHA256: ba40b1fc798c2f78165e78997b4baf3d99858ee39a372ca6fbc303057793e50d
+    Signature: ''
+    Imphash: 3e8e7e5e779c7064e6bab177167e9e7a
+    Authentihash:
+        MD5: 41cb3bf0ce126d2e909ef8918312578c
+        SHA1: 54bed9a75d950714920d1415be6e273c0ac987e4
+        SHA256: 19595c3de596f8b705eef1b135768d3051305698ceed083401f8acfba4bd5393
+    RichPEHeaderHash:
+        MD5: bd1a1b47cc595b8cfb7149b488f3a97a
+        SHA1: 29f469189ca25d35b22c3247ea5b72e7329fe047
+        SHA256: 025aad79c2efdc5f9b9de29f3f0bbc8825374fb5322d6170f850af2d466f91e7
+    Sections:
+        .text:
+            Entropy: 6.410108417426959
+            Virtual Size: '0xb9c2'
+        .rdata:
+            Entropy: 4.842622218133403
+            Virtual Size: '0xa94'
+        .data:
+            Entropy: 2.687030222106283
+            Virtual Size: '0x1160'
+        .pdata:
+            Entropy: 4.457711986438197
+            Virtual Size: '0x420'
+        fixupseg:
+            Entropy: 2.1424575919897277
+            Virtual Size: '0x90'
+        INIT:
+            Entropy: 5.313487977603218
+            Virtual Size: '0xb42'
+        .rsrc:
+            Entropy: 3.4923506860842393
+            Virtual Size: '0x868'
+        .reloc:
+            Entropy: 3.3188012062753227
+            Virtual Size: '0x16c'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2014-09-24 00:39:12'
+    InternalName: rtif.sys
+    Copyright: "Copyright \xA9 2002-2014 by TenAsys Corporation."
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - vsprintf
+    - KeSetImportanceDpc
+    - IoWriteErrorLogEntry
+    - KeSetTargetProcessorDpc
+    - KeQueryActiveProcessors
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - IoRegisterShutdownNotification
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeSetEvent
+    - ProbeForWrite
+    - RtlCheckRegistryKey
+    - MmGetSystemRoutineAddress
+    - RtlAppendUnicodeToString
+    - KeInitializeEvent
+    - RtlQueryRegistryValues
+    - KeInitializeDpc
+    - KeReleaseSpinLock
+    - MmFreeContiguousMemory
+    - IoDetachDevice
+    - MmUnmapIoSpace
+    - MmBuildMdlForNonPagedPool
+    - IoFreeMdl
+    - IoAllocateErrorLogEntry
+    - KeDelayExecutionThread
+    - MmGetPhysicalAddress
+    - PsCreateSystemThread
+    - MmMapLockedPagesSpecifyCache
+    - ExAllocatePool
+    - KeRegisterBugCheckCallback
+    - ExInterlockedInsertTailList
+    - PsTerminateSystemThread
+    - MmMapIoSpace
+    - PoStartNextPowerIrp
+    - KeInsertQueueDpc
+    - KeQueryTimeIncrement
+    - ZwClose
+    - IofCompleteRequest
+    - IoConnectInterrupt
+    - KeInitializeSemaphore
+    - ProbeForRead
+    - KeWaitForSingleObject
+    - KeBugCheckEx
+    - RtlWriteRegistryValue
+    - MmProbeAndLockPages
+    - IoAttachDeviceToDeviceStack
+    - PoCallDriver
+    - PsGetVersion
+    - KeReleaseSemaphore
+    - ExInterlockedRemoveHeadList
+    - MmUnlockPages
+    - IoCreateSymbolicLink
+    - PsGetCurrentProcessId
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - IoDisconnectInterrupt
+    - MmGetPhysicalMemoryRanges
+    - ExSetTimerResolution
+    - KeDeregisterBugCheckCallback
+    - RtlCreateRegistryKey
+    - MmAllocateContiguousMemorySpecifyCache
+    - DbgPrint
+    - IoAllocateMdl
+    - MmAllocateContiguousMemory
+    - IofCallDriver
+    - KeAcquireSpinLockRaiseToDpc
+    - qsort
+    - ZwQueryValueKey
+    - ZwEnumerateKey
+    - ZwOpenKey
+    - _strnicmp
+    - ZwCreateKey
+    - RtlAnsiStringToUnicodeString
+    - RtlInitAnsiString
+    - ZwDeleteValueKey
+    - ZwSetValueKey
+    - RtlFreeUnicodeString
+    - ZwEnumerateValueKey
+    - RtlAppendUnicodeStringToString
+    - ZwDeleteKey
+    - ZwQueryKey
+    - ExAllocatePoolWithTag
+    - ObReferenceObjectByHandle
+    - MmUnmapLockedPages
+    - __C_specific_handler
+    - KeStallExecutionProcessor
+    - HalSetBusDataByOffset
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, ST=Oregon, L=Beaverton, O=TenAsys Corporation, OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, CN=TenAsys Corporation
+            ValidFrom: '2012-11-09 00:00:00'
+            ValidTo: '2016-02-08 23:59:59'
+            Signature: cafd0647d75ebf938b2174bd975296645111e85e40a73ca4b6383ba868a76b7843d80b323b3b81c3b62bfc1c3b7c8ea6741feb755933dcb26a2aff220b485ad468b5535a4a679f30dbc91001356a5816f0a49884636bc7ea9d6b5e9c3f73d450dc495d5788f8f8c2ef34370354c0242919abe86223ce3b5460dc41a9335a9ba65c613a37c1801f268f9f10df31c11021d757cedbfd8ddad0acbced73bc41dc2b6f5fb55add1781b9cc8454d3c05d1399cbc37c6b92880069475fef20d1446b820eb11bd145e3dc3a7335bd7bff0be31cba3c5454d954084ca7214a598b398b449aafbe94bdf0c207e55a7d386d3e2b08866376727e23058c10bdb701d18aa333
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1dd16244250a5187fb55951ad3c3bc6b
+            Version: 3
+            TBS:
+                MD5: 280d8570801ef8d255171e7f7e2573d3
+                SHA1: 099a6d7560bef4c1b9a25e11a7298ec7e15b97da
+                SHA256: af89dd187fff2c8aa46f7b79c9d4fa18cf2c6916ba124fec64b7cce5dfbcb299
+                SHA384: c1a7273a8c438c778848868e347b0d030d674665580fb6abc794c0f09e4d0bf339dcb1cd3bea7bf3d78afbafeda2fe24
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 1dd16244250a5187fb55951ad3c3bc6b
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: TenAsys Corporation
+    Date: ''
+    Description: INtime PnP RT Kernel Interface Driver
+    FileVersion: '500 built by: WinDDK'
+    Filename: ''
+    MD5: ff795e4f387c3e22291083b7d6b92ffb
+    MachineType: AMD64
+    OriginalFilename: rtif.sys
+    Product: INtime
+    ProductVersion: 6.0.14091.1
+    Publisher: ''
+    SHA1: 5eb693c9cc49c7d6a03f7960ddcfd8f468e5656b
+    SHA256: eae5c993b250dcc5fee01deeb30045b0e5ee7cf9306ef6edd8c58e4dc743a8ed
+    Signature: ''
+    Imphash: 3d42ff70269b824dd9d4a8cb905669f9
+    Authentihash:
+        MD5: 0a889f7961b83dc1d637bcc92560074b
+        SHA1: 0e4691a2e125f4f61f37654252cd46bba76d9987
+        SHA256: c9aeead632435bda4f5723fff5c48dc60451072bfc8649f2ad6e066ca910934a
+    RichPEHeaderHash:
+        MD5: d81e83b51349be2642cc2c864adf6c87
+        SHA1: d6dbea33d7267fa631c0632aaff1c3e5142639c5
+        SHA256: 74739de917e2aebbe337b52ec0ccb104516a3df9b9b373802f0506a0d2a74abb
+    Sections:
+        .text:
+            Entropy: 6.414410444162882
+            Virtual Size: '0xb692'
+        .rdata:
+            Entropy: 4.809552537003447
+            Virtual Size: '0xa64'
+        .data:
+            Entropy: 2.680405412897324
+            Virtual Size: '0x1160'
+        .pdata:
+            Entropy: 4.413489143500231
+            Virtual Size: '0x420'
+        fixupseg:
+            Entropy: 2.1424575919897277
+            Virtual Size: '0x90'
+        INIT:
+            Entropy: 5.3224584364088
+            Virtual Size: '0xb12'
+        .rsrc:
+            Entropy: 3.49190189323868
+            Virtual Size: '0x868'
+        .reloc:
+            Entropy: 3.3188012062753227
+            Virtual Size: '0x16c'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2014-04-01 21:08:39'
+    InternalName: rtif.sys
+    Copyright: "Copyright \xA9 2002-2014 by TenAsys Corporation."
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - KeSetImportanceDpc
+    - IoWriteErrorLogEntry
+    - KeSetTargetProcessorDpc
+    - KeQueryActiveProcessors
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - IoRegisterShutdownNotification
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeSetEvent
+    - RtlCheckRegistryKey
+    - MmGetSystemRoutineAddress
+    - RtlAppendUnicodeToString
+    - KeInitializeEvent
+    - RtlQueryRegistryValues
+    - KeInitializeDpc
+    - KeReleaseSpinLock
+    - MmFreeContiguousMemory
+    - IoDetachDevice
+    - MmUnmapIoSpace
+    - MmBuildMdlForNonPagedPool
+    - IoFreeMdl
+    - IoAllocateErrorLogEntry
+    - KeDelayExecutionThread
+    - MmGetPhysicalAddress
+    - PsCreateSystemThread
+    - MmMapLockedPagesSpecifyCache
+    - ExAllocatePool
+    - KeRegisterBugCheckCallback
+    - ExInterlockedInsertTailList
+    - PsTerminateSystemThread
+    - MmMapIoSpace
+    - PoStartNextPowerIrp
+    - KeInsertQueueDpc
+    - KeQueryTimeIncrement
+    - ZwClose
+    - IofCompleteRequest
+    - IoConnectInterrupt
+    - KeInitializeSemaphore
+    - ObReferenceObjectByHandle
+    - vsprintf
+    - KeBugCheckEx
+    - RtlWriteRegistryValue
+    - MmProbeAndLockPages
+    - IoAttachDeviceToDeviceStack
+    - PoCallDriver
+    - PsGetVersion
+    - KeReleaseSemaphore
+    - ExInterlockedRemoveHeadList
+    - MmUnlockPages
+    - IoCreateSymbolicLink
+    - PsGetCurrentProcessId
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - IoDisconnectInterrupt
+    - MmGetPhysicalMemoryRanges
+    - ExSetTimerResolution
+    - KeDeregisterBugCheckCallback
+    - RtlCreateRegistryKey
+    - MmAllocateContiguousMemorySpecifyCache
+    - DbgPrint
+    - IoAllocateMdl
+    - MmAllocateContiguousMemory
+    - IofCallDriver
+    - KeAcquireSpinLockRaiseToDpc
+    - qsort
+    - ZwQueryValueKey
+    - ZwEnumerateKey
+    - ZwOpenKey
+    - _strnicmp
+    - ZwCreateKey
+    - RtlAnsiStringToUnicodeString
+    - RtlInitAnsiString
+    - ZwDeleteValueKey
+    - ZwSetValueKey
+    - RtlFreeUnicodeString
+    - ZwEnumerateValueKey
+    - RtlAppendUnicodeStringToString
+    - ZwDeleteKey
+    - ZwQueryKey
+    - ExAllocatePoolWithTag
+    - KeWaitForSingleObject
+    - MmUnmapLockedPages
+    - __C_specific_handler
+    - KeStallExecutionProcessor
+    - HalSetBusDataByOffset
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, ST=Oregon, L=Beaverton, O=TenAsys Corporation, OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, CN=TenAsys Corporation
+            ValidFrom: '2012-11-09 00:00:00'
+            ValidTo: '2016-02-08 23:59:59'
+            Signature: cafd0647d75ebf938b2174bd975296645111e85e40a73ca4b6383ba868a76b7843d80b323b3b81c3b62bfc1c3b7c8ea6741feb755933dcb26a2aff220b485ad468b5535a4a679f30dbc91001356a5816f0a49884636bc7ea9d6b5e9c3f73d450dc495d5788f8f8c2ef34370354c0242919abe86223ce3b5460dc41a9335a9ba65c613a37c1801f268f9f10df31c11021d757cedbfd8ddad0acbced73bc41dc2b6f5fb55add1781b9cc8454d3c05d1399cbc37c6b92880069475fef20d1446b820eb11bd145e3dc3a7335bd7bff0be31cba3c5454d954084ca7214a598b398b449aafbe94bdf0c207e55a7d386d3e2b08866376727e23058c10bdb701d18aa333
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1dd16244250a5187fb55951ad3c3bc6b
+            Version: 3
+            TBS:
+                MD5: 280d8570801ef8d255171e7f7e2573d3
+                SHA1: 099a6d7560bef4c1b9a25e11a7298ec7e15b97da
+                SHA256: af89dd187fff2c8aa46f7b79c9d4fa18cf2c6916ba124fec64b7cce5dfbcb299
+                SHA384: c1a7273a8c438c778848868e347b0d030d674665580fb6abc794c0f09e4d0bf339dcb1cd3bea7bf3d78afbafeda2fe24
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 1dd16244250a5187fb55951ad3c3bc6b
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/39742f99-2180-46d7-8538-56667c935cc3.yaml b/yaml/39742f99-2180-46d7-8538-56667c935cc3.yaml
index 83d0e2d84..aff4be646 100644
--- a/yaml/39742f99-2180-46d7-8538-56667c935cc3.yaml
+++ b/yaml/39742f99-2180-46d7-8538-56667c935cc3.yaml
@@ -1,521 +1,523 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 39742f99-2180-46d7-8538-56667c935cc3
+Tags:
+- viragt.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create viragt.sys binPath=C:\windows\temp\viragt.sys type=kernel
-    && sc.exe start viragt.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/e05eeb2b8c18ad2cb2d1038c043d770a0d51b96b748bc34be3e7fc6f3790ce53.yara
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: 39742f99-2180-46d7-8538-56667c935cc3
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 333822355a23fbdfb2599a909b3bbc60
-    SHA1: 72886a692656ebe64592a43273d3f59432cfbf9a
-    SHA256: 9f86fc8a6eaa3b38f33be4a0d552c184e575afa50a60df7383c06a394e3926d8
-  Company: TG Soft S.a.s.
-  Copyright: Copyright (C) TG Soft S.a.s. 2006, 2013 - www.tgsoft.it
-  CreationTimestamp: '2013-01-23 01:38:45'
-  Date: ''
-  Description: VirIT Agent System
-  ExportedFunctions: ''
-  FileVersion: 1, 72, 0, 0
-  Filename: viragt.sys
-  ImportedFunctions:
-  - RtlInitAnsiString
-  - wcstombs
-  - ZwOpenKey
-  - ZwSetValueKey
-  - ZwDeleteKey
-  - RtlFormatCurrentUserKeyPath
-  - ZwEnumerateKey
-  - ZwEnumerateValueKey
-  - ZwCreateFile
-  - KeWaitForSingleObject
-  - IofCallDriver
-  - IoBuildSynchronousFsdRequest
-  - KeInitializeEvent
-  - ObfDereferenceObject
-  - IoGetRelatedDeviceObject
-  - ObReferenceObjectByHandle
-  - ZwReadFile
-  - ZwWriteFile
-  - ZwSetInformationFile
-  - ZwOpenProcess
-  - ZwTerminateProcess
-  - _strupr
-  - ZwQuerySystemInformation
-  - IoFreeMdl
-  - MmUnlockPages
-  - MmIsAddressValid
-  - MmProbeAndLockPages
-  - MmMapLockedPagesSpecifyCache
-  - MmBuildMdlForNonPagedPool
-  - IoAllocateMdl
-  - MmIsNonPagedSystemAddressValid
-  - IoGetCurrentProcess
-  - PsLookupProcessByProcessId
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - sprintf
-  - RtlTimeToTimeFields
-  - ExSystemTimeToLocalTime
-  - KeQuerySystemTime
-  - strstr
-  - KeServiceDescriptorTable
-  - KeReleaseMutex
-  - KeDelayExecutionThread
-  - RtlAnsiStringToUnicodeString
-  - ExQueueWorkItem
-  - KeInsertQueueDpc
-  - KeSetTargetProcessorDpc
-  - KeInitializeDpc
-  - KeNumberProcessors
-  - IofCompleteRequest
-  - memcpy
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsCreateSystemThread
-  - KeInitializeMutex
-  - ObOpenObjectByName
-  - IoDriverObjectType
-  - ZwOpenDirectoryObject
-  - RtlUnicodeStringToAnsiString
-  - ZwQueryDirectoryObject
-  - IoFileObjectType
-  - swprintf
-  - DbgPrint
-  - IoFreeIrp
-  - MmUnmapLockedPages
-  - KeSetEvent
-  - MmLockPagableSectionByHandle
-  - MmLockPagableDataSection
-  - IoAllocateIrp
-  - _wcsnicmp
-  - RtlCompareMemory
-  - IoBuildDeviceIoControlRequest
-  - _alldiv
-  - wcsrchr
-  - ZwQueryVolumeInformationFile
-  - ZwDeviceIoControlFile
-  - _strnicmp
-  - ZwFsControlFile
-  - _allmul
-  - ObfReferenceObject
-  - _allrem
-  - _stricmp
-  - strrchr
-  - KeQueryActiveProcessors
-  - KeTickCount
-  - KeBugCheckEx
-  - ZwCreateKey
-  - ZwQueryValueKey
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - mbstowcs
-  - ZwClose
-  - memset
-  - PsTerminateSystemThread
-  - ZwQueryInformationFile
-  - RtlUnwind
-  - KeRaiseIrqlToDpcLevel
-  - KfRaiseIrql
-  - KfLowerIrql
-  - KeGetCurrentIrql
-  - READ_PORT_ULONG
-  - WRITE_PORT_UCHAR
-  - READ_PORT_UCHAR
-  - READ_PORT_BUFFER_UCHAR
-  - KeStallExecutionProcessor
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: viragt.sys
-  MD5: e79c91c27df3eaf82fb7bd1280172517
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: viragt.sys
-  Product: VirIT Agent System
-  ProductVersion: 1, 72, 0, 0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: fd47e50698bf05f04850340b52ac1853
-    SHA1: ee25f84fd5c60f82580743dfaab31e2e5e1fbe30
-    SHA256: 44490b82f96dcb06373c259b6532d209604916c484dccba49970a77732bd9906
-  SHA1: cb22723faa5ae2809476e5c5e9b9a597b26cab9b
-  SHA256: e05eeb2b8c18ad2cb2d1038c043d770a0d51b96b748bc34be3e7fc6f3790ce53
-  Sections:
-    .text:
-      Entropy: 6.747532035906447
-      Virtual Size: '0xdbb5'
-    NonPaged:
-      Entropy: 6.71406382908674
-      Virtual Size: '0x7ad'
-    .rdata:
-      Entropy: 5.092975260562714
-      Virtual Size: '0x5d4'
-    .data:
-      Entropy: 0.04519006846517909
-      Virtual Size: '0x364c'
-    INIT:
-      Entropy: 5.662214565720019
-      Virtual Size: '0xa84'
-    .rsrc:
-      Entropy: 3.3233696108191855
-      Virtual Size: '0x430'
-    .reloc:
-      Entropy: 6.276829324907502
-      Virtual Size: '0xf58'
-  Signature:
-  - TG Soft S.a.s. Di Tonello Gianfranco e C.
-  - VeriSign Class 3 Code Signing 2010 CA
-  - VeriSign
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=IT, ST=Padova, L=Rubano, O=TG Soft S.a.s. Di Tonello Gianfranco e
-        C., OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=TG Soft S.a.s.
-        Di Tonello Gianfranco e C.
-      ValidFrom: '2012-12-31 00:00:00'
-      ValidTo: '2016-02-29 23:59:59'
-      Signature: c7c9efc50350a4c32f6dacc513ba6ac9fe5fd749bd74dcb912bdc41655a751ecd628c0d94677c4bc71424ba27a3b82680532cb0fa85f6d7ae2a5a9b5a0f2c87059ce4c5c80c426bafe6fa0713e23787b5fe5274c659c221a58a376d27d9866a1843d21788bc53012b5af4b9a8787b5a6dd2d41498e60967e5248c6cc8b08ccafc5f39006f0597ae03b91f0aed26337f40550dc1fe4490df7258d2f0bdf0448d5a68c3bb8222007b91f9f83e4813edfb134738bfdd5c5cd9f8413b360231472ec5a22d32e7c6e15b127a34f84edea31ce625a0c87aaa07e31a14221dc51689e68e5a0e13bd563475134ee102e1a86788dc909dbdb4c7a370e0d418c8424e88a14
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 4cccaccf48f6d93fb37178d7fce6209c
-      Version: 3
-      TBS:
-        MD5: 1f0b47e6661a3261d4c982b2eb35b0ec
-        SHA1: 8320a06969446f33184f8a25a91942870a5a54d5
-        SHA256: 15e095f260d9ceca3f947817c1f53ddf687e32438d55a51be1b66785183e9840
-        SHA384: 184afc72b02ad7f852cdc9db26f294ce37ac12ec9ed3375d34acf6918a1662c0afd7d1cc39ecf1decc7e667645a3fc67
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 4cccaccf48f6d93fb37178d7fce6209c
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 0b663530751cc11f34273fee7921c431
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: b6d013002983064089233685b9bde66b
-    SHA1: 6db4ed2d751cc8ae376f2dd69e702e9e469ad8c9
-    SHA256: 554bf34bde5e7c86fc463496d19a4369d911ccad90e3c684855192cd677641c4
-  Company: TG Soft S.a.s.
-  Copyright: Copyright (C) TG Soft S.a.s. 2011, 2013 - www.tgsoft.it
-  CreationTimestamp: '2013-11-29 05:03:41'
-  Date: ''
-  Description: VirIT Agent System
-  ExportedFunctions: ''
-  FileVersion: 1, 0, 0, 5
-  Filename: ''
-  ImportedFunctions:
-  - mbstowcs
-  - ExAllocatePoolWithTag
-  - KeSetTargetProcessorDpc
-  - ZwCreateKey
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - KeInitializeMutex
-  - RtlAnsiStringToUnicodeString
-  - ZwReadFile
-  - strstr
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - RtlInitAnsiString
-  - ZwSetValueKey
-  - _strupr
-  - KeInitializeDpc
-  - ZwQuerySystemInformation
-  - MmBuildMdlForNonPagedPool
-  - IoFreeMdl
-  - ZwSetInformationFile
-  - KeReleaseMutex
-  - KeDelayExecutionThread
-  - ZwCreateFile
-  - PsCreateSystemThread
-  - MmMapLockedPagesSpecifyCache
-  - ExSystemTimeToLocalTime
-  - ZwQueryValueKey
-  - PsTerminateSystemThread
-  - KeInsertQueueDpc
-  - ZwEnumerateValueKey
-  - ZwClose
-  - sprintf
-  - ObReferenceObjectByHandle
-  - KeWaitForSingleObject
-  - RtlTimeToTimeFields
-  - MmProbeAndLockPages
-  - ZwOpenProcess
-  - MmUnlockPages
-  - IoCreateSymbolicLink
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - ZwTerminateProcess
-  - KeNumberProcessors
-  - ZwQueryInformationFile
-  - MmIsNonPagedSystemAddressValid
-  - ZwWriteFile
-  - ZwDeleteKey
-  - RtlFormatCurrentUserKeyPath
-  - ZwEnumerateKey
-  - IoAllocateMdl
-  - ZwOpenKey
-  - ObOpenObjectByName
-  - swprintf
-  - RtlUnicodeStringToAnsiString
-  - ZwOpenDirectoryObject
-  - IoFileObjectType
-  - IoDriverObjectType
-  - ZwQueryDirectoryObject
-  - wcstombs
-  - KeQueryActiveProcessors
-  - KeBugCheckEx
-  - IofCompleteRequest
-  - ExQueueWorkItem
-  - __C_specific_handler
-  - __chkstk
-  - KeStallExecutionProcessor
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: viragt.sys
-  MD5: ab7b28b532beba6a6c0217bc406b80ee
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: viragt64.sys
-  PDBPath: ''
-  Product: VirIT Agent System
-  ProductVersion: 1, 0, 0, 5
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: a93c261e407f22e8e9e11096ef7669a4
-    SHA1: 579ea1a06578ca54a9b86ccfa3c06b3be01831bf
-    SHA256: b566c96b0a5ca93fe5cdd066966b85657108a1cc6eadb0b683932c781d3a3510
-  SHA1: f7b3457a6fd008656e7216b1f09db2ff062f1ca4
-  SHA256: a2096b460e31451659b0dde752264c362f47254c8191930bc921ff16a4311641
-  Sections:
-    .text:
-      Entropy: 6.3652977072668016
-      Virtual Size: '0xb1da'
-    .rdata:
-      Entropy: 4.99053189312109
-      Virtual Size: '0xc04'
-    .data:
-      Entropy: 0.9258397206248276
-      Virtual Size: '0x3878'
-    .pdata:
-      Entropy: 4.342028159341795
-      Virtual Size: '0x318'
-    INIT:
-      Entropy: 5.227110365700928
-      Virtual Size: '0x842'
-    .rsrc:
-      Entropy: 3.311386289808379
-      Virtual Size: '0x438'
-    .reloc:
-      Entropy: 2.4073102722120714
-      Virtual Size: '0x138'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=IT, ST=Padova, L=Rubano, O=TG Soft S.a.s. Di Tonello Gianfranco e
-        C., OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=TG Soft S.a.s.
-        Di Tonello Gianfranco e C.
-      ValidFrom: '2012-12-31 00:00:00'
-      ValidTo: '2016-02-29 23:59:59'
-      Signature: c7c9efc50350a4c32f6dacc513ba6ac9fe5fd749bd74dcb912bdc41655a751ecd628c0d94677c4bc71424ba27a3b82680532cb0fa85f6d7ae2a5a9b5a0f2c87059ce4c5c80c426bafe6fa0713e23787b5fe5274c659c221a58a376d27d9866a1843d21788bc53012b5af4b9a8787b5a6dd2d41498e60967e5248c6cc8b08ccafc5f39006f0597ae03b91f0aed26337f40550dc1fe4490df7258d2f0bdf0448d5a68c3bb8222007b91f9f83e4813edfb134738bfdd5c5cd9f8413b360231472ec5a22d32e7c6e15b127a34f84edea31ce625a0c87aaa07e31a14221dc51689e68e5a0e13bd563475134ee102e1a86788dc909dbdb4c7a370e0d418c8424e88a14
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 4cccaccf48f6d93fb37178d7fce6209c
-      Version: 3
-      TBS:
-        MD5: 1f0b47e6661a3261d4c982b2eb35b0ec
-        SHA1: 8320a06969446f33184f8a25a91942870a5a54d5
-        SHA256: 15e095f260d9ceca3f947817c1f53ddf687e32438d55a51be1b66785183e9840
-        SHA384: 184afc72b02ad7f852cdc9db26f294ce37ac12ec9ed3375d34acf6918a1662c0afd7d1cc39ecf1decc7e667645a3fc67
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 4cccaccf48f6d93fb37178d7fce6209c
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 85fd19df117fbc21efbcb1d587063e12
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create viragt.sys binPath=C:\windows\temp\viragt.sys type=kernel
+        && sc.exe start viragt.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://github.com/elastic/protections-artifacts/search?q=VulnDriver
-Tags:
-- viragt.sys
-Verified: 'TRUE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/e05eeb2b8c18ad2cb2d1038c043d770a0d51b96b748bc34be3e7fc6f3790ce53.yara
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 333822355a23fbdfb2599a909b3bbc60
+        SHA1: 72886a692656ebe64592a43273d3f59432cfbf9a
+        SHA256: 9f86fc8a6eaa3b38f33be4a0d552c184e575afa50a60df7383c06a394e3926d8
+    Company: TG Soft S.a.s.
+    Copyright: Copyright (C) TG Soft S.a.s. 2006, 2013 - www.tgsoft.it
+    CreationTimestamp: '2013-01-23 01:38:45'
+    Date: ''
+    Description: VirIT Agent System
+    ExportedFunctions: ''
+    FileVersion: 1, 72, 0, 0
+    Filename: viragt.sys
+    ImportedFunctions:
+    - RtlInitAnsiString
+    - wcstombs
+    - ZwOpenKey
+    - ZwSetValueKey
+    - ZwDeleteKey
+    - RtlFormatCurrentUserKeyPath
+    - ZwEnumerateKey
+    - ZwEnumerateValueKey
+    - ZwCreateFile
+    - KeWaitForSingleObject
+    - IofCallDriver
+    - IoBuildSynchronousFsdRequest
+    - KeInitializeEvent
+    - ObfDereferenceObject
+    - IoGetRelatedDeviceObject
+    - ObReferenceObjectByHandle
+    - ZwReadFile
+    - ZwWriteFile
+    - ZwSetInformationFile
+    - ZwOpenProcess
+    - ZwTerminateProcess
+    - _strupr
+    - ZwQuerySystemInformation
+    - IoFreeMdl
+    - MmUnlockPages
+    - MmIsAddressValid
+    - MmProbeAndLockPages
+    - MmMapLockedPagesSpecifyCache
+    - MmBuildMdlForNonPagedPool
+    - IoAllocateMdl
+    - MmIsNonPagedSystemAddressValid
+    - IoGetCurrentProcess
+    - PsLookupProcessByProcessId
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - sprintf
+    - RtlTimeToTimeFields
+    - ExSystemTimeToLocalTime
+    - KeQuerySystemTime
+    - strstr
+    - KeServiceDescriptorTable
+    - KeReleaseMutex
+    - KeDelayExecutionThread
+    - RtlAnsiStringToUnicodeString
+    - ExQueueWorkItem
+    - KeInsertQueueDpc
+    - KeSetTargetProcessorDpc
+    - KeInitializeDpc
+    - KeNumberProcessors
+    - IofCompleteRequest
+    - memcpy
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsCreateSystemThread
+    - KeInitializeMutex
+    - ObOpenObjectByName
+    - IoDriverObjectType
+    - ZwOpenDirectoryObject
+    - RtlUnicodeStringToAnsiString
+    - ZwQueryDirectoryObject
+    - IoFileObjectType
+    - swprintf
+    - DbgPrint
+    - IoFreeIrp
+    - MmUnmapLockedPages
+    - KeSetEvent
+    - MmLockPagableSectionByHandle
+    - MmLockPagableDataSection
+    - IoAllocateIrp
+    - _wcsnicmp
+    - RtlCompareMemory
+    - IoBuildDeviceIoControlRequest
+    - _alldiv
+    - wcsrchr
+    - ZwQueryVolumeInformationFile
+    - ZwDeviceIoControlFile
+    - _strnicmp
+    - ZwFsControlFile
+    - _allmul
+    - ObfReferenceObject
+    - _allrem
+    - _stricmp
+    - strrchr
+    - KeQueryActiveProcessors
+    - KeTickCount
+    - KeBugCheckEx
+    - ZwCreateKey
+    - ZwQueryValueKey
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - mbstowcs
+    - ZwClose
+    - memset
+    - PsTerminateSystemThread
+    - ZwQueryInformationFile
+    - RtlUnwind
+    - KeRaiseIrqlToDpcLevel
+    - KfRaiseIrql
+    - KfLowerIrql
+    - KeGetCurrentIrql
+    - READ_PORT_ULONG
+    - WRITE_PORT_UCHAR
+    - READ_PORT_UCHAR
+    - READ_PORT_BUFFER_UCHAR
+    - KeStallExecutionProcessor
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: viragt.sys
+    MD5: e79c91c27df3eaf82fb7bd1280172517
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: viragt.sys
+    Product: VirIT Agent System
+    ProductVersion: 1, 72, 0, 0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: fd47e50698bf05f04850340b52ac1853
+        SHA1: ee25f84fd5c60f82580743dfaab31e2e5e1fbe30
+        SHA256: 44490b82f96dcb06373c259b6532d209604916c484dccba49970a77732bd9906
+    SHA1: cb22723faa5ae2809476e5c5e9b9a597b26cab9b
+    SHA256: e05eeb2b8c18ad2cb2d1038c043d770a0d51b96b748bc34be3e7fc6f3790ce53
+    Sections:
+        .text:
+            Entropy: 6.747532035906447
+            Virtual Size: '0xdbb5'
+        NonPaged:
+            Entropy: 6.71406382908674
+            Virtual Size: '0x7ad'
+        .rdata:
+            Entropy: 5.092975260562714
+            Virtual Size: '0x5d4'
+        .data:
+            Entropy: 0.04519006846517909
+            Virtual Size: '0x364c'
+        INIT:
+            Entropy: 5.662214565720019
+            Virtual Size: '0xa84'
+        .rsrc:
+            Entropy: 3.3233696108191855
+            Virtual Size: '0x430'
+        .reloc:
+            Entropy: 6.276829324907502
+            Virtual Size: '0xf58'
+    Signature:
+    - TG Soft S.a.s. Di Tonello Gianfranco e C.
+    - VeriSign Class 3 Code Signing 2010 CA
+    - VeriSign
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=IT, ST=Padova, L=Rubano, O=TG Soft S.a.s. Di Tonello Gianfranco
+                e C., OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=TG
+                Soft S.a.s. Di Tonello Gianfranco e C.
+            ValidFrom: '2012-12-31 00:00:00'
+            ValidTo: '2016-02-29 23:59:59'
+            Signature: c7c9efc50350a4c32f6dacc513ba6ac9fe5fd749bd74dcb912bdc41655a751ecd628c0d94677c4bc71424ba27a3b82680532cb0fa85f6d7ae2a5a9b5a0f2c87059ce4c5c80c426bafe6fa0713e23787b5fe5274c659c221a58a376d27d9866a1843d21788bc53012b5af4b9a8787b5a6dd2d41498e60967e5248c6cc8b08ccafc5f39006f0597ae03b91f0aed26337f40550dc1fe4490df7258d2f0bdf0448d5a68c3bb8222007b91f9f83e4813edfb134738bfdd5c5cd9f8413b360231472ec5a22d32e7c6e15b127a34f84edea31ce625a0c87aaa07e31a14221dc51689e68e5a0e13bd563475134ee102e1a86788dc909dbdb4c7a370e0d418c8424e88a14
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 4cccaccf48f6d93fb37178d7fce6209c
+            Version: 3
+            TBS:
+                MD5: 1f0b47e6661a3261d4c982b2eb35b0ec
+                SHA1: 8320a06969446f33184f8a25a91942870a5a54d5
+                SHA256: 15e095f260d9ceca3f947817c1f53ddf687e32438d55a51be1b66785183e9840
+                SHA384: 184afc72b02ad7f852cdc9db26f294ce37ac12ec9ed3375d34acf6918a1662c0afd7d1cc39ecf1decc7e667645a3fc67
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 4cccaccf48f6d93fb37178d7fce6209c
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 0b663530751cc11f34273fee7921c431
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: b6d013002983064089233685b9bde66b
+        SHA1: 6db4ed2d751cc8ae376f2dd69e702e9e469ad8c9
+        SHA256: 554bf34bde5e7c86fc463496d19a4369d911ccad90e3c684855192cd677641c4
+    Company: TG Soft S.a.s.
+    Copyright: Copyright (C) TG Soft S.a.s. 2011, 2013 - www.tgsoft.it
+    CreationTimestamp: '2013-11-29 05:03:41'
+    Date: ''
+    Description: VirIT Agent System
+    ExportedFunctions: ''
+    FileVersion: 1, 0, 0, 5
+    Filename: ''
+    ImportedFunctions:
+    - mbstowcs
+    - ExAllocatePoolWithTag
+    - KeSetTargetProcessorDpc
+    - ZwCreateKey
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - KeInitializeMutex
+    - RtlAnsiStringToUnicodeString
+    - ZwReadFile
+    - strstr
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - RtlInitAnsiString
+    - ZwSetValueKey
+    - _strupr
+    - KeInitializeDpc
+    - ZwQuerySystemInformation
+    - MmBuildMdlForNonPagedPool
+    - IoFreeMdl
+    - ZwSetInformationFile
+    - KeReleaseMutex
+    - KeDelayExecutionThread
+    - ZwCreateFile
+    - PsCreateSystemThread
+    - MmMapLockedPagesSpecifyCache
+    - ExSystemTimeToLocalTime
+    - ZwQueryValueKey
+    - PsTerminateSystemThread
+    - KeInsertQueueDpc
+    - ZwEnumerateValueKey
+    - ZwClose
+    - sprintf
+    - ObReferenceObjectByHandle
+    - KeWaitForSingleObject
+    - RtlTimeToTimeFields
+    - MmProbeAndLockPages
+    - ZwOpenProcess
+    - MmUnlockPages
+    - IoCreateSymbolicLink
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - ZwTerminateProcess
+    - KeNumberProcessors
+    - ZwQueryInformationFile
+    - MmIsNonPagedSystemAddressValid
+    - ZwWriteFile
+    - ZwDeleteKey
+    - RtlFormatCurrentUserKeyPath
+    - ZwEnumerateKey
+    - IoAllocateMdl
+    - ZwOpenKey
+    - ObOpenObjectByName
+    - swprintf
+    - RtlUnicodeStringToAnsiString
+    - ZwOpenDirectoryObject
+    - IoFileObjectType
+    - IoDriverObjectType
+    - ZwQueryDirectoryObject
+    - wcstombs
+    - KeQueryActiveProcessors
+    - KeBugCheckEx
+    - IofCompleteRequest
+    - ExQueueWorkItem
+    - __C_specific_handler
+    - __chkstk
+    - KeStallExecutionProcessor
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: viragt.sys
+    MD5: ab7b28b532beba6a6c0217bc406b80ee
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: viragt64.sys
+    PDBPath: ''
+    Product: VirIT Agent System
+    ProductVersion: 1, 0, 0, 5
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: a93c261e407f22e8e9e11096ef7669a4
+        SHA1: 579ea1a06578ca54a9b86ccfa3c06b3be01831bf
+        SHA256: b566c96b0a5ca93fe5cdd066966b85657108a1cc6eadb0b683932c781d3a3510
+    SHA1: f7b3457a6fd008656e7216b1f09db2ff062f1ca4
+    SHA256: a2096b460e31451659b0dde752264c362f47254c8191930bc921ff16a4311641
+    Sections:
+        .text:
+            Entropy: 6.3652977072668016
+            Virtual Size: '0xb1da'
+        .rdata:
+            Entropy: 4.99053189312109
+            Virtual Size: '0xc04'
+        .data:
+            Entropy: 0.9258397206248276
+            Virtual Size: '0x3878'
+        .pdata:
+            Entropy: 4.342028159341795
+            Virtual Size: '0x318'
+        INIT:
+            Entropy: 5.227110365700928
+            Virtual Size: '0x842'
+        .rsrc:
+            Entropy: 3.311386289808379
+            Virtual Size: '0x438'
+        .reloc:
+            Entropy: 2.4073102722120714
+            Virtual Size: '0x138'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=IT, ST=Padova, L=Rubano, O=TG Soft S.a.s. Di Tonello Gianfranco
+                e C., OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=TG
+                Soft S.a.s. Di Tonello Gianfranco e C.
+            ValidFrom: '2012-12-31 00:00:00'
+            ValidTo: '2016-02-29 23:59:59'
+            Signature: c7c9efc50350a4c32f6dacc513ba6ac9fe5fd749bd74dcb912bdc41655a751ecd628c0d94677c4bc71424ba27a3b82680532cb0fa85f6d7ae2a5a9b5a0f2c87059ce4c5c80c426bafe6fa0713e23787b5fe5274c659c221a58a376d27d9866a1843d21788bc53012b5af4b9a8787b5a6dd2d41498e60967e5248c6cc8b08ccafc5f39006f0597ae03b91f0aed26337f40550dc1fe4490df7258d2f0bdf0448d5a68c3bb8222007b91f9f83e4813edfb134738bfdd5c5cd9f8413b360231472ec5a22d32e7c6e15b127a34f84edea31ce625a0c87aaa07e31a14221dc51689e68e5a0e13bd563475134ee102e1a86788dc909dbdb4c7a370e0d418c8424e88a14
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 4cccaccf48f6d93fb37178d7fce6209c
+            Version: 3
+            TBS:
+                MD5: 1f0b47e6661a3261d4c982b2eb35b0ec
+                SHA1: 8320a06969446f33184f8a25a91942870a5a54d5
+                SHA256: 15e095f260d9ceca3f947817c1f53ddf687e32438d55a51be1b66785183e9840
+                SHA384: 184afc72b02ad7f852cdc9db26f294ce37ac12ec9ed3375d34acf6918a1662c0afd7d1cc39ecf1decc7e667645a3fc67
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 4cccaccf48f6d93fb37178d7fce6209c
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 85fd19df117fbc21efbcb1d587063e12
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/39f427b6-aad3-4cb8-b363-9113a6d53b07.yaml b/yaml/39f427b6-aad3-4cb8-b363-9113a6d53b07.yaml
index bd56f4f5c..e02051343 100644
--- a/yaml/39f427b6-aad3-4cb8-b363-9113a6d53b07.yaml
+++ b/yaml/39f427b6-aad3-4cb8-b363-9113a6d53b07.yaml
@@ -1,147 +1,148 @@
 Id: 39f427b6-aad3-4cb8-b363-9113a6d53b07
+Tags:
+- BS_RCIOW1064.sys
+Verified: 'TRUE'
 Author: Nasreddine Bencherchali
 Created: '2023-05-06'
 MitreID: T1068
 Category: vulnerable driver
-Verified: 'TRUE'
 Commands:
-  Command: sc.exe create BS_RCIOW1064.sys binPath=C:\windows\temp\BS_RCIOW1064.sys
-    type=kernel && sc.exe start BS_RCIOW1064.sys
-  Description: ''
-  Usecase: Elevate privileges
-  Privileges: kernel
-  OperatingSystem: Windows 10
+    Command: sc.exe create BS_RCIOW1064.sys binPath=C:\windows\temp\BS_RCIOW1064.sys
+        type=kernel && sc.exe start BS_RCIOW1064.sys
+    Description: ''
+    Usecase: Elevate privileges
+    Privileges: kernel
+    OperatingSystem: Windows 10
 Resources:
 - Internal Research
-Acknowledgement:
-  Person: ''
-  Handle: ''
 Detection: []
+Acknowledgement:
+    Person: ''
+    Handle: ''
 KnownVulnerableSamples:
-- Filename: BS_RCIOW1064.sys
-  MD5: 6b6dfb6d952a2e36efd4a387fdb94637
-  SHA1: 42eb220fdfb76c6e0649a3e36acccbdf36e287f1
-  SHA256: 6191c20426dd9b131122fb97e45be64a4d6ce98cc583406f38473434636ddedc
-  Authentihash:
-    MD5: aa8a043ec2d13570a43af8e09d4adf4f
-    SHA1: 3c8cab4c08a37a105200feb8f07dd818c8f03bff
-    SHA256: 545190e8b2a910e153b12559a9875154a1b40d6424cb4a6299a84b2dc99df700
-  Description: ''
-  Company: ''
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  Product: ''
-  ProductVersion: ''
-  Copyright: ''
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - KeInitializeSemaphore
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeSetEvent
-  - MmUnmapIoSpace
-  - KeDelayExecutionThread
-  - PsCreateSystemThread
-  - IoStartNextPacket
-  - PsTerminateSystemThread
-  - ExEventObjectType
-  - MmMapIoSpace
-  - IoDeleteDevice
-  - ObReferenceObjectByHandle
-  - KeWaitForSingleObject
-  - KeReleaseSemaphore
-  - ObfDereferenceObject
-  - IoReleaseCancelSpinLock
-  - IoAcquireCancelSpinLock
-  - IoStartPacket
-  - IofCompleteRequest
-  - KeRemoveEntryDeviceQueue
-  - KeBugCheckEx
-  - RtlInitUnicodeString
-  - ZwClose
-  - IoDeleteSymbolicLink
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: ??=Private Organization, ??=TW, serialNumber=23826200, ??=2F, NO.108,2,
-        MIN CHUAN RD, postalCode=231, C=TW, ST=XINDIAN DIST, L=NEW TAIPEI CITY, O=Biostar
-        Microtech Int'l Corp, CN=Biostar Microtech Int'l Corp
-      ValidFrom: '2017-03-03 00:00:00'
-      ValidTo: '2018-11-21 12:00:00'
-      Signature: 4bf4d2bdc69b9a5453f71bf6c52ac1fb1624d21a1bf7f195d72f2e45e91b57dcd3ad76e4acd2ca278673867cc2d3f9bfb19f0a02c28abe5972f81ac12928fe9e340a53a198a8b106f0925defe5d11f077380a467d7a529c0037d25f526e131d63cee3b64727330eacc9e2fe328912803f2449652840778c8b663102b01a6eacddd2364b85ede2696131189edeb65f2228345ff1d31b91de4763c4a91e8c643717ad09db26da7cda6b39559f5953c3172afc8c627eea22dd47b88d32f32640a4679ba84ac4434e5c53de60d802344fa066a7d7da0b109b241559013ec8c630400c2f8c631d09e49da7b025f4b91a1fae12c65682556570ca4faaca645f6d5ee69
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 0293728e6275aee2cea6efb4bac1eed6
-      Version: 3
-      TBS:
-        MD5: fceeb2776d11b95aa3245d3d58f42b1c
-        SHA1: 4f7372c5af343d7b826a3850efc89890dc925e89
-        SHA256: 7e415ade909c99a1a1b34400f1c6e4e7c6e1fc6b878db11b5e18232248ede0e1
-        SHA384: 9da446ae9f73a8c0954d0bb9d3a24895562ec7f6e8addc405a3195aea3a8274a54761987fff22d2ac97a306410588895
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA (SHA2)
-      ValidFrom: '2012-04-18 12:00:00'
-      ValidTo: '2027-04-18 12:00:00'
-      Signature: 19334a0c813337dbad36c9e4c93abbb51b2e7aa2e2f44342179ebf4ea14de1b1dbe981dd9f01f2e488d5e9fe09fd21c1ec5d80d2f0d6c143c2fe772bdbf9d79133ce6cd5b2193be62ed6c9934f88408ecde1f57ef10fc6595672e8eb6a41bd1cd546d57c49ca663815c1bfe091707787dcc98d31c90c29a233ed8de287cd898d3f1bffd5e01a978b7cda6dfba8c6b23a666b7b01b3cdd8a634ec1201ab9558a5c45357a860e6e70212a0b92364a24dbb7c81256421becfee42184397bba53706af4dff26a54d614bec4641b865ceb8799e08960b818c8a3b8fc7998ca32a6e986d5e61c696b78ab9612d93b8eb0e0443d7f5fea6f062d4996aa5c1c1f0649480
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 03f1b4e15f3a82f1149678b3d7d8475c
-      Version: 3
-      TBS:
-        MD5: 83f5de89f641d0fbf60248e10a7b9534
-        SHA1: 382a73a059a08698d6eb98c87e1b36fc750933a4
-        SHA256: eec58131dc11cd7f512501b15fdbc6074c603b68ca91f7162d5a042054edb0cf
-        SHA384: 4a25018683cabfb8ec2cad136334f37f33c89aa8540326322991d997c8adfb7faf06ab602ebd46630fe75fe3d2edc6b1
-    Signer:
-    - SerialNumber: 0293728e6275aee2cea6efb4bac1eed6
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA (SHA2)
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 9e4425704fab855e1d15d14884b50fc4
-    SHA1: fc1001bb82b6e079b79ce69deb28d7e2c44b50d7
-    SHA256: b5dd410353c4011fe699e4a824a89792144f5a11c756f64d5b5acfea3a9f1c8a
-  Sections:
-    .text:
-      Entropy: 6.361588386451387
-      Virtual Size: '0x1cb8'
-    .rdata:
-      Entropy: 4.58746169223957
-      Virtual Size: '0x294'
-    .data:
-      Entropy: 0.43605306823188833
-      Virtual Size: '0x14c'
-    .pdata:
-      Entropy: 3.776265199432483
-      Virtual Size: '0x12c'
-    INIT:
-      Entropy: 5.347369827936226
-      Virtual Size: '0x550'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2017-04-17 02:48:21'
-  Imphash: 095c0cdb9c0421da216371c1f4e8790e
-  LoadsDespiteHVCI: 'FALSE'
-Tags:
-- BS_RCIOW1064.sys
+-   Filename: BS_RCIOW1064.sys
+    MD5: 6b6dfb6d952a2e36efd4a387fdb94637
+    SHA1: 42eb220fdfb76c6e0649a3e36acccbdf36e287f1
+    SHA256: 6191c20426dd9b131122fb97e45be64a4d6ce98cc583406f38473434636ddedc
+    Authentihash:
+        MD5: aa8a043ec2d13570a43af8e09d4adf4f
+        SHA1: 3c8cab4c08a37a105200feb8f07dd818c8f03bff
+        SHA256: 545190e8b2a910e153b12559a9875154a1b40d6424cb4a6299a84b2dc99df700
+    Description: ''
+    Company: ''
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    Product: ''
+    ProductVersion: ''
+    Copyright: ''
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - KeInitializeSemaphore
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeSetEvent
+    - MmUnmapIoSpace
+    - KeDelayExecutionThread
+    - PsCreateSystemThread
+    - IoStartNextPacket
+    - PsTerminateSystemThread
+    - ExEventObjectType
+    - MmMapIoSpace
+    - IoDeleteDevice
+    - ObReferenceObjectByHandle
+    - KeWaitForSingleObject
+    - KeReleaseSemaphore
+    - ObfDereferenceObject
+    - IoReleaseCancelSpinLock
+    - IoAcquireCancelSpinLock
+    - IoStartPacket
+    - IofCompleteRequest
+    - KeRemoveEntryDeviceQueue
+    - KeBugCheckEx
+    - RtlInitUnicodeString
+    - ZwClose
+    - IoDeleteSymbolicLink
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: ??=Private Organization, ??=TW, serialNumber=23826200, ??=2F,
+                NO.108,2, MIN CHUAN RD, postalCode=231, C=TW, ST=XINDIAN DIST, L=NEW
+                TAIPEI CITY, O=Biostar Microtech Int'l Corp, CN=Biostar Microtech
+                Int'l Corp
+            ValidFrom: '2017-03-03 00:00:00'
+            ValidTo: '2018-11-21 12:00:00'
+            Signature: 4bf4d2bdc69b9a5453f71bf6c52ac1fb1624d21a1bf7f195d72f2e45e91b57dcd3ad76e4acd2ca278673867cc2d3f9bfb19f0a02c28abe5972f81ac12928fe9e340a53a198a8b106f0925defe5d11f077380a467d7a529c0037d25f526e131d63cee3b64727330eacc9e2fe328912803f2449652840778c8b663102b01a6eacddd2364b85ede2696131189edeb65f2228345ff1d31b91de4763c4a91e8c643717ad09db26da7cda6b39559f5953c3172afc8c627eea22dd47b88d32f32640a4679ba84ac4434e5c53de60d802344fa066a7d7da0b109b241559013ec8c630400c2f8c631d09e49da7b025f4b91a1fae12c65682556570ca4faaca645f6d5ee69
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 0293728e6275aee2cea6efb4bac1eed6
+            Version: 3
+            TBS:
+                MD5: fceeb2776d11b95aa3245d3d58f42b1c
+                SHA1: 4f7372c5af343d7b826a3850efc89890dc925e89
+                SHA256: 7e415ade909c99a1a1b34400f1c6e4e7c6e1fc6b878db11b5e18232248ede0e1
+                SHA384: 9da446ae9f73a8c0954d0bb9d3a24895562ec7f6e8addc405a3195aea3a8274a54761987fff22d2ac97a306410588895
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA (SHA2)
+            ValidFrom: '2012-04-18 12:00:00'
+            ValidTo: '2027-04-18 12:00:00'
+            Signature: 19334a0c813337dbad36c9e4c93abbb51b2e7aa2e2f44342179ebf4ea14de1b1dbe981dd9f01f2e488d5e9fe09fd21c1ec5d80d2f0d6c143c2fe772bdbf9d79133ce6cd5b2193be62ed6c9934f88408ecde1f57ef10fc6595672e8eb6a41bd1cd546d57c49ca663815c1bfe091707787dcc98d31c90c29a233ed8de287cd898d3f1bffd5e01a978b7cda6dfba8c6b23a666b7b01b3cdd8a634ec1201ab9558a5c45357a860e6e70212a0b92364a24dbb7c81256421becfee42184397bba53706af4dff26a54d614bec4641b865ceb8799e08960b818c8a3b8fc7998ca32a6e986d5e61c696b78ab9612d93b8eb0e0443d7f5fea6f062d4996aa5c1c1f0649480
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 03f1b4e15f3a82f1149678b3d7d8475c
+            Version: 3
+            TBS:
+                MD5: 83f5de89f641d0fbf60248e10a7b9534
+                SHA1: 382a73a059a08698d6eb98c87e1b36fc750933a4
+                SHA256: eec58131dc11cd7f512501b15fdbc6074c603b68ca91f7162d5a042054edb0cf
+                SHA384: 4a25018683cabfb8ec2cad136334f37f33c89aa8540326322991d997c8adfb7faf06ab602ebd46630fe75fe3d2edc6b1
+        Signer:
+        -   SerialNumber: 0293728e6275aee2cea6efb4bac1eed6
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA (SHA2)
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 9e4425704fab855e1d15d14884b50fc4
+        SHA1: fc1001bb82b6e079b79ce69deb28d7e2c44b50d7
+        SHA256: b5dd410353c4011fe699e4a824a89792144f5a11c756f64d5b5acfea3a9f1c8a
+    Sections:
+        .text:
+            Entropy: 6.361588386451387
+            Virtual Size: '0x1cb8'
+        .rdata:
+            Entropy: 4.58746169223957
+            Virtual Size: '0x294'
+        .data:
+            Entropy: 0.43605306823188833
+            Virtual Size: '0x14c'
+        .pdata:
+            Entropy: 3.776265199432483
+            Virtual Size: '0x12c'
+        INIT:
+            Entropy: 5.347369827936226
+            Virtual Size: '0x550'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2017-04-17 02:48:21'
+    Imphash: 095c0cdb9c0421da216371c1f4e8790e
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/3aa6e630-59be-4a15-a30c-aaed4c1edaf0.yaml b/yaml/3aa6e630-59be-4a15-a30c-aaed4c1edaf0.yaml
index f309c5519..72ea3cb86 100644
--- a/yaml/3aa6e630-59be-4a15-a30c-aaed4c1edaf0.yaml
+++ b/yaml/3aa6e630-59be-4a15-a30c-aaed4c1edaf0.yaml
@@ -1,4683 +1,4737 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 3aa6e630-59be-4a15-a30c-aaed4c1edaf0
+Tags:
+- kerneld.amd64
+Verified: 'TRUE'
 Author: Takahiro Haruyama
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create kerneldamd64 binPath= C:\windows\temp\kerneldamd64.sys type=kernel
-    && sc.exe start kerneldamd64
-  Description: The Carbon Black Threat Analysis Unit (TAU) discovered 34 unique vulnerable
-    drivers (237 file hashes) accepting firmware access. Six allow kernel memory access.
-    All give full control of the devices to non-admin users. By exploiting the vulnerable
-    drivers, an attacker without the system privilege may erase/alter firmware, and/or
-    elevate privileges. As of the time of writing in October 2023, the filenames of
-    the vulnerable drivers have not been made public until now.
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-11-02'
-Detection: []
-Id: 3aa6e630-59be-4a15-a30c-aaed4c1edaf0
-KnownVulnerableSamples:
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: ''
-  MD5: 7575b35fee4ec8dbd0a61dbca3b972e3
-  MachineType: AMD64
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: 76a756cc61653abcadd63db4a74c48d92607a861
-  SHA256: 065a34b786b0ccf6f88c136408943c3d2bd3da14357ee1e55e81e05d67a4c9bc
-  Signature: ''
-  Imphash: 8232d2f79ce126e84cc044543ad82790
-  Authentihash:
-    MD5: 466c85cd235caf91a0a7c8b4a09c3865
-    SHA1: ac56dd7722a47e33ba0924aaa6062f74bfc1c08f
-    SHA256: 88188ebb2dd61397d816274645cce6044489675a52d835faf518b2d137e0604c
-  RichPEHeaderHash:
-    MD5: e93b5a02ff5f4c18b186ee8c35f3132e
-    SHA1: 897dc8e1b30df0d168feda245816e72aa2cfcf9e
-    SHA256: 377d1179f5eac38231f07ffef5b19a098956f1074a11f518bee00fee1f5f1cad
-  Sections:
-    .text:
-      Entropy: 6.275929492225141
-      Virtual Size: '0x3dd4'
-    .rdata:
-      Entropy: 4.112615600676025
-      Virtual Size: '0x238'
-    .data:
-      Entropy: 0.30140680731160896
-      Virtual Size: '0x1120'
-    .pdata:
-      Entropy: 3.3519385522427245
-      Virtual Size: '0x78'
-    INIT:
-      Entropy: 5.058615408724236
-      Virtual Size: '0x3f0'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2010-06-17 15:13:48'
-  InternalName: ''
-  Copyright: ''
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IofCompleteRequest
-  - KeWaitForSingleObject
-  - PsGetVersion
-  - IoCreateSymbolicLink
-  - IoBuildDeviceIoControlRequest
-  - MmIsAddressValid
-  - IoDeleteSymbolicLink
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - RtlAnsiStringToUnicodeString
-  - MmMapIoSpace
-  - RtlInitUnicodeString
-  - IofCallDriver
-  - IoDeleteDevice
-  - strchr
-  - KeInitializeEvent
-  - RtlInitAnsiString
-  - MmUnmapIoSpace
-  - MmBuildMdlForNonPagedPool
-  - RtlFreeUnicodeString
-  - KeBugCheckEx
-  - IoGetDeviceObjectPointer
-  - IoAllocateMdl
-  - MmMapLockedPagesSpecifyCache
-  - __C_specific_handler
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=CA, ST=Quebec, L=Laval, O=LAVALYS, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, OU=Software Licensing Department, CN=LAVALYS
-      ValidFrom: '2008-09-04 00:00:00'
-      ValidTo: '2010-10-17 23:59:59'
-      Signature: 6cd0fe216b27c908f3d444ef0428c76bbc25f74beb7f2027a497499ea5b5c61f99c4e455341bdab5f26b3cc920a9e8224eb79a95ebb81e3fef374f992255d7a997e43f5b497be9bbfe7d28c6791d0e2c93e72668d8c18e08f3329dde27f8a587a59202d9ff6db84fbb56ea4d37b702d80ef4fcdc49bc636351e3ab2043db01b4312c653e830819cf8c44ce3da714dc73933f242b035ef6ef8dc486b5a8aece6e4061138a7e2f6916d527b5a3a6cfeb6475cba7b0afa08a5b6e8590e02758428b217a288d29f641cd493f34f251739b8b529fe0d30182ad5f4fb461caf7f6447598bc5b6833fb8be5884ee329413c4550c8715929c6767bb0fa5c101de989f5ee
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 739a73c1864ae27d7d9cdcf7055888e4
-      Version: 3
-      TBS:
-        MD5: 4ccfe1bafb291fc51e5636295c8e38eb
-        SHA1: c93bdd8fd964b6c750fcad1455a37fdd77276446
-        SHA256: 63b214b64cb75b53fd0d4baacbcadee892160af685a79f6b5c6f984214521c8f
-        SHA384: 70411e706a18564522cdcc92bbdaf6187c2a318b8beb2e7025959e04475e8a5bbdea470a6d82109c0fbd7b56b22abf5f
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 739a73c1864ae27d7d9cdcf7055888e4
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: ''
-  MD5: 397580c24c544d477688fcfca9c9b542
-  MachineType: AMD64
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: 4a1a499857accc04b4d586df3f0e0c2b3546e825
-  SHA256: 0c018eaa293c03febe2aef1e868fca782a06b49d7d2f9f388ae5fb57604c5250
-  Signature: ''
-  Imphash: 540992ba6f31301ba27604515a78ad79
-  Authentihash:
-    MD5: 63ed411f59c8050e042b29626a4bd605
-    SHA1: 1d0e2dc0d10e2c6d0f902498a9f07f30de032e3c
-    SHA256: 77aabfc119686757d31cc9d21af9bf3bacecaae09dc92e548355a145db0aa774
-  RichPEHeaderHash:
-    MD5: d8efbf77a16c80060c37681f4fc696d7
-    SHA1: 74f746e5eebab46d9ee2e15c96542fa508bdd271
-    SHA256: c6e67d594fc9ff3077181314e987207660ae9627e0ec3ed7f8ad96e7719c130c
-  Sections:
-    .text:
-      Entropy: 6.2545318181498475
-      Virtual Size: '0x1aec'
-    .rdata:
-      Entropy: 4.497421120741519
-      Virtual Size: '0x184'
-    .data:
-      Entropy: 0.3459259103346658
-      Virtual Size: '0x520'
-    .pdata:
-      Entropy: 3.1916142614183896
-      Virtual Size: '0x84'
-    INIT:
-      Entropy: 4.665582813719138
-      Virtual Size: '0x196'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2005-11-20 09:21:24'
-  InternalName: ''
-  Copyright: ''
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - RtlAssert
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  Signatures: {}
-  LoadsDespiteHVCI: 'FALSE'
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: ''
-  MD5: 13a2b915f6d93e52505656773d53096f
-  MachineType: AMD64
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: 336ed563ef96c40eece92a4d13de9f9b69991c8a
-  SHA256: 125e4475a5437634cab529da9ea2ef0f4f65f89fb25a06349d731f283c27d9fe
-  Signature: ''
-  Imphash: 12fef92a55cb5e1533b89d8e6a5892b2
-  Authentihash:
-    MD5: e80ddfe5a816dd6cb2ffd72da610d8db
-    SHA1: a7e50663be8f7e859b63d1d266e8263a96f7520b
-    SHA256: f6e714528ad1b9eae72699078499735468140c1627e45f015762206ba7a77b47
-  RichPEHeaderHash:
-    MD5: 510491d926769fc79a5d3287db0dd59d
-    SHA1: 32af9e7e3a31bd44e3a5d717efcbe898d17c2423
-    SHA256: 8f0295454ac4eec12c5329539ee515da9c074bf6d009cc0b54ad4506d4097389
-  Sections:
-    .text:
-      Entropy: 6.292382717400381
-      Virtual Size: '0x3c04'
-    .rdata:
-      Entropy: 4.244027827436615
-      Virtual Size: '0x218'
-    .data:
-      Entropy: 0.30140680731160896
-      Virtual Size: '0x1120'
-    .pdata:
-      Entropy: 3.335620585409111
-      Virtual Size: '0x78'
-    INIT:
-      Entropy: 5.003814178607812
-      Virtual Size: '0x38c'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2010-02-17 11:47:03'
-  InternalName: ''
-  Copyright: ''
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - KeWaitForSingleObject
-  - PsGetVersion
-  - IoCreateSymbolicLink
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - MmUnmapIoSpace
-  - IoCreateDevice
-  - IoDeleteSymbolicLink
-  - RtlAnsiStringToUnicodeString
-  - IofCallDriver
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - strchr
-  - KeBugCheckEx
-  - RtlInitAnsiString
-  - IoBuildDeviceIoControlRequest
-  - KeInitializeEvent
-  - __C_specific_handler
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=CA, ST=Quebec, L=Laval, O=LAVALYS, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, OU=Software Licensing Department, CN=LAVALYS
-      ValidFrom: '2008-09-04 00:00:00'
-      ValidTo: '2010-10-17 23:59:59'
-      Signature: 6cd0fe216b27c908f3d444ef0428c76bbc25f74beb7f2027a497499ea5b5c61f99c4e455341bdab5f26b3cc920a9e8224eb79a95ebb81e3fef374f992255d7a997e43f5b497be9bbfe7d28c6791d0e2c93e72668d8c18e08f3329dde27f8a587a59202d9ff6db84fbb56ea4d37b702d80ef4fcdc49bc636351e3ab2043db01b4312c653e830819cf8c44ce3da714dc73933f242b035ef6ef8dc486b5a8aece6e4061138a7e2f6916d527b5a3a6cfeb6475cba7b0afa08a5b6e8590e02758428b217a288d29f641cd493f34f251739b8b529fe0d30182ad5f4fb461caf7f6447598bc5b6833fb8be5884ee329413c4550c8715929c6767bb0fa5c101de989f5ee
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 739a73c1864ae27d7d9cdcf7055888e4
-      Version: 3
-      TBS:
-        MD5: 4ccfe1bafb291fc51e5636295c8e38eb
-        SHA1: c93bdd8fd964b6c750fcad1455a37fdd77276446
-        SHA256: 63b214b64cb75b53fd0d4baacbcadee892160af685a79f6b5c6f984214521c8f
-        SHA384: 70411e706a18564522cdcc92bbdaf6187c2a318b8beb2e7025959e04475e8a5bbdea470a6d82109c0fbd7b56b22abf5f
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 739a73c1864ae27d7d9cdcf7055888e4
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: ''
-  MD5: 723381977ce7df57ec623db52b84f426
-  MachineType: AMD64
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: 64879accdb4dbbaac55d91185c82f2b193f0c869
-  SHA256: 1336469ec0711736e742b730d356af23f8139da6038979cfe4de282de1365d3b
-  Signature: ''
-  Imphash: 87fde0c3f8e7dff7ab0d718d6b1252c8
-  Authentihash:
-    MD5: a493ab091afa9ccafb39f0b73b8cfcc0
-    SHA1: 17b3417429a0d5e10492a243a4b7c3232c2a303c
-    SHA256: 2418301336cd89b7e3bda2f68bc1aa63b8ea9a75da7a3b40a9ee0a9058789f63
-  RichPEHeaderHash:
-    MD5: d7c3e34ff185cd060fd272724a9a08d4
-    SHA1: 07bd4ac3ba36186190def09485c7e9ecdaae1d12
-    SHA256: e886be3aa324ce0db073d3bfc7e1603fdfa353e31159343409d6a3117c5e7849
-  Sections:
-    .text:
-      Entropy: 6.347735020299968
-      Virtual Size: '0x1cf4'
-    .rdata:
-      Entropy: 3.9821333795441936
-      Virtual Size: '0x160'
-    .data:
-      Entropy: 0.30140680731160896
-      Virtual Size: '0x520'
-    .pdata:
-      Entropy: 3.034788373158196
-      Virtual Size: '0x3c'
-    INIT:
-      Entropy: 4.958020815313188
-      Virtual Size: '0x2fa'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2006-12-14 15:42:31'
-  InternalName: ''
-  Copyright: ''
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - IofCallDriver
-  - IoBuildDeviceIoControlRequest
-  - IoDeleteSymbolicLink
-  - RtlAnsiStringToUnicodeString
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeInitializeEvent
-  - RtlInitAnsiString
-  - MmUnmapIoSpace
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - KeWaitForSingleObject
-  - PsGetVersion
-  - IoCreateSymbolicLink
-  - KeBugCheckEx
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2008-12-03 23:59:59'
-      Signature: 877870da4e5201205be079c98230c4fdb91996bd9100c3bdcdcdc6f40ed8fff94dc033623011c5f5741bd492de5f9c2013b17c45be50cd83e7801783a72793671346fbcab8984103cc9b515b058b7fa86ff31b501b242ef2698d6c22f7bbca1695ed0c74c06877d9eb996287c17390f889747a23aba3987b97b1f78f29714d2e751b4841daf0b50d2054d677a097826369fd09cf8af075bb099bd9f91155269a6132be7a02b07b86bea2c38b222c78d13576bc92735cf9b9e64c150a23cce4d2d4342e4940153c0f607a24c6a566ef96cf70eb3ee7f40d7edcd17ca3767169c19c4f47303521b1a2af1a623c2bd98eaa2a077bd818b35c7be29da56ffe3c89ad
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0de92bf0d4d82988183205095e9a7688
-      Version: 3
-      TBS:
-        MD5: 45c204b8a20f6abb0188d2d38a3fb0c9
-        SHA1: cdf3a3c5c2eda4c29621f30fd3154f9f8c765739
-        SHA256: e32839dddc0f4ed2474efaf37f59d46db400c700fd19533cb0895a111124bc77
-        SHA384: ee9c75832cb252218b3201619852209df490d2ef7a5f7a28afdb37f1c1dd56f4604898838e558f615b1c798d4a488223
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=CA, ST=Quebec, L=Laval, O=LAVALYS, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, OU=Software Licensing Department, CN=LAVALYS
-      ValidFrom: '2006-10-18 00:00:00'
-      ValidTo: '2008-10-17 23:59:59'
-      Signature: 5e0e77e4e5de0c6c4b7822b17a1e8ebd0960806438f5073c686b575f60dd4129d66bd66b7e4f33cff39dc890ae077db68615ad8d431eec3bf1531f6eb505fe48d186df3306d27893b42af5ef264b621acf26475fe93dd00906f61c78425c101d268d1050db3f7264d5e4a75a205b488684b716f3f2b317367ed13f34553238f6b4ab7a98c9fe48d32289d528d8db8cb583cef299e53f2fdde6d84ae2d2fd41cb826973c3da647221d9efbb2383cdae5c52adfa407399ebd2b9fafbf5c6246f944cd8e9ed79b4540b8ec53ba603464ae42f09468f762f71ddf9068cdd869c6fcf2d3806c6d20ab9781ee027849d946c5d2f58d7853bda919ca412e0c20024a6b7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1b417ba2cdab8010ecfc5ad9dd4baf33
-      Version: 3
-      TBS:
-        MD5: 32ff43e593925e5eab372e2d5e3c9734
-        SHA1: 405c78a239f39963fe8aa5ff5283c582aa369e7b
-        SHA256: 0a6e66dd63e42179cd9e1a1c9d22decad3abe55cfa6fa4062f5c503742d2076f
-        SHA384: a43a1f03510896d34a427c30f7ad75841dacd27b8328b9f756bc55981b71490386289422f1dd05d023c2714e753d85f8
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 1b417ba2cdab8010ecfc5ad9dd4baf33
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: ''
-  MD5: eb7f6d01c97783013115ad1a2833401a
-  MachineType: AMD64
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: fb4ce6de14f2be00a137e8dde2c68bb5b137ab9c
-  SHA256: 18047c2d45758a43d6b7e56bcd4aa90354c899795baf944f037850c48d8e892a
-  Signature: ''
-  Imphash: c52384bc825d2414de3195672971339e
-  Authentihash:
-    MD5: 454cb91cd9e825556face4b03c90aaf3
-    SHA1: 65369c73cfe6d634fae882a8a8a1dadedd8d6d5f
-    SHA256: 7690ef2838bda2327116243c1792090125b36a5840464e010acdd103f7369807
-  RichPEHeaderHash:
-    MD5: eb7a6452e7d8e135bf9199524118601d
-    SHA1: 7400103f42e22809e66c207f1eb1d22cd947f22f
-    SHA256: 7efa73cf87c7b47175625395d918a9fcc93d9b5bf6392978613fced2155908fe
-  Sections:
-    .text:
-      Entropy: 6.344001679673628
-      Virtual Size: '0x3574'
-    .rdata:
-      Entropy: 4.275662405795923
-      Virtual Size: '0x1e8'
-    .data:
-      Entropy: 0.30140680731160896
-      Virtual Size: '0x1120'
-    .pdata:
-      Entropy: 3.2329859162657097
-      Virtual Size: '0x78'
-    INIT:
-      Entropy: 5.007012152446904
-      Virtual Size: '0x32c'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2009-02-09 15:09:02'
-  InternalName: ''
-  Copyright: ''
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoBuildDeviceIoControlRequest
-  - IofCallDriver
-  - IoDeleteSymbolicLink
-  - RtlAnsiStringToUnicodeString
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - strchr
-  - KeInitializeEvent
-  - RtlInitAnsiString
-  - MmUnmapIoSpace
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - KeWaitForSingleObject
-  - PsGetVersion
-  - IoCreateSymbolicLink
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - KeBugCheckEx
-  - __C_specific_handler
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=CA, ST=Quebec, L=Laval, O=LAVALYS, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, OU=Software Licensing Department, CN=LAVALYS
-      ValidFrom: '2008-09-04 00:00:00'
-      ValidTo: '2010-10-17 23:59:59'
-      Signature: 6cd0fe216b27c908f3d444ef0428c76bbc25f74beb7f2027a497499ea5b5c61f99c4e455341bdab5f26b3cc920a9e8224eb79a95ebb81e3fef374f992255d7a997e43f5b497be9bbfe7d28c6791d0e2c93e72668d8c18e08f3329dde27f8a587a59202d9ff6db84fbb56ea4d37b702d80ef4fcdc49bc636351e3ab2043db01b4312c653e830819cf8c44ce3da714dc73933f242b035ef6ef8dc486b5a8aece6e4061138a7e2f6916d527b5a3a6cfeb6475cba7b0afa08a5b6e8590e02758428b217a288d29f641cd493f34f251739b8b529fe0d30182ad5f4fb461caf7f6447598bc5b6833fb8be5884ee329413c4550c8715929c6767bb0fa5c101de989f5ee
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 739a73c1864ae27d7d9cdcf7055888e4
-      Version: 3
-      TBS:
-        MD5: 4ccfe1bafb291fc51e5636295c8e38eb
-        SHA1: c93bdd8fd964b6c750fcad1455a37fdd77276446
-        SHA256: 63b214b64cb75b53fd0d4baacbcadee892160af685a79f6b5c6f984214521c8f
-        SHA384: 70411e706a18564522cdcc92bbdaf6187c2a318b8beb2e7025959e04475e8a5bbdea470a6d82109c0fbd7b56b22abf5f
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 739a73c1864ae27d7d9cdcf7055888e4
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: ''
-  MD5: b62e2371158a082e239f5883bd6000d1
-  MachineType: AMD64
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: 820d339fd3dbb632a790d6506ddf6aee925fcffe
-  SHA256: 212c05b487cd4e64de2a1077b789e47e9ac3361efa24d9aab3cc6ad4bd3bd76a
-  Signature: ''
-  Imphash: fd894d394a8ca9abd74f7210ed931682
-  Authentihash:
-    MD5: 3baddddc6c55bc8262f5f35eebc243df
-    SHA1: bba9bf70e503a3f7f67f3f29ccaa7844818651b0
-    SHA256: 533b8138ab8f776008ff8918c8cfa52604e43efca4e39da5096404c8424084b7
-  RichPEHeaderHash:
-    MD5: d7c3e34ff185cd060fd272724a9a08d4
-    SHA1: 07bd4ac3ba36186190def09485c7e9ecdaae1d12
-    SHA256: e886be3aa324ce0db073d3bfc7e1603fdfa353e31159343409d6a3117c5e7849
-  Sections:
-    .text:
-      Entropy: 6.344229203009069
-      Virtual Size: '0x1d24'
-    .rdata:
-      Entropy: 3.961308577895771
-      Virtual Size: '0x160'
-    .data:
-      Entropy: 0.30140680731160896
-      Virtual Size: '0x520'
-    .pdata:
-      Entropy: 3.034788373158196
-      Virtual Size: '0x3c'
-    INIT:
-      Entropy: 4.959874907932675
-      Virtual Size: '0x2fa'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2006-10-18 12:56:31'
-  InternalName: ''
-  Copyright: ''
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoCreateDevice
-  - IofCallDriver
-  - IoBuildDeviceIoControlRequest
-  - IoDeleteSymbolicLink
-  - RtlAnsiStringToUnicodeString
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeInitializeEvent
-  - RtlInitAnsiString
-  - MmUnmapIoSpace
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - KeWaitForSingleObject
-  - PsGetVersion
-  - IoCreateSymbolicLink
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - KeBugCheckEx
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2008-12-03 23:59:59'
-      Signature: 877870da4e5201205be079c98230c4fdb91996bd9100c3bdcdcdc6f40ed8fff94dc033623011c5f5741bd492de5f9c2013b17c45be50cd83e7801783a72793671346fbcab8984103cc9b515b058b7fa86ff31b501b242ef2698d6c22f7bbca1695ed0c74c06877d9eb996287c17390f889747a23aba3987b97b1f78f29714d2e751b4841daf0b50d2054d677a097826369fd09cf8af075bb099bd9f91155269a6132be7a02b07b86bea2c38b222c78d13576bc92735cf9b9e64c150a23cce4d2d4342e4940153c0f607a24c6a566ef96cf70eb3ee7f40d7edcd17ca3767169c19c4f47303521b1a2af1a623c2bd98eaa2a077bd818b35c7be29da56ffe3c89ad
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0de92bf0d4d82988183205095e9a7688
-      Version: 3
-      TBS:
-        MD5: 45c204b8a20f6abb0188d2d38a3fb0c9
-        SHA1: cdf3a3c5c2eda4c29621f30fd3154f9f8c765739
-        SHA256: e32839dddc0f4ed2474efaf37f59d46db400c700fd19533cb0895a111124bc77
-        SHA384: ee9c75832cb252218b3201619852209df490d2ef7a5f7a28afdb37f1c1dd56f4604898838e558f615b1c798d4a488223
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=CA, ST=Quebec, L=Laval, O=LAVALYS, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, OU=Software Licensing Department, CN=LAVALYS
-      ValidFrom: '2006-10-18 00:00:00'
-      ValidTo: '2008-10-17 23:59:59'
-      Signature: 5e0e77e4e5de0c6c4b7822b17a1e8ebd0960806438f5073c686b575f60dd4129d66bd66b7e4f33cff39dc890ae077db68615ad8d431eec3bf1531f6eb505fe48d186df3306d27893b42af5ef264b621acf26475fe93dd00906f61c78425c101d268d1050db3f7264d5e4a75a205b488684b716f3f2b317367ed13f34553238f6b4ab7a98c9fe48d32289d528d8db8cb583cef299e53f2fdde6d84ae2d2fd41cb826973c3da647221d9efbb2383cdae5c52adfa407399ebd2b9fafbf5c6246f944cd8e9ed79b4540b8ec53ba603464ae42f09468f762f71ddf9068cdd869c6fcf2d3806c6d20ab9781ee027849d946c5d2f58d7853bda919ca412e0c20024a6b7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1b417ba2cdab8010ecfc5ad9dd4baf33
-      Version: 3
-      TBS:
-        MD5: 32ff43e593925e5eab372e2d5e3c9734
-        SHA1: 405c78a239f39963fe8aa5ff5283c582aa369e7b
-        SHA256: 0a6e66dd63e42179cd9e1a1c9d22decad3abe55cfa6fa4062f5c503742d2076f
-        SHA384: a43a1f03510896d34a427c30f7ad75841dacd27b8328b9f756bc55981b71490386289422f1dd05d023c2714e753d85f8
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 1b417ba2cdab8010ecfc5ad9dd4baf33
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: ''
-  MD5: 09e77d71d626574e6142894caca6e6dd
-  MachineType: AMD64
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: 6b90a6eeef66bb9302665081e30bf9802ca956cc
-  SHA256: 33bc9a17a0909e32a3ae7e6f089b7f050591dd6f3f7a8172575606bec01889ef
-  Signature: ''
-  Imphash: 8232d2f79ce126e84cc044543ad82790
-  Authentihash:
-    MD5: 464331a14dd967eed95bb16a8ccf6127
-    SHA1: 8c0999041d3212be1510a766dcc8b7f4b2401fcf
-    SHA256: 1126c9b043872383e5e0b1ac893ddf2238a2c130401627b259c81d98a3cefeae
-  RichPEHeaderHash:
-    MD5: e93b5a02ff5f4c18b186ee8c35f3132e
-    SHA1: 897dc8e1b30df0d168feda245816e72aa2cfcf9e
-    SHA256: 377d1179f5eac38231f07ffef5b19a098956f1074a11f518bee00fee1f5f1cad
-  Sections:
-    .text:
-      Entropy: 6.289707555994787
-      Virtual Size: '0x3e54'
-    .rdata:
-      Entropy: 4.138388504903226
-      Virtual Size: '0x238'
-    .data:
-      Entropy: 0.30140680731160896
-      Virtual Size: '0x1120'
-    .pdata:
-      Entropy: 3.394101782281126
-      Virtual Size: '0x90'
-    INIT:
-      Entropy: 5.057866512392725
-      Virtual Size: '0x3f0'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2010-08-29 05:38:31'
-  InternalName: ''
-  Copyright: ''
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IofCompleteRequest
-  - KeWaitForSingleObject
-  - PsGetVersion
-  - IoCreateSymbolicLink
-  - IoBuildDeviceIoControlRequest
-  - MmIsAddressValid
-  - IoDeleteSymbolicLink
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - RtlAnsiStringToUnicodeString
-  - MmMapIoSpace
-  - RtlInitUnicodeString
-  - IofCallDriver
-  - IoDeleteDevice
-  - strchr
-  - KeInitializeEvent
-  - RtlInitAnsiString
-  - MmUnmapIoSpace
-  - MmBuildMdlForNonPagedPool
-  - RtlFreeUnicodeString
-  - KeBugCheckEx
-  - IoGetDeviceObjectPointer
-  - IoAllocateMdl
-  - MmMapLockedPagesSpecifyCache
-  - __C_specific_handler
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=HU, ST=Budapest, L=Budapest, O=FinalWire, OU=Digital ID Class 3 ,
-        Microsoft Software Validation v2, CN=FinalWire
-      ValidFrom: '2010-07-29 00:00:00'
-      ValidTo: '2012-07-28 23:59:59'
-      Signature: 99e136ac112e7c78ce7c6227980b00b97242c5f7fd2e9b7759cd1e4eb323f0e4c36199f581121ce2ea9331fb4421f78feffdffbe83a0bab67a68a8ac5b3f79d7412b78ebed416feb9ab1d3412de204db326c47b2ab415938b7fadccc83ac35ed2cacbd29df428db05fabb874865fbeabf7eea6c6bd87c11292b2d48b8481cc02000ed147203fa6d9902796beba69ad8fef775205295d8537f50ca96b98ac9ccdf64391f07768979df2557742564bdc4a44e96673038495cbfac986dbf89311f445df1874534325f3b70262a9d9dc475cd9259e6dec576e50df06a7817a6033bdbe97c98d4684772864ecc564baa2356375fdf1e75982c96f4d7578a2d945e916
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 01cc3af0c7b9f02c029c172f6f135621
-      Version: 3
-      TBS:
-        MD5: 735dfa995ca4af6545a694a22f0fb657
-        SHA1: 5957f3ae95e2a195cf0a1f99eeb989350b58f724
-        SHA256: 1278201f6ed95445add0bcdc6030e72609f88fa9bdabafb98615e358005025c1
-        SHA384: 3303d4a3274742ee5172188482e243db6dff6e90de9af946caabbd21d6bde8957d5e11b1405f7b784276b671841343d4
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 01cc3af0c7b9f02c029c172f6f135621
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: ''
-  MD5: 24589081b827989b52d954dcd88035d0
-  MachineType: AMD64
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: 3aba6dd15260875eb290e9d67992066141aa0bb0
-  SHA256: 38535a0e9fc0684308eb5d6aa6284669bc9743f11cb605b79883b8c13ef906ad
-  Signature: ''
-  Imphash: f212bbc758bb52fc661839b1d194b76e
-  Authentihash:
-    MD5: d7c4f6f8457e53df981b1d23ca4683a4
-    SHA1: 6ccac0c7b891149b5777ae34f3ef824b37c5d89c
-    SHA256: 559ef0d415c5c3dbc1bfd598f4cad75aac9d4c5c6660fb61b23e44da4dbf89a9
-  RichPEHeaderHash:
-    MD5: 8d8e37a1cfda4252f83be326e779bfa3
-    SHA1: a988073133ae7870ee3c2dd8d56cd35daec87921
-    SHA256: 10005125c3c5d72631d533f730447e65435123a4a0be6456c54ce9f1fcbcb49f
-  Sections:
-    .text:
-      Entropy: 6.204469684046908
-      Virtual Size: '0x18bc'
-    .rdata:
-      Entropy: 4.535716743655079
-      Virtual Size: '0x19c'
-    .data:
-      Entropy: 0.3459259103346658
-      Virtual Size: '0x520'
-    .pdata:
-      Entropy: 3.3220730262758074
-      Virtual Size: '0x9c'
-    INIT:
-      Entropy: 4.636876212258409
-      Virtual Size: '0x182'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2005-07-25 09:31:43'
-  InternalName: ''
-  Copyright: ''
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  Signatures: {}
-  LoadsDespiteHVCI: 'FALSE'
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: ''
-  MD5: 8f1255efd2ed0d3b03a02c6b236c06d6
-  MachineType: AMD64
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: 9d44260558807daff61a0cc0c6a8719c3adacd2d
-  SHA256: 442f12adebf7cb166b19e8aead2b0440450fd1f33f5db384a39776bb2656474a
-  Signature: ''
-  Imphash: dcd41632f0ad9683e5c9c7cc083f78f7
-  Authentihash:
-    MD5: ec630d38e4fc83dda90206425e7fd4b3
-    SHA1: 69b0510afa2625734aead94672f8daf851685ac4
-    SHA256: 53e15b21cc69a554d4d61ffe531be90364ed7b1bb64fc302d65eaa642c9fa60a
-  RichPEHeaderHash:
-    MD5: 2c53952789ebcf16a337a5ec3ab41667
-    SHA1: 60852524abfeefc666c143ac7a6d7350244e53be
-    SHA256: 0a1214a3de635359675999b347fd34869caf91a1cd0510677996adcec5c2c6bc
-  Sections:
-    .text:
-      Entropy: 6.299787194819916
-      Virtual Size: '0x2884'
-    .rdata:
-      Entropy: 4.214532676216857
-      Virtual Size: '0x194'
-    .data:
-      Entropy: 0.30140680731160896
-      Virtual Size: '0x920'
-    .pdata:
-      Entropy: 3.251991204585118
-      Virtual Size: '0x6c'
-    INIT:
-      Entropy: 4.944172758453227
-      Virtual Size: '0x30c'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2008-03-09 05:46:25'
-  InternalName: ''
-  Copyright: ''
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IofCompleteRequest
-  - KeWaitForSingleObject
-  - PsGetVersion
-  - IoCreateSymbolicLink
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - IofCallDriver
-  - IoBuildDeviceIoControlRequest
-  - IoDeleteSymbolicLink
-  - RtlAnsiStringToUnicodeString
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - strchr
-  - KeInitializeEvent
-  - RtlInitAnsiString
-  - MmUnmapIoSpace
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - MmMapIoSpace
-  - KeBugCheckEx
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=CA, ST=Quebec, L=Laval, O=LAVALYS, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, OU=Software Licensing Department, CN=LAVALYS
-      ValidFrom: '2006-10-18 00:00:00'
-      ValidTo: '2008-10-17 23:59:59'
-      Signature: 5e0e77e4e5de0c6c4b7822b17a1e8ebd0960806438f5073c686b575f60dd4129d66bd66b7e4f33cff39dc890ae077db68615ad8d431eec3bf1531f6eb505fe48d186df3306d27893b42af5ef264b621acf26475fe93dd00906f61c78425c101d268d1050db3f7264d5e4a75a205b488684b716f3f2b317367ed13f34553238f6b4ab7a98c9fe48d32289d528d8db8cb583cef299e53f2fdde6d84ae2d2fd41cb826973c3da647221d9efbb2383cdae5c52adfa407399ebd2b9fafbf5c6246f944cd8e9ed79b4540b8ec53ba603464ae42f09468f762f71ddf9068cdd869c6fcf2d3806c6d20ab9781ee027849d946c5d2f58d7853bda919ca412e0c20024a6b7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1b417ba2cdab8010ecfc5ad9dd4baf33
-      Version: 3
-      TBS:
-        MD5: 32ff43e593925e5eab372e2d5e3c9734
-        SHA1: 405c78a239f39963fe8aa5ff5283c582aa369e7b
-        SHA256: 0a6e66dd63e42179cd9e1a1c9d22decad3abe55cfa6fa4062f5c503742d2076f
-        SHA384: a43a1f03510896d34a427c30f7ad75841dacd27b8328b9f756bc55981b71490386289422f1dd05d023c2714e753d85f8
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 1b417ba2cdab8010ecfc5ad9dd4baf33
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: ''
-  MD5: f0e21ababe63668fb3fbd02e90cd1fa9
-  MachineType: AMD64
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: b394f84e093cb144568e18aaf5b857dff77091fa
-  SHA256: 51f002ee44e46889cf5b99a724dd10cc2bd3e22545e2a2cb3bd6b1dd3af5ba11
-  Signature: ''
-  Imphash: 9fb64527ca6d4541cc256b1abd1e4101
-  Authentihash:
-    MD5: 61946eefd0034f3b28914649a13f922f
-    SHA1: ed0398cea11d29382f23f3f2e2b7edbd1db4a30e
-    SHA256: b7036cd12dc9e3550239310fd8ff4f14e4266bbd0de3aba7b087068a253b506b
-  RichPEHeaderHash:
-    MD5: 2c53952789ebcf16a337a5ec3ab41667
-    SHA1: 60852524abfeefc666c143ac7a6d7350244e53be
-    SHA256: 0a1214a3de635359675999b347fd34869caf91a1cd0510677996adcec5c2c6bc
-  Sections:
-    .text:
-      Entropy: 6.331959554440434
-      Virtual Size: '0x2ae4'
-    .rdata:
-      Entropy: 4.259111658672462
-      Virtual Size: '0x1a8'
-    .data:
-      Entropy: 0.30140680731160896
-      Virtual Size: '0x920'
-    .pdata:
-      Entropy: 3.306913556758642
-      Virtual Size: '0x78'
-    INIT:
-      Entropy: 4.946018467645119
-      Virtual Size: '0x30c'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2008-09-20 15:09:05'
-  InternalName: ''
-  Copyright: ''
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoCreateSymbolicLink
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - IofCallDriver
-  - IoBuildDeviceIoControlRequest
-  - IoDeleteSymbolicLink
-  - RtlAnsiStringToUnicodeString
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - strchr
-  - KeInitializeEvent
-  - RtlInitAnsiString
-  - MmUnmapIoSpace
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - KeWaitForSingleObject
-  - PsGetVersion
-  - KeBugCheckEx
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=CA, ST=Quebec, L=Laval, O=LAVALYS, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, OU=Software Licensing Department, CN=LAVALYS
-      ValidFrom: '2006-10-18 00:00:00'
-      ValidTo: '2008-10-17 23:59:59'
-      Signature: 5e0e77e4e5de0c6c4b7822b17a1e8ebd0960806438f5073c686b575f60dd4129d66bd66b7e4f33cff39dc890ae077db68615ad8d431eec3bf1531f6eb505fe48d186df3306d27893b42af5ef264b621acf26475fe93dd00906f61c78425c101d268d1050db3f7264d5e4a75a205b488684b716f3f2b317367ed13f34553238f6b4ab7a98c9fe48d32289d528d8db8cb583cef299e53f2fdde6d84ae2d2fd41cb826973c3da647221d9efbb2383cdae5c52adfa407399ebd2b9fafbf5c6246f944cd8e9ed79b4540b8ec53ba603464ae42f09468f762f71ddf9068cdd869c6fcf2d3806c6d20ab9781ee027849d946c5d2f58d7853bda919ca412e0c20024a6b7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1b417ba2cdab8010ecfc5ad9dd4baf33
-      Version: 3
-      TBS:
-        MD5: 32ff43e593925e5eab372e2d5e3c9734
-        SHA1: 405c78a239f39963fe8aa5ff5283c582aa369e7b
-        SHA256: 0a6e66dd63e42179cd9e1a1c9d22decad3abe55cfa6fa4062f5c503742d2076f
-        SHA384: a43a1f03510896d34a427c30f7ad75841dacd27b8328b9f756bc55981b71490386289422f1dd05d023c2714e753d85f8
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 1b417ba2cdab8010ecfc5ad9dd4baf33
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: ''
-  MD5: 648adec580746afbbf59904c1e150c73
-  MachineType: AMD64
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: 52ea274e399df8706067fdc5ac52af0480461887
-  SHA256: 53b9e423baf946983d03ce309ec5e006ba18c9956dcd97c68a8b714d18c8ffcf
-  Signature: ''
-  Imphash: b6f67458e30912358144df4adf5264fd
-  Authentihash:
-    MD5: 4373ad9ecb6656ec9048bb02ac9b0e05
-    SHA1: 072c44a91e17e74c0256446b893e856658565ea7
-    SHA256: 713c7a6532cbc952546c3b844ed529b5b285dc29e16036731ceebc6f6431ae77
-  RichPEHeaderHash:
-    MD5: eb7a6452e7d8e135bf9199524118601d
-    SHA1: 7400103f42e22809e66c207f1eb1d22cd947f22f
-    SHA256: 7efa73cf87c7b47175625395d918a9fcc93d9b5bf6392978613fced2155908fe
-  Sections:
-    .text:
-      Entropy: 6.353265804552914
-      Virtual Size: '0x3714'
-    .rdata:
-      Entropy: 4.261636603732408
-      Virtual Size: '0x1e8'
-    .data:
-      Entropy: 0.30140680731160896
-      Virtual Size: '0x1120'
-    .pdata:
-      Entropy: 3.3006228275739464
-      Virtual Size: '0x78'
-    INIT:
-      Entropy: 5.012586312680787
-      Virtual Size: '0x32c'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2009-05-04 06:24:01'
-  InternalName: ''
-  Copyright: ''
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - RtlAnsiStringToUnicodeString
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - strchr
-  - KeInitializeEvent
-  - RtlInitAnsiString
-  - MmUnmapIoSpace
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - KeWaitForSingleObject
-  - PsGetVersion
-  - IoCreateSymbolicLink
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - IoBuildDeviceIoControlRequest
-  - IofCallDriver
-  - IoDeleteSymbolicLink
-  - KeBugCheckEx
-  - __C_specific_handler
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=CA, ST=Quebec, L=Laval, O=LAVALYS, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, OU=Software Licensing Department, CN=LAVALYS
-      ValidFrom: '2008-09-04 00:00:00'
-      ValidTo: '2010-10-17 23:59:59'
-      Signature: 6cd0fe216b27c908f3d444ef0428c76bbc25f74beb7f2027a497499ea5b5c61f99c4e455341bdab5f26b3cc920a9e8224eb79a95ebb81e3fef374f992255d7a997e43f5b497be9bbfe7d28c6791d0e2c93e72668d8c18e08f3329dde27f8a587a59202d9ff6db84fbb56ea4d37b702d80ef4fcdc49bc636351e3ab2043db01b4312c653e830819cf8c44ce3da714dc73933f242b035ef6ef8dc486b5a8aece6e4061138a7e2f6916d527b5a3a6cfeb6475cba7b0afa08a5b6e8590e02758428b217a288d29f641cd493f34f251739b8b529fe0d30182ad5f4fb461caf7f6447598bc5b6833fb8be5884ee329413c4550c8715929c6767bb0fa5c101de989f5ee
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 739a73c1864ae27d7d9cdcf7055888e4
-      Version: 3
-      TBS:
-        MD5: 4ccfe1bafb291fc51e5636295c8e38eb
-        SHA1: c93bdd8fd964b6c750fcad1455a37fdd77276446
-        SHA256: 63b214b64cb75b53fd0d4baacbcadee892160af685a79f6b5c6f984214521c8f
-        SHA384: 70411e706a18564522cdcc92bbdaf6187c2a318b8beb2e7025959e04475e8a5bbdea470a6d82109c0fbd7b56b22abf5f
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 739a73c1864ae27d7d9cdcf7055888e4
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: ''
-  MD5: 5c5973d2caf86e96311f6399513ab8df
-  MachineType: AMD64
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: b82c034e41d463f4e68b0a7d334f2d7611049bcb
-  SHA256: 582b62ffbcbcdd62c0fc624cdf106545af71078f1edfe1129401d64f3eefaa3a
-  Signature: ''
-  Imphash: 8232d2f79ce126e84cc044543ad82790
-  Authentihash:
-    MD5: 86d3624e6394b8b7869da01c4b1fabce
-    SHA1: 80a7975e89ff4211b26502d77a52539b2e9d2296
-    SHA256: 058afe9e93dcc52e64fc0942b80a159b8617608c15462a7a17984de3cc0b8d04
-  RichPEHeaderHash:
-    MD5: e93b5a02ff5f4c18b186ee8c35f3132e
-    SHA1: 897dc8e1b30df0d168feda245816e72aa2cfcf9e
-    SHA256: 377d1179f5eac38231f07ffef5b19a098956f1074a11f518bee00fee1f5f1cad
-  Sections:
-    .text:
-      Entropy: 6.293722266381494
-      Virtual Size: '0x3de4'
-    .rdata:
-      Entropy: 4.13249945918501
-      Virtual Size: '0x238'
-    .data:
-      Entropy: 0.30140680731160896
-      Virtual Size: '0x1120'
-    .pdata:
-      Entropy: 3.3644860704304986
-      Virtual Size: '0x90'
-    INIT:
-      Entropy: 5.057866512392725
-      Virtual Size: '0x3f0'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2010-07-30 08:50:06'
-  InternalName: ''
-  Copyright: ''
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IofCompleteRequest
-  - KeWaitForSingleObject
-  - PsGetVersion
-  - IoCreateSymbolicLink
-  - IoBuildDeviceIoControlRequest
-  - MmIsAddressValid
-  - IoDeleteSymbolicLink
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - RtlAnsiStringToUnicodeString
-  - MmMapIoSpace
-  - RtlInitUnicodeString
-  - IofCallDriver
-  - IoDeleteDevice
-  - strchr
-  - KeInitializeEvent
-  - RtlInitAnsiString
-  - MmUnmapIoSpace
-  - MmBuildMdlForNonPagedPool
-  - RtlFreeUnicodeString
-  - KeBugCheckEx
-  - IoGetDeviceObjectPointer
-  - IoAllocateMdl
-  - MmMapLockedPagesSpecifyCache
-  - __C_specific_handler
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=CA, ST=Quebec, L=Laval, O=LAVALYS, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, OU=Software Licensing Department, CN=LAVALYS
-      ValidFrom: '2008-09-04 00:00:00'
-      ValidTo: '2010-10-17 23:59:59'
-      Signature: 6cd0fe216b27c908f3d444ef0428c76bbc25f74beb7f2027a497499ea5b5c61f99c4e455341bdab5f26b3cc920a9e8224eb79a95ebb81e3fef374f992255d7a997e43f5b497be9bbfe7d28c6791d0e2c93e72668d8c18e08f3329dde27f8a587a59202d9ff6db84fbb56ea4d37b702d80ef4fcdc49bc636351e3ab2043db01b4312c653e830819cf8c44ce3da714dc73933f242b035ef6ef8dc486b5a8aece6e4061138a7e2f6916d527b5a3a6cfeb6475cba7b0afa08a5b6e8590e02758428b217a288d29f641cd493f34f251739b8b529fe0d30182ad5f4fb461caf7f6447598bc5b6833fb8be5884ee329413c4550c8715929c6767bb0fa5c101de989f5ee
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 739a73c1864ae27d7d9cdcf7055888e4
-      Version: 3
-      TBS:
-        MD5: 4ccfe1bafb291fc51e5636295c8e38eb
-        SHA1: c93bdd8fd964b6c750fcad1455a37fdd77276446
-        SHA256: 63b214b64cb75b53fd0d4baacbcadee892160af685a79f6b5c6f984214521c8f
-        SHA384: 70411e706a18564522cdcc92bbdaf6187c2a318b8beb2e7025959e04475e8a5bbdea470a6d82109c0fbd7b56b22abf5f
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 739a73c1864ae27d7d9cdcf7055888e4
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: ''
-  MD5: 009876ab9cf3a3d4e3fc3afe13ae839e
-  MachineType: AMD64
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: f85f5e5d747433b274e53c8377bf24fbc08758b6
-  SHA256: 6297556f66cd6619057f3a5b216b314f8a27eebb5fa575ee07a1944aca71ae80
-  Signature: ''
-  Imphash: c52384bc825d2414de3195672971339e
-  Authentihash:
-    MD5: f714ae1fce8bfd53a3c0f468ee55a9d0
-    SHA1: 3e8dafe5dc14e00469f89272ff04a04070dbd472
-    SHA256: c3577eeb107de6a0cdf6ac3ee75339f09fd0eb00b4d368bf841b6126af7629a1
-  RichPEHeaderHash:
-    MD5: eb7a6452e7d8e135bf9199524118601d
-    SHA1: 7400103f42e22809e66c207f1eb1d22cd947f22f
-    SHA256: 7efa73cf87c7b47175625395d918a9fcc93d9b5bf6392978613fced2155908fe
-  Sections:
-    .text:
-      Entropy: 6.341649652097926
-      Virtual Size: '0x3564'
-    .rdata:
-      Entropy: 4.249815729459677
-      Virtual Size: '0x1e8'
-    .data:
-      Entropy: 0.30140680731160896
-      Virtual Size: '0x1120'
-    .pdata:
-      Entropy: 3.2348563064472646
-      Virtual Size: '0x78'
-    INIT:
-      Entropy: 5.005029836591686
-      Virtual Size: '0x32c'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2008-12-24 06:50:50'
-  InternalName: ''
-  Copyright: ''
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoBuildDeviceIoControlRequest
-  - IofCallDriver
-  - IoDeleteSymbolicLink
-  - RtlAnsiStringToUnicodeString
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - strchr
-  - KeInitializeEvent
-  - RtlInitAnsiString
-  - MmUnmapIoSpace
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - KeWaitForSingleObject
-  - PsGetVersion
-  - IoCreateSymbolicLink
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - KeBugCheckEx
-  - __C_specific_handler
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=CA, ST=Quebec, L=Laval, O=LAVALYS, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, OU=Software Licensing Department, CN=LAVALYS
-      ValidFrom: '2008-09-04 00:00:00'
-      ValidTo: '2010-10-17 23:59:59'
-      Signature: 6cd0fe216b27c908f3d444ef0428c76bbc25f74beb7f2027a497499ea5b5c61f99c4e455341bdab5f26b3cc920a9e8224eb79a95ebb81e3fef374f992255d7a997e43f5b497be9bbfe7d28c6791d0e2c93e72668d8c18e08f3329dde27f8a587a59202d9ff6db84fbb56ea4d37b702d80ef4fcdc49bc636351e3ab2043db01b4312c653e830819cf8c44ce3da714dc73933f242b035ef6ef8dc486b5a8aece6e4061138a7e2f6916d527b5a3a6cfeb6475cba7b0afa08a5b6e8590e02758428b217a288d29f641cd493f34f251739b8b529fe0d30182ad5f4fb461caf7f6447598bc5b6833fb8be5884ee329413c4550c8715929c6767bb0fa5c101de989f5ee
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 739a73c1864ae27d7d9cdcf7055888e4
-      Version: 3
-      TBS:
-        MD5: 4ccfe1bafb291fc51e5636295c8e38eb
-        SHA1: c93bdd8fd964b6c750fcad1455a37fdd77276446
-        SHA256: 63b214b64cb75b53fd0d4baacbcadee892160af685a79f6b5c6f984214521c8f
-        SHA384: 70411e706a18564522cdcc92bbdaf6187c2a318b8beb2e7025959e04475e8a5bbdea470a6d82109c0fbd7b56b22abf5f
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 739a73c1864ae27d7d9cdcf7055888e4
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: ''
-  MD5: 7c887f2b1a56b84d86828529604957db
-  MachineType: AMD64
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: d6b61c685cfaa36c85f1672ac95844f8293c70d0
-  SHA256: 680ddece32fe99f056e770cb08641f5b585550798dfdf723441a11364637c7e6
-  Signature: ''
-  Imphash: 9a970527986cd03e5a25d18b372624a1
-  Authentihash:
-    MD5: c8d766097a994d3b8d547fedde645d17
-    SHA1: d26854aa9937dbd80394010b9aac4ee38669f05f
-    SHA256: 5b63080bead00cae92efb917b7a707c6a2d6628a1e90301795617b45273f45e4
-  RichPEHeaderHash:
-    MD5: d7c3e34ff185cd060fd272724a9a08d4
-    SHA1: 07bd4ac3ba36186190def09485c7e9ecdaae1d12
-    SHA256: e886be3aa324ce0db073d3bfc7e1603fdfa353e31159343409d6a3117c5e7849
-  Sections:
-    .text:
-      Entropy: 6.33454767393245
-      Virtual Size: '0x2254'
-    .rdata:
-      Entropy: 4.007083553722861
-      Virtual Size: '0x160'
-    .data:
-      Entropy: 0.30140680731160896
-      Virtual Size: '0x920'
-    .pdata:
-      Entropy: 3.0498329866519773
-      Virtual Size: '0x48'
-    INIT:
-      Entropy: 4.963877363138679
-      Virtual Size: '0x2fa'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2007-08-19 06:38:38'
-  InternalName: ''
-  Copyright: ''
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - KeInitializeEvent
-  - RtlInitAnsiString
-  - MmUnmapIoSpace
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - KeWaitForSingleObject
-  - PsGetVersion
-  - IoCreateSymbolicLink
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - IofCallDriver
-  - IoBuildDeviceIoControlRequest
-  - IoDeleteSymbolicLink
-  - RtlAnsiStringToUnicodeString
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeBugCheckEx
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=CA, ST=Quebec, L=Laval, O=LAVALYS, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, OU=Software Licensing Department, CN=LAVALYS
-      ValidFrom: '2006-10-18 00:00:00'
-      ValidTo: '2008-10-17 23:59:59'
-      Signature: 5e0e77e4e5de0c6c4b7822b17a1e8ebd0960806438f5073c686b575f60dd4129d66bd66b7e4f33cff39dc890ae077db68615ad8d431eec3bf1531f6eb505fe48d186df3306d27893b42af5ef264b621acf26475fe93dd00906f61c78425c101d268d1050db3f7264d5e4a75a205b488684b716f3f2b317367ed13f34553238f6b4ab7a98c9fe48d32289d528d8db8cb583cef299e53f2fdde6d84ae2d2fd41cb826973c3da647221d9efbb2383cdae5c52adfa407399ebd2b9fafbf5c6246f944cd8e9ed79b4540b8ec53ba603464ae42f09468f762f71ddf9068cdd869c6fcf2d3806c6d20ab9781ee027849d946c5d2f58d7853bda919ca412e0c20024a6b7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1b417ba2cdab8010ecfc5ad9dd4baf33
-      Version: 3
-      TBS:
-        MD5: 32ff43e593925e5eab372e2d5e3c9734
-        SHA1: 405c78a239f39963fe8aa5ff5283c582aa369e7b
-        SHA256: 0a6e66dd63e42179cd9e1a1c9d22decad3abe55cfa6fa4062f5c503742d2076f
-        SHA384: a43a1f03510896d34a427c30f7ad75841dacd27b8328b9f756bc55981b71490386289422f1dd05d023c2714e753d85f8
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 1b417ba2cdab8010ecfc5ad9dd4baf33
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: ''
-  MD5: 1caf5070493459ba029d988dbb2c7422
-  MachineType: AMD64
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: 8d3be83cf3bb36dbce974654b5330adb38792c2d
-  SHA256: 6ef0b34649186fb98a7431b606e77ee35e755894b038755ba98e577bd51b2c72
-  Signature: ''
-  Imphash: 8232d2f79ce126e84cc044543ad82790
-  Authentihash:
-    MD5: c7fb9ed75eb75fa84189e8b8f6e2b95e
-    SHA1: cb6b9f4a6107f9cb4badc05fd7c5f6b1e1d59cf6
-    SHA256: 5fc66378fe68a380ccfab3521657b38912ca1fe5a8d7c857f591e928ab0b4208
-  RichPEHeaderHash:
-    MD5: e93b5a02ff5f4c18b186ee8c35f3132e
-    SHA1: 897dc8e1b30df0d168feda245816e72aa2cfcf9e
-    SHA256: 377d1179f5eac38231f07ffef5b19a098956f1074a11f518bee00fee1f5f1cad
-  Sections:
-    .text:
-      Entropy: 6.276978042266502
-      Virtual Size: '0x3d04'
-    .rdata:
-      Entropy: 4.088524624627464
-      Virtual Size: '0x238'
-    .data:
-      Entropy: 0.30140680731160896
-      Virtual Size: '0x1120'
-    .pdata:
-      Entropy: 3.374063735843171
-      Virtual Size: '0x78'
-    INIT:
-      Entropy: 5.058615408724236
-      Virtual Size: '0x3f0'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2010-05-20 14:55:04'
-  InternalName: ''
-  Copyright: ''
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IofCompleteRequest
-  - KeWaitForSingleObject
-  - PsGetVersion
-  - IoCreateSymbolicLink
-  - IoBuildDeviceIoControlRequest
-  - MmIsAddressValid
-  - IoDeleteSymbolicLink
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - RtlAnsiStringToUnicodeString
-  - MmMapIoSpace
-  - RtlInitUnicodeString
-  - IofCallDriver
-  - IoDeleteDevice
-  - strchr
-  - KeInitializeEvent
-  - RtlInitAnsiString
-  - MmUnmapIoSpace
-  - MmBuildMdlForNonPagedPool
-  - RtlFreeUnicodeString
-  - KeBugCheckEx
-  - IoGetDeviceObjectPointer
-  - IoAllocateMdl
-  - MmMapLockedPagesSpecifyCache
-  - __C_specific_handler
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=CA, ST=Quebec, L=Laval, O=LAVALYS, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, OU=Software Licensing Department, CN=LAVALYS
-      ValidFrom: '2008-09-04 00:00:00'
-      ValidTo: '2010-10-17 23:59:59'
-      Signature: 6cd0fe216b27c908f3d444ef0428c76bbc25f74beb7f2027a497499ea5b5c61f99c4e455341bdab5f26b3cc920a9e8224eb79a95ebb81e3fef374f992255d7a997e43f5b497be9bbfe7d28c6791d0e2c93e72668d8c18e08f3329dde27f8a587a59202d9ff6db84fbb56ea4d37b702d80ef4fcdc49bc636351e3ab2043db01b4312c653e830819cf8c44ce3da714dc73933f242b035ef6ef8dc486b5a8aece6e4061138a7e2f6916d527b5a3a6cfeb6475cba7b0afa08a5b6e8590e02758428b217a288d29f641cd493f34f251739b8b529fe0d30182ad5f4fb461caf7f6447598bc5b6833fb8be5884ee329413c4550c8715929c6767bb0fa5c101de989f5ee
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 739a73c1864ae27d7d9cdcf7055888e4
-      Version: 3
-      TBS:
-        MD5: 4ccfe1bafb291fc51e5636295c8e38eb
-        SHA1: c93bdd8fd964b6c750fcad1455a37fdd77276446
-        SHA256: 63b214b64cb75b53fd0d4baacbcadee892160af685a79f6b5c6f984214521c8f
-        SHA384: 70411e706a18564522cdcc92bbdaf6187c2a318b8beb2e7025959e04475e8a5bbdea470a6d82109c0fbd7b56b22abf5f
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 739a73c1864ae27d7d9cdcf7055888e4
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: ''
-  MD5: a730b97ab977aa444fa261902822a905
-  MachineType: AMD64
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: 9f6883e59fd6c136cfc556b7b388a4c363dc0516
-  SHA256: 748ccadb6bf6cdf4c5a5a1bb9950ee167d8b27c5817da71d38e2bc922ffce73d
-  Signature: ''
-  Imphash: 9e2cf28fe320bbf74972509536569c8e
-  Authentihash:
-    MD5: a9c4c3e3e25edf4a2a29635e91fc47dc
-    SHA1: 7299c5b3630e455e851e015db5381768f3735eb6
-    SHA256: 43dc82fd548218f0e916687c997291c8056dfdcc5b5f5616833437f96d806a64
-  RichPEHeaderHash:
-    MD5: eb7a6452e7d8e135bf9199524118601d
-    SHA1: 7400103f42e22809e66c207f1eb1d22cd947f22f
-    SHA256: 7efa73cf87c7b47175625395d918a9fcc93d9b5bf6392978613fced2155908fe
-  Sections:
-    .text:
-      Entropy: 6.359543759929915
-      Virtual Size: '0x3884'
-    .rdata:
-      Entropy: 4.277270659191589
-      Virtual Size: '0x1e8'
-    .data:
-      Entropy: 0.30140680731160896
-      Virtual Size: '0x1120'
-    .pdata:
-      Entropy: 3.307745769009558
-      Virtual Size: '0x78'
-    INIT:
-      Entropy: 5.015684190555883
-      Virtual Size: '0x32c'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2009-05-21 08:26:14'
-  InternalName: ''
-  Copyright: ''
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - strchr
-  - KeInitializeEvent
-  - RtlInitAnsiString
-  - MmUnmapIoSpace
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - KeWaitForSingleObject
-  - PsGetVersion
-  - IoCreateSymbolicLink
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - IoBuildDeviceIoControlRequest
-  - IofCallDriver
-  - IoDeleteSymbolicLink
-  - RtlAnsiStringToUnicodeString
-  - KeBugCheckEx
-  - __C_specific_handler
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=CA, ST=Quebec, L=Laval, O=LAVALYS, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, OU=Software Licensing Department, CN=LAVALYS
-      ValidFrom: '2008-09-04 00:00:00'
-      ValidTo: '2010-10-17 23:59:59'
-      Signature: 6cd0fe216b27c908f3d444ef0428c76bbc25f74beb7f2027a497499ea5b5c61f99c4e455341bdab5f26b3cc920a9e8224eb79a95ebb81e3fef374f992255d7a997e43f5b497be9bbfe7d28c6791d0e2c93e72668d8c18e08f3329dde27f8a587a59202d9ff6db84fbb56ea4d37b702d80ef4fcdc49bc636351e3ab2043db01b4312c653e830819cf8c44ce3da714dc73933f242b035ef6ef8dc486b5a8aece6e4061138a7e2f6916d527b5a3a6cfeb6475cba7b0afa08a5b6e8590e02758428b217a288d29f641cd493f34f251739b8b529fe0d30182ad5f4fb461caf7f6447598bc5b6833fb8be5884ee329413c4550c8715929c6767bb0fa5c101de989f5ee
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 739a73c1864ae27d7d9cdcf7055888e4
-      Version: 3
-      TBS:
-        MD5: 4ccfe1bafb291fc51e5636295c8e38eb
-        SHA1: c93bdd8fd964b6c750fcad1455a37fdd77276446
-        SHA256: 63b214b64cb75b53fd0d4baacbcadee892160af685a79f6b5c6f984214521c8f
-        SHA384: 70411e706a18564522cdcc92bbdaf6187c2a318b8beb2e7025959e04475e8a5bbdea470a6d82109c0fbd7b56b22abf5f
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 739a73c1864ae27d7d9cdcf7055888e4
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: ''
-  MD5: 17c7bcae7ebabb95af2f7c91b19c361c
-  MachineType: AMD64
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: 5ca6a52230507b1dffab7acd501540bc10f1ab81
-  SHA256: 76940e313c27c7ff692051fbf1fbdec19c8c31a6723a9de7e15c3c1bec8186f6
-  Signature: ''
-  Imphash: 9e2cf28fe320bbf74972509536569c8e
-  Authentihash:
-    MD5: ccbb05849570b04ba210e45955d502ba
-    SHA1: eafd6be8f12ae5ce8aa3cd76f9f68ee69f4eb53c
-    SHA256: 4c80a2d3a0ef4ce0a3aec62e9d15b50679dec4cccb69a5c0b72529641ebfa5f4
-  RichPEHeaderHash:
-    MD5: eb7a6452e7d8e135bf9199524118601d
-    SHA1: 7400103f42e22809e66c207f1eb1d22cd947f22f
-    SHA256: 7efa73cf87c7b47175625395d918a9fcc93d9b5bf6392978613fced2155908fe
-  Sections:
-    .text:
-      Entropy: 6.258597547063565
-      Virtual Size: '0x3a24'
-    .rdata:
-      Entropy: 4.2562919828265215
-      Virtual Size: '0x208'
-    .data:
-      Entropy: 0.30140680731160896
-      Virtual Size: '0x1120'
-    .pdata:
-      Entropy: 3.216816331144094
-      Virtual Size: '0x78'
-    INIT:
-      Entropy: 5.015684190555883
-      Virtual Size: '0x32c'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2009-09-05 11:27:16'
-  InternalName: ''
-  Copyright: ''
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - strchr
-  - KeInitializeEvent
-  - RtlInitAnsiString
-  - MmUnmapIoSpace
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - KeWaitForSingleObject
-  - PsGetVersion
-  - IoCreateSymbolicLink
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - IoBuildDeviceIoControlRequest
-  - IofCallDriver
-  - IoDeleteSymbolicLink
-  - RtlAnsiStringToUnicodeString
-  - KeBugCheckEx
-  - __C_specific_handler
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=CA, ST=Quebec, L=Laval, O=LAVALYS, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, OU=Software Licensing Department, CN=LAVALYS
-      ValidFrom: '2008-09-04 00:00:00'
-      ValidTo: '2010-10-17 23:59:59'
-      Signature: 6cd0fe216b27c908f3d444ef0428c76bbc25f74beb7f2027a497499ea5b5c61f99c4e455341bdab5f26b3cc920a9e8224eb79a95ebb81e3fef374f992255d7a997e43f5b497be9bbfe7d28c6791d0e2c93e72668d8c18e08f3329dde27f8a587a59202d9ff6db84fbb56ea4d37b702d80ef4fcdc49bc636351e3ab2043db01b4312c653e830819cf8c44ce3da714dc73933f242b035ef6ef8dc486b5a8aece6e4061138a7e2f6916d527b5a3a6cfeb6475cba7b0afa08a5b6e8590e02758428b217a288d29f641cd493f34f251739b8b529fe0d30182ad5f4fb461caf7f6447598bc5b6833fb8be5884ee329413c4550c8715929c6767bb0fa5c101de989f5ee
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 739a73c1864ae27d7d9cdcf7055888e4
-      Version: 3
-      TBS:
-        MD5: 4ccfe1bafb291fc51e5636295c8e38eb
-        SHA1: c93bdd8fd964b6c750fcad1455a37fdd77276446
-        SHA256: 63b214b64cb75b53fd0d4baacbcadee892160af685a79f6b5c6f984214521c8f
-        SHA384: 70411e706a18564522cdcc92bbdaf6187c2a318b8beb2e7025959e04475e8a5bbdea470a6d82109c0fbd7b56b22abf5f
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 739a73c1864ae27d7d9cdcf7055888e4
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: ''
-  MD5: 7ffdd78d63ca7307a96843cfe806799e
-  MachineType: AMD64
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: 64ff172bafc33f14ca5f2e35f9753d41e239a5e4
-  SHA256: 8edab185e765f9806fa57153db1ede00e68270d2351443ee1de30674eca8d9b6
-  Signature: ''
-  Imphash: 14075e605bff546182d682f41afefea2
-  Authentihash:
-    MD5: d34ebed47db04efbe079e6656f917531
-    SHA1: e54e9d578562719ca86461fec23bc9013cf8baa1
-    SHA256: fa4be68f1ea1e36aca95fd62b6727cf9d22886c2612391faeb9c56a1c62c2ec9
-  RichPEHeaderHash:
-    MD5: 99e2fdbe346fb428297f8783591d5358
-    SHA1: 5eca02c6eaab32341e8baf724242ba04ac000d61
-    SHA256: 684d8e76806e586f1dcf85eb846659993d1f0e5a20fc4a0dfdb4d0c6137bb55a
-  Sections:
-    .text:
-      Entropy: 6.27383308492245
-      Virtual Size: '0x27a4'
-    .rdata:
-      Entropy: 4.114310857711515
-      Virtual Size: '0x17c'
-    .data:
-      Entropy: 0.30140680731160896
-      Virtual Size: '0x920'
-    .pdata:
-      Entropy: 3.148997526289565
-      Virtual Size: '0x60'
-    INIT:
-      Entropy: 4.943494160682739
-      Virtual Size: '0x30c'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2007-12-13 18:09:23'
-  InternalName: ''
-  Copyright: ''
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoGetDeviceObjectPointer
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - KeWaitForSingleObject
-  - PsGetVersion
-  - IoCreateSymbolicLink
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - IofCallDriver
-  - IoBuildDeviceIoControlRequest
-  - IoDeleteSymbolicLink
-  - RtlAnsiStringToUnicodeString
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - strchr
-  - KeInitializeEvent
-  - RtlInitAnsiString
-  - MmUnmapIoSpace
-  - RtlFreeUnicodeString
-  - KeBugCheckEx
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=CA, ST=Quebec, L=Laval, O=LAVALYS, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, OU=Software Licensing Department, CN=LAVALYS
-      ValidFrom: '2006-10-18 00:00:00'
-      ValidTo: '2008-10-17 23:59:59'
-      Signature: 5e0e77e4e5de0c6c4b7822b17a1e8ebd0960806438f5073c686b575f60dd4129d66bd66b7e4f33cff39dc890ae077db68615ad8d431eec3bf1531f6eb505fe48d186df3306d27893b42af5ef264b621acf26475fe93dd00906f61c78425c101d268d1050db3f7264d5e4a75a205b488684b716f3f2b317367ed13f34553238f6b4ab7a98c9fe48d32289d528d8db8cb583cef299e53f2fdde6d84ae2d2fd41cb826973c3da647221d9efbb2383cdae5c52adfa407399ebd2b9fafbf5c6246f944cd8e9ed79b4540b8ec53ba603464ae42f09468f762f71ddf9068cdd869c6fcf2d3806c6d20ab9781ee027849d946c5d2f58d7853bda919ca412e0c20024a6b7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1b417ba2cdab8010ecfc5ad9dd4baf33
-      Version: 3
-      TBS:
-        MD5: 32ff43e593925e5eab372e2d5e3c9734
-        SHA1: 405c78a239f39963fe8aa5ff5283c582aa369e7b
-        SHA256: 0a6e66dd63e42179cd9e1a1c9d22decad3abe55cfa6fa4062f5c503742d2076f
-        SHA384: a43a1f03510896d34a427c30f7ad75841dacd27b8328b9f756bc55981b71490386289422f1dd05d023c2714e753d85f8
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 1b417ba2cdab8010ecfc5ad9dd4baf33
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: ''
-  MD5: 192519661fe6d132f233d0355c3f4a6d
-  MachineType: AMD64
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: adab368ed3c17b8f2dc0b2173076668b6153e03a
-  SHA256: 90574d2c406b9738aae8fc629c3983c5e47a6282a43b052f38b5dd313380c30a
-  Signature: ''
-  Imphash: 8232d2f79ce126e84cc044543ad82790
-  Authentihash:
-    MD5: 464331a14dd967eed95bb16a8ccf6127
-    SHA1: 8c0999041d3212be1510a766dcc8b7f4b2401fcf
-    SHA256: 1126c9b043872383e5e0b1ac893ddf2238a2c130401627b259c81d98a3cefeae
-  RichPEHeaderHash:
-    MD5: e93b5a02ff5f4c18b186ee8c35f3132e
-    SHA1: 897dc8e1b30df0d168feda245816e72aa2cfcf9e
-    SHA256: 377d1179f5eac38231f07ffef5b19a098956f1074a11f518bee00fee1f5f1cad
-  Sections:
-    .text:
-      Entropy: 6.289707555994787
-      Virtual Size: '0x3e54'
-    .rdata:
-      Entropy: 4.138388504903226
-      Virtual Size: '0x238'
-    .data:
-      Entropy: 0.30140680731160896
-      Virtual Size: '0x1120'
-    .pdata:
-      Entropy: 3.394101782281126
-      Virtual Size: '0x90'
-    INIT:
-      Entropy: 5.057866512392725
-      Virtual Size: '0x3f0'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2010-08-29 05:38:31'
-  InternalName: ''
-  Copyright: ''
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IofCompleteRequest
-  - KeWaitForSingleObject
-  - PsGetVersion
-  - IoCreateSymbolicLink
-  - IoBuildDeviceIoControlRequest
-  - MmIsAddressValid
-  - IoDeleteSymbolicLink
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - RtlAnsiStringToUnicodeString
-  - MmMapIoSpace
-  - RtlInitUnicodeString
-  - IofCallDriver
-  - IoDeleteDevice
-  - strchr
-  - KeInitializeEvent
-  - RtlInitAnsiString
-  - MmUnmapIoSpace
-  - MmBuildMdlForNonPagedPool
-  - RtlFreeUnicodeString
-  - KeBugCheckEx
-  - IoGetDeviceObjectPointer
-  - IoAllocateMdl
-  - MmMapLockedPagesSpecifyCache
-  - __C_specific_handler
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=CA, ST=Quebec, L=Laval, O=LAVALYS, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, OU=Software Licensing Department, CN=LAVALYS
-      ValidFrom: '2008-09-04 00:00:00'
-      ValidTo: '2010-10-17 23:59:59'
-      Signature: 6cd0fe216b27c908f3d444ef0428c76bbc25f74beb7f2027a497499ea5b5c61f99c4e455341bdab5f26b3cc920a9e8224eb79a95ebb81e3fef374f992255d7a997e43f5b497be9bbfe7d28c6791d0e2c93e72668d8c18e08f3329dde27f8a587a59202d9ff6db84fbb56ea4d37b702d80ef4fcdc49bc636351e3ab2043db01b4312c653e830819cf8c44ce3da714dc73933f242b035ef6ef8dc486b5a8aece6e4061138a7e2f6916d527b5a3a6cfeb6475cba7b0afa08a5b6e8590e02758428b217a288d29f641cd493f34f251739b8b529fe0d30182ad5f4fb461caf7f6447598bc5b6833fb8be5884ee329413c4550c8715929c6767bb0fa5c101de989f5ee
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 739a73c1864ae27d7d9cdcf7055888e4
-      Version: 3
-      TBS:
-        MD5: 4ccfe1bafb291fc51e5636295c8e38eb
-        SHA1: c93bdd8fd964b6c750fcad1455a37fdd77276446
-        SHA256: 63b214b64cb75b53fd0d4baacbcadee892160af685a79f6b5c6f984214521c8f
-        SHA384: 70411e706a18564522cdcc92bbdaf6187c2a318b8beb2e7025959e04475e8a5bbdea470a6d82109c0fbd7b56b22abf5f
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 739a73c1864ae27d7d9cdcf7055888e4
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: ''
-  MD5: ab4656d1ec4d4cc83c76f639a5340e84
-  MachineType: AMD64
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: 6f8b0e1c7d7bd7beed853e0d51ca03f143e5b703
-  SHA256: 9917144b7240b1ce0cadb1210fd26182744fbbdf145943037c4b93e44aced207
-  Signature: ''
-  Imphash: a387f215b4964a3ca2e3c92f235a6d1b
-  Authentihash:
-    MD5: 8eda3e023c5fcf652d9c703853699f4a
-    SHA1: df5ec3bf96f7200f4365c383b0d93074a216324a
-    SHA256: 8c20d10857c37d8ed9151fa95f6bf12f99ef2c0bea36eed2370a1f4da7737951
-  RichPEHeaderHash:
-    MD5: a22a9aa3f58912bffbd51273b848fa2a
-    SHA1: cf13386bd4c692fa4ee4873479f82e47a413cafc
-    SHA256: abc066632466728bf6828ac1dc4400fdfd0953bb97ad08f7eb27de3581f930e7
-  Sections:
-    .text:
-      Entropy: 6.147651066524595
-      Virtual Size: '0xd24'
-    .rdata:
-      Entropy: 4.373354569063974
-      Virtual Size: '0xec'
-    .pdata:
-      Entropy: 2.60824728589356
-      Virtual Size: '0x24'
-    INIT:
-      Entropy: 4.090607332239198
-      Virtual Size: '0x122'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2004-10-13 15:37:45'
-  InternalName: ''
-  Copyright: ''
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IofCompleteRequest
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  Signatures: {}
-  LoadsDespiteHVCI: 'FALSE'
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: ''
-  MD5: b41dcdb2e710dffba2d8ea1defb0f087
-  MachineType: AMD64
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: 11fcaeda49848474cee9989a00d8f29cb727acb7
-  SHA256: a188760f1bf36584a2720014ca982252c6bcd824e7619a98580e28be6090dccc
-  Signature: ''
-  Imphash: 9e2cf28fe320bbf74972509536569c8e
-  Authentihash:
-    MD5: 80d3b21388e7b00c813d0c0cad450f6e
-    SHA1: 413266463b3800a35c8fb3bda1dabe38e5ccd452
-    SHA256: 36d8d27d2ee91c45502d3a6688afc5c09b2b9776232074e65bd813a230eb37d1
-  RichPEHeaderHash:
-    MD5: eb7a6452e7d8e135bf9199524118601d
-    SHA1: 7400103f42e22809e66c207f1eb1d22cd947f22f
-    SHA256: 7efa73cf87c7b47175625395d918a9fcc93d9b5bf6392978613fced2155908fe
-  Sections:
-    .text:
-      Entropy: 6.267178404843947
-      Virtual Size: '0x39d4'
-    .rdata:
-      Entropy: 4.268022493345964
-      Virtual Size: '0x208'
-    .data:
-      Entropy: 0.30140680731160896
-      Virtual Size: '0x1120'
-    .pdata:
-      Entropy: 3.262525157167094
-      Virtual Size: '0x78'
-    INIT:
-      Entropy: 5.015684190555883
-      Virtual Size: '0x32c'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2009-05-31 08:07:11'
-  InternalName: ''
-  Copyright: ''
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - strchr
-  - KeInitializeEvent
-  - RtlInitAnsiString
-  - MmUnmapIoSpace
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - KeWaitForSingleObject
-  - PsGetVersion
-  - IoCreateSymbolicLink
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - IoBuildDeviceIoControlRequest
-  - IofCallDriver
-  - IoDeleteSymbolicLink
-  - RtlAnsiStringToUnicodeString
-  - KeBugCheckEx
-  - __C_specific_handler
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=CA, ST=Quebec, L=Laval, O=LAVALYS, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, OU=Software Licensing Department, CN=LAVALYS
-      ValidFrom: '2008-09-04 00:00:00'
-      ValidTo: '2010-10-17 23:59:59'
-      Signature: 6cd0fe216b27c908f3d444ef0428c76bbc25f74beb7f2027a497499ea5b5c61f99c4e455341bdab5f26b3cc920a9e8224eb79a95ebb81e3fef374f992255d7a997e43f5b497be9bbfe7d28c6791d0e2c93e72668d8c18e08f3329dde27f8a587a59202d9ff6db84fbb56ea4d37b702d80ef4fcdc49bc636351e3ab2043db01b4312c653e830819cf8c44ce3da714dc73933f242b035ef6ef8dc486b5a8aece6e4061138a7e2f6916d527b5a3a6cfeb6475cba7b0afa08a5b6e8590e02758428b217a288d29f641cd493f34f251739b8b529fe0d30182ad5f4fb461caf7f6447598bc5b6833fb8be5884ee329413c4550c8715929c6767bb0fa5c101de989f5ee
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 739a73c1864ae27d7d9cdcf7055888e4
-      Version: 3
-      TBS:
-        MD5: 4ccfe1bafb291fc51e5636295c8e38eb
-        SHA1: c93bdd8fd964b6c750fcad1455a37fdd77276446
-        SHA256: 63b214b64cb75b53fd0d4baacbcadee892160af685a79f6b5c6f984214521c8f
-        SHA384: 70411e706a18564522cdcc92bbdaf6187c2a318b8beb2e7025959e04475e8a5bbdea470a6d82109c0fbd7b56b22abf5f
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 739a73c1864ae27d7d9cdcf7055888e4
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: ''
-  MD5: e99e86480d4206beb898dda82b71ca44
-  MachineType: AMD64
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: c41ff2067634a1cce6b8ec657cdfd87e7f6974e3
-  SHA256: b074caef2fbf7e1dc8870edccb65254858d95836f466b4e9e6ca398bf7a27aa3
-  Signature: ''
-  Imphash: 12fef92a55cb5e1533b89d8e6a5892b2
-  Authentihash:
-    MD5: e80ddfe5a816dd6cb2ffd72da610d8db
-    SHA1: a7e50663be8f7e859b63d1d266e8263a96f7520b
-    SHA256: f6e714528ad1b9eae72699078499735468140c1627e45f015762206ba7a77b47
-  RichPEHeaderHash:
-    MD5: 510491d926769fc79a5d3287db0dd59d
-    SHA1: 32af9e7e3a31bd44e3a5d717efcbe898d17c2423
-    SHA256: 8f0295454ac4eec12c5329539ee515da9c074bf6d009cc0b54ad4506d4097389
-  Sections:
-    .text:
-      Entropy: 6.292382717400381
-      Virtual Size: '0x3c04'
-    .rdata:
-      Entropy: 4.244027827436615
-      Virtual Size: '0x218'
-    .data:
-      Entropy: 0.30140680731160896
-      Virtual Size: '0x1120'
-    .pdata:
-      Entropy: 3.335620585409111
-      Virtual Size: '0x78'
-    INIT:
-      Entropy: 5.003814178607812
-      Virtual Size: '0x38c'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2010-02-17 11:47:03'
-  InternalName: ''
-  Copyright: ''
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - KeWaitForSingleObject
-  - PsGetVersion
-  - IoCreateSymbolicLink
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - MmUnmapIoSpace
-  - IoCreateDevice
-  - IoDeleteSymbolicLink
-  - RtlAnsiStringToUnicodeString
-  - IofCallDriver
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - strchr
-  - KeBugCheckEx
-  - RtlInitAnsiString
-  - IoBuildDeviceIoControlRequest
-  - KeInitializeEvent
-  - __C_specific_handler
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=HU, ST=Budapest, L=Budapest, O=FinalWire, OU=Digital ID Class 3 ,
-        Microsoft Software Validation v2, CN=FinalWire
-      ValidFrom: '2010-07-29 00:00:00'
-      ValidTo: '2012-07-28 23:59:59'
-      Signature: 99e136ac112e7c78ce7c6227980b00b97242c5f7fd2e9b7759cd1e4eb323f0e4c36199f581121ce2ea9331fb4421f78feffdffbe83a0bab67a68a8ac5b3f79d7412b78ebed416feb9ab1d3412de204db326c47b2ab415938b7fadccc83ac35ed2cacbd29df428db05fabb874865fbeabf7eea6c6bd87c11292b2d48b8481cc02000ed147203fa6d9902796beba69ad8fef775205295d8537f50ca96b98ac9ccdf64391f07768979df2557742564bdc4a44e96673038495cbfac986dbf89311f445df1874534325f3b70262a9d9dc475cd9259e6dec576e50df06a7817a6033bdbe97c98d4684772864ecc564baa2356375fdf1e75982c96f4d7578a2d945e916
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 01cc3af0c7b9f02c029c172f6f135621
-      Version: 3
-      TBS:
-        MD5: 735dfa995ca4af6545a694a22f0fb657
-        SHA1: 5957f3ae95e2a195cf0a1f99eeb989350b58f724
-        SHA256: 1278201f6ed95445add0bcdc6030e72609f88fa9bdabafb98615e358005025c1
-        SHA384: 3303d4a3274742ee5172188482e243db6dff6e90de9af946caabbd21d6bde8957d5e11b1405f7b784276b671841343d4
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 01cc3af0c7b9f02c029c172f6f135621
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: ''
-  MD5: 3af19d325f9dcdf360276ae5e7c136ea
-  MachineType: AMD64
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: 9ec6f54c74bcc48e355226c26513a7240fd9462d
-  SHA256: b1e4455499c6a90ba9a861120a015a6b6f17e64479462b869ad0f05edf6552de
-  Signature: ''
-  Imphash: 9fb64527ca6d4541cc256b1abd1e4101
-  Authentihash:
-    MD5: d5f989cdc26ec4900dce75f37ae08922
-    SHA1: 50c8857024e4bf57613d951932bbc3d890c839f6
-    SHA256: 9fa699246d83356d7b4bd99adf3c74f8e0682a650de2687075e70418ee9d5e38
-  RichPEHeaderHash:
-    MD5: 2c53952789ebcf16a337a5ec3ab41667
-    SHA1: 60852524abfeefc666c143ac7a6d7350244e53be
-    SHA256: 0a1214a3de635359675999b347fd34869caf91a1cd0510677996adcec5c2c6bc
-  Sections:
-    .text:
-      Entropy: 6.32956002357417
-      Virtual Size: '0x2b14'
-    .rdata:
-      Entropy: 4.290234756225693
-      Virtual Size: '0x1a8'
-    .data:
-      Entropy: 0.30140680731160896
-      Virtual Size: '0x1120'
-    .pdata:
-      Entropy: 3.2276654317225844
-      Virtual Size: '0x78'
-    INIT:
-      Entropy: 4.99439749912298
-      Virtual Size: '0x30c'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2008-11-14 08:36:07'
-  InternalName: ''
-  Copyright: ''
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoCreateSymbolicLink
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - IofCallDriver
-  - IoBuildDeviceIoControlRequest
-  - IoDeleteSymbolicLink
-  - RtlAnsiStringToUnicodeString
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - strchr
-  - KeInitializeEvent
-  - RtlInitAnsiString
-  - MmUnmapIoSpace
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - KeWaitForSingleObject
-  - PsGetVersion
-  - KeBugCheckEx
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=CA, ST=Quebec, L=Laval, O=LAVALYS, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, OU=Software Licensing Department, CN=LAVALYS
-      ValidFrom: '2008-09-04 00:00:00'
-      ValidTo: '2010-10-17 23:59:59'
-      Signature: 6cd0fe216b27c908f3d444ef0428c76bbc25f74beb7f2027a497499ea5b5c61f99c4e455341bdab5f26b3cc920a9e8224eb79a95ebb81e3fef374f992255d7a997e43f5b497be9bbfe7d28c6791d0e2c93e72668d8c18e08f3329dde27f8a587a59202d9ff6db84fbb56ea4d37b702d80ef4fcdc49bc636351e3ab2043db01b4312c653e830819cf8c44ce3da714dc73933f242b035ef6ef8dc486b5a8aece6e4061138a7e2f6916d527b5a3a6cfeb6475cba7b0afa08a5b6e8590e02758428b217a288d29f641cd493f34f251739b8b529fe0d30182ad5f4fb461caf7f6447598bc5b6833fb8be5884ee329413c4550c8715929c6767bb0fa5c101de989f5ee
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 739a73c1864ae27d7d9cdcf7055888e4
-      Version: 3
-      TBS:
-        MD5: 4ccfe1bafb291fc51e5636295c8e38eb
-        SHA1: c93bdd8fd964b6c750fcad1455a37fdd77276446
-        SHA256: 63b214b64cb75b53fd0d4baacbcadee892160af685a79f6b5c6f984214521c8f
-        SHA384: 70411e706a18564522cdcc92bbdaf6187c2a318b8beb2e7025959e04475e8a5bbdea470a6d82109c0fbd7b56b22abf5f
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 739a73c1864ae27d7d9cdcf7055888e4
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: ''
-  MD5: 4a829b8cf1f8fdb69e1d58ae04e6106e
-  MachineType: AMD64
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: 43f53a739eda1e58f470e8e9ff9aa1437e5d9546
-  SHA256: bac7e75745d0cb8819de738b73edded02a07111587c4531383dccd4562922b65
-  Signature: ''
-  Imphash: 14075e605bff546182d682f41afefea2
-  Authentihash:
-    MD5: 40fbf3c682b7160db67000115f14c2d9
-    SHA1: c59bcd90cf7bf8999629bdf6f87dfe714d81ba2b
-    SHA256: 9e855f9d5f5f4dc9420f34045df5d2c70498468f076d873571fc62e4015e38d3
-  RichPEHeaderHash:
-    MD5: 99e2fdbe346fb428297f8783591d5358
-    SHA1: 5eca02c6eaab32341e8baf724242ba04ac000d61
-    SHA256: 684d8e76806e586f1dcf85eb846659993d1f0e5a20fc4a0dfdb4d0c6137bb55a
-  Sections:
-    .text:
-      Entropy: 6.279921262911487
-      Virtual Size: '0x2784'
-    .rdata:
-      Entropy: 4.133004023626673
-      Virtual Size: '0x17c'
-    .data:
-      Entropy: 0.30140680731160896
-      Virtual Size: '0x920'
-    .pdata:
-      Entropy: 3.1281641929562314
-      Virtual Size: '0x60'
-    INIT:
-      Entropy: 4.943494160682739
-      Virtual Size: '0x30c'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2007-10-13 22:44:15'
-  InternalName: ''
-  Copyright: ''
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoGetDeviceObjectPointer
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - KeWaitForSingleObject
-  - PsGetVersion
-  - IoCreateSymbolicLink
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - IofCallDriver
-  - IoBuildDeviceIoControlRequest
-  - IoDeleteSymbolicLink
-  - RtlAnsiStringToUnicodeString
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - strchr
-  - KeInitializeEvent
-  - RtlInitAnsiString
-  - MmUnmapIoSpace
-  - RtlFreeUnicodeString
-  - KeBugCheckEx
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=CA, ST=Quebec, L=Laval, O=LAVALYS, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, OU=Software Licensing Department, CN=LAVALYS
-      ValidFrom: '2006-10-18 00:00:00'
-      ValidTo: '2008-10-17 23:59:59'
-      Signature: 5e0e77e4e5de0c6c4b7822b17a1e8ebd0960806438f5073c686b575f60dd4129d66bd66b7e4f33cff39dc890ae077db68615ad8d431eec3bf1531f6eb505fe48d186df3306d27893b42af5ef264b621acf26475fe93dd00906f61c78425c101d268d1050db3f7264d5e4a75a205b488684b716f3f2b317367ed13f34553238f6b4ab7a98c9fe48d32289d528d8db8cb583cef299e53f2fdde6d84ae2d2fd41cb826973c3da647221d9efbb2383cdae5c52adfa407399ebd2b9fafbf5c6246f944cd8e9ed79b4540b8ec53ba603464ae42f09468f762f71ddf9068cdd869c6fcf2d3806c6d20ab9781ee027849d946c5d2f58d7853bda919ca412e0c20024a6b7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1b417ba2cdab8010ecfc5ad9dd4baf33
-      Version: 3
-      TBS:
-        MD5: 32ff43e593925e5eab372e2d5e3c9734
-        SHA1: 405c78a239f39963fe8aa5ff5283c582aa369e7b
-        SHA256: 0a6e66dd63e42179cd9e1a1c9d22decad3abe55cfa6fa4062f5c503742d2076f
-        SHA384: a43a1f03510896d34a427c30f7ad75841dacd27b8328b9f756bc55981b71490386289422f1dd05d023c2714e753d85f8
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 1b417ba2cdab8010ecfc5ad9dd4baf33
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: ''
-  MD5: 8a212a246b3c41f3ddce5888aaaaacd6
-  MachineType: AMD64
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: 1b25fbab2dbee5504dc94fbcc298cd8669c097a8
-  SHA256: bae4372a9284db52dedc1c1100cefa758b3ec8d9d4f0e5588a8db34ded5edb1f
-  Signature: ''
-  Imphash: a387f215b4964a3ca2e3c92f235a6d1b
-  Authentihash:
-    MD5: 8f76fc1f9d51c1d878961770de8468f3
-    SHA1: 7fcc190a9ea23e610a30db42d9a6d6fb174bd074
-    SHA256: ac7cd788581d6f8098b5d438546eb3584c1b08dbe7fd3b1ddc2a7295bd4dd16f
-  RichPEHeaderHash:
-    MD5: a22a9aa3f58912bffbd51273b848fa2a
-    SHA1: cf13386bd4c692fa4ee4873479f82e47a413cafc
-    SHA256: abc066632466728bf6828ac1dc4400fdfd0953bb97ad08f7eb27de3581f930e7
-  Sections:
-    .text:
-      Entropy: 6.154772267861031
-      Virtual Size: '0xc74'
-    .rdata:
-      Entropy: 4.3771537086921075
-      Virtual Size: '0xec'
-    .pdata:
-      Entropy: 2.684771938731434
-      Virtual Size: '0x24'
-    INIT:
-      Entropy: 4.090607332239198
-      Virtual Size: '0x122'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2004-04-08 00:20:27'
-  InternalName: ''
-  Copyright: ''
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IofCompleteRequest
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  Signatures: {}
-  LoadsDespiteHVCI: 'FALSE'
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: ''
-  MD5: 198b723e13a270bb664dcb9fb6ed42e6
-  MachineType: AMD64
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: 297fdf58e60d54bcddf2694c21ceb9da9ec17915
-  SHA256: bd3cf8b9af255b5d4735782d3653be38578ff5be18846b13d05867a6159aaa53
-  Signature: ''
-  Imphash: 37b1eada43ad08093dfa4de7a411d15f
-  Authentihash:
-    MD5: 1022ba5d755ec9576fa590da85781481
-    SHA1: 615360e669acdf516e8164b41d92f0d17ff1b1d7
-    SHA256: 56135fb8d5d3ed93b38679cb0dea9cc16ed7fdb0db9659e40a5c2d82655ada67
-  RichPEHeaderHash:
-    MD5: 2c53952789ebcf16a337a5ec3ab41667
-    SHA1: 60852524abfeefc666c143ac7a6d7350244e53be
-    SHA256: 0a1214a3de635359675999b347fd34869caf91a1cd0510677996adcec5c2c6bc
-  Sections:
-    .text:
-      Entropy: 6.343312048090201
-      Virtual Size: '0x2c64'
-    .rdata:
-      Entropy: 4.29384664405546
-      Virtual Size: '0x1a8'
-    .data:
-      Entropy: 0.30140680731160896
-      Virtual Size: '0x1120'
-    .pdata:
-      Entropy: 3.2380413692045558
-      Virtual Size: '0x78'
-    INIT:
-      Entropy: 4.996752540797672
-      Virtual Size: '0x30c'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2008-12-13 11:32:27'
-  InternalName: ''
-  Copyright: ''
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoBuildDeviceIoControlRequest
-  - IofCallDriver
-  - IoDeleteSymbolicLink
-  - RtlAnsiStringToUnicodeString
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - strchr
-  - KeInitializeEvent
-  - RtlInitAnsiString
-  - MmUnmapIoSpace
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - KeWaitForSingleObject
-  - PsGetVersion
-  - IoCreateSymbolicLink
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - KeBugCheckEx
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=CA, ST=Quebec, L=Laval, O=LAVALYS, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, OU=Software Licensing Department, CN=LAVALYS
-      ValidFrom: '2008-09-04 00:00:00'
-      ValidTo: '2010-10-17 23:59:59'
-      Signature: 6cd0fe216b27c908f3d444ef0428c76bbc25f74beb7f2027a497499ea5b5c61f99c4e455341bdab5f26b3cc920a9e8224eb79a95ebb81e3fef374f992255d7a997e43f5b497be9bbfe7d28c6791d0e2c93e72668d8c18e08f3329dde27f8a587a59202d9ff6db84fbb56ea4d37b702d80ef4fcdc49bc636351e3ab2043db01b4312c653e830819cf8c44ce3da714dc73933f242b035ef6ef8dc486b5a8aece6e4061138a7e2f6916d527b5a3a6cfeb6475cba7b0afa08a5b6e8590e02758428b217a288d29f641cd493f34f251739b8b529fe0d30182ad5f4fb461caf7f6447598bc5b6833fb8be5884ee329413c4550c8715929c6767bb0fa5c101de989f5ee
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 739a73c1864ae27d7d9cdcf7055888e4
-      Version: 3
-      TBS:
-        MD5: 4ccfe1bafb291fc51e5636295c8e38eb
-        SHA1: c93bdd8fd964b6c750fcad1455a37fdd77276446
-        SHA256: 63b214b64cb75b53fd0d4baacbcadee892160af685a79f6b5c6f984214521c8f
-        SHA384: 70411e706a18564522cdcc92bbdaf6187c2a318b8beb2e7025959e04475e8a5bbdea470a6d82109c0fbd7b56b22abf5f
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 739a73c1864ae27d7d9cdcf7055888e4
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: ''
-  MD5: 5bbe4e52bd33f1cdd4cf38c7c65f80ae
-  MachineType: AMD64
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: d11659145d6627f3d93975528d92fb6814171f91
-  SHA256: c6db7f2750e7438196ec906cc9eba540ef49ceca6dbd981038cef1dc50662a73
-  Signature: ''
-  Imphash: 540992ba6f31301ba27604515a78ad79
-  Authentihash:
-    MD5: 9291f8094b605eaaa503896f70750286
-    SHA1: 505b25bf6f81b9cd2aed9a4041c734619cca6f48
-    SHA256: db0bcfb5bbd93abc8682508af224a1aa5e96f82f037ee0ba26d1d02a3d639a2a
-  RichPEHeaderHash:
-    MD5: d8efbf77a16c80060c37681f4fc696d7
-    SHA1: 74f746e5eebab46d9ee2e15c96542fa508bdd271
-    SHA256: c6e67d594fc9ff3077181314e987207660ae9627e0ec3ed7f8ad96e7719c130c
-  Sections:
-    .text:
-      Entropy: 6.300465536675167
-      Virtual Size: '0x1b1c'
-    .rdata:
-      Entropy: 4.541856549567209
-      Virtual Size: '0x184'
-    .data:
-      Entropy: 0.30140680731160896
-      Virtual Size: '0x520'
-    .pdata:
-      Entropy: 3.2694830715255043
-      Virtual Size: '0x84'
-    INIT:
-      Entropy: 4.674750178771107
-      Virtual Size: '0x1a6'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2006-06-24 06:26:46'
-  InternalName: ''
-  Copyright: ''
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - RtlAssert
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  Signatures: {}
-  LoadsDespiteHVCI: 'FALSE'
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: ''
-  MD5: 25ede0fd525a30d31998ea62876961ec
-  MachineType: AMD64
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: f9cced7ccdc1f149ad8ad13a264c4425aee89b8e
-  SHA256: cb59a641adb623a65a9b5af1db2ffd921fd1ca1bc046a6df85d5f2e00fd0b5a5
-  Signature: ''
-  Imphash: 3198fc43051f03c6c71587dbf232f75c
-  Authentihash:
-    MD5: 697dd3d62bd8d00e89e5c107f3d1aa71
-    SHA1: 9b4812dc3fc74f1dc144b916003e4341def44446
-    SHA256: 2e190b58266d9f7ce9681b834b0c7e6ab06e1305ab9258d714212a0bad58c0b4
-  RichPEHeaderHash:
-    MD5: d7c3e34ff185cd060fd272724a9a08d4
-    SHA1: 07bd4ac3ba36186190def09485c7e9ecdaae1d12
-    SHA256: e886be3aa324ce0db073d3bfc7e1603fdfa353e31159343409d6a3117c5e7849
-  Sections:
-    .text:
-      Entropy: 6.309517170812303
-      Virtual Size: '0x2394'
-    .rdata:
-      Entropy: 3.9556923494477734
-      Virtual Size: '0x160'
-    .data:
-      Entropy: 0.30140680731160896
-      Virtual Size: '0x920'
-    .pdata:
-      Entropy: 3.088095313070914
-      Virtual Size: '0x48'
-    INIT:
-      Entropy: 4.962170822592899
-      Virtual Size: '0x2fa'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2007-09-14 16:20:59'
-  InternalName: ''
-  Copyright: ''
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - RtlInitAnsiString
-  - MmUnmapIoSpace
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - KeWaitForSingleObject
-  - PsGetVersion
-  - IoCreateSymbolicLink
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - IofCallDriver
-  - IoBuildDeviceIoControlRequest
-  - IoDeleteSymbolicLink
-  - RtlAnsiStringToUnicodeString
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeInitializeEvent
-  - KeBugCheckEx
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=CA, ST=Quebec, L=Laval, O=LAVALYS, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, OU=Software Licensing Department, CN=LAVALYS
-      ValidFrom: '2006-10-18 00:00:00'
-      ValidTo: '2008-10-17 23:59:59'
-      Signature: 5e0e77e4e5de0c6c4b7822b17a1e8ebd0960806438f5073c686b575f60dd4129d66bd66b7e4f33cff39dc890ae077db68615ad8d431eec3bf1531f6eb505fe48d186df3306d27893b42af5ef264b621acf26475fe93dd00906f61c78425c101d268d1050db3f7264d5e4a75a205b488684b716f3f2b317367ed13f34553238f6b4ab7a98c9fe48d32289d528d8db8cb583cef299e53f2fdde6d84ae2d2fd41cb826973c3da647221d9efbb2383cdae5c52adfa407399ebd2b9fafbf5c6246f944cd8e9ed79b4540b8ec53ba603464ae42f09468f762f71ddf9068cdd869c6fcf2d3806c6d20ab9781ee027849d946c5d2f58d7853bda919ca412e0c20024a6b7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1b417ba2cdab8010ecfc5ad9dd4baf33
-      Version: 3
-      TBS:
-        MD5: 32ff43e593925e5eab372e2d5e3c9734
-        SHA1: 405c78a239f39963fe8aa5ff5283c582aa369e7b
-        SHA256: 0a6e66dd63e42179cd9e1a1c9d22decad3abe55cfa6fa4062f5c503742d2076f
-        SHA384: a43a1f03510896d34a427c30f7ad75841dacd27b8328b9f756bc55981b71490386289422f1dd05d023c2714e753d85f8
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 1b417ba2cdab8010ecfc5ad9dd4baf33
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: ''
-  MD5: 03ca3b1cff154ab8855043abadd07956
-  MachineType: AMD64
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: 96047b280e0d6ddde9df1c79ca5f561219a0370d
-  SHA256: d330ab003206ce5e9828607562790aa8dd0453f6b7452f5c6053e3c6b6761d25
-  Signature: ''
-  Imphash: 8232d2f79ce126e84cc044543ad82790
-  Authentihash:
-    MD5: 576743e8db31ee0e2dfb3731be4dc31c
-    SHA1: 36ae0624e64979290cf6c643980aae899bb10311
-    SHA256: 8f69fa6128acbaa8217454ff22eb7fb9be1e841ed47116e7616749600b4bfc4d
-  RichPEHeaderHash:
-    MD5: e93b5a02ff5f4c18b186ee8c35f3132e
-    SHA1: 897dc8e1b30df0d168feda245816e72aa2cfcf9e
-    SHA256: 377d1179f5eac38231f07ffef5b19a098956f1074a11f518bee00fee1f5f1cad
-  Sections:
-    .text:
-      Entropy: 6.288801441683452
-      Virtual Size: '0x3e52'
-    .rdata:
-      Entropy: 4.13594691696676
-      Virtual Size: '0x238'
-    .data:
-      Entropy: 0.30140680731160896
-      Virtual Size: '0x1120'
-    .pdata:
-      Entropy: 3.394101782281126
-      Virtual Size: '0x90'
-    INIT:
-      Entropy: 5.057866512392725
-      Virtual Size: '0x3f0'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2010-10-05 02:21:07'
-  InternalName: ''
-  Copyright: ''
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IofCompleteRequest
-  - KeWaitForSingleObject
-  - PsGetVersion
-  - IoCreateSymbolicLink
-  - IoBuildDeviceIoControlRequest
-  - MmIsAddressValid
-  - IoDeleteSymbolicLink
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - RtlAnsiStringToUnicodeString
-  - MmMapIoSpace
-  - RtlInitUnicodeString
-  - IofCallDriver
-  - IoDeleteDevice
-  - strchr
-  - KeInitializeEvent
-  - RtlInitAnsiString
-  - MmUnmapIoSpace
-  - MmBuildMdlForNonPagedPool
-  - RtlFreeUnicodeString
-  - KeBugCheckEx
-  - IoGetDeviceObjectPointer
-  - IoAllocateMdl
-  - MmMapLockedPagesSpecifyCache
-  - __C_specific_handler
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=HU, ST=Budapest, L=Budapest, O=FinalWire, OU=Digital ID Class 3 ,
-        Microsoft Software Validation v2, CN=FinalWire
-      ValidFrom: '2010-07-29 00:00:00'
-      ValidTo: '2012-07-28 23:59:59'
-      Signature: 99e136ac112e7c78ce7c6227980b00b97242c5f7fd2e9b7759cd1e4eb323f0e4c36199f581121ce2ea9331fb4421f78feffdffbe83a0bab67a68a8ac5b3f79d7412b78ebed416feb9ab1d3412de204db326c47b2ab415938b7fadccc83ac35ed2cacbd29df428db05fabb874865fbeabf7eea6c6bd87c11292b2d48b8481cc02000ed147203fa6d9902796beba69ad8fef775205295d8537f50ca96b98ac9ccdf64391f07768979df2557742564bdc4a44e96673038495cbfac986dbf89311f445df1874534325f3b70262a9d9dc475cd9259e6dec576e50df06a7817a6033bdbe97c98d4684772864ecc564baa2356375fdf1e75982c96f4d7578a2d945e916
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 01cc3af0c7b9f02c029c172f6f135621
-      Version: 3
-      TBS:
-        MD5: 735dfa995ca4af6545a694a22f0fb657
-        SHA1: 5957f3ae95e2a195cf0a1f99eeb989350b58f724
-        SHA256: 1278201f6ed95445add0bcdc6030e72609f88fa9bdabafb98615e358005025c1
-        SHA384: 3303d4a3274742ee5172188482e243db6dff6e90de9af946caabbd21d6bde8957d5e11b1405f7b784276b671841343d4
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 01cc3af0c7b9f02c029c172f6f135621
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: ''
-  MD5: 2b6a17ec50d3a21e030ed78f7acbd2af
-  MachineType: AMD64
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: cd7b0c6b6ef809e7fb1f68ba36150eceabe500f7
-  SHA256: d3b5fd13a53eee5c468c8bfde4bfa7b968c761f9b781bb80ccd5637ee052ee7d
-  Signature: ''
-  Imphash: d232ae5bad7ce02f4eece90ef370c7a0
-  Authentihash:
-    MD5: d9faacfcccaa55e240ae3967dba2ccc6
-    SHA1: d4933bd439b26de02e70e2001913b0bced6b5754
-    SHA256: 93cdc6e885459d95d5e9d6b2ee979e5cad44af1f57bca3947d594847cfbd5829
-  RichPEHeaderHash:
-    MD5: d7c3e34ff185cd060fd272724a9a08d4
-    SHA1: 07bd4ac3ba36186190def09485c7e9ecdaae1d12
-    SHA256: e886be3aa324ce0db073d3bfc7e1603fdfa353e31159343409d6a3117c5e7849
-  Sections:
-    .text:
-      Entropy: 6.376445549544823
-      Virtual Size: '0x1e14'
-    .rdata:
-      Entropy: 3.9864958981614937
-      Virtual Size: '0x160'
-    .data:
-      Entropy: 0.30140680731160896
-      Virtual Size: '0x520'
-    .pdata:
-      Entropy: 3.001455039824863
-      Virtual Size: '0x3c'
-    INIT:
-      Entropy: 4.95468047746019
-      Virtual Size: '0x2fa'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2007-07-09 18:15:14'
-  InternalName: ''
-  Copyright: ''
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IofCallDriver
-  - IoBuildDeviceIoControlRequest
-  - IoDeleteSymbolicLink
-  - RtlAnsiStringToUnicodeString
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeInitializeEvent
-  - RtlInitAnsiString
-  - MmUnmapIoSpace
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - KeWaitForSingleObject
-  - PsGetVersion
-  - IoCreateSymbolicLink
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - KeBugCheckEx
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=CA, ST=Quebec, L=Laval, O=LAVALYS, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, OU=Software Licensing Department, CN=LAVALYS
-      ValidFrom: '2006-10-18 00:00:00'
-      ValidTo: '2008-10-17 23:59:59'
-      Signature: 5e0e77e4e5de0c6c4b7822b17a1e8ebd0960806438f5073c686b575f60dd4129d66bd66b7e4f33cff39dc890ae077db68615ad8d431eec3bf1531f6eb505fe48d186df3306d27893b42af5ef264b621acf26475fe93dd00906f61c78425c101d268d1050db3f7264d5e4a75a205b488684b716f3f2b317367ed13f34553238f6b4ab7a98c9fe48d32289d528d8db8cb583cef299e53f2fdde6d84ae2d2fd41cb826973c3da647221d9efbb2383cdae5c52adfa407399ebd2b9fafbf5c6246f944cd8e9ed79b4540b8ec53ba603464ae42f09468f762f71ddf9068cdd869c6fcf2d3806c6d20ab9781ee027849d946c5d2f58d7853bda919ca412e0c20024a6b7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1b417ba2cdab8010ecfc5ad9dd4baf33
-      Version: 3
-      TBS:
-        MD5: 32ff43e593925e5eab372e2d5e3c9734
-        SHA1: 405c78a239f39963fe8aa5ff5283c582aa369e7b
-        SHA256: 0a6e66dd63e42179cd9e1a1c9d22decad3abe55cfa6fa4062f5c503742d2076f
-        SHA384: a43a1f03510896d34a427c30f7ad75841dacd27b8328b9f756bc55981b71490386289422f1dd05d023c2714e753d85f8
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 1b417ba2cdab8010ecfc5ad9dd4baf33
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: ''
-  MD5: 2d854c6772f0daa8d1fde4168d26c36b
-  MachineType: AMD64
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: 0b3836d5d98bc8862a380aae19caa3e77a2d93ef
-  SHA256: db0d425708ba908aedf5f8762d6fdca7636ae3a537372889446176c0237a2836
-  Signature: ''
-  Imphash: 12fef92a55cb5e1533b89d8e6a5892b2
-  Authentihash:
-    MD5: 3e15e42c2c1383d31e85b2da63dd7823
-    SHA1: bd280953877c65eea79de5a3edc1961b650e7c76
-    SHA256: d9674a1364fde6b5e7fb1770bdebb8db7de8e15f3c976e5c5102775c95452967
-  RichPEHeaderHash:
-    MD5: 510491d926769fc79a5d3287db0dd59d
-    SHA1: 32af9e7e3a31bd44e3a5d717efcbe898d17c2423
-    SHA256: 8f0295454ac4eec12c5329539ee515da9c074bf6d009cc0b54ad4506d4097389
-  Sections:
-    .text:
-      Entropy: 6.291901945715824
-      Virtual Size: '0x3c04'
-    .rdata:
-      Entropy: 4.210949425786671
-      Virtual Size: '0x218'
-    .data:
-      Entropy: 0.30140680731160896
-      Virtual Size: '0x1120'
-    .pdata:
-      Entropy: 3.335620585409111
-      Virtual Size: '0x78'
-    INIT:
-      Entropy: 5.003814178607812
-      Virtual Size: '0x38c'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2009-10-09 14:49:06'
-  InternalName: ''
-  Copyright: ''
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - KeWaitForSingleObject
-  - PsGetVersion
-  - IoCreateSymbolicLink
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - MmUnmapIoSpace
-  - IoCreateDevice
-  - IoDeleteSymbolicLink
-  - RtlAnsiStringToUnicodeString
-  - IofCallDriver
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - strchr
-  - KeBugCheckEx
-  - RtlInitAnsiString
-  - IoBuildDeviceIoControlRequest
-  - KeInitializeEvent
-  - __C_specific_handler
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=CA, ST=Quebec, L=Laval, O=LAVALYS, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, OU=Software Licensing Department, CN=LAVALYS
-      ValidFrom: '2008-09-04 00:00:00'
-      ValidTo: '2010-10-17 23:59:59'
-      Signature: 6cd0fe216b27c908f3d444ef0428c76bbc25f74beb7f2027a497499ea5b5c61f99c4e455341bdab5f26b3cc920a9e8224eb79a95ebb81e3fef374f992255d7a997e43f5b497be9bbfe7d28c6791d0e2c93e72668d8c18e08f3329dde27f8a587a59202d9ff6db84fbb56ea4d37b702d80ef4fcdc49bc636351e3ab2043db01b4312c653e830819cf8c44ce3da714dc73933f242b035ef6ef8dc486b5a8aece6e4061138a7e2f6916d527b5a3a6cfeb6475cba7b0afa08a5b6e8590e02758428b217a288d29f641cd493f34f251739b8b529fe0d30182ad5f4fb461caf7f6447598bc5b6833fb8be5884ee329413c4550c8715929c6767bb0fa5c101de989f5ee
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 739a73c1864ae27d7d9cdcf7055888e4
-      Version: 3
-      TBS:
-        MD5: 4ccfe1bafb291fc51e5636295c8e38eb
-        SHA1: c93bdd8fd964b6c750fcad1455a37fdd77276446
-        SHA256: 63b214b64cb75b53fd0d4baacbcadee892160af685a79f6b5c6f984214521c8f
-        SHA384: 70411e706a18564522cdcc92bbdaf6187c2a318b8beb2e7025959e04475e8a5bbdea470a6d82109c0fbd7b56b22abf5f
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 739a73c1864ae27d7d9cdcf7055888e4
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: ''
-  MD5: 1ad400766530669d14a077514599e7f3
-  MachineType: AMD64
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: 1b84abffd814b9f4595296b3e5ede0c44e630967
-  SHA256: dfe57c6a4ef4d2491be325d67428698a61d9c5d2a24dbada10043d313be2c8cc
-  Signature: ''
-  Imphash: f4fa225abfb5a5263241a01a2c3f2b8f
-  Authentihash:
-    MD5: 63fb6eee97dd766aceb02f08b55cbc3a
-    SHA1: 0d67d6c7eb3dc1555faad8b09b60d03e3ec10d6d
-    SHA256: fe9c104a3bb9184a8f792f3f8a3e90d83b9f19cf83cd93d116b02e17f54d727d
-  RichPEHeaderHash:
-    MD5: 2c53952789ebcf16a337a5ec3ab41667
-    SHA1: 60852524abfeefc666c143ac7a6d7350244e53be
-    SHA256: 0a1214a3de635359675999b347fd34869caf91a1cd0510677996adcec5c2c6bc
-  Sections:
-    .text:
-      Entropy: 6.335958908727293
-      Virtual Size: '0x29c4'
-    .rdata:
-      Entropy: 4.191591995511493
-      Virtual Size: '0x194'
-    .data:
-      Entropy: 0.30140680731160896
-      Virtual Size: '0x920'
-    .pdata:
-      Entropy: 3.1803677092748437
-      Virtual Size: '0x6c'
-    INIT:
-      Entropy: 4.945523741978113
-      Virtual Size: '0x30c'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2008-08-29 08:41:55'
-  InternalName: ''
-  Copyright: ''
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - PsGetVersion
-  - IoCreateSymbolicLink
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - IofCallDriver
-  - IoBuildDeviceIoControlRequest
-  - IoDeleteSymbolicLink
-  - RtlAnsiStringToUnicodeString
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - strchr
-  - KeInitializeEvent
-  - RtlInitAnsiString
-  - MmUnmapIoSpace
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - KeWaitForSingleObject
-  - KeBugCheckEx
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=CA, ST=Quebec, L=Laval, O=LAVALYS, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, OU=Software Licensing Department, CN=LAVALYS
-      ValidFrom: '2006-10-18 00:00:00'
-      ValidTo: '2008-10-17 23:59:59'
-      Signature: 5e0e77e4e5de0c6c4b7822b17a1e8ebd0960806438f5073c686b575f60dd4129d66bd66b7e4f33cff39dc890ae077db68615ad8d431eec3bf1531f6eb505fe48d186df3306d27893b42af5ef264b621acf26475fe93dd00906f61c78425c101d268d1050db3f7264d5e4a75a205b488684b716f3f2b317367ed13f34553238f6b4ab7a98c9fe48d32289d528d8db8cb583cef299e53f2fdde6d84ae2d2fd41cb826973c3da647221d9efbb2383cdae5c52adfa407399ebd2b9fafbf5c6246f944cd8e9ed79b4540b8ec53ba603464ae42f09468f762f71ddf9068cdd869c6fcf2d3806c6d20ab9781ee027849d946c5d2f58d7853bda919ca412e0c20024a6b7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1b417ba2cdab8010ecfc5ad9dd4baf33
-      Version: 3
-      TBS:
-        MD5: 32ff43e593925e5eab372e2d5e3c9734
-        SHA1: 405c78a239f39963fe8aa5ff5283c582aa369e7b
-        SHA256: 0a6e66dd63e42179cd9e1a1c9d22decad3abe55cfa6fa4062f5c503742d2076f
-        SHA384: a43a1f03510896d34a427c30f7ad75841dacd27b8328b9f756bc55981b71490386289422f1dd05d023c2714e753d85f8
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 1b417ba2cdab8010ecfc5ad9dd4baf33
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: ''
-  MD5: 0ec31f45e2e698a83131b4443f9a6dd7
-  MachineType: AMD64
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: d43b2ac1221f2eaf2c170788280255cfef3edd72
-  SHA256: e8b51ab681714e491ab1a59a7c9419db39db04b0dd7be11293f3a0951afe740e
-  Signature: ''
-  Imphash: 540992ba6f31301ba27604515a78ad79
-  Authentihash:
-    MD5: 5305c2315974896cd8e5897aa05f2df6
-    SHA1: fad47f27c9498b1c1db11c0d0edfdb486d700971
-    SHA256: bb11fe81a2d2ca868398055e9f8cc7349ff4ac6d0a4f1e85e7e5d04ed7357349
-  RichPEHeaderHash:
-    MD5: d8efbf77a16c80060c37681f4fc696d7
-    SHA1: 74f746e5eebab46d9ee2e15c96542fa508bdd271
-    SHA256: c6e67d594fc9ff3077181314e987207660ae9627e0ec3ed7f8ad96e7719c130c
-  Sections:
-    .text:
-      Entropy: 6.285373730661977
-      Virtual Size: '0x1a4c'
-    .rdata:
-      Entropy: 4.544122542355554
-      Virtual Size: '0x184'
-    .data:
-      Entropy: 0.3459259103346658
-      Virtual Size: '0x520'
-    .pdata:
-      Entropy: 3.2183096813575993
-      Virtual Size: '0x84'
-    INIT:
-      Entropy: 4.6606567053447545
-      Virtual Size: '0x196'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2005-12-15 17:15:51'
-  InternalName: ''
-  Copyright: ''
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - RtlAssert
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  Signatures: {}
-  LoadsDespiteHVCI: 'FALSE'
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: ''
-  MD5: 96fb2101f85fa81871256107bdd25169
-  MachineType: AMD64
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: ba63502aaf8c5a7c2464e83295948447e938a844
-  SHA256: e9919d1546c7dfef62ff01b87f739812de0a57463611c12012013ae689023ce1
-  Signature: ''
-  Imphash: 12fef92a55cb5e1533b89d8e6a5892b2
-  Authentihash:
-    MD5: 0beb615ff472de5c798f64ddf2abb8ea
-    SHA1: eb54c8926bdb26a17e195d13839b7d250451c66e
-    SHA256: 6f3a182bbeba28dd15e1ad52041b8b32670651686697224cad821a334a8600da
-  RichPEHeaderHash:
-    MD5: 510491d926769fc79a5d3287db0dd59d
-    SHA1: 32af9e7e3a31bd44e3a5d717efcbe898d17c2423
-    SHA256: 8f0295454ac4eec12c5329539ee515da9c074bf6d009cc0b54ad4506d4097389
-  Sections:
-    .text:
-      Entropy: 6.292195128319989
-      Virtual Size: '0x3bf4'
-    .rdata:
-      Entropy: 4.232965822686604
-      Virtual Size: '0x218'
-    .data:
-      Entropy: 0.30140680731160896
-      Virtual Size: '0x1120'
-    .pdata:
-      Entropy: 3.302287252075778
-      Virtual Size: '0x78'
-    INIT:
-      Entropy: 5.003814178607812
-      Virtual Size: '0x38c'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2010-01-09 15:48:06'
-  InternalName: ''
-  Copyright: ''
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - KeWaitForSingleObject
-  - PsGetVersion
-  - IoCreateSymbolicLink
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - MmUnmapIoSpace
-  - IoCreateDevice
-  - IoDeleteSymbolicLink
-  - RtlAnsiStringToUnicodeString
-  - IofCallDriver
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - strchr
-  - KeBugCheckEx
-  - RtlInitAnsiString
-  - IoBuildDeviceIoControlRequest
-  - KeInitializeEvent
-  - __C_specific_handler
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=CA, ST=Quebec, L=Laval, O=LAVALYS, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, OU=Software Licensing Department, CN=LAVALYS
-      ValidFrom: '2008-09-04 00:00:00'
-      ValidTo: '2010-10-17 23:59:59'
-      Signature: 6cd0fe216b27c908f3d444ef0428c76bbc25f74beb7f2027a497499ea5b5c61f99c4e455341bdab5f26b3cc920a9e8224eb79a95ebb81e3fef374f992255d7a997e43f5b497be9bbfe7d28c6791d0e2c93e72668d8c18e08f3329dde27f8a587a59202d9ff6db84fbb56ea4d37b702d80ef4fcdc49bc636351e3ab2043db01b4312c653e830819cf8c44ce3da714dc73933f242b035ef6ef8dc486b5a8aece6e4061138a7e2f6916d527b5a3a6cfeb6475cba7b0afa08a5b6e8590e02758428b217a288d29f641cd493f34f251739b8b529fe0d30182ad5f4fb461caf7f6447598bc5b6833fb8be5884ee329413c4550c8715929c6767bb0fa5c101de989f5ee
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 739a73c1864ae27d7d9cdcf7055888e4
-      Version: 3
-      TBS:
-        MD5: 4ccfe1bafb291fc51e5636295c8e38eb
-        SHA1: c93bdd8fd964b6c750fcad1455a37fdd77276446
-        SHA256: 63b214b64cb75b53fd0d4baacbcadee892160af685a79f6b5c6f984214521c8f
-        SHA384: 70411e706a18564522cdcc92bbdaf6187c2a318b8beb2e7025959e04475e8a5bbdea470a6d82109c0fbd7b56b22abf5f
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 739a73c1864ae27d7d9cdcf7055888e4
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: ''
-  MD5: b3d6378185356326fd8ee4329b0b7698
-  MachineType: AMD64
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: f7330a6a4d9df2f35ab93a28c8ee1eb14a74be6e
-  SHA256: f13f6a4bf7711216c9e911f18dfa2735222551fb1f8c1a645a8674c1983ccea6
-  Signature: ''
-  Imphash: 540992ba6f31301ba27604515a78ad79
-  Authentihash:
-    MD5: 94ce9ab807de36019621677807e36b34
-    SHA1: d9673daa57dd14ec8cddae4212c94d27f9eba4a0
-    SHA256: 40ebdd21c93146a92536688a230801791a86e2bec2719896a3d629ad930e9f17
-  RichPEHeaderHash:
-    MD5: d8efbf77a16c80060c37681f4fc696d7
-    SHA1: 74f746e5eebab46d9ee2e15c96542fa508bdd271
-    SHA256: c6e67d594fc9ff3077181314e987207660ae9627e0ec3ed7f8ad96e7719c130c
-  Sections:
-    .text:
-      Entropy: 6.285282129935207
-      Virtual Size: '0x1a5c'
-    .rdata:
-      Entropy: 4.586660874271472
-      Virtual Size: '0x184'
-    .data:
-      Entropy: 0.30140680731160896
-      Virtual Size: '0x520'
-    .pdata:
-      Entropy: 3.186933094614597
-      Virtual Size: '0x84'
-    INIT:
-      Entropy: 4.6682220093347
-      Virtual Size: '0x1a6'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2006-01-14 09:24:35'
-  InternalName: ''
-  Copyright: ''
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - RtlAssert
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  Signatures: {}
-  LoadsDespiteHVCI: 'FALSE'
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: ''
-  MD5: 0c7f66cd219817eaab41f36d4bc0d4cd
-  MachineType: AMD64
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: 9d0b824892fbfb0b943911326f95cd0264c60f7d
-  SHA256: f64a78b1294e6837f12f171a663d8831f232b1012fd8bae3c2c6368fbf71219b
-  Signature: ''
-  Imphash: 540992ba6f31301ba27604515a78ad79
-  Authentihash:
-    MD5: 67d8349af99121fe4b2029c3772f0807
-    SHA1: add7ea044995f5f6b9cc9403fd30a8124a9ff158
-    SHA256: 23440de2db935be1c06b40ff2809215d00d95930abe3fda70ea57cf8a9fc0e98
-  RichPEHeaderHash:
-    MD5: d8efbf77a16c80060c37681f4fc696d7
-    SHA1: 74f746e5eebab46d9ee2e15c96542fa508bdd271
-    SHA256: c6e67d594fc9ff3077181314e987207660ae9627e0ec3ed7f8ad96e7719c130c
-  Sections:
-    .text:
-      Entropy: 6.300465536675167
-      Virtual Size: '0x1b1c'
-    .rdata:
-      Entropy: 4.547070692830879
-      Virtual Size: '0x184'
-    .data:
-      Entropy: 0.30140680731160896
-      Virtual Size: '0x520'
-    .pdata:
-      Entropy: 3.2694830715255043
-      Virtual Size: '0x84'
-    INIT:
-      Entropy: 4.674750178771107
-      Virtual Size: '0x1a6'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2006-08-09 16:44:56'
-  InternalName: ''
-  Copyright: ''
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - RtlAssert
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  Signatures: {}
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create kerneldamd64 binPath= C:\windows\temp\kerneldamd64.sys
+        type=kernel && sc.exe start kerneldamd64
+    Description: The Carbon Black Threat Analysis Unit (TAU) discovered 34 unique
+        vulnerable drivers (237 file hashes) accepting firmware access. Six allow
+        kernel memory access. All give full control of the devices to non-admin users.
+        By exploiting the vulnerable drivers, an attacker without the system privilege
+        may erase/alter firmware, and/or elevate privileges. As of the time of writing
+        in October 2023, the filenames of the vulnerable drivers have not been made
+        public until now.
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://blogs.vmware.com/security/2023/10/hunting-vulnerable-kernel-drivers.html
-Tags:
-- kerneld.amd64
-Verified: 'TRUE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: ''
+    MD5: 7575b35fee4ec8dbd0a61dbca3b972e3
+    MachineType: AMD64
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: 76a756cc61653abcadd63db4a74c48d92607a861
+    SHA256: 065a34b786b0ccf6f88c136408943c3d2bd3da14357ee1e55e81e05d67a4c9bc
+    Signature: ''
+    Imphash: 8232d2f79ce126e84cc044543ad82790
+    Authentihash:
+        MD5: 466c85cd235caf91a0a7c8b4a09c3865
+        SHA1: ac56dd7722a47e33ba0924aaa6062f74bfc1c08f
+        SHA256: 88188ebb2dd61397d816274645cce6044489675a52d835faf518b2d137e0604c
+    RichPEHeaderHash:
+        MD5: e93b5a02ff5f4c18b186ee8c35f3132e
+        SHA1: 897dc8e1b30df0d168feda245816e72aa2cfcf9e
+        SHA256: 377d1179f5eac38231f07ffef5b19a098956f1074a11f518bee00fee1f5f1cad
+    Sections:
+        .text:
+            Entropy: 6.275929492225141
+            Virtual Size: '0x3dd4'
+        .rdata:
+            Entropy: 4.112615600676025
+            Virtual Size: '0x238'
+        .data:
+            Entropy: 0.30140680731160896
+            Virtual Size: '0x1120'
+        .pdata:
+            Entropy: 3.3519385522427245
+            Virtual Size: '0x78'
+        INIT:
+            Entropy: 5.058615408724236
+            Virtual Size: '0x3f0'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2010-06-17 15:13:48'
+    InternalName: ''
+    Copyright: ''
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IofCompleteRequest
+    - KeWaitForSingleObject
+    - PsGetVersion
+    - IoCreateSymbolicLink
+    - IoBuildDeviceIoControlRequest
+    - MmIsAddressValid
+    - IoDeleteSymbolicLink
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - RtlAnsiStringToUnicodeString
+    - MmMapIoSpace
+    - RtlInitUnicodeString
+    - IofCallDriver
+    - IoDeleteDevice
+    - strchr
+    - KeInitializeEvent
+    - RtlInitAnsiString
+    - MmUnmapIoSpace
+    - MmBuildMdlForNonPagedPool
+    - RtlFreeUnicodeString
+    - KeBugCheckEx
+    - IoGetDeviceObjectPointer
+    - IoAllocateMdl
+    - MmMapLockedPagesSpecifyCache
+    - __C_specific_handler
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=CA, ST=Quebec, L=Laval, O=LAVALYS, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, OU=Software Licensing Department,
+                CN=LAVALYS
+            ValidFrom: '2008-09-04 00:00:00'
+            ValidTo: '2010-10-17 23:59:59'
+            Signature: 6cd0fe216b27c908f3d444ef0428c76bbc25f74beb7f2027a497499ea5b5c61f99c4e455341bdab5f26b3cc920a9e8224eb79a95ebb81e3fef374f992255d7a997e43f5b497be9bbfe7d28c6791d0e2c93e72668d8c18e08f3329dde27f8a587a59202d9ff6db84fbb56ea4d37b702d80ef4fcdc49bc636351e3ab2043db01b4312c653e830819cf8c44ce3da714dc73933f242b035ef6ef8dc486b5a8aece6e4061138a7e2f6916d527b5a3a6cfeb6475cba7b0afa08a5b6e8590e02758428b217a288d29f641cd493f34f251739b8b529fe0d30182ad5f4fb461caf7f6447598bc5b6833fb8be5884ee329413c4550c8715929c6767bb0fa5c101de989f5ee
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 739a73c1864ae27d7d9cdcf7055888e4
+            Version: 3
+            TBS:
+                MD5: 4ccfe1bafb291fc51e5636295c8e38eb
+                SHA1: c93bdd8fd964b6c750fcad1455a37fdd77276446
+                SHA256: 63b214b64cb75b53fd0d4baacbcadee892160af685a79f6b5c6f984214521c8f
+                SHA384: 70411e706a18564522cdcc92bbdaf6187c2a318b8beb2e7025959e04475e8a5bbdea470a6d82109c0fbd7b56b22abf5f
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 739a73c1864ae27d7d9cdcf7055888e4
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: ''
+    MD5: 397580c24c544d477688fcfca9c9b542
+    MachineType: AMD64
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: 4a1a499857accc04b4d586df3f0e0c2b3546e825
+    SHA256: 0c018eaa293c03febe2aef1e868fca782a06b49d7d2f9f388ae5fb57604c5250
+    Signature: ''
+    Imphash: 540992ba6f31301ba27604515a78ad79
+    Authentihash:
+        MD5: 63ed411f59c8050e042b29626a4bd605
+        SHA1: 1d0e2dc0d10e2c6d0f902498a9f07f30de032e3c
+        SHA256: 77aabfc119686757d31cc9d21af9bf3bacecaae09dc92e548355a145db0aa774
+    RichPEHeaderHash:
+        MD5: d8efbf77a16c80060c37681f4fc696d7
+        SHA1: 74f746e5eebab46d9ee2e15c96542fa508bdd271
+        SHA256: c6e67d594fc9ff3077181314e987207660ae9627e0ec3ed7f8ad96e7719c130c
+    Sections:
+        .text:
+            Entropy: 6.2545318181498475
+            Virtual Size: '0x1aec'
+        .rdata:
+            Entropy: 4.497421120741519
+            Virtual Size: '0x184'
+        .data:
+            Entropy: 0.3459259103346658
+            Virtual Size: '0x520'
+        .pdata:
+            Entropy: 3.1916142614183896
+            Virtual Size: '0x84'
+        INIT:
+            Entropy: 4.665582813719138
+            Virtual Size: '0x196'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2005-11-20 09:21:24'
+    InternalName: ''
+    Copyright: ''
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - RtlAssert
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    Signatures: {}
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: ''
+    MD5: 13a2b915f6d93e52505656773d53096f
+    MachineType: AMD64
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: 336ed563ef96c40eece92a4d13de9f9b69991c8a
+    SHA256: 125e4475a5437634cab529da9ea2ef0f4f65f89fb25a06349d731f283c27d9fe
+    Signature: ''
+    Imphash: 12fef92a55cb5e1533b89d8e6a5892b2
+    Authentihash:
+        MD5: e80ddfe5a816dd6cb2ffd72da610d8db
+        SHA1: a7e50663be8f7e859b63d1d266e8263a96f7520b
+        SHA256: f6e714528ad1b9eae72699078499735468140c1627e45f015762206ba7a77b47
+    RichPEHeaderHash:
+        MD5: 510491d926769fc79a5d3287db0dd59d
+        SHA1: 32af9e7e3a31bd44e3a5d717efcbe898d17c2423
+        SHA256: 8f0295454ac4eec12c5329539ee515da9c074bf6d009cc0b54ad4506d4097389
+    Sections:
+        .text:
+            Entropy: 6.292382717400381
+            Virtual Size: '0x3c04'
+        .rdata:
+            Entropy: 4.244027827436615
+            Virtual Size: '0x218'
+        .data:
+            Entropy: 0.30140680731160896
+            Virtual Size: '0x1120'
+        .pdata:
+            Entropy: 3.335620585409111
+            Virtual Size: '0x78'
+        INIT:
+            Entropy: 5.003814178607812
+            Virtual Size: '0x38c'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2010-02-17 11:47:03'
+    InternalName: ''
+    Copyright: ''
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - KeWaitForSingleObject
+    - PsGetVersion
+    - IoCreateSymbolicLink
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - MmUnmapIoSpace
+    - IoCreateDevice
+    - IoDeleteSymbolicLink
+    - RtlAnsiStringToUnicodeString
+    - IofCallDriver
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - strchr
+    - KeBugCheckEx
+    - RtlInitAnsiString
+    - IoBuildDeviceIoControlRequest
+    - KeInitializeEvent
+    - __C_specific_handler
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=CA, ST=Quebec, L=Laval, O=LAVALYS, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, OU=Software Licensing Department,
+                CN=LAVALYS
+            ValidFrom: '2008-09-04 00:00:00'
+            ValidTo: '2010-10-17 23:59:59'
+            Signature: 6cd0fe216b27c908f3d444ef0428c76bbc25f74beb7f2027a497499ea5b5c61f99c4e455341bdab5f26b3cc920a9e8224eb79a95ebb81e3fef374f992255d7a997e43f5b497be9bbfe7d28c6791d0e2c93e72668d8c18e08f3329dde27f8a587a59202d9ff6db84fbb56ea4d37b702d80ef4fcdc49bc636351e3ab2043db01b4312c653e830819cf8c44ce3da714dc73933f242b035ef6ef8dc486b5a8aece6e4061138a7e2f6916d527b5a3a6cfeb6475cba7b0afa08a5b6e8590e02758428b217a288d29f641cd493f34f251739b8b529fe0d30182ad5f4fb461caf7f6447598bc5b6833fb8be5884ee329413c4550c8715929c6767bb0fa5c101de989f5ee
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 739a73c1864ae27d7d9cdcf7055888e4
+            Version: 3
+            TBS:
+                MD5: 4ccfe1bafb291fc51e5636295c8e38eb
+                SHA1: c93bdd8fd964b6c750fcad1455a37fdd77276446
+                SHA256: 63b214b64cb75b53fd0d4baacbcadee892160af685a79f6b5c6f984214521c8f
+                SHA384: 70411e706a18564522cdcc92bbdaf6187c2a318b8beb2e7025959e04475e8a5bbdea470a6d82109c0fbd7b56b22abf5f
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 739a73c1864ae27d7d9cdcf7055888e4
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: ''
+    MD5: 723381977ce7df57ec623db52b84f426
+    MachineType: AMD64
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: 64879accdb4dbbaac55d91185c82f2b193f0c869
+    SHA256: 1336469ec0711736e742b730d356af23f8139da6038979cfe4de282de1365d3b
+    Signature: ''
+    Imphash: 87fde0c3f8e7dff7ab0d718d6b1252c8
+    Authentihash:
+        MD5: a493ab091afa9ccafb39f0b73b8cfcc0
+        SHA1: 17b3417429a0d5e10492a243a4b7c3232c2a303c
+        SHA256: 2418301336cd89b7e3bda2f68bc1aa63b8ea9a75da7a3b40a9ee0a9058789f63
+    RichPEHeaderHash:
+        MD5: d7c3e34ff185cd060fd272724a9a08d4
+        SHA1: 07bd4ac3ba36186190def09485c7e9ecdaae1d12
+        SHA256: e886be3aa324ce0db073d3bfc7e1603fdfa353e31159343409d6a3117c5e7849
+    Sections:
+        .text:
+            Entropy: 6.347735020299968
+            Virtual Size: '0x1cf4'
+        .rdata:
+            Entropy: 3.9821333795441936
+            Virtual Size: '0x160'
+        .data:
+            Entropy: 0.30140680731160896
+            Virtual Size: '0x520'
+        .pdata:
+            Entropy: 3.034788373158196
+            Virtual Size: '0x3c'
+        INIT:
+            Entropy: 4.958020815313188
+            Virtual Size: '0x2fa'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2006-12-14 15:42:31'
+    InternalName: ''
+    Copyright: ''
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - IofCallDriver
+    - IoBuildDeviceIoControlRequest
+    - IoDeleteSymbolicLink
+    - RtlAnsiStringToUnicodeString
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeInitializeEvent
+    - RtlInitAnsiString
+    - MmUnmapIoSpace
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - KeWaitForSingleObject
+    - PsGetVersion
+    - IoCreateSymbolicLink
+    - KeBugCheckEx
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2008-12-03 23:59:59'
+            Signature: 877870da4e5201205be079c98230c4fdb91996bd9100c3bdcdcdc6f40ed8fff94dc033623011c5f5741bd492de5f9c2013b17c45be50cd83e7801783a72793671346fbcab8984103cc9b515b058b7fa86ff31b501b242ef2698d6c22f7bbca1695ed0c74c06877d9eb996287c17390f889747a23aba3987b97b1f78f29714d2e751b4841daf0b50d2054d677a097826369fd09cf8af075bb099bd9f91155269a6132be7a02b07b86bea2c38b222c78d13576bc92735cf9b9e64c150a23cce4d2d4342e4940153c0f607a24c6a566ef96cf70eb3ee7f40d7edcd17ca3767169c19c4f47303521b1a2af1a623c2bd98eaa2a077bd818b35c7be29da56ffe3c89ad
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0de92bf0d4d82988183205095e9a7688
+            Version: 3
+            TBS:
+                MD5: 45c204b8a20f6abb0188d2d38a3fb0c9
+                SHA1: cdf3a3c5c2eda4c29621f30fd3154f9f8c765739
+                SHA256: e32839dddc0f4ed2474efaf37f59d46db400c700fd19533cb0895a111124bc77
+                SHA384: ee9c75832cb252218b3201619852209df490d2ef7a5f7a28afdb37f1c1dd56f4604898838e558f615b1c798d4a488223
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=CA, ST=Quebec, L=Laval, O=LAVALYS, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, OU=Software Licensing Department,
+                CN=LAVALYS
+            ValidFrom: '2006-10-18 00:00:00'
+            ValidTo: '2008-10-17 23:59:59'
+            Signature: 5e0e77e4e5de0c6c4b7822b17a1e8ebd0960806438f5073c686b575f60dd4129d66bd66b7e4f33cff39dc890ae077db68615ad8d431eec3bf1531f6eb505fe48d186df3306d27893b42af5ef264b621acf26475fe93dd00906f61c78425c101d268d1050db3f7264d5e4a75a205b488684b716f3f2b317367ed13f34553238f6b4ab7a98c9fe48d32289d528d8db8cb583cef299e53f2fdde6d84ae2d2fd41cb826973c3da647221d9efbb2383cdae5c52adfa407399ebd2b9fafbf5c6246f944cd8e9ed79b4540b8ec53ba603464ae42f09468f762f71ddf9068cdd869c6fcf2d3806c6d20ab9781ee027849d946c5d2f58d7853bda919ca412e0c20024a6b7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1b417ba2cdab8010ecfc5ad9dd4baf33
+            Version: 3
+            TBS:
+                MD5: 32ff43e593925e5eab372e2d5e3c9734
+                SHA1: 405c78a239f39963fe8aa5ff5283c582aa369e7b
+                SHA256: 0a6e66dd63e42179cd9e1a1c9d22decad3abe55cfa6fa4062f5c503742d2076f
+                SHA384: a43a1f03510896d34a427c30f7ad75841dacd27b8328b9f756bc55981b71490386289422f1dd05d023c2714e753d85f8
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 1b417ba2cdab8010ecfc5ad9dd4baf33
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: ''
+    MD5: eb7f6d01c97783013115ad1a2833401a
+    MachineType: AMD64
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: fb4ce6de14f2be00a137e8dde2c68bb5b137ab9c
+    SHA256: 18047c2d45758a43d6b7e56bcd4aa90354c899795baf944f037850c48d8e892a
+    Signature: ''
+    Imphash: c52384bc825d2414de3195672971339e
+    Authentihash:
+        MD5: 454cb91cd9e825556face4b03c90aaf3
+        SHA1: 65369c73cfe6d634fae882a8a8a1dadedd8d6d5f
+        SHA256: 7690ef2838bda2327116243c1792090125b36a5840464e010acdd103f7369807
+    RichPEHeaderHash:
+        MD5: eb7a6452e7d8e135bf9199524118601d
+        SHA1: 7400103f42e22809e66c207f1eb1d22cd947f22f
+        SHA256: 7efa73cf87c7b47175625395d918a9fcc93d9b5bf6392978613fced2155908fe
+    Sections:
+        .text:
+            Entropy: 6.344001679673628
+            Virtual Size: '0x3574'
+        .rdata:
+            Entropy: 4.275662405795923
+            Virtual Size: '0x1e8'
+        .data:
+            Entropy: 0.30140680731160896
+            Virtual Size: '0x1120'
+        .pdata:
+            Entropy: 3.2329859162657097
+            Virtual Size: '0x78'
+        INIT:
+            Entropy: 5.007012152446904
+            Virtual Size: '0x32c'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2009-02-09 15:09:02'
+    InternalName: ''
+    Copyright: ''
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoBuildDeviceIoControlRequest
+    - IofCallDriver
+    - IoDeleteSymbolicLink
+    - RtlAnsiStringToUnicodeString
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - strchr
+    - KeInitializeEvent
+    - RtlInitAnsiString
+    - MmUnmapIoSpace
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - KeWaitForSingleObject
+    - PsGetVersion
+    - IoCreateSymbolicLink
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - KeBugCheckEx
+    - __C_specific_handler
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=CA, ST=Quebec, L=Laval, O=LAVALYS, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, OU=Software Licensing Department,
+                CN=LAVALYS
+            ValidFrom: '2008-09-04 00:00:00'
+            ValidTo: '2010-10-17 23:59:59'
+            Signature: 6cd0fe216b27c908f3d444ef0428c76bbc25f74beb7f2027a497499ea5b5c61f99c4e455341bdab5f26b3cc920a9e8224eb79a95ebb81e3fef374f992255d7a997e43f5b497be9bbfe7d28c6791d0e2c93e72668d8c18e08f3329dde27f8a587a59202d9ff6db84fbb56ea4d37b702d80ef4fcdc49bc636351e3ab2043db01b4312c653e830819cf8c44ce3da714dc73933f242b035ef6ef8dc486b5a8aece6e4061138a7e2f6916d527b5a3a6cfeb6475cba7b0afa08a5b6e8590e02758428b217a288d29f641cd493f34f251739b8b529fe0d30182ad5f4fb461caf7f6447598bc5b6833fb8be5884ee329413c4550c8715929c6767bb0fa5c101de989f5ee
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 739a73c1864ae27d7d9cdcf7055888e4
+            Version: 3
+            TBS:
+                MD5: 4ccfe1bafb291fc51e5636295c8e38eb
+                SHA1: c93bdd8fd964b6c750fcad1455a37fdd77276446
+                SHA256: 63b214b64cb75b53fd0d4baacbcadee892160af685a79f6b5c6f984214521c8f
+                SHA384: 70411e706a18564522cdcc92bbdaf6187c2a318b8beb2e7025959e04475e8a5bbdea470a6d82109c0fbd7b56b22abf5f
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 739a73c1864ae27d7d9cdcf7055888e4
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: ''
+    MD5: b62e2371158a082e239f5883bd6000d1
+    MachineType: AMD64
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: 820d339fd3dbb632a790d6506ddf6aee925fcffe
+    SHA256: 212c05b487cd4e64de2a1077b789e47e9ac3361efa24d9aab3cc6ad4bd3bd76a
+    Signature: ''
+    Imphash: fd894d394a8ca9abd74f7210ed931682
+    Authentihash:
+        MD5: 3baddddc6c55bc8262f5f35eebc243df
+        SHA1: bba9bf70e503a3f7f67f3f29ccaa7844818651b0
+        SHA256: 533b8138ab8f776008ff8918c8cfa52604e43efca4e39da5096404c8424084b7
+    RichPEHeaderHash:
+        MD5: d7c3e34ff185cd060fd272724a9a08d4
+        SHA1: 07bd4ac3ba36186190def09485c7e9ecdaae1d12
+        SHA256: e886be3aa324ce0db073d3bfc7e1603fdfa353e31159343409d6a3117c5e7849
+    Sections:
+        .text:
+            Entropy: 6.344229203009069
+            Virtual Size: '0x1d24'
+        .rdata:
+            Entropy: 3.961308577895771
+            Virtual Size: '0x160'
+        .data:
+            Entropy: 0.30140680731160896
+            Virtual Size: '0x520'
+        .pdata:
+            Entropy: 3.034788373158196
+            Virtual Size: '0x3c'
+        INIT:
+            Entropy: 4.959874907932675
+            Virtual Size: '0x2fa'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2006-10-18 12:56:31'
+    InternalName: ''
+    Copyright: ''
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoCreateDevice
+    - IofCallDriver
+    - IoBuildDeviceIoControlRequest
+    - IoDeleteSymbolicLink
+    - RtlAnsiStringToUnicodeString
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeInitializeEvent
+    - RtlInitAnsiString
+    - MmUnmapIoSpace
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - KeWaitForSingleObject
+    - PsGetVersion
+    - IoCreateSymbolicLink
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - KeBugCheckEx
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2008-12-03 23:59:59'
+            Signature: 877870da4e5201205be079c98230c4fdb91996bd9100c3bdcdcdc6f40ed8fff94dc033623011c5f5741bd492de5f9c2013b17c45be50cd83e7801783a72793671346fbcab8984103cc9b515b058b7fa86ff31b501b242ef2698d6c22f7bbca1695ed0c74c06877d9eb996287c17390f889747a23aba3987b97b1f78f29714d2e751b4841daf0b50d2054d677a097826369fd09cf8af075bb099bd9f91155269a6132be7a02b07b86bea2c38b222c78d13576bc92735cf9b9e64c150a23cce4d2d4342e4940153c0f607a24c6a566ef96cf70eb3ee7f40d7edcd17ca3767169c19c4f47303521b1a2af1a623c2bd98eaa2a077bd818b35c7be29da56ffe3c89ad
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0de92bf0d4d82988183205095e9a7688
+            Version: 3
+            TBS:
+                MD5: 45c204b8a20f6abb0188d2d38a3fb0c9
+                SHA1: cdf3a3c5c2eda4c29621f30fd3154f9f8c765739
+                SHA256: e32839dddc0f4ed2474efaf37f59d46db400c700fd19533cb0895a111124bc77
+                SHA384: ee9c75832cb252218b3201619852209df490d2ef7a5f7a28afdb37f1c1dd56f4604898838e558f615b1c798d4a488223
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=CA, ST=Quebec, L=Laval, O=LAVALYS, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, OU=Software Licensing Department,
+                CN=LAVALYS
+            ValidFrom: '2006-10-18 00:00:00'
+            ValidTo: '2008-10-17 23:59:59'
+            Signature: 5e0e77e4e5de0c6c4b7822b17a1e8ebd0960806438f5073c686b575f60dd4129d66bd66b7e4f33cff39dc890ae077db68615ad8d431eec3bf1531f6eb505fe48d186df3306d27893b42af5ef264b621acf26475fe93dd00906f61c78425c101d268d1050db3f7264d5e4a75a205b488684b716f3f2b317367ed13f34553238f6b4ab7a98c9fe48d32289d528d8db8cb583cef299e53f2fdde6d84ae2d2fd41cb826973c3da647221d9efbb2383cdae5c52adfa407399ebd2b9fafbf5c6246f944cd8e9ed79b4540b8ec53ba603464ae42f09468f762f71ddf9068cdd869c6fcf2d3806c6d20ab9781ee027849d946c5d2f58d7853bda919ca412e0c20024a6b7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1b417ba2cdab8010ecfc5ad9dd4baf33
+            Version: 3
+            TBS:
+                MD5: 32ff43e593925e5eab372e2d5e3c9734
+                SHA1: 405c78a239f39963fe8aa5ff5283c582aa369e7b
+                SHA256: 0a6e66dd63e42179cd9e1a1c9d22decad3abe55cfa6fa4062f5c503742d2076f
+                SHA384: a43a1f03510896d34a427c30f7ad75841dacd27b8328b9f756bc55981b71490386289422f1dd05d023c2714e753d85f8
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 1b417ba2cdab8010ecfc5ad9dd4baf33
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: ''
+    MD5: 09e77d71d626574e6142894caca6e6dd
+    MachineType: AMD64
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: 6b90a6eeef66bb9302665081e30bf9802ca956cc
+    SHA256: 33bc9a17a0909e32a3ae7e6f089b7f050591dd6f3f7a8172575606bec01889ef
+    Signature: ''
+    Imphash: 8232d2f79ce126e84cc044543ad82790
+    Authentihash:
+        MD5: 464331a14dd967eed95bb16a8ccf6127
+        SHA1: 8c0999041d3212be1510a766dcc8b7f4b2401fcf
+        SHA256: 1126c9b043872383e5e0b1ac893ddf2238a2c130401627b259c81d98a3cefeae
+    RichPEHeaderHash:
+        MD5: e93b5a02ff5f4c18b186ee8c35f3132e
+        SHA1: 897dc8e1b30df0d168feda245816e72aa2cfcf9e
+        SHA256: 377d1179f5eac38231f07ffef5b19a098956f1074a11f518bee00fee1f5f1cad
+    Sections:
+        .text:
+            Entropy: 6.289707555994787
+            Virtual Size: '0x3e54'
+        .rdata:
+            Entropy: 4.138388504903226
+            Virtual Size: '0x238'
+        .data:
+            Entropy: 0.30140680731160896
+            Virtual Size: '0x1120'
+        .pdata:
+            Entropy: 3.394101782281126
+            Virtual Size: '0x90'
+        INIT:
+            Entropy: 5.057866512392725
+            Virtual Size: '0x3f0'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2010-08-29 05:38:31'
+    InternalName: ''
+    Copyright: ''
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IofCompleteRequest
+    - KeWaitForSingleObject
+    - PsGetVersion
+    - IoCreateSymbolicLink
+    - IoBuildDeviceIoControlRequest
+    - MmIsAddressValid
+    - IoDeleteSymbolicLink
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - RtlAnsiStringToUnicodeString
+    - MmMapIoSpace
+    - RtlInitUnicodeString
+    - IofCallDriver
+    - IoDeleteDevice
+    - strchr
+    - KeInitializeEvent
+    - RtlInitAnsiString
+    - MmUnmapIoSpace
+    - MmBuildMdlForNonPagedPool
+    - RtlFreeUnicodeString
+    - KeBugCheckEx
+    - IoGetDeviceObjectPointer
+    - IoAllocateMdl
+    - MmMapLockedPagesSpecifyCache
+    - __C_specific_handler
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=HU, ST=Budapest, L=Budapest, O=FinalWire, OU=Digital ID Class
+                3 , Microsoft Software Validation v2, CN=FinalWire
+            ValidFrom: '2010-07-29 00:00:00'
+            ValidTo: '2012-07-28 23:59:59'
+            Signature: 99e136ac112e7c78ce7c6227980b00b97242c5f7fd2e9b7759cd1e4eb323f0e4c36199f581121ce2ea9331fb4421f78feffdffbe83a0bab67a68a8ac5b3f79d7412b78ebed416feb9ab1d3412de204db326c47b2ab415938b7fadccc83ac35ed2cacbd29df428db05fabb874865fbeabf7eea6c6bd87c11292b2d48b8481cc02000ed147203fa6d9902796beba69ad8fef775205295d8537f50ca96b98ac9ccdf64391f07768979df2557742564bdc4a44e96673038495cbfac986dbf89311f445df1874534325f3b70262a9d9dc475cd9259e6dec576e50df06a7817a6033bdbe97c98d4684772864ecc564baa2356375fdf1e75982c96f4d7578a2d945e916
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 01cc3af0c7b9f02c029c172f6f135621
+            Version: 3
+            TBS:
+                MD5: 735dfa995ca4af6545a694a22f0fb657
+                SHA1: 5957f3ae95e2a195cf0a1f99eeb989350b58f724
+                SHA256: 1278201f6ed95445add0bcdc6030e72609f88fa9bdabafb98615e358005025c1
+                SHA384: 3303d4a3274742ee5172188482e243db6dff6e90de9af946caabbd21d6bde8957d5e11b1405f7b784276b671841343d4
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 01cc3af0c7b9f02c029c172f6f135621
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: ''
+    MD5: 24589081b827989b52d954dcd88035d0
+    MachineType: AMD64
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: 3aba6dd15260875eb290e9d67992066141aa0bb0
+    SHA256: 38535a0e9fc0684308eb5d6aa6284669bc9743f11cb605b79883b8c13ef906ad
+    Signature: ''
+    Imphash: f212bbc758bb52fc661839b1d194b76e
+    Authentihash:
+        MD5: d7c4f6f8457e53df981b1d23ca4683a4
+        SHA1: 6ccac0c7b891149b5777ae34f3ef824b37c5d89c
+        SHA256: 559ef0d415c5c3dbc1bfd598f4cad75aac9d4c5c6660fb61b23e44da4dbf89a9
+    RichPEHeaderHash:
+        MD5: 8d8e37a1cfda4252f83be326e779bfa3
+        SHA1: a988073133ae7870ee3c2dd8d56cd35daec87921
+        SHA256: 10005125c3c5d72631d533f730447e65435123a4a0be6456c54ce9f1fcbcb49f
+    Sections:
+        .text:
+            Entropy: 6.204469684046908
+            Virtual Size: '0x18bc'
+        .rdata:
+            Entropy: 4.535716743655079
+            Virtual Size: '0x19c'
+        .data:
+            Entropy: 0.3459259103346658
+            Virtual Size: '0x520'
+        .pdata:
+            Entropy: 3.3220730262758074
+            Virtual Size: '0x9c'
+        INIT:
+            Entropy: 4.636876212258409
+            Virtual Size: '0x182'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2005-07-25 09:31:43'
+    InternalName: ''
+    Copyright: ''
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    Signatures: {}
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: ''
+    MD5: 8f1255efd2ed0d3b03a02c6b236c06d6
+    MachineType: AMD64
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: 9d44260558807daff61a0cc0c6a8719c3adacd2d
+    SHA256: 442f12adebf7cb166b19e8aead2b0440450fd1f33f5db384a39776bb2656474a
+    Signature: ''
+    Imphash: dcd41632f0ad9683e5c9c7cc083f78f7
+    Authentihash:
+        MD5: ec630d38e4fc83dda90206425e7fd4b3
+        SHA1: 69b0510afa2625734aead94672f8daf851685ac4
+        SHA256: 53e15b21cc69a554d4d61ffe531be90364ed7b1bb64fc302d65eaa642c9fa60a
+    RichPEHeaderHash:
+        MD5: 2c53952789ebcf16a337a5ec3ab41667
+        SHA1: 60852524abfeefc666c143ac7a6d7350244e53be
+        SHA256: 0a1214a3de635359675999b347fd34869caf91a1cd0510677996adcec5c2c6bc
+    Sections:
+        .text:
+            Entropy: 6.299787194819916
+            Virtual Size: '0x2884'
+        .rdata:
+            Entropy: 4.214532676216857
+            Virtual Size: '0x194'
+        .data:
+            Entropy: 0.30140680731160896
+            Virtual Size: '0x920'
+        .pdata:
+            Entropy: 3.251991204585118
+            Virtual Size: '0x6c'
+        INIT:
+            Entropy: 4.944172758453227
+            Virtual Size: '0x30c'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2008-03-09 05:46:25'
+    InternalName: ''
+    Copyright: ''
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IofCompleteRequest
+    - KeWaitForSingleObject
+    - PsGetVersion
+    - IoCreateSymbolicLink
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - IofCallDriver
+    - IoBuildDeviceIoControlRequest
+    - IoDeleteSymbolicLink
+    - RtlAnsiStringToUnicodeString
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - strchr
+    - KeInitializeEvent
+    - RtlInitAnsiString
+    - MmUnmapIoSpace
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - MmMapIoSpace
+    - KeBugCheckEx
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=CA, ST=Quebec, L=Laval, O=LAVALYS, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, OU=Software Licensing Department,
+                CN=LAVALYS
+            ValidFrom: '2006-10-18 00:00:00'
+            ValidTo: '2008-10-17 23:59:59'
+            Signature: 5e0e77e4e5de0c6c4b7822b17a1e8ebd0960806438f5073c686b575f60dd4129d66bd66b7e4f33cff39dc890ae077db68615ad8d431eec3bf1531f6eb505fe48d186df3306d27893b42af5ef264b621acf26475fe93dd00906f61c78425c101d268d1050db3f7264d5e4a75a205b488684b716f3f2b317367ed13f34553238f6b4ab7a98c9fe48d32289d528d8db8cb583cef299e53f2fdde6d84ae2d2fd41cb826973c3da647221d9efbb2383cdae5c52adfa407399ebd2b9fafbf5c6246f944cd8e9ed79b4540b8ec53ba603464ae42f09468f762f71ddf9068cdd869c6fcf2d3806c6d20ab9781ee027849d946c5d2f58d7853bda919ca412e0c20024a6b7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1b417ba2cdab8010ecfc5ad9dd4baf33
+            Version: 3
+            TBS:
+                MD5: 32ff43e593925e5eab372e2d5e3c9734
+                SHA1: 405c78a239f39963fe8aa5ff5283c582aa369e7b
+                SHA256: 0a6e66dd63e42179cd9e1a1c9d22decad3abe55cfa6fa4062f5c503742d2076f
+                SHA384: a43a1f03510896d34a427c30f7ad75841dacd27b8328b9f756bc55981b71490386289422f1dd05d023c2714e753d85f8
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 1b417ba2cdab8010ecfc5ad9dd4baf33
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: ''
+    MD5: f0e21ababe63668fb3fbd02e90cd1fa9
+    MachineType: AMD64
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: b394f84e093cb144568e18aaf5b857dff77091fa
+    SHA256: 51f002ee44e46889cf5b99a724dd10cc2bd3e22545e2a2cb3bd6b1dd3af5ba11
+    Signature: ''
+    Imphash: 9fb64527ca6d4541cc256b1abd1e4101
+    Authentihash:
+        MD5: 61946eefd0034f3b28914649a13f922f
+        SHA1: ed0398cea11d29382f23f3f2e2b7edbd1db4a30e
+        SHA256: b7036cd12dc9e3550239310fd8ff4f14e4266bbd0de3aba7b087068a253b506b
+    RichPEHeaderHash:
+        MD5: 2c53952789ebcf16a337a5ec3ab41667
+        SHA1: 60852524abfeefc666c143ac7a6d7350244e53be
+        SHA256: 0a1214a3de635359675999b347fd34869caf91a1cd0510677996adcec5c2c6bc
+    Sections:
+        .text:
+            Entropy: 6.331959554440434
+            Virtual Size: '0x2ae4'
+        .rdata:
+            Entropy: 4.259111658672462
+            Virtual Size: '0x1a8'
+        .data:
+            Entropy: 0.30140680731160896
+            Virtual Size: '0x920'
+        .pdata:
+            Entropy: 3.306913556758642
+            Virtual Size: '0x78'
+        INIT:
+            Entropy: 4.946018467645119
+            Virtual Size: '0x30c'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2008-09-20 15:09:05'
+    InternalName: ''
+    Copyright: ''
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoCreateSymbolicLink
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - IofCallDriver
+    - IoBuildDeviceIoControlRequest
+    - IoDeleteSymbolicLink
+    - RtlAnsiStringToUnicodeString
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - strchr
+    - KeInitializeEvent
+    - RtlInitAnsiString
+    - MmUnmapIoSpace
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - KeWaitForSingleObject
+    - PsGetVersion
+    - KeBugCheckEx
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=CA, ST=Quebec, L=Laval, O=LAVALYS, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, OU=Software Licensing Department,
+                CN=LAVALYS
+            ValidFrom: '2006-10-18 00:00:00'
+            ValidTo: '2008-10-17 23:59:59'
+            Signature: 5e0e77e4e5de0c6c4b7822b17a1e8ebd0960806438f5073c686b575f60dd4129d66bd66b7e4f33cff39dc890ae077db68615ad8d431eec3bf1531f6eb505fe48d186df3306d27893b42af5ef264b621acf26475fe93dd00906f61c78425c101d268d1050db3f7264d5e4a75a205b488684b716f3f2b317367ed13f34553238f6b4ab7a98c9fe48d32289d528d8db8cb583cef299e53f2fdde6d84ae2d2fd41cb826973c3da647221d9efbb2383cdae5c52adfa407399ebd2b9fafbf5c6246f944cd8e9ed79b4540b8ec53ba603464ae42f09468f762f71ddf9068cdd869c6fcf2d3806c6d20ab9781ee027849d946c5d2f58d7853bda919ca412e0c20024a6b7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1b417ba2cdab8010ecfc5ad9dd4baf33
+            Version: 3
+            TBS:
+                MD5: 32ff43e593925e5eab372e2d5e3c9734
+                SHA1: 405c78a239f39963fe8aa5ff5283c582aa369e7b
+                SHA256: 0a6e66dd63e42179cd9e1a1c9d22decad3abe55cfa6fa4062f5c503742d2076f
+                SHA384: a43a1f03510896d34a427c30f7ad75841dacd27b8328b9f756bc55981b71490386289422f1dd05d023c2714e753d85f8
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 1b417ba2cdab8010ecfc5ad9dd4baf33
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: ''
+    MD5: 648adec580746afbbf59904c1e150c73
+    MachineType: AMD64
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: 52ea274e399df8706067fdc5ac52af0480461887
+    SHA256: 53b9e423baf946983d03ce309ec5e006ba18c9956dcd97c68a8b714d18c8ffcf
+    Signature: ''
+    Imphash: b6f67458e30912358144df4adf5264fd
+    Authentihash:
+        MD5: 4373ad9ecb6656ec9048bb02ac9b0e05
+        SHA1: 072c44a91e17e74c0256446b893e856658565ea7
+        SHA256: 713c7a6532cbc952546c3b844ed529b5b285dc29e16036731ceebc6f6431ae77
+    RichPEHeaderHash:
+        MD5: eb7a6452e7d8e135bf9199524118601d
+        SHA1: 7400103f42e22809e66c207f1eb1d22cd947f22f
+        SHA256: 7efa73cf87c7b47175625395d918a9fcc93d9b5bf6392978613fced2155908fe
+    Sections:
+        .text:
+            Entropy: 6.353265804552914
+            Virtual Size: '0x3714'
+        .rdata:
+            Entropy: 4.261636603732408
+            Virtual Size: '0x1e8'
+        .data:
+            Entropy: 0.30140680731160896
+            Virtual Size: '0x1120'
+        .pdata:
+            Entropy: 3.3006228275739464
+            Virtual Size: '0x78'
+        INIT:
+            Entropy: 5.012586312680787
+            Virtual Size: '0x32c'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2009-05-04 06:24:01'
+    InternalName: ''
+    Copyright: ''
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - RtlAnsiStringToUnicodeString
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - strchr
+    - KeInitializeEvent
+    - RtlInitAnsiString
+    - MmUnmapIoSpace
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - KeWaitForSingleObject
+    - PsGetVersion
+    - IoCreateSymbolicLink
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - IoBuildDeviceIoControlRequest
+    - IofCallDriver
+    - IoDeleteSymbolicLink
+    - KeBugCheckEx
+    - __C_specific_handler
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=CA, ST=Quebec, L=Laval, O=LAVALYS, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, OU=Software Licensing Department,
+                CN=LAVALYS
+            ValidFrom: '2008-09-04 00:00:00'
+            ValidTo: '2010-10-17 23:59:59'
+            Signature: 6cd0fe216b27c908f3d444ef0428c76bbc25f74beb7f2027a497499ea5b5c61f99c4e455341bdab5f26b3cc920a9e8224eb79a95ebb81e3fef374f992255d7a997e43f5b497be9bbfe7d28c6791d0e2c93e72668d8c18e08f3329dde27f8a587a59202d9ff6db84fbb56ea4d37b702d80ef4fcdc49bc636351e3ab2043db01b4312c653e830819cf8c44ce3da714dc73933f242b035ef6ef8dc486b5a8aece6e4061138a7e2f6916d527b5a3a6cfeb6475cba7b0afa08a5b6e8590e02758428b217a288d29f641cd493f34f251739b8b529fe0d30182ad5f4fb461caf7f6447598bc5b6833fb8be5884ee329413c4550c8715929c6767bb0fa5c101de989f5ee
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 739a73c1864ae27d7d9cdcf7055888e4
+            Version: 3
+            TBS:
+                MD5: 4ccfe1bafb291fc51e5636295c8e38eb
+                SHA1: c93bdd8fd964b6c750fcad1455a37fdd77276446
+                SHA256: 63b214b64cb75b53fd0d4baacbcadee892160af685a79f6b5c6f984214521c8f
+                SHA384: 70411e706a18564522cdcc92bbdaf6187c2a318b8beb2e7025959e04475e8a5bbdea470a6d82109c0fbd7b56b22abf5f
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 739a73c1864ae27d7d9cdcf7055888e4
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: ''
+    MD5: 5c5973d2caf86e96311f6399513ab8df
+    MachineType: AMD64
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: b82c034e41d463f4e68b0a7d334f2d7611049bcb
+    SHA256: 582b62ffbcbcdd62c0fc624cdf106545af71078f1edfe1129401d64f3eefaa3a
+    Signature: ''
+    Imphash: 8232d2f79ce126e84cc044543ad82790
+    Authentihash:
+        MD5: 86d3624e6394b8b7869da01c4b1fabce
+        SHA1: 80a7975e89ff4211b26502d77a52539b2e9d2296
+        SHA256: 058afe9e93dcc52e64fc0942b80a159b8617608c15462a7a17984de3cc0b8d04
+    RichPEHeaderHash:
+        MD5: e93b5a02ff5f4c18b186ee8c35f3132e
+        SHA1: 897dc8e1b30df0d168feda245816e72aa2cfcf9e
+        SHA256: 377d1179f5eac38231f07ffef5b19a098956f1074a11f518bee00fee1f5f1cad
+    Sections:
+        .text:
+            Entropy: 6.293722266381494
+            Virtual Size: '0x3de4'
+        .rdata:
+            Entropy: 4.13249945918501
+            Virtual Size: '0x238'
+        .data:
+            Entropy: 0.30140680731160896
+            Virtual Size: '0x1120'
+        .pdata:
+            Entropy: 3.3644860704304986
+            Virtual Size: '0x90'
+        INIT:
+            Entropy: 5.057866512392725
+            Virtual Size: '0x3f0'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2010-07-30 08:50:06'
+    InternalName: ''
+    Copyright: ''
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IofCompleteRequest
+    - KeWaitForSingleObject
+    - PsGetVersion
+    - IoCreateSymbolicLink
+    - IoBuildDeviceIoControlRequest
+    - MmIsAddressValid
+    - IoDeleteSymbolicLink
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - RtlAnsiStringToUnicodeString
+    - MmMapIoSpace
+    - RtlInitUnicodeString
+    - IofCallDriver
+    - IoDeleteDevice
+    - strchr
+    - KeInitializeEvent
+    - RtlInitAnsiString
+    - MmUnmapIoSpace
+    - MmBuildMdlForNonPagedPool
+    - RtlFreeUnicodeString
+    - KeBugCheckEx
+    - IoGetDeviceObjectPointer
+    - IoAllocateMdl
+    - MmMapLockedPagesSpecifyCache
+    - __C_specific_handler
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=CA, ST=Quebec, L=Laval, O=LAVALYS, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, OU=Software Licensing Department,
+                CN=LAVALYS
+            ValidFrom: '2008-09-04 00:00:00'
+            ValidTo: '2010-10-17 23:59:59'
+            Signature: 6cd0fe216b27c908f3d444ef0428c76bbc25f74beb7f2027a497499ea5b5c61f99c4e455341bdab5f26b3cc920a9e8224eb79a95ebb81e3fef374f992255d7a997e43f5b497be9bbfe7d28c6791d0e2c93e72668d8c18e08f3329dde27f8a587a59202d9ff6db84fbb56ea4d37b702d80ef4fcdc49bc636351e3ab2043db01b4312c653e830819cf8c44ce3da714dc73933f242b035ef6ef8dc486b5a8aece6e4061138a7e2f6916d527b5a3a6cfeb6475cba7b0afa08a5b6e8590e02758428b217a288d29f641cd493f34f251739b8b529fe0d30182ad5f4fb461caf7f6447598bc5b6833fb8be5884ee329413c4550c8715929c6767bb0fa5c101de989f5ee
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 739a73c1864ae27d7d9cdcf7055888e4
+            Version: 3
+            TBS:
+                MD5: 4ccfe1bafb291fc51e5636295c8e38eb
+                SHA1: c93bdd8fd964b6c750fcad1455a37fdd77276446
+                SHA256: 63b214b64cb75b53fd0d4baacbcadee892160af685a79f6b5c6f984214521c8f
+                SHA384: 70411e706a18564522cdcc92bbdaf6187c2a318b8beb2e7025959e04475e8a5bbdea470a6d82109c0fbd7b56b22abf5f
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 739a73c1864ae27d7d9cdcf7055888e4
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: ''
+    MD5: 009876ab9cf3a3d4e3fc3afe13ae839e
+    MachineType: AMD64
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: f85f5e5d747433b274e53c8377bf24fbc08758b6
+    SHA256: 6297556f66cd6619057f3a5b216b314f8a27eebb5fa575ee07a1944aca71ae80
+    Signature: ''
+    Imphash: c52384bc825d2414de3195672971339e
+    Authentihash:
+        MD5: f714ae1fce8bfd53a3c0f468ee55a9d0
+        SHA1: 3e8dafe5dc14e00469f89272ff04a04070dbd472
+        SHA256: c3577eeb107de6a0cdf6ac3ee75339f09fd0eb00b4d368bf841b6126af7629a1
+    RichPEHeaderHash:
+        MD5: eb7a6452e7d8e135bf9199524118601d
+        SHA1: 7400103f42e22809e66c207f1eb1d22cd947f22f
+        SHA256: 7efa73cf87c7b47175625395d918a9fcc93d9b5bf6392978613fced2155908fe
+    Sections:
+        .text:
+            Entropy: 6.341649652097926
+            Virtual Size: '0x3564'
+        .rdata:
+            Entropy: 4.249815729459677
+            Virtual Size: '0x1e8'
+        .data:
+            Entropy: 0.30140680731160896
+            Virtual Size: '0x1120'
+        .pdata:
+            Entropy: 3.2348563064472646
+            Virtual Size: '0x78'
+        INIT:
+            Entropy: 5.005029836591686
+            Virtual Size: '0x32c'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2008-12-24 06:50:50'
+    InternalName: ''
+    Copyright: ''
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoBuildDeviceIoControlRequest
+    - IofCallDriver
+    - IoDeleteSymbolicLink
+    - RtlAnsiStringToUnicodeString
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - strchr
+    - KeInitializeEvent
+    - RtlInitAnsiString
+    - MmUnmapIoSpace
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - KeWaitForSingleObject
+    - PsGetVersion
+    - IoCreateSymbolicLink
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - KeBugCheckEx
+    - __C_specific_handler
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=CA, ST=Quebec, L=Laval, O=LAVALYS, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, OU=Software Licensing Department,
+                CN=LAVALYS
+            ValidFrom: '2008-09-04 00:00:00'
+            ValidTo: '2010-10-17 23:59:59'
+            Signature: 6cd0fe216b27c908f3d444ef0428c76bbc25f74beb7f2027a497499ea5b5c61f99c4e455341bdab5f26b3cc920a9e8224eb79a95ebb81e3fef374f992255d7a997e43f5b497be9bbfe7d28c6791d0e2c93e72668d8c18e08f3329dde27f8a587a59202d9ff6db84fbb56ea4d37b702d80ef4fcdc49bc636351e3ab2043db01b4312c653e830819cf8c44ce3da714dc73933f242b035ef6ef8dc486b5a8aece6e4061138a7e2f6916d527b5a3a6cfeb6475cba7b0afa08a5b6e8590e02758428b217a288d29f641cd493f34f251739b8b529fe0d30182ad5f4fb461caf7f6447598bc5b6833fb8be5884ee329413c4550c8715929c6767bb0fa5c101de989f5ee
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 739a73c1864ae27d7d9cdcf7055888e4
+            Version: 3
+            TBS:
+                MD5: 4ccfe1bafb291fc51e5636295c8e38eb
+                SHA1: c93bdd8fd964b6c750fcad1455a37fdd77276446
+                SHA256: 63b214b64cb75b53fd0d4baacbcadee892160af685a79f6b5c6f984214521c8f
+                SHA384: 70411e706a18564522cdcc92bbdaf6187c2a318b8beb2e7025959e04475e8a5bbdea470a6d82109c0fbd7b56b22abf5f
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 739a73c1864ae27d7d9cdcf7055888e4
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: ''
+    MD5: 7c887f2b1a56b84d86828529604957db
+    MachineType: AMD64
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: d6b61c685cfaa36c85f1672ac95844f8293c70d0
+    SHA256: 680ddece32fe99f056e770cb08641f5b585550798dfdf723441a11364637c7e6
+    Signature: ''
+    Imphash: 9a970527986cd03e5a25d18b372624a1
+    Authentihash:
+        MD5: c8d766097a994d3b8d547fedde645d17
+        SHA1: d26854aa9937dbd80394010b9aac4ee38669f05f
+        SHA256: 5b63080bead00cae92efb917b7a707c6a2d6628a1e90301795617b45273f45e4
+    RichPEHeaderHash:
+        MD5: d7c3e34ff185cd060fd272724a9a08d4
+        SHA1: 07bd4ac3ba36186190def09485c7e9ecdaae1d12
+        SHA256: e886be3aa324ce0db073d3bfc7e1603fdfa353e31159343409d6a3117c5e7849
+    Sections:
+        .text:
+            Entropy: 6.33454767393245
+            Virtual Size: '0x2254'
+        .rdata:
+            Entropy: 4.007083553722861
+            Virtual Size: '0x160'
+        .data:
+            Entropy: 0.30140680731160896
+            Virtual Size: '0x920'
+        .pdata:
+            Entropy: 3.0498329866519773
+            Virtual Size: '0x48'
+        INIT:
+            Entropy: 4.963877363138679
+            Virtual Size: '0x2fa'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2007-08-19 06:38:38'
+    InternalName: ''
+    Copyright: ''
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - KeInitializeEvent
+    - RtlInitAnsiString
+    - MmUnmapIoSpace
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - KeWaitForSingleObject
+    - PsGetVersion
+    - IoCreateSymbolicLink
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - IofCallDriver
+    - IoBuildDeviceIoControlRequest
+    - IoDeleteSymbolicLink
+    - RtlAnsiStringToUnicodeString
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeBugCheckEx
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=CA, ST=Quebec, L=Laval, O=LAVALYS, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, OU=Software Licensing Department,
+                CN=LAVALYS
+            ValidFrom: '2006-10-18 00:00:00'
+            ValidTo: '2008-10-17 23:59:59'
+            Signature: 5e0e77e4e5de0c6c4b7822b17a1e8ebd0960806438f5073c686b575f60dd4129d66bd66b7e4f33cff39dc890ae077db68615ad8d431eec3bf1531f6eb505fe48d186df3306d27893b42af5ef264b621acf26475fe93dd00906f61c78425c101d268d1050db3f7264d5e4a75a205b488684b716f3f2b317367ed13f34553238f6b4ab7a98c9fe48d32289d528d8db8cb583cef299e53f2fdde6d84ae2d2fd41cb826973c3da647221d9efbb2383cdae5c52adfa407399ebd2b9fafbf5c6246f944cd8e9ed79b4540b8ec53ba603464ae42f09468f762f71ddf9068cdd869c6fcf2d3806c6d20ab9781ee027849d946c5d2f58d7853bda919ca412e0c20024a6b7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1b417ba2cdab8010ecfc5ad9dd4baf33
+            Version: 3
+            TBS:
+                MD5: 32ff43e593925e5eab372e2d5e3c9734
+                SHA1: 405c78a239f39963fe8aa5ff5283c582aa369e7b
+                SHA256: 0a6e66dd63e42179cd9e1a1c9d22decad3abe55cfa6fa4062f5c503742d2076f
+                SHA384: a43a1f03510896d34a427c30f7ad75841dacd27b8328b9f756bc55981b71490386289422f1dd05d023c2714e753d85f8
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 1b417ba2cdab8010ecfc5ad9dd4baf33
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: ''
+    MD5: 1caf5070493459ba029d988dbb2c7422
+    MachineType: AMD64
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: 8d3be83cf3bb36dbce974654b5330adb38792c2d
+    SHA256: 6ef0b34649186fb98a7431b606e77ee35e755894b038755ba98e577bd51b2c72
+    Signature: ''
+    Imphash: 8232d2f79ce126e84cc044543ad82790
+    Authentihash:
+        MD5: c7fb9ed75eb75fa84189e8b8f6e2b95e
+        SHA1: cb6b9f4a6107f9cb4badc05fd7c5f6b1e1d59cf6
+        SHA256: 5fc66378fe68a380ccfab3521657b38912ca1fe5a8d7c857f591e928ab0b4208
+    RichPEHeaderHash:
+        MD5: e93b5a02ff5f4c18b186ee8c35f3132e
+        SHA1: 897dc8e1b30df0d168feda245816e72aa2cfcf9e
+        SHA256: 377d1179f5eac38231f07ffef5b19a098956f1074a11f518bee00fee1f5f1cad
+    Sections:
+        .text:
+            Entropy: 6.276978042266502
+            Virtual Size: '0x3d04'
+        .rdata:
+            Entropy: 4.088524624627464
+            Virtual Size: '0x238'
+        .data:
+            Entropy: 0.30140680731160896
+            Virtual Size: '0x1120'
+        .pdata:
+            Entropy: 3.374063735843171
+            Virtual Size: '0x78'
+        INIT:
+            Entropy: 5.058615408724236
+            Virtual Size: '0x3f0'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2010-05-20 14:55:04'
+    InternalName: ''
+    Copyright: ''
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IofCompleteRequest
+    - KeWaitForSingleObject
+    - PsGetVersion
+    - IoCreateSymbolicLink
+    - IoBuildDeviceIoControlRequest
+    - MmIsAddressValid
+    - IoDeleteSymbolicLink
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - RtlAnsiStringToUnicodeString
+    - MmMapIoSpace
+    - RtlInitUnicodeString
+    - IofCallDriver
+    - IoDeleteDevice
+    - strchr
+    - KeInitializeEvent
+    - RtlInitAnsiString
+    - MmUnmapIoSpace
+    - MmBuildMdlForNonPagedPool
+    - RtlFreeUnicodeString
+    - KeBugCheckEx
+    - IoGetDeviceObjectPointer
+    - IoAllocateMdl
+    - MmMapLockedPagesSpecifyCache
+    - __C_specific_handler
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=CA, ST=Quebec, L=Laval, O=LAVALYS, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, OU=Software Licensing Department,
+                CN=LAVALYS
+            ValidFrom: '2008-09-04 00:00:00'
+            ValidTo: '2010-10-17 23:59:59'
+            Signature: 6cd0fe216b27c908f3d444ef0428c76bbc25f74beb7f2027a497499ea5b5c61f99c4e455341bdab5f26b3cc920a9e8224eb79a95ebb81e3fef374f992255d7a997e43f5b497be9bbfe7d28c6791d0e2c93e72668d8c18e08f3329dde27f8a587a59202d9ff6db84fbb56ea4d37b702d80ef4fcdc49bc636351e3ab2043db01b4312c653e830819cf8c44ce3da714dc73933f242b035ef6ef8dc486b5a8aece6e4061138a7e2f6916d527b5a3a6cfeb6475cba7b0afa08a5b6e8590e02758428b217a288d29f641cd493f34f251739b8b529fe0d30182ad5f4fb461caf7f6447598bc5b6833fb8be5884ee329413c4550c8715929c6767bb0fa5c101de989f5ee
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 739a73c1864ae27d7d9cdcf7055888e4
+            Version: 3
+            TBS:
+                MD5: 4ccfe1bafb291fc51e5636295c8e38eb
+                SHA1: c93bdd8fd964b6c750fcad1455a37fdd77276446
+                SHA256: 63b214b64cb75b53fd0d4baacbcadee892160af685a79f6b5c6f984214521c8f
+                SHA384: 70411e706a18564522cdcc92bbdaf6187c2a318b8beb2e7025959e04475e8a5bbdea470a6d82109c0fbd7b56b22abf5f
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 739a73c1864ae27d7d9cdcf7055888e4
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: ''
+    MD5: a730b97ab977aa444fa261902822a905
+    MachineType: AMD64
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: 9f6883e59fd6c136cfc556b7b388a4c363dc0516
+    SHA256: 748ccadb6bf6cdf4c5a5a1bb9950ee167d8b27c5817da71d38e2bc922ffce73d
+    Signature: ''
+    Imphash: 9e2cf28fe320bbf74972509536569c8e
+    Authentihash:
+        MD5: a9c4c3e3e25edf4a2a29635e91fc47dc
+        SHA1: 7299c5b3630e455e851e015db5381768f3735eb6
+        SHA256: 43dc82fd548218f0e916687c997291c8056dfdcc5b5f5616833437f96d806a64
+    RichPEHeaderHash:
+        MD5: eb7a6452e7d8e135bf9199524118601d
+        SHA1: 7400103f42e22809e66c207f1eb1d22cd947f22f
+        SHA256: 7efa73cf87c7b47175625395d918a9fcc93d9b5bf6392978613fced2155908fe
+    Sections:
+        .text:
+            Entropy: 6.359543759929915
+            Virtual Size: '0x3884'
+        .rdata:
+            Entropy: 4.277270659191589
+            Virtual Size: '0x1e8'
+        .data:
+            Entropy: 0.30140680731160896
+            Virtual Size: '0x1120'
+        .pdata:
+            Entropy: 3.307745769009558
+            Virtual Size: '0x78'
+        INIT:
+            Entropy: 5.015684190555883
+            Virtual Size: '0x32c'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2009-05-21 08:26:14'
+    InternalName: ''
+    Copyright: ''
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - strchr
+    - KeInitializeEvent
+    - RtlInitAnsiString
+    - MmUnmapIoSpace
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - KeWaitForSingleObject
+    - PsGetVersion
+    - IoCreateSymbolicLink
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - IoBuildDeviceIoControlRequest
+    - IofCallDriver
+    - IoDeleteSymbolicLink
+    - RtlAnsiStringToUnicodeString
+    - KeBugCheckEx
+    - __C_specific_handler
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=CA, ST=Quebec, L=Laval, O=LAVALYS, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, OU=Software Licensing Department,
+                CN=LAVALYS
+            ValidFrom: '2008-09-04 00:00:00'
+            ValidTo: '2010-10-17 23:59:59'
+            Signature: 6cd0fe216b27c908f3d444ef0428c76bbc25f74beb7f2027a497499ea5b5c61f99c4e455341bdab5f26b3cc920a9e8224eb79a95ebb81e3fef374f992255d7a997e43f5b497be9bbfe7d28c6791d0e2c93e72668d8c18e08f3329dde27f8a587a59202d9ff6db84fbb56ea4d37b702d80ef4fcdc49bc636351e3ab2043db01b4312c653e830819cf8c44ce3da714dc73933f242b035ef6ef8dc486b5a8aece6e4061138a7e2f6916d527b5a3a6cfeb6475cba7b0afa08a5b6e8590e02758428b217a288d29f641cd493f34f251739b8b529fe0d30182ad5f4fb461caf7f6447598bc5b6833fb8be5884ee329413c4550c8715929c6767bb0fa5c101de989f5ee
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 739a73c1864ae27d7d9cdcf7055888e4
+            Version: 3
+            TBS:
+                MD5: 4ccfe1bafb291fc51e5636295c8e38eb
+                SHA1: c93bdd8fd964b6c750fcad1455a37fdd77276446
+                SHA256: 63b214b64cb75b53fd0d4baacbcadee892160af685a79f6b5c6f984214521c8f
+                SHA384: 70411e706a18564522cdcc92bbdaf6187c2a318b8beb2e7025959e04475e8a5bbdea470a6d82109c0fbd7b56b22abf5f
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 739a73c1864ae27d7d9cdcf7055888e4
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: ''
+    MD5: 17c7bcae7ebabb95af2f7c91b19c361c
+    MachineType: AMD64
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: 5ca6a52230507b1dffab7acd501540bc10f1ab81
+    SHA256: 76940e313c27c7ff692051fbf1fbdec19c8c31a6723a9de7e15c3c1bec8186f6
+    Signature: ''
+    Imphash: 9e2cf28fe320bbf74972509536569c8e
+    Authentihash:
+        MD5: ccbb05849570b04ba210e45955d502ba
+        SHA1: eafd6be8f12ae5ce8aa3cd76f9f68ee69f4eb53c
+        SHA256: 4c80a2d3a0ef4ce0a3aec62e9d15b50679dec4cccb69a5c0b72529641ebfa5f4
+    RichPEHeaderHash:
+        MD5: eb7a6452e7d8e135bf9199524118601d
+        SHA1: 7400103f42e22809e66c207f1eb1d22cd947f22f
+        SHA256: 7efa73cf87c7b47175625395d918a9fcc93d9b5bf6392978613fced2155908fe
+    Sections:
+        .text:
+            Entropy: 6.258597547063565
+            Virtual Size: '0x3a24'
+        .rdata:
+            Entropy: 4.2562919828265215
+            Virtual Size: '0x208'
+        .data:
+            Entropy: 0.30140680731160896
+            Virtual Size: '0x1120'
+        .pdata:
+            Entropy: 3.216816331144094
+            Virtual Size: '0x78'
+        INIT:
+            Entropy: 5.015684190555883
+            Virtual Size: '0x32c'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2009-09-05 11:27:16'
+    InternalName: ''
+    Copyright: ''
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - strchr
+    - KeInitializeEvent
+    - RtlInitAnsiString
+    - MmUnmapIoSpace
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - KeWaitForSingleObject
+    - PsGetVersion
+    - IoCreateSymbolicLink
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - IoBuildDeviceIoControlRequest
+    - IofCallDriver
+    - IoDeleteSymbolicLink
+    - RtlAnsiStringToUnicodeString
+    - KeBugCheckEx
+    - __C_specific_handler
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=CA, ST=Quebec, L=Laval, O=LAVALYS, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, OU=Software Licensing Department,
+                CN=LAVALYS
+            ValidFrom: '2008-09-04 00:00:00'
+            ValidTo: '2010-10-17 23:59:59'
+            Signature: 6cd0fe216b27c908f3d444ef0428c76bbc25f74beb7f2027a497499ea5b5c61f99c4e455341bdab5f26b3cc920a9e8224eb79a95ebb81e3fef374f992255d7a997e43f5b497be9bbfe7d28c6791d0e2c93e72668d8c18e08f3329dde27f8a587a59202d9ff6db84fbb56ea4d37b702d80ef4fcdc49bc636351e3ab2043db01b4312c653e830819cf8c44ce3da714dc73933f242b035ef6ef8dc486b5a8aece6e4061138a7e2f6916d527b5a3a6cfeb6475cba7b0afa08a5b6e8590e02758428b217a288d29f641cd493f34f251739b8b529fe0d30182ad5f4fb461caf7f6447598bc5b6833fb8be5884ee329413c4550c8715929c6767bb0fa5c101de989f5ee
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 739a73c1864ae27d7d9cdcf7055888e4
+            Version: 3
+            TBS:
+                MD5: 4ccfe1bafb291fc51e5636295c8e38eb
+                SHA1: c93bdd8fd964b6c750fcad1455a37fdd77276446
+                SHA256: 63b214b64cb75b53fd0d4baacbcadee892160af685a79f6b5c6f984214521c8f
+                SHA384: 70411e706a18564522cdcc92bbdaf6187c2a318b8beb2e7025959e04475e8a5bbdea470a6d82109c0fbd7b56b22abf5f
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 739a73c1864ae27d7d9cdcf7055888e4
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: ''
+    MD5: 7ffdd78d63ca7307a96843cfe806799e
+    MachineType: AMD64
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: 64ff172bafc33f14ca5f2e35f9753d41e239a5e4
+    SHA256: 8edab185e765f9806fa57153db1ede00e68270d2351443ee1de30674eca8d9b6
+    Signature: ''
+    Imphash: 14075e605bff546182d682f41afefea2
+    Authentihash:
+        MD5: d34ebed47db04efbe079e6656f917531
+        SHA1: e54e9d578562719ca86461fec23bc9013cf8baa1
+        SHA256: fa4be68f1ea1e36aca95fd62b6727cf9d22886c2612391faeb9c56a1c62c2ec9
+    RichPEHeaderHash:
+        MD5: 99e2fdbe346fb428297f8783591d5358
+        SHA1: 5eca02c6eaab32341e8baf724242ba04ac000d61
+        SHA256: 684d8e76806e586f1dcf85eb846659993d1f0e5a20fc4a0dfdb4d0c6137bb55a
+    Sections:
+        .text:
+            Entropy: 6.27383308492245
+            Virtual Size: '0x27a4'
+        .rdata:
+            Entropy: 4.114310857711515
+            Virtual Size: '0x17c'
+        .data:
+            Entropy: 0.30140680731160896
+            Virtual Size: '0x920'
+        .pdata:
+            Entropy: 3.148997526289565
+            Virtual Size: '0x60'
+        INIT:
+            Entropy: 4.943494160682739
+            Virtual Size: '0x30c'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2007-12-13 18:09:23'
+    InternalName: ''
+    Copyright: ''
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoGetDeviceObjectPointer
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - KeWaitForSingleObject
+    - PsGetVersion
+    - IoCreateSymbolicLink
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - IofCallDriver
+    - IoBuildDeviceIoControlRequest
+    - IoDeleteSymbolicLink
+    - RtlAnsiStringToUnicodeString
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - strchr
+    - KeInitializeEvent
+    - RtlInitAnsiString
+    - MmUnmapIoSpace
+    - RtlFreeUnicodeString
+    - KeBugCheckEx
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=CA, ST=Quebec, L=Laval, O=LAVALYS, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, OU=Software Licensing Department,
+                CN=LAVALYS
+            ValidFrom: '2006-10-18 00:00:00'
+            ValidTo: '2008-10-17 23:59:59'
+            Signature: 5e0e77e4e5de0c6c4b7822b17a1e8ebd0960806438f5073c686b575f60dd4129d66bd66b7e4f33cff39dc890ae077db68615ad8d431eec3bf1531f6eb505fe48d186df3306d27893b42af5ef264b621acf26475fe93dd00906f61c78425c101d268d1050db3f7264d5e4a75a205b488684b716f3f2b317367ed13f34553238f6b4ab7a98c9fe48d32289d528d8db8cb583cef299e53f2fdde6d84ae2d2fd41cb826973c3da647221d9efbb2383cdae5c52adfa407399ebd2b9fafbf5c6246f944cd8e9ed79b4540b8ec53ba603464ae42f09468f762f71ddf9068cdd869c6fcf2d3806c6d20ab9781ee027849d946c5d2f58d7853bda919ca412e0c20024a6b7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1b417ba2cdab8010ecfc5ad9dd4baf33
+            Version: 3
+            TBS:
+                MD5: 32ff43e593925e5eab372e2d5e3c9734
+                SHA1: 405c78a239f39963fe8aa5ff5283c582aa369e7b
+                SHA256: 0a6e66dd63e42179cd9e1a1c9d22decad3abe55cfa6fa4062f5c503742d2076f
+                SHA384: a43a1f03510896d34a427c30f7ad75841dacd27b8328b9f756bc55981b71490386289422f1dd05d023c2714e753d85f8
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 1b417ba2cdab8010ecfc5ad9dd4baf33
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: ''
+    MD5: 192519661fe6d132f233d0355c3f4a6d
+    MachineType: AMD64
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: adab368ed3c17b8f2dc0b2173076668b6153e03a
+    SHA256: 90574d2c406b9738aae8fc629c3983c5e47a6282a43b052f38b5dd313380c30a
+    Signature: ''
+    Imphash: 8232d2f79ce126e84cc044543ad82790
+    Authentihash:
+        MD5: 464331a14dd967eed95bb16a8ccf6127
+        SHA1: 8c0999041d3212be1510a766dcc8b7f4b2401fcf
+        SHA256: 1126c9b043872383e5e0b1ac893ddf2238a2c130401627b259c81d98a3cefeae
+    RichPEHeaderHash:
+        MD5: e93b5a02ff5f4c18b186ee8c35f3132e
+        SHA1: 897dc8e1b30df0d168feda245816e72aa2cfcf9e
+        SHA256: 377d1179f5eac38231f07ffef5b19a098956f1074a11f518bee00fee1f5f1cad
+    Sections:
+        .text:
+            Entropy: 6.289707555994787
+            Virtual Size: '0x3e54'
+        .rdata:
+            Entropy: 4.138388504903226
+            Virtual Size: '0x238'
+        .data:
+            Entropy: 0.30140680731160896
+            Virtual Size: '0x1120'
+        .pdata:
+            Entropy: 3.394101782281126
+            Virtual Size: '0x90'
+        INIT:
+            Entropy: 5.057866512392725
+            Virtual Size: '0x3f0'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2010-08-29 05:38:31'
+    InternalName: ''
+    Copyright: ''
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IofCompleteRequest
+    - KeWaitForSingleObject
+    - PsGetVersion
+    - IoCreateSymbolicLink
+    - IoBuildDeviceIoControlRequest
+    - MmIsAddressValid
+    - IoDeleteSymbolicLink
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - RtlAnsiStringToUnicodeString
+    - MmMapIoSpace
+    - RtlInitUnicodeString
+    - IofCallDriver
+    - IoDeleteDevice
+    - strchr
+    - KeInitializeEvent
+    - RtlInitAnsiString
+    - MmUnmapIoSpace
+    - MmBuildMdlForNonPagedPool
+    - RtlFreeUnicodeString
+    - KeBugCheckEx
+    - IoGetDeviceObjectPointer
+    - IoAllocateMdl
+    - MmMapLockedPagesSpecifyCache
+    - __C_specific_handler
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=CA, ST=Quebec, L=Laval, O=LAVALYS, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, OU=Software Licensing Department,
+                CN=LAVALYS
+            ValidFrom: '2008-09-04 00:00:00'
+            ValidTo: '2010-10-17 23:59:59'
+            Signature: 6cd0fe216b27c908f3d444ef0428c76bbc25f74beb7f2027a497499ea5b5c61f99c4e455341bdab5f26b3cc920a9e8224eb79a95ebb81e3fef374f992255d7a997e43f5b497be9bbfe7d28c6791d0e2c93e72668d8c18e08f3329dde27f8a587a59202d9ff6db84fbb56ea4d37b702d80ef4fcdc49bc636351e3ab2043db01b4312c653e830819cf8c44ce3da714dc73933f242b035ef6ef8dc486b5a8aece6e4061138a7e2f6916d527b5a3a6cfeb6475cba7b0afa08a5b6e8590e02758428b217a288d29f641cd493f34f251739b8b529fe0d30182ad5f4fb461caf7f6447598bc5b6833fb8be5884ee329413c4550c8715929c6767bb0fa5c101de989f5ee
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 739a73c1864ae27d7d9cdcf7055888e4
+            Version: 3
+            TBS:
+                MD5: 4ccfe1bafb291fc51e5636295c8e38eb
+                SHA1: c93bdd8fd964b6c750fcad1455a37fdd77276446
+                SHA256: 63b214b64cb75b53fd0d4baacbcadee892160af685a79f6b5c6f984214521c8f
+                SHA384: 70411e706a18564522cdcc92bbdaf6187c2a318b8beb2e7025959e04475e8a5bbdea470a6d82109c0fbd7b56b22abf5f
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 739a73c1864ae27d7d9cdcf7055888e4
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: ''
+    MD5: ab4656d1ec4d4cc83c76f639a5340e84
+    MachineType: AMD64
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: 6f8b0e1c7d7bd7beed853e0d51ca03f143e5b703
+    SHA256: 9917144b7240b1ce0cadb1210fd26182744fbbdf145943037c4b93e44aced207
+    Signature: ''
+    Imphash: a387f215b4964a3ca2e3c92f235a6d1b
+    Authentihash:
+        MD5: 8eda3e023c5fcf652d9c703853699f4a
+        SHA1: df5ec3bf96f7200f4365c383b0d93074a216324a
+        SHA256: 8c20d10857c37d8ed9151fa95f6bf12f99ef2c0bea36eed2370a1f4da7737951
+    RichPEHeaderHash:
+        MD5: a22a9aa3f58912bffbd51273b848fa2a
+        SHA1: cf13386bd4c692fa4ee4873479f82e47a413cafc
+        SHA256: abc066632466728bf6828ac1dc4400fdfd0953bb97ad08f7eb27de3581f930e7
+    Sections:
+        .text:
+            Entropy: 6.147651066524595
+            Virtual Size: '0xd24'
+        .rdata:
+            Entropy: 4.373354569063974
+            Virtual Size: '0xec'
+        .pdata:
+            Entropy: 2.60824728589356
+            Virtual Size: '0x24'
+        INIT:
+            Entropy: 4.090607332239198
+            Virtual Size: '0x122'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2004-10-13 15:37:45'
+    InternalName: ''
+    Copyright: ''
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IofCompleteRequest
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    Signatures: {}
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: ''
+    MD5: b41dcdb2e710dffba2d8ea1defb0f087
+    MachineType: AMD64
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: 11fcaeda49848474cee9989a00d8f29cb727acb7
+    SHA256: a188760f1bf36584a2720014ca982252c6bcd824e7619a98580e28be6090dccc
+    Signature: ''
+    Imphash: 9e2cf28fe320bbf74972509536569c8e
+    Authentihash:
+        MD5: 80d3b21388e7b00c813d0c0cad450f6e
+        SHA1: 413266463b3800a35c8fb3bda1dabe38e5ccd452
+        SHA256: 36d8d27d2ee91c45502d3a6688afc5c09b2b9776232074e65bd813a230eb37d1
+    RichPEHeaderHash:
+        MD5: eb7a6452e7d8e135bf9199524118601d
+        SHA1: 7400103f42e22809e66c207f1eb1d22cd947f22f
+        SHA256: 7efa73cf87c7b47175625395d918a9fcc93d9b5bf6392978613fced2155908fe
+    Sections:
+        .text:
+            Entropy: 6.267178404843947
+            Virtual Size: '0x39d4'
+        .rdata:
+            Entropy: 4.268022493345964
+            Virtual Size: '0x208'
+        .data:
+            Entropy: 0.30140680731160896
+            Virtual Size: '0x1120'
+        .pdata:
+            Entropy: 3.262525157167094
+            Virtual Size: '0x78'
+        INIT:
+            Entropy: 5.015684190555883
+            Virtual Size: '0x32c'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2009-05-31 08:07:11'
+    InternalName: ''
+    Copyright: ''
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - strchr
+    - KeInitializeEvent
+    - RtlInitAnsiString
+    - MmUnmapIoSpace
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - KeWaitForSingleObject
+    - PsGetVersion
+    - IoCreateSymbolicLink
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - IoBuildDeviceIoControlRequest
+    - IofCallDriver
+    - IoDeleteSymbolicLink
+    - RtlAnsiStringToUnicodeString
+    - KeBugCheckEx
+    - __C_specific_handler
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=CA, ST=Quebec, L=Laval, O=LAVALYS, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, OU=Software Licensing Department,
+                CN=LAVALYS
+            ValidFrom: '2008-09-04 00:00:00'
+            ValidTo: '2010-10-17 23:59:59'
+            Signature: 6cd0fe216b27c908f3d444ef0428c76bbc25f74beb7f2027a497499ea5b5c61f99c4e455341bdab5f26b3cc920a9e8224eb79a95ebb81e3fef374f992255d7a997e43f5b497be9bbfe7d28c6791d0e2c93e72668d8c18e08f3329dde27f8a587a59202d9ff6db84fbb56ea4d37b702d80ef4fcdc49bc636351e3ab2043db01b4312c653e830819cf8c44ce3da714dc73933f242b035ef6ef8dc486b5a8aece6e4061138a7e2f6916d527b5a3a6cfeb6475cba7b0afa08a5b6e8590e02758428b217a288d29f641cd493f34f251739b8b529fe0d30182ad5f4fb461caf7f6447598bc5b6833fb8be5884ee329413c4550c8715929c6767bb0fa5c101de989f5ee
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 739a73c1864ae27d7d9cdcf7055888e4
+            Version: 3
+            TBS:
+                MD5: 4ccfe1bafb291fc51e5636295c8e38eb
+                SHA1: c93bdd8fd964b6c750fcad1455a37fdd77276446
+                SHA256: 63b214b64cb75b53fd0d4baacbcadee892160af685a79f6b5c6f984214521c8f
+                SHA384: 70411e706a18564522cdcc92bbdaf6187c2a318b8beb2e7025959e04475e8a5bbdea470a6d82109c0fbd7b56b22abf5f
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 739a73c1864ae27d7d9cdcf7055888e4
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: ''
+    MD5: e99e86480d4206beb898dda82b71ca44
+    MachineType: AMD64
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: c41ff2067634a1cce6b8ec657cdfd87e7f6974e3
+    SHA256: b074caef2fbf7e1dc8870edccb65254858d95836f466b4e9e6ca398bf7a27aa3
+    Signature: ''
+    Imphash: 12fef92a55cb5e1533b89d8e6a5892b2
+    Authentihash:
+        MD5: e80ddfe5a816dd6cb2ffd72da610d8db
+        SHA1: a7e50663be8f7e859b63d1d266e8263a96f7520b
+        SHA256: f6e714528ad1b9eae72699078499735468140c1627e45f015762206ba7a77b47
+    RichPEHeaderHash:
+        MD5: 510491d926769fc79a5d3287db0dd59d
+        SHA1: 32af9e7e3a31bd44e3a5d717efcbe898d17c2423
+        SHA256: 8f0295454ac4eec12c5329539ee515da9c074bf6d009cc0b54ad4506d4097389
+    Sections:
+        .text:
+            Entropy: 6.292382717400381
+            Virtual Size: '0x3c04'
+        .rdata:
+            Entropy: 4.244027827436615
+            Virtual Size: '0x218'
+        .data:
+            Entropy: 0.30140680731160896
+            Virtual Size: '0x1120'
+        .pdata:
+            Entropy: 3.335620585409111
+            Virtual Size: '0x78'
+        INIT:
+            Entropy: 5.003814178607812
+            Virtual Size: '0x38c'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2010-02-17 11:47:03'
+    InternalName: ''
+    Copyright: ''
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - KeWaitForSingleObject
+    - PsGetVersion
+    - IoCreateSymbolicLink
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - MmUnmapIoSpace
+    - IoCreateDevice
+    - IoDeleteSymbolicLink
+    - RtlAnsiStringToUnicodeString
+    - IofCallDriver
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - strchr
+    - KeBugCheckEx
+    - RtlInitAnsiString
+    - IoBuildDeviceIoControlRequest
+    - KeInitializeEvent
+    - __C_specific_handler
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=HU, ST=Budapest, L=Budapest, O=FinalWire, OU=Digital ID Class
+                3 , Microsoft Software Validation v2, CN=FinalWire
+            ValidFrom: '2010-07-29 00:00:00'
+            ValidTo: '2012-07-28 23:59:59'
+            Signature: 99e136ac112e7c78ce7c6227980b00b97242c5f7fd2e9b7759cd1e4eb323f0e4c36199f581121ce2ea9331fb4421f78feffdffbe83a0bab67a68a8ac5b3f79d7412b78ebed416feb9ab1d3412de204db326c47b2ab415938b7fadccc83ac35ed2cacbd29df428db05fabb874865fbeabf7eea6c6bd87c11292b2d48b8481cc02000ed147203fa6d9902796beba69ad8fef775205295d8537f50ca96b98ac9ccdf64391f07768979df2557742564bdc4a44e96673038495cbfac986dbf89311f445df1874534325f3b70262a9d9dc475cd9259e6dec576e50df06a7817a6033bdbe97c98d4684772864ecc564baa2356375fdf1e75982c96f4d7578a2d945e916
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 01cc3af0c7b9f02c029c172f6f135621
+            Version: 3
+            TBS:
+                MD5: 735dfa995ca4af6545a694a22f0fb657
+                SHA1: 5957f3ae95e2a195cf0a1f99eeb989350b58f724
+                SHA256: 1278201f6ed95445add0bcdc6030e72609f88fa9bdabafb98615e358005025c1
+                SHA384: 3303d4a3274742ee5172188482e243db6dff6e90de9af946caabbd21d6bde8957d5e11b1405f7b784276b671841343d4
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 01cc3af0c7b9f02c029c172f6f135621
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: ''
+    MD5: 3af19d325f9dcdf360276ae5e7c136ea
+    MachineType: AMD64
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: 9ec6f54c74bcc48e355226c26513a7240fd9462d
+    SHA256: b1e4455499c6a90ba9a861120a015a6b6f17e64479462b869ad0f05edf6552de
+    Signature: ''
+    Imphash: 9fb64527ca6d4541cc256b1abd1e4101
+    Authentihash:
+        MD5: d5f989cdc26ec4900dce75f37ae08922
+        SHA1: 50c8857024e4bf57613d951932bbc3d890c839f6
+        SHA256: 9fa699246d83356d7b4bd99adf3c74f8e0682a650de2687075e70418ee9d5e38
+    RichPEHeaderHash:
+        MD5: 2c53952789ebcf16a337a5ec3ab41667
+        SHA1: 60852524abfeefc666c143ac7a6d7350244e53be
+        SHA256: 0a1214a3de635359675999b347fd34869caf91a1cd0510677996adcec5c2c6bc
+    Sections:
+        .text:
+            Entropy: 6.32956002357417
+            Virtual Size: '0x2b14'
+        .rdata:
+            Entropy: 4.290234756225693
+            Virtual Size: '0x1a8'
+        .data:
+            Entropy: 0.30140680731160896
+            Virtual Size: '0x1120'
+        .pdata:
+            Entropy: 3.2276654317225844
+            Virtual Size: '0x78'
+        INIT:
+            Entropy: 4.99439749912298
+            Virtual Size: '0x30c'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2008-11-14 08:36:07'
+    InternalName: ''
+    Copyright: ''
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoCreateSymbolicLink
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - IofCallDriver
+    - IoBuildDeviceIoControlRequest
+    - IoDeleteSymbolicLink
+    - RtlAnsiStringToUnicodeString
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - strchr
+    - KeInitializeEvent
+    - RtlInitAnsiString
+    - MmUnmapIoSpace
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - KeWaitForSingleObject
+    - PsGetVersion
+    - KeBugCheckEx
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=CA, ST=Quebec, L=Laval, O=LAVALYS, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, OU=Software Licensing Department,
+                CN=LAVALYS
+            ValidFrom: '2008-09-04 00:00:00'
+            ValidTo: '2010-10-17 23:59:59'
+            Signature: 6cd0fe216b27c908f3d444ef0428c76bbc25f74beb7f2027a497499ea5b5c61f99c4e455341bdab5f26b3cc920a9e8224eb79a95ebb81e3fef374f992255d7a997e43f5b497be9bbfe7d28c6791d0e2c93e72668d8c18e08f3329dde27f8a587a59202d9ff6db84fbb56ea4d37b702d80ef4fcdc49bc636351e3ab2043db01b4312c653e830819cf8c44ce3da714dc73933f242b035ef6ef8dc486b5a8aece6e4061138a7e2f6916d527b5a3a6cfeb6475cba7b0afa08a5b6e8590e02758428b217a288d29f641cd493f34f251739b8b529fe0d30182ad5f4fb461caf7f6447598bc5b6833fb8be5884ee329413c4550c8715929c6767bb0fa5c101de989f5ee
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 739a73c1864ae27d7d9cdcf7055888e4
+            Version: 3
+            TBS:
+                MD5: 4ccfe1bafb291fc51e5636295c8e38eb
+                SHA1: c93bdd8fd964b6c750fcad1455a37fdd77276446
+                SHA256: 63b214b64cb75b53fd0d4baacbcadee892160af685a79f6b5c6f984214521c8f
+                SHA384: 70411e706a18564522cdcc92bbdaf6187c2a318b8beb2e7025959e04475e8a5bbdea470a6d82109c0fbd7b56b22abf5f
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 739a73c1864ae27d7d9cdcf7055888e4
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: ''
+    MD5: 4a829b8cf1f8fdb69e1d58ae04e6106e
+    MachineType: AMD64
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: 43f53a739eda1e58f470e8e9ff9aa1437e5d9546
+    SHA256: bac7e75745d0cb8819de738b73edded02a07111587c4531383dccd4562922b65
+    Signature: ''
+    Imphash: 14075e605bff546182d682f41afefea2
+    Authentihash:
+        MD5: 40fbf3c682b7160db67000115f14c2d9
+        SHA1: c59bcd90cf7bf8999629bdf6f87dfe714d81ba2b
+        SHA256: 9e855f9d5f5f4dc9420f34045df5d2c70498468f076d873571fc62e4015e38d3
+    RichPEHeaderHash:
+        MD5: 99e2fdbe346fb428297f8783591d5358
+        SHA1: 5eca02c6eaab32341e8baf724242ba04ac000d61
+        SHA256: 684d8e76806e586f1dcf85eb846659993d1f0e5a20fc4a0dfdb4d0c6137bb55a
+    Sections:
+        .text:
+            Entropy: 6.279921262911487
+            Virtual Size: '0x2784'
+        .rdata:
+            Entropy: 4.133004023626673
+            Virtual Size: '0x17c'
+        .data:
+            Entropy: 0.30140680731160896
+            Virtual Size: '0x920'
+        .pdata:
+            Entropy: 3.1281641929562314
+            Virtual Size: '0x60'
+        INIT:
+            Entropy: 4.943494160682739
+            Virtual Size: '0x30c'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2007-10-13 22:44:15'
+    InternalName: ''
+    Copyright: ''
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoGetDeviceObjectPointer
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - KeWaitForSingleObject
+    - PsGetVersion
+    - IoCreateSymbolicLink
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - IofCallDriver
+    - IoBuildDeviceIoControlRequest
+    - IoDeleteSymbolicLink
+    - RtlAnsiStringToUnicodeString
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - strchr
+    - KeInitializeEvent
+    - RtlInitAnsiString
+    - MmUnmapIoSpace
+    - RtlFreeUnicodeString
+    - KeBugCheckEx
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=CA, ST=Quebec, L=Laval, O=LAVALYS, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, OU=Software Licensing Department,
+                CN=LAVALYS
+            ValidFrom: '2006-10-18 00:00:00'
+            ValidTo: '2008-10-17 23:59:59'
+            Signature: 5e0e77e4e5de0c6c4b7822b17a1e8ebd0960806438f5073c686b575f60dd4129d66bd66b7e4f33cff39dc890ae077db68615ad8d431eec3bf1531f6eb505fe48d186df3306d27893b42af5ef264b621acf26475fe93dd00906f61c78425c101d268d1050db3f7264d5e4a75a205b488684b716f3f2b317367ed13f34553238f6b4ab7a98c9fe48d32289d528d8db8cb583cef299e53f2fdde6d84ae2d2fd41cb826973c3da647221d9efbb2383cdae5c52adfa407399ebd2b9fafbf5c6246f944cd8e9ed79b4540b8ec53ba603464ae42f09468f762f71ddf9068cdd869c6fcf2d3806c6d20ab9781ee027849d946c5d2f58d7853bda919ca412e0c20024a6b7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1b417ba2cdab8010ecfc5ad9dd4baf33
+            Version: 3
+            TBS:
+                MD5: 32ff43e593925e5eab372e2d5e3c9734
+                SHA1: 405c78a239f39963fe8aa5ff5283c582aa369e7b
+                SHA256: 0a6e66dd63e42179cd9e1a1c9d22decad3abe55cfa6fa4062f5c503742d2076f
+                SHA384: a43a1f03510896d34a427c30f7ad75841dacd27b8328b9f756bc55981b71490386289422f1dd05d023c2714e753d85f8
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 1b417ba2cdab8010ecfc5ad9dd4baf33
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: ''
+    MD5: 8a212a246b3c41f3ddce5888aaaaacd6
+    MachineType: AMD64
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: 1b25fbab2dbee5504dc94fbcc298cd8669c097a8
+    SHA256: bae4372a9284db52dedc1c1100cefa758b3ec8d9d4f0e5588a8db34ded5edb1f
+    Signature: ''
+    Imphash: a387f215b4964a3ca2e3c92f235a6d1b
+    Authentihash:
+        MD5: 8f76fc1f9d51c1d878961770de8468f3
+        SHA1: 7fcc190a9ea23e610a30db42d9a6d6fb174bd074
+        SHA256: ac7cd788581d6f8098b5d438546eb3584c1b08dbe7fd3b1ddc2a7295bd4dd16f
+    RichPEHeaderHash:
+        MD5: a22a9aa3f58912bffbd51273b848fa2a
+        SHA1: cf13386bd4c692fa4ee4873479f82e47a413cafc
+        SHA256: abc066632466728bf6828ac1dc4400fdfd0953bb97ad08f7eb27de3581f930e7
+    Sections:
+        .text:
+            Entropy: 6.154772267861031
+            Virtual Size: '0xc74'
+        .rdata:
+            Entropy: 4.3771537086921075
+            Virtual Size: '0xec'
+        .pdata:
+            Entropy: 2.684771938731434
+            Virtual Size: '0x24'
+        INIT:
+            Entropy: 4.090607332239198
+            Virtual Size: '0x122'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2004-04-08 00:20:27'
+    InternalName: ''
+    Copyright: ''
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IofCompleteRequest
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    Signatures: {}
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: ''
+    MD5: 198b723e13a270bb664dcb9fb6ed42e6
+    MachineType: AMD64
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: 297fdf58e60d54bcddf2694c21ceb9da9ec17915
+    SHA256: bd3cf8b9af255b5d4735782d3653be38578ff5be18846b13d05867a6159aaa53
+    Signature: ''
+    Imphash: 37b1eada43ad08093dfa4de7a411d15f
+    Authentihash:
+        MD5: 1022ba5d755ec9576fa590da85781481
+        SHA1: 615360e669acdf516e8164b41d92f0d17ff1b1d7
+        SHA256: 56135fb8d5d3ed93b38679cb0dea9cc16ed7fdb0db9659e40a5c2d82655ada67
+    RichPEHeaderHash:
+        MD5: 2c53952789ebcf16a337a5ec3ab41667
+        SHA1: 60852524abfeefc666c143ac7a6d7350244e53be
+        SHA256: 0a1214a3de635359675999b347fd34869caf91a1cd0510677996adcec5c2c6bc
+    Sections:
+        .text:
+            Entropy: 6.343312048090201
+            Virtual Size: '0x2c64'
+        .rdata:
+            Entropy: 4.29384664405546
+            Virtual Size: '0x1a8'
+        .data:
+            Entropy: 0.30140680731160896
+            Virtual Size: '0x1120'
+        .pdata:
+            Entropy: 3.2380413692045558
+            Virtual Size: '0x78'
+        INIT:
+            Entropy: 4.996752540797672
+            Virtual Size: '0x30c'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2008-12-13 11:32:27'
+    InternalName: ''
+    Copyright: ''
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoBuildDeviceIoControlRequest
+    - IofCallDriver
+    - IoDeleteSymbolicLink
+    - RtlAnsiStringToUnicodeString
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - strchr
+    - KeInitializeEvent
+    - RtlInitAnsiString
+    - MmUnmapIoSpace
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - KeWaitForSingleObject
+    - PsGetVersion
+    - IoCreateSymbolicLink
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - KeBugCheckEx
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=CA, ST=Quebec, L=Laval, O=LAVALYS, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, OU=Software Licensing Department,
+                CN=LAVALYS
+            ValidFrom: '2008-09-04 00:00:00'
+            ValidTo: '2010-10-17 23:59:59'
+            Signature: 6cd0fe216b27c908f3d444ef0428c76bbc25f74beb7f2027a497499ea5b5c61f99c4e455341bdab5f26b3cc920a9e8224eb79a95ebb81e3fef374f992255d7a997e43f5b497be9bbfe7d28c6791d0e2c93e72668d8c18e08f3329dde27f8a587a59202d9ff6db84fbb56ea4d37b702d80ef4fcdc49bc636351e3ab2043db01b4312c653e830819cf8c44ce3da714dc73933f242b035ef6ef8dc486b5a8aece6e4061138a7e2f6916d527b5a3a6cfeb6475cba7b0afa08a5b6e8590e02758428b217a288d29f641cd493f34f251739b8b529fe0d30182ad5f4fb461caf7f6447598bc5b6833fb8be5884ee329413c4550c8715929c6767bb0fa5c101de989f5ee
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 739a73c1864ae27d7d9cdcf7055888e4
+            Version: 3
+            TBS:
+                MD5: 4ccfe1bafb291fc51e5636295c8e38eb
+                SHA1: c93bdd8fd964b6c750fcad1455a37fdd77276446
+                SHA256: 63b214b64cb75b53fd0d4baacbcadee892160af685a79f6b5c6f984214521c8f
+                SHA384: 70411e706a18564522cdcc92bbdaf6187c2a318b8beb2e7025959e04475e8a5bbdea470a6d82109c0fbd7b56b22abf5f
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 739a73c1864ae27d7d9cdcf7055888e4
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: ''
+    MD5: 5bbe4e52bd33f1cdd4cf38c7c65f80ae
+    MachineType: AMD64
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: d11659145d6627f3d93975528d92fb6814171f91
+    SHA256: c6db7f2750e7438196ec906cc9eba540ef49ceca6dbd981038cef1dc50662a73
+    Signature: ''
+    Imphash: 540992ba6f31301ba27604515a78ad79
+    Authentihash:
+        MD5: 9291f8094b605eaaa503896f70750286
+        SHA1: 505b25bf6f81b9cd2aed9a4041c734619cca6f48
+        SHA256: db0bcfb5bbd93abc8682508af224a1aa5e96f82f037ee0ba26d1d02a3d639a2a
+    RichPEHeaderHash:
+        MD5: d8efbf77a16c80060c37681f4fc696d7
+        SHA1: 74f746e5eebab46d9ee2e15c96542fa508bdd271
+        SHA256: c6e67d594fc9ff3077181314e987207660ae9627e0ec3ed7f8ad96e7719c130c
+    Sections:
+        .text:
+            Entropy: 6.300465536675167
+            Virtual Size: '0x1b1c'
+        .rdata:
+            Entropy: 4.541856549567209
+            Virtual Size: '0x184'
+        .data:
+            Entropy: 0.30140680731160896
+            Virtual Size: '0x520'
+        .pdata:
+            Entropy: 3.2694830715255043
+            Virtual Size: '0x84'
+        INIT:
+            Entropy: 4.674750178771107
+            Virtual Size: '0x1a6'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2006-06-24 06:26:46'
+    InternalName: ''
+    Copyright: ''
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - RtlAssert
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    Signatures: {}
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: ''
+    MD5: 25ede0fd525a30d31998ea62876961ec
+    MachineType: AMD64
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: f9cced7ccdc1f149ad8ad13a264c4425aee89b8e
+    SHA256: cb59a641adb623a65a9b5af1db2ffd921fd1ca1bc046a6df85d5f2e00fd0b5a5
+    Signature: ''
+    Imphash: 3198fc43051f03c6c71587dbf232f75c
+    Authentihash:
+        MD5: 697dd3d62bd8d00e89e5c107f3d1aa71
+        SHA1: 9b4812dc3fc74f1dc144b916003e4341def44446
+        SHA256: 2e190b58266d9f7ce9681b834b0c7e6ab06e1305ab9258d714212a0bad58c0b4
+    RichPEHeaderHash:
+        MD5: d7c3e34ff185cd060fd272724a9a08d4
+        SHA1: 07bd4ac3ba36186190def09485c7e9ecdaae1d12
+        SHA256: e886be3aa324ce0db073d3bfc7e1603fdfa353e31159343409d6a3117c5e7849
+    Sections:
+        .text:
+            Entropy: 6.309517170812303
+            Virtual Size: '0x2394'
+        .rdata:
+            Entropy: 3.9556923494477734
+            Virtual Size: '0x160'
+        .data:
+            Entropy: 0.30140680731160896
+            Virtual Size: '0x920'
+        .pdata:
+            Entropy: 3.088095313070914
+            Virtual Size: '0x48'
+        INIT:
+            Entropy: 4.962170822592899
+            Virtual Size: '0x2fa'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2007-09-14 16:20:59'
+    InternalName: ''
+    Copyright: ''
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - RtlInitAnsiString
+    - MmUnmapIoSpace
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - KeWaitForSingleObject
+    - PsGetVersion
+    - IoCreateSymbolicLink
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - IofCallDriver
+    - IoBuildDeviceIoControlRequest
+    - IoDeleteSymbolicLink
+    - RtlAnsiStringToUnicodeString
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeInitializeEvent
+    - KeBugCheckEx
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=CA, ST=Quebec, L=Laval, O=LAVALYS, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, OU=Software Licensing Department,
+                CN=LAVALYS
+            ValidFrom: '2006-10-18 00:00:00'
+            ValidTo: '2008-10-17 23:59:59'
+            Signature: 5e0e77e4e5de0c6c4b7822b17a1e8ebd0960806438f5073c686b575f60dd4129d66bd66b7e4f33cff39dc890ae077db68615ad8d431eec3bf1531f6eb505fe48d186df3306d27893b42af5ef264b621acf26475fe93dd00906f61c78425c101d268d1050db3f7264d5e4a75a205b488684b716f3f2b317367ed13f34553238f6b4ab7a98c9fe48d32289d528d8db8cb583cef299e53f2fdde6d84ae2d2fd41cb826973c3da647221d9efbb2383cdae5c52adfa407399ebd2b9fafbf5c6246f944cd8e9ed79b4540b8ec53ba603464ae42f09468f762f71ddf9068cdd869c6fcf2d3806c6d20ab9781ee027849d946c5d2f58d7853bda919ca412e0c20024a6b7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1b417ba2cdab8010ecfc5ad9dd4baf33
+            Version: 3
+            TBS:
+                MD5: 32ff43e593925e5eab372e2d5e3c9734
+                SHA1: 405c78a239f39963fe8aa5ff5283c582aa369e7b
+                SHA256: 0a6e66dd63e42179cd9e1a1c9d22decad3abe55cfa6fa4062f5c503742d2076f
+                SHA384: a43a1f03510896d34a427c30f7ad75841dacd27b8328b9f756bc55981b71490386289422f1dd05d023c2714e753d85f8
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 1b417ba2cdab8010ecfc5ad9dd4baf33
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: ''
+    MD5: 03ca3b1cff154ab8855043abadd07956
+    MachineType: AMD64
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: 96047b280e0d6ddde9df1c79ca5f561219a0370d
+    SHA256: d330ab003206ce5e9828607562790aa8dd0453f6b7452f5c6053e3c6b6761d25
+    Signature: ''
+    Imphash: 8232d2f79ce126e84cc044543ad82790
+    Authentihash:
+        MD5: 576743e8db31ee0e2dfb3731be4dc31c
+        SHA1: 36ae0624e64979290cf6c643980aae899bb10311
+        SHA256: 8f69fa6128acbaa8217454ff22eb7fb9be1e841ed47116e7616749600b4bfc4d
+    RichPEHeaderHash:
+        MD5: e93b5a02ff5f4c18b186ee8c35f3132e
+        SHA1: 897dc8e1b30df0d168feda245816e72aa2cfcf9e
+        SHA256: 377d1179f5eac38231f07ffef5b19a098956f1074a11f518bee00fee1f5f1cad
+    Sections:
+        .text:
+            Entropy: 6.288801441683452
+            Virtual Size: '0x3e52'
+        .rdata:
+            Entropy: 4.13594691696676
+            Virtual Size: '0x238'
+        .data:
+            Entropy: 0.30140680731160896
+            Virtual Size: '0x1120'
+        .pdata:
+            Entropy: 3.394101782281126
+            Virtual Size: '0x90'
+        INIT:
+            Entropy: 5.057866512392725
+            Virtual Size: '0x3f0'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2010-10-05 02:21:07'
+    InternalName: ''
+    Copyright: ''
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IofCompleteRequest
+    - KeWaitForSingleObject
+    - PsGetVersion
+    - IoCreateSymbolicLink
+    - IoBuildDeviceIoControlRequest
+    - MmIsAddressValid
+    - IoDeleteSymbolicLink
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - RtlAnsiStringToUnicodeString
+    - MmMapIoSpace
+    - RtlInitUnicodeString
+    - IofCallDriver
+    - IoDeleteDevice
+    - strchr
+    - KeInitializeEvent
+    - RtlInitAnsiString
+    - MmUnmapIoSpace
+    - MmBuildMdlForNonPagedPool
+    - RtlFreeUnicodeString
+    - KeBugCheckEx
+    - IoGetDeviceObjectPointer
+    - IoAllocateMdl
+    - MmMapLockedPagesSpecifyCache
+    - __C_specific_handler
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=HU, ST=Budapest, L=Budapest, O=FinalWire, OU=Digital ID Class
+                3 , Microsoft Software Validation v2, CN=FinalWire
+            ValidFrom: '2010-07-29 00:00:00'
+            ValidTo: '2012-07-28 23:59:59'
+            Signature: 99e136ac112e7c78ce7c6227980b00b97242c5f7fd2e9b7759cd1e4eb323f0e4c36199f581121ce2ea9331fb4421f78feffdffbe83a0bab67a68a8ac5b3f79d7412b78ebed416feb9ab1d3412de204db326c47b2ab415938b7fadccc83ac35ed2cacbd29df428db05fabb874865fbeabf7eea6c6bd87c11292b2d48b8481cc02000ed147203fa6d9902796beba69ad8fef775205295d8537f50ca96b98ac9ccdf64391f07768979df2557742564bdc4a44e96673038495cbfac986dbf89311f445df1874534325f3b70262a9d9dc475cd9259e6dec576e50df06a7817a6033bdbe97c98d4684772864ecc564baa2356375fdf1e75982c96f4d7578a2d945e916
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 01cc3af0c7b9f02c029c172f6f135621
+            Version: 3
+            TBS:
+                MD5: 735dfa995ca4af6545a694a22f0fb657
+                SHA1: 5957f3ae95e2a195cf0a1f99eeb989350b58f724
+                SHA256: 1278201f6ed95445add0bcdc6030e72609f88fa9bdabafb98615e358005025c1
+                SHA384: 3303d4a3274742ee5172188482e243db6dff6e90de9af946caabbd21d6bde8957d5e11b1405f7b784276b671841343d4
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 01cc3af0c7b9f02c029c172f6f135621
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: ''
+    MD5: 2b6a17ec50d3a21e030ed78f7acbd2af
+    MachineType: AMD64
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: cd7b0c6b6ef809e7fb1f68ba36150eceabe500f7
+    SHA256: d3b5fd13a53eee5c468c8bfde4bfa7b968c761f9b781bb80ccd5637ee052ee7d
+    Signature: ''
+    Imphash: d232ae5bad7ce02f4eece90ef370c7a0
+    Authentihash:
+        MD5: d9faacfcccaa55e240ae3967dba2ccc6
+        SHA1: d4933bd439b26de02e70e2001913b0bced6b5754
+        SHA256: 93cdc6e885459d95d5e9d6b2ee979e5cad44af1f57bca3947d594847cfbd5829
+    RichPEHeaderHash:
+        MD5: d7c3e34ff185cd060fd272724a9a08d4
+        SHA1: 07bd4ac3ba36186190def09485c7e9ecdaae1d12
+        SHA256: e886be3aa324ce0db073d3bfc7e1603fdfa353e31159343409d6a3117c5e7849
+    Sections:
+        .text:
+            Entropy: 6.376445549544823
+            Virtual Size: '0x1e14'
+        .rdata:
+            Entropy: 3.9864958981614937
+            Virtual Size: '0x160'
+        .data:
+            Entropy: 0.30140680731160896
+            Virtual Size: '0x520'
+        .pdata:
+            Entropy: 3.001455039824863
+            Virtual Size: '0x3c'
+        INIT:
+            Entropy: 4.95468047746019
+            Virtual Size: '0x2fa'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2007-07-09 18:15:14'
+    InternalName: ''
+    Copyright: ''
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IofCallDriver
+    - IoBuildDeviceIoControlRequest
+    - IoDeleteSymbolicLink
+    - RtlAnsiStringToUnicodeString
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeInitializeEvent
+    - RtlInitAnsiString
+    - MmUnmapIoSpace
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - KeWaitForSingleObject
+    - PsGetVersion
+    - IoCreateSymbolicLink
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - KeBugCheckEx
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=CA, ST=Quebec, L=Laval, O=LAVALYS, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, OU=Software Licensing Department,
+                CN=LAVALYS
+            ValidFrom: '2006-10-18 00:00:00'
+            ValidTo: '2008-10-17 23:59:59'
+            Signature: 5e0e77e4e5de0c6c4b7822b17a1e8ebd0960806438f5073c686b575f60dd4129d66bd66b7e4f33cff39dc890ae077db68615ad8d431eec3bf1531f6eb505fe48d186df3306d27893b42af5ef264b621acf26475fe93dd00906f61c78425c101d268d1050db3f7264d5e4a75a205b488684b716f3f2b317367ed13f34553238f6b4ab7a98c9fe48d32289d528d8db8cb583cef299e53f2fdde6d84ae2d2fd41cb826973c3da647221d9efbb2383cdae5c52adfa407399ebd2b9fafbf5c6246f944cd8e9ed79b4540b8ec53ba603464ae42f09468f762f71ddf9068cdd869c6fcf2d3806c6d20ab9781ee027849d946c5d2f58d7853bda919ca412e0c20024a6b7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1b417ba2cdab8010ecfc5ad9dd4baf33
+            Version: 3
+            TBS:
+                MD5: 32ff43e593925e5eab372e2d5e3c9734
+                SHA1: 405c78a239f39963fe8aa5ff5283c582aa369e7b
+                SHA256: 0a6e66dd63e42179cd9e1a1c9d22decad3abe55cfa6fa4062f5c503742d2076f
+                SHA384: a43a1f03510896d34a427c30f7ad75841dacd27b8328b9f756bc55981b71490386289422f1dd05d023c2714e753d85f8
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 1b417ba2cdab8010ecfc5ad9dd4baf33
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: ''
+    MD5: 2d854c6772f0daa8d1fde4168d26c36b
+    MachineType: AMD64
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: 0b3836d5d98bc8862a380aae19caa3e77a2d93ef
+    SHA256: db0d425708ba908aedf5f8762d6fdca7636ae3a537372889446176c0237a2836
+    Signature: ''
+    Imphash: 12fef92a55cb5e1533b89d8e6a5892b2
+    Authentihash:
+        MD5: 3e15e42c2c1383d31e85b2da63dd7823
+        SHA1: bd280953877c65eea79de5a3edc1961b650e7c76
+        SHA256: d9674a1364fde6b5e7fb1770bdebb8db7de8e15f3c976e5c5102775c95452967
+    RichPEHeaderHash:
+        MD5: 510491d926769fc79a5d3287db0dd59d
+        SHA1: 32af9e7e3a31bd44e3a5d717efcbe898d17c2423
+        SHA256: 8f0295454ac4eec12c5329539ee515da9c074bf6d009cc0b54ad4506d4097389
+    Sections:
+        .text:
+            Entropy: 6.291901945715824
+            Virtual Size: '0x3c04'
+        .rdata:
+            Entropy: 4.210949425786671
+            Virtual Size: '0x218'
+        .data:
+            Entropy: 0.30140680731160896
+            Virtual Size: '0x1120'
+        .pdata:
+            Entropy: 3.335620585409111
+            Virtual Size: '0x78'
+        INIT:
+            Entropy: 5.003814178607812
+            Virtual Size: '0x38c'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2009-10-09 14:49:06'
+    InternalName: ''
+    Copyright: ''
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - KeWaitForSingleObject
+    - PsGetVersion
+    - IoCreateSymbolicLink
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - MmUnmapIoSpace
+    - IoCreateDevice
+    - IoDeleteSymbolicLink
+    - RtlAnsiStringToUnicodeString
+    - IofCallDriver
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - strchr
+    - KeBugCheckEx
+    - RtlInitAnsiString
+    - IoBuildDeviceIoControlRequest
+    - KeInitializeEvent
+    - __C_specific_handler
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=CA, ST=Quebec, L=Laval, O=LAVALYS, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, OU=Software Licensing Department,
+                CN=LAVALYS
+            ValidFrom: '2008-09-04 00:00:00'
+            ValidTo: '2010-10-17 23:59:59'
+            Signature: 6cd0fe216b27c908f3d444ef0428c76bbc25f74beb7f2027a497499ea5b5c61f99c4e455341bdab5f26b3cc920a9e8224eb79a95ebb81e3fef374f992255d7a997e43f5b497be9bbfe7d28c6791d0e2c93e72668d8c18e08f3329dde27f8a587a59202d9ff6db84fbb56ea4d37b702d80ef4fcdc49bc636351e3ab2043db01b4312c653e830819cf8c44ce3da714dc73933f242b035ef6ef8dc486b5a8aece6e4061138a7e2f6916d527b5a3a6cfeb6475cba7b0afa08a5b6e8590e02758428b217a288d29f641cd493f34f251739b8b529fe0d30182ad5f4fb461caf7f6447598bc5b6833fb8be5884ee329413c4550c8715929c6767bb0fa5c101de989f5ee
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 739a73c1864ae27d7d9cdcf7055888e4
+            Version: 3
+            TBS:
+                MD5: 4ccfe1bafb291fc51e5636295c8e38eb
+                SHA1: c93bdd8fd964b6c750fcad1455a37fdd77276446
+                SHA256: 63b214b64cb75b53fd0d4baacbcadee892160af685a79f6b5c6f984214521c8f
+                SHA384: 70411e706a18564522cdcc92bbdaf6187c2a318b8beb2e7025959e04475e8a5bbdea470a6d82109c0fbd7b56b22abf5f
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 739a73c1864ae27d7d9cdcf7055888e4
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: ''
+    MD5: 1ad400766530669d14a077514599e7f3
+    MachineType: AMD64
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: 1b84abffd814b9f4595296b3e5ede0c44e630967
+    SHA256: dfe57c6a4ef4d2491be325d67428698a61d9c5d2a24dbada10043d313be2c8cc
+    Signature: ''
+    Imphash: f4fa225abfb5a5263241a01a2c3f2b8f
+    Authentihash:
+        MD5: 63fb6eee97dd766aceb02f08b55cbc3a
+        SHA1: 0d67d6c7eb3dc1555faad8b09b60d03e3ec10d6d
+        SHA256: fe9c104a3bb9184a8f792f3f8a3e90d83b9f19cf83cd93d116b02e17f54d727d
+    RichPEHeaderHash:
+        MD5: 2c53952789ebcf16a337a5ec3ab41667
+        SHA1: 60852524abfeefc666c143ac7a6d7350244e53be
+        SHA256: 0a1214a3de635359675999b347fd34869caf91a1cd0510677996adcec5c2c6bc
+    Sections:
+        .text:
+            Entropy: 6.335958908727293
+            Virtual Size: '0x29c4'
+        .rdata:
+            Entropy: 4.191591995511493
+            Virtual Size: '0x194'
+        .data:
+            Entropy: 0.30140680731160896
+            Virtual Size: '0x920'
+        .pdata:
+            Entropy: 3.1803677092748437
+            Virtual Size: '0x6c'
+        INIT:
+            Entropy: 4.945523741978113
+            Virtual Size: '0x30c'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2008-08-29 08:41:55'
+    InternalName: ''
+    Copyright: ''
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - PsGetVersion
+    - IoCreateSymbolicLink
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - IofCallDriver
+    - IoBuildDeviceIoControlRequest
+    - IoDeleteSymbolicLink
+    - RtlAnsiStringToUnicodeString
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - strchr
+    - KeInitializeEvent
+    - RtlInitAnsiString
+    - MmUnmapIoSpace
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - KeWaitForSingleObject
+    - KeBugCheckEx
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=CA, ST=Quebec, L=Laval, O=LAVALYS, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, OU=Software Licensing Department,
+                CN=LAVALYS
+            ValidFrom: '2006-10-18 00:00:00'
+            ValidTo: '2008-10-17 23:59:59'
+            Signature: 5e0e77e4e5de0c6c4b7822b17a1e8ebd0960806438f5073c686b575f60dd4129d66bd66b7e4f33cff39dc890ae077db68615ad8d431eec3bf1531f6eb505fe48d186df3306d27893b42af5ef264b621acf26475fe93dd00906f61c78425c101d268d1050db3f7264d5e4a75a205b488684b716f3f2b317367ed13f34553238f6b4ab7a98c9fe48d32289d528d8db8cb583cef299e53f2fdde6d84ae2d2fd41cb826973c3da647221d9efbb2383cdae5c52adfa407399ebd2b9fafbf5c6246f944cd8e9ed79b4540b8ec53ba603464ae42f09468f762f71ddf9068cdd869c6fcf2d3806c6d20ab9781ee027849d946c5d2f58d7853bda919ca412e0c20024a6b7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1b417ba2cdab8010ecfc5ad9dd4baf33
+            Version: 3
+            TBS:
+                MD5: 32ff43e593925e5eab372e2d5e3c9734
+                SHA1: 405c78a239f39963fe8aa5ff5283c582aa369e7b
+                SHA256: 0a6e66dd63e42179cd9e1a1c9d22decad3abe55cfa6fa4062f5c503742d2076f
+                SHA384: a43a1f03510896d34a427c30f7ad75841dacd27b8328b9f756bc55981b71490386289422f1dd05d023c2714e753d85f8
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 1b417ba2cdab8010ecfc5ad9dd4baf33
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: ''
+    MD5: 0ec31f45e2e698a83131b4443f9a6dd7
+    MachineType: AMD64
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: d43b2ac1221f2eaf2c170788280255cfef3edd72
+    SHA256: e8b51ab681714e491ab1a59a7c9419db39db04b0dd7be11293f3a0951afe740e
+    Signature: ''
+    Imphash: 540992ba6f31301ba27604515a78ad79
+    Authentihash:
+        MD5: 5305c2315974896cd8e5897aa05f2df6
+        SHA1: fad47f27c9498b1c1db11c0d0edfdb486d700971
+        SHA256: bb11fe81a2d2ca868398055e9f8cc7349ff4ac6d0a4f1e85e7e5d04ed7357349
+    RichPEHeaderHash:
+        MD5: d8efbf77a16c80060c37681f4fc696d7
+        SHA1: 74f746e5eebab46d9ee2e15c96542fa508bdd271
+        SHA256: c6e67d594fc9ff3077181314e987207660ae9627e0ec3ed7f8ad96e7719c130c
+    Sections:
+        .text:
+            Entropy: 6.285373730661977
+            Virtual Size: '0x1a4c'
+        .rdata:
+            Entropy: 4.544122542355554
+            Virtual Size: '0x184'
+        .data:
+            Entropy: 0.3459259103346658
+            Virtual Size: '0x520'
+        .pdata:
+            Entropy: 3.2183096813575993
+            Virtual Size: '0x84'
+        INIT:
+            Entropy: 4.6606567053447545
+            Virtual Size: '0x196'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2005-12-15 17:15:51'
+    InternalName: ''
+    Copyright: ''
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - RtlAssert
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    Signatures: {}
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: ''
+    MD5: 96fb2101f85fa81871256107bdd25169
+    MachineType: AMD64
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: ba63502aaf8c5a7c2464e83295948447e938a844
+    SHA256: e9919d1546c7dfef62ff01b87f739812de0a57463611c12012013ae689023ce1
+    Signature: ''
+    Imphash: 12fef92a55cb5e1533b89d8e6a5892b2
+    Authentihash:
+        MD5: 0beb615ff472de5c798f64ddf2abb8ea
+        SHA1: eb54c8926bdb26a17e195d13839b7d250451c66e
+        SHA256: 6f3a182bbeba28dd15e1ad52041b8b32670651686697224cad821a334a8600da
+    RichPEHeaderHash:
+        MD5: 510491d926769fc79a5d3287db0dd59d
+        SHA1: 32af9e7e3a31bd44e3a5d717efcbe898d17c2423
+        SHA256: 8f0295454ac4eec12c5329539ee515da9c074bf6d009cc0b54ad4506d4097389
+    Sections:
+        .text:
+            Entropy: 6.292195128319989
+            Virtual Size: '0x3bf4'
+        .rdata:
+            Entropy: 4.232965822686604
+            Virtual Size: '0x218'
+        .data:
+            Entropy: 0.30140680731160896
+            Virtual Size: '0x1120'
+        .pdata:
+            Entropy: 3.302287252075778
+            Virtual Size: '0x78'
+        INIT:
+            Entropy: 5.003814178607812
+            Virtual Size: '0x38c'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2010-01-09 15:48:06'
+    InternalName: ''
+    Copyright: ''
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - KeWaitForSingleObject
+    - PsGetVersion
+    - IoCreateSymbolicLink
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - MmUnmapIoSpace
+    - IoCreateDevice
+    - IoDeleteSymbolicLink
+    - RtlAnsiStringToUnicodeString
+    - IofCallDriver
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - strchr
+    - KeBugCheckEx
+    - RtlInitAnsiString
+    - IoBuildDeviceIoControlRequest
+    - KeInitializeEvent
+    - __C_specific_handler
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=CA, ST=Quebec, L=Laval, O=LAVALYS, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, OU=Software Licensing Department,
+                CN=LAVALYS
+            ValidFrom: '2008-09-04 00:00:00'
+            ValidTo: '2010-10-17 23:59:59'
+            Signature: 6cd0fe216b27c908f3d444ef0428c76bbc25f74beb7f2027a497499ea5b5c61f99c4e455341bdab5f26b3cc920a9e8224eb79a95ebb81e3fef374f992255d7a997e43f5b497be9bbfe7d28c6791d0e2c93e72668d8c18e08f3329dde27f8a587a59202d9ff6db84fbb56ea4d37b702d80ef4fcdc49bc636351e3ab2043db01b4312c653e830819cf8c44ce3da714dc73933f242b035ef6ef8dc486b5a8aece6e4061138a7e2f6916d527b5a3a6cfeb6475cba7b0afa08a5b6e8590e02758428b217a288d29f641cd493f34f251739b8b529fe0d30182ad5f4fb461caf7f6447598bc5b6833fb8be5884ee329413c4550c8715929c6767bb0fa5c101de989f5ee
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 739a73c1864ae27d7d9cdcf7055888e4
+            Version: 3
+            TBS:
+                MD5: 4ccfe1bafb291fc51e5636295c8e38eb
+                SHA1: c93bdd8fd964b6c750fcad1455a37fdd77276446
+                SHA256: 63b214b64cb75b53fd0d4baacbcadee892160af685a79f6b5c6f984214521c8f
+                SHA384: 70411e706a18564522cdcc92bbdaf6187c2a318b8beb2e7025959e04475e8a5bbdea470a6d82109c0fbd7b56b22abf5f
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 739a73c1864ae27d7d9cdcf7055888e4
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: ''
+    MD5: b3d6378185356326fd8ee4329b0b7698
+    MachineType: AMD64
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: f7330a6a4d9df2f35ab93a28c8ee1eb14a74be6e
+    SHA256: f13f6a4bf7711216c9e911f18dfa2735222551fb1f8c1a645a8674c1983ccea6
+    Signature: ''
+    Imphash: 540992ba6f31301ba27604515a78ad79
+    Authentihash:
+        MD5: 94ce9ab807de36019621677807e36b34
+        SHA1: d9673daa57dd14ec8cddae4212c94d27f9eba4a0
+        SHA256: 40ebdd21c93146a92536688a230801791a86e2bec2719896a3d629ad930e9f17
+    RichPEHeaderHash:
+        MD5: d8efbf77a16c80060c37681f4fc696d7
+        SHA1: 74f746e5eebab46d9ee2e15c96542fa508bdd271
+        SHA256: c6e67d594fc9ff3077181314e987207660ae9627e0ec3ed7f8ad96e7719c130c
+    Sections:
+        .text:
+            Entropy: 6.285282129935207
+            Virtual Size: '0x1a5c'
+        .rdata:
+            Entropy: 4.586660874271472
+            Virtual Size: '0x184'
+        .data:
+            Entropy: 0.30140680731160896
+            Virtual Size: '0x520'
+        .pdata:
+            Entropy: 3.186933094614597
+            Virtual Size: '0x84'
+        INIT:
+            Entropy: 4.6682220093347
+            Virtual Size: '0x1a6'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2006-01-14 09:24:35'
+    InternalName: ''
+    Copyright: ''
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - RtlAssert
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    Signatures: {}
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: ''
+    MD5: 0c7f66cd219817eaab41f36d4bc0d4cd
+    MachineType: AMD64
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: 9d0b824892fbfb0b943911326f95cd0264c60f7d
+    SHA256: f64a78b1294e6837f12f171a663d8831f232b1012fd8bae3c2c6368fbf71219b
+    Signature: ''
+    Imphash: 540992ba6f31301ba27604515a78ad79
+    Authentihash:
+        MD5: 67d8349af99121fe4b2029c3772f0807
+        SHA1: add7ea044995f5f6b9cc9403fd30a8124a9ff158
+        SHA256: 23440de2db935be1c06b40ff2809215d00d95930abe3fda70ea57cf8a9fc0e98
+    RichPEHeaderHash:
+        MD5: d8efbf77a16c80060c37681f4fc696d7
+        SHA1: 74f746e5eebab46d9ee2e15c96542fa508bdd271
+        SHA256: c6e67d594fc9ff3077181314e987207660ae9627e0ec3ed7f8ad96e7719c130c
+    Sections:
+        .text:
+            Entropy: 6.300465536675167
+            Virtual Size: '0x1b1c'
+        .rdata:
+            Entropy: 4.547070692830879
+            Virtual Size: '0x184'
+        .data:
+            Entropy: 0.30140680731160896
+            Virtual Size: '0x520'
+        .pdata:
+            Entropy: 3.2694830715255043
+            Virtual Size: '0x84'
+        INIT:
+            Entropy: 4.674750178771107
+            Virtual Size: '0x1a6'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2006-08-09 16:44:56'
+    InternalName: ''
+    Copyright: ''
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - RtlAssert
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    Signatures: {}
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/3ab0d182-6365-47a7-89f4-34121e889503.yaml b/yaml/3ab0d182-6365-47a7-89f4-34121e889503.yaml
index 07f9156df..19aad93af 100644
--- a/yaml/3ab0d182-6365-47a7-89f4-34121e889503.yaml
+++ b/yaml/3ab0d182-6365-47a7-89f4-34121e889503.yaml
@@ -1,324 +1,324 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 3ab0d182-6365-47a7-89f4-34121e889503
+Tags:
+- HwOs2Ec10x64.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create HwOs2Ec10x64.sys binPath=C:\windows\temp\HwOs2Ec10x64.sys     type=kernel
-    && sc.exe start HwOs2Ec10x64.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/bb1135b51acca8348d285dc5461d10e8f57260e7d0c8cc4a092734d53fc40cbc.yara
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: 3ab0d182-6365-47a7-89f4-34121e889503
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 20be6af18d3b97968b2a8d5a9513caaa
-    SHA1: b6a4ef3babbd79479723b8586ea0e8c7a33d1661
-    SHA256: ab494aba56e9ea7b6055ac437f6b678e7239b0fda54bf28019480565a098a6e3
-  Company: Huawei
-  Copyright: Copyright (C) 2016
-  CreationTimestamp: '2018-03-23 00:56:31'
-  Date: ''
-  Description: HwOs2Ec
-  ExportedFunctions: ''
-  FileVersion: 1.0.0.1
-  Filename: HwOs2Ec10x64.sys
-  ImportedFunctions:
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - IoGetCurrentProcess
-  - InitSafeBootMode
-  - memcpy_s
-  - _wcsnicmp
-  - RtlInitUnicodeString
-  - RtlEqualUnicodeString
-  - RtlCopyUnicodeString
-  - RtlAppendUnicodeToString
-  - KeEnterCriticalRegion
-  - KeLeaveCriticalRegion
-  - ExAllocatePool
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - ExInitializeResourceLite
-  - ExAcquireResourceSharedLite
-  - ExAcquireResourceExclusiveLite
-  - ExReleaseResourceLite
-  - ExDeleteResourceLite
-  - MmProbeAndLockPages
-  - MmMapLockedPagesSpecifyCache
-  - MmUnmapLockedPages
-  - IoAllocateMdl
-  - IoFreeMdl
-  - ObReferenceObjectByHandle
-  - ObfDereferenceObject
-  - ObRegisterCallbacks
-  - ObUnRegisterCallbacks
-  - ZwClose
-  - PsSetCreateProcessNotifyRoutine
-  - ZwOpenProcess
-  - ZwQuerySystemInformation
-  - ZwQueryInformationProcess
-  - ZwAllocateVirtualMemory
-  - ZwFreeVirtualMemory
-  - KeInitializeApc
-  - ZwOpenThread
-  - IofCompleteRequest
-  - PsGetProcessPeb
-  - RtlImageDirectoryEntryToData
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - __C_specific_handler
-  - PsProcessType
-  - PsThreadType
-  - KeLowerIrql
-  - KfRaiseIrql
-  - MmBuildMdlForNonPagedPool
-  - MmMapIoSpace
-  - MmUnmapIoSpace
-  - MmMapIoSpaceEx
-  - MmAllocateContiguousMemory
-  - MmFreeContiguousMemory
-  - MmGetPhysicalAddress
-  - PsGetThreadId
-  - PsGetThreadProcessId
-  - MmGetSystemRoutineAddress
-  - RtlGetVersion
-  - ZwTerminateProcess
-  - KeInitializeEvent
-  - ExAcquireFastMutex
-  - ExReleaseFastMutex
-  - KeSetEvent
-  - KeWaitForMultipleObjects
-  - KeWaitForSingleObject
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - RtlCompareUnicodeStrings
-  - wcscpy_s
-  - RtlCompareUnicodeString
-  - RtlAppendUnicodeStringToString
-  - ZwCreateFile
-  - ZwOpenKey
-  - ZwQueryValueKey
-  - ObOpenObjectByPointer
-  - ObQueryNameString
-  - IoFileObjectType
-  - KeInsertQueueApc
-  - DbgPrint
-  - HalGetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: HwOs2Ec
-  MD5: 37086ae5244442ba552803984a11d6cb
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: HwOs2Ec.sys
-  Product: Huawei MateBook
-  ProductVersion: 1.0.0.1
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 1caef52202f244dd7b072a2cbf506293
-    SHA1: 7261547970d9fc1926cfeee5cab87ba0f4d7b1b6
-    SHA256: 07adf312a869ff25e9f5bd2e9a5668206089681078b161f1d0c2301205025274
-  SHA1: dc0e97adb756c0f30b41840a59b85218cbdd198f
-  SHA256: bb1135b51acca8348d285dc5461d10e8f57260e7d0c8cc4a092734d53fc40cbc
-  Sections:
-    .text:
-      Entropy: 6.209628301100335
-      Virtual Size: '0x2604'
-    .rdata:
-      Entropy: 4.403697200697397
-      Virtual Size: '0xb34'
-    .data:
-      Entropy: 0.30140680731160896
-      Virtual Size: '0x27c'
-    .pdata:
-      Entropy: 4.330099069591839
-      Virtual Size: '0x3d8'
-    .gfids:
-      Entropy: 0.8112781244591328
-      Virtual Size: '0x4'
-    PAGE:
-      Entropy: 6.294080780063295
-      Virtual Size: '0x2160'
-    INIT:
-      Entropy: 5.409627830089687
-      Virtual Size: '0xb68'
-    .rsrc:
-      Entropy: 3.2265908774923377
-      Virtual Size: '0x308'
-    .reloc:
-      Entropy: 2.7841837197791888
-      Virtual Size: '0x14'
-  Signature:
-  - Huawei Technologies Co., Ltd.
-  - Symantec Class 3 Extended Validation Code Signing CA - G2
-  - VeriSign
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
-      ValidFrom: '1995-01-01 08:00:01'
-      ValidTo: '1999-12-31 23:59:59'
-      Signature: 2dc9e2f6129e5d5667fafa4b9a7edc29565c80140228856e26f3cd58da5080c5f819b3a67ce29d6b5f3b8f2274e61804fc4740d87a3f3066f012a4d1eb1de7b6f498ab5322865158ee230976e41d455c4bff4ce302500113cc41a45297d486d5c4fe8383657deabea2683bc1b12998bfa2a5fc9dd384ee701750f30bfa3cefa9278b91b448c845a0e101424b4476041cc219a28e6b2098c4dd02acb4d2a20e8d5db9368e4a1b5d6c1ae2cb007f10f4b295efe3e8ffa17358a9752ca2499585feccda448ac21244d244c8a5a21fa95a8e56c2c37bcf4260dc821ffbce74067ed6f1ac196a4f745cc51566316cc16271910f595b7d2a821adfb1b4d81d37de0d0f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.4
-      IsCertificateAuthority: true
-      SerialNumber: '01'
-      Version: 3
-      TBS:
-        MD5: d67576f5521d1ccab52e9215e0f9f743
-        SHA1: 725a5684e8ab40f2155bbd7a4490a3fbb0fa747b
-        SHA256: 676c4e84e727f5004c10bb52017676f46bd54d69499017e9fd58271ec341d739
-        SHA384: 92c454a9d235f2087ac03a0889b51bfc96539132ebe14a02a07d9287473a21b0a65886496ef68878df21422318064284
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft
-        Root Authority
-      ValidFrom: '1997-01-10 07:00:00'
-      ValidTo: '2020-12-31 07:00:00'
-      Signature: 95e80bc08df3971835edb80124d87711f35c60329f9e0bcb3e0591888fc93ae621f2f057932cb5a047c862effcd7cc3b3b5aa9365469fe246d3fc9ccaade057cdd318d3d9f10706abbfe124f1869c0fcd043e3115a204fea627bafaa19c82b37252dbe65a1128a250f63a3f7541cf921c9d615f352ac6e433207fd8217f8e5676c0d51f6bdf152c7bde7c430fc203109881d95291a4dd51d02a5f180e003b45bf4b1ddc857ee6549c75254b6b4032812ff90d6f0088f7eb897c5ab372ce47ae4a877e376a000d06a3fc1d2368ae04112a8356a1b6adb35e1d41c04e4a84504c85a33386e4d1c0d62b70aa28cd3d5543f46cd1c55a670db123a8793759fa7d2a0
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.4
-      IsCertificateAuthority: true
-      SerialNumber: 00c1008b3c3c8811d13ef663ecdf40
-      Version: 3
-      TBS:
-        MD5: 8b3c3087b7056f5ec5ddba91a1b901f0
-        SHA1: 10792d184e6eb874504fd0d5ec06cabc0229da56
-        SHA256: b0f310311013abfe7a7b41182ad99bc9846bdf91c432d48aa1777208150185a4
-        SHA384: 7b8d4a70780f1827a39dce0f6d4a32e2ba18d837fc4e4664b98569c346c67cc5c90efbadd53794bc91c41024decab2ff
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 Extended Validation Code Signing CA , G2
-      ValidFrom: '2014-03-04 00:00:00'
-      ValidTo: '2024-03-03 23:59:59'
-      Signature: 3f5b19f3fa13d575382a5aee9f5aa04ca91dc5cc94eede15fef5106ea41ba56483541858c40b28a185c34e74e5ff897cfed5ed3cba719f5602268f162a88feb0a32722ce4be2388e00a63a865f9de53ea8de644941744121fd07c88417da1d653082cb264f39d60427a481b14b49c3238b7e02321827b7ab0bf31872b6a4ee67066f38a6588de0f17e5da460c6a8e5505fe0e8bae28f9958b6b5a0a876f1a2f11c8841727e52979b0a36998d50f701eb3ce7f0226ae5358c63368a1ab1d967665f971aefa8209df02fba6cced9948500f158f17dc97c22b5075d02c6e60bbfab9393ff27188e33367e5734f1c3af04c184f156b3e8878336f8d30a31dc6e2c6d
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 191a32cb759c97b8cfac118dd5127f49
-      Version: 3
-      TBS:
-        MD5: 788b61bd26da89253179e3de2cdb527f
-        SHA1: 7d06f16e7bf21bce4f71c2cb7a3e74351451bf69
-        SHA256: b3c925b4048c3f7c444d248a2b101186b57cba39596eb5dce0e17a4ee4b32f19
-        SHA384: 2955e28cb7ec0ea9730b499a0f189f9621eceb02591a9486b583f12bb845885a30d6a871826318a167cc5f06b274e58c
-    - Subject: ??=CN, ??=Guangdong, ??=Shenzhen, ??=Private Organization, serialNumber=914403001922038216,
-        C=CN, ST=guangdong, L=shenzhen, O=Huawei Technologies Co., Ltd., CN=Huawei
-        Technologies Co., Ltd.
-      ValidFrom: '2017-12-14 00:00:00'
-      ValidTo: '2019-12-14 23:59:59'
-      Signature: 26d8d72aafae208ca75f86e2d634f131cd47c9531f57dd9d0506dd5f6e51df6baea828f02aa0ae534538921a9bc01af8ed084a8a06a5aa16e5def159a2ea17d84a134aa94467d2016797a2f8e49eb90d1de2e4213b6abd8147b4916f95c7b6c7b9c351cc969c00220c188e6a63806623eabd8fe9780141953a49197cfc1fbf5e39ea1c8f3afc3d792a46786202a7a02b9add0f36ed5125015fab8aded58cc2796b3c2d946b09084fe1547718ba315c53bdeb1d1330306113c6aa141494e11cf0ed3193dace62aef90bb5d6cb65aed548c00983eed016729498079e9ac5931bd33607aa1ee3156967b51963557d977fad2c755e34eb26fc4a249f5d24490d8884
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 45d8f42e053d18c5e90f3febd6e17ad7
-      Version: 3
-      TBS:
-        MD5: 43be09b45818339b6233a11e2475e003
-        SHA1: 063e6aeb12a5bf2b6e02ebcda4cd474662a5be18
-        SHA256: a71bb69621ea11ab4ce55b9e83589fed52e4273e838fbab7992e024cef88601a
-        SHA384: 6c8c9e1ab7a6ac3c02c3400d777229f5ee8dbf561f22127c36da5c2b638ad1e90fbb9386271643946a81cb5b8811b9a7
-    - Subject: DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
-      ValidFrom: '2001-05-09 23:19:22'
-      ValidTo: '2021-05-09 23:28:13'
-      Signature: c5114d033a60dd5d5211778fb2bb36c8b205bfb4b7a8d8209d5c1303b61c22fa061335b6c863d49a476f2657d255f104b1265fd6a95068a0bcd2b86eccc3e9acdf19cd78ac5974ac663436c41b3e6c384c330e30120da326fe515300ffaf5a4e840d0f1fe46d052e4e854b8d6c336f54d264abbf50af7d7a39a037ed63030ffc1306ce1636d4543b951b51623ae54d17d40539929a27a85baabdecbbbee3208960716c56b3a513d06d0e237e9503ed683df2d863b86b4db6e830b5e1ca944bf7a2aa5d9930b23da7c2516c28200124272b4b00b79d116b70beb21082bc0c9b68d08d3b2487aa9928729d335f5990bdf5de939e3a625a3439e288551db906b0c1896b2dd769c319123684d0c9a0daff2f6978b2e57adaebd70cc0f7bd6317b8391338a2365b7bf285566a1d6462c138e2aabf5166a294f5129c6622106bf2b730922df229f03d3b144368a2f19c2937cbce3820256d7c67f37e24122403088147eca59e97f518d7cfbbd5ef7696effdcedb569d95a042f99758e1d73122d35f59e63e6e2200ea4384b625dbd9f3085668c0646b1d7cecb693a262576e2ed8e7588fc4314926ddde293587f53071705b143c69bd89127deb2ea3fed87f9e825a520a2bc1432bd930889fc810fb898de6a18575337e6c9edb7313646269a52f7dca966d9ff8044d30923d6e211421c93de0c3fd8a6b9d4afdd1a19d9943773fb0da
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 79ad16a14aa0a5ad4c7358f407132e65
-      Version: 3
-      TBS:
-        MD5: ca846b34f2abfeea2228098843a0e0c6
-        SHA1: 391be92883d52509155bfeae27b9bd340170b76b
-        SHA256: 855920f04434989fc8f601eecd2f79ff93fe51b541d63aa94bef1425cd7d521d
-        SHA384: cd8d5f1c2d282098fd92fd831a4ecbec74c4f97ba26ce2a0953cb2c367afb1469c7441554e4ecefe56ef44f281196043
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Code Verification Root
-      ValidFrom: '2005-11-01 13:46:46'
-      ValidTo: '2025-11-01 13:54:03'
-      Signature: 6142e8eb18c871dc4619696dea0ecd3867ac3ea707f64d163c9e57fbb8b8a7c78709e66357d03d469050f50599c9ca743afb01ad7a4d6aab84e0405357c89cd5043682b8b71ec68799c2d8c7209ec6f23e55f98f744451dd2bb6d014ddc6ded2c5ff85af17b9a075dac60de24576961acb3e53fbe9345b3203236cbfd87e9a3d850fc8153b9d00564fafddb1251ca0cc29661b47ce7b67ef64ef484792de9d145069b85f82a9f2ad932b53efab623237eabf040b46eb1984a6aa49a06dc1ab2d83416ab4d6437bd23b7a0cd26dd00d20dc5bc229a7f8822422160135d81ad64422dc476756a6682effc9669ffb7fb464c61e6776e0312e3ad9730d6799c8f5611e5dc1a7b88f311f38dfe3b3874c4db3c4f6605cacac0da02c02b9eff0a35d27bd967d0dd0d44006d1a4d6cb6eb3d536fe48c8f23826563a206aa4c30048e71829e7aba3ab7c07a47fa56b4aba023f86975db96e5924e07c8fedefc3cfaaaf15513fdff728785deb4d1f5d34089b343b2aa1c891097d53c1ff7d801fe06b28d4b9dd587421b89f2dbd153a4e454a5cc3ac7c07b2d02115b8cf69da14e42c24fb66e5019e1a66b4c4ad4d2bad6062e4e48fea370dcad836dc7fdb207a33c04ad61f2de085ce2ba192d754532061867c3703038cfc4347e4f8488bac1a42ea98825d6253816b534630b2e785abbc189c86965986b61aaffafd4831245c011cbb1c
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 729404101f3e0ca347837fca175a8438
-      Version: 3
-      TBS:
-        MD5: ee8df66ce2c464c64bb9a9eb9cbd7e90
-        SHA1: f4e3b23c5b3673fb06339c35314279fdee1e003f
-        SHA256: 6d260763a05a13ab7823c6d584f19e5dab26e8e6b56d305ecc7376cd23f411fb
-        SHA384: 7cb39e0131ea77825f441568bd91846811955cd0f45d547020173347f4fd3d7dfe5bc4952fa4f9675902c4a869328196
-    Signer:
-    - SerialNumber: 45d8f42e053d18c5e90f3febd6e17ad7
-      Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 Extended Validation Code Signing CA , G2
-      Version: 1
-  Imphash: 071356ee9d8c7f91cbe8fa3c448286a2
-  LoadsDespiteHVCI: 'TRUE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create HwOs2Ec10x64.sys binPath=C:\windows\temp\HwOs2Ec10x64.sys     type=kernel
+        && sc.exe start HwOs2Ec10x64.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://github.com/eclypsium/Screwed-Drivers/blob/master/DRIVERS.md
-Tags:
-- HwOs2Ec10x64.sys
-Verified: 'TRUE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/bb1135b51acca8348d285dc5461d10e8f57260e7d0c8cc4a092734d53fc40cbc.yara
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 20be6af18d3b97968b2a8d5a9513caaa
+        SHA1: b6a4ef3babbd79479723b8586ea0e8c7a33d1661
+        SHA256: ab494aba56e9ea7b6055ac437f6b678e7239b0fda54bf28019480565a098a6e3
+    Company: Huawei
+    Copyright: Copyright (C) 2016
+    CreationTimestamp: '2018-03-23 00:56:31'
+    Date: ''
+    Description: HwOs2Ec
+    ExportedFunctions: ''
+    FileVersion: 1.0.0.1
+    Filename: HwOs2Ec10x64.sys
+    ImportedFunctions:
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - IoGetCurrentProcess
+    - InitSafeBootMode
+    - memcpy_s
+    - _wcsnicmp
+    - RtlInitUnicodeString
+    - RtlEqualUnicodeString
+    - RtlCopyUnicodeString
+    - RtlAppendUnicodeToString
+    - KeEnterCriticalRegion
+    - KeLeaveCriticalRegion
+    - ExAllocatePool
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - ExInitializeResourceLite
+    - ExAcquireResourceSharedLite
+    - ExAcquireResourceExclusiveLite
+    - ExReleaseResourceLite
+    - ExDeleteResourceLite
+    - MmProbeAndLockPages
+    - MmMapLockedPagesSpecifyCache
+    - MmUnmapLockedPages
+    - IoAllocateMdl
+    - IoFreeMdl
+    - ObReferenceObjectByHandle
+    - ObfDereferenceObject
+    - ObRegisterCallbacks
+    - ObUnRegisterCallbacks
+    - ZwClose
+    - PsSetCreateProcessNotifyRoutine
+    - ZwOpenProcess
+    - ZwQuerySystemInformation
+    - ZwQueryInformationProcess
+    - ZwAllocateVirtualMemory
+    - ZwFreeVirtualMemory
+    - KeInitializeApc
+    - ZwOpenThread
+    - IofCompleteRequest
+    - PsGetProcessPeb
+    - RtlImageDirectoryEntryToData
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - __C_specific_handler
+    - PsProcessType
+    - PsThreadType
+    - KeLowerIrql
+    - KfRaiseIrql
+    - MmBuildMdlForNonPagedPool
+    - MmMapIoSpace
+    - MmUnmapIoSpace
+    - MmMapIoSpaceEx
+    - MmAllocateContiguousMemory
+    - MmFreeContiguousMemory
+    - MmGetPhysicalAddress
+    - PsGetThreadId
+    - PsGetThreadProcessId
+    - MmGetSystemRoutineAddress
+    - RtlGetVersion
+    - ZwTerminateProcess
+    - KeInitializeEvent
+    - ExAcquireFastMutex
+    - ExReleaseFastMutex
+    - KeSetEvent
+    - KeWaitForMultipleObjects
+    - KeWaitForSingleObject
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - RtlCompareUnicodeStrings
+    - wcscpy_s
+    - RtlCompareUnicodeString
+    - RtlAppendUnicodeStringToString
+    - ZwCreateFile
+    - ZwOpenKey
+    - ZwQueryValueKey
+    - ObOpenObjectByPointer
+    - ObQueryNameString
+    - IoFileObjectType
+    - KeInsertQueueApc
+    - DbgPrint
+    - HalGetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: HwOs2Ec
+    MD5: 37086ae5244442ba552803984a11d6cb
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: HwOs2Ec.sys
+    Product: Huawei MateBook
+    ProductVersion: 1.0.0.1
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 1caef52202f244dd7b072a2cbf506293
+        SHA1: 7261547970d9fc1926cfeee5cab87ba0f4d7b1b6
+        SHA256: 07adf312a869ff25e9f5bd2e9a5668206089681078b161f1d0c2301205025274
+    SHA1: dc0e97adb756c0f30b41840a59b85218cbdd198f
+    SHA256: bb1135b51acca8348d285dc5461d10e8f57260e7d0c8cc4a092734d53fc40cbc
+    Sections:
+        .text:
+            Entropy: 6.209628301100335
+            Virtual Size: '0x2604'
+        .rdata:
+            Entropy: 4.403697200697397
+            Virtual Size: '0xb34'
+        .data:
+            Entropy: 0.30140680731160896
+            Virtual Size: '0x27c'
+        .pdata:
+            Entropy: 4.330099069591839
+            Virtual Size: '0x3d8'
+        .gfids:
+            Entropy: 0.8112781244591328
+            Virtual Size: '0x4'
+        PAGE:
+            Entropy: 6.294080780063295
+            Virtual Size: '0x2160'
+        INIT:
+            Entropy: 5.409627830089687
+            Virtual Size: '0xb68'
+        .rsrc:
+            Entropy: 3.2265908774923377
+            Virtual Size: '0x308'
+        .reloc:
+            Entropy: 2.7841837197791888
+            Virtual Size: '0x14'
+    Signature:
+    - Huawei Technologies Co., Ltd.
+    - Symantec Class 3 Extended Validation Code Signing CA - G2
+    - VeriSign
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
+            ValidFrom: '1995-01-01 08:00:01'
+            ValidTo: '1999-12-31 23:59:59'
+            Signature: 2dc9e2f6129e5d5667fafa4b9a7edc29565c80140228856e26f3cd58da5080c5f819b3a67ce29d6b5f3b8f2274e61804fc4740d87a3f3066f012a4d1eb1de7b6f498ab5322865158ee230976e41d455c4bff4ce302500113cc41a45297d486d5c4fe8383657deabea2683bc1b12998bfa2a5fc9dd384ee701750f30bfa3cefa9278b91b448c845a0e101424b4476041cc219a28e6b2098c4dd02acb4d2a20e8d5db9368e4a1b5d6c1ae2cb007f10f4b295efe3e8ffa17358a9752ca2499585feccda448ac21244d244c8a5a21fa95a8e56c2c37bcf4260dc821ffbce74067ed6f1ac196a4f745cc51566316cc16271910f595b7d2a821adfb1b4d81d37de0d0f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.4
+            IsCertificateAuthority: true
+            SerialNumber: '01'
+            Version: 3
+            TBS:
+                MD5: d67576f5521d1ccab52e9215e0f9f743
+                SHA1: 725a5684e8ab40f2155bbd7a4490a3fbb0fa747b
+                SHA256: 676c4e84e727f5004c10bb52017676f46bd54d69499017e9fd58271ec341d739
+                SHA384: 92c454a9d235f2087ac03a0889b51bfc96539132ebe14a02a07d9287473a21b0a65886496ef68878df21422318064284
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation,
+                CN=Microsoft Root Authority
+            ValidFrom: '1997-01-10 07:00:00'
+            ValidTo: '2020-12-31 07:00:00'
+            Signature: 95e80bc08df3971835edb80124d87711f35c60329f9e0bcb3e0591888fc93ae621f2f057932cb5a047c862effcd7cc3b3b5aa9365469fe246d3fc9ccaade057cdd318d3d9f10706abbfe124f1869c0fcd043e3115a204fea627bafaa19c82b37252dbe65a1128a250f63a3f7541cf921c9d615f352ac6e433207fd8217f8e5676c0d51f6bdf152c7bde7c430fc203109881d95291a4dd51d02a5f180e003b45bf4b1ddc857ee6549c75254b6b4032812ff90d6f0088f7eb897c5ab372ce47ae4a877e376a000d06a3fc1d2368ae04112a8356a1b6adb35e1d41c04e4a84504c85a33386e4d1c0d62b70aa28cd3d5543f46cd1c55a670db123a8793759fa7d2a0
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.4
+            IsCertificateAuthority: true
+            SerialNumber: 00c1008b3c3c8811d13ef663ecdf40
+            Version: 3
+            TBS:
+                MD5: 8b3c3087b7056f5ec5ddba91a1b901f0
+                SHA1: 10792d184e6eb874504fd0d5ec06cabc0229da56
+                SHA256: b0f310311013abfe7a7b41182ad99bc9846bdf91c432d48aa1777208150185a4
+                SHA384: 7b8d4a70780f1827a39dce0f6d4a32e2ba18d837fc4e4664b98569c346c67cc5c90efbadd53794bc91c41024decab2ff
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 Extended Validation Code Signing CA , G2
+            ValidFrom: '2014-03-04 00:00:00'
+            ValidTo: '2024-03-03 23:59:59'
+            Signature: 3f5b19f3fa13d575382a5aee9f5aa04ca91dc5cc94eede15fef5106ea41ba56483541858c40b28a185c34e74e5ff897cfed5ed3cba719f5602268f162a88feb0a32722ce4be2388e00a63a865f9de53ea8de644941744121fd07c88417da1d653082cb264f39d60427a481b14b49c3238b7e02321827b7ab0bf31872b6a4ee67066f38a6588de0f17e5da460c6a8e5505fe0e8bae28f9958b6b5a0a876f1a2f11c8841727e52979b0a36998d50f701eb3ce7f0226ae5358c63368a1ab1d967665f971aefa8209df02fba6cced9948500f158f17dc97c22b5075d02c6e60bbfab9393ff27188e33367e5734f1c3af04c184f156b3e8878336f8d30a31dc6e2c6d
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 191a32cb759c97b8cfac118dd5127f49
+            Version: 3
+            TBS:
+                MD5: 788b61bd26da89253179e3de2cdb527f
+                SHA1: 7d06f16e7bf21bce4f71c2cb7a3e74351451bf69
+                SHA256: b3c925b4048c3f7c444d248a2b101186b57cba39596eb5dce0e17a4ee4b32f19
+                SHA384: 2955e28cb7ec0ea9730b499a0f189f9621eceb02591a9486b583f12bb845885a30d6a871826318a167cc5f06b274e58c
+        -   Subject: ??=CN, ??=Guangdong, ??=Shenzhen, ??=Private Organization, serialNumber=914403001922038216,
+                C=CN, ST=guangdong, L=shenzhen, O=Huawei Technologies Co., Ltd., CN=Huawei
+                Technologies Co., Ltd.
+            ValidFrom: '2017-12-14 00:00:00'
+            ValidTo: '2019-12-14 23:59:59'
+            Signature: 26d8d72aafae208ca75f86e2d634f131cd47c9531f57dd9d0506dd5f6e51df6baea828f02aa0ae534538921a9bc01af8ed084a8a06a5aa16e5def159a2ea17d84a134aa94467d2016797a2f8e49eb90d1de2e4213b6abd8147b4916f95c7b6c7b9c351cc969c00220c188e6a63806623eabd8fe9780141953a49197cfc1fbf5e39ea1c8f3afc3d792a46786202a7a02b9add0f36ed5125015fab8aded58cc2796b3c2d946b09084fe1547718ba315c53bdeb1d1330306113c6aa141494e11cf0ed3193dace62aef90bb5d6cb65aed548c00983eed016729498079e9ac5931bd33607aa1ee3156967b51963557d977fad2c755e34eb26fc4a249f5d24490d8884
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 45d8f42e053d18c5e90f3febd6e17ad7
+            Version: 3
+            TBS:
+                MD5: 43be09b45818339b6233a11e2475e003
+                SHA1: 063e6aeb12a5bf2b6e02ebcda4cd474662a5be18
+                SHA256: a71bb69621ea11ab4ce55b9e83589fed52e4273e838fbab7992e024cef88601a
+                SHA384: 6c8c9e1ab7a6ac3c02c3400d777229f5ee8dbf561f22127c36da5c2b638ad1e90fbb9386271643946a81cb5b8811b9a7
+        -   Subject: DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
+            ValidFrom: '2001-05-09 23:19:22'
+            ValidTo: '2021-05-09 23:28:13'
+            Signature: c5114d033a60dd5d5211778fb2bb36c8b205bfb4b7a8d8209d5c1303b61c22fa061335b6c863d49a476f2657d255f104b1265fd6a95068a0bcd2b86eccc3e9acdf19cd78ac5974ac663436c41b3e6c384c330e30120da326fe515300ffaf5a4e840d0f1fe46d052e4e854b8d6c336f54d264abbf50af7d7a39a037ed63030ffc1306ce1636d4543b951b51623ae54d17d40539929a27a85baabdecbbbee3208960716c56b3a513d06d0e237e9503ed683df2d863b86b4db6e830b5e1ca944bf7a2aa5d9930b23da7c2516c28200124272b4b00b79d116b70beb21082bc0c9b68d08d3b2487aa9928729d335f5990bdf5de939e3a625a3439e288551db906b0c1896b2dd769c319123684d0c9a0daff2f6978b2e57adaebd70cc0f7bd6317b8391338a2365b7bf285566a1d6462c138e2aabf5166a294f5129c6622106bf2b730922df229f03d3b144368a2f19c2937cbce3820256d7c67f37e24122403088147eca59e97f518d7cfbbd5ef7696effdcedb569d95a042f99758e1d73122d35f59e63e6e2200ea4384b625dbd9f3085668c0646b1d7cecb693a262576e2ed8e7588fc4314926ddde293587f53071705b143c69bd89127deb2ea3fed87f9e825a520a2bc1432bd930889fc810fb898de6a18575337e6c9edb7313646269a52f7dca966d9ff8044d30923d6e211421c93de0c3fd8a6b9d4afdd1a19d9943773fb0da
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 79ad16a14aa0a5ad4c7358f407132e65
+            Version: 3
+            TBS:
+                MD5: ca846b34f2abfeea2228098843a0e0c6
+                SHA1: 391be92883d52509155bfeae27b9bd340170b76b
+                SHA256: 855920f04434989fc8f601eecd2f79ff93fe51b541d63aa94bef1425cd7d521d
+                SHA384: cd8d5f1c2d282098fd92fd831a4ecbec74c4f97ba26ce2a0953cb2c367afb1469c7441554e4ecefe56ef44f281196043
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Code Verification Root
+            ValidFrom: '2005-11-01 13:46:46'
+            ValidTo: '2025-11-01 13:54:03'
+            Signature: 6142e8eb18c871dc4619696dea0ecd3867ac3ea707f64d163c9e57fbb8b8a7c78709e66357d03d469050f50599c9ca743afb01ad7a4d6aab84e0405357c89cd5043682b8b71ec68799c2d8c7209ec6f23e55f98f744451dd2bb6d014ddc6ded2c5ff85af17b9a075dac60de24576961acb3e53fbe9345b3203236cbfd87e9a3d850fc8153b9d00564fafddb1251ca0cc29661b47ce7b67ef64ef484792de9d145069b85f82a9f2ad932b53efab623237eabf040b46eb1984a6aa49a06dc1ab2d83416ab4d6437bd23b7a0cd26dd00d20dc5bc229a7f8822422160135d81ad64422dc476756a6682effc9669ffb7fb464c61e6776e0312e3ad9730d6799c8f5611e5dc1a7b88f311f38dfe3b3874c4db3c4f6605cacac0da02c02b9eff0a35d27bd967d0dd0d44006d1a4d6cb6eb3d536fe48c8f23826563a206aa4c30048e71829e7aba3ab7c07a47fa56b4aba023f86975db96e5924e07c8fedefc3cfaaaf15513fdff728785deb4d1f5d34089b343b2aa1c891097d53c1ff7d801fe06b28d4b9dd587421b89f2dbd153a4e454a5cc3ac7c07b2d02115b8cf69da14e42c24fb66e5019e1a66b4c4ad4d2bad6062e4e48fea370dcad836dc7fdb207a33c04ad61f2de085ce2ba192d754532061867c3703038cfc4347e4f8488bac1a42ea98825d6253816b534630b2e785abbc189c86965986b61aaffafd4831245c011cbb1c
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 729404101f3e0ca347837fca175a8438
+            Version: 3
+            TBS:
+                MD5: ee8df66ce2c464c64bb9a9eb9cbd7e90
+                SHA1: f4e3b23c5b3673fb06339c35314279fdee1e003f
+                SHA256: 6d260763a05a13ab7823c6d584f19e5dab26e8e6b56d305ecc7376cd23f411fb
+                SHA384: 7cb39e0131ea77825f441568bd91846811955cd0f45d547020173347f4fd3d7dfe5bc4952fa4f9675902c4a869328196
+        Signer:
+        -   SerialNumber: 45d8f42e053d18c5e90f3febd6e17ad7
+            Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 Extended Validation Code Signing CA , G2
+            Version: 1
+    Imphash: 071356ee9d8c7f91cbe8fa3c448286a2
+    LoadsDespiteHVCI: 'TRUE'
diff --git a/yaml/3ac0eda2-a844-4a9d-9cfa-c25a9e05d678.yaml b/yaml/3ac0eda2-a844-4a9d-9cfa-c25a9e05d678.yaml
index 79554dff4..685d58f68 100644
--- a/yaml/3ac0eda2-a844-4a9d-9cfa-c25a9e05d678.yaml
+++ b/yaml/3ac0eda2-a844-4a9d-9cfa-c25a9e05d678.yaml
@@ -1,208 +1,209 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 3ac0eda2-a844-4a9d-9cfa-c25a9e05d678
+Tags:
+- Bs_Def.sys
+Verified: 'FALSE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create Bs_Def.sys binPath=C:\windows\temp\Bs_Def.sys type=kernel
-    && sc.exe start Bs_Def.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/5f5e5f1c93d961985624768b7c676d488c7c7c1d4c043f6fc1ea1904fefb75be.yara
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: 3ac0eda2-a844-4a9d-9cfa-c25a9e05d678
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: f27b347b5124473a3a9a46986889e408
-    SHA1: 69ca963ec00bdd2a92a9777e91d0174bbe97e29c
-    SHA256: 410f02303292798ab2a8b3e7d253938b466e83071b15e7d3aaa25f4995b27187
-  Company: AsusTek Computer Inc.
-  Copyright: Copyright (C) AsusTek Computer. 1992-2004
-  CreationTimestamp: '2008-01-13 19:30:32'
-  Date: ''
-  Description: Default BIOS Flash Driver
-  ExportedFunctions: ''
-  FileVersion: '1.24 built by: WinDDK'
-  Filename: Bs_Def.sys
-  ImportedFunctions:
-  - MmBuildMdlForNonPagedPool
-  - IoAllocateMdl
-  - MmGetPhysicalAddress
-  - MmAllocateContiguousMemory
-  - IoFreeMdl
-  - MmUnmapLockedPages
-  - KeDelayExecutionThread
-  - DbgPrint
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - RtlZeroMemory
-  - IoDeleteDevice
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - MmMapLockedPages
-  - IofCompleteRequest
-  - IoDeleteSymbolicLink
-  - ZwClose
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - ZwUnmapViewOfSection
-  - strncpy
-  - KeLeaveCriticalRegion
-  - KeEnterCriticalRegion
-  - IoIs32bitProcess
-  - strstr
-  - strncmp
-  - RtlInitUnicodeString
-  - MmFreeContiguousMemory
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: Bs_Def64.sys
-  MD5: a9f220b1507a3c9a327a99995ff99c82
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: Bs_Def64.sys
-  Product: Support SST39SF020,SST29EE020,AT49F002T,AT29C020,AM29F002NT,AM29F002NB,V29C51002T,V29C51002B,M29F002T,W29C020.
-  ProductVersion: '1.24'
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: b9778f4f7aef605da31955e8c8dce73b
-    SHA1: c238d428e1d44bf02fff788a0116e22fe52eced5
-    SHA256: e2a2300457038c8e2fb727789dc596bc4613ad168457b2335dba604e2432fa5c
-  SHA1: 2c5ff272bd345962ed41ab8869aef41da0dfe697
-  SHA256: 5f5e5f1c93d961985624768b7c676d488c7c7c1d4c043f6fc1ea1904fefb75be
-  Sections:
-    .text:
-      Entropy: 6.292910223541919
-      Virtual Size: '0x1ef2'
-    .rdata:
-      Entropy: 4.119337235735607
-      Virtual Size: '0x2b0'
-    .data:
-      Entropy: 0.020393135236084953
-      Virtual Size: '0x4540'
-    .pdata:
-      Entropy: 3.8139163392612154
-      Virtual Size: '0x120'
-    INIT:
-      Entropy: 4.72379419775939
-      Virtual Size: '0x3ca'
-    .rsrc:
-      Entropy: 3.495555403797425
-      Virtual Size: '0x458'
-  Signature:
-  - ASUSTeK Computer Inc.
-  - VeriSign Class 3 Code Signing 2004 CA
-  - VeriSign Class 3 Public Primary CA
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=TW, ST=Taiwan, L=Taipei / Peitou, O=ASUSTeK Computer Inc., OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=Quality Testing Department,
-        CN=ASUSTeK Computer Inc.
-      ValidFrom: '2007-07-03 00:00:00'
-      ValidTo: '2008-07-26 23:59:59'
-      Signature: 2eca2db768d60f241f8c155b9db4bc91a02d16a3f1ec09059aa3b91a4ee0e44317d1f286d12133f44f4b282141287a8b9a3781b46184f732a599edb622e6057156d99221a130091c9f171f1a5f75125a68270d5c21ac379541136b8bf164a0ee6c9b9f5557754ea940f1c836e6d823528d764aaa41b038d84523e395c0ada5e17fea7912a0d10aa807fc0b89d4d116b92dbfc7028f1a23d5d679ac9a1023952a2cf98940ad5cc16bd9381403751ebd52c892205205d51d72b2a83ddb92547fce93e2b6617a42c7249312344ee0b9184859e8b1dd39bd5e61ab5999cbc8aa8807c8538c1926e49a9bbc29dcdf266a603c85f8df773c9659bcf08ffe2ba0f1cfa5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 23eab3ac30c7016a299c8d31d99f3ae8
-      Version: 3
-      TBS:
-        MD5: 54f73eaca10fe12ff2e14194e2f019b8
-        SHA1: 471cb77202e7d4941a5bff8ba813f5ed221dc32e
-        SHA256: 9dba2d4765226ca91fb7104e0cbd01308c4e8ed9727ea661eeaa473d7825ee35
-        SHA384: 272d877ad02e5487a0864e4d876a9e06fea5ead9cd149e7a48c4f111cfa8dc2f05f1042f2822b42360896da334e6390d
-    Signer:
-    - SerialNumber: 23eab3ac30c7016a299c8d31d99f3ae8
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  Imphash: e5fd4339e7b94543b16624a27ba1c872
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create Bs_Def.sys binPath=C:\windows\temp\Bs_Def.sys type=kernel
+        && sc.exe start Bs_Def.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules
-Tags:
-- Bs_Def.sys
-Verified: 'FALSE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/5f5e5f1c93d961985624768b7c676d488c7c7c1d4c043f6fc1ea1904fefb75be.yara
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: f27b347b5124473a3a9a46986889e408
+        SHA1: 69ca963ec00bdd2a92a9777e91d0174bbe97e29c
+        SHA256: 410f02303292798ab2a8b3e7d253938b466e83071b15e7d3aaa25f4995b27187
+    Company: AsusTek Computer Inc.
+    Copyright: Copyright (C) AsusTek Computer. 1992-2004
+    CreationTimestamp: '2008-01-13 19:30:32'
+    Date: ''
+    Description: Default BIOS Flash Driver
+    ExportedFunctions: ''
+    FileVersion: '1.24 built by: WinDDK'
+    Filename: Bs_Def.sys
+    ImportedFunctions:
+    - MmBuildMdlForNonPagedPool
+    - IoAllocateMdl
+    - MmGetPhysicalAddress
+    - MmAllocateContiguousMemory
+    - IoFreeMdl
+    - MmUnmapLockedPages
+    - KeDelayExecutionThread
+    - DbgPrint
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - RtlZeroMemory
+    - IoDeleteDevice
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - MmMapLockedPages
+    - IofCompleteRequest
+    - IoDeleteSymbolicLink
+    - ZwClose
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - ZwUnmapViewOfSection
+    - strncpy
+    - KeLeaveCriticalRegion
+    - KeEnterCriticalRegion
+    - IoIs32bitProcess
+    - strstr
+    - strncmp
+    - RtlInitUnicodeString
+    - MmFreeContiguousMemory
+    - HalTranslateBusAddress
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: Bs_Def64.sys
+    MD5: a9f220b1507a3c9a327a99995ff99c82
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: Bs_Def64.sys
+    Product: Support SST39SF020,SST29EE020,AT49F002T,AT29C020,AM29F002NT,AM29F002NB,V29C51002T,V29C51002B,M29F002T,W29C020.
+    ProductVersion: '1.24'
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: b9778f4f7aef605da31955e8c8dce73b
+        SHA1: c238d428e1d44bf02fff788a0116e22fe52eced5
+        SHA256: e2a2300457038c8e2fb727789dc596bc4613ad168457b2335dba604e2432fa5c
+    SHA1: 2c5ff272bd345962ed41ab8869aef41da0dfe697
+    SHA256: 5f5e5f1c93d961985624768b7c676d488c7c7c1d4c043f6fc1ea1904fefb75be
+    Sections:
+        .text:
+            Entropy: 6.292910223541919
+            Virtual Size: '0x1ef2'
+        .rdata:
+            Entropy: 4.119337235735607
+            Virtual Size: '0x2b0'
+        .data:
+            Entropy: 0.020393135236084953
+            Virtual Size: '0x4540'
+        .pdata:
+            Entropy: 3.8139163392612154
+            Virtual Size: '0x120'
+        INIT:
+            Entropy: 4.72379419775939
+            Virtual Size: '0x3ca'
+        .rsrc:
+            Entropy: 3.495555403797425
+            Virtual Size: '0x458'
+    Signature:
+    - ASUSTeK Computer Inc.
+    - VeriSign Class 3 Code Signing 2004 CA
+    - VeriSign Class 3 Public Primary CA
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=TW, ST=Taiwan, L=Taipei / Peitou, O=ASUSTeK Computer Inc.,
+                OU=Digital ID Class 3 , Microsoft Software Validation v2, OU=Quality
+                Testing Department, CN=ASUSTeK Computer Inc.
+            ValidFrom: '2007-07-03 00:00:00'
+            ValidTo: '2008-07-26 23:59:59'
+            Signature: 2eca2db768d60f241f8c155b9db4bc91a02d16a3f1ec09059aa3b91a4ee0e44317d1f286d12133f44f4b282141287a8b9a3781b46184f732a599edb622e6057156d99221a130091c9f171f1a5f75125a68270d5c21ac379541136b8bf164a0ee6c9b9f5557754ea940f1c836e6d823528d764aaa41b038d84523e395c0ada5e17fea7912a0d10aa807fc0b89d4d116b92dbfc7028f1a23d5d679ac9a1023952a2cf98940ad5cc16bd9381403751ebd52c892205205d51d72b2a83ddb92547fce93e2b6617a42c7249312344ee0b9184859e8b1dd39bd5e61ab5999cbc8aa8807c8538c1926e49a9bbc29dcdf266a603c85f8df773c9659bcf08ffe2ba0f1cfa5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 23eab3ac30c7016a299c8d31d99f3ae8
+            Version: 3
+            TBS:
+                MD5: 54f73eaca10fe12ff2e14194e2f019b8
+                SHA1: 471cb77202e7d4941a5bff8ba813f5ed221dc32e
+                SHA256: 9dba2d4765226ca91fb7104e0cbd01308c4e8ed9727ea661eeaa473d7825ee35
+                SHA384: 272d877ad02e5487a0864e4d876a9e06fea5ead9cd149e7a48c4f111cfa8dc2f05f1042f2822b42360896da334e6390d
+        Signer:
+        -   SerialNumber: 23eab3ac30c7016a299c8d31d99f3ae8
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    Imphash: e5fd4339e7b94543b16624a27ba1c872
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/3bc629e8-7bf8-40c2-965b-87eb155e0065.yaml b/yaml/3bc629e8-7bf8-40c2-965b-87eb155e0065.yaml
index 4b6035eeb..8f8202669 100644
--- a/yaml/3bc629e8-7bf8-40c2-965b-87eb155e0065.yaml
+++ b/yaml/3bc629e8-7bf8-40c2-965b-87eb155e0065.yaml
@@ -1,216 +1,218 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 3bc629e8-7bf8-40c2-965b-87eb155e0065
+Tags:
+- mtcBSv64.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create mtcBSv64.sys binPath=C:\windows\temp\mtcBSv64.sys type=kernel
-    && sc.exe start mtcBSv64.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/c9cf1d627078f63a36bbde364cd0d5f2be1714124d186c06db5bcdf549a109f8.yara
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: 3bc629e8-7bf8-40c2-965b-87eb155e0065
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: c467ed521f199f0d5c1c3705dabf2896
-    SHA1: 8533994513c4f65feb48806b36f42ec9fe21a4c3
-    SHA256: da8945bd5c693c0593c9d0e3bda49bb1c6007cb25643c95708c6b10bef7c136a
-  Company: MiTAC Technology Corporation
-  Copyright: Copyright (C) 2007 MiTAC Technology Corporation
-  CreationTimestamp: '2009-08-06 03:55:21'
-  Date: ''
-  Description: MiTAC System Service Provider
-  ExportedFunctions: ''
-  FileVersion: 21, 1, 4, 0
-  Filename: mtcBSv64.sys
-  ImportedFunctions:
-  - ExAllocatePoolWithTag
-  - KeClearEvent
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - KeInitializeMutex
-  - IoRegisterDeviceInterface
-  - IoSetDeviceInterfaceState
-  - IoBuildSynchronousFsdRequest
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeSetEvent
-  - KeInitializeEvent
-  - KeReleaseSpinLock
-  - IoDetachDevice
-  - KeReleaseMutex
-  - RtlFreeUnicodeString
-  - ExInterlockedInsertTailList
-  - PoStartNextPowerIrp
-  - IofCompleteRequest
-  - KeWaitForSingleObject
-  - IoGetAttachedDeviceReference
-  - IoAttachDeviceToDeviceStack
-  - PoCallDriver
-  - IoCreateSymbolicLink
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - IofCallDriver
-  - KeAcquireSpinLockRaiseToDpc
-  - IoBuildDeviceIoControlRequest
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - ExAllocatePool
-  - RtlTimeToTimeFields
-  - KeBugCheckEx
-  - RtlUnicodeToMultiByteN
-  Imports:
-  - ntoskrnl.exe
-  InternalName: mtcBSv64.sys
-  MD5: 9dfd73dadb2f1c7e9c9d2542981aaa63
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mtcBSv64.sys
-  Product: MiTAC System Service Provider
-  ProductVersion: 21, 1, 4, 0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: daaf4821d19b88fb6db2599ec300fd8e
-    SHA1: 14d38637b13e8d4054ede49d56edd62db160f8ed
-    SHA256: ffbf2f5e23cd5dd9b5d5b4738a27f212d992e86a752ae88744e37cb46b9b5c8b
-  SHA1: 29a190727140f40cea9514a6420f5a195e36386b
-  SHA256: c9cf1d627078f63a36bbde364cd0d5f2be1714124d186c06db5bcdf549a109f8
-  Sections:
-    .text:
-      Entropy: 6.507248243028505
-      Virtual Size: '0x3423'
-    .rdata:
-      Entropy: 5.097449640471522
-      Virtual Size: '0xb7c'
-    .data:
-      Entropy: 2.1507312168138233
-      Virtual Size: '0x430'
-    .pdata:
-      Entropy: 3.9956432850134944
-      Virtual Size: '0x234'
-    PAGE:
-      Entropy: 6.076398540339076
-      Virtual Size: '0x10f6'
-    INIT:
-      Entropy: 5.39989405154638
-      Virtual Size: '0x5e6'
-    .rsrc:
-      Entropy: 3.3428301145592196
-      Virtual Size: '0x3d0'
-    .reloc:
-      Entropy: 3.4647779319666974
-      Virtual Size: '0x116'
-  Signature:
-  - Mitac Technology Corporation
-  - VeriSign Class 3 Code Signing 2004 CA
-  - VeriSign Class 3 Public Primary CA
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=TW, ST=Taiwan, L=Taipei, O=Mitac Technology Corporation, OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, CN=Mitac Technology Corporation
-      ValidFrom: '2008-10-08 00:00:00'
-      ValidTo: '2009-10-23 23:59:59'
-      Signature: 9c744d221ef49ac5485f8833994046192117e43bba976d71dfb3c8c75596b460638f786855f09fa612ee759ca9dde70bf7bcc5d5fbd6b106b17a8220371d0ebfac391f197f97d4c1d3220612c1ecc219fcad6d1e91e58fc1233253b14dd792a0c382cdea0e1d863e27bed56d5a3b39530db0973a425e0c4febb349965a6312d12bf12d6c67bbc6a3020c9a0de56eb295df368e3ee6f27ccb48d98216a6648432b9731981838fdb72417a163f7883556926398afdd4b16226da80cd8ae58d16ba1d06449f59db81545741b3a8657dbfc1645b3aa4e15dd758b7556c57bd82580a22c1a63c48003d948da81cdda831c8ffe2da7779bf7c22bd596ada4a446b7191
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 6088078ee11491f60ccddef11374431a
-      Version: 3
-      TBS:
-        MD5: b2b41fe37981c6cd7f41eb207443bf3b
-        SHA1: 2c72e3c0f306a754b1c2f235eb2e1e9b8a5a4a19
-        SHA256: 2b6a21c61ca95ed2727b13f085a67f552a66f45b13d9db2943ed96a062dd3089
-        SHA384: ef4cebd45206c18ea14e7ff1bffe3cfe4b26714128f4d064036a793aa65728fccf6b82b4d6e123152f4dd22688a80bf4
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 6088078ee11491f60ccddef11374431a
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  Imphash: 71e84092e69114f0792419cb8b2b0fd1
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create mtcBSv64.sys binPath=C:\windows\temp\mtcBSv64.sys type=kernel
+        && sc.exe start mtcBSv64.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://github.com/eclypsium/Screwed-Drivers/blob/master/DRIVERS.md
-Tags:
-- mtcBSv64.sys
-Verified: 'TRUE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/c9cf1d627078f63a36bbde364cd0d5f2be1714124d186c06db5bcdf549a109f8.yara
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: c467ed521f199f0d5c1c3705dabf2896
+        SHA1: 8533994513c4f65feb48806b36f42ec9fe21a4c3
+        SHA256: da8945bd5c693c0593c9d0e3bda49bb1c6007cb25643c95708c6b10bef7c136a
+    Company: MiTAC Technology Corporation
+    Copyright: Copyright (C) 2007 MiTAC Technology Corporation
+    CreationTimestamp: '2009-08-06 03:55:21'
+    Date: ''
+    Description: MiTAC System Service Provider
+    ExportedFunctions: ''
+    FileVersion: 21, 1, 4, 0
+    Filename: mtcBSv64.sys
+    ImportedFunctions:
+    - ExAllocatePoolWithTag
+    - KeClearEvent
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - KeInitializeMutex
+    - IoRegisterDeviceInterface
+    - IoSetDeviceInterfaceState
+    - IoBuildSynchronousFsdRequest
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeSetEvent
+    - KeInitializeEvent
+    - KeReleaseSpinLock
+    - IoDetachDevice
+    - KeReleaseMutex
+    - RtlFreeUnicodeString
+    - ExInterlockedInsertTailList
+    - PoStartNextPowerIrp
+    - IofCompleteRequest
+    - KeWaitForSingleObject
+    - IoGetAttachedDeviceReference
+    - IoAttachDeviceToDeviceStack
+    - PoCallDriver
+    - IoCreateSymbolicLink
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - IofCallDriver
+    - KeAcquireSpinLockRaiseToDpc
+    - IoBuildDeviceIoControlRequest
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - ExAllocatePool
+    - RtlTimeToTimeFields
+    - KeBugCheckEx
+    - RtlUnicodeToMultiByteN
+    Imports:
+    - ntoskrnl.exe
+    InternalName: mtcBSv64.sys
+    MD5: 9dfd73dadb2f1c7e9c9d2542981aaa63
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mtcBSv64.sys
+    Product: MiTAC System Service Provider
+    ProductVersion: 21, 1, 4, 0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: daaf4821d19b88fb6db2599ec300fd8e
+        SHA1: 14d38637b13e8d4054ede49d56edd62db160f8ed
+        SHA256: ffbf2f5e23cd5dd9b5d5b4738a27f212d992e86a752ae88744e37cb46b9b5c8b
+    SHA1: 29a190727140f40cea9514a6420f5a195e36386b
+    SHA256: c9cf1d627078f63a36bbde364cd0d5f2be1714124d186c06db5bcdf549a109f8
+    Sections:
+        .text:
+            Entropy: 6.507248243028505
+            Virtual Size: '0x3423'
+        .rdata:
+            Entropy: 5.097449640471522
+            Virtual Size: '0xb7c'
+        .data:
+            Entropy: 2.1507312168138233
+            Virtual Size: '0x430'
+        .pdata:
+            Entropy: 3.9956432850134944
+            Virtual Size: '0x234'
+        PAGE:
+            Entropy: 6.076398540339076
+            Virtual Size: '0x10f6'
+        INIT:
+            Entropy: 5.39989405154638
+            Virtual Size: '0x5e6'
+        .rsrc:
+            Entropy: 3.3428301145592196
+            Virtual Size: '0x3d0'
+        .reloc:
+            Entropy: 3.4647779319666974
+            Virtual Size: '0x116'
+    Signature:
+    - Mitac Technology Corporation
+    - VeriSign Class 3 Code Signing 2004 CA
+    - VeriSign Class 3 Public Primary CA
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=TW, ST=Taiwan, L=Taipei, O=Mitac Technology Corporation, OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, CN=Mitac Technology
+                Corporation
+            ValidFrom: '2008-10-08 00:00:00'
+            ValidTo: '2009-10-23 23:59:59'
+            Signature: 9c744d221ef49ac5485f8833994046192117e43bba976d71dfb3c8c75596b460638f786855f09fa612ee759ca9dde70bf7bcc5d5fbd6b106b17a8220371d0ebfac391f197f97d4c1d3220612c1ecc219fcad6d1e91e58fc1233253b14dd792a0c382cdea0e1d863e27bed56d5a3b39530db0973a425e0c4febb349965a6312d12bf12d6c67bbc6a3020c9a0de56eb295df368e3ee6f27ccb48d98216a6648432b9731981838fdb72417a163f7883556926398afdd4b16226da80cd8ae58d16ba1d06449f59db81545741b3a8657dbfc1645b3aa4e15dd758b7556c57bd82580a22c1a63c48003d948da81cdda831c8ffe2da7779bf7c22bd596ada4a446b7191
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 6088078ee11491f60ccddef11374431a
+            Version: 3
+            TBS:
+                MD5: b2b41fe37981c6cd7f41eb207443bf3b
+                SHA1: 2c72e3c0f306a754b1c2f235eb2e1e9b8a5a4a19
+                SHA256: 2b6a21c61ca95ed2727b13f085a67f552a66f45b13d9db2943ed96a062dd3089
+                SHA384: ef4cebd45206c18ea14e7ff1bffe3cfe4b26714128f4d064036a793aa65728fccf6b82b4d6e123152f4dd22688a80bf4
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 6088078ee11491f60ccddef11374431a
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    Imphash: 71e84092e69114f0792419cb8b2b0fd1
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/3bec7340-bd8b-43ae-8569-d81a66f01dda.yaml b/yaml/3bec7340-bd8b-43ae-8569-d81a66f01dda.yaml
index 6bf7497a4..5a9abc546 100644
--- a/yaml/3bec7340-bd8b-43ae-8569-d81a66f01dda.yaml
+++ b/yaml/3bec7340-bd8b-43ae-8569-d81a66f01dda.yaml
@@ -1,523 +1,523 @@
 Id: 3bec7340-bd8b-43ae-8569-d81a66f01dda
+Tags:
+- ene.sys
+Verified: 'TRUE'
 Author: Nasreddine Bencherchali
 Created: '2023-05-06'
 MitreID: T1068
 Category: vulnerable driver
-Verified: 'TRUE'
 Commands:
-  Command: sc.exe create ene.sys binPath=C:\windows\temp\ene.sys type=kernel && sc.exe
-    start ene.sys
-  Description: ''
-  Usecase: Elevate privileges
-  Privileges: kernel
-  OperatingSystem: Windows 10
+    Command: sc.exe create ene.sys binPath=C:\windows\temp\ene.sys type=kernel &&
+        sc.exe start ene.sys
+    Description: ''
+    Usecase: Elevate privileges
+    Privileges: kernel
+    OperatingSystem: Windows 10
 Resources:
 - Internal Research
-Acknowledgement:
-  Person: ''
-  Handle: ''
 Detection: []
+Acknowledgement:
+    Person: ''
+    Handle: ''
 KnownVulnerableSamples:
-- Filename: ene.sys
-  MD5: fd80c3d38669b302de4b4b736941c0d1
-  SHA1: c47b890dda9882f9f37eccc27d58d6a774a2901f
-  SHA256: 16768203a471a19ebb541c942f45716e9f432985abbfbe6b4b7d61a798cea354
-  Authentihash:
-    MD5: f2d4af4dcb47113b44651d663ee322f8
-    SHA1: 097653d7068265aae9f00e37c904857d944a774c
-    SHA256: 995284d05f947e2db58ece30b6d61653a2b94b2c337e5c75ca8315793e0b3955
-  Description: ''
-  Company: ''
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  Product: ''
-  ProductVersion: ''
-  Copyright: ''
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - ZwUnmapViewOfSection
-  - ZwClose
-  - IofCompleteRequest
-  - ObReferenceObjectByHandle
-  - ZwMapViewOfSection
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - RtlAssert
-  - ZwOpenSection
-  - DbgPrint
-  - KeBugCheckEx
-  - IoCreateSymbolicLink
-  - IoDeleteSymbolicLink
-  - HalTranslateBusAddress
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Hardware Compatibility Publisher
-      ValidFrom: '2018-09-06 21:30:32'
-      ValidTo: '2019-09-06 21:30:32'
-      Signature: a5a2a99a97df110e18898e98fd07aaa52616e13f9c681d0f99cbafcb2914dd7a56a8324ab1fa926b26b9c5c87fd653c193cac3773f7750425d2090034461012f476d77005a079f2883e4cfa8b1dbab735f086c9692b3f6f53efb5db881bd94cdbda4c4c9597026a8fbf1eed41bf628879156fcacae96e751d4fe117f0f6dc985ef3bd72a7bd299bd507633600c9df2f92306fe4833a8d784019dbe8baaaa06fddae1d5066677c9bcce6506e6ebe455cc9f46b1e6e9d77f2a82159b2aac861eeb400de3dcef2bdfa85e0dc51628945f14b3f44340ba9f2a3af7ef1bf24f372b3a0d0fef4baafb86cf3ba43f29030b891d4b46b4ccb29b00506dc0ee0e44959f8369fc9e0fd4bc5fa12159a4cd6db8f9af57353c132654278784509635cf5e020c43757525a4d3dcbbd532986b46b2efaa2b6b3a00aa8d44cd0546efddb6ab2e30ccf75aba4bc8d9249262e408516b89cdd58c55b9af18baeb0201f7732724b4d3ca0c74ebc4afa19bb5583f948e9619232ece825e09465fdab93f6fe6ed0590d08435879ac1ba3cf41a8c4a8f5fea6a50e84a21a5ca38414e85de3867f4bce967cb45b62335b7416a0fdc08c1e3c049e85ef944f438e5f1296a659ff8e01a170001751f92b395bd7c9b4f33106a708a005c16c2b5439bac392253e1bcfbcb545d5f6243466205655a2e496098b9045d605b632b8f98d29f51e27e62fe63a4e8f2
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 33000000253a2738690a3451c1000000000025
-      Version: 3
-      TBS:
-        MD5: 60cb2d8488f8724a67bf3254e6a57ff1
-        SHA1: 37aef77a1afaa33ac5787fc43a2c1e2509a19eb1
-        SHA256: 495a6ff7ace92f915eb1753c4c0b32612056e6d320bb17ff90346db3aa357432
-        SHA384: 2a90dcf67abc92f070775de78ecf066e7730ea57b4c4d6c64cfdd66c3eb0f639ac188b24571a9f600ef017737a71decf
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2014
-      ValidFrom: '2014-10-15 20:31:27'
-      ValidTo: '2029-10-15 20:41:27'
-      Signature: 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 330000000d690d5d7893d076df00000000000d
-      Version: 3
-      TBS:
-        MD5: 83f69422963f11c3c340b81712eef319
-        SHA1: 0c5e5f24590b53bc291e28583acb78e5adc95601
-        SHA256: d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
-        SHA384: 260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63
-    Signer:
-    - SerialNumber: 33000000253a2738690a3451c1000000000025
-      Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2014
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 2b745d90a102a42256774e350aac3080
-    SHA1: 45768de16e9654a5b21dcc916b5115ef81950791
-    SHA256: 59089a80084d2dd2efbc48ed53ce8eb6198155fe8552e36c1355c732691963a3
-  Sections:
-    .text:
-      Entropy: 6.156488628902
-      Virtual Size: '0x103c'
-    .rdata:
-      Entropy: 3.841189386185142
-      Virtual Size: '0x13c'
-    .data:
-      Entropy: 0.5159719988134768
-      Virtual Size: '0x110'
-    .pdata:
-      Entropy: 3.230483530413515
-      Virtual Size: '0x54'
-    INIT:
-      Entropy: 5.023217119758618
-      Virtual Size: '0x2a6'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2019-05-15 09:36:46'
-  Imphash: 85f86c7c8ce81a78e84efa545d7edc65
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: ene.sys
-  MD5: 7e6e2ed880c7ab115fca68136051f9ce
-  SHA1: 3cd037fbba8aae82c1b111c9f8755349c98bcb3c
-  SHA256: 175eed7a4c6de9c3156c7ae16ae85c554959ec350f1c8aaa6dfe8c7e99de3347
-  Authentihash:
-    MD5: 6055cbe0b4c535baa8c15473fc97e61a
-    SHA1: ce280412dd778cafbe6dbb05b8cab42e98d3ae56
-    SHA256: 795e5774aefd74200d552bf7ede17491c254fa7a73e2a00eb0e1462f18211ff5
-  Description: ''
-  Company: ''
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  Product: ''
-  ProductVersion: ''
-  Copyright: ''
-  MachineType: AMD64
-  Imports:
-  - cng.sys
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - BCryptCloseAlgorithmProvider
-  - BCryptGetProperty
-  - BCryptDecrypt
-  - BCryptImportKey
-  - BCryptDestroyKey
-  - BCryptSetProperty
-  - BCryptOpenAlgorithmProvider
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - wcsstr
-  - ObfDereferenceObject
-  - ZwClose
-  - ZwOpenSection
-  - ZwMapViewOfSection
-  - ZwUnmapViewOfSection
-  - PsSetLoadImageNotifyRoutine
-  - PsRemoveLoadImageNotifyRoutine
-  - PsGetCurrentProcessId
-  - RtlTimeToSecondsSince1970
-  - __C_specific_handler
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - RtlInitUnicodeString
-  - KeBugCheckEx
-  - ObReferenceObjectByHandle
-  - HalTranslateBusAddress
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Hardware Compatibility Publisher
-      ValidFrom: '2020-03-11 17:31:14'
-      ValidTo: '2021-03-05 17:31:14'
-      Signature: 7dfc7c353c4c04d9d06066e1ca8584637192eb15d1d6e7c5521b0d819d615fb56524985d30535b0573fb8e0d13173d51b27bd23b9a2052738891d67ed360766452b62c4566eb20c90f018229a8e951bf58df5a7d731c1e51217f471d470979f04e900920bfc8715122b331d82f68f73ebf3de36e09d18fbfed2f3c29190a41baafbca0025bf4e36310a04cb8e61c32fda677820aa693a7f5e69d3c3abdb495b12bb8b6d10f65d44fae945d9b0fcf695d4711fc9e1c0ddb1f569c13093e16c389f748d8fe60e8685f02357464564761db4cece391baa742f3ad3bcfa26e01975966ca41939c832bf1147bec870162ce042fd0cf10d048181ec573d317f2c5de21512f13b24de9bac9bb83fc2ceb4f6f766536fe38c03ede1f8b0a3b8828e8d914d73d0a17699ab20264a27a36e0f77c5144cf470bf44d2296290e345bd25c0bc6a08dd963ec39ce0e500599751c652dc20e9906c1ce76c1d86c09058ae8defb3d7b93b68a34ca83a981a30c2403723f7e5c664b1e951050002ad32e976db221c2d8c660047dc6acfe0da16d44c6372a5cd04b016a35193f841b903ba87e2d6e416a2c59469af9f16e249bb891f21ec22f2db0a84a48d7a9e43d2f7e3bdd016d600f57daf21829885ec035287ab332c32738f5e26c6d2502b2f044afb1e048c85c7c9baf76747de14ecdeca3c7481796a741672a047f89dafe2c12c01982a026c4
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 330000003a6ae333708fda7a7b00000000003a
-      Version: 3
-      TBS:
-        MD5: 6f5d716e7151f1c173396adb7213359e
-        SHA1: 100610baae90027e9844a8e9c4d489fe122ecd9c
-        SHA256: 677d532777cee24be88442efec75e9640e80ef57d8e1246396459a1a04be733f
-        SHA384: 35d397c22426b9c4c486fa5dd36c089209ab77026e981bd353ffbf060f54fd98f2afe9b45dd64c20614a5d5627b8dd0c
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2014
-      ValidFrom: '2014-10-15 20:31:27'
-      ValidTo: '2029-10-15 20:41:27'
-      Signature: 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 330000000d690d5d7893d076df00000000000d
-      Version: 3
-      TBS:
-        MD5: 83f69422963f11c3c340b81712eef319
-        SHA1: 0c5e5f24590b53bc291e28583acb78e5adc95601
-        SHA256: d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
-        SHA384: 260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63
-    Signer:
-    - SerialNumber: 330000003a6ae333708fda7a7b00000000003a
-      Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2014
-      Version: 1
-  RichPEHeaderHash:
-    MD5: d0ffa2aaf0d3bc149c94629fd26d9a1a
-    SHA1: 9d3eb6a840044e7e6f4dd9602d13be9e727d0104
-    SHA256: 893f6ad3e6f34030f6416c00feb4f816d84461e62e441908bab4a6fdb39b0761
-  Sections:
-    .text:
-      Entropy: 6.190870515576075
-      Virtual Size: '0x14b2'
-    .rdata:
-      Entropy: 5.431524952006945
-      Virtual Size: '0x7c4'
-    .data:
-      Entropy: 2.591917186688699
-      Virtual Size: '0x20'
-    .pdata:
-      Entropy: 3.775198059023202
-      Virtual Size: '0x180'
-    INIT:
-      Entropy: 5.1721688922538265
-      Virtual Size: '0x484'
-    .reloc:
-      Entropy: 2.684183719779189
-      Virtual Size: '0x14'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2020-05-08 00:07:19'
-  Imphash: baa420e9d4e3baf0d65d4fc2bf497708
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: ene.sys
-  MD5: 8942e9fa2459b1e179a6535ca16a2fb4
-  SHA1: 3a3342f4ca8cc45c6b86f64b1a7d7659020b429f
-  SHA256: 810513b3f4c8d29afb46f71816350088caacf46f1be361af55b26f3fee4662c3
-  Authentihash:
-    MD5: 198111fd73515aa7fe4387612f027f0f
-    SHA1: 651b953cb03928e41424ad59f21d4978d6f4952e
-    SHA256: ebbaa44277a3ec6e20ad3f6aef5399fdc398306eb4c13aa96e45c9a281820a12
-  Description: ''
-  Company: ''
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  Product: ''
-  ProductVersion: ''
-  Copyright: ''
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - ZwUnmapViewOfSection
-  - ZwClose
-  - IofCompleteRequest
-  - ObReferenceObjectByHandle
-  - ZwMapViewOfSection
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - RtlAssert
-  - ZwOpenSection
-  - DbgPrint
-  - KeBugCheckEx
-  - IoCreateSymbolicLink
-  - IoDeleteSymbolicLink
-  - HalTranslateBusAddress
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO
-        SHA,1 Time Stamping Signer
-      ValidFrom: '2015-12-31 00:00:00'
-      ValidTo: '2019-07-09 18:40:36'
-      Signature: ba332440408c7cdb589fb36098b2f5c031feeb1f6e50f60ae0e4e681ad2687a2dffdb3daf473f300fb291b891b153edb6b52932bc4ac3981d73c67579a3936e028089ae3394f9b89097f7bc5617f598932250a6aae1a3ef0a227a8b6c3b887f7160448413d5cd8ec9f4d203104d965a1edcd690753163ddd36020a88eb40e506300bb8164bdcefbc5509ffc63e122e76b3dcce42eff97657e1b70a054098589a5d711693718c6581ea6ff389f7fb73adb4e7bfd98e6faa0b4f25f3b8e1d5dd75986881f8aac0d180c2c4c43989c1f6c99e6cd774f9d997f84fc29a0acd5e8ff819e9e0a59fc4f09221e62d7925c922f9c3f03a8457ad3a16f46394101d5dd0c6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1688f039255e638e69143907e6330b
-      Version: 3
-      TBS:
-        MD5: 0179e8ddeebaf8998fec419d65cdf13d
-        SHA1: 34c724c3369f2da8c25b591808962f66f10bde28
-        SHA256: 35b0bac11602847aaab65fb35199d3c8976cde3ccf7e061b130177c712cbd92f
-        SHA384: 85f2e758b5480eb225ae42777ed339de71da458c1d40677c0fb6ef8e560e42764a577335e4839b5342061c31ee837b6e
-    - Subject: C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust
-        External CA Root
-      ValidFrom: '2013-08-15 20:26:30'
-      ValidTo: '2023-08-15 20:36:30'
-      Signature: 362ba2f2e1331fe493f7f26985c6640ec99b632fe4703798fd94ec7bcff8a14246f9ed6a4e8d34693605557a1ebbad8c99429606e925a82684bec1bf16a97caa5b04b7fdd1c0f402be28edf577c79bfe3af6e8c17bd382abfa144ecf2bcfe5d5b54840b1a38f838bad2b2553aba634cef243f74f2ce9dd1e4e5ab6bae83b10992400bc50fd78f6e523a8899493f7b74130374a57b7e644d9c9df9905aa44fc74af8264cc07cb01b609c32ee3e832a7b49f4178c7a184365462f2ec150ac8ead084f8f1e06bf456125f95e0fcddb77693fe294a25e90400f1b4110ec9849edb177df51ea58e3629193a6d6c464bd7ab7024288d05a3d9d524f2f8a0d13c8239d4a8820e693a8109fc06f0c75933843693064191232c22a5a7012b50b428aedb46b0591b86b39b87e8494e390b6d14df4c03301e1f5f74aef55b590353ec9816e0d06235751b48b87d13e57a48b87752a40798253b069b7a4e6a6f44864f144f2779273d5073414c9c413edd290c73b1c7fb1f760c176504ebd25010924149ece4067d3615446f89bf697df94d40c13a98b6a07e31d2b5aecafb53d53f5086cd5e933b6d5d7c9a3f3ff7a9255884dd114900a2c7c89e37dd778e6d718be05b81345d54baccf59347886de7ef5be228e4801b40e40f2ad17f2315655aac9994433f465526d6c4fa8895e2919aa32d0b85deac8ce0f967709f71790231f761a229c4
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 3300000035d8d5595b0671412b000000000035
-      Version: 3
-      TBS:
-        MD5: 3d488d41aaeb5661974952080abef2fd
-        SHA1: df01e35e6befc7d65625319f17397b861e618d56
-        SHA256: 3d6ef38b5d26773dc77392e415e88b3a744b30ea9f2081e2a992b5818db2f0c4
-        SHA384: ac7c06916fe4a00307834b2499f12799d3fe463c2e63d1881df669a2786745beeee2b3a7d87cd6bc9e4fe293c22e5a59
-    - Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO
-        RSA Certification Authority
-      ValidFrom: '2000-05-30 10:48:38'
-      ValidTo: '2020-05-30 10:48:38'
-      Signature: 64bf83f15f9a85d0cdb8a129570de85af7d1e93ef276046ef15270bb1e3cff4d0d746acc818225d3c3a02a5d4cf5ba8ba16dc4540975c7e3270e5d847937401377f5b4ac1cd03bab1712d6ef34187e2be979d3ab57450caf28fad0dbe5509588bbdf8557697d92d852ca7381bf1cf3e6b86e661105b31e942d7f91959259f14ccea391714c7c470c3b0b19f6a1b16c863e5caac42e82cbf90796ba484d90f294c8a973a2eb067b239ddea2f34d559f7a6145981868c75e406b23f5797aef8cb56b8bb76f46f47bf13d4b04d89380595ae041241db28f15605847dbef6e46fd15f5d95f9ab3dbd8b8e440b3cd9739ae85bb1d8ebcdc879bd1a6eff13b6f10386f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.12
-      IsCertificateAuthority: true
-      SerialNumber: 2766ee56eb49f38eabd770a2fc84de22
-      Version: 3
-      TBS:
-        MD5: be5bfbe77379139ac5cdcbcc8d4d3b34
-        SHA1: 606b701bc9f448ddbfe6fa63ccb8061b838ee254
-        SHA256: 0d73a614eef7596cf5a34733f74daf2ccfe4df7b4a40069bf43c43e428264177
-        SHA384: 7ce102d63c57cb48f80a65d1a5e9b350a7a618482aa5a36775323ca933ddfcb00def83796a6340dec5ebf7596cfd8e5d
-    - Subject: C=TW, postalCode=11071, ST=Taiwan, L=Taipei, ??=12F., No.1,8, Sec.
-        5, Zhongxiao E. Rd., Xinyi Dist., Taipei City 11071, Taiwan (R.O.C.), O=Ptolemy
-        Tech Co., Ltd, CN=Ptolemy Tech Co., Ltd
-      ValidFrom: '2018-02-21 00:00:00'
-      ValidTo: '2019-02-21 23:59:59'
-      Signature: 0dbb7a0ba1c1f2522a473c9994cf7cb087a3e1b69a733e84665124c5473bc87e43d639859088db27ede83500cbf39c36a80b24476562cd1ec3363458efbcf5a770b63f75ae5c249b313cb70603564bc0eaa9825b9c3deaa0460462d7e861d487c474f8af3a42163090b6e189ca8b0d1dbf3d87f80bd1ca031140b3e37baadef936611ab23e5a7419c8dc34dc28b0a8f69c0df0c876a53fcbc7f4e6ba3f0e89cd05faed21432cc43d452344b515dc4f8f90bc5c064d3d0271850147eb782b3ac159f496cdacdc5f1c2c0a02503d042cedf7a7e999520ac193276935bdc224ec0df1bc7b9123cbc96ba51ab57aa4ba52764b04b905c74c3e66d0508fe8031819b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 00e7640d3b521f8b0b6fd8ce64c827613b
-      Version: 3
-      TBS:
-        MD5: 4926d545fbfffd080f86c130a9858617
-        SHA1: de9cafee670382ee4ad8a306c36c2b908e1542fb
-        SHA256: 0e53e01805c33df56bd7fade57169dab0081f39eb124d57d9d655940392cf8d1
-        SHA384: c635ef697283d82f426987a5392467db5767b3915821e0bfe704acc398d0908f3b665cbb335bd2453fe14eb9d12abc2a
-    - Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO
-        RSA Code Signing CA
-      ValidFrom: '2013-05-09 00:00:00'
-      ValidTo: '2028-05-08 23:59:59'
-      Signature: 023f0239c3eef8ca3b89de0c6d4db1f14e924fafc2382c04ccc56311ab0963afaba2d7023fcc6f19c33dd61a0894ff25d8a988a72b101ae09bb107221a511c3ad4e1e909bfe62474af1e7b16316e23ef54512d5202e27508054cf1b751e15100c687f66cee104476576af1df586b21aa49d47c374ebdffb67554401836576711cd4f02e4fef3dafc7517dbecb7f7650923491f435783ea7e207761c84df2bb654da8f7854507af7a6927659029408bdf7b3a51398ca81f7079ad6d4220a2cf0c6c038c4ccd730794e75a8e3a04baa2a17c1fcb633a15a7d4151ba7524732a9f4bf6447d1aa1f534e323073c26fb778829d5cff46bb6b221d880bf81baa34a6fc8cf5dd7f658c8c315731d036ec47a1cfcb8ba8ef1c1858c50677ca4b9b51af4c084a7a8fe2a352e28e8ecc26e4b2d8e538c2a8edc6819c356ba958614a0a97b44b42b6559dbe99e7706d59f86d2a0c7f19605f0c9a886c30ac520990161bff2b9ddbd020ca89ea287e328e19df7b48331ed765f8aec9f8831493767d64d08ecebe357dff72314d9f9ebd1e6c2fa88f0c0650fb8c27b376c9f4e6d7c334e28c87218661febf5574e12177030a686cbbe4c9a9e6cf5925eb7cec450e796668e822cdb8ef98854d96113c098ad07fbc282813fb6aca548d925ccdc26598069ece485bd4b5379346417c07ddcffa43efba6761ff7d49e0bb307d5c80e3e616394ba7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.12
-      IsCertificateAuthority: true
-      SerialNumber: 2e7c87cc0e934a52fe94fd1cb7cd34af
-      Version: 3
-      TBS:
-        MD5: f64df7e88bb2b95c7204bc07bb197a87
-        SHA1: a1bfa9f0f46a1e9ac66259c9b2b1b2dcaf16db9b
-        SHA256: a3dd3858c0e514dd37cacd5f23fc8222443ff636eef4a9fe90bc0ecbbb051fd1
-        SHA384: 4805a7e23d6c8ff5e149f197b744bcb2346e73f19a48835a2f64129183981109256b75ea371a331746d01fd4e135ab6e
-    Signer:
-    - SerialNumber: 00e7640d3b521f8b0b6fd8ce64c827613b
-      Issuer: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO
-        RSA Code Signing CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 2b745d90a102a42256774e350aac3080
-    SHA1: 45768de16e9654a5b21dcc916b5115ef81950791
-    SHA256: 59089a80084d2dd2efbc48ed53ce8eb6198155fe8552e36c1355c732691963a3
-  Sections:
-    .text:
-      Entropy: 6.155249930767524
-      Virtual Size: '0x103c'
-    .rdata:
-      Entropy: 3.9170994221049087
-      Virtual Size: '0x144'
-    .data:
-      Entropy: 0.5159719988134768
-      Virtual Size: '0x110'
-    .pdata:
-      Entropy: 3.1235136228187446
-      Virtual Size: '0x54'
-    INIT:
-      Entropy: 5.023217119758618
-      Virtual Size: '0x2a6'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2018-03-19 21:59:12'
-  Imphash: 85f86c7c8ce81a78e84efa545d7edc65
-  LoadsDespiteHVCI: 'TRUE'
-- Filename: ene.sys
-  MD5: 1f3522c5db7b9dcdd7729148f105018e
-  SHA1: 17b3163aecd1f512f1603548ef6eb4947fbec95e
-  SHA256: 910aa4685c735d8c07662aa04fafec463185699ad1a0cd1967b892fc33ec6c3c
-  Authentihash:
-    MD5: 1da05109a3734c583233491ec8242e11
-    SHA1: b93b24e5edb56cf7872d73a0a081ae1127ae43d2
-    SHA256: 91b0fdd5bfc596b2f7c9db33e822d24f378c706daf6f92682c5fe1043e547f8d
-  Description: ''
-  Company: ''
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  Product: ''
-  ProductVersion: ''
-  Copyright: ''
-  MachineType: AMD64
-  Imports:
-  - cng.sys
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - BCryptCloseAlgorithmProvider
-  - BCryptGetProperty
-  - BCryptDecrypt
-  - BCryptImportKey
-  - BCryptDestroyKey
-  - BCryptSetProperty
-  - BCryptOpenAlgorithmProvider
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ObReferenceObjectByHandle
-  - ObfDereferenceObject
-  - ZwClose
-  - ZwOpenSection
-  - ZwMapViewOfSection
-  - ZwUnmapViewOfSection
-  - PsSetLoadImageNotifyRoutine
-  - PsRemoveLoadImageNotifyRoutine
-  - PsGetCurrentProcessId
-  - RtlTimeToSecondsSince1970
-  - __C_specific_handler
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - MmGetSystemRoutineAddress
-  - wcsstr
-  - ZwSetSecurityObject
-  - IoDeviceObjectType
-  - IoCreateDevice
-  - ObOpenObjectByPointer
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - RtlGetSaclSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - _snwprintf
-  - RtlLengthSecurityDescriptor
-  - SeExports
-  - RtlCreateSecurityDescriptor
-  - _wcsnicmp
-  - wcschr
-  - RtlAbsoluteToSelfRelativeSD
-  - RtlAddAccessAllowedAce
-  - RtlLengthSid
-  - IoIsWdmVersionAvailable
-  - RtlSetDaclSecurityDescriptor
-  - ZwOpenKey
-  - ZwSetValueKey
-  - ZwQueryValueKey
-  - ZwCreateKey
-  - RtlFreeUnicodeString
-  - KeBugCheckEx
-  - RtlInitUnicodeString
-  - HalTranslateBusAddress
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Hardware Compatibility Publisher
-      ValidFrom: '2019-06-05 18:34:00'
-      ValidTo: '2020-06-03 18:34:00'
-      Signature: 312314217055afc1a5751181c7d2d7619b23ba17166e6ae6f358b16921c925c6e3b75c31b93035f357c154fe4d347019e927db1957193b741e3371b46f4d6212b3bec972d6ff2297e8b1f2391f840045471ee31c524d4f5bf1cae4a32b73f6e48f51f777bb5b8a726db2a387c7c8df42289540f4f3d27b37d4ab4854efba809021879f3257d5670d70003a51d62bbc68e345a769f37ccb3ad336b7b3c494f5d56ef8300228d29835e5129b070742a220f83b6c9d5e2589cf2e7a1f7b59cfc81cda3232fc2fa448d736db546dc4b274cad3da83433deaa3eb9919b23ad08dc4055a8026711adcfccdb47d7a7c1adb2671ecc7198a786973807699a0ee236a46771f88913b769693b0b8ce9b002a40c2aa426edfd9a98368f89817b0d174458a390e11628e21f77e751431fae13831228e0e357610a24d89806d85390e9b3831792f62688bf04f91ee9a854b252452de7e752f39e57765a09a4ff41ae96144593a8a99688c6c9ad6b9fcaba1189ef2372b99e96db3fe6402b0e125b17f36c6f70fc1eb83257ce639b6c691a9ec031dddb9fa6536bb8e6080c9db976533f4ddfb73309b6498543cc94d3283d43668d614dd60a4fe707eb3b871da3204c534c8cc73cbc66aeb36cefd765439eef68d7ee9c515eb617f051a72097d0a25003df2dceccc9a0c4be1fd27e473955cc83ee9dba626748b1cb723c3b1c8b8ebc59321a0f5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 33000000319479a318f5522d06000000000031
-      Version: 3
-      TBS:
-        MD5: 5b81fd0f706522a8d7c9f2957283c0b4
-        SHA1: 84d894599653a8ed0e0b2802db3197dc177908cc
-        SHA256: 4fa629304df4287c97ae5b7e481974316e9daf776b0cdeffab1671e7dca68fb4
-        SHA384: 0b89dc122fc7ebf80881a5047ffbbcb0bec30636516aff4f43307e2a925a476cabfc26e2cc392ad748d655f6ec4c8b75
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2014
-      ValidFrom: '2014-10-15 20:31:27'
-      ValidTo: '2029-10-15 20:41:27'
-      Signature: 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 330000000d690d5d7893d076df00000000000d
-      Version: 3
-      TBS:
-        MD5: 83f69422963f11c3c340b81712eef319
-        SHA1: 0c5e5f24590b53bc291e28583acb78e5adc95601
-        SHA256: d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
-        SHA384: 260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63
-    Signer:
-    - SerialNumber: 33000000319479a318f5522d06000000000031
-      Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2014
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 91e6ebc6d1c3e69e80475959690d68a9
-    SHA1: 9f7f7ed60f2f4c7cde0ee12668f4c22e07620e26
-    SHA256: d9802cc2655d9c4827c6d30b30dcc7c74cb41ce18261b5251acbd84e59999f5e
-  Sections:
-    .text:
-      Entropy: 6.20128139080885
-      Virtual Size: '0x1532'
-    .rdata:
-      Entropy: 5.111188890130452
-      Virtual Size: '0xe9c'
-    .data:
-      Entropy: 2.024151119020238
-      Virtual Size: '0x238'
-    .pdata:
-      Entropy: 4.088942059938381
-      Virtual Size: '0x2f4'
-    PAGE:
-      Entropy: 6.22435613604938
-      Virtual Size: '0x1bab'
-    INIT:
-      Entropy: 5.224310379311508
-      Virtual Size: '0x78c'
-    .reloc:
-      Entropy: 3.449082295352821
-      Virtual Size: '0x30'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2020-03-21 13:16:55'
-  Imphash: ec5ee9a38e54ed3d4a6e6545672cb651
-  LoadsDespiteHVCI: 'FALSE'
-Tags:
-- ene.sys
+-   Filename: ene.sys
+    MD5: fd80c3d38669b302de4b4b736941c0d1
+    SHA1: c47b890dda9882f9f37eccc27d58d6a774a2901f
+    SHA256: 16768203a471a19ebb541c942f45716e9f432985abbfbe6b4b7d61a798cea354
+    Authentihash:
+        MD5: f2d4af4dcb47113b44651d663ee322f8
+        SHA1: 097653d7068265aae9f00e37c904857d944a774c
+        SHA256: 995284d05f947e2db58ece30b6d61653a2b94b2c337e5c75ca8315793e0b3955
+    Description: ''
+    Company: ''
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    Product: ''
+    ProductVersion: ''
+    Copyright: ''
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - ZwUnmapViewOfSection
+    - ZwClose
+    - IofCompleteRequest
+    - ObReferenceObjectByHandle
+    - ZwMapViewOfSection
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - RtlAssert
+    - ZwOpenSection
+    - DbgPrint
+    - KeBugCheckEx
+    - IoCreateSymbolicLink
+    - IoDeleteSymbolicLink
+    - HalTranslateBusAddress
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Hardware Compatibility Publisher
+            ValidFrom: '2018-09-06 21:30:32'
+            ValidTo: '2019-09-06 21:30:32'
+            Signature: a5a2a99a97df110e18898e98fd07aaa52616e13f9c681d0f99cbafcb2914dd7a56a8324ab1fa926b26b9c5c87fd653c193cac3773f7750425d2090034461012f476d77005a079f2883e4cfa8b1dbab735f086c9692b3f6f53efb5db881bd94cdbda4c4c9597026a8fbf1eed41bf628879156fcacae96e751d4fe117f0f6dc985ef3bd72a7bd299bd507633600c9df2f92306fe4833a8d784019dbe8baaaa06fddae1d5066677c9bcce6506e6ebe455cc9f46b1e6e9d77f2a82159b2aac861eeb400de3dcef2bdfa85e0dc51628945f14b3f44340ba9f2a3af7ef1bf24f372b3a0d0fef4baafb86cf3ba43f29030b891d4b46b4ccb29b00506dc0ee0e44959f8369fc9e0fd4bc5fa12159a4cd6db8f9af57353c132654278784509635cf5e020c43757525a4d3dcbbd532986b46b2efaa2b6b3a00aa8d44cd0546efddb6ab2e30ccf75aba4bc8d9249262e408516b89cdd58c55b9af18baeb0201f7732724b4d3ca0c74ebc4afa19bb5583f948e9619232ece825e09465fdab93f6fe6ed0590d08435879ac1ba3cf41a8c4a8f5fea6a50e84a21a5ca38414e85de3867f4bce967cb45b62335b7416a0fdc08c1e3c049e85ef944f438e5f1296a659ff8e01a170001751f92b395bd7c9b4f33106a708a005c16c2b5439bac392253e1bcfbcb545d5f6243466205655a2e496098b9045d605b632b8f98d29f51e27e62fe63a4e8f2
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 33000000253a2738690a3451c1000000000025
+            Version: 3
+            TBS:
+                MD5: 60cb2d8488f8724a67bf3254e6a57ff1
+                SHA1: 37aef77a1afaa33ac5787fc43a2c1e2509a19eb1
+                SHA256: 495a6ff7ace92f915eb1753c4c0b32612056e6d320bb17ff90346db3aa357432
+                SHA384: 2a90dcf67abc92f070775de78ecf066e7730ea57b4c4d6c64cfdd66c3eb0f639ac188b24571a9f600ef017737a71decf
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2014
+            ValidFrom: '2014-10-15 20:31:27'
+            ValidTo: '2029-10-15 20:41:27'
+            Signature: 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 330000000d690d5d7893d076df00000000000d
+            Version: 3
+            TBS:
+                MD5: 83f69422963f11c3c340b81712eef319
+                SHA1: 0c5e5f24590b53bc291e28583acb78e5adc95601
+                SHA256: d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
+                SHA384: 260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63
+        Signer:
+        -   SerialNumber: 33000000253a2738690a3451c1000000000025
+            Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2014
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 2b745d90a102a42256774e350aac3080
+        SHA1: 45768de16e9654a5b21dcc916b5115ef81950791
+        SHA256: 59089a80084d2dd2efbc48ed53ce8eb6198155fe8552e36c1355c732691963a3
+    Sections:
+        .text:
+            Entropy: 6.156488628902
+            Virtual Size: '0x103c'
+        .rdata:
+            Entropy: 3.841189386185142
+            Virtual Size: '0x13c'
+        .data:
+            Entropy: 0.5159719988134768
+            Virtual Size: '0x110'
+        .pdata:
+            Entropy: 3.230483530413515
+            Virtual Size: '0x54'
+        INIT:
+            Entropy: 5.023217119758618
+            Virtual Size: '0x2a6'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2019-05-15 09:36:46'
+    Imphash: 85f86c7c8ce81a78e84efa545d7edc65
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: ene.sys
+    MD5: 7e6e2ed880c7ab115fca68136051f9ce
+    SHA1: 3cd037fbba8aae82c1b111c9f8755349c98bcb3c
+    SHA256: 175eed7a4c6de9c3156c7ae16ae85c554959ec350f1c8aaa6dfe8c7e99de3347
+    Authentihash:
+        MD5: 6055cbe0b4c535baa8c15473fc97e61a
+        SHA1: ce280412dd778cafbe6dbb05b8cab42e98d3ae56
+        SHA256: 795e5774aefd74200d552bf7ede17491c254fa7a73e2a00eb0e1462f18211ff5
+    Description: ''
+    Company: ''
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    Product: ''
+    ProductVersion: ''
+    Copyright: ''
+    MachineType: AMD64
+    Imports:
+    - cng.sys
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - BCryptCloseAlgorithmProvider
+    - BCryptGetProperty
+    - BCryptDecrypt
+    - BCryptImportKey
+    - BCryptDestroyKey
+    - BCryptSetProperty
+    - BCryptOpenAlgorithmProvider
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - wcsstr
+    - ObfDereferenceObject
+    - ZwClose
+    - ZwOpenSection
+    - ZwMapViewOfSection
+    - ZwUnmapViewOfSection
+    - PsSetLoadImageNotifyRoutine
+    - PsRemoveLoadImageNotifyRoutine
+    - PsGetCurrentProcessId
+    - RtlTimeToSecondsSince1970
+    - __C_specific_handler
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - RtlInitUnicodeString
+    - KeBugCheckEx
+    - ObReferenceObjectByHandle
+    - HalTranslateBusAddress
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Hardware Compatibility Publisher
+            ValidFrom: '2020-03-11 17:31:14'
+            ValidTo: '2021-03-05 17:31:14'
+            Signature: 7dfc7c353c4c04d9d06066e1ca8584637192eb15d1d6e7c5521b0d819d615fb56524985d30535b0573fb8e0d13173d51b27bd23b9a2052738891d67ed360766452b62c4566eb20c90f018229a8e951bf58df5a7d731c1e51217f471d470979f04e900920bfc8715122b331d82f68f73ebf3de36e09d18fbfed2f3c29190a41baafbca0025bf4e36310a04cb8e61c32fda677820aa693a7f5e69d3c3abdb495b12bb8b6d10f65d44fae945d9b0fcf695d4711fc9e1c0ddb1f569c13093e16c389f748d8fe60e8685f02357464564761db4cece391baa742f3ad3bcfa26e01975966ca41939c832bf1147bec870162ce042fd0cf10d048181ec573d317f2c5de21512f13b24de9bac9bb83fc2ceb4f6f766536fe38c03ede1f8b0a3b8828e8d914d73d0a17699ab20264a27a36e0f77c5144cf470bf44d2296290e345bd25c0bc6a08dd963ec39ce0e500599751c652dc20e9906c1ce76c1d86c09058ae8defb3d7b93b68a34ca83a981a30c2403723f7e5c664b1e951050002ad32e976db221c2d8c660047dc6acfe0da16d44c6372a5cd04b016a35193f841b903ba87e2d6e416a2c59469af9f16e249bb891f21ec22f2db0a84a48d7a9e43d2f7e3bdd016d600f57daf21829885ec035287ab332c32738f5e26c6d2502b2f044afb1e048c85c7c9baf76747de14ecdeca3c7481796a741672a047f89dafe2c12c01982a026c4
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 330000003a6ae333708fda7a7b00000000003a
+            Version: 3
+            TBS:
+                MD5: 6f5d716e7151f1c173396adb7213359e
+                SHA1: 100610baae90027e9844a8e9c4d489fe122ecd9c
+                SHA256: 677d532777cee24be88442efec75e9640e80ef57d8e1246396459a1a04be733f
+                SHA384: 35d397c22426b9c4c486fa5dd36c089209ab77026e981bd353ffbf060f54fd98f2afe9b45dd64c20614a5d5627b8dd0c
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2014
+            ValidFrom: '2014-10-15 20:31:27'
+            ValidTo: '2029-10-15 20:41:27'
+            Signature: 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 330000000d690d5d7893d076df00000000000d
+            Version: 3
+            TBS:
+                MD5: 83f69422963f11c3c340b81712eef319
+                SHA1: 0c5e5f24590b53bc291e28583acb78e5adc95601
+                SHA256: d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
+                SHA384: 260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63
+        Signer:
+        -   SerialNumber: 330000003a6ae333708fda7a7b00000000003a
+            Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2014
+            Version: 1
+    RichPEHeaderHash:
+        MD5: d0ffa2aaf0d3bc149c94629fd26d9a1a
+        SHA1: 9d3eb6a840044e7e6f4dd9602d13be9e727d0104
+        SHA256: 893f6ad3e6f34030f6416c00feb4f816d84461e62e441908bab4a6fdb39b0761
+    Sections:
+        .text:
+            Entropy: 6.190870515576075
+            Virtual Size: '0x14b2'
+        .rdata:
+            Entropy: 5.431524952006945
+            Virtual Size: '0x7c4'
+        .data:
+            Entropy: 2.591917186688699
+            Virtual Size: '0x20'
+        .pdata:
+            Entropy: 3.775198059023202
+            Virtual Size: '0x180'
+        INIT:
+            Entropy: 5.1721688922538265
+            Virtual Size: '0x484'
+        .reloc:
+            Entropy: 2.684183719779189
+            Virtual Size: '0x14'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2020-05-08 00:07:19'
+    Imphash: baa420e9d4e3baf0d65d4fc2bf497708
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: ene.sys
+    MD5: 8942e9fa2459b1e179a6535ca16a2fb4
+    SHA1: 3a3342f4ca8cc45c6b86f64b1a7d7659020b429f
+    SHA256: 810513b3f4c8d29afb46f71816350088caacf46f1be361af55b26f3fee4662c3
+    Authentihash:
+        MD5: 198111fd73515aa7fe4387612f027f0f
+        SHA1: 651b953cb03928e41424ad59f21d4978d6f4952e
+        SHA256: ebbaa44277a3ec6e20ad3f6aef5399fdc398306eb4c13aa96e45c9a281820a12
+    Description: ''
+    Company: ''
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    Product: ''
+    ProductVersion: ''
+    Copyright: ''
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - ZwUnmapViewOfSection
+    - ZwClose
+    - IofCompleteRequest
+    - ObReferenceObjectByHandle
+    - ZwMapViewOfSection
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - RtlAssert
+    - ZwOpenSection
+    - DbgPrint
+    - KeBugCheckEx
+    - IoCreateSymbolicLink
+    - IoDeleteSymbolicLink
+    - HalTranslateBusAddress
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited,
+                CN=COMODO SHA,1 Time Stamping Signer
+            ValidFrom: '2015-12-31 00:00:00'
+            ValidTo: '2019-07-09 18:40:36'
+            Signature: ba332440408c7cdb589fb36098b2f5c031feeb1f6e50f60ae0e4e681ad2687a2dffdb3daf473f300fb291b891b153edb6b52932bc4ac3981d73c67579a3936e028089ae3394f9b89097f7bc5617f598932250a6aae1a3ef0a227a8b6c3b887f7160448413d5cd8ec9f4d203104d965a1edcd690753163ddd36020a88eb40e506300bb8164bdcefbc5509ffc63e122e76b3dcce42eff97657e1b70a054098589a5d711693718c6581ea6ff389f7fb73adb4e7bfd98e6faa0b4f25f3b8e1d5dd75986881f8aac0d180c2c4c43989c1f6c99e6cd774f9d997f84fc29a0acd5e8ff819e9e0a59fc4f09221e62d7925c922f9c3f03a8457ad3a16f46394101d5dd0c6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1688f039255e638e69143907e6330b
+            Version: 3
+            TBS:
+                MD5: 0179e8ddeebaf8998fec419d65cdf13d
+                SHA1: 34c724c3369f2da8c25b591808962f66f10bde28
+                SHA256: 35b0bac11602847aaab65fb35199d3c8976cde3ccf7e061b130177c712cbd92f
+                SHA384: 85f2e758b5480eb225ae42777ed339de71da458c1d40677c0fb6ef8e560e42764a577335e4839b5342061c31ee837b6e
+        -   Subject: C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust
+                External CA Root
+            ValidFrom: '2013-08-15 20:26:30'
+            ValidTo: '2023-08-15 20:36:30'
+            Signature: 362ba2f2e1331fe493f7f26985c6640ec99b632fe4703798fd94ec7bcff8a14246f9ed6a4e8d34693605557a1ebbad8c99429606e925a82684bec1bf16a97caa5b04b7fdd1c0f402be28edf577c79bfe3af6e8c17bd382abfa144ecf2bcfe5d5b54840b1a38f838bad2b2553aba634cef243f74f2ce9dd1e4e5ab6bae83b10992400bc50fd78f6e523a8899493f7b74130374a57b7e644d9c9df9905aa44fc74af8264cc07cb01b609c32ee3e832a7b49f4178c7a184365462f2ec150ac8ead084f8f1e06bf456125f95e0fcddb77693fe294a25e90400f1b4110ec9849edb177df51ea58e3629193a6d6c464bd7ab7024288d05a3d9d524f2f8a0d13c8239d4a8820e693a8109fc06f0c75933843693064191232c22a5a7012b50b428aedb46b0591b86b39b87e8494e390b6d14df4c03301e1f5f74aef55b590353ec9816e0d06235751b48b87d13e57a48b87752a40798253b069b7a4e6a6f44864f144f2779273d5073414c9c413edd290c73b1c7fb1f760c176504ebd25010924149ece4067d3615446f89bf697df94d40c13a98b6a07e31d2b5aecafb53d53f5086cd5e933b6d5d7c9a3f3ff7a9255884dd114900a2c7c89e37dd778e6d718be05b81345d54baccf59347886de7ef5be228e4801b40e40f2ad17f2315655aac9994433f465526d6c4fa8895e2919aa32d0b85deac8ce0f967709f71790231f761a229c4
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 3300000035d8d5595b0671412b000000000035
+            Version: 3
+            TBS:
+                MD5: 3d488d41aaeb5661974952080abef2fd
+                SHA1: df01e35e6befc7d65625319f17397b861e618d56
+                SHA256: 3d6ef38b5d26773dc77392e415e88b3a744b30ea9f2081e2a992b5818db2f0c4
+                SHA384: ac7c06916fe4a00307834b2499f12799d3fe463c2e63d1881df669a2786745beeee2b3a7d87cd6bc9e4fe293c22e5a59
+        -   Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited,
+                CN=COMODO RSA Certification Authority
+            ValidFrom: '2000-05-30 10:48:38'
+            ValidTo: '2020-05-30 10:48:38'
+            Signature: 64bf83f15f9a85d0cdb8a129570de85af7d1e93ef276046ef15270bb1e3cff4d0d746acc818225d3c3a02a5d4cf5ba8ba16dc4540975c7e3270e5d847937401377f5b4ac1cd03bab1712d6ef34187e2be979d3ab57450caf28fad0dbe5509588bbdf8557697d92d852ca7381bf1cf3e6b86e661105b31e942d7f91959259f14ccea391714c7c470c3b0b19f6a1b16c863e5caac42e82cbf90796ba484d90f294c8a973a2eb067b239ddea2f34d559f7a6145981868c75e406b23f5797aef8cb56b8bb76f46f47bf13d4b04d89380595ae041241db28f15605847dbef6e46fd15f5d95f9ab3dbd8b8e440b3cd9739ae85bb1d8ebcdc879bd1a6eff13b6f10386f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.12
+            IsCertificateAuthority: true
+            SerialNumber: 2766ee56eb49f38eabd770a2fc84de22
+            Version: 3
+            TBS:
+                MD5: be5bfbe77379139ac5cdcbcc8d4d3b34
+                SHA1: 606b701bc9f448ddbfe6fa63ccb8061b838ee254
+                SHA256: 0d73a614eef7596cf5a34733f74daf2ccfe4df7b4a40069bf43c43e428264177
+                SHA384: 7ce102d63c57cb48f80a65d1a5e9b350a7a618482aa5a36775323ca933ddfcb00def83796a6340dec5ebf7596cfd8e5d
+        -   Subject: C=TW, postalCode=11071, ST=Taiwan, L=Taipei, ??=12F., No.1,8,
+                Sec. 5, Zhongxiao E. Rd., Xinyi Dist., Taipei City 11071, Taiwan (R.O.C.),
+                O=Ptolemy Tech Co., Ltd, CN=Ptolemy Tech Co., Ltd
+            ValidFrom: '2018-02-21 00:00:00'
+            ValidTo: '2019-02-21 23:59:59'
+            Signature: 0dbb7a0ba1c1f2522a473c9994cf7cb087a3e1b69a733e84665124c5473bc87e43d639859088db27ede83500cbf39c36a80b24476562cd1ec3363458efbcf5a770b63f75ae5c249b313cb70603564bc0eaa9825b9c3deaa0460462d7e861d487c474f8af3a42163090b6e189ca8b0d1dbf3d87f80bd1ca031140b3e37baadef936611ab23e5a7419c8dc34dc28b0a8f69c0df0c876a53fcbc7f4e6ba3f0e89cd05faed21432cc43d452344b515dc4f8f90bc5c064d3d0271850147eb782b3ac159f496cdacdc5f1c2c0a02503d042cedf7a7e999520ac193276935bdc224ec0df1bc7b9123cbc96ba51ab57aa4ba52764b04b905c74c3e66d0508fe8031819b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 00e7640d3b521f8b0b6fd8ce64c827613b
+            Version: 3
+            TBS:
+                MD5: 4926d545fbfffd080f86c130a9858617
+                SHA1: de9cafee670382ee4ad8a306c36c2b908e1542fb
+                SHA256: 0e53e01805c33df56bd7fade57169dab0081f39eb124d57d9d655940392cf8d1
+                SHA384: c635ef697283d82f426987a5392467db5767b3915821e0bfe704acc398d0908f3b665cbb335bd2453fe14eb9d12abc2a
+        -   Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited,
+                CN=COMODO RSA Code Signing CA
+            ValidFrom: '2013-05-09 00:00:00'
+            ValidTo: '2028-05-08 23:59:59'
+            Signature: 023f0239c3eef8ca3b89de0c6d4db1f14e924fafc2382c04ccc56311ab0963afaba2d7023fcc6f19c33dd61a0894ff25d8a988a72b101ae09bb107221a511c3ad4e1e909bfe62474af1e7b16316e23ef54512d5202e27508054cf1b751e15100c687f66cee104476576af1df586b21aa49d47c374ebdffb67554401836576711cd4f02e4fef3dafc7517dbecb7f7650923491f435783ea7e207761c84df2bb654da8f7854507af7a6927659029408bdf7b3a51398ca81f7079ad6d4220a2cf0c6c038c4ccd730794e75a8e3a04baa2a17c1fcb633a15a7d4151ba7524732a9f4bf6447d1aa1f534e323073c26fb778829d5cff46bb6b221d880bf81baa34a6fc8cf5dd7f658c8c315731d036ec47a1cfcb8ba8ef1c1858c50677ca4b9b51af4c084a7a8fe2a352e28e8ecc26e4b2d8e538c2a8edc6819c356ba958614a0a97b44b42b6559dbe99e7706d59f86d2a0c7f19605f0c9a886c30ac520990161bff2b9ddbd020ca89ea287e328e19df7b48331ed765f8aec9f8831493767d64d08ecebe357dff72314d9f9ebd1e6c2fa88f0c0650fb8c27b376c9f4e6d7c334e28c87218661febf5574e12177030a686cbbe4c9a9e6cf5925eb7cec450e796668e822cdb8ef98854d96113c098ad07fbc282813fb6aca548d925ccdc26598069ece485bd4b5379346417c07ddcffa43efba6761ff7d49e0bb307d5c80e3e616394ba7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.12
+            IsCertificateAuthority: true
+            SerialNumber: 2e7c87cc0e934a52fe94fd1cb7cd34af
+            Version: 3
+            TBS:
+                MD5: f64df7e88bb2b95c7204bc07bb197a87
+                SHA1: a1bfa9f0f46a1e9ac66259c9b2b1b2dcaf16db9b
+                SHA256: a3dd3858c0e514dd37cacd5f23fc8222443ff636eef4a9fe90bc0ecbbb051fd1
+                SHA384: 4805a7e23d6c8ff5e149f197b744bcb2346e73f19a48835a2f64129183981109256b75ea371a331746d01fd4e135ab6e
+        Signer:
+        -   SerialNumber: 00e7640d3b521f8b0b6fd8ce64c827613b
+            Issuer: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO
+                RSA Code Signing CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 2b745d90a102a42256774e350aac3080
+        SHA1: 45768de16e9654a5b21dcc916b5115ef81950791
+        SHA256: 59089a80084d2dd2efbc48ed53ce8eb6198155fe8552e36c1355c732691963a3
+    Sections:
+        .text:
+            Entropy: 6.155249930767524
+            Virtual Size: '0x103c'
+        .rdata:
+            Entropy: 3.9170994221049087
+            Virtual Size: '0x144'
+        .data:
+            Entropy: 0.5159719988134768
+            Virtual Size: '0x110'
+        .pdata:
+            Entropy: 3.1235136228187446
+            Virtual Size: '0x54'
+        INIT:
+            Entropy: 5.023217119758618
+            Virtual Size: '0x2a6'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2018-03-19 21:59:12'
+    Imphash: 85f86c7c8ce81a78e84efa545d7edc65
+    LoadsDespiteHVCI: 'TRUE'
+-   Filename: ene.sys
+    MD5: 1f3522c5db7b9dcdd7729148f105018e
+    SHA1: 17b3163aecd1f512f1603548ef6eb4947fbec95e
+    SHA256: 910aa4685c735d8c07662aa04fafec463185699ad1a0cd1967b892fc33ec6c3c
+    Authentihash:
+        MD5: 1da05109a3734c583233491ec8242e11
+        SHA1: b93b24e5edb56cf7872d73a0a081ae1127ae43d2
+        SHA256: 91b0fdd5bfc596b2f7c9db33e822d24f378c706daf6f92682c5fe1043e547f8d
+    Description: ''
+    Company: ''
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    Product: ''
+    ProductVersion: ''
+    Copyright: ''
+    MachineType: AMD64
+    Imports:
+    - cng.sys
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - BCryptCloseAlgorithmProvider
+    - BCryptGetProperty
+    - BCryptDecrypt
+    - BCryptImportKey
+    - BCryptDestroyKey
+    - BCryptSetProperty
+    - BCryptOpenAlgorithmProvider
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - ObReferenceObjectByHandle
+    - ObfDereferenceObject
+    - ZwClose
+    - ZwOpenSection
+    - ZwMapViewOfSection
+    - ZwUnmapViewOfSection
+    - PsSetLoadImageNotifyRoutine
+    - PsRemoveLoadImageNotifyRoutine
+    - PsGetCurrentProcessId
+    - RtlTimeToSecondsSince1970
+    - __C_specific_handler
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - MmGetSystemRoutineAddress
+    - wcsstr
+    - ZwSetSecurityObject
+    - IoDeviceObjectType
+    - IoCreateDevice
+    - ObOpenObjectByPointer
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - RtlGetSaclSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - _snwprintf
+    - RtlLengthSecurityDescriptor
+    - SeExports
+    - RtlCreateSecurityDescriptor
+    - _wcsnicmp
+    - wcschr
+    - RtlAbsoluteToSelfRelativeSD
+    - RtlAddAccessAllowedAce
+    - RtlLengthSid
+    - IoIsWdmVersionAvailable
+    - RtlSetDaclSecurityDescriptor
+    - ZwOpenKey
+    - ZwSetValueKey
+    - ZwQueryValueKey
+    - ZwCreateKey
+    - RtlFreeUnicodeString
+    - KeBugCheckEx
+    - RtlInitUnicodeString
+    - HalTranslateBusAddress
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Hardware Compatibility Publisher
+            ValidFrom: '2019-06-05 18:34:00'
+            ValidTo: '2020-06-03 18:34:00'
+            Signature: 312314217055afc1a5751181c7d2d7619b23ba17166e6ae6f358b16921c925c6e3b75c31b93035f357c154fe4d347019e927db1957193b741e3371b46f4d6212b3bec972d6ff2297e8b1f2391f840045471ee31c524d4f5bf1cae4a32b73f6e48f51f777bb5b8a726db2a387c7c8df42289540f4f3d27b37d4ab4854efba809021879f3257d5670d70003a51d62bbc68e345a769f37ccb3ad336b7b3c494f5d56ef8300228d29835e5129b070742a220f83b6c9d5e2589cf2e7a1f7b59cfc81cda3232fc2fa448d736db546dc4b274cad3da83433deaa3eb9919b23ad08dc4055a8026711adcfccdb47d7a7c1adb2671ecc7198a786973807699a0ee236a46771f88913b769693b0b8ce9b002a40c2aa426edfd9a98368f89817b0d174458a390e11628e21f77e751431fae13831228e0e357610a24d89806d85390e9b3831792f62688bf04f91ee9a854b252452de7e752f39e57765a09a4ff41ae96144593a8a99688c6c9ad6b9fcaba1189ef2372b99e96db3fe6402b0e125b17f36c6f70fc1eb83257ce639b6c691a9ec031dddb9fa6536bb8e6080c9db976533f4ddfb73309b6498543cc94d3283d43668d614dd60a4fe707eb3b871da3204c534c8cc73cbc66aeb36cefd765439eef68d7ee9c515eb617f051a72097d0a25003df2dceccc9a0c4be1fd27e473955cc83ee9dba626748b1cb723c3b1c8b8ebc59321a0f5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 33000000319479a318f5522d06000000000031
+            Version: 3
+            TBS:
+                MD5: 5b81fd0f706522a8d7c9f2957283c0b4
+                SHA1: 84d894599653a8ed0e0b2802db3197dc177908cc
+                SHA256: 4fa629304df4287c97ae5b7e481974316e9daf776b0cdeffab1671e7dca68fb4
+                SHA384: 0b89dc122fc7ebf80881a5047ffbbcb0bec30636516aff4f43307e2a925a476cabfc26e2cc392ad748d655f6ec4c8b75
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2014
+            ValidFrom: '2014-10-15 20:31:27'
+            ValidTo: '2029-10-15 20:41:27'
+            Signature: 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 330000000d690d5d7893d076df00000000000d
+            Version: 3
+            TBS:
+                MD5: 83f69422963f11c3c340b81712eef319
+                SHA1: 0c5e5f24590b53bc291e28583acb78e5adc95601
+                SHA256: d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
+                SHA384: 260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63
+        Signer:
+        -   SerialNumber: 33000000319479a318f5522d06000000000031
+            Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2014
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 91e6ebc6d1c3e69e80475959690d68a9
+        SHA1: 9f7f7ed60f2f4c7cde0ee12668f4c22e07620e26
+        SHA256: d9802cc2655d9c4827c6d30b30dcc7c74cb41ce18261b5251acbd84e59999f5e
+    Sections:
+        .text:
+            Entropy: 6.20128139080885
+            Virtual Size: '0x1532'
+        .rdata:
+            Entropy: 5.111188890130452
+            Virtual Size: '0xe9c'
+        .data:
+            Entropy: 2.024151119020238
+            Virtual Size: '0x238'
+        .pdata:
+            Entropy: 4.088942059938381
+            Virtual Size: '0x2f4'
+        PAGE:
+            Entropy: 6.22435613604938
+            Virtual Size: '0x1bab'
+        INIT:
+            Entropy: 5.224310379311508
+            Virtual Size: '0x78c'
+        .reloc:
+            Entropy: 3.449082295352821
+            Virtual Size: '0x30'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2020-03-21 13:16:55'
+    Imphash: ec5ee9a38e54ed3d4a6e6545672cb651
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/3d1439e9-9a7d-497a-8c6c-74513f825d6a.yaml b/yaml/3d1439e9-9a7d-497a-8c6c-74513f825d6a.yaml
index e8faf4b01..4247adaaa 100644
--- a/yaml/3d1439e9-9a7d-497a-8c6c-74513f825d6a.yaml
+++ b/yaml/3d1439e9-9a7d-497a-8c6c-74513f825d6a.yaml
@@ -1,137 +1,137 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 3d1439e9-9a7d-497a-8c6c-74513f825d6a
+Tags:
+- daxin_blank6.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: malicious
-Commands:
-  Command: sc.exe create daxin_blank6.sys binPath=C:\windows\temp\daxin_blank6.sys     type=kernel
-    && sc.exe start daxin_blank6.sys
-  Description: Driver used in the Daxin malware campaign.
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-02-28'
-Detection: []
-Id: 3d1439e9-9a7d-497a-8c6c-74513f825d6a
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: d59fbf4aa759286d1dd9abb40733f7b2
-    SHA1: 3c34c7c5916b987420fbfb4f3e3fef7400471831
-    SHA256: a8c558e74ebe35a095a5b79d4bb26c10b18f8ebb449365e742f856d4e032555c
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2009-03-25 20:44:42'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: daxin_blank6.sys
-  ImportedFunctions:
-  - MmUnlockPages
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - IoQueueWorkItem
-  - IoAllocateWorkItem
-  - IoGetCurrentProcess
-  - _stricmp
-  - IoFreeWorkItem
-  - RtlFreeUnicodeString
-  - ZwClose
-  - ZwWriteFile
-  - ZwCreateFile
-  - RtlAnsiStringToUnicodeString
-  - _strnicmp
-  - RtlUnwind
-  - RtlCopyUnicodeString
-  - wcsncmp
-  - swprintf
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - KeInitializeSpinLock
-  - ExfInterlockedInsertTailList
-  - RtlInitUnicodeString
-  - MmMapLockedPagesSpecifyCache
-  - IoFreeMdl
-  - InterlockedDecrement
-  - InterlockedIncrement
-  - InterlockedExchange
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - ExfInterlockedRemoveHeadList
-  - IofCompleteRequest
-  - ExAllocatePoolWithTag
-  - strncmp
-  - ExFreePool
-  - KfAcquireSpinLock
-  - KfReleaseSpinLock
-  - KeInitializeApc
-  - KeInsertQueueApc
-  - KeAttachProcess
-  - KeDetachProcess
-  - NtQuerySystemInformation
-  - NdisAllocatePacket
-  - NdisCopyFromPacketToPacket
-  - NdisAllocateMemory
-  - NdisFreePacket
-  - NdisAllocateBuffer
-  - NdisSetEvent
-  - NdisResetEvent
-  - NdisFreeBufferPool
-  - NdisFreePacketPool
-  - NdisFreeMemory
-  - NdisWaitEvent
-  - NdisQueryAdapterInstanceName
-  - NdisOpenAdapter
-  - NdisInitializeEvent
-  - NdisAllocatePacketPool
-  - NdisRegisterProtocol
-  - NdisAllocateBufferPool
-  - NdisCloseAdapter
-  - NdisDeregisterProtocol
-  Imports:
-  - NTOSKRNL.EXE
-  - HAL.DLL
-  - ntoskrnl.exe
-  - NDIS.SYS
-  InternalName: ''
-  MD5: 0ae30291c6cbfa7be39320badd6e8de0
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: n/a
-  RichPEHeaderHash:
-    MD5: 909f63d34ab6d10273023d528b1722a0
-    SHA1: 2e7dbeb35bb60bf672f840375926888760d4ad58
-    SHA256: 64d9f0289f8d52b49a1beb95e9248e2e08d06e94c9d2fc86b3b85536cf7697c1
-  SHA1: c257aa4094539719a3c7b7950598ef872dbf9518
-  SHA256: e6a7b0bc01a627a7d0ffb07faddb3a4dd96b6f5208ac26107bdaeb3ab1ec8217
-  Sections:
-    .text:
-      Entropy: 6.395124735617589
-      Virtual Size: '0x3968'
-    .rdata:
-      Entropy: 4.136188883876631
-      Virtual Size: '0x221'
-    .data:
-      Entropy: 1.9267671732967222
-      Virtual Size: '0x4eb9c'
-    INIT:
-      Entropy: 5.1775498523671
-      Virtual Size: '0x67c'
-    .reloc:
-      Entropy: 4.179055975760782
-      Virtual Size: '0x752'
-  Signature: Unsigned
-  Signatures: {}
-  Imphash: a7bd820fa5b895fab06f20739c9f24b8
-  LoadsDespiteHVCI: 'TRUE'
 MitreID: T1068
+Category: malicious
+Commands:
+    Command: sc.exe create daxin_blank6.sys binPath=C:\windows\temp\daxin_blank6.sys     type=kernel
+        && sc.exe start daxin_blank6.sys
+    Description: Driver used in the Daxin malware campaign.
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://gist.github.com/MHaggis/9ab3bb795a6018d70fb11fa7c31f8f48
 - https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/daxin-backdoor-espionage
 - ''
-Tags:
-- daxin_blank6.sys
-Verified: 'TRUE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: d59fbf4aa759286d1dd9abb40733f7b2
+        SHA1: 3c34c7c5916b987420fbfb4f3e3fef7400471831
+        SHA256: a8c558e74ebe35a095a5b79d4bb26c10b18f8ebb449365e742f856d4e032555c
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2009-03-25 20:44:42'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: daxin_blank6.sys
+    ImportedFunctions:
+    - MmUnlockPages
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - IoQueueWorkItem
+    - IoAllocateWorkItem
+    - IoGetCurrentProcess
+    - _stricmp
+    - IoFreeWorkItem
+    - RtlFreeUnicodeString
+    - ZwClose
+    - ZwWriteFile
+    - ZwCreateFile
+    - RtlAnsiStringToUnicodeString
+    - _strnicmp
+    - RtlUnwind
+    - RtlCopyUnicodeString
+    - wcsncmp
+    - swprintf
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - KeInitializeSpinLock
+    - ExfInterlockedInsertTailList
+    - RtlInitUnicodeString
+    - MmMapLockedPagesSpecifyCache
+    - IoFreeMdl
+    - InterlockedDecrement
+    - InterlockedIncrement
+    - InterlockedExchange
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - ExfInterlockedRemoveHeadList
+    - IofCompleteRequest
+    - ExAllocatePoolWithTag
+    - strncmp
+    - ExFreePool
+    - KfAcquireSpinLock
+    - KfReleaseSpinLock
+    - KeInitializeApc
+    - KeInsertQueueApc
+    - KeAttachProcess
+    - KeDetachProcess
+    - NtQuerySystemInformation
+    - NdisAllocatePacket
+    - NdisCopyFromPacketToPacket
+    - NdisAllocateMemory
+    - NdisFreePacket
+    - NdisAllocateBuffer
+    - NdisSetEvent
+    - NdisResetEvent
+    - NdisFreeBufferPool
+    - NdisFreePacketPool
+    - NdisFreeMemory
+    - NdisWaitEvent
+    - NdisQueryAdapterInstanceName
+    - NdisOpenAdapter
+    - NdisInitializeEvent
+    - NdisAllocatePacketPool
+    - NdisRegisterProtocol
+    - NdisAllocateBufferPool
+    - NdisCloseAdapter
+    - NdisDeregisterProtocol
+    Imports:
+    - NTOSKRNL.EXE
+    - HAL.DLL
+    - ntoskrnl.exe
+    - NDIS.SYS
+    InternalName: ''
+    MD5: 0ae30291c6cbfa7be39320badd6e8de0
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: n/a
+    RichPEHeaderHash:
+        MD5: 909f63d34ab6d10273023d528b1722a0
+        SHA1: 2e7dbeb35bb60bf672f840375926888760d4ad58
+        SHA256: 64d9f0289f8d52b49a1beb95e9248e2e08d06e94c9d2fc86b3b85536cf7697c1
+    SHA1: c257aa4094539719a3c7b7950598ef872dbf9518
+    SHA256: e6a7b0bc01a627a7d0ffb07faddb3a4dd96b6f5208ac26107bdaeb3ab1ec8217
+    Sections:
+        .text:
+            Entropy: 6.395124735617589
+            Virtual Size: '0x3968'
+        .rdata:
+            Entropy: 4.136188883876631
+            Virtual Size: '0x221'
+        .data:
+            Entropy: 1.9267671732967222
+            Virtual Size: '0x4eb9c'
+        INIT:
+            Entropy: 5.1775498523671
+            Virtual Size: '0x67c'
+        .reloc:
+            Entropy: 4.179055975760782
+            Virtual Size: '0x752'
+    Signature: Unsigned
+    Signatures: {}
+    Imphash: a7bd820fa5b895fab06f20739c9f24b8
+    LoadsDespiteHVCI: 'TRUE'
diff --git a/yaml/3d7da79b-fe34-45cd-a0c9-d4432d40611c.yaml b/yaml/3d7da79b-fe34-45cd-a0c9-d4432d40611c.yaml
index bb4f5bfca..4a63d0a81 100644
--- a/yaml/3d7da79b-fe34-45cd-a0c9-d4432d40611c.yaml
+++ b/yaml/3d7da79b-fe34-45cd-a0c9-d4432d40611c.yaml
@@ -1,2751 +1,2774 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 3d7da79b-fe34-45cd-a0c9-d4432d40611c
+Tags:
+- nvoclock.sys
+Verified: 'TRUE'
 Author: Takahiro Haruyama
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create nvoclocksys binPath= C:\windows\temp\nvoclocksys.sys type=kernel
-    && sc.exe start nvoclocksys
-  Description: The Carbon Black Threat Analysis Unit (TAU) discovered 34 unique vulnerable
-    drivers (237 file hashes) accepting firmware access. Six allow kernel memory access.
-    All give full control of the devices to non-admin users. By exploiting the vulnerable
-    drivers, an attacker without the system privilege may erase/alter firmware, and/or
-    elevate privileges. As of the time of writing in October 2023, the filenames of
-    the vulnerable drivers have not been made public until now.
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-11-02'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: 3d7da79b-fe34-45cd-a0c9-d4432d40611c
-KnownVulnerableSamples:
-- Company: NVIDIA Corp.
-  Date: ''
-  Description: NVIDIA System Utility Driver
-  FileVersion: 6.05.02
-  Filename: ''
-  MD5: 6cc3c3be2de12310a35a6ab2aed141d6
-  MachineType: I386
-  OriginalFilename: nvoclock.sys
-  Product: NVIDIA System Utility Driver
-  ProductVersion: 6.05.02
-  Publisher: ''
-  SHA1: 09d3ff3c57f5154735e676f2c0a10b5e51336bb3
-  SHA256: 060d25126e45309414b380ee29f900840b689eae4217a8e621563f130c1d457f
-  Signature: ''
-  Imphash: bec5dc89f030df7a96d19483fad4cc0a
-  Authentihash:
-    MD5: 43bc44c551bb06b2052b1b146231a424
-    SHA1: be3c7e94ca552ccae788c14183ab1997f5e22122
-    SHA256: 047ce557cc7bb580af457c151233b5114de6efbc9bf5e8c919fab453cebe5fa6
-  RichPEHeaderHash:
-    MD5: 79b18c96a845fa5ed4b32b68e044d886
-    SHA1: 4f4359656c3e3fd940c0f2feea828cb56680b81d
-    SHA256: 15e52e5444362d1eabad1bf6dcd86d4ed9bc9451b67d38525dc0233a9d03908b
-  Sections:
-    .text:
-      Entropy: 6.38652500648769
-      Virtual Size: '0x1de6'
-    .rdata:
-      Entropy: 7.993400719049359
-      Virtual Size: '0x417c'
-    .data:
-      Entropy: 2.792481250360578
-      Virtual Size: '0xc'
-    PAGE:
-      Entropy: 6.365332861447633
-      Virtual Size: '0xc8f'
-    INIT:
-      Entropy: 5.25919991638858
-      Virtual Size: '0x33c'
-    .rsrc:
-      Entropy: 3.31871912729791
-      Virtual Size: '0x388'
-    .reloc:
-      Entropy: 6.129197764938437
-      Virtual Size: '0x388'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2009-03-09 13:25:07'
-  InternalName: nvoclock.sys
-  Copyright: "Copyright \xA9NVIDIA Corp. 2003-2004"
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoInitializeRemoveLockEx
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - IoAttachDeviceToDeviceStack
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - RtlInitUnicodeString
-  - KeSetEvent
-  - IoReleaseRemoveLockEx
-  - KeWaitForSingleObject
-  - KeInitializeEvent
-  - IoDetachDevice
-  - IoReleaseRemoveLockAndWaitEx
-  - MmUnmapIoSpace
-  - IofCallDriver
-  - IofCompleteRequest
-  - IoAcquireRemoveLockEx
-  - MmMapIoSpace
-  - PoCallDriver
-  - PoStartNextPowerIrp
-  - _except_handler3
-  - MmGetPhysicalAddress
-  - IoFreeMdl
-  - MmUnmapLockedPages
-  - MmMapLockedPages
-  - MmBuildMdlForNonPagedPool
-  - IoAllocateMdl
-  - _aullshr
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=US, ST=California, L=Santa Clara, O=NVIDIA Corporation, OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=Software, CN=NVIDIA Corporation
-      ValidFrom: '2007-08-07 00:00:00'
-      ValidTo: '2009-09-01 23:59:59'
-      Signature: 657ca22c6aee2d80e07d1d99f3b398873df0f8f68d6436cf98cc75c08d85d9c25a08c551117d7e953a865cff6a21049bdf07b1ea64d97fde9f03846a76f5a6157bb402c623b2e06f6765477f8ed4ef18c2f1f5a2670291479ad7b0adf93651e6dbba1229aff21c64a3b08eb8925b34e4e5e8b81b32a8922881158730d5279effc64687f44c278bae83ef2b920f48f857e02691fc88e2b31a342e6de912c57245571b74791fe6fb7c013511ee13690cf2bbc627ff4f8798bae0c2d0366089f2633c5472d7d159e9734afa1481fe861c29a10da1aa65cbcbf91ead8b03411584d16b66731e1043f3da0a516ed6f0142d9df8975c5b646a826cf0a88ba59ad0d512
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3af820a6907699580410055228ecaddf
-      Version: 3
-      TBS:
-        MD5: 175416493bada497157d28d65f476b32
-        SHA1: 80854f578e2a3b5552ea839ba4f98ddfe94b2381
-        SHA256: 9f176c9eea37039bc9ac9c92f64af7e3718e9cab05291cca2408dbef2bfb7a50
-        SHA384: c178b9d04327f47938b970e8645084e9ef15aec5f42a31067d0d9fb74cce2f092b73d4564be9bcbddd13715b063ab942
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 3af820a6907699580410055228ecaddf
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: NVidia Corp.
-  Date: ''
-  Description: NVidia System Utility Driver
-  FileVersion: 3.00.00
-  Filename: ''
-  MD5: 06ffbb2cbf5ac9ef95773b4f5c4c896a
-  MachineType: I386
-  OriginalFilename: nvoclock.sys
-  Product: NVidia System Utility Driver
-  ProductVersion: 3.00.00
-  Publisher: ''
-  SHA1: 9f2b550c58c71d407898594b110a9320d5b15793
-  SHA256: 0fc0644085f956706ea892563309ba72f0986b7a3d4aa9ae81c1fa1c35e3e2d3
-  Signature: ''
-  Imphash: c590cbf2d6cbf206a2e47e8ed91dd944
-  Authentihash:
-    MD5: 4542c85a4f4fe38b28981d4b8035f46b
-    SHA1: 094cd9d2b292e15c915dc2f5087a9c8e30d7382e
-    SHA256: 283a2e3eb9bad973e2ec439208f1bfb5121f8d9c37019b8a699be212f05964eb
-  RichPEHeaderHash:
-    MD5: 09ffc04ae64f72585fc378ccdf8754d7
-    SHA1: 19bd1625e045084fcb0b057103b4d0df24c2effe
-    SHA256: a1286359154b9d830af75050d64bafb353f561698c433a10236ff6ee776c3f35
-  Sections:
-    .text:
-      Entropy: 6.11027735498843
-      Virtual Size: '0x708'
-    .rdata:
-      Entropy: 4.662292728291374
-      Virtual Size: '0xab'
-    .data:
-      Entropy: 2.792481250360578
-      Virtual Size: '0xc'
-    PAGE:
-      Entropy: 6.0797559351914945
-      Virtual Size: '0x605'
-    INIT:
-      Entropy: 5.382561636132916
-      Virtual Size: '0x25c'
-    .rsrc:
-      Entropy: 3.230617759040628
-      Virtual Size: '0x388'
-    .reloc:
-      Entropy: 4.539628081221655
-      Virtual Size: '0xc6'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2005-08-10 09:49:48'
-  InternalName: nvoclock.sys
-  Copyright: "Copyright \xA9NVIDIA Corp. 2003-2004"
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - MmGetPhysicalAddress
-  - IoFreeMdl
-  - MmUnmapLockedPages
-  - MmMapLockedPages
-  - MmBuildMdlForNonPagedPool
-  - IoAllocateMdl
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  Signatures: {}
-  LoadsDespiteHVCI: 'FALSE'
-- Company: NVidia Corp.
-  Date: ''
-  Description: NVidia System Utility Driver
-  FileVersion: 6.02.15
-  Filename: ''
-  MD5: 9ce1b0e5cfa8223cec3be1c7616e9f63
-  MachineType: I386
-  OriginalFilename: nvoclock.sys
-  Product: NVidia System Utility Driver
-  ProductVersion: 6.02.15
-  Publisher: ''
-  SHA1: 96c2e1d7c9a8ad242f8f478e871f645895d3e451
-  SHA256: 16ae28284c09839900b99c0bdf6ce4ffcd7fe666cfd5cfb0d54a3ad9bea9aa9c
-  Signature: ''
-  Imphash: 1b0788bb68804273159b8ace9cba7ea3
-  Authentihash:
-    MD5: c4f1bdfb9ce8e2ded74fc30bb9fb9dcf
-    SHA1: 98e3f744f1c5ce862052364d1d38da0d96870e06
-    SHA256: 2affa6b703f0491a44d6b7b09dfab83b36ac06979810665aaf7dd2913964c44d
-  RichPEHeaderHash:
-    MD5: 86c7ec663ebc07b1e06b93fb4d4a7433
-    SHA1: db70eac0fca1908453e61d077cdf09ab68f369eb
-    SHA256: 77a2ee6677d7156b5f31b6ddcee14adf1e68d50a2a7f7ca62a0c484ae0a77c12
-  Sections:
-    .text:
-      Entropy: 6.38790652185374
-      Virtual Size: '0x1dce'
-    .rdata:
-      Entropy: 7.995607100533982
-      Virtual Size: '0x4150'
-    .data:
-      Entropy: 2.792481250360578
-      Virtual Size: '0xc'
-    PAGE:
-      Entropy: 6.256600826224753
-      Virtual Size: '0x762'
-    INIT:
-      Entropy: 5.32929280121916
-      Virtual Size: '0x294'
-    .rsrc:
-      Entropy: 3.309375270365866
-      Virtual Size: '0x388'
-    .reloc:
-      Entropy: 6.061802260394644
-      Virtual Size: '0x326'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2008-08-18 09:59:59'
-  InternalName: nvoclock.sys
-  Copyright: "Copyright \xA9NVIDIA Corp. 2003-2004"
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - DbgPrint
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - _except_handler3
-  - MmGetPhysicalAddress
-  - IoFreeMdl
-  - MmUnmapLockedPages
-  - MmMapLockedPages
-  - MmBuildMdlForNonPagedPool
-  - IoAllocateMdl
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - _aullshr
-  Signatures: {}
-  LoadsDespiteHVCI: 'FALSE'
-- Company: NVidia Corp.
-  Date: ''
-  Description: NVidia System Utility Driver
-  FileVersion: 1, 08, 05, 00
-  Filename: ''
-  MD5: d1e57c74bafa56e8e2641290d153f4d2
-  MachineType: AMD64
-  OriginalFilename: NVoclock.RC
-  Product: NVidia System Utility Driver
-  ProductVersion: 1, 0, 0, 1
-  Publisher: ''
-  SHA1: 007b2c7d72a5a89b424095dbb7f67ff2aeddb277
-  SHA256: 2203bd4731a8fdc2a1c60e975fd79fd5985369e98a117df7ee43c528d3c85958
-  Signature: ''
-  Imphash: 0e0722c16a5ded199f64b26fccd2115a
-  Authentihash:
-    MD5: 9a7949af4e2db6971025a87e89af1de8
-    SHA1: 0380ce3467b97aa19ca6ab3177651b22a77d9c0e
-    SHA256: 717242ad6a3afb6f236890caa44501a4be8d0ab019f028ba2c74d3455f065804
-  RichPEHeaderHash:
-    MD5: f8e40b6dc3fa7ca958fa2c7d5aa3f361
-    SHA1: 70129cb6ab0553c8a009af17761aa6ab4c12c28d
-    SHA256: 796ad84a90b9a7422b40a3f37e01c0de5ffc889c8a7d2c7fff8e2c24d546bdae
-  Sections:
-    .text:
-      Entropy: 3.9375676199788994
-      Virtual Size: '0xda'
-    .rdata:
-      Entropy: 4.418178445107852
-      Virtual Size: '0xe0'
-    .pdata:
-      Entropy: 2.6324373408045867
-      Virtual Size: '0x30'
-    PAGE:
-      Entropy: 5.676940585130393
-      Virtual Size: '0x618'
-    INIT:
-      Entropy: 5.138884460253172
-      Virtual Size: '0x1b0'
-    .rsrc:
-      Entropy: 3.2822975196509665
-      Virtual Size: '0x378'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2004-03-17 09:34:32'
-  InternalName: nvoclock.sys
-  Copyright: "Copyright \xA9 2003"
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  Signatures: {}
-  LoadsDespiteHVCI: 'FALSE'
-- Company: NVidia Corp.
-  Date: ''
-  Description: NVidia System Utility Driver
-  FileVersion: 5.00.06
-  Filename: ''
-  MD5: efb4ed2040b9b3d408aab8dc15df5a06
-  MachineType: I386
-  OriginalFilename: nvoclock.sys
-  Product: NVidia System Utility Driver
-  ProductVersion: 5.00.06
-  Publisher: ''
-  SHA1: e0d83953a9efef81ba0fa9de1e3446b6f0a23cc6
-  SHA256: 29f449fca0a41deccef5b0dccd22af18259222f69ed6389beafe8d5168c59e36
-  Signature: ''
-  Imphash: 481d7bb63a8e5eaba756137e6ef22e54
-  Authentihash:
-    MD5: 70462e037d6ef7b7b86ee09dd6974129
-    SHA1: e7f478393a69ec3fe0a026584ddc26fd336dc4f0
-    SHA256: 73664268a737d071f2c3c67503002db08432953f14771317835b6f080d3daeff
-  RichPEHeaderHash:
-    MD5: 9545edcd2511d775b2a7cb9da1bd633a
-    SHA1: 1fb6c2234e5d3faf288eb0f0ca4bdaf3d2476286
-    SHA256: 0cea0c94a25010dfb6c9411ca7be3f9be61a0d59b53452313cf38595e787acd8
-  Sections:
-    .text:
-      Entropy: 6.136101271114652
-      Virtual Size: '0x764'
-    .rdata:
-      Entropy: 4.8825530153812595
-      Virtual Size: '0xe7'
-    .data:
-      Entropy: 2.792481250360578
-      Virtual Size: '0xc'
-    PAGE:
-      Entropy: 6.234123465637388
-      Virtual Size: '0x67d'
-    INIT:
-      Entropy: 5.39459521528998
-      Virtual Size: '0x284'
-    .rsrc:
-      Entropy: 3.2888581674728403
-      Virtual Size: '0x388'
-    .reloc:
-      Entropy: 4.8663460630712105
-      Virtual Size: '0xda'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2006-06-06 09:55:50'
-  InternalName: nvoclock.sys
-  Copyright: "Copyright \xA9NVIDIA Corp. 2003-2004"
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - DbgPrint
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - MmGetPhysicalAddress
-  - IoFreeMdl
-  - MmUnmapLockedPages
-  - MmMapLockedPages
-  - MmBuildMdlForNonPagedPool
-  - IoAllocateMdl
-  - _except_handler3
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  Signatures: {}
-  LoadsDespiteHVCI: 'FALSE'
-- Company: NVidia Corp.
-  Date: ''
-  Description: NVidia System Utility Driver
-  FileVersion: 5.05.18
-  Filename: ''
-  MD5: 1033f0849180aac4b101a914bc8c53b4
-  MachineType: I386
-  OriginalFilename: nvoclock.sys
-  Product: NVidia System Utility Driver
-  ProductVersion: 5.05.18
-  Publisher: ''
-  SHA1: 7673cebd15488cbbb4ca65209f92faab3f933205
-  SHA256: 3cb111fdedc32f2f253aacde4372b710035c8652eb3586553652477a521c9284
-  Signature: ''
-  Imphash: 481d7bb63a8e5eaba756137e6ef22e54
-  Authentihash:
-    MD5: 8b9ce48f2dfa21fcffbc4a0b73c140b0
-    SHA1: 1e4fdfe6750a04756332cc5a5896cd5763c923c7
-    SHA256: 1848cb34d16559e3c8232c369d89fc12b5720b58300d8c4c21dade6e3ea8d585
-  RichPEHeaderHash:
-    MD5: 9545edcd2511d775b2a7cb9da1bd633a
-    SHA1: 1fb6c2234e5d3faf288eb0f0ca4bdaf3d2476286
-    SHA256: 0cea0c94a25010dfb6c9411ca7be3f9be61a0d59b53452313cf38595e787acd8
-  Sections:
-    .text:
-      Entropy: 6.143367500095279
-      Virtual Size: '0x768'
-    .rdata:
-      Entropy: 4.844701484035357
-      Virtual Size: '0xe7'
-    .data:
-      Entropy: 2.792481250360578
-      Virtual Size: '0xc'
-    PAGE:
-      Entropy: 6.263001835504504
-      Virtual Size: '0x6ad'
-    INIT:
-      Entropy: 5.36387805487485
-      Virtual Size: '0x284'
-    .rsrc:
-      Entropy: 3.301004682949993
-      Virtual Size: '0x388'
-    .reloc:
-      Entropy: 4.8793366894268075
-      Virtual Size: '0xda'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2006-10-31 08:29:04'
-  InternalName: nvoclock.sys
-  Copyright: "Copyright \xA9NVIDIA Corp. 2003-2004"
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - DbgPrint
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - MmGetPhysicalAddress
-  - IoFreeMdl
-  - MmUnmapLockedPages
-  - MmMapLockedPages
-  - MmBuildMdlForNonPagedPool
-  - IoAllocateMdl
-  - _except_handler3
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  Signatures: {}
-  LoadsDespiteHVCI: 'FALSE'
-- Company: NVidia Corp.
-  Date: ''
-  Description: NVidia System Utility Driver
-  FileVersion: 5.05.25
-  Filename: ''
-  MD5: 2e492f14a1087374368562d01cd609aa
-  MachineType: AMD64
-  OriginalFilename: nvoclock.sys
-  Product: NVidia System Utility Driver
-  ProductVersion: 5.05.25
-  Publisher: ''
-  SHA1: aaaf565fa30834aba3f29a97fc58d15e372500b5
-  SHA256: 3d008e636e74c846fe7c00f90089ff725561cb3d49ce3253f2bbfbc939bbfcb2
-  Signature: ''
-  Imphash: 236bc37dff7a92a4d25d807cf038e674
-  Authentihash:
-    MD5: 6f3a296b03ad9c8758283164aa74ca44
-    SHA1: 5227bbd693ab5deace785e29e56803958b8eca61
-    SHA256: 647f209aac750ba26bda9836afa5ef1370e4a62b5c331606086b1c4c92e10841
-  RichPEHeaderHash:
-    MD5: 829df4ebafca2152230c9948a0e26c18
-    SHA1: cf3cecd990d504bd4b994f4b5ddac08638581f75
-    SHA256: 18c6c808021e90d58cc68255499963238911cac0733ae68bcf9ca301847771aa
-  Sections:
-    .text:
-      Entropy: 5.990034531404092
-      Virtual Size: '0xa76'
-    .rdata:
-      Entropy: 4.78785592948094
-      Virtual Size: '0x238'
-    .data:
-      Entropy: 1.945035565875688
-      Virtual Size: '0x18'
-    .pdata:
-      Entropy: 3.3709483417248802
-      Virtual Size: '0xb4'
-    PAGE:
-      Entropy: 5.890391985002299
-      Virtual Size: '0x958'
-    INIT:
-      Entropy: 5.223967543740313
-      Virtual Size: '0x2c0'
-    .rsrc:
-      Entropy: 3.2859034833322904
-      Virtual Size: '0x388'
-    .reloc:
-      Entropy: 1.0689156580850052
-      Virtual Size: '0x24'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2007-01-22 18:23:23'
-  InternalName: nvoclock.sys
-  Copyright: "Copyright \xA9NVIDIA Corp. 2003-2004"
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - DbgPrint
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - __C_specific_handler
-  - MmGetPhysicalAddress
-  - IoFreeMdl
-  - MmUnmapLockedPages
-  - MmMapLockedPages
-  - MmBuildMdlForNonPagedPool
-  - IoAllocateMdl
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2008-12-03 23:59:59'
-      Signature: 877870da4e5201205be079c98230c4fdb91996bd9100c3bdcdcdc6f40ed8fff94dc033623011c5f5741bd492de5f9c2013b17c45be50cd83e7801783a72793671346fbcab8984103cc9b515b058b7fa86ff31b501b242ef2698d6c22f7bbca1695ed0c74c06877d9eb996287c17390f889747a23aba3987b97b1f78f29714d2e751b4841daf0b50d2054d677a097826369fd09cf8af075bb099bd9f91155269a6132be7a02b07b86bea2c38b222c78d13576bc92735cf9b9e64c150a23cce4d2d4342e4940153c0f607a24c6a566ef96cf70eb3ee7f40d7edcd17ca3767169c19c4f47303521b1a2af1a623c2bd98eaa2a077bd818b35c7be29da56ffe3c89ad
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0de92bf0d4d82988183205095e9a7688
-      Version: 3
-      TBS:
-        MD5: 45c204b8a20f6abb0188d2d38a3fb0c9
-        SHA1: cdf3a3c5c2eda4c29621f30fd3154f9f8c765739
-        SHA256: e32839dddc0f4ed2474efaf37f59d46db400c700fd19533cb0895a111124bc77
-        SHA384: ee9c75832cb252218b3201619852209df490d2ef7a5f7a28afdb37f1c1dd56f4604898838e558f615b1c798d4a488223
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=US, ST=California, L=Santa Clara, O=NVIDIA Corporation, OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=Software, CN=NVIDIA Corporation
-      ValidFrom: '2006-08-23 00:00:00'
-      ValidTo: '2007-09-01 23:59:59'
-      Signature: 399a310998f362743f6ff94b90f6bced52a5a0d4aff594e35097126a2e2538ba7f99ecf1de673b917301104b2b29f2faf93209b24a1c6a721d253001f774302e702be0b7661fa28abfe20cba38097ecdeb25b95243ec97d8465def0a62afc56c9ed0dab8f557a4f2bac474ef843ccd00668e77223cd030e03fb0964625e438313a624ff04941317a8f5e8384d27490cfff5ab9193342dec200fb86e4675f8bb88246e4c04875282aa858d638c43fc90c11e71da3bb5cf1252b93ac90d34f78bdf30a223d9320da406a6d7abe968ecba2589226aa5f4187c7b0e080ba4b0130fa0e38b93e6a7080c209f8c6cad3597380e5060d421cb82722467a59c02c889e39
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 5a4e47e9647b984c10e1d6a42bb07abe
-      Version: 3
-      TBS:
-        MD5: c52873115c87f9dcae09a44ca0131a28
-        SHA1: 4886227ca80507903cdda1d879010f25c5711881
-        SHA256: 94299c8728a24659771c72a6b2849c3095ed9d8befe924999b6d76f224145092
-        SHA384: 7a85a0db56dc2a62bb0bd3996572face21254961b4193492c6a5419bb1986a4192b20d21a6f2e65b7dd9b8ed633df2f4
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 5a4e47e9647b984c10e1d6a42bb07abe
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: NVidia Corp.
-  Date: ''
-  Description: NVidia System Utility Driver
-  FileVersion: 2.05.09
-  Filename: ''
-  MD5: 0291ced808eafe406d3d9b56d2fc0c26
-  MachineType: I386
-  OriginalFilename: nvoclock.sys
-  Product: NVidia System Utility Driver
-  ProductVersion: 2.05.09
-  Publisher: ''
-  SHA1: 1da0c712ff42bd9112ac6afadb7c4d3ae2f20fb7
-  SHA256: 4d777a9e2c61e8b55b3c34c5265b301454bb080abe7ffb373e7800bd6a498f8d
-  Signature: ''
-  Imphash: c590cbf2d6cbf206a2e47e8ed91dd944
-  Authentihash:
-    MD5: 96af0b5d7e04dc1beb2cac418027e9ff
-    SHA1: fb6958d7d53e63edeb4cceebab4d12ca70202109
-    SHA256: f72dbb2a818ba47ca03ffbe50d211050210699c25caec3b97ca960d7286d4b6a
-  RichPEHeaderHash:
-    MD5: 09ffc04ae64f72585fc378ccdf8754d7
-    SHA1: 19bd1625e045084fcb0b057103b4d0df24c2effe
-    SHA256: a1286359154b9d830af75050d64bafb353f561698c433a10236ff6ee776c3f35
-  Sections:
-    .text:
-      Entropy: 6.11027735498843
-      Virtual Size: '0x708'
-    .rdata:
-      Entropy: 4.650596821858627
-      Virtual Size: '0xab'
-    .data:
-      Entropy: 2.792481250360578
-      Virtual Size: '0xc'
-    PAGE:
-      Entropy: 6.0797559351914945
-      Virtual Size: '0x605'
-    INIT:
-      Entropy: 5.382561636132916
-      Virtual Size: '0x25c'
-    .rsrc:
-      Entropy: 3.3009337428982137
-      Virtual Size: '0x388'
-    .reloc:
-      Entropy: 4.539628081221655
-      Virtual Size: '0xc6'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2005-03-18 13:53:01'
-  InternalName: nvoclock.sys
-  Copyright: "Copyright \xA9NVIDIA Corp. 2003-2004"
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - MmGetPhysicalAddress
-  - IoFreeMdl
-  - MmUnmapLockedPages
-  - MmMapLockedPages
-  - MmBuildMdlForNonPagedPool
-  - IoAllocateMdl
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  Signatures: {}
-  LoadsDespiteHVCI: 'FALSE'
-- Company: NVIDIA Corp.
-  Date: ''
-  Description: NVIDIA System Utility Driver
-  FileVersion: 6.05.06
-  Filename: ''
-  MD5: 8c1d181480796d7d3366a9381fd7782d
-  MachineType: AMD64
-  OriginalFilename: nvoclock.sys
-  Product: NVIDIA System Utility Driver
-  ProductVersion: 6.05.06
-  Publisher: ''
-  SHA1: 7503a1ed7f6fbd068f8c900dd5ddb291417e3464
-  SHA256: 642857fc8d737e92db8771e46e8638a37d9743928c959ed056c15427c6197a54
-  Signature: ''
-  Imphash: 7453e39bd87c63550451ba2fa354dd8e
-  Authentihash:
-    MD5: 3c1fead72a47e97d7253bc861f815371
-    SHA1: e0477eead7848c6d4f5437fb04802bd04c9bd0fd
-    SHA256: 0ffa2791abaa004489427b2c187b64db87b49aaa0ffb2e576f0c982dbe62c62a
-  RichPEHeaderHash:
-    MD5: a4df41f43bdbd389d42ae6edd60d2a40
-    SHA1: b114d14cfe78d9f5399d9284da4d0d924e8a4d2d
-    SHA256: a5d7787a655a67842d021fede9ecf5a2bbe628300430cb2a72f4bdf7ab30da35
-  Sections:
-    .text:
-      Entropy: 5.879397496834089
-      Virtual Size: '0x2174'
-    .rdata:
-      Entropy: 7.965713407657882
-      Virtual Size: '0x43a8'
-    .data:
-      Entropy: 1.945035565875688
-      Virtual Size: '0x18'
-    .pdata:
-      Entropy: 3.8455902378613773
-      Virtual Size: '0x150'
-    PAGE:
-      Entropy: 6.190406190945796
-      Virtual Size: '0x1139'
-    INIT:
-      Entropy: 5.025018574047011
-      Virtual Size: '0x3d0'
-    .rsrc:
-      Entropy: 3.32018449439062
-      Virtual Size: '0x388'
-    .reloc:
-      Entropy: 1.0689156580850052
-      Virtual Size: '0x24'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2009-09-15 15:59:25'
-  InternalName: nvoclock.sys
-  Copyright: "Copyright \xA9NVIDIA Corp. 2003-2004"
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoInitializeRemoveLockEx
-  - IoDeleteSymbolicLink
-  - IoAttachDeviceToDeviceStack
-  - IoDeleteDevice
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - RtlInitUnicodeString
-  - KeSetEvent
-  - IoReleaseRemoveLockEx
-  - IoDetachDevice
-  - IoReleaseRemoveLockAndWaitEx
-  - MmUnmapIoSpace
-  - KeWaitForSingleObject
-  - IofCallDriver
-  - KeInitializeEvent
-  - RtlCopyMemory
-  - IofCompleteRequest
-  - IoAcquireRemoveLockEx
-  - MmMapIoSpace
-  - PoCallDriver
-  - PoStartNextPowerIrp
-  - __C_specific_handler
-  - MmGetPhysicalAddress
-  - IoFreeMdl
-  - MmUnmapLockedPages
-  - MmMapLockedPages
-  - MmBuildMdlForNonPagedPool
-  - IoAllocateMdl
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=US, ST=California, L=Santa Clara, O=NVIDIA Corporation, OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=Software, CN=NVIDIA Corporation
-      ValidFrom: '2009-07-31 00:00:00'
-      ValidTo: '2011-09-01 23:59:59'
-      Signature: 637b2f21e7ca2d9c511e9d61685062a36b1fa997fd860d4ebad28445116b417cef4a1bd7dfeb3a0aa4de2e23eae4c7f3abf12e823e3f4aa43e11df3c5bc1822d42125ae4c85c5b1de854950abdf7c1c1dce54186c2294bee017fdacfb123b13d8b1fce69fd7f1f40a112a4b8ca5e17a54251afae7b60f5e5e75cc20cc86bb0578c8478d21c7293af4613094ceff5ead14b0933572693afa4157fbb2ab13cb7a8d44d99fff11be3c0813bbb421ee7a0ed6e6da8f0d0ba915af1db2c9bd63d1bf371ddad6002debf35d03c124253aa9f4b06e5e448a075ef4d084b8061724d7263d19c48b28d916c8a582b5841a161e18d48d6c9618b8100f4194ca648a2fc656b
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 534abed0be56d9840dd12ddb84f8b031
-      Version: 3
-      TBS:
-        MD5: 4914c1d2c944d48a9636059155440df8
-        SHA1: 0337264fca5a8d774786b5b275e03ab42edb11ae
-        SHA256: 8833131f04e02297c80b986ec7e7793e194fb144470dc36cc57a376487c2750b
-        SHA384: 8450d31af22887ac50415c01d88f7eb6081b7044ab8f35ac0b63e09828786258e73fed98f37c99df6d5472b6a34f6db3
-    Signer:
-    - SerialNumber: 534abed0be56d9840dd12ddb84f8b031
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: NVidia Corp.
-  Date: ''
-  Description: NVidia System Utility Driver
-  FileVersion: 1, 00, 00, 00
-  Filename: ''
-  MD5: de331f863627dc489f547725d7292bbd
-  MachineType: AMD64
-  OriginalFilename: NVoclock.RC
-  Product: NVidia System Utility Driver
-  ProductVersion: 1, 0, 0, 1
-  Publisher: ''
-  SHA1: 8c11430372889bae1f91e8d068e2b2ad56dfc6bf
-  SHA256: 64a8e00570c68574b091ebdd5734b87f544fa59b75a4377966c661d0475d69a5
-  Signature: ''
-  Imphash: 0e0722c16a5ded199f64b26fccd2115a
-  Authentihash:
-    MD5: 0ac44278542febfa8cb408f96afd98b7
-    SHA1: 2d63276eb232457770188f2df6fc67eb41faacd1
-    SHA256: abbf92203a31c93b8e719cdabff1c681921edbaf43cd34da79c86cb5a806757f
-  RichPEHeaderHash:
-    MD5: f8e40b6dc3fa7ca958fa2c7d5aa3f361
-    SHA1: 70129cb6ab0553c8a009af17761aa6ab4c12c28d
-    SHA256: 796ad84a90b9a7422b40a3f37e01c0de5ffc889c8a7d2c7fff8e2c24d546bdae
-  Sections:
-    .text:
-      Entropy: 3.9375676199788994
-      Virtual Size: '0xda'
-    .rdata:
-      Entropy: 4.3999729772980665
-      Virtual Size: '0xdc'
-    .pdata:
-      Entropy: 2.6324373408045867
-      Virtual Size: '0x30'
-    PAGE:
-      Entropy: 5.676940585130393
-      Virtual Size: '0x618'
-    INIT:
-      Entropy: 5.138884460253172
-      Virtual Size: '0x1b0'
-    .rsrc:
-      Entropy: 3.2704758500582933
-      Virtual Size: '0x378'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2003-10-23 11:59:29'
-  InternalName: nvoclock.sys
-  Copyright: "Copyright \xA9 2003"
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  Signatures: {}
-  LoadsDespiteHVCI: 'FALSE'
-- Company: NVidia Corp.
-  Date: ''
-  Description: NVidia System Utility Driver
-  FileVersion: 5.05.14
-  Filename: ''
-  MD5: 8cc5a4045a80a822cbc1e9eadff8e533
-  MachineType: I386
-  OriginalFilename: nvoclock.sys
-  Product: NVidia System Utility Driver
-  ProductVersion: 5.05.14
-  Publisher: ''
-  SHA1: b0aede5a66e13469c46acbc3b01ccf038acf222c
-  SHA256: 77da3e8c5d70978b287d433ae1e1236c895b530a8e1475a9a190cdcc06711d2f
-  Signature: ''
-  Imphash: 481d7bb63a8e5eaba756137e6ef22e54
-  Authentihash:
-    MD5: 9ebe5f6ad14b7db78ab94bedcd6ad55f
-    SHA1: fddcb8952f5f44ddae6201b08ddaa94537470669
-    SHA256: cec5964d7e32c52439d5eb660fa97827b619a7da9f3264f0c9fa4b69e3cb7cc1
-  RichPEHeaderHash:
-    MD5: 9545edcd2511d775b2a7cb9da1bd633a
-    SHA1: 1fb6c2234e5d3faf288eb0f0ca4bdaf3d2476286
-    SHA256: 0cea0c94a25010dfb6c9411ca7be3f9be61a0d59b53452313cf38595e787acd8
-  Sections:
-    .text:
-      Entropy: 6.143367500095279
-      Virtual Size: '0x768'
-    .rdata:
-      Entropy: 4.806801538138548
-      Virtual Size: '0xe7'
-    .data:
-      Entropy: 2.792481250360578
-      Virtual Size: '0xc'
-    PAGE:
-      Entropy: 6.263001835504504
-      Virtual Size: '0x6ad'
-    INIT:
-      Entropy: 5.36387805487485
-      Virtual Size: '0x284'
-    .rsrc:
-      Entropy: 3.2943212272199416
-      Virtual Size: '0x388'
-    .reloc:
-      Entropy: 4.8793366894268075
-      Virtual Size: '0xda'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2006-10-13 09:18:12'
-  InternalName: nvoclock.sys
-  Copyright: "Copyright \xA9NVIDIA Corp. 2003-2004"
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - DbgPrint
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - MmGetPhysicalAddress
-  - IoFreeMdl
-  - MmUnmapLockedPages
-  - MmMapLockedPages
-  - MmBuildMdlForNonPagedPool
-  - IoAllocateMdl
-  - _except_handler3
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  Signatures: {}
-  LoadsDespiteHVCI: 'FALSE'
-- Company: NVidia Corp.
-  Date: ''
-  Description: NVidia System Utility Driver
-  FileVersion: 5.05.14
-  Filename: ''
-  MD5: eda6e97b453388bb51ce84b8a11d9d13
-  MachineType: AMD64
-  OriginalFilename: nvoclock.sys
-  Product: NVidia System Utility Driver
-  ProductVersion: 5.05.14
-  Publisher: ''
-  SHA1: b3f5185d7824ea2c2d931c292f4d8f77903a4d2a
-  SHA256: 837d3b67d3e66ef1674c9f1a47046e1617ed13f73ee08441d95a6de3d73ee9f2
-  Signature: ''
-  Imphash: 236bc37dff7a92a4d25d807cf038e674
-  Authentihash:
-    MD5: 5e14fb93c03d2802155852d87eff5957
-    SHA1: dd43c641a714705142f01324cd31931f819a722e
-    SHA256: f3fc8f8dddbd471fa2d5deb292552876b3c737b09149307f901e38b53cd62648
-  RichPEHeaderHash:
-    MD5: 829df4ebafca2152230c9948a0e26c18
-    SHA1: cf3cecd990d504bd4b994f4b5ddac08638581f75
-    SHA256: 18c6c808021e90d58cc68255499963238911cac0733ae68bcf9ca301847771aa
-  Sections:
-    .text:
-      Entropy: 5.990034531404092
-      Virtual Size: '0xa76'
-    .rdata:
-      Entropy: 4.750468478050534
-      Virtual Size: '0x230'
-    .data:
-      Entropy: 1.945035565875688
-      Virtual Size: '0x18'
-    .pdata:
-      Entropy: 3.3381698165588243
-      Virtual Size: '0xb4'
-    PAGE:
-      Entropy: 5.890391985002299
-      Virtual Size: '0x958'
-    INIT:
-      Entropy: 5.223967543740313
-      Virtual Size: '0x2c0'
-    .rsrc:
-      Entropy: 3.289739690217645
-      Virtual Size: '0x388'
-    .reloc:
-      Entropy: 1.0689156580850052
-      Virtual Size: '0x24'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2006-10-13 09:18:17'
-  InternalName: nvoclock.sys
-  Copyright: "Copyright \xA9NVIDIA Corp. 2003-2004"
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - DbgPrint
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - __C_specific_handler
-  - MmGetPhysicalAddress
-  - IoFreeMdl
-  - MmUnmapLockedPages
-  - MmMapLockedPages
-  - MmBuildMdlForNonPagedPool
-  - IoAllocateMdl
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2008-12-03 23:59:59'
-      Signature: 877870da4e5201205be079c98230c4fdb91996bd9100c3bdcdcdc6f40ed8fff94dc033623011c5f5741bd492de5f9c2013b17c45be50cd83e7801783a72793671346fbcab8984103cc9b515b058b7fa86ff31b501b242ef2698d6c22f7bbca1695ed0c74c06877d9eb996287c17390f889747a23aba3987b97b1f78f29714d2e751b4841daf0b50d2054d677a097826369fd09cf8af075bb099bd9f91155269a6132be7a02b07b86bea2c38b222c78d13576bc92735cf9b9e64c150a23cce4d2d4342e4940153c0f607a24c6a566ef96cf70eb3ee7f40d7edcd17ca3767169c19c4f47303521b1a2af1a623c2bd98eaa2a077bd818b35c7be29da56ffe3c89ad
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0de92bf0d4d82988183205095e9a7688
-      Version: 3
-      TBS:
-        MD5: 45c204b8a20f6abb0188d2d38a3fb0c9
-        SHA1: cdf3a3c5c2eda4c29621f30fd3154f9f8c765739
-        SHA256: e32839dddc0f4ed2474efaf37f59d46db400c700fd19533cb0895a111124bc77
-        SHA384: ee9c75832cb252218b3201619852209df490d2ef7a5f7a28afdb37f1c1dd56f4604898838e558f615b1c798d4a488223
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=US, ST=California, L=Santa Clara, O=NVIDIA Corporation, OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=Software, CN=NVIDIA Corporation
-      ValidFrom: '2006-08-23 00:00:00'
-      ValidTo: '2007-09-01 23:59:59'
-      Signature: 399a310998f362743f6ff94b90f6bced52a5a0d4aff594e35097126a2e2538ba7f99ecf1de673b917301104b2b29f2faf93209b24a1c6a721d253001f774302e702be0b7661fa28abfe20cba38097ecdeb25b95243ec97d8465def0a62afc56c9ed0dab8f557a4f2bac474ef843ccd00668e77223cd030e03fb0964625e438313a624ff04941317a8f5e8384d27490cfff5ab9193342dec200fb86e4675f8bb88246e4c04875282aa858d638c43fc90c11e71da3bb5cf1252b93ac90d34f78bdf30a223d9320da406a6d7abe968ecba2589226aa5f4187c7b0e080ba4b0130fa0e38b93e6a7080c209f8c6cad3597380e5060d421cb82722467a59c02c889e39
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 5a4e47e9647b984c10e1d6a42bb07abe
-      Version: 3
-      TBS:
-        MD5: c52873115c87f9dcae09a44ca0131a28
-        SHA1: 4886227ca80507903cdda1d879010f25c5711881
-        SHA256: 94299c8728a24659771c72a6b2849c3095ed9d8befe924999b6d76f224145092
-        SHA384: 7a85a0db56dc2a62bb0bd3996572face21254961b4193492c6a5419bb1986a4192b20d21a6f2e65b7dd9b8ed633df2f4
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 5a4e47e9647b984c10e1d6a42bb07abe
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: NVIDIA Corp.
-  Date: ''
-  Description: NVIDIA System Utility Driver
-  FileVersion: 6.05.00
-  Filename: ''
-  MD5: 34e55ccceec34a8567c8b95d662ba886
-  MachineType: AMD64
-  OriginalFilename: nvoclock.sys
-  Product: NVIDIA System Utility Driver
-  ProductVersion: 6.05.00
-  Publisher: ''
-  SHA1: 2365a66c1eddfcf8385d9ff38ba8bd5f6f2e4fc2
-  SHA256: 848b150ffcf1301b26634a41f28deacb5ccdd3117d79b590d515ed49849b8891
-  Signature: ''
-  Imphash: 236bc37dff7a92a4d25d807cf038e674
-  Authentihash:
-    MD5: 17b5e7af1f9c888b67219147718ecbe2
-    SHA1: 9d6e6ca45e0b610b60feffe65715f0fa567b97a3
-    SHA256: 35ad05063e2b44b2e606464f12405b954ac8bc8417fa9732ba13365dbe26f90b
-  RichPEHeaderHash:
-    MD5: 4fe3a9ddd65c626fe7cb6e204f2c386e
-    SHA1: f3663ed015a24a057b28759c4738835f26b47169
-    SHA256: ebfeaab6945950f842f9b68c4499fc97bd5ad4ba34187f9df91fb8b62d1dabca
-  Sections:
-    .text:
-      Entropy: 5.8505031799203
-      Virtual Size: '0x210a'
-    .rdata:
-      Entropy: 7.976868823553878
-      Virtual Size: '0x4330'
-    .data:
-      Entropy: 1.945035565875688
-      Virtual Size: '0x18'
-    .pdata:
-      Entropy: 3.7768337704964527
-      Virtual Size: '0x12c'
-    PAGE:
-      Entropy: 6.09421520444042
-      Virtual Size: '0xc18'
-    INIT:
-      Entropy: 5.257812459468335
-      Virtual Size: '0x2c0'
-    .rsrc:
-      Entropy: 3.294498562191133
-      Virtual Size: '0x388'
-    .reloc:
-      Entropy: 1.0689156580850052
-      Virtual Size: '0x24'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2009-01-07 17:10:51'
-  InternalName: nvoclock.sys
-  Copyright: "Copyright \xA9NVIDIA Corp. 2003-2004"
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - DbgPrint
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - __C_specific_handler
-  - MmGetPhysicalAddress
-  - IoFreeMdl
-  - MmUnmapLockedPages
-  - MmMapLockedPages
-  - MmBuildMdlForNonPagedPool
-  - IoAllocateMdl
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=US, ST=California, L=Santa Clara, O=NVIDIA Corporation, OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=Software, CN=NVIDIA Corporation
-      ValidFrom: '2007-08-07 00:00:00'
-      ValidTo: '2009-09-01 23:59:59'
-      Signature: 657ca22c6aee2d80e07d1d99f3b398873df0f8f68d6436cf98cc75c08d85d9c25a08c551117d7e953a865cff6a21049bdf07b1ea64d97fde9f03846a76f5a6157bb402c623b2e06f6765477f8ed4ef18c2f1f5a2670291479ad7b0adf93651e6dbba1229aff21c64a3b08eb8925b34e4e5e8b81b32a8922881158730d5279effc64687f44c278bae83ef2b920f48f857e02691fc88e2b31a342e6de912c57245571b74791fe6fb7c013511ee13690cf2bbc627ff4f8798bae0c2d0366089f2633c5472d7d159e9734afa1481fe861c29a10da1aa65cbcbf91ead8b03411584d16b66731e1043f3da0a516ed6f0142d9df8975c5b646a826cf0a88ba59ad0d512
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3af820a6907699580410055228ecaddf
-      Version: 3
-      TBS:
-        MD5: 175416493bada497157d28d65f476b32
-        SHA1: 80854f578e2a3b5552ea839ba4f98ddfe94b2381
-        SHA256: 9f176c9eea37039bc9ac9c92f64af7e3718e9cab05291cca2408dbef2bfb7a50
-        SHA384: c178b9d04327f47938b970e8645084e9ef15aec5f42a31067d0d9fb74cce2f092b73d4564be9bcbddd13715b063ab942
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 3af820a6907699580410055228ecaddf
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: NVidia Corp.
-  Date: ''
-  Description: NVidia System Utility Driver
-  FileVersion: 5.05.47
-  Filename: ''
-  MD5: 9dd414590e695ea208139c23db8a5aa3
-  MachineType: I386
-  OriginalFilename: nvoclock.sys
-  Product: NVidia System Utility Driver
-  ProductVersion: 5.05.47
-  Publisher: ''
-  SHA1: 2fa92d3739735bc9ac4dc38f42d909d97cc5c2a8
-  SHA256: 87b4c5b7f653b47c9c3bed833f4d65648db22481e9fc54aa4a8c6549fa31712b
-  Signature: ''
-  Imphash: 481d7bb63a8e5eaba756137e6ef22e54
-  Authentihash:
-    MD5: 10eb0609a990adc1d0d2c9a09e4ea31b
-    SHA1: 8546586f7825c49876f2e0c52ba55f545b4e03bd
-    SHA256: 7c8d7bb3a272afe7fb737bd165fe9bd8f8187f1835289eb66d471cdced74e950
-  RichPEHeaderHash:
-    MD5: 9545edcd2511d775b2a7cb9da1bd633a
-    SHA1: 1fb6c2234e5d3faf288eb0f0ca4bdaf3d2476286
-    SHA256: 0cea0c94a25010dfb6c9411ca7be3f9be61a0d59b53452313cf38595e787acd8
-  Sections:
-    .text:
-      Entropy: 6.143367500095279
-      Virtual Size: '0x768'
-    .rdata:
-      Entropy: 4.872296604793326
-      Virtual Size: '0xf0'
-    .data:
-      Entropy: 2.792481250360578
-      Virtual Size: '0xc'
-    PAGE:
-      Entropy: 6.263001835504504
-      Virtual Size: '0x6ad'
-    INIT:
-      Entropy: 5.36387805487485
-      Virtual Size: '0x284'
-    .rsrc:
-      Entropy: 3.2943212272199416
-      Virtual Size: '0x388'
-    .reloc:
-      Entropy: 4.8793366894268075
-      Virtual Size: '0xda'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2007-07-03 13:33:02'
-  InternalName: nvoclock.sys
-  Copyright: "Copyright \xA9NVIDIA Corp. 2003-2004"
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - DbgPrint
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - MmGetPhysicalAddress
-  - IoFreeMdl
-  - MmUnmapLockedPages
-  - MmMapLockedPages
-  - MmBuildMdlForNonPagedPool
-  - IoAllocateMdl
-  - _except_handler3
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  Signatures: {}
-  LoadsDespiteHVCI: 'FALSE'
-- Company: NVIDIA Corp.
-  Date: ''
-  Description: NVIDIA System Utility Driver
-  FileVersion: 6.03.06
-  Filename: ''
-  MD5: d396332f9d7b71c10b3b83da030690f0
-  MachineType: I386
-  OriginalFilename: nvoclock.sys
-  Product: NVIDIA System Utility Driver
-  ProductVersion: 6.03.06
-  Publisher: ''
-  SHA1: df177a0c8c1113449f008f8e833105344b419834
-  SHA256: 909f6c4b8f779df01ef91e549679aa4600223ac75bc7f3a3a79a37cee2326e77
-  Signature: ''
-  Imphash: 1b0788bb68804273159b8ace9cba7ea3
-  Authentihash:
-    MD5: 516711a6410e6bef7b533babf31a6193
-    SHA1: 417ae5f63bd26857db2b374e6ef1f60b66910db7
-    SHA256: fb79b99db91dc965263bd2c10ec0f58c6b8f282e0273f40c4249831b74ffec3a
-  RichPEHeaderHash:
-    MD5: 86c7ec663ebc07b1e06b93fb4d4a7433
-    SHA1: db70eac0fca1908453e61d077cdf09ab68f369eb
-    SHA256: 77a2ee6677d7156b5f31b6ddcee14adf1e68d50a2a7f7ca62a0c484ae0a77c12
-  Sections:
-    .text:
-      Entropy: 6.38790652185374
-      Virtual Size: '0x1dce'
-    .rdata:
-      Entropy: 7.995625315883109
-      Virtual Size: '0x4150'
-    .data:
-      Entropy: 2.792481250360578
-      Virtual Size: '0xc'
-    PAGE:
-      Entropy: 6.256600826224753
-      Virtual Size: '0x762'
-    INIT:
-      Entropy: 5.32929280121916
-      Virtual Size: '0x294'
-    .rsrc:
-      Entropy: 3.294274585528657
-      Virtual Size: '0x388'
-    .reloc:
-      Entropy: 6.061802260394644
-      Virtual Size: '0x326'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2008-09-29 14:17:05'
-  InternalName: nvoclock.sys
-  Copyright: "Copyright \xA9NVIDIA Corp. 2003-2004"
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - DbgPrint
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - _except_handler3
-  - MmGetPhysicalAddress
-  - IoFreeMdl
-  - MmUnmapLockedPages
-  - MmMapLockedPages
-  - MmBuildMdlForNonPagedPool
-  - IoAllocateMdl
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - _aullshr
-  Signatures: {}
-  LoadsDespiteHVCI: 'FALSE'
-- Company: NVidia Corp.
-  Date: ''
-  Description: NVidia System Utility Driver
-  FileVersion: 5.05.18
-  Filename: ''
-  MD5: b5192270857c1f17f7290acbaadf097d
-  MachineType: AMD64
-  OriginalFilename: nvoclock.sys
-  Product: NVidia System Utility Driver
-  ProductVersion: 5.05.18
-  Publisher: ''
-  SHA1: 45328110873640d8fed9fc72f7d2eadd3d17ceae
-  SHA256: 9bfd24947052bfe9f2979113a7941e40bd7e3a82eaa081a32ad4064159f07c91
-  Signature: ''
-  Imphash: 236bc37dff7a92a4d25d807cf038e674
-  Authentihash:
-    MD5: 47365241aae4ce7574b32e30250a08d5
-    SHA1: 610f7e1df10894ac22fc14486658bd152c1b537d
-    SHA256: 978a1e937dd4c03eb2f2a55a0ed8b14294c5c175584ebf85bd20b889bdc9378c
-  RichPEHeaderHash:
-    MD5: 829df4ebafca2152230c9948a0e26c18
-    SHA1: cf3cecd990d504bd4b994f4b5ddac08638581f75
-    SHA256: 18c6c808021e90d58cc68255499963238911cac0733ae68bcf9ca301847771aa
-  Sections:
-    .text:
-      Entropy: 5.990034531404092
-      Virtual Size: '0xa76'
-    .rdata:
-      Entropy: 4.768031340485568
-      Virtual Size: '0x230'
-    .data:
-      Entropy: 1.945035565875688
-      Virtual Size: '0x18'
-    .pdata:
-      Entropy: 3.3381698165588243
-      Virtual Size: '0xb4'
-    PAGE:
-      Entropy: 5.890391985002299
-      Virtual Size: '0x958'
-    INIT:
-      Entropy: 5.223967543740313
-      Virtual Size: '0x2c0'
-    .rsrc:
-      Entropy: 3.296423145947696
-      Virtual Size: '0x388'
-    .reloc:
-      Entropy: 1.0689156580850052
-      Virtual Size: '0x24'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2006-10-31 08:29:07'
-  InternalName: nvoclock.sys
-  Copyright: "Copyright \xA9NVIDIA Corp. 2003-2004"
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - DbgPrint
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - __C_specific_handler
-  - MmGetPhysicalAddress
-  - IoFreeMdl
-  - MmUnmapLockedPages
-  - MmMapLockedPages
-  - MmBuildMdlForNonPagedPool
-  - IoAllocateMdl
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2008-12-03 23:59:59'
-      Signature: 877870da4e5201205be079c98230c4fdb91996bd9100c3bdcdcdc6f40ed8fff94dc033623011c5f5741bd492de5f9c2013b17c45be50cd83e7801783a72793671346fbcab8984103cc9b515b058b7fa86ff31b501b242ef2698d6c22f7bbca1695ed0c74c06877d9eb996287c17390f889747a23aba3987b97b1f78f29714d2e751b4841daf0b50d2054d677a097826369fd09cf8af075bb099bd9f91155269a6132be7a02b07b86bea2c38b222c78d13576bc92735cf9b9e64c150a23cce4d2d4342e4940153c0f607a24c6a566ef96cf70eb3ee7f40d7edcd17ca3767169c19c4f47303521b1a2af1a623c2bd98eaa2a077bd818b35c7be29da56ffe3c89ad
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0de92bf0d4d82988183205095e9a7688
-      Version: 3
-      TBS:
-        MD5: 45c204b8a20f6abb0188d2d38a3fb0c9
-        SHA1: cdf3a3c5c2eda4c29621f30fd3154f9f8c765739
-        SHA256: e32839dddc0f4ed2474efaf37f59d46db400c700fd19533cb0895a111124bc77
-        SHA384: ee9c75832cb252218b3201619852209df490d2ef7a5f7a28afdb37f1c1dd56f4604898838e558f615b1c798d4a488223
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=US, ST=California, L=Santa Clara, O=NVIDIA Corporation, OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=Software, CN=NVIDIA Corporation
-      ValidFrom: '2006-08-23 00:00:00'
-      ValidTo: '2007-09-01 23:59:59'
-      Signature: 399a310998f362743f6ff94b90f6bced52a5a0d4aff594e35097126a2e2538ba7f99ecf1de673b917301104b2b29f2faf93209b24a1c6a721d253001f774302e702be0b7661fa28abfe20cba38097ecdeb25b95243ec97d8465def0a62afc56c9ed0dab8f557a4f2bac474ef843ccd00668e77223cd030e03fb0964625e438313a624ff04941317a8f5e8384d27490cfff5ab9193342dec200fb86e4675f8bb88246e4c04875282aa858d638c43fc90c11e71da3bb5cf1252b93ac90d34f78bdf30a223d9320da406a6d7abe968ecba2589226aa5f4187c7b0e080ba4b0130fa0e38b93e6a7080c209f8c6cad3597380e5060d421cb82722467a59c02c889e39
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 5a4e47e9647b984c10e1d6a42bb07abe
-      Version: 3
-      TBS:
-        MD5: c52873115c87f9dcae09a44ca0131a28
-        SHA1: 4886227ca80507903cdda1d879010f25c5711881
-        SHA256: 94299c8728a24659771c72a6b2849c3095ed9d8befe924999b6d76f224145092
-        SHA384: 7a85a0db56dc2a62bb0bd3996572face21254961b4193492c6a5419bb1986a4192b20d21a6f2e65b7dd9b8ed633df2f4
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 5a4e47e9647b984c10e1d6a42bb07abe
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: NVidia Corp.
-  Date: ''
-  Description: NVidia System Utility Driver
-  FileVersion: 2.00.20
-  Filename: ''
-  MD5: e84605c8e290de6b92ce81d2f6a175d2
-  MachineType: I386
-  OriginalFilename: nvoclock.sys
-  Product: NVidia System Utility Driver
-  ProductVersion: 2.00.20
-  Publisher: ''
-  SHA1: 0a89a6f6f40213356487bfcfb0b129e4f6375180
-  SHA256: a47555d04b375f844073fdcc71e5ccaa1bbb201e24dcdebe2399e055e15c849f
-  Signature: ''
-  Imphash: 0555907292d07d9f78205416eb1924d3
-  Authentihash:
-    MD5: 249edfd8542e921535738c447fe1d954
-    SHA1: ce931d8ffec4869a0863924c1b84d5bcc86f27d7
-    SHA256: 8b6251a1883c5ed03ecdead8322e7d8105d075fef160abfe763d5873484b2a27
-  RichPEHeaderHash:
-    MD5: 41c516c9b6b6d929c0376632ca7e9e2e
-    SHA1: cd030ea48cd91bee4af04e37e4062038f3be7978
-    SHA256: 30757d814d07663358c7d4ac758d2ce739d660ab2e01c8a0961b1042bcd91fdb
-  Sections:
-    .text:
-      Entropy: 5.98198943867537
-      Virtual Size: '0x67e'
-    .rdata:
-      Entropy: 4.5971420673862
-      Virtual Size: '0xab'
-    .data:
-      Entropy: 2.792481250360578
-      Virtual Size: '0xc'
-    PAGE:
-      Entropy: 6.188062821654975
-      Virtual Size: '0x5c1'
-    INIT:
-      Entropy: 5.360009213877697
-      Virtual Size: '0x240'
-    .rsrc:
-      Entropy: 3.2783385048574343
-      Virtual Size: '0x388'
-    .reloc:
-      Entropy: 4.631989197719118
-      Virtual Size: '0xbe'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2004-11-18 08:35:43'
-  InternalName: nvoclock.sys
-  Copyright: "Copyright \xA9NVIDIA Corp. 2003-2004"
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - IoFreeMdl
-  - MmUnmapLockedPages
-  - MmMapLockedPages
-  - MmBuildMdlForNonPagedPool
-  - IoAllocateMdl
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  Signatures: {}
-  LoadsDespiteHVCI: 'FALSE'
-- Company: NVIDIA Corp.
-  Date: ''
-  Description: NVIDIA System Utility Driver
-  FileVersion: 6.03.12
-  Filename: ''
-  MD5: cceb3a7e3bd0203c807168b393a65a74
-  MachineType: AMD64
-  OriginalFilename: nvoclock.sys
-  Product: NVIDIA System Utility Driver
-  ProductVersion: 6.03.12
-  Publisher: ''
-  SHA1: bd3e1d5aacac6406a7bcea3b471bbfa863efbc3d
-  SHA256: ae3a6a0726f667658fc3e3180980609dcb31bdbf833d7cb76ba5d405058d5156
-  Signature: ''
-  Imphash: 236bc37dff7a92a4d25d807cf038e674
-  Authentihash:
-    MD5: 984a1e67c2d9102baba161af7f2c7dc5
-    SHA1: dbf3588cd34c2730a4a2a3d7dbf12fdce1169722
-    SHA256: 2ddcca718ae393cf1d3fd57ddd648484b97c95086bc1c77c6e00d8cd86d60bd8
-  RichPEHeaderHash:
-    MD5: 4fe3a9ddd65c626fe7cb6e204f2c386e
-    SHA1: f3663ed015a24a057b28759c4738835f26b47169
-    SHA256: ebfeaab6945950f842f9b68c4499fc97bd5ad4ba34187f9df91fb8b62d1dabca
-  Sections:
-    .text:
-      Entropy: 5.854065401428635
-      Virtual Size: '0x20da'
-    .rdata:
-      Entropy: 7.977171073541779
-      Virtual Size: '0x4320'
-    .data:
-      Entropy: 1.945035565875688
-      Virtual Size: '0x18'
-    .pdata:
-      Entropy: 3.680091290350265
-      Virtual Size: '0x12c'
-    PAGE:
-      Entropy: 6.002225301908086
-      Virtual Size: '0xb08'
-    INIT:
-      Entropy: 5.260653368559245
-      Virtual Size: '0x2c0'
-    .rsrc:
-      Entropy: 3.310460353720858
-      Virtual Size: '0x388'
-    .reloc:
-      Entropy: 1.0689156580850052
-      Virtual Size: '0x24'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2009-01-06 16:47:08'
-  InternalName: nvoclock.sys
-  Copyright: "Copyright \xA9NVIDIA Corp. 2003-2004"
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - DbgPrint
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - __C_specific_handler
-  - MmGetPhysicalAddress
-  - IoFreeMdl
-  - MmUnmapLockedPages
-  - MmMapLockedPages
-  - MmBuildMdlForNonPagedPool
-  - IoAllocateMdl
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=US, ST=California, L=Santa Clara, O=NVIDIA Corporation, OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=Software, CN=NVIDIA Corporation
-      ValidFrom: '2007-08-07 00:00:00'
-      ValidTo: '2009-09-01 23:59:59'
-      Signature: 657ca22c6aee2d80e07d1d99f3b398873df0f8f68d6436cf98cc75c08d85d9c25a08c551117d7e953a865cff6a21049bdf07b1ea64d97fde9f03846a76f5a6157bb402c623b2e06f6765477f8ed4ef18c2f1f5a2670291479ad7b0adf93651e6dbba1229aff21c64a3b08eb8925b34e4e5e8b81b32a8922881158730d5279effc64687f44c278bae83ef2b920f48f857e02691fc88e2b31a342e6de912c57245571b74791fe6fb7c013511ee13690cf2bbc627ff4f8798bae0c2d0366089f2633c5472d7d159e9734afa1481fe861c29a10da1aa65cbcbf91ead8b03411584d16b66731e1043f3da0a516ed6f0142d9df8975c5b646a826cf0a88ba59ad0d512
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3af820a6907699580410055228ecaddf
-      Version: 3
-      TBS:
-        MD5: 175416493bada497157d28d65f476b32
-        SHA1: 80854f578e2a3b5552ea839ba4f98ddfe94b2381
-        SHA256: 9f176c9eea37039bc9ac9c92f64af7e3718e9cab05291cca2408dbef2bfb7a50
-        SHA384: c178b9d04327f47938b970e8645084e9ef15aec5f42a31067d0d9fb74cce2f092b73d4564be9bcbddd13715b063ab942
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 3af820a6907699580410055228ecaddf
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: NVidia Corp.
-  Date: ''
-  Description: NVidia System Utility Driver
-  FileVersion: 5.05.54
-  Filename: ''
-  MD5: 241a095631570a9cef4f126c87605c60
-  MachineType: AMD64
-  OriginalFilename: nvoclock.sys
-  Product: NVidia System Utility Driver
-  ProductVersion: 5.05.54
-  Publisher: ''
-  SHA1: d496a8d3e71eaacd873ccef1d1f6801e54959713
-  SHA256: afda5af5f210336061bff0fab0ed93ee495312bed639ec5db56fbac0ea8247d3
-  Signature: ''
-  Imphash: 236bc37dff7a92a4d25d807cf038e674
-  Authentihash:
-    MD5: 4bdf9ad93233463f415034725788ae43
-    SHA1: f8fe56435f0d964d8fd1ee4b7c05bc68fd032a41
-    SHA256: c0a60e07b06033497ded62ed49fbf3eb3d8fe750eebc3f0c332f5d84ab17e045
-  RichPEHeaderHash:
-    MD5: 4fe3a9ddd65c626fe7cb6e204f2c386e
-    SHA1: f3663ed015a24a057b28759c4738835f26b47169
-    SHA256: ebfeaab6945950f842f9b68c4499fc97bd5ad4ba34187f9df91fb8b62d1dabca
-  Sections:
-    .text:
-      Entropy: 5.821147695135203
-      Virtual Size: '0x1fba'
-    .rdata:
-      Entropy: 7.978082763419433
-      Virtual Size: '0x4304'
-    .data:
-      Entropy: 1.945035565875688
-      Virtual Size: '0x18'
-    .pdata:
-      Entropy: 3.684694571322227
-      Virtual Size: '0x114'
-    PAGE:
-      Entropy: 5.980196151418771
-      Virtual Size: '0xa58'
-    INIT:
-      Entropy: 5.269611474363871
-      Virtual Size: '0x2c0'
-    .rsrc:
-      Entropy: 3.2882263433655976
-      Virtual Size: '0x388'
-    .reloc:
-      Entropy: 1.0689156580850052
-      Virtual Size: '0x24'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2007-09-04 20:26:33'
-  InternalName: nvoclock.sys
-  Copyright: "Copyright \xA9NVIDIA Corp. 2003-2004"
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - DbgPrint
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - __C_specific_handler
-  - MmGetPhysicalAddress
-  - IoFreeMdl
-  - MmUnmapLockedPages
-  - MmMapLockedPages
-  - MmBuildMdlForNonPagedPool
-  - IoAllocateMdl
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=US, ST=California, L=Santa Clara, O=NVIDIA Corporation, OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=Software, CN=NVIDIA Corporation
-      ValidFrom: '2007-08-07 00:00:00'
-      ValidTo: '2009-09-01 23:59:59'
-      Signature: 657ca22c6aee2d80e07d1d99f3b398873df0f8f68d6436cf98cc75c08d85d9c25a08c551117d7e953a865cff6a21049bdf07b1ea64d97fde9f03846a76f5a6157bb402c623b2e06f6765477f8ed4ef18c2f1f5a2670291479ad7b0adf93651e6dbba1229aff21c64a3b08eb8925b34e4e5e8b81b32a8922881158730d5279effc64687f44c278bae83ef2b920f48f857e02691fc88e2b31a342e6de912c57245571b74791fe6fb7c013511ee13690cf2bbc627ff4f8798bae0c2d0366089f2633c5472d7d159e9734afa1481fe861c29a10da1aa65cbcbf91ead8b03411584d16b66731e1043f3da0a516ed6f0142d9df8975c5b646a826cf0a88ba59ad0d512
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3af820a6907699580410055228ecaddf
-      Version: 3
-      TBS:
-        MD5: 175416493bada497157d28d65f476b32
-        SHA1: 80854f578e2a3b5552ea839ba4f98ddfe94b2381
-        SHA256: 9f176c9eea37039bc9ac9c92f64af7e3718e9cab05291cca2408dbef2bfb7a50
-        SHA384: c178b9d04327f47938b970e8645084e9ef15aec5f42a31067d0d9fb74cce2f092b73d4564be9bcbddd13715b063ab942
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 3af820a6907699580410055228ecaddf
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: NVidia Corp.
-  Date: ''
-  Description: NVidia System Utility Driver
-  FileVersion: 5.05.54
-  Filename: ''
-  MD5: 61d6b1c71ad94f8485e966bebc36d092
-  MachineType: I386
-  OriginalFilename: nvoclock.sys
-  Product: NVidia System Utility Driver
-  ProductVersion: 5.05.54
-  Publisher: ''
-  SHA1: 72a5ac213ec1681d173bee4f1807c70a77b41bf6
-  SHA256: b2364c3cf230648dad30952701aef90acfc9891541c7e154e30c9750da213ed1
-  Signature: ''
-  Imphash: 1b0788bb68804273159b8ace9cba7ea3
-  Authentihash:
-    MD5: c048567c1a013164e8c4be5cbb16e73a
-    SHA1: c2fdc70a7a7d832520ffa572825265ff7bd978d3
-    SHA256: 14a0a9fe317192b54fda1516f46af78e6aabac0cf050bf18ec1e5ddaefd8e051
-  RichPEHeaderHash:
-    MD5: 86c7ec663ebc07b1e06b93fb4d4a7433
-    SHA1: db70eac0fca1908453e61d077cdf09ab68f369eb
-    SHA256: 77a2ee6677d7156b5f31b6ddcee14adf1e68d50a2a7f7ca62a0c484ae0a77c12
-  Sections:
-    .text:
-      Entropy: 6.347643758535278
-      Virtual Size: '0x1d42'
-    .rdata:
-      Entropy: 7.9956491667592635
-      Virtual Size: '0x4150'
-    .data:
-      Entropy: 2.792481250360578
-      Virtual Size: '0xc'
-    PAGE:
-      Entropy: 6.212137717212665
-      Virtual Size: '0x6d4'
-    INIT:
-      Entropy: 5.374902500397382
-      Virtual Size: '0x294'
-    .rsrc:
-      Entropy: 3.2846895595459378
-      Virtual Size: '0x388'
-    .reloc:
-      Entropy: 6.077496430797658
-      Virtual Size: '0x324'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2007-09-04 20:26:31'
-  InternalName: nvoclock.sys
-  Copyright: "Copyright \xA9NVIDIA Corp. 2003-2004"
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - DbgPrint
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - _except_handler3
-  - MmGetPhysicalAddress
-  - IoFreeMdl
-  - MmUnmapLockedPages
-  - MmMapLockedPages
-  - MmBuildMdlForNonPagedPool
-  - IoAllocateMdl
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - _aullshr
-  Signatures: {}
-  LoadsDespiteHVCI: 'FALSE'
-- Company: NVIDIA Corp.
-  Date: ''
-  Description: NVIDIA System Utility Driver
-  FileVersion: 6.05.02
-  Filename: ''
-  MD5: 2eec12c17d6b8deeeac485f47131d150
-  MachineType: AMD64
-  OriginalFilename: nvoclock.sys
-  Product: NVIDIA System Utility Driver
-  ProductVersion: 6.05.02
-  Publisher: ''
-  SHA1: 228b1ff5cd519faa15d9c2f8cfefd7e683bc3f2b
-  SHA256: b8321471be85dc8a67ac18a2460cab50e7c41cb47252f9a7278b1e69d6970f25
-  Signature: ''
-  Imphash: 7453e39bd87c63550451ba2fa354dd8e
-  Authentihash:
-    MD5: d946955440f474be87d88cc5d8cf0252
-    SHA1: 2a84776f7912799753358cba07e23f25b7191c9f
-    SHA256: 5f5243c9d9638a23ccf0e32f54c585e5688a4a853ff04898281fa23697aaec34
-  RichPEHeaderHash:
-    MD5: a4df41f43bdbd389d42ae6edd60d2a40
-    SHA1: b114d14cfe78d9f5399d9284da4d0d924e8a4d2d
-    SHA256: a5d7787a655a67842d021fede9ecf5a2bbe628300430cb2a72f4bdf7ab30da35
-  Sections:
-    .text:
-      Entropy: 5.880419380402802
-      Virtual Size: '0x2194'
-    .rdata:
-      Entropy: 7.96597737173945
-      Virtual Size: '0x43b0'
-    .data:
-      Entropy: 1.7201755214643453
-      Virtual Size: '0x18'
-    .pdata:
-      Entropy: 3.8232545976060415
-      Virtual Size: '0x150'
-    PAGE:
-      Entropy: 6.190115652633595
-      Virtual Size: '0x1139'
-    INIT:
-      Entropy: 5.025018574047011
-      Virtual Size: '0x3d0'
-    .rsrc:
-      Entropy: 3.321854599483902
-      Virtual Size: '0x388'
-    .reloc:
-      Entropy: 1.0689156580850052
-      Virtual Size: '0x24'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2009-03-09 13:25:10'
-  InternalName: nvoclock.sys
-  Copyright: "Copyright \xA9NVIDIA Corp. 2003-2004"
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoInitializeRemoveLockEx
-  - IoDeleteSymbolicLink
-  - IoAttachDeviceToDeviceStack
-  - IoDeleteDevice
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - RtlInitUnicodeString
-  - KeSetEvent
-  - IoReleaseRemoveLockEx
-  - IoDetachDevice
-  - IoReleaseRemoveLockAndWaitEx
-  - MmUnmapIoSpace
-  - KeWaitForSingleObject
-  - IofCallDriver
-  - KeInitializeEvent
-  - RtlCopyMemory
-  - IofCompleteRequest
-  - IoAcquireRemoveLockEx
-  - MmMapIoSpace
-  - PoCallDriver
-  - PoStartNextPowerIrp
-  - __C_specific_handler
-  - MmGetPhysicalAddress
-  - IoFreeMdl
-  - MmUnmapLockedPages
-  - MmMapLockedPages
-  - MmBuildMdlForNonPagedPool
-  - IoAllocateMdl
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=US, ST=California, L=Santa Clara, O=NVIDIA Corporation, OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=Software, CN=NVIDIA Corporation
-      ValidFrom: '2007-08-07 00:00:00'
-      ValidTo: '2009-09-01 23:59:59'
-      Signature: 657ca22c6aee2d80e07d1d99f3b398873df0f8f68d6436cf98cc75c08d85d9c25a08c551117d7e953a865cff6a21049bdf07b1ea64d97fde9f03846a76f5a6157bb402c623b2e06f6765477f8ed4ef18c2f1f5a2670291479ad7b0adf93651e6dbba1229aff21c64a3b08eb8925b34e4e5e8b81b32a8922881158730d5279effc64687f44c278bae83ef2b920f48f857e02691fc88e2b31a342e6de912c57245571b74791fe6fb7c013511ee13690cf2bbc627ff4f8798bae0c2d0366089f2633c5472d7d159e9734afa1481fe861c29a10da1aa65cbcbf91ead8b03411584d16b66731e1043f3da0a516ed6f0142d9df8975c5b646a826cf0a88ba59ad0d512
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3af820a6907699580410055228ecaddf
-      Version: 3
-      TBS:
-        MD5: 175416493bada497157d28d65f476b32
-        SHA1: 80854f578e2a3b5552ea839ba4f98ddfe94b2381
-        SHA256: 9f176c9eea37039bc9ac9c92f64af7e3718e9cab05291cca2408dbef2bfb7a50
-        SHA384: c178b9d04327f47938b970e8645084e9ef15aec5f42a31067d0d9fb74cce2f092b73d4564be9bcbddd13715b063ab942
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 3af820a6907699580410055228ecaddf
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: NVidia Corp.
-  Date: ''
-  Description: NVidia System Utility Driver
-  FileVersion: 6.02.15
-  Filename: ''
-  MD5: edfa69e9132a56778d6363cd41843893
-  MachineType: AMD64
-  OriginalFilename: nvoclock.sys
-  Product: NVidia System Utility Driver
-  ProductVersion: 6.02.15
-  Publisher: ''
-  SHA1: 0a5ef5b72e621a639860c03f1cac499567082f39
-  SHA256: d54ac69c438ba77cde88c6efd6a423491996d4e8a235666644b1db954eb1da9c
-  Signature: ''
-  Imphash: 236bc37dff7a92a4d25d807cf038e674
-  Authentihash:
-    MD5: da2a882bdc691526975b88e83bba5b9d
-    SHA1: 96bff1ce988224e1bd7fdff981feb35cb8af278c
-    SHA256: 6c049aff27517fe269517b07bdc8ef1e7b26e1e76276b02dc5a9688901a88de3
-  RichPEHeaderHash:
-    MD5: 4fe3a9ddd65c626fe7cb6e204f2c386e
-    SHA1: f3663ed015a24a057b28759c4738835f26b47169
-    SHA256: ebfeaab6945950f842f9b68c4499fc97bd5ad4ba34187f9df91fb8b62d1dabca
-  Sections:
-    .text:
-      Entropy: 5.854065401428635
-      Virtual Size: '0x20da'
-    .rdata:
-      Entropy: 7.977154517132318
-      Virtual Size: '0x4320'
-    .data:
-      Entropy: 1.945035565875688
-      Virtual Size: '0x18'
-    .pdata:
-      Entropy: 3.680091290350265
-      Virtual Size: '0x12c'
-    PAGE:
-      Entropy: 6.002225301908086
-      Virtual Size: '0xb08'
-    INIT:
-      Entropy: 5.260653368559245
-      Virtual Size: '0x2c0'
-    .rsrc:
-      Entropy: 3.3119731857924113
-      Virtual Size: '0x388'
-    .reloc:
-      Entropy: 1.0689156580850052
-      Virtual Size: '0x24'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2008-08-18 10:00:01'
-  InternalName: nvoclock.sys
-  Copyright: "Copyright \xA9NVIDIA Corp. 2003-2004"
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - DbgPrint
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - __C_specific_handler
-  - MmGetPhysicalAddress
-  - IoFreeMdl
-  - MmUnmapLockedPages
-  - MmMapLockedPages
-  - MmBuildMdlForNonPagedPool
-  - IoAllocateMdl
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=US, ST=California, L=Santa Clara, O=NVIDIA Corporation, OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=Software, CN=NVIDIA Corporation
-      ValidFrom: '2007-08-07 00:00:00'
-      ValidTo: '2009-09-01 23:59:59'
-      Signature: 657ca22c6aee2d80e07d1d99f3b398873df0f8f68d6436cf98cc75c08d85d9c25a08c551117d7e953a865cff6a21049bdf07b1ea64d97fde9f03846a76f5a6157bb402c623b2e06f6765477f8ed4ef18c2f1f5a2670291479ad7b0adf93651e6dbba1229aff21c64a3b08eb8925b34e4e5e8b81b32a8922881158730d5279effc64687f44c278bae83ef2b920f48f857e02691fc88e2b31a342e6de912c57245571b74791fe6fb7c013511ee13690cf2bbc627ff4f8798bae0c2d0366089f2633c5472d7d159e9734afa1481fe861c29a10da1aa65cbcbf91ead8b03411584d16b66731e1043f3da0a516ed6f0142d9df8975c5b646a826cf0a88ba59ad0d512
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3af820a6907699580410055228ecaddf
-      Version: 3
-      TBS:
-        MD5: 175416493bada497157d28d65f476b32
-        SHA1: 80854f578e2a3b5552ea839ba4f98ddfe94b2381
-        SHA256: 9f176c9eea37039bc9ac9c92f64af7e3718e9cab05291cca2408dbef2bfb7a50
-        SHA384: c178b9d04327f47938b970e8645084e9ef15aec5f42a31067d0d9fb74cce2f092b73d4564be9bcbddd13715b063ab942
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 3af820a6907699580410055228ecaddf
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: NVidia Corp.
-  Date: ''
-  Description: NVidia System Utility Driver
-  FileVersion: 5.00.06
-  Filename: ''
-  MD5: 7f9128654c3def08c28e0e13efff0fee
-  MachineType: AMD64
-  OriginalFilename: nvoclock.sys
-  Product: NVidia System Utility Driver
-  ProductVersion: 5.00.06
-  Publisher: ''
-  SHA1: a45687965357036df17b8ff380e3a43a8fbb2ca9
-  SHA256: d633055c7eda26dacfc30109eb790625519fc7b0a3a601ceed9e21918aad8a1b
-  Signature: ''
-  Imphash: 236bc37dff7a92a4d25d807cf038e674
-  Authentihash:
-    MD5: eb49b04c44903ee1cedc83c5fcd2f837
-    SHA1: d35e1e29c0124adb3dbbe490190d196b1f1e7425
-    SHA256: ba182292c25044e9abc89bcd2a846a4cd74485ce0c26413e5a859c516f9d89e2
-  RichPEHeaderHash:
-    MD5: 829df4ebafca2152230c9948a0e26c18
-    SHA1: cf3cecd990d504bd4b994f4b5ddac08638581f75
-    SHA256: 18c6c808021e90d58cc68255499963238911cac0733ae68bcf9ca301847771aa
-  Sections:
-    .text:
-      Entropy: 5.9855546431770765
-      Virtual Size: '0xa76'
-    .rdata:
-      Entropy: 4.738503317609862
-      Virtual Size: '0x220'
-    .data:
-      Entropy: 1.945035565875688
-      Virtual Size: '0x18'
-    .pdata:
-      Entropy: 3.350894783533565
-      Virtual Size: '0xb4'
-    PAGE:
-      Entropy: 5.888499158365277
-      Virtual Size: '0x8f8'
-    INIT:
-      Entropy: 5.223967543740313
-      Virtual Size: '0x2c0'
-    .rsrc:
-      Entropy: 3.2820642410900125
-      Virtual Size: '0x388'
-    .reloc:
-      Entropy: 1.0689156580850052
-      Virtual Size: '0x24'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2006-06-06 09:55:55'
-  InternalName: nvoclock.sys
-  Copyright: "Copyright \xA9NVIDIA Corp. 2003-2004"
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - DbgPrint
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - __C_specific_handler
-  - MmGetPhysicalAddress
-  - IoFreeMdl
-  - MmUnmapLockedPages
-  - MmMapLockedPages
-  - MmBuildMdlForNonPagedPool
-  - IoAllocateMdl
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, OU=GeoTrust TrustCenter CodeSigning CA, O=GeoTrust Inc, CN=GeoTrust
-        TrustCenter CodeSigning CA I
-      ValidFrom: '2006-02-01 21:44:28'
-      ValidTo: '2016-01-30 21:44:28'
-      Signature: 65c62c9e0fc5dec5639b6e8341e0d9137104dcd9813151f57eb9930d2ef80ae8c329c0e15e02c935bb2d936ff620702b7af688c0a60133696035618235da87d374289fa4b7c023012a763198473d2bd618173691b6203e8c00876f603252123d15d2a49c00def933f55e980a433ab6af40d8924b85b25701b2c9b09174f7b754
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 05ab96
-      Version: 3
-      TBS:
-        MD5: 861ac2a336eb5977ee1d342b79b3339a
-        SHA1: 172f39bca3dda7c6d5169c96b34a5fe7e96ff0bd
-        SHA256: 4e5f8008413b8bd1daacea968d79051fc84d2fcd76ded06c65fd8d2cf3b4e2e1
-        SHA384: 99b4b343c5b223a1446551c3dd26e2a0dcafe214460c5fcc4f9f12eaca42695ae9adb04fc19eec33f17d1659a0730e95
-    - Subject: C=TW, ST=Taiwan, L=Taipei, O=Micro,Star Int'l Co., Ltd., OU=MIS, OU=GeoTrust
-        Code Signing, CN=Micro,Star Int'l Co., Ltd.
-      ValidFrom: '2006-09-11 09:43:50'
-      ValidTo: '2008-09-11 09:43:50'
-      Signature: 7335bd70b995d2686492c60ee10cdbceca4b87fe95bf22bc6855dd1fb06ec8c1769ebe7242476a490af64089ad684e0961b2282443b2ad0a05b50f5d0b9f04b66d08013c5007928e4b4c39e2a4723be45522fe6ed7610199379c101e269c52458a363ad8ac60dd4c2782dbcc46f4c9f1c4febc6b64e963d1a7e3b00e2b1400bd5bd56086683f4391b6981795cd06420d33048dbb0553ffc320f90cf993eacced1f32aa7527b5cdd2419e1752f850a01762768552975936d0c4e1367c40280cde06dcf66fd7ff09ecf586678b7b37c28d040cf286f59433f669f197cc9ed0ef825aa2f4d56c0f2503b272a5b8131083c2969cb4503b4334a310b81ac81626ed1e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4be200010020da64b996e9157caa
-      Version: 3
-      TBS:
-        MD5: 003ad6ab7503faa11a0cb94d94a50f3b
-        SHA1: 91091aed19f92255ba8c915f1a5eb92dee6f54dd
-        SHA256: d585752b1322386c8bf959ad7c5a17d44feaf84116fe8b1fdc22edd6a7cd47e0
-        SHA384: e5ef53328ec96180ee9a1fede1842931c1589bac179cd552fce718fad2ceb0e2df83386be1ae00ca68065270bda9605e
-    - Subject: C=US, O=Equifax, OU=Equifax Secure Certificate Authority
-      ValidFrom: '2006-05-23 17:01:15'
-      ValidTo: '2016-05-23 17:11:15'
-      Signature: 87a40f6b55916248ff54811ccf5db6c5a514aa671df485f6860d38b31c8d22ce7c867946fb71e16114d0ed4e46a48bca64654094f92ad7870ca9b7bedcc40bbd09c106eb9530841b9d8de7bc70c6f86539c4e5c4e65c8fcda130baef065e555290edd8587f15142ecc21a593dab8508d805e6e22a70fde8093add71d24b02aa2f4f20b98750131cc69bc359b3d13662f21bde54ec3639cc8518d59f5b600937ef10c35b0f4180dbfa7bdb2aae16b9f3ce6bb41b5d904e7c8a63abf8a5bdcaa9a3cd2c8dfcb1774163d78470b4c108e406616a0f300ede034998af0f9460ff27fbf202c972616d59e81da94a6dc61c8f18e092d4e32d03df682267d91d7a6c67bc1311d210ed4a342c1b4dfc0446b4f2aeebb29d62787b0a450ae1a9ab5f996f4ccabe52b3df166e2d5e1c3f0c687b659536638026e6194df1563aa415052f9bb64dc95e05b6c2aacfed6e603c21ff65557fe7e813fcb5a0bc1029cac84e47cd3f4c25a17c312706009ec82e5eccdd0b2106d69868c8da60e0416c57164ebd95bb8b08cfc32427e60846f655b7244272b846181f461d50fd51dbc05a27a5f937f26d1c8b3afa0190723e43e225d32d14a0fcee7b72a5c7b6e1c57126864e8337e8c501340a487b0d3a69b1eacbd3d7812bc52af09e0bab0508e5c81f98383af1482f50a6d035721bb9ac32e66fb04215b0a120fc1c907d63cecabf9a52f90883a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610bdc8f00000000001a
-      Version: 3
-      TBS:
-        MD5: 6e11ed171e9a07e607b8ca65bf0e8858
-        SHA1: 6d329a72420f76868584957854cdc45172e9f902
-        SHA256: 75efb8656a18ba5dacc596757bfb0fa11f0d3d81fd5f8cf9bb8975ced87e7b1b
-        SHA384: c41060ed797c77588692c0b3e36e19cca2d48c354863437f3df76009e25c916e8d2c7e17b297fbc59da085e98d070093
-    Signer:
-    - SerialNumber: 4be200010020da64b996e9157caa
-      Issuer: C=US, OU=GeoTrust TrustCenter CodeSigning CA, O=GeoTrust Inc, CN=GeoTrust
-        TrustCenter CodeSigning CA I
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: NVidia Corp.
-  Date: ''
-  Description: NVidia System Utility Driver
-  FileVersion: 1, 00, 00, 00
-  Filename: ''
-  MD5: 546db985012d988e4482acfae4a935a8
-  MachineType: I386
-  OriginalFilename: NVoclock.RC
-  Product: NVidia System Utility Driver
-  ProductVersion: 1, 0, 0, 1
-  Publisher: ''
-  SHA1: e9d7d7d42fd534abf52da23c0d6ec238cefde071
-  SHA256: d7c90cf3fdbbd2f40fe6a39ad0bb2a9a97a0416354ea84db3aeff6d925d14df8
-  Signature: ''
-  Imphash: 0e0722c16a5ded199f64b26fccd2115a
-  Authentihash:
-    MD5: 5b9870e1fedcea0462b9ecc3013f8134
-    SHA1: fe761bee648d4a1c9fd8c1646323a692df957c42
-    SHA256: b3183d87a902db1bbdaecb37291b9d37c032ce9dfacbe4b36cc3032f5a643ab4
-  RichPEHeaderHash:
-    MD5: 79dfb67c53dddac5f3ebd760bc9eea20
-    SHA1: 21ac18e6949a7452fbcfeebd6322e10702edd6c7
-    SHA256: ebeea43f92de2c63a449763f2fde535fb16528343b032e94221c1796ff98affa
-  Sections:
-    .text:
-      Entropy: 4.61754948208715
-      Virtual Size: '0xe0'
-    .rdata:
-      Entropy: 4.687065247094353
-      Virtual Size: '0x87'
-    PAGE:
-      Entropy: 6.072902153750393
-      Virtual Size: '0x49b'
-    INIT:
-      Entropy: 5.122317255251592
-      Virtual Size: '0x1a0'
-    .rsrc:
-      Entropy: 3.2704758500582938
-      Virtual Size: '0x378'
-    .reloc:
-      Entropy: 3.2357669877277893
-      Virtual Size: '0x54'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2003-10-23 11:59:21'
-  InternalName: nvoclock.sys
-  Copyright: "Copyright \xA9 2003"
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  Signatures: {}
-  LoadsDespiteHVCI: 'FALSE'
-- Company: NVIDIA Corp.
-  Date: ''
-  Description: NVIDIA System Utility Driver
-  FileVersion: 6.05.06
-  Filename: ''
-  MD5: 96c5900331bd17344f338d006888bae5
-  MachineType: I386
-  OriginalFilename: nvoclock.sys
-  Product: NVIDIA System Utility Driver
-  ProductVersion: 6.05.06
-  Publisher: ''
-  SHA1: d2c7aa9b424015f970fe7506ae5d1c69a8ac11f6
-  SHA256: f4e500a9ac5991da5bf114fa80e66456a2cde3458a3d41c14e127ac09240c114
-  Signature: ''
-  Imphash: bec5dc89f030df7a96d19483fad4cc0a
-  Authentihash:
-    MD5: b6c58fc97881883e9e2ca091f43eb29d
-    SHA1: c768ae4c7155e9b06f16ab0b528bc3664b627763
-    SHA256: 221369498ae77e0ff60ce2f59de6ef2bbb01aca8cd55d7a8487760068f5a544a
-  RichPEHeaderHash:
-    MD5: 79b18c96a845fa5ed4b32b68e044d886
-    SHA1: 4f4359656c3e3fd940c0f2feea828cb56680b81d
-    SHA256: 15e52e5444362d1eabad1bf6dcd86d4ed9bc9451b67d38525dc0233a9d03908b
-  Sections:
-    .text:
-      Entropy: 6.38652500648769
-      Virtual Size: '0x1de6'
-    .rdata:
-      Entropy: 7.993570843923068
-      Virtual Size: '0x4172'
-    .data:
-      Entropy: 2.792481250360578
-      Virtual Size: '0xc'
-    PAGE:
-      Entropy: 6.3696612236730985
-      Virtual Size: '0xc7f'
-    INIT:
-      Entropy: 5.262192516096198
-      Virtual Size: '0x33c'
-    .rsrc:
-      Entropy: 3.314836632824097
-      Virtual Size: '0x388'
-    .reloc:
-      Entropy: 6.127672955661517
-      Virtual Size: '0x388'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2009-09-15 15:59:22'
-  InternalName: nvoclock.sys
-  Copyright: "Copyright \xA9NVIDIA Corp. 2003-2004"
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoInitializeRemoveLockEx
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - IoAttachDeviceToDeviceStack
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - RtlInitUnicodeString
-  - KeSetEvent
-  - IoReleaseRemoveLockEx
-  - KeWaitForSingleObject
-  - KeInitializeEvent
-  - IoDetachDevice
-  - IoReleaseRemoveLockAndWaitEx
-  - MmUnmapIoSpace
-  - IofCallDriver
-  - IofCompleteRequest
-  - IoAcquireRemoveLockEx
-  - MmMapIoSpace
-  - PoCallDriver
-  - PoStartNextPowerIrp
-  - _except_handler3
-  - MmGetPhysicalAddress
-  - IoFreeMdl
-  - MmUnmapLockedPages
-  - MmMapLockedPages
-  - MmBuildMdlForNonPagedPool
-  - IoAllocateMdl
-  - _aullshr
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=US, ST=California, L=Santa Clara, O=NVIDIA Corporation, OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=Software, CN=NVIDIA Corporation
-      ValidFrom: '2009-07-31 00:00:00'
-      ValidTo: '2011-09-01 23:59:59'
-      Signature: 637b2f21e7ca2d9c511e9d61685062a36b1fa997fd860d4ebad28445116b417cef4a1bd7dfeb3a0aa4de2e23eae4c7f3abf12e823e3f4aa43e11df3c5bc1822d42125ae4c85c5b1de854950abdf7c1c1dce54186c2294bee017fdacfb123b13d8b1fce69fd7f1f40a112a4b8ca5e17a54251afae7b60f5e5e75cc20cc86bb0578c8478d21c7293af4613094ceff5ead14b0933572693afa4157fbb2ab13cb7a8d44d99fff11be3c0813bbb421ee7a0ed6e6da8f0d0ba915af1db2c9bd63d1bf371ddad6002debf35d03c124253aa9f4b06e5e448a075ef4d084b8061724d7263d19c48b28d916c8a582b5841a161e18d48d6c9618b8100f4194ca648a2fc656b
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 534abed0be56d9840dd12ddb84f8b031
-      Version: 3
-      TBS:
-        MD5: 4914c1d2c944d48a9636059155440df8
-        SHA1: 0337264fca5a8d774786b5b275e03ab42edb11ae
-        SHA256: 8833131f04e02297c80b986ec7e7793e194fb144470dc36cc57a376487c2750b
-        SHA384: 8450d31af22887ac50415c01d88f7eb6081b7044ab8f35ac0b63e09828786258e73fed98f37c99df6d5472b6a34f6db3
-    Signer:
-    - SerialNumber: 534abed0be56d9840dd12ddb84f8b031
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create nvoclocksys binPath= C:\windows\temp\nvoclocksys.sys type=kernel
+        && sc.exe start nvoclocksys
+    Description: The Carbon Black Threat Analysis Unit (TAU) discovered 34 unique
+        vulnerable drivers (237 file hashes) accepting firmware access. Six allow
+        kernel memory access. All give full control of the devices to non-admin users.
+        By exploiting the vulnerable drivers, an attacker without the system privilege
+        may erase/alter firmware, and/or elevate privileges. As of the time of writing
+        in October 2023, the filenames of the vulnerable drivers have not been made
+        public until now.
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://blogs.vmware.com/security/2023/10/hunting-vulnerable-kernel-drivers.html
-Tags:
-- nvoclock.sys
-Verified: 'TRUE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Company: NVIDIA Corp.
+    Date: ''
+    Description: NVIDIA System Utility Driver
+    FileVersion: 6.05.02
+    Filename: ''
+    MD5: 6cc3c3be2de12310a35a6ab2aed141d6
+    MachineType: I386
+    OriginalFilename: nvoclock.sys
+    Product: NVIDIA System Utility Driver
+    ProductVersion: 6.05.02
+    Publisher: ''
+    SHA1: 09d3ff3c57f5154735e676f2c0a10b5e51336bb3
+    SHA256: 060d25126e45309414b380ee29f900840b689eae4217a8e621563f130c1d457f
+    Signature: ''
+    Imphash: bec5dc89f030df7a96d19483fad4cc0a
+    Authentihash:
+        MD5: 43bc44c551bb06b2052b1b146231a424
+        SHA1: be3c7e94ca552ccae788c14183ab1997f5e22122
+        SHA256: 047ce557cc7bb580af457c151233b5114de6efbc9bf5e8c919fab453cebe5fa6
+    RichPEHeaderHash:
+        MD5: 79b18c96a845fa5ed4b32b68e044d886
+        SHA1: 4f4359656c3e3fd940c0f2feea828cb56680b81d
+        SHA256: 15e52e5444362d1eabad1bf6dcd86d4ed9bc9451b67d38525dc0233a9d03908b
+    Sections:
+        .text:
+            Entropy: 6.38652500648769
+            Virtual Size: '0x1de6'
+        .rdata:
+            Entropy: 7.993400719049359
+            Virtual Size: '0x417c'
+        .data:
+            Entropy: 2.792481250360578
+            Virtual Size: '0xc'
+        PAGE:
+            Entropy: 6.365332861447633
+            Virtual Size: '0xc8f'
+        INIT:
+            Entropy: 5.25919991638858
+            Virtual Size: '0x33c'
+        .rsrc:
+            Entropy: 3.31871912729791
+            Virtual Size: '0x388'
+        .reloc:
+            Entropy: 6.129197764938437
+            Virtual Size: '0x388'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2009-03-09 13:25:07'
+    InternalName: nvoclock.sys
+    Copyright: "Copyright \xA9NVIDIA Corp. 2003-2004"
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoInitializeRemoveLockEx
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - IoAttachDeviceToDeviceStack
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - RtlInitUnicodeString
+    - KeSetEvent
+    - IoReleaseRemoveLockEx
+    - KeWaitForSingleObject
+    - KeInitializeEvent
+    - IoDetachDevice
+    - IoReleaseRemoveLockAndWaitEx
+    - MmUnmapIoSpace
+    - IofCallDriver
+    - IofCompleteRequest
+    - IoAcquireRemoveLockEx
+    - MmMapIoSpace
+    - PoCallDriver
+    - PoStartNextPowerIrp
+    - _except_handler3
+    - MmGetPhysicalAddress
+    - IoFreeMdl
+    - MmUnmapLockedPages
+    - MmMapLockedPages
+    - MmBuildMdlForNonPagedPool
+    - IoAllocateMdl
+    - _aullshr
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=US, ST=California, L=Santa Clara, O=NVIDIA Corporation, OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, OU=Software, CN=NVIDIA
+                Corporation
+            ValidFrom: '2007-08-07 00:00:00'
+            ValidTo: '2009-09-01 23:59:59'
+            Signature: 657ca22c6aee2d80e07d1d99f3b398873df0f8f68d6436cf98cc75c08d85d9c25a08c551117d7e953a865cff6a21049bdf07b1ea64d97fde9f03846a76f5a6157bb402c623b2e06f6765477f8ed4ef18c2f1f5a2670291479ad7b0adf93651e6dbba1229aff21c64a3b08eb8925b34e4e5e8b81b32a8922881158730d5279effc64687f44c278bae83ef2b920f48f857e02691fc88e2b31a342e6de912c57245571b74791fe6fb7c013511ee13690cf2bbc627ff4f8798bae0c2d0366089f2633c5472d7d159e9734afa1481fe861c29a10da1aa65cbcbf91ead8b03411584d16b66731e1043f3da0a516ed6f0142d9df8975c5b646a826cf0a88ba59ad0d512
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3af820a6907699580410055228ecaddf
+            Version: 3
+            TBS:
+                MD5: 175416493bada497157d28d65f476b32
+                SHA1: 80854f578e2a3b5552ea839ba4f98ddfe94b2381
+                SHA256: 9f176c9eea37039bc9ac9c92f64af7e3718e9cab05291cca2408dbef2bfb7a50
+                SHA384: c178b9d04327f47938b970e8645084e9ef15aec5f42a31067d0d9fb74cce2f092b73d4564be9bcbddd13715b063ab942
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 3af820a6907699580410055228ecaddf
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: NVidia Corp.
+    Date: ''
+    Description: NVidia System Utility Driver
+    FileVersion: 3.00.00
+    Filename: ''
+    MD5: 06ffbb2cbf5ac9ef95773b4f5c4c896a
+    MachineType: I386
+    OriginalFilename: nvoclock.sys
+    Product: NVidia System Utility Driver
+    ProductVersion: 3.00.00
+    Publisher: ''
+    SHA1: 9f2b550c58c71d407898594b110a9320d5b15793
+    SHA256: 0fc0644085f956706ea892563309ba72f0986b7a3d4aa9ae81c1fa1c35e3e2d3
+    Signature: ''
+    Imphash: c590cbf2d6cbf206a2e47e8ed91dd944
+    Authentihash:
+        MD5: 4542c85a4f4fe38b28981d4b8035f46b
+        SHA1: 094cd9d2b292e15c915dc2f5087a9c8e30d7382e
+        SHA256: 283a2e3eb9bad973e2ec439208f1bfb5121f8d9c37019b8a699be212f05964eb
+    RichPEHeaderHash:
+        MD5: 09ffc04ae64f72585fc378ccdf8754d7
+        SHA1: 19bd1625e045084fcb0b057103b4d0df24c2effe
+        SHA256: a1286359154b9d830af75050d64bafb353f561698c433a10236ff6ee776c3f35
+    Sections:
+        .text:
+            Entropy: 6.11027735498843
+            Virtual Size: '0x708'
+        .rdata:
+            Entropy: 4.662292728291374
+            Virtual Size: '0xab'
+        .data:
+            Entropy: 2.792481250360578
+            Virtual Size: '0xc'
+        PAGE:
+            Entropy: 6.0797559351914945
+            Virtual Size: '0x605'
+        INIT:
+            Entropy: 5.382561636132916
+            Virtual Size: '0x25c'
+        .rsrc:
+            Entropy: 3.230617759040628
+            Virtual Size: '0x388'
+        .reloc:
+            Entropy: 4.539628081221655
+            Virtual Size: '0xc6'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2005-08-10 09:49:48'
+    InternalName: nvoclock.sys
+    Copyright: "Copyright \xA9NVIDIA Corp. 2003-2004"
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - MmGetPhysicalAddress
+    - IoFreeMdl
+    - MmUnmapLockedPages
+    - MmMapLockedPages
+    - MmBuildMdlForNonPagedPool
+    - IoAllocateMdl
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    Signatures: {}
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: NVidia Corp.
+    Date: ''
+    Description: NVidia System Utility Driver
+    FileVersion: 6.02.15
+    Filename: ''
+    MD5: 9ce1b0e5cfa8223cec3be1c7616e9f63
+    MachineType: I386
+    OriginalFilename: nvoclock.sys
+    Product: NVidia System Utility Driver
+    ProductVersion: 6.02.15
+    Publisher: ''
+    SHA1: 96c2e1d7c9a8ad242f8f478e871f645895d3e451
+    SHA256: 16ae28284c09839900b99c0bdf6ce4ffcd7fe666cfd5cfb0d54a3ad9bea9aa9c
+    Signature: ''
+    Imphash: 1b0788bb68804273159b8ace9cba7ea3
+    Authentihash:
+        MD5: c4f1bdfb9ce8e2ded74fc30bb9fb9dcf
+        SHA1: 98e3f744f1c5ce862052364d1d38da0d96870e06
+        SHA256: 2affa6b703f0491a44d6b7b09dfab83b36ac06979810665aaf7dd2913964c44d
+    RichPEHeaderHash:
+        MD5: 86c7ec663ebc07b1e06b93fb4d4a7433
+        SHA1: db70eac0fca1908453e61d077cdf09ab68f369eb
+        SHA256: 77a2ee6677d7156b5f31b6ddcee14adf1e68d50a2a7f7ca62a0c484ae0a77c12
+    Sections:
+        .text:
+            Entropy: 6.38790652185374
+            Virtual Size: '0x1dce'
+        .rdata:
+            Entropy: 7.995607100533982
+            Virtual Size: '0x4150'
+        .data:
+            Entropy: 2.792481250360578
+            Virtual Size: '0xc'
+        PAGE:
+            Entropy: 6.256600826224753
+            Virtual Size: '0x762'
+        INIT:
+            Entropy: 5.32929280121916
+            Virtual Size: '0x294'
+        .rsrc:
+            Entropy: 3.309375270365866
+            Virtual Size: '0x388'
+        .reloc:
+            Entropy: 6.061802260394644
+            Virtual Size: '0x326'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2008-08-18 09:59:59'
+    InternalName: nvoclock.sys
+    Copyright: "Copyright \xA9NVIDIA Corp. 2003-2004"
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - DbgPrint
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - _except_handler3
+    - MmGetPhysicalAddress
+    - IoFreeMdl
+    - MmUnmapLockedPages
+    - MmMapLockedPages
+    - MmBuildMdlForNonPagedPool
+    - IoAllocateMdl
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - _aullshr
+    Signatures: {}
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: NVidia Corp.
+    Date: ''
+    Description: NVidia System Utility Driver
+    FileVersion: 1, 08, 05, 00
+    Filename: ''
+    MD5: d1e57c74bafa56e8e2641290d153f4d2
+    MachineType: AMD64
+    OriginalFilename: NVoclock.RC
+    Product: NVidia System Utility Driver
+    ProductVersion: 1, 0, 0, 1
+    Publisher: ''
+    SHA1: 007b2c7d72a5a89b424095dbb7f67ff2aeddb277
+    SHA256: 2203bd4731a8fdc2a1c60e975fd79fd5985369e98a117df7ee43c528d3c85958
+    Signature: ''
+    Imphash: 0e0722c16a5ded199f64b26fccd2115a
+    Authentihash:
+        MD5: 9a7949af4e2db6971025a87e89af1de8
+        SHA1: 0380ce3467b97aa19ca6ab3177651b22a77d9c0e
+        SHA256: 717242ad6a3afb6f236890caa44501a4be8d0ab019f028ba2c74d3455f065804
+    RichPEHeaderHash:
+        MD5: f8e40b6dc3fa7ca958fa2c7d5aa3f361
+        SHA1: 70129cb6ab0553c8a009af17761aa6ab4c12c28d
+        SHA256: 796ad84a90b9a7422b40a3f37e01c0de5ffc889c8a7d2c7fff8e2c24d546bdae
+    Sections:
+        .text:
+            Entropy: 3.9375676199788994
+            Virtual Size: '0xda'
+        .rdata:
+            Entropy: 4.418178445107852
+            Virtual Size: '0xe0'
+        .pdata:
+            Entropy: 2.6324373408045867
+            Virtual Size: '0x30'
+        PAGE:
+            Entropy: 5.676940585130393
+            Virtual Size: '0x618'
+        INIT:
+            Entropy: 5.138884460253172
+            Virtual Size: '0x1b0'
+        .rsrc:
+            Entropy: 3.2822975196509665
+            Virtual Size: '0x378'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2004-03-17 09:34:32'
+    InternalName: nvoclock.sys
+    Copyright: "Copyright \xA9 2003"
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    Signatures: {}
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: NVidia Corp.
+    Date: ''
+    Description: NVidia System Utility Driver
+    FileVersion: 5.00.06
+    Filename: ''
+    MD5: efb4ed2040b9b3d408aab8dc15df5a06
+    MachineType: I386
+    OriginalFilename: nvoclock.sys
+    Product: NVidia System Utility Driver
+    ProductVersion: 5.00.06
+    Publisher: ''
+    SHA1: e0d83953a9efef81ba0fa9de1e3446b6f0a23cc6
+    SHA256: 29f449fca0a41deccef5b0dccd22af18259222f69ed6389beafe8d5168c59e36
+    Signature: ''
+    Imphash: 481d7bb63a8e5eaba756137e6ef22e54
+    Authentihash:
+        MD5: 70462e037d6ef7b7b86ee09dd6974129
+        SHA1: e7f478393a69ec3fe0a026584ddc26fd336dc4f0
+        SHA256: 73664268a737d071f2c3c67503002db08432953f14771317835b6f080d3daeff
+    RichPEHeaderHash:
+        MD5: 9545edcd2511d775b2a7cb9da1bd633a
+        SHA1: 1fb6c2234e5d3faf288eb0f0ca4bdaf3d2476286
+        SHA256: 0cea0c94a25010dfb6c9411ca7be3f9be61a0d59b53452313cf38595e787acd8
+    Sections:
+        .text:
+            Entropy: 6.136101271114652
+            Virtual Size: '0x764'
+        .rdata:
+            Entropy: 4.8825530153812595
+            Virtual Size: '0xe7'
+        .data:
+            Entropy: 2.792481250360578
+            Virtual Size: '0xc'
+        PAGE:
+            Entropy: 6.234123465637388
+            Virtual Size: '0x67d'
+        INIT:
+            Entropy: 5.39459521528998
+            Virtual Size: '0x284'
+        .rsrc:
+            Entropy: 3.2888581674728403
+            Virtual Size: '0x388'
+        .reloc:
+            Entropy: 4.8663460630712105
+            Virtual Size: '0xda'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2006-06-06 09:55:50'
+    InternalName: nvoclock.sys
+    Copyright: "Copyright \xA9NVIDIA Corp. 2003-2004"
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - DbgPrint
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - MmGetPhysicalAddress
+    - IoFreeMdl
+    - MmUnmapLockedPages
+    - MmMapLockedPages
+    - MmBuildMdlForNonPagedPool
+    - IoAllocateMdl
+    - _except_handler3
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    Signatures: {}
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: NVidia Corp.
+    Date: ''
+    Description: NVidia System Utility Driver
+    FileVersion: 5.05.18
+    Filename: ''
+    MD5: 1033f0849180aac4b101a914bc8c53b4
+    MachineType: I386
+    OriginalFilename: nvoclock.sys
+    Product: NVidia System Utility Driver
+    ProductVersion: 5.05.18
+    Publisher: ''
+    SHA1: 7673cebd15488cbbb4ca65209f92faab3f933205
+    SHA256: 3cb111fdedc32f2f253aacde4372b710035c8652eb3586553652477a521c9284
+    Signature: ''
+    Imphash: 481d7bb63a8e5eaba756137e6ef22e54
+    Authentihash:
+        MD5: 8b9ce48f2dfa21fcffbc4a0b73c140b0
+        SHA1: 1e4fdfe6750a04756332cc5a5896cd5763c923c7
+        SHA256: 1848cb34d16559e3c8232c369d89fc12b5720b58300d8c4c21dade6e3ea8d585
+    RichPEHeaderHash:
+        MD5: 9545edcd2511d775b2a7cb9da1bd633a
+        SHA1: 1fb6c2234e5d3faf288eb0f0ca4bdaf3d2476286
+        SHA256: 0cea0c94a25010dfb6c9411ca7be3f9be61a0d59b53452313cf38595e787acd8
+    Sections:
+        .text:
+            Entropy: 6.143367500095279
+            Virtual Size: '0x768'
+        .rdata:
+            Entropy: 4.844701484035357
+            Virtual Size: '0xe7'
+        .data:
+            Entropy: 2.792481250360578
+            Virtual Size: '0xc'
+        PAGE:
+            Entropy: 6.263001835504504
+            Virtual Size: '0x6ad'
+        INIT:
+            Entropy: 5.36387805487485
+            Virtual Size: '0x284'
+        .rsrc:
+            Entropy: 3.301004682949993
+            Virtual Size: '0x388'
+        .reloc:
+            Entropy: 4.8793366894268075
+            Virtual Size: '0xda'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2006-10-31 08:29:04'
+    InternalName: nvoclock.sys
+    Copyright: "Copyright \xA9NVIDIA Corp. 2003-2004"
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - DbgPrint
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - MmGetPhysicalAddress
+    - IoFreeMdl
+    - MmUnmapLockedPages
+    - MmMapLockedPages
+    - MmBuildMdlForNonPagedPool
+    - IoAllocateMdl
+    - _except_handler3
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    Signatures: {}
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: NVidia Corp.
+    Date: ''
+    Description: NVidia System Utility Driver
+    FileVersion: 5.05.25
+    Filename: ''
+    MD5: 2e492f14a1087374368562d01cd609aa
+    MachineType: AMD64
+    OriginalFilename: nvoclock.sys
+    Product: NVidia System Utility Driver
+    ProductVersion: 5.05.25
+    Publisher: ''
+    SHA1: aaaf565fa30834aba3f29a97fc58d15e372500b5
+    SHA256: 3d008e636e74c846fe7c00f90089ff725561cb3d49ce3253f2bbfbc939bbfcb2
+    Signature: ''
+    Imphash: 236bc37dff7a92a4d25d807cf038e674
+    Authentihash:
+        MD5: 6f3a296b03ad9c8758283164aa74ca44
+        SHA1: 5227bbd693ab5deace785e29e56803958b8eca61
+        SHA256: 647f209aac750ba26bda9836afa5ef1370e4a62b5c331606086b1c4c92e10841
+    RichPEHeaderHash:
+        MD5: 829df4ebafca2152230c9948a0e26c18
+        SHA1: cf3cecd990d504bd4b994f4b5ddac08638581f75
+        SHA256: 18c6c808021e90d58cc68255499963238911cac0733ae68bcf9ca301847771aa
+    Sections:
+        .text:
+            Entropy: 5.990034531404092
+            Virtual Size: '0xa76'
+        .rdata:
+            Entropy: 4.78785592948094
+            Virtual Size: '0x238'
+        .data:
+            Entropy: 1.945035565875688
+            Virtual Size: '0x18'
+        .pdata:
+            Entropy: 3.3709483417248802
+            Virtual Size: '0xb4'
+        PAGE:
+            Entropy: 5.890391985002299
+            Virtual Size: '0x958'
+        INIT:
+            Entropy: 5.223967543740313
+            Virtual Size: '0x2c0'
+        .rsrc:
+            Entropy: 3.2859034833322904
+            Virtual Size: '0x388'
+        .reloc:
+            Entropy: 1.0689156580850052
+            Virtual Size: '0x24'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2007-01-22 18:23:23'
+    InternalName: nvoclock.sys
+    Copyright: "Copyright \xA9NVIDIA Corp. 2003-2004"
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - DbgPrint
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - __C_specific_handler
+    - MmGetPhysicalAddress
+    - IoFreeMdl
+    - MmUnmapLockedPages
+    - MmMapLockedPages
+    - MmBuildMdlForNonPagedPool
+    - IoAllocateMdl
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2008-12-03 23:59:59'
+            Signature: 877870da4e5201205be079c98230c4fdb91996bd9100c3bdcdcdc6f40ed8fff94dc033623011c5f5741bd492de5f9c2013b17c45be50cd83e7801783a72793671346fbcab8984103cc9b515b058b7fa86ff31b501b242ef2698d6c22f7bbca1695ed0c74c06877d9eb996287c17390f889747a23aba3987b97b1f78f29714d2e751b4841daf0b50d2054d677a097826369fd09cf8af075bb099bd9f91155269a6132be7a02b07b86bea2c38b222c78d13576bc92735cf9b9e64c150a23cce4d2d4342e4940153c0f607a24c6a566ef96cf70eb3ee7f40d7edcd17ca3767169c19c4f47303521b1a2af1a623c2bd98eaa2a077bd818b35c7be29da56ffe3c89ad
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0de92bf0d4d82988183205095e9a7688
+            Version: 3
+            TBS:
+                MD5: 45c204b8a20f6abb0188d2d38a3fb0c9
+                SHA1: cdf3a3c5c2eda4c29621f30fd3154f9f8c765739
+                SHA256: e32839dddc0f4ed2474efaf37f59d46db400c700fd19533cb0895a111124bc77
+                SHA384: ee9c75832cb252218b3201619852209df490d2ef7a5f7a28afdb37f1c1dd56f4604898838e558f615b1c798d4a488223
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=US, ST=California, L=Santa Clara, O=NVIDIA Corporation, OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, OU=Software, CN=NVIDIA
+                Corporation
+            ValidFrom: '2006-08-23 00:00:00'
+            ValidTo: '2007-09-01 23:59:59'
+            Signature: 399a310998f362743f6ff94b90f6bced52a5a0d4aff594e35097126a2e2538ba7f99ecf1de673b917301104b2b29f2faf93209b24a1c6a721d253001f774302e702be0b7661fa28abfe20cba38097ecdeb25b95243ec97d8465def0a62afc56c9ed0dab8f557a4f2bac474ef843ccd00668e77223cd030e03fb0964625e438313a624ff04941317a8f5e8384d27490cfff5ab9193342dec200fb86e4675f8bb88246e4c04875282aa858d638c43fc90c11e71da3bb5cf1252b93ac90d34f78bdf30a223d9320da406a6d7abe968ecba2589226aa5f4187c7b0e080ba4b0130fa0e38b93e6a7080c209f8c6cad3597380e5060d421cb82722467a59c02c889e39
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 5a4e47e9647b984c10e1d6a42bb07abe
+            Version: 3
+            TBS:
+                MD5: c52873115c87f9dcae09a44ca0131a28
+                SHA1: 4886227ca80507903cdda1d879010f25c5711881
+                SHA256: 94299c8728a24659771c72a6b2849c3095ed9d8befe924999b6d76f224145092
+                SHA384: 7a85a0db56dc2a62bb0bd3996572face21254961b4193492c6a5419bb1986a4192b20d21a6f2e65b7dd9b8ed633df2f4
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 5a4e47e9647b984c10e1d6a42bb07abe
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: NVidia Corp.
+    Date: ''
+    Description: NVidia System Utility Driver
+    FileVersion: 2.05.09
+    Filename: ''
+    MD5: 0291ced808eafe406d3d9b56d2fc0c26
+    MachineType: I386
+    OriginalFilename: nvoclock.sys
+    Product: NVidia System Utility Driver
+    ProductVersion: 2.05.09
+    Publisher: ''
+    SHA1: 1da0c712ff42bd9112ac6afadb7c4d3ae2f20fb7
+    SHA256: 4d777a9e2c61e8b55b3c34c5265b301454bb080abe7ffb373e7800bd6a498f8d
+    Signature: ''
+    Imphash: c590cbf2d6cbf206a2e47e8ed91dd944
+    Authentihash:
+        MD5: 96af0b5d7e04dc1beb2cac418027e9ff
+        SHA1: fb6958d7d53e63edeb4cceebab4d12ca70202109
+        SHA256: f72dbb2a818ba47ca03ffbe50d211050210699c25caec3b97ca960d7286d4b6a
+    RichPEHeaderHash:
+        MD5: 09ffc04ae64f72585fc378ccdf8754d7
+        SHA1: 19bd1625e045084fcb0b057103b4d0df24c2effe
+        SHA256: a1286359154b9d830af75050d64bafb353f561698c433a10236ff6ee776c3f35
+    Sections:
+        .text:
+            Entropy: 6.11027735498843
+            Virtual Size: '0x708'
+        .rdata:
+            Entropy: 4.650596821858627
+            Virtual Size: '0xab'
+        .data:
+            Entropy: 2.792481250360578
+            Virtual Size: '0xc'
+        PAGE:
+            Entropy: 6.0797559351914945
+            Virtual Size: '0x605'
+        INIT:
+            Entropy: 5.382561636132916
+            Virtual Size: '0x25c'
+        .rsrc:
+            Entropy: 3.3009337428982137
+            Virtual Size: '0x388'
+        .reloc:
+            Entropy: 4.539628081221655
+            Virtual Size: '0xc6'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2005-03-18 13:53:01'
+    InternalName: nvoclock.sys
+    Copyright: "Copyright \xA9NVIDIA Corp. 2003-2004"
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - MmGetPhysicalAddress
+    - IoFreeMdl
+    - MmUnmapLockedPages
+    - MmMapLockedPages
+    - MmBuildMdlForNonPagedPool
+    - IoAllocateMdl
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    Signatures: {}
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: NVIDIA Corp.
+    Date: ''
+    Description: NVIDIA System Utility Driver
+    FileVersion: 6.05.06
+    Filename: ''
+    MD5: 8c1d181480796d7d3366a9381fd7782d
+    MachineType: AMD64
+    OriginalFilename: nvoclock.sys
+    Product: NVIDIA System Utility Driver
+    ProductVersion: 6.05.06
+    Publisher: ''
+    SHA1: 7503a1ed7f6fbd068f8c900dd5ddb291417e3464
+    SHA256: 642857fc8d737e92db8771e46e8638a37d9743928c959ed056c15427c6197a54
+    Signature: ''
+    Imphash: 7453e39bd87c63550451ba2fa354dd8e
+    Authentihash:
+        MD5: 3c1fead72a47e97d7253bc861f815371
+        SHA1: e0477eead7848c6d4f5437fb04802bd04c9bd0fd
+        SHA256: 0ffa2791abaa004489427b2c187b64db87b49aaa0ffb2e576f0c982dbe62c62a
+    RichPEHeaderHash:
+        MD5: a4df41f43bdbd389d42ae6edd60d2a40
+        SHA1: b114d14cfe78d9f5399d9284da4d0d924e8a4d2d
+        SHA256: a5d7787a655a67842d021fede9ecf5a2bbe628300430cb2a72f4bdf7ab30da35
+    Sections:
+        .text:
+            Entropy: 5.879397496834089
+            Virtual Size: '0x2174'
+        .rdata:
+            Entropy: 7.965713407657882
+            Virtual Size: '0x43a8'
+        .data:
+            Entropy: 1.945035565875688
+            Virtual Size: '0x18'
+        .pdata:
+            Entropy: 3.8455902378613773
+            Virtual Size: '0x150'
+        PAGE:
+            Entropy: 6.190406190945796
+            Virtual Size: '0x1139'
+        INIT:
+            Entropy: 5.025018574047011
+            Virtual Size: '0x3d0'
+        .rsrc:
+            Entropy: 3.32018449439062
+            Virtual Size: '0x388'
+        .reloc:
+            Entropy: 1.0689156580850052
+            Virtual Size: '0x24'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2009-09-15 15:59:25'
+    InternalName: nvoclock.sys
+    Copyright: "Copyright \xA9NVIDIA Corp. 2003-2004"
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoInitializeRemoveLockEx
+    - IoDeleteSymbolicLink
+    - IoAttachDeviceToDeviceStack
+    - IoDeleteDevice
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - RtlInitUnicodeString
+    - KeSetEvent
+    - IoReleaseRemoveLockEx
+    - IoDetachDevice
+    - IoReleaseRemoveLockAndWaitEx
+    - MmUnmapIoSpace
+    - KeWaitForSingleObject
+    - IofCallDriver
+    - KeInitializeEvent
+    - RtlCopyMemory
+    - IofCompleteRequest
+    - IoAcquireRemoveLockEx
+    - MmMapIoSpace
+    - PoCallDriver
+    - PoStartNextPowerIrp
+    - __C_specific_handler
+    - MmGetPhysicalAddress
+    - IoFreeMdl
+    - MmUnmapLockedPages
+    - MmMapLockedPages
+    - MmBuildMdlForNonPagedPool
+    - IoAllocateMdl
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=US, ST=California, L=Santa Clara, O=NVIDIA Corporation, OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, OU=Software, CN=NVIDIA
+                Corporation
+            ValidFrom: '2009-07-31 00:00:00'
+            ValidTo: '2011-09-01 23:59:59'
+            Signature: 637b2f21e7ca2d9c511e9d61685062a36b1fa997fd860d4ebad28445116b417cef4a1bd7dfeb3a0aa4de2e23eae4c7f3abf12e823e3f4aa43e11df3c5bc1822d42125ae4c85c5b1de854950abdf7c1c1dce54186c2294bee017fdacfb123b13d8b1fce69fd7f1f40a112a4b8ca5e17a54251afae7b60f5e5e75cc20cc86bb0578c8478d21c7293af4613094ceff5ead14b0933572693afa4157fbb2ab13cb7a8d44d99fff11be3c0813bbb421ee7a0ed6e6da8f0d0ba915af1db2c9bd63d1bf371ddad6002debf35d03c124253aa9f4b06e5e448a075ef4d084b8061724d7263d19c48b28d916c8a582b5841a161e18d48d6c9618b8100f4194ca648a2fc656b
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 534abed0be56d9840dd12ddb84f8b031
+            Version: 3
+            TBS:
+                MD5: 4914c1d2c944d48a9636059155440df8
+                SHA1: 0337264fca5a8d774786b5b275e03ab42edb11ae
+                SHA256: 8833131f04e02297c80b986ec7e7793e194fb144470dc36cc57a376487c2750b
+                SHA384: 8450d31af22887ac50415c01d88f7eb6081b7044ab8f35ac0b63e09828786258e73fed98f37c99df6d5472b6a34f6db3
+        Signer:
+        -   SerialNumber: 534abed0be56d9840dd12ddb84f8b031
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: NVidia Corp.
+    Date: ''
+    Description: NVidia System Utility Driver
+    FileVersion: 1, 00, 00, 00
+    Filename: ''
+    MD5: de331f863627dc489f547725d7292bbd
+    MachineType: AMD64
+    OriginalFilename: NVoclock.RC
+    Product: NVidia System Utility Driver
+    ProductVersion: 1, 0, 0, 1
+    Publisher: ''
+    SHA1: 8c11430372889bae1f91e8d068e2b2ad56dfc6bf
+    SHA256: 64a8e00570c68574b091ebdd5734b87f544fa59b75a4377966c661d0475d69a5
+    Signature: ''
+    Imphash: 0e0722c16a5ded199f64b26fccd2115a
+    Authentihash:
+        MD5: 0ac44278542febfa8cb408f96afd98b7
+        SHA1: 2d63276eb232457770188f2df6fc67eb41faacd1
+        SHA256: abbf92203a31c93b8e719cdabff1c681921edbaf43cd34da79c86cb5a806757f
+    RichPEHeaderHash:
+        MD5: f8e40b6dc3fa7ca958fa2c7d5aa3f361
+        SHA1: 70129cb6ab0553c8a009af17761aa6ab4c12c28d
+        SHA256: 796ad84a90b9a7422b40a3f37e01c0de5ffc889c8a7d2c7fff8e2c24d546bdae
+    Sections:
+        .text:
+            Entropy: 3.9375676199788994
+            Virtual Size: '0xda'
+        .rdata:
+            Entropy: 4.3999729772980665
+            Virtual Size: '0xdc'
+        .pdata:
+            Entropy: 2.6324373408045867
+            Virtual Size: '0x30'
+        PAGE:
+            Entropy: 5.676940585130393
+            Virtual Size: '0x618'
+        INIT:
+            Entropy: 5.138884460253172
+            Virtual Size: '0x1b0'
+        .rsrc:
+            Entropy: 3.2704758500582933
+            Virtual Size: '0x378'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2003-10-23 11:59:29'
+    InternalName: nvoclock.sys
+    Copyright: "Copyright \xA9 2003"
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    Signatures: {}
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: NVidia Corp.
+    Date: ''
+    Description: NVidia System Utility Driver
+    FileVersion: 5.05.14
+    Filename: ''
+    MD5: 8cc5a4045a80a822cbc1e9eadff8e533
+    MachineType: I386
+    OriginalFilename: nvoclock.sys
+    Product: NVidia System Utility Driver
+    ProductVersion: 5.05.14
+    Publisher: ''
+    SHA1: b0aede5a66e13469c46acbc3b01ccf038acf222c
+    SHA256: 77da3e8c5d70978b287d433ae1e1236c895b530a8e1475a9a190cdcc06711d2f
+    Signature: ''
+    Imphash: 481d7bb63a8e5eaba756137e6ef22e54
+    Authentihash:
+        MD5: 9ebe5f6ad14b7db78ab94bedcd6ad55f
+        SHA1: fddcb8952f5f44ddae6201b08ddaa94537470669
+        SHA256: cec5964d7e32c52439d5eb660fa97827b619a7da9f3264f0c9fa4b69e3cb7cc1
+    RichPEHeaderHash:
+        MD5: 9545edcd2511d775b2a7cb9da1bd633a
+        SHA1: 1fb6c2234e5d3faf288eb0f0ca4bdaf3d2476286
+        SHA256: 0cea0c94a25010dfb6c9411ca7be3f9be61a0d59b53452313cf38595e787acd8
+    Sections:
+        .text:
+            Entropy: 6.143367500095279
+            Virtual Size: '0x768'
+        .rdata:
+            Entropy: 4.806801538138548
+            Virtual Size: '0xe7'
+        .data:
+            Entropy: 2.792481250360578
+            Virtual Size: '0xc'
+        PAGE:
+            Entropy: 6.263001835504504
+            Virtual Size: '0x6ad'
+        INIT:
+            Entropy: 5.36387805487485
+            Virtual Size: '0x284'
+        .rsrc:
+            Entropy: 3.2943212272199416
+            Virtual Size: '0x388'
+        .reloc:
+            Entropy: 4.8793366894268075
+            Virtual Size: '0xda'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2006-10-13 09:18:12'
+    InternalName: nvoclock.sys
+    Copyright: "Copyright \xA9NVIDIA Corp. 2003-2004"
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - DbgPrint
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - MmGetPhysicalAddress
+    - IoFreeMdl
+    - MmUnmapLockedPages
+    - MmMapLockedPages
+    - MmBuildMdlForNonPagedPool
+    - IoAllocateMdl
+    - _except_handler3
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    Signatures: {}
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: NVidia Corp.
+    Date: ''
+    Description: NVidia System Utility Driver
+    FileVersion: 5.05.14
+    Filename: ''
+    MD5: eda6e97b453388bb51ce84b8a11d9d13
+    MachineType: AMD64
+    OriginalFilename: nvoclock.sys
+    Product: NVidia System Utility Driver
+    ProductVersion: 5.05.14
+    Publisher: ''
+    SHA1: b3f5185d7824ea2c2d931c292f4d8f77903a4d2a
+    SHA256: 837d3b67d3e66ef1674c9f1a47046e1617ed13f73ee08441d95a6de3d73ee9f2
+    Signature: ''
+    Imphash: 236bc37dff7a92a4d25d807cf038e674
+    Authentihash:
+        MD5: 5e14fb93c03d2802155852d87eff5957
+        SHA1: dd43c641a714705142f01324cd31931f819a722e
+        SHA256: f3fc8f8dddbd471fa2d5deb292552876b3c737b09149307f901e38b53cd62648
+    RichPEHeaderHash:
+        MD5: 829df4ebafca2152230c9948a0e26c18
+        SHA1: cf3cecd990d504bd4b994f4b5ddac08638581f75
+        SHA256: 18c6c808021e90d58cc68255499963238911cac0733ae68bcf9ca301847771aa
+    Sections:
+        .text:
+            Entropy: 5.990034531404092
+            Virtual Size: '0xa76'
+        .rdata:
+            Entropy: 4.750468478050534
+            Virtual Size: '0x230'
+        .data:
+            Entropy: 1.945035565875688
+            Virtual Size: '0x18'
+        .pdata:
+            Entropy: 3.3381698165588243
+            Virtual Size: '0xb4'
+        PAGE:
+            Entropy: 5.890391985002299
+            Virtual Size: '0x958'
+        INIT:
+            Entropy: 5.223967543740313
+            Virtual Size: '0x2c0'
+        .rsrc:
+            Entropy: 3.289739690217645
+            Virtual Size: '0x388'
+        .reloc:
+            Entropy: 1.0689156580850052
+            Virtual Size: '0x24'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2006-10-13 09:18:17'
+    InternalName: nvoclock.sys
+    Copyright: "Copyright \xA9NVIDIA Corp. 2003-2004"
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - DbgPrint
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - __C_specific_handler
+    - MmGetPhysicalAddress
+    - IoFreeMdl
+    - MmUnmapLockedPages
+    - MmMapLockedPages
+    - MmBuildMdlForNonPagedPool
+    - IoAllocateMdl
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2008-12-03 23:59:59'
+            Signature: 877870da4e5201205be079c98230c4fdb91996bd9100c3bdcdcdc6f40ed8fff94dc033623011c5f5741bd492de5f9c2013b17c45be50cd83e7801783a72793671346fbcab8984103cc9b515b058b7fa86ff31b501b242ef2698d6c22f7bbca1695ed0c74c06877d9eb996287c17390f889747a23aba3987b97b1f78f29714d2e751b4841daf0b50d2054d677a097826369fd09cf8af075bb099bd9f91155269a6132be7a02b07b86bea2c38b222c78d13576bc92735cf9b9e64c150a23cce4d2d4342e4940153c0f607a24c6a566ef96cf70eb3ee7f40d7edcd17ca3767169c19c4f47303521b1a2af1a623c2bd98eaa2a077bd818b35c7be29da56ffe3c89ad
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0de92bf0d4d82988183205095e9a7688
+            Version: 3
+            TBS:
+                MD5: 45c204b8a20f6abb0188d2d38a3fb0c9
+                SHA1: cdf3a3c5c2eda4c29621f30fd3154f9f8c765739
+                SHA256: e32839dddc0f4ed2474efaf37f59d46db400c700fd19533cb0895a111124bc77
+                SHA384: ee9c75832cb252218b3201619852209df490d2ef7a5f7a28afdb37f1c1dd56f4604898838e558f615b1c798d4a488223
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=US, ST=California, L=Santa Clara, O=NVIDIA Corporation, OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, OU=Software, CN=NVIDIA
+                Corporation
+            ValidFrom: '2006-08-23 00:00:00'
+            ValidTo: '2007-09-01 23:59:59'
+            Signature: 399a310998f362743f6ff94b90f6bced52a5a0d4aff594e35097126a2e2538ba7f99ecf1de673b917301104b2b29f2faf93209b24a1c6a721d253001f774302e702be0b7661fa28abfe20cba38097ecdeb25b95243ec97d8465def0a62afc56c9ed0dab8f557a4f2bac474ef843ccd00668e77223cd030e03fb0964625e438313a624ff04941317a8f5e8384d27490cfff5ab9193342dec200fb86e4675f8bb88246e4c04875282aa858d638c43fc90c11e71da3bb5cf1252b93ac90d34f78bdf30a223d9320da406a6d7abe968ecba2589226aa5f4187c7b0e080ba4b0130fa0e38b93e6a7080c209f8c6cad3597380e5060d421cb82722467a59c02c889e39
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 5a4e47e9647b984c10e1d6a42bb07abe
+            Version: 3
+            TBS:
+                MD5: c52873115c87f9dcae09a44ca0131a28
+                SHA1: 4886227ca80507903cdda1d879010f25c5711881
+                SHA256: 94299c8728a24659771c72a6b2849c3095ed9d8befe924999b6d76f224145092
+                SHA384: 7a85a0db56dc2a62bb0bd3996572face21254961b4193492c6a5419bb1986a4192b20d21a6f2e65b7dd9b8ed633df2f4
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 5a4e47e9647b984c10e1d6a42bb07abe
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: NVIDIA Corp.
+    Date: ''
+    Description: NVIDIA System Utility Driver
+    FileVersion: 6.05.00
+    Filename: ''
+    MD5: 34e55ccceec34a8567c8b95d662ba886
+    MachineType: AMD64
+    OriginalFilename: nvoclock.sys
+    Product: NVIDIA System Utility Driver
+    ProductVersion: 6.05.00
+    Publisher: ''
+    SHA1: 2365a66c1eddfcf8385d9ff38ba8bd5f6f2e4fc2
+    SHA256: 848b150ffcf1301b26634a41f28deacb5ccdd3117d79b590d515ed49849b8891
+    Signature: ''
+    Imphash: 236bc37dff7a92a4d25d807cf038e674
+    Authentihash:
+        MD5: 17b5e7af1f9c888b67219147718ecbe2
+        SHA1: 9d6e6ca45e0b610b60feffe65715f0fa567b97a3
+        SHA256: 35ad05063e2b44b2e606464f12405b954ac8bc8417fa9732ba13365dbe26f90b
+    RichPEHeaderHash:
+        MD5: 4fe3a9ddd65c626fe7cb6e204f2c386e
+        SHA1: f3663ed015a24a057b28759c4738835f26b47169
+        SHA256: ebfeaab6945950f842f9b68c4499fc97bd5ad4ba34187f9df91fb8b62d1dabca
+    Sections:
+        .text:
+            Entropy: 5.8505031799203
+            Virtual Size: '0x210a'
+        .rdata:
+            Entropy: 7.976868823553878
+            Virtual Size: '0x4330'
+        .data:
+            Entropy: 1.945035565875688
+            Virtual Size: '0x18'
+        .pdata:
+            Entropy: 3.7768337704964527
+            Virtual Size: '0x12c'
+        PAGE:
+            Entropy: 6.09421520444042
+            Virtual Size: '0xc18'
+        INIT:
+            Entropy: 5.257812459468335
+            Virtual Size: '0x2c0'
+        .rsrc:
+            Entropy: 3.294498562191133
+            Virtual Size: '0x388'
+        .reloc:
+            Entropy: 1.0689156580850052
+            Virtual Size: '0x24'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2009-01-07 17:10:51'
+    InternalName: nvoclock.sys
+    Copyright: "Copyright \xA9NVIDIA Corp. 2003-2004"
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - DbgPrint
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - __C_specific_handler
+    - MmGetPhysicalAddress
+    - IoFreeMdl
+    - MmUnmapLockedPages
+    - MmMapLockedPages
+    - MmBuildMdlForNonPagedPool
+    - IoAllocateMdl
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=US, ST=California, L=Santa Clara, O=NVIDIA Corporation, OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, OU=Software, CN=NVIDIA
+                Corporation
+            ValidFrom: '2007-08-07 00:00:00'
+            ValidTo: '2009-09-01 23:59:59'
+            Signature: 657ca22c6aee2d80e07d1d99f3b398873df0f8f68d6436cf98cc75c08d85d9c25a08c551117d7e953a865cff6a21049bdf07b1ea64d97fde9f03846a76f5a6157bb402c623b2e06f6765477f8ed4ef18c2f1f5a2670291479ad7b0adf93651e6dbba1229aff21c64a3b08eb8925b34e4e5e8b81b32a8922881158730d5279effc64687f44c278bae83ef2b920f48f857e02691fc88e2b31a342e6de912c57245571b74791fe6fb7c013511ee13690cf2bbc627ff4f8798bae0c2d0366089f2633c5472d7d159e9734afa1481fe861c29a10da1aa65cbcbf91ead8b03411584d16b66731e1043f3da0a516ed6f0142d9df8975c5b646a826cf0a88ba59ad0d512
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3af820a6907699580410055228ecaddf
+            Version: 3
+            TBS:
+                MD5: 175416493bada497157d28d65f476b32
+                SHA1: 80854f578e2a3b5552ea839ba4f98ddfe94b2381
+                SHA256: 9f176c9eea37039bc9ac9c92f64af7e3718e9cab05291cca2408dbef2bfb7a50
+                SHA384: c178b9d04327f47938b970e8645084e9ef15aec5f42a31067d0d9fb74cce2f092b73d4564be9bcbddd13715b063ab942
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 3af820a6907699580410055228ecaddf
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: NVidia Corp.
+    Date: ''
+    Description: NVidia System Utility Driver
+    FileVersion: 5.05.47
+    Filename: ''
+    MD5: 9dd414590e695ea208139c23db8a5aa3
+    MachineType: I386
+    OriginalFilename: nvoclock.sys
+    Product: NVidia System Utility Driver
+    ProductVersion: 5.05.47
+    Publisher: ''
+    SHA1: 2fa92d3739735bc9ac4dc38f42d909d97cc5c2a8
+    SHA256: 87b4c5b7f653b47c9c3bed833f4d65648db22481e9fc54aa4a8c6549fa31712b
+    Signature: ''
+    Imphash: 481d7bb63a8e5eaba756137e6ef22e54
+    Authentihash:
+        MD5: 10eb0609a990adc1d0d2c9a09e4ea31b
+        SHA1: 8546586f7825c49876f2e0c52ba55f545b4e03bd
+        SHA256: 7c8d7bb3a272afe7fb737bd165fe9bd8f8187f1835289eb66d471cdced74e950
+    RichPEHeaderHash:
+        MD5: 9545edcd2511d775b2a7cb9da1bd633a
+        SHA1: 1fb6c2234e5d3faf288eb0f0ca4bdaf3d2476286
+        SHA256: 0cea0c94a25010dfb6c9411ca7be3f9be61a0d59b53452313cf38595e787acd8
+    Sections:
+        .text:
+            Entropy: 6.143367500095279
+            Virtual Size: '0x768'
+        .rdata:
+            Entropy: 4.872296604793326
+            Virtual Size: '0xf0'
+        .data:
+            Entropy: 2.792481250360578
+            Virtual Size: '0xc'
+        PAGE:
+            Entropy: 6.263001835504504
+            Virtual Size: '0x6ad'
+        INIT:
+            Entropy: 5.36387805487485
+            Virtual Size: '0x284'
+        .rsrc:
+            Entropy: 3.2943212272199416
+            Virtual Size: '0x388'
+        .reloc:
+            Entropy: 4.8793366894268075
+            Virtual Size: '0xda'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2007-07-03 13:33:02'
+    InternalName: nvoclock.sys
+    Copyright: "Copyright \xA9NVIDIA Corp. 2003-2004"
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - DbgPrint
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - MmGetPhysicalAddress
+    - IoFreeMdl
+    - MmUnmapLockedPages
+    - MmMapLockedPages
+    - MmBuildMdlForNonPagedPool
+    - IoAllocateMdl
+    - _except_handler3
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    Signatures: {}
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: NVIDIA Corp.
+    Date: ''
+    Description: NVIDIA System Utility Driver
+    FileVersion: 6.03.06
+    Filename: ''
+    MD5: d396332f9d7b71c10b3b83da030690f0
+    MachineType: I386
+    OriginalFilename: nvoclock.sys
+    Product: NVIDIA System Utility Driver
+    ProductVersion: 6.03.06
+    Publisher: ''
+    SHA1: df177a0c8c1113449f008f8e833105344b419834
+    SHA256: 909f6c4b8f779df01ef91e549679aa4600223ac75bc7f3a3a79a37cee2326e77
+    Signature: ''
+    Imphash: 1b0788bb68804273159b8ace9cba7ea3
+    Authentihash:
+        MD5: 516711a6410e6bef7b533babf31a6193
+        SHA1: 417ae5f63bd26857db2b374e6ef1f60b66910db7
+        SHA256: fb79b99db91dc965263bd2c10ec0f58c6b8f282e0273f40c4249831b74ffec3a
+    RichPEHeaderHash:
+        MD5: 86c7ec663ebc07b1e06b93fb4d4a7433
+        SHA1: db70eac0fca1908453e61d077cdf09ab68f369eb
+        SHA256: 77a2ee6677d7156b5f31b6ddcee14adf1e68d50a2a7f7ca62a0c484ae0a77c12
+    Sections:
+        .text:
+            Entropy: 6.38790652185374
+            Virtual Size: '0x1dce'
+        .rdata:
+            Entropy: 7.995625315883109
+            Virtual Size: '0x4150'
+        .data:
+            Entropy: 2.792481250360578
+            Virtual Size: '0xc'
+        PAGE:
+            Entropy: 6.256600826224753
+            Virtual Size: '0x762'
+        INIT:
+            Entropy: 5.32929280121916
+            Virtual Size: '0x294'
+        .rsrc:
+            Entropy: 3.294274585528657
+            Virtual Size: '0x388'
+        .reloc:
+            Entropy: 6.061802260394644
+            Virtual Size: '0x326'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2008-09-29 14:17:05'
+    InternalName: nvoclock.sys
+    Copyright: "Copyright \xA9NVIDIA Corp. 2003-2004"
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - DbgPrint
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - _except_handler3
+    - MmGetPhysicalAddress
+    - IoFreeMdl
+    - MmUnmapLockedPages
+    - MmMapLockedPages
+    - MmBuildMdlForNonPagedPool
+    - IoAllocateMdl
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - _aullshr
+    Signatures: {}
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: NVidia Corp.
+    Date: ''
+    Description: NVidia System Utility Driver
+    FileVersion: 5.05.18
+    Filename: ''
+    MD5: b5192270857c1f17f7290acbaadf097d
+    MachineType: AMD64
+    OriginalFilename: nvoclock.sys
+    Product: NVidia System Utility Driver
+    ProductVersion: 5.05.18
+    Publisher: ''
+    SHA1: 45328110873640d8fed9fc72f7d2eadd3d17ceae
+    SHA256: 9bfd24947052bfe9f2979113a7941e40bd7e3a82eaa081a32ad4064159f07c91
+    Signature: ''
+    Imphash: 236bc37dff7a92a4d25d807cf038e674
+    Authentihash:
+        MD5: 47365241aae4ce7574b32e30250a08d5
+        SHA1: 610f7e1df10894ac22fc14486658bd152c1b537d
+        SHA256: 978a1e937dd4c03eb2f2a55a0ed8b14294c5c175584ebf85bd20b889bdc9378c
+    RichPEHeaderHash:
+        MD5: 829df4ebafca2152230c9948a0e26c18
+        SHA1: cf3cecd990d504bd4b994f4b5ddac08638581f75
+        SHA256: 18c6c808021e90d58cc68255499963238911cac0733ae68bcf9ca301847771aa
+    Sections:
+        .text:
+            Entropy: 5.990034531404092
+            Virtual Size: '0xa76'
+        .rdata:
+            Entropy: 4.768031340485568
+            Virtual Size: '0x230'
+        .data:
+            Entropy: 1.945035565875688
+            Virtual Size: '0x18'
+        .pdata:
+            Entropy: 3.3381698165588243
+            Virtual Size: '0xb4'
+        PAGE:
+            Entropy: 5.890391985002299
+            Virtual Size: '0x958'
+        INIT:
+            Entropy: 5.223967543740313
+            Virtual Size: '0x2c0'
+        .rsrc:
+            Entropy: 3.296423145947696
+            Virtual Size: '0x388'
+        .reloc:
+            Entropy: 1.0689156580850052
+            Virtual Size: '0x24'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2006-10-31 08:29:07'
+    InternalName: nvoclock.sys
+    Copyright: "Copyright \xA9NVIDIA Corp. 2003-2004"
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - DbgPrint
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - __C_specific_handler
+    - MmGetPhysicalAddress
+    - IoFreeMdl
+    - MmUnmapLockedPages
+    - MmMapLockedPages
+    - MmBuildMdlForNonPagedPool
+    - IoAllocateMdl
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2008-12-03 23:59:59'
+            Signature: 877870da4e5201205be079c98230c4fdb91996bd9100c3bdcdcdc6f40ed8fff94dc033623011c5f5741bd492de5f9c2013b17c45be50cd83e7801783a72793671346fbcab8984103cc9b515b058b7fa86ff31b501b242ef2698d6c22f7bbca1695ed0c74c06877d9eb996287c17390f889747a23aba3987b97b1f78f29714d2e751b4841daf0b50d2054d677a097826369fd09cf8af075bb099bd9f91155269a6132be7a02b07b86bea2c38b222c78d13576bc92735cf9b9e64c150a23cce4d2d4342e4940153c0f607a24c6a566ef96cf70eb3ee7f40d7edcd17ca3767169c19c4f47303521b1a2af1a623c2bd98eaa2a077bd818b35c7be29da56ffe3c89ad
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0de92bf0d4d82988183205095e9a7688
+            Version: 3
+            TBS:
+                MD5: 45c204b8a20f6abb0188d2d38a3fb0c9
+                SHA1: cdf3a3c5c2eda4c29621f30fd3154f9f8c765739
+                SHA256: e32839dddc0f4ed2474efaf37f59d46db400c700fd19533cb0895a111124bc77
+                SHA384: ee9c75832cb252218b3201619852209df490d2ef7a5f7a28afdb37f1c1dd56f4604898838e558f615b1c798d4a488223
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=US, ST=California, L=Santa Clara, O=NVIDIA Corporation, OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, OU=Software, CN=NVIDIA
+                Corporation
+            ValidFrom: '2006-08-23 00:00:00'
+            ValidTo: '2007-09-01 23:59:59'
+            Signature: 399a310998f362743f6ff94b90f6bced52a5a0d4aff594e35097126a2e2538ba7f99ecf1de673b917301104b2b29f2faf93209b24a1c6a721d253001f774302e702be0b7661fa28abfe20cba38097ecdeb25b95243ec97d8465def0a62afc56c9ed0dab8f557a4f2bac474ef843ccd00668e77223cd030e03fb0964625e438313a624ff04941317a8f5e8384d27490cfff5ab9193342dec200fb86e4675f8bb88246e4c04875282aa858d638c43fc90c11e71da3bb5cf1252b93ac90d34f78bdf30a223d9320da406a6d7abe968ecba2589226aa5f4187c7b0e080ba4b0130fa0e38b93e6a7080c209f8c6cad3597380e5060d421cb82722467a59c02c889e39
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 5a4e47e9647b984c10e1d6a42bb07abe
+            Version: 3
+            TBS:
+                MD5: c52873115c87f9dcae09a44ca0131a28
+                SHA1: 4886227ca80507903cdda1d879010f25c5711881
+                SHA256: 94299c8728a24659771c72a6b2849c3095ed9d8befe924999b6d76f224145092
+                SHA384: 7a85a0db56dc2a62bb0bd3996572face21254961b4193492c6a5419bb1986a4192b20d21a6f2e65b7dd9b8ed633df2f4
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 5a4e47e9647b984c10e1d6a42bb07abe
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: NVidia Corp.
+    Date: ''
+    Description: NVidia System Utility Driver
+    FileVersion: 2.00.20
+    Filename: ''
+    MD5: e84605c8e290de6b92ce81d2f6a175d2
+    MachineType: I386
+    OriginalFilename: nvoclock.sys
+    Product: NVidia System Utility Driver
+    ProductVersion: 2.00.20
+    Publisher: ''
+    SHA1: 0a89a6f6f40213356487bfcfb0b129e4f6375180
+    SHA256: a47555d04b375f844073fdcc71e5ccaa1bbb201e24dcdebe2399e055e15c849f
+    Signature: ''
+    Imphash: 0555907292d07d9f78205416eb1924d3
+    Authentihash:
+        MD5: 249edfd8542e921535738c447fe1d954
+        SHA1: ce931d8ffec4869a0863924c1b84d5bcc86f27d7
+        SHA256: 8b6251a1883c5ed03ecdead8322e7d8105d075fef160abfe763d5873484b2a27
+    RichPEHeaderHash:
+        MD5: 41c516c9b6b6d929c0376632ca7e9e2e
+        SHA1: cd030ea48cd91bee4af04e37e4062038f3be7978
+        SHA256: 30757d814d07663358c7d4ac758d2ce739d660ab2e01c8a0961b1042bcd91fdb
+    Sections:
+        .text:
+            Entropy: 5.98198943867537
+            Virtual Size: '0x67e'
+        .rdata:
+            Entropy: 4.5971420673862
+            Virtual Size: '0xab'
+        .data:
+            Entropy: 2.792481250360578
+            Virtual Size: '0xc'
+        PAGE:
+            Entropy: 6.188062821654975
+            Virtual Size: '0x5c1'
+        INIT:
+            Entropy: 5.360009213877697
+            Virtual Size: '0x240'
+        .rsrc:
+            Entropy: 3.2783385048574343
+            Virtual Size: '0x388'
+        .reloc:
+            Entropy: 4.631989197719118
+            Virtual Size: '0xbe'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2004-11-18 08:35:43'
+    InternalName: nvoclock.sys
+    Copyright: "Copyright \xA9NVIDIA Corp. 2003-2004"
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - IoFreeMdl
+    - MmUnmapLockedPages
+    - MmMapLockedPages
+    - MmBuildMdlForNonPagedPool
+    - IoAllocateMdl
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    Signatures: {}
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: NVIDIA Corp.
+    Date: ''
+    Description: NVIDIA System Utility Driver
+    FileVersion: 6.03.12
+    Filename: ''
+    MD5: cceb3a7e3bd0203c807168b393a65a74
+    MachineType: AMD64
+    OriginalFilename: nvoclock.sys
+    Product: NVIDIA System Utility Driver
+    ProductVersion: 6.03.12
+    Publisher: ''
+    SHA1: bd3e1d5aacac6406a7bcea3b471bbfa863efbc3d
+    SHA256: ae3a6a0726f667658fc3e3180980609dcb31bdbf833d7cb76ba5d405058d5156
+    Signature: ''
+    Imphash: 236bc37dff7a92a4d25d807cf038e674
+    Authentihash:
+        MD5: 984a1e67c2d9102baba161af7f2c7dc5
+        SHA1: dbf3588cd34c2730a4a2a3d7dbf12fdce1169722
+        SHA256: 2ddcca718ae393cf1d3fd57ddd648484b97c95086bc1c77c6e00d8cd86d60bd8
+    RichPEHeaderHash:
+        MD5: 4fe3a9ddd65c626fe7cb6e204f2c386e
+        SHA1: f3663ed015a24a057b28759c4738835f26b47169
+        SHA256: ebfeaab6945950f842f9b68c4499fc97bd5ad4ba34187f9df91fb8b62d1dabca
+    Sections:
+        .text:
+            Entropy: 5.854065401428635
+            Virtual Size: '0x20da'
+        .rdata:
+            Entropy: 7.977171073541779
+            Virtual Size: '0x4320'
+        .data:
+            Entropy: 1.945035565875688
+            Virtual Size: '0x18'
+        .pdata:
+            Entropy: 3.680091290350265
+            Virtual Size: '0x12c'
+        PAGE:
+            Entropy: 6.002225301908086
+            Virtual Size: '0xb08'
+        INIT:
+            Entropy: 5.260653368559245
+            Virtual Size: '0x2c0'
+        .rsrc:
+            Entropy: 3.310460353720858
+            Virtual Size: '0x388'
+        .reloc:
+            Entropy: 1.0689156580850052
+            Virtual Size: '0x24'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2009-01-06 16:47:08'
+    InternalName: nvoclock.sys
+    Copyright: "Copyright \xA9NVIDIA Corp. 2003-2004"
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - DbgPrint
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - __C_specific_handler
+    - MmGetPhysicalAddress
+    - IoFreeMdl
+    - MmUnmapLockedPages
+    - MmMapLockedPages
+    - MmBuildMdlForNonPagedPool
+    - IoAllocateMdl
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=US, ST=California, L=Santa Clara, O=NVIDIA Corporation, OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, OU=Software, CN=NVIDIA
+                Corporation
+            ValidFrom: '2007-08-07 00:00:00'
+            ValidTo: '2009-09-01 23:59:59'
+            Signature: 657ca22c6aee2d80e07d1d99f3b398873df0f8f68d6436cf98cc75c08d85d9c25a08c551117d7e953a865cff6a21049bdf07b1ea64d97fde9f03846a76f5a6157bb402c623b2e06f6765477f8ed4ef18c2f1f5a2670291479ad7b0adf93651e6dbba1229aff21c64a3b08eb8925b34e4e5e8b81b32a8922881158730d5279effc64687f44c278bae83ef2b920f48f857e02691fc88e2b31a342e6de912c57245571b74791fe6fb7c013511ee13690cf2bbc627ff4f8798bae0c2d0366089f2633c5472d7d159e9734afa1481fe861c29a10da1aa65cbcbf91ead8b03411584d16b66731e1043f3da0a516ed6f0142d9df8975c5b646a826cf0a88ba59ad0d512
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3af820a6907699580410055228ecaddf
+            Version: 3
+            TBS:
+                MD5: 175416493bada497157d28d65f476b32
+                SHA1: 80854f578e2a3b5552ea839ba4f98ddfe94b2381
+                SHA256: 9f176c9eea37039bc9ac9c92f64af7e3718e9cab05291cca2408dbef2bfb7a50
+                SHA384: c178b9d04327f47938b970e8645084e9ef15aec5f42a31067d0d9fb74cce2f092b73d4564be9bcbddd13715b063ab942
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 3af820a6907699580410055228ecaddf
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: NVidia Corp.
+    Date: ''
+    Description: NVidia System Utility Driver
+    FileVersion: 5.05.54
+    Filename: ''
+    MD5: 241a095631570a9cef4f126c87605c60
+    MachineType: AMD64
+    OriginalFilename: nvoclock.sys
+    Product: NVidia System Utility Driver
+    ProductVersion: 5.05.54
+    Publisher: ''
+    SHA1: d496a8d3e71eaacd873ccef1d1f6801e54959713
+    SHA256: afda5af5f210336061bff0fab0ed93ee495312bed639ec5db56fbac0ea8247d3
+    Signature: ''
+    Imphash: 236bc37dff7a92a4d25d807cf038e674
+    Authentihash:
+        MD5: 4bdf9ad93233463f415034725788ae43
+        SHA1: f8fe56435f0d964d8fd1ee4b7c05bc68fd032a41
+        SHA256: c0a60e07b06033497ded62ed49fbf3eb3d8fe750eebc3f0c332f5d84ab17e045
+    RichPEHeaderHash:
+        MD5: 4fe3a9ddd65c626fe7cb6e204f2c386e
+        SHA1: f3663ed015a24a057b28759c4738835f26b47169
+        SHA256: ebfeaab6945950f842f9b68c4499fc97bd5ad4ba34187f9df91fb8b62d1dabca
+    Sections:
+        .text:
+            Entropy: 5.821147695135203
+            Virtual Size: '0x1fba'
+        .rdata:
+            Entropy: 7.978082763419433
+            Virtual Size: '0x4304'
+        .data:
+            Entropy: 1.945035565875688
+            Virtual Size: '0x18'
+        .pdata:
+            Entropy: 3.684694571322227
+            Virtual Size: '0x114'
+        PAGE:
+            Entropy: 5.980196151418771
+            Virtual Size: '0xa58'
+        INIT:
+            Entropy: 5.269611474363871
+            Virtual Size: '0x2c0'
+        .rsrc:
+            Entropy: 3.2882263433655976
+            Virtual Size: '0x388'
+        .reloc:
+            Entropy: 1.0689156580850052
+            Virtual Size: '0x24'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2007-09-04 20:26:33'
+    InternalName: nvoclock.sys
+    Copyright: "Copyright \xA9NVIDIA Corp. 2003-2004"
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - DbgPrint
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - __C_specific_handler
+    - MmGetPhysicalAddress
+    - IoFreeMdl
+    - MmUnmapLockedPages
+    - MmMapLockedPages
+    - MmBuildMdlForNonPagedPool
+    - IoAllocateMdl
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=US, ST=California, L=Santa Clara, O=NVIDIA Corporation, OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, OU=Software, CN=NVIDIA
+                Corporation
+            ValidFrom: '2007-08-07 00:00:00'
+            ValidTo: '2009-09-01 23:59:59'
+            Signature: 657ca22c6aee2d80e07d1d99f3b398873df0f8f68d6436cf98cc75c08d85d9c25a08c551117d7e953a865cff6a21049bdf07b1ea64d97fde9f03846a76f5a6157bb402c623b2e06f6765477f8ed4ef18c2f1f5a2670291479ad7b0adf93651e6dbba1229aff21c64a3b08eb8925b34e4e5e8b81b32a8922881158730d5279effc64687f44c278bae83ef2b920f48f857e02691fc88e2b31a342e6de912c57245571b74791fe6fb7c013511ee13690cf2bbc627ff4f8798bae0c2d0366089f2633c5472d7d159e9734afa1481fe861c29a10da1aa65cbcbf91ead8b03411584d16b66731e1043f3da0a516ed6f0142d9df8975c5b646a826cf0a88ba59ad0d512
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3af820a6907699580410055228ecaddf
+            Version: 3
+            TBS:
+                MD5: 175416493bada497157d28d65f476b32
+                SHA1: 80854f578e2a3b5552ea839ba4f98ddfe94b2381
+                SHA256: 9f176c9eea37039bc9ac9c92f64af7e3718e9cab05291cca2408dbef2bfb7a50
+                SHA384: c178b9d04327f47938b970e8645084e9ef15aec5f42a31067d0d9fb74cce2f092b73d4564be9bcbddd13715b063ab942
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 3af820a6907699580410055228ecaddf
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: NVidia Corp.
+    Date: ''
+    Description: NVidia System Utility Driver
+    FileVersion: 5.05.54
+    Filename: ''
+    MD5: 61d6b1c71ad94f8485e966bebc36d092
+    MachineType: I386
+    OriginalFilename: nvoclock.sys
+    Product: NVidia System Utility Driver
+    ProductVersion: 5.05.54
+    Publisher: ''
+    SHA1: 72a5ac213ec1681d173bee4f1807c70a77b41bf6
+    SHA256: b2364c3cf230648dad30952701aef90acfc9891541c7e154e30c9750da213ed1
+    Signature: ''
+    Imphash: 1b0788bb68804273159b8ace9cba7ea3
+    Authentihash:
+        MD5: c048567c1a013164e8c4be5cbb16e73a
+        SHA1: c2fdc70a7a7d832520ffa572825265ff7bd978d3
+        SHA256: 14a0a9fe317192b54fda1516f46af78e6aabac0cf050bf18ec1e5ddaefd8e051
+    RichPEHeaderHash:
+        MD5: 86c7ec663ebc07b1e06b93fb4d4a7433
+        SHA1: db70eac0fca1908453e61d077cdf09ab68f369eb
+        SHA256: 77a2ee6677d7156b5f31b6ddcee14adf1e68d50a2a7f7ca62a0c484ae0a77c12
+    Sections:
+        .text:
+            Entropy: 6.347643758535278
+            Virtual Size: '0x1d42'
+        .rdata:
+            Entropy: 7.9956491667592635
+            Virtual Size: '0x4150'
+        .data:
+            Entropy: 2.792481250360578
+            Virtual Size: '0xc'
+        PAGE:
+            Entropy: 6.212137717212665
+            Virtual Size: '0x6d4'
+        INIT:
+            Entropy: 5.374902500397382
+            Virtual Size: '0x294'
+        .rsrc:
+            Entropy: 3.2846895595459378
+            Virtual Size: '0x388'
+        .reloc:
+            Entropy: 6.077496430797658
+            Virtual Size: '0x324'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2007-09-04 20:26:31'
+    InternalName: nvoclock.sys
+    Copyright: "Copyright \xA9NVIDIA Corp. 2003-2004"
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - DbgPrint
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - _except_handler3
+    - MmGetPhysicalAddress
+    - IoFreeMdl
+    - MmUnmapLockedPages
+    - MmMapLockedPages
+    - MmBuildMdlForNonPagedPool
+    - IoAllocateMdl
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - _aullshr
+    Signatures: {}
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: NVIDIA Corp.
+    Date: ''
+    Description: NVIDIA System Utility Driver
+    FileVersion: 6.05.02
+    Filename: ''
+    MD5: 2eec12c17d6b8deeeac485f47131d150
+    MachineType: AMD64
+    OriginalFilename: nvoclock.sys
+    Product: NVIDIA System Utility Driver
+    ProductVersion: 6.05.02
+    Publisher: ''
+    SHA1: 228b1ff5cd519faa15d9c2f8cfefd7e683bc3f2b
+    SHA256: b8321471be85dc8a67ac18a2460cab50e7c41cb47252f9a7278b1e69d6970f25
+    Signature: ''
+    Imphash: 7453e39bd87c63550451ba2fa354dd8e
+    Authentihash:
+        MD5: d946955440f474be87d88cc5d8cf0252
+        SHA1: 2a84776f7912799753358cba07e23f25b7191c9f
+        SHA256: 5f5243c9d9638a23ccf0e32f54c585e5688a4a853ff04898281fa23697aaec34
+    RichPEHeaderHash:
+        MD5: a4df41f43bdbd389d42ae6edd60d2a40
+        SHA1: b114d14cfe78d9f5399d9284da4d0d924e8a4d2d
+        SHA256: a5d7787a655a67842d021fede9ecf5a2bbe628300430cb2a72f4bdf7ab30da35
+    Sections:
+        .text:
+            Entropy: 5.880419380402802
+            Virtual Size: '0x2194'
+        .rdata:
+            Entropy: 7.96597737173945
+            Virtual Size: '0x43b0'
+        .data:
+            Entropy: 1.7201755214643453
+            Virtual Size: '0x18'
+        .pdata:
+            Entropy: 3.8232545976060415
+            Virtual Size: '0x150'
+        PAGE:
+            Entropy: 6.190115652633595
+            Virtual Size: '0x1139'
+        INIT:
+            Entropy: 5.025018574047011
+            Virtual Size: '0x3d0'
+        .rsrc:
+            Entropy: 3.321854599483902
+            Virtual Size: '0x388'
+        .reloc:
+            Entropy: 1.0689156580850052
+            Virtual Size: '0x24'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2009-03-09 13:25:10'
+    InternalName: nvoclock.sys
+    Copyright: "Copyright \xA9NVIDIA Corp. 2003-2004"
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoInitializeRemoveLockEx
+    - IoDeleteSymbolicLink
+    - IoAttachDeviceToDeviceStack
+    - IoDeleteDevice
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - RtlInitUnicodeString
+    - KeSetEvent
+    - IoReleaseRemoveLockEx
+    - IoDetachDevice
+    - IoReleaseRemoveLockAndWaitEx
+    - MmUnmapIoSpace
+    - KeWaitForSingleObject
+    - IofCallDriver
+    - KeInitializeEvent
+    - RtlCopyMemory
+    - IofCompleteRequest
+    - IoAcquireRemoveLockEx
+    - MmMapIoSpace
+    - PoCallDriver
+    - PoStartNextPowerIrp
+    - __C_specific_handler
+    - MmGetPhysicalAddress
+    - IoFreeMdl
+    - MmUnmapLockedPages
+    - MmMapLockedPages
+    - MmBuildMdlForNonPagedPool
+    - IoAllocateMdl
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=US, ST=California, L=Santa Clara, O=NVIDIA Corporation, OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, OU=Software, CN=NVIDIA
+                Corporation
+            ValidFrom: '2007-08-07 00:00:00'
+            ValidTo: '2009-09-01 23:59:59'
+            Signature: 657ca22c6aee2d80e07d1d99f3b398873df0f8f68d6436cf98cc75c08d85d9c25a08c551117d7e953a865cff6a21049bdf07b1ea64d97fde9f03846a76f5a6157bb402c623b2e06f6765477f8ed4ef18c2f1f5a2670291479ad7b0adf93651e6dbba1229aff21c64a3b08eb8925b34e4e5e8b81b32a8922881158730d5279effc64687f44c278bae83ef2b920f48f857e02691fc88e2b31a342e6de912c57245571b74791fe6fb7c013511ee13690cf2bbc627ff4f8798bae0c2d0366089f2633c5472d7d159e9734afa1481fe861c29a10da1aa65cbcbf91ead8b03411584d16b66731e1043f3da0a516ed6f0142d9df8975c5b646a826cf0a88ba59ad0d512
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3af820a6907699580410055228ecaddf
+            Version: 3
+            TBS:
+                MD5: 175416493bada497157d28d65f476b32
+                SHA1: 80854f578e2a3b5552ea839ba4f98ddfe94b2381
+                SHA256: 9f176c9eea37039bc9ac9c92f64af7e3718e9cab05291cca2408dbef2bfb7a50
+                SHA384: c178b9d04327f47938b970e8645084e9ef15aec5f42a31067d0d9fb74cce2f092b73d4564be9bcbddd13715b063ab942
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 3af820a6907699580410055228ecaddf
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: NVidia Corp.
+    Date: ''
+    Description: NVidia System Utility Driver
+    FileVersion: 6.02.15
+    Filename: ''
+    MD5: edfa69e9132a56778d6363cd41843893
+    MachineType: AMD64
+    OriginalFilename: nvoclock.sys
+    Product: NVidia System Utility Driver
+    ProductVersion: 6.02.15
+    Publisher: ''
+    SHA1: 0a5ef5b72e621a639860c03f1cac499567082f39
+    SHA256: d54ac69c438ba77cde88c6efd6a423491996d4e8a235666644b1db954eb1da9c
+    Signature: ''
+    Imphash: 236bc37dff7a92a4d25d807cf038e674
+    Authentihash:
+        MD5: da2a882bdc691526975b88e83bba5b9d
+        SHA1: 96bff1ce988224e1bd7fdff981feb35cb8af278c
+        SHA256: 6c049aff27517fe269517b07bdc8ef1e7b26e1e76276b02dc5a9688901a88de3
+    RichPEHeaderHash:
+        MD5: 4fe3a9ddd65c626fe7cb6e204f2c386e
+        SHA1: f3663ed015a24a057b28759c4738835f26b47169
+        SHA256: ebfeaab6945950f842f9b68c4499fc97bd5ad4ba34187f9df91fb8b62d1dabca
+    Sections:
+        .text:
+            Entropy: 5.854065401428635
+            Virtual Size: '0x20da'
+        .rdata:
+            Entropy: 7.977154517132318
+            Virtual Size: '0x4320'
+        .data:
+            Entropy: 1.945035565875688
+            Virtual Size: '0x18'
+        .pdata:
+            Entropy: 3.680091290350265
+            Virtual Size: '0x12c'
+        PAGE:
+            Entropy: 6.002225301908086
+            Virtual Size: '0xb08'
+        INIT:
+            Entropy: 5.260653368559245
+            Virtual Size: '0x2c0'
+        .rsrc:
+            Entropy: 3.3119731857924113
+            Virtual Size: '0x388'
+        .reloc:
+            Entropy: 1.0689156580850052
+            Virtual Size: '0x24'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2008-08-18 10:00:01'
+    InternalName: nvoclock.sys
+    Copyright: "Copyright \xA9NVIDIA Corp. 2003-2004"
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - DbgPrint
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - __C_specific_handler
+    - MmGetPhysicalAddress
+    - IoFreeMdl
+    - MmUnmapLockedPages
+    - MmMapLockedPages
+    - MmBuildMdlForNonPagedPool
+    - IoAllocateMdl
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=US, ST=California, L=Santa Clara, O=NVIDIA Corporation, OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, OU=Software, CN=NVIDIA
+                Corporation
+            ValidFrom: '2007-08-07 00:00:00'
+            ValidTo: '2009-09-01 23:59:59'
+            Signature: 657ca22c6aee2d80e07d1d99f3b398873df0f8f68d6436cf98cc75c08d85d9c25a08c551117d7e953a865cff6a21049bdf07b1ea64d97fde9f03846a76f5a6157bb402c623b2e06f6765477f8ed4ef18c2f1f5a2670291479ad7b0adf93651e6dbba1229aff21c64a3b08eb8925b34e4e5e8b81b32a8922881158730d5279effc64687f44c278bae83ef2b920f48f857e02691fc88e2b31a342e6de912c57245571b74791fe6fb7c013511ee13690cf2bbc627ff4f8798bae0c2d0366089f2633c5472d7d159e9734afa1481fe861c29a10da1aa65cbcbf91ead8b03411584d16b66731e1043f3da0a516ed6f0142d9df8975c5b646a826cf0a88ba59ad0d512
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3af820a6907699580410055228ecaddf
+            Version: 3
+            TBS:
+                MD5: 175416493bada497157d28d65f476b32
+                SHA1: 80854f578e2a3b5552ea839ba4f98ddfe94b2381
+                SHA256: 9f176c9eea37039bc9ac9c92f64af7e3718e9cab05291cca2408dbef2bfb7a50
+                SHA384: c178b9d04327f47938b970e8645084e9ef15aec5f42a31067d0d9fb74cce2f092b73d4564be9bcbddd13715b063ab942
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 3af820a6907699580410055228ecaddf
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: NVidia Corp.
+    Date: ''
+    Description: NVidia System Utility Driver
+    FileVersion: 5.00.06
+    Filename: ''
+    MD5: 7f9128654c3def08c28e0e13efff0fee
+    MachineType: AMD64
+    OriginalFilename: nvoclock.sys
+    Product: NVidia System Utility Driver
+    ProductVersion: 5.00.06
+    Publisher: ''
+    SHA1: a45687965357036df17b8ff380e3a43a8fbb2ca9
+    SHA256: d633055c7eda26dacfc30109eb790625519fc7b0a3a601ceed9e21918aad8a1b
+    Signature: ''
+    Imphash: 236bc37dff7a92a4d25d807cf038e674
+    Authentihash:
+        MD5: eb49b04c44903ee1cedc83c5fcd2f837
+        SHA1: d35e1e29c0124adb3dbbe490190d196b1f1e7425
+        SHA256: ba182292c25044e9abc89bcd2a846a4cd74485ce0c26413e5a859c516f9d89e2
+    RichPEHeaderHash:
+        MD5: 829df4ebafca2152230c9948a0e26c18
+        SHA1: cf3cecd990d504bd4b994f4b5ddac08638581f75
+        SHA256: 18c6c808021e90d58cc68255499963238911cac0733ae68bcf9ca301847771aa
+    Sections:
+        .text:
+            Entropy: 5.9855546431770765
+            Virtual Size: '0xa76'
+        .rdata:
+            Entropy: 4.738503317609862
+            Virtual Size: '0x220'
+        .data:
+            Entropy: 1.945035565875688
+            Virtual Size: '0x18'
+        .pdata:
+            Entropy: 3.350894783533565
+            Virtual Size: '0xb4'
+        PAGE:
+            Entropy: 5.888499158365277
+            Virtual Size: '0x8f8'
+        INIT:
+            Entropy: 5.223967543740313
+            Virtual Size: '0x2c0'
+        .rsrc:
+            Entropy: 3.2820642410900125
+            Virtual Size: '0x388'
+        .reloc:
+            Entropy: 1.0689156580850052
+            Virtual Size: '0x24'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2006-06-06 09:55:55'
+    InternalName: nvoclock.sys
+    Copyright: "Copyright \xA9NVIDIA Corp. 2003-2004"
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - DbgPrint
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - __C_specific_handler
+    - MmGetPhysicalAddress
+    - IoFreeMdl
+    - MmUnmapLockedPages
+    - MmMapLockedPages
+    - MmBuildMdlForNonPagedPool
+    - IoAllocateMdl
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, OU=GeoTrust TrustCenter CodeSigning CA, O=GeoTrust Inc,
+                CN=GeoTrust TrustCenter CodeSigning CA I
+            ValidFrom: '2006-02-01 21:44:28'
+            ValidTo: '2016-01-30 21:44:28'
+            Signature: 65c62c9e0fc5dec5639b6e8341e0d9137104dcd9813151f57eb9930d2ef80ae8c329c0e15e02c935bb2d936ff620702b7af688c0a60133696035618235da87d374289fa4b7c023012a763198473d2bd618173691b6203e8c00876f603252123d15d2a49c00def933f55e980a433ab6af40d8924b85b25701b2c9b09174f7b754
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 05ab96
+            Version: 3
+            TBS:
+                MD5: 861ac2a336eb5977ee1d342b79b3339a
+                SHA1: 172f39bca3dda7c6d5169c96b34a5fe7e96ff0bd
+                SHA256: 4e5f8008413b8bd1daacea968d79051fc84d2fcd76ded06c65fd8d2cf3b4e2e1
+                SHA384: 99b4b343c5b223a1446551c3dd26e2a0dcafe214460c5fcc4f9f12eaca42695ae9adb04fc19eec33f17d1659a0730e95
+        -   Subject: C=TW, ST=Taiwan, L=Taipei, O=Micro,Star Int'l Co., Ltd., OU=MIS,
+                OU=GeoTrust Code Signing, CN=Micro,Star Int'l Co., Ltd.
+            ValidFrom: '2006-09-11 09:43:50'
+            ValidTo: '2008-09-11 09:43:50'
+            Signature: 7335bd70b995d2686492c60ee10cdbceca4b87fe95bf22bc6855dd1fb06ec8c1769ebe7242476a490af64089ad684e0961b2282443b2ad0a05b50f5d0b9f04b66d08013c5007928e4b4c39e2a4723be45522fe6ed7610199379c101e269c52458a363ad8ac60dd4c2782dbcc46f4c9f1c4febc6b64e963d1a7e3b00e2b1400bd5bd56086683f4391b6981795cd06420d33048dbb0553ffc320f90cf993eacced1f32aa7527b5cdd2419e1752f850a01762768552975936d0c4e1367c40280cde06dcf66fd7ff09ecf586678b7b37c28d040cf286f59433f669f197cc9ed0ef825aa2f4d56c0f2503b272a5b8131083c2969cb4503b4334a310b81ac81626ed1e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4be200010020da64b996e9157caa
+            Version: 3
+            TBS:
+                MD5: 003ad6ab7503faa11a0cb94d94a50f3b
+                SHA1: 91091aed19f92255ba8c915f1a5eb92dee6f54dd
+                SHA256: d585752b1322386c8bf959ad7c5a17d44feaf84116fe8b1fdc22edd6a7cd47e0
+                SHA384: e5ef53328ec96180ee9a1fede1842931c1589bac179cd552fce718fad2ceb0e2df83386be1ae00ca68065270bda9605e
+        -   Subject: C=US, O=Equifax, OU=Equifax Secure Certificate Authority
+            ValidFrom: '2006-05-23 17:01:15'
+            ValidTo: '2016-05-23 17:11:15'
+            Signature: 87a40f6b55916248ff54811ccf5db6c5a514aa671df485f6860d38b31c8d22ce7c867946fb71e16114d0ed4e46a48bca64654094f92ad7870ca9b7bedcc40bbd09c106eb9530841b9d8de7bc70c6f86539c4e5c4e65c8fcda130baef065e555290edd8587f15142ecc21a593dab8508d805e6e22a70fde8093add71d24b02aa2f4f20b98750131cc69bc359b3d13662f21bde54ec3639cc8518d59f5b600937ef10c35b0f4180dbfa7bdb2aae16b9f3ce6bb41b5d904e7c8a63abf8a5bdcaa9a3cd2c8dfcb1774163d78470b4c108e406616a0f300ede034998af0f9460ff27fbf202c972616d59e81da94a6dc61c8f18e092d4e32d03df682267d91d7a6c67bc1311d210ed4a342c1b4dfc0446b4f2aeebb29d62787b0a450ae1a9ab5f996f4ccabe52b3df166e2d5e1c3f0c687b659536638026e6194df1563aa415052f9bb64dc95e05b6c2aacfed6e603c21ff65557fe7e813fcb5a0bc1029cac84e47cd3f4c25a17c312706009ec82e5eccdd0b2106d69868c8da60e0416c57164ebd95bb8b08cfc32427e60846f655b7244272b846181f461d50fd51dbc05a27a5f937f26d1c8b3afa0190723e43e225d32d14a0fcee7b72a5c7b6e1c57126864e8337e8c501340a487b0d3a69b1eacbd3d7812bc52af09e0bab0508e5c81f98383af1482f50a6d035721bb9ac32e66fb04215b0a120fc1c907d63cecabf9a52f90883a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610bdc8f00000000001a
+            Version: 3
+            TBS:
+                MD5: 6e11ed171e9a07e607b8ca65bf0e8858
+                SHA1: 6d329a72420f76868584957854cdc45172e9f902
+                SHA256: 75efb8656a18ba5dacc596757bfb0fa11f0d3d81fd5f8cf9bb8975ced87e7b1b
+                SHA384: c41060ed797c77588692c0b3e36e19cca2d48c354863437f3df76009e25c916e8d2c7e17b297fbc59da085e98d070093
+        Signer:
+        -   SerialNumber: 4be200010020da64b996e9157caa
+            Issuer: C=US, OU=GeoTrust TrustCenter CodeSigning CA, O=GeoTrust Inc,
+                CN=GeoTrust TrustCenter CodeSigning CA I
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: NVidia Corp.
+    Date: ''
+    Description: NVidia System Utility Driver
+    FileVersion: 1, 00, 00, 00
+    Filename: ''
+    MD5: 546db985012d988e4482acfae4a935a8
+    MachineType: I386
+    OriginalFilename: NVoclock.RC
+    Product: NVidia System Utility Driver
+    ProductVersion: 1, 0, 0, 1
+    Publisher: ''
+    SHA1: e9d7d7d42fd534abf52da23c0d6ec238cefde071
+    SHA256: d7c90cf3fdbbd2f40fe6a39ad0bb2a9a97a0416354ea84db3aeff6d925d14df8
+    Signature: ''
+    Imphash: 0e0722c16a5ded199f64b26fccd2115a
+    Authentihash:
+        MD5: 5b9870e1fedcea0462b9ecc3013f8134
+        SHA1: fe761bee648d4a1c9fd8c1646323a692df957c42
+        SHA256: b3183d87a902db1bbdaecb37291b9d37c032ce9dfacbe4b36cc3032f5a643ab4
+    RichPEHeaderHash:
+        MD5: 79dfb67c53dddac5f3ebd760bc9eea20
+        SHA1: 21ac18e6949a7452fbcfeebd6322e10702edd6c7
+        SHA256: ebeea43f92de2c63a449763f2fde535fb16528343b032e94221c1796ff98affa
+    Sections:
+        .text:
+            Entropy: 4.61754948208715
+            Virtual Size: '0xe0'
+        .rdata:
+            Entropy: 4.687065247094353
+            Virtual Size: '0x87'
+        PAGE:
+            Entropy: 6.072902153750393
+            Virtual Size: '0x49b'
+        INIT:
+            Entropy: 5.122317255251592
+            Virtual Size: '0x1a0'
+        .rsrc:
+            Entropy: 3.2704758500582938
+            Virtual Size: '0x378'
+        .reloc:
+            Entropy: 3.2357669877277893
+            Virtual Size: '0x54'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2003-10-23 11:59:21'
+    InternalName: nvoclock.sys
+    Copyright: "Copyright \xA9 2003"
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    Signatures: {}
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: NVIDIA Corp.
+    Date: ''
+    Description: NVIDIA System Utility Driver
+    FileVersion: 6.05.06
+    Filename: ''
+    MD5: 96c5900331bd17344f338d006888bae5
+    MachineType: I386
+    OriginalFilename: nvoclock.sys
+    Product: NVIDIA System Utility Driver
+    ProductVersion: 6.05.06
+    Publisher: ''
+    SHA1: d2c7aa9b424015f970fe7506ae5d1c69a8ac11f6
+    SHA256: f4e500a9ac5991da5bf114fa80e66456a2cde3458a3d41c14e127ac09240c114
+    Signature: ''
+    Imphash: bec5dc89f030df7a96d19483fad4cc0a
+    Authentihash:
+        MD5: b6c58fc97881883e9e2ca091f43eb29d
+        SHA1: c768ae4c7155e9b06f16ab0b528bc3664b627763
+        SHA256: 221369498ae77e0ff60ce2f59de6ef2bbb01aca8cd55d7a8487760068f5a544a
+    RichPEHeaderHash:
+        MD5: 79b18c96a845fa5ed4b32b68e044d886
+        SHA1: 4f4359656c3e3fd940c0f2feea828cb56680b81d
+        SHA256: 15e52e5444362d1eabad1bf6dcd86d4ed9bc9451b67d38525dc0233a9d03908b
+    Sections:
+        .text:
+            Entropy: 6.38652500648769
+            Virtual Size: '0x1de6'
+        .rdata:
+            Entropy: 7.993570843923068
+            Virtual Size: '0x4172'
+        .data:
+            Entropy: 2.792481250360578
+            Virtual Size: '0xc'
+        PAGE:
+            Entropy: 6.3696612236730985
+            Virtual Size: '0xc7f'
+        INIT:
+            Entropy: 5.262192516096198
+            Virtual Size: '0x33c'
+        .rsrc:
+            Entropy: 3.314836632824097
+            Virtual Size: '0x388'
+        .reloc:
+            Entropy: 6.127672955661517
+            Virtual Size: '0x388'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2009-09-15 15:59:22'
+    InternalName: nvoclock.sys
+    Copyright: "Copyright \xA9NVIDIA Corp. 2003-2004"
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoInitializeRemoveLockEx
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - IoAttachDeviceToDeviceStack
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - RtlInitUnicodeString
+    - KeSetEvent
+    - IoReleaseRemoveLockEx
+    - KeWaitForSingleObject
+    - KeInitializeEvent
+    - IoDetachDevice
+    - IoReleaseRemoveLockAndWaitEx
+    - MmUnmapIoSpace
+    - IofCallDriver
+    - IofCompleteRequest
+    - IoAcquireRemoveLockEx
+    - MmMapIoSpace
+    - PoCallDriver
+    - PoStartNextPowerIrp
+    - _except_handler3
+    - MmGetPhysicalAddress
+    - IoFreeMdl
+    - MmUnmapLockedPages
+    - MmMapLockedPages
+    - MmBuildMdlForNonPagedPool
+    - IoAllocateMdl
+    - _aullshr
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=US, ST=California, L=Santa Clara, O=NVIDIA Corporation, OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, OU=Software, CN=NVIDIA
+                Corporation
+            ValidFrom: '2009-07-31 00:00:00'
+            ValidTo: '2011-09-01 23:59:59'
+            Signature: 637b2f21e7ca2d9c511e9d61685062a36b1fa997fd860d4ebad28445116b417cef4a1bd7dfeb3a0aa4de2e23eae4c7f3abf12e823e3f4aa43e11df3c5bc1822d42125ae4c85c5b1de854950abdf7c1c1dce54186c2294bee017fdacfb123b13d8b1fce69fd7f1f40a112a4b8ca5e17a54251afae7b60f5e5e75cc20cc86bb0578c8478d21c7293af4613094ceff5ead14b0933572693afa4157fbb2ab13cb7a8d44d99fff11be3c0813bbb421ee7a0ed6e6da8f0d0ba915af1db2c9bd63d1bf371ddad6002debf35d03c124253aa9f4b06e5e448a075ef4d084b8061724d7263d19c48b28d916c8a582b5841a161e18d48d6c9618b8100f4194ca648a2fc656b
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 534abed0be56d9840dd12ddb84f8b031
+            Version: 3
+            TBS:
+                MD5: 4914c1d2c944d48a9636059155440df8
+                SHA1: 0337264fca5a8d774786b5b275e03ab42edb11ae
+                SHA256: 8833131f04e02297c80b986ec7e7793e194fb144470dc36cc57a376487c2750b
+                SHA384: 8450d31af22887ac50415c01d88f7eb6081b7044ab8f35ac0b63e09828786258e73fed98f37c99df6d5472b6a34f6db3
+        Signer:
+        -   SerialNumber: 534abed0be56d9840dd12ddb84f8b031
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/3e0bf6dc-791b-4170-8c40-427e7299d93d.yaml b/yaml/3e0bf6dc-791b-4170-8c40-427e7299d93d.yaml
index c9aee029c..f056b720e 100644
--- a/yaml/3e0bf6dc-791b-4170-8c40-427e7299d93d.yaml
+++ b/yaml/3e0bf6dc-791b-4170-8c40-427e7299d93d.yaml
@@ -1,270 +1,272 @@
-Acknowledgement:
-  Handle: zwclose
-  Person: zwclose
+Id: 3e0bf6dc-791b-4170-8c40-427e7299d93d
+Tags:
+- KfeCo10X64.sys
+Verified: 'TRUE'
 Author: Paul Michaud
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create KfeCo10X64.sys binPath=C:\windows\temp\KfeCo10X64.sys type=kernel
-    && sc.exe start KfeCo10X64.sys
-  Description: Killer exposes COM interfaces that allow non-privileged users 1) to
-    block network for any process 2) to manage any service in the OS. Killer is preinstalled
-    to laptops equipped with Intel Killer NICs (e.g. Dell). Since Intel patched the
-    vulnerability quietly, it's not clear which version is safe. Also, it is unclear
-    which OEMs are affected. Dell is definitely in the list, but it is likely that
-    other vendors with Killer NICs on board, such as Acer and MSI, are affected too.
-    Some users think that Killer suite is required for the NIC to work properly, so
-    they install it even after a fresh Windows install. This version is confirmed
-    vulnerable based on the script usage from zwclose.
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-05-12'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/b583414fcee280128788f7b39451c511376fe821f455d4f3702795e96d560704.yara
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: 3e0bf6dc-791b-4170-8c40-427e7299d93d
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 9085c42a59541dbd2e05fec9c247a189
-    SHA1: c46323ef4fd5f553003a92fdad0d3059564e481f
-    SHA256: 8bce4a327c9e77631c03057b0e45cdbb2e751194d42995c0310e3ccdd3d33b7c
-  Company: Rivet Networks, LLC.
-  Copyright: Copyright (C) 2015-2018 Rivet Networks, LLC.
-  CreationTimestamp: '2021-03-22 12:11:11'
-  Date: ''
-  Description: Killer Traffic Control Callout Driver
-  ExportedFunctions: ''
-  FileVersion: 9.7.4.11
-  Filename: KfeCo10X64.sys
-  ImportedFunctions:
-  - EtwRegister
-  - KeInitializeEvent
-  - EtwUnregister
-  - __C_specific_handler
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - RtlCopyUnicodeString
-  - EtwSetInformation
-  - EtwWriteTransfer
-  - strstr
-  - RtlCompareMemory
-  - RtlIpv4StringToAddressA
-  - KeAcquireInStackQueuedSpinLock
-  - KeSetTimer
-  - KeCancelTimer
-  - KeInitializeTimer
-  - KeSetPriorityThread
-  - KeSetImportanceDpc
-  - KeInsertQueueDpc
-  - KeInitializeDpc
-  - IoQueueWorkItem
-  - IoFreeWorkItem
-  - IoAllocateWorkItem
-  - PsTerminateSystemThread
-  - KeWaitForMultipleObjects
-  - KeDelayExecutionThread
-  - KeClearEvent
-  - RtlEthernetAddressToStringW
-  - RtlRandomEx
-  - ZwClose
-  - PsCreateSystemThread
-  - KeWaitForSingleObject
-  - KeSetEvent
-  - KeQueryInterruptTimePrecise
-  - ExEventObjectType
-  - ObReferenceObjectByHandle
-  - MmMapLockedPagesSpecifyCache
-  - MmUnlockPages
-  - MmProbeAndLockPages
-  - ProbeForWrite
-  - ProbeForRead
-  - IoFreeMdl
-  - IoAllocateMdl
-  - MmBuildMdlForNonPagedPool
-  - ObfDereferenceObject
-  - memchr
-  - RtlIpv6StringToAddressA
-  - KeReleaseInStackQueuedSpinLockFromDpcLevel
-  - KeAcquireInStackQueuedSpinLockAtDpcLevel
-  - KeReleaseInStackQueuedSpinLock
-  - KeInitializeSpinLock
-  - NdisGetDataBuffer
-  - NdisRetreatNetBufferDataStart
-  - NdisAdvanceNetBufferDataStart
-  - NdisCopySendNetBufferListInfo
-  - NdisFreeNetBufferListPool
-  - NdisAllocateNetBufferListPool
-  - NdisFreeNetBufferPool
-  - NdisAllocateNetBufferPool
-  - NdisFreeGenericObject
-  - NdisCopyReceiveNetBufferListInfo
-  - NdisAllocateGenericObject
-  - FwpsInjectTransportReceiveAsync0
-  - FwpsQueryConnectionRedirectState0
-  - FwpsRedirectHandleDestroy0
-  - FwpsRedirectHandleCreate0
-  - FwpsApplyModifiedLayerData0
-  - FwpsAcquireWritableLayerDataPointer0
-  - FwpsCompleteClassify0
-  - FwpsPendClassify0
-  - FwpsReleaseClassifyHandle0
-  - FwpsAcquireClassifyHandle0
-  - FwpsCalloutUnregisterByKey0
-  - FwpsConstructIpHeaderForTransportPacket0
-  - FwpsDereferenceNetBufferList0
-  - FwpsReferenceNetBufferList0
-  - FwpsInjectMacSendAsync0
-  - FwpsInjectMacReceiveAsync0
-  - FwpsAllocateCloneNetBufferList0
-  - FwpsFreeNetBufferList0
-  - FwpsAllocateNetBufferAndNetBufferList0
-  - FwpmFilterDeleteById0
-  - FwpsCalloutRegister3
-  - FwpmFilterAdd0
-  - FwpmCalloutDeleteByKey0
-  - FwpmSubLayerDeleteByKey0
-  - FwpmProviderContextDeleteByKey0
-  - FwpsQueryPacketInjectionState0
-  - FwpsInjectTransportSendAsync1
-  - FwpsFreeCloneNetBufferList0
-  - FwpsGetPacketListSecurityInformation0
-  - FwpsFlowRemoveContext0
-  - FwpsFlowAssociateContext0
-  - FwpsCalloutUnregisterById0
-  - FwpmCalloutAdd0
-  - FwpmSubLayerAdd0
-  - FwpmProviderAdd0
-  - FwpmTransactionAbort0
-  - FwpmTransactionCommit0
-  - FwpmTransactionBegin0
-  - FwpmEngineClose0
-  - FwpmEngineOpen0
-  - FwpsInjectionHandleDestroy0
-  - FwpsInjectionHandleCreate0
-  - WdfVersionUnbind
-  - WdfVersionBindClass
-  - WdfVersionUnbindClass
-  - WdfVersionBind
-  Imports:
-  - ntoskrnl.exe
-  - NDIS.SYS
-  - fwpkclnt.sys
-  - WDFLDR.SYS
-  InternalName: KfeCoDrv.sys
-  MD5: 697f698b59f32f66cd8166e43a5c49c7
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: KfeCoDrv.sys
-  Product: Killer Traffic Control
-  ProductVersion: 9.7.4.11
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: b301b486d17ef17fe9acb03cf6ae3f6a
-    SHA1: ee057f4265cd4f04330043b3293b6ee0e459b633
-    SHA256: 49e01950af25f272bc33299d131748ef0fa66aa52ac039711082e9122d6f6d8c
-  SHA1: f5d58452620b55c2931cba75eb701f4cde90a9e4
-  SHA256: b583414fcee280128788f7b39451c511376fe821f455d4f3702795e96d560704
-  Sections:
-    .text:
-      Entropy: 6.357724164029769
-      Virtual Size: '0x20a36'
-    .rdata:
-      Entropy: 5.659188529377184
-      Virtual Size: '0x3694'
-    .data:
-      Entropy: 5.765325174395972
-      Virtual Size: '0x12b9e60'
-    .pdata:
-      Entropy: 5.3747108436250635
-      Virtual Size: '0x15b4'
-    PAGE:
-      Entropy: 5.469889141982762
-      Virtual Size: '0x120'
-    INIT:
-      Entropy: 5.3585580911922355
-      Virtual Size: '0xeea'
-    .rsrc:
-      Entropy: 3.6394619362630465
-      Virtual Size: '0xc40'
-    .reloc:
-      Entropy: 3.99391294150606
-      Virtual Size: '0x30'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Texas, L=Austin, O=Rivet Networks LLC, CN=Rivet Networks LLC
-      ValidFrom: '2020-06-26 00:00:00'
-      ValidTo: '2021-07-01 12:00:00'
-      Signature: abf01f216d547fddd1906d605cee818c112ccb63b4102fe93cd215dcc3a619e51ac0cb95e094bd3f00091bd4c27de102be07fb3bf81da2ac84cecbd127bfa975a0cdf4f4e4b5ccc97a12613fe9c88c3cc71f9ce5e7142833e7ee728cacc9d28bde4c6533dd97f4083d884f5becfcde942a3934cd58f9590defaed7370382d7a318938b941d54b74a5015c1f6cbd69ce717a61e5171c3895ca5a5e5407e8f6aca5088caf373af711a575dc21995e949e2b8a32e91378a4f677a5ca39b6c3ccb2b95f8fe88e9c6437e37096adb5ccb67ac1270d155728de644876bc7571da01cad1b4df2cc3d7a4d4a14bf3082a48ed6feb7fc9180ad2df14aea246bf0bd8154cb
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 0824024fda0b4b1b496eeeddfcff6e16
-      Version: 3
-      TBS:
-        MD5: 442b1dbda48f9394d93cd7f179212f66
-        SHA1: 61311e42ae706d22a7e44fb2f99334fcdaa56f77
-        SHA256: 49384716c6fa94187600b02c48dda179ee50019c6160c23bb031169dc30bcb61
-        SHA384: 5f3c9d0c0a595c967418907dd5c5b05f3202a02e577cb55ae21d06384dc658d964d44a4ca3c7fb529c2a4a609a3486dc
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Assured
-        ID Code Signing CA
-      ValidFrom: '2013-10-22 12:00:00'
-      ValidTo: '2028-10-22 12:00:00'
-      Signature: 3eec0d5a24b3f322d115c82c7c252976a81d5d1c2d3a1ac4ef3061d77e0b60fdc33d0fc4af8bfdef2adf205537b0e1f6d192750f51b46ea58e5ae25e24814e10a4ee3f718e630e134badd75f4479f33614068af79c464e5cff90b11b070e9115fbbaafb551c28d24ae24c6c7272aa129281a3a7128023c2e91a3c02511e29c1447a17a6868af9ba75c205cd971b10c8fbba8f8c512689fcf40cb4044a513f0e6640c25084232b2368a2402fe2f727e1cd7494596e8591de9fa74646bb2eb6643dab3b08cd5e90dddf60120ce9931633d081a18b3819b4fc6931006fc0781fa8bdaf98249f7626ea153fa129418852e9291ea686c4432b266a1e718a49a6451ef
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 0409181b5fd5bb66755343b56f955008
-      Version: 3
-      TBS:
-        MD5: 9359496ca4f021408b9d8923cab8b179
-        SHA1: 2aed40d7759997830870769be250199fd609e40e
-        SHA256: e767799478f64a34b3f53ff3bb9057fe1768f4ab178041b0dcc0ff1e210cba65
-        SHA384: 5cb7e7b4f1dbccd48d10db7e71b6f8c05fcb4bcb0085a6fefcfa0c2148f9a594e59f56ac4304004f3b398e259035c40c
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root
-        CA
-      ValidFrom: '2011-04-15 19:41:37'
-      ValidTo: '2021-04-15 19:51:37'
-      Signature: 5cf5b22d02ceed01b53512d813f7aa4014c7a15ca08a55ed7e55ea6ac457176fd04722423658efc5ac61c5f62c52ce6ae6c80d85dab334420ea40225182672b92a4ea57e4b16f2a0e40c449ce24d9af474f0f927a6699031c244654348c74869d0fc8409f286140ac22996857f11eb8713176ed3ec6bff1d578ab17b1ea5a07ce9a27a68e5fac6b161d67263fa379163835599f81d614f0c6fa3f7bcb1152acc8d85e31417ef7e49443fb022c0f0acbe2fdbe10c86b0f4585c5a10a94bcdf3448a4652083e0a6210e9459504b78b8d4b074f500db7bbe7fb8ca27878c6c53b7663b2cfe521845a66fce04c79834ecfa8ee700586587cc29cd73ca3ad3c7e76625c87d0ed7cd5c55b1421f4be75a275d2e9e15ad020307841624d6b5e6e1b1710244ad8588775d015d762bbfd185665842561977faad49df4f35d6da031c2e19e02ac3e90c3327ee832903416d08b14cf95accee58c54a265b8bfed186a57073ed3e79a4a2f081a041c49871a8ae61b08a365d81c31c50d9cbab368ddf45076160675fec403e7d13edfdc862e10027e661296534e7af3365879b12042d8963f35be3f8ef2999743f5e40ce13c68728c8d49d75a52b573fb7a35943a61b08482c04885c19732d39b725fa0d2348f7ef0467cf28c7294c707b0d7b5b230b81965f09c8327b0a0abd0a2727e050fb3aeddb95b9b42bcc32663456b86f11d4643edc8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611cb28a000000000026
-      Version: 3
-      TBS:
-        MD5: 983a0c315a50542362f2bd6a5d71c8d0
-        SHA1: 8047f476001f5cb16a661d2a3fd0c3576168f5e2
-        SHA256: 5f6a519ed2e35cd0fa1cdfc90f4387162c36287bbf9e4d6648251d99542a9e83
-        SHA384: 5f014b60511ddab3247ef0b3c03fe82c622237ba76015e2911d1adc50dc632d56ebd1ee532f3c2b6cbfe68d80a2c91dc
-    Signer:
-    - SerialNumber: 0824024fda0b4b1b496eeeddfcff6e16
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Assured
-        ID Code Signing CA
-      Version: 1
-  Imphash: 2df11474daf362b1b2fa3d3a89b6acbe
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create KfeCo10X64.sys binPath=C:\windows\temp\KfeCo10X64.sys type=kernel
+        && sc.exe start KfeCo10X64.sys
+    Description: Killer exposes COM interfaces that allow non-privileged users 1)
+        to block network for any process 2) to manage any service in the OS. Killer
+        is preinstalled to laptops equipped with Intel Killer NICs (e.g. Dell). Since
+        Intel patched the vulnerability quietly, it's not clear which version is safe.
+        Also, it is unclear which OEMs are affected. Dell is definitely in the list,
+        but it is likely that other vendors with Killer NICs on board, such as Acer
+        and MSI, are affected too. Some users think that Killer suite is required
+        for the NIC to work properly, so they install it even after a fresh Windows
+        install. This version is confirmed vulnerable based on the script usage from
+        zwclose.
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://zwclose.github.io/2023/04/18/killer2.html
 - https://twitter.com/zwclose/status/1648441215808049153
 - https://zwclose.github.io/2022/12/18/killer1.html
-Tags:
-- KfeCo10X64.sys
-Verified: 'TRUE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/b583414fcee280128788f7b39451c511376fe821f455d4f3702795e96d560704.yara
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: zwclose
+    Person: zwclose
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 9085c42a59541dbd2e05fec9c247a189
+        SHA1: c46323ef4fd5f553003a92fdad0d3059564e481f
+        SHA256: 8bce4a327c9e77631c03057b0e45cdbb2e751194d42995c0310e3ccdd3d33b7c
+    Company: Rivet Networks, LLC.
+    Copyright: Copyright (C) 2015-2018 Rivet Networks, LLC.
+    CreationTimestamp: '2021-03-22 12:11:11'
+    Date: ''
+    Description: Killer Traffic Control Callout Driver
+    ExportedFunctions: ''
+    FileVersion: 9.7.4.11
+    Filename: KfeCo10X64.sys
+    ImportedFunctions:
+    - EtwRegister
+    - KeInitializeEvent
+    - EtwUnregister
+    - __C_specific_handler
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - RtlCopyUnicodeString
+    - EtwSetInformation
+    - EtwWriteTransfer
+    - strstr
+    - RtlCompareMemory
+    - RtlIpv4StringToAddressA
+    - KeAcquireInStackQueuedSpinLock
+    - KeSetTimer
+    - KeCancelTimer
+    - KeInitializeTimer
+    - KeSetPriorityThread
+    - KeSetImportanceDpc
+    - KeInsertQueueDpc
+    - KeInitializeDpc
+    - IoQueueWorkItem
+    - IoFreeWorkItem
+    - IoAllocateWorkItem
+    - PsTerminateSystemThread
+    - KeWaitForMultipleObjects
+    - KeDelayExecutionThread
+    - KeClearEvent
+    - RtlEthernetAddressToStringW
+    - RtlRandomEx
+    - ZwClose
+    - PsCreateSystemThread
+    - KeWaitForSingleObject
+    - KeSetEvent
+    - KeQueryInterruptTimePrecise
+    - ExEventObjectType
+    - ObReferenceObjectByHandle
+    - MmMapLockedPagesSpecifyCache
+    - MmUnlockPages
+    - MmProbeAndLockPages
+    - ProbeForWrite
+    - ProbeForRead
+    - IoFreeMdl
+    - IoAllocateMdl
+    - MmBuildMdlForNonPagedPool
+    - ObfDereferenceObject
+    - memchr
+    - RtlIpv6StringToAddressA
+    - KeReleaseInStackQueuedSpinLockFromDpcLevel
+    - KeAcquireInStackQueuedSpinLockAtDpcLevel
+    - KeReleaseInStackQueuedSpinLock
+    - KeInitializeSpinLock
+    - NdisGetDataBuffer
+    - NdisRetreatNetBufferDataStart
+    - NdisAdvanceNetBufferDataStart
+    - NdisCopySendNetBufferListInfo
+    - NdisFreeNetBufferListPool
+    - NdisAllocateNetBufferListPool
+    - NdisFreeNetBufferPool
+    - NdisAllocateNetBufferPool
+    - NdisFreeGenericObject
+    - NdisCopyReceiveNetBufferListInfo
+    - NdisAllocateGenericObject
+    - FwpsInjectTransportReceiveAsync0
+    - FwpsQueryConnectionRedirectState0
+    - FwpsRedirectHandleDestroy0
+    - FwpsRedirectHandleCreate0
+    - FwpsApplyModifiedLayerData0
+    - FwpsAcquireWritableLayerDataPointer0
+    - FwpsCompleteClassify0
+    - FwpsPendClassify0
+    - FwpsReleaseClassifyHandle0
+    - FwpsAcquireClassifyHandle0
+    - FwpsCalloutUnregisterByKey0
+    - FwpsConstructIpHeaderForTransportPacket0
+    - FwpsDereferenceNetBufferList0
+    - FwpsReferenceNetBufferList0
+    - FwpsInjectMacSendAsync0
+    - FwpsInjectMacReceiveAsync0
+    - FwpsAllocateCloneNetBufferList0
+    - FwpsFreeNetBufferList0
+    - FwpsAllocateNetBufferAndNetBufferList0
+    - FwpmFilterDeleteById0
+    - FwpsCalloutRegister3
+    - FwpmFilterAdd0
+    - FwpmCalloutDeleteByKey0
+    - FwpmSubLayerDeleteByKey0
+    - FwpmProviderContextDeleteByKey0
+    - FwpsQueryPacketInjectionState0
+    - FwpsInjectTransportSendAsync1
+    - FwpsFreeCloneNetBufferList0
+    - FwpsGetPacketListSecurityInformation0
+    - FwpsFlowRemoveContext0
+    - FwpsFlowAssociateContext0
+    - FwpsCalloutUnregisterById0
+    - FwpmCalloutAdd0
+    - FwpmSubLayerAdd0
+    - FwpmProviderAdd0
+    - FwpmTransactionAbort0
+    - FwpmTransactionCommit0
+    - FwpmTransactionBegin0
+    - FwpmEngineClose0
+    - FwpmEngineOpen0
+    - FwpsInjectionHandleDestroy0
+    - FwpsInjectionHandleCreate0
+    - WdfVersionUnbind
+    - WdfVersionBindClass
+    - WdfVersionUnbindClass
+    - WdfVersionBind
+    Imports:
+    - ntoskrnl.exe
+    - NDIS.SYS
+    - fwpkclnt.sys
+    - WDFLDR.SYS
+    InternalName: KfeCoDrv.sys
+    MD5: 697f698b59f32f66cd8166e43a5c49c7
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: KfeCoDrv.sys
+    Product: Killer Traffic Control
+    ProductVersion: 9.7.4.11
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: b301b486d17ef17fe9acb03cf6ae3f6a
+        SHA1: ee057f4265cd4f04330043b3293b6ee0e459b633
+        SHA256: 49e01950af25f272bc33299d131748ef0fa66aa52ac039711082e9122d6f6d8c
+    SHA1: f5d58452620b55c2931cba75eb701f4cde90a9e4
+    SHA256: b583414fcee280128788f7b39451c511376fe821f455d4f3702795e96d560704
+    Sections:
+        .text:
+            Entropy: 6.357724164029769
+            Virtual Size: '0x20a36'
+        .rdata:
+            Entropy: 5.659188529377184
+            Virtual Size: '0x3694'
+        .data:
+            Entropy: 5.765325174395972
+            Virtual Size: '0x12b9e60'
+        .pdata:
+            Entropy: 5.3747108436250635
+            Virtual Size: '0x15b4'
+        PAGE:
+            Entropy: 5.469889141982762
+            Virtual Size: '0x120'
+        INIT:
+            Entropy: 5.3585580911922355
+            Virtual Size: '0xeea'
+        .rsrc:
+            Entropy: 3.6394619362630465
+            Virtual Size: '0xc40'
+        .reloc:
+            Entropy: 3.99391294150606
+            Virtual Size: '0x30'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=Texas, L=Austin, O=Rivet Networks LLC, CN=Rivet Networks
+                LLC
+            ValidFrom: '2020-06-26 00:00:00'
+            ValidTo: '2021-07-01 12:00:00'
+            Signature: abf01f216d547fddd1906d605cee818c112ccb63b4102fe93cd215dcc3a619e51ac0cb95e094bd3f00091bd4c27de102be07fb3bf81da2ac84cecbd127bfa975a0cdf4f4e4b5ccc97a12613fe9c88c3cc71f9ce5e7142833e7ee728cacc9d28bde4c6533dd97f4083d884f5becfcde942a3934cd58f9590defaed7370382d7a318938b941d54b74a5015c1f6cbd69ce717a61e5171c3895ca5a5e5407e8f6aca5088caf373af711a575dc21995e949e2b8a32e91378a4f677a5ca39b6c3ccb2b95f8fe88e9c6437e37096adb5ccb67ac1270d155728de644876bc7571da01cad1b4df2cc3d7a4d4a14bf3082a48ed6feb7fc9180ad2df14aea246bf0bd8154cb
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 0824024fda0b4b1b496eeeddfcff6e16
+            Version: 3
+            TBS:
+                MD5: 442b1dbda48f9394d93cd7f179212f66
+                SHA1: 61311e42ae706d22a7e44fb2f99334fcdaa56f77
+                SHA256: 49384716c6fa94187600b02c48dda179ee50019c6160c23bb031169dc30bcb61
+                SHA384: 5f3c9d0c0a595c967418907dd5c5b05f3202a02e577cb55ae21d06384dc658d964d44a4ca3c7fb529c2a4a609a3486dc
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Assured
+                ID Code Signing CA
+            ValidFrom: '2013-10-22 12:00:00'
+            ValidTo: '2028-10-22 12:00:00'
+            Signature: 3eec0d5a24b3f322d115c82c7c252976a81d5d1c2d3a1ac4ef3061d77e0b60fdc33d0fc4af8bfdef2adf205537b0e1f6d192750f51b46ea58e5ae25e24814e10a4ee3f718e630e134badd75f4479f33614068af79c464e5cff90b11b070e9115fbbaafb551c28d24ae24c6c7272aa129281a3a7128023c2e91a3c02511e29c1447a17a6868af9ba75c205cd971b10c8fbba8f8c512689fcf40cb4044a513f0e6640c25084232b2368a2402fe2f727e1cd7494596e8591de9fa74646bb2eb6643dab3b08cd5e90dddf60120ce9931633d081a18b3819b4fc6931006fc0781fa8bdaf98249f7626ea153fa129418852e9291ea686c4432b266a1e718a49a6451ef
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 0409181b5fd5bb66755343b56f955008
+            Version: 3
+            TBS:
+                MD5: 9359496ca4f021408b9d8923cab8b179
+                SHA1: 2aed40d7759997830870769be250199fd609e40e
+                SHA256: e767799478f64a34b3f53ff3bb9057fe1768f4ab178041b0dcc0ff1e210cba65
+                SHA384: 5cb7e7b4f1dbccd48d10db7e71b6f8c05fcb4bcb0085a6fefcfa0c2148f9a594e59f56ac4304004f3b398e259035c40c
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID Root CA
+            ValidFrom: '2011-04-15 19:41:37'
+            ValidTo: '2021-04-15 19:51:37'
+            Signature: 5cf5b22d02ceed01b53512d813f7aa4014c7a15ca08a55ed7e55ea6ac457176fd04722423658efc5ac61c5f62c52ce6ae6c80d85dab334420ea40225182672b92a4ea57e4b16f2a0e40c449ce24d9af474f0f927a6699031c244654348c74869d0fc8409f286140ac22996857f11eb8713176ed3ec6bff1d578ab17b1ea5a07ce9a27a68e5fac6b161d67263fa379163835599f81d614f0c6fa3f7bcb1152acc8d85e31417ef7e49443fb022c0f0acbe2fdbe10c86b0f4585c5a10a94bcdf3448a4652083e0a6210e9459504b78b8d4b074f500db7bbe7fb8ca27878c6c53b7663b2cfe521845a66fce04c79834ecfa8ee700586587cc29cd73ca3ad3c7e76625c87d0ed7cd5c55b1421f4be75a275d2e9e15ad020307841624d6b5e6e1b1710244ad8588775d015d762bbfd185665842561977faad49df4f35d6da031c2e19e02ac3e90c3327ee832903416d08b14cf95accee58c54a265b8bfed186a57073ed3e79a4a2f081a041c49871a8ae61b08a365d81c31c50d9cbab368ddf45076160675fec403e7d13edfdc862e10027e661296534e7af3365879b12042d8963f35be3f8ef2999743f5e40ce13c68728c8d49d75a52b573fb7a35943a61b08482c04885c19732d39b725fa0d2348f7ef0467cf28c7294c707b0d7b5b230b81965f09c8327b0a0abd0a2727e050fb3aeddb95b9b42bcc32663456b86f11d4643edc8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611cb28a000000000026
+            Version: 3
+            TBS:
+                MD5: 983a0c315a50542362f2bd6a5d71c8d0
+                SHA1: 8047f476001f5cb16a661d2a3fd0c3576168f5e2
+                SHA256: 5f6a519ed2e35cd0fa1cdfc90f4387162c36287bbf9e4d6648251d99542a9e83
+                SHA384: 5f014b60511ddab3247ef0b3c03fe82c622237ba76015e2911d1adc50dc632d56ebd1ee532f3c2b6cbfe68d80a2c91dc
+        Signer:
+        -   SerialNumber: 0824024fda0b4b1b496eeeddfcff6e16
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Assured
+                ID Code Signing CA
+            Version: 1
+    Imphash: 2df11474daf362b1b2fa3d3a89b6acbe
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/3e5c0fc4-bfe8-4af2-9613-4f56b0e3c2c8.yaml b/yaml/3e5c0fc4-bfe8-4af2-9613-4f56b0e3c2c8.yaml
index f7d587f38..86ba3cd15 100644
--- a/yaml/3e5c0fc4-bfe8-4af2-9613-4f56b0e3c2c8.yaml
+++ b/yaml/3e5c0fc4-bfe8-4af2-9613-4f56b0e3c2c8.yaml
@@ -1,106 +1,106 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 3e5c0fc4-bfe8-4af2-9613-4f56b0e3c2c8
+Tags:
+- malicious.sys
+Verified: 'TRUE'
 Author: Guus Verbeek
-Category: malicious
-Commands:
-  Command: sc.exe create malicious.sys binPath=C:\windows\temp\malicious.sys type=kernel
-    && sc.exe start malicious.sys
-  Description: This demo is a presentation at the CYBERSEC 2023 in Taiwan. The presentation
-    showcases the abuse of RTCore64.sys (CVE-2019-16098) from MSI and the nullification
-    of the DSE flag to load a malicious unsigned driver. The presentation also demonstrates
-    an attack on 360 Total Security by nulling out its ObRegisterCallbacks and notify
-    callbacks, enabling the execution of any malicious behavior on the processes of
-    360 Total Security.
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-06-05'
-Detection: []
-Id: 3e5c0fc4-bfe8-4af2-9613-4f56b0e3c2c8
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: b877e53d3bc3df3d62dc7b26c9b9b006
-    SHA1: 8fb8d175848525061418e80fe95ced27cc0ba0a4
-    SHA256: 4cfd9cb41a51b1e1fdfc9a6855323bf11a0baf18e5d8f0ee7480a8cb5be7c8ac
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2023-05-11 11:16:19'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: malicious.sys
-  ImportedFunctions:
-  - DbgPrint
-  - KeLowerIrql
-  - KfRaiseIrql
-  - IofCompleteRequest
-  - MmIsAddressValid
-  - PsProcessType
-  - PsThreadType
-  Imports:
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: 0b311af53d2f4f77d30f1aed709db257
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: a6ba2bd951320636370c55e8d7761b8a
-    SHA1: 20cbbdef0d0d877dba78ae5a8dcd5b8ad33f38cd
-    SHA256: 26b111f150fd8e467e4cb89713a96e1d8f92a50406c4c61bdbea31bcb57343b5
-  SHA1: 43501832ce50ccaba2706be852813d51de5a900f
-  SHA256: 23e89fd30a1c7db37f3ea81b779ce9acf8a4294397cbb54cff350d54afcfd931
-  Sections:
-    .text:
-      Entropy: 5.891982734570695
-      Virtual Size: '0x3e3'
-    .rdata:
-      Entropy: 3.4826551255108695
-      Virtual Size: '0x37c'
-    .data:
-      Entropy: 3.75
-      Virtual Size: '0x10'
-    .pdata:
-      Entropy: 2.8954033911671946
-      Virtual Size: '0x54'
-    INIT:
-      Entropy: 4.906844120691812
-      Virtual Size: '0x148'
-    .reloc:
-      Entropy: 2.970950594454669
-      Virtual Size: '0x14'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: CN=WDKTestCert zezec,132961360795713868
-      ValidFrom: '2022-05-04 11:08:00'
-      ValidTo: '2032-05-04 00:00:00'
-      Signature: 8a3d87651fb15fcff7666b659d53aa7d6c87f964fdfcee7cdf84e40ccb8fbfe2e27dfc99993a21d9a27e979c9a8ea7db1e6909a386c9ca493d883dd4d3434e3584bd65991851775ca4d8037cd040ab4203fa663da5c06f8b20bae3781684c34481b7b497e51d12461e8885dd013404cb4bdb7bc48c11605043b6d6db7f18b1c60729a92f57bdce8a7dc4023f4162ff126cea4290762dfcdd4fbee670c2326812a74e2db6eb7845b006b56321c0a12cb74ba5f8338d96ec2b8c210e514098839bcf7a5eb53768f2c3d6a7168ffadff069764a48ca66671f1accc5f612debbfe0a07beafe426bb81384b17c6e0b493a7b92053b56aa2ed26e86bed6c131e300061
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7b475bcb4233f98946d0a1fbeb9de9ce
-      Version: 3
-      TBS:
-        MD5: d606eff6aa2f4e57d695c323c6a3591d
-        SHA1: 83bcbb816007b04a98dddc2ce9d83569e0a913d8
-        SHA256: f367ed049a014c61efef0ed4a4e726dc97c83b58e36b346b68b3039342f2f53c
-        SHA384: 28180687451e1c889191ef51deada86464e2918530084d6d17378238660a39488fc819a164ec225091dd75734d1ebcbd
-    Signer:
-    - SerialNumber: 7b475bcb4233f98946d0a1fbeb9de9ce
-      Issuer: CN=WDKTestCert zezec,132961360795713868
-      Version: 1
-  Imphash: 2de3451f3e7b02970582bb8f9fd8c73a
-  LoadsDespiteHVCI: 'TRUE'
 MitreID: T1068
+Category: malicious
+Commands:
+    Command: sc.exe create malicious.sys binPath=C:\windows\temp\malicious.sys type=kernel
+        && sc.exe start malicious.sys
+    Description: This demo is a presentation at the CYBERSEC 2023 in Taiwan. The presentation
+        showcases the abuse of RTCore64.sys (CVE-2019-16098) from MSI and the nullification
+        of the DSE flag to load a malicious unsigned driver. The presentation also
+        demonstrates an attack on 360 Total Security by nulling out its ObRegisterCallbacks
+        and notify callbacks, enabling the execution of any malicious behavior on
+        the processes of 360 Total Security.
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://github.com/zeze-zeze/CYBERSEC2023-BYOVD-Demo
-Tags:
-- malicious.sys
-Verified: 'TRUE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: b877e53d3bc3df3d62dc7b26c9b9b006
+        SHA1: 8fb8d175848525061418e80fe95ced27cc0ba0a4
+        SHA256: 4cfd9cb41a51b1e1fdfc9a6855323bf11a0baf18e5d8f0ee7480a8cb5be7c8ac
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2023-05-11 11:16:19'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: malicious.sys
+    ImportedFunctions:
+    - DbgPrint
+    - KeLowerIrql
+    - KfRaiseIrql
+    - IofCompleteRequest
+    - MmIsAddressValid
+    - PsProcessType
+    - PsThreadType
+    Imports:
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: 0b311af53d2f4f77d30f1aed709db257
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: a6ba2bd951320636370c55e8d7761b8a
+        SHA1: 20cbbdef0d0d877dba78ae5a8dcd5b8ad33f38cd
+        SHA256: 26b111f150fd8e467e4cb89713a96e1d8f92a50406c4c61bdbea31bcb57343b5
+    SHA1: 43501832ce50ccaba2706be852813d51de5a900f
+    SHA256: 23e89fd30a1c7db37f3ea81b779ce9acf8a4294397cbb54cff350d54afcfd931
+    Sections:
+        .text:
+            Entropy: 5.891982734570695
+            Virtual Size: '0x3e3'
+        .rdata:
+            Entropy: 3.4826551255108695
+            Virtual Size: '0x37c'
+        .data:
+            Entropy: 3.75
+            Virtual Size: '0x10'
+        .pdata:
+            Entropy: 2.8954033911671946
+            Virtual Size: '0x54'
+        INIT:
+            Entropy: 4.906844120691812
+            Virtual Size: '0x148'
+        .reloc:
+            Entropy: 2.970950594454669
+            Virtual Size: '0x14'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: CN=WDKTestCert zezec,132961360795713868
+            ValidFrom: '2022-05-04 11:08:00'
+            ValidTo: '2032-05-04 00:00:00'
+            Signature: 8a3d87651fb15fcff7666b659d53aa7d6c87f964fdfcee7cdf84e40ccb8fbfe2e27dfc99993a21d9a27e979c9a8ea7db1e6909a386c9ca493d883dd4d3434e3584bd65991851775ca4d8037cd040ab4203fa663da5c06f8b20bae3781684c34481b7b497e51d12461e8885dd013404cb4bdb7bc48c11605043b6d6db7f18b1c60729a92f57bdce8a7dc4023f4162ff126cea4290762dfcdd4fbee670c2326812a74e2db6eb7845b006b56321c0a12cb74ba5f8338d96ec2b8c210e514098839bcf7a5eb53768f2c3d6a7168ffadff069764a48ca66671f1accc5f612debbfe0a07beafe426bb81384b17c6e0b493a7b92053b56aa2ed26e86bed6c131e300061
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7b475bcb4233f98946d0a1fbeb9de9ce
+            Version: 3
+            TBS:
+                MD5: d606eff6aa2f4e57d695c323c6a3591d
+                SHA1: 83bcbb816007b04a98dddc2ce9d83569e0a913d8
+                SHA256: f367ed049a014c61efef0ed4a4e726dc97c83b58e36b346b68b3039342f2f53c
+                SHA384: 28180687451e1c889191ef51deada86464e2918530084d6d17378238660a39488fc819a164ec225091dd75734d1ebcbd
+        Signer:
+        -   SerialNumber: 7b475bcb4233f98946d0a1fbeb9de9ce
+            Issuer: CN=WDKTestCert zezec,132961360795713868
+            Version: 1
+    Imphash: 2de3451f3e7b02970582bb8f9fd8c73a
+    LoadsDespiteHVCI: 'TRUE'
diff --git a/yaml/3ea63674-2599-43b5-9390-4a929ec99f48.yaml b/yaml/3ea63674-2599-43b5-9390-4a929ec99f48.yaml
index 230e9fe7d..9fd375f30 100644
--- a/yaml/3ea63674-2599-43b5-9390-4a929ec99f48.yaml
+++ b/yaml/3ea63674-2599-43b5-9390-4a929ec99f48.yaml
@@ -1,38 +1,38 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 3ea63674-2599-43b5-9390-4a929ec99f48
+Tags:
+- ktgn.sys
+Verified: 'FALSE'
 Author: Guus Verbeek
-Category: malicious
-Commands:
-  Command: sc.exe create ktgn.sys binPath=C:\windows\temp\ktgn.sys type=kernel &&
-    sc.exe start ktgn.sys
-  Description: BlackCat Ransomware Deploys New Signed Kernel Driver. BlackCat ransomware
-    incident that occurred in February 2023.
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-06-05'
-Detection: []
-Id: 3ea63674-2599-43b5-9390-4a929ec99f48
-KnownVulnerableSamples:
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: ktgn.sys
-  MD5: ''
-  MachineType: ''
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: 994e3f5dd082f5d82f9cc84108a60d359910ba79
-  SHA256: ''
-  Signature: ''
-  LoadsDespiteHVCI: 'TRUE'
 MitreID: T1068
+Category: malicious
+Commands:
+    Command: sc.exe create ktgn.sys binPath=C:\windows\temp\ktgn.sys type=kernel &&
+        sc.exe start ktgn.sys
+    Description: BlackCat Ransomware Deploys New Signed Kernel Driver. BlackCat ransomware
+        incident that occurred in February 2023.
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://www.trendmicro.com/en_us/research/23/e/blackcat-ransomware-deploys-new-signed-kernel-driver.html
-Tags:
-- ktgn.sys
-Verified: 'FALSE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: ktgn.sys
+    MD5: ''
+    MachineType: ''
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: 994e3f5dd082f5d82f9cc84108a60d359910ba79
+    SHA256: ''
+    Signature: ''
+    LoadsDespiteHVCI: 'TRUE'
diff --git a/yaml/3f39af20-802a-4909-a5de-7f6fe7aab350.yaml b/yaml/3f39af20-802a-4909-a5de-7f6fe7aab350.yaml
index 47a317c85..c18abc781 100644
--- a/yaml/3f39af20-802a-4909-a5de-7f6fe7aab350.yaml
+++ b/yaml/3f39af20-802a-4909-a5de-7f6fe7aab350.yaml
@@ -1,213 +1,214 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 3f39af20-802a-4909-a5de-7f6fe7aab350
+Tags:
+- AsrOmgDrv.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create AsrOmgDrv.sys binPath=C:\windows\temp\AsrOmgDrv.sys type=kernel
-    && sc.exe start AsrOmgDrv.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/950a4c0c772021cee26011a92194f0e58d61588f77f2873aa0599dff52a160c9.yara
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: 3f39af20-802a-4909-a5de-7f6fe7aab350
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: b39f71ca0eb035173a7f6c3dc7a43620
-    SHA1: 045818bc05faf8fb2b7ccc60623f5a6f185d68c7
-    SHA256: 6c9dc878d9605070921338d09c6dbecbe11dec50c03fc69a0462884a07c2c442
-  Company: ASRock Incorporation
-  Copyright: Copyright (C) 2012 ASRock Incorporation
-  CreationTimestamp: '2012-09-28 04:31:07'
-  Date: ''
-  Description: ASRock IO Driver
-  ExportedFunctions: ''
-  FileVersion: '1.00.00.0000 built by: WinDDK'
-  Filename: AsrOmgDrv.sys
-  ImportedFunctions:
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - MmFreeContiguousMemorySpecifyCache
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - RtlQueryRegistryValues
-  - MmUnmapIoSpace
-  - IoFreeMdl
-  - MmGetPhysicalAddress
-  - IoBuildAsynchronousFsdRequest
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - IoFreeIrp
-  - RtlCompareMemory
-  - MmUnlockPages
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - MmAllocateContiguousMemorySpecifyCache
-  - IofCallDriver
-  - KeBugCheckEx
-  - ExAllocatePoolWithTag
-  - KeStallExecutionProcessor
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: AsrDrv.sys
-  MD5: 4f27c09cc8680e06b04d6a9c34ca1e08
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: AsrDrv.sys
-  Product: ASRock IO Driver
-  ProductVersion: 1.00.00.0000
-  Publisher: ASROCK Incorporation
-  RichPEHeaderHash:
-    MD5: a84c01eca8a6ca8e5221dbca3000c16e
-    SHA1: ff0ae5ad07f99ad2ac40b53c5215335a5d84e926
-    SHA256: 961a144592952461a785ff1f4d4f55c4132016b9fbbce3d881edf6131038533b
-  SHA1: 400f833dcc2ef0a122dd0e0b1ec4ec929340d90e
-  SHA256: 950a4c0c772021cee26011a92194f0e58d61588f77f2873aa0599dff52a160c9
-  Sections:
-    .text:
-      Entropy: 6.341847131736036
-      Virtual Size: '0x1ae8'
-    .rdata:
-      Entropy: 4.6031317984282065
-      Virtual Size: '0x24c'
-    .data:
-      Entropy: 0.46979092711892695
-      Virtual Size: '0x130'
-    .pdata:
-      Entropy: 3.68970514947522
-      Virtual Size: '0xf0'
-    INIT:
-      Entropy: 5.412670707205314
-      Virtual Size: '0x4d8'
-    .rsrc:
-      Entropy: 3.287296316763299
-      Virtual Size: '0x3a0'
-  Signature:
-  - ASROCK Incorporation
-  - VeriSign Class 3 Code Signing 2010 CA
-  - VeriSign
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G3
-      ValidFrom: '2012-05-01 00:00:00'
-      ValidTo: '2012-12-31 23:59:59'
-      Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
-      Version: 3
-      TBS:
-        MD5: e6d820afb23af20a65cf0b03247ea05e
-        SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
-        SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
-        SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=TW, ST=TAIWAN, L=Taipei, O=ASROCK Incorporation, OU=Digital ID Class
-        3 , Microsoft Software Validation v2, CN=ASROCK Incorporation
-      ValidFrom: '2011-03-07 00:00:00'
-      ValidTo: '2014-04-03 23:59:59'
-      Signature: e457550022e1dc5fe5a4f5162ea4664b819458f2359662f932d0d95e5ea6fd9ddafef2e213e9b4a46fa9acd6d5a07919479d127beb7ec1c11f0bc376b8ebfa7f815ec4f9b97646c2297359d2d8fda71a21143f33696ca8f3e1f830ef73cddea63b38fe440779ac5ef4885c3e5158183efbd50ecac394edbe86ad65c8245bf56719cd0dd5a13b2baad92c65ab6b2fbfc7aad423fc082e067d6080a3fbc634e58361bb6aa25ef376c78795d025f425faf64d8771549f3f7acfa1a55d4d7c4d8da57cd78411925d37a515cccbd1f978fb26abd268b80ff67b64bd4262e63b04d4015c8af232d9f117bfcec950c5612adbbcd70106d5712f5c70c131fbd19db21e6c
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 45dfec7bb3d378c97feb24efd699bb4e
-      Version: 3
-      TBS:
-        MD5: 544af7037e76dccfe47a9dffd9b847fd
-        SHA1: ea7dceadac1b76a4a0ed5624632072f8aa6ce02c
-        SHA256: 87f5b27417a56e4175d0e0acb7a831961963fad217e5d82fbf699287e8fdab25
-        SHA384: 2b6eb82e226dcec715cc7c98e2bf9a9a0dcb3f4e471827fe95d9dbd452ce459c6ae9525771c673800fa84b679b14db89
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 45dfec7bb3d378c97feb24efd699bb4e
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 9d7183c1d8107495354c4fad9dae3452
-  LoadsDespiteHVCI: 'TRUE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create AsrOmgDrv.sys binPath=C:\windows\temp\AsrOmgDrv.sys type=kernel
+        && sc.exe start AsrOmgDrv.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://github.com/namazso/physmem_drivers
-Tags:
-- AsrOmgDrv.sys
-Verified: 'TRUE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/950a4c0c772021cee26011a92194f0e58d61588f77f2873aa0599dff52a160c9.yara
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: b39f71ca0eb035173a7f6c3dc7a43620
+        SHA1: 045818bc05faf8fb2b7ccc60623f5a6f185d68c7
+        SHA256: 6c9dc878d9605070921338d09c6dbecbe11dec50c03fc69a0462884a07c2c442
+    Company: ASRock Incorporation
+    Copyright: Copyright (C) 2012 ASRock Incorporation
+    CreationTimestamp: '2012-09-28 04:31:07'
+    Date: ''
+    Description: ASRock IO Driver
+    ExportedFunctions: ''
+    FileVersion: '1.00.00.0000 built by: WinDDK'
+    Filename: AsrOmgDrv.sys
+    ImportedFunctions:
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - MmFreeContiguousMemorySpecifyCache
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - RtlQueryRegistryValues
+    - MmUnmapIoSpace
+    - IoFreeMdl
+    - MmGetPhysicalAddress
+    - IoBuildAsynchronousFsdRequest
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - IoFreeIrp
+    - RtlCompareMemory
+    - MmUnlockPages
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - MmAllocateContiguousMemorySpecifyCache
+    - IofCallDriver
+    - KeBugCheckEx
+    - ExAllocatePoolWithTag
+    - KeStallExecutionProcessor
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: AsrDrv.sys
+    MD5: 4f27c09cc8680e06b04d6a9c34ca1e08
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: AsrDrv.sys
+    Product: ASRock IO Driver
+    ProductVersion: 1.00.00.0000
+    Publisher: ASROCK Incorporation
+    RichPEHeaderHash:
+        MD5: a84c01eca8a6ca8e5221dbca3000c16e
+        SHA1: ff0ae5ad07f99ad2ac40b53c5215335a5d84e926
+        SHA256: 961a144592952461a785ff1f4d4f55c4132016b9fbbce3d881edf6131038533b
+    SHA1: 400f833dcc2ef0a122dd0e0b1ec4ec929340d90e
+    SHA256: 950a4c0c772021cee26011a92194f0e58d61588f77f2873aa0599dff52a160c9
+    Sections:
+        .text:
+            Entropy: 6.341847131736036
+            Virtual Size: '0x1ae8'
+        .rdata:
+            Entropy: 4.6031317984282065
+            Virtual Size: '0x24c'
+        .data:
+            Entropy: 0.46979092711892695
+            Virtual Size: '0x130'
+        .pdata:
+            Entropy: 3.68970514947522
+            Virtual Size: '0xf0'
+        INIT:
+            Entropy: 5.412670707205314
+            Virtual Size: '0x4d8'
+        .rsrc:
+            Entropy: 3.287296316763299
+            Virtual Size: '0x3a0'
+    Signature:
+    - ASROCK Incorporation
+    - VeriSign Class 3 Code Signing 2010 CA
+    - VeriSign
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G3
+            ValidFrom: '2012-05-01 00:00:00'
+            ValidTo: '2012-12-31 23:59:59'
+            Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
+            Version: 3
+            TBS:
+                MD5: e6d820afb23af20a65cf0b03247ea05e
+                SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
+                SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
+                SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=TW, ST=TAIWAN, L=Taipei, O=ASROCK Incorporation, OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, CN=ASROCK Incorporation
+            ValidFrom: '2011-03-07 00:00:00'
+            ValidTo: '2014-04-03 23:59:59'
+            Signature: e457550022e1dc5fe5a4f5162ea4664b819458f2359662f932d0d95e5ea6fd9ddafef2e213e9b4a46fa9acd6d5a07919479d127beb7ec1c11f0bc376b8ebfa7f815ec4f9b97646c2297359d2d8fda71a21143f33696ca8f3e1f830ef73cddea63b38fe440779ac5ef4885c3e5158183efbd50ecac394edbe86ad65c8245bf56719cd0dd5a13b2baad92c65ab6b2fbfc7aad423fc082e067d6080a3fbc634e58361bb6aa25ef376c78795d025f425faf64d8771549f3f7acfa1a55d4d7c4d8da57cd78411925d37a515cccbd1f978fb26abd268b80ff67b64bd4262e63b04d4015c8af232d9f117bfcec950c5612adbbcd70106d5712f5c70c131fbd19db21e6c
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 45dfec7bb3d378c97feb24efd699bb4e
+            Version: 3
+            TBS:
+                MD5: 544af7037e76dccfe47a9dffd9b847fd
+                SHA1: ea7dceadac1b76a4a0ed5624632072f8aa6ce02c
+                SHA256: 87f5b27417a56e4175d0e0acb7a831961963fad217e5d82fbf699287e8fdab25
+                SHA384: 2b6eb82e226dcec715cc7c98e2bf9a9a0dcb3f4e471827fe95d9dbd452ce459c6ae9525771c673800fa84b679b14db89
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 45dfec7bb3d378c97feb24efd699bb4e
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 9d7183c1d8107495354c4fad9dae3452
+    LoadsDespiteHVCI: 'TRUE'
diff --git a/yaml/3fb743b8-d3ed-4873-9c95-e212720dde21.yaml b/yaml/3fb743b8-d3ed-4873-9c95-e212720dde21.yaml
index 38703a6de..46ff8bec7 100644
--- a/yaml/3fb743b8-d3ed-4873-9c95-e212720dde21.yaml
+++ b/yaml/3fb743b8-d3ed-4873-9c95-e212720dde21.yaml
@@ -1,35 +1,35 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 3fb743b8-d3ed-4873-9c95-e212720dde21
+Tags:
+- Lurker.sys
+Verified: 'FALSE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create Lurker.sys binPath=C:\windows\temp\Lurker.sys type=kernel
-    && sc.exe start Lurker.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection: []
-Id: 3fb743b8-d3ed-4873-9c95-e212720dde21
-KnownVulnerableSamples:
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: Lurker.sys
-  MachineType: ''
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA256: 0fd2df82341bf5ebb8a53682e60d08978100c01acb0bed7b6ce2876ada80f670
-  Signature: []
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create Lurker.sys binPath=C:\windows\temp\Lurker.sys type=kernel
+        && sc.exe start Lurker.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules
-Tags:
-- Lurker.sys
-Verified: 'FALSE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: Lurker.sys
+    MachineType: ''
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA256: 0fd2df82341bf5ebb8a53682e60d08978100c01acb0bed7b6ce2876ada80f670
+    Signature: []
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/404f6db5-6be8-44a9-9898-badd56f96721.yaml b/yaml/404f6db5-6be8-44a9-9898-badd56f96721.yaml
index cfa274611..e22943422 100644
--- a/yaml/404f6db5-6be8-44a9-9898-badd56f96721.yaml
+++ b/yaml/404f6db5-6be8-44a9-9898-badd56f96721.yaml
@@ -1,35 +1,35 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 404f6db5-6be8-44a9-9898-badd56f96721
+Tags:
+- c.sys
+Verified: 'FALSE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create c.sys binPath=C:\windows\temp\c.sys type=kernel && sc.exe
-    start c.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection: []
-Id: 404f6db5-6be8-44a9-9898-badd56f96721
-KnownVulnerableSamples:
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: c.sys
-  MachineType: ''
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA256: cc383ad11e9d06047a1558ed343f389492da3ac2b84b71462aee502a2fa616c8
-  Signature: []
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create c.sys binPath=C:\windows\temp\c.sys type=kernel && sc.exe
+        start c.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules
-Tags:
-- c.sys
-Verified: 'FALSE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: c.sys
+    MachineType: ''
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA256: cc383ad11e9d06047a1558ed343f389492da3ac2b84b71462aee502a2fa616c8
+    Signature: []
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/40bfb01b-d251-4c2c-952e-052a89a76f5b.yaml b/yaml/40bfb01b-d251-4c2c-952e-052a89a76f5b.yaml
index 9797b74a5..32794b4f5 100644
--- a/yaml/40bfb01b-d251-4c2c-952e-052a89a76f5b.yaml
+++ b/yaml/40bfb01b-d251-4c2c-952e-052a89a76f5b.yaml
@@ -1,214 +1,214 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 40bfb01b-d251-4c2c-952e-052a89a76f5b
+Tags:
+- PanMonFltX64.sys
+Verified: 'FALSE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create PanMonFltX64.sys binPath=C:\windows\temp\PanMonFltX64.sys     type=kernel
-    && sc.exe start PanMonFltX64.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/06508aacb4ed0a1398a2b0da5fa2dbf7da435b56da76fd83c759a50a51c75caf.yara
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: 40bfb01b-d251-4c2c-952e-052a89a76f5b
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: fb2c77030c99606abb5d78bd51d6637d
-    SHA1: cc0f86949ee6261f8c3de046112b99595db14c00
-    SHA256: 9544fbc011638cbc168f6ea4740cc6ed6fd331769e191fd64bdf9113eb64fde1
-  Company: Pan Yazilim Bilisim Teknolojileri Tic. Ltd. Sti.
-  Copyright: "Copyright (c) 2012-2014 Pan Yaz\u0131l\u0131m Bilisim Teknolojileri\
-    \ Tic. Ltd. Sti."
-  CreationTimestamp: '2014-05-13 04:15:50'
-  Date: ''
-  Description: PanCafe Manager File Monitor
-  ExportedFunctions: ''
-  FileVersion: 1.0.0.0
-  Filename: PanMonFltX64.sys
-  ImportedFunctions:
-  - KeBugCheckEx
-  - KeAcquireSpinLockRaiseToDpc
-  - ExInterlockedRemoveHeadList
-  - ExInterlockedInsertTailList
-  - RtlEqualUnicodeString
-  - KeReleaseSpinLock
-  - IoQueryFileDosDeviceName
-  - RtlAppendUnicodeStringToString
-  - IoVolumeDeviceToDosName
-  - RtlAppendUnicodeToString
-  - DbgPrint
-  - RtlCopyUnicodeString
-  - PsGetCurrentThreadId
-  - RtlInitUnicodeString
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - __C_specific_handler
-  - FltSendMessage
-  - FltQueryInformationFile
-  - FltStartFiltering
-  - FltParseFileName
-  - FltRegisterFilter
-  - FltBuildDefaultSecurityDescriptor
-  - FltCloseCommunicationPort
-  - FltUnregisterFilter
-  - FltAllocateContext
-  - FltReleaseContext
-  - FltIsDirectory
-  - FltFreeSecurityDescriptor
-  - FltSetInformationFile
-  - FltCreateCommunicationPort
-  - FltDeleteContext
-  - FltCloseClientPort
-  - FltSetStreamHandleContext
-  - FltGetStreamHandleContext
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: PanMonFltX64.sys
-  MD5: 0067c788e1cb174f008c325ebde56c22
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: PanMonFltX64.sys
-  Product: PanCafe Manager
-  ProductVersion: 1.0.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 5d1f68f5e0a96a6328e19ddee6e5dec6
-    SHA1: f9e98fa9ca5d0ad02d278a614237e3e76c816c4f
-    SHA256: fad7365ef6ff458ffb8e56ab08b7738f76f0c7e9eb4c418db6b95c00707d3d4d
-  SHA1: 12d38abbc5391369a4c14f3431715b5b76ac5a2a
-  SHA256: 06508aacb4ed0a1398a2b0da5fa2dbf7da435b56da76fd83c759a50a51c75caf
-  Sections:
-    .text:
-      Entropy: 6.29240907400768
-      Virtual Size: '0x1458'
-    .rdata:
-      Entropy: 3.5547199827710894
-      Virtual Size: '0x4cc'
-    .data:
-      Entropy: 0.3431538312845408
-      Virtual Size: '0x1b8'
-    .pdata:
-      Entropy: 3.737697960317056
-      Virtual Size: '0x15c'
-    PAGE:
-      Entropy: 6.263020524838166
-      Virtual Size: '0xa4f'
-    INIT:
-      Entropy: 5.508547194545659
-      Virtual Size: '0x7b2'
-    .rsrc:
-      Entropy: 3.2818302394966063
-      Virtual Size: '0x468'
-    .reloc:
-      Entropy: 1.4052605014851491
-      Virtual Size: '0x62'
-  Signature:
-  - PAN YAZILIM BILISIM TEKNOLOJILERI TICARET LTD. STI.
-  - GlobalSign CodeSigning CA - G2
-  - GlobalSign
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Timestamping CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2028-01-28 12:00:00'
-      Signature: 4e5e56901e46b4d94931f3bb1739281bc216ddfd41dc0905049b6fb2a29ad6992e40990055b5ea3fa52076d38634d417cc553ac782eeefa8babcd8069f1550dfcd167b523a02d7191afdaff0785ce04bc518df3a241edaacb8a95804020730dbb0125efe31bef00448f4f070f83a5e5683cf3dfb0dbcf4c5ed979db9d4dba52784e3389b8ba735864420a43b6da46a0ba183fd28ebdaef28f6cc885dfb0a3b00abe021ebe22f356c0f8e344597eba2f79933357ecb9a8abb454de73f9fc2d98afa65b26ec77e65ffe892e12c31a2f7b02736488f266f3bee4d761f79c3e57f9635bc2d0ecc01b08e7fff518080a792d4b34446648c874f166307314b63b0dff3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee152d7
-      Version: 3
-      TBS:
-        MD5: e140543fe3256027cfa79fc3c19c1776
-        SHA1: c655f94eb1ecc93de319fc0c9a2dc6c5ec063728
-        SHA256: 3ca71e85908ff67368e4dc00253f5691b9e6d50c966e7784143d75fb92aa3448
-        SHA384: d9d366f9328f2b55ee19a32cc5fd5148b81d764282fe5dc196c872ae249caa51d2c212ef39f33945dfe0cda81925e326
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=SG, O=GMO GlobalSign Pte Ltd, CN=GlobalSign TSA for MS Authenticode
-        , G1
-      ValidFrom: '2013-08-23 00:00:00'
-      ValidTo: '2024-09-23 00:00:00'
-      Signature: 0231142e5857644185e8af12753c881cc35eec2ce9a13cf5baaa531db9d12963dc436786d439dadec6c9ffbe4585f4a4d7c151ea18ee40585ee67bcca241291338c8ea21169cce90a62efba6cad994df401df902182bbef65d4f9fff9a48dbc50509ca80cea0f9dc4bc323e6038fb4b4af5b71296191181a6b7af2fd0dd1cd7d5e98ebba705ee5f4ea43de353dc514818adb3e105ebb72faa1a093ab031cc1653c91138b045d2bc4b9161bcc55c50ce8abe743c9b28328a5531347ab3964b91cea3430b176009521f1d43da8fda00032d76e983ca69c3b0b83becbb8bb2a268c59b8b9aeaf26ace234a2dc210d810b3813f745a3e3dbc4aca16d1bb7e5615cd7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1121405c1f0ed258882be54d8686ba11ea45
-      Version: 3
-      TBS:
-        MD5: b95cbc184d388718612d5933f7b36770
-        SHA1: ff124c5d160710720108616ffee99bbe090ed363
-        SHA256: 13027620255363f07bbf85ae7d0dc06c07d8b0f4368b12f983ee3f4fce605733
-        SHA384: f42ed00f615f2822dcd3d33794477428afb52ddab932ebcde3586f92a27e18f9faba6b3334ca4e59e0cb24bdbf8395a6
-    - Subject: C=TR, ST=ISTANBUL, O=PAN YAZILIM BILISIM TEKNOLOJILERI TICARET LTD.
-        STI., CN=PAN YAZILIM BILISIM TEKNOLOJILERI TICARET LTD. STI.
-      ValidFrom: '2014-04-15 15:12:40'
-      ValidTo: '2015-04-15 10:41:35'
-      Signature: 80c106b241d9ce3836aa7f9cace1ff4019c000e7010613722cb52e25e706045117d0fc96252e9dcea3fbc685222c39fca608d772e3f15cb43d550686265d301bbdc1e45ce75db149dff45be1adb71ee24385407afac778ede4e047359e64e06d29b5bdab18517dd5751cd255bd05600be47f4774be0c97666d5afe6aa64ee53ee9083e0587fd5a2b3767733fd5c1eb58364c4e8823db789da3d0157eb468805f3a0032103e65265ee45cd7181abfb3583d8d3b20d4f6f0a010c0bf01a2d82df1c3a22220e712d83b067aec59990117b623cda1a344a7584fb74145df822b2a709b3ca47a45fd4822d3bcd1691b18ddbb64b7daa42dd63664d796fbf2fc7474ba
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1121506480253469e07e54ee8612041fbb92
-      Version: 3
-      TBS:
-        MD5: f56d9ee0c69c7569e5c15b486bca6e2e
-        SHA1: 819ca6276ed76625e86bb6def0d45f61d37c8975
-        SHA256: b3b13c549110379d1141116de140cad748fb8345208cd31eb2443850a529b53b
-        SHA384: 2f15812fb4c9bba4d8ae7916fa4ffc9ad0a69724d77dc564c89b1e5df3e98b8797b63fcafe68eef9acf1d8817e9988cf
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 1121506480253469e07e54ee8612041fbb92
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 175c5711f3c49a0d929e9e2314b21c6b
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create PanMonFltX64.sys binPath=C:\windows\temp\PanMonFltX64.sys     type=kernel
+        && sc.exe start PanMonFltX64.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules
-Tags:
-- PanMonFltX64.sys
-Verified: 'FALSE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/06508aacb4ed0a1398a2b0da5fa2dbf7da435b56da76fd83c759a50a51c75caf.yara
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: fb2c77030c99606abb5d78bd51d6637d
+        SHA1: cc0f86949ee6261f8c3de046112b99595db14c00
+        SHA256: 9544fbc011638cbc168f6ea4740cc6ed6fd331769e191fd64bdf9113eb64fde1
+    Company: Pan Yazilim Bilisim Teknolojileri Tic. Ltd. Sti.
+    Copyright: "Copyright (c) 2012-2014 Pan Yaz\u0131l\u0131m Bilisim Teknolojileri\
+        \ Tic. Ltd. Sti."
+    CreationTimestamp: '2014-05-13 04:15:50'
+    Date: ''
+    Description: PanCafe Manager File Monitor
+    ExportedFunctions: ''
+    FileVersion: 1.0.0.0
+    Filename: PanMonFltX64.sys
+    ImportedFunctions:
+    - KeBugCheckEx
+    - KeAcquireSpinLockRaiseToDpc
+    - ExInterlockedRemoveHeadList
+    - ExInterlockedInsertTailList
+    - RtlEqualUnicodeString
+    - KeReleaseSpinLock
+    - IoQueryFileDosDeviceName
+    - RtlAppendUnicodeStringToString
+    - IoVolumeDeviceToDosName
+    - RtlAppendUnicodeToString
+    - DbgPrint
+    - RtlCopyUnicodeString
+    - PsGetCurrentThreadId
+    - RtlInitUnicodeString
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - __C_specific_handler
+    - FltSendMessage
+    - FltQueryInformationFile
+    - FltStartFiltering
+    - FltParseFileName
+    - FltRegisterFilter
+    - FltBuildDefaultSecurityDescriptor
+    - FltCloseCommunicationPort
+    - FltUnregisterFilter
+    - FltAllocateContext
+    - FltReleaseContext
+    - FltIsDirectory
+    - FltFreeSecurityDescriptor
+    - FltSetInformationFile
+    - FltCreateCommunicationPort
+    - FltDeleteContext
+    - FltCloseClientPort
+    - FltSetStreamHandleContext
+    - FltGetStreamHandleContext
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: PanMonFltX64.sys
+    MD5: 0067c788e1cb174f008c325ebde56c22
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: PanMonFltX64.sys
+    Product: PanCafe Manager
+    ProductVersion: 1.0.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 5d1f68f5e0a96a6328e19ddee6e5dec6
+        SHA1: f9e98fa9ca5d0ad02d278a614237e3e76c816c4f
+        SHA256: fad7365ef6ff458ffb8e56ab08b7738f76f0c7e9eb4c418db6b95c00707d3d4d
+    SHA1: 12d38abbc5391369a4c14f3431715b5b76ac5a2a
+    SHA256: 06508aacb4ed0a1398a2b0da5fa2dbf7da435b56da76fd83c759a50a51c75caf
+    Sections:
+        .text:
+            Entropy: 6.29240907400768
+            Virtual Size: '0x1458'
+        .rdata:
+            Entropy: 3.5547199827710894
+            Virtual Size: '0x4cc'
+        .data:
+            Entropy: 0.3431538312845408
+            Virtual Size: '0x1b8'
+        .pdata:
+            Entropy: 3.737697960317056
+            Virtual Size: '0x15c'
+        PAGE:
+            Entropy: 6.263020524838166
+            Virtual Size: '0xa4f'
+        INIT:
+            Entropy: 5.508547194545659
+            Virtual Size: '0x7b2'
+        .rsrc:
+            Entropy: 3.2818302394966063
+            Virtual Size: '0x468'
+        .reloc:
+            Entropy: 1.4052605014851491
+            Virtual Size: '0x62'
+    Signature:
+    - PAN YAZILIM BILISIM TEKNOLOJILERI TICARET LTD. STI.
+    - GlobalSign CodeSigning CA - G2
+    - GlobalSign
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Timestamping CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2028-01-28 12:00:00'
+            Signature: 4e5e56901e46b4d94931f3bb1739281bc216ddfd41dc0905049b6fb2a29ad6992e40990055b5ea3fa52076d38634d417cc553ac782eeefa8babcd8069f1550dfcd167b523a02d7191afdaff0785ce04bc518df3a241edaacb8a95804020730dbb0125efe31bef00448f4f070f83a5e5683cf3dfb0dbcf4c5ed979db9d4dba52784e3389b8ba735864420a43b6da46a0ba183fd28ebdaef28f6cc885dfb0a3b00abe021ebe22f356c0f8e344597eba2f79933357ecb9a8abb454de73f9fc2d98afa65b26ec77e65ffe892e12c31a2f7b02736488f266f3bee4d761f79c3e57f9635bc2d0ecc01b08e7fff518080a792d4b34446648c874f166307314b63b0dff3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee152d7
+            Version: 3
+            TBS:
+                MD5: e140543fe3256027cfa79fc3c19c1776
+                SHA1: c655f94eb1ecc93de319fc0c9a2dc6c5ec063728
+                SHA256: 3ca71e85908ff67368e4dc00253f5691b9e6d50c966e7784143d75fb92aa3448
+                SHA384: d9d366f9328f2b55ee19a32cc5fd5148b81d764282fe5dc196c872ae249caa51d2c212ef39f33945dfe0cda81925e326
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=SG, O=GMO GlobalSign Pte Ltd, CN=GlobalSign TSA for MS Authenticode
+                , G1
+            ValidFrom: '2013-08-23 00:00:00'
+            ValidTo: '2024-09-23 00:00:00'
+            Signature: 0231142e5857644185e8af12753c881cc35eec2ce9a13cf5baaa531db9d12963dc436786d439dadec6c9ffbe4585f4a4d7c151ea18ee40585ee67bcca241291338c8ea21169cce90a62efba6cad994df401df902182bbef65d4f9fff9a48dbc50509ca80cea0f9dc4bc323e6038fb4b4af5b71296191181a6b7af2fd0dd1cd7d5e98ebba705ee5f4ea43de353dc514818adb3e105ebb72faa1a093ab031cc1653c91138b045d2bc4b9161bcc55c50ce8abe743c9b28328a5531347ab3964b91cea3430b176009521f1d43da8fda00032d76e983ca69c3b0b83becbb8bb2a268c59b8b9aeaf26ace234a2dc210d810b3813f745a3e3dbc4aca16d1bb7e5615cd7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1121405c1f0ed258882be54d8686ba11ea45
+            Version: 3
+            TBS:
+                MD5: b95cbc184d388718612d5933f7b36770
+                SHA1: ff124c5d160710720108616ffee99bbe090ed363
+                SHA256: 13027620255363f07bbf85ae7d0dc06c07d8b0f4368b12f983ee3f4fce605733
+                SHA384: f42ed00f615f2822dcd3d33794477428afb52ddab932ebcde3586f92a27e18f9faba6b3334ca4e59e0cb24bdbf8395a6
+        -   Subject: C=TR, ST=ISTANBUL, O=PAN YAZILIM BILISIM TEKNOLOJILERI TICARET
+                LTD. STI., CN=PAN YAZILIM BILISIM TEKNOLOJILERI TICARET LTD. STI.
+            ValidFrom: '2014-04-15 15:12:40'
+            ValidTo: '2015-04-15 10:41:35'
+            Signature: 80c106b241d9ce3836aa7f9cace1ff4019c000e7010613722cb52e25e706045117d0fc96252e9dcea3fbc685222c39fca608d772e3f15cb43d550686265d301bbdc1e45ce75db149dff45be1adb71ee24385407afac778ede4e047359e64e06d29b5bdab18517dd5751cd255bd05600be47f4774be0c97666d5afe6aa64ee53ee9083e0587fd5a2b3767733fd5c1eb58364c4e8823db789da3d0157eb468805f3a0032103e65265ee45cd7181abfb3583d8d3b20d4f6f0a010c0bf01a2d82df1c3a22220e712d83b067aec59990117b623cda1a344a7584fb74145df822b2a709b3ca47a45fd4822d3bcd1691b18ddbb64b7daa42dd63664d796fbf2fc7474ba
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1121506480253469e07e54ee8612041fbb92
+            Version: 3
+            TBS:
+                MD5: f56d9ee0c69c7569e5c15b486bca6e2e
+                SHA1: 819ca6276ed76625e86bb6def0d45f61d37c8975
+                SHA256: b3b13c549110379d1141116de140cad748fb8345208cd31eb2443850a529b53b
+                SHA384: 2f15812fb4c9bba4d8ae7916fa4ffc9ad0a69724d77dc564c89b1e5df3e98b8797b63fcafe68eef9acf1d8817e9988cf
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 1121506480253469e07e54ee8612041fbb92
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 175c5711f3c49a0d929e9e2314b21c6b
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/412f4aaf-5525-458c-b87e-311e504b856d.yaml b/yaml/412f4aaf-5525-458c-b87e-311e504b856d.yaml
index 924dddf4f..1c3d589cc 100644
--- a/yaml/412f4aaf-5525-458c-b87e-311e504b856d.yaml
+++ b/yaml/412f4aaf-5525-458c-b87e-311e504b856d.yaml
@@ -1,153 +1,153 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 412f4aaf-5525-458c-b87e-311e504b856d
+Tags:
+- mJj0ge.sys
+Verified: 'TRUE'
 Author: Guus Verbeek
-Category: malicious
-Commands:
-  Command: sc.exe create mJj0ge.sys binPath=C:\windows\temp\mJj0ge.sys type=kernel
-    && sc.exe start mJj0ge.sys
-  Description: The criminals signed their AV-killer malware, closely related to one
-    known as BURNTCIGAR, with a legitimate WHCP certificate
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-05-07'
-Detection: []
-Id: 412f4aaf-5525-458c-b87e-311e504b856d
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 83f21305be7f7633dd4c48cf1d523ad9
-    SHA1: 707122f1d7cac4419bd5e5d2da1eb947852d38c0
-    SHA256: a720c9a95ab33b29c19fc37fed2b4d2079a2e4b9bd861d406043bd6010fc4d71
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2022-06-02 04:09:08'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: mJj0ge.sys
-  ImportedFunctions:
-  - rand
-  - ExAllocatePool
-  - NtQuerySystemInformation
-  - ExFreePoolWithTag
-  - IoAllocateMdl
-  - MmProbeAndLockPages
-  - MmMapLockedPagesSpecifyCache
-  - MmUnlockPages
-  - IoFreeMdl
-  - KeQueryActiveProcessors
-  - KeSetSystemAffinityThread
-  - KeRevertToUserAffinityThread
-  - DbgPrint
-  - KeQueryPerformanceCounter
-  Imports:
-  - ntoskrnl.exe
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: 3d0b3e19262099ade884b75ba86ca7e8
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: ffdf660eb1ebf020a1d0a55a90712dfb
-    SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
-    SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
-  SHA1: 0883a9c54e8442a551994989db6fc694f1086d41
-  SHA256: 5f6fec8f7890d032461b127332759c88a1b7360aa10c6bd38482572f59d2ba8b
-  Sections:
-    .text:
-      Entropy: 0.0
-      Virtual Size: '0x16a8'
-    .rdata:
-      Entropy: 0.0
-      Virtual Size: '0x5b0'
-    .data:
-      Entropy: 0.0
-      Virtual Size: '0x110'
-    .pdata:
-      Entropy: 0.0
-      Virtual Size: '0x15c'
-    INIT:
-      Entropy: 0.0
-      Virtual Size: '0x3ee'
-    .=Kh:
-      Entropy: 0.0
-      Virtual Size: '0x1475cd'
-    .f$[:
-      Entropy: 0.9358240835129747
-      Virtual Size: '0x200'
-    .}4A:
-      Entropy: 7.704946018916512
-      Virtual Size: '0x291c30'
-    .reloc:
-      Entropy: 3.9221996373565777
-      Virtual Size: '0xd0'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=CN, ST=Beijing, L=Beijing, O=Beijing JoinHope Image Technology Ltd.,
-        CN=Beijing JoinHope Image Technology Ltd.
-      ValidFrom: '2014-05-16 00:00:00'
-      ValidTo: '2015-05-16 23:59:59'
-      Signature: e896f8811ed9938fcbdc8c37f8c029045bb36722791c608d7d59f1d50b9e8923777b3ce973553c8164d7445f038c3720516d74f2f95fd734cd1349c1e6cf17f1c9042f069fb94350f7cd8f36f676fd175742d32adbc5d143423e3bc38bea71f9d021110303529d578ba7aab16d53c61642cf1f7e16964718a083182429d4347a09ea0047d9e53bad112ca5a5a14a180539ceb64000a677709bb70e9e3aea68158977072e7f130f1f99b08c2593b4003523f3f6cd441a7e4d8e88f3a2b871e6a03627dd3dadd97487df1dc5b93119ec65b60d1e4e0248a1978ee7480c08b8b8e54d890e7941aa852cf65d731cf0a6cf66584a0d0fba70d6697ee22a8d859919f4
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0a005d2e2bcd4137168217d8c727747c
-      Version: 3
-      TBS:
-        MD5: 4d213d99215f488050faaa39765656d1
-        SHA1: 0308508b5a3fcd330bbf28931f8e1a9c93c3ee69
-        SHA256: ea947432de238a25fdb7892e436f4ef44f30ab16ae9e1eb914860f4808b25ef2
-        SHA384: 430e932514f35ed55f31f050f33bcc0b9244fd83c6d1d28ee240306e54292e93b5894ef4eb9c09bf84cdc8068c6a7230
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 0a005d2e2bcd4137168217d8c727747c
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 2a008187d4a73284ddcc43f1b727b513
-  LoadsDespiteHVCI: 'TRUE'
 MitreID: T1068
+Category: malicious
+Commands:
+    Command: sc.exe create mJj0ge.sys binPath=C:\windows\temp\mJj0ge.sys type=kernel
+        && sc.exe start mJj0ge.sys
+    Description: The criminals signed their AV-killer malware, closely related to
+        one known as BURNTCIGAR, with a legitimate WHCP certificate
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://news.sophos.com/en-us/2022/12/13/signed-driver-malware-moves-up-the-software-trust-chain/
-Tags:
-- mJj0ge.sys
-Verified: 'TRUE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 83f21305be7f7633dd4c48cf1d523ad9
+        SHA1: 707122f1d7cac4419bd5e5d2da1eb947852d38c0
+        SHA256: a720c9a95ab33b29c19fc37fed2b4d2079a2e4b9bd861d406043bd6010fc4d71
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2022-06-02 04:09:08'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: mJj0ge.sys
+    ImportedFunctions:
+    - rand
+    - ExAllocatePool
+    - NtQuerySystemInformation
+    - ExFreePoolWithTag
+    - IoAllocateMdl
+    - MmProbeAndLockPages
+    - MmMapLockedPagesSpecifyCache
+    - MmUnlockPages
+    - IoFreeMdl
+    - KeQueryActiveProcessors
+    - KeSetSystemAffinityThread
+    - KeRevertToUserAffinityThread
+    - DbgPrint
+    - KeQueryPerformanceCounter
+    Imports:
+    - ntoskrnl.exe
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: 3d0b3e19262099ade884b75ba86ca7e8
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: ffdf660eb1ebf020a1d0a55a90712dfb
+        SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
+        SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
+    SHA1: 0883a9c54e8442a551994989db6fc694f1086d41
+    SHA256: 5f6fec8f7890d032461b127332759c88a1b7360aa10c6bd38482572f59d2ba8b
+    Sections:
+        .text:
+            Entropy: 0.0
+            Virtual Size: '0x16a8'
+        .rdata:
+            Entropy: 0.0
+            Virtual Size: '0x5b0'
+        .data:
+            Entropy: 0.0
+            Virtual Size: '0x110'
+        .pdata:
+            Entropy: 0.0
+            Virtual Size: '0x15c'
+        INIT:
+            Entropy: 0.0
+            Virtual Size: '0x3ee'
+        .=Kh:
+            Entropy: 0.0
+            Virtual Size: '0x1475cd'
+        .f$[:
+            Entropy: 0.9358240835129747
+            Virtual Size: '0x200'
+        .}4A:
+            Entropy: 7.704946018916512
+            Virtual Size: '0x291c30'
+        .reloc:
+            Entropy: 3.9221996373565777
+            Virtual Size: '0xd0'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=CN, ST=Beijing, L=Beijing, O=Beijing JoinHope Image Technology
+                Ltd., CN=Beijing JoinHope Image Technology Ltd.
+            ValidFrom: '2014-05-16 00:00:00'
+            ValidTo: '2015-05-16 23:59:59'
+            Signature: e896f8811ed9938fcbdc8c37f8c029045bb36722791c608d7d59f1d50b9e8923777b3ce973553c8164d7445f038c3720516d74f2f95fd734cd1349c1e6cf17f1c9042f069fb94350f7cd8f36f676fd175742d32adbc5d143423e3bc38bea71f9d021110303529d578ba7aab16d53c61642cf1f7e16964718a083182429d4347a09ea0047d9e53bad112ca5a5a14a180539ceb64000a677709bb70e9e3aea68158977072e7f130f1f99b08c2593b4003523f3f6cd441a7e4d8e88f3a2b871e6a03627dd3dadd97487df1dc5b93119ec65b60d1e4e0248a1978ee7480c08b8b8e54d890e7941aa852cf65d731cf0a6cf66584a0d0fba70d6697ee22a8d859919f4
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0a005d2e2bcd4137168217d8c727747c
+            Version: 3
+            TBS:
+                MD5: 4d213d99215f488050faaa39765656d1
+                SHA1: 0308508b5a3fcd330bbf28931f8e1a9c93c3ee69
+                SHA256: ea947432de238a25fdb7892e436f4ef44f30ab16ae9e1eb914860f4808b25ef2
+                SHA384: 430e932514f35ed55f31f050f33bcc0b9244fd83c6d1d28ee240306e54292e93b5894ef4eb9c09bf84cdc8068c6a7230
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 0a005d2e2bcd4137168217d8c727747c
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 2a008187d4a73284ddcc43f1b727b513
+    LoadsDespiteHVCI: 'TRUE'
diff --git a/yaml/4137ecf0-05e7-463a-94da-47b7259d4433.yaml b/yaml/4137ecf0-05e7-463a-94da-47b7259d4433.yaml
index f3a18e98c..15d3b03d1 100644
--- a/yaml/4137ecf0-05e7-463a-94da-47b7259d4433.yaml
+++ b/yaml/4137ecf0-05e7-463a-94da-47b7259d4433.yaml
@@ -1,61 +1,61 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 4137ecf0-05e7-463a-94da-47b7259d4433
+Tags:
+- 81.sys
+Verified: 'FALSE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create 81.sys binPath=C:\windows\temp\81.sys type=kernel && sc.exe
-    start 81.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection: []
-Id: 4137ecf0-05e7-463a-94da-47b7259d4433
-KnownVulnerableSamples:
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: 81.sys
-  MachineType: ''
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: faa870b0cb15c9ac2b9bba5d0470bd501ccd4326
-  Signature: []
-  LoadsDespiteHVCI: 'FALSE'
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: 81.sys
-  MachineType: ''
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: aca8e53483b40a06dfdee81bb364b1622f9156fe
-  Signature: []
-  LoadsDespiteHVCI: 'FALSE'
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: 81.sys
-  MachineType: ''
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: 05ac1c64ca16ab0517fe85d4499d08199e63df26
-  Signature: []
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create 81.sys binPath=C:\windows\temp\81.sys type=kernel && sc.exe
+        start 81.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules
-Tags:
-- 81.sys
-Verified: 'FALSE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: 81.sys
+    MachineType: ''
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: faa870b0cb15c9ac2b9bba5d0470bd501ccd4326
+    Signature: []
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: 81.sys
+    MachineType: ''
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: aca8e53483b40a06dfdee81bb364b1622f9156fe
+    Signature: []
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: 81.sys
+    MachineType: ''
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: 05ac1c64ca16ab0517fe85d4499d08199e63df26
+    Signature: []
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/43d0af25-c066-471f-bb73-6ce25dc7e0eb.yaml b/yaml/43d0af25-c066-471f-bb73-6ce25dc7e0eb.yaml
index 1d29f8f1f..57ce1ae46 100644
--- a/yaml/43d0af25-c066-471f-bb73-6ce25dc7e0eb.yaml
+++ b/yaml/43d0af25-c066-471f-bb73-6ce25dc7e0eb.yaml
@@ -1,218 +1,218 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 43d0af25-c066-471f-bb73-6ce25dc7e0eb
+Tags:
+- Dh_Kernel.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create Dh_Kernel.sys binPath=C:\windows\temp\Dh_Kernel.sys type=kernel
-    && sc.exe start Dh_Kernel.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/bb50818a07b0eb1bd317467139b7eb4bad6cd89053fecdabfeae111689825955.yara
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: 43d0af25-c066-471f-bb73-6ce25dc7e0eb
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 2d03bf608f236ee1f4654e06857a3062
-    SHA1: 508c1a26486188aa1268d6c23c65e57b8efe71f6
-    SHA256: f5215f83138901ca7ade60c2222446fa3dd7e8900a745bd339f8a596cb29356c
-  Company: YY Inc.
-  Copyright: "Copyright \xA9 2007-2017 YY Inc. All rights reserved."
-  CreationTimestamp: '2018-01-18 21:39:32'
-  Date: ''
-  Description: dianhu
-  ExportedFunctions: ''
-  FileVersion: 1.0.99
-  Filename: Dh_Kernel.sys
-  ImportedFunctions:
-  - ExFreePoolWithTag
-  - ProbeForRead
-  - MmProbeAndLockPages
-  - MmBuildMdlForNonPagedPool
-  - MmMapLockedPages
-  - MmGetSystemRoutineAddress
-  - MmUnmapLockedPages
-  - MmCreateMdl
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - IoFreeMdl
-  - ExAllocatePoolWithTag
-  - MmIsAddressValid
-  - KeAttachProcess
-  - KeDetachProcess
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - PsLookupProcessByProcessId
-  - PsGetProcessSectionBaseAddress
-  - KeBugCheckEx
-  - __C_specific_handler
-  - RtlCopyUnicodeString
-  - ExAllocatePool
-  - DbgPrintEx
-  - RtlInitUnicodeString
-  - ObfDereferenceObject
-  - _stricmp
-  - WdfVersionBindClass
-  - WdfVersionBind
-  - WdfVersionUnbind
-  - WdfVersionUnbindClass
-  Imports:
-  - ntoskrnl.exe
-  - WDFLDR.SYS
-  InternalName: ''
-  MD5: 98763a3dee3cf03de334f00f95fc071a
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: dianhu
-  ProductVersion: 1.0.99
-  Publisher: YY Inc.
-  RichPEHeaderHash:
-    MD5: 29491e8e7f428022f1e82366bfc238ae
-    SHA1: a03ed5fa635033941e81b4e09dc5f9168f1c6d1b
-    SHA256: e3405f700509557ccbde0682b8a2e77152965a5ae152bb139b55c4e7262d6f21
-  SHA1: 745bad097052134548fe159f158c04be5616afc2
-  SHA256: bb50818a07b0eb1bd317467139b7eb4bad6cd89053fecdabfeae111689825955
-  Sections:
-    .text:
-      Entropy: 6.129655537397785
-      Virtual Size: '0x1670'
-    .rdata:
-      Entropy: 4.054446562472431
-      Virtual Size: '0x768'
-    .data:
-      Entropy: 0.6580185257943139
-      Virtual Size: '0xfc0'
-    .pdata:
-      Entropy: 3.9409695700497185
-      Virtual Size: '0x18c'
-    .gfids:
-      Entropy: 0.8112781244591328
-      Virtual Size: '0x4'
-    INIT:
-      Entropy: 5.035770702298317
-      Virtual Size: '0x4ac'
-    .rsrc:
-      Entropy: 3.2019276464793474
-      Virtual Size: '0x468'
-    .reloc:
-      Entropy: 3.066603109673247
-      Virtual Size: '0x28'
-  Signature:
-  - YY Inc.
-  - VeriSign Class 3 Code Signing 2010 CA
-  - VeriSign
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=CN, ST=Guangdong, L=Guangzhou, O=YY Inc., OU=PM, CN=YY Inc.
-      ValidFrom: '2015-07-17 00:00:00'
-      ValidTo: '2018-10-15 23:59:59'
-      Signature: d4ce401727e18291036ff6c80bbc6345f4a165c55b6068af11d818772ceb6767e1d9b1b825acfe295bea0c2c2394dd1c04df89e70de7f9deae21ea00853299fc7b22a8e2d20558247695d870fead281c48d6ad4b2075958924d3436d456c6d649b4fd4098c23154a83c40c39273ddcf400a547c68da9db339fe845205865f78d32933bb6a161539c4c07c972411907ece60770fdcc02a683d8f46980e5432c1af11cc684a9a681311ca440b068ce32a0cb2e446aade3829376fc6407d11c8d4f7ad253f45e95673a272aac9f1a1ad9156f9059f34dc444860e40e33847b0d629fe8097f9e82371973e7236de9a5b4bad1840b7961b81f9b7fcb6510e180a5a18
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 53603f0f228be591521b9822ca852ad4
-      Version: 3
-      TBS:
-        MD5: 5c7d7b0dade70cf4b9066854dcf5a8d4
-        SHA1: 6f330267dc23c8950da764bb52dfeb013ea22221
-        SHA256: cdb0fa6086e4c825e8df60047d9586a90fd86f5b5e434e82fa362b6126085111
-        SHA384: a716a75090503141fd275d5751d8da1b3f99dcf04f5cd30ee74869d30238abe837e4058a4ce27e7eea584e3432c754ce
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 53603f0f228be591521b9822ca852ad4
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 683bc425e3d8c21f9473a238a0645a4e
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create Dh_Kernel.sys binPath=C:\windows\temp\Dh_Kernel.sys type=kernel
+        && sc.exe start Dh_Kernel.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://github.com/namazso/physmem_drivers
-Tags:
-- Dh_Kernel.sys
-Verified: 'TRUE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/bb50818a07b0eb1bd317467139b7eb4bad6cd89053fecdabfeae111689825955.yara
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 2d03bf608f236ee1f4654e06857a3062
+        SHA1: 508c1a26486188aa1268d6c23c65e57b8efe71f6
+        SHA256: f5215f83138901ca7ade60c2222446fa3dd7e8900a745bd339f8a596cb29356c
+    Company: YY Inc.
+    Copyright: "Copyright \xA9 2007-2017 YY Inc. All rights reserved."
+    CreationTimestamp: '2018-01-18 21:39:32'
+    Date: ''
+    Description: dianhu
+    ExportedFunctions: ''
+    FileVersion: 1.0.99
+    Filename: Dh_Kernel.sys
+    ImportedFunctions:
+    - ExFreePoolWithTag
+    - ProbeForRead
+    - MmProbeAndLockPages
+    - MmBuildMdlForNonPagedPool
+    - MmMapLockedPages
+    - MmGetSystemRoutineAddress
+    - MmUnmapLockedPages
+    - MmCreateMdl
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - IoFreeMdl
+    - ExAllocatePoolWithTag
+    - MmIsAddressValid
+    - KeAttachProcess
+    - KeDetachProcess
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - PsLookupProcessByProcessId
+    - PsGetProcessSectionBaseAddress
+    - KeBugCheckEx
+    - __C_specific_handler
+    - RtlCopyUnicodeString
+    - ExAllocatePool
+    - DbgPrintEx
+    - RtlInitUnicodeString
+    - ObfDereferenceObject
+    - _stricmp
+    - WdfVersionBindClass
+    - WdfVersionBind
+    - WdfVersionUnbind
+    - WdfVersionUnbindClass
+    Imports:
+    - ntoskrnl.exe
+    - WDFLDR.SYS
+    InternalName: ''
+    MD5: 98763a3dee3cf03de334f00f95fc071a
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: dianhu
+    ProductVersion: 1.0.99
+    Publisher: YY Inc.
+    RichPEHeaderHash:
+        MD5: 29491e8e7f428022f1e82366bfc238ae
+        SHA1: a03ed5fa635033941e81b4e09dc5f9168f1c6d1b
+        SHA256: e3405f700509557ccbde0682b8a2e77152965a5ae152bb139b55c4e7262d6f21
+    SHA1: 745bad097052134548fe159f158c04be5616afc2
+    SHA256: bb50818a07b0eb1bd317467139b7eb4bad6cd89053fecdabfeae111689825955
+    Sections:
+        .text:
+            Entropy: 6.129655537397785
+            Virtual Size: '0x1670'
+        .rdata:
+            Entropy: 4.054446562472431
+            Virtual Size: '0x768'
+        .data:
+            Entropy: 0.6580185257943139
+            Virtual Size: '0xfc0'
+        .pdata:
+            Entropy: 3.9409695700497185
+            Virtual Size: '0x18c'
+        .gfids:
+            Entropy: 0.8112781244591328
+            Virtual Size: '0x4'
+        INIT:
+            Entropy: 5.035770702298317
+            Virtual Size: '0x4ac'
+        .rsrc:
+            Entropy: 3.2019276464793474
+            Virtual Size: '0x468'
+        .reloc:
+            Entropy: 3.066603109673247
+            Virtual Size: '0x28'
+    Signature:
+    - YY Inc.
+    - VeriSign Class 3 Code Signing 2010 CA
+    - VeriSign
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=CN, ST=Guangdong, L=Guangzhou, O=YY Inc., OU=PM, CN=YY Inc.
+            ValidFrom: '2015-07-17 00:00:00'
+            ValidTo: '2018-10-15 23:59:59'
+            Signature: d4ce401727e18291036ff6c80bbc6345f4a165c55b6068af11d818772ceb6767e1d9b1b825acfe295bea0c2c2394dd1c04df89e70de7f9deae21ea00853299fc7b22a8e2d20558247695d870fead281c48d6ad4b2075958924d3436d456c6d649b4fd4098c23154a83c40c39273ddcf400a547c68da9db339fe845205865f78d32933bb6a161539c4c07c972411907ece60770fdcc02a683d8f46980e5432c1af11cc684a9a681311ca440b068ce32a0cb2e446aade3829376fc6407d11c8d4f7ad253f45e95673a272aac9f1a1ad9156f9059f34dc444860e40e33847b0d629fe8097f9e82371973e7236de9a5b4bad1840b7961b81f9b7fcb6510e180a5a18
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 53603f0f228be591521b9822ca852ad4
+            Version: 3
+            TBS:
+                MD5: 5c7d7b0dade70cf4b9066854dcf5a8d4
+                SHA1: 6f330267dc23c8950da764bb52dfeb013ea22221
+                SHA256: cdb0fa6086e4c825e8df60047d9586a90fd86f5b5e434e82fa362b6126085111
+                SHA384: a716a75090503141fd275d5751d8da1b3f99dcf04f5cd30ee74869d30238abe837e4058a4ce27e7eea584e3432c754ce
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 53603f0f228be591521b9822ca852ad4
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 683bc425e3d8c21f9473a238a0645a4e
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/457f8b21-202a-4a3d-a18d-b4aaded9ef02.yaml b/yaml/457f8b21-202a-4a3d-a18d-b4aaded9ef02.yaml
index 5883db2ac..2dbbf3882 100644
--- a/yaml/457f8b21-202a-4a3d-a18d-b4aaded9ef02.yaml
+++ b/yaml/457f8b21-202a-4a3d-a18d-b4aaded9ef02.yaml
@@ -1,35 +1,35 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 457f8b21-202a-4a3d-a18d-b4aaded9ef02
+Tags:
+- WinIo64B.sys
+Verified: 'FALSE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create WinIo64B.sys binPath=C:\windows\temp\WinIo64B.sys type=kernel
-    && sc.exe start WinIo64B.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection: []
-Id: 457f8b21-202a-4a3d-a18d-b4aaded9ef02
-KnownVulnerableSamples:
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: WinIo64B.sys
-  MachineType: ''
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: f18e669127c041431cde8f2d03b15cfc20696056
-  Signature: []
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create WinIo64B.sys binPath=C:\windows\temp\WinIo64B.sys type=kernel
+        && sc.exe start WinIo64B.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules
-Tags:
-- WinIo64B.sys
-Verified: 'FALSE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: WinIo64B.sys
+    MachineType: ''
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: f18e669127c041431cde8f2d03b15cfc20696056
+    Signature: []
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/45c42e32-6261-43c1-bdbd-cab58da729d8.yaml b/yaml/45c42e32-6261-43c1-bdbd-cab58da729d8.yaml
index 3fa595325..e02e768a3 100644
--- a/yaml/45c42e32-6261-43c1-bdbd-cab58da729d8.yaml
+++ b/yaml/45c42e32-6261-43c1-bdbd-cab58da729d8.yaml
@@ -1,161 +1,161 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 45c42e32-6261-43c1-bdbd-cab58da729d8
+Tags:
+- capcom2.sys
+Verified: 'TRUE'
 Author: Michael Haag
+Created: '2023-07-22'
+MitreID: T1068
 CVE:
 - ''
 Category: vulnerable drivers
 Commands:
-  Command: ''
-  Description: Confirmed vulnerable driver from Microsoft Block List
-  OperatingSystem: Windows
-  Privileges: kernel
-  Usecase: Elevate privileges
-Created: '2023-07-22'
-Detection:
-- type: ''
-  value: ''
-Id: 45c42e32-6261-43c1-bdbd-cab58da729d8
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 37458813b5115cbf06552da28fefbbbb
-    SHA1: 1d1cafc73c97c6bcd2331f8777d90fdca57125a3
-    SHA256: faa08cb609a5b7be6bfdb61f1e4a5e8adf2f5a1d2492f262483df7326934f5d4
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2016-09-05 00:43:33'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - IofCompleteRequest
-  - MmGetSystemRoutineAddress
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - IoDeleteDevice
-  Imports:
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: 1838e8ea8b471a6fc54a06e8a796b118
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: b2f23c03be4553a744ff25735a80073c
-    SHA1: 2703d60c8f12df9d6adf5ae475bfeb1786486888
-    SHA256: 46ffd109664b6694974986a39d508002d564434d60a0fb9f861401f2cb2c83f1
-  SHA1: ac5bd1e80e59b3c5c15b298f269bf065f57ac3f2
-  SHA256: 6621fb2e761237d2b09863fd31951789697f119d118d2e5db0e957ab0173f06a
-  Sections:
-    .text:
-      Entropy: 5.848826218029174
-      Virtual Size: '0x4e0'
-    .data:
-      Entropy: -0.0
-      Virtual Size: '0xc0'
-    .pdata:
-      Entropy: 3.006469661076665
-      Virtual Size: '0x48'
-    .info:
-      Entropy: 1.3665783978789787
-      Virtual Size: '0xa0'
-    INIT:
-      Entropy: 4.123682579107587
-      Virtual Size: '0x114'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=JP, ST=Osaka, L=Chuo,ku, O=CAPCOM Co.,Ltd., OU=R&D Asset Management
-        Section, CN=CAPCOM Co.,Ltd.
-      ValidFrom: '2016-05-02 00:00:00'
-      ValidTo: '2017-05-02 23:59:59'
-      Signature: 6b29c609e5a3bc4d2e3b59a22b42cfdcf409104be6cc7767624c4f96d585ef8243554de2513754867f64e7fdd39b00956903eee7ac6087641b82d8d49548202b8349085d9298c8e2498f2094190aa46cdda0510d937d4ab73ba469229672407822b47c4f1312475a14adcb291a101f0360acdcfa64a6aac9147b034fcea762c2a68a103885208922461990ef0bf3e602ba942257b36604ef4832c715d5320b99d5fd5ba7a76128ed6d0ba7cf90c4362ee2a96422fa4a69d5af070babf4ad786adfa43a21d1ae93fedfcef13b7e2f56b7c619f7d40bcaf8756e09797a9928daa90a582c8e7180cdb62f47c0873cc708f3e396820a7fdef929190fe86dea0b2566
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 7e59408d3c99c511a853fb2f73c03dc4
-      Version: 3
-      TBS:
-        MD5: a9f59eaae33b89f4e1abd1f49343dcac
-        SHA1: 070bcfc8c776cb0c28f80c39c84633e233bea90a
-        SHA256: 30107b5e2bcaa8ae8a2c0682c78b4b79377ca56f6a84c5610ebfc0adcf7b21ad
-        SHA384: b2dfce32fc217b83ce010a7f866e8dfc1dea72f11580521aa400c155b924432707abf72f279939ca1136d84800d445cf
-    - Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 SHA256 Code Signing CA
-      ValidFrom: '2013-12-10 00:00:00'
-      ValidTo: '2023-12-09 23:59:59'
-      Signature: 13851a1e69a937f7a0bda4af7e1d6153fe9d8c5e0ca6751e781723ddfdec1a035539fb7195c7655aa78e30d2445a61db706fda2105c22e73ba49f1d193fe5dc9cd5e03e0899e3f741ed7f7388ba9d6cfbb352f3358a89256d1c84d3b82e6798416fc28b0b147f31da23eee87d9a67fa456a53fad842e29de7cbca8aaa33d0401eaba93a20e502229174c87e43a115fd6a425899b056b2fb4c9014c277b0bac190522a060153fdac9fb4d4c8ffb726777fd2794c7ba350e8849fe8dfd28af4a12bd0db39705de440c15fa362b03dcc15001f1a1115d14e5e2bd274b54be2b845e0fa6c374050aef97c38922b11f77f3bdcd43d4f14ca93fb58b84af64f2d01421
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 3d78d7f9764960b2617df4f01eca862a
-      Version: 3
-      TBS:
-        MD5: 1f056ff7d5f874984dc605402b7cb042
-        SHA1: bdb348353a2203deb4b767914fa1bd7248dd728b
-        SHA256: a08e79c386083d875014c409c13d144e0a24386132980df11ff59737c8489eb1
-        SHA384: fa2729064b49e0d77540c1ee95d5f74acaf8eaf55197851a3a40383335f8113e51190bc48b552196edf8ac5cf0c89278
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    Signer:
-    - SerialNumber: 7e59408d3c99c511a853fb2f73c03dc4
-      Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 SHA256 Code Signing CA
-      Version: 1
-  Imphash: 45bfe170e0cd654bc1e2ae3fca3ac3f4
-  LoadsDespiteHVCI: 'FALSE'
-MitreID: T1068
+    Command: ''
+    Description: Confirmed vulnerable driver from Microsoft Block List
+    OperatingSystem: Windows
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://gist.github.com/mgraeber-rc/1bde6a2a83237f17b463d051d32e802c
-Tags:
-- capcom2.sys
-Verified: 'TRUE'
+Detection:
+-   type: ''
+    value: ''
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 37458813b5115cbf06552da28fefbbbb
+        SHA1: 1d1cafc73c97c6bcd2331f8777d90fdca57125a3
+        SHA256: faa08cb609a5b7be6bfdb61f1e4a5e8adf2f5a1d2492f262483df7326934f5d4
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2016-09-05 00:43:33'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - IofCompleteRequest
+    - MmGetSystemRoutineAddress
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - IoDeleteDevice
+    Imports:
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: 1838e8ea8b471a6fc54a06e8a796b118
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: b2f23c03be4553a744ff25735a80073c
+        SHA1: 2703d60c8f12df9d6adf5ae475bfeb1786486888
+        SHA256: 46ffd109664b6694974986a39d508002d564434d60a0fb9f861401f2cb2c83f1
+    SHA1: ac5bd1e80e59b3c5c15b298f269bf065f57ac3f2
+    SHA256: 6621fb2e761237d2b09863fd31951789697f119d118d2e5db0e957ab0173f06a
+    Sections:
+        .text:
+            Entropy: 5.848826218029174
+            Virtual Size: '0x4e0'
+        .data:
+            Entropy: -0.0
+            Virtual Size: '0xc0'
+        .pdata:
+            Entropy: 3.006469661076665
+            Virtual Size: '0x48'
+        .info:
+            Entropy: 1.3665783978789787
+            Virtual Size: '0xa0'
+        INIT:
+            Entropy: 4.123682579107587
+            Virtual Size: '0x114'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=JP, ST=Osaka, L=Chuo,ku, O=CAPCOM Co.,Ltd., OU=R&D Asset Management
+                Section, CN=CAPCOM Co.,Ltd.
+            ValidFrom: '2016-05-02 00:00:00'
+            ValidTo: '2017-05-02 23:59:59'
+            Signature: 6b29c609e5a3bc4d2e3b59a22b42cfdcf409104be6cc7767624c4f96d585ef8243554de2513754867f64e7fdd39b00956903eee7ac6087641b82d8d49548202b8349085d9298c8e2498f2094190aa46cdda0510d937d4ab73ba469229672407822b47c4f1312475a14adcb291a101f0360acdcfa64a6aac9147b034fcea762c2a68a103885208922461990ef0bf3e602ba942257b36604ef4832c715d5320b99d5fd5ba7a76128ed6d0ba7cf90c4362ee2a96422fa4a69d5af070babf4ad786adfa43a21d1ae93fedfcef13b7e2f56b7c619f7d40bcaf8756e09797a9928daa90a582c8e7180cdb62f47c0873cc708f3e396820a7fdef929190fe86dea0b2566
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 7e59408d3c99c511a853fb2f73c03dc4
+            Version: 3
+            TBS:
+                MD5: a9f59eaae33b89f4e1abd1f49343dcac
+                SHA1: 070bcfc8c776cb0c28f80c39c84633e233bea90a
+                SHA256: 30107b5e2bcaa8ae8a2c0682c78b4b79377ca56f6a84c5610ebfc0adcf7b21ad
+                SHA384: b2dfce32fc217b83ce010a7f866e8dfc1dea72f11580521aa400c155b924432707abf72f279939ca1136d84800d445cf
+        -   Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 SHA256 Code Signing CA
+            ValidFrom: '2013-12-10 00:00:00'
+            ValidTo: '2023-12-09 23:59:59'
+            Signature: 13851a1e69a937f7a0bda4af7e1d6153fe9d8c5e0ca6751e781723ddfdec1a035539fb7195c7655aa78e30d2445a61db706fda2105c22e73ba49f1d193fe5dc9cd5e03e0899e3f741ed7f7388ba9d6cfbb352f3358a89256d1c84d3b82e6798416fc28b0b147f31da23eee87d9a67fa456a53fad842e29de7cbca8aaa33d0401eaba93a20e502229174c87e43a115fd6a425899b056b2fb4c9014c277b0bac190522a060153fdac9fb4d4c8ffb726777fd2794c7ba350e8849fe8dfd28af4a12bd0db39705de440c15fa362b03dcc15001f1a1115d14e5e2bd274b54be2b845e0fa6c374050aef97c38922b11f77f3bdcd43d4f14ca93fb58b84af64f2d01421
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 3d78d7f9764960b2617df4f01eca862a
+            Version: 3
+            TBS:
+                MD5: 1f056ff7d5f874984dc605402b7cb042
+                SHA1: bdb348353a2203deb4b767914fa1bd7248dd728b
+                SHA256: a08e79c386083d875014c409c13d144e0a24386132980df11ff59737c8489eb1
+                SHA384: fa2729064b49e0d77540c1ee95d5f74acaf8eaf55197851a3a40383335f8113e51190bc48b552196edf8ac5cf0c89278
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        Signer:
+        -   SerialNumber: 7e59408d3c99c511a853fb2f73c03dc4
+            Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 SHA256 Code Signing CA
+            Version: 1
+    Imphash: 45bfe170e0cd654bc1e2ae3fca3ac3f4
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/45f2c348-bf17-40ab-8306-ef14231cc996.yaml b/yaml/45f2c348-bf17-40ab-8306-ef14231cc996.yaml
index 3100b40d1..7f3299ad1 100644
--- a/yaml/45f2c348-bf17-40ab-8306-ef14231cc996.yaml
+++ b/yaml/45f2c348-bf17-40ab-8306-ef14231cc996.yaml
@@ -1,35 +1,35 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 45f2c348-bf17-40ab-8306-ef14231cc996
+Tags:
+- WinIO32B.sys
+Verified: 'FALSE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create WinIO32B.sys binPath=C:\windows\temp\WinIO32B.sys type=kernel
-    && sc.exe start WinIO32B.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection: []
-Id: 45f2c348-bf17-40ab-8306-ef14231cc996
-KnownVulnerableSamples:
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: WinIO32B.sys
-  MachineType: ''
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: f1c8c3926d0370459a1b7f0cf3d17b22ff9d0c7f
-  Signature: []
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create WinIO32B.sys binPath=C:\windows\temp\WinIO32B.sys type=kernel
+        && sc.exe start WinIO32B.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules
-Tags:
-- WinIO32B.sys
-Verified: 'FALSE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: WinIO32B.sys
+    MachineType: ''
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: f1c8c3926d0370459a1b7f0cf3d17b22ff9d0c7f
+    Signature: []
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/47724cc1-bf75-4ab7-a47a-355a9aa30de1.yaml b/yaml/47724cc1-bf75-4ab7-a47a-355a9aa30de1.yaml
index 407dbdba7..5ec19688a 100644
--- a/yaml/47724cc1-bf75-4ab7-a47a-355a9aa30de1.yaml
+++ b/yaml/47724cc1-bf75-4ab7-a47a-355a9aa30de1.yaml
@@ -1,191 +1,192 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 47724cc1-bf75-4ab7-a47a-355a9aa30de1
+Tags:
+- BSMIx64.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create BSMIx64.sys binPath=C:\windows\temp\BSMIx64.sys type=kernel
-    && sc.exe start BSMIx64.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/552f70374715e70c4ade591d65177be2539ec60f751223680dfaccb9e0be0ed9.yara
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: 47724cc1-bf75-4ab7-a47a-355a9aa30de1
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 72a5a1e2fc2713cfa0d159485ce1253c
-    SHA1: b978b3595a1a8cb5a345bce980178e8abf5e0bae
-    SHA256: 15bc804877a607ba0d017df9f6ac951ac7ffbcca8069c5ba28e0cf505f7553b8
-  Company: ''
-  Copyright: Copyright (C) BIOSTAR Corp. 2011
-  CreationTimestamp: '2012-04-14 00:29:52'
-  Date: ''
-  Description: SMI Driver
-  ExportedFunctions: ''
-  FileVersion: 1.0.0.3
-  Filename: BSMIx64.sys
-  ImportedFunctions:
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - MmUnmapIoSpace
-  - MmGetPhysicalAddress
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - RtlAssert
-  - DbgPrint
-  - KeBugCheckEx
-  Imports:
-  - ntoskrnl.exe
-  InternalName: BSMI.sys
-  MD5: 444f538daa9f7b340cfd43974ed43690
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: BSMI.sys
-  Product: ''
-  ProductVersion: 1.0.0.3
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: ba346012eed73e59e9d5db50e3a6eac5
-    SHA1: 28856bd6dd1232a0a5d0f33e19768d97d1a999fc
-    SHA256: 525abc79b724917b1c4172226e3367fa3442cbecb61a88a8ed0ba4183020850b
-  SHA1: c6bd965300f07012d1b651a9b8776028c45b149a
-  SHA256: 552f70374715e70c4ade591d65177be2539ec60f751223680dfaccb9e0be0ed9
-  Sections:
-    .text:
-      Entropy: 5.32567833332289
-      Virtual Size: '0x1ec'
-    .rdata:
-      Entropy: 4.128621475943943
-      Virtual Size: '0x134'
-    .data:
-      Entropy: 0.5159719988134768
-      Virtual Size: '0x110'
-    .pdata:
-      Entropy: 3.234301640934487
-      Virtual Size: '0x78'
-    PAGE:
-      Entropy: 5.7544301318546305
-      Virtual Size: '0xe27'
-    INIT:
-      Entropy: 5.464233242259506
-      Virtual Size: '0x44a'
-    .rsrc:
-      Entropy: 3.2120064124235372
-      Virtual Size: '0x378'
-  Signature:
-  - BIOSTAR MICROTECH INT'L CORP
-  - VeriSign Class 3 Code Signing 2009-2 CA
-  - VeriSign Class 3 Public Primary CA
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=TW, ST=TAIPEI HSIEN, L=HSIN TIEN, O=BIOSTAR MICROTECH INT'L CORP,
-        OU=Digital ID Class 3 , Microsoft Software Validation v2, OU=BMA;BMG, CN=BIOSTAR
-        MICROTECH INT'L CORP
-      ValidFrom: '2010-09-19 00:00:00'
-      ValidTo: '2013-10-19 23:59:59'
-      Signature: 06b346c5f71bba225d131ad7b037d6c016703a8f3d89746a2d49e5641a0ccd4034c78e4a5a756380d88cf8321b3c886cb5e2656c16c03cff1588b126a7d206fd98fd7e2d61cc80998dfb58d4652112aa258506f779543fcc0b72c06f2174f11bb01017a5c49ae4b31fd913cee75241022e7c5bd14ffff2dbe5f9c211b1a8b3bd9cc3cb5648712c5b57397f136c105148021299be4d99ba1c29d611adb10695d4565a697efe03e6c95d869883c63dffb2fac5f3db7612608f6ee7a59646031231292c7904d69bd997c266ad2f1bca7e35453a08e53d8d9e302b9bbeeca812c64f03bc641cdeb7c5ba70999724f7d92918f1f8a8657f95290cc16ee0e281a785e7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 124dc5a63cc2bd8265445e912ed07d1f
-      Version: 3
-      TBS:
-        MD5: beccd5c41126e0c537cf489954b53feb
-        SHA1: 109fbb823652c1148c4949cdc860abd5b4ad24e5
-        SHA256: aac7608d0bcb286dc9869eb39125b27a960d9533db860cc9e3148149ca149c4a
-        SHA384: 16a03de40518fd3ffcee724d218effca4edfd9abf66d374d45ef3310ccf7e5be707f27588306b4c1bf28172a7d281869
-    Signer:
-    - SerialNumber: 124dc5a63cc2bd8265445e912ed07d1f
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  Imphash: bc5c06a7fa9555f3f34043d828d9b123
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create BSMIx64.sys binPath=C:\windows\temp\BSMIx64.sys type=kernel
+        && sc.exe start BSMIx64.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://github.com/eclypsium/Screwed-Drivers/blob/master/DRIVERS.md
-Tags:
-- BSMIx64.sys
-Verified: 'TRUE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/552f70374715e70c4ade591d65177be2539ec60f751223680dfaccb9e0be0ed9.yara
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 72a5a1e2fc2713cfa0d159485ce1253c
+        SHA1: b978b3595a1a8cb5a345bce980178e8abf5e0bae
+        SHA256: 15bc804877a607ba0d017df9f6ac951ac7ffbcca8069c5ba28e0cf505f7553b8
+    Company: ''
+    Copyright: Copyright (C) BIOSTAR Corp. 2011
+    CreationTimestamp: '2012-04-14 00:29:52'
+    Date: ''
+    Description: SMI Driver
+    ExportedFunctions: ''
+    FileVersion: 1.0.0.3
+    Filename: BSMIx64.sys
+    ImportedFunctions:
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - MmUnmapIoSpace
+    - MmGetPhysicalAddress
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - RtlAssert
+    - DbgPrint
+    - KeBugCheckEx
+    Imports:
+    - ntoskrnl.exe
+    InternalName: BSMI.sys
+    MD5: 444f538daa9f7b340cfd43974ed43690
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: BSMI.sys
+    Product: ''
+    ProductVersion: 1.0.0.3
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: ba346012eed73e59e9d5db50e3a6eac5
+        SHA1: 28856bd6dd1232a0a5d0f33e19768d97d1a999fc
+        SHA256: 525abc79b724917b1c4172226e3367fa3442cbecb61a88a8ed0ba4183020850b
+    SHA1: c6bd965300f07012d1b651a9b8776028c45b149a
+    SHA256: 552f70374715e70c4ade591d65177be2539ec60f751223680dfaccb9e0be0ed9
+    Sections:
+        .text:
+            Entropy: 5.32567833332289
+            Virtual Size: '0x1ec'
+        .rdata:
+            Entropy: 4.128621475943943
+            Virtual Size: '0x134'
+        .data:
+            Entropy: 0.5159719988134768
+            Virtual Size: '0x110'
+        .pdata:
+            Entropy: 3.234301640934487
+            Virtual Size: '0x78'
+        PAGE:
+            Entropy: 5.7544301318546305
+            Virtual Size: '0xe27'
+        INIT:
+            Entropy: 5.464233242259506
+            Virtual Size: '0x44a'
+        .rsrc:
+            Entropy: 3.2120064124235372
+            Virtual Size: '0x378'
+    Signature:
+    - BIOSTAR MICROTECH INT'L CORP
+    - VeriSign Class 3 Code Signing 2009-2 CA
+    - VeriSign Class 3 Public Primary CA
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=TW, ST=TAIPEI HSIEN, L=HSIN TIEN, O=BIOSTAR MICROTECH INT'L
+                CORP, OU=Digital ID Class 3 , Microsoft Software Validation v2, OU=BMA;BMG,
+                CN=BIOSTAR MICROTECH INT'L CORP
+            ValidFrom: '2010-09-19 00:00:00'
+            ValidTo: '2013-10-19 23:59:59'
+            Signature: 06b346c5f71bba225d131ad7b037d6c016703a8f3d89746a2d49e5641a0ccd4034c78e4a5a756380d88cf8321b3c886cb5e2656c16c03cff1588b126a7d206fd98fd7e2d61cc80998dfb58d4652112aa258506f779543fcc0b72c06f2174f11bb01017a5c49ae4b31fd913cee75241022e7c5bd14ffff2dbe5f9c211b1a8b3bd9cc3cb5648712c5b57397f136c105148021299be4d99ba1c29d611adb10695d4565a697efe03e6c95d869883c63dffb2fac5f3db7612608f6ee7a59646031231292c7904d69bd997c266ad2f1bca7e35453a08e53d8d9e302b9bbeeca812c64f03bc641cdeb7c5ba70999724f7d92918f1f8a8657f95290cc16ee0e281a785e7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 124dc5a63cc2bd8265445e912ed07d1f
+            Version: 3
+            TBS:
+                MD5: beccd5c41126e0c537cf489954b53feb
+                SHA1: 109fbb823652c1148c4949cdc860abd5b4ad24e5
+                SHA256: aac7608d0bcb286dc9869eb39125b27a960d9533db860cc9e3148149ca149c4a
+                SHA384: 16a03de40518fd3ffcee724d218effca4edfd9abf66d374d45ef3310ccf7e5be707f27588306b4c1bf28172a7d281869
+        Signer:
+        -   SerialNumber: 124dc5a63cc2bd8265445e912ed07d1f
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    Imphash: bc5c06a7fa9555f3f34043d828d9b123
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/47a351ee-8abe-40d8-bc2b-557390fa0945.yaml b/yaml/47a351ee-8abe-40d8-bc2b-557390fa0945.yaml
index 722f17228..9d8b06056 100644
--- a/yaml/47a351ee-8abe-40d8-bc2b-557390fa0945.yaml
+++ b/yaml/47a351ee-8abe-40d8-bc2b-557390fa0945.yaml
@@ -1,304 +1,306 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 47a351ee-8abe-40d8-bc2b-557390fa0945
+Tags:
+- Lv561av.sys
+Verified: 'FALSE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create Lv561av.sys binPath=C:\windows\temp\Lv561av.sys type=kernel
-    && sc.exe start Lv561av.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/e86cb77de7b6a8025f9a546f6c45d135f471e664963cf70b381bee2dfd0fdef4.yara
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: 47a351ee-8abe-40d8-bc2b-557390fa0945
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 92a9fa0ebbb45b600397611e247710b1
-    SHA1: ed3e97c7290768216c5b3abbd4a29dde856eb3c7
-    SHA256: c54ffa9a32cd99972ca905dcf99e20f8429e3cfd45bc1ddf4f9af8b3ed688c88
-  Company: Logitech Inc.
-  Copyright: (c) 1996-2009 Logitech.  All rights reserved.
-  CreationTimestamp: '2009-04-30 16:43:07'
-  Date: ''
-  Description: Logitech Video Driver
-  ExportedFunctions: ''
-  FileVersion: 12.00.1278.0
-  Filename: Lv561av.sys
-  ImportedFunctions:
-  - KeWaitForSingleObject
-  - IoBuildSynchronousFsdRequest
-  - ZwWriteFile
-  - ExFreePool
-  - RtlQueryRegistryValues
-  - RtlInitAnsiString
-  - RtlCompareMemory
-  - ExAllocatePoolWithTag
-  - KeReleaseMutex
-  - ZwClose
-  - KeDelayExecutionThread
-  - DbgPrint
-  - RtlFreeUnicodeString
-  - ObfDereferenceObject
-  - ZwCreateFile
-  - KeSetPriorityThread
-  - ObReferenceObjectByHandle
-  - RtlInitUnicodeString
-  - PsCreateSystemThread
-  - KeSetEvent
-  - KeResetEvent
-  - RtlWriteRegistryValue
-  - KeInitializeMutex
-  - swprintf
-  - RtlAnsiStringToUnicodeString
-  - KeInitializeEvent
-  - sprintf
-  - PsTerminateSystemThread
-  - IoIsWdmVersionAvailable
-  - RtlUnicodeStringToInteger
-  - IoOpenDeviceRegistryKey
-  - ZwQueryValueKey
-  - ExDeleteNPagedLookasideList
-  - KeAcquireSpinLockRaiseToDpc
-  - vsprintf
-  - ExInitializeNPagedLookasideList
-  - ExpInterlockedPushEntrySList
-  - KeReleaseSpinLock
-  - ExpInterlockedPopEntrySList
-  - ExDeletePagedLookasideList
-  - DbgBreakPoint
-  - ExQueryDepthSList
-  - ExInitializePagedLookasideList
-  - ZwOpenKey
-  - ZwCreateKey
-  - ZwSetValueKey
-  - KeBugCheckEx
-  - ExAllocatePool
-  - IoAllocateWorkItem
-  - IoQueueWorkItem
-  - IoFreeWorkItem
-  - IoAllocateDriverObjectExtension
-  - IoGetDriverObjectExtension
-  - ExInterlockedInsertTailList
-  - ExInterlockedRemoveHeadList
-  - IoAllocateIrp
-  - IoReleaseRemoveLockEx
-  - IoInitializeRemoveLockEx
-  - KeInitializeTimerEx
-  - KeInitializeDpc
-  - KeCancelTimer
-  - IoAcquireRemoveLockEx
-  - IoReleaseRemoveLockAndWaitEx
-  - KeSetTimerEx
-  - IoFreeIrp
-  - IoReleaseCancelSpinLock
-  - IoAcquireCancelSpinLock
-  - IoGetAttachedDeviceReference
-  - KeInitializeSemaphore
-  - IoCancelIrp
-  - KeReleaseSemaphore
-  - KeSetTimer
-  - KeAcquireSpinLockAtDpcLevel
-  - KeReleaseSpinLockFromDpcLevel
-  - IofCompleteRequest
-  - IoInitializeIrp
-  - IofCallDriver
-  - ExInterlockedInsertHeadList
-  - _snwprintf
-  - IoCreateSynchronizationEvent
-  - ObReferenceObjectByPointer
-  - ExEventObjectType
-  - KeClearEvent
-  - RtlGUIDFromString
-  - IoBuildDeviceIoControlRequest
-  - IoGetDeviceInterfaces
-  - wcsrchr
-  - RtlCompareUnicodeString
-  - IoGetDeviceObjectPointer
-  - PoRequestPowerIrp
-  - KeWaitForMultipleObjects
-  - __C_specific_handler
-  - PsGetCurrentProcessId
-  - KeQueryPerformanceCounter
-  - USBD_ParseConfigurationDescriptorEx
-  - USBD_CreateConfigurationRequestEx
-  - KsGenerateEvents
-  - KsGetNextSibling
-  - KsGetFirstChild
-  - KsInitializeDriver
-  - KsGetDeviceForDeviceObject
-  - KsGetPinFromIrp
-  - KsGetObjectFromFileObject
-  - KsCreateFilterFactory
-  - KsRemoveItemFromObjectBag
-  - _KsEdit
-  - KsGetFilterFromIrp
-  - KsAddItemToObjectBag
-  - KsGetDevice
-  - KsStreamPointerSetStatusCode
-  - KsPinGetReferenceClockInterface
-  - KsPinAttemptProcessing
-  - KsPinGetLeadingEdgeStreamPointer
-  - KsStreamPointerGetIrp
-  - KsStreamPointerClone
-  - KsStreamPointerUnlock
-  - KsStreamPointerDelete
-  - KsStreamPointerAdvance
-  - KsDefaultAddEventHandler
-  Imports:
-  - NTOSKRNL.exe
-  - ntoskrnl.exe
-  - HAL.DLL
-  - USBD.SYS
-  - ks.sys
-  InternalName: Lv561av.sys
-  MD5: b47dee29b5e6e1939567a926c7a3e6a4
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: Lv561av.sys
-  Product: Logitech Webcam Software
-  ProductVersion: 12.00.1278.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 336f1265144cabe54117b2a5a2feaa61
-    SHA1: a7929a374484ec35507a4aed4fde1fe68da65590
-    SHA256: 3ae3d9dea9a6862c021e9cb564ce10ce270d868c008af55453bb6b23e1c065a7
-  SHA1: 351cbd352b3ec0d5f4f58c84af732a0bf41b4463
-  SHA256: e86cb77de7b6a8025f9a546f6c45d135f471e664963cf70b381bee2dfd0fdef4
-  Sections:
-    .text:
-      Entropy: 6.406233801541219
-      Virtual Size: '0x479e9'
-    .rdata:
-      Entropy: 4.196349686025448
-      Virtual Size: '0x45cc'
-    .data:
-      Entropy: 0.8628896749719599
-      Virtual Size: '0x31108'
-    .pdata:
-      Entropy: 5.66659760742878
-      Virtual Size: '0x2094'
-    PAGE:
-      Entropy: 5.987346466184306
-      Virtual Size: '0xc4ba'
-    INIT:
-      Entropy: 5.299569824747148
-      Virtual Size: '0x1092'
-    .rsrc:
-      Entropy: 3.4673390377653823
-      Virtual Size: '0x958'
-    .reloc:
-      Entropy: 4.0356682635201455
-      Virtual Size: '0xc94'
-  Signature:
-  - Logitech Inc
-  - VeriSign Class 3 Code Signing 2004 CA
-  - VeriSign Class 3 Public Primary CA
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=US, ST=California, L=Fremont, O=Logitech Inc, OU=Digital ID Class
-        3 , Microsoft Software Validation v2, OU=Corp Signing Cert, CN=Logitech Inc
-      ValidFrom: '2008-10-16 00:00:00'
-      ValidTo: '2009-10-18 23:59:59'
-      Signature: 7396fd0ff8c118ba1edfe61826659c9a4d1caba239a7bb9164af558e6fc65912775dd0bac6f416c6c96c9564305e96c1b145aa763efe80899d84da79088af91a2c4bcff47a7189b3cd60046333c40f990889440f834b085078dcb3c58ced4ef1bef5c2f7bbbfc8c77e6a96a28783a7fb009b0d7c20675834596910c97c14e27a0ff0b9af89cd6f2f8d7b450dbe59db6b5738bed3f2b6740cb0a8ee8afa3fadd4bf11f3553ea047d8d7d3188d63418ed6f0da617e7c4a4044e385e57fcf716eee853aa0a003356c64c93293ef5eb1f7133e8cd72146051f16e031f369e76a955316195d1c62540ec376bdfb60d68bf2718b33355d282c032bcd955b9f794141e5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0d843ade545afbd252e70cc6e845b7
-      Version: 3
-      TBS:
-        MD5: a8ed17ee17bb413e7f807a9a396f77c8
-        SHA1: b9f8c47034179c10cb6c090f205efe612695f77a
-        SHA256: 6c9d684c51cdda92c44c28668bf0d82181511895a145a6ee3aae508fcb5c2468
-        SHA384: 8483e156d2dbbdad165800aae5f99b889a6696622da563f13552e07ef94d879e6fc3804936fada57e755cb1be7924001
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 0d843ade545afbd252e70cc6e845b7
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  Imphash: e11e41c95c1872ac3ebbd7768b16cf9e
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create Lv561av.sys binPath=C:\windows\temp\Lv561av.sys type=kernel
+        && sc.exe start Lv561av.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules
-Tags:
-- Lv561av.sys
-Verified: 'FALSE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/e86cb77de7b6a8025f9a546f6c45d135f471e664963cf70b381bee2dfd0fdef4.yara
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 92a9fa0ebbb45b600397611e247710b1
+        SHA1: ed3e97c7290768216c5b3abbd4a29dde856eb3c7
+        SHA256: c54ffa9a32cd99972ca905dcf99e20f8429e3cfd45bc1ddf4f9af8b3ed688c88
+    Company: Logitech Inc.
+    Copyright: (c) 1996-2009 Logitech.  All rights reserved.
+    CreationTimestamp: '2009-04-30 16:43:07'
+    Date: ''
+    Description: Logitech Video Driver
+    ExportedFunctions: ''
+    FileVersion: 12.00.1278.0
+    Filename: Lv561av.sys
+    ImportedFunctions:
+    - KeWaitForSingleObject
+    - IoBuildSynchronousFsdRequest
+    - ZwWriteFile
+    - ExFreePool
+    - RtlQueryRegistryValues
+    - RtlInitAnsiString
+    - RtlCompareMemory
+    - ExAllocatePoolWithTag
+    - KeReleaseMutex
+    - ZwClose
+    - KeDelayExecutionThread
+    - DbgPrint
+    - RtlFreeUnicodeString
+    - ObfDereferenceObject
+    - ZwCreateFile
+    - KeSetPriorityThread
+    - ObReferenceObjectByHandle
+    - RtlInitUnicodeString
+    - PsCreateSystemThread
+    - KeSetEvent
+    - KeResetEvent
+    - RtlWriteRegistryValue
+    - KeInitializeMutex
+    - swprintf
+    - RtlAnsiStringToUnicodeString
+    - KeInitializeEvent
+    - sprintf
+    - PsTerminateSystemThread
+    - IoIsWdmVersionAvailable
+    - RtlUnicodeStringToInteger
+    - IoOpenDeviceRegistryKey
+    - ZwQueryValueKey
+    - ExDeleteNPagedLookasideList
+    - KeAcquireSpinLockRaiseToDpc
+    - vsprintf
+    - ExInitializeNPagedLookasideList
+    - ExpInterlockedPushEntrySList
+    - KeReleaseSpinLock
+    - ExpInterlockedPopEntrySList
+    - ExDeletePagedLookasideList
+    - DbgBreakPoint
+    - ExQueryDepthSList
+    - ExInitializePagedLookasideList
+    - ZwOpenKey
+    - ZwCreateKey
+    - ZwSetValueKey
+    - KeBugCheckEx
+    - ExAllocatePool
+    - IoAllocateWorkItem
+    - IoQueueWorkItem
+    - IoFreeWorkItem
+    - IoAllocateDriverObjectExtension
+    - IoGetDriverObjectExtension
+    - ExInterlockedInsertTailList
+    - ExInterlockedRemoveHeadList
+    - IoAllocateIrp
+    - IoReleaseRemoveLockEx
+    - IoInitializeRemoveLockEx
+    - KeInitializeTimerEx
+    - KeInitializeDpc
+    - KeCancelTimer
+    - IoAcquireRemoveLockEx
+    - IoReleaseRemoveLockAndWaitEx
+    - KeSetTimerEx
+    - IoFreeIrp
+    - IoReleaseCancelSpinLock
+    - IoAcquireCancelSpinLock
+    - IoGetAttachedDeviceReference
+    - KeInitializeSemaphore
+    - IoCancelIrp
+    - KeReleaseSemaphore
+    - KeSetTimer
+    - KeAcquireSpinLockAtDpcLevel
+    - KeReleaseSpinLockFromDpcLevel
+    - IofCompleteRequest
+    - IoInitializeIrp
+    - IofCallDriver
+    - ExInterlockedInsertHeadList
+    - _snwprintf
+    - IoCreateSynchronizationEvent
+    - ObReferenceObjectByPointer
+    - ExEventObjectType
+    - KeClearEvent
+    - RtlGUIDFromString
+    - IoBuildDeviceIoControlRequest
+    - IoGetDeviceInterfaces
+    - wcsrchr
+    - RtlCompareUnicodeString
+    - IoGetDeviceObjectPointer
+    - PoRequestPowerIrp
+    - KeWaitForMultipleObjects
+    - __C_specific_handler
+    - PsGetCurrentProcessId
+    - KeQueryPerformanceCounter
+    - USBD_ParseConfigurationDescriptorEx
+    - USBD_CreateConfigurationRequestEx
+    - KsGenerateEvents
+    - KsGetNextSibling
+    - KsGetFirstChild
+    - KsInitializeDriver
+    - KsGetDeviceForDeviceObject
+    - KsGetPinFromIrp
+    - KsGetObjectFromFileObject
+    - KsCreateFilterFactory
+    - KsRemoveItemFromObjectBag
+    - _KsEdit
+    - KsGetFilterFromIrp
+    - KsAddItemToObjectBag
+    - KsGetDevice
+    - KsStreamPointerSetStatusCode
+    - KsPinGetReferenceClockInterface
+    - KsPinAttemptProcessing
+    - KsPinGetLeadingEdgeStreamPointer
+    - KsStreamPointerGetIrp
+    - KsStreamPointerClone
+    - KsStreamPointerUnlock
+    - KsStreamPointerDelete
+    - KsStreamPointerAdvance
+    - KsDefaultAddEventHandler
+    Imports:
+    - NTOSKRNL.exe
+    - ntoskrnl.exe
+    - HAL.DLL
+    - USBD.SYS
+    - ks.sys
+    InternalName: Lv561av.sys
+    MD5: b47dee29b5e6e1939567a926c7a3e6a4
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: Lv561av.sys
+    Product: Logitech Webcam Software
+    ProductVersion: 12.00.1278.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 336f1265144cabe54117b2a5a2feaa61
+        SHA1: a7929a374484ec35507a4aed4fde1fe68da65590
+        SHA256: 3ae3d9dea9a6862c021e9cb564ce10ce270d868c008af55453bb6b23e1c065a7
+    SHA1: 351cbd352b3ec0d5f4f58c84af732a0bf41b4463
+    SHA256: e86cb77de7b6a8025f9a546f6c45d135f471e664963cf70b381bee2dfd0fdef4
+    Sections:
+        .text:
+            Entropy: 6.406233801541219
+            Virtual Size: '0x479e9'
+        .rdata:
+            Entropy: 4.196349686025448
+            Virtual Size: '0x45cc'
+        .data:
+            Entropy: 0.8628896749719599
+            Virtual Size: '0x31108'
+        .pdata:
+            Entropy: 5.66659760742878
+            Virtual Size: '0x2094'
+        PAGE:
+            Entropy: 5.987346466184306
+            Virtual Size: '0xc4ba'
+        INIT:
+            Entropy: 5.299569824747148
+            Virtual Size: '0x1092'
+        .rsrc:
+            Entropy: 3.4673390377653823
+            Virtual Size: '0x958'
+        .reloc:
+            Entropy: 4.0356682635201455
+            Virtual Size: '0xc94'
+    Signature:
+    - Logitech Inc
+    - VeriSign Class 3 Code Signing 2004 CA
+    - VeriSign Class 3 Public Primary CA
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=US, ST=California, L=Fremont, O=Logitech Inc, OU=Digital ID
+                Class 3 , Microsoft Software Validation v2, OU=Corp Signing Cert,
+                CN=Logitech Inc
+            ValidFrom: '2008-10-16 00:00:00'
+            ValidTo: '2009-10-18 23:59:59'
+            Signature: 7396fd0ff8c118ba1edfe61826659c9a4d1caba239a7bb9164af558e6fc65912775dd0bac6f416c6c96c9564305e96c1b145aa763efe80899d84da79088af91a2c4bcff47a7189b3cd60046333c40f990889440f834b085078dcb3c58ced4ef1bef5c2f7bbbfc8c77e6a96a28783a7fb009b0d7c20675834596910c97c14e27a0ff0b9af89cd6f2f8d7b450dbe59db6b5738bed3f2b6740cb0a8ee8afa3fadd4bf11f3553ea047d8d7d3188d63418ed6f0da617e7c4a4044e385e57fcf716eee853aa0a003356c64c93293ef5eb1f7133e8cd72146051f16e031f369e76a955316195d1c62540ec376bdfb60d68bf2718b33355d282c032bcd955b9f794141e5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0d843ade545afbd252e70cc6e845b7
+            Version: 3
+            TBS:
+                MD5: a8ed17ee17bb413e7f807a9a396f77c8
+                SHA1: b9f8c47034179c10cb6c090f205efe612695f77a
+                SHA256: 6c9d684c51cdda92c44c28668bf0d82181511895a145a6ee3aae508fcb5c2468
+                SHA384: 8483e156d2dbbdad165800aae5f99b889a6696622da563f13552e07ef94d879e6fc3804936fada57e755cb1be7924001
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 0d843ade545afbd252e70cc6e845b7
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    Imphash: e11e41c95c1872ac3ebbd7768b16cf9e
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/47fe1aaf-02cd-4a41-8bf5-0047015a2a6e.yaml b/yaml/47fe1aaf-02cd-4a41-8bf5-0047015a2a6e.yaml
index 08feeba23..184d66986 100644
--- a/yaml/47fe1aaf-02cd-4a41-8bf5-0047015a2a6e.yaml
+++ b/yaml/47fe1aaf-02cd-4a41-8bf5-0047015a2a6e.yaml
@@ -1,215 +1,216 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 47fe1aaf-02cd-4a41-8bf5-0047015a2a6e
+Tags:
+- phymem64.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create phymem64.sys binPath=C:\windows\temp\phymem64.sys type=kernel
-    && sc.exe start phymem64.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/1963d5a0e512b72353953aadbe694f73a9a576f0241a988378fa40bf574eda52.yara
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: 47fe1aaf-02cd-4a41-8bf5-0047015a2a6e
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: aa43aa9f88e2fed984077a8852d85a4f
-    SHA1: 52a8cd44646973b59c244b5f7b04b33a412634a2
-    SHA256: 6ed3379d7ac1ad8bcfd13cd2502420569088ee7f1e04522ada48481d9a545a08
-  Company: Super Micro Computer, Inc.
-  Copyright: Copyright(c) 1993-2015 Super Micro Computer, Inc.
-  CreationTimestamp: '2015-04-09 00:40:09'
-  Date: ''
-  Description: phymem Application
-  ExportedFunctions: ''
-  FileVersion: 1, 0, 0, 0
-  Filename: phymem64.sys
-  ImportedFunctions:
-  - KeWaitForSingleObject
-  - IofCallDriver
-  - IoBuildSynchronousFsdRequest
-  - KeInitializeEvent
-  - IoDeleteDevice
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - RtlInitUnicodeString
-  - ExAllocatePool
-  - IofCompleteRequest
-  - ExFreePoolWithTag
-  - IoFreeMdl
-  - MmUnmapLockedPages
-  - MmUnmapIoSpace
-  - ExReleaseFastMutex
-  - ExAcquireFastMutex
-  - MmMapLockedPages
-  - MmBuildMdlForNonPagedPool
-  - IoAllocateMdl
-  - MmMapIoSpace
-  - IoDeleteSymbolicLink
-  - MmMapLockedPagesSpecifyCache
-  - IoGetDeviceObjectPointer
-  Imports:
-  - NTOSKRNL.exe
-  InternalName: phymem
-  MD5: 2c54859a67306e20bfdc8887b537de72
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: phymem.sys
-  Product: phymem
-  ProductVersion: 1, 0, 0, 0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: bd33f84d81742c17cfc029ea6abe4802
-    SHA1: 633f4488d46ab5179e9077c28f5f311b3710a84f
-    SHA256: c5e9cb841597fe8ccfab8e3e9ec59a3ab7df0c4cc78e5f890ceca5cdfbf823d9
-  SHA1: d7f7594ff084201c0d9fa2f4ef1626635b67bce5
-  SHA256: 1963d5a0e512b72353953aadbe694f73a9a576f0241a988378fa40bf574eda52
-  Sections:
-    .text:
-      Entropy: 5.325588962543002
-      Virtual Size: '0x1304'
-    .rdata:
-      Entropy: 2.9789372580558635
-      Virtual Size: '0x124'
-    .data:
-      Entropy: 4.0189779389354525
-      Virtual Size: '0x378'
-    .pdata:
-      Entropy: 3.4505600621755907
-      Virtual Size: '0x9c'
-    INIT:
-      Entropy: 4.476869723241912
-      Virtual Size: '0x2e6'
-    .rsrc:
-      Entropy: 3.2030597101899123
-      Virtual Size: '0x3b8'
-  Signature:
-  - Super Micro Computer, Inc.
-  - VeriSign Class 3 Code Signing 2010 CA
-  - VeriSign
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=US, ST=California, L=San Jose, O=Super Micro Computer, Inc., OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=Software, CN=Super Micro
-        Computer, Inc.
-      ValidFrom: '2012-09-14 00:00:00'
-      ValidTo: '2015-11-13 23:59:59'
-      Signature: 47334026faeeba8c5d59d4971b4bfccff0fdf0a606adfb714c7ece1a3ddc350f198097d2ba6079ca9eabe64f03f7375b78366baa8ac1e9295c31d03b9fca004b8fb5f70d9c98b7905f4b151edc16ca82731498451fcc28f31665c1850d887f0ece1ef0fad9ffd0dd7b1515fa1e121e2575e6a31f25010f0306df2b81ddf291c9f17b3d582c0af97d219c007ec03b1a38a8794ab447b5cdb8637a8f6704124f9776eda3af121ab980a2525f0f09accea3213c6fa4d606d7e48580db97aee01a048ad3420d205b99b0023b59a4f8df1b3013e4e8bc496b73cd950e297202bd09a6c77011deecb43cbffb7038344e025dad84099324518c5a2deb3c6728b4346603
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3676642ba91b1d0bdf1d3ad0a6efaf4b
-      Version: 3
-      TBS:
-        MD5: bfcec1bbe031a317daa44e460285dd9a
-        SHA1: d13da09d7cbd0317a33467adf2b9f7a409b2f625
-        SHA256: e516875ff4800faea06f2ffa8041eb78e5842ebd01a390a7a2093b6bd02c8db8
-        SHA384: cbe90df0e08462d6b1b7d4b8ac012c0f70c6cbef2b538ede17dd32e0b0f615a604f43c1934fdc21200e63b19076dae8c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 3676642ba91b1d0bdf1d3ad0a6efaf4b
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 69260cce3156aa2dc0540fb78f5fe826
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create phymem64.sys binPath=C:\windows\temp\phymem64.sys type=kernel
+        && sc.exe start phymem64.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://github.com/eclypsium/Screwed-Drivers/blob/master/DRIVERS.md
-Tags:
-- phymem64.sys
-Verified: 'TRUE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/1963d5a0e512b72353953aadbe694f73a9a576f0241a988378fa40bf574eda52.yara
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: aa43aa9f88e2fed984077a8852d85a4f
+        SHA1: 52a8cd44646973b59c244b5f7b04b33a412634a2
+        SHA256: 6ed3379d7ac1ad8bcfd13cd2502420569088ee7f1e04522ada48481d9a545a08
+    Company: Super Micro Computer, Inc.
+    Copyright: Copyright(c) 1993-2015 Super Micro Computer, Inc.
+    CreationTimestamp: '2015-04-09 00:40:09'
+    Date: ''
+    Description: phymem Application
+    ExportedFunctions: ''
+    FileVersion: 1, 0, 0, 0
+    Filename: phymem64.sys
+    ImportedFunctions:
+    - KeWaitForSingleObject
+    - IofCallDriver
+    - IoBuildSynchronousFsdRequest
+    - KeInitializeEvent
+    - IoDeleteDevice
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - RtlInitUnicodeString
+    - ExAllocatePool
+    - IofCompleteRequest
+    - ExFreePoolWithTag
+    - IoFreeMdl
+    - MmUnmapLockedPages
+    - MmUnmapIoSpace
+    - ExReleaseFastMutex
+    - ExAcquireFastMutex
+    - MmMapLockedPages
+    - MmBuildMdlForNonPagedPool
+    - IoAllocateMdl
+    - MmMapIoSpace
+    - IoDeleteSymbolicLink
+    - MmMapLockedPagesSpecifyCache
+    - IoGetDeviceObjectPointer
+    Imports:
+    - NTOSKRNL.exe
+    InternalName: phymem
+    MD5: 2c54859a67306e20bfdc8887b537de72
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: phymem.sys
+    Product: phymem
+    ProductVersion: 1, 0, 0, 0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: bd33f84d81742c17cfc029ea6abe4802
+        SHA1: 633f4488d46ab5179e9077c28f5f311b3710a84f
+        SHA256: c5e9cb841597fe8ccfab8e3e9ec59a3ab7df0c4cc78e5f890ceca5cdfbf823d9
+    SHA1: d7f7594ff084201c0d9fa2f4ef1626635b67bce5
+    SHA256: 1963d5a0e512b72353953aadbe694f73a9a576f0241a988378fa40bf574eda52
+    Sections:
+        .text:
+            Entropy: 5.325588962543002
+            Virtual Size: '0x1304'
+        .rdata:
+            Entropy: 2.9789372580558635
+            Virtual Size: '0x124'
+        .data:
+            Entropy: 4.0189779389354525
+            Virtual Size: '0x378'
+        .pdata:
+            Entropy: 3.4505600621755907
+            Virtual Size: '0x9c'
+        INIT:
+            Entropy: 4.476869723241912
+            Virtual Size: '0x2e6'
+        .rsrc:
+            Entropy: 3.2030597101899123
+            Virtual Size: '0x3b8'
+    Signature:
+    - Super Micro Computer, Inc.
+    - VeriSign Class 3 Code Signing 2010 CA
+    - VeriSign
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=US, ST=California, L=San Jose, O=Super Micro Computer, Inc.,
+                OU=Digital ID Class 3 , Microsoft Software Validation v2, OU=Software,
+                CN=Super Micro Computer, Inc.
+            ValidFrom: '2012-09-14 00:00:00'
+            ValidTo: '2015-11-13 23:59:59'
+            Signature: 47334026faeeba8c5d59d4971b4bfccff0fdf0a606adfb714c7ece1a3ddc350f198097d2ba6079ca9eabe64f03f7375b78366baa8ac1e9295c31d03b9fca004b8fb5f70d9c98b7905f4b151edc16ca82731498451fcc28f31665c1850d887f0ece1ef0fad9ffd0dd7b1515fa1e121e2575e6a31f25010f0306df2b81ddf291c9f17b3d582c0af97d219c007ec03b1a38a8794ab447b5cdb8637a8f6704124f9776eda3af121ab980a2525f0f09accea3213c6fa4d606d7e48580db97aee01a048ad3420d205b99b0023b59a4f8df1b3013e4e8bc496b73cd950e297202bd09a6c77011deecb43cbffb7038344e025dad84099324518c5a2deb3c6728b4346603
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3676642ba91b1d0bdf1d3ad0a6efaf4b
+            Version: 3
+            TBS:
+                MD5: bfcec1bbe031a317daa44e460285dd9a
+                SHA1: d13da09d7cbd0317a33467adf2b9f7a409b2f625
+                SHA256: e516875ff4800faea06f2ffa8041eb78e5842ebd01a390a7a2093b6bd02c8db8
+                SHA384: cbe90df0e08462d6b1b7d4b8ac012c0f70c6cbef2b538ede17dd32e0b0f615a604f43c1934fdc21200e63b19076dae8c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 3676642ba91b1d0bdf1d3ad0a6efaf4b
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 69260cce3156aa2dc0540fb78f5fe826
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/48bc2815-85ec-4436-a51a-69810c8cb171.yaml b/yaml/48bc2815-85ec-4436-a51a-69810c8cb171.yaml
index d0e9e9039..64b2409aa 100644
--- a/yaml/48bc2815-85ec-4436-a51a-69810c8cb171.yaml
+++ b/yaml/48bc2815-85ec-4436-a51a-69810c8cb171.yaml
@@ -1,220 +1,221 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 48bc2815-85ec-4436-a51a-69810c8cb171
+Tags:
+- driver7-x64.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create driver7-x64.sys binPath=C:\windows\temp\driver7-x64.sys     type=kernel
-    && sc.exe start driver7-x64.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/771a8d05f1af6214e0ef0886662be500ee910ab99f0154227067fddcfe08a3dd.yara
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: 48bc2815-85ec-4436-a51a-69810c8cb171
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 7f66b6e24dc4f3af2f19ad9a95b1e9fa
-    SHA1: 5ad545cf58d644be2fc3382881cc07f0f7edfeba
-    SHA256: d8f7ddf5de213c6dc0356dc83b6307ec596e66c33c3cdd826a612c12004ba9dc
-  Company: ASUStek
-  Copyright: 'Copyright '
-  CreationTimestamp: '2013-03-21 06:35:22'
-  Date: ''
-  Description: The driver for the ECtool driver-based tools
-  ExportedFunctions: ''
-  FileVersion: 2.5.0.2
-  Filename: driver7-x64.sys
-  ImportedFunctions:
-  - ExFreePoolWithTag
-  - IoWMIQueryAllData
-  - ZwMapViewOfSection
-  - RtlInitUnicodeString
-  - IoWMIOpenBlock
-  - MmGetPhysicalAddress
-  - ZwUnmapViewOfSection
-  - ZwClose
-  - ExAllocatePoolWithTag
-  - ObReferenceObjectByHandle
-  - ObfDereferenceObject
-  - RtlAssert
-  - ZwOpenSection
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeBugCheckEx
-  - IofCompleteRequest
-  - DbgPrint
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: Driver7.sys
-  MD5: 715f8efab1d1c660e4188055c4b28eed
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: Driver7
-  Product: EC tool
-  ProductVersion: '2.5'
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: cd540262bf32de6edd34033d2794c610
-    SHA1: eaec0359adc8606f226ef25987d09d783d98802a
-    SHA256: bcd3b3292603ed8b593b04deb709e39e7b3ef2f23e07f4070974c16a1a6d9296
-  SHA1: 7ba19a701c8af76988006d616a5f77484c13cb0a
-  SHA256: 771a8d05f1af6214e0ef0886662be500ee910ab99f0154227067fddcfe08a3dd
-  Sections:
-    .text:
-      Entropy: 5.947256508815433
-      Virtual Size: '0x6164'
-    .rdata:
-      Entropy: 4.073319915914076
-      Virtual Size: '0x2ac'
-    .data:
-      Entropy: 0.7372300478383668
-      Virtual Size: '0x140'
-    .pdata:
-      Entropy: 3.9271161623951887
-      Virtual Size: '0x2dc'
-    PAGE:
-      Entropy: 5.2358128569293685
-      Virtual Size: '0xeb'
-    INIT:
-      Entropy: 5.5811905586882675
-      Virtual Size: '0x5d8'
-    .rsrc:
-      Entropy: 3.2536897266769826
-      Virtual Size: '0x398'
-    .reloc:
-      Entropy: 1.3741854163060885
-      Virtual Size: '0x18'
-  Signature:
-  - ASUSTeK Computer Inc.
-  - VeriSign Class 3 Code Signing 2010 CA
-  - VeriSign
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=TW, ST=Taiwan, L=Taipei / Peitou, O=ASUSTeK Computer Inc., OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=Quality Testing Department,
-        CN=ASUSTeK Computer Inc.
-      ValidFrom: '2012-07-31 00:00:00'
-      ValidTo: '2015-08-03 23:59:59'
-      Signature: 03cd161c1960e13d0b06441f08fdfc9df8319f8d87a83ecc865bc20767841d4087e40dc9d770bdc5c0fe6ccb9cf3e08bee7364451b03fb3130356761cae54417e8a282ed7cd33b0becd72e8799b616a2766976a7172a1cc299e8321ebeb479f592e03f425da4b2ea6a0cd0b5cc32b9bdeec80aa3ef0a62d6e16b72765301d53ef883ab9210a4b868ff2e2724e37804feb5277d3e26da8ba9d0b6ef61769d1c0f62a78757779d7134a63320b1a692584f12162d3fa20ec6e1b038b1a8d7afc2fad7b692759c6a000159714271f40d608fed3c08213b757fa75baf4674380f5aea46b7125f17532c636876c1f3e0d4b0350822f2a640001fda794b969e2cc681c2
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 7d08d9bc130726de26ee4ef28e133084
-      Version: 3
-      TBS:
-        MD5: 72cafb0a175f0481177fa2c9803283c7
-        SHA1: b603167b958c5fcd7094552891ddc4e2ea4c149f
-        SHA256: a36a0024075771a4b30eab8f1288817059fe1a01003d0c1d92f647df17f3b688
-        SHA384: 33c28dc6857ce5d20a2e9ba8a47f6bc80a9a98fba518fd732963bedbbb408848b89b3d8438d413f8b933ee761ffa1653
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 7d08d9bc130726de26ee4ef28e133084
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 1bef18e9dda6f1e7bbf7eb76e9ccf16b
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create driver7-x64.sys binPath=C:\windows\temp\driver7-x64.sys     type=kernel
+        && sc.exe start driver7-x64.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://github.com/Chigusa0w0/AsusDriversPrivEscala
-Tags:
-- driver7-x64.sys
-Verified: 'TRUE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/771a8d05f1af6214e0ef0886662be500ee910ab99f0154227067fddcfe08a3dd.yara
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 7f66b6e24dc4f3af2f19ad9a95b1e9fa
+        SHA1: 5ad545cf58d644be2fc3382881cc07f0f7edfeba
+        SHA256: d8f7ddf5de213c6dc0356dc83b6307ec596e66c33c3cdd826a612c12004ba9dc
+    Company: ASUStek
+    Copyright: 'Copyright '
+    CreationTimestamp: '2013-03-21 06:35:22'
+    Date: ''
+    Description: The driver for the ECtool driver-based tools
+    ExportedFunctions: ''
+    FileVersion: 2.5.0.2
+    Filename: driver7-x64.sys
+    ImportedFunctions:
+    - ExFreePoolWithTag
+    - IoWMIQueryAllData
+    - ZwMapViewOfSection
+    - RtlInitUnicodeString
+    - IoWMIOpenBlock
+    - MmGetPhysicalAddress
+    - ZwUnmapViewOfSection
+    - ZwClose
+    - ExAllocatePoolWithTag
+    - ObReferenceObjectByHandle
+    - ObfDereferenceObject
+    - RtlAssert
+    - ZwOpenSection
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeBugCheckEx
+    - IofCompleteRequest
+    - DbgPrint
+    - HalTranslateBusAddress
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: Driver7.sys
+    MD5: 715f8efab1d1c660e4188055c4b28eed
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: Driver7
+    Product: EC tool
+    ProductVersion: '2.5'
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: cd540262bf32de6edd34033d2794c610
+        SHA1: eaec0359adc8606f226ef25987d09d783d98802a
+        SHA256: bcd3b3292603ed8b593b04deb709e39e7b3ef2f23e07f4070974c16a1a6d9296
+    SHA1: 7ba19a701c8af76988006d616a5f77484c13cb0a
+    SHA256: 771a8d05f1af6214e0ef0886662be500ee910ab99f0154227067fddcfe08a3dd
+    Sections:
+        .text:
+            Entropy: 5.947256508815433
+            Virtual Size: '0x6164'
+        .rdata:
+            Entropy: 4.073319915914076
+            Virtual Size: '0x2ac'
+        .data:
+            Entropy: 0.7372300478383668
+            Virtual Size: '0x140'
+        .pdata:
+            Entropy: 3.9271161623951887
+            Virtual Size: '0x2dc'
+        PAGE:
+            Entropy: 5.2358128569293685
+            Virtual Size: '0xeb'
+        INIT:
+            Entropy: 5.5811905586882675
+            Virtual Size: '0x5d8'
+        .rsrc:
+            Entropy: 3.2536897266769826
+            Virtual Size: '0x398'
+        .reloc:
+            Entropy: 1.3741854163060885
+            Virtual Size: '0x18'
+    Signature:
+    - ASUSTeK Computer Inc.
+    - VeriSign Class 3 Code Signing 2010 CA
+    - VeriSign
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=TW, ST=Taiwan, L=Taipei / Peitou, O=ASUSTeK Computer Inc.,
+                OU=Digital ID Class 3 , Microsoft Software Validation v2, OU=Quality
+                Testing Department, CN=ASUSTeK Computer Inc.
+            ValidFrom: '2012-07-31 00:00:00'
+            ValidTo: '2015-08-03 23:59:59'
+            Signature: 03cd161c1960e13d0b06441f08fdfc9df8319f8d87a83ecc865bc20767841d4087e40dc9d770bdc5c0fe6ccb9cf3e08bee7364451b03fb3130356761cae54417e8a282ed7cd33b0becd72e8799b616a2766976a7172a1cc299e8321ebeb479f592e03f425da4b2ea6a0cd0b5cc32b9bdeec80aa3ef0a62d6e16b72765301d53ef883ab9210a4b868ff2e2724e37804feb5277d3e26da8ba9d0b6ef61769d1c0f62a78757779d7134a63320b1a692584f12162d3fa20ec6e1b038b1a8d7afc2fad7b692759c6a000159714271f40d608fed3c08213b757fa75baf4674380f5aea46b7125f17532c636876c1f3e0d4b0350822f2a640001fda794b969e2cc681c2
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 7d08d9bc130726de26ee4ef28e133084
+            Version: 3
+            TBS:
+                MD5: 72cafb0a175f0481177fa2c9803283c7
+                SHA1: b603167b958c5fcd7094552891ddc4e2ea4c149f
+                SHA256: a36a0024075771a4b30eab8f1288817059fe1a01003d0c1d92f647df17f3b688
+                SHA384: 33c28dc6857ce5d20a2e9ba8a47f6bc80a9a98fba518fd732963bedbbb408848b89b3d8438d413f8b933ee761ffa1653
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 7d08d9bc130726de26ee4ef28e133084
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 1bef18e9dda6f1e7bbf7eb76e9ccf16b
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/4a80da66-f8f1-4af9-ba56-696cfe6c1e10.yaml b/yaml/4a80da66-f8f1-4af9-ba56-696cfe6c1e10.yaml
index ed1b60060..9406ae6f5 100644
--- a/yaml/4a80da66-f8f1-4af9-ba56-696cfe6c1e10.yaml
+++ b/yaml/4a80da66-f8f1-4af9-ba56-696cfe6c1e10.yaml
@@ -1,538 +1,541 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 4a80da66-f8f1-4af9-ba56-696cfe6c1e10
+Tags:
+- BS_Def64.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create BS_Def64.sys binPath=C:\windows\temp\BS_Def64.sys type=kernel
-    && sc.exe start BS_Def64.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/0040153302b88bee27eb4f1eca6855039e1a057370f5e8c615724fa5215bada3.yara
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/3326e2d32bbabd69feb6024809afc56c7e39241ebe70a53728c77e80995422a5.yara
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/36b9e31240ab0341873c7092b63e2e0f2cab2962ebf9b25271c3a1216b7669eb.yara
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: 4a80da66-f8f1-4af9-ba56-696cfe6c1e10
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 5c40712c0a854396aa9e8776763f3340
-    SHA1: 45cae96b31928bc5f93381edf6b978534fa24f59
-    SHA256: 57e9de67e908186b3cb8180caa2e5c5d7b6bb31969557b8bd5710d79089e8868
-  Company: AsusTek Computer Inc.
-  Copyright: Copyright (C) AsusTek Computer. 1992-2004
-  CreationTimestamp: '2006-12-14 02:38:08'
-  Date: ''
-  Description: Default BIOS Flash Driver
-  ExportedFunctions: ''
-  FileVersion: '1.24 built by: WinDDK'
-  Filename: BS_Def64.sys
-  ImportedFunctions:
-  - MmBuildMdlForNonPagedPool
-  - IoAllocateMdl
-  - MmGetPhysicalAddress
-  - MmAllocateContiguousMemory
-  - IoFreeMdl
-  - MmUnmapLockedPages
-  - KeDelayExecutionThread
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - RtlZeroMemory
-  - IoDeleteDevice
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - MmMapLockedPages
-  - IofCompleteRequest
-  - IoDeleteSymbolicLink
-  - ZwClose
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - ZwUnmapViewOfSection
-  - strncpy
-  - KeLeaveCriticalRegion
-  - KeEnterCriticalRegion
-  - IoIs32bitProcess
-  - strstr
-  - strncmp
-  - RtlInitUnicodeString
-  - MmFreeContiguousMemory
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: Bs_Def64.sys
-  MD5: 8abbb12e61045984eda19e2dc77b235e
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: Bs_Def64.sys
-  Product: Support SST39SF020,SST29EE020,AT49F002T,AT29C020,AM29F002NT,AM29F002NB,V29C51002T,V29C51002B,M29F002T,W29C020.
-  ProductVersion: '1.24'
-  Publisher: ASUSTeK Computer Inc.
-  RichPEHeaderHash:
-    MD5: 49cdcf5bdeaf4121ff6ecd8dccb8b789
-    SHA1: f1fa90c720b8d8b7cd99e2dfa288e88392ca272c
-    SHA256: ceb963e8f51a056b613f64e24c85656444bde328d4ba3c8b9ca88f600b1deee9
-  SHA1: 609fa1efcf61e26d64a5ceb13b044175ab2b3a13
-  SHA256: 0040153302b88bee27eb4f1eca6855039e1a057370f5e8c615724fa5215bada3
-  Sections:
-    .text:
-      Entropy: 6.265166959341222
-      Virtual Size: '0x1dbc'
-    .rdata:
-      Entropy: 4.1389620692091595
-      Virtual Size: '0x2a0'
-    .data:
-      Entropy: 0.020393135236084953
-      Virtual Size: '0x44a0'
-    .pdata:
-      Entropy: 3.816244409052824
-      Virtual Size: '0x12c'
-    INIT:
-      Entropy: 4.728578347024585
-      Virtual Size: '0x3b6'
-    .rsrc:
-      Entropy: 3.495555403797425
-      Virtual Size: '0x458'
-  Signature:
-  - ASUSTeK Computer Inc.
-  - VeriSign Class 3 Code Signing 2004 CA
-  - VeriSign Class 3 Public Primary CA
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2008-12-03 23:59:59'
-      Signature: 877870da4e5201205be079c98230c4fdb91996bd9100c3bdcdcdc6f40ed8fff94dc033623011c5f5741bd492de5f9c2013b17c45be50cd83e7801783a72793671346fbcab8984103cc9b515b058b7fa86ff31b501b242ef2698d6c22f7bbca1695ed0c74c06877d9eb996287c17390f889747a23aba3987b97b1f78f29714d2e751b4841daf0b50d2054d677a097826369fd09cf8af075bb099bd9f91155269a6132be7a02b07b86bea2c38b222c78d13576bc92735cf9b9e64c150a23cce4d2d4342e4940153c0f607a24c6a566ef96cf70eb3ee7f40d7edcd17ca3767169c19c4f47303521b1a2af1a623c2bd98eaa2a077bd818b35c7be29da56ffe3c89ad
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0de92bf0d4d82988183205095e9a7688
-      Version: 3
-      TBS:
-        MD5: 45c204b8a20f6abb0188d2d38a3fb0c9
-        SHA1: cdf3a3c5c2eda4c29621f30fd3154f9f8c765739
-        SHA256: e32839dddc0f4ed2474efaf37f59d46db400c700fd19533cb0895a111124bc77
-        SHA384: ee9c75832cb252218b3201619852209df490d2ef7a5f7a28afdb37f1c1dd56f4604898838e558f615b1c798d4a488223
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=TW, ST=Taiwan, L=Taipei / Peitou, O=ASUSTeK Computer Inc., OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=Quality Testing Department,
-        CN=ASUSTeK Computer Inc.
-      ValidFrom: '2006-06-27 00:00:00'
-      ValidTo: '2007-07-16 23:59:59'
-      Signature: 3e9083070ad85eabc973807c097269557b889eba86f794582fdc292452dcb7f8bcc45cd4743a1f6fb1b4a2186c7be5c62cea2cfa8d7a8cf6b343ddd3da952369aeea7cdbb7fb2d0c172e9bd3f834d838e598760aa04f073962665cce0382d2f549978ec5b9b3d039eddfb4c4b3403f5a7ba908e6523bd44e39705deee334eb3d4dba63ac71da30b5a6a3c9bde15f52b39732144d7e59acae08622c5f78f0097899265af6be9d1f1b868e500fca79fe967ddd6d777597d52c201210d4903c6929e59ca804518364ab1f75925a99b70591290cab0f4c079392a985797cc99b1fc87cf7237ec4ce715abd07f108e320e42c327d305be93dde94161251414fc46516
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 284649f592786c4851c1138e364185ae
-      Version: 3
-      TBS:
-        MD5: 2fc1a78b4874ed1ac403284a5d4084fb
-        SHA1: 9ae9b025b3a9ebfacdf55104f3fc1c143457a296
-        SHA256: 9ffd439139209f1a084cb30cd791558dc266265405f7c5c7444c5a941ff0c004
-        SHA384: 656817a3d8aa52cdc8fbff1dcb0ef1f07ea93f0c6b82067d7c6c5f68a125dc3b50f88974a66d59ecc5b996ca5e55eaa1
-    Signer:
-    - SerialNumber: 284649f592786c4851c1138e364185ae
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  Imphash: 3aa0ceb8fcd07cf2514d1cb0b9bccf4b
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 7aa4c54af2ef8f71eb5c7976ab741fa3
-    SHA1: c95b6a13289b6538c7f4b68f791758bda1036cbe
-    SHA256: 3171d7af852e8b6be4651c415ea9490568475c45ecaa02a33dda9babb1643b07
-  Company: AsusTek Computer Inc.
-  Copyright: Copyright (C) AsusTek Computer. 1992-2004
-  CreationTimestamp: '2007-03-02 00:09:55'
-  Date: ''
-  Description: Default BIOS Flash Driver
-  ExportedFunctions: ''
-  FileVersion: '1.24 built by: WinDDK'
-  Filename: BS_Def64.sys
-  ImportedFunctions:
-  - MmBuildMdlForNonPagedPool
-  - IoAllocateMdl
-  - MmGetPhysicalAddress
-  - MmAllocateContiguousMemory
-  - IoFreeMdl
-  - MmUnmapLockedPages
-  - KeDelayExecutionThread
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - RtlZeroMemory
-  - IoDeleteDevice
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - MmMapLockedPages
-  - IofCompleteRequest
-  - IoDeleteSymbolicLink
-  - ZwClose
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - ZwUnmapViewOfSection
-  - strncpy
-  - KeLeaveCriticalRegion
-  - KeEnterCriticalRegion
-  - IoIs32bitProcess
-  - strstr
-  - strncmp
-  - RtlInitUnicodeString
-  - MmFreeContiguousMemory
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: Bs_Def64.sys
-  MD5: c9a293762319d73c8ee84bcaaf81b7b3
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: Bs_Def64.sys
-  Product: Support SST39SF020,SST29EE020,AT49F002T,AT29C020,AM29F002NT,AM29F002NB,V29C51002T,V29C51002B,M29F002T,W29C020.
-  ProductVersion: '1.24'
-  Publisher: ASUSTeK Computer Inc.
-  RichPEHeaderHash:
-    MD5: 49cdcf5bdeaf4121ff6ecd8dccb8b789
-    SHA1: f1fa90c720b8d8b7cd99e2dfa288e88392ca272c
-    SHA256: ceb963e8f51a056b613f64e24c85656444bde328d4ba3c8b9ca88f600b1deee9
-  SHA1: 7d7c03e22049a725ace2a9812c72b53a66c2548b
-  SHA256: 3326e2d32bbabd69feb6024809afc56c7e39241ebe70a53728c77e80995422a5
-  Sections:
-    .text:
-      Entropy: 6.25069933938737
-      Virtual Size: '0x1ccc'
-    .rdata:
-      Entropy: 4.125160592605352
-      Virtual Size: '0x290'
-    .data:
-      Entropy: 0.020393135236084953
-      Virtual Size: '0x44a0'
-    .pdata:
-      Entropy: 3.741140180273957
-      Virtual Size: '0x120'
-    INIT:
-      Entropy: 4.728578347024585
-      Virtual Size: '0x3b6'
-    .rsrc:
-      Entropy: 3.495555403797425
-      Virtual Size: '0x458'
-  Signature:
-  - ASUSTeK Computer Inc.
-  - VeriSign Class 3 Code Signing 2004 CA
-  - VeriSign Class 3 Public Primary CA
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2008-12-03 23:59:59'
-      Signature: 877870da4e5201205be079c98230c4fdb91996bd9100c3bdcdcdc6f40ed8fff94dc033623011c5f5741bd492de5f9c2013b17c45be50cd83e7801783a72793671346fbcab8984103cc9b515b058b7fa86ff31b501b242ef2698d6c22f7bbca1695ed0c74c06877d9eb996287c17390f889747a23aba3987b97b1f78f29714d2e751b4841daf0b50d2054d677a097826369fd09cf8af075bb099bd9f91155269a6132be7a02b07b86bea2c38b222c78d13576bc92735cf9b9e64c150a23cce4d2d4342e4940153c0f607a24c6a566ef96cf70eb3ee7f40d7edcd17ca3767169c19c4f47303521b1a2af1a623c2bd98eaa2a077bd818b35c7be29da56ffe3c89ad
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0de92bf0d4d82988183205095e9a7688
-      Version: 3
-      TBS:
-        MD5: 45c204b8a20f6abb0188d2d38a3fb0c9
-        SHA1: cdf3a3c5c2eda4c29621f30fd3154f9f8c765739
-        SHA256: e32839dddc0f4ed2474efaf37f59d46db400c700fd19533cb0895a111124bc77
-        SHA384: ee9c75832cb252218b3201619852209df490d2ef7a5f7a28afdb37f1c1dd56f4604898838e558f615b1c798d4a488223
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=TW, ST=Taiwan, L=Taipei / Peitou, O=ASUSTeK Computer Inc., OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=Quality Testing Department,
-        CN=ASUSTeK Computer Inc.
-      ValidFrom: '2006-06-27 00:00:00'
-      ValidTo: '2007-07-16 23:59:59'
-      Signature: 3e9083070ad85eabc973807c097269557b889eba86f794582fdc292452dcb7f8bcc45cd4743a1f6fb1b4a2186c7be5c62cea2cfa8d7a8cf6b343ddd3da952369aeea7cdbb7fb2d0c172e9bd3f834d838e598760aa04f073962665cce0382d2f549978ec5b9b3d039eddfb4c4b3403f5a7ba908e6523bd44e39705deee334eb3d4dba63ac71da30b5a6a3c9bde15f52b39732144d7e59acae08622c5f78f0097899265af6be9d1f1b868e500fca79fe967ddd6d777597d52c201210d4903c6929e59ca804518364ab1f75925a99b70591290cab0f4c079392a985797cc99b1fc87cf7237ec4ce715abd07f108e320e42c327d305be93dde94161251414fc46516
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 284649f592786c4851c1138e364185ae
-      Version: 3
-      TBS:
-        MD5: 2fc1a78b4874ed1ac403284a5d4084fb
-        SHA1: 9ae9b025b3a9ebfacdf55104f3fc1c143457a296
-        SHA256: 9ffd439139209f1a084cb30cd791558dc266265405f7c5c7444c5a941ff0c004
-        SHA384: 656817a3d8aa52cdc8fbff1dcb0ef1f07ea93f0c6b82067d7c6c5f68a125dc3b50f88974a66d59ecc5b996ca5e55eaa1
-    Signer:
-    - SerialNumber: 284649f592786c4851c1138e364185ae
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  Imphash: 3aa0ceb8fcd07cf2514d1cb0b9bccf4b
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 034aa8df77d5a2815c8f4cf9f1399fd3
-    SHA1: e62d0712ddfd9fbaf9014cf43e49e2087a3f1ed2
-    SHA256: eb11a4270a6980a97ea8775422dacbd1e763b7e5898f0a80c71c91449fff7ab4
-  Company: AsusTek Computer Inc.
-  Copyright: Copyright (C) AsusTek Computer. 1992-2004
-  CreationTimestamp: '2006-09-08 01:32:27'
-  Date: ''
-  Description: Default BIOS Flash Driver
-  ExportedFunctions: ''
-  FileVersion: '1.24 built by: WinDDK'
-  Filename: BS_Def64.sys
-  ImportedFunctions:
-  - MmBuildMdlForNonPagedPool
-  - IoAllocateMdl
-  - MmGetPhysicalAddress
-  - MmAllocateContiguousMemory
-  - IoFreeMdl
-  - MmUnmapLockedPages
-  - KeDelayExecutionThread
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - RtlZeroMemory
-  - IoDeleteDevice
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - MmMapLockedPages
-  - IofCompleteRequest
-  - IoDeleteSymbolicLink
-  - ZwClose
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - ZwUnmapViewOfSection
-  - strncpy
-  - KeLeaveCriticalRegion
-  - KeEnterCriticalRegion
-  - IoIs32bitProcess
-  - strstr
-  - strncmp
-  - RtlInitUnicodeString
-  - MmFreeContiguousMemory
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: Bs_Def64.sys
-  MD5: 120b5bbb9d2eb35ff4f62d79507ea63a
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: Bs_Def64.sys
-  Product: Support SST39SF020,SST29EE020,AT49F002T,AT29C020,AM29F002NT,AM29F002NB,V29C51002T,V29C51002B,M29F002T,W29C020.
-  ProductVersion: '1.24'
-  Publisher: ASUSTeK Computer Inc.
-  RichPEHeaderHash:
-    MD5: 49cdcf5bdeaf4121ff6ecd8dccb8b789
-    SHA1: f1fa90c720b8d8b7cd99e2dfa288e88392ca272c
-    SHA256: ceb963e8f51a056b613f64e24c85656444bde328d4ba3c8b9ca88f600b1deee9
-  SHA1: f9519d033d75e1ab6b82b2e156eafe9607edbcfb
-  SHA256: 36b9e31240ab0341873c7092b63e2e0f2cab2962ebf9b25271c3a1216b7669eb
-  Sections:
-    .text:
-      Entropy: 6.265620446612747
-      Virtual Size: '0x1d5c'
-    .rdata:
-      Entropy: 4.091497298735098
-      Virtual Size: '0x298'
-    .data:
-      Entropy: 0.020393135236084953
-      Virtual Size: '0x4420'
-    .pdata:
-      Entropy: 3.849491637222947
-      Virtual Size: '0x12c'
-    INIT:
-      Entropy: 4.728578347024585
-      Virtual Size: '0x3b6'
-    .rsrc:
-      Entropy: 3.495555403797425
-      Virtual Size: '0x458'
-  Signature:
-  - ASUSTeK Computer Inc.
-  - VeriSign Class 3 Code Signing 2004 CA
-  - VeriSign Class 3 Public Primary CA
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2008-12-03 23:59:59'
-      Signature: 877870da4e5201205be079c98230c4fdb91996bd9100c3bdcdcdc6f40ed8fff94dc033623011c5f5741bd492de5f9c2013b17c45be50cd83e7801783a72793671346fbcab8984103cc9b515b058b7fa86ff31b501b242ef2698d6c22f7bbca1695ed0c74c06877d9eb996287c17390f889747a23aba3987b97b1f78f29714d2e751b4841daf0b50d2054d677a097826369fd09cf8af075bb099bd9f91155269a6132be7a02b07b86bea2c38b222c78d13576bc92735cf9b9e64c150a23cce4d2d4342e4940153c0f607a24c6a566ef96cf70eb3ee7f40d7edcd17ca3767169c19c4f47303521b1a2af1a623c2bd98eaa2a077bd818b35c7be29da56ffe3c89ad
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0de92bf0d4d82988183205095e9a7688
-      Version: 3
-      TBS:
-        MD5: 45c204b8a20f6abb0188d2d38a3fb0c9
-        SHA1: cdf3a3c5c2eda4c29621f30fd3154f9f8c765739
-        SHA256: e32839dddc0f4ed2474efaf37f59d46db400c700fd19533cb0895a111124bc77
-        SHA384: ee9c75832cb252218b3201619852209df490d2ef7a5f7a28afdb37f1c1dd56f4604898838e558f615b1c798d4a488223
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=TW, ST=Taiwan, L=Taipei / Peitou, O=ASUSTeK Computer Inc., OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=Quality Testing Department,
-        CN=ASUSTeK Computer Inc.
-      ValidFrom: '2006-06-27 00:00:00'
-      ValidTo: '2007-07-16 23:59:59'
-      Signature: 3e9083070ad85eabc973807c097269557b889eba86f794582fdc292452dcb7f8bcc45cd4743a1f6fb1b4a2186c7be5c62cea2cfa8d7a8cf6b343ddd3da952369aeea7cdbb7fb2d0c172e9bd3f834d838e598760aa04f073962665cce0382d2f549978ec5b9b3d039eddfb4c4b3403f5a7ba908e6523bd44e39705deee334eb3d4dba63ac71da30b5a6a3c9bde15f52b39732144d7e59acae08622c5f78f0097899265af6be9d1f1b868e500fca79fe967ddd6d777597d52c201210d4903c6929e59ca804518364ab1f75925a99b70591290cab0f4c079392a985797cc99b1fc87cf7237ec4ce715abd07f108e320e42c327d305be93dde94161251414fc46516
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 284649f592786c4851c1138e364185ae
-      Version: 3
-      TBS:
-        MD5: 2fc1a78b4874ed1ac403284a5d4084fb
-        SHA1: 9ae9b025b3a9ebfacdf55104f3fc1c143457a296
-        SHA256: 9ffd439139209f1a084cb30cd791558dc266265405f7c5c7444c5a941ff0c004
-        SHA384: 656817a3d8aa52cdc8fbff1dcb0ef1f07ea93f0c6b82067d7c6c5f68a125dc3b50f88974a66d59ecc5b996ca5e55eaa1
-    Signer:
-    - SerialNumber: 284649f592786c4851c1138e364185ae
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  Imphash: 3aa0ceb8fcd07cf2514d1cb0b9bccf4b
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create BS_Def64.sys binPath=C:\windows\temp\BS_Def64.sys type=kernel
+        && sc.exe start BS_Def64.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://github.com/namazso/physmem_drivers
-Tags:
-- BS_Def64.sys
-Verified: 'TRUE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/0040153302b88bee27eb4f1eca6855039e1a057370f5e8c615724fa5215bada3.yara
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/3326e2d32bbabd69feb6024809afc56c7e39241ebe70a53728c77e80995422a5.yara
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/36b9e31240ab0341873c7092b63e2e0f2cab2962ebf9b25271c3a1216b7669eb.yara
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 5c40712c0a854396aa9e8776763f3340
+        SHA1: 45cae96b31928bc5f93381edf6b978534fa24f59
+        SHA256: 57e9de67e908186b3cb8180caa2e5c5d7b6bb31969557b8bd5710d79089e8868
+    Company: AsusTek Computer Inc.
+    Copyright: Copyright (C) AsusTek Computer. 1992-2004
+    CreationTimestamp: '2006-12-14 02:38:08'
+    Date: ''
+    Description: Default BIOS Flash Driver
+    ExportedFunctions: ''
+    FileVersion: '1.24 built by: WinDDK'
+    Filename: BS_Def64.sys
+    ImportedFunctions:
+    - MmBuildMdlForNonPagedPool
+    - IoAllocateMdl
+    - MmGetPhysicalAddress
+    - MmAllocateContiguousMemory
+    - IoFreeMdl
+    - MmUnmapLockedPages
+    - KeDelayExecutionThread
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - RtlZeroMemory
+    - IoDeleteDevice
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - MmMapLockedPages
+    - IofCompleteRequest
+    - IoDeleteSymbolicLink
+    - ZwClose
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - ZwUnmapViewOfSection
+    - strncpy
+    - KeLeaveCriticalRegion
+    - KeEnterCriticalRegion
+    - IoIs32bitProcess
+    - strstr
+    - strncmp
+    - RtlInitUnicodeString
+    - MmFreeContiguousMemory
+    - HalTranslateBusAddress
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: Bs_Def64.sys
+    MD5: 8abbb12e61045984eda19e2dc77b235e
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: Bs_Def64.sys
+    Product: Support SST39SF020,SST29EE020,AT49F002T,AT29C020,AM29F002NT,AM29F002NB,V29C51002T,V29C51002B,M29F002T,W29C020.
+    ProductVersion: '1.24'
+    Publisher: ASUSTeK Computer Inc.
+    RichPEHeaderHash:
+        MD5: 49cdcf5bdeaf4121ff6ecd8dccb8b789
+        SHA1: f1fa90c720b8d8b7cd99e2dfa288e88392ca272c
+        SHA256: ceb963e8f51a056b613f64e24c85656444bde328d4ba3c8b9ca88f600b1deee9
+    SHA1: 609fa1efcf61e26d64a5ceb13b044175ab2b3a13
+    SHA256: 0040153302b88bee27eb4f1eca6855039e1a057370f5e8c615724fa5215bada3
+    Sections:
+        .text:
+            Entropy: 6.265166959341222
+            Virtual Size: '0x1dbc'
+        .rdata:
+            Entropy: 4.1389620692091595
+            Virtual Size: '0x2a0'
+        .data:
+            Entropy: 0.020393135236084953
+            Virtual Size: '0x44a0'
+        .pdata:
+            Entropy: 3.816244409052824
+            Virtual Size: '0x12c'
+        INIT:
+            Entropy: 4.728578347024585
+            Virtual Size: '0x3b6'
+        .rsrc:
+            Entropy: 3.495555403797425
+            Virtual Size: '0x458'
+    Signature:
+    - ASUSTeK Computer Inc.
+    - VeriSign Class 3 Code Signing 2004 CA
+    - VeriSign Class 3 Public Primary CA
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2008-12-03 23:59:59'
+            Signature: 877870da4e5201205be079c98230c4fdb91996bd9100c3bdcdcdc6f40ed8fff94dc033623011c5f5741bd492de5f9c2013b17c45be50cd83e7801783a72793671346fbcab8984103cc9b515b058b7fa86ff31b501b242ef2698d6c22f7bbca1695ed0c74c06877d9eb996287c17390f889747a23aba3987b97b1f78f29714d2e751b4841daf0b50d2054d677a097826369fd09cf8af075bb099bd9f91155269a6132be7a02b07b86bea2c38b222c78d13576bc92735cf9b9e64c150a23cce4d2d4342e4940153c0f607a24c6a566ef96cf70eb3ee7f40d7edcd17ca3767169c19c4f47303521b1a2af1a623c2bd98eaa2a077bd818b35c7be29da56ffe3c89ad
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0de92bf0d4d82988183205095e9a7688
+            Version: 3
+            TBS:
+                MD5: 45c204b8a20f6abb0188d2d38a3fb0c9
+                SHA1: cdf3a3c5c2eda4c29621f30fd3154f9f8c765739
+                SHA256: e32839dddc0f4ed2474efaf37f59d46db400c700fd19533cb0895a111124bc77
+                SHA384: ee9c75832cb252218b3201619852209df490d2ef7a5f7a28afdb37f1c1dd56f4604898838e558f615b1c798d4a488223
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=TW, ST=Taiwan, L=Taipei / Peitou, O=ASUSTeK Computer Inc.,
+                OU=Digital ID Class 3 , Microsoft Software Validation v2, OU=Quality
+                Testing Department, CN=ASUSTeK Computer Inc.
+            ValidFrom: '2006-06-27 00:00:00'
+            ValidTo: '2007-07-16 23:59:59'
+            Signature: 3e9083070ad85eabc973807c097269557b889eba86f794582fdc292452dcb7f8bcc45cd4743a1f6fb1b4a2186c7be5c62cea2cfa8d7a8cf6b343ddd3da952369aeea7cdbb7fb2d0c172e9bd3f834d838e598760aa04f073962665cce0382d2f549978ec5b9b3d039eddfb4c4b3403f5a7ba908e6523bd44e39705deee334eb3d4dba63ac71da30b5a6a3c9bde15f52b39732144d7e59acae08622c5f78f0097899265af6be9d1f1b868e500fca79fe967ddd6d777597d52c201210d4903c6929e59ca804518364ab1f75925a99b70591290cab0f4c079392a985797cc99b1fc87cf7237ec4ce715abd07f108e320e42c327d305be93dde94161251414fc46516
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 284649f592786c4851c1138e364185ae
+            Version: 3
+            TBS:
+                MD5: 2fc1a78b4874ed1ac403284a5d4084fb
+                SHA1: 9ae9b025b3a9ebfacdf55104f3fc1c143457a296
+                SHA256: 9ffd439139209f1a084cb30cd791558dc266265405f7c5c7444c5a941ff0c004
+                SHA384: 656817a3d8aa52cdc8fbff1dcb0ef1f07ea93f0c6b82067d7c6c5f68a125dc3b50f88974a66d59ecc5b996ca5e55eaa1
+        Signer:
+        -   SerialNumber: 284649f592786c4851c1138e364185ae
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    Imphash: 3aa0ceb8fcd07cf2514d1cb0b9bccf4b
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 7aa4c54af2ef8f71eb5c7976ab741fa3
+        SHA1: c95b6a13289b6538c7f4b68f791758bda1036cbe
+        SHA256: 3171d7af852e8b6be4651c415ea9490568475c45ecaa02a33dda9babb1643b07
+    Company: AsusTek Computer Inc.
+    Copyright: Copyright (C) AsusTek Computer. 1992-2004
+    CreationTimestamp: '2007-03-02 00:09:55'
+    Date: ''
+    Description: Default BIOS Flash Driver
+    ExportedFunctions: ''
+    FileVersion: '1.24 built by: WinDDK'
+    Filename: BS_Def64.sys
+    ImportedFunctions:
+    - MmBuildMdlForNonPagedPool
+    - IoAllocateMdl
+    - MmGetPhysicalAddress
+    - MmAllocateContiguousMemory
+    - IoFreeMdl
+    - MmUnmapLockedPages
+    - KeDelayExecutionThread
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - RtlZeroMemory
+    - IoDeleteDevice
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - MmMapLockedPages
+    - IofCompleteRequest
+    - IoDeleteSymbolicLink
+    - ZwClose
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - ZwUnmapViewOfSection
+    - strncpy
+    - KeLeaveCriticalRegion
+    - KeEnterCriticalRegion
+    - IoIs32bitProcess
+    - strstr
+    - strncmp
+    - RtlInitUnicodeString
+    - MmFreeContiguousMemory
+    - HalTranslateBusAddress
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: Bs_Def64.sys
+    MD5: c9a293762319d73c8ee84bcaaf81b7b3
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: Bs_Def64.sys
+    Product: Support SST39SF020,SST29EE020,AT49F002T,AT29C020,AM29F002NT,AM29F002NB,V29C51002T,V29C51002B,M29F002T,W29C020.
+    ProductVersion: '1.24'
+    Publisher: ASUSTeK Computer Inc.
+    RichPEHeaderHash:
+        MD5: 49cdcf5bdeaf4121ff6ecd8dccb8b789
+        SHA1: f1fa90c720b8d8b7cd99e2dfa288e88392ca272c
+        SHA256: ceb963e8f51a056b613f64e24c85656444bde328d4ba3c8b9ca88f600b1deee9
+    SHA1: 7d7c03e22049a725ace2a9812c72b53a66c2548b
+    SHA256: 3326e2d32bbabd69feb6024809afc56c7e39241ebe70a53728c77e80995422a5
+    Sections:
+        .text:
+            Entropy: 6.25069933938737
+            Virtual Size: '0x1ccc'
+        .rdata:
+            Entropy: 4.125160592605352
+            Virtual Size: '0x290'
+        .data:
+            Entropy: 0.020393135236084953
+            Virtual Size: '0x44a0'
+        .pdata:
+            Entropy: 3.741140180273957
+            Virtual Size: '0x120'
+        INIT:
+            Entropy: 4.728578347024585
+            Virtual Size: '0x3b6'
+        .rsrc:
+            Entropy: 3.495555403797425
+            Virtual Size: '0x458'
+    Signature:
+    - ASUSTeK Computer Inc.
+    - VeriSign Class 3 Code Signing 2004 CA
+    - VeriSign Class 3 Public Primary CA
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2008-12-03 23:59:59'
+            Signature: 877870da4e5201205be079c98230c4fdb91996bd9100c3bdcdcdc6f40ed8fff94dc033623011c5f5741bd492de5f9c2013b17c45be50cd83e7801783a72793671346fbcab8984103cc9b515b058b7fa86ff31b501b242ef2698d6c22f7bbca1695ed0c74c06877d9eb996287c17390f889747a23aba3987b97b1f78f29714d2e751b4841daf0b50d2054d677a097826369fd09cf8af075bb099bd9f91155269a6132be7a02b07b86bea2c38b222c78d13576bc92735cf9b9e64c150a23cce4d2d4342e4940153c0f607a24c6a566ef96cf70eb3ee7f40d7edcd17ca3767169c19c4f47303521b1a2af1a623c2bd98eaa2a077bd818b35c7be29da56ffe3c89ad
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0de92bf0d4d82988183205095e9a7688
+            Version: 3
+            TBS:
+                MD5: 45c204b8a20f6abb0188d2d38a3fb0c9
+                SHA1: cdf3a3c5c2eda4c29621f30fd3154f9f8c765739
+                SHA256: e32839dddc0f4ed2474efaf37f59d46db400c700fd19533cb0895a111124bc77
+                SHA384: ee9c75832cb252218b3201619852209df490d2ef7a5f7a28afdb37f1c1dd56f4604898838e558f615b1c798d4a488223
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=TW, ST=Taiwan, L=Taipei / Peitou, O=ASUSTeK Computer Inc.,
+                OU=Digital ID Class 3 , Microsoft Software Validation v2, OU=Quality
+                Testing Department, CN=ASUSTeK Computer Inc.
+            ValidFrom: '2006-06-27 00:00:00'
+            ValidTo: '2007-07-16 23:59:59'
+            Signature: 3e9083070ad85eabc973807c097269557b889eba86f794582fdc292452dcb7f8bcc45cd4743a1f6fb1b4a2186c7be5c62cea2cfa8d7a8cf6b343ddd3da952369aeea7cdbb7fb2d0c172e9bd3f834d838e598760aa04f073962665cce0382d2f549978ec5b9b3d039eddfb4c4b3403f5a7ba908e6523bd44e39705deee334eb3d4dba63ac71da30b5a6a3c9bde15f52b39732144d7e59acae08622c5f78f0097899265af6be9d1f1b868e500fca79fe967ddd6d777597d52c201210d4903c6929e59ca804518364ab1f75925a99b70591290cab0f4c079392a985797cc99b1fc87cf7237ec4ce715abd07f108e320e42c327d305be93dde94161251414fc46516
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 284649f592786c4851c1138e364185ae
+            Version: 3
+            TBS:
+                MD5: 2fc1a78b4874ed1ac403284a5d4084fb
+                SHA1: 9ae9b025b3a9ebfacdf55104f3fc1c143457a296
+                SHA256: 9ffd439139209f1a084cb30cd791558dc266265405f7c5c7444c5a941ff0c004
+                SHA384: 656817a3d8aa52cdc8fbff1dcb0ef1f07ea93f0c6b82067d7c6c5f68a125dc3b50f88974a66d59ecc5b996ca5e55eaa1
+        Signer:
+        -   SerialNumber: 284649f592786c4851c1138e364185ae
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    Imphash: 3aa0ceb8fcd07cf2514d1cb0b9bccf4b
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 034aa8df77d5a2815c8f4cf9f1399fd3
+        SHA1: e62d0712ddfd9fbaf9014cf43e49e2087a3f1ed2
+        SHA256: eb11a4270a6980a97ea8775422dacbd1e763b7e5898f0a80c71c91449fff7ab4
+    Company: AsusTek Computer Inc.
+    Copyright: Copyright (C) AsusTek Computer. 1992-2004
+    CreationTimestamp: '2006-09-08 01:32:27'
+    Date: ''
+    Description: Default BIOS Flash Driver
+    ExportedFunctions: ''
+    FileVersion: '1.24 built by: WinDDK'
+    Filename: BS_Def64.sys
+    ImportedFunctions:
+    - MmBuildMdlForNonPagedPool
+    - IoAllocateMdl
+    - MmGetPhysicalAddress
+    - MmAllocateContiguousMemory
+    - IoFreeMdl
+    - MmUnmapLockedPages
+    - KeDelayExecutionThread
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - RtlZeroMemory
+    - IoDeleteDevice
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - MmMapLockedPages
+    - IofCompleteRequest
+    - IoDeleteSymbolicLink
+    - ZwClose
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - ZwUnmapViewOfSection
+    - strncpy
+    - KeLeaveCriticalRegion
+    - KeEnterCriticalRegion
+    - IoIs32bitProcess
+    - strstr
+    - strncmp
+    - RtlInitUnicodeString
+    - MmFreeContiguousMemory
+    - HalTranslateBusAddress
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: Bs_Def64.sys
+    MD5: 120b5bbb9d2eb35ff4f62d79507ea63a
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: Bs_Def64.sys
+    Product: Support SST39SF020,SST29EE020,AT49F002T,AT29C020,AM29F002NT,AM29F002NB,V29C51002T,V29C51002B,M29F002T,W29C020.
+    ProductVersion: '1.24'
+    Publisher: ASUSTeK Computer Inc.
+    RichPEHeaderHash:
+        MD5: 49cdcf5bdeaf4121ff6ecd8dccb8b789
+        SHA1: f1fa90c720b8d8b7cd99e2dfa288e88392ca272c
+        SHA256: ceb963e8f51a056b613f64e24c85656444bde328d4ba3c8b9ca88f600b1deee9
+    SHA1: f9519d033d75e1ab6b82b2e156eafe9607edbcfb
+    SHA256: 36b9e31240ab0341873c7092b63e2e0f2cab2962ebf9b25271c3a1216b7669eb
+    Sections:
+        .text:
+            Entropy: 6.265620446612747
+            Virtual Size: '0x1d5c'
+        .rdata:
+            Entropy: 4.091497298735098
+            Virtual Size: '0x298'
+        .data:
+            Entropy: 0.020393135236084953
+            Virtual Size: '0x4420'
+        .pdata:
+            Entropy: 3.849491637222947
+            Virtual Size: '0x12c'
+        INIT:
+            Entropy: 4.728578347024585
+            Virtual Size: '0x3b6'
+        .rsrc:
+            Entropy: 3.495555403797425
+            Virtual Size: '0x458'
+    Signature:
+    - ASUSTeK Computer Inc.
+    - VeriSign Class 3 Code Signing 2004 CA
+    - VeriSign Class 3 Public Primary CA
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2008-12-03 23:59:59'
+            Signature: 877870da4e5201205be079c98230c4fdb91996bd9100c3bdcdcdc6f40ed8fff94dc033623011c5f5741bd492de5f9c2013b17c45be50cd83e7801783a72793671346fbcab8984103cc9b515b058b7fa86ff31b501b242ef2698d6c22f7bbca1695ed0c74c06877d9eb996287c17390f889747a23aba3987b97b1f78f29714d2e751b4841daf0b50d2054d677a097826369fd09cf8af075bb099bd9f91155269a6132be7a02b07b86bea2c38b222c78d13576bc92735cf9b9e64c150a23cce4d2d4342e4940153c0f607a24c6a566ef96cf70eb3ee7f40d7edcd17ca3767169c19c4f47303521b1a2af1a623c2bd98eaa2a077bd818b35c7be29da56ffe3c89ad
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0de92bf0d4d82988183205095e9a7688
+            Version: 3
+            TBS:
+                MD5: 45c204b8a20f6abb0188d2d38a3fb0c9
+                SHA1: cdf3a3c5c2eda4c29621f30fd3154f9f8c765739
+                SHA256: e32839dddc0f4ed2474efaf37f59d46db400c700fd19533cb0895a111124bc77
+                SHA384: ee9c75832cb252218b3201619852209df490d2ef7a5f7a28afdb37f1c1dd56f4604898838e558f615b1c798d4a488223
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=TW, ST=Taiwan, L=Taipei / Peitou, O=ASUSTeK Computer Inc.,
+                OU=Digital ID Class 3 , Microsoft Software Validation v2, OU=Quality
+                Testing Department, CN=ASUSTeK Computer Inc.
+            ValidFrom: '2006-06-27 00:00:00'
+            ValidTo: '2007-07-16 23:59:59'
+            Signature: 3e9083070ad85eabc973807c097269557b889eba86f794582fdc292452dcb7f8bcc45cd4743a1f6fb1b4a2186c7be5c62cea2cfa8d7a8cf6b343ddd3da952369aeea7cdbb7fb2d0c172e9bd3f834d838e598760aa04f073962665cce0382d2f549978ec5b9b3d039eddfb4c4b3403f5a7ba908e6523bd44e39705deee334eb3d4dba63ac71da30b5a6a3c9bde15f52b39732144d7e59acae08622c5f78f0097899265af6be9d1f1b868e500fca79fe967ddd6d777597d52c201210d4903c6929e59ca804518364ab1f75925a99b70591290cab0f4c079392a985797cc99b1fc87cf7237ec4ce715abd07f108e320e42c327d305be93dde94161251414fc46516
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 284649f592786c4851c1138e364185ae
+            Version: 3
+            TBS:
+                MD5: 2fc1a78b4874ed1ac403284a5d4084fb
+                SHA1: 9ae9b025b3a9ebfacdf55104f3fc1c143457a296
+                SHA256: 9ffd439139209f1a084cb30cd791558dc266265405f7c5c7444c5a941ff0c004
+                SHA384: 656817a3d8aa52cdc8fbff1dcb0ef1f07ea93f0c6b82067d7c6c5f68a125dc3b50f88974a66d59ecc5b996ca5e55eaa1
+        Signer:
+        -   SerialNumber: 284649f592786c4851c1138e364185ae
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    Imphash: 3aa0ceb8fcd07cf2514d1cb0b9bccf4b
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/4b047bb8-c605-4664-baed-25bb70e864a1.yaml b/yaml/4b047bb8-c605-4664-baed-25bb70e864a1.yaml
index e9beecb4d..5c63a31f1 100644
--- a/yaml/4b047bb8-c605-4664-baed-25bb70e864a1.yaml
+++ b/yaml/4b047bb8-c605-4664-baed-25bb70e864a1.yaml
@@ -1,35 +1,35 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 4b047bb8-c605-4664-baed-25bb70e864a1
+Tags:
+- Black.sys
+Verified: 'FALSE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create Black.sys binPath=C:\windows\temp\Black.sys type=kernel &&
-    sc.exe start Black.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection: []
-Id: 4b047bb8-c605-4664-baed-25bb70e864a1
-KnownVulnerableSamples:
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: Black.sys
-  MachineType: ''
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA256: d5562fb90b0b3deb633ab335bcbd82ce10953466a428b3f27cb5b226b453eaf3
-  Signature: []
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create Black.sys binPath=C:\windows\temp\Black.sys type=kernel
+        && sc.exe start Black.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules
-Tags:
-- Black.sys
-Verified: 'FALSE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: Black.sys
+    MachineType: ''
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA256: d5562fb90b0b3deb633ab335bcbd82ce10953466a428b3f27cb5b226b453eaf3
+    Signature: []
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/4c815256-2534-4476-b15d-7cbf24c80098.yaml b/yaml/4c815256-2534-4476-b15d-7cbf24c80098.yaml
index 8c16ef5a5..c222fd3a1 100644
--- a/yaml/4c815256-2534-4476-b15d-7cbf24c80098.yaml
+++ b/yaml/4c815256-2534-4476-b15d-7cbf24c80098.yaml
@@ -1,281 +1,283 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 4c815256-2534-4476-b15d-7cbf24c80098
+Tags:
+- jokercontroller.sys
+Verified: 'TRUE'
 Author: Michael Haag
+Created: '2023-07-22'
+MitreID: T1068
 CVE:
 - ''
 Category: vulnerable drivers
 Commands:
-  Command: ''
-  Description: Confirmed vulnerable driver from Microsoft Block List
-  OperatingSystem: Windows
-  Privileges: kernel
-  Usecase: Elevate privileges
-Created: '2023-07-22'
-Detection:
-- type: ''
-  value: ''
-Id: 4c815256-2534-4476-b15d-7cbf24c80098
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 788a1df0b3fd2dfa3fdfc24e441f9d2c
-    SHA1: 2a40c0a92107d9b3faa9aecdedf5016c1ea564f1
-    SHA256: 25454028a4f56d3c58747811a86be43397a6290d1a053bc30d97b41bf3c58c6f
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2020-04-19 21:19:37'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - NtQuerySystemInformation
-  - RtlInitUnicodeString
-  - ExAllocatePool
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - _wcsicmp
-  - RtlInitString
-  - RtlAnsiStringToUnicodeString
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - ZwClose
-  - MmIsAddressValid
-  - ZwOpenDirectoryObject
-  - ZwQueryDirectoryObject
-  - ObReferenceObjectByName
-  - ZwQuerySystemInformation
-  - __C_specific_handler
-  - MmHighestUserAddress
-  - IoDriverObjectType
-  - KeQueryTimeIncrement
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - PsGetProcessWow64Process
-  - PsGetProcessPeb
-  - MmUnlockPages
-  - MmGetSystemRoutineAddress
-  - MmUnmapLockedPages
-  - IoFreeMdl
-  - ZwTerminateProcess
-  - PsGetProcessImageFileName
-  - ObOpenObjectByPointer
-  - PsReferenceProcessFilePointer
-  - IoQueryFileDosDeviceName
-  - ZwQueryVirtualMemory
-  - MmProbeAndLockPages
-  - PsLookupProcessByProcessId
-  - MmMapLockedPagesSpecifyCache
-  - IoAllocateMdl
-  - IoGetCurrentProcess
-  - MmCopyVirtualMemory
-  - KeClearEvent
-  - KeSetEvent
-  - KeWaitForSingleObject
-  - MmMapLockedPages
-  - ObReferenceObjectByHandle
-  - PsSetCreateProcessNotifyRoutineEx
-  - PsSetCreateThreadNotifyRoutine
-  - PsRemoveCreateThreadNotifyRoutine
-  - PsSetLoadImageNotifyRoutine
-  - PsRemoveLoadImageNotifyRoutine
-  - ExEventObjectType
-  - ObRegisterCallbacks
-  - ObUnRegisterCallbacks
-  - ObGetFilterVersion
-  - IoThreadToProcess
-  - strcmp
-  - PsProcessType
-  - PsThreadType
-  - RtlGetVersion
-  - ObfReferenceObject
-  - ObGetObjectType
-  - ExEnumHandleTable
-  - ExfUnblockPushLock
-  - _snprintf
-  - vsprintf_s
-  - ZwCreateFile
-  - ZwWriteFile
-  - PsLookupThreadByThreadId
-  - NtQueryInformationThread
-  - DbgPrint
-  - KeDelayExecutionThread
-  - KdDisableDebugger
-  - KdChangeOption
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - KdDebuggerEnabled
-  - PsGetVersion
-  - KeInitializeEvent
-  - RtlCopyUnicodeString
-  - ObfDereferenceObject
-  - ExReleaseFastMutex
-  - ExAcquireFastMutex
-  - MmBuildMdlForNonPagedPool
-  - WdfVersionBindClass
-  - WdfVersionBind
-  - WdfVersionUnbind
-  - WdfVersionUnbindClass
-  Imports:
-  - ntoskrnl.exe
-  - WDFLDR.SYS
-  InternalName: ''
-  MD5: 8b6fc18d944ae44403dd03a6c63b7fbb
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: ffdf660eb1ebf020a1d0a55a90712dfb
-    SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
-    SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
-  SHA1: 52784cd9a18b53061648c876ccfcb7775d345f3c
-  SHA256: f6d7faddc3a56875a8d24e4785a139141dd892968f70bf0e37d505af9a3324fd
-  Sections:
-    .text:
-      Entropy: 6.1912018117070735
-      Virtual Size: '0x6c80'
-    .rdata:
-      Entropy: 4.780472480164167
-      Virtual Size: '0x1584'
-    .data:
-      Entropy: 0.805522255156276
-      Virtual Size: '0x15f8'
-    .pdata:
-      Entropy: 7.695557676550278
-      Virtual Size: '0x678'
-    PAGE:
-      Entropy: 5.92926389421831
-      Virtual Size: '0xb0e'
-    INIT:
-      Entropy: 5.364167422952783
-      Virtual Size: '0xe36'
-    .upx0:
-      Entropy: 7.020133249394464
-      Virtual Size: '0x11f974'
-    .reloc:
-      Entropy: 3.8296982621776037
-      Virtual Size: '0xc0'
-    .rsrc:
-      Entropy: 2.892850468812766
-      Virtual Size: '0x22c'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA
-        Certificate Services
-      ValidFrom: '2004-01-01 00:00:00'
-      ValidTo: '2028-12-31 23:59:59'
-      Signature: 0856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: '01'
-      Version: 3
-      TBS:
-        MD5: 93b601b98fc29a9e89a704048928b85f
-        SHA1: 3e8e6487f8fd27d322a269a71edaac5d57811286
-        SHA256: bedd4b1831f17c7ec1d507380f4c9836baa8ce20065a67db8b43acea14294ba4
-        SHA384: 5019d634bf6be7246128e117bfdf533f97aa574fae9080307b427fc77998fe9f280ba23b051cfbd6cf5d37c6e578d698
-    - Subject: C=GB, O=Sectigo Limited, CN=Sectigo Public Code Signing Root R46
-      ValidFrom: '2021-05-25 00:00:00'
-      ValidTo: '2028-12-31 23:59:59'
-      Signature: 12bfa1ef8b749a9844b86946b5ab240a0ca48a67b83a81bf458a7d5207a88d1f4e218539a36b5e2d2086bf10b8ae793b53cdb4fbd844be06d95c6367d44016874486722ad63215f51283c2f9e15d114067f6422772c523e202381a4c20e2db01f7cd464f26a27c66c05136b6890254c7fc58fb6c00eefe98a62e95a10c53291f6fd819a64f9ef7ac09ea5d82c68baf80a7bd8148528431da32ec15e4a64c3d6c3973d40b853920e0851a68e1a74838a9d1362577c18d1916c5884c667d2f63ce98e869dfac3ca85d9dc91c5baed8f32f74cfb87ef6d7839d1196629aae4513da7fdc47fbdfc3529fe60655e99d8cf23a6251bcec240f29d4588084e4457b5ad8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.12
-      IsCertificateAuthority: true
-      SerialNumber: 48fc93b46055948d36a7c98a89d69416
-      Version: 3
-      TBS:
-        MD5: 207045ce7b7ab131e78e459b13825902
-        SHA1: bcf7530a1ab309fb1926cb720f9fd58cff1cb88f
-        SHA256: 0f31a4237992e1ea623baf4c29480afb6d913e10f1fb1d56bb56f5b03fbff13b
-        SHA384: a229d2722bc6091d73b1d979b81088c977cb028a6f7cbf264bb81d5cc8f099f87d7c296e48bf09d7ebe275f5498661a4
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Trusted Root
-        G4
-      ValidFrom: '2022-08-01 00:00:00'
-      ValidTo: '2031-11-09 23:59:59'
-      Signature: 70a0bf435c55e7385fa0a3741b3db616d7f7bf5707bd9aaca1872cec855ea91abb22f8871a695422eda488776dbd1a14f4134a7a2f2db738eff4ff80b9f8a1f7f272de24bc5203c84ed02adefa2d56cff9f4f7ac307a9a8bb25ed4cfd143449b4321eb9672a148b499cb9d4fa7060313772744d4e77fe859a8f0bf2f0ba6e9f2343cecf703c787a8d24c401935466a6954b0b8a1568eeca4d53de8b1dcfd1cd8f4775a5c548c6fefa1503dfc760968849f6fcadb208d35601c0203cb20b0ac58a00e4063c59822c1b259f5556bcf27ab6c76ce6f232df47e716a236b22ff12b8542d277ed83ad9f0b68796fd5bd15cac18c34d9f73b701a99f57aa5e28e2b994
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.12
-      IsCertificateAuthority: true
-      SerialNumber: 0e9b188ef9d02de7efdb50e20840185a
-      Version: 3
-      TBS:
-        MD5: 21a266bd49f2778b24d13d95641ea6ac
-        SHA1: 21319f341fdf06bf6a104427afa8b7823b1ea7f3
-        SHA256: e933dc68ee65abd1f9b1aa6738eff60a6895d3d8cc4accf0c69069aa3decd757
-        SHA384: 11533efd6b326a4e065a936de300fe0586a479f93d569d2403bd62c7ad35f1b2199daee3adb510f429c4fc97b4b024e3
-    - Subject: C=GB, O=Sectigo Limited, CN=Sectigo Public Code Signing CA R36
-      ValidFrom: '2021-03-22 00:00:00'
-      ValidTo: '2036-03-21 23:59:59'
-      Signature: 06ff82e17763366e7ba115209b13ff04fe98754461c3569571d1913f85a1eb4040b1c8d6e072fd85ca64393cf98d4ba0da87ae9db600a306c50b600a2be70c7172010f465d39a593b32372041b0c2c7a9a7ef221ac2ca695a4bdf3e429a010b22a9a4fd0e731604754d21a6c6aa0412193ad05a8e3730e7ec3f29e16f3d87cb17f95d6299a51bebddd31aa5a9dd3df620a19f220cbd8e477b18ced809adb1ba559f43a135c59b583445ff7b01a7a7d65e1cfb0dc30be224c0592f8c55778d2e3d65273895284a2ba06b3d3258b38346d431b39a94e84e7c28a99f1f0268b65e5667b9c842e0d3d265a3c04c7bcd233b7ecf53c7a37e43fdfee3da93b54bc042cac4031c26cce4c9e89a7ab969870a0ac75b8747337213a6f1b9229cbad8acaa628be4e4ee9c0bed38d128b5e4a269b90f552676cfbea62a7cc07d9c4297fdddab7754370e2b837b130a08241d246a4ea94b312ee08eb853a819b3bb52fdd18d4a58dfd8e4929d1afb296cead37ce5f25ef98f2fa139db3d4d649e9cb6e305050647de9c16bea51147c02041d50b52faf18d461b1c78fde448f36badf376b11cc562c35fac5696cfc60e754db9e2a35941f77d3bf563c59d868ebdf1800347b4cdc7c5fccf605ebfa4a2bc104e1d8faeaa28ab66d834cbd4a14283f3982727eb74b26ad6adbf1d79ed82bd86570f995a1ad680c4e7f2fd528d9b0b96b8087d91c
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.12
-      IsCertificateAuthority: true
-      SerialNumber: 621d6d0c52019e3b9079152089211c0a
-      Version: 3
-      TBS:
-        MD5: 69409ee689cc94e90149ce9bccab49ae
-        SHA1: f3939507fa02c048647ede4cced7596339738157
-        SHA256: 3a42b4be5968e1e6489b8362a2a84cdbf7834f2aa9eb96cfb0dfeedeac4aa7d3
-        SHA384: 0eeb0f83c55ccaaf275cec9caaed00280b6dd9bd8e37bd8a191a5cf77a0e2d1298edb019e2a1e67e3f7bd4b1c7616dc0
-    - Subject: C=CA, ST=Ontario, O=12980215 Canada Inc., CN=12980215 Canada Inc.
-      ValidFrom: '2022-08-31 00:00:00'
-      ValidTo: '2023-08-31 23:59:59'
-      Signature: 868c0f41b6431c628ac609475d72a09d6db8e5589e4730b13494c120ee8274066dde243da4b952a82358ed03e955147df78410365a6c9539d9a65a84f5d2619ca0b36fded27245f8e4311b3aef7da5689e345f79c2f5eac94c3bcb2c858066a6640cfbc2d598b3e682c2392a8b6a78e61b7fdf9a64a965b54d4445d57ac7097c908107b292aeff2dd6f78c50ced1521274e585fc7ec533585a868471e46a0f97756b60f337ff4f6f1975c8a296337a1a51996338cd8effb81f026f68f6c991871f5bd1e6f847d3537d5fea0b211509eed19f87c3bee9d5a75d2ef537fcad2d02606a0ea53e9e1014b8e38c3dcf8449e79b779cc6cb5d0882a406814bc02fc522b09d3ac034a1a379ee03f56c225adadadb5ab25369e7f23225f85af24d24072816797272b8e52c6e535da98e307f9249ef15ec9c4c7807dab070828787d91fde9279708d1ee1ef68c093ff0775cbb3292eb8cda278b43d369a351f76024a1041f7481ecd8a34eccfd649768f0f57e8cf863f8646876fc6fcc58f530e2d8f9340
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.12
-      IsCertificateAuthority: false
-      SerialNumber: 1d11ed1006343e0fd1bc5511f3ab2084
-      Version: 3
-      TBS:
-        MD5: c9694893402b97bab780caf28eb06630
-        SHA1: e4445448d88eed645840a1640ee97513e67aa457
-        SHA256: ab2e110a867319a2a0084ead4c3e56f02217314d332ea03e6a21cd6f9ff92359
-        SHA384: 13576a93e84c8e2be44514173759709f9407ffa400b448093afd5ebf6030c324b7366a28037dc00a2e30670dab2e3f63
-    - Subject: C=US, O=DigiCert, Inc., CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping
-        CA
-      ValidFrom: '2022-03-23 00:00:00'
-      ValidTo: '2037-03-22 23:59:59'
-      Signature: 7d598ec093b66f98a94422017e66d6d82142e1b0182e104d13cf3053cebf18fbc7505de24b29fb708a0daa2969fc69c1cf1d07e93e60c8d80be55c5bd76d87fa842025343167cdb612966fc4504c621d0c0882a816bda956cf15738d012225ce95693f4777fb727414d7ffab4f8a2c7aab85cd435fed60b6aa4f91669e2c9ee08aace5fd8cbc6426876c92bd9d7cd0700a7cefa8bc754fba5af7a910b25de9ff285489f0d58a717665daccf072a323fac0278244ae99271bab241e26c1b7de2aebf69eb1799981a35686ab0a45c9dfc48da0e798fbfba69d72afc4c7c1c16a71d9c6138009c4b69fcd878724bb4fa349b9776691f1729ce94b0252a7377e9353ac3b1d08490f94cd397addff256399272c3d3f6ba7f166c341cd4fb6409b212140d0b71324cddc1d783ae49eade5347192d7266be43873aba6014fbd3f3b78ad4cadfbc4957bed0a5f33398741787a38e99ce1dd23fd1d28d3c7f9e8f1985ffb2bd87ef2469d752c1e272c26db6f157b1e198b36b893d4e6f2179959ca70f037bf9800df20164f27fb606716a166badd55c03a2986b098a02bed9541b73ad5159831b462090f0abd81d913febfa4d1f357d9bc04fa82de32df0489f000cd5dc2f9d0237f000be4760226d9f0657642a6298709472be67f1aa4850ffc9896f655542b1f80fac0f20e2be5d6fba92f44154ae7130e1ddb37381aa12bf6edd67cfc
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 073637b724547cd847acfd28662a5e5b
-      Version: 3
-      TBS:
-        MD5: e4b8ad9932ff9205f580cf8fb2afbb86
-        SHA1: 5301f7044d78bf94dd2b6e4871083a17fdba1dcc
-        SHA256: c3d01499a5d1d2f71e0f44e78fbfa4b8aadb43dd4f226401e0c1d7a6d53357fa
-        SHA384: 84b5f399da5a4f4387269adfd951ef7d2197c29552ed2d2e449060664c3825d6bdb2acc3e563d999e54652f7384f445e
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp 2022 , 2
-      ValidFrom: '2022-09-21 00:00:00'
-      ValidTo: '2033-11-21 23:59:59'
-      Signature: 55aa2a1af346f378573730fc75e34fd68523f1fcf995399b25e6f7728a98c377d464fc15fb36c249512c7888635509463900fc69d4ca9b29fba33fc0c9009b131db09889dc78f2cd7c85cd539daf62e26166a3142a45874a98422b50fc1bb59e083009fae42dd7098979f909e688ce7d1bb86aa29bc1536009e8a3b89dd7ad1f1cb8ec9841f0f60e80fbe4ffdf9d10a7eb00ba5f4a8f1a3a52b4eabf0949153536599a0f54d2b21b7f7e5e09ad76548a746dcad205672b76ebff98b226953819884414e50a59a26be7223e4421d23f1cc09bed7c48b2d8920c914f3c6694af5d0253eb9ee29ee4d31f8601649c00c2e95a74750d3de17988bf1c0197c9192380d7365a5f9616b1630cc646403bce5d35d4593e439a18aec3c9cbc3fb9b135f6ab5c7e0f305c359df27622bde41c953b9ff341067f62632987bfe5c42948194829dac0a8bc64b154ad3989045603380e023def803a4f64547e5ceb8034247e841367177adfda2e897744e2eda1e1d8c5ac81e9ad5c2f0c622a84f9bbdd81c9a51c42f9af65fa72797ba962e8557c060e778567f6aefc2959a4b1102c8829cc91a057cba71b54e7a996cf4e89ed45a98c89fbf8dbb185c43f5d02ae8e262ee7804dbbdd1fb5b0aa8707ef0978478e308035d472c63a825389701d23f3adae5e5f6e69bdc7e2cccff174c4d00a2d8d6010eb88beee6e07255892c271961f677018c
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 0c4d69724b94fa3c2a4a3d2907803d5a
-      Version: 3
-      TBS:
-        MD5: 812cb8ca0c79b318780ec5128ad13c1d
-        SHA1: 3f8047d078307123301e50a25e9afb0dc4b6843d
-        SHA256: 0c0b121e6f807bc22d4e0f4945634c22eca7e4d5ca58a1526a40e918a35c1d79
-        SHA384: 86aab81948499b3c90833253a853e7b3fd82ccf7b65b35806831ab60814bfc6ad8848c990df262a1c89b6fc4267dad81
-    Signer:
-    - SerialNumber: 1d11ed1006343e0fd1bc5511f3ab2084
-      Issuer: C=GB, O=Sectigo Limited, CN=Sectigo Public Code Signing CA R36
-      Version: 1
-  Imphash: 409d2ab916237fb129c57aacbb7cb4fe
-  LoadsDespiteHVCI: 'FALSE'
-MitreID: T1068
+    Command: ''
+    Description: Confirmed vulnerable driver from Microsoft Block List
+    OperatingSystem: Windows
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://gist.github.com/mgraeber-rc/1bde6a2a83237f17b463d051d32e802c
-Tags:
-- jokercontroller.sys
-Verified: 'TRUE'
+Detection:
+-   type: ''
+    value: ''
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 788a1df0b3fd2dfa3fdfc24e441f9d2c
+        SHA1: 2a40c0a92107d9b3faa9aecdedf5016c1ea564f1
+        SHA256: 25454028a4f56d3c58747811a86be43397a6290d1a053bc30d97b41bf3c58c6f
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2020-04-19 21:19:37'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - NtQuerySystemInformation
+    - RtlInitUnicodeString
+    - ExAllocatePool
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - _wcsicmp
+    - RtlInitString
+    - RtlAnsiStringToUnicodeString
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - ZwClose
+    - MmIsAddressValid
+    - ZwOpenDirectoryObject
+    - ZwQueryDirectoryObject
+    - ObReferenceObjectByName
+    - ZwQuerySystemInformation
+    - __C_specific_handler
+    - MmHighestUserAddress
+    - IoDriverObjectType
+    - KeQueryTimeIncrement
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - PsGetProcessWow64Process
+    - PsGetProcessPeb
+    - MmUnlockPages
+    - MmGetSystemRoutineAddress
+    - MmUnmapLockedPages
+    - IoFreeMdl
+    - ZwTerminateProcess
+    - PsGetProcessImageFileName
+    - ObOpenObjectByPointer
+    - PsReferenceProcessFilePointer
+    - IoQueryFileDosDeviceName
+    - ZwQueryVirtualMemory
+    - MmProbeAndLockPages
+    - PsLookupProcessByProcessId
+    - MmMapLockedPagesSpecifyCache
+    - IoAllocateMdl
+    - IoGetCurrentProcess
+    - MmCopyVirtualMemory
+    - KeClearEvent
+    - KeSetEvent
+    - KeWaitForSingleObject
+    - MmMapLockedPages
+    - ObReferenceObjectByHandle
+    - PsSetCreateProcessNotifyRoutineEx
+    - PsSetCreateThreadNotifyRoutine
+    - PsRemoveCreateThreadNotifyRoutine
+    - PsSetLoadImageNotifyRoutine
+    - PsRemoveLoadImageNotifyRoutine
+    - ExEventObjectType
+    - ObRegisterCallbacks
+    - ObUnRegisterCallbacks
+    - ObGetFilterVersion
+    - IoThreadToProcess
+    - strcmp
+    - PsProcessType
+    - PsThreadType
+    - RtlGetVersion
+    - ObfReferenceObject
+    - ObGetObjectType
+    - ExEnumHandleTable
+    - ExfUnblockPushLock
+    - _snprintf
+    - vsprintf_s
+    - ZwCreateFile
+    - ZwWriteFile
+    - PsLookupThreadByThreadId
+    - NtQueryInformationThread
+    - DbgPrint
+    - KeDelayExecutionThread
+    - KdDisableDebugger
+    - KdChangeOption
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - KdDebuggerEnabled
+    - PsGetVersion
+    - KeInitializeEvent
+    - RtlCopyUnicodeString
+    - ObfDereferenceObject
+    - ExReleaseFastMutex
+    - ExAcquireFastMutex
+    - MmBuildMdlForNonPagedPool
+    - WdfVersionBindClass
+    - WdfVersionBind
+    - WdfVersionUnbind
+    - WdfVersionUnbindClass
+    Imports:
+    - ntoskrnl.exe
+    - WDFLDR.SYS
+    InternalName: ''
+    MD5: 8b6fc18d944ae44403dd03a6c63b7fbb
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: ffdf660eb1ebf020a1d0a55a90712dfb
+        SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
+        SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
+    SHA1: 52784cd9a18b53061648c876ccfcb7775d345f3c
+    SHA256: f6d7faddc3a56875a8d24e4785a139141dd892968f70bf0e37d505af9a3324fd
+    Sections:
+        .text:
+            Entropy: 6.1912018117070735
+            Virtual Size: '0x6c80'
+        .rdata:
+            Entropy: 4.780472480164167
+            Virtual Size: '0x1584'
+        .data:
+            Entropy: 0.805522255156276
+            Virtual Size: '0x15f8'
+        .pdata:
+            Entropy: 7.695557676550278
+            Virtual Size: '0x678'
+        PAGE:
+            Entropy: 5.92926389421831
+            Virtual Size: '0xb0e'
+        INIT:
+            Entropy: 5.364167422952783
+            Virtual Size: '0xe36'
+        .upx0:
+            Entropy: 7.020133249394464
+            Virtual Size: '0x11f974'
+        .reloc:
+            Entropy: 3.8296982621776037
+            Virtual Size: '0xc0'
+        .rsrc:
+            Entropy: 2.892850468812766
+            Virtual Size: '0x22c'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited,
+                CN=AAA Certificate Services
+            ValidFrom: '2004-01-01 00:00:00'
+            ValidTo: '2028-12-31 23:59:59'
+            Signature: 0856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: '01'
+            Version: 3
+            TBS:
+                MD5: 93b601b98fc29a9e89a704048928b85f
+                SHA1: 3e8e6487f8fd27d322a269a71edaac5d57811286
+                SHA256: bedd4b1831f17c7ec1d507380f4c9836baa8ce20065a67db8b43acea14294ba4
+                SHA384: 5019d634bf6be7246128e117bfdf533f97aa574fae9080307b427fc77998fe9f280ba23b051cfbd6cf5d37c6e578d698
+        -   Subject: C=GB, O=Sectigo Limited, CN=Sectigo Public Code Signing Root
+                R46
+            ValidFrom: '2021-05-25 00:00:00'
+            ValidTo: '2028-12-31 23:59:59'
+            Signature: 12bfa1ef8b749a9844b86946b5ab240a0ca48a67b83a81bf458a7d5207a88d1f4e218539a36b5e2d2086bf10b8ae793b53cdb4fbd844be06d95c6367d44016874486722ad63215f51283c2f9e15d114067f6422772c523e202381a4c20e2db01f7cd464f26a27c66c05136b6890254c7fc58fb6c00eefe98a62e95a10c53291f6fd819a64f9ef7ac09ea5d82c68baf80a7bd8148528431da32ec15e4a64c3d6c3973d40b853920e0851a68e1a74838a9d1362577c18d1916c5884c667d2f63ce98e869dfac3ca85d9dc91c5baed8f32f74cfb87ef6d7839d1196629aae4513da7fdc47fbdfc3529fe60655e99d8cf23a6251bcec240f29d4588084e4457b5ad8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.12
+            IsCertificateAuthority: true
+            SerialNumber: 48fc93b46055948d36a7c98a89d69416
+            Version: 3
+            TBS:
+                MD5: 207045ce7b7ab131e78e459b13825902
+                SHA1: bcf7530a1ab309fb1926cb720f9fd58cff1cb88f
+                SHA256: 0f31a4237992e1ea623baf4c29480afb6d913e10f1fb1d56bb56f5b03fbff13b
+                SHA384: a229d2722bc6091d73b1d979b81088c977cb028a6f7cbf264bb81d5cc8f099f87d7c296e48bf09d7ebe275f5498661a4
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Trusted
+                Root G4
+            ValidFrom: '2022-08-01 00:00:00'
+            ValidTo: '2031-11-09 23:59:59'
+            Signature: 70a0bf435c55e7385fa0a3741b3db616d7f7bf5707bd9aaca1872cec855ea91abb22f8871a695422eda488776dbd1a14f4134a7a2f2db738eff4ff80b9f8a1f7f272de24bc5203c84ed02adefa2d56cff9f4f7ac307a9a8bb25ed4cfd143449b4321eb9672a148b499cb9d4fa7060313772744d4e77fe859a8f0bf2f0ba6e9f2343cecf703c787a8d24c401935466a6954b0b8a1568eeca4d53de8b1dcfd1cd8f4775a5c548c6fefa1503dfc760968849f6fcadb208d35601c0203cb20b0ac58a00e4063c59822c1b259f5556bcf27ab6c76ce6f232df47e716a236b22ff12b8542d277ed83ad9f0b68796fd5bd15cac18c34d9f73b701a99f57aa5e28e2b994
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.12
+            IsCertificateAuthority: true
+            SerialNumber: 0e9b188ef9d02de7efdb50e20840185a
+            Version: 3
+            TBS:
+                MD5: 21a266bd49f2778b24d13d95641ea6ac
+                SHA1: 21319f341fdf06bf6a104427afa8b7823b1ea7f3
+                SHA256: e933dc68ee65abd1f9b1aa6738eff60a6895d3d8cc4accf0c69069aa3decd757
+                SHA384: 11533efd6b326a4e065a936de300fe0586a479f93d569d2403bd62c7ad35f1b2199daee3adb510f429c4fc97b4b024e3
+        -   Subject: C=GB, O=Sectigo Limited, CN=Sectigo Public Code Signing CA R36
+            ValidFrom: '2021-03-22 00:00:00'
+            ValidTo: '2036-03-21 23:59:59'
+            Signature: 06ff82e17763366e7ba115209b13ff04fe98754461c3569571d1913f85a1eb4040b1c8d6e072fd85ca64393cf98d4ba0da87ae9db600a306c50b600a2be70c7172010f465d39a593b32372041b0c2c7a9a7ef221ac2ca695a4bdf3e429a010b22a9a4fd0e731604754d21a6c6aa0412193ad05a8e3730e7ec3f29e16f3d87cb17f95d6299a51bebddd31aa5a9dd3df620a19f220cbd8e477b18ced809adb1ba559f43a135c59b583445ff7b01a7a7d65e1cfb0dc30be224c0592f8c55778d2e3d65273895284a2ba06b3d3258b38346d431b39a94e84e7c28a99f1f0268b65e5667b9c842e0d3d265a3c04c7bcd233b7ecf53c7a37e43fdfee3da93b54bc042cac4031c26cce4c9e89a7ab969870a0ac75b8747337213a6f1b9229cbad8acaa628be4e4ee9c0bed38d128b5e4a269b90f552676cfbea62a7cc07d9c4297fdddab7754370e2b837b130a08241d246a4ea94b312ee08eb853a819b3bb52fdd18d4a58dfd8e4929d1afb296cead37ce5f25ef98f2fa139db3d4d649e9cb6e305050647de9c16bea51147c02041d50b52faf18d461b1c78fde448f36badf376b11cc562c35fac5696cfc60e754db9e2a35941f77d3bf563c59d868ebdf1800347b4cdc7c5fccf605ebfa4a2bc104e1d8faeaa28ab66d834cbd4a14283f3982727eb74b26ad6adbf1d79ed82bd86570f995a1ad680c4e7f2fd528d9b0b96b8087d91c
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.12
+            IsCertificateAuthority: true
+            SerialNumber: 621d6d0c52019e3b9079152089211c0a
+            Version: 3
+            TBS:
+                MD5: 69409ee689cc94e90149ce9bccab49ae
+                SHA1: f3939507fa02c048647ede4cced7596339738157
+                SHA256: 3a42b4be5968e1e6489b8362a2a84cdbf7834f2aa9eb96cfb0dfeedeac4aa7d3
+                SHA384: 0eeb0f83c55ccaaf275cec9caaed00280b6dd9bd8e37bd8a191a5cf77a0e2d1298edb019e2a1e67e3f7bd4b1c7616dc0
+        -   Subject: C=CA, ST=Ontario, O=12980215 Canada Inc., CN=12980215 Canada
+                Inc.
+            ValidFrom: '2022-08-31 00:00:00'
+            ValidTo: '2023-08-31 23:59:59'
+            Signature: 868c0f41b6431c628ac609475d72a09d6db8e5589e4730b13494c120ee8274066dde243da4b952a82358ed03e955147df78410365a6c9539d9a65a84f5d2619ca0b36fded27245f8e4311b3aef7da5689e345f79c2f5eac94c3bcb2c858066a6640cfbc2d598b3e682c2392a8b6a78e61b7fdf9a64a965b54d4445d57ac7097c908107b292aeff2dd6f78c50ced1521274e585fc7ec533585a868471e46a0f97756b60f337ff4f6f1975c8a296337a1a51996338cd8effb81f026f68f6c991871f5bd1e6f847d3537d5fea0b211509eed19f87c3bee9d5a75d2ef537fcad2d02606a0ea53e9e1014b8e38c3dcf8449e79b779cc6cb5d0882a406814bc02fc522b09d3ac034a1a379ee03f56c225adadadb5ab25369e7f23225f85af24d24072816797272b8e52c6e535da98e307f9249ef15ec9c4c7807dab070828787d91fde9279708d1ee1ef68c093ff0775cbb3292eb8cda278b43d369a351f76024a1041f7481ecd8a34eccfd649768f0f57e8cf863f8646876fc6fcc58f530e2d8f9340
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.12
+            IsCertificateAuthority: false
+            SerialNumber: 1d11ed1006343e0fd1bc5511f3ab2084
+            Version: 3
+            TBS:
+                MD5: c9694893402b97bab780caf28eb06630
+                SHA1: e4445448d88eed645840a1640ee97513e67aa457
+                SHA256: ab2e110a867319a2a0084ead4c3e56f02217314d332ea03e6a21cd6f9ff92359
+                SHA384: 13576a93e84c8e2be44514173759709f9407ffa400b448093afd5ebf6030c324b7366a28037dc00a2e30670dab2e3f63
+        -   Subject: C=US, O=DigiCert, Inc., CN=DigiCert Trusted G4 RSA4096 SHA256
+                TimeStamping CA
+            ValidFrom: '2022-03-23 00:00:00'
+            ValidTo: '2037-03-22 23:59:59'
+            Signature: 7d598ec093b66f98a94422017e66d6d82142e1b0182e104d13cf3053cebf18fbc7505de24b29fb708a0daa2969fc69c1cf1d07e93e60c8d80be55c5bd76d87fa842025343167cdb612966fc4504c621d0c0882a816bda956cf15738d012225ce95693f4777fb727414d7ffab4f8a2c7aab85cd435fed60b6aa4f91669e2c9ee08aace5fd8cbc6426876c92bd9d7cd0700a7cefa8bc754fba5af7a910b25de9ff285489f0d58a717665daccf072a323fac0278244ae99271bab241e26c1b7de2aebf69eb1799981a35686ab0a45c9dfc48da0e798fbfba69d72afc4c7c1c16a71d9c6138009c4b69fcd878724bb4fa349b9776691f1729ce94b0252a7377e9353ac3b1d08490f94cd397addff256399272c3d3f6ba7f166c341cd4fb6409b212140d0b71324cddc1d783ae49eade5347192d7266be43873aba6014fbd3f3b78ad4cadfbc4957bed0a5f33398741787a38e99ce1dd23fd1d28d3c7f9e8f1985ffb2bd87ef2469d752c1e272c26db6f157b1e198b36b893d4e6f2179959ca70f037bf9800df20164f27fb606716a166badd55c03a2986b098a02bed9541b73ad5159831b462090f0abd81d913febfa4d1f357d9bc04fa82de32df0489f000cd5dc2f9d0237f000be4760226d9f0657642a6298709472be67f1aa4850ffc9896f655542b1f80fac0f20e2be5d6fba92f44154ae7130e1ddb37381aa12bf6edd67cfc
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 073637b724547cd847acfd28662a5e5b
+            Version: 3
+            TBS:
+                MD5: e4b8ad9932ff9205f580cf8fb2afbb86
+                SHA1: 5301f7044d78bf94dd2b6e4871083a17fdba1dcc
+                SHA256: c3d01499a5d1d2f71e0f44e78fbfa4b8aadb43dd4f226401e0c1d7a6d53357fa
+                SHA384: 84b5f399da5a4f4387269adfd951ef7d2197c29552ed2d2e449060664c3825d6bdb2acc3e563d999e54652f7384f445e
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp 2022 , 2
+            ValidFrom: '2022-09-21 00:00:00'
+            ValidTo: '2033-11-21 23:59:59'
+            Signature: 55aa2a1af346f378573730fc75e34fd68523f1fcf995399b25e6f7728a98c377d464fc15fb36c249512c7888635509463900fc69d4ca9b29fba33fc0c9009b131db09889dc78f2cd7c85cd539daf62e26166a3142a45874a98422b50fc1bb59e083009fae42dd7098979f909e688ce7d1bb86aa29bc1536009e8a3b89dd7ad1f1cb8ec9841f0f60e80fbe4ffdf9d10a7eb00ba5f4a8f1a3a52b4eabf0949153536599a0f54d2b21b7f7e5e09ad76548a746dcad205672b76ebff98b226953819884414e50a59a26be7223e4421d23f1cc09bed7c48b2d8920c914f3c6694af5d0253eb9ee29ee4d31f8601649c00c2e95a74750d3de17988bf1c0197c9192380d7365a5f9616b1630cc646403bce5d35d4593e439a18aec3c9cbc3fb9b135f6ab5c7e0f305c359df27622bde41c953b9ff341067f62632987bfe5c42948194829dac0a8bc64b154ad3989045603380e023def803a4f64547e5ceb8034247e841367177adfda2e897744e2eda1e1d8c5ac81e9ad5c2f0c622a84f9bbdd81c9a51c42f9af65fa72797ba962e8557c060e778567f6aefc2959a4b1102c8829cc91a057cba71b54e7a996cf4e89ed45a98c89fbf8dbb185c43f5d02ae8e262ee7804dbbdd1fb5b0aa8707ef0978478e308035d472c63a825389701d23f3adae5e5f6e69bdc7e2cccff174c4d00a2d8d6010eb88beee6e07255892c271961f677018c
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 0c4d69724b94fa3c2a4a3d2907803d5a
+            Version: 3
+            TBS:
+                MD5: 812cb8ca0c79b318780ec5128ad13c1d
+                SHA1: 3f8047d078307123301e50a25e9afb0dc4b6843d
+                SHA256: 0c0b121e6f807bc22d4e0f4945634c22eca7e4d5ca58a1526a40e918a35c1d79
+                SHA384: 86aab81948499b3c90833253a853e7b3fd82ccf7b65b35806831ab60814bfc6ad8848c990df262a1c89b6fc4267dad81
+        Signer:
+        -   SerialNumber: 1d11ed1006343e0fd1bc5511f3ab2084
+            Issuer: C=GB, O=Sectigo Limited, CN=Sectigo Public Code Signing CA R36
+            Version: 1
+    Imphash: 409d2ab916237fb129c57aacbb7cb4fe
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/4d365dd0-34c3-492e-a2bd-c16266796ae5.yaml b/yaml/4d365dd0-34c3-492e-a2bd-c16266796ae5.yaml
index 61ef7fad0..9ba4c6e6b 100644
--- a/yaml/4d365dd0-34c3-492e-a2bd-c16266796ae5.yaml
+++ b/yaml/4d365dd0-34c3-492e-a2bd-c16266796ae5.yaml
@@ -1,524 +1,526 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 4d365dd0-34c3-492e-a2bd-c16266796ae5
+Tags:
+- ALSysIO64.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create ALSysIO64.sys binPath=C:\windows\temp\ALSysIO64.sys type=kernel
-    && sc.exe start ALSysIO64.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/7196187fb1ef8d108b380d37b2af8efdeb3ca1f6eefd37b5dc114c609147216d.yara
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/7f375639a0df7fe51e5518cf87c3f513c55bc117db47d28da8c615642eb18bfa.yara
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/119c48b79735fda0ecd973d77d9bdc6b329960caed09b38ab454236ca039d280.yara
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: 4d365dd0-34c3-492e-a2bd-c16266796ae5
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 86be5dbedcfcd517b9b602436cd985eb
-    SHA1: 7a9981f1bca18e2f624fe806c753a14dfd970c4e
-    SHA256: ca829178d01990c8d1d6a681dee074a53f0dd873fd8eef6f6161c682449ec8c5
-  Company: Arthur Liberman
-  Copyright: Copyright (C) 2003-2009 Arthur Liberman
-  CreationTimestamp: '2013-03-05 14:50:34'
-  Date: ''
-  Description: ALSysIO
-  ExportedFunctions: ''
-  FileVersion: 2.0.8.0
-  Filename: ALSysIO64.sys
-  ImportedFunctions:
-  - IoDeleteDevice
-  - ZwClose
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - IoBuildDeviceIoControlRequest
-  - RtlAnsiStringToUnicodeString
-  - MmGetSystemRoutineAddress
-  - KeInitializeEvent
-  - RtlInitAnsiString
-  - RtlFreeUnicodeString
-  - RtlInitUnicodeString
-  - KeWaitForSingleObject
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - DbgPrint
-  - IofCallDriver
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - strstr
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - KeBugCheckEx
-  - IoGetDeviceObjectPointer
-  - IoDeleteSymbolicLink
-  - RtlUnwindEx
-  - HalGetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ALSysIO.sys
-  MD5: 13dda15ef67eb265869fc371c72d6ef0
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ALSysIO.sys
-  Product: ALSysIO
-  ProductVersion: 2.0.8.0
-  Publisher: Artur Liberman
-  RichPEHeaderHash:
-    MD5: fa032a9e33f5f3a4125cfa9c178850f9
-    SHA1: 2956abd1741d40b754a0c26100d60415591fd887
-    SHA256: 0d234a1913ceeac6a2072152698734f7ae25cadb077db00d1a78b5bf376bac77
-  SHA1: 2f991435a6f58e25c103a657d24ed892b99690b8
-  SHA256: 7196187fb1ef8d108b380d37b2af8efdeb3ca1f6eefd37b5dc114c609147216d
-  Sections:
-    .text:
-      Entropy: 6.095274875783498
-      Virtual Size: '0x3389'
-    .rdata:
-      Entropy: 4.296371217977882
-      Virtual Size: '0x554'
-    .data:
-      Entropy: 0.5524918135800905
-      Virtual Size: '0x184'
-    .pdata:
-      Entropy: 4.0236239083842475
-      Virtual Size: '0x24c'
-    INIT:
-      Entropy: 5.135904026607732
-      Virtual Size: '0x3f0'
-    .rsrc:
-      Entropy: 3.2958125541040038
-      Virtual Size: '0x388'
-  Signature:
-  - Artur Liberman
-  - GlobalSign CodeSigning CA - G2
-  - GlobalSign Root CA - R1
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: OU=Timestamping CA, O=GlobalSign, CN=GlobalSign Timestamping CA
-      ValidFrom: '2009-03-18 11:00:00'
-      ValidTo: '2028-01-28 12:00:00'
-      Signature: 5df6cb2b0d0140849f857a43706ae0c5e7aa0600d76713c9089131654f14a8a905dc389e6aa0300abd8dc78028ee4245ca94f3de5845a9803204f5595c6a70003927944df5b44634e81c5331b2b35416e9cc42abd5d959301cfb462725b88723b1e8758824831ec876377b01494548a4ede25dd27c9ca2dc2dba105a126265abae00c710343bcb72bd14240cdcc37627b4a7fee15829f20e169f91391d89a6e60f1c878ce258ac927e243eaaec14e73a33348bc63bac83ab0f14627aba1a2d4d4b1bc530f00b92797d3c78e0f8e6d215965999392b3061e8b8f8c0a1e9221411787dc4dc89bec0bb94e172aeebb540404fef171e585ed0a88996ac9228e9babf
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012019c19066
-      Version: 3
-      TBS:
-        MD5: 42023b9487cafe46c1b6a49c369a362e
-        SHA1: 7c7b524d269334b9f073c32e888e09544c6acd98
-        SHA256: b7126567833f3daa4085ff41e73112daad3d1e3808a942c1936520e2d6c46c78
-        SHA384: 0ee4f63d6f157ec4f6990c3ebb411ccd76cb1e2123c7f692459e43f96c0da2dbf60a2bce6afeacc60621d3055028baea
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=BE, O=GlobalSign NV, CN=GlobalSign Time Stamping Authority
-      ValidFrom: '2009-12-21 09:32:56'
-      ValidTo: '2020-12-22 09:32:56'
-      Signature: bc89ecfee63655935c79d4117a86808f17b693b26d9b91a1561811c655eaf608edad9b9ef52b81c8bbdd607b1b47991e6d403e1d80c213d58e04052fdbe7ae529e688472a1e54a603cf89bd52f46d8c3b2b79353ac9b6c432424d1f1fce9562e3411581843eaefff34746ca0c06c7fad031969881e9560cabbbd0cbb76efc724b081c63831cf36ad0c38b89020849b2e8f28b99ff6ca9427cdac396157e0e3955a9c769230f5dea6973d721c2a6032a8334d8635338a5cf3a4fdf7062ce16b4b30f5cbd34362f841b9de7d20cb058c8e2cf65f35fd338d42896508362ca389f45a858bb0b97bdb6ccba1f8d20e1bbb977cd12779be9d7c3be6a75634d8c991a9
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 01000000000125b0b4cc01
-      Version: 3
-      TBS:
-        MD5: e3369c8e5aec0504b3a50455f615d9f9
-        SHA1: 13c244a894b40ecd18aaf97c362f20385bd005a7
-        SHA256: 26da721a670c72836926032fee6920118bfb9bff89cc8d0ce30d9452c33f2532
-        SHA384: 1524902f0e25addc6d74039d439366d2b06199e215004fd8e145369f50ea94a021ce6312e8a62b35470da0309ccb975c
-    - Subject: C=IL, CN=Artur Liberman
-      ValidFrom: '2013-03-05 15:18:55'
-      ValidTo: '2016-03-05 15:18:55'
-      Signature: affd93f5b3dc4e5d57868f2bdf7f88bc14dd94c0de331f2d4fb4712dd259d5636f7c0d06595fec79e3311d63ac012ed643277e63015bc7c87c904efb57e44eef681019638adb464e96dd90f71eee2122664c7e809b11624b1b5e472ed28d55196cfd6d1eeedaa6c1e93a9540675a8047caee8a153cecb97db6ad807061634c8989e44a66675d71ed68cf2261592b3c49e35d111f9c4f3eb290fde4830a92c4d88e65914f5b8c5133138f11ecc6d07c47499016a43ea5fca364f560db7b38337959455928e8ec7940e26dab3f33547b05c6bc73868eb5cb8473dba3f006f07638aa7c29f933d5479f33f611ab8af56350e50254b9de2bfa4be289d0d1abc2133d
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112124a45abbf7c551deb213b28633c3dcad
-      Version: 3
-      TBS:
-        MD5: 56627e70a0b871843f4c3244885a29b2
-        SHA1: 7425308f88b4b3d59f4f15c5b9399ee445142f85
-        SHA256: 8e1fcd00db7895ff671e93e4e92a98d902ee2afa2c46e0548b3c1bca605b54f0
-        SHA384: 1f0906f566cd9e09ccfa4b5cd6a10ce17755725f49764cd2ca7437a5bd26b7ef970136fb87880814554c3fd4e640aae9
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2011-04-15 19:55:08'
-      ValidTo: '2021-04-15 20:05:08'
-      Signature: 5ff8d065746a81c6a6ca5b03b6914ae84bbdef2ba142f0efb4a5adcd3389ec0b9585ac62501108aa58d25aa08310e5a6337af25af2c5fe787cf09c83df190ad97396002dd62ccde914d41d9de83f3c1a76f7904efb01350a6c9313a0c356eb67a0e4d17a96dec267f190f80a7bf5321b94ec5f751f8d1b34da6c58a7cb2d279e2226b7c9aa30cc0777b836e38201b5393ccc8dd9a75f7f23b3877fdb5798918bd7ce2520e39d644fdd87f72b68490318e0a5df7c5f68644d36838d4781f2e9e0a869abfa7b163c05a449ea8830190a6c73055178dfd41ddd3ad47f2de44e54be83431e7a7433b4a4ebd77073bc2a02988966eef6bc8f749378e329025a5a43e258ce7ccf9acad236893be25fda26054ec8d4e72c910e1797c5beee8b13112323294ffa83d050f6bafad53db3173df4ff034aa325dce67561d1fa35086bd62744d068b78d45e0eb852cc8a15d614474160e5958aed2b5eea5bcd6d7076ab62978fd976767dd8d4f17944fd2ed0caf972437c3a29c81da6be143b6577b4cecbf791319e79fe844e94781b75e701e91f83dd17b27f50b7056434805dda92fab86101d0b12e31ad04c6e75ded645b30b748887935c564a41029af7aeb799d8b67f88fa11f2457cf4d71b91c01cf1a0fbd4080a411a142acef4eb34486e66879ed54b7a397fbb0e3d3861cf735706e412066bd96b5308cd7018c22d4f974691bca9f0
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 6129152700000000002a
-      Version: 3
-      TBS:
-        MD5: 0bb058d116f02817737920f112d9fd3b
-        SHA1: fd116235171a4feafedee586b7a59185fb5fd7e6
-        SHA256: f970426cc46d2ae0fc5f899fa19dbe76e05f07e525654c60c3c9399492c291f4
-        SHA384: c0df876be008c26ca407fe904e6f5e7ccded17f9c16830ce9f8022309c9e64c97f494810f152811ae43e223b82ad7cc6
-    Signer:
-    - SerialNumber: 112124a45abbf7c551deb213b28633c3dcad
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 82f5b92ccd99d13f4dd6ed6aaf0441bc
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 966e1c16e1aa07044b733c5589f40fd7
-    SHA1: 7027b399daf84a7c24dd010c2806bf6048a230bd
-    SHA256: ac22a7cce3795e58c974056a86a06444e831d52185f9f37db88c65e14cd5bb75
-  Company: Arthur Liberman
-  Copyright: Copyright (C) 2003-2009 Arthur Liberman
-  CreationTimestamp: '2016-02-19 15:24:23'
-  Date: ''
-  Description: ALSysIO
-  ExportedFunctions: ''
-  FileVersion: 2.0.9.0
-  Filename: ALSysIO64.sys
-  ImportedFunctions:
-  - IoDeleteDevice
-  - ZwClose
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - IoBuildDeviceIoControlRequest
-  - RtlAnsiStringToUnicodeString
-  - MmGetSystemRoutineAddress
-  - KeInitializeEvent
-  - RtlInitAnsiString
-  - RtlFreeUnicodeString
-  - RtlInitUnicodeString
-  - KeWaitForSingleObject
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - DbgPrint
-  - IofCallDriver
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - strstr
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - KeBugCheckEx
-  - IoGetDeviceObjectPointer
-  - IoDeleteSymbolicLink
-  - RtlUnwindEx
-  - HalGetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ALSysIO.sys
-  MD5: ba5f0f6347780c2ed911bbf888e75bef
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ALSysIO.sys
-  Product: ALSysIO
-  ProductVersion: 2.0.9.0
-  Publisher: Artur Liberman
-  RichPEHeaderHash:
-    MD5: fa032a9e33f5f3a4125cfa9c178850f9
-    SHA1: 2956abd1741d40b754a0c26100d60415591fd887
-    SHA256: 0d234a1913ceeac6a2072152698734f7ae25cadb077db00d1a78b5bf376bac77
-  SHA1: f02af84393e9627ba808d4159841854a6601cf80
-  SHA256: 7f375639a0df7fe51e5518cf87c3f513c55bc117db47d28da8c615642eb18bfa
-  Sections:
-    .text:
-      Entropy: 6.118126498568242
-      Virtual Size: '0x2f95'
-    .rdata:
-      Entropy: 4.334329395963305
-      Virtual Size: '0x4bc'
-    .data:
-      Entropy: 0.5401996588023142
-      Virtual Size: '0x19c'
-    .pdata:
-      Entropy: 4.014945953829912
-      Virtual Size: '0x1d4'
-    INIT:
-      Entropy: 5.0865478764498455
-      Virtual Size: '0x3f0'
-    .rsrc:
-      Entropy: 3.2944352172701143
-      Virtual Size: '0x388'
-  Signature:
-  - Artur Liberman
-  - GlobalSign CodeSigning CA - G2
-  - GlobalSign Root CA - R1
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Timestamping CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2028-01-28 12:00:00'
-      Signature: 4e5e56901e46b4d94931f3bb1739281bc216ddfd41dc0905049b6fb2a29ad6992e40990055b5ea3fa52076d38634d417cc553ac782eeefa8babcd8069f1550dfcd167b523a02d7191afdaff0785ce04bc518df3a241edaacb8a95804020730dbb0125efe31bef00448f4f070f83a5e5683cf3dfb0dbcf4c5ed979db9d4dba52784e3389b8ba735864420a43b6da46a0ba183fd28ebdaef28f6cc885dfb0a3b00abe021ebe22f356c0f8e344597eba2f79933357ecb9a8abb454de73f9fc2d98afa65b26ec77e65ffe892e12c31a2f7b02736488f266f3bee4d761f79c3e57f9635bc2d0ecc01b08e7fff518080a792d4b34446648c874f166307314b63b0dff3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee152d7
-      Version: 3
-      TBS:
-        MD5: e140543fe3256027cfa79fc3c19c1776
-        SHA1: c655f94eb1ecc93de319fc0c9a2dc6c5ec063728
-        SHA256: 3ca71e85908ff67368e4dc00253f5691b9e6d50c966e7784143d75fb92aa3448
-        SHA384: d9d366f9328f2b55ee19a32cc5fd5148b81d764282fe5dc196c872ae249caa51d2c212ef39f33945dfe0cda81925e326
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=IL, CN=Artur Liberman
-      ValidFrom: '2013-03-05 15:18:55'
-      ValidTo: '2016-03-05 15:18:55'
-      Signature: affd93f5b3dc4e5d57868f2bdf7f88bc14dd94c0de331f2d4fb4712dd259d5636f7c0d06595fec79e3311d63ac012ed643277e63015bc7c87c904efb57e44eef681019638adb464e96dd90f71eee2122664c7e809b11624b1b5e472ed28d55196cfd6d1eeedaa6c1e93a9540675a8047caee8a153cecb97db6ad807061634c8989e44a66675d71ed68cf2261592b3c49e35d111f9c4f3eb290fde4830a92c4d88e65914f5b8c5133138f11ecc6d07c47499016a43ea5fca364f560db7b38337959455928e8ec7940e26dab3f33547b05c6bc73868eb5cb8473dba3f006f07638aa7c29f933d5479f33f611ab8af56350e50254b9de2bfa4be289d0d1abc2133d
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112124a45abbf7c551deb213b28633c3dcad
-      Version: 3
-      TBS:
-        MD5: 56627e70a0b871843f4c3244885a29b2
-        SHA1: 7425308f88b4b3d59f4f15c5b9399ee445142f85
-        SHA256: 8e1fcd00db7895ff671e93e4e92a98d902ee2afa2c46e0548b3c1bca605b54f0
-        SHA384: 1f0906f566cd9e09ccfa4b5cd6a10ce17755725f49764cd2ca7437a5bd26b7ef970136fb87880814554c3fd4e640aae9
-    - Subject: C=SG, O=GMO GlobalSign Pte Ltd, CN=GlobalSign TSA for MS Authenticode
-        , G2
-      ValidFrom: '2015-02-03 00:00:00'
-      ValidTo: '2026-03-03 00:00:00'
-      Signature: 8032dc078d1ca09c9d3c2ae83d218b59a14d7ecc44ce03be7eaabcc4e67b73bb4bf188da904e7537283863b9d72b0f54a956ce7739973073cd9bd9d905451c8da4b8035d4fd91c2e98e0e988e6ecd7057e562a7bf7165ba3ad8f972512841bb25c634a0ad2ef10544782843569289c0ce41f141624fa75dc74726e4ecae36a43afcf7d3648d1bde906912c2fa6c871fdcfbdd89d2198fcafdbde228cafa7f377ef9ddca3704b441af078851ef2a58c39b5dc881c37edad14f5070b26bdbe6d025eb1b8b0586c853a0df6ff5a270cc5de53e7543c564cc94e4c30f6f25cfb1a8cc282bead5991f61b4d557bcf5b01dcfd7ad36f235c32479b01f3c15114468a9b
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112106a081d33fd87ae5824cc16b52094e03
-      Version: 3
-      TBS:
-        MD5: a0ac4d48fe852f7b3ed4e623d59a825f
-        SHA1: d4db9846bc4d7db142eeb364286f6de7c102420c
-        SHA256: 78d2e41a13eb4e9171bae2d2adb192cf39210b5231f77cda936bcfbe8c003bdf
-        SHA384: 990ed96dca5979deeedc98a012279f04efb5559d7e7f5084a12f3802ee9439326557aecefd081cff739b78515b5d7f50
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2011-04-15 19:55:08'
-      ValidTo: '2021-04-15 20:05:08'
-      Signature: 5ff8d065746a81c6a6ca5b03b6914ae84bbdef2ba142f0efb4a5adcd3389ec0b9585ac62501108aa58d25aa08310e5a6337af25af2c5fe787cf09c83df190ad97396002dd62ccde914d41d9de83f3c1a76f7904efb01350a6c9313a0c356eb67a0e4d17a96dec267f190f80a7bf5321b94ec5f751f8d1b34da6c58a7cb2d279e2226b7c9aa30cc0777b836e38201b5393ccc8dd9a75f7f23b3877fdb5798918bd7ce2520e39d644fdd87f72b68490318e0a5df7c5f68644d36838d4781f2e9e0a869abfa7b163c05a449ea8830190a6c73055178dfd41ddd3ad47f2de44e54be83431e7a7433b4a4ebd77073bc2a02988966eef6bc8f749378e329025a5a43e258ce7ccf9acad236893be25fda26054ec8d4e72c910e1797c5beee8b13112323294ffa83d050f6bafad53db3173df4ff034aa325dce67561d1fa35086bd62744d068b78d45e0eb852cc8a15d614474160e5958aed2b5eea5bcd6d7076ab62978fd976767dd8d4f17944fd2ed0caf972437c3a29c81da6be143b6577b4cecbf791319e79fe844e94781b75e701e91f83dd17b27f50b7056434805dda92fab86101d0b12e31ad04c6e75ded645b30b748887935c564a41029af7aeb799d8b67f88fa11f2457cf4d71b91c01cf1a0fbd4080a411a142acef4eb34486e66879ed54b7a397fbb0e3d3861cf735706e412066bd96b5308cd7018c22d4f974691bca9f0
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 6129152700000000002a
-      Version: 3
-      TBS:
-        MD5: 0bb058d116f02817737920f112d9fd3b
-        SHA1: fd116235171a4feafedee586b7a59185fb5fd7e6
-        SHA256: f970426cc46d2ae0fc5f899fa19dbe76e05f07e525654c60c3c9399492c291f4
-        SHA384: c0df876be008c26ca407fe904e6f5e7ccded17f9c16830ce9f8022309c9e64c97f494810f152811ae43e223b82ad7cc6
-    Signer:
-    - SerialNumber: 112124a45abbf7c551deb213b28633c3dcad
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 82f5b92ccd99d13f4dd6ed6aaf0441bc
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 7b9763c297936ce055a04790362cc75f
-    SHA1: 530dd2863a09dc57801d62551c48eb9e48476fe8
-    SHA256: 1c55b6620216c195ce24ef21e6ab7e181146fccf17c06606c4cd419fe3e45bd7
-  Company: Arthur Liberman
-  Copyright: Copyright (C) 2003-2019 Arthur Liberman
-  CreationTimestamp: '2019-02-01 10:48:41'
-  Date: ''
-  Description: ALSysIO64
-  ExportedFunctions: ''
-  FileVersion: 2.0.11.0
-  Filename: ALSysIO64.sys
-  ImportedFunctions:
-  - IoDeleteDevice
-  - ZwClose
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - IoBuildDeviceIoControlRequest
-  - RtlAnsiStringToUnicodeString
-  - MmGetSystemRoutineAddress
-  - KeInitializeEvent
-  - RtlInitAnsiString
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - KeWaitForSingleObject
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - RtlInitUnicodeString
-  - IofCallDriver
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - KeLeaveCriticalRegion
-  - strstr
-  - MmUnmapIoSpace
-  - KeEnterCriticalRegion
-  - MmMapIoSpace
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - KeBugCheckEx
-  - __C_specific_handler
-  - DbgPrint
-  - IoDeleteSymbolicLink
-  - HalGetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ALSysIO64.sys
-  MD5: afc2448b4080f695e76e059a96958cab
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ALSysIO64.sys
-  Product: ALSysIO64
-  ProductVersion: 2.0.11.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: b5b5bc6c59d1c8f098299b0c74a28bcd
-    SHA1: c8f81a0224ea38ce7ac7d94c4259693c4fe5a88c
-    SHA256: e9a21989acb90615e4ceece63e354a938056341eef27c69a1f174e2a11bc72cd
-  SHA1: 256d285347acd715ed8920e41e5ec928ae9201a8
-  SHA256: 119c48b79735fda0ecd973d77d9bdc6b329960caed09b38ab454236ca039d280
-  Sections:
-    .text:
-      Entropy: 6.094646886255092
-      Virtual Size: '0x3025'
-    .rdata:
-      Entropy: 4.4005847545275065
-      Virtual Size: '0x554'
-    .data:
-      Entropy: 0.5086871497841102
-      Virtual Size: '0x1ac'
-    .pdata:
-      Entropy: 4.077679652832968
-      Virtual Size: '0x1e0'
-    PAGE:
-      Entropy: 5.694732552989121
-      Virtual Size: '0x178'
-    INIT:
-      Entropy: 5.16258604036066
-      Virtual Size: '0x49c'
-    .rsrc:
-      Entropy: 3.3268549437522807
-      Virtual Size: '0x3a0'
-    .reloc:
-      Entropy: 1.584962500721156
-      Virtual Size: '0xc'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: ??=IL, ??=Business Entity, serialNumber=307609677, C=IL, L=Ramat Gan,
-        O=ALCPU (Arthur Liberman), CN=ALCPU (Arthur Liberman)
-      ValidFrom: '2017-06-23 00:00:00'
-      ValidTo: '2019-12-31 12:00:00'
-      Signature: 56c962d4f516afe5fef5e2e0cc61d68e55253304491c860d686c4efb87705d2bffe8a76f5eac43cd653b71e33ea5ea4b271ba172274bc9dd56b2f4080b5ccdd5e9fabb0aafc281ff8eff90238fe3ac8c1ad0dade04b1fdba18c56f692db61d9c62111866bd91d9212548622002faf0858452e484e272798446ba1afe0667846a532734e12b891a69d27f1e46e241093893f3eb132af927f2c01dc2f420061e29485a84deec9aca85d2b7bd469343764ccd2e70b76bb3845017d600ab5724e2ddf6963ce1e4d94dc19f40aa8f1ee96c2ad17a7c315b9cf7c636436ae3b91524266d3aa917b590cd4ee8e8967e82cbafebb31b5c6f7905c5a21752ef1e6b453ed6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0fd092438045aa3e667a4952fd8e429a
-      Version: 3
-      TBS:
-        MD5: c93e319e441fcfedcf9f02f39d65a2fa
-        SHA1: c74ae2671c17ebd0cf2f0177e687f747b1f05de8
-        SHA256: 8eafc0fd89cba2f9ae664cb54e0b4e6d95d4802b63935cf570faec91e1081438
-        SHA384: 1d3b4464030e4d3e948d351965a7c7859456c7d042720fb53991a07d1da135ac0c711b1922c72b2f6d81b8c8f4f8c7a3
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA
-      ValidFrom: '2012-04-18 12:00:00'
-      ValidTo: '2027-04-18 12:00:00'
-      Signature: 9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0dd0e3374ac95bdbfa6b434b2a48ec06
-      Version: 3
-      TBS:
-        MD5: f92649915476229b093c211c2b18e6c4
-        SHA1: 2d54c16a8f8b69ccdea48d0603c132f547a5cf75
-        SHA256: 2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
-        SHA384: 511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 0fd092438045aa3e667a4952fd8e429a
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA
-      Version: 1
-  Imphash: 2f7ea575cf15da16c8f117eee37046d8
-  LoadsDespiteHVCI: 'TRUE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create ALSysIO64.sys binPath=C:\windows\temp\ALSysIO64.sys type=kernel
+        && sc.exe start ALSysIO64.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://github.com/namazso/physmem_drivers
-Tags:
-- ALSysIO64.sys
-Verified: 'TRUE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/7196187fb1ef8d108b380d37b2af8efdeb3ca1f6eefd37b5dc114c609147216d.yara
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/7f375639a0df7fe51e5518cf87c3f513c55bc117db47d28da8c615642eb18bfa.yara
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/119c48b79735fda0ecd973d77d9bdc6b329960caed09b38ab454236ca039d280.yara
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 86be5dbedcfcd517b9b602436cd985eb
+        SHA1: 7a9981f1bca18e2f624fe806c753a14dfd970c4e
+        SHA256: ca829178d01990c8d1d6a681dee074a53f0dd873fd8eef6f6161c682449ec8c5
+    Company: Arthur Liberman
+    Copyright: Copyright (C) 2003-2009 Arthur Liberman
+    CreationTimestamp: '2013-03-05 14:50:34'
+    Date: ''
+    Description: ALSysIO
+    ExportedFunctions: ''
+    FileVersion: 2.0.8.0
+    Filename: ALSysIO64.sys
+    ImportedFunctions:
+    - IoDeleteDevice
+    - ZwClose
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - IoBuildDeviceIoControlRequest
+    - RtlAnsiStringToUnicodeString
+    - MmGetSystemRoutineAddress
+    - KeInitializeEvent
+    - RtlInitAnsiString
+    - RtlFreeUnicodeString
+    - RtlInitUnicodeString
+    - KeWaitForSingleObject
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - DbgPrint
+    - IofCallDriver
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - strstr
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - KeBugCheckEx
+    - IoGetDeviceObjectPointer
+    - IoDeleteSymbolicLink
+    - RtlUnwindEx
+    - HalGetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ALSysIO.sys
+    MD5: 13dda15ef67eb265869fc371c72d6ef0
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ALSysIO.sys
+    Product: ALSysIO
+    ProductVersion: 2.0.8.0
+    Publisher: Artur Liberman
+    RichPEHeaderHash:
+        MD5: fa032a9e33f5f3a4125cfa9c178850f9
+        SHA1: 2956abd1741d40b754a0c26100d60415591fd887
+        SHA256: 0d234a1913ceeac6a2072152698734f7ae25cadb077db00d1a78b5bf376bac77
+    SHA1: 2f991435a6f58e25c103a657d24ed892b99690b8
+    SHA256: 7196187fb1ef8d108b380d37b2af8efdeb3ca1f6eefd37b5dc114c609147216d
+    Sections:
+        .text:
+            Entropy: 6.095274875783498
+            Virtual Size: '0x3389'
+        .rdata:
+            Entropy: 4.296371217977882
+            Virtual Size: '0x554'
+        .data:
+            Entropy: 0.5524918135800905
+            Virtual Size: '0x184'
+        .pdata:
+            Entropy: 4.0236239083842475
+            Virtual Size: '0x24c'
+        INIT:
+            Entropy: 5.135904026607732
+            Virtual Size: '0x3f0'
+        .rsrc:
+            Entropy: 3.2958125541040038
+            Virtual Size: '0x388'
+    Signature:
+    - Artur Liberman
+    - GlobalSign CodeSigning CA - G2
+    - GlobalSign Root CA - R1
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: OU=Timestamping CA, O=GlobalSign, CN=GlobalSign Timestamping
+                CA
+            ValidFrom: '2009-03-18 11:00:00'
+            ValidTo: '2028-01-28 12:00:00'
+            Signature: 5df6cb2b0d0140849f857a43706ae0c5e7aa0600d76713c9089131654f14a8a905dc389e6aa0300abd8dc78028ee4245ca94f3de5845a9803204f5595c6a70003927944df5b44634e81c5331b2b35416e9cc42abd5d959301cfb462725b88723b1e8758824831ec876377b01494548a4ede25dd27c9ca2dc2dba105a126265abae00c710343bcb72bd14240cdcc37627b4a7fee15829f20e169f91391d89a6e60f1c878ce258ac927e243eaaec14e73a33348bc63bac83ab0f14627aba1a2d4d4b1bc530f00b92797d3c78e0f8e6d215965999392b3061e8b8f8c0a1e9221411787dc4dc89bec0bb94e172aeebb540404fef171e585ed0a88996ac9228e9babf
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012019c19066
+            Version: 3
+            TBS:
+                MD5: 42023b9487cafe46c1b6a49c369a362e
+                SHA1: 7c7b524d269334b9f073c32e888e09544c6acd98
+                SHA256: b7126567833f3daa4085ff41e73112daad3d1e3808a942c1936520e2d6c46c78
+                SHA384: 0ee4f63d6f157ec4f6990c3ebb411ccd76cb1e2123c7f692459e43f96c0da2dbf60a2bce6afeacc60621d3055028baea
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=BE, O=GlobalSign NV, CN=GlobalSign Time Stamping Authority
+            ValidFrom: '2009-12-21 09:32:56'
+            ValidTo: '2020-12-22 09:32:56'
+            Signature: bc89ecfee63655935c79d4117a86808f17b693b26d9b91a1561811c655eaf608edad9b9ef52b81c8bbdd607b1b47991e6d403e1d80c213d58e04052fdbe7ae529e688472a1e54a603cf89bd52f46d8c3b2b79353ac9b6c432424d1f1fce9562e3411581843eaefff34746ca0c06c7fad031969881e9560cabbbd0cbb76efc724b081c63831cf36ad0c38b89020849b2e8f28b99ff6ca9427cdac396157e0e3955a9c769230f5dea6973d721c2a6032a8334d8635338a5cf3a4fdf7062ce16b4b30f5cbd34362f841b9de7d20cb058c8e2cf65f35fd338d42896508362ca389f45a858bb0b97bdb6ccba1f8d20e1bbb977cd12779be9d7c3be6a75634d8c991a9
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 01000000000125b0b4cc01
+            Version: 3
+            TBS:
+                MD5: e3369c8e5aec0504b3a50455f615d9f9
+                SHA1: 13c244a894b40ecd18aaf97c362f20385bd005a7
+                SHA256: 26da721a670c72836926032fee6920118bfb9bff89cc8d0ce30d9452c33f2532
+                SHA384: 1524902f0e25addc6d74039d439366d2b06199e215004fd8e145369f50ea94a021ce6312e8a62b35470da0309ccb975c
+        -   Subject: C=IL, CN=Artur Liberman
+            ValidFrom: '2013-03-05 15:18:55'
+            ValidTo: '2016-03-05 15:18:55'
+            Signature: affd93f5b3dc4e5d57868f2bdf7f88bc14dd94c0de331f2d4fb4712dd259d5636f7c0d06595fec79e3311d63ac012ed643277e63015bc7c87c904efb57e44eef681019638adb464e96dd90f71eee2122664c7e809b11624b1b5e472ed28d55196cfd6d1eeedaa6c1e93a9540675a8047caee8a153cecb97db6ad807061634c8989e44a66675d71ed68cf2261592b3c49e35d111f9c4f3eb290fde4830a92c4d88e65914f5b8c5133138f11ecc6d07c47499016a43ea5fca364f560db7b38337959455928e8ec7940e26dab3f33547b05c6bc73868eb5cb8473dba3f006f07638aa7c29f933d5479f33f611ab8af56350e50254b9de2bfa4be289d0d1abc2133d
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112124a45abbf7c551deb213b28633c3dcad
+            Version: 3
+            TBS:
+                MD5: 56627e70a0b871843f4c3244885a29b2
+                SHA1: 7425308f88b4b3d59f4f15c5b9399ee445142f85
+                SHA256: 8e1fcd00db7895ff671e93e4e92a98d902ee2afa2c46e0548b3c1bca605b54f0
+                SHA384: 1f0906f566cd9e09ccfa4b5cd6a10ce17755725f49764cd2ca7437a5bd26b7ef970136fb87880814554c3fd4e640aae9
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2011-04-15 19:55:08'
+            ValidTo: '2021-04-15 20:05:08'
+            Signature: 5ff8d065746a81c6a6ca5b03b6914ae84bbdef2ba142f0efb4a5adcd3389ec0b9585ac62501108aa58d25aa08310e5a6337af25af2c5fe787cf09c83df190ad97396002dd62ccde914d41d9de83f3c1a76f7904efb01350a6c9313a0c356eb67a0e4d17a96dec267f190f80a7bf5321b94ec5f751f8d1b34da6c58a7cb2d279e2226b7c9aa30cc0777b836e38201b5393ccc8dd9a75f7f23b3877fdb5798918bd7ce2520e39d644fdd87f72b68490318e0a5df7c5f68644d36838d4781f2e9e0a869abfa7b163c05a449ea8830190a6c73055178dfd41ddd3ad47f2de44e54be83431e7a7433b4a4ebd77073bc2a02988966eef6bc8f749378e329025a5a43e258ce7ccf9acad236893be25fda26054ec8d4e72c910e1797c5beee8b13112323294ffa83d050f6bafad53db3173df4ff034aa325dce67561d1fa35086bd62744d068b78d45e0eb852cc8a15d614474160e5958aed2b5eea5bcd6d7076ab62978fd976767dd8d4f17944fd2ed0caf972437c3a29c81da6be143b6577b4cecbf791319e79fe844e94781b75e701e91f83dd17b27f50b7056434805dda92fab86101d0b12e31ad04c6e75ded645b30b748887935c564a41029af7aeb799d8b67f88fa11f2457cf4d71b91c01cf1a0fbd4080a411a142acef4eb34486e66879ed54b7a397fbb0e3d3861cf735706e412066bd96b5308cd7018c22d4f974691bca9f0
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 6129152700000000002a
+            Version: 3
+            TBS:
+                MD5: 0bb058d116f02817737920f112d9fd3b
+                SHA1: fd116235171a4feafedee586b7a59185fb5fd7e6
+                SHA256: f970426cc46d2ae0fc5f899fa19dbe76e05f07e525654c60c3c9399492c291f4
+                SHA384: c0df876be008c26ca407fe904e6f5e7ccded17f9c16830ce9f8022309c9e64c97f494810f152811ae43e223b82ad7cc6
+        Signer:
+        -   SerialNumber: 112124a45abbf7c551deb213b28633c3dcad
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 82f5b92ccd99d13f4dd6ed6aaf0441bc
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 966e1c16e1aa07044b733c5589f40fd7
+        SHA1: 7027b399daf84a7c24dd010c2806bf6048a230bd
+        SHA256: ac22a7cce3795e58c974056a86a06444e831d52185f9f37db88c65e14cd5bb75
+    Company: Arthur Liberman
+    Copyright: Copyright (C) 2003-2009 Arthur Liberman
+    CreationTimestamp: '2016-02-19 15:24:23'
+    Date: ''
+    Description: ALSysIO
+    ExportedFunctions: ''
+    FileVersion: 2.0.9.0
+    Filename: ALSysIO64.sys
+    ImportedFunctions:
+    - IoDeleteDevice
+    - ZwClose
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - IoBuildDeviceIoControlRequest
+    - RtlAnsiStringToUnicodeString
+    - MmGetSystemRoutineAddress
+    - KeInitializeEvent
+    - RtlInitAnsiString
+    - RtlFreeUnicodeString
+    - RtlInitUnicodeString
+    - KeWaitForSingleObject
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - DbgPrint
+    - IofCallDriver
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - strstr
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - KeBugCheckEx
+    - IoGetDeviceObjectPointer
+    - IoDeleteSymbolicLink
+    - RtlUnwindEx
+    - HalGetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ALSysIO.sys
+    MD5: ba5f0f6347780c2ed911bbf888e75bef
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ALSysIO.sys
+    Product: ALSysIO
+    ProductVersion: 2.0.9.0
+    Publisher: Artur Liberman
+    RichPEHeaderHash:
+        MD5: fa032a9e33f5f3a4125cfa9c178850f9
+        SHA1: 2956abd1741d40b754a0c26100d60415591fd887
+        SHA256: 0d234a1913ceeac6a2072152698734f7ae25cadb077db00d1a78b5bf376bac77
+    SHA1: f02af84393e9627ba808d4159841854a6601cf80
+    SHA256: 7f375639a0df7fe51e5518cf87c3f513c55bc117db47d28da8c615642eb18bfa
+    Sections:
+        .text:
+            Entropy: 6.118126498568242
+            Virtual Size: '0x2f95'
+        .rdata:
+            Entropy: 4.334329395963305
+            Virtual Size: '0x4bc'
+        .data:
+            Entropy: 0.5401996588023142
+            Virtual Size: '0x19c'
+        .pdata:
+            Entropy: 4.014945953829912
+            Virtual Size: '0x1d4'
+        INIT:
+            Entropy: 5.0865478764498455
+            Virtual Size: '0x3f0'
+        .rsrc:
+            Entropy: 3.2944352172701143
+            Virtual Size: '0x388'
+    Signature:
+    - Artur Liberman
+    - GlobalSign CodeSigning CA - G2
+    - GlobalSign Root CA - R1
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Timestamping CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2028-01-28 12:00:00'
+            Signature: 4e5e56901e46b4d94931f3bb1739281bc216ddfd41dc0905049b6fb2a29ad6992e40990055b5ea3fa52076d38634d417cc553ac782eeefa8babcd8069f1550dfcd167b523a02d7191afdaff0785ce04bc518df3a241edaacb8a95804020730dbb0125efe31bef00448f4f070f83a5e5683cf3dfb0dbcf4c5ed979db9d4dba52784e3389b8ba735864420a43b6da46a0ba183fd28ebdaef28f6cc885dfb0a3b00abe021ebe22f356c0f8e344597eba2f79933357ecb9a8abb454de73f9fc2d98afa65b26ec77e65ffe892e12c31a2f7b02736488f266f3bee4d761f79c3e57f9635bc2d0ecc01b08e7fff518080a792d4b34446648c874f166307314b63b0dff3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee152d7
+            Version: 3
+            TBS:
+                MD5: e140543fe3256027cfa79fc3c19c1776
+                SHA1: c655f94eb1ecc93de319fc0c9a2dc6c5ec063728
+                SHA256: 3ca71e85908ff67368e4dc00253f5691b9e6d50c966e7784143d75fb92aa3448
+                SHA384: d9d366f9328f2b55ee19a32cc5fd5148b81d764282fe5dc196c872ae249caa51d2c212ef39f33945dfe0cda81925e326
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=IL, CN=Artur Liberman
+            ValidFrom: '2013-03-05 15:18:55'
+            ValidTo: '2016-03-05 15:18:55'
+            Signature: affd93f5b3dc4e5d57868f2bdf7f88bc14dd94c0de331f2d4fb4712dd259d5636f7c0d06595fec79e3311d63ac012ed643277e63015bc7c87c904efb57e44eef681019638adb464e96dd90f71eee2122664c7e809b11624b1b5e472ed28d55196cfd6d1eeedaa6c1e93a9540675a8047caee8a153cecb97db6ad807061634c8989e44a66675d71ed68cf2261592b3c49e35d111f9c4f3eb290fde4830a92c4d88e65914f5b8c5133138f11ecc6d07c47499016a43ea5fca364f560db7b38337959455928e8ec7940e26dab3f33547b05c6bc73868eb5cb8473dba3f006f07638aa7c29f933d5479f33f611ab8af56350e50254b9de2bfa4be289d0d1abc2133d
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112124a45abbf7c551deb213b28633c3dcad
+            Version: 3
+            TBS:
+                MD5: 56627e70a0b871843f4c3244885a29b2
+                SHA1: 7425308f88b4b3d59f4f15c5b9399ee445142f85
+                SHA256: 8e1fcd00db7895ff671e93e4e92a98d902ee2afa2c46e0548b3c1bca605b54f0
+                SHA384: 1f0906f566cd9e09ccfa4b5cd6a10ce17755725f49764cd2ca7437a5bd26b7ef970136fb87880814554c3fd4e640aae9
+        -   Subject: C=SG, O=GMO GlobalSign Pte Ltd, CN=GlobalSign TSA for MS Authenticode
+                , G2
+            ValidFrom: '2015-02-03 00:00:00'
+            ValidTo: '2026-03-03 00:00:00'
+            Signature: 8032dc078d1ca09c9d3c2ae83d218b59a14d7ecc44ce03be7eaabcc4e67b73bb4bf188da904e7537283863b9d72b0f54a956ce7739973073cd9bd9d905451c8da4b8035d4fd91c2e98e0e988e6ecd7057e562a7bf7165ba3ad8f972512841bb25c634a0ad2ef10544782843569289c0ce41f141624fa75dc74726e4ecae36a43afcf7d3648d1bde906912c2fa6c871fdcfbdd89d2198fcafdbde228cafa7f377ef9ddca3704b441af078851ef2a58c39b5dc881c37edad14f5070b26bdbe6d025eb1b8b0586c853a0df6ff5a270cc5de53e7543c564cc94e4c30f6f25cfb1a8cc282bead5991f61b4d557bcf5b01dcfd7ad36f235c32479b01f3c15114468a9b
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112106a081d33fd87ae5824cc16b52094e03
+            Version: 3
+            TBS:
+                MD5: a0ac4d48fe852f7b3ed4e623d59a825f
+                SHA1: d4db9846bc4d7db142eeb364286f6de7c102420c
+                SHA256: 78d2e41a13eb4e9171bae2d2adb192cf39210b5231f77cda936bcfbe8c003bdf
+                SHA384: 990ed96dca5979deeedc98a012279f04efb5559d7e7f5084a12f3802ee9439326557aecefd081cff739b78515b5d7f50
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2011-04-15 19:55:08'
+            ValidTo: '2021-04-15 20:05:08'
+            Signature: 5ff8d065746a81c6a6ca5b03b6914ae84bbdef2ba142f0efb4a5adcd3389ec0b9585ac62501108aa58d25aa08310e5a6337af25af2c5fe787cf09c83df190ad97396002dd62ccde914d41d9de83f3c1a76f7904efb01350a6c9313a0c356eb67a0e4d17a96dec267f190f80a7bf5321b94ec5f751f8d1b34da6c58a7cb2d279e2226b7c9aa30cc0777b836e38201b5393ccc8dd9a75f7f23b3877fdb5798918bd7ce2520e39d644fdd87f72b68490318e0a5df7c5f68644d36838d4781f2e9e0a869abfa7b163c05a449ea8830190a6c73055178dfd41ddd3ad47f2de44e54be83431e7a7433b4a4ebd77073bc2a02988966eef6bc8f749378e329025a5a43e258ce7ccf9acad236893be25fda26054ec8d4e72c910e1797c5beee8b13112323294ffa83d050f6bafad53db3173df4ff034aa325dce67561d1fa35086bd62744d068b78d45e0eb852cc8a15d614474160e5958aed2b5eea5bcd6d7076ab62978fd976767dd8d4f17944fd2ed0caf972437c3a29c81da6be143b6577b4cecbf791319e79fe844e94781b75e701e91f83dd17b27f50b7056434805dda92fab86101d0b12e31ad04c6e75ded645b30b748887935c564a41029af7aeb799d8b67f88fa11f2457cf4d71b91c01cf1a0fbd4080a411a142acef4eb34486e66879ed54b7a397fbb0e3d3861cf735706e412066bd96b5308cd7018c22d4f974691bca9f0
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 6129152700000000002a
+            Version: 3
+            TBS:
+                MD5: 0bb058d116f02817737920f112d9fd3b
+                SHA1: fd116235171a4feafedee586b7a59185fb5fd7e6
+                SHA256: f970426cc46d2ae0fc5f899fa19dbe76e05f07e525654c60c3c9399492c291f4
+                SHA384: c0df876be008c26ca407fe904e6f5e7ccded17f9c16830ce9f8022309c9e64c97f494810f152811ae43e223b82ad7cc6
+        Signer:
+        -   SerialNumber: 112124a45abbf7c551deb213b28633c3dcad
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 82f5b92ccd99d13f4dd6ed6aaf0441bc
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 7b9763c297936ce055a04790362cc75f
+        SHA1: 530dd2863a09dc57801d62551c48eb9e48476fe8
+        SHA256: 1c55b6620216c195ce24ef21e6ab7e181146fccf17c06606c4cd419fe3e45bd7
+    Company: Arthur Liberman
+    Copyright: Copyright (C) 2003-2019 Arthur Liberman
+    CreationTimestamp: '2019-02-01 10:48:41'
+    Date: ''
+    Description: ALSysIO64
+    ExportedFunctions: ''
+    FileVersion: 2.0.11.0
+    Filename: ALSysIO64.sys
+    ImportedFunctions:
+    - IoDeleteDevice
+    - ZwClose
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - IoBuildDeviceIoControlRequest
+    - RtlAnsiStringToUnicodeString
+    - MmGetSystemRoutineAddress
+    - KeInitializeEvent
+    - RtlInitAnsiString
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - KeWaitForSingleObject
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - RtlInitUnicodeString
+    - IofCallDriver
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - KeLeaveCriticalRegion
+    - strstr
+    - MmUnmapIoSpace
+    - KeEnterCriticalRegion
+    - MmMapIoSpace
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - KeBugCheckEx
+    - __C_specific_handler
+    - DbgPrint
+    - IoDeleteSymbolicLink
+    - HalGetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ALSysIO64.sys
+    MD5: afc2448b4080f695e76e059a96958cab
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ALSysIO64.sys
+    Product: ALSysIO64
+    ProductVersion: 2.0.11.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: b5b5bc6c59d1c8f098299b0c74a28bcd
+        SHA1: c8f81a0224ea38ce7ac7d94c4259693c4fe5a88c
+        SHA256: e9a21989acb90615e4ceece63e354a938056341eef27c69a1f174e2a11bc72cd
+    SHA1: 256d285347acd715ed8920e41e5ec928ae9201a8
+    SHA256: 119c48b79735fda0ecd973d77d9bdc6b329960caed09b38ab454236ca039d280
+    Sections:
+        .text:
+            Entropy: 6.094646886255092
+            Virtual Size: '0x3025'
+        .rdata:
+            Entropy: 4.4005847545275065
+            Virtual Size: '0x554'
+        .data:
+            Entropy: 0.5086871497841102
+            Virtual Size: '0x1ac'
+        .pdata:
+            Entropy: 4.077679652832968
+            Virtual Size: '0x1e0'
+        PAGE:
+            Entropy: 5.694732552989121
+            Virtual Size: '0x178'
+        INIT:
+            Entropy: 5.16258604036066
+            Virtual Size: '0x49c'
+        .rsrc:
+            Entropy: 3.3268549437522807
+            Virtual Size: '0x3a0'
+        .reloc:
+            Entropy: 1.584962500721156
+            Virtual Size: '0xc'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: ??=IL, ??=Business Entity, serialNumber=307609677, C=IL, L=Ramat
+                Gan, O=ALCPU (Arthur Liberman), CN=ALCPU (Arthur Liberman)
+            ValidFrom: '2017-06-23 00:00:00'
+            ValidTo: '2019-12-31 12:00:00'
+            Signature: 56c962d4f516afe5fef5e2e0cc61d68e55253304491c860d686c4efb87705d2bffe8a76f5eac43cd653b71e33ea5ea4b271ba172274bc9dd56b2f4080b5ccdd5e9fabb0aafc281ff8eff90238fe3ac8c1ad0dade04b1fdba18c56f692db61d9c62111866bd91d9212548622002faf0858452e484e272798446ba1afe0667846a532734e12b891a69d27f1e46e241093893f3eb132af927f2c01dc2f420061e29485a84deec9aca85d2b7bd469343764ccd2e70b76bb3845017d600ab5724e2ddf6963ce1e4d94dc19f40aa8f1ee96c2ad17a7c315b9cf7c636436ae3b91524266d3aa917b590cd4ee8e8967e82cbafebb31b5c6f7905c5a21752ef1e6b453ed6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0fd092438045aa3e667a4952fd8e429a
+            Version: 3
+            TBS:
+                MD5: c93e319e441fcfedcf9f02f39d65a2fa
+                SHA1: c74ae2671c17ebd0cf2f0177e687f747b1f05de8
+                SHA256: 8eafc0fd89cba2f9ae664cb54e0b4e6d95d4802b63935cf570faec91e1081438
+                SHA384: 1d3b4464030e4d3e948d351965a7c7859456c7d042720fb53991a07d1da135ac0c711b1922c72b2f6d81b8c8f4f8c7a3
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA
+            ValidFrom: '2012-04-18 12:00:00'
+            ValidTo: '2027-04-18 12:00:00'
+            Signature: 9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0dd0e3374ac95bdbfa6b434b2a48ec06
+            Version: 3
+            TBS:
+                MD5: f92649915476229b093c211c2b18e6c4
+                SHA1: 2d54c16a8f8b69ccdea48d0603c132f547a5cf75
+                SHA256: 2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
+                SHA384: 511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 0fd092438045aa3e667a4952fd8e429a
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA
+            Version: 1
+    Imphash: 2f7ea575cf15da16c8f117eee37046d8
+    LoadsDespiteHVCI: 'TRUE'
diff --git a/yaml/4db827b1-325b-444d-9f23-171285a4d12f.yaml b/yaml/4db827b1-325b-444d-9f23-171285a4d12f.yaml
index caf9fd4f1..c751b669a 100644
--- a/yaml/4db827b1-325b-444d-9f23-171285a4d12f.yaml
+++ b/yaml/4db827b1-325b-444d-9f23-171285a4d12f.yaml
@@ -1,218 +1,220 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 4db827b1-325b-444d-9f23-171285a4d12f
+Tags:
+- VProEventMonitor.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create VProEventMonitor.sys binPath=C:\windows\temp\VProEventMonitor.sys     type=kernel
-    && sc.exe start VProEventMonitor.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/7877c1b0e7429453b750218ca491c2825dae684ad9616642eff7b41715c70aca.yara
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: 4db827b1-325b-444d-9f23-171285a4d12f
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: ed01170d94a5e21d04b6d7212b53c994
-    SHA1: cbaa70aac878a389c8213a5bc0df830b1d5b4e04
-    SHA256: 9994990c02c37472625cc7b2255044feef9b73c08ca3a70c06861b7d26b27a25
-  Company: Symantec Corporation
-  Copyright: "Copyright \xA9 2007-2008 Symantec Corporation. All rights reserved."
-  CreationTimestamp: '2012-06-28 04:53:46'
-  Date: ''
-  Description: VProEventMonitor.Sys - Event Monitoring driver
-  ExportedFunctions: ''
-  FileVersion: 1.0.0.45708
-  Filename: VProEventMonitor.sys
-  ImportedFunctions:
-  - PsGetVersion
-  - strncmp
-  - ZwOpenProcess
-  - ExAcquireFastMutex
-  - IoCreateSymbolicLink
-  - PsLookupProcessByProcessId
-  - RtlCopyUnicodeString
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeSetEvent
-  - IoCreateNotificationEvent
-  - MmGetSystemRoutineAddress
-  - KeInitializeEvent
-  - PsSetCreateProcessNotifyRoutine
-  - ExAllocatePoolWithTag
-  - IoGetCurrentProcess
-  - KeClearEvent
-  - ZwClose
-  - IoDeleteSymbolicLink
-  - IofCompleteRequest
-  - ExFreePoolWithTag
-  - KeBugCheckEx
-  - DbgPrint
-  - ExReleaseFastMutex
-  - KeQueryPerformanceCounter
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: VProEventMonitor.Sys
-  MD5: cd9f0fcecf1664facb3671c0130dc8bb
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: VProEventMonitor.Sys
-  Product: Symantec Event Monitors Driver Development Edition
-  ProductVersion: 1.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: c492fc6302ba1d302ecd17b883170218
-    SHA1: fda9d8e10686fb6d1e1edb93de5fa0b62f27e9ee
-    SHA256: 62f2e4d85e08eb2e44b09df13add2fd672b667877575c2f1a10ba1586d8b0e53
-  SHA1: 0c26ab1299adcd9a385b541ef1653728270aa23e
-  SHA256: 7877c1b0e7429453b750218ca491c2825dae684ad9616642eff7b41715c70aca
-  Sections:
-    .text:
-      Entropy: 6.390530381204556
-      Virtual Size: '0x1eba'
-    .rdata:
-      Entropy: 4.396653063344109
-      Virtual Size: '0x22c'
-    .data:
-      Entropy: 0.7805204809539781
-      Virtual Size: '0x194'
-    .pdata:
-      Entropy: 3.454144073130144
-      Virtual Size: '0x78'
-    INIT:
-      Entropy: 4.914325578266425
-      Virtual Size: '0x3d4'
-    .rsrc:
-      Entropy: 3.325918842448171
-      Virtual Size: '0x540'
-  Signature:
-  - Symantec Corporation
-  - VeriSign Class 3 Code Signing 2010 CA
-  - VeriSign
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G3
-      ValidFrom: '2012-05-01 00:00:00'
-      ValidTo: '2012-12-31 23:59:59'
-      Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
-      Version: 3
-      TBS:
-        MD5: e6d820afb23af20a65cf0b03247ea05e
-        SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
-        SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
-        SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, ST=Florida, L=Heathrow, O=Symantec Corporation, OU=IMG, OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, CN=Symantec Corporation
-      ValidFrom: '2011-09-09 00:00:00'
-      ValidTo: '2013-09-08 23:59:59'
-      Signature: b154e1c0d7231a2eff64b32a8d6c1a4eafd117d03f922e305741da6dbaeaa49c7fd79fd0b661e0f14e0d024f38593ecc05ac3496282b270e4184f922fc06598620810f7e6af35b7103a8144c00d47e2482a5be8597525c6e310a3d715130a84c4e26711432b8bac4fff03ce800e45626b6e12c2bb71dc14d97ccd6f42f14279ef1be2544769927322e0e1885cedf22b2d69f239dddb538b8aa4de3e7a5e738e71a730386665ea73c7a43342f6046e9e7e92f4c5b58f143cf18760b7ab00fe76e45ac8bacf4c8d28895ed2851d906629b97f5362ff74bd56b563c454d08b8e2fb4b2b4203b8a17b1e1479fdcddcc1245a1d0b1696da579113bd5345b011db0093
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 7b00eb4233c0876e11580566d44735fe
-      Version: 3
-      TBS:
-        MD5: 0ea74c1d804f5fe5fe6ed67acb4af319
-        SHA1: cca391a27aee49e324789ab17802a63035334e7c
-        SHA256: f886b4da40c5db014715c590a626fed560ad1aba7187930416c6ac3ec39b6fc8
-        SHA384: ce0cb3641c31d4689fc31115f27de53948dbd10dea32a48137ecaff52dd649f28128f254f280bb31263d3f9200d6a7e5
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 7b00eb4233c0876e11580566d44735fe
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: c7f08aed5725fe6a53a62ebe354ff135
-  LoadsDespiteHVCI: 'TRUE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create VProEventMonitor.sys binPath=C:\windows\temp\VProEventMonitor.sys     type=kernel
+        && sc.exe start VProEventMonitor.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://github.com/namazso/physmem_drivers
-Tags:
-- VProEventMonitor.sys
-Verified: 'TRUE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/7877c1b0e7429453b750218ca491c2825dae684ad9616642eff7b41715c70aca.yara
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: ed01170d94a5e21d04b6d7212b53c994
+        SHA1: cbaa70aac878a389c8213a5bc0df830b1d5b4e04
+        SHA256: 9994990c02c37472625cc7b2255044feef9b73c08ca3a70c06861b7d26b27a25
+    Company: Symantec Corporation
+    Copyright: "Copyright \xA9 2007-2008 Symantec Corporation. All rights reserved."
+    CreationTimestamp: '2012-06-28 04:53:46'
+    Date: ''
+    Description: VProEventMonitor.Sys - Event Monitoring driver
+    ExportedFunctions: ''
+    FileVersion: 1.0.0.45708
+    Filename: VProEventMonitor.sys
+    ImportedFunctions:
+    - PsGetVersion
+    - strncmp
+    - ZwOpenProcess
+    - ExAcquireFastMutex
+    - IoCreateSymbolicLink
+    - PsLookupProcessByProcessId
+    - RtlCopyUnicodeString
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeSetEvent
+    - IoCreateNotificationEvent
+    - MmGetSystemRoutineAddress
+    - KeInitializeEvent
+    - PsSetCreateProcessNotifyRoutine
+    - ExAllocatePoolWithTag
+    - IoGetCurrentProcess
+    - KeClearEvent
+    - ZwClose
+    - IoDeleteSymbolicLink
+    - IofCompleteRequest
+    - ExFreePoolWithTag
+    - KeBugCheckEx
+    - DbgPrint
+    - ExReleaseFastMutex
+    - KeQueryPerformanceCounter
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: VProEventMonitor.Sys
+    MD5: cd9f0fcecf1664facb3671c0130dc8bb
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: VProEventMonitor.Sys
+    Product: Symantec Event Monitors Driver Development Edition
+    ProductVersion: 1.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: c492fc6302ba1d302ecd17b883170218
+        SHA1: fda9d8e10686fb6d1e1edb93de5fa0b62f27e9ee
+        SHA256: 62f2e4d85e08eb2e44b09df13add2fd672b667877575c2f1a10ba1586d8b0e53
+    SHA1: 0c26ab1299adcd9a385b541ef1653728270aa23e
+    SHA256: 7877c1b0e7429453b750218ca491c2825dae684ad9616642eff7b41715c70aca
+    Sections:
+        .text:
+            Entropy: 6.390530381204556
+            Virtual Size: '0x1eba'
+        .rdata:
+            Entropy: 4.396653063344109
+            Virtual Size: '0x22c'
+        .data:
+            Entropy: 0.7805204809539781
+            Virtual Size: '0x194'
+        .pdata:
+            Entropy: 3.454144073130144
+            Virtual Size: '0x78'
+        INIT:
+            Entropy: 4.914325578266425
+            Virtual Size: '0x3d4'
+        .rsrc:
+            Entropy: 3.325918842448171
+            Virtual Size: '0x540'
+    Signature:
+    - Symantec Corporation
+    - VeriSign Class 3 Code Signing 2010 CA
+    - VeriSign
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G3
+            ValidFrom: '2012-05-01 00:00:00'
+            ValidTo: '2012-12-31 23:59:59'
+            Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
+            Version: 3
+            TBS:
+                MD5: e6d820afb23af20a65cf0b03247ea05e
+                SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
+                SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
+                SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, ST=Florida, L=Heathrow, O=Symantec Corporation, OU=IMG,
+                OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=Symantec
+                Corporation
+            ValidFrom: '2011-09-09 00:00:00'
+            ValidTo: '2013-09-08 23:59:59'
+            Signature: b154e1c0d7231a2eff64b32a8d6c1a4eafd117d03f922e305741da6dbaeaa49c7fd79fd0b661e0f14e0d024f38593ecc05ac3496282b270e4184f922fc06598620810f7e6af35b7103a8144c00d47e2482a5be8597525c6e310a3d715130a84c4e26711432b8bac4fff03ce800e45626b6e12c2bb71dc14d97ccd6f42f14279ef1be2544769927322e0e1885cedf22b2d69f239dddb538b8aa4de3e7a5e738e71a730386665ea73c7a43342f6046e9e7e92f4c5b58f143cf18760b7ab00fe76e45ac8bacf4c8d28895ed2851d906629b97f5362ff74bd56b563c454d08b8e2fb4b2b4203b8a17b1e1479fdcddcc1245a1d0b1696da579113bd5345b011db0093
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 7b00eb4233c0876e11580566d44735fe
+            Version: 3
+            TBS:
+                MD5: 0ea74c1d804f5fe5fe6ed67acb4af319
+                SHA1: cca391a27aee49e324789ab17802a63035334e7c
+                SHA256: f886b4da40c5db014715c590a626fed560ad1aba7187930416c6ac3ec39b6fc8
+                SHA384: ce0cb3641c31d4689fc31115f27de53948dbd10dea32a48137ecaff52dd649f28128f254f280bb31263d3f9200d6a7e5
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 7b00eb4233c0876e11580566d44735fe
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: c7f08aed5725fe6a53a62ebe354ff135
+    LoadsDespiteHVCI: 'TRUE'
diff --git a/yaml/4dd3289c-522c-4fce-b48e-5370efc90fa1.yaml b/yaml/4dd3289c-522c-4fce-b48e-5370efc90fa1.yaml
index b196d86e3..10035113e 100644
--- a/yaml/4dd3289c-522c-4fce-b48e-5370efc90fa1.yaml
+++ b/yaml/4dd3289c-522c-4fce-b48e-5370efc90fa1.yaml
@@ -1,3474 +1,3499 @@
 Id: 4dd3289c-522c-4fce-b48e-5370efc90fa1
+Tags:
+- iQVW64.SYS
+Verified: 'TRUE'
 Author: Nasreddine Bencherchali
 Created: '2023-05-06'
 MitreID: T1068
 Category: vulnerable driver
-Verified: 'TRUE'
 Commands:
-  Command: sc.exe create iQVW64.sys binPath=C:\windows\temp\iQVW64.SYS type=kernel
-    && sc.exe start iQVW64.SYS
-  Description: ''
-  Usecase: Elevate privileges
-  Privileges: kernel
-  OperatingSystem: Windows 10
+    Command: sc.exe create iQVW64.sys binPath=C:\windows\temp\iQVW64.SYS type=kernel
+        && sc.exe start iQVW64.SYS
+    Description: ''
+    Usecase: Elevate privileges
+    Privileges: kernel
+    OperatingSystem: Windows 10
 Resources:
 - Internal Research
-Acknowledgement:
-  Person: ''
-  Handle: ''
 Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Person: ''
+    Handle: ''
 KnownVulnerableSamples:
-- Filename: iQVW64.SYS
-  MD5: c796a92a66ec725b7b7febbdc13dc69b
-  SHA1: 0ed0c4d6c3b6b478cbfd7fb0bd1e1b5457a757cc
-  SHA256: 19bf0d0f55d2ad33ef2d105520bde8fb4286f00e9d7a721e3c9587b9408a0775
-  Authentihash:
-    MD5: 9628077052773b85d492e06322fa4366
-    SHA1: 013c02f8fb3b1eb638a8ccdd9da5277749d1060b
-    SHA256: 46ec6310c5ea5e289299d40f5ecca82b9c722ffc766dfd08f36dc88835e63567
-  Description: Intel(R) Network Adapter Diagnostic Driver
-  Company: 'Intel Corporation '
-  InternalName: iQVW64.SYS
-  OriginalFilename: iQVW64.SYS
-  FileVersion: '1.03.0.4 built by: WinDDK'
-  Product: Intel(R) iQVW64.SYS
-  ProductVersion: 1.03.0.4
-  Copyright: Copyright (C) 2002-2011 Intel Corporation All Rights Reserved.
-  MachineType: IA64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - KeGetCurrentIrql
-  - DbgPrint
-  - strncpy
-  - vsprintf
-  - IoFreeMdl
-  - MmMapLockedPages
-  - MmBuildMdlForNonPagedPool
-  - IoAllocateMdl
-  - MmUnmapIoSpace
-  - MmUnmapLockedPages
-  - MmAllocateContiguousMemory
-  - MmFreeContiguousMemory
-  - MmMapIoSpace
-  - ObfDereferenceObject
-  - KeWaitForSingleObject
-  - MmGetPhysicalAddress
-  - IoBuildSynchronousFsdRequest
-  - KeInitializeEvent
-  - ZwClose
-  - RtlFreeAnsiString
-  - strstr
-  - RtlUnicodeStringToAnsiString
-  - ZwEnumerateValueKey
-  - ZwOpenKey
-  - wcsncpy
-  - IoGetDeviceObjectPointer
-  - IoGetDeviceInterfaces
-  - ObReferenceObjectByPointer
-  - KeTickCount
-  - KeBugCheckEx
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - RtlInitUnicodeString
-  - IoDeleteSymbolicLink
-  - IofCallDriver
-  - IoDeleteDevice
-  - KeStallExecutionProcessor
-  - WRITE_PORT_ULONG
-  - WRITE_PORT_USHORT
-  - WRITE_PORT_UCHAR
-  - READ_PORT_ULONG
-  - READ_PORT_USHORT
-  - READ_PORT_UCHAR
-  - KeQueryPerformanceCounter
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=US, ST=Oregon, L=Hillsboro, O=Intel Corporation, OU=Digital ID Class
-        3 , Microsoft Software Validation v2, OU=LAN Access Division, CN=Intel Corporation
-      ValidFrom: '2009-05-26 00:00:00'
-      ValidTo: '2012-05-30 23:59:59'
-      Signature: 3d01e2c5a5f6209e2b1cbf422f38c19677d0c3d164d29bcf4fda7ad174d1bbd575795110e13d1af2fad8fcf7a683374a113b00b3b79677f04594c035194e9ab3d016259124793bae1750082011447c5f3e5e46d4c8423affadd01a84b40bbb6143b2030b6741f17d9d9b31124857587c24f1b9877f901b861a7e487bb0ba249553fc7decd252dd7c15a2ebdddec25e84d4dc9e5d6bdf06cb35c97b9a14c04945765431fb8be90e0b007daa667972409973db8f484b2283492c62a7923202797428054a8077cbabc1b1ad48334a759a32c6c2651b9ed192f67dd6d1479da1ea6f0a3b24a02c01b4ac85d293dc40150f831870b8aaa56d727eec6f55a0ff68402a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 058258571670ab2b1bac50679cec49a1
-      Version: 3
-      TBS:
-        MD5: 2db2db8ad770f96c4ba2de12f5336353
-        SHA1: d70fb0f12785771b5eff8029e0801fbe0caca8b3
-        SHA256: ebce0797330e680af51b1a399d34575a8bcac049d55b1323097e17147b430538
-        SHA384: b1480302c0412127620d79bc13eba100191c2458e63df9ae6987481db2ca14de7530211e195540d9b30bc7390a44fec0
-    Signer:
-    - SerialNumber: 058258571670ab2b1bac50679cec49a1
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 8007fd3858325a29ea818653b1ceb33c
-    SHA1: acaff2a453f47e14cf2a396ee2e6ca8cbc5801b7
-    SHA256: d95fe490f0c27ddb18fe210abef87a55a90d70c1c3fc71319e0f05ae06894b29
-  Sections:
-    .text:
-      Entropy: 5.475411996294876
-      Virtual Size: '0x95e0'
-    .rdata:
-      Entropy: 3.072068378066715
-      Virtual Size: '0xf40'
-    .pdata:
-      Entropy: 3.9359294560144455
-      Virtual Size: '0x3e4'
-    .srdata:
-      Entropy: 2.7857828687461534
-      Virtual Size: '0x280'
-    .sdata:
-      Entropy: 2.491453465417235
-      Virtual Size: '0x1b0'
-    .data:
-      Entropy: 0.0
-      Virtual Size: '0x5c9d80'
-    INIT:
-      Entropy: 5.639528673951456
-      Virtual Size: '0x92a'
-    .rsrc:
-      Entropy: 3.4091935406815166
-      Virtual Size: '0x3f8'
-    .reloc:
-      Entropy: 0.41227279241255127
-      Virtual Size: '0x1020'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2011-10-05 01:13:31'
-  Imphash: 4bd0bd7710a7f71d38f056241c8ce0a7
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: iQVW64.SYS
-  MD5: f7d963c14a691a022301afa31de9ecef
-  SHA1: 2e546d86d3b1e4eaa92b6ec4768de79f70eb922f
-  SHA256: 1f8168036d636aad1680dd0f577ef9532dbb2dad3591d63e752b0ba3ee6fd501
-  Authentihash:
-    MD5: 9e5958641168a690ab2b8003d3095a1f
-    SHA1: b1ce8991df0af287d5fd6837306384bd4327ea1d
-    SHA256: 6f2cf1c9502c5c5054edb556827ba30ffc2e6689faf807db404672781b032eaf
-  Description: Intel(R) Network Adapter Diagnostic Driver
-  Company: 'Intel Corporation '
-  InternalName: iQVW64.SYS
-  OriginalFilename: iQVW64.SYS
-  FileVersion: '1.3.2.16 built by: WinDDK'
-  Product: Intel(R) iQVW64.SYS
-  ProductVersion: 1.3.2.16
-  Copyright: Copyright (C) 2002-2018 Intel Corporation All Rights Reserved.
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoCreateSymbolicLink
-  - IofCompleteRequest
-  - MmIsAddressValid
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - MmGetPhysicalAddress
-  - DbgPrint
-  - strncpy
-  - vsprintf
-  - IoFreeMdl
-  - MmMapLockedPagesSpecifyCache
-  - MmBuildMdlForNonPagedPool
-  - IoAllocateMdl
-  - MmUnmapIoSpace
-  - MmUnmapLockedPages
-  - MmAllocateContiguousMemory
-  - MmFreeContiguousMemory
-  - MmMapIoSpace
-  - RtlInitUnicodeString
-  - KeWaitForSingleObject
-  - IofCallDriver
-  - IoBuildSynchronousFsdRequest
-  - KeInitializeEvent
-  - ZwClose
-  - RtlFreeAnsiString
-  - strstr
-  - RtlUnicodeStringToAnsiString
-  - ZwEnumerateValueKey
-  - ZwOpenKey
-  - wcsncpy
-  - IoGetDeviceObjectPointer
-  - IoGetDeviceInterfaces
-  - ObReferenceObjectByPointer
-  - MmAllocateNonCachedMemory
-  - MmFreeNonCachedMemory
-  - KeBugCheckEx
-  - IoDeleteSymbolicLink
-  - ObfDereferenceObject
-  - IoDeleteDevice
-  - MmGetSystemRoutineAddress
-  - ZwSetSecurityObject
-  - ObOpenObjectByPointer
-  - IoDeviceObjectType
-  - IoCreateDevice
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetSaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - _snwprintf
-  - RtlLengthSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - SeExports
-  - IoIsWdmVersionAvailable
-  - _wcsnicmp
-  - RtlAddAccessAllowedAce
-  - RtlLengthSid
-  - wcschr
-  - RtlAbsoluteToSelfRelativeSD
-  - RtlSetDaclSecurityDescriptor
-  - RtlCreateSecurityDescriptor
-  - ZwCreateKey
-  - ZwQueryValueKey
-  - ZwSetValueKey
-  - RtlFreeUnicodeString
-  - KeStallExecutionProcessor
-  - KeQueryPerformanceCounter
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust
-        External CA Root
-      ValidFrom: '2013-08-15 20:26:30'
-      ValidTo: '2023-08-15 20:36:30'
-      Signature: 362ba2f2e1331fe493f7f26985c6640ec99b632fe4703798fd94ec7bcff8a14246f9ed6a4e8d34693605557a1ebbad8c99429606e925a82684bec1bf16a97caa5b04b7fdd1c0f402be28edf577c79bfe3af6e8c17bd382abfa144ecf2bcfe5d5b54840b1a38f838bad2b2553aba634cef243f74f2ce9dd1e4e5ab6bae83b10992400bc50fd78f6e523a8899493f7b74130374a57b7e644d9c9df9905aa44fc74af8264cc07cb01b609c32ee3e832a7b49f4178c7a184365462f2ec150ac8ead084f8f1e06bf456125f95e0fcddb77693fe294a25e90400f1b4110ec9849edb177df51ea58e3629193a6d6c464bd7ab7024288d05a3d9d524f2f8a0d13c8239d4a8820e693a8109fc06f0c75933843693064191232c22a5a7012b50b428aedb46b0591b86b39b87e8494e390b6d14df4c03301e1f5f74aef55b590353ec9816e0d06235751b48b87d13e57a48b87752a40798253b069b7a4e6a6f44864f144f2779273d5073414c9c413edd290c73b1c7fb1f760c176504ebd25010924149ece4067d3615446f89bf697df94d40c13a98b6a07e31d2b5aecafb53d53f5086cd5e933b6d5d7c9a3f3ff7a9255884dd114900a2c7c89e37dd778e6d718be05b81345d54baccf59347886de7ef5be228e4801b40e40f2ad17f2315655aac9994433f465526d6c4fa8895e2919aa32d0b85deac8ce0f967709f71790231f761a229c4
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 3300000035d8d5595b0671412b000000000035
-      Version: 3
-      TBS:
-        MD5: 3d488d41aaeb5661974952080abef2fd
-        SHA1: df01e35e6befc7d65625319f17397b861e618d56
-        SHA256: 3d6ef38b5d26773dc77392e415e88b3a744b30ea9f2081e2a992b5818db2f0c4
-        SHA384: ac7c06916fe4a00307834b2499f12799d3fe463c2e63d1881df669a2786745beeee2b3a7d87cd6bc9e4fe293c22e5a59
-    - Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO
-        RSA Certification Authority
-      ValidFrom: '2000-05-30 10:48:38'
-      ValidTo: '2020-05-30 10:48:38'
-      Signature: 64bf83f15f9a85d0cdb8a129570de85af7d1e93ef276046ef15270bb1e3cff4d0d746acc818225d3c3a02a5d4cf5ba8ba16dc4540975c7e3270e5d847937401377f5b4ac1cd03bab1712d6ef34187e2be979d3ab57450caf28fad0dbe5509588bbdf8557697d92d852ca7381bf1cf3e6b86e661105b31e942d7f91959259f14ccea391714c7c470c3b0b19f6a1b16c863e5caac42e82cbf90796ba484d90f294c8a973a2eb067b239ddea2f34d559f7a6145981868c75e406b23f5797aef8cb56b8bb76f46f47bf13d4b04d89380595ae041241db28f15605847dbef6e46fd15f5d95f9ab3dbd8b8e440b3cd9739ae85bb1d8ebcdc879bd1a6eff13b6f10386f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.12
-      IsCertificateAuthority: true
-      SerialNumber: 2766ee56eb49f38eabd770a2fc84de22
-      Version: 3
-      TBS:
-        MD5: be5bfbe77379139ac5cdcbcc8d4d3b34
-        SHA1: 606b701bc9f448ddbfe6fa63ccb8061b838ee254
-        SHA256: 0d73a614eef7596cf5a34733f74daf2ccfe4df7b4a40069bf43c43e428264177
-        SHA384: 7ce102d63c57cb48f80a65d1a5e9b350a7a618482aa5a36775323ca933ddfcb00def83796a6340dec5ebf7596cfd8e5d
-    - Subject: C=US, ST=CA, L=Santa Clara, O=Intel Corporation, CN=Intel(R) INTELND1617S2
-      ValidFrom: '2016-09-22 20:52:10'
-      ValidTo: '2018-09-22 20:52:10'
-      Signature: 54c74e29a233c023318bb790335296bd320e2fe2d0c3911439fa64bb42649c1b23b4feef4a6d0033c868e6bc100dc48908feb70b8f9a789c244adb601dab2931ba223ab00fa35f20dcdbd4c23d01d1a21fc45475c825817125636a1d291a4d2ad58b4f42a45b6c5099448f1d42b150a46449b77f2da99fb5c96dd4b5171f3fd8469ad8d2754d5ab0de3a66c92b2f0522152c5d431f8930203f1058421de74d752432509fc05513a7bfb8ea307171379148ee283ce62702fbe3be88a717090651c879cde40589550e80453707b604dbefda434187093c85f04a2aedb502f7eeef27675b0a53f3855655ea8c662a98d9a90b16b8dd7ef677ba3233738e8740185fee1ea12b96515e7ed8acdcc980f9fffb00a822fa9cefa8b8935d27d6eda7b10c13cf24e0cd0a55afd3d49bb166a5b1d4b9ab13d7969882c11aef0966e512e17da18affa9139e4bc48b002ed1b3889dd71571b74613f7d340b09a59e4809458d4838f7fdb9f90e4c6f0d9273430c47a10e89272e323ecdb08146dc4d13aad95ab5ca8d8932e090c92102f3e89409967cd8b21507f41d5cf4a65e80723000944911561f15bfd50fc6f612d75185db6c31f94cfad85556b32c3b149aad421f10b42162c01aba2a2f773196b0063506ca08337069ebe6ce23cc2a14582182ed46e267d0dd8e982b8016be5eca29b2130c82b504dac2f3751b3010abde895db438352
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 560000013927007472d9b99b9b000000000139
-      Version: 3
-      TBS:
-        MD5: cdc266193e7ecfd8e1e7f3aed67e75ed
-        SHA1: d384f171c6ae3e92f8cc93ca26690c3d5be2a81b
-        SHA256: 15c1d42f57e1f011c3e16c96f68d07d2734a981e5c1200ac6b974e9c7683654e
-        SHA384: 55f8f8afaf783b2b4f9f1e48e86def2eeec80e1b2744679afd6d2809b2c822780720e65d69e43c93916b90b6da1dead8
-    - Subject: C=US, ST=CA, L=Santa Clara, O=Intel Corporation, CN=Intel External
-        Issuing CA 7B
-      ValidFrom: '2015-10-28 00:00:00'
-      ValidTo: '2021-06-17 23:59:59'
-      Signature: 35bb03eacc9b601a13d075528e8095454e9ebf6ec0bb64aac36eb1021d465e2fe82f48cc8410f7ad993bfffa856829b0d37c31e21ab47bc166e2a53bc729189835ae6301a845209561db104db90d6bd39964ce5f8bb86c1346a06e5a0d3ee790ebb731a121f58dde3b7b6936f10800b9aabf1c566156d7cc923f29d4d96bd8222f0e56f56ad146e8808f397a923c6748b7e2fa190f3767e2df292d02aa43282eae2c464224be6dbb6a8849a64c20dfe5654ffae1c1be71d5f85ef59d6692b23b64e1e8aeac995517bddb1bdfa0934f3f56f23b83d5d2b7c1085a524042e33e9120f735b491f04de134694879c0ed30c9931a84d572198f6d8039f459ab2016d8f9ff7026237becc50033227c3d203aedb428bc7a810ce70bc13f7c300c4e50b8670fd76417b7c3c52085ca8fced5262a1254b9ff22f8a8273cca0e853714ee02e52f66156263876a5ecf29d3b89178b76172177bc119a6180822dad09125f606090926b02dac808874335fc7e044c1309976d877b14701ef69922bedae582963a0358ee41db704f1da3ab23280b1c8bcf0e70f71007a333a06e8a4d879d9d953cd9bfeb2685b8884856b0771d04f930a0760033408d273bf141adfe3c7041b2d999e931c95b38798425a1c916352398a8f4a2ac24c7b70693a3cf1fb2fff0e0a8794e4016acf9bb41fa30ea9ea2adcaf2b8c4401fd3a587d3278a219d5c974c5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.12
-      IsCertificateAuthority: true
-      SerialNumber: 069b5e99277284c8767f1368a7deb0f3
-      Version: 3
-      TBS:
-        MD5: 5578c7331db18bb448db403ad32c94ee
-        SHA1: dfcfe5d6087cf830513d705aa701ff957d960298
-        SHA256: 5b619f82064ace7ecf48d26ce8ae6fa3b52671915fa81ee81cddbe740dd8698b
-        SHA384: 5fa042c979faba67de861093b4aca808ae4be0fcedf123cb8afe126856c0b6ac3451393048211db8993914c5ff410bd8
-    Signer:
-    - SerialNumber: 560000013927007472d9b99b9b000000000139
-      Issuer: C=US, ST=CA, L=Santa Clara, O=Intel Corporation, CN=Intel External Issuing
-        CA 7B
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 84dfb7245aa6b7f3efec05cfa6559636
-    SHA1: 695bd45c0e89dcb58253e90c9a43400b03ae2202
-    SHA256: 3ff178ffbb2c17ce7c3a02ef5943ddf3b580e3e28f6cc59775c5369062a0b9ab
-  Sections:
-    .text:
-      Entropy: 6.260738500856503
-      Virtual Size: '0x4945'
-    .rdata:
-      Entropy: 4.781831199028562
-      Virtual Size: '0xed0'
-    .data:
-      Entropy: 1.1262035268835313
-      Virtual Size: '0x5ca0a0'
-    .pdata:
-      Entropy: 4.658699009524359
-      Virtual Size: '0x678'
-    PAGE:
-      Entropy: 6.1261566082145595
-      Virtual Size: '0x1b71'
-    INIT:
-      Entropy: 5.77048929806172
-      Virtual Size: '0xb4c'
-    .rsrc:
-      Entropy: 3.435765934379025
-      Virtual Size: '0x3f8'
-    .reloc:
-      Entropy: 1.2072398645622464
-      Virtual Size: '0x60'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2018-04-06 02:56:07'
-  Imphash: 2cf48a541dc193e91bb2a831adcf278e
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: iQVW64.SYS
-  MD5: 73a40e29f61e5d142c8f42b28a351190
-  SHA1: bdfb25cc4ed569dc0d5849545eb4abe08539029f
-  SHA256: 2d2c7ee9547738a8a676ab785c151e8b48ed40fe7cf6174650814c7f5f58513b
-  Authentihash:
-    MD5: de5dc7fda88792287ab03e73cece0ba8
-    SHA1: 99adef60a03c2ba9aa008adcd151686175ede2db
-    SHA256: 0ae3c446e5f075e8fc3db31eabd744a65b2c50a9b4a52877873547951bc19bc9
-  Description: Intel(R) Network Adapter Diagnostic Driver
-  Company: 'Intel Corporation '
-  InternalName: iQVW64.SYS
-  OriginalFilename: iQVW64.SYS
-  FileVersion: '1.03.0.6 built by: WinDDK'
-  Product: Intel(R) iQVW64.SYS
-  ProductVersion: 1.03.0.6
-  Copyright: Copyright (C) 2002-2012 Intel Corporation All Rights Reserved.
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - IofCompleteRequest
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - MmGetPhysicalAddress
-  - DbgPrint
-  - strncpy
-  - vsprintf
-  - IoFreeMdl
-  - MmMapLockedPagesSpecifyCache
-  - MmBuildMdlForNonPagedPool
-  - IoAllocateMdl
-  - MmUnmapIoSpace
-  - MmUnmapLockedPages
-  - MmAllocateContiguousMemory
-  - MmFreeContiguousMemory
-  - RtlInitUnicodeString
-  - ObfDereferenceObject
-  - KeWaitForSingleObject
-  - IofCallDriver
-  - IoBuildSynchronousFsdRequest
-  - KeInitializeEvent
-  - ZwClose
-  - RtlFreeAnsiString
-  - strstr
-  - RtlUnicodeStringToAnsiString
-  - ZwEnumerateValueKey
-  - ZwOpenKey
-  - wcsncpy
-  - IoGetDeviceObjectPointer
-  - IoGetDeviceInterfaces
-  - ObReferenceObjectByPointer
-  - KeBugCheckEx
-  - IoDeleteSymbolicLink
-  - MmMapIoSpace
-  - IoDeleteDevice
-  - KeStallExecutionProcessor
-  - KeQueryPerformanceCounter
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G3
-      ValidFrom: '2012-05-01 00:00:00'
-      ValidTo: '2012-12-31 23:59:59'
-      Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
-      Version: 3
-      TBS:
-        MD5: e6d820afb23af20a65cf0b03247ea05e
-        SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
-        SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
-        SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, ST=Oregon, L=Hillsboro, O=Intel Corporation, OU=Digital ID Class
-        3 , Microsoft Software Validation v2, OU=LAN Access Division, CN=Intel Corporation
-      ValidFrom: '2012-05-17 00:00:00'
-      ValidTo: '2015-05-30 23:59:59'
-      Signature: 285fe626bdcc91182509755ed38bee901a395d2f11b14eb7857cb9b3624afadee423a07cca07804cd51a299716b3bd127c84e6d827dd786b29964aee3b6dd0193d366813ff62ab31f61e2c37bda7a2cd4c19a877cd410dcd066acefa7013e47436b8b4270238dbf631a4907c380f2397eda3a013d8d3d006a15b581edf946d7cc16896d2af8e79981802555b12bb1b177f7e9a85c0c92b8af3d423ecbd858a1aa0d8face738f4f4934b2a0f9654db4cc1e388afad699371e83992bd317de8ae0dce9df2f6de60191af4462eca8a2ba30e8b203b68bff09f4753cfbedbf41a64f1e0cc999f90c83dc3062dd62dd46773f8e93d1051f19a29a97377c1d0bee7f39
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 2776ab5cf2d09872f1ad05fbc3f21a87
-      Version: 3
-      TBS:
-        MD5: fa13cce803fbe5b5256430f9bfee76de
-        SHA1: ce566e0c55909bbf2bb0d43280ee78b4ba3d582f
-        SHA256: 7959ee2235998f36a9cdbd9b5ef7759e5846e0eecd7e868c5f042360a25482aa
-        SHA384: 82fcff4effee6971cfc9d0d684d13479eac42b53f23590e0df172e2804ff94abc1fbf0e2b6af0cf05b099fc97cf26789
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 2776ab5cf2d09872f1ad05fbc3f21a87
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 4521e9ed78c16f8d1e49a1981dfb32eb
-    SHA1: 557230bdf881a5a09523f4b063c81e10594ee183
-    SHA256: 4d270337cbd39f54b308a8b11869c2d85075acb846ce369f90aeceb8dd87782f
-  Sections:
-    .text:
-      Entropy: 6.313310272629252
-      Virtual Size: '0x4595'
-    .rdata:
-      Entropy: 4.728842329222615
-      Virtual Size: '0x7b8'
-    .data:
-      Entropy: 0.30140680731160896
-      Virtual Size: '0x5c9ec0'
-    .pdata:
-      Entropy: 4.323928242016378
-      Virtual Size: '0x408'
-    INIT:
-      Entropy: 5.82935061954711
-      Virtual Size: '0x7a8'
-    .rsrc:
-      Entropy: 3.419370252627768
-      Virtual Size: '0x3f8'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2012-10-23 02:48:15'
-  Imphash: 55db306bc2be3ff71a6b91fd9db051b8
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: iQVW64.SYS
-  MD5: 69ba501a268f09f694ff0e8e208aa20e
-  SHA1: 3d6d53b0f1cc908b898610227b9f1b9352137aba
-  SHA256: 37c637a74bf20d7630281581a8fae124200920df11ad7cd68c14c26cc12c5ec9
-  Authentihash:
-    MD5: 61c9bc2fd776b341f21b71fb1891eb5a
-    SHA1: 9af173db51828d2a3c64d34e9120f1fd129a2359
-    SHA256: ecd6e879e5521ca4053a59ef6682a95d97f6d9ba75f313b87bd133afe5267852
-  Description: Intel(R) Network Adapter Diagnostic Driver
-  Company: 'Intel Corporation '
-  InternalName: iQVW64.SYS
-  OriginalFilename: iQVW64.SYS
-  FileVersion: '1.3.2.17 built by: WinDDK'
-  Product: Intel(R) iQVW64.SYS
-  ProductVersion: 1.3.2.17
-  Copyright: Copyright (C) 2002-2018 Intel Corporation All Rights Reserved.
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoCreateSymbolicLink
-  - IofCompleteRequest
-  - MmIsAddressValid
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - MmGetPhysicalAddress
-  - DbgPrint
-  - strncpy
-  - vsprintf
-  - IoFreeMdl
-  - MmMapLockedPagesSpecifyCache
-  - MmBuildMdlForNonPagedPool
-  - IoAllocateMdl
-  - MmUnmapIoSpace
-  - MmUnmapLockedPages
-  - MmAllocateContiguousMemory
-  - MmFreeContiguousMemory
-  - MmMapIoSpace
-  - RtlInitUnicodeString
-  - KeWaitForSingleObject
-  - IofCallDriver
-  - IoBuildSynchronousFsdRequest
-  - KeInitializeEvent
-  - ZwClose
-  - RtlFreeAnsiString
-  - strstr
-  - RtlUnicodeStringToAnsiString
-  - ZwEnumerateValueKey
-  - ZwOpenKey
-  - wcsncpy
-  - IoGetDeviceObjectPointer
-  - IoGetDeviceInterfaces
-  - ObReferenceObjectByPointer
-  - MmAllocateNonCachedMemory
-  - MmFreeNonCachedMemory
-  - KeBugCheckEx
-  - IoDeleteSymbolicLink
-  - ObfDereferenceObject
-  - IoDeleteDevice
-  - MmGetSystemRoutineAddress
-  - ZwSetSecurityObject
-  - ObOpenObjectByPointer
-  - IoDeviceObjectType
-  - IoCreateDevice
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetSaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - _snwprintf
-  - RtlLengthSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - SeExports
-  - IoIsWdmVersionAvailable
-  - _wcsnicmp
-  - RtlAddAccessAllowedAce
-  - RtlLengthSid
-  - wcschr
-  - RtlAbsoluteToSelfRelativeSD
-  - RtlSetDaclSecurityDescriptor
-  - RtlCreateSecurityDescriptor
-  - ZwCreateKey
-  - ZwQueryValueKey
-  - ZwSetValueKey
-  - RtlFreeUnicodeString
-  - KeStallExecutionProcessor
-  - KeQueryPerformanceCounter
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust
-        External CA Root
-      ValidFrom: '2013-08-15 20:26:30'
-      ValidTo: '2023-08-15 20:36:30'
-      Signature: 362ba2f2e1331fe493f7f26985c6640ec99b632fe4703798fd94ec7bcff8a14246f9ed6a4e8d34693605557a1ebbad8c99429606e925a82684bec1bf16a97caa5b04b7fdd1c0f402be28edf577c79bfe3af6e8c17bd382abfa144ecf2bcfe5d5b54840b1a38f838bad2b2553aba634cef243f74f2ce9dd1e4e5ab6bae83b10992400bc50fd78f6e523a8899493f7b74130374a57b7e644d9c9df9905aa44fc74af8264cc07cb01b609c32ee3e832a7b49f4178c7a184365462f2ec150ac8ead084f8f1e06bf456125f95e0fcddb77693fe294a25e90400f1b4110ec9849edb177df51ea58e3629193a6d6c464bd7ab7024288d05a3d9d524f2f8a0d13c8239d4a8820e693a8109fc06f0c75933843693064191232c22a5a7012b50b428aedb46b0591b86b39b87e8494e390b6d14df4c03301e1f5f74aef55b590353ec9816e0d06235751b48b87d13e57a48b87752a40798253b069b7a4e6a6f44864f144f2779273d5073414c9c413edd290c73b1c7fb1f760c176504ebd25010924149ece4067d3615446f89bf697df94d40c13a98b6a07e31d2b5aecafb53d53f5086cd5e933b6d5d7c9a3f3ff7a9255884dd114900a2c7c89e37dd778e6d718be05b81345d54baccf59347886de7ef5be228e4801b40e40f2ad17f2315655aac9994433f465526d6c4fa8895e2919aa32d0b85deac8ce0f967709f71790231f761a229c4
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 3300000035d8d5595b0671412b000000000035
-      Version: 3
-      TBS:
-        MD5: 3d488d41aaeb5661974952080abef2fd
-        SHA1: df01e35e6befc7d65625319f17397b861e618d56
-        SHA256: 3d6ef38b5d26773dc77392e415e88b3a744b30ea9f2081e2a992b5818db2f0c4
-        SHA384: ac7c06916fe4a00307834b2499f12799d3fe463c2e63d1881df669a2786745beeee2b3a7d87cd6bc9e4fe293c22e5a59
-    - Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO
-        RSA Certification Authority
-      ValidFrom: '2000-05-30 10:48:38'
-      ValidTo: '2020-05-30 10:48:38'
-      Signature: 64bf83f15f9a85d0cdb8a129570de85af7d1e93ef276046ef15270bb1e3cff4d0d746acc818225d3c3a02a5d4cf5ba8ba16dc4540975c7e3270e5d847937401377f5b4ac1cd03bab1712d6ef34187e2be979d3ab57450caf28fad0dbe5509588bbdf8557697d92d852ca7381bf1cf3e6b86e661105b31e942d7f91959259f14ccea391714c7c470c3b0b19f6a1b16c863e5caac42e82cbf90796ba484d90f294c8a973a2eb067b239ddea2f34d559f7a6145981868c75e406b23f5797aef8cb56b8bb76f46f47bf13d4b04d89380595ae041241db28f15605847dbef6e46fd15f5d95f9ab3dbd8b8e440b3cd9739ae85bb1d8ebcdc879bd1a6eff13b6f10386f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.12
-      IsCertificateAuthority: true
-      SerialNumber: 2766ee56eb49f38eabd770a2fc84de22
-      Version: 3
-      TBS:
-        MD5: be5bfbe77379139ac5cdcbcc8d4d3b34
-        SHA1: 606b701bc9f448ddbfe6fa63ccb8061b838ee254
-        SHA256: 0d73a614eef7596cf5a34733f74daf2ccfe4df7b4a40069bf43c43e428264177
-        SHA384: 7ce102d63c57cb48f80a65d1a5e9b350a7a618482aa5a36775323ca933ddfcb00def83796a6340dec5ebf7596cfd8e5d
-    - Subject: C=US, ST=CA, L=Santa Clara, O=Intel Corporation, OU=ND, CN=Intel(R)
-        INTELND1820
-      ValidFrom: '2018-08-09 21:34:08'
-      ValidTo: '2020-08-08 21:34:08'
-      Signature: 714c055fff1a2bd770c1b7103eb47360ca789a29c9e4a59a9050dd5f9b20d559fa927bd5a6a7bb8e90be3324862edbe148f96f164427cd86b7c99ef8e972368a3aad8789e77ad0787ca5361a940eceb6b575a78655040f4104ddc57610bb1045c9aa03f3044b67c067a57c1d2dcf6be9969ce946684d131c1f8e750ddde70bf6740ea6c912945b8aea873d8a2653180e02fa8cd0803d617f6bc1a432d3dd39ee49cb520959cffcab34bf6deba98ce8a8eba46eec31a34a075e1269c8cf68fe8d70b17e72c83206ca40797c51997ee0521ed3ebf4f20fb5a8c48c93722362f65ffb68f49325f479e30b398938d8b87a8adfe0d8c1e68b0be9de1d11dca8aca582ba3a568c0f94b344c0cc5acd6b13870baf515fe169110c33d54f5e475272e485e949bf8f6dd4c7306bc32859dbbcde89228d1f92a7b9a0b20dd88097f76a19e6149afa28fb25574f9885252460aadb51be7695a59f13fe307a8346f4cf54f36b94dd1d8d082747f9869da38daed9301a20e728f7562dd789b52e11d061800bf8eb5bfce47c114b939ed0787760bb530a86585de6b79927216dfadc3b6ab3234b94e3069feedfcac8adfa9ab3f910104f32fb18a44c90a8b9dab58915cccf8ce134bcb39a9eb4ddc158607cccbce0cfb7f23506fc40b99d3c79b6de258c7c1734e29abae3a2330cf45871fc0dd444abbe8057a27b67cb4467f5bfd199d4ddedb7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 560000077b478c76c9afcafcaf00000000077b
-      Version: 3
-      TBS:
-        MD5: f3eba8fe0d2dd1bc861e0b0e6e23d96e
-        SHA1: bce46695d618b69de8a4bb5ebede302378c1aebb
-        SHA256: 5de689926c95c269de72cd6edf9cad152c5ce41729dfc7835607b9b1182fe66e
-        SHA384: 348401b8898e24fd502451c161739c56eecd8f5a8159045b1fc312dd636174aba9627306025387736bf478ade2b773a0
-    - Subject: C=US, ST=CA, L=Santa Clara, O=Intel Corporation, CN=Intel External
-        Issuing CA 7B
-      ValidFrom: '2015-10-28 00:00:00'
-      ValidTo: '2021-06-17 23:59:59'
-      Signature: 35bb03eacc9b601a13d075528e8095454e9ebf6ec0bb64aac36eb1021d465e2fe82f48cc8410f7ad993bfffa856829b0d37c31e21ab47bc166e2a53bc729189835ae6301a845209561db104db90d6bd39964ce5f8bb86c1346a06e5a0d3ee790ebb731a121f58dde3b7b6936f10800b9aabf1c566156d7cc923f29d4d96bd8222f0e56f56ad146e8808f397a923c6748b7e2fa190f3767e2df292d02aa43282eae2c464224be6dbb6a8849a64c20dfe5654ffae1c1be71d5f85ef59d6692b23b64e1e8aeac995517bddb1bdfa0934f3f56f23b83d5d2b7c1085a524042e33e9120f735b491f04de134694879c0ed30c9931a84d572198f6d8039f459ab2016d8f9ff7026237becc50033227c3d203aedb428bc7a810ce70bc13f7c300c4e50b8670fd76417b7c3c52085ca8fced5262a1254b9ff22f8a8273cca0e853714ee02e52f66156263876a5ecf29d3b89178b76172177bc119a6180822dad09125f606090926b02dac808874335fc7e044c1309976d877b14701ef69922bedae582963a0358ee41db704f1da3ab23280b1c8bcf0e70f71007a333a06e8a4d879d9d953cd9bfeb2685b8884856b0771d04f930a0760033408d273bf141adfe3c7041b2d999e931c95b38798425a1c916352398a8f4a2ac24c7b70693a3cf1fb2fff0e0a8794e4016acf9bb41fa30ea9ea2adcaf2b8c4401fd3a587d3278a219d5c974c5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.12
-      IsCertificateAuthority: true
-      SerialNumber: 069b5e99277284c8767f1368a7deb0f3
-      Version: 3
-      TBS:
-        MD5: 5578c7331db18bb448db403ad32c94ee
-        SHA1: dfcfe5d6087cf830513d705aa701ff957d960298
-        SHA256: 5b619f82064ace7ecf48d26ce8ae6fa3b52671915fa81ee81cddbe740dd8698b
-        SHA384: 5fa042c979faba67de861093b4aca808ae4be0fcedf123cb8afe126856c0b6ac3451393048211db8993914c5ff410bd8
-    Signer:
-    - SerialNumber: 560000077b478c76c9afcafcaf00000000077b
-      Issuer: C=US, ST=CA, L=Santa Clara, O=Intel Corporation, CN=Intel External Issuing
-        CA 7B
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 84dfb7245aa6b7f3efec05cfa6559636
-    SHA1: 695bd45c0e89dcb58253e90c9a43400b03ae2202
-    SHA256: 3ff178ffbb2c17ce7c3a02ef5943ddf3b580e3e28f6cc59775c5369062a0b9ab
-  Sections:
-    .text:
-      Entropy: 6.2614381305981635
-      Virtual Size: '0x4945'
-    .rdata:
-      Entropy: 4.781156413274236
-      Virtual Size: '0xed0'
-    .data:
-      Entropy: 1.1262035268835313
-      Virtual Size: '0x5ca0a0'
-    .pdata:
-      Entropy: 4.658699009524359
-      Virtual Size: '0x678'
-    PAGE:
-      Entropy: 6.1261566082145595
-      Virtual Size: '0x1b71'
-    INIT:
-      Entropy: 5.7698100081018655
-      Virtual Size: '0xb4c'
-    .rsrc:
-      Entropy: 3.4436811351467087
-      Virtual Size: '0x3f8'
-    .reloc:
-      Entropy: 1.2072398645622464
-      Virtual Size: '0x60'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2018-09-17 03:18:08'
-  Imphash: 2cf48a541dc193e91bb2a831adcf278e
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: iQVW64.SYS
-  MD5: de4001f89ed139d1ed6ae5586d48997a
-  SHA1: cb212a826324909fdedd2b572a59a5be877f1d7d
-  SHA256: 4d0580c20c1ba74cf90d44c82d040f0039542eea96e4bbff3996e6760f457cee
-  Authentihash:
-    MD5: b962ae9f688f5a0fc864e3b64a8fa443
-    SHA1: f6e5a0c338354dfbd1a9170fb9bd71123db5ac3b
-    SHA256: ee625d1910f91fc9e79237bd60b0ee5efb85c7f859922f30e4434db6cd50fa9b
-  Description: Intel(R) Network Adapter Diagnostic Driver
-  Company: 'Intel Corporation '
-  InternalName: iQVW64.SYS
-  OriginalFilename: iQVW64.SYS
-  FileVersion: '1.03.0.4 built by: WinDDK'
-  Product: Intel(R) iQVW64.SYS
-  ProductVersion: 1.03.0.4
-  Copyright: Copyright (C) 2002-2006 Intel Corporation All Rights Reserved.
-  MachineType: IA64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - KeGetCurrentIrql
-  - DbgPrint
-  - sprintf
-  - vsprintf
-  - IoFreeMdl
-  - MmMapLockedPages
-  - MmBuildMdlForNonPagedPool
-  - IoAllocateMdl
-  - MmUnmapIoSpace
-  - MmUnmapLockedPages
-  - MmAllocateContiguousMemory
-  - MmFreeContiguousMemory
-  - MmMapIoSpace
-  - ObfDereferenceObject
-  - KeWaitForSingleObject
-  - MmGetPhysicalAddress
-  - IoBuildSynchronousFsdRequest
-  - KeInitializeEvent
-  - ZwClose
-  - RtlFreeAnsiString
-  - strstr
-  - RtlUnicodeStringToAnsiString
-  - ZwEnumerateValueKey
-  - ZwOpenKey
-  - wcsncpy
-  - IoGetDeviceObjectPointer
-  - IoGetDeviceInterfaces
-  - ObReferenceObjectByPointer
-  - KeTickCount
-  - KeBugCheckEx
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - RtlInitUnicodeString
-  - IoDeleteSymbolicLink
-  - IofCallDriver
-  - IoDeleteDevice
-  - KeStallExecutionProcessor
-  - WRITE_PORT_ULONG
-  - WRITE_PORT_USHORT
-  - WRITE_PORT_UCHAR
-  - READ_PORT_ULONG
-  - READ_PORT_USHORT
-  - READ_PORT_UCHAR
-  - KeQueryPerformanceCounter
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2008-12-03 23:59:59'
-      Signature: 877870da4e5201205be079c98230c4fdb91996bd9100c3bdcdcdc6f40ed8fff94dc033623011c5f5741bd492de5f9c2013b17c45be50cd83e7801783a72793671346fbcab8984103cc9b515b058b7fa86ff31b501b242ef2698d6c22f7bbca1695ed0c74c06877d9eb996287c17390f889747a23aba3987b97b1f78f29714d2e751b4841daf0b50d2054d677a097826369fd09cf8af075bb099bd9f91155269a6132be7a02b07b86bea2c38b222c78d13576bc92735cf9b9e64c150a23cce4d2d4342e4940153c0f607a24c6a566ef96cf70eb3ee7f40d7edcd17ca3767169c19c4f47303521b1a2af1a623c2bd98eaa2a077bd818b35c7be29da56ffe3c89ad
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0de92bf0d4d82988183205095e9a7688
-      Version: 3
-      TBS:
-        MD5: 45c204b8a20f6abb0188d2d38a3fb0c9
-        SHA1: cdf3a3c5c2eda4c29621f30fd3154f9f8c765739
-        SHA256: e32839dddc0f4ed2474efaf37f59d46db400c700fd19533cb0895a111124bc77
-        SHA384: ee9c75832cb252218b3201619852209df490d2ef7a5f7a28afdb37f1c1dd56f4604898838e558f615b1c798d4a488223
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=US, ST=Oregon, L=Hillsboro, O=Intel Corporation, OU=Digital ID Class
-        3 , Microsoft Software Validation v2, OU=LAN Access Division, CN=Intel Corporation
-      ValidFrom: '2006-04-17 00:00:00'
-      ValidTo: '2009-05-31 23:59:59'
-      Signature: 1c9c5e1020ecb0b42a91db52dd24e367787824834a64266a853e2e606da460488ac331c35600c43713d44df9a63e354c802f6fd18393206067cb6386f02d31c9b1ec0cf22d2067dc3add71bcb23063436822b69c31e1aa9c236e1111651ba67adf5fa784b98a264a33e03e61bb7e5b3e47152ce5d4d4918ca92bfc581063b1c83777480f29f7c02f08f47078e95e0eca268714fd9e5cce7a381bcfcd55918af45d3e3b1f2a82846df292a4a2ac99e94fb5df00b73cf90968b2d47789bf10f6673b4e5c3b6631eedc336a2aa1b6de1fc3dda1d26b10c9d9c4bb92ceff38b0e49c0939a9d5b179f0d1cf7251406b473381c79bf4fa9670d6c6325a7f9909ae0b63
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 65680c783b728ab2a1880df4232ded32
-      Version: 3
-      TBS:
-        MD5: 9d44550dc9e1d18ef155513f85ab1f12
-        SHA1: 5f3d3da7374d8edbe4b2a2534c07682861458b3c
-        SHA256: 12d4c385c0c5e927fc876523b6874918232c08fdaff8e96e230e622b0841df00
-        SHA384: 165909cf2d34f32ea49a96d98d2c59d6eaad7a8bfe85f6e34d9da3fa79f40b31e4a88d3040558b876f2154c8970b41c4
-    Signer:
-    - SerialNumber: 65680c783b728ab2a1880df4232ded32
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 8007fd3858325a29ea818653b1ceb33c
-    SHA1: acaff2a453f47e14cf2a396ee2e6ca8cbc5801b7
-    SHA256: d95fe490f0c27ddb18fe210abef87a55a90d70c1c3fc71319e0f05ae06894b29
-  Sections:
-    .text:
-      Entropy: 5.474712044858714
-      Virtual Size: '0x9650'
-    .rdata:
-      Entropy: 3.609079674230226
-      Virtual Size: '0x1268'
-    .pdata:
-      Entropy: 3.954637417465344
-      Virtual Size: '0x3e4'
-    .srdata:
-      Entropy: 2.416721292937625
-      Virtual Size: '0x298'
-    .sdata:
-      Entropy: 2.4838136736919543
-      Virtual Size: '0x1b0'
-    .data:
-      Entropy: 1.0629748059111717
-      Virtual Size: '0x5bb060'
-    INIT:
-      Entropy: 5.613442587283406
-      Virtual Size: '0x92a'
-    .rsrc:
-      Entropy: 3.4112316573365282
-      Virtual Size: '0x3f8'
-    .reloc:
-      Entropy: 0.5046360681325445
-      Virtual Size: '0x1170'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2007-02-13 16:23:41'
-  Imphash: a793af44219650b4dd07d8a19ede33f1
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: iQVW64.SYS
-  MD5: 5adebdb94abb4c76dad2b7ecb1384a9d
-  SHA1: 1e8bccbd74f194db6411011017716c8c6b730d03
-  SHA256: 57a389da784269bb2cc0a258500f6dfbf4f6269276e1192619ce439ec77f4572
-  Authentihash:
-    MD5: 772d513b311dd6ff2ded105980a7f92a
-    SHA1: 5db96ed94e2e32cf82f38724f8715fd775e0ebff
-    SHA256: 94b42f99cb2ac4db601a3759afe374168bad1714bd48662d74fed69099517a65
-  Description: Intel(R) Network Adapter Diagnostic Driver
-  Company: 'Intel Corporation '
-  InternalName: iQVW64.SYS
-  OriginalFilename: iQVW64.SYS
-  FileVersion: '1.03.0.4 built by: WinDDK'
-  Product: Intel(R) iQVW64.SYS
-  ProductVersion: 1.03.0.4
-  Copyright: Copyright (C) 2002-2006 Intel Corporation All Rights Reserved.
-  MachineType: IA64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - KeGetCurrentIrql
-  - DbgPrint
-  - sprintf
-  - vsprintf
-  - IoFreeMdl
-  - MmMapLockedPages
-  - MmBuildMdlForNonPagedPool
-  - IoAllocateMdl
-  - MmUnmapIoSpace
-  - MmUnmapLockedPages
-  - MmAllocateContiguousMemory
-  - MmFreeContiguousMemory
-  - MmMapIoSpace
-  - ObfDereferenceObject
-  - KeWaitForSingleObject
-  - MmGetPhysicalAddress
-  - IoBuildSynchronousFsdRequest
-  - KeInitializeEvent
-  - ZwClose
-  - RtlFreeAnsiString
-  - strstr
-  - RtlUnicodeStringToAnsiString
-  - ZwEnumerateValueKey
-  - ZwOpenKey
-  - wcsncpy
-  - IoGetDeviceObjectPointer
-  - IoGetDeviceInterfaces
-  - ObReferenceObjectByPointer
-  - KeTickCount
-  - KeBugCheckEx
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - RtlInitUnicodeString
-  - IoDeleteSymbolicLink
-  - IofCallDriver
-  - IoDeleteDevice
-  - KeStallExecutionProcessor
-  - WRITE_PORT_ULONG
-  - WRITE_PORT_USHORT
-  - WRITE_PORT_UCHAR
-  - READ_PORT_ULONG
-  - READ_PORT_USHORT
-  - READ_PORT_UCHAR
-  - KeQueryPerformanceCounter
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2008-12-03 23:59:59'
-      Signature: 877870da4e5201205be079c98230c4fdb91996bd9100c3bdcdcdc6f40ed8fff94dc033623011c5f5741bd492de5f9c2013b17c45be50cd83e7801783a72793671346fbcab8984103cc9b515b058b7fa86ff31b501b242ef2698d6c22f7bbca1695ed0c74c06877d9eb996287c17390f889747a23aba3987b97b1f78f29714d2e751b4841daf0b50d2054d677a097826369fd09cf8af075bb099bd9f91155269a6132be7a02b07b86bea2c38b222c78d13576bc92735cf9b9e64c150a23cce4d2d4342e4940153c0f607a24c6a566ef96cf70eb3ee7f40d7edcd17ca3767169c19c4f47303521b1a2af1a623c2bd98eaa2a077bd818b35c7be29da56ffe3c89ad
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0de92bf0d4d82988183205095e9a7688
-      Version: 3
-      TBS:
-        MD5: 45c204b8a20f6abb0188d2d38a3fb0c9
-        SHA1: cdf3a3c5c2eda4c29621f30fd3154f9f8c765739
-        SHA256: e32839dddc0f4ed2474efaf37f59d46db400c700fd19533cb0895a111124bc77
-        SHA384: ee9c75832cb252218b3201619852209df490d2ef7a5f7a28afdb37f1c1dd56f4604898838e558f615b1c798d4a488223
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=US, ST=Oregon, L=Hillsboro, O=Intel Corporation, OU=Digital ID Class
-        3 , Microsoft Software Validation v2, OU=LAN Access Division, CN=Intel Corporation
-      ValidFrom: '2006-04-17 00:00:00'
-      ValidTo: '2009-05-31 23:59:59'
-      Signature: 1c9c5e1020ecb0b42a91db52dd24e367787824834a64266a853e2e606da460488ac331c35600c43713d44df9a63e354c802f6fd18393206067cb6386f02d31c9b1ec0cf22d2067dc3add71bcb23063436822b69c31e1aa9c236e1111651ba67adf5fa784b98a264a33e03e61bb7e5b3e47152ce5d4d4918ca92bfc581063b1c83777480f29f7c02f08f47078e95e0eca268714fd9e5cce7a381bcfcd55918af45d3e3b1f2a82846df292a4a2ac99e94fb5df00b73cf90968b2d47789bf10f6673b4e5c3b6631eedc336a2aa1b6de1fc3dda1d26b10c9d9c4bb92ceff38b0e49c0939a9d5b179f0d1cf7251406b473381c79bf4fa9670d6c6325a7f9909ae0b63
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 65680c783b728ab2a1880df4232ded32
-      Version: 3
-      TBS:
-        MD5: 9d44550dc9e1d18ef155513f85ab1f12
-        SHA1: 5f3d3da7374d8edbe4b2a2534c07682861458b3c
-        SHA256: 12d4c385c0c5e927fc876523b6874918232c08fdaff8e96e230e622b0841df00
-        SHA384: 165909cf2d34f32ea49a96d98d2c59d6eaad7a8bfe85f6e34d9da3fa79f40b31e4a88d3040558b876f2154c8970b41c4
-    Signer:
-    - SerialNumber: 65680c783b728ab2a1880df4232ded32
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 8007fd3858325a29ea818653b1ceb33c
-    SHA1: acaff2a453f47e14cf2a396ee2e6ca8cbc5801b7
-    SHA256: d95fe490f0c27ddb18fe210abef87a55a90d70c1c3fc71319e0f05ae06894b29
-  Sections:
-    .text:
-      Entropy: 5.474603753371456
-      Virtual Size: '0x9650'
-    .rdata:
-      Entropy: 3.6134847275970596
-      Virtual Size: '0x1268'
-    .pdata:
-      Entropy: 3.954637417465344
-      Virtual Size: '0x3e4'
-    .srdata:
-      Entropy: 2.416721292937625
-      Virtual Size: '0x298'
-    .sdata:
-      Entropy: 2.4838136736919543
-      Virtual Size: '0x1b0'
-    .data:
-      Entropy: 1.0629748059111717
-      Virtual Size: '0x5bb060'
-    INIT:
-      Entropy: 5.611516822868356
-      Virtual Size: '0x92a'
-    .rsrc:
-      Entropy: 3.4112316573365282
-      Virtual Size: '0x3f8'
-    .reloc:
-      Entropy: 0.5046360681325445
-      Virtual Size: '0x1170'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2007-05-24 00:36:30'
-  Imphash: a793af44219650b4dd07d8a19ede33f1
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: iQVW64.SYS
-  MD5: b32497762d916dba6c827e31205b67dd
-  SHA1: 9310239b75394b75a963336fbd154038fc13c4e3
-  SHA256: 5f6547e9823f94c5b94af1fb69a967c4902f72b6e0c783804835e6ce27f887b0
-  Authentihash:
-    MD5: b08ec7710e9596bf9389b458b4f9717b
-    SHA1: d544c1dfd17aee4bf15dc4aa8d5208fe304f4eb4
-    SHA256: b261d4065c03dcc732a951a9451b3a9f6054899eb3b8a4062dfed1c0ca3f3755
-  Description: Intel(R) Network Adapter Diagnostic Driver
-  Company: 'Intel Corporation '
-  InternalName: iQVW64.SYS
-  OriginalFilename: iQVW64.SYS
-  FileVersion: '1.3.2.13 built by: WinDDK'
-  Product: Intel(R) iQVW64.SYS
-  ProductVersion: 1.3.2.13
-  Copyright: Copyright (C) 2002-2017 Intel Corporation All Rights Reserved.
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoCreateSymbolicLink
-  - IofCompleteRequest
-  - MmIsAddressValid
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - MmGetPhysicalAddress
-  - DbgPrint
-  - strncpy
-  - vsprintf
-  - IoFreeMdl
-  - MmMapLockedPagesSpecifyCache
-  - MmBuildMdlForNonPagedPool
-  - IoAllocateMdl
-  - MmUnmapIoSpace
-  - MmUnmapLockedPages
-  - MmAllocateContiguousMemory
-  - MmFreeContiguousMemory
-  - MmMapIoSpace
-  - RtlInitUnicodeString
-  - KeWaitForSingleObject
-  - IofCallDriver
-  - IoBuildSynchronousFsdRequest
-  - KeInitializeEvent
-  - ZwClose
-  - RtlFreeAnsiString
-  - strstr
-  - RtlUnicodeStringToAnsiString
-  - ZwEnumerateValueKey
-  - ZwOpenKey
-  - wcsncpy
-  - IoGetDeviceObjectPointer
-  - IoGetDeviceInterfaces
-  - ObReferenceObjectByPointer
-  - MmAllocateNonCachedMemory
-  - MmFreeNonCachedMemory
-  - KeBugCheckEx
-  - IoDeleteSymbolicLink
-  - ObfDereferenceObject
-  - IoDeleteDevice
-  - MmGetSystemRoutineAddress
-  - ZwSetSecurityObject
-  - ObOpenObjectByPointer
-  - IoDeviceObjectType
-  - IoCreateDevice
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetSaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - _snwprintf
-  - RtlLengthSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - SeExports
-  - IoIsWdmVersionAvailable
-  - _wcsnicmp
-  - RtlAddAccessAllowedAce
-  - RtlLengthSid
-  - wcschr
-  - RtlAbsoluteToSelfRelativeSD
-  - RtlSetDaclSecurityDescriptor
-  - RtlCreateSecurityDescriptor
-  - ZwCreateKey
-  - ZwQueryValueKey
-  - ZwSetValueKey
-  - RtlFreeUnicodeString
-  - KeStallExecutionProcessor
-  - KeQueryPerformanceCounter
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=CA, L=Santa Clara, O=Intel Corporation, CN=Intel(R) INTELND1617
-      ValidFrom: '2016-09-22 20:33:26'
-      ValidTo: '2017-09-22 20:33:26'
-      Signature: 58a551acbb46f94e4e69d0dba0bc403d4290ce875c9acf2e6d12020b912d9e0d32875d781c9708fe33ac9ccdeb2bed9145239dd5801cdb9b3bb6fb13cd2faabe50bef817958fbc3da7ae52cf26d0479f7719ca250c3b16a656d91306585d5fdac2ba2f6c1c79aa27c658b15b65782eff638d7a35fdf339431c5781f5097a0a6ea06548d565f2a1242132e946117a7655258902642ade6bdccfc16de3076e8793f72f54a350311120a32012b3867e96be72615d1958972a76672007236bbe386630bbeea96c1eedc9ad9e0a37c552359fdbaf315f2d180e9c5b62f32cb870d1c87600da28fd67a0574e86be564e80ac8918a6fba69a1a151020d4af214528127f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 330000ba45a7f4234edca115e400020000ba45
-      Version: 3
-      TBS:
-        MD5: fd23f7497ae36eb7eaaff376598e060b
-        SHA1: e6b5f8479757625ad54c8a3fe9819feb2dde06fe
-        SHA256: 3e8e8357b13852cc90263d6ca1243a65555fe1840a26b8b71f45c426e90ee70f
-        SHA384: 4aa328888abed813d9e0fc7c81bd5404b4cc213148b1394220091695322b27a860442b5199124a682c9b7cf10c1922ef
-    - Subject: C=US, ST=CA, L=Santa Clara, O=Intel Corporation, CN=Intel External
-        Basic Issuing CA 3B
-      ValidFrom: '2013-02-08 22:21:23'
-      ValidTo: '2018-02-08 22:31:23'
-      Signature: 47bb93e603b1d9570eff60e90fc75e86e623f7defa6dc27732ef23f68fcc6f2572d4a94bad11a273bb8bd2b7b8879474890ccc5cea3a9ac0753a97597c22003d7ac7c55be8d49313ec8f94cda833dfa4d79aa1c8d8a3b4497e173a02e96656978d16b470abbc6b1048e7457b13c74d05bca02c0516be067ef679678f9c3454e67eea197714f19d3b55e4339f69bba7a72254512c677d0452aa7b66dea96aad8ca15c7939cd1c85ec890699854627a001576e93365145e15a3a59af5b41f9709dc4160e05e795b401b4931a590b8a31f7b648c86af6228c9e92286fa893b4a772533ada2cfad43dbf09237fdfcc652ad091aa5031c865f53858d4b39be6311008
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 612cff88000100000010
-      Version: 3
-      TBS:
-        MD5: da9a02953cdcc039174d11b07dd2967d
-        SHA1: 568cfca269ff49615d305e680988337f0a90bc32
-        SHA256: fad628f5236458a9116a99f2d64fb9131a28f9942fca6239a5e7be0dddf4ce9f
-        SHA384: 5edeab0248f63cdc4c10b748618cd6fa4aa53ffb0ddfd51a2e35de2ea55a56822aa53fa734a46705655e8f5878b24ffd
-    - Subject: C=US, O=Intel Corporation, CN=Intel External Basic Policy CA
-      ValidFrom: '2013-02-01 00:00:00'
-      ValidTo: '2020-05-30 10:48:38'
-      Signature: 586fbfcd43074213fcb8d0ad8121f28a6fef87bc268a7c00bd680c2b19642c1167b3a9d9790aac395d6500163b53466ea2a6b56799dbe8bfa225ae049511093a2fdeacb73db8bc017430804748544ca0fb6ba8b8a284b7f434e57bcedc5278f4316d4251ae87bf94acbe9616fb55e5798264fdac5038e4dccb812ce7776f9d9b235c7d0403f4079e7ed457e266944debb55c5c629e8c2d83e64614e2a11380fddae0862711922bbd87174fcb19184b5e8ce60dd98f7d23766fa4ffa0ba3de36d37d62638e81a9c2392c8561f1a1a8e00d633a66b95fa821e740b0fa486df23337c9e3614b35ce2a3ed48a08e28f1d74cf6c09bb4f53ca3e5a863a22c08a5d5fe
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 79174aa9141736fe15a7ca9f2cff4588
-      Version: 3
-      TBS:
-        MD5: 6ce466d55ab160317ee9b13522c2a82a
-        SHA1: 53b052ba209c525233293274854b264bc0f68b73
-        SHA256: f71790e057380a0cbafdfc25bc8b3dafd6cfbeb01077bb3d8194e91254a2fc9b
-        SHA384: c0cc37f9505ff2bab958c8ef1ea94736efae52bcf5948c866446c46b64fb9f5e603fbad4bc70270ae74e58ac8ab055f9
-    - Subject: C=BM, O=QuoVadis Limited, CN=QuoVadis Issuing CA G4
-      ValidFrom: '2014-05-30 16:35:55'
-      ValidTo: '2021-03-17 18:33:33'
-      Signature: b9f61352b517a72a4d84774309a4dba067b4600e42f403bdc4ff2c5a0f902e78c563c84aec27f67ce429d0cf6018fa6822da0252760df21754c6f6081ea1cc82e4c33a6d99227cc4c077b4e6052047934039cfdc55adc346af294d799c644c205f8a1c56fc46a05fcb98dd917a39b4afc477996b9eacde6f2d79ea7fd7132498521cfd693eed72ac3fd0b4011914edb0f0cbf39c5114238cc7dc697d328196e41d478f017694833e888d925b1858986903c7f5d3f2615250eb34a0fd2630300fb5fd70e7272c370b1cf3e71ea62c0743b64b885e971fc1307d60642af30c7068445163599fdb57c21fff80e5c21192d82fefd51743ff642d64845c521a63c267
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 69b2d1ccf02e20dcc95c62894f7f9e5f5fc057bf
-      Version: 3
-      TBS:
-        MD5: 4e0fbd79a99e4a55f97ef41efee38a9f
-        SHA1: 114f36d5f22b84de97893469fc00b7035b3ef734
-        SHA256: f6dd9683708786a413d4d6a3661fa4e4aeb328adbd181b398b5b6aa02bb0bc16
-        SHA384: a26fe570a01b0e15cf94b41ce48ebd39ed9e9d18493d4c117f0fbb5a5b33ed8ef06c069b9638dda957547f0b0645e447
-    - Subject: C=US, ST=CA, L=Santa Clara, O=Intel Corporation, OU=Thales TSS ESN:E892,D055,162F,
-        OU=Thales TSS ESN:E892,D055,162F, CN=timestamp.intel.com
-      ValidFrom: '2015-04-24 21:46:24'
-      ValidTo: '2018-04-24 21:46:23'
-      Signature: 8047f4f1adda6f2972314a83957d8317eaac6de7c512ffd6069d24346b58a697a0722a7e8f6fb1a3825f077b4115dcb2003b12b1e9cd47c2bce88061e702768706f101c55154b860d71ae231242724ec4e09a87e776f3b4ec14a432dd51da06908b867d874759885bdba067703d65975f064df053453abeaff8f46cc7f0dbf7a7f7771155314da26284645114a4b457556b9b86a7e6d656f6d5d07ad51c212a336d392a18508484a89594bf9433cc56f4a28f13cbb8c07911bbe7688519f20e4ee85acd6bcb40655e0e2d120af74a61f059d57fc51e7897c4b4c495d7e58b7a53f9f6e60ec746ffc1c83e50bb90b31f78c4623d0d3c6cabd94b092173f6d92493ea4109bef62b451cdd34855970eb7d46eff53faa9a5dfa86ce6827b4c6239ad91a6043965b86ded234fb7df1c1dd1999fb3f40cba71be3b0fdaf27b52094b4327aa4b0465dff988dfbaed910b737a4ef098c661896f0db44a438acd6ae50f2d8d52ab07b20bd11f7577a253a41d891bf853ba5d3900a496cdc1913eb3279ad47c07e02e0477afd8f1afbaa91ea4397e65a660baece3779e44a9db7638b84b76afdd6f42dcc7f5df4ede64b4dad08039849784a2faefe3537f587499af729480c29214c9cb5c7c58afd5a474ee319a892dc603d522fd5e588369f322c15c8dcd8848ecf1d203c48434736573ed50266127bd3b2a97189c05bb1bb70ff394ce11
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 28a11e74fc0b8754580f50954c47c94e67754f28
-      Version: 3
-      TBS:
-        MD5: 990afc9a12be270c0fa6921df0223974
-        SHA1: a7025b6889dbdeb4c6770d524d4c80a0a75da5df
-        SHA256: 6eb4cfbd4f50e31ece8b34937025ca350330cb25367a401a5665e68159b47f13
-        SHA384: 287f1afb51c586f323b8f42bd6e269051c3aabfd1aaa084650d4d35a42a122489b2cb634c6842981273da17c3d6c8c1d
-    - Subject: C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust
-        External CA Root
-      ValidFrom: '2013-08-15 20:26:30'
-      ValidTo: '2023-08-15 20:36:30'
-      Signature: 362ba2f2e1331fe493f7f26985c6640ec99b632fe4703798fd94ec7bcff8a14246f9ed6a4e8d34693605557a1ebbad8c99429606e925a82684bec1bf16a97caa5b04b7fdd1c0f402be28edf577c79bfe3af6e8c17bd382abfa144ecf2bcfe5d5b54840b1a38f838bad2b2553aba634cef243f74f2ce9dd1e4e5ab6bae83b10992400bc50fd78f6e523a8899493f7b74130374a57b7e644d9c9df9905aa44fc74af8264cc07cb01b609c32ee3e832a7b49f4178c7a184365462f2ec150ac8ead084f8f1e06bf456125f95e0fcddb77693fe294a25e90400f1b4110ec9849edb177df51ea58e3629193a6d6c464bd7ab7024288d05a3d9d524f2f8a0d13c8239d4a8820e693a8109fc06f0c75933843693064191232c22a5a7012b50b428aedb46b0591b86b39b87e8494e390b6d14df4c03301e1f5f74aef55b590353ec9816e0d06235751b48b87d13e57a48b87752a40798253b069b7a4e6a6f44864f144f2779273d5073414c9c413edd290c73b1c7fb1f760c176504ebd25010924149ece4067d3615446f89bf697df94d40c13a98b6a07e31d2b5aecafb53d53f5086cd5e933b6d5d7c9a3f3ff7a9255884dd114900a2c7c89e37dd778e6d718be05b81345d54baccf59347886de7ef5be228e4801b40e40f2ad17f2315655aac9994433f465526d6c4fa8895e2919aa32d0b85deac8ce0f967709f71790231f761a229c4
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 3300000035d8d5595b0671412b000000000035
-      Version: 3
-      TBS:
-        MD5: 3d488d41aaeb5661974952080abef2fd
-        SHA1: df01e35e6befc7d65625319f17397b861e618d56
-        SHA256: 3d6ef38b5d26773dc77392e415e88b3a744b30ea9f2081e2a992b5818db2f0c4
-        SHA384: ac7c06916fe4a00307834b2499f12799d3fe463c2e63d1881df669a2786745beeee2b3a7d87cd6bc9e4fe293c22e5a59
-    Signer:
-    - SerialNumber: 330000ba45a7f4234edca115e400020000ba45
-      Issuer: C=US, ST=CA, L=Santa Clara, O=Intel Corporation, CN=Intel External Basic
-        Issuing CA 3B
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 84dfb7245aa6b7f3efec05cfa6559636
-    SHA1: 695bd45c0e89dcb58253e90c9a43400b03ae2202
-    SHA256: 3ff178ffbb2c17ce7c3a02ef5943ddf3b580e3e28f6cc59775c5369062a0b9ab
-  Sections:
-    .text:
-      Entropy: 6.26149486344197
-      Virtual Size: '0x4945'
-    .rdata:
-      Entropy: 4.781728512805813
-      Virtual Size: '0xed0'
-    .data:
-      Entropy: 1.1262035268835313
-      Virtual Size: '0x5ca0a0'
-    .pdata:
-      Entropy: 4.658699009524359
-      Virtual Size: '0x678'
-    PAGE:
-      Entropy: 6.1261566082145595
-      Virtual Size: '0x1b71'
-    INIT:
-      Entropy: 5.769261214042255
-      Virtual Size: '0xb4c'
-    .rsrc:
-      Entropy: 3.439744127272693
-      Virtual Size: '0x3f8'
-    .reloc:
-      Entropy: 1.2072398645622464
-      Virtual Size: '0x60'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2017-04-03 09:14:26'
-  Imphash: 2cf48a541dc193e91bb2a831adcf278e
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: iQVW64.SYS
-  MD5: ca6931fcbc1492d7283aa9dc0149032e
-  SHA1: 45a9f95a7a018925148152b888d09d478d56bbf5
-  SHA256: 5f69d6b167a1eeca3f6ac64785c3c01976ee7303171faf998d65852056988683
-  Authentihash:
-    MD5: 5617c10f9fb9e09aba8657adb2c05b07
-    SHA1: b4d869e7b3be6f0ae0113b05bc5358b955e2f6d4
-    SHA256: 08209cd92723526d56863e89f283750e2ee57c69db37ae501aa889c0c60bb552
-  Description: Intel(R) Network Adapter Diagnostic Driver
-  Company: 'Intel Corporation '
-  InternalName: iQVW64.SYS
-  OriginalFilename: iQVW64.SYS
-  FileVersion: '1.03.2.7 built by: WinDDK'
-  Product: Intel(R) iQVW64.SYS
-  ProductVersion: 1.03.2.7
-  Copyright: Copyright (C) 2002-2016 Intel Corporation All Rights Reserved.
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoCreateSymbolicLink
-  - IofCompleteRequest
-  - MmIsAddressValid
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - MmGetPhysicalAddress
-  - DbgPrint
-  - strncpy
-  - vsprintf
-  - IoFreeMdl
-  - MmMapLockedPagesSpecifyCache
-  - MmBuildMdlForNonPagedPool
-  - IoAllocateMdl
-  - MmUnmapIoSpace
-  - MmUnmapLockedPages
-  - MmAllocateContiguousMemory
-  - MmFreeContiguousMemory
-  - MmMapIoSpace
-  - RtlInitUnicodeString
-  - KeWaitForSingleObject
-  - IofCallDriver
-  - IoBuildSynchronousFsdRequest
-  - KeInitializeEvent
-  - ZwClose
-  - RtlFreeAnsiString
-  - strstr
-  - RtlUnicodeStringToAnsiString
-  - ZwEnumerateValueKey
-  - ZwOpenKey
-  - wcsncpy
-  - IoGetDeviceObjectPointer
-  - IoGetDeviceInterfaces
-  - ObReferenceObjectByPointer
-  - MmAllocateNonCachedMemory
-  - MmFreeNonCachedMemory
-  - KeBugCheckEx
-  - IoDeleteSymbolicLink
-  - ObfDereferenceObject
-  - IoDeleteDevice
-  - MmGetSystemRoutineAddress
-  - ZwSetSecurityObject
-  - ObOpenObjectByPointer
-  - IoDeviceObjectType
-  - IoCreateDevice
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetSaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - _snwprintf
-  - RtlLengthSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - SeExports
-  - IoIsWdmVersionAvailable
-  - _wcsnicmp
-  - RtlAddAccessAllowedAce
-  - RtlLengthSid
-  - wcschr
-  - RtlAbsoluteToSelfRelativeSD
-  - RtlSetDaclSecurityDescriptor
-  - RtlCreateSecurityDescriptor
-  - ZwCreateKey
-  - ZwQueryValueKey
-  - ZwSetValueKey
-  - RtlFreeUnicodeString
-  - KeStallExecutionProcessor
-  - KeQueryPerformanceCounter
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=CA, L=Santa Clara, O=Intel Corporation, CN=Intel(R) INTELNPG1
-      ValidFrom: '2015-09-28 19:41:01'
-      ValidTo: '2016-09-27 19:41:01'
-      Signature: 2e848fb2550d87edeeacf69dca78bc7ee5e795fd42baa6a313ef275d8d2e759cc65a18cd2377377e94a0ebb35a0102145417defb44dcf18f4dd77ee101906f3246ae512d7bb1e1dc4e40381a2c6ee4b4109167360f93b6694abc8c91dfec6b9da549d30c874b96a7f1217f5a4ee8093a880eb8aafbc2d9b58de2a71e8cb2fcf51d7133cf971410e9de26ad9a1b3516055847e9979af0c1fe4950fcd301d3f4170bf37660e3eb7f30197aad793158fee9958f2772eca1836e57bfd50c2c3dbf6cb6916e56f9a7e262f79d57c75993056f677ff60638475f9980b51f0916fea9e87e96778bb86cbb56425752eed78660e6e026728f8388d1e05f2cf54fd664c17e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 330000b7c6cfa9df260db5243500020000b7c6
-      Version: 3
-      TBS:
-        MD5: d04e62ad536be27b5ae5f53dfe14060b
-        SHA1: 558dc33cda5a996d71afe98ea75f5d81c358f42b
-        SHA256: 832c1b2d5269714f6804e13ed6fe068d732b543de00975c9e04dd697bf7be6e1
-        SHA384: fde1b110f034d38c2923861b58e91798da1b17afbf0ed367c3fd6ecc708d2795a4d7434367625db81d686337cce199d0
-    - Subject: C=US, ST=CA, L=Santa Clara, O=Intel Corporation, CN=Intel External
-        Basic Issuing CA 3B
-      ValidFrom: '2013-02-08 22:21:23'
-      ValidTo: '2018-02-08 22:31:23'
-      Signature: 47bb93e603b1d9570eff60e90fc75e86e623f7defa6dc27732ef23f68fcc6f2572d4a94bad11a273bb8bd2b7b8879474890ccc5cea3a9ac0753a97597c22003d7ac7c55be8d49313ec8f94cda833dfa4d79aa1c8d8a3b4497e173a02e96656978d16b470abbc6b1048e7457b13c74d05bca02c0516be067ef679678f9c3454e67eea197714f19d3b55e4339f69bba7a72254512c677d0452aa7b66dea96aad8ca15c7939cd1c85ec890699854627a001576e93365145e15a3a59af5b41f9709dc4160e05e795b401b4931a590b8a31f7b648c86af6228c9e92286fa893b4a772533ada2cfad43dbf09237fdfcc652ad091aa5031c865f53858d4b39be6311008
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 612cff88000100000010
-      Version: 3
-      TBS:
-        MD5: da9a02953cdcc039174d11b07dd2967d
-        SHA1: 568cfca269ff49615d305e680988337f0a90bc32
-        SHA256: fad628f5236458a9116a99f2d64fb9131a28f9942fca6239a5e7be0dddf4ce9f
-        SHA384: 5edeab0248f63cdc4c10b748618cd6fa4aa53ffb0ddfd51a2e35de2ea55a56822aa53fa734a46705655e8f5878b24ffd
-    - Subject: C=US, O=Intel Corporation, CN=Intel External Basic Policy CA
-      ValidFrom: '2013-02-01 00:00:00'
-      ValidTo: '2020-05-30 10:48:38'
-      Signature: 586fbfcd43074213fcb8d0ad8121f28a6fef87bc268a7c00bd680c2b19642c1167b3a9d9790aac395d6500163b53466ea2a6b56799dbe8bfa225ae049511093a2fdeacb73db8bc017430804748544ca0fb6ba8b8a284b7f434e57bcedc5278f4316d4251ae87bf94acbe9616fb55e5798264fdac5038e4dccb812ce7776f9d9b235c7d0403f4079e7ed457e266944debb55c5c629e8c2d83e64614e2a11380fddae0862711922bbd87174fcb19184b5e8ce60dd98f7d23766fa4ffa0ba3de36d37d62638e81a9c2392c8561f1a1a8e00d633a66b95fa821e740b0fa486df23337c9e3614b35ce2a3ed48a08e28f1d74cf6c09bb4f53ca3e5a863a22c08a5d5fe
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 79174aa9141736fe15a7ca9f2cff4588
-      Version: 3
-      TBS:
-        MD5: 6ce466d55ab160317ee9b13522c2a82a
-        SHA1: 53b052ba209c525233293274854b264bc0f68b73
-        SHA256: f71790e057380a0cbafdfc25bc8b3dafd6cfbeb01077bb3d8194e91254a2fc9b
-        SHA384: c0cc37f9505ff2bab958c8ef1ea94736efae52bcf5948c866446c46b64fb9f5e603fbad4bc70270ae74e58ac8ab055f9
-    - Subject: C=BM, O=QuoVadis Limited, CN=QuoVadis Issuing CA G4
-      ValidFrom: '2014-05-30 16:35:55'
-      ValidTo: '2021-03-17 18:33:33'
-      Signature: b9f61352b517a72a4d84774309a4dba067b4600e42f403bdc4ff2c5a0f902e78c563c84aec27f67ce429d0cf6018fa6822da0252760df21754c6f6081ea1cc82e4c33a6d99227cc4c077b4e6052047934039cfdc55adc346af294d799c644c205f8a1c56fc46a05fcb98dd917a39b4afc477996b9eacde6f2d79ea7fd7132498521cfd693eed72ac3fd0b4011914edb0f0cbf39c5114238cc7dc697d328196e41d478f017694833e888d925b1858986903c7f5d3f2615250eb34a0fd2630300fb5fd70e7272c370b1cf3e71ea62c0743b64b885e971fc1307d60642af30c7068445163599fdb57c21fff80e5c21192d82fefd51743ff642d64845c521a63c267
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 69b2d1ccf02e20dcc95c62894f7f9e5f5fc057bf
-      Version: 3
-      TBS:
-        MD5: 4e0fbd79a99e4a55f97ef41efee38a9f
-        SHA1: 114f36d5f22b84de97893469fc00b7035b3ef734
-        SHA256: f6dd9683708786a413d4d6a3661fa4e4aeb328adbd181b398b5b6aa02bb0bc16
-        SHA384: a26fe570a01b0e15cf94b41ce48ebd39ed9e9d18493d4c117f0fbb5a5b33ed8ef06c069b9638dda957547f0b0645e447
-    - Subject: C=US, ST=CA, L=Santa Clara, O=Intel Corporation, OU=Authenticode, OU=Thales
-        TSS ESN:A6A7,71B2,73F1, CN=Timestamp.intel.com
-      ValidFrom: '2014-12-09 21:30:38'
-      ValidTo: '2017-12-09 21:30:35'
-      Signature: 946aee51ab48079d01882edffbe887d87828778d30da382cacb0c1d5a4c0fc8437badc00c2c16454a82564ba4bcf776b79eb1feedc4e4ccd02514bbaea7c9b755d88a43a9493e07ebaa22358f95dabd995d4c572134e266dfb4bbd3a4c95c3191abbba7b1d1d0587c4a3e3911e1037fda9dacd9fe9c63383f0c21ece4e829c9c7e40e96a64139dfda69d0255a9588dbff28bfec8d343ca34decb755531b384a6cf388a5f06685870f79a321c3fc0e221cf8bba3b1e0b5d0486eb02f6e9008ebc4c2741215451b0ba6e1ec9d9e202b4e38c9184838c5e948df1c051aa0d0122c32810c11cb3458735c726b9e252558e0257b3360f85ec5ba949c3a3f8841c1938b5661ea9bde4f0894b40bd9567e89b17b373faaeeb1de7b7b27e4f52b46add679ac3dbd35bbdb48c9c6fb7aae98058c99002e9e53e0a0d5d88d21289ecce372c63afc6a08ca8f61d013695e40c48b67b9725dab9607e3f80e82d2f56afdd10b453d2e82d488b69a7ca63ced68f9bdc855d62fd79103e8b4abfef936e430dee4ea4e2a199a43a03783e4e4489807170fd63f12272c865861419fe6f2c474948f8749cb696446054b3e0913bba0f5483640dd33e955421beb4574f8398398e1323b3f24f83f640c5146aa90c6e314d6ccdcf8d21bbd09e4ff883e369adc6b742c021d833a2d4fefbba1080d8ca8eade080908a626fb8396451e2616afc943e1f74
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 385dccec5fe14d3974c9591a3ab1c2caad188c2d
-      Version: 3
-      TBS:
-        MD5: 4d35161b8be0a29812bb748b548e94b1
-        SHA1: bf27e048115892363598dec245759aa7529eb154
-        SHA256: d5c67eb0b73915a6f12dbe19f662205172cc9c97b9988b78a07f14c3b7e1e2b0
-        SHA384: 8b0e411b3fc02dd3a8f5f7d248699a7d882c160a6e3753c1b223d2b0671a6d3f9efa4894172a3bfa3525787be2d6f20e
-    - Subject: C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust
-        External CA Root
-      ValidFrom: '2013-08-15 20:26:30'
-      ValidTo: '2023-08-15 20:36:30'
-      Signature: 362ba2f2e1331fe493f7f26985c6640ec99b632fe4703798fd94ec7bcff8a14246f9ed6a4e8d34693605557a1ebbad8c99429606e925a82684bec1bf16a97caa5b04b7fdd1c0f402be28edf577c79bfe3af6e8c17bd382abfa144ecf2bcfe5d5b54840b1a38f838bad2b2553aba634cef243f74f2ce9dd1e4e5ab6bae83b10992400bc50fd78f6e523a8899493f7b74130374a57b7e644d9c9df9905aa44fc74af8264cc07cb01b609c32ee3e832a7b49f4178c7a184365462f2ec150ac8ead084f8f1e06bf456125f95e0fcddb77693fe294a25e90400f1b4110ec9849edb177df51ea58e3629193a6d6c464bd7ab7024288d05a3d9d524f2f8a0d13c8239d4a8820e693a8109fc06f0c75933843693064191232c22a5a7012b50b428aedb46b0591b86b39b87e8494e390b6d14df4c03301e1f5f74aef55b590353ec9816e0d06235751b48b87d13e57a48b87752a40798253b069b7a4e6a6f44864f144f2779273d5073414c9c413edd290c73b1c7fb1f760c176504ebd25010924149ece4067d3615446f89bf697df94d40c13a98b6a07e31d2b5aecafb53d53f5086cd5e933b6d5d7c9a3f3ff7a9255884dd114900a2c7c89e37dd778e6d718be05b81345d54baccf59347886de7ef5be228e4801b40e40f2ad17f2315655aac9994433f465526d6c4fa8895e2919aa32d0b85deac8ce0f967709f71790231f761a229c4
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 3300000035d8d5595b0671412b000000000035
-      Version: 3
-      TBS:
-        MD5: 3d488d41aaeb5661974952080abef2fd
-        SHA1: df01e35e6befc7d65625319f17397b861e618d56
-        SHA256: 3d6ef38b5d26773dc77392e415e88b3a744b30ea9f2081e2a992b5818db2f0c4
-        SHA384: ac7c06916fe4a00307834b2499f12799d3fe463c2e63d1881df669a2786745beeee2b3a7d87cd6bc9e4fe293c22e5a59
-    Signer:
-    - SerialNumber: 330000b7c6cfa9df260db5243500020000b7c6
-      Issuer: C=US, ST=CA, L=Santa Clara, O=Intel Corporation, CN=Intel External Basic
-        Issuing CA 3B
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 84dfb7245aa6b7f3efec05cfa6559636
-    SHA1: 695bd45c0e89dcb58253e90c9a43400b03ae2202
-    SHA256: 3ff178ffbb2c17ce7c3a02ef5943ddf3b580e3e28f6cc59775c5369062a0b9ab
-  Sections:
-    .text:
-      Entropy: 6.295892814002313
-      Virtual Size: '0x4b95'
-    .rdata:
-      Entropy: 4.790906217741617
-      Virtual Size: '0xed4'
-    .data:
-      Entropy: 1.1262035268835313
-      Virtual Size: '0x5ca0a0'
-    .pdata:
-      Entropy: 4.662346739100627
-      Virtual Size: '0x678'
-    PAGE:
-      Entropy: 6.127905616673761
-      Virtual Size: '0x1b71'
-    INIT:
-      Entropy: 5.777452830533018
-      Virtual Size: '0xb4c'
-    .rsrc:
-      Entropy: 3.4355466248056747
-      Virtual Size: '0x3f8'
-    .reloc:
-      Entropy: 1.2072398645622464
-      Virtual Size: '0x60'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2016-08-23 19:52:09'
-  Imphash: 2cf48a541dc193e91bb2a831adcf278e
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: iQVW64.SYS
-  MD5: 349fa788a4a7b57e37e426aca9b736d5
-  SHA1: 687b8962febbbea4cf6b3c11181fd76acb7dfd5a
-  SHA256: 77c5e95b872b1d815d6d3ed28b399ca39f3427eeb0143f49982120ff732285a9
-  Authentihash:
-    MD5: c50808f1da14138ea4b38907f113ab5a
-    SHA1: 859be8b0b744eee0b9a3410fc5a614b924ac4b43
-    SHA256: e7fe1fa6d2e5502ff1882a345790d0aab3ad34fe269ab23e3115d2d93db3fe6b
-  Description: Intel(R) Network Adapter Diagnostic Driver
-  Company: 'Intel Corporation '
-  InternalName: iQVW64.SYS
-  OriginalFilename: iQVW64.SYS
-  FileVersion: '1.03.0.4 built by: WinDDK'
-  Product: Intel(R) iQVW64.SYS
-  ProductVersion: 1.03.0.4
-  Copyright: Copyright (C) 2002-2006 Intel Corporation All Rights Reserved.
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - IofCompleteRequest
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - MmGetPhysicalAddress
-  - DbgPrint
-  - sprintf
-  - vsprintf
-  - IoFreeMdl
-  - MmMapLockedPages
-  - MmBuildMdlForNonPagedPool
-  - IoAllocateMdl
-  - MmUnmapIoSpace
-  - MmUnmapLockedPages
-  - MmAllocateContiguousMemory
-  - MmFreeContiguousMemory
-  - RtlInitUnicodeString
-  - ObfDereferenceObject
-  - KeWaitForSingleObject
-  - IofCallDriver
-  - IoBuildSynchronousFsdRequest
-  - KeInitializeEvent
-  - ZwClose
-  - RtlFreeAnsiString
-  - strstr
-  - RtlUnicodeStringToAnsiString
-  - ZwEnumerateValueKey
-  - ZwOpenKey
-  - wcsncpy
-  - IoGetDeviceObjectPointer
-  - IoGetDeviceInterfaces
-  - ObReferenceObjectByPointer
-  - KeBugCheckEx
-  - IoDeleteSymbolicLink
-  - MmMapIoSpace
-  - IoDeleteDevice
-  - KeStallExecutionProcessor
-  - KeQueryPerformanceCounter
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=US, ST=Oregon, L=Hillsboro, O=Intel Corporation, OU=Digital ID Class
-        3 , Microsoft Software Validation v2, OU=LAN Access Division, CN=Intel Corporation
-      ValidFrom: '2006-04-17 00:00:00'
-      ValidTo: '2009-05-31 23:59:59'
-      Signature: 1c9c5e1020ecb0b42a91db52dd24e367787824834a64266a853e2e606da460488ac331c35600c43713d44df9a63e354c802f6fd18393206067cb6386f02d31c9b1ec0cf22d2067dc3add71bcb23063436822b69c31e1aa9c236e1111651ba67adf5fa784b98a264a33e03e61bb7e5b3e47152ce5d4d4918ca92bfc581063b1c83777480f29f7c02f08f47078e95e0eca268714fd9e5cce7a381bcfcd55918af45d3e3b1f2a82846df292a4a2ac99e94fb5df00b73cf90968b2d47789bf10f6673b4e5c3b6631eedc336a2aa1b6de1fc3dda1d26b10c9d9c4bb92ceff38b0e49c0939a9d5b179f0d1cf7251406b473381c79bf4fa9670d6c6325a7f9909ae0b63
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 65680c783b728ab2a1880df4232ded32
-      Version: 3
-      TBS:
-        MD5: 9d44550dc9e1d18ef155513f85ab1f12
-        SHA1: 5f3d3da7374d8edbe4b2a2534c07682861458b3c
-        SHA256: 12d4c385c0c5e927fc876523b6874918232c08fdaff8e96e230e622b0841df00
-        SHA384: 165909cf2d34f32ea49a96d98d2c59d6eaad7a8bfe85f6e34d9da3fa79f40b31e4a88d3040558b876f2154c8970b41c4
-    Signer:
-    - SerialNumber: 65680c783b728ab2a1880df4232ded32
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 4521e9ed78c16f8d1e49a1981dfb32eb
-    SHA1: 557230bdf881a5a09523f4b063c81e10594ee183
-    SHA256: 4d270337cbd39f54b308a8b11869c2d85075acb846ce369f90aeceb8dd87782f
-  Sections:
-    .text:
-      Entropy: 6.313950625118645
-      Virtual Size: '0x4525'
-    .rdata:
-      Entropy: 5.072782940842027
-      Virtual Size: '0xaa0'
-    .data:
-      Entropy: 1.3642226642444077
-      Virtual Size: '0x5bb180'
-    .pdata:
-      Entropy: 4.302155417145168
-      Virtual Size: '0x420'
-    INIT:
-      Entropy: 5.824692693737898
-      Virtual Size: '0x79c'
-    .rsrc:
-      Entropy: 3.414004191020133
-      Virtual Size: '0x3f8'
-    .reloc:
-      Entropy: 1.2283624043981463
-      Virtual Size: '0x12c'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2009-05-12 14:12:21'
-  Imphash: 5c77661ac2951da388949d9a834eb694
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: iQVW64.SYS
-  MD5: 1c61eb82f1269d8d6be8de2411133811
-  SHA1: 0d6fb0cb9566b4e4ca4586f26fe0631ffa847f2c
-  SHA256: 7cb497abc44aad09a38160d6a071db499e05ff5871802ccc45d565d242026ee7
-  Authentihash:
-    MD5: 0b6c1cf6b4bad6edccd9c8457af495bc
-    SHA1: 69e6d06476e4c55989507cf47722f0c355f568ad
-    SHA256: c857c2db1fe1b9c979079add29d5b970147d6a264b4095e6579b5d0669c2b572
-  Description: Intel(R) Network Adapter Diagnostic Driver
-  Company: 'Intel Corporation '
-  InternalName: iQVW64.SYS
-  OriginalFilename: iQVW64.SYS
-  FileVersion: '1.3.2.18 built by: WinDDK'
-  Product: Intel(R) iQVW64.SYS
-  ProductVersion: 1.3.2.18
-  Copyright: Copyright (C) 2002-2019 Intel Corporation All Rights Reserved.
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoCreateSymbolicLink
-  - IofCompleteRequest
-  - MmIsAddressValid
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - MmGetPhysicalAddress
-  - DbgPrint
-  - strncpy
-  - vsprintf
-  - IoFreeMdl
-  - MmMapLockedPagesSpecifyCache
-  - MmBuildMdlForNonPagedPool
-  - IoAllocateMdl
-  - MmUnmapIoSpace
-  - MmUnmapLockedPages
-  - MmAllocateContiguousMemory
-  - MmFreeContiguousMemory
-  - MmMapIoSpace
-  - RtlInitUnicodeString
-  - KeWaitForSingleObject
-  - IofCallDriver
-  - IoBuildSynchronousFsdRequest
-  - KeInitializeEvent
-  - ZwClose
-  - RtlFreeAnsiString
-  - strstr
-  - RtlUnicodeStringToAnsiString
-  - ZwEnumerateValueKey
-  - ZwOpenKey
-  - wcsncpy
-  - IoGetDeviceObjectPointer
-  - IoGetDeviceInterfaces
-  - ObReferenceObjectByPointer
-  - MmAllocateNonCachedMemory
-  - MmFreeNonCachedMemory
-  - KeBugCheckEx
-  - IoDeleteSymbolicLink
-  - ObfDereferenceObject
-  - IoDeleteDevice
-  - MmGetSystemRoutineAddress
-  - ZwSetSecurityObject
-  - ObOpenObjectByPointer
-  - IoDeviceObjectType
-  - IoCreateDevice
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetSaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - _snwprintf
-  - RtlLengthSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - SeExports
-  - IoIsWdmVersionAvailable
-  - _wcsnicmp
-  - RtlAddAccessAllowedAce
-  - RtlLengthSid
-  - wcschr
-  - RtlAbsoluteToSelfRelativeSD
-  - RtlSetDaclSecurityDescriptor
-  - RtlCreateSecurityDescriptor
-  - ZwCreateKey
-  - ZwQueryValueKey
-  - ZwSetValueKey
-  - RtlFreeUnicodeString
-  - KeStallExecutionProcessor
-  - KeQueryPerformanceCounter
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust
-        External CA Root
-      ValidFrom: '2013-08-15 20:26:30'
-      ValidTo: '2023-08-15 20:36:30'
-      Signature: 362ba2f2e1331fe493f7f26985c6640ec99b632fe4703798fd94ec7bcff8a14246f9ed6a4e8d34693605557a1ebbad8c99429606e925a82684bec1bf16a97caa5b04b7fdd1c0f402be28edf577c79bfe3af6e8c17bd382abfa144ecf2bcfe5d5b54840b1a38f838bad2b2553aba634cef243f74f2ce9dd1e4e5ab6bae83b10992400bc50fd78f6e523a8899493f7b74130374a57b7e644d9c9df9905aa44fc74af8264cc07cb01b609c32ee3e832a7b49f4178c7a184365462f2ec150ac8ead084f8f1e06bf456125f95e0fcddb77693fe294a25e90400f1b4110ec9849edb177df51ea58e3629193a6d6c464bd7ab7024288d05a3d9d524f2f8a0d13c8239d4a8820e693a8109fc06f0c75933843693064191232c22a5a7012b50b428aedb46b0591b86b39b87e8494e390b6d14df4c03301e1f5f74aef55b590353ec9816e0d06235751b48b87d13e57a48b87752a40798253b069b7a4e6a6f44864f144f2779273d5073414c9c413edd290c73b1c7fb1f760c176504ebd25010924149ece4067d3615446f89bf697df94d40c13a98b6a07e31d2b5aecafb53d53f5086cd5e933b6d5d7c9a3f3ff7a9255884dd114900a2c7c89e37dd778e6d718be05b81345d54baccf59347886de7ef5be228e4801b40e40f2ad17f2315655aac9994433f465526d6c4fa8895e2919aa32d0b85deac8ce0f967709f71790231f761a229c4
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 3300000035d8d5595b0671412b000000000035
-      Version: 3
-      TBS:
-        MD5: 3d488d41aaeb5661974952080abef2fd
-        SHA1: df01e35e6befc7d65625319f17397b861e618d56
-        SHA256: 3d6ef38b5d26773dc77392e415e88b3a744b30ea9f2081e2a992b5818db2f0c4
-        SHA384: ac7c06916fe4a00307834b2499f12799d3fe463c2e63d1881df669a2786745beeee2b3a7d87cd6bc9e4fe293c22e5a59
-    - Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO
-        RSA Certification Authority
-      ValidFrom: '2000-05-30 10:48:38'
-      ValidTo: '2020-05-30 10:48:38'
-      Signature: 64bf83f15f9a85d0cdb8a129570de85af7d1e93ef276046ef15270bb1e3cff4d0d746acc818225d3c3a02a5d4cf5ba8ba16dc4540975c7e3270e5d847937401377f5b4ac1cd03bab1712d6ef34187e2be979d3ab57450caf28fad0dbe5509588bbdf8557697d92d852ca7381bf1cf3e6b86e661105b31e942d7f91959259f14ccea391714c7c470c3b0b19f6a1b16c863e5caac42e82cbf90796ba484d90f294c8a973a2eb067b239ddea2f34d559f7a6145981868c75e406b23f5797aef8cb56b8bb76f46f47bf13d4b04d89380595ae041241db28f15605847dbef6e46fd15f5d95f9ab3dbd8b8e440b3cd9739ae85bb1d8ebcdc879bd1a6eff13b6f10386f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.12
-      IsCertificateAuthority: true
-      SerialNumber: 2766ee56eb49f38eabd770a2fc84de22
-      Version: 3
-      TBS:
-        MD5: be5bfbe77379139ac5cdcbcc8d4d3b34
-        SHA1: 606b701bc9f448ddbfe6fa63ccb8061b838ee254
-        SHA256: 0d73a614eef7596cf5a34733f74daf2ccfe4df7b4a40069bf43c43e428264177
-        SHA384: 7ce102d63c57cb48f80a65d1a5e9b350a7a618482aa5a36775323ca933ddfcb00def83796a6340dec5ebf7596cfd8e5d
-    - Subject: C=US, ST=CA, L=Santa Clara, O=Intel Corporation, CN=ND_QV
-      ValidFrom: '2019-03-27 21:49:54'
-      ValidTo: '2021-03-26 21:49:54'
-      Signature: 2b03535c8db5fa8488a8241590410378f7362874f1b40f0f3750eae22224e9f559d4f703760a9a0530b2869436b78ef40ec4fd88bc1ebe2783b74b2339d011cde8788c4ed967fd4de5f4ccc2af794eed1d8efc0bf6737ccd5db59f64394a68f0a3a152de60b5c5091c6a9913192cccb7168ab4465ac7da62ad6cba49688c4b2340c7e97386ca3a06fd9ffeb114f21cadf7e0c4f0dcd1457b7c1f7d0b0b286f90cffef6d1802d818c73fdf3588c46dc99855f2e80aa329c3fa62f9f941589e016b6cbb775b311a49cbfc1ae5cb906eee8cf9f93e7ae994e7f6069bd6d9b4b071ba7042653eaf235bae020582b9c6ab78a237c05bbbe8f9182631c0f836ad3da9a71ba48e2c3260d002c88c98f1ad0c6d67d259c393129e17fa2913545c1a9bc7a48e18452d2048bcf2d931d996472155dd91338551feb086e3f8ac979745b1652f6cc8efae1c3c1df6983db6a45549a5de477567bc22ed2529adb7db1002b15bd8ab4e91739a3d4d018aa6bc2ac744abcc68690c938ef2a3a3e2b6552944806f6ba7260c3d8d949d29e056e922a581edd28ff12ee03279882a5e389070fa06a1b1a900b9a32e1208c8f00bfc9a2f2dbb96c10071fb05231ed2ba6170b007717ad33c0934c45d6b9690194dcd0212f5cb68c203400a196a218bb20ca645ed6b72cfba8f31cdae8b56b91415973dd46b6dac1e4b268ebbd17de7da59f253b380c41
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 5600000a6c1826788c3ae621c1000000000a6c
-      Version: 3
-      TBS:
-        MD5: cd868880a6dccf68ec7c1c66ce39d77a
-        SHA1: c876af6fba8aa3b9aa12a5cff67a85f1f5a9c580
-        SHA256: 1982800d0d658202d22e557c8aa3f88a4cc583c35802433aa82eeed007638a7a
-        SHA384: cf43cda2e58eb3c0962b122eaa8d459855164cff4282b3d1f054de0139411e53511e50ebfd1dd4ebf29190272472faed
-    - Subject: C=US, ST=CA, L=Santa Clara, O=Intel Corporation, CN=Intel External
-        Issuing CA 7B
-      ValidFrom: '2015-10-28 00:00:00'
-      ValidTo: '2021-06-17 23:59:59'
-      Signature: 35bb03eacc9b601a13d075528e8095454e9ebf6ec0bb64aac36eb1021d465e2fe82f48cc8410f7ad993bfffa856829b0d37c31e21ab47bc166e2a53bc729189835ae6301a845209561db104db90d6bd39964ce5f8bb86c1346a06e5a0d3ee790ebb731a121f58dde3b7b6936f10800b9aabf1c566156d7cc923f29d4d96bd8222f0e56f56ad146e8808f397a923c6748b7e2fa190f3767e2df292d02aa43282eae2c464224be6dbb6a8849a64c20dfe5654ffae1c1be71d5f85ef59d6692b23b64e1e8aeac995517bddb1bdfa0934f3f56f23b83d5d2b7c1085a524042e33e9120f735b491f04de134694879c0ed30c9931a84d572198f6d8039f459ab2016d8f9ff7026237becc50033227c3d203aedb428bc7a810ce70bc13f7c300c4e50b8670fd76417b7c3c52085ca8fced5262a1254b9ff22f8a8273cca0e853714ee02e52f66156263876a5ecf29d3b89178b76172177bc119a6180822dad09125f606090926b02dac808874335fc7e044c1309976d877b14701ef69922bedae582963a0358ee41db704f1da3ab23280b1c8bcf0e70f71007a333a06e8a4d879d9d953cd9bfeb2685b8884856b0771d04f930a0760033408d273bf141adfe3c7041b2d999e931c95b38798425a1c916352398a8f4a2ac24c7b70693a3cf1fb2fff0e0a8794e4016acf9bb41fa30ea9ea2adcaf2b8c4401fd3a587d3278a219d5c974c5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.12
-      IsCertificateAuthority: true
-      SerialNumber: 069b5e99277284c8767f1368a7deb0f3
-      Version: 3
-      TBS:
-        MD5: 5578c7331db18bb448db403ad32c94ee
-        SHA1: dfcfe5d6087cf830513d705aa701ff957d960298
-        SHA256: 5b619f82064ace7ecf48d26ce8ae6fa3b52671915fa81ee81cddbe740dd8698b
-        SHA384: 5fa042c979faba67de861093b4aca808ae4be0fcedf123cb8afe126856c0b6ac3451393048211db8993914c5ff410bd8
-    Signer:
-    - SerialNumber: 5600000a6c1826788c3ae621c1000000000a6c
-      Issuer: C=US, ST=CA, L=Santa Clara, O=Intel Corporation, CN=Intel External Issuing
-        CA 7B
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 84dfb7245aa6b7f3efec05cfa6559636
-    SHA1: 695bd45c0e89dcb58253e90c9a43400b03ae2202
-    SHA256: 3ff178ffbb2c17ce7c3a02ef5943ddf3b580e3e28f6cc59775c5369062a0b9ab
-  Sections:
-    .text:
-      Entropy: 6.260751486147612
-      Virtual Size: '0x4945'
-    .rdata:
-      Entropy: 4.780476060384341
-      Virtual Size: '0xed0'
-    .data:
-      Entropy: 1.1262035268835313
-      Virtual Size: '0x5ca0a0'
-    .pdata:
-      Entropy: 4.658699009524359
-      Virtual Size: '0x678'
-    PAGE:
-      Entropy: 6.1261566082145595
-      Virtual Size: '0x1b71'
-    INIT:
-      Entropy: 5.77082076544506
-      Virtual Size: '0xb4c'
-    .rsrc:
-      Entropy: 3.441712631209701
-      Virtual Size: '0x3f8'
-    .reloc:
-      Entropy: 1.2072398645622464
-      Virtual Size: '0x60'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2019-04-24 05:50:56'
-  Imphash: 2cf48a541dc193e91bb2a831adcf278e
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: iQVW64.SYS
-  MD5: 31a4631d77b2357ac9618e2a60021f11
-  SHA1: 637d0de7fa2a06e462dad40a575cb0fa4a38d377
-  SHA256: a566af57d88f37fa033e64b1d8abbd3ffdacaba260475fbbc8dab846a824eff5
-  Authentihash:
-    MD5: 67bc13f641db5e7b40ffd8fd33b7d9c6
-    SHA1: 627e4a44e5a5da00cdb8ae2a538175ded6a9a113
-    SHA256: 9f94d9180104c820c3d27f03e20f5bbc9d2a5bc2ae6e74baf2a848f2f1790ec8
-  Description: Intel(R) Network Adapter Diagnostic Driver
-  Company: 'Intel Corporation '
-  InternalName: iQVW64.SYS
-  OriginalFilename: iQVW64.SYS
-  FileVersion: '1.03.0.4 built by: WinDDK'
-  Product: Intel(R) iQVW64.SYS
-  ProductVersion: 1.03.0.4
-  Copyright: Copyright (C) 2002-2006 Intel Corporation All Rights Reserved.
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - IofCompleteRequest
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - MmGetPhysicalAddress
-  - DbgPrint
-  - sprintf
-  - vsprintf
-  - IoFreeMdl
-  - MmMapLockedPages
-  - MmBuildMdlForNonPagedPool
-  - IoAllocateMdl
-  - MmUnmapIoSpace
-  - MmUnmapLockedPages
-  - MmAllocateContiguousMemory
-  - MmFreeContiguousMemory
-  - RtlInitUnicodeString
-  - ObfDereferenceObject
-  - KeWaitForSingleObject
-  - IofCallDriver
-  - IoBuildSynchronousFsdRequest
-  - KeInitializeEvent
-  - ZwClose
-  - RtlFreeAnsiString
-  - strstr
-  - RtlUnicodeStringToAnsiString
-  - ZwEnumerateValueKey
-  - ZwOpenKey
-  - wcsncpy
-  - IoGetDeviceObjectPointer
-  - IoGetDeviceInterfaces
-  - ObReferenceObjectByPointer
-  - KeBugCheckEx
-  - IoDeleteSymbolicLink
-  - MmMapIoSpace
-  - IoDeleteDevice
-  - KeStallExecutionProcessor
-  - KeQueryPerformanceCounter
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=US, ST=Oregon, L=Hillsboro, O=Intel Corporation, OU=Digital ID Class
-        3 , Microsoft Software Validation v2, OU=LAN Access Division, CN=Intel Corporation
-      ValidFrom: '2009-05-26 00:00:00'
-      ValidTo: '2012-05-30 23:59:59'
-      Signature: 3d01e2c5a5f6209e2b1cbf422f38c19677d0c3d164d29bcf4fda7ad174d1bbd575795110e13d1af2fad8fcf7a683374a113b00b3b79677f04594c035194e9ab3d016259124793bae1750082011447c5f3e5e46d4c8423affadd01a84b40bbb6143b2030b6741f17d9d9b31124857587c24f1b9877f901b861a7e487bb0ba249553fc7decd252dd7c15a2ebdddec25e84d4dc9e5d6bdf06cb35c97b9a14c04945765431fb8be90e0b007daa667972409973db8f484b2283492c62a7923202797428054a8077cbabc1b1ad48334a759a32c6c2651b9ed192f67dd6d1479da1ea6f0a3b24a02c01b4ac85d293dc40150f831870b8aaa56d727eec6f55a0ff68402a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 058258571670ab2b1bac50679cec49a1
-      Version: 3
-      TBS:
-        MD5: 2db2db8ad770f96c4ba2de12f5336353
-        SHA1: d70fb0f12785771b5eff8029e0801fbe0caca8b3
-        SHA256: ebce0797330e680af51b1a399d34575a8bcac049d55b1323097e17147b430538
-        SHA384: b1480302c0412127620d79bc13eba100191c2458e63df9ae6987481db2ca14de7530211e195540d9b30bc7390a44fec0
-    Signer:
-    - SerialNumber: 058258571670ab2b1bac50679cec49a1
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 4521e9ed78c16f8d1e49a1981dfb32eb
-    SHA1: 557230bdf881a5a09523f4b063c81e10594ee183
-    SHA256: 4d270337cbd39f54b308a8b11869c2d85075acb846ce369f90aeceb8dd87782f
-  Sections:
-    .text:
-      Entropy: 6.3188990871158195
-      Virtual Size: '0x4545'
-    .rdata:
-      Entropy: 4.716285554861738
-      Virtual Size: '0x7fc'
-    .data:
-      Entropy: 0.30140680731160896
-      Virtual Size: '0x5c9ec0'
-    .pdata:
-      Entropy: 4.308481594389347
-      Virtual Size: '0x438'
-    INIT:
-      Entropy: 5.829703465693649
-      Virtual Size: '0x79c'
-    .rsrc:
-      Entropy: 3.411600288391384
-      Virtual Size: '0x3f8'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2010-09-01 23:02:32'
-  Imphash: 5c77661ac2951da388949d9a834eb694
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: iQVW64.SYS
-  MD5: 7c22b7686c75a2bb7409b3c392cc791a
-  SHA1: bed5bad7f405aa828a146c7f71d09c31d0c32051
-  SHA256: a59c40e7470b7003e8adfee37c77606663e78d7e3f2ebb8d60910af19924d8df
-  Authentihash:
-    MD5: 1789a16d20ca2b55f491ad71848166a2
-    SHA1: 2cbfe4ad0e1231ff3e19c19ca9311d952ce170b7
-    SHA256: 785e87bc23a1353fe0726554fd009aca69c320a98445a604a64e23ab45108087
-  Description: Intel(R) Network Adapter Diagnostic Driver
-  Company: 'Intel Corporation '
-  InternalName: iQVW64.SYS
-  OriginalFilename: iQVW64.SYS
-  FileVersion: '1.03.0.7 built by: WinDDK'
-  Product: Intel(R) iQVW64.SYS
-  ProductVersion: 1.03.0.7
-  Copyright: Copyright (C) 2002-2013 Intel Corporation All Rights Reserved.
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - IofCompleteRequest
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - MmGetPhysicalAddress
-  - DbgPrint
-  - strncpy
-  - vsprintf
-  - IoFreeMdl
-  - MmMapLockedPagesSpecifyCache
-  - MmBuildMdlForNonPagedPool
-  - IoAllocateMdl
-  - MmUnmapIoSpace
-  - MmUnmapLockedPages
-  - MmAllocateContiguousMemory
-  - MmFreeContiguousMemory
-  - RtlInitUnicodeString
-  - ObfDereferenceObject
-  - KeWaitForSingleObject
-  - IofCallDriver
-  - IoBuildSynchronousFsdRequest
-  - KeInitializeEvent
-  - ZwClose
-  - RtlFreeAnsiString
-  - strstr
-  - RtlUnicodeStringToAnsiString
-  - ZwEnumerateValueKey
-  - ZwOpenKey
-  - wcsncpy
-  - IoGetDeviceObjectPointer
-  - IoGetDeviceInterfaces
-  - ObReferenceObjectByPointer
-  - KeBugCheckEx
-  - IoDeleteSymbolicLink
-  - MmMapIoSpace
-  - IoDeleteDevice
-  - KeStallExecutionProcessor
-  - KeQueryPerformanceCounter
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, ST=Oregon, L=Hillsboro, O=Intel Corporation, OU=Digital ID Class
-        3 , Microsoft Software Validation v2, OU=LAN Access Division, CN=Intel Corporation
-      ValidFrom: '2012-05-17 00:00:00'
-      ValidTo: '2015-05-30 23:59:59'
-      Signature: 285fe626bdcc91182509755ed38bee901a395d2f11b14eb7857cb9b3624afadee423a07cca07804cd51a299716b3bd127c84e6d827dd786b29964aee3b6dd0193d366813ff62ab31f61e2c37bda7a2cd4c19a877cd410dcd066acefa7013e47436b8b4270238dbf631a4907c380f2397eda3a013d8d3d006a15b581edf946d7cc16896d2af8e79981802555b12bb1b177f7e9a85c0c92b8af3d423ecbd858a1aa0d8face738f4f4934b2a0f9654db4cc1e388afad699371e83992bd317de8ae0dce9df2f6de60191af4462eca8a2ba30e8b203b68bff09f4753cfbedbf41a64f1e0cc999f90c83dc3062dd62dd46773f8e93d1051f19a29a97377c1d0bee7f39
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 2776ab5cf2d09872f1ad05fbc3f21a87
-      Version: 3
-      TBS:
-        MD5: fa13cce803fbe5b5256430f9bfee76de
-        SHA1: ce566e0c55909bbf2bb0d43280ee78b4ba3d582f
-        SHA256: 7959ee2235998f36a9cdbd9b5ef7759e5846e0eecd7e868c5f042360a25482aa
-        SHA384: 82fcff4effee6971cfc9d0d684d13479eac42b53f23590e0df172e2804ff94abc1fbf0e2b6af0cf05b099fc97cf26789
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 2776ab5cf2d09872f1ad05fbc3f21a87
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 4521e9ed78c16f8d1e49a1981dfb32eb
-    SHA1: 557230bdf881a5a09523f4b063c81e10594ee183
-    SHA256: 4d270337cbd39f54b308a8b11869c2d85075acb846ce369f90aeceb8dd87782f
-  Sections:
-    .text:
-      Entropy: 6.312074870341971
-      Virtual Size: '0x4615'
-    .rdata:
-      Entropy: 4.765757053328623
-      Virtual Size: '0x7c0'
-    .data:
-      Entropy: 0.30140680731160896
-      Virtual Size: '0x5c9ec0'
-    .pdata:
-      Entropy: 4.307215755522235
-      Virtual Size: '0x408'
-    INIT:
-      Entropy: 5.835829282045137
-      Virtual Size: '0x7a8'
-    .rsrc:
-      Entropy: 3.423830950438437
-      Virtual Size: '0x3f8'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2013-11-14 08:22:43'
-  Imphash: 55db306bc2be3ff71a6b91fd9db051b8
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: iQVW64.SYS
-  MD5: 477e02a8e31cde2e76a8fb020df095c2
-  SHA1: 9449f211c3c47821b638513d239e5f2c778dc523
-  SHA256: b51ddcf8309c80384986dda9b11bf7856b030e3e885b0856efdb9e84064917e5
-  Authentihash:
-    MD5: 99f8e77dfc84cbd445500575ec9ab78a
-    SHA1: 154c4d80f243b40dcebc2d5a2f3cee968d2f6f0c
-    SHA256: 7cc54914473d7c75a483c5672655bd9df2ce20b556a0d92c6e4cb8722ab1647b
-  Description: Intel(R) Network Adapter Diagnostic Driver
-  Company: 'Intel Corporation '
-  InternalName: iQVW64.SYS
-  OriginalFilename: iQVW64.SYS
-  FileVersion: '1.03.0.4 built by: WinDDK'
-  Product: Intel(R) iQVW64.SYS
-  ProductVersion: 1.03.0.4
-  Copyright: Copyright (C) 2002-2006 Intel Corporation All Rights Reserved.
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - IofCompleteRequest
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - MmGetPhysicalAddress
-  - DbgPrint
-  - sprintf
-  - vsprintf
-  - IoFreeMdl
-  - MmMapLockedPages
-  - MmBuildMdlForNonPagedPool
-  - IoAllocateMdl
-  - MmUnmapIoSpace
-  - MmUnmapLockedPages
-  - MmAllocateContiguousMemory
-  - MmFreeContiguousMemory
-  - RtlInitUnicodeString
-  - ObfDereferenceObject
-  - KeWaitForSingleObject
-  - IofCallDriver
-  - IoBuildSynchronousFsdRequest
-  - KeInitializeEvent
-  - ZwClose
-  - RtlFreeAnsiString
-  - strstr
-  - RtlUnicodeStringToAnsiString
-  - ZwEnumerateValueKey
-  - ZwOpenKey
-  - wcsncpy
-  - IoGetDeviceObjectPointer
-  - IoGetDeviceInterfaces
-  - ObReferenceObjectByPointer
-  - KeBugCheckEx
-  - IoDeleteSymbolicLink
-  - MmMapIoSpace
-  - IoDeleteDevice
-  - KeStallExecutionProcessor
-  - KeQueryPerformanceCounter
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=US, ST=Oregon, L=Hillsboro, O=Intel Corporation, OU=Digital ID Class
-        3 , Microsoft Software Validation v2, OU=LAN Access Division, CN=Intel Corporation
-      ValidFrom: '2009-05-26 00:00:00'
-      ValidTo: '2012-05-30 23:59:59'
-      Signature: 3d01e2c5a5f6209e2b1cbf422f38c19677d0c3d164d29bcf4fda7ad174d1bbd575795110e13d1af2fad8fcf7a683374a113b00b3b79677f04594c035194e9ab3d016259124793bae1750082011447c5f3e5e46d4c8423affadd01a84b40bbb6143b2030b6741f17d9d9b31124857587c24f1b9877f901b861a7e487bb0ba249553fc7decd252dd7c15a2ebdddec25e84d4dc9e5d6bdf06cb35c97b9a14c04945765431fb8be90e0b007daa667972409973db8f484b2283492c62a7923202797428054a8077cbabc1b1ad48334a759a32c6c2651b9ed192f67dd6d1479da1ea6f0a3b24a02c01b4ac85d293dc40150f831870b8aaa56d727eec6f55a0ff68402a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 058258571670ab2b1bac50679cec49a1
-      Version: 3
-      TBS:
-        MD5: 2db2db8ad770f96c4ba2de12f5336353
-        SHA1: d70fb0f12785771b5eff8029e0801fbe0caca8b3
-        SHA256: ebce0797330e680af51b1a399d34575a8bcac049d55b1323097e17147b430538
-        SHA384: b1480302c0412127620d79bc13eba100191c2458e63df9ae6987481db2ca14de7530211e195540d9b30bc7390a44fec0
-    Signer:
-    - SerialNumber: 058258571670ab2b1bac50679cec49a1
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 4521e9ed78c16f8d1e49a1981dfb32eb
-    SHA1: 557230bdf881a5a09523f4b063c81e10594ee183
-    SHA256: 4d270337cbd39f54b308a8b11869c2d85075acb846ce369f90aeceb8dd87782f
-  Sections:
-    .text:
-      Entropy: 6.319006489194584
-      Virtual Size: '0x4545'
-    .rdata:
-      Entropy: 4.717552023145485
-      Virtual Size: '0x7fc'
-    .data:
-      Entropy: 0.30140680731160896
-      Virtual Size: '0x5c9ec0'
-    .pdata:
-      Entropy: 4.308481594389347
-      Virtual Size: '0x438'
-    INIT:
-      Entropy: 5.832969298181631
-      Virtual Size: '0x79c'
-    .rsrc:
-      Entropy: 3.411600288391384
-      Virtual Size: '0x3f8'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2010-10-28 08:22:55'
-  Imphash: 5c77661ac2951da388949d9a834eb694
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: iQVW64.SYS
-  MD5: ce67e51b8c0370d1bfe421b79fa8b656
-  SHA1: 4885cd221fa1ea330b9e4c1702be955d68bd3f6a
-  SHA256: cff9aa9046bdfd781d34f607d901a431a51bb7e5f48f4f681cc743b2cdedc98c
-  Authentihash:
-    MD5: 02eedc6afdeb843f391a69611266a838
-    SHA1: 9dae306ebc30a8c2f160e3f6e726fcd3e4f92280
-    SHA256: 727666434d5ea292a7631d0944edd36097db12862730996ce8a3f052be04a2cd
-  Description: Intel(R) Network Adapter Diagnostic Driver
-  Company: 'Intel Corporation '
-  InternalName: iQVW64.SYS
-  OriginalFilename: iQVW64.SYS
-  FileVersion: '1.03.0.4 built by: WinDDK'
-  Product: Intel(R) iQVW64.SYS
-  ProductVersion: 1.03.0.4
-  Copyright: Copyright (C) 2002-2006 Intel Corporation All Rights Reserved.
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - IofCompleteRequest
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - MmGetPhysicalAddress
-  - DbgPrint
-  - sprintf
-  - vsprintf
-  - IoFreeMdl
-  - MmMapLockedPages
-  - MmBuildMdlForNonPagedPool
-  - IoAllocateMdl
-  - MmUnmapIoSpace
-  - MmUnmapLockedPages
-  - MmAllocateContiguousMemory
-  - MmFreeContiguousMemory
-  - RtlInitUnicodeString
-  - ObfDereferenceObject
-  - KeWaitForSingleObject
-  - IofCallDriver
-  - IoBuildSynchronousFsdRequest
-  - KeInitializeEvent
-  - ZwClose
-  - RtlFreeAnsiString
-  - strstr
-  - RtlUnicodeStringToAnsiString
-  - ZwEnumerateValueKey
-  - ZwOpenKey
-  - wcsncpy
-  - IoGetDeviceObjectPointer
-  - IoGetDeviceInterfaces
-  - ObReferenceObjectByPointer
-  - KeBugCheckEx
-  - IoDeleteSymbolicLink
-  - MmMapIoSpace
-  - IoDeleteDevice
-  - KeStallExecutionProcessor
-  - KeQueryPerformanceCounter
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=US, ST=Oregon, L=Hillsboro, O=Intel Corporation, OU=Digital ID Class
-        3 , Microsoft Software Validation v2, OU=LAN Access Division, CN=Intel Corporation
-      ValidFrom: '2009-05-26 00:00:00'
-      ValidTo: '2012-05-30 23:59:59'
-      Signature: 3d01e2c5a5f6209e2b1cbf422f38c19677d0c3d164d29bcf4fda7ad174d1bbd575795110e13d1af2fad8fcf7a683374a113b00b3b79677f04594c035194e9ab3d016259124793bae1750082011447c5f3e5e46d4c8423affadd01a84b40bbb6143b2030b6741f17d9d9b31124857587c24f1b9877f901b861a7e487bb0ba249553fc7decd252dd7c15a2ebdddec25e84d4dc9e5d6bdf06cb35c97b9a14c04945765431fb8be90e0b007daa667972409973db8f484b2283492c62a7923202797428054a8077cbabc1b1ad48334a759a32c6c2651b9ed192f67dd6d1479da1ea6f0a3b24a02c01b4ac85d293dc40150f831870b8aaa56d727eec6f55a0ff68402a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 058258571670ab2b1bac50679cec49a1
-      Version: 3
-      TBS:
-        MD5: 2db2db8ad770f96c4ba2de12f5336353
-        SHA1: d70fb0f12785771b5eff8029e0801fbe0caca8b3
-        SHA256: ebce0797330e680af51b1a399d34575a8bcac049d55b1323097e17147b430538
-        SHA384: b1480302c0412127620d79bc13eba100191c2458e63df9ae6987481db2ca14de7530211e195540d9b30bc7390a44fec0
-    Signer:
-    - SerialNumber: 058258571670ab2b1bac50679cec49a1
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 4521e9ed78c16f8d1e49a1981dfb32eb
-    SHA1: 557230bdf881a5a09523f4b063c81e10594ee183
-    SHA256: 4d270337cbd39f54b308a8b11869c2d85075acb846ce369f90aeceb8dd87782f
-  Sections:
-    .text:
-      Entropy: 6.319295269173402
-      Virtual Size: '0x4545'
-    .rdata:
-      Entropy: 4.712697675298715
-      Virtual Size: '0x7fc'
-    .data:
-      Entropy: 0.30140680731160896
-      Virtual Size: '0x5c9ec0'
-    .pdata:
-      Entropy: 4.308481594389347
-      Virtual Size: '0x438'
-    INIT:
-      Entropy: 5.834783593648872
-      Virtual Size: '0x79c'
-    .rsrc:
-      Entropy: 3.411600288391384
-      Virtual Size: '0x3f8'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2010-08-26 07:48:52'
-  Imphash: 5c77661ac2951da388949d9a834eb694
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: iQVW64.SYS
-  MD5: 2cc65e805757cfc4f87889cdceb546cd
-  SHA1: 7c625de858710d3673f6cb0cd8d0643d5422c688
-  SHA256: d1f4949f76d8ac9f2fa844d16b1b45fb1375d149d46e414e4a4c9424dc66c91f
-  Authentihash:
-    MD5: 3e2ca18cf98afa0faac4da0fb1eca408
-    SHA1: 15a85aa659248751080984a29dc848c37e900002
-    SHA256: ccc65f108ad084af41725e42efc3c3c539f89a474c1b1293b111a83e3eba216a
-  Description: Intel(R) Network Adapter Diagnostic Driver
-  Company: 'Intel Corporation '
-  InternalName: iQVW64.SYS
-  OriginalFilename: iQVW64.SYS
-  FileVersion: '1.03.1.2 built by: WinDDK'
-  Product: Intel(R) iQVW64.SYS
-  ProductVersion: 1.03.1.2
-  Copyright: Copyright (C) 2002-2015 Intel Corporation All Rights Reserved.
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - IofCompleteRequest
-  - MmIsAddressValid
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - MmGetPhysicalAddress
-  - DbgPrint
-  - strncpy
-  - vsprintf
-  - IoFreeMdl
-  - MmMapLockedPagesSpecifyCache
-  - MmBuildMdlForNonPagedPool
-  - IoAllocateMdl
-  - MmUnmapIoSpace
-  - MmUnmapLockedPages
-  - MmAllocateContiguousMemory
-  - RtlInitUnicodeString
-  - MmMapIoSpace
-  - ObfDereferenceObject
-  - KeWaitForSingleObject
-  - IofCallDriver
-  - IoBuildSynchronousFsdRequest
-  - KeInitializeEvent
-  - ZwClose
-  - RtlFreeAnsiString
-  - strstr
-  - RtlUnicodeStringToAnsiString
-  - ZwEnumerateValueKey
-  - ZwOpenKey
-  - wcsncpy
-  - IoGetDeviceObjectPointer
-  - IoGetDeviceInterfaces
-  - ObReferenceObjectByPointer
-  - KeBugCheckEx
-  - IoDeleteSymbolicLink
-  - MmFreeContiguousMemory
-  - IoDeleteDevice
-  - KeStallExecutionProcessor
-  - KeQueryPerformanceCounter
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=CA, L=Santa Clara, O=Intel Corporation, CN=Intel(R) INTELNPG1
-      ValidFrom: '2015-09-28 19:41:01'
-      ValidTo: '2016-09-27 19:41:01'
-      Signature: 2e848fb2550d87edeeacf69dca78bc7ee5e795fd42baa6a313ef275d8d2e759cc65a18cd2377377e94a0ebb35a0102145417defb44dcf18f4dd77ee101906f3246ae512d7bb1e1dc4e40381a2c6ee4b4109167360f93b6694abc8c91dfec6b9da549d30c874b96a7f1217f5a4ee8093a880eb8aafbc2d9b58de2a71e8cb2fcf51d7133cf971410e9de26ad9a1b3516055847e9979af0c1fe4950fcd301d3f4170bf37660e3eb7f30197aad793158fee9958f2772eca1836e57bfd50c2c3dbf6cb6916e56f9a7e262f79d57c75993056f677ff60638475f9980b51f0916fea9e87e96778bb86cbb56425752eed78660e6e026728f8388d1e05f2cf54fd664c17e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 330000b7c6cfa9df260db5243500020000b7c6
-      Version: 3
-      TBS:
-        MD5: d04e62ad536be27b5ae5f53dfe14060b
-        SHA1: 558dc33cda5a996d71afe98ea75f5d81c358f42b
-        SHA256: 832c1b2d5269714f6804e13ed6fe068d732b543de00975c9e04dd697bf7be6e1
-        SHA384: fde1b110f034d38c2923861b58e91798da1b17afbf0ed367c3fd6ecc708d2795a4d7434367625db81d686337cce199d0
-    - Subject: C=US, ST=CA, L=Santa Clara, O=Intel Corporation, CN=Intel External
-        Basic Issuing CA 3B
-      ValidFrom: '2013-02-08 22:21:23'
-      ValidTo: '2018-02-08 22:31:23'
-      Signature: 47bb93e603b1d9570eff60e90fc75e86e623f7defa6dc27732ef23f68fcc6f2572d4a94bad11a273bb8bd2b7b8879474890ccc5cea3a9ac0753a97597c22003d7ac7c55be8d49313ec8f94cda833dfa4d79aa1c8d8a3b4497e173a02e96656978d16b470abbc6b1048e7457b13c74d05bca02c0516be067ef679678f9c3454e67eea197714f19d3b55e4339f69bba7a72254512c677d0452aa7b66dea96aad8ca15c7939cd1c85ec890699854627a001576e93365145e15a3a59af5b41f9709dc4160e05e795b401b4931a590b8a31f7b648c86af6228c9e92286fa893b4a772533ada2cfad43dbf09237fdfcc652ad091aa5031c865f53858d4b39be6311008
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 612cff88000100000010
-      Version: 3
-      TBS:
-        MD5: da9a02953cdcc039174d11b07dd2967d
-        SHA1: 568cfca269ff49615d305e680988337f0a90bc32
-        SHA256: fad628f5236458a9116a99f2d64fb9131a28f9942fca6239a5e7be0dddf4ce9f
-        SHA384: 5edeab0248f63cdc4c10b748618cd6fa4aa53ffb0ddfd51a2e35de2ea55a56822aa53fa734a46705655e8f5878b24ffd
-    - Subject: C=US, O=Intel Corporation, CN=Intel External Basic Policy CA
-      ValidFrom: '2013-02-01 00:00:00'
-      ValidTo: '2020-05-30 10:48:38'
-      Signature: 586fbfcd43074213fcb8d0ad8121f28a6fef87bc268a7c00bd680c2b19642c1167b3a9d9790aac395d6500163b53466ea2a6b56799dbe8bfa225ae049511093a2fdeacb73db8bc017430804748544ca0fb6ba8b8a284b7f434e57bcedc5278f4316d4251ae87bf94acbe9616fb55e5798264fdac5038e4dccb812ce7776f9d9b235c7d0403f4079e7ed457e266944debb55c5c629e8c2d83e64614e2a11380fddae0862711922bbd87174fcb19184b5e8ce60dd98f7d23766fa4ffa0ba3de36d37d62638e81a9c2392c8561f1a1a8e00d633a66b95fa821e740b0fa486df23337c9e3614b35ce2a3ed48a08e28f1d74cf6c09bb4f53ca3e5a863a22c08a5d5fe
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 79174aa9141736fe15a7ca9f2cff4588
-      Version: 3
-      TBS:
-        MD5: 6ce466d55ab160317ee9b13522c2a82a
-        SHA1: 53b052ba209c525233293274854b264bc0f68b73
-        SHA256: f71790e057380a0cbafdfc25bc8b3dafd6cfbeb01077bb3d8194e91254a2fc9b
-        SHA384: c0cc37f9505ff2bab958c8ef1ea94736efae52bcf5948c866446c46b64fb9f5e603fbad4bc70270ae74e58ac8ab055f9
-    - Subject: C=BM, O=QuoVadis Limited, CN=QuoVadis Issuing CA G4
-      ValidFrom: '2014-05-30 16:35:55'
-      ValidTo: '2021-03-17 18:33:33'
-      Signature: b9f61352b517a72a4d84774309a4dba067b4600e42f403bdc4ff2c5a0f902e78c563c84aec27f67ce429d0cf6018fa6822da0252760df21754c6f6081ea1cc82e4c33a6d99227cc4c077b4e6052047934039cfdc55adc346af294d799c644c205f8a1c56fc46a05fcb98dd917a39b4afc477996b9eacde6f2d79ea7fd7132498521cfd693eed72ac3fd0b4011914edb0f0cbf39c5114238cc7dc697d328196e41d478f017694833e888d925b1858986903c7f5d3f2615250eb34a0fd2630300fb5fd70e7272c370b1cf3e71ea62c0743b64b885e971fc1307d60642af30c7068445163599fdb57c21fff80e5c21192d82fefd51743ff642d64845c521a63c267
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 69b2d1ccf02e20dcc95c62894f7f9e5f5fc057bf
-      Version: 3
-      TBS:
-        MD5: 4e0fbd79a99e4a55f97ef41efee38a9f
-        SHA1: 114f36d5f22b84de97893469fc00b7035b3ef734
-        SHA256: f6dd9683708786a413d4d6a3661fa4e4aeb328adbd181b398b5b6aa02bb0bc16
-        SHA384: a26fe570a01b0e15cf94b41ce48ebd39ed9e9d18493d4c117f0fbb5a5b33ed8ef06c069b9638dda957547f0b0645e447
-    - Subject: C=US, ST=CA, L=Santa Clara, O=Intel Corporation, OU=Thales TSS ESN:E892,D055,162F,
-        OU=Thales TSS ESN:E892,D055,162F, CN=timestamp.intel.com
-      ValidFrom: '2015-04-24 21:46:24'
-      ValidTo: '2018-04-24 21:46:23'
-      Signature: 8047f4f1adda6f2972314a83957d8317eaac6de7c512ffd6069d24346b58a697a0722a7e8f6fb1a3825f077b4115dcb2003b12b1e9cd47c2bce88061e702768706f101c55154b860d71ae231242724ec4e09a87e776f3b4ec14a432dd51da06908b867d874759885bdba067703d65975f064df053453abeaff8f46cc7f0dbf7a7f7771155314da26284645114a4b457556b9b86a7e6d656f6d5d07ad51c212a336d392a18508484a89594bf9433cc56f4a28f13cbb8c07911bbe7688519f20e4ee85acd6bcb40655e0e2d120af74a61f059d57fc51e7897c4b4c495d7e58b7a53f9f6e60ec746ffc1c83e50bb90b31f78c4623d0d3c6cabd94b092173f6d92493ea4109bef62b451cdd34855970eb7d46eff53faa9a5dfa86ce6827b4c6239ad91a6043965b86ded234fb7df1c1dd1999fb3f40cba71be3b0fdaf27b52094b4327aa4b0465dff988dfbaed910b737a4ef098c661896f0db44a438acd6ae50f2d8d52ab07b20bd11f7577a253a41d891bf853ba5d3900a496cdc1913eb3279ad47c07e02e0477afd8f1afbaa91ea4397e65a660baece3779e44a9db7638b84b76afdd6f42dcc7f5df4ede64b4dad08039849784a2faefe3537f587499af729480c29214c9cb5c7c58afd5a474ee319a892dc603d522fd5e588369f322c15c8dcd8848ecf1d203c48434736573ed50266127bd3b2a97189c05bb1bb70ff394ce11
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 28a11e74fc0b8754580f50954c47c94e67754f28
-      Version: 3
-      TBS:
-        MD5: 990afc9a12be270c0fa6921df0223974
-        SHA1: a7025b6889dbdeb4c6770d524d4c80a0a75da5df
-        SHA256: 6eb4cfbd4f50e31ece8b34937025ca350330cb25367a401a5665e68159b47f13
-        SHA384: 287f1afb51c586f323b8f42bd6e269051c3aabfd1aaa084650d4d35a42a122489b2cb634c6842981273da17c3d6c8c1d
-    - Subject: C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust
-        External CA Root
-      ValidFrom: '2013-08-15 20:26:30'
-      ValidTo: '2023-08-15 20:36:30'
-      Signature: 362ba2f2e1331fe493f7f26985c6640ec99b632fe4703798fd94ec7bcff8a14246f9ed6a4e8d34693605557a1ebbad8c99429606e925a82684bec1bf16a97caa5b04b7fdd1c0f402be28edf577c79bfe3af6e8c17bd382abfa144ecf2bcfe5d5b54840b1a38f838bad2b2553aba634cef243f74f2ce9dd1e4e5ab6bae83b10992400bc50fd78f6e523a8899493f7b74130374a57b7e644d9c9df9905aa44fc74af8264cc07cb01b609c32ee3e832a7b49f4178c7a184365462f2ec150ac8ead084f8f1e06bf456125f95e0fcddb77693fe294a25e90400f1b4110ec9849edb177df51ea58e3629193a6d6c464bd7ab7024288d05a3d9d524f2f8a0d13c8239d4a8820e693a8109fc06f0c75933843693064191232c22a5a7012b50b428aedb46b0591b86b39b87e8494e390b6d14df4c03301e1f5f74aef55b590353ec9816e0d06235751b48b87d13e57a48b87752a40798253b069b7a4e6a6f44864f144f2779273d5073414c9c413edd290c73b1c7fb1f760c176504ebd25010924149ece4067d3615446f89bf697df94d40c13a98b6a07e31d2b5aecafb53d53f5086cd5e933b6d5d7c9a3f3ff7a9255884dd114900a2c7c89e37dd778e6d718be05b81345d54baccf59347886de7ef5be228e4801b40e40f2ad17f2315655aac9994433f465526d6c4fa8895e2919aa32d0b85deac8ce0f967709f71790231f761a229c4
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 3300000035d8d5595b0671412b000000000035
-      Version: 3
-      TBS:
-        MD5: 3d488d41aaeb5661974952080abef2fd
-        SHA1: df01e35e6befc7d65625319f17397b861e618d56
-        SHA256: 3d6ef38b5d26773dc77392e415e88b3a744b30ea9f2081e2a992b5818db2f0c4
-        SHA384: ac7c06916fe4a00307834b2499f12799d3fe463c2e63d1881df669a2786745beeee2b3a7d87cd6bc9e4fe293c22e5a59
-    Signer:
-    - SerialNumber: 330000b7c6cfa9df260db5243500020000b7c6
-      Issuer: C=US, ST=CA, L=Santa Clara, O=Intel Corporation, CN=Intel External Basic
-        Issuing CA 3B
-      Version: 1
-  RichPEHeaderHash:
-    MD5: b93991aca170b2e53fc8da875f35fb17
-    SHA1: a18b9d606191ba9cf8eeb0a6354b3cdb71e92d9e
-    SHA256: af46cc3638ff53bbc265d41801940298f3825b98920feb29959c1b3e64750a96
-  Sections:
-    .text:
-      Entropy: 6.312822181118576
-      Virtual Size: '0x47c5'
-    .rdata:
-      Entropy: 4.768779651626512
-      Virtual Size: '0x804'
-    .data:
-      Entropy: 0.30140680731160896
-      Virtual Size: '0x5c9ec0'
-    .pdata:
-      Entropy: 4.321873847434394
-      Virtual Size: '0x42c'
-    INIT:
-      Entropy: 5.8498641513136365
-      Virtual Size: '0x7c4'
-    .rsrc:
-      Entropy: 3.4283016769481693
-      Virtual Size: '0x3f8'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2015-10-29 15:44:49'
-  Imphash: a86fb9a41955bda815ab902fb58baa27
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: iQVW64.SYS
-  MD5: e1ebc6c5257a277115a7e61ee3e5e42f
-  SHA1: b67945815e40b1cd90708c57c57dab12ed29da83
-  SHA256: d74755311d127d0eb7454e56babc2db8dbaa814bc4ba8e2a7754d3e0224778e1
-  Authentihash:
-    MD5: d6a18c98a17d12e0c8678cd0c1cc5fc6
-    SHA1: d3f4a292c29d6c87b4744370a430889cba6ab093
-    SHA256: 83aad7f91c4ebec89fb63e60ccc05628281aa0439362097bd91c69f4b74470bb
-  Description: Intel(R) Network Adapter Diagnostic Driver
-  Company: 'Intel Corporation '
-  InternalName: iQVW64.SYS
-  OriginalFilename: iQVW64.SYS
-  FileVersion: '1.03.0.4 built by: WinDDK'
-  Product: Intel(R) iQVW64.SYS
-  ProductVersion: 1.03.0.4
-  Copyright: Copyright (C) 2002-2006 Intel Corporation All Rights Reserved.
-  MachineType: IA64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - KeGetCurrentIrql
-  - DbgPrint
-  - sprintf
-  - vsprintf
-  - IoFreeMdl
-  - MmMapLockedPages
-  - MmBuildMdlForNonPagedPool
-  - IoAllocateMdl
-  - MmUnmapIoSpace
-  - MmUnmapLockedPages
-  - MmAllocateContiguousMemory
-  - MmFreeContiguousMemory
-  - MmMapIoSpace
-  - ObfDereferenceObject
-  - KeWaitForSingleObject
-  - MmGetPhysicalAddress
-  - IoBuildSynchronousFsdRequest
-  - KeInitializeEvent
-  - ZwClose
-  - RtlFreeAnsiString
-  - strstr
-  - RtlUnicodeStringToAnsiString
-  - ZwEnumerateValueKey
-  - ZwOpenKey
-  - wcsncpy
-  - IoGetDeviceObjectPointer
-  - IoGetDeviceInterfaces
-  - ObReferenceObjectByPointer
-  - KeTickCount
-  - KeBugCheckEx
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - RtlInitUnicodeString
-  - IoDeleteSymbolicLink
-  - IofCallDriver
-  - IoDeleteDevice
-  - KeStallExecutionProcessor
-  - WRITE_PORT_ULONG
-  - WRITE_PORT_USHORT
-  - WRITE_PORT_UCHAR
-  - READ_PORT_ULONG
-  - READ_PORT_USHORT
-  - READ_PORT_UCHAR
-  - KeQueryPerformanceCounter
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2008-12-03 23:59:59'
-      Signature: 877870da4e5201205be079c98230c4fdb91996bd9100c3bdcdcdc6f40ed8fff94dc033623011c5f5741bd492de5f9c2013b17c45be50cd83e7801783a72793671346fbcab8984103cc9b515b058b7fa86ff31b501b242ef2698d6c22f7bbca1695ed0c74c06877d9eb996287c17390f889747a23aba3987b97b1f78f29714d2e751b4841daf0b50d2054d677a097826369fd09cf8af075bb099bd9f91155269a6132be7a02b07b86bea2c38b222c78d13576bc92735cf9b9e64c150a23cce4d2d4342e4940153c0f607a24c6a566ef96cf70eb3ee7f40d7edcd17ca3767169c19c4f47303521b1a2af1a623c2bd98eaa2a077bd818b35c7be29da56ffe3c89ad
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0de92bf0d4d82988183205095e9a7688
-      Version: 3
-      TBS:
-        MD5: 45c204b8a20f6abb0188d2d38a3fb0c9
-        SHA1: cdf3a3c5c2eda4c29621f30fd3154f9f8c765739
-        SHA256: e32839dddc0f4ed2474efaf37f59d46db400c700fd19533cb0895a111124bc77
-        SHA384: ee9c75832cb252218b3201619852209df490d2ef7a5f7a28afdb37f1c1dd56f4604898838e558f615b1c798d4a488223
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=US, ST=Oregon, L=Hillsboro, O=Intel Corporation, OU=Digital ID Class
-        3 , Microsoft Software Validation v2, OU=LAN Access Division, CN=Intel Corporation
-      ValidFrom: '2006-04-17 00:00:00'
-      ValidTo: '2009-05-31 23:59:59'
-      Signature: 1c9c5e1020ecb0b42a91db52dd24e367787824834a64266a853e2e606da460488ac331c35600c43713d44df9a63e354c802f6fd18393206067cb6386f02d31c9b1ec0cf22d2067dc3add71bcb23063436822b69c31e1aa9c236e1111651ba67adf5fa784b98a264a33e03e61bb7e5b3e47152ce5d4d4918ca92bfc581063b1c83777480f29f7c02f08f47078e95e0eca268714fd9e5cce7a381bcfcd55918af45d3e3b1f2a82846df292a4a2ac99e94fb5df00b73cf90968b2d47789bf10f6673b4e5c3b6631eedc336a2aa1b6de1fc3dda1d26b10c9d9c4bb92ceff38b0e49c0939a9d5b179f0d1cf7251406b473381c79bf4fa9670d6c6325a7f9909ae0b63
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 65680c783b728ab2a1880df4232ded32
-      Version: 3
-      TBS:
-        MD5: 9d44550dc9e1d18ef155513f85ab1f12
-        SHA1: 5f3d3da7374d8edbe4b2a2534c07682861458b3c
-        SHA256: 12d4c385c0c5e927fc876523b6874918232c08fdaff8e96e230e622b0841df00
-        SHA384: 165909cf2d34f32ea49a96d98d2c59d6eaad7a8bfe85f6e34d9da3fa79f40b31e4a88d3040558b876f2154c8970b41c4
-    Signer:
-    - SerialNumber: 65680c783b728ab2a1880df4232ded32
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 8007fd3858325a29ea818653b1ceb33c
-    SHA1: acaff2a453f47e14cf2a396ee2e6ca8cbc5801b7
-    SHA256: d95fe490f0c27ddb18fe210abef87a55a90d70c1c3fc71319e0f05ae06894b29
-  Sections:
-    .text:
-      Entropy: 5.47466343739527
-      Virtual Size: '0x9650'
-    .rdata:
-      Entropy: 3.6126138085431725
-      Virtual Size: '0x1268'
-    .pdata:
-      Entropy: 3.954637417465344
-      Virtual Size: '0x3e4'
-    .srdata:
-      Entropy: 2.416721292937625
-      Virtual Size: '0x298'
-    .sdata:
-      Entropy: 2.4838136736919543
-      Virtual Size: '0x1b0'
-    .data:
-      Entropy: 1.0629748059111717
-      Virtual Size: '0x5bb060'
-    INIT:
-      Entropy: 5.6120916993294285
-      Virtual Size: '0x92a'
-    .rsrc:
-      Entropy: 3.4112316573365282
-      Virtual Size: '0x3f8'
-    .reloc:
-      Entropy: 0.5046360681325445
-      Virtual Size: '0x1170'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2007-06-12 08:31:18'
-  Imphash: a793af44219650b4dd07d8a19ede33f1
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: iQVW64.SYS
-  MD5: edbf206c27c3aa7d1890899dffcc03ec
-  SHA1: 3bb1dddb4157b6b8175fc6e1e7c33bef7870c500
-  SHA256: de3597ae7196ca8c0750dce296a8a4f58893774f764455a125464766fcc9b3b5
-  Authentihash:
-    MD5: 23b096e4055705b360ce4c802fb5e36c
-    SHA1: 4d3d6c6932e2882067830b2167b994b169e536d1
-    SHA256: e80597ea0d75e9198428c81ca5b4495bf11922dd29852a0a2e63998e36857746
-  Description: Intel(R) Network Adapter Diagnostic Driver
-  Company: 'Intel Corporation '
-  InternalName: iQVW64.SYS
-  OriginalFilename: iQVW64.SYS
-  FileVersion: '1.03.1.0 built by: WinDDK'
-  Product: Intel(R) iQVW64.SYS
-  ProductVersion: 1.03.1.0
-  Copyright: Copyright (C) 2002-2015 Intel Corporation All Rights Reserved.
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - IofCompleteRequest
-  - MmIsAddressValid
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - MmGetPhysicalAddress
-  - DbgPrint
-  - strncpy
-  - vsprintf
-  - IoFreeMdl
-  - MmMapLockedPagesSpecifyCache
-  - MmBuildMdlForNonPagedPool
-  - IoAllocateMdl
-  - MmUnmapIoSpace
-  - MmUnmapLockedPages
-  - MmAllocateContiguousMemory
-  - RtlInitUnicodeString
-  - MmMapIoSpace
-  - ObfDereferenceObject
-  - KeWaitForSingleObject
-  - IofCallDriver
-  - IoBuildSynchronousFsdRequest
-  - KeInitializeEvent
-  - ZwClose
-  - RtlFreeAnsiString
-  - strstr
-  - RtlUnicodeStringToAnsiString
-  - ZwEnumerateValueKey
-  - ZwOpenKey
-  - wcsncpy
-  - IoGetDeviceObjectPointer
-  - IoGetDeviceInterfaces
-  - ObReferenceObjectByPointer
-  - KeBugCheckEx
-  - IoDeleteSymbolicLink
-  - MmFreeContiguousMemory
-  - IoDeleteDevice
-  - KeStallExecutionProcessor
-  - KeQueryPerformanceCounter
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=CA, L=Santa Clara, O=Intel Corporation, CN=Intel(R) INTELNPG1
-      ValidFrom: '2015-09-28 19:41:01'
-      ValidTo: '2016-09-27 19:41:01'
-      Signature: 2e848fb2550d87edeeacf69dca78bc7ee5e795fd42baa6a313ef275d8d2e759cc65a18cd2377377e94a0ebb35a0102145417defb44dcf18f4dd77ee101906f3246ae512d7bb1e1dc4e40381a2c6ee4b4109167360f93b6694abc8c91dfec6b9da549d30c874b96a7f1217f5a4ee8093a880eb8aafbc2d9b58de2a71e8cb2fcf51d7133cf971410e9de26ad9a1b3516055847e9979af0c1fe4950fcd301d3f4170bf37660e3eb7f30197aad793158fee9958f2772eca1836e57bfd50c2c3dbf6cb6916e56f9a7e262f79d57c75993056f677ff60638475f9980b51f0916fea9e87e96778bb86cbb56425752eed78660e6e026728f8388d1e05f2cf54fd664c17e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 330000b7c6cfa9df260db5243500020000b7c6
-      Version: 3
-      TBS:
-        MD5: d04e62ad536be27b5ae5f53dfe14060b
-        SHA1: 558dc33cda5a996d71afe98ea75f5d81c358f42b
-        SHA256: 832c1b2d5269714f6804e13ed6fe068d732b543de00975c9e04dd697bf7be6e1
-        SHA384: fde1b110f034d38c2923861b58e91798da1b17afbf0ed367c3fd6ecc708d2795a4d7434367625db81d686337cce199d0
-    - Subject: C=US, ST=CA, L=Santa Clara, O=Intel Corporation, CN=Intel External
-        Basic Issuing CA 3B
-      ValidFrom: '2013-02-08 22:21:23'
-      ValidTo: '2018-02-08 22:31:23'
-      Signature: 47bb93e603b1d9570eff60e90fc75e86e623f7defa6dc27732ef23f68fcc6f2572d4a94bad11a273bb8bd2b7b8879474890ccc5cea3a9ac0753a97597c22003d7ac7c55be8d49313ec8f94cda833dfa4d79aa1c8d8a3b4497e173a02e96656978d16b470abbc6b1048e7457b13c74d05bca02c0516be067ef679678f9c3454e67eea197714f19d3b55e4339f69bba7a72254512c677d0452aa7b66dea96aad8ca15c7939cd1c85ec890699854627a001576e93365145e15a3a59af5b41f9709dc4160e05e795b401b4931a590b8a31f7b648c86af6228c9e92286fa893b4a772533ada2cfad43dbf09237fdfcc652ad091aa5031c865f53858d4b39be6311008
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 612cff88000100000010
-      Version: 3
-      TBS:
-        MD5: da9a02953cdcc039174d11b07dd2967d
-        SHA1: 568cfca269ff49615d305e680988337f0a90bc32
-        SHA256: fad628f5236458a9116a99f2d64fb9131a28f9942fca6239a5e7be0dddf4ce9f
-        SHA384: 5edeab0248f63cdc4c10b748618cd6fa4aa53ffb0ddfd51a2e35de2ea55a56822aa53fa734a46705655e8f5878b24ffd
-    - Subject: C=US, O=Intel Corporation, CN=Intel External Basic Policy CA
-      ValidFrom: '2013-02-01 00:00:00'
-      ValidTo: '2020-05-30 10:48:38'
-      Signature: 586fbfcd43074213fcb8d0ad8121f28a6fef87bc268a7c00bd680c2b19642c1167b3a9d9790aac395d6500163b53466ea2a6b56799dbe8bfa225ae049511093a2fdeacb73db8bc017430804748544ca0fb6ba8b8a284b7f434e57bcedc5278f4316d4251ae87bf94acbe9616fb55e5798264fdac5038e4dccb812ce7776f9d9b235c7d0403f4079e7ed457e266944debb55c5c629e8c2d83e64614e2a11380fddae0862711922bbd87174fcb19184b5e8ce60dd98f7d23766fa4ffa0ba3de36d37d62638e81a9c2392c8561f1a1a8e00d633a66b95fa821e740b0fa486df23337c9e3614b35ce2a3ed48a08e28f1d74cf6c09bb4f53ca3e5a863a22c08a5d5fe
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 79174aa9141736fe15a7ca9f2cff4588
-      Version: 3
-      TBS:
-        MD5: 6ce466d55ab160317ee9b13522c2a82a
-        SHA1: 53b052ba209c525233293274854b264bc0f68b73
-        SHA256: f71790e057380a0cbafdfc25bc8b3dafd6cfbeb01077bb3d8194e91254a2fc9b
-        SHA384: c0cc37f9505ff2bab958c8ef1ea94736efae52bcf5948c866446c46b64fb9f5e603fbad4bc70270ae74e58ac8ab055f9
-    - Subject: C=BM, O=QuoVadis Limited, CN=QuoVadis Issuing CA G4
-      ValidFrom: '2014-05-30 16:35:55'
-      ValidTo: '2021-03-17 18:33:33'
-      Signature: b9f61352b517a72a4d84774309a4dba067b4600e42f403bdc4ff2c5a0f902e78c563c84aec27f67ce429d0cf6018fa6822da0252760df21754c6f6081ea1cc82e4c33a6d99227cc4c077b4e6052047934039cfdc55adc346af294d799c644c205f8a1c56fc46a05fcb98dd917a39b4afc477996b9eacde6f2d79ea7fd7132498521cfd693eed72ac3fd0b4011914edb0f0cbf39c5114238cc7dc697d328196e41d478f017694833e888d925b1858986903c7f5d3f2615250eb34a0fd2630300fb5fd70e7272c370b1cf3e71ea62c0743b64b885e971fc1307d60642af30c7068445163599fdb57c21fff80e5c21192d82fefd51743ff642d64845c521a63c267
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 69b2d1ccf02e20dcc95c62894f7f9e5f5fc057bf
-      Version: 3
-      TBS:
-        MD5: 4e0fbd79a99e4a55f97ef41efee38a9f
-        SHA1: 114f36d5f22b84de97893469fc00b7035b3ef734
-        SHA256: f6dd9683708786a413d4d6a3661fa4e4aeb328adbd181b398b5b6aa02bb0bc16
-        SHA384: a26fe570a01b0e15cf94b41ce48ebd39ed9e9d18493d4c117f0fbb5a5b33ed8ef06c069b9638dda957547f0b0645e447
-    - Subject: C=US, ST=CA, L=Santa Clara, O=Intel Corporation, OU=Thales TSS ESN:E892,D055,162F,
-        OU=Thales TSS ESN:E892,D055,162F, CN=timestamp.intel.com
-      ValidFrom: '2015-04-24 21:46:24'
-      ValidTo: '2018-04-24 21:46:23'
-      Signature: 8047f4f1adda6f2972314a83957d8317eaac6de7c512ffd6069d24346b58a697a0722a7e8f6fb1a3825f077b4115dcb2003b12b1e9cd47c2bce88061e702768706f101c55154b860d71ae231242724ec4e09a87e776f3b4ec14a432dd51da06908b867d874759885bdba067703d65975f064df053453abeaff8f46cc7f0dbf7a7f7771155314da26284645114a4b457556b9b86a7e6d656f6d5d07ad51c212a336d392a18508484a89594bf9433cc56f4a28f13cbb8c07911bbe7688519f20e4ee85acd6bcb40655e0e2d120af74a61f059d57fc51e7897c4b4c495d7e58b7a53f9f6e60ec746ffc1c83e50bb90b31f78c4623d0d3c6cabd94b092173f6d92493ea4109bef62b451cdd34855970eb7d46eff53faa9a5dfa86ce6827b4c6239ad91a6043965b86ded234fb7df1c1dd1999fb3f40cba71be3b0fdaf27b52094b4327aa4b0465dff988dfbaed910b737a4ef098c661896f0db44a438acd6ae50f2d8d52ab07b20bd11f7577a253a41d891bf853ba5d3900a496cdc1913eb3279ad47c07e02e0477afd8f1afbaa91ea4397e65a660baece3779e44a9db7638b84b76afdd6f42dcc7f5df4ede64b4dad08039849784a2faefe3537f587499af729480c29214c9cb5c7c58afd5a474ee319a892dc603d522fd5e588369f322c15c8dcd8848ecf1d203c48434736573ed50266127bd3b2a97189c05bb1bb70ff394ce11
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 28a11e74fc0b8754580f50954c47c94e67754f28
-      Version: 3
-      TBS:
-        MD5: 990afc9a12be270c0fa6921df0223974
-        SHA1: a7025b6889dbdeb4c6770d524d4c80a0a75da5df
-        SHA256: 6eb4cfbd4f50e31ece8b34937025ca350330cb25367a401a5665e68159b47f13
-        SHA384: 287f1afb51c586f323b8f42bd6e269051c3aabfd1aaa084650d4d35a42a122489b2cb634c6842981273da17c3d6c8c1d
-    - Subject: C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust
-        External CA Root
-      ValidFrom: '2013-08-15 20:26:30'
-      ValidTo: '2023-08-15 20:36:30'
-      Signature: 362ba2f2e1331fe493f7f26985c6640ec99b632fe4703798fd94ec7bcff8a14246f9ed6a4e8d34693605557a1ebbad8c99429606e925a82684bec1bf16a97caa5b04b7fdd1c0f402be28edf577c79bfe3af6e8c17bd382abfa144ecf2bcfe5d5b54840b1a38f838bad2b2553aba634cef243f74f2ce9dd1e4e5ab6bae83b10992400bc50fd78f6e523a8899493f7b74130374a57b7e644d9c9df9905aa44fc74af8264cc07cb01b609c32ee3e832a7b49f4178c7a184365462f2ec150ac8ead084f8f1e06bf456125f95e0fcddb77693fe294a25e90400f1b4110ec9849edb177df51ea58e3629193a6d6c464bd7ab7024288d05a3d9d524f2f8a0d13c8239d4a8820e693a8109fc06f0c75933843693064191232c22a5a7012b50b428aedb46b0591b86b39b87e8494e390b6d14df4c03301e1f5f74aef55b590353ec9816e0d06235751b48b87d13e57a48b87752a40798253b069b7a4e6a6f44864f144f2779273d5073414c9c413edd290c73b1c7fb1f760c176504ebd25010924149ece4067d3615446f89bf697df94d40c13a98b6a07e31d2b5aecafb53d53f5086cd5e933b6d5d7c9a3f3ff7a9255884dd114900a2c7c89e37dd778e6d718be05b81345d54baccf59347886de7ef5be228e4801b40e40f2ad17f2315655aac9994433f465526d6c4fa8895e2919aa32d0b85deac8ce0f967709f71790231f761a229c4
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 3300000035d8d5595b0671412b000000000035
-      Version: 3
-      TBS:
-        MD5: 3d488d41aaeb5661974952080abef2fd
-        SHA1: df01e35e6befc7d65625319f17397b861e618d56
-        SHA256: 3d6ef38b5d26773dc77392e415e88b3a744b30ea9f2081e2a992b5818db2f0c4
-        SHA384: ac7c06916fe4a00307834b2499f12799d3fe463c2e63d1881df669a2786745beeee2b3a7d87cd6bc9e4fe293c22e5a59
-    Signer:
-    - SerialNumber: 330000b7c6cfa9df260db5243500020000b7c6
-      Issuer: C=US, ST=CA, L=Santa Clara, O=Intel Corporation, CN=Intel External Basic
-        Issuing CA 3B
-      Version: 1
-  RichPEHeaderHash:
-    MD5: b93991aca170b2e53fc8da875f35fb17
-    SHA1: a18b9d606191ba9cf8eeb0a6354b3cdb71e92d9e
-    SHA256: af46cc3638ff53bbc265d41801940298f3825b98920feb29959c1b3e64750a96
-  Sections:
-    .text:
-      Entropy: 6.3078070626171385
-      Virtual Size: '0x47f5'
-    .rdata:
-      Entropy: 4.766735064189019
-      Virtual Size: '0x804'
-    .data:
-      Entropy: 0.30140680731160896
-      Virtual Size: '0x5c9ec0'
-    .pdata:
-      Entropy: 4.311882242131907
-      Virtual Size: '0x42c'
-    INIT:
-      Entropy: 5.851810349253708
-      Virtual Size: '0x7c4'
-    .rsrc:
-      Entropy: 3.4182486205222795
-      Virtual Size: '0x3f8'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2015-11-24 07:11:47'
-  Imphash: a86fb9a41955bda815ab902fb58baa27
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: iQVW64.SYS
-  MD5: d0a5f9ace1f0c459cef714156db1de02
-  SHA1: 540b9f9a232b9d597138b8e0f33d83f5f6e247af
-  SHA256: f877296e8506e6a1acbdacdc5085b18c6842320a2775a329d286bac796f08d54
-  Authentihash:
-    MD5: a3680d04628485c4f6258dc95f4e8e76
-    SHA1: a254c2464cf2f39e729125250fa80297de9dcf01
-    SHA256: dcd4d4bee76aacba8792df291eb55cc716752bd7ddb51ecb9bec491b02f57c70
-  Description: Intel(R) Network Adapter Diagnostic Driver
-  Company: 'Intel Corporation '
-  InternalName: iQVW64.SYS
-  OriginalFilename: iQVW64.SYS
-  FileVersion: '1.03.1.0 built by: WinDDK'
-  Product: Intel(R) iQVW64.SYS
-  ProductVersion: 1.03.1.0
-  Copyright: Copyright (C) 2002-2015 Intel Corporation All Rights Reserved.
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - IofCompleteRequest
-  - MmIsAddressValid
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - MmGetPhysicalAddress
-  - DbgPrint
-  - strncpy
-  - vsprintf
-  - IoFreeMdl
-  - MmMapLockedPagesSpecifyCache
-  - MmBuildMdlForNonPagedPool
-  - IoAllocateMdl
-  - MmUnmapIoSpace
-  - MmUnmapLockedPages
-  - MmAllocateContiguousMemory
-  - RtlInitUnicodeString
-  - MmMapIoSpace
-  - ObfDereferenceObject
-  - KeWaitForSingleObject
-  - IofCallDriver
-  - IoBuildSynchronousFsdRequest
-  - KeInitializeEvent
-  - ZwClose
-  - RtlFreeAnsiString
-  - strstr
-  - RtlUnicodeStringToAnsiString
-  - ZwEnumerateValueKey
-  - ZwOpenKey
-  - wcsncpy
-  - IoGetDeviceObjectPointer
-  - IoGetDeviceInterfaces
-  - ObReferenceObjectByPointer
-  - KeBugCheckEx
-  - IoDeleteSymbolicLink
-  - MmFreeContiguousMemory
-  - IoDeleteDevice
-  - KeStallExecutionProcessor
-  - KeQueryPerformanceCounter
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=CA, L=Santa Clara, O=Intel Corporation, CN=Intel(R) Intel
-        Network Drivers
-      ValidFrom: '2014-09-25 20:18:50'
-      ValidTo: '2015-09-25 20:18:50'
-      Signature: 282fbd46725208a238f3b5692c350f5a4c0435aa16618799ca4a4b50e71c9be943c5f066d41ace15a81c2793d1c2e9b028b9e286547b065c092b778c21c4074ac7b680b673e0ddf92264e0a996ac7d377514787cd0f849ee320a25437779313dc9b8a6eb0ad5e39e07af803aae07f604b3face98f2803dc50e662598c62c900f71f0b3108c5ea58ac23c3f03cf82fad4c2a036495844141edc66d5aae317406280975a638b82613d7009d34e6886666c96d72d119f54d1c073e19bfc9a2c52003f7446867a39bd5574cc4fe5c4a43242943759796d16e390c2b418cf86e28f14ffbe9eb0bdfbd827d3998ffbbf471a482866514cd8ab53a7ee64b19cca57f809
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 330000b4a079accd956034e6ae00020000b4a0
-      Version: 3
-      TBS:
-        MD5: 557387a7a96e3f151cc3c13fa63d68ba
-        SHA1: e04a58597b2e5e13751077fd04eba275a3facc0e
-        SHA256: b0143064d50e1d87a0c526921c271950fd3e3b29b7efa7adca88d2dc07fee5b2
-        SHA384: 8e59bc2bf8da2fcea5bd7519805de016bd47645d1950cf07603f165e0d68754f0910384cdf95ecd747a07f2137a1bc10
-    - Subject: C=US, ST=CA, L=Santa Clara, O=Intel Corporation, CN=Intel External
-        Basic Issuing CA 3B
-      ValidFrom: '2013-02-08 22:21:23'
-      ValidTo: '2018-02-08 22:31:23'
-      Signature: 47bb93e603b1d9570eff60e90fc75e86e623f7defa6dc27732ef23f68fcc6f2572d4a94bad11a273bb8bd2b7b8879474890ccc5cea3a9ac0753a97597c22003d7ac7c55be8d49313ec8f94cda833dfa4d79aa1c8d8a3b4497e173a02e96656978d16b470abbc6b1048e7457b13c74d05bca02c0516be067ef679678f9c3454e67eea197714f19d3b55e4339f69bba7a72254512c677d0452aa7b66dea96aad8ca15c7939cd1c85ec890699854627a001576e93365145e15a3a59af5b41f9709dc4160e05e795b401b4931a590b8a31f7b648c86af6228c9e92286fa893b4a772533ada2cfad43dbf09237fdfcc652ad091aa5031c865f53858d4b39be6311008
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 612cff88000100000010
-      Version: 3
-      TBS:
-        MD5: da9a02953cdcc039174d11b07dd2967d
-        SHA1: 568cfca269ff49615d305e680988337f0a90bc32
-        SHA256: fad628f5236458a9116a99f2d64fb9131a28f9942fca6239a5e7be0dddf4ce9f
-        SHA384: 5edeab0248f63cdc4c10b748618cd6fa4aa53ffb0ddfd51a2e35de2ea55a56822aa53fa734a46705655e8f5878b24ffd
-    - Subject: C=US, O=Intel Corporation, CN=Intel External Basic Policy CA
-      ValidFrom: '2013-02-01 00:00:00'
-      ValidTo: '2020-05-30 10:48:38'
-      Signature: 586fbfcd43074213fcb8d0ad8121f28a6fef87bc268a7c00bd680c2b19642c1167b3a9d9790aac395d6500163b53466ea2a6b56799dbe8bfa225ae049511093a2fdeacb73db8bc017430804748544ca0fb6ba8b8a284b7f434e57bcedc5278f4316d4251ae87bf94acbe9616fb55e5798264fdac5038e4dccb812ce7776f9d9b235c7d0403f4079e7ed457e266944debb55c5c629e8c2d83e64614e2a11380fddae0862711922bbd87174fcb19184b5e8ce60dd98f7d23766fa4ffa0ba3de36d37d62638e81a9c2392c8561f1a1a8e00d633a66b95fa821e740b0fa486df23337c9e3614b35ce2a3ed48a08e28f1d74cf6c09bb4f53ca3e5a863a22c08a5d5fe
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 79174aa9141736fe15a7ca9f2cff4588
-      Version: 3
-      TBS:
-        MD5: 6ce466d55ab160317ee9b13522c2a82a
-        SHA1: 53b052ba209c525233293274854b264bc0f68b73
-        SHA256: f71790e057380a0cbafdfc25bc8b3dafd6cfbeb01077bb3d8194e91254a2fc9b
-        SHA384: c0cc37f9505ff2bab958c8ef1ea94736efae52bcf5948c866446c46b64fb9f5e603fbad4bc70270ae74e58ac8ab055f9
-    - Subject: C=SG, O=GMO GlobalSign Pte Ltd, CN=GlobalSign TSA for MS Authenticode
-        , G2
-      ValidFrom: '2015-02-03 00:00:00'
-      ValidTo: '2026-03-03 00:00:00'
-      Signature: 8032dc078d1ca09c9d3c2ae83d218b59a14d7ecc44ce03be7eaabcc4e67b73bb4bf188da904e7537283863b9d72b0f54a956ce7739973073cd9bd9d905451c8da4b8035d4fd91c2e98e0e988e6ecd7057e562a7bf7165ba3ad8f972512841bb25c634a0ad2ef10544782843569289c0ce41f141624fa75dc74726e4ecae36a43afcf7d3648d1bde906912c2fa6c871fdcfbdd89d2198fcafdbde228cafa7f377ef9ddca3704b441af078851ef2a58c39b5dc881c37edad14f5070b26bdbe6d025eb1b8b0586c853a0df6ff5a270cc5de53e7543c564cc94e4c30f6f25cfb1a8cc282bead5991f61b4d557bcf5b01dcfd7ad36f235c32479b01f3c15114468a9b
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112106a081d33fd87ae5824cc16b52094e03
-      Version: 3
-      TBS:
-        MD5: a0ac4d48fe852f7b3ed4e623d59a825f
-        SHA1: d4db9846bc4d7db142eeb364286f6de7c102420c
-        SHA256: 78d2e41a13eb4e9171bae2d2adb192cf39210b5231f77cda936bcfbe8c003bdf
-        SHA384: 990ed96dca5979deeedc98a012279f04efb5559d7e7f5084a12f3802ee9439326557aecefd081cff739b78515b5d7f50
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Timestamping CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2028-01-28 12:00:00'
-      Signature: 4e5e56901e46b4d94931f3bb1739281bc216ddfd41dc0905049b6fb2a29ad6992e40990055b5ea3fa52076d38634d417cc553ac782eeefa8babcd8069f1550dfcd167b523a02d7191afdaff0785ce04bc518df3a241edaacb8a95804020730dbb0125efe31bef00448f4f070f83a5e5683cf3dfb0dbcf4c5ed979db9d4dba52784e3389b8ba735864420a43b6da46a0ba183fd28ebdaef28f6cc885dfb0a3b00abe021ebe22f356c0f8e344597eba2f79933357ecb9a8abb454de73f9fc2d98afa65b26ec77e65ffe892e12c31a2f7b02736488f266f3bee4d761f79c3e57f9635bc2d0ecc01b08e7fff518080a792d4b34446648c874f166307314b63b0dff3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee152d7
-      Version: 3
-      TBS:
-        MD5: e140543fe3256027cfa79fc3c19c1776
-        SHA1: c655f94eb1ecc93de319fc0c9a2dc6c5ec063728
-        SHA256: 3ca71e85908ff67368e4dc00253f5691b9e6d50c966e7784143d75fb92aa3448
-        SHA384: d9d366f9328f2b55ee19a32cc5fd5148b81d764282fe5dc196c872ae249caa51d2c212ef39f33945dfe0cda81925e326
-    - Subject: C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust
-        External CA Root
-      ValidFrom: '2013-08-15 20:26:30'
-      ValidTo: '2023-08-15 20:36:30'
-      Signature: 362ba2f2e1331fe493f7f26985c6640ec99b632fe4703798fd94ec7bcff8a14246f9ed6a4e8d34693605557a1ebbad8c99429606e925a82684bec1bf16a97caa5b04b7fdd1c0f402be28edf577c79bfe3af6e8c17bd382abfa144ecf2bcfe5d5b54840b1a38f838bad2b2553aba634cef243f74f2ce9dd1e4e5ab6bae83b10992400bc50fd78f6e523a8899493f7b74130374a57b7e644d9c9df9905aa44fc74af8264cc07cb01b609c32ee3e832a7b49f4178c7a184365462f2ec150ac8ead084f8f1e06bf456125f95e0fcddb77693fe294a25e90400f1b4110ec9849edb177df51ea58e3629193a6d6c464bd7ab7024288d05a3d9d524f2f8a0d13c8239d4a8820e693a8109fc06f0c75933843693064191232c22a5a7012b50b428aedb46b0591b86b39b87e8494e390b6d14df4c03301e1f5f74aef55b590353ec9816e0d06235751b48b87d13e57a48b87752a40798253b069b7a4e6a6f44864f144f2779273d5073414c9c413edd290c73b1c7fb1f760c176504ebd25010924149ece4067d3615446f89bf697df94d40c13a98b6a07e31d2b5aecafb53d53f5086cd5e933b6d5d7c9a3f3ff7a9255884dd114900a2c7c89e37dd778e6d718be05b81345d54baccf59347886de7ef5be228e4801b40e40f2ad17f2315655aac9994433f465526d6c4fa8895e2919aa32d0b85deac8ce0f967709f71790231f761a229c4
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 3300000035d8d5595b0671412b000000000035
-      Version: 3
-      TBS:
-        MD5: 3d488d41aaeb5661974952080abef2fd
-        SHA1: df01e35e6befc7d65625319f17397b861e618d56
-        SHA256: 3d6ef38b5d26773dc77392e415e88b3a744b30ea9f2081e2a992b5818db2f0c4
-        SHA384: ac7c06916fe4a00307834b2499f12799d3fe463c2e63d1881df669a2786745beeee2b3a7d87cd6bc9e4fe293c22e5a59
-    Signer:
-    - SerialNumber: 330000b4a079accd956034e6ae00020000b4a0
-      Issuer: C=US, ST=CA, L=Santa Clara, O=Intel Corporation, CN=Intel External Basic
-        Issuing CA 3B
-      Version: 1
-  RichPEHeaderHash:
-    MD5: b93991aca170b2e53fc8da875f35fb17
-    SHA1: a18b9d606191ba9cf8eeb0a6354b3cdb71e92d9e
-    SHA256: af46cc3638ff53bbc265d41801940298f3825b98920feb29959c1b3e64750a96
-  Sections:
-    .text:
-      Entropy: 6.308035787328417
-      Virtual Size: '0x47f5'
-    .rdata:
-      Entropy: 4.769224140133115
-      Virtual Size: '0x804'
-    .data:
-      Entropy: 0.30140680731160896
-      Virtual Size: '0x5c9ec0'
-    .pdata:
-      Entropy: 4.308844204470135
-      Virtual Size: '0x42c'
-    INIT:
-      Entropy: 5.8512797646335875
-      Virtual Size: '0x7c4'
-    .rsrc:
-      Entropy: 3.4182486205222795
-      Virtual Size: '0x3f8'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2015-04-22 05:46:58'
-  Imphash: a86fb9a41955bda815ab902fb58baa27
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: iQVW64.SYS
-  MD5: cebf532d1e3c109418687cb9207516ad
-  SHA1: 444a2b778e2fc26067c49dde0aff0dcfb85f2b64
-  SHA256: ff115cefe624b6ca0b3878a86f6f8b352d1915b65fbbdc33ae15530a96ebdaa7
-  Authentihash:
-    MD5: e6245e7df4ae8bd2e49e0f41d3fad7fc
-    SHA1: 73d3fbb52669d917c11808919817d8d97681c6ac
-    SHA256: 1452103306895429c54ba1735800b8c8694c3165cdef32ca12ed6ce348019292
-  Description: Intel(R) Network Adapter Diagnostic Driver
-  Company: 'Intel Corporation '
-  InternalName: iQVW64.SYS
-  OriginalFilename: iQVW64.SYS
-  FileVersion: '1.03.0.4 built by: WinDDK'
-  Product: Intel(R) iQVW64.SYS
-  ProductVersion: 1.03.0.4
-  Copyright: Copyright (C) 2002-2006 Intel Corporation All Rights Reserved.
-  MachineType: IA64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - KeGetCurrentIrql
-  - DbgPrint
-  - sprintf
-  - vsprintf
-  - IoFreeMdl
-  - MmMapLockedPages
-  - MmBuildMdlForNonPagedPool
-  - IoAllocateMdl
-  - MmUnmapIoSpace
-  - MmUnmapLockedPages
-  - MmAllocateContiguousMemory
-  - MmFreeContiguousMemory
-  - MmMapIoSpace
-  - ObfDereferenceObject
-  - KeWaitForSingleObject
-  - MmGetPhysicalAddress
-  - IoBuildSynchronousFsdRequest
-  - KeInitializeEvent
-  - ZwClose
-  - RtlFreeAnsiString
-  - strstr
-  - RtlUnicodeStringToAnsiString
-  - ZwEnumerateValueKey
-  - ZwOpenKey
-  - wcsncpy
-  - IoGetDeviceObjectPointer
-  - IoGetDeviceInterfaces
-  - ObReferenceObjectByPointer
-  - KeTickCount
-  - KeBugCheckEx
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - RtlInitUnicodeString
-  - IoDeleteSymbolicLink
-  - IofCallDriver
-  - IoDeleteDevice
-  - KeStallExecutionProcessor
-  - WRITE_PORT_ULONG
-  - WRITE_PORT_USHORT
-  - WRITE_PORT_UCHAR
-  - READ_PORT_ULONG
-  - READ_PORT_USHORT
-  - READ_PORT_UCHAR
-  - KeQueryPerformanceCounter
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2008-12-03 23:59:59'
-      Signature: 877870da4e5201205be079c98230c4fdb91996bd9100c3bdcdcdc6f40ed8fff94dc033623011c5f5741bd492de5f9c2013b17c45be50cd83e7801783a72793671346fbcab8984103cc9b515b058b7fa86ff31b501b242ef2698d6c22f7bbca1695ed0c74c06877d9eb996287c17390f889747a23aba3987b97b1f78f29714d2e751b4841daf0b50d2054d677a097826369fd09cf8af075bb099bd9f91155269a6132be7a02b07b86bea2c38b222c78d13576bc92735cf9b9e64c150a23cce4d2d4342e4940153c0f607a24c6a566ef96cf70eb3ee7f40d7edcd17ca3767169c19c4f47303521b1a2af1a623c2bd98eaa2a077bd818b35c7be29da56ffe3c89ad
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0de92bf0d4d82988183205095e9a7688
-      Version: 3
-      TBS:
-        MD5: 45c204b8a20f6abb0188d2d38a3fb0c9
-        SHA1: cdf3a3c5c2eda4c29621f30fd3154f9f8c765739
-        SHA256: e32839dddc0f4ed2474efaf37f59d46db400c700fd19533cb0895a111124bc77
-        SHA384: ee9c75832cb252218b3201619852209df490d2ef7a5f7a28afdb37f1c1dd56f4604898838e558f615b1c798d4a488223
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=US, ST=Oregon, L=Hillsboro, O=Intel Corporation, OU=Digital ID Class
-        3 , Microsoft Software Validation v2, OU=LAN Access Division, CN=Intel Corporation
-      ValidFrom: '2006-04-17 00:00:00'
-      ValidTo: '2009-05-31 23:59:59'
-      Signature: 1c9c5e1020ecb0b42a91db52dd24e367787824834a64266a853e2e606da460488ac331c35600c43713d44df9a63e354c802f6fd18393206067cb6386f02d31c9b1ec0cf22d2067dc3add71bcb23063436822b69c31e1aa9c236e1111651ba67adf5fa784b98a264a33e03e61bb7e5b3e47152ce5d4d4918ca92bfc581063b1c83777480f29f7c02f08f47078e95e0eca268714fd9e5cce7a381bcfcd55918af45d3e3b1f2a82846df292a4a2ac99e94fb5df00b73cf90968b2d47789bf10f6673b4e5c3b6631eedc336a2aa1b6de1fc3dda1d26b10c9d9c4bb92ceff38b0e49c0939a9d5b179f0d1cf7251406b473381c79bf4fa9670d6c6325a7f9909ae0b63
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 65680c783b728ab2a1880df4232ded32
-      Version: 3
-      TBS:
-        MD5: 9d44550dc9e1d18ef155513f85ab1f12
-        SHA1: 5f3d3da7374d8edbe4b2a2534c07682861458b3c
-        SHA256: 12d4c385c0c5e927fc876523b6874918232c08fdaff8e96e230e622b0841df00
-        SHA384: 165909cf2d34f32ea49a96d98d2c59d6eaad7a8bfe85f6e34d9da3fa79f40b31e4a88d3040558b876f2154c8970b41c4
-    Signer:
-    - SerialNumber: 65680c783b728ab2a1880df4232ded32
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 8007fd3858325a29ea818653b1ceb33c
-    SHA1: acaff2a453f47e14cf2a396ee2e6ca8cbc5801b7
-    SHA256: d95fe490f0c27ddb18fe210abef87a55a90d70c1c3fc71319e0f05ae06894b29
-  Sections:
-    .text:
-      Entropy: 5.4745915858548955
-      Virtual Size: '0x9650'
-    .rdata:
-      Entropy: 3.6105380581890048
-      Virtual Size: '0x1268'
-    .pdata:
-      Entropy: 3.954637417465344
-      Virtual Size: '0x3e4'
-    .srdata:
-      Entropy: 2.416721292937625
-      Virtual Size: '0x298'
-    .sdata:
-      Entropy: 2.4838136736919543
-      Virtual Size: '0x1b0'
-    .data:
-      Entropy: 1.0629748059111717
-      Virtual Size: '0x5bb060'
-    INIT:
-      Entropy: 5.611965932939277
-      Virtual Size: '0x92a'
-    .rsrc:
-      Entropy: 3.4112316573365282
-      Virtual Size: '0x3f8'
-    .reloc:
-      Entropy: 0.5046360681325445
-      Virtual Size: '0x1170'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2006-11-15 08:41:42'
-  Imphash: a793af44219650b4dd07d8a19ede33f1
-  LoadsDespiteHVCI: 'FALSE'
-Tags:
-- iQVW64.SYS
+-   Filename: iQVW64.SYS
+    MD5: c796a92a66ec725b7b7febbdc13dc69b
+    SHA1: 0ed0c4d6c3b6b478cbfd7fb0bd1e1b5457a757cc
+    SHA256: 19bf0d0f55d2ad33ef2d105520bde8fb4286f00e9d7a721e3c9587b9408a0775
+    Authentihash:
+        MD5: 9628077052773b85d492e06322fa4366
+        SHA1: 013c02f8fb3b1eb638a8ccdd9da5277749d1060b
+        SHA256: 46ec6310c5ea5e289299d40f5ecca82b9c722ffc766dfd08f36dc88835e63567
+    Description: Intel(R) Network Adapter Diagnostic Driver
+    Company: 'Intel Corporation '
+    InternalName: iQVW64.SYS
+    OriginalFilename: iQVW64.SYS
+    FileVersion: '1.03.0.4 built by: WinDDK'
+    Product: Intel(R) iQVW64.SYS
+    ProductVersion: 1.03.0.4
+    Copyright: Copyright (C) 2002-2011 Intel Corporation All Rights Reserved.
+    MachineType: IA64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - KeGetCurrentIrql
+    - DbgPrint
+    - strncpy
+    - vsprintf
+    - IoFreeMdl
+    - MmMapLockedPages
+    - MmBuildMdlForNonPagedPool
+    - IoAllocateMdl
+    - MmUnmapIoSpace
+    - MmUnmapLockedPages
+    - MmAllocateContiguousMemory
+    - MmFreeContiguousMemory
+    - MmMapIoSpace
+    - ObfDereferenceObject
+    - KeWaitForSingleObject
+    - MmGetPhysicalAddress
+    - IoBuildSynchronousFsdRequest
+    - KeInitializeEvent
+    - ZwClose
+    - RtlFreeAnsiString
+    - strstr
+    - RtlUnicodeStringToAnsiString
+    - ZwEnumerateValueKey
+    - ZwOpenKey
+    - wcsncpy
+    - IoGetDeviceObjectPointer
+    - IoGetDeviceInterfaces
+    - ObReferenceObjectByPointer
+    - KeTickCount
+    - KeBugCheckEx
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - RtlInitUnicodeString
+    - IoDeleteSymbolicLink
+    - IofCallDriver
+    - IoDeleteDevice
+    - KeStallExecutionProcessor
+    - WRITE_PORT_ULONG
+    - WRITE_PORT_USHORT
+    - WRITE_PORT_UCHAR
+    - READ_PORT_ULONG
+    - READ_PORT_USHORT
+    - READ_PORT_UCHAR
+    - KeQueryPerformanceCounter
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=US, ST=Oregon, L=Hillsboro, O=Intel Corporation, OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, OU=LAN Access Division,
+                CN=Intel Corporation
+            ValidFrom: '2009-05-26 00:00:00'
+            ValidTo: '2012-05-30 23:59:59'
+            Signature: 3d01e2c5a5f6209e2b1cbf422f38c19677d0c3d164d29bcf4fda7ad174d1bbd575795110e13d1af2fad8fcf7a683374a113b00b3b79677f04594c035194e9ab3d016259124793bae1750082011447c5f3e5e46d4c8423affadd01a84b40bbb6143b2030b6741f17d9d9b31124857587c24f1b9877f901b861a7e487bb0ba249553fc7decd252dd7c15a2ebdddec25e84d4dc9e5d6bdf06cb35c97b9a14c04945765431fb8be90e0b007daa667972409973db8f484b2283492c62a7923202797428054a8077cbabc1b1ad48334a759a32c6c2651b9ed192f67dd6d1479da1ea6f0a3b24a02c01b4ac85d293dc40150f831870b8aaa56d727eec6f55a0ff68402a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 058258571670ab2b1bac50679cec49a1
+            Version: 3
+            TBS:
+                MD5: 2db2db8ad770f96c4ba2de12f5336353
+                SHA1: d70fb0f12785771b5eff8029e0801fbe0caca8b3
+                SHA256: ebce0797330e680af51b1a399d34575a8bcac049d55b1323097e17147b430538
+                SHA384: b1480302c0412127620d79bc13eba100191c2458e63df9ae6987481db2ca14de7530211e195540d9b30bc7390a44fec0
+        Signer:
+        -   SerialNumber: 058258571670ab2b1bac50679cec49a1
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 8007fd3858325a29ea818653b1ceb33c
+        SHA1: acaff2a453f47e14cf2a396ee2e6ca8cbc5801b7
+        SHA256: d95fe490f0c27ddb18fe210abef87a55a90d70c1c3fc71319e0f05ae06894b29
+    Sections:
+        .text:
+            Entropy: 5.475411996294876
+            Virtual Size: '0x95e0'
+        .rdata:
+            Entropy: 3.072068378066715
+            Virtual Size: '0xf40'
+        .pdata:
+            Entropy: 3.9359294560144455
+            Virtual Size: '0x3e4'
+        .srdata:
+            Entropy: 2.7857828687461534
+            Virtual Size: '0x280'
+        .sdata:
+            Entropy: 2.491453465417235
+            Virtual Size: '0x1b0'
+        .data:
+            Entropy: 0.0
+            Virtual Size: '0x5c9d80'
+        INIT:
+            Entropy: 5.639528673951456
+            Virtual Size: '0x92a'
+        .rsrc:
+            Entropy: 3.4091935406815166
+            Virtual Size: '0x3f8'
+        .reloc:
+            Entropy: 0.41227279241255127
+            Virtual Size: '0x1020'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2011-10-05 01:13:31'
+    Imphash: 4bd0bd7710a7f71d38f056241c8ce0a7
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: iQVW64.SYS
+    MD5: f7d963c14a691a022301afa31de9ecef
+    SHA1: 2e546d86d3b1e4eaa92b6ec4768de79f70eb922f
+    SHA256: 1f8168036d636aad1680dd0f577ef9532dbb2dad3591d63e752b0ba3ee6fd501
+    Authentihash:
+        MD5: 9e5958641168a690ab2b8003d3095a1f
+        SHA1: b1ce8991df0af287d5fd6837306384bd4327ea1d
+        SHA256: 6f2cf1c9502c5c5054edb556827ba30ffc2e6689faf807db404672781b032eaf
+    Description: Intel(R) Network Adapter Diagnostic Driver
+    Company: 'Intel Corporation '
+    InternalName: iQVW64.SYS
+    OriginalFilename: iQVW64.SYS
+    FileVersion: '1.3.2.16 built by: WinDDK'
+    Product: Intel(R) iQVW64.SYS
+    ProductVersion: 1.3.2.16
+    Copyright: Copyright (C) 2002-2018 Intel Corporation All Rights Reserved.
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoCreateSymbolicLink
+    - IofCompleteRequest
+    - MmIsAddressValid
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - MmGetPhysicalAddress
+    - DbgPrint
+    - strncpy
+    - vsprintf
+    - IoFreeMdl
+    - MmMapLockedPagesSpecifyCache
+    - MmBuildMdlForNonPagedPool
+    - IoAllocateMdl
+    - MmUnmapIoSpace
+    - MmUnmapLockedPages
+    - MmAllocateContiguousMemory
+    - MmFreeContiguousMemory
+    - MmMapIoSpace
+    - RtlInitUnicodeString
+    - KeWaitForSingleObject
+    - IofCallDriver
+    - IoBuildSynchronousFsdRequest
+    - KeInitializeEvent
+    - ZwClose
+    - RtlFreeAnsiString
+    - strstr
+    - RtlUnicodeStringToAnsiString
+    - ZwEnumerateValueKey
+    - ZwOpenKey
+    - wcsncpy
+    - IoGetDeviceObjectPointer
+    - IoGetDeviceInterfaces
+    - ObReferenceObjectByPointer
+    - MmAllocateNonCachedMemory
+    - MmFreeNonCachedMemory
+    - KeBugCheckEx
+    - IoDeleteSymbolicLink
+    - ObfDereferenceObject
+    - IoDeleteDevice
+    - MmGetSystemRoutineAddress
+    - ZwSetSecurityObject
+    - ObOpenObjectByPointer
+    - IoDeviceObjectType
+    - IoCreateDevice
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetSaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - _snwprintf
+    - RtlLengthSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - SeExports
+    - IoIsWdmVersionAvailable
+    - _wcsnicmp
+    - RtlAddAccessAllowedAce
+    - RtlLengthSid
+    - wcschr
+    - RtlAbsoluteToSelfRelativeSD
+    - RtlSetDaclSecurityDescriptor
+    - RtlCreateSecurityDescriptor
+    - ZwCreateKey
+    - ZwQueryValueKey
+    - ZwSetValueKey
+    - RtlFreeUnicodeString
+    - KeStallExecutionProcessor
+    - KeQueryPerformanceCounter
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust
+                External CA Root
+            ValidFrom: '2013-08-15 20:26:30'
+            ValidTo: '2023-08-15 20:36:30'
+            Signature: 362ba2f2e1331fe493f7f26985c6640ec99b632fe4703798fd94ec7bcff8a14246f9ed6a4e8d34693605557a1ebbad8c99429606e925a82684bec1bf16a97caa5b04b7fdd1c0f402be28edf577c79bfe3af6e8c17bd382abfa144ecf2bcfe5d5b54840b1a38f838bad2b2553aba634cef243f74f2ce9dd1e4e5ab6bae83b10992400bc50fd78f6e523a8899493f7b74130374a57b7e644d9c9df9905aa44fc74af8264cc07cb01b609c32ee3e832a7b49f4178c7a184365462f2ec150ac8ead084f8f1e06bf456125f95e0fcddb77693fe294a25e90400f1b4110ec9849edb177df51ea58e3629193a6d6c464bd7ab7024288d05a3d9d524f2f8a0d13c8239d4a8820e693a8109fc06f0c75933843693064191232c22a5a7012b50b428aedb46b0591b86b39b87e8494e390b6d14df4c03301e1f5f74aef55b590353ec9816e0d06235751b48b87d13e57a48b87752a40798253b069b7a4e6a6f44864f144f2779273d5073414c9c413edd290c73b1c7fb1f760c176504ebd25010924149ece4067d3615446f89bf697df94d40c13a98b6a07e31d2b5aecafb53d53f5086cd5e933b6d5d7c9a3f3ff7a9255884dd114900a2c7c89e37dd778e6d718be05b81345d54baccf59347886de7ef5be228e4801b40e40f2ad17f2315655aac9994433f465526d6c4fa8895e2919aa32d0b85deac8ce0f967709f71790231f761a229c4
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 3300000035d8d5595b0671412b000000000035
+            Version: 3
+            TBS:
+                MD5: 3d488d41aaeb5661974952080abef2fd
+                SHA1: df01e35e6befc7d65625319f17397b861e618d56
+                SHA256: 3d6ef38b5d26773dc77392e415e88b3a744b30ea9f2081e2a992b5818db2f0c4
+                SHA384: ac7c06916fe4a00307834b2499f12799d3fe463c2e63d1881df669a2786745beeee2b3a7d87cd6bc9e4fe293c22e5a59
+        -   Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited,
+                CN=COMODO RSA Certification Authority
+            ValidFrom: '2000-05-30 10:48:38'
+            ValidTo: '2020-05-30 10:48:38'
+            Signature: 64bf83f15f9a85d0cdb8a129570de85af7d1e93ef276046ef15270bb1e3cff4d0d746acc818225d3c3a02a5d4cf5ba8ba16dc4540975c7e3270e5d847937401377f5b4ac1cd03bab1712d6ef34187e2be979d3ab57450caf28fad0dbe5509588bbdf8557697d92d852ca7381bf1cf3e6b86e661105b31e942d7f91959259f14ccea391714c7c470c3b0b19f6a1b16c863e5caac42e82cbf90796ba484d90f294c8a973a2eb067b239ddea2f34d559f7a6145981868c75e406b23f5797aef8cb56b8bb76f46f47bf13d4b04d89380595ae041241db28f15605847dbef6e46fd15f5d95f9ab3dbd8b8e440b3cd9739ae85bb1d8ebcdc879bd1a6eff13b6f10386f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.12
+            IsCertificateAuthority: true
+            SerialNumber: 2766ee56eb49f38eabd770a2fc84de22
+            Version: 3
+            TBS:
+                MD5: be5bfbe77379139ac5cdcbcc8d4d3b34
+                SHA1: 606b701bc9f448ddbfe6fa63ccb8061b838ee254
+                SHA256: 0d73a614eef7596cf5a34733f74daf2ccfe4df7b4a40069bf43c43e428264177
+                SHA384: 7ce102d63c57cb48f80a65d1a5e9b350a7a618482aa5a36775323ca933ddfcb00def83796a6340dec5ebf7596cfd8e5d
+        -   Subject: C=US, ST=CA, L=Santa Clara, O=Intel Corporation, CN=Intel(R)
+                INTELND1617S2
+            ValidFrom: '2016-09-22 20:52:10'
+            ValidTo: '2018-09-22 20:52:10'
+            Signature: 54c74e29a233c023318bb790335296bd320e2fe2d0c3911439fa64bb42649c1b23b4feef4a6d0033c868e6bc100dc48908feb70b8f9a789c244adb601dab2931ba223ab00fa35f20dcdbd4c23d01d1a21fc45475c825817125636a1d291a4d2ad58b4f42a45b6c5099448f1d42b150a46449b77f2da99fb5c96dd4b5171f3fd8469ad8d2754d5ab0de3a66c92b2f0522152c5d431f8930203f1058421de74d752432509fc05513a7bfb8ea307171379148ee283ce62702fbe3be88a717090651c879cde40589550e80453707b604dbefda434187093c85f04a2aedb502f7eeef27675b0a53f3855655ea8c662a98d9a90b16b8dd7ef677ba3233738e8740185fee1ea12b96515e7ed8acdcc980f9fffb00a822fa9cefa8b8935d27d6eda7b10c13cf24e0cd0a55afd3d49bb166a5b1d4b9ab13d7969882c11aef0966e512e17da18affa9139e4bc48b002ed1b3889dd71571b74613f7d340b09a59e4809458d4838f7fdb9f90e4c6f0d9273430c47a10e89272e323ecdb08146dc4d13aad95ab5ca8d8932e090c92102f3e89409967cd8b21507f41d5cf4a65e80723000944911561f15bfd50fc6f612d75185db6c31f94cfad85556b32c3b149aad421f10b42162c01aba2a2f773196b0063506ca08337069ebe6ce23cc2a14582182ed46e267d0dd8e982b8016be5eca29b2130c82b504dac2f3751b3010abde895db438352
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 560000013927007472d9b99b9b000000000139
+            Version: 3
+            TBS:
+                MD5: cdc266193e7ecfd8e1e7f3aed67e75ed
+                SHA1: d384f171c6ae3e92f8cc93ca26690c3d5be2a81b
+                SHA256: 15c1d42f57e1f011c3e16c96f68d07d2734a981e5c1200ac6b974e9c7683654e
+                SHA384: 55f8f8afaf783b2b4f9f1e48e86def2eeec80e1b2744679afd6d2809b2c822780720e65d69e43c93916b90b6da1dead8
+        -   Subject: C=US, ST=CA, L=Santa Clara, O=Intel Corporation, CN=Intel External
+                Issuing CA 7B
+            ValidFrom: '2015-10-28 00:00:00'
+            ValidTo: '2021-06-17 23:59:59'
+            Signature: 35bb03eacc9b601a13d075528e8095454e9ebf6ec0bb64aac36eb1021d465e2fe82f48cc8410f7ad993bfffa856829b0d37c31e21ab47bc166e2a53bc729189835ae6301a845209561db104db90d6bd39964ce5f8bb86c1346a06e5a0d3ee790ebb731a121f58dde3b7b6936f10800b9aabf1c566156d7cc923f29d4d96bd8222f0e56f56ad146e8808f397a923c6748b7e2fa190f3767e2df292d02aa43282eae2c464224be6dbb6a8849a64c20dfe5654ffae1c1be71d5f85ef59d6692b23b64e1e8aeac995517bddb1bdfa0934f3f56f23b83d5d2b7c1085a524042e33e9120f735b491f04de134694879c0ed30c9931a84d572198f6d8039f459ab2016d8f9ff7026237becc50033227c3d203aedb428bc7a810ce70bc13f7c300c4e50b8670fd76417b7c3c52085ca8fced5262a1254b9ff22f8a8273cca0e853714ee02e52f66156263876a5ecf29d3b89178b76172177bc119a6180822dad09125f606090926b02dac808874335fc7e044c1309976d877b14701ef69922bedae582963a0358ee41db704f1da3ab23280b1c8bcf0e70f71007a333a06e8a4d879d9d953cd9bfeb2685b8884856b0771d04f930a0760033408d273bf141adfe3c7041b2d999e931c95b38798425a1c916352398a8f4a2ac24c7b70693a3cf1fb2fff0e0a8794e4016acf9bb41fa30ea9ea2adcaf2b8c4401fd3a587d3278a219d5c974c5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.12
+            IsCertificateAuthority: true
+            SerialNumber: 069b5e99277284c8767f1368a7deb0f3
+            Version: 3
+            TBS:
+                MD5: 5578c7331db18bb448db403ad32c94ee
+                SHA1: dfcfe5d6087cf830513d705aa701ff957d960298
+                SHA256: 5b619f82064ace7ecf48d26ce8ae6fa3b52671915fa81ee81cddbe740dd8698b
+                SHA384: 5fa042c979faba67de861093b4aca808ae4be0fcedf123cb8afe126856c0b6ac3451393048211db8993914c5ff410bd8
+        Signer:
+        -   SerialNumber: 560000013927007472d9b99b9b000000000139
+            Issuer: C=US, ST=CA, L=Santa Clara, O=Intel Corporation, CN=Intel External
+                Issuing CA 7B
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 84dfb7245aa6b7f3efec05cfa6559636
+        SHA1: 695bd45c0e89dcb58253e90c9a43400b03ae2202
+        SHA256: 3ff178ffbb2c17ce7c3a02ef5943ddf3b580e3e28f6cc59775c5369062a0b9ab
+    Sections:
+        .text:
+            Entropy: 6.260738500856503
+            Virtual Size: '0x4945'
+        .rdata:
+            Entropy: 4.781831199028562
+            Virtual Size: '0xed0'
+        .data:
+            Entropy: 1.1262035268835313
+            Virtual Size: '0x5ca0a0'
+        .pdata:
+            Entropy: 4.658699009524359
+            Virtual Size: '0x678'
+        PAGE:
+            Entropy: 6.1261566082145595
+            Virtual Size: '0x1b71'
+        INIT:
+            Entropy: 5.77048929806172
+            Virtual Size: '0xb4c'
+        .rsrc:
+            Entropy: 3.435765934379025
+            Virtual Size: '0x3f8'
+        .reloc:
+            Entropy: 1.2072398645622464
+            Virtual Size: '0x60'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2018-04-06 02:56:07'
+    Imphash: 2cf48a541dc193e91bb2a831adcf278e
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: iQVW64.SYS
+    MD5: 73a40e29f61e5d142c8f42b28a351190
+    SHA1: bdfb25cc4ed569dc0d5849545eb4abe08539029f
+    SHA256: 2d2c7ee9547738a8a676ab785c151e8b48ed40fe7cf6174650814c7f5f58513b
+    Authentihash:
+        MD5: de5dc7fda88792287ab03e73cece0ba8
+        SHA1: 99adef60a03c2ba9aa008adcd151686175ede2db
+        SHA256: 0ae3c446e5f075e8fc3db31eabd744a65b2c50a9b4a52877873547951bc19bc9
+    Description: Intel(R) Network Adapter Diagnostic Driver
+    Company: 'Intel Corporation '
+    InternalName: iQVW64.SYS
+    OriginalFilename: iQVW64.SYS
+    FileVersion: '1.03.0.6 built by: WinDDK'
+    Product: Intel(R) iQVW64.SYS
+    ProductVersion: 1.03.0.6
+    Copyright: Copyright (C) 2002-2012 Intel Corporation All Rights Reserved.
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - IofCompleteRequest
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - MmGetPhysicalAddress
+    - DbgPrint
+    - strncpy
+    - vsprintf
+    - IoFreeMdl
+    - MmMapLockedPagesSpecifyCache
+    - MmBuildMdlForNonPagedPool
+    - IoAllocateMdl
+    - MmUnmapIoSpace
+    - MmUnmapLockedPages
+    - MmAllocateContiguousMemory
+    - MmFreeContiguousMemory
+    - RtlInitUnicodeString
+    - ObfDereferenceObject
+    - KeWaitForSingleObject
+    - IofCallDriver
+    - IoBuildSynchronousFsdRequest
+    - KeInitializeEvent
+    - ZwClose
+    - RtlFreeAnsiString
+    - strstr
+    - RtlUnicodeStringToAnsiString
+    - ZwEnumerateValueKey
+    - ZwOpenKey
+    - wcsncpy
+    - IoGetDeviceObjectPointer
+    - IoGetDeviceInterfaces
+    - ObReferenceObjectByPointer
+    - KeBugCheckEx
+    - IoDeleteSymbolicLink
+    - MmMapIoSpace
+    - IoDeleteDevice
+    - KeStallExecutionProcessor
+    - KeQueryPerformanceCounter
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G3
+            ValidFrom: '2012-05-01 00:00:00'
+            ValidTo: '2012-12-31 23:59:59'
+            Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
+            Version: 3
+            TBS:
+                MD5: e6d820afb23af20a65cf0b03247ea05e
+                SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
+                SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
+                SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, ST=Oregon, L=Hillsboro, O=Intel Corporation, OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, OU=LAN Access Division,
+                CN=Intel Corporation
+            ValidFrom: '2012-05-17 00:00:00'
+            ValidTo: '2015-05-30 23:59:59'
+            Signature: 285fe626bdcc91182509755ed38bee901a395d2f11b14eb7857cb9b3624afadee423a07cca07804cd51a299716b3bd127c84e6d827dd786b29964aee3b6dd0193d366813ff62ab31f61e2c37bda7a2cd4c19a877cd410dcd066acefa7013e47436b8b4270238dbf631a4907c380f2397eda3a013d8d3d006a15b581edf946d7cc16896d2af8e79981802555b12bb1b177f7e9a85c0c92b8af3d423ecbd858a1aa0d8face738f4f4934b2a0f9654db4cc1e388afad699371e83992bd317de8ae0dce9df2f6de60191af4462eca8a2ba30e8b203b68bff09f4753cfbedbf41a64f1e0cc999f90c83dc3062dd62dd46773f8e93d1051f19a29a97377c1d0bee7f39
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 2776ab5cf2d09872f1ad05fbc3f21a87
+            Version: 3
+            TBS:
+                MD5: fa13cce803fbe5b5256430f9bfee76de
+                SHA1: ce566e0c55909bbf2bb0d43280ee78b4ba3d582f
+                SHA256: 7959ee2235998f36a9cdbd9b5ef7759e5846e0eecd7e868c5f042360a25482aa
+                SHA384: 82fcff4effee6971cfc9d0d684d13479eac42b53f23590e0df172e2804ff94abc1fbf0e2b6af0cf05b099fc97cf26789
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 2776ab5cf2d09872f1ad05fbc3f21a87
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 4521e9ed78c16f8d1e49a1981dfb32eb
+        SHA1: 557230bdf881a5a09523f4b063c81e10594ee183
+        SHA256: 4d270337cbd39f54b308a8b11869c2d85075acb846ce369f90aeceb8dd87782f
+    Sections:
+        .text:
+            Entropy: 6.313310272629252
+            Virtual Size: '0x4595'
+        .rdata:
+            Entropy: 4.728842329222615
+            Virtual Size: '0x7b8'
+        .data:
+            Entropy: 0.30140680731160896
+            Virtual Size: '0x5c9ec0'
+        .pdata:
+            Entropy: 4.323928242016378
+            Virtual Size: '0x408'
+        INIT:
+            Entropy: 5.82935061954711
+            Virtual Size: '0x7a8'
+        .rsrc:
+            Entropy: 3.419370252627768
+            Virtual Size: '0x3f8'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2012-10-23 02:48:15'
+    Imphash: 55db306bc2be3ff71a6b91fd9db051b8
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: iQVW64.SYS
+    MD5: 69ba501a268f09f694ff0e8e208aa20e
+    SHA1: 3d6d53b0f1cc908b898610227b9f1b9352137aba
+    SHA256: 37c637a74bf20d7630281581a8fae124200920df11ad7cd68c14c26cc12c5ec9
+    Authentihash:
+        MD5: 61c9bc2fd776b341f21b71fb1891eb5a
+        SHA1: 9af173db51828d2a3c64d34e9120f1fd129a2359
+        SHA256: ecd6e879e5521ca4053a59ef6682a95d97f6d9ba75f313b87bd133afe5267852
+    Description: Intel(R) Network Adapter Diagnostic Driver
+    Company: 'Intel Corporation '
+    InternalName: iQVW64.SYS
+    OriginalFilename: iQVW64.SYS
+    FileVersion: '1.3.2.17 built by: WinDDK'
+    Product: Intel(R) iQVW64.SYS
+    ProductVersion: 1.3.2.17
+    Copyright: Copyright (C) 2002-2018 Intel Corporation All Rights Reserved.
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoCreateSymbolicLink
+    - IofCompleteRequest
+    - MmIsAddressValid
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - MmGetPhysicalAddress
+    - DbgPrint
+    - strncpy
+    - vsprintf
+    - IoFreeMdl
+    - MmMapLockedPagesSpecifyCache
+    - MmBuildMdlForNonPagedPool
+    - IoAllocateMdl
+    - MmUnmapIoSpace
+    - MmUnmapLockedPages
+    - MmAllocateContiguousMemory
+    - MmFreeContiguousMemory
+    - MmMapIoSpace
+    - RtlInitUnicodeString
+    - KeWaitForSingleObject
+    - IofCallDriver
+    - IoBuildSynchronousFsdRequest
+    - KeInitializeEvent
+    - ZwClose
+    - RtlFreeAnsiString
+    - strstr
+    - RtlUnicodeStringToAnsiString
+    - ZwEnumerateValueKey
+    - ZwOpenKey
+    - wcsncpy
+    - IoGetDeviceObjectPointer
+    - IoGetDeviceInterfaces
+    - ObReferenceObjectByPointer
+    - MmAllocateNonCachedMemory
+    - MmFreeNonCachedMemory
+    - KeBugCheckEx
+    - IoDeleteSymbolicLink
+    - ObfDereferenceObject
+    - IoDeleteDevice
+    - MmGetSystemRoutineAddress
+    - ZwSetSecurityObject
+    - ObOpenObjectByPointer
+    - IoDeviceObjectType
+    - IoCreateDevice
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetSaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - _snwprintf
+    - RtlLengthSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - SeExports
+    - IoIsWdmVersionAvailable
+    - _wcsnicmp
+    - RtlAddAccessAllowedAce
+    - RtlLengthSid
+    - wcschr
+    - RtlAbsoluteToSelfRelativeSD
+    - RtlSetDaclSecurityDescriptor
+    - RtlCreateSecurityDescriptor
+    - ZwCreateKey
+    - ZwQueryValueKey
+    - ZwSetValueKey
+    - RtlFreeUnicodeString
+    - KeStallExecutionProcessor
+    - KeQueryPerformanceCounter
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust
+                External CA Root
+            ValidFrom: '2013-08-15 20:26:30'
+            ValidTo: '2023-08-15 20:36:30'
+            Signature: 362ba2f2e1331fe493f7f26985c6640ec99b632fe4703798fd94ec7bcff8a14246f9ed6a4e8d34693605557a1ebbad8c99429606e925a82684bec1bf16a97caa5b04b7fdd1c0f402be28edf577c79bfe3af6e8c17bd382abfa144ecf2bcfe5d5b54840b1a38f838bad2b2553aba634cef243f74f2ce9dd1e4e5ab6bae83b10992400bc50fd78f6e523a8899493f7b74130374a57b7e644d9c9df9905aa44fc74af8264cc07cb01b609c32ee3e832a7b49f4178c7a184365462f2ec150ac8ead084f8f1e06bf456125f95e0fcddb77693fe294a25e90400f1b4110ec9849edb177df51ea58e3629193a6d6c464bd7ab7024288d05a3d9d524f2f8a0d13c8239d4a8820e693a8109fc06f0c75933843693064191232c22a5a7012b50b428aedb46b0591b86b39b87e8494e390b6d14df4c03301e1f5f74aef55b590353ec9816e0d06235751b48b87d13e57a48b87752a40798253b069b7a4e6a6f44864f144f2779273d5073414c9c413edd290c73b1c7fb1f760c176504ebd25010924149ece4067d3615446f89bf697df94d40c13a98b6a07e31d2b5aecafb53d53f5086cd5e933b6d5d7c9a3f3ff7a9255884dd114900a2c7c89e37dd778e6d718be05b81345d54baccf59347886de7ef5be228e4801b40e40f2ad17f2315655aac9994433f465526d6c4fa8895e2919aa32d0b85deac8ce0f967709f71790231f761a229c4
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 3300000035d8d5595b0671412b000000000035
+            Version: 3
+            TBS:
+                MD5: 3d488d41aaeb5661974952080abef2fd
+                SHA1: df01e35e6befc7d65625319f17397b861e618d56
+                SHA256: 3d6ef38b5d26773dc77392e415e88b3a744b30ea9f2081e2a992b5818db2f0c4
+                SHA384: ac7c06916fe4a00307834b2499f12799d3fe463c2e63d1881df669a2786745beeee2b3a7d87cd6bc9e4fe293c22e5a59
+        -   Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited,
+                CN=COMODO RSA Certification Authority
+            ValidFrom: '2000-05-30 10:48:38'
+            ValidTo: '2020-05-30 10:48:38'
+            Signature: 64bf83f15f9a85d0cdb8a129570de85af7d1e93ef276046ef15270bb1e3cff4d0d746acc818225d3c3a02a5d4cf5ba8ba16dc4540975c7e3270e5d847937401377f5b4ac1cd03bab1712d6ef34187e2be979d3ab57450caf28fad0dbe5509588bbdf8557697d92d852ca7381bf1cf3e6b86e661105b31e942d7f91959259f14ccea391714c7c470c3b0b19f6a1b16c863e5caac42e82cbf90796ba484d90f294c8a973a2eb067b239ddea2f34d559f7a6145981868c75e406b23f5797aef8cb56b8bb76f46f47bf13d4b04d89380595ae041241db28f15605847dbef6e46fd15f5d95f9ab3dbd8b8e440b3cd9739ae85bb1d8ebcdc879bd1a6eff13b6f10386f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.12
+            IsCertificateAuthority: true
+            SerialNumber: 2766ee56eb49f38eabd770a2fc84de22
+            Version: 3
+            TBS:
+                MD5: be5bfbe77379139ac5cdcbcc8d4d3b34
+                SHA1: 606b701bc9f448ddbfe6fa63ccb8061b838ee254
+                SHA256: 0d73a614eef7596cf5a34733f74daf2ccfe4df7b4a40069bf43c43e428264177
+                SHA384: 7ce102d63c57cb48f80a65d1a5e9b350a7a618482aa5a36775323ca933ddfcb00def83796a6340dec5ebf7596cfd8e5d
+        -   Subject: C=US, ST=CA, L=Santa Clara, O=Intel Corporation, OU=ND, CN=Intel(R)
+                INTELND1820
+            ValidFrom: '2018-08-09 21:34:08'
+            ValidTo: '2020-08-08 21:34:08'
+            Signature: 714c055fff1a2bd770c1b7103eb47360ca789a29c9e4a59a9050dd5f9b20d559fa927bd5a6a7bb8e90be3324862edbe148f96f164427cd86b7c99ef8e972368a3aad8789e77ad0787ca5361a940eceb6b575a78655040f4104ddc57610bb1045c9aa03f3044b67c067a57c1d2dcf6be9969ce946684d131c1f8e750ddde70bf6740ea6c912945b8aea873d8a2653180e02fa8cd0803d617f6bc1a432d3dd39ee49cb520959cffcab34bf6deba98ce8a8eba46eec31a34a075e1269c8cf68fe8d70b17e72c83206ca40797c51997ee0521ed3ebf4f20fb5a8c48c93722362f65ffb68f49325f479e30b398938d8b87a8adfe0d8c1e68b0be9de1d11dca8aca582ba3a568c0f94b344c0cc5acd6b13870baf515fe169110c33d54f5e475272e485e949bf8f6dd4c7306bc32859dbbcde89228d1f92a7b9a0b20dd88097f76a19e6149afa28fb25574f9885252460aadb51be7695a59f13fe307a8346f4cf54f36b94dd1d8d082747f9869da38daed9301a20e728f7562dd789b52e11d061800bf8eb5bfce47c114b939ed0787760bb530a86585de6b79927216dfadc3b6ab3234b94e3069feedfcac8adfa9ab3f910104f32fb18a44c90a8b9dab58915cccf8ce134bcb39a9eb4ddc158607cccbce0cfb7f23506fc40b99d3c79b6de258c7c1734e29abae3a2330cf45871fc0dd444abbe8057a27b67cb4467f5bfd199d4ddedb7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 560000077b478c76c9afcafcaf00000000077b
+            Version: 3
+            TBS:
+                MD5: f3eba8fe0d2dd1bc861e0b0e6e23d96e
+                SHA1: bce46695d618b69de8a4bb5ebede302378c1aebb
+                SHA256: 5de689926c95c269de72cd6edf9cad152c5ce41729dfc7835607b9b1182fe66e
+                SHA384: 348401b8898e24fd502451c161739c56eecd8f5a8159045b1fc312dd636174aba9627306025387736bf478ade2b773a0
+        -   Subject: C=US, ST=CA, L=Santa Clara, O=Intel Corporation, CN=Intel External
+                Issuing CA 7B
+            ValidFrom: '2015-10-28 00:00:00'
+            ValidTo: '2021-06-17 23:59:59'
+            Signature: 35bb03eacc9b601a13d075528e8095454e9ebf6ec0bb64aac36eb1021d465e2fe82f48cc8410f7ad993bfffa856829b0d37c31e21ab47bc166e2a53bc729189835ae6301a845209561db104db90d6bd39964ce5f8bb86c1346a06e5a0d3ee790ebb731a121f58dde3b7b6936f10800b9aabf1c566156d7cc923f29d4d96bd8222f0e56f56ad146e8808f397a923c6748b7e2fa190f3767e2df292d02aa43282eae2c464224be6dbb6a8849a64c20dfe5654ffae1c1be71d5f85ef59d6692b23b64e1e8aeac995517bddb1bdfa0934f3f56f23b83d5d2b7c1085a524042e33e9120f735b491f04de134694879c0ed30c9931a84d572198f6d8039f459ab2016d8f9ff7026237becc50033227c3d203aedb428bc7a810ce70bc13f7c300c4e50b8670fd76417b7c3c52085ca8fced5262a1254b9ff22f8a8273cca0e853714ee02e52f66156263876a5ecf29d3b89178b76172177bc119a6180822dad09125f606090926b02dac808874335fc7e044c1309976d877b14701ef69922bedae582963a0358ee41db704f1da3ab23280b1c8bcf0e70f71007a333a06e8a4d879d9d953cd9bfeb2685b8884856b0771d04f930a0760033408d273bf141adfe3c7041b2d999e931c95b38798425a1c916352398a8f4a2ac24c7b70693a3cf1fb2fff0e0a8794e4016acf9bb41fa30ea9ea2adcaf2b8c4401fd3a587d3278a219d5c974c5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.12
+            IsCertificateAuthority: true
+            SerialNumber: 069b5e99277284c8767f1368a7deb0f3
+            Version: 3
+            TBS:
+                MD5: 5578c7331db18bb448db403ad32c94ee
+                SHA1: dfcfe5d6087cf830513d705aa701ff957d960298
+                SHA256: 5b619f82064ace7ecf48d26ce8ae6fa3b52671915fa81ee81cddbe740dd8698b
+                SHA384: 5fa042c979faba67de861093b4aca808ae4be0fcedf123cb8afe126856c0b6ac3451393048211db8993914c5ff410bd8
+        Signer:
+        -   SerialNumber: 560000077b478c76c9afcafcaf00000000077b
+            Issuer: C=US, ST=CA, L=Santa Clara, O=Intel Corporation, CN=Intel External
+                Issuing CA 7B
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 84dfb7245aa6b7f3efec05cfa6559636
+        SHA1: 695bd45c0e89dcb58253e90c9a43400b03ae2202
+        SHA256: 3ff178ffbb2c17ce7c3a02ef5943ddf3b580e3e28f6cc59775c5369062a0b9ab
+    Sections:
+        .text:
+            Entropy: 6.2614381305981635
+            Virtual Size: '0x4945'
+        .rdata:
+            Entropy: 4.781156413274236
+            Virtual Size: '0xed0'
+        .data:
+            Entropy: 1.1262035268835313
+            Virtual Size: '0x5ca0a0'
+        .pdata:
+            Entropy: 4.658699009524359
+            Virtual Size: '0x678'
+        PAGE:
+            Entropy: 6.1261566082145595
+            Virtual Size: '0x1b71'
+        INIT:
+            Entropy: 5.7698100081018655
+            Virtual Size: '0xb4c'
+        .rsrc:
+            Entropy: 3.4436811351467087
+            Virtual Size: '0x3f8'
+        .reloc:
+            Entropy: 1.2072398645622464
+            Virtual Size: '0x60'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2018-09-17 03:18:08'
+    Imphash: 2cf48a541dc193e91bb2a831adcf278e
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: iQVW64.SYS
+    MD5: de4001f89ed139d1ed6ae5586d48997a
+    SHA1: cb212a826324909fdedd2b572a59a5be877f1d7d
+    SHA256: 4d0580c20c1ba74cf90d44c82d040f0039542eea96e4bbff3996e6760f457cee
+    Authentihash:
+        MD5: b962ae9f688f5a0fc864e3b64a8fa443
+        SHA1: f6e5a0c338354dfbd1a9170fb9bd71123db5ac3b
+        SHA256: ee625d1910f91fc9e79237bd60b0ee5efb85c7f859922f30e4434db6cd50fa9b
+    Description: Intel(R) Network Adapter Diagnostic Driver
+    Company: 'Intel Corporation '
+    InternalName: iQVW64.SYS
+    OriginalFilename: iQVW64.SYS
+    FileVersion: '1.03.0.4 built by: WinDDK'
+    Product: Intel(R) iQVW64.SYS
+    ProductVersion: 1.03.0.4
+    Copyright: Copyright (C) 2002-2006 Intel Corporation All Rights Reserved.
+    MachineType: IA64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - KeGetCurrentIrql
+    - DbgPrint
+    - sprintf
+    - vsprintf
+    - IoFreeMdl
+    - MmMapLockedPages
+    - MmBuildMdlForNonPagedPool
+    - IoAllocateMdl
+    - MmUnmapIoSpace
+    - MmUnmapLockedPages
+    - MmAllocateContiguousMemory
+    - MmFreeContiguousMemory
+    - MmMapIoSpace
+    - ObfDereferenceObject
+    - KeWaitForSingleObject
+    - MmGetPhysicalAddress
+    - IoBuildSynchronousFsdRequest
+    - KeInitializeEvent
+    - ZwClose
+    - RtlFreeAnsiString
+    - strstr
+    - RtlUnicodeStringToAnsiString
+    - ZwEnumerateValueKey
+    - ZwOpenKey
+    - wcsncpy
+    - IoGetDeviceObjectPointer
+    - IoGetDeviceInterfaces
+    - ObReferenceObjectByPointer
+    - KeTickCount
+    - KeBugCheckEx
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - RtlInitUnicodeString
+    - IoDeleteSymbolicLink
+    - IofCallDriver
+    - IoDeleteDevice
+    - KeStallExecutionProcessor
+    - WRITE_PORT_ULONG
+    - WRITE_PORT_USHORT
+    - WRITE_PORT_UCHAR
+    - READ_PORT_ULONG
+    - READ_PORT_USHORT
+    - READ_PORT_UCHAR
+    - KeQueryPerformanceCounter
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2008-12-03 23:59:59'
+            Signature: 877870da4e5201205be079c98230c4fdb91996bd9100c3bdcdcdc6f40ed8fff94dc033623011c5f5741bd492de5f9c2013b17c45be50cd83e7801783a72793671346fbcab8984103cc9b515b058b7fa86ff31b501b242ef2698d6c22f7bbca1695ed0c74c06877d9eb996287c17390f889747a23aba3987b97b1f78f29714d2e751b4841daf0b50d2054d677a097826369fd09cf8af075bb099bd9f91155269a6132be7a02b07b86bea2c38b222c78d13576bc92735cf9b9e64c150a23cce4d2d4342e4940153c0f607a24c6a566ef96cf70eb3ee7f40d7edcd17ca3767169c19c4f47303521b1a2af1a623c2bd98eaa2a077bd818b35c7be29da56ffe3c89ad
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0de92bf0d4d82988183205095e9a7688
+            Version: 3
+            TBS:
+                MD5: 45c204b8a20f6abb0188d2d38a3fb0c9
+                SHA1: cdf3a3c5c2eda4c29621f30fd3154f9f8c765739
+                SHA256: e32839dddc0f4ed2474efaf37f59d46db400c700fd19533cb0895a111124bc77
+                SHA384: ee9c75832cb252218b3201619852209df490d2ef7a5f7a28afdb37f1c1dd56f4604898838e558f615b1c798d4a488223
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=US, ST=Oregon, L=Hillsboro, O=Intel Corporation, OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, OU=LAN Access Division,
+                CN=Intel Corporation
+            ValidFrom: '2006-04-17 00:00:00'
+            ValidTo: '2009-05-31 23:59:59'
+            Signature: 1c9c5e1020ecb0b42a91db52dd24e367787824834a64266a853e2e606da460488ac331c35600c43713d44df9a63e354c802f6fd18393206067cb6386f02d31c9b1ec0cf22d2067dc3add71bcb23063436822b69c31e1aa9c236e1111651ba67adf5fa784b98a264a33e03e61bb7e5b3e47152ce5d4d4918ca92bfc581063b1c83777480f29f7c02f08f47078e95e0eca268714fd9e5cce7a381bcfcd55918af45d3e3b1f2a82846df292a4a2ac99e94fb5df00b73cf90968b2d47789bf10f6673b4e5c3b6631eedc336a2aa1b6de1fc3dda1d26b10c9d9c4bb92ceff38b0e49c0939a9d5b179f0d1cf7251406b473381c79bf4fa9670d6c6325a7f9909ae0b63
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 65680c783b728ab2a1880df4232ded32
+            Version: 3
+            TBS:
+                MD5: 9d44550dc9e1d18ef155513f85ab1f12
+                SHA1: 5f3d3da7374d8edbe4b2a2534c07682861458b3c
+                SHA256: 12d4c385c0c5e927fc876523b6874918232c08fdaff8e96e230e622b0841df00
+                SHA384: 165909cf2d34f32ea49a96d98d2c59d6eaad7a8bfe85f6e34d9da3fa79f40b31e4a88d3040558b876f2154c8970b41c4
+        Signer:
+        -   SerialNumber: 65680c783b728ab2a1880df4232ded32
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 8007fd3858325a29ea818653b1ceb33c
+        SHA1: acaff2a453f47e14cf2a396ee2e6ca8cbc5801b7
+        SHA256: d95fe490f0c27ddb18fe210abef87a55a90d70c1c3fc71319e0f05ae06894b29
+    Sections:
+        .text:
+            Entropy: 5.474712044858714
+            Virtual Size: '0x9650'
+        .rdata:
+            Entropy: 3.609079674230226
+            Virtual Size: '0x1268'
+        .pdata:
+            Entropy: 3.954637417465344
+            Virtual Size: '0x3e4'
+        .srdata:
+            Entropy: 2.416721292937625
+            Virtual Size: '0x298'
+        .sdata:
+            Entropy: 2.4838136736919543
+            Virtual Size: '0x1b0'
+        .data:
+            Entropy: 1.0629748059111717
+            Virtual Size: '0x5bb060'
+        INIT:
+            Entropy: 5.613442587283406
+            Virtual Size: '0x92a'
+        .rsrc:
+            Entropy: 3.4112316573365282
+            Virtual Size: '0x3f8'
+        .reloc:
+            Entropy: 0.5046360681325445
+            Virtual Size: '0x1170'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2007-02-13 16:23:41'
+    Imphash: a793af44219650b4dd07d8a19ede33f1
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: iQVW64.SYS
+    MD5: 5adebdb94abb4c76dad2b7ecb1384a9d
+    SHA1: 1e8bccbd74f194db6411011017716c8c6b730d03
+    SHA256: 57a389da784269bb2cc0a258500f6dfbf4f6269276e1192619ce439ec77f4572
+    Authentihash:
+        MD5: 772d513b311dd6ff2ded105980a7f92a
+        SHA1: 5db96ed94e2e32cf82f38724f8715fd775e0ebff
+        SHA256: 94b42f99cb2ac4db601a3759afe374168bad1714bd48662d74fed69099517a65
+    Description: Intel(R) Network Adapter Diagnostic Driver
+    Company: 'Intel Corporation '
+    InternalName: iQVW64.SYS
+    OriginalFilename: iQVW64.SYS
+    FileVersion: '1.03.0.4 built by: WinDDK'
+    Product: Intel(R) iQVW64.SYS
+    ProductVersion: 1.03.0.4
+    Copyright: Copyright (C) 2002-2006 Intel Corporation All Rights Reserved.
+    MachineType: IA64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - KeGetCurrentIrql
+    - DbgPrint
+    - sprintf
+    - vsprintf
+    - IoFreeMdl
+    - MmMapLockedPages
+    - MmBuildMdlForNonPagedPool
+    - IoAllocateMdl
+    - MmUnmapIoSpace
+    - MmUnmapLockedPages
+    - MmAllocateContiguousMemory
+    - MmFreeContiguousMemory
+    - MmMapIoSpace
+    - ObfDereferenceObject
+    - KeWaitForSingleObject
+    - MmGetPhysicalAddress
+    - IoBuildSynchronousFsdRequest
+    - KeInitializeEvent
+    - ZwClose
+    - RtlFreeAnsiString
+    - strstr
+    - RtlUnicodeStringToAnsiString
+    - ZwEnumerateValueKey
+    - ZwOpenKey
+    - wcsncpy
+    - IoGetDeviceObjectPointer
+    - IoGetDeviceInterfaces
+    - ObReferenceObjectByPointer
+    - KeTickCount
+    - KeBugCheckEx
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - RtlInitUnicodeString
+    - IoDeleteSymbolicLink
+    - IofCallDriver
+    - IoDeleteDevice
+    - KeStallExecutionProcessor
+    - WRITE_PORT_ULONG
+    - WRITE_PORT_USHORT
+    - WRITE_PORT_UCHAR
+    - READ_PORT_ULONG
+    - READ_PORT_USHORT
+    - READ_PORT_UCHAR
+    - KeQueryPerformanceCounter
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2008-12-03 23:59:59'
+            Signature: 877870da4e5201205be079c98230c4fdb91996bd9100c3bdcdcdc6f40ed8fff94dc033623011c5f5741bd492de5f9c2013b17c45be50cd83e7801783a72793671346fbcab8984103cc9b515b058b7fa86ff31b501b242ef2698d6c22f7bbca1695ed0c74c06877d9eb996287c17390f889747a23aba3987b97b1f78f29714d2e751b4841daf0b50d2054d677a097826369fd09cf8af075bb099bd9f91155269a6132be7a02b07b86bea2c38b222c78d13576bc92735cf9b9e64c150a23cce4d2d4342e4940153c0f607a24c6a566ef96cf70eb3ee7f40d7edcd17ca3767169c19c4f47303521b1a2af1a623c2bd98eaa2a077bd818b35c7be29da56ffe3c89ad
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0de92bf0d4d82988183205095e9a7688
+            Version: 3
+            TBS:
+                MD5: 45c204b8a20f6abb0188d2d38a3fb0c9
+                SHA1: cdf3a3c5c2eda4c29621f30fd3154f9f8c765739
+                SHA256: e32839dddc0f4ed2474efaf37f59d46db400c700fd19533cb0895a111124bc77
+                SHA384: ee9c75832cb252218b3201619852209df490d2ef7a5f7a28afdb37f1c1dd56f4604898838e558f615b1c798d4a488223
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=US, ST=Oregon, L=Hillsboro, O=Intel Corporation, OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, OU=LAN Access Division,
+                CN=Intel Corporation
+            ValidFrom: '2006-04-17 00:00:00'
+            ValidTo: '2009-05-31 23:59:59'
+            Signature: 1c9c5e1020ecb0b42a91db52dd24e367787824834a64266a853e2e606da460488ac331c35600c43713d44df9a63e354c802f6fd18393206067cb6386f02d31c9b1ec0cf22d2067dc3add71bcb23063436822b69c31e1aa9c236e1111651ba67adf5fa784b98a264a33e03e61bb7e5b3e47152ce5d4d4918ca92bfc581063b1c83777480f29f7c02f08f47078e95e0eca268714fd9e5cce7a381bcfcd55918af45d3e3b1f2a82846df292a4a2ac99e94fb5df00b73cf90968b2d47789bf10f6673b4e5c3b6631eedc336a2aa1b6de1fc3dda1d26b10c9d9c4bb92ceff38b0e49c0939a9d5b179f0d1cf7251406b473381c79bf4fa9670d6c6325a7f9909ae0b63
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 65680c783b728ab2a1880df4232ded32
+            Version: 3
+            TBS:
+                MD5: 9d44550dc9e1d18ef155513f85ab1f12
+                SHA1: 5f3d3da7374d8edbe4b2a2534c07682861458b3c
+                SHA256: 12d4c385c0c5e927fc876523b6874918232c08fdaff8e96e230e622b0841df00
+                SHA384: 165909cf2d34f32ea49a96d98d2c59d6eaad7a8bfe85f6e34d9da3fa79f40b31e4a88d3040558b876f2154c8970b41c4
+        Signer:
+        -   SerialNumber: 65680c783b728ab2a1880df4232ded32
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 8007fd3858325a29ea818653b1ceb33c
+        SHA1: acaff2a453f47e14cf2a396ee2e6ca8cbc5801b7
+        SHA256: d95fe490f0c27ddb18fe210abef87a55a90d70c1c3fc71319e0f05ae06894b29
+    Sections:
+        .text:
+            Entropy: 5.474603753371456
+            Virtual Size: '0x9650'
+        .rdata:
+            Entropy: 3.6134847275970596
+            Virtual Size: '0x1268'
+        .pdata:
+            Entropy: 3.954637417465344
+            Virtual Size: '0x3e4'
+        .srdata:
+            Entropy: 2.416721292937625
+            Virtual Size: '0x298'
+        .sdata:
+            Entropy: 2.4838136736919543
+            Virtual Size: '0x1b0'
+        .data:
+            Entropy: 1.0629748059111717
+            Virtual Size: '0x5bb060'
+        INIT:
+            Entropy: 5.611516822868356
+            Virtual Size: '0x92a'
+        .rsrc:
+            Entropy: 3.4112316573365282
+            Virtual Size: '0x3f8'
+        .reloc:
+            Entropy: 0.5046360681325445
+            Virtual Size: '0x1170'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2007-05-24 00:36:30'
+    Imphash: a793af44219650b4dd07d8a19ede33f1
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: iQVW64.SYS
+    MD5: b32497762d916dba6c827e31205b67dd
+    SHA1: 9310239b75394b75a963336fbd154038fc13c4e3
+    SHA256: 5f6547e9823f94c5b94af1fb69a967c4902f72b6e0c783804835e6ce27f887b0
+    Authentihash:
+        MD5: b08ec7710e9596bf9389b458b4f9717b
+        SHA1: d544c1dfd17aee4bf15dc4aa8d5208fe304f4eb4
+        SHA256: b261d4065c03dcc732a951a9451b3a9f6054899eb3b8a4062dfed1c0ca3f3755
+    Description: Intel(R) Network Adapter Diagnostic Driver
+    Company: 'Intel Corporation '
+    InternalName: iQVW64.SYS
+    OriginalFilename: iQVW64.SYS
+    FileVersion: '1.3.2.13 built by: WinDDK'
+    Product: Intel(R) iQVW64.SYS
+    ProductVersion: 1.3.2.13
+    Copyright: Copyright (C) 2002-2017 Intel Corporation All Rights Reserved.
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoCreateSymbolicLink
+    - IofCompleteRequest
+    - MmIsAddressValid
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - MmGetPhysicalAddress
+    - DbgPrint
+    - strncpy
+    - vsprintf
+    - IoFreeMdl
+    - MmMapLockedPagesSpecifyCache
+    - MmBuildMdlForNonPagedPool
+    - IoAllocateMdl
+    - MmUnmapIoSpace
+    - MmUnmapLockedPages
+    - MmAllocateContiguousMemory
+    - MmFreeContiguousMemory
+    - MmMapIoSpace
+    - RtlInitUnicodeString
+    - KeWaitForSingleObject
+    - IofCallDriver
+    - IoBuildSynchronousFsdRequest
+    - KeInitializeEvent
+    - ZwClose
+    - RtlFreeAnsiString
+    - strstr
+    - RtlUnicodeStringToAnsiString
+    - ZwEnumerateValueKey
+    - ZwOpenKey
+    - wcsncpy
+    - IoGetDeviceObjectPointer
+    - IoGetDeviceInterfaces
+    - ObReferenceObjectByPointer
+    - MmAllocateNonCachedMemory
+    - MmFreeNonCachedMemory
+    - KeBugCheckEx
+    - IoDeleteSymbolicLink
+    - ObfDereferenceObject
+    - IoDeleteDevice
+    - MmGetSystemRoutineAddress
+    - ZwSetSecurityObject
+    - ObOpenObjectByPointer
+    - IoDeviceObjectType
+    - IoCreateDevice
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetSaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - _snwprintf
+    - RtlLengthSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - SeExports
+    - IoIsWdmVersionAvailable
+    - _wcsnicmp
+    - RtlAddAccessAllowedAce
+    - RtlLengthSid
+    - wcschr
+    - RtlAbsoluteToSelfRelativeSD
+    - RtlSetDaclSecurityDescriptor
+    - RtlCreateSecurityDescriptor
+    - ZwCreateKey
+    - ZwQueryValueKey
+    - ZwSetValueKey
+    - RtlFreeUnicodeString
+    - KeStallExecutionProcessor
+    - KeQueryPerformanceCounter
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=CA, L=Santa Clara, O=Intel Corporation, CN=Intel(R)
+                INTELND1617
+            ValidFrom: '2016-09-22 20:33:26'
+            ValidTo: '2017-09-22 20:33:26'
+            Signature: 58a551acbb46f94e4e69d0dba0bc403d4290ce875c9acf2e6d12020b912d9e0d32875d781c9708fe33ac9ccdeb2bed9145239dd5801cdb9b3bb6fb13cd2faabe50bef817958fbc3da7ae52cf26d0479f7719ca250c3b16a656d91306585d5fdac2ba2f6c1c79aa27c658b15b65782eff638d7a35fdf339431c5781f5097a0a6ea06548d565f2a1242132e946117a7655258902642ade6bdccfc16de3076e8793f72f54a350311120a32012b3867e96be72615d1958972a76672007236bbe386630bbeea96c1eedc9ad9e0a37c552359fdbaf315f2d180e9c5b62f32cb870d1c87600da28fd67a0574e86be564e80ac8918a6fba69a1a151020d4af214528127f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 330000ba45a7f4234edca115e400020000ba45
+            Version: 3
+            TBS:
+                MD5: fd23f7497ae36eb7eaaff376598e060b
+                SHA1: e6b5f8479757625ad54c8a3fe9819feb2dde06fe
+                SHA256: 3e8e8357b13852cc90263d6ca1243a65555fe1840a26b8b71f45c426e90ee70f
+                SHA384: 4aa328888abed813d9e0fc7c81bd5404b4cc213148b1394220091695322b27a860442b5199124a682c9b7cf10c1922ef
+        -   Subject: C=US, ST=CA, L=Santa Clara, O=Intel Corporation, CN=Intel External
+                Basic Issuing CA 3B
+            ValidFrom: '2013-02-08 22:21:23'
+            ValidTo: '2018-02-08 22:31:23'
+            Signature: 47bb93e603b1d9570eff60e90fc75e86e623f7defa6dc27732ef23f68fcc6f2572d4a94bad11a273bb8bd2b7b8879474890ccc5cea3a9ac0753a97597c22003d7ac7c55be8d49313ec8f94cda833dfa4d79aa1c8d8a3b4497e173a02e96656978d16b470abbc6b1048e7457b13c74d05bca02c0516be067ef679678f9c3454e67eea197714f19d3b55e4339f69bba7a72254512c677d0452aa7b66dea96aad8ca15c7939cd1c85ec890699854627a001576e93365145e15a3a59af5b41f9709dc4160e05e795b401b4931a590b8a31f7b648c86af6228c9e92286fa893b4a772533ada2cfad43dbf09237fdfcc652ad091aa5031c865f53858d4b39be6311008
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 612cff88000100000010
+            Version: 3
+            TBS:
+                MD5: da9a02953cdcc039174d11b07dd2967d
+                SHA1: 568cfca269ff49615d305e680988337f0a90bc32
+                SHA256: fad628f5236458a9116a99f2d64fb9131a28f9942fca6239a5e7be0dddf4ce9f
+                SHA384: 5edeab0248f63cdc4c10b748618cd6fa4aa53ffb0ddfd51a2e35de2ea55a56822aa53fa734a46705655e8f5878b24ffd
+        -   Subject: C=US, O=Intel Corporation, CN=Intel External Basic Policy CA
+            ValidFrom: '2013-02-01 00:00:00'
+            ValidTo: '2020-05-30 10:48:38'
+            Signature: 586fbfcd43074213fcb8d0ad8121f28a6fef87bc268a7c00bd680c2b19642c1167b3a9d9790aac395d6500163b53466ea2a6b56799dbe8bfa225ae049511093a2fdeacb73db8bc017430804748544ca0fb6ba8b8a284b7f434e57bcedc5278f4316d4251ae87bf94acbe9616fb55e5798264fdac5038e4dccb812ce7776f9d9b235c7d0403f4079e7ed457e266944debb55c5c629e8c2d83e64614e2a11380fddae0862711922bbd87174fcb19184b5e8ce60dd98f7d23766fa4ffa0ba3de36d37d62638e81a9c2392c8561f1a1a8e00d633a66b95fa821e740b0fa486df23337c9e3614b35ce2a3ed48a08e28f1d74cf6c09bb4f53ca3e5a863a22c08a5d5fe
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 79174aa9141736fe15a7ca9f2cff4588
+            Version: 3
+            TBS:
+                MD5: 6ce466d55ab160317ee9b13522c2a82a
+                SHA1: 53b052ba209c525233293274854b264bc0f68b73
+                SHA256: f71790e057380a0cbafdfc25bc8b3dafd6cfbeb01077bb3d8194e91254a2fc9b
+                SHA384: c0cc37f9505ff2bab958c8ef1ea94736efae52bcf5948c866446c46b64fb9f5e603fbad4bc70270ae74e58ac8ab055f9
+        -   Subject: C=BM, O=QuoVadis Limited, CN=QuoVadis Issuing CA G4
+            ValidFrom: '2014-05-30 16:35:55'
+            ValidTo: '2021-03-17 18:33:33'
+            Signature: b9f61352b517a72a4d84774309a4dba067b4600e42f403bdc4ff2c5a0f902e78c563c84aec27f67ce429d0cf6018fa6822da0252760df21754c6f6081ea1cc82e4c33a6d99227cc4c077b4e6052047934039cfdc55adc346af294d799c644c205f8a1c56fc46a05fcb98dd917a39b4afc477996b9eacde6f2d79ea7fd7132498521cfd693eed72ac3fd0b4011914edb0f0cbf39c5114238cc7dc697d328196e41d478f017694833e888d925b1858986903c7f5d3f2615250eb34a0fd2630300fb5fd70e7272c370b1cf3e71ea62c0743b64b885e971fc1307d60642af30c7068445163599fdb57c21fff80e5c21192d82fefd51743ff642d64845c521a63c267
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 69b2d1ccf02e20dcc95c62894f7f9e5f5fc057bf
+            Version: 3
+            TBS:
+                MD5: 4e0fbd79a99e4a55f97ef41efee38a9f
+                SHA1: 114f36d5f22b84de97893469fc00b7035b3ef734
+                SHA256: f6dd9683708786a413d4d6a3661fa4e4aeb328adbd181b398b5b6aa02bb0bc16
+                SHA384: a26fe570a01b0e15cf94b41ce48ebd39ed9e9d18493d4c117f0fbb5a5b33ed8ef06c069b9638dda957547f0b0645e447
+        -   Subject: C=US, ST=CA, L=Santa Clara, O=Intel Corporation, OU=Thales TSS
+                ESN:E892,D055,162F, OU=Thales TSS ESN:E892,D055,162F, CN=timestamp.intel.com
+            ValidFrom: '2015-04-24 21:46:24'
+            ValidTo: '2018-04-24 21:46:23'
+            Signature: 8047f4f1adda6f2972314a83957d8317eaac6de7c512ffd6069d24346b58a697a0722a7e8f6fb1a3825f077b4115dcb2003b12b1e9cd47c2bce88061e702768706f101c55154b860d71ae231242724ec4e09a87e776f3b4ec14a432dd51da06908b867d874759885bdba067703d65975f064df053453abeaff8f46cc7f0dbf7a7f7771155314da26284645114a4b457556b9b86a7e6d656f6d5d07ad51c212a336d392a18508484a89594bf9433cc56f4a28f13cbb8c07911bbe7688519f20e4ee85acd6bcb40655e0e2d120af74a61f059d57fc51e7897c4b4c495d7e58b7a53f9f6e60ec746ffc1c83e50bb90b31f78c4623d0d3c6cabd94b092173f6d92493ea4109bef62b451cdd34855970eb7d46eff53faa9a5dfa86ce6827b4c6239ad91a6043965b86ded234fb7df1c1dd1999fb3f40cba71be3b0fdaf27b52094b4327aa4b0465dff988dfbaed910b737a4ef098c661896f0db44a438acd6ae50f2d8d52ab07b20bd11f7577a253a41d891bf853ba5d3900a496cdc1913eb3279ad47c07e02e0477afd8f1afbaa91ea4397e65a660baece3779e44a9db7638b84b76afdd6f42dcc7f5df4ede64b4dad08039849784a2faefe3537f587499af729480c29214c9cb5c7c58afd5a474ee319a892dc603d522fd5e588369f322c15c8dcd8848ecf1d203c48434736573ed50266127bd3b2a97189c05bb1bb70ff394ce11
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 28a11e74fc0b8754580f50954c47c94e67754f28
+            Version: 3
+            TBS:
+                MD5: 990afc9a12be270c0fa6921df0223974
+                SHA1: a7025b6889dbdeb4c6770d524d4c80a0a75da5df
+                SHA256: 6eb4cfbd4f50e31ece8b34937025ca350330cb25367a401a5665e68159b47f13
+                SHA384: 287f1afb51c586f323b8f42bd6e269051c3aabfd1aaa084650d4d35a42a122489b2cb634c6842981273da17c3d6c8c1d
+        -   Subject: C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust
+                External CA Root
+            ValidFrom: '2013-08-15 20:26:30'
+            ValidTo: '2023-08-15 20:36:30'
+            Signature: 362ba2f2e1331fe493f7f26985c6640ec99b632fe4703798fd94ec7bcff8a14246f9ed6a4e8d34693605557a1ebbad8c99429606e925a82684bec1bf16a97caa5b04b7fdd1c0f402be28edf577c79bfe3af6e8c17bd382abfa144ecf2bcfe5d5b54840b1a38f838bad2b2553aba634cef243f74f2ce9dd1e4e5ab6bae83b10992400bc50fd78f6e523a8899493f7b74130374a57b7e644d9c9df9905aa44fc74af8264cc07cb01b609c32ee3e832a7b49f4178c7a184365462f2ec150ac8ead084f8f1e06bf456125f95e0fcddb77693fe294a25e90400f1b4110ec9849edb177df51ea58e3629193a6d6c464bd7ab7024288d05a3d9d524f2f8a0d13c8239d4a8820e693a8109fc06f0c75933843693064191232c22a5a7012b50b428aedb46b0591b86b39b87e8494e390b6d14df4c03301e1f5f74aef55b590353ec9816e0d06235751b48b87d13e57a48b87752a40798253b069b7a4e6a6f44864f144f2779273d5073414c9c413edd290c73b1c7fb1f760c176504ebd25010924149ece4067d3615446f89bf697df94d40c13a98b6a07e31d2b5aecafb53d53f5086cd5e933b6d5d7c9a3f3ff7a9255884dd114900a2c7c89e37dd778e6d718be05b81345d54baccf59347886de7ef5be228e4801b40e40f2ad17f2315655aac9994433f465526d6c4fa8895e2919aa32d0b85deac8ce0f967709f71790231f761a229c4
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 3300000035d8d5595b0671412b000000000035
+            Version: 3
+            TBS:
+                MD5: 3d488d41aaeb5661974952080abef2fd
+                SHA1: df01e35e6befc7d65625319f17397b861e618d56
+                SHA256: 3d6ef38b5d26773dc77392e415e88b3a744b30ea9f2081e2a992b5818db2f0c4
+                SHA384: ac7c06916fe4a00307834b2499f12799d3fe463c2e63d1881df669a2786745beeee2b3a7d87cd6bc9e4fe293c22e5a59
+        Signer:
+        -   SerialNumber: 330000ba45a7f4234edca115e400020000ba45
+            Issuer: C=US, ST=CA, L=Santa Clara, O=Intel Corporation, CN=Intel External
+                Basic Issuing CA 3B
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 84dfb7245aa6b7f3efec05cfa6559636
+        SHA1: 695bd45c0e89dcb58253e90c9a43400b03ae2202
+        SHA256: 3ff178ffbb2c17ce7c3a02ef5943ddf3b580e3e28f6cc59775c5369062a0b9ab
+    Sections:
+        .text:
+            Entropy: 6.26149486344197
+            Virtual Size: '0x4945'
+        .rdata:
+            Entropy: 4.781728512805813
+            Virtual Size: '0xed0'
+        .data:
+            Entropy: 1.1262035268835313
+            Virtual Size: '0x5ca0a0'
+        .pdata:
+            Entropy: 4.658699009524359
+            Virtual Size: '0x678'
+        PAGE:
+            Entropy: 6.1261566082145595
+            Virtual Size: '0x1b71'
+        INIT:
+            Entropy: 5.769261214042255
+            Virtual Size: '0xb4c'
+        .rsrc:
+            Entropy: 3.439744127272693
+            Virtual Size: '0x3f8'
+        .reloc:
+            Entropy: 1.2072398645622464
+            Virtual Size: '0x60'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2017-04-03 09:14:26'
+    Imphash: 2cf48a541dc193e91bb2a831adcf278e
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: iQVW64.SYS
+    MD5: ca6931fcbc1492d7283aa9dc0149032e
+    SHA1: 45a9f95a7a018925148152b888d09d478d56bbf5
+    SHA256: 5f69d6b167a1eeca3f6ac64785c3c01976ee7303171faf998d65852056988683
+    Authentihash:
+        MD5: 5617c10f9fb9e09aba8657adb2c05b07
+        SHA1: b4d869e7b3be6f0ae0113b05bc5358b955e2f6d4
+        SHA256: 08209cd92723526d56863e89f283750e2ee57c69db37ae501aa889c0c60bb552
+    Description: Intel(R) Network Adapter Diagnostic Driver
+    Company: 'Intel Corporation '
+    InternalName: iQVW64.SYS
+    OriginalFilename: iQVW64.SYS
+    FileVersion: '1.03.2.7 built by: WinDDK'
+    Product: Intel(R) iQVW64.SYS
+    ProductVersion: 1.03.2.7
+    Copyright: Copyright (C) 2002-2016 Intel Corporation All Rights Reserved.
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoCreateSymbolicLink
+    - IofCompleteRequest
+    - MmIsAddressValid
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - MmGetPhysicalAddress
+    - DbgPrint
+    - strncpy
+    - vsprintf
+    - IoFreeMdl
+    - MmMapLockedPagesSpecifyCache
+    - MmBuildMdlForNonPagedPool
+    - IoAllocateMdl
+    - MmUnmapIoSpace
+    - MmUnmapLockedPages
+    - MmAllocateContiguousMemory
+    - MmFreeContiguousMemory
+    - MmMapIoSpace
+    - RtlInitUnicodeString
+    - KeWaitForSingleObject
+    - IofCallDriver
+    - IoBuildSynchronousFsdRequest
+    - KeInitializeEvent
+    - ZwClose
+    - RtlFreeAnsiString
+    - strstr
+    - RtlUnicodeStringToAnsiString
+    - ZwEnumerateValueKey
+    - ZwOpenKey
+    - wcsncpy
+    - IoGetDeviceObjectPointer
+    - IoGetDeviceInterfaces
+    - ObReferenceObjectByPointer
+    - MmAllocateNonCachedMemory
+    - MmFreeNonCachedMemory
+    - KeBugCheckEx
+    - IoDeleteSymbolicLink
+    - ObfDereferenceObject
+    - IoDeleteDevice
+    - MmGetSystemRoutineAddress
+    - ZwSetSecurityObject
+    - ObOpenObjectByPointer
+    - IoDeviceObjectType
+    - IoCreateDevice
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetSaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - _snwprintf
+    - RtlLengthSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - SeExports
+    - IoIsWdmVersionAvailable
+    - _wcsnicmp
+    - RtlAddAccessAllowedAce
+    - RtlLengthSid
+    - wcschr
+    - RtlAbsoluteToSelfRelativeSD
+    - RtlSetDaclSecurityDescriptor
+    - RtlCreateSecurityDescriptor
+    - ZwCreateKey
+    - ZwQueryValueKey
+    - ZwSetValueKey
+    - RtlFreeUnicodeString
+    - KeStallExecutionProcessor
+    - KeQueryPerformanceCounter
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=CA, L=Santa Clara, O=Intel Corporation, CN=Intel(R)
+                INTELNPG1
+            ValidFrom: '2015-09-28 19:41:01'
+            ValidTo: '2016-09-27 19:41:01'
+            Signature: 2e848fb2550d87edeeacf69dca78bc7ee5e795fd42baa6a313ef275d8d2e759cc65a18cd2377377e94a0ebb35a0102145417defb44dcf18f4dd77ee101906f3246ae512d7bb1e1dc4e40381a2c6ee4b4109167360f93b6694abc8c91dfec6b9da549d30c874b96a7f1217f5a4ee8093a880eb8aafbc2d9b58de2a71e8cb2fcf51d7133cf971410e9de26ad9a1b3516055847e9979af0c1fe4950fcd301d3f4170bf37660e3eb7f30197aad793158fee9958f2772eca1836e57bfd50c2c3dbf6cb6916e56f9a7e262f79d57c75993056f677ff60638475f9980b51f0916fea9e87e96778bb86cbb56425752eed78660e6e026728f8388d1e05f2cf54fd664c17e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 330000b7c6cfa9df260db5243500020000b7c6
+            Version: 3
+            TBS:
+                MD5: d04e62ad536be27b5ae5f53dfe14060b
+                SHA1: 558dc33cda5a996d71afe98ea75f5d81c358f42b
+                SHA256: 832c1b2d5269714f6804e13ed6fe068d732b543de00975c9e04dd697bf7be6e1
+                SHA384: fde1b110f034d38c2923861b58e91798da1b17afbf0ed367c3fd6ecc708d2795a4d7434367625db81d686337cce199d0
+        -   Subject: C=US, ST=CA, L=Santa Clara, O=Intel Corporation, CN=Intel External
+                Basic Issuing CA 3B
+            ValidFrom: '2013-02-08 22:21:23'
+            ValidTo: '2018-02-08 22:31:23'
+            Signature: 47bb93e603b1d9570eff60e90fc75e86e623f7defa6dc27732ef23f68fcc6f2572d4a94bad11a273bb8bd2b7b8879474890ccc5cea3a9ac0753a97597c22003d7ac7c55be8d49313ec8f94cda833dfa4d79aa1c8d8a3b4497e173a02e96656978d16b470abbc6b1048e7457b13c74d05bca02c0516be067ef679678f9c3454e67eea197714f19d3b55e4339f69bba7a72254512c677d0452aa7b66dea96aad8ca15c7939cd1c85ec890699854627a001576e93365145e15a3a59af5b41f9709dc4160e05e795b401b4931a590b8a31f7b648c86af6228c9e92286fa893b4a772533ada2cfad43dbf09237fdfcc652ad091aa5031c865f53858d4b39be6311008
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 612cff88000100000010
+            Version: 3
+            TBS:
+                MD5: da9a02953cdcc039174d11b07dd2967d
+                SHA1: 568cfca269ff49615d305e680988337f0a90bc32
+                SHA256: fad628f5236458a9116a99f2d64fb9131a28f9942fca6239a5e7be0dddf4ce9f
+                SHA384: 5edeab0248f63cdc4c10b748618cd6fa4aa53ffb0ddfd51a2e35de2ea55a56822aa53fa734a46705655e8f5878b24ffd
+        -   Subject: C=US, O=Intel Corporation, CN=Intel External Basic Policy CA
+            ValidFrom: '2013-02-01 00:00:00'
+            ValidTo: '2020-05-30 10:48:38'
+            Signature: 586fbfcd43074213fcb8d0ad8121f28a6fef87bc268a7c00bd680c2b19642c1167b3a9d9790aac395d6500163b53466ea2a6b56799dbe8bfa225ae049511093a2fdeacb73db8bc017430804748544ca0fb6ba8b8a284b7f434e57bcedc5278f4316d4251ae87bf94acbe9616fb55e5798264fdac5038e4dccb812ce7776f9d9b235c7d0403f4079e7ed457e266944debb55c5c629e8c2d83e64614e2a11380fddae0862711922bbd87174fcb19184b5e8ce60dd98f7d23766fa4ffa0ba3de36d37d62638e81a9c2392c8561f1a1a8e00d633a66b95fa821e740b0fa486df23337c9e3614b35ce2a3ed48a08e28f1d74cf6c09bb4f53ca3e5a863a22c08a5d5fe
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 79174aa9141736fe15a7ca9f2cff4588
+            Version: 3
+            TBS:
+                MD5: 6ce466d55ab160317ee9b13522c2a82a
+                SHA1: 53b052ba209c525233293274854b264bc0f68b73
+                SHA256: f71790e057380a0cbafdfc25bc8b3dafd6cfbeb01077bb3d8194e91254a2fc9b
+                SHA384: c0cc37f9505ff2bab958c8ef1ea94736efae52bcf5948c866446c46b64fb9f5e603fbad4bc70270ae74e58ac8ab055f9
+        -   Subject: C=BM, O=QuoVadis Limited, CN=QuoVadis Issuing CA G4
+            ValidFrom: '2014-05-30 16:35:55'
+            ValidTo: '2021-03-17 18:33:33'
+            Signature: b9f61352b517a72a4d84774309a4dba067b4600e42f403bdc4ff2c5a0f902e78c563c84aec27f67ce429d0cf6018fa6822da0252760df21754c6f6081ea1cc82e4c33a6d99227cc4c077b4e6052047934039cfdc55adc346af294d799c644c205f8a1c56fc46a05fcb98dd917a39b4afc477996b9eacde6f2d79ea7fd7132498521cfd693eed72ac3fd0b4011914edb0f0cbf39c5114238cc7dc697d328196e41d478f017694833e888d925b1858986903c7f5d3f2615250eb34a0fd2630300fb5fd70e7272c370b1cf3e71ea62c0743b64b885e971fc1307d60642af30c7068445163599fdb57c21fff80e5c21192d82fefd51743ff642d64845c521a63c267
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 69b2d1ccf02e20dcc95c62894f7f9e5f5fc057bf
+            Version: 3
+            TBS:
+                MD5: 4e0fbd79a99e4a55f97ef41efee38a9f
+                SHA1: 114f36d5f22b84de97893469fc00b7035b3ef734
+                SHA256: f6dd9683708786a413d4d6a3661fa4e4aeb328adbd181b398b5b6aa02bb0bc16
+                SHA384: a26fe570a01b0e15cf94b41ce48ebd39ed9e9d18493d4c117f0fbb5a5b33ed8ef06c069b9638dda957547f0b0645e447
+        -   Subject: C=US, ST=CA, L=Santa Clara, O=Intel Corporation, OU=Authenticode,
+                OU=Thales TSS ESN:A6A7,71B2,73F1, CN=Timestamp.intel.com
+            ValidFrom: '2014-12-09 21:30:38'
+            ValidTo: '2017-12-09 21:30:35'
+            Signature: 946aee51ab48079d01882edffbe887d87828778d30da382cacb0c1d5a4c0fc8437badc00c2c16454a82564ba4bcf776b79eb1feedc4e4ccd02514bbaea7c9b755d88a43a9493e07ebaa22358f95dabd995d4c572134e266dfb4bbd3a4c95c3191abbba7b1d1d0587c4a3e3911e1037fda9dacd9fe9c63383f0c21ece4e829c9c7e40e96a64139dfda69d0255a9588dbff28bfec8d343ca34decb755531b384a6cf388a5f06685870f79a321c3fc0e221cf8bba3b1e0b5d0486eb02f6e9008ebc4c2741215451b0ba6e1ec9d9e202b4e38c9184838c5e948df1c051aa0d0122c32810c11cb3458735c726b9e252558e0257b3360f85ec5ba949c3a3f8841c1938b5661ea9bde4f0894b40bd9567e89b17b373faaeeb1de7b7b27e4f52b46add679ac3dbd35bbdb48c9c6fb7aae98058c99002e9e53e0a0d5d88d21289ecce372c63afc6a08ca8f61d013695e40c48b67b9725dab9607e3f80e82d2f56afdd10b453d2e82d488b69a7ca63ced68f9bdc855d62fd79103e8b4abfef936e430dee4ea4e2a199a43a03783e4e4489807170fd63f12272c865861419fe6f2c474948f8749cb696446054b3e0913bba0f5483640dd33e955421beb4574f8398398e1323b3f24f83f640c5146aa90c6e314d6ccdcf8d21bbd09e4ff883e369adc6b742c021d833a2d4fefbba1080d8ca8eade080908a626fb8396451e2616afc943e1f74
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 385dccec5fe14d3974c9591a3ab1c2caad188c2d
+            Version: 3
+            TBS:
+                MD5: 4d35161b8be0a29812bb748b548e94b1
+                SHA1: bf27e048115892363598dec245759aa7529eb154
+                SHA256: d5c67eb0b73915a6f12dbe19f662205172cc9c97b9988b78a07f14c3b7e1e2b0
+                SHA384: 8b0e411b3fc02dd3a8f5f7d248699a7d882c160a6e3753c1b223d2b0671a6d3f9efa4894172a3bfa3525787be2d6f20e
+        -   Subject: C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust
+                External CA Root
+            ValidFrom: '2013-08-15 20:26:30'
+            ValidTo: '2023-08-15 20:36:30'
+            Signature: 362ba2f2e1331fe493f7f26985c6640ec99b632fe4703798fd94ec7bcff8a14246f9ed6a4e8d34693605557a1ebbad8c99429606e925a82684bec1bf16a97caa5b04b7fdd1c0f402be28edf577c79bfe3af6e8c17bd382abfa144ecf2bcfe5d5b54840b1a38f838bad2b2553aba634cef243f74f2ce9dd1e4e5ab6bae83b10992400bc50fd78f6e523a8899493f7b74130374a57b7e644d9c9df9905aa44fc74af8264cc07cb01b609c32ee3e832a7b49f4178c7a184365462f2ec150ac8ead084f8f1e06bf456125f95e0fcddb77693fe294a25e90400f1b4110ec9849edb177df51ea58e3629193a6d6c464bd7ab7024288d05a3d9d524f2f8a0d13c8239d4a8820e693a8109fc06f0c75933843693064191232c22a5a7012b50b428aedb46b0591b86b39b87e8494e390b6d14df4c03301e1f5f74aef55b590353ec9816e0d06235751b48b87d13e57a48b87752a40798253b069b7a4e6a6f44864f144f2779273d5073414c9c413edd290c73b1c7fb1f760c176504ebd25010924149ece4067d3615446f89bf697df94d40c13a98b6a07e31d2b5aecafb53d53f5086cd5e933b6d5d7c9a3f3ff7a9255884dd114900a2c7c89e37dd778e6d718be05b81345d54baccf59347886de7ef5be228e4801b40e40f2ad17f2315655aac9994433f465526d6c4fa8895e2919aa32d0b85deac8ce0f967709f71790231f761a229c4
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 3300000035d8d5595b0671412b000000000035
+            Version: 3
+            TBS:
+                MD5: 3d488d41aaeb5661974952080abef2fd
+                SHA1: df01e35e6befc7d65625319f17397b861e618d56
+                SHA256: 3d6ef38b5d26773dc77392e415e88b3a744b30ea9f2081e2a992b5818db2f0c4
+                SHA384: ac7c06916fe4a00307834b2499f12799d3fe463c2e63d1881df669a2786745beeee2b3a7d87cd6bc9e4fe293c22e5a59
+        Signer:
+        -   SerialNumber: 330000b7c6cfa9df260db5243500020000b7c6
+            Issuer: C=US, ST=CA, L=Santa Clara, O=Intel Corporation, CN=Intel External
+                Basic Issuing CA 3B
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 84dfb7245aa6b7f3efec05cfa6559636
+        SHA1: 695bd45c0e89dcb58253e90c9a43400b03ae2202
+        SHA256: 3ff178ffbb2c17ce7c3a02ef5943ddf3b580e3e28f6cc59775c5369062a0b9ab
+    Sections:
+        .text:
+            Entropy: 6.295892814002313
+            Virtual Size: '0x4b95'
+        .rdata:
+            Entropy: 4.790906217741617
+            Virtual Size: '0xed4'
+        .data:
+            Entropy: 1.1262035268835313
+            Virtual Size: '0x5ca0a0'
+        .pdata:
+            Entropy: 4.662346739100627
+            Virtual Size: '0x678'
+        PAGE:
+            Entropy: 6.127905616673761
+            Virtual Size: '0x1b71'
+        INIT:
+            Entropy: 5.777452830533018
+            Virtual Size: '0xb4c'
+        .rsrc:
+            Entropy: 3.4355466248056747
+            Virtual Size: '0x3f8'
+        .reloc:
+            Entropy: 1.2072398645622464
+            Virtual Size: '0x60'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2016-08-23 19:52:09'
+    Imphash: 2cf48a541dc193e91bb2a831adcf278e
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: iQVW64.SYS
+    MD5: 349fa788a4a7b57e37e426aca9b736d5
+    SHA1: 687b8962febbbea4cf6b3c11181fd76acb7dfd5a
+    SHA256: 77c5e95b872b1d815d6d3ed28b399ca39f3427eeb0143f49982120ff732285a9
+    Authentihash:
+        MD5: c50808f1da14138ea4b38907f113ab5a
+        SHA1: 859be8b0b744eee0b9a3410fc5a614b924ac4b43
+        SHA256: e7fe1fa6d2e5502ff1882a345790d0aab3ad34fe269ab23e3115d2d93db3fe6b
+    Description: Intel(R) Network Adapter Diagnostic Driver
+    Company: 'Intel Corporation '
+    InternalName: iQVW64.SYS
+    OriginalFilename: iQVW64.SYS
+    FileVersion: '1.03.0.4 built by: WinDDK'
+    Product: Intel(R) iQVW64.SYS
+    ProductVersion: 1.03.0.4
+    Copyright: Copyright (C) 2002-2006 Intel Corporation All Rights Reserved.
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - IofCompleteRequest
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - MmGetPhysicalAddress
+    - DbgPrint
+    - sprintf
+    - vsprintf
+    - IoFreeMdl
+    - MmMapLockedPages
+    - MmBuildMdlForNonPagedPool
+    - IoAllocateMdl
+    - MmUnmapIoSpace
+    - MmUnmapLockedPages
+    - MmAllocateContiguousMemory
+    - MmFreeContiguousMemory
+    - RtlInitUnicodeString
+    - ObfDereferenceObject
+    - KeWaitForSingleObject
+    - IofCallDriver
+    - IoBuildSynchronousFsdRequest
+    - KeInitializeEvent
+    - ZwClose
+    - RtlFreeAnsiString
+    - strstr
+    - RtlUnicodeStringToAnsiString
+    - ZwEnumerateValueKey
+    - ZwOpenKey
+    - wcsncpy
+    - IoGetDeviceObjectPointer
+    - IoGetDeviceInterfaces
+    - ObReferenceObjectByPointer
+    - KeBugCheckEx
+    - IoDeleteSymbolicLink
+    - MmMapIoSpace
+    - IoDeleteDevice
+    - KeStallExecutionProcessor
+    - KeQueryPerformanceCounter
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=US, ST=Oregon, L=Hillsboro, O=Intel Corporation, OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, OU=LAN Access Division,
+                CN=Intel Corporation
+            ValidFrom: '2006-04-17 00:00:00'
+            ValidTo: '2009-05-31 23:59:59'
+            Signature: 1c9c5e1020ecb0b42a91db52dd24e367787824834a64266a853e2e606da460488ac331c35600c43713d44df9a63e354c802f6fd18393206067cb6386f02d31c9b1ec0cf22d2067dc3add71bcb23063436822b69c31e1aa9c236e1111651ba67adf5fa784b98a264a33e03e61bb7e5b3e47152ce5d4d4918ca92bfc581063b1c83777480f29f7c02f08f47078e95e0eca268714fd9e5cce7a381bcfcd55918af45d3e3b1f2a82846df292a4a2ac99e94fb5df00b73cf90968b2d47789bf10f6673b4e5c3b6631eedc336a2aa1b6de1fc3dda1d26b10c9d9c4bb92ceff38b0e49c0939a9d5b179f0d1cf7251406b473381c79bf4fa9670d6c6325a7f9909ae0b63
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 65680c783b728ab2a1880df4232ded32
+            Version: 3
+            TBS:
+                MD5: 9d44550dc9e1d18ef155513f85ab1f12
+                SHA1: 5f3d3da7374d8edbe4b2a2534c07682861458b3c
+                SHA256: 12d4c385c0c5e927fc876523b6874918232c08fdaff8e96e230e622b0841df00
+                SHA384: 165909cf2d34f32ea49a96d98d2c59d6eaad7a8bfe85f6e34d9da3fa79f40b31e4a88d3040558b876f2154c8970b41c4
+        Signer:
+        -   SerialNumber: 65680c783b728ab2a1880df4232ded32
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 4521e9ed78c16f8d1e49a1981dfb32eb
+        SHA1: 557230bdf881a5a09523f4b063c81e10594ee183
+        SHA256: 4d270337cbd39f54b308a8b11869c2d85075acb846ce369f90aeceb8dd87782f
+    Sections:
+        .text:
+            Entropy: 6.313950625118645
+            Virtual Size: '0x4525'
+        .rdata:
+            Entropy: 5.072782940842027
+            Virtual Size: '0xaa0'
+        .data:
+            Entropy: 1.3642226642444077
+            Virtual Size: '0x5bb180'
+        .pdata:
+            Entropy: 4.302155417145168
+            Virtual Size: '0x420'
+        INIT:
+            Entropy: 5.824692693737898
+            Virtual Size: '0x79c'
+        .rsrc:
+            Entropy: 3.414004191020133
+            Virtual Size: '0x3f8'
+        .reloc:
+            Entropy: 1.2283624043981463
+            Virtual Size: '0x12c'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2009-05-12 14:12:21'
+    Imphash: 5c77661ac2951da388949d9a834eb694
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: iQVW64.SYS
+    MD5: 1c61eb82f1269d8d6be8de2411133811
+    SHA1: 0d6fb0cb9566b4e4ca4586f26fe0631ffa847f2c
+    SHA256: 7cb497abc44aad09a38160d6a071db499e05ff5871802ccc45d565d242026ee7
+    Authentihash:
+        MD5: 0b6c1cf6b4bad6edccd9c8457af495bc
+        SHA1: 69e6d06476e4c55989507cf47722f0c355f568ad
+        SHA256: c857c2db1fe1b9c979079add29d5b970147d6a264b4095e6579b5d0669c2b572
+    Description: Intel(R) Network Adapter Diagnostic Driver
+    Company: 'Intel Corporation '
+    InternalName: iQVW64.SYS
+    OriginalFilename: iQVW64.SYS
+    FileVersion: '1.3.2.18 built by: WinDDK'
+    Product: Intel(R) iQVW64.SYS
+    ProductVersion: 1.3.2.18
+    Copyright: Copyright (C) 2002-2019 Intel Corporation All Rights Reserved.
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoCreateSymbolicLink
+    - IofCompleteRequest
+    - MmIsAddressValid
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - MmGetPhysicalAddress
+    - DbgPrint
+    - strncpy
+    - vsprintf
+    - IoFreeMdl
+    - MmMapLockedPagesSpecifyCache
+    - MmBuildMdlForNonPagedPool
+    - IoAllocateMdl
+    - MmUnmapIoSpace
+    - MmUnmapLockedPages
+    - MmAllocateContiguousMemory
+    - MmFreeContiguousMemory
+    - MmMapIoSpace
+    - RtlInitUnicodeString
+    - KeWaitForSingleObject
+    - IofCallDriver
+    - IoBuildSynchronousFsdRequest
+    - KeInitializeEvent
+    - ZwClose
+    - RtlFreeAnsiString
+    - strstr
+    - RtlUnicodeStringToAnsiString
+    - ZwEnumerateValueKey
+    - ZwOpenKey
+    - wcsncpy
+    - IoGetDeviceObjectPointer
+    - IoGetDeviceInterfaces
+    - ObReferenceObjectByPointer
+    - MmAllocateNonCachedMemory
+    - MmFreeNonCachedMemory
+    - KeBugCheckEx
+    - IoDeleteSymbolicLink
+    - ObfDereferenceObject
+    - IoDeleteDevice
+    - MmGetSystemRoutineAddress
+    - ZwSetSecurityObject
+    - ObOpenObjectByPointer
+    - IoDeviceObjectType
+    - IoCreateDevice
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetSaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - _snwprintf
+    - RtlLengthSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - SeExports
+    - IoIsWdmVersionAvailable
+    - _wcsnicmp
+    - RtlAddAccessAllowedAce
+    - RtlLengthSid
+    - wcschr
+    - RtlAbsoluteToSelfRelativeSD
+    - RtlSetDaclSecurityDescriptor
+    - RtlCreateSecurityDescriptor
+    - ZwCreateKey
+    - ZwQueryValueKey
+    - ZwSetValueKey
+    - RtlFreeUnicodeString
+    - KeStallExecutionProcessor
+    - KeQueryPerformanceCounter
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust
+                External CA Root
+            ValidFrom: '2013-08-15 20:26:30'
+            ValidTo: '2023-08-15 20:36:30'
+            Signature: 362ba2f2e1331fe493f7f26985c6640ec99b632fe4703798fd94ec7bcff8a14246f9ed6a4e8d34693605557a1ebbad8c99429606e925a82684bec1bf16a97caa5b04b7fdd1c0f402be28edf577c79bfe3af6e8c17bd382abfa144ecf2bcfe5d5b54840b1a38f838bad2b2553aba634cef243f74f2ce9dd1e4e5ab6bae83b10992400bc50fd78f6e523a8899493f7b74130374a57b7e644d9c9df9905aa44fc74af8264cc07cb01b609c32ee3e832a7b49f4178c7a184365462f2ec150ac8ead084f8f1e06bf456125f95e0fcddb77693fe294a25e90400f1b4110ec9849edb177df51ea58e3629193a6d6c464bd7ab7024288d05a3d9d524f2f8a0d13c8239d4a8820e693a8109fc06f0c75933843693064191232c22a5a7012b50b428aedb46b0591b86b39b87e8494e390b6d14df4c03301e1f5f74aef55b590353ec9816e0d06235751b48b87d13e57a48b87752a40798253b069b7a4e6a6f44864f144f2779273d5073414c9c413edd290c73b1c7fb1f760c176504ebd25010924149ece4067d3615446f89bf697df94d40c13a98b6a07e31d2b5aecafb53d53f5086cd5e933b6d5d7c9a3f3ff7a9255884dd114900a2c7c89e37dd778e6d718be05b81345d54baccf59347886de7ef5be228e4801b40e40f2ad17f2315655aac9994433f465526d6c4fa8895e2919aa32d0b85deac8ce0f967709f71790231f761a229c4
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 3300000035d8d5595b0671412b000000000035
+            Version: 3
+            TBS:
+                MD5: 3d488d41aaeb5661974952080abef2fd
+                SHA1: df01e35e6befc7d65625319f17397b861e618d56
+                SHA256: 3d6ef38b5d26773dc77392e415e88b3a744b30ea9f2081e2a992b5818db2f0c4
+                SHA384: ac7c06916fe4a00307834b2499f12799d3fe463c2e63d1881df669a2786745beeee2b3a7d87cd6bc9e4fe293c22e5a59
+        -   Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited,
+                CN=COMODO RSA Certification Authority
+            ValidFrom: '2000-05-30 10:48:38'
+            ValidTo: '2020-05-30 10:48:38'
+            Signature: 64bf83f15f9a85d0cdb8a129570de85af7d1e93ef276046ef15270bb1e3cff4d0d746acc818225d3c3a02a5d4cf5ba8ba16dc4540975c7e3270e5d847937401377f5b4ac1cd03bab1712d6ef34187e2be979d3ab57450caf28fad0dbe5509588bbdf8557697d92d852ca7381bf1cf3e6b86e661105b31e942d7f91959259f14ccea391714c7c470c3b0b19f6a1b16c863e5caac42e82cbf90796ba484d90f294c8a973a2eb067b239ddea2f34d559f7a6145981868c75e406b23f5797aef8cb56b8bb76f46f47bf13d4b04d89380595ae041241db28f15605847dbef6e46fd15f5d95f9ab3dbd8b8e440b3cd9739ae85bb1d8ebcdc879bd1a6eff13b6f10386f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.12
+            IsCertificateAuthority: true
+            SerialNumber: 2766ee56eb49f38eabd770a2fc84de22
+            Version: 3
+            TBS:
+                MD5: be5bfbe77379139ac5cdcbcc8d4d3b34
+                SHA1: 606b701bc9f448ddbfe6fa63ccb8061b838ee254
+                SHA256: 0d73a614eef7596cf5a34733f74daf2ccfe4df7b4a40069bf43c43e428264177
+                SHA384: 7ce102d63c57cb48f80a65d1a5e9b350a7a618482aa5a36775323ca933ddfcb00def83796a6340dec5ebf7596cfd8e5d
+        -   Subject: C=US, ST=CA, L=Santa Clara, O=Intel Corporation, CN=ND_QV
+            ValidFrom: '2019-03-27 21:49:54'
+            ValidTo: '2021-03-26 21:49:54'
+            Signature: 2b03535c8db5fa8488a8241590410378f7362874f1b40f0f3750eae22224e9f559d4f703760a9a0530b2869436b78ef40ec4fd88bc1ebe2783b74b2339d011cde8788c4ed967fd4de5f4ccc2af794eed1d8efc0bf6737ccd5db59f64394a68f0a3a152de60b5c5091c6a9913192cccb7168ab4465ac7da62ad6cba49688c4b2340c7e97386ca3a06fd9ffeb114f21cadf7e0c4f0dcd1457b7c1f7d0b0b286f90cffef6d1802d818c73fdf3588c46dc99855f2e80aa329c3fa62f9f941589e016b6cbb775b311a49cbfc1ae5cb906eee8cf9f93e7ae994e7f6069bd6d9b4b071ba7042653eaf235bae020582b9c6ab78a237c05bbbe8f9182631c0f836ad3da9a71ba48e2c3260d002c88c98f1ad0c6d67d259c393129e17fa2913545c1a9bc7a48e18452d2048bcf2d931d996472155dd91338551feb086e3f8ac979745b1652f6cc8efae1c3c1df6983db6a45549a5de477567bc22ed2529adb7db1002b15bd8ab4e91739a3d4d018aa6bc2ac744abcc68690c938ef2a3a3e2b6552944806f6ba7260c3d8d949d29e056e922a581edd28ff12ee03279882a5e389070fa06a1b1a900b9a32e1208c8f00bfc9a2f2dbb96c10071fb05231ed2ba6170b007717ad33c0934c45d6b9690194dcd0212f5cb68c203400a196a218bb20ca645ed6b72cfba8f31cdae8b56b91415973dd46b6dac1e4b268ebbd17de7da59f253b380c41
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 5600000a6c1826788c3ae621c1000000000a6c
+            Version: 3
+            TBS:
+                MD5: cd868880a6dccf68ec7c1c66ce39d77a
+                SHA1: c876af6fba8aa3b9aa12a5cff67a85f1f5a9c580
+                SHA256: 1982800d0d658202d22e557c8aa3f88a4cc583c35802433aa82eeed007638a7a
+                SHA384: cf43cda2e58eb3c0962b122eaa8d459855164cff4282b3d1f054de0139411e53511e50ebfd1dd4ebf29190272472faed
+        -   Subject: C=US, ST=CA, L=Santa Clara, O=Intel Corporation, CN=Intel External
+                Issuing CA 7B
+            ValidFrom: '2015-10-28 00:00:00'
+            ValidTo: '2021-06-17 23:59:59'
+            Signature: 35bb03eacc9b601a13d075528e8095454e9ebf6ec0bb64aac36eb1021d465e2fe82f48cc8410f7ad993bfffa856829b0d37c31e21ab47bc166e2a53bc729189835ae6301a845209561db104db90d6bd39964ce5f8bb86c1346a06e5a0d3ee790ebb731a121f58dde3b7b6936f10800b9aabf1c566156d7cc923f29d4d96bd8222f0e56f56ad146e8808f397a923c6748b7e2fa190f3767e2df292d02aa43282eae2c464224be6dbb6a8849a64c20dfe5654ffae1c1be71d5f85ef59d6692b23b64e1e8aeac995517bddb1bdfa0934f3f56f23b83d5d2b7c1085a524042e33e9120f735b491f04de134694879c0ed30c9931a84d572198f6d8039f459ab2016d8f9ff7026237becc50033227c3d203aedb428bc7a810ce70bc13f7c300c4e50b8670fd76417b7c3c52085ca8fced5262a1254b9ff22f8a8273cca0e853714ee02e52f66156263876a5ecf29d3b89178b76172177bc119a6180822dad09125f606090926b02dac808874335fc7e044c1309976d877b14701ef69922bedae582963a0358ee41db704f1da3ab23280b1c8bcf0e70f71007a333a06e8a4d879d9d953cd9bfeb2685b8884856b0771d04f930a0760033408d273bf141adfe3c7041b2d999e931c95b38798425a1c916352398a8f4a2ac24c7b70693a3cf1fb2fff0e0a8794e4016acf9bb41fa30ea9ea2adcaf2b8c4401fd3a587d3278a219d5c974c5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.12
+            IsCertificateAuthority: true
+            SerialNumber: 069b5e99277284c8767f1368a7deb0f3
+            Version: 3
+            TBS:
+                MD5: 5578c7331db18bb448db403ad32c94ee
+                SHA1: dfcfe5d6087cf830513d705aa701ff957d960298
+                SHA256: 5b619f82064ace7ecf48d26ce8ae6fa3b52671915fa81ee81cddbe740dd8698b
+                SHA384: 5fa042c979faba67de861093b4aca808ae4be0fcedf123cb8afe126856c0b6ac3451393048211db8993914c5ff410bd8
+        Signer:
+        -   SerialNumber: 5600000a6c1826788c3ae621c1000000000a6c
+            Issuer: C=US, ST=CA, L=Santa Clara, O=Intel Corporation, CN=Intel External
+                Issuing CA 7B
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 84dfb7245aa6b7f3efec05cfa6559636
+        SHA1: 695bd45c0e89dcb58253e90c9a43400b03ae2202
+        SHA256: 3ff178ffbb2c17ce7c3a02ef5943ddf3b580e3e28f6cc59775c5369062a0b9ab
+    Sections:
+        .text:
+            Entropy: 6.260751486147612
+            Virtual Size: '0x4945'
+        .rdata:
+            Entropy: 4.780476060384341
+            Virtual Size: '0xed0'
+        .data:
+            Entropy: 1.1262035268835313
+            Virtual Size: '0x5ca0a0'
+        .pdata:
+            Entropy: 4.658699009524359
+            Virtual Size: '0x678'
+        PAGE:
+            Entropy: 6.1261566082145595
+            Virtual Size: '0x1b71'
+        INIT:
+            Entropy: 5.77082076544506
+            Virtual Size: '0xb4c'
+        .rsrc:
+            Entropy: 3.441712631209701
+            Virtual Size: '0x3f8'
+        .reloc:
+            Entropy: 1.2072398645622464
+            Virtual Size: '0x60'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2019-04-24 05:50:56'
+    Imphash: 2cf48a541dc193e91bb2a831adcf278e
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: iQVW64.SYS
+    MD5: 31a4631d77b2357ac9618e2a60021f11
+    SHA1: 637d0de7fa2a06e462dad40a575cb0fa4a38d377
+    SHA256: a566af57d88f37fa033e64b1d8abbd3ffdacaba260475fbbc8dab846a824eff5
+    Authentihash:
+        MD5: 67bc13f641db5e7b40ffd8fd33b7d9c6
+        SHA1: 627e4a44e5a5da00cdb8ae2a538175ded6a9a113
+        SHA256: 9f94d9180104c820c3d27f03e20f5bbc9d2a5bc2ae6e74baf2a848f2f1790ec8
+    Description: Intel(R) Network Adapter Diagnostic Driver
+    Company: 'Intel Corporation '
+    InternalName: iQVW64.SYS
+    OriginalFilename: iQVW64.SYS
+    FileVersion: '1.03.0.4 built by: WinDDK'
+    Product: Intel(R) iQVW64.SYS
+    ProductVersion: 1.03.0.4
+    Copyright: Copyright (C) 2002-2006 Intel Corporation All Rights Reserved.
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - IofCompleteRequest
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - MmGetPhysicalAddress
+    - DbgPrint
+    - sprintf
+    - vsprintf
+    - IoFreeMdl
+    - MmMapLockedPages
+    - MmBuildMdlForNonPagedPool
+    - IoAllocateMdl
+    - MmUnmapIoSpace
+    - MmUnmapLockedPages
+    - MmAllocateContiguousMemory
+    - MmFreeContiguousMemory
+    - RtlInitUnicodeString
+    - ObfDereferenceObject
+    - KeWaitForSingleObject
+    - IofCallDriver
+    - IoBuildSynchronousFsdRequest
+    - KeInitializeEvent
+    - ZwClose
+    - RtlFreeAnsiString
+    - strstr
+    - RtlUnicodeStringToAnsiString
+    - ZwEnumerateValueKey
+    - ZwOpenKey
+    - wcsncpy
+    - IoGetDeviceObjectPointer
+    - IoGetDeviceInterfaces
+    - ObReferenceObjectByPointer
+    - KeBugCheckEx
+    - IoDeleteSymbolicLink
+    - MmMapIoSpace
+    - IoDeleteDevice
+    - KeStallExecutionProcessor
+    - KeQueryPerformanceCounter
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=US, ST=Oregon, L=Hillsboro, O=Intel Corporation, OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, OU=LAN Access Division,
+                CN=Intel Corporation
+            ValidFrom: '2009-05-26 00:00:00'
+            ValidTo: '2012-05-30 23:59:59'
+            Signature: 3d01e2c5a5f6209e2b1cbf422f38c19677d0c3d164d29bcf4fda7ad174d1bbd575795110e13d1af2fad8fcf7a683374a113b00b3b79677f04594c035194e9ab3d016259124793bae1750082011447c5f3e5e46d4c8423affadd01a84b40bbb6143b2030b6741f17d9d9b31124857587c24f1b9877f901b861a7e487bb0ba249553fc7decd252dd7c15a2ebdddec25e84d4dc9e5d6bdf06cb35c97b9a14c04945765431fb8be90e0b007daa667972409973db8f484b2283492c62a7923202797428054a8077cbabc1b1ad48334a759a32c6c2651b9ed192f67dd6d1479da1ea6f0a3b24a02c01b4ac85d293dc40150f831870b8aaa56d727eec6f55a0ff68402a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 058258571670ab2b1bac50679cec49a1
+            Version: 3
+            TBS:
+                MD5: 2db2db8ad770f96c4ba2de12f5336353
+                SHA1: d70fb0f12785771b5eff8029e0801fbe0caca8b3
+                SHA256: ebce0797330e680af51b1a399d34575a8bcac049d55b1323097e17147b430538
+                SHA384: b1480302c0412127620d79bc13eba100191c2458e63df9ae6987481db2ca14de7530211e195540d9b30bc7390a44fec0
+        Signer:
+        -   SerialNumber: 058258571670ab2b1bac50679cec49a1
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 4521e9ed78c16f8d1e49a1981dfb32eb
+        SHA1: 557230bdf881a5a09523f4b063c81e10594ee183
+        SHA256: 4d270337cbd39f54b308a8b11869c2d85075acb846ce369f90aeceb8dd87782f
+    Sections:
+        .text:
+            Entropy: 6.3188990871158195
+            Virtual Size: '0x4545'
+        .rdata:
+            Entropy: 4.716285554861738
+            Virtual Size: '0x7fc'
+        .data:
+            Entropy: 0.30140680731160896
+            Virtual Size: '0x5c9ec0'
+        .pdata:
+            Entropy: 4.308481594389347
+            Virtual Size: '0x438'
+        INIT:
+            Entropy: 5.829703465693649
+            Virtual Size: '0x79c'
+        .rsrc:
+            Entropy: 3.411600288391384
+            Virtual Size: '0x3f8'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2010-09-01 23:02:32'
+    Imphash: 5c77661ac2951da388949d9a834eb694
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: iQVW64.SYS
+    MD5: 7c22b7686c75a2bb7409b3c392cc791a
+    SHA1: bed5bad7f405aa828a146c7f71d09c31d0c32051
+    SHA256: a59c40e7470b7003e8adfee37c77606663e78d7e3f2ebb8d60910af19924d8df
+    Authentihash:
+        MD5: 1789a16d20ca2b55f491ad71848166a2
+        SHA1: 2cbfe4ad0e1231ff3e19c19ca9311d952ce170b7
+        SHA256: 785e87bc23a1353fe0726554fd009aca69c320a98445a604a64e23ab45108087
+    Description: Intel(R) Network Adapter Diagnostic Driver
+    Company: 'Intel Corporation '
+    InternalName: iQVW64.SYS
+    OriginalFilename: iQVW64.SYS
+    FileVersion: '1.03.0.7 built by: WinDDK'
+    Product: Intel(R) iQVW64.SYS
+    ProductVersion: 1.03.0.7
+    Copyright: Copyright (C) 2002-2013 Intel Corporation All Rights Reserved.
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - IofCompleteRequest
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - MmGetPhysicalAddress
+    - DbgPrint
+    - strncpy
+    - vsprintf
+    - IoFreeMdl
+    - MmMapLockedPagesSpecifyCache
+    - MmBuildMdlForNonPagedPool
+    - IoAllocateMdl
+    - MmUnmapIoSpace
+    - MmUnmapLockedPages
+    - MmAllocateContiguousMemory
+    - MmFreeContiguousMemory
+    - RtlInitUnicodeString
+    - ObfDereferenceObject
+    - KeWaitForSingleObject
+    - IofCallDriver
+    - IoBuildSynchronousFsdRequest
+    - KeInitializeEvent
+    - ZwClose
+    - RtlFreeAnsiString
+    - strstr
+    - RtlUnicodeStringToAnsiString
+    - ZwEnumerateValueKey
+    - ZwOpenKey
+    - wcsncpy
+    - IoGetDeviceObjectPointer
+    - IoGetDeviceInterfaces
+    - ObReferenceObjectByPointer
+    - KeBugCheckEx
+    - IoDeleteSymbolicLink
+    - MmMapIoSpace
+    - IoDeleteDevice
+    - KeStallExecutionProcessor
+    - KeQueryPerformanceCounter
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, ST=Oregon, L=Hillsboro, O=Intel Corporation, OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, OU=LAN Access Division,
+                CN=Intel Corporation
+            ValidFrom: '2012-05-17 00:00:00'
+            ValidTo: '2015-05-30 23:59:59'
+            Signature: 285fe626bdcc91182509755ed38bee901a395d2f11b14eb7857cb9b3624afadee423a07cca07804cd51a299716b3bd127c84e6d827dd786b29964aee3b6dd0193d366813ff62ab31f61e2c37bda7a2cd4c19a877cd410dcd066acefa7013e47436b8b4270238dbf631a4907c380f2397eda3a013d8d3d006a15b581edf946d7cc16896d2af8e79981802555b12bb1b177f7e9a85c0c92b8af3d423ecbd858a1aa0d8face738f4f4934b2a0f9654db4cc1e388afad699371e83992bd317de8ae0dce9df2f6de60191af4462eca8a2ba30e8b203b68bff09f4753cfbedbf41a64f1e0cc999f90c83dc3062dd62dd46773f8e93d1051f19a29a97377c1d0bee7f39
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 2776ab5cf2d09872f1ad05fbc3f21a87
+            Version: 3
+            TBS:
+                MD5: fa13cce803fbe5b5256430f9bfee76de
+                SHA1: ce566e0c55909bbf2bb0d43280ee78b4ba3d582f
+                SHA256: 7959ee2235998f36a9cdbd9b5ef7759e5846e0eecd7e868c5f042360a25482aa
+                SHA384: 82fcff4effee6971cfc9d0d684d13479eac42b53f23590e0df172e2804ff94abc1fbf0e2b6af0cf05b099fc97cf26789
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 2776ab5cf2d09872f1ad05fbc3f21a87
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 4521e9ed78c16f8d1e49a1981dfb32eb
+        SHA1: 557230bdf881a5a09523f4b063c81e10594ee183
+        SHA256: 4d270337cbd39f54b308a8b11869c2d85075acb846ce369f90aeceb8dd87782f
+    Sections:
+        .text:
+            Entropy: 6.312074870341971
+            Virtual Size: '0x4615'
+        .rdata:
+            Entropy: 4.765757053328623
+            Virtual Size: '0x7c0'
+        .data:
+            Entropy: 0.30140680731160896
+            Virtual Size: '0x5c9ec0'
+        .pdata:
+            Entropy: 4.307215755522235
+            Virtual Size: '0x408'
+        INIT:
+            Entropy: 5.835829282045137
+            Virtual Size: '0x7a8'
+        .rsrc:
+            Entropy: 3.423830950438437
+            Virtual Size: '0x3f8'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2013-11-14 08:22:43'
+    Imphash: 55db306bc2be3ff71a6b91fd9db051b8
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: iQVW64.SYS
+    MD5: 477e02a8e31cde2e76a8fb020df095c2
+    SHA1: 9449f211c3c47821b638513d239e5f2c778dc523
+    SHA256: b51ddcf8309c80384986dda9b11bf7856b030e3e885b0856efdb9e84064917e5
+    Authentihash:
+        MD5: 99f8e77dfc84cbd445500575ec9ab78a
+        SHA1: 154c4d80f243b40dcebc2d5a2f3cee968d2f6f0c
+        SHA256: 7cc54914473d7c75a483c5672655bd9df2ce20b556a0d92c6e4cb8722ab1647b
+    Description: Intel(R) Network Adapter Diagnostic Driver
+    Company: 'Intel Corporation '
+    InternalName: iQVW64.SYS
+    OriginalFilename: iQVW64.SYS
+    FileVersion: '1.03.0.4 built by: WinDDK'
+    Product: Intel(R) iQVW64.SYS
+    ProductVersion: 1.03.0.4
+    Copyright: Copyright (C) 2002-2006 Intel Corporation All Rights Reserved.
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - IofCompleteRequest
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - MmGetPhysicalAddress
+    - DbgPrint
+    - sprintf
+    - vsprintf
+    - IoFreeMdl
+    - MmMapLockedPages
+    - MmBuildMdlForNonPagedPool
+    - IoAllocateMdl
+    - MmUnmapIoSpace
+    - MmUnmapLockedPages
+    - MmAllocateContiguousMemory
+    - MmFreeContiguousMemory
+    - RtlInitUnicodeString
+    - ObfDereferenceObject
+    - KeWaitForSingleObject
+    - IofCallDriver
+    - IoBuildSynchronousFsdRequest
+    - KeInitializeEvent
+    - ZwClose
+    - RtlFreeAnsiString
+    - strstr
+    - RtlUnicodeStringToAnsiString
+    - ZwEnumerateValueKey
+    - ZwOpenKey
+    - wcsncpy
+    - IoGetDeviceObjectPointer
+    - IoGetDeviceInterfaces
+    - ObReferenceObjectByPointer
+    - KeBugCheckEx
+    - IoDeleteSymbolicLink
+    - MmMapIoSpace
+    - IoDeleteDevice
+    - KeStallExecutionProcessor
+    - KeQueryPerformanceCounter
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=US, ST=Oregon, L=Hillsboro, O=Intel Corporation, OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, OU=LAN Access Division,
+                CN=Intel Corporation
+            ValidFrom: '2009-05-26 00:00:00'
+            ValidTo: '2012-05-30 23:59:59'
+            Signature: 3d01e2c5a5f6209e2b1cbf422f38c19677d0c3d164d29bcf4fda7ad174d1bbd575795110e13d1af2fad8fcf7a683374a113b00b3b79677f04594c035194e9ab3d016259124793bae1750082011447c5f3e5e46d4c8423affadd01a84b40bbb6143b2030b6741f17d9d9b31124857587c24f1b9877f901b861a7e487bb0ba249553fc7decd252dd7c15a2ebdddec25e84d4dc9e5d6bdf06cb35c97b9a14c04945765431fb8be90e0b007daa667972409973db8f484b2283492c62a7923202797428054a8077cbabc1b1ad48334a759a32c6c2651b9ed192f67dd6d1479da1ea6f0a3b24a02c01b4ac85d293dc40150f831870b8aaa56d727eec6f55a0ff68402a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 058258571670ab2b1bac50679cec49a1
+            Version: 3
+            TBS:
+                MD5: 2db2db8ad770f96c4ba2de12f5336353
+                SHA1: d70fb0f12785771b5eff8029e0801fbe0caca8b3
+                SHA256: ebce0797330e680af51b1a399d34575a8bcac049d55b1323097e17147b430538
+                SHA384: b1480302c0412127620d79bc13eba100191c2458e63df9ae6987481db2ca14de7530211e195540d9b30bc7390a44fec0
+        Signer:
+        -   SerialNumber: 058258571670ab2b1bac50679cec49a1
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 4521e9ed78c16f8d1e49a1981dfb32eb
+        SHA1: 557230bdf881a5a09523f4b063c81e10594ee183
+        SHA256: 4d270337cbd39f54b308a8b11869c2d85075acb846ce369f90aeceb8dd87782f
+    Sections:
+        .text:
+            Entropy: 6.319006489194584
+            Virtual Size: '0x4545'
+        .rdata:
+            Entropy: 4.717552023145485
+            Virtual Size: '0x7fc'
+        .data:
+            Entropy: 0.30140680731160896
+            Virtual Size: '0x5c9ec0'
+        .pdata:
+            Entropy: 4.308481594389347
+            Virtual Size: '0x438'
+        INIT:
+            Entropy: 5.832969298181631
+            Virtual Size: '0x79c'
+        .rsrc:
+            Entropy: 3.411600288391384
+            Virtual Size: '0x3f8'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2010-10-28 08:22:55'
+    Imphash: 5c77661ac2951da388949d9a834eb694
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: iQVW64.SYS
+    MD5: ce67e51b8c0370d1bfe421b79fa8b656
+    SHA1: 4885cd221fa1ea330b9e4c1702be955d68bd3f6a
+    SHA256: cff9aa9046bdfd781d34f607d901a431a51bb7e5f48f4f681cc743b2cdedc98c
+    Authentihash:
+        MD5: 02eedc6afdeb843f391a69611266a838
+        SHA1: 9dae306ebc30a8c2f160e3f6e726fcd3e4f92280
+        SHA256: 727666434d5ea292a7631d0944edd36097db12862730996ce8a3f052be04a2cd
+    Description: Intel(R) Network Adapter Diagnostic Driver
+    Company: 'Intel Corporation '
+    InternalName: iQVW64.SYS
+    OriginalFilename: iQVW64.SYS
+    FileVersion: '1.03.0.4 built by: WinDDK'
+    Product: Intel(R) iQVW64.SYS
+    ProductVersion: 1.03.0.4
+    Copyright: Copyright (C) 2002-2006 Intel Corporation All Rights Reserved.
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - IofCompleteRequest
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - MmGetPhysicalAddress
+    - DbgPrint
+    - sprintf
+    - vsprintf
+    - IoFreeMdl
+    - MmMapLockedPages
+    - MmBuildMdlForNonPagedPool
+    - IoAllocateMdl
+    - MmUnmapIoSpace
+    - MmUnmapLockedPages
+    - MmAllocateContiguousMemory
+    - MmFreeContiguousMemory
+    - RtlInitUnicodeString
+    - ObfDereferenceObject
+    - KeWaitForSingleObject
+    - IofCallDriver
+    - IoBuildSynchronousFsdRequest
+    - KeInitializeEvent
+    - ZwClose
+    - RtlFreeAnsiString
+    - strstr
+    - RtlUnicodeStringToAnsiString
+    - ZwEnumerateValueKey
+    - ZwOpenKey
+    - wcsncpy
+    - IoGetDeviceObjectPointer
+    - IoGetDeviceInterfaces
+    - ObReferenceObjectByPointer
+    - KeBugCheckEx
+    - IoDeleteSymbolicLink
+    - MmMapIoSpace
+    - IoDeleteDevice
+    - KeStallExecutionProcessor
+    - KeQueryPerformanceCounter
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=US, ST=Oregon, L=Hillsboro, O=Intel Corporation, OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, OU=LAN Access Division,
+                CN=Intel Corporation
+            ValidFrom: '2009-05-26 00:00:00'
+            ValidTo: '2012-05-30 23:59:59'
+            Signature: 3d01e2c5a5f6209e2b1cbf422f38c19677d0c3d164d29bcf4fda7ad174d1bbd575795110e13d1af2fad8fcf7a683374a113b00b3b79677f04594c035194e9ab3d016259124793bae1750082011447c5f3e5e46d4c8423affadd01a84b40bbb6143b2030b6741f17d9d9b31124857587c24f1b9877f901b861a7e487bb0ba249553fc7decd252dd7c15a2ebdddec25e84d4dc9e5d6bdf06cb35c97b9a14c04945765431fb8be90e0b007daa667972409973db8f484b2283492c62a7923202797428054a8077cbabc1b1ad48334a759a32c6c2651b9ed192f67dd6d1479da1ea6f0a3b24a02c01b4ac85d293dc40150f831870b8aaa56d727eec6f55a0ff68402a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 058258571670ab2b1bac50679cec49a1
+            Version: 3
+            TBS:
+                MD5: 2db2db8ad770f96c4ba2de12f5336353
+                SHA1: d70fb0f12785771b5eff8029e0801fbe0caca8b3
+                SHA256: ebce0797330e680af51b1a399d34575a8bcac049d55b1323097e17147b430538
+                SHA384: b1480302c0412127620d79bc13eba100191c2458e63df9ae6987481db2ca14de7530211e195540d9b30bc7390a44fec0
+        Signer:
+        -   SerialNumber: 058258571670ab2b1bac50679cec49a1
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 4521e9ed78c16f8d1e49a1981dfb32eb
+        SHA1: 557230bdf881a5a09523f4b063c81e10594ee183
+        SHA256: 4d270337cbd39f54b308a8b11869c2d85075acb846ce369f90aeceb8dd87782f
+    Sections:
+        .text:
+            Entropy: 6.319295269173402
+            Virtual Size: '0x4545'
+        .rdata:
+            Entropy: 4.712697675298715
+            Virtual Size: '0x7fc'
+        .data:
+            Entropy: 0.30140680731160896
+            Virtual Size: '0x5c9ec0'
+        .pdata:
+            Entropy: 4.308481594389347
+            Virtual Size: '0x438'
+        INIT:
+            Entropy: 5.834783593648872
+            Virtual Size: '0x79c'
+        .rsrc:
+            Entropy: 3.411600288391384
+            Virtual Size: '0x3f8'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2010-08-26 07:48:52'
+    Imphash: 5c77661ac2951da388949d9a834eb694
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: iQVW64.SYS
+    MD5: 2cc65e805757cfc4f87889cdceb546cd
+    SHA1: 7c625de858710d3673f6cb0cd8d0643d5422c688
+    SHA256: d1f4949f76d8ac9f2fa844d16b1b45fb1375d149d46e414e4a4c9424dc66c91f
+    Authentihash:
+        MD5: 3e2ca18cf98afa0faac4da0fb1eca408
+        SHA1: 15a85aa659248751080984a29dc848c37e900002
+        SHA256: ccc65f108ad084af41725e42efc3c3c539f89a474c1b1293b111a83e3eba216a
+    Description: Intel(R) Network Adapter Diagnostic Driver
+    Company: 'Intel Corporation '
+    InternalName: iQVW64.SYS
+    OriginalFilename: iQVW64.SYS
+    FileVersion: '1.03.1.2 built by: WinDDK'
+    Product: Intel(R) iQVW64.SYS
+    ProductVersion: 1.03.1.2
+    Copyright: Copyright (C) 2002-2015 Intel Corporation All Rights Reserved.
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - IofCompleteRequest
+    - MmIsAddressValid
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - MmGetPhysicalAddress
+    - DbgPrint
+    - strncpy
+    - vsprintf
+    - IoFreeMdl
+    - MmMapLockedPagesSpecifyCache
+    - MmBuildMdlForNonPagedPool
+    - IoAllocateMdl
+    - MmUnmapIoSpace
+    - MmUnmapLockedPages
+    - MmAllocateContiguousMemory
+    - RtlInitUnicodeString
+    - MmMapIoSpace
+    - ObfDereferenceObject
+    - KeWaitForSingleObject
+    - IofCallDriver
+    - IoBuildSynchronousFsdRequest
+    - KeInitializeEvent
+    - ZwClose
+    - RtlFreeAnsiString
+    - strstr
+    - RtlUnicodeStringToAnsiString
+    - ZwEnumerateValueKey
+    - ZwOpenKey
+    - wcsncpy
+    - IoGetDeviceObjectPointer
+    - IoGetDeviceInterfaces
+    - ObReferenceObjectByPointer
+    - KeBugCheckEx
+    - IoDeleteSymbolicLink
+    - MmFreeContiguousMemory
+    - IoDeleteDevice
+    - KeStallExecutionProcessor
+    - KeQueryPerformanceCounter
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=CA, L=Santa Clara, O=Intel Corporation, CN=Intel(R)
+                INTELNPG1
+            ValidFrom: '2015-09-28 19:41:01'
+            ValidTo: '2016-09-27 19:41:01'
+            Signature: 2e848fb2550d87edeeacf69dca78bc7ee5e795fd42baa6a313ef275d8d2e759cc65a18cd2377377e94a0ebb35a0102145417defb44dcf18f4dd77ee101906f3246ae512d7bb1e1dc4e40381a2c6ee4b4109167360f93b6694abc8c91dfec6b9da549d30c874b96a7f1217f5a4ee8093a880eb8aafbc2d9b58de2a71e8cb2fcf51d7133cf971410e9de26ad9a1b3516055847e9979af0c1fe4950fcd301d3f4170bf37660e3eb7f30197aad793158fee9958f2772eca1836e57bfd50c2c3dbf6cb6916e56f9a7e262f79d57c75993056f677ff60638475f9980b51f0916fea9e87e96778bb86cbb56425752eed78660e6e026728f8388d1e05f2cf54fd664c17e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 330000b7c6cfa9df260db5243500020000b7c6
+            Version: 3
+            TBS:
+                MD5: d04e62ad536be27b5ae5f53dfe14060b
+                SHA1: 558dc33cda5a996d71afe98ea75f5d81c358f42b
+                SHA256: 832c1b2d5269714f6804e13ed6fe068d732b543de00975c9e04dd697bf7be6e1
+                SHA384: fde1b110f034d38c2923861b58e91798da1b17afbf0ed367c3fd6ecc708d2795a4d7434367625db81d686337cce199d0
+        -   Subject: C=US, ST=CA, L=Santa Clara, O=Intel Corporation, CN=Intel External
+                Basic Issuing CA 3B
+            ValidFrom: '2013-02-08 22:21:23'
+            ValidTo: '2018-02-08 22:31:23'
+            Signature: 47bb93e603b1d9570eff60e90fc75e86e623f7defa6dc27732ef23f68fcc6f2572d4a94bad11a273bb8bd2b7b8879474890ccc5cea3a9ac0753a97597c22003d7ac7c55be8d49313ec8f94cda833dfa4d79aa1c8d8a3b4497e173a02e96656978d16b470abbc6b1048e7457b13c74d05bca02c0516be067ef679678f9c3454e67eea197714f19d3b55e4339f69bba7a72254512c677d0452aa7b66dea96aad8ca15c7939cd1c85ec890699854627a001576e93365145e15a3a59af5b41f9709dc4160e05e795b401b4931a590b8a31f7b648c86af6228c9e92286fa893b4a772533ada2cfad43dbf09237fdfcc652ad091aa5031c865f53858d4b39be6311008
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 612cff88000100000010
+            Version: 3
+            TBS:
+                MD5: da9a02953cdcc039174d11b07dd2967d
+                SHA1: 568cfca269ff49615d305e680988337f0a90bc32
+                SHA256: fad628f5236458a9116a99f2d64fb9131a28f9942fca6239a5e7be0dddf4ce9f
+                SHA384: 5edeab0248f63cdc4c10b748618cd6fa4aa53ffb0ddfd51a2e35de2ea55a56822aa53fa734a46705655e8f5878b24ffd
+        -   Subject: C=US, O=Intel Corporation, CN=Intel External Basic Policy CA
+            ValidFrom: '2013-02-01 00:00:00'
+            ValidTo: '2020-05-30 10:48:38'
+            Signature: 586fbfcd43074213fcb8d0ad8121f28a6fef87bc268a7c00bd680c2b19642c1167b3a9d9790aac395d6500163b53466ea2a6b56799dbe8bfa225ae049511093a2fdeacb73db8bc017430804748544ca0fb6ba8b8a284b7f434e57bcedc5278f4316d4251ae87bf94acbe9616fb55e5798264fdac5038e4dccb812ce7776f9d9b235c7d0403f4079e7ed457e266944debb55c5c629e8c2d83e64614e2a11380fddae0862711922bbd87174fcb19184b5e8ce60dd98f7d23766fa4ffa0ba3de36d37d62638e81a9c2392c8561f1a1a8e00d633a66b95fa821e740b0fa486df23337c9e3614b35ce2a3ed48a08e28f1d74cf6c09bb4f53ca3e5a863a22c08a5d5fe
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 79174aa9141736fe15a7ca9f2cff4588
+            Version: 3
+            TBS:
+                MD5: 6ce466d55ab160317ee9b13522c2a82a
+                SHA1: 53b052ba209c525233293274854b264bc0f68b73
+                SHA256: f71790e057380a0cbafdfc25bc8b3dafd6cfbeb01077bb3d8194e91254a2fc9b
+                SHA384: c0cc37f9505ff2bab958c8ef1ea94736efae52bcf5948c866446c46b64fb9f5e603fbad4bc70270ae74e58ac8ab055f9
+        -   Subject: C=BM, O=QuoVadis Limited, CN=QuoVadis Issuing CA G4
+            ValidFrom: '2014-05-30 16:35:55'
+            ValidTo: '2021-03-17 18:33:33'
+            Signature: b9f61352b517a72a4d84774309a4dba067b4600e42f403bdc4ff2c5a0f902e78c563c84aec27f67ce429d0cf6018fa6822da0252760df21754c6f6081ea1cc82e4c33a6d99227cc4c077b4e6052047934039cfdc55adc346af294d799c644c205f8a1c56fc46a05fcb98dd917a39b4afc477996b9eacde6f2d79ea7fd7132498521cfd693eed72ac3fd0b4011914edb0f0cbf39c5114238cc7dc697d328196e41d478f017694833e888d925b1858986903c7f5d3f2615250eb34a0fd2630300fb5fd70e7272c370b1cf3e71ea62c0743b64b885e971fc1307d60642af30c7068445163599fdb57c21fff80e5c21192d82fefd51743ff642d64845c521a63c267
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 69b2d1ccf02e20dcc95c62894f7f9e5f5fc057bf
+            Version: 3
+            TBS:
+                MD5: 4e0fbd79a99e4a55f97ef41efee38a9f
+                SHA1: 114f36d5f22b84de97893469fc00b7035b3ef734
+                SHA256: f6dd9683708786a413d4d6a3661fa4e4aeb328adbd181b398b5b6aa02bb0bc16
+                SHA384: a26fe570a01b0e15cf94b41ce48ebd39ed9e9d18493d4c117f0fbb5a5b33ed8ef06c069b9638dda957547f0b0645e447
+        -   Subject: C=US, ST=CA, L=Santa Clara, O=Intel Corporation, OU=Thales TSS
+                ESN:E892,D055,162F, OU=Thales TSS ESN:E892,D055,162F, CN=timestamp.intel.com
+            ValidFrom: '2015-04-24 21:46:24'
+            ValidTo: '2018-04-24 21:46:23'
+            Signature: 8047f4f1adda6f2972314a83957d8317eaac6de7c512ffd6069d24346b58a697a0722a7e8f6fb1a3825f077b4115dcb2003b12b1e9cd47c2bce88061e702768706f101c55154b860d71ae231242724ec4e09a87e776f3b4ec14a432dd51da06908b867d874759885bdba067703d65975f064df053453abeaff8f46cc7f0dbf7a7f7771155314da26284645114a4b457556b9b86a7e6d656f6d5d07ad51c212a336d392a18508484a89594bf9433cc56f4a28f13cbb8c07911bbe7688519f20e4ee85acd6bcb40655e0e2d120af74a61f059d57fc51e7897c4b4c495d7e58b7a53f9f6e60ec746ffc1c83e50bb90b31f78c4623d0d3c6cabd94b092173f6d92493ea4109bef62b451cdd34855970eb7d46eff53faa9a5dfa86ce6827b4c6239ad91a6043965b86ded234fb7df1c1dd1999fb3f40cba71be3b0fdaf27b52094b4327aa4b0465dff988dfbaed910b737a4ef098c661896f0db44a438acd6ae50f2d8d52ab07b20bd11f7577a253a41d891bf853ba5d3900a496cdc1913eb3279ad47c07e02e0477afd8f1afbaa91ea4397e65a660baece3779e44a9db7638b84b76afdd6f42dcc7f5df4ede64b4dad08039849784a2faefe3537f587499af729480c29214c9cb5c7c58afd5a474ee319a892dc603d522fd5e588369f322c15c8dcd8848ecf1d203c48434736573ed50266127bd3b2a97189c05bb1bb70ff394ce11
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 28a11e74fc0b8754580f50954c47c94e67754f28
+            Version: 3
+            TBS:
+                MD5: 990afc9a12be270c0fa6921df0223974
+                SHA1: a7025b6889dbdeb4c6770d524d4c80a0a75da5df
+                SHA256: 6eb4cfbd4f50e31ece8b34937025ca350330cb25367a401a5665e68159b47f13
+                SHA384: 287f1afb51c586f323b8f42bd6e269051c3aabfd1aaa084650d4d35a42a122489b2cb634c6842981273da17c3d6c8c1d
+        -   Subject: C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust
+                External CA Root
+            ValidFrom: '2013-08-15 20:26:30'
+            ValidTo: '2023-08-15 20:36:30'
+            Signature: 362ba2f2e1331fe493f7f26985c6640ec99b632fe4703798fd94ec7bcff8a14246f9ed6a4e8d34693605557a1ebbad8c99429606e925a82684bec1bf16a97caa5b04b7fdd1c0f402be28edf577c79bfe3af6e8c17bd382abfa144ecf2bcfe5d5b54840b1a38f838bad2b2553aba634cef243f74f2ce9dd1e4e5ab6bae83b10992400bc50fd78f6e523a8899493f7b74130374a57b7e644d9c9df9905aa44fc74af8264cc07cb01b609c32ee3e832a7b49f4178c7a184365462f2ec150ac8ead084f8f1e06bf456125f95e0fcddb77693fe294a25e90400f1b4110ec9849edb177df51ea58e3629193a6d6c464bd7ab7024288d05a3d9d524f2f8a0d13c8239d4a8820e693a8109fc06f0c75933843693064191232c22a5a7012b50b428aedb46b0591b86b39b87e8494e390b6d14df4c03301e1f5f74aef55b590353ec9816e0d06235751b48b87d13e57a48b87752a40798253b069b7a4e6a6f44864f144f2779273d5073414c9c413edd290c73b1c7fb1f760c176504ebd25010924149ece4067d3615446f89bf697df94d40c13a98b6a07e31d2b5aecafb53d53f5086cd5e933b6d5d7c9a3f3ff7a9255884dd114900a2c7c89e37dd778e6d718be05b81345d54baccf59347886de7ef5be228e4801b40e40f2ad17f2315655aac9994433f465526d6c4fa8895e2919aa32d0b85deac8ce0f967709f71790231f761a229c4
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 3300000035d8d5595b0671412b000000000035
+            Version: 3
+            TBS:
+                MD5: 3d488d41aaeb5661974952080abef2fd
+                SHA1: df01e35e6befc7d65625319f17397b861e618d56
+                SHA256: 3d6ef38b5d26773dc77392e415e88b3a744b30ea9f2081e2a992b5818db2f0c4
+                SHA384: ac7c06916fe4a00307834b2499f12799d3fe463c2e63d1881df669a2786745beeee2b3a7d87cd6bc9e4fe293c22e5a59
+        Signer:
+        -   SerialNumber: 330000b7c6cfa9df260db5243500020000b7c6
+            Issuer: C=US, ST=CA, L=Santa Clara, O=Intel Corporation, CN=Intel External
+                Basic Issuing CA 3B
+            Version: 1
+    RichPEHeaderHash:
+        MD5: b93991aca170b2e53fc8da875f35fb17
+        SHA1: a18b9d606191ba9cf8eeb0a6354b3cdb71e92d9e
+        SHA256: af46cc3638ff53bbc265d41801940298f3825b98920feb29959c1b3e64750a96
+    Sections:
+        .text:
+            Entropy: 6.312822181118576
+            Virtual Size: '0x47c5'
+        .rdata:
+            Entropy: 4.768779651626512
+            Virtual Size: '0x804'
+        .data:
+            Entropy: 0.30140680731160896
+            Virtual Size: '0x5c9ec0'
+        .pdata:
+            Entropy: 4.321873847434394
+            Virtual Size: '0x42c'
+        INIT:
+            Entropy: 5.8498641513136365
+            Virtual Size: '0x7c4'
+        .rsrc:
+            Entropy: 3.4283016769481693
+            Virtual Size: '0x3f8'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2015-10-29 15:44:49'
+    Imphash: a86fb9a41955bda815ab902fb58baa27
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: iQVW64.SYS
+    MD5: e1ebc6c5257a277115a7e61ee3e5e42f
+    SHA1: b67945815e40b1cd90708c57c57dab12ed29da83
+    SHA256: d74755311d127d0eb7454e56babc2db8dbaa814bc4ba8e2a7754d3e0224778e1
+    Authentihash:
+        MD5: d6a18c98a17d12e0c8678cd0c1cc5fc6
+        SHA1: d3f4a292c29d6c87b4744370a430889cba6ab093
+        SHA256: 83aad7f91c4ebec89fb63e60ccc05628281aa0439362097bd91c69f4b74470bb
+    Description: Intel(R) Network Adapter Diagnostic Driver
+    Company: 'Intel Corporation '
+    InternalName: iQVW64.SYS
+    OriginalFilename: iQVW64.SYS
+    FileVersion: '1.03.0.4 built by: WinDDK'
+    Product: Intel(R) iQVW64.SYS
+    ProductVersion: 1.03.0.4
+    Copyright: Copyright (C) 2002-2006 Intel Corporation All Rights Reserved.
+    MachineType: IA64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - KeGetCurrentIrql
+    - DbgPrint
+    - sprintf
+    - vsprintf
+    - IoFreeMdl
+    - MmMapLockedPages
+    - MmBuildMdlForNonPagedPool
+    - IoAllocateMdl
+    - MmUnmapIoSpace
+    - MmUnmapLockedPages
+    - MmAllocateContiguousMemory
+    - MmFreeContiguousMemory
+    - MmMapIoSpace
+    - ObfDereferenceObject
+    - KeWaitForSingleObject
+    - MmGetPhysicalAddress
+    - IoBuildSynchronousFsdRequest
+    - KeInitializeEvent
+    - ZwClose
+    - RtlFreeAnsiString
+    - strstr
+    - RtlUnicodeStringToAnsiString
+    - ZwEnumerateValueKey
+    - ZwOpenKey
+    - wcsncpy
+    - IoGetDeviceObjectPointer
+    - IoGetDeviceInterfaces
+    - ObReferenceObjectByPointer
+    - KeTickCount
+    - KeBugCheckEx
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - RtlInitUnicodeString
+    - IoDeleteSymbolicLink
+    - IofCallDriver
+    - IoDeleteDevice
+    - KeStallExecutionProcessor
+    - WRITE_PORT_ULONG
+    - WRITE_PORT_USHORT
+    - WRITE_PORT_UCHAR
+    - READ_PORT_ULONG
+    - READ_PORT_USHORT
+    - READ_PORT_UCHAR
+    - KeQueryPerformanceCounter
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2008-12-03 23:59:59'
+            Signature: 877870da4e5201205be079c98230c4fdb91996bd9100c3bdcdcdc6f40ed8fff94dc033623011c5f5741bd492de5f9c2013b17c45be50cd83e7801783a72793671346fbcab8984103cc9b515b058b7fa86ff31b501b242ef2698d6c22f7bbca1695ed0c74c06877d9eb996287c17390f889747a23aba3987b97b1f78f29714d2e751b4841daf0b50d2054d677a097826369fd09cf8af075bb099bd9f91155269a6132be7a02b07b86bea2c38b222c78d13576bc92735cf9b9e64c150a23cce4d2d4342e4940153c0f607a24c6a566ef96cf70eb3ee7f40d7edcd17ca3767169c19c4f47303521b1a2af1a623c2bd98eaa2a077bd818b35c7be29da56ffe3c89ad
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0de92bf0d4d82988183205095e9a7688
+            Version: 3
+            TBS:
+                MD5: 45c204b8a20f6abb0188d2d38a3fb0c9
+                SHA1: cdf3a3c5c2eda4c29621f30fd3154f9f8c765739
+                SHA256: e32839dddc0f4ed2474efaf37f59d46db400c700fd19533cb0895a111124bc77
+                SHA384: ee9c75832cb252218b3201619852209df490d2ef7a5f7a28afdb37f1c1dd56f4604898838e558f615b1c798d4a488223
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=US, ST=Oregon, L=Hillsboro, O=Intel Corporation, OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, OU=LAN Access Division,
+                CN=Intel Corporation
+            ValidFrom: '2006-04-17 00:00:00'
+            ValidTo: '2009-05-31 23:59:59'
+            Signature: 1c9c5e1020ecb0b42a91db52dd24e367787824834a64266a853e2e606da460488ac331c35600c43713d44df9a63e354c802f6fd18393206067cb6386f02d31c9b1ec0cf22d2067dc3add71bcb23063436822b69c31e1aa9c236e1111651ba67adf5fa784b98a264a33e03e61bb7e5b3e47152ce5d4d4918ca92bfc581063b1c83777480f29f7c02f08f47078e95e0eca268714fd9e5cce7a381bcfcd55918af45d3e3b1f2a82846df292a4a2ac99e94fb5df00b73cf90968b2d47789bf10f6673b4e5c3b6631eedc336a2aa1b6de1fc3dda1d26b10c9d9c4bb92ceff38b0e49c0939a9d5b179f0d1cf7251406b473381c79bf4fa9670d6c6325a7f9909ae0b63
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 65680c783b728ab2a1880df4232ded32
+            Version: 3
+            TBS:
+                MD5: 9d44550dc9e1d18ef155513f85ab1f12
+                SHA1: 5f3d3da7374d8edbe4b2a2534c07682861458b3c
+                SHA256: 12d4c385c0c5e927fc876523b6874918232c08fdaff8e96e230e622b0841df00
+                SHA384: 165909cf2d34f32ea49a96d98d2c59d6eaad7a8bfe85f6e34d9da3fa79f40b31e4a88d3040558b876f2154c8970b41c4
+        Signer:
+        -   SerialNumber: 65680c783b728ab2a1880df4232ded32
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 8007fd3858325a29ea818653b1ceb33c
+        SHA1: acaff2a453f47e14cf2a396ee2e6ca8cbc5801b7
+        SHA256: d95fe490f0c27ddb18fe210abef87a55a90d70c1c3fc71319e0f05ae06894b29
+    Sections:
+        .text:
+            Entropy: 5.47466343739527
+            Virtual Size: '0x9650'
+        .rdata:
+            Entropy: 3.6126138085431725
+            Virtual Size: '0x1268'
+        .pdata:
+            Entropy: 3.954637417465344
+            Virtual Size: '0x3e4'
+        .srdata:
+            Entropy: 2.416721292937625
+            Virtual Size: '0x298'
+        .sdata:
+            Entropy: 2.4838136736919543
+            Virtual Size: '0x1b0'
+        .data:
+            Entropy: 1.0629748059111717
+            Virtual Size: '0x5bb060'
+        INIT:
+            Entropy: 5.6120916993294285
+            Virtual Size: '0x92a'
+        .rsrc:
+            Entropy: 3.4112316573365282
+            Virtual Size: '0x3f8'
+        .reloc:
+            Entropy: 0.5046360681325445
+            Virtual Size: '0x1170'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2007-06-12 08:31:18'
+    Imphash: a793af44219650b4dd07d8a19ede33f1
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: iQVW64.SYS
+    MD5: edbf206c27c3aa7d1890899dffcc03ec
+    SHA1: 3bb1dddb4157b6b8175fc6e1e7c33bef7870c500
+    SHA256: de3597ae7196ca8c0750dce296a8a4f58893774f764455a125464766fcc9b3b5
+    Authentihash:
+        MD5: 23b096e4055705b360ce4c802fb5e36c
+        SHA1: 4d3d6c6932e2882067830b2167b994b169e536d1
+        SHA256: e80597ea0d75e9198428c81ca5b4495bf11922dd29852a0a2e63998e36857746
+    Description: Intel(R) Network Adapter Diagnostic Driver
+    Company: 'Intel Corporation '
+    InternalName: iQVW64.SYS
+    OriginalFilename: iQVW64.SYS
+    FileVersion: '1.03.1.0 built by: WinDDK'
+    Product: Intel(R) iQVW64.SYS
+    ProductVersion: 1.03.1.0
+    Copyright: Copyright (C) 2002-2015 Intel Corporation All Rights Reserved.
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - IofCompleteRequest
+    - MmIsAddressValid
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - MmGetPhysicalAddress
+    - DbgPrint
+    - strncpy
+    - vsprintf
+    - IoFreeMdl
+    - MmMapLockedPagesSpecifyCache
+    - MmBuildMdlForNonPagedPool
+    - IoAllocateMdl
+    - MmUnmapIoSpace
+    - MmUnmapLockedPages
+    - MmAllocateContiguousMemory
+    - RtlInitUnicodeString
+    - MmMapIoSpace
+    - ObfDereferenceObject
+    - KeWaitForSingleObject
+    - IofCallDriver
+    - IoBuildSynchronousFsdRequest
+    - KeInitializeEvent
+    - ZwClose
+    - RtlFreeAnsiString
+    - strstr
+    - RtlUnicodeStringToAnsiString
+    - ZwEnumerateValueKey
+    - ZwOpenKey
+    - wcsncpy
+    - IoGetDeviceObjectPointer
+    - IoGetDeviceInterfaces
+    - ObReferenceObjectByPointer
+    - KeBugCheckEx
+    - IoDeleteSymbolicLink
+    - MmFreeContiguousMemory
+    - IoDeleteDevice
+    - KeStallExecutionProcessor
+    - KeQueryPerformanceCounter
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=CA, L=Santa Clara, O=Intel Corporation, CN=Intel(R)
+                INTELNPG1
+            ValidFrom: '2015-09-28 19:41:01'
+            ValidTo: '2016-09-27 19:41:01'
+            Signature: 2e848fb2550d87edeeacf69dca78bc7ee5e795fd42baa6a313ef275d8d2e759cc65a18cd2377377e94a0ebb35a0102145417defb44dcf18f4dd77ee101906f3246ae512d7bb1e1dc4e40381a2c6ee4b4109167360f93b6694abc8c91dfec6b9da549d30c874b96a7f1217f5a4ee8093a880eb8aafbc2d9b58de2a71e8cb2fcf51d7133cf971410e9de26ad9a1b3516055847e9979af0c1fe4950fcd301d3f4170bf37660e3eb7f30197aad793158fee9958f2772eca1836e57bfd50c2c3dbf6cb6916e56f9a7e262f79d57c75993056f677ff60638475f9980b51f0916fea9e87e96778bb86cbb56425752eed78660e6e026728f8388d1e05f2cf54fd664c17e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 330000b7c6cfa9df260db5243500020000b7c6
+            Version: 3
+            TBS:
+                MD5: d04e62ad536be27b5ae5f53dfe14060b
+                SHA1: 558dc33cda5a996d71afe98ea75f5d81c358f42b
+                SHA256: 832c1b2d5269714f6804e13ed6fe068d732b543de00975c9e04dd697bf7be6e1
+                SHA384: fde1b110f034d38c2923861b58e91798da1b17afbf0ed367c3fd6ecc708d2795a4d7434367625db81d686337cce199d0
+        -   Subject: C=US, ST=CA, L=Santa Clara, O=Intel Corporation, CN=Intel External
+                Basic Issuing CA 3B
+            ValidFrom: '2013-02-08 22:21:23'
+            ValidTo: '2018-02-08 22:31:23'
+            Signature: 47bb93e603b1d9570eff60e90fc75e86e623f7defa6dc27732ef23f68fcc6f2572d4a94bad11a273bb8bd2b7b8879474890ccc5cea3a9ac0753a97597c22003d7ac7c55be8d49313ec8f94cda833dfa4d79aa1c8d8a3b4497e173a02e96656978d16b470abbc6b1048e7457b13c74d05bca02c0516be067ef679678f9c3454e67eea197714f19d3b55e4339f69bba7a72254512c677d0452aa7b66dea96aad8ca15c7939cd1c85ec890699854627a001576e93365145e15a3a59af5b41f9709dc4160e05e795b401b4931a590b8a31f7b648c86af6228c9e92286fa893b4a772533ada2cfad43dbf09237fdfcc652ad091aa5031c865f53858d4b39be6311008
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 612cff88000100000010
+            Version: 3
+            TBS:
+                MD5: da9a02953cdcc039174d11b07dd2967d
+                SHA1: 568cfca269ff49615d305e680988337f0a90bc32
+                SHA256: fad628f5236458a9116a99f2d64fb9131a28f9942fca6239a5e7be0dddf4ce9f
+                SHA384: 5edeab0248f63cdc4c10b748618cd6fa4aa53ffb0ddfd51a2e35de2ea55a56822aa53fa734a46705655e8f5878b24ffd
+        -   Subject: C=US, O=Intel Corporation, CN=Intel External Basic Policy CA
+            ValidFrom: '2013-02-01 00:00:00'
+            ValidTo: '2020-05-30 10:48:38'
+            Signature: 586fbfcd43074213fcb8d0ad8121f28a6fef87bc268a7c00bd680c2b19642c1167b3a9d9790aac395d6500163b53466ea2a6b56799dbe8bfa225ae049511093a2fdeacb73db8bc017430804748544ca0fb6ba8b8a284b7f434e57bcedc5278f4316d4251ae87bf94acbe9616fb55e5798264fdac5038e4dccb812ce7776f9d9b235c7d0403f4079e7ed457e266944debb55c5c629e8c2d83e64614e2a11380fddae0862711922bbd87174fcb19184b5e8ce60dd98f7d23766fa4ffa0ba3de36d37d62638e81a9c2392c8561f1a1a8e00d633a66b95fa821e740b0fa486df23337c9e3614b35ce2a3ed48a08e28f1d74cf6c09bb4f53ca3e5a863a22c08a5d5fe
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 79174aa9141736fe15a7ca9f2cff4588
+            Version: 3
+            TBS:
+                MD5: 6ce466d55ab160317ee9b13522c2a82a
+                SHA1: 53b052ba209c525233293274854b264bc0f68b73
+                SHA256: f71790e057380a0cbafdfc25bc8b3dafd6cfbeb01077bb3d8194e91254a2fc9b
+                SHA384: c0cc37f9505ff2bab958c8ef1ea94736efae52bcf5948c866446c46b64fb9f5e603fbad4bc70270ae74e58ac8ab055f9
+        -   Subject: C=BM, O=QuoVadis Limited, CN=QuoVadis Issuing CA G4
+            ValidFrom: '2014-05-30 16:35:55'
+            ValidTo: '2021-03-17 18:33:33'
+            Signature: b9f61352b517a72a4d84774309a4dba067b4600e42f403bdc4ff2c5a0f902e78c563c84aec27f67ce429d0cf6018fa6822da0252760df21754c6f6081ea1cc82e4c33a6d99227cc4c077b4e6052047934039cfdc55adc346af294d799c644c205f8a1c56fc46a05fcb98dd917a39b4afc477996b9eacde6f2d79ea7fd7132498521cfd693eed72ac3fd0b4011914edb0f0cbf39c5114238cc7dc697d328196e41d478f017694833e888d925b1858986903c7f5d3f2615250eb34a0fd2630300fb5fd70e7272c370b1cf3e71ea62c0743b64b885e971fc1307d60642af30c7068445163599fdb57c21fff80e5c21192d82fefd51743ff642d64845c521a63c267
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 69b2d1ccf02e20dcc95c62894f7f9e5f5fc057bf
+            Version: 3
+            TBS:
+                MD5: 4e0fbd79a99e4a55f97ef41efee38a9f
+                SHA1: 114f36d5f22b84de97893469fc00b7035b3ef734
+                SHA256: f6dd9683708786a413d4d6a3661fa4e4aeb328adbd181b398b5b6aa02bb0bc16
+                SHA384: a26fe570a01b0e15cf94b41ce48ebd39ed9e9d18493d4c117f0fbb5a5b33ed8ef06c069b9638dda957547f0b0645e447
+        -   Subject: C=US, ST=CA, L=Santa Clara, O=Intel Corporation, OU=Thales TSS
+                ESN:E892,D055,162F, OU=Thales TSS ESN:E892,D055,162F, CN=timestamp.intel.com
+            ValidFrom: '2015-04-24 21:46:24'
+            ValidTo: '2018-04-24 21:46:23'
+            Signature: 8047f4f1adda6f2972314a83957d8317eaac6de7c512ffd6069d24346b58a697a0722a7e8f6fb1a3825f077b4115dcb2003b12b1e9cd47c2bce88061e702768706f101c55154b860d71ae231242724ec4e09a87e776f3b4ec14a432dd51da06908b867d874759885bdba067703d65975f064df053453abeaff8f46cc7f0dbf7a7f7771155314da26284645114a4b457556b9b86a7e6d656f6d5d07ad51c212a336d392a18508484a89594bf9433cc56f4a28f13cbb8c07911bbe7688519f20e4ee85acd6bcb40655e0e2d120af74a61f059d57fc51e7897c4b4c495d7e58b7a53f9f6e60ec746ffc1c83e50bb90b31f78c4623d0d3c6cabd94b092173f6d92493ea4109bef62b451cdd34855970eb7d46eff53faa9a5dfa86ce6827b4c6239ad91a6043965b86ded234fb7df1c1dd1999fb3f40cba71be3b0fdaf27b52094b4327aa4b0465dff988dfbaed910b737a4ef098c661896f0db44a438acd6ae50f2d8d52ab07b20bd11f7577a253a41d891bf853ba5d3900a496cdc1913eb3279ad47c07e02e0477afd8f1afbaa91ea4397e65a660baece3779e44a9db7638b84b76afdd6f42dcc7f5df4ede64b4dad08039849784a2faefe3537f587499af729480c29214c9cb5c7c58afd5a474ee319a892dc603d522fd5e588369f322c15c8dcd8848ecf1d203c48434736573ed50266127bd3b2a97189c05bb1bb70ff394ce11
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 28a11e74fc0b8754580f50954c47c94e67754f28
+            Version: 3
+            TBS:
+                MD5: 990afc9a12be270c0fa6921df0223974
+                SHA1: a7025b6889dbdeb4c6770d524d4c80a0a75da5df
+                SHA256: 6eb4cfbd4f50e31ece8b34937025ca350330cb25367a401a5665e68159b47f13
+                SHA384: 287f1afb51c586f323b8f42bd6e269051c3aabfd1aaa084650d4d35a42a122489b2cb634c6842981273da17c3d6c8c1d
+        -   Subject: C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust
+                External CA Root
+            ValidFrom: '2013-08-15 20:26:30'
+            ValidTo: '2023-08-15 20:36:30'
+            Signature: 362ba2f2e1331fe493f7f26985c6640ec99b632fe4703798fd94ec7bcff8a14246f9ed6a4e8d34693605557a1ebbad8c99429606e925a82684bec1bf16a97caa5b04b7fdd1c0f402be28edf577c79bfe3af6e8c17bd382abfa144ecf2bcfe5d5b54840b1a38f838bad2b2553aba634cef243f74f2ce9dd1e4e5ab6bae83b10992400bc50fd78f6e523a8899493f7b74130374a57b7e644d9c9df9905aa44fc74af8264cc07cb01b609c32ee3e832a7b49f4178c7a184365462f2ec150ac8ead084f8f1e06bf456125f95e0fcddb77693fe294a25e90400f1b4110ec9849edb177df51ea58e3629193a6d6c464bd7ab7024288d05a3d9d524f2f8a0d13c8239d4a8820e693a8109fc06f0c75933843693064191232c22a5a7012b50b428aedb46b0591b86b39b87e8494e390b6d14df4c03301e1f5f74aef55b590353ec9816e0d06235751b48b87d13e57a48b87752a40798253b069b7a4e6a6f44864f144f2779273d5073414c9c413edd290c73b1c7fb1f760c176504ebd25010924149ece4067d3615446f89bf697df94d40c13a98b6a07e31d2b5aecafb53d53f5086cd5e933b6d5d7c9a3f3ff7a9255884dd114900a2c7c89e37dd778e6d718be05b81345d54baccf59347886de7ef5be228e4801b40e40f2ad17f2315655aac9994433f465526d6c4fa8895e2919aa32d0b85deac8ce0f967709f71790231f761a229c4
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 3300000035d8d5595b0671412b000000000035
+            Version: 3
+            TBS:
+                MD5: 3d488d41aaeb5661974952080abef2fd
+                SHA1: df01e35e6befc7d65625319f17397b861e618d56
+                SHA256: 3d6ef38b5d26773dc77392e415e88b3a744b30ea9f2081e2a992b5818db2f0c4
+                SHA384: ac7c06916fe4a00307834b2499f12799d3fe463c2e63d1881df669a2786745beeee2b3a7d87cd6bc9e4fe293c22e5a59
+        Signer:
+        -   SerialNumber: 330000b7c6cfa9df260db5243500020000b7c6
+            Issuer: C=US, ST=CA, L=Santa Clara, O=Intel Corporation, CN=Intel External
+                Basic Issuing CA 3B
+            Version: 1
+    RichPEHeaderHash:
+        MD5: b93991aca170b2e53fc8da875f35fb17
+        SHA1: a18b9d606191ba9cf8eeb0a6354b3cdb71e92d9e
+        SHA256: af46cc3638ff53bbc265d41801940298f3825b98920feb29959c1b3e64750a96
+    Sections:
+        .text:
+            Entropy: 6.3078070626171385
+            Virtual Size: '0x47f5'
+        .rdata:
+            Entropy: 4.766735064189019
+            Virtual Size: '0x804'
+        .data:
+            Entropy: 0.30140680731160896
+            Virtual Size: '0x5c9ec0'
+        .pdata:
+            Entropy: 4.311882242131907
+            Virtual Size: '0x42c'
+        INIT:
+            Entropy: 5.851810349253708
+            Virtual Size: '0x7c4'
+        .rsrc:
+            Entropy: 3.4182486205222795
+            Virtual Size: '0x3f8'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2015-11-24 07:11:47'
+    Imphash: a86fb9a41955bda815ab902fb58baa27
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: iQVW64.SYS
+    MD5: d0a5f9ace1f0c459cef714156db1de02
+    SHA1: 540b9f9a232b9d597138b8e0f33d83f5f6e247af
+    SHA256: f877296e8506e6a1acbdacdc5085b18c6842320a2775a329d286bac796f08d54
+    Authentihash:
+        MD5: a3680d04628485c4f6258dc95f4e8e76
+        SHA1: a254c2464cf2f39e729125250fa80297de9dcf01
+        SHA256: dcd4d4bee76aacba8792df291eb55cc716752bd7ddb51ecb9bec491b02f57c70
+    Description: Intel(R) Network Adapter Diagnostic Driver
+    Company: 'Intel Corporation '
+    InternalName: iQVW64.SYS
+    OriginalFilename: iQVW64.SYS
+    FileVersion: '1.03.1.0 built by: WinDDK'
+    Product: Intel(R) iQVW64.SYS
+    ProductVersion: 1.03.1.0
+    Copyright: Copyright (C) 2002-2015 Intel Corporation All Rights Reserved.
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - IofCompleteRequest
+    - MmIsAddressValid
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - MmGetPhysicalAddress
+    - DbgPrint
+    - strncpy
+    - vsprintf
+    - IoFreeMdl
+    - MmMapLockedPagesSpecifyCache
+    - MmBuildMdlForNonPagedPool
+    - IoAllocateMdl
+    - MmUnmapIoSpace
+    - MmUnmapLockedPages
+    - MmAllocateContiguousMemory
+    - RtlInitUnicodeString
+    - MmMapIoSpace
+    - ObfDereferenceObject
+    - KeWaitForSingleObject
+    - IofCallDriver
+    - IoBuildSynchronousFsdRequest
+    - KeInitializeEvent
+    - ZwClose
+    - RtlFreeAnsiString
+    - strstr
+    - RtlUnicodeStringToAnsiString
+    - ZwEnumerateValueKey
+    - ZwOpenKey
+    - wcsncpy
+    - IoGetDeviceObjectPointer
+    - IoGetDeviceInterfaces
+    - ObReferenceObjectByPointer
+    - KeBugCheckEx
+    - IoDeleteSymbolicLink
+    - MmFreeContiguousMemory
+    - IoDeleteDevice
+    - KeStallExecutionProcessor
+    - KeQueryPerformanceCounter
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=CA, L=Santa Clara, O=Intel Corporation, CN=Intel(R)
+                Intel Network Drivers
+            ValidFrom: '2014-09-25 20:18:50'
+            ValidTo: '2015-09-25 20:18:50'
+            Signature: 282fbd46725208a238f3b5692c350f5a4c0435aa16618799ca4a4b50e71c9be943c5f066d41ace15a81c2793d1c2e9b028b9e286547b065c092b778c21c4074ac7b680b673e0ddf92264e0a996ac7d377514787cd0f849ee320a25437779313dc9b8a6eb0ad5e39e07af803aae07f604b3face98f2803dc50e662598c62c900f71f0b3108c5ea58ac23c3f03cf82fad4c2a036495844141edc66d5aae317406280975a638b82613d7009d34e6886666c96d72d119f54d1c073e19bfc9a2c52003f7446867a39bd5574cc4fe5c4a43242943759796d16e390c2b418cf86e28f14ffbe9eb0bdfbd827d3998ffbbf471a482866514cd8ab53a7ee64b19cca57f809
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 330000b4a079accd956034e6ae00020000b4a0
+            Version: 3
+            TBS:
+                MD5: 557387a7a96e3f151cc3c13fa63d68ba
+                SHA1: e04a58597b2e5e13751077fd04eba275a3facc0e
+                SHA256: b0143064d50e1d87a0c526921c271950fd3e3b29b7efa7adca88d2dc07fee5b2
+                SHA384: 8e59bc2bf8da2fcea5bd7519805de016bd47645d1950cf07603f165e0d68754f0910384cdf95ecd747a07f2137a1bc10
+        -   Subject: C=US, ST=CA, L=Santa Clara, O=Intel Corporation, CN=Intel External
+                Basic Issuing CA 3B
+            ValidFrom: '2013-02-08 22:21:23'
+            ValidTo: '2018-02-08 22:31:23'
+            Signature: 47bb93e603b1d9570eff60e90fc75e86e623f7defa6dc27732ef23f68fcc6f2572d4a94bad11a273bb8bd2b7b8879474890ccc5cea3a9ac0753a97597c22003d7ac7c55be8d49313ec8f94cda833dfa4d79aa1c8d8a3b4497e173a02e96656978d16b470abbc6b1048e7457b13c74d05bca02c0516be067ef679678f9c3454e67eea197714f19d3b55e4339f69bba7a72254512c677d0452aa7b66dea96aad8ca15c7939cd1c85ec890699854627a001576e93365145e15a3a59af5b41f9709dc4160e05e795b401b4931a590b8a31f7b648c86af6228c9e92286fa893b4a772533ada2cfad43dbf09237fdfcc652ad091aa5031c865f53858d4b39be6311008
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 612cff88000100000010
+            Version: 3
+            TBS:
+                MD5: da9a02953cdcc039174d11b07dd2967d
+                SHA1: 568cfca269ff49615d305e680988337f0a90bc32
+                SHA256: fad628f5236458a9116a99f2d64fb9131a28f9942fca6239a5e7be0dddf4ce9f
+                SHA384: 5edeab0248f63cdc4c10b748618cd6fa4aa53ffb0ddfd51a2e35de2ea55a56822aa53fa734a46705655e8f5878b24ffd
+        -   Subject: C=US, O=Intel Corporation, CN=Intel External Basic Policy CA
+            ValidFrom: '2013-02-01 00:00:00'
+            ValidTo: '2020-05-30 10:48:38'
+            Signature: 586fbfcd43074213fcb8d0ad8121f28a6fef87bc268a7c00bd680c2b19642c1167b3a9d9790aac395d6500163b53466ea2a6b56799dbe8bfa225ae049511093a2fdeacb73db8bc017430804748544ca0fb6ba8b8a284b7f434e57bcedc5278f4316d4251ae87bf94acbe9616fb55e5798264fdac5038e4dccb812ce7776f9d9b235c7d0403f4079e7ed457e266944debb55c5c629e8c2d83e64614e2a11380fddae0862711922bbd87174fcb19184b5e8ce60dd98f7d23766fa4ffa0ba3de36d37d62638e81a9c2392c8561f1a1a8e00d633a66b95fa821e740b0fa486df23337c9e3614b35ce2a3ed48a08e28f1d74cf6c09bb4f53ca3e5a863a22c08a5d5fe
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 79174aa9141736fe15a7ca9f2cff4588
+            Version: 3
+            TBS:
+                MD5: 6ce466d55ab160317ee9b13522c2a82a
+                SHA1: 53b052ba209c525233293274854b264bc0f68b73
+                SHA256: f71790e057380a0cbafdfc25bc8b3dafd6cfbeb01077bb3d8194e91254a2fc9b
+                SHA384: c0cc37f9505ff2bab958c8ef1ea94736efae52bcf5948c866446c46b64fb9f5e603fbad4bc70270ae74e58ac8ab055f9
+        -   Subject: C=SG, O=GMO GlobalSign Pte Ltd, CN=GlobalSign TSA for MS Authenticode
+                , G2
+            ValidFrom: '2015-02-03 00:00:00'
+            ValidTo: '2026-03-03 00:00:00'
+            Signature: 8032dc078d1ca09c9d3c2ae83d218b59a14d7ecc44ce03be7eaabcc4e67b73bb4bf188da904e7537283863b9d72b0f54a956ce7739973073cd9bd9d905451c8da4b8035d4fd91c2e98e0e988e6ecd7057e562a7bf7165ba3ad8f972512841bb25c634a0ad2ef10544782843569289c0ce41f141624fa75dc74726e4ecae36a43afcf7d3648d1bde906912c2fa6c871fdcfbdd89d2198fcafdbde228cafa7f377ef9ddca3704b441af078851ef2a58c39b5dc881c37edad14f5070b26bdbe6d025eb1b8b0586c853a0df6ff5a270cc5de53e7543c564cc94e4c30f6f25cfb1a8cc282bead5991f61b4d557bcf5b01dcfd7ad36f235c32479b01f3c15114468a9b
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112106a081d33fd87ae5824cc16b52094e03
+            Version: 3
+            TBS:
+                MD5: a0ac4d48fe852f7b3ed4e623d59a825f
+                SHA1: d4db9846bc4d7db142eeb364286f6de7c102420c
+                SHA256: 78d2e41a13eb4e9171bae2d2adb192cf39210b5231f77cda936bcfbe8c003bdf
+                SHA384: 990ed96dca5979deeedc98a012279f04efb5559d7e7f5084a12f3802ee9439326557aecefd081cff739b78515b5d7f50
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Timestamping CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2028-01-28 12:00:00'
+            Signature: 4e5e56901e46b4d94931f3bb1739281bc216ddfd41dc0905049b6fb2a29ad6992e40990055b5ea3fa52076d38634d417cc553ac782eeefa8babcd8069f1550dfcd167b523a02d7191afdaff0785ce04bc518df3a241edaacb8a95804020730dbb0125efe31bef00448f4f070f83a5e5683cf3dfb0dbcf4c5ed979db9d4dba52784e3389b8ba735864420a43b6da46a0ba183fd28ebdaef28f6cc885dfb0a3b00abe021ebe22f356c0f8e344597eba2f79933357ecb9a8abb454de73f9fc2d98afa65b26ec77e65ffe892e12c31a2f7b02736488f266f3bee4d761f79c3e57f9635bc2d0ecc01b08e7fff518080a792d4b34446648c874f166307314b63b0dff3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee152d7
+            Version: 3
+            TBS:
+                MD5: e140543fe3256027cfa79fc3c19c1776
+                SHA1: c655f94eb1ecc93de319fc0c9a2dc6c5ec063728
+                SHA256: 3ca71e85908ff67368e4dc00253f5691b9e6d50c966e7784143d75fb92aa3448
+                SHA384: d9d366f9328f2b55ee19a32cc5fd5148b81d764282fe5dc196c872ae249caa51d2c212ef39f33945dfe0cda81925e326
+        -   Subject: C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust
+                External CA Root
+            ValidFrom: '2013-08-15 20:26:30'
+            ValidTo: '2023-08-15 20:36:30'
+            Signature: 362ba2f2e1331fe493f7f26985c6640ec99b632fe4703798fd94ec7bcff8a14246f9ed6a4e8d34693605557a1ebbad8c99429606e925a82684bec1bf16a97caa5b04b7fdd1c0f402be28edf577c79bfe3af6e8c17bd382abfa144ecf2bcfe5d5b54840b1a38f838bad2b2553aba634cef243f74f2ce9dd1e4e5ab6bae83b10992400bc50fd78f6e523a8899493f7b74130374a57b7e644d9c9df9905aa44fc74af8264cc07cb01b609c32ee3e832a7b49f4178c7a184365462f2ec150ac8ead084f8f1e06bf456125f95e0fcddb77693fe294a25e90400f1b4110ec9849edb177df51ea58e3629193a6d6c464bd7ab7024288d05a3d9d524f2f8a0d13c8239d4a8820e693a8109fc06f0c75933843693064191232c22a5a7012b50b428aedb46b0591b86b39b87e8494e390b6d14df4c03301e1f5f74aef55b590353ec9816e0d06235751b48b87d13e57a48b87752a40798253b069b7a4e6a6f44864f144f2779273d5073414c9c413edd290c73b1c7fb1f760c176504ebd25010924149ece4067d3615446f89bf697df94d40c13a98b6a07e31d2b5aecafb53d53f5086cd5e933b6d5d7c9a3f3ff7a9255884dd114900a2c7c89e37dd778e6d718be05b81345d54baccf59347886de7ef5be228e4801b40e40f2ad17f2315655aac9994433f465526d6c4fa8895e2919aa32d0b85deac8ce0f967709f71790231f761a229c4
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 3300000035d8d5595b0671412b000000000035
+            Version: 3
+            TBS:
+                MD5: 3d488d41aaeb5661974952080abef2fd
+                SHA1: df01e35e6befc7d65625319f17397b861e618d56
+                SHA256: 3d6ef38b5d26773dc77392e415e88b3a744b30ea9f2081e2a992b5818db2f0c4
+                SHA384: ac7c06916fe4a00307834b2499f12799d3fe463c2e63d1881df669a2786745beeee2b3a7d87cd6bc9e4fe293c22e5a59
+        Signer:
+        -   SerialNumber: 330000b4a079accd956034e6ae00020000b4a0
+            Issuer: C=US, ST=CA, L=Santa Clara, O=Intel Corporation, CN=Intel External
+                Basic Issuing CA 3B
+            Version: 1
+    RichPEHeaderHash:
+        MD5: b93991aca170b2e53fc8da875f35fb17
+        SHA1: a18b9d606191ba9cf8eeb0a6354b3cdb71e92d9e
+        SHA256: af46cc3638ff53bbc265d41801940298f3825b98920feb29959c1b3e64750a96
+    Sections:
+        .text:
+            Entropy: 6.308035787328417
+            Virtual Size: '0x47f5'
+        .rdata:
+            Entropy: 4.769224140133115
+            Virtual Size: '0x804'
+        .data:
+            Entropy: 0.30140680731160896
+            Virtual Size: '0x5c9ec0'
+        .pdata:
+            Entropy: 4.308844204470135
+            Virtual Size: '0x42c'
+        INIT:
+            Entropy: 5.8512797646335875
+            Virtual Size: '0x7c4'
+        .rsrc:
+            Entropy: 3.4182486205222795
+            Virtual Size: '0x3f8'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2015-04-22 05:46:58'
+    Imphash: a86fb9a41955bda815ab902fb58baa27
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: iQVW64.SYS
+    MD5: cebf532d1e3c109418687cb9207516ad
+    SHA1: 444a2b778e2fc26067c49dde0aff0dcfb85f2b64
+    SHA256: ff115cefe624b6ca0b3878a86f6f8b352d1915b65fbbdc33ae15530a96ebdaa7
+    Authentihash:
+        MD5: e6245e7df4ae8bd2e49e0f41d3fad7fc
+        SHA1: 73d3fbb52669d917c11808919817d8d97681c6ac
+        SHA256: 1452103306895429c54ba1735800b8c8694c3165cdef32ca12ed6ce348019292
+    Description: Intel(R) Network Adapter Diagnostic Driver
+    Company: 'Intel Corporation '
+    InternalName: iQVW64.SYS
+    OriginalFilename: iQVW64.SYS
+    FileVersion: '1.03.0.4 built by: WinDDK'
+    Product: Intel(R) iQVW64.SYS
+    ProductVersion: 1.03.0.4
+    Copyright: Copyright (C) 2002-2006 Intel Corporation All Rights Reserved.
+    MachineType: IA64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - KeGetCurrentIrql
+    - DbgPrint
+    - sprintf
+    - vsprintf
+    - IoFreeMdl
+    - MmMapLockedPages
+    - MmBuildMdlForNonPagedPool
+    - IoAllocateMdl
+    - MmUnmapIoSpace
+    - MmUnmapLockedPages
+    - MmAllocateContiguousMemory
+    - MmFreeContiguousMemory
+    - MmMapIoSpace
+    - ObfDereferenceObject
+    - KeWaitForSingleObject
+    - MmGetPhysicalAddress
+    - IoBuildSynchronousFsdRequest
+    - KeInitializeEvent
+    - ZwClose
+    - RtlFreeAnsiString
+    - strstr
+    - RtlUnicodeStringToAnsiString
+    - ZwEnumerateValueKey
+    - ZwOpenKey
+    - wcsncpy
+    - IoGetDeviceObjectPointer
+    - IoGetDeviceInterfaces
+    - ObReferenceObjectByPointer
+    - KeTickCount
+    - KeBugCheckEx
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - RtlInitUnicodeString
+    - IoDeleteSymbolicLink
+    - IofCallDriver
+    - IoDeleteDevice
+    - KeStallExecutionProcessor
+    - WRITE_PORT_ULONG
+    - WRITE_PORT_USHORT
+    - WRITE_PORT_UCHAR
+    - READ_PORT_ULONG
+    - READ_PORT_USHORT
+    - READ_PORT_UCHAR
+    - KeQueryPerformanceCounter
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2008-12-03 23:59:59'
+            Signature: 877870da4e5201205be079c98230c4fdb91996bd9100c3bdcdcdc6f40ed8fff94dc033623011c5f5741bd492de5f9c2013b17c45be50cd83e7801783a72793671346fbcab8984103cc9b515b058b7fa86ff31b501b242ef2698d6c22f7bbca1695ed0c74c06877d9eb996287c17390f889747a23aba3987b97b1f78f29714d2e751b4841daf0b50d2054d677a097826369fd09cf8af075bb099bd9f91155269a6132be7a02b07b86bea2c38b222c78d13576bc92735cf9b9e64c150a23cce4d2d4342e4940153c0f607a24c6a566ef96cf70eb3ee7f40d7edcd17ca3767169c19c4f47303521b1a2af1a623c2bd98eaa2a077bd818b35c7be29da56ffe3c89ad
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0de92bf0d4d82988183205095e9a7688
+            Version: 3
+            TBS:
+                MD5: 45c204b8a20f6abb0188d2d38a3fb0c9
+                SHA1: cdf3a3c5c2eda4c29621f30fd3154f9f8c765739
+                SHA256: e32839dddc0f4ed2474efaf37f59d46db400c700fd19533cb0895a111124bc77
+                SHA384: ee9c75832cb252218b3201619852209df490d2ef7a5f7a28afdb37f1c1dd56f4604898838e558f615b1c798d4a488223
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=US, ST=Oregon, L=Hillsboro, O=Intel Corporation, OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, OU=LAN Access Division,
+                CN=Intel Corporation
+            ValidFrom: '2006-04-17 00:00:00'
+            ValidTo: '2009-05-31 23:59:59'
+            Signature: 1c9c5e1020ecb0b42a91db52dd24e367787824834a64266a853e2e606da460488ac331c35600c43713d44df9a63e354c802f6fd18393206067cb6386f02d31c9b1ec0cf22d2067dc3add71bcb23063436822b69c31e1aa9c236e1111651ba67adf5fa784b98a264a33e03e61bb7e5b3e47152ce5d4d4918ca92bfc581063b1c83777480f29f7c02f08f47078e95e0eca268714fd9e5cce7a381bcfcd55918af45d3e3b1f2a82846df292a4a2ac99e94fb5df00b73cf90968b2d47789bf10f6673b4e5c3b6631eedc336a2aa1b6de1fc3dda1d26b10c9d9c4bb92ceff38b0e49c0939a9d5b179f0d1cf7251406b473381c79bf4fa9670d6c6325a7f9909ae0b63
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 65680c783b728ab2a1880df4232ded32
+            Version: 3
+            TBS:
+                MD5: 9d44550dc9e1d18ef155513f85ab1f12
+                SHA1: 5f3d3da7374d8edbe4b2a2534c07682861458b3c
+                SHA256: 12d4c385c0c5e927fc876523b6874918232c08fdaff8e96e230e622b0841df00
+                SHA384: 165909cf2d34f32ea49a96d98d2c59d6eaad7a8bfe85f6e34d9da3fa79f40b31e4a88d3040558b876f2154c8970b41c4
+        Signer:
+        -   SerialNumber: 65680c783b728ab2a1880df4232ded32
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 8007fd3858325a29ea818653b1ceb33c
+        SHA1: acaff2a453f47e14cf2a396ee2e6ca8cbc5801b7
+        SHA256: d95fe490f0c27ddb18fe210abef87a55a90d70c1c3fc71319e0f05ae06894b29
+    Sections:
+        .text:
+            Entropy: 5.4745915858548955
+            Virtual Size: '0x9650'
+        .rdata:
+            Entropy: 3.6105380581890048
+            Virtual Size: '0x1268'
+        .pdata:
+            Entropy: 3.954637417465344
+            Virtual Size: '0x3e4'
+        .srdata:
+            Entropy: 2.416721292937625
+            Virtual Size: '0x298'
+        .sdata:
+            Entropy: 2.4838136736919543
+            Virtual Size: '0x1b0'
+        .data:
+            Entropy: 1.0629748059111717
+            Virtual Size: '0x5bb060'
+        INIT:
+            Entropy: 5.611965932939277
+            Virtual Size: '0x92a'
+        .rsrc:
+            Entropy: 3.4112316573365282
+            Virtual Size: '0x3f8'
+        .reloc:
+            Entropy: 0.5046360681325445
+            Virtual Size: '0x1170'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2006-11-15 08:41:42'
+    Imphash: a793af44219650b4dd07d8a19ede33f1
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/4e5064b4-48d3-418c-a7a8-f0dc7ac0a176.yaml b/yaml/4e5064b4-48d3-418c-a7a8-f0dc7ac0a176.yaml
index 96b660b11..18dfeda06 100644
--- a/yaml/4e5064b4-48d3-418c-a7a8-f0dc7ac0a176.yaml
+++ b/yaml/4e5064b4-48d3-418c-a7a8-f0dc7ac0a176.yaml
@@ -1,148 +1,149 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 4e5064b4-48d3-418c-a7a8-f0dc7ac0a176
+Tags:
+- MsIo32.sys
+Verified: 'TRUE'
 Author: Michael Haag
+Created: '2023-01-09'
+MitreID: T1068
 CVE:
 - CVE-2019-18845
 Category: vulnerable driver
 Commands:
-  Command: sc.exe create MsIo32.sys binPath=C:\windows\temp\MsIo32.sys type=kernel
-    && sc.exe start MsIo32.sys
-  Description: The MsIo64.sys and MsIo32.sys drivers in Patriot Viper RGB before 1.1
-    allow local users (including low integrity processes) to read and write to arbitrary
-    memory locations, and consequently gain NT AUTHORITY\SYSTEM privileges, by mapping
-    \Device\PhysicalMemory into the calling process via ZwOpenSection and ZwMapViewOfSection.
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
-Created: '2023-01-09'
-Detection: []
-Id: 4e5064b4-48d3-418c-a7a8-f0dc7ac0a176
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 6491c34f274a0ed6258fadca85bd69fb
-    SHA1: 7e732acb7cfad9ba043a9350cdeff25d742becb8
-    SHA256: 7018d515a6c781ea6097ca71d0f0603ad0d689f7ec99db27fcacd492a9e86027
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2018-02-12 00:57:50'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: MsIo32.sys
-  ImportedFunctions:
-  - RtlInitUnicodeString
-  - DbgPrint
-  - ZwClose
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - IoDeleteSymbolicLink
-  - ZwUnmapViewOfSection
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - ObfDereferenceObject
-  - IoDeleteDevice
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: d9e7e5bcc5b01915dbcef7762a7fc329
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 361b8f718c9e1f8f46acd39bc0e7b5cd
-    SHA1: 3b77d6df2bf649e4281d73aaa445cf8f31030027
-    SHA256: caf536e9adb1df49dc5ac8eb8557389d564f22d4f859c1baa9d0541ed58496f6
-  SHA1: e6305dddd06490d7f87e3b06d09e9d4c1c643af0
-  SHA256: 525d9b51a80ca0cd4c5889a96f857e73f3a80da1ffbae59851e0f51bdfb0b6cd
-  Sections:
-    .text:
-      Entropy: 6.058139200380966
-      Virtual Size: '0xf35'
-    .rdata:
-      Entropy: 4.121284123833754
-      Virtual Size: '0x160'
-    .data:
-      Entropy: 0.5159719988134768
-      Virtual Size: '0x110'
-    .pdata:
-      Entropy: 3.1036058838796503
-      Virtual Size: '0x54'
-    INIT:
-      Entropy: 4.784008217365607
-      Virtual Size: '0x262'
-  Signature:
-  - MICSYS Technology Co., Ltd.
-  - Symantec Class 3 Extended Validation Code Signing CA - G2
-  - VeriSign
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 Extended Validation Code Signing CA , G2
-      ValidFrom: '2014-03-04 00:00:00'
-      ValidTo: '2024-03-03 23:59:59'
-      Signature: 3f5b19f3fa13d575382a5aee9f5aa04ca91dc5cc94eede15fef5106ea41ba56483541858c40b28a185c34e74e5ff897cfed5ed3cba719f5602268f162a88feb0a32722ce4be2388e00a63a865f9de53ea8de644941744121fd07c88417da1d653082cb264f39d60427a481b14b49c3238b7e02321827b7ab0bf31872b6a4ee67066f38a6588de0f17e5da460c6a8e5505fe0e8bae28f9958b6b5a0a876f1a2f11c8841727e52979b0a36998d50f701eb3ce7f0226ae5358c63368a1ab1d967665f971aefa8209df02fba6cced9948500f158f17dc97c22b5075d02c6e60bbfab9393ff27188e33367e5734f1c3af04c184f156b3e8878336f8d30a31dc6e2c6d
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 191a32cb759c97b8cfac118dd5127f49
-      Version: 3
-      TBS:
-        MD5: 788b61bd26da89253179e3de2cdb527f
-        SHA1: 7d06f16e7bf21bce4f71c2cb7a3e74351451bf69
-        SHA256: b3c925b4048c3f7c444d248a2b101186b57cba39596eb5dce0e17a4ee4b32f19
-        SHA384: 2955e28cb7ec0ea9730b499a0f189f9621eceb02591a9486b583f12bb845885a30d6a871826318a167cc5f06b274e58c
-    - Subject: ??=TW, ??=Taiwan, ??=New Taipei City, ??=Private Organization, serialNumber=84948057,
-        C=TW, ST=Taiwan, L=New Taipei City, O=MICSYS Technology Co., Ltd., CN=MICSYS
-        Technology Co., Ltd.
-      ValidFrom: '2017-09-14 00:00:00'
-      ValidTo: '2018-09-14 23:59:59'
-      Signature: a088ab497bb3998b21a495dc947134af2f4fef067e37e6438b4f52f7773769bf583eaad5bf427552ca96f2dae2a60791066346a80c59c22fb22a98c6260fdccac7ed90a0148ce9dad3eebf008f1e3c206f952eea6748b256984b851e809d49c0923cb7224b48c96a83387aebbc70d44d19b1f865e59239b959dd2ecc6746062f1d9dd5ef426ed347184c9aad9d196279ca6e774e0d09b3f270fbe037e554c69c85d0a7d06b81047b0677e33011600c4dc4c08ff159f4ac344f96589cae7aec5166bc7a626b4d6fccbc07505872f781f9a2e4a0a0d5b1539790287a114be16b1c2a1648fbeeb9d95beb171ab1c4007c5c23f044c782cdfbb1703a13ee833197ba
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 48e28f46a3e4ac760dfa9a58fa6c6363
-      Version: 3
-      TBS:
-        MD5: 388e7704244c6f77b4f54d467075a41c
-        SHA1: 90fb8dec5a06fa52296ed951485dabce615ec76e
-        SHA256: 39d286d0c713fd8adbf4d9e97f04b8dc770dd286d15e0d36cc985825f05bd551
-        SHA384: 1d2f4da65dfd1829e0b196b6e258b3e2b4ddf3fc63975c62d1db460d4a3e73375cfd5676510e601405563fc1a35d4b11
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    Signer:
-    - SerialNumber: 48e28f46a3e4ac760dfa9a58fa6c6363
-      Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 Extended Validation Code Signing CA , G2
-      Version: 1
-  Imphash: 8a424cd36ae3eab0d11332ce3b982a02
-  LoadsDespiteHVCI: 'FALSE'
-MitreID: T1068
+    Command: sc.exe create MsIo32.sys binPath=C:\windows\temp\MsIo32.sys type=kernel
+        && sc.exe start MsIo32.sys
+    Description: The MsIo64.sys and MsIo32.sys drivers in Patriot Viper RGB before
+        1.1 allow local users (including low integrity processes) to read and write
+        to arbitrary memory locations, and consequently gain NT AUTHORITY\SYSTEM privileges,
+        by mapping \Device\PhysicalMemory into the calling process via ZwOpenSection
+        and ZwMapViewOfSection.
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://www.activecyber.us/activelabs/viper-rgb-driver-local-privilege-escalation-cve-2019-18845
 - http://blog.rewolf.pl/blog/?p=1630
 - https://github.com/elastic/protections-artifacts/search?q=VulnDriver
-Tags:
-- MsIo32.sys
-Verified: 'TRUE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 6491c34f274a0ed6258fadca85bd69fb
+        SHA1: 7e732acb7cfad9ba043a9350cdeff25d742becb8
+        SHA256: 7018d515a6c781ea6097ca71d0f0603ad0d689f7ec99db27fcacd492a9e86027
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2018-02-12 00:57:50'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: MsIo32.sys
+    ImportedFunctions:
+    - RtlInitUnicodeString
+    - DbgPrint
+    - ZwClose
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - IoDeleteSymbolicLink
+    - ZwUnmapViewOfSection
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - ObfDereferenceObject
+    - IoDeleteDevice
+    - HalTranslateBusAddress
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: d9e7e5bcc5b01915dbcef7762a7fc329
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 361b8f718c9e1f8f46acd39bc0e7b5cd
+        SHA1: 3b77d6df2bf649e4281d73aaa445cf8f31030027
+        SHA256: caf536e9adb1df49dc5ac8eb8557389d564f22d4f859c1baa9d0541ed58496f6
+    SHA1: e6305dddd06490d7f87e3b06d09e9d4c1c643af0
+    SHA256: 525d9b51a80ca0cd4c5889a96f857e73f3a80da1ffbae59851e0f51bdfb0b6cd
+    Sections:
+        .text:
+            Entropy: 6.058139200380966
+            Virtual Size: '0xf35'
+        .rdata:
+            Entropy: 4.121284123833754
+            Virtual Size: '0x160'
+        .data:
+            Entropy: 0.5159719988134768
+            Virtual Size: '0x110'
+        .pdata:
+            Entropy: 3.1036058838796503
+            Virtual Size: '0x54'
+        INIT:
+            Entropy: 4.784008217365607
+            Virtual Size: '0x262'
+    Signature:
+    - MICSYS Technology Co., Ltd.
+    - Symantec Class 3 Extended Validation Code Signing CA - G2
+    - VeriSign
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 Extended Validation Code Signing CA , G2
+            ValidFrom: '2014-03-04 00:00:00'
+            ValidTo: '2024-03-03 23:59:59'
+            Signature: 3f5b19f3fa13d575382a5aee9f5aa04ca91dc5cc94eede15fef5106ea41ba56483541858c40b28a185c34e74e5ff897cfed5ed3cba719f5602268f162a88feb0a32722ce4be2388e00a63a865f9de53ea8de644941744121fd07c88417da1d653082cb264f39d60427a481b14b49c3238b7e02321827b7ab0bf31872b6a4ee67066f38a6588de0f17e5da460c6a8e5505fe0e8bae28f9958b6b5a0a876f1a2f11c8841727e52979b0a36998d50f701eb3ce7f0226ae5358c63368a1ab1d967665f971aefa8209df02fba6cced9948500f158f17dc97c22b5075d02c6e60bbfab9393ff27188e33367e5734f1c3af04c184f156b3e8878336f8d30a31dc6e2c6d
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 191a32cb759c97b8cfac118dd5127f49
+            Version: 3
+            TBS:
+                MD5: 788b61bd26da89253179e3de2cdb527f
+                SHA1: 7d06f16e7bf21bce4f71c2cb7a3e74351451bf69
+                SHA256: b3c925b4048c3f7c444d248a2b101186b57cba39596eb5dce0e17a4ee4b32f19
+                SHA384: 2955e28cb7ec0ea9730b499a0f189f9621eceb02591a9486b583f12bb845885a30d6a871826318a167cc5f06b274e58c
+        -   Subject: ??=TW, ??=Taiwan, ??=New Taipei City, ??=Private Organization,
+                serialNumber=84948057, C=TW, ST=Taiwan, L=New Taipei City, O=MICSYS
+                Technology Co., Ltd., CN=MICSYS Technology Co., Ltd.
+            ValidFrom: '2017-09-14 00:00:00'
+            ValidTo: '2018-09-14 23:59:59'
+            Signature: a088ab497bb3998b21a495dc947134af2f4fef067e37e6438b4f52f7773769bf583eaad5bf427552ca96f2dae2a60791066346a80c59c22fb22a98c6260fdccac7ed90a0148ce9dad3eebf008f1e3c206f952eea6748b256984b851e809d49c0923cb7224b48c96a83387aebbc70d44d19b1f865e59239b959dd2ecc6746062f1d9dd5ef426ed347184c9aad9d196279ca6e774e0d09b3f270fbe037e554c69c85d0a7d06b81047b0677e33011600c4dc4c08ff159f4ac344f96589cae7aec5166bc7a626b4d6fccbc07505872f781f9a2e4a0a0d5b1539790287a114be16b1c2a1648fbeeb9d95beb171ab1c4007c5c23f044c782cdfbb1703a13ee833197ba
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 48e28f46a3e4ac760dfa9a58fa6c6363
+            Version: 3
+            TBS:
+                MD5: 388e7704244c6f77b4f54d467075a41c
+                SHA1: 90fb8dec5a06fa52296ed951485dabce615ec76e
+                SHA256: 39d286d0c713fd8adbf4d9e97f04b8dc770dd286d15e0d36cc985825f05bd551
+                SHA384: 1d2f4da65dfd1829e0b196b6e258b3e2b4ddf3fc63975c62d1db460d4a3e73375cfd5676510e601405563fc1a35d4b11
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        Signer:
+        -   SerialNumber: 48e28f46a3e4ac760dfa9a58fa6c6363
+            Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 Extended Validation Code Signing CA , G2
+            Version: 1
+    Imphash: 8a424cd36ae3eab0d11332ce3b982a02
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/4f0a65a7-9a01-40cb-8d95-0844515103e6.yaml b/yaml/4f0a65a7-9a01-40cb-8d95-0844515103e6.yaml
index 9a9536c71..83512e2e3 100644
--- a/yaml/4f0a65a7-9a01-40cb-8d95-0844515103e6.yaml
+++ b/yaml/4f0a65a7-9a01-40cb-8d95-0844515103e6.yaml
@@ -1,340 +1,343 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 4f0a65a7-9a01-40cb-8d95-0844515103e6
+Tags:
+- avalueio.sys
+Verified: 'TRUE'
 Author: Takahiro Haruyama
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create avalueiosys binPath= C:\windows\temp\avalueiosys.sys type=kernel
-    && sc.exe start avalueiosys
-  Description: The Carbon Black Threat Analysis Unit (TAU) discovered 34 unique vulnerable
-    drivers (237 file hashes) accepting firmware access. Six allow kernel memory access.
-    All give full control of the devices to non-admin users. By exploiting the vulnerable
-    drivers, an attacker without the system privilege may erase/alter firmware, and/or
-    elevate privileges. As of the time of writing in October 2023, the filenames of
-    the vulnerable drivers have not been made public until now.
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-11-02'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: 4f0a65a7-9a01-40cb-8d95-0844515103e6
-KnownVulnerableSamples:
-- Company: ' Avalue Technology Inc.'
-  Date: ''
-  Description: AvalueIO Driver
-  FileVersion: 2.00.02.00
-  Filename: ''
-  MD5: 1da1cfe6aa15325c9ecf8f8c9b2cd12d
-  MachineType: AMD64
-  OriginalFilename: AVALUEIO.SYS
-  Product: 'AvalueIO '
-  ProductVersion: 2.00.02.00
-  Publisher: ''
-  SHA1: b406920634361f4b7d7c1ec3b11bb40872d85105
-  SHA256: a5a4a3c3d3d5a79f3ed703fc56d45011c21f9913001fcbcc43a3f7572cff44ec
-  Signature: ''
-  Imphash: 340e874a1ca966e45fc2a314ef228cce
-  Authentihash:
-    MD5: f076a50a4c93a86cdacb0de3f4a368f6
-    SHA1: fc63767819c74d78d609214a4d4b43357bd9ba8a
-    SHA256: 7220924a787b57f757dd84b30bcd53eb11647eb65a94bfb6ffc6773aa6e6f1bf
-  RichPEHeaderHash:
-    MD5: 0b9e103436b2783d23983249bab3f04c
-    SHA1: 6bbf5f87a1a4c37e5c3f2ab9681cc68803721b1c
-    SHA256: e70b1cda0eecbce4a4690466f41c0e5547a0a5f2276c652a767781dc4a4b89f2
-  Sections:
-    .text:
-      Entropy: 5.643077489787081
-      Virtual Size: '0x20f'
-    .rdata:
-      Entropy: 4.592212209173911
-      Virtual Size: '0x120'
-    .data:
-      Entropy: 0.5159719988134768
-      Virtual Size: '0x110'
-    .pdata:
-      Entropy: 3.173845580664056
-      Virtual Size: '0x54'
-    PAGE:
-      Entropy: 5.946649166642399
-      Virtual Size: '0x290'
-    INIT:
-      Entropy: 5.28751161857765
-      Virtual Size: '0x2fa'
-    .rsrc:
-      Entropy: 3.2332027030814534
-      Virtual Size: '0x3c0'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2016-03-25 03:41:25'
-  InternalName: AVALUEIO
-  Copyright: Copyright c 2016
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeBugCheckEx
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=TW, ST=TAIWAN, L=TAIWAN, O=Avalue Technology Inc., OU=Digital ID
-        Class 3 , Microsoft Software Validation v2, CN=Avalue Technology Inc.
-      ValidFrom: '2013-08-21 00:00:00'
-      ValidTo: '2016-08-20 23:59:59'
-      Signature: ca306ba8ef4d8fa13799e7aa8f837679c91667bbbbda87359d65b1317d3ea41d92b07550cb79d41c1f8a0a142a1958ffff914e273f12b8a7bd855cc59688069cc54b56406eabf17c0fe2760d772af94ac91e941804896ce41b9d1cc7659589dc1ad5a58f1a0864a4b0f7401f8da700feea2ca81047d6a1239228b6342de3b74f2086a47bcaf27c9f0e90a9ee153d14c8e982c7baf3cbee3c19d14c9a55bafb8949e495770d2a77565562a2ff91789aa5381ca570693a3a70c355d37d914e8c85a83d38f591b93a398e6843527d64a0d425d13933f3536df36dd640e356dcd8b5534f60056502804f14cf0e6fb7d0d8447d560243282f619dc805d4b81e66566c
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 741c0dea984c5fd08b8869e6c9b2af24
-      Version: 3
-      TBS:
-        MD5: 3ed4290723d0c7b01490fa3a448b0cfa
-        SHA1: d4d7f1e88569a9993de952d6824b418f1c1153e0
-        SHA256: 69c2272969f318ee7fed13c2e35f2fc930c3e95c3b5544550178fe4a1b7cfd5b
-        SHA384: 58e854907d44b7481026748ce57803f7c1eb53245325c06b4cb4997733c647e0abf3e6ae37e1ab3df8d90eaa630e2bd1
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 741c0dea984c5fd08b8869e6c9b2af24
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: ' Avalue Technology Inc.'
-  Date: ''
-  Description: AvalueIO Driver
-  FileVersion: 2.00.02.00
-  Filename: ''
-  MD5: 09b3d078ffa3b4ed0ad2e477a2ee341f
-  MachineType: I386
-  OriginalFilename: AVALUEIO.SYS
-  Product: 'AvalueIO '
-  ProductVersion: 2.00.02.00
-  Publisher: ''
-  SHA1: 54a4772212da2025bd8fb2dc913e1c4490e7a0cd
-  SHA256: defde359045213ae6ae278e2a92c5b4a46a74119902364c7957a38138e9c9bbd
-  Signature: ''
-  Imphash: 485f7e86663d49c68c8b5f705d310f50
-  Authentihash:
-    MD5: c44f40a915f2a919c0d65dd62df0bf95
-    SHA1: 962295f2a0a51aa7e70961609090a8d9865006be
-    SHA256: 4eebf3fc1a508fe0e54c061a211c44a3df641707adab16ff839187759e8d2a61
-  RichPEHeaderHash:
-    MD5: 23bb61ebca4e6bab5c39cc5342b28860
-    SHA1: 4de2693aa5e5f79c4c1b3e682d86388267efed35
-    SHA256: e61f7781f0cc9818e9721a12f188c9a770a29788b7a14f362bdc3a6ce281b06e
-  Sections:
-    .text:
-      Entropy: 5.710579186792593
-      Virtual Size: '0x1a3'
-    .rdata:
-      Entropy: 4.662807750156685
-      Virtual Size: '0xe2'
-    .data:
-      Entropy: 3.0
-      Virtual Size: '0x8'
-    PAGE:
-      Entropy: 6.062877790772523
-      Virtual Size: '0x2ae'
-    INIT:
-      Entropy: 5.5658226420549655
-      Virtual Size: '0x3a0'
-    .rsrc:
-      Entropy: 3.2372653432167557
-      Virtual Size: '0x3c0'
-    .reloc:
-      Entropy: 2.396398114287657
-      Virtual Size: '0xde'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2016-03-27 23:38:19'
-  InternalName: AVALUEIO
-  Copyright: Copyright c 2016
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IofCompleteRequest
-  - MmUnmapIoSpace
-  - READ_REGISTER_UCHAR
-  - READ_REGISTER_USHORT
-  - READ_REGISTER_ULONG
-  - RtlInitUnicodeString
-  - WRITE_REGISTER_UCHAR
-  - WRITE_REGISTER_USHORT
-  - WRITE_REGISTER_ULONG
-  - KeTickCount
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - MmMapIoSpace
-  - WRITE_PORT_USHORT
-  - WRITE_PORT_UCHAR
-  - READ_PORT_ULONG
-  - READ_PORT_USHORT
-  - READ_PORT_UCHAR
-  - WRITE_PORT_ULONG
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=TW, ST=TAIWAN, L=TAIWAN, O=Avalue Technology Inc., OU=Digital ID
-        Class 3 , Microsoft Software Validation v2, CN=Avalue Technology Inc.
-      ValidFrom: '2013-08-21 00:00:00'
-      ValidTo: '2016-08-20 23:59:59'
-      Signature: ca306ba8ef4d8fa13799e7aa8f837679c91667bbbbda87359d65b1317d3ea41d92b07550cb79d41c1f8a0a142a1958ffff914e273f12b8a7bd855cc59688069cc54b56406eabf17c0fe2760d772af94ac91e941804896ce41b9d1cc7659589dc1ad5a58f1a0864a4b0f7401f8da700feea2ca81047d6a1239228b6342de3b74f2086a47bcaf27c9f0e90a9ee153d14c8e982c7baf3cbee3c19d14c9a55bafb8949e495770d2a77565562a2ff91789aa5381ca570693a3a70c355d37d914e8c85a83d38f591b93a398e6843527d64a0d425d13933f3536df36dd640e356dcd8b5534f60056502804f14cf0e6fb7d0d8447d560243282f619dc805d4b81e66566c
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 741c0dea984c5fd08b8869e6c9b2af24
-      Version: 3
-      TBS:
-        MD5: 3ed4290723d0c7b01490fa3a448b0cfa
-        SHA1: d4d7f1e88569a9993de952d6824b418f1c1153e0
-        SHA256: 69c2272969f318ee7fed13c2e35f2fc930c3e95c3b5544550178fe4a1b7cfd5b
-        SHA384: 58e854907d44b7481026748ce57803f7c1eb53245325c06b4cb4997733c647e0abf3e6ae37e1ab3df8d90eaa630e2bd1
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 741c0dea984c5fd08b8869e6c9b2af24
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create avalueiosys binPath= C:\windows\temp\avalueiosys.sys type=kernel
+        && sc.exe start avalueiosys
+    Description: The Carbon Black Threat Analysis Unit (TAU) discovered 34 unique
+        vulnerable drivers (237 file hashes) accepting firmware access. Six allow
+        kernel memory access. All give full control of the devices to non-admin users.
+        By exploiting the vulnerable drivers, an attacker without the system privilege
+        may erase/alter firmware, and/or elevate privileges. As of the time of writing
+        in October 2023, the filenames of the vulnerable drivers have not been made
+        public until now.
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://blogs.vmware.com/security/2023/10/hunting-vulnerable-kernel-drivers.html
-Tags:
-- avalueio.sys
-Verified: 'TRUE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Company: ' Avalue Technology Inc.'
+    Date: ''
+    Description: AvalueIO Driver
+    FileVersion: 2.00.02.00
+    Filename: ''
+    MD5: 1da1cfe6aa15325c9ecf8f8c9b2cd12d
+    MachineType: AMD64
+    OriginalFilename: AVALUEIO.SYS
+    Product: 'AvalueIO '
+    ProductVersion: 2.00.02.00
+    Publisher: ''
+    SHA1: b406920634361f4b7d7c1ec3b11bb40872d85105
+    SHA256: a5a4a3c3d3d5a79f3ed703fc56d45011c21f9913001fcbcc43a3f7572cff44ec
+    Signature: ''
+    Imphash: 340e874a1ca966e45fc2a314ef228cce
+    Authentihash:
+        MD5: f076a50a4c93a86cdacb0de3f4a368f6
+        SHA1: fc63767819c74d78d609214a4d4b43357bd9ba8a
+        SHA256: 7220924a787b57f757dd84b30bcd53eb11647eb65a94bfb6ffc6773aa6e6f1bf
+    RichPEHeaderHash:
+        MD5: 0b9e103436b2783d23983249bab3f04c
+        SHA1: 6bbf5f87a1a4c37e5c3f2ab9681cc68803721b1c
+        SHA256: e70b1cda0eecbce4a4690466f41c0e5547a0a5f2276c652a767781dc4a4b89f2
+    Sections:
+        .text:
+            Entropy: 5.643077489787081
+            Virtual Size: '0x20f'
+        .rdata:
+            Entropy: 4.592212209173911
+            Virtual Size: '0x120'
+        .data:
+            Entropy: 0.5159719988134768
+            Virtual Size: '0x110'
+        .pdata:
+            Entropy: 3.173845580664056
+            Virtual Size: '0x54'
+        PAGE:
+            Entropy: 5.946649166642399
+            Virtual Size: '0x290'
+        INIT:
+            Entropy: 5.28751161857765
+            Virtual Size: '0x2fa'
+        .rsrc:
+            Entropy: 3.2332027030814534
+            Virtual Size: '0x3c0'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2016-03-25 03:41:25'
+    InternalName: AVALUEIO
+    Copyright: Copyright c 2016
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeBugCheckEx
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=TW, ST=TAIWAN, L=TAIWAN, O=Avalue Technology Inc., OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, CN=Avalue Technology
+                Inc.
+            ValidFrom: '2013-08-21 00:00:00'
+            ValidTo: '2016-08-20 23:59:59'
+            Signature: ca306ba8ef4d8fa13799e7aa8f837679c91667bbbbda87359d65b1317d3ea41d92b07550cb79d41c1f8a0a142a1958ffff914e273f12b8a7bd855cc59688069cc54b56406eabf17c0fe2760d772af94ac91e941804896ce41b9d1cc7659589dc1ad5a58f1a0864a4b0f7401f8da700feea2ca81047d6a1239228b6342de3b74f2086a47bcaf27c9f0e90a9ee153d14c8e982c7baf3cbee3c19d14c9a55bafb8949e495770d2a77565562a2ff91789aa5381ca570693a3a70c355d37d914e8c85a83d38f591b93a398e6843527d64a0d425d13933f3536df36dd640e356dcd8b5534f60056502804f14cf0e6fb7d0d8447d560243282f619dc805d4b81e66566c
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 741c0dea984c5fd08b8869e6c9b2af24
+            Version: 3
+            TBS:
+                MD5: 3ed4290723d0c7b01490fa3a448b0cfa
+                SHA1: d4d7f1e88569a9993de952d6824b418f1c1153e0
+                SHA256: 69c2272969f318ee7fed13c2e35f2fc930c3e95c3b5544550178fe4a1b7cfd5b
+                SHA384: 58e854907d44b7481026748ce57803f7c1eb53245325c06b4cb4997733c647e0abf3e6ae37e1ab3df8d90eaa630e2bd1
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 741c0dea984c5fd08b8869e6c9b2af24
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: ' Avalue Technology Inc.'
+    Date: ''
+    Description: AvalueIO Driver
+    FileVersion: 2.00.02.00
+    Filename: ''
+    MD5: 09b3d078ffa3b4ed0ad2e477a2ee341f
+    MachineType: I386
+    OriginalFilename: AVALUEIO.SYS
+    Product: 'AvalueIO '
+    ProductVersion: 2.00.02.00
+    Publisher: ''
+    SHA1: 54a4772212da2025bd8fb2dc913e1c4490e7a0cd
+    SHA256: defde359045213ae6ae278e2a92c5b4a46a74119902364c7957a38138e9c9bbd
+    Signature: ''
+    Imphash: 485f7e86663d49c68c8b5f705d310f50
+    Authentihash:
+        MD5: c44f40a915f2a919c0d65dd62df0bf95
+        SHA1: 962295f2a0a51aa7e70961609090a8d9865006be
+        SHA256: 4eebf3fc1a508fe0e54c061a211c44a3df641707adab16ff839187759e8d2a61
+    RichPEHeaderHash:
+        MD5: 23bb61ebca4e6bab5c39cc5342b28860
+        SHA1: 4de2693aa5e5f79c4c1b3e682d86388267efed35
+        SHA256: e61f7781f0cc9818e9721a12f188c9a770a29788b7a14f362bdc3a6ce281b06e
+    Sections:
+        .text:
+            Entropy: 5.710579186792593
+            Virtual Size: '0x1a3'
+        .rdata:
+            Entropy: 4.662807750156685
+            Virtual Size: '0xe2'
+        .data:
+            Entropy: 3.0
+            Virtual Size: '0x8'
+        PAGE:
+            Entropy: 6.062877790772523
+            Virtual Size: '0x2ae'
+        INIT:
+            Entropy: 5.5658226420549655
+            Virtual Size: '0x3a0'
+        .rsrc:
+            Entropy: 3.2372653432167557
+            Virtual Size: '0x3c0'
+        .reloc:
+            Entropy: 2.396398114287657
+            Virtual Size: '0xde'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2016-03-27 23:38:19'
+    InternalName: AVALUEIO
+    Copyright: Copyright c 2016
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IofCompleteRequest
+    - MmUnmapIoSpace
+    - READ_REGISTER_UCHAR
+    - READ_REGISTER_USHORT
+    - READ_REGISTER_ULONG
+    - RtlInitUnicodeString
+    - WRITE_REGISTER_UCHAR
+    - WRITE_REGISTER_USHORT
+    - WRITE_REGISTER_ULONG
+    - KeTickCount
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - MmMapIoSpace
+    - WRITE_PORT_USHORT
+    - WRITE_PORT_UCHAR
+    - READ_PORT_ULONG
+    - READ_PORT_USHORT
+    - READ_PORT_UCHAR
+    - WRITE_PORT_ULONG
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=TW, ST=TAIWAN, L=TAIWAN, O=Avalue Technology Inc., OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, CN=Avalue Technology
+                Inc.
+            ValidFrom: '2013-08-21 00:00:00'
+            ValidTo: '2016-08-20 23:59:59'
+            Signature: ca306ba8ef4d8fa13799e7aa8f837679c91667bbbbda87359d65b1317d3ea41d92b07550cb79d41c1f8a0a142a1958ffff914e273f12b8a7bd855cc59688069cc54b56406eabf17c0fe2760d772af94ac91e941804896ce41b9d1cc7659589dc1ad5a58f1a0864a4b0f7401f8da700feea2ca81047d6a1239228b6342de3b74f2086a47bcaf27c9f0e90a9ee153d14c8e982c7baf3cbee3c19d14c9a55bafb8949e495770d2a77565562a2ff91789aa5381ca570693a3a70c355d37d914e8c85a83d38f591b93a398e6843527d64a0d425d13933f3536df36dd640e356dcd8b5534f60056502804f14cf0e6fb7d0d8447d560243282f619dc805d4b81e66566c
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 741c0dea984c5fd08b8869e6c9b2af24
+            Version: 3
+            TBS:
+                MD5: 3ed4290723d0c7b01490fa3a448b0cfa
+                SHA1: d4d7f1e88569a9993de952d6824b418f1c1153e0
+                SHA256: 69c2272969f318ee7fed13c2e35f2fc930c3e95c3b5544550178fe4a1b7cfd5b
+                SHA384: 58e854907d44b7481026748ce57803f7c1eb53245325c06b4cb4997733c647e0abf3e6ae37e1ab3df8d90eaa630e2bd1
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 741c0dea984c5fd08b8869e6c9b2af24
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/4f2edf45-b135-404f-bedc-9583f0bae574.yaml b/yaml/4f2edf45-b135-404f-bedc-9583f0bae574.yaml
index 2c7c0a2a2..d9cf4b9c5 100644
--- a/yaml/4f2edf45-b135-404f-bedc-9583f0bae574.yaml
+++ b/yaml/4f2edf45-b135-404f-bedc-9583f0bae574.yaml
@@ -1,224 +1,225 @@
 Id: 4f2edf45-b135-404f-bedc-9583f0bae574
+Tags:
+- e939448b28a4edc81f1f974cebf6e7d2.sys
+Verified: 'TRUE'
 Author: Alice Climent-Pommeret
 Created: '2023-07-31'
 MitreID: T1014
 Category: malicious
-Verified: 'TRUE'
 Commands:
-  Command: sc.exe create e939448b28a4edc81f1f974cebf6e7d2.sys binPath=C:\windows\temp\e939448b28a4edc81f1f974cebf6e7d2.sys
-    type=kernel && sc.exe start e939448b28a4edc81f1f974cebf6e7d2.sys
-  Description: "Cisco Talos has identified multiple versions of an undocumented malicious\
-    \ driver named \u201CRedDriver,\u201D a driver-based browser hijacker that uses\
-    \ the Windows Filtering Platform (WFP) to intercept browser traffic. RedDriver\
-    \ has been active since at least 2021. RedDriver utilizes HookSignTool to forge\
-    \ its signature timestamp to bypass Windows driver-signing policies. Code from\
-    \ multiple open-source tools has been used in the development of RedDriver's infection\
-    \ chain, including HP-Socket and a custom implementation of ReflectiveLoader.\
-    \ The authors of RedDriver appear to be skilled in driver development and have\
-    \ deep knowledge of the Windows operating system. This threat appears to target\
-    \ native Chinese speakers, as it searches for Chinese language browsers to hijack.\
-    \ Additionally, the authors are likely Chinese speakers themselves."
-  Usecase: ''
-  Privileges: kernel
-  OperatingSystem: Windows 10
+    Command: sc.exe create e939448b28a4edc81f1f974cebf6e7d2.sys binPath=C:\windows\temp\e939448b28a4edc81f1f974cebf6e7d2.sys
+        type=kernel && sc.exe start e939448b28a4edc81f1f974cebf6e7d2.sys
+    Description: "Cisco Talos has identified multiple versions of an undocumented\
+        \ malicious driver named \u201CRedDriver,\u201D a driver-based browser hijacker\
+        \ that uses the Windows Filtering Platform (WFP) to intercept browser traffic.\
+        \ RedDriver has been active since at least 2021. RedDriver utilizes HookSignTool\
+        \ to forge its signature timestamp to bypass Windows driver-signing policies.\
+        \ Code from multiple open-source tools has been used in the development of\
+        \ RedDriver's infection chain, including HP-Socket and a custom implementation\
+        \ of ReflectiveLoader. The authors of RedDriver appear to be skilled in driver\
+        \ development and have deep knowledge of the Windows operating system. This\
+        \ threat appears to target native Chinese speakers, as it searches for Chinese\
+        \ language browsers to hijack. Additionally, the authors are likely Chinese\
+        \ speakers themselves."
+    Usecase: ''
+    Privileges: kernel
+    OperatingSystem: Windows 10
 Resources:
 - https://blog.talosintelligence.com/undocumented-reddriver/
-Acknowledgement:
-  Person: ''
-  Handle: ''
 Detection: []
+Acknowledgement:
+    Person: ''
+    Handle: ''
 KnownVulnerableSamples:
-- Filename: ''
-  MD5: e939448b28a4edc81f1f974cebf6e7d2
-  SHA1: 552730553a1dea0290710465fb8189bdd0eaad42
-  SHA256: 29d765e29d2f06eb511ee88b2e514c9df1a9020a768ddd3d2278d9045e9cdb4a
-  Signature: ''
-  Date: ''
-  Publisher: ''
-  Company: ''
-  Description: ''
-  Product: ''
-  ProductVersion: ''
-  FileVersion: ''
-  MachineType: AMD64
-  OriginalFilename: ''
-  Authentihash:
-    MD5: 59e07697795ff07f811cb2edec92ff4b
-    SHA1: 9b453e25fcefea6ced8d40b7995aedcd651e21b7
-    SHA256: 5a7bde3c194e84070ff15718e58b6d9a79d5b11fb4f5754ecbae9f6fee1ca40f
-  RichPEHeaderHash:
-    MD5: ecdd5c0e8a78b145a8e5d9443ff0f2eb
-    SHA1: 3ed3a76d965f1b5e387959ceedc84567a2f7bca4
-    SHA256: 1edc4e310bd57e5c317b972f0bdb9f1f0794009b7039364dd6a879ee5f342754
-  Sections:
-    .text:
-      Entropy: 6.2119592546505995
-      Virtual Size: '0xc1ee'
-    .rdata:
-      Entropy: 5.110403242864534
-      Virtual Size: '0xbac'
-    .data:
-      Entropy: 7.880058093889707
-      Virtual Size: '0xa5490'
-    .pdata:
-      Entropy: 4.5968345164469415
-      Virtual Size: '0x540'
-    PAGE:
-      Entropy: 6.308757256393646
-      Virtual Size: '0x9b5'
-    INIT:
-      Entropy: 5.268683087271941
-      Virtual Size: '0xa96'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2023-07-01 04:13:19'
-  InternalName: ''
-  Copyright: ''
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IoRegisterDriverReinitialization
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeSetEvent
-  - KeInitializeEvent
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - ZwClose
-  - IofCompleteRequest
-  - ObReferenceObjectByHandle
-  - KeWaitForSingleObject
-  - PsThreadType
-  - IoIsWdmVersionAvailable
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - ZwReadFile
-  - IoCreateFile
-  - ZwSetInformationFile
-  - ZwCreateFile
-  - ZwQueryDirectoryFile
-  - ZwDeleteFile
-  - ZwOpenFile
-  - RtlImageNtHeader
-  - ZwQueryInformationFile
-  - ZwWriteFile
-  - ZwSetValueKey
-  - ZwQueryValueKey
-  - _vsnprintf
-  - ZwFlushKey
-  - ZwDeleteKey
-  - ZwOpenKey
-  - _stricmp
-  - ZwCreateKey
-  - PsSetLoadImageNotifyRoutine
-  - PsGetProcessImageFileName
-  - PsLookupProcessByProcessId
-  - MmGetSystemRoutineAddress
-  - RtlGetVersion
-  - FsRtlIsNameInExpression
-  - wcsrchr
-  - PsRemoveLoadImageNotifyRoutine
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - KeUnstackDetachProcess
-  - ObOpenObjectByPointer
-  - KeStackAttachProcess
-  - ZwAllocateVirtualMemory
-  - KeClearEvent
-  - _wcsnicmp
-  - ObCreateObject
-  - IoFileObjectType
-  - IoDriverObjectType
-  - MmMapLockedPagesSpecifyCache
-  - IoGetCurrentProcess
-  - _vsnwprintf
-  - KeQueryTimeIncrement
-  - IoGetDeviceAttachmentBaseRef
-  - IoFreeIrp
-  - IoAllocateIrp
-  - RtlCompareUnicodeString
-  - CmRegisterCallback
-  - PsGetCurrentProcessId
-  - RtlCopyUnicodeString
-  - CmCallbackGetKeyObjectID
-  - ZwEnumerateKey
-  - strstr
-  - KeDelayExecutionThread
-  - ExSystemTimeToLocalTime
-  - RtlTimeToTimeFields
-  - RtlMultiByteToUnicodeN
-  - IoBuildDeviceIoControlRequest
-  - IoGetRelatedDeviceObject
-  - IoFreeMdl
-  - IoCancelIrp
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - IofCallDriver
-  - ZwMapViewOfSection
-  - ExGetPreviousMode
-  - ZwQuerySystemInformation
-  - ZwUnmapViewOfSection
-  - ZwCreateSection
-  - ExFreePool
-  - KeBugCheckEx
-  - __C_specific_handler
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=CN, ST=Beijing, L=Beijing, O=Beijing JoinHope Image Technology Ltd.,
-        CN=Beijing JoinHope Image Technology Ltd.
-      ValidFrom: '2014-05-16 00:00:00'
-      ValidTo: '2015-05-16 23:59:59'
-      Signature: e896f8811ed9938fcbdc8c37f8c029045bb36722791c608d7d59f1d50b9e8923777b3ce973553c8164d7445f038c3720516d74f2f95fd734cd1349c1e6cf17f1c9042f069fb94350f7cd8f36f676fd175742d32adbc5d143423e3bc38bea71f9d021110303529d578ba7aab16d53c61642cf1f7e16964718a083182429d4347a09ea0047d9e53bad112ca5a5a14a180539ceb64000a677709bb70e9e3aea68158977072e7f130f1f99b08c2593b4003523f3f6cd441a7e4d8e88f3a2b871e6a03627dd3dadd97487df1dc5b93119ec65b60d1e4e0248a1978ee7480c08b8b8e54d890e7941aa852cf65d731cf0a6cf66584a0d0fba70d6697ee22a8d859919f4
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0a005d2e2bcd4137168217d8c727747c
-      Version: 3
-      TBS:
-        MD5: 4d213d99215f488050faaa39765656d1
-        SHA1: 0308508b5a3fcd330bbf28931f8e1a9c93c3ee69
-        SHA256: ea947432de238a25fdb7892e436f4ef44f30ab16ae9e1eb914860f4808b25ef2
-        SHA384: 430e932514f35ed55f31f050f33bcc0b9244fd83c6d1d28ee240306e54292e93b5894ef4eb9c09bf84cdc8068c6a7230
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 0a005d2e2bcd4137168217d8c727747c
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: be0dd8b8e045356d600ee55a64d9d197
-  LoadsDespiteHVCI: 'TRUE'
-Tags:
-- e939448b28a4edc81f1f974cebf6e7d2.sys
+-   Filename: ''
+    MD5: e939448b28a4edc81f1f974cebf6e7d2
+    SHA1: 552730553a1dea0290710465fb8189bdd0eaad42
+    SHA256: 29d765e29d2f06eb511ee88b2e514c9df1a9020a768ddd3d2278d9045e9cdb4a
+    Signature: ''
+    Date: ''
+    Publisher: ''
+    Company: ''
+    Description: ''
+    Product: ''
+    ProductVersion: ''
+    FileVersion: ''
+    MachineType: AMD64
+    OriginalFilename: ''
+    Authentihash:
+        MD5: 59e07697795ff07f811cb2edec92ff4b
+        SHA1: 9b453e25fcefea6ced8d40b7995aedcd651e21b7
+        SHA256: 5a7bde3c194e84070ff15718e58b6d9a79d5b11fb4f5754ecbae9f6fee1ca40f
+    RichPEHeaderHash:
+        MD5: ecdd5c0e8a78b145a8e5d9443ff0f2eb
+        SHA1: 3ed3a76d965f1b5e387959ceedc84567a2f7bca4
+        SHA256: 1edc4e310bd57e5c317b972f0bdb9f1f0794009b7039364dd6a879ee5f342754
+    Sections:
+        .text:
+            Entropy: 6.2119592546505995
+            Virtual Size: '0xc1ee'
+        .rdata:
+            Entropy: 5.110403242864534
+            Virtual Size: '0xbac'
+        .data:
+            Entropy: 7.880058093889707
+            Virtual Size: '0xa5490'
+        .pdata:
+            Entropy: 4.5968345164469415
+            Virtual Size: '0x540'
+        PAGE:
+            Entropy: 6.308757256393646
+            Virtual Size: '0x9b5'
+        INIT:
+            Entropy: 5.268683087271941
+            Virtual Size: '0xa96'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2023-07-01 04:13:19'
+    InternalName: ''
+    Copyright: ''
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - IoRegisterDriverReinitialization
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeSetEvent
+    - KeInitializeEvent
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - ZwClose
+    - IofCompleteRequest
+    - ObReferenceObjectByHandle
+    - KeWaitForSingleObject
+    - PsThreadType
+    - IoIsWdmVersionAvailable
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - ZwReadFile
+    - IoCreateFile
+    - ZwSetInformationFile
+    - ZwCreateFile
+    - ZwQueryDirectoryFile
+    - ZwDeleteFile
+    - ZwOpenFile
+    - RtlImageNtHeader
+    - ZwQueryInformationFile
+    - ZwWriteFile
+    - ZwSetValueKey
+    - ZwQueryValueKey
+    - _vsnprintf
+    - ZwFlushKey
+    - ZwDeleteKey
+    - ZwOpenKey
+    - _stricmp
+    - ZwCreateKey
+    - PsSetLoadImageNotifyRoutine
+    - PsGetProcessImageFileName
+    - PsLookupProcessByProcessId
+    - MmGetSystemRoutineAddress
+    - RtlGetVersion
+    - FsRtlIsNameInExpression
+    - wcsrchr
+    - PsRemoveLoadImageNotifyRoutine
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - KeUnstackDetachProcess
+    - ObOpenObjectByPointer
+    - KeStackAttachProcess
+    - ZwAllocateVirtualMemory
+    - KeClearEvent
+    - _wcsnicmp
+    - ObCreateObject
+    - IoFileObjectType
+    - IoDriverObjectType
+    - MmMapLockedPagesSpecifyCache
+    - IoGetCurrentProcess
+    - _vsnwprintf
+    - KeQueryTimeIncrement
+    - IoGetDeviceAttachmentBaseRef
+    - IoFreeIrp
+    - IoAllocateIrp
+    - RtlCompareUnicodeString
+    - CmRegisterCallback
+    - PsGetCurrentProcessId
+    - RtlCopyUnicodeString
+    - CmCallbackGetKeyObjectID
+    - ZwEnumerateKey
+    - strstr
+    - KeDelayExecutionThread
+    - ExSystemTimeToLocalTime
+    - RtlTimeToTimeFields
+    - RtlMultiByteToUnicodeN
+    - IoBuildDeviceIoControlRequest
+    - IoGetRelatedDeviceObject
+    - IoFreeMdl
+    - IoCancelIrp
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - IofCallDriver
+    - ZwMapViewOfSection
+    - ExGetPreviousMode
+    - ZwQuerySystemInformation
+    - ZwUnmapViewOfSection
+    - ZwCreateSection
+    - ExFreePool
+    - KeBugCheckEx
+    - __C_specific_handler
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=CN, ST=Beijing, L=Beijing, O=Beijing JoinHope Image Technology
+                Ltd., CN=Beijing JoinHope Image Technology Ltd.
+            ValidFrom: '2014-05-16 00:00:00'
+            ValidTo: '2015-05-16 23:59:59'
+            Signature: e896f8811ed9938fcbdc8c37f8c029045bb36722791c608d7d59f1d50b9e8923777b3ce973553c8164d7445f038c3720516d74f2f95fd734cd1349c1e6cf17f1c9042f069fb94350f7cd8f36f676fd175742d32adbc5d143423e3bc38bea71f9d021110303529d578ba7aab16d53c61642cf1f7e16964718a083182429d4347a09ea0047d9e53bad112ca5a5a14a180539ceb64000a677709bb70e9e3aea68158977072e7f130f1f99b08c2593b4003523f3f6cd441a7e4d8e88f3a2b871e6a03627dd3dadd97487df1dc5b93119ec65b60d1e4e0248a1978ee7480c08b8b8e54d890e7941aa852cf65d731cf0a6cf66584a0d0fba70d6697ee22a8d859919f4
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0a005d2e2bcd4137168217d8c727747c
+            Version: 3
+            TBS:
+                MD5: 4d213d99215f488050faaa39765656d1
+                SHA1: 0308508b5a3fcd330bbf28931f8e1a9c93c3ee69
+                SHA256: ea947432de238a25fdb7892e436f4ef44f30ab16ae9e1eb914860f4808b25ef2
+                SHA384: 430e932514f35ed55f31f050f33bcc0b9244fd83c6d1d28ee240306e54292e93b5894ef4eb9c09bf84cdc8068c6a7230
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 0a005d2e2bcd4137168217d8c727747c
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: be0dd8b8e045356d600ee55a64d9d197
+    LoadsDespiteHVCI: 'TRUE'
diff --git a/yaml/4f47c65e-2e73-4855-813a-5a823ae845a8.yaml b/yaml/4f47c65e-2e73-4855-813a-5a823ae845a8.yaml
index 3ebc6f5db..8aea2bac8 100644
--- a/yaml/4f47c65e-2e73-4855-813a-5a823ae845a8.yaml
+++ b/yaml/4f47c65e-2e73-4855-813a-5a823ae845a8.yaml
@@ -1,305 +1,307 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 4f47c65e-2e73-4855-813a-5a823ae845a8
+Tags:
+- tdeio64.sys
+Verified: 'TRUE'
 Author: Takahiro Haruyama
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create tdeio64sys binPath= C:\windows\temp\tdeio64sys.sys type=kernel
-    && sc.exe start tdeio64sys
-  Description: The Carbon Black Threat Analysis Unit (TAU) discovered 34 unique vulnerable
-    drivers (237 file hashes) accepting firmware access. Six allow kernel memory access.
-    All give full control of the devices to non-admin users. By exploiting the vulnerable
-    drivers, an attacker without the system privilege may erase/alter firmware, and/or
-    elevate privileges. As of the time of writing in October 2023, the filenames of
-    the vulnerable drivers have not been made public until now.
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-11-02'
-Detection: []
-Id: 4f47c65e-2e73-4855-813a-5a823ae845a8
-KnownVulnerableSamples:
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: ''
-  MD5: 97e90c869b5b0f493b833710931c39ed
-  MachineType: AMD64
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: f1b3bdc3beb2dca19940d53eb5a0aed85b807e30
-  SHA256: 1076504a145810dfe331324007569b95d0310ac1e08951077ac3baf668b2a486
-  Signature: ''
-  Imphash: 8211bd4f00a3d9928a11a6ac3329fc46
-  Authentihash:
-    MD5: 6ff943f654668582c1f1afa011932d7a
-    SHA1: 4cac09246c22324368f367e03550734a281471c5
-    SHA256: c8a34012c22a650972b9ecad988d346c8670bcd51ea2dd3ab7fe4562e117f1b9
-  RichPEHeaderHash:
-    MD5: 889c98d36b232f069b9686d61ca41f8d
-    SHA1: ab8e11d3941b91551d5ff2209aa0e24ec1c60a5c
-    SHA256: 5317c6b7c0a8a229f52733b98c9b1c049bc019ae7fbe2d9e8643814db0fc240c
-  Sections:
-    .text:
-      Entropy: 6.311346777695431
-      Virtual Size: '0x2c96'
-    .rdata:
-      Entropy: 4.620063504139846
-      Virtual Size: '0x234'
-    .data:
-      Entropy: 0.5035334969292564
-      Virtual Size: '0x118'
-    .pdata:
-      Entropy: 3.5844387707598413
-      Virtual Size: '0xb4'
-    INIT:
-      Entropy: 4.946698422001189
-      Virtual Size: '0x398'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2007-12-11 00:27:18'
-  InternalName: ''
-  Copyright: ''
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoCreateSymbolicLink
-  - MmUnmapLockedPages
-  - IoCreateDevice
-  - IoDeleteSymbolicLink
-  - MmAllocateContiguousMemorySpecifyCache
-  - MmFreeContiguousMemorySpecifyCache
-  - DbgPrint
-  - IoAllocateMdl
-  - MmAllocateContiguousMemory
-  - KeAcquireSpinLockRaiseToDpc
-  - IofCompleteRequest
-  - IoDeleteDevice
-  - KeReleaseSpinLock
-  - MmFreeContiguousMemory
-  - MmUnmapIoSpace
-  - MmBuildMdlForNonPagedPool
-  - IoFreeMdl
-  - MmGetPhysicalAddress
-  - MmMapLockedPagesSpecifyCache
-  - KeBugCheckEx
-  - RtlInitUnicodeString
-  - MmMapIoSpace
-  - HalTranslateBusAddress
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G3
-      ValidFrom: '2012-05-01 00:00:00'
-      ValidTo: '2012-12-31 23:59:59'
-      Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
-      Version: 3
-      TBS:
-        MD5: e6d820afb23af20a65cf0b03247ea05e
-        SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
-        SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
-        SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=TW, ST=Taiwan, L=Taipei, O=PEGATRON CORPORATION, OU=Digital ID Class
-        3 , Microsoft Software Validation v2, CN=PEGATRON CORPORATION
-      ValidFrom: '2012-03-06 00:00:00'
-      ValidTo: '2015-03-29 23:59:59'
-      Signature: 826501755cb3861a31e06401c06a60985b976786d9ee66655b16dd6d0bee5eb2f1cc78cd3ab42a8074f2ead8703cde54b1abcf4587bf817e30617d1af84751b7500221dcbf4c44dd111da69ee12a89907bdd7dc10234330ba6914f64d2efde98cb0fd05e6e5d934093cbfd4d79999ef382d804516e593f3de809bdf5c9024dad58da6dd9c62f13b75c649bc8f6c3c75f5617b2db0dc20abf47f820e5b01289b457cd234fa59038f0aa7b86c8b7590728fd9252eefeb112de0b8bb6733b162a5596ffb01ec9fa61fc5cad486c4e7f9d24c5fc10a0adf8ba3f70ef4597ab8fe20978346673fffb66fb15373759bf0e1142034440402ab58a2c1bd0e32f7a23a85a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 291a8c8022af992219298e002861d3e6
-      Version: 3
-      TBS:
-        MD5: 92ee6d7e7b0fbf4e755ce186dc2e2ed9
-        SHA1: 2fdb5226daef89f545c7c8d0dcc4233d02126e68
-        SHA256: 4fd24c5fdae677d4e66d9d1c7b1417680ed16f69dc94c98698f580afdd3873df
-        SHA384: f4140f9893e8ae98630aca7174509f3b966878caca375fe2865adf98739fae974c43db7e81a1ddffef787ffa0b296867
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 291a8c8022af992219298e002861d3e6
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: ''
-  MD5: f766a9bb7cd46ba8c871484058f908f0
-  MachineType: AMD64
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: 24b3f962587b0062ac9a1ec71bcc3836b12306d2
-  SHA256: 13ae4d9dcacba8133d8189e59d9352272e15629e6bca580c32aff9810bd96e44
-  Signature: ''
-  Imphash: 8211bd4f00a3d9928a11a6ac3329fc46
-  Authentihash:
-    MD5: 6ff943f654668582c1f1afa011932d7a
-    SHA1: 4cac09246c22324368f367e03550734a281471c5
-    SHA256: c8a34012c22a650972b9ecad988d346c8670bcd51ea2dd3ab7fe4562e117f1b9
-  RichPEHeaderHash:
-    MD5: 889c98d36b232f069b9686d61ca41f8d
-    SHA1: ab8e11d3941b91551d5ff2209aa0e24ec1c60a5c
-    SHA256: 5317c6b7c0a8a229f52733b98c9b1c049bc019ae7fbe2d9e8643814db0fc240c
-  Sections:
-    .text:
-      Entropy: 6.311346777695431
-      Virtual Size: '0x2c96'
-    .rdata:
-      Entropy: 4.620063504139846
-      Virtual Size: '0x234'
-    .data:
-      Entropy: 0.5035334969292564
-      Virtual Size: '0x118'
-    .pdata:
-      Entropy: 3.5844387707598413
-      Virtual Size: '0xb4'
-    INIT:
-      Entropy: 4.946698422001189
-      Virtual Size: '0x398'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2007-12-11 00:27:18'
-  InternalName: ''
-  Copyright: ''
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoCreateSymbolicLink
-  - MmUnmapLockedPages
-  - IoCreateDevice
-  - IoDeleteSymbolicLink
-  - MmAllocateContiguousMemorySpecifyCache
-  - MmFreeContiguousMemorySpecifyCache
-  - DbgPrint
-  - IoAllocateMdl
-  - MmAllocateContiguousMemory
-  - KeAcquireSpinLockRaiseToDpc
-  - IofCompleteRequest
-  - IoDeleteDevice
-  - KeReleaseSpinLock
-  - MmFreeContiguousMemory
-  - MmUnmapIoSpace
-  - MmBuildMdlForNonPagedPool
-  - IoFreeMdl
-  - MmGetPhysicalAddress
-  - MmMapLockedPagesSpecifyCache
-  - KeBugCheckEx
-  - RtlInitUnicodeString
-  - MmMapIoSpace
-  - HalTranslateBusAddress
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=TW, ST=Taiwan, L=Taipei / Peitou, O=ASUSTeK Computer Inc., OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=Quality Testing Department,
-        CN=ASUSTeK Computer Inc.
-      ValidFrom: '2007-07-03 00:00:00'
-      ValidTo: '2008-07-26 23:59:59'
-      Signature: 2eca2db768d60f241f8c155b9db4bc91a02d16a3f1ec09059aa3b91a4ee0e44317d1f286d12133f44f4b282141287a8b9a3781b46184f732a599edb622e6057156d99221a130091c9f171f1a5f75125a68270d5c21ac379541136b8bf164a0ee6c9b9f5557754ea940f1c836e6d823528d764aaa41b038d84523e395c0ada5e17fea7912a0d10aa807fc0b89d4d116b92dbfc7028f1a23d5d679ac9a1023952a2cf98940ad5cc16bd9381403751ebd52c892205205d51d72b2a83ddb92547fce93e2b6617a42c7249312344ee0b9184859e8b1dd39bd5e61ab5999cbc8aa8807c8538c1926e49a9bbc29dcdf266a603c85f8df773c9659bcf08ffe2ba0f1cfa5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 23eab3ac30c7016a299c8d31d99f3ae8
-      Version: 3
-      TBS:
-        MD5: 54f73eaca10fe12ff2e14194e2f019b8
-        SHA1: 471cb77202e7d4941a5bff8ba813f5ed221dc32e
-        SHA256: 9dba2d4765226ca91fb7104e0cbd01308c4e8ed9727ea661eeaa473d7825ee35
-        SHA384: 272d877ad02e5487a0864e4d876a9e06fea5ead9cd149e7a48c4f111cfa8dc2f05f1042f2822b42360896da334e6390d
-    Signer:
-    - SerialNumber: 23eab3ac30c7016a299c8d31d99f3ae8
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create tdeio64sys binPath= C:\windows\temp\tdeio64sys.sys type=kernel
+        && sc.exe start tdeio64sys
+    Description: The Carbon Black Threat Analysis Unit (TAU) discovered 34 unique
+        vulnerable drivers (237 file hashes) accepting firmware access. Six allow
+        kernel memory access. All give full control of the devices to non-admin users.
+        By exploiting the vulnerable drivers, an attacker without the system privilege
+        may erase/alter firmware, and/or elevate privileges. As of the time of writing
+        in October 2023, the filenames of the vulnerable drivers have not been made
+        public until now.
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://blogs.vmware.com/security/2023/10/hunting-vulnerable-kernel-drivers.html
-Tags:
-- tdeio64.sys
-Verified: 'TRUE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: ''
+    MD5: 97e90c869b5b0f493b833710931c39ed
+    MachineType: AMD64
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: f1b3bdc3beb2dca19940d53eb5a0aed85b807e30
+    SHA256: 1076504a145810dfe331324007569b95d0310ac1e08951077ac3baf668b2a486
+    Signature: ''
+    Imphash: 8211bd4f00a3d9928a11a6ac3329fc46
+    Authentihash:
+        MD5: 6ff943f654668582c1f1afa011932d7a
+        SHA1: 4cac09246c22324368f367e03550734a281471c5
+        SHA256: c8a34012c22a650972b9ecad988d346c8670bcd51ea2dd3ab7fe4562e117f1b9
+    RichPEHeaderHash:
+        MD5: 889c98d36b232f069b9686d61ca41f8d
+        SHA1: ab8e11d3941b91551d5ff2209aa0e24ec1c60a5c
+        SHA256: 5317c6b7c0a8a229f52733b98c9b1c049bc019ae7fbe2d9e8643814db0fc240c
+    Sections:
+        .text:
+            Entropy: 6.311346777695431
+            Virtual Size: '0x2c96'
+        .rdata:
+            Entropy: 4.620063504139846
+            Virtual Size: '0x234'
+        .data:
+            Entropy: 0.5035334969292564
+            Virtual Size: '0x118'
+        .pdata:
+            Entropy: 3.5844387707598413
+            Virtual Size: '0xb4'
+        INIT:
+            Entropy: 4.946698422001189
+            Virtual Size: '0x398'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2007-12-11 00:27:18'
+    InternalName: ''
+    Copyright: ''
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoCreateSymbolicLink
+    - MmUnmapLockedPages
+    - IoCreateDevice
+    - IoDeleteSymbolicLink
+    - MmAllocateContiguousMemorySpecifyCache
+    - MmFreeContiguousMemorySpecifyCache
+    - DbgPrint
+    - IoAllocateMdl
+    - MmAllocateContiguousMemory
+    - KeAcquireSpinLockRaiseToDpc
+    - IofCompleteRequest
+    - IoDeleteDevice
+    - KeReleaseSpinLock
+    - MmFreeContiguousMemory
+    - MmUnmapIoSpace
+    - MmBuildMdlForNonPagedPool
+    - IoFreeMdl
+    - MmGetPhysicalAddress
+    - MmMapLockedPagesSpecifyCache
+    - KeBugCheckEx
+    - RtlInitUnicodeString
+    - MmMapIoSpace
+    - HalTranslateBusAddress
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G3
+            ValidFrom: '2012-05-01 00:00:00'
+            ValidTo: '2012-12-31 23:59:59'
+            Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
+            Version: 3
+            TBS:
+                MD5: e6d820afb23af20a65cf0b03247ea05e
+                SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
+                SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
+                SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=TW, ST=Taiwan, L=Taipei, O=PEGATRON CORPORATION, OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, CN=PEGATRON CORPORATION
+            ValidFrom: '2012-03-06 00:00:00'
+            ValidTo: '2015-03-29 23:59:59'
+            Signature: 826501755cb3861a31e06401c06a60985b976786d9ee66655b16dd6d0bee5eb2f1cc78cd3ab42a8074f2ead8703cde54b1abcf4587bf817e30617d1af84751b7500221dcbf4c44dd111da69ee12a89907bdd7dc10234330ba6914f64d2efde98cb0fd05e6e5d934093cbfd4d79999ef382d804516e593f3de809bdf5c9024dad58da6dd9c62f13b75c649bc8f6c3c75f5617b2db0dc20abf47f820e5b01289b457cd234fa59038f0aa7b86c8b7590728fd9252eefeb112de0b8bb6733b162a5596ffb01ec9fa61fc5cad486c4e7f9d24c5fc10a0adf8ba3f70ef4597ab8fe20978346673fffb66fb15373759bf0e1142034440402ab58a2c1bd0e32f7a23a85a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 291a8c8022af992219298e002861d3e6
+            Version: 3
+            TBS:
+                MD5: 92ee6d7e7b0fbf4e755ce186dc2e2ed9
+                SHA1: 2fdb5226daef89f545c7c8d0dcc4233d02126e68
+                SHA256: 4fd24c5fdae677d4e66d9d1c7b1417680ed16f69dc94c98698f580afdd3873df
+                SHA384: f4140f9893e8ae98630aca7174509f3b966878caca375fe2865adf98739fae974c43db7e81a1ddffef787ffa0b296867
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 291a8c8022af992219298e002861d3e6
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: ''
+    MD5: f766a9bb7cd46ba8c871484058f908f0
+    MachineType: AMD64
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: 24b3f962587b0062ac9a1ec71bcc3836b12306d2
+    SHA256: 13ae4d9dcacba8133d8189e59d9352272e15629e6bca580c32aff9810bd96e44
+    Signature: ''
+    Imphash: 8211bd4f00a3d9928a11a6ac3329fc46
+    Authentihash:
+        MD5: 6ff943f654668582c1f1afa011932d7a
+        SHA1: 4cac09246c22324368f367e03550734a281471c5
+        SHA256: c8a34012c22a650972b9ecad988d346c8670bcd51ea2dd3ab7fe4562e117f1b9
+    RichPEHeaderHash:
+        MD5: 889c98d36b232f069b9686d61ca41f8d
+        SHA1: ab8e11d3941b91551d5ff2209aa0e24ec1c60a5c
+        SHA256: 5317c6b7c0a8a229f52733b98c9b1c049bc019ae7fbe2d9e8643814db0fc240c
+    Sections:
+        .text:
+            Entropy: 6.311346777695431
+            Virtual Size: '0x2c96'
+        .rdata:
+            Entropy: 4.620063504139846
+            Virtual Size: '0x234'
+        .data:
+            Entropy: 0.5035334969292564
+            Virtual Size: '0x118'
+        .pdata:
+            Entropy: 3.5844387707598413
+            Virtual Size: '0xb4'
+        INIT:
+            Entropy: 4.946698422001189
+            Virtual Size: '0x398'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2007-12-11 00:27:18'
+    InternalName: ''
+    Copyright: ''
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoCreateSymbolicLink
+    - MmUnmapLockedPages
+    - IoCreateDevice
+    - IoDeleteSymbolicLink
+    - MmAllocateContiguousMemorySpecifyCache
+    - MmFreeContiguousMemorySpecifyCache
+    - DbgPrint
+    - IoAllocateMdl
+    - MmAllocateContiguousMemory
+    - KeAcquireSpinLockRaiseToDpc
+    - IofCompleteRequest
+    - IoDeleteDevice
+    - KeReleaseSpinLock
+    - MmFreeContiguousMemory
+    - MmUnmapIoSpace
+    - MmBuildMdlForNonPagedPool
+    - IoFreeMdl
+    - MmGetPhysicalAddress
+    - MmMapLockedPagesSpecifyCache
+    - KeBugCheckEx
+    - RtlInitUnicodeString
+    - MmMapIoSpace
+    - HalTranslateBusAddress
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=TW, ST=Taiwan, L=Taipei / Peitou, O=ASUSTeK Computer Inc.,
+                OU=Digital ID Class 3 , Microsoft Software Validation v2, OU=Quality
+                Testing Department, CN=ASUSTeK Computer Inc.
+            ValidFrom: '2007-07-03 00:00:00'
+            ValidTo: '2008-07-26 23:59:59'
+            Signature: 2eca2db768d60f241f8c155b9db4bc91a02d16a3f1ec09059aa3b91a4ee0e44317d1f286d12133f44f4b282141287a8b9a3781b46184f732a599edb622e6057156d99221a130091c9f171f1a5f75125a68270d5c21ac379541136b8bf164a0ee6c9b9f5557754ea940f1c836e6d823528d764aaa41b038d84523e395c0ada5e17fea7912a0d10aa807fc0b89d4d116b92dbfc7028f1a23d5d679ac9a1023952a2cf98940ad5cc16bd9381403751ebd52c892205205d51d72b2a83ddb92547fce93e2b6617a42c7249312344ee0b9184859e8b1dd39bd5e61ab5999cbc8aa8807c8538c1926e49a9bbc29dcdf266a603c85f8df773c9659bcf08ffe2ba0f1cfa5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 23eab3ac30c7016a299c8d31d99f3ae8
+            Version: 3
+            TBS:
+                MD5: 54f73eaca10fe12ff2e14194e2f019b8
+                SHA1: 471cb77202e7d4941a5bff8ba813f5ed221dc32e
+                SHA256: 9dba2d4765226ca91fb7104e0cbd01308c4e8ed9727ea661eeaa473d7825ee35
+                SHA384: 272d877ad02e5487a0864e4d876a9e06fea5ead9cd149e7a48c4f111cfa8dc2f05f1042f2822b42360896da334e6390d
+        Signer:
+        -   SerialNumber: 23eab3ac30c7016a299c8d31d99f3ae8
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/4f93e19c-4600-4e2e-943f-a986875fd7d2.yaml b/yaml/4f93e19c-4600-4e2e-943f-a986875fd7d2.yaml
index 6ef683de4..1ffd5143b 100644
--- a/yaml/4f93e19c-4600-4e2e-943f-a986875fd7d2.yaml
+++ b/yaml/4f93e19c-4600-4e2e-943f-a986875fd7d2.yaml
@@ -1,35 +1,35 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 4f93e19c-4600-4e2e-943f-a986875fd7d2
+Tags:
+- ni.sys
+Verified: 'FALSE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create ni.sys binPath=C:\windows\temp \n \n \n  i.sys type=kernel
-    && sc.exe start ni.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection: []
-Id: 4f93e19c-4600-4e2e-943f-a986875fd7d2
-KnownVulnerableSamples:
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: ni.sys
-  MachineType: ''
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA256: ae79e760c739d6214c1e314728a78a6cb6060cce206fde2440a69735d639a0a2
-  Signature: []
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create ni.sys binPath=C:\windows\temp \n \n \n  i.sys type=kernel
+        && sc.exe start ni.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules
-Tags:
-- ni.sys
-Verified: 'FALSE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: ni.sys
+    MachineType: ''
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA256: ae79e760c739d6214c1e314728a78a6cb6060cce206fde2440a69735d639a0a2
+    Signature: []
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/500e07cb-77c6-4e83-ae3f-73f70f1c10b5.yaml b/yaml/500e07cb-77c6-4e83-ae3f-73f70f1c10b5.yaml
index 9924528ec..3a6ba6ac3 100644
--- a/yaml/500e07cb-77c6-4e83-ae3f-73f70f1c10b5.yaml
+++ b/yaml/500e07cb-77c6-4e83-ae3f-73f70f1c10b5.yaml
@@ -1,179 +1,179 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 500e07cb-77c6-4e83-ae3f-73f70f1c10b5
+Tags:
+- tfbfs3ped.sys
+Verified: 'TRUE'
 Author: Michael Haag
+Created: '2023-07-22'
+MitreID: T1068
 CVE:
 - ''
 Category: vulnerable drivers
 Commands:
-  Command: ''
-  Description: Confirmed vulnerable driver from Microsoft Block List
-  OperatingSystem: Windows
-  Privileges: kernel
-  Usecase: Elevate privileges
-Created: '2023-07-22'
-Detection:
-- type: ''
-  value: ''
-Id: 500e07cb-77c6-4e83-ae3f-73f70f1c10b5
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: a17d227444e090ff69e24fcb6d43162b
-    SHA1: 43d3a3c1f7b14cfcc051cae2534dbbbb4c7fc120
-    SHA256: b8eb26b6f79020ae988e4fb752dc06e1b6779749bf4f8df2872fc2b92bab8020
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2005-05-25 00:39:12'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - RtlInitUnicodeString
-  - ZwClose
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - IoDeleteSymbolicLink
-  - IofCompleteRequest
-  - MmIsAddressValid
-  - ZwUnmapViewOfSection
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - __C_specific_handler
-  - IoDeleteDevice
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: 59a48daa7dbdcb13bd0a11c71e1ad2f7
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: deb9c1e252f598099d70d2b33a313da3
-    SHA1: f0c2801e0091ed6f5e10ea7045e911aa90030290
-    SHA256: 914fb9761d50c3fa2ecf9fbd8af3735f9b8d6c4903e067c8af9546e79b6f22c7
-  SHA1: 6c447a42e73d6feff09812abaf67af566d83eb3a
-  SHA256: 0897935ff2e0e7cc23a036ec0791d587b4799a299c8d6d65f364a8bdff645760
-  Sections:
-    .text:
-      Entropy: 5.7214393917162045
-      Virtual Size: '0xc74'
-    .rdata:
-      Entropy: 3.4063014058939425
-      Virtual Size: '0x130'
-    .data:
-      Entropy: 2.4884950805464947
-      Virtual Size: '0x58'
-    .pdata:
-      Entropy: 3.1879942043708462
-      Virtual Size: '0x60'
-    INIT:
-      Entropy: 4.4494366822955245
-      Virtual Size: '0x202'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
-        Primary Object Publishing CA
-      ValidFrom: '1999-01-28 12:00:00'
-      ValidTo: '2014-01-27 11:00:00'
-      Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9611cd6
-      Version: 3
-      TBS:
-        MD5: 698f075151097d84c0b1f3e7bc3d6fca
-        SHA1: 041750993d7c9e063f02dfe74699598640911aab
-        SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
-        SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
-    - Subject: C=TW, O=Micro,Star Int'l Co. Ltd., CN=Micro,Star Int'l Co. Ltd.
-      ValidFrom: '2008-08-28 09:49:45'
-      ValidTo: '2011-08-28 09:49:45'
-      Signature: 572df373e9b036711b3cf5ee882e5d75d8d50f012407cf0c1b554ff8f41c7b6477fa0b2ad579f2c1fe7b8b9d7374b690527c219eb979686fb67d0b4cf2885d8d7d1261f05cb72fe4c9f294c52aa05f3e5d1ceb0d77085dbd6af07978032505da666f353283a8982af26985e69c1599479945b591124183574b8a4cc34caa62e31b523dac3fedbd04951b3661399ed34f5c5868d9bbe3295fc09890d9521e1cdcae2ff129f547d4c8ce8aa08616107c555fac60e5b63c14ddfeb6962af3608b75d9c77c69260d8af9775b83afaa15b8ecef6840cb4ee87d451f9042b49735ea40931c0664c8c2bf6a139db6ac5b90edcea63a6bf5b54978f027b1046170d476d0
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0100000000011c08b7f67e
-      Version: 3
-      TBS:
-        MD5: 4566c37f56f951a0ce5b4ae966c0ea9f
-        SHA1: a51cbf2834eb6f8535bc5e44913a9ec979379782
-        SHA256: 88a8e9a799af515b9223e4cdf24d0ef1e72f12124be02786f026a3c26317b417
-        SHA384: d8d8769d5b6a0fe7c56fcde24c735475ee0e5d01c63dbf7690cdae5a3e251818bed42443d0c6424d39e81a19d6c83bdb
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      ValidFrom: '2004-01-22 09:00:00'
-      ValidTo: '2014-01-27 10:00:00'
-      Signature: 3c4a010267edf20a2e736e40252f1dccbc2db652141b27122cf1229e190a89b6ef352a29152b1a88c20f37168d2602d5e93080f608b9939ac0498f332c3035ff4ab9892aa75c38e761a778fe22851a07b4b9edcf21f25ddedff329c5d38d9e14c4285c88e590a300442912b23e759540244a6beee2d0ef862ddf6d741a4f1cc79424c443464f7b81015d23733cd9752e995361565e7ccd13e237d222e570f8a743f6154147fda24702c43651ca545da6cdcad61817533ff1d38e0f0aafda17941657a0991431c90e1611d2c04ca2a25978fbb6b933cff763c9d2c4c84953dd8a59525e7d3b385eed220360ac85cd58325dcdc31c07fa7ef67efbc8ac378be498
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000117ab50b915
-      Version: 3
-      TBS:
-        MD5: 5686b287d716c4d2428b092c4ef30f9c
-        SHA1: 306fb5fbeb3d531510bb4b663c4fd48adc121e14
-        SHA256: 60846fc990e271a707cd2d53d0bb21834a04f7652214aa0c12597ff6649d352d
-        SHA384: 6b37b28ca97b32a31b0fa53b5e961ae0f2d1aae2c5bf46de132e57834ee3968d9af7ad204821f9389cc4e0b5a8481fe8
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 0100000000011c08b7f67e
-      Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      Version: 1
-  Imphash: 543f80399f79401471523d335ea61642
-  LoadsDespiteHVCI: 'FALSE'
-MitreID: T1068
+    Command: ''
+    Description: Confirmed vulnerable driver from Microsoft Block List
+    OperatingSystem: Windows
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://gist.github.com/mgraeber-rc/1bde6a2a83237f17b463d051d32e802c
-Tags:
-- tfbfs3ped.sys
-Verified: 'TRUE'
+Detection:
+-   type: ''
+    value: ''
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: a17d227444e090ff69e24fcb6d43162b
+        SHA1: 43d3a3c1f7b14cfcc051cae2534dbbbb4c7fc120
+        SHA256: b8eb26b6f79020ae988e4fb752dc06e1b6779749bf4f8df2872fc2b92bab8020
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2005-05-25 00:39:12'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - RtlInitUnicodeString
+    - ZwClose
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - IoDeleteSymbolicLink
+    - IofCompleteRequest
+    - MmIsAddressValid
+    - ZwUnmapViewOfSection
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - __C_specific_handler
+    - IoDeleteDevice
+    - HalTranslateBusAddress
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: 59a48daa7dbdcb13bd0a11c71e1ad2f7
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: deb9c1e252f598099d70d2b33a313da3
+        SHA1: f0c2801e0091ed6f5e10ea7045e911aa90030290
+        SHA256: 914fb9761d50c3fa2ecf9fbd8af3735f9b8d6c4903e067c8af9546e79b6f22c7
+    SHA1: 6c447a42e73d6feff09812abaf67af566d83eb3a
+    SHA256: 0897935ff2e0e7cc23a036ec0791d587b4799a299c8d6d65f364a8bdff645760
+    Sections:
+        .text:
+            Entropy: 5.7214393917162045
+            Virtual Size: '0xc74'
+        .rdata:
+            Entropy: 3.4063014058939425
+            Virtual Size: '0x130'
+        .data:
+            Entropy: 2.4884950805464947
+            Virtual Size: '0x58'
+        .pdata:
+            Entropy: 3.1879942043708462
+            Virtual Size: '0x60'
+        INIT:
+            Entropy: 4.4494366822955245
+            Virtual Size: '0x202'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
+                Primary Object Publishing CA
+            ValidFrom: '1999-01-28 12:00:00'
+            ValidTo: '2014-01-27 11:00:00'
+            Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9611cd6
+            Version: 3
+            TBS:
+                MD5: 698f075151097d84c0b1f3e7bc3d6fca
+                SHA1: 041750993d7c9e063f02dfe74699598640911aab
+                SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
+                SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
+        -   Subject: C=TW, O=Micro,Star Int'l Co. Ltd., CN=Micro,Star Int'l Co. Ltd.
+            ValidFrom: '2008-08-28 09:49:45'
+            ValidTo: '2011-08-28 09:49:45'
+            Signature: 572df373e9b036711b3cf5ee882e5d75d8d50f012407cf0c1b554ff8f41c7b6477fa0b2ad579f2c1fe7b8b9d7374b690527c219eb979686fb67d0b4cf2885d8d7d1261f05cb72fe4c9f294c52aa05f3e5d1ceb0d77085dbd6af07978032505da666f353283a8982af26985e69c1599479945b591124183574b8a4cc34caa62e31b523dac3fedbd04951b3661399ed34f5c5868d9bbe3295fc09890d9521e1cdcae2ff129f547d4c8ce8aa08616107c555fac60e5b63c14ddfeb6962af3608b75d9c77c69260d8af9775b83afaa15b8ecef6840cb4ee87d451f9042b49735ea40931c0664c8c2bf6a139db6ac5b90edcea63a6bf5b54978f027b1046170d476d0
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0100000000011c08b7f67e
+            Version: 3
+            TBS:
+                MD5: 4566c37f56f951a0ce5b4ae966c0ea9f
+                SHA1: a51cbf2834eb6f8535bc5e44913a9ec979379782
+                SHA256: 88a8e9a799af515b9223e4cdf24d0ef1e72f12124be02786f026a3c26317b417
+                SHA384: d8d8769d5b6a0fe7c56fcde24c735475ee0e5d01c63dbf7690cdae5a3e251818bed42443d0c6424d39e81a19d6c83bdb
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            ValidFrom: '2004-01-22 09:00:00'
+            ValidTo: '2014-01-27 10:00:00'
+            Signature: 3c4a010267edf20a2e736e40252f1dccbc2db652141b27122cf1229e190a89b6ef352a29152b1a88c20f37168d2602d5e93080f608b9939ac0498f332c3035ff4ab9892aa75c38e761a778fe22851a07b4b9edcf21f25ddedff329c5d38d9e14c4285c88e590a300442912b23e759540244a6beee2d0ef862ddf6d741a4f1cc79424c443464f7b81015d23733cd9752e995361565e7ccd13e237d222e570f8a743f6154147fda24702c43651ca545da6cdcad61817533ff1d38e0f0aafda17941657a0991431c90e1611d2c04ca2a25978fbb6b933cff763c9d2c4c84953dd8a59525e7d3b385eed220360ac85cd58325dcdc31c07fa7ef67efbc8ac378be498
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000117ab50b915
+            Version: 3
+            TBS:
+                MD5: 5686b287d716c4d2428b092c4ef30f9c
+                SHA1: 306fb5fbeb3d531510bb4b663c4fd48adc121e14
+                SHA256: 60846fc990e271a707cd2d53d0bb21834a04f7652214aa0c12597ff6649d352d
+                SHA384: 6b37b28ca97b32a31b0fa53b5e961ae0f2d1aae2c5bf46de132e57834ee3968d9af7ad204821f9389cc4e0b5a8481fe8
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 0100000000011c08b7f67e
+            Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            Version: 1
+    Imphash: 543f80399f79401471523d335ea61642
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/51808fa6-89a4-4f4d-aabc-0a7b0e99e34d.yaml b/yaml/51808fa6-89a4-4f4d-aabc-0a7b0e99e34d.yaml
index dbf3607f5..a7a66e10a 100644
--- a/yaml/51808fa6-89a4-4f4d-aabc-0a7b0e99e34d.yaml
+++ b/yaml/51808fa6-89a4-4f4d-aabc-0a7b0e99e34d.yaml
@@ -1,181 +1,181 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 51808fa6-89a4-4f4d-aabc-0a7b0e99e34d
+Tags:
+- kdriver.sys
+Verified: 'TRUE'
 Author: Michael Haag
+Created: '2023-07-22'
+MitreID: T1068
 CVE:
 - ''
 Category: vulnerable drivers
 Commands:
-  Command: ''
-  Description: Confirmed vulnerable driver from Microsoft Block List
-  OperatingSystem: Windows
-  Privileges: kernel
-  Usecase: Elevate privileges
-Created: '2023-07-22'
-Detection:
-- type: ''
-  value: ''
-Id: 51808fa6-89a4-4f4d-aabc-0a7b0e99e34d
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: ff295de93e6b6dcc3938d50901a7240d
-    SHA1: 484c72dd4fd91083b249f3ccc733a3c8335e583f
-    SHA256: 0c7809ac1fa074408518ddc0ac118912c9cd43ed9c89213bc4d59043016b040c
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2020-08-16 21:38:03'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - NtQuerySystemInformation
-  - RtlInitUnicodeString
-  - ExAllocatePool
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - _wcsicmp
-  - RtlInitString
-  - RtlAnsiStringToUnicodeString
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - ZwClose
-  - MmIsAddressValid
-  - ZwOpenDirectoryObject
-  - ZwQueryDirectoryObject
-  - ObReferenceObjectByName
-  - ZwQuerySystemInformation
-  - __C_specific_handler
-  - MmHighestUserAddress
-  - IoDriverObjectType
-  - KeQueryTimeIncrement
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - PsGetProcessWow64Process
-  - PsGetProcessPeb
-  - MmUnlockPages
-  - MmGetSystemRoutineAddress
-  - MmUnmapLockedPages
-  - IoFreeMdl
-  - ZwTerminateProcess
-  - PsGetProcessImageFileName
-  - ObOpenObjectByPointer
-  - PsReferenceProcessFilePointer
-  - IoQueryFileDosDeviceName
-  - ZwQueryVirtualMemory
-  - MmProbeAndLockPages
-  - PsLookupProcessByProcessId
-  - MmMapLockedPagesSpecifyCache
-  - IoAllocateMdl
-  - IoGetCurrentProcess
-  - MmCopyVirtualMemory
-  - KeClearEvent
-  - KeSetEvent
-  - KeWaitForSingleObject
-  - MmMapLockedPages
-  - ObReferenceObjectByHandle
-  - PsSetCreateProcessNotifyRoutineEx
-  - PsSetCreateThreadNotifyRoutine
-  - PsRemoveCreateThreadNotifyRoutine
-  - PsSetLoadImageNotifyRoutine
-  - PsRemoveLoadImageNotifyRoutine
-  - ExEventObjectType
-  - ObRegisterCallbacks
-  - ObUnRegisterCallbacks
-  - ObGetFilterVersion
-  - IoThreadToProcess
-  - strcmp
-  - PsProcessType
-  - PsThreadType
-  - RtlGetVersion
-  - ObfReferenceObject
-  - ObGetObjectType
-  - ExEnumHandleTable
-  - ExfUnblockPushLock
-  - _snprintf
-  - vsprintf_s
-  - ZwCreateFile
-  - ZwWriteFile
-  - PsLookupThreadByThreadId
-  - NtQueryInformationThread
-  - PsGetThreadProcess
-  - DbgPrint
-  - KeDelayExecutionThread
-  - KdDisableDebugger
-  - KdChangeOption
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - KdDebuggerEnabled
-  - PsGetVersion
-  - KeInitializeEvent
-  - RtlCopyUnicodeString
-  - ObfDereferenceObject
-  - ExReleaseFastMutex
-  - ExAcquireFastMutex
-  - MmBuildMdlForNonPagedPool
-  - WdfVersionBindClass
-  - WdfVersionBind
-  - WdfVersionUnbind
-  - WdfVersionUnbindClass
-  Imports:
-  - ntoskrnl.exe
-  - WDFLDR.SYS
-  InternalName: ''
-  MD5: 70053ab9df31eb2dcd6f5b001386a8d2
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: ffdf660eb1ebf020a1d0a55a90712dfb
-    SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
-    SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
-  SHA1: b1266873fa36a2104fd5d7f498a9957bc3d9d450
-  SHA256: 603ccc97a198b004f9fa56deed2295d1b2d42ef01f22d80a00cb28bcf1b85646
-  Sections:
-    .text:
-      Entropy: 6.183070832014416
-      Virtual Size: '0x6ed0'
-    .rdata:
-      Entropy: 4.768973580594352
-      Virtual Size: '0x159c'
-    .data:
-      Entropy: 0.807954115503613
-      Virtual Size: '0x15f8'
-    .pdata:
-      Entropy: 7.83996638727823
-      Virtual Size: '0x684'
-    PAGE:
-      Entropy: 5.929327209049661
-      Virtual Size: '0xb7a'
-    INIT:
-      Entropy: 5.3523212488458185
-      Virtual Size: '0xe54'
-    .upx0:
-      Entropy: 7.037246397744446
-      Virtual Size: '0x124190'
-    .reloc:
-      Entropy: 3.9077681077271933
-      Virtual Size: '0xcc'
-    .rsrc:
-      Entropy: 2.9056718289000636
-      Virtual Size: '0x22c'
-  Signature: ''
-  Signatures: {}
-  Imphash: a74f61fdcea718cb9579907b2caf54ab
-  LoadsDespiteHVCI: 'FALSE'
-MitreID: T1068
+    Command: ''
+    Description: Confirmed vulnerable driver from Microsoft Block List
+    OperatingSystem: Windows
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://gist.github.com/mgraeber-rc/1bde6a2a83237f17b463d051d32e802c
-Tags:
-- kdriver.sys
-Verified: 'TRUE'
+Detection:
+-   type: ''
+    value: ''
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: ff295de93e6b6dcc3938d50901a7240d
+        SHA1: 484c72dd4fd91083b249f3ccc733a3c8335e583f
+        SHA256: 0c7809ac1fa074408518ddc0ac118912c9cd43ed9c89213bc4d59043016b040c
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2020-08-16 21:38:03'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - NtQuerySystemInformation
+    - RtlInitUnicodeString
+    - ExAllocatePool
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - _wcsicmp
+    - RtlInitString
+    - RtlAnsiStringToUnicodeString
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - ZwClose
+    - MmIsAddressValid
+    - ZwOpenDirectoryObject
+    - ZwQueryDirectoryObject
+    - ObReferenceObjectByName
+    - ZwQuerySystemInformation
+    - __C_specific_handler
+    - MmHighestUserAddress
+    - IoDriverObjectType
+    - KeQueryTimeIncrement
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - PsGetProcessWow64Process
+    - PsGetProcessPeb
+    - MmUnlockPages
+    - MmGetSystemRoutineAddress
+    - MmUnmapLockedPages
+    - IoFreeMdl
+    - ZwTerminateProcess
+    - PsGetProcessImageFileName
+    - ObOpenObjectByPointer
+    - PsReferenceProcessFilePointer
+    - IoQueryFileDosDeviceName
+    - ZwQueryVirtualMemory
+    - MmProbeAndLockPages
+    - PsLookupProcessByProcessId
+    - MmMapLockedPagesSpecifyCache
+    - IoAllocateMdl
+    - IoGetCurrentProcess
+    - MmCopyVirtualMemory
+    - KeClearEvent
+    - KeSetEvent
+    - KeWaitForSingleObject
+    - MmMapLockedPages
+    - ObReferenceObjectByHandle
+    - PsSetCreateProcessNotifyRoutineEx
+    - PsSetCreateThreadNotifyRoutine
+    - PsRemoveCreateThreadNotifyRoutine
+    - PsSetLoadImageNotifyRoutine
+    - PsRemoveLoadImageNotifyRoutine
+    - ExEventObjectType
+    - ObRegisterCallbacks
+    - ObUnRegisterCallbacks
+    - ObGetFilterVersion
+    - IoThreadToProcess
+    - strcmp
+    - PsProcessType
+    - PsThreadType
+    - RtlGetVersion
+    - ObfReferenceObject
+    - ObGetObjectType
+    - ExEnumHandleTable
+    - ExfUnblockPushLock
+    - _snprintf
+    - vsprintf_s
+    - ZwCreateFile
+    - ZwWriteFile
+    - PsLookupThreadByThreadId
+    - NtQueryInformationThread
+    - PsGetThreadProcess
+    - DbgPrint
+    - KeDelayExecutionThread
+    - KdDisableDebugger
+    - KdChangeOption
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - KdDebuggerEnabled
+    - PsGetVersion
+    - KeInitializeEvent
+    - RtlCopyUnicodeString
+    - ObfDereferenceObject
+    - ExReleaseFastMutex
+    - ExAcquireFastMutex
+    - MmBuildMdlForNonPagedPool
+    - WdfVersionBindClass
+    - WdfVersionBind
+    - WdfVersionUnbind
+    - WdfVersionUnbindClass
+    Imports:
+    - ntoskrnl.exe
+    - WDFLDR.SYS
+    InternalName: ''
+    MD5: 70053ab9df31eb2dcd6f5b001386a8d2
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: ffdf660eb1ebf020a1d0a55a90712dfb
+        SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
+        SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
+    SHA1: b1266873fa36a2104fd5d7f498a9957bc3d9d450
+    SHA256: 603ccc97a198b004f9fa56deed2295d1b2d42ef01f22d80a00cb28bcf1b85646
+    Sections:
+        .text:
+            Entropy: 6.183070832014416
+            Virtual Size: '0x6ed0'
+        .rdata:
+            Entropy: 4.768973580594352
+            Virtual Size: '0x159c'
+        .data:
+            Entropy: 0.807954115503613
+            Virtual Size: '0x15f8'
+        .pdata:
+            Entropy: 7.83996638727823
+            Virtual Size: '0x684'
+        PAGE:
+            Entropy: 5.929327209049661
+            Virtual Size: '0xb7a'
+        INIT:
+            Entropy: 5.3523212488458185
+            Virtual Size: '0xe54'
+        .upx0:
+            Entropy: 7.037246397744446
+            Virtual Size: '0x124190'
+        .reloc:
+            Entropy: 3.9077681077271933
+            Virtual Size: '0xcc'
+        .rsrc:
+            Entropy: 2.9056718289000636
+            Virtual Size: '0x22c'
+    Signature: ''
+    Signatures: {}
+    Imphash: a74f61fdcea718cb9579907b2caf54ab
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/51c342f3-0b91-4674-8f81-bc016855f30f.yaml b/yaml/51c342f3-0b91-4674-8f81-bc016855f30f.yaml
index d112e7030..6c3cf76a1 100644
--- a/yaml/51c342f3-0b91-4674-8f81-bc016855f30f.yaml
+++ b/yaml/51c342f3-0b91-4674-8f81-bc016855f30f.yaml
@@ -1,214 +1,215 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 51c342f3-0b91-4674-8f81-bc016855f30f
+Tags:
+- AsrDrv101.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create AsrDrv101.sys binPath=C:\windows\temp\AsrDrv101.sys type=kernel
-    && sc.exe start AsrDrv101.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/f40435488389b4fb3b945ca21a8325a51e1b5f80f045ab019748d0ec66056a8b.yara
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: 51c342f3-0b91-4674-8f81-bc016855f30f
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 236e9dd83b6d3ae6d23a57590b68fb5e
-    SHA1: d0580bfc31faefb7e017798121c5b8a4e68155f9
-    SHA256: fee4560f2160a951d83344857eb4587ab10c1cfd8c5cfc23b6f06bef8ebcd984
-  Company: ASRock Incorporation
-  Copyright: Copyright (C) 2012 ASRock Incorporation
-  CreationTimestamp: '2013-01-14 23:25:51'
-  Date: ''
-  Description: ASRock IO Driver
-  ExportedFunctions: ''
-  FileVersion: '1.00.00.0000 built by: WinDDK'
-  Filename: AsrDrv101.sys
-  ImportedFunctions:
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - MmFreeContiguousMemorySpecifyCache
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - RtlQueryRegistryValues
-  - MmUnmapIoSpace
-  - IoFreeMdl
-  - MmGetPhysicalAddress
-  - IoBuildAsynchronousFsdRequest
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - IoFreeIrp
-  - RtlCompareMemory
-  - MmUnlockPages
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - MmAllocateContiguousMemorySpecifyCache
-  - IofCallDriver
-  - KeBugCheckEx
-  - ExAllocatePoolWithTag
-  - KeStallExecutionProcessor
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: AsrDrv.sys
-  MD5: 1a234f4643f5658bab07bfa611282267
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: AsrDrv.sys
-  Product: ASRock IO Driver
-  ProductVersion: 1.00.00.0000
-  Publisher: ASROCK Incorporation
-  RichPEHeaderHash:
-    MD5: a84c01eca8a6ca8e5221dbca3000c16e
-    SHA1: ff0ae5ad07f99ad2ac40b53c5215335a5d84e926
-    SHA256: 961a144592952461a785ff1f4d4f55c4132016b9fbbce3d881edf6131038533b
-  SHA1: 57511ef5ff8162a9d793071b5bf7ebe8371759de
-  SHA256: f40435488389b4fb3b945ca21a8325a51e1b5f80f045ab019748d0ec66056a8b
-  Sections:
-    .text:
-      Entropy: 6.322191972105939
-      Virtual Size: '0x1c08'
-    .rdata:
-      Entropy: 4.654405673393832
-      Virtual Size: '0x264'
-    .data:
-      Entropy: 0.46979092711892695
-      Virtual Size: '0x130'
-    .pdata:
-      Entropy: 3.68915035708827
-      Virtual Size: '0xfc'
-    INIT:
-      Entropy: 5.421591319356761
-      Virtual Size: '0x4d8'
-    .rsrc:
-      Entropy: 3.287296316763299
-      Virtual Size: '0x3a0'
-  Signature:
-  - ASROCK Incorporation
-  - VeriSign Class 3 Code Signing 2010 CA
-  - VeriSign
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=TW, ST=TAIWAN, L=Taipei, O=ASROCK Incorporation, OU=Digital ID Class
-        3 , Microsoft Software Validation v2, CN=ASROCK Incorporation
-      ValidFrom: '2011-03-07 00:00:00'
-      ValidTo: '2014-04-03 23:59:59'
-      Signature: e457550022e1dc5fe5a4f5162ea4664b819458f2359662f932d0d95e5ea6fd9ddafef2e213e9b4a46fa9acd6d5a07919479d127beb7ec1c11f0bc376b8ebfa7f815ec4f9b97646c2297359d2d8fda71a21143f33696ca8f3e1f830ef73cddea63b38fe440779ac5ef4885c3e5158183efbd50ecac394edbe86ad65c8245bf56719cd0dd5a13b2baad92c65ab6b2fbfc7aad423fc082e067d6080a3fbc634e58361bb6aa25ef376c78795d025f425faf64d8771549f3f7acfa1a55d4d7c4d8da57cd78411925d37a515cccbd1f978fb26abd268b80ff67b64bd4262e63b04d4015c8af232d9f117bfcec950c5612adbbcd70106d5712f5c70c131fbd19db21e6c
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 45dfec7bb3d378c97feb24efd699bb4e
-      Version: 3
-      TBS:
-        MD5: 544af7037e76dccfe47a9dffd9b847fd
-        SHA1: ea7dceadac1b76a4a0ed5624632072f8aa6ce02c
-        SHA256: 87f5b27417a56e4175d0e0acb7a831961963fad217e5d82fbf699287e8fdab25
-        SHA384: 2b6eb82e226dcec715cc7c98e2bf9a9a0dcb3f4e471827fe95d9dbd452ce459c6ae9525771c673800fa84b679b14db89
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 45dfec7bb3d378c97feb24efd699bb4e
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 9d7183c1d8107495354c4fad9dae3452
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create AsrDrv101.sys binPath=C:\windows\temp\AsrDrv101.sys type=kernel
+        && sc.exe start AsrDrv101.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://github.com/namazso/physmem_drivers
-Tags:
-- AsrDrv101.sys
-Verified: 'TRUE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/f40435488389b4fb3b945ca21a8325a51e1b5f80f045ab019748d0ec66056a8b.yara
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 236e9dd83b6d3ae6d23a57590b68fb5e
+        SHA1: d0580bfc31faefb7e017798121c5b8a4e68155f9
+        SHA256: fee4560f2160a951d83344857eb4587ab10c1cfd8c5cfc23b6f06bef8ebcd984
+    Company: ASRock Incorporation
+    Copyright: Copyright (C) 2012 ASRock Incorporation
+    CreationTimestamp: '2013-01-14 23:25:51'
+    Date: ''
+    Description: ASRock IO Driver
+    ExportedFunctions: ''
+    FileVersion: '1.00.00.0000 built by: WinDDK'
+    Filename: AsrDrv101.sys
+    ImportedFunctions:
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - MmFreeContiguousMemorySpecifyCache
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - RtlQueryRegistryValues
+    - MmUnmapIoSpace
+    - IoFreeMdl
+    - MmGetPhysicalAddress
+    - IoBuildAsynchronousFsdRequest
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - IoFreeIrp
+    - RtlCompareMemory
+    - MmUnlockPages
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - MmAllocateContiguousMemorySpecifyCache
+    - IofCallDriver
+    - KeBugCheckEx
+    - ExAllocatePoolWithTag
+    - KeStallExecutionProcessor
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: AsrDrv.sys
+    MD5: 1a234f4643f5658bab07bfa611282267
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: AsrDrv.sys
+    Product: ASRock IO Driver
+    ProductVersion: 1.00.00.0000
+    Publisher: ASROCK Incorporation
+    RichPEHeaderHash:
+        MD5: a84c01eca8a6ca8e5221dbca3000c16e
+        SHA1: ff0ae5ad07f99ad2ac40b53c5215335a5d84e926
+        SHA256: 961a144592952461a785ff1f4d4f55c4132016b9fbbce3d881edf6131038533b
+    SHA1: 57511ef5ff8162a9d793071b5bf7ebe8371759de
+    SHA256: f40435488389b4fb3b945ca21a8325a51e1b5f80f045ab019748d0ec66056a8b
+    Sections:
+        .text:
+            Entropy: 6.322191972105939
+            Virtual Size: '0x1c08'
+        .rdata:
+            Entropy: 4.654405673393832
+            Virtual Size: '0x264'
+        .data:
+            Entropy: 0.46979092711892695
+            Virtual Size: '0x130'
+        .pdata:
+            Entropy: 3.68915035708827
+            Virtual Size: '0xfc'
+        INIT:
+            Entropy: 5.421591319356761
+            Virtual Size: '0x4d8'
+        .rsrc:
+            Entropy: 3.287296316763299
+            Virtual Size: '0x3a0'
+    Signature:
+    - ASROCK Incorporation
+    - VeriSign Class 3 Code Signing 2010 CA
+    - VeriSign
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=TW, ST=TAIWAN, L=Taipei, O=ASROCK Incorporation, OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, CN=ASROCK Incorporation
+            ValidFrom: '2011-03-07 00:00:00'
+            ValidTo: '2014-04-03 23:59:59'
+            Signature: e457550022e1dc5fe5a4f5162ea4664b819458f2359662f932d0d95e5ea6fd9ddafef2e213e9b4a46fa9acd6d5a07919479d127beb7ec1c11f0bc376b8ebfa7f815ec4f9b97646c2297359d2d8fda71a21143f33696ca8f3e1f830ef73cddea63b38fe440779ac5ef4885c3e5158183efbd50ecac394edbe86ad65c8245bf56719cd0dd5a13b2baad92c65ab6b2fbfc7aad423fc082e067d6080a3fbc634e58361bb6aa25ef376c78795d025f425faf64d8771549f3f7acfa1a55d4d7c4d8da57cd78411925d37a515cccbd1f978fb26abd268b80ff67b64bd4262e63b04d4015c8af232d9f117bfcec950c5612adbbcd70106d5712f5c70c131fbd19db21e6c
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 45dfec7bb3d378c97feb24efd699bb4e
+            Version: 3
+            TBS:
+                MD5: 544af7037e76dccfe47a9dffd9b847fd
+                SHA1: ea7dceadac1b76a4a0ed5624632072f8aa6ce02c
+                SHA256: 87f5b27417a56e4175d0e0acb7a831961963fad217e5d82fbf699287e8fdab25
+                SHA384: 2b6eb82e226dcec715cc7c98e2bf9a9a0dcb3f4e471827fe95d9dbd452ce459c6ae9525771c673800fa84b679b14db89
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 45dfec7bb3d378c97feb24efd699bb4e
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 9d7183c1d8107495354c4fad9dae3452
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/5261cacf-380c-4573-85ff-a643cbdf009a.yaml b/yaml/5261cacf-380c-4573-85ff-a643cbdf009a.yaml
index bcd329553..8972d1e22 100644
--- a/yaml/5261cacf-380c-4573-85ff-a643cbdf009a.yaml
+++ b/yaml/5261cacf-380c-4573-85ff-a643cbdf009a.yaml
@@ -1,154 +1,155 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 5261cacf-380c-4573-85ff-a643cbdf009a
+Tags:
+- KApcHelper_x64.sys
+Verified: 'TRUE'
 Author: Guus Verbeek
-Category: malicious
-Commands:
-  Command: sc.exe create KApcHelper_x64.sys binPath=C:\windows\temp\KApcHelper_x64.sys
-    type=kernel && sc.exe start KApcHelper_x64.sys
-  Description: Vulnerable driving using the stolen Nvidia Certificate.
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-05-06'
-Detection: []
-Id: 5261cacf-380c-4573-85ff-a643cbdf009a
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: adb7de0467bd3f92fce34819ec656658
-    SHA1: 2c1bc3f623fd9bfdf2ecbe5403da1849c85b8433
-    SHA256: 2a30ad675142cf411e7e5f5c53c6423de570a398295b0956130a7a7d77383103
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2022-06-06 09:14:46'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: KApcHelper_x64.sys
-  ImportedFunctions:
-  - rand
-  - srand
-  - wcsstr
-  - RtlInitUnicodeString
-  - RtlGetVersion
-  - KeDelayExecutionThread
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - ExSystemTimeToLocalTime
-  - MmGetSystemRoutineAddress
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoGetCurrentProcess
-  - ObReferenceObjectByHandleWithTag
-  - ObfDereferenceObject
-  - ObfDereferenceObjectWithTag
-  - MmIsAddressValid
-  - PsGetProcessExitStatus
-  - PsIsThreadTerminating
-  - PsLookupProcessByProcessId
-  - PsLookupThreadByThreadId
-  - PsGetThreadProcess
-  - PsIsSystemThread
-  - ObOpenObjectByPointerWithTag
-  - KeBugCheckEx
-  Imports:
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: 0f16a43f7989034641fd2de3eb268bf1
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 5080c1caf53ea61b5b919bbcaf0c8354
-    SHA1: 6fbbf5ebe27354688ae61f0d43226c8f7326bfec
-    SHA256: 5cc392362f3b91dc626f688e374e0da1866120dcc396fe403a5d8b561cc18943
-  SHA1: cc65bf60600b64feece5575f21ab89e03a728332
-  SHA256: d7c81b0f3c14844f6424e8bdd31a128e773cb96cccef6d05cbff473f0ccb9f9c
-  Sections:
-    .text:
-      Entropy: 5.860500055750153
-      Virtual Size: '0x1728'
-    .rdata:
-      Entropy: 3.7459107255443396
-      Virtual Size: '0x5b0'
-    .data:
-      Entropy: 0.6050836155077387
-      Virtual Size: '0x110'
-    .pdata:
-      Entropy: 3.7039606450049316
-      Virtual Size: '0x15c'
-    INIT:
-      Entropy: 5.269327550372214
-      Virtual Size: '0x400'
-    .reloc:
-      Entropy: 3.43699961153114
-      Virtual Size: '0x20'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=California, L=Santa Clara, O=NVIDIA Corporation, OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=Software, CN=NVIDIA Corporation
-      ValidFrom: '2011-09-02 00:00:00'
-      ValidTo: '2014-09-01 23:59:59'
-      Signature: 5238793a97b2868da546597dbe0a1fba197ae635b9f53b53e26758194d749767e05fb1ce407fd31469376b37c67d5d48bc834f970ac733cd63d557e8a3be20a1fbf9d09e7a5c6c4ebd6fc18a68d0842d2ffdf6f79142d914c6521d227014040fa12f2afb3878aa065cfbed7fa29091b4fe54ea6237a0e1f8f183d0573ebb5bfe712cee4c49bd0b2f40c33bfcf0c7de0bc51ce01a70d14072d4d01216f36e388159220a4d8e3250ddccd71c7ef8a93a26edda2e959b598703a85fa391630e052454e31390dd82d69afee5df2f287bdce8f45f6363c27e6e23ab92faefc7e8d78c10cc1f936f33c36a134cb8820b5749ff479f70834bd99d8e15ad79a1cb3d7ebf
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 43bb437d609866286dd839e1d00309f5
-      Version: 3
-      TBS:
-        MD5: cef292b5c6cdb07e480ccbba0c9d56d1
-        SHA1: 15c37dbebe6fcc77108e3d7ad982676d3d5e77f7
-        SHA256: 3cb152375fa9e694fd2f9167c382005166871c783774997df1a42e0b6013d82a
-        SHA384: e64427dea71a71110ebc317f3552cd7193c5743f72d5cac9257abe80346d15ee42930d5a85e16c02ea06f56c7e8811fb
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 43bb437d609866286dd839e1d00309f5
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 4c7cc13a110ccdbb932bb9d7d42efdf4
-  LoadsDespiteHVCI: 'TRUE'
 MitreID: T1068
+Category: malicious
+Commands:
+    Command: sc.exe create KApcHelper_x64.sys binPath=C:\windows\temp\KApcHelper_x64.sys
+        type=kernel && sc.exe start KApcHelper_x64.sys
+    Description: Vulnerable driving using the stolen Nvidia Certificate.
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://www.mandiant.com/resources/blog/hunting-attestation-signed-malware
-Tags:
-- KApcHelper_x64.sys
-Verified: 'TRUE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: adb7de0467bd3f92fce34819ec656658
+        SHA1: 2c1bc3f623fd9bfdf2ecbe5403da1849c85b8433
+        SHA256: 2a30ad675142cf411e7e5f5c53c6423de570a398295b0956130a7a7d77383103
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2022-06-06 09:14:46'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: KApcHelper_x64.sys
+    ImportedFunctions:
+    - rand
+    - srand
+    - wcsstr
+    - RtlInitUnicodeString
+    - RtlGetVersion
+    - KeDelayExecutionThread
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - ExSystemTimeToLocalTime
+    - MmGetSystemRoutineAddress
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoGetCurrentProcess
+    - ObReferenceObjectByHandleWithTag
+    - ObfDereferenceObject
+    - ObfDereferenceObjectWithTag
+    - MmIsAddressValid
+    - PsGetProcessExitStatus
+    - PsIsThreadTerminating
+    - PsLookupProcessByProcessId
+    - PsLookupThreadByThreadId
+    - PsGetThreadProcess
+    - PsIsSystemThread
+    - ObOpenObjectByPointerWithTag
+    - KeBugCheckEx
+    Imports:
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: 0f16a43f7989034641fd2de3eb268bf1
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 5080c1caf53ea61b5b919bbcaf0c8354
+        SHA1: 6fbbf5ebe27354688ae61f0d43226c8f7326bfec
+        SHA256: 5cc392362f3b91dc626f688e374e0da1866120dcc396fe403a5d8b561cc18943
+    SHA1: cc65bf60600b64feece5575f21ab89e03a728332
+    SHA256: d7c81b0f3c14844f6424e8bdd31a128e773cb96cccef6d05cbff473f0ccb9f9c
+    Sections:
+        .text:
+            Entropy: 5.860500055750153
+            Virtual Size: '0x1728'
+        .rdata:
+            Entropy: 3.7459107255443396
+            Virtual Size: '0x5b0'
+        .data:
+            Entropy: 0.6050836155077387
+            Virtual Size: '0x110'
+        .pdata:
+            Entropy: 3.7039606450049316
+            Virtual Size: '0x15c'
+        INIT:
+            Entropy: 5.269327550372214
+            Virtual Size: '0x400'
+        .reloc:
+            Entropy: 3.43699961153114
+            Virtual Size: '0x20'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=California, L=Santa Clara, O=NVIDIA Corporation, OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, OU=Software, CN=NVIDIA
+                Corporation
+            ValidFrom: '2011-09-02 00:00:00'
+            ValidTo: '2014-09-01 23:59:59'
+            Signature: 5238793a97b2868da546597dbe0a1fba197ae635b9f53b53e26758194d749767e05fb1ce407fd31469376b37c67d5d48bc834f970ac733cd63d557e8a3be20a1fbf9d09e7a5c6c4ebd6fc18a68d0842d2ffdf6f79142d914c6521d227014040fa12f2afb3878aa065cfbed7fa29091b4fe54ea6237a0e1f8f183d0573ebb5bfe712cee4c49bd0b2f40c33bfcf0c7de0bc51ce01a70d14072d4d01216f36e388159220a4d8e3250ddccd71c7ef8a93a26edda2e959b598703a85fa391630e052454e31390dd82d69afee5df2f287bdce8f45f6363c27e6e23ab92faefc7e8d78c10cc1f936f33c36a134cb8820b5749ff479f70834bd99d8e15ad79a1cb3d7ebf
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 43bb437d609866286dd839e1d00309f5
+            Version: 3
+            TBS:
+                MD5: cef292b5c6cdb07e480ccbba0c9d56d1
+                SHA1: 15c37dbebe6fcc77108e3d7ad982676d3d5e77f7
+                SHA256: 3cb152375fa9e694fd2f9167c382005166871c783774997df1a42e0b6013d82a
+                SHA384: e64427dea71a71110ebc317f3552cd7193c5743f72d5cac9257abe80346d15ee42930d5a85e16c02ea06f56c7e8811fb
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 43bb437d609866286dd839e1d00309f5
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 4c7cc13a110ccdbb932bb9d7d42efdf4
+    LoadsDespiteHVCI: 'TRUE'
diff --git a/yaml/52ded752-2708-499e-8f37-98e4a9adc23c.yaml b/yaml/52ded752-2708-499e-8f37-98e4a9adc23c.yaml
index f9a573a79..fdec6fa5d 100644
--- a/yaml/52ded752-2708-499e-8f37-98e4a9adc23c.yaml
+++ b/yaml/52ded752-2708-499e-8f37-98e4a9adc23c.yaml
@@ -1,163 +1,164 @@
 Id: 52ded752-2708-499e-8f37-98e4a9adc23c
+Tags:
+- GLCKIO2.sys
+Verified: 'TRUE'
 Author: Nasreddine Bencherchali
 Created: '2023-05-06'
 MitreID: T1068
 Category: vulnerable driver
-Verified: 'TRUE'
 Commands:
-  Command: sc.exe create GLCKIO2.sys binPath=C:\windows\temp\GLCKIO2.sys type=kernel
-    && sc.exe start GLCKIO2.sys
-  Description: ''
-  Usecase: Elevate privileges
-  Privileges: kernel
-  OperatingSystem: Windows 10
+    Command: sc.exe create GLCKIO2.sys binPath=C:\windows\temp\GLCKIO2.sys type=kernel
+        && sc.exe start GLCKIO2.sys
+    Description: ''
+    Usecase: Elevate privileges
+    Privileges: kernel
+    OperatingSystem: Windows 10
 Resources:
 - Internal Research
-Acknowledgement:
-  Person: ''
-  Handle: ''
 Detection: []
+Acknowledgement:
+    Person: ''
+    Handle: ''
 KnownVulnerableSamples:
-- Filename: GLCKIO2.sys
-  MD5: dedd07993780d973c22c93e77ab69fa3
-  SHA1: 83b5e60943a92050fccb8acef7aa464c8f81d38e
-  SHA256: e5b0772be02e2bc807804874cf669e97aa36f5aff1f12fa0a631a3c7b4dd0dc8
-  Authentihash:
-    MD5: 9266ad818c7d32f3f6b759cbd20f742a
-    SHA1: e78779533d76b402eab613557170ccbf5d951883
-    SHA256: 47489362609fa9bd398deec955d5600780bb3788eb29a282bcc5245905713eb0
-  Description: ''
-  Company: ''
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  Product: ''
-  ProductVersion: ''
-  Copyright: ''
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - MmGetSystemRoutineAddress
-  - ObfDereferenceObject
-  - ZwClose
-  - ZwOpenSection
-  - ZwMapViewOfSection
-  - ZwUnmapViewOfSection
-  - KeBugCheckEx
-  - ObReferenceObjectByHandle
-  - RtlInitUnicodeString
-  - HalTranslateBusAddress
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: ??=TW, ??=Private Organization, serialNumber=23638777, C=TW, L=Taipei
-        City, O=ASUSTeK Computer Inc., CN=ASUSTeK Computer Inc.
-      ValidFrom: '2019-04-01 00:00:00'
-      ValidTo: '2022-01-11 12:00:00'
-      Signature: 646eaa59a80117077ed7d80227a6c3be77f3d9acdc0927d1299369e5636dbb773b61e91390d181178f88e5b92c7cc0c1b851541ee781380f7ac0425fea8a292a9cf93c7f851701db11dd13c8c0e97fd254839b81fdfd7e0a9a520c43186f4c834daa920b8a8e7ddd0048a55a5b7034675394a914b91258751c59b6d9d60ce1d17565fbdcd99311bcbe7e386807ecc186248ddbbb4bae2e4192a0509d661cd307c28a79c6b914854728463b7b39515869858c4975e0fbdd74188afa81c729682705f73bf80e839897b1d61d8deeabb53744e938b4b918fced39ca7dff3076c7f2dca4ddda8621a81fc493480456966901e29041821b116294bc98b445ebb05c33
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 0c64962e4467edcc1579646b7337ec8c
-      Version: 3
-      TBS:
-        MD5: 69796942ecdfadbd806bdea1460a5115
-        SHA1: 0ce9329828324db04bd0a7b101b4fbfedb3be8b2
-        SHA256: efd9b83b154c3e805e1bf7fdfd6a7f7bfdcf2ff3e191d1c33bdc427b6c82039b
-        SHA384: e27d21dc30c40e7b675120062e69c438e9f448ceed7b0434dedd129848c6a8edf05ec07ac25f5ec300be0da46a4c6eab
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA (SHA2)
-      ValidFrom: '2012-04-18 12:00:00'
-      ValidTo: '2027-04-18 12:00:00'
-      Signature: 19334a0c813337dbad36c9e4c93abbb51b2e7aa2e2f44342179ebf4ea14de1b1dbe981dd9f01f2e488d5e9fe09fd21c1ec5d80d2f0d6c143c2fe772bdbf9d79133ce6cd5b2193be62ed6c9934f88408ecde1f57ef10fc6595672e8eb6a41bd1cd546d57c49ca663815c1bfe091707787dcc98d31c90c29a233ed8de287cd898d3f1bffd5e01a978b7cda6dfba8c6b23a666b7b01b3cdd8a634ec1201ab9558a5c45357a860e6e70212a0b92364a24dbb7c81256421becfee42184397bba53706af4dff26a54d614bec4641b865ceb8799e08960b818c8a3b8fc7998ca32a6e986d5e61c696b78ab9612d93b8eb0e0443d7f5fea6f062d4996aa5c1c1f0649480
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 03f1b4e15f3a82f1149678b3d7d8475c
-      Version: 3
-      TBS:
-        MD5: 83f5de89f641d0fbf60248e10a7b9534
-        SHA1: 382a73a059a08698d6eb98c87e1b36fc750933a4
-        SHA256: eec58131dc11cd7f512501b15fdbc6074c603b68ca91f7162d5a042054edb0cf
-        SHA384: 4a25018683cabfb8ec2cad136334f37f33c89aa8540326322991d997c8adfb7faf06ab602ebd46630fe75fe3d2edc6b1
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 0c64962e4467edcc1579646b7337ec8c
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA (SHA2)
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 05800026305f624e68f7d87b28b90bf7
-    SHA1: a3797fea31e0668335977d41f2bc4f881da4b703
-    SHA256: 546ac15980de9dfce2c30fde487c74f853cff68c999e2a4cc1fc5a8f94f934b1
-  Sections:
-    .text:
-      Entropy: 6.398452415719764
-      Virtual Size: '0x1374'
-    .rdata:
-      Entropy: 5.620562818704275
-      Virtual Size: '0x6ec'
-    .data:
-      Entropy: 0.28109187076190567
-      Virtual Size: '0x218'
-    .pdata:
-      Entropy: 3.564120960069972
-      Virtual Size: '0xfc'
-    INIT:
-      Entropy: 5.203063896503997
-      Virtual Size: '0x2b2'
-    .reloc:
-      Entropy: 3.046439344671015
-      Virtual Size: '0x14'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2019-04-22 07:44:46'
-  Imphash: 531d2392dbdd314fb1d9318fe9e5c4d2
-  LoadsDespiteHVCI: 'TRUE'
-Tags:
-- GLCKIO2.sys
+-   Filename: GLCKIO2.sys
+    MD5: dedd07993780d973c22c93e77ab69fa3
+    SHA1: 83b5e60943a92050fccb8acef7aa464c8f81d38e
+    SHA256: e5b0772be02e2bc807804874cf669e97aa36f5aff1f12fa0a631a3c7b4dd0dc8
+    Authentihash:
+        MD5: 9266ad818c7d32f3f6b759cbd20f742a
+        SHA1: e78779533d76b402eab613557170ccbf5d951883
+        SHA256: 47489362609fa9bd398deec955d5600780bb3788eb29a282bcc5245905713eb0
+    Description: ''
+    Company: ''
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    Product: ''
+    ProductVersion: ''
+    Copyright: ''
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - MmGetSystemRoutineAddress
+    - ObfDereferenceObject
+    - ZwClose
+    - ZwOpenSection
+    - ZwMapViewOfSection
+    - ZwUnmapViewOfSection
+    - KeBugCheckEx
+    - ObReferenceObjectByHandle
+    - RtlInitUnicodeString
+    - HalTranslateBusAddress
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: ??=TW, ??=Private Organization, serialNumber=23638777, C=TW,
+                L=Taipei City, O=ASUSTeK Computer Inc., CN=ASUSTeK Computer Inc.
+            ValidFrom: '2019-04-01 00:00:00'
+            ValidTo: '2022-01-11 12:00:00'
+            Signature: 646eaa59a80117077ed7d80227a6c3be77f3d9acdc0927d1299369e5636dbb773b61e91390d181178f88e5b92c7cc0c1b851541ee781380f7ac0425fea8a292a9cf93c7f851701db11dd13c8c0e97fd254839b81fdfd7e0a9a520c43186f4c834daa920b8a8e7ddd0048a55a5b7034675394a914b91258751c59b6d9d60ce1d17565fbdcd99311bcbe7e386807ecc186248ddbbb4bae2e4192a0509d661cd307c28a79c6b914854728463b7b39515869858c4975e0fbdd74188afa81c729682705f73bf80e839897b1d61d8deeabb53744e938b4b918fced39ca7dff3076c7f2dca4ddda8621a81fc493480456966901e29041821b116294bc98b445ebb05c33
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 0c64962e4467edcc1579646b7337ec8c
+            Version: 3
+            TBS:
+                MD5: 69796942ecdfadbd806bdea1460a5115
+                SHA1: 0ce9329828324db04bd0a7b101b4fbfedb3be8b2
+                SHA256: efd9b83b154c3e805e1bf7fdfd6a7f7bfdcf2ff3e191d1c33bdc427b6c82039b
+                SHA384: e27d21dc30c40e7b675120062e69c438e9f448ceed7b0434dedd129848c6a8edf05ec07ac25f5ec300be0da46a4c6eab
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA (SHA2)
+            ValidFrom: '2012-04-18 12:00:00'
+            ValidTo: '2027-04-18 12:00:00'
+            Signature: 19334a0c813337dbad36c9e4c93abbb51b2e7aa2e2f44342179ebf4ea14de1b1dbe981dd9f01f2e488d5e9fe09fd21c1ec5d80d2f0d6c143c2fe772bdbf9d79133ce6cd5b2193be62ed6c9934f88408ecde1f57ef10fc6595672e8eb6a41bd1cd546d57c49ca663815c1bfe091707787dcc98d31c90c29a233ed8de287cd898d3f1bffd5e01a978b7cda6dfba8c6b23a666b7b01b3cdd8a634ec1201ab9558a5c45357a860e6e70212a0b92364a24dbb7c81256421becfee42184397bba53706af4dff26a54d614bec4641b865ceb8799e08960b818c8a3b8fc7998ca32a6e986d5e61c696b78ab9612d93b8eb0e0443d7f5fea6f062d4996aa5c1c1f0649480
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 03f1b4e15f3a82f1149678b3d7d8475c
+            Version: 3
+            TBS:
+                MD5: 83f5de89f641d0fbf60248e10a7b9534
+                SHA1: 382a73a059a08698d6eb98c87e1b36fc750933a4
+                SHA256: eec58131dc11cd7f512501b15fdbc6074c603b68ca91f7162d5a042054edb0cf
+                SHA384: 4a25018683cabfb8ec2cad136334f37f33c89aa8540326322991d997c8adfb7faf06ab602ebd46630fe75fe3d2edc6b1
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 0c64962e4467edcc1579646b7337ec8c
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA (SHA2)
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 05800026305f624e68f7d87b28b90bf7
+        SHA1: a3797fea31e0668335977d41f2bc4f881da4b703
+        SHA256: 546ac15980de9dfce2c30fde487c74f853cff68c999e2a4cc1fc5a8f94f934b1
+    Sections:
+        .text:
+            Entropy: 6.398452415719764
+            Virtual Size: '0x1374'
+        .rdata:
+            Entropy: 5.620562818704275
+            Virtual Size: '0x6ec'
+        .data:
+            Entropy: 0.28109187076190567
+            Virtual Size: '0x218'
+        .pdata:
+            Entropy: 3.564120960069972
+            Virtual Size: '0xfc'
+        INIT:
+            Entropy: 5.203063896503997
+            Virtual Size: '0x2b2'
+        .reloc:
+            Entropy: 3.046439344671015
+            Virtual Size: '0x14'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2019-04-22 07:44:46'
+    Imphash: 531d2392dbdd314fb1d9318fe9e5c4d2
+    LoadsDespiteHVCI: 'TRUE'
diff --git a/yaml/54d67d79-0268-4c5f-be7e-0f74cd20828a.yaml b/yaml/54d67d79-0268-4c5f-be7e-0f74cd20828a.yaml
index 9a0fc6b5c..9087888a7 100644
--- a/yaml/54d67d79-0268-4c5f-be7e-0f74cd20828a.yaml
+++ b/yaml/54d67d79-0268-4c5f-be7e-0f74cd20828a.yaml
@@ -1,173 +1,173 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 54d67d79-0268-4c5f-be7e-0f74cd20828a
+Tags:
+- NTIOLib_X64.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create NTIOLib_X64.sys binPath=C:\windows\temp\NTIOLib_X64.sys     type=kernel
-    && sc.exe start NTIOLib_X64.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/d8b58f6a89a7618558e37afc360cd772b6731e3ba367f8d58734ecee2244a530.yara
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: 54d67d79-0268-4c5f-be7e-0f74cd20828a
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: c6830e904e56ea951005ea7639eedd35
-    SHA1: c57c0dd18135bca5fdb094858a70033c006cd281
-    SHA256: 4a05ad47cd63932b3df2d0f1f42617321729772211bec651fe061140d3e75957
-  Company: MSI
-  Copyright: Copyright (C) 2008-2009 MSI. All rights reserved.
-  CreationTimestamp: '2011-01-05 20:05:14'
-  Date: ''
-  Description: NTIOLib
-  ExportedFunctions: ''
-  FileVersion: 1.0.0.0
-  Filename: NTIOLib_X64.sys
-  ImportedFunctions:
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - IoDeleteDevice
-  - IoCreateDevice
-  - KeBugCheckEx
-  - RtlInitUnicodeString
-  - IoCreateSymbolicLink
-  - IoDeleteSymbolicLink
-  - __C_specific_handler
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: NTIOLib.sys
-  MD5: c02f70960fa934b8defa16a03d7f6556
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: NTIOLib.sys
-  Product: NTIOLib
-  ProductVersion: 1.0.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 2ee757c19c3e831d8f872914fe1b1384
-    SHA1: 9c58163cf35d80dbe450b656a52ee9de12bc60d2
-    SHA256: c5a21f0ae765d60ce4e2189aa3ca90b603b75ac02d9a98d1ab04375ad398132c
-  SHA1: 3805e4e08ad342d224973ecdade8b00c40ed31be
-  SHA256: d8b58f6a89a7618558e37afc360cd772b6731e3ba367f8d58734ecee2244a530
-  Sections:
-    .text:
-      Entropy: 6.012418155163931
-      Virtual Size: '0x794'
-    .rdata:
-      Entropy: 4.38104344738678
-      Virtual Size: '0x1b0'
-    .data:
-      Entropy: 0.5096713223407059
-      Virtual Size: '0x114'
-    .pdata:
-      Entropy: 3.217404746311882
-      Virtual Size: '0x6c'
-    INIT:
-      Entropy: 4.846887314724898
-      Virtual Size: '0x222'
-    .rsrc:
-      Entropy: 3.2498244109800973
-      Virtual Size: '0x370'
-  Signature:
-  - Micro-Star Int'l Co. Ltd.
-  - GlobalSign ObjectSign CA
-  - GlobalSign Primary Object Publishing CA
-  - GlobalSign Root CA - R1
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
-        Primary Object Publishing CA
-      ValidFrom: '1999-01-28 12:00:00'
-      ValidTo: '2014-01-27 11:00:00'
-      Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9611cd6
-      Version: 3
-      TBS:
-        MD5: 698f075151097d84c0b1f3e7bc3d6fca
-        SHA1: 041750993d7c9e063f02dfe74699598640911aab
-        SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
-        SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
-    - Subject: C=TW, O=Micro,Star Int'l Co. Ltd., CN=Micro,Star Int'l Co. Ltd.
-      ValidFrom: '2008-08-28 09:49:45'
-      ValidTo: '2011-08-28 09:49:45'
-      Signature: 572df373e9b036711b3cf5ee882e5d75d8d50f012407cf0c1b554ff8f41c7b6477fa0b2ad579f2c1fe7b8b9d7374b690527c219eb979686fb67d0b4cf2885d8d7d1261f05cb72fe4c9f294c52aa05f3e5d1ceb0d77085dbd6af07978032505da666f353283a8982af26985e69c1599479945b591124183574b8a4cc34caa62e31b523dac3fedbd04951b3661399ed34f5c5868d9bbe3295fc09890d9521e1cdcae2ff129f547d4c8ce8aa08616107c555fac60e5b63c14ddfeb6962af3608b75d9c77c69260d8af9775b83afaa15b8ecef6840cb4ee87d451f9042b49735ea40931c0664c8c2bf6a139db6ac5b90edcea63a6bf5b54978f027b1046170d476d0
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0100000000011c08b7f67e
-      Version: 3
-      TBS:
-        MD5: 4566c37f56f951a0ce5b4ae966c0ea9f
-        SHA1: a51cbf2834eb6f8535bc5e44913a9ec979379782
-        SHA256: 88a8e9a799af515b9223e4cdf24d0ef1e72f12124be02786f026a3c26317b417
-        SHA384: d8d8769d5b6a0fe7c56fcde24c735475ee0e5d01c63dbf7690cdae5a3e251818bed42443d0c6424d39e81a19d6c83bdb
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      ValidFrom: '2004-01-22 09:00:00'
-      ValidTo: '2014-01-27 10:00:00'
-      Signature: 3c4a010267edf20a2e736e40252f1dccbc2db652141b27122cf1229e190a89b6ef352a29152b1a88c20f37168d2602d5e93080f608b9939ac0498f332c3035ff4ab9892aa75c38e761a778fe22851a07b4b9edcf21f25ddedff329c5d38d9e14c4285c88e590a300442912b23e759540244a6beee2d0ef862ddf6d741a4f1cc79424c443464f7b81015d23733cd9752e995361565e7ccd13e237d222e570f8a743f6154147fda24702c43651ca545da6cdcad61817533ff1d38e0f0aafda17941657a0991431c90e1611d2c04ca2a25978fbb6b933cff763c9d2c4c84953dd8a59525e7d3b385eed220360ac85cd58325dcdc31c07fa7ef67efbc8ac378be498
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000117ab50b915
-      Version: 3
-      TBS:
-        MD5: 5686b287d716c4d2428b092c4ef30f9c
-        SHA1: 306fb5fbeb3d531510bb4b663c4fd48adc121e14
-        SHA256: 60846fc990e271a707cd2d53d0bb21834a04f7652214aa0c12597ff6649d352d
-        SHA384: 6b37b28ca97b32a31b0fa53b5e961ae0f2d1aae2c5bf46de132e57834ee3968d9af7ad204821f9389cc4e0b5a8481fe8
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 0100000000011c08b7f67e
-      Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      Version: 1
-  Imphash: d6f977640d4810a784d152e4d3c63a6b
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create NTIOLib_X64.sys binPath=C:\windows\temp\NTIOLib_X64.sys     type=kernel
+        && sc.exe start NTIOLib_X64.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://github.com/eclypsium/Screwed-Drivers/blob/master/DRIVERS.md
-Tags:
-- NTIOLib_X64.sys
-Verified: 'TRUE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/d8b58f6a89a7618558e37afc360cd772b6731e3ba367f8d58734ecee2244a530.yara
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: c6830e904e56ea951005ea7639eedd35
+        SHA1: c57c0dd18135bca5fdb094858a70033c006cd281
+        SHA256: 4a05ad47cd63932b3df2d0f1f42617321729772211bec651fe061140d3e75957
+    Company: MSI
+    Copyright: Copyright (C) 2008-2009 MSI. All rights reserved.
+    CreationTimestamp: '2011-01-05 20:05:14'
+    Date: ''
+    Description: NTIOLib
+    ExportedFunctions: ''
+    FileVersion: 1.0.0.0
+    Filename: NTIOLib_X64.sys
+    ImportedFunctions:
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - IoDeleteDevice
+    - IoCreateDevice
+    - KeBugCheckEx
+    - RtlInitUnicodeString
+    - IoCreateSymbolicLink
+    - IoDeleteSymbolicLink
+    - __C_specific_handler
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: NTIOLib.sys
+    MD5: c02f70960fa934b8defa16a03d7f6556
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: NTIOLib.sys
+    Product: NTIOLib
+    ProductVersion: 1.0.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 2ee757c19c3e831d8f872914fe1b1384
+        SHA1: 9c58163cf35d80dbe450b656a52ee9de12bc60d2
+        SHA256: c5a21f0ae765d60ce4e2189aa3ca90b603b75ac02d9a98d1ab04375ad398132c
+    SHA1: 3805e4e08ad342d224973ecdade8b00c40ed31be
+    SHA256: d8b58f6a89a7618558e37afc360cd772b6731e3ba367f8d58734ecee2244a530
+    Sections:
+        .text:
+            Entropy: 6.012418155163931
+            Virtual Size: '0x794'
+        .rdata:
+            Entropy: 4.38104344738678
+            Virtual Size: '0x1b0'
+        .data:
+            Entropy: 0.5096713223407059
+            Virtual Size: '0x114'
+        .pdata:
+            Entropy: 3.217404746311882
+            Virtual Size: '0x6c'
+        INIT:
+            Entropy: 4.846887314724898
+            Virtual Size: '0x222'
+        .rsrc:
+            Entropy: 3.2498244109800973
+            Virtual Size: '0x370'
+    Signature:
+    - Micro-Star Int'l Co. Ltd.
+    - GlobalSign ObjectSign CA
+    - GlobalSign Primary Object Publishing CA
+    - GlobalSign Root CA - R1
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
+                Primary Object Publishing CA
+            ValidFrom: '1999-01-28 12:00:00'
+            ValidTo: '2014-01-27 11:00:00'
+            Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9611cd6
+            Version: 3
+            TBS:
+                MD5: 698f075151097d84c0b1f3e7bc3d6fca
+                SHA1: 041750993d7c9e063f02dfe74699598640911aab
+                SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
+                SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
+        -   Subject: C=TW, O=Micro,Star Int'l Co. Ltd., CN=Micro,Star Int'l Co. Ltd.
+            ValidFrom: '2008-08-28 09:49:45'
+            ValidTo: '2011-08-28 09:49:45'
+            Signature: 572df373e9b036711b3cf5ee882e5d75d8d50f012407cf0c1b554ff8f41c7b6477fa0b2ad579f2c1fe7b8b9d7374b690527c219eb979686fb67d0b4cf2885d8d7d1261f05cb72fe4c9f294c52aa05f3e5d1ceb0d77085dbd6af07978032505da666f353283a8982af26985e69c1599479945b591124183574b8a4cc34caa62e31b523dac3fedbd04951b3661399ed34f5c5868d9bbe3295fc09890d9521e1cdcae2ff129f547d4c8ce8aa08616107c555fac60e5b63c14ddfeb6962af3608b75d9c77c69260d8af9775b83afaa15b8ecef6840cb4ee87d451f9042b49735ea40931c0664c8c2bf6a139db6ac5b90edcea63a6bf5b54978f027b1046170d476d0
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0100000000011c08b7f67e
+            Version: 3
+            TBS:
+                MD5: 4566c37f56f951a0ce5b4ae966c0ea9f
+                SHA1: a51cbf2834eb6f8535bc5e44913a9ec979379782
+                SHA256: 88a8e9a799af515b9223e4cdf24d0ef1e72f12124be02786f026a3c26317b417
+                SHA384: d8d8769d5b6a0fe7c56fcde24c735475ee0e5d01c63dbf7690cdae5a3e251818bed42443d0c6424d39e81a19d6c83bdb
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            ValidFrom: '2004-01-22 09:00:00'
+            ValidTo: '2014-01-27 10:00:00'
+            Signature: 3c4a010267edf20a2e736e40252f1dccbc2db652141b27122cf1229e190a89b6ef352a29152b1a88c20f37168d2602d5e93080f608b9939ac0498f332c3035ff4ab9892aa75c38e761a778fe22851a07b4b9edcf21f25ddedff329c5d38d9e14c4285c88e590a300442912b23e759540244a6beee2d0ef862ddf6d741a4f1cc79424c443464f7b81015d23733cd9752e995361565e7ccd13e237d222e570f8a743f6154147fda24702c43651ca545da6cdcad61817533ff1d38e0f0aafda17941657a0991431c90e1611d2c04ca2a25978fbb6b933cff763c9d2c4c84953dd8a59525e7d3b385eed220360ac85cd58325dcdc31c07fa7ef67efbc8ac378be498
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000117ab50b915
+            Version: 3
+            TBS:
+                MD5: 5686b287d716c4d2428b092c4ef30f9c
+                SHA1: 306fb5fbeb3d531510bb4b663c4fd48adc121e14
+                SHA256: 60846fc990e271a707cd2d53d0bb21834a04f7652214aa0c12597ff6649d352d
+                SHA384: 6b37b28ca97b32a31b0fa53b5e961ae0f2d1aae2c5bf46de132e57834ee3968d9af7ad204821f9389cc4e0b5a8481fe8
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 0100000000011c08b7f67e
+            Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            Version: 1
+    Imphash: d6f977640d4810a784d152e4d3c63a6b
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/56b320b3-5b12-4ec6-81e2-5a16c56c7478.yaml b/yaml/56b320b3-5b12-4ec6-81e2-5a16c56c7478.yaml
index d4e4973f0..6bb3382ea 100644
--- a/yaml/56b320b3-5b12-4ec6-81e2-5a16c56c7478.yaml
+++ b/yaml/56b320b3-5b12-4ec6-81e2-5a16c56c7478.yaml
@@ -1,101 +1,101 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 56b320b3-5b12-4ec6-81e2-5a16c56c7478
+Tags:
+- spf.sys
+Verified: 'TRUE'
 Author: Michael Haag
+Created: '2023-07-22'
+MitreID: T1068
 CVE:
 - ''
 Category: vulnerable drivers
 Commands:
-  Command: ''
-  Description: Confirmed vulnerable driver from Microsoft Block List
-  OperatingSystem: Windows
-  Privileges: kernel
-  Usecase: Elevate privileges
-Created: '2023-07-22'
-Detection:
-- type: ''
-  value: ''
-Id: 56b320b3-5b12-4ec6-81e2-5a16c56c7478
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: cc216e3696b7c60bf00217438f753d71
-    SHA1: 005c8117d7bf2e73e6139d3c91f24b70e22a844e
-    SHA256: 73a0ccf3e32c262142bde91c19f5b1f395878783f157c6bed5874ede5a3afddd
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2021-03-25 00:39:46'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - ExFreePoolWithTag
-  - ObfDereferenceObject
-  - ObReferenceObjectByName
-  - IoDriverObjectType
-  - __chkstk
-  - ExAllocatePool
-  Imports:
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: c4bacbaea0b1ae94c6c9583ba27b2fbe
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 6c556b0adc59ed603f9930cbb6006934
-    SHA1: 7855ddf5015fd759ba0c05608df36b31e4735d8d
-    SHA256: 93f9003f73076cf9fe4ec209e05131a046af9e38b3d08d1475c2dfd0a8575a39
-  SHA1: 7f5e6f6518f4997fc6f9a17f8f411c5147c7c14d
-  SHA256: 321cc3f24a518c70fb537ee9472b1777d05727c649d5b6538082a971c40ddcbe
-  Sections:
-    .text:
-      Entropy: 6.42993529718741
-      Virtual Size: '0xb8a'
-    .rdata:
-      Entropy: 4.6416383236333125
-      Virtual Size: '0x2c4'
-    .data:
-      Entropy: 0.0
-      Virtual Size: '0x10'
-    .pdata:
-      Entropy: 3.387382541570423
-      Virtual Size: '0x90'
-    INIT:
-      Entropy: 3.939198544448209
-      Virtual Size: '0xe8'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: CN=WDKTestCert LuckyStrike,132606458839688289
-      ValidFrom: '2021-03-19 16:44:45'
-      ValidTo: '2031-03-19 00:00:00'
-      Signature: c681ec2a6c74bd38bf01bf46998793da6e38783814d5fdf18eb122be168763a98edb15146792509356bacba4df62b796af4f34177c409ec62da915565cc87c8cb3d9b4eb5bce23388f583617a06d22e24e0bbab3c3196f411259ccc00ec1c2cae87208fc2d3814bd68ab3fc920a9e3e899bab82e0178071f9071b280b46efff3b4827d898353ad5273c5f70724efaf3965b3275a8258cc4a137a5501f49ce0f055a85d0d73d2233d07f954fc5330172e95aa50f1e28e4cf487d511dc60a51f671db46652567c27f2cf5f4e48caf232abcb808106a006a9564e136ce0d3c61eae8e79778090c23f2c9973ab2149d0b058fe52f3f661d997837157c680bafdb7a9
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 459f66550fe479a84170eb50c75c9f3c
-      Version: 3
-      TBS:
-        MD5: 7773789c84ab7bbe854ea7a8e3fc4a13
-        SHA1: 45c7568ed49b056a5db0e62aa4f42a50173b9ba1
-        SHA256: 4a60ee2fae435938b5bad02905c117d3e23c663856966971ad15c2d2acf98fed
-        SHA384: ae738b47a85d6fb9eff03d6a7221773d1a0fd2b44cc1d87562da099504608fb0cce03eca0b8ee8622cc5e43d8cac536f
-    Signer:
-    - SerialNumber: 459f66550fe479a84170eb50c75c9f3c
-      Issuer: CN=WDKTestCert LuckyStrike,132606458839688289
-      Version: 1
-  Imphash: 8464f3f6600ee4eccbbfe08f3a2a53e0
-  LoadsDespiteHVCI: 'FALSE'
-MitreID: T1068
+    Command: ''
+    Description: Confirmed vulnerable driver from Microsoft Block List
+    OperatingSystem: Windows
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://gist.github.com/mgraeber-rc/1bde6a2a83237f17b463d051d32e802c
-Tags:
-- spf.sys
-Verified: 'TRUE'
+Detection:
+-   type: ''
+    value: ''
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: cc216e3696b7c60bf00217438f753d71
+        SHA1: 005c8117d7bf2e73e6139d3c91f24b70e22a844e
+        SHA256: 73a0ccf3e32c262142bde91c19f5b1f395878783f157c6bed5874ede5a3afddd
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2021-03-25 00:39:46'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - ExFreePoolWithTag
+    - ObfDereferenceObject
+    - ObReferenceObjectByName
+    - IoDriverObjectType
+    - __chkstk
+    - ExAllocatePool
+    Imports:
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: c4bacbaea0b1ae94c6c9583ba27b2fbe
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 6c556b0adc59ed603f9930cbb6006934
+        SHA1: 7855ddf5015fd759ba0c05608df36b31e4735d8d
+        SHA256: 93f9003f73076cf9fe4ec209e05131a046af9e38b3d08d1475c2dfd0a8575a39
+    SHA1: 7f5e6f6518f4997fc6f9a17f8f411c5147c7c14d
+    SHA256: 321cc3f24a518c70fb537ee9472b1777d05727c649d5b6538082a971c40ddcbe
+    Sections:
+        .text:
+            Entropy: 6.42993529718741
+            Virtual Size: '0xb8a'
+        .rdata:
+            Entropy: 4.6416383236333125
+            Virtual Size: '0x2c4'
+        .data:
+            Entropy: 0.0
+            Virtual Size: '0x10'
+        .pdata:
+            Entropy: 3.387382541570423
+            Virtual Size: '0x90'
+        INIT:
+            Entropy: 3.939198544448209
+            Virtual Size: '0xe8'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: CN=WDKTestCert LuckyStrike,132606458839688289
+            ValidFrom: '2021-03-19 16:44:45'
+            ValidTo: '2031-03-19 00:00:00'
+            Signature: c681ec2a6c74bd38bf01bf46998793da6e38783814d5fdf18eb122be168763a98edb15146792509356bacba4df62b796af4f34177c409ec62da915565cc87c8cb3d9b4eb5bce23388f583617a06d22e24e0bbab3c3196f411259ccc00ec1c2cae87208fc2d3814bd68ab3fc920a9e3e899bab82e0178071f9071b280b46efff3b4827d898353ad5273c5f70724efaf3965b3275a8258cc4a137a5501f49ce0f055a85d0d73d2233d07f954fc5330172e95aa50f1e28e4cf487d511dc60a51f671db46652567c27f2cf5f4e48caf232abcb808106a006a9564e136ce0d3c61eae8e79778090c23f2c9973ab2149d0b058fe52f3f661d997837157c680bafdb7a9
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 459f66550fe479a84170eb50c75c9f3c
+            Version: 3
+            TBS:
+                MD5: 7773789c84ab7bbe854ea7a8e3fc4a13
+                SHA1: 45c7568ed49b056a5db0e62aa4f42a50173b9ba1
+                SHA256: 4a60ee2fae435938b5bad02905c117d3e23c663856966971ad15c2d2acf98fed
+                SHA384: ae738b47a85d6fb9eff03d6a7221773d1a0fd2b44cc1d87562da099504608fb0cce03eca0b8ee8622cc5e43d8cac536f
+        Signer:
+        -   SerialNumber: 459f66550fe479a84170eb50c75c9f3c
+            Issuer: CN=WDKTestCert LuckyStrike,132606458839688289
+            Version: 1
+    Imphash: 8464f3f6600ee4eccbbfe08f3a2a53e0
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/56cdac8e-d87d-49c8-b281-6e096c2390d1.yaml b/yaml/56cdac8e-d87d-49c8-b281-6e096c2390d1.yaml
index a84e910c1..b20dbb186 100644
--- a/yaml/56cdac8e-d87d-49c8-b281-6e096c2390d1.yaml
+++ b/yaml/56cdac8e-d87d-49c8-b281-6e096c2390d1.yaml
@@ -1,261 +1,261 @@
 Id: 56cdac8e-d87d-49c8-b281-6e096c2390d1
+Tags:
+- gvcidrv64.sys
+Verified: 'TRUE'
 Author: Nasreddine Bencherchali
 Created: '2023-05-06'
 MitreID: T1068
 Category: vulnerable driver
-Verified: 'TRUE'
 Commands:
-  Command: sc.exe create gvcidrv64.sys binPath=C:\windows\temp\gvcidrv64.sys type=kernel
-    && sc.exe start gvcidrv64.sys
-  Description: ''
-  Usecase: Elevate privileges
-  Privileges: kernel
-  OperatingSystem: Windows 10
+    Command: sc.exe create gvcidrv64.sys binPath=C:\windows\temp\gvcidrv64.sys type=kernel
+        && sc.exe start gvcidrv64.sys
+    Description: ''
+    Usecase: Elevate privileges
+    Privileges: kernel
+    OperatingSystem: Windows 10
 Resources:
 - Internal Research
-Acknowledgement:
-  Person: ''
-  Handle: ''
 Detection: []
+Acknowledgement:
+    Person: ''
+    Handle: ''
 KnownVulnerableSamples:
-- Filename: gvcidrv64.sys
-  MD5: 1a22a85489a94db6ff68cd624ef43bad
-  SHA1: d302ae7f016299af323a3542d840004888ab91ff
-  SHA256: a2353030d4ea3ad9e874a0f7ff35bbfa10562c98c949d88cabab27102bbb8e48
-  Authentihash:
-    MD5: ad8e307b0233a1b6548414390c31f9af
-    SHA1: 4a04ad93f7f4dccca551dc0fea7b9b22f557e39b
-    SHA256: dc8a1cf5402f95d61662531507b12b04e16922eb89108eb751d1c634d475ef67
-  Description: ''
-  Company: ''
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  Product: ''
-  ProductVersion: ''
-  Copyright: ''
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  - WDFLDR.SYS
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ObReferenceObjectByHandle
-  - IoCreateSymbolicLink
-  - ZwOpenSection
-  - ZwMapViewOfSection
-  - ZwUnmapViewOfSection
-  - IoCreateDevice
-  - IofCompleteRequest
-  - RtlCopyUnicodeString
-  - DbgPrint
-  - ZwClose
-  - RtlInitUnicodeString
-  - HalTranslateBusAddress
-  - WdfVersionUnbind
-  - WdfVersionBind
-  - WdfVersionUnbindClass
-  - WdfVersionBindClass
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Hardware Compatibility Publisher
-      ValidFrom: '2019-06-05 18:34:00'
-      ValidTo: '2020-06-03 18:34:00'
-      Signature: 312314217055afc1a5751181c7d2d7619b23ba17166e6ae6f358b16921c925c6e3b75c31b93035f357c154fe4d347019e927db1957193b741e3371b46f4d6212b3bec972d6ff2297e8b1f2391f840045471ee31c524d4f5bf1cae4a32b73f6e48f51f777bb5b8a726db2a387c7c8df42289540f4f3d27b37d4ab4854efba809021879f3257d5670d70003a51d62bbc68e345a769f37ccb3ad336b7b3c494f5d56ef8300228d29835e5129b070742a220f83b6c9d5e2589cf2e7a1f7b59cfc81cda3232fc2fa448d736db546dc4b274cad3da83433deaa3eb9919b23ad08dc4055a8026711adcfccdb47d7a7c1adb2671ecc7198a786973807699a0ee236a46771f88913b769693b0b8ce9b002a40c2aa426edfd9a98368f89817b0d174458a390e11628e21f77e751431fae13831228e0e357610a24d89806d85390e9b3831792f62688bf04f91ee9a854b252452de7e752f39e57765a09a4ff41ae96144593a8a99688c6c9ad6b9fcaba1189ef2372b99e96db3fe6402b0e125b17f36c6f70fc1eb83257ce639b6c691a9ec031dddb9fa6536bb8e6080c9db976533f4ddfb73309b6498543cc94d3283d43668d614dd60a4fe707eb3b871da3204c534c8cc73cbc66aeb36cefd765439eef68d7ee9c515eb617f051a72097d0a25003df2dceccc9a0c4be1fd27e473955cc83ee9dba626748b1cb723c3b1c8b8ebc59321a0f5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 33000000319479a318f5522d06000000000031
-      Version: 3
-      TBS:
-        MD5: 5b81fd0f706522a8d7c9f2957283c0b4
-        SHA1: 84d894599653a8ed0e0b2802db3197dc177908cc
-        SHA256: 4fa629304df4287c97ae5b7e481974316e9daf776b0cdeffab1671e7dca68fb4
-        SHA384: 0b89dc122fc7ebf80881a5047ffbbcb0bec30636516aff4f43307e2a925a476cabfc26e2cc392ad748d655f6ec4c8b75
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2014
-      ValidFrom: '2014-10-15 20:31:27'
-      ValidTo: '2029-10-15 20:41:27'
-      Signature: 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 330000000d690d5d7893d076df00000000000d
-      Version: 3
-      TBS:
-        MD5: 83f69422963f11c3c340b81712eef319
-        SHA1: 0c5e5f24590b53bc291e28583acb78e5adc95601
-        SHA256: d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
-        SHA384: 260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63
-    Signer:
-    - SerialNumber: 33000000319479a318f5522d06000000000031
-      Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2014
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 5989194a389d2f7302b66de35c6b4ff5
-    SHA1: bcd3bbaf6c808eb23b0cad3cef6586bfcd063d62
-    SHA256: 83dbcc75fa740bdc3df5599b038ff6386a6a58805acfdaa77173f37b1808c012
-  Sections:
-    .text:
-      Entropy: 6.147035799967813
-      Virtual Size: '0xe0b'
-    .rdata:
-      Entropy: 3.8004281893864085
-      Virtual Size: '0x54c'
-    .data:
-      Entropy: 0.5982968479127164
-      Virtual Size: '0xf28'
-    .pdata:
-      Entropy: 3.4469659354420483
-      Virtual Size: '0xb4'
-    INIT:
-      Entropy: 4.9556661025850675
-      Virtual Size: '0x2fa'
-    .reloc:
-      Entropy: 3.0890191852411095
-      Virtual Size: '0x24'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2019-12-06 02:42:17'
-  Imphash: ad374977f06fefefbb9c77155f7a0733
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: GVCIDrv64.sys
-  MD5: acd221ff7cf10b6117fd609929cde395
-  SHA1: 1586f121d38cc42e5d04fe2f56091e91c6cdd8fa
-  SHA256: f85784fa8e7a7ec86cb3fe76435802f6bb82256e1824ed7b5d61bf075f054573
-  Authentihash:
-    MD5: ad8e307b0233a1b6548414390c31f9af
-    SHA1: 4a04ad93f7f4dccca551dc0fea7b9b22f557e39b
-    SHA256: dc8a1cf5402f95d61662531507b12b04e16922eb89108eb751d1c634d475ef67
-  Description: ''
-  Company: ''
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  Product: ''
-  ProductVersion: ''
-  Copyright: ''
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  - WDFLDR.SYS
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ObReferenceObjectByHandle
-  - IoCreateSymbolicLink
-  - ZwOpenSection
-  - ZwMapViewOfSection
-  - ZwUnmapViewOfSection
-  - IoCreateDevice
-  - IofCompleteRequest
-  - RtlCopyUnicodeString
-  - DbgPrint
-  - ZwClose
-  - RtlInitUnicodeString
-  - HalTranslateBusAddress
-  - WdfVersionUnbind
-  - WdfVersionBind
-  - WdfVersionUnbindClass
-  - WdfVersionBindClass
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 Extended Validation Code Signing CA , G2
-      ValidFrom: '2014-03-04 00:00:00'
-      ValidTo: '2024-03-03 23:59:59'
-      Signature: 3f5b19f3fa13d575382a5aee9f5aa04ca91dc5cc94eede15fef5106ea41ba56483541858c40b28a185c34e74e5ff897cfed5ed3cba719f5602268f162a88feb0a32722ce4be2388e00a63a865f9de53ea8de644941744121fd07c88417da1d653082cb264f39d60427a481b14b49c3238b7e02321827b7ab0bf31872b6a4ee67066f38a6588de0f17e5da460c6a8e5505fe0e8bae28f9958b6b5a0a876f1a2f11c8841727e52979b0a36998d50f701eb3ce7f0226ae5358c63368a1ab1d967665f971aefa8209df02fba6cced9948500f158f17dc97c22b5075d02c6e60bbfab9393ff27188e33367e5734f1c3af04c184f156b3e8878336f8d30a31dc6e2c6d
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 191a32cb759c97b8cfac118dd5127f49
-      Version: 3
-      TBS:
-        MD5: 788b61bd26da89253179e3de2cdb527f
-        SHA1: 7d06f16e7bf21bce4f71c2cb7a3e74351451bf69
-        SHA256: b3c925b4048c3f7c444d248a2b101186b57cba39596eb5dce0e17a4ee4b32f19
-        SHA384: 2955e28cb7ec0ea9730b499a0f189f9621eceb02591a9486b583f12bb845885a30d6a871826318a167cc5f06b274e58c
-    - Subject: ??=TW, ??=, ??=NEW TAIPEI, ??=Private Organization, serialNumber=22044755,
-        C=TW, L=NEW TAIPEI, O=GIGA,BYTE Technology Co., Ltd., CN=GIGA,BYTE Technology
-        Co., Ltd.
-      ValidFrom: '2018-12-07 00:00:00'
-      ValidTo: '2021-12-06 23:59:59'
-      Signature: 502fd3341b71cab45e302c7b586f9beefdce61639b7ccbaf643eb13bb29fcc6d5e37ba8f8af0b2d775216237d659088cbf124514ebe1fc6a663f20cbbd920afd64fbec463254a4e845cdb452b5768fcb2fb74e13043899381b57ce63419679395729d52fc8efbe19e08c5a4c6337eb910e048d30c2888718355460150ae33f20c8ea3724251dbe28d45de130843b462e11ff1ca90fb98e097b5f372b0aa1c5b2791897b4cf79cdbc02c5aca5a935a3ccf67fb67ef28390ed7913ee32e708869acbba27f24d6c7fc45b795b5e90c7200551babe0bae400343fc6fd75d36da7b5def7fde3a7f97519796d3bd14755a3adaa7cafcbe2cc24eb9a1a046ea8e05376d
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 4f8eefa0dcc85bbd656ab0f160743d34
-      Version: 3
-      TBS:
-        MD5: 5415ec7433f8ae320658011dfcfa2998
-        SHA1: 044407fe1b8e4b5af9eecf34ea87a0ecb32ee6bb
-        SHA256: f828f449f9b365a1455b8358b044385beaf097166a80defc440eacb8deb6ef26
-        SHA384: 640b5b53eabd60a97be0f1fcf7c893edb3d8ebf507c63958114532cd445246dc0ae92a4dadec314dd5babee5d7f0497c
-    Signer:
-    - SerialNumber: 4f8eefa0dcc85bbd656ab0f160743d34
-      Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 Extended Validation Code Signing CA , G2
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 5989194a389d2f7302b66de35c6b4ff5
-    SHA1: bcd3bbaf6c808eb23b0cad3cef6586bfcd063d62
-    SHA256: 83dbcc75fa740bdc3df5599b038ff6386a6a58805acfdaa77173f37b1808c012
-  Sections:
-    .text:
-      Entropy: 6.147035799967813
-      Virtual Size: '0xe0b'
-    .rdata:
-      Entropy: 3.8004281893864085
-      Virtual Size: '0x54c'
-    .data:
-      Entropy: 0.5982968479127164
-      Virtual Size: '0xf28'
-    .pdata:
-      Entropy: 3.4469659354420483
-      Virtual Size: '0xb4'
-    INIT:
-      Entropy: 4.9556661025850675
-      Virtual Size: '0x2fa'
-    .reloc:
-      Entropy: 3.0890191852411095
-      Virtual Size: '0x24'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2019-12-06 02:42:17'
-  Imphash: ad374977f06fefefbb9c77155f7a0733
-  LoadsDespiteHVCI: 'TRUE'
-Tags:
-- gvcidrv64.sys
+-   Filename: gvcidrv64.sys
+    MD5: 1a22a85489a94db6ff68cd624ef43bad
+    SHA1: d302ae7f016299af323a3542d840004888ab91ff
+    SHA256: a2353030d4ea3ad9e874a0f7ff35bbfa10562c98c949d88cabab27102bbb8e48
+    Authentihash:
+        MD5: ad8e307b0233a1b6548414390c31f9af
+        SHA1: 4a04ad93f7f4dccca551dc0fea7b9b22f557e39b
+        SHA256: dc8a1cf5402f95d61662531507b12b04e16922eb89108eb751d1c634d475ef67
+    Description: ''
+    Company: ''
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    Product: ''
+    ProductVersion: ''
+    Copyright: ''
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    - WDFLDR.SYS
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - ObReferenceObjectByHandle
+    - IoCreateSymbolicLink
+    - ZwOpenSection
+    - ZwMapViewOfSection
+    - ZwUnmapViewOfSection
+    - IoCreateDevice
+    - IofCompleteRequest
+    - RtlCopyUnicodeString
+    - DbgPrint
+    - ZwClose
+    - RtlInitUnicodeString
+    - HalTranslateBusAddress
+    - WdfVersionUnbind
+    - WdfVersionBind
+    - WdfVersionUnbindClass
+    - WdfVersionBindClass
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Hardware Compatibility Publisher
+            ValidFrom: '2019-06-05 18:34:00'
+            ValidTo: '2020-06-03 18:34:00'
+            Signature: 312314217055afc1a5751181c7d2d7619b23ba17166e6ae6f358b16921c925c6e3b75c31b93035f357c154fe4d347019e927db1957193b741e3371b46f4d6212b3bec972d6ff2297e8b1f2391f840045471ee31c524d4f5bf1cae4a32b73f6e48f51f777bb5b8a726db2a387c7c8df42289540f4f3d27b37d4ab4854efba809021879f3257d5670d70003a51d62bbc68e345a769f37ccb3ad336b7b3c494f5d56ef8300228d29835e5129b070742a220f83b6c9d5e2589cf2e7a1f7b59cfc81cda3232fc2fa448d736db546dc4b274cad3da83433deaa3eb9919b23ad08dc4055a8026711adcfccdb47d7a7c1adb2671ecc7198a786973807699a0ee236a46771f88913b769693b0b8ce9b002a40c2aa426edfd9a98368f89817b0d174458a390e11628e21f77e751431fae13831228e0e357610a24d89806d85390e9b3831792f62688bf04f91ee9a854b252452de7e752f39e57765a09a4ff41ae96144593a8a99688c6c9ad6b9fcaba1189ef2372b99e96db3fe6402b0e125b17f36c6f70fc1eb83257ce639b6c691a9ec031dddb9fa6536bb8e6080c9db976533f4ddfb73309b6498543cc94d3283d43668d614dd60a4fe707eb3b871da3204c534c8cc73cbc66aeb36cefd765439eef68d7ee9c515eb617f051a72097d0a25003df2dceccc9a0c4be1fd27e473955cc83ee9dba626748b1cb723c3b1c8b8ebc59321a0f5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 33000000319479a318f5522d06000000000031
+            Version: 3
+            TBS:
+                MD5: 5b81fd0f706522a8d7c9f2957283c0b4
+                SHA1: 84d894599653a8ed0e0b2802db3197dc177908cc
+                SHA256: 4fa629304df4287c97ae5b7e481974316e9daf776b0cdeffab1671e7dca68fb4
+                SHA384: 0b89dc122fc7ebf80881a5047ffbbcb0bec30636516aff4f43307e2a925a476cabfc26e2cc392ad748d655f6ec4c8b75
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2014
+            ValidFrom: '2014-10-15 20:31:27'
+            ValidTo: '2029-10-15 20:41:27'
+            Signature: 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 330000000d690d5d7893d076df00000000000d
+            Version: 3
+            TBS:
+                MD5: 83f69422963f11c3c340b81712eef319
+                SHA1: 0c5e5f24590b53bc291e28583acb78e5adc95601
+                SHA256: d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
+                SHA384: 260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63
+        Signer:
+        -   SerialNumber: 33000000319479a318f5522d06000000000031
+            Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2014
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 5989194a389d2f7302b66de35c6b4ff5
+        SHA1: bcd3bbaf6c808eb23b0cad3cef6586bfcd063d62
+        SHA256: 83dbcc75fa740bdc3df5599b038ff6386a6a58805acfdaa77173f37b1808c012
+    Sections:
+        .text:
+            Entropy: 6.147035799967813
+            Virtual Size: '0xe0b'
+        .rdata:
+            Entropy: 3.8004281893864085
+            Virtual Size: '0x54c'
+        .data:
+            Entropy: 0.5982968479127164
+            Virtual Size: '0xf28'
+        .pdata:
+            Entropy: 3.4469659354420483
+            Virtual Size: '0xb4'
+        INIT:
+            Entropy: 4.9556661025850675
+            Virtual Size: '0x2fa'
+        .reloc:
+            Entropy: 3.0890191852411095
+            Virtual Size: '0x24'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2019-12-06 02:42:17'
+    Imphash: ad374977f06fefefbb9c77155f7a0733
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: GVCIDrv64.sys
+    MD5: acd221ff7cf10b6117fd609929cde395
+    SHA1: 1586f121d38cc42e5d04fe2f56091e91c6cdd8fa
+    SHA256: f85784fa8e7a7ec86cb3fe76435802f6bb82256e1824ed7b5d61bf075f054573
+    Authentihash:
+        MD5: ad8e307b0233a1b6548414390c31f9af
+        SHA1: 4a04ad93f7f4dccca551dc0fea7b9b22f557e39b
+        SHA256: dc8a1cf5402f95d61662531507b12b04e16922eb89108eb751d1c634d475ef67
+    Description: ''
+    Company: ''
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    Product: ''
+    ProductVersion: ''
+    Copyright: ''
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    - WDFLDR.SYS
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - ObReferenceObjectByHandle
+    - IoCreateSymbolicLink
+    - ZwOpenSection
+    - ZwMapViewOfSection
+    - ZwUnmapViewOfSection
+    - IoCreateDevice
+    - IofCompleteRequest
+    - RtlCopyUnicodeString
+    - DbgPrint
+    - ZwClose
+    - RtlInitUnicodeString
+    - HalTranslateBusAddress
+    - WdfVersionUnbind
+    - WdfVersionBind
+    - WdfVersionUnbindClass
+    - WdfVersionBindClass
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 Extended Validation Code Signing CA , G2
+            ValidFrom: '2014-03-04 00:00:00'
+            ValidTo: '2024-03-03 23:59:59'
+            Signature: 3f5b19f3fa13d575382a5aee9f5aa04ca91dc5cc94eede15fef5106ea41ba56483541858c40b28a185c34e74e5ff897cfed5ed3cba719f5602268f162a88feb0a32722ce4be2388e00a63a865f9de53ea8de644941744121fd07c88417da1d653082cb264f39d60427a481b14b49c3238b7e02321827b7ab0bf31872b6a4ee67066f38a6588de0f17e5da460c6a8e5505fe0e8bae28f9958b6b5a0a876f1a2f11c8841727e52979b0a36998d50f701eb3ce7f0226ae5358c63368a1ab1d967665f971aefa8209df02fba6cced9948500f158f17dc97c22b5075d02c6e60bbfab9393ff27188e33367e5734f1c3af04c184f156b3e8878336f8d30a31dc6e2c6d
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 191a32cb759c97b8cfac118dd5127f49
+            Version: 3
+            TBS:
+                MD5: 788b61bd26da89253179e3de2cdb527f
+                SHA1: 7d06f16e7bf21bce4f71c2cb7a3e74351451bf69
+                SHA256: b3c925b4048c3f7c444d248a2b101186b57cba39596eb5dce0e17a4ee4b32f19
+                SHA384: 2955e28cb7ec0ea9730b499a0f189f9621eceb02591a9486b583f12bb845885a30d6a871826318a167cc5f06b274e58c
+        -   Subject: ??=TW, ??=, ??=NEW TAIPEI, ??=Private Organization, serialNumber=22044755,
+                C=TW, L=NEW TAIPEI, O=GIGA,BYTE Technology Co., Ltd., CN=GIGA,BYTE
+                Technology Co., Ltd.
+            ValidFrom: '2018-12-07 00:00:00'
+            ValidTo: '2021-12-06 23:59:59'
+            Signature: 502fd3341b71cab45e302c7b586f9beefdce61639b7ccbaf643eb13bb29fcc6d5e37ba8f8af0b2d775216237d659088cbf124514ebe1fc6a663f20cbbd920afd64fbec463254a4e845cdb452b5768fcb2fb74e13043899381b57ce63419679395729d52fc8efbe19e08c5a4c6337eb910e048d30c2888718355460150ae33f20c8ea3724251dbe28d45de130843b462e11ff1ca90fb98e097b5f372b0aa1c5b2791897b4cf79cdbc02c5aca5a935a3ccf67fb67ef28390ed7913ee32e708869acbba27f24d6c7fc45b795b5e90c7200551babe0bae400343fc6fd75d36da7b5def7fde3a7f97519796d3bd14755a3adaa7cafcbe2cc24eb9a1a046ea8e05376d
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 4f8eefa0dcc85bbd656ab0f160743d34
+            Version: 3
+            TBS:
+                MD5: 5415ec7433f8ae320658011dfcfa2998
+                SHA1: 044407fe1b8e4b5af9eecf34ea87a0ecb32ee6bb
+                SHA256: f828f449f9b365a1455b8358b044385beaf097166a80defc440eacb8deb6ef26
+                SHA384: 640b5b53eabd60a97be0f1fcf7c893edb3d8ebf507c63958114532cd445246dc0ae92a4dadec314dd5babee5d7f0497c
+        Signer:
+        -   SerialNumber: 4f8eefa0dcc85bbd656ab0f160743d34
+            Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 Extended Validation Code Signing CA , G2
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 5989194a389d2f7302b66de35c6b4ff5
+        SHA1: bcd3bbaf6c808eb23b0cad3cef6586bfcd063d62
+        SHA256: 83dbcc75fa740bdc3df5599b038ff6386a6a58805acfdaa77173f37b1808c012
+    Sections:
+        .text:
+            Entropy: 6.147035799967813
+            Virtual Size: '0xe0b'
+        .rdata:
+            Entropy: 3.8004281893864085
+            Virtual Size: '0x54c'
+        .data:
+            Entropy: 0.5982968479127164
+            Virtual Size: '0xf28'
+        .pdata:
+            Entropy: 3.4469659354420483
+            Virtual Size: '0xb4'
+        INIT:
+            Entropy: 4.9556661025850675
+            Virtual Size: '0x2fa'
+        .reloc:
+            Entropy: 3.0890191852411095
+            Virtual Size: '0x24'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2019-12-06 02:42:17'
+    Imphash: ad374977f06fefefbb9c77155f7a0733
+    LoadsDespiteHVCI: 'TRUE'
diff --git a/yaml/57354c82-ff9c-4a54-8377-d195e4ff0a26.yaml b/yaml/57354c82-ff9c-4a54-8377-d195e4ff0a26.yaml
index d6262452f..c77cb8040 100644
--- a/yaml/57354c82-ff9c-4a54-8377-d195e4ff0a26.yaml
+++ b/yaml/57354c82-ff9c-4a54-8377-d195e4ff0a26.yaml
@@ -1,2292 +1,19 @@
 Id: 57354c82-ff9c-4a54-8377-d195e4ff0a26
+Tags:
+- Mhyprot2.sys
+- mhyprot.sys
+Verified: 'TRUE'
 Author: Nasreddine Bencherchali, Michael Haag
 Created: '2023-01-09'
 MitreID: T1068
 Category: vulnerable driver
-Verified: 'TRUE'
 Commands:
-  Command: sc.exe create mhyprot.sys binPath=C:\windows\temp\mhyprot.sys type=kernel
-    && sc.exe start mhyprot.sys
-  Description: ''
-  Usecase: Elevate privileges
-  Privileges: kernel
-  OperatingSystem: Windows 10
-Acknowledgement:
-  Person: ''
-  Handle: ''
-Detection: []
-KnownVulnerableSamples:
-- Filename: mhyprot.sys
-  MD5: 8b779fe1d71839ad361226f66f1b3fe5
-  SHA1: 175fb76c7cd8f0aeb916f4acb3b03f8b2d51846a
-  SHA256: 0c512b615eac374d4d494e3c36838d8e788b3dc2691bf27916f7f42694b14467
-  Authentihash:
-    MD5: a74fbda962fe6aa9701b1af91f74675a
-    SHA1: f1f4cfa7c5b4a882ff4c107e72977edcd7128855
-    SHA256: 7bfa54943180e34aea390a8f63a2cb007cf53c336dff697c60a79103f3c0c19d
-  Description: ''
-  Company: ''
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  Product: ''
-  ProductVersion: ''
-  Copyright: ''
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - WDFLDR.SYS
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - NtQuerySystemInformation
-  - RtlInitUnicodeString
-  - ExAllocatePool
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - _wcsicmp
-  - RtlInitString
-  - RtlAnsiStringToUnicodeString
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - ZwClose
-  - MmIsAddressValid
-  - ZwOpenDirectoryObject
-  - ZwQueryDirectoryObject
-  - ObReferenceObjectByName
-  - ZwQuerySystemInformation
-  - __C_specific_handler
-  - MmHighestUserAddress
-  - IoDriverObjectType
-  - KeQueryTimeIncrement
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - PsGetProcessWow64Process
-  - PsGetProcessPeb
-  - MmUnlockPages
-  - MmGetSystemRoutineAddress
-  - MmUnmapLockedPages
-  - IoFreeMdl
-  - ZwTerminateProcess
-  - PsGetProcessImageFileName
-  - ObOpenObjectByPointer
-  - PsReferenceProcessFilePointer
-  - IoQueryFileDosDeviceName
-  - ZwQueryVirtualMemory
-  - MmProbeAndLockPages
-  - PsLookupProcessByProcessId
-  - MmMapLockedPagesSpecifyCache
-  - IoAllocateMdl
-  - IoGetCurrentProcess
-  - MmCopyVirtualMemory
-  - KeClearEvent
-  - KeSetEvent
-  - KeWaitForSingleObject
-  - MmMapLockedPages
-  - ObReferenceObjectByHandle
-  - PsSetCreateProcessNotifyRoutineEx
-  - PsSetCreateThreadNotifyRoutine
-  - PsRemoveCreateThreadNotifyRoutine
-  - PsSetLoadImageNotifyRoutine
-  - PsRemoveLoadImageNotifyRoutine
-  - ExEventObjectType
-  - ObRegisterCallbacks
-  - ObUnRegisterCallbacks
-  - ObGetFilterVersion
-  - IoThreadToProcess
-  - strcmp
-  - PsProcessType
-  - PsThreadType
-  - RtlGetVersion
-  - ObfReferenceObject
-  - ObGetObjectType
-  - ExEnumHandleTable
-  - ExfUnblockPushLock
-  - _snprintf
-  - vsprintf_s
-  - ZwCreateFile
-  - ZwWriteFile
-  - PsLookupThreadByThreadId
-  - NtQueryInformationThread
-  - PsGetThreadProcess
-  - DbgPrint
-  - KeDelayExecutionThread
-  - KdDisableDebugger
-  - KdChangeOption
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - KdDebuggerEnabled
-  - PsGetVersion
-  - KeInitializeEvent
-  - RtlCopyUnicodeString
-  - ObfDereferenceObject
-  - ExReleaseFastMutex
-  - ExAcquireFastMutex
-  - MmBuildMdlForNonPagedPool
-  - WdfVersionBindClass
-  - WdfVersionBind
-  - WdfVersionUnbind
-  - WdfVersionUnbindClass
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=CN, L=Shanghai, O=miHoYo Co.,Ltd., OU=OPS, CN=miHoYo Co.,Ltd.
-      ValidFrom: '2019-04-08 00:00:00'
-      ValidTo: '2022-04-08 12:00:00'
-      Signature: 46a5e6f6c38a63b314f7e2677bb86d4bcd7839eef8e006048ddd58c6783ff0657456e61c800efb31966c611f7ca7d1de1785e006e3f4c0b24cb652842e42cbae016320a774724537fc30e8f09895fdb626daa26b5740c7538aa1df1f97dcab12c3a743c2048f6c9a754f66189ac0f21544399798fb780cd347c9cac0443c8d778736938e17cdd5eca8a2338d8171efd61e13c868dff862da9df4ca8c653a227e0971030aa7e6b44dc2199d1ebd9cae00c6f0a3e91bb883cc509fb297902ba5c13e5826071d92178ace51f1a0653b0445cf7ba17226401c92d7db4f67a37d1243f9094ad5f32873891ea5004a8cbfec77129d4955e344492aaee456f852001ded
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 05a7559541e0fdc678d79e3272468907
-      Version: 3
-      TBS:
-        MD5: 3e83a7572d1c522dd9072ba6399029d7
-        SHA1: e2c2d59b70f028a66a8711bfa97f842475f84639
-        SHA256: 5a504a929cb21f72008d5d57bcd992a7cac13f6aa90cbb886b5ecd809e3b59dd
-        SHA384: 72916ab6c7eb3f5cb7444b3d7d2ac8cb52944605477c5a0f181d060e4edb4c37ebe5eb3c0566dda9de2d2707636ec355
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root
-        CA
-      ValidFrom: '2011-04-15 19:41:37'
-      ValidTo: '2021-04-15 19:51:37'
-      Signature: 5cf5b22d02ceed01b53512d813f7aa4014c7a15ca08a55ed7e55ea6ac457176fd04722423658efc5ac61c5f62c52ce6ae6c80d85dab334420ea40225182672b92a4ea57e4b16f2a0e40c449ce24d9af474f0f927a6699031c244654348c74869d0fc8409f286140ac22996857f11eb8713176ed3ec6bff1d578ab17b1ea5a07ce9a27a68e5fac6b161d67263fa379163835599f81d614f0c6fa3f7bcb1152acc8d85e31417ef7e49443fb022c0f0acbe2fdbe10c86b0f4585c5a10a94bcdf3448a4652083e0a6210e9459504b78b8d4b074f500db7bbe7fb8ca27878c6c53b7663b2cfe521845a66fce04c79834ecfa8ee700586587cc29cd73ca3ad3c7e76625c87d0ed7cd5c55b1421f4be75a275d2e9e15ad020307841624d6b5e6e1b1710244ad8588775d015d762bbfd185665842561977faad49df4f35d6da031c2e19e02ac3e90c3327ee832903416d08b14cf95accee58c54a265b8bfed186a57073ed3e79a4a2f081a041c49871a8ae61b08a365d81c31c50d9cbab368ddf45076160675fec403e7d13edfdc862e10027e661296534e7af3365879b12042d8963f35be3f8ef2999743f5e40ce13c68728c8d49d75a52b573fb7a35943a61b08482c04885c19732d39b725fa0d2348f7ef0467cf28c7294c707b0d7b5b230b81965f09c8327b0a0abd0a2727e050fb3aeddb95b9b42bcc32663456b86f11d4643edc8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611cb28a000000000026
-      Version: 3
-      TBS:
-        MD5: 983a0c315a50542362f2bd6a5d71c8d0
-        SHA1: 8047f476001f5cb16a661d2a3fd0c3576168f5e2
-        SHA256: 5f6a519ed2e35cd0fa1cdfc90f4387162c36287bbf9e4d6648251d99542a9e83
-        SHA384: 5f014b60511ddab3247ef0b3c03fe82c622237ba76015e2911d1adc50dc632d56ebd1ee532f3c2b6cbfe68d80a2c91dc
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code
-        Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 7b721d64ff88c83ac1b7e9e7a9c487bbdb9492d7905933fa2b87dea85b80253f138f9b831b7c43c4e68cdf393ec315ecb0da3b21257b24c1725db84791811346fa9c3f6a5138deb425cbf0abdfc528015479104624d1380f26a161904dbabd28e63ff1c4aa9bf6da35534fc9f23dd36cdc23edaaa04d6709f33a803d3cfb364c90e776a4ddf23abf56352fa24c65e8e0d4dad1c7c8916a2d234f373b199418d4d59c103cd5b11c19ff8fc86b9b9ef8ae9c999678d1cd9c51155b4226725a8d0a4a239240e886de22c2933ad49b68a6df297f06b93c0ebd9fc4869c82474271328609997209794b9d7169f541ff7f397764f1848dbe8b1eb27d68a3a590b10cff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0fa8490615d700a0be2176fdc5ec6dbd
-      Version: 3
-      TBS:
-        MD5: a9a31555bbc92b6033975c5428fb3679
-        SHA1: 47f4b9898631773231b32844ec0d49990ac4eb1e
-        SHA256: c826846e4b1d73edb7561ab1b41c949354e237a91e82fe1be5b7e2e1701f52d1
-        SHA384: 86f49574f368a561914a52d7ae043ec6784ef8c718960700f834e123594605d25d39f1ad45f1eb5052c9567f3edd0e16
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 05a7559541e0fdc678d79e3272468907
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code
-        Signing CA,1
-      Version: 1
-  RichPEHeaderHash:
-    MD5: ffdf660eb1ebf020a1d0a55a90712dfb
-    SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
-    SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
-  Sections:
-    .text:
-      Entropy: 6.183070832014416
-      Virtual Size: '0x6ed0'
-    .rdata:
-      Entropy: 4.768973580594352
-      Virtual Size: '0x159c'
-    .data:
-      Entropy: 0.807954115503613
-      Virtual Size: '0x15f8'
-    .pdata:
-      Entropy: 7.83996638727823
-      Virtual Size: '0x684'
-    PAGE:
-      Entropy: 5.929327209049661
-      Virtual Size: '0xb7a'
-    INIT:
-      Entropy: 5.3523212488458185
-      Virtual Size: '0xe54'
-    .upx0:
-      Entropy: 7.037246397744446
-      Virtual Size: '0x124190'
-    .reloc:
-      Entropy: 3.9077681077271933
-      Virtual Size: '0xcc'
-    .rsrc:
-      Entropy: 2.9056718289000636
-      Virtual Size: '0x22c'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2020-08-16 21:38:03'
-  Imphash: a74f61fdcea718cb9579907b2caf54ab
-  LoadsDespiteHVCI: 'TRUE'
-- Filename: mhyprot.sys
-  MD5: 67e3b720cee8184c714585a85f8058a0
-  SHA1: 254dce914e13b90003b0ae72d8705d92fe7c8dd0
-  SHA256: 69e3fda487a5ec2ec0f67b7d79a5a836ff0036497b2d1aec514c67d2efa789b2
-  Authentihash:
-    MD5: 19c86f21ca10d68738fac94bb43e7861
-    SHA1: c771ea59f075170e952c393cfd6fc784b265027c
-    SHA256: 39937d239220c1b779d7d55613de2c0a48bd6e12e0214da4c65992b96cf591df
-  Description: ''
-  Company: ''
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  Product: ''
-  ProductVersion: ''
-  Copyright: ''
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - WDFLDR.SYS
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - ObfDereferenceObject
-  - PsLookupProcessByProcessId
-  - NtQuerySystemInformation
-  - RtlInitUnicodeString
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - IoGetCurrentProcess
-  - _wcsicmp
-  - RtlInitString
-  - RtlAnsiStringToUnicodeString
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - ZwClose
-  - MmIsAddressValid
-  - ZwOpenDirectoryObject
-  - ZwQueryDirectoryObject
-  - ObReferenceObjectByName
-  - ZwQuerySystemInformation
-  - __C_specific_handler
-  - MmHighestUserAddress
-  - IoDriverObjectType
-  - KeQueryTimeIncrement
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - PsGetProcessWow64Process
-  - PsGetProcessPeb
-  - MmUnlockPages
-  - MmGetSystemRoutineAddress
-  - MmUnmapLockedPages
-  - IoFreeMdl
-  - ZwTerminateProcess
-  - PsGetProcessImageFileName
-  - ZwQueryObject
-  - ObOpenObjectByPointer
-  - PsReferenceProcessFilePointer
-  - IoQueryFileDosDeviceName
-  - ExReleaseFastMutex
-  - MmBuildMdlForNonPagedPool
-  - MmMapLockedPagesSpecifyCache
-  - IoAllocateMdl
-  - MmCopyVirtualMemory
-  - KeClearEvent
-  - KeSetEvent
-  - KeWaitForSingleObject
-  - MmMapLockedPages
-  - ObReferenceObjectByHandle
-  - PsSetCreateProcessNotifyRoutineEx
-  - PsSetCreateThreadNotifyRoutine
-  - PsRemoveCreateThreadNotifyRoutine
-  - PsSetLoadImageNotifyRoutine
-  - PsRemoveLoadImageNotifyRoutine
-  - ExEventObjectType
-  - ObRegisterCallbacks
-  - ObUnRegisterCallbacks
-  - ObGetFilterVersion
-  - PsGetProcessId
-  - IoThreadToProcess
-  - strcmp
-  - PsProcessType
-  - PsThreadType
-  - RtlGetVersion
-  - ObfReferenceObject
-  - ObGetObjectType
-  - ExEnumHandleTable
-  - ExfUnblockPushLock
-  - PsAcquireProcessExitSynchronization
-  - PsReleaseProcessExitSynchronization
-  - _snprintf
-  - vsprintf_s
-  - ZwCreateFile
-  - ZwWriteFile
-  - PsLookupThreadByThreadId
-  - NtQueryInformationThread
-  - PsGetThreadProcess
-  - KeDelayExecutionThread
-  - KdDisableDebugger
-  - KdChangeOption
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - KdDebuggerEnabled
-  - PsGetVersion
-  - KeInitializeEvent
-  - RtlCopyUnicodeString
-  - ExAcquireFastMutex
-  - ExFreePoolWithTag
-  - ExAllocatePool
-  - MmProbeAndLockPages
-  - WdfVersionBindClass
-  - WdfVersionBind
-  - WdfVersionUnbind
-  - WdfVersionUnbindClass
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=CN, L=Shanghai, O=miHoYo Co.,Ltd., OU=OPS, CN=miHoYo Co.,Ltd.
-      ValidFrom: '2019-04-08 00:00:00'
-      ValidTo: '2022-04-08 12:00:00'
-      Signature: 46a5e6f6c38a63b314f7e2677bb86d4bcd7839eef8e006048ddd58c6783ff0657456e61c800efb31966c611f7ca7d1de1785e006e3f4c0b24cb652842e42cbae016320a774724537fc30e8f09895fdb626daa26b5740c7538aa1df1f97dcab12c3a743c2048f6c9a754f66189ac0f21544399798fb780cd347c9cac0443c8d778736938e17cdd5eca8a2338d8171efd61e13c868dff862da9df4ca8c653a227e0971030aa7e6b44dc2199d1ebd9cae00c6f0a3e91bb883cc509fb297902ba5c13e5826071d92178ace51f1a0653b0445cf7ba17226401c92d7db4f67a37d1243f9094ad5f32873891ea5004a8cbfec77129d4955e344492aaee456f852001ded
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 05a7559541e0fdc678d79e3272468907
-      Version: 3
-      TBS:
-        MD5: 3e83a7572d1c522dd9072ba6399029d7
-        SHA1: e2c2d59b70f028a66a8711bfa97f842475f84639
-        SHA256: 5a504a929cb21f72008d5d57bcd992a7cac13f6aa90cbb886b5ecd809e3b59dd
-        SHA384: 72916ab6c7eb3f5cb7444b3d7d2ac8cb52944605477c5a0f181d060e4edb4c37ebe5eb3c0566dda9de2d2707636ec355
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root
-        CA
-      ValidFrom: '2011-04-15 19:41:37'
-      ValidTo: '2021-04-15 19:51:37'
-      Signature: 5cf5b22d02ceed01b53512d813f7aa4014c7a15ca08a55ed7e55ea6ac457176fd04722423658efc5ac61c5f62c52ce6ae6c80d85dab334420ea40225182672b92a4ea57e4b16f2a0e40c449ce24d9af474f0f927a6699031c244654348c74869d0fc8409f286140ac22996857f11eb8713176ed3ec6bff1d578ab17b1ea5a07ce9a27a68e5fac6b161d67263fa379163835599f81d614f0c6fa3f7bcb1152acc8d85e31417ef7e49443fb022c0f0acbe2fdbe10c86b0f4585c5a10a94bcdf3448a4652083e0a6210e9459504b78b8d4b074f500db7bbe7fb8ca27878c6c53b7663b2cfe521845a66fce04c79834ecfa8ee700586587cc29cd73ca3ad3c7e76625c87d0ed7cd5c55b1421f4be75a275d2e9e15ad020307841624d6b5e6e1b1710244ad8588775d015d762bbfd185665842561977faad49df4f35d6da031c2e19e02ac3e90c3327ee832903416d08b14cf95accee58c54a265b8bfed186a57073ed3e79a4a2f081a041c49871a8ae61b08a365d81c31c50d9cbab368ddf45076160675fec403e7d13edfdc862e10027e661296534e7af3365879b12042d8963f35be3f8ef2999743f5e40ce13c68728c8d49d75a52b573fb7a35943a61b08482c04885c19732d39b725fa0d2348f7ef0467cf28c7294c707b0d7b5b230b81965f09c8327b0a0abd0a2727e050fb3aeddb95b9b42bcc32663456b86f11d4643edc8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611cb28a000000000026
-      Version: 3
-      TBS:
-        MD5: 983a0c315a50542362f2bd6a5d71c8d0
-        SHA1: 8047f476001f5cb16a661d2a3fd0c3576168f5e2
-        SHA256: 5f6a519ed2e35cd0fa1cdfc90f4387162c36287bbf9e4d6648251d99542a9e83
-        SHA384: 5f014b60511ddab3247ef0b3c03fe82c622237ba76015e2911d1adc50dc632d56ebd1ee532f3c2b6cbfe68d80a2c91dc
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code
-        Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 7b721d64ff88c83ac1b7e9e7a9c487bbdb9492d7905933fa2b87dea85b80253f138f9b831b7c43c4e68cdf393ec315ecb0da3b21257b24c1725db84791811346fa9c3f6a5138deb425cbf0abdfc528015479104624d1380f26a161904dbabd28e63ff1c4aa9bf6da35534fc9f23dd36cdc23edaaa04d6709f33a803d3cfb364c90e776a4ddf23abf56352fa24c65e8e0d4dad1c7c8916a2d234f373b199418d4d59c103cd5b11c19ff8fc86b9b9ef8ae9c999678d1cd9c51155b4226725a8d0a4a239240e886de22c2933ad49b68a6df297f06b93c0ebd9fc4869c82474271328609997209794b9d7169f541ff7f397764f1848dbe8b1eb27d68a3a590b10cff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0fa8490615d700a0be2176fdc5ec6dbd
-      Version: 3
-      TBS:
-        MD5: a9a31555bbc92b6033975c5428fb3679
-        SHA1: 47f4b9898631773231b32844ec0d49990ac4eb1e
-        SHA256: c826846e4b1d73edb7561ab1b41c949354e237a91e82fe1be5b7e2e1701f52d1
-        SHA384: 86f49574f368a561914a52d7ae043ec6784ef8c718960700f834e123594605d25d39f1ad45f1eb5052c9567f3edd0e16
-    - Subject: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo
-        RSA Time Stamping CA
-      ValidFrom: '2019-05-02 00:00:00'
-      ValidTo: '2038-01-18 23:59:59'
-      Signature: 6d5481a5335d16e1b553819175df037a320b2d258411b2b0db2a7d2a05f5bc3b27f45aa0b9495990296c61cbb550dbe27df99f00ef40c3add3e2e456f95841cff142e5107dffb0741f8fc65c09f9335eeaa01c26585cf3b4110fd5d5c3e2bcd55878bf4876e144676d8fb043100f8de4f93862bf1301c585a34cc5ccb2533095a4d6f4965608b8cd5c7f0196be72526a3b42377c1678399393949bb1dcb26d416d67cdc96f903d7f4572c11b23d6c2558466e4b3c56606f6f3d64b5eada32b428a2192fea86f5a2570628173635ea0bbd8dcd74ad33daf830638121d24872de4fc02d63e7704bc0436b5e777cb9c2e8d2318b9a3c2471df05dd6a1735705689aa7c937651dbeeabcd842834305a58ba609ffd1a194a64eaa3d09f5056cb7d2645ad82a22c24b9df1395e4cde483d9b34969a095f8efdf7b15291ce3f89f61ca1b5a9751f71bf5b435d653d50816eabf0d0d3fcb2b31fb6999626f43c798b5c64cccdee279ae5a0c00c7287c16e4d5ad31eeaf044e6326f1ceb174e94c37865203b0f41aa1fe9a1419dfeb1b8a0652a34e0dea8f93ce6c130bbc0a0632cfc5c1600a8d0c47fea119d1e06c6a66d325db438092b4907aafdec30daf1a72fcfb7fdfad0a384d9279efb016677b95610e1206ec6aeb1f9b6bac8355d33768ef17c200c2a77aeb5a20286ba29eeb45a00b18cabe3f90ac9545dd4b96a749ebd48ae98
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.12
-      IsCertificateAuthority: true
-      SerialNumber: 300f6facdd6698747ca94636a7782db9
-      Version: 3
-      TBS:
-        MD5: 63499ed59a1293b786649470e4ce0bd7
-        SHA1: 7309d8eaa65da1f3da7030c08f00a3b0a20fa908
-        SHA256: 8c8d2046b29e792e71b28705fe67c435208a336dde074a75452d98e72c734937
-        SHA384: 5dbc5eae13908fee4c4e5216f87e3e87208fff0d1052f5fa9f0856a429d6a6c422c625f2318f2f29aea26ece09c1e811
-    - Subject: 'C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo
-        RSA Time Stamping Signer #2'
-      ValidFrom: '2020-10-23 00:00:00'
-      ValidTo: '2032-01-22 23:59:59'
-      Signature: 4a0378904233ec7b1a830936339855bb9d4006306b456af1940e1950ff5b255e3be139c45bbae995903737bddffb64ece582b795cc5755704b4ef4a887dd2285a657bbb82127d4a02a31948a07219e8abda71af50215cb4450998cec3eba0377a6820290c22e93a9be21347563b9e02d0fcf0137cb8da2fab85a9aaea17a9e139319558f09902edfea881716eb69d6e125bd45089780d75420284fca7bb3b3a5d200b0603465c4e3c5c3a5e4ba85aa7a69db75a43e79689a368b43ae36d461723c0e85620da05e70db642f01c7c1a1c72494a3b23c6eb25ea2d0faa8d1b8251c16e6c0d57f681ac46529352a2d88bceaae74d682e7c088b8e14f78f05ccac0405cc29fd5321c2cda3cac36f706529aa3403017b0291699c9aab78849f7e80b2533b53f6daf9f5f0a56df12b1c3eece9177e82013e95c24c7ea440b4ae613841c4deb0db5b886a030a78ba19fb42cccc01623c991e542034b80cee44de62a013ec05e85a024a11740d5dbdbe79810a4f1ea191b8054fa4789e89881a975c00edfd0689479a1a09e8eb6b74266cbd9d96b2f4dd8de3e321e20e4ec9c4d428d9dc73399823744d4262926408e782fb9eefa2ff1f18ffe50b878dd1496de1c0e70b02a856ab16c68e92ae4102b6e21fdd37c9d37e42a06d6c3f1d768e34f0779810813feb2645ee9b13ce6d07823b2092ce22662bf3ba99751ccc7443281b2afcfdf
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.12
-      IsCertificateAuthority: false
-      SerialNumber: 008c77a0008ff4d1b0c63d9f3a48838d6b
-      Version: 3
-      TBS:
-        MD5: 6efd500ce038df7aa3087c1e63a5eb5c
-        SHA1: 1c961712a02fb995c585080eda53a753656ca3ad
-        SHA256: f60d4f8f7b56499de889264b1e64890694c5b106129d3db068976ed33495577a
-        SHA384: 031fdf7c078e205b4d3ffaff40de36f48f91f87c3b0005b482ff614b320f5e47785045cb87a3e6a75085c24ae8409498
-    Signer:
-    - SerialNumber: 05a7559541e0fdc678d79e3272468907
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code
-        Signing CA,1
-      Version: 1
-  RichPEHeaderHash:
-    MD5: ffdf660eb1ebf020a1d0a55a90712dfb
-    SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
-    SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
-  Sections:
-    .text:
-      Entropy: 6.1683529019554815
-      Virtual Size: '0x71a0'
-    .rdata:
-      Entropy: 4.824949371923319
-      Virtual Size: '0x15ec'
-    .data:
-      Entropy: 0.779983909093318
-      Virtual Size: '0x10f8'
-    .pdata:
-      Entropy: 7.754446314071279
-      Virtual Size: '0x6cc'
-    PAGE:
-      Entropy: 5.190660216587449
-      Virtual Size: '0xcda'
-    INIT:
-      Entropy: 5.3593629521412485
-      Virtual Size: '0xeae'
-    .upx0:
-      Entropy: 7.178607218904576
-      Virtual Size: '0x13fa4c'
-    .reloc:
-      Entropy: 3.991090826834167
-      Virtual Size: '0xc0'
-    .rsrc:
-      Entropy: 2.9056718289000636
-      Virtual Size: '0x22c'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2021-01-11 02:10:15'
-  Imphash: 82525a4a571f0f8d4e4f42ec6bb3900e
-  LoadsDespiteHVCI: 'TRUE'
-- Filename: mhyprot2.sys
-  MD5: 8f47af49c330c9fcf3451ad2252b9e04
-  SHA1: be797c91768ac854bd3b82a093e55db83da0cb11
-  SHA256: ad2477632b9b07588cfe0e692f244c05fa4202975c1fe91dd3b90fa911ac6058
-  Authentihash:
-    MD5: 5908564f34ef8fd94e9420c8f1af19bc
-    SHA1: bd2c5fdae29b39de9f862455fb2fb07fbf99ece2
-    SHA256: df3fd9fa267e12d7c6b65028373e21978041f0c94375b5c7316498fbad6f4ae0
-  Description: ''
-  Company: ''
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  Product: ''
-  ProductVersion: ''
-  Copyright: ''
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - WDFLDR.SYS
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - NtQuerySystemInformation
-  - RtlInitUnicodeString
-  - ExAllocatePool
-  - ExFreePoolWithTag
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - IoGetCurrentProcess
-  - _wcsicmp
-  - RtlInitString
-  - RtlAnsiStringToUnicodeString
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - ZwClose
-  - MmIsAddressValid
-  - ZwOpenDirectoryObject
-  - ZwQueryDirectoryObject
-  - ObReferenceObjectByName
-  - ZwQuerySystemInformation
-  - __C_specific_handler
-  - MmHighestUserAddress
-  - IoDriverObjectType
-  - KeQueryTimeIncrement
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - PsGetProcessWow64Process
-  - PsGetProcessPeb
-  - MmUnlockPages
-  - MmGetSystemRoutineAddress
-  - MmUnmapLockedPages
-  - IoFreeMdl
-  - ZwTerminateProcess
-  - PsGetProcessImageFileName
-  - ZwQueryObject
-  - ObOpenObjectByPointer
-  - PsReferenceProcessFilePointer
-  - IoQueryFileDosDeviceName
-  - MmProbeAndLockPages
-  - PsLookupProcessByProcessId
-  - MmMapLockedPagesSpecifyCache
-  - IoAllocateMdl
-  - MmCopyVirtualMemory
-  - KeClearEvent
-  - KeSetEvent
-  - KeWaitForSingleObject
-  - MmMapLockedPages
-  - ObReferenceObjectByHandle
-  - PsSetCreateProcessNotifyRoutineEx
-  - PsSetCreateThreadNotifyRoutine
-  - PsRemoveCreateThreadNotifyRoutine
-  - PsSetLoadImageNotifyRoutine
-  - PsRemoveLoadImageNotifyRoutine
-  - ExEventObjectType
-  - ObRegisterCallbacks
-  - ObUnRegisterCallbacks
-  - ObGetFilterVersion
-  - PsGetProcessId
-  - IoThreadToProcess
-  - strcmp
-  - PsProcessType
-  - PsThreadType
-  - RtlEqualUnicodeString
-  - RtlGetVersion
-  - ObfReferenceObject
-  - ObGetObjectType
-  - ExEnumHandleTable
-  - ExfUnblockPushLock
-  - PsAcquireProcessExitSynchronization
-  - PsReleaseProcessExitSynchronization
-  - _snprintf
-  - vsprintf_s
-  - ZwCreateFile
-  - ZwWriteFile
-  - PsLookupThreadByThreadId
-  - NtQueryInformationThread
-  - PsGetThreadProcess
-  - KeDelayExecutionThread
-  - KdDisableDebugger
-  - KdChangeOption
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - KdDebuggerEnabled
-  - PsGetVersion
-  - KeInitializeEvent
-  - RtlCopyUnicodeString
-  - ObfDereferenceObject
-  - ExReleaseFastMutex
-  - ExAcquireFastMutex
-  - MmBuildMdlForNonPagedPool
-  - WdfVersionBindClass
-  - WdfVersionBind
-  - WdfVersionUnbind
-  - WdfVersionUnbindClass
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=CN, L=Shanghai, O=miHoYo Co.,Ltd., OU=OPS, CN=miHoYo Co.,Ltd.
-      ValidFrom: '2019-04-08 00:00:00'
-      ValidTo: '2022-04-08 12:00:00'
-      Signature: 46a5e6f6c38a63b314f7e2677bb86d4bcd7839eef8e006048ddd58c6783ff0657456e61c800efb31966c611f7ca7d1de1785e006e3f4c0b24cb652842e42cbae016320a774724537fc30e8f09895fdb626daa26b5740c7538aa1df1f97dcab12c3a743c2048f6c9a754f66189ac0f21544399798fb780cd347c9cac0443c8d778736938e17cdd5eca8a2338d8171efd61e13c868dff862da9df4ca8c653a227e0971030aa7e6b44dc2199d1ebd9cae00c6f0a3e91bb883cc509fb297902ba5c13e5826071d92178ace51f1a0653b0445cf7ba17226401c92d7db4f67a37d1243f9094ad5f32873891ea5004a8cbfec77129d4955e344492aaee456f852001ded
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 05a7559541e0fdc678d79e3272468907
-      Version: 3
-      TBS:
-        MD5: 3e83a7572d1c522dd9072ba6399029d7
-        SHA1: e2c2d59b70f028a66a8711bfa97f842475f84639
-        SHA256: 5a504a929cb21f72008d5d57bcd992a7cac13f6aa90cbb886b5ecd809e3b59dd
-        SHA384: 72916ab6c7eb3f5cb7444b3d7d2ac8cb52944605477c5a0f181d060e4edb4c37ebe5eb3c0566dda9de2d2707636ec355
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root
-        CA
-      ValidFrom: '2011-04-15 19:41:37'
-      ValidTo: '2021-04-15 19:51:37'
-      Signature: 5cf5b22d02ceed01b53512d813f7aa4014c7a15ca08a55ed7e55ea6ac457176fd04722423658efc5ac61c5f62c52ce6ae6c80d85dab334420ea40225182672b92a4ea57e4b16f2a0e40c449ce24d9af474f0f927a6699031c244654348c74869d0fc8409f286140ac22996857f11eb8713176ed3ec6bff1d578ab17b1ea5a07ce9a27a68e5fac6b161d67263fa379163835599f81d614f0c6fa3f7bcb1152acc8d85e31417ef7e49443fb022c0f0acbe2fdbe10c86b0f4585c5a10a94bcdf3448a4652083e0a6210e9459504b78b8d4b074f500db7bbe7fb8ca27878c6c53b7663b2cfe521845a66fce04c79834ecfa8ee700586587cc29cd73ca3ad3c7e76625c87d0ed7cd5c55b1421f4be75a275d2e9e15ad020307841624d6b5e6e1b1710244ad8588775d015d762bbfd185665842561977faad49df4f35d6da031c2e19e02ac3e90c3327ee832903416d08b14cf95accee58c54a265b8bfed186a57073ed3e79a4a2f081a041c49871a8ae61b08a365d81c31c50d9cbab368ddf45076160675fec403e7d13edfdc862e10027e661296534e7af3365879b12042d8963f35be3f8ef2999743f5e40ce13c68728c8d49d75a52b573fb7a35943a61b08482c04885c19732d39b725fa0d2348f7ef0467cf28c7294c707b0d7b5b230b81965f09c8327b0a0abd0a2727e050fb3aeddb95b9b42bcc32663456b86f11d4643edc8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611cb28a000000000026
-      Version: 3
-      TBS:
-        MD5: 983a0c315a50542362f2bd6a5d71c8d0
-        SHA1: 8047f476001f5cb16a661d2a3fd0c3576168f5e2
-        SHA256: 5f6a519ed2e35cd0fa1cdfc90f4387162c36287bbf9e4d6648251d99542a9e83
-        SHA384: 5f014b60511ddab3247ef0b3c03fe82c622237ba76015e2911d1adc50dc632d56ebd1ee532f3c2b6cbfe68d80a2c91dc
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code
-        Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 7b721d64ff88c83ac1b7e9e7a9c487bbdb9492d7905933fa2b87dea85b80253f138f9b831b7c43c4e68cdf393ec315ecb0da3b21257b24c1725db84791811346fa9c3f6a5138deb425cbf0abdfc528015479104624d1380f26a161904dbabd28e63ff1c4aa9bf6da35534fc9f23dd36cdc23edaaa04d6709f33a803d3cfb364c90e776a4ddf23abf56352fa24c65e8e0d4dad1c7c8916a2d234f373b199418d4d59c103cd5b11c19ff8fc86b9b9ef8ae9c999678d1cd9c51155b4226725a8d0a4a239240e886de22c2933ad49b68a6df297f06b93c0ebd9fc4869c82474271328609997209794b9d7169f541ff7f397764f1848dbe8b1eb27d68a3a590b10cff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0fa8490615d700a0be2176fdc5ec6dbd
-      Version: 3
-      TBS:
-        MD5: a9a31555bbc92b6033975c5428fb3679
-        SHA1: 47f4b9898631773231b32844ec0d49990ac4eb1e
-        SHA256: c826846e4b1d73edb7561ab1b41c949354e237a91e82fe1be5b7e2e1701f52d1
-        SHA384: 86f49574f368a561914a52d7ae043ec6784ef8c718960700f834e123594605d25d39f1ad45f1eb5052c9567f3edd0e16
-    - Subject: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo
-        RSA Time Stamping CA
-      ValidFrom: '2019-05-02 00:00:00'
-      ValidTo: '2038-01-18 23:59:59'
-      Signature: 6d5481a5335d16e1b553819175df037a320b2d258411b2b0db2a7d2a05f5bc3b27f45aa0b9495990296c61cbb550dbe27df99f00ef40c3add3e2e456f95841cff142e5107dffb0741f8fc65c09f9335eeaa01c26585cf3b4110fd5d5c3e2bcd55878bf4876e144676d8fb043100f8de4f93862bf1301c585a34cc5ccb2533095a4d6f4965608b8cd5c7f0196be72526a3b42377c1678399393949bb1dcb26d416d67cdc96f903d7f4572c11b23d6c2558466e4b3c56606f6f3d64b5eada32b428a2192fea86f5a2570628173635ea0bbd8dcd74ad33daf830638121d24872de4fc02d63e7704bc0436b5e777cb9c2e8d2318b9a3c2471df05dd6a1735705689aa7c937651dbeeabcd842834305a58ba609ffd1a194a64eaa3d09f5056cb7d2645ad82a22c24b9df1395e4cde483d9b34969a095f8efdf7b15291ce3f89f61ca1b5a9751f71bf5b435d653d50816eabf0d0d3fcb2b31fb6999626f43c798b5c64cccdee279ae5a0c00c7287c16e4d5ad31eeaf044e6326f1ceb174e94c37865203b0f41aa1fe9a1419dfeb1b8a0652a34e0dea8f93ce6c130bbc0a0632cfc5c1600a8d0c47fea119d1e06c6a66d325db438092b4907aafdec30daf1a72fcfb7fdfad0a384d9279efb016677b95610e1206ec6aeb1f9b6bac8355d33768ef17c200c2a77aeb5a20286ba29eeb45a00b18cabe3f90ac9545dd4b96a749ebd48ae98
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.12
-      IsCertificateAuthority: true
-      SerialNumber: 300f6facdd6698747ca94636a7782db9
-      Version: 3
-      TBS:
-        MD5: 63499ed59a1293b786649470e4ce0bd7
-        SHA1: 7309d8eaa65da1f3da7030c08f00a3b0a20fa908
-        SHA256: 8c8d2046b29e792e71b28705fe67c435208a336dde074a75452d98e72c734937
-        SHA384: 5dbc5eae13908fee4c4e5216f87e3e87208fff0d1052f5fa9f0856a429d6a6c422c625f2318f2f29aea26ece09c1e811
-    - Subject: 'C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo
-        RSA Time Stamping Signer #2'
-      ValidFrom: '2020-10-23 00:00:00'
-      ValidTo: '2032-01-22 23:59:59'
-      Signature: 4a0378904233ec7b1a830936339855bb9d4006306b456af1940e1950ff5b255e3be139c45bbae995903737bddffb64ece582b795cc5755704b4ef4a887dd2285a657bbb82127d4a02a31948a07219e8abda71af50215cb4450998cec3eba0377a6820290c22e93a9be21347563b9e02d0fcf0137cb8da2fab85a9aaea17a9e139319558f09902edfea881716eb69d6e125bd45089780d75420284fca7bb3b3a5d200b0603465c4e3c5c3a5e4ba85aa7a69db75a43e79689a368b43ae36d461723c0e85620da05e70db642f01c7c1a1c72494a3b23c6eb25ea2d0faa8d1b8251c16e6c0d57f681ac46529352a2d88bceaae74d682e7c088b8e14f78f05ccac0405cc29fd5321c2cda3cac36f706529aa3403017b0291699c9aab78849f7e80b2533b53f6daf9f5f0a56df12b1c3eece9177e82013e95c24c7ea440b4ae613841c4deb0db5b886a030a78ba19fb42cccc01623c991e542034b80cee44de62a013ec05e85a024a11740d5dbdbe79810a4f1ea191b8054fa4789e89881a975c00edfd0689479a1a09e8eb6b74266cbd9d96b2f4dd8de3e321e20e4ec9c4d428d9dc73399823744d4262926408e782fb9eefa2ff1f18ffe50b878dd1496de1c0e70b02a856ab16c68e92ae4102b6e21fdd37c9d37e42a06d6c3f1d768e34f0779810813feb2645ee9b13ce6d07823b2092ce22662bf3ba99751ccc7443281b2afcfdf
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.12
-      IsCertificateAuthority: false
-      SerialNumber: 008c77a0008ff4d1b0c63d9f3a48838d6b
-      Version: 3
-      TBS:
-        MD5: 6efd500ce038df7aa3087c1e63a5eb5c
-        SHA1: 1c961712a02fb995c585080eda53a753656ca3ad
-        SHA256: f60d4f8f7b56499de889264b1e64890694c5b106129d3db068976ed33495577a
-        SHA384: 031fdf7c078e205b4d3ffaff40de36f48f91f87c3b0005b482ff614b320f5e47785045cb87a3e6a75085c24ae8409498
-    Signer:
-    - SerialNumber: 05a7559541e0fdc678d79e3272468907
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code
-        Signing CA,1
-      Version: 1
-  RichPEHeaderHash:
-    MD5: ffdf660eb1ebf020a1d0a55a90712dfb
-    SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
-    SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
-  Sections:
-    .text:
-      Entropy: 6.157664770831852
-      Virtual Size: '0x6b30'
-    .rdata:
-      Entropy: 4.753402516412843
-      Virtual Size: '0x1524'
-    .data:
-      Entropy: 0.807954115503613
-      Virtual Size: '0x15f8'
-    .pdata:
-      Entropy: 7.762205491774233
-      Virtual Size: '0x660'
-    PAGE:
-      Entropy: 5.555323265561846
-      Virtual Size: '0xb0a'
-    INIT:
-      Entropy: 5.375192691787179
-      Virtual Size: '0xeae'
-    .upx0:
-      Entropy: 7.119277616060462
-      Virtual Size: '0x137444'
-    .reloc:
-      Entropy: 3.865030456441881
-      Virtual Size: '0xb4'
-    .rsrc:
-      Entropy: 2.9056718289000636
-      Virtual Size: '0x22c'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2021-06-28 02:44:28'
-  Imphash: ebb99842fa08915eb8b7f67d8dc7a13a
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: mhyprot2.sys
-  MD5: 89c7bd12495e29413038224cb61db02e
-  SHA1: 16c6bcef489f190a48e9d3b1f35972db89516479
-  SHA256: b8b94c2646b62f6ac08f16514b6efaa9866aa3c581e4c0435a7aeafe569b2418
-  Authentihash:
-    MD5: d5a852a9cb4c81cba921aaf523bcabf4
-    SHA1: a3fd0d15889398830a61eed9dfac17dfbde792ef
-    SHA256: 8ced17d1ee92ae72749afdfe40f5029223d97f0f977e718bd5ab1242d1ff7cb5
-  Description: ''
-  Company: ''
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  Product: ''
-  ProductVersion: ''
-  Copyright: ''
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - WDFLDR.SYS
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - NtQuerySystemInformation
-  - RtlInitUnicodeString
-  - ExAllocatePool
-  - ExFreePoolWithTag
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - IoGetCurrentProcess
-  - _wcsicmp
-  - RtlInitString
-  - RtlAnsiStringToUnicodeString
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - ZwClose
-  - MmIsAddressValid
-  - ZwOpenDirectoryObject
-  - ZwQueryDirectoryObject
-  - ObReferenceObjectByName
-  - ZwQuerySystemInformation
-  - __C_specific_handler
-  - MmHighestUserAddress
-  - IoDriverObjectType
-  - KeQueryTimeIncrement
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - PsGetProcessWow64Process
-  - PsGetProcessPeb
-  - MmUnlockPages
-  - MmGetSystemRoutineAddress
-  - MmUnmapLockedPages
-  - IoFreeMdl
-  - ZwTerminateProcess
-  - PsGetProcessImageFileName
-  - ZwQueryObject
-  - ObOpenObjectByPointer
-  - PsReferenceProcessFilePointer
-  - IoQueryFileDosDeviceName
-  - PsLookupProcessByProcessId
-  - MmBuildMdlForNonPagedPool
-  - MmMapLockedPagesSpecifyCache
-  - IoAllocateMdl
-  - MmCopyVirtualMemory
-  - KeClearEvent
-  - KeSetEvent
-  - KeWaitForSingleObject
-  - MmMapLockedPages
-  - ObReferenceObjectByHandle
-  - PsSetCreateProcessNotifyRoutineEx
-  - PsSetCreateThreadNotifyRoutine
-  - PsRemoveCreateThreadNotifyRoutine
-  - PsSetLoadImageNotifyRoutine
-  - PsRemoveLoadImageNotifyRoutine
-  - ExEventObjectType
-  - ObRegisterCallbacks
-  - ObUnRegisterCallbacks
-  - ObGetFilterVersion
-  - PsGetProcessId
-  - IoThreadToProcess
-  - strcmp
-  - PsProcessType
-  - PsThreadType
-  - RtlGetVersion
-  - ObfReferenceObject
-  - ObGetObjectType
-  - ExEnumHandleTable
-  - ExfUnblockPushLock
-  - PsAcquireProcessExitSynchronization
-  - PsReleaseProcessExitSynchronization
-  - _snprintf
-  - vsprintf_s
-  - ZwCreateFile
-  - ZwWriteFile
-  - PsLookupThreadByThreadId
-  - NtQueryInformationThread
-  - PsGetThreadProcess
-  - KeDelayExecutionThread
-  - KdDisableDebugger
-  - KdChangeOption
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - KdDebuggerEnabled
-  - PsGetVersion
-  - KeInitializeEvent
-  - RtlCopyUnicodeString
-  - ObfDereferenceObject
-  - ExReleaseFastMutex
-  - ExAcquireFastMutex
-  - MmProbeAndLockPages
-  - WdfVersionBindClass
-  - WdfVersionBind
-  - WdfVersionUnbind
-  - WdfVersionUnbindClass
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=CN, L=Shanghai, O=miHoYo Co.,Ltd., OU=OPS, CN=miHoYo Co.,Ltd.
-      ValidFrom: '2019-04-08 00:00:00'
-      ValidTo: '2022-04-08 12:00:00'
-      Signature: 46a5e6f6c38a63b314f7e2677bb86d4bcd7839eef8e006048ddd58c6783ff0657456e61c800efb31966c611f7ca7d1de1785e006e3f4c0b24cb652842e42cbae016320a774724537fc30e8f09895fdb626daa26b5740c7538aa1df1f97dcab12c3a743c2048f6c9a754f66189ac0f21544399798fb780cd347c9cac0443c8d778736938e17cdd5eca8a2338d8171efd61e13c868dff862da9df4ca8c653a227e0971030aa7e6b44dc2199d1ebd9cae00c6f0a3e91bb883cc509fb297902ba5c13e5826071d92178ace51f1a0653b0445cf7ba17226401c92d7db4f67a37d1243f9094ad5f32873891ea5004a8cbfec77129d4955e344492aaee456f852001ded
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 05a7559541e0fdc678d79e3272468907
-      Version: 3
-      TBS:
-        MD5: 3e83a7572d1c522dd9072ba6399029d7
-        SHA1: e2c2d59b70f028a66a8711bfa97f842475f84639
-        SHA256: 5a504a929cb21f72008d5d57bcd992a7cac13f6aa90cbb886b5ecd809e3b59dd
-        SHA384: 72916ab6c7eb3f5cb7444b3d7d2ac8cb52944605477c5a0f181d060e4edb4c37ebe5eb3c0566dda9de2d2707636ec355
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root
-        CA
-      ValidFrom: '2011-04-15 19:41:37'
-      ValidTo: '2021-04-15 19:51:37'
-      Signature: 5cf5b22d02ceed01b53512d813f7aa4014c7a15ca08a55ed7e55ea6ac457176fd04722423658efc5ac61c5f62c52ce6ae6c80d85dab334420ea40225182672b92a4ea57e4b16f2a0e40c449ce24d9af474f0f927a6699031c244654348c74869d0fc8409f286140ac22996857f11eb8713176ed3ec6bff1d578ab17b1ea5a07ce9a27a68e5fac6b161d67263fa379163835599f81d614f0c6fa3f7bcb1152acc8d85e31417ef7e49443fb022c0f0acbe2fdbe10c86b0f4585c5a10a94bcdf3448a4652083e0a6210e9459504b78b8d4b074f500db7bbe7fb8ca27878c6c53b7663b2cfe521845a66fce04c79834ecfa8ee700586587cc29cd73ca3ad3c7e76625c87d0ed7cd5c55b1421f4be75a275d2e9e15ad020307841624d6b5e6e1b1710244ad8588775d015d762bbfd185665842561977faad49df4f35d6da031c2e19e02ac3e90c3327ee832903416d08b14cf95accee58c54a265b8bfed186a57073ed3e79a4a2f081a041c49871a8ae61b08a365d81c31c50d9cbab368ddf45076160675fec403e7d13edfdc862e10027e661296534e7af3365879b12042d8963f35be3f8ef2999743f5e40ce13c68728c8d49d75a52b573fb7a35943a61b08482c04885c19732d39b725fa0d2348f7ef0467cf28c7294c707b0d7b5b230b81965f09c8327b0a0abd0a2727e050fb3aeddb95b9b42bcc32663456b86f11d4643edc8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611cb28a000000000026
-      Version: 3
-      TBS:
-        MD5: 983a0c315a50542362f2bd6a5d71c8d0
-        SHA1: 8047f476001f5cb16a661d2a3fd0c3576168f5e2
-        SHA256: 5f6a519ed2e35cd0fa1cdfc90f4387162c36287bbf9e4d6648251d99542a9e83
-        SHA384: 5f014b60511ddab3247ef0b3c03fe82c622237ba76015e2911d1adc50dc632d56ebd1ee532f3c2b6cbfe68d80a2c91dc
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code
-        Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 7b721d64ff88c83ac1b7e9e7a9c487bbdb9492d7905933fa2b87dea85b80253f138f9b831b7c43c4e68cdf393ec315ecb0da3b21257b24c1725db84791811346fa9c3f6a5138deb425cbf0abdfc528015479104624d1380f26a161904dbabd28e63ff1c4aa9bf6da35534fc9f23dd36cdc23edaaa04d6709f33a803d3cfb364c90e776a4ddf23abf56352fa24c65e8e0d4dad1c7c8916a2d234f373b199418d4d59c103cd5b11c19ff8fc86b9b9ef8ae9c999678d1cd9c51155b4226725a8d0a4a239240e886de22c2933ad49b68a6df297f06b93c0ebd9fc4869c82474271328609997209794b9d7169f541ff7f397764f1848dbe8b1eb27d68a3a590b10cff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0fa8490615d700a0be2176fdc5ec6dbd
-      Version: 3
-      TBS:
-        MD5: a9a31555bbc92b6033975c5428fb3679
-        SHA1: 47f4b9898631773231b32844ec0d49990ac4eb1e
-        SHA256: c826846e4b1d73edb7561ab1b41c949354e237a91e82fe1be5b7e2e1701f52d1
-        SHA384: 86f49574f368a561914a52d7ae043ec6784ef8c718960700f834e123594605d25d39f1ad45f1eb5052c9567f3edd0e16
-    Signer:
-    - SerialNumber: 05a7559541e0fdc678d79e3272468907
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code
-        Signing CA,1
-      Version: 1
-  RichPEHeaderHash:
-    MD5: ffdf660eb1ebf020a1d0a55a90712dfb
-    SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
-    SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
-  Sections:
-    .text:
-      Entropy: 6.159305681452516
-      Virtual Size: '0x6a80'
-    .rdata:
-      Entropy: 4.746385872522309
-      Virtual Size: '0x151c'
-    .data:
-      Entropy: 0.807954115503613
-      Virtual Size: '0x15f8'
-    .pdata:
-      Entropy: 7.784757457181626
-      Virtual Size: '0x660'
-    PAGE:
-      Entropy: 5.53961384590436
-      Virtual Size: '0xb0a'
-    INIT:
-      Entropy: 5.3746803358978985
-      Virtual Size: '0xe8e'
-    .upx0:
-      Entropy: 7.120374756857897
-      Virtual Size: '0x13b804'
-    .reloc:
-      Entropy: 3.969283875435989
-      Virtual Size: '0xd8'
-    .rsrc:
-      Entropy: 2.9106266625370485
-      Virtual Size: '0x22c'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2020-12-29 19:40:40'
-  Imphash: 4b0b017b23567cf8b9e1268957acd032
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: Mhyprot2.sys
-  Authentihash:
-    MD5: ff295de93e6b6dcc3938d50901a7240d
-    SHA1: 484c72dd4fd91083b249f3ccc733a3c8335e583f
-    SHA256: 0c7809ac1fa074408518ddc0ac118912c9cd43ed9c89213bc4d59043016b040c
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2020-08-16 21:38:03'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  ImportedFunctions:
-  - NtQuerySystemInformation
-  - RtlInitUnicodeString
-  - ExAllocatePool
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - _wcsicmp
-  - RtlInitString
-  - RtlAnsiStringToUnicodeString
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - ZwClose
-  - MmIsAddressValid
-  - ZwOpenDirectoryObject
-  - ZwQueryDirectoryObject
-  - ObReferenceObjectByName
-  - ZwQuerySystemInformation
-  - __C_specific_handler
-  - MmHighestUserAddress
-  - IoDriverObjectType
-  - KeQueryTimeIncrement
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - PsGetProcessWow64Process
-  - PsGetProcessPeb
-  - MmUnlockPages
-  - MmGetSystemRoutineAddress
-  - MmUnmapLockedPages
-  - IoFreeMdl
-  - ZwTerminateProcess
-  - PsGetProcessImageFileName
-  - ObOpenObjectByPointer
-  - PsReferenceProcessFilePointer
-  - IoQueryFileDosDeviceName
-  - ZwQueryVirtualMemory
-  - MmProbeAndLockPages
-  - PsLookupProcessByProcessId
-  - MmMapLockedPagesSpecifyCache
-  - IoAllocateMdl
-  - IoGetCurrentProcess
-  - MmCopyVirtualMemory
-  - KeClearEvent
-  - KeSetEvent
-  - KeWaitForSingleObject
-  - MmMapLockedPages
-  - ObReferenceObjectByHandle
-  - PsSetCreateProcessNotifyRoutineEx
-  - PsSetCreateThreadNotifyRoutine
-  - PsRemoveCreateThreadNotifyRoutine
-  - PsSetLoadImageNotifyRoutine
-  - PsRemoveLoadImageNotifyRoutine
-  - ExEventObjectType
-  - ObRegisterCallbacks
-  - ObUnRegisterCallbacks
-  - ObGetFilterVersion
-  - IoThreadToProcess
-  - strcmp
-  - PsProcessType
-  - PsThreadType
-  - RtlGetVersion
-  - ObfReferenceObject
-  - ObGetObjectType
-  - ExEnumHandleTable
-  - ExfUnblockPushLock
-  - _snprintf
-  - vsprintf_s
-  - ZwCreateFile
-  - ZwWriteFile
-  - PsLookupThreadByThreadId
-  - NtQueryInformationThread
-  - PsGetThreadProcess
-  - DbgPrint
-  - KeDelayExecutionThread
-  - KdDisableDebugger
-  - KdChangeOption
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - KdDebuggerEnabled
-  - PsGetVersion
-  - KeInitializeEvent
-  - RtlCopyUnicodeString
-  - ObfDereferenceObject
-  - ExReleaseFastMutex
-  - ExAcquireFastMutex
-  - MmBuildMdlForNonPagedPool
-  - WdfVersionBindClass
-  - WdfVersionBind
-  - WdfVersionUnbind
-  - WdfVersionUnbindClass
-  Imports:
-  - ntoskrnl.exe
-  - WDFLDR.SYS
-  InternalName: ''
-  MD5: 4b817d0e7714b9d43db43ae4a22a161e
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: ffdf660eb1ebf020a1d0a55a90712dfb
-    SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
-    SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
-  SHA1: 0466e90bf0e83b776ca8716e01d35a8a2e5f96d3
-  SHA256: 509628b6d16d2428031311d7bd2add8d5f5160e9ecc0cd909f1e82bbbb3234d6
-  Sections:
-    .text:
-      Entropy: 6.183070832014416
-      Virtual Size: '0x6ed0'
-    .rdata:
-      Entropy: 4.768973580594352
-      Virtual Size: '0x159c'
-    .data:
-      Entropy: 0.807954115503613
-      Virtual Size: '0x15f8'
-    .pdata:
-      Entropy: 7.83996638727823
-      Virtual Size: '0x684'
-    PAGE:
-      Entropy: 5.929327209049661
-      Virtual Size: '0xb7a'
-    INIT:
-      Entropy: 5.3523212488458185
-      Virtual Size: '0xe54'
-    .upx0:
-      Entropy: 7.037246397744446
-      Virtual Size: '0x124190'
-    .reloc:
-      Entropy: 3.9077681077271933
-      Virtual Size: '0xcc'
-    .rsrc:
-      Entropy: 2.9056718289000636
-      Virtual Size: '0x22c'
-  Signature:
-  - miHoYo Co.,Ltd.
-  - DigiCert Assured ID Code Signing CA-1
-  - DigiCert
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=CN, L=Shanghai, O=miHoYo Co.,Ltd., OU=OPS, CN=miHoYo Co.,Ltd.
-      ValidFrom: '2019-04-08 00:00:00'
-      ValidTo: '2022-04-08 12:00:00'
-      Signature: 46a5e6f6c38a63b314f7e2677bb86d4bcd7839eef8e006048ddd58c6783ff0657456e61c800efb31966c611f7ca7d1de1785e006e3f4c0b24cb652842e42cbae016320a774724537fc30e8f09895fdb626daa26b5740c7538aa1df1f97dcab12c3a743c2048f6c9a754f66189ac0f21544399798fb780cd347c9cac0443c8d778736938e17cdd5eca8a2338d8171efd61e13c868dff862da9df4ca8c653a227e0971030aa7e6b44dc2199d1ebd9cae00c6f0a3e91bb883cc509fb297902ba5c13e5826071d92178ace51f1a0653b0445cf7ba17226401c92d7db4f67a37d1243f9094ad5f32873891ea5004a8cbfec77129d4955e344492aaee456f852001ded
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 05a7559541e0fdc678d79e3272468907
-      Version: 3
-      TBS:
-        MD5: 3e83a7572d1c522dd9072ba6399029d7
-        SHA1: e2c2d59b70f028a66a8711bfa97f842475f84639
-        SHA256: 5a504a929cb21f72008d5d57bcd992a7cac13f6aa90cbb886b5ecd809e3b59dd
-        SHA384: 72916ab6c7eb3f5cb7444b3d7d2ac8cb52944605477c5a0f181d060e4edb4c37ebe5eb3c0566dda9de2d2707636ec355
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root
-        CA
-      ValidFrom: '2011-04-15 19:41:37'
-      ValidTo: '2021-04-15 19:51:37'
-      Signature: 5cf5b22d02ceed01b53512d813f7aa4014c7a15ca08a55ed7e55ea6ac457176fd04722423658efc5ac61c5f62c52ce6ae6c80d85dab334420ea40225182672b92a4ea57e4b16f2a0e40c449ce24d9af474f0f927a6699031c244654348c74869d0fc8409f286140ac22996857f11eb8713176ed3ec6bff1d578ab17b1ea5a07ce9a27a68e5fac6b161d67263fa379163835599f81d614f0c6fa3f7bcb1152acc8d85e31417ef7e49443fb022c0f0acbe2fdbe10c86b0f4585c5a10a94bcdf3448a4652083e0a6210e9459504b78b8d4b074f500db7bbe7fb8ca27878c6c53b7663b2cfe521845a66fce04c79834ecfa8ee700586587cc29cd73ca3ad3c7e76625c87d0ed7cd5c55b1421f4be75a275d2e9e15ad020307841624d6b5e6e1b1710244ad8588775d015d762bbfd185665842561977faad49df4f35d6da031c2e19e02ac3e90c3327ee832903416d08b14cf95accee58c54a265b8bfed186a57073ed3e79a4a2f081a041c49871a8ae61b08a365d81c31c50d9cbab368ddf45076160675fec403e7d13edfdc862e10027e661296534e7af3365879b12042d8963f35be3f8ef2999743f5e40ce13c68728c8d49d75a52b573fb7a35943a61b08482c04885c19732d39b725fa0d2348f7ef0467cf28c7294c707b0d7b5b230b81965f09c8327b0a0abd0a2727e050fb3aeddb95b9b42bcc32663456b86f11d4643edc8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611cb28a000000000026
-      Version: 3
-      TBS:
-        MD5: 983a0c315a50542362f2bd6a5d71c8d0
-        SHA1: 8047f476001f5cb16a661d2a3fd0c3576168f5e2
-        SHA256: 5f6a519ed2e35cd0fa1cdfc90f4387162c36287bbf9e4d6648251d99542a9e83
-        SHA384: 5f014b60511ddab3247ef0b3c03fe82c622237ba76015e2911d1adc50dc632d56ebd1ee532f3c2b6cbfe68d80a2c91dc
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code
-        Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 7b721d64ff88c83ac1b7e9e7a9c487bbdb9492d7905933fa2b87dea85b80253f138f9b831b7c43c4e68cdf393ec315ecb0da3b21257b24c1725db84791811346fa9c3f6a5138deb425cbf0abdfc528015479104624d1380f26a161904dbabd28e63ff1c4aa9bf6da35534fc9f23dd36cdc23edaaa04d6709f33a803d3cfb364c90e776a4ddf23abf56352fa24c65e8e0d4dad1c7c8916a2d234f373b199418d4d59c103cd5b11c19ff8fc86b9b9ef8ae9c999678d1cd9c51155b4226725a8d0a4a239240e886de22c2933ad49b68a6df297f06b93c0ebd9fc4869c82474271328609997209794b9d7169f541ff7f397764f1848dbe8b1eb27d68a3a590b10cff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0fa8490615d700a0be2176fdc5ec6dbd
-      Version: 3
-      TBS:
-        MD5: a9a31555bbc92b6033975c5428fb3679
-        SHA1: 47f4b9898631773231b32844ec0d49990ac4eb1e
-        SHA256: c826846e4b1d73edb7561ab1b41c949354e237a91e82fe1be5b7e2e1701f52d1
-        SHA384: 86f49574f368a561914a52d7ae043ec6784ef8c718960700f834e123594605d25d39f1ad45f1eb5052c9567f3edd0e16
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 05a7559541e0fdc678d79e3272468907
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code
-        Signing CA,1
-      Version: 1
-  Imphash: a74f61fdcea718cb9579907b2caf54ab
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: 'mhyprot2.sys'
-  Authentihash:
-    MD5: 0abb783d69d8120a232f3be1411b9f79
-    SHA1: dcf13f12b2429a0a50e0094776b59bea641b142c
-    SHA256: 000e984d3eebc54259a24a17745eed07d9c3658b86462cb5ebc26381302f7a38
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2020-10-12 01:04:57'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  ImportedFunctions:
-  - NtQuerySystemInformation
-  - RtlInitUnicodeString
-  - ExAllocatePool
-  - ExFreePoolWithTag
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - IoGetCurrentProcess
-  - _wcsicmp
-  - RtlInitString
-  - RtlAnsiStringToUnicodeString
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - ZwClose
-  - MmIsAddressValid
-  - ZwOpenDirectoryObject
-  - ZwQueryDirectoryObject
-  - ObReferenceObjectByName
-  - ZwQuerySystemInformation
-  - __C_specific_handler
-  - MmHighestUserAddress
-  - IoDriverObjectType
-  - KeQueryTimeIncrement
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - PsGetProcessWow64Process
-  - PsGetProcessPeb
-  - MmUnlockPages
-  - MmGetSystemRoutineAddress
-  - MmUnmapLockedPages
-  - IoFreeMdl
-  - ZwTerminateProcess
-  - PsGetProcessImageFileName
-  - ZwQueryObject
-  - ObOpenObjectByPointer
-  - PsReferenceProcessFilePointer
-  - IoQueryFileDosDeviceName
-  - MmProbeAndLockPages
-  - PsLookupProcessByProcessId
-  - MmMapLockedPagesSpecifyCache
-  - IoAllocateMdl
-  - MmCopyVirtualMemory
-  - KeClearEvent
-  - KeSetEvent
-  - KeWaitForSingleObject
-  - MmMapLockedPages
-  - ObReferenceObjectByHandle
-  - PsSetCreateProcessNotifyRoutineEx
-  - PsSetCreateThreadNotifyRoutine
-  - PsRemoveCreateThreadNotifyRoutine
-  - PsSetLoadImageNotifyRoutine
-  - PsRemoveLoadImageNotifyRoutine
-  - ExEventObjectType
-  - ObRegisterCallbacks
-  - ObUnRegisterCallbacks
-  - ObGetFilterVersion
-  - PsGetProcessId
-  - IoThreadToProcess
-  - strcmp
-  - PsProcessType
-  - PsThreadType
-  - RtlGetVersion
-  - ObfReferenceObject
-  - ObGetObjectType
-  - ExEnumHandleTable
-  - ExfUnblockPushLock
-  - PsAcquireProcessExitSynchronization
-  - PsReleaseProcessExitSynchronization
-  - _snprintf
-  - vsprintf_s
-  - ZwCreateFile
-  - ZwWriteFile
-  - PsLookupThreadByThreadId
-  - NtQueryInformationThread
-  - PsGetThreadProcess
-  - DbgPrint
-  - KeDelayExecutionThread
-  - KdDisableDebugger
-  - KdChangeOption
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - KdDebuggerEnabled
-  - PsGetVersion
-  - KeInitializeEvent
-  - RtlCopyUnicodeString
-  - ObfDereferenceObject
-  - ExReleaseFastMutex
-  - ExAcquireFastMutex
-  - MmBuildMdlForNonPagedPool
-  - WdfVersionBindClass
-  - WdfVersionBind
-  - WdfVersionUnbind
-  - WdfVersionUnbindClass
-  Imports:
-  - ntoskrnl.exe
-  - WDFLDR.SYS
-  InternalName: ''
-  MD5: 6b2df08bacf640cc2ac6f20c76af07ee
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: ffdf660eb1ebf020a1d0a55a90712dfb
-    SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
-    SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
-  SHA1: 2c2fc258871499b206963c0f933583cedcdf9ea2
-  SHA256: 26d69e677d30bb53c7ac7f3fce76291fe2c44720ef17ee386f95f08ec5175288
-  Sections:
-    .text:
-      Entropy: 6.148785192872878
-      Virtual Size: '0x6a70'
-    .rdata:
-      Entropy: 4.766768397560792
-      Virtual Size: '0x1534'
-    .data:
-      Entropy: 0.807954115503613
-      Virtual Size: '0x15f8'
-    .pdata:
-      Entropy: 7.721635104163216
-      Virtual Size: '0x660'
-    PAGE:
-      Entropy: 5.542128521643139
-      Virtual Size: '0xb0a'
-    INIT:
-      Entropy: 5.369813968377038
-      Virtual Size: '0xea2'
-    .upx0:
-      Entropy: 7.122930941509944
-      Virtual Size: '0x13ade4'
-    .reloc:
-      Entropy: 3.7939314591228883
-      Virtual Size: '0xd8'
-    .rsrc:
-      Entropy: 2.9070295402348902
-      Virtual Size: '0x22c'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=CN, L=Shanghai, O=miHoYo Co.,Ltd., OU=OPS, CN=miHoYo Co.,Ltd.
-      ValidFrom: '2019-04-08 00:00:00'
-      ValidTo: '2022-04-08 12:00:00'
-      Signature: 46a5e6f6c38a63b314f7e2677bb86d4bcd7839eef8e006048ddd58c6783ff0657456e61c800efb31966c611f7ca7d1de1785e006e3f4c0b24cb652842e42cbae016320a774724537fc30e8f09895fdb626daa26b5740c7538aa1df1f97dcab12c3a743c2048f6c9a754f66189ac0f21544399798fb780cd347c9cac0443c8d778736938e17cdd5eca8a2338d8171efd61e13c868dff862da9df4ca8c653a227e0971030aa7e6b44dc2199d1ebd9cae00c6f0a3e91bb883cc509fb297902ba5c13e5826071d92178ace51f1a0653b0445cf7ba17226401c92d7db4f67a37d1243f9094ad5f32873891ea5004a8cbfec77129d4955e344492aaee456f852001ded
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 05a7559541e0fdc678d79e3272468907
-      Version: 3
-      TBS:
-        MD5: 3e83a7572d1c522dd9072ba6399029d7
-        SHA1: e2c2d59b70f028a66a8711bfa97f842475f84639
-        SHA256: 5a504a929cb21f72008d5d57bcd992a7cac13f6aa90cbb886b5ecd809e3b59dd
-        SHA384: 72916ab6c7eb3f5cb7444b3d7d2ac8cb52944605477c5a0f181d060e4edb4c37ebe5eb3c0566dda9de2d2707636ec355
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root
-        CA
-      ValidFrom: '2011-04-15 19:41:37'
-      ValidTo: '2021-04-15 19:51:37'
-      Signature: 5cf5b22d02ceed01b53512d813f7aa4014c7a15ca08a55ed7e55ea6ac457176fd04722423658efc5ac61c5f62c52ce6ae6c80d85dab334420ea40225182672b92a4ea57e4b16f2a0e40c449ce24d9af474f0f927a6699031c244654348c74869d0fc8409f286140ac22996857f11eb8713176ed3ec6bff1d578ab17b1ea5a07ce9a27a68e5fac6b161d67263fa379163835599f81d614f0c6fa3f7bcb1152acc8d85e31417ef7e49443fb022c0f0acbe2fdbe10c86b0f4585c5a10a94bcdf3448a4652083e0a6210e9459504b78b8d4b074f500db7bbe7fb8ca27878c6c53b7663b2cfe521845a66fce04c79834ecfa8ee700586587cc29cd73ca3ad3c7e76625c87d0ed7cd5c55b1421f4be75a275d2e9e15ad020307841624d6b5e6e1b1710244ad8588775d015d762bbfd185665842561977faad49df4f35d6da031c2e19e02ac3e90c3327ee832903416d08b14cf95accee58c54a265b8bfed186a57073ed3e79a4a2f081a041c49871a8ae61b08a365d81c31c50d9cbab368ddf45076160675fec403e7d13edfdc862e10027e661296534e7af3365879b12042d8963f35be3f8ef2999743f5e40ce13c68728c8d49d75a52b573fb7a35943a61b08482c04885c19732d39b725fa0d2348f7ef0467cf28c7294c707b0d7b5b230b81965f09c8327b0a0abd0a2727e050fb3aeddb95b9b42bcc32663456b86f11d4643edc8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611cb28a000000000026
-      Version: 3
-      TBS:
-        MD5: 983a0c315a50542362f2bd6a5d71c8d0
-        SHA1: 8047f476001f5cb16a661d2a3fd0c3576168f5e2
-        SHA256: 5f6a519ed2e35cd0fa1cdfc90f4387162c36287bbf9e4d6648251d99542a9e83
-        SHA384: 5f014b60511ddab3247ef0b3c03fe82c622237ba76015e2911d1adc50dc632d56ebd1ee532f3c2b6cbfe68d80a2c91dc
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code
-        Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 7b721d64ff88c83ac1b7e9e7a9c487bbdb9492d7905933fa2b87dea85b80253f138f9b831b7c43c4e68cdf393ec315ecb0da3b21257b24c1725db84791811346fa9c3f6a5138deb425cbf0abdfc528015479104624d1380f26a161904dbabd28e63ff1c4aa9bf6da35534fc9f23dd36cdc23edaaa04d6709f33a803d3cfb364c90e776a4ddf23abf56352fa24c65e8e0d4dad1c7c8916a2d234f373b199418d4d59c103cd5b11c19ff8fc86b9b9ef8ae9c999678d1cd9c51155b4226725a8d0a4a239240e886de22c2933ad49b68a6df297f06b93c0ebd9fc4869c82474271328609997209794b9d7169f541ff7f397764f1848dbe8b1eb27d68a3a590b10cff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0fa8490615d700a0be2176fdc5ec6dbd
-      Version: 3
-      TBS:
-        MD5: a9a31555bbc92b6033975c5428fb3679
-        SHA1: 47f4b9898631773231b32844ec0d49990ac4eb1e
-        SHA256: c826846e4b1d73edb7561ab1b41c949354e237a91e82fe1be5b7e2e1701f52d1
-        SHA384: 86f49574f368a561914a52d7ae043ec6784ef8c718960700f834e123594605d25d39f1ad45f1eb5052c9567f3edd0e16
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 05a7559541e0fdc678d79e3272468907
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code
-        Signing CA,1
-      Version: 1
-  Imphash: 5095ddaed3abc22c1510a141d72735cc
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: 'mhyprot2.sys'
-  Authentihash:
-    MD5: 6f769353f497a9f17430d02ff1291281
-    SHA1: f408ad59f7590d26afc84a7109dd56cfe98ebea9
-    SHA256: dbcad271feda00f614ef9866886cde83e9fffac6e76694fd052790541bb7e993
-  Company: ''
-  Copyright: "\xA9COGNOSPHERE"
-  CreationTimestamp: '2021-12-13 23:23:54'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  ImportedFunctions:
-  - NtQuerySystemInformation
-  - RtlInitUnicodeString
-  - ExAllocatePool
-  - ExFreePoolWithTag
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - IoGetCurrentProcess
-  - _wcsicmp
-  - RtlInitString
-  - RtlAnsiStringToUnicodeString
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - ZwClose
-  - MmIsAddressValid
-  - ZwOpenDirectoryObject
-  - ZwQueryDirectoryObject
-  - ObReferenceObjectByName
-  - ZwQuerySystemInformation
-  - __C_specific_handler
-  - MmHighestUserAddress
-  - IoDriverObjectType
-  - KeQueryTimeIncrement
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - PsGetProcessWow64Process
-  - PsGetProcessPeb
-  - MmUnlockPages
-  - MmGetSystemRoutineAddress
-  - MmUnmapLockedPages
-  - IoFreeMdl
-  - ZwTerminateProcess
-  - PsGetProcessImageFileName
-  - ZwQueryObject
-  - ObOpenObjectByPointer
-  - PsReferenceProcessFilePointer
-  - IoQueryFileDosDeviceName
-  - MmProbeAndLockPages
-  - PsLookupProcessByProcessId
-  - MmMapLockedPagesSpecifyCache
-  - IoAllocateMdl
-  - MmCopyVirtualMemory
-  - KeClearEvent
-  - KeSetEvent
-  - KeWaitForSingleObject
-  - MmMapLockedPages
-  - ObReferenceObjectByHandle
-  - PsSetCreateProcessNotifyRoutineEx
-  - PsSetCreateThreadNotifyRoutine
-  - PsRemoveCreateThreadNotifyRoutine
-  - PsSetLoadImageNotifyRoutine
-  - PsRemoveLoadImageNotifyRoutine
-  - ExEventObjectType
-  - ObRegisterCallbacks
-  - ObUnRegisterCallbacks
-  - ObGetFilterVersion
-  - PsGetProcessId
-  - IoThreadToProcess
-  - strcmp
-  - PsProcessType
-  - PsThreadType
-  - RtlEqualUnicodeString
-  - RtlGetVersion
-  - ObfReferenceObject
-  - ObGetObjectType
-  - ExEnumHandleTable
-  - ExfUnblockPushLock
-  - PsAcquireProcessExitSynchronization
-  - PsReleaseProcessExitSynchronization
-  - _snprintf
-  - vsprintf_s
-  - ZwCreateFile
-  - ZwWriteFile
-  - PsLookupThreadByThreadId
-  - NtQueryInformationThread
-  - PsGetThreadProcess
-  - KeDelayExecutionThread
-  - KdDisableDebugger
-  - KdChangeOption
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - KdDebuggerEnabled
-  - PsGetVersion
-  - KeInitializeEvent
-  - RtlCopyUnicodeString
-  - ObfDereferenceObject
-  - ExReleaseFastMutex
-  - ExAcquireFastMutex
-  - MmBuildMdlForNonPagedPool
-  - WdfVersionBindClass
-  - WdfVersionBind
-  - WdfVersionUnbind
-  - WdfVersionUnbindClass
-  Imports:
-  - ntoskrnl.exe
-  - WDFLDR.SYS
-  InternalName: ''
-  MD5: d717f8de642b65f029829c34fbd13a45
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: ffdf660eb1ebf020a1d0a55a90712dfb
-    SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
-    SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
-  SHA1: 296757d5663290f172e99e60b9059f989cba4c4e
-  SHA256: 46cf46e1073b7c99142964b7c4bef1e5285fabcf2c6dbe5be99000a393d9f474
-  Sections:
-    .text:
-      Entropy: 6.156314681522144
-      Virtual Size: '0x6b30'
-    .rdata:
-      Entropy: 4.76662525868425
-      Virtual Size: '0x1524'
-    .data:
-      Entropy: 0.807954115503613
-      Virtual Size: '0x15f8'
-    .pdata:
-      Entropy: 7.7854000483241395
-      Virtual Size: '0x660'
-    PAGE:
-      Entropy: 5.560839458603365
-      Virtual Size: '0xb0a'
-    INIT:
-      Entropy: 5.374161848726158
-      Virtual Size: '0xeae'
-    .upx0:
-      Entropy: 7.109613321517985
-      Virtual Size: '0x138234'
-    .reloc:
-      Entropy: 3.8297726437790334
-      Virtual Size: '0xd8'
-    .rsrc:
-      Entropy: 3.0009945276761902
-      Virtual Size: '0x260'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Hardware Compatibility Publisher
-      ValidFrom: '2021-09-09 19:15:59'
-      ValidTo: '2022-09-01 19:15:59'
-      Signature: 1757782e797188079911866d54bd474a2432707984658c549a407e7fb4e5efa2ba72367a02b382d2116d4c4538836ddcd4616fcd231229df1ae5d0da6b3abe499ee5d8b47a7919940f6bbcbe2575018dca65eef4913e3d38410f2cd6cca3082d9ba2c061173cd828635665f76e8f0f685e03da24290b9d2cae7039da974de7b7e85798ba64cbe9ba34e0308c3bd6b4d68e9723fde74274fd3806fe799d04d6a3835f82d4fefc52088ccda4b4c817116f2f5a99445a3e952d78bc27753e65e97c6271c71ac7c9e3439b847e8984ab06a5904d150223f9ca92bbda86c02663c3f4964da5e106619b6eaff2768143cce9e5a8b0b2cba90e82cd87866d9fd6499c6cfbc96529a18b5653d12b54a6c928693a4e3d197ffbfcce7ed71a909b18d09b4345b24bc25eb8dfa1821a9cd0971ffc7d38a26580e2f118c4ac55bf926d0666b72ad7ba6ec20f0b54d694bc3b8a0dbddda27bd64194da085319841d1ebc9dc067ef72ea064a475bea865828b13077bc8e14e2f7544b90f0045f3cd84bcc0d5a80645a6fb65528e4f768ec775bdb0225399f3c81c0b667714676d0949f9ffaddc8549dc45e5ce4345c4ea7dc0aff4ac510f5527ad94a2181edc4b73bcfde813a83d81ca897854c98712346001a12e5d3bf9a45c807f9b3c7d3e0bb99c035ea54ee39e2c9af4147dbea7aabec85b47192b945e083ddf6061afb901e83b11135d24e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 330000004de597a775e3157f7b00000000004d
-      Version: 3
-      TBS:
-        MD5: 9f0782e89bd41cdd96ec55357457478a
-        SHA1: 35c2180572baad19019acca1334e6c653699c389
-        SHA256: 50814710213afec410f26e573d25267a2e21d3d15f158be8a43a666c9cc6fa08
-        SHA384: 8d48f066b0284071d64bbc556e018824a8388ccd142a56c7b7b04ef6d27cade07da57ac82d8067e18ad64d35af11e2a7
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2014
-      ValidFrom: '2014-10-15 20:31:27'
-      ValidTo: '2029-10-15 20:41:27'
-      Signature: 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 330000000d690d5d7893d076df00000000000d
-      Version: 3
-      TBS:
-        MD5: 83f69422963f11c3c340b81712eef319
-        SHA1: 0c5e5f24590b53bc291e28583acb78e5adc95601
-        SHA256: d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
-        SHA384: 260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63
-    Signer:
-    - SerialNumber: 330000004de597a775e3157f7b00000000004d
-      Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2014
-      Version: 1
-  Imphash: ebb99842fa08915eb8b7f67d8dc7a13a
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: 'mhyprot2.Sys'
-  Authentihash:
-    MD5: 372e018ebaa20ffbd474b39c3d97fba9
-    SHA1: 05234d1a267c9b6c1754272658fbebb22633cac0
-    SHA256: faa37602095f25135312f87ed7adb607ffa5e9b2931b58d00f7376ed0c6ec69a
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2020-02-26 20:28:58'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  ImportedFunctions:
-  - NtQuerySystemInformation
-  - RtlInitUnicodeString
-  - ExAllocatePool
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - _wcsicmp
-  - RtlInitString
-  - RtlAnsiStringToUnicodeString
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - ZwClose
-  - MmIsAddressValid
-  - ZwOpenDirectoryObject
-  - ZwQueryDirectoryObject
-  - ObReferenceObjectByName
-  - ZwQuerySystemInformation
-  - __C_specific_handler
-  - MmHighestUserAddress
-  - IoDriverObjectType
-  - KeQueryTimeIncrement
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - PsGetProcessWow64Process
-  - PsGetProcessPeb
-  - MmUnlockPages
-  - MmGetSystemRoutineAddress
-  - MmUnmapLockedPages
-  - IoFreeMdl
-  - ZwTerminateProcess
-  - PsGetProcessImageFileName
-  - ObOpenObjectByPointer
-  - PsReferenceProcessFilePointer
-  - IoQueryFileDosDeviceName
-  - ZwQueryVirtualMemory
-  - MmProbeAndLockPages
-  - PsLookupProcessByProcessId
-  - MmMapLockedPagesSpecifyCache
-  - IoAllocateMdl
-  - IoGetCurrentProcess
-  - MmCopyVirtualMemory
-  - KeClearEvent
-  - KeSetEvent
-  - KeWaitForSingleObject
-  - MmMapLockedPages
-  - ObReferenceObjectByHandle
-  - PsSetCreateProcessNotifyRoutineEx
-  - PsSetCreateThreadNotifyRoutine
-  - PsRemoveCreateThreadNotifyRoutine
-  - PsSetLoadImageNotifyRoutine
-  - PsRemoveLoadImageNotifyRoutine
-  - ExEventObjectType
-  - ObRegisterCallbacks
-  - ObUnRegisterCallbacks
-  - ObGetFilterVersion
-  - IoThreadToProcess
-  - strcmp
-  - PsProcessType
-  - PsThreadType
-  - RtlGetVersion
-  - ObfReferenceObject
-  - ObGetObjectType
-  - ExEnumHandleTable
-  - ExfUnblockPushLock
-  - _snprintf
-  - vsprintf_s
-  - ZwCreateFile
-  - ZwWriteFile
-  - PsLookupThreadByThreadId
-  - NtQueryInformationThread
-  - DbgPrint
-  - KeDelayExecutionThread
-  - KdDisableDebugger
-  - KdChangeOption
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - KdDebuggerEnabled
-  - PsGetVersion
-  - KeInitializeEvent
-  - RtlCopyUnicodeString
-  - ObfDereferenceObject
-  - ExReleaseFastMutex
-  - ExAcquireFastMutex
-  - MmBuildMdlForNonPagedPool
-  - WdfVersionBindClass
-  - WdfVersionBind
-  - WdfVersionUnbind
-  - WdfVersionUnbindClass
-  Imports:
-  - ntoskrnl.exe
-  - WDFLDR.SYS
-  InternalName: ''
-  MD5: a2c5f994e9b4a74b2f5b51c7a44c4401
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: ffdf660eb1ebf020a1d0a55a90712dfb
-    SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
-    SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
-  SHA1: 6210dabb908cc750379cc7563beb884b3895e046
-  SHA256: 247aadaf17ed894fcacf3fc4e109b005540e3659fd0249190eb33725d3d3082f
-  Sections:
-    .text:
-      Entropy: 6.187759303691483
-      Virtual Size: '0x6c00'
-    .rdata:
-      Entropy: 4.74407522754408
-      Virtual Size: '0x1544'
-    .data:
-      Entropy: 0.805522255156276
-      Virtual Size: '0x15f8'
-    .pdata:
-      Entropy: 7.799213983242543
-      Virtual Size: '0x678'
-    PAGE:
-      Entropy: 5.936647867609732
-      Virtual Size: '0xb0a'
-    INIT:
-      Entropy: 5.361428563383565
-      Virtual Size: '0xe36'
-    .upx0:
-      Entropy: 7.022268752031303
-      Virtual Size: '0x11f1a4'
-    .reloc:
-      Entropy: 3.802902714539644
-      Virtual Size: '0xe4'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Timestamping CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2028-01-28 12:00:00'
-      Signature: 4e5e56901e46b4d94931f3bb1739281bc216ddfd41dc0905049b6fb2a29ad6992e40990055b5ea3fa52076d38634d417cc553ac782eeefa8babcd8069f1550dfcd167b523a02d7191afdaff0785ce04bc518df3a241edaacb8a95804020730dbb0125efe31bef00448f4f070f83a5e5683cf3dfb0dbcf4c5ed979db9d4dba52784e3389b8ba735864420a43b6da46a0ba183fd28ebdaef28f6cc885dfb0a3b00abe021ebe22f356c0f8e344597eba2f79933357ecb9a8abb454de73f9fc2d98afa65b26ec77e65ffe892e12c31a2f7b02736488f266f3bee4d761f79c3e57f9635bc2d0ecc01b08e7fff518080a792d4b34446648c874f166307314b63b0dff3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee152d7
-      Version: 3
-      TBS:
-        MD5: e140543fe3256027cfa79fc3c19c1776
-        SHA1: c655f94eb1ecc93de319fc0c9a2dc6c5ec063728
-        SHA256: 3ca71e85908ff67368e4dc00253f5691b9e6d50c966e7784143d75fb92aa3448
-        SHA384: d9d366f9328f2b55ee19a32cc5fd5148b81d764282fe5dc196c872ae249caa51d2c212ef39f33945dfe0cda81925e326
-    - Subject: C=SG, O=GMO GlobalSign Pte Ltd, CN=GlobalSign TSA for MS Authenticode
-        , G2
-      ValidFrom: '2016-05-24 00:00:00'
-      ValidTo: '2027-06-24 00:00:00'
-      Signature: 8fa91a916d04a637200e8396de23d36b6e1f6edd643d682122b5f84736698ee1a545c724a222b72909cc545aaec6bccd638eb33d5048e5b4ccaecd928d9e288b134a11aabda3efd3b236fcb4a172bf6d9763798c44bc702f7ef3bcdd8253ab1af6ebfa1c97bcb6379ca41c30bcabbc2d4736df922003e871c658f675059a34f00b595a824434aa80e42f84f6475d96c9b6caca9db7a6bae450d3d437b8ba200ed0d3922a5bc459bba16ddb3cce449dc1382aade38dbdcd09771a10be670a02366488b9b31b26eee79e60c446a8bc61336ccf4eb99cb96af09f37feb53d4f9ad34dffde208e4e97a6fd9f09bc4dca1876c9b04d8550f280d21d06f5580407b118
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1121d699a764973ef1f8427ee919cc534114
-      Version: 3
-      TBS:
-        MD5: acb5170547d76873f1e4ff18ed5de2eb
-        SHA1: bd6e261e75b807381bada7287de04d259258a5fa
-        SHA256: 4783380498acf592286ef2dea0fcc5bdea3f54d5e374d3e3497df9d5f662cfb6
-        SHA384: 4f428f115cf3d008248f15f32007fc7c54bd454e1b48b765776b4c87c23ab8818d8fbcbb3646d35eca012b025260a3b8
-    - Subject: C=CN, L=Shanghai, O=miHoYo Co.,Ltd., OU=OPS, CN=miHoYo Co.,Ltd.
-      ValidFrom: '2019-04-08 00:00:00'
-      ValidTo: '2022-04-08 12:00:00'
-      Signature: 46a5e6f6c38a63b314f7e2677bb86d4bcd7839eef8e006048ddd58c6783ff0657456e61c800efb31966c611f7ca7d1de1785e006e3f4c0b24cb652842e42cbae016320a774724537fc30e8f09895fdb626daa26b5740c7538aa1df1f97dcab12c3a743c2048f6c9a754f66189ac0f21544399798fb780cd347c9cac0443c8d778736938e17cdd5eca8a2338d8171efd61e13c868dff862da9df4ca8c653a227e0971030aa7e6b44dc2199d1ebd9cae00c6f0a3e91bb883cc509fb297902ba5c13e5826071d92178ace51f1a0653b0445cf7ba17226401c92d7db4f67a37d1243f9094ad5f32873891ea5004a8cbfec77129d4955e344492aaee456f852001ded
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 05a7559541e0fdc678d79e3272468907
-      Version: 3
-      TBS:
-        MD5: 3e83a7572d1c522dd9072ba6399029d7
-        SHA1: e2c2d59b70f028a66a8711bfa97f842475f84639
-        SHA256: 5a504a929cb21f72008d5d57bcd992a7cac13f6aa90cbb886b5ecd809e3b59dd
-        SHA384: 72916ab6c7eb3f5cb7444b3d7d2ac8cb52944605477c5a0f181d060e4edb4c37ebe5eb3c0566dda9de2d2707636ec355
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root
-        CA
-      ValidFrom: '2011-04-15 19:41:37'
-      ValidTo: '2021-04-15 19:51:37'
-      Signature: 5cf5b22d02ceed01b53512d813f7aa4014c7a15ca08a55ed7e55ea6ac457176fd04722423658efc5ac61c5f62c52ce6ae6c80d85dab334420ea40225182672b92a4ea57e4b16f2a0e40c449ce24d9af474f0f927a6699031c244654348c74869d0fc8409f286140ac22996857f11eb8713176ed3ec6bff1d578ab17b1ea5a07ce9a27a68e5fac6b161d67263fa379163835599f81d614f0c6fa3f7bcb1152acc8d85e31417ef7e49443fb022c0f0acbe2fdbe10c86b0f4585c5a10a94bcdf3448a4652083e0a6210e9459504b78b8d4b074f500db7bbe7fb8ca27878c6c53b7663b2cfe521845a66fce04c79834ecfa8ee700586587cc29cd73ca3ad3c7e76625c87d0ed7cd5c55b1421f4be75a275d2e9e15ad020307841624d6b5e6e1b1710244ad8588775d015d762bbfd185665842561977faad49df4f35d6da031c2e19e02ac3e90c3327ee832903416d08b14cf95accee58c54a265b8bfed186a57073ed3e79a4a2f081a041c49871a8ae61b08a365d81c31c50d9cbab368ddf45076160675fec403e7d13edfdc862e10027e661296534e7af3365879b12042d8963f35be3f8ef2999743f5e40ce13c68728c8d49d75a52b573fb7a35943a61b08482c04885c19732d39b725fa0d2348f7ef0467cf28c7294c707b0d7b5b230b81965f09c8327b0a0abd0a2727e050fb3aeddb95b9b42bcc32663456b86f11d4643edc8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611cb28a000000000026
-      Version: 3
-      TBS:
-        MD5: 983a0c315a50542362f2bd6a5d71c8d0
-        SHA1: 8047f476001f5cb16a661d2a3fd0c3576168f5e2
-        SHA256: 5f6a519ed2e35cd0fa1cdfc90f4387162c36287bbf9e4d6648251d99542a9e83
-        SHA384: 5f014b60511ddab3247ef0b3c03fe82c622237ba76015e2911d1adc50dc632d56ebd1ee532f3c2b6cbfe68d80a2c91dc
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code
-        Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 7b721d64ff88c83ac1b7e9e7a9c487bbdb9492d7905933fa2b87dea85b80253f138f9b831b7c43c4e68cdf393ec315ecb0da3b21257b24c1725db84791811346fa9c3f6a5138deb425cbf0abdfc528015479104624d1380f26a161904dbabd28e63ff1c4aa9bf6da35534fc9f23dd36cdc23edaaa04d6709f33a803d3cfb364c90e776a4ddf23abf56352fa24c65e8e0d4dad1c7c8916a2d234f373b199418d4d59c103cd5b11c19ff8fc86b9b9ef8ae9c999678d1cd9c51155b4226725a8d0a4a239240e886de22c2933ad49b68a6df297f06b93c0ebd9fc4869c82474271328609997209794b9d7169f541ff7f397764f1848dbe8b1eb27d68a3a590b10cff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0fa8490615d700a0be2176fdc5ec6dbd
-      Version: 3
-      TBS:
-        MD5: a9a31555bbc92b6033975c5428fb3679
-        SHA1: 47f4b9898631773231b32844ec0d49990ac4eb1e
-        SHA256: c826846e4b1d73edb7561ab1b41c949354e237a91e82fe1be5b7e2e1701f52d1
-        SHA384: 86f49574f368a561914a52d7ae043ec6784ef8c718960700f834e123594605d25d39f1ad45f1eb5052c9567f3edd0e16
-    Signer:
-    - SerialNumber: 05a7559541e0fdc678d79e3272468907
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code
-        Signing CA,1
-      Version: 1
-  Imphash: 409d2ab916237fb129c57aacbb7cb4fe
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: 'mhyprot2.Sys'
-  Authentihash:
-    MD5: 0bf04830652ccd02dca462c6f965b678
-    SHA1: 8e6248135ad596861d8f6d42703deb79382f285a
-    SHA256: f18605a691056b446c6411b7fa841b8178059bde8094cfe9013e59f4663cdf7f
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2020-11-23 02:19:13'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  ImportedFunctions:
-  - NtQuerySystemInformation
-  - RtlInitUnicodeString
-  - ExAllocatePool
-  - ExFreePoolWithTag
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - IoGetCurrentProcess
-  - _wcsicmp
-  - RtlInitString
-  - RtlAnsiStringToUnicodeString
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - ZwClose
-  - MmIsAddressValid
-  - ZwOpenDirectoryObject
-  - ZwQueryDirectoryObject
-  - ObReferenceObjectByName
-  - ZwQuerySystemInformation
-  - __C_specific_handler
-  - MmHighestUserAddress
-  - IoDriverObjectType
-  - KeQueryTimeIncrement
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - PsGetProcessWow64Process
-  - PsGetProcessPeb
-  - MmUnlockPages
-  - MmGetSystemRoutineAddress
-  - MmUnmapLockedPages
-  - IoFreeMdl
-  - ZwTerminateProcess
-  - PsGetProcessImageFileName
-  - ZwQueryObject
-  - ObOpenObjectByPointer
-  - PsReferenceProcessFilePointer
-  - IoQueryFileDosDeviceName
-  - PsLookupProcessByProcessId
-  - MmBuildMdlForNonPagedPool
-  - MmMapLockedPagesSpecifyCache
-  - IoAllocateMdl
-  - MmCopyVirtualMemory
-  - KeClearEvent
-  - KeSetEvent
-  - KeWaitForSingleObject
-  - MmMapLockedPages
-  - ObReferenceObjectByHandle
-  - PsSetCreateProcessNotifyRoutineEx
-  - PsSetCreateThreadNotifyRoutine
-  - PsRemoveCreateThreadNotifyRoutine
-  - PsSetLoadImageNotifyRoutine
-  - PsRemoveLoadImageNotifyRoutine
-  - ExEventObjectType
-  - ObRegisterCallbacks
-  - ObUnRegisterCallbacks
-  - ObGetFilterVersion
-  - PsGetProcessId
-  - IoThreadToProcess
-  - strcmp
-  - PsProcessType
-  - PsThreadType
-  - RtlGetVersion
-  - ObfReferenceObject
-  - ObGetObjectType
-  - ExEnumHandleTable
-  - ExfUnblockPushLock
-  - PsAcquireProcessExitSynchronization
-  - PsReleaseProcessExitSynchronization
-  - _snprintf
-  - vsprintf_s
-  - ZwCreateFile
-  - ZwWriteFile
-  - PsLookupThreadByThreadId
-  - NtQueryInformationThread
-  - PsGetThreadProcess
-  - KeDelayExecutionThread
-  - KdDisableDebugger
-  - KdChangeOption
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - KdDebuggerEnabled
-  - PsGetVersion
-  - KeInitializeEvent
-  - RtlCopyUnicodeString
-  - ObfDereferenceObject
-  - ExReleaseFastMutex
-  - ExAcquireFastMutex
-  - MmProbeAndLockPages
-  - WdfVersionBindClass
-  - WdfVersionBind
-  - WdfVersionUnbind
-  - WdfVersionUnbindClass
-  Imports:
-  - ntoskrnl.exe
-  - WDFLDR.SYS
-  InternalName: ''
-  MD5: 9c8fffef24fc480917236f9a20b80a47
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: ffdf660eb1ebf020a1d0a55a90712dfb
-    SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
-    SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
-  SHA1: 35a817d949b2eab012506bed0a3b4628dd884471
-  SHA256: 6e76764d750ebd835aa4bb055830d278df530303585614c1dc743f8d5adf97d7
-  Sections:
-    .text:
-      Entropy: 6.154237650634141
-      Virtual Size: '0x6a80'
-    .rdata:
-      Entropy: 4.7591833145315885
-      Virtual Size: '0x151c'
-    .data:
-      Entropy: 0.807954115503613
-      Virtual Size: '0x15f8'
-    .pdata:
-      Entropy: 7.722468308866037
-      Virtual Size: '0x660'
-    PAGE:
-      Entropy: 5.55696695229711
-      Virtual Size: '0xb0a'
-    INIT:
-      Entropy: 5.378040266206357
-      Virtual Size: '0xe8e'
-    .upx0:
-      Entropy: 7.106265559042574
-      Virtual Size: '0x139d04'
-    .reloc:
-      Entropy: 3.9051524952095904
-      Virtual Size: '0xc0'
-    .rsrc:
-      Entropy: 2.9106266625370485
-      Virtual Size: '0x22c'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=CN, L=Shanghai, O=miHoYo Co.,Ltd., OU=OPS, CN=miHoYo Co.,Ltd.
-      ValidFrom: '2019-04-08 00:00:00'
-      ValidTo: '2022-04-08 12:00:00'
-      Signature: 46a5e6f6c38a63b314f7e2677bb86d4bcd7839eef8e006048ddd58c6783ff0657456e61c800efb31966c611f7ca7d1de1785e006e3f4c0b24cb652842e42cbae016320a774724537fc30e8f09895fdb626daa26b5740c7538aa1df1f97dcab12c3a743c2048f6c9a754f66189ac0f21544399798fb780cd347c9cac0443c8d778736938e17cdd5eca8a2338d8171efd61e13c868dff862da9df4ca8c653a227e0971030aa7e6b44dc2199d1ebd9cae00c6f0a3e91bb883cc509fb297902ba5c13e5826071d92178ace51f1a0653b0445cf7ba17226401c92d7db4f67a37d1243f9094ad5f32873891ea5004a8cbfec77129d4955e344492aaee456f852001ded
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 05a7559541e0fdc678d79e3272468907
-      Version: 3
-      TBS:
-        MD5: 3e83a7572d1c522dd9072ba6399029d7
-        SHA1: e2c2d59b70f028a66a8711bfa97f842475f84639
-        SHA256: 5a504a929cb21f72008d5d57bcd992a7cac13f6aa90cbb886b5ecd809e3b59dd
-        SHA384: 72916ab6c7eb3f5cb7444b3d7d2ac8cb52944605477c5a0f181d060e4edb4c37ebe5eb3c0566dda9de2d2707636ec355
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root
-        CA
-      ValidFrom: '2011-04-15 19:41:37'
-      ValidTo: '2021-04-15 19:51:37'
-      Signature: 5cf5b22d02ceed01b53512d813f7aa4014c7a15ca08a55ed7e55ea6ac457176fd04722423658efc5ac61c5f62c52ce6ae6c80d85dab334420ea40225182672b92a4ea57e4b16f2a0e40c449ce24d9af474f0f927a6699031c244654348c74869d0fc8409f286140ac22996857f11eb8713176ed3ec6bff1d578ab17b1ea5a07ce9a27a68e5fac6b161d67263fa379163835599f81d614f0c6fa3f7bcb1152acc8d85e31417ef7e49443fb022c0f0acbe2fdbe10c86b0f4585c5a10a94bcdf3448a4652083e0a6210e9459504b78b8d4b074f500db7bbe7fb8ca27878c6c53b7663b2cfe521845a66fce04c79834ecfa8ee700586587cc29cd73ca3ad3c7e76625c87d0ed7cd5c55b1421f4be75a275d2e9e15ad020307841624d6b5e6e1b1710244ad8588775d015d762bbfd185665842561977faad49df4f35d6da031c2e19e02ac3e90c3327ee832903416d08b14cf95accee58c54a265b8bfed186a57073ed3e79a4a2f081a041c49871a8ae61b08a365d81c31c50d9cbab368ddf45076160675fec403e7d13edfdc862e10027e661296534e7af3365879b12042d8963f35be3f8ef2999743f5e40ce13c68728c8d49d75a52b573fb7a35943a61b08482c04885c19732d39b725fa0d2348f7ef0467cf28c7294c707b0d7b5b230b81965f09c8327b0a0abd0a2727e050fb3aeddb95b9b42bcc32663456b86f11d4643edc8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611cb28a000000000026
-      Version: 3
-      TBS:
-        MD5: 983a0c315a50542362f2bd6a5d71c8d0
-        SHA1: 8047f476001f5cb16a661d2a3fd0c3576168f5e2
-        SHA256: 5f6a519ed2e35cd0fa1cdfc90f4387162c36287bbf9e4d6648251d99542a9e83
-        SHA384: 5f014b60511ddab3247ef0b3c03fe82c622237ba76015e2911d1adc50dc632d56ebd1ee532f3c2b6cbfe68d80a2c91dc
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code
-        Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 7b721d64ff88c83ac1b7e9e7a9c487bbdb9492d7905933fa2b87dea85b80253f138f9b831b7c43c4e68cdf393ec315ecb0da3b21257b24c1725db84791811346fa9c3f6a5138deb425cbf0abdfc528015479104624d1380f26a161904dbabd28e63ff1c4aa9bf6da35534fc9f23dd36cdc23edaaa04d6709f33a803d3cfb364c90e776a4ddf23abf56352fa24c65e8e0d4dad1c7c8916a2d234f373b199418d4d59c103cd5b11c19ff8fc86b9b9ef8ae9c999678d1cd9c51155b4226725a8d0a4a239240e886de22c2933ad49b68a6df297f06b93c0ebd9fc4869c82474271328609997209794b9d7169f541ff7f397764f1848dbe8b1eb27d68a3a590b10cff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0fa8490615d700a0be2176fdc5ec6dbd
-      Version: 3
-      TBS:
-        MD5: a9a31555bbc92b6033975c5428fb3679
-        SHA1: 47f4b9898631773231b32844ec0d49990ac4eb1e
-        SHA256: c826846e4b1d73edb7561ab1b41c949354e237a91e82fe1be5b7e2e1701f52d1
-        SHA384: 86f49574f368a561914a52d7ae043ec6784ef8c718960700f834e123594605d25d39f1ad45f1eb5052c9567f3edd0e16
-    Signer:
-    - SerialNumber: 05a7559541e0fdc678d79e3272468907
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code
-        Signing CA,1
-      Version: 1
-  Imphash: 4b0b017b23567cf8b9e1268957acd032
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: 'mhyprot2.sys'
-  Authentihash:
-    MD5: ff295de93e6b6dcc3938d50901a7240d
-    SHA1: 484c72dd4fd91083b249f3ccc733a3c8335e583f
-    SHA256: 0c7809ac1fa074408518ddc0ac118912c9cd43ed9c89213bc4d59043016b040c
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2020-08-16 21:38:03'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  ImportedFunctions:
-  - NtQuerySystemInformation
-  - RtlInitUnicodeString
-  - ExAllocatePool
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - _wcsicmp
-  - RtlInitString
-  - RtlAnsiStringToUnicodeString
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - ZwClose
-  - MmIsAddressValid
-  - ZwOpenDirectoryObject
-  - ZwQueryDirectoryObject
-  - ObReferenceObjectByName
-  - ZwQuerySystemInformation
-  - __C_specific_handler
-  - MmHighestUserAddress
-  - IoDriverObjectType
-  - KeQueryTimeIncrement
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - PsGetProcessWow64Process
-  - PsGetProcessPeb
-  - MmUnlockPages
-  - MmGetSystemRoutineAddress
-  - MmUnmapLockedPages
-  - IoFreeMdl
-  - ZwTerminateProcess
-  - PsGetProcessImageFileName
-  - ObOpenObjectByPointer
-  - PsReferenceProcessFilePointer
-  - IoQueryFileDosDeviceName
-  - ZwQueryVirtualMemory
-  - MmProbeAndLockPages
-  - PsLookupProcessByProcessId
-  - MmMapLockedPagesSpecifyCache
-  - IoAllocateMdl
-  - IoGetCurrentProcess
-  - MmCopyVirtualMemory
-  - KeClearEvent
-  - KeSetEvent
-  - KeWaitForSingleObject
-  - MmMapLockedPages
-  - ObReferenceObjectByHandle
-  - PsSetCreateProcessNotifyRoutineEx
-  - PsSetCreateThreadNotifyRoutine
-  - PsRemoveCreateThreadNotifyRoutine
-  - PsSetLoadImageNotifyRoutine
-  - PsRemoveLoadImageNotifyRoutine
-  - ExEventObjectType
-  - ObRegisterCallbacks
-  - ObUnRegisterCallbacks
-  - ObGetFilterVersion
-  - IoThreadToProcess
-  - strcmp
-  - PsProcessType
-  - PsThreadType
-  - RtlGetVersion
-  - ObfReferenceObject
-  - ObGetObjectType
-  - ExEnumHandleTable
-  - ExfUnblockPushLock
-  - _snprintf
-  - vsprintf_s
-  - ZwCreateFile
-  - ZwWriteFile
-  - PsLookupThreadByThreadId
-  - NtQueryInformationThread
-  - PsGetThreadProcess
-  - DbgPrint
-  - KeDelayExecutionThread
-  - KdDisableDebugger
-  - KdChangeOption
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - KdDebuggerEnabled
-  - PsGetVersion
-  - KeInitializeEvent
-  - RtlCopyUnicodeString
-  - ObfDereferenceObject
-  - ExReleaseFastMutex
-  - ExAcquireFastMutex
-  - MmBuildMdlForNonPagedPool
-  - WdfVersionBindClass
-  - WdfVersionBind
-  - WdfVersionUnbind
-  - WdfVersionUnbindClass
-  Imports:
-  - ntoskrnl.exe
-  - WDFLDR.SYS
-  InternalName: ''
-  MD5: dc358c301fb463c2f4e7edb028dfe7e8
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: ffdf660eb1ebf020a1d0a55a90712dfb
-    SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
-    SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
-  SHA1: 8f8a0b813ada9886d2d32fc41b74fb5c3a32177d
-  SHA256: 342cf884840fc2b48c96398f690a1801ed8ac1ea59305af9e3d070d13ef85601
-  Sections:
-    .text:
-      Entropy: 6.183070832014416
-      Virtual Size: '0x6ed0'
-    .rdata:
-      Entropy: 4.768973580594352
-      Virtual Size: '0x159c'
-    .data:
-      Entropy: 0.807954115503613
-      Virtual Size: '0x15f8'
-    .pdata:
-      Entropy: 7.83996638727823
-      Virtual Size: '0x684'
-    PAGE:
-      Entropy: 5.929327209049661
-      Virtual Size: '0xb7a'
-    INIT:
-      Entropy: 5.3523212488458185
-      Virtual Size: '0xe54'
-    .upx0:
-      Entropy: 7.037246397744446
-      Virtual Size: '0x124190'
-    .reloc:
-      Entropy: 3.9077681077271933
-      Virtual Size: '0xcc'
-    .rsrc:
-      Entropy: 2.9056718289000636
-      Virtual Size: '0x22c'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=CN, L=Shanghai, O=miHoYo Co.,Ltd., OU=OPS, CN=miHoYo Co.,Ltd.
-      ValidFrom: '2019-04-08 00:00:00'
-      ValidTo: '2022-04-08 12:00:00'
-      Signature: 46a5e6f6c38a63b314f7e2677bb86d4bcd7839eef8e006048ddd58c6783ff0657456e61c800efb31966c611f7ca7d1de1785e006e3f4c0b24cb652842e42cbae016320a774724537fc30e8f09895fdb626daa26b5740c7538aa1df1f97dcab12c3a743c2048f6c9a754f66189ac0f21544399798fb780cd347c9cac0443c8d778736938e17cdd5eca8a2338d8171efd61e13c868dff862da9df4ca8c653a227e0971030aa7e6b44dc2199d1ebd9cae00c6f0a3e91bb883cc509fb297902ba5c13e5826071d92178ace51f1a0653b0445cf7ba17226401c92d7db4f67a37d1243f9094ad5f32873891ea5004a8cbfec77129d4955e344492aaee456f852001ded
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 05a7559541e0fdc678d79e3272468907
-      Version: 3
-      TBS:
-        MD5: 3e83a7572d1c522dd9072ba6399029d7
-        SHA1: e2c2d59b70f028a66a8711bfa97f842475f84639
-        SHA256: 5a504a929cb21f72008d5d57bcd992a7cac13f6aa90cbb886b5ecd809e3b59dd
-        SHA384: 72916ab6c7eb3f5cb7444b3d7d2ac8cb52944605477c5a0f181d060e4edb4c37ebe5eb3c0566dda9de2d2707636ec355
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root
-        CA
-      ValidFrom: '2011-04-15 19:41:37'
-      ValidTo: '2021-04-15 19:51:37'
-      Signature: 5cf5b22d02ceed01b53512d813f7aa4014c7a15ca08a55ed7e55ea6ac457176fd04722423658efc5ac61c5f62c52ce6ae6c80d85dab334420ea40225182672b92a4ea57e4b16f2a0e40c449ce24d9af474f0f927a6699031c244654348c74869d0fc8409f286140ac22996857f11eb8713176ed3ec6bff1d578ab17b1ea5a07ce9a27a68e5fac6b161d67263fa379163835599f81d614f0c6fa3f7bcb1152acc8d85e31417ef7e49443fb022c0f0acbe2fdbe10c86b0f4585c5a10a94bcdf3448a4652083e0a6210e9459504b78b8d4b074f500db7bbe7fb8ca27878c6c53b7663b2cfe521845a66fce04c79834ecfa8ee700586587cc29cd73ca3ad3c7e76625c87d0ed7cd5c55b1421f4be75a275d2e9e15ad020307841624d6b5e6e1b1710244ad8588775d015d762bbfd185665842561977faad49df4f35d6da031c2e19e02ac3e90c3327ee832903416d08b14cf95accee58c54a265b8bfed186a57073ed3e79a4a2f081a041c49871a8ae61b08a365d81c31c50d9cbab368ddf45076160675fec403e7d13edfdc862e10027e661296534e7af3365879b12042d8963f35be3f8ef2999743f5e40ce13c68728c8d49d75a52b573fb7a35943a61b08482c04885c19732d39b725fa0d2348f7ef0467cf28c7294c707b0d7b5b230b81965f09c8327b0a0abd0a2727e050fb3aeddb95b9b42bcc32663456b86f11d4643edc8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611cb28a000000000026
-      Version: 3
-      TBS:
-        MD5: 983a0c315a50542362f2bd6a5d71c8d0
-        SHA1: 8047f476001f5cb16a661d2a3fd0c3576168f5e2
-        SHA256: 5f6a519ed2e35cd0fa1cdfc90f4387162c36287bbf9e4d6648251d99542a9e83
-        SHA384: 5f014b60511ddab3247ef0b3c03fe82c622237ba76015e2911d1adc50dc632d56ebd1ee532f3c2b6cbfe68d80a2c91dc
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code
-        Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 7b721d64ff88c83ac1b7e9e7a9c487bbdb9492d7905933fa2b87dea85b80253f138f9b831b7c43c4e68cdf393ec315ecb0da3b21257b24c1725db84791811346fa9c3f6a5138deb425cbf0abdfc528015479104624d1380f26a161904dbabd28e63ff1c4aa9bf6da35534fc9f23dd36cdc23edaaa04d6709f33a803d3cfb364c90e776a4ddf23abf56352fa24c65e8e0d4dad1c7c8916a2d234f373b199418d4d59c103cd5b11c19ff8fc86b9b9ef8ae9c999678d1cd9c51155b4226725a8d0a4a239240e886de22c2933ad49b68a6df297f06b93c0ebd9fc4869c82474271328609997209794b9d7169f541ff7f397764f1848dbe8b1eb27d68a3a590b10cff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0fa8490615d700a0be2176fdc5ec6dbd
-      Version: 3
-      TBS:
-        MD5: a9a31555bbc92b6033975c5428fb3679
-        SHA1: 47f4b9898631773231b32844ec0d49990ac4eb1e
-        SHA256: c826846e4b1d73edb7561ab1b41c949354e237a91e82fe1be5b7e2e1701f52d1
-        SHA384: 86f49574f368a561914a52d7ae043ec6784ef8c718960700f834e123594605d25d39f1ad45f1eb5052c9567f3edd0e16
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 05a7559541e0fdc678d79e3272468907
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code
-        Signing CA,1
-      Version: 1
-  Imphash: a74f61fdcea718cb9579907b2caf54ab
-  LoadsDespiteHVCI: 'FALSE'
+    Command: sc.exe create mhyprot.sys binPath=C:\windows\temp\mhyprot.sys type=kernel
+        && sc.exe start mhyprot.sys
+    Description: ''
+    Usecase: Elevate privileges
+    Privileges: kernel
+    OperatingSystem: Windows 10
 Resources:
 - https://github.com/namazso/physmem_drivers
 - https://github.com/jbaines-r7/dellicious
@@ -2294,6 +21,2283 @@ Resources:
 - https://github.com/elastic/protections-artifacts/blob/932baf346cc8a743f1963ad3d4565b42ed17bebe/yara/rules/Windows_VulnDriver_Mhyprot.yar
 - https://gist.github.com/mgraeber-rc/1bde6a2a83237f17b463d051d32e802c
 - https://github.com/kagurazakasanae/Mhyprot2DrvControl/tree/main
-Tags:
-- Mhyprot2.sys
-- mhyprot.sys
+Detection: []
+Acknowledgement:
+    Person: ''
+    Handle: ''
+KnownVulnerableSamples:
+-   Filename: mhyprot.sys
+    MD5: 8b779fe1d71839ad361226f66f1b3fe5
+    SHA1: 175fb76c7cd8f0aeb916f4acb3b03f8b2d51846a
+    SHA256: 0c512b615eac374d4d494e3c36838d8e788b3dc2691bf27916f7f42694b14467
+    Authentihash:
+        MD5: a74fbda962fe6aa9701b1af91f74675a
+        SHA1: f1f4cfa7c5b4a882ff4c107e72977edcd7128855
+        SHA256: 7bfa54943180e34aea390a8f63a2cb007cf53c336dff697c60a79103f3c0c19d
+    Description: ''
+    Company: ''
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    Product: ''
+    ProductVersion: ''
+    Copyright: ''
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - WDFLDR.SYS
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - NtQuerySystemInformation
+    - RtlInitUnicodeString
+    - ExAllocatePool
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - _wcsicmp
+    - RtlInitString
+    - RtlAnsiStringToUnicodeString
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - ZwClose
+    - MmIsAddressValid
+    - ZwOpenDirectoryObject
+    - ZwQueryDirectoryObject
+    - ObReferenceObjectByName
+    - ZwQuerySystemInformation
+    - __C_specific_handler
+    - MmHighestUserAddress
+    - IoDriverObjectType
+    - KeQueryTimeIncrement
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - PsGetProcessWow64Process
+    - PsGetProcessPeb
+    - MmUnlockPages
+    - MmGetSystemRoutineAddress
+    - MmUnmapLockedPages
+    - IoFreeMdl
+    - ZwTerminateProcess
+    - PsGetProcessImageFileName
+    - ObOpenObjectByPointer
+    - PsReferenceProcessFilePointer
+    - IoQueryFileDosDeviceName
+    - ZwQueryVirtualMemory
+    - MmProbeAndLockPages
+    - PsLookupProcessByProcessId
+    - MmMapLockedPagesSpecifyCache
+    - IoAllocateMdl
+    - IoGetCurrentProcess
+    - MmCopyVirtualMemory
+    - KeClearEvent
+    - KeSetEvent
+    - KeWaitForSingleObject
+    - MmMapLockedPages
+    - ObReferenceObjectByHandle
+    - PsSetCreateProcessNotifyRoutineEx
+    - PsSetCreateThreadNotifyRoutine
+    - PsRemoveCreateThreadNotifyRoutine
+    - PsSetLoadImageNotifyRoutine
+    - PsRemoveLoadImageNotifyRoutine
+    - ExEventObjectType
+    - ObRegisterCallbacks
+    - ObUnRegisterCallbacks
+    - ObGetFilterVersion
+    - IoThreadToProcess
+    - strcmp
+    - PsProcessType
+    - PsThreadType
+    - RtlGetVersion
+    - ObfReferenceObject
+    - ObGetObjectType
+    - ExEnumHandleTable
+    - ExfUnblockPushLock
+    - _snprintf
+    - vsprintf_s
+    - ZwCreateFile
+    - ZwWriteFile
+    - PsLookupThreadByThreadId
+    - NtQueryInformationThread
+    - PsGetThreadProcess
+    - DbgPrint
+    - KeDelayExecutionThread
+    - KdDisableDebugger
+    - KdChangeOption
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - KdDebuggerEnabled
+    - PsGetVersion
+    - KeInitializeEvent
+    - RtlCopyUnicodeString
+    - ObfDereferenceObject
+    - ExReleaseFastMutex
+    - ExAcquireFastMutex
+    - MmBuildMdlForNonPagedPool
+    - WdfVersionBindClass
+    - WdfVersionBind
+    - WdfVersionUnbind
+    - WdfVersionUnbindClass
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=CN, L=Shanghai, O=miHoYo Co.,Ltd., OU=OPS, CN=miHoYo Co.,Ltd.
+            ValidFrom: '2019-04-08 00:00:00'
+            ValidTo: '2022-04-08 12:00:00'
+            Signature: 46a5e6f6c38a63b314f7e2677bb86d4bcd7839eef8e006048ddd58c6783ff0657456e61c800efb31966c611f7ca7d1de1785e006e3f4c0b24cb652842e42cbae016320a774724537fc30e8f09895fdb626daa26b5740c7538aa1df1f97dcab12c3a743c2048f6c9a754f66189ac0f21544399798fb780cd347c9cac0443c8d778736938e17cdd5eca8a2338d8171efd61e13c868dff862da9df4ca8c653a227e0971030aa7e6b44dc2199d1ebd9cae00c6f0a3e91bb883cc509fb297902ba5c13e5826071d92178ace51f1a0653b0445cf7ba17226401c92d7db4f67a37d1243f9094ad5f32873891ea5004a8cbfec77129d4955e344492aaee456f852001ded
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 05a7559541e0fdc678d79e3272468907
+            Version: 3
+            TBS:
+                MD5: 3e83a7572d1c522dd9072ba6399029d7
+                SHA1: e2c2d59b70f028a66a8711bfa97f842475f84639
+                SHA256: 5a504a929cb21f72008d5d57bcd992a7cac13f6aa90cbb886b5ecd809e3b59dd
+                SHA384: 72916ab6c7eb3f5cb7444b3d7d2ac8cb52944605477c5a0f181d060e4edb4c37ebe5eb3c0566dda9de2d2707636ec355
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID Root CA
+            ValidFrom: '2011-04-15 19:41:37'
+            ValidTo: '2021-04-15 19:51:37'
+            Signature: 5cf5b22d02ceed01b53512d813f7aa4014c7a15ca08a55ed7e55ea6ac457176fd04722423658efc5ac61c5f62c52ce6ae6c80d85dab334420ea40225182672b92a4ea57e4b16f2a0e40c449ce24d9af474f0f927a6699031c244654348c74869d0fc8409f286140ac22996857f11eb8713176ed3ec6bff1d578ab17b1ea5a07ce9a27a68e5fac6b161d67263fa379163835599f81d614f0c6fa3f7bcb1152acc8d85e31417ef7e49443fb022c0f0acbe2fdbe10c86b0f4585c5a10a94bcdf3448a4652083e0a6210e9459504b78b8d4b074f500db7bbe7fb8ca27878c6c53b7663b2cfe521845a66fce04c79834ecfa8ee700586587cc29cd73ca3ad3c7e76625c87d0ed7cd5c55b1421f4be75a275d2e9e15ad020307841624d6b5e6e1b1710244ad8588775d015d762bbfd185665842561977faad49df4f35d6da031c2e19e02ac3e90c3327ee832903416d08b14cf95accee58c54a265b8bfed186a57073ed3e79a4a2f081a041c49871a8ae61b08a365d81c31c50d9cbab368ddf45076160675fec403e7d13edfdc862e10027e661296534e7af3365879b12042d8963f35be3f8ef2999743f5e40ce13c68728c8d49d75a52b573fb7a35943a61b08482c04885c19732d39b725fa0d2348f7ef0467cf28c7294c707b0d7b5b230b81965f09c8327b0a0abd0a2727e050fb3aeddb95b9b42bcc32663456b86f11d4643edc8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611cb28a000000000026
+            Version: 3
+            TBS:
+                MD5: 983a0c315a50542362f2bd6a5d71c8d0
+                SHA1: 8047f476001f5cb16a661d2a3fd0c3576168f5e2
+                SHA256: 5f6a519ed2e35cd0fa1cdfc90f4387162c36287bbf9e4d6648251d99542a9e83
+                SHA384: 5f014b60511ddab3247ef0b3c03fe82c622237ba76015e2911d1adc50dc632d56ebd1ee532f3c2b6cbfe68d80a2c91dc
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 7b721d64ff88c83ac1b7e9e7a9c487bbdb9492d7905933fa2b87dea85b80253f138f9b831b7c43c4e68cdf393ec315ecb0da3b21257b24c1725db84791811346fa9c3f6a5138deb425cbf0abdfc528015479104624d1380f26a161904dbabd28e63ff1c4aa9bf6da35534fc9f23dd36cdc23edaaa04d6709f33a803d3cfb364c90e776a4ddf23abf56352fa24c65e8e0d4dad1c7c8916a2d234f373b199418d4d59c103cd5b11c19ff8fc86b9b9ef8ae9c999678d1cd9c51155b4226725a8d0a4a239240e886de22c2933ad49b68a6df297f06b93c0ebd9fc4869c82474271328609997209794b9d7169f541ff7f397764f1848dbe8b1eb27d68a3a590b10cff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0fa8490615d700a0be2176fdc5ec6dbd
+            Version: 3
+            TBS:
+                MD5: a9a31555bbc92b6033975c5428fb3679
+                SHA1: 47f4b9898631773231b32844ec0d49990ac4eb1e
+                SHA256: c826846e4b1d73edb7561ab1b41c949354e237a91e82fe1be5b7e2e1701f52d1
+                SHA384: 86f49574f368a561914a52d7ae043ec6784ef8c718960700f834e123594605d25d39f1ad45f1eb5052c9567f3edd0e16
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 05a7559541e0fdc678d79e3272468907
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID Code Signing CA,1
+            Version: 1
+    RichPEHeaderHash:
+        MD5: ffdf660eb1ebf020a1d0a55a90712dfb
+        SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
+        SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
+    Sections:
+        .text:
+            Entropy: 6.183070832014416
+            Virtual Size: '0x6ed0'
+        .rdata:
+            Entropy: 4.768973580594352
+            Virtual Size: '0x159c'
+        .data:
+            Entropy: 0.807954115503613
+            Virtual Size: '0x15f8'
+        .pdata:
+            Entropy: 7.83996638727823
+            Virtual Size: '0x684'
+        PAGE:
+            Entropy: 5.929327209049661
+            Virtual Size: '0xb7a'
+        INIT:
+            Entropy: 5.3523212488458185
+            Virtual Size: '0xe54'
+        .upx0:
+            Entropy: 7.037246397744446
+            Virtual Size: '0x124190'
+        .reloc:
+            Entropy: 3.9077681077271933
+            Virtual Size: '0xcc'
+        .rsrc:
+            Entropy: 2.9056718289000636
+            Virtual Size: '0x22c'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2020-08-16 21:38:03'
+    Imphash: a74f61fdcea718cb9579907b2caf54ab
+    LoadsDespiteHVCI: 'TRUE'
+-   Filename: mhyprot.sys
+    MD5: 67e3b720cee8184c714585a85f8058a0
+    SHA1: 254dce914e13b90003b0ae72d8705d92fe7c8dd0
+    SHA256: 69e3fda487a5ec2ec0f67b7d79a5a836ff0036497b2d1aec514c67d2efa789b2
+    Authentihash:
+        MD5: 19c86f21ca10d68738fac94bb43e7861
+        SHA1: c771ea59f075170e952c393cfd6fc784b265027c
+        SHA256: 39937d239220c1b779d7d55613de2c0a48bd6e12e0214da4c65992b96cf591df
+    Description: ''
+    Company: ''
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    Product: ''
+    ProductVersion: ''
+    Copyright: ''
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - WDFLDR.SYS
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - ObfDereferenceObject
+    - PsLookupProcessByProcessId
+    - NtQuerySystemInformation
+    - RtlInitUnicodeString
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - IoGetCurrentProcess
+    - _wcsicmp
+    - RtlInitString
+    - RtlAnsiStringToUnicodeString
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - ZwClose
+    - MmIsAddressValid
+    - ZwOpenDirectoryObject
+    - ZwQueryDirectoryObject
+    - ObReferenceObjectByName
+    - ZwQuerySystemInformation
+    - __C_specific_handler
+    - MmHighestUserAddress
+    - IoDriverObjectType
+    - KeQueryTimeIncrement
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - PsGetProcessWow64Process
+    - PsGetProcessPeb
+    - MmUnlockPages
+    - MmGetSystemRoutineAddress
+    - MmUnmapLockedPages
+    - IoFreeMdl
+    - ZwTerminateProcess
+    - PsGetProcessImageFileName
+    - ZwQueryObject
+    - ObOpenObjectByPointer
+    - PsReferenceProcessFilePointer
+    - IoQueryFileDosDeviceName
+    - ExReleaseFastMutex
+    - MmBuildMdlForNonPagedPool
+    - MmMapLockedPagesSpecifyCache
+    - IoAllocateMdl
+    - MmCopyVirtualMemory
+    - KeClearEvent
+    - KeSetEvent
+    - KeWaitForSingleObject
+    - MmMapLockedPages
+    - ObReferenceObjectByHandle
+    - PsSetCreateProcessNotifyRoutineEx
+    - PsSetCreateThreadNotifyRoutine
+    - PsRemoveCreateThreadNotifyRoutine
+    - PsSetLoadImageNotifyRoutine
+    - PsRemoveLoadImageNotifyRoutine
+    - ExEventObjectType
+    - ObRegisterCallbacks
+    - ObUnRegisterCallbacks
+    - ObGetFilterVersion
+    - PsGetProcessId
+    - IoThreadToProcess
+    - strcmp
+    - PsProcessType
+    - PsThreadType
+    - RtlGetVersion
+    - ObfReferenceObject
+    - ObGetObjectType
+    - ExEnumHandleTable
+    - ExfUnblockPushLock
+    - PsAcquireProcessExitSynchronization
+    - PsReleaseProcessExitSynchronization
+    - _snprintf
+    - vsprintf_s
+    - ZwCreateFile
+    - ZwWriteFile
+    - PsLookupThreadByThreadId
+    - NtQueryInformationThread
+    - PsGetThreadProcess
+    - KeDelayExecutionThread
+    - KdDisableDebugger
+    - KdChangeOption
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - KdDebuggerEnabled
+    - PsGetVersion
+    - KeInitializeEvent
+    - RtlCopyUnicodeString
+    - ExAcquireFastMutex
+    - ExFreePoolWithTag
+    - ExAllocatePool
+    - MmProbeAndLockPages
+    - WdfVersionBindClass
+    - WdfVersionBind
+    - WdfVersionUnbind
+    - WdfVersionUnbindClass
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=CN, L=Shanghai, O=miHoYo Co.,Ltd., OU=OPS, CN=miHoYo Co.,Ltd.
+            ValidFrom: '2019-04-08 00:00:00'
+            ValidTo: '2022-04-08 12:00:00'
+            Signature: 46a5e6f6c38a63b314f7e2677bb86d4bcd7839eef8e006048ddd58c6783ff0657456e61c800efb31966c611f7ca7d1de1785e006e3f4c0b24cb652842e42cbae016320a774724537fc30e8f09895fdb626daa26b5740c7538aa1df1f97dcab12c3a743c2048f6c9a754f66189ac0f21544399798fb780cd347c9cac0443c8d778736938e17cdd5eca8a2338d8171efd61e13c868dff862da9df4ca8c653a227e0971030aa7e6b44dc2199d1ebd9cae00c6f0a3e91bb883cc509fb297902ba5c13e5826071d92178ace51f1a0653b0445cf7ba17226401c92d7db4f67a37d1243f9094ad5f32873891ea5004a8cbfec77129d4955e344492aaee456f852001ded
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 05a7559541e0fdc678d79e3272468907
+            Version: 3
+            TBS:
+                MD5: 3e83a7572d1c522dd9072ba6399029d7
+                SHA1: e2c2d59b70f028a66a8711bfa97f842475f84639
+                SHA256: 5a504a929cb21f72008d5d57bcd992a7cac13f6aa90cbb886b5ecd809e3b59dd
+                SHA384: 72916ab6c7eb3f5cb7444b3d7d2ac8cb52944605477c5a0f181d060e4edb4c37ebe5eb3c0566dda9de2d2707636ec355
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID Root CA
+            ValidFrom: '2011-04-15 19:41:37'
+            ValidTo: '2021-04-15 19:51:37'
+            Signature: 5cf5b22d02ceed01b53512d813f7aa4014c7a15ca08a55ed7e55ea6ac457176fd04722423658efc5ac61c5f62c52ce6ae6c80d85dab334420ea40225182672b92a4ea57e4b16f2a0e40c449ce24d9af474f0f927a6699031c244654348c74869d0fc8409f286140ac22996857f11eb8713176ed3ec6bff1d578ab17b1ea5a07ce9a27a68e5fac6b161d67263fa379163835599f81d614f0c6fa3f7bcb1152acc8d85e31417ef7e49443fb022c0f0acbe2fdbe10c86b0f4585c5a10a94bcdf3448a4652083e0a6210e9459504b78b8d4b074f500db7bbe7fb8ca27878c6c53b7663b2cfe521845a66fce04c79834ecfa8ee700586587cc29cd73ca3ad3c7e76625c87d0ed7cd5c55b1421f4be75a275d2e9e15ad020307841624d6b5e6e1b1710244ad8588775d015d762bbfd185665842561977faad49df4f35d6da031c2e19e02ac3e90c3327ee832903416d08b14cf95accee58c54a265b8bfed186a57073ed3e79a4a2f081a041c49871a8ae61b08a365d81c31c50d9cbab368ddf45076160675fec403e7d13edfdc862e10027e661296534e7af3365879b12042d8963f35be3f8ef2999743f5e40ce13c68728c8d49d75a52b573fb7a35943a61b08482c04885c19732d39b725fa0d2348f7ef0467cf28c7294c707b0d7b5b230b81965f09c8327b0a0abd0a2727e050fb3aeddb95b9b42bcc32663456b86f11d4643edc8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611cb28a000000000026
+            Version: 3
+            TBS:
+                MD5: 983a0c315a50542362f2bd6a5d71c8d0
+                SHA1: 8047f476001f5cb16a661d2a3fd0c3576168f5e2
+                SHA256: 5f6a519ed2e35cd0fa1cdfc90f4387162c36287bbf9e4d6648251d99542a9e83
+                SHA384: 5f014b60511ddab3247ef0b3c03fe82c622237ba76015e2911d1adc50dc632d56ebd1ee532f3c2b6cbfe68d80a2c91dc
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 7b721d64ff88c83ac1b7e9e7a9c487bbdb9492d7905933fa2b87dea85b80253f138f9b831b7c43c4e68cdf393ec315ecb0da3b21257b24c1725db84791811346fa9c3f6a5138deb425cbf0abdfc528015479104624d1380f26a161904dbabd28e63ff1c4aa9bf6da35534fc9f23dd36cdc23edaaa04d6709f33a803d3cfb364c90e776a4ddf23abf56352fa24c65e8e0d4dad1c7c8916a2d234f373b199418d4d59c103cd5b11c19ff8fc86b9b9ef8ae9c999678d1cd9c51155b4226725a8d0a4a239240e886de22c2933ad49b68a6df297f06b93c0ebd9fc4869c82474271328609997209794b9d7169f541ff7f397764f1848dbe8b1eb27d68a3a590b10cff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0fa8490615d700a0be2176fdc5ec6dbd
+            Version: 3
+            TBS:
+                MD5: a9a31555bbc92b6033975c5428fb3679
+                SHA1: 47f4b9898631773231b32844ec0d49990ac4eb1e
+                SHA256: c826846e4b1d73edb7561ab1b41c949354e237a91e82fe1be5b7e2e1701f52d1
+                SHA384: 86f49574f368a561914a52d7ae043ec6784ef8c718960700f834e123594605d25d39f1ad45f1eb5052c9567f3edd0e16
+        -   Subject: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo
+                RSA Time Stamping CA
+            ValidFrom: '2019-05-02 00:00:00'
+            ValidTo: '2038-01-18 23:59:59'
+            Signature: 6d5481a5335d16e1b553819175df037a320b2d258411b2b0db2a7d2a05f5bc3b27f45aa0b9495990296c61cbb550dbe27df99f00ef40c3add3e2e456f95841cff142e5107dffb0741f8fc65c09f9335eeaa01c26585cf3b4110fd5d5c3e2bcd55878bf4876e144676d8fb043100f8de4f93862bf1301c585a34cc5ccb2533095a4d6f4965608b8cd5c7f0196be72526a3b42377c1678399393949bb1dcb26d416d67cdc96f903d7f4572c11b23d6c2558466e4b3c56606f6f3d64b5eada32b428a2192fea86f5a2570628173635ea0bbd8dcd74ad33daf830638121d24872de4fc02d63e7704bc0436b5e777cb9c2e8d2318b9a3c2471df05dd6a1735705689aa7c937651dbeeabcd842834305a58ba609ffd1a194a64eaa3d09f5056cb7d2645ad82a22c24b9df1395e4cde483d9b34969a095f8efdf7b15291ce3f89f61ca1b5a9751f71bf5b435d653d50816eabf0d0d3fcb2b31fb6999626f43c798b5c64cccdee279ae5a0c00c7287c16e4d5ad31eeaf044e6326f1ceb174e94c37865203b0f41aa1fe9a1419dfeb1b8a0652a34e0dea8f93ce6c130bbc0a0632cfc5c1600a8d0c47fea119d1e06c6a66d325db438092b4907aafdec30daf1a72fcfb7fdfad0a384d9279efb016677b95610e1206ec6aeb1f9b6bac8355d33768ef17c200c2a77aeb5a20286ba29eeb45a00b18cabe3f90ac9545dd4b96a749ebd48ae98
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.12
+            IsCertificateAuthority: true
+            SerialNumber: 300f6facdd6698747ca94636a7782db9
+            Version: 3
+            TBS:
+                MD5: 63499ed59a1293b786649470e4ce0bd7
+                SHA1: 7309d8eaa65da1f3da7030c08f00a3b0a20fa908
+                SHA256: 8c8d2046b29e792e71b28705fe67c435208a336dde074a75452d98e72c734937
+                SHA384: 5dbc5eae13908fee4c4e5216f87e3e87208fff0d1052f5fa9f0856a429d6a6c422c625f2318f2f29aea26ece09c1e811
+        -   Subject: 'C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo
+                RSA Time Stamping Signer #2'
+            ValidFrom: '2020-10-23 00:00:00'
+            ValidTo: '2032-01-22 23:59:59'
+            Signature: 4a0378904233ec7b1a830936339855bb9d4006306b456af1940e1950ff5b255e3be139c45bbae995903737bddffb64ece582b795cc5755704b4ef4a887dd2285a657bbb82127d4a02a31948a07219e8abda71af50215cb4450998cec3eba0377a6820290c22e93a9be21347563b9e02d0fcf0137cb8da2fab85a9aaea17a9e139319558f09902edfea881716eb69d6e125bd45089780d75420284fca7bb3b3a5d200b0603465c4e3c5c3a5e4ba85aa7a69db75a43e79689a368b43ae36d461723c0e85620da05e70db642f01c7c1a1c72494a3b23c6eb25ea2d0faa8d1b8251c16e6c0d57f681ac46529352a2d88bceaae74d682e7c088b8e14f78f05ccac0405cc29fd5321c2cda3cac36f706529aa3403017b0291699c9aab78849f7e80b2533b53f6daf9f5f0a56df12b1c3eece9177e82013e95c24c7ea440b4ae613841c4deb0db5b886a030a78ba19fb42cccc01623c991e542034b80cee44de62a013ec05e85a024a11740d5dbdbe79810a4f1ea191b8054fa4789e89881a975c00edfd0689479a1a09e8eb6b74266cbd9d96b2f4dd8de3e321e20e4ec9c4d428d9dc73399823744d4262926408e782fb9eefa2ff1f18ffe50b878dd1496de1c0e70b02a856ab16c68e92ae4102b6e21fdd37c9d37e42a06d6c3f1d768e34f0779810813feb2645ee9b13ce6d07823b2092ce22662bf3ba99751ccc7443281b2afcfdf
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.12
+            IsCertificateAuthority: false
+            SerialNumber: 008c77a0008ff4d1b0c63d9f3a48838d6b
+            Version: 3
+            TBS:
+                MD5: 6efd500ce038df7aa3087c1e63a5eb5c
+                SHA1: 1c961712a02fb995c585080eda53a753656ca3ad
+                SHA256: f60d4f8f7b56499de889264b1e64890694c5b106129d3db068976ed33495577a
+                SHA384: 031fdf7c078e205b4d3ffaff40de36f48f91f87c3b0005b482ff614b320f5e47785045cb87a3e6a75085c24ae8409498
+        Signer:
+        -   SerialNumber: 05a7559541e0fdc678d79e3272468907
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID Code Signing CA,1
+            Version: 1
+    RichPEHeaderHash:
+        MD5: ffdf660eb1ebf020a1d0a55a90712dfb
+        SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
+        SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
+    Sections:
+        .text:
+            Entropy: 6.1683529019554815
+            Virtual Size: '0x71a0'
+        .rdata:
+            Entropy: 4.824949371923319
+            Virtual Size: '0x15ec'
+        .data:
+            Entropy: 0.779983909093318
+            Virtual Size: '0x10f8'
+        .pdata:
+            Entropy: 7.754446314071279
+            Virtual Size: '0x6cc'
+        PAGE:
+            Entropy: 5.190660216587449
+            Virtual Size: '0xcda'
+        INIT:
+            Entropy: 5.3593629521412485
+            Virtual Size: '0xeae'
+        .upx0:
+            Entropy: 7.178607218904576
+            Virtual Size: '0x13fa4c'
+        .reloc:
+            Entropy: 3.991090826834167
+            Virtual Size: '0xc0'
+        .rsrc:
+            Entropy: 2.9056718289000636
+            Virtual Size: '0x22c'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2021-01-11 02:10:15'
+    Imphash: 82525a4a571f0f8d4e4f42ec6bb3900e
+    LoadsDespiteHVCI: 'TRUE'
+-   Filename: mhyprot2.sys
+    MD5: 8f47af49c330c9fcf3451ad2252b9e04
+    SHA1: be797c91768ac854bd3b82a093e55db83da0cb11
+    SHA256: ad2477632b9b07588cfe0e692f244c05fa4202975c1fe91dd3b90fa911ac6058
+    Authentihash:
+        MD5: 5908564f34ef8fd94e9420c8f1af19bc
+        SHA1: bd2c5fdae29b39de9f862455fb2fb07fbf99ece2
+        SHA256: df3fd9fa267e12d7c6b65028373e21978041f0c94375b5c7316498fbad6f4ae0
+    Description: ''
+    Company: ''
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    Product: ''
+    ProductVersion: ''
+    Copyright: ''
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - WDFLDR.SYS
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - NtQuerySystemInformation
+    - RtlInitUnicodeString
+    - ExAllocatePool
+    - ExFreePoolWithTag
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - IoGetCurrentProcess
+    - _wcsicmp
+    - RtlInitString
+    - RtlAnsiStringToUnicodeString
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - ZwClose
+    - MmIsAddressValid
+    - ZwOpenDirectoryObject
+    - ZwQueryDirectoryObject
+    - ObReferenceObjectByName
+    - ZwQuerySystemInformation
+    - __C_specific_handler
+    - MmHighestUserAddress
+    - IoDriverObjectType
+    - KeQueryTimeIncrement
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - PsGetProcessWow64Process
+    - PsGetProcessPeb
+    - MmUnlockPages
+    - MmGetSystemRoutineAddress
+    - MmUnmapLockedPages
+    - IoFreeMdl
+    - ZwTerminateProcess
+    - PsGetProcessImageFileName
+    - ZwQueryObject
+    - ObOpenObjectByPointer
+    - PsReferenceProcessFilePointer
+    - IoQueryFileDosDeviceName
+    - MmProbeAndLockPages
+    - PsLookupProcessByProcessId
+    - MmMapLockedPagesSpecifyCache
+    - IoAllocateMdl
+    - MmCopyVirtualMemory
+    - KeClearEvent
+    - KeSetEvent
+    - KeWaitForSingleObject
+    - MmMapLockedPages
+    - ObReferenceObjectByHandle
+    - PsSetCreateProcessNotifyRoutineEx
+    - PsSetCreateThreadNotifyRoutine
+    - PsRemoveCreateThreadNotifyRoutine
+    - PsSetLoadImageNotifyRoutine
+    - PsRemoveLoadImageNotifyRoutine
+    - ExEventObjectType
+    - ObRegisterCallbacks
+    - ObUnRegisterCallbacks
+    - ObGetFilterVersion
+    - PsGetProcessId
+    - IoThreadToProcess
+    - strcmp
+    - PsProcessType
+    - PsThreadType
+    - RtlEqualUnicodeString
+    - RtlGetVersion
+    - ObfReferenceObject
+    - ObGetObjectType
+    - ExEnumHandleTable
+    - ExfUnblockPushLock
+    - PsAcquireProcessExitSynchronization
+    - PsReleaseProcessExitSynchronization
+    - _snprintf
+    - vsprintf_s
+    - ZwCreateFile
+    - ZwWriteFile
+    - PsLookupThreadByThreadId
+    - NtQueryInformationThread
+    - PsGetThreadProcess
+    - KeDelayExecutionThread
+    - KdDisableDebugger
+    - KdChangeOption
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - KdDebuggerEnabled
+    - PsGetVersion
+    - KeInitializeEvent
+    - RtlCopyUnicodeString
+    - ObfDereferenceObject
+    - ExReleaseFastMutex
+    - ExAcquireFastMutex
+    - MmBuildMdlForNonPagedPool
+    - WdfVersionBindClass
+    - WdfVersionBind
+    - WdfVersionUnbind
+    - WdfVersionUnbindClass
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=CN, L=Shanghai, O=miHoYo Co.,Ltd., OU=OPS, CN=miHoYo Co.,Ltd.
+            ValidFrom: '2019-04-08 00:00:00'
+            ValidTo: '2022-04-08 12:00:00'
+            Signature: 46a5e6f6c38a63b314f7e2677bb86d4bcd7839eef8e006048ddd58c6783ff0657456e61c800efb31966c611f7ca7d1de1785e006e3f4c0b24cb652842e42cbae016320a774724537fc30e8f09895fdb626daa26b5740c7538aa1df1f97dcab12c3a743c2048f6c9a754f66189ac0f21544399798fb780cd347c9cac0443c8d778736938e17cdd5eca8a2338d8171efd61e13c868dff862da9df4ca8c653a227e0971030aa7e6b44dc2199d1ebd9cae00c6f0a3e91bb883cc509fb297902ba5c13e5826071d92178ace51f1a0653b0445cf7ba17226401c92d7db4f67a37d1243f9094ad5f32873891ea5004a8cbfec77129d4955e344492aaee456f852001ded
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 05a7559541e0fdc678d79e3272468907
+            Version: 3
+            TBS:
+                MD5: 3e83a7572d1c522dd9072ba6399029d7
+                SHA1: e2c2d59b70f028a66a8711bfa97f842475f84639
+                SHA256: 5a504a929cb21f72008d5d57bcd992a7cac13f6aa90cbb886b5ecd809e3b59dd
+                SHA384: 72916ab6c7eb3f5cb7444b3d7d2ac8cb52944605477c5a0f181d060e4edb4c37ebe5eb3c0566dda9de2d2707636ec355
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID Root CA
+            ValidFrom: '2011-04-15 19:41:37'
+            ValidTo: '2021-04-15 19:51:37'
+            Signature: 5cf5b22d02ceed01b53512d813f7aa4014c7a15ca08a55ed7e55ea6ac457176fd04722423658efc5ac61c5f62c52ce6ae6c80d85dab334420ea40225182672b92a4ea57e4b16f2a0e40c449ce24d9af474f0f927a6699031c244654348c74869d0fc8409f286140ac22996857f11eb8713176ed3ec6bff1d578ab17b1ea5a07ce9a27a68e5fac6b161d67263fa379163835599f81d614f0c6fa3f7bcb1152acc8d85e31417ef7e49443fb022c0f0acbe2fdbe10c86b0f4585c5a10a94bcdf3448a4652083e0a6210e9459504b78b8d4b074f500db7bbe7fb8ca27878c6c53b7663b2cfe521845a66fce04c79834ecfa8ee700586587cc29cd73ca3ad3c7e76625c87d0ed7cd5c55b1421f4be75a275d2e9e15ad020307841624d6b5e6e1b1710244ad8588775d015d762bbfd185665842561977faad49df4f35d6da031c2e19e02ac3e90c3327ee832903416d08b14cf95accee58c54a265b8bfed186a57073ed3e79a4a2f081a041c49871a8ae61b08a365d81c31c50d9cbab368ddf45076160675fec403e7d13edfdc862e10027e661296534e7af3365879b12042d8963f35be3f8ef2999743f5e40ce13c68728c8d49d75a52b573fb7a35943a61b08482c04885c19732d39b725fa0d2348f7ef0467cf28c7294c707b0d7b5b230b81965f09c8327b0a0abd0a2727e050fb3aeddb95b9b42bcc32663456b86f11d4643edc8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611cb28a000000000026
+            Version: 3
+            TBS:
+                MD5: 983a0c315a50542362f2bd6a5d71c8d0
+                SHA1: 8047f476001f5cb16a661d2a3fd0c3576168f5e2
+                SHA256: 5f6a519ed2e35cd0fa1cdfc90f4387162c36287bbf9e4d6648251d99542a9e83
+                SHA384: 5f014b60511ddab3247ef0b3c03fe82c622237ba76015e2911d1adc50dc632d56ebd1ee532f3c2b6cbfe68d80a2c91dc
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 7b721d64ff88c83ac1b7e9e7a9c487bbdb9492d7905933fa2b87dea85b80253f138f9b831b7c43c4e68cdf393ec315ecb0da3b21257b24c1725db84791811346fa9c3f6a5138deb425cbf0abdfc528015479104624d1380f26a161904dbabd28e63ff1c4aa9bf6da35534fc9f23dd36cdc23edaaa04d6709f33a803d3cfb364c90e776a4ddf23abf56352fa24c65e8e0d4dad1c7c8916a2d234f373b199418d4d59c103cd5b11c19ff8fc86b9b9ef8ae9c999678d1cd9c51155b4226725a8d0a4a239240e886de22c2933ad49b68a6df297f06b93c0ebd9fc4869c82474271328609997209794b9d7169f541ff7f397764f1848dbe8b1eb27d68a3a590b10cff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0fa8490615d700a0be2176fdc5ec6dbd
+            Version: 3
+            TBS:
+                MD5: a9a31555bbc92b6033975c5428fb3679
+                SHA1: 47f4b9898631773231b32844ec0d49990ac4eb1e
+                SHA256: c826846e4b1d73edb7561ab1b41c949354e237a91e82fe1be5b7e2e1701f52d1
+                SHA384: 86f49574f368a561914a52d7ae043ec6784ef8c718960700f834e123594605d25d39f1ad45f1eb5052c9567f3edd0e16
+        -   Subject: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo
+                RSA Time Stamping CA
+            ValidFrom: '2019-05-02 00:00:00'
+            ValidTo: '2038-01-18 23:59:59'
+            Signature: 6d5481a5335d16e1b553819175df037a320b2d258411b2b0db2a7d2a05f5bc3b27f45aa0b9495990296c61cbb550dbe27df99f00ef40c3add3e2e456f95841cff142e5107dffb0741f8fc65c09f9335eeaa01c26585cf3b4110fd5d5c3e2bcd55878bf4876e144676d8fb043100f8de4f93862bf1301c585a34cc5ccb2533095a4d6f4965608b8cd5c7f0196be72526a3b42377c1678399393949bb1dcb26d416d67cdc96f903d7f4572c11b23d6c2558466e4b3c56606f6f3d64b5eada32b428a2192fea86f5a2570628173635ea0bbd8dcd74ad33daf830638121d24872de4fc02d63e7704bc0436b5e777cb9c2e8d2318b9a3c2471df05dd6a1735705689aa7c937651dbeeabcd842834305a58ba609ffd1a194a64eaa3d09f5056cb7d2645ad82a22c24b9df1395e4cde483d9b34969a095f8efdf7b15291ce3f89f61ca1b5a9751f71bf5b435d653d50816eabf0d0d3fcb2b31fb6999626f43c798b5c64cccdee279ae5a0c00c7287c16e4d5ad31eeaf044e6326f1ceb174e94c37865203b0f41aa1fe9a1419dfeb1b8a0652a34e0dea8f93ce6c130bbc0a0632cfc5c1600a8d0c47fea119d1e06c6a66d325db438092b4907aafdec30daf1a72fcfb7fdfad0a384d9279efb016677b95610e1206ec6aeb1f9b6bac8355d33768ef17c200c2a77aeb5a20286ba29eeb45a00b18cabe3f90ac9545dd4b96a749ebd48ae98
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.12
+            IsCertificateAuthority: true
+            SerialNumber: 300f6facdd6698747ca94636a7782db9
+            Version: 3
+            TBS:
+                MD5: 63499ed59a1293b786649470e4ce0bd7
+                SHA1: 7309d8eaa65da1f3da7030c08f00a3b0a20fa908
+                SHA256: 8c8d2046b29e792e71b28705fe67c435208a336dde074a75452d98e72c734937
+                SHA384: 5dbc5eae13908fee4c4e5216f87e3e87208fff0d1052f5fa9f0856a429d6a6c422c625f2318f2f29aea26ece09c1e811
+        -   Subject: 'C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo
+                RSA Time Stamping Signer #2'
+            ValidFrom: '2020-10-23 00:00:00'
+            ValidTo: '2032-01-22 23:59:59'
+            Signature: 4a0378904233ec7b1a830936339855bb9d4006306b456af1940e1950ff5b255e3be139c45bbae995903737bddffb64ece582b795cc5755704b4ef4a887dd2285a657bbb82127d4a02a31948a07219e8abda71af50215cb4450998cec3eba0377a6820290c22e93a9be21347563b9e02d0fcf0137cb8da2fab85a9aaea17a9e139319558f09902edfea881716eb69d6e125bd45089780d75420284fca7bb3b3a5d200b0603465c4e3c5c3a5e4ba85aa7a69db75a43e79689a368b43ae36d461723c0e85620da05e70db642f01c7c1a1c72494a3b23c6eb25ea2d0faa8d1b8251c16e6c0d57f681ac46529352a2d88bceaae74d682e7c088b8e14f78f05ccac0405cc29fd5321c2cda3cac36f706529aa3403017b0291699c9aab78849f7e80b2533b53f6daf9f5f0a56df12b1c3eece9177e82013e95c24c7ea440b4ae613841c4deb0db5b886a030a78ba19fb42cccc01623c991e542034b80cee44de62a013ec05e85a024a11740d5dbdbe79810a4f1ea191b8054fa4789e89881a975c00edfd0689479a1a09e8eb6b74266cbd9d96b2f4dd8de3e321e20e4ec9c4d428d9dc73399823744d4262926408e782fb9eefa2ff1f18ffe50b878dd1496de1c0e70b02a856ab16c68e92ae4102b6e21fdd37c9d37e42a06d6c3f1d768e34f0779810813feb2645ee9b13ce6d07823b2092ce22662bf3ba99751ccc7443281b2afcfdf
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.12
+            IsCertificateAuthority: false
+            SerialNumber: 008c77a0008ff4d1b0c63d9f3a48838d6b
+            Version: 3
+            TBS:
+                MD5: 6efd500ce038df7aa3087c1e63a5eb5c
+                SHA1: 1c961712a02fb995c585080eda53a753656ca3ad
+                SHA256: f60d4f8f7b56499de889264b1e64890694c5b106129d3db068976ed33495577a
+                SHA384: 031fdf7c078e205b4d3ffaff40de36f48f91f87c3b0005b482ff614b320f5e47785045cb87a3e6a75085c24ae8409498
+        Signer:
+        -   SerialNumber: 05a7559541e0fdc678d79e3272468907
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID Code Signing CA,1
+            Version: 1
+    RichPEHeaderHash:
+        MD5: ffdf660eb1ebf020a1d0a55a90712dfb
+        SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
+        SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
+    Sections:
+        .text:
+            Entropy: 6.157664770831852
+            Virtual Size: '0x6b30'
+        .rdata:
+            Entropy: 4.753402516412843
+            Virtual Size: '0x1524'
+        .data:
+            Entropy: 0.807954115503613
+            Virtual Size: '0x15f8'
+        .pdata:
+            Entropy: 7.762205491774233
+            Virtual Size: '0x660'
+        PAGE:
+            Entropy: 5.555323265561846
+            Virtual Size: '0xb0a'
+        INIT:
+            Entropy: 5.375192691787179
+            Virtual Size: '0xeae'
+        .upx0:
+            Entropy: 7.119277616060462
+            Virtual Size: '0x137444'
+        .reloc:
+            Entropy: 3.865030456441881
+            Virtual Size: '0xb4'
+        .rsrc:
+            Entropy: 2.9056718289000636
+            Virtual Size: '0x22c'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2021-06-28 02:44:28'
+    Imphash: ebb99842fa08915eb8b7f67d8dc7a13a
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: mhyprot2.sys
+    MD5: 89c7bd12495e29413038224cb61db02e
+    SHA1: 16c6bcef489f190a48e9d3b1f35972db89516479
+    SHA256: b8b94c2646b62f6ac08f16514b6efaa9866aa3c581e4c0435a7aeafe569b2418
+    Authentihash:
+        MD5: d5a852a9cb4c81cba921aaf523bcabf4
+        SHA1: a3fd0d15889398830a61eed9dfac17dfbde792ef
+        SHA256: 8ced17d1ee92ae72749afdfe40f5029223d97f0f977e718bd5ab1242d1ff7cb5
+    Description: ''
+    Company: ''
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    Product: ''
+    ProductVersion: ''
+    Copyright: ''
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - WDFLDR.SYS
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - NtQuerySystemInformation
+    - RtlInitUnicodeString
+    - ExAllocatePool
+    - ExFreePoolWithTag
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - IoGetCurrentProcess
+    - _wcsicmp
+    - RtlInitString
+    - RtlAnsiStringToUnicodeString
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - ZwClose
+    - MmIsAddressValid
+    - ZwOpenDirectoryObject
+    - ZwQueryDirectoryObject
+    - ObReferenceObjectByName
+    - ZwQuerySystemInformation
+    - __C_specific_handler
+    - MmHighestUserAddress
+    - IoDriverObjectType
+    - KeQueryTimeIncrement
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - PsGetProcessWow64Process
+    - PsGetProcessPeb
+    - MmUnlockPages
+    - MmGetSystemRoutineAddress
+    - MmUnmapLockedPages
+    - IoFreeMdl
+    - ZwTerminateProcess
+    - PsGetProcessImageFileName
+    - ZwQueryObject
+    - ObOpenObjectByPointer
+    - PsReferenceProcessFilePointer
+    - IoQueryFileDosDeviceName
+    - PsLookupProcessByProcessId
+    - MmBuildMdlForNonPagedPool
+    - MmMapLockedPagesSpecifyCache
+    - IoAllocateMdl
+    - MmCopyVirtualMemory
+    - KeClearEvent
+    - KeSetEvent
+    - KeWaitForSingleObject
+    - MmMapLockedPages
+    - ObReferenceObjectByHandle
+    - PsSetCreateProcessNotifyRoutineEx
+    - PsSetCreateThreadNotifyRoutine
+    - PsRemoveCreateThreadNotifyRoutine
+    - PsSetLoadImageNotifyRoutine
+    - PsRemoveLoadImageNotifyRoutine
+    - ExEventObjectType
+    - ObRegisterCallbacks
+    - ObUnRegisterCallbacks
+    - ObGetFilterVersion
+    - PsGetProcessId
+    - IoThreadToProcess
+    - strcmp
+    - PsProcessType
+    - PsThreadType
+    - RtlGetVersion
+    - ObfReferenceObject
+    - ObGetObjectType
+    - ExEnumHandleTable
+    - ExfUnblockPushLock
+    - PsAcquireProcessExitSynchronization
+    - PsReleaseProcessExitSynchronization
+    - _snprintf
+    - vsprintf_s
+    - ZwCreateFile
+    - ZwWriteFile
+    - PsLookupThreadByThreadId
+    - NtQueryInformationThread
+    - PsGetThreadProcess
+    - KeDelayExecutionThread
+    - KdDisableDebugger
+    - KdChangeOption
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - KdDebuggerEnabled
+    - PsGetVersion
+    - KeInitializeEvent
+    - RtlCopyUnicodeString
+    - ObfDereferenceObject
+    - ExReleaseFastMutex
+    - ExAcquireFastMutex
+    - MmProbeAndLockPages
+    - WdfVersionBindClass
+    - WdfVersionBind
+    - WdfVersionUnbind
+    - WdfVersionUnbindClass
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=CN, L=Shanghai, O=miHoYo Co.,Ltd., OU=OPS, CN=miHoYo Co.,Ltd.
+            ValidFrom: '2019-04-08 00:00:00'
+            ValidTo: '2022-04-08 12:00:00'
+            Signature: 46a5e6f6c38a63b314f7e2677bb86d4bcd7839eef8e006048ddd58c6783ff0657456e61c800efb31966c611f7ca7d1de1785e006e3f4c0b24cb652842e42cbae016320a774724537fc30e8f09895fdb626daa26b5740c7538aa1df1f97dcab12c3a743c2048f6c9a754f66189ac0f21544399798fb780cd347c9cac0443c8d778736938e17cdd5eca8a2338d8171efd61e13c868dff862da9df4ca8c653a227e0971030aa7e6b44dc2199d1ebd9cae00c6f0a3e91bb883cc509fb297902ba5c13e5826071d92178ace51f1a0653b0445cf7ba17226401c92d7db4f67a37d1243f9094ad5f32873891ea5004a8cbfec77129d4955e344492aaee456f852001ded
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 05a7559541e0fdc678d79e3272468907
+            Version: 3
+            TBS:
+                MD5: 3e83a7572d1c522dd9072ba6399029d7
+                SHA1: e2c2d59b70f028a66a8711bfa97f842475f84639
+                SHA256: 5a504a929cb21f72008d5d57bcd992a7cac13f6aa90cbb886b5ecd809e3b59dd
+                SHA384: 72916ab6c7eb3f5cb7444b3d7d2ac8cb52944605477c5a0f181d060e4edb4c37ebe5eb3c0566dda9de2d2707636ec355
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID Root CA
+            ValidFrom: '2011-04-15 19:41:37'
+            ValidTo: '2021-04-15 19:51:37'
+            Signature: 5cf5b22d02ceed01b53512d813f7aa4014c7a15ca08a55ed7e55ea6ac457176fd04722423658efc5ac61c5f62c52ce6ae6c80d85dab334420ea40225182672b92a4ea57e4b16f2a0e40c449ce24d9af474f0f927a6699031c244654348c74869d0fc8409f286140ac22996857f11eb8713176ed3ec6bff1d578ab17b1ea5a07ce9a27a68e5fac6b161d67263fa379163835599f81d614f0c6fa3f7bcb1152acc8d85e31417ef7e49443fb022c0f0acbe2fdbe10c86b0f4585c5a10a94bcdf3448a4652083e0a6210e9459504b78b8d4b074f500db7bbe7fb8ca27878c6c53b7663b2cfe521845a66fce04c79834ecfa8ee700586587cc29cd73ca3ad3c7e76625c87d0ed7cd5c55b1421f4be75a275d2e9e15ad020307841624d6b5e6e1b1710244ad8588775d015d762bbfd185665842561977faad49df4f35d6da031c2e19e02ac3e90c3327ee832903416d08b14cf95accee58c54a265b8bfed186a57073ed3e79a4a2f081a041c49871a8ae61b08a365d81c31c50d9cbab368ddf45076160675fec403e7d13edfdc862e10027e661296534e7af3365879b12042d8963f35be3f8ef2999743f5e40ce13c68728c8d49d75a52b573fb7a35943a61b08482c04885c19732d39b725fa0d2348f7ef0467cf28c7294c707b0d7b5b230b81965f09c8327b0a0abd0a2727e050fb3aeddb95b9b42bcc32663456b86f11d4643edc8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611cb28a000000000026
+            Version: 3
+            TBS:
+                MD5: 983a0c315a50542362f2bd6a5d71c8d0
+                SHA1: 8047f476001f5cb16a661d2a3fd0c3576168f5e2
+                SHA256: 5f6a519ed2e35cd0fa1cdfc90f4387162c36287bbf9e4d6648251d99542a9e83
+                SHA384: 5f014b60511ddab3247ef0b3c03fe82c622237ba76015e2911d1adc50dc632d56ebd1ee532f3c2b6cbfe68d80a2c91dc
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 7b721d64ff88c83ac1b7e9e7a9c487bbdb9492d7905933fa2b87dea85b80253f138f9b831b7c43c4e68cdf393ec315ecb0da3b21257b24c1725db84791811346fa9c3f6a5138deb425cbf0abdfc528015479104624d1380f26a161904dbabd28e63ff1c4aa9bf6da35534fc9f23dd36cdc23edaaa04d6709f33a803d3cfb364c90e776a4ddf23abf56352fa24c65e8e0d4dad1c7c8916a2d234f373b199418d4d59c103cd5b11c19ff8fc86b9b9ef8ae9c999678d1cd9c51155b4226725a8d0a4a239240e886de22c2933ad49b68a6df297f06b93c0ebd9fc4869c82474271328609997209794b9d7169f541ff7f397764f1848dbe8b1eb27d68a3a590b10cff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0fa8490615d700a0be2176fdc5ec6dbd
+            Version: 3
+            TBS:
+                MD5: a9a31555bbc92b6033975c5428fb3679
+                SHA1: 47f4b9898631773231b32844ec0d49990ac4eb1e
+                SHA256: c826846e4b1d73edb7561ab1b41c949354e237a91e82fe1be5b7e2e1701f52d1
+                SHA384: 86f49574f368a561914a52d7ae043ec6784ef8c718960700f834e123594605d25d39f1ad45f1eb5052c9567f3edd0e16
+        Signer:
+        -   SerialNumber: 05a7559541e0fdc678d79e3272468907
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID Code Signing CA,1
+            Version: 1
+    RichPEHeaderHash:
+        MD5: ffdf660eb1ebf020a1d0a55a90712dfb
+        SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
+        SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
+    Sections:
+        .text:
+            Entropy: 6.159305681452516
+            Virtual Size: '0x6a80'
+        .rdata:
+            Entropy: 4.746385872522309
+            Virtual Size: '0x151c'
+        .data:
+            Entropy: 0.807954115503613
+            Virtual Size: '0x15f8'
+        .pdata:
+            Entropy: 7.784757457181626
+            Virtual Size: '0x660'
+        PAGE:
+            Entropy: 5.53961384590436
+            Virtual Size: '0xb0a'
+        INIT:
+            Entropy: 5.3746803358978985
+            Virtual Size: '0xe8e'
+        .upx0:
+            Entropy: 7.120374756857897
+            Virtual Size: '0x13b804'
+        .reloc:
+            Entropy: 3.969283875435989
+            Virtual Size: '0xd8'
+        .rsrc:
+            Entropy: 2.9106266625370485
+            Virtual Size: '0x22c'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2020-12-29 19:40:40'
+    Imphash: 4b0b017b23567cf8b9e1268957acd032
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: Mhyprot2.sys
+    Authentihash:
+        MD5: ff295de93e6b6dcc3938d50901a7240d
+        SHA1: 484c72dd4fd91083b249f3ccc733a3c8335e583f
+        SHA256: 0c7809ac1fa074408518ddc0ac118912c9cd43ed9c89213bc4d59043016b040c
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2020-08-16 21:38:03'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    ImportedFunctions:
+    - NtQuerySystemInformation
+    - RtlInitUnicodeString
+    - ExAllocatePool
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - _wcsicmp
+    - RtlInitString
+    - RtlAnsiStringToUnicodeString
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - ZwClose
+    - MmIsAddressValid
+    - ZwOpenDirectoryObject
+    - ZwQueryDirectoryObject
+    - ObReferenceObjectByName
+    - ZwQuerySystemInformation
+    - __C_specific_handler
+    - MmHighestUserAddress
+    - IoDriverObjectType
+    - KeQueryTimeIncrement
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - PsGetProcessWow64Process
+    - PsGetProcessPeb
+    - MmUnlockPages
+    - MmGetSystemRoutineAddress
+    - MmUnmapLockedPages
+    - IoFreeMdl
+    - ZwTerminateProcess
+    - PsGetProcessImageFileName
+    - ObOpenObjectByPointer
+    - PsReferenceProcessFilePointer
+    - IoQueryFileDosDeviceName
+    - ZwQueryVirtualMemory
+    - MmProbeAndLockPages
+    - PsLookupProcessByProcessId
+    - MmMapLockedPagesSpecifyCache
+    - IoAllocateMdl
+    - IoGetCurrentProcess
+    - MmCopyVirtualMemory
+    - KeClearEvent
+    - KeSetEvent
+    - KeWaitForSingleObject
+    - MmMapLockedPages
+    - ObReferenceObjectByHandle
+    - PsSetCreateProcessNotifyRoutineEx
+    - PsSetCreateThreadNotifyRoutine
+    - PsRemoveCreateThreadNotifyRoutine
+    - PsSetLoadImageNotifyRoutine
+    - PsRemoveLoadImageNotifyRoutine
+    - ExEventObjectType
+    - ObRegisterCallbacks
+    - ObUnRegisterCallbacks
+    - ObGetFilterVersion
+    - IoThreadToProcess
+    - strcmp
+    - PsProcessType
+    - PsThreadType
+    - RtlGetVersion
+    - ObfReferenceObject
+    - ObGetObjectType
+    - ExEnumHandleTable
+    - ExfUnblockPushLock
+    - _snprintf
+    - vsprintf_s
+    - ZwCreateFile
+    - ZwWriteFile
+    - PsLookupThreadByThreadId
+    - NtQueryInformationThread
+    - PsGetThreadProcess
+    - DbgPrint
+    - KeDelayExecutionThread
+    - KdDisableDebugger
+    - KdChangeOption
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - KdDebuggerEnabled
+    - PsGetVersion
+    - KeInitializeEvent
+    - RtlCopyUnicodeString
+    - ObfDereferenceObject
+    - ExReleaseFastMutex
+    - ExAcquireFastMutex
+    - MmBuildMdlForNonPagedPool
+    - WdfVersionBindClass
+    - WdfVersionBind
+    - WdfVersionUnbind
+    - WdfVersionUnbindClass
+    Imports:
+    - ntoskrnl.exe
+    - WDFLDR.SYS
+    InternalName: ''
+    MD5: 4b817d0e7714b9d43db43ae4a22a161e
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: ffdf660eb1ebf020a1d0a55a90712dfb
+        SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
+        SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
+    SHA1: 0466e90bf0e83b776ca8716e01d35a8a2e5f96d3
+    SHA256: 509628b6d16d2428031311d7bd2add8d5f5160e9ecc0cd909f1e82bbbb3234d6
+    Sections:
+        .text:
+            Entropy: 6.183070832014416
+            Virtual Size: '0x6ed0'
+        .rdata:
+            Entropy: 4.768973580594352
+            Virtual Size: '0x159c'
+        .data:
+            Entropy: 0.807954115503613
+            Virtual Size: '0x15f8'
+        .pdata:
+            Entropy: 7.83996638727823
+            Virtual Size: '0x684'
+        PAGE:
+            Entropy: 5.929327209049661
+            Virtual Size: '0xb7a'
+        INIT:
+            Entropy: 5.3523212488458185
+            Virtual Size: '0xe54'
+        .upx0:
+            Entropy: 7.037246397744446
+            Virtual Size: '0x124190'
+        .reloc:
+            Entropy: 3.9077681077271933
+            Virtual Size: '0xcc'
+        .rsrc:
+            Entropy: 2.9056718289000636
+            Virtual Size: '0x22c'
+    Signature:
+    - miHoYo Co.,Ltd.
+    - DigiCert Assured ID Code Signing CA-1
+    - DigiCert
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=CN, L=Shanghai, O=miHoYo Co.,Ltd., OU=OPS, CN=miHoYo Co.,Ltd.
+            ValidFrom: '2019-04-08 00:00:00'
+            ValidTo: '2022-04-08 12:00:00'
+            Signature: 46a5e6f6c38a63b314f7e2677bb86d4bcd7839eef8e006048ddd58c6783ff0657456e61c800efb31966c611f7ca7d1de1785e006e3f4c0b24cb652842e42cbae016320a774724537fc30e8f09895fdb626daa26b5740c7538aa1df1f97dcab12c3a743c2048f6c9a754f66189ac0f21544399798fb780cd347c9cac0443c8d778736938e17cdd5eca8a2338d8171efd61e13c868dff862da9df4ca8c653a227e0971030aa7e6b44dc2199d1ebd9cae00c6f0a3e91bb883cc509fb297902ba5c13e5826071d92178ace51f1a0653b0445cf7ba17226401c92d7db4f67a37d1243f9094ad5f32873891ea5004a8cbfec77129d4955e344492aaee456f852001ded
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 05a7559541e0fdc678d79e3272468907
+            Version: 3
+            TBS:
+                MD5: 3e83a7572d1c522dd9072ba6399029d7
+                SHA1: e2c2d59b70f028a66a8711bfa97f842475f84639
+                SHA256: 5a504a929cb21f72008d5d57bcd992a7cac13f6aa90cbb886b5ecd809e3b59dd
+                SHA384: 72916ab6c7eb3f5cb7444b3d7d2ac8cb52944605477c5a0f181d060e4edb4c37ebe5eb3c0566dda9de2d2707636ec355
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID Root CA
+            ValidFrom: '2011-04-15 19:41:37'
+            ValidTo: '2021-04-15 19:51:37'
+            Signature: 5cf5b22d02ceed01b53512d813f7aa4014c7a15ca08a55ed7e55ea6ac457176fd04722423658efc5ac61c5f62c52ce6ae6c80d85dab334420ea40225182672b92a4ea57e4b16f2a0e40c449ce24d9af474f0f927a6699031c244654348c74869d0fc8409f286140ac22996857f11eb8713176ed3ec6bff1d578ab17b1ea5a07ce9a27a68e5fac6b161d67263fa379163835599f81d614f0c6fa3f7bcb1152acc8d85e31417ef7e49443fb022c0f0acbe2fdbe10c86b0f4585c5a10a94bcdf3448a4652083e0a6210e9459504b78b8d4b074f500db7bbe7fb8ca27878c6c53b7663b2cfe521845a66fce04c79834ecfa8ee700586587cc29cd73ca3ad3c7e76625c87d0ed7cd5c55b1421f4be75a275d2e9e15ad020307841624d6b5e6e1b1710244ad8588775d015d762bbfd185665842561977faad49df4f35d6da031c2e19e02ac3e90c3327ee832903416d08b14cf95accee58c54a265b8bfed186a57073ed3e79a4a2f081a041c49871a8ae61b08a365d81c31c50d9cbab368ddf45076160675fec403e7d13edfdc862e10027e661296534e7af3365879b12042d8963f35be3f8ef2999743f5e40ce13c68728c8d49d75a52b573fb7a35943a61b08482c04885c19732d39b725fa0d2348f7ef0467cf28c7294c707b0d7b5b230b81965f09c8327b0a0abd0a2727e050fb3aeddb95b9b42bcc32663456b86f11d4643edc8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611cb28a000000000026
+            Version: 3
+            TBS:
+                MD5: 983a0c315a50542362f2bd6a5d71c8d0
+                SHA1: 8047f476001f5cb16a661d2a3fd0c3576168f5e2
+                SHA256: 5f6a519ed2e35cd0fa1cdfc90f4387162c36287bbf9e4d6648251d99542a9e83
+                SHA384: 5f014b60511ddab3247ef0b3c03fe82c622237ba76015e2911d1adc50dc632d56ebd1ee532f3c2b6cbfe68d80a2c91dc
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 7b721d64ff88c83ac1b7e9e7a9c487bbdb9492d7905933fa2b87dea85b80253f138f9b831b7c43c4e68cdf393ec315ecb0da3b21257b24c1725db84791811346fa9c3f6a5138deb425cbf0abdfc528015479104624d1380f26a161904dbabd28e63ff1c4aa9bf6da35534fc9f23dd36cdc23edaaa04d6709f33a803d3cfb364c90e776a4ddf23abf56352fa24c65e8e0d4dad1c7c8916a2d234f373b199418d4d59c103cd5b11c19ff8fc86b9b9ef8ae9c999678d1cd9c51155b4226725a8d0a4a239240e886de22c2933ad49b68a6df297f06b93c0ebd9fc4869c82474271328609997209794b9d7169f541ff7f397764f1848dbe8b1eb27d68a3a590b10cff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0fa8490615d700a0be2176fdc5ec6dbd
+            Version: 3
+            TBS:
+                MD5: a9a31555bbc92b6033975c5428fb3679
+                SHA1: 47f4b9898631773231b32844ec0d49990ac4eb1e
+                SHA256: c826846e4b1d73edb7561ab1b41c949354e237a91e82fe1be5b7e2e1701f52d1
+                SHA384: 86f49574f368a561914a52d7ae043ec6784ef8c718960700f834e123594605d25d39f1ad45f1eb5052c9567f3edd0e16
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 05a7559541e0fdc678d79e3272468907
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID Code Signing CA,1
+            Version: 1
+    Imphash: a74f61fdcea718cb9579907b2caf54ab
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: mhyprot2.sys
+    Authentihash:
+        MD5: 0abb783d69d8120a232f3be1411b9f79
+        SHA1: dcf13f12b2429a0a50e0094776b59bea641b142c
+        SHA256: 000e984d3eebc54259a24a17745eed07d9c3658b86462cb5ebc26381302f7a38
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2020-10-12 01:04:57'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    ImportedFunctions:
+    - NtQuerySystemInformation
+    - RtlInitUnicodeString
+    - ExAllocatePool
+    - ExFreePoolWithTag
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - IoGetCurrentProcess
+    - _wcsicmp
+    - RtlInitString
+    - RtlAnsiStringToUnicodeString
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - ZwClose
+    - MmIsAddressValid
+    - ZwOpenDirectoryObject
+    - ZwQueryDirectoryObject
+    - ObReferenceObjectByName
+    - ZwQuerySystemInformation
+    - __C_specific_handler
+    - MmHighestUserAddress
+    - IoDriverObjectType
+    - KeQueryTimeIncrement
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - PsGetProcessWow64Process
+    - PsGetProcessPeb
+    - MmUnlockPages
+    - MmGetSystemRoutineAddress
+    - MmUnmapLockedPages
+    - IoFreeMdl
+    - ZwTerminateProcess
+    - PsGetProcessImageFileName
+    - ZwQueryObject
+    - ObOpenObjectByPointer
+    - PsReferenceProcessFilePointer
+    - IoQueryFileDosDeviceName
+    - MmProbeAndLockPages
+    - PsLookupProcessByProcessId
+    - MmMapLockedPagesSpecifyCache
+    - IoAllocateMdl
+    - MmCopyVirtualMemory
+    - KeClearEvent
+    - KeSetEvent
+    - KeWaitForSingleObject
+    - MmMapLockedPages
+    - ObReferenceObjectByHandle
+    - PsSetCreateProcessNotifyRoutineEx
+    - PsSetCreateThreadNotifyRoutine
+    - PsRemoveCreateThreadNotifyRoutine
+    - PsSetLoadImageNotifyRoutine
+    - PsRemoveLoadImageNotifyRoutine
+    - ExEventObjectType
+    - ObRegisterCallbacks
+    - ObUnRegisterCallbacks
+    - ObGetFilterVersion
+    - PsGetProcessId
+    - IoThreadToProcess
+    - strcmp
+    - PsProcessType
+    - PsThreadType
+    - RtlGetVersion
+    - ObfReferenceObject
+    - ObGetObjectType
+    - ExEnumHandleTable
+    - ExfUnblockPushLock
+    - PsAcquireProcessExitSynchronization
+    - PsReleaseProcessExitSynchronization
+    - _snprintf
+    - vsprintf_s
+    - ZwCreateFile
+    - ZwWriteFile
+    - PsLookupThreadByThreadId
+    - NtQueryInformationThread
+    - PsGetThreadProcess
+    - DbgPrint
+    - KeDelayExecutionThread
+    - KdDisableDebugger
+    - KdChangeOption
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - KdDebuggerEnabled
+    - PsGetVersion
+    - KeInitializeEvent
+    - RtlCopyUnicodeString
+    - ObfDereferenceObject
+    - ExReleaseFastMutex
+    - ExAcquireFastMutex
+    - MmBuildMdlForNonPagedPool
+    - WdfVersionBindClass
+    - WdfVersionBind
+    - WdfVersionUnbind
+    - WdfVersionUnbindClass
+    Imports:
+    - ntoskrnl.exe
+    - WDFLDR.SYS
+    InternalName: ''
+    MD5: 6b2df08bacf640cc2ac6f20c76af07ee
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: ffdf660eb1ebf020a1d0a55a90712dfb
+        SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
+        SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
+    SHA1: 2c2fc258871499b206963c0f933583cedcdf9ea2
+    SHA256: 26d69e677d30bb53c7ac7f3fce76291fe2c44720ef17ee386f95f08ec5175288
+    Sections:
+        .text:
+            Entropy: 6.148785192872878
+            Virtual Size: '0x6a70'
+        .rdata:
+            Entropy: 4.766768397560792
+            Virtual Size: '0x1534'
+        .data:
+            Entropy: 0.807954115503613
+            Virtual Size: '0x15f8'
+        .pdata:
+            Entropy: 7.721635104163216
+            Virtual Size: '0x660'
+        PAGE:
+            Entropy: 5.542128521643139
+            Virtual Size: '0xb0a'
+        INIT:
+            Entropy: 5.369813968377038
+            Virtual Size: '0xea2'
+        .upx0:
+            Entropy: 7.122930941509944
+            Virtual Size: '0x13ade4'
+        .reloc:
+            Entropy: 3.7939314591228883
+            Virtual Size: '0xd8'
+        .rsrc:
+            Entropy: 2.9070295402348902
+            Virtual Size: '0x22c'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=CN, L=Shanghai, O=miHoYo Co.,Ltd., OU=OPS, CN=miHoYo Co.,Ltd.
+            ValidFrom: '2019-04-08 00:00:00'
+            ValidTo: '2022-04-08 12:00:00'
+            Signature: 46a5e6f6c38a63b314f7e2677bb86d4bcd7839eef8e006048ddd58c6783ff0657456e61c800efb31966c611f7ca7d1de1785e006e3f4c0b24cb652842e42cbae016320a774724537fc30e8f09895fdb626daa26b5740c7538aa1df1f97dcab12c3a743c2048f6c9a754f66189ac0f21544399798fb780cd347c9cac0443c8d778736938e17cdd5eca8a2338d8171efd61e13c868dff862da9df4ca8c653a227e0971030aa7e6b44dc2199d1ebd9cae00c6f0a3e91bb883cc509fb297902ba5c13e5826071d92178ace51f1a0653b0445cf7ba17226401c92d7db4f67a37d1243f9094ad5f32873891ea5004a8cbfec77129d4955e344492aaee456f852001ded
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 05a7559541e0fdc678d79e3272468907
+            Version: 3
+            TBS:
+                MD5: 3e83a7572d1c522dd9072ba6399029d7
+                SHA1: e2c2d59b70f028a66a8711bfa97f842475f84639
+                SHA256: 5a504a929cb21f72008d5d57bcd992a7cac13f6aa90cbb886b5ecd809e3b59dd
+                SHA384: 72916ab6c7eb3f5cb7444b3d7d2ac8cb52944605477c5a0f181d060e4edb4c37ebe5eb3c0566dda9de2d2707636ec355
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID Root CA
+            ValidFrom: '2011-04-15 19:41:37'
+            ValidTo: '2021-04-15 19:51:37'
+            Signature: 5cf5b22d02ceed01b53512d813f7aa4014c7a15ca08a55ed7e55ea6ac457176fd04722423658efc5ac61c5f62c52ce6ae6c80d85dab334420ea40225182672b92a4ea57e4b16f2a0e40c449ce24d9af474f0f927a6699031c244654348c74869d0fc8409f286140ac22996857f11eb8713176ed3ec6bff1d578ab17b1ea5a07ce9a27a68e5fac6b161d67263fa379163835599f81d614f0c6fa3f7bcb1152acc8d85e31417ef7e49443fb022c0f0acbe2fdbe10c86b0f4585c5a10a94bcdf3448a4652083e0a6210e9459504b78b8d4b074f500db7bbe7fb8ca27878c6c53b7663b2cfe521845a66fce04c79834ecfa8ee700586587cc29cd73ca3ad3c7e76625c87d0ed7cd5c55b1421f4be75a275d2e9e15ad020307841624d6b5e6e1b1710244ad8588775d015d762bbfd185665842561977faad49df4f35d6da031c2e19e02ac3e90c3327ee832903416d08b14cf95accee58c54a265b8bfed186a57073ed3e79a4a2f081a041c49871a8ae61b08a365d81c31c50d9cbab368ddf45076160675fec403e7d13edfdc862e10027e661296534e7af3365879b12042d8963f35be3f8ef2999743f5e40ce13c68728c8d49d75a52b573fb7a35943a61b08482c04885c19732d39b725fa0d2348f7ef0467cf28c7294c707b0d7b5b230b81965f09c8327b0a0abd0a2727e050fb3aeddb95b9b42bcc32663456b86f11d4643edc8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611cb28a000000000026
+            Version: 3
+            TBS:
+                MD5: 983a0c315a50542362f2bd6a5d71c8d0
+                SHA1: 8047f476001f5cb16a661d2a3fd0c3576168f5e2
+                SHA256: 5f6a519ed2e35cd0fa1cdfc90f4387162c36287bbf9e4d6648251d99542a9e83
+                SHA384: 5f014b60511ddab3247ef0b3c03fe82c622237ba76015e2911d1adc50dc632d56ebd1ee532f3c2b6cbfe68d80a2c91dc
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 7b721d64ff88c83ac1b7e9e7a9c487bbdb9492d7905933fa2b87dea85b80253f138f9b831b7c43c4e68cdf393ec315ecb0da3b21257b24c1725db84791811346fa9c3f6a5138deb425cbf0abdfc528015479104624d1380f26a161904dbabd28e63ff1c4aa9bf6da35534fc9f23dd36cdc23edaaa04d6709f33a803d3cfb364c90e776a4ddf23abf56352fa24c65e8e0d4dad1c7c8916a2d234f373b199418d4d59c103cd5b11c19ff8fc86b9b9ef8ae9c999678d1cd9c51155b4226725a8d0a4a239240e886de22c2933ad49b68a6df297f06b93c0ebd9fc4869c82474271328609997209794b9d7169f541ff7f397764f1848dbe8b1eb27d68a3a590b10cff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0fa8490615d700a0be2176fdc5ec6dbd
+            Version: 3
+            TBS:
+                MD5: a9a31555bbc92b6033975c5428fb3679
+                SHA1: 47f4b9898631773231b32844ec0d49990ac4eb1e
+                SHA256: c826846e4b1d73edb7561ab1b41c949354e237a91e82fe1be5b7e2e1701f52d1
+                SHA384: 86f49574f368a561914a52d7ae043ec6784ef8c718960700f834e123594605d25d39f1ad45f1eb5052c9567f3edd0e16
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 05a7559541e0fdc678d79e3272468907
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID Code Signing CA,1
+            Version: 1
+    Imphash: 5095ddaed3abc22c1510a141d72735cc
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: mhyprot2.sys
+    Authentihash:
+        MD5: 6f769353f497a9f17430d02ff1291281
+        SHA1: f408ad59f7590d26afc84a7109dd56cfe98ebea9
+        SHA256: dbcad271feda00f614ef9866886cde83e9fffac6e76694fd052790541bb7e993
+    Company: ''
+    Copyright: "\xA9COGNOSPHERE"
+    CreationTimestamp: '2021-12-13 23:23:54'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    ImportedFunctions:
+    - NtQuerySystemInformation
+    - RtlInitUnicodeString
+    - ExAllocatePool
+    - ExFreePoolWithTag
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - IoGetCurrentProcess
+    - _wcsicmp
+    - RtlInitString
+    - RtlAnsiStringToUnicodeString
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - ZwClose
+    - MmIsAddressValid
+    - ZwOpenDirectoryObject
+    - ZwQueryDirectoryObject
+    - ObReferenceObjectByName
+    - ZwQuerySystemInformation
+    - __C_specific_handler
+    - MmHighestUserAddress
+    - IoDriverObjectType
+    - KeQueryTimeIncrement
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - PsGetProcessWow64Process
+    - PsGetProcessPeb
+    - MmUnlockPages
+    - MmGetSystemRoutineAddress
+    - MmUnmapLockedPages
+    - IoFreeMdl
+    - ZwTerminateProcess
+    - PsGetProcessImageFileName
+    - ZwQueryObject
+    - ObOpenObjectByPointer
+    - PsReferenceProcessFilePointer
+    - IoQueryFileDosDeviceName
+    - MmProbeAndLockPages
+    - PsLookupProcessByProcessId
+    - MmMapLockedPagesSpecifyCache
+    - IoAllocateMdl
+    - MmCopyVirtualMemory
+    - KeClearEvent
+    - KeSetEvent
+    - KeWaitForSingleObject
+    - MmMapLockedPages
+    - ObReferenceObjectByHandle
+    - PsSetCreateProcessNotifyRoutineEx
+    - PsSetCreateThreadNotifyRoutine
+    - PsRemoveCreateThreadNotifyRoutine
+    - PsSetLoadImageNotifyRoutine
+    - PsRemoveLoadImageNotifyRoutine
+    - ExEventObjectType
+    - ObRegisterCallbacks
+    - ObUnRegisterCallbacks
+    - ObGetFilterVersion
+    - PsGetProcessId
+    - IoThreadToProcess
+    - strcmp
+    - PsProcessType
+    - PsThreadType
+    - RtlEqualUnicodeString
+    - RtlGetVersion
+    - ObfReferenceObject
+    - ObGetObjectType
+    - ExEnumHandleTable
+    - ExfUnblockPushLock
+    - PsAcquireProcessExitSynchronization
+    - PsReleaseProcessExitSynchronization
+    - _snprintf
+    - vsprintf_s
+    - ZwCreateFile
+    - ZwWriteFile
+    - PsLookupThreadByThreadId
+    - NtQueryInformationThread
+    - PsGetThreadProcess
+    - KeDelayExecutionThread
+    - KdDisableDebugger
+    - KdChangeOption
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - KdDebuggerEnabled
+    - PsGetVersion
+    - KeInitializeEvent
+    - RtlCopyUnicodeString
+    - ObfDereferenceObject
+    - ExReleaseFastMutex
+    - ExAcquireFastMutex
+    - MmBuildMdlForNonPagedPool
+    - WdfVersionBindClass
+    - WdfVersionBind
+    - WdfVersionUnbind
+    - WdfVersionUnbindClass
+    Imports:
+    - ntoskrnl.exe
+    - WDFLDR.SYS
+    InternalName: ''
+    MD5: d717f8de642b65f029829c34fbd13a45
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: ffdf660eb1ebf020a1d0a55a90712dfb
+        SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
+        SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
+    SHA1: 296757d5663290f172e99e60b9059f989cba4c4e
+    SHA256: 46cf46e1073b7c99142964b7c4bef1e5285fabcf2c6dbe5be99000a393d9f474
+    Sections:
+        .text:
+            Entropy: 6.156314681522144
+            Virtual Size: '0x6b30'
+        .rdata:
+            Entropy: 4.76662525868425
+            Virtual Size: '0x1524'
+        .data:
+            Entropy: 0.807954115503613
+            Virtual Size: '0x15f8'
+        .pdata:
+            Entropy: 7.7854000483241395
+            Virtual Size: '0x660'
+        PAGE:
+            Entropy: 5.560839458603365
+            Virtual Size: '0xb0a'
+        INIT:
+            Entropy: 5.374161848726158
+            Virtual Size: '0xeae'
+        .upx0:
+            Entropy: 7.109613321517985
+            Virtual Size: '0x138234'
+        .reloc:
+            Entropy: 3.8297726437790334
+            Virtual Size: '0xd8'
+        .rsrc:
+            Entropy: 3.0009945276761902
+            Virtual Size: '0x260'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Hardware Compatibility Publisher
+            ValidFrom: '2021-09-09 19:15:59'
+            ValidTo: '2022-09-01 19:15:59'
+            Signature: 1757782e797188079911866d54bd474a2432707984658c549a407e7fb4e5efa2ba72367a02b382d2116d4c4538836ddcd4616fcd231229df1ae5d0da6b3abe499ee5d8b47a7919940f6bbcbe2575018dca65eef4913e3d38410f2cd6cca3082d9ba2c061173cd828635665f76e8f0f685e03da24290b9d2cae7039da974de7b7e85798ba64cbe9ba34e0308c3bd6b4d68e9723fde74274fd3806fe799d04d6a3835f82d4fefc52088ccda4b4c817116f2f5a99445a3e952d78bc27753e65e97c6271c71ac7c9e3439b847e8984ab06a5904d150223f9ca92bbda86c02663c3f4964da5e106619b6eaff2768143cce9e5a8b0b2cba90e82cd87866d9fd6499c6cfbc96529a18b5653d12b54a6c928693a4e3d197ffbfcce7ed71a909b18d09b4345b24bc25eb8dfa1821a9cd0971ffc7d38a26580e2f118c4ac55bf926d0666b72ad7ba6ec20f0b54d694bc3b8a0dbddda27bd64194da085319841d1ebc9dc067ef72ea064a475bea865828b13077bc8e14e2f7544b90f0045f3cd84bcc0d5a80645a6fb65528e4f768ec775bdb0225399f3c81c0b667714676d0949f9ffaddc8549dc45e5ce4345c4ea7dc0aff4ac510f5527ad94a2181edc4b73bcfde813a83d81ca897854c98712346001a12e5d3bf9a45c807f9b3c7d3e0bb99c035ea54ee39e2c9af4147dbea7aabec85b47192b945e083ddf6061afb901e83b11135d24e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 330000004de597a775e3157f7b00000000004d
+            Version: 3
+            TBS:
+                MD5: 9f0782e89bd41cdd96ec55357457478a
+                SHA1: 35c2180572baad19019acca1334e6c653699c389
+                SHA256: 50814710213afec410f26e573d25267a2e21d3d15f158be8a43a666c9cc6fa08
+                SHA384: 8d48f066b0284071d64bbc556e018824a8388ccd142a56c7b7b04ef6d27cade07da57ac82d8067e18ad64d35af11e2a7
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2014
+            ValidFrom: '2014-10-15 20:31:27'
+            ValidTo: '2029-10-15 20:41:27'
+            Signature: 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 330000000d690d5d7893d076df00000000000d
+            Version: 3
+            TBS:
+                MD5: 83f69422963f11c3c340b81712eef319
+                SHA1: 0c5e5f24590b53bc291e28583acb78e5adc95601
+                SHA256: d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
+                SHA384: 260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63
+        Signer:
+        -   SerialNumber: 330000004de597a775e3157f7b00000000004d
+            Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2014
+            Version: 1
+    Imphash: ebb99842fa08915eb8b7f67d8dc7a13a
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: mhyprot2.Sys
+    Authentihash:
+        MD5: 372e018ebaa20ffbd474b39c3d97fba9
+        SHA1: 05234d1a267c9b6c1754272658fbebb22633cac0
+        SHA256: faa37602095f25135312f87ed7adb607ffa5e9b2931b58d00f7376ed0c6ec69a
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2020-02-26 20:28:58'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    ImportedFunctions:
+    - NtQuerySystemInformation
+    - RtlInitUnicodeString
+    - ExAllocatePool
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - _wcsicmp
+    - RtlInitString
+    - RtlAnsiStringToUnicodeString
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - ZwClose
+    - MmIsAddressValid
+    - ZwOpenDirectoryObject
+    - ZwQueryDirectoryObject
+    - ObReferenceObjectByName
+    - ZwQuerySystemInformation
+    - __C_specific_handler
+    - MmHighestUserAddress
+    - IoDriverObjectType
+    - KeQueryTimeIncrement
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - PsGetProcessWow64Process
+    - PsGetProcessPeb
+    - MmUnlockPages
+    - MmGetSystemRoutineAddress
+    - MmUnmapLockedPages
+    - IoFreeMdl
+    - ZwTerminateProcess
+    - PsGetProcessImageFileName
+    - ObOpenObjectByPointer
+    - PsReferenceProcessFilePointer
+    - IoQueryFileDosDeviceName
+    - ZwQueryVirtualMemory
+    - MmProbeAndLockPages
+    - PsLookupProcessByProcessId
+    - MmMapLockedPagesSpecifyCache
+    - IoAllocateMdl
+    - IoGetCurrentProcess
+    - MmCopyVirtualMemory
+    - KeClearEvent
+    - KeSetEvent
+    - KeWaitForSingleObject
+    - MmMapLockedPages
+    - ObReferenceObjectByHandle
+    - PsSetCreateProcessNotifyRoutineEx
+    - PsSetCreateThreadNotifyRoutine
+    - PsRemoveCreateThreadNotifyRoutine
+    - PsSetLoadImageNotifyRoutine
+    - PsRemoveLoadImageNotifyRoutine
+    - ExEventObjectType
+    - ObRegisterCallbacks
+    - ObUnRegisterCallbacks
+    - ObGetFilterVersion
+    - IoThreadToProcess
+    - strcmp
+    - PsProcessType
+    - PsThreadType
+    - RtlGetVersion
+    - ObfReferenceObject
+    - ObGetObjectType
+    - ExEnumHandleTable
+    - ExfUnblockPushLock
+    - _snprintf
+    - vsprintf_s
+    - ZwCreateFile
+    - ZwWriteFile
+    - PsLookupThreadByThreadId
+    - NtQueryInformationThread
+    - DbgPrint
+    - KeDelayExecutionThread
+    - KdDisableDebugger
+    - KdChangeOption
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - KdDebuggerEnabled
+    - PsGetVersion
+    - KeInitializeEvent
+    - RtlCopyUnicodeString
+    - ObfDereferenceObject
+    - ExReleaseFastMutex
+    - ExAcquireFastMutex
+    - MmBuildMdlForNonPagedPool
+    - WdfVersionBindClass
+    - WdfVersionBind
+    - WdfVersionUnbind
+    - WdfVersionUnbindClass
+    Imports:
+    - ntoskrnl.exe
+    - WDFLDR.SYS
+    InternalName: ''
+    MD5: a2c5f994e9b4a74b2f5b51c7a44c4401
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: ffdf660eb1ebf020a1d0a55a90712dfb
+        SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
+        SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
+    SHA1: 6210dabb908cc750379cc7563beb884b3895e046
+    SHA256: 247aadaf17ed894fcacf3fc4e109b005540e3659fd0249190eb33725d3d3082f
+    Sections:
+        .text:
+            Entropy: 6.187759303691483
+            Virtual Size: '0x6c00'
+        .rdata:
+            Entropy: 4.74407522754408
+            Virtual Size: '0x1544'
+        .data:
+            Entropy: 0.805522255156276
+            Virtual Size: '0x15f8'
+        .pdata:
+            Entropy: 7.799213983242543
+            Virtual Size: '0x678'
+        PAGE:
+            Entropy: 5.936647867609732
+            Virtual Size: '0xb0a'
+        INIT:
+            Entropy: 5.361428563383565
+            Virtual Size: '0xe36'
+        .upx0:
+            Entropy: 7.022268752031303
+            Virtual Size: '0x11f1a4'
+        .reloc:
+            Entropy: 3.802902714539644
+            Virtual Size: '0xe4'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Timestamping CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2028-01-28 12:00:00'
+            Signature: 4e5e56901e46b4d94931f3bb1739281bc216ddfd41dc0905049b6fb2a29ad6992e40990055b5ea3fa52076d38634d417cc553ac782eeefa8babcd8069f1550dfcd167b523a02d7191afdaff0785ce04bc518df3a241edaacb8a95804020730dbb0125efe31bef00448f4f070f83a5e5683cf3dfb0dbcf4c5ed979db9d4dba52784e3389b8ba735864420a43b6da46a0ba183fd28ebdaef28f6cc885dfb0a3b00abe021ebe22f356c0f8e344597eba2f79933357ecb9a8abb454de73f9fc2d98afa65b26ec77e65ffe892e12c31a2f7b02736488f266f3bee4d761f79c3e57f9635bc2d0ecc01b08e7fff518080a792d4b34446648c874f166307314b63b0dff3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee152d7
+            Version: 3
+            TBS:
+                MD5: e140543fe3256027cfa79fc3c19c1776
+                SHA1: c655f94eb1ecc93de319fc0c9a2dc6c5ec063728
+                SHA256: 3ca71e85908ff67368e4dc00253f5691b9e6d50c966e7784143d75fb92aa3448
+                SHA384: d9d366f9328f2b55ee19a32cc5fd5148b81d764282fe5dc196c872ae249caa51d2c212ef39f33945dfe0cda81925e326
+        -   Subject: C=SG, O=GMO GlobalSign Pte Ltd, CN=GlobalSign TSA for MS Authenticode
+                , G2
+            ValidFrom: '2016-05-24 00:00:00'
+            ValidTo: '2027-06-24 00:00:00'
+            Signature: 8fa91a916d04a637200e8396de23d36b6e1f6edd643d682122b5f84736698ee1a545c724a222b72909cc545aaec6bccd638eb33d5048e5b4ccaecd928d9e288b134a11aabda3efd3b236fcb4a172bf6d9763798c44bc702f7ef3bcdd8253ab1af6ebfa1c97bcb6379ca41c30bcabbc2d4736df922003e871c658f675059a34f00b595a824434aa80e42f84f6475d96c9b6caca9db7a6bae450d3d437b8ba200ed0d3922a5bc459bba16ddb3cce449dc1382aade38dbdcd09771a10be670a02366488b9b31b26eee79e60c446a8bc61336ccf4eb99cb96af09f37feb53d4f9ad34dffde208e4e97a6fd9f09bc4dca1876c9b04d8550f280d21d06f5580407b118
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1121d699a764973ef1f8427ee919cc534114
+            Version: 3
+            TBS:
+                MD5: acb5170547d76873f1e4ff18ed5de2eb
+                SHA1: bd6e261e75b807381bada7287de04d259258a5fa
+                SHA256: 4783380498acf592286ef2dea0fcc5bdea3f54d5e374d3e3497df9d5f662cfb6
+                SHA384: 4f428f115cf3d008248f15f32007fc7c54bd454e1b48b765776b4c87c23ab8818d8fbcbb3646d35eca012b025260a3b8
+        -   Subject: C=CN, L=Shanghai, O=miHoYo Co.,Ltd., OU=OPS, CN=miHoYo Co.,Ltd.
+            ValidFrom: '2019-04-08 00:00:00'
+            ValidTo: '2022-04-08 12:00:00'
+            Signature: 46a5e6f6c38a63b314f7e2677bb86d4bcd7839eef8e006048ddd58c6783ff0657456e61c800efb31966c611f7ca7d1de1785e006e3f4c0b24cb652842e42cbae016320a774724537fc30e8f09895fdb626daa26b5740c7538aa1df1f97dcab12c3a743c2048f6c9a754f66189ac0f21544399798fb780cd347c9cac0443c8d778736938e17cdd5eca8a2338d8171efd61e13c868dff862da9df4ca8c653a227e0971030aa7e6b44dc2199d1ebd9cae00c6f0a3e91bb883cc509fb297902ba5c13e5826071d92178ace51f1a0653b0445cf7ba17226401c92d7db4f67a37d1243f9094ad5f32873891ea5004a8cbfec77129d4955e344492aaee456f852001ded
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 05a7559541e0fdc678d79e3272468907
+            Version: 3
+            TBS:
+                MD5: 3e83a7572d1c522dd9072ba6399029d7
+                SHA1: e2c2d59b70f028a66a8711bfa97f842475f84639
+                SHA256: 5a504a929cb21f72008d5d57bcd992a7cac13f6aa90cbb886b5ecd809e3b59dd
+                SHA384: 72916ab6c7eb3f5cb7444b3d7d2ac8cb52944605477c5a0f181d060e4edb4c37ebe5eb3c0566dda9de2d2707636ec355
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID Root CA
+            ValidFrom: '2011-04-15 19:41:37'
+            ValidTo: '2021-04-15 19:51:37'
+            Signature: 5cf5b22d02ceed01b53512d813f7aa4014c7a15ca08a55ed7e55ea6ac457176fd04722423658efc5ac61c5f62c52ce6ae6c80d85dab334420ea40225182672b92a4ea57e4b16f2a0e40c449ce24d9af474f0f927a6699031c244654348c74869d0fc8409f286140ac22996857f11eb8713176ed3ec6bff1d578ab17b1ea5a07ce9a27a68e5fac6b161d67263fa379163835599f81d614f0c6fa3f7bcb1152acc8d85e31417ef7e49443fb022c0f0acbe2fdbe10c86b0f4585c5a10a94bcdf3448a4652083e0a6210e9459504b78b8d4b074f500db7bbe7fb8ca27878c6c53b7663b2cfe521845a66fce04c79834ecfa8ee700586587cc29cd73ca3ad3c7e76625c87d0ed7cd5c55b1421f4be75a275d2e9e15ad020307841624d6b5e6e1b1710244ad8588775d015d762bbfd185665842561977faad49df4f35d6da031c2e19e02ac3e90c3327ee832903416d08b14cf95accee58c54a265b8bfed186a57073ed3e79a4a2f081a041c49871a8ae61b08a365d81c31c50d9cbab368ddf45076160675fec403e7d13edfdc862e10027e661296534e7af3365879b12042d8963f35be3f8ef2999743f5e40ce13c68728c8d49d75a52b573fb7a35943a61b08482c04885c19732d39b725fa0d2348f7ef0467cf28c7294c707b0d7b5b230b81965f09c8327b0a0abd0a2727e050fb3aeddb95b9b42bcc32663456b86f11d4643edc8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611cb28a000000000026
+            Version: 3
+            TBS:
+                MD5: 983a0c315a50542362f2bd6a5d71c8d0
+                SHA1: 8047f476001f5cb16a661d2a3fd0c3576168f5e2
+                SHA256: 5f6a519ed2e35cd0fa1cdfc90f4387162c36287bbf9e4d6648251d99542a9e83
+                SHA384: 5f014b60511ddab3247ef0b3c03fe82c622237ba76015e2911d1adc50dc632d56ebd1ee532f3c2b6cbfe68d80a2c91dc
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 7b721d64ff88c83ac1b7e9e7a9c487bbdb9492d7905933fa2b87dea85b80253f138f9b831b7c43c4e68cdf393ec315ecb0da3b21257b24c1725db84791811346fa9c3f6a5138deb425cbf0abdfc528015479104624d1380f26a161904dbabd28e63ff1c4aa9bf6da35534fc9f23dd36cdc23edaaa04d6709f33a803d3cfb364c90e776a4ddf23abf56352fa24c65e8e0d4dad1c7c8916a2d234f373b199418d4d59c103cd5b11c19ff8fc86b9b9ef8ae9c999678d1cd9c51155b4226725a8d0a4a239240e886de22c2933ad49b68a6df297f06b93c0ebd9fc4869c82474271328609997209794b9d7169f541ff7f397764f1848dbe8b1eb27d68a3a590b10cff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0fa8490615d700a0be2176fdc5ec6dbd
+            Version: 3
+            TBS:
+                MD5: a9a31555bbc92b6033975c5428fb3679
+                SHA1: 47f4b9898631773231b32844ec0d49990ac4eb1e
+                SHA256: c826846e4b1d73edb7561ab1b41c949354e237a91e82fe1be5b7e2e1701f52d1
+                SHA384: 86f49574f368a561914a52d7ae043ec6784ef8c718960700f834e123594605d25d39f1ad45f1eb5052c9567f3edd0e16
+        Signer:
+        -   SerialNumber: 05a7559541e0fdc678d79e3272468907
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID Code Signing CA,1
+            Version: 1
+    Imphash: 409d2ab916237fb129c57aacbb7cb4fe
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: mhyprot2.Sys
+    Authentihash:
+        MD5: 0bf04830652ccd02dca462c6f965b678
+        SHA1: 8e6248135ad596861d8f6d42703deb79382f285a
+        SHA256: f18605a691056b446c6411b7fa841b8178059bde8094cfe9013e59f4663cdf7f
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2020-11-23 02:19:13'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    ImportedFunctions:
+    - NtQuerySystemInformation
+    - RtlInitUnicodeString
+    - ExAllocatePool
+    - ExFreePoolWithTag
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - IoGetCurrentProcess
+    - _wcsicmp
+    - RtlInitString
+    - RtlAnsiStringToUnicodeString
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - ZwClose
+    - MmIsAddressValid
+    - ZwOpenDirectoryObject
+    - ZwQueryDirectoryObject
+    - ObReferenceObjectByName
+    - ZwQuerySystemInformation
+    - __C_specific_handler
+    - MmHighestUserAddress
+    - IoDriverObjectType
+    - KeQueryTimeIncrement
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - PsGetProcessWow64Process
+    - PsGetProcessPeb
+    - MmUnlockPages
+    - MmGetSystemRoutineAddress
+    - MmUnmapLockedPages
+    - IoFreeMdl
+    - ZwTerminateProcess
+    - PsGetProcessImageFileName
+    - ZwQueryObject
+    - ObOpenObjectByPointer
+    - PsReferenceProcessFilePointer
+    - IoQueryFileDosDeviceName
+    - PsLookupProcessByProcessId
+    - MmBuildMdlForNonPagedPool
+    - MmMapLockedPagesSpecifyCache
+    - IoAllocateMdl
+    - MmCopyVirtualMemory
+    - KeClearEvent
+    - KeSetEvent
+    - KeWaitForSingleObject
+    - MmMapLockedPages
+    - ObReferenceObjectByHandle
+    - PsSetCreateProcessNotifyRoutineEx
+    - PsSetCreateThreadNotifyRoutine
+    - PsRemoveCreateThreadNotifyRoutine
+    - PsSetLoadImageNotifyRoutine
+    - PsRemoveLoadImageNotifyRoutine
+    - ExEventObjectType
+    - ObRegisterCallbacks
+    - ObUnRegisterCallbacks
+    - ObGetFilterVersion
+    - PsGetProcessId
+    - IoThreadToProcess
+    - strcmp
+    - PsProcessType
+    - PsThreadType
+    - RtlGetVersion
+    - ObfReferenceObject
+    - ObGetObjectType
+    - ExEnumHandleTable
+    - ExfUnblockPushLock
+    - PsAcquireProcessExitSynchronization
+    - PsReleaseProcessExitSynchronization
+    - _snprintf
+    - vsprintf_s
+    - ZwCreateFile
+    - ZwWriteFile
+    - PsLookupThreadByThreadId
+    - NtQueryInformationThread
+    - PsGetThreadProcess
+    - KeDelayExecutionThread
+    - KdDisableDebugger
+    - KdChangeOption
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - KdDebuggerEnabled
+    - PsGetVersion
+    - KeInitializeEvent
+    - RtlCopyUnicodeString
+    - ObfDereferenceObject
+    - ExReleaseFastMutex
+    - ExAcquireFastMutex
+    - MmProbeAndLockPages
+    - WdfVersionBindClass
+    - WdfVersionBind
+    - WdfVersionUnbind
+    - WdfVersionUnbindClass
+    Imports:
+    - ntoskrnl.exe
+    - WDFLDR.SYS
+    InternalName: ''
+    MD5: 9c8fffef24fc480917236f9a20b80a47
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: ffdf660eb1ebf020a1d0a55a90712dfb
+        SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
+        SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
+    SHA1: 35a817d949b2eab012506bed0a3b4628dd884471
+    SHA256: 6e76764d750ebd835aa4bb055830d278df530303585614c1dc743f8d5adf97d7
+    Sections:
+        .text:
+            Entropy: 6.154237650634141
+            Virtual Size: '0x6a80'
+        .rdata:
+            Entropy: 4.7591833145315885
+            Virtual Size: '0x151c'
+        .data:
+            Entropy: 0.807954115503613
+            Virtual Size: '0x15f8'
+        .pdata:
+            Entropy: 7.722468308866037
+            Virtual Size: '0x660'
+        PAGE:
+            Entropy: 5.55696695229711
+            Virtual Size: '0xb0a'
+        INIT:
+            Entropy: 5.378040266206357
+            Virtual Size: '0xe8e'
+        .upx0:
+            Entropy: 7.106265559042574
+            Virtual Size: '0x139d04'
+        .reloc:
+            Entropy: 3.9051524952095904
+            Virtual Size: '0xc0'
+        .rsrc:
+            Entropy: 2.9106266625370485
+            Virtual Size: '0x22c'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=CN, L=Shanghai, O=miHoYo Co.,Ltd., OU=OPS, CN=miHoYo Co.,Ltd.
+            ValidFrom: '2019-04-08 00:00:00'
+            ValidTo: '2022-04-08 12:00:00'
+            Signature: 46a5e6f6c38a63b314f7e2677bb86d4bcd7839eef8e006048ddd58c6783ff0657456e61c800efb31966c611f7ca7d1de1785e006e3f4c0b24cb652842e42cbae016320a774724537fc30e8f09895fdb626daa26b5740c7538aa1df1f97dcab12c3a743c2048f6c9a754f66189ac0f21544399798fb780cd347c9cac0443c8d778736938e17cdd5eca8a2338d8171efd61e13c868dff862da9df4ca8c653a227e0971030aa7e6b44dc2199d1ebd9cae00c6f0a3e91bb883cc509fb297902ba5c13e5826071d92178ace51f1a0653b0445cf7ba17226401c92d7db4f67a37d1243f9094ad5f32873891ea5004a8cbfec77129d4955e344492aaee456f852001ded
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 05a7559541e0fdc678d79e3272468907
+            Version: 3
+            TBS:
+                MD5: 3e83a7572d1c522dd9072ba6399029d7
+                SHA1: e2c2d59b70f028a66a8711bfa97f842475f84639
+                SHA256: 5a504a929cb21f72008d5d57bcd992a7cac13f6aa90cbb886b5ecd809e3b59dd
+                SHA384: 72916ab6c7eb3f5cb7444b3d7d2ac8cb52944605477c5a0f181d060e4edb4c37ebe5eb3c0566dda9de2d2707636ec355
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID Root CA
+            ValidFrom: '2011-04-15 19:41:37'
+            ValidTo: '2021-04-15 19:51:37'
+            Signature: 5cf5b22d02ceed01b53512d813f7aa4014c7a15ca08a55ed7e55ea6ac457176fd04722423658efc5ac61c5f62c52ce6ae6c80d85dab334420ea40225182672b92a4ea57e4b16f2a0e40c449ce24d9af474f0f927a6699031c244654348c74869d0fc8409f286140ac22996857f11eb8713176ed3ec6bff1d578ab17b1ea5a07ce9a27a68e5fac6b161d67263fa379163835599f81d614f0c6fa3f7bcb1152acc8d85e31417ef7e49443fb022c0f0acbe2fdbe10c86b0f4585c5a10a94bcdf3448a4652083e0a6210e9459504b78b8d4b074f500db7bbe7fb8ca27878c6c53b7663b2cfe521845a66fce04c79834ecfa8ee700586587cc29cd73ca3ad3c7e76625c87d0ed7cd5c55b1421f4be75a275d2e9e15ad020307841624d6b5e6e1b1710244ad8588775d015d762bbfd185665842561977faad49df4f35d6da031c2e19e02ac3e90c3327ee832903416d08b14cf95accee58c54a265b8bfed186a57073ed3e79a4a2f081a041c49871a8ae61b08a365d81c31c50d9cbab368ddf45076160675fec403e7d13edfdc862e10027e661296534e7af3365879b12042d8963f35be3f8ef2999743f5e40ce13c68728c8d49d75a52b573fb7a35943a61b08482c04885c19732d39b725fa0d2348f7ef0467cf28c7294c707b0d7b5b230b81965f09c8327b0a0abd0a2727e050fb3aeddb95b9b42bcc32663456b86f11d4643edc8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611cb28a000000000026
+            Version: 3
+            TBS:
+                MD5: 983a0c315a50542362f2bd6a5d71c8d0
+                SHA1: 8047f476001f5cb16a661d2a3fd0c3576168f5e2
+                SHA256: 5f6a519ed2e35cd0fa1cdfc90f4387162c36287bbf9e4d6648251d99542a9e83
+                SHA384: 5f014b60511ddab3247ef0b3c03fe82c622237ba76015e2911d1adc50dc632d56ebd1ee532f3c2b6cbfe68d80a2c91dc
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 7b721d64ff88c83ac1b7e9e7a9c487bbdb9492d7905933fa2b87dea85b80253f138f9b831b7c43c4e68cdf393ec315ecb0da3b21257b24c1725db84791811346fa9c3f6a5138deb425cbf0abdfc528015479104624d1380f26a161904dbabd28e63ff1c4aa9bf6da35534fc9f23dd36cdc23edaaa04d6709f33a803d3cfb364c90e776a4ddf23abf56352fa24c65e8e0d4dad1c7c8916a2d234f373b199418d4d59c103cd5b11c19ff8fc86b9b9ef8ae9c999678d1cd9c51155b4226725a8d0a4a239240e886de22c2933ad49b68a6df297f06b93c0ebd9fc4869c82474271328609997209794b9d7169f541ff7f397764f1848dbe8b1eb27d68a3a590b10cff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0fa8490615d700a0be2176fdc5ec6dbd
+            Version: 3
+            TBS:
+                MD5: a9a31555bbc92b6033975c5428fb3679
+                SHA1: 47f4b9898631773231b32844ec0d49990ac4eb1e
+                SHA256: c826846e4b1d73edb7561ab1b41c949354e237a91e82fe1be5b7e2e1701f52d1
+                SHA384: 86f49574f368a561914a52d7ae043ec6784ef8c718960700f834e123594605d25d39f1ad45f1eb5052c9567f3edd0e16
+        Signer:
+        -   SerialNumber: 05a7559541e0fdc678d79e3272468907
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID Code Signing CA,1
+            Version: 1
+    Imphash: 4b0b017b23567cf8b9e1268957acd032
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: mhyprot2.sys
+    Authentihash:
+        MD5: ff295de93e6b6dcc3938d50901a7240d
+        SHA1: 484c72dd4fd91083b249f3ccc733a3c8335e583f
+        SHA256: 0c7809ac1fa074408518ddc0ac118912c9cd43ed9c89213bc4d59043016b040c
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2020-08-16 21:38:03'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    ImportedFunctions:
+    - NtQuerySystemInformation
+    - RtlInitUnicodeString
+    - ExAllocatePool
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - _wcsicmp
+    - RtlInitString
+    - RtlAnsiStringToUnicodeString
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - ZwClose
+    - MmIsAddressValid
+    - ZwOpenDirectoryObject
+    - ZwQueryDirectoryObject
+    - ObReferenceObjectByName
+    - ZwQuerySystemInformation
+    - __C_specific_handler
+    - MmHighestUserAddress
+    - IoDriverObjectType
+    - KeQueryTimeIncrement
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - PsGetProcessWow64Process
+    - PsGetProcessPeb
+    - MmUnlockPages
+    - MmGetSystemRoutineAddress
+    - MmUnmapLockedPages
+    - IoFreeMdl
+    - ZwTerminateProcess
+    - PsGetProcessImageFileName
+    - ObOpenObjectByPointer
+    - PsReferenceProcessFilePointer
+    - IoQueryFileDosDeviceName
+    - ZwQueryVirtualMemory
+    - MmProbeAndLockPages
+    - PsLookupProcessByProcessId
+    - MmMapLockedPagesSpecifyCache
+    - IoAllocateMdl
+    - IoGetCurrentProcess
+    - MmCopyVirtualMemory
+    - KeClearEvent
+    - KeSetEvent
+    - KeWaitForSingleObject
+    - MmMapLockedPages
+    - ObReferenceObjectByHandle
+    - PsSetCreateProcessNotifyRoutineEx
+    - PsSetCreateThreadNotifyRoutine
+    - PsRemoveCreateThreadNotifyRoutine
+    - PsSetLoadImageNotifyRoutine
+    - PsRemoveLoadImageNotifyRoutine
+    - ExEventObjectType
+    - ObRegisterCallbacks
+    - ObUnRegisterCallbacks
+    - ObGetFilterVersion
+    - IoThreadToProcess
+    - strcmp
+    - PsProcessType
+    - PsThreadType
+    - RtlGetVersion
+    - ObfReferenceObject
+    - ObGetObjectType
+    - ExEnumHandleTable
+    - ExfUnblockPushLock
+    - _snprintf
+    - vsprintf_s
+    - ZwCreateFile
+    - ZwWriteFile
+    - PsLookupThreadByThreadId
+    - NtQueryInformationThread
+    - PsGetThreadProcess
+    - DbgPrint
+    - KeDelayExecutionThread
+    - KdDisableDebugger
+    - KdChangeOption
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - KdDebuggerEnabled
+    - PsGetVersion
+    - KeInitializeEvent
+    - RtlCopyUnicodeString
+    - ObfDereferenceObject
+    - ExReleaseFastMutex
+    - ExAcquireFastMutex
+    - MmBuildMdlForNonPagedPool
+    - WdfVersionBindClass
+    - WdfVersionBind
+    - WdfVersionUnbind
+    - WdfVersionUnbindClass
+    Imports:
+    - ntoskrnl.exe
+    - WDFLDR.SYS
+    InternalName: ''
+    MD5: dc358c301fb463c2f4e7edb028dfe7e8
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: ffdf660eb1ebf020a1d0a55a90712dfb
+        SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
+        SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
+    SHA1: 8f8a0b813ada9886d2d32fc41b74fb5c3a32177d
+    SHA256: 342cf884840fc2b48c96398f690a1801ed8ac1ea59305af9e3d070d13ef85601
+    Sections:
+        .text:
+            Entropy: 6.183070832014416
+            Virtual Size: '0x6ed0'
+        .rdata:
+            Entropy: 4.768973580594352
+            Virtual Size: '0x159c'
+        .data:
+            Entropy: 0.807954115503613
+            Virtual Size: '0x15f8'
+        .pdata:
+            Entropy: 7.83996638727823
+            Virtual Size: '0x684'
+        PAGE:
+            Entropy: 5.929327209049661
+            Virtual Size: '0xb7a'
+        INIT:
+            Entropy: 5.3523212488458185
+            Virtual Size: '0xe54'
+        .upx0:
+            Entropy: 7.037246397744446
+            Virtual Size: '0x124190'
+        .reloc:
+            Entropy: 3.9077681077271933
+            Virtual Size: '0xcc'
+        .rsrc:
+            Entropy: 2.9056718289000636
+            Virtual Size: '0x22c'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=CN, L=Shanghai, O=miHoYo Co.,Ltd., OU=OPS, CN=miHoYo Co.,Ltd.
+            ValidFrom: '2019-04-08 00:00:00'
+            ValidTo: '2022-04-08 12:00:00'
+            Signature: 46a5e6f6c38a63b314f7e2677bb86d4bcd7839eef8e006048ddd58c6783ff0657456e61c800efb31966c611f7ca7d1de1785e006e3f4c0b24cb652842e42cbae016320a774724537fc30e8f09895fdb626daa26b5740c7538aa1df1f97dcab12c3a743c2048f6c9a754f66189ac0f21544399798fb780cd347c9cac0443c8d778736938e17cdd5eca8a2338d8171efd61e13c868dff862da9df4ca8c653a227e0971030aa7e6b44dc2199d1ebd9cae00c6f0a3e91bb883cc509fb297902ba5c13e5826071d92178ace51f1a0653b0445cf7ba17226401c92d7db4f67a37d1243f9094ad5f32873891ea5004a8cbfec77129d4955e344492aaee456f852001ded
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 05a7559541e0fdc678d79e3272468907
+            Version: 3
+            TBS:
+                MD5: 3e83a7572d1c522dd9072ba6399029d7
+                SHA1: e2c2d59b70f028a66a8711bfa97f842475f84639
+                SHA256: 5a504a929cb21f72008d5d57bcd992a7cac13f6aa90cbb886b5ecd809e3b59dd
+                SHA384: 72916ab6c7eb3f5cb7444b3d7d2ac8cb52944605477c5a0f181d060e4edb4c37ebe5eb3c0566dda9de2d2707636ec355
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID Root CA
+            ValidFrom: '2011-04-15 19:41:37'
+            ValidTo: '2021-04-15 19:51:37'
+            Signature: 5cf5b22d02ceed01b53512d813f7aa4014c7a15ca08a55ed7e55ea6ac457176fd04722423658efc5ac61c5f62c52ce6ae6c80d85dab334420ea40225182672b92a4ea57e4b16f2a0e40c449ce24d9af474f0f927a6699031c244654348c74869d0fc8409f286140ac22996857f11eb8713176ed3ec6bff1d578ab17b1ea5a07ce9a27a68e5fac6b161d67263fa379163835599f81d614f0c6fa3f7bcb1152acc8d85e31417ef7e49443fb022c0f0acbe2fdbe10c86b0f4585c5a10a94bcdf3448a4652083e0a6210e9459504b78b8d4b074f500db7bbe7fb8ca27878c6c53b7663b2cfe521845a66fce04c79834ecfa8ee700586587cc29cd73ca3ad3c7e76625c87d0ed7cd5c55b1421f4be75a275d2e9e15ad020307841624d6b5e6e1b1710244ad8588775d015d762bbfd185665842561977faad49df4f35d6da031c2e19e02ac3e90c3327ee832903416d08b14cf95accee58c54a265b8bfed186a57073ed3e79a4a2f081a041c49871a8ae61b08a365d81c31c50d9cbab368ddf45076160675fec403e7d13edfdc862e10027e661296534e7af3365879b12042d8963f35be3f8ef2999743f5e40ce13c68728c8d49d75a52b573fb7a35943a61b08482c04885c19732d39b725fa0d2348f7ef0467cf28c7294c707b0d7b5b230b81965f09c8327b0a0abd0a2727e050fb3aeddb95b9b42bcc32663456b86f11d4643edc8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611cb28a000000000026
+            Version: 3
+            TBS:
+                MD5: 983a0c315a50542362f2bd6a5d71c8d0
+                SHA1: 8047f476001f5cb16a661d2a3fd0c3576168f5e2
+                SHA256: 5f6a519ed2e35cd0fa1cdfc90f4387162c36287bbf9e4d6648251d99542a9e83
+                SHA384: 5f014b60511ddab3247ef0b3c03fe82c622237ba76015e2911d1adc50dc632d56ebd1ee532f3c2b6cbfe68d80a2c91dc
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 7b721d64ff88c83ac1b7e9e7a9c487bbdb9492d7905933fa2b87dea85b80253f138f9b831b7c43c4e68cdf393ec315ecb0da3b21257b24c1725db84791811346fa9c3f6a5138deb425cbf0abdfc528015479104624d1380f26a161904dbabd28e63ff1c4aa9bf6da35534fc9f23dd36cdc23edaaa04d6709f33a803d3cfb364c90e776a4ddf23abf56352fa24c65e8e0d4dad1c7c8916a2d234f373b199418d4d59c103cd5b11c19ff8fc86b9b9ef8ae9c999678d1cd9c51155b4226725a8d0a4a239240e886de22c2933ad49b68a6df297f06b93c0ebd9fc4869c82474271328609997209794b9d7169f541ff7f397764f1848dbe8b1eb27d68a3a590b10cff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0fa8490615d700a0be2176fdc5ec6dbd
+            Version: 3
+            TBS:
+                MD5: a9a31555bbc92b6033975c5428fb3679
+                SHA1: 47f4b9898631773231b32844ec0d49990ac4eb1e
+                SHA256: c826846e4b1d73edb7561ab1b41c949354e237a91e82fe1be5b7e2e1701f52d1
+                SHA384: 86f49574f368a561914a52d7ae043ec6784ef8c718960700f834e123594605d25d39f1ad45f1eb5052c9567f3edd0e16
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 05a7559541e0fdc678d79e3272468907
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID Code Signing CA,1
+            Version: 1
+    Imphash: a74f61fdcea718cb9579907b2caf54ab
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/578d4909-c2ba-4363-b6e3-98fb62d5e55c.yaml b/yaml/578d4909-c2ba-4363-b6e3-98fb62d5e55c.yaml
index bb62a6059..11e6454dc 100644
--- a/yaml/578d4909-c2ba-4363-b6e3-98fb62d5e55c.yaml
+++ b/yaml/578d4909-c2ba-4363-b6e3-98fb62d5e55c.yaml
@@ -1,35 +1,35 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 578d4909-c2ba-4363-b6e3-98fb62d5e55c
+Tags:
+- bw.sys
+Verified: 'FALSE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create bw.sys binPath=C:\windows\temp\bw.sys type=kernel && sc.exe
-    start bw.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection: []
-Id: 578d4909-c2ba-4363-b6e3-98fb62d5e55c
-KnownVulnerableSamples:
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: bw.sys
-  MachineType: ''
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA256: 0ebaef662b14410c198395b13347e1d175334ec67919709ad37d65eba013adff
-  Signature: []
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create bw.sys binPath=C:\windows\temp\bw.sys type=kernel && sc.exe
+        start bw.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules
-Tags:
-- bw.sys
-Verified: 'FALSE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: bw.sys
+    MachineType: ''
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA256: 0ebaef662b14410c198395b13347e1d175334ec67919709ad37d65eba013adff
+    Signature: []
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/579a0516-1177-45ce-ad9e-45f53b28dcdc.yaml b/yaml/579a0516-1177-45ce-ad9e-45f53b28dcdc.yaml
index fff7af99f..505355fe3 100644
--- a/yaml/579a0516-1177-45ce-ad9e-45f53b28dcdc.yaml
+++ b/yaml/579a0516-1177-45ce-ad9e-45f53b28dcdc.yaml
@@ -1,35 +1,35 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 579a0516-1177-45ce-ad9e-45f53b28dcdc
+Tags:
+- b.sys
+Verified: 'FALSE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create b.sys binPath=C:\windows\temp\b.sys type=kernel && sc.exe
-    start b.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection: []
-Id: 579a0516-1177-45ce-ad9e-45f53b28dcdc
-KnownVulnerableSamples:
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: b.sys
-  MachineType: ''
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA256: 84df20b1d9d87e305c92e5ffae21b10b325609d59d835a954dbd8750ef5dabf4
-  Signature: []
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create b.sys binPath=C:\windows\temp\b.sys type=kernel && sc.exe
+        start b.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules
-Tags:
-- b.sys
-Verified: 'FALSE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: b.sys
+    MachineType: ''
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA256: 84df20b1d9d87e305c92e5ffae21b10b325609d59d835a954dbd8750ef5dabf4
+    Signature: []
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/57f63efb-dc43-4dba-9413-173e3e4be750.yaml b/yaml/57f63efb-dc43-4dba-9413-173e3e4be750.yaml
index b196c6f42..281e494ab 100644
--- a/yaml/57f63efb-dc43-4dba-9413-173e3e4be750.yaml
+++ b/yaml/57f63efb-dc43-4dba-9413-173e3e4be750.yaml
@@ -1,213 +1,214 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 57f63efb-dc43-4dba-9413-173e3e4be750
+Tags:
+- AsrSmartConnectDrv.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create AsrSmartConnectDrv.sys binPath=C:\windows\temp\AsrSmartConnectDrv.sys     type=kernel
-    && sc.exe start AsrSmartConnectDrv.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/47f08f7d30d824a8f4bb8a98916401a37c0fd8502db308aba91fe3112b892dcc.yara
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: 57f63efb-dc43-4dba-9413-173e3e4be750
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: fc88782a34ab832abb9c04c63c76830b
-    SHA1: a7bcabd8e465e5e1a0bad564d887a47f378dfdaa
-    SHA256: f43d977a5fb1bdc10837e7c4ff03526d2b8fa9757da9dd8bd6514cd31748a858
-  Company: RW-Everything
-  Copyright: Copyright (C) 2008 RW-Everything
-  CreationTimestamp: '2012-02-07 08:19:34'
-  Date: ''
-  Description: RW-Everything Read & Write Driver
-  ExportedFunctions: ''
-  FileVersion: '1.00.00.0000 built by: WinDDK'
-  Filename: AsrSmartConnectDrv.sys
-  ImportedFunctions:
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - MmFreeContiguousMemorySpecifyCache
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - RtlQueryRegistryValues
-  - MmUnmapIoSpace
-  - IoFreeMdl
-  - MmGetPhysicalAddress
-  - IoBuildAsynchronousFsdRequest
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - IoFreeIrp
-  - RtlCompareMemory
-  - MmUnlockPages
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - MmAllocateContiguousMemorySpecifyCache
-  - IofCallDriver
-  - KeBugCheckEx
-  - ExAllocatePoolWithTag
-  - KeStallExecutionProcessor
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: RwDrv.sys
-  MD5: 56a515173b211832e20fbc64e5a0447c
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: RwDrv.sys
-  Product: RW-Everything Read & Write Driver
-  ProductVersion: 1.00.00.0000
-  Publisher: ASROCK Incorporation
-  RichPEHeaderHash:
-    MD5: a84c01eca8a6ca8e5221dbca3000c16e
-    SHA1: ff0ae5ad07f99ad2ac40b53c5215335a5d84e926
-    SHA256: 961a144592952461a785ff1f4d4f55c4132016b9fbbce3d881edf6131038533b
-  SHA1: 1d0df45ee3fa758f0470e055915004e6eae54c95
-  SHA256: 47f08f7d30d824a8f4bb8a98916401a37c0fd8502db308aba91fe3112b892dcc
-  Sections:
-    .text:
-      Entropy: 6.338684971851386
-      Virtual Size: '0x1a28'
-    .rdata:
-      Entropy: 4.597473025210269
-      Virtual Size: '0x24c'
-    .data:
-      Entropy: 0.46979092711892695
-      Virtual Size: '0x130'
-    .pdata:
-      Entropy: 3.6846124142888885
-      Virtual Size: '0xf0'
-    INIT:
-      Entropy: 5.344304712014471
-      Virtual Size: '0x4f0'
-    .rsrc:
-      Entropy: 3.3169950909252863
-      Virtual Size: '0x3c0'
-  Signature:
-  - ASROCK Incorporation
-  - VeriSign Class 3 Code Signing 2010 CA
-  - VeriSign
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=TW, ST=TAIWAN, L=Taipei, O=ASROCK Incorporation, OU=Digital ID Class
-        3 , Microsoft Software Validation v2, CN=ASROCK Incorporation
-      ValidFrom: '2011-03-07 00:00:00'
-      ValidTo: '2014-04-03 23:59:59'
-      Signature: e457550022e1dc5fe5a4f5162ea4664b819458f2359662f932d0d95e5ea6fd9ddafef2e213e9b4a46fa9acd6d5a07919479d127beb7ec1c11f0bc376b8ebfa7f815ec4f9b97646c2297359d2d8fda71a21143f33696ca8f3e1f830ef73cddea63b38fe440779ac5ef4885c3e5158183efbd50ecac394edbe86ad65c8245bf56719cd0dd5a13b2baad92c65ab6b2fbfc7aad423fc082e067d6080a3fbc634e58361bb6aa25ef376c78795d025f425faf64d8771549f3f7acfa1a55d4d7c4d8da57cd78411925d37a515cccbd1f978fb26abd268b80ff67b64bd4262e63b04d4015c8af232d9f117bfcec950c5612adbbcd70106d5712f5c70c131fbd19db21e6c
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 45dfec7bb3d378c97feb24efd699bb4e
-      Version: 3
-      TBS:
-        MD5: 544af7037e76dccfe47a9dffd9b847fd
-        SHA1: ea7dceadac1b76a4a0ed5624632072f8aa6ce02c
-        SHA256: 87f5b27417a56e4175d0e0acb7a831961963fad217e5d82fbf699287e8fdab25
-        SHA384: 2b6eb82e226dcec715cc7c98e2bf9a9a0dcb3f4e471827fe95d9dbd452ce459c6ae9525771c673800fa84b679b14db89
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 45dfec7bb3d378c97feb24efd699bb4e
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 9d7183c1d8107495354c4fad9dae3452
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create AsrSmartConnectDrv.sys binPath=C:\windows\temp\AsrSmartConnectDrv.sys     type=kernel
+        && sc.exe start AsrSmartConnectDrv.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://github.com/namazso/physmem_drivers
-Tags:
-- AsrSmartConnectDrv.sys
-Verified: 'TRUE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/47f08f7d30d824a8f4bb8a98916401a37c0fd8502db308aba91fe3112b892dcc.yara
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: fc88782a34ab832abb9c04c63c76830b
+        SHA1: a7bcabd8e465e5e1a0bad564d887a47f378dfdaa
+        SHA256: f43d977a5fb1bdc10837e7c4ff03526d2b8fa9757da9dd8bd6514cd31748a858
+    Company: RW-Everything
+    Copyright: Copyright (C) 2008 RW-Everything
+    CreationTimestamp: '2012-02-07 08:19:34'
+    Date: ''
+    Description: RW-Everything Read & Write Driver
+    ExportedFunctions: ''
+    FileVersion: '1.00.00.0000 built by: WinDDK'
+    Filename: AsrSmartConnectDrv.sys
+    ImportedFunctions:
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - MmFreeContiguousMemorySpecifyCache
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - RtlQueryRegistryValues
+    - MmUnmapIoSpace
+    - IoFreeMdl
+    - MmGetPhysicalAddress
+    - IoBuildAsynchronousFsdRequest
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - IoFreeIrp
+    - RtlCompareMemory
+    - MmUnlockPages
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - MmAllocateContiguousMemorySpecifyCache
+    - IofCallDriver
+    - KeBugCheckEx
+    - ExAllocatePoolWithTag
+    - KeStallExecutionProcessor
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: RwDrv.sys
+    MD5: 56a515173b211832e20fbc64e5a0447c
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: RwDrv.sys
+    Product: RW-Everything Read & Write Driver
+    ProductVersion: 1.00.00.0000
+    Publisher: ASROCK Incorporation
+    RichPEHeaderHash:
+        MD5: a84c01eca8a6ca8e5221dbca3000c16e
+        SHA1: ff0ae5ad07f99ad2ac40b53c5215335a5d84e926
+        SHA256: 961a144592952461a785ff1f4d4f55c4132016b9fbbce3d881edf6131038533b
+    SHA1: 1d0df45ee3fa758f0470e055915004e6eae54c95
+    SHA256: 47f08f7d30d824a8f4bb8a98916401a37c0fd8502db308aba91fe3112b892dcc
+    Sections:
+        .text:
+            Entropy: 6.338684971851386
+            Virtual Size: '0x1a28'
+        .rdata:
+            Entropy: 4.597473025210269
+            Virtual Size: '0x24c'
+        .data:
+            Entropy: 0.46979092711892695
+            Virtual Size: '0x130'
+        .pdata:
+            Entropy: 3.6846124142888885
+            Virtual Size: '0xf0'
+        INIT:
+            Entropy: 5.344304712014471
+            Virtual Size: '0x4f0'
+        .rsrc:
+            Entropy: 3.3169950909252863
+            Virtual Size: '0x3c0'
+    Signature:
+    - ASROCK Incorporation
+    - VeriSign Class 3 Code Signing 2010 CA
+    - VeriSign
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=TW, ST=TAIWAN, L=Taipei, O=ASROCK Incorporation, OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, CN=ASROCK Incorporation
+            ValidFrom: '2011-03-07 00:00:00'
+            ValidTo: '2014-04-03 23:59:59'
+            Signature: e457550022e1dc5fe5a4f5162ea4664b819458f2359662f932d0d95e5ea6fd9ddafef2e213e9b4a46fa9acd6d5a07919479d127beb7ec1c11f0bc376b8ebfa7f815ec4f9b97646c2297359d2d8fda71a21143f33696ca8f3e1f830ef73cddea63b38fe440779ac5ef4885c3e5158183efbd50ecac394edbe86ad65c8245bf56719cd0dd5a13b2baad92c65ab6b2fbfc7aad423fc082e067d6080a3fbc634e58361bb6aa25ef376c78795d025f425faf64d8771549f3f7acfa1a55d4d7c4d8da57cd78411925d37a515cccbd1f978fb26abd268b80ff67b64bd4262e63b04d4015c8af232d9f117bfcec950c5612adbbcd70106d5712f5c70c131fbd19db21e6c
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 45dfec7bb3d378c97feb24efd699bb4e
+            Version: 3
+            TBS:
+                MD5: 544af7037e76dccfe47a9dffd9b847fd
+                SHA1: ea7dceadac1b76a4a0ed5624632072f8aa6ce02c
+                SHA256: 87f5b27417a56e4175d0e0acb7a831961963fad217e5d82fbf699287e8fdab25
+                SHA384: 2b6eb82e226dcec715cc7c98e2bf9a9a0dcb3f4e471827fe95d9dbd452ce459c6ae9525771c673800fa84b679b14db89
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 45dfec7bb3d378c97feb24efd699bb4e
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 9d7183c1d8107495354c4fad9dae3452
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/57fc510a-e649-4599-b83e-8f3605e3d1d9.yaml b/yaml/57fc510a-e649-4599-b83e-8f3605e3d1d9.yaml
index 93e847800..d18547014 100644
--- a/yaml/57fc510a-e649-4599-b83e-8f3605e3d1d9.yaml
+++ b/yaml/57fc510a-e649-4599-b83e-8f3605e3d1d9.yaml
@@ -1,354 +1,354 @@
-Acknowledgement:
-  Handle: '@mattnotmax'
-  Person: ''
+Id: 57fc510a-e649-4599-b83e-8f3605e3d1d9
+Tags:
+- aswArPot.sys
+Verified: 'TRUE'
 Author: Michael Haag
+Created: '2023-01-09'
+MitreID: T1068
 CVE:
 - CVE-2022-26522
 - CVE-2022-26523
 Category: vulnerable driver
 Commands:
-  Command: sc.exe create aswArPot.sys binPath=C:\windows\temp\aswArPot.sys type=kernel
-    && sc.exe start aswArPot.sys
-  Description: "Avast\u2019s \u201CAnti Rootkit\u201D driver (also used by AVG) has\
-    \ been found to be vulnerable to two high severity attacks that could potentially\
-    \ lead to privilege escalation by running code in the kernel from a non-administrator\
-    \ user."
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
-Created: '2023-01-09'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/4b5229b3250c8c08b98cb710d6c056144271de099a57ae09f5d2097fc41bd4f1.yara
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: 57fc510a-e649-4599-b83e-8f3605e3d1d9
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 66d55dcf5fe5e1b60f32880d48207105
-    SHA1: b8b5e5951f1c4148537e9850f2b577a453e4c045
-    SHA256: c0c131bc8d6c8b5a2be32474474b1221bce1289c174c87e743ed4a512f5571d4
-  Company: AVAST Software
-  Copyright: Copyright (c) 2021 AVAST Software
-  CreationTimestamp: '2021-02-01 02:08:43'
-  Date: ''
-  Description: Avast Anti Rootkit
-  ExportedFunctions: ''
-  FileVersion: 21.1.187.0
-  Filename: aswArPot.sys
-  ImportedFunctions:
-  - __C_specific_handler
-  - KeDelayExecutionThread
-  - IoAllocateWorkItem
-  - MmIsAddressValid
-  - MmUnlockPages
-  - ExAllocatePool
-  - RtlAnsiStringToUnicodeString
-  - KeAcquireSpinLockRaiseToDpc
-  - ZwQuerySystemInformation
-  - PsRemoveLoadImageNotifyRoutine
-  - ZwUnmapViewOfSection
-  - ZwQuerySymbolicLinkObject
-  - MmProbeAndLockPages
-  - RtlVolumeDeviceToDosName
-  - PsSetLoadImageNotifyRoutine
-  - IoGetRequestorProcessId
-  - ZwReadFile
-  - ObQueryNameString
-  - IoDetachDevice
-  - ZwOpenThreadTokenEx
-  - ZwOpenProcessTokenEx
-  - towlower
-  - NtBuildNumber
-  - ExReleaseFastMutex
-  - _wcsicmp
-  - _snwprintf
-  - RtlConvertSidToUnicodeString
-  - ObfDereferenceObject
-  - IoAllocateMdl
-  - ZwCreateSection
-  - ZwQueryInformationProcess
-  - IoAttachDeviceToDeviceStackSafe
-  - PsGetProcessId
-  - PsCreateSystemThread
-  - ZwQueryInformationThread
-  - RtlInitUnicodeString
-  - ZwOpenSymbolicLinkObject
-  - tolower
-  - PsRemoveCreateThreadNotifyRoutine
-  - IoDeleteDevice
-  - IoBuildDeviceIoControlRequest
-  - wcsncpy
-  - IoGetDeviceObjectPointer
-  - IoGetCurrentProcess
-  - ObOpenObjectByPointer
-  - strncpy
-  - KeReleaseSpinLock
-  - _strnicmp
-  - IoFileObjectType
-  - KeStackAttachProcess
-  - PsLookupProcessByProcessId
-  - PsGetCurrentProcessId
-  - KeSetEvent
-  - PsThreadType
-  - RtlUnicodeStringToAnsiString
-  - ZwQueryInformationToken
-  - ZwMapViewOfSection
-  - strncmp
-  - ObReferenceObjectByHandle
-  - RtlGetVersion
-  - PsGetThreadId
-  - PsGetVersion
-  - KeClearEvent
-  - IoGetBaseFileSystemDeviceObject
-  - wcschr
-  - ZwSetInformationFile
-  - ZwEnumerateKey
-  - IoFreeMdl
-  - wcsstr
-  - ExAcquireFastMutex
-  - MmGetSystemRoutineAddress
-  - IoFreeWorkItem
-  - _stricmp
-  - ExAllocatePoolWithTag
-  - RtlInitString
-  - IoCreateDevice
-  - IofCallDriver
-  - IoDeviceObjectType
-  - _snprintf
-  - ExFreePoolWithTag
-  - ZwOpenFile
-  - KeSetSystemAffinityThread
-  - strstr
-  - KeInitializeEvent
-  - ObReferenceObjectByName
-  - strchr
-  - _wcsnicmp
-  - KeQueryActiveProcessors
-  - RtlEqualSid
-  - IoQueueWorkItem
-  - MmUnmapLockedPages
-  - MmMapLockedPagesSpecifyCache
-  - PsSetCreateThreadNotifyRoutine
-  - PsGetCurrentThreadId
-  - IofCompleteRequest
-  - PsGetProcessWin32Process
-  - ExEventObjectType
-  - ZwQueryInformationFile
-  - KeWaitForSingleObject
-  - IoCreateSymbolicLink
-  - PsSetCreateProcessNotifyRoutine
-  - IoDriverObjectType
-  - PsLookupThreadByThreadId
-  - IoGetDeviceInterfaces
-  - ZwClose
-  - PsTerminateSystemThread
-  - wcsrchr
-  - strrchr
-  - SeExports
-  - KeUnstackDetachProcess
-  - KeResetEvent
-  - KeRevertToUserAffinityThread
-  - ZwOpenProcess
-  - wcsncmp
-  - ZwOpenKey
-  - PsGetThreadProcess
-  - IoThreadToProcess
-  - PsInitialSystemProcess
-  - KeInsertQueueDpc
-  - KeNumberProcessors
-  - KeInitializeDpc
-  - KeSetTargetProcessorDpc
-  - PsProcessType
-  - MmMapIoSpace
-  - MmUnmapIoSpace
-  - ZwDeleteFile
-  - KeAttachProcess
-  - KeDetachProcess
-  - RtlCompareUnicodeString
-  - ZwWriteFile
-  - NtClose
-  - ObfReferenceObject
-  - IoBuildSynchronousFsdRequest
-  - ZwOpenThread
-  - ZwTerminateProcess
-  - RtlEqualUnicodeString
-  - IoFreeIrp
-  - ZwQueryDirectoryObject
-  - KeBugCheck
-  - ZwOpenDirectoryObject
-  - IoAllocateIrp
-  - KdDebuggerNotPresent
-  - ZwSetSecurityObject
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - RtlGetSaclSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - RtlLengthSecurityDescriptor
-  - RtlCreateSecurityDescriptor
-  - RtlAbsoluteToSelfRelativeSD
-  - RtlAddAccessAllowedAce
-  - RtlLengthSid
-  - IoIsWdmVersionAvailable
-  - RtlSetDaclSecurityDescriptor
-  - ZwSetValueKey
-  - ZwQueryValueKey
-  - ZwCreateKey
-  - RtlFreeUnicodeString
-  - KeBugCheckEx
-  - RtlQueryRegistryValues
-  - RtlPrefixUnicodeString
-  - ExRegisterCallback
-  - ExCreateCallback
-  - ExUnregisterCallback
-  - strcmp
-  Imports:
-  - ntoskrnl.exe
-  InternalName: aswArPot
-  MD5: a179c4093d05a3e1ee73f6ff07f994aa
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: aswArPot.sys
-  Product: 'Avast Antivirus '
-  ProductVersion: 21.1.187.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: edc05997bbdab8acd04f275b386ffdab
-    SHA1: b47a65e11021476840629d33996069e4638e241c
-    SHA256: fe13709d1d6fd5734b2d61d1661e6ac2540c5ee2f4f96e56418d1db86c0bdb20
-  SHA1: 5d6b9e80e12bfc595d4d26f6afb099b3cb471dd4
-  SHA256: 4b5229b3250c8c08b98cb710d6c056144271de099a57ae09f5d2097fc41bd4f1
-  Sections:
-    .text:
-      Entropy: 6.386320097220837
-      Virtual Size: '0x228c2'
-    .rdata:
-      Entropy: 5.733045078108813
-      Virtual Size: '0x3ba4'
-    .data:
-      Entropy: 2.827822492450825
-      Virtual Size: '0x25ad0'
-    .pdata:
-      Entropy: 5.411411947630738
-      Virtual Size: '0x1218'
-    PAGE:
-      Entropy: 6.270335052415906
-      Virtual Size: '0x1c4b'
-    INIT:
-      Entropy: 5.365142970284712
-      Virtual Size: '0x13dc'
-    .rsrc:
-      Entropy: 3.285771259007418
-      Virtual Size: '0x398'
-    .reloc:
-      Entropy: 5.435120402444784
-      Virtual Size: '0x1a0'
-  Signature:
-  - Avast Software s.r.o.
-  - DigiCert High Assurance Code Signing CA-1
-  - DigiCert
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert, Inc., CN=DigiCert Timestamp 2021
-      ValidFrom: '2021-01-01 00:00:00'
-      ValidTo: '2031-01-06 00:00:00'
-      Signature: 481cdcb5e99a23bce71ae7200e8e6746fd427251740a2347a3ab92d225c47059be14a0e52781a54d1415190779f0d104c386d93bbdfe4402664ded69a40ff6b870cf62e8f5514a7879367a27b7f3e7529f93a7ed439e7be7b4dd412289fb87a246034efcf4feb76477635f2352698382fa1a53ed90cc8da117730df4f36539704bf39cd67a7bda0cbc3d32d01bcbf561fc75080076bc810ef8c0e15ccfc41172e71b6449d8229a751542f52d323881daf460a2bab452fb5ce06124254fb2dfc929a8734351dabd63d61f5b9bf72e1b4f131df74a0d717e97b7f43f84ebc1e3a349a1facea7bf56cfba597661895f7ea7b48e6778f93698e1cb28da5b87a68a2f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 0d424ae0be3a88ff604021ce1400f0dd
-      Version: 3
-      TBS:
-        MD5: c0189c338449a42fe8358c2c1fbecc60
-        SHA1: b8ac0ee6875594b80ad86a6df6dd1fa3048c187c
-        SHA256: a43de6baf968a942da017b70769fdb65b3cfb1bbca1f9174da26a7d8aae78ec5
-        SHA384: 76d3a316a5a106050298418cce3beea16100524723d9e3220b0de51bfb6f1c35a5d4c7cd10b358fef7bf94c3e3562150
-    - Subject: C=CZ, L=Praha, O=Avast Software s.r.o., OU=RE 999, CN=Avast Software
-        s.r.o.
-      ValidFrom: '2019-12-02 00:00:00'
-      ValidTo: '2022-10-19 12:00:00'
-      Signature: 874d04f17ffc50e66100207e56ecc8ae7e81c1957a7600295ead9db28842c7c05e06e8e28ccfc1e9d45d7a55d6d4a2fb74d72600a79ef5bfa53acaa4f3a4fcaf90a2554fc37742dd44c83a90880f948f5538637c0d999b03ebbf20cc001293a5639d44ad950cacfce2a337f7a24b817a5b85df89f6acf49974adee1d867373e6534a3f3558e59f87d06afe5744ec575b66c76110a595471007b209c591984f0ff20ea4c87ac405c85f42f0b105b04ec2ced11ca9cfb6aef21a3c6ae9ccd2a9cb4a9f78244751b15bfccb32ec3a52d44258bad6fc6d9f24c24700e9e1c4c0c29b9db4683c526a92934d72367620c6a89119e7a678597d7603c62b1c22f54edfad
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03f02aca051d1c9330eeabd3706e836f
-      Version: 3
-      TBS:
-        MD5: f251d9cde0901fb67831855b4a592b51
-        SHA1: cd0ac068faea4b875ded287512f20b6ba8dcb457
-        SHA256: 247e040822854e1a4cbc3488782a9e96db6bffa9bdfe36406a46e3f88695d423
-        SHA384: c6a765c300f3ee36604e9c51a9fcd18071b0cd0bd15b3ad69350f04a0b1b5ef7b71556af698a1e8988bf91cd8b2a6104
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Assured
-        ID Timestamping CA
-      ValidFrom: '2016-01-07 12:00:00'
-      ValidTo: '2031-01-07 12:00:00'
-      Signature: 719512e951875669cdefddda7caa637ab378cf06374084ef4b84bfcacf0302fdc5a7c30e20422caf77f32b1f0c215a2ab705341d6aae99f827a266bf09aa60df76a43a930ff8b2d1d87c1962e85e82251ec4ba1c7b2c21e2d65b2c1435430468b2db7502e072c798d63c64e51f4810185f8938614d62462487638c91522caf2989e5781fd60b14a580d7124770b375d59385937eb69267fb536189a8f56b96c0f458690d7cc801b1b92875b7996385228c61ca79947e59fc8c0fe36fb50126b66ca5ee875121e458609bba0c2d2b6da2c47ebbc4252b4702087c49ae13b6e17c424228c61856cf4134b6665db6747bf55633222f2236b24ba24a95d8f5a68e52
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 0aa125d6d6321b7e41e405da3697c215
-      Version: 3
-      TBS:
-        MD5: 8d26184fc613f89aba1cefb30fce1b53
-        SHA1: 63a7e376bad5ec2e419d514a403bcf46c8d31d95
-        SHA256: 56b5f0d9db578e3f142921daa387902722a76700375c7e1c4ae0ba004bacaa0c
-        SHA384: d8c9691fe9dbe182f07b49b07fbb4f589fa7b38b5c4d21f265d3a2e818f4b1bfb39e03faab2ec05bb10333a99914fb8a
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
-      Version: 3
-      TBS:
-        MD5: 829995f702421dea833a24fb2c7f4442
-        SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
-        SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
-        SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
-    Signer:
-    - SerialNumber: 03f02aca051d1c9330eeabd3706e836f
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      Version: 1
-  Imphash: 3702511999371bac8982d01820dd70f2
-  LoadsDespiteHVCI: 'FALSE'
-MitreID: T1068
+    Command: sc.exe create aswArPot.sys binPath=C:\windows\temp\aswArPot.sys type=kernel
+        && sc.exe start aswArPot.sys
+    Description: "Avast\u2019s \u201CAnti Rootkit\u201D driver (also used by AVG)\
+        \ has been found to be vulnerable to two high severity attacks that could\
+        \ potentially lead to privilege escalation by running code in the kernel from\
+        \ a non-administrator user."
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules
 - 'CVE-2022-26522, CVE-2022-26523: Both of these vulnerabilities were fixed in version
-  22.1.'
-Tags:
-- aswArPot.sys
-Verified: 'TRUE'
+    22.1.'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/4b5229b3250c8c08b98cb710d6c056144271de099a57ae09f5d2097fc41bd4f1.yara
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: '@mattnotmax'
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 66d55dcf5fe5e1b60f32880d48207105
+        SHA1: b8b5e5951f1c4148537e9850f2b577a453e4c045
+        SHA256: c0c131bc8d6c8b5a2be32474474b1221bce1289c174c87e743ed4a512f5571d4
+    Company: AVAST Software
+    Copyright: Copyright (c) 2021 AVAST Software
+    CreationTimestamp: '2021-02-01 02:08:43'
+    Date: ''
+    Description: Avast Anti Rootkit
+    ExportedFunctions: ''
+    FileVersion: 21.1.187.0
+    Filename: aswArPot.sys
+    ImportedFunctions:
+    - __C_specific_handler
+    - KeDelayExecutionThread
+    - IoAllocateWorkItem
+    - MmIsAddressValid
+    - MmUnlockPages
+    - ExAllocatePool
+    - RtlAnsiStringToUnicodeString
+    - KeAcquireSpinLockRaiseToDpc
+    - ZwQuerySystemInformation
+    - PsRemoveLoadImageNotifyRoutine
+    - ZwUnmapViewOfSection
+    - ZwQuerySymbolicLinkObject
+    - MmProbeAndLockPages
+    - RtlVolumeDeviceToDosName
+    - PsSetLoadImageNotifyRoutine
+    - IoGetRequestorProcessId
+    - ZwReadFile
+    - ObQueryNameString
+    - IoDetachDevice
+    - ZwOpenThreadTokenEx
+    - ZwOpenProcessTokenEx
+    - towlower
+    - NtBuildNumber
+    - ExReleaseFastMutex
+    - _wcsicmp
+    - _snwprintf
+    - RtlConvertSidToUnicodeString
+    - ObfDereferenceObject
+    - IoAllocateMdl
+    - ZwCreateSection
+    - ZwQueryInformationProcess
+    - IoAttachDeviceToDeviceStackSafe
+    - PsGetProcessId
+    - PsCreateSystemThread
+    - ZwQueryInformationThread
+    - RtlInitUnicodeString
+    - ZwOpenSymbolicLinkObject
+    - tolower
+    - PsRemoveCreateThreadNotifyRoutine
+    - IoDeleteDevice
+    - IoBuildDeviceIoControlRequest
+    - wcsncpy
+    - IoGetDeviceObjectPointer
+    - IoGetCurrentProcess
+    - ObOpenObjectByPointer
+    - strncpy
+    - KeReleaseSpinLock
+    - _strnicmp
+    - IoFileObjectType
+    - KeStackAttachProcess
+    - PsLookupProcessByProcessId
+    - PsGetCurrentProcessId
+    - KeSetEvent
+    - PsThreadType
+    - RtlUnicodeStringToAnsiString
+    - ZwQueryInformationToken
+    - ZwMapViewOfSection
+    - strncmp
+    - ObReferenceObjectByHandle
+    - RtlGetVersion
+    - PsGetThreadId
+    - PsGetVersion
+    - KeClearEvent
+    - IoGetBaseFileSystemDeviceObject
+    - wcschr
+    - ZwSetInformationFile
+    - ZwEnumerateKey
+    - IoFreeMdl
+    - wcsstr
+    - ExAcquireFastMutex
+    - MmGetSystemRoutineAddress
+    - IoFreeWorkItem
+    - _stricmp
+    - ExAllocatePoolWithTag
+    - RtlInitString
+    - IoCreateDevice
+    - IofCallDriver
+    - IoDeviceObjectType
+    - _snprintf
+    - ExFreePoolWithTag
+    - ZwOpenFile
+    - KeSetSystemAffinityThread
+    - strstr
+    - KeInitializeEvent
+    - ObReferenceObjectByName
+    - strchr
+    - _wcsnicmp
+    - KeQueryActiveProcessors
+    - RtlEqualSid
+    - IoQueueWorkItem
+    - MmUnmapLockedPages
+    - MmMapLockedPagesSpecifyCache
+    - PsSetCreateThreadNotifyRoutine
+    - PsGetCurrentThreadId
+    - IofCompleteRequest
+    - PsGetProcessWin32Process
+    - ExEventObjectType
+    - ZwQueryInformationFile
+    - KeWaitForSingleObject
+    - IoCreateSymbolicLink
+    - PsSetCreateProcessNotifyRoutine
+    - IoDriverObjectType
+    - PsLookupThreadByThreadId
+    - IoGetDeviceInterfaces
+    - ZwClose
+    - PsTerminateSystemThread
+    - wcsrchr
+    - strrchr
+    - SeExports
+    - KeUnstackDetachProcess
+    - KeResetEvent
+    - KeRevertToUserAffinityThread
+    - ZwOpenProcess
+    - wcsncmp
+    - ZwOpenKey
+    - PsGetThreadProcess
+    - IoThreadToProcess
+    - PsInitialSystemProcess
+    - KeInsertQueueDpc
+    - KeNumberProcessors
+    - KeInitializeDpc
+    - KeSetTargetProcessorDpc
+    - PsProcessType
+    - MmMapIoSpace
+    - MmUnmapIoSpace
+    - ZwDeleteFile
+    - KeAttachProcess
+    - KeDetachProcess
+    - RtlCompareUnicodeString
+    - ZwWriteFile
+    - NtClose
+    - ObfReferenceObject
+    - IoBuildSynchronousFsdRequest
+    - ZwOpenThread
+    - ZwTerminateProcess
+    - RtlEqualUnicodeString
+    - IoFreeIrp
+    - ZwQueryDirectoryObject
+    - KeBugCheck
+    - ZwOpenDirectoryObject
+    - IoAllocateIrp
+    - KdDebuggerNotPresent
+    - ZwSetSecurityObject
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - RtlGetSaclSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - RtlLengthSecurityDescriptor
+    - RtlCreateSecurityDescriptor
+    - RtlAbsoluteToSelfRelativeSD
+    - RtlAddAccessAllowedAce
+    - RtlLengthSid
+    - IoIsWdmVersionAvailable
+    - RtlSetDaclSecurityDescriptor
+    - ZwSetValueKey
+    - ZwQueryValueKey
+    - ZwCreateKey
+    - RtlFreeUnicodeString
+    - KeBugCheckEx
+    - RtlQueryRegistryValues
+    - RtlPrefixUnicodeString
+    - ExRegisterCallback
+    - ExCreateCallback
+    - ExUnregisterCallback
+    - strcmp
+    Imports:
+    - ntoskrnl.exe
+    InternalName: aswArPot
+    MD5: a179c4093d05a3e1ee73f6ff07f994aa
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: aswArPot.sys
+    Product: 'Avast Antivirus '
+    ProductVersion: 21.1.187.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: edc05997bbdab8acd04f275b386ffdab
+        SHA1: b47a65e11021476840629d33996069e4638e241c
+        SHA256: fe13709d1d6fd5734b2d61d1661e6ac2540c5ee2f4f96e56418d1db86c0bdb20
+    SHA1: 5d6b9e80e12bfc595d4d26f6afb099b3cb471dd4
+    SHA256: 4b5229b3250c8c08b98cb710d6c056144271de099a57ae09f5d2097fc41bd4f1
+    Sections:
+        .text:
+            Entropy: 6.386320097220837
+            Virtual Size: '0x228c2'
+        .rdata:
+            Entropy: 5.733045078108813
+            Virtual Size: '0x3ba4'
+        .data:
+            Entropy: 2.827822492450825
+            Virtual Size: '0x25ad0'
+        .pdata:
+            Entropy: 5.411411947630738
+            Virtual Size: '0x1218'
+        PAGE:
+            Entropy: 6.270335052415906
+            Virtual Size: '0x1c4b'
+        INIT:
+            Entropy: 5.365142970284712
+            Virtual Size: '0x13dc'
+        .rsrc:
+            Entropy: 3.285771259007418
+            Virtual Size: '0x398'
+        .reloc:
+            Entropy: 5.435120402444784
+            Virtual Size: '0x1a0'
+    Signature:
+    - Avast Software s.r.o.
+    - DigiCert High Assurance Code Signing CA-1
+    - DigiCert
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert, Inc., CN=DigiCert Timestamp 2021
+            ValidFrom: '2021-01-01 00:00:00'
+            ValidTo: '2031-01-06 00:00:00'
+            Signature: 481cdcb5e99a23bce71ae7200e8e6746fd427251740a2347a3ab92d225c47059be14a0e52781a54d1415190779f0d104c386d93bbdfe4402664ded69a40ff6b870cf62e8f5514a7879367a27b7f3e7529f93a7ed439e7be7b4dd412289fb87a246034efcf4feb76477635f2352698382fa1a53ed90cc8da117730df4f36539704bf39cd67a7bda0cbc3d32d01bcbf561fc75080076bc810ef8c0e15ccfc41172e71b6449d8229a751542f52d323881daf460a2bab452fb5ce06124254fb2dfc929a8734351dabd63d61f5b9bf72e1b4f131df74a0d717e97b7f43f84ebc1e3a349a1facea7bf56cfba597661895f7ea7b48e6778f93698e1cb28da5b87a68a2f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 0d424ae0be3a88ff604021ce1400f0dd
+            Version: 3
+            TBS:
+                MD5: c0189c338449a42fe8358c2c1fbecc60
+                SHA1: b8ac0ee6875594b80ad86a6df6dd1fa3048c187c
+                SHA256: a43de6baf968a942da017b70769fdb65b3cfb1bbca1f9174da26a7d8aae78ec5
+                SHA384: 76d3a316a5a106050298418cce3beea16100524723d9e3220b0de51bfb6f1c35a5d4c7cd10b358fef7bf94c3e3562150
+        -   Subject: C=CZ, L=Praha, O=Avast Software s.r.o., OU=RE 999, CN=Avast Software
+                s.r.o.
+            ValidFrom: '2019-12-02 00:00:00'
+            ValidTo: '2022-10-19 12:00:00'
+            Signature: 874d04f17ffc50e66100207e56ecc8ae7e81c1957a7600295ead9db28842c7c05e06e8e28ccfc1e9d45d7a55d6d4a2fb74d72600a79ef5bfa53acaa4f3a4fcaf90a2554fc37742dd44c83a90880f948f5538637c0d999b03ebbf20cc001293a5639d44ad950cacfce2a337f7a24b817a5b85df89f6acf49974adee1d867373e6534a3f3558e59f87d06afe5744ec575b66c76110a595471007b209c591984f0ff20ea4c87ac405c85f42f0b105b04ec2ced11ca9cfb6aef21a3c6ae9ccd2a9cb4a9f78244751b15bfccb32ec3a52d44258bad6fc6d9f24c24700e9e1c4c0c29b9db4683c526a92934d72367620c6a89119e7a678597d7603c62b1c22f54edfad
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03f02aca051d1c9330eeabd3706e836f
+            Version: 3
+            TBS:
+                MD5: f251d9cde0901fb67831855b4a592b51
+                SHA1: cd0ac068faea4b875ded287512f20b6ba8dcb457
+                SHA256: 247e040822854e1a4cbc3488782a9e96db6bffa9bdfe36406a46e3f88695d423
+                SHA384: c6a765c300f3ee36604e9c51a9fcd18071b0cd0bd15b3ad69350f04a0b1b5ef7b71556af698a1e8988bf91cd8b2a6104
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Assured
+                ID Timestamping CA
+            ValidFrom: '2016-01-07 12:00:00'
+            ValidTo: '2031-01-07 12:00:00'
+            Signature: 719512e951875669cdefddda7caa637ab378cf06374084ef4b84bfcacf0302fdc5a7c30e20422caf77f32b1f0c215a2ab705341d6aae99f827a266bf09aa60df76a43a930ff8b2d1d87c1962e85e82251ec4ba1c7b2c21e2d65b2c1435430468b2db7502e072c798d63c64e51f4810185f8938614d62462487638c91522caf2989e5781fd60b14a580d7124770b375d59385937eb69267fb536189a8f56b96c0f458690d7cc801b1b92875b7996385228c61ca79947e59fc8c0fe36fb50126b66ca5ee875121e458609bba0c2d2b6da2c47ebbc4252b4702087c49ae13b6e17c424228c61856cf4134b6665db6747bf55633222f2236b24ba24a95d8f5a68e52
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 0aa125d6d6321b7e41e405da3697c215
+            Version: 3
+            TBS:
+                MD5: 8d26184fc613f89aba1cefb30fce1b53
+                SHA1: 63a7e376bad5ec2e419d514a403bcf46c8d31d95
+                SHA256: 56b5f0d9db578e3f142921daa387902722a76700375c7e1c4ae0ba004bacaa0c
+                SHA384: d8c9691fe9dbe182f07b49b07fbb4f589fa7b38b5c4d21f265d3a2e818f4b1bfb39e03faab2ec05bb10333a99914fb8a
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
+            Version: 3
+            TBS:
+                MD5: 829995f702421dea833a24fb2c7f4442
+                SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
+                SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
+                SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
+        Signer:
+        -   SerialNumber: 03f02aca051d1c9330eeabd3706e836f
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            Version: 1
+    Imphash: 3702511999371bac8982d01820dd70f2
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/58509acb-50b4-41a0-9de3-76c571a459e3.yaml b/yaml/58509acb-50b4-41a0-9de3-76c571a459e3.yaml
index 97d8fc59b..ff888072d 100644
--- a/yaml/58509acb-50b4-41a0-9de3-76c571a459e3.yaml
+++ b/yaml/58509acb-50b4-41a0-9de3-76c571a459e3.yaml
@@ -1,102 +1,102 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 58509acb-50b4-41a0-9de3-76c571a459e3
+Tags:
+- msio32.sys
+Verified: 'TRUE'
 Author: Michael Haag
+Created: '2023-07-22'
+MitreID: T1068
 CVE:
 - ''
 Category: vulnerable drivers
 Commands:
-  Command: ''
-  Description: Confirmed vulnerable driver from Microsoft Block List
-  OperatingSystem: Windows
-  Privileges: kernel
-  Usecase: Elevate privileges
-Created: '2023-07-22'
-Detection:
-- type: ''
-  value: ''
-Id: 58509acb-50b4-41a0-9de3-76c571a459e3
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: d7acc8a58b2163f0b070d647e81c49fd
-    SHA1: 0cb0fd5bea730e4eaaec1426b0c15376ccac6d83
-    SHA256: 0d0962db9dc6879067270134801ad425c1f3e85b0dc39877c02aaa9c54aca14e
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2018-02-12 00:57:28'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - ObfDereferenceObject
-  - ZwUnmapViewOfSection
-  - IofCompleteRequest
-  - MmAllocateNonCachedMemory
-  - MmFreeNonCachedMemory
-  - Ke386SetIoAccessMap
-  - ZwOpenSection
-  - IoGetCurrentProcess
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeTickCount
-  - ObReferenceObjectByHandle
-  - ZwMapViewOfSection
-  - ZwClose
-  - DbgPrint
-  - RtlInitUnicodeString
-  - IoDeleteSymbolicLink
-  - Ke386IoSetAccessProcess
-  - IoDeleteDevice
-  - WRITE_PORT_USHORT
-  - WRITE_PORT_UCHAR
-  - READ_PORT_ULONG
-  - READ_PORT_USHORT
-  - READ_PORT_UCHAR
-  - HalTranslateBusAddress
-  - WRITE_PORT_ULONG
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: 9c00a44418a8e719c0034f0d55802693
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: d1c5b39e151846c2dcb30d3116cba10d
-    SHA1: ef12b9e4550f27b0c74b09f9f6c4e1cfa6d757f7
-    SHA256: ace4fba2c26bcc6e806e2ad3abec8dd0852907ccd429053608e3c639a514d1bc
-  SHA1: 7478eb19b453f82ef99734b8aed1e0911aab9d55
-  SHA256: c7d4943ddac34e1a38692c624d799e634ad4c4e3ae7e3bb2ae4cf0d8eb8985bc
-  Sections:
-    .text:
-      Entropy: 6.282770026975047
-      Virtual Size: '0x9f0'
-    .rdata:
-      Entropy: 4.257419198996188
-      Virtual Size: '0xc3'
-    .data:
-      Entropy: 2.5
-      Virtual Size: '0x8'
-    INIT:
-      Entropy: 5.4236305547105035
-      Virtual Size: '0x32e'
-    .reloc:
-      Entropy: 4.3106029983367184
-      Virtual Size: '0xe8'
-  Signature: ''
-  Signatures: {}
-  Imphash: 24b344cd341f8b20003ac85be08df979
-  LoadsDespiteHVCI: 'FALSE'
-MitreID: T1068
+    Command: ''
+    Description: Confirmed vulnerable driver from Microsoft Block List
+    OperatingSystem: Windows
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://gist.github.com/mgraeber-rc/1bde6a2a83237f17b463d051d32e802c
-Tags:
-- msio32.sys
-Verified: 'TRUE'
+Detection:
+-   type: ''
+    value: ''
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: d7acc8a58b2163f0b070d647e81c49fd
+        SHA1: 0cb0fd5bea730e4eaaec1426b0c15376ccac6d83
+        SHA256: 0d0962db9dc6879067270134801ad425c1f3e85b0dc39877c02aaa9c54aca14e
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2018-02-12 00:57:28'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - ObfDereferenceObject
+    - ZwUnmapViewOfSection
+    - IofCompleteRequest
+    - MmAllocateNonCachedMemory
+    - MmFreeNonCachedMemory
+    - Ke386SetIoAccessMap
+    - ZwOpenSection
+    - IoGetCurrentProcess
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeTickCount
+    - ObReferenceObjectByHandle
+    - ZwMapViewOfSection
+    - ZwClose
+    - DbgPrint
+    - RtlInitUnicodeString
+    - IoDeleteSymbolicLink
+    - Ke386IoSetAccessProcess
+    - IoDeleteDevice
+    - WRITE_PORT_USHORT
+    - WRITE_PORT_UCHAR
+    - READ_PORT_ULONG
+    - READ_PORT_USHORT
+    - READ_PORT_UCHAR
+    - HalTranslateBusAddress
+    - WRITE_PORT_ULONG
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: 9c00a44418a8e719c0034f0d55802693
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: d1c5b39e151846c2dcb30d3116cba10d
+        SHA1: ef12b9e4550f27b0c74b09f9f6c4e1cfa6d757f7
+        SHA256: ace4fba2c26bcc6e806e2ad3abec8dd0852907ccd429053608e3c639a514d1bc
+    SHA1: 7478eb19b453f82ef99734b8aed1e0911aab9d55
+    SHA256: c7d4943ddac34e1a38692c624d799e634ad4c4e3ae7e3bb2ae4cf0d8eb8985bc
+    Sections:
+        .text:
+            Entropy: 6.282770026975047
+            Virtual Size: '0x9f0'
+        .rdata:
+            Entropy: 4.257419198996188
+            Virtual Size: '0xc3'
+        .data:
+            Entropy: 2.5
+            Virtual Size: '0x8'
+        INIT:
+            Entropy: 5.4236305547105035
+            Virtual Size: '0x32e'
+        .reloc:
+            Entropy: 4.3106029983367184
+            Virtual Size: '0xe8'
+    Signature: ''
+    Signatures: {}
+    Imphash: 24b344cd341f8b20003ac85be08df979
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/5901421f-7929-487d-87bd-632f29290352.yaml b/yaml/5901421f-7929-487d-87bd-632f29290352.yaml
index 44699386f..12c17da71 100644
--- a/yaml/5901421f-7929-487d-87bd-632f29290352.yaml
+++ b/yaml/5901421f-7929-487d-87bd-632f29290352.yaml
@@ -1,192 +1,195 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 5901421f-7929-487d-87bd-632f29290352
+Tags:
+- VdBSv64.sys
+Verified: 'TRUE'
 Author: Takahiro Haruyama
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create VdBSv64sys binPath= C:\windows\temp\VdBSv64sys.sys type=kernel
-    && sc.exe start VdBSv64sys
-  Description: The Carbon Black Threat Analysis Unit (TAU) discovered 34 unique vulnerable
-    drivers (237 file hashes) accepting firmware access. Six allow kernel memory access.
-    All give full control of the devices to non-admin users. By exploiting the vulnerable
-    drivers, an attacker without the system privilege may erase/alter firmware, and/or
-    elevate privileges. As of the time of writing in October 2023, the filenames of
-    the vulnerable drivers have not been made public until now.
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-11-02'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: 5901421f-7929-487d-87bd-632f29290352
-KnownVulnerableSamples:
-- Company: MiTAC Technology Corporation
-  Date: ''
-  Description: MiTAC System Service Provider
-  FileVersion: 21, 1, 1, 0
-  Filename: ''
-  MD5: 4353b713487a2945b823423bbbf709bd
-  MachineType: AMD64
-  OriginalFilename: VdBSv64.sys
-  Product: MiTAC System Service Provider
-  ProductVersion: 21, 1, 1, 0
-  Publisher: ''
-  SHA1: 4ffa89f8dbdade28813e12db035cf9bd8665ef72
-  SHA256: 91afa3de4b70ee26a4be68587d58b154c7b32b50b504ff0dc0babc4eb56578f4
-  Signature: ''
-  Imphash: 9523103b30fb194643b97ccc3ab7abb0
-  Authentihash:
-    MD5: 16f4705fc75a0769f46b2d1745240aad
-    SHA1: 52da22f92d5d022eaae66ef9e5ebca7ef27b674d
-    SHA256: d2da77e10d2fd2b8b2aa68ab4af1483ef270311c846644e0ec61ace146ee6feb
-  RichPEHeaderHash:
-    MD5: 43a480628499054a660e90855d10145f
-    SHA1: e8a0d07090bd1290ef7ac69969f325f6cb74fa0a
-    SHA256: 55900664a6be8d7981c6ce2236870f5576a0d01d18b0d40f0b1f50d6f2de6b30
-  Sections:
-    .text:
-      Entropy: 6.537004459207361
-      Virtual Size: '0x22d0'
-    .rdata:
-      Entropy: 5.074604634830452
-      Virtual Size: '0xaa0'
-    .data:
-      Entropy: 2.126592634957593
-      Virtual Size: '0x430'
-    .pdata:
-      Entropy: 3.926224846841215
-      Virtual Size: '0x180'
-    PAGE:
-      Entropy: 5.850620166824451
-      Virtual Size: '0x6a4'
-    INIT:
-      Entropy: 5.329381958602971
-      Virtual Size: '0x386'
-    .rsrc:
-      Entropy: 3.3520653582370166
-      Virtual Size: '0x3c8'
-    .reloc:
-      Entropy: 3.6294909850169517
-      Virtual Size: '0x102'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2009-07-23 01:42:31'
-  InternalName: VdBSv64.sys
-  Copyright: Copyright (C) 2007 MiTAC Technology Corporation
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IofCompleteRequest
-  - KeInitializeMutex
-  - KeWaitForSingleObject
-  - KeReleaseMutex
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - IoCreateSymbolicLink
-  - KeSetEvent
-  - KeClearEvent
-  - IoCreateDevice
-  - ExInterlockedInsertTailList
-  - KeInitializeEvent
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - RtlTimeToTimeFields
-  - ExAllocatePool
-  - KeBugCheckEx
-  - DbgPrint
-  - RtlUnicodeToMultiByteN
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=TW, ST=Taiwan, L=Taipei, O=Mitac Technology Corporation, OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, CN=Mitac Technology Corporation
-      ValidFrom: '2008-10-08 00:00:00'
-      ValidTo: '2009-10-23 23:59:59'
-      Signature: 9c744d221ef49ac5485f8833994046192117e43bba976d71dfb3c8c75596b460638f786855f09fa612ee759ca9dde70bf7bcc5d5fbd6b106b17a8220371d0ebfac391f197f97d4c1d3220612c1ecc219fcad6d1e91e58fc1233253b14dd792a0c382cdea0e1d863e27bed56d5a3b39530db0973a425e0c4febb349965a6312d12bf12d6c67bbc6a3020c9a0de56eb295df368e3ee6f27ccb48d98216a6648432b9731981838fdb72417a163f7883556926398afdd4b16226da80cd8ae58d16ba1d06449f59db81545741b3a8657dbfc1645b3aa4e15dd758b7556c57bd82580a22c1a63c48003d948da81cdda831c8ffe2da7779bf7c22bd596ada4a446b7191
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 6088078ee11491f60ccddef11374431a
-      Version: 3
-      TBS:
-        MD5: b2b41fe37981c6cd7f41eb207443bf3b
-        SHA1: 2c72e3c0f306a754b1c2f235eb2e1e9b8a5a4a19
-        SHA256: 2b6a21c61ca95ed2727b13f085a67f552a66f45b13d9db2943ed96a062dd3089
-        SHA384: ef4cebd45206c18ea14e7ff1bffe3cfe4b26714128f4d064036a793aa65728fccf6b82b4d6e123152f4dd22688a80bf4
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 6088078ee11491f60ccddef11374431a
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create VdBSv64sys binPath= C:\windows\temp\VdBSv64sys.sys type=kernel
+        && sc.exe start VdBSv64sys
+    Description: The Carbon Black Threat Analysis Unit (TAU) discovered 34 unique
+        vulnerable drivers (237 file hashes) accepting firmware access. Six allow
+        kernel memory access. All give full control of the devices to non-admin users.
+        By exploiting the vulnerable drivers, an attacker without the system privilege
+        may erase/alter firmware, and/or elevate privileges. As of the time of writing
+        in October 2023, the filenames of the vulnerable drivers have not been made
+        public until now.
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://blogs.vmware.com/security/2023/10/hunting-vulnerable-kernel-drivers.html
-Tags:
-- VdBSv64.sys
-Verified: 'TRUE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Company: MiTAC Technology Corporation
+    Date: ''
+    Description: MiTAC System Service Provider
+    FileVersion: 21, 1, 1, 0
+    Filename: ''
+    MD5: 4353b713487a2945b823423bbbf709bd
+    MachineType: AMD64
+    OriginalFilename: VdBSv64.sys
+    Product: MiTAC System Service Provider
+    ProductVersion: 21, 1, 1, 0
+    Publisher: ''
+    SHA1: 4ffa89f8dbdade28813e12db035cf9bd8665ef72
+    SHA256: 91afa3de4b70ee26a4be68587d58b154c7b32b50b504ff0dc0babc4eb56578f4
+    Signature: ''
+    Imphash: 9523103b30fb194643b97ccc3ab7abb0
+    Authentihash:
+        MD5: 16f4705fc75a0769f46b2d1745240aad
+        SHA1: 52da22f92d5d022eaae66ef9e5ebca7ef27b674d
+        SHA256: d2da77e10d2fd2b8b2aa68ab4af1483ef270311c846644e0ec61ace146ee6feb
+    RichPEHeaderHash:
+        MD5: 43a480628499054a660e90855d10145f
+        SHA1: e8a0d07090bd1290ef7ac69969f325f6cb74fa0a
+        SHA256: 55900664a6be8d7981c6ce2236870f5576a0d01d18b0d40f0b1f50d6f2de6b30
+    Sections:
+        .text:
+            Entropy: 6.537004459207361
+            Virtual Size: '0x22d0'
+        .rdata:
+            Entropy: 5.074604634830452
+            Virtual Size: '0xaa0'
+        .data:
+            Entropy: 2.126592634957593
+            Virtual Size: '0x430'
+        .pdata:
+            Entropy: 3.926224846841215
+            Virtual Size: '0x180'
+        PAGE:
+            Entropy: 5.850620166824451
+            Virtual Size: '0x6a4'
+        INIT:
+            Entropy: 5.329381958602971
+            Virtual Size: '0x386'
+        .rsrc:
+            Entropy: 3.3520653582370166
+            Virtual Size: '0x3c8'
+        .reloc:
+            Entropy: 3.6294909850169517
+            Virtual Size: '0x102'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2009-07-23 01:42:31'
+    InternalName: VdBSv64.sys
+    Copyright: Copyright (C) 2007 MiTAC Technology Corporation
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IofCompleteRequest
+    - KeInitializeMutex
+    - KeWaitForSingleObject
+    - KeReleaseMutex
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - IoCreateSymbolicLink
+    - KeSetEvent
+    - KeClearEvent
+    - IoCreateDevice
+    - ExInterlockedInsertTailList
+    - KeInitializeEvent
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - RtlTimeToTimeFields
+    - ExAllocatePool
+    - KeBugCheckEx
+    - DbgPrint
+    - RtlUnicodeToMultiByteN
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=TW, ST=Taiwan, L=Taipei, O=Mitac Technology Corporation, OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, CN=Mitac Technology
+                Corporation
+            ValidFrom: '2008-10-08 00:00:00'
+            ValidTo: '2009-10-23 23:59:59'
+            Signature: 9c744d221ef49ac5485f8833994046192117e43bba976d71dfb3c8c75596b460638f786855f09fa612ee759ca9dde70bf7bcc5d5fbd6b106b17a8220371d0ebfac391f197f97d4c1d3220612c1ecc219fcad6d1e91e58fc1233253b14dd792a0c382cdea0e1d863e27bed56d5a3b39530db0973a425e0c4febb349965a6312d12bf12d6c67bbc6a3020c9a0de56eb295df368e3ee6f27ccb48d98216a6648432b9731981838fdb72417a163f7883556926398afdd4b16226da80cd8ae58d16ba1d06449f59db81545741b3a8657dbfc1645b3aa4e15dd758b7556c57bd82580a22c1a63c48003d948da81cdda831c8ffe2da7779bf7c22bd596ada4a446b7191
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 6088078ee11491f60ccddef11374431a
+            Version: 3
+            TBS:
+                MD5: b2b41fe37981c6cd7f41eb207443bf3b
+                SHA1: 2c72e3c0f306a754b1c2f235eb2e1e9b8a5a4a19
+                SHA256: 2b6a21c61ca95ed2727b13f085a67f552a66f45b13d9db2943ed96a062dd3089
+                SHA384: ef4cebd45206c18ea14e7ff1bffe3cfe4b26714128f4d064036a793aa65728fccf6b82b4d6e123152f4dd22688a80bf4
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 6088078ee11491f60ccddef11374431a
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/5938df1d-9513-449f-8252-c442ddca0c2a.yaml b/yaml/5938df1d-9513-449f-8252-c442ddca0c2a.yaml
index fac335146..0fbad4811 100644
--- a/yaml/5938df1d-9513-449f-8252-c442ddca0c2a.yaml
+++ b/yaml/5938df1d-9513-449f-8252-c442ddca0c2a.yaml
@@ -1,258 +1,258 @@
 Id: 5938df1d-9513-449f-8252-c442ddca0c2a
+Tags:
+- VBoxUSB.Sys
+Verified: 'TRUE'
 Author: Nasreddine Bencherchali
 Created: '2023-05-06'
 MitreID: T1068
 Category: vulnerable driver
-Verified: 'TRUE'
 Commands:
-  Command: sc.exe create VBoxUSB.sys binPath=C:\windows\temp\VBoxUSB.Sys type=kernel
-    && sc.exe start VBoxUSB.Sys
-  Description: ''
-  Usecase: Elevate privileges
-  Privileges: kernel
-  OperatingSystem: Windows 10
+    Command: sc.exe create VBoxUSB.sys binPath=C:\windows\temp\VBoxUSB.Sys type=kernel
+        && sc.exe start VBoxUSB.Sys
+    Description: ''
+    Usecase: Elevate privileges
+    Privileges: kernel
+    OperatingSystem: Windows 10
 Resources:
 - Internal Research
-Acknowledgement:
-  Person: ''
-  Handle: ''
 Detection: []
+Acknowledgement:
+    Person: ''
+    Handle: ''
 KnownVulnerableSamples:
-- Filename: VBoxUSB.Sys
-  MD5: 65b979bcab915c3922578fe77953d789
-  SHA1: 6a2912c8e2aa4373852585bc1134b83c637bc9fd
-  SHA256: 6071db01b50c658cf78665c24f1d21f21b4a12d16bfcfaa6813bf6bbc4d0a1e8
-  Authentihash:
-    MD5: 5e120bab075f0c78a1023bec63fb5ec6
-    SHA1: 36b030a7f80da09b8b80cdab325489d5a6d9698a
-    SHA256: dd09931d050a354b34731621191795483930bb5f00aa6fba5bb849ea2c89224c
-  Description: ''
-  Company: ''
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  Product: ''
-  ProductVersion: ''
-  Copyright: ''
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions:
-  - AssertMsg1
-  - RTAssertDoBreakpoint
-  - RTErrConvertFromNtStatus
-  - RTLogDefaultInstance
-  - RTLogLogger
-  - RTLogLoggerEx
-  - RTLogLoggerExV
-  - RTLogPrintf
-  - RTLogPrintfV
-  - RTLogRelDefaultInstance
-  - RTLogSetDefaultInstanceThread
-  - RTMemAlloc
-  - RTMemAllocZ
-  - RTMemContAlloc
-  - RTMemContFree
-  - RTMemExecAlloc
-  - RTMemExecFree
-  - RTMemFree
-  - RTMemRealloc
-  - RTMemTmpAlloc
-  - RTMemTmpAllocZ
-  - RTMemTmpFree
-  - RTMpCpuId
-  - RTMpCpuIdFromSetIndex
-  - RTMpCpuIdToSetIndex
-  - RTMpDoesCpuExist
-  - RTMpGetCount
-  - RTMpGetMaxCpuId
-  - RTMpGetOnlineCount
-  - RTMpGetOnlineSet
-  - RTMpGetSet
-  - RTMpIsCpuOnline
-  - RTMpOnAll
-  - RTMpOnOthers
-  - RTMpOnSpecific
-  - RTProcSelf
-  - RTR0MemObjAddress
-  - RTR0MemObjAddressR3
-  - RTR0MemObjAllocCont
-  - RTR0MemObjAllocLow
-  - RTR0MemObjAllocPage
-  - RTR0MemObjAllocPhys
-  - RTR0MemObjAllocPhysNC
-  - RTR0MemObjEnterPhys
-  - RTR0MemObjFree
-  - RTR0MemObjGetPagePhysAddr
-  - RTR0MemObjIsMapping
-  - RTR0MemObjLockKernel
-  - RTR0MemObjLockUser
-  - RTR0MemObjMapKernel
-  - RTR0MemObjMapUser
-  - RTR0MemObjReserveKernel
-  - RTR0MemObjReserveUser
-  - RTR0MemObjSize
-  - RTR0ProcHandleSelf
-  - RTSemEventCreate
-  - RTSemEventDestroy
-  - RTSemEventMultiCreate
-  - RTSemEventMultiDestroy
-  - RTSemEventMultiReset
-  - RTSemEventMultiSignal
-  - RTSemEventMultiWait
-  - RTSemEventMultiWaitNoResume
-  - RTSemEventSignal
-  - RTSemEventWait
-  - RTSemEventWaitNoResume
-  - RTSemFastMutexCreate
-  - RTSemFastMutexDestroy
-  - RTSemFastMutexRelease
-  - RTSemFastMutexRequest
-  - RTSpinlockAcquire
-  - RTSpinlockAcquireNoInts
-  - RTSpinlockCreate
-  - RTSpinlockDestroy
-  - RTSpinlockRelease
-  - RTSpinlockReleaseNoInts
-  - RTThreadNativeSelf
-  - RTThreadSleep
-  - RTThreadYield
-  - SUPR0ContAlloc
-  - SUPR0ContFree
-  - SUPR0GipMap
-  - SUPR0GipUnmap
-  - SUPR0LockMem
-  - SUPR0LowAlloc
-  - SUPR0LowFree
-  - SUPR0MemAlloc
-  - SUPR0MemFree
-  - SUPR0MemGetPhys
-  - SUPR0ObjAddRef
-  - SUPR0ObjRegister
-  - SUPR0ObjRelease
-  - SUPR0ObjVerifyAccess
-  - SUPR0PageAlloc
-  - SUPR0PageFree
-  - SUPR0UnlockMem
-  ImportedFunctions:
-  - IofCompleteRequest
-  - DbgPrint
-  - IoIs32bitProcess
-  - MmFreeContiguousMemory
-  - IoFreeMdl
-  - MmGetSystemRoutineAddress
-  - RtlInitUnicodeString
-  - KeCancelTimer
-  - KeInsertQueueDpc
-  - __C_specific_handler
-  - MmMapLockedPagesSpecifyCache
-  - MmUnmapLockedPages
-  - KeSetTimerEx
-  - ExSetTimerResolution
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - KeSetTargetProcessorDpc
-  - KeSetImportanceDpc
-  - KeInitializeDpc
-  - KeInitializeTimerEx
-  - MmGetPhysicalAddress
-  - KeQueryActiveProcessors
-  - MmBuildMdlForNonPagedPool
-  - IoAllocateMdl
-  - MmAllocateContiguousMemory
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - memchr
-  - strncmp
-  - PsGetCurrentProcessId
-  - IoGetCurrentProcess
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - KeDelayExecutionThread
-  - ZwYieldExecution
-  - KeAcquireSpinLockRaiseToDpc
-  - KeReleaseSpinLock
-  - KeInitializeEvent
-  - KeSetEvent
-  - KeResetEvent
-  - KeWaitForSingleObject
-  - ExAcquireFastMutex
-  - ExReleaseFastMutex
-  - MmUnmapIoSpace
-  - MmUnlockPages
-  - MmFreePagesFromMdl
-  - MmUnsecureVirtualMemory
-  - MmProtectMdlSystemAddress
-  - MmAllocatePagesForMdl
-  - MmSecureVirtualMemory
-  - MmProbeAndLockPages
-  - MmMapIoSpace
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows
-      ValidFrom: '2021-09-02 18:23:41'
-      ValidTo: '2022-09-01 18:23:41'
-      Signature: 699045742c403812de1bdf9ea2be22132e82a7c006ab278e0c9f460bd435386348031a6b5cbdf450ae5a243331dcb2cc7eace8371cf71ec35a6f663147bd211ea357614e6a611eeacca6486a778d4cd788106ade12d6625574e7a89ecab4eb0bb99295c498dd5f565680a2d26bf2545e727c4204023c48d8021b608fd901c6fefd16ce0c3a669fb0ce758dc671f2cdd7434c163f9de9453e5523d94a78205c828a4615e50330d9f52a8a77f7683d2b61ff1324382d40d31001c518b56b286fbb8c754f6940590c2071385ed0a9387b529c06bf71fff89c74634550fc331b389d558696ace05787144e5af53d20a75a84981bf8380ddac3743f407d8ff27c089e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 330000033c89c66a7b45bb1fbd00000000033c
-      Version: 3
-      TBS:
-        MD5: 46f57c3b860b08484cb79066ac1014ad
-        SHA1: c1fe3ab97b834a98460e4ae92fe2468d16f61a92
-        SHA256: d78e6b22fec42de5200f6c56731dd6742c79fa2bf7c01c8dc04d3d5738474c9b
-        SHA384: d64e2d7f3cf0c23601d2d260f80e767d2e2a92fc43d93fdae6006987af96b6706d0c1e60e573e207a49334269e178e87
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Production PCA 2011
-      ValidFrom: '2011-10-19 18:41:42'
-      ValidTo: '2026-10-19 18:51:42'
-      Signature: 14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: '61077656000000000008'
-      Version: 3
-      TBS:
-        MD5: 30a3f0b64324ed7f465e7fc618cb69e7
-        SHA1: 002de3561519b662c5e3f5faba1b92c403fb7c41
-        SHA256: 4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146
-        SHA384: 4f9a02c3eac5e83c38074d54c0bf270e03a1d668e0001c9812c509eb08a19075ee778a7630e65598e4608fc66e2d1c66
-    Signer:
-    - SerialNumber: 330000033c89c66a7b45bb1fbd00000000033c
-      Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Production PCA 2011
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 3b563e832ffe657653773aabadea926a
-    SHA1: 910da2f8bdc0e1356a2a9f1b160740665b223894
-    SHA256: d782f2dfed49e4cd3b9496d9190619a0984ef2c034a6f866915323122f3a036f
-  Sections:
-    .text:
-      Entropy: 6.2039165195201695
-      Virtual Size: '0x856e'
-    .rdata:
-      Entropy: 5.607114485004288
-      Virtual Size: '0x2a58'
-    .data:
-      Entropy: 1.9666645281474864
-      Virtual Size: '0x1d00'
-    .pdata:
-      Entropy: 4.674336635214751
-      Virtual Size: '0xcf0'
-    .edata:
-      Entropy: 5.350712994836838
-      Virtual Size: '0xa72'
-    INIT:
-      Entropy: 4.871003292573194
-      Virtual Size: '0x638'
-    .reloc:
-      Entropy: 3.745971599596066
-      Virtual Size: '0x13c'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2008-05-30 20:18:53'
-  Imphash: b262e8d078ede007ebd0aa71b9152863
-  LoadsDespiteHVCI: 'TRUE'
-Tags:
-- VBoxUSB.Sys
+-   Filename: VBoxUSB.Sys
+    MD5: 65b979bcab915c3922578fe77953d789
+    SHA1: 6a2912c8e2aa4373852585bc1134b83c637bc9fd
+    SHA256: 6071db01b50c658cf78665c24f1d21f21b4a12d16bfcfaa6813bf6bbc4d0a1e8
+    Authentihash:
+        MD5: 5e120bab075f0c78a1023bec63fb5ec6
+        SHA1: 36b030a7f80da09b8b80cdab325489d5a6d9698a
+        SHA256: dd09931d050a354b34731621191795483930bb5f00aa6fba5bb849ea2c89224c
+    Description: ''
+    Company: ''
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    Product: ''
+    ProductVersion: ''
+    Copyright: ''
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions:
+    - AssertMsg1
+    - RTAssertDoBreakpoint
+    - RTErrConvertFromNtStatus
+    - RTLogDefaultInstance
+    - RTLogLogger
+    - RTLogLoggerEx
+    - RTLogLoggerExV
+    - RTLogPrintf
+    - RTLogPrintfV
+    - RTLogRelDefaultInstance
+    - RTLogSetDefaultInstanceThread
+    - RTMemAlloc
+    - RTMemAllocZ
+    - RTMemContAlloc
+    - RTMemContFree
+    - RTMemExecAlloc
+    - RTMemExecFree
+    - RTMemFree
+    - RTMemRealloc
+    - RTMemTmpAlloc
+    - RTMemTmpAllocZ
+    - RTMemTmpFree
+    - RTMpCpuId
+    - RTMpCpuIdFromSetIndex
+    - RTMpCpuIdToSetIndex
+    - RTMpDoesCpuExist
+    - RTMpGetCount
+    - RTMpGetMaxCpuId
+    - RTMpGetOnlineCount
+    - RTMpGetOnlineSet
+    - RTMpGetSet
+    - RTMpIsCpuOnline
+    - RTMpOnAll
+    - RTMpOnOthers
+    - RTMpOnSpecific
+    - RTProcSelf
+    - RTR0MemObjAddress
+    - RTR0MemObjAddressR3
+    - RTR0MemObjAllocCont
+    - RTR0MemObjAllocLow
+    - RTR0MemObjAllocPage
+    - RTR0MemObjAllocPhys
+    - RTR0MemObjAllocPhysNC
+    - RTR0MemObjEnterPhys
+    - RTR0MemObjFree
+    - RTR0MemObjGetPagePhysAddr
+    - RTR0MemObjIsMapping
+    - RTR0MemObjLockKernel
+    - RTR0MemObjLockUser
+    - RTR0MemObjMapKernel
+    - RTR0MemObjMapUser
+    - RTR0MemObjReserveKernel
+    - RTR0MemObjReserveUser
+    - RTR0MemObjSize
+    - RTR0ProcHandleSelf
+    - RTSemEventCreate
+    - RTSemEventDestroy
+    - RTSemEventMultiCreate
+    - RTSemEventMultiDestroy
+    - RTSemEventMultiReset
+    - RTSemEventMultiSignal
+    - RTSemEventMultiWait
+    - RTSemEventMultiWaitNoResume
+    - RTSemEventSignal
+    - RTSemEventWait
+    - RTSemEventWaitNoResume
+    - RTSemFastMutexCreate
+    - RTSemFastMutexDestroy
+    - RTSemFastMutexRelease
+    - RTSemFastMutexRequest
+    - RTSpinlockAcquire
+    - RTSpinlockAcquireNoInts
+    - RTSpinlockCreate
+    - RTSpinlockDestroy
+    - RTSpinlockRelease
+    - RTSpinlockReleaseNoInts
+    - RTThreadNativeSelf
+    - RTThreadSleep
+    - RTThreadYield
+    - SUPR0ContAlloc
+    - SUPR0ContFree
+    - SUPR0GipMap
+    - SUPR0GipUnmap
+    - SUPR0LockMem
+    - SUPR0LowAlloc
+    - SUPR0LowFree
+    - SUPR0MemAlloc
+    - SUPR0MemFree
+    - SUPR0MemGetPhys
+    - SUPR0ObjAddRef
+    - SUPR0ObjRegister
+    - SUPR0ObjRelease
+    - SUPR0ObjVerifyAccess
+    - SUPR0PageAlloc
+    - SUPR0PageFree
+    - SUPR0UnlockMem
+    ImportedFunctions:
+    - IofCompleteRequest
+    - DbgPrint
+    - IoIs32bitProcess
+    - MmFreeContiguousMemory
+    - IoFreeMdl
+    - MmGetSystemRoutineAddress
+    - RtlInitUnicodeString
+    - KeCancelTimer
+    - KeInsertQueueDpc
+    - __C_specific_handler
+    - MmMapLockedPagesSpecifyCache
+    - MmUnmapLockedPages
+    - KeSetTimerEx
+    - ExSetTimerResolution
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - KeSetTargetProcessorDpc
+    - KeSetImportanceDpc
+    - KeInitializeDpc
+    - KeInitializeTimerEx
+    - MmGetPhysicalAddress
+    - KeQueryActiveProcessors
+    - MmBuildMdlForNonPagedPool
+    - IoAllocateMdl
+    - MmAllocateContiguousMemory
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - memchr
+    - strncmp
+    - PsGetCurrentProcessId
+    - IoGetCurrentProcess
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - KeDelayExecutionThread
+    - ZwYieldExecution
+    - KeAcquireSpinLockRaiseToDpc
+    - KeReleaseSpinLock
+    - KeInitializeEvent
+    - KeSetEvent
+    - KeResetEvent
+    - KeWaitForSingleObject
+    - ExAcquireFastMutex
+    - ExReleaseFastMutex
+    - MmUnmapIoSpace
+    - MmUnlockPages
+    - MmFreePagesFromMdl
+    - MmUnsecureVirtualMemory
+    - MmProtectMdlSystemAddress
+    - MmAllocatePagesForMdl
+    - MmSecureVirtualMemory
+    - MmProbeAndLockPages
+    - MmMapIoSpace
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows
+            ValidFrom: '2021-09-02 18:23:41'
+            ValidTo: '2022-09-01 18:23:41'
+            Signature: 699045742c403812de1bdf9ea2be22132e82a7c006ab278e0c9f460bd435386348031a6b5cbdf450ae5a243331dcb2cc7eace8371cf71ec35a6f663147bd211ea357614e6a611eeacca6486a778d4cd788106ade12d6625574e7a89ecab4eb0bb99295c498dd5f565680a2d26bf2545e727c4204023c48d8021b608fd901c6fefd16ce0c3a669fb0ce758dc671f2cdd7434c163f9de9453e5523d94a78205c828a4615e50330d9f52a8a77f7683d2b61ff1324382d40d31001c518b56b286fbb8c754f6940590c2071385ed0a9387b529c06bf71fff89c74634550fc331b389d558696ace05787144e5af53d20a75a84981bf8380ddac3743f407d8ff27c089e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 330000033c89c66a7b45bb1fbd00000000033c
+            Version: 3
+            TBS:
+                MD5: 46f57c3b860b08484cb79066ac1014ad
+                SHA1: c1fe3ab97b834a98460e4ae92fe2468d16f61a92
+                SHA256: d78e6b22fec42de5200f6c56731dd6742c79fa2bf7c01c8dc04d3d5738474c9b
+                SHA384: d64e2d7f3cf0c23601d2d260f80e767d2e2a92fc43d93fdae6006987af96b6706d0c1e60e573e207a49334269e178e87
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Production PCA 2011
+            ValidFrom: '2011-10-19 18:41:42'
+            ValidTo: '2026-10-19 18:51:42'
+            Signature: 14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: '61077656000000000008'
+            Version: 3
+            TBS:
+                MD5: 30a3f0b64324ed7f465e7fc618cb69e7
+                SHA1: 002de3561519b662c5e3f5faba1b92c403fb7c41
+                SHA256: 4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146
+                SHA384: 4f9a02c3eac5e83c38074d54c0bf270e03a1d668e0001c9812c509eb08a19075ee778a7630e65598e4608fc66e2d1c66
+        Signer:
+        -   SerialNumber: 330000033c89c66a7b45bb1fbd00000000033c
+            Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Production PCA 2011
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 3b563e832ffe657653773aabadea926a
+        SHA1: 910da2f8bdc0e1356a2a9f1b160740665b223894
+        SHA256: d782f2dfed49e4cd3b9496d9190619a0984ef2c034a6f866915323122f3a036f
+    Sections:
+        .text:
+            Entropy: 6.2039165195201695
+            Virtual Size: '0x856e'
+        .rdata:
+            Entropy: 5.607114485004288
+            Virtual Size: '0x2a58'
+        .data:
+            Entropy: 1.9666645281474864
+            Virtual Size: '0x1d00'
+        .pdata:
+            Entropy: 4.674336635214751
+            Virtual Size: '0xcf0'
+        .edata:
+            Entropy: 5.350712994836838
+            Virtual Size: '0xa72'
+        INIT:
+            Entropy: 4.871003292573194
+            Virtual Size: '0x638'
+        .reloc:
+            Entropy: 3.745971599596066
+            Virtual Size: '0x13c'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2008-05-30 20:18:53'
+    Imphash: b262e8d078ede007ebd0aa71b9152863
+    LoadsDespiteHVCI: 'TRUE'
diff --git a/yaml/5943b267-64f3-40d4-8669-354f23dec122.yaml b/yaml/5943b267-64f3-40d4-8669-354f23dec122.yaml
index 2f0b9d537..8d3441fb8 100644
--- a/yaml/5943b267-64f3-40d4-8669-354f23dec122.yaml
+++ b/yaml/5943b267-64f3-40d4-8669-354f23dec122.yaml
@@ -1,1009 +1,1011 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 5943b267-64f3-40d4-8669-354f23dec122
+Tags:
+- Agent64.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create Agent64.sys binPath=C:\windows\temp\Agent64.sys type=kernel
-    && sc.exe start Agent64.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/05f052c64d192cf69a462a5ec16dda0d43ca5d0245900c9fcb9201685a2e7748.yara
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/4045ae77859b1dbf13972451972eaaf6f3c97bea423e9e78f1c2f14330cd47ca.yara
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/6948480954137987a0be626c24cf594390960242cd75f094cd6aaa5c2e7a54fa.yara
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/8cb62c5d41148de416014f80bd1fd033fd4d2bd504cb05b90eeb6992a382d58f.yara
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/b1d96233235a62dbb21b8dbe2d1ae333199669f67664b107bff1ad49b41d9414.yara
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: 5943b267-64f3-40d4-8669-354f23dec122
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: d86884546c97e614b73d16c600cfb2df
-    SHA1: 94f7575a6bb378d0cf85b3dc65941c95415e7a80
-    SHA256: 3bc0cec99dce687304dad8f7a6daf772e695cbd0169d346d03ae12500361a1e8
-  Company: Phoenix Technologies
-  Copyright: EnTech Taiwan, 1997-2009
-  CreationTimestamp: '2009-12-14 03:23:26'
-  Date: ''
-  Description: DriverAgent Direct I/O for 64-bit Windows
-  ExportedFunctions: ''
-  FileVersion: '6.0'
-  Filename: Agent64.sys
-  ImportedFunctions:
-  - KeInitializeDpc
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - IofCallDriver
-  - ExFreePoolWithTag
-  - ExAllocatePool
-  - ZwClose
-  - MmUnmapLockedPages
-  - IoDeleteDevice
-  - KeSetEvent
-  - MmFreeContiguousMemory
-  - MmUnmapIoSpace
-  - IoFreeMdl
-  - ZwUnmapViewOfSection
-  - IoConnectInterrupt
-  - IoDisconnectInterrupt
-  - IoStartNextPacket
-  - KeInsertQueueDpc
-  - MmMapLockedPages
-  - ZwMapViewOfSection
-  - MmBuildMdlForNonPagedPool
-  - MmGetPhysicalAddress
-  - MmMapLockedPagesSpecifyCache
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - IoAllocateMdl
-  - MmAllocateContiguousMemory
-  - KeBugCheckEx
-  - RtlInitUnicodeString
-  - _snwprintf
-  - IoCreateNotificationEvent
-  - IoDeleteSymbolicLink
-  - HalTranslateBusAddress
-  - HalGetInterruptVector
-  - KeStallExecutionProcessor
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: Agent64.sys
-  MD5: 8407ddfab85ae664e507c30314090385
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: Agent64.sys
-  Product: DriverAgent
-  ProductVersion: '6.0'
-  Publisher: '"eSupport.com, Inc.", Phoenix Technologies Ltd, "eSupport.com, Inc" '
-  RichPEHeaderHash:
-    MD5: dd9ea0c6c3773a8caf1a86726551af41
-    SHA1: 45509ef0d417fb2a30496adc9511d048e4730f98
-    SHA256: 5b467c45ee29fdaba31eff00eacc8db61940f94a9bf6a357c0663c58b2cd752b
-  SHA1: 8db869c0674221a2d3280143cbb0807fac08e0cc
-  SHA256: 05f052c64d192cf69a462a5ec16dda0d43ca5d0245900c9fcb9201685a2e7748
-  Sections:
-    .text:
-      Entropy: 6.202530356985499
-      Virtual Size: '0x1e7e'
-    .rdata:
-      Entropy: 4.254011605715145
-      Virtual Size: '0x2c8'
-    .data:
-      Entropy: 0.36599028709984766
-      Virtual Size: '0x198'
-    .pdata:
-      Entropy: 3.801830276557545
-      Virtual Size: '0xf0'
-    INIT:
-      Entropy: 4.959426922678397
-      Virtual Size: '0x4e4'
-    .rsrc:
-      Entropy: 3.2916671010793452
-      Virtual Size: '0x3f8'
-  Signature:
-  - eSupport.com, Inc.
-  - GlobalSign CodeSigning CA - SHA256 - G2
-  - GlobalSign
-  - GlobalSign Root CA - R1
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Timestamping CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2028-01-28 12:00:00'
-      Signature: 4e5e56901e46b4d94931f3bb1739281bc216ddfd41dc0905049b6fb2a29ad6992e40990055b5ea3fa52076d38634d417cc553ac782eeefa8babcd8069f1550dfcd167b523a02d7191afdaff0785ce04bc518df3a241edaacb8a95804020730dbb0125efe31bef00448f4f070f83a5e5683cf3dfb0dbcf4c5ed979db9d4dba52784e3389b8ba735864420a43b6da46a0ba183fd28ebdaef28f6cc885dfb0a3b00abe021ebe22f356c0f8e344597eba2f79933357ecb9a8abb454de73f9fc2d98afa65b26ec77e65ffe892e12c31a2f7b02736488f266f3bee4d761f79c3e57f9635bc2d0ecc01b08e7fff518080a792d4b34446648c874f166307314b63b0dff3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee152d7
-      Version: 3
-      TBS:
-        MD5: e140543fe3256027cfa79fc3c19c1776
-        SHA1: c655f94eb1ecc93de319fc0c9a2dc6c5ec063728
-        SHA256: 3ca71e85908ff67368e4dc00253f5691b9e6d50c966e7784143d75fb92aa3448
-        SHA384: d9d366f9328f2b55ee19a32cc5fd5148b81d764282fe5dc196c872ae249caa51d2c212ef39f33945dfe0cda81925e326
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , SHA256 , G2
-      ValidFrom: '2011-08-02 10:00:00'
-      ValidTo: '2019-08-02 10:00:00'
-      Signature: 79b06934e20587f6fed4602c2f86793403e0b107930c845cf9e4dc6ccf6eb5ec0a5cba0bd068312e3f64bd0f826b6677817fc629a517d8f0894d832411f66efe9de1480a28a0e27b2480a4ecc29a00d7b06d6ccd88d51578cf13f988a5734dc1362bdccbcedb7e7cd28bef2fbdb34f4d3aadbb626e2893c40ccbd9e6cae011029403b0bd3f942856901e53c227d5c93ccd1a631e825915b640caa781aac355af33d1b575e809ea47084822fb5d1bf32c7a697ec5d75a5e56333cad57e8932542c3d25e713b4a1c54eda955ac2805c7c46c5ddc3c93f6693c8251ce1a153d5e0173ff40a2eab4aed38efaee5d6c47c741f5d45657f2183732d6d4cc4bf671e076
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000013189c637e8
-      Version: 3
-      TBS:
-        MD5: 0140a61a07f5dfb1d7d3c66ec7d6a916
-        SHA1: 38cf80255975d689f1ab266a85bc72335a82e41f
-        SHA256: 79a79284a0ef2db92bc02b235895de02ee6a15bb7ee233185d4567f9fc3d1d1a
-        SHA384: 5fcadd07057f8358148fca22ad424498f8e1a97bb55317e4426f809000542988867e0c44d0175950450653e0d20dd83a
-    - Subject: OU=GlobalSign Root CA , R3, O=GlobalSign, CN=GlobalSign
-      ValidFrom: '2009-11-18 10:00:00'
-      ValidTo: '2019-03-18 10:00:00'
-      Signature: 4252a97ea2cf5b3bcb4bddbaf85759d324a47772ef62443782ed06ee04d5165f24a314dc6c54056ab09b3dda8139daad28db956f8183f5cd62b14524b1dd29e5085495958cf01d065f1ad6463f1340174811169b474dd13ab50f571c9230d0f8b2253b0acdf687f9c7b257d33f7da58c14ce9ca8c79f4693da59fa795d652035445a4fc1909dc1549256dc34c8f5c103d05dc059489c00fc95a0f1d176f71636c813927f2d2bc0b880f126261f414d52bf1e97bb018208e715f6c1d5342accf5e4c3877a5781e1d6d74286620177e2a9c47a86f404387a076a7d00ec73f7a80b3478c59eb3efb838400e8c3353c875ec5f3eea755eff820e7415dc1905f3ba31
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000125071df9af
-      Version: 3
-      TBS:
-        MD5: f47739306d14722e670d9436eadb8e4f
-        SHA1: 457d9df00a652cb4c3356d00145d9528fc309172
-        SHA256: bd1765c56594221373893ef26d97f88c144fb0e5a0111215b45d7239c3444df7
-        SHA384: b8b268a1bdf388be66a1c969b7b353cb2bbc9fad446049b7efa05a9ab3b714494e97f4d1ee1c0bae35bfd9bf6ef275b3
-    - Subject: C=SG, O=GMO GlobalSign Pte Ltd, CN=GlobalSign TSA for MS Authenticode
-        , G2
-      ValidFrom: '2015-02-03 00:00:00'
-      ValidTo: '2026-03-03 00:00:00'
-      Signature: 8032dc078d1ca09c9d3c2ae83d218b59a14d7ecc44ce03be7eaabcc4e67b73bb4bf188da904e7537283863b9d72b0f54a956ce7739973073cd9bd9d905451c8da4b8035d4fd91c2e98e0e988e6ecd7057e562a7bf7165ba3ad8f972512841bb25c634a0ad2ef10544782843569289c0ce41f141624fa75dc74726e4ecae36a43afcf7d3648d1bde906912c2fa6c871fdcfbdd89d2198fcafdbde228cafa7f377ef9ddca3704b441af078851ef2a58c39b5dc881c37edad14f5070b26bdbe6d025eb1b8b0586c853a0df6ff5a270cc5de53e7543c564cc94e4c30f6f25cfb1a8cc282bead5991f61b4d557bcf5b01dcfd7ad36f235c32479b01f3c15114468a9b
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112106a081d33fd87ae5824cc16b52094e03
-      Version: 3
-      TBS:
-        MD5: a0ac4d48fe852f7b3ed4e623d59a825f
-        SHA1: d4db9846bc4d7db142eeb364286f6de7c102420c
-        SHA256: 78d2e41a13eb4e9171bae2d2adb192cf39210b5231f77cda936bcfbe8c003bdf
-        SHA384: 990ed96dca5979deeedc98a012279f04efb5559d7e7f5084a12f3802ee9439326557aecefd081cff739b78515b5d7f50
-    - Subject: C=US, ST=MA, L=North Andover, O=eSupport.com, Inc., CN=eSupport.com,
-        Inc.
-      ValidFrom: '2014-09-24 20:36:26'
-      ValidTo: '2015-09-25 20:36:26'
-      Signature: 386e2be7e95562b52e95ae0e00ab2181b2d671a2d324c96e5512d8af948dd9e15d42aafe5431ae079857b9c35ccd663ba7c0fef04974f27d8bf8a384fd5489393bdacf6dee7067f5ea9f11311e4a1b3b917c866eaee253c8edd08fc79e25bca7e0c0e892d4f0d65cce1aea7e4813c53d8baa708ad6ee167c4b6ba2cf88a6f29661aab4cd73062532812338ca25950c06dc45becdf28ee42048c9cbaa8ec58c8f2afb18b82e0b7ef389417c48900b41e4093c664ab69bbf35fb7af80baefd1781999e6b119ff8bf21245611aa6c2cd356631c67e1dd9c69da25746b7f543014be046ef19b1cf9a5bfd0594d8816f83aa590588e9501166b85ed40961885fb54f7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 11216e054fad930d88cabc078eb0d3bcc8ac
-      Version: 3
-      TBS:
-        MD5: 07ff655cdba156b39f88d802c992ebf3
-        SHA1: 3c8d5517e4d30167f270e3543d5e2ce2bf467070
-        SHA256: a065dcc26ff157388fbb81ef23454b8eaf2deaa4794040f4bf1afb6a6d79d0a7
-        SHA384: e9c4de5f60539f7237e8d371e15b74bcc18d5b329fa6545c422b0c400f98d6c1e482c5a9b98e61c5ab8958c76e226976
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2011-04-15 19:55:08'
-      ValidTo: '2021-04-15 20:05:08'
-      Signature: 5ff8d065746a81c6a6ca5b03b6914ae84bbdef2ba142f0efb4a5adcd3389ec0b9585ac62501108aa58d25aa08310e5a6337af25af2c5fe787cf09c83df190ad97396002dd62ccde914d41d9de83f3c1a76f7904efb01350a6c9313a0c356eb67a0e4d17a96dec267f190f80a7bf5321b94ec5f751f8d1b34da6c58a7cb2d279e2226b7c9aa30cc0777b836e38201b5393ccc8dd9a75f7f23b3877fdb5798918bd7ce2520e39d644fdd87f72b68490318e0a5df7c5f68644d36838d4781f2e9e0a869abfa7b163c05a449ea8830190a6c73055178dfd41ddd3ad47f2de44e54be83431e7a7433b4a4ebd77073bc2a02988966eef6bc8f749378e329025a5a43e258ce7ccf9acad236893be25fda26054ec8d4e72c910e1797c5beee8b13112323294ffa83d050f6bafad53db3173df4ff034aa325dce67561d1fa35086bd62744d068b78d45e0eb852cc8a15d614474160e5958aed2b5eea5bcd6d7076ab62978fd976767dd8d4f17944fd2ed0caf972437c3a29c81da6be143b6577b4cecbf791319e79fe844e94781b75e701e91f83dd17b27f50b7056434805dda92fab86101d0b12e31ad04c6e75ded645b30b748887935c564a41029af7aeb799d8b67f88fa11f2457cf4d71b91c01cf1a0fbd4080a411a142acef4eb34486e66879ed54b7a397fbb0e3d3861cf735706e412066bd96b5308cd7018c22d4f974691bca9f0
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 6129152700000000002a
-      Version: 3
-      TBS:
-        MD5: 0bb058d116f02817737920f112d9fd3b
-        SHA1: fd116235171a4feafedee586b7a59185fb5fd7e6
-        SHA256: f970426cc46d2ae0fc5f899fa19dbe76e05f07e525654c60c3c9399492c291f4
-        SHA384: c0df876be008c26ca407fe904e6f5e7ccded17f9c16830ce9f8022309c9e64c97f494810f152811ae43e223b82ad7cc6
-    Signer:
-    - SerialNumber: 11216e054fad930d88cabc078eb0d3bcc8ac
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , SHA256 , G2
-      Version: 1
-  Imphash: 08c7f29f5cb29ba70e49879da2e8ddce
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: d86884546c97e614b73d16c600cfb2df
-    SHA1: 94f7575a6bb378d0cf85b3dc65941c95415e7a80
-    SHA256: 3bc0cec99dce687304dad8f7a6daf772e695cbd0169d346d03ae12500361a1e8
-  Company: Phoenix Technologies
-  Copyright: EnTech Taiwan, 1997-2009
-  CreationTimestamp: '2009-12-14 03:23:26'
-  Date: ''
-  Description: DriverAgent Direct I/O for 64-bit Windows
-  ExportedFunctions: ''
-  FileVersion: '6.0'
-  Filename: Agent64.sys
-  ImportedFunctions:
-  - KeInitializeDpc
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - IofCallDriver
-  - ExFreePoolWithTag
-  - ExAllocatePool
-  - ZwClose
-  - MmUnmapLockedPages
-  - IoDeleteDevice
-  - KeSetEvent
-  - MmFreeContiguousMemory
-  - MmUnmapIoSpace
-  - IoFreeMdl
-  - ZwUnmapViewOfSection
-  - IoConnectInterrupt
-  - IoDisconnectInterrupt
-  - IoStartNextPacket
-  - KeInsertQueueDpc
-  - MmMapLockedPages
-  - ZwMapViewOfSection
-  - MmBuildMdlForNonPagedPool
-  - MmGetPhysicalAddress
-  - MmMapLockedPagesSpecifyCache
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - IoAllocateMdl
-  - MmAllocateContiguousMemory
-  - KeBugCheckEx
-  - RtlInitUnicodeString
-  - _snwprintf
-  - IoCreateNotificationEvent
-  - IoDeleteSymbolicLink
-  - HalTranslateBusAddress
-  - HalGetInterruptVector
-  - KeStallExecutionProcessor
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: Agent64.sys
-  MD5: 1ed08a6264c5c92099d6d1dae5e8f530
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: Agent64.sys
-  Product: DriverAgent
-  ProductVersion: '6.0'
-  Publisher: '"eSupport.com, Inc.", Phoenix Technologies Ltd, "eSupport.com, Inc" '
-  RichPEHeaderHash:
-    MD5: dd9ea0c6c3773a8caf1a86726551af41
-    SHA1: 45509ef0d417fb2a30496adc9511d048e4730f98
-    SHA256: 5b467c45ee29fdaba31eff00eacc8db61940f94a9bf6a357c0663c58b2cd752b
-  SHA1: 27d3ebea7655a72e6e8b95053753a25db944ec0f
-  SHA256: 4045ae77859b1dbf13972451972eaaf6f3c97bea423e9e78f1c2f14330cd47ca
-  Sections:
-    .text:
-      Entropy: 6.202530356985499
-      Virtual Size: '0x1e7e'
-    .rdata:
-      Entropy: 4.254011605715145
-      Virtual Size: '0x2c8'
-    .data:
-      Entropy: 0.36599028709984766
-      Virtual Size: '0x198'
-    .pdata:
-      Entropy: 3.801830276557545
-      Virtual Size: '0xf0'
-    INIT:
-      Entropy: 4.959426922678397
-      Virtual Size: '0x4e4'
-    .rsrc:
-      Entropy: 3.2916671010793452
-      Virtual Size: '0x3f8'
-  Signature:
-  - Phoenix Technologies Ltd
-  - GlobalSign ObjectSign CA
-  - GlobalSign Primary Object Publishing CA
-  - GlobalSign Root CA - R1
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
-        Primary Object Publishing CA
-      ValidFrom: '1999-01-28 13:00:00'
-      ValidTo: '2017-01-27 12:00:00'
-      Signature: b578a6a27c04b77fc97f7d6abc71fa293060c2f4621efe7f431e9b6ee2b21f730b85765b7df54e49062fd4fab79140efed6f8d8e138354c52a023d0aa4dc990b7abd772fcc40c18ff3c48c4e72ba107ce6ff642bc7ce6ca7fcd79a7c8e468d01834d423bdb9c3f9f326157d717b0b33666f0b3fd446f8137b1944ea7562589f58ad66d116262795c42900218d39c23fc08e86445b92d7e805b4eafc38a299283781f914134af85c5fd07994e2c5cfec7fd17bb2525314d72b5b5294b489a376f13c7114e4a451e7e2f319cabe852afd6679734885f0e276a6652d15ac7ac302c2038dd2bff3aebce104582a27b1ba12073569b2a93e60451066c1bdc2f899493
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 040000000001239e0facb3
-      Version: 3
-      TBS:
-        MD5: 5ccf05e4dec10d9d6fe15d8778325272
-        SHA1: 79f0a648bd7f1184f86bff43ae47c9ecc3ed3cec
-        SHA256: 33ea31b892ba274a4aefe545de45c42c218b6dff78146655cdea892545c2cccc
-        SHA384: 1350ebc11fd20f5f141bc545786506e6a154be054da7a6e603cb276a6d60a24f2a4016ecc2f5cabd1088e1905f60aabf
-    - Subject: C=US, ST=MA, L=North Andover, O=Phoenix Technologies Ltd, OU=eSupport,
-        CN=Phoenix Technologies Ltd
-      ValidFrom: '2009-12-11 17:20:45'
-      ValidTo: '2010-12-12 17:20:42'
-      Signature: a7d9a2c70e374ebde881422b81fab976d3182885474a1379d078c736dc5e32157c8b5c667ec3e4bfb078a7f1e90e27be2bad1a41c54e9b53fcdf4f53c55a4a6e1328c147ca683314ae76a64e00d0487ae707f63c1c8524b5245329d368f7cbe263c7982dc73fe20c76921d51ad2a4333baba7443b5f493d42e8a2abcc510371a0a8a6b549cc41484d1da2442ce77e29284e7a6c1c64f2597e2cef45d2e97e1bb74826cab053233cfffed1d55c0c65b6bdefe00c5817dcbe798aa13bb7fb5c909348d5968c7f049f99943fbe0cf8be7e68fee1c6b45b911ecb1e11683a719be94109894e0c39d50530bbb9d0d2db812b78893f9ed0a870f9f6196268ed35ef119
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 010000000001257ee1f400
-      Version: 3
-      TBS:
-        MD5: ed0acf60cdd337b9e0a2ab818d7733c6
-        SHA1: e5a9eb7de851eb17fed066190a6c4e8b13cc908b
-        SHA256: ddb82ae2aaed1a98b7c6c84378f622064b4e0e3f9b2abb57819eeba31eabee40
-        SHA384: 589881a40c8ed6c0d0c368b44000629373665870382b6e9b4621fe9eaa06051c6e358bc4faacc9778a96d2ac872bc359
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      ValidFrom: '2004-01-22 10:00:00'
-      ValidTo: '2017-01-27 10:00:00'
-      Signature: 1e6af36df48ea922fe7008652ea15dab3330dd6c78fa4beaadc58dec107a6ac55897396b92f391e20ca7281cd15d768e8b077c136fadc43643b3c1bc3159cf1838d8a33bceffca6758bfe0f1ac613ea23b1ebc025b41ac446bf526f3ed5ea865f6ca65a63fcaf577eba5862a582956f8be161040e9d2fc572c636137662539202e0703a036032594bd7ceb7ed3a3c2c57616753092b9ff7641352168d10e5e5c8ec30360e68040fcc05da2546e6e9267a7811287a2a32bdbb74dffe4d5c7e505e6d5f1aefccd661821f33e47c9e59542612c9d2680b20fa83d0ec9a778df6e748c2c46f672e93c646b2855c44b6433cb78541338f0d57106d43e0d0a350ee0b3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 040000000001239e0faf24
-      Version: 3
-      TBS:
-        MD5: 7dd2351a85d3665eeb6720a21f4f7dee
-        SHA1: 77838c4d7f36958a581841d28f481d61ce0696ed
-        SHA256: 846725f4b0193468c1079d6127e9e6e420fc6ed66019ed02d732ba644decad57
-        SHA384: aaa45fe704bc66bb1842a2123c6e45e016dfbc7ba2ce07d7d2ee0b5d488a39c68bc6db582cb45d51f5fa52e60be8efd6
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 010000000001257ee1f400
-      Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      Version: 1
-  Imphash: 08c7f29f5cb29ba70e49879da2e8ddce
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: d86884546c97e614b73d16c600cfb2df
-    SHA1: 94f7575a6bb378d0cf85b3dc65941c95415e7a80
-    SHA256: 3bc0cec99dce687304dad8f7a6daf772e695cbd0169d346d03ae12500361a1e8
-  Company: Phoenix Technologies
-  Copyright: EnTech Taiwan, 1997-2009
-  CreationTimestamp: '2009-12-14 03:23:26'
-  Date: ''
-  Description: DriverAgent Direct I/O for 64-bit Windows
-  ExportedFunctions: ''
-  FileVersion: '6.0'
-  Filename: Agent64.sys
-  ImportedFunctions:
-  - KeInitializeDpc
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - IofCallDriver
-  - ExFreePoolWithTag
-  - ExAllocatePool
-  - ZwClose
-  - MmUnmapLockedPages
-  - IoDeleteDevice
-  - KeSetEvent
-  - MmFreeContiguousMemory
-  - MmUnmapIoSpace
-  - IoFreeMdl
-  - ZwUnmapViewOfSection
-  - IoConnectInterrupt
-  - IoDisconnectInterrupt
-  - IoStartNextPacket
-  - KeInsertQueueDpc
-  - MmMapLockedPages
-  - ZwMapViewOfSection
-  - MmBuildMdlForNonPagedPool
-  - MmGetPhysicalAddress
-  - MmMapLockedPagesSpecifyCache
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - IoAllocateMdl
-  - MmAllocateContiguousMemory
-  - KeBugCheckEx
-  - RtlInitUnicodeString
-  - _snwprintf
-  - IoCreateNotificationEvent
-  - IoDeleteSymbolicLink
-  - HalTranslateBusAddress
-  - HalGetInterruptVector
-  - KeStallExecutionProcessor
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: Agent64.sys
-  MD5: ddc2ffe0ab3fcd48db898ab13c38d88d
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: Agent64.sys
-  Product: DriverAgent
-  ProductVersion: '6.0'
-  Publisher: '"eSupport.com, Inc.", Phoenix Technologies Ltd, "eSupport.com, Inc" '
-  RichPEHeaderHash:
-    MD5: dd9ea0c6c3773a8caf1a86726551af41
-    SHA1: 45509ef0d417fb2a30496adc9511d048e4730f98
-    SHA256: 5b467c45ee29fdaba31eff00eacc8db61940f94a9bf6a357c0663c58b2cd752b
-  SHA1: 33cdab3bbc8b3adce4067a1b042778607dce2acd
-  SHA256: 6948480954137987a0be626c24cf594390960242cd75f094cd6aaa5c2e7a54fa
-  Sections:
-    .text:
-      Entropy: 6.202530356985499
-      Virtual Size: '0x1e7e'
-    .rdata:
-      Entropy: 4.254011605715145
-      Virtual Size: '0x2c8'
-    .data:
-      Entropy: 0.36599028709984766
-      Virtual Size: '0x198'
-    .pdata:
-      Entropy: 3.801830276557545
-      Virtual Size: '0xf0'
-    INIT:
-      Entropy: 4.959426922678397
-      Virtual Size: '0x4e4'
-    .rsrc:
-      Entropy: 3.2916671010793452
-      Virtual Size: '0x3f8'
-  Signature:
-  - Phoenix Technologies Ltd
-  - GlobalSign ObjectSign CA
-  - GlobalSign Primary Object Publishing CA
-  - GlobalSign Root CA - R1
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
-        Primary Object Publishing CA
-      ValidFrom: '1999-01-28 13:00:00'
-      ValidTo: '2017-01-27 12:00:00'
-      Signature: b578a6a27c04b77fc97f7d6abc71fa293060c2f4621efe7f431e9b6ee2b21f730b85765b7df54e49062fd4fab79140efed6f8d8e138354c52a023d0aa4dc990b7abd772fcc40c18ff3c48c4e72ba107ce6ff642bc7ce6ca7fcd79a7c8e468d01834d423bdb9c3f9f326157d717b0b33666f0b3fd446f8137b1944ea7562589f58ad66d116262795c42900218d39c23fc08e86445b92d7e805b4eafc38a299283781f914134af85c5fd07994e2c5cfec7fd17bb2525314d72b5b5294b489a376f13c7114e4a451e7e2f319cabe852afd6679734885f0e276a6652d15ac7ac302c2038dd2bff3aebce104582a27b1ba12073569b2a93e60451066c1bdc2f899493
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 040000000001239e0facb3
-      Version: 3
-      TBS:
-        MD5: 5ccf05e4dec10d9d6fe15d8778325272
-        SHA1: 79f0a648bd7f1184f86bff43ae47c9ecc3ed3cec
-        SHA256: 33ea31b892ba274a4aefe545de45c42c218b6dff78146655cdea892545c2cccc
-        SHA384: 1350ebc11fd20f5f141bc545786506e6a154be054da7a6e603cb276a6d60a24f2a4016ecc2f5cabd1088e1905f60aabf
-    - Subject: C=US, ST=MA, L=North Andover, O=Phoenix Technologies Ltd, OU=eSupport,
-        CN=Phoenix Technologies Ltd
-      ValidFrom: '2009-12-11 17:20:45'
-      ValidTo: '2010-12-12 17:20:42'
-      Signature: a7d9a2c70e374ebde881422b81fab976d3182885474a1379d078c736dc5e32157c8b5c667ec3e4bfb078a7f1e90e27be2bad1a41c54e9b53fcdf4f53c55a4a6e1328c147ca683314ae76a64e00d0487ae707f63c1c8524b5245329d368f7cbe263c7982dc73fe20c76921d51ad2a4333baba7443b5f493d42e8a2abcc510371a0a8a6b549cc41484d1da2442ce77e29284e7a6c1c64f2597e2cef45d2e97e1bb74826cab053233cfffed1d55c0c65b6bdefe00c5817dcbe798aa13bb7fb5c909348d5968c7f049f99943fbe0cf8be7e68fee1c6b45b911ecb1e11683a719be94109894e0c39d50530bbb9d0d2db812b78893f9ed0a870f9f6196268ed35ef119
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 010000000001257ee1f400
-      Version: 3
-      TBS:
-        MD5: ed0acf60cdd337b9e0a2ab818d7733c6
-        SHA1: e5a9eb7de851eb17fed066190a6c4e8b13cc908b
-        SHA256: ddb82ae2aaed1a98b7c6c84378f622064b4e0e3f9b2abb57819eeba31eabee40
-        SHA384: 589881a40c8ed6c0d0c368b44000629373665870382b6e9b4621fe9eaa06051c6e358bc4faacc9778a96d2ac872bc359
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      ValidFrom: '2004-01-22 10:00:00'
-      ValidTo: '2017-01-27 10:00:00'
-      Signature: 1e6af36df48ea922fe7008652ea15dab3330dd6c78fa4beaadc58dec107a6ac55897396b92f391e20ca7281cd15d768e8b077c136fadc43643b3c1bc3159cf1838d8a33bceffca6758bfe0f1ac613ea23b1ebc025b41ac446bf526f3ed5ea865f6ca65a63fcaf577eba5862a582956f8be161040e9d2fc572c636137662539202e0703a036032594bd7ceb7ed3a3c2c57616753092b9ff7641352168d10e5e5c8ec30360e68040fcc05da2546e6e9267a7811287a2a32bdbb74dffe4d5c7e505e6d5f1aefccd661821f33e47c9e59542612c9d2680b20fa83d0ec9a778df6e748c2c46f672e93c646b2855c44b6433cb78541338f0d57106d43e0d0a350ee0b3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 040000000001239e0faf24
-      Version: 3
-      TBS:
-        MD5: 7dd2351a85d3665eeb6720a21f4f7dee
-        SHA1: 77838c4d7f36958a581841d28f481d61ce0696ed
-        SHA256: 846725f4b0193468c1079d6127e9e6e420fc6ed66019ed02d732ba644decad57
-        SHA384: aaa45fe704bc66bb1842a2123c6e45e016dfbc7ba2ce07d7d2ee0b5d488a39c68bc6db582cb45d51f5fa52e60be8efd6
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 010000000001257ee1f400
-      Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      Version: 1
-  Imphash: 08c7f29f5cb29ba70e49879da2e8ddce
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: d86884546c97e614b73d16c600cfb2df
-    SHA1: 94f7575a6bb378d0cf85b3dc65941c95415e7a80
-    SHA256: 3bc0cec99dce687304dad8f7a6daf772e695cbd0169d346d03ae12500361a1e8
-  Company: Phoenix Technologies
-  Copyright: EnTech Taiwan, 1997-2009
-  CreationTimestamp: '2009-12-14 03:23:26'
-  Date: ''
-  Description: DriverAgent Direct I/O for 64-bit Windows
-  ExportedFunctions: ''
-  FileVersion: '6.0'
-  Filename: Agent64.sys
-  ImportedFunctions:
-  - KeInitializeDpc
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - IofCallDriver
-  - ExFreePoolWithTag
-  - ExAllocatePool
-  - ZwClose
-  - MmUnmapLockedPages
-  - IoDeleteDevice
-  - KeSetEvent
-  - MmFreeContiguousMemory
-  - MmUnmapIoSpace
-  - IoFreeMdl
-  - ZwUnmapViewOfSection
-  - IoConnectInterrupt
-  - IoDisconnectInterrupt
-  - IoStartNextPacket
-  - KeInsertQueueDpc
-  - MmMapLockedPages
-  - ZwMapViewOfSection
-  - MmBuildMdlForNonPagedPool
-  - MmGetPhysicalAddress
-  - MmMapLockedPagesSpecifyCache
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - IoAllocateMdl
-  - MmAllocateContiguousMemory
-  - KeBugCheckEx
-  - RtlInitUnicodeString
-  - _snwprintf
-  - IoCreateNotificationEvent
-  - IoDeleteSymbolicLink
-  - HalTranslateBusAddress
-  - HalGetInterruptVector
-  - KeStallExecutionProcessor
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: Agent64.sys
-  MD5: 29ccff428e5eb70ae429c3da8968e1ec
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: Agent64.sys
-  Product: DriverAgent
-  ProductVersion: '6.0'
-  Publisher: '"eSupport.com, Inc.", Phoenix Technologies Ltd, "eSupport.com, Inc" '
-  RichPEHeaderHash:
-    MD5: dd9ea0c6c3773a8caf1a86726551af41
-    SHA1: 45509ef0d417fb2a30496adc9511d048e4730f98
-    SHA256: 5b467c45ee29fdaba31eff00eacc8db61940f94a9bf6a357c0663c58b2cd752b
-  SHA1: 21e6c104fe9731c874fab5c9560c929b2857b918
-  SHA256: 8cb62c5d41148de416014f80bd1fd033fd4d2bd504cb05b90eeb6992a382d58f
-  Sections:
-    .text:
-      Entropy: 6.202530356985499
-      Virtual Size: '0x1e7e'
-    .rdata:
-      Entropy: 4.254011605715145
-      Virtual Size: '0x2c8'
-    .data:
-      Entropy: 0.36599028709984766
-      Virtual Size: '0x198'
-    .pdata:
-      Entropy: 3.801830276557545
-      Virtual Size: '0xf0'
-    INIT:
-      Entropy: 4.959426922678397
-      Virtual Size: '0x4e4'
-    .rsrc:
-      Entropy: 3.2916671010793452
-      Virtual Size: '0x3f8'
-  Signature:
-  - eSupport.com, Inc
-  - GlobalSign CodeSigning CA - G2
-  - GlobalSign Root CA - R1
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, ST=Massachusetts, L=North Andover, O=eSupport.com, Inc, CN=eSupport.com,
-        Inc
-      ValidFrom: '2013-08-20 20:02:56'
-      ValidTo: '2014-08-21 20:02:56'
-      Signature: 8f8cbb4f0adaa90368c533e8ccdfa1cc41e00542eeff2f26535b87723292930e207a18e6738acd604e85995e5c2783dae363ed56452392b15f55db6d5f0054352847ecce83b3b40504a1a1299d608674bbe771bb10bdaac159895d747de333ab565ccb7e153003b958d2c2c5e0646faec117a93625865ca9446d2c8fd6cdd474c4c9d11aa2c6dae281c649564df8918607430a7391144cbc9401aac196acabd2bf077fb25dc2d8a90dde1523dbec77eb72c782b3c7b3b0d4c50915bac1f256ed27e6b73d992927946dae1a8675b9cd0e68ba58c4d609f8b3bb20dfade8f1f436213c2965db77ef07105cbb9daf2ba0f70afd473ee557204bf7caeb7938244f50
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 11213d2f2fb6b9005e295e3c9596b6442513
-      Version: 3
-      TBS:
-        MD5: 570a8aca88583d09bea3e125d3d7000b
-        SHA1: 08661628ab6fc154918e70be1e880d44b5ef6d18
-        SHA256: a66a20b7e5eccc727d743a53db3d8db58b16a9855cee5188efd74e8d5290beba
-        SHA384: c3ca78259c9cab5169770ea2a84e0473004ed3e70c5af5ec2f130c1a91cf2ea29e8f1d6fb7f8dbf963d425f1ce1bf6ad
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2011-04-15 19:55:08'
-      ValidTo: '2021-04-15 20:05:08'
-      Signature: 5ff8d065746a81c6a6ca5b03b6914ae84bbdef2ba142f0efb4a5adcd3389ec0b9585ac62501108aa58d25aa08310e5a6337af25af2c5fe787cf09c83df190ad97396002dd62ccde914d41d9de83f3c1a76f7904efb01350a6c9313a0c356eb67a0e4d17a96dec267f190f80a7bf5321b94ec5f751f8d1b34da6c58a7cb2d279e2226b7c9aa30cc0777b836e38201b5393ccc8dd9a75f7f23b3877fdb5798918bd7ce2520e39d644fdd87f72b68490318e0a5df7c5f68644d36838d4781f2e9e0a869abfa7b163c05a449ea8830190a6c73055178dfd41ddd3ad47f2de44e54be83431e7a7433b4a4ebd77073bc2a02988966eef6bc8f749378e329025a5a43e258ce7ccf9acad236893be25fda26054ec8d4e72c910e1797c5beee8b13112323294ffa83d050f6bafad53db3173df4ff034aa325dce67561d1fa35086bd62744d068b78d45e0eb852cc8a15d614474160e5958aed2b5eea5bcd6d7076ab62978fd976767dd8d4f17944fd2ed0caf972437c3a29c81da6be143b6577b4cecbf791319e79fe844e94781b75e701e91f83dd17b27f50b7056434805dda92fab86101d0b12e31ad04c6e75ded645b30b748887935c564a41029af7aeb799d8b67f88fa11f2457cf4d71b91c01cf1a0fbd4080a411a142acef4eb34486e66879ed54b7a397fbb0e3d3861cf735706e412066bd96b5308cd7018c22d4f974691bca9f0
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 6129152700000000002a
-      Version: 3
-      TBS:
-        MD5: 0bb058d116f02817737920f112d9fd3b
-        SHA1: fd116235171a4feafedee586b7a59185fb5fd7e6
-        SHA256: f970426cc46d2ae0fc5f899fa19dbe76e05f07e525654c60c3c9399492c291f4
-        SHA384: c0df876be008c26ca407fe904e6f5e7ccded17f9c16830ce9f8022309c9e64c97f494810f152811ae43e223b82ad7cc6
-    Signer:
-    - SerialNumber: 11213d2f2fb6b9005e295e3c9596b6442513
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 08c7f29f5cb29ba70e49879da2e8ddce
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: d86884546c97e614b73d16c600cfb2df
-    SHA1: 94f7575a6bb378d0cf85b3dc65941c95415e7a80
-    SHA256: 3bc0cec99dce687304dad8f7a6daf772e695cbd0169d346d03ae12500361a1e8
-  Company: Phoenix Technologies
-  Copyright: EnTech Taiwan, 1997-2009
-  CreationTimestamp: '2009-12-14 03:23:26'
-  Date: ''
-  Description: DriverAgent Direct I/O for 64-bit Windows
-  ExportedFunctions: ''
-  FileVersion: '6.0'
-  Filename: Agent64.sys
-  ImportedFunctions:
-  - KeInitializeDpc
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - IofCallDriver
-  - ExFreePoolWithTag
-  - ExAllocatePool
-  - ZwClose
-  - MmUnmapLockedPages
-  - IoDeleteDevice
-  - KeSetEvent
-  - MmFreeContiguousMemory
-  - MmUnmapIoSpace
-  - IoFreeMdl
-  - ZwUnmapViewOfSection
-  - IoConnectInterrupt
-  - IoDisconnectInterrupt
-  - IoStartNextPacket
-  - KeInsertQueueDpc
-  - MmMapLockedPages
-  - ZwMapViewOfSection
-  - MmBuildMdlForNonPagedPool
-  - MmGetPhysicalAddress
-  - MmMapLockedPagesSpecifyCache
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - IoAllocateMdl
-  - MmAllocateContiguousMemory
-  - KeBugCheckEx
-  - RtlInitUnicodeString
-  - _snwprintf
-  - IoCreateNotificationEvent
-  - IoDeleteSymbolicLink
-  - HalTranslateBusAddress
-  - HalGetInterruptVector
-  - KeStallExecutionProcessor
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: Agent64.sys
-  MD5: a57b47489febc552515778dd0fd1e51c
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: Agent64.sys
-  Product: DriverAgent
-  ProductVersion: '6.0'
-  Publisher: '"eSupport.com, Inc.", Phoenix Technologies Ltd, "eSupport.com, Inc" '
-  RichPEHeaderHash:
-    MD5: dd9ea0c6c3773a8caf1a86726551af41
-    SHA1: 45509ef0d417fb2a30496adc9511d048e4730f98
-    SHA256: 5b467c45ee29fdaba31eff00eacc8db61940f94a9bf6a357c0663c58b2cd752b
-  SHA1: d979353d04bf65cc92ad3412605bc81edbb75ec2
-  SHA256: b1d96233235a62dbb21b8dbe2d1ae333199669f67664b107bff1ad49b41d9414
-  Sections:
-    .text:
-      Entropy: 6.202530356985499
-      Virtual Size: '0x1e7e'
-    .rdata:
-      Entropy: 4.254011605715145
-      Virtual Size: '0x2c8'
-    .data:
-      Entropy: 0.36599028709984766
-      Virtual Size: '0x198'
-    .pdata:
-      Entropy: 3.801830276557545
-      Virtual Size: '0xf0'
-    INIT:
-      Entropy: 4.959426922678397
-      Virtual Size: '0x4e4'
-    .rsrc:
-      Entropy: 3.2916671010793452
-      Virtual Size: '0x3f8'
-  Signature:
-  - eSupport.com, Inc.
-  - GlobalSign Extended Validation CodeSigning CA - SHA256 - G2
-  - GlobalSign
-  - GlobalSign Root CA - R1
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: OU=GlobalSign Root CA , R3, O=GlobalSign, CN=GlobalSign
-      ValidFrom: '2009-11-18 10:00:00'
-      ValidTo: '2019-03-18 10:00:00'
-      Signature: 4252a97ea2cf5b3bcb4bddbaf85759d324a47772ef62443782ed06ee04d5165f24a314dc6c54056ab09b3dda8139daad28db956f8183f5cd62b14524b1dd29e5085495958cf01d065f1ad6463f1340174811169b474dd13ab50f571c9230d0f8b2253b0acdf687f9c7b257d33f7da58c14ce9ca8c79f4693da59fa795d652035445a4fc1909dc1549256dc34c8f5c103d05dc059489c00fc95a0f1d176f71636c813927f2d2bc0b880f126261f414d52bf1e97bb018208e715f6c1d5342accf5e4c3877a5781e1d6d74286620177e2a9c47a86f404387a076a7d00ec73f7a80b3478c59eb3efb838400e8c3353c875ec5f3eea755eff820e7415dc1905f3ba31
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000125071df9af
-      Version: 3
-      TBS:
-        MD5: f47739306d14722e670d9436eadb8e4f
-        SHA1: 457d9df00a652cb4c3356d00145d9528fc309172
-        SHA256: bd1765c56594221373893ef26d97f88c144fb0e5a0111215b45d7239c3444df7
-        SHA384: b8b268a1bdf388be66a1c969b7b353cb2bbc9fad446049b7efa05a9ab3b714494e97f4d1ee1c0bae35bfd9bf6ef275b3
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Extended Validation CodeSigning
-        CA , SHA256 , G2
-      ValidFrom: '2011-08-02 10:00:00'
-      ValidTo: '2019-08-02 10:00:00'
-      Signature: aaa11197ffb423e8f303ecd38eef52a15c833563e5fff142b78335c693f5505e9b8921e85853188834fbdd49e122ea0f8ab122482919dc2ef92368588114552d24b929687853ac72fdcbf18a53a0dac8106f8938236ebb99f17390dbf1bf80a3ae8d4915bc8d88fd591dfe13ae54c3a697cd006b3d4148901505e4a41803d4d7a9e3a940b66c21acd37e1ce65df404b18bda0cd8aaebb936517f173a8d3728c7b7b8719012c66c6cb4843bf1a547dcc4a33b2c5dea0883c4e33910e4ab21650a4256d8b268f693e51ee28301ab0b86b2cfa54a37a4b2dc6cd782318d3f90e6b12a057089fc201d9f2af7ccdd93b5570deb400302d0044f84edf0728007951214
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000013189c64de1
-      Version: 3
-      TBS:
-        MD5: b3d3ff804abcd2e7686c126c98cc2c10
-        SHA1: 358391557c2b6213777e282ad8efe9c8112d1b0e
-        SHA256: 9467b8e0d2879abe9a9b791d7a1aa60672949af71bb1b2a5aca1a54368519bca
-        SHA384: 936a127c2d468f5e4edb642c82bed11fb5df99b87cf34b8d7ddc136e979183d133dae715146d98c63af32186eb8d1bbd
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2011-04-15 19:55:08'
-      ValidTo: '2021-04-15 20:05:08'
-      Signature: 5ff8d065746a81c6a6ca5b03b6914ae84bbdef2ba142f0efb4a5adcd3389ec0b9585ac62501108aa58d25aa08310e5a6337af25af2c5fe787cf09c83df190ad97396002dd62ccde914d41d9de83f3c1a76f7904efb01350a6c9313a0c356eb67a0e4d17a96dec267f190f80a7bf5321b94ec5f751f8d1b34da6c58a7cb2d279e2226b7c9aa30cc0777b836e38201b5393ccc8dd9a75f7f23b3877fdb5798918bd7ce2520e39d644fdd87f72b68490318e0a5df7c5f68644d36838d4781f2e9e0a869abfa7b163c05a449ea8830190a6c73055178dfd41ddd3ad47f2de44e54be83431e7a7433b4a4ebd77073bc2a02988966eef6bc8f749378e329025a5a43e258ce7ccf9acad236893be25fda26054ec8d4e72c910e1797c5beee8b13112323294ffa83d050f6bafad53db3173df4ff034aa325dce67561d1fa35086bd62744d068b78d45e0eb852cc8a15d614474160e5958aed2b5eea5bcd6d7076ab62978fd976767dd8d4f17944fd2ed0caf972437c3a29c81da6be143b6577b4cecbf791319e79fe844e94781b75e701e91f83dd17b27f50b7056434805dda92fab86101d0b12e31ad04c6e75ded645b30b748887935c564a41029af7aeb799d8b67f88fa11f2457cf4d71b91c01cf1a0fbd4080a411a142acef4eb34486e66879ed54b7a397fbb0e3d3861cf735706e412066bd96b5308cd7018c22d4f974691bca9f0
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 6129152700000000002a
-      Version: 3
-      TBS:
-        MD5: 0bb058d116f02817737920f112d9fd3b
-        SHA1: fd116235171a4feafedee586b7a59185fb5fd7e6
-        SHA256: f970426cc46d2ae0fc5f899fa19dbe76e05f07e525654c60c3c9399492c291f4
-        SHA384: c0df876be008c26ca407fe904e6f5e7ccded17f9c16830ce9f8022309c9e64c97f494810f152811ae43e223b82ad7cc6
-    - Subject: ??=Private Organization, serialNumber=001030216, ??=US, ??=Massachusetts,
-        C=US, ST=MA, L=North Andover, ??=120 Water St, O=eSupport.com, Inc., CN=eSupport.com,
-        Inc.
-      ValidFrom: '2015-09-22 15:11:47'
-      ValidTo: '2018-09-22 15:11:47'
-      Signature: 0918e9fdc6e22f2f347ef860157ccabe11af3d666c186285f58ca1fdf5259e3785834ba138cc84b2f839762b5622053ab7e75610011ba2162b5cf22d083b01cec6f7f6fb900bb3822068e303260f6e82ac8003b64abc3173b3c01c3da9140a19aa6913fbedc0bb9c7a62d5bb3b71126dfa8c3faacf0f08fdf46504cf14cd7711f4abecb3f3b5fc2bd8f05adffccf777319d702d2072a5bcc49b8b78c888bc99e242d822acee354d996cf399c828701f9f5912816c3da6cfb8f3a6837428973fe0d518e645b25037b6861c436994da8543d286772c2d93ebcf3e1773dc8b47043ed278c3dc099c770f74490e0ce16abd3cbf4aaf348b70e2701f759b9cf61a917
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 1121b5d4d579fe52c475c01e3da626487f05
-      Version: 3
-      TBS:
-        MD5: f072f16cdf1f6c4bf7cf7e6306bc5fdc
-        SHA1: 3cd171c0933a070c0d16bca6ae068aaf4844bb89
-        SHA256: 02243b344c0aafe05d84d4f599fc19d862cd6965a4e0d299af544cbaaea3c58f
-        SHA384: 4bb4b23312bf392a82f4104c9a08c160e35893b8988911eebed69df1af0179d1a7a640fcda88678df7b9855ca9790688
-    Signer:
-    - SerialNumber: 1121b5d4d579fe52c475c01e3da626487f05
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Extended Validation CodeSigning
-        CA , SHA256 , G2
-      Version: 1
-  Imphash: 08c7f29f5cb29ba70e49879da2e8ddce
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: d86884546c97e614b73d16c600cfb2df
-    SHA1: 94f7575a6bb378d0cf85b3dc65941c95415e7a80
-    SHA256: 3bc0cec99dce687304dad8f7a6daf772e695cbd0169d346d03ae12500361a1e8
-  Company: Phoenix Technologies
-  Copyright: EnTech Taiwan, 1997-2009
-  CreationTimestamp: '2009-12-14 03:23:26'
-  Date: ''
-  Description: DriverAgent Direct I/O for 64-bit Windows
-  ExportedFunctions: ''
-  FileVersion: '6.0'
-  Filename: ''
-  ImportedFunctions:
-  - KeInitializeDpc
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - IofCallDriver
-  - ExFreePoolWithTag
-  - ExAllocatePool
-  - ZwClose
-  - MmUnmapLockedPages
-  - IoDeleteDevice
-  - KeSetEvent
-  - MmFreeContiguousMemory
-  - MmUnmapIoSpace
-  - IoFreeMdl
-  - ZwUnmapViewOfSection
-  - IoConnectInterrupt
-  - IoDisconnectInterrupt
-  - IoStartNextPacket
-  - KeInsertQueueDpc
-  - MmMapLockedPages
-  - ZwMapViewOfSection
-  - MmBuildMdlForNonPagedPool
-  - MmGetPhysicalAddress
-  - MmMapLockedPagesSpecifyCache
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - IoAllocateMdl
-  - MmAllocateContiguousMemory
-  - KeBugCheckEx
-  - RtlInitUnicodeString
-  - _snwprintf
-  - IoCreateNotificationEvent
-  - IoDeleteSymbolicLink
-  - HalTranslateBusAddress
-  - HalGetInterruptVector
-  - KeStallExecutionProcessor
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: Agent64.sys
-  MD5: fe71c99a5830f94d77a8792741d6e6c7
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: Agent64.sys
-  PDBPath: ''
-  Product: DriverAgent
-  ProductVersion: '6.0'
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: dd9ea0c6c3773a8caf1a86726551af41
-    SHA1: 45509ef0d417fb2a30496adc9511d048e4730f98
-    SHA256: 5b467c45ee29fdaba31eff00eacc8db61940f94a9bf6a357c0663c58b2cd752b
-  SHA1: acb5d7e182a108ee02c5cb879fc94e0d6db7dd68
-  SHA256: 4db1e0fdc9e6cefeb1d588668ea6161a977c372d841e7b87098cf90aa679abfb
-  Sections:
-    .text:
-      Entropy: 6.202530356985499
-      Virtual Size: '0x1e7e'
-    .rdata:
-      Entropy: 4.254011605715145
-      Virtual Size: '0x2c8'
-    .data:
-      Entropy: 0.36599028709984766
-      Virtual Size: '0x198'
-    .pdata:
-      Entropy: 3.801830276557545
-      Virtual Size: '0xf0'
-    INIT:
-      Entropy: 4.959426922678397
-      Virtual Size: '0x4e4'
-    .rsrc:
-      Entropy: 3.2916671010793452
-      Virtual Size: '0x3f8'
-  Signature: ''
-  Signatures: {}
-  Imphash: 08c7f29f5cb29ba70e49879da2e8ddce
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create Agent64.sys binPath=C:\windows\temp\Agent64.sys type=kernel
+        && sc.exe start Agent64.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://github.com/namazso/physmem_drivers
-Tags:
-- Agent64.sys
-Verified: 'TRUE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/05f052c64d192cf69a462a5ec16dda0d43ca5d0245900c9fcb9201685a2e7748.yara
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/4045ae77859b1dbf13972451972eaaf6f3c97bea423e9e78f1c2f14330cd47ca.yara
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/6948480954137987a0be626c24cf594390960242cd75f094cd6aaa5c2e7a54fa.yara
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/8cb62c5d41148de416014f80bd1fd033fd4d2bd504cb05b90eeb6992a382d58f.yara
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/b1d96233235a62dbb21b8dbe2d1ae333199669f67664b107bff1ad49b41d9414.yara
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: d86884546c97e614b73d16c600cfb2df
+        SHA1: 94f7575a6bb378d0cf85b3dc65941c95415e7a80
+        SHA256: 3bc0cec99dce687304dad8f7a6daf772e695cbd0169d346d03ae12500361a1e8
+    Company: Phoenix Technologies
+    Copyright: EnTech Taiwan, 1997-2009
+    CreationTimestamp: '2009-12-14 03:23:26'
+    Date: ''
+    Description: DriverAgent Direct I/O for 64-bit Windows
+    ExportedFunctions: ''
+    FileVersion: '6.0'
+    Filename: Agent64.sys
+    ImportedFunctions:
+    - KeInitializeDpc
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - IofCallDriver
+    - ExFreePoolWithTag
+    - ExAllocatePool
+    - ZwClose
+    - MmUnmapLockedPages
+    - IoDeleteDevice
+    - KeSetEvent
+    - MmFreeContiguousMemory
+    - MmUnmapIoSpace
+    - IoFreeMdl
+    - ZwUnmapViewOfSection
+    - IoConnectInterrupt
+    - IoDisconnectInterrupt
+    - IoStartNextPacket
+    - KeInsertQueueDpc
+    - MmMapLockedPages
+    - ZwMapViewOfSection
+    - MmBuildMdlForNonPagedPool
+    - MmGetPhysicalAddress
+    - MmMapLockedPagesSpecifyCache
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - IoAllocateMdl
+    - MmAllocateContiguousMemory
+    - KeBugCheckEx
+    - RtlInitUnicodeString
+    - _snwprintf
+    - IoCreateNotificationEvent
+    - IoDeleteSymbolicLink
+    - HalTranslateBusAddress
+    - HalGetInterruptVector
+    - KeStallExecutionProcessor
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: Agent64.sys
+    MD5: 8407ddfab85ae664e507c30314090385
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: Agent64.sys
+    Product: DriverAgent
+    ProductVersion: '6.0'
+    Publisher: '"eSupport.com, Inc.", Phoenix Technologies Ltd, "eSupport.com, Inc" '
+    RichPEHeaderHash:
+        MD5: dd9ea0c6c3773a8caf1a86726551af41
+        SHA1: 45509ef0d417fb2a30496adc9511d048e4730f98
+        SHA256: 5b467c45ee29fdaba31eff00eacc8db61940f94a9bf6a357c0663c58b2cd752b
+    SHA1: 8db869c0674221a2d3280143cbb0807fac08e0cc
+    SHA256: 05f052c64d192cf69a462a5ec16dda0d43ca5d0245900c9fcb9201685a2e7748
+    Sections:
+        .text:
+            Entropy: 6.202530356985499
+            Virtual Size: '0x1e7e'
+        .rdata:
+            Entropy: 4.254011605715145
+            Virtual Size: '0x2c8'
+        .data:
+            Entropy: 0.36599028709984766
+            Virtual Size: '0x198'
+        .pdata:
+            Entropy: 3.801830276557545
+            Virtual Size: '0xf0'
+        INIT:
+            Entropy: 4.959426922678397
+            Virtual Size: '0x4e4'
+        .rsrc:
+            Entropy: 3.2916671010793452
+            Virtual Size: '0x3f8'
+    Signature:
+    - eSupport.com, Inc.
+    - GlobalSign CodeSigning CA - SHA256 - G2
+    - GlobalSign
+    - GlobalSign Root CA - R1
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Timestamping CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2028-01-28 12:00:00'
+            Signature: 4e5e56901e46b4d94931f3bb1739281bc216ddfd41dc0905049b6fb2a29ad6992e40990055b5ea3fa52076d38634d417cc553ac782eeefa8babcd8069f1550dfcd167b523a02d7191afdaff0785ce04bc518df3a241edaacb8a95804020730dbb0125efe31bef00448f4f070f83a5e5683cf3dfb0dbcf4c5ed979db9d4dba52784e3389b8ba735864420a43b6da46a0ba183fd28ebdaef28f6cc885dfb0a3b00abe021ebe22f356c0f8e344597eba2f79933357ecb9a8abb454de73f9fc2d98afa65b26ec77e65ffe892e12c31a2f7b02736488f266f3bee4d761f79c3e57f9635bc2d0ecc01b08e7fff518080a792d4b34446648c874f166307314b63b0dff3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee152d7
+            Version: 3
+            TBS:
+                MD5: e140543fe3256027cfa79fc3c19c1776
+                SHA1: c655f94eb1ecc93de319fc0c9a2dc6c5ec063728
+                SHA256: 3ca71e85908ff67368e4dc00253f5691b9e6d50c966e7784143d75fb92aa3448
+                SHA384: d9d366f9328f2b55ee19a32cc5fd5148b81d764282fe5dc196c872ae249caa51d2c212ef39f33945dfe0cda81925e326
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , SHA256
+                , G2
+            ValidFrom: '2011-08-02 10:00:00'
+            ValidTo: '2019-08-02 10:00:00'
+            Signature: 79b06934e20587f6fed4602c2f86793403e0b107930c845cf9e4dc6ccf6eb5ec0a5cba0bd068312e3f64bd0f826b6677817fc629a517d8f0894d832411f66efe9de1480a28a0e27b2480a4ecc29a00d7b06d6ccd88d51578cf13f988a5734dc1362bdccbcedb7e7cd28bef2fbdb34f4d3aadbb626e2893c40ccbd9e6cae011029403b0bd3f942856901e53c227d5c93ccd1a631e825915b640caa781aac355af33d1b575e809ea47084822fb5d1bf32c7a697ec5d75a5e56333cad57e8932542c3d25e713b4a1c54eda955ac2805c7c46c5ddc3c93f6693c8251ce1a153d5e0173ff40a2eab4aed38efaee5d6c47c741f5d45657f2183732d6d4cc4bf671e076
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000013189c637e8
+            Version: 3
+            TBS:
+                MD5: 0140a61a07f5dfb1d7d3c66ec7d6a916
+                SHA1: 38cf80255975d689f1ab266a85bc72335a82e41f
+                SHA256: 79a79284a0ef2db92bc02b235895de02ee6a15bb7ee233185d4567f9fc3d1d1a
+                SHA384: 5fcadd07057f8358148fca22ad424498f8e1a97bb55317e4426f809000542988867e0c44d0175950450653e0d20dd83a
+        -   Subject: OU=GlobalSign Root CA , R3, O=GlobalSign, CN=GlobalSign
+            ValidFrom: '2009-11-18 10:00:00'
+            ValidTo: '2019-03-18 10:00:00'
+            Signature: 4252a97ea2cf5b3bcb4bddbaf85759d324a47772ef62443782ed06ee04d5165f24a314dc6c54056ab09b3dda8139daad28db956f8183f5cd62b14524b1dd29e5085495958cf01d065f1ad6463f1340174811169b474dd13ab50f571c9230d0f8b2253b0acdf687f9c7b257d33f7da58c14ce9ca8c79f4693da59fa795d652035445a4fc1909dc1549256dc34c8f5c103d05dc059489c00fc95a0f1d176f71636c813927f2d2bc0b880f126261f414d52bf1e97bb018208e715f6c1d5342accf5e4c3877a5781e1d6d74286620177e2a9c47a86f404387a076a7d00ec73f7a80b3478c59eb3efb838400e8c3353c875ec5f3eea755eff820e7415dc1905f3ba31
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000125071df9af
+            Version: 3
+            TBS:
+                MD5: f47739306d14722e670d9436eadb8e4f
+                SHA1: 457d9df00a652cb4c3356d00145d9528fc309172
+                SHA256: bd1765c56594221373893ef26d97f88c144fb0e5a0111215b45d7239c3444df7
+                SHA384: b8b268a1bdf388be66a1c969b7b353cb2bbc9fad446049b7efa05a9ab3b714494e97f4d1ee1c0bae35bfd9bf6ef275b3
+        -   Subject: C=SG, O=GMO GlobalSign Pte Ltd, CN=GlobalSign TSA for MS Authenticode
+                , G2
+            ValidFrom: '2015-02-03 00:00:00'
+            ValidTo: '2026-03-03 00:00:00'
+            Signature: 8032dc078d1ca09c9d3c2ae83d218b59a14d7ecc44ce03be7eaabcc4e67b73bb4bf188da904e7537283863b9d72b0f54a956ce7739973073cd9bd9d905451c8da4b8035d4fd91c2e98e0e988e6ecd7057e562a7bf7165ba3ad8f972512841bb25c634a0ad2ef10544782843569289c0ce41f141624fa75dc74726e4ecae36a43afcf7d3648d1bde906912c2fa6c871fdcfbdd89d2198fcafdbde228cafa7f377ef9ddca3704b441af078851ef2a58c39b5dc881c37edad14f5070b26bdbe6d025eb1b8b0586c853a0df6ff5a270cc5de53e7543c564cc94e4c30f6f25cfb1a8cc282bead5991f61b4d557bcf5b01dcfd7ad36f235c32479b01f3c15114468a9b
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112106a081d33fd87ae5824cc16b52094e03
+            Version: 3
+            TBS:
+                MD5: a0ac4d48fe852f7b3ed4e623d59a825f
+                SHA1: d4db9846bc4d7db142eeb364286f6de7c102420c
+                SHA256: 78d2e41a13eb4e9171bae2d2adb192cf39210b5231f77cda936bcfbe8c003bdf
+                SHA384: 990ed96dca5979deeedc98a012279f04efb5559d7e7f5084a12f3802ee9439326557aecefd081cff739b78515b5d7f50
+        -   Subject: C=US, ST=MA, L=North Andover, O=eSupport.com, Inc., CN=eSupport.com,
+                Inc.
+            ValidFrom: '2014-09-24 20:36:26'
+            ValidTo: '2015-09-25 20:36:26'
+            Signature: 386e2be7e95562b52e95ae0e00ab2181b2d671a2d324c96e5512d8af948dd9e15d42aafe5431ae079857b9c35ccd663ba7c0fef04974f27d8bf8a384fd5489393bdacf6dee7067f5ea9f11311e4a1b3b917c866eaee253c8edd08fc79e25bca7e0c0e892d4f0d65cce1aea7e4813c53d8baa708ad6ee167c4b6ba2cf88a6f29661aab4cd73062532812338ca25950c06dc45becdf28ee42048c9cbaa8ec58c8f2afb18b82e0b7ef389417c48900b41e4093c664ab69bbf35fb7af80baefd1781999e6b119ff8bf21245611aa6c2cd356631c67e1dd9c69da25746b7f543014be046ef19b1cf9a5bfd0594d8816f83aa590588e9501166b85ed40961885fb54f7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 11216e054fad930d88cabc078eb0d3bcc8ac
+            Version: 3
+            TBS:
+                MD5: 07ff655cdba156b39f88d802c992ebf3
+                SHA1: 3c8d5517e4d30167f270e3543d5e2ce2bf467070
+                SHA256: a065dcc26ff157388fbb81ef23454b8eaf2deaa4794040f4bf1afb6a6d79d0a7
+                SHA384: e9c4de5f60539f7237e8d371e15b74bcc18d5b329fa6545c422b0c400f98d6c1e482c5a9b98e61c5ab8958c76e226976
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2011-04-15 19:55:08'
+            ValidTo: '2021-04-15 20:05:08'
+            Signature: 5ff8d065746a81c6a6ca5b03b6914ae84bbdef2ba142f0efb4a5adcd3389ec0b9585ac62501108aa58d25aa08310e5a6337af25af2c5fe787cf09c83df190ad97396002dd62ccde914d41d9de83f3c1a76f7904efb01350a6c9313a0c356eb67a0e4d17a96dec267f190f80a7bf5321b94ec5f751f8d1b34da6c58a7cb2d279e2226b7c9aa30cc0777b836e38201b5393ccc8dd9a75f7f23b3877fdb5798918bd7ce2520e39d644fdd87f72b68490318e0a5df7c5f68644d36838d4781f2e9e0a869abfa7b163c05a449ea8830190a6c73055178dfd41ddd3ad47f2de44e54be83431e7a7433b4a4ebd77073bc2a02988966eef6bc8f749378e329025a5a43e258ce7ccf9acad236893be25fda26054ec8d4e72c910e1797c5beee8b13112323294ffa83d050f6bafad53db3173df4ff034aa325dce67561d1fa35086bd62744d068b78d45e0eb852cc8a15d614474160e5958aed2b5eea5bcd6d7076ab62978fd976767dd8d4f17944fd2ed0caf972437c3a29c81da6be143b6577b4cecbf791319e79fe844e94781b75e701e91f83dd17b27f50b7056434805dda92fab86101d0b12e31ad04c6e75ded645b30b748887935c564a41029af7aeb799d8b67f88fa11f2457cf4d71b91c01cf1a0fbd4080a411a142acef4eb34486e66879ed54b7a397fbb0e3d3861cf735706e412066bd96b5308cd7018c22d4f974691bca9f0
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 6129152700000000002a
+            Version: 3
+            TBS:
+                MD5: 0bb058d116f02817737920f112d9fd3b
+                SHA1: fd116235171a4feafedee586b7a59185fb5fd7e6
+                SHA256: f970426cc46d2ae0fc5f899fa19dbe76e05f07e525654c60c3c9399492c291f4
+                SHA384: c0df876be008c26ca407fe904e6f5e7ccded17f9c16830ce9f8022309c9e64c97f494810f152811ae43e223b82ad7cc6
+        Signer:
+        -   SerialNumber: 11216e054fad930d88cabc078eb0d3bcc8ac
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , SHA256
+                , G2
+            Version: 1
+    Imphash: 08c7f29f5cb29ba70e49879da2e8ddce
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: d86884546c97e614b73d16c600cfb2df
+        SHA1: 94f7575a6bb378d0cf85b3dc65941c95415e7a80
+        SHA256: 3bc0cec99dce687304dad8f7a6daf772e695cbd0169d346d03ae12500361a1e8
+    Company: Phoenix Technologies
+    Copyright: EnTech Taiwan, 1997-2009
+    CreationTimestamp: '2009-12-14 03:23:26'
+    Date: ''
+    Description: DriverAgent Direct I/O for 64-bit Windows
+    ExportedFunctions: ''
+    FileVersion: '6.0'
+    Filename: Agent64.sys
+    ImportedFunctions:
+    - KeInitializeDpc
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - IofCallDriver
+    - ExFreePoolWithTag
+    - ExAllocatePool
+    - ZwClose
+    - MmUnmapLockedPages
+    - IoDeleteDevice
+    - KeSetEvent
+    - MmFreeContiguousMemory
+    - MmUnmapIoSpace
+    - IoFreeMdl
+    - ZwUnmapViewOfSection
+    - IoConnectInterrupt
+    - IoDisconnectInterrupt
+    - IoStartNextPacket
+    - KeInsertQueueDpc
+    - MmMapLockedPages
+    - ZwMapViewOfSection
+    - MmBuildMdlForNonPagedPool
+    - MmGetPhysicalAddress
+    - MmMapLockedPagesSpecifyCache
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - IoAllocateMdl
+    - MmAllocateContiguousMemory
+    - KeBugCheckEx
+    - RtlInitUnicodeString
+    - _snwprintf
+    - IoCreateNotificationEvent
+    - IoDeleteSymbolicLink
+    - HalTranslateBusAddress
+    - HalGetInterruptVector
+    - KeStallExecutionProcessor
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: Agent64.sys
+    MD5: 1ed08a6264c5c92099d6d1dae5e8f530
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: Agent64.sys
+    Product: DriverAgent
+    ProductVersion: '6.0'
+    Publisher: '"eSupport.com, Inc.", Phoenix Technologies Ltd, "eSupport.com, Inc" '
+    RichPEHeaderHash:
+        MD5: dd9ea0c6c3773a8caf1a86726551af41
+        SHA1: 45509ef0d417fb2a30496adc9511d048e4730f98
+        SHA256: 5b467c45ee29fdaba31eff00eacc8db61940f94a9bf6a357c0663c58b2cd752b
+    SHA1: 27d3ebea7655a72e6e8b95053753a25db944ec0f
+    SHA256: 4045ae77859b1dbf13972451972eaaf6f3c97bea423e9e78f1c2f14330cd47ca
+    Sections:
+        .text:
+            Entropy: 6.202530356985499
+            Virtual Size: '0x1e7e'
+        .rdata:
+            Entropy: 4.254011605715145
+            Virtual Size: '0x2c8'
+        .data:
+            Entropy: 0.36599028709984766
+            Virtual Size: '0x198'
+        .pdata:
+            Entropy: 3.801830276557545
+            Virtual Size: '0xf0'
+        INIT:
+            Entropy: 4.959426922678397
+            Virtual Size: '0x4e4'
+        .rsrc:
+            Entropy: 3.2916671010793452
+            Virtual Size: '0x3f8'
+    Signature:
+    - Phoenix Technologies Ltd
+    - GlobalSign ObjectSign CA
+    - GlobalSign Primary Object Publishing CA
+    - GlobalSign Root CA - R1
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
+                Primary Object Publishing CA
+            ValidFrom: '1999-01-28 13:00:00'
+            ValidTo: '2017-01-27 12:00:00'
+            Signature: b578a6a27c04b77fc97f7d6abc71fa293060c2f4621efe7f431e9b6ee2b21f730b85765b7df54e49062fd4fab79140efed6f8d8e138354c52a023d0aa4dc990b7abd772fcc40c18ff3c48c4e72ba107ce6ff642bc7ce6ca7fcd79a7c8e468d01834d423bdb9c3f9f326157d717b0b33666f0b3fd446f8137b1944ea7562589f58ad66d116262795c42900218d39c23fc08e86445b92d7e805b4eafc38a299283781f914134af85c5fd07994e2c5cfec7fd17bb2525314d72b5b5294b489a376f13c7114e4a451e7e2f319cabe852afd6679734885f0e276a6652d15ac7ac302c2038dd2bff3aebce104582a27b1ba12073569b2a93e60451066c1bdc2f899493
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 040000000001239e0facb3
+            Version: 3
+            TBS:
+                MD5: 5ccf05e4dec10d9d6fe15d8778325272
+                SHA1: 79f0a648bd7f1184f86bff43ae47c9ecc3ed3cec
+                SHA256: 33ea31b892ba274a4aefe545de45c42c218b6dff78146655cdea892545c2cccc
+                SHA384: 1350ebc11fd20f5f141bc545786506e6a154be054da7a6e603cb276a6d60a24f2a4016ecc2f5cabd1088e1905f60aabf
+        -   Subject: C=US, ST=MA, L=North Andover, O=Phoenix Technologies Ltd, OU=eSupport,
+                CN=Phoenix Technologies Ltd
+            ValidFrom: '2009-12-11 17:20:45'
+            ValidTo: '2010-12-12 17:20:42'
+            Signature: a7d9a2c70e374ebde881422b81fab976d3182885474a1379d078c736dc5e32157c8b5c667ec3e4bfb078a7f1e90e27be2bad1a41c54e9b53fcdf4f53c55a4a6e1328c147ca683314ae76a64e00d0487ae707f63c1c8524b5245329d368f7cbe263c7982dc73fe20c76921d51ad2a4333baba7443b5f493d42e8a2abcc510371a0a8a6b549cc41484d1da2442ce77e29284e7a6c1c64f2597e2cef45d2e97e1bb74826cab053233cfffed1d55c0c65b6bdefe00c5817dcbe798aa13bb7fb5c909348d5968c7f049f99943fbe0cf8be7e68fee1c6b45b911ecb1e11683a719be94109894e0c39d50530bbb9d0d2db812b78893f9ed0a870f9f6196268ed35ef119
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 010000000001257ee1f400
+            Version: 3
+            TBS:
+                MD5: ed0acf60cdd337b9e0a2ab818d7733c6
+                SHA1: e5a9eb7de851eb17fed066190a6c4e8b13cc908b
+                SHA256: ddb82ae2aaed1a98b7c6c84378f622064b4e0e3f9b2abb57819eeba31eabee40
+                SHA384: 589881a40c8ed6c0d0c368b44000629373665870382b6e9b4621fe9eaa06051c6e358bc4faacc9778a96d2ac872bc359
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            ValidFrom: '2004-01-22 10:00:00'
+            ValidTo: '2017-01-27 10:00:00'
+            Signature: 1e6af36df48ea922fe7008652ea15dab3330dd6c78fa4beaadc58dec107a6ac55897396b92f391e20ca7281cd15d768e8b077c136fadc43643b3c1bc3159cf1838d8a33bceffca6758bfe0f1ac613ea23b1ebc025b41ac446bf526f3ed5ea865f6ca65a63fcaf577eba5862a582956f8be161040e9d2fc572c636137662539202e0703a036032594bd7ceb7ed3a3c2c57616753092b9ff7641352168d10e5e5c8ec30360e68040fcc05da2546e6e9267a7811287a2a32bdbb74dffe4d5c7e505e6d5f1aefccd661821f33e47c9e59542612c9d2680b20fa83d0ec9a778df6e748c2c46f672e93c646b2855c44b6433cb78541338f0d57106d43e0d0a350ee0b3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 040000000001239e0faf24
+            Version: 3
+            TBS:
+                MD5: 7dd2351a85d3665eeb6720a21f4f7dee
+                SHA1: 77838c4d7f36958a581841d28f481d61ce0696ed
+                SHA256: 846725f4b0193468c1079d6127e9e6e420fc6ed66019ed02d732ba644decad57
+                SHA384: aaa45fe704bc66bb1842a2123c6e45e016dfbc7ba2ce07d7d2ee0b5d488a39c68bc6db582cb45d51f5fa52e60be8efd6
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 010000000001257ee1f400
+            Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            Version: 1
+    Imphash: 08c7f29f5cb29ba70e49879da2e8ddce
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: d86884546c97e614b73d16c600cfb2df
+        SHA1: 94f7575a6bb378d0cf85b3dc65941c95415e7a80
+        SHA256: 3bc0cec99dce687304dad8f7a6daf772e695cbd0169d346d03ae12500361a1e8
+    Company: Phoenix Technologies
+    Copyright: EnTech Taiwan, 1997-2009
+    CreationTimestamp: '2009-12-14 03:23:26'
+    Date: ''
+    Description: DriverAgent Direct I/O for 64-bit Windows
+    ExportedFunctions: ''
+    FileVersion: '6.0'
+    Filename: Agent64.sys
+    ImportedFunctions:
+    - KeInitializeDpc
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - IofCallDriver
+    - ExFreePoolWithTag
+    - ExAllocatePool
+    - ZwClose
+    - MmUnmapLockedPages
+    - IoDeleteDevice
+    - KeSetEvent
+    - MmFreeContiguousMemory
+    - MmUnmapIoSpace
+    - IoFreeMdl
+    - ZwUnmapViewOfSection
+    - IoConnectInterrupt
+    - IoDisconnectInterrupt
+    - IoStartNextPacket
+    - KeInsertQueueDpc
+    - MmMapLockedPages
+    - ZwMapViewOfSection
+    - MmBuildMdlForNonPagedPool
+    - MmGetPhysicalAddress
+    - MmMapLockedPagesSpecifyCache
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - IoAllocateMdl
+    - MmAllocateContiguousMemory
+    - KeBugCheckEx
+    - RtlInitUnicodeString
+    - _snwprintf
+    - IoCreateNotificationEvent
+    - IoDeleteSymbolicLink
+    - HalTranslateBusAddress
+    - HalGetInterruptVector
+    - KeStallExecutionProcessor
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: Agent64.sys
+    MD5: ddc2ffe0ab3fcd48db898ab13c38d88d
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: Agent64.sys
+    Product: DriverAgent
+    ProductVersion: '6.0'
+    Publisher: '"eSupport.com, Inc.", Phoenix Technologies Ltd, "eSupport.com, Inc" '
+    RichPEHeaderHash:
+        MD5: dd9ea0c6c3773a8caf1a86726551af41
+        SHA1: 45509ef0d417fb2a30496adc9511d048e4730f98
+        SHA256: 5b467c45ee29fdaba31eff00eacc8db61940f94a9bf6a357c0663c58b2cd752b
+    SHA1: 33cdab3bbc8b3adce4067a1b042778607dce2acd
+    SHA256: 6948480954137987a0be626c24cf594390960242cd75f094cd6aaa5c2e7a54fa
+    Sections:
+        .text:
+            Entropy: 6.202530356985499
+            Virtual Size: '0x1e7e'
+        .rdata:
+            Entropy: 4.254011605715145
+            Virtual Size: '0x2c8'
+        .data:
+            Entropy: 0.36599028709984766
+            Virtual Size: '0x198'
+        .pdata:
+            Entropy: 3.801830276557545
+            Virtual Size: '0xf0'
+        INIT:
+            Entropy: 4.959426922678397
+            Virtual Size: '0x4e4'
+        .rsrc:
+            Entropy: 3.2916671010793452
+            Virtual Size: '0x3f8'
+    Signature:
+    - Phoenix Technologies Ltd
+    - GlobalSign ObjectSign CA
+    - GlobalSign Primary Object Publishing CA
+    - GlobalSign Root CA - R1
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
+                Primary Object Publishing CA
+            ValidFrom: '1999-01-28 13:00:00'
+            ValidTo: '2017-01-27 12:00:00'
+            Signature: b578a6a27c04b77fc97f7d6abc71fa293060c2f4621efe7f431e9b6ee2b21f730b85765b7df54e49062fd4fab79140efed6f8d8e138354c52a023d0aa4dc990b7abd772fcc40c18ff3c48c4e72ba107ce6ff642bc7ce6ca7fcd79a7c8e468d01834d423bdb9c3f9f326157d717b0b33666f0b3fd446f8137b1944ea7562589f58ad66d116262795c42900218d39c23fc08e86445b92d7e805b4eafc38a299283781f914134af85c5fd07994e2c5cfec7fd17bb2525314d72b5b5294b489a376f13c7114e4a451e7e2f319cabe852afd6679734885f0e276a6652d15ac7ac302c2038dd2bff3aebce104582a27b1ba12073569b2a93e60451066c1bdc2f899493
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 040000000001239e0facb3
+            Version: 3
+            TBS:
+                MD5: 5ccf05e4dec10d9d6fe15d8778325272
+                SHA1: 79f0a648bd7f1184f86bff43ae47c9ecc3ed3cec
+                SHA256: 33ea31b892ba274a4aefe545de45c42c218b6dff78146655cdea892545c2cccc
+                SHA384: 1350ebc11fd20f5f141bc545786506e6a154be054da7a6e603cb276a6d60a24f2a4016ecc2f5cabd1088e1905f60aabf
+        -   Subject: C=US, ST=MA, L=North Andover, O=Phoenix Technologies Ltd, OU=eSupport,
+                CN=Phoenix Technologies Ltd
+            ValidFrom: '2009-12-11 17:20:45'
+            ValidTo: '2010-12-12 17:20:42'
+            Signature: a7d9a2c70e374ebde881422b81fab976d3182885474a1379d078c736dc5e32157c8b5c667ec3e4bfb078a7f1e90e27be2bad1a41c54e9b53fcdf4f53c55a4a6e1328c147ca683314ae76a64e00d0487ae707f63c1c8524b5245329d368f7cbe263c7982dc73fe20c76921d51ad2a4333baba7443b5f493d42e8a2abcc510371a0a8a6b549cc41484d1da2442ce77e29284e7a6c1c64f2597e2cef45d2e97e1bb74826cab053233cfffed1d55c0c65b6bdefe00c5817dcbe798aa13bb7fb5c909348d5968c7f049f99943fbe0cf8be7e68fee1c6b45b911ecb1e11683a719be94109894e0c39d50530bbb9d0d2db812b78893f9ed0a870f9f6196268ed35ef119
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 010000000001257ee1f400
+            Version: 3
+            TBS:
+                MD5: ed0acf60cdd337b9e0a2ab818d7733c6
+                SHA1: e5a9eb7de851eb17fed066190a6c4e8b13cc908b
+                SHA256: ddb82ae2aaed1a98b7c6c84378f622064b4e0e3f9b2abb57819eeba31eabee40
+                SHA384: 589881a40c8ed6c0d0c368b44000629373665870382b6e9b4621fe9eaa06051c6e358bc4faacc9778a96d2ac872bc359
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            ValidFrom: '2004-01-22 10:00:00'
+            ValidTo: '2017-01-27 10:00:00'
+            Signature: 1e6af36df48ea922fe7008652ea15dab3330dd6c78fa4beaadc58dec107a6ac55897396b92f391e20ca7281cd15d768e8b077c136fadc43643b3c1bc3159cf1838d8a33bceffca6758bfe0f1ac613ea23b1ebc025b41ac446bf526f3ed5ea865f6ca65a63fcaf577eba5862a582956f8be161040e9d2fc572c636137662539202e0703a036032594bd7ceb7ed3a3c2c57616753092b9ff7641352168d10e5e5c8ec30360e68040fcc05da2546e6e9267a7811287a2a32bdbb74dffe4d5c7e505e6d5f1aefccd661821f33e47c9e59542612c9d2680b20fa83d0ec9a778df6e748c2c46f672e93c646b2855c44b6433cb78541338f0d57106d43e0d0a350ee0b3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 040000000001239e0faf24
+            Version: 3
+            TBS:
+                MD5: 7dd2351a85d3665eeb6720a21f4f7dee
+                SHA1: 77838c4d7f36958a581841d28f481d61ce0696ed
+                SHA256: 846725f4b0193468c1079d6127e9e6e420fc6ed66019ed02d732ba644decad57
+                SHA384: aaa45fe704bc66bb1842a2123c6e45e016dfbc7ba2ce07d7d2ee0b5d488a39c68bc6db582cb45d51f5fa52e60be8efd6
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 010000000001257ee1f400
+            Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            Version: 1
+    Imphash: 08c7f29f5cb29ba70e49879da2e8ddce
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: d86884546c97e614b73d16c600cfb2df
+        SHA1: 94f7575a6bb378d0cf85b3dc65941c95415e7a80
+        SHA256: 3bc0cec99dce687304dad8f7a6daf772e695cbd0169d346d03ae12500361a1e8
+    Company: Phoenix Technologies
+    Copyright: EnTech Taiwan, 1997-2009
+    CreationTimestamp: '2009-12-14 03:23:26'
+    Date: ''
+    Description: DriverAgent Direct I/O for 64-bit Windows
+    ExportedFunctions: ''
+    FileVersion: '6.0'
+    Filename: Agent64.sys
+    ImportedFunctions:
+    - KeInitializeDpc
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - IofCallDriver
+    - ExFreePoolWithTag
+    - ExAllocatePool
+    - ZwClose
+    - MmUnmapLockedPages
+    - IoDeleteDevice
+    - KeSetEvent
+    - MmFreeContiguousMemory
+    - MmUnmapIoSpace
+    - IoFreeMdl
+    - ZwUnmapViewOfSection
+    - IoConnectInterrupt
+    - IoDisconnectInterrupt
+    - IoStartNextPacket
+    - KeInsertQueueDpc
+    - MmMapLockedPages
+    - ZwMapViewOfSection
+    - MmBuildMdlForNonPagedPool
+    - MmGetPhysicalAddress
+    - MmMapLockedPagesSpecifyCache
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - IoAllocateMdl
+    - MmAllocateContiguousMemory
+    - KeBugCheckEx
+    - RtlInitUnicodeString
+    - _snwprintf
+    - IoCreateNotificationEvent
+    - IoDeleteSymbolicLink
+    - HalTranslateBusAddress
+    - HalGetInterruptVector
+    - KeStallExecutionProcessor
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: Agent64.sys
+    MD5: 29ccff428e5eb70ae429c3da8968e1ec
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: Agent64.sys
+    Product: DriverAgent
+    ProductVersion: '6.0'
+    Publisher: '"eSupport.com, Inc.", Phoenix Technologies Ltd, "eSupport.com, Inc" '
+    RichPEHeaderHash:
+        MD5: dd9ea0c6c3773a8caf1a86726551af41
+        SHA1: 45509ef0d417fb2a30496adc9511d048e4730f98
+        SHA256: 5b467c45ee29fdaba31eff00eacc8db61940f94a9bf6a357c0663c58b2cd752b
+    SHA1: 21e6c104fe9731c874fab5c9560c929b2857b918
+    SHA256: 8cb62c5d41148de416014f80bd1fd033fd4d2bd504cb05b90eeb6992a382d58f
+    Sections:
+        .text:
+            Entropy: 6.202530356985499
+            Virtual Size: '0x1e7e'
+        .rdata:
+            Entropy: 4.254011605715145
+            Virtual Size: '0x2c8'
+        .data:
+            Entropy: 0.36599028709984766
+            Virtual Size: '0x198'
+        .pdata:
+            Entropy: 3.801830276557545
+            Virtual Size: '0xf0'
+        INIT:
+            Entropy: 4.959426922678397
+            Virtual Size: '0x4e4'
+        .rsrc:
+            Entropy: 3.2916671010793452
+            Virtual Size: '0x3f8'
+    Signature:
+    - eSupport.com, Inc
+    - GlobalSign CodeSigning CA - G2
+    - GlobalSign Root CA - R1
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, ST=Massachusetts, L=North Andover, O=eSupport.com, Inc,
+                CN=eSupport.com, Inc
+            ValidFrom: '2013-08-20 20:02:56'
+            ValidTo: '2014-08-21 20:02:56'
+            Signature: 8f8cbb4f0adaa90368c533e8ccdfa1cc41e00542eeff2f26535b87723292930e207a18e6738acd604e85995e5c2783dae363ed56452392b15f55db6d5f0054352847ecce83b3b40504a1a1299d608674bbe771bb10bdaac159895d747de333ab565ccb7e153003b958d2c2c5e0646faec117a93625865ca9446d2c8fd6cdd474c4c9d11aa2c6dae281c649564df8918607430a7391144cbc9401aac196acabd2bf077fb25dc2d8a90dde1523dbec77eb72c782b3c7b3b0d4c50915bac1f256ed27e6b73d992927946dae1a8675b9cd0e68ba58c4d609f8b3bb20dfade8f1f436213c2965db77ef07105cbb9daf2ba0f70afd473ee557204bf7caeb7938244f50
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 11213d2f2fb6b9005e295e3c9596b6442513
+            Version: 3
+            TBS:
+                MD5: 570a8aca88583d09bea3e125d3d7000b
+                SHA1: 08661628ab6fc154918e70be1e880d44b5ef6d18
+                SHA256: a66a20b7e5eccc727d743a53db3d8db58b16a9855cee5188efd74e8d5290beba
+                SHA384: c3ca78259c9cab5169770ea2a84e0473004ed3e70c5af5ec2f130c1a91cf2ea29e8f1d6fb7f8dbf963d425f1ce1bf6ad
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2011-04-15 19:55:08'
+            ValidTo: '2021-04-15 20:05:08'
+            Signature: 5ff8d065746a81c6a6ca5b03b6914ae84bbdef2ba142f0efb4a5adcd3389ec0b9585ac62501108aa58d25aa08310e5a6337af25af2c5fe787cf09c83df190ad97396002dd62ccde914d41d9de83f3c1a76f7904efb01350a6c9313a0c356eb67a0e4d17a96dec267f190f80a7bf5321b94ec5f751f8d1b34da6c58a7cb2d279e2226b7c9aa30cc0777b836e38201b5393ccc8dd9a75f7f23b3877fdb5798918bd7ce2520e39d644fdd87f72b68490318e0a5df7c5f68644d36838d4781f2e9e0a869abfa7b163c05a449ea8830190a6c73055178dfd41ddd3ad47f2de44e54be83431e7a7433b4a4ebd77073bc2a02988966eef6bc8f749378e329025a5a43e258ce7ccf9acad236893be25fda26054ec8d4e72c910e1797c5beee8b13112323294ffa83d050f6bafad53db3173df4ff034aa325dce67561d1fa35086bd62744d068b78d45e0eb852cc8a15d614474160e5958aed2b5eea5bcd6d7076ab62978fd976767dd8d4f17944fd2ed0caf972437c3a29c81da6be143b6577b4cecbf791319e79fe844e94781b75e701e91f83dd17b27f50b7056434805dda92fab86101d0b12e31ad04c6e75ded645b30b748887935c564a41029af7aeb799d8b67f88fa11f2457cf4d71b91c01cf1a0fbd4080a411a142acef4eb34486e66879ed54b7a397fbb0e3d3861cf735706e412066bd96b5308cd7018c22d4f974691bca9f0
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 6129152700000000002a
+            Version: 3
+            TBS:
+                MD5: 0bb058d116f02817737920f112d9fd3b
+                SHA1: fd116235171a4feafedee586b7a59185fb5fd7e6
+                SHA256: f970426cc46d2ae0fc5f899fa19dbe76e05f07e525654c60c3c9399492c291f4
+                SHA384: c0df876be008c26ca407fe904e6f5e7ccded17f9c16830ce9f8022309c9e64c97f494810f152811ae43e223b82ad7cc6
+        Signer:
+        -   SerialNumber: 11213d2f2fb6b9005e295e3c9596b6442513
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 08c7f29f5cb29ba70e49879da2e8ddce
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: d86884546c97e614b73d16c600cfb2df
+        SHA1: 94f7575a6bb378d0cf85b3dc65941c95415e7a80
+        SHA256: 3bc0cec99dce687304dad8f7a6daf772e695cbd0169d346d03ae12500361a1e8
+    Company: Phoenix Technologies
+    Copyright: EnTech Taiwan, 1997-2009
+    CreationTimestamp: '2009-12-14 03:23:26'
+    Date: ''
+    Description: DriverAgent Direct I/O for 64-bit Windows
+    ExportedFunctions: ''
+    FileVersion: '6.0'
+    Filename: Agent64.sys
+    ImportedFunctions:
+    - KeInitializeDpc
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - IofCallDriver
+    - ExFreePoolWithTag
+    - ExAllocatePool
+    - ZwClose
+    - MmUnmapLockedPages
+    - IoDeleteDevice
+    - KeSetEvent
+    - MmFreeContiguousMemory
+    - MmUnmapIoSpace
+    - IoFreeMdl
+    - ZwUnmapViewOfSection
+    - IoConnectInterrupt
+    - IoDisconnectInterrupt
+    - IoStartNextPacket
+    - KeInsertQueueDpc
+    - MmMapLockedPages
+    - ZwMapViewOfSection
+    - MmBuildMdlForNonPagedPool
+    - MmGetPhysicalAddress
+    - MmMapLockedPagesSpecifyCache
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - IoAllocateMdl
+    - MmAllocateContiguousMemory
+    - KeBugCheckEx
+    - RtlInitUnicodeString
+    - _snwprintf
+    - IoCreateNotificationEvent
+    - IoDeleteSymbolicLink
+    - HalTranslateBusAddress
+    - HalGetInterruptVector
+    - KeStallExecutionProcessor
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: Agent64.sys
+    MD5: a57b47489febc552515778dd0fd1e51c
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: Agent64.sys
+    Product: DriverAgent
+    ProductVersion: '6.0'
+    Publisher: '"eSupport.com, Inc.", Phoenix Technologies Ltd, "eSupport.com, Inc" '
+    RichPEHeaderHash:
+        MD5: dd9ea0c6c3773a8caf1a86726551af41
+        SHA1: 45509ef0d417fb2a30496adc9511d048e4730f98
+        SHA256: 5b467c45ee29fdaba31eff00eacc8db61940f94a9bf6a357c0663c58b2cd752b
+    SHA1: d979353d04bf65cc92ad3412605bc81edbb75ec2
+    SHA256: b1d96233235a62dbb21b8dbe2d1ae333199669f67664b107bff1ad49b41d9414
+    Sections:
+        .text:
+            Entropy: 6.202530356985499
+            Virtual Size: '0x1e7e'
+        .rdata:
+            Entropy: 4.254011605715145
+            Virtual Size: '0x2c8'
+        .data:
+            Entropy: 0.36599028709984766
+            Virtual Size: '0x198'
+        .pdata:
+            Entropy: 3.801830276557545
+            Virtual Size: '0xf0'
+        INIT:
+            Entropy: 4.959426922678397
+            Virtual Size: '0x4e4'
+        .rsrc:
+            Entropy: 3.2916671010793452
+            Virtual Size: '0x3f8'
+    Signature:
+    - eSupport.com, Inc.
+    - GlobalSign Extended Validation CodeSigning CA - SHA256 - G2
+    - GlobalSign
+    - GlobalSign Root CA - R1
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: OU=GlobalSign Root CA , R3, O=GlobalSign, CN=GlobalSign
+            ValidFrom: '2009-11-18 10:00:00'
+            ValidTo: '2019-03-18 10:00:00'
+            Signature: 4252a97ea2cf5b3bcb4bddbaf85759d324a47772ef62443782ed06ee04d5165f24a314dc6c54056ab09b3dda8139daad28db956f8183f5cd62b14524b1dd29e5085495958cf01d065f1ad6463f1340174811169b474dd13ab50f571c9230d0f8b2253b0acdf687f9c7b257d33f7da58c14ce9ca8c79f4693da59fa795d652035445a4fc1909dc1549256dc34c8f5c103d05dc059489c00fc95a0f1d176f71636c813927f2d2bc0b880f126261f414d52bf1e97bb018208e715f6c1d5342accf5e4c3877a5781e1d6d74286620177e2a9c47a86f404387a076a7d00ec73f7a80b3478c59eb3efb838400e8c3353c875ec5f3eea755eff820e7415dc1905f3ba31
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000125071df9af
+            Version: 3
+            TBS:
+                MD5: f47739306d14722e670d9436eadb8e4f
+                SHA1: 457d9df00a652cb4c3356d00145d9528fc309172
+                SHA256: bd1765c56594221373893ef26d97f88c144fb0e5a0111215b45d7239c3444df7
+                SHA384: b8b268a1bdf388be66a1c969b7b353cb2bbc9fad446049b7efa05a9ab3b714494e97f4d1ee1c0bae35bfd9bf6ef275b3
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Extended Validation CodeSigning
+                CA , SHA256 , G2
+            ValidFrom: '2011-08-02 10:00:00'
+            ValidTo: '2019-08-02 10:00:00'
+            Signature: aaa11197ffb423e8f303ecd38eef52a15c833563e5fff142b78335c693f5505e9b8921e85853188834fbdd49e122ea0f8ab122482919dc2ef92368588114552d24b929687853ac72fdcbf18a53a0dac8106f8938236ebb99f17390dbf1bf80a3ae8d4915bc8d88fd591dfe13ae54c3a697cd006b3d4148901505e4a41803d4d7a9e3a940b66c21acd37e1ce65df404b18bda0cd8aaebb936517f173a8d3728c7b7b8719012c66c6cb4843bf1a547dcc4a33b2c5dea0883c4e33910e4ab21650a4256d8b268f693e51ee28301ab0b86b2cfa54a37a4b2dc6cd782318d3f90e6b12a057089fc201d9f2af7ccdd93b5570deb400302d0044f84edf0728007951214
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000013189c64de1
+            Version: 3
+            TBS:
+                MD5: b3d3ff804abcd2e7686c126c98cc2c10
+                SHA1: 358391557c2b6213777e282ad8efe9c8112d1b0e
+                SHA256: 9467b8e0d2879abe9a9b791d7a1aa60672949af71bb1b2a5aca1a54368519bca
+                SHA384: 936a127c2d468f5e4edb642c82bed11fb5df99b87cf34b8d7ddc136e979183d133dae715146d98c63af32186eb8d1bbd
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2011-04-15 19:55:08'
+            ValidTo: '2021-04-15 20:05:08'
+            Signature: 5ff8d065746a81c6a6ca5b03b6914ae84bbdef2ba142f0efb4a5adcd3389ec0b9585ac62501108aa58d25aa08310e5a6337af25af2c5fe787cf09c83df190ad97396002dd62ccde914d41d9de83f3c1a76f7904efb01350a6c9313a0c356eb67a0e4d17a96dec267f190f80a7bf5321b94ec5f751f8d1b34da6c58a7cb2d279e2226b7c9aa30cc0777b836e38201b5393ccc8dd9a75f7f23b3877fdb5798918bd7ce2520e39d644fdd87f72b68490318e0a5df7c5f68644d36838d4781f2e9e0a869abfa7b163c05a449ea8830190a6c73055178dfd41ddd3ad47f2de44e54be83431e7a7433b4a4ebd77073bc2a02988966eef6bc8f749378e329025a5a43e258ce7ccf9acad236893be25fda26054ec8d4e72c910e1797c5beee8b13112323294ffa83d050f6bafad53db3173df4ff034aa325dce67561d1fa35086bd62744d068b78d45e0eb852cc8a15d614474160e5958aed2b5eea5bcd6d7076ab62978fd976767dd8d4f17944fd2ed0caf972437c3a29c81da6be143b6577b4cecbf791319e79fe844e94781b75e701e91f83dd17b27f50b7056434805dda92fab86101d0b12e31ad04c6e75ded645b30b748887935c564a41029af7aeb799d8b67f88fa11f2457cf4d71b91c01cf1a0fbd4080a411a142acef4eb34486e66879ed54b7a397fbb0e3d3861cf735706e412066bd96b5308cd7018c22d4f974691bca9f0
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 6129152700000000002a
+            Version: 3
+            TBS:
+                MD5: 0bb058d116f02817737920f112d9fd3b
+                SHA1: fd116235171a4feafedee586b7a59185fb5fd7e6
+                SHA256: f970426cc46d2ae0fc5f899fa19dbe76e05f07e525654c60c3c9399492c291f4
+                SHA384: c0df876be008c26ca407fe904e6f5e7ccded17f9c16830ce9f8022309c9e64c97f494810f152811ae43e223b82ad7cc6
+        -   Subject: ??=Private Organization, serialNumber=001030216, ??=US, ??=Massachusetts,
+                C=US, ST=MA, L=North Andover, ??=120 Water St, O=eSupport.com, Inc.,
+                CN=eSupport.com, Inc.
+            ValidFrom: '2015-09-22 15:11:47'
+            ValidTo: '2018-09-22 15:11:47'
+            Signature: 0918e9fdc6e22f2f347ef860157ccabe11af3d666c186285f58ca1fdf5259e3785834ba138cc84b2f839762b5622053ab7e75610011ba2162b5cf22d083b01cec6f7f6fb900bb3822068e303260f6e82ac8003b64abc3173b3c01c3da9140a19aa6913fbedc0bb9c7a62d5bb3b71126dfa8c3faacf0f08fdf46504cf14cd7711f4abecb3f3b5fc2bd8f05adffccf777319d702d2072a5bcc49b8b78c888bc99e242d822acee354d996cf399c828701f9f5912816c3da6cfb8f3a6837428973fe0d518e645b25037b6861c436994da8543d286772c2d93ebcf3e1773dc8b47043ed278c3dc099c770f74490e0ce16abd3cbf4aaf348b70e2701f759b9cf61a917
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 1121b5d4d579fe52c475c01e3da626487f05
+            Version: 3
+            TBS:
+                MD5: f072f16cdf1f6c4bf7cf7e6306bc5fdc
+                SHA1: 3cd171c0933a070c0d16bca6ae068aaf4844bb89
+                SHA256: 02243b344c0aafe05d84d4f599fc19d862cd6965a4e0d299af544cbaaea3c58f
+                SHA384: 4bb4b23312bf392a82f4104c9a08c160e35893b8988911eebed69df1af0179d1a7a640fcda88678df7b9855ca9790688
+        Signer:
+        -   SerialNumber: 1121b5d4d579fe52c475c01e3da626487f05
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Extended Validation CodeSigning
+                CA , SHA256 , G2
+            Version: 1
+    Imphash: 08c7f29f5cb29ba70e49879da2e8ddce
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: d86884546c97e614b73d16c600cfb2df
+        SHA1: 94f7575a6bb378d0cf85b3dc65941c95415e7a80
+        SHA256: 3bc0cec99dce687304dad8f7a6daf772e695cbd0169d346d03ae12500361a1e8
+    Company: Phoenix Technologies
+    Copyright: EnTech Taiwan, 1997-2009
+    CreationTimestamp: '2009-12-14 03:23:26'
+    Date: ''
+    Description: DriverAgent Direct I/O for 64-bit Windows
+    ExportedFunctions: ''
+    FileVersion: '6.0'
+    Filename: ''
+    ImportedFunctions:
+    - KeInitializeDpc
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - IofCallDriver
+    - ExFreePoolWithTag
+    - ExAllocatePool
+    - ZwClose
+    - MmUnmapLockedPages
+    - IoDeleteDevice
+    - KeSetEvent
+    - MmFreeContiguousMemory
+    - MmUnmapIoSpace
+    - IoFreeMdl
+    - ZwUnmapViewOfSection
+    - IoConnectInterrupt
+    - IoDisconnectInterrupt
+    - IoStartNextPacket
+    - KeInsertQueueDpc
+    - MmMapLockedPages
+    - ZwMapViewOfSection
+    - MmBuildMdlForNonPagedPool
+    - MmGetPhysicalAddress
+    - MmMapLockedPagesSpecifyCache
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - IoAllocateMdl
+    - MmAllocateContiguousMemory
+    - KeBugCheckEx
+    - RtlInitUnicodeString
+    - _snwprintf
+    - IoCreateNotificationEvent
+    - IoDeleteSymbolicLink
+    - HalTranslateBusAddress
+    - HalGetInterruptVector
+    - KeStallExecutionProcessor
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: Agent64.sys
+    MD5: fe71c99a5830f94d77a8792741d6e6c7
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: Agent64.sys
+    PDBPath: ''
+    Product: DriverAgent
+    ProductVersion: '6.0'
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: dd9ea0c6c3773a8caf1a86726551af41
+        SHA1: 45509ef0d417fb2a30496adc9511d048e4730f98
+        SHA256: 5b467c45ee29fdaba31eff00eacc8db61940f94a9bf6a357c0663c58b2cd752b
+    SHA1: acb5d7e182a108ee02c5cb879fc94e0d6db7dd68
+    SHA256: 4db1e0fdc9e6cefeb1d588668ea6161a977c372d841e7b87098cf90aa679abfb
+    Sections:
+        .text:
+            Entropy: 6.202530356985499
+            Virtual Size: '0x1e7e'
+        .rdata:
+            Entropy: 4.254011605715145
+            Virtual Size: '0x2c8'
+        .data:
+            Entropy: 0.36599028709984766
+            Virtual Size: '0x198'
+        .pdata:
+            Entropy: 3.801830276557545
+            Virtual Size: '0xf0'
+        INIT:
+            Entropy: 4.959426922678397
+            Virtual Size: '0x4e4'
+        .rsrc:
+            Entropy: 3.2916671010793452
+            Virtual Size: '0x3f8'
+    Signature: ''
+    Signatures: {}
+    Imphash: 08c7f29f5cb29ba70e49879da2e8ddce
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/5961e133-ccc3-4530-8f4f-5d975c41028d.yaml b/yaml/5961e133-ccc3-4530-8f4f-5d975c41028d.yaml
index 60de2f04f..c55cbb3d8 100644
--- a/yaml/5961e133-ccc3-4530-8f4f-5d975c41028d.yaml
+++ b/yaml/5961e133-ccc3-4530-8f4f-5d975c41028d.yaml
@@ -1,774 +1,776 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 5961e133-ccc3-4530-8f4f-5d975c41028d
+Tags:
+- LgDataCatcher.sys
+Verified: 'TRUE'
 Author: Michael Haag
+Created: '2023-07-22'
+MitreID: T1068
 CVE:
 - ''
 Category: vulnerable drivers
 Commands:
-  Command: ''
-  Description: Confirmed vulnerable driver from Microsoft Block List
-  OperatingSystem: Windows
-  Privileges: kernel
-  Usecase: Elevate privileges
-Created: '2023-07-22'
-Detection:
-- type: ''
-  value: ''
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: 5961e133-ccc3-4530-8f4f-5d975c41028d
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 26cbbcf09fcbba64d93342c273c480d2
-    SHA1: 7aa2c4c51afc1c82beae55ab9ca7ba0bb588b5c0
-    SHA256: df4e25990742fc8d3aed70f6cb4d402e111e7ed08fa5f76aca685b8c03b98b93
-  Company: Windows (R) Win 7 DDK provider
-  Copyright: Copyright  2020 nn.com
-  CreationTimestamp: '2020-05-12 20:43:44'
-  Date: ''
-  Description: Leigod net data catcher.
-  ExportedFunctions: ''
-  FileVersion: 1.0.0.0
-  Filename: ''
-  ImportedFunctions:
-  - FwpmFreeMemory0
-  - FwpmEngineOpen0
-  - FwpmEngineClose0
-  - FwpmTransactionBegin0
-  - FwpmTransactionCommit0
-  - FwpmTransactionAbort0
-  - FwpmProviderAdd0
-  - FwpmProviderContextDeleteByKey0
-  - FwpmSubLayerAdd0
-  - FwpmSubLayerDeleteByKey0
-  - FwpmSubLayerCreateEnumHandle0
-  - FwpmSubLayerEnum0
-  - FwpmSubLayerDestroyEnumHandle0
-  - FwpmCalloutAdd0
-  - FwpmFilterAdd0
-  - FwpsFlowAbort0
-  - FwpsInjectionHandleCreate0
-  - FwpsQueryPacketInjectionState0
-  - FwpsAllocateNetBufferAndNetBufferList0
-  - FwpsFreeNetBufferList0
-  - FwpsFreeCloneNetBufferList0
-  - FwpsInjectNetworkSendAsync0
-  - FwpsConstructIpHeaderForTransportPacket0
-  - FwpsInjectTransportSendAsync0
-  - FwpsInjectTransportReceiveAsync0
-  - FwpsInjectNetworkReceiveAsync0
-  - FwpsStreamInjectAsync0
-  - FwpsCopyStreamDataToBuffer0
-  - FwpmBfeStateGet0
-  - FwpmBfeStateSubscribeChanges0
-  - FwpmBfeStateUnsubscribeChanges0
-  - FwpsFlowRemoveContext0
-  - FwpsCompleteClassify0
-  - FwpsRedirectHandleDestroy0
-  - FwpsCloneStreamData0
-  - FwpsDiscardClonedStreamData0
-  - FwpsRedirectHandleCreate0
-  - FwpsApplyModifiedLayerData0
-  - FwpsAcquireWritableLayerDataPointer0
-  - FwpsReleaseClassifyHandle0
-  - FwpsAcquireClassifyHandle0
-  - FwpsFlowAssociateContext0
-  - FwpsCalloutUnregisterByKey0
-  - FwpsCalloutRegister1
-  - FwpsInjectionHandleDestroy0
-  - FwpsPendClassify0
-  - NdisFreeNetBufferListPool
-  - NdisWaitEvent
-  - NdisInitializeEvent
-  - NdisFreeGenericObject
-  - NdisAllocateGenericObject
-  - NdisGetDataBuffer
-  - NdisAdvanceNetBufferDataStart
-  - NdisRetreatNetBufferDataStart
-  - NdisAllocateNetBufferListPool
-  - KeAcquireInStackQueuedSpinLock
-  - KeReleaseInStackQueuedSpinLock
-  - ExAllocatePoolWithTag
-  - ExUuidCreate
-  - swprintf_s
-  - RtlInitUnicodeString
-  - MmGetSystemRoutineAddress
-  - RtlAppendUnicodeToString
-  - RtlCreateSecurityDescriptor
-  - RtlSetDaclSecurityDescriptor
-  - KeInitializeEvent
-  - KeSetEvent
-  - KeWaitForSingleObject
-  - KeInitializeSpinLock
-  - ExFreePoolWithTag
-  - ExQueryDepthSList
-  - ExpInterlockedPopEntrySList
-  - ExpInterlockedPushEntrySList
-  - ExInitializeNPagedLookasideList
-  - ExDeleteNPagedLookasideList
-  - MmBuildMdlForNonPagedPool
-  - MmMapLockedPagesSpecifyCache
-  - MmUnmapLockedPages
-  - MmAllocatePagesForMdl
-  - MmFreePagesFromMdl
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - IoAllocateMdl
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - IoFreeMdl
-  - IoReleaseCancelSpinLock
-  - ObReferenceObjectByHandle
-  - ObfDereferenceObject
-  - ZwClose
-  - ZwOpenKey
-  - ZwQueryValueKey
-  - PsGetCurrentProcessId
-  - ZwSetInformationThread
-  - RtlLengthSid
-  - RtlCreateAcl
-  - RtlAddAccessAllowedAce
-  - PsLookupProcessByProcessId
-  - ObOpenObjectByPointer
-  - ZwSetSecurityObject
-  - __C_specific_handler
-  - SeExports
-  - RtlGetVersion
-  - RtlCompareMemory
-  - RtlValidSid
-  Imports:
-  - fwpkclnt.sys
-  - NDIS.SYS
-  - ntoskrnl.exe
-  InternalName: LgDataCatcher.sys
-  MD5: 58e6c458409f748711353beb9acfc8ed
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: LgDataCatcher.sys
-  PDBPath: ''
-  Product: GameAcc
-  ProductVersion: 1.0.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: f40ea159736b62f8895bbfc28c0dfa09
-    SHA1: 2be491e3b182f5df0605c27ed0d26fb08c6b4cf6
-    SHA256: c5bd76e06c3bde6fd6494e77255dcfc2c35d59c7ebbf84df420b83198dbc16e1
-  SHA1: cc78c9c5871ab6b9d9ec9f9ffec122c109e4c5fe
-  SHA256: 45b07a2f387e047a6bb0e59b7f22fb56182d57b50e84e386a38c2dbb7e773837
-  Sections:
-    .text:
-      Entropy: 6.194279179648036
-      Virtual Size: '0xfb3a'
-    .rdata:
-      Entropy: 5.19122124724292
-      Virtual Size: '0x1a04'
-    .data:
-      Entropy: 2.0214134184014134
-      Virtual Size: '0x1680'
-    .pdata:
-      Entropy: 4.952698187604174
-      Virtual Size: '0xc24'
-    INIT:
-      Entropy: 5.174414715416575
-      Virtual Size: '0xef2'
-    .rsrc:
-      Entropy: 3.499847177522211
-      Virtual Size: '0x3f8'
-    .reloc:
-      Entropy: 4.8522168041142235
-      Virtual Size: '0x144'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: ??=CN, ??=, ??=, ??=Private Organization, serialNumber=91420106MA4KYGE00T,
-        C=CN, ST=Hubei, L=Wuhan, O=Wuhan Qimiao Technology Co., Ltd., CN=Wuhan Qimiao
-        Technology Co., Ltd.
-      ValidFrom: '2018-07-24 00:00:00'
-      ValidTo: '2021-07-27 12:00:00'
-      Signature: 7226f288fbeeca8f44035b0a08ce0dba5c96e989be8cd1c7ca8e21f4a721593728ee9e33a3bbc12424653b879b3ecf05b0929ea0579dffcb82b96e70a489428443d9a8387eb53581b31e2416ac5bfaf954e427ac54cd7eebb3c7d05cbfe751386bd54bcb9143cef6b552eff691f02057142709947fb4d76ffbcef98d4467bfd65b2ede6bfc1c9d7a3a03ecbe2f8be3374a0c4c82840362c656232d4e55f8a585bd85a9e94c5b019a76d3209558430c826712da1ab372c9d9fcb33f4adaee80b52e1d11f5b940ee0f73960109c4a4cf93f567281ef975cf3585707861561c0a814310984ca24eaae1c579df601f946052f3e96b5df4aa78fb0f1577ed66d7ccbb
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 04bb87e2d35b4b14bbfe76ae0f8f4372
-      Version: 3
-      TBS:
-        MD5: 93c8be246fe6a0584a07029f191006d3
-        SHA1: 21d94ebf6e46aff340c81db886845b67bc6df8c8
-        SHA256: 2f41d6e23cb86fc3825e1be65beaff32271d81c0902ad3696fd4745def3c15ce
-        SHA384: a887e08bddfb2ba00e88d8cef40d7c45d0594766b786a901708bee54c11ce7b4b206648efb4cf3e1f62d26de7ab77495
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA (SHA2)
-      ValidFrom: '2012-04-18 12:00:00'
-      ValidTo: '2027-04-18 12:00:00'
-      Signature: 19334a0c813337dbad36c9e4c93abbb51b2e7aa2e2f44342179ebf4ea14de1b1dbe981dd9f01f2e488d5e9fe09fd21c1ec5d80d2f0d6c143c2fe772bdbf9d79133ce6cd5b2193be62ed6c9934f88408ecde1f57ef10fc6595672e8eb6a41bd1cd546d57c49ca663815c1bfe091707787dcc98d31c90c29a233ed8de287cd898d3f1bffd5e01a978b7cda6dfba8c6b23a666b7b01b3cdd8a634ec1201ab9558a5c45357a860e6e70212a0b92364a24dbb7c81256421becfee42184397bba53706af4dff26a54d614bec4641b865ceb8799e08960b818c8a3b8fc7998ca32a6e986d5e61c696b78ab9612d93b8eb0e0443d7f5fea6f062d4996aa5c1c1f0649480
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 03f1b4e15f3a82f1149678b3d7d8475c
-      Version: 3
-      TBS:
-        MD5: 83f5de89f641d0fbf60248e10a7b9534
-        SHA1: 382a73a059a08698d6eb98c87e1b36fc750933a4
-        SHA256: eec58131dc11cd7f512501b15fdbc6074c603b68ca91f7162d5a042054edb0cf
-        SHA384: 4a25018683cabfb8ec2cad136334f37f33c89aa8540326322991d997c8adfb7faf06ab602ebd46630fe75fe3d2edc6b1
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 04bb87e2d35b4b14bbfe76ae0f8f4372
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA (SHA2)
-      Version: 1
-  Imphash: 8902d821cdfd8e73ca10c00a3ce66731
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 26cbbcf09fcbba64d93342c273c480d2
-    SHA1: 7aa2c4c51afc1c82beae55ab9ca7ba0bb588b5c0
-    SHA256: df4e25990742fc8d3aed70f6cb4d402e111e7ed08fa5f76aca685b8c03b98b93
-  Company: Windows (R) Win 7 DDK provider
-  Copyright: Copyright  2020 nn.com
-  CreationTimestamp: '2020-05-12 20:43:44'
-  Date: ''
-  Description: Leigod net data catcher.
-  ExportedFunctions: ''
-  FileVersion: 1.0.0.0
-  Filename: ''
-  ImportedFunctions:
-  - FwpmFreeMemory0
-  - FwpmEngineOpen0
-  - FwpmEngineClose0
-  - FwpmTransactionBegin0
-  - FwpmTransactionCommit0
-  - FwpmTransactionAbort0
-  - FwpmProviderAdd0
-  - FwpmProviderContextDeleteByKey0
-  - FwpmSubLayerAdd0
-  - FwpmSubLayerDeleteByKey0
-  - FwpmSubLayerCreateEnumHandle0
-  - FwpmSubLayerEnum0
-  - FwpmSubLayerDestroyEnumHandle0
-  - FwpmCalloutAdd0
-  - FwpmFilterAdd0
-  - FwpsFlowAbort0
-  - FwpsInjectionHandleCreate0
-  - FwpsQueryPacketInjectionState0
-  - FwpsAllocateNetBufferAndNetBufferList0
-  - FwpsFreeNetBufferList0
-  - FwpsFreeCloneNetBufferList0
-  - FwpsInjectNetworkSendAsync0
-  - FwpsConstructIpHeaderForTransportPacket0
-  - FwpsInjectTransportSendAsync0
-  - FwpsInjectTransportReceiveAsync0
-  - FwpsInjectNetworkReceiveAsync0
-  - FwpsStreamInjectAsync0
-  - FwpsCopyStreamDataToBuffer0
-  - FwpmBfeStateGet0
-  - FwpmBfeStateSubscribeChanges0
-  - FwpmBfeStateUnsubscribeChanges0
-  - FwpsFlowRemoveContext0
-  - FwpsCompleteClassify0
-  - FwpsRedirectHandleDestroy0
-  - FwpsCloneStreamData0
-  - FwpsDiscardClonedStreamData0
-  - FwpsRedirectHandleCreate0
-  - FwpsApplyModifiedLayerData0
-  - FwpsAcquireWritableLayerDataPointer0
-  - FwpsReleaseClassifyHandle0
-  - FwpsAcquireClassifyHandle0
-  - FwpsFlowAssociateContext0
-  - FwpsCalloutUnregisterByKey0
-  - FwpsCalloutRegister1
-  - FwpsInjectionHandleDestroy0
-  - FwpsPendClassify0
-  - NdisFreeNetBufferListPool
-  - NdisWaitEvent
-  - NdisInitializeEvent
-  - NdisFreeGenericObject
-  - NdisAllocateGenericObject
-  - NdisGetDataBuffer
-  - NdisAdvanceNetBufferDataStart
-  - NdisRetreatNetBufferDataStart
-  - NdisAllocateNetBufferListPool
-  - KeAcquireInStackQueuedSpinLock
-  - KeReleaseInStackQueuedSpinLock
-  - ExAllocatePoolWithTag
-  - ExUuidCreate
-  - swprintf_s
-  - RtlInitUnicodeString
-  - MmGetSystemRoutineAddress
-  - RtlAppendUnicodeToString
-  - RtlCreateSecurityDescriptor
-  - RtlSetDaclSecurityDescriptor
-  - KeInitializeEvent
-  - KeSetEvent
-  - KeWaitForSingleObject
-  - KeInitializeSpinLock
-  - ExFreePoolWithTag
-  - ExQueryDepthSList
-  - ExpInterlockedPopEntrySList
-  - ExpInterlockedPushEntrySList
-  - ExInitializeNPagedLookasideList
-  - ExDeleteNPagedLookasideList
-  - MmBuildMdlForNonPagedPool
-  - MmMapLockedPagesSpecifyCache
-  - MmUnmapLockedPages
-  - MmAllocatePagesForMdl
-  - MmFreePagesFromMdl
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - IoAllocateMdl
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - IoFreeMdl
-  - IoReleaseCancelSpinLock
-  - ObReferenceObjectByHandle
-  - ObfDereferenceObject
-  - ZwClose
-  - ZwOpenKey
-  - ZwQueryValueKey
-  - PsGetCurrentProcessId
-  - ZwSetInformationThread
-  - RtlLengthSid
-  - RtlCreateAcl
-  - RtlAddAccessAllowedAce
-  - PsLookupProcessByProcessId
-  - ObOpenObjectByPointer
-  - ZwSetSecurityObject
-  - __C_specific_handler
-  - SeExports
-  - RtlGetVersion
-  - RtlCompareMemory
-  - RtlValidSid
-  Imports:
-  - fwpkclnt.sys
-  - NDIS.SYS
-  - ntoskrnl.exe
-  InternalName: LgDataCatcher.sys
-  MD5: aca70899d834124fa02dc52f098cad05
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: LgDataCatcher.sys
-  PDBPath: ''
-  Product: GameAcc
-  ProductVersion: 1.0.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: f40ea159736b62f8895bbfc28c0dfa09
-    SHA1: 2be491e3b182f5df0605c27ed0d26fb08c6b4cf6
-    SHA256: c5bd76e06c3bde6fd6494e77255dcfc2c35d59c7ebbf84df420b83198dbc16e1
-  SHA1: 0c10ff27f2ab76bbe6ddece8c1b2cff05e5483cc
-  SHA256: 07fb2bb6c852f6a6fe982b2232f047e167be39738bac26806ffe0927ba873756
-  Sections:
-    .text:
-      Entropy: 6.194279179648036
-      Virtual Size: '0xfb3a'
-    .rdata:
-      Entropy: 5.19122124724292
-      Virtual Size: '0x1a04'
-    .data:
-      Entropy: 2.0214134184014134
-      Virtual Size: '0x1680'
-    .pdata:
-      Entropy: 4.952698187604174
-      Virtual Size: '0xc24'
-    INIT:
-      Entropy: 5.174414715416575
-      Virtual Size: '0xef2'
-    .rsrc:
-      Entropy: 3.499847177522211
-      Virtual Size: '0x3f8'
-    .reloc:
-      Entropy: 4.8522168041142235
-      Virtual Size: '0x144'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root
-        CA
-      ValidFrom: '2011-04-15 19:41:37'
-      ValidTo: '2021-04-15 19:51:37'
-      Signature: 5cf5b22d02ceed01b53512d813f7aa4014c7a15ca08a55ed7e55ea6ac457176fd04722423658efc5ac61c5f62c52ce6ae6c80d85dab334420ea40225182672b92a4ea57e4b16f2a0e40c449ce24d9af474f0f927a6699031c244654348c74869d0fc8409f286140ac22996857f11eb8713176ed3ec6bff1d578ab17b1ea5a07ce9a27a68e5fac6b161d67263fa379163835599f81d614f0c6fa3f7bcb1152acc8d85e31417ef7e49443fb022c0f0acbe2fdbe10c86b0f4585c5a10a94bcdf3448a4652083e0a6210e9459504b78b8d4b074f500db7bbe7fb8ca27878c6c53b7663b2cfe521845a66fce04c79834ecfa8ee700586587cc29cd73ca3ad3c7e76625c87d0ed7cd5c55b1421f4be75a275d2e9e15ad020307841624d6b5e6e1b1710244ad8588775d015d762bbfd185665842561977faad49df4f35d6da031c2e19e02ac3e90c3327ee832903416d08b14cf95accee58c54a265b8bfed186a57073ed3e79a4a2f081a041c49871a8ae61b08a365d81c31c50d9cbab368ddf45076160675fec403e7d13edfdc862e10027e661296534e7af3365879b12042d8963f35be3f8ef2999743f5e40ce13c68728c8d49d75a52b573fb7a35943a61b08482c04885c19732d39b725fa0d2348f7ef0467cf28c7294c707b0d7b5b230b81965f09c8327b0a0abd0a2727e050fb3aeddb95b9b42bcc32663456b86f11d4643edc8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611cb28a000000000026
-      Version: 3
-      TBS:
-        MD5: 983a0c315a50542362f2bd6a5d71c8d0
-        SHA1: 8047f476001f5cb16a661d2a3fd0c3576168f5e2
-        SHA256: 5f6a519ed2e35cd0fa1cdfc90f4387162c36287bbf9e4d6648251d99542a9e83
-        SHA384: 5f014b60511ddab3247ef0b3c03fe82c622237ba76015e2911d1adc50dc632d56ebd1ee532f3c2b6cbfe68d80a2c91dc
-    - Subject: C=CN, ST=, L=, O=, CN=
-      ValidFrom: '2020-04-07 00:00:00'
-      ValidTo: '2023-04-12 12:00:00'
-      Signature: 056b54cd71b6206297f5e781cbdd5fd3e1d00efd8902ba8fa5e88fa99f3e4de7f620d29685cd48f2e229845102cae6eeaf3dd16087873576b35af8bde8b369baf14d6956c881d4d55c730734db3029c84b83eabed46aeaf79daacc1821220e82886a9b499923225ac471a3df7389ab99693d7a950c07f7fcb4da549ed53c462676b259c867b31f317552cbdbeb331b537ec9b3ca4ab68c26a47aede38fd3a33253655442c4a6113cd16669660e55088a03650dc6c1c5fe52aabd613651e5f0a45096bfc3baeafc386bbe75b53909d4974cc360a491cb19090b681bca3dda039ee52b5bd5fdf1ff157625ad1f54db0e14b571e00d7119bfbd667df0cd517e77bd
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0dd7d4a785990584d8c0837659173272
-      Version: 3
-      TBS:
-        MD5: 559c170b8f735dd1ba8c3946354c4fa5
-        SHA1: e7432e65001ca5e56478ee25ae9906981432ee75
-        SHA256: 1c6140780d5210fb89e1dd3005184e03dc52740266a921035b1f836b5af0d32a
-        SHA384: 545ad02c12154f939f80b6f4b9d7ae888550220af82ec3f0a42805c8f6e6d7e57dbe62c80a8f8ec35a894acce2f68d9f
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code
-        Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 7b721d64ff88c83ac1b7e9e7a9c487bbdb9492d7905933fa2b87dea85b80253f138f9b831b7c43c4e68cdf393ec315ecb0da3b21257b24c1725db84791811346fa9c3f6a5138deb425cbf0abdfc528015479104624d1380f26a161904dbabd28e63ff1c4aa9bf6da35534fc9f23dd36cdc23edaaa04d6709f33a803d3cfb364c90e776a4ddf23abf56352fa24c65e8e0d4dad1c7c8916a2d234f373b199418d4d59c103cd5b11c19ff8fc86b9b9ef8ae9c999678d1cd9c51155b4226725a8d0a4a239240e886de22c2933ad49b68a6df297f06b93c0ebd9fc4869c82474271328609997209794b9d7169f541ff7f397764f1848dbe8b1eb27d68a3a590b10cff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0fa8490615d700a0be2176fdc5ec6dbd
-      Version: 3
-      TBS:
-        MD5: a9a31555bbc92b6033975c5428fb3679
-        SHA1: 47f4b9898631773231b32844ec0d49990ac4eb1e
-        SHA256: c826846e4b1d73edb7561ab1b41c949354e237a91e82fe1be5b7e2e1701f52d1
-        SHA384: 86f49574f368a561914a52d7ae043ec6784ef8c718960700f834e123594605d25d39f1ad45f1eb5052c9567f3edd0e16
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 0dd7d4a785990584d8c0837659173272
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code
-        Signing CA,1
-      Version: 1
-  Imphash: 8902d821cdfd8e73ca10c00a3ce66731
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 26cbbcf09fcbba64d93342c273c480d2
-    SHA1: 7aa2c4c51afc1c82beae55ab9ca7ba0bb588b5c0
-    SHA256: df4e25990742fc8d3aed70f6cb4d402e111e7ed08fa5f76aca685b8c03b98b93
-  Company: Windows (R) Win 7 DDK provider
-  Copyright: Copyright  2020 nn.com
-  CreationTimestamp: '2020-05-12 20:43:44'
-  Date: ''
-  Description: Leigod net data catcher.
-  ExportedFunctions: ''
-  FileVersion: 1.0.0.0
-  Filename: ''
-  ImportedFunctions:
-  - FwpmFreeMemory0
-  - FwpmEngineOpen0
-  - FwpmEngineClose0
-  - FwpmTransactionBegin0
-  - FwpmTransactionCommit0
-  - FwpmTransactionAbort0
-  - FwpmProviderAdd0
-  - FwpmProviderContextDeleteByKey0
-  - FwpmSubLayerAdd0
-  - FwpmSubLayerDeleteByKey0
-  - FwpmSubLayerCreateEnumHandle0
-  - FwpmSubLayerEnum0
-  - FwpmSubLayerDestroyEnumHandle0
-  - FwpmCalloutAdd0
-  - FwpmFilterAdd0
-  - FwpsFlowAbort0
-  - FwpsInjectionHandleCreate0
-  - FwpsQueryPacketInjectionState0
-  - FwpsAllocateNetBufferAndNetBufferList0
-  - FwpsFreeNetBufferList0
-  - FwpsFreeCloneNetBufferList0
-  - FwpsInjectNetworkSendAsync0
-  - FwpsConstructIpHeaderForTransportPacket0
-  - FwpsInjectTransportSendAsync0
-  - FwpsInjectTransportReceiveAsync0
-  - FwpsInjectNetworkReceiveAsync0
-  - FwpsStreamInjectAsync0
-  - FwpsCopyStreamDataToBuffer0
-  - FwpmBfeStateGet0
-  - FwpmBfeStateSubscribeChanges0
-  - FwpmBfeStateUnsubscribeChanges0
-  - FwpsFlowRemoveContext0
-  - FwpsCompleteClassify0
-  - FwpsRedirectHandleDestroy0
-  - FwpsCloneStreamData0
-  - FwpsDiscardClonedStreamData0
-  - FwpsRedirectHandleCreate0
-  - FwpsApplyModifiedLayerData0
-  - FwpsAcquireWritableLayerDataPointer0
-  - FwpsReleaseClassifyHandle0
-  - FwpsAcquireClassifyHandle0
-  - FwpsFlowAssociateContext0
-  - FwpsCalloutUnregisterByKey0
-  - FwpsCalloutRegister1
-  - FwpsInjectionHandleDestroy0
-  - FwpsPendClassify0
-  - NdisFreeNetBufferListPool
-  - NdisWaitEvent
-  - NdisInitializeEvent
-  - NdisFreeGenericObject
-  - NdisAllocateGenericObject
-  - NdisGetDataBuffer
-  - NdisAdvanceNetBufferDataStart
-  - NdisRetreatNetBufferDataStart
-  - NdisAllocateNetBufferListPool
-  - KeAcquireInStackQueuedSpinLock
-  - KeReleaseInStackQueuedSpinLock
-  - ExAllocatePoolWithTag
-  - ExUuidCreate
-  - swprintf_s
-  - RtlInitUnicodeString
-  - MmGetSystemRoutineAddress
-  - RtlAppendUnicodeToString
-  - RtlCreateSecurityDescriptor
-  - RtlSetDaclSecurityDescriptor
-  - KeInitializeEvent
-  - KeSetEvent
-  - KeWaitForSingleObject
-  - KeInitializeSpinLock
-  - ExFreePoolWithTag
-  - ExQueryDepthSList
-  - ExpInterlockedPopEntrySList
-  - ExpInterlockedPushEntrySList
-  - ExInitializeNPagedLookasideList
-  - ExDeleteNPagedLookasideList
-  - MmBuildMdlForNonPagedPool
-  - MmMapLockedPagesSpecifyCache
-  - MmUnmapLockedPages
-  - MmAllocatePagesForMdl
-  - MmFreePagesFromMdl
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - IoAllocateMdl
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - IoFreeMdl
-  - IoReleaseCancelSpinLock
-  - ObReferenceObjectByHandle
-  - ObfDereferenceObject
-  - ZwClose
-  - ZwOpenKey
-  - ZwQueryValueKey
-  - PsGetCurrentProcessId
-  - ZwSetInformationThread
-  - RtlLengthSid
-  - RtlCreateAcl
-  - RtlAddAccessAllowedAce
-  - PsLookupProcessByProcessId
-  - ObOpenObjectByPointer
-  - ZwSetSecurityObject
-  - __C_specific_handler
-  - SeExports
-  - RtlGetVersion
-  - RtlCompareMemory
-  - RtlValidSid
-  Imports:
-  - fwpkclnt.sys
-  - NDIS.SYS
-  - ntoskrnl.exe
-  InternalName: LgDataCatcher.sys
-  MD5: 3f87df040c35ea45dfd4ae371b9641ae
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: LgDataCatcher.sys
-  PDBPath: ''
-  Product: GameAcc
-  ProductVersion: 1.0.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: f40ea159736b62f8895bbfc28c0dfa09
-    SHA1: 2be491e3b182f5df0605c27ed0d26fb08c6b4cf6
-    SHA256: c5bd76e06c3bde6fd6494e77255dcfc2c35d59c7ebbf84df420b83198dbc16e1
-  SHA1: 3864dfc19c8479a491bc3b0637cf0e789a6d53d8
-  SHA256: 516159871730b18c2bddedb1a9da110577112d4835606ee79bb80e7a58784a13
-  Sections:
-    .text:
-      Entropy: 6.194279179648036
-      Virtual Size: '0xfb3a'
-    .rdata:
-      Entropy: 5.19122124724292
-      Virtual Size: '0x1a04'
-    .data:
-      Entropy: 2.0214134184014134
-      Virtual Size: '0x1680'
-    .pdata:
-      Entropy: 4.952698187604174
-      Virtual Size: '0xc24'
-    INIT:
-      Entropy: 5.174414715416575
-      Virtual Size: '0xef2'
-    .rsrc:
-      Entropy: 3.499847177522211
-      Virtual Size: '0x3f8'
-    .reloc:
-      Entropy: 4.8522168041142235
-      Virtual Size: '0x144'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Timestamping CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2028-01-28 12:00:00'
-      Signature: 4e5e56901e46b4d94931f3bb1739281bc216ddfd41dc0905049b6fb2a29ad6992e40990055b5ea3fa52076d38634d417cc553ac782eeefa8babcd8069f1550dfcd167b523a02d7191afdaff0785ce04bc518df3a241edaacb8a95804020730dbb0125efe31bef00448f4f070f83a5e5683cf3dfb0dbcf4c5ed979db9d4dba52784e3389b8ba735864420a43b6da46a0ba183fd28ebdaef28f6cc885dfb0a3b00abe021ebe22f356c0f8e344597eba2f79933357ecb9a8abb454de73f9fc2d98afa65b26ec77e65ffe892e12c31a2f7b02736488f266f3bee4d761f79c3e57f9635bc2d0ecc01b08e7fff518080a792d4b34446648c874f166307314b63b0dff3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee152d7
-      Version: 3
-      TBS:
-        MD5: e140543fe3256027cfa79fc3c19c1776
-        SHA1: c655f94eb1ecc93de319fc0c9a2dc6c5ec063728
-        SHA256: 3ca71e85908ff67368e4dc00253f5691b9e6d50c966e7784143d75fb92aa3448
-        SHA384: d9d366f9328f2b55ee19a32cc5fd5148b81d764282fe5dc196c872ae249caa51d2c212ef39f33945dfe0cda81925e326
-    - Subject: OU=GlobalSign Root CA , R3, O=GlobalSign, CN=GlobalSign
-      ValidFrom: '2009-11-18 10:00:00'
-      ValidTo: '2019-03-18 10:00:00'
-      Signature: 4252a97ea2cf5b3bcb4bddbaf85759d324a47772ef62443782ed06ee04d5165f24a314dc6c54056ab09b3dda8139daad28db956f8183f5cd62b14524b1dd29e5085495958cf01d065f1ad6463f1340174811169b474dd13ab50f571c9230d0f8b2253b0acdf687f9c7b257d33f7da58c14ce9ca8c79f4693da59fa795d652035445a4fc1909dc1549256dc34c8f5c103d05dc059489c00fc95a0f1d176f71636c813927f2d2bc0b880f126261f414d52bf1e97bb018208e715f6c1d5342accf5e4c3877a5781e1d6d74286620177e2a9c47a86f404387a076a7d00ec73f7a80b3478c59eb3efb838400e8c3353c875ec5f3eea755eff820e7415dc1905f3ba31
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000125071df9af
-      Version: 3
-      TBS:
-        MD5: f47739306d14722e670d9436eadb8e4f
-        SHA1: 457d9df00a652cb4c3356d00145d9528fc309172
-        SHA256: bd1765c56594221373893ef26d97f88c144fb0e5a0111215b45d7239c3444df7
-        SHA384: b8b268a1bdf388be66a1c969b7b353cb2bbc9fad446049b7efa05a9ab3b714494e97f4d1ee1c0bae35bfd9bf6ef275b3
-    - Subject: C=SG, O=GMO GlobalSign Pte Ltd, CN=GlobalSign TSA for MS Authenticode
-        , G2
-      ValidFrom: '2016-05-24 00:00:00'
-      ValidTo: '2027-06-24 00:00:00'
-      Signature: 8fa91a916d04a637200e8396de23d36b6e1f6edd643d682122b5f84736698ee1a545c724a222b72909cc545aaec6bccd638eb33d5048e5b4ccaecd928d9e288b134a11aabda3efd3b236fcb4a172bf6d9763798c44bc702f7ef3bcdd8253ab1af6ebfa1c97bcb6379ca41c30bcabbc2d4736df922003e871c658f675059a34f00b595a824434aa80e42f84f6475d96c9b6caca9db7a6bae450d3d437b8ba200ed0d3922a5bc459bba16ddb3cce449dc1382aade38dbdcd09771a10be670a02366488b9b31b26eee79e60c446a8bc61336ccf4eb99cb96af09f37feb53d4f9ad34dffde208e4e97a6fd9f09bc4dca1876c9b04d8550f280d21d06f5580407b118
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1121d699a764973ef1f8427ee919cc534114
-      Version: 3
-      TBS:
-        MD5: acb5170547d76873f1e4ff18ed5de2eb
-        SHA1: bd6e261e75b807381bada7287de04d259258a5fa
-        SHA256: 4783380498acf592286ef2dea0fcc5bdea3f54d5e374d3e3497df9d5f662cfb6
-        SHA384: 4f428f115cf3d008248f15f32007fc7c54bd454e1b48b765776b4c87c23ab8818d8fbcbb3646d35eca012b025260a3b8
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Extended Validation CodeSigning
-        CA , SHA256 , G3
-      ValidFrom: '2016-06-15 00:00:00'
-      ValidTo: '2024-06-15 00:00:00'
-      Signature: 7609c4cc2fd9ef1e4ba9f857f3403921ca4c3c1d9e292b20d42b44d288ce1a0d05cf8381bbeb69bc318d2ac4c744cc6060941ccfa1e102240ead5bbe2cc2271e67b7e8281f3251e339f398dfb89f2e8b2ab47b0a03bcbd36048fc9d09c4fa3022799b0f045e934dfe43aa3b70637d86f2a7990d4d44e5871ec53a96198f73969e0129c575872862729a51de532f32b99975abf2bb03cb406ea0e64ecb7cd65802417c2d937f5b1261035477b9a02ba54a24593ff79bf1a8cc59fb59fdf78e76b50f14794694b24b8da05e80c9d4f06ec4a31207e4f5d86842f35a3cd9cc184571f1fadc0e2a4b1ef296b2197a6d4feed0337b0fcf58d2abcdc8483e3dec3e75f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 481b6a07a9424c1eaafef3cdf10f
-      Version: 3
-      TBS:
-        MD5: fd8cfeea06be14fa89689909e1fc72dc
-        SHA1: 8bc3cd2f70abe543e0dbe721065a4076c8521f36
-        SHA256: 15e7050789df807f3e3174294a01b637a1239f603e42f4b5db9398efa9da9996
-        SHA384: 8b9f95e6d3dd45e4ef38e2f12fb893d7d1bb1ba867e152e4a73c49b3d51dd52bc83a05982deac29af90436061248546d
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2011-04-15 19:55:08'
-      ValidTo: '2021-04-15 20:05:08'
-      Signature: 5ff8d065746a81c6a6ca5b03b6914ae84bbdef2ba142f0efb4a5adcd3389ec0b9585ac62501108aa58d25aa08310e5a6337af25af2c5fe787cf09c83df190ad97396002dd62ccde914d41d9de83f3c1a76f7904efb01350a6c9313a0c356eb67a0e4d17a96dec267f190f80a7bf5321b94ec5f751f8d1b34da6c58a7cb2d279e2226b7c9aa30cc0777b836e38201b5393ccc8dd9a75f7f23b3877fdb5798918bd7ce2520e39d644fdd87f72b68490318e0a5df7c5f68644d36838d4781f2e9e0a869abfa7b163c05a449ea8830190a6c73055178dfd41ddd3ad47f2de44e54be83431e7a7433b4a4ebd77073bc2a02988966eef6bc8f749378e329025a5a43e258ce7ccf9acad236893be25fda26054ec8d4e72c910e1797c5beee8b13112323294ffa83d050f6bafad53db3173df4ff034aa325dce67561d1fa35086bd62744d068b78d45e0eb852cc8a15d614474160e5958aed2b5eea5bcd6d7076ab62978fd976767dd8d4f17944fd2ed0caf972437c3a29c81da6be143b6577b4cecbf791319e79fe844e94781b75e701e91f83dd17b27f50b7056434805dda92fab86101d0b12e31ad04c6e75ded645b30b748887935c564a41029af7aeb799d8b67f88fa11f2457cf4d71b91c01cf1a0fbd4080a411a142acef4eb34486e66879ed54b7a397fbb0e3d3861cf735706e412066bd96b5308cd7018c22d4f974691bca9f0
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 6129152700000000002a
-      Version: 3
-      TBS:
-        MD5: 0bb058d116f02817737920f112d9fd3b
-        SHA1: fd116235171a4feafedee586b7a59185fb5fd7e6
-        SHA256: f970426cc46d2ae0fc5f899fa19dbe76e05f07e525654c60c3c9399492c291f4
-        SHA384: c0df876be008c26ca407fe904e6f5e7ccded17f9c16830ce9f8022309c9e64c97f494810f152811ae43e223b82ad7cc6
-    - Subject: ??=Private Organization, serialNumber=91420106MA4L0NHE9U, ??=CN, ??=HEBEI,
-        ??=WUHAN, C=CN, ST=, L=, ??=397, O=, CN=
-      ValidFrom: '2018-11-15 10:01:02'
-      ValidTo: '2021-11-15 10:01:02'
-      Signature: 00a4726dbfb611464678aaab7dfa3c9231d9c2c7690387c38601f064858035833f3b8473055e9d96d7dc6e35198c613bdb13ea5578842d80f194f21635d13ccf399f1996c929843783fd6d905506eba15f821bfcabf3a01ab67d25ab315c1eaae244d4fd779a45aaf0854ea46d0bcc3d97879314324c8176d283b83657f12ba7dc62209f9e365522f791f41ee263df2c978cac7676a04e2505a3d3fe698ec2e7287e0c479a9f43ca526cbea8050a859080e3198c47e958d3ea3f61a0901760263eaf8897c143167b2d973638eb4eb925b4de9452d83f850b683567c68979d40d339f200e20bfff8f852d6a716836af2f6cd18f861ad54667398ef197766db86c
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 1ae9d4b848b34ca82bcf623a
-      Version: 3
-      TBS:
-        MD5: dc1fd334ac7950329ff4fa45a3bde8da
-        SHA1: f58e04e6dd1954a2fd06e5fedd1408a9c765dd18
-        SHA256: 9ed1944c1abbe6ed081eb71a3da83e72f758c6dea4e009088a41cba22870bec3
-        SHA384: 320f2d5b300f34214eee049c2171e85ef6061833a5726a73e183e41d500fd03c536479cd220322db81a6b73512d6537e
-    Signer:
-    - SerialNumber: 1ae9d4b848b34ca82bcf623a
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Extended Validation CodeSigning
-        CA , SHA256 , G3
-      Version: 1
-  Imphash: 8902d821cdfd8e73ca10c00a3ce66731
-  LoadsDespiteHVCI: 'FALSE'
-MitreID: T1068
+    Command: ''
+    Description: Confirmed vulnerable driver from Microsoft Block List
+    OperatingSystem: Windows
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://gist.github.com/mgraeber-rc/1bde6a2a83237f17b463d051d32e802c
-Tags:
-- LgDataCatcher.sys
-Verified: 'TRUE'
+Detection:
+-   type: ''
+    value: ''
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 26cbbcf09fcbba64d93342c273c480d2
+        SHA1: 7aa2c4c51afc1c82beae55ab9ca7ba0bb588b5c0
+        SHA256: df4e25990742fc8d3aed70f6cb4d402e111e7ed08fa5f76aca685b8c03b98b93
+    Company: Windows (R) Win 7 DDK provider
+    Copyright: Copyright  2020 nn.com
+    CreationTimestamp: '2020-05-12 20:43:44'
+    Date: ''
+    Description: Leigod net data catcher.
+    ExportedFunctions: ''
+    FileVersion: 1.0.0.0
+    Filename: ''
+    ImportedFunctions:
+    - FwpmFreeMemory0
+    - FwpmEngineOpen0
+    - FwpmEngineClose0
+    - FwpmTransactionBegin0
+    - FwpmTransactionCommit0
+    - FwpmTransactionAbort0
+    - FwpmProviderAdd0
+    - FwpmProviderContextDeleteByKey0
+    - FwpmSubLayerAdd0
+    - FwpmSubLayerDeleteByKey0
+    - FwpmSubLayerCreateEnumHandle0
+    - FwpmSubLayerEnum0
+    - FwpmSubLayerDestroyEnumHandle0
+    - FwpmCalloutAdd0
+    - FwpmFilterAdd0
+    - FwpsFlowAbort0
+    - FwpsInjectionHandleCreate0
+    - FwpsQueryPacketInjectionState0
+    - FwpsAllocateNetBufferAndNetBufferList0
+    - FwpsFreeNetBufferList0
+    - FwpsFreeCloneNetBufferList0
+    - FwpsInjectNetworkSendAsync0
+    - FwpsConstructIpHeaderForTransportPacket0
+    - FwpsInjectTransportSendAsync0
+    - FwpsInjectTransportReceiveAsync0
+    - FwpsInjectNetworkReceiveAsync0
+    - FwpsStreamInjectAsync0
+    - FwpsCopyStreamDataToBuffer0
+    - FwpmBfeStateGet0
+    - FwpmBfeStateSubscribeChanges0
+    - FwpmBfeStateUnsubscribeChanges0
+    - FwpsFlowRemoveContext0
+    - FwpsCompleteClassify0
+    - FwpsRedirectHandleDestroy0
+    - FwpsCloneStreamData0
+    - FwpsDiscardClonedStreamData0
+    - FwpsRedirectHandleCreate0
+    - FwpsApplyModifiedLayerData0
+    - FwpsAcquireWritableLayerDataPointer0
+    - FwpsReleaseClassifyHandle0
+    - FwpsAcquireClassifyHandle0
+    - FwpsFlowAssociateContext0
+    - FwpsCalloutUnregisterByKey0
+    - FwpsCalloutRegister1
+    - FwpsInjectionHandleDestroy0
+    - FwpsPendClassify0
+    - NdisFreeNetBufferListPool
+    - NdisWaitEvent
+    - NdisInitializeEvent
+    - NdisFreeGenericObject
+    - NdisAllocateGenericObject
+    - NdisGetDataBuffer
+    - NdisAdvanceNetBufferDataStart
+    - NdisRetreatNetBufferDataStart
+    - NdisAllocateNetBufferListPool
+    - KeAcquireInStackQueuedSpinLock
+    - KeReleaseInStackQueuedSpinLock
+    - ExAllocatePoolWithTag
+    - ExUuidCreate
+    - swprintf_s
+    - RtlInitUnicodeString
+    - MmGetSystemRoutineAddress
+    - RtlAppendUnicodeToString
+    - RtlCreateSecurityDescriptor
+    - RtlSetDaclSecurityDescriptor
+    - KeInitializeEvent
+    - KeSetEvent
+    - KeWaitForSingleObject
+    - KeInitializeSpinLock
+    - ExFreePoolWithTag
+    - ExQueryDepthSList
+    - ExpInterlockedPopEntrySList
+    - ExpInterlockedPushEntrySList
+    - ExInitializeNPagedLookasideList
+    - ExDeleteNPagedLookasideList
+    - MmBuildMdlForNonPagedPool
+    - MmMapLockedPagesSpecifyCache
+    - MmUnmapLockedPages
+    - MmAllocatePagesForMdl
+    - MmFreePagesFromMdl
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - IoAllocateMdl
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - IoFreeMdl
+    - IoReleaseCancelSpinLock
+    - ObReferenceObjectByHandle
+    - ObfDereferenceObject
+    - ZwClose
+    - ZwOpenKey
+    - ZwQueryValueKey
+    - PsGetCurrentProcessId
+    - ZwSetInformationThread
+    - RtlLengthSid
+    - RtlCreateAcl
+    - RtlAddAccessAllowedAce
+    - PsLookupProcessByProcessId
+    - ObOpenObjectByPointer
+    - ZwSetSecurityObject
+    - __C_specific_handler
+    - SeExports
+    - RtlGetVersion
+    - RtlCompareMemory
+    - RtlValidSid
+    Imports:
+    - fwpkclnt.sys
+    - NDIS.SYS
+    - ntoskrnl.exe
+    InternalName: LgDataCatcher.sys
+    MD5: 58e6c458409f748711353beb9acfc8ed
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: LgDataCatcher.sys
+    PDBPath: ''
+    Product: GameAcc
+    ProductVersion: 1.0.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: f40ea159736b62f8895bbfc28c0dfa09
+        SHA1: 2be491e3b182f5df0605c27ed0d26fb08c6b4cf6
+        SHA256: c5bd76e06c3bde6fd6494e77255dcfc2c35d59c7ebbf84df420b83198dbc16e1
+    SHA1: cc78c9c5871ab6b9d9ec9f9ffec122c109e4c5fe
+    SHA256: 45b07a2f387e047a6bb0e59b7f22fb56182d57b50e84e386a38c2dbb7e773837
+    Sections:
+        .text:
+            Entropy: 6.194279179648036
+            Virtual Size: '0xfb3a'
+        .rdata:
+            Entropy: 5.19122124724292
+            Virtual Size: '0x1a04'
+        .data:
+            Entropy: 2.0214134184014134
+            Virtual Size: '0x1680'
+        .pdata:
+            Entropy: 4.952698187604174
+            Virtual Size: '0xc24'
+        INIT:
+            Entropy: 5.174414715416575
+            Virtual Size: '0xef2'
+        .rsrc:
+            Entropy: 3.499847177522211
+            Virtual Size: '0x3f8'
+        .reloc:
+            Entropy: 4.8522168041142235
+            Virtual Size: '0x144'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: ??=CN, ??=, ??=, ??=Private Organization, serialNumber=91420106MA4KYGE00T,
+                C=CN, ST=Hubei, L=Wuhan, O=Wuhan Qimiao Technology Co., Ltd., CN=Wuhan
+                Qimiao Technology Co., Ltd.
+            ValidFrom: '2018-07-24 00:00:00'
+            ValidTo: '2021-07-27 12:00:00'
+            Signature: 7226f288fbeeca8f44035b0a08ce0dba5c96e989be8cd1c7ca8e21f4a721593728ee9e33a3bbc12424653b879b3ecf05b0929ea0579dffcb82b96e70a489428443d9a8387eb53581b31e2416ac5bfaf954e427ac54cd7eebb3c7d05cbfe751386bd54bcb9143cef6b552eff691f02057142709947fb4d76ffbcef98d4467bfd65b2ede6bfc1c9d7a3a03ecbe2f8be3374a0c4c82840362c656232d4e55f8a585bd85a9e94c5b019a76d3209558430c826712da1ab372c9d9fcb33f4adaee80b52e1d11f5b940ee0f73960109c4a4cf93f567281ef975cf3585707861561c0a814310984ca24eaae1c579df601f946052f3e96b5df4aa78fb0f1577ed66d7ccbb
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 04bb87e2d35b4b14bbfe76ae0f8f4372
+            Version: 3
+            TBS:
+                MD5: 93c8be246fe6a0584a07029f191006d3
+                SHA1: 21d94ebf6e46aff340c81db886845b67bc6df8c8
+                SHA256: 2f41d6e23cb86fc3825e1be65beaff32271d81c0902ad3696fd4745def3c15ce
+                SHA384: a887e08bddfb2ba00e88d8cef40d7c45d0594766b786a901708bee54c11ce7b4b206648efb4cf3e1f62d26de7ab77495
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA (SHA2)
+            ValidFrom: '2012-04-18 12:00:00'
+            ValidTo: '2027-04-18 12:00:00'
+            Signature: 19334a0c813337dbad36c9e4c93abbb51b2e7aa2e2f44342179ebf4ea14de1b1dbe981dd9f01f2e488d5e9fe09fd21c1ec5d80d2f0d6c143c2fe772bdbf9d79133ce6cd5b2193be62ed6c9934f88408ecde1f57ef10fc6595672e8eb6a41bd1cd546d57c49ca663815c1bfe091707787dcc98d31c90c29a233ed8de287cd898d3f1bffd5e01a978b7cda6dfba8c6b23a666b7b01b3cdd8a634ec1201ab9558a5c45357a860e6e70212a0b92364a24dbb7c81256421becfee42184397bba53706af4dff26a54d614bec4641b865ceb8799e08960b818c8a3b8fc7998ca32a6e986d5e61c696b78ab9612d93b8eb0e0443d7f5fea6f062d4996aa5c1c1f0649480
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 03f1b4e15f3a82f1149678b3d7d8475c
+            Version: 3
+            TBS:
+                MD5: 83f5de89f641d0fbf60248e10a7b9534
+                SHA1: 382a73a059a08698d6eb98c87e1b36fc750933a4
+                SHA256: eec58131dc11cd7f512501b15fdbc6074c603b68ca91f7162d5a042054edb0cf
+                SHA384: 4a25018683cabfb8ec2cad136334f37f33c89aa8540326322991d997c8adfb7faf06ab602ebd46630fe75fe3d2edc6b1
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 04bb87e2d35b4b14bbfe76ae0f8f4372
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA (SHA2)
+            Version: 1
+    Imphash: 8902d821cdfd8e73ca10c00a3ce66731
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 26cbbcf09fcbba64d93342c273c480d2
+        SHA1: 7aa2c4c51afc1c82beae55ab9ca7ba0bb588b5c0
+        SHA256: df4e25990742fc8d3aed70f6cb4d402e111e7ed08fa5f76aca685b8c03b98b93
+    Company: Windows (R) Win 7 DDK provider
+    Copyright: Copyright  2020 nn.com
+    CreationTimestamp: '2020-05-12 20:43:44'
+    Date: ''
+    Description: Leigod net data catcher.
+    ExportedFunctions: ''
+    FileVersion: 1.0.0.0
+    Filename: ''
+    ImportedFunctions:
+    - FwpmFreeMemory0
+    - FwpmEngineOpen0
+    - FwpmEngineClose0
+    - FwpmTransactionBegin0
+    - FwpmTransactionCommit0
+    - FwpmTransactionAbort0
+    - FwpmProviderAdd0
+    - FwpmProviderContextDeleteByKey0
+    - FwpmSubLayerAdd0
+    - FwpmSubLayerDeleteByKey0
+    - FwpmSubLayerCreateEnumHandle0
+    - FwpmSubLayerEnum0
+    - FwpmSubLayerDestroyEnumHandle0
+    - FwpmCalloutAdd0
+    - FwpmFilterAdd0
+    - FwpsFlowAbort0
+    - FwpsInjectionHandleCreate0
+    - FwpsQueryPacketInjectionState0
+    - FwpsAllocateNetBufferAndNetBufferList0
+    - FwpsFreeNetBufferList0
+    - FwpsFreeCloneNetBufferList0
+    - FwpsInjectNetworkSendAsync0
+    - FwpsConstructIpHeaderForTransportPacket0
+    - FwpsInjectTransportSendAsync0
+    - FwpsInjectTransportReceiveAsync0
+    - FwpsInjectNetworkReceiveAsync0
+    - FwpsStreamInjectAsync0
+    - FwpsCopyStreamDataToBuffer0
+    - FwpmBfeStateGet0
+    - FwpmBfeStateSubscribeChanges0
+    - FwpmBfeStateUnsubscribeChanges0
+    - FwpsFlowRemoveContext0
+    - FwpsCompleteClassify0
+    - FwpsRedirectHandleDestroy0
+    - FwpsCloneStreamData0
+    - FwpsDiscardClonedStreamData0
+    - FwpsRedirectHandleCreate0
+    - FwpsApplyModifiedLayerData0
+    - FwpsAcquireWritableLayerDataPointer0
+    - FwpsReleaseClassifyHandle0
+    - FwpsAcquireClassifyHandle0
+    - FwpsFlowAssociateContext0
+    - FwpsCalloutUnregisterByKey0
+    - FwpsCalloutRegister1
+    - FwpsInjectionHandleDestroy0
+    - FwpsPendClassify0
+    - NdisFreeNetBufferListPool
+    - NdisWaitEvent
+    - NdisInitializeEvent
+    - NdisFreeGenericObject
+    - NdisAllocateGenericObject
+    - NdisGetDataBuffer
+    - NdisAdvanceNetBufferDataStart
+    - NdisRetreatNetBufferDataStart
+    - NdisAllocateNetBufferListPool
+    - KeAcquireInStackQueuedSpinLock
+    - KeReleaseInStackQueuedSpinLock
+    - ExAllocatePoolWithTag
+    - ExUuidCreate
+    - swprintf_s
+    - RtlInitUnicodeString
+    - MmGetSystemRoutineAddress
+    - RtlAppendUnicodeToString
+    - RtlCreateSecurityDescriptor
+    - RtlSetDaclSecurityDescriptor
+    - KeInitializeEvent
+    - KeSetEvent
+    - KeWaitForSingleObject
+    - KeInitializeSpinLock
+    - ExFreePoolWithTag
+    - ExQueryDepthSList
+    - ExpInterlockedPopEntrySList
+    - ExpInterlockedPushEntrySList
+    - ExInitializeNPagedLookasideList
+    - ExDeleteNPagedLookasideList
+    - MmBuildMdlForNonPagedPool
+    - MmMapLockedPagesSpecifyCache
+    - MmUnmapLockedPages
+    - MmAllocatePagesForMdl
+    - MmFreePagesFromMdl
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - IoAllocateMdl
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - IoFreeMdl
+    - IoReleaseCancelSpinLock
+    - ObReferenceObjectByHandle
+    - ObfDereferenceObject
+    - ZwClose
+    - ZwOpenKey
+    - ZwQueryValueKey
+    - PsGetCurrentProcessId
+    - ZwSetInformationThread
+    - RtlLengthSid
+    - RtlCreateAcl
+    - RtlAddAccessAllowedAce
+    - PsLookupProcessByProcessId
+    - ObOpenObjectByPointer
+    - ZwSetSecurityObject
+    - __C_specific_handler
+    - SeExports
+    - RtlGetVersion
+    - RtlCompareMemory
+    - RtlValidSid
+    Imports:
+    - fwpkclnt.sys
+    - NDIS.SYS
+    - ntoskrnl.exe
+    InternalName: LgDataCatcher.sys
+    MD5: aca70899d834124fa02dc52f098cad05
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: LgDataCatcher.sys
+    PDBPath: ''
+    Product: GameAcc
+    ProductVersion: 1.0.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: f40ea159736b62f8895bbfc28c0dfa09
+        SHA1: 2be491e3b182f5df0605c27ed0d26fb08c6b4cf6
+        SHA256: c5bd76e06c3bde6fd6494e77255dcfc2c35d59c7ebbf84df420b83198dbc16e1
+    SHA1: 0c10ff27f2ab76bbe6ddece8c1b2cff05e5483cc
+    SHA256: 07fb2bb6c852f6a6fe982b2232f047e167be39738bac26806ffe0927ba873756
+    Sections:
+        .text:
+            Entropy: 6.194279179648036
+            Virtual Size: '0xfb3a'
+        .rdata:
+            Entropy: 5.19122124724292
+            Virtual Size: '0x1a04'
+        .data:
+            Entropy: 2.0214134184014134
+            Virtual Size: '0x1680'
+        .pdata:
+            Entropy: 4.952698187604174
+            Virtual Size: '0xc24'
+        INIT:
+            Entropy: 5.174414715416575
+            Virtual Size: '0xef2'
+        .rsrc:
+            Entropy: 3.499847177522211
+            Virtual Size: '0x3f8'
+        .reloc:
+            Entropy: 4.8522168041142235
+            Virtual Size: '0x144'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID Root CA
+            ValidFrom: '2011-04-15 19:41:37'
+            ValidTo: '2021-04-15 19:51:37'
+            Signature: 5cf5b22d02ceed01b53512d813f7aa4014c7a15ca08a55ed7e55ea6ac457176fd04722423658efc5ac61c5f62c52ce6ae6c80d85dab334420ea40225182672b92a4ea57e4b16f2a0e40c449ce24d9af474f0f927a6699031c244654348c74869d0fc8409f286140ac22996857f11eb8713176ed3ec6bff1d578ab17b1ea5a07ce9a27a68e5fac6b161d67263fa379163835599f81d614f0c6fa3f7bcb1152acc8d85e31417ef7e49443fb022c0f0acbe2fdbe10c86b0f4585c5a10a94bcdf3448a4652083e0a6210e9459504b78b8d4b074f500db7bbe7fb8ca27878c6c53b7663b2cfe521845a66fce04c79834ecfa8ee700586587cc29cd73ca3ad3c7e76625c87d0ed7cd5c55b1421f4be75a275d2e9e15ad020307841624d6b5e6e1b1710244ad8588775d015d762bbfd185665842561977faad49df4f35d6da031c2e19e02ac3e90c3327ee832903416d08b14cf95accee58c54a265b8bfed186a57073ed3e79a4a2f081a041c49871a8ae61b08a365d81c31c50d9cbab368ddf45076160675fec403e7d13edfdc862e10027e661296534e7af3365879b12042d8963f35be3f8ef2999743f5e40ce13c68728c8d49d75a52b573fb7a35943a61b08482c04885c19732d39b725fa0d2348f7ef0467cf28c7294c707b0d7b5b230b81965f09c8327b0a0abd0a2727e050fb3aeddb95b9b42bcc32663456b86f11d4643edc8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611cb28a000000000026
+            Version: 3
+            TBS:
+                MD5: 983a0c315a50542362f2bd6a5d71c8d0
+                SHA1: 8047f476001f5cb16a661d2a3fd0c3576168f5e2
+                SHA256: 5f6a519ed2e35cd0fa1cdfc90f4387162c36287bbf9e4d6648251d99542a9e83
+                SHA384: 5f014b60511ddab3247ef0b3c03fe82c622237ba76015e2911d1adc50dc632d56ebd1ee532f3c2b6cbfe68d80a2c91dc
+        -   Subject: C=CN, ST=, L=, O=, CN=
+            ValidFrom: '2020-04-07 00:00:00'
+            ValidTo: '2023-04-12 12:00:00'
+            Signature: 056b54cd71b6206297f5e781cbdd5fd3e1d00efd8902ba8fa5e88fa99f3e4de7f620d29685cd48f2e229845102cae6eeaf3dd16087873576b35af8bde8b369baf14d6956c881d4d55c730734db3029c84b83eabed46aeaf79daacc1821220e82886a9b499923225ac471a3df7389ab99693d7a950c07f7fcb4da549ed53c462676b259c867b31f317552cbdbeb331b537ec9b3ca4ab68c26a47aede38fd3a33253655442c4a6113cd16669660e55088a03650dc6c1c5fe52aabd613651e5f0a45096bfc3baeafc386bbe75b53909d4974cc360a491cb19090b681bca3dda039ee52b5bd5fdf1ff157625ad1f54db0e14b571e00d7119bfbd667df0cd517e77bd
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0dd7d4a785990584d8c0837659173272
+            Version: 3
+            TBS:
+                MD5: 559c170b8f735dd1ba8c3946354c4fa5
+                SHA1: e7432e65001ca5e56478ee25ae9906981432ee75
+                SHA256: 1c6140780d5210fb89e1dd3005184e03dc52740266a921035b1f836b5af0d32a
+                SHA384: 545ad02c12154f939f80b6f4b9d7ae888550220af82ec3f0a42805c8f6e6d7e57dbe62c80a8f8ec35a894acce2f68d9f
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 7b721d64ff88c83ac1b7e9e7a9c487bbdb9492d7905933fa2b87dea85b80253f138f9b831b7c43c4e68cdf393ec315ecb0da3b21257b24c1725db84791811346fa9c3f6a5138deb425cbf0abdfc528015479104624d1380f26a161904dbabd28e63ff1c4aa9bf6da35534fc9f23dd36cdc23edaaa04d6709f33a803d3cfb364c90e776a4ddf23abf56352fa24c65e8e0d4dad1c7c8916a2d234f373b199418d4d59c103cd5b11c19ff8fc86b9b9ef8ae9c999678d1cd9c51155b4226725a8d0a4a239240e886de22c2933ad49b68a6df297f06b93c0ebd9fc4869c82474271328609997209794b9d7169f541ff7f397764f1848dbe8b1eb27d68a3a590b10cff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0fa8490615d700a0be2176fdc5ec6dbd
+            Version: 3
+            TBS:
+                MD5: a9a31555bbc92b6033975c5428fb3679
+                SHA1: 47f4b9898631773231b32844ec0d49990ac4eb1e
+                SHA256: c826846e4b1d73edb7561ab1b41c949354e237a91e82fe1be5b7e2e1701f52d1
+                SHA384: 86f49574f368a561914a52d7ae043ec6784ef8c718960700f834e123594605d25d39f1ad45f1eb5052c9567f3edd0e16
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 0dd7d4a785990584d8c0837659173272
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID Code Signing CA,1
+            Version: 1
+    Imphash: 8902d821cdfd8e73ca10c00a3ce66731
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 26cbbcf09fcbba64d93342c273c480d2
+        SHA1: 7aa2c4c51afc1c82beae55ab9ca7ba0bb588b5c0
+        SHA256: df4e25990742fc8d3aed70f6cb4d402e111e7ed08fa5f76aca685b8c03b98b93
+    Company: Windows (R) Win 7 DDK provider
+    Copyright: Copyright  2020 nn.com
+    CreationTimestamp: '2020-05-12 20:43:44'
+    Date: ''
+    Description: Leigod net data catcher.
+    ExportedFunctions: ''
+    FileVersion: 1.0.0.0
+    Filename: ''
+    ImportedFunctions:
+    - FwpmFreeMemory0
+    - FwpmEngineOpen0
+    - FwpmEngineClose0
+    - FwpmTransactionBegin0
+    - FwpmTransactionCommit0
+    - FwpmTransactionAbort0
+    - FwpmProviderAdd0
+    - FwpmProviderContextDeleteByKey0
+    - FwpmSubLayerAdd0
+    - FwpmSubLayerDeleteByKey0
+    - FwpmSubLayerCreateEnumHandle0
+    - FwpmSubLayerEnum0
+    - FwpmSubLayerDestroyEnumHandle0
+    - FwpmCalloutAdd0
+    - FwpmFilterAdd0
+    - FwpsFlowAbort0
+    - FwpsInjectionHandleCreate0
+    - FwpsQueryPacketInjectionState0
+    - FwpsAllocateNetBufferAndNetBufferList0
+    - FwpsFreeNetBufferList0
+    - FwpsFreeCloneNetBufferList0
+    - FwpsInjectNetworkSendAsync0
+    - FwpsConstructIpHeaderForTransportPacket0
+    - FwpsInjectTransportSendAsync0
+    - FwpsInjectTransportReceiveAsync0
+    - FwpsInjectNetworkReceiveAsync0
+    - FwpsStreamInjectAsync0
+    - FwpsCopyStreamDataToBuffer0
+    - FwpmBfeStateGet0
+    - FwpmBfeStateSubscribeChanges0
+    - FwpmBfeStateUnsubscribeChanges0
+    - FwpsFlowRemoveContext0
+    - FwpsCompleteClassify0
+    - FwpsRedirectHandleDestroy0
+    - FwpsCloneStreamData0
+    - FwpsDiscardClonedStreamData0
+    - FwpsRedirectHandleCreate0
+    - FwpsApplyModifiedLayerData0
+    - FwpsAcquireWritableLayerDataPointer0
+    - FwpsReleaseClassifyHandle0
+    - FwpsAcquireClassifyHandle0
+    - FwpsFlowAssociateContext0
+    - FwpsCalloutUnregisterByKey0
+    - FwpsCalloutRegister1
+    - FwpsInjectionHandleDestroy0
+    - FwpsPendClassify0
+    - NdisFreeNetBufferListPool
+    - NdisWaitEvent
+    - NdisInitializeEvent
+    - NdisFreeGenericObject
+    - NdisAllocateGenericObject
+    - NdisGetDataBuffer
+    - NdisAdvanceNetBufferDataStart
+    - NdisRetreatNetBufferDataStart
+    - NdisAllocateNetBufferListPool
+    - KeAcquireInStackQueuedSpinLock
+    - KeReleaseInStackQueuedSpinLock
+    - ExAllocatePoolWithTag
+    - ExUuidCreate
+    - swprintf_s
+    - RtlInitUnicodeString
+    - MmGetSystemRoutineAddress
+    - RtlAppendUnicodeToString
+    - RtlCreateSecurityDescriptor
+    - RtlSetDaclSecurityDescriptor
+    - KeInitializeEvent
+    - KeSetEvent
+    - KeWaitForSingleObject
+    - KeInitializeSpinLock
+    - ExFreePoolWithTag
+    - ExQueryDepthSList
+    - ExpInterlockedPopEntrySList
+    - ExpInterlockedPushEntrySList
+    - ExInitializeNPagedLookasideList
+    - ExDeleteNPagedLookasideList
+    - MmBuildMdlForNonPagedPool
+    - MmMapLockedPagesSpecifyCache
+    - MmUnmapLockedPages
+    - MmAllocatePagesForMdl
+    - MmFreePagesFromMdl
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - IoAllocateMdl
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - IoFreeMdl
+    - IoReleaseCancelSpinLock
+    - ObReferenceObjectByHandle
+    - ObfDereferenceObject
+    - ZwClose
+    - ZwOpenKey
+    - ZwQueryValueKey
+    - PsGetCurrentProcessId
+    - ZwSetInformationThread
+    - RtlLengthSid
+    - RtlCreateAcl
+    - RtlAddAccessAllowedAce
+    - PsLookupProcessByProcessId
+    - ObOpenObjectByPointer
+    - ZwSetSecurityObject
+    - __C_specific_handler
+    - SeExports
+    - RtlGetVersion
+    - RtlCompareMemory
+    - RtlValidSid
+    Imports:
+    - fwpkclnt.sys
+    - NDIS.SYS
+    - ntoskrnl.exe
+    InternalName: LgDataCatcher.sys
+    MD5: 3f87df040c35ea45dfd4ae371b9641ae
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: LgDataCatcher.sys
+    PDBPath: ''
+    Product: GameAcc
+    ProductVersion: 1.0.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: f40ea159736b62f8895bbfc28c0dfa09
+        SHA1: 2be491e3b182f5df0605c27ed0d26fb08c6b4cf6
+        SHA256: c5bd76e06c3bde6fd6494e77255dcfc2c35d59c7ebbf84df420b83198dbc16e1
+    SHA1: 3864dfc19c8479a491bc3b0637cf0e789a6d53d8
+    SHA256: 516159871730b18c2bddedb1a9da110577112d4835606ee79bb80e7a58784a13
+    Sections:
+        .text:
+            Entropy: 6.194279179648036
+            Virtual Size: '0xfb3a'
+        .rdata:
+            Entropy: 5.19122124724292
+            Virtual Size: '0x1a04'
+        .data:
+            Entropy: 2.0214134184014134
+            Virtual Size: '0x1680'
+        .pdata:
+            Entropy: 4.952698187604174
+            Virtual Size: '0xc24'
+        INIT:
+            Entropy: 5.174414715416575
+            Virtual Size: '0xef2'
+        .rsrc:
+            Entropy: 3.499847177522211
+            Virtual Size: '0x3f8'
+        .reloc:
+            Entropy: 4.8522168041142235
+            Virtual Size: '0x144'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Timestamping CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2028-01-28 12:00:00'
+            Signature: 4e5e56901e46b4d94931f3bb1739281bc216ddfd41dc0905049b6fb2a29ad6992e40990055b5ea3fa52076d38634d417cc553ac782eeefa8babcd8069f1550dfcd167b523a02d7191afdaff0785ce04bc518df3a241edaacb8a95804020730dbb0125efe31bef00448f4f070f83a5e5683cf3dfb0dbcf4c5ed979db9d4dba52784e3389b8ba735864420a43b6da46a0ba183fd28ebdaef28f6cc885dfb0a3b00abe021ebe22f356c0f8e344597eba2f79933357ecb9a8abb454de73f9fc2d98afa65b26ec77e65ffe892e12c31a2f7b02736488f266f3bee4d761f79c3e57f9635bc2d0ecc01b08e7fff518080a792d4b34446648c874f166307314b63b0dff3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee152d7
+            Version: 3
+            TBS:
+                MD5: e140543fe3256027cfa79fc3c19c1776
+                SHA1: c655f94eb1ecc93de319fc0c9a2dc6c5ec063728
+                SHA256: 3ca71e85908ff67368e4dc00253f5691b9e6d50c966e7784143d75fb92aa3448
+                SHA384: d9d366f9328f2b55ee19a32cc5fd5148b81d764282fe5dc196c872ae249caa51d2c212ef39f33945dfe0cda81925e326
+        -   Subject: OU=GlobalSign Root CA , R3, O=GlobalSign, CN=GlobalSign
+            ValidFrom: '2009-11-18 10:00:00'
+            ValidTo: '2019-03-18 10:00:00'
+            Signature: 4252a97ea2cf5b3bcb4bddbaf85759d324a47772ef62443782ed06ee04d5165f24a314dc6c54056ab09b3dda8139daad28db956f8183f5cd62b14524b1dd29e5085495958cf01d065f1ad6463f1340174811169b474dd13ab50f571c9230d0f8b2253b0acdf687f9c7b257d33f7da58c14ce9ca8c79f4693da59fa795d652035445a4fc1909dc1549256dc34c8f5c103d05dc059489c00fc95a0f1d176f71636c813927f2d2bc0b880f126261f414d52bf1e97bb018208e715f6c1d5342accf5e4c3877a5781e1d6d74286620177e2a9c47a86f404387a076a7d00ec73f7a80b3478c59eb3efb838400e8c3353c875ec5f3eea755eff820e7415dc1905f3ba31
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000125071df9af
+            Version: 3
+            TBS:
+                MD5: f47739306d14722e670d9436eadb8e4f
+                SHA1: 457d9df00a652cb4c3356d00145d9528fc309172
+                SHA256: bd1765c56594221373893ef26d97f88c144fb0e5a0111215b45d7239c3444df7
+                SHA384: b8b268a1bdf388be66a1c969b7b353cb2bbc9fad446049b7efa05a9ab3b714494e97f4d1ee1c0bae35bfd9bf6ef275b3
+        -   Subject: C=SG, O=GMO GlobalSign Pte Ltd, CN=GlobalSign TSA for MS Authenticode
+                , G2
+            ValidFrom: '2016-05-24 00:00:00'
+            ValidTo: '2027-06-24 00:00:00'
+            Signature: 8fa91a916d04a637200e8396de23d36b6e1f6edd643d682122b5f84736698ee1a545c724a222b72909cc545aaec6bccd638eb33d5048e5b4ccaecd928d9e288b134a11aabda3efd3b236fcb4a172bf6d9763798c44bc702f7ef3bcdd8253ab1af6ebfa1c97bcb6379ca41c30bcabbc2d4736df922003e871c658f675059a34f00b595a824434aa80e42f84f6475d96c9b6caca9db7a6bae450d3d437b8ba200ed0d3922a5bc459bba16ddb3cce449dc1382aade38dbdcd09771a10be670a02366488b9b31b26eee79e60c446a8bc61336ccf4eb99cb96af09f37feb53d4f9ad34dffde208e4e97a6fd9f09bc4dca1876c9b04d8550f280d21d06f5580407b118
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1121d699a764973ef1f8427ee919cc534114
+            Version: 3
+            TBS:
+                MD5: acb5170547d76873f1e4ff18ed5de2eb
+                SHA1: bd6e261e75b807381bada7287de04d259258a5fa
+                SHA256: 4783380498acf592286ef2dea0fcc5bdea3f54d5e374d3e3497df9d5f662cfb6
+                SHA384: 4f428f115cf3d008248f15f32007fc7c54bd454e1b48b765776b4c87c23ab8818d8fbcbb3646d35eca012b025260a3b8
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Extended Validation CodeSigning
+                CA , SHA256 , G3
+            ValidFrom: '2016-06-15 00:00:00'
+            ValidTo: '2024-06-15 00:00:00'
+            Signature: 7609c4cc2fd9ef1e4ba9f857f3403921ca4c3c1d9e292b20d42b44d288ce1a0d05cf8381bbeb69bc318d2ac4c744cc6060941ccfa1e102240ead5bbe2cc2271e67b7e8281f3251e339f398dfb89f2e8b2ab47b0a03bcbd36048fc9d09c4fa3022799b0f045e934dfe43aa3b70637d86f2a7990d4d44e5871ec53a96198f73969e0129c575872862729a51de532f32b99975abf2bb03cb406ea0e64ecb7cd65802417c2d937f5b1261035477b9a02ba54a24593ff79bf1a8cc59fb59fdf78e76b50f14794694b24b8da05e80c9d4f06ec4a31207e4f5d86842f35a3cd9cc184571f1fadc0e2a4b1ef296b2197a6d4feed0337b0fcf58d2abcdc8483e3dec3e75f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 481b6a07a9424c1eaafef3cdf10f
+            Version: 3
+            TBS:
+                MD5: fd8cfeea06be14fa89689909e1fc72dc
+                SHA1: 8bc3cd2f70abe543e0dbe721065a4076c8521f36
+                SHA256: 15e7050789df807f3e3174294a01b637a1239f603e42f4b5db9398efa9da9996
+                SHA384: 8b9f95e6d3dd45e4ef38e2f12fb893d7d1bb1ba867e152e4a73c49b3d51dd52bc83a05982deac29af90436061248546d
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2011-04-15 19:55:08'
+            ValidTo: '2021-04-15 20:05:08'
+            Signature: 5ff8d065746a81c6a6ca5b03b6914ae84bbdef2ba142f0efb4a5adcd3389ec0b9585ac62501108aa58d25aa08310e5a6337af25af2c5fe787cf09c83df190ad97396002dd62ccde914d41d9de83f3c1a76f7904efb01350a6c9313a0c356eb67a0e4d17a96dec267f190f80a7bf5321b94ec5f751f8d1b34da6c58a7cb2d279e2226b7c9aa30cc0777b836e38201b5393ccc8dd9a75f7f23b3877fdb5798918bd7ce2520e39d644fdd87f72b68490318e0a5df7c5f68644d36838d4781f2e9e0a869abfa7b163c05a449ea8830190a6c73055178dfd41ddd3ad47f2de44e54be83431e7a7433b4a4ebd77073bc2a02988966eef6bc8f749378e329025a5a43e258ce7ccf9acad236893be25fda26054ec8d4e72c910e1797c5beee8b13112323294ffa83d050f6bafad53db3173df4ff034aa325dce67561d1fa35086bd62744d068b78d45e0eb852cc8a15d614474160e5958aed2b5eea5bcd6d7076ab62978fd976767dd8d4f17944fd2ed0caf972437c3a29c81da6be143b6577b4cecbf791319e79fe844e94781b75e701e91f83dd17b27f50b7056434805dda92fab86101d0b12e31ad04c6e75ded645b30b748887935c564a41029af7aeb799d8b67f88fa11f2457cf4d71b91c01cf1a0fbd4080a411a142acef4eb34486e66879ed54b7a397fbb0e3d3861cf735706e412066bd96b5308cd7018c22d4f974691bca9f0
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 6129152700000000002a
+            Version: 3
+            TBS:
+                MD5: 0bb058d116f02817737920f112d9fd3b
+                SHA1: fd116235171a4feafedee586b7a59185fb5fd7e6
+                SHA256: f970426cc46d2ae0fc5f899fa19dbe76e05f07e525654c60c3c9399492c291f4
+                SHA384: c0df876be008c26ca407fe904e6f5e7ccded17f9c16830ce9f8022309c9e64c97f494810f152811ae43e223b82ad7cc6
+        -   Subject: ??=Private Organization, serialNumber=91420106MA4L0NHE9U, ??=CN,
+                ??=HEBEI, ??=WUHAN, C=CN, ST=, L=, ??=397, O=, CN=
+            ValidFrom: '2018-11-15 10:01:02'
+            ValidTo: '2021-11-15 10:01:02'
+            Signature: 00a4726dbfb611464678aaab7dfa3c9231d9c2c7690387c38601f064858035833f3b8473055e9d96d7dc6e35198c613bdb13ea5578842d80f194f21635d13ccf399f1996c929843783fd6d905506eba15f821bfcabf3a01ab67d25ab315c1eaae244d4fd779a45aaf0854ea46d0bcc3d97879314324c8176d283b83657f12ba7dc62209f9e365522f791f41ee263df2c978cac7676a04e2505a3d3fe698ec2e7287e0c479a9f43ca526cbea8050a859080e3198c47e958d3ea3f61a0901760263eaf8897c143167b2d973638eb4eb925b4de9452d83f850b683567c68979d40d339f200e20bfff8f852d6a716836af2f6cd18f861ad54667398ef197766db86c
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 1ae9d4b848b34ca82bcf623a
+            Version: 3
+            TBS:
+                MD5: dc1fd334ac7950329ff4fa45a3bde8da
+                SHA1: f58e04e6dd1954a2fd06e5fedd1408a9c765dd18
+                SHA256: 9ed1944c1abbe6ed081eb71a3da83e72f758c6dea4e009088a41cba22870bec3
+                SHA384: 320f2d5b300f34214eee049c2171e85ef6061833a5726a73e183e41d500fd03c536479cd220322db81a6b73512d6537e
+        Signer:
+        -   SerialNumber: 1ae9d4b848b34ca82bcf623a
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Extended Validation CodeSigning
+                CA , SHA256 , G3
+            Version: 1
+    Imphash: 8902d821cdfd8e73ca10c00a3ce66731
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/5969b6dc-b136-480e-a527-3cb2ea2f0da9.yaml b/yaml/5969b6dc-b136-480e-a527-3cb2ea2f0da9.yaml
index c2f006f85..626c506d4 100644
--- a/yaml/5969b6dc-b136-480e-a527-3cb2ea2f0da9.yaml
+++ b/yaml/5969b6dc-b136-480e-a527-3cb2ea2f0da9.yaml
@@ -1,726 +1,726 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 5969b6dc-b136-480e-a527-3cb2ea2f0da9
+Tags:
+- hw.sys
+Verified: 'TRUE'
 Author: Guus Verbeek
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create hw_sys binPath=C:\windows\temp\hw.sys type=kernel && sc.exe
-    start hw.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/4880f40f2e557cff38100620b9aa1a3a753cb693af16cd3d95841583edcb57a8.yara
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/6a4875ae86131a594019dec4abd46ac6ba47e57a88287b814d07d929858fe3e5.yara
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/fd388cf1df06d419b14dedbeb24c6f4dff37bea26018775f09d56b3067f0de2c.yara
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/55963284bbd5a3297f39f12f0d8a01ed99fe59d008561e3537bcd4db4b4268fa.yara
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: 5969b6dc-b136-480e-a527-3cb2ea2f0da9
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 6eafc9b68f2047adf6879e955d3b69e8
-    SHA1: 8a6d85617bc601b818ddf1b8e8d5db6cf7ae31c1
-    SHA256: 615a7c647eba3f2dcea463d5705d5d59ca70b4250f895ad20ce6876076a8fa28
-  Company: Marvin Test Solutions, Inc.
-  Copyright: "Copyright \xA9 1996-2021 Marvin Test Solutions, Inc. All Rights Reserved."
-  CreationTimestamp: '2021-01-06 17:19:33'
-  Date: ''
-  Description: HW - Windows NT-10 (32/64 bit) kernel mode driver for PC ports/memory/PCI
-    access
-  ExportedFunctions: ''
-  FileVersion: 4.9.8.0
-  Filename: hw.sys
-  ImportedFunctions:
-  - KeReleaseMutex
-  - KeWaitForSingleObject
-  - PsGetCurrentProcessId
-  - KeInitializeDpc
-  - MmGetSystemRoutineAddress
-  - IoDeleteDevice
-  - IoCreateSymbolicLink
-  - KeInitializeMutex
-  - IoCreateDevice
-  - IoDeleteSymbolicLink
-  - memcpy
-  - PsGetVersion
-  - ZwUnmapViewOfSection
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - IoFreeMdl
-  - MmMapLockedPages
-  - MmBuildMdlForNonPagedPool
-  - IoAllocateMdl
-  - MmMapIoSpace
-  - MmUnmapLockedPages
-  - MmUnmapIoSpace
-  - IoGetDmaAdapter
-  - IofCallDriver
-  - IoBuildSynchronousFsdRequest
-  - ZwOpenProcess
-  - KeInitializeEvent
-  - ObfDereferenceObject
-  - ExAllocatePoolWithTag
-  - ObReferenceObjectByName
-  - IoDriverObjectType
-  - IofCompleteRequest
-  - WRITE_REGISTER_BUFFER_ULONG
-  - WRITE_REGISTER_BUFFER_USHORT
-  - WRITE_REGISTER_BUFFER_UCHAR
-  - WRITE_REGISTER_ULONG
-  - WRITE_REGISTER_USHORT
-  - WRITE_REGISTER_UCHAR
-  - READ_REGISTER_BUFFER_ULONG
-  - READ_REGISTER_BUFFER_USHORT
-  - READ_REGISTER_BUFFER_UCHAR
-  - READ_REGISTER_ULONG
-  - READ_REGISTER_USHORT
-  - READ_REGISTER_UCHAR
-  - IoConnectInterrupt
-  - IoDisconnectInterrupt
-  - KeReleaseInterruptSpinLock
-  - KeAcquireInterruptSpinLock
-  - ExEventObjectType
-  - KeDelayExecutionThread
-  - KeInsertQueueDpc
-  - ZwClose
-  - KeSetEvent
-  - IoCreateNotificationEvent
-  - KeClearEvent
-  - RtlQueryRegistryValues
-  - RtlAppendUnicodeStringToString
-  - RtlInitUnicodeString
-  - memset
-  - ExFreePoolWithTag
-  - IoGetDeviceProperty
-  - ExAllocatePool
-  - READ_PORT_UCHAR
-  - READ_PORT_USHORT
-  - READ_PORT_ULONG
-  - READ_PORT_BUFFER_UCHAR
-  - READ_PORT_BUFFER_USHORT
-  - READ_PORT_BUFFER_ULONG
-  - WRITE_PORT_UCHAR
-  - WRITE_PORT_USHORT
-  - WRITE_PORT_ULONG
-  - WRITE_PORT_BUFFER_UCHAR
-  - WRITE_PORT_BUFFER_USHORT
-  - WRITE_PORT_BUFFER_ULONG
-  - HalAssignSlotResources
-  - HalTranslateBusAddress
-  - HalGetBusDataByOffset
-  - HalGetInterruptVector
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: Hw.sys
-  MD5: 3247014ba35d406475311a2eab0c4657
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: HW.sys
-  Product: HW
-  ProductVersion: 4.9.8.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 91d1f756630dbcb9bb34ab945f1e3a43
-    SHA1: 8213b5de157232171c54fb94c86028521e9bb905
-    SHA256: 0a9072b98f01eaed2e4fd4ebbdcb86740b5427a213d8c1a7e5bd49d9613aa152
-  SHA1: 74e4e3006b644392f5fcea4a9bae1d9d84714b57
-  SHA256: 4880f40f2e557cff38100620b9aa1a3a753cb693af16cd3d95841583edcb57a8
-  Sections:
-    .text:
-      Entropy: 5.94588431546437
-      Virtual Size: '0x4242'
-    .rdata:
-      Entropy: 5.126726594759932
-      Virtual Size: '0xc2c'
-    .rsrc:
-      Entropy: 3.6674325094888713
-      Virtual Size: '0x4a0'
-    .reloc:
-      Entropy: 5.321382942427512
-      Virtual Size: '0x322'
-  Signature:
-  - Marvin Test Solutions, Inc.
-  - GlobalSign Extended Validation CodeSigning CA - SHA256 - G3
-  - GlobalSign
-  - GlobalSign Root CA - R1
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: OU=GlobalSign Root CA , R3, O=GlobalSign, CN=GlobalSign
-      ValidFrom: '2018-09-19 00:00:00'
-      ValidTo: '2028-01-28 12:00:00'
-      Signature: 2370e9cfe2bef559ae94426fc44333aacd3f3ab96417f262064b48f140880617a1feabd15f3cc633f2f38edd1f1d3ecc1a6099820bacc7fc7e9a872aa57d0fa657eeac3b6a85d6debd4063f8ada6c888b012fcf641df0f09971e38ea539fbe05f43eead39f501276be098bc20b487d1e2e51f68d53d3ab1f401b8a8eed7dfb4f7956705f0cd38e1bb3a7700d372b9795abdae0126b1c40cec5c77eedc26258ec77ed7322c28af5864388adea136efdd8fe422fb97d5ead18ef9490ca3d27ab26949975c7cbd37bf7ca4cd3af5121925b847d2b9f153f74cb51e89e830e166f1be746ce23bdf9e4a28bd2396baa791c912ce261242d8e2a487090c41ec5e8e070
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 01ee5f169dff97352b6465d66a
-      Version: 3
-      TBS:
-        MD5: 51c3959a45cecf3d21a3effb05762573
-        SHA1: ecfcd25fd0525448a74875ba271566bc0bfbf061
-        SHA256: de1da11668f0a8d5e13346ed3ab2755f5d25bebffcfd1d0bde5b9f87bc292c91
-        SHA384: f0eab75baf1f24a53d63bd795cd07292a312f603513c8cb0f40fe5acbdb477ed72607d309fad21471a16f6223fb3a838
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Extended Validation CodeSigning
-        CA , SHA256 , G3
-      ValidFrom: '2016-06-15 00:00:00'
-      ValidTo: '2024-06-15 00:00:00'
-      Signature: 7609c4cc2fd9ef1e4ba9f857f3403921ca4c3c1d9e292b20d42b44d288ce1a0d05cf8381bbeb69bc318d2ac4c744cc6060941ccfa1e102240ead5bbe2cc2271e67b7e8281f3251e339f398dfb89f2e8b2ab47b0a03bcbd36048fc9d09c4fa3022799b0f045e934dfe43aa3b70637d86f2a7990d4d44e5871ec53a96198f73969e0129c575872862729a51de532f32b99975abf2bb03cb406ea0e64ecb7cd65802417c2d937f5b1261035477b9a02ba54a24593ff79bf1a8cc59fb59fdf78e76b50f14794694b24b8da05e80c9d4f06ec4a31207e4f5d86842f35a3cd9cc184571f1fadc0e2a4b1ef296b2197a6d4feed0337b0fcf58d2abcdc8483e3dec3e75f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 481b6a07a9424c1eaafef3cdf10f
-      Version: 3
-      TBS:
-        MD5: fd8cfeea06be14fa89689909e1fc72dc
-        SHA1: 8bc3cd2f70abe543e0dbe721065a4076c8521f36
-        SHA256: 15e7050789df807f3e3174294a01b637a1239f603e42f4b5db9398efa9da9996
-        SHA384: 8b9f95e6d3dd45e4ef38e2f12fb893d7d1bb1ba867e152e4a73c49b3d51dd52bc83a05982deac29af90436061248546d
-    - Subject: ??=Private Organization, serialNumber=2147696, ??=US, ??=DELAWARE,
-        C=US, ST=CA, L=Irvine, ??=1770 Kettering, O=Marvin Test Solutions, Inc., CN=Marvin
-        Test Solutions, Inc.
-      ValidFrom: '2019-07-29 13:20:49'
-      ValidTo: '2022-07-29 13:20:49'
-      Signature: 278a08ea60d9c1c18b2b6f4f1913860edab3f46bc0945c57e099d37309bab4bbf99feec663d1dc2ef68152baa6e95b0da0e4fdb7793c2c7e779dd7206ad76432f28af41448200c079a9ffe26c8355134d71fb598f08e3864416a1925d5253f2344208a90d8b42790191581c112c3145e23fa979ec06f41cb559ad4e4d60cf549598f3746673c745a3a82e2525c9704adaa59d987ddf6a89641378a558686ca78f920cf1c975508f3943ff6df3aae70f9c5fb1db61134ad5b8d0f455e8483ad250403160b984a4fef6b0baed3cb129c953451c23a4bb9a37c762f286e8bb57049c50c4e06fb17e3fc2e6fcd4dffde6e3ee0ad173b19a9862bae7c921c8976344b
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 716ef836a8ceb23aeaf9174e
-      Version: 3
-      TBS:
-        MD5: c4e9591383494fbfb914aac72114934d
-        SHA1: 336fa67dfea049342c5b9ad622c30f97262c04fc
-        SHA256: b7347983521d490b380cc89242a926377785b57661f2b2332ab2750920e607d5
-        SHA384: 11ec2caeda9631792c0d7ea604db5ee96d697903e18addcc84d34e1c0257473a2c3007aa3a4568855997baf804495488
-    Signer:
-    - SerialNumber: 716ef836a8ceb23aeaf9174e
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Extended Validation CodeSigning
-        CA , SHA256 , G3
-      Version: 1
-  Imphash: 67d92a28cd2923a923adf7fd958905d8
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 22db74f3f2e50ccdeb471c81e3a62532
-    SHA1: 6e87cd3b027a07a810164d618e3f2fce61eb6ec4
-    SHA256: 734b74798a680d2e534c14a033858c4081c7879af1f48037d9d5483aa27a7e90
-  Company: Marvin Test Solutions, Inc.
-  Copyright: "Copyright \xA9 1996-2015 Marvin Test Solutions, Inc. All Rights Reserved."
-  CreationTimestamp: '2015-06-24 17:52:05'
-  Date: ''
-  Description: HW - Windows NT-8 (32/64 bit) kernel mode driver for PC ports/memory/PCI
-    access
-  ExportedFunctions: ''
-  FileVersion: 4.8.2.0
-  Filename: HW.sys
-  ImportedFunctions:
-  - RtlInitUnicodeString
-  - RtlAppendUnicodeStringToString
-  - ZwClose
-  - ZwOpenProcess
-  - KeReleaseMutex
-  - KeWaitForSingleObject
-  - PsGetCurrentProcessId
-  - KeInitializeDpc
-  - MmGetSystemRoutineAddress
-  - IoDeleteDevice
-  - IoCreateSymbolicLink
-  - KeInitializeMutex
-  - IoCreateDevice
-  - IoDeleteSymbolicLink
-  - PsGetVersion
-  - ZwUnmapViewOfSection
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - ExFreePoolWithTag
-  - MmMapLockedPages
-  - MmBuildMdlForNonPagedPool
-  - IoAllocateMdl
-  - MmMapIoSpace
-  - MmUnmapLockedPages
-  - MmUnmapIoSpace
-  - MmFreeContiguousMemory
-  - MmGetPhysicalAddress
-  - MmAllocateContiguousMemory
-  - IofCallDriver
-  - IoBuildSynchronousFsdRequest
-  - IoGetDeviceProperty
-  - KeInitializeEvent
-  - ObfDereferenceObject
-  - ExAllocatePoolWithTag
-  - ObReferenceObjectByName
-  - IoDriverObjectType
-  - IofCompleteRequest
-  - IoDisconnectInterrupt
-  - KeReleaseInterruptSpinLock
-  - KeAcquireInterruptSpinLock
-  - ExEventObjectType
-  - KeFlushQueuedDpcs
-  - KeInsertQueueDpc
-  - KeSetEvent
-  - IoFreeMdl
-  - ExAllocatePool
-  - HalGetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: Hw.sys
-  MD5: 45c2d133d41d2732f3653ed615a745c8
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: HW.sys
-  Product: HW
-  ProductVersion: 4.8.2.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 3389ab434a886ca939bbb64de33ea971
-    SHA1: 38d029a7b63d45c7c386558117cda903c1b15102
-    SHA256: 517ea8a886737da4ba8f7bcdc6041dc0da9073a76e514be5a73d10836ebcbbf0
-  SHA1: 4e56e0b1d12664c05615c69697a2f5c5d893058a
-  SHA256: 6a4875ae86131a594019dec4abd46ac6ba47e57a88287b814d07d929858fe3e5
-  Sections:
-    .text:
-      Entropy: 5.475629198747561
-      Virtual Size: '0x3694'
-    INIT:
-      Entropy: 5.133620054689875
-      Virtual Size: '0x2151'
-    .rdata:
-      Entropy: 4.569984356691087
-      Virtual Size: '0xaec'
-    .pdata:
-      Entropy: 3.983331164222992
-      Virtual Size: '0x318'
-    .rsrc:
-      Entropy: 3.6769129984563755
-      Virtual Size: '0x49c'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Timestamping CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2028-01-28 12:00:00'
-      Signature: 4e5e56901e46b4d94931f3bb1739281bc216ddfd41dc0905049b6fb2a29ad6992e40990055b5ea3fa52076d38634d417cc553ac782eeefa8babcd8069f1550dfcd167b523a02d7191afdaff0785ce04bc518df3a241edaacb8a95804020730dbb0125efe31bef00448f4f070f83a5e5683cf3dfb0dbcf4c5ed979db9d4dba52784e3389b8ba735864420a43b6da46a0ba183fd28ebdaef28f6cc885dfb0a3b00abe021ebe22f356c0f8e344597eba2f79933357ecb9a8abb454de73f9fc2d98afa65b26ec77e65ffe892e12c31a2f7b02736488f266f3bee4d761f79c3e57f9635bc2d0ecc01b08e7fff518080a792d4b34446648c874f166307314b63b0dff3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee152d7
-      Version: 3
-      TBS:
-        MD5: e140543fe3256027cfa79fc3c19c1776
-        SHA1: c655f94eb1ecc93de319fc0c9a2dc6c5ec063728
-        SHA256: 3ca71e85908ff67368e4dc00253f5691b9e6d50c966e7784143d75fb92aa3448
-        SHA384: d9d366f9328f2b55ee19a32cc5fd5148b81d764282fe5dc196c872ae249caa51d2c212ef39f33945dfe0cda81925e326
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=SG, O=GMO GlobalSign Pte Ltd, CN=GlobalSign TSA for MS Authenticode
-        , G2
-      ValidFrom: '2015-02-03 00:00:00'
-      ValidTo: '2026-03-03 00:00:00'
-      Signature: 8032dc078d1ca09c9d3c2ae83d218b59a14d7ecc44ce03be7eaabcc4e67b73bb4bf188da904e7537283863b9d72b0f54a956ce7739973073cd9bd9d905451c8da4b8035d4fd91c2e98e0e988e6ecd7057e562a7bf7165ba3ad8f972512841bb25c634a0ad2ef10544782843569289c0ce41f141624fa75dc74726e4ecae36a43afcf7d3648d1bde906912c2fa6c871fdcfbdd89d2198fcafdbde228cafa7f377ef9ddca3704b441af078851ef2a58c39b5dc881c37edad14f5070b26bdbe6d025eb1b8b0586c853a0df6ff5a270cc5de53e7543c564cc94e4c30f6f25cfb1a8cc282bead5991f61b4d557bcf5b01dcfd7ad36f235c32479b01f3c15114468a9b
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112106a081d33fd87ae5824cc16b52094e03
-      Version: 3
-      TBS:
-        MD5: a0ac4d48fe852f7b3ed4e623d59a825f
-        SHA1: d4db9846bc4d7db142eeb364286f6de7c102420c
-        SHA256: 78d2e41a13eb4e9171bae2d2adb192cf39210b5231f77cda936bcfbe8c003bdf
-        SHA384: 990ed96dca5979deeedc98a012279f04efb5559d7e7f5084a12f3802ee9439326557aecefd081cff739b78515b5d7f50
-    - Subject: C=US, ST=CA, L=Irvine, O=Marvin Test Solutions, Inc., CN=Marvin Test
-        Solutions, Inc., emailAddress=it@marvintest.com
-      ValidFrom: '2015-06-17 17:46:36'
-      ValidTo: '2018-05-04 18:44:13'
-      Signature: ab38f2c50cf023223b1fd78c4204cff8fbe1c71ca14bd3dc5d1f7833604526265abcc71a97faae04edf79563c97a75f4587852b1c8cb972771427710112f8fab1c1a01ca13d04301d551ff4c1728798bd5d8e9038ca079a7c1e5fe268f2c87b397bf2038bbee8dabb80be0f2158a468feca435ff9ed8611cf1a7cf0a6756d2defda9934a4c8a6f6dd1577070ca3e6d2ea155f01bae4e0cf05596226810c52e256bf6f7d0632a34bbe3926e083f5eb95bfa614ac331bee378d5a158222731b1edbf1bb3db3915376764e10cffca289cf0478bf9a8e0cf74a85a2a0147aa3ab1b6fb88b69de8c706dc91155126d3b7aaa0fd98b62357a7e30e7c34ef4809009f5d
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1121f0942b1e09a2573e8ab9ce0e3955b2de
-      Version: 3
-      TBS:
-        MD5: 5bdf35241e1bbd3dd8560aba2c4305f1
-        SHA1: 34e844721f998e3b40ee75329c4e5df87e52dc61
-        SHA256: 9441743aa497acefe2535a284e44a4cd55a201965900add8c7d770b0af7a8845
-        SHA384: 83003cfcb03f6cff7f5ca49603bcd9db4b5ebf62dd48a892b7d78e98ecf42726f0e77e9318050b71f5d6c649f92938c8
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2011-04-15 19:55:08'
-      ValidTo: '2021-04-15 20:05:08'
-      Signature: 5ff8d065746a81c6a6ca5b03b6914ae84bbdef2ba142f0efb4a5adcd3389ec0b9585ac62501108aa58d25aa08310e5a6337af25af2c5fe787cf09c83df190ad97396002dd62ccde914d41d9de83f3c1a76f7904efb01350a6c9313a0c356eb67a0e4d17a96dec267f190f80a7bf5321b94ec5f751f8d1b34da6c58a7cb2d279e2226b7c9aa30cc0777b836e38201b5393ccc8dd9a75f7f23b3877fdb5798918bd7ce2520e39d644fdd87f72b68490318e0a5df7c5f68644d36838d4781f2e9e0a869abfa7b163c05a449ea8830190a6c73055178dfd41ddd3ad47f2de44e54be83431e7a7433b4a4ebd77073bc2a02988966eef6bc8f749378e329025a5a43e258ce7ccf9acad236893be25fda26054ec8d4e72c910e1797c5beee8b13112323294ffa83d050f6bafad53db3173df4ff034aa325dce67561d1fa35086bd62744d068b78d45e0eb852cc8a15d614474160e5958aed2b5eea5bcd6d7076ab62978fd976767dd8d4f17944fd2ed0caf972437c3a29c81da6be143b6577b4cecbf791319e79fe844e94781b75e701e91f83dd17b27f50b7056434805dda92fab86101d0b12e31ad04c6e75ded645b30b748887935c564a41029af7aeb799d8b67f88fa11f2457cf4d71b91c01cf1a0fbd4080a411a142acef4eb34486e66879ed54b7a397fbb0e3d3861cf735706e412066bd96b5308cd7018c22d4f974691bca9f0
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 6129152700000000002a
-      Version: 3
-      TBS:
-        MD5: 0bb058d116f02817737920f112d9fd3b
-        SHA1: fd116235171a4feafedee586b7a59185fb5fd7e6
-        SHA256: f970426cc46d2ae0fc5f899fa19dbe76e05f07e525654c60c3c9399492c291f4
-        SHA384: c0df876be008c26ca407fe904e6f5e7ccded17f9c16830ce9f8022309c9e64c97f494810f152811ae43e223b82ad7cc6
-    Signer:
-    - SerialNumber: 1121f0942b1e09a2573e8ab9ce0e3955b2de
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: bd093a7d5ba5632ee52f3466a688ee55
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 22db74f3f2e50ccdeb471c81e3a62532
-    SHA1: 6e87cd3b027a07a810164d618e3f2fce61eb6ec4
-    SHA256: 734b74798a680d2e534c14a033858c4081c7879af1f48037d9d5483aa27a7e90
-  Company: Marvin Test Solutions, Inc.
-  Copyright: "Copyright \xA9 1996-2015 Marvin Test Solutions, Inc. All Rights Reserved."
-  CreationTimestamp: '2015-06-24 17:52:05'
-  Date: ''
-  Description: HW - Windows NT-8 (32/64 bit) kernel mode driver for PC ports/memory/PCI
-    access
-  ExportedFunctions: ''
-  FileVersion: 4.8.2.0
-  Filename: hw.sys
-  ImportedFunctions:
-  - RtlInitUnicodeString
-  - RtlAppendUnicodeStringToString
-  - ZwClose
-  - ZwOpenProcess
-  - KeReleaseMutex
-  - KeWaitForSingleObject
-  - PsGetCurrentProcessId
-  - KeInitializeDpc
-  - MmGetSystemRoutineAddress
-  - IoDeleteDevice
-  - IoCreateSymbolicLink
-  - KeInitializeMutex
-  - IoCreateDevice
-  - IoDeleteSymbolicLink
-  - PsGetVersion
-  - ZwUnmapViewOfSection
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - ExFreePoolWithTag
-  - MmMapLockedPages
-  - MmBuildMdlForNonPagedPool
-  - IoAllocateMdl
-  - MmMapIoSpace
-  - MmUnmapLockedPages
-  - MmUnmapIoSpace
-  - MmFreeContiguousMemory
-  - MmGetPhysicalAddress
-  - MmAllocateContiguousMemory
-  - IofCallDriver
-  - IoBuildSynchronousFsdRequest
-  - IoGetDeviceProperty
-  - KeInitializeEvent
-  - ObfDereferenceObject
-  - ExAllocatePoolWithTag
-  - ObReferenceObjectByName
-  - IoDriverObjectType
-  - IofCompleteRequest
-  - IoDisconnectInterrupt
-  - KeReleaseInterruptSpinLock
-  - KeAcquireInterruptSpinLock
-  - ExEventObjectType
-  - KeFlushQueuedDpcs
-  - KeInsertQueueDpc
-  - KeSetEvent
-  - IoFreeMdl
-  - ExAllocatePool
-  - HalGetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: Hw.sys
-  MD5: 3cf7a55ec897cc938aebb8161cb8e74f
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: HW.sys
-  Product: HW
-  ProductVersion: 4.8.2.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 3389ab434a886ca939bbb64de33ea971
-    SHA1: 38d029a7b63d45c7c386558117cda903c1b15102
-    SHA256: 517ea8a886737da4ba8f7bcdc6041dc0da9073a76e514be5a73d10836ebcbbf0
-  SHA1: 22fc833e07dd163315095d32ebcd3b3e377c33a4
-  SHA256: fd388cf1df06d419b14dedbeb24c6f4dff37bea26018775f09d56b3067f0de2c
-  Sections:
-    .text:
-      Entropy: 5.475629198747561
-      Virtual Size: '0x3694'
-    INIT:
-      Entropy: 5.133620054689875
-      Virtual Size: '0x2151'
-    .rdata:
-      Entropy: 4.569984356691087
-      Virtual Size: '0xaec'
-    .pdata:
-      Entropy: 3.983331164222992
-      Virtual Size: '0x318'
-    .rsrc:
-      Entropy: 3.6769129984563755
-      Virtual Size: '0x49c'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Timestamping CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2028-01-28 12:00:00'
-      Signature: 4e5e56901e46b4d94931f3bb1739281bc216ddfd41dc0905049b6fb2a29ad6992e40990055b5ea3fa52076d38634d417cc553ac782eeefa8babcd8069f1550dfcd167b523a02d7191afdaff0785ce04bc518df3a241edaacb8a95804020730dbb0125efe31bef00448f4f070f83a5e5683cf3dfb0dbcf4c5ed979db9d4dba52784e3389b8ba735864420a43b6da46a0ba183fd28ebdaef28f6cc885dfb0a3b00abe021ebe22f356c0f8e344597eba2f79933357ecb9a8abb454de73f9fc2d98afa65b26ec77e65ffe892e12c31a2f7b02736488f266f3bee4d761f79c3e57f9635bc2d0ecc01b08e7fff518080a792d4b34446648c874f166307314b63b0dff3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee152d7
-      Version: 3
-      TBS:
-        MD5: e140543fe3256027cfa79fc3c19c1776
-        SHA1: c655f94eb1ecc93de319fc0c9a2dc6c5ec063728
-        SHA256: 3ca71e85908ff67368e4dc00253f5691b9e6d50c966e7784143d75fb92aa3448
-        SHA384: d9d366f9328f2b55ee19a32cc5fd5148b81d764282fe5dc196c872ae249caa51d2c212ef39f33945dfe0cda81925e326
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=SG, O=GMO GlobalSign Pte Ltd, CN=GlobalSign TSA for MS Authenticode
-        , G2
-      ValidFrom: '2015-02-03 00:00:00'
-      ValidTo: '2026-03-03 00:00:00'
-      Signature: 8032dc078d1ca09c9d3c2ae83d218b59a14d7ecc44ce03be7eaabcc4e67b73bb4bf188da904e7537283863b9d72b0f54a956ce7739973073cd9bd9d905451c8da4b8035d4fd91c2e98e0e988e6ecd7057e562a7bf7165ba3ad8f972512841bb25c634a0ad2ef10544782843569289c0ce41f141624fa75dc74726e4ecae36a43afcf7d3648d1bde906912c2fa6c871fdcfbdd89d2198fcafdbde228cafa7f377ef9ddca3704b441af078851ef2a58c39b5dc881c37edad14f5070b26bdbe6d025eb1b8b0586c853a0df6ff5a270cc5de53e7543c564cc94e4c30f6f25cfb1a8cc282bead5991f61b4d557bcf5b01dcfd7ad36f235c32479b01f3c15114468a9b
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112106a081d33fd87ae5824cc16b52094e03
-      Version: 3
-      TBS:
-        MD5: a0ac4d48fe852f7b3ed4e623d59a825f
-        SHA1: d4db9846bc4d7db142eeb364286f6de7c102420c
-        SHA256: 78d2e41a13eb4e9171bae2d2adb192cf39210b5231f77cda936bcfbe8c003bdf
-        SHA384: 990ed96dca5979deeedc98a012279f04efb5559d7e7f5084a12f3802ee9439326557aecefd081cff739b78515b5d7f50
-    - Subject: C=US, ST=CA, L=Irvine, O=Marvin Test Solutions, Inc., CN=Marvin Test
-        Solutions, Inc., emailAddress=it@marvintest.com
-      ValidFrom: '2015-06-17 17:46:36'
-      ValidTo: '2018-05-04 18:44:13'
-      Signature: ab38f2c50cf023223b1fd78c4204cff8fbe1c71ca14bd3dc5d1f7833604526265abcc71a97faae04edf79563c97a75f4587852b1c8cb972771427710112f8fab1c1a01ca13d04301d551ff4c1728798bd5d8e9038ca079a7c1e5fe268f2c87b397bf2038bbee8dabb80be0f2158a468feca435ff9ed8611cf1a7cf0a6756d2defda9934a4c8a6f6dd1577070ca3e6d2ea155f01bae4e0cf05596226810c52e256bf6f7d0632a34bbe3926e083f5eb95bfa614ac331bee378d5a158222731b1edbf1bb3db3915376764e10cffca289cf0478bf9a8e0cf74a85a2a0147aa3ab1b6fb88b69de8c706dc91155126d3b7aaa0fd98b62357a7e30e7c34ef4809009f5d
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1121f0942b1e09a2573e8ab9ce0e3955b2de
-      Version: 3
-      TBS:
-        MD5: 5bdf35241e1bbd3dd8560aba2c4305f1
-        SHA1: 34e844721f998e3b40ee75329c4e5df87e52dc61
-        SHA256: 9441743aa497acefe2535a284e44a4cd55a201965900add8c7d770b0af7a8845
-        SHA384: 83003cfcb03f6cff7f5ca49603bcd9db4b5ebf62dd48a892b7d78e98ecf42726f0e77e9318050b71f5d6c649f92938c8
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2011-04-15 19:55:08'
-      ValidTo: '2021-04-15 20:05:08'
-      Signature: 5ff8d065746a81c6a6ca5b03b6914ae84bbdef2ba142f0efb4a5adcd3389ec0b9585ac62501108aa58d25aa08310e5a6337af25af2c5fe787cf09c83df190ad97396002dd62ccde914d41d9de83f3c1a76f7904efb01350a6c9313a0c356eb67a0e4d17a96dec267f190f80a7bf5321b94ec5f751f8d1b34da6c58a7cb2d279e2226b7c9aa30cc0777b836e38201b5393ccc8dd9a75f7f23b3877fdb5798918bd7ce2520e39d644fdd87f72b68490318e0a5df7c5f68644d36838d4781f2e9e0a869abfa7b163c05a449ea8830190a6c73055178dfd41ddd3ad47f2de44e54be83431e7a7433b4a4ebd77073bc2a02988966eef6bc8f749378e329025a5a43e258ce7ccf9acad236893be25fda26054ec8d4e72c910e1797c5beee8b13112323294ffa83d050f6bafad53db3173df4ff034aa325dce67561d1fa35086bd62744d068b78d45e0eb852cc8a15d614474160e5958aed2b5eea5bcd6d7076ab62978fd976767dd8d4f17944fd2ed0caf972437c3a29c81da6be143b6577b4cecbf791319e79fe844e94781b75e701e91f83dd17b27f50b7056434805dda92fab86101d0b12e31ad04c6e75ded645b30b748887935c564a41029af7aeb799d8b67f88fa11f2457cf4d71b91c01cf1a0fbd4080a411a142acef4eb34486e66879ed54b7a397fbb0e3d3861cf735706e412066bd96b5308cd7018c22d4f974691bca9f0
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 6129152700000000002a
-      Version: 3
-      TBS:
-        MD5: 0bb058d116f02817737920f112d9fd3b
-        SHA1: fd116235171a4feafedee586b7a59185fb5fd7e6
-        SHA256: f970426cc46d2ae0fc5f899fa19dbe76e05f07e525654c60c3c9399492c291f4
-        SHA384: c0df876be008c26ca407fe904e6f5e7ccded17f9c16830ce9f8022309c9e64c97f494810f152811ae43e223b82ad7cc6
-    Signer:
-    - SerialNumber: 1121f0942b1e09a2573e8ab9ce0e3955b2de
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: bd093a7d5ba5632ee52f3466a688ee55
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 0e03e32b8b0f3a1abb52581c1b5698f6
-    SHA1: 4614a646d19fb297aa878ba5e70dc9a6a1c5dd8a
-    SHA256: 25bc1b72ba6092674ec561d7de8f5e4a7adb23c29fa68de5b29a30a671257dac
-  Company: Marvin Test Solutions, Inc.
-  Copyright: "Copyright \xA9 1996-2021 Marvin Test Solutions, Inc. All Rights Reserved."
-  CreationTimestamp: '2021-01-06 17:19:31'
-  Date: ''
-  Description: HW - Windows NT-10 (32/64 bit) kernel mode driver for PC ports/memory/PCI
-    access
-  ExportedFunctions: ''
-  FileVersion: 4.9.8.0
-  Filename: hw.sys
-  ImportedFunctions:
-  - RtlInitUnicodeString
-  - RtlAppendUnicodeStringToString
-  - RtlQueryRegistryValues
-  - KeClearEvent
-  - IoCreateNotificationEvent
-  - KeSetEvent
-  - ZwClose
-  - ZwOpenProcess
-  - KeReleaseMutex
-  - KeWaitForSingleObject
-  - PsGetCurrentProcessId
-  - KeInitializeDpc
-  - MmGetSystemRoutineAddress
-  - IoDeleteDevice
-  - IoCreateSymbolicLink
-  - KeInitializeMutex
-  - IoCreateDevice
-  - IoDeleteSymbolicLink
-  - PsGetVersion
-  - ZwUnmapViewOfSection
-  - ZwMapViewOfSection
-  - ExFreePoolWithTag
-  - ZwOpenSection
-  - IoFreeMdl
-  - MmMapLockedPages
-  - MmBuildMdlForNonPagedPool
-  - IoAllocateMdl
-  - MmMapIoSpace
-  - MmUnmapLockedPages
-  - MmUnmapIoSpace
-  - MmFreeContiguousMemory
-  - MmGetPhysicalAddress
-  - MmAllocateContiguousMemory
-  - IofCallDriver
-  - IoBuildSynchronousFsdRequest
-  - IoGetDeviceProperty
-  - KeInitializeEvent
-  - ObfDereferenceObject
-  - ExAllocatePoolWithTag
-  - ObReferenceObjectByName
-  - IoDriverObjectType
-  - IofCompleteRequest
-  - IoDisconnectInterrupt
-  - KeReleaseInterruptSpinLock
-  - KeAcquireInterruptSpinLock
-  - ExEventObjectType
-  - KeFlushQueuedDpcs
-  - KeInsertQueueDpc
-  - ObReferenceObjectByHandle
-  - ExAllocatePool
-  - HalGetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: Hw.sys
-  MD5: 376b1e8957227a3639ec1482900d9b97
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: HW.sys
-  Product: HW
-  ProductVersion: 4.9.8.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: e75a603d7467c2b1506dbbea74ea68c2
-    SHA1: 592275b78e5255bb3a1245eaeb263858e3111278
-    SHA256: 739066eb4b1f106dec36d824dba3a08ce1052c98e99b69fa9d1aa228d6dae664
-  SHA1: 18f34a0005e82a9a1556ba40b997b0eae554d5fd
-  SHA256: 55963284bbd5a3297f39f12f0d8a01ed99fe59d008561e3537bcd4db4b4268fa
-  Sections:
-    .text:
-      Entropy: 5.425823948048583
-      Virtual Size: '0x5e54'
-    .rdata:
-      Entropy: 4.468643667711766
-      Virtual Size: '0xcaa'
-    .pdata:
-      Entropy: 4.00613719103044
-      Virtual Size: '0x33c'
-    .rsrc:
-      Entropy: 3.6737432495687674
-      Virtual Size: '0x4a0'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: OU=GlobalSign Root CA , R3, O=GlobalSign, CN=GlobalSign
-      ValidFrom: '2018-09-19 00:00:00'
-      ValidTo: '2028-01-28 12:00:00'
-      Signature: 2370e9cfe2bef559ae94426fc44333aacd3f3ab96417f262064b48f140880617a1feabd15f3cc633f2f38edd1f1d3ecc1a6099820bacc7fc7e9a872aa57d0fa657eeac3b6a85d6debd4063f8ada6c888b012fcf641df0f09971e38ea539fbe05f43eead39f501276be098bc20b487d1e2e51f68d53d3ab1f401b8a8eed7dfb4f7956705f0cd38e1bb3a7700d372b9795abdae0126b1c40cec5c77eedc26258ec77ed7322c28af5864388adea136efdd8fe422fb97d5ead18ef9490ca3d27ab26949975c7cbd37bf7ca4cd3af5121925b847d2b9f153f74cb51e89e830e166f1be746ce23bdf9e4a28bd2396baa791c912ce261242d8e2a487090c41ec5e8e070
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 01ee5f169dff97352b6465d66a
-      Version: 3
-      TBS:
-        MD5: 51c3959a45cecf3d21a3effb05762573
-        SHA1: ecfcd25fd0525448a74875ba271566bc0bfbf061
-        SHA256: de1da11668f0a8d5e13346ed3ab2755f5d25bebffcfd1d0bde5b9f87bc292c91
-        SHA384: f0eab75baf1f24a53d63bd795cd07292a312f603513c8cb0f40fe5acbdb477ed72607d309fad21471a16f6223fb3a838
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Extended Validation CodeSigning
-        CA , SHA256 , G3
-      ValidFrom: '2016-06-15 00:00:00'
-      ValidTo: '2024-06-15 00:00:00'
-      Signature: 7609c4cc2fd9ef1e4ba9f857f3403921ca4c3c1d9e292b20d42b44d288ce1a0d05cf8381bbeb69bc318d2ac4c744cc6060941ccfa1e102240ead5bbe2cc2271e67b7e8281f3251e339f398dfb89f2e8b2ab47b0a03bcbd36048fc9d09c4fa3022799b0f045e934dfe43aa3b70637d86f2a7990d4d44e5871ec53a96198f73969e0129c575872862729a51de532f32b99975abf2bb03cb406ea0e64ecb7cd65802417c2d937f5b1261035477b9a02ba54a24593ff79bf1a8cc59fb59fdf78e76b50f14794694b24b8da05e80c9d4f06ec4a31207e4f5d86842f35a3cd9cc184571f1fadc0e2a4b1ef296b2197a6d4feed0337b0fcf58d2abcdc8483e3dec3e75f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 481b6a07a9424c1eaafef3cdf10f
-      Version: 3
-      TBS:
-        MD5: fd8cfeea06be14fa89689909e1fc72dc
-        SHA1: 8bc3cd2f70abe543e0dbe721065a4076c8521f36
-        SHA256: 15e7050789df807f3e3174294a01b637a1239f603e42f4b5db9398efa9da9996
-        SHA384: 8b9f95e6d3dd45e4ef38e2f12fb893d7d1bb1ba867e152e4a73c49b3d51dd52bc83a05982deac29af90436061248546d
-    - Subject: ??=Private Organization, serialNumber=2147696, ??=US, ??=DELAWARE,
-        C=US, ST=CA, L=Irvine, ??=1770 Kettering, O=Marvin Test Solutions, Inc., CN=Marvin
-        Test Solutions, Inc.
-      ValidFrom: '2019-07-29 13:20:49'
-      ValidTo: '2022-07-29 13:20:49'
-      Signature: 278a08ea60d9c1c18b2b6f4f1913860edab3f46bc0945c57e099d37309bab4bbf99feec663d1dc2ef68152baa6e95b0da0e4fdb7793c2c7e779dd7206ad76432f28af41448200c079a9ffe26c8355134d71fb598f08e3864416a1925d5253f2344208a90d8b42790191581c112c3145e23fa979ec06f41cb559ad4e4d60cf549598f3746673c745a3a82e2525c9704adaa59d987ddf6a89641378a558686ca78f920cf1c975508f3943ff6df3aae70f9c5fb1db61134ad5b8d0f455e8483ad250403160b984a4fef6b0baed3cb129c953451c23a4bb9a37c762f286e8bb57049c50c4e06fb17e3fc2e6fcd4dffde6e3ee0ad173b19a9862bae7c921c8976344b
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 716ef836a8ceb23aeaf9174e
-      Version: 3
-      TBS:
-        MD5: c4e9591383494fbfb914aac72114934d
-        SHA1: 336fa67dfea049342c5b9ad622c30f97262c04fc
-        SHA256: b7347983521d490b380cc89242a926377785b57661f2b2332ab2750920e607d5
-        SHA384: 11ec2caeda9631792c0d7ea604db5ee96d697903e18addcc84d34e1c0257473a2c3007aa3a4568855997baf804495488
-    Signer:
-    - SerialNumber: 716ef836a8ceb23aeaf9174e
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Extended Validation CodeSigning
-        CA , SHA256 , G3
-      Version: 1
-  Imphash: 91ee149529956a79a91eeb8c48f00b3d
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create hw_sys binPath=C:\windows\temp\hw.sys type=kernel && sc.exe
+        start hw.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules
 - https://decoded.avast.io/janvojtesek/the-return-of-candiru-zero-days-in-the-middle-east/
 - https://www.virustotal.com/gui/file/6a4875ae86131a594019dec4abd46ac6ba47e57a88287b814d07d929858fe3e5/detection
-Tags:
-- hw.sys
-Verified: 'TRUE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/4880f40f2e557cff38100620b9aa1a3a753cb693af16cd3d95841583edcb57a8.yara
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/6a4875ae86131a594019dec4abd46ac6ba47e57a88287b814d07d929858fe3e5.yara
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/fd388cf1df06d419b14dedbeb24c6f4dff37bea26018775f09d56b3067f0de2c.yara
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/55963284bbd5a3297f39f12f0d8a01ed99fe59d008561e3537bcd4db4b4268fa.yara
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 6eafc9b68f2047adf6879e955d3b69e8
+        SHA1: 8a6d85617bc601b818ddf1b8e8d5db6cf7ae31c1
+        SHA256: 615a7c647eba3f2dcea463d5705d5d59ca70b4250f895ad20ce6876076a8fa28
+    Company: Marvin Test Solutions, Inc.
+    Copyright: "Copyright \xA9 1996-2021 Marvin Test Solutions, Inc. All Rights Reserved."
+    CreationTimestamp: '2021-01-06 17:19:33'
+    Date: ''
+    Description: HW - Windows NT-10 (32/64 bit) kernel mode driver for PC ports/memory/PCI
+        access
+    ExportedFunctions: ''
+    FileVersion: 4.9.8.0
+    Filename: hw.sys
+    ImportedFunctions:
+    - KeReleaseMutex
+    - KeWaitForSingleObject
+    - PsGetCurrentProcessId
+    - KeInitializeDpc
+    - MmGetSystemRoutineAddress
+    - IoDeleteDevice
+    - IoCreateSymbolicLink
+    - KeInitializeMutex
+    - IoCreateDevice
+    - IoDeleteSymbolicLink
+    - memcpy
+    - PsGetVersion
+    - ZwUnmapViewOfSection
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - IoFreeMdl
+    - MmMapLockedPages
+    - MmBuildMdlForNonPagedPool
+    - IoAllocateMdl
+    - MmMapIoSpace
+    - MmUnmapLockedPages
+    - MmUnmapIoSpace
+    - IoGetDmaAdapter
+    - IofCallDriver
+    - IoBuildSynchronousFsdRequest
+    - ZwOpenProcess
+    - KeInitializeEvent
+    - ObfDereferenceObject
+    - ExAllocatePoolWithTag
+    - ObReferenceObjectByName
+    - IoDriverObjectType
+    - IofCompleteRequest
+    - WRITE_REGISTER_BUFFER_ULONG
+    - WRITE_REGISTER_BUFFER_USHORT
+    - WRITE_REGISTER_BUFFER_UCHAR
+    - WRITE_REGISTER_ULONG
+    - WRITE_REGISTER_USHORT
+    - WRITE_REGISTER_UCHAR
+    - READ_REGISTER_BUFFER_ULONG
+    - READ_REGISTER_BUFFER_USHORT
+    - READ_REGISTER_BUFFER_UCHAR
+    - READ_REGISTER_ULONG
+    - READ_REGISTER_USHORT
+    - READ_REGISTER_UCHAR
+    - IoConnectInterrupt
+    - IoDisconnectInterrupt
+    - KeReleaseInterruptSpinLock
+    - KeAcquireInterruptSpinLock
+    - ExEventObjectType
+    - KeDelayExecutionThread
+    - KeInsertQueueDpc
+    - ZwClose
+    - KeSetEvent
+    - IoCreateNotificationEvent
+    - KeClearEvent
+    - RtlQueryRegistryValues
+    - RtlAppendUnicodeStringToString
+    - RtlInitUnicodeString
+    - memset
+    - ExFreePoolWithTag
+    - IoGetDeviceProperty
+    - ExAllocatePool
+    - READ_PORT_UCHAR
+    - READ_PORT_USHORT
+    - READ_PORT_ULONG
+    - READ_PORT_BUFFER_UCHAR
+    - READ_PORT_BUFFER_USHORT
+    - READ_PORT_BUFFER_ULONG
+    - WRITE_PORT_UCHAR
+    - WRITE_PORT_USHORT
+    - WRITE_PORT_ULONG
+    - WRITE_PORT_BUFFER_UCHAR
+    - WRITE_PORT_BUFFER_USHORT
+    - WRITE_PORT_BUFFER_ULONG
+    - HalAssignSlotResources
+    - HalTranslateBusAddress
+    - HalGetBusDataByOffset
+    - HalGetInterruptVector
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: Hw.sys
+    MD5: 3247014ba35d406475311a2eab0c4657
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: HW.sys
+    Product: HW
+    ProductVersion: 4.9.8.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 91d1f756630dbcb9bb34ab945f1e3a43
+        SHA1: 8213b5de157232171c54fb94c86028521e9bb905
+        SHA256: 0a9072b98f01eaed2e4fd4ebbdcb86740b5427a213d8c1a7e5bd49d9613aa152
+    SHA1: 74e4e3006b644392f5fcea4a9bae1d9d84714b57
+    SHA256: 4880f40f2e557cff38100620b9aa1a3a753cb693af16cd3d95841583edcb57a8
+    Sections:
+        .text:
+            Entropy: 5.94588431546437
+            Virtual Size: '0x4242'
+        .rdata:
+            Entropy: 5.126726594759932
+            Virtual Size: '0xc2c'
+        .rsrc:
+            Entropy: 3.6674325094888713
+            Virtual Size: '0x4a0'
+        .reloc:
+            Entropy: 5.321382942427512
+            Virtual Size: '0x322'
+    Signature:
+    - Marvin Test Solutions, Inc.
+    - GlobalSign Extended Validation CodeSigning CA - SHA256 - G3
+    - GlobalSign
+    - GlobalSign Root CA - R1
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: OU=GlobalSign Root CA , R3, O=GlobalSign, CN=GlobalSign
+            ValidFrom: '2018-09-19 00:00:00'
+            ValidTo: '2028-01-28 12:00:00'
+            Signature: 2370e9cfe2bef559ae94426fc44333aacd3f3ab96417f262064b48f140880617a1feabd15f3cc633f2f38edd1f1d3ecc1a6099820bacc7fc7e9a872aa57d0fa657eeac3b6a85d6debd4063f8ada6c888b012fcf641df0f09971e38ea539fbe05f43eead39f501276be098bc20b487d1e2e51f68d53d3ab1f401b8a8eed7dfb4f7956705f0cd38e1bb3a7700d372b9795abdae0126b1c40cec5c77eedc26258ec77ed7322c28af5864388adea136efdd8fe422fb97d5ead18ef9490ca3d27ab26949975c7cbd37bf7ca4cd3af5121925b847d2b9f153f74cb51e89e830e166f1be746ce23bdf9e4a28bd2396baa791c912ce261242d8e2a487090c41ec5e8e070
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 01ee5f169dff97352b6465d66a
+            Version: 3
+            TBS:
+                MD5: 51c3959a45cecf3d21a3effb05762573
+                SHA1: ecfcd25fd0525448a74875ba271566bc0bfbf061
+                SHA256: de1da11668f0a8d5e13346ed3ab2755f5d25bebffcfd1d0bde5b9f87bc292c91
+                SHA384: f0eab75baf1f24a53d63bd795cd07292a312f603513c8cb0f40fe5acbdb477ed72607d309fad21471a16f6223fb3a838
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Extended Validation CodeSigning
+                CA , SHA256 , G3
+            ValidFrom: '2016-06-15 00:00:00'
+            ValidTo: '2024-06-15 00:00:00'
+            Signature: 7609c4cc2fd9ef1e4ba9f857f3403921ca4c3c1d9e292b20d42b44d288ce1a0d05cf8381bbeb69bc318d2ac4c744cc6060941ccfa1e102240ead5bbe2cc2271e67b7e8281f3251e339f398dfb89f2e8b2ab47b0a03bcbd36048fc9d09c4fa3022799b0f045e934dfe43aa3b70637d86f2a7990d4d44e5871ec53a96198f73969e0129c575872862729a51de532f32b99975abf2bb03cb406ea0e64ecb7cd65802417c2d937f5b1261035477b9a02ba54a24593ff79bf1a8cc59fb59fdf78e76b50f14794694b24b8da05e80c9d4f06ec4a31207e4f5d86842f35a3cd9cc184571f1fadc0e2a4b1ef296b2197a6d4feed0337b0fcf58d2abcdc8483e3dec3e75f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 481b6a07a9424c1eaafef3cdf10f
+            Version: 3
+            TBS:
+                MD5: fd8cfeea06be14fa89689909e1fc72dc
+                SHA1: 8bc3cd2f70abe543e0dbe721065a4076c8521f36
+                SHA256: 15e7050789df807f3e3174294a01b637a1239f603e42f4b5db9398efa9da9996
+                SHA384: 8b9f95e6d3dd45e4ef38e2f12fb893d7d1bb1ba867e152e4a73c49b3d51dd52bc83a05982deac29af90436061248546d
+        -   Subject: ??=Private Organization, serialNumber=2147696, ??=US, ??=DELAWARE,
+                C=US, ST=CA, L=Irvine, ??=1770 Kettering, O=Marvin Test Solutions,
+                Inc., CN=Marvin Test Solutions, Inc.
+            ValidFrom: '2019-07-29 13:20:49'
+            ValidTo: '2022-07-29 13:20:49'
+            Signature: 278a08ea60d9c1c18b2b6f4f1913860edab3f46bc0945c57e099d37309bab4bbf99feec663d1dc2ef68152baa6e95b0da0e4fdb7793c2c7e779dd7206ad76432f28af41448200c079a9ffe26c8355134d71fb598f08e3864416a1925d5253f2344208a90d8b42790191581c112c3145e23fa979ec06f41cb559ad4e4d60cf549598f3746673c745a3a82e2525c9704adaa59d987ddf6a89641378a558686ca78f920cf1c975508f3943ff6df3aae70f9c5fb1db61134ad5b8d0f455e8483ad250403160b984a4fef6b0baed3cb129c953451c23a4bb9a37c762f286e8bb57049c50c4e06fb17e3fc2e6fcd4dffde6e3ee0ad173b19a9862bae7c921c8976344b
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 716ef836a8ceb23aeaf9174e
+            Version: 3
+            TBS:
+                MD5: c4e9591383494fbfb914aac72114934d
+                SHA1: 336fa67dfea049342c5b9ad622c30f97262c04fc
+                SHA256: b7347983521d490b380cc89242a926377785b57661f2b2332ab2750920e607d5
+                SHA384: 11ec2caeda9631792c0d7ea604db5ee96d697903e18addcc84d34e1c0257473a2c3007aa3a4568855997baf804495488
+        Signer:
+        -   SerialNumber: 716ef836a8ceb23aeaf9174e
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Extended Validation CodeSigning
+                CA , SHA256 , G3
+            Version: 1
+    Imphash: 67d92a28cd2923a923adf7fd958905d8
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 22db74f3f2e50ccdeb471c81e3a62532
+        SHA1: 6e87cd3b027a07a810164d618e3f2fce61eb6ec4
+        SHA256: 734b74798a680d2e534c14a033858c4081c7879af1f48037d9d5483aa27a7e90
+    Company: Marvin Test Solutions, Inc.
+    Copyright: "Copyright \xA9 1996-2015 Marvin Test Solutions, Inc. All Rights Reserved."
+    CreationTimestamp: '2015-06-24 17:52:05'
+    Date: ''
+    Description: HW - Windows NT-8 (32/64 bit) kernel mode driver for PC ports/memory/PCI
+        access
+    ExportedFunctions: ''
+    FileVersion: 4.8.2.0
+    Filename: HW.sys
+    ImportedFunctions:
+    - RtlInitUnicodeString
+    - RtlAppendUnicodeStringToString
+    - ZwClose
+    - ZwOpenProcess
+    - KeReleaseMutex
+    - KeWaitForSingleObject
+    - PsGetCurrentProcessId
+    - KeInitializeDpc
+    - MmGetSystemRoutineAddress
+    - IoDeleteDevice
+    - IoCreateSymbolicLink
+    - KeInitializeMutex
+    - IoCreateDevice
+    - IoDeleteSymbolicLink
+    - PsGetVersion
+    - ZwUnmapViewOfSection
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - ExFreePoolWithTag
+    - MmMapLockedPages
+    - MmBuildMdlForNonPagedPool
+    - IoAllocateMdl
+    - MmMapIoSpace
+    - MmUnmapLockedPages
+    - MmUnmapIoSpace
+    - MmFreeContiguousMemory
+    - MmGetPhysicalAddress
+    - MmAllocateContiguousMemory
+    - IofCallDriver
+    - IoBuildSynchronousFsdRequest
+    - IoGetDeviceProperty
+    - KeInitializeEvent
+    - ObfDereferenceObject
+    - ExAllocatePoolWithTag
+    - ObReferenceObjectByName
+    - IoDriverObjectType
+    - IofCompleteRequest
+    - IoDisconnectInterrupt
+    - KeReleaseInterruptSpinLock
+    - KeAcquireInterruptSpinLock
+    - ExEventObjectType
+    - KeFlushQueuedDpcs
+    - KeInsertQueueDpc
+    - KeSetEvent
+    - IoFreeMdl
+    - ExAllocatePool
+    - HalGetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: Hw.sys
+    MD5: 45c2d133d41d2732f3653ed615a745c8
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: HW.sys
+    Product: HW
+    ProductVersion: 4.8.2.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 3389ab434a886ca939bbb64de33ea971
+        SHA1: 38d029a7b63d45c7c386558117cda903c1b15102
+        SHA256: 517ea8a886737da4ba8f7bcdc6041dc0da9073a76e514be5a73d10836ebcbbf0
+    SHA1: 4e56e0b1d12664c05615c69697a2f5c5d893058a
+    SHA256: 6a4875ae86131a594019dec4abd46ac6ba47e57a88287b814d07d929858fe3e5
+    Sections:
+        .text:
+            Entropy: 5.475629198747561
+            Virtual Size: '0x3694'
+        INIT:
+            Entropy: 5.133620054689875
+            Virtual Size: '0x2151'
+        .rdata:
+            Entropy: 4.569984356691087
+            Virtual Size: '0xaec'
+        .pdata:
+            Entropy: 3.983331164222992
+            Virtual Size: '0x318'
+        .rsrc:
+            Entropy: 3.6769129984563755
+            Virtual Size: '0x49c'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Timestamping CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2028-01-28 12:00:00'
+            Signature: 4e5e56901e46b4d94931f3bb1739281bc216ddfd41dc0905049b6fb2a29ad6992e40990055b5ea3fa52076d38634d417cc553ac782eeefa8babcd8069f1550dfcd167b523a02d7191afdaff0785ce04bc518df3a241edaacb8a95804020730dbb0125efe31bef00448f4f070f83a5e5683cf3dfb0dbcf4c5ed979db9d4dba52784e3389b8ba735864420a43b6da46a0ba183fd28ebdaef28f6cc885dfb0a3b00abe021ebe22f356c0f8e344597eba2f79933357ecb9a8abb454de73f9fc2d98afa65b26ec77e65ffe892e12c31a2f7b02736488f266f3bee4d761f79c3e57f9635bc2d0ecc01b08e7fff518080a792d4b34446648c874f166307314b63b0dff3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee152d7
+            Version: 3
+            TBS:
+                MD5: e140543fe3256027cfa79fc3c19c1776
+                SHA1: c655f94eb1ecc93de319fc0c9a2dc6c5ec063728
+                SHA256: 3ca71e85908ff67368e4dc00253f5691b9e6d50c966e7784143d75fb92aa3448
+                SHA384: d9d366f9328f2b55ee19a32cc5fd5148b81d764282fe5dc196c872ae249caa51d2c212ef39f33945dfe0cda81925e326
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=SG, O=GMO GlobalSign Pte Ltd, CN=GlobalSign TSA for MS Authenticode
+                , G2
+            ValidFrom: '2015-02-03 00:00:00'
+            ValidTo: '2026-03-03 00:00:00'
+            Signature: 8032dc078d1ca09c9d3c2ae83d218b59a14d7ecc44ce03be7eaabcc4e67b73bb4bf188da904e7537283863b9d72b0f54a956ce7739973073cd9bd9d905451c8da4b8035d4fd91c2e98e0e988e6ecd7057e562a7bf7165ba3ad8f972512841bb25c634a0ad2ef10544782843569289c0ce41f141624fa75dc74726e4ecae36a43afcf7d3648d1bde906912c2fa6c871fdcfbdd89d2198fcafdbde228cafa7f377ef9ddca3704b441af078851ef2a58c39b5dc881c37edad14f5070b26bdbe6d025eb1b8b0586c853a0df6ff5a270cc5de53e7543c564cc94e4c30f6f25cfb1a8cc282bead5991f61b4d557bcf5b01dcfd7ad36f235c32479b01f3c15114468a9b
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112106a081d33fd87ae5824cc16b52094e03
+            Version: 3
+            TBS:
+                MD5: a0ac4d48fe852f7b3ed4e623d59a825f
+                SHA1: d4db9846bc4d7db142eeb364286f6de7c102420c
+                SHA256: 78d2e41a13eb4e9171bae2d2adb192cf39210b5231f77cda936bcfbe8c003bdf
+                SHA384: 990ed96dca5979deeedc98a012279f04efb5559d7e7f5084a12f3802ee9439326557aecefd081cff739b78515b5d7f50
+        -   Subject: C=US, ST=CA, L=Irvine, O=Marvin Test Solutions, Inc., CN=Marvin
+                Test Solutions, Inc., emailAddress=it@marvintest.com
+            ValidFrom: '2015-06-17 17:46:36'
+            ValidTo: '2018-05-04 18:44:13'
+            Signature: ab38f2c50cf023223b1fd78c4204cff8fbe1c71ca14bd3dc5d1f7833604526265abcc71a97faae04edf79563c97a75f4587852b1c8cb972771427710112f8fab1c1a01ca13d04301d551ff4c1728798bd5d8e9038ca079a7c1e5fe268f2c87b397bf2038bbee8dabb80be0f2158a468feca435ff9ed8611cf1a7cf0a6756d2defda9934a4c8a6f6dd1577070ca3e6d2ea155f01bae4e0cf05596226810c52e256bf6f7d0632a34bbe3926e083f5eb95bfa614ac331bee378d5a158222731b1edbf1bb3db3915376764e10cffca289cf0478bf9a8e0cf74a85a2a0147aa3ab1b6fb88b69de8c706dc91155126d3b7aaa0fd98b62357a7e30e7c34ef4809009f5d
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1121f0942b1e09a2573e8ab9ce0e3955b2de
+            Version: 3
+            TBS:
+                MD5: 5bdf35241e1bbd3dd8560aba2c4305f1
+                SHA1: 34e844721f998e3b40ee75329c4e5df87e52dc61
+                SHA256: 9441743aa497acefe2535a284e44a4cd55a201965900add8c7d770b0af7a8845
+                SHA384: 83003cfcb03f6cff7f5ca49603bcd9db4b5ebf62dd48a892b7d78e98ecf42726f0e77e9318050b71f5d6c649f92938c8
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2011-04-15 19:55:08'
+            ValidTo: '2021-04-15 20:05:08'
+            Signature: 5ff8d065746a81c6a6ca5b03b6914ae84bbdef2ba142f0efb4a5adcd3389ec0b9585ac62501108aa58d25aa08310e5a6337af25af2c5fe787cf09c83df190ad97396002dd62ccde914d41d9de83f3c1a76f7904efb01350a6c9313a0c356eb67a0e4d17a96dec267f190f80a7bf5321b94ec5f751f8d1b34da6c58a7cb2d279e2226b7c9aa30cc0777b836e38201b5393ccc8dd9a75f7f23b3877fdb5798918bd7ce2520e39d644fdd87f72b68490318e0a5df7c5f68644d36838d4781f2e9e0a869abfa7b163c05a449ea8830190a6c73055178dfd41ddd3ad47f2de44e54be83431e7a7433b4a4ebd77073bc2a02988966eef6bc8f749378e329025a5a43e258ce7ccf9acad236893be25fda26054ec8d4e72c910e1797c5beee8b13112323294ffa83d050f6bafad53db3173df4ff034aa325dce67561d1fa35086bd62744d068b78d45e0eb852cc8a15d614474160e5958aed2b5eea5bcd6d7076ab62978fd976767dd8d4f17944fd2ed0caf972437c3a29c81da6be143b6577b4cecbf791319e79fe844e94781b75e701e91f83dd17b27f50b7056434805dda92fab86101d0b12e31ad04c6e75ded645b30b748887935c564a41029af7aeb799d8b67f88fa11f2457cf4d71b91c01cf1a0fbd4080a411a142acef4eb34486e66879ed54b7a397fbb0e3d3861cf735706e412066bd96b5308cd7018c22d4f974691bca9f0
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 6129152700000000002a
+            Version: 3
+            TBS:
+                MD5: 0bb058d116f02817737920f112d9fd3b
+                SHA1: fd116235171a4feafedee586b7a59185fb5fd7e6
+                SHA256: f970426cc46d2ae0fc5f899fa19dbe76e05f07e525654c60c3c9399492c291f4
+                SHA384: c0df876be008c26ca407fe904e6f5e7ccded17f9c16830ce9f8022309c9e64c97f494810f152811ae43e223b82ad7cc6
+        Signer:
+        -   SerialNumber: 1121f0942b1e09a2573e8ab9ce0e3955b2de
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: bd093a7d5ba5632ee52f3466a688ee55
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 22db74f3f2e50ccdeb471c81e3a62532
+        SHA1: 6e87cd3b027a07a810164d618e3f2fce61eb6ec4
+        SHA256: 734b74798a680d2e534c14a033858c4081c7879af1f48037d9d5483aa27a7e90
+    Company: Marvin Test Solutions, Inc.
+    Copyright: "Copyright \xA9 1996-2015 Marvin Test Solutions, Inc. All Rights Reserved."
+    CreationTimestamp: '2015-06-24 17:52:05'
+    Date: ''
+    Description: HW - Windows NT-8 (32/64 bit) kernel mode driver for PC ports/memory/PCI
+        access
+    ExportedFunctions: ''
+    FileVersion: 4.8.2.0
+    Filename: hw.sys
+    ImportedFunctions:
+    - RtlInitUnicodeString
+    - RtlAppendUnicodeStringToString
+    - ZwClose
+    - ZwOpenProcess
+    - KeReleaseMutex
+    - KeWaitForSingleObject
+    - PsGetCurrentProcessId
+    - KeInitializeDpc
+    - MmGetSystemRoutineAddress
+    - IoDeleteDevice
+    - IoCreateSymbolicLink
+    - KeInitializeMutex
+    - IoCreateDevice
+    - IoDeleteSymbolicLink
+    - PsGetVersion
+    - ZwUnmapViewOfSection
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - ExFreePoolWithTag
+    - MmMapLockedPages
+    - MmBuildMdlForNonPagedPool
+    - IoAllocateMdl
+    - MmMapIoSpace
+    - MmUnmapLockedPages
+    - MmUnmapIoSpace
+    - MmFreeContiguousMemory
+    - MmGetPhysicalAddress
+    - MmAllocateContiguousMemory
+    - IofCallDriver
+    - IoBuildSynchronousFsdRequest
+    - IoGetDeviceProperty
+    - KeInitializeEvent
+    - ObfDereferenceObject
+    - ExAllocatePoolWithTag
+    - ObReferenceObjectByName
+    - IoDriverObjectType
+    - IofCompleteRequest
+    - IoDisconnectInterrupt
+    - KeReleaseInterruptSpinLock
+    - KeAcquireInterruptSpinLock
+    - ExEventObjectType
+    - KeFlushQueuedDpcs
+    - KeInsertQueueDpc
+    - KeSetEvent
+    - IoFreeMdl
+    - ExAllocatePool
+    - HalGetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: Hw.sys
+    MD5: 3cf7a55ec897cc938aebb8161cb8e74f
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: HW.sys
+    Product: HW
+    ProductVersion: 4.8.2.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 3389ab434a886ca939bbb64de33ea971
+        SHA1: 38d029a7b63d45c7c386558117cda903c1b15102
+        SHA256: 517ea8a886737da4ba8f7bcdc6041dc0da9073a76e514be5a73d10836ebcbbf0
+    SHA1: 22fc833e07dd163315095d32ebcd3b3e377c33a4
+    SHA256: fd388cf1df06d419b14dedbeb24c6f4dff37bea26018775f09d56b3067f0de2c
+    Sections:
+        .text:
+            Entropy: 5.475629198747561
+            Virtual Size: '0x3694'
+        INIT:
+            Entropy: 5.133620054689875
+            Virtual Size: '0x2151'
+        .rdata:
+            Entropy: 4.569984356691087
+            Virtual Size: '0xaec'
+        .pdata:
+            Entropy: 3.983331164222992
+            Virtual Size: '0x318'
+        .rsrc:
+            Entropy: 3.6769129984563755
+            Virtual Size: '0x49c'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Timestamping CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2028-01-28 12:00:00'
+            Signature: 4e5e56901e46b4d94931f3bb1739281bc216ddfd41dc0905049b6fb2a29ad6992e40990055b5ea3fa52076d38634d417cc553ac782eeefa8babcd8069f1550dfcd167b523a02d7191afdaff0785ce04bc518df3a241edaacb8a95804020730dbb0125efe31bef00448f4f070f83a5e5683cf3dfb0dbcf4c5ed979db9d4dba52784e3389b8ba735864420a43b6da46a0ba183fd28ebdaef28f6cc885dfb0a3b00abe021ebe22f356c0f8e344597eba2f79933357ecb9a8abb454de73f9fc2d98afa65b26ec77e65ffe892e12c31a2f7b02736488f266f3bee4d761f79c3e57f9635bc2d0ecc01b08e7fff518080a792d4b34446648c874f166307314b63b0dff3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee152d7
+            Version: 3
+            TBS:
+                MD5: e140543fe3256027cfa79fc3c19c1776
+                SHA1: c655f94eb1ecc93de319fc0c9a2dc6c5ec063728
+                SHA256: 3ca71e85908ff67368e4dc00253f5691b9e6d50c966e7784143d75fb92aa3448
+                SHA384: d9d366f9328f2b55ee19a32cc5fd5148b81d764282fe5dc196c872ae249caa51d2c212ef39f33945dfe0cda81925e326
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=SG, O=GMO GlobalSign Pte Ltd, CN=GlobalSign TSA for MS Authenticode
+                , G2
+            ValidFrom: '2015-02-03 00:00:00'
+            ValidTo: '2026-03-03 00:00:00'
+            Signature: 8032dc078d1ca09c9d3c2ae83d218b59a14d7ecc44ce03be7eaabcc4e67b73bb4bf188da904e7537283863b9d72b0f54a956ce7739973073cd9bd9d905451c8da4b8035d4fd91c2e98e0e988e6ecd7057e562a7bf7165ba3ad8f972512841bb25c634a0ad2ef10544782843569289c0ce41f141624fa75dc74726e4ecae36a43afcf7d3648d1bde906912c2fa6c871fdcfbdd89d2198fcafdbde228cafa7f377ef9ddca3704b441af078851ef2a58c39b5dc881c37edad14f5070b26bdbe6d025eb1b8b0586c853a0df6ff5a270cc5de53e7543c564cc94e4c30f6f25cfb1a8cc282bead5991f61b4d557bcf5b01dcfd7ad36f235c32479b01f3c15114468a9b
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112106a081d33fd87ae5824cc16b52094e03
+            Version: 3
+            TBS:
+                MD5: a0ac4d48fe852f7b3ed4e623d59a825f
+                SHA1: d4db9846bc4d7db142eeb364286f6de7c102420c
+                SHA256: 78d2e41a13eb4e9171bae2d2adb192cf39210b5231f77cda936bcfbe8c003bdf
+                SHA384: 990ed96dca5979deeedc98a012279f04efb5559d7e7f5084a12f3802ee9439326557aecefd081cff739b78515b5d7f50
+        -   Subject: C=US, ST=CA, L=Irvine, O=Marvin Test Solutions, Inc., CN=Marvin
+                Test Solutions, Inc., emailAddress=it@marvintest.com
+            ValidFrom: '2015-06-17 17:46:36'
+            ValidTo: '2018-05-04 18:44:13'
+            Signature: ab38f2c50cf023223b1fd78c4204cff8fbe1c71ca14bd3dc5d1f7833604526265abcc71a97faae04edf79563c97a75f4587852b1c8cb972771427710112f8fab1c1a01ca13d04301d551ff4c1728798bd5d8e9038ca079a7c1e5fe268f2c87b397bf2038bbee8dabb80be0f2158a468feca435ff9ed8611cf1a7cf0a6756d2defda9934a4c8a6f6dd1577070ca3e6d2ea155f01bae4e0cf05596226810c52e256bf6f7d0632a34bbe3926e083f5eb95bfa614ac331bee378d5a158222731b1edbf1bb3db3915376764e10cffca289cf0478bf9a8e0cf74a85a2a0147aa3ab1b6fb88b69de8c706dc91155126d3b7aaa0fd98b62357a7e30e7c34ef4809009f5d
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1121f0942b1e09a2573e8ab9ce0e3955b2de
+            Version: 3
+            TBS:
+                MD5: 5bdf35241e1bbd3dd8560aba2c4305f1
+                SHA1: 34e844721f998e3b40ee75329c4e5df87e52dc61
+                SHA256: 9441743aa497acefe2535a284e44a4cd55a201965900add8c7d770b0af7a8845
+                SHA384: 83003cfcb03f6cff7f5ca49603bcd9db4b5ebf62dd48a892b7d78e98ecf42726f0e77e9318050b71f5d6c649f92938c8
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2011-04-15 19:55:08'
+            ValidTo: '2021-04-15 20:05:08'
+            Signature: 5ff8d065746a81c6a6ca5b03b6914ae84bbdef2ba142f0efb4a5adcd3389ec0b9585ac62501108aa58d25aa08310e5a6337af25af2c5fe787cf09c83df190ad97396002dd62ccde914d41d9de83f3c1a76f7904efb01350a6c9313a0c356eb67a0e4d17a96dec267f190f80a7bf5321b94ec5f751f8d1b34da6c58a7cb2d279e2226b7c9aa30cc0777b836e38201b5393ccc8dd9a75f7f23b3877fdb5798918bd7ce2520e39d644fdd87f72b68490318e0a5df7c5f68644d36838d4781f2e9e0a869abfa7b163c05a449ea8830190a6c73055178dfd41ddd3ad47f2de44e54be83431e7a7433b4a4ebd77073bc2a02988966eef6bc8f749378e329025a5a43e258ce7ccf9acad236893be25fda26054ec8d4e72c910e1797c5beee8b13112323294ffa83d050f6bafad53db3173df4ff034aa325dce67561d1fa35086bd62744d068b78d45e0eb852cc8a15d614474160e5958aed2b5eea5bcd6d7076ab62978fd976767dd8d4f17944fd2ed0caf972437c3a29c81da6be143b6577b4cecbf791319e79fe844e94781b75e701e91f83dd17b27f50b7056434805dda92fab86101d0b12e31ad04c6e75ded645b30b748887935c564a41029af7aeb799d8b67f88fa11f2457cf4d71b91c01cf1a0fbd4080a411a142acef4eb34486e66879ed54b7a397fbb0e3d3861cf735706e412066bd96b5308cd7018c22d4f974691bca9f0
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 6129152700000000002a
+            Version: 3
+            TBS:
+                MD5: 0bb058d116f02817737920f112d9fd3b
+                SHA1: fd116235171a4feafedee586b7a59185fb5fd7e6
+                SHA256: f970426cc46d2ae0fc5f899fa19dbe76e05f07e525654c60c3c9399492c291f4
+                SHA384: c0df876be008c26ca407fe904e6f5e7ccded17f9c16830ce9f8022309c9e64c97f494810f152811ae43e223b82ad7cc6
+        Signer:
+        -   SerialNumber: 1121f0942b1e09a2573e8ab9ce0e3955b2de
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: bd093a7d5ba5632ee52f3466a688ee55
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 0e03e32b8b0f3a1abb52581c1b5698f6
+        SHA1: 4614a646d19fb297aa878ba5e70dc9a6a1c5dd8a
+        SHA256: 25bc1b72ba6092674ec561d7de8f5e4a7adb23c29fa68de5b29a30a671257dac
+    Company: Marvin Test Solutions, Inc.
+    Copyright: "Copyright \xA9 1996-2021 Marvin Test Solutions, Inc. All Rights Reserved."
+    CreationTimestamp: '2021-01-06 17:19:31'
+    Date: ''
+    Description: HW - Windows NT-10 (32/64 bit) kernel mode driver for PC ports/memory/PCI
+        access
+    ExportedFunctions: ''
+    FileVersion: 4.9.8.0
+    Filename: hw.sys
+    ImportedFunctions:
+    - RtlInitUnicodeString
+    - RtlAppendUnicodeStringToString
+    - RtlQueryRegistryValues
+    - KeClearEvent
+    - IoCreateNotificationEvent
+    - KeSetEvent
+    - ZwClose
+    - ZwOpenProcess
+    - KeReleaseMutex
+    - KeWaitForSingleObject
+    - PsGetCurrentProcessId
+    - KeInitializeDpc
+    - MmGetSystemRoutineAddress
+    - IoDeleteDevice
+    - IoCreateSymbolicLink
+    - KeInitializeMutex
+    - IoCreateDevice
+    - IoDeleteSymbolicLink
+    - PsGetVersion
+    - ZwUnmapViewOfSection
+    - ZwMapViewOfSection
+    - ExFreePoolWithTag
+    - ZwOpenSection
+    - IoFreeMdl
+    - MmMapLockedPages
+    - MmBuildMdlForNonPagedPool
+    - IoAllocateMdl
+    - MmMapIoSpace
+    - MmUnmapLockedPages
+    - MmUnmapIoSpace
+    - MmFreeContiguousMemory
+    - MmGetPhysicalAddress
+    - MmAllocateContiguousMemory
+    - IofCallDriver
+    - IoBuildSynchronousFsdRequest
+    - IoGetDeviceProperty
+    - KeInitializeEvent
+    - ObfDereferenceObject
+    - ExAllocatePoolWithTag
+    - ObReferenceObjectByName
+    - IoDriverObjectType
+    - IofCompleteRequest
+    - IoDisconnectInterrupt
+    - KeReleaseInterruptSpinLock
+    - KeAcquireInterruptSpinLock
+    - ExEventObjectType
+    - KeFlushQueuedDpcs
+    - KeInsertQueueDpc
+    - ObReferenceObjectByHandle
+    - ExAllocatePool
+    - HalGetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: Hw.sys
+    MD5: 376b1e8957227a3639ec1482900d9b97
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: HW.sys
+    Product: HW
+    ProductVersion: 4.9.8.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: e75a603d7467c2b1506dbbea74ea68c2
+        SHA1: 592275b78e5255bb3a1245eaeb263858e3111278
+        SHA256: 739066eb4b1f106dec36d824dba3a08ce1052c98e99b69fa9d1aa228d6dae664
+    SHA1: 18f34a0005e82a9a1556ba40b997b0eae554d5fd
+    SHA256: 55963284bbd5a3297f39f12f0d8a01ed99fe59d008561e3537bcd4db4b4268fa
+    Sections:
+        .text:
+            Entropy: 5.425823948048583
+            Virtual Size: '0x5e54'
+        .rdata:
+            Entropy: 4.468643667711766
+            Virtual Size: '0xcaa'
+        .pdata:
+            Entropy: 4.00613719103044
+            Virtual Size: '0x33c'
+        .rsrc:
+            Entropy: 3.6737432495687674
+            Virtual Size: '0x4a0'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: OU=GlobalSign Root CA , R3, O=GlobalSign, CN=GlobalSign
+            ValidFrom: '2018-09-19 00:00:00'
+            ValidTo: '2028-01-28 12:00:00'
+            Signature: 2370e9cfe2bef559ae94426fc44333aacd3f3ab96417f262064b48f140880617a1feabd15f3cc633f2f38edd1f1d3ecc1a6099820bacc7fc7e9a872aa57d0fa657eeac3b6a85d6debd4063f8ada6c888b012fcf641df0f09971e38ea539fbe05f43eead39f501276be098bc20b487d1e2e51f68d53d3ab1f401b8a8eed7dfb4f7956705f0cd38e1bb3a7700d372b9795abdae0126b1c40cec5c77eedc26258ec77ed7322c28af5864388adea136efdd8fe422fb97d5ead18ef9490ca3d27ab26949975c7cbd37bf7ca4cd3af5121925b847d2b9f153f74cb51e89e830e166f1be746ce23bdf9e4a28bd2396baa791c912ce261242d8e2a487090c41ec5e8e070
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 01ee5f169dff97352b6465d66a
+            Version: 3
+            TBS:
+                MD5: 51c3959a45cecf3d21a3effb05762573
+                SHA1: ecfcd25fd0525448a74875ba271566bc0bfbf061
+                SHA256: de1da11668f0a8d5e13346ed3ab2755f5d25bebffcfd1d0bde5b9f87bc292c91
+                SHA384: f0eab75baf1f24a53d63bd795cd07292a312f603513c8cb0f40fe5acbdb477ed72607d309fad21471a16f6223fb3a838
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Extended Validation CodeSigning
+                CA , SHA256 , G3
+            ValidFrom: '2016-06-15 00:00:00'
+            ValidTo: '2024-06-15 00:00:00'
+            Signature: 7609c4cc2fd9ef1e4ba9f857f3403921ca4c3c1d9e292b20d42b44d288ce1a0d05cf8381bbeb69bc318d2ac4c744cc6060941ccfa1e102240ead5bbe2cc2271e67b7e8281f3251e339f398dfb89f2e8b2ab47b0a03bcbd36048fc9d09c4fa3022799b0f045e934dfe43aa3b70637d86f2a7990d4d44e5871ec53a96198f73969e0129c575872862729a51de532f32b99975abf2bb03cb406ea0e64ecb7cd65802417c2d937f5b1261035477b9a02ba54a24593ff79bf1a8cc59fb59fdf78e76b50f14794694b24b8da05e80c9d4f06ec4a31207e4f5d86842f35a3cd9cc184571f1fadc0e2a4b1ef296b2197a6d4feed0337b0fcf58d2abcdc8483e3dec3e75f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 481b6a07a9424c1eaafef3cdf10f
+            Version: 3
+            TBS:
+                MD5: fd8cfeea06be14fa89689909e1fc72dc
+                SHA1: 8bc3cd2f70abe543e0dbe721065a4076c8521f36
+                SHA256: 15e7050789df807f3e3174294a01b637a1239f603e42f4b5db9398efa9da9996
+                SHA384: 8b9f95e6d3dd45e4ef38e2f12fb893d7d1bb1ba867e152e4a73c49b3d51dd52bc83a05982deac29af90436061248546d
+        -   Subject: ??=Private Organization, serialNumber=2147696, ??=US, ??=DELAWARE,
+                C=US, ST=CA, L=Irvine, ??=1770 Kettering, O=Marvin Test Solutions,
+                Inc., CN=Marvin Test Solutions, Inc.
+            ValidFrom: '2019-07-29 13:20:49'
+            ValidTo: '2022-07-29 13:20:49'
+            Signature: 278a08ea60d9c1c18b2b6f4f1913860edab3f46bc0945c57e099d37309bab4bbf99feec663d1dc2ef68152baa6e95b0da0e4fdb7793c2c7e779dd7206ad76432f28af41448200c079a9ffe26c8355134d71fb598f08e3864416a1925d5253f2344208a90d8b42790191581c112c3145e23fa979ec06f41cb559ad4e4d60cf549598f3746673c745a3a82e2525c9704adaa59d987ddf6a89641378a558686ca78f920cf1c975508f3943ff6df3aae70f9c5fb1db61134ad5b8d0f455e8483ad250403160b984a4fef6b0baed3cb129c953451c23a4bb9a37c762f286e8bb57049c50c4e06fb17e3fc2e6fcd4dffde6e3ee0ad173b19a9862bae7c921c8976344b
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 716ef836a8ceb23aeaf9174e
+            Version: 3
+            TBS:
+                MD5: c4e9591383494fbfb914aac72114934d
+                SHA1: 336fa67dfea049342c5b9ad622c30f97262c04fc
+                SHA256: b7347983521d490b380cc89242a926377785b57661f2b2332ab2750920e607d5
+                SHA384: 11ec2caeda9631792c0d7ea604db5ee96d697903e18addcc84d34e1c0257473a2c3007aa3a4568855997baf804495488
+        Signer:
+        -   SerialNumber: 716ef836a8ceb23aeaf9174e
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Extended Validation CodeSigning
+                CA , SHA256 , G3
+            Version: 1
+    Imphash: 91ee149529956a79a91eeb8c48f00b3d
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/5a03dc5a-115d-4d6f-b5b5-685f4c014a69.yaml b/yaml/5a03dc5a-115d-4d6f-b5b5-685f4c014a69.yaml
index 693e9b03b..362582e6d 100644
--- a/yaml/5a03dc5a-115d-4d6f-b5b5-685f4c014a69.yaml
+++ b/yaml/5a03dc5a-115d-4d6f-b5b5-685f4c014a69.yaml
@@ -1,540 +1,545 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 5a03dc5a-115d-4d6f-b5b5-685f4c014a69
+Tags:
+- sfdrvx64.sys
+Verified: 'TRUE'
 Author: Michael Haag
+Created: '2023-07-22'
+MitreID: T1068
 CVE:
 - ''
 Category: vulnerable drivers
 Commands:
-  Command: ''
-  Description: Confirmed vulnerable driver from Microsoft Block List
-  OperatingSystem: Windows
-  Privileges: kernel
-  Usecase: Elevate privileges
-Created: '2023-07-22'
-Detection:
-- type: ''
-  value: ''
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: 5a03dc5a-115d-4d6f-b5b5-685f4c014a69
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 3997557bc6175c3a3fa6e7a3abcd9161
-    SHA1: 7151719fbc8bc69bcbd601fc7f06f0965cc50d82
-    SHA256: 8f8956abdeb2a52be2cc514790a737a0ad39a9e698a77c1f358e77f1bf9f180b
-  Company: Almico Software
-  Copyright: "Copyright \xA9 Almico Software 2001-2011"
-  CreationTimestamp: '2011-03-18 10:08:46'
-  Date: ''
-  Description: SpeedFan x64 Driver
-  ExportedFunctions: ''
-  FileVersion: X2.01.07
-  Filename: ''
-  ImportedFunctions:
-  - ExAllocatePoolWithTag
-  - IoGetLowerDeviceObject
-  - IoBuildDeviceIoControlRequest
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - MmGetSystemRoutineAddress
-  - KeInitializeEvent
-  - RtlQueryRegistryValues
-  - IoIs32bitProcess
-  - MmUnmapIoSpace
-  - IoCancelIrp
-  - IoGetDeviceObjectPointer
-  - ExAllocatePool
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - IoGetDeviceAttachmentBaseRef
-  - KeWaitForSingleObject
-  - PsGetVersion
-  - IoGetDiskDeviceObject
-  - RtlCompareMemory
-  - ObfReferenceObject
-  - IoCreateSymbolicLink
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - IoEnumerateDeviceObjectList
-  - IoGetDeviceProperty
-  - DbgPrint
-  - IofCallDriver
-  - KeBugCheckEx
-  - RtlUnwindEx
-  Imports:
-  - ntoskrnl.exe
-  InternalName: sfdrvx64.sys
-  MD5: 12583af6cbe0050651eaf2723b3ad7b3
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: sfdrvx64.sys
-  PDBPath: ''
-  Product: SpeedFan
-  ProductVersion: X2.01.07
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 14282f6727c5e35f75b61f5088377f11
-    SHA1: 17ceaca75276d666ab96d685f491c84a126973d6
-    SHA256: e0a72a747093856158411f6645f02b721e1122c73d508e574ff1aea1fb2c79fd
-  SHA1: 74bb900754636b5f2d519a41a3b5505bc6201789
-  SHA256: 965d4f981b54669a96c5ab02d09bf0a9850d13862425b8981f1a9271350f28bb
-  Sections:
-    .text:
-      Entropy: 6.310540039060815
-      Virtual Size: '0x2c41'
-    .rdata:
-      Entropy: 4.459510602918384
-      Virtual Size: '0x2f4'
-    .data:
-      Entropy: 0.5159719988134768
-      Virtual Size: '0x110'
-    .pdata:
-      Entropy: 3.702267211779809
-      Virtual Size: '0xb4'
-    PAGE:
-      Entropy: 5.925039880811379
-      Virtual Size: '0xa76'
-    INIT:
-      Entropy: 5.665205221244955
-      Virtual Size: '0x642'
-    .rsrc:
-      Entropy: 3.301449537608998
-      Virtual Size: '0x3f8'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=IT, ST=Marche, L=Ancona, O=Sokno S.R.L., OU=Digital ID Class 3 ,
-        Microsoft Software Validation v2, OU=Software Development, CN=Sokno S.R.L.
-      ValidFrom: '2011-01-17 00:00:00'
-      ValidTo: '2012-01-17 23:59:59'
-      Signature: b396a37f2fb9e14df27dd96d28e595a5dc8393f79c1c5451fe80a40bf1b137f382f6cc19893e6bb8593ab5a791d0a8376b5c15f222ca18da6e98b795b91dc91905a5686cf774b2302bc2699b8e0948ab317b61661199a9434d3ac99de902ecc7917a876e6f2be824f6579f604e8a5ddfa346a48b80447601863ff2895272339a56fe6e1a4eadd5819322fc61d7b7f6bafa4c4100050db7dc28b8fee2b57569f7b84e0a75a7779246854ce23f119e6a7473ca567a4d00036fa0fda173c2416eecd7e75ceee28e6f4333b9cd10b176de0ded58198970cd627874e2d256daeb2e2c3f6f96c54b678eb3b5eee0cf35a81f7519e48f7515983c6b573bd52feecc5406
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 13aeb106771cc3a1bcef3513c2e03196
-      Version: 3
-      TBS:
-        MD5: 3ba7a92d9261090182e93029fbb8cb5f
-        SHA1: 909fd9f95fcd160634f33a56914a1177ee818e0d
-        SHA256: 85bbc71865ceb6cd1a1b3c5564db193364e7ca285f97573b5daae275412b9b79
-        SHA384: e5b1b724776ed2fbfa0d3cd1a183811da25ebeb8dc98451513321ba23efb1f6a3eb55d38d4b9f7ccaec17ca6ca4e5a68
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 13aeb106771cc3a1bcef3513c2e03196
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 9833f7dab4a59d51b04d2cf31656a0f6
-  LoadsDespiteHVCI: 'TRUE'
-- Authentihash:
-    MD5: 94749793f16989a1c2cc24a75f1559ac
-    SHA1: e26a1a3cd82ce6e58fb4252a0da2cc86236618b1
-    SHA256: d8ff25255202321bd00f7aa792800e1fb7aab506dca771a4a8e2cc1af265fa15
-  Company: Almico Software
-  Copyright: "Copyright \xA9 Almico Software 2001-2010"
-  CreationTimestamp: '2010-12-18 04:03:51'
-  Date: ''
-  Description: Speed Fan x64 Driver
-  ExportedFunctions: ''
-  FileVersion: X4.43.04
-  Filename: ''
-  ImportedFunctions:
-  - ExAllocatePoolWithTag
-  - IoGetLowerDeviceObject
-  - IoBuildDeviceIoControlRequest
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - MmGetSystemRoutineAddress
-  - KeInitializeEvent
-  - RtlQueryRegistryValues
-  - IoIs32bitProcess
-  - MmUnmapIoSpace
-  - IoCancelIrp
-  - IoGetDeviceObjectPointer
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - IoGetDeviceAttachmentBaseRef
-  - KeWaitForSingleObject
-  - PsGetVersion
-  - IoGetDiskDeviceObject
-  - ObfReferenceObject
-  - IoCreateSymbolicLink
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - IoEnumerateDeviceObjectList
-  - DbgPrint
-  - IofCallDriver
-  - KeBugCheckEx
-  - RtlUnwindEx
-  Imports:
-  - ntoskrnl.exe
-  InternalName: sfdrvx64.sys
-  MD5: 7455ed832a33fef453407f5411c3342d
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: sfdrvx64.sys
-  PDBPath: ''
-  Product: Speed Fan
-  ProductVersion: X4.43.04
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 825b8dd63f5e4e6be93b0e5db7910807
-    SHA1: 5445242f2ce7ccfda8ead34f42e555d81b89899a
-    SHA256: 25171eca9358b1fb78f39664ab9a00ec59d8b8e9979649d8251ab9998bd35701
-  SHA1: a5d7ea909df5ad14a0e6241c4036c1c97ec30aa9
-  SHA256: 88fb0a846f52c3b680c695cd349bf56151a53a75a07b8b0b4fe026ab8aa0a9af
-  Sections:
-    .text:
-      Entropy: 6.275909814730868
-      Virtual Size: '0x2521'
-    .rdata:
-      Entropy: 4.437390207622937
-      Virtual Size: '0x27c'
-    .data:
-      Entropy: 0.5159719988134768
-      Virtual Size: '0x110'
-    .pdata:
-      Entropy: 3.5825069080329555
-      Virtual Size: '0x84'
-    PAGE:
-      Entropy: 5.90834923753593
-      Virtual Size: '0xa66'
-    INIT:
-      Entropy: 5.6823059965117295
-      Virtual Size: '0x5ee'
-    .rsrc:
-      Entropy: 3.3165817359453325
-      Virtual Size: '0x3f8'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=IT, ST=Marche, L=Ancona, O=Sokno S.R.L., OU=Digital ID Class 3 ,
-        Microsoft Software Validation v2, OU=Software Development, CN=Sokno S.R.L.
-      ValidFrom: '2010-02-06 00:00:00'
-      ValidTo: '2011-02-11 23:59:59'
-      Signature: 4af5c78740fff4400227bf9855994728dc50952f5fbfca91e51daf991c11699fc4471de9aba215c56b166966a7a7faa933de560a7dc2f747b5050d8d21c2f49c7c44e40378b8b0cfe243eb0ca6a44afdda2d830de6e4a4402aafd96af9e0370dde4aa7076d2eec26e7f63a89ee80a6fa37b733dd9cfc107289ea7a37b0247922ca9f2da216ac3763e36358035284a87f9ca3207c0a1d56e972466efbefcca77179787c990266e4773c686ebe44c3e865280b1c9410d711bf4af210c4af8d606602a2616bc4ef864a4873d0b315a3e8a4b8d621295a37b6e51d79511656dbcadb92c59816dc1be44536352d1a6eec740ed3be6d988d8eed2419498fcb5ffe2a44
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 202ed4a0a58d3214998c9a2bed089580
-      Version: 3
-      TBS:
-        MD5: 55742be12a3eedd1220df04ce0bf919b
-        SHA1: e385f5f8c52ddad2a1f19e6d43a289e012e5f478
-        SHA256: 34213e50739ea1768a9bf3c3eed6dabbb5d8ab444636ec35f9d6c71a4c73863d
-        SHA384: eefa42b51c6c31c434858a27a4717af9c186e8850bc2aa49b92a4205f59f3fd329fa4b1911a08b17b137cf37c35aae6c
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 202ed4a0a58d3214998c9a2bed089580
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  Imphash: 0b19304edb04d5b178dd763d7cd04167
-  LoadsDespiteHVCI: 'TRUE'
-- Authentihash:
-    MD5: 79680d213f9c7a85a512b3d90e3f2e36
-    SHA1: 8fe08faea7bb2a8ba69014dd49ee44a3f8a2985c
-    SHA256: c09dfc18959fe51d3e5ca1500a94ab74faf0eb72040930e89cdbac653df9e816
-  Company: Almico Software
-  Copyright: "Copyright \xA9 Almico Software 2001-2013"
-  CreationTimestamp: '2012-12-29 13:59:35'
-  Date: ''
-  Description: SpeedFan x64 Driver
-  ExportedFunctions: ''
-  FileVersion: X2.03.11
-  Filename: ''
-  ImportedFunctions:
-  - ExAllocatePoolWithTag
-  - IoGetLowerDeviceObject
-  - IoBuildDeviceIoControlRequest
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - MmGetSystemRoutineAddress
-  - KeInitializeEvent
-  - RtlQueryRegistryValues
-  - IoIs32bitProcess
-  - MmUnmapIoSpace
-  - IoCancelIrp
-  - IoGetDeviceObjectPointer
-  - ExAllocatePool
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - IoGetDeviceAttachmentBaseRef
-  - KeWaitForSingleObject
-  - PsGetVersion
-  - IoGetDiskDeviceObject
-  - RtlCompareMemory
-  - ObfReferenceObject
-  - IoCreateSymbolicLink
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - IoEnumerateDeviceObjectList
-  - IoGetDeviceProperty
-  - DbgPrint
-  - IofCallDriver
-  - KeBugCheckEx
-  - RtlUnwindEx
-  Imports:
-  - ntoskrnl.exe
-  InternalName: sfdrvx64.sys
-  MD5: 0ffe35f0b0cd5a324bbe22f02569ae3b
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: sfdrvx64.sys
-  PDBPath: ''
-  Product: SpeedFan
-  ProductVersion: X2.03.11
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 14282f6727c5e35f75b61f5088377f11
-    SHA1: 17ceaca75276d666ab96d685f491c84a126973d6
-    SHA256: e0a72a747093856158411f6645f02b721e1122c73d508e574ff1aea1fb2c79fd
-  SHA1: 25789f290feba14f53d48f4d1a5003ec130f7d95
-  SHA256: f4ee803eefdb4eaeedb3024c3516f1f9a202c77f4870d6b74356bbde32b3b560
-  Sections:
-    .text:
-      Entropy: 6.311036525002312
-      Virtual Size: '0x2d51'
-    .rdata:
-      Entropy: 4.53674003294266
-      Virtual Size: '0x310'
-    .data:
-      Entropy: 0.5159719988134768
-      Virtual Size: '0x110'
-    .pdata:
-      Entropy: 3.690383453286534
-      Virtual Size: '0xc0'
-    PAGE:
-      Entropy: 5.985531981826166
-      Virtual Size: '0xc06'
-    INIT:
-      Entropy: 5.661556138214024
-      Virtual Size: '0x642'
-    .rsrc:
-      Entropy: 3.3121861943705873
-      Virtual Size: '0x3f8'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: OU=Timestamping CA, O=GlobalSign, CN=GlobalSign Timestamping CA
-      ValidFrom: '2009-03-18 11:00:00'
-      ValidTo: '2028-01-28 12:00:00'
-      Signature: 5df6cb2b0d0140849f857a43706ae0c5e7aa0600d76713c9089131654f14a8a905dc389e6aa0300abd8dc78028ee4245ca94f3de5845a9803204f5595c6a70003927944df5b44634e81c5331b2b35416e9cc42abd5d959301cfb462725b88723b1e8758824831ec876377b01494548a4ede25dd27c9ca2dc2dba105a126265abae00c710343bcb72bd14240cdcc37627b4a7fee15829f20e169f91391d89a6e60f1c878ce258ac927e243eaaec14e73a33348bc63bac83ab0f14627aba1a2d4d4b1bc530f00b92797d3c78e0f8e6d215965999392b3061e8b8f8c0a1e9221411787dc4dc89bec0bb94e172aeebb540404fef171e585ed0a88996ac9228e9babf
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012019c19066
-      Version: 3
-      TBS:
-        MD5: 42023b9487cafe46c1b6a49c369a362e
-        SHA1: 7c7b524d269334b9f073c32e888e09544c6acd98
-        SHA256: b7126567833f3daa4085ff41e73112daad3d1e3808a942c1936520e2d6c46c78
-        SHA384: 0ee4f63d6f157ec4f6990c3ebb411ccd76cb1e2123c7f692459e43f96c0da2dbf60a2bce6afeacc60621d3055028baea
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=BE, O=GlobalSign NV, CN=GlobalSign Time Stamping Authority
-      ValidFrom: '2009-12-21 09:32:56'
-      ValidTo: '2020-12-22 09:32:56'
-      Signature: bc89ecfee63655935c79d4117a86808f17b693b26d9b91a1561811c655eaf608edad9b9ef52b81c8bbdd607b1b47991e6d403e1d80c213d58e04052fdbe7ae529e688472a1e54a603cf89bd52f46d8c3b2b79353ac9b6c432424d1f1fce9562e3411581843eaefff34746ca0c06c7fad031969881e9560cabbbd0cbb76efc724b081c63831cf36ad0c38b89020849b2e8f28b99ff6ca9427cdac396157e0e3955a9c769230f5dea6973d721c2a6032a8334d8635338a5cf3a4fdf7062ce16b4b30f5cbd34362f841b9de7d20cb058c8e2cf65f35fd338d42896508362ca389f45a858bb0b97bdb6ccba1f8d20e1bbb977cd12779be9d7c3be6a75634d8c991a9
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 01000000000125b0b4cc01
-      Version: 3
-      TBS:
-        MD5: e3369c8e5aec0504b3a50455f615d9f9
-        SHA1: 13c244a894b40ecd18aaf97c362f20385bd005a7
-        SHA256: 26da721a670c72836926032fee6920118bfb9bff89cc8d0ce30d9452c33f2532
-        SHA384: 1524902f0e25addc6d74039d439366d2b06199e215004fd8e145369f50ea94a021ce6312e8a62b35470da0309ccb975c
-    - Subject: C=IT, ST=AN, L=Ancona, O=SOKNO S.R.L., OU=Software development, CN=SOKNO
-        S.R.L.
-      ValidFrom: '2012-01-23 11:31:42'
-      ValidTo: '2013-01-23 11:31:42'
-      Signature: 12db538df515e86a2fdf7a491c37cf868a49d272d18b2e31558ea2e2d4f0c4a24609a65dcc6af470994f183cb6cf31d5d486efbac82a49ff4c989abae0e12781ab507666c0a5eef221c92c944ff94912678a22800af588d70fec25bc5e562809f1a14f280429deedab4aedc7d722b74cb0caf26cc06a49fe9698917f43918f1d01c8f33e45605be1c2a1e3efa3ec6b51d0c8504651a2647bede351730a3d0b2df454b5bcd32ca3a3054ab0f32a4fa624c3857ed0bce29578d0141236ffe9d464679ad3ff4aa120bab73e7da7df39f1d41c1ab18704c7e23cdcfa3e687d7a0ce421800860b92ca47843bdccde80b821e21f6af5a64e1fb0c92d9f2d9138704529
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112195d7aa105e2ffc7b0e33f36da1636e74
-      Version: 3
-      TBS:
-        MD5: 84bc78b97f6e7688634c980ee0a78102
-        SHA1: 53a67d0f8677e0c85cc75c779ffe199fcff5df42
-        SHA256: 1d016faa85d7797373fe502c17c35461aff2f8f8fbec5a30f1871691820d5753
-        SHA384: d655b57f8805eb589506a3a1e7bc0cf4aa5d5c59b8d5f1f052991d9b6a6d37f8fc454ea3d6305bd46455e59ec3d2875f
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2011-04-15 19:55:08'
-      ValidTo: '2021-04-15 20:05:08'
-      Signature: 5ff8d065746a81c6a6ca5b03b6914ae84bbdef2ba142f0efb4a5adcd3389ec0b9585ac62501108aa58d25aa08310e5a6337af25af2c5fe787cf09c83df190ad97396002dd62ccde914d41d9de83f3c1a76f7904efb01350a6c9313a0c356eb67a0e4d17a96dec267f190f80a7bf5321b94ec5f751f8d1b34da6c58a7cb2d279e2226b7c9aa30cc0777b836e38201b5393ccc8dd9a75f7f23b3877fdb5798918bd7ce2520e39d644fdd87f72b68490318e0a5df7c5f68644d36838d4781f2e9e0a869abfa7b163c05a449ea8830190a6c73055178dfd41ddd3ad47f2de44e54be83431e7a7433b4a4ebd77073bc2a02988966eef6bc8f749378e329025a5a43e258ce7ccf9acad236893be25fda26054ec8d4e72c910e1797c5beee8b13112323294ffa83d050f6bafad53db3173df4ff034aa325dce67561d1fa35086bd62744d068b78d45e0eb852cc8a15d614474160e5958aed2b5eea5bcd6d7076ab62978fd976767dd8d4f17944fd2ed0caf972437c3a29c81da6be143b6577b4cecbf791319e79fe844e94781b75e701e91f83dd17b27f50b7056434805dda92fab86101d0b12e31ad04c6e75ded645b30b748887935c564a41029af7aeb799d8b67f88fa11f2457cf4d71b91c01cf1a0fbd4080a411a142acef4eb34486e66879ed54b7a397fbb0e3d3861cf735706e412066bd96b5308cd7018c22d4f974691bca9f0
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 6129152700000000002a
-      Version: 3
-      TBS:
-        MD5: 0bb058d116f02817737920f112d9fd3b
-        SHA1: fd116235171a4feafedee586b7a59185fb5fd7e6
-        SHA256: f970426cc46d2ae0fc5f899fa19dbe76e05f07e525654c60c3c9399492c291f4
-        SHA384: c0df876be008c26ca407fe904e6f5e7ccded17f9c16830ce9f8022309c9e64c97f494810f152811ae43e223b82ad7cc6
-    Signer:
-    - SerialNumber: 112195d7aa105e2ffc7b0e33f36da1636e74
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 9833f7dab4a59d51b04d2cf31656a0f6
-  LoadsDespiteHVCI: 'FALSE'
-MitreID: T1068
+    Command: ''
+    Description: Confirmed vulnerable driver from Microsoft Block List
+    OperatingSystem: Windows
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://gist.github.com/mgraeber-rc/1bde6a2a83237f17b463d051d32e802c
-Tags:
-- sfdrvx64.sys
-Verified: 'TRUE'
+Detection:
+-   type: ''
+    value: ''
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 3997557bc6175c3a3fa6e7a3abcd9161
+        SHA1: 7151719fbc8bc69bcbd601fc7f06f0965cc50d82
+        SHA256: 8f8956abdeb2a52be2cc514790a737a0ad39a9e698a77c1f358e77f1bf9f180b
+    Company: Almico Software
+    Copyright: "Copyright \xA9 Almico Software 2001-2011"
+    CreationTimestamp: '2011-03-18 10:08:46'
+    Date: ''
+    Description: SpeedFan x64 Driver
+    ExportedFunctions: ''
+    FileVersion: X2.01.07
+    Filename: ''
+    ImportedFunctions:
+    - ExAllocatePoolWithTag
+    - IoGetLowerDeviceObject
+    - IoBuildDeviceIoControlRequest
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - MmGetSystemRoutineAddress
+    - KeInitializeEvent
+    - RtlQueryRegistryValues
+    - IoIs32bitProcess
+    - MmUnmapIoSpace
+    - IoCancelIrp
+    - IoGetDeviceObjectPointer
+    - ExAllocatePool
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - IoGetDeviceAttachmentBaseRef
+    - KeWaitForSingleObject
+    - PsGetVersion
+    - IoGetDiskDeviceObject
+    - RtlCompareMemory
+    - ObfReferenceObject
+    - IoCreateSymbolicLink
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - IoEnumerateDeviceObjectList
+    - IoGetDeviceProperty
+    - DbgPrint
+    - IofCallDriver
+    - KeBugCheckEx
+    - RtlUnwindEx
+    Imports:
+    - ntoskrnl.exe
+    InternalName: sfdrvx64.sys
+    MD5: 12583af6cbe0050651eaf2723b3ad7b3
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: sfdrvx64.sys
+    PDBPath: ''
+    Product: SpeedFan
+    ProductVersion: X2.01.07
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 14282f6727c5e35f75b61f5088377f11
+        SHA1: 17ceaca75276d666ab96d685f491c84a126973d6
+        SHA256: e0a72a747093856158411f6645f02b721e1122c73d508e574ff1aea1fb2c79fd
+    SHA1: 74bb900754636b5f2d519a41a3b5505bc6201789
+    SHA256: 965d4f981b54669a96c5ab02d09bf0a9850d13862425b8981f1a9271350f28bb
+    Sections:
+        .text:
+            Entropy: 6.310540039060815
+            Virtual Size: '0x2c41'
+        .rdata:
+            Entropy: 4.459510602918384
+            Virtual Size: '0x2f4'
+        .data:
+            Entropy: 0.5159719988134768
+            Virtual Size: '0x110'
+        .pdata:
+            Entropy: 3.702267211779809
+            Virtual Size: '0xb4'
+        PAGE:
+            Entropy: 5.925039880811379
+            Virtual Size: '0xa76'
+        INIT:
+            Entropy: 5.665205221244955
+            Virtual Size: '0x642'
+        .rsrc:
+            Entropy: 3.301449537608998
+            Virtual Size: '0x3f8'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=IT, ST=Marche, L=Ancona, O=Sokno S.R.L., OU=Digital ID Class
+                3 , Microsoft Software Validation v2, OU=Software Development, CN=Sokno
+                S.R.L.
+            ValidFrom: '2011-01-17 00:00:00'
+            ValidTo: '2012-01-17 23:59:59'
+            Signature: b396a37f2fb9e14df27dd96d28e595a5dc8393f79c1c5451fe80a40bf1b137f382f6cc19893e6bb8593ab5a791d0a8376b5c15f222ca18da6e98b795b91dc91905a5686cf774b2302bc2699b8e0948ab317b61661199a9434d3ac99de902ecc7917a876e6f2be824f6579f604e8a5ddfa346a48b80447601863ff2895272339a56fe6e1a4eadd5819322fc61d7b7f6bafa4c4100050db7dc28b8fee2b57569f7b84e0a75a7779246854ce23f119e6a7473ca567a4d00036fa0fda173c2416eecd7e75ceee28e6f4333b9cd10b176de0ded58198970cd627874e2d256daeb2e2c3f6f96c54b678eb3b5eee0cf35a81f7519e48f7515983c6b573bd52feecc5406
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 13aeb106771cc3a1bcef3513c2e03196
+            Version: 3
+            TBS:
+                MD5: 3ba7a92d9261090182e93029fbb8cb5f
+                SHA1: 909fd9f95fcd160634f33a56914a1177ee818e0d
+                SHA256: 85bbc71865ceb6cd1a1b3c5564db193364e7ca285f97573b5daae275412b9b79
+                SHA384: e5b1b724776ed2fbfa0d3cd1a183811da25ebeb8dc98451513321ba23efb1f6a3eb55d38d4b9f7ccaec17ca6ca4e5a68
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 13aeb106771cc3a1bcef3513c2e03196
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 9833f7dab4a59d51b04d2cf31656a0f6
+    LoadsDespiteHVCI: 'TRUE'
+-   Authentihash:
+        MD5: 94749793f16989a1c2cc24a75f1559ac
+        SHA1: e26a1a3cd82ce6e58fb4252a0da2cc86236618b1
+        SHA256: d8ff25255202321bd00f7aa792800e1fb7aab506dca771a4a8e2cc1af265fa15
+    Company: Almico Software
+    Copyright: "Copyright \xA9 Almico Software 2001-2010"
+    CreationTimestamp: '2010-12-18 04:03:51'
+    Date: ''
+    Description: Speed Fan x64 Driver
+    ExportedFunctions: ''
+    FileVersion: X4.43.04
+    Filename: ''
+    ImportedFunctions:
+    - ExAllocatePoolWithTag
+    - IoGetLowerDeviceObject
+    - IoBuildDeviceIoControlRequest
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - MmGetSystemRoutineAddress
+    - KeInitializeEvent
+    - RtlQueryRegistryValues
+    - IoIs32bitProcess
+    - MmUnmapIoSpace
+    - IoCancelIrp
+    - IoGetDeviceObjectPointer
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - IoGetDeviceAttachmentBaseRef
+    - KeWaitForSingleObject
+    - PsGetVersion
+    - IoGetDiskDeviceObject
+    - ObfReferenceObject
+    - IoCreateSymbolicLink
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - IoEnumerateDeviceObjectList
+    - DbgPrint
+    - IofCallDriver
+    - KeBugCheckEx
+    - RtlUnwindEx
+    Imports:
+    - ntoskrnl.exe
+    InternalName: sfdrvx64.sys
+    MD5: 7455ed832a33fef453407f5411c3342d
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: sfdrvx64.sys
+    PDBPath: ''
+    Product: Speed Fan
+    ProductVersion: X4.43.04
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 825b8dd63f5e4e6be93b0e5db7910807
+        SHA1: 5445242f2ce7ccfda8ead34f42e555d81b89899a
+        SHA256: 25171eca9358b1fb78f39664ab9a00ec59d8b8e9979649d8251ab9998bd35701
+    SHA1: a5d7ea909df5ad14a0e6241c4036c1c97ec30aa9
+    SHA256: 88fb0a846f52c3b680c695cd349bf56151a53a75a07b8b0b4fe026ab8aa0a9af
+    Sections:
+        .text:
+            Entropy: 6.275909814730868
+            Virtual Size: '0x2521'
+        .rdata:
+            Entropy: 4.437390207622937
+            Virtual Size: '0x27c'
+        .data:
+            Entropy: 0.5159719988134768
+            Virtual Size: '0x110'
+        .pdata:
+            Entropy: 3.5825069080329555
+            Virtual Size: '0x84'
+        PAGE:
+            Entropy: 5.90834923753593
+            Virtual Size: '0xa66'
+        INIT:
+            Entropy: 5.6823059965117295
+            Virtual Size: '0x5ee'
+        .rsrc:
+            Entropy: 3.3165817359453325
+            Virtual Size: '0x3f8'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        -   Subject: C=IT, ST=Marche, L=Ancona, O=Sokno S.R.L., OU=Digital ID Class
+                3 , Microsoft Software Validation v2, OU=Software Development, CN=Sokno
+                S.R.L.
+            ValidFrom: '2010-02-06 00:00:00'
+            ValidTo: '2011-02-11 23:59:59'
+            Signature: 4af5c78740fff4400227bf9855994728dc50952f5fbfca91e51daf991c11699fc4471de9aba215c56b166966a7a7faa933de560a7dc2f747b5050d8d21c2f49c7c44e40378b8b0cfe243eb0ca6a44afdda2d830de6e4a4402aafd96af9e0370dde4aa7076d2eec26e7f63a89ee80a6fa37b733dd9cfc107289ea7a37b0247922ca9f2da216ac3763e36358035284a87f9ca3207c0a1d56e972466efbefcca77179787c990266e4773c686ebe44c3e865280b1c9410d711bf4af210c4af8d606602a2616bc4ef864a4873d0b315a3e8a4b8d621295a37b6e51d79511656dbcadb92c59816dc1be44536352d1a6eec740ed3be6d988d8eed2419498fcb5ffe2a44
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 202ed4a0a58d3214998c9a2bed089580
+            Version: 3
+            TBS:
+                MD5: 55742be12a3eedd1220df04ce0bf919b
+                SHA1: e385f5f8c52ddad2a1f19e6d43a289e012e5f478
+                SHA256: 34213e50739ea1768a9bf3c3eed6dabbb5d8ab444636ec35f9d6c71a4c73863d
+                SHA384: eefa42b51c6c31c434858a27a4717af9c186e8850bc2aa49b92a4205f59f3fd329fa4b1911a08b17b137cf37c35aae6c
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 202ed4a0a58d3214998c9a2bed089580
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    Imphash: 0b19304edb04d5b178dd763d7cd04167
+    LoadsDespiteHVCI: 'TRUE'
+-   Authentihash:
+        MD5: 79680d213f9c7a85a512b3d90e3f2e36
+        SHA1: 8fe08faea7bb2a8ba69014dd49ee44a3f8a2985c
+        SHA256: c09dfc18959fe51d3e5ca1500a94ab74faf0eb72040930e89cdbac653df9e816
+    Company: Almico Software
+    Copyright: "Copyright \xA9 Almico Software 2001-2013"
+    CreationTimestamp: '2012-12-29 13:59:35'
+    Date: ''
+    Description: SpeedFan x64 Driver
+    ExportedFunctions: ''
+    FileVersion: X2.03.11
+    Filename: ''
+    ImportedFunctions:
+    - ExAllocatePoolWithTag
+    - IoGetLowerDeviceObject
+    - IoBuildDeviceIoControlRequest
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - MmGetSystemRoutineAddress
+    - KeInitializeEvent
+    - RtlQueryRegistryValues
+    - IoIs32bitProcess
+    - MmUnmapIoSpace
+    - IoCancelIrp
+    - IoGetDeviceObjectPointer
+    - ExAllocatePool
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - IoGetDeviceAttachmentBaseRef
+    - KeWaitForSingleObject
+    - PsGetVersion
+    - IoGetDiskDeviceObject
+    - RtlCompareMemory
+    - ObfReferenceObject
+    - IoCreateSymbolicLink
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - IoEnumerateDeviceObjectList
+    - IoGetDeviceProperty
+    - DbgPrint
+    - IofCallDriver
+    - KeBugCheckEx
+    - RtlUnwindEx
+    Imports:
+    - ntoskrnl.exe
+    InternalName: sfdrvx64.sys
+    MD5: 0ffe35f0b0cd5a324bbe22f02569ae3b
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: sfdrvx64.sys
+    PDBPath: ''
+    Product: SpeedFan
+    ProductVersion: X2.03.11
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 14282f6727c5e35f75b61f5088377f11
+        SHA1: 17ceaca75276d666ab96d685f491c84a126973d6
+        SHA256: e0a72a747093856158411f6645f02b721e1122c73d508e574ff1aea1fb2c79fd
+    SHA1: 25789f290feba14f53d48f4d1a5003ec130f7d95
+    SHA256: f4ee803eefdb4eaeedb3024c3516f1f9a202c77f4870d6b74356bbde32b3b560
+    Sections:
+        .text:
+            Entropy: 6.311036525002312
+            Virtual Size: '0x2d51'
+        .rdata:
+            Entropy: 4.53674003294266
+            Virtual Size: '0x310'
+        .data:
+            Entropy: 0.5159719988134768
+            Virtual Size: '0x110'
+        .pdata:
+            Entropy: 3.690383453286534
+            Virtual Size: '0xc0'
+        PAGE:
+            Entropy: 5.985531981826166
+            Virtual Size: '0xc06'
+        INIT:
+            Entropy: 5.661556138214024
+            Virtual Size: '0x642'
+        .rsrc:
+            Entropy: 3.3121861943705873
+            Virtual Size: '0x3f8'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: OU=Timestamping CA, O=GlobalSign, CN=GlobalSign Timestamping
+                CA
+            ValidFrom: '2009-03-18 11:00:00'
+            ValidTo: '2028-01-28 12:00:00'
+            Signature: 5df6cb2b0d0140849f857a43706ae0c5e7aa0600d76713c9089131654f14a8a905dc389e6aa0300abd8dc78028ee4245ca94f3de5845a9803204f5595c6a70003927944df5b44634e81c5331b2b35416e9cc42abd5d959301cfb462725b88723b1e8758824831ec876377b01494548a4ede25dd27c9ca2dc2dba105a126265abae00c710343bcb72bd14240cdcc37627b4a7fee15829f20e169f91391d89a6e60f1c878ce258ac927e243eaaec14e73a33348bc63bac83ab0f14627aba1a2d4d4b1bc530f00b92797d3c78e0f8e6d215965999392b3061e8b8f8c0a1e9221411787dc4dc89bec0bb94e172aeebb540404fef171e585ed0a88996ac9228e9babf
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012019c19066
+            Version: 3
+            TBS:
+                MD5: 42023b9487cafe46c1b6a49c369a362e
+                SHA1: 7c7b524d269334b9f073c32e888e09544c6acd98
+                SHA256: b7126567833f3daa4085ff41e73112daad3d1e3808a942c1936520e2d6c46c78
+                SHA384: 0ee4f63d6f157ec4f6990c3ebb411ccd76cb1e2123c7f692459e43f96c0da2dbf60a2bce6afeacc60621d3055028baea
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=BE, O=GlobalSign NV, CN=GlobalSign Time Stamping Authority
+            ValidFrom: '2009-12-21 09:32:56'
+            ValidTo: '2020-12-22 09:32:56'
+            Signature: bc89ecfee63655935c79d4117a86808f17b693b26d9b91a1561811c655eaf608edad9b9ef52b81c8bbdd607b1b47991e6d403e1d80c213d58e04052fdbe7ae529e688472a1e54a603cf89bd52f46d8c3b2b79353ac9b6c432424d1f1fce9562e3411581843eaefff34746ca0c06c7fad031969881e9560cabbbd0cbb76efc724b081c63831cf36ad0c38b89020849b2e8f28b99ff6ca9427cdac396157e0e3955a9c769230f5dea6973d721c2a6032a8334d8635338a5cf3a4fdf7062ce16b4b30f5cbd34362f841b9de7d20cb058c8e2cf65f35fd338d42896508362ca389f45a858bb0b97bdb6ccba1f8d20e1bbb977cd12779be9d7c3be6a75634d8c991a9
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 01000000000125b0b4cc01
+            Version: 3
+            TBS:
+                MD5: e3369c8e5aec0504b3a50455f615d9f9
+                SHA1: 13c244a894b40ecd18aaf97c362f20385bd005a7
+                SHA256: 26da721a670c72836926032fee6920118bfb9bff89cc8d0ce30d9452c33f2532
+                SHA384: 1524902f0e25addc6d74039d439366d2b06199e215004fd8e145369f50ea94a021ce6312e8a62b35470da0309ccb975c
+        -   Subject: C=IT, ST=AN, L=Ancona, O=SOKNO S.R.L., OU=Software development,
+                CN=SOKNO S.R.L.
+            ValidFrom: '2012-01-23 11:31:42'
+            ValidTo: '2013-01-23 11:31:42'
+            Signature: 12db538df515e86a2fdf7a491c37cf868a49d272d18b2e31558ea2e2d4f0c4a24609a65dcc6af470994f183cb6cf31d5d486efbac82a49ff4c989abae0e12781ab507666c0a5eef221c92c944ff94912678a22800af588d70fec25bc5e562809f1a14f280429deedab4aedc7d722b74cb0caf26cc06a49fe9698917f43918f1d01c8f33e45605be1c2a1e3efa3ec6b51d0c8504651a2647bede351730a3d0b2df454b5bcd32ca3a3054ab0f32a4fa624c3857ed0bce29578d0141236ffe9d464679ad3ff4aa120bab73e7da7df39f1d41c1ab18704c7e23cdcfa3e687d7a0ce421800860b92ca47843bdccde80b821e21f6af5a64e1fb0c92d9f2d9138704529
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112195d7aa105e2ffc7b0e33f36da1636e74
+            Version: 3
+            TBS:
+                MD5: 84bc78b97f6e7688634c980ee0a78102
+                SHA1: 53a67d0f8677e0c85cc75c779ffe199fcff5df42
+                SHA256: 1d016faa85d7797373fe502c17c35461aff2f8f8fbec5a30f1871691820d5753
+                SHA384: d655b57f8805eb589506a3a1e7bc0cf4aa5d5c59b8d5f1f052991d9b6a6d37f8fc454ea3d6305bd46455e59ec3d2875f
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2011-04-15 19:55:08'
+            ValidTo: '2021-04-15 20:05:08'
+            Signature: 5ff8d065746a81c6a6ca5b03b6914ae84bbdef2ba142f0efb4a5adcd3389ec0b9585ac62501108aa58d25aa08310e5a6337af25af2c5fe787cf09c83df190ad97396002dd62ccde914d41d9de83f3c1a76f7904efb01350a6c9313a0c356eb67a0e4d17a96dec267f190f80a7bf5321b94ec5f751f8d1b34da6c58a7cb2d279e2226b7c9aa30cc0777b836e38201b5393ccc8dd9a75f7f23b3877fdb5798918bd7ce2520e39d644fdd87f72b68490318e0a5df7c5f68644d36838d4781f2e9e0a869abfa7b163c05a449ea8830190a6c73055178dfd41ddd3ad47f2de44e54be83431e7a7433b4a4ebd77073bc2a02988966eef6bc8f749378e329025a5a43e258ce7ccf9acad236893be25fda26054ec8d4e72c910e1797c5beee8b13112323294ffa83d050f6bafad53db3173df4ff034aa325dce67561d1fa35086bd62744d068b78d45e0eb852cc8a15d614474160e5958aed2b5eea5bcd6d7076ab62978fd976767dd8d4f17944fd2ed0caf972437c3a29c81da6be143b6577b4cecbf791319e79fe844e94781b75e701e91f83dd17b27f50b7056434805dda92fab86101d0b12e31ad04c6e75ded645b30b748887935c564a41029af7aeb799d8b67f88fa11f2457cf4d71b91c01cf1a0fbd4080a411a142acef4eb34486e66879ed54b7a397fbb0e3d3861cf735706e412066bd96b5308cd7018c22d4f974691bca9f0
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 6129152700000000002a
+            Version: 3
+            TBS:
+                MD5: 0bb058d116f02817737920f112d9fd3b
+                SHA1: fd116235171a4feafedee586b7a59185fb5fd7e6
+                SHA256: f970426cc46d2ae0fc5f899fa19dbe76e05f07e525654c60c3c9399492c291f4
+                SHA384: c0df876be008c26ca407fe904e6f5e7ccded17f9c16830ce9f8022309c9e64c97f494810f152811ae43e223b82ad7cc6
+        Signer:
+        -   SerialNumber: 112195d7aa105e2ffc7b0e33f36da1636e74
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 9833f7dab4a59d51b04d2cf31656a0f6
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/5ad8a3b6-6d20-4c95-8fa7-9a507167ba3c.yaml b/yaml/5ad8a3b6-6d20-4c95-8fa7-9a507167ba3c.yaml
index f1fb6eaf1..f65822402 100644
--- a/yaml/5ad8a3b6-6d20-4c95-8fa7-9a507167ba3c.yaml
+++ b/yaml/5ad8a3b6-6d20-4c95-8fa7-9a507167ba3c.yaml
@@ -1,5477 +1,5494 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 5ad8a3b6-6d20-4c95-8fa7-9a507167ba3c
+Tags:
+- netfilter2.sys
+Verified: 'TRUE'
 Author: Michael Haag
+Created: '2023-07-22'
+MitreID: T1068
 CVE:
 - ''
 Category: vulnerable drivers
 Commands:
-  Command: ''
-  Description: Confirmed vulnerable driver from Microsoft Block List
-  OperatingSystem: Windows
-  Privileges: kernel
-  Usecase: Elevate privileges
-Created: '2023-07-22'
-Detection:
-- type: ''
-  value: ''
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: 5ad8a3b6-6d20-4c95-8fa7-9a507167ba3c
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: b2d0111f81238f6e6e6513cf7625a19f
-    SHA1: 8a50e81d6e6c45410bf13f95b1a67cada8c82221
-    SHA256: 5b9623da9ba8e5c80c49473f40ffe7ad315dcadffc3230afdc9d9226d60a715a
-  Company: "\u5B8F\u56FE\u65E0\u5FE7"
-  Copyright: "Copyright \xA9 wyjsq.com"
-  CreationTimestamp: '2019-05-24 14:59:14'
-  Date: ''
-  Description: WYJSQ WFP Driver (WPP)
-  ExportedFunctions: ''
-  FileVersion: 1.5.7.8
-  Filename: ''
-  ImportedFunctions:
-  - FwpmTransactionCommit0
-  - FwpmTransactionAbort0
-  - FwpmProviderAdd0
-  - FwpmProviderContextDeleteByKey0
-  - FwpmSubLayerAdd0
-  - FwpmSubLayerDeleteByKey0
-  - FwpmSubLayerCreateEnumHandle0
-  - FwpmSubLayerEnum0
-  - FwpmSubLayerDestroyEnumHandle0
-  - FwpmCalloutAdd0
-  - FwpmFilterAdd0
-  - FwpsFlowAbort0
-  - FwpsInjectionHandleCreate0
-  - FwpsInjectionHandleDestroy0
-  - FwpsAllocateNetBufferAndNetBufferList0
-  - FwpsFreeNetBufferList0
-  - FwpmTransactionBegin0
-  - FwpsInjectNetworkSendAsync0
-  - FwpsConstructIpHeaderForTransportPacket0
-  - FwpsInjectTransportSendAsync0
-  - FwpsInjectTransportReceiveAsync0
-  - FwpsInjectNetworkReceiveAsync0
-  - FwpsStreamInjectAsync0
-  - FwpsCopyStreamDataToBuffer0
-  - FwpmBfeStateGet0
-  - FwpmBfeStateSubscribeChanges0
-  - FwpmBfeStateUnsubscribeChanges0
-  - FwpsFlowRemoveContext0
-  - FwpsCompleteClassify0
-  - FwpsRedirectHandleDestroy0
-  - FwpsCloneStreamData0
-  - FwpsDiscardClonedStreamData0
-  - FwpmEngineClose0
-  - FwpmEngineOpen0
-  - FwpmFreeMemory0
-  - FwpsRedirectHandleCreate0
-  - FwpsQueryPacketInjectionState0
-  - FwpsApplyModifiedLayerData0
-  - FwpsAcquireWritableLayerDataPointer0
-  - FwpsReleaseClassifyHandle0
-  - FwpsFlowAssociateContext0
-  - FwpsAcquireClassifyHandle0
-  - FwpsPendClassify0
-  - FwpsCalloutUnregisterByKey0
-  - FwpsCalloutRegister1
-  - FwpsFreeCloneNetBufferList0
-  - NdisAllocateNetBufferListPool
-  - NdisWaitEvent
-  - NdisInitializeEvent
-  - NdisFreeGenericObject
-  - NdisAllocateGenericObject
-  - NdisGetDataBuffer
-  - NdisAdvanceNetBufferDataStart
-  - NdisRetreatNetBufferDataStart
-  - NdisFreeNetBufferListPool
-  - memset
-  - RtlInitUnicodeString
-  - MmGetSystemRoutineAddress
-  - RtlAppendUnicodeToString
-  - RtlCreateSecurityDescriptor
-  - RtlSetDaclSecurityDescriptor
-  - KeInitializeEvent
-  - KeSetEvent
-  - KeWaitForSingleObject
-  - KeInitializeSpinLock
-  - ExFreePoolWithTag
-  - InterlockedPopEntrySList
-  - InterlockedPushEntrySList
-  - ExInitializeNPagedLookasideList
-  - ExDeleteNPagedLookasideList
-  - MmBuildMdlForNonPagedPool
-  - MmMapLockedPagesSpecifyCache
-  - MmUnmapLockedPages
-  - MmAllocatePagesForMdl
-  - MmFreePagesFromMdl
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - IoAllocateMdl
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - IoFreeMdl
-  - IoReleaseCancelSpinLock
-  - ObReferenceObjectByHandle
-  - ObfDereferenceObject
-  - ZwClose
-  - ZwOpenKey
-  - ZwQueryValueKey
-  - PsGetCurrentProcessId
-  - ZwSetInformationThread
-  - RtlLengthSid
-  - RtlCreateAcl
-  - RtlAddAccessAllowedAce
-  - PsLookupProcessByProcessId
-  - ObOpenObjectByPointer
-  - ZwSetSecurityObject
-  - SeExports
-  - KeQuerySystemTime
-  - _allmul
-  - _aulldiv
-  - _aullrem
-  - RtlUnwind
-  - memcpy
-  - swprintf_s
-  - ExUuidCreate
-  - ExAllocatePoolWithTag
-  - KeReleaseInStackQueuedSpinLock
-  - KeGetCurrentIrql
-  - KeAcquireInStackQueuedSpinLock
-  Imports:
-  - fwpkclnt.sys
-  - NDIS.SYS
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: netfilter2.sys
-  MD5: 0c1a4b584106cca4edce5d04c89eef67
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: netfilter2.sys
-  PDBPath: ''
-  Product: "\u65E0\u5FE7\u52A0\u901F\u5668"
-  ProductVersion: 6.2.9200.20557
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 5b7b715c6161f0c21973651546138a54
-    SHA1: 1d8e5160350b5cfcef52a4f49404c7302e5b5abf
-    SHA256: 737a8bf726624e5e3f3babfce98b9060b7d72412c0bdd28ca3dec0b9d2241817
-  SHA1: 916fb0eb154d7db937cbf91078ad7925cc9f5698
-  SHA256: f1718a005232d1261894b798a60c73d971416359b70d0e545d7e7a40ed742b71
-  Sections:
-    .text:
-      Entropy: 6.219528043270956
-      Virtual Size: '0xe68c'
-    .rdata:
-      Entropy: 4.354573229141703
-      Virtual Size: '0x888'
-    .data:
-      Entropy: 2.6492270643158737
-      Virtual Size: '0xe80'
-    INIT:
-      Entropy: 5.595170881684956
-      Virtual Size: '0xd38'
-    .rsrc:
-      Entropy: 3.67529466716183
-      Virtual Size: '0x480'
-    .reloc:
-      Entropy: 6.663300510398413
-      Virtual Size: '0x1210'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: C=CN, ST=, L=, O=, CN=
-      ValidFrom: '2019-06-27 00:00:00'
-      ValidTo: '2020-06-30 12:00:00'
-      Signature: 03dde89129103227d1e3b60f8112561b8b40ba165d1c9d6867aa730429a5534bb8fd6f9883704c5d2ddc938bbb8477a37ea3e01ecc696079a283e4d2534ca96b5049034c454324abf188ab6536ba0ee6e6f1f194a23363d9198eb829cf68834cd952074413bd9711e39037d0ecdba6ec2c7e2c7b46946c4ebea4ee1b84b7cb6582826da8eeafc5d1e9daf8f777480a7507017a6c485b25d94df9546c4ad4ebba85d79ce89422571b2e03557ba2b0396c4bacb5262e51cde8fe9c46d1f0e5e414757f53f5aded921c117f8c7bcf8caa4acc00b120c7a0a48ea84bd618e65c867d74367ab9f3285929c4f98e587f3620bb066906ffe450a911ded794c508f656a7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 09450b8f73ea43e39d2cdd56049dbe40
-      Version: 3
-      TBS:
-        MD5: bcfecc67375f580ac6eadd789860b1f8
-        SHA1: 3fa9cf13a1816a6e358bb1ca12e050662bc2e178
-        SHA256: fbb627aabbe2b2dbfdddfbad14392049b0d76f8d9679f3d550333b84b20320df
-        SHA384: d496c3920c3ab14a3c79e9bd41351912f045ea3b42ba9ec0cb0b1f778d1178174a831fe89848a8226957f2b6f079f01d
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
-      Version: 3
-      TBS:
-        MD5: 829995f702421dea833a24fb2c7f4442
-        SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
-        SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
-        SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 09450b8f73ea43e39d2cdd56049dbe40
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      Version: 1
-  Imphash: e8ab88dbb86b32acd650b5e269135ad9
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 3361957860d2b65c0368778ca088946f
-    SHA1: 6a784d45517142c11d5cca3ff9956b2ed6eaf4c9
-    SHA256: e94e8a87459db56837d1c58f9854794aa99f36566a9ded9b398be9d4d3a2c2af
-  Company: Windows (R) Win 7 DDK provider
-  Copyright: "Copyright \xA9 NetFilterSDK.com"
-  CreationTimestamp: '2020-09-15 00:54:41'
-  Date: ''
-  Description: NetFilter SDK WFP Driver (WPP)
-  ExportedFunctions: ''
-  FileVersion: 1.5.9.7
-  Filename: ''
-  ImportedFunctions:
-  - FwpmFreeMemory0
-  - FwpmEngineOpen0
-  - FwpmEngineClose0
-  - FwpmTransactionBegin0
-  - FwpmTransactionCommit0
-  - FwpmTransactionAbort0
-  - FwpmProviderAdd0
-  - FwpmProviderContextDeleteByKey0
-  - FwpmSubLayerAdd0
-  - FwpmSubLayerDeleteByKey0
-  - FwpmSubLayerCreateEnumHandle0
-  - FwpmSubLayerEnum0
-  - FwpmSubLayerDestroyEnumHandle0
-  - FwpmCalloutAdd0
-  - FwpmFilterAdd0
-  - FwpsFlowAbort0
-  - FwpsInjectionHandleCreate0
-  - FwpsInjectionHandleDestroy0
-  - FwpsRedirectHandleCreate0
-  - FwpsFreeNetBufferList0
-  - FwpsFreeCloneNetBufferList0
-  - FwpsInjectNetworkSendAsync0
-  - FwpsConstructIpHeaderForTransportPacket0
-  - FwpsInjectTransportSendAsync0
-  - FwpsInjectTransportReceiveAsync0
-  - FwpsInjectNetworkReceiveAsync0
-  - FwpsStreamInjectAsync0
-  - FwpsCopyStreamDataToBuffer0
-  - FwpmBfeStateGet0
-  - FwpmBfeStateSubscribeChanges0
-  - FwpmBfeStateUnsubscribeChanges0
-  - FwpsFlowRemoveContext0
-  - FwpsCompleteClassify0
-  - FwpsRedirectHandleDestroy0
-  - FwpsCloneStreamData0
-  - FwpsDiscardClonedStreamData0
-  - FwpsQueryPacketInjectionState0
-  - FwpsApplyModifiedLayerData0
-  - FwpsAcquireWritableLayerDataPointer0
-  - FwpsReleaseClassifyHandle0
-  - FwpsAcquireClassifyHandle0
-  - FwpsFlowAssociateContext0
-  - FwpsCalloutUnregisterByKey0
-  - FwpsCalloutRegister1
-  - FwpsPendClassify0
-  - FwpsAllocateNetBufferAndNetBufferList0
-  - NdisFreeNetBufferListPool
-  - NdisAllocateNetBufferListPool
-  - NdisWaitEvent
-  - NdisInitializeEvent
-  - NdisFreeGenericObject
-  - NdisAllocateGenericObject
-  - NdisGetDataBuffer
-  - NdisAdvanceNetBufferDataStart
-  - NdisRetreatNetBufferDataStart
-  - KeAcquireInStackQueuedSpinLock
-  - KeReleaseInStackQueuedSpinLock
-  - ExAllocatePoolWithTag
-  - ExUuidCreate
-  - swprintf_s
-  - RtlInitUnicodeString
-  - MmGetSystemRoutineAddress
-  - RtlAppendUnicodeToString
-  - RtlCreateSecurityDescriptor
-  - RtlSetDaclSecurityDescriptor
-  - KeInitializeEvent
-  - KeSetEvent
-  - KeWaitForSingleObject
-  - KeInitializeSpinLock
-  - ExFreePoolWithTag
-  - ExQueryDepthSList
-  - ExpInterlockedPopEntrySList
-  - ExpInterlockedPushEntrySList
-  - ExInitializeNPagedLookasideList
-  - ExDeleteNPagedLookasideList
-  - MmBuildMdlForNonPagedPool
-  - MmMapLockedPagesSpecifyCache
-  - MmUnmapLockedPages
-  - MmAllocatePagesForMdl
-  - MmFreePagesFromMdl
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - IoAllocateMdl
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - IoFreeMdl
-  - IoReleaseCancelSpinLock
-  - ObReferenceObjectByHandle
-  - ObfDereferenceObject
-  - ZwClose
-  - ZwOpenKey
-  - ZwQueryValueKey
-  - PsGetCurrentProcessId
-  - ZwSetInformationThread
-  - RtlLengthSid
-  - RtlCreateAcl
-  - RtlAddAccessAllowedAce
-  - PsLookupProcessByProcessId
-  - ObOpenObjectByPointer
-  - ZwSetSecurityObject
-  - __C_specific_handler
-  - SeExports
-  - RtlGetVersion
-  - RtlCompareMemory
-  - RtlValidSid
-  Imports:
-  - fwpkclnt.sys
-  - NDIS.SYS
-  - ntoskrnl.exe
-  InternalName: netfilter2.sys
-  MD5: 724c7d404a7c182084c6f6c2d20e9e05
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: netfilter2.sys
-  PDBPath: ''
-  Product: Windows (R) Win 7 DDK driver
-  ProductVersion: 6.2.9200.20557
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: c646eed94ec9e75c1a5498d3642cdab3
-    SHA1: 0d0761641e424cc895ba76723784427fcf297f4a
-    SHA256: 7cecb42d3d4ae8649f3b4714fbab29c4cef8e24a48b0eea2537824fc40f4ea7f
-  SHA1: ac056610db0b5f616aafacdc565d9b9f95870e60
-  SHA256: 71701c5c569ef67391c995a12b21ca06935b7799ed211d978f7877115c58dce0
-  Sections:
-    .text:
-      Entropy: 6.150053710509848
-      Virtual Size: '0x1019a'
-    .rdata:
-      Entropy: 4.871173021345663
-      Virtual Size: '0x1ddc'
-    .data:
-      Entropy: 2.2005364202433433
-      Virtual Size: '0x18c0'
-    .pdata:
-      Entropy: 5.031237899973202
-      Virtual Size: '0xe40'
-    INIT:
-      Entropy: 5.179921200293236
-      Virtual Size: '0xeca'
-    .rsrc:
-      Entropy: 3.5922103150308553
-      Virtual Size: '0x448'
-    .reloc:
-      Entropy: 3.7790472033993128
-      Virtual Size: '0x228'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Hardware Compatibility Publisher
-      ValidFrom: '2020-03-11 17:31:14'
-      ValidTo: '2021-03-05 17:31:14'
-      Signature: 7dfc7c353c4c04d9d06066e1ca8584637192eb15d1d6e7c5521b0d819d615fb56524985d30535b0573fb8e0d13173d51b27bd23b9a2052738891d67ed360766452b62c4566eb20c90f018229a8e951bf58df5a7d731c1e51217f471d470979f04e900920bfc8715122b331d82f68f73ebf3de36e09d18fbfed2f3c29190a41baafbca0025bf4e36310a04cb8e61c32fda677820aa693a7f5e69d3c3abdb495b12bb8b6d10f65d44fae945d9b0fcf695d4711fc9e1c0ddb1f569c13093e16c389f748d8fe60e8685f02357464564761db4cece391baa742f3ad3bcfa26e01975966ca41939c832bf1147bec870162ce042fd0cf10d048181ec573d317f2c5de21512f13b24de9bac9bb83fc2ceb4f6f766536fe38c03ede1f8b0a3b8828e8d914d73d0a17699ab20264a27a36e0f77c5144cf470bf44d2296290e345bd25c0bc6a08dd963ec39ce0e500599751c652dc20e9906c1ce76c1d86c09058ae8defb3d7b93b68a34ca83a981a30c2403723f7e5c664b1e951050002ad32e976db221c2d8c660047dc6acfe0da16d44c6372a5cd04b016a35193f841b903ba87e2d6e416a2c59469af9f16e249bb891f21ec22f2db0a84a48d7a9e43d2f7e3bdd016d600f57daf21829885ec035287ab332c32738f5e26c6d2502b2f044afb1e048c85c7c9baf76747de14ecdeca3c7481796a741672a047f89dafe2c12c01982a026c4
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 330000003a6ae333708fda7a7b00000000003a
-      Version: 3
-      TBS:
-        MD5: 6f5d716e7151f1c173396adb7213359e
-        SHA1: 100610baae90027e9844a8e9c4d489fe122ecd9c
-        SHA256: 677d532777cee24be88442efec75e9640e80ef57d8e1246396459a1a04be733f
-        SHA384: 35d397c22426b9c4c486fa5dd36c089209ab77026e981bd353ffbf060f54fd98f2afe9b45dd64c20614a5d5627b8dd0c
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2014
-      ValidFrom: '2014-10-15 20:31:27'
-      ValidTo: '2029-10-15 20:41:27'
-      Signature: 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 330000000d690d5d7893d076df00000000000d
-      Version: 3
-      TBS:
-        MD5: 83f69422963f11c3c340b81712eef319
-        SHA1: 0c5e5f24590b53bc291e28583acb78e5adc95601
-        SHA256: d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
-        SHA384: 260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63
-    Signer:
-    - SerialNumber: 330000003a6ae333708fda7a7b00000000003a
-      Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2014
-      Version: 1
-  Imphash: c3658b106f146a18ba9b6e5c7bacfe9b
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 6d4517e6348130fe55f11bfd630d857f
-    SHA1: 60a632e4b838731aad553650d6bc8af3d3d80b26
-    SHA256: 8168304169a2453c0c3e0a285c2a07d3b3b83433e0342f6b33400c371af86221
-  Company: Windows (R) Win 7 DDK provider
-  Copyright: "Copyright \xA9 NetFilterSDK.com"
-  CreationTimestamp: '2020-09-15 00:54:17'
-  Date: ''
-  Description: NetFilter SDK WFP Driver (WPP)
-  ExportedFunctions: ''
-  FileVersion: '1.5.9.7 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - memcpy
-  - RtlValidSid
-  - IoFreeMdl
-  - RtlUnwind
-  - KeBugCheckEx
-  - RtlCompareMemory
-  - KeTickCount
-  - _allmul
-  - _aulldiv
-  - KeQuerySystemTime
-  - ExUuidCreate
-  - swprintf_s
-  - KeInitializeEvent
-  - PsCreateSystemThread
-  - ZwSetInformationThread
-  - ObReferenceObjectByHandle
-  - RtlAppendUnicodeToString
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - PsTerminateSystemThread
-  - MmGetSystemRoutineAddress
-  - PsLookupProcessByProcessId
-  - IoAllocateMdl
-  - MmBuildMdlForNonPagedPool
-  - IoReleaseCancelSpinLock
-  - PsGetCurrentProcessId
-  - IofCompleteRequest
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - KeWaitForSingleObject
-  - ObfDereferenceObject
-  - MmAllocatePagesForMdl
-  - MmMapLockedPagesSpecifyCache
-  - MmFreePagesFromMdl
-  - MmUnmapLockedPages
-  - KeSetEvent
-  - ObOpenObjectByPointer
-  - RtlLengthSid
-  - SeExports
-  - RtlCreateAcl
-  - RtlAddAccessAllowedAce
-  - RtlCreateSecurityDescriptor
-  - RtlSetDaclSecurityDescriptor
-  - ZwSetSecurityObject
-  - ZwQueryValueKey
-  - ExDeleteNPagedLookasideList
-  - ExInitializeNPagedLookasideList
-  - InterlockedPushEntrySList
-  - InterlockedPopEntrySList
-  - _aullrem
-  - ExFreePoolWithTag
-  - memset
-  - ExAllocatePoolWithTag
-  - RtlInitUnicodeString
-  - ZwOpenKey
-  - ZwClose
-  - KeReleaseInStackQueuedSpinLock
-  - KeGetCurrentIrql
-  - KeAcquireInStackQueuedSpinLock
-  - FwpsStreamInjectAsync0
-  - FwpmEngineOpen0
-  - FwpmProviderAdd0
-  - FwpmSubLayerDeleteByKey0
-  - FwpmProviderContextDeleteByKey0
-  - FwpsAcquireClassifyHandle0
-  - FwpsQueryPacketInjectionState0
-  - FwpsFlowAssociateContext0
-  - FwpmSubLayerAdd0
-  - FwpmSubLayerCreateEnumHandle0
-  - FwpmFreeMemory0
-  - FwpmSubLayerEnum0
-  - FwpmSubLayerDestroyEnumHandle0
-  - FwpmCalloutAdd0
-  - FwpmFilterAdd0
-  - FwpmTransactionBegin0
-  - FwpmEngineClose0
-  - FwpmTransactionCommit0
-  - FwpmTransactionAbort0
-  - FwpsCalloutRegister1
-  - FwpsCalloutUnregisterByKey0
-  - FwpsPendClassify0
-  - FwpsInjectionHandleCreate0
-  - FwpsCopyStreamDataToBuffer0
-  - FwpsInjectNetworkReceiveAsync0
-  - FwpsAcquireWritableLayerDataPointer0
-  - FwpsApplyModifiedLayerData0
-  - FwpsAllocateNetBufferAndNetBufferList0
-  - FwpsInjectTransportSendAsync0
-  - FwpsConstructIpHeaderForTransportPacket0
-  - FwpsInjectNetworkSendAsync0
-  - FwpsInjectTransportReceiveAsync0
-  - FwpsFreeCloneNetBufferList0
-  - FwpsInjectionHandleDestroy0
-  - FwpsFlowRemoveContext0
-  - FwpsCloneStreamData0
-  - FwpsCompleteClassify0
-  - FwpsReleaseClassifyHandle0
-  - FwpsDiscardClonedStreamData0
-  - FwpsFreeNetBufferList0
-  - FwpmBfeStateGet0
-  - FwpmBfeStateSubscribeChanges0
-  - FwpmBfeStateUnsubscribeChanges0
-  - NdisFreeGenericObject
-  - NdisInitializeEvent
-  - NdisFreeNetBufferListPool
-  - NdisGetDataBuffer
-  - NdisAdvanceNetBufferDataStart
-  - NdisRetreatNetBufferDataStart
-  - NdisAllocateNetBufferListPool
-  - NdisAllocateGenericObject
-  - NdisWaitEvent
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  - fwpkclnt.sys
-  - NDIS.SYS
-  InternalName: netfilter2.sys
-  MD5: c6dcf97b669be21dffd4e96aecec3066
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: netfilter2.sys
-  PDBPath: ''
-  Product: Windows (R) Win 7 DDK driver
-  ProductVersion: 6.1.7600.16385
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 4c93d23c41f384b75bda01c7ace495d8
-    SHA1: 28695a10b02de9e1ce2d2b70c463f5d3bbaeaf4c
-    SHA256: 4049be109d3e76b72f97f3faab4a4456933bce7ec4593342fd7046ca2bae226e
-  SHA1: 06b52ba103412f4ab49fac7129129c10570fd6fd
-  SHA256: 47e35f474f259314c588af35e88561a015801b52db523eb75fc7eccff8b3be4d
-  Sections:
-    .text:
-      Entropy: 6.467856349257126
-      Virtual Size: '0xb6d0'
-    .rdata:
-      Entropy: 4.408465659438351
-      Virtual Size: '0x8e0'
-    .data:
-      Entropy: 3.1025085790331026
-      Virtual Size: '0xfa4'
-    INIT:
-      Entropy: 5.518016943716045
-      Virtual Size: '0xd34'
-    .rsrc:
-      Entropy: 3.4014320333561083
-      Virtual Size: '0x3e0'
-    .reloc:
-      Entropy: 6.603171661071898
-      Virtual Size: '0xce2'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=IN, ST=Rajasthan, L=Jaipur, O=SYSTWEAK SOFTWARE PVT. LTD., CN=SYSTWEAK
-        SOFTWARE PVT. LTD.
-      ValidFrom: '2020-07-03 00:00:00'
-      ValidTo: '2021-09-01 23:59:59'
-      Signature: 658280479fe306aab0994dc8906bc888a766f0a7cdf8b6e0f6008bee7672c4e903d8433af6a9b719a6089420404c164022d367e638da20898cfc10d30970a527a88fbb47ad4c50c44c14028ee1618992c921ac6c2fd07222d6751dba49b2c55b118de67b36d8cd7aa3e217f3a9d23ed2ad9c089d396ae12ed4b3d0fa3cf699c874f21001dcd68d2d8e11ea0d80c3721c7a961ab416dbf6351b81ba036b22b25c739614aa9c724555082c0c61d8600bbf5067132ae87773a8eace86519881e9dd89651a6dde6ab0a36e328e38d243e71ffb5dcbc287c163189c254950c1758d7e765b6d51460d94b6c0b8d185b687d3b4b686f0e5615df352747a1b5c3b1a1072
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 4b51e8986bf2670974fecc6dad020f19
-      Version: 3
-      TBS:
-        MD5: 0538926e1c7f1fcaee6540250d010840
-        SHA1: 59887d34eaaa74baf151589daef69b2b6f2d9b55
-        SHA256: b52255871658ceb663a52576f271ee86d661c2594fc3aa93bbf62ce8a8c77428
-        SHA384: ee73f9b450bfdd14f4ff8c141b4a40342f93f8ca16539ecd86c7c1fc6f13943c23dcfcb01db81d518e9d1a93bf4060f9
-    - Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 SHA256 Code Signing CA
-      ValidFrom: '2013-12-10 00:00:00'
-      ValidTo: '2023-12-09 23:59:59'
-      Signature: 13851a1e69a937f7a0bda4af7e1d6153fe9d8c5e0ca6751e781723ddfdec1a035539fb7195c7655aa78e30d2445a61db706fda2105c22e73ba49f1d193fe5dc9cd5e03e0899e3f741ed7f7388ba9d6cfbb352f3358a89256d1c84d3b82e6798416fc28b0b147f31da23eee87d9a67fa456a53fad842e29de7cbca8aaa33d0401eaba93a20e502229174c87e43a115fd6a425899b056b2fb4c9014c277b0bac190522a060153fdac9fb4d4c8ffb726777fd2794c7ba350e8849fe8dfd28af4a12bd0db39705de440c15fa362b03dcc15001f1a1115d14e5e2bd274b54be2b845e0fa6c374050aef97c38922b11f77f3bdcd43d4f14ca93fb58b84af64f2d01421
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 3d78d7f9764960b2617df4f01eca862a
-      Version: 3
-      TBS:
-        MD5: 1f056ff7d5f874984dc605402b7cb042
-        SHA1: bdb348353a2203deb4b767914fa1bd7248dd728b
-        SHA256: a08e79c386083d875014c409c13d144e0a24386132980df11ff59737c8489eb1
-        SHA384: fa2729064b49e0d77540c1ee95d5f74acaf8eaf55197851a3a40383335f8113e51190bc48b552196edf8ac5cf0c89278
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    Signer:
-    - SerialNumber: 4b51e8986bf2670974fecc6dad020f19
-      Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 SHA256 Code Signing CA
-      Version: 1
-  Imphash: fc1af6fcd96ae15019c6cbe9015709d3
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 6d4517e6348130fe55f11bfd630d857f
-    SHA1: 60a632e4b838731aad553650d6bc8af3d3d80b26
-    SHA256: 8168304169a2453c0c3e0a285c2a07d3b3b83433e0342f6b33400c371af86221
-  Company: Windows (R) Win 7 DDK provider
-  Copyright: "Copyright \xA9 NetFilterSDK.com"
-  CreationTimestamp: '2020-09-15 00:54:17'
-  Date: ''
-  Description: NetFilter SDK WFP Driver (WPP)
-  ExportedFunctions: ''
-  FileVersion: '1.5.9.7 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - memcpy
-  - RtlValidSid
-  - IoFreeMdl
-  - RtlUnwind
-  - KeBugCheckEx
-  - RtlCompareMemory
-  - KeTickCount
-  - _allmul
-  - _aulldiv
-  - KeQuerySystemTime
-  - ExUuidCreate
-  - swprintf_s
-  - KeInitializeEvent
-  - PsCreateSystemThread
-  - ZwSetInformationThread
-  - ObReferenceObjectByHandle
-  - RtlAppendUnicodeToString
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - PsTerminateSystemThread
-  - MmGetSystemRoutineAddress
-  - PsLookupProcessByProcessId
-  - IoAllocateMdl
-  - MmBuildMdlForNonPagedPool
-  - IoReleaseCancelSpinLock
-  - PsGetCurrentProcessId
-  - IofCompleteRequest
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - KeWaitForSingleObject
-  - ObfDereferenceObject
-  - MmAllocatePagesForMdl
-  - MmMapLockedPagesSpecifyCache
-  - MmFreePagesFromMdl
-  - MmUnmapLockedPages
-  - KeSetEvent
-  - ObOpenObjectByPointer
-  - RtlLengthSid
-  - SeExports
-  - RtlCreateAcl
-  - RtlAddAccessAllowedAce
-  - RtlCreateSecurityDescriptor
-  - RtlSetDaclSecurityDescriptor
-  - ZwSetSecurityObject
-  - ZwQueryValueKey
-  - ExDeleteNPagedLookasideList
-  - ExInitializeNPagedLookasideList
-  - InterlockedPushEntrySList
-  - InterlockedPopEntrySList
-  - _aullrem
-  - ExFreePoolWithTag
-  - memset
-  - ExAllocatePoolWithTag
-  - RtlInitUnicodeString
-  - ZwOpenKey
-  - ZwClose
-  - KeReleaseInStackQueuedSpinLock
-  - KeGetCurrentIrql
-  - KeAcquireInStackQueuedSpinLock
-  - FwpsStreamInjectAsync0
-  - FwpmEngineOpen0
-  - FwpmProviderAdd0
-  - FwpmSubLayerDeleteByKey0
-  - FwpmProviderContextDeleteByKey0
-  - FwpsAcquireClassifyHandle0
-  - FwpsQueryPacketInjectionState0
-  - FwpsFlowAssociateContext0
-  - FwpmSubLayerAdd0
-  - FwpmSubLayerCreateEnumHandle0
-  - FwpmFreeMemory0
-  - FwpmSubLayerEnum0
-  - FwpmSubLayerDestroyEnumHandle0
-  - FwpmCalloutAdd0
-  - FwpmFilterAdd0
-  - FwpmTransactionBegin0
-  - FwpmEngineClose0
-  - FwpmTransactionCommit0
-  - FwpmTransactionAbort0
-  - FwpsCalloutRegister1
-  - FwpsCalloutUnregisterByKey0
-  - FwpsPendClassify0
-  - FwpsInjectionHandleCreate0
-  - FwpsCopyStreamDataToBuffer0
-  - FwpsInjectNetworkReceiveAsync0
-  - FwpsAcquireWritableLayerDataPointer0
-  - FwpsApplyModifiedLayerData0
-  - FwpsAllocateNetBufferAndNetBufferList0
-  - FwpsInjectTransportSendAsync0
-  - FwpsConstructIpHeaderForTransportPacket0
-  - FwpsInjectNetworkSendAsync0
-  - FwpsInjectTransportReceiveAsync0
-  - FwpsFreeCloneNetBufferList0
-  - FwpsInjectionHandleDestroy0
-  - FwpsFlowRemoveContext0
-  - FwpsCloneStreamData0
-  - FwpsCompleteClassify0
-  - FwpsReleaseClassifyHandle0
-  - FwpsDiscardClonedStreamData0
-  - FwpsFreeNetBufferList0
-  - FwpmBfeStateGet0
-  - FwpmBfeStateSubscribeChanges0
-  - FwpmBfeStateUnsubscribeChanges0
-  - NdisFreeGenericObject
-  - NdisInitializeEvent
-  - NdisFreeNetBufferListPool
-  - NdisGetDataBuffer
-  - NdisAdvanceNetBufferDataStart
-  - NdisRetreatNetBufferDataStart
-  - NdisAllocateNetBufferListPool
-  - NdisAllocateGenericObject
-  - NdisWaitEvent
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  - fwpkclnt.sys
-  - NDIS.SYS
-  InternalName: netfilter2.sys
-  MD5: e9e4b27f98eb15dcfc01837e7816ad67
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: netfilter2.sys
-  PDBPath: ''
-  Product: Windows (R) Win 7 DDK driver
-  ProductVersion: 6.1.7600.16385
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 4c93d23c41f384b75bda01c7ace495d8
-    SHA1: 28695a10b02de9e1ce2d2b70c463f5d3bbaeaf4c
-    SHA256: 4049be109d3e76b72f97f3faab4a4456933bce7ec4593342fd7046ca2bae226e
-  SHA1: a3698922e9850404da1888beebb3f70ae3f8d62e
-  SHA256: 0eace788e09c8d3f793a1fad94d35bcfd233f0777873412cd0c8172865562eec
-  Sections:
-    .text:
-      Entropy: 6.467856349257126
-      Virtual Size: '0xb6d0'
-    .rdata:
-      Entropy: 4.408465659438351
-      Virtual Size: '0x8e0'
-    .data:
-      Entropy: 3.1025085790331026
-      Virtual Size: '0xfa4'
-    INIT:
-      Entropy: 5.518016943716045
-      Virtual Size: '0xd34'
-    .rsrc:
-      Entropy: 3.4014320333561083
-      Virtual Size: '0x3e0'
-    .reloc:
-      Entropy: 6.603171661071898
-      Virtual Size: '0xce2'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: ??=CN, ??=, ??=, ??=Private Organization, serialNumber=91420100MA49KFRB44,
-        C=CN, ST=, L=, O=, CN=
-      ValidFrom: '2020-10-26 00:00:00'
-      ValidTo: '2022-10-27 23:59:59'
-      Signature: 79197d1bcfcf1e9bad9b6e106ff984000ed506986e884b44056fe05b8ea34d36f5b368551ee2848e3a9f55caad769e641dfb27e2a7182ceaf33b7b7a96a0f0ee966cb67377c2ceebdb72e7672079721ebfe265f3f3e95aa080d0f53fbf70b810e6af342243e6d7af74a9c9e0cec31200ab074e500ef8f8d11541d3409ee0a42835e8a6ce2b19385a2738d00b8e31f874c41e5cea3e30bee081840a3c83ad3aba7aff0240caacc839c0bdab5448d3376f3d7360eb77ba366cb7e3364f638ba48b37e82f03baa20868717f6c58a0175dd5417d1670e97c8dc8b6b021e39f5ce087b63a6de6f46968d7ee37135d40b309b56c12e314b46cd74a51638196a2e02e1c
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0108cbaee60728f5bf06e45a56d6f170
-      Version: 3
-      TBS:
-        MD5: 4e8398340fdf2c302ef881776b4626e7
-        SHA1: 483073cdc5b9b560c2d5aa80b62fa184ae4467ba
-        SHA256: b9d8daa31a25a3c525aa5cb844ced8da586540f20dc0a004209c598a56b95401
-        SHA384: 7c7d3a1f5042fca415289ad926b2826a85551195994fa8e8398f747a63672ed1c9196be485f0c2da9fa6801c170518f4
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA
-      ValidFrom: '2012-04-18 12:00:00'
-      ValidTo: '2027-04-18 12:00:00'
-      Signature: 9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0dd0e3374ac95bdbfa6b434b2a48ec06
-      Version: 3
-      TBS:
-        MD5: f92649915476229b093c211c2b18e6c4
-        SHA1: 2d54c16a8f8b69ccdea48d0603c132f547a5cf75
-        SHA256: 2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
-        SHA384: 511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 0108cbaee60728f5bf06e45a56d6f170
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA
-      Version: 1
-  Imphash: fc1af6fcd96ae15019c6cbe9015709d3
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: ddbb824860937add7c0f86c5df993d3a
-    SHA1: 03f0dd3124ec3a4bb6d30865a488f54e74ded699
-    SHA256: dfaefd06b680f9ea837e7815fc1cc7d1f4cc375641ac850667ab20739f46ad22
-  Company: "\u5B8F\u56FE\u65E0\u5FE7"
-  Copyright: "Copyright \xA9 wyjsq.com"
-  CreationTimestamp: '2019-06-10 08:45:55'
-  Date: ''
-  Description: WYJSQ TDI Hook Driver (WPP)
-  ExportedFunctions: ''
-  FileVersion: '1.4.9.5 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - KeReleaseSpinLock
-  - KeAcquireSpinLockRaiseToDpc
-  - IoDeleteSymbolicLink
-  - PsLookupProcessByProcessId
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - MmGetSystemRoutineAddress
-  - ZwClose
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - ObOpenObjectByPointer
-  - IofCallDriver
-  - IoDetachDevice
-  - IoBuildDeviceIoControlRequest
-  - RtlDowncaseUnicodeString
-  - KeInitializeEvent
-  - MmBuildMdlForNonPagedPool
-  - IoFreeMdl
-  - KeInsertQueueDpc
-  - KeWaitForSingleObject
-  - PsGetCurrentProcessId
-  - IoAllocateMdl
-  - ExFreePoolWithTag
-  - IoFreeIrp
-  - IoReleaseCancelSpinLock
-  - MmMapLockedPagesSpecifyCache
-  - IoAllocateIrp
-  - KeInitializeTimer
-  - RtlAppendUnicodeToString
-  - KeInitializeDpc
-  - IoGetDeviceObjectPointer
-  - IoAttachDeviceToDeviceStack
-  - KeSetTimer
-  - ObfReferenceObject
-  - MmFreePagesFromMdl
-  - MmUnmapLockedPages
-  - MmAllocatePagesForMdl
-  - RtlCreateAcl
-  - RtlSetDaclSecurityDescriptor
-  - RtlAddAccessAllowedAce
-  - ZwQueryValueKey
-  - ZwSetSecurityObject
-  - SeExports
-  - RtlLengthSid
-  - RtlCreateSecurityDescriptor
-  - ZwOpenKey
-  - KeBugCheckEx
-  - ObReferenceObjectByHandle
-  - ExAllocatePoolWithTag
-  - __C_specific_handler
-  - TdiMapUserRequest
-  Imports:
-  - ntoskrnl.exe
-  - TDI.SYS
-  InternalName: netfilter2.sys
-  MD5: 6088826a0114f777e486ff093a8d4150
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: netfilter2.sys
-  PDBPath: ''
-  Product: "\u65E0\u5FE7\u52A0\u901F\u5668\u9A71\u52A8\u6587\u4EF6"
-  ProductVersion: 1.5.8.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: a8cfc1c4c595dbd9909445a5e7ed9a54
-    SHA1: 93a8f9bf4e4c8886fc1d435828ab6706d11cfdf9
-    SHA256: dd65f865e9c50e9dde3584d90f0927d21042665aa375918708b4792861041072
-  SHA1: abce61b428d48fabdb8ddfff4d61d2f1edac0128
-  SHA256: 18b923b169b2c3c7db5cbfda0db0999f04adb2cf6c917e5b1fb2ff04714ecac1
-  Sections:
-    .text:
-      Entropy: 6.179201826106955
-      Virtual Size: '0x10102'
-    .rdata:
-      Entropy: 5.090786112456744
-      Virtual Size: '0x1d0c'
-    .data:
-      Entropy: 0.30140680731160896
-      Virtual Size: '0x19f0'
-    .pdata:
-      Entropy: 5.089722001786172
-      Virtual Size: '0x11c4'
-    INIT:
-      Entropy: 5.207307453400592
-      Virtual Size: '0x6fa'
-    .rsrc:
-      Entropy: 3.5406326624657645
-      Virtual Size: '0x418'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: C=CN, ST=, L=, O=, CN=
-      ValidFrom: '2019-06-27 00:00:00'
-      ValidTo: '2020-06-30 12:00:00'
-      Signature: 03dde89129103227d1e3b60f8112561b8b40ba165d1c9d6867aa730429a5534bb8fd6f9883704c5d2ddc938bbb8477a37ea3e01ecc696079a283e4d2534ca96b5049034c454324abf188ab6536ba0ee6e6f1f194a23363d9198eb829cf68834cd952074413bd9711e39037d0ecdba6ec2c7e2c7b46946c4ebea4ee1b84b7cb6582826da8eeafc5d1e9daf8f777480a7507017a6c485b25d94df9546c4ad4ebba85d79ce89422571b2e03557ba2b0396c4bacb5262e51cde8fe9c46d1f0e5e414757f53f5aded921c117f8c7bcf8caa4acc00b120c7a0a48ea84bd618e65c867d74367ab9f3285929c4f98e587f3620bb066906ffe450a911ded794c508f656a7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 09450b8f73ea43e39d2cdd56049dbe40
-      Version: 3
-      TBS:
-        MD5: bcfecc67375f580ac6eadd789860b1f8
-        SHA1: 3fa9cf13a1816a6e358bb1ca12e050662bc2e178
-        SHA256: fbb627aabbe2b2dbfdddfbad14392049b0d76f8d9679f3d550333b84b20320df
-        SHA384: d496c3920c3ab14a3c79e9bd41351912f045ea3b42ba9ec0cb0b1f778d1178174a831fe89848a8226957f2b6f079f01d
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
-      Version: 3
-      TBS:
-        MD5: 829995f702421dea833a24fb2c7f4442
-        SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
-        SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
-        SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 09450b8f73ea43e39d2cdd56049dbe40
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      Version: 1
-  Imphash: 55ef49522fb4f4b2667521ff4804a19a
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: ddbb824860937add7c0f86c5df993d3a
-    SHA1: 03f0dd3124ec3a4bb6d30865a488f54e74ded699
-    SHA256: dfaefd06b680f9ea837e7815fc1cc7d1f4cc375641ac850667ab20739f46ad22
-  Company: "\u5B8F\u56FE\u65E0\u5FE7"
-  Copyright: "Copyright \xA9 wyjsq.com"
-  CreationTimestamp: '2019-06-10 08:45:55'
-  Date: ''
-  Description: WYJSQ TDI Hook Driver (WPP)
-  ExportedFunctions: ''
-  FileVersion: '1.4.9.5 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - KeReleaseSpinLock
-  - KeAcquireSpinLockRaiseToDpc
-  - IoDeleteSymbolicLink
-  - PsLookupProcessByProcessId
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - MmGetSystemRoutineAddress
-  - ZwClose
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - ObOpenObjectByPointer
-  - IofCallDriver
-  - IoDetachDevice
-  - IoBuildDeviceIoControlRequest
-  - RtlDowncaseUnicodeString
-  - KeInitializeEvent
-  - MmBuildMdlForNonPagedPool
-  - IoFreeMdl
-  - KeInsertQueueDpc
-  - KeWaitForSingleObject
-  - PsGetCurrentProcessId
-  - IoAllocateMdl
-  - ExFreePoolWithTag
-  - IoFreeIrp
-  - IoReleaseCancelSpinLock
-  - MmMapLockedPagesSpecifyCache
-  - IoAllocateIrp
-  - KeInitializeTimer
-  - RtlAppendUnicodeToString
-  - KeInitializeDpc
-  - IoGetDeviceObjectPointer
-  - IoAttachDeviceToDeviceStack
-  - KeSetTimer
-  - ObfReferenceObject
-  - MmFreePagesFromMdl
-  - MmUnmapLockedPages
-  - MmAllocatePagesForMdl
-  - RtlCreateAcl
-  - RtlSetDaclSecurityDescriptor
-  - RtlAddAccessAllowedAce
-  - ZwQueryValueKey
-  - ZwSetSecurityObject
-  - SeExports
-  - RtlLengthSid
-  - RtlCreateSecurityDescriptor
-  - ZwOpenKey
-  - KeBugCheckEx
-  - ObReferenceObjectByHandle
-  - ExAllocatePoolWithTag
-  - __C_specific_handler
-  - TdiMapUserRequest
-  Imports:
-  - ntoskrnl.exe
-  - TDI.SYS
-  InternalName: netfilter2.sys
-  MD5: c56a3a74019e2304af8c19e8e17dd9d3
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: netfilter2.sys
-  PDBPath: ''
-  Product: "\u65E0\u5FE7\u52A0\u901F\u5668\u9A71\u52A8\u6587\u4EF6"
-  ProductVersion: 1.5.8.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: a8cfc1c4c595dbd9909445a5e7ed9a54
-    SHA1: 93a8f9bf4e4c8886fc1d435828ab6706d11cfdf9
-    SHA256: dd65f865e9c50e9dde3584d90f0927d21042665aa375918708b4792861041072
-  SHA1: 91f693850d7e42ae135e07eae6940e0f58dc4de7
-  SHA256: edc6e32e3545f859e5b49ece1cabd13623122c1f03a2f7454a61034b3ff577ed
-  Sections:
-    .text:
-      Entropy: 6.179201826106955
-      Virtual Size: '0x10102'
-    .rdata:
-      Entropy: 5.090786112456744
-      Virtual Size: '0x1d0c'
-    .data:
-      Entropy: 0.30140680731160896
-      Virtual Size: '0x19f0'
-    .pdata:
-      Entropy: 5.089722001786172
-      Virtual Size: '0x11c4'
-    INIT:
-      Entropy: 5.207307453400592
-      Virtual Size: '0x6fa'
-    .rsrc:
-      Entropy: 3.5406326624657645
-      Virtual Size: '0x418'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: C=CN, ST=, L=, O=, CN=
-      ValidFrom: '2019-06-27 00:00:00'
-      ValidTo: '2020-06-30 12:00:00'
-      Signature: 03dde89129103227d1e3b60f8112561b8b40ba165d1c9d6867aa730429a5534bb8fd6f9883704c5d2ddc938bbb8477a37ea3e01ecc696079a283e4d2534ca96b5049034c454324abf188ab6536ba0ee6e6f1f194a23363d9198eb829cf68834cd952074413bd9711e39037d0ecdba6ec2c7e2c7b46946c4ebea4ee1b84b7cb6582826da8eeafc5d1e9daf8f777480a7507017a6c485b25d94df9546c4ad4ebba85d79ce89422571b2e03557ba2b0396c4bacb5262e51cde8fe9c46d1f0e5e414757f53f5aded921c117f8c7bcf8caa4acc00b120c7a0a48ea84bd618e65c867d74367ab9f3285929c4f98e587f3620bb066906ffe450a911ded794c508f656a7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 09450b8f73ea43e39d2cdd56049dbe40
-      Version: 3
-      TBS:
-        MD5: bcfecc67375f580ac6eadd789860b1f8
-        SHA1: 3fa9cf13a1816a6e358bb1ca12e050662bc2e178
-        SHA256: fbb627aabbe2b2dbfdddfbad14392049b0d76f8d9679f3d550333b84b20320df
-        SHA384: d496c3920c3ab14a3c79e9bd41351912f045ea3b42ba9ec0cb0b1f778d1178174a831fe89848a8226957f2b6f079f01d
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
-      Version: 3
-      TBS:
-        MD5: 829995f702421dea833a24fb2c7f4442
-        SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
-        SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
-        SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 09450b8f73ea43e39d2cdd56049dbe40
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      Version: 1
-  Imphash: 55ef49522fb4f4b2667521ff4804a19a
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: b42afd5a5225094c7943185e769bc995
-    SHA1: 22c5e127e7e7c567d8624607a6f8f5809deacb55
-    SHA256: de6bf572d39e2611773e7a01f0388f84fb25da6cba2f1f8b9b36ffba467de6fa
-  Company: "\u5B8F\u56FE\u65E0\u5FE7"
-  Copyright: "Copyright \xA9 wyjsq.com"
-  CreationTimestamp: '2019-06-10 08:45:52'
-  Date: ''
-  Description: WYJSQ TDI Hook Driver (WPP)
-  ExportedFunctions: ''
-  FileVersion: '1.4.9.5 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - IoDeleteSymbolicLink
-  - IofCompleteRequest
-  - ZwClose
-  - ObfDereferenceObject
-  - ObOpenObjectByPointer
-  - PsLookupProcessByProcessId
-  - MmGetSystemRoutineAddress
-  - RtlInitUnicodeString
-  - IoDetachDevice
-  - IofCallDriver
-  - IoFreeMdl
-  - memcpy
-  - MmBuildMdlForNonPagedPool
-  - IoBuildDeviceIoControlRequest
-  - IoAllocateMdl
-  - RtlDowncaseUnicodeString
-  - PsGetCurrentProcessId
-  - KeWaitForSingleObject
-  - KeInitializeEvent
-  - KeInsertQueueDpc
-  - IoReleaseCancelSpinLock
-  - ObReferenceObjectByHandle
-  - IoDeleteDevice
-  - MmMapLockedPagesSpecifyCache
-  - IoAllocateIrp
-  - KeInitializeTimer
-  - KeInitializeDpc
-  - RtlAppendUnicodeToString
-  - IoAttachDeviceToDeviceStack
-  - IoGetDeviceObjectPointer
-  - ObfReferenceObject
-  - KeSetTimer
-  - MmFreePagesFromMdl
-  - MmUnmapLockedPages
-  - MmAllocatePagesForMdl
-  - ZwQueryValueKey
-  - ZwOpenKey
-  - ZwSetSecurityObject
-  - RtlSetDaclSecurityDescriptor
-  - RtlCreateSecurityDescriptor
-  - RtlAddAccessAllowedAce
-  - RtlCreateAcl
-  - RtlLengthSid
-  - SeExports
-  - KeTickCount
-  - KeBugCheckEx
-  - _aullrem
-  - ExFreePoolWithTag
-  - memset
-  - IoFreeIrp
-  - ExAllocatePoolWithTag
-  - RtlUnwind
-  - KfAcquireSpinLock
-  - KfReleaseSpinLock
-  - TdiMapUserRequest
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  - TDI.SYS
-  InternalName: netfilter2.sys
-  MD5: e3b79b124fe408b971d18fd3a25b5ba0
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: netfilter2.sys
-  PDBPath: ''
-  Product: "\u65E0\u5FE7\u52A0\u901F\u5668"
-  ProductVersion: 1.5.8.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: ea1a25e78d69ef318ef4d2fbfd420541
-    SHA1: 1f795bc5eaecf5ee96f77ae703426b5f65e0d895
-    SHA256: 1c10422043879162a1e9a246a3125f545a119afc8c25fd6822f48509ee2a02c0
-  SHA1: 5d1338b06e52a2dd3afda4dd0374a80e91cbf333
-  SHA256: 2fa78c2988f9580b0c18822b117d065fb419f9c476f4cfa43925ba6cd2dffac3
-  Sections:
-    .text:
-      Entropy: 6.296843927579521
-      Virtual Size: '0xb482'
-    .rdata:
-      Entropy: 4.07360217642813
-      Virtual Size: '0x214'
-    .data:
-      Entropy: 0.021179877335710875
-      Virtual Size: '0x1458'
-    INIT:
-      Entropy: 5.460393228615208
-      Virtual Size: '0x64a'
-    .rsrc:
-      Entropy: 3.514358315657194
-      Virtual Size: '0x408'
-    .reloc:
-      Entropy: 6.490758317321038
-      Virtual Size: '0xca2'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: C=CN, ST=, L=, O=, CN=
-      ValidFrom: '2019-06-27 00:00:00'
-      ValidTo: '2020-06-30 12:00:00'
-      Signature: 03dde89129103227d1e3b60f8112561b8b40ba165d1c9d6867aa730429a5534bb8fd6f9883704c5d2ddc938bbb8477a37ea3e01ecc696079a283e4d2534ca96b5049034c454324abf188ab6536ba0ee6e6f1f194a23363d9198eb829cf68834cd952074413bd9711e39037d0ecdba6ec2c7e2c7b46946c4ebea4ee1b84b7cb6582826da8eeafc5d1e9daf8f777480a7507017a6c485b25d94df9546c4ad4ebba85d79ce89422571b2e03557ba2b0396c4bacb5262e51cde8fe9c46d1f0e5e414757f53f5aded921c117f8c7bcf8caa4acc00b120c7a0a48ea84bd618e65c867d74367ab9f3285929c4f98e587f3620bb066906ffe450a911ded794c508f656a7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 09450b8f73ea43e39d2cdd56049dbe40
-      Version: 3
-      TBS:
-        MD5: bcfecc67375f580ac6eadd789860b1f8
-        SHA1: 3fa9cf13a1816a6e358bb1ca12e050662bc2e178
-        SHA256: fbb627aabbe2b2dbfdddfbad14392049b0d76f8d9679f3d550333b84b20320df
-        SHA384: d496c3920c3ab14a3c79e9bd41351912f045ea3b42ba9ec0cb0b1f778d1178174a831fe89848a8226957f2b6f079f01d
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
-      Version: 3
-      TBS:
-        MD5: 829995f702421dea833a24fb2c7f4442
-        SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
-        SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
-        SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 09450b8f73ea43e39d2cdd56049dbe40
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      Version: 1
-  Imphash: dc1fe38f597362ae167fd4212146aa60
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 52cef25aecab8b66f05e29df206d6375
-    SHA1: 4e5e719362cd48bb323803c1d00afde11d4b9d4c
-    SHA256: 44a0599defea351314663582dbc61069b3a095a4ddad571bb17dd0d8b21e7ff2
-  Company: Windows (R) Win 7 DDK provider
-  Copyright: "Copyright \xA9 NetFilterSDK.com"
-  CreationTimestamp: '2020-09-15 00:54:42'
-  Date: ''
-  Description: NetFilter SDK WFP Driver (WPP)
-  ExportedFunctions: ''
-  FileVersion: 1.5.9.7
-  Filename: ''
-  ImportedFunctions:
-  - FwpmTransactionCommit0
-  - FwpmTransactionAbort0
-  - FwpmProviderAdd0
-  - FwpmProviderContextDeleteByKey0
-  - FwpmSubLayerAdd0
-  - FwpmSubLayerDeleteByKey0
-  - FwpmSubLayerCreateEnumHandle0
-  - FwpmSubLayerEnum0
-  - FwpmSubLayerDestroyEnumHandle0
-  - FwpmCalloutAdd0
-  - FwpmFilterAdd0
-  - FwpsFlowAbort0
-  - FwpsInjectionHandleCreate0
-  - FwpsInjectionHandleDestroy0
-  - FwpsAllocateNetBufferAndNetBufferList0
-  - FwpsFreeNetBufferList0
-  - FwpmTransactionBegin0
-  - FwpsInjectNetworkSendAsync0
-  - FwpsConstructIpHeaderForTransportPacket0
-  - FwpsInjectTransportSendAsync0
-  - FwpsInjectTransportReceiveAsync0
-  - FwpsInjectNetworkReceiveAsync0
-  - FwpsStreamInjectAsync0
-  - FwpsCopyStreamDataToBuffer0
-  - FwpmBfeStateGet0
-  - FwpmBfeStateSubscribeChanges0
-  - FwpmBfeStateUnsubscribeChanges0
-  - FwpsFlowRemoveContext0
-  - FwpsCompleteClassify0
-  - FwpsRedirectHandleDestroy0
-  - FwpsCloneStreamData0
-  - FwpsDiscardClonedStreamData0
-  - FwpmEngineClose0
-  - FwpmEngineOpen0
-  - FwpmFreeMemory0
-  - FwpsRedirectHandleCreate0
-  - FwpsQueryPacketInjectionState0
-  - FwpsApplyModifiedLayerData0
-  - FwpsAcquireWritableLayerDataPointer0
-  - FwpsReleaseClassifyHandle0
-  - FwpsFlowAssociateContext0
-  - FwpsAcquireClassifyHandle0
-  - FwpsCalloutUnregisterByKey0
-  - FwpsCalloutRegister1
-  - FwpsPendClassify0
-  - FwpsFreeCloneNetBufferList0
-  - NdisAllocateNetBufferListPool
-  - NdisWaitEvent
-  - NdisInitializeEvent
-  - NdisFreeGenericObject
-  - NdisAllocateGenericObject
-  - NdisGetDataBuffer
-  - NdisAdvanceNetBufferDataStart
-  - NdisRetreatNetBufferDataStart
-  - NdisFreeNetBufferListPool
-  - memset
-  - RtlInitUnicodeString
-  - MmGetSystemRoutineAddress
-  - RtlAppendUnicodeToString
-  - RtlCreateSecurityDescriptor
-  - RtlSetDaclSecurityDescriptor
-  - KeInitializeEvent
-  - KeSetEvent
-  - KeWaitForSingleObject
-  - KeInitializeSpinLock
-  - ExFreePoolWithTag
-  - InterlockedPopEntrySList
-  - InterlockedPushEntrySList
-  - ExInitializeNPagedLookasideList
-  - ExDeleteNPagedLookasideList
-  - MmBuildMdlForNonPagedPool
-  - MmMapLockedPagesSpecifyCache
-  - MmUnmapLockedPages
-  - MmAllocatePagesForMdl
-  - MmFreePagesFromMdl
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - IoAllocateMdl
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - IoFreeMdl
-  - IoReleaseCancelSpinLock
-  - ObReferenceObjectByHandle
-  - ObfDereferenceObject
-  - ZwClose
-  - ZwOpenKey
-  - ZwQueryValueKey
-  - PsGetCurrentProcessId
-  - ZwSetInformationThread
-  - RtlLengthSid
-  - RtlCreateAcl
-  - RtlAddAccessAllowedAce
-  - PsLookupProcessByProcessId
-  - ObOpenObjectByPointer
-  - ZwSetSecurityObject
-  - SeExports
-  - RtlGetVersion
-  - KeQuerySystemTime
-  - _allmul
-  - _aulldiv
-  - _aullrem
-  - RtlCompareMemory
-  - RtlValidSid
-  - RtlUnwind
-  - memcpy
-  - ExUuidCreate
-  - ExAllocatePoolWithTag
-  - swprintf_s
-  - KeReleaseInStackQueuedSpinLock
-  - KeGetCurrentIrql
-  - KeAcquireInStackQueuedSpinLock
-  Imports:
-  - fwpkclnt.sys
-  - NDIS.SYS
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: netfilter2.sys
-  MD5: e1190b7a0bd3b8cc3a819d471ede264f
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: netfilter2.sys
-  PDBPath: ''
-  Product: Windows (R) Win 7 DDK driver
-  ProductVersion: 6.2.9200.20557
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: b873ce00fb531a917db2341eff66f88d
-    SHA1: 0f24abad7feabd2abb4b819dedc5ab9b9de3e33c
-    SHA256: 54b267b1987fc423443455d94ce6d7b42dd9357bef9de2d67bea3bc6a83fb0cc
-  SHA1: 1ea5d1bad9b01a38aa20b2cc2fcd90b3adcb1700
-  SHA256: 65a3e69854c729659281d2c5f8a4c8274ad3606befdcd9e1b79d3262f260bfa1
-  Sections:
-    .text:
-      Entropy: 6.24160242971194
-      Virtual Size: '0xe8c2'
-    .rdata:
-      Entropy: 4.577904288123528
-      Virtual Size: '0x914'
-    .data:
-      Entropy: 3.197711573383127
-      Virtual Size: '0xf90'
-    INIT:
-      Entropy: 5.598078462986293
-      Virtual Size: '0xd76'
-    .rsrc:
-      Entropy: 3.5912667039027926
-      Virtual Size: '0x448'
-    .reloc:
-      Entropy: 6.614956595399758
-      Virtual Size: '0x12c8'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: ??=CN, ??=, ??=, ??=Private Organization, serialNumber=91330701MA28DMHT4Y,
-        C=CN, ST=, L=, O=, CN=
-      ValidFrom: '2019-03-22 00:00:00'
-      ValidTo: '2021-03-25 12:00:00'
-      Signature: 5e1cb6b58ffb591e3a704dc59756f1ecc243200154b08df383197a63b507099accf1fb5302f3868ccebd3057fbab16d7a9bdcf143a9502d3489e7f673d0fd81c4feb5f98561f7c0971d93ed826da97dbd0622d55a14be6cffd7c18b7668fb800afba5c12037b1d673409daf19e06dc378ff0da81facc1c3d85f5f740a83a01c1ab827c9fe78ef252f1e8f0d91eb9d231f88f155d5571ca01bc222a1e6efedd466d2fab104e7eb1d390df00fc22e006ff9d5291b720faa6b907f8e5440b2f6b3284fc4e91c9c16a2ab3ccc977f147709117e1d97824663e55602037259f03488ce6f6ab82476b2ff21df0351d53690bb404bff4c78f419ab59b10e97751c5442d
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0af5efac8e1cb5bb290394d315079dbe
-      Version: 3
-      TBS:
-        MD5: 11e15766710ca8d294dcaf75cdc481c7
-        SHA1: d4fbc4f59e8ac285a2a1cdde885eab8ec7c073f2
-        SHA256: 8235db8c900fcefb648b477bd93a19628b36ff95f3c53237eeae5d3dc6edb450
-        SHA384: c4cfee6d8a6b56e5bba6101fe888f15aa529ddac3176c45cd413cf427447a3fe15c3eaa1b61c91b740519edd61d51d60
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA
-      ValidFrom: '2012-04-18 12:00:00'
-      ValidTo: '2027-04-18 12:00:00'
-      Signature: 9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0dd0e3374ac95bdbfa6b434b2a48ec06
-      Version: 3
-      TBS:
-        MD5: f92649915476229b093c211c2b18e6c4
-        SHA1: 2d54c16a8f8b69ccdea48d0603c132f547a5cf75
-        SHA256: 2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
-        SHA384: 511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 0af5efac8e1cb5bb290394d315079dbe
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA
-      Version: 1
-  Imphash: 79c0d702a9da102f56d81f4efe802fbf
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 6d4517e6348130fe55f11bfd630d857f
-    SHA1: 60a632e4b838731aad553650d6bc8af3d3d80b26
-    SHA256: 8168304169a2453c0c3e0a285c2a07d3b3b83433e0342f6b33400c371af86221
-  Company: Windows (R) Win 7 DDK provider
-  Copyright: "Copyright \xA9 NetFilterSDK.com"
-  CreationTimestamp: '2020-09-15 00:54:17'
-  Date: ''
-  Description: NetFilter SDK WFP Driver (WPP)
-  ExportedFunctions: ''
-  FileVersion: '1.5.9.7 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - memcpy
-  - RtlValidSid
-  - IoFreeMdl
-  - RtlUnwind
-  - KeBugCheckEx
-  - RtlCompareMemory
-  - KeTickCount
-  - _allmul
-  - _aulldiv
-  - KeQuerySystemTime
-  - ExUuidCreate
-  - swprintf_s
-  - KeInitializeEvent
-  - PsCreateSystemThread
-  - ZwSetInformationThread
-  - ObReferenceObjectByHandle
-  - RtlAppendUnicodeToString
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - PsTerminateSystemThread
-  - MmGetSystemRoutineAddress
-  - PsLookupProcessByProcessId
-  - IoAllocateMdl
-  - MmBuildMdlForNonPagedPool
-  - IoReleaseCancelSpinLock
-  - PsGetCurrentProcessId
-  - IofCompleteRequest
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - KeWaitForSingleObject
-  - ObfDereferenceObject
-  - MmAllocatePagesForMdl
-  - MmMapLockedPagesSpecifyCache
-  - MmFreePagesFromMdl
-  - MmUnmapLockedPages
-  - KeSetEvent
-  - ObOpenObjectByPointer
-  - RtlLengthSid
-  - SeExports
-  - RtlCreateAcl
-  - RtlAddAccessAllowedAce
-  - RtlCreateSecurityDescriptor
-  - RtlSetDaclSecurityDescriptor
-  - ZwSetSecurityObject
-  - ZwQueryValueKey
-  - ExDeleteNPagedLookasideList
-  - ExInitializeNPagedLookasideList
-  - InterlockedPushEntrySList
-  - InterlockedPopEntrySList
-  - _aullrem
-  - ExFreePoolWithTag
-  - memset
-  - ExAllocatePoolWithTag
-  - RtlInitUnicodeString
-  - ZwOpenKey
-  - ZwClose
-  - KeReleaseInStackQueuedSpinLock
-  - KeGetCurrentIrql
-  - KeAcquireInStackQueuedSpinLock
-  - FwpsStreamInjectAsync0
-  - FwpmEngineOpen0
-  - FwpmProviderAdd0
-  - FwpmSubLayerDeleteByKey0
-  - FwpmProviderContextDeleteByKey0
-  - FwpsAcquireClassifyHandle0
-  - FwpsQueryPacketInjectionState0
-  - FwpsFlowAssociateContext0
-  - FwpmSubLayerAdd0
-  - FwpmSubLayerCreateEnumHandle0
-  - FwpmFreeMemory0
-  - FwpmSubLayerEnum0
-  - FwpmSubLayerDestroyEnumHandle0
-  - FwpmCalloutAdd0
-  - FwpmFilterAdd0
-  - FwpmTransactionBegin0
-  - FwpmEngineClose0
-  - FwpmTransactionCommit0
-  - FwpmTransactionAbort0
-  - FwpsCalloutRegister1
-  - FwpsCalloutUnregisterByKey0
-  - FwpsPendClassify0
-  - FwpsInjectionHandleCreate0
-  - FwpsCopyStreamDataToBuffer0
-  - FwpsInjectNetworkReceiveAsync0
-  - FwpsAcquireWritableLayerDataPointer0
-  - FwpsApplyModifiedLayerData0
-  - FwpsAllocateNetBufferAndNetBufferList0
-  - FwpsInjectTransportSendAsync0
-  - FwpsConstructIpHeaderForTransportPacket0
-  - FwpsInjectNetworkSendAsync0
-  - FwpsInjectTransportReceiveAsync0
-  - FwpsFreeCloneNetBufferList0
-  - FwpsInjectionHandleDestroy0
-  - FwpsFlowRemoveContext0
-  - FwpsCloneStreamData0
-  - FwpsCompleteClassify0
-  - FwpsReleaseClassifyHandle0
-  - FwpsDiscardClonedStreamData0
-  - FwpsFreeNetBufferList0
-  - FwpmBfeStateGet0
-  - FwpmBfeStateSubscribeChanges0
-  - FwpmBfeStateUnsubscribeChanges0
-  - NdisFreeGenericObject
-  - NdisInitializeEvent
-  - NdisFreeNetBufferListPool
-  - NdisGetDataBuffer
-  - NdisAdvanceNetBufferDataStart
-  - NdisRetreatNetBufferDataStart
-  - NdisAllocateNetBufferListPool
-  - NdisAllocateGenericObject
-  - NdisWaitEvent
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  - fwpkclnt.sys
-  - NDIS.SYS
-  InternalName: netfilter2.sys
-  MD5: 3a53fe6598d2b9bc3b81d3dd6bc5d843
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: netfilter2.sys
-  PDBPath: ''
-  Product: Windows (R) Win 7 DDK driver
-  ProductVersion: 6.1.7600.16385
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 4c93d23c41f384b75bda01c7ace495d8
-    SHA1: 28695a10b02de9e1ce2d2b70c463f5d3bbaeaf4c
-    SHA256: 4049be109d3e76b72f97f3faab4a4456933bce7ec4593342fd7046ca2bae226e
-  SHA1: 8fbe153c1059a7fce265d5f6e6d8836c3aebe39e
-  SHA256: f488500be4eaafba74b644be95d4c0523297770fb9bb78c449f643ab8d4a05d9
-  Sections:
-    .text:
-      Entropy: 6.467856349257126
-      Virtual Size: '0xb6d0'
-    .rdata:
-      Entropy: 4.408465659438351
-      Virtual Size: '0x8e0'
-    .data:
-      Entropy: 3.1025085790331026
-      Virtual Size: '0xfa4'
-    INIT:
-      Entropy: 5.518016943716045
-      Virtual Size: '0xd34'
-    .rsrc:
-      Entropy: 3.4014320333561083
-      Virtual Size: '0x3e0'
-    .reloc:
-      Entropy: 6.603171661071898
-      Virtual Size: '0xce2'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: ??=CN, ??=, ??=, ??=Private Organization, serialNumber=91330701MA28DMHT4Y,
-        C=CN, ST=, L=, O=, CN=
-      ValidFrom: '2019-03-22 00:00:00'
-      ValidTo: '2021-03-25 12:00:00'
-      Signature: 5e1cb6b58ffb591e3a704dc59756f1ecc243200154b08df383197a63b507099accf1fb5302f3868ccebd3057fbab16d7a9bdcf143a9502d3489e7f673d0fd81c4feb5f98561f7c0971d93ed826da97dbd0622d55a14be6cffd7c18b7668fb800afba5c12037b1d673409daf19e06dc378ff0da81facc1c3d85f5f740a83a01c1ab827c9fe78ef252f1e8f0d91eb9d231f88f155d5571ca01bc222a1e6efedd466d2fab104e7eb1d390df00fc22e006ff9d5291b720faa6b907f8e5440b2f6b3284fc4e91c9c16a2ab3ccc977f147709117e1d97824663e55602037259f03488ce6f6ab82476b2ff21df0351d53690bb404bff4c78f419ab59b10e97751c5442d
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0af5efac8e1cb5bb290394d315079dbe
-      Version: 3
-      TBS:
-        MD5: 11e15766710ca8d294dcaf75cdc481c7
-        SHA1: d4fbc4f59e8ac285a2a1cdde885eab8ec7c073f2
-        SHA256: 8235db8c900fcefb648b477bd93a19628b36ff95f3c53237eeae5d3dc6edb450
-        SHA384: c4cfee6d8a6b56e5bba6101fe888f15aa529ddac3176c45cd413cf427447a3fe15c3eaa1b61c91b740519edd61d51d60
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA
-      ValidFrom: '2012-04-18 12:00:00'
-      ValidTo: '2027-04-18 12:00:00'
-      Signature: 9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0dd0e3374ac95bdbfa6b434b2a48ec06
-      Version: 3
-      TBS:
-        MD5: f92649915476229b093c211c2b18e6c4
-        SHA1: 2d54c16a8f8b69ccdea48d0603c132f547a5cf75
-        SHA256: 2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
-        SHA384: 511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 0af5efac8e1cb5bb290394d315079dbe
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA
-      Version: 1
-  Imphash: fc1af6fcd96ae15019c6cbe9015709d3
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 3361957860d2b65c0368778ca088946f
-    SHA1: 6a784d45517142c11d5cca3ff9956b2ed6eaf4c9
-    SHA256: e94e8a87459db56837d1c58f9854794aa99f36566a9ded9b398be9d4d3a2c2af
-  Company: Windows (R) Win 7 DDK provider
-  Copyright: "Copyright \xA9 NetFilterSDK.com"
-  CreationTimestamp: '2020-09-15 00:54:41'
-  Date: ''
-  Description: NetFilter SDK WFP Driver (WPP)
-  ExportedFunctions: ''
-  FileVersion: 1.5.9.7
-  Filename: ''
-  ImportedFunctions:
-  - FwpmFreeMemory0
-  - FwpmEngineOpen0
-  - FwpmEngineClose0
-  - FwpmTransactionBegin0
-  - FwpmTransactionCommit0
-  - FwpmTransactionAbort0
-  - FwpmProviderAdd0
-  - FwpmProviderContextDeleteByKey0
-  - FwpmSubLayerAdd0
-  - FwpmSubLayerDeleteByKey0
-  - FwpmSubLayerCreateEnumHandle0
-  - FwpmSubLayerEnum0
-  - FwpmSubLayerDestroyEnumHandle0
-  - FwpmCalloutAdd0
-  - FwpmFilterAdd0
-  - FwpsFlowAbort0
-  - FwpsInjectionHandleCreate0
-  - FwpsInjectionHandleDestroy0
-  - FwpsRedirectHandleCreate0
-  - FwpsFreeNetBufferList0
-  - FwpsFreeCloneNetBufferList0
-  - FwpsInjectNetworkSendAsync0
-  - FwpsConstructIpHeaderForTransportPacket0
-  - FwpsInjectTransportSendAsync0
-  - FwpsInjectTransportReceiveAsync0
-  - FwpsInjectNetworkReceiveAsync0
-  - FwpsStreamInjectAsync0
-  - FwpsCopyStreamDataToBuffer0
-  - FwpmBfeStateGet0
-  - FwpmBfeStateSubscribeChanges0
-  - FwpmBfeStateUnsubscribeChanges0
-  - FwpsFlowRemoveContext0
-  - FwpsCompleteClassify0
-  - FwpsRedirectHandleDestroy0
-  - FwpsCloneStreamData0
-  - FwpsDiscardClonedStreamData0
-  - FwpsQueryPacketInjectionState0
-  - FwpsApplyModifiedLayerData0
-  - FwpsAcquireWritableLayerDataPointer0
-  - FwpsReleaseClassifyHandle0
-  - FwpsAcquireClassifyHandle0
-  - FwpsFlowAssociateContext0
-  - FwpsCalloutUnregisterByKey0
-  - FwpsCalloutRegister1
-  - FwpsPendClassify0
-  - FwpsAllocateNetBufferAndNetBufferList0
-  - NdisFreeNetBufferListPool
-  - NdisAllocateNetBufferListPool
-  - NdisWaitEvent
-  - NdisInitializeEvent
-  - NdisFreeGenericObject
-  - NdisAllocateGenericObject
-  - NdisGetDataBuffer
-  - NdisAdvanceNetBufferDataStart
-  - NdisRetreatNetBufferDataStart
-  - KeAcquireInStackQueuedSpinLock
-  - KeReleaseInStackQueuedSpinLock
-  - ExAllocatePoolWithTag
-  - ExUuidCreate
-  - swprintf_s
-  - RtlInitUnicodeString
-  - MmGetSystemRoutineAddress
-  - RtlAppendUnicodeToString
-  - RtlCreateSecurityDescriptor
-  - RtlSetDaclSecurityDescriptor
-  - KeInitializeEvent
-  - KeSetEvent
-  - KeWaitForSingleObject
-  - KeInitializeSpinLock
-  - ExFreePoolWithTag
-  - ExQueryDepthSList
-  - ExpInterlockedPopEntrySList
-  - ExpInterlockedPushEntrySList
-  - ExInitializeNPagedLookasideList
-  - ExDeleteNPagedLookasideList
-  - MmBuildMdlForNonPagedPool
-  - MmMapLockedPagesSpecifyCache
-  - MmUnmapLockedPages
-  - MmAllocatePagesForMdl
-  - MmFreePagesFromMdl
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - IoAllocateMdl
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - IoFreeMdl
-  - IoReleaseCancelSpinLock
-  - ObReferenceObjectByHandle
-  - ObfDereferenceObject
-  - ZwClose
-  - ZwOpenKey
-  - ZwQueryValueKey
-  - PsGetCurrentProcessId
-  - ZwSetInformationThread
-  - RtlLengthSid
-  - RtlCreateAcl
-  - RtlAddAccessAllowedAce
-  - PsLookupProcessByProcessId
-  - ObOpenObjectByPointer
-  - ZwSetSecurityObject
-  - __C_specific_handler
-  - SeExports
-  - RtlGetVersion
-  - RtlCompareMemory
-  - RtlValidSid
-  Imports:
-  - fwpkclnt.sys
-  - NDIS.SYS
-  - ntoskrnl.exe
-  InternalName: netfilter2.sys
-  MD5: 837b27efec864ae45d89cfffc1e635f0
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: netfilter2.sys
-  PDBPath: ''
-  Product: Windows (R) Win 7 DDK driver
-  ProductVersion: 6.2.9200.20557
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: c646eed94ec9e75c1a5498d3642cdab3
-    SHA1: 0d0761641e424cc895ba76723784427fcf297f4a
-    SHA256: 7cecb42d3d4ae8649f3b4714fbab29c4cef8e24a48b0eea2537824fc40f4ea7f
-  SHA1: f03a9bb8c6943c3db7532ccc39cc1905a62f27be
-  SHA256: 0f3e7bf7b103613844a38afb574817ddaecd00e4d206d891660dbb0e5dfee04e
-  Sections:
-    .text:
-      Entropy: 6.150053710509848
-      Virtual Size: '0x1019a'
-    .rdata:
-      Entropy: 4.871173021345663
-      Virtual Size: '0x1ddc'
-    .data:
-      Entropy: 2.2005364202433433
-      Virtual Size: '0x18c0'
-    .pdata:
-      Entropy: 5.031237899973202
-      Virtual Size: '0xe40'
-    INIT:
-      Entropy: 5.179921200293236
-      Virtual Size: '0xeca'
-    .rsrc:
-      Entropy: 3.5922103150308553
-      Virtual Size: '0x448'
-    .reloc:
-      Entropy: 3.7790472033993128
-      Virtual Size: '0x228'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: ??=CN, ??=, ??=, ??=Private Organization, serialNumber=91330701MA28DMHT4Y,
-        C=CN, ST=, L=, O=, CN=
-      ValidFrom: '2019-03-22 00:00:00'
-      ValidTo: '2021-03-25 12:00:00'
-      Signature: 5e1cb6b58ffb591e3a704dc59756f1ecc243200154b08df383197a63b507099accf1fb5302f3868ccebd3057fbab16d7a9bdcf143a9502d3489e7f673d0fd81c4feb5f98561f7c0971d93ed826da97dbd0622d55a14be6cffd7c18b7668fb800afba5c12037b1d673409daf19e06dc378ff0da81facc1c3d85f5f740a83a01c1ab827c9fe78ef252f1e8f0d91eb9d231f88f155d5571ca01bc222a1e6efedd466d2fab104e7eb1d390df00fc22e006ff9d5291b720faa6b907f8e5440b2f6b3284fc4e91c9c16a2ab3ccc977f147709117e1d97824663e55602037259f03488ce6f6ab82476b2ff21df0351d53690bb404bff4c78f419ab59b10e97751c5442d
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0af5efac8e1cb5bb290394d315079dbe
-      Version: 3
-      TBS:
-        MD5: 11e15766710ca8d294dcaf75cdc481c7
-        SHA1: d4fbc4f59e8ac285a2a1cdde885eab8ec7c073f2
-        SHA256: 8235db8c900fcefb648b477bd93a19628b36ff95f3c53237eeae5d3dc6edb450
-        SHA384: c4cfee6d8a6b56e5bba6101fe888f15aa529ddac3176c45cd413cf427447a3fe15c3eaa1b61c91b740519edd61d51d60
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA
-      ValidFrom: '2012-04-18 12:00:00'
-      ValidTo: '2027-04-18 12:00:00'
-      Signature: 9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0dd0e3374ac95bdbfa6b434b2a48ec06
-      Version: 3
-      TBS:
-        MD5: f92649915476229b093c211c2b18e6c4
-        SHA1: 2d54c16a8f8b69ccdea48d0603c132f547a5cf75
-        SHA256: 2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
-        SHA384: 511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 0af5efac8e1cb5bb290394d315079dbe
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA
-      Version: 1
-  Imphash: c3658b106f146a18ba9b6e5c7bacfe9b
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: fd8b9266dc98e0af514babcbba122265
-    SHA1: dc38cc55b84a1a7c0846fb5509b43b4ff97a9be6
-    SHA256: fafa1bb36f0ac34b762a10e9f327dcab2152a6d0b16a19697362d49a31e7f566
-  Company: "\u5B8F\u56FE\u65E0\u5FE7"
-  Copyright: "Copyright \xA9 wyjsq.com"
-  CreationTimestamp: '2019-06-10 08:45:42'
-  Date: ''
-  Description: WYJSQ WFP Driver (WPP)
-  ExportedFunctions: ''
-  FileVersion: '1.5.7.8 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - KeBugCheckEx
-  - ExUuidCreate
-  - swprintf_s
-  - RtlCreateSecurityDescriptor
-  - RtlLengthSid
-  - IoAllocateMdl
-  - ObOpenObjectByPointer
-  - IoReleaseCancelSpinLock
-  - IoCreateDevice
-  - MmFreePagesFromMdl
-  - ObfDereferenceObject
-  - PsGetCurrentProcessId
-  - IoCreateSymbolicLink
-  - SeExports
-  - ZwSetSecurityObject
-  - KeWaitForSingleObject
-  - ObReferenceObjectByHandle
-  - ZwSetInformationThread
-  - IofCompleteRequest
-  - PsTerminateSystemThread
-  - ZwQueryValueKey
-  - MmMapLockedPagesSpecifyCache
-  - PsCreateSystemThread
-  - RtlAddAccessAllowedAce
-  - MmBuildMdlForNonPagedPool
-  - MmAllocatePagesForMdl
-  - KeInitializeEvent
-  - RtlAppendUnicodeToString
-  - MmGetSystemRoutineAddress
-  - KeSetEvent
-  - IoDeleteDevice
-  - RtlSetDaclSecurityDescriptor
-  - PsLookupProcessByProcessId
-  - RtlCreateAcl
-  - IoDeleteSymbolicLink
-  - MmUnmapLockedPages
-  - ExDeleteNPagedLookasideList
-  - ExQueryDepthSList
-  - IoFreeMdl
-  - ExpInterlockedPopEntrySList
-  - KeAcquireInStackQueuedSpinLock
-  - ExpInterlockedPushEntrySList
-  - KeReleaseInStackQueuedSpinLock
-  - ExInitializeNPagedLookasideList
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - ZwOpenKey
-  - ZwClose
-  - RtlInitUnicodeString
-  - __C_specific_handler
-  - FwpsFlowAssociateContext0
-  - FwpsCalloutUnregisterByKey0
-  - FwpmSubLayerAdd0
-  - FwpsQueryPacketInjectionState0
-  - FwpmSubLayerDeleteByKey0
-  - FwpmSubLayerEnum0
-  - FwpmTransactionCommit0
-  - FwpmSubLayerCreateEnumHandle0
-  - FwpmSubLayerDestroyEnumHandle0
-  - FwpmProviderContextDeleteByKey0
-  - FwpmCalloutAdd0
-  - FwpmProviderAdd0
-  - FwpmTransactionAbort0
-  - FwpmEngineOpen0
-  - FwpsAcquireClassifyHandle0
-  - FwpmFilterAdd0
-  - FwpsPendClassify0
-  - FwpsCalloutRegister1
-  - FwpmTransactionBegin0
-  - FwpmEngineClose0
-  - FwpmFreeMemory0
-  - FwpsAcquireWritableLayerDataPointer0
-  - FwpsApplyModifiedLayerData0
-  - FwpsInjectNetworkReceiveAsync0
-  - FwpsFreeCloneNetBufferList0
-  - FwpsInjectionHandleDestroy0
-  - FwpsConstructIpHeaderForTransportPacket0
-  - FwpsAllocateNetBufferAndNetBufferList0
-  - FwpsInjectionHandleCreate0
-  - FwpsInjectTransportReceiveAsync0
-  - FwpsInjectNetworkSendAsync0
-  - FwpsCopyStreamDataToBuffer0
-  - FwpsInjectTransportSendAsync0
-  - FwpsFlowRemoveContext0
-  - FwpsCloneStreamData0
-  - FwpsCompleteClassify0
-  - FwpsStreamInjectAsync0
-  - FwpsReleaseClassifyHandle0
-  - FwpsDiscardClonedStreamData0
-  - FwpmBfeStateGet0
-  - FwpmBfeStateSubscribeChanges0
-  - FwpmBfeStateUnsubscribeChanges0
-  - FwpsFreeNetBufferList0
-  - NdisAllocateGenericObject
-  - NdisWaitEvent
-  - NdisAllocateNetBufferListPool
-  - NdisInitializeEvent
-  - NdisFreeGenericObject
-  - NdisFreeNetBufferListPool
-  - NdisGetDataBuffer
-  - NdisRetreatNetBufferDataStart
-  - NdisAdvanceNetBufferDataStart
-  Imports:
-  - ntoskrnl.exe
-  - fwpkclnt.sys
-  - NDIS.SYS
-  InternalName: netfilter2.sys
-  MD5: 5035359be554444dde135903e4a07b28
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: netfilter2.sys
-  PDBPath: ''
-  Product: "\u65E0\u5FE7\u52A0\u901F\u5668"
-  ProductVersion: 6.1.7600.16385
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: a56ba6fc66a7556100c90b00913a984c
-    SHA1: b236fd12e7887836407fd8ff0acd7192685f3704
-    SHA256: 464507424adf04e3a3c84ab69df0eb8a21f311a35cdf11ad898a50995fbfba19
-  SHA1: 5686bec46dedcea3a8724bb042a1d24ddd6f4c81
-  SHA256: 12656fc113b178fa3e6bfffc6473897766c44120082483eb8059ebff29b5d2df
-  Sections:
-    .text:
-      Entropy: 6.242867685753186
-      Virtual Size: '0xd86e'
-    .rdata:
-      Entropy: 5.37002131800132
-      Virtual Size: '0xb44'
-    .data:
-      Entropy: 1.6857744414226499
-      Virtual Size: '0x1598'
-    .pdata:
-      Entropy: 4.530780747243636
-      Virtual Size: '0x690'
-    INIT:
-      Entropy: 5.309039021372289
-      Virtual Size: '0xe64'
-    .rsrc:
-      Entropy: 3.531521158202179
-      Virtual Size: '0x418'
-    .reloc:
-      Entropy: 3.6690718801051645
-      Virtual Size: '0x1ce'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: C=CN, ST=, L=, O=, CN=
-      ValidFrom: '2019-06-27 00:00:00'
-      ValidTo: '2020-06-30 12:00:00'
-      Signature: 03dde89129103227d1e3b60f8112561b8b40ba165d1c9d6867aa730429a5534bb8fd6f9883704c5d2ddc938bbb8477a37ea3e01ecc696079a283e4d2534ca96b5049034c454324abf188ab6536ba0ee6e6f1f194a23363d9198eb829cf68834cd952074413bd9711e39037d0ecdba6ec2c7e2c7b46946c4ebea4ee1b84b7cb6582826da8eeafc5d1e9daf8f777480a7507017a6c485b25d94df9546c4ad4ebba85d79ce89422571b2e03557ba2b0396c4bacb5262e51cde8fe9c46d1f0e5e414757f53f5aded921c117f8c7bcf8caa4acc00b120c7a0a48ea84bd618e65c867d74367ab9f3285929c4f98e587f3620bb066906ffe450a911ded794c508f656a7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 09450b8f73ea43e39d2cdd56049dbe40
-      Version: 3
-      TBS:
-        MD5: bcfecc67375f580ac6eadd789860b1f8
-        SHA1: 3fa9cf13a1816a6e358bb1ca12e050662bc2e178
-        SHA256: fbb627aabbe2b2dbfdddfbad14392049b0d76f8d9679f3d550333b84b20320df
-        SHA384: d496c3920c3ab14a3c79e9bd41351912f045ea3b42ba9ec0cb0b1f778d1178174a831fe89848a8226957f2b6f079f01d
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
-      Version: 3
-      TBS:
-        MD5: 829995f702421dea833a24fb2c7f4442
-        SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
-        SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
-        SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 09450b8f73ea43e39d2cdd56049dbe40
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      Version: 1
-  Imphash: 8e0e7a2f5025b047a8ebd12a87d503fe
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: ddbb824860937add7c0f86c5df993d3a
-    SHA1: 03f0dd3124ec3a4bb6d30865a488f54e74ded699
-    SHA256: dfaefd06b680f9ea837e7815fc1cc7d1f4cc375641ac850667ab20739f46ad22
-  Company: "\u5B8F\u56FE\u65E0\u5FE7"
-  Copyright: "Copyright \xA9 wyjsq.com"
-  CreationTimestamp: '2019-06-10 08:45:55'
-  Date: ''
-  Description: WYJSQ TDI Hook Driver (WPP)
-  ExportedFunctions: ''
-  FileVersion: '1.4.9.5 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - KeReleaseSpinLock
-  - KeAcquireSpinLockRaiseToDpc
-  - IoDeleteSymbolicLink
-  - PsLookupProcessByProcessId
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - MmGetSystemRoutineAddress
-  - ZwClose
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - ObOpenObjectByPointer
-  - IofCallDriver
-  - IoDetachDevice
-  - IoBuildDeviceIoControlRequest
-  - RtlDowncaseUnicodeString
-  - KeInitializeEvent
-  - MmBuildMdlForNonPagedPool
-  - IoFreeMdl
-  - KeInsertQueueDpc
-  - KeWaitForSingleObject
-  - PsGetCurrentProcessId
-  - IoAllocateMdl
-  - ExFreePoolWithTag
-  - IoFreeIrp
-  - IoReleaseCancelSpinLock
-  - MmMapLockedPagesSpecifyCache
-  - IoAllocateIrp
-  - KeInitializeTimer
-  - RtlAppendUnicodeToString
-  - KeInitializeDpc
-  - IoGetDeviceObjectPointer
-  - IoAttachDeviceToDeviceStack
-  - KeSetTimer
-  - ObfReferenceObject
-  - MmFreePagesFromMdl
-  - MmUnmapLockedPages
-  - MmAllocatePagesForMdl
-  - RtlCreateAcl
-  - RtlSetDaclSecurityDescriptor
-  - RtlAddAccessAllowedAce
-  - ZwQueryValueKey
-  - ZwSetSecurityObject
-  - SeExports
-  - RtlLengthSid
-  - RtlCreateSecurityDescriptor
-  - ZwOpenKey
-  - KeBugCheckEx
-  - ObReferenceObjectByHandle
-  - ExAllocatePoolWithTag
-  - __C_specific_handler
-  - TdiMapUserRequest
-  Imports:
-  - ntoskrnl.exe
-  - TDI.SYS
-  InternalName: netfilter2.sys
-  MD5: 5c7d08cafbb96b0812a90ce4de52869a
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: netfilter2.sys
-  PDBPath: ''
-  Product: "\u65E0\u5FE7\u52A0\u901F\u5668\u9A71\u52A8\u6587\u4EF6"
-  ProductVersion: 1.5.8.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: a8cfc1c4c595dbd9909445a5e7ed9a54
-    SHA1: 93a8f9bf4e4c8886fc1d435828ab6706d11cfdf9
-    SHA256: dd65f865e9c50e9dde3584d90f0927d21042665aa375918708b4792861041072
-  SHA1: eff9b9458f4eb611478a0c959f156f3dc7e62c08
-  SHA256: 79e7165e626c7bde546cd1bea4b9ec206de8bed7821479856bdb0a2adc3e3617
-  Sections:
-    .text:
-      Entropy: 6.179201826106955
-      Virtual Size: '0x10102'
-    .rdata:
-      Entropy: 5.090786112456744
-      Virtual Size: '0x1d0c'
-    .data:
-      Entropy: 0.30140680731160896
-      Virtual Size: '0x19f0'
-    .pdata:
-      Entropy: 5.089722001786172
-      Virtual Size: '0x11c4'
-    INIT:
-      Entropy: 5.207307453400592
-      Virtual Size: '0x6fa'
-    .rsrc:
-      Entropy: 3.5406326624657645
-      Virtual Size: '0x418'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: C=CN, ST=, L=, O=, CN=
-      ValidFrom: '2019-06-27 00:00:00'
-      ValidTo: '2020-06-30 12:00:00'
-      Signature: 03dde89129103227d1e3b60f8112561b8b40ba165d1c9d6867aa730429a5534bb8fd6f9883704c5d2ddc938bbb8477a37ea3e01ecc696079a283e4d2534ca96b5049034c454324abf188ab6536ba0ee6e6f1f194a23363d9198eb829cf68834cd952074413bd9711e39037d0ecdba6ec2c7e2c7b46946c4ebea4ee1b84b7cb6582826da8eeafc5d1e9daf8f777480a7507017a6c485b25d94df9546c4ad4ebba85d79ce89422571b2e03557ba2b0396c4bacb5262e51cde8fe9c46d1f0e5e414757f53f5aded921c117f8c7bcf8caa4acc00b120c7a0a48ea84bd618e65c867d74367ab9f3285929c4f98e587f3620bb066906ffe450a911ded794c508f656a7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 09450b8f73ea43e39d2cdd56049dbe40
-      Version: 3
-      TBS:
-        MD5: bcfecc67375f580ac6eadd789860b1f8
-        SHA1: 3fa9cf13a1816a6e358bb1ca12e050662bc2e178
-        SHA256: fbb627aabbe2b2dbfdddfbad14392049b0d76f8d9679f3d550333b84b20320df
-        SHA384: d496c3920c3ab14a3c79e9bd41351912f045ea3b42ba9ec0cb0b1f778d1178174a831fe89848a8226957f2b6f079f01d
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
-      Version: 3
-      TBS:
-        MD5: 829995f702421dea833a24fb2c7f4442
-        SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
-        SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
-        SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 09450b8f73ea43e39d2cdd56049dbe40
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      Version: 1
-  Imphash: 55ef49522fb4f4b2667521ff4804a19a
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: b42afd5a5225094c7943185e769bc995
-    SHA1: 22c5e127e7e7c567d8624607a6f8f5809deacb55
-    SHA256: de6bf572d39e2611773e7a01f0388f84fb25da6cba2f1f8b9b36ffba467de6fa
-  Company: "\u5B8F\u56FE\u65E0\u5FE7"
-  Copyright: "Copyright \xA9 wyjsq.com"
-  CreationTimestamp: '2019-06-10 08:45:52'
-  Date: ''
-  Description: WYJSQ TDI Hook Driver (WPP)
-  ExportedFunctions: ''
-  FileVersion: '1.4.9.5 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - IoDeleteSymbolicLink
-  - IofCompleteRequest
-  - ZwClose
-  - ObfDereferenceObject
-  - ObOpenObjectByPointer
-  - PsLookupProcessByProcessId
-  - MmGetSystemRoutineAddress
-  - RtlInitUnicodeString
-  - IoDetachDevice
-  - IofCallDriver
-  - IoFreeMdl
-  - memcpy
-  - MmBuildMdlForNonPagedPool
-  - IoBuildDeviceIoControlRequest
-  - IoAllocateMdl
-  - RtlDowncaseUnicodeString
-  - PsGetCurrentProcessId
-  - KeWaitForSingleObject
-  - KeInitializeEvent
-  - KeInsertQueueDpc
-  - IoReleaseCancelSpinLock
-  - ObReferenceObjectByHandle
-  - IoDeleteDevice
-  - MmMapLockedPagesSpecifyCache
-  - IoAllocateIrp
-  - KeInitializeTimer
-  - KeInitializeDpc
-  - RtlAppendUnicodeToString
-  - IoAttachDeviceToDeviceStack
-  - IoGetDeviceObjectPointer
-  - ObfReferenceObject
-  - KeSetTimer
-  - MmFreePagesFromMdl
-  - MmUnmapLockedPages
-  - MmAllocatePagesForMdl
-  - ZwQueryValueKey
-  - ZwOpenKey
-  - ZwSetSecurityObject
-  - RtlSetDaclSecurityDescriptor
-  - RtlCreateSecurityDescriptor
-  - RtlAddAccessAllowedAce
-  - RtlCreateAcl
-  - RtlLengthSid
-  - SeExports
-  - KeTickCount
-  - KeBugCheckEx
-  - _aullrem
-  - ExFreePoolWithTag
-  - memset
-  - IoFreeIrp
-  - ExAllocatePoolWithTag
-  - RtlUnwind
-  - KfAcquireSpinLock
-  - KfReleaseSpinLock
-  - TdiMapUserRequest
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  - TDI.SYS
-  InternalName: netfilter2.sys
-  MD5: 546107a0f37686b2417f1be2e05305f6
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: netfilter2.sys
-  PDBPath: ''
-  Product: "\u65E0\u5FE7\u52A0\u901F\u5668"
-  ProductVersion: 1.5.8.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: ea1a25e78d69ef318ef4d2fbfd420541
-    SHA1: 1f795bc5eaecf5ee96f77ae703426b5f65e0d895
-    SHA256: 1c10422043879162a1e9a246a3125f545a119afc8c25fd6822f48509ee2a02c0
-  SHA1: b06af934021f48fa31db5759fa1eafa1927fc7e5
-  SHA256: 6a234a2b8eb3844f7b5831ee048f88e8a76e9d38e753cc82f61b234c79fe1660
-  Sections:
-    .text:
-      Entropy: 6.296843927579521
-      Virtual Size: '0xb482'
-    .rdata:
-      Entropy: 4.07360217642813
-      Virtual Size: '0x214'
-    .data:
-      Entropy: 0.021179877335710875
-      Virtual Size: '0x1458'
-    INIT:
-      Entropy: 5.460393228615208
-      Virtual Size: '0x64a'
-    .rsrc:
-      Entropy: 3.514358315657194
-      Virtual Size: '0x408'
-    .reloc:
-      Entropy: 6.490758317321038
-      Virtual Size: '0xca2'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: C=CN, ST=, L=, O=, CN=
-      ValidFrom: '2019-06-27 00:00:00'
-      ValidTo: '2020-06-30 12:00:00'
-      Signature: 03dde89129103227d1e3b60f8112561b8b40ba165d1c9d6867aa730429a5534bb8fd6f9883704c5d2ddc938bbb8477a37ea3e01ecc696079a283e4d2534ca96b5049034c454324abf188ab6536ba0ee6e6f1f194a23363d9198eb829cf68834cd952074413bd9711e39037d0ecdba6ec2c7e2c7b46946c4ebea4ee1b84b7cb6582826da8eeafc5d1e9daf8f777480a7507017a6c485b25d94df9546c4ad4ebba85d79ce89422571b2e03557ba2b0396c4bacb5262e51cde8fe9c46d1f0e5e414757f53f5aded921c117f8c7bcf8caa4acc00b120c7a0a48ea84bd618e65c867d74367ab9f3285929c4f98e587f3620bb066906ffe450a911ded794c508f656a7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 09450b8f73ea43e39d2cdd56049dbe40
-      Version: 3
-      TBS:
-        MD5: bcfecc67375f580ac6eadd789860b1f8
-        SHA1: 3fa9cf13a1816a6e358bb1ca12e050662bc2e178
-        SHA256: fbb627aabbe2b2dbfdddfbad14392049b0d76f8d9679f3d550333b84b20320df
-        SHA384: d496c3920c3ab14a3c79e9bd41351912f045ea3b42ba9ec0cb0b1f778d1178174a831fe89848a8226957f2b6f079f01d
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
-      Version: 3
-      TBS:
-        MD5: 829995f702421dea833a24fb2c7f4442
-        SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
-        SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
-        SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 09450b8f73ea43e39d2cdd56049dbe40
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      Version: 1
-  Imphash: dc1fe38f597362ae167fd4212146aa60
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 0d76526227d593a8967ed866b5991e10
-    SHA1: 3ae56ab63230d6d9552360845b4a37b5801cc5ea
-    SHA256: e9b433a33dc72eb2622947b41f01d04a48cd71beac775a88f3f1e4c838090ee8
-  Company: Windows (R) Win 7 DDK provider
-  Copyright: "Copyright \xA9 NetFilterSDK.com"
-  CreationTimestamp: '2020-09-15 00:54:19'
-  Date: ''
-  Description: NetFilter SDK WFP Driver (WPP)
-  ExportedFunctions: ''
-  FileVersion: '1.5.9.7 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - KeBugCheckEx
-  - ExUuidCreate
-  - swprintf_s
-  - RtlCreateSecurityDescriptor
-  - RtlLengthSid
-  - IoAllocateMdl
-  - ObOpenObjectByPointer
-  - IoReleaseCancelSpinLock
-  - IoCreateDevice
-  - MmFreePagesFromMdl
-  - ObfDereferenceObject
-  - PsGetCurrentProcessId
-  - IoCreateSymbolicLink
-  - SeExports
-  - ZwSetSecurityObject
-  - KeWaitForSingleObject
-  - ObReferenceObjectByHandle
-  - ZwSetInformationThread
-  - IofCompleteRequest
-  - PsTerminateSystemThread
-  - ZwQueryValueKey
-  - MmMapLockedPagesSpecifyCache
-  - PsCreateSystemThread
-  - RtlAddAccessAllowedAce
-  - MmBuildMdlForNonPagedPool
-  - MmAllocatePagesForMdl
-  - KeInitializeEvent
-  - RtlAppendUnicodeToString
-  - MmGetSystemRoutineAddress
-  - KeSetEvent
-  - IoDeleteDevice
-  - RtlSetDaclSecurityDescriptor
-  - PsLookupProcessByProcessId
-  - RtlCreateAcl
-  - IoDeleteSymbolicLink
-  - MmUnmapLockedPages
-  - RtlCompareMemory
-  - RtlValidSid
-  - ExDeleteNPagedLookasideList
-  - ExQueryDepthSList
-  - IoFreeMdl
-  - ExpInterlockedPopEntrySList
-  - KeAcquireInStackQueuedSpinLock
-  - ExpInterlockedPushEntrySList
-  - KeReleaseInStackQueuedSpinLock
-  - ExInitializeNPagedLookasideList
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - ZwOpenKey
-  - ZwClose
-  - RtlInitUnicodeString
-  - __C_specific_handler
-  - FwpsFlowAssociateContext0
-  - FwpsCalloutUnregisterByKey0
-  - FwpmSubLayerAdd0
-  - FwpsQueryPacketInjectionState0
-  - FwpmSubLayerDeleteByKey0
-  - FwpmSubLayerEnum0
-  - FwpmTransactionCommit0
-  - FwpmSubLayerCreateEnumHandle0
-  - FwpmSubLayerDestroyEnumHandle0
-  - FwpmProviderContextDeleteByKey0
-  - FwpmCalloutAdd0
-  - FwpmProviderAdd0
-  - FwpmTransactionAbort0
-  - FwpmEngineOpen0
-  - FwpsAcquireClassifyHandle0
-  - FwpmFilterAdd0
-  - FwpsPendClassify0
-  - FwpsCalloutRegister1
-  - FwpmTransactionBegin0
-  - FwpmEngineClose0
-  - FwpmFreeMemory0
-  - FwpsAcquireWritableLayerDataPointer0
-  - FwpsApplyModifiedLayerData0
-  - FwpsInjectNetworkReceiveAsync0
-  - FwpsFreeCloneNetBufferList0
-  - FwpsInjectionHandleDestroy0
-  - FwpsConstructIpHeaderForTransportPacket0
-  - FwpsAllocateNetBufferAndNetBufferList0
-  - FwpsInjectionHandleCreate0
-  - FwpsInjectTransportReceiveAsync0
-  - FwpsInjectNetworkSendAsync0
-  - FwpsCopyStreamDataToBuffer0
-  - FwpsInjectTransportSendAsync0
-  - FwpsFlowRemoveContext0
-  - FwpsCloneStreamData0
-  - FwpsCompleteClassify0
-  - FwpsStreamInjectAsync0
-  - FwpsReleaseClassifyHandle0
-  - FwpsDiscardClonedStreamData0
-  - FwpsFreeNetBufferList0
-  - FwpmBfeStateUnsubscribeChanges0
-  - FwpmBfeStateGet0
-  - FwpmBfeStateSubscribeChanges0
-  - NdisAllocateGenericObject
-  - NdisWaitEvent
-  - NdisAllocateNetBufferListPool
-  - NdisInitializeEvent
-  - NdisFreeGenericObject
-  - NdisFreeNetBufferListPool
-  - NdisGetDataBuffer
-  - NdisRetreatNetBufferDataStart
-  - NdisAdvanceNetBufferDataStart
-  Imports:
-  - ntoskrnl.exe
-  - fwpkclnt.sys
-  - NDIS.SYS
-  InternalName: netfilter2.sys
-  MD5: dc83a482d5900f19c0b92b9d183449ed
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: netfilter2.sys
-  PDBPath: ''
-  Product: Windows (R) Win 7 DDK driver
-  ProductVersion: 6.1.7600.16385
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 5f9eb581b0ce6f9d2b5f1f5a9771af50
-    SHA1: cb1828152e4668b5e033ee126a52df4f76700b2a
-    SHA256: e9bd3b71a475097efee5f9196d05a582abc2323affe47c2c9cf9bf933004e22f
-  SHA1: d219edc08fb789817c264b164f3034543b6a2e08
-  SHA256: 5c54a5cd3386ac14725a07962562e9fdcefbb7be0d19803f9d71de24573de1e3
-  Sections:
-    .text:
-      Entropy: 6.2545679166711565
-      Virtual Size: '0xd64e'
-    .rdata:
-      Entropy: 5.490124607621635
-      Virtual Size: '0xbd4'
-    .data:
-      Entropy: 1.921663371680462
-      Virtual Size: '0x1718'
-    .pdata:
-      Entropy: 4.529523254969204
-      Virtual Size: '0x6d8'
-    INIT:
-      Entropy: 5.309837255433513
-      Virtual Size: '0xe96'
-    .rsrc:
-      Entropy: 3.410095048874038
-      Virtual Size: '0x3e0'
-    .reloc:
-      Entropy: 3.9064526149567356
-      Virtual Size: '0x1fe'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: ??=CN, ??=, ??=, ??=Private Organization, serialNumber=91330701MA28DMHT4Y,
-        C=CN, ST=, L=, O=, CN=
-      ValidFrom: '2019-03-22 00:00:00'
-      ValidTo: '2021-03-25 12:00:00'
-      Signature: 5e1cb6b58ffb591e3a704dc59756f1ecc243200154b08df383197a63b507099accf1fb5302f3868ccebd3057fbab16d7a9bdcf143a9502d3489e7f673d0fd81c4feb5f98561f7c0971d93ed826da97dbd0622d55a14be6cffd7c18b7668fb800afba5c12037b1d673409daf19e06dc378ff0da81facc1c3d85f5f740a83a01c1ab827c9fe78ef252f1e8f0d91eb9d231f88f155d5571ca01bc222a1e6efedd466d2fab104e7eb1d390df00fc22e006ff9d5291b720faa6b907f8e5440b2f6b3284fc4e91c9c16a2ab3ccc977f147709117e1d97824663e55602037259f03488ce6f6ab82476b2ff21df0351d53690bb404bff4c78f419ab59b10e97751c5442d
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0af5efac8e1cb5bb290394d315079dbe
-      Version: 3
-      TBS:
-        MD5: 11e15766710ca8d294dcaf75cdc481c7
-        SHA1: d4fbc4f59e8ac285a2a1cdde885eab8ec7c073f2
-        SHA256: 8235db8c900fcefb648b477bd93a19628b36ff95f3c53237eeae5d3dc6edb450
-        SHA384: c4cfee6d8a6b56e5bba6101fe888f15aa529ddac3176c45cd413cf427447a3fe15c3eaa1b61c91b740519edd61d51d60
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA
-      ValidFrom: '2012-04-18 12:00:00'
-      ValidTo: '2027-04-18 12:00:00'
-      Signature: 9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0dd0e3374ac95bdbfa6b434b2a48ec06
-      Version: 3
-      TBS:
-        MD5: f92649915476229b093c211c2b18e6c4
-        SHA1: 2d54c16a8f8b69ccdea48d0603c132f547a5cf75
-        SHA256: 2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
-        SHA384: 511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 0af5efac8e1cb5bb290394d315079dbe
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA
-      Version: 1
-  Imphash: 578e11377270c1acacba47b17ef7b169
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 6d4517e6348130fe55f11bfd630d857f
-    SHA1: 60a632e4b838731aad553650d6bc8af3d3d80b26
-    SHA256: 8168304169a2453c0c3e0a285c2a07d3b3b83433e0342f6b33400c371af86221
-  Company: Windows (R) Win 7 DDK provider
-  Copyright: "Copyright \xA9 NetFilterSDK.com"
-  CreationTimestamp: '2020-09-15 00:54:17'
-  Date: ''
-  Description: NetFilter SDK WFP Driver (WPP)
-  ExportedFunctions: ''
-  FileVersion: '1.5.9.7 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - memcpy
-  - RtlValidSid
-  - IoFreeMdl
-  - RtlUnwind
-  - KeBugCheckEx
-  - RtlCompareMemory
-  - KeTickCount
-  - _allmul
-  - _aulldiv
-  - KeQuerySystemTime
-  - ExUuidCreate
-  - swprintf_s
-  - KeInitializeEvent
-  - PsCreateSystemThread
-  - ZwSetInformationThread
-  - ObReferenceObjectByHandle
-  - RtlAppendUnicodeToString
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - PsTerminateSystemThread
-  - MmGetSystemRoutineAddress
-  - PsLookupProcessByProcessId
-  - IoAllocateMdl
-  - MmBuildMdlForNonPagedPool
-  - IoReleaseCancelSpinLock
-  - PsGetCurrentProcessId
-  - IofCompleteRequest
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - KeWaitForSingleObject
-  - ObfDereferenceObject
-  - MmAllocatePagesForMdl
-  - MmMapLockedPagesSpecifyCache
-  - MmFreePagesFromMdl
-  - MmUnmapLockedPages
-  - KeSetEvent
-  - ObOpenObjectByPointer
-  - RtlLengthSid
-  - SeExports
-  - RtlCreateAcl
-  - RtlAddAccessAllowedAce
-  - RtlCreateSecurityDescriptor
-  - RtlSetDaclSecurityDescriptor
-  - ZwSetSecurityObject
-  - ZwQueryValueKey
-  - ExDeleteNPagedLookasideList
-  - ExInitializeNPagedLookasideList
-  - InterlockedPushEntrySList
-  - InterlockedPopEntrySList
-  - _aullrem
-  - ExFreePoolWithTag
-  - memset
-  - ExAllocatePoolWithTag
-  - RtlInitUnicodeString
-  - ZwOpenKey
-  - ZwClose
-  - KeReleaseInStackQueuedSpinLock
-  - KeGetCurrentIrql
-  - KeAcquireInStackQueuedSpinLock
-  - FwpsStreamInjectAsync0
-  - FwpmEngineOpen0
-  - FwpmProviderAdd0
-  - FwpmSubLayerDeleteByKey0
-  - FwpmProviderContextDeleteByKey0
-  - FwpsAcquireClassifyHandle0
-  - FwpsQueryPacketInjectionState0
-  - FwpsFlowAssociateContext0
-  - FwpmSubLayerAdd0
-  - FwpmSubLayerCreateEnumHandle0
-  - FwpmFreeMemory0
-  - FwpmSubLayerEnum0
-  - FwpmSubLayerDestroyEnumHandle0
-  - FwpmCalloutAdd0
-  - FwpmFilterAdd0
-  - FwpmTransactionBegin0
-  - FwpmEngineClose0
-  - FwpmTransactionCommit0
-  - FwpmTransactionAbort0
-  - FwpsCalloutRegister1
-  - FwpsCalloutUnregisterByKey0
-  - FwpsPendClassify0
-  - FwpsInjectionHandleCreate0
-  - FwpsCopyStreamDataToBuffer0
-  - FwpsInjectNetworkReceiveAsync0
-  - FwpsAcquireWritableLayerDataPointer0
-  - FwpsApplyModifiedLayerData0
-  - FwpsAllocateNetBufferAndNetBufferList0
-  - FwpsInjectTransportSendAsync0
-  - FwpsConstructIpHeaderForTransportPacket0
-  - FwpsInjectNetworkSendAsync0
-  - FwpsInjectTransportReceiveAsync0
-  - FwpsFreeCloneNetBufferList0
-  - FwpsInjectionHandleDestroy0
-  - FwpsFlowRemoveContext0
-  - FwpsCloneStreamData0
-  - FwpsCompleteClassify0
-  - FwpsReleaseClassifyHandle0
-  - FwpsDiscardClonedStreamData0
-  - FwpsFreeNetBufferList0
-  - FwpmBfeStateGet0
-  - FwpmBfeStateSubscribeChanges0
-  - FwpmBfeStateUnsubscribeChanges0
-  - NdisFreeGenericObject
-  - NdisInitializeEvent
-  - NdisFreeNetBufferListPool
-  - NdisGetDataBuffer
-  - NdisAdvanceNetBufferDataStart
-  - NdisRetreatNetBufferDataStart
-  - NdisAllocateNetBufferListPool
-  - NdisAllocateGenericObject
-  - NdisWaitEvent
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  - fwpkclnt.sys
-  - NDIS.SYS
-  InternalName: netfilter2.sys
-  MD5: 1b54c047e17f0319a6202b579a850c54
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: netfilter2.sys
-  PDBPath: ''
-  Product: Windows (R) Win 7 DDK driver
-  ProductVersion: 6.1.7600.16385
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 4c93d23c41f384b75bda01c7ace495d8
-    SHA1: 28695a10b02de9e1ce2d2b70c463f5d3bbaeaf4c
-    SHA256: 4049be109d3e76b72f97f3faab4a4456933bce7ec4593342fd7046ca2bae226e
-  SHA1: d1178492ba5e23927141fa49edb9aa29640f20f8
-  SHA256: 8017e618b5a7aa608cc4bce16e4defd6b4e99138c4ba1bdd6ad78e39f035cf59
-  Sections:
-    .text:
-      Entropy: 6.467856349257126
-      Virtual Size: '0xb6d0'
-    .rdata:
-      Entropy: 4.408465659438351
-      Virtual Size: '0x8e0'
-    .data:
-      Entropy: 3.1025085790331026
-      Virtual Size: '0xfa4'
-    INIT:
-      Entropy: 5.518016943716045
-      Virtual Size: '0xd34'
-    .rsrc:
-      Entropy: 3.4014320333561083
-      Virtual Size: '0x3e0'
-    .reloc:
-      Entropy: 6.603171661071898
-      Virtual Size: '0xce2'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=FR, L=Paris, O=Orange, OU=Nordnet, CN=Orange
-      ValidFrom: '2020-02-06 00:00:00'
-      ValidTo: '2021-02-06 23:59:59'
-      Signature: 69bcb684fce97d7337f96fc6fe53b0ea3583530177b86a8e2986a25d33f46573718cd139b90876b9ed26317dcbf2d305846428eef0886a0e824a5351b9ae4f53b40ca53331e027951ad1808cbfd74c8376455c69ed4d0087339d3d42c3111d958795c33007f0b0a71ab19e720b5a47e01474041e4fd44845d5970d51b2163299b22b092c5bc35bfa3f11c357ca0d5fcd5359d02e8dc44f89a5720383accd5eb0c206e222ddae0f3840043da2432c644e29a4daeb3d8478adda02ee49e677e3327aecf41ecfef68a311c976b0f2b1e96101d8a332c02df2f34a954f4542bfc8ef3dbe237e731fd501b7097ae5692f5b0cc33cce4e84874d2d37deaa324d5ec72e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 34b2bc04e9d297465f2e52b3afe91006
-      Version: 3
-      TBS:
-        MD5: aa18d17697a27f7af6deb97095af2a2c
-        SHA1: d00a8a47f4879d72d0c724fe76c98c509406169f
-        SHA256: b17c8db0c54e42683d417a0908ba35d55ee44ad152024e2b178aa2a903cc385b
-        SHA384: d4e0e12db6aa39025b4226ad9520b9856481789b2491e4f70398a4e0b0137084b8a73e42046cb81ebffdda16264f3510
-    - Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 SHA256 Code Signing CA
-      ValidFrom: '2013-12-10 00:00:00'
-      ValidTo: '2023-12-09 23:59:59'
-      Signature: 13851a1e69a937f7a0bda4af7e1d6153fe9d8c5e0ca6751e781723ddfdec1a035539fb7195c7655aa78e30d2445a61db706fda2105c22e73ba49f1d193fe5dc9cd5e03e0899e3f741ed7f7388ba9d6cfbb352f3358a89256d1c84d3b82e6798416fc28b0b147f31da23eee87d9a67fa456a53fad842e29de7cbca8aaa33d0401eaba93a20e502229174c87e43a115fd6a425899b056b2fb4c9014c277b0bac190522a060153fdac9fb4d4c8ffb726777fd2794c7ba350e8849fe8dfd28af4a12bd0db39705de440c15fa362b03dcc15001f1a1115d14e5e2bd274b54be2b845e0fa6c374050aef97c38922b11f77f3bdcd43d4f14ca93fb58b84af64f2d01421
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 3d78d7f9764960b2617df4f01eca862a
-      Version: 3
-      TBS:
-        MD5: 1f056ff7d5f874984dc605402b7cb042
-        SHA1: bdb348353a2203deb4b767914fa1bd7248dd728b
-        SHA256: a08e79c386083d875014c409c13d144e0a24386132980df11ff59737c8489eb1
-        SHA384: fa2729064b49e0d77540c1ee95d5f74acaf8eaf55197851a3a40383335f8113e51190bc48b552196edf8ac5cf0c89278
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    Signer:
-    - SerialNumber: 34b2bc04e9d297465f2e52b3afe91006
-      Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 SHA256 Code Signing CA
-      Version: 1
-  Imphash: fc1af6fcd96ae15019c6cbe9015709d3
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 0d76526227d593a8967ed866b5991e10
-    SHA1: 3ae56ab63230d6d9552360845b4a37b5801cc5ea
-    SHA256: e9b433a33dc72eb2622947b41f01d04a48cd71beac775a88f3f1e4c838090ee8
-  Company: Windows (R) Win 7 DDK provider
-  Copyright: "Copyright \xA9 NetFilterSDK.com"
-  CreationTimestamp: '2020-09-15 00:54:19'
-  Date: ''
-  Description: NetFilter SDK WFP Driver (WPP)
-  ExportedFunctions: ''
-  FileVersion: '1.5.9.7 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - KeBugCheckEx
-  - ExUuidCreate
-  - swprintf_s
-  - RtlCreateSecurityDescriptor
-  - RtlLengthSid
-  - IoAllocateMdl
-  - ObOpenObjectByPointer
-  - IoReleaseCancelSpinLock
-  - IoCreateDevice
-  - MmFreePagesFromMdl
-  - ObfDereferenceObject
-  - PsGetCurrentProcessId
-  - IoCreateSymbolicLink
-  - SeExports
-  - ZwSetSecurityObject
-  - KeWaitForSingleObject
-  - ObReferenceObjectByHandle
-  - ZwSetInformationThread
-  - IofCompleteRequest
-  - PsTerminateSystemThread
-  - ZwQueryValueKey
-  - MmMapLockedPagesSpecifyCache
-  - PsCreateSystemThread
-  - RtlAddAccessAllowedAce
-  - MmBuildMdlForNonPagedPool
-  - MmAllocatePagesForMdl
-  - KeInitializeEvent
-  - RtlAppendUnicodeToString
-  - MmGetSystemRoutineAddress
-  - KeSetEvent
-  - IoDeleteDevice
-  - RtlSetDaclSecurityDescriptor
-  - PsLookupProcessByProcessId
-  - RtlCreateAcl
-  - IoDeleteSymbolicLink
-  - MmUnmapLockedPages
-  - RtlCompareMemory
-  - RtlValidSid
-  - ExDeleteNPagedLookasideList
-  - ExQueryDepthSList
-  - IoFreeMdl
-  - ExpInterlockedPopEntrySList
-  - KeAcquireInStackQueuedSpinLock
-  - ExpInterlockedPushEntrySList
-  - KeReleaseInStackQueuedSpinLock
-  - ExInitializeNPagedLookasideList
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - ZwOpenKey
-  - ZwClose
-  - RtlInitUnicodeString
-  - __C_specific_handler
-  - FwpsFlowAssociateContext0
-  - FwpsCalloutUnregisterByKey0
-  - FwpmSubLayerAdd0
-  - FwpsQueryPacketInjectionState0
-  - FwpmSubLayerDeleteByKey0
-  - FwpmSubLayerEnum0
-  - FwpmTransactionCommit0
-  - FwpmSubLayerCreateEnumHandle0
-  - FwpmSubLayerDestroyEnumHandle0
-  - FwpmProviderContextDeleteByKey0
-  - FwpmCalloutAdd0
-  - FwpmProviderAdd0
-  - FwpmTransactionAbort0
-  - FwpmEngineOpen0
-  - FwpsAcquireClassifyHandle0
-  - FwpmFilterAdd0
-  - FwpsPendClassify0
-  - FwpsCalloutRegister1
-  - FwpmTransactionBegin0
-  - FwpmEngineClose0
-  - FwpmFreeMemory0
-  - FwpsAcquireWritableLayerDataPointer0
-  - FwpsApplyModifiedLayerData0
-  - FwpsInjectNetworkReceiveAsync0
-  - FwpsFreeCloneNetBufferList0
-  - FwpsInjectionHandleDestroy0
-  - FwpsConstructIpHeaderForTransportPacket0
-  - FwpsAllocateNetBufferAndNetBufferList0
-  - FwpsInjectionHandleCreate0
-  - FwpsInjectTransportReceiveAsync0
-  - FwpsInjectNetworkSendAsync0
-  - FwpsCopyStreamDataToBuffer0
-  - FwpsInjectTransportSendAsync0
-  - FwpsFlowRemoveContext0
-  - FwpsCloneStreamData0
-  - FwpsCompleteClassify0
-  - FwpsStreamInjectAsync0
-  - FwpsReleaseClassifyHandle0
-  - FwpsDiscardClonedStreamData0
-  - FwpsFreeNetBufferList0
-  - FwpmBfeStateUnsubscribeChanges0
-  - FwpmBfeStateGet0
-  - FwpmBfeStateSubscribeChanges0
-  - NdisAllocateGenericObject
-  - NdisWaitEvent
-  - NdisAllocateNetBufferListPool
-  - NdisInitializeEvent
-  - NdisFreeGenericObject
-  - NdisFreeNetBufferListPool
-  - NdisGetDataBuffer
-  - NdisRetreatNetBufferDataStart
-  - NdisAdvanceNetBufferDataStart
-  Imports:
-  - ntoskrnl.exe
-  - fwpkclnt.sys
-  - NDIS.SYS
-  InternalName: netfilter2.sys
-  MD5: 14acd57bd9fa8093c46fdd5e9f271b70
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: netfilter2.sys
-  PDBPath: ''
-  Product: Windows (R) Win 7 DDK driver
-  ProductVersion: 6.1.7600.16385
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 5f9eb581b0ce6f9d2b5f1f5a9771af50
-    SHA1: cb1828152e4668b5e033ee126a52df4f76700b2a
-    SHA256: e9bd3b71a475097efee5f9196d05a582abc2323affe47c2c9cf9bf933004e22f
-  SHA1: b0cb07e84261626a384e74020735be0cace7a3bd
-  SHA256: 639ff79f13e40d47b90ecd709699edd10e740cb41451acb95590a68b6352de2b
-  Sections:
-    .text:
-      Entropy: 6.2545679166711565
-      Virtual Size: '0xd64e'
-    .rdata:
-      Entropy: 5.490124607621635
-      Virtual Size: '0xbd4'
-    .data:
-      Entropy: 1.921663371680462
-      Virtual Size: '0x1718'
-    .pdata:
-      Entropy: 4.529523254969204
-      Virtual Size: '0x6d8'
-    INIT:
-      Entropy: 5.309837255433513
-      Virtual Size: '0xe96'
-    .rsrc:
-      Entropy: 3.410095048874038
-      Virtual Size: '0x3e0'
-    .reloc:
-      Entropy: 3.9064526149567356
-      Virtual Size: '0x1fe'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=FR, L=Paris, O=Orange, OU=Nordnet, CN=Orange
-      ValidFrom: '2020-02-06 00:00:00'
-      ValidTo: '2021-02-06 23:59:59'
-      Signature: 69bcb684fce97d7337f96fc6fe53b0ea3583530177b86a8e2986a25d33f46573718cd139b90876b9ed26317dcbf2d305846428eef0886a0e824a5351b9ae4f53b40ca53331e027951ad1808cbfd74c8376455c69ed4d0087339d3d42c3111d958795c33007f0b0a71ab19e720b5a47e01474041e4fd44845d5970d51b2163299b22b092c5bc35bfa3f11c357ca0d5fcd5359d02e8dc44f89a5720383accd5eb0c206e222ddae0f3840043da2432c644e29a4daeb3d8478adda02ee49e677e3327aecf41ecfef68a311c976b0f2b1e96101d8a332c02df2f34a954f4542bfc8ef3dbe237e731fd501b7097ae5692f5b0cc33cce4e84874d2d37deaa324d5ec72e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 34b2bc04e9d297465f2e52b3afe91006
-      Version: 3
-      TBS:
-        MD5: aa18d17697a27f7af6deb97095af2a2c
-        SHA1: d00a8a47f4879d72d0c724fe76c98c509406169f
-        SHA256: b17c8db0c54e42683d417a0908ba35d55ee44ad152024e2b178aa2a903cc385b
-        SHA384: d4e0e12db6aa39025b4226ad9520b9856481789b2491e4f70398a4e0b0137084b8a73e42046cb81ebffdda16264f3510
-    - Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 SHA256 Code Signing CA
-      ValidFrom: '2013-12-10 00:00:00'
-      ValidTo: '2023-12-09 23:59:59'
-      Signature: 13851a1e69a937f7a0bda4af7e1d6153fe9d8c5e0ca6751e781723ddfdec1a035539fb7195c7655aa78e30d2445a61db706fda2105c22e73ba49f1d193fe5dc9cd5e03e0899e3f741ed7f7388ba9d6cfbb352f3358a89256d1c84d3b82e6798416fc28b0b147f31da23eee87d9a67fa456a53fad842e29de7cbca8aaa33d0401eaba93a20e502229174c87e43a115fd6a425899b056b2fb4c9014c277b0bac190522a060153fdac9fb4d4c8ffb726777fd2794c7ba350e8849fe8dfd28af4a12bd0db39705de440c15fa362b03dcc15001f1a1115d14e5e2bd274b54be2b845e0fa6c374050aef97c38922b11f77f3bdcd43d4f14ca93fb58b84af64f2d01421
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 3d78d7f9764960b2617df4f01eca862a
-      Version: 3
-      TBS:
-        MD5: 1f056ff7d5f874984dc605402b7cb042
-        SHA1: bdb348353a2203deb4b767914fa1bd7248dd728b
-        SHA256: a08e79c386083d875014c409c13d144e0a24386132980df11ff59737c8489eb1
-        SHA384: fa2729064b49e0d77540c1ee95d5f74acaf8eaf55197851a3a40383335f8113e51190bc48b552196edf8ac5cf0c89278
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    Signer:
-    - SerialNumber: 34b2bc04e9d297465f2e52b3afe91006
-      Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 SHA256 Code Signing CA
-      Version: 1
-  Imphash: 578e11377270c1acacba47b17ef7b169
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 3361957860d2b65c0368778ca088946f
-    SHA1: 6a784d45517142c11d5cca3ff9956b2ed6eaf4c9
-    SHA256: e94e8a87459db56837d1c58f9854794aa99f36566a9ded9b398be9d4d3a2c2af
-  Company: Windows (R) Win 7 DDK provider
-  Copyright: "Copyright \xA9 NetFilterSDK.com"
-  CreationTimestamp: '2020-09-15 00:54:41'
-  Date: ''
-  Description: NetFilter SDK WFP Driver (WPP)
-  ExportedFunctions: ''
-  FileVersion: 1.5.9.7
-  Filename: ''
-  ImportedFunctions:
-  - FwpmFreeMemory0
-  - FwpmEngineOpen0
-  - FwpmEngineClose0
-  - FwpmTransactionBegin0
-  - FwpmTransactionCommit0
-  - FwpmTransactionAbort0
-  - FwpmProviderAdd0
-  - FwpmProviderContextDeleteByKey0
-  - FwpmSubLayerAdd0
-  - FwpmSubLayerDeleteByKey0
-  - FwpmSubLayerCreateEnumHandle0
-  - FwpmSubLayerEnum0
-  - FwpmSubLayerDestroyEnumHandle0
-  - FwpmCalloutAdd0
-  - FwpmFilterAdd0
-  - FwpsFlowAbort0
-  - FwpsInjectionHandleCreate0
-  - FwpsInjectionHandleDestroy0
-  - FwpsRedirectHandleCreate0
-  - FwpsFreeNetBufferList0
-  - FwpsFreeCloneNetBufferList0
-  - FwpsInjectNetworkSendAsync0
-  - FwpsConstructIpHeaderForTransportPacket0
-  - FwpsInjectTransportSendAsync0
-  - FwpsInjectTransportReceiveAsync0
-  - FwpsInjectNetworkReceiveAsync0
-  - FwpsStreamInjectAsync0
-  - FwpsCopyStreamDataToBuffer0
-  - FwpmBfeStateGet0
-  - FwpmBfeStateSubscribeChanges0
-  - FwpmBfeStateUnsubscribeChanges0
-  - FwpsFlowRemoveContext0
-  - FwpsCompleteClassify0
-  - FwpsRedirectHandleDestroy0
-  - FwpsCloneStreamData0
-  - FwpsDiscardClonedStreamData0
-  - FwpsQueryPacketInjectionState0
-  - FwpsApplyModifiedLayerData0
-  - FwpsAcquireWritableLayerDataPointer0
-  - FwpsReleaseClassifyHandle0
-  - FwpsAcquireClassifyHandle0
-  - FwpsFlowAssociateContext0
-  - FwpsCalloutUnregisterByKey0
-  - FwpsCalloutRegister1
-  - FwpsPendClassify0
-  - FwpsAllocateNetBufferAndNetBufferList0
-  - NdisFreeNetBufferListPool
-  - NdisAllocateNetBufferListPool
-  - NdisWaitEvent
-  - NdisInitializeEvent
-  - NdisFreeGenericObject
-  - NdisAllocateGenericObject
-  - NdisGetDataBuffer
-  - NdisAdvanceNetBufferDataStart
-  - NdisRetreatNetBufferDataStart
-  - KeAcquireInStackQueuedSpinLock
-  - KeReleaseInStackQueuedSpinLock
-  - ExAllocatePoolWithTag
-  - ExUuidCreate
-  - swprintf_s
-  - RtlInitUnicodeString
-  - MmGetSystemRoutineAddress
-  - RtlAppendUnicodeToString
-  - RtlCreateSecurityDescriptor
-  - RtlSetDaclSecurityDescriptor
-  - KeInitializeEvent
-  - KeSetEvent
-  - KeWaitForSingleObject
-  - KeInitializeSpinLock
-  - ExFreePoolWithTag
-  - ExQueryDepthSList
-  - ExpInterlockedPopEntrySList
-  - ExpInterlockedPushEntrySList
-  - ExInitializeNPagedLookasideList
-  - ExDeleteNPagedLookasideList
-  - MmBuildMdlForNonPagedPool
-  - MmMapLockedPagesSpecifyCache
-  - MmUnmapLockedPages
-  - MmAllocatePagesForMdl
-  - MmFreePagesFromMdl
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - IoAllocateMdl
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - IoFreeMdl
-  - IoReleaseCancelSpinLock
-  - ObReferenceObjectByHandle
-  - ObfDereferenceObject
-  - ZwClose
-  - ZwOpenKey
-  - ZwQueryValueKey
-  - PsGetCurrentProcessId
-  - ZwSetInformationThread
-  - RtlLengthSid
-  - RtlCreateAcl
-  - RtlAddAccessAllowedAce
-  - PsLookupProcessByProcessId
-  - ObOpenObjectByPointer
-  - ZwSetSecurityObject
-  - __C_specific_handler
-  - SeExports
-  - RtlGetVersion
-  - RtlCompareMemory
-  - RtlValidSid
-  Imports:
-  - fwpkclnt.sys
-  - NDIS.SYS
-  - ntoskrnl.exe
-  InternalName: netfilter2.sys
-  MD5: 303d0cc0864955eb20fe820104713d5f
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: netfilter2.sys
-  PDBPath: ''
-  Product: Windows (R) Win 7 DDK driver
-  ProductVersion: 6.2.9200.20557
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: c646eed94ec9e75c1a5498d3642cdab3
-    SHA1: 0d0761641e424cc895ba76723784427fcf297f4a
-    SHA256: 7cecb42d3d4ae8649f3b4714fbab29c4cef8e24a48b0eea2537824fc40f4ea7f
-  SHA1: 22314679389c9db6e7e99ca991a597055100f50b
-  SHA256: 9dbc2a37f53507296cc912e7d354dab4e55541ba821561aa84f74d1bd8346be2
-  Sections:
-    .text:
-      Entropy: 6.150053710509848
-      Virtual Size: '0x1019a'
-    .rdata:
-      Entropy: 4.871173021345663
-      Virtual Size: '0x1ddc'
-    .data:
-      Entropy: 2.2005364202433433
-      Virtual Size: '0x18c0'
-    .pdata:
-      Entropy: 5.031237899973202
-      Virtual Size: '0xe40'
-    INIT:
-      Entropy: 5.179921200293236
-      Virtual Size: '0xeca'
-    .rsrc:
-      Entropy: 3.5922103150308553
-      Virtual Size: '0x448'
-    .reloc:
-      Entropy: 3.7790472033993128
-      Virtual Size: '0x228'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: ??=RU, ??=Private Organization, serialNumber=1157746204230, C=RU, L=,
-        O=LLC SOLAR SECURITY, CN=LLC SOLAR SECURITY
-      ValidFrom: '2020-06-03 00:00:00'
-      ValidTo: '2021-06-08 12:00:00'
-      Signature: 6fd8c320ccdfbea394ffe3e5a536d22b119b04398171c2e7c31feaa4df598a48fb61e28462a7b1fb7215b4ec83da74c6594e9aaa87f0933e4d365a1e1eddfbac8da585d070cffc63a6d55ae305a70993206f0280515ebea65d7070138d18f0b6a6c617f10f5e575f86279b77e96b3971a2cae4609014310fe3678ee0c54f12eef32d98966d71a1b79f7cd2d6fc3204bddf04cce38750e7e59d0211ef331e77c88063a708457a651f960ba41356fc23b9c330f2c3b7a493a4f2a17bc5c6690e93a5e5f6884c7dba0b585d045ca6eb12075a8585ebf12c6a65fa69ab85a60695d53e3ef609090eebe61f30fa9f28db665da62915d82ccb07c68e628e1fe2c0499e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 02ddad01eba5f46cb2deb0f7d2acd0f7
-      Version: 3
-      TBS:
-        MD5: cd2b0d085a3d343b08650dca77f6d61a
-        SHA1: 003e7627100a520659381210817e3cc34ffa5787
-        SHA256: bde895ed82cf5ec3a4e10ade85e43a41f5cfb21683c065fe546e83d4c33aa3f1
-        SHA384: b8a6e2febb0674e9ce3ae563d445f9e23872eb2a0a6b3d65ea2f93668fc4a514ffbdda6d7bce7e07cbe8152deebc060d
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA (SHA2)
-      ValidFrom: '2012-04-18 12:00:00'
-      ValidTo: '2027-04-18 12:00:00'
-      Signature: 19334a0c813337dbad36c9e4c93abbb51b2e7aa2e2f44342179ebf4ea14de1b1dbe981dd9f01f2e488d5e9fe09fd21c1ec5d80d2f0d6c143c2fe772bdbf9d79133ce6cd5b2193be62ed6c9934f88408ecde1f57ef10fc6595672e8eb6a41bd1cd546d57c49ca663815c1bfe091707787dcc98d31c90c29a233ed8de287cd898d3f1bffd5e01a978b7cda6dfba8c6b23a666b7b01b3cdd8a634ec1201ab9558a5c45357a860e6e70212a0b92364a24dbb7c81256421becfee42184397bba53706af4dff26a54d614bec4641b865ceb8799e08960b818c8a3b8fc7998ca32a6e986d5e61c696b78ab9612d93b8eb0e0443d7f5fea6f062d4996aa5c1c1f0649480
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 03f1b4e15f3a82f1149678b3d7d8475c
-      Version: 3
-      TBS:
-        MD5: 83f5de89f641d0fbf60248e10a7b9534
-        SHA1: 382a73a059a08698d6eb98c87e1b36fc750933a4
-        SHA256: eec58131dc11cd7f512501b15fdbc6074c603b68ca91f7162d5a042054edb0cf
-        SHA384: 4a25018683cabfb8ec2cad136334f37f33c89aa8540326322991d997c8adfb7faf06ab602ebd46630fe75fe3d2edc6b1
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 02ddad01eba5f46cb2deb0f7d2acd0f7
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA (SHA2)
-      Version: 1
-  Imphash: c3658b106f146a18ba9b6e5c7bacfe9b
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: b42afd5a5225094c7943185e769bc995
-    SHA1: 22c5e127e7e7c567d8624607a6f8f5809deacb55
-    SHA256: de6bf572d39e2611773e7a01f0388f84fb25da6cba2f1f8b9b36ffba467de6fa
-  Company: "\u5B8F\u56FE\u65E0\u5FE7"
-  Copyright: "Copyright \xA9 wyjsq.com"
-  CreationTimestamp: '2019-06-10 08:45:52'
-  Date: ''
-  Description: WYJSQ TDI Hook Driver (WPP)
-  ExportedFunctions: ''
-  FileVersion: '1.4.9.5 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - IoDeleteSymbolicLink
-  - IofCompleteRequest
-  - ZwClose
-  - ObfDereferenceObject
-  - ObOpenObjectByPointer
-  - PsLookupProcessByProcessId
-  - MmGetSystemRoutineAddress
-  - RtlInitUnicodeString
-  - IoDetachDevice
-  - IofCallDriver
-  - IoFreeMdl
-  - memcpy
-  - MmBuildMdlForNonPagedPool
-  - IoBuildDeviceIoControlRequest
-  - IoAllocateMdl
-  - RtlDowncaseUnicodeString
-  - PsGetCurrentProcessId
-  - KeWaitForSingleObject
-  - KeInitializeEvent
-  - KeInsertQueueDpc
-  - IoReleaseCancelSpinLock
-  - ObReferenceObjectByHandle
-  - IoDeleteDevice
-  - MmMapLockedPagesSpecifyCache
-  - IoAllocateIrp
-  - KeInitializeTimer
-  - KeInitializeDpc
-  - RtlAppendUnicodeToString
-  - IoAttachDeviceToDeviceStack
-  - IoGetDeviceObjectPointer
-  - ObfReferenceObject
-  - KeSetTimer
-  - MmFreePagesFromMdl
-  - MmUnmapLockedPages
-  - MmAllocatePagesForMdl
-  - ZwQueryValueKey
-  - ZwOpenKey
-  - ZwSetSecurityObject
-  - RtlSetDaclSecurityDescriptor
-  - RtlCreateSecurityDescriptor
-  - RtlAddAccessAllowedAce
-  - RtlCreateAcl
-  - RtlLengthSid
-  - SeExports
-  - KeTickCount
-  - KeBugCheckEx
-  - _aullrem
-  - ExFreePoolWithTag
-  - memset
-  - IoFreeIrp
-  - ExAllocatePoolWithTag
-  - RtlUnwind
-  - KfAcquireSpinLock
-  - KfReleaseSpinLock
-  - TdiMapUserRequest
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  - TDI.SYS
-  InternalName: netfilter2.sys
-  MD5: 173779a1a53b6ac06dcf045bc78eed62
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: netfilter2.sys
-  PDBPath: ''
-  Product: "\u65E0\u5FE7\u52A0\u901F\u5668"
-  ProductVersion: 1.5.8.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: ea1a25e78d69ef318ef4d2fbfd420541
-    SHA1: 1f795bc5eaecf5ee96f77ae703426b5f65e0d895
-    SHA256: 1c10422043879162a1e9a246a3125f545a119afc8c25fd6822f48509ee2a02c0
-  SHA1: c46e469d45ecc08a5b13a6d9d9b7f9c5a9fae008
-  SHA256: 26d67d479dafe6b33c980bd1eed0b6d749f43d05d001c5dcaaf5fcddb9b899fe
-  Sections:
-    .text:
-      Entropy: 6.296843927579521
-      Virtual Size: '0xb482'
-    .rdata:
-      Entropy: 4.07360217642813
-      Virtual Size: '0x214'
-    .data:
-      Entropy: 0.021179877335710875
-      Virtual Size: '0x1458'
-    INIT:
-      Entropy: 5.460393228615208
-      Virtual Size: '0x64a'
-    .rsrc:
-      Entropy: 3.514358315657194
-      Virtual Size: '0x408'
-    .reloc:
-      Entropy: 6.490758317321038
-      Virtual Size: '0xca2'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: C=CN, ST=, L=, O=, CN=
-      ValidFrom: '2019-06-27 00:00:00'
-      ValidTo: '2020-06-30 12:00:00'
-      Signature: 03dde89129103227d1e3b60f8112561b8b40ba165d1c9d6867aa730429a5534bb8fd6f9883704c5d2ddc938bbb8477a37ea3e01ecc696079a283e4d2534ca96b5049034c454324abf188ab6536ba0ee6e6f1f194a23363d9198eb829cf68834cd952074413bd9711e39037d0ecdba6ec2c7e2c7b46946c4ebea4ee1b84b7cb6582826da8eeafc5d1e9daf8f777480a7507017a6c485b25d94df9546c4ad4ebba85d79ce89422571b2e03557ba2b0396c4bacb5262e51cde8fe9c46d1f0e5e414757f53f5aded921c117f8c7bcf8caa4acc00b120c7a0a48ea84bd618e65c867d74367ab9f3285929c4f98e587f3620bb066906ffe450a911ded794c508f656a7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 09450b8f73ea43e39d2cdd56049dbe40
-      Version: 3
-      TBS:
-        MD5: bcfecc67375f580ac6eadd789860b1f8
-        SHA1: 3fa9cf13a1816a6e358bb1ca12e050662bc2e178
-        SHA256: fbb627aabbe2b2dbfdddfbad14392049b0d76f8d9679f3d550333b84b20320df
-        SHA384: d496c3920c3ab14a3c79e9bd41351912f045ea3b42ba9ec0cb0b1f778d1178174a831fe89848a8226957f2b6f079f01d
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
-      Version: 3
-      TBS:
-        MD5: 829995f702421dea833a24fb2c7f4442
-        SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
-        SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
-        SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 09450b8f73ea43e39d2cdd56049dbe40
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      Version: 1
-  Imphash: dc1fe38f597362ae167fd4212146aa60
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 6d4517e6348130fe55f11bfd630d857f
-    SHA1: 60a632e4b838731aad553650d6bc8af3d3d80b26
-    SHA256: 8168304169a2453c0c3e0a285c2a07d3b3b83433e0342f6b33400c371af86221
-  Company: Windows (R) Win 7 DDK provider
-  Copyright: "Copyright \xA9 NetFilterSDK.com"
-  CreationTimestamp: '2020-09-15 00:54:17'
-  Date: ''
-  Description: NetFilter SDK WFP Driver (WPP)
-  ExportedFunctions: ''
-  FileVersion: '1.5.9.7 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - memcpy
-  - RtlValidSid
-  - IoFreeMdl
-  - RtlUnwind
-  - KeBugCheckEx
-  - RtlCompareMemory
-  - KeTickCount
-  - _allmul
-  - _aulldiv
-  - KeQuerySystemTime
-  - ExUuidCreate
-  - swprintf_s
-  - KeInitializeEvent
-  - PsCreateSystemThread
-  - ZwSetInformationThread
-  - ObReferenceObjectByHandle
-  - RtlAppendUnicodeToString
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - PsTerminateSystemThread
-  - MmGetSystemRoutineAddress
-  - PsLookupProcessByProcessId
-  - IoAllocateMdl
-  - MmBuildMdlForNonPagedPool
-  - IoReleaseCancelSpinLock
-  - PsGetCurrentProcessId
-  - IofCompleteRequest
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - KeWaitForSingleObject
-  - ObfDereferenceObject
-  - MmAllocatePagesForMdl
-  - MmMapLockedPagesSpecifyCache
-  - MmFreePagesFromMdl
-  - MmUnmapLockedPages
-  - KeSetEvent
-  - ObOpenObjectByPointer
-  - RtlLengthSid
-  - SeExports
-  - RtlCreateAcl
-  - RtlAddAccessAllowedAce
-  - RtlCreateSecurityDescriptor
-  - RtlSetDaclSecurityDescriptor
-  - ZwSetSecurityObject
-  - ZwQueryValueKey
-  - ExDeleteNPagedLookasideList
-  - ExInitializeNPagedLookasideList
-  - InterlockedPushEntrySList
-  - InterlockedPopEntrySList
-  - _aullrem
-  - ExFreePoolWithTag
-  - memset
-  - ExAllocatePoolWithTag
-  - RtlInitUnicodeString
-  - ZwOpenKey
-  - ZwClose
-  - KeReleaseInStackQueuedSpinLock
-  - KeGetCurrentIrql
-  - KeAcquireInStackQueuedSpinLock
-  - FwpsStreamInjectAsync0
-  - FwpmEngineOpen0
-  - FwpmProviderAdd0
-  - FwpmSubLayerDeleteByKey0
-  - FwpmProviderContextDeleteByKey0
-  - FwpsAcquireClassifyHandle0
-  - FwpsQueryPacketInjectionState0
-  - FwpsFlowAssociateContext0
-  - FwpmSubLayerAdd0
-  - FwpmSubLayerCreateEnumHandle0
-  - FwpmFreeMemory0
-  - FwpmSubLayerEnum0
-  - FwpmSubLayerDestroyEnumHandle0
-  - FwpmCalloutAdd0
-  - FwpmFilterAdd0
-  - FwpmTransactionBegin0
-  - FwpmEngineClose0
-  - FwpmTransactionCommit0
-  - FwpmTransactionAbort0
-  - FwpsCalloutRegister1
-  - FwpsCalloutUnregisterByKey0
-  - FwpsPendClassify0
-  - FwpsInjectionHandleCreate0
-  - FwpsCopyStreamDataToBuffer0
-  - FwpsInjectNetworkReceiveAsync0
-  - FwpsAcquireWritableLayerDataPointer0
-  - FwpsApplyModifiedLayerData0
-  - FwpsAllocateNetBufferAndNetBufferList0
-  - FwpsInjectTransportSendAsync0
-  - FwpsConstructIpHeaderForTransportPacket0
-  - FwpsInjectNetworkSendAsync0
-  - FwpsInjectTransportReceiveAsync0
-  - FwpsFreeCloneNetBufferList0
-  - FwpsInjectionHandleDestroy0
-  - FwpsFlowRemoveContext0
-  - FwpsCloneStreamData0
-  - FwpsCompleteClassify0
-  - FwpsReleaseClassifyHandle0
-  - FwpsDiscardClonedStreamData0
-  - FwpsFreeNetBufferList0
-  - FwpmBfeStateGet0
-  - FwpmBfeStateSubscribeChanges0
-  - FwpmBfeStateUnsubscribeChanges0
-  - NdisFreeGenericObject
-  - NdisInitializeEvent
-  - NdisFreeNetBufferListPool
-  - NdisGetDataBuffer
-  - NdisAdvanceNetBufferDataStart
-  - NdisRetreatNetBufferDataStart
-  - NdisAllocateNetBufferListPool
-  - NdisAllocateGenericObject
-  - NdisWaitEvent
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  - fwpkclnt.sys
-  - NDIS.SYS
-  InternalName: netfilter2.sys
-  MD5: 15cfb6e9841d553926aace5114fa8475
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: netfilter2.sys
-  PDBPath: ''
-  Product: Windows (R) Win 7 DDK driver
-  ProductVersion: 6.1.7600.16385
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 4c93d23c41f384b75bda01c7ace495d8
-    SHA1: 28695a10b02de9e1ce2d2b70c463f5d3bbaeaf4c
-    SHA256: 4049be109d3e76b72f97f3faab4a4456933bce7ec4593342fd7046ca2bae226e
-  SHA1: 16211fd7b3dd8fd09181a7f4ed20e629e374c00b
-  SHA256: 6703400b490b35bcde6e41ce1640920251855e6d94171170ae7ea22cdd0938c0
-  Sections:
-    .text:
-      Entropy: 6.467856349257126
-      Virtual Size: '0xb6d0'
-    .rdata:
-      Entropy: 4.408465659438351
-      Virtual Size: '0x8e0'
-    .data:
-      Entropy: 3.1025085790331026
-      Virtual Size: '0xfa4'
-    INIT:
-      Entropy: 5.518016943716045
-      Virtual Size: '0xd34'
-    .rsrc:
-      Entropy: 3.4014320333561083
-      Virtual Size: '0x3e0'
-    .reloc:
-      Entropy: 6.603171661071898
-      Virtual Size: '0xce2'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: ??=CN, ??=, ??=, ??=Private Organization, serialNumber=91420100MA49KFRB44,
-        C=CN, ST=, L=, O=, CN=
-      ValidFrom: '2020-10-26 00:00:00'
-      ValidTo: '2022-10-27 23:59:59'
-      Signature: 79197d1bcfcf1e9bad9b6e106ff984000ed506986e884b44056fe05b8ea34d36f5b368551ee2848e3a9f55caad769e641dfb27e2a7182ceaf33b7b7a96a0f0ee966cb67377c2ceebdb72e7672079721ebfe265f3f3e95aa080d0f53fbf70b810e6af342243e6d7af74a9c9e0cec31200ab074e500ef8f8d11541d3409ee0a42835e8a6ce2b19385a2738d00b8e31f874c41e5cea3e30bee081840a3c83ad3aba7aff0240caacc839c0bdab5448d3376f3d7360eb77ba366cb7e3364f638ba48b37e82f03baa20868717f6c58a0175dd5417d1670e97c8dc8b6b021e39f5ce087b63a6de6f46968d7ee37135d40b309b56c12e314b46cd74a51638196a2e02e1c
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0108cbaee60728f5bf06e45a56d6f170
-      Version: 3
-      TBS:
-        MD5: 4e8398340fdf2c302ef881776b4626e7
-        SHA1: 483073cdc5b9b560c2d5aa80b62fa184ae4467ba
-        SHA256: b9d8daa31a25a3c525aa5cb844ced8da586540f20dc0a004209c598a56b95401
-        SHA384: 7c7d3a1f5042fca415289ad926b2826a85551195994fa8e8398f747a63672ed1c9196be485f0c2da9fa6801c170518f4
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA
-      ValidFrom: '2012-04-18 12:00:00'
-      ValidTo: '2027-04-18 12:00:00'
-      Signature: 9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0dd0e3374ac95bdbfa6b434b2a48ec06
-      Version: 3
-      TBS:
-        MD5: f92649915476229b093c211c2b18e6c4
-        SHA1: 2d54c16a8f8b69ccdea48d0603c132f547a5cf75
-        SHA256: 2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
-        SHA384: 511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 0108cbaee60728f5bf06e45a56d6f170
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA
-      Version: 1
-  Imphash: fc1af6fcd96ae15019c6cbe9015709d3
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 0d76526227d593a8967ed866b5991e10
-    SHA1: 3ae56ab63230d6d9552360845b4a37b5801cc5ea
-    SHA256: e9b433a33dc72eb2622947b41f01d04a48cd71beac775a88f3f1e4c838090ee8
-  Company: Windows (R) Win 7 DDK provider
-  Copyright: "Copyright \xA9 NetFilterSDK.com"
-  CreationTimestamp: '2020-09-15 00:54:19'
-  Date: ''
-  Description: NetFilter SDK WFP Driver (WPP)
-  ExportedFunctions: ''
-  FileVersion: '1.5.9.7 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - KeBugCheckEx
-  - ExUuidCreate
-  - swprintf_s
-  - RtlCreateSecurityDescriptor
-  - RtlLengthSid
-  - IoAllocateMdl
-  - ObOpenObjectByPointer
-  - IoReleaseCancelSpinLock
-  - IoCreateDevice
-  - MmFreePagesFromMdl
-  - ObfDereferenceObject
-  - PsGetCurrentProcessId
-  - IoCreateSymbolicLink
-  - SeExports
-  - ZwSetSecurityObject
-  - KeWaitForSingleObject
-  - ObReferenceObjectByHandle
-  - ZwSetInformationThread
-  - IofCompleteRequest
-  - PsTerminateSystemThread
-  - ZwQueryValueKey
-  - MmMapLockedPagesSpecifyCache
-  - PsCreateSystemThread
-  - RtlAddAccessAllowedAce
-  - MmBuildMdlForNonPagedPool
-  - MmAllocatePagesForMdl
-  - KeInitializeEvent
-  - RtlAppendUnicodeToString
-  - MmGetSystemRoutineAddress
-  - KeSetEvent
-  - IoDeleteDevice
-  - RtlSetDaclSecurityDescriptor
-  - PsLookupProcessByProcessId
-  - RtlCreateAcl
-  - IoDeleteSymbolicLink
-  - MmUnmapLockedPages
-  - RtlCompareMemory
-  - RtlValidSid
-  - ExDeleteNPagedLookasideList
-  - ExQueryDepthSList
-  - IoFreeMdl
-  - ExpInterlockedPopEntrySList
-  - KeAcquireInStackQueuedSpinLock
-  - ExpInterlockedPushEntrySList
-  - KeReleaseInStackQueuedSpinLock
-  - ExInitializeNPagedLookasideList
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - ZwOpenKey
-  - ZwClose
-  - RtlInitUnicodeString
-  - __C_specific_handler
-  - FwpsFlowAssociateContext0
-  - FwpsCalloutUnregisterByKey0
-  - FwpmSubLayerAdd0
-  - FwpsQueryPacketInjectionState0
-  - FwpmSubLayerDeleteByKey0
-  - FwpmSubLayerEnum0
-  - FwpmTransactionCommit0
-  - FwpmSubLayerCreateEnumHandle0
-  - FwpmSubLayerDestroyEnumHandle0
-  - FwpmProviderContextDeleteByKey0
-  - FwpmCalloutAdd0
-  - FwpmProviderAdd0
-  - FwpmTransactionAbort0
-  - FwpmEngineOpen0
-  - FwpsAcquireClassifyHandle0
-  - FwpmFilterAdd0
-  - FwpsPendClassify0
-  - FwpsCalloutRegister1
-  - FwpmTransactionBegin0
-  - FwpmEngineClose0
-  - FwpmFreeMemory0
-  - FwpsAcquireWritableLayerDataPointer0
-  - FwpsApplyModifiedLayerData0
-  - FwpsInjectNetworkReceiveAsync0
-  - FwpsFreeCloneNetBufferList0
-  - FwpsInjectionHandleDestroy0
-  - FwpsConstructIpHeaderForTransportPacket0
-  - FwpsAllocateNetBufferAndNetBufferList0
-  - FwpsInjectionHandleCreate0
-  - FwpsInjectTransportReceiveAsync0
-  - FwpsInjectNetworkSendAsync0
-  - FwpsCopyStreamDataToBuffer0
-  - FwpsInjectTransportSendAsync0
-  - FwpsFlowRemoveContext0
-  - FwpsCloneStreamData0
-  - FwpsCompleteClassify0
-  - FwpsStreamInjectAsync0
-  - FwpsReleaseClassifyHandle0
-  - FwpsDiscardClonedStreamData0
-  - FwpsFreeNetBufferList0
-  - FwpmBfeStateUnsubscribeChanges0
-  - FwpmBfeStateGet0
-  - FwpmBfeStateSubscribeChanges0
-  - NdisAllocateGenericObject
-  - NdisWaitEvent
-  - NdisAllocateNetBufferListPool
-  - NdisInitializeEvent
-  - NdisFreeGenericObject
-  - NdisFreeNetBufferListPool
-  - NdisGetDataBuffer
-  - NdisRetreatNetBufferDataStart
-  - NdisAdvanceNetBufferDataStart
-  Imports:
-  - ntoskrnl.exe
-  - fwpkclnt.sys
-  - NDIS.SYS
-  InternalName: netfilter2.sys
-  MD5: b04685112a0a8f7689c8d827bfcfe158
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: netfilter2.sys
-  PDBPath: ''
-  Product: Windows (R) Win 7 DDK driver
-  ProductVersion: 6.1.7600.16385
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 5f9eb581b0ce6f9d2b5f1f5a9771af50
-    SHA1: cb1828152e4668b5e033ee126a52df4f76700b2a
-    SHA256: e9bd3b71a475097efee5f9196d05a582abc2323affe47c2c9cf9bf933004e22f
-  SHA1: c7e40abaae9aeff135fe313fb0283381e8cced4d
-  SHA256: db1dbb09d437d3e8bed08c88ca43769b4fe8728f68b78ff6f9c8d2557e28d2b1
-  Sections:
-    .text:
-      Entropy: 6.2545679166711565
-      Virtual Size: '0xd64e'
-    .rdata:
-      Entropy: 5.490124607621635
-      Virtual Size: '0xbd4'
-    .data:
-      Entropy: 1.921663371680462
-      Virtual Size: '0x1718'
-    .pdata:
-      Entropy: 4.529523254969204
-      Virtual Size: '0x6d8'
-    INIT:
-      Entropy: 5.309837255433513
-      Virtual Size: '0xe96'
-    .rsrc:
-      Entropy: 3.410095048874038
-      Virtual Size: '0x3e0'
-    .reloc:
-      Entropy: 3.9064526149567356
-      Virtual Size: '0x1fe'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Hardware Compatibility Publisher
-      ValidFrom: '2020-03-11 17:31:14'
-      ValidTo: '2021-03-05 17:31:14'
-      Signature: 7dfc7c353c4c04d9d06066e1ca8584637192eb15d1d6e7c5521b0d819d615fb56524985d30535b0573fb8e0d13173d51b27bd23b9a2052738891d67ed360766452b62c4566eb20c90f018229a8e951bf58df5a7d731c1e51217f471d470979f04e900920bfc8715122b331d82f68f73ebf3de36e09d18fbfed2f3c29190a41baafbca0025bf4e36310a04cb8e61c32fda677820aa693a7f5e69d3c3abdb495b12bb8b6d10f65d44fae945d9b0fcf695d4711fc9e1c0ddb1f569c13093e16c389f748d8fe60e8685f02357464564761db4cece391baa742f3ad3bcfa26e01975966ca41939c832bf1147bec870162ce042fd0cf10d048181ec573d317f2c5de21512f13b24de9bac9bb83fc2ceb4f6f766536fe38c03ede1f8b0a3b8828e8d914d73d0a17699ab20264a27a36e0f77c5144cf470bf44d2296290e345bd25c0bc6a08dd963ec39ce0e500599751c652dc20e9906c1ce76c1d86c09058ae8defb3d7b93b68a34ca83a981a30c2403723f7e5c664b1e951050002ad32e976db221c2d8c660047dc6acfe0da16d44c6372a5cd04b016a35193f841b903ba87e2d6e416a2c59469af9f16e249bb891f21ec22f2db0a84a48d7a9e43d2f7e3bdd016d600f57daf21829885ec035287ab332c32738f5e26c6d2502b2f044afb1e048c85c7c9baf76747de14ecdeca3c7481796a741672a047f89dafe2c12c01982a026c4
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 330000003a6ae333708fda7a7b00000000003a
-      Version: 3
-      TBS:
-        MD5: 6f5d716e7151f1c173396adb7213359e
-        SHA1: 100610baae90027e9844a8e9c4d489fe122ecd9c
-        SHA256: 677d532777cee24be88442efec75e9640e80ef57d8e1246396459a1a04be733f
-        SHA384: 35d397c22426b9c4c486fa5dd36c089209ab77026e981bd353ffbf060f54fd98f2afe9b45dd64c20614a5d5627b8dd0c
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2014
-      ValidFrom: '2014-10-15 20:31:27'
-      ValidTo: '2029-10-15 20:41:27'
-      Signature: 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 330000000d690d5d7893d076df00000000000d
-      Version: 3
-      TBS:
-        MD5: 83f69422963f11c3c340b81712eef319
-        SHA1: 0c5e5f24590b53bc291e28583acb78e5adc95601
-        SHA256: d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
-        SHA384: 260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63
-    Signer:
-    - SerialNumber: 330000003a6ae333708fda7a7b00000000003a
-      Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2014
-      Version: 1
-  Imphash: 578e11377270c1acacba47b17ef7b169
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 52cef25aecab8b66f05e29df206d6375
-    SHA1: 4e5e719362cd48bb323803c1d00afde11d4b9d4c
-    SHA256: 44a0599defea351314663582dbc61069b3a095a4ddad571bb17dd0d8b21e7ff2
-  Company: Windows (R) Win 7 DDK provider
-  Copyright: "Copyright \xA9 NetFilterSDK.com"
-  CreationTimestamp: '2020-09-15 00:54:42'
-  Date: ''
-  Description: NetFilter SDK WFP Driver (WPP)
-  ExportedFunctions: ''
-  FileVersion: 1.5.9.7
-  Filename: ''
-  ImportedFunctions:
-  - FwpmTransactionCommit0
-  - FwpmTransactionAbort0
-  - FwpmProviderAdd0
-  - FwpmProviderContextDeleteByKey0
-  - FwpmSubLayerAdd0
-  - FwpmSubLayerDeleteByKey0
-  - FwpmSubLayerCreateEnumHandle0
-  - FwpmSubLayerEnum0
-  - FwpmSubLayerDestroyEnumHandle0
-  - FwpmCalloutAdd0
-  - FwpmFilterAdd0
-  - FwpsFlowAbort0
-  - FwpsInjectionHandleCreate0
-  - FwpsInjectionHandleDestroy0
-  - FwpsAllocateNetBufferAndNetBufferList0
-  - FwpsFreeNetBufferList0
-  - FwpmTransactionBegin0
-  - FwpsInjectNetworkSendAsync0
-  - FwpsConstructIpHeaderForTransportPacket0
-  - FwpsInjectTransportSendAsync0
-  - FwpsInjectTransportReceiveAsync0
-  - FwpsInjectNetworkReceiveAsync0
-  - FwpsStreamInjectAsync0
-  - FwpsCopyStreamDataToBuffer0
-  - FwpmBfeStateGet0
-  - FwpmBfeStateSubscribeChanges0
-  - FwpmBfeStateUnsubscribeChanges0
-  - FwpsFlowRemoveContext0
-  - FwpsCompleteClassify0
-  - FwpsRedirectHandleDestroy0
-  - FwpsCloneStreamData0
-  - FwpsDiscardClonedStreamData0
-  - FwpmEngineClose0
-  - FwpmEngineOpen0
-  - FwpmFreeMemory0
-  - FwpsRedirectHandleCreate0
-  - FwpsQueryPacketInjectionState0
-  - FwpsApplyModifiedLayerData0
-  - FwpsAcquireWritableLayerDataPointer0
-  - FwpsReleaseClassifyHandle0
-  - FwpsFlowAssociateContext0
-  - FwpsAcquireClassifyHandle0
-  - FwpsCalloutUnregisterByKey0
-  - FwpsCalloutRegister1
-  - FwpsPendClassify0
-  - FwpsFreeCloneNetBufferList0
-  - NdisAllocateNetBufferListPool
-  - NdisWaitEvent
-  - NdisInitializeEvent
-  - NdisFreeGenericObject
-  - NdisAllocateGenericObject
-  - NdisGetDataBuffer
-  - NdisAdvanceNetBufferDataStart
-  - NdisRetreatNetBufferDataStart
-  - NdisFreeNetBufferListPool
-  - memset
-  - RtlInitUnicodeString
-  - MmGetSystemRoutineAddress
-  - RtlAppendUnicodeToString
-  - RtlCreateSecurityDescriptor
-  - RtlSetDaclSecurityDescriptor
-  - KeInitializeEvent
-  - KeSetEvent
-  - KeWaitForSingleObject
-  - KeInitializeSpinLock
-  - ExFreePoolWithTag
-  - InterlockedPopEntrySList
-  - InterlockedPushEntrySList
-  - ExInitializeNPagedLookasideList
-  - ExDeleteNPagedLookasideList
-  - MmBuildMdlForNonPagedPool
-  - MmMapLockedPagesSpecifyCache
-  - MmUnmapLockedPages
-  - MmAllocatePagesForMdl
-  - MmFreePagesFromMdl
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - IoAllocateMdl
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - IoFreeMdl
-  - IoReleaseCancelSpinLock
-  - ObReferenceObjectByHandle
-  - ObfDereferenceObject
-  - ZwClose
-  - ZwOpenKey
-  - ZwQueryValueKey
-  - PsGetCurrentProcessId
-  - ZwSetInformationThread
-  - RtlLengthSid
-  - RtlCreateAcl
-  - RtlAddAccessAllowedAce
-  - PsLookupProcessByProcessId
-  - ObOpenObjectByPointer
-  - ZwSetSecurityObject
-  - SeExports
-  - RtlGetVersion
-  - KeQuerySystemTime
-  - _allmul
-  - _aulldiv
-  - _aullrem
-  - RtlCompareMemory
-  - RtlValidSid
-  - RtlUnwind
-  - memcpy
-  - ExUuidCreate
-  - ExAllocatePoolWithTag
-  - swprintf_s
-  - KeReleaseInStackQueuedSpinLock
-  - KeGetCurrentIrql
-  - KeAcquireInStackQueuedSpinLock
-  Imports:
-  - fwpkclnt.sys
-  - NDIS.SYS
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: netfilter2.sys
-  MD5: e5df31054a60be8aa858a28a8fe0f73e
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: netfilter2.sys
-  PDBPath: ''
-  Product: Windows (R) Win 7 DDK driver
-  ProductVersion: 6.2.9200.20557
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: b873ce00fb531a917db2341eff66f88d
-    SHA1: 0f24abad7feabd2abb4b819dedc5ab9b9de3e33c
-    SHA256: 54b267b1987fc423443455d94ce6d7b42dd9357bef9de2d67bea3bc6a83fb0cc
-  SHA1: 48559c488bc304d39f87855b2225f8c0f7d74b59
-  SHA256: 81bcd8a3f8c17ac6dc4bad750ad3417914db10aa15485094eef0951a3f72bdbd
-  Sections:
-    .text:
-      Entropy: 6.24160242971194
-      Virtual Size: '0xe8c2'
-    .rdata:
-      Entropy: 4.577904288123528
-      Virtual Size: '0x914'
-    .data:
-      Entropy: 3.197711573383127
-      Virtual Size: '0xf90'
-    INIT:
-      Entropy: 5.598078462986293
-      Virtual Size: '0xd76'
-    .rsrc:
-      Entropy: 3.5912667039027926
-      Virtual Size: '0x448'
-    .reloc:
-      Entropy: 6.614956595399758
-      Virtual Size: '0x12c8'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Hardware Compatibility Publisher
-      ValidFrom: '2020-03-11 17:31:14'
-      ValidTo: '2021-03-05 17:31:14'
-      Signature: 7dfc7c353c4c04d9d06066e1ca8584637192eb15d1d6e7c5521b0d819d615fb56524985d30535b0573fb8e0d13173d51b27bd23b9a2052738891d67ed360766452b62c4566eb20c90f018229a8e951bf58df5a7d731c1e51217f471d470979f04e900920bfc8715122b331d82f68f73ebf3de36e09d18fbfed2f3c29190a41baafbca0025bf4e36310a04cb8e61c32fda677820aa693a7f5e69d3c3abdb495b12bb8b6d10f65d44fae945d9b0fcf695d4711fc9e1c0ddb1f569c13093e16c389f748d8fe60e8685f02357464564761db4cece391baa742f3ad3bcfa26e01975966ca41939c832bf1147bec870162ce042fd0cf10d048181ec573d317f2c5de21512f13b24de9bac9bb83fc2ceb4f6f766536fe38c03ede1f8b0a3b8828e8d914d73d0a17699ab20264a27a36e0f77c5144cf470bf44d2296290e345bd25c0bc6a08dd963ec39ce0e500599751c652dc20e9906c1ce76c1d86c09058ae8defb3d7b93b68a34ca83a981a30c2403723f7e5c664b1e951050002ad32e976db221c2d8c660047dc6acfe0da16d44c6372a5cd04b016a35193f841b903ba87e2d6e416a2c59469af9f16e249bb891f21ec22f2db0a84a48d7a9e43d2f7e3bdd016d600f57daf21829885ec035287ab332c32738f5e26c6d2502b2f044afb1e048c85c7c9baf76747de14ecdeca3c7481796a741672a047f89dafe2c12c01982a026c4
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 330000003a6ae333708fda7a7b00000000003a
-      Version: 3
-      TBS:
-        MD5: 6f5d716e7151f1c173396adb7213359e
-        SHA1: 100610baae90027e9844a8e9c4d489fe122ecd9c
-        SHA256: 677d532777cee24be88442efec75e9640e80ef57d8e1246396459a1a04be733f
-        SHA384: 35d397c22426b9c4c486fa5dd36c089209ab77026e981bd353ffbf060f54fd98f2afe9b45dd64c20614a5d5627b8dd0c
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2014
-      ValidFrom: '2014-10-15 20:31:27'
-      ValidTo: '2029-10-15 20:41:27'
-      Signature: 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 330000000d690d5d7893d076df00000000000d
-      Version: 3
-      TBS:
-        MD5: 83f69422963f11c3c340b81712eef319
-        SHA1: 0c5e5f24590b53bc291e28583acb78e5adc95601
-        SHA256: d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
-        SHA384: 260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63
-    Signer:
-    - SerialNumber: 330000003a6ae333708fda7a7b00000000003a
-      Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2014
-      Version: 1
-  Imphash: 79c0d702a9da102f56d81f4efe802fbf
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: fd8b9266dc98e0af514babcbba122265
-    SHA1: dc38cc55b84a1a7c0846fb5509b43b4ff97a9be6
-    SHA256: fafa1bb36f0ac34b762a10e9f327dcab2152a6d0b16a19697362d49a31e7f566
-  Company: "\u5B8F\u56FE\u65E0\u5FE7"
-  Copyright: "Copyright \xA9 wyjsq.com"
-  CreationTimestamp: '2019-06-10 08:45:42'
-  Date: ''
-  Description: WYJSQ WFP Driver (WPP)
-  ExportedFunctions: ''
-  FileVersion: '1.5.7.8 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - KeBugCheckEx
-  - ExUuidCreate
-  - swprintf_s
-  - RtlCreateSecurityDescriptor
-  - RtlLengthSid
-  - IoAllocateMdl
-  - ObOpenObjectByPointer
-  - IoReleaseCancelSpinLock
-  - IoCreateDevice
-  - MmFreePagesFromMdl
-  - ObfDereferenceObject
-  - PsGetCurrentProcessId
-  - IoCreateSymbolicLink
-  - SeExports
-  - ZwSetSecurityObject
-  - KeWaitForSingleObject
-  - ObReferenceObjectByHandle
-  - ZwSetInformationThread
-  - IofCompleteRequest
-  - PsTerminateSystemThread
-  - ZwQueryValueKey
-  - MmMapLockedPagesSpecifyCache
-  - PsCreateSystemThread
-  - RtlAddAccessAllowedAce
-  - MmBuildMdlForNonPagedPool
-  - MmAllocatePagesForMdl
-  - KeInitializeEvent
-  - RtlAppendUnicodeToString
-  - MmGetSystemRoutineAddress
-  - KeSetEvent
-  - IoDeleteDevice
-  - RtlSetDaclSecurityDescriptor
-  - PsLookupProcessByProcessId
-  - RtlCreateAcl
-  - IoDeleteSymbolicLink
-  - MmUnmapLockedPages
-  - ExDeleteNPagedLookasideList
-  - ExQueryDepthSList
-  - IoFreeMdl
-  - ExpInterlockedPopEntrySList
-  - KeAcquireInStackQueuedSpinLock
-  - ExpInterlockedPushEntrySList
-  - KeReleaseInStackQueuedSpinLock
-  - ExInitializeNPagedLookasideList
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - ZwOpenKey
-  - ZwClose
-  - RtlInitUnicodeString
-  - __C_specific_handler
-  - FwpsFlowAssociateContext0
-  - FwpsCalloutUnregisterByKey0
-  - FwpmSubLayerAdd0
-  - FwpsQueryPacketInjectionState0
-  - FwpmSubLayerDeleteByKey0
-  - FwpmSubLayerEnum0
-  - FwpmTransactionCommit0
-  - FwpmSubLayerCreateEnumHandle0
-  - FwpmSubLayerDestroyEnumHandle0
-  - FwpmProviderContextDeleteByKey0
-  - FwpmCalloutAdd0
-  - FwpmProviderAdd0
-  - FwpmTransactionAbort0
-  - FwpmEngineOpen0
-  - FwpsAcquireClassifyHandle0
-  - FwpmFilterAdd0
-  - FwpsPendClassify0
-  - FwpsCalloutRegister1
-  - FwpmTransactionBegin0
-  - FwpmEngineClose0
-  - FwpmFreeMemory0
-  - FwpsAcquireWritableLayerDataPointer0
-  - FwpsApplyModifiedLayerData0
-  - FwpsInjectNetworkReceiveAsync0
-  - FwpsFreeCloneNetBufferList0
-  - FwpsInjectionHandleDestroy0
-  - FwpsConstructIpHeaderForTransportPacket0
-  - FwpsAllocateNetBufferAndNetBufferList0
-  - FwpsInjectionHandleCreate0
-  - FwpsInjectTransportReceiveAsync0
-  - FwpsInjectNetworkSendAsync0
-  - FwpsCopyStreamDataToBuffer0
-  - FwpsInjectTransportSendAsync0
-  - FwpsFlowRemoveContext0
-  - FwpsCloneStreamData0
-  - FwpsCompleteClassify0
-  - FwpsStreamInjectAsync0
-  - FwpsReleaseClassifyHandle0
-  - FwpsDiscardClonedStreamData0
-  - FwpmBfeStateGet0
-  - FwpmBfeStateSubscribeChanges0
-  - FwpmBfeStateUnsubscribeChanges0
-  - FwpsFreeNetBufferList0
-  - NdisAllocateGenericObject
-  - NdisWaitEvent
-  - NdisAllocateNetBufferListPool
-  - NdisInitializeEvent
-  - NdisFreeGenericObject
-  - NdisFreeNetBufferListPool
-  - NdisGetDataBuffer
-  - NdisRetreatNetBufferDataStart
-  - NdisAdvanceNetBufferDataStart
-  Imports:
-  - ntoskrnl.exe
-  - fwpkclnt.sys
-  - NDIS.SYS
-  InternalName: netfilter2.sys
-  MD5: c3e397dc9fb61a75521548048458a018
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: netfilter2.sys
-  PDBPath: ''
-  Product: "\u65E0\u5FE7\u52A0\u901F\u5668"
-  ProductVersion: 6.1.7600.16385
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: a56ba6fc66a7556100c90b00913a984c
-    SHA1: b236fd12e7887836407fd8ff0acd7192685f3704
-    SHA256: 464507424adf04e3a3c84ab69df0eb8a21f311a35cdf11ad898a50995fbfba19
-  SHA1: 708c327256e1aea27572cdfc07ab44c22eb19aae
-  SHA256: 7ff8fe4c220cf6416984b70a7e272006a018e5662da3cedc2a88efeb6411b4a4
-  Sections:
-    .text:
-      Entropy: 6.242867685753186
-      Virtual Size: '0xd86e'
-    .rdata:
-      Entropy: 5.37002131800132
-      Virtual Size: '0xb44'
-    .data:
-      Entropy: 1.6857744414226499
-      Virtual Size: '0x1598'
-    .pdata:
-      Entropy: 4.530780747243636
-      Virtual Size: '0x690'
-    INIT:
-      Entropy: 5.309039021372289
-      Virtual Size: '0xe64'
-    .rsrc:
-      Entropy: 3.531521158202179
-      Virtual Size: '0x418'
-    .reloc:
-      Entropy: 3.6690718801051645
-      Virtual Size: '0x1ce'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: C=CN, ST=, L=, O=, CN=
-      ValidFrom: '2019-06-27 00:00:00'
-      ValidTo: '2020-06-30 12:00:00'
-      Signature: 03dde89129103227d1e3b60f8112561b8b40ba165d1c9d6867aa730429a5534bb8fd6f9883704c5d2ddc938bbb8477a37ea3e01ecc696079a283e4d2534ca96b5049034c454324abf188ab6536ba0ee6e6f1f194a23363d9198eb829cf68834cd952074413bd9711e39037d0ecdba6ec2c7e2c7b46946c4ebea4ee1b84b7cb6582826da8eeafc5d1e9daf8f777480a7507017a6c485b25d94df9546c4ad4ebba85d79ce89422571b2e03557ba2b0396c4bacb5262e51cde8fe9c46d1f0e5e414757f53f5aded921c117f8c7bcf8caa4acc00b120c7a0a48ea84bd618e65c867d74367ab9f3285929c4f98e587f3620bb066906ffe450a911ded794c508f656a7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 09450b8f73ea43e39d2cdd56049dbe40
-      Version: 3
-      TBS:
-        MD5: bcfecc67375f580ac6eadd789860b1f8
-        SHA1: 3fa9cf13a1816a6e358bb1ca12e050662bc2e178
-        SHA256: fbb627aabbe2b2dbfdddfbad14392049b0d76f8d9679f3d550333b84b20320df
-        SHA384: d496c3920c3ab14a3c79e9bd41351912f045ea3b42ba9ec0cb0b1f778d1178174a831fe89848a8226957f2b6f079f01d
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
-      Version: 3
-      TBS:
-        MD5: 829995f702421dea833a24fb2c7f4442
-        SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
-        SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
-        SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 09450b8f73ea43e39d2cdd56049dbe40
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      Version: 1
-  Imphash: 8e0e7a2f5025b047a8ebd12a87d503fe
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 3361957860d2b65c0368778ca088946f
-    SHA1: 6a784d45517142c11d5cca3ff9956b2ed6eaf4c9
-    SHA256: e94e8a87459db56837d1c58f9854794aa99f36566a9ded9b398be9d4d3a2c2af
-  Company: Windows (R) Win 7 DDK provider
-  Copyright: "Copyright \xA9 NetFilterSDK.com"
-  CreationTimestamp: '2020-09-15 00:54:41'
-  Date: ''
-  Description: NetFilter SDK WFP Driver (WPP)
-  ExportedFunctions: ''
-  FileVersion: 1.5.9.7
-  Filename: ''
-  ImportedFunctions:
-  - FwpmFreeMemory0
-  - FwpmEngineOpen0
-  - FwpmEngineClose0
-  - FwpmTransactionBegin0
-  - FwpmTransactionCommit0
-  - FwpmTransactionAbort0
-  - FwpmProviderAdd0
-  - FwpmProviderContextDeleteByKey0
-  - FwpmSubLayerAdd0
-  - FwpmSubLayerDeleteByKey0
-  - FwpmSubLayerCreateEnumHandle0
-  - FwpmSubLayerEnum0
-  - FwpmSubLayerDestroyEnumHandle0
-  - FwpmCalloutAdd0
-  - FwpmFilterAdd0
-  - FwpsFlowAbort0
-  - FwpsInjectionHandleCreate0
-  - FwpsInjectionHandleDestroy0
-  - FwpsRedirectHandleCreate0
-  - FwpsFreeNetBufferList0
-  - FwpsFreeCloneNetBufferList0
-  - FwpsInjectNetworkSendAsync0
-  - FwpsConstructIpHeaderForTransportPacket0
-  - FwpsInjectTransportSendAsync0
-  - FwpsInjectTransportReceiveAsync0
-  - FwpsInjectNetworkReceiveAsync0
-  - FwpsStreamInjectAsync0
-  - FwpsCopyStreamDataToBuffer0
-  - FwpmBfeStateGet0
-  - FwpmBfeStateSubscribeChanges0
-  - FwpmBfeStateUnsubscribeChanges0
-  - FwpsFlowRemoveContext0
-  - FwpsCompleteClassify0
-  - FwpsRedirectHandleDestroy0
-  - FwpsCloneStreamData0
-  - FwpsDiscardClonedStreamData0
-  - FwpsQueryPacketInjectionState0
-  - FwpsApplyModifiedLayerData0
-  - FwpsAcquireWritableLayerDataPointer0
-  - FwpsReleaseClassifyHandle0
-  - FwpsAcquireClassifyHandle0
-  - FwpsFlowAssociateContext0
-  - FwpsCalloutUnregisterByKey0
-  - FwpsCalloutRegister1
-  - FwpsPendClassify0
-  - FwpsAllocateNetBufferAndNetBufferList0
-  - NdisFreeNetBufferListPool
-  - NdisAllocateNetBufferListPool
-  - NdisWaitEvent
-  - NdisInitializeEvent
-  - NdisFreeGenericObject
-  - NdisAllocateGenericObject
-  - NdisGetDataBuffer
-  - NdisAdvanceNetBufferDataStart
-  - NdisRetreatNetBufferDataStart
-  - KeAcquireInStackQueuedSpinLock
-  - KeReleaseInStackQueuedSpinLock
-  - ExAllocatePoolWithTag
-  - ExUuidCreate
-  - swprintf_s
-  - RtlInitUnicodeString
-  - MmGetSystemRoutineAddress
-  - RtlAppendUnicodeToString
-  - RtlCreateSecurityDescriptor
-  - RtlSetDaclSecurityDescriptor
-  - KeInitializeEvent
-  - KeSetEvent
-  - KeWaitForSingleObject
-  - KeInitializeSpinLock
-  - ExFreePoolWithTag
-  - ExQueryDepthSList
-  - ExpInterlockedPopEntrySList
-  - ExpInterlockedPushEntrySList
-  - ExInitializeNPagedLookasideList
-  - ExDeleteNPagedLookasideList
-  - MmBuildMdlForNonPagedPool
-  - MmMapLockedPagesSpecifyCache
-  - MmUnmapLockedPages
-  - MmAllocatePagesForMdl
-  - MmFreePagesFromMdl
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - IoAllocateMdl
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - IoFreeMdl
-  - IoReleaseCancelSpinLock
-  - ObReferenceObjectByHandle
-  - ObfDereferenceObject
-  - ZwClose
-  - ZwOpenKey
-  - ZwQueryValueKey
-  - PsGetCurrentProcessId
-  - ZwSetInformationThread
-  - RtlLengthSid
-  - RtlCreateAcl
-  - RtlAddAccessAllowedAce
-  - PsLookupProcessByProcessId
-  - ObOpenObjectByPointer
-  - ZwSetSecurityObject
-  - __C_specific_handler
-  - SeExports
-  - RtlGetVersion
-  - RtlCompareMemory
-  - RtlValidSid
-  Imports:
-  - fwpkclnt.sys
-  - NDIS.SYS
-  - ntoskrnl.exe
-  InternalName: netfilter2.sys
-  MD5: 305b05de211be69446444284923bd676
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: netfilter2.sys
-  PDBPath: ''
-  Product: Windows (R) Win 7 DDK driver
-  ProductVersion: 6.2.9200.20557
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: c646eed94ec9e75c1a5498d3642cdab3
-    SHA1: 0d0761641e424cc895ba76723784427fcf297f4a
-    SHA256: 7cecb42d3d4ae8649f3b4714fbab29c4cef8e24a48b0eea2537824fc40f4ea7f
-  SHA1: 4d8a4115826eef6d9acd2487b141facf5b87a257
-  SHA256: 1a0f57a4d7c8137baf24c65d542729547b876979273df7a245aaeea87280c090
-  Sections:
-    .text:
-      Entropy: 6.150053710509848
-      Virtual Size: '0x1019a'
-    .rdata:
-      Entropy: 4.871173021345663
-      Virtual Size: '0x1ddc'
-    .data:
-      Entropy: 2.2005364202433433
-      Virtual Size: '0x18c0'
-    .pdata:
-      Entropy: 5.031237899973202
-      Virtual Size: '0xe40'
-    INIT:
-      Entropy: 5.179921200293236
-      Virtual Size: '0xeca'
-    .rsrc:
-      Entropy: 3.5922103150308553
-      Virtual Size: '0x448'
-    .reloc:
-      Entropy: 3.7790472033993128
-      Virtual Size: '0x228'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=IN, ST=Rajasthan, L=Jaipur, O=SYSTWEAK SOFTWARE PVT. LTD., CN=SYSTWEAK
-        SOFTWARE PVT. LTD.
-      ValidFrom: '2020-07-03 00:00:00'
-      ValidTo: '2021-09-01 23:59:59'
-      Signature: 658280479fe306aab0994dc8906bc888a766f0a7cdf8b6e0f6008bee7672c4e903d8433af6a9b719a6089420404c164022d367e638da20898cfc10d30970a527a88fbb47ad4c50c44c14028ee1618992c921ac6c2fd07222d6751dba49b2c55b118de67b36d8cd7aa3e217f3a9d23ed2ad9c089d396ae12ed4b3d0fa3cf699c874f21001dcd68d2d8e11ea0d80c3721c7a961ab416dbf6351b81ba036b22b25c739614aa9c724555082c0c61d8600bbf5067132ae87773a8eace86519881e9dd89651a6dde6ab0a36e328e38d243e71ffb5dcbc287c163189c254950c1758d7e765b6d51460d94b6c0b8d185b687d3b4b686f0e5615df352747a1b5c3b1a1072
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 4b51e8986bf2670974fecc6dad020f19
-      Version: 3
-      TBS:
-        MD5: 0538926e1c7f1fcaee6540250d010840
-        SHA1: 59887d34eaaa74baf151589daef69b2b6f2d9b55
-        SHA256: b52255871658ceb663a52576f271ee86d661c2594fc3aa93bbf62ce8a8c77428
-        SHA384: ee73f9b450bfdd14f4ff8c141b4a40342f93f8ca16539ecd86c7c1fc6f13943c23dcfcb01db81d518e9d1a93bf4060f9
-    - Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 SHA256 Code Signing CA
-      ValidFrom: '2013-12-10 00:00:00'
-      ValidTo: '2023-12-09 23:59:59'
-      Signature: 13851a1e69a937f7a0bda4af7e1d6153fe9d8c5e0ca6751e781723ddfdec1a035539fb7195c7655aa78e30d2445a61db706fda2105c22e73ba49f1d193fe5dc9cd5e03e0899e3f741ed7f7388ba9d6cfbb352f3358a89256d1c84d3b82e6798416fc28b0b147f31da23eee87d9a67fa456a53fad842e29de7cbca8aaa33d0401eaba93a20e502229174c87e43a115fd6a425899b056b2fb4c9014c277b0bac190522a060153fdac9fb4d4c8ffb726777fd2794c7ba350e8849fe8dfd28af4a12bd0db39705de440c15fa362b03dcc15001f1a1115d14e5e2bd274b54be2b845e0fa6c374050aef97c38922b11f77f3bdcd43d4f14ca93fb58b84af64f2d01421
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 3d78d7f9764960b2617df4f01eca862a
-      Version: 3
-      TBS:
-        MD5: 1f056ff7d5f874984dc605402b7cb042
-        SHA1: bdb348353a2203deb4b767914fa1bd7248dd728b
-        SHA256: a08e79c386083d875014c409c13d144e0a24386132980df11ff59737c8489eb1
-        SHA384: fa2729064b49e0d77540c1ee95d5f74acaf8eaf55197851a3a40383335f8113e51190bc48b552196edf8ac5cf0c89278
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    Signer:
-    - SerialNumber: 4b51e8986bf2670974fecc6dad020f19
-      Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 SHA256 Code Signing CA
-      Version: 1
-  Imphash: c3658b106f146a18ba9b6e5c7bacfe9b
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 52cef25aecab8b66f05e29df206d6375
-    SHA1: 4e5e719362cd48bb323803c1d00afde11d4b9d4c
-    SHA256: 44a0599defea351314663582dbc61069b3a095a4ddad571bb17dd0d8b21e7ff2
-  Company: Windows (R) Win 7 DDK provider
-  Copyright: "Copyright \xA9 NetFilterSDK.com"
-  CreationTimestamp: '2020-09-15 00:54:42'
-  Date: ''
-  Description: NetFilter SDK WFP Driver (WPP)
-  ExportedFunctions: ''
-  FileVersion: 1.5.9.7
-  Filename: ''
-  ImportedFunctions:
-  - FwpmTransactionCommit0
-  - FwpmTransactionAbort0
-  - FwpmProviderAdd0
-  - FwpmProviderContextDeleteByKey0
-  - FwpmSubLayerAdd0
-  - FwpmSubLayerDeleteByKey0
-  - FwpmSubLayerCreateEnumHandle0
-  - FwpmSubLayerEnum0
-  - FwpmSubLayerDestroyEnumHandle0
-  - FwpmCalloutAdd0
-  - FwpmFilterAdd0
-  - FwpsFlowAbort0
-  - FwpsInjectionHandleCreate0
-  - FwpsInjectionHandleDestroy0
-  - FwpsAllocateNetBufferAndNetBufferList0
-  - FwpsFreeNetBufferList0
-  - FwpmTransactionBegin0
-  - FwpsInjectNetworkSendAsync0
-  - FwpsConstructIpHeaderForTransportPacket0
-  - FwpsInjectTransportSendAsync0
-  - FwpsInjectTransportReceiveAsync0
-  - FwpsInjectNetworkReceiveAsync0
-  - FwpsStreamInjectAsync0
-  - FwpsCopyStreamDataToBuffer0
-  - FwpmBfeStateGet0
-  - FwpmBfeStateSubscribeChanges0
-  - FwpmBfeStateUnsubscribeChanges0
-  - FwpsFlowRemoveContext0
-  - FwpsCompleteClassify0
-  - FwpsRedirectHandleDestroy0
-  - FwpsCloneStreamData0
-  - FwpsDiscardClonedStreamData0
-  - FwpmEngineClose0
-  - FwpmEngineOpen0
-  - FwpmFreeMemory0
-  - FwpsRedirectHandleCreate0
-  - FwpsQueryPacketInjectionState0
-  - FwpsApplyModifiedLayerData0
-  - FwpsAcquireWritableLayerDataPointer0
-  - FwpsReleaseClassifyHandle0
-  - FwpsFlowAssociateContext0
-  - FwpsAcquireClassifyHandle0
-  - FwpsCalloutUnregisterByKey0
-  - FwpsCalloutRegister1
-  - FwpsPendClassify0
-  - FwpsFreeCloneNetBufferList0
-  - NdisAllocateNetBufferListPool
-  - NdisWaitEvent
-  - NdisInitializeEvent
-  - NdisFreeGenericObject
-  - NdisAllocateGenericObject
-  - NdisGetDataBuffer
-  - NdisAdvanceNetBufferDataStart
-  - NdisRetreatNetBufferDataStart
-  - NdisFreeNetBufferListPool
-  - memset
-  - RtlInitUnicodeString
-  - MmGetSystemRoutineAddress
-  - RtlAppendUnicodeToString
-  - RtlCreateSecurityDescriptor
-  - RtlSetDaclSecurityDescriptor
-  - KeInitializeEvent
-  - KeSetEvent
-  - KeWaitForSingleObject
-  - KeInitializeSpinLock
-  - ExFreePoolWithTag
-  - InterlockedPopEntrySList
-  - InterlockedPushEntrySList
-  - ExInitializeNPagedLookasideList
-  - ExDeleteNPagedLookasideList
-  - MmBuildMdlForNonPagedPool
-  - MmMapLockedPagesSpecifyCache
-  - MmUnmapLockedPages
-  - MmAllocatePagesForMdl
-  - MmFreePagesFromMdl
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - IoAllocateMdl
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - IoFreeMdl
-  - IoReleaseCancelSpinLock
-  - ObReferenceObjectByHandle
-  - ObfDereferenceObject
-  - ZwClose
-  - ZwOpenKey
-  - ZwQueryValueKey
-  - PsGetCurrentProcessId
-  - ZwSetInformationThread
-  - RtlLengthSid
-  - RtlCreateAcl
-  - RtlAddAccessAllowedAce
-  - PsLookupProcessByProcessId
-  - ObOpenObjectByPointer
-  - ZwSetSecurityObject
-  - SeExports
-  - RtlGetVersion
-  - KeQuerySystemTime
-  - _allmul
-  - _aulldiv
-  - _aullrem
-  - RtlCompareMemory
-  - RtlValidSid
-  - RtlUnwind
-  - memcpy
-  - ExUuidCreate
-  - ExAllocatePoolWithTag
-  - swprintf_s
-  - KeReleaseInStackQueuedSpinLock
-  - KeGetCurrentIrql
-  - KeAcquireInStackQueuedSpinLock
-  Imports:
-  - fwpkclnt.sys
-  - NDIS.SYS
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: netfilter2.sys
-  MD5: 3e5c04eced0e89aa8bfc279323c3544e
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: netfilter2.sys
-  PDBPath: ''
-  Product: Windows (R) Win 7 DDK driver
-  ProductVersion: 6.2.9200.20557
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: b873ce00fb531a917db2341eff66f88d
-    SHA1: 0f24abad7feabd2abb4b819dedc5ab9b9de3e33c
-    SHA256: 54b267b1987fc423443455d94ce6d7b42dd9357bef9de2d67bea3bc6a83fb0cc
-  SHA1: 49f47fcb67f510b2d2ea891e1b1a50a95e0702ad
-  SHA256: 62b14bb308c99132d90646e85bc7d6eb593f38e225c8232f69f24b74a019c176
-  Sections:
-    .text:
-      Entropy: 6.24160242971194
-      Virtual Size: '0xe8c2'
-    .rdata:
-      Entropy: 4.577904288123528
-      Virtual Size: '0x914'
-    .data:
-      Entropy: 3.197711573383127
-      Virtual Size: '0xf90'
-    INIT:
-      Entropy: 5.598078462986293
-      Virtual Size: '0xd76'
-    .rsrc:
-      Entropy: 3.5912667039027926
-      Virtual Size: '0x448'
-    .reloc:
-      Entropy: 6.614956595399758
-      Virtual Size: '0x12c8'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=IN, ST=Rajasthan, L=Jaipur, O=SYSTWEAK SOFTWARE PVT. LTD., CN=SYSTWEAK
-        SOFTWARE PVT. LTD.
-      ValidFrom: '2020-07-03 00:00:00'
-      ValidTo: '2021-09-01 23:59:59'
-      Signature: 658280479fe306aab0994dc8906bc888a766f0a7cdf8b6e0f6008bee7672c4e903d8433af6a9b719a6089420404c164022d367e638da20898cfc10d30970a527a88fbb47ad4c50c44c14028ee1618992c921ac6c2fd07222d6751dba49b2c55b118de67b36d8cd7aa3e217f3a9d23ed2ad9c089d396ae12ed4b3d0fa3cf699c874f21001dcd68d2d8e11ea0d80c3721c7a961ab416dbf6351b81ba036b22b25c739614aa9c724555082c0c61d8600bbf5067132ae87773a8eace86519881e9dd89651a6dde6ab0a36e328e38d243e71ffb5dcbc287c163189c254950c1758d7e765b6d51460d94b6c0b8d185b687d3b4b686f0e5615df352747a1b5c3b1a1072
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 4b51e8986bf2670974fecc6dad020f19
-      Version: 3
-      TBS:
-        MD5: 0538926e1c7f1fcaee6540250d010840
-        SHA1: 59887d34eaaa74baf151589daef69b2b6f2d9b55
-        SHA256: b52255871658ceb663a52576f271ee86d661c2594fc3aa93bbf62ce8a8c77428
-        SHA384: ee73f9b450bfdd14f4ff8c141b4a40342f93f8ca16539ecd86c7c1fc6f13943c23dcfcb01db81d518e9d1a93bf4060f9
-    - Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 SHA256 Code Signing CA
-      ValidFrom: '2013-12-10 00:00:00'
-      ValidTo: '2023-12-09 23:59:59'
-      Signature: 13851a1e69a937f7a0bda4af7e1d6153fe9d8c5e0ca6751e781723ddfdec1a035539fb7195c7655aa78e30d2445a61db706fda2105c22e73ba49f1d193fe5dc9cd5e03e0899e3f741ed7f7388ba9d6cfbb352f3358a89256d1c84d3b82e6798416fc28b0b147f31da23eee87d9a67fa456a53fad842e29de7cbca8aaa33d0401eaba93a20e502229174c87e43a115fd6a425899b056b2fb4c9014c277b0bac190522a060153fdac9fb4d4c8ffb726777fd2794c7ba350e8849fe8dfd28af4a12bd0db39705de440c15fa362b03dcc15001f1a1115d14e5e2bd274b54be2b845e0fa6c374050aef97c38922b11f77f3bdcd43d4f14ca93fb58b84af64f2d01421
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 3d78d7f9764960b2617df4f01eca862a
-      Version: 3
-      TBS:
-        MD5: 1f056ff7d5f874984dc605402b7cb042
-        SHA1: bdb348353a2203deb4b767914fa1bd7248dd728b
-        SHA256: a08e79c386083d875014c409c13d144e0a24386132980df11ff59737c8489eb1
-        SHA384: fa2729064b49e0d77540c1ee95d5f74acaf8eaf55197851a3a40383335f8113e51190bc48b552196edf8ac5cf0c89278
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    Signer:
-    - SerialNumber: 4b51e8986bf2670974fecc6dad020f19
-      Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 SHA256 Code Signing CA
-      Version: 1
-  Imphash: 79c0d702a9da102f56d81f4efe802fbf
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: fd8b9266dc98e0af514babcbba122265
-    SHA1: dc38cc55b84a1a7c0846fb5509b43b4ff97a9be6
-    SHA256: fafa1bb36f0ac34b762a10e9f327dcab2152a6d0b16a19697362d49a31e7f566
-  Company: "\u5B8F\u56FE\u65E0\u5FE7"
-  Copyright: "Copyright \xA9 wyjsq.com"
-  CreationTimestamp: '2019-06-10 08:45:42'
-  Date: ''
-  Description: WYJSQ WFP Driver (WPP)
-  ExportedFunctions: ''
-  FileVersion: '1.5.7.8 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - KeBugCheckEx
-  - ExUuidCreate
-  - swprintf_s
-  - RtlCreateSecurityDescriptor
-  - RtlLengthSid
-  - IoAllocateMdl
-  - ObOpenObjectByPointer
-  - IoReleaseCancelSpinLock
-  - IoCreateDevice
-  - MmFreePagesFromMdl
-  - ObfDereferenceObject
-  - PsGetCurrentProcessId
-  - IoCreateSymbolicLink
-  - SeExports
-  - ZwSetSecurityObject
-  - KeWaitForSingleObject
-  - ObReferenceObjectByHandle
-  - ZwSetInformationThread
-  - IofCompleteRequest
-  - PsTerminateSystemThread
-  - ZwQueryValueKey
-  - MmMapLockedPagesSpecifyCache
-  - PsCreateSystemThread
-  - RtlAddAccessAllowedAce
-  - MmBuildMdlForNonPagedPool
-  - MmAllocatePagesForMdl
-  - KeInitializeEvent
-  - RtlAppendUnicodeToString
-  - MmGetSystemRoutineAddress
-  - KeSetEvent
-  - IoDeleteDevice
-  - RtlSetDaclSecurityDescriptor
-  - PsLookupProcessByProcessId
-  - RtlCreateAcl
-  - IoDeleteSymbolicLink
-  - MmUnmapLockedPages
-  - ExDeleteNPagedLookasideList
-  - ExQueryDepthSList
-  - IoFreeMdl
-  - ExpInterlockedPopEntrySList
-  - KeAcquireInStackQueuedSpinLock
-  - ExpInterlockedPushEntrySList
-  - KeReleaseInStackQueuedSpinLock
-  - ExInitializeNPagedLookasideList
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - ZwOpenKey
-  - ZwClose
-  - RtlInitUnicodeString
-  - __C_specific_handler
-  - FwpsFlowAssociateContext0
-  - FwpsCalloutUnregisterByKey0
-  - FwpmSubLayerAdd0
-  - FwpsQueryPacketInjectionState0
-  - FwpmSubLayerDeleteByKey0
-  - FwpmSubLayerEnum0
-  - FwpmTransactionCommit0
-  - FwpmSubLayerCreateEnumHandle0
-  - FwpmSubLayerDestroyEnumHandle0
-  - FwpmProviderContextDeleteByKey0
-  - FwpmCalloutAdd0
-  - FwpmProviderAdd0
-  - FwpmTransactionAbort0
-  - FwpmEngineOpen0
-  - FwpsAcquireClassifyHandle0
-  - FwpmFilterAdd0
-  - FwpsPendClassify0
-  - FwpsCalloutRegister1
-  - FwpmTransactionBegin0
-  - FwpmEngineClose0
-  - FwpmFreeMemory0
-  - FwpsAcquireWritableLayerDataPointer0
-  - FwpsApplyModifiedLayerData0
-  - FwpsInjectNetworkReceiveAsync0
-  - FwpsFreeCloneNetBufferList0
-  - FwpsInjectionHandleDestroy0
-  - FwpsConstructIpHeaderForTransportPacket0
-  - FwpsAllocateNetBufferAndNetBufferList0
-  - FwpsInjectionHandleCreate0
-  - FwpsInjectTransportReceiveAsync0
-  - FwpsInjectNetworkSendAsync0
-  - FwpsCopyStreamDataToBuffer0
-  - FwpsInjectTransportSendAsync0
-  - FwpsFlowRemoveContext0
-  - FwpsCloneStreamData0
-  - FwpsCompleteClassify0
-  - FwpsStreamInjectAsync0
-  - FwpsReleaseClassifyHandle0
-  - FwpsDiscardClonedStreamData0
-  - FwpmBfeStateGet0
-  - FwpmBfeStateSubscribeChanges0
-  - FwpmBfeStateUnsubscribeChanges0
-  - FwpsFreeNetBufferList0
-  - NdisAllocateGenericObject
-  - NdisWaitEvent
-  - NdisAllocateNetBufferListPool
-  - NdisInitializeEvent
-  - NdisFreeGenericObject
-  - NdisFreeNetBufferListPool
-  - NdisGetDataBuffer
-  - NdisRetreatNetBufferDataStart
-  - NdisAdvanceNetBufferDataStart
-  Imports:
-  - ntoskrnl.exe
-  - fwpkclnt.sys
-  - NDIS.SYS
-  InternalName: netfilter2.sys
-  MD5: 48357f3a359fa9c18f370f177c70298e
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: netfilter2.sys
-  PDBPath: ''
-  Product: "\u65E0\u5FE7\u52A0\u901F\u5668"
-  ProductVersion: 6.1.7600.16385
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: a56ba6fc66a7556100c90b00913a984c
-    SHA1: b236fd12e7887836407fd8ff0acd7192685f3704
-    SHA256: 464507424adf04e3a3c84ab69df0eb8a21f311a35cdf11ad898a50995fbfba19
-  SHA1: 31ba5cc32a59e1915031b1363b7699116dfb1230
-  SHA256: 1cd75de5f54b799b60789696587b56a4a793cf60775b81f236f0e65189d863af
-  Sections:
-    .text:
-      Entropy: 6.242867685753186
-      Virtual Size: '0xd86e'
-    .rdata:
-      Entropy: 5.37002131800132
-      Virtual Size: '0xb44'
-    .data:
-      Entropy: 1.6857744414226499
-      Virtual Size: '0x1598'
-    .pdata:
-      Entropy: 4.530780747243636
-      Virtual Size: '0x690'
-    INIT:
-      Entropy: 5.309039021372289
-      Virtual Size: '0xe64'
-    .rsrc:
-      Entropy: 3.531521158202179
-      Virtual Size: '0x418'
-    .reloc:
-      Entropy: 3.6690718801051645
-      Virtual Size: '0x1ce'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: C=CN, ST=, L=, O=, CN=
-      ValidFrom: '2019-06-27 00:00:00'
-      ValidTo: '2020-06-30 12:00:00'
-      Signature: 03dde89129103227d1e3b60f8112561b8b40ba165d1c9d6867aa730429a5534bb8fd6f9883704c5d2ddc938bbb8477a37ea3e01ecc696079a283e4d2534ca96b5049034c454324abf188ab6536ba0ee6e6f1f194a23363d9198eb829cf68834cd952074413bd9711e39037d0ecdba6ec2c7e2c7b46946c4ebea4ee1b84b7cb6582826da8eeafc5d1e9daf8f777480a7507017a6c485b25d94df9546c4ad4ebba85d79ce89422571b2e03557ba2b0396c4bacb5262e51cde8fe9c46d1f0e5e414757f53f5aded921c117f8c7bcf8caa4acc00b120c7a0a48ea84bd618e65c867d74367ab9f3285929c4f98e587f3620bb066906ffe450a911ded794c508f656a7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 09450b8f73ea43e39d2cdd56049dbe40
-      Version: 3
-      TBS:
-        MD5: bcfecc67375f580ac6eadd789860b1f8
-        SHA1: 3fa9cf13a1816a6e358bb1ca12e050662bc2e178
-        SHA256: fbb627aabbe2b2dbfdddfbad14392049b0d76f8d9679f3d550333b84b20320df
-        SHA384: d496c3920c3ab14a3c79e9bd41351912f045ea3b42ba9ec0cb0b1f778d1178174a831fe89848a8226957f2b6f079f01d
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
-      Version: 3
-      TBS:
-        MD5: 829995f702421dea833a24fb2c7f4442
-        SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
-        SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
-        SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 09450b8f73ea43e39d2cdd56049dbe40
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      Version: 1
-  Imphash: 8e0e7a2f5025b047a8ebd12a87d503fe
-  LoadsDespiteHVCI: 'FALSE'
-MitreID: T1068
+    Command: ''
+    Description: Confirmed vulnerable driver from Microsoft Block List
+    OperatingSystem: Windows
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://gist.github.com/mgraeber-rc/1bde6a2a83237f17b463d051d32e802c
-Tags:
-- netfilter2.sys
-Verified: 'TRUE'
+Detection:
+-   type: ''
+    value: ''
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: b2d0111f81238f6e6e6513cf7625a19f
+        SHA1: 8a50e81d6e6c45410bf13f95b1a67cada8c82221
+        SHA256: 5b9623da9ba8e5c80c49473f40ffe7ad315dcadffc3230afdc9d9226d60a715a
+    Company: "\u5B8F\u56FE\u65E0\u5FE7"
+    Copyright: "Copyright \xA9 wyjsq.com"
+    CreationTimestamp: '2019-05-24 14:59:14'
+    Date: ''
+    Description: WYJSQ WFP Driver (WPP)
+    ExportedFunctions: ''
+    FileVersion: 1.5.7.8
+    Filename: ''
+    ImportedFunctions:
+    - FwpmTransactionCommit0
+    - FwpmTransactionAbort0
+    - FwpmProviderAdd0
+    - FwpmProviderContextDeleteByKey0
+    - FwpmSubLayerAdd0
+    - FwpmSubLayerDeleteByKey0
+    - FwpmSubLayerCreateEnumHandle0
+    - FwpmSubLayerEnum0
+    - FwpmSubLayerDestroyEnumHandle0
+    - FwpmCalloutAdd0
+    - FwpmFilterAdd0
+    - FwpsFlowAbort0
+    - FwpsInjectionHandleCreate0
+    - FwpsInjectionHandleDestroy0
+    - FwpsAllocateNetBufferAndNetBufferList0
+    - FwpsFreeNetBufferList0
+    - FwpmTransactionBegin0
+    - FwpsInjectNetworkSendAsync0
+    - FwpsConstructIpHeaderForTransportPacket0
+    - FwpsInjectTransportSendAsync0
+    - FwpsInjectTransportReceiveAsync0
+    - FwpsInjectNetworkReceiveAsync0
+    - FwpsStreamInjectAsync0
+    - FwpsCopyStreamDataToBuffer0
+    - FwpmBfeStateGet0
+    - FwpmBfeStateSubscribeChanges0
+    - FwpmBfeStateUnsubscribeChanges0
+    - FwpsFlowRemoveContext0
+    - FwpsCompleteClassify0
+    - FwpsRedirectHandleDestroy0
+    - FwpsCloneStreamData0
+    - FwpsDiscardClonedStreamData0
+    - FwpmEngineClose0
+    - FwpmEngineOpen0
+    - FwpmFreeMemory0
+    - FwpsRedirectHandleCreate0
+    - FwpsQueryPacketInjectionState0
+    - FwpsApplyModifiedLayerData0
+    - FwpsAcquireWritableLayerDataPointer0
+    - FwpsReleaseClassifyHandle0
+    - FwpsFlowAssociateContext0
+    - FwpsAcquireClassifyHandle0
+    - FwpsPendClassify0
+    - FwpsCalloutUnregisterByKey0
+    - FwpsCalloutRegister1
+    - FwpsFreeCloneNetBufferList0
+    - NdisAllocateNetBufferListPool
+    - NdisWaitEvent
+    - NdisInitializeEvent
+    - NdisFreeGenericObject
+    - NdisAllocateGenericObject
+    - NdisGetDataBuffer
+    - NdisAdvanceNetBufferDataStart
+    - NdisRetreatNetBufferDataStart
+    - NdisFreeNetBufferListPool
+    - memset
+    - RtlInitUnicodeString
+    - MmGetSystemRoutineAddress
+    - RtlAppendUnicodeToString
+    - RtlCreateSecurityDescriptor
+    - RtlSetDaclSecurityDescriptor
+    - KeInitializeEvent
+    - KeSetEvent
+    - KeWaitForSingleObject
+    - KeInitializeSpinLock
+    - ExFreePoolWithTag
+    - InterlockedPopEntrySList
+    - InterlockedPushEntrySList
+    - ExInitializeNPagedLookasideList
+    - ExDeleteNPagedLookasideList
+    - MmBuildMdlForNonPagedPool
+    - MmMapLockedPagesSpecifyCache
+    - MmUnmapLockedPages
+    - MmAllocatePagesForMdl
+    - MmFreePagesFromMdl
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - IoAllocateMdl
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - IoFreeMdl
+    - IoReleaseCancelSpinLock
+    - ObReferenceObjectByHandle
+    - ObfDereferenceObject
+    - ZwClose
+    - ZwOpenKey
+    - ZwQueryValueKey
+    - PsGetCurrentProcessId
+    - ZwSetInformationThread
+    - RtlLengthSid
+    - RtlCreateAcl
+    - RtlAddAccessAllowedAce
+    - PsLookupProcessByProcessId
+    - ObOpenObjectByPointer
+    - ZwSetSecurityObject
+    - SeExports
+    - KeQuerySystemTime
+    - _allmul
+    - _aulldiv
+    - _aullrem
+    - RtlUnwind
+    - memcpy
+    - swprintf_s
+    - ExUuidCreate
+    - ExAllocatePoolWithTag
+    - KeReleaseInStackQueuedSpinLock
+    - KeGetCurrentIrql
+    - KeAcquireInStackQueuedSpinLock
+    Imports:
+    - fwpkclnt.sys
+    - NDIS.SYS
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: netfilter2.sys
+    MD5: 0c1a4b584106cca4edce5d04c89eef67
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: netfilter2.sys
+    PDBPath: ''
+    Product: "\u65E0\u5FE7\u52A0\u901F\u5668"
+    ProductVersion: 6.2.9200.20557
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 5b7b715c6161f0c21973651546138a54
+        SHA1: 1d8e5160350b5cfcef52a4f49404c7302e5b5abf
+        SHA256: 737a8bf726624e5e3f3babfce98b9060b7d72412c0bdd28ca3dec0b9d2241817
+    SHA1: 916fb0eb154d7db937cbf91078ad7925cc9f5698
+    SHA256: f1718a005232d1261894b798a60c73d971416359b70d0e545d7e7a40ed742b71
+    Sections:
+        .text:
+            Entropy: 6.219528043270956
+            Virtual Size: '0xe68c'
+        .rdata:
+            Entropy: 4.354573229141703
+            Virtual Size: '0x888'
+        .data:
+            Entropy: 2.6492270643158737
+            Virtual Size: '0xe80'
+        INIT:
+            Entropy: 5.595170881684956
+            Virtual Size: '0xd38'
+        .rsrc:
+            Entropy: 3.67529466716183
+            Virtual Size: '0x480'
+        .reloc:
+            Entropy: 6.663300510398413
+            Virtual Size: '0x1210'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: C=CN, ST=, L=, O=, CN=
+            ValidFrom: '2019-06-27 00:00:00'
+            ValidTo: '2020-06-30 12:00:00'
+            Signature: 03dde89129103227d1e3b60f8112561b8b40ba165d1c9d6867aa730429a5534bb8fd6f9883704c5d2ddc938bbb8477a37ea3e01ecc696079a283e4d2534ca96b5049034c454324abf188ab6536ba0ee6e6f1f194a23363d9198eb829cf68834cd952074413bd9711e39037d0ecdba6ec2c7e2c7b46946c4ebea4ee1b84b7cb6582826da8eeafc5d1e9daf8f777480a7507017a6c485b25d94df9546c4ad4ebba85d79ce89422571b2e03557ba2b0396c4bacb5262e51cde8fe9c46d1f0e5e414757f53f5aded921c117f8c7bcf8caa4acc00b120c7a0a48ea84bd618e65c867d74367ab9f3285929c4f98e587f3620bb066906ffe450a911ded794c508f656a7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 09450b8f73ea43e39d2cdd56049dbe40
+            Version: 3
+            TBS:
+                MD5: bcfecc67375f580ac6eadd789860b1f8
+                SHA1: 3fa9cf13a1816a6e358bb1ca12e050662bc2e178
+                SHA256: fbb627aabbe2b2dbfdddfbad14392049b0d76f8d9679f3d550333b84b20320df
+                SHA384: d496c3920c3ab14a3c79e9bd41351912f045ea3b42ba9ec0cb0b1f778d1178174a831fe89848a8226957f2b6f079f01d
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
+            Version: 3
+            TBS:
+                MD5: 829995f702421dea833a24fb2c7f4442
+                SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
+                SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
+                SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 09450b8f73ea43e39d2cdd56049dbe40
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            Version: 1
+    Imphash: e8ab88dbb86b32acd650b5e269135ad9
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 3361957860d2b65c0368778ca088946f
+        SHA1: 6a784d45517142c11d5cca3ff9956b2ed6eaf4c9
+        SHA256: e94e8a87459db56837d1c58f9854794aa99f36566a9ded9b398be9d4d3a2c2af
+    Company: Windows (R) Win 7 DDK provider
+    Copyright: "Copyright \xA9 NetFilterSDK.com"
+    CreationTimestamp: '2020-09-15 00:54:41'
+    Date: ''
+    Description: NetFilter SDK WFP Driver (WPP)
+    ExportedFunctions: ''
+    FileVersion: 1.5.9.7
+    Filename: ''
+    ImportedFunctions:
+    - FwpmFreeMemory0
+    - FwpmEngineOpen0
+    - FwpmEngineClose0
+    - FwpmTransactionBegin0
+    - FwpmTransactionCommit0
+    - FwpmTransactionAbort0
+    - FwpmProviderAdd0
+    - FwpmProviderContextDeleteByKey0
+    - FwpmSubLayerAdd0
+    - FwpmSubLayerDeleteByKey0
+    - FwpmSubLayerCreateEnumHandle0
+    - FwpmSubLayerEnum0
+    - FwpmSubLayerDestroyEnumHandle0
+    - FwpmCalloutAdd0
+    - FwpmFilterAdd0
+    - FwpsFlowAbort0
+    - FwpsInjectionHandleCreate0
+    - FwpsInjectionHandleDestroy0
+    - FwpsRedirectHandleCreate0
+    - FwpsFreeNetBufferList0
+    - FwpsFreeCloneNetBufferList0
+    - FwpsInjectNetworkSendAsync0
+    - FwpsConstructIpHeaderForTransportPacket0
+    - FwpsInjectTransportSendAsync0
+    - FwpsInjectTransportReceiveAsync0
+    - FwpsInjectNetworkReceiveAsync0
+    - FwpsStreamInjectAsync0
+    - FwpsCopyStreamDataToBuffer0
+    - FwpmBfeStateGet0
+    - FwpmBfeStateSubscribeChanges0
+    - FwpmBfeStateUnsubscribeChanges0
+    - FwpsFlowRemoveContext0
+    - FwpsCompleteClassify0
+    - FwpsRedirectHandleDestroy0
+    - FwpsCloneStreamData0
+    - FwpsDiscardClonedStreamData0
+    - FwpsQueryPacketInjectionState0
+    - FwpsApplyModifiedLayerData0
+    - FwpsAcquireWritableLayerDataPointer0
+    - FwpsReleaseClassifyHandle0
+    - FwpsAcquireClassifyHandle0
+    - FwpsFlowAssociateContext0
+    - FwpsCalloutUnregisterByKey0
+    - FwpsCalloutRegister1
+    - FwpsPendClassify0
+    - FwpsAllocateNetBufferAndNetBufferList0
+    - NdisFreeNetBufferListPool
+    - NdisAllocateNetBufferListPool
+    - NdisWaitEvent
+    - NdisInitializeEvent
+    - NdisFreeGenericObject
+    - NdisAllocateGenericObject
+    - NdisGetDataBuffer
+    - NdisAdvanceNetBufferDataStart
+    - NdisRetreatNetBufferDataStart
+    - KeAcquireInStackQueuedSpinLock
+    - KeReleaseInStackQueuedSpinLock
+    - ExAllocatePoolWithTag
+    - ExUuidCreate
+    - swprintf_s
+    - RtlInitUnicodeString
+    - MmGetSystemRoutineAddress
+    - RtlAppendUnicodeToString
+    - RtlCreateSecurityDescriptor
+    - RtlSetDaclSecurityDescriptor
+    - KeInitializeEvent
+    - KeSetEvent
+    - KeWaitForSingleObject
+    - KeInitializeSpinLock
+    - ExFreePoolWithTag
+    - ExQueryDepthSList
+    - ExpInterlockedPopEntrySList
+    - ExpInterlockedPushEntrySList
+    - ExInitializeNPagedLookasideList
+    - ExDeleteNPagedLookasideList
+    - MmBuildMdlForNonPagedPool
+    - MmMapLockedPagesSpecifyCache
+    - MmUnmapLockedPages
+    - MmAllocatePagesForMdl
+    - MmFreePagesFromMdl
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - IoAllocateMdl
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - IoFreeMdl
+    - IoReleaseCancelSpinLock
+    - ObReferenceObjectByHandle
+    - ObfDereferenceObject
+    - ZwClose
+    - ZwOpenKey
+    - ZwQueryValueKey
+    - PsGetCurrentProcessId
+    - ZwSetInformationThread
+    - RtlLengthSid
+    - RtlCreateAcl
+    - RtlAddAccessAllowedAce
+    - PsLookupProcessByProcessId
+    - ObOpenObjectByPointer
+    - ZwSetSecurityObject
+    - __C_specific_handler
+    - SeExports
+    - RtlGetVersion
+    - RtlCompareMemory
+    - RtlValidSid
+    Imports:
+    - fwpkclnt.sys
+    - NDIS.SYS
+    - ntoskrnl.exe
+    InternalName: netfilter2.sys
+    MD5: 724c7d404a7c182084c6f6c2d20e9e05
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: netfilter2.sys
+    PDBPath: ''
+    Product: Windows (R) Win 7 DDK driver
+    ProductVersion: 6.2.9200.20557
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: c646eed94ec9e75c1a5498d3642cdab3
+        SHA1: 0d0761641e424cc895ba76723784427fcf297f4a
+        SHA256: 7cecb42d3d4ae8649f3b4714fbab29c4cef8e24a48b0eea2537824fc40f4ea7f
+    SHA1: ac056610db0b5f616aafacdc565d9b9f95870e60
+    SHA256: 71701c5c569ef67391c995a12b21ca06935b7799ed211d978f7877115c58dce0
+    Sections:
+        .text:
+            Entropy: 6.150053710509848
+            Virtual Size: '0x1019a'
+        .rdata:
+            Entropy: 4.871173021345663
+            Virtual Size: '0x1ddc'
+        .data:
+            Entropy: 2.2005364202433433
+            Virtual Size: '0x18c0'
+        .pdata:
+            Entropy: 5.031237899973202
+            Virtual Size: '0xe40'
+        INIT:
+            Entropy: 5.179921200293236
+            Virtual Size: '0xeca'
+        .rsrc:
+            Entropy: 3.5922103150308553
+            Virtual Size: '0x448'
+        .reloc:
+            Entropy: 3.7790472033993128
+            Virtual Size: '0x228'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Hardware Compatibility Publisher
+            ValidFrom: '2020-03-11 17:31:14'
+            ValidTo: '2021-03-05 17:31:14'
+            Signature: 7dfc7c353c4c04d9d06066e1ca8584637192eb15d1d6e7c5521b0d819d615fb56524985d30535b0573fb8e0d13173d51b27bd23b9a2052738891d67ed360766452b62c4566eb20c90f018229a8e951bf58df5a7d731c1e51217f471d470979f04e900920bfc8715122b331d82f68f73ebf3de36e09d18fbfed2f3c29190a41baafbca0025bf4e36310a04cb8e61c32fda677820aa693a7f5e69d3c3abdb495b12bb8b6d10f65d44fae945d9b0fcf695d4711fc9e1c0ddb1f569c13093e16c389f748d8fe60e8685f02357464564761db4cece391baa742f3ad3bcfa26e01975966ca41939c832bf1147bec870162ce042fd0cf10d048181ec573d317f2c5de21512f13b24de9bac9bb83fc2ceb4f6f766536fe38c03ede1f8b0a3b8828e8d914d73d0a17699ab20264a27a36e0f77c5144cf470bf44d2296290e345bd25c0bc6a08dd963ec39ce0e500599751c652dc20e9906c1ce76c1d86c09058ae8defb3d7b93b68a34ca83a981a30c2403723f7e5c664b1e951050002ad32e976db221c2d8c660047dc6acfe0da16d44c6372a5cd04b016a35193f841b903ba87e2d6e416a2c59469af9f16e249bb891f21ec22f2db0a84a48d7a9e43d2f7e3bdd016d600f57daf21829885ec035287ab332c32738f5e26c6d2502b2f044afb1e048c85c7c9baf76747de14ecdeca3c7481796a741672a047f89dafe2c12c01982a026c4
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 330000003a6ae333708fda7a7b00000000003a
+            Version: 3
+            TBS:
+                MD5: 6f5d716e7151f1c173396adb7213359e
+                SHA1: 100610baae90027e9844a8e9c4d489fe122ecd9c
+                SHA256: 677d532777cee24be88442efec75e9640e80ef57d8e1246396459a1a04be733f
+                SHA384: 35d397c22426b9c4c486fa5dd36c089209ab77026e981bd353ffbf060f54fd98f2afe9b45dd64c20614a5d5627b8dd0c
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2014
+            ValidFrom: '2014-10-15 20:31:27'
+            ValidTo: '2029-10-15 20:41:27'
+            Signature: 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 330000000d690d5d7893d076df00000000000d
+            Version: 3
+            TBS:
+                MD5: 83f69422963f11c3c340b81712eef319
+                SHA1: 0c5e5f24590b53bc291e28583acb78e5adc95601
+                SHA256: d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
+                SHA384: 260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63
+        Signer:
+        -   SerialNumber: 330000003a6ae333708fda7a7b00000000003a
+            Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2014
+            Version: 1
+    Imphash: c3658b106f146a18ba9b6e5c7bacfe9b
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 6d4517e6348130fe55f11bfd630d857f
+        SHA1: 60a632e4b838731aad553650d6bc8af3d3d80b26
+        SHA256: 8168304169a2453c0c3e0a285c2a07d3b3b83433e0342f6b33400c371af86221
+    Company: Windows (R) Win 7 DDK provider
+    Copyright: "Copyright \xA9 NetFilterSDK.com"
+    CreationTimestamp: '2020-09-15 00:54:17'
+    Date: ''
+    Description: NetFilter SDK WFP Driver (WPP)
+    ExportedFunctions: ''
+    FileVersion: '1.5.9.7 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - memcpy
+    - RtlValidSid
+    - IoFreeMdl
+    - RtlUnwind
+    - KeBugCheckEx
+    - RtlCompareMemory
+    - KeTickCount
+    - _allmul
+    - _aulldiv
+    - KeQuerySystemTime
+    - ExUuidCreate
+    - swprintf_s
+    - KeInitializeEvent
+    - PsCreateSystemThread
+    - ZwSetInformationThread
+    - ObReferenceObjectByHandle
+    - RtlAppendUnicodeToString
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - PsTerminateSystemThread
+    - MmGetSystemRoutineAddress
+    - PsLookupProcessByProcessId
+    - IoAllocateMdl
+    - MmBuildMdlForNonPagedPool
+    - IoReleaseCancelSpinLock
+    - PsGetCurrentProcessId
+    - IofCompleteRequest
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - KeWaitForSingleObject
+    - ObfDereferenceObject
+    - MmAllocatePagesForMdl
+    - MmMapLockedPagesSpecifyCache
+    - MmFreePagesFromMdl
+    - MmUnmapLockedPages
+    - KeSetEvent
+    - ObOpenObjectByPointer
+    - RtlLengthSid
+    - SeExports
+    - RtlCreateAcl
+    - RtlAddAccessAllowedAce
+    - RtlCreateSecurityDescriptor
+    - RtlSetDaclSecurityDescriptor
+    - ZwSetSecurityObject
+    - ZwQueryValueKey
+    - ExDeleteNPagedLookasideList
+    - ExInitializeNPagedLookasideList
+    - InterlockedPushEntrySList
+    - InterlockedPopEntrySList
+    - _aullrem
+    - ExFreePoolWithTag
+    - memset
+    - ExAllocatePoolWithTag
+    - RtlInitUnicodeString
+    - ZwOpenKey
+    - ZwClose
+    - KeReleaseInStackQueuedSpinLock
+    - KeGetCurrentIrql
+    - KeAcquireInStackQueuedSpinLock
+    - FwpsStreamInjectAsync0
+    - FwpmEngineOpen0
+    - FwpmProviderAdd0
+    - FwpmSubLayerDeleteByKey0
+    - FwpmProviderContextDeleteByKey0
+    - FwpsAcquireClassifyHandle0
+    - FwpsQueryPacketInjectionState0
+    - FwpsFlowAssociateContext0
+    - FwpmSubLayerAdd0
+    - FwpmSubLayerCreateEnumHandle0
+    - FwpmFreeMemory0
+    - FwpmSubLayerEnum0
+    - FwpmSubLayerDestroyEnumHandle0
+    - FwpmCalloutAdd0
+    - FwpmFilterAdd0
+    - FwpmTransactionBegin0
+    - FwpmEngineClose0
+    - FwpmTransactionCommit0
+    - FwpmTransactionAbort0
+    - FwpsCalloutRegister1
+    - FwpsCalloutUnregisterByKey0
+    - FwpsPendClassify0
+    - FwpsInjectionHandleCreate0
+    - FwpsCopyStreamDataToBuffer0
+    - FwpsInjectNetworkReceiveAsync0
+    - FwpsAcquireWritableLayerDataPointer0
+    - FwpsApplyModifiedLayerData0
+    - FwpsAllocateNetBufferAndNetBufferList0
+    - FwpsInjectTransportSendAsync0
+    - FwpsConstructIpHeaderForTransportPacket0
+    - FwpsInjectNetworkSendAsync0
+    - FwpsInjectTransportReceiveAsync0
+    - FwpsFreeCloneNetBufferList0
+    - FwpsInjectionHandleDestroy0
+    - FwpsFlowRemoveContext0
+    - FwpsCloneStreamData0
+    - FwpsCompleteClassify0
+    - FwpsReleaseClassifyHandle0
+    - FwpsDiscardClonedStreamData0
+    - FwpsFreeNetBufferList0
+    - FwpmBfeStateGet0
+    - FwpmBfeStateSubscribeChanges0
+    - FwpmBfeStateUnsubscribeChanges0
+    - NdisFreeGenericObject
+    - NdisInitializeEvent
+    - NdisFreeNetBufferListPool
+    - NdisGetDataBuffer
+    - NdisAdvanceNetBufferDataStart
+    - NdisRetreatNetBufferDataStart
+    - NdisAllocateNetBufferListPool
+    - NdisAllocateGenericObject
+    - NdisWaitEvent
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    - fwpkclnt.sys
+    - NDIS.SYS
+    InternalName: netfilter2.sys
+    MD5: c6dcf97b669be21dffd4e96aecec3066
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: netfilter2.sys
+    PDBPath: ''
+    Product: Windows (R) Win 7 DDK driver
+    ProductVersion: 6.1.7600.16385
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 4c93d23c41f384b75bda01c7ace495d8
+        SHA1: 28695a10b02de9e1ce2d2b70c463f5d3bbaeaf4c
+        SHA256: 4049be109d3e76b72f97f3faab4a4456933bce7ec4593342fd7046ca2bae226e
+    SHA1: 06b52ba103412f4ab49fac7129129c10570fd6fd
+    SHA256: 47e35f474f259314c588af35e88561a015801b52db523eb75fc7eccff8b3be4d
+    Sections:
+        .text:
+            Entropy: 6.467856349257126
+            Virtual Size: '0xb6d0'
+        .rdata:
+            Entropy: 4.408465659438351
+            Virtual Size: '0x8e0'
+        .data:
+            Entropy: 3.1025085790331026
+            Virtual Size: '0xfa4'
+        INIT:
+            Entropy: 5.518016943716045
+            Virtual Size: '0xd34'
+        .rsrc:
+            Entropy: 3.4014320333561083
+            Virtual Size: '0x3e0'
+        .reloc:
+            Entropy: 6.603171661071898
+            Virtual Size: '0xce2'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=IN, ST=Rajasthan, L=Jaipur, O=SYSTWEAK SOFTWARE PVT. LTD.,
+                CN=SYSTWEAK SOFTWARE PVT. LTD.
+            ValidFrom: '2020-07-03 00:00:00'
+            ValidTo: '2021-09-01 23:59:59'
+            Signature: 658280479fe306aab0994dc8906bc888a766f0a7cdf8b6e0f6008bee7672c4e903d8433af6a9b719a6089420404c164022d367e638da20898cfc10d30970a527a88fbb47ad4c50c44c14028ee1618992c921ac6c2fd07222d6751dba49b2c55b118de67b36d8cd7aa3e217f3a9d23ed2ad9c089d396ae12ed4b3d0fa3cf699c874f21001dcd68d2d8e11ea0d80c3721c7a961ab416dbf6351b81ba036b22b25c739614aa9c724555082c0c61d8600bbf5067132ae87773a8eace86519881e9dd89651a6dde6ab0a36e328e38d243e71ffb5dcbc287c163189c254950c1758d7e765b6d51460d94b6c0b8d185b687d3b4b686f0e5615df352747a1b5c3b1a1072
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 4b51e8986bf2670974fecc6dad020f19
+            Version: 3
+            TBS:
+                MD5: 0538926e1c7f1fcaee6540250d010840
+                SHA1: 59887d34eaaa74baf151589daef69b2b6f2d9b55
+                SHA256: b52255871658ceb663a52576f271ee86d661c2594fc3aa93bbf62ce8a8c77428
+                SHA384: ee73f9b450bfdd14f4ff8c141b4a40342f93f8ca16539ecd86c7c1fc6f13943c23dcfcb01db81d518e9d1a93bf4060f9
+        -   Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 SHA256 Code Signing CA
+            ValidFrom: '2013-12-10 00:00:00'
+            ValidTo: '2023-12-09 23:59:59'
+            Signature: 13851a1e69a937f7a0bda4af7e1d6153fe9d8c5e0ca6751e781723ddfdec1a035539fb7195c7655aa78e30d2445a61db706fda2105c22e73ba49f1d193fe5dc9cd5e03e0899e3f741ed7f7388ba9d6cfbb352f3358a89256d1c84d3b82e6798416fc28b0b147f31da23eee87d9a67fa456a53fad842e29de7cbca8aaa33d0401eaba93a20e502229174c87e43a115fd6a425899b056b2fb4c9014c277b0bac190522a060153fdac9fb4d4c8ffb726777fd2794c7ba350e8849fe8dfd28af4a12bd0db39705de440c15fa362b03dcc15001f1a1115d14e5e2bd274b54be2b845e0fa6c374050aef97c38922b11f77f3bdcd43d4f14ca93fb58b84af64f2d01421
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 3d78d7f9764960b2617df4f01eca862a
+            Version: 3
+            TBS:
+                MD5: 1f056ff7d5f874984dc605402b7cb042
+                SHA1: bdb348353a2203deb4b767914fa1bd7248dd728b
+                SHA256: a08e79c386083d875014c409c13d144e0a24386132980df11ff59737c8489eb1
+                SHA384: fa2729064b49e0d77540c1ee95d5f74acaf8eaf55197851a3a40383335f8113e51190bc48b552196edf8ac5cf0c89278
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        Signer:
+        -   SerialNumber: 4b51e8986bf2670974fecc6dad020f19
+            Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 SHA256 Code Signing CA
+            Version: 1
+    Imphash: fc1af6fcd96ae15019c6cbe9015709d3
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 6d4517e6348130fe55f11bfd630d857f
+        SHA1: 60a632e4b838731aad553650d6bc8af3d3d80b26
+        SHA256: 8168304169a2453c0c3e0a285c2a07d3b3b83433e0342f6b33400c371af86221
+    Company: Windows (R) Win 7 DDK provider
+    Copyright: "Copyright \xA9 NetFilterSDK.com"
+    CreationTimestamp: '2020-09-15 00:54:17'
+    Date: ''
+    Description: NetFilter SDK WFP Driver (WPP)
+    ExportedFunctions: ''
+    FileVersion: '1.5.9.7 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - memcpy
+    - RtlValidSid
+    - IoFreeMdl
+    - RtlUnwind
+    - KeBugCheckEx
+    - RtlCompareMemory
+    - KeTickCount
+    - _allmul
+    - _aulldiv
+    - KeQuerySystemTime
+    - ExUuidCreate
+    - swprintf_s
+    - KeInitializeEvent
+    - PsCreateSystemThread
+    - ZwSetInformationThread
+    - ObReferenceObjectByHandle
+    - RtlAppendUnicodeToString
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - PsTerminateSystemThread
+    - MmGetSystemRoutineAddress
+    - PsLookupProcessByProcessId
+    - IoAllocateMdl
+    - MmBuildMdlForNonPagedPool
+    - IoReleaseCancelSpinLock
+    - PsGetCurrentProcessId
+    - IofCompleteRequest
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - KeWaitForSingleObject
+    - ObfDereferenceObject
+    - MmAllocatePagesForMdl
+    - MmMapLockedPagesSpecifyCache
+    - MmFreePagesFromMdl
+    - MmUnmapLockedPages
+    - KeSetEvent
+    - ObOpenObjectByPointer
+    - RtlLengthSid
+    - SeExports
+    - RtlCreateAcl
+    - RtlAddAccessAllowedAce
+    - RtlCreateSecurityDescriptor
+    - RtlSetDaclSecurityDescriptor
+    - ZwSetSecurityObject
+    - ZwQueryValueKey
+    - ExDeleteNPagedLookasideList
+    - ExInitializeNPagedLookasideList
+    - InterlockedPushEntrySList
+    - InterlockedPopEntrySList
+    - _aullrem
+    - ExFreePoolWithTag
+    - memset
+    - ExAllocatePoolWithTag
+    - RtlInitUnicodeString
+    - ZwOpenKey
+    - ZwClose
+    - KeReleaseInStackQueuedSpinLock
+    - KeGetCurrentIrql
+    - KeAcquireInStackQueuedSpinLock
+    - FwpsStreamInjectAsync0
+    - FwpmEngineOpen0
+    - FwpmProviderAdd0
+    - FwpmSubLayerDeleteByKey0
+    - FwpmProviderContextDeleteByKey0
+    - FwpsAcquireClassifyHandle0
+    - FwpsQueryPacketInjectionState0
+    - FwpsFlowAssociateContext0
+    - FwpmSubLayerAdd0
+    - FwpmSubLayerCreateEnumHandle0
+    - FwpmFreeMemory0
+    - FwpmSubLayerEnum0
+    - FwpmSubLayerDestroyEnumHandle0
+    - FwpmCalloutAdd0
+    - FwpmFilterAdd0
+    - FwpmTransactionBegin0
+    - FwpmEngineClose0
+    - FwpmTransactionCommit0
+    - FwpmTransactionAbort0
+    - FwpsCalloutRegister1
+    - FwpsCalloutUnregisterByKey0
+    - FwpsPendClassify0
+    - FwpsInjectionHandleCreate0
+    - FwpsCopyStreamDataToBuffer0
+    - FwpsInjectNetworkReceiveAsync0
+    - FwpsAcquireWritableLayerDataPointer0
+    - FwpsApplyModifiedLayerData0
+    - FwpsAllocateNetBufferAndNetBufferList0
+    - FwpsInjectTransportSendAsync0
+    - FwpsConstructIpHeaderForTransportPacket0
+    - FwpsInjectNetworkSendAsync0
+    - FwpsInjectTransportReceiveAsync0
+    - FwpsFreeCloneNetBufferList0
+    - FwpsInjectionHandleDestroy0
+    - FwpsFlowRemoveContext0
+    - FwpsCloneStreamData0
+    - FwpsCompleteClassify0
+    - FwpsReleaseClassifyHandle0
+    - FwpsDiscardClonedStreamData0
+    - FwpsFreeNetBufferList0
+    - FwpmBfeStateGet0
+    - FwpmBfeStateSubscribeChanges0
+    - FwpmBfeStateUnsubscribeChanges0
+    - NdisFreeGenericObject
+    - NdisInitializeEvent
+    - NdisFreeNetBufferListPool
+    - NdisGetDataBuffer
+    - NdisAdvanceNetBufferDataStart
+    - NdisRetreatNetBufferDataStart
+    - NdisAllocateNetBufferListPool
+    - NdisAllocateGenericObject
+    - NdisWaitEvent
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    - fwpkclnt.sys
+    - NDIS.SYS
+    InternalName: netfilter2.sys
+    MD5: e9e4b27f98eb15dcfc01837e7816ad67
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: netfilter2.sys
+    PDBPath: ''
+    Product: Windows (R) Win 7 DDK driver
+    ProductVersion: 6.1.7600.16385
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 4c93d23c41f384b75bda01c7ace495d8
+        SHA1: 28695a10b02de9e1ce2d2b70c463f5d3bbaeaf4c
+        SHA256: 4049be109d3e76b72f97f3faab4a4456933bce7ec4593342fd7046ca2bae226e
+    SHA1: a3698922e9850404da1888beebb3f70ae3f8d62e
+    SHA256: 0eace788e09c8d3f793a1fad94d35bcfd233f0777873412cd0c8172865562eec
+    Sections:
+        .text:
+            Entropy: 6.467856349257126
+            Virtual Size: '0xb6d0'
+        .rdata:
+            Entropy: 4.408465659438351
+            Virtual Size: '0x8e0'
+        .data:
+            Entropy: 3.1025085790331026
+            Virtual Size: '0xfa4'
+        INIT:
+            Entropy: 5.518016943716045
+            Virtual Size: '0xd34'
+        .rsrc:
+            Entropy: 3.4014320333561083
+            Virtual Size: '0x3e0'
+        .reloc:
+            Entropy: 6.603171661071898
+            Virtual Size: '0xce2'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: ??=CN, ??=, ??=, ??=Private Organization, serialNumber=91420100MA49KFRB44,
+                C=CN, ST=, L=, O=, CN=
+            ValidFrom: '2020-10-26 00:00:00'
+            ValidTo: '2022-10-27 23:59:59'
+            Signature: 79197d1bcfcf1e9bad9b6e106ff984000ed506986e884b44056fe05b8ea34d36f5b368551ee2848e3a9f55caad769e641dfb27e2a7182ceaf33b7b7a96a0f0ee966cb67377c2ceebdb72e7672079721ebfe265f3f3e95aa080d0f53fbf70b810e6af342243e6d7af74a9c9e0cec31200ab074e500ef8f8d11541d3409ee0a42835e8a6ce2b19385a2738d00b8e31f874c41e5cea3e30bee081840a3c83ad3aba7aff0240caacc839c0bdab5448d3376f3d7360eb77ba366cb7e3364f638ba48b37e82f03baa20868717f6c58a0175dd5417d1670e97c8dc8b6b021e39f5ce087b63a6de6f46968d7ee37135d40b309b56c12e314b46cd74a51638196a2e02e1c
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0108cbaee60728f5bf06e45a56d6f170
+            Version: 3
+            TBS:
+                MD5: 4e8398340fdf2c302ef881776b4626e7
+                SHA1: 483073cdc5b9b560c2d5aa80b62fa184ae4467ba
+                SHA256: b9d8daa31a25a3c525aa5cb844ced8da586540f20dc0a004209c598a56b95401
+                SHA384: 7c7d3a1f5042fca415289ad926b2826a85551195994fa8e8398f747a63672ed1c9196be485f0c2da9fa6801c170518f4
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA
+            ValidFrom: '2012-04-18 12:00:00'
+            ValidTo: '2027-04-18 12:00:00'
+            Signature: 9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0dd0e3374ac95bdbfa6b434b2a48ec06
+            Version: 3
+            TBS:
+                MD5: f92649915476229b093c211c2b18e6c4
+                SHA1: 2d54c16a8f8b69ccdea48d0603c132f547a5cf75
+                SHA256: 2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
+                SHA384: 511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 0108cbaee60728f5bf06e45a56d6f170
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA
+            Version: 1
+    Imphash: fc1af6fcd96ae15019c6cbe9015709d3
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: ddbb824860937add7c0f86c5df993d3a
+        SHA1: 03f0dd3124ec3a4bb6d30865a488f54e74ded699
+        SHA256: dfaefd06b680f9ea837e7815fc1cc7d1f4cc375641ac850667ab20739f46ad22
+    Company: "\u5B8F\u56FE\u65E0\u5FE7"
+    Copyright: "Copyright \xA9 wyjsq.com"
+    CreationTimestamp: '2019-06-10 08:45:55'
+    Date: ''
+    Description: WYJSQ TDI Hook Driver (WPP)
+    ExportedFunctions: ''
+    FileVersion: '1.4.9.5 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - KeReleaseSpinLock
+    - KeAcquireSpinLockRaiseToDpc
+    - IoDeleteSymbolicLink
+    - PsLookupProcessByProcessId
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - MmGetSystemRoutineAddress
+    - ZwClose
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - ObOpenObjectByPointer
+    - IofCallDriver
+    - IoDetachDevice
+    - IoBuildDeviceIoControlRequest
+    - RtlDowncaseUnicodeString
+    - KeInitializeEvent
+    - MmBuildMdlForNonPagedPool
+    - IoFreeMdl
+    - KeInsertQueueDpc
+    - KeWaitForSingleObject
+    - PsGetCurrentProcessId
+    - IoAllocateMdl
+    - ExFreePoolWithTag
+    - IoFreeIrp
+    - IoReleaseCancelSpinLock
+    - MmMapLockedPagesSpecifyCache
+    - IoAllocateIrp
+    - KeInitializeTimer
+    - RtlAppendUnicodeToString
+    - KeInitializeDpc
+    - IoGetDeviceObjectPointer
+    - IoAttachDeviceToDeviceStack
+    - KeSetTimer
+    - ObfReferenceObject
+    - MmFreePagesFromMdl
+    - MmUnmapLockedPages
+    - MmAllocatePagesForMdl
+    - RtlCreateAcl
+    - RtlSetDaclSecurityDescriptor
+    - RtlAddAccessAllowedAce
+    - ZwQueryValueKey
+    - ZwSetSecurityObject
+    - SeExports
+    - RtlLengthSid
+    - RtlCreateSecurityDescriptor
+    - ZwOpenKey
+    - KeBugCheckEx
+    - ObReferenceObjectByHandle
+    - ExAllocatePoolWithTag
+    - __C_specific_handler
+    - TdiMapUserRequest
+    Imports:
+    - ntoskrnl.exe
+    - TDI.SYS
+    InternalName: netfilter2.sys
+    MD5: 6088826a0114f777e486ff093a8d4150
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: netfilter2.sys
+    PDBPath: ''
+    Product: "\u65E0\u5FE7\u52A0\u901F\u5668\u9A71\u52A8\u6587\u4EF6"
+    ProductVersion: 1.5.8.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: a8cfc1c4c595dbd9909445a5e7ed9a54
+        SHA1: 93a8f9bf4e4c8886fc1d435828ab6706d11cfdf9
+        SHA256: dd65f865e9c50e9dde3584d90f0927d21042665aa375918708b4792861041072
+    SHA1: abce61b428d48fabdb8ddfff4d61d2f1edac0128
+    SHA256: 18b923b169b2c3c7db5cbfda0db0999f04adb2cf6c917e5b1fb2ff04714ecac1
+    Sections:
+        .text:
+            Entropy: 6.179201826106955
+            Virtual Size: '0x10102'
+        .rdata:
+            Entropy: 5.090786112456744
+            Virtual Size: '0x1d0c'
+        .data:
+            Entropy: 0.30140680731160896
+            Virtual Size: '0x19f0'
+        .pdata:
+            Entropy: 5.089722001786172
+            Virtual Size: '0x11c4'
+        INIT:
+            Entropy: 5.207307453400592
+            Virtual Size: '0x6fa'
+        .rsrc:
+            Entropy: 3.5406326624657645
+            Virtual Size: '0x418'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: C=CN, ST=, L=, O=, CN=
+            ValidFrom: '2019-06-27 00:00:00'
+            ValidTo: '2020-06-30 12:00:00'
+            Signature: 03dde89129103227d1e3b60f8112561b8b40ba165d1c9d6867aa730429a5534bb8fd6f9883704c5d2ddc938bbb8477a37ea3e01ecc696079a283e4d2534ca96b5049034c454324abf188ab6536ba0ee6e6f1f194a23363d9198eb829cf68834cd952074413bd9711e39037d0ecdba6ec2c7e2c7b46946c4ebea4ee1b84b7cb6582826da8eeafc5d1e9daf8f777480a7507017a6c485b25d94df9546c4ad4ebba85d79ce89422571b2e03557ba2b0396c4bacb5262e51cde8fe9c46d1f0e5e414757f53f5aded921c117f8c7bcf8caa4acc00b120c7a0a48ea84bd618e65c867d74367ab9f3285929c4f98e587f3620bb066906ffe450a911ded794c508f656a7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 09450b8f73ea43e39d2cdd56049dbe40
+            Version: 3
+            TBS:
+                MD5: bcfecc67375f580ac6eadd789860b1f8
+                SHA1: 3fa9cf13a1816a6e358bb1ca12e050662bc2e178
+                SHA256: fbb627aabbe2b2dbfdddfbad14392049b0d76f8d9679f3d550333b84b20320df
+                SHA384: d496c3920c3ab14a3c79e9bd41351912f045ea3b42ba9ec0cb0b1f778d1178174a831fe89848a8226957f2b6f079f01d
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
+            Version: 3
+            TBS:
+                MD5: 829995f702421dea833a24fb2c7f4442
+                SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
+                SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
+                SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 09450b8f73ea43e39d2cdd56049dbe40
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            Version: 1
+    Imphash: 55ef49522fb4f4b2667521ff4804a19a
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: ddbb824860937add7c0f86c5df993d3a
+        SHA1: 03f0dd3124ec3a4bb6d30865a488f54e74ded699
+        SHA256: dfaefd06b680f9ea837e7815fc1cc7d1f4cc375641ac850667ab20739f46ad22
+    Company: "\u5B8F\u56FE\u65E0\u5FE7"
+    Copyright: "Copyright \xA9 wyjsq.com"
+    CreationTimestamp: '2019-06-10 08:45:55'
+    Date: ''
+    Description: WYJSQ TDI Hook Driver (WPP)
+    ExportedFunctions: ''
+    FileVersion: '1.4.9.5 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - KeReleaseSpinLock
+    - KeAcquireSpinLockRaiseToDpc
+    - IoDeleteSymbolicLink
+    - PsLookupProcessByProcessId
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - MmGetSystemRoutineAddress
+    - ZwClose
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - ObOpenObjectByPointer
+    - IofCallDriver
+    - IoDetachDevice
+    - IoBuildDeviceIoControlRequest
+    - RtlDowncaseUnicodeString
+    - KeInitializeEvent
+    - MmBuildMdlForNonPagedPool
+    - IoFreeMdl
+    - KeInsertQueueDpc
+    - KeWaitForSingleObject
+    - PsGetCurrentProcessId
+    - IoAllocateMdl
+    - ExFreePoolWithTag
+    - IoFreeIrp
+    - IoReleaseCancelSpinLock
+    - MmMapLockedPagesSpecifyCache
+    - IoAllocateIrp
+    - KeInitializeTimer
+    - RtlAppendUnicodeToString
+    - KeInitializeDpc
+    - IoGetDeviceObjectPointer
+    - IoAttachDeviceToDeviceStack
+    - KeSetTimer
+    - ObfReferenceObject
+    - MmFreePagesFromMdl
+    - MmUnmapLockedPages
+    - MmAllocatePagesForMdl
+    - RtlCreateAcl
+    - RtlSetDaclSecurityDescriptor
+    - RtlAddAccessAllowedAce
+    - ZwQueryValueKey
+    - ZwSetSecurityObject
+    - SeExports
+    - RtlLengthSid
+    - RtlCreateSecurityDescriptor
+    - ZwOpenKey
+    - KeBugCheckEx
+    - ObReferenceObjectByHandle
+    - ExAllocatePoolWithTag
+    - __C_specific_handler
+    - TdiMapUserRequest
+    Imports:
+    - ntoskrnl.exe
+    - TDI.SYS
+    InternalName: netfilter2.sys
+    MD5: c56a3a74019e2304af8c19e8e17dd9d3
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: netfilter2.sys
+    PDBPath: ''
+    Product: "\u65E0\u5FE7\u52A0\u901F\u5668\u9A71\u52A8\u6587\u4EF6"
+    ProductVersion: 1.5.8.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: a8cfc1c4c595dbd9909445a5e7ed9a54
+        SHA1: 93a8f9bf4e4c8886fc1d435828ab6706d11cfdf9
+        SHA256: dd65f865e9c50e9dde3584d90f0927d21042665aa375918708b4792861041072
+    SHA1: 91f693850d7e42ae135e07eae6940e0f58dc4de7
+    SHA256: edc6e32e3545f859e5b49ece1cabd13623122c1f03a2f7454a61034b3ff577ed
+    Sections:
+        .text:
+            Entropy: 6.179201826106955
+            Virtual Size: '0x10102'
+        .rdata:
+            Entropy: 5.090786112456744
+            Virtual Size: '0x1d0c'
+        .data:
+            Entropy: 0.30140680731160896
+            Virtual Size: '0x19f0'
+        .pdata:
+            Entropy: 5.089722001786172
+            Virtual Size: '0x11c4'
+        INIT:
+            Entropy: 5.207307453400592
+            Virtual Size: '0x6fa'
+        .rsrc:
+            Entropy: 3.5406326624657645
+            Virtual Size: '0x418'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: C=CN, ST=, L=, O=, CN=
+            ValidFrom: '2019-06-27 00:00:00'
+            ValidTo: '2020-06-30 12:00:00'
+            Signature: 03dde89129103227d1e3b60f8112561b8b40ba165d1c9d6867aa730429a5534bb8fd6f9883704c5d2ddc938bbb8477a37ea3e01ecc696079a283e4d2534ca96b5049034c454324abf188ab6536ba0ee6e6f1f194a23363d9198eb829cf68834cd952074413bd9711e39037d0ecdba6ec2c7e2c7b46946c4ebea4ee1b84b7cb6582826da8eeafc5d1e9daf8f777480a7507017a6c485b25d94df9546c4ad4ebba85d79ce89422571b2e03557ba2b0396c4bacb5262e51cde8fe9c46d1f0e5e414757f53f5aded921c117f8c7bcf8caa4acc00b120c7a0a48ea84bd618e65c867d74367ab9f3285929c4f98e587f3620bb066906ffe450a911ded794c508f656a7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 09450b8f73ea43e39d2cdd56049dbe40
+            Version: 3
+            TBS:
+                MD5: bcfecc67375f580ac6eadd789860b1f8
+                SHA1: 3fa9cf13a1816a6e358bb1ca12e050662bc2e178
+                SHA256: fbb627aabbe2b2dbfdddfbad14392049b0d76f8d9679f3d550333b84b20320df
+                SHA384: d496c3920c3ab14a3c79e9bd41351912f045ea3b42ba9ec0cb0b1f778d1178174a831fe89848a8226957f2b6f079f01d
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
+            Version: 3
+            TBS:
+                MD5: 829995f702421dea833a24fb2c7f4442
+                SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
+                SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
+                SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 09450b8f73ea43e39d2cdd56049dbe40
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            Version: 1
+    Imphash: 55ef49522fb4f4b2667521ff4804a19a
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: b42afd5a5225094c7943185e769bc995
+        SHA1: 22c5e127e7e7c567d8624607a6f8f5809deacb55
+        SHA256: de6bf572d39e2611773e7a01f0388f84fb25da6cba2f1f8b9b36ffba467de6fa
+    Company: "\u5B8F\u56FE\u65E0\u5FE7"
+    Copyright: "Copyright \xA9 wyjsq.com"
+    CreationTimestamp: '2019-06-10 08:45:52'
+    Date: ''
+    Description: WYJSQ TDI Hook Driver (WPP)
+    ExportedFunctions: ''
+    FileVersion: '1.4.9.5 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - IoDeleteSymbolicLink
+    - IofCompleteRequest
+    - ZwClose
+    - ObfDereferenceObject
+    - ObOpenObjectByPointer
+    - PsLookupProcessByProcessId
+    - MmGetSystemRoutineAddress
+    - RtlInitUnicodeString
+    - IoDetachDevice
+    - IofCallDriver
+    - IoFreeMdl
+    - memcpy
+    - MmBuildMdlForNonPagedPool
+    - IoBuildDeviceIoControlRequest
+    - IoAllocateMdl
+    - RtlDowncaseUnicodeString
+    - PsGetCurrentProcessId
+    - KeWaitForSingleObject
+    - KeInitializeEvent
+    - KeInsertQueueDpc
+    - IoReleaseCancelSpinLock
+    - ObReferenceObjectByHandle
+    - IoDeleteDevice
+    - MmMapLockedPagesSpecifyCache
+    - IoAllocateIrp
+    - KeInitializeTimer
+    - KeInitializeDpc
+    - RtlAppendUnicodeToString
+    - IoAttachDeviceToDeviceStack
+    - IoGetDeviceObjectPointer
+    - ObfReferenceObject
+    - KeSetTimer
+    - MmFreePagesFromMdl
+    - MmUnmapLockedPages
+    - MmAllocatePagesForMdl
+    - ZwQueryValueKey
+    - ZwOpenKey
+    - ZwSetSecurityObject
+    - RtlSetDaclSecurityDescriptor
+    - RtlCreateSecurityDescriptor
+    - RtlAddAccessAllowedAce
+    - RtlCreateAcl
+    - RtlLengthSid
+    - SeExports
+    - KeTickCount
+    - KeBugCheckEx
+    - _aullrem
+    - ExFreePoolWithTag
+    - memset
+    - IoFreeIrp
+    - ExAllocatePoolWithTag
+    - RtlUnwind
+    - KfAcquireSpinLock
+    - KfReleaseSpinLock
+    - TdiMapUserRequest
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    - TDI.SYS
+    InternalName: netfilter2.sys
+    MD5: e3b79b124fe408b971d18fd3a25b5ba0
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: netfilter2.sys
+    PDBPath: ''
+    Product: "\u65E0\u5FE7\u52A0\u901F\u5668"
+    ProductVersion: 1.5.8.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: ea1a25e78d69ef318ef4d2fbfd420541
+        SHA1: 1f795bc5eaecf5ee96f77ae703426b5f65e0d895
+        SHA256: 1c10422043879162a1e9a246a3125f545a119afc8c25fd6822f48509ee2a02c0
+    SHA1: 5d1338b06e52a2dd3afda4dd0374a80e91cbf333
+    SHA256: 2fa78c2988f9580b0c18822b117d065fb419f9c476f4cfa43925ba6cd2dffac3
+    Sections:
+        .text:
+            Entropy: 6.296843927579521
+            Virtual Size: '0xb482'
+        .rdata:
+            Entropy: 4.07360217642813
+            Virtual Size: '0x214'
+        .data:
+            Entropy: 0.021179877335710875
+            Virtual Size: '0x1458'
+        INIT:
+            Entropy: 5.460393228615208
+            Virtual Size: '0x64a'
+        .rsrc:
+            Entropy: 3.514358315657194
+            Virtual Size: '0x408'
+        .reloc:
+            Entropy: 6.490758317321038
+            Virtual Size: '0xca2'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: C=CN, ST=, L=, O=, CN=
+            ValidFrom: '2019-06-27 00:00:00'
+            ValidTo: '2020-06-30 12:00:00'
+            Signature: 03dde89129103227d1e3b60f8112561b8b40ba165d1c9d6867aa730429a5534bb8fd6f9883704c5d2ddc938bbb8477a37ea3e01ecc696079a283e4d2534ca96b5049034c454324abf188ab6536ba0ee6e6f1f194a23363d9198eb829cf68834cd952074413bd9711e39037d0ecdba6ec2c7e2c7b46946c4ebea4ee1b84b7cb6582826da8eeafc5d1e9daf8f777480a7507017a6c485b25d94df9546c4ad4ebba85d79ce89422571b2e03557ba2b0396c4bacb5262e51cde8fe9c46d1f0e5e414757f53f5aded921c117f8c7bcf8caa4acc00b120c7a0a48ea84bd618e65c867d74367ab9f3285929c4f98e587f3620bb066906ffe450a911ded794c508f656a7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 09450b8f73ea43e39d2cdd56049dbe40
+            Version: 3
+            TBS:
+                MD5: bcfecc67375f580ac6eadd789860b1f8
+                SHA1: 3fa9cf13a1816a6e358bb1ca12e050662bc2e178
+                SHA256: fbb627aabbe2b2dbfdddfbad14392049b0d76f8d9679f3d550333b84b20320df
+                SHA384: d496c3920c3ab14a3c79e9bd41351912f045ea3b42ba9ec0cb0b1f778d1178174a831fe89848a8226957f2b6f079f01d
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
+            Version: 3
+            TBS:
+                MD5: 829995f702421dea833a24fb2c7f4442
+                SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
+                SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
+                SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 09450b8f73ea43e39d2cdd56049dbe40
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            Version: 1
+    Imphash: dc1fe38f597362ae167fd4212146aa60
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 52cef25aecab8b66f05e29df206d6375
+        SHA1: 4e5e719362cd48bb323803c1d00afde11d4b9d4c
+        SHA256: 44a0599defea351314663582dbc61069b3a095a4ddad571bb17dd0d8b21e7ff2
+    Company: Windows (R) Win 7 DDK provider
+    Copyright: "Copyright \xA9 NetFilterSDK.com"
+    CreationTimestamp: '2020-09-15 00:54:42'
+    Date: ''
+    Description: NetFilter SDK WFP Driver (WPP)
+    ExportedFunctions: ''
+    FileVersion: 1.5.9.7
+    Filename: ''
+    ImportedFunctions:
+    - FwpmTransactionCommit0
+    - FwpmTransactionAbort0
+    - FwpmProviderAdd0
+    - FwpmProviderContextDeleteByKey0
+    - FwpmSubLayerAdd0
+    - FwpmSubLayerDeleteByKey0
+    - FwpmSubLayerCreateEnumHandle0
+    - FwpmSubLayerEnum0
+    - FwpmSubLayerDestroyEnumHandle0
+    - FwpmCalloutAdd0
+    - FwpmFilterAdd0
+    - FwpsFlowAbort0
+    - FwpsInjectionHandleCreate0
+    - FwpsInjectionHandleDestroy0
+    - FwpsAllocateNetBufferAndNetBufferList0
+    - FwpsFreeNetBufferList0
+    - FwpmTransactionBegin0
+    - FwpsInjectNetworkSendAsync0
+    - FwpsConstructIpHeaderForTransportPacket0
+    - FwpsInjectTransportSendAsync0
+    - FwpsInjectTransportReceiveAsync0
+    - FwpsInjectNetworkReceiveAsync0
+    - FwpsStreamInjectAsync0
+    - FwpsCopyStreamDataToBuffer0
+    - FwpmBfeStateGet0
+    - FwpmBfeStateSubscribeChanges0
+    - FwpmBfeStateUnsubscribeChanges0
+    - FwpsFlowRemoveContext0
+    - FwpsCompleteClassify0
+    - FwpsRedirectHandleDestroy0
+    - FwpsCloneStreamData0
+    - FwpsDiscardClonedStreamData0
+    - FwpmEngineClose0
+    - FwpmEngineOpen0
+    - FwpmFreeMemory0
+    - FwpsRedirectHandleCreate0
+    - FwpsQueryPacketInjectionState0
+    - FwpsApplyModifiedLayerData0
+    - FwpsAcquireWritableLayerDataPointer0
+    - FwpsReleaseClassifyHandle0
+    - FwpsFlowAssociateContext0
+    - FwpsAcquireClassifyHandle0
+    - FwpsCalloutUnregisterByKey0
+    - FwpsCalloutRegister1
+    - FwpsPendClassify0
+    - FwpsFreeCloneNetBufferList0
+    - NdisAllocateNetBufferListPool
+    - NdisWaitEvent
+    - NdisInitializeEvent
+    - NdisFreeGenericObject
+    - NdisAllocateGenericObject
+    - NdisGetDataBuffer
+    - NdisAdvanceNetBufferDataStart
+    - NdisRetreatNetBufferDataStart
+    - NdisFreeNetBufferListPool
+    - memset
+    - RtlInitUnicodeString
+    - MmGetSystemRoutineAddress
+    - RtlAppendUnicodeToString
+    - RtlCreateSecurityDescriptor
+    - RtlSetDaclSecurityDescriptor
+    - KeInitializeEvent
+    - KeSetEvent
+    - KeWaitForSingleObject
+    - KeInitializeSpinLock
+    - ExFreePoolWithTag
+    - InterlockedPopEntrySList
+    - InterlockedPushEntrySList
+    - ExInitializeNPagedLookasideList
+    - ExDeleteNPagedLookasideList
+    - MmBuildMdlForNonPagedPool
+    - MmMapLockedPagesSpecifyCache
+    - MmUnmapLockedPages
+    - MmAllocatePagesForMdl
+    - MmFreePagesFromMdl
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - IoAllocateMdl
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - IoFreeMdl
+    - IoReleaseCancelSpinLock
+    - ObReferenceObjectByHandle
+    - ObfDereferenceObject
+    - ZwClose
+    - ZwOpenKey
+    - ZwQueryValueKey
+    - PsGetCurrentProcessId
+    - ZwSetInformationThread
+    - RtlLengthSid
+    - RtlCreateAcl
+    - RtlAddAccessAllowedAce
+    - PsLookupProcessByProcessId
+    - ObOpenObjectByPointer
+    - ZwSetSecurityObject
+    - SeExports
+    - RtlGetVersion
+    - KeQuerySystemTime
+    - _allmul
+    - _aulldiv
+    - _aullrem
+    - RtlCompareMemory
+    - RtlValidSid
+    - RtlUnwind
+    - memcpy
+    - ExUuidCreate
+    - ExAllocatePoolWithTag
+    - swprintf_s
+    - KeReleaseInStackQueuedSpinLock
+    - KeGetCurrentIrql
+    - KeAcquireInStackQueuedSpinLock
+    Imports:
+    - fwpkclnt.sys
+    - NDIS.SYS
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: netfilter2.sys
+    MD5: e1190b7a0bd3b8cc3a819d471ede264f
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: netfilter2.sys
+    PDBPath: ''
+    Product: Windows (R) Win 7 DDK driver
+    ProductVersion: 6.2.9200.20557
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: b873ce00fb531a917db2341eff66f88d
+        SHA1: 0f24abad7feabd2abb4b819dedc5ab9b9de3e33c
+        SHA256: 54b267b1987fc423443455d94ce6d7b42dd9357bef9de2d67bea3bc6a83fb0cc
+    SHA1: 1ea5d1bad9b01a38aa20b2cc2fcd90b3adcb1700
+    SHA256: 65a3e69854c729659281d2c5f8a4c8274ad3606befdcd9e1b79d3262f260bfa1
+    Sections:
+        .text:
+            Entropy: 6.24160242971194
+            Virtual Size: '0xe8c2'
+        .rdata:
+            Entropy: 4.577904288123528
+            Virtual Size: '0x914'
+        .data:
+            Entropy: 3.197711573383127
+            Virtual Size: '0xf90'
+        INIT:
+            Entropy: 5.598078462986293
+            Virtual Size: '0xd76'
+        .rsrc:
+            Entropy: 3.5912667039027926
+            Virtual Size: '0x448'
+        .reloc:
+            Entropy: 6.614956595399758
+            Virtual Size: '0x12c8'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: ??=CN, ??=, ??=, ??=Private Organization, serialNumber=91330701MA28DMHT4Y,
+                C=CN, ST=, L=, O=, CN=
+            ValidFrom: '2019-03-22 00:00:00'
+            ValidTo: '2021-03-25 12:00:00'
+            Signature: 5e1cb6b58ffb591e3a704dc59756f1ecc243200154b08df383197a63b507099accf1fb5302f3868ccebd3057fbab16d7a9bdcf143a9502d3489e7f673d0fd81c4feb5f98561f7c0971d93ed826da97dbd0622d55a14be6cffd7c18b7668fb800afba5c12037b1d673409daf19e06dc378ff0da81facc1c3d85f5f740a83a01c1ab827c9fe78ef252f1e8f0d91eb9d231f88f155d5571ca01bc222a1e6efedd466d2fab104e7eb1d390df00fc22e006ff9d5291b720faa6b907f8e5440b2f6b3284fc4e91c9c16a2ab3ccc977f147709117e1d97824663e55602037259f03488ce6f6ab82476b2ff21df0351d53690bb404bff4c78f419ab59b10e97751c5442d
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0af5efac8e1cb5bb290394d315079dbe
+            Version: 3
+            TBS:
+                MD5: 11e15766710ca8d294dcaf75cdc481c7
+                SHA1: d4fbc4f59e8ac285a2a1cdde885eab8ec7c073f2
+                SHA256: 8235db8c900fcefb648b477bd93a19628b36ff95f3c53237eeae5d3dc6edb450
+                SHA384: c4cfee6d8a6b56e5bba6101fe888f15aa529ddac3176c45cd413cf427447a3fe15c3eaa1b61c91b740519edd61d51d60
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA
+            ValidFrom: '2012-04-18 12:00:00'
+            ValidTo: '2027-04-18 12:00:00'
+            Signature: 9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0dd0e3374ac95bdbfa6b434b2a48ec06
+            Version: 3
+            TBS:
+                MD5: f92649915476229b093c211c2b18e6c4
+                SHA1: 2d54c16a8f8b69ccdea48d0603c132f547a5cf75
+                SHA256: 2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
+                SHA384: 511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 0af5efac8e1cb5bb290394d315079dbe
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA
+            Version: 1
+    Imphash: 79c0d702a9da102f56d81f4efe802fbf
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 6d4517e6348130fe55f11bfd630d857f
+        SHA1: 60a632e4b838731aad553650d6bc8af3d3d80b26
+        SHA256: 8168304169a2453c0c3e0a285c2a07d3b3b83433e0342f6b33400c371af86221
+    Company: Windows (R) Win 7 DDK provider
+    Copyright: "Copyright \xA9 NetFilterSDK.com"
+    CreationTimestamp: '2020-09-15 00:54:17'
+    Date: ''
+    Description: NetFilter SDK WFP Driver (WPP)
+    ExportedFunctions: ''
+    FileVersion: '1.5.9.7 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - memcpy
+    - RtlValidSid
+    - IoFreeMdl
+    - RtlUnwind
+    - KeBugCheckEx
+    - RtlCompareMemory
+    - KeTickCount
+    - _allmul
+    - _aulldiv
+    - KeQuerySystemTime
+    - ExUuidCreate
+    - swprintf_s
+    - KeInitializeEvent
+    - PsCreateSystemThread
+    - ZwSetInformationThread
+    - ObReferenceObjectByHandle
+    - RtlAppendUnicodeToString
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - PsTerminateSystemThread
+    - MmGetSystemRoutineAddress
+    - PsLookupProcessByProcessId
+    - IoAllocateMdl
+    - MmBuildMdlForNonPagedPool
+    - IoReleaseCancelSpinLock
+    - PsGetCurrentProcessId
+    - IofCompleteRequest
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - KeWaitForSingleObject
+    - ObfDereferenceObject
+    - MmAllocatePagesForMdl
+    - MmMapLockedPagesSpecifyCache
+    - MmFreePagesFromMdl
+    - MmUnmapLockedPages
+    - KeSetEvent
+    - ObOpenObjectByPointer
+    - RtlLengthSid
+    - SeExports
+    - RtlCreateAcl
+    - RtlAddAccessAllowedAce
+    - RtlCreateSecurityDescriptor
+    - RtlSetDaclSecurityDescriptor
+    - ZwSetSecurityObject
+    - ZwQueryValueKey
+    - ExDeleteNPagedLookasideList
+    - ExInitializeNPagedLookasideList
+    - InterlockedPushEntrySList
+    - InterlockedPopEntrySList
+    - _aullrem
+    - ExFreePoolWithTag
+    - memset
+    - ExAllocatePoolWithTag
+    - RtlInitUnicodeString
+    - ZwOpenKey
+    - ZwClose
+    - KeReleaseInStackQueuedSpinLock
+    - KeGetCurrentIrql
+    - KeAcquireInStackQueuedSpinLock
+    - FwpsStreamInjectAsync0
+    - FwpmEngineOpen0
+    - FwpmProviderAdd0
+    - FwpmSubLayerDeleteByKey0
+    - FwpmProviderContextDeleteByKey0
+    - FwpsAcquireClassifyHandle0
+    - FwpsQueryPacketInjectionState0
+    - FwpsFlowAssociateContext0
+    - FwpmSubLayerAdd0
+    - FwpmSubLayerCreateEnumHandle0
+    - FwpmFreeMemory0
+    - FwpmSubLayerEnum0
+    - FwpmSubLayerDestroyEnumHandle0
+    - FwpmCalloutAdd0
+    - FwpmFilterAdd0
+    - FwpmTransactionBegin0
+    - FwpmEngineClose0
+    - FwpmTransactionCommit0
+    - FwpmTransactionAbort0
+    - FwpsCalloutRegister1
+    - FwpsCalloutUnregisterByKey0
+    - FwpsPendClassify0
+    - FwpsInjectionHandleCreate0
+    - FwpsCopyStreamDataToBuffer0
+    - FwpsInjectNetworkReceiveAsync0
+    - FwpsAcquireWritableLayerDataPointer0
+    - FwpsApplyModifiedLayerData0
+    - FwpsAllocateNetBufferAndNetBufferList0
+    - FwpsInjectTransportSendAsync0
+    - FwpsConstructIpHeaderForTransportPacket0
+    - FwpsInjectNetworkSendAsync0
+    - FwpsInjectTransportReceiveAsync0
+    - FwpsFreeCloneNetBufferList0
+    - FwpsInjectionHandleDestroy0
+    - FwpsFlowRemoveContext0
+    - FwpsCloneStreamData0
+    - FwpsCompleteClassify0
+    - FwpsReleaseClassifyHandle0
+    - FwpsDiscardClonedStreamData0
+    - FwpsFreeNetBufferList0
+    - FwpmBfeStateGet0
+    - FwpmBfeStateSubscribeChanges0
+    - FwpmBfeStateUnsubscribeChanges0
+    - NdisFreeGenericObject
+    - NdisInitializeEvent
+    - NdisFreeNetBufferListPool
+    - NdisGetDataBuffer
+    - NdisAdvanceNetBufferDataStart
+    - NdisRetreatNetBufferDataStart
+    - NdisAllocateNetBufferListPool
+    - NdisAllocateGenericObject
+    - NdisWaitEvent
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    - fwpkclnt.sys
+    - NDIS.SYS
+    InternalName: netfilter2.sys
+    MD5: 3a53fe6598d2b9bc3b81d3dd6bc5d843
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: netfilter2.sys
+    PDBPath: ''
+    Product: Windows (R) Win 7 DDK driver
+    ProductVersion: 6.1.7600.16385
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 4c93d23c41f384b75bda01c7ace495d8
+        SHA1: 28695a10b02de9e1ce2d2b70c463f5d3bbaeaf4c
+        SHA256: 4049be109d3e76b72f97f3faab4a4456933bce7ec4593342fd7046ca2bae226e
+    SHA1: 8fbe153c1059a7fce265d5f6e6d8836c3aebe39e
+    SHA256: f488500be4eaafba74b644be95d4c0523297770fb9bb78c449f643ab8d4a05d9
+    Sections:
+        .text:
+            Entropy: 6.467856349257126
+            Virtual Size: '0xb6d0'
+        .rdata:
+            Entropy: 4.408465659438351
+            Virtual Size: '0x8e0'
+        .data:
+            Entropy: 3.1025085790331026
+            Virtual Size: '0xfa4'
+        INIT:
+            Entropy: 5.518016943716045
+            Virtual Size: '0xd34'
+        .rsrc:
+            Entropy: 3.4014320333561083
+            Virtual Size: '0x3e0'
+        .reloc:
+            Entropy: 6.603171661071898
+            Virtual Size: '0xce2'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: ??=CN, ??=, ??=, ??=Private Organization, serialNumber=91330701MA28DMHT4Y,
+                C=CN, ST=, L=, O=, CN=
+            ValidFrom: '2019-03-22 00:00:00'
+            ValidTo: '2021-03-25 12:00:00'
+            Signature: 5e1cb6b58ffb591e3a704dc59756f1ecc243200154b08df383197a63b507099accf1fb5302f3868ccebd3057fbab16d7a9bdcf143a9502d3489e7f673d0fd81c4feb5f98561f7c0971d93ed826da97dbd0622d55a14be6cffd7c18b7668fb800afba5c12037b1d673409daf19e06dc378ff0da81facc1c3d85f5f740a83a01c1ab827c9fe78ef252f1e8f0d91eb9d231f88f155d5571ca01bc222a1e6efedd466d2fab104e7eb1d390df00fc22e006ff9d5291b720faa6b907f8e5440b2f6b3284fc4e91c9c16a2ab3ccc977f147709117e1d97824663e55602037259f03488ce6f6ab82476b2ff21df0351d53690bb404bff4c78f419ab59b10e97751c5442d
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0af5efac8e1cb5bb290394d315079dbe
+            Version: 3
+            TBS:
+                MD5: 11e15766710ca8d294dcaf75cdc481c7
+                SHA1: d4fbc4f59e8ac285a2a1cdde885eab8ec7c073f2
+                SHA256: 8235db8c900fcefb648b477bd93a19628b36ff95f3c53237eeae5d3dc6edb450
+                SHA384: c4cfee6d8a6b56e5bba6101fe888f15aa529ddac3176c45cd413cf427447a3fe15c3eaa1b61c91b740519edd61d51d60
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA
+            ValidFrom: '2012-04-18 12:00:00'
+            ValidTo: '2027-04-18 12:00:00'
+            Signature: 9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0dd0e3374ac95bdbfa6b434b2a48ec06
+            Version: 3
+            TBS:
+                MD5: f92649915476229b093c211c2b18e6c4
+                SHA1: 2d54c16a8f8b69ccdea48d0603c132f547a5cf75
+                SHA256: 2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
+                SHA384: 511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 0af5efac8e1cb5bb290394d315079dbe
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA
+            Version: 1
+    Imphash: fc1af6fcd96ae15019c6cbe9015709d3
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 3361957860d2b65c0368778ca088946f
+        SHA1: 6a784d45517142c11d5cca3ff9956b2ed6eaf4c9
+        SHA256: e94e8a87459db56837d1c58f9854794aa99f36566a9ded9b398be9d4d3a2c2af
+    Company: Windows (R) Win 7 DDK provider
+    Copyright: "Copyright \xA9 NetFilterSDK.com"
+    CreationTimestamp: '2020-09-15 00:54:41'
+    Date: ''
+    Description: NetFilter SDK WFP Driver (WPP)
+    ExportedFunctions: ''
+    FileVersion: 1.5.9.7
+    Filename: ''
+    ImportedFunctions:
+    - FwpmFreeMemory0
+    - FwpmEngineOpen0
+    - FwpmEngineClose0
+    - FwpmTransactionBegin0
+    - FwpmTransactionCommit0
+    - FwpmTransactionAbort0
+    - FwpmProviderAdd0
+    - FwpmProviderContextDeleteByKey0
+    - FwpmSubLayerAdd0
+    - FwpmSubLayerDeleteByKey0
+    - FwpmSubLayerCreateEnumHandle0
+    - FwpmSubLayerEnum0
+    - FwpmSubLayerDestroyEnumHandle0
+    - FwpmCalloutAdd0
+    - FwpmFilterAdd0
+    - FwpsFlowAbort0
+    - FwpsInjectionHandleCreate0
+    - FwpsInjectionHandleDestroy0
+    - FwpsRedirectHandleCreate0
+    - FwpsFreeNetBufferList0
+    - FwpsFreeCloneNetBufferList0
+    - FwpsInjectNetworkSendAsync0
+    - FwpsConstructIpHeaderForTransportPacket0
+    - FwpsInjectTransportSendAsync0
+    - FwpsInjectTransportReceiveAsync0
+    - FwpsInjectNetworkReceiveAsync0
+    - FwpsStreamInjectAsync0
+    - FwpsCopyStreamDataToBuffer0
+    - FwpmBfeStateGet0
+    - FwpmBfeStateSubscribeChanges0
+    - FwpmBfeStateUnsubscribeChanges0
+    - FwpsFlowRemoveContext0
+    - FwpsCompleteClassify0
+    - FwpsRedirectHandleDestroy0
+    - FwpsCloneStreamData0
+    - FwpsDiscardClonedStreamData0
+    - FwpsQueryPacketInjectionState0
+    - FwpsApplyModifiedLayerData0
+    - FwpsAcquireWritableLayerDataPointer0
+    - FwpsReleaseClassifyHandle0
+    - FwpsAcquireClassifyHandle0
+    - FwpsFlowAssociateContext0
+    - FwpsCalloutUnregisterByKey0
+    - FwpsCalloutRegister1
+    - FwpsPendClassify0
+    - FwpsAllocateNetBufferAndNetBufferList0
+    - NdisFreeNetBufferListPool
+    - NdisAllocateNetBufferListPool
+    - NdisWaitEvent
+    - NdisInitializeEvent
+    - NdisFreeGenericObject
+    - NdisAllocateGenericObject
+    - NdisGetDataBuffer
+    - NdisAdvanceNetBufferDataStart
+    - NdisRetreatNetBufferDataStart
+    - KeAcquireInStackQueuedSpinLock
+    - KeReleaseInStackQueuedSpinLock
+    - ExAllocatePoolWithTag
+    - ExUuidCreate
+    - swprintf_s
+    - RtlInitUnicodeString
+    - MmGetSystemRoutineAddress
+    - RtlAppendUnicodeToString
+    - RtlCreateSecurityDescriptor
+    - RtlSetDaclSecurityDescriptor
+    - KeInitializeEvent
+    - KeSetEvent
+    - KeWaitForSingleObject
+    - KeInitializeSpinLock
+    - ExFreePoolWithTag
+    - ExQueryDepthSList
+    - ExpInterlockedPopEntrySList
+    - ExpInterlockedPushEntrySList
+    - ExInitializeNPagedLookasideList
+    - ExDeleteNPagedLookasideList
+    - MmBuildMdlForNonPagedPool
+    - MmMapLockedPagesSpecifyCache
+    - MmUnmapLockedPages
+    - MmAllocatePagesForMdl
+    - MmFreePagesFromMdl
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - IoAllocateMdl
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - IoFreeMdl
+    - IoReleaseCancelSpinLock
+    - ObReferenceObjectByHandle
+    - ObfDereferenceObject
+    - ZwClose
+    - ZwOpenKey
+    - ZwQueryValueKey
+    - PsGetCurrentProcessId
+    - ZwSetInformationThread
+    - RtlLengthSid
+    - RtlCreateAcl
+    - RtlAddAccessAllowedAce
+    - PsLookupProcessByProcessId
+    - ObOpenObjectByPointer
+    - ZwSetSecurityObject
+    - __C_specific_handler
+    - SeExports
+    - RtlGetVersion
+    - RtlCompareMemory
+    - RtlValidSid
+    Imports:
+    - fwpkclnt.sys
+    - NDIS.SYS
+    - ntoskrnl.exe
+    InternalName: netfilter2.sys
+    MD5: 837b27efec864ae45d89cfffc1e635f0
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: netfilter2.sys
+    PDBPath: ''
+    Product: Windows (R) Win 7 DDK driver
+    ProductVersion: 6.2.9200.20557
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: c646eed94ec9e75c1a5498d3642cdab3
+        SHA1: 0d0761641e424cc895ba76723784427fcf297f4a
+        SHA256: 7cecb42d3d4ae8649f3b4714fbab29c4cef8e24a48b0eea2537824fc40f4ea7f
+    SHA1: f03a9bb8c6943c3db7532ccc39cc1905a62f27be
+    SHA256: 0f3e7bf7b103613844a38afb574817ddaecd00e4d206d891660dbb0e5dfee04e
+    Sections:
+        .text:
+            Entropy: 6.150053710509848
+            Virtual Size: '0x1019a'
+        .rdata:
+            Entropy: 4.871173021345663
+            Virtual Size: '0x1ddc'
+        .data:
+            Entropy: 2.2005364202433433
+            Virtual Size: '0x18c0'
+        .pdata:
+            Entropy: 5.031237899973202
+            Virtual Size: '0xe40'
+        INIT:
+            Entropy: 5.179921200293236
+            Virtual Size: '0xeca'
+        .rsrc:
+            Entropy: 3.5922103150308553
+            Virtual Size: '0x448'
+        .reloc:
+            Entropy: 3.7790472033993128
+            Virtual Size: '0x228'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: ??=CN, ??=, ??=, ??=Private Organization, serialNumber=91330701MA28DMHT4Y,
+                C=CN, ST=, L=, O=, CN=
+            ValidFrom: '2019-03-22 00:00:00'
+            ValidTo: '2021-03-25 12:00:00'
+            Signature: 5e1cb6b58ffb591e3a704dc59756f1ecc243200154b08df383197a63b507099accf1fb5302f3868ccebd3057fbab16d7a9bdcf143a9502d3489e7f673d0fd81c4feb5f98561f7c0971d93ed826da97dbd0622d55a14be6cffd7c18b7668fb800afba5c12037b1d673409daf19e06dc378ff0da81facc1c3d85f5f740a83a01c1ab827c9fe78ef252f1e8f0d91eb9d231f88f155d5571ca01bc222a1e6efedd466d2fab104e7eb1d390df00fc22e006ff9d5291b720faa6b907f8e5440b2f6b3284fc4e91c9c16a2ab3ccc977f147709117e1d97824663e55602037259f03488ce6f6ab82476b2ff21df0351d53690bb404bff4c78f419ab59b10e97751c5442d
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0af5efac8e1cb5bb290394d315079dbe
+            Version: 3
+            TBS:
+                MD5: 11e15766710ca8d294dcaf75cdc481c7
+                SHA1: d4fbc4f59e8ac285a2a1cdde885eab8ec7c073f2
+                SHA256: 8235db8c900fcefb648b477bd93a19628b36ff95f3c53237eeae5d3dc6edb450
+                SHA384: c4cfee6d8a6b56e5bba6101fe888f15aa529ddac3176c45cd413cf427447a3fe15c3eaa1b61c91b740519edd61d51d60
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA
+            ValidFrom: '2012-04-18 12:00:00'
+            ValidTo: '2027-04-18 12:00:00'
+            Signature: 9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0dd0e3374ac95bdbfa6b434b2a48ec06
+            Version: 3
+            TBS:
+                MD5: f92649915476229b093c211c2b18e6c4
+                SHA1: 2d54c16a8f8b69ccdea48d0603c132f547a5cf75
+                SHA256: 2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
+                SHA384: 511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 0af5efac8e1cb5bb290394d315079dbe
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA
+            Version: 1
+    Imphash: c3658b106f146a18ba9b6e5c7bacfe9b
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: fd8b9266dc98e0af514babcbba122265
+        SHA1: dc38cc55b84a1a7c0846fb5509b43b4ff97a9be6
+        SHA256: fafa1bb36f0ac34b762a10e9f327dcab2152a6d0b16a19697362d49a31e7f566
+    Company: "\u5B8F\u56FE\u65E0\u5FE7"
+    Copyright: "Copyright \xA9 wyjsq.com"
+    CreationTimestamp: '2019-06-10 08:45:42'
+    Date: ''
+    Description: WYJSQ WFP Driver (WPP)
+    ExportedFunctions: ''
+    FileVersion: '1.5.7.8 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - KeBugCheckEx
+    - ExUuidCreate
+    - swprintf_s
+    - RtlCreateSecurityDescriptor
+    - RtlLengthSid
+    - IoAllocateMdl
+    - ObOpenObjectByPointer
+    - IoReleaseCancelSpinLock
+    - IoCreateDevice
+    - MmFreePagesFromMdl
+    - ObfDereferenceObject
+    - PsGetCurrentProcessId
+    - IoCreateSymbolicLink
+    - SeExports
+    - ZwSetSecurityObject
+    - KeWaitForSingleObject
+    - ObReferenceObjectByHandle
+    - ZwSetInformationThread
+    - IofCompleteRequest
+    - PsTerminateSystemThread
+    - ZwQueryValueKey
+    - MmMapLockedPagesSpecifyCache
+    - PsCreateSystemThread
+    - RtlAddAccessAllowedAce
+    - MmBuildMdlForNonPagedPool
+    - MmAllocatePagesForMdl
+    - KeInitializeEvent
+    - RtlAppendUnicodeToString
+    - MmGetSystemRoutineAddress
+    - KeSetEvent
+    - IoDeleteDevice
+    - RtlSetDaclSecurityDescriptor
+    - PsLookupProcessByProcessId
+    - RtlCreateAcl
+    - IoDeleteSymbolicLink
+    - MmUnmapLockedPages
+    - ExDeleteNPagedLookasideList
+    - ExQueryDepthSList
+    - IoFreeMdl
+    - ExpInterlockedPopEntrySList
+    - KeAcquireInStackQueuedSpinLock
+    - ExpInterlockedPushEntrySList
+    - KeReleaseInStackQueuedSpinLock
+    - ExInitializeNPagedLookasideList
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - ZwOpenKey
+    - ZwClose
+    - RtlInitUnicodeString
+    - __C_specific_handler
+    - FwpsFlowAssociateContext0
+    - FwpsCalloutUnregisterByKey0
+    - FwpmSubLayerAdd0
+    - FwpsQueryPacketInjectionState0
+    - FwpmSubLayerDeleteByKey0
+    - FwpmSubLayerEnum0
+    - FwpmTransactionCommit0
+    - FwpmSubLayerCreateEnumHandle0
+    - FwpmSubLayerDestroyEnumHandle0
+    - FwpmProviderContextDeleteByKey0
+    - FwpmCalloutAdd0
+    - FwpmProviderAdd0
+    - FwpmTransactionAbort0
+    - FwpmEngineOpen0
+    - FwpsAcquireClassifyHandle0
+    - FwpmFilterAdd0
+    - FwpsPendClassify0
+    - FwpsCalloutRegister1
+    - FwpmTransactionBegin0
+    - FwpmEngineClose0
+    - FwpmFreeMemory0
+    - FwpsAcquireWritableLayerDataPointer0
+    - FwpsApplyModifiedLayerData0
+    - FwpsInjectNetworkReceiveAsync0
+    - FwpsFreeCloneNetBufferList0
+    - FwpsInjectionHandleDestroy0
+    - FwpsConstructIpHeaderForTransportPacket0
+    - FwpsAllocateNetBufferAndNetBufferList0
+    - FwpsInjectionHandleCreate0
+    - FwpsInjectTransportReceiveAsync0
+    - FwpsInjectNetworkSendAsync0
+    - FwpsCopyStreamDataToBuffer0
+    - FwpsInjectTransportSendAsync0
+    - FwpsFlowRemoveContext0
+    - FwpsCloneStreamData0
+    - FwpsCompleteClassify0
+    - FwpsStreamInjectAsync0
+    - FwpsReleaseClassifyHandle0
+    - FwpsDiscardClonedStreamData0
+    - FwpmBfeStateGet0
+    - FwpmBfeStateSubscribeChanges0
+    - FwpmBfeStateUnsubscribeChanges0
+    - FwpsFreeNetBufferList0
+    - NdisAllocateGenericObject
+    - NdisWaitEvent
+    - NdisAllocateNetBufferListPool
+    - NdisInitializeEvent
+    - NdisFreeGenericObject
+    - NdisFreeNetBufferListPool
+    - NdisGetDataBuffer
+    - NdisRetreatNetBufferDataStart
+    - NdisAdvanceNetBufferDataStart
+    Imports:
+    - ntoskrnl.exe
+    - fwpkclnt.sys
+    - NDIS.SYS
+    InternalName: netfilter2.sys
+    MD5: 5035359be554444dde135903e4a07b28
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: netfilter2.sys
+    PDBPath: ''
+    Product: "\u65E0\u5FE7\u52A0\u901F\u5668"
+    ProductVersion: 6.1.7600.16385
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: a56ba6fc66a7556100c90b00913a984c
+        SHA1: b236fd12e7887836407fd8ff0acd7192685f3704
+        SHA256: 464507424adf04e3a3c84ab69df0eb8a21f311a35cdf11ad898a50995fbfba19
+    SHA1: 5686bec46dedcea3a8724bb042a1d24ddd6f4c81
+    SHA256: 12656fc113b178fa3e6bfffc6473897766c44120082483eb8059ebff29b5d2df
+    Sections:
+        .text:
+            Entropy: 6.242867685753186
+            Virtual Size: '0xd86e'
+        .rdata:
+            Entropy: 5.37002131800132
+            Virtual Size: '0xb44'
+        .data:
+            Entropy: 1.6857744414226499
+            Virtual Size: '0x1598'
+        .pdata:
+            Entropy: 4.530780747243636
+            Virtual Size: '0x690'
+        INIT:
+            Entropy: 5.309039021372289
+            Virtual Size: '0xe64'
+        .rsrc:
+            Entropy: 3.531521158202179
+            Virtual Size: '0x418'
+        .reloc:
+            Entropy: 3.6690718801051645
+            Virtual Size: '0x1ce'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: C=CN, ST=, L=, O=, CN=
+            ValidFrom: '2019-06-27 00:00:00'
+            ValidTo: '2020-06-30 12:00:00'
+            Signature: 03dde89129103227d1e3b60f8112561b8b40ba165d1c9d6867aa730429a5534bb8fd6f9883704c5d2ddc938bbb8477a37ea3e01ecc696079a283e4d2534ca96b5049034c454324abf188ab6536ba0ee6e6f1f194a23363d9198eb829cf68834cd952074413bd9711e39037d0ecdba6ec2c7e2c7b46946c4ebea4ee1b84b7cb6582826da8eeafc5d1e9daf8f777480a7507017a6c485b25d94df9546c4ad4ebba85d79ce89422571b2e03557ba2b0396c4bacb5262e51cde8fe9c46d1f0e5e414757f53f5aded921c117f8c7bcf8caa4acc00b120c7a0a48ea84bd618e65c867d74367ab9f3285929c4f98e587f3620bb066906ffe450a911ded794c508f656a7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 09450b8f73ea43e39d2cdd56049dbe40
+            Version: 3
+            TBS:
+                MD5: bcfecc67375f580ac6eadd789860b1f8
+                SHA1: 3fa9cf13a1816a6e358bb1ca12e050662bc2e178
+                SHA256: fbb627aabbe2b2dbfdddfbad14392049b0d76f8d9679f3d550333b84b20320df
+                SHA384: d496c3920c3ab14a3c79e9bd41351912f045ea3b42ba9ec0cb0b1f778d1178174a831fe89848a8226957f2b6f079f01d
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
+            Version: 3
+            TBS:
+                MD5: 829995f702421dea833a24fb2c7f4442
+                SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
+                SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
+                SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 09450b8f73ea43e39d2cdd56049dbe40
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            Version: 1
+    Imphash: 8e0e7a2f5025b047a8ebd12a87d503fe
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: ddbb824860937add7c0f86c5df993d3a
+        SHA1: 03f0dd3124ec3a4bb6d30865a488f54e74ded699
+        SHA256: dfaefd06b680f9ea837e7815fc1cc7d1f4cc375641ac850667ab20739f46ad22
+    Company: "\u5B8F\u56FE\u65E0\u5FE7"
+    Copyright: "Copyright \xA9 wyjsq.com"
+    CreationTimestamp: '2019-06-10 08:45:55'
+    Date: ''
+    Description: WYJSQ TDI Hook Driver (WPP)
+    ExportedFunctions: ''
+    FileVersion: '1.4.9.5 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - KeReleaseSpinLock
+    - KeAcquireSpinLockRaiseToDpc
+    - IoDeleteSymbolicLink
+    - PsLookupProcessByProcessId
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - MmGetSystemRoutineAddress
+    - ZwClose
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - ObOpenObjectByPointer
+    - IofCallDriver
+    - IoDetachDevice
+    - IoBuildDeviceIoControlRequest
+    - RtlDowncaseUnicodeString
+    - KeInitializeEvent
+    - MmBuildMdlForNonPagedPool
+    - IoFreeMdl
+    - KeInsertQueueDpc
+    - KeWaitForSingleObject
+    - PsGetCurrentProcessId
+    - IoAllocateMdl
+    - ExFreePoolWithTag
+    - IoFreeIrp
+    - IoReleaseCancelSpinLock
+    - MmMapLockedPagesSpecifyCache
+    - IoAllocateIrp
+    - KeInitializeTimer
+    - RtlAppendUnicodeToString
+    - KeInitializeDpc
+    - IoGetDeviceObjectPointer
+    - IoAttachDeviceToDeviceStack
+    - KeSetTimer
+    - ObfReferenceObject
+    - MmFreePagesFromMdl
+    - MmUnmapLockedPages
+    - MmAllocatePagesForMdl
+    - RtlCreateAcl
+    - RtlSetDaclSecurityDescriptor
+    - RtlAddAccessAllowedAce
+    - ZwQueryValueKey
+    - ZwSetSecurityObject
+    - SeExports
+    - RtlLengthSid
+    - RtlCreateSecurityDescriptor
+    - ZwOpenKey
+    - KeBugCheckEx
+    - ObReferenceObjectByHandle
+    - ExAllocatePoolWithTag
+    - __C_specific_handler
+    - TdiMapUserRequest
+    Imports:
+    - ntoskrnl.exe
+    - TDI.SYS
+    InternalName: netfilter2.sys
+    MD5: 5c7d08cafbb96b0812a90ce4de52869a
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: netfilter2.sys
+    PDBPath: ''
+    Product: "\u65E0\u5FE7\u52A0\u901F\u5668\u9A71\u52A8\u6587\u4EF6"
+    ProductVersion: 1.5.8.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: a8cfc1c4c595dbd9909445a5e7ed9a54
+        SHA1: 93a8f9bf4e4c8886fc1d435828ab6706d11cfdf9
+        SHA256: dd65f865e9c50e9dde3584d90f0927d21042665aa375918708b4792861041072
+    SHA1: eff9b9458f4eb611478a0c959f156f3dc7e62c08
+    SHA256: 79e7165e626c7bde546cd1bea4b9ec206de8bed7821479856bdb0a2adc3e3617
+    Sections:
+        .text:
+            Entropy: 6.179201826106955
+            Virtual Size: '0x10102'
+        .rdata:
+            Entropy: 5.090786112456744
+            Virtual Size: '0x1d0c'
+        .data:
+            Entropy: 0.30140680731160896
+            Virtual Size: '0x19f0'
+        .pdata:
+            Entropy: 5.089722001786172
+            Virtual Size: '0x11c4'
+        INIT:
+            Entropy: 5.207307453400592
+            Virtual Size: '0x6fa'
+        .rsrc:
+            Entropy: 3.5406326624657645
+            Virtual Size: '0x418'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: C=CN, ST=, L=, O=, CN=
+            ValidFrom: '2019-06-27 00:00:00'
+            ValidTo: '2020-06-30 12:00:00'
+            Signature: 03dde89129103227d1e3b60f8112561b8b40ba165d1c9d6867aa730429a5534bb8fd6f9883704c5d2ddc938bbb8477a37ea3e01ecc696079a283e4d2534ca96b5049034c454324abf188ab6536ba0ee6e6f1f194a23363d9198eb829cf68834cd952074413bd9711e39037d0ecdba6ec2c7e2c7b46946c4ebea4ee1b84b7cb6582826da8eeafc5d1e9daf8f777480a7507017a6c485b25d94df9546c4ad4ebba85d79ce89422571b2e03557ba2b0396c4bacb5262e51cde8fe9c46d1f0e5e414757f53f5aded921c117f8c7bcf8caa4acc00b120c7a0a48ea84bd618e65c867d74367ab9f3285929c4f98e587f3620bb066906ffe450a911ded794c508f656a7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 09450b8f73ea43e39d2cdd56049dbe40
+            Version: 3
+            TBS:
+                MD5: bcfecc67375f580ac6eadd789860b1f8
+                SHA1: 3fa9cf13a1816a6e358bb1ca12e050662bc2e178
+                SHA256: fbb627aabbe2b2dbfdddfbad14392049b0d76f8d9679f3d550333b84b20320df
+                SHA384: d496c3920c3ab14a3c79e9bd41351912f045ea3b42ba9ec0cb0b1f778d1178174a831fe89848a8226957f2b6f079f01d
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
+            Version: 3
+            TBS:
+                MD5: 829995f702421dea833a24fb2c7f4442
+                SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
+                SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
+                SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 09450b8f73ea43e39d2cdd56049dbe40
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            Version: 1
+    Imphash: 55ef49522fb4f4b2667521ff4804a19a
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: b42afd5a5225094c7943185e769bc995
+        SHA1: 22c5e127e7e7c567d8624607a6f8f5809deacb55
+        SHA256: de6bf572d39e2611773e7a01f0388f84fb25da6cba2f1f8b9b36ffba467de6fa
+    Company: "\u5B8F\u56FE\u65E0\u5FE7"
+    Copyright: "Copyright \xA9 wyjsq.com"
+    CreationTimestamp: '2019-06-10 08:45:52'
+    Date: ''
+    Description: WYJSQ TDI Hook Driver (WPP)
+    ExportedFunctions: ''
+    FileVersion: '1.4.9.5 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - IoDeleteSymbolicLink
+    - IofCompleteRequest
+    - ZwClose
+    - ObfDereferenceObject
+    - ObOpenObjectByPointer
+    - PsLookupProcessByProcessId
+    - MmGetSystemRoutineAddress
+    - RtlInitUnicodeString
+    - IoDetachDevice
+    - IofCallDriver
+    - IoFreeMdl
+    - memcpy
+    - MmBuildMdlForNonPagedPool
+    - IoBuildDeviceIoControlRequest
+    - IoAllocateMdl
+    - RtlDowncaseUnicodeString
+    - PsGetCurrentProcessId
+    - KeWaitForSingleObject
+    - KeInitializeEvent
+    - KeInsertQueueDpc
+    - IoReleaseCancelSpinLock
+    - ObReferenceObjectByHandle
+    - IoDeleteDevice
+    - MmMapLockedPagesSpecifyCache
+    - IoAllocateIrp
+    - KeInitializeTimer
+    - KeInitializeDpc
+    - RtlAppendUnicodeToString
+    - IoAttachDeviceToDeviceStack
+    - IoGetDeviceObjectPointer
+    - ObfReferenceObject
+    - KeSetTimer
+    - MmFreePagesFromMdl
+    - MmUnmapLockedPages
+    - MmAllocatePagesForMdl
+    - ZwQueryValueKey
+    - ZwOpenKey
+    - ZwSetSecurityObject
+    - RtlSetDaclSecurityDescriptor
+    - RtlCreateSecurityDescriptor
+    - RtlAddAccessAllowedAce
+    - RtlCreateAcl
+    - RtlLengthSid
+    - SeExports
+    - KeTickCount
+    - KeBugCheckEx
+    - _aullrem
+    - ExFreePoolWithTag
+    - memset
+    - IoFreeIrp
+    - ExAllocatePoolWithTag
+    - RtlUnwind
+    - KfAcquireSpinLock
+    - KfReleaseSpinLock
+    - TdiMapUserRequest
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    - TDI.SYS
+    InternalName: netfilter2.sys
+    MD5: 546107a0f37686b2417f1be2e05305f6
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: netfilter2.sys
+    PDBPath: ''
+    Product: "\u65E0\u5FE7\u52A0\u901F\u5668"
+    ProductVersion: 1.5.8.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: ea1a25e78d69ef318ef4d2fbfd420541
+        SHA1: 1f795bc5eaecf5ee96f77ae703426b5f65e0d895
+        SHA256: 1c10422043879162a1e9a246a3125f545a119afc8c25fd6822f48509ee2a02c0
+    SHA1: b06af934021f48fa31db5759fa1eafa1927fc7e5
+    SHA256: 6a234a2b8eb3844f7b5831ee048f88e8a76e9d38e753cc82f61b234c79fe1660
+    Sections:
+        .text:
+            Entropy: 6.296843927579521
+            Virtual Size: '0xb482'
+        .rdata:
+            Entropy: 4.07360217642813
+            Virtual Size: '0x214'
+        .data:
+            Entropy: 0.021179877335710875
+            Virtual Size: '0x1458'
+        INIT:
+            Entropy: 5.460393228615208
+            Virtual Size: '0x64a'
+        .rsrc:
+            Entropy: 3.514358315657194
+            Virtual Size: '0x408'
+        .reloc:
+            Entropy: 6.490758317321038
+            Virtual Size: '0xca2'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: C=CN, ST=, L=, O=, CN=
+            ValidFrom: '2019-06-27 00:00:00'
+            ValidTo: '2020-06-30 12:00:00'
+            Signature: 03dde89129103227d1e3b60f8112561b8b40ba165d1c9d6867aa730429a5534bb8fd6f9883704c5d2ddc938bbb8477a37ea3e01ecc696079a283e4d2534ca96b5049034c454324abf188ab6536ba0ee6e6f1f194a23363d9198eb829cf68834cd952074413bd9711e39037d0ecdba6ec2c7e2c7b46946c4ebea4ee1b84b7cb6582826da8eeafc5d1e9daf8f777480a7507017a6c485b25d94df9546c4ad4ebba85d79ce89422571b2e03557ba2b0396c4bacb5262e51cde8fe9c46d1f0e5e414757f53f5aded921c117f8c7bcf8caa4acc00b120c7a0a48ea84bd618e65c867d74367ab9f3285929c4f98e587f3620bb066906ffe450a911ded794c508f656a7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 09450b8f73ea43e39d2cdd56049dbe40
+            Version: 3
+            TBS:
+                MD5: bcfecc67375f580ac6eadd789860b1f8
+                SHA1: 3fa9cf13a1816a6e358bb1ca12e050662bc2e178
+                SHA256: fbb627aabbe2b2dbfdddfbad14392049b0d76f8d9679f3d550333b84b20320df
+                SHA384: d496c3920c3ab14a3c79e9bd41351912f045ea3b42ba9ec0cb0b1f778d1178174a831fe89848a8226957f2b6f079f01d
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
+            Version: 3
+            TBS:
+                MD5: 829995f702421dea833a24fb2c7f4442
+                SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
+                SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
+                SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 09450b8f73ea43e39d2cdd56049dbe40
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            Version: 1
+    Imphash: dc1fe38f597362ae167fd4212146aa60
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 0d76526227d593a8967ed866b5991e10
+        SHA1: 3ae56ab63230d6d9552360845b4a37b5801cc5ea
+        SHA256: e9b433a33dc72eb2622947b41f01d04a48cd71beac775a88f3f1e4c838090ee8
+    Company: Windows (R) Win 7 DDK provider
+    Copyright: "Copyright \xA9 NetFilterSDK.com"
+    CreationTimestamp: '2020-09-15 00:54:19'
+    Date: ''
+    Description: NetFilter SDK WFP Driver (WPP)
+    ExportedFunctions: ''
+    FileVersion: '1.5.9.7 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - KeBugCheckEx
+    - ExUuidCreate
+    - swprintf_s
+    - RtlCreateSecurityDescriptor
+    - RtlLengthSid
+    - IoAllocateMdl
+    - ObOpenObjectByPointer
+    - IoReleaseCancelSpinLock
+    - IoCreateDevice
+    - MmFreePagesFromMdl
+    - ObfDereferenceObject
+    - PsGetCurrentProcessId
+    - IoCreateSymbolicLink
+    - SeExports
+    - ZwSetSecurityObject
+    - KeWaitForSingleObject
+    - ObReferenceObjectByHandle
+    - ZwSetInformationThread
+    - IofCompleteRequest
+    - PsTerminateSystemThread
+    - ZwQueryValueKey
+    - MmMapLockedPagesSpecifyCache
+    - PsCreateSystemThread
+    - RtlAddAccessAllowedAce
+    - MmBuildMdlForNonPagedPool
+    - MmAllocatePagesForMdl
+    - KeInitializeEvent
+    - RtlAppendUnicodeToString
+    - MmGetSystemRoutineAddress
+    - KeSetEvent
+    - IoDeleteDevice
+    - RtlSetDaclSecurityDescriptor
+    - PsLookupProcessByProcessId
+    - RtlCreateAcl
+    - IoDeleteSymbolicLink
+    - MmUnmapLockedPages
+    - RtlCompareMemory
+    - RtlValidSid
+    - ExDeleteNPagedLookasideList
+    - ExQueryDepthSList
+    - IoFreeMdl
+    - ExpInterlockedPopEntrySList
+    - KeAcquireInStackQueuedSpinLock
+    - ExpInterlockedPushEntrySList
+    - KeReleaseInStackQueuedSpinLock
+    - ExInitializeNPagedLookasideList
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - ZwOpenKey
+    - ZwClose
+    - RtlInitUnicodeString
+    - __C_specific_handler
+    - FwpsFlowAssociateContext0
+    - FwpsCalloutUnregisterByKey0
+    - FwpmSubLayerAdd0
+    - FwpsQueryPacketInjectionState0
+    - FwpmSubLayerDeleteByKey0
+    - FwpmSubLayerEnum0
+    - FwpmTransactionCommit0
+    - FwpmSubLayerCreateEnumHandle0
+    - FwpmSubLayerDestroyEnumHandle0
+    - FwpmProviderContextDeleteByKey0
+    - FwpmCalloutAdd0
+    - FwpmProviderAdd0
+    - FwpmTransactionAbort0
+    - FwpmEngineOpen0
+    - FwpsAcquireClassifyHandle0
+    - FwpmFilterAdd0
+    - FwpsPendClassify0
+    - FwpsCalloutRegister1
+    - FwpmTransactionBegin0
+    - FwpmEngineClose0
+    - FwpmFreeMemory0
+    - FwpsAcquireWritableLayerDataPointer0
+    - FwpsApplyModifiedLayerData0
+    - FwpsInjectNetworkReceiveAsync0
+    - FwpsFreeCloneNetBufferList0
+    - FwpsInjectionHandleDestroy0
+    - FwpsConstructIpHeaderForTransportPacket0
+    - FwpsAllocateNetBufferAndNetBufferList0
+    - FwpsInjectionHandleCreate0
+    - FwpsInjectTransportReceiveAsync0
+    - FwpsInjectNetworkSendAsync0
+    - FwpsCopyStreamDataToBuffer0
+    - FwpsInjectTransportSendAsync0
+    - FwpsFlowRemoveContext0
+    - FwpsCloneStreamData0
+    - FwpsCompleteClassify0
+    - FwpsStreamInjectAsync0
+    - FwpsReleaseClassifyHandle0
+    - FwpsDiscardClonedStreamData0
+    - FwpsFreeNetBufferList0
+    - FwpmBfeStateUnsubscribeChanges0
+    - FwpmBfeStateGet0
+    - FwpmBfeStateSubscribeChanges0
+    - NdisAllocateGenericObject
+    - NdisWaitEvent
+    - NdisAllocateNetBufferListPool
+    - NdisInitializeEvent
+    - NdisFreeGenericObject
+    - NdisFreeNetBufferListPool
+    - NdisGetDataBuffer
+    - NdisRetreatNetBufferDataStart
+    - NdisAdvanceNetBufferDataStart
+    Imports:
+    - ntoskrnl.exe
+    - fwpkclnt.sys
+    - NDIS.SYS
+    InternalName: netfilter2.sys
+    MD5: dc83a482d5900f19c0b92b9d183449ed
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: netfilter2.sys
+    PDBPath: ''
+    Product: Windows (R) Win 7 DDK driver
+    ProductVersion: 6.1.7600.16385
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 5f9eb581b0ce6f9d2b5f1f5a9771af50
+        SHA1: cb1828152e4668b5e033ee126a52df4f76700b2a
+        SHA256: e9bd3b71a475097efee5f9196d05a582abc2323affe47c2c9cf9bf933004e22f
+    SHA1: d219edc08fb789817c264b164f3034543b6a2e08
+    SHA256: 5c54a5cd3386ac14725a07962562e9fdcefbb7be0d19803f9d71de24573de1e3
+    Sections:
+        .text:
+            Entropy: 6.2545679166711565
+            Virtual Size: '0xd64e'
+        .rdata:
+            Entropy: 5.490124607621635
+            Virtual Size: '0xbd4'
+        .data:
+            Entropy: 1.921663371680462
+            Virtual Size: '0x1718'
+        .pdata:
+            Entropy: 4.529523254969204
+            Virtual Size: '0x6d8'
+        INIT:
+            Entropy: 5.309837255433513
+            Virtual Size: '0xe96'
+        .rsrc:
+            Entropy: 3.410095048874038
+            Virtual Size: '0x3e0'
+        .reloc:
+            Entropy: 3.9064526149567356
+            Virtual Size: '0x1fe'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: ??=CN, ??=, ??=, ??=Private Organization, serialNumber=91330701MA28DMHT4Y,
+                C=CN, ST=, L=, O=, CN=
+            ValidFrom: '2019-03-22 00:00:00'
+            ValidTo: '2021-03-25 12:00:00'
+            Signature: 5e1cb6b58ffb591e3a704dc59756f1ecc243200154b08df383197a63b507099accf1fb5302f3868ccebd3057fbab16d7a9bdcf143a9502d3489e7f673d0fd81c4feb5f98561f7c0971d93ed826da97dbd0622d55a14be6cffd7c18b7668fb800afba5c12037b1d673409daf19e06dc378ff0da81facc1c3d85f5f740a83a01c1ab827c9fe78ef252f1e8f0d91eb9d231f88f155d5571ca01bc222a1e6efedd466d2fab104e7eb1d390df00fc22e006ff9d5291b720faa6b907f8e5440b2f6b3284fc4e91c9c16a2ab3ccc977f147709117e1d97824663e55602037259f03488ce6f6ab82476b2ff21df0351d53690bb404bff4c78f419ab59b10e97751c5442d
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0af5efac8e1cb5bb290394d315079dbe
+            Version: 3
+            TBS:
+                MD5: 11e15766710ca8d294dcaf75cdc481c7
+                SHA1: d4fbc4f59e8ac285a2a1cdde885eab8ec7c073f2
+                SHA256: 8235db8c900fcefb648b477bd93a19628b36ff95f3c53237eeae5d3dc6edb450
+                SHA384: c4cfee6d8a6b56e5bba6101fe888f15aa529ddac3176c45cd413cf427447a3fe15c3eaa1b61c91b740519edd61d51d60
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA
+            ValidFrom: '2012-04-18 12:00:00'
+            ValidTo: '2027-04-18 12:00:00'
+            Signature: 9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0dd0e3374ac95bdbfa6b434b2a48ec06
+            Version: 3
+            TBS:
+                MD5: f92649915476229b093c211c2b18e6c4
+                SHA1: 2d54c16a8f8b69ccdea48d0603c132f547a5cf75
+                SHA256: 2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
+                SHA384: 511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 0af5efac8e1cb5bb290394d315079dbe
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA
+            Version: 1
+    Imphash: 578e11377270c1acacba47b17ef7b169
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 6d4517e6348130fe55f11bfd630d857f
+        SHA1: 60a632e4b838731aad553650d6bc8af3d3d80b26
+        SHA256: 8168304169a2453c0c3e0a285c2a07d3b3b83433e0342f6b33400c371af86221
+    Company: Windows (R) Win 7 DDK provider
+    Copyright: "Copyright \xA9 NetFilterSDK.com"
+    CreationTimestamp: '2020-09-15 00:54:17'
+    Date: ''
+    Description: NetFilter SDK WFP Driver (WPP)
+    ExportedFunctions: ''
+    FileVersion: '1.5.9.7 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - memcpy
+    - RtlValidSid
+    - IoFreeMdl
+    - RtlUnwind
+    - KeBugCheckEx
+    - RtlCompareMemory
+    - KeTickCount
+    - _allmul
+    - _aulldiv
+    - KeQuerySystemTime
+    - ExUuidCreate
+    - swprintf_s
+    - KeInitializeEvent
+    - PsCreateSystemThread
+    - ZwSetInformationThread
+    - ObReferenceObjectByHandle
+    - RtlAppendUnicodeToString
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - PsTerminateSystemThread
+    - MmGetSystemRoutineAddress
+    - PsLookupProcessByProcessId
+    - IoAllocateMdl
+    - MmBuildMdlForNonPagedPool
+    - IoReleaseCancelSpinLock
+    - PsGetCurrentProcessId
+    - IofCompleteRequest
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - KeWaitForSingleObject
+    - ObfDereferenceObject
+    - MmAllocatePagesForMdl
+    - MmMapLockedPagesSpecifyCache
+    - MmFreePagesFromMdl
+    - MmUnmapLockedPages
+    - KeSetEvent
+    - ObOpenObjectByPointer
+    - RtlLengthSid
+    - SeExports
+    - RtlCreateAcl
+    - RtlAddAccessAllowedAce
+    - RtlCreateSecurityDescriptor
+    - RtlSetDaclSecurityDescriptor
+    - ZwSetSecurityObject
+    - ZwQueryValueKey
+    - ExDeleteNPagedLookasideList
+    - ExInitializeNPagedLookasideList
+    - InterlockedPushEntrySList
+    - InterlockedPopEntrySList
+    - _aullrem
+    - ExFreePoolWithTag
+    - memset
+    - ExAllocatePoolWithTag
+    - RtlInitUnicodeString
+    - ZwOpenKey
+    - ZwClose
+    - KeReleaseInStackQueuedSpinLock
+    - KeGetCurrentIrql
+    - KeAcquireInStackQueuedSpinLock
+    - FwpsStreamInjectAsync0
+    - FwpmEngineOpen0
+    - FwpmProviderAdd0
+    - FwpmSubLayerDeleteByKey0
+    - FwpmProviderContextDeleteByKey0
+    - FwpsAcquireClassifyHandle0
+    - FwpsQueryPacketInjectionState0
+    - FwpsFlowAssociateContext0
+    - FwpmSubLayerAdd0
+    - FwpmSubLayerCreateEnumHandle0
+    - FwpmFreeMemory0
+    - FwpmSubLayerEnum0
+    - FwpmSubLayerDestroyEnumHandle0
+    - FwpmCalloutAdd0
+    - FwpmFilterAdd0
+    - FwpmTransactionBegin0
+    - FwpmEngineClose0
+    - FwpmTransactionCommit0
+    - FwpmTransactionAbort0
+    - FwpsCalloutRegister1
+    - FwpsCalloutUnregisterByKey0
+    - FwpsPendClassify0
+    - FwpsInjectionHandleCreate0
+    - FwpsCopyStreamDataToBuffer0
+    - FwpsInjectNetworkReceiveAsync0
+    - FwpsAcquireWritableLayerDataPointer0
+    - FwpsApplyModifiedLayerData0
+    - FwpsAllocateNetBufferAndNetBufferList0
+    - FwpsInjectTransportSendAsync0
+    - FwpsConstructIpHeaderForTransportPacket0
+    - FwpsInjectNetworkSendAsync0
+    - FwpsInjectTransportReceiveAsync0
+    - FwpsFreeCloneNetBufferList0
+    - FwpsInjectionHandleDestroy0
+    - FwpsFlowRemoveContext0
+    - FwpsCloneStreamData0
+    - FwpsCompleteClassify0
+    - FwpsReleaseClassifyHandle0
+    - FwpsDiscardClonedStreamData0
+    - FwpsFreeNetBufferList0
+    - FwpmBfeStateGet0
+    - FwpmBfeStateSubscribeChanges0
+    - FwpmBfeStateUnsubscribeChanges0
+    - NdisFreeGenericObject
+    - NdisInitializeEvent
+    - NdisFreeNetBufferListPool
+    - NdisGetDataBuffer
+    - NdisAdvanceNetBufferDataStart
+    - NdisRetreatNetBufferDataStart
+    - NdisAllocateNetBufferListPool
+    - NdisAllocateGenericObject
+    - NdisWaitEvent
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    - fwpkclnt.sys
+    - NDIS.SYS
+    InternalName: netfilter2.sys
+    MD5: 1b54c047e17f0319a6202b579a850c54
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: netfilter2.sys
+    PDBPath: ''
+    Product: Windows (R) Win 7 DDK driver
+    ProductVersion: 6.1.7600.16385
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 4c93d23c41f384b75bda01c7ace495d8
+        SHA1: 28695a10b02de9e1ce2d2b70c463f5d3bbaeaf4c
+        SHA256: 4049be109d3e76b72f97f3faab4a4456933bce7ec4593342fd7046ca2bae226e
+    SHA1: d1178492ba5e23927141fa49edb9aa29640f20f8
+    SHA256: 8017e618b5a7aa608cc4bce16e4defd6b4e99138c4ba1bdd6ad78e39f035cf59
+    Sections:
+        .text:
+            Entropy: 6.467856349257126
+            Virtual Size: '0xb6d0'
+        .rdata:
+            Entropy: 4.408465659438351
+            Virtual Size: '0x8e0'
+        .data:
+            Entropy: 3.1025085790331026
+            Virtual Size: '0xfa4'
+        INIT:
+            Entropy: 5.518016943716045
+            Virtual Size: '0xd34'
+        .rsrc:
+            Entropy: 3.4014320333561083
+            Virtual Size: '0x3e0'
+        .reloc:
+            Entropy: 6.603171661071898
+            Virtual Size: '0xce2'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=FR, L=Paris, O=Orange, OU=Nordnet, CN=Orange
+            ValidFrom: '2020-02-06 00:00:00'
+            ValidTo: '2021-02-06 23:59:59'
+            Signature: 69bcb684fce97d7337f96fc6fe53b0ea3583530177b86a8e2986a25d33f46573718cd139b90876b9ed26317dcbf2d305846428eef0886a0e824a5351b9ae4f53b40ca53331e027951ad1808cbfd74c8376455c69ed4d0087339d3d42c3111d958795c33007f0b0a71ab19e720b5a47e01474041e4fd44845d5970d51b2163299b22b092c5bc35bfa3f11c357ca0d5fcd5359d02e8dc44f89a5720383accd5eb0c206e222ddae0f3840043da2432c644e29a4daeb3d8478adda02ee49e677e3327aecf41ecfef68a311c976b0f2b1e96101d8a332c02df2f34a954f4542bfc8ef3dbe237e731fd501b7097ae5692f5b0cc33cce4e84874d2d37deaa324d5ec72e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 34b2bc04e9d297465f2e52b3afe91006
+            Version: 3
+            TBS:
+                MD5: aa18d17697a27f7af6deb97095af2a2c
+                SHA1: d00a8a47f4879d72d0c724fe76c98c509406169f
+                SHA256: b17c8db0c54e42683d417a0908ba35d55ee44ad152024e2b178aa2a903cc385b
+                SHA384: d4e0e12db6aa39025b4226ad9520b9856481789b2491e4f70398a4e0b0137084b8a73e42046cb81ebffdda16264f3510
+        -   Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 SHA256 Code Signing CA
+            ValidFrom: '2013-12-10 00:00:00'
+            ValidTo: '2023-12-09 23:59:59'
+            Signature: 13851a1e69a937f7a0bda4af7e1d6153fe9d8c5e0ca6751e781723ddfdec1a035539fb7195c7655aa78e30d2445a61db706fda2105c22e73ba49f1d193fe5dc9cd5e03e0899e3f741ed7f7388ba9d6cfbb352f3358a89256d1c84d3b82e6798416fc28b0b147f31da23eee87d9a67fa456a53fad842e29de7cbca8aaa33d0401eaba93a20e502229174c87e43a115fd6a425899b056b2fb4c9014c277b0bac190522a060153fdac9fb4d4c8ffb726777fd2794c7ba350e8849fe8dfd28af4a12bd0db39705de440c15fa362b03dcc15001f1a1115d14e5e2bd274b54be2b845e0fa6c374050aef97c38922b11f77f3bdcd43d4f14ca93fb58b84af64f2d01421
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 3d78d7f9764960b2617df4f01eca862a
+            Version: 3
+            TBS:
+                MD5: 1f056ff7d5f874984dc605402b7cb042
+                SHA1: bdb348353a2203deb4b767914fa1bd7248dd728b
+                SHA256: a08e79c386083d875014c409c13d144e0a24386132980df11ff59737c8489eb1
+                SHA384: fa2729064b49e0d77540c1ee95d5f74acaf8eaf55197851a3a40383335f8113e51190bc48b552196edf8ac5cf0c89278
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        Signer:
+        -   SerialNumber: 34b2bc04e9d297465f2e52b3afe91006
+            Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 SHA256 Code Signing CA
+            Version: 1
+    Imphash: fc1af6fcd96ae15019c6cbe9015709d3
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 0d76526227d593a8967ed866b5991e10
+        SHA1: 3ae56ab63230d6d9552360845b4a37b5801cc5ea
+        SHA256: e9b433a33dc72eb2622947b41f01d04a48cd71beac775a88f3f1e4c838090ee8
+    Company: Windows (R) Win 7 DDK provider
+    Copyright: "Copyright \xA9 NetFilterSDK.com"
+    CreationTimestamp: '2020-09-15 00:54:19'
+    Date: ''
+    Description: NetFilter SDK WFP Driver (WPP)
+    ExportedFunctions: ''
+    FileVersion: '1.5.9.7 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - KeBugCheckEx
+    - ExUuidCreate
+    - swprintf_s
+    - RtlCreateSecurityDescriptor
+    - RtlLengthSid
+    - IoAllocateMdl
+    - ObOpenObjectByPointer
+    - IoReleaseCancelSpinLock
+    - IoCreateDevice
+    - MmFreePagesFromMdl
+    - ObfDereferenceObject
+    - PsGetCurrentProcessId
+    - IoCreateSymbolicLink
+    - SeExports
+    - ZwSetSecurityObject
+    - KeWaitForSingleObject
+    - ObReferenceObjectByHandle
+    - ZwSetInformationThread
+    - IofCompleteRequest
+    - PsTerminateSystemThread
+    - ZwQueryValueKey
+    - MmMapLockedPagesSpecifyCache
+    - PsCreateSystemThread
+    - RtlAddAccessAllowedAce
+    - MmBuildMdlForNonPagedPool
+    - MmAllocatePagesForMdl
+    - KeInitializeEvent
+    - RtlAppendUnicodeToString
+    - MmGetSystemRoutineAddress
+    - KeSetEvent
+    - IoDeleteDevice
+    - RtlSetDaclSecurityDescriptor
+    - PsLookupProcessByProcessId
+    - RtlCreateAcl
+    - IoDeleteSymbolicLink
+    - MmUnmapLockedPages
+    - RtlCompareMemory
+    - RtlValidSid
+    - ExDeleteNPagedLookasideList
+    - ExQueryDepthSList
+    - IoFreeMdl
+    - ExpInterlockedPopEntrySList
+    - KeAcquireInStackQueuedSpinLock
+    - ExpInterlockedPushEntrySList
+    - KeReleaseInStackQueuedSpinLock
+    - ExInitializeNPagedLookasideList
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - ZwOpenKey
+    - ZwClose
+    - RtlInitUnicodeString
+    - __C_specific_handler
+    - FwpsFlowAssociateContext0
+    - FwpsCalloutUnregisterByKey0
+    - FwpmSubLayerAdd0
+    - FwpsQueryPacketInjectionState0
+    - FwpmSubLayerDeleteByKey0
+    - FwpmSubLayerEnum0
+    - FwpmTransactionCommit0
+    - FwpmSubLayerCreateEnumHandle0
+    - FwpmSubLayerDestroyEnumHandle0
+    - FwpmProviderContextDeleteByKey0
+    - FwpmCalloutAdd0
+    - FwpmProviderAdd0
+    - FwpmTransactionAbort0
+    - FwpmEngineOpen0
+    - FwpsAcquireClassifyHandle0
+    - FwpmFilterAdd0
+    - FwpsPendClassify0
+    - FwpsCalloutRegister1
+    - FwpmTransactionBegin0
+    - FwpmEngineClose0
+    - FwpmFreeMemory0
+    - FwpsAcquireWritableLayerDataPointer0
+    - FwpsApplyModifiedLayerData0
+    - FwpsInjectNetworkReceiveAsync0
+    - FwpsFreeCloneNetBufferList0
+    - FwpsInjectionHandleDestroy0
+    - FwpsConstructIpHeaderForTransportPacket0
+    - FwpsAllocateNetBufferAndNetBufferList0
+    - FwpsInjectionHandleCreate0
+    - FwpsInjectTransportReceiveAsync0
+    - FwpsInjectNetworkSendAsync0
+    - FwpsCopyStreamDataToBuffer0
+    - FwpsInjectTransportSendAsync0
+    - FwpsFlowRemoveContext0
+    - FwpsCloneStreamData0
+    - FwpsCompleteClassify0
+    - FwpsStreamInjectAsync0
+    - FwpsReleaseClassifyHandle0
+    - FwpsDiscardClonedStreamData0
+    - FwpsFreeNetBufferList0
+    - FwpmBfeStateUnsubscribeChanges0
+    - FwpmBfeStateGet0
+    - FwpmBfeStateSubscribeChanges0
+    - NdisAllocateGenericObject
+    - NdisWaitEvent
+    - NdisAllocateNetBufferListPool
+    - NdisInitializeEvent
+    - NdisFreeGenericObject
+    - NdisFreeNetBufferListPool
+    - NdisGetDataBuffer
+    - NdisRetreatNetBufferDataStart
+    - NdisAdvanceNetBufferDataStart
+    Imports:
+    - ntoskrnl.exe
+    - fwpkclnt.sys
+    - NDIS.SYS
+    InternalName: netfilter2.sys
+    MD5: 14acd57bd9fa8093c46fdd5e9f271b70
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: netfilter2.sys
+    PDBPath: ''
+    Product: Windows (R) Win 7 DDK driver
+    ProductVersion: 6.1.7600.16385
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 5f9eb581b0ce6f9d2b5f1f5a9771af50
+        SHA1: cb1828152e4668b5e033ee126a52df4f76700b2a
+        SHA256: e9bd3b71a475097efee5f9196d05a582abc2323affe47c2c9cf9bf933004e22f
+    SHA1: b0cb07e84261626a384e74020735be0cace7a3bd
+    SHA256: 639ff79f13e40d47b90ecd709699edd10e740cb41451acb95590a68b6352de2b
+    Sections:
+        .text:
+            Entropy: 6.2545679166711565
+            Virtual Size: '0xd64e'
+        .rdata:
+            Entropy: 5.490124607621635
+            Virtual Size: '0xbd4'
+        .data:
+            Entropy: 1.921663371680462
+            Virtual Size: '0x1718'
+        .pdata:
+            Entropy: 4.529523254969204
+            Virtual Size: '0x6d8'
+        INIT:
+            Entropy: 5.309837255433513
+            Virtual Size: '0xe96'
+        .rsrc:
+            Entropy: 3.410095048874038
+            Virtual Size: '0x3e0'
+        .reloc:
+            Entropy: 3.9064526149567356
+            Virtual Size: '0x1fe'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=FR, L=Paris, O=Orange, OU=Nordnet, CN=Orange
+            ValidFrom: '2020-02-06 00:00:00'
+            ValidTo: '2021-02-06 23:59:59'
+            Signature: 69bcb684fce97d7337f96fc6fe53b0ea3583530177b86a8e2986a25d33f46573718cd139b90876b9ed26317dcbf2d305846428eef0886a0e824a5351b9ae4f53b40ca53331e027951ad1808cbfd74c8376455c69ed4d0087339d3d42c3111d958795c33007f0b0a71ab19e720b5a47e01474041e4fd44845d5970d51b2163299b22b092c5bc35bfa3f11c357ca0d5fcd5359d02e8dc44f89a5720383accd5eb0c206e222ddae0f3840043da2432c644e29a4daeb3d8478adda02ee49e677e3327aecf41ecfef68a311c976b0f2b1e96101d8a332c02df2f34a954f4542bfc8ef3dbe237e731fd501b7097ae5692f5b0cc33cce4e84874d2d37deaa324d5ec72e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 34b2bc04e9d297465f2e52b3afe91006
+            Version: 3
+            TBS:
+                MD5: aa18d17697a27f7af6deb97095af2a2c
+                SHA1: d00a8a47f4879d72d0c724fe76c98c509406169f
+                SHA256: b17c8db0c54e42683d417a0908ba35d55ee44ad152024e2b178aa2a903cc385b
+                SHA384: d4e0e12db6aa39025b4226ad9520b9856481789b2491e4f70398a4e0b0137084b8a73e42046cb81ebffdda16264f3510
+        -   Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 SHA256 Code Signing CA
+            ValidFrom: '2013-12-10 00:00:00'
+            ValidTo: '2023-12-09 23:59:59'
+            Signature: 13851a1e69a937f7a0bda4af7e1d6153fe9d8c5e0ca6751e781723ddfdec1a035539fb7195c7655aa78e30d2445a61db706fda2105c22e73ba49f1d193fe5dc9cd5e03e0899e3f741ed7f7388ba9d6cfbb352f3358a89256d1c84d3b82e6798416fc28b0b147f31da23eee87d9a67fa456a53fad842e29de7cbca8aaa33d0401eaba93a20e502229174c87e43a115fd6a425899b056b2fb4c9014c277b0bac190522a060153fdac9fb4d4c8ffb726777fd2794c7ba350e8849fe8dfd28af4a12bd0db39705de440c15fa362b03dcc15001f1a1115d14e5e2bd274b54be2b845e0fa6c374050aef97c38922b11f77f3bdcd43d4f14ca93fb58b84af64f2d01421
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 3d78d7f9764960b2617df4f01eca862a
+            Version: 3
+            TBS:
+                MD5: 1f056ff7d5f874984dc605402b7cb042
+                SHA1: bdb348353a2203deb4b767914fa1bd7248dd728b
+                SHA256: a08e79c386083d875014c409c13d144e0a24386132980df11ff59737c8489eb1
+                SHA384: fa2729064b49e0d77540c1ee95d5f74acaf8eaf55197851a3a40383335f8113e51190bc48b552196edf8ac5cf0c89278
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        Signer:
+        -   SerialNumber: 34b2bc04e9d297465f2e52b3afe91006
+            Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 SHA256 Code Signing CA
+            Version: 1
+    Imphash: 578e11377270c1acacba47b17ef7b169
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 3361957860d2b65c0368778ca088946f
+        SHA1: 6a784d45517142c11d5cca3ff9956b2ed6eaf4c9
+        SHA256: e94e8a87459db56837d1c58f9854794aa99f36566a9ded9b398be9d4d3a2c2af
+    Company: Windows (R) Win 7 DDK provider
+    Copyright: "Copyright \xA9 NetFilterSDK.com"
+    CreationTimestamp: '2020-09-15 00:54:41'
+    Date: ''
+    Description: NetFilter SDK WFP Driver (WPP)
+    ExportedFunctions: ''
+    FileVersion: 1.5.9.7
+    Filename: ''
+    ImportedFunctions:
+    - FwpmFreeMemory0
+    - FwpmEngineOpen0
+    - FwpmEngineClose0
+    - FwpmTransactionBegin0
+    - FwpmTransactionCommit0
+    - FwpmTransactionAbort0
+    - FwpmProviderAdd0
+    - FwpmProviderContextDeleteByKey0
+    - FwpmSubLayerAdd0
+    - FwpmSubLayerDeleteByKey0
+    - FwpmSubLayerCreateEnumHandle0
+    - FwpmSubLayerEnum0
+    - FwpmSubLayerDestroyEnumHandle0
+    - FwpmCalloutAdd0
+    - FwpmFilterAdd0
+    - FwpsFlowAbort0
+    - FwpsInjectionHandleCreate0
+    - FwpsInjectionHandleDestroy0
+    - FwpsRedirectHandleCreate0
+    - FwpsFreeNetBufferList0
+    - FwpsFreeCloneNetBufferList0
+    - FwpsInjectNetworkSendAsync0
+    - FwpsConstructIpHeaderForTransportPacket0
+    - FwpsInjectTransportSendAsync0
+    - FwpsInjectTransportReceiveAsync0
+    - FwpsInjectNetworkReceiveAsync0
+    - FwpsStreamInjectAsync0
+    - FwpsCopyStreamDataToBuffer0
+    - FwpmBfeStateGet0
+    - FwpmBfeStateSubscribeChanges0
+    - FwpmBfeStateUnsubscribeChanges0
+    - FwpsFlowRemoveContext0
+    - FwpsCompleteClassify0
+    - FwpsRedirectHandleDestroy0
+    - FwpsCloneStreamData0
+    - FwpsDiscardClonedStreamData0
+    - FwpsQueryPacketInjectionState0
+    - FwpsApplyModifiedLayerData0
+    - FwpsAcquireWritableLayerDataPointer0
+    - FwpsReleaseClassifyHandle0
+    - FwpsAcquireClassifyHandle0
+    - FwpsFlowAssociateContext0
+    - FwpsCalloutUnregisterByKey0
+    - FwpsCalloutRegister1
+    - FwpsPendClassify0
+    - FwpsAllocateNetBufferAndNetBufferList0
+    - NdisFreeNetBufferListPool
+    - NdisAllocateNetBufferListPool
+    - NdisWaitEvent
+    - NdisInitializeEvent
+    - NdisFreeGenericObject
+    - NdisAllocateGenericObject
+    - NdisGetDataBuffer
+    - NdisAdvanceNetBufferDataStart
+    - NdisRetreatNetBufferDataStart
+    - KeAcquireInStackQueuedSpinLock
+    - KeReleaseInStackQueuedSpinLock
+    - ExAllocatePoolWithTag
+    - ExUuidCreate
+    - swprintf_s
+    - RtlInitUnicodeString
+    - MmGetSystemRoutineAddress
+    - RtlAppendUnicodeToString
+    - RtlCreateSecurityDescriptor
+    - RtlSetDaclSecurityDescriptor
+    - KeInitializeEvent
+    - KeSetEvent
+    - KeWaitForSingleObject
+    - KeInitializeSpinLock
+    - ExFreePoolWithTag
+    - ExQueryDepthSList
+    - ExpInterlockedPopEntrySList
+    - ExpInterlockedPushEntrySList
+    - ExInitializeNPagedLookasideList
+    - ExDeleteNPagedLookasideList
+    - MmBuildMdlForNonPagedPool
+    - MmMapLockedPagesSpecifyCache
+    - MmUnmapLockedPages
+    - MmAllocatePagesForMdl
+    - MmFreePagesFromMdl
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - IoAllocateMdl
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - IoFreeMdl
+    - IoReleaseCancelSpinLock
+    - ObReferenceObjectByHandle
+    - ObfDereferenceObject
+    - ZwClose
+    - ZwOpenKey
+    - ZwQueryValueKey
+    - PsGetCurrentProcessId
+    - ZwSetInformationThread
+    - RtlLengthSid
+    - RtlCreateAcl
+    - RtlAddAccessAllowedAce
+    - PsLookupProcessByProcessId
+    - ObOpenObjectByPointer
+    - ZwSetSecurityObject
+    - __C_specific_handler
+    - SeExports
+    - RtlGetVersion
+    - RtlCompareMemory
+    - RtlValidSid
+    Imports:
+    - fwpkclnt.sys
+    - NDIS.SYS
+    - ntoskrnl.exe
+    InternalName: netfilter2.sys
+    MD5: 303d0cc0864955eb20fe820104713d5f
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: netfilter2.sys
+    PDBPath: ''
+    Product: Windows (R) Win 7 DDK driver
+    ProductVersion: 6.2.9200.20557
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: c646eed94ec9e75c1a5498d3642cdab3
+        SHA1: 0d0761641e424cc895ba76723784427fcf297f4a
+        SHA256: 7cecb42d3d4ae8649f3b4714fbab29c4cef8e24a48b0eea2537824fc40f4ea7f
+    SHA1: 22314679389c9db6e7e99ca991a597055100f50b
+    SHA256: 9dbc2a37f53507296cc912e7d354dab4e55541ba821561aa84f74d1bd8346be2
+    Sections:
+        .text:
+            Entropy: 6.150053710509848
+            Virtual Size: '0x1019a'
+        .rdata:
+            Entropy: 4.871173021345663
+            Virtual Size: '0x1ddc'
+        .data:
+            Entropy: 2.2005364202433433
+            Virtual Size: '0x18c0'
+        .pdata:
+            Entropy: 5.031237899973202
+            Virtual Size: '0xe40'
+        INIT:
+            Entropy: 5.179921200293236
+            Virtual Size: '0xeca'
+        .rsrc:
+            Entropy: 3.5922103150308553
+            Virtual Size: '0x448'
+        .reloc:
+            Entropy: 3.7790472033993128
+            Virtual Size: '0x228'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: ??=RU, ??=Private Organization, serialNumber=1157746204230, C=RU,
+                L=, O=LLC SOLAR SECURITY, CN=LLC SOLAR SECURITY
+            ValidFrom: '2020-06-03 00:00:00'
+            ValidTo: '2021-06-08 12:00:00'
+            Signature: 6fd8c320ccdfbea394ffe3e5a536d22b119b04398171c2e7c31feaa4df598a48fb61e28462a7b1fb7215b4ec83da74c6594e9aaa87f0933e4d365a1e1eddfbac8da585d070cffc63a6d55ae305a70993206f0280515ebea65d7070138d18f0b6a6c617f10f5e575f86279b77e96b3971a2cae4609014310fe3678ee0c54f12eef32d98966d71a1b79f7cd2d6fc3204bddf04cce38750e7e59d0211ef331e77c88063a708457a651f960ba41356fc23b9c330f2c3b7a493a4f2a17bc5c6690e93a5e5f6884c7dba0b585d045ca6eb12075a8585ebf12c6a65fa69ab85a60695d53e3ef609090eebe61f30fa9f28db665da62915d82ccb07c68e628e1fe2c0499e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 02ddad01eba5f46cb2deb0f7d2acd0f7
+            Version: 3
+            TBS:
+                MD5: cd2b0d085a3d343b08650dca77f6d61a
+                SHA1: 003e7627100a520659381210817e3cc34ffa5787
+                SHA256: bde895ed82cf5ec3a4e10ade85e43a41f5cfb21683c065fe546e83d4c33aa3f1
+                SHA384: b8a6e2febb0674e9ce3ae563d445f9e23872eb2a0a6b3d65ea2f93668fc4a514ffbdda6d7bce7e07cbe8152deebc060d
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA (SHA2)
+            ValidFrom: '2012-04-18 12:00:00'
+            ValidTo: '2027-04-18 12:00:00'
+            Signature: 19334a0c813337dbad36c9e4c93abbb51b2e7aa2e2f44342179ebf4ea14de1b1dbe981dd9f01f2e488d5e9fe09fd21c1ec5d80d2f0d6c143c2fe772bdbf9d79133ce6cd5b2193be62ed6c9934f88408ecde1f57ef10fc6595672e8eb6a41bd1cd546d57c49ca663815c1bfe091707787dcc98d31c90c29a233ed8de287cd898d3f1bffd5e01a978b7cda6dfba8c6b23a666b7b01b3cdd8a634ec1201ab9558a5c45357a860e6e70212a0b92364a24dbb7c81256421becfee42184397bba53706af4dff26a54d614bec4641b865ceb8799e08960b818c8a3b8fc7998ca32a6e986d5e61c696b78ab9612d93b8eb0e0443d7f5fea6f062d4996aa5c1c1f0649480
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 03f1b4e15f3a82f1149678b3d7d8475c
+            Version: 3
+            TBS:
+                MD5: 83f5de89f641d0fbf60248e10a7b9534
+                SHA1: 382a73a059a08698d6eb98c87e1b36fc750933a4
+                SHA256: eec58131dc11cd7f512501b15fdbc6074c603b68ca91f7162d5a042054edb0cf
+                SHA384: 4a25018683cabfb8ec2cad136334f37f33c89aa8540326322991d997c8adfb7faf06ab602ebd46630fe75fe3d2edc6b1
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 02ddad01eba5f46cb2deb0f7d2acd0f7
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA (SHA2)
+            Version: 1
+    Imphash: c3658b106f146a18ba9b6e5c7bacfe9b
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: b42afd5a5225094c7943185e769bc995
+        SHA1: 22c5e127e7e7c567d8624607a6f8f5809deacb55
+        SHA256: de6bf572d39e2611773e7a01f0388f84fb25da6cba2f1f8b9b36ffba467de6fa
+    Company: "\u5B8F\u56FE\u65E0\u5FE7"
+    Copyright: "Copyright \xA9 wyjsq.com"
+    CreationTimestamp: '2019-06-10 08:45:52'
+    Date: ''
+    Description: WYJSQ TDI Hook Driver (WPP)
+    ExportedFunctions: ''
+    FileVersion: '1.4.9.5 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - IoDeleteSymbolicLink
+    - IofCompleteRequest
+    - ZwClose
+    - ObfDereferenceObject
+    - ObOpenObjectByPointer
+    - PsLookupProcessByProcessId
+    - MmGetSystemRoutineAddress
+    - RtlInitUnicodeString
+    - IoDetachDevice
+    - IofCallDriver
+    - IoFreeMdl
+    - memcpy
+    - MmBuildMdlForNonPagedPool
+    - IoBuildDeviceIoControlRequest
+    - IoAllocateMdl
+    - RtlDowncaseUnicodeString
+    - PsGetCurrentProcessId
+    - KeWaitForSingleObject
+    - KeInitializeEvent
+    - KeInsertQueueDpc
+    - IoReleaseCancelSpinLock
+    - ObReferenceObjectByHandle
+    - IoDeleteDevice
+    - MmMapLockedPagesSpecifyCache
+    - IoAllocateIrp
+    - KeInitializeTimer
+    - KeInitializeDpc
+    - RtlAppendUnicodeToString
+    - IoAttachDeviceToDeviceStack
+    - IoGetDeviceObjectPointer
+    - ObfReferenceObject
+    - KeSetTimer
+    - MmFreePagesFromMdl
+    - MmUnmapLockedPages
+    - MmAllocatePagesForMdl
+    - ZwQueryValueKey
+    - ZwOpenKey
+    - ZwSetSecurityObject
+    - RtlSetDaclSecurityDescriptor
+    - RtlCreateSecurityDescriptor
+    - RtlAddAccessAllowedAce
+    - RtlCreateAcl
+    - RtlLengthSid
+    - SeExports
+    - KeTickCount
+    - KeBugCheckEx
+    - _aullrem
+    - ExFreePoolWithTag
+    - memset
+    - IoFreeIrp
+    - ExAllocatePoolWithTag
+    - RtlUnwind
+    - KfAcquireSpinLock
+    - KfReleaseSpinLock
+    - TdiMapUserRequest
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    - TDI.SYS
+    InternalName: netfilter2.sys
+    MD5: 173779a1a53b6ac06dcf045bc78eed62
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: netfilter2.sys
+    PDBPath: ''
+    Product: "\u65E0\u5FE7\u52A0\u901F\u5668"
+    ProductVersion: 1.5.8.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: ea1a25e78d69ef318ef4d2fbfd420541
+        SHA1: 1f795bc5eaecf5ee96f77ae703426b5f65e0d895
+        SHA256: 1c10422043879162a1e9a246a3125f545a119afc8c25fd6822f48509ee2a02c0
+    SHA1: c46e469d45ecc08a5b13a6d9d9b7f9c5a9fae008
+    SHA256: 26d67d479dafe6b33c980bd1eed0b6d749f43d05d001c5dcaaf5fcddb9b899fe
+    Sections:
+        .text:
+            Entropy: 6.296843927579521
+            Virtual Size: '0xb482'
+        .rdata:
+            Entropy: 4.07360217642813
+            Virtual Size: '0x214'
+        .data:
+            Entropy: 0.021179877335710875
+            Virtual Size: '0x1458'
+        INIT:
+            Entropy: 5.460393228615208
+            Virtual Size: '0x64a'
+        .rsrc:
+            Entropy: 3.514358315657194
+            Virtual Size: '0x408'
+        .reloc:
+            Entropy: 6.490758317321038
+            Virtual Size: '0xca2'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: C=CN, ST=, L=, O=, CN=
+            ValidFrom: '2019-06-27 00:00:00'
+            ValidTo: '2020-06-30 12:00:00'
+            Signature: 03dde89129103227d1e3b60f8112561b8b40ba165d1c9d6867aa730429a5534bb8fd6f9883704c5d2ddc938bbb8477a37ea3e01ecc696079a283e4d2534ca96b5049034c454324abf188ab6536ba0ee6e6f1f194a23363d9198eb829cf68834cd952074413bd9711e39037d0ecdba6ec2c7e2c7b46946c4ebea4ee1b84b7cb6582826da8eeafc5d1e9daf8f777480a7507017a6c485b25d94df9546c4ad4ebba85d79ce89422571b2e03557ba2b0396c4bacb5262e51cde8fe9c46d1f0e5e414757f53f5aded921c117f8c7bcf8caa4acc00b120c7a0a48ea84bd618e65c867d74367ab9f3285929c4f98e587f3620bb066906ffe450a911ded794c508f656a7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 09450b8f73ea43e39d2cdd56049dbe40
+            Version: 3
+            TBS:
+                MD5: bcfecc67375f580ac6eadd789860b1f8
+                SHA1: 3fa9cf13a1816a6e358bb1ca12e050662bc2e178
+                SHA256: fbb627aabbe2b2dbfdddfbad14392049b0d76f8d9679f3d550333b84b20320df
+                SHA384: d496c3920c3ab14a3c79e9bd41351912f045ea3b42ba9ec0cb0b1f778d1178174a831fe89848a8226957f2b6f079f01d
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
+            Version: 3
+            TBS:
+                MD5: 829995f702421dea833a24fb2c7f4442
+                SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
+                SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
+                SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 09450b8f73ea43e39d2cdd56049dbe40
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            Version: 1
+    Imphash: dc1fe38f597362ae167fd4212146aa60
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 6d4517e6348130fe55f11bfd630d857f
+        SHA1: 60a632e4b838731aad553650d6bc8af3d3d80b26
+        SHA256: 8168304169a2453c0c3e0a285c2a07d3b3b83433e0342f6b33400c371af86221
+    Company: Windows (R) Win 7 DDK provider
+    Copyright: "Copyright \xA9 NetFilterSDK.com"
+    CreationTimestamp: '2020-09-15 00:54:17'
+    Date: ''
+    Description: NetFilter SDK WFP Driver (WPP)
+    ExportedFunctions: ''
+    FileVersion: '1.5.9.7 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - memcpy
+    - RtlValidSid
+    - IoFreeMdl
+    - RtlUnwind
+    - KeBugCheckEx
+    - RtlCompareMemory
+    - KeTickCount
+    - _allmul
+    - _aulldiv
+    - KeQuerySystemTime
+    - ExUuidCreate
+    - swprintf_s
+    - KeInitializeEvent
+    - PsCreateSystemThread
+    - ZwSetInformationThread
+    - ObReferenceObjectByHandle
+    - RtlAppendUnicodeToString
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - PsTerminateSystemThread
+    - MmGetSystemRoutineAddress
+    - PsLookupProcessByProcessId
+    - IoAllocateMdl
+    - MmBuildMdlForNonPagedPool
+    - IoReleaseCancelSpinLock
+    - PsGetCurrentProcessId
+    - IofCompleteRequest
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - KeWaitForSingleObject
+    - ObfDereferenceObject
+    - MmAllocatePagesForMdl
+    - MmMapLockedPagesSpecifyCache
+    - MmFreePagesFromMdl
+    - MmUnmapLockedPages
+    - KeSetEvent
+    - ObOpenObjectByPointer
+    - RtlLengthSid
+    - SeExports
+    - RtlCreateAcl
+    - RtlAddAccessAllowedAce
+    - RtlCreateSecurityDescriptor
+    - RtlSetDaclSecurityDescriptor
+    - ZwSetSecurityObject
+    - ZwQueryValueKey
+    - ExDeleteNPagedLookasideList
+    - ExInitializeNPagedLookasideList
+    - InterlockedPushEntrySList
+    - InterlockedPopEntrySList
+    - _aullrem
+    - ExFreePoolWithTag
+    - memset
+    - ExAllocatePoolWithTag
+    - RtlInitUnicodeString
+    - ZwOpenKey
+    - ZwClose
+    - KeReleaseInStackQueuedSpinLock
+    - KeGetCurrentIrql
+    - KeAcquireInStackQueuedSpinLock
+    - FwpsStreamInjectAsync0
+    - FwpmEngineOpen0
+    - FwpmProviderAdd0
+    - FwpmSubLayerDeleteByKey0
+    - FwpmProviderContextDeleteByKey0
+    - FwpsAcquireClassifyHandle0
+    - FwpsQueryPacketInjectionState0
+    - FwpsFlowAssociateContext0
+    - FwpmSubLayerAdd0
+    - FwpmSubLayerCreateEnumHandle0
+    - FwpmFreeMemory0
+    - FwpmSubLayerEnum0
+    - FwpmSubLayerDestroyEnumHandle0
+    - FwpmCalloutAdd0
+    - FwpmFilterAdd0
+    - FwpmTransactionBegin0
+    - FwpmEngineClose0
+    - FwpmTransactionCommit0
+    - FwpmTransactionAbort0
+    - FwpsCalloutRegister1
+    - FwpsCalloutUnregisterByKey0
+    - FwpsPendClassify0
+    - FwpsInjectionHandleCreate0
+    - FwpsCopyStreamDataToBuffer0
+    - FwpsInjectNetworkReceiveAsync0
+    - FwpsAcquireWritableLayerDataPointer0
+    - FwpsApplyModifiedLayerData0
+    - FwpsAllocateNetBufferAndNetBufferList0
+    - FwpsInjectTransportSendAsync0
+    - FwpsConstructIpHeaderForTransportPacket0
+    - FwpsInjectNetworkSendAsync0
+    - FwpsInjectTransportReceiveAsync0
+    - FwpsFreeCloneNetBufferList0
+    - FwpsInjectionHandleDestroy0
+    - FwpsFlowRemoveContext0
+    - FwpsCloneStreamData0
+    - FwpsCompleteClassify0
+    - FwpsReleaseClassifyHandle0
+    - FwpsDiscardClonedStreamData0
+    - FwpsFreeNetBufferList0
+    - FwpmBfeStateGet0
+    - FwpmBfeStateSubscribeChanges0
+    - FwpmBfeStateUnsubscribeChanges0
+    - NdisFreeGenericObject
+    - NdisInitializeEvent
+    - NdisFreeNetBufferListPool
+    - NdisGetDataBuffer
+    - NdisAdvanceNetBufferDataStart
+    - NdisRetreatNetBufferDataStart
+    - NdisAllocateNetBufferListPool
+    - NdisAllocateGenericObject
+    - NdisWaitEvent
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    - fwpkclnt.sys
+    - NDIS.SYS
+    InternalName: netfilter2.sys
+    MD5: 15cfb6e9841d553926aace5114fa8475
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: netfilter2.sys
+    PDBPath: ''
+    Product: Windows (R) Win 7 DDK driver
+    ProductVersion: 6.1.7600.16385
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 4c93d23c41f384b75bda01c7ace495d8
+        SHA1: 28695a10b02de9e1ce2d2b70c463f5d3bbaeaf4c
+        SHA256: 4049be109d3e76b72f97f3faab4a4456933bce7ec4593342fd7046ca2bae226e
+    SHA1: 16211fd7b3dd8fd09181a7f4ed20e629e374c00b
+    SHA256: 6703400b490b35bcde6e41ce1640920251855e6d94171170ae7ea22cdd0938c0
+    Sections:
+        .text:
+            Entropy: 6.467856349257126
+            Virtual Size: '0xb6d0'
+        .rdata:
+            Entropy: 4.408465659438351
+            Virtual Size: '0x8e0'
+        .data:
+            Entropy: 3.1025085790331026
+            Virtual Size: '0xfa4'
+        INIT:
+            Entropy: 5.518016943716045
+            Virtual Size: '0xd34'
+        .rsrc:
+            Entropy: 3.4014320333561083
+            Virtual Size: '0x3e0'
+        .reloc:
+            Entropy: 6.603171661071898
+            Virtual Size: '0xce2'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: ??=CN, ??=, ??=, ??=Private Organization, serialNumber=91420100MA49KFRB44,
+                C=CN, ST=, L=, O=, CN=
+            ValidFrom: '2020-10-26 00:00:00'
+            ValidTo: '2022-10-27 23:59:59'
+            Signature: 79197d1bcfcf1e9bad9b6e106ff984000ed506986e884b44056fe05b8ea34d36f5b368551ee2848e3a9f55caad769e641dfb27e2a7182ceaf33b7b7a96a0f0ee966cb67377c2ceebdb72e7672079721ebfe265f3f3e95aa080d0f53fbf70b810e6af342243e6d7af74a9c9e0cec31200ab074e500ef8f8d11541d3409ee0a42835e8a6ce2b19385a2738d00b8e31f874c41e5cea3e30bee081840a3c83ad3aba7aff0240caacc839c0bdab5448d3376f3d7360eb77ba366cb7e3364f638ba48b37e82f03baa20868717f6c58a0175dd5417d1670e97c8dc8b6b021e39f5ce087b63a6de6f46968d7ee37135d40b309b56c12e314b46cd74a51638196a2e02e1c
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0108cbaee60728f5bf06e45a56d6f170
+            Version: 3
+            TBS:
+                MD5: 4e8398340fdf2c302ef881776b4626e7
+                SHA1: 483073cdc5b9b560c2d5aa80b62fa184ae4467ba
+                SHA256: b9d8daa31a25a3c525aa5cb844ced8da586540f20dc0a004209c598a56b95401
+                SHA384: 7c7d3a1f5042fca415289ad926b2826a85551195994fa8e8398f747a63672ed1c9196be485f0c2da9fa6801c170518f4
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA
+            ValidFrom: '2012-04-18 12:00:00'
+            ValidTo: '2027-04-18 12:00:00'
+            Signature: 9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0dd0e3374ac95bdbfa6b434b2a48ec06
+            Version: 3
+            TBS:
+                MD5: f92649915476229b093c211c2b18e6c4
+                SHA1: 2d54c16a8f8b69ccdea48d0603c132f547a5cf75
+                SHA256: 2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
+                SHA384: 511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 0108cbaee60728f5bf06e45a56d6f170
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA
+            Version: 1
+    Imphash: fc1af6fcd96ae15019c6cbe9015709d3
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 0d76526227d593a8967ed866b5991e10
+        SHA1: 3ae56ab63230d6d9552360845b4a37b5801cc5ea
+        SHA256: e9b433a33dc72eb2622947b41f01d04a48cd71beac775a88f3f1e4c838090ee8
+    Company: Windows (R) Win 7 DDK provider
+    Copyright: "Copyright \xA9 NetFilterSDK.com"
+    CreationTimestamp: '2020-09-15 00:54:19'
+    Date: ''
+    Description: NetFilter SDK WFP Driver (WPP)
+    ExportedFunctions: ''
+    FileVersion: '1.5.9.7 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - KeBugCheckEx
+    - ExUuidCreate
+    - swprintf_s
+    - RtlCreateSecurityDescriptor
+    - RtlLengthSid
+    - IoAllocateMdl
+    - ObOpenObjectByPointer
+    - IoReleaseCancelSpinLock
+    - IoCreateDevice
+    - MmFreePagesFromMdl
+    - ObfDereferenceObject
+    - PsGetCurrentProcessId
+    - IoCreateSymbolicLink
+    - SeExports
+    - ZwSetSecurityObject
+    - KeWaitForSingleObject
+    - ObReferenceObjectByHandle
+    - ZwSetInformationThread
+    - IofCompleteRequest
+    - PsTerminateSystemThread
+    - ZwQueryValueKey
+    - MmMapLockedPagesSpecifyCache
+    - PsCreateSystemThread
+    - RtlAddAccessAllowedAce
+    - MmBuildMdlForNonPagedPool
+    - MmAllocatePagesForMdl
+    - KeInitializeEvent
+    - RtlAppendUnicodeToString
+    - MmGetSystemRoutineAddress
+    - KeSetEvent
+    - IoDeleteDevice
+    - RtlSetDaclSecurityDescriptor
+    - PsLookupProcessByProcessId
+    - RtlCreateAcl
+    - IoDeleteSymbolicLink
+    - MmUnmapLockedPages
+    - RtlCompareMemory
+    - RtlValidSid
+    - ExDeleteNPagedLookasideList
+    - ExQueryDepthSList
+    - IoFreeMdl
+    - ExpInterlockedPopEntrySList
+    - KeAcquireInStackQueuedSpinLock
+    - ExpInterlockedPushEntrySList
+    - KeReleaseInStackQueuedSpinLock
+    - ExInitializeNPagedLookasideList
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - ZwOpenKey
+    - ZwClose
+    - RtlInitUnicodeString
+    - __C_specific_handler
+    - FwpsFlowAssociateContext0
+    - FwpsCalloutUnregisterByKey0
+    - FwpmSubLayerAdd0
+    - FwpsQueryPacketInjectionState0
+    - FwpmSubLayerDeleteByKey0
+    - FwpmSubLayerEnum0
+    - FwpmTransactionCommit0
+    - FwpmSubLayerCreateEnumHandle0
+    - FwpmSubLayerDestroyEnumHandle0
+    - FwpmProviderContextDeleteByKey0
+    - FwpmCalloutAdd0
+    - FwpmProviderAdd0
+    - FwpmTransactionAbort0
+    - FwpmEngineOpen0
+    - FwpsAcquireClassifyHandle0
+    - FwpmFilterAdd0
+    - FwpsPendClassify0
+    - FwpsCalloutRegister1
+    - FwpmTransactionBegin0
+    - FwpmEngineClose0
+    - FwpmFreeMemory0
+    - FwpsAcquireWritableLayerDataPointer0
+    - FwpsApplyModifiedLayerData0
+    - FwpsInjectNetworkReceiveAsync0
+    - FwpsFreeCloneNetBufferList0
+    - FwpsInjectionHandleDestroy0
+    - FwpsConstructIpHeaderForTransportPacket0
+    - FwpsAllocateNetBufferAndNetBufferList0
+    - FwpsInjectionHandleCreate0
+    - FwpsInjectTransportReceiveAsync0
+    - FwpsInjectNetworkSendAsync0
+    - FwpsCopyStreamDataToBuffer0
+    - FwpsInjectTransportSendAsync0
+    - FwpsFlowRemoveContext0
+    - FwpsCloneStreamData0
+    - FwpsCompleteClassify0
+    - FwpsStreamInjectAsync0
+    - FwpsReleaseClassifyHandle0
+    - FwpsDiscardClonedStreamData0
+    - FwpsFreeNetBufferList0
+    - FwpmBfeStateUnsubscribeChanges0
+    - FwpmBfeStateGet0
+    - FwpmBfeStateSubscribeChanges0
+    - NdisAllocateGenericObject
+    - NdisWaitEvent
+    - NdisAllocateNetBufferListPool
+    - NdisInitializeEvent
+    - NdisFreeGenericObject
+    - NdisFreeNetBufferListPool
+    - NdisGetDataBuffer
+    - NdisRetreatNetBufferDataStart
+    - NdisAdvanceNetBufferDataStart
+    Imports:
+    - ntoskrnl.exe
+    - fwpkclnt.sys
+    - NDIS.SYS
+    InternalName: netfilter2.sys
+    MD5: b04685112a0a8f7689c8d827bfcfe158
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: netfilter2.sys
+    PDBPath: ''
+    Product: Windows (R) Win 7 DDK driver
+    ProductVersion: 6.1.7600.16385
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 5f9eb581b0ce6f9d2b5f1f5a9771af50
+        SHA1: cb1828152e4668b5e033ee126a52df4f76700b2a
+        SHA256: e9bd3b71a475097efee5f9196d05a582abc2323affe47c2c9cf9bf933004e22f
+    SHA1: c7e40abaae9aeff135fe313fb0283381e8cced4d
+    SHA256: db1dbb09d437d3e8bed08c88ca43769b4fe8728f68b78ff6f9c8d2557e28d2b1
+    Sections:
+        .text:
+            Entropy: 6.2545679166711565
+            Virtual Size: '0xd64e'
+        .rdata:
+            Entropy: 5.490124607621635
+            Virtual Size: '0xbd4'
+        .data:
+            Entropy: 1.921663371680462
+            Virtual Size: '0x1718'
+        .pdata:
+            Entropy: 4.529523254969204
+            Virtual Size: '0x6d8'
+        INIT:
+            Entropy: 5.309837255433513
+            Virtual Size: '0xe96'
+        .rsrc:
+            Entropy: 3.410095048874038
+            Virtual Size: '0x3e0'
+        .reloc:
+            Entropy: 3.9064526149567356
+            Virtual Size: '0x1fe'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Hardware Compatibility Publisher
+            ValidFrom: '2020-03-11 17:31:14'
+            ValidTo: '2021-03-05 17:31:14'
+            Signature: 7dfc7c353c4c04d9d06066e1ca8584637192eb15d1d6e7c5521b0d819d615fb56524985d30535b0573fb8e0d13173d51b27bd23b9a2052738891d67ed360766452b62c4566eb20c90f018229a8e951bf58df5a7d731c1e51217f471d470979f04e900920bfc8715122b331d82f68f73ebf3de36e09d18fbfed2f3c29190a41baafbca0025bf4e36310a04cb8e61c32fda677820aa693a7f5e69d3c3abdb495b12bb8b6d10f65d44fae945d9b0fcf695d4711fc9e1c0ddb1f569c13093e16c389f748d8fe60e8685f02357464564761db4cece391baa742f3ad3bcfa26e01975966ca41939c832bf1147bec870162ce042fd0cf10d048181ec573d317f2c5de21512f13b24de9bac9bb83fc2ceb4f6f766536fe38c03ede1f8b0a3b8828e8d914d73d0a17699ab20264a27a36e0f77c5144cf470bf44d2296290e345bd25c0bc6a08dd963ec39ce0e500599751c652dc20e9906c1ce76c1d86c09058ae8defb3d7b93b68a34ca83a981a30c2403723f7e5c664b1e951050002ad32e976db221c2d8c660047dc6acfe0da16d44c6372a5cd04b016a35193f841b903ba87e2d6e416a2c59469af9f16e249bb891f21ec22f2db0a84a48d7a9e43d2f7e3bdd016d600f57daf21829885ec035287ab332c32738f5e26c6d2502b2f044afb1e048c85c7c9baf76747de14ecdeca3c7481796a741672a047f89dafe2c12c01982a026c4
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 330000003a6ae333708fda7a7b00000000003a
+            Version: 3
+            TBS:
+                MD5: 6f5d716e7151f1c173396adb7213359e
+                SHA1: 100610baae90027e9844a8e9c4d489fe122ecd9c
+                SHA256: 677d532777cee24be88442efec75e9640e80ef57d8e1246396459a1a04be733f
+                SHA384: 35d397c22426b9c4c486fa5dd36c089209ab77026e981bd353ffbf060f54fd98f2afe9b45dd64c20614a5d5627b8dd0c
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2014
+            ValidFrom: '2014-10-15 20:31:27'
+            ValidTo: '2029-10-15 20:41:27'
+            Signature: 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 330000000d690d5d7893d076df00000000000d
+            Version: 3
+            TBS:
+                MD5: 83f69422963f11c3c340b81712eef319
+                SHA1: 0c5e5f24590b53bc291e28583acb78e5adc95601
+                SHA256: d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
+                SHA384: 260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63
+        Signer:
+        -   SerialNumber: 330000003a6ae333708fda7a7b00000000003a
+            Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2014
+            Version: 1
+    Imphash: 578e11377270c1acacba47b17ef7b169
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 52cef25aecab8b66f05e29df206d6375
+        SHA1: 4e5e719362cd48bb323803c1d00afde11d4b9d4c
+        SHA256: 44a0599defea351314663582dbc61069b3a095a4ddad571bb17dd0d8b21e7ff2
+    Company: Windows (R) Win 7 DDK provider
+    Copyright: "Copyright \xA9 NetFilterSDK.com"
+    CreationTimestamp: '2020-09-15 00:54:42'
+    Date: ''
+    Description: NetFilter SDK WFP Driver (WPP)
+    ExportedFunctions: ''
+    FileVersion: 1.5.9.7
+    Filename: ''
+    ImportedFunctions:
+    - FwpmTransactionCommit0
+    - FwpmTransactionAbort0
+    - FwpmProviderAdd0
+    - FwpmProviderContextDeleteByKey0
+    - FwpmSubLayerAdd0
+    - FwpmSubLayerDeleteByKey0
+    - FwpmSubLayerCreateEnumHandle0
+    - FwpmSubLayerEnum0
+    - FwpmSubLayerDestroyEnumHandle0
+    - FwpmCalloutAdd0
+    - FwpmFilterAdd0
+    - FwpsFlowAbort0
+    - FwpsInjectionHandleCreate0
+    - FwpsInjectionHandleDestroy0
+    - FwpsAllocateNetBufferAndNetBufferList0
+    - FwpsFreeNetBufferList0
+    - FwpmTransactionBegin0
+    - FwpsInjectNetworkSendAsync0
+    - FwpsConstructIpHeaderForTransportPacket0
+    - FwpsInjectTransportSendAsync0
+    - FwpsInjectTransportReceiveAsync0
+    - FwpsInjectNetworkReceiveAsync0
+    - FwpsStreamInjectAsync0
+    - FwpsCopyStreamDataToBuffer0
+    - FwpmBfeStateGet0
+    - FwpmBfeStateSubscribeChanges0
+    - FwpmBfeStateUnsubscribeChanges0
+    - FwpsFlowRemoveContext0
+    - FwpsCompleteClassify0
+    - FwpsRedirectHandleDestroy0
+    - FwpsCloneStreamData0
+    - FwpsDiscardClonedStreamData0
+    - FwpmEngineClose0
+    - FwpmEngineOpen0
+    - FwpmFreeMemory0
+    - FwpsRedirectHandleCreate0
+    - FwpsQueryPacketInjectionState0
+    - FwpsApplyModifiedLayerData0
+    - FwpsAcquireWritableLayerDataPointer0
+    - FwpsReleaseClassifyHandle0
+    - FwpsFlowAssociateContext0
+    - FwpsAcquireClassifyHandle0
+    - FwpsCalloutUnregisterByKey0
+    - FwpsCalloutRegister1
+    - FwpsPendClassify0
+    - FwpsFreeCloneNetBufferList0
+    - NdisAllocateNetBufferListPool
+    - NdisWaitEvent
+    - NdisInitializeEvent
+    - NdisFreeGenericObject
+    - NdisAllocateGenericObject
+    - NdisGetDataBuffer
+    - NdisAdvanceNetBufferDataStart
+    - NdisRetreatNetBufferDataStart
+    - NdisFreeNetBufferListPool
+    - memset
+    - RtlInitUnicodeString
+    - MmGetSystemRoutineAddress
+    - RtlAppendUnicodeToString
+    - RtlCreateSecurityDescriptor
+    - RtlSetDaclSecurityDescriptor
+    - KeInitializeEvent
+    - KeSetEvent
+    - KeWaitForSingleObject
+    - KeInitializeSpinLock
+    - ExFreePoolWithTag
+    - InterlockedPopEntrySList
+    - InterlockedPushEntrySList
+    - ExInitializeNPagedLookasideList
+    - ExDeleteNPagedLookasideList
+    - MmBuildMdlForNonPagedPool
+    - MmMapLockedPagesSpecifyCache
+    - MmUnmapLockedPages
+    - MmAllocatePagesForMdl
+    - MmFreePagesFromMdl
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - IoAllocateMdl
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - IoFreeMdl
+    - IoReleaseCancelSpinLock
+    - ObReferenceObjectByHandle
+    - ObfDereferenceObject
+    - ZwClose
+    - ZwOpenKey
+    - ZwQueryValueKey
+    - PsGetCurrentProcessId
+    - ZwSetInformationThread
+    - RtlLengthSid
+    - RtlCreateAcl
+    - RtlAddAccessAllowedAce
+    - PsLookupProcessByProcessId
+    - ObOpenObjectByPointer
+    - ZwSetSecurityObject
+    - SeExports
+    - RtlGetVersion
+    - KeQuerySystemTime
+    - _allmul
+    - _aulldiv
+    - _aullrem
+    - RtlCompareMemory
+    - RtlValidSid
+    - RtlUnwind
+    - memcpy
+    - ExUuidCreate
+    - ExAllocatePoolWithTag
+    - swprintf_s
+    - KeReleaseInStackQueuedSpinLock
+    - KeGetCurrentIrql
+    - KeAcquireInStackQueuedSpinLock
+    Imports:
+    - fwpkclnt.sys
+    - NDIS.SYS
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: netfilter2.sys
+    MD5: e5df31054a60be8aa858a28a8fe0f73e
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: netfilter2.sys
+    PDBPath: ''
+    Product: Windows (R) Win 7 DDK driver
+    ProductVersion: 6.2.9200.20557
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: b873ce00fb531a917db2341eff66f88d
+        SHA1: 0f24abad7feabd2abb4b819dedc5ab9b9de3e33c
+        SHA256: 54b267b1987fc423443455d94ce6d7b42dd9357bef9de2d67bea3bc6a83fb0cc
+    SHA1: 48559c488bc304d39f87855b2225f8c0f7d74b59
+    SHA256: 81bcd8a3f8c17ac6dc4bad750ad3417914db10aa15485094eef0951a3f72bdbd
+    Sections:
+        .text:
+            Entropy: 6.24160242971194
+            Virtual Size: '0xe8c2'
+        .rdata:
+            Entropy: 4.577904288123528
+            Virtual Size: '0x914'
+        .data:
+            Entropy: 3.197711573383127
+            Virtual Size: '0xf90'
+        INIT:
+            Entropy: 5.598078462986293
+            Virtual Size: '0xd76'
+        .rsrc:
+            Entropy: 3.5912667039027926
+            Virtual Size: '0x448'
+        .reloc:
+            Entropy: 6.614956595399758
+            Virtual Size: '0x12c8'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Hardware Compatibility Publisher
+            ValidFrom: '2020-03-11 17:31:14'
+            ValidTo: '2021-03-05 17:31:14'
+            Signature: 7dfc7c353c4c04d9d06066e1ca8584637192eb15d1d6e7c5521b0d819d615fb56524985d30535b0573fb8e0d13173d51b27bd23b9a2052738891d67ed360766452b62c4566eb20c90f018229a8e951bf58df5a7d731c1e51217f471d470979f04e900920bfc8715122b331d82f68f73ebf3de36e09d18fbfed2f3c29190a41baafbca0025bf4e36310a04cb8e61c32fda677820aa693a7f5e69d3c3abdb495b12bb8b6d10f65d44fae945d9b0fcf695d4711fc9e1c0ddb1f569c13093e16c389f748d8fe60e8685f02357464564761db4cece391baa742f3ad3bcfa26e01975966ca41939c832bf1147bec870162ce042fd0cf10d048181ec573d317f2c5de21512f13b24de9bac9bb83fc2ceb4f6f766536fe38c03ede1f8b0a3b8828e8d914d73d0a17699ab20264a27a36e0f77c5144cf470bf44d2296290e345bd25c0bc6a08dd963ec39ce0e500599751c652dc20e9906c1ce76c1d86c09058ae8defb3d7b93b68a34ca83a981a30c2403723f7e5c664b1e951050002ad32e976db221c2d8c660047dc6acfe0da16d44c6372a5cd04b016a35193f841b903ba87e2d6e416a2c59469af9f16e249bb891f21ec22f2db0a84a48d7a9e43d2f7e3bdd016d600f57daf21829885ec035287ab332c32738f5e26c6d2502b2f044afb1e048c85c7c9baf76747de14ecdeca3c7481796a741672a047f89dafe2c12c01982a026c4
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 330000003a6ae333708fda7a7b00000000003a
+            Version: 3
+            TBS:
+                MD5: 6f5d716e7151f1c173396adb7213359e
+                SHA1: 100610baae90027e9844a8e9c4d489fe122ecd9c
+                SHA256: 677d532777cee24be88442efec75e9640e80ef57d8e1246396459a1a04be733f
+                SHA384: 35d397c22426b9c4c486fa5dd36c089209ab77026e981bd353ffbf060f54fd98f2afe9b45dd64c20614a5d5627b8dd0c
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2014
+            ValidFrom: '2014-10-15 20:31:27'
+            ValidTo: '2029-10-15 20:41:27'
+            Signature: 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 330000000d690d5d7893d076df00000000000d
+            Version: 3
+            TBS:
+                MD5: 83f69422963f11c3c340b81712eef319
+                SHA1: 0c5e5f24590b53bc291e28583acb78e5adc95601
+                SHA256: d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
+                SHA384: 260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63
+        Signer:
+        -   SerialNumber: 330000003a6ae333708fda7a7b00000000003a
+            Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2014
+            Version: 1
+    Imphash: 79c0d702a9da102f56d81f4efe802fbf
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: fd8b9266dc98e0af514babcbba122265
+        SHA1: dc38cc55b84a1a7c0846fb5509b43b4ff97a9be6
+        SHA256: fafa1bb36f0ac34b762a10e9f327dcab2152a6d0b16a19697362d49a31e7f566
+    Company: "\u5B8F\u56FE\u65E0\u5FE7"
+    Copyright: "Copyright \xA9 wyjsq.com"
+    CreationTimestamp: '2019-06-10 08:45:42'
+    Date: ''
+    Description: WYJSQ WFP Driver (WPP)
+    ExportedFunctions: ''
+    FileVersion: '1.5.7.8 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - KeBugCheckEx
+    - ExUuidCreate
+    - swprintf_s
+    - RtlCreateSecurityDescriptor
+    - RtlLengthSid
+    - IoAllocateMdl
+    - ObOpenObjectByPointer
+    - IoReleaseCancelSpinLock
+    - IoCreateDevice
+    - MmFreePagesFromMdl
+    - ObfDereferenceObject
+    - PsGetCurrentProcessId
+    - IoCreateSymbolicLink
+    - SeExports
+    - ZwSetSecurityObject
+    - KeWaitForSingleObject
+    - ObReferenceObjectByHandle
+    - ZwSetInformationThread
+    - IofCompleteRequest
+    - PsTerminateSystemThread
+    - ZwQueryValueKey
+    - MmMapLockedPagesSpecifyCache
+    - PsCreateSystemThread
+    - RtlAddAccessAllowedAce
+    - MmBuildMdlForNonPagedPool
+    - MmAllocatePagesForMdl
+    - KeInitializeEvent
+    - RtlAppendUnicodeToString
+    - MmGetSystemRoutineAddress
+    - KeSetEvent
+    - IoDeleteDevice
+    - RtlSetDaclSecurityDescriptor
+    - PsLookupProcessByProcessId
+    - RtlCreateAcl
+    - IoDeleteSymbolicLink
+    - MmUnmapLockedPages
+    - ExDeleteNPagedLookasideList
+    - ExQueryDepthSList
+    - IoFreeMdl
+    - ExpInterlockedPopEntrySList
+    - KeAcquireInStackQueuedSpinLock
+    - ExpInterlockedPushEntrySList
+    - KeReleaseInStackQueuedSpinLock
+    - ExInitializeNPagedLookasideList
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - ZwOpenKey
+    - ZwClose
+    - RtlInitUnicodeString
+    - __C_specific_handler
+    - FwpsFlowAssociateContext0
+    - FwpsCalloutUnregisterByKey0
+    - FwpmSubLayerAdd0
+    - FwpsQueryPacketInjectionState0
+    - FwpmSubLayerDeleteByKey0
+    - FwpmSubLayerEnum0
+    - FwpmTransactionCommit0
+    - FwpmSubLayerCreateEnumHandle0
+    - FwpmSubLayerDestroyEnumHandle0
+    - FwpmProviderContextDeleteByKey0
+    - FwpmCalloutAdd0
+    - FwpmProviderAdd0
+    - FwpmTransactionAbort0
+    - FwpmEngineOpen0
+    - FwpsAcquireClassifyHandle0
+    - FwpmFilterAdd0
+    - FwpsPendClassify0
+    - FwpsCalloutRegister1
+    - FwpmTransactionBegin0
+    - FwpmEngineClose0
+    - FwpmFreeMemory0
+    - FwpsAcquireWritableLayerDataPointer0
+    - FwpsApplyModifiedLayerData0
+    - FwpsInjectNetworkReceiveAsync0
+    - FwpsFreeCloneNetBufferList0
+    - FwpsInjectionHandleDestroy0
+    - FwpsConstructIpHeaderForTransportPacket0
+    - FwpsAllocateNetBufferAndNetBufferList0
+    - FwpsInjectionHandleCreate0
+    - FwpsInjectTransportReceiveAsync0
+    - FwpsInjectNetworkSendAsync0
+    - FwpsCopyStreamDataToBuffer0
+    - FwpsInjectTransportSendAsync0
+    - FwpsFlowRemoveContext0
+    - FwpsCloneStreamData0
+    - FwpsCompleteClassify0
+    - FwpsStreamInjectAsync0
+    - FwpsReleaseClassifyHandle0
+    - FwpsDiscardClonedStreamData0
+    - FwpmBfeStateGet0
+    - FwpmBfeStateSubscribeChanges0
+    - FwpmBfeStateUnsubscribeChanges0
+    - FwpsFreeNetBufferList0
+    - NdisAllocateGenericObject
+    - NdisWaitEvent
+    - NdisAllocateNetBufferListPool
+    - NdisInitializeEvent
+    - NdisFreeGenericObject
+    - NdisFreeNetBufferListPool
+    - NdisGetDataBuffer
+    - NdisRetreatNetBufferDataStart
+    - NdisAdvanceNetBufferDataStart
+    Imports:
+    - ntoskrnl.exe
+    - fwpkclnt.sys
+    - NDIS.SYS
+    InternalName: netfilter2.sys
+    MD5: c3e397dc9fb61a75521548048458a018
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: netfilter2.sys
+    PDBPath: ''
+    Product: "\u65E0\u5FE7\u52A0\u901F\u5668"
+    ProductVersion: 6.1.7600.16385
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: a56ba6fc66a7556100c90b00913a984c
+        SHA1: b236fd12e7887836407fd8ff0acd7192685f3704
+        SHA256: 464507424adf04e3a3c84ab69df0eb8a21f311a35cdf11ad898a50995fbfba19
+    SHA1: 708c327256e1aea27572cdfc07ab44c22eb19aae
+    SHA256: 7ff8fe4c220cf6416984b70a7e272006a018e5662da3cedc2a88efeb6411b4a4
+    Sections:
+        .text:
+            Entropy: 6.242867685753186
+            Virtual Size: '0xd86e'
+        .rdata:
+            Entropy: 5.37002131800132
+            Virtual Size: '0xb44'
+        .data:
+            Entropy: 1.6857744414226499
+            Virtual Size: '0x1598'
+        .pdata:
+            Entropy: 4.530780747243636
+            Virtual Size: '0x690'
+        INIT:
+            Entropy: 5.309039021372289
+            Virtual Size: '0xe64'
+        .rsrc:
+            Entropy: 3.531521158202179
+            Virtual Size: '0x418'
+        .reloc:
+            Entropy: 3.6690718801051645
+            Virtual Size: '0x1ce'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: C=CN, ST=, L=, O=, CN=
+            ValidFrom: '2019-06-27 00:00:00'
+            ValidTo: '2020-06-30 12:00:00'
+            Signature: 03dde89129103227d1e3b60f8112561b8b40ba165d1c9d6867aa730429a5534bb8fd6f9883704c5d2ddc938bbb8477a37ea3e01ecc696079a283e4d2534ca96b5049034c454324abf188ab6536ba0ee6e6f1f194a23363d9198eb829cf68834cd952074413bd9711e39037d0ecdba6ec2c7e2c7b46946c4ebea4ee1b84b7cb6582826da8eeafc5d1e9daf8f777480a7507017a6c485b25d94df9546c4ad4ebba85d79ce89422571b2e03557ba2b0396c4bacb5262e51cde8fe9c46d1f0e5e414757f53f5aded921c117f8c7bcf8caa4acc00b120c7a0a48ea84bd618e65c867d74367ab9f3285929c4f98e587f3620bb066906ffe450a911ded794c508f656a7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 09450b8f73ea43e39d2cdd56049dbe40
+            Version: 3
+            TBS:
+                MD5: bcfecc67375f580ac6eadd789860b1f8
+                SHA1: 3fa9cf13a1816a6e358bb1ca12e050662bc2e178
+                SHA256: fbb627aabbe2b2dbfdddfbad14392049b0d76f8d9679f3d550333b84b20320df
+                SHA384: d496c3920c3ab14a3c79e9bd41351912f045ea3b42ba9ec0cb0b1f778d1178174a831fe89848a8226957f2b6f079f01d
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
+            Version: 3
+            TBS:
+                MD5: 829995f702421dea833a24fb2c7f4442
+                SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
+                SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
+                SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 09450b8f73ea43e39d2cdd56049dbe40
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            Version: 1
+    Imphash: 8e0e7a2f5025b047a8ebd12a87d503fe
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 3361957860d2b65c0368778ca088946f
+        SHA1: 6a784d45517142c11d5cca3ff9956b2ed6eaf4c9
+        SHA256: e94e8a87459db56837d1c58f9854794aa99f36566a9ded9b398be9d4d3a2c2af
+    Company: Windows (R) Win 7 DDK provider
+    Copyright: "Copyright \xA9 NetFilterSDK.com"
+    CreationTimestamp: '2020-09-15 00:54:41'
+    Date: ''
+    Description: NetFilter SDK WFP Driver (WPP)
+    ExportedFunctions: ''
+    FileVersion: 1.5.9.7
+    Filename: ''
+    ImportedFunctions:
+    - FwpmFreeMemory0
+    - FwpmEngineOpen0
+    - FwpmEngineClose0
+    - FwpmTransactionBegin0
+    - FwpmTransactionCommit0
+    - FwpmTransactionAbort0
+    - FwpmProviderAdd0
+    - FwpmProviderContextDeleteByKey0
+    - FwpmSubLayerAdd0
+    - FwpmSubLayerDeleteByKey0
+    - FwpmSubLayerCreateEnumHandle0
+    - FwpmSubLayerEnum0
+    - FwpmSubLayerDestroyEnumHandle0
+    - FwpmCalloutAdd0
+    - FwpmFilterAdd0
+    - FwpsFlowAbort0
+    - FwpsInjectionHandleCreate0
+    - FwpsInjectionHandleDestroy0
+    - FwpsRedirectHandleCreate0
+    - FwpsFreeNetBufferList0
+    - FwpsFreeCloneNetBufferList0
+    - FwpsInjectNetworkSendAsync0
+    - FwpsConstructIpHeaderForTransportPacket0
+    - FwpsInjectTransportSendAsync0
+    - FwpsInjectTransportReceiveAsync0
+    - FwpsInjectNetworkReceiveAsync0
+    - FwpsStreamInjectAsync0
+    - FwpsCopyStreamDataToBuffer0
+    - FwpmBfeStateGet0
+    - FwpmBfeStateSubscribeChanges0
+    - FwpmBfeStateUnsubscribeChanges0
+    - FwpsFlowRemoveContext0
+    - FwpsCompleteClassify0
+    - FwpsRedirectHandleDestroy0
+    - FwpsCloneStreamData0
+    - FwpsDiscardClonedStreamData0
+    - FwpsQueryPacketInjectionState0
+    - FwpsApplyModifiedLayerData0
+    - FwpsAcquireWritableLayerDataPointer0
+    - FwpsReleaseClassifyHandle0
+    - FwpsAcquireClassifyHandle0
+    - FwpsFlowAssociateContext0
+    - FwpsCalloutUnregisterByKey0
+    - FwpsCalloutRegister1
+    - FwpsPendClassify0
+    - FwpsAllocateNetBufferAndNetBufferList0
+    - NdisFreeNetBufferListPool
+    - NdisAllocateNetBufferListPool
+    - NdisWaitEvent
+    - NdisInitializeEvent
+    - NdisFreeGenericObject
+    - NdisAllocateGenericObject
+    - NdisGetDataBuffer
+    - NdisAdvanceNetBufferDataStart
+    - NdisRetreatNetBufferDataStart
+    - KeAcquireInStackQueuedSpinLock
+    - KeReleaseInStackQueuedSpinLock
+    - ExAllocatePoolWithTag
+    - ExUuidCreate
+    - swprintf_s
+    - RtlInitUnicodeString
+    - MmGetSystemRoutineAddress
+    - RtlAppendUnicodeToString
+    - RtlCreateSecurityDescriptor
+    - RtlSetDaclSecurityDescriptor
+    - KeInitializeEvent
+    - KeSetEvent
+    - KeWaitForSingleObject
+    - KeInitializeSpinLock
+    - ExFreePoolWithTag
+    - ExQueryDepthSList
+    - ExpInterlockedPopEntrySList
+    - ExpInterlockedPushEntrySList
+    - ExInitializeNPagedLookasideList
+    - ExDeleteNPagedLookasideList
+    - MmBuildMdlForNonPagedPool
+    - MmMapLockedPagesSpecifyCache
+    - MmUnmapLockedPages
+    - MmAllocatePagesForMdl
+    - MmFreePagesFromMdl
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - IoAllocateMdl
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - IoFreeMdl
+    - IoReleaseCancelSpinLock
+    - ObReferenceObjectByHandle
+    - ObfDereferenceObject
+    - ZwClose
+    - ZwOpenKey
+    - ZwQueryValueKey
+    - PsGetCurrentProcessId
+    - ZwSetInformationThread
+    - RtlLengthSid
+    - RtlCreateAcl
+    - RtlAddAccessAllowedAce
+    - PsLookupProcessByProcessId
+    - ObOpenObjectByPointer
+    - ZwSetSecurityObject
+    - __C_specific_handler
+    - SeExports
+    - RtlGetVersion
+    - RtlCompareMemory
+    - RtlValidSid
+    Imports:
+    - fwpkclnt.sys
+    - NDIS.SYS
+    - ntoskrnl.exe
+    InternalName: netfilter2.sys
+    MD5: 305b05de211be69446444284923bd676
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: netfilter2.sys
+    PDBPath: ''
+    Product: Windows (R) Win 7 DDK driver
+    ProductVersion: 6.2.9200.20557
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: c646eed94ec9e75c1a5498d3642cdab3
+        SHA1: 0d0761641e424cc895ba76723784427fcf297f4a
+        SHA256: 7cecb42d3d4ae8649f3b4714fbab29c4cef8e24a48b0eea2537824fc40f4ea7f
+    SHA1: 4d8a4115826eef6d9acd2487b141facf5b87a257
+    SHA256: 1a0f57a4d7c8137baf24c65d542729547b876979273df7a245aaeea87280c090
+    Sections:
+        .text:
+            Entropy: 6.150053710509848
+            Virtual Size: '0x1019a'
+        .rdata:
+            Entropy: 4.871173021345663
+            Virtual Size: '0x1ddc'
+        .data:
+            Entropy: 2.2005364202433433
+            Virtual Size: '0x18c0'
+        .pdata:
+            Entropy: 5.031237899973202
+            Virtual Size: '0xe40'
+        INIT:
+            Entropy: 5.179921200293236
+            Virtual Size: '0xeca'
+        .rsrc:
+            Entropy: 3.5922103150308553
+            Virtual Size: '0x448'
+        .reloc:
+            Entropy: 3.7790472033993128
+            Virtual Size: '0x228'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=IN, ST=Rajasthan, L=Jaipur, O=SYSTWEAK SOFTWARE PVT. LTD.,
+                CN=SYSTWEAK SOFTWARE PVT. LTD.
+            ValidFrom: '2020-07-03 00:00:00'
+            ValidTo: '2021-09-01 23:59:59'
+            Signature: 658280479fe306aab0994dc8906bc888a766f0a7cdf8b6e0f6008bee7672c4e903d8433af6a9b719a6089420404c164022d367e638da20898cfc10d30970a527a88fbb47ad4c50c44c14028ee1618992c921ac6c2fd07222d6751dba49b2c55b118de67b36d8cd7aa3e217f3a9d23ed2ad9c089d396ae12ed4b3d0fa3cf699c874f21001dcd68d2d8e11ea0d80c3721c7a961ab416dbf6351b81ba036b22b25c739614aa9c724555082c0c61d8600bbf5067132ae87773a8eace86519881e9dd89651a6dde6ab0a36e328e38d243e71ffb5dcbc287c163189c254950c1758d7e765b6d51460d94b6c0b8d185b687d3b4b686f0e5615df352747a1b5c3b1a1072
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 4b51e8986bf2670974fecc6dad020f19
+            Version: 3
+            TBS:
+                MD5: 0538926e1c7f1fcaee6540250d010840
+                SHA1: 59887d34eaaa74baf151589daef69b2b6f2d9b55
+                SHA256: b52255871658ceb663a52576f271ee86d661c2594fc3aa93bbf62ce8a8c77428
+                SHA384: ee73f9b450bfdd14f4ff8c141b4a40342f93f8ca16539ecd86c7c1fc6f13943c23dcfcb01db81d518e9d1a93bf4060f9
+        -   Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 SHA256 Code Signing CA
+            ValidFrom: '2013-12-10 00:00:00'
+            ValidTo: '2023-12-09 23:59:59'
+            Signature: 13851a1e69a937f7a0bda4af7e1d6153fe9d8c5e0ca6751e781723ddfdec1a035539fb7195c7655aa78e30d2445a61db706fda2105c22e73ba49f1d193fe5dc9cd5e03e0899e3f741ed7f7388ba9d6cfbb352f3358a89256d1c84d3b82e6798416fc28b0b147f31da23eee87d9a67fa456a53fad842e29de7cbca8aaa33d0401eaba93a20e502229174c87e43a115fd6a425899b056b2fb4c9014c277b0bac190522a060153fdac9fb4d4c8ffb726777fd2794c7ba350e8849fe8dfd28af4a12bd0db39705de440c15fa362b03dcc15001f1a1115d14e5e2bd274b54be2b845e0fa6c374050aef97c38922b11f77f3bdcd43d4f14ca93fb58b84af64f2d01421
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 3d78d7f9764960b2617df4f01eca862a
+            Version: 3
+            TBS:
+                MD5: 1f056ff7d5f874984dc605402b7cb042
+                SHA1: bdb348353a2203deb4b767914fa1bd7248dd728b
+                SHA256: a08e79c386083d875014c409c13d144e0a24386132980df11ff59737c8489eb1
+                SHA384: fa2729064b49e0d77540c1ee95d5f74acaf8eaf55197851a3a40383335f8113e51190bc48b552196edf8ac5cf0c89278
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        Signer:
+        -   SerialNumber: 4b51e8986bf2670974fecc6dad020f19
+            Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 SHA256 Code Signing CA
+            Version: 1
+    Imphash: c3658b106f146a18ba9b6e5c7bacfe9b
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 52cef25aecab8b66f05e29df206d6375
+        SHA1: 4e5e719362cd48bb323803c1d00afde11d4b9d4c
+        SHA256: 44a0599defea351314663582dbc61069b3a095a4ddad571bb17dd0d8b21e7ff2
+    Company: Windows (R) Win 7 DDK provider
+    Copyright: "Copyright \xA9 NetFilterSDK.com"
+    CreationTimestamp: '2020-09-15 00:54:42'
+    Date: ''
+    Description: NetFilter SDK WFP Driver (WPP)
+    ExportedFunctions: ''
+    FileVersion: 1.5.9.7
+    Filename: ''
+    ImportedFunctions:
+    - FwpmTransactionCommit0
+    - FwpmTransactionAbort0
+    - FwpmProviderAdd0
+    - FwpmProviderContextDeleteByKey0
+    - FwpmSubLayerAdd0
+    - FwpmSubLayerDeleteByKey0
+    - FwpmSubLayerCreateEnumHandle0
+    - FwpmSubLayerEnum0
+    - FwpmSubLayerDestroyEnumHandle0
+    - FwpmCalloutAdd0
+    - FwpmFilterAdd0
+    - FwpsFlowAbort0
+    - FwpsInjectionHandleCreate0
+    - FwpsInjectionHandleDestroy0
+    - FwpsAllocateNetBufferAndNetBufferList0
+    - FwpsFreeNetBufferList0
+    - FwpmTransactionBegin0
+    - FwpsInjectNetworkSendAsync0
+    - FwpsConstructIpHeaderForTransportPacket0
+    - FwpsInjectTransportSendAsync0
+    - FwpsInjectTransportReceiveAsync0
+    - FwpsInjectNetworkReceiveAsync0
+    - FwpsStreamInjectAsync0
+    - FwpsCopyStreamDataToBuffer0
+    - FwpmBfeStateGet0
+    - FwpmBfeStateSubscribeChanges0
+    - FwpmBfeStateUnsubscribeChanges0
+    - FwpsFlowRemoveContext0
+    - FwpsCompleteClassify0
+    - FwpsRedirectHandleDestroy0
+    - FwpsCloneStreamData0
+    - FwpsDiscardClonedStreamData0
+    - FwpmEngineClose0
+    - FwpmEngineOpen0
+    - FwpmFreeMemory0
+    - FwpsRedirectHandleCreate0
+    - FwpsQueryPacketInjectionState0
+    - FwpsApplyModifiedLayerData0
+    - FwpsAcquireWritableLayerDataPointer0
+    - FwpsReleaseClassifyHandle0
+    - FwpsFlowAssociateContext0
+    - FwpsAcquireClassifyHandle0
+    - FwpsCalloutUnregisterByKey0
+    - FwpsCalloutRegister1
+    - FwpsPendClassify0
+    - FwpsFreeCloneNetBufferList0
+    - NdisAllocateNetBufferListPool
+    - NdisWaitEvent
+    - NdisInitializeEvent
+    - NdisFreeGenericObject
+    - NdisAllocateGenericObject
+    - NdisGetDataBuffer
+    - NdisAdvanceNetBufferDataStart
+    - NdisRetreatNetBufferDataStart
+    - NdisFreeNetBufferListPool
+    - memset
+    - RtlInitUnicodeString
+    - MmGetSystemRoutineAddress
+    - RtlAppendUnicodeToString
+    - RtlCreateSecurityDescriptor
+    - RtlSetDaclSecurityDescriptor
+    - KeInitializeEvent
+    - KeSetEvent
+    - KeWaitForSingleObject
+    - KeInitializeSpinLock
+    - ExFreePoolWithTag
+    - InterlockedPopEntrySList
+    - InterlockedPushEntrySList
+    - ExInitializeNPagedLookasideList
+    - ExDeleteNPagedLookasideList
+    - MmBuildMdlForNonPagedPool
+    - MmMapLockedPagesSpecifyCache
+    - MmUnmapLockedPages
+    - MmAllocatePagesForMdl
+    - MmFreePagesFromMdl
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - IoAllocateMdl
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - IoFreeMdl
+    - IoReleaseCancelSpinLock
+    - ObReferenceObjectByHandle
+    - ObfDereferenceObject
+    - ZwClose
+    - ZwOpenKey
+    - ZwQueryValueKey
+    - PsGetCurrentProcessId
+    - ZwSetInformationThread
+    - RtlLengthSid
+    - RtlCreateAcl
+    - RtlAddAccessAllowedAce
+    - PsLookupProcessByProcessId
+    - ObOpenObjectByPointer
+    - ZwSetSecurityObject
+    - SeExports
+    - RtlGetVersion
+    - KeQuerySystemTime
+    - _allmul
+    - _aulldiv
+    - _aullrem
+    - RtlCompareMemory
+    - RtlValidSid
+    - RtlUnwind
+    - memcpy
+    - ExUuidCreate
+    - ExAllocatePoolWithTag
+    - swprintf_s
+    - KeReleaseInStackQueuedSpinLock
+    - KeGetCurrentIrql
+    - KeAcquireInStackQueuedSpinLock
+    Imports:
+    - fwpkclnt.sys
+    - NDIS.SYS
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: netfilter2.sys
+    MD5: 3e5c04eced0e89aa8bfc279323c3544e
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: netfilter2.sys
+    PDBPath: ''
+    Product: Windows (R) Win 7 DDK driver
+    ProductVersion: 6.2.9200.20557
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: b873ce00fb531a917db2341eff66f88d
+        SHA1: 0f24abad7feabd2abb4b819dedc5ab9b9de3e33c
+        SHA256: 54b267b1987fc423443455d94ce6d7b42dd9357bef9de2d67bea3bc6a83fb0cc
+    SHA1: 49f47fcb67f510b2d2ea891e1b1a50a95e0702ad
+    SHA256: 62b14bb308c99132d90646e85bc7d6eb593f38e225c8232f69f24b74a019c176
+    Sections:
+        .text:
+            Entropy: 6.24160242971194
+            Virtual Size: '0xe8c2'
+        .rdata:
+            Entropy: 4.577904288123528
+            Virtual Size: '0x914'
+        .data:
+            Entropy: 3.197711573383127
+            Virtual Size: '0xf90'
+        INIT:
+            Entropy: 5.598078462986293
+            Virtual Size: '0xd76'
+        .rsrc:
+            Entropy: 3.5912667039027926
+            Virtual Size: '0x448'
+        .reloc:
+            Entropy: 6.614956595399758
+            Virtual Size: '0x12c8'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=IN, ST=Rajasthan, L=Jaipur, O=SYSTWEAK SOFTWARE PVT. LTD.,
+                CN=SYSTWEAK SOFTWARE PVT. LTD.
+            ValidFrom: '2020-07-03 00:00:00'
+            ValidTo: '2021-09-01 23:59:59'
+            Signature: 658280479fe306aab0994dc8906bc888a766f0a7cdf8b6e0f6008bee7672c4e903d8433af6a9b719a6089420404c164022d367e638da20898cfc10d30970a527a88fbb47ad4c50c44c14028ee1618992c921ac6c2fd07222d6751dba49b2c55b118de67b36d8cd7aa3e217f3a9d23ed2ad9c089d396ae12ed4b3d0fa3cf699c874f21001dcd68d2d8e11ea0d80c3721c7a961ab416dbf6351b81ba036b22b25c739614aa9c724555082c0c61d8600bbf5067132ae87773a8eace86519881e9dd89651a6dde6ab0a36e328e38d243e71ffb5dcbc287c163189c254950c1758d7e765b6d51460d94b6c0b8d185b687d3b4b686f0e5615df352747a1b5c3b1a1072
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 4b51e8986bf2670974fecc6dad020f19
+            Version: 3
+            TBS:
+                MD5: 0538926e1c7f1fcaee6540250d010840
+                SHA1: 59887d34eaaa74baf151589daef69b2b6f2d9b55
+                SHA256: b52255871658ceb663a52576f271ee86d661c2594fc3aa93bbf62ce8a8c77428
+                SHA384: ee73f9b450bfdd14f4ff8c141b4a40342f93f8ca16539ecd86c7c1fc6f13943c23dcfcb01db81d518e9d1a93bf4060f9
+        -   Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 SHA256 Code Signing CA
+            ValidFrom: '2013-12-10 00:00:00'
+            ValidTo: '2023-12-09 23:59:59'
+            Signature: 13851a1e69a937f7a0bda4af7e1d6153fe9d8c5e0ca6751e781723ddfdec1a035539fb7195c7655aa78e30d2445a61db706fda2105c22e73ba49f1d193fe5dc9cd5e03e0899e3f741ed7f7388ba9d6cfbb352f3358a89256d1c84d3b82e6798416fc28b0b147f31da23eee87d9a67fa456a53fad842e29de7cbca8aaa33d0401eaba93a20e502229174c87e43a115fd6a425899b056b2fb4c9014c277b0bac190522a060153fdac9fb4d4c8ffb726777fd2794c7ba350e8849fe8dfd28af4a12bd0db39705de440c15fa362b03dcc15001f1a1115d14e5e2bd274b54be2b845e0fa6c374050aef97c38922b11f77f3bdcd43d4f14ca93fb58b84af64f2d01421
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 3d78d7f9764960b2617df4f01eca862a
+            Version: 3
+            TBS:
+                MD5: 1f056ff7d5f874984dc605402b7cb042
+                SHA1: bdb348353a2203deb4b767914fa1bd7248dd728b
+                SHA256: a08e79c386083d875014c409c13d144e0a24386132980df11ff59737c8489eb1
+                SHA384: fa2729064b49e0d77540c1ee95d5f74acaf8eaf55197851a3a40383335f8113e51190bc48b552196edf8ac5cf0c89278
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        Signer:
+        -   SerialNumber: 4b51e8986bf2670974fecc6dad020f19
+            Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 SHA256 Code Signing CA
+            Version: 1
+    Imphash: 79c0d702a9da102f56d81f4efe802fbf
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: fd8b9266dc98e0af514babcbba122265
+        SHA1: dc38cc55b84a1a7c0846fb5509b43b4ff97a9be6
+        SHA256: fafa1bb36f0ac34b762a10e9f327dcab2152a6d0b16a19697362d49a31e7f566
+    Company: "\u5B8F\u56FE\u65E0\u5FE7"
+    Copyright: "Copyright \xA9 wyjsq.com"
+    CreationTimestamp: '2019-06-10 08:45:42'
+    Date: ''
+    Description: WYJSQ WFP Driver (WPP)
+    ExportedFunctions: ''
+    FileVersion: '1.5.7.8 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - KeBugCheckEx
+    - ExUuidCreate
+    - swprintf_s
+    - RtlCreateSecurityDescriptor
+    - RtlLengthSid
+    - IoAllocateMdl
+    - ObOpenObjectByPointer
+    - IoReleaseCancelSpinLock
+    - IoCreateDevice
+    - MmFreePagesFromMdl
+    - ObfDereferenceObject
+    - PsGetCurrentProcessId
+    - IoCreateSymbolicLink
+    - SeExports
+    - ZwSetSecurityObject
+    - KeWaitForSingleObject
+    - ObReferenceObjectByHandle
+    - ZwSetInformationThread
+    - IofCompleteRequest
+    - PsTerminateSystemThread
+    - ZwQueryValueKey
+    - MmMapLockedPagesSpecifyCache
+    - PsCreateSystemThread
+    - RtlAddAccessAllowedAce
+    - MmBuildMdlForNonPagedPool
+    - MmAllocatePagesForMdl
+    - KeInitializeEvent
+    - RtlAppendUnicodeToString
+    - MmGetSystemRoutineAddress
+    - KeSetEvent
+    - IoDeleteDevice
+    - RtlSetDaclSecurityDescriptor
+    - PsLookupProcessByProcessId
+    - RtlCreateAcl
+    - IoDeleteSymbolicLink
+    - MmUnmapLockedPages
+    - ExDeleteNPagedLookasideList
+    - ExQueryDepthSList
+    - IoFreeMdl
+    - ExpInterlockedPopEntrySList
+    - KeAcquireInStackQueuedSpinLock
+    - ExpInterlockedPushEntrySList
+    - KeReleaseInStackQueuedSpinLock
+    - ExInitializeNPagedLookasideList
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - ZwOpenKey
+    - ZwClose
+    - RtlInitUnicodeString
+    - __C_specific_handler
+    - FwpsFlowAssociateContext0
+    - FwpsCalloutUnregisterByKey0
+    - FwpmSubLayerAdd0
+    - FwpsQueryPacketInjectionState0
+    - FwpmSubLayerDeleteByKey0
+    - FwpmSubLayerEnum0
+    - FwpmTransactionCommit0
+    - FwpmSubLayerCreateEnumHandle0
+    - FwpmSubLayerDestroyEnumHandle0
+    - FwpmProviderContextDeleteByKey0
+    - FwpmCalloutAdd0
+    - FwpmProviderAdd0
+    - FwpmTransactionAbort0
+    - FwpmEngineOpen0
+    - FwpsAcquireClassifyHandle0
+    - FwpmFilterAdd0
+    - FwpsPendClassify0
+    - FwpsCalloutRegister1
+    - FwpmTransactionBegin0
+    - FwpmEngineClose0
+    - FwpmFreeMemory0
+    - FwpsAcquireWritableLayerDataPointer0
+    - FwpsApplyModifiedLayerData0
+    - FwpsInjectNetworkReceiveAsync0
+    - FwpsFreeCloneNetBufferList0
+    - FwpsInjectionHandleDestroy0
+    - FwpsConstructIpHeaderForTransportPacket0
+    - FwpsAllocateNetBufferAndNetBufferList0
+    - FwpsInjectionHandleCreate0
+    - FwpsInjectTransportReceiveAsync0
+    - FwpsInjectNetworkSendAsync0
+    - FwpsCopyStreamDataToBuffer0
+    - FwpsInjectTransportSendAsync0
+    - FwpsFlowRemoveContext0
+    - FwpsCloneStreamData0
+    - FwpsCompleteClassify0
+    - FwpsStreamInjectAsync0
+    - FwpsReleaseClassifyHandle0
+    - FwpsDiscardClonedStreamData0
+    - FwpmBfeStateGet0
+    - FwpmBfeStateSubscribeChanges0
+    - FwpmBfeStateUnsubscribeChanges0
+    - FwpsFreeNetBufferList0
+    - NdisAllocateGenericObject
+    - NdisWaitEvent
+    - NdisAllocateNetBufferListPool
+    - NdisInitializeEvent
+    - NdisFreeGenericObject
+    - NdisFreeNetBufferListPool
+    - NdisGetDataBuffer
+    - NdisRetreatNetBufferDataStart
+    - NdisAdvanceNetBufferDataStart
+    Imports:
+    - ntoskrnl.exe
+    - fwpkclnt.sys
+    - NDIS.SYS
+    InternalName: netfilter2.sys
+    MD5: 48357f3a359fa9c18f370f177c70298e
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: netfilter2.sys
+    PDBPath: ''
+    Product: "\u65E0\u5FE7\u52A0\u901F\u5668"
+    ProductVersion: 6.1.7600.16385
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: a56ba6fc66a7556100c90b00913a984c
+        SHA1: b236fd12e7887836407fd8ff0acd7192685f3704
+        SHA256: 464507424adf04e3a3c84ab69df0eb8a21f311a35cdf11ad898a50995fbfba19
+    SHA1: 31ba5cc32a59e1915031b1363b7699116dfb1230
+    SHA256: 1cd75de5f54b799b60789696587b56a4a793cf60775b81f236f0e65189d863af
+    Sections:
+        .text:
+            Entropy: 6.242867685753186
+            Virtual Size: '0xd86e'
+        .rdata:
+            Entropy: 5.37002131800132
+            Virtual Size: '0xb44'
+        .data:
+            Entropy: 1.6857744414226499
+            Virtual Size: '0x1598'
+        .pdata:
+            Entropy: 4.530780747243636
+            Virtual Size: '0x690'
+        INIT:
+            Entropy: 5.309039021372289
+            Virtual Size: '0xe64'
+        .rsrc:
+            Entropy: 3.531521158202179
+            Virtual Size: '0x418'
+        .reloc:
+            Entropy: 3.6690718801051645
+            Virtual Size: '0x1ce'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: C=CN, ST=, L=, O=, CN=
+            ValidFrom: '2019-06-27 00:00:00'
+            ValidTo: '2020-06-30 12:00:00'
+            Signature: 03dde89129103227d1e3b60f8112561b8b40ba165d1c9d6867aa730429a5534bb8fd6f9883704c5d2ddc938bbb8477a37ea3e01ecc696079a283e4d2534ca96b5049034c454324abf188ab6536ba0ee6e6f1f194a23363d9198eb829cf68834cd952074413bd9711e39037d0ecdba6ec2c7e2c7b46946c4ebea4ee1b84b7cb6582826da8eeafc5d1e9daf8f777480a7507017a6c485b25d94df9546c4ad4ebba85d79ce89422571b2e03557ba2b0396c4bacb5262e51cde8fe9c46d1f0e5e414757f53f5aded921c117f8c7bcf8caa4acc00b120c7a0a48ea84bd618e65c867d74367ab9f3285929c4f98e587f3620bb066906ffe450a911ded794c508f656a7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 09450b8f73ea43e39d2cdd56049dbe40
+            Version: 3
+            TBS:
+                MD5: bcfecc67375f580ac6eadd789860b1f8
+                SHA1: 3fa9cf13a1816a6e358bb1ca12e050662bc2e178
+                SHA256: fbb627aabbe2b2dbfdddfbad14392049b0d76f8d9679f3d550333b84b20320df
+                SHA384: d496c3920c3ab14a3c79e9bd41351912f045ea3b42ba9ec0cb0b1f778d1178174a831fe89848a8226957f2b6f079f01d
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
+            Version: 3
+            TBS:
+                MD5: 829995f702421dea833a24fb2c7f4442
+                SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
+                SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
+                SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 09450b8f73ea43e39d2cdd56049dbe40
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            Version: 1
+    Imphash: 8e0e7a2f5025b047a8ebd12a87d503fe
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/5af9abf0-d8de-4e9b-8141-e9e97a31901a.yaml b/yaml/5af9abf0-d8de-4e9b-8141-e9e97a31901a.yaml
index bf1e3062f..ac96df384 100644
--- a/yaml/5af9abf0-d8de-4e9b-8141-e9e97a31901a.yaml
+++ b/yaml/5af9abf0-d8de-4e9b-8141-e9e97a31901a.yaml
@@ -1,214 +1,215 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 5af9abf0-d8de-4e9b-8141-e9e97a31901a
+Tags:
+- AsrDrv102.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create AsrDrv102.sys binPath=C:\windows\temp\AsrDrv102.sys type=kernel
-    && sc.exe start AsrDrv102.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/a7c2e7910942dd5e43e2f4eb159bcd2b4e71366e34a68109548b9fb12ac0f7cc.yara
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: 5af9abf0-d8de-4e9b-8141-e9e97a31901a
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: c36c748b4297cedfdc5f38de22a40b5a
-    SHA1: 5f9c7d3552ffa98c9dcf9a9b7ad1263d2ab24a2f
-    SHA256: 11eecf9e6e2447856ed4cf86ee1cb779cfe0672c808bbd5934cf2f09a62d6170
-  Company: ASRock Incorporation
-  Copyright: Copyright (C) 2012 ASRock Incorporation
-  CreationTimestamp: '2015-11-27 20:11:08'
-  Date: ''
-  Description: ASRock IO Driver
-  ExportedFunctions: ''
-  FileVersion: '1.00.00.0000 built by: WinDDK'
-  Filename: AsrDrv102.sys
-  ImportedFunctions:
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - MmFreeContiguousMemorySpecifyCache
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - RtlQueryRegistryValues
-  - MmUnmapIoSpace
-  - IoFreeMdl
-  - MmGetPhysicalAddress
-  - IoBuildAsynchronousFsdRequest
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - IoFreeIrp
-  - RtlCompareMemory
-  - MmUnlockPages
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - MmAllocateContiguousMemorySpecifyCache
-  - IofCallDriver
-  - KeBugCheckEx
-  - ExAllocatePoolWithTag
-  - KeStallExecutionProcessor
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: AsrDrv.sys
-  MD5: 76bb1a4332666222a8e3e1339e267179
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: AsrDrv.sys
-  Product: ASRock IO Driver
-  ProductVersion: 1.00.00.0000
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: a84c01eca8a6ca8e5221dbca3000c16e
-    SHA1: ff0ae5ad07f99ad2ac40b53c5215335a5d84e926
-    SHA256: 961a144592952461a785ff1f4d4f55c4132016b9fbbce3d881edf6131038533b
-  SHA1: 9923c8f1e565a05b3c738d283cf5c0ed61a0b90f
-  SHA256: a7c2e7910942dd5e43e2f4eb159bcd2b4e71366e34a68109548b9fb12ac0f7cc
-  Sections:
-    .text:
-      Entropy: 6.324222497384398
-      Virtual Size: '0x1c58'
-    .rdata:
-      Entropy: 4.638280963908253
-      Virtual Size: '0x264'
-    .data:
-      Entropy: 0.46979092711892695
-      Virtual Size: '0x130'
-    .pdata:
-      Entropy: 3.778294775527596
-      Virtual Size: '0xfc'
-    INIT:
-      Entropy: 5.41793863789468
-      Virtual Size: '0x4d8'
-    .rsrc:
-      Entropy: 3.287296316763299
-      Virtual Size: '0x3a0'
-  Signature:
-  - ASROCK Incorporation
-  - VeriSign Class 3 Code Signing 2010 CA
-  - VeriSign
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=TW, ST=TAIWAN, L=Taipei, O=ASROCK Incorporation, OU=Digital ID Class
-        3 , Microsoft Software Validation v2, CN=ASROCK Incorporation
-      ValidFrom: '2014-03-07 00:00:00'
-      ValidTo: '2017-05-05 23:59:59'
-      Signature: 1a2d36e51fc7012c4b1548f12a0b4dbef774c3662171e0e1779f412648292619a8d74f8603af4fff5516d4859e7a26de9f0f688b2714b64ff296e56165afb0781c9a9dd23220d939c15cc218fe29d63d9ccd12f74127268c027d4041d392cad853e9da0a6d9379ac46efa8fe2099da7c49374b6c416139038143a94cc56334fad15ccbba2a821a22591d2c5b1449999e40af21e4f8280485d02056d904740e5c73a36e30c43376e7dbc8d0ccb7520e4bffc6501d0c0674a684398281b23d7dcb4386721fdece5817c74509fe6cc86751cd28e255dd47de330646d6bfe863fc50c773b90078f0332c3a02539c9e82b5e793c288063f91ed5f2036eb6cd4eae9e0
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03ffdaa3aac322387d7eb98acf9524bf
-      Version: 3
-      TBS:
-        MD5: 987b0fb90b05c0b59ba66fb1527c27e3
-        SHA1: 1b5d5279beed01b2355731588b1a26da29218b55
-        SHA256: b3cd9f313e55fce2d39d25dbe303777e5db9d0c01448dcd9ac70c2355bb5b4ea
-        SHA384: 4bb9546cdd73e2bff4224e021b54318e708c822a1a773a9e7246a46054aba1dd14c1651e8f01f5661b4ff4a3241c32ff
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 03ffdaa3aac322387d7eb98acf9524bf
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 9d7183c1d8107495354c4fad9dae3452
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create AsrDrv102.sys binPath=C:\windows\temp\AsrDrv102.sys type=kernel
+        && sc.exe start AsrDrv102.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://github.com/eclypsium/Screwed-Drivers/blob/master/DRIVERS.md
-Tags:
-- AsrDrv102.sys
-Verified: 'TRUE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/a7c2e7910942dd5e43e2f4eb159bcd2b4e71366e34a68109548b9fb12ac0f7cc.yara
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: c36c748b4297cedfdc5f38de22a40b5a
+        SHA1: 5f9c7d3552ffa98c9dcf9a9b7ad1263d2ab24a2f
+        SHA256: 11eecf9e6e2447856ed4cf86ee1cb779cfe0672c808bbd5934cf2f09a62d6170
+    Company: ASRock Incorporation
+    Copyright: Copyright (C) 2012 ASRock Incorporation
+    CreationTimestamp: '2015-11-27 20:11:08'
+    Date: ''
+    Description: ASRock IO Driver
+    ExportedFunctions: ''
+    FileVersion: '1.00.00.0000 built by: WinDDK'
+    Filename: AsrDrv102.sys
+    ImportedFunctions:
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - MmFreeContiguousMemorySpecifyCache
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - RtlQueryRegistryValues
+    - MmUnmapIoSpace
+    - IoFreeMdl
+    - MmGetPhysicalAddress
+    - IoBuildAsynchronousFsdRequest
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - IoFreeIrp
+    - RtlCompareMemory
+    - MmUnlockPages
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - MmAllocateContiguousMemorySpecifyCache
+    - IofCallDriver
+    - KeBugCheckEx
+    - ExAllocatePoolWithTag
+    - KeStallExecutionProcessor
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: AsrDrv.sys
+    MD5: 76bb1a4332666222a8e3e1339e267179
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: AsrDrv.sys
+    Product: ASRock IO Driver
+    ProductVersion: 1.00.00.0000
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: a84c01eca8a6ca8e5221dbca3000c16e
+        SHA1: ff0ae5ad07f99ad2ac40b53c5215335a5d84e926
+        SHA256: 961a144592952461a785ff1f4d4f55c4132016b9fbbce3d881edf6131038533b
+    SHA1: 9923c8f1e565a05b3c738d283cf5c0ed61a0b90f
+    SHA256: a7c2e7910942dd5e43e2f4eb159bcd2b4e71366e34a68109548b9fb12ac0f7cc
+    Sections:
+        .text:
+            Entropy: 6.324222497384398
+            Virtual Size: '0x1c58'
+        .rdata:
+            Entropy: 4.638280963908253
+            Virtual Size: '0x264'
+        .data:
+            Entropy: 0.46979092711892695
+            Virtual Size: '0x130'
+        .pdata:
+            Entropy: 3.778294775527596
+            Virtual Size: '0xfc'
+        INIT:
+            Entropy: 5.41793863789468
+            Virtual Size: '0x4d8'
+        .rsrc:
+            Entropy: 3.287296316763299
+            Virtual Size: '0x3a0'
+    Signature:
+    - ASROCK Incorporation
+    - VeriSign Class 3 Code Signing 2010 CA
+    - VeriSign
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=TW, ST=TAIWAN, L=Taipei, O=ASROCK Incorporation, OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, CN=ASROCK Incorporation
+            ValidFrom: '2014-03-07 00:00:00'
+            ValidTo: '2017-05-05 23:59:59'
+            Signature: 1a2d36e51fc7012c4b1548f12a0b4dbef774c3662171e0e1779f412648292619a8d74f8603af4fff5516d4859e7a26de9f0f688b2714b64ff296e56165afb0781c9a9dd23220d939c15cc218fe29d63d9ccd12f74127268c027d4041d392cad853e9da0a6d9379ac46efa8fe2099da7c49374b6c416139038143a94cc56334fad15ccbba2a821a22591d2c5b1449999e40af21e4f8280485d02056d904740e5c73a36e30c43376e7dbc8d0ccb7520e4bffc6501d0c0674a684398281b23d7dcb4386721fdece5817c74509fe6cc86751cd28e255dd47de330646d6bfe863fc50c773b90078f0332c3a02539c9e82b5e793c288063f91ed5f2036eb6cd4eae9e0
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03ffdaa3aac322387d7eb98acf9524bf
+            Version: 3
+            TBS:
+                MD5: 987b0fb90b05c0b59ba66fb1527c27e3
+                SHA1: 1b5d5279beed01b2355731588b1a26da29218b55
+                SHA256: b3cd9f313e55fce2d39d25dbe303777e5db9d0c01448dcd9ac70c2355bb5b4ea
+                SHA384: 4bb9546cdd73e2bff4224e021b54318e708c822a1a773a9e7246a46054aba1dd14c1651e8f01f5661b4ff4a3241c32ff
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 03ffdaa3aac322387d7eb98acf9524bf
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 9d7183c1d8107495354c4fad9dae3452
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/5c45ae9e-cb6f-4eab-a070-b0187202e080.yaml b/yaml/5c45ae9e-cb6f-4eab-a070-b0187202e080.yaml
index 4d1de3d64..1adde2e25 100644
--- a/yaml/5c45ae9e-cb6f-4eab-a070-b0187202e080.yaml
+++ b/yaml/5c45ae9e-cb6f-4eab-a070-b0187202e080.yaml
@@ -1,163 +1,163 @@
 Id: 5c45ae9e-cb6f-4eab-a070-b0187202e080
+Tags:
+- amigendrv64.sys
+Verified: 'TRUE'
 Author: Nasreddine Bencherchali
 Created: '2023-05-06'
 MitreID: T1068
 Category: vulnerable driver
-Verified: 'TRUE'
 Commands:
-  Command: sc.exe create amigendrv64.sys binPath=C:\windows\temp\amigendrv64.sys type=kernel
-    && sc.exe start amigendrv64.sys
-  Description: ''
-  Usecase: Elevate privileges
-  Privileges: kernel
-  OperatingSystem: Windows 10
+    Command: sc.exe create amigendrv64.sys binPath=C:\windows\temp\amigendrv64.sys
+        type=kernel && sc.exe start amigendrv64.sys
+    Description: ''
+    Usecase: Elevate privileges
+    Privileges: kernel
+    OperatingSystem: Windows 10
 Resources:
 - Internal Research
-Acknowledgement:
-  Person: ''
-  Handle: ''
 Detection: []
+Acknowledgement:
+    Person: ''
+    Handle: ''
 KnownVulnerableSamples:
-- Filename: amigendrv64.sys
-  MD5: 32365e3e64d28cc94756ac9a09b67f06
-  SHA1: d48757b74eff02255f74614f35aa27abbe3f72c7
-  SHA256: 09043c51719d4bf6405c9a7a292bb9bb3bcc782f639b708ddcc4eedb5e5c9ce9
-  Authentihash:
-    MD5: 50ce9def1a59a6ec02ac018e8e42b9e1
-    SHA1: 64e1b960b4fd0b597e36f3986abd37cca8ebd230
-    SHA256: e4dbc382c21b4b14b54d37b2fd86e12a7637f177ba4170e19ffde3584ec48e6c
-  Description: ''
-  Company: ''
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  Product: ''
-  ProductVersion: ''
-  Copyright: ''
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  - WDFLDR.SYS
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoAllocateMdl
-  - IoFreeMdl
-  - MmGetPhysicalAddress
-  - RtlInitUnicodeString
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - KeLowerIrql
-  - KfRaiseIrql
-  - MmMapIoSpace
-  - MmUnmapIoSpace
-  - MmFreeContiguousMemory
-  - ZwClose
-  - ZwOpenSection
-  - ZwMapViewOfSection
-  - ExFreePoolWithTag
-  - MmGetSystemRoutineAddress
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - MmAllocateContiguousMemory
-  - MmUnmapLockedPages
-  - MmMapLockedPagesSpecifyCache
-  - RtlCopyUnicodeString
-  - DbgPrintEx
-  - MmBuildMdlForNonPagedPool
-  - RtlCompareMemory
-  - ObReferenceObjectByHandle
-  - RtlGetVersion
-  - HalTranslateBusAddress
-  - WdfVersionBind
-  - WdfVersionUnbind
-  - WdfVersionUnbindClass
-  - WdfVersionBindClass
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: serialNumber=7155083, ??=US, ??=Delaware, ??=Private Organization,
-        C=US, postalCode=30093, ST=Georgia, L=Norcross, ??=5555 Oakbrook Parkway Suite
-        200, O=AMI US HOLDINGS INC, CN=AMI US HOLDINGS INC
-      ValidFrom: '2020-09-21 00:00:00'
-      ValidTo: '2023-09-21 23:59:59'
-      Signature: 0aa1219fe537cf6f85a9144e7017472eed1f32156a449a50e02ed4cf73ebbf72698577f35aa306a2f80a3fe97215d89040d8ba197aa4c4fd3ae28a87b8728efc279f9685828da2d807bcdc83301fad324a131e79f26855abe6fd0e37604d5c34f27012c2d6ba21be1b268ca621fc1bd0b4bf08d7bf549653613f5b8ae6f1d2a4e34fae1a8e13cbb90f7b9e94ed50487e4d6645e29beb5fd5373e4e0ac8b48bb1566e2da8b0cf424c3ae93e4f75ab7887d8df5bb0b7cbaf623b092f69c58ea8936bbe008b66c1e1a08169893c8dee549bc847412ce9f789697109376b1cb8b7bc737f5fd522e9d330a7ecdbf9c1e4c0ac5a8368a6aa413a19084bc5bc1135ef60
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 00b9963758ead236c6e15cd48ba5433aae
-      Version: 3
-      TBS:
-        MD5: fad04f09614b2237bc7ff05ed3d6af76
-        SHA1: 44f498abb05904d7e8e4cc8808e234e9db1fc883
-        SHA256: e45364f3f083ba191106e672effe0fd50276e7ac702e4b64c1a38afda3457500
-        SHA384: 109d3e0daa1186226363d2d160577e329cc8425b12af9eab517373425c94ea8cb77392c2f5b0a5eeec7b4ddbe9712fb1
-    - Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO
-        RSA Extended Validation Code Signing CA
-      ValidFrom: '2014-12-03 00:00:00'
-      ValidTo: '2029-12-02 23:59:59'
-      Signature: 664eecb716776f11e81b5d6a4ed9f28b6cb15628408bc031c49948233df80ee88097ef6d200b1f13c486fb173415e18e54f7c2b8007315e028d9dabafa8254c2f7ebbfc336d0309fe5a11c94dfef7ce8f62c78a2accf266a15a11531d6313498bd534fc48483a3c4965c3dd8fed6f954ff67936df83e2b6b2ca2087c5648813218b26eac90c1dbe4de398b86e5c7184059a4df9647bab27fb1f8570f858074380e3a58621efe52e3e6ae530986fe8f9bdb5656cc07b089c104f1530b6c6f77ecb21fecf65b4043600f1bab1854b410048ef80ee9cb83b17af2344e6a544ce9832ae9b030251cce628e0eeb85e629feb14ae3f2ae3c91f54ca1bec8170e5cbb424de31a8a92cd3e207edde975b1ea1f745c9e54c29437b261dd0716597f968016e099b5d26eb0c9230615acd123f4338bce75f0c186d3ffe12efa904ffe46f9bbdb4fbbb7fed10d2b04f1d2d195852c8a2eb88556f2c38452a1e933b1eb50c8a1b09fe3c38b3a879ee755d3d36d3417300d68220bd5b9ed733572c3eda737cde343ae45cd34bf28ca8762ed43a4affacb31cb215861465eb6c67aa61e532aa8f85c511f3a5a100f28c0e4748b74c604aaf84b26280a3289db9d2a60716ac3964e16b963bf6195678c4b2ebbb04e83e94d31e58e2722f53c267b4491d3d45af0d37cf438be149a990e8bb15beae48b0f119d7742821c5c3ad4daab882f8d573054
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.12
-      IsCertificateAuthority: true
-      SerialNumber: 6dd472eb02ae0406e3dd843f5fe145e1
-      Version: 3
-      TBS:
-        MD5: e3898a5cae592360ce7bfdf5ff3fb13f
-        SHA1: 217c51b90dbb7f0528e8ba170d227f647fbc995b
-        SHA256: 3a9b4006a9e125b4458344389c86dfb4f6728848b9871654c615a138514d02ec
-        SHA384: fcd8dd15125f14b84fec55838806355ec3787407188bac83c2c0d6c841adf9ac76ee83eccc5c9463f1f88fc5295a31ee
-    - Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO
-        RSA Certification Authority
-      ValidFrom: '2011-04-11 22:06:20'
-      ValidTo: '2021-04-11 22:16:20'
-      Signature: 81980792fe6f325fd9d24bf57dd971e0fdfc169205b4ce67f5cc4bd4c7109854fa521b48582f73bf19d937a0ad33f351052379d9b277648aebbdc3b39db7b1e637d1d2597e41d98fb314ab15774d6cda40245bb207b8582c4b0c2b5351b3df2eb976ac69c9c2ed64377b8d217accdc9fbc172804cc2547242a85cc56e639398775181f46f6910faa46fa4de64754e2322c76eefbcdbd62e1962429064b0cfe344ae9101d74e57a2f954bcc6ebafdd7355f91e45942defb008e08f151512d62258415081911864061d52553232c297738cc58d38c5fbc19b866064c6310dbb2ac306c16bc8bbcd21bc603131546a550f49a9684bb721038db519ad4c55327cbbf28159e086b3d3f4cc00c911cbf19848b3751a0199d8555c55da56479ef10a5ebf4231cda6fe32e7d17b037761f4d8dc102411f363e067bc5b7602d416251dedde4512da7de81f4c3e0e0e9c31680dd9c497d17cfcb556307d66952f4a49d248dbe1bc98099874548cb49c5ed703500267ca70f7532f7ed088ff0bca560a022d5331efbe5022c95a607f4be14de704c8ea97e41dea9d95064866f9424f7abf683955d0d45d18c238c030a13e40eb943030a4367b3107446e46dbd65de4541867072040bbaddba591f571393b00bedb1144169d3090459c7368e7db64b9df120fcd0f18bbd68ca3eb131cf43d066f5a3ddafb1dcc3178cfa3128c73e4927ab6a1b
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: '61185486000000000024'
-      Version: 3
-      TBS:
-        MD5: ad73330abdd8883ba17ac2572100221e
-        SHA1: 3770402ce3d71f9823386167aa35a7c862f409d3
-        SHA256: 04bc415adcb4ef7df32b9dfe199d92a4078cbd132fd5173961211e7f75385491
-        SHA384: a6c44d9022b3fb3e679acfa266bd26c0bf6a20bb244ef486c04b55539b10ddaa4894c4e0420dfdd025850c5094bb23d1
-    Signer:
-    - SerialNumber: 00b9963758ead236c6e15cd48ba5433aae
-      Issuer: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO
-        RSA Extended Validation Code Signing CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 9ac80629b285224316ada4697cba3cc0
-    SHA1: 3940db6ddf0ca08f2e43d0c64f6b31dd5837c648
-    SHA256: bb5ad1350da2ac8b4f7dbebfee7393782406ea5abe309dea5e588098e11307c3
-  Sections:
-    .text:
-      Entropy: 6.317753531025091
-      Virtual Size: '0x25ee'
-    .rdata:
-      Entropy: 5.053084095677546
-      Virtual Size: '0xc24'
-    .data:
-      Entropy: 0.95719838068206
-      Virtual Size: '0x5e8'
-    .pdata:
-      Entropy: 4.060865402781111
-      Virtual Size: '0x210'
-    PAGE:
-      Entropy: 5.759523183434064
-      Virtual Size: '0x175'
-    INIT:
-      Entropy: 4.954930803750682
-      Virtual Size: '0x4d6'
-    .reloc:
-      Entropy: 3.003055907333275
-      Virtual Size: '0x28'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2022-05-17 04:01:28'
-  Imphash: 1f2627fc453dc35031a9502372bd3549
-  LoadsDespiteHVCI: 'TRUE'
-Tags:
-- amigendrv64.sys
+-   Filename: amigendrv64.sys
+    MD5: 32365e3e64d28cc94756ac9a09b67f06
+    SHA1: d48757b74eff02255f74614f35aa27abbe3f72c7
+    SHA256: 09043c51719d4bf6405c9a7a292bb9bb3bcc782f639b708ddcc4eedb5e5c9ce9
+    Authentihash:
+        MD5: 50ce9def1a59a6ec02ac018e8e42b9e1
+        SHA1: 64e1b960b4fd0b597e36f3986abd37cca8ebd230
+        SHA256: e4dbc382c21b4b14b54d37b2fd86e12a7637f177ba4170e19ffde3584ec48e6c
+    Description: ''
+    Company: ''
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    Product: ''
+    ProductVersion: ''
+    Copyright: ''
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    - WDFLDR.SYS
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoAllocateMdl
+    - IoFreeMdl
+    - MmGetPhysicalAddress
+    - RtlInitUnicodeString
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - KeLowerIrql
+    - KfRaiseIrql
+    - MmMapIoSpace
+    - MmUnmapIoSpace
+    - MmFreeContiguousMemory
+    - ZwClose
+    - ZwOpenSection
+    - ZwMapViewOfSection
+    - ExFreePoolWithTag
+    - MmGetSystemRoutineAddress
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - MmAllocateContiguousMemory
+    - MmUnmapLockedPages
+    - MmMapLockedPagesSpecifyCache
+    - RtlCopyUnicodeString
+    - DbgPrintEx
+    - MmBuildMdlForNonPagedPool
+    - RtlCompareMemory
+    - ObReferenceObjectByHandle
+    - RtlGetVersion
+    - HalTranslateBusAddress
+    - WdfVersionBind
+    - WdfVersionUnbind
+    - WdfVersionUnbindClass
+    - WdfVersionBindClass
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: serialNumber=7155083, ??=US, ??=Delaware, ??=Private Organization,
+                C=US, postalCode=30093, ST=Georgia, L=Norcross, ??=5555 Oakbrook Parkway
+                Suite 200, O=AMI US HOLDINGS INC, CN=AMI US HOLDINGS INC
+            ValidFrom: '2020-09-21 00:00:00'
+            ValidTo: '2023-09-21 23:59:59'
+            Signature: 0aa1219fe537cf6f85a9144e7017472eed1f32156a449a50e02ed4cf73ebbf72698577f35aa306a2f80a3fe97215d89040d8ba197aa4c4fd3ae28a87b8728efc279f9685828da2d807bcdc83301fad324a131e79f26855abe6fd0e37604d5c34f27012c2d6ba21be1b268ca621fc1bd0b4bf08d7bf549653613f5b8ae6f1d2a4e34fae1a8e13cbb90f7b9e94ed50487e4d6645e29beb5fd5373e4e0ac8b48bb1566e2da8b0cf424c3ae93e4f75ab7887d8df5bb0b7cbaf623b092f69c58ea8936bbe008b66c1e1a08169893c8dee549bc847412ce9f789697109376b1cb8b7bc737f5fd522e9d330a7ecdbf9c1e4c0ac5a8368a6aa413a19084bc5bc1135ef60
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 00b9963758ead236c6e15cd48ba5433aae
+            Version: 3
+            TBS:
+                MD5: fad04f09614b2237bc7ff05ed3d6af76
+                SHA1: 44f498abb05904d7e8e4cc8808e234e9db1fc883
+                SHA256: e45364f3f083ba191106e672effe0fd50276e7ac702e4b64c1a38afda3457500
+                SHA384: 109d3e0daa1186226363d2d160577e329cc8425b12af9eab517373425c94ea8cb77392c2f5b0a5eeec7b4ddbe9712fb1
+        -   Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited,
+                CN=COMODO RSA Extended Validation Code Signing CA
+            ValidFrom: '2014-12-03 00:00:00'
+            ValidTo: '2029-12-02 23:59:59'
+            Signature: 664eecb716776f11e81b5d6a4ed9f28b6cb15628408bc031c49948233df80ee88097ef6d200b1f13c486fb173415e18e54f7c2b8007315e028d9dabafa8254c2f7ebbfc336d0309fe5a11c94dfef7ce8f62c78a2accf266a15a11531d6313498bd534fc48483a3c4965c3dd8fed6f954ff67936df83e2b6b2ca2087c5648813218b26eac90c1dbe4de398b86e5c7184059a4df9647bab27fb1f8570f858074380e3a58621efe52e3e6ae530986fe8f9bdb5656cc07b089c104f1530b6c6f77ecb21fecf65b4043600f1bab1854b410048ef80ee9cb83b17af2344e6a544ce9832ae9b030251cce628e0eeb85e629feb14ae3f2ae3c91f54ca1bec8170e5cbb424de31a8a92cd3e207edde975b1ea1f745c9e54c29437b261dd0716597f968016e099b5d26eb0c9230615acd123f4338bce75f0c186d3ffe12efa904ffe46f9bbdb4fbbb7fed10d2b04f1d2d195852c8a2eb88556f2c38452a1e933b1eb50c8a1b09fe3c38b3a879ee755d3d36d3417300d68220bd5b9ed733572c3eda737cde343ae45cd34bf28ca8762ed43a4affacb31cb215861465eb6c67aa61e532aa8f85c511f3a5a100f28c0e4748b74c604aaf84b26280a3289db9d2a60716ac3964e16b963bf6195678c4b2ebbb04e83e94d31e58e2722f53c267b4491d3d45af0d37cf438be149a990e8bb15beae48b0f119d7742821c5c3ad4daab882f8d573054
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.12
+            IsCertificateAuthority: true
+            SerialNumber: 6dd472eb02ae0406e3dd843f5fe145e1
+            Version: 3
+            TBS:
+                MD5: e3898a5cae592360ce7bfdf5ff3fb13f
+                SHA1: 217c51b90dbb7f0528e8ba170d227f647fbc995b
+                SHA256: 3a9b4006a9e125b4458344389c86dfb4f6728848b9871654c615a138514d02ec
+                SHA384: fcd8dd15125f14b84fec55838806355ec3787407188bac83c2c0d6c841adf9ac76ee83eccc5c9463f1f88fc5295a31ee
+        -   Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited,
+                CN=COMODO RSA Certification Authority
+            ValidFrom: '2011-04-11 22:06:20'
+            ValidTo: '2021-04-11 22:16:20'
+            Signature: 81980792fe6f325fd9d24bf57dd971e0fdfc169205b4ce67f5cc4bd4c7109854fa521b48582f73bf19d937a0ad33f351052379d9b277648aebbdc3b39db7b1e637d1d2597e41d98fb314ab15774d6cda40245bb207b8582c4b0c2b5351b3df2eb976ac69c9c2ed64377b8d217accdc9fbc172804cc2547242a85cc56e639398775181f46f6910faa46fa4de64754e2322c76eefbcdbd62e1962429064b0cfe344ae9101d74e57a2f954bcc6ebafdd7355f91e45942defb008e08f151512d62258415081911864061d52553232c297738cc58d38c5fbc19b866064c6310dbb2ac306c16bc8bbcd21bc603131546a550f49a9684bb721038db519ad4c55327cbbf28159e086b3d3f4cc00c911cbf19848b3751a0199d8555c55da56479ef10a5ebf4231cda6fe32e7d17b037761f4d8dc102411f363e067bc5b7602d416251dedde4512da7de81f4c3e0e0e9c31680dd9c497d17cfcb556307d66952f4a49d248dbe1bc98099874548cb49c5ed703500267ca70f7532f7ed088ff0bca560a022d5331efbe5022c95a607f4be14de704c8ea97e41dea9d95064866f9424f7abf683955d0d45d18c238c030a13e40eb943030a4367b3107446e46dbd65de4541867072040bbaddba591f571393b00bedb1144169d3090459c7368e7db64b9df120fcd0f18bbd68ca3eb131cf43d066f5a3ddafb1dcc3178cfa3128c73e4927ab6a1b
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: '61185486000000000024'
+            Version: 3
+            TBS:
+                MD5: ad73330abdd8883ba17ac2572100221e
+                SHA1: 3770402ce3d71f9823386167aa35a7c862f409d3
+                SHA256: 04bc415adcb4ef7df32b9dfe199d92a4078cbd132fd5173961211e7f75385491
+                SHA384: a6c44d9022b3fb3e679acfa266bd26c0bf6a20bb244ef486c04b55539b10ddaa4894c4e0420dfdd025850c5094bb23d1
+        Signer:
+        -   SerialNumber: 00b9963758ead236c6e15cd48ba5433aae
+            Issuer: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO
+                RSA Extended Validation Code Signing CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 9ac80629b285224316ada4697cba3cc0
+        SHA1: 3940db6ddf0ca08f2e43d0c64f6b31dd5837c648
+        SHA256: bb5ad1350da2ac8b4f7dbebfee7393782406ea5abe309dea5e588098e11307c3
+    Sections:
+        .text:
+            Entropy: 6.317753531025091
+            Virtual Size: '0x25ee'
+        .rdata:
+            Entropy: 5.053084095677546
+            Virtual Size: '0xc24'
+        .data:
+            Entropy: 0.95719838068206
+            Virtual Size: '0x5e8'
+        .pdata:
+            Entropy: 4.060865402781111
+            Virtual Size: '0x210'
+        PAGE:
+            Entropy: 5.759523183434064
+            Virtual Size: '0x175'
+        INIT:
+            Entropy: 4.954930803750682
+            Virtual Size: '0x4d6'
+        .reloc:
+            Entropy: 3.003055907333275
+            Virtual Size: '0x28'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2022-05-17 04:01:28'
+    Imphash: 1f2627fc453dc35031a9502372bd3549
+    LoadsDespiteHVCI: 'TRUE'
diff --git a/yaml/5d3f0b7d-7413-48e6-8d9c-7fc0bb5a66ee.yaml b/yaml/5d3f0b7d-7413-48e6-8d9c-7fc0bb5a66ee.yaml
index 99ea58caf..edc12706a 100644
--- a/yaml/5d3f0b7d-7413-48e6-8d9c-7fc0bb5a66ee.yaml
+++ b/yaml/5d3f0b7d-7413-48e6-8d9c-7fc0bb5a66ee.yaml
@@ -1,35 +1,35 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 5d3f0b7d-7413-48e6-8d9c-7fc0bb5a66ee
+Tags:
+- Proxy64.sys
+Verified: 'FALSE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create Proxy64.sys binPath=C:\windows\temp\Proxy64.sys type=kernel
-    && sc.exe start Proxy64.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection: []
-Id: 5d3f0b7d-7413-48e6-8d9c-7fc0bb5a66ee
-KnownVulnerableSamples:
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: Proxy64.sys
-  MachineType: ''
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA256: c60fcff9c8e5243bbb22ec94618b9dcb02c59bb49b90c04d7d6ab3ebbd58dc3a
-  Signature: []
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create Proxy64.sys binPath=C:\windows\temp\Proxy64.sys type=kernel
+        && sc.exe start Proxy64.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules
-Tags:
-- Proxy64.sys
-Verified: 'FALSE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: Proxy64.sys
+    MachineType: ''
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA256: c60fcff9c8e5243bbb22ec94618b9dcb02c59bb49b90c04d7d6ab3ebbd58dc3a
+    Signature: []
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/5f70bde4-9f81-44a8-9d3e-c6c7cf65bfae.yaml b/yaml/5f70bde4-9f81-44a8-9d3e-c6c7cf65bfae.yaml
index 06b74b035..e6251f5e1 100644
--- a/yaml/5f70bde4-9f81-44a8-9d3e-c6c7cf65bfae.yaml
+++ b/yaml/5f70bde4-9f81-44a8-9d3e-c6c7cf65bfae.yaml
@@ -1,194 +1,195 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 5f70bde4-9f81-44a8-9d3e-c6c7cf65bfae
+Tags:
+- PanIO.sys
+Verified: 'FALSE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create PanIO.sys binPath=C:\windows\temp\PanIO.sys type=kernel &&
-    sc.exe start PanIO.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/f596e64f4c5d7c37a00493728d8756b243cfdc11e3372d6d6dfeffc13c9ab960.yara
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: 5f70bde4-9f81-44a8-9d3e-c6c7cf65bfae
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 5af91c612918020b1dbc829a040d1c88
-    SHA1: b65163db28ef590620b8966f14ec78fe7788ac6c
-    SHA256: f246b9d22b3ffe15f2e97f306d049020f38ed162150c97d7a72e3ae0b22c79ad
-  Company: Pan Yazilim Bilisim Teknolojileri Tic. Ltd. Sti.
-  Copyright: Copyright (c) 2012-2014 Pan Yazilim Bilisim Teknolojileri Tic. Ltd. Sti.
-  CreationTimestamp: '2014-04-17 03:16:02'
-  Date: ''
-  Description: Temperature and system information driver
-  ExportedFunctions: ''
-  FileVersion: 1.0.0.0
-  Filename: PanIO.sys
-  ImportedFunctions:
-  - IoCreateSymbolicLink
-  - IofCompleteRequest
-  - KeTickCount
-  - MmMapIoSpace
-  - READ_REGISTER_BUFFER_ULONG
-  - READ_REGISTER_BUFFER_USHORT
-  - READ_REGISTER_BUFFER_UCHAR
-  - MmUnmapIoSpace
-  - RtlInitUnicodeString
-  - IoDeleteSymbolicLink
-  - IoCreateDevice
-  - IoDeleteDevice
-  - RtlUnwind
-  - KeBugCheckEx
-  - HalGetBusDataByOffset
-  - WRITE_PORT_ULONG
-  - WRITE_PORT_USHORT
-  - WRITE_PORT_UCHAR
-  - READ_PORT_ULONG
-  - READ_PORT_USHORT
-  - READ_PORT_UCHAR
-  - HalSetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: PanIO.sys
-  MD5: 9a9dbf5107848c254381be67a4c1b1dd
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: PanIO.sys
-  Product: PanIO Library
-  ProductVersion: 1.0.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 2e6ea3eb6f48633d555a0e6df8ead1e9
-    SHA1: b9921c63b614c38dc908cf1c11b22b78a9c82826
-    SHA256: fff270d0855ef3c64f1402738ef13b087b16bb314171df7b034a08e0e68188e1
-  SHA1: 291b4a88ffd2ac1d6bf812ecaedc2d934dc503cb
-  SHA256: f596e64f4c5d7c37a00493728d8756b243cfdc11e3372d6d6dfeffc13c9ab960
-  Sections:
-    .text:
-      Entropy: 6.179288185094535
-      Virtual Size: '0xa5e'
-    .rdata:
-      Entropy: 3.8869044254025407
-      Virtual Size: '0x184'
-    .data:
-      Entropy: 2.9182958340544896
-      Virtual Size: '0xc'
-    INIT:
-      Entropy: 5.419560949940823
-      Virtual Size: '0x2ce'
-    .rsrc:
-      Entropy: 3.297140059126458
-      Virtual Size: '0x438'
-    .reloc:
-      Entropy: 4.760561279911706
-      Virtual Size: '0xbc'
-  Signature:
-  - PAN YAZILIM BILISIM TEKNOLOJILERI TICARET LTD. STI.
-  - GlobalSign CodeSigning CA - G2
-  - GlobalSign
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Timestamping CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2028-01-28 12:00:00'
-      Signature: 4e5e56901e46b4d94931f3bb1739281bc216ddfd41dc0905049b6fb2a29ad6992e40990055b5ea3fa52076d38634d417cc553ac782eeefa8babcd8069f1550dfcd167b523a02d7191afdaff0785ce04bc518df3a241edaacb8a95804020730dbb0125efe31bef00448f4f070f83a5e5683cf3dfb0dbcf4c5ed979db9d4dba52784e3389b8ba735864420a43b6da46a0ba183fd28ebdaef28f6cc885dfb0a3b00abe021ebe22f356c0f8e344597eba2f79933357ecb9a8abb454de73f9fc2d98afa65b26ec77e65ffe892e12c31a2f7b02736488f266f3bee4d761f79c3e57f9635bc2d0ecc01b08e7fff518080a792d4b34446648c874f166307314b63b0dff3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee152d7
-      Version: 3
-      TBS:
-        MD5: e140543fe3256027cfa79fc3c19c1776
-        SHA1: c655f94eb1ecc93de319fc0c9a2dc6c5ec063728
-        SHA256: 3ca71e85908ff67368e4dc00253f5691b9e6d50c966e7784143d75fb92aa3448
-        SHA384: d9d366f9328f2b55ee19a32cc5fd5148b81d764282fe5dc196c872ae249caa51d2c212ef39f33945dfe0cda81925e326
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=SG, O=GMO GlobalSign Pte Ltd, CN=GlobalSign TSA for MS Authenticode
-        , G1
-      ValidFrom: '2013-08-23 00:00:00'
-      ValidTo: '2024-09-23 00:00:00'
-      Signature: 0231142e5857644185e8af12753c881cc35eec2ce9a13cf5baaa531db9d12963dc436786d439dadec6c9ffbe4585f4a4d7c151ea18ee40585ee67bcca241291338c8ea21169cce90a62efba6cad994df401df902182bbef65d4f9fff9a48dbc50509ca80cea0f9dc4bc323e6038fb4b4af5b71296191181a6b7af2fd0dd1cd7d5e98ebba705ee5f4ea43de353dc514818adb3e105ebb72faa1a093ab031cc1653c91138b045d2bc4b9161bcc55c50ce8abe743c9b28328a5531347ab3964b91cea3430b176009521f1d43da8fda00032d76e983ca69c3b0b83becbb8bb2a268c59b8b9aeaf26ace234a2dc210d810b3813f745a3e3dbc4aca16d1bb7e5615cd7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1121405c1f0ed258882be54d8686ba11ea45
-      Version: 3
-      TBS:
-        MD5: b95cbc184d388718612d5933f7b36770
-        SHA1: ff124c5d160710720108616ffee99bbe090ed363
-        SHA256: 13027620255363f07bbf85ae7d0dc06c07d8b0f4368b12f983ee3f4fce605733
-        SHA384: f42ed00f615f2822dcd3d33794477428afb52ddab932ebcde3586f92a27e18f9faba6b3334ca4e59e0cb24bdbf8395a6
-    - Subject: C=TR, ST=ISTANBUL, O=PAN YAZILIM BILISIM TEKNOLOJILERI TICARET LTD.
-        STI., CN=PAN YAZILIM BILISIM TEKNOLOJILERI TICARET LTD. STI.
-      ValidFrom: '2014-04-15 15:12:40'
-      ValidTo: '2015-04-15 10:41:35'
-      Signature: 80c106b241d9ce3836aa7f9cace1ff4019c000e7010613722cb52e25e706045117d0fc96252e9dcea3fbc685222c39fca608d772e3f15cb43d550686265d301bbdc1e45ce75db149dff45be1adb71ee24385407afac778ede4e047359e64e06d29b5bdab18517dd5751cd255bd05600be47f4774be0c97666d5afe6aa64ee53ee9083e0587fd5a2b3767733fd5c1eb58364c4e8823db789da3d0157eb468805f3a0032103e65265ee45cd7181abfb3583d8d3b20d4f6f0a010c0bf01a2d82df1c3a22220e712d83b067aec59990117b623cda1a344a7584fb74145df822b2a709b3ca47a45fd4822d3bcd1691b18ddbb64b7daa42dd63664d796fbf2fc7474ba
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1121506480253469e07e54ee8612041fbb92
-      Version: 3
-      TBS:
-        MD5: f56d9ee0c69c7569e5c15b486bca6e2e
-        SHA1: 819ca6276ed76625e86bb6def0d45f61d37c8975
-        SHA256: b3b13c549110379d1141116de140cad748fb8345208cd31eb2443850a529b53b
-        SHA384: 2f15812fb4c9bba4d8ae7916fa4ffc9ad0a69724d77dc564c89b1e5df3e98b8797b63fcafe68eef9acf1d8817e9988cf
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 1121506480253469e07e54ee8612041fbb92
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 7cf815757705e26b809574488ed56d0e
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create PanIO.sys binPath=C:\windows\temp\PanIO.sys type=kernel
+        && sc.exe start PanIO.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules
-Tags:
-- PanIO.sys
-Verified: 'FALSE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/f596e64f4c5d7c37a00493728d8756b243cfdc11e3372d6d6dfeffc13c9ab960.yara
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 5af91c612918020b1dbc829a040d1c88
+        SHA1: b65163db28ef590620b8966f14ec78fe7788ac6c
+        SHA256: f246b9d22b3ffe15f2e97f306d049020f38ed162150c97d7a72e3ae0b22c79ad
+    Company: Pan Yazilim Bilisim Teknolojileri Tic. Ltd. Sti.
+    Copyright: Copyright (c) 2012-2014 Pan Yazilim Bilisim Teknolojileri Tic. Ltd.
+        Sti.
+    CreationTimestamp: '2014-04-17 03:16:02'
+    Date: ''
+    Description: Temperature and system information driver
+    ExportedFunctions: ''
+    FileVersion: 1.0.0.0
+    Filename: PanIO.sys
+    ImportedFunctions:
+    - IoCreateSymbolicLink
+    - IofCompleteRequest
+    - KeTickCount
+    - MmMapIoSpace
+    - READ_REGISTER_BUFFER_ULONG
+    - READ_REGISTER_BUFFER_USHORT
+    - READ_REGISTER_BUFFER_UCHAR
+    - MmUnmapIoSpace
+    - RtlInitUnicodeString
+    - IoDeleteSymbolicLink
+    - IoCreateDevice
+    - IoDeleteDevice
+    - RtlUnwind
+    - KeBugCheckEx
+    - HalGetBusDataByOffset
+    - WRITE_PORT_ULONG
+    - WRITE_PORT_USHORT
+    - WRITE_PORT_UCHAR
+    - READ_PORT_ULONG
+    - READ_PORT_USHORT
+    - READ_PORT_UCHAR
+    - HalSetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: PanIO.sys
+    MD5: 9a9dbf5107848c254381be67a4c1b1dd
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: PanIO.sys
+    Product: PanIO Library
+    ProductVersion: 1.0.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 2e6ea3eb6f48633d555a0e6df8ead1e9
+        SHA1: b9921c63b614c38dc908cf1c11b22b78a9c82826
+        SHA256: fff270d0855ef3c64f1402738ef13b087b16bb314171df7b034a08e0e68188e1
+    SHA1: 291b4a88ffd2ac1d6bf812ecaedc2d934dc503cb
+    SHA256: f596e64f4c5d7c37a00493728d8756b243cfdc11e3372d6d6dfeffc13c9ab960
+    Sections:
+        .text:
+            Entropy: 6.179288185094535
+            Virtual Size: '0xa5e'
+        .rdata:
+            Entropy: 3.8869044254025407
+            Virtual Size: '0x184'
+        .data:
+            Entropy: 2.9182958340544896
+            Virtual Size: '0xc'
+        INIT:
+            Entropy: 5.419560949940823
+            Virtual Size: '0x2ce'
+        .rsrc:
+            Entropy: 3.297140059126458
+            Virtual Size: '0x438'
+        .reloc:
+            Entropy: 4.760561279911706
+            Virtual Size: '0xbc'
+    Signature:
+    - PAN YAZILIM BILISIM TEKNOLOJILERI TICARET LTD. STI.
+    - GlobalSign CodeSigning CA - G2
+    - GlobalSign
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Timestamping CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2028-01-28 12:00:00'
+            Signature: 4e5e56901e46b4d94931f3bb1739281bc216ddfd41dc0905049b6fb2a29ad6992e40990055b5ea3fa52076d38634d417cc553ac782eeefa8babcd8069f1550dfcd167b523a02d7191afdaff0785ce04bc518df3a241edaacb8a95804020730dbb0125efe31bef00448f4f070f83a5e5683cf3dfb0dbcf4c5ed979db9d4dba52784e3389b8ba735864420a43b6da46a0ba183fd28ebdaef28f6cc885dfb0a3b00abe021ebe22f356c0f8e344597eba2f79933357ecb9a8abb454de73f9fc2d98afa65b26ec77e65ffe892e12c31a2f7b02736488f266f3bee4d761f79c3e57f9635bc2d0ecc01b08e7fff518080a792d4b34446648c874f166307314b63b0dff3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee152d7
+            Version: 3
+            TBS:
+                MD5: e140543fe3256027cfa79fc3c19c1776
+                SHA1: c655f94eb1ecc93de319fc0c9a2dc6c5ec063728
+                SHA256: 3ca71e85908ff67368e4dc00253f5691b9e6d50c966e7784143d75fb92aa3448
+                SHA384: d9d366f9328f2b55ee19a32cc5fd5148b81d764282fe5dc196c872ae249caa51d2c212ef39f33945dfe0cda81925e326
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=SG, O=GMO GlobalSign Pte Ltd, CN=GlobalSign TSA for MS Authenticode
+                , G1
+            ValidFrom: '2013-08-23 00:00:00'
+            ValidTo: '2024-09-23 00:00:00'
+            Signature: 0231142e5857644185e8af12753c881cc35eec2ce9a13cf5baaa531db9d12963dc436786d439dadec6c9ffbe4585f4a4d7c151ea18ee40585ee67bcca241291338c8ea21169cce90a62efba6cad994df401df902182bbef65d4f9fff9a48dbc50509ca80cea0f9dc4bc323e6038fb4b4af5b71296191181a6b7af2fd0dd1cd7d5e98ebba705ee5f4ea43de353dc514818adb3e105ebb72faa1a093ab031cc1653c91138b045d2bc4b9161bcc55c50ce8abe743c9b28328a5531347ab3964b91cea3430b176009521f1d43da8fda00032d76e983ca69c3b0b83becbb8bb2a268c59b8b9aeaf26ace234a2dc210d810b3813f745a3e3dbc4aca16d1bb7e5615cd7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1121405c1f0ed258882be54d8686ba11ea45
+            Version: 3
+            TBS:
+                MD5: b95cbc184d388718612d5933f7b36770
+                SHA1: ff124c5d160710720108616ffee99bbe090ed363
+                SHA256: 13027620255363f07bbf85ae7d0dc06c07d8b0f4368b12f983ee3f4fce605733
+                SHA384: f42ed00f615f2822dcd3d33794477428afb52ddab932ebcde3586f92a27e18f9faba6b3334ca4e59e0cb24bdbf8395a6
+        -   Subject: C=TR, ST=ISTANBUL, O=PAN YAZILIM BILISIM TEKNOLOJILERI TICARET
+                LTD. STI., CN=PAN YAZILIM BILISIM TEKNOLOJILERI TICARET LTD. STI.
+            ValidFrom: '2014-04-15 15:12:40'
+            ValidTo: '2015-04-15 10:41:35'
+            Signature: 80c106b241d9ce3836aa7f9cace1ff4019c000e7010613722cb52e25e706045117d0fc96252e9dcea3fbc685222c39fca608d772e3f15cb43d550686265d301bbdc1e45ce75db149dff45be1adb71ee24385407afac778ede4e047359e64e06d29b5bdab18517dd5751cd255bd05600be47f4774be0c97666d5afe6aa64ee53ee9083e0587fd5a2b3767733fd5c1eb58364c4e8823db789da3d0157eb468805f3a0032103e65265ee45cd7181abfb3583d8d3b20d4f6f0a010c0bf01a2d82df1c3a22220e712d83b067aec59990117b623cda1a344a7584fb74145df822b2a709b3ca47a45fd4822d3bcd1691b18ddbb64b7daa42dd63664d796fbf2fc7474ba
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1121506480253469e07e54ee8612041fbb92
+            Version: 3
+            TBS:
+                MD5: f56d9ee0c69c7569e5c15b486bca6e2e
+                SHA1: 819ca6276ed76625e86bb6def0d45f61d37c8975
+                SHA256: b3b13c549110379d1141116de140cad748fb8345208cd31eb2443850a529b53b
+                SHA384: 2f15812fb4c9bba4d8ae7916fa4ffc9ad0a69724d77dc564c89b1e5df3e98b8797b63fcafe68eef9acf1d8817e9988cf
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 1121506480253469e07e54ee8612041fbb92
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 7cf815757705e26b809574488ed56d0e
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/613b8509-18c0-4720-b489-736776b6713e.yaml b/yaml/613b8509-18c0-4720-b489-736776b6713e.yaml
index 72f2e4e04..c404a5f78 100644
--- a/yaml/613b8509-18c0-4720-b489-736776b6713e.yaml
+++ b/yaml/613b8509-18c0-4720-b489-736776b6713e.yaml
@@ -1,1638 +1,1641 @@
 Id: 613b8509-18c0-4720-b489-736776b6713e
+Tags:
+- gdrv.sys
+Verified: 'TRUE'
 Author: Nasreddine Bencherchali
 Created: '2023-05-06'
 MitreID: T1068
 Category: vulnerable driver
-Verified: 'TRUE'
 Commands:
-  Command: sc.exe create gdrv.sys binPath=C:\windows\temp\gdrv.sys type=kernel &&
-    sc.exe start gdrv.sys
-  Description: ''
-  Usecase: Elevate privileges
-  Privileges: kernel
-  OperatingSystem: Windows 10
+    Command: sc.exe create gdrv.sys binPath=C:\windows\temp\gdrv.sys type=kernel &&
+        sc.exe start gdrv.sys
+    Description: ''
+    Usecase: Elevate privileges
+    Privileges: kernel
+    OperatingSystem: Windows 10
 Resources:
 - Internal Research
-Acknowledgement:
-  Person: ''
-  Handle: ''
 Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Person: ''
+    Handle: ''
 KnownVulnerableSamples:
-- Filename: gdrv.sys
-  MD5: b0954711c133d284a171dd560c8f492a
-  SHA1: 4f0d9122f57f4f8df41f3c3950359eb1284b9ab5
-  SHA256: 092d04284fdeb6762e65e6ac5b813920d6c69a5e99d110769c5c1a78e11c5ba0
-  Authentihash:
-    MD5: f4a434113ef1b0bfed60b8a5bcd4fa9c
-    SHA1: bffa9edada9f48685c5178f247c416029b423834
-    SHA256: 1bd6a40e294f4f74f9baf172f5a3e21dad3b7e31b5757d91bda309bd54a72fbe
-  Description: GIGA-BYTE NonPnP Driver
-  Company: GIGA-BYTE TECHNOLOGY CO., LTD.
-  InternalName: gdrv.sys
-  OriginalFilename: gdrv.sys
-  FileVersion: 1.0.1.1
-  Product: GIGA-BYTE Software driver
-  ProductVersion: 1.0.0.1
-  Copyright: Copyright (C) 2017
-  MachineType: I386
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  - WDFLDR.SYS
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - MmFreeContiguousMemory
-  - IoAllocateMdl
-  - MmAllocateContiguousMemory
-  - MmGetPhysicalAddress
-  - MmIsAddressValid
-  - KeBugCheckEx
-  - MmMapIoSpace
-  - MmMapLockedPagesSpecifyCache
-  - MmBuildMdlForNonPagedPool
-  - ExAllocatePool
-  - DbgPrint
-  - memset
-  - RtlCopyUnicodeString
-  - IoFreeMdl
-  - MmUnmapIoSpace
-  - MmUnmapLockedPages
-  - ExFreePoolWithTag
-  - WRITE_PORT_ULONG
-  - READ_PORT_USHORT
-  - READ_PORT_ULONG
-  - WRITE_PORT_UCHAR
-  - READ_PORT_UCHAR
-  - WRITE_PORT_USHORT
-  - WdfVersionBind
-  - WdfVersionBindClass
-  - WdfVersionUnbind
-  - WdfVersionUnbindClass
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 Extended Validation Code Signing CA , G2
-      ValidFrom: '2014-03-04 00:00:00'
-      ValidTo: '2024-03-03 23:59:59'
-      Signature: 3f5b19f3fa13d575382a5aee9f5aa04ca91dc5cc94eede15fef5106ea41ba56483541858c40b28a185c34e74e5ff897cfed5ed3cba719f5602268f162a88feb0a32722ce4be2388e00a63a865f9de53ea8de644941744121fd07c88417da1d653082cb264f39d60427a481b14b49c3238b7e02321827b7ab0bf31872b6a4ee67066f38a6588de0f17e5da460c6a8e5505fe0e8bae28f9958b6b5a0a876f1a2f11c8841727e52979b0a36998d50f701eb3ce7f0226ae5358c63368a1ab1d967665f971aefa8209df02fba6cced9948500f158f17dc97c22b5075d02c6e60bbfab9393ff27188e33367e5734f1c3af04c184f156b3e8878336f8d30a31dc6e2c6d
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 191a32cb759c97b8cfac118dd5127f49
-      Version: 3
-      TBS:
-        MD5: 788b61bd26da89253179e3de2cdb527f
-        SHA1: 7d06f16e7bf21bce4f71c2cb7a3e74351451bf69
-        SHA256: b3c925b4048c3f7c444d248a2b101186b57cba39596eb5dce0e17a4ee4b32f19
-        SHA384: 2955e28cb7ec0ea9730b499a0f189f9621eceb02591a9486b583f12bb845885a30d6a871826318a167cc5f06b274e58c
-    - Subject: ??=TW, ??=, ??=NEW TAIPEI, ??=Private Organization, serialNumber=22044755,
-        C=TW, L=NEW TAIPEI, O=GIGA,BYTE Technology Co., Ltd., CN=GIGA,BYTE Technology
-        Co., Ltd.
-      ValidFrom: '2018-12-07 00:00:00'
-      ValidTo: '2021-12-06 23:59:59'
-      Signature: 502fd3341b71cab45e302c7b586f9beefdce61639b7ccbaf643eb13bb29fcc6d5e37ba8f8af0b2d775216237d659088cbf124514ebe1fc6a663f20cbbd920afd64fbec463254a4e845cdb452b5768fcb2fb74e13043899381b57ce63419679395729d52fc8efbe19e08c5a4c6337eb910e048d30c2888718355460150ae33f20c8ea3724251dbe28d45de130843b462e11ff1ca90fb98e097b5f372b0aa1c5b2791897b4cf79cdbc02c5aca5a935a3ccf67fb67ef28390ed7913ee32e708869acbba27f24d6c7fc45b795b5e90c7200551babe0bae400343fc6fd75d36da7b5def7fde3a7f97519796d3bd14755a3adaa7cafcbe2cc24eb9a1a046ea8e05376d
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 4f8eefa0dcc85bbd656ab0f160743d34
-      Version: 3
-      TBS:
-        MD5: 5415ec7433f8ae320658011dfcfa2998
-        SHA1: 044407fe1b8e4b5af9eecf34ea87a0ecb32ee6bb
-        SHA256: f828f449f9b365a1455b8358b044385beaf097166a80defc440eacb8deb6ef26
-        SHA384: 640b5b53eabd60a97be0f1fcf7c893edb3d8ebf507c63958114532cd445246dc0ae92a4dadec314dd5babee5d7f0497c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    Signer:
-    - SerialNumber: 4f8eefa0dcc85bbd656ab0f160743d34
-      Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 Extended Validation Code Signing CA , G2
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 03eb5694b86b7b4bd881c01e7c65c229
-    SHA1: 9ea2af86738603b8014145f6e57cdca30052d682
-    SHA256: fe972e5d0cd1b46882d0c1cacca6f8fd9f7034d006e00f8439a549090d7fd40f
-  Sections:
-    .text:
-      Entropy: 6.079755030506782
-      Virtual Size: '0x383'
-    .rdata:
-      Entropy: 3.9588953379045915
-      Virtual Size: '0x3cc'
-    .data:
-      Entropy: 0.568711264156015
-      Virtual Size: '0x8b8'
-    PAGE:
-      Entropy: 6.197689857125293
-      Virtual Size: '0xa7e'
-    INIT:
-      Entropy: 5.617941004832402
-      Virtual Size: '0x3ba'
-    .rsrc:
-      Entropy: 3.3378742704604414
-      Virtual Size: '0x368'
-    .reloc:
-      Entropy: 5.642936600253398
-      Virtual Size: '0x188'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2019-02-12 20:25:54'
-  Imphash: 59b3f3fa2775e407721c2491ddb2890b
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: gdrv.sys
-  MD5: 043d5a1fc66662a3f91b8a9c027f9be9
-  SHA1: 3d8cc9123be74b31c597b0014c2a72090f0c44ef
-  SHA256: 0ce40a2cdd3f45c7632b858e8089ddfdd12d9acb286f2015a4b1b0c0346a572c
-  Authentihash:
-    MD5: 5029d92e78dd56446eae97c8acd56926
-    SHA1: 00e5f35b31d5bfd2745bb04909f1faf26abfcec0
-    SHA256: 12ae98c0f1d7209cffe3bc8be5b76aa1f4faba40af99a6dd299462cdd3820c94
-  Description: GIGA-BYTE NonPnP Driver
-  Company: GIGA-BYTE TECHNOLOGY CO., LTD.
-  InternalName: gdrv.sys
-  OriginalFilename: gdrv.sys
-  FileVersion: 1.0.1.1
-  Product: GIGA-BYTE Software driver
-  ProductVersion: 1.0.0.1
-  Copyright: Copyright (C) 2017
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - WDFLDR.SYS
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - DbgPrint
-  - ExAllocatePool
-  - MmBuildMdlForNonPagedPool
-  - MmMapLockedPagesSpecifyCache
-  - MmMapIoSpace
-  - MmAllocateContiguousMemory
-  - MmFreeContiguousMemory
-  - IoAllocateMdl
-  - MmGetPhysicalAddress
-  - MmIsAddressValid
-  - KeBugCheckEx
-  - RtlCopyUnicodeString
-  - IoFreeMdl
-  - MmUnmapIoSpace
-  - MmUnmapLockedPages
-  - ExFreePoolWithTag
-  - WdfVersionBindClass
-  - WdfVersionBind
-  - WdfVersionUnbind
-  - WdfVersionUnbindClass
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 Extended Validation Code Signing CA , G2
-      ValidFrom: '2014-03-04 00:00:00'
-      ValidTo: '2024-03-03 23:59:59'
-      Signature: 3f5b19f3fa13d575382a5aee9f5aa04ca91dc5cc94eede15fef5106ea41ba56483541858c40b28a185c34e74e5ff897cfed5ed3cba719f5602268f162a88feb0a32722ce4be2388e00a63a865f9de53ea8de644941744121fd07c88417da1d653082cb264f39d60427a481b14b49c3238b7e02321827b7ab0bf31872b6a4ee67066f38a6588de0f17e5da460c6a8e5505fe0e8bae28f9958b6b5a0a876f1a2f11c8841727e52979b0a36998d50f701eb3ce7f0226ae5358c63368a1ab1d967665f971aefa8209df02fba6cced9948500f158f17dc97c22b5075d02c6e60bbfab9393ff27188e33367e5734f1c3af04c184f156b3e8878336f8d30a31dc6e2c6d
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 191a32cb759c97b8cfac118dd5127f49
-      Version: 3
-      TBS:
-        MD5: 788b61bd26da89253179e3de2cdb527f
-        SHA1: 7d06f16e7bf21bce4f71c2cb7a3e74351451bf69
-        SHA256: b3c925b4048c3f7c444d248a2b101186b57cba39596eb5dce0e17a4ee4b32f19
-        SHA384: 2955e28cb7ec0ea9730b499a0f189f9621eceb02591a9486b583f12bb845885a30d6a871826318a167cc5f06b274e58c
-    - Subject: ??=TW, ??=, ??=NEW TAIPEI, ??=Private Organization, serialNumber=22044755,
-        C=TW, L=NEW TAIPEI, O=GIGA,BYTE Technology Co., Ltd., CN=GIGA,BYTE Technology
-        Co., Ltd.
-      ValidFrom: '2018-12-07 00:00:00'
-      ValidTo: '2021-12-06 23:59:59'
-      Signature: 502fd3341b71cab45e302c7b586f9beefdce61639b7ccbaf643eb13bb29fcc6d5e37ba8f8af0b2d775216237d659088cbf124514ebe1fc6a663f20cbbd920afd64fbec463254a4e845cdb452b5768fcb2fb74e13043899381b57ce63419679395729d52fc8efbe19e08c5a4c6337eb910e048d30c2888718355460150ae33f20c8ea3724251dbe28d45de130843b462e11ff1ca90fb98e097b5f372b0aa1c5b2791897b4cf79cdbc02c5aca5a935a3ccf67fb67ef28390ed7913ee32e708869acbba27f24d6c7fc45b795b5e90c7200551babe0bae400343fc6fd75d36da7b5def7fde3a7f97519796d3bd14755a3adaa7cafcbe2cc24eb9a1a046ea8e05376d
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 4f8eefa0dcc85bbd656ab0f160743d34
-      Version: 3
-      TBS:
-        MD5: 5415ec7433f8ae320658011dfcfa2998
-        SHA1: 044407fe1b8e4b5af9eecf34ea87a0ecb32ee6bb
-        SHA256: f828f449f9b365a1455b8358b044385beaf097166a80defc440eacb8deb6ef26
-        SHA384: 640b5b53eabd60a97be0f1fcf7c893edb3d8ebf507c63958114532cd445246dc0ae92a4dadec314dd5babee5d7f0497c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    Signer:
-    - SerialNumber: 4f8eefa0dcc85bbd656ab0f160743d34
-      Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 Extended Validation Code Signing CA , G2
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 7eb18352afe92c32e6d8fafe1eb5e93b
-    SHA1: 3f0f2ac39a0d40eab850d3c520c8530787cb9979
-    SHA256: 71b608735d9c6d4adcdade732f8df7684c6a8bc7c5b8d427d584c58c52bd04a9
-  Sections:
-    .text:
-      Entropy: 6.1918639017358545
-      Virtual Size: '0x103e'
-    .rdata:
-      Entropy: 4.237177841304867
-      Virtual Size: '0x6b0'
-    .data:
-      Entropy: 0.754659278632904
-      Virtual Size: '0xfb8'
-    .pdata:
-      Entropy: 3.811205019243734
-      Virtual Size: '0x174'
-    .gfids:
-      Entropy: 0.8112781244591328
-      Virtual Size: '0x4'
-    PAGE:
-      Entropy: 6.06059048417531
-      Virtual Size: '0x834'
-    INIT:
-      Entropy: 5.430018205225444
-      Virtual Size: '0x3bc'
-    .rsrc:
-      Entropy: 3.340167848442093
-      Virtual Size: '0x368'
-    .reloc:
-      Entropy: 3.251870619839375
-      Virtual Size: '0x2c'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2019-02-12 20:23:11'
-  Imphash: f7d07bcaa23837d219dcb64e76290252
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: gdrv.sys
-  MD5: 3c55092900343d3d28564e2d34e7be2c
-  SHA1: 1a56614ea7d335c844b7fc6edd5feb59b8df7b55
-  SHA256: 133e542842656197c5d22429bd56d57aa33c9522897fdf29853a6d321033c743
-  Authentihash:
-    MD5: b661326f2405e4947bf879cc97f13438
-    SHA1: c7e06ef18efee6d133c5014ef45d6657e1e36b90
-    SHA256: c92d943a465e20f50bae8d46ea38b635d2da85ae4e34f0170fd6f451890c76d7
-  Description: GIGA-BYTE NonPnP Driver
-  Company: GIGA-BYTE TECHNOLOGY CO., LTD.
-  InternalName: gdrv.sys
-  OriginalFilename: gdrv.sys
-  FileVersion: 1.0.1.3
-  Product: GIGA-BYTE Software driver
-  ProductVersion: 1.0.0.1
-  Copyright: Copyright (C) 2017
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - WDFLDR.SYS
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - DbgPrint
-  - ExAllocatePool
-  - MmBuildMdlForNonPagedPool
-  - MmMapLockedPagesSpecifyCache
-  - MmMapIoSpace
-  - MmAllocateContiguousMemory
-  - MmFreeContiguousMemory
-  - IoAllocateMdl
-  - RtlInitUnicodeString
-  - ZwClose
-  - ZwOpenSection
-  - ZwMapViewOfSection
-  - ZwUnmapViewOfSection
-  - MmGetPhysicalAddress
-  - MmIsAddressValid
-  - KeBugCheckEx
-  - RtlCopyUnicodeString
-  - IoFreeMdl
-  - MmUnmapIoSpace
-  - MmUnmapLockedPages
-  - ObReferenceObjectByHandle
-  - ExFreePoolWithTag
-  - WdfVersionBindClass
-  - WdfVersionBind
-  - WdfVersionUnbind
-  - WdfVersionUnbindClass
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 Extended Validation Code Signing CA , G2
-      ValidFrom: '2014-03-04 00:00:00'
-      ValidTo: '2024-03-03 23:59:59'
-      Signature: 3f5b19f3fa13d575382a5aee9f5aa04ca91dc5cc94eede15fef5106ea41ba56483541858c40b28a185c34e74e5ff897cfed5ed3cba719f5602268f162a88feb0a32722ce4be2388e00a63a865f9de53ea8de644941744121fd07c88417da1d653082cb264f39d60427a481b14b49c3238b7e02321827b7ab0bf31872b6a4ee67066f38a6588de0f17e5da460c6a8e5505fe0e8bae28f9958b6b5a0a876f1a2f11c8841727e52979b0a36998d50f701eb3ce7f0226ae5358c63368a1ab1d967665f971aefa8209df02fba6cced9948500f158f17dc97c22b5075d02c6e60bbfab9393ff27188e33367e5734f1c3af04c184f156b3e8878336f8d30a31dc6e2c6d
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 191a32cb759c97b8cfac118dd5127f49
-      Version: 3
-      TBS:
-        MD5: 788b61bd26da89253179e3de2cdb527f
-        SHA1: 7d06f16e7bf21bce4f71c2cb7a3e74351451bf69
-        SHA256: b3c925b4048c3f7c444d248a2b101186b57cba39596eb5dce0e17a4ee4b32f19
-        SHA384: 2955e28cb7ec0ea9730b499a0f189f9621eceb02591a9486b583f12bb845885a30d6a871826318a167cc5f06b274e58c
-    - Subject: ??=TW, ??=, ??=NEW TAIPEI, ??=Private Organization, serialNumber=22044755,
-        C=TW, L=NEW TAIPEI, O=GIGA,BYTE Technology Co., Ltd., CN=GIGA,BYTE Technology
-        Co., Ltd.
-      ValidFrom: '2018-12-07 00:00:00'
-      ValidTo: '2021-12-06 23:59:59'
-      Signature: 502fd3341b71cab45e302c7b586f9beefdce61639b7ccbaf643eb13bb29fcc6d5e37ba8f8af0b2d775216237d659088cbf124514ebe1fc6a663f20cbbd920afd64fbec463254a4e845cdb452b5768fcb2fb74e13043899381b57ce63419679395729d52fc8efbe19e08c5a4c6337eb910e048d30c2888718355460150ae33f20c8ea3724251dbe28d45de130843b462e11ff1ca90fb98e097b5f372b0aa1c5b2791897b4cf79cdbc02c5aca5a935a3ccf67fb67ef28390ed7913ee32e708869acbba27f24d6c7fc45b795b5e90c7200551babe0bae400343fc6fd75d36da7b5def7fde3a7f97519796d3bd14755a3adaa7cafcbe2cc24eb9a1a046ea8e05376d
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 4f8eefa0dcc85bbd656ab0f160743d34
-      Version: 3
-      TBS:
-        MD5: 5415ec7433f8ae320658011dfcfa2998
-        SHA1: 044407fe1b8e4b5af9eecf34ea87a0ecb32ee6bb
-        SHA256: f828f449f9b365a1455b8358b044385beaf097166a80defc440eacb8deb6ef26
-        SHA384: 640b5b53eabd60a97be0f1fcf7c893edb3d8ebf507c63958114532cd445246dc0ae92a4dadec314dd5babee5d7f0497c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    Signer:
-    - SerialNumber: 4f8eefa0dcc85bbd656ab0f160743d34
-      Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 Extended Validation Code Signing CA , G2
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 7eb18352afe92c32e6d8fafe1eb5e93b
-    SHA1: 3f0f2ac39a0d40eab850d3c520c8530787cb9979
-    SHA256: 71b608735d9c6d4adcdade732f8df7684c6a8bc7c5b8d427d584c58c52bd04a9
-  Sections:
-    .text:
-      Entropy: 6.174048897397458
-      Virtual Size: '0x138e'
-    .rdata:
-      Entropy: 4.254293906774769
-      Virtual Size: '0x710'
-    .data:
-      Entropy: 0.7345015722226091
-      Virtual Size: '0xfb8'
-    .pdata:
-      Entropy: 3.8098736809486815
-      Virtual Size: '0x1a4'
-    .gfids:
-      Entropy: 0.8112781244591328
-      Virtual Size: '0x4'
-    PAGE:
-      Entropy: 6.056099606920948
-      Virtual Size: '0x964'
-    INIT:
-      Entropy: 5.472943444636511
-      Virtual Size: '0x468'
-    .rsrc:
-      Entropy: 3.3475705158878046
-      Virtual Size: '0x368'
-    .reloc:
-      Entropy: 3.3380209612256118
-      Virtual Size: '0x2c'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2019-04-15 01:45:51'
-  Imphash: d6dc99d60798b2647006ddba21671160
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: gdrv.sys
-  MD5: 7907e14f9bcf3a4689c9a74a1a873cb6
-  SHA1: b9b72a5be3871ddc0446bae35548ea176c4ea613
-  SHA256: 17927b93b2d6ab4271c158f039cae2d60591d6a14458f5a5690aec86f5d54229
-  Authentihash:
-    MD5: b4709bbd5e329d55130e0db781afc89c
-    SHA1: b483cdd20bb24ed9a20f4168628b7053b04ebb93
-    SHA256: bb0063e65c44da66d705d25121af09b641070219c174f5d83e288ba8fe59e46f
-  Description: GIGABYTE Tools
-  Company: Windows (R) Server 2003 DDK provider
-  InternalName: gdrv.sys
-  OriginalFilename: gdrv.sys
-  FileVersion: '5.2.3790.1830 built by: WinDDK'
-  Product: Windows (R) Server 2003 DDK driver
-  ProductVersion: 5.2.3790.1830
-  Copyright: "\xA9 Microsoft Corporation. All rights reserved."
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoCreateDevice
-  - RtlInitUnicodeString
-  - DbgPrint
-  - IoDeleteSymbolicLink
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - ZwClose
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - IoCreateSymbolicLink
-  - KeReleaseInStackQueuedSpinLock
-  - KeAcquireInStackQueuedSpinLock
-  - MmFreeContiguousMemory
-  - MmIsAddressValid
-  - MmAllocateContiguousMemory
-  - MmGetPhysicalAddress
-  - IofCompleteRequest
-  - ZwUnmapViewOfSection
-  - ZwOpenSection
-  - IoDeleteDevice
-  - HalTranslateBusAddress
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=TW, ST=Taiwan, L=Taipei Hsien, O=Giga,Byte Technology, OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=Testing Department, CN=Giga,Byte
-        Technology
-      ValidFrom: '2007-10-02 00:00:00'
-      ValidTo: '2010-10-18 23:59:59'
-      Signature: 5c404cbb1176300b3b0f2b98924c5be7571d28c8e8086cea2fe21a4d3687b441facd3aec26e2722d2d4dabac900ab1158ad7b53edc2a3678743ae411eeb48e00560ce2e49a4954a5d3223cbb3fbcb6f19185ea33ac10f5c96fc80593236a3512ad98599c931486810fd0ca98df4c75fcdd6d69aceb0d6f755c74d4779ed39cc17946fc61e7a17bee5e5bc46220509aea779cc200315bfb778edc11429dc9763a4a3c7a04346ed759ef357c4744088ac9f4f949e783b42eec05b777c3629b718e0766c5ac956b0f67834009d3e0d171da24ee6b151d7bb40cf9f8e6f1e1a08fe2ec1fb101b766ec261c0ce6f98de3fb452a81a57bb0b72a44c06a01f199a8143d
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 720ef3aaa1a44f7d0717a805c290c378
-      Version: 3
-      TBS:
-        MD5: 0695cf8f3778103101610eccc2a78d04
-        SHA1: ab5b9a4474b73d3317a7853116f62e83c9301b0d
-        SHA256: 6b88dbf87d212b8a91c4fd09d6725e3ae498d898c8292e77657be9d44e2503ca
-        SHA384: 3dab111c5395ec6bda188690b936c86ed2e9d46d5f718488bd3f7608338556cf774df25f2ad4a64564d067c21dc05cdc
-    Signer:
-    - SerialNumber: 720ef3aaa1a44f7d0717a805c290c378
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 692489f3a392b18a282362c2a5fb716c
-    SHA1: 8761b768f8363715c0bba36e2d1745517eef2ae2
-    SHA256: 0e6e9bb637b9d83dd448097c3f58f1040e5302ee4b0aaebca70f7c5044309c7e
-  Sections:
-    .text:
-      Entropy: 6.2433654070225355
-      Virtual Size: '0x2c18'
-    .rdata:
-      Entropy: 4.588619241668126
-      Virtual Size: '0x5fc'
-    .data:
-      Entropy: 0.4231266687750792
-      Virtual Size: '0x158'
-    .pdata:
-      Entropy: 4.115714399866766
-      Virtual Size: '0x2dc'
-    INIT:
-      Entropy: 4.901958142373141
-      Virtual Size: '0x34c'
-    .rsrc:
-      Entropy: 4.481086585534943
-      Virtual Size: '0x65c'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2009-03-12 21:22:29'
-  Imphash: 6816dabcee7b7d027bfbb93a16297afa
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: gdrv.sys
-  MD5: a72e10ecea2fdeb8b9d4f45d0294086b
-  SHA1: 4692730f6b56eeb0399460c72ade8a15ddd43a62
-  SHA256: 26c28746e947389856543837aa59a5b1f4697e5721a04d00aa28151a2659b097
-  Authentihash:
-    MD5: 8e9f3d61eaa5d5df8ac92c3c89eb7347
-    SHA1: c1b7be5e37f29ee8114b701f88d68748f196c530
-    SHA256: b213524b22aadcc273142c4b8afc2a6219d6b8b7cab4b41adf9944efb8f46005
-  Description: GIGA-BYTE NonPnP Driver
-  Company: GIGA-BYTE TECHNOLOGY CO., LTD.
-  InternalName: gdrv.sys
-  OriginalFilename: gdrv.sys
-  FileVersion: 1.0.0.5
-  Product: GIGA-BYTE Software driver
-  ProductVersion: 1.0.0.1
-  Copyright: Copyright (C) 2017
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - WDFLDR.SYS
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - DbgPrint
-  - ExAllocatePool
-  - MmBuildMdlForNonPagedPool
-  - MmMapLockedPagesSpecifyCache
-  - MmMapIoSpace
-  - MmAllocateContiguousMemory
-  - MmFreeContiguousMemory
-  - IoAllocateMdl
-  - RtlInitUnicodeString
-  - ZwClose
-  - ZwOpenSection
-  - ZwMapViewOfSection
-  - ZwUnmapViewOfSection
-  - MmGetPhysicalAddress
-  - MmIsAddressValid
-  - KeBugCheckEx
-  - RtlCopyUnicodeString
-  - IoFreeMdl
-  - MmUnmapIoSpace
-  - MmUnmapLockedPages
-  - ObReferenceObjectByHandle
-  - ExFreePoolWithTag
-  - WdfVersionBindClass
-  - WdfVersionBind
-  - WdfVersionUnbind
-  - WdfVersionUnbindClass
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 Extended Validation Code Signing CA , G2
-      ValidFrom: '2014-03-04 00:00:00'
-      ValidTo: '2024-03-03 23:59:59'
-      Signature: 3f5b19f3fa13d575382a5aee9f5aa04ca91dc5cc94eede15fef5106ea41ba56483541858c40b28a185c34e74e5ff897cfed5ed3cba719f5602268f162a88feb0a32722ce4be2388e00a63a865f9de53ea8de644941744121fd07c88417da1d653082cb264f39d60427a481b14b49c3238b7e02321827b7ab0bf31872b6a4ee67066f38a6588de0f17e5da460c6a8e5505fe0e8bae28f9958b6b5a0a876f1a2f11c8841727e52979b0a36998d50f701eb3ce7f0226ae5358c63368a1ab1d967665f971aefa8209df02fba6cced9948500f158f17dc97c22b5075d02c6e60bbfab9393ff27188e33367e5734f1c3af04c184f156b3e8878336f8d30a31dc6e2c6d
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 191a32cb759c97b8cfac118dd5127f49
-      Version: 3
-      TBS:
-        MD5: 788b61bd26da89253179e3de2cdb527f
-        SHA1: 7d06f16e7bf21bce4f71c2cb7a3e74351451bf69
-        SHA256: b3c925b4048c3f7c444d248a2b101186b57cba39596eb5dce0e17a4ee4b32f19
-        SHA384: 2955e28cb7ec0ea9730b499a0f189f9621eceb02591a9486b583f12bb845885a30d6a871826318a167cc5f06b274e58c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: ??=TW, ??=Private Organization, serialNumber=22044755, C=TW, ST=Taiwan,
-        L=New Taipei, O=GIGA,BYTE TECHNOLOGY CO., LTD., OU=Quality Validation Department
-        II, CN=GIGA,BYTE TECHNOLOGY CO., LTD.
-      ValidFrom: '2015-11-25 00:00:00'
-      ValidTo: '2018-11-24 23:59:59'
-      Signature: 4b80390dbbac3854acdd732ced7a533a35cb04b57da3e63120d90c4111b9e11f0255d4264a960873efa865d8dd122d77d082d72b197f3fd2b1df36bc03dac88c0e193e023129b8e144e4e75f75ff24ad2843094442e85611c4c8a1a622fcd7cdc61984d07df686844320b6af005280432251809de912567b74cf92e07daa504060bf26ed15cfaa23b09096c79fab8607e6bfb848c62a0e9f8734e20837fa5b420374642dc972cb188a71714087a47114dbf41e2f339707c404189e288d6f26fb2c5c24ee3d9dc8c03201c03155ce1eabe56e125913c361fc425dda869335fbb8f8d19afb58d1a19dd65e4a85ffd75021946cfcb5b0170624616009ce5b2b0d2f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 47547865fbe14ca43b8231902649d74d
-      Version: 3
-      TBS:
-        MD5: 7ce6ab4209b99d039125f7d2466f7707
-        SHA1: 6f99eeb729cc36377229a2b37172f0da37e6bbb1
-        SHA256: 864a2f84905d3ccee358fdad2333d71065de08345ee97cecaab964195f85fcd3
-        SHA384: ae8ccffac5ac06f978822df110f59000024525bc59262df7c1f2fea08ff49285afca479959f163ce4bfe43e956cfa220
-    Signer:
-    - SerialNumber: 47547865fbe14ca43b8231902649d74d
-      Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 Extended Validation Code Signing CA , G2
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 7eb18352afe92c32e6d8fafe1eb5e93b
-    SHA1: 3f0f2ac39a0d40eab850d3c520c8530787cb9979
-    SHA256: 71b608735d9c6d4adcdade732f8df7684c6a8bc7c5b8d427d584c58c52bd04a9
-  Sections:
-    .text:
-      Entropy: 6.1762923779720875
-      Virtual Size: '0x134e'
-    .rdata:
-      Entropy: 4.255692242153894
-      Virtual Size: '0x750'
-    .data:
-      Entropy: 0.7345015722226091
-      Virtual Size: '0xfb8'
-    .pdata:
-      Entropy: 3.8755184712871364
-      Virtual Size: '0x1a4'
-    .gfids:
-      Entropy: 0.8112781244591328
-      Virtual Size: '0x4'
-    PAGE:
-      Entropy: 6.058280996869597
-      Virtual Size: '0x964'
-    INIT:
-      Entropy: 5.476143480518104
-      Virtual Size: '0x468'
-    .rsrc:
-      Entropy: 3.3444821443483326
-      Virtual Size: '0x368'
-    .reloc:
-      Entropy: 3.248587587731763
-      Virtual Size: '0x2c'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2018-04-20 04:38:40'
-  Imphash: d6dc99d60798b2647006ddba21671160
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: gdrv.sys
-  MD5: 31f34de4374a6ed0e70a022a0efa2570
-  SHA1: c70989ed7a6ad9d7cd40ae970e90f3c3f2f84860
-  SHA256: 6f1fc8287dd8d724972d7a165683f2b2ad6837e16f09fe292714e8e38ecd1e38
-  Authentihash:
-    MD5: b18b1bff521337695d2d6a0768340252
-    SHA1: 0f5034fcf5b34be22a72d2ecc29e348e93b6f00f
-    SHA256: 9c0e80958b907c8df345ec2f8d711acefb4951ee3e6e84892ecd429f5e1f3acb
-  Description: GIGABYTE Tools
-  Company: Windows (R) Server 2003 DDK provider
-  InternalName: gdrv.sys
-  OriginalFilename: gdrv.sys
-  FileVersion: '5.2.3790.1830 built by: WinDDK'
-  Product: Windows (R) Server 2003 DDK driver
-  ProductVersion: 5.2.3790.1830
-  Copyright: "\xA9 Microsoft Corporation. All rights reserved."
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoCreateDevice
-  - RtlInitUnicodeString
-  - DbgPrint
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - MmUnmapIoSpace
-  - IoFreeMdl
-  - MmUnmapLockedPages
-  - MmMapIoSpace
-  - ZwClose
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - IoCreateSymbolicLink
-  - KeAcquireInStackQueuedSpinLock
-  - MmFreeContiguousMemory
-  - MmIsAddressValid
-  - MmAllocateContiguousMemory
-  - MmGetPhysicalAddress
-  - IofCompleteRequest
-  - ExAllocatePoolWithTag
-  - MmMapLockedPages
-  - MmBuildMdlForNonPagedPool
-  - IoAllocateMdl
-  - ZwUnmapViewOfSection
-  - KeReleaseInStackQueuedSpinLock
-  - IoDeleteDevice
-  - HalTranslateBusAddress
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G3
-      ValidFrom: '2016-03-16 00:00:00'
-      ValidTo: '2024-03-16 00:00:00'
-      Signature: 3b41bbc84f561182b719e3d96dc185ae9e690ec84326234b8d44c8e87d5f070e5341d563444a890bb874ac7db578792f8426e2d7f7bad1ae2dfd69cffa7c64dc24162a4adac097a9bbd5dd88e7a1929a0aa5f6f7bace85d6e4e3d455deeddc3e211f1bc87788cffc65fb05b48f12a630d30d66982f6c2e6f85187c8ff5f6fbb1ab10e183270885b07321ba5d2cba8330b73984dd5db67fd28bb455534c42a2bc4a6c78395b631ca37827bfbe34836b6d7b1e60fbc29b0d88ac8c72546bdc3b88ba81525e689783b8ce7fa3cdf9ea2f2676facd0b06ac4344497bf64c9442b2abcfd542d51942696e618664c7b37d078bdbe5767b6e5f65a91690a2cee4ae6492
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47c30ffefc22bb280f96fea75251
-      Version: 3
-      TBS:
-        MD5: 729cf4baceff4ef7aa199ad4f4ebed3d
-        SHA1: f478f0e790d5c8ec6056a3ab2567404a991d2837
-        SHA256: c3c88c2a500cb5a97abca837193a5bd382f6eb3aeb0008edbce65ea2a3dbfd5c
-        SHA384: e62bbb1ba1ad3df59f2c7265df5576af6b5d4a7473b74985a9d956975fdfc517ffbdd2172b0e3ea36befcb6a9026c872
-    - Subject: C=US, O=DigiCert, Inc., CN=DigiCert Timestamp 2021
-      ValidFrom: '2021-01-01 00:00:00'
-      ValidTo: '2031-01-06 00:00:00'
-      Signature: 481cdcb5e99a23bce71ae7200e8e6746fd427251740a2347a3ab92d225c47059be14a0e52781a54d1415190779f0d104c386d93bbdfe4402664ded69a40ff6b870cf62e8f5514a7879367a27b7f3e7529f93a7ed439e7be7b4dd412289fb87a246034efcf4feb76477635f2352698382fa1a53ed90cc8da117730df4f36539704bf39cd67a7bda0cbc3d32d01bcbf561fc75080076bc810ef8c0e15ccfc41172e71b6449d8229a751542f52d323881daf460a2bab452fb5ce06124254fb2dfc929a8734351dabd63d61f5b9bf72e1b4f131df74a0d717e97b7f43f84ebc1e3a349a1facea7bf56cfba597661895f7ea7b48e6778f93698e1cb28da5b87a68a2f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 0d424ae0be3a88ff604021ce1400f0dd
-      Version: 3
-      TBS:
-        MD5: c0189c338449a42fe8358c2c1fbecc60
-        SHA1: b8ac0ee6875594b80ad86a6df6dd1fa3048c187c
-        SHA256: a43de6baf968a942da017b70769fdb65b3cfb1bbca1f9174da26a7d8aae78ec5
-        SHA384: 76d3a316a5a106050298418cce3beea16100524723d9e3220b0de51bfb6f1c35a5d4c7cd10b358fef7bf94c3e3562150
-    - Subject: C=US, O=DigiCert, Inc., CN=DigiCert Timestamp 2021
-      ValidFrom: '2021-01-01 00:00:00'
-      ValidTo: '2031-01-06 00:00:00'
-      Signature: 481cdcb5e99a23bce71ae7200e8e6746fd427251740a2347a3ab92d225c47059be14a0e52781a54d1415190779f0d104c386d93bbdfe4402664ded69a40ff6b870cf62e8f5514a7879367a27b7f3e7529f93a7ed439e7be7b4dd412289fb87a246034efcf4feb76477635f2352698382fa1a53ed90cc8da117730df4f36539704bf39cd67a7bda0cbc3d32d01bcbf561fc75080076bc810ef8c0e15ccfc41172e71b6449d8229a751542f52d323881daf460a2bab452fb5ce06124254fb2dfc929a8734351dabd63d61f5b9bf72e1b4f131df74a0d717e97b7f43f84ebc1e3a349a1facea7bf56cfba597661895f7ea7b48e6778f93698e1cb28da5b87a68a2f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 0d424ae0be3a88ff604021ce1400f0dd
-      Version: 3
-      TBS:
-        MD5: c0189c338449a42fe8358c2c1fbecc60
-        SHA1: b8ac0ee6875594b80ad86a6df6dd1fa3048c187c
-        SHA256: a43de6baf968a942da017b70769fdb65b3cfb1bbca1f9174da26a7d8aae78ec5
-        SHA384: 76d3a316a5a106050298418cce3beea16100524723d9e3220b0de51bfb6f1c35a5d4c7cd10b358fef7bf94c3e3562150
-    - Subject: C=CN, ST=, L=, O=, CN=
-      ValidFrom: '2020-01-02 07:05:30'
-      ValidTo: '2021-01-02 03:42:16'
-      Signature: 42c4e375f4ebd7d918dfa735bb07fdb9af9b462be297aa35cf580fc20f8033e6cc7f9188539e9955409465acef09c83073cfc95205e3fac3f134e7b9d6294998c88f01a2931463d3e61fc754fffd99444abf886172aeeb6a87f12d925aed520cfa07fa6f5c43c4548bb2d7f60e6a0e6b742d32da2edbfc4effe616ec5a94582419ffd89e0b741b8fad70b5a6ac110f270182eba9cda4f99f24a04712bf09301f4642e2a4b0df9fd3efbb9dd2a2b735deb4604aa2356b48502c4ac1d2492ad1461fb1e8d496da60d9d17ad123db61173e01f99d284d6d8a5dce80e7bf062424154a66fd03d987e4b70c6fa576a136c186347e3d467a18e4d0eba18ee1a313a4b5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0f05d43d469ef74a803e0b3c
-      Version: 3
-      TBS:
-        MD5: 123a13c6529f9736a927a9c5e9b63fe2
-        SHA1: 5af3705dcda674e6509c0c61e91a4806f71dcb62
-        SHA256: 183fa9cdb2c0c101e4d50479e304de6cec444744fd66fb4ca2f6038c661f19a2
-        SHA384: a432c1a652dbae1681bab4e6775628c55c7f6f999be2513cf117a6f09588b32f325be5424664d5c5a8dd040e1ed94bd7
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2011-04-15 19:55:08'
-      ValidTo: '2021-04-15 20:05:08'
-      Signature: 5ff8d065746a81c6a6ca5b03b6914ae84bbdef2ba142f0efb4a5adcd3389ec0b9585ac62501108aa58d25aa08310e5a6337af25af2c5fe787cf09c83df190ad97396002dd62ccde914d41d9de83f3c1a76f7904efb01350a6c9313a0c356eb67a0e4d17a96dec267f190f80a7bf5321b94ec5f751f8d1b34da6c58a7cb2d279e2226b7c9aa30cc0777b836e38201b5393ccc8dd9a75f7f23b3877fdb5798918bd7ce2520e39d644fdd87f72b68490318e0a5df7c5f68644d36838d4781f2e9e0a869abfa7b163c05a449ea8830190a6c73055178dfd41ddd3ad47f2de44e54be83431e7a7433b4a4ebd77073bc2a02988966eef6bc8f749378e329025a5a43e258ce7ccf9acad236893be25fda26054ec8d4e72c910e1797c5beee8b13112323294ffa83d050f6bafad53db3173df4ff034aa325dce67561d1fa35086bd62744d068b78d45e0eb852cc8a15d614474160e5958aed2b5eea5bcd6d7076ab62978fd976767dd8d4f17944fd2ed0caf972437c3a29c81da6be143b6577b4cecbf791319e79fe844e94781b75e701e91f83dd17b27f50b7056434805dda92fab86101d0b12e31ad04c6e75ded645b30b748887935c564a41029af7aeb799d8b67f88fa11f2457cf4d71b91c01cf1a0fbd4080a411a142acef4eb34486e66879ed54b7a397fbb0e3d3861cf735706e412066bd96b5308cd7018c22d4f974691bca9f0
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 6129152700000000002a
-      Version: 3
-      TBS:
-        MD5: 0bb058d116f02817737920f112d9fd3b
-        SHA1: fd116235171a4feafedee586b7a59185fb5fd7e6
-        SHA256: f970426cc46d2ae0fc5f899fa19dbe76e05f07e525654c60c3c9399492c291f4
-        SHA384: c0df876be008c26ca407fe904e6f5e7ccded17f9c16830ce9f8022309c9e64c97f494810f152811ae43e223b82ad7cc6
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Assured
-        ID Timestamping CA
-      ValidFrom: '2016-01-07 12:00:00'
-      ValidTo: '2031-01-07 12:00:00'
-      Signature: 719512e951875669cdefddda7caa637ab378cf06374084ef4b84bfcacf0302fdc5a7c30e20422caf77f32b1f0c215a2ab705341d6aae99f827a266bf09aa60df76a43a930ff8b2d1d87c1962e85e82251ec4ba1c7b2c21e2d65b2c1435430468b2db7502e072c798d63c64e51f4810185f8938614d62462487638c91522caf2989e5781fd60b14a580d7124770b375d59385937eb69267fb536189a8f56b96c0f458690d7cc801b1b92875b7996385228c61ca79947e59fc8c0fe36fb50126b66ca5ee875121e458609bba0c2d2b6da2c47ebbc4252b4702087c49ae13b6e17c424228c61856cf4134b6665db6747bf55633222f2236b24ba24a95d8f5a68e52
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 0aa125d6d6321b7e41e405da3697c215
-      Version: 3
-      TBS:
-        MD5: 8d26184fc613f89aba1cefb30fce1b53
-        SHA1: 63a7e376bad5ec2e419d514a403bcf46c8d31d95
-        SHA256: 56b5f0d9db578e3f142921daa387902722a76700375c7e1c4ae0ba004bacaa0c
-        SHA384: d8c9691fe9dbe182f07b49b07fbb4f589fa7b38b5c4d21f265d3a2e818f4b1bfb39e03faab2ec05bb10333a99914fb8a
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Assured
-        ID Timestamping CA
-      ValidFrom: '2016-01-07 12:00:00'
-      ValidTo: '2031-01-07 12:00:00'
-      Signature: 719512e951875669cdefddda7caa637ab378cf06374084ef4b84bfcacf0302fdc5a7c30e20422caf77f32b1f0c215a2ab705341d6aae99f827a266bf09aa60df76a43a930ff8b2d1d87c1962e85e82251ec4ba1c7b2c21e2d65b2c1435430468b2db7502e072c798d63c64e51f4810185f8938614d62462487638c91522caf2989e5781fd60b14a580d7124770b375d59385937eb69267fb536189a8f56b96c0f458690d7cc801b1b92875b7996385228c61ca79947e59fc8c0fe36fb50126b66ca5ee875121e458609bba0c2d2b6da2c47ebbc4252b4702087c49ae13b6e17c424228c61856cf4134b6665db6747bf55633222f2236b24ba24a95d8f5a68e52
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 0aa125d6d6321b7e41e405da3697c215
-      Version: 3
-      TBS:
-        MD5: 8d26184fc613f89aba1cefb30fce1b53
-        SHA1: 63a7e376bad5ec2e419d514a403bcf46c8d31d95
-        SHA256: 56b5f0d9db578e3f142921daa387902722a76700375c7e1c4ae0ba004bacaa0c
-        SHA384: d8c9691fe9dbe182f07b49b07fbb4f589fa7b38b5c4d21f265d3a2e818f4b1bfb39e03faab2ec05bb10333a99914fb8a
-    Signer:
-    - SerialNumber: 0f05d43d469ef74a803e0b3c
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G3
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 2c77dbb41d635860b678106d8fa08bb9
-    SHA1: 4051f5ac448fe8692e040214388d39e15e328d94
-    SHA256: 6254640a7abc96cdb67d146d6295362aaff6ef9f6a04015883379d7008d86322
-  Sections:
-    .text:
-      Entropy: 6.2502047491555315
-      Virtual Size: '0x2dc8'
-    .rdata:
-      Entropy: 4.431694959682769
-      Virtual Size: '0x610'
-    .data:
-      Entropy: 0.4231266687750792
-      Virtual Size: '0x158'
-    .pdata:
-      Entropy: 4.120326366692263
-      Virtual Size: '0x2dc'
-    INIT:
-      Entropy: 4.963482726390094
-      Virtual Size: '0x412'
-    .rsrc:
-      Entropy: 3.471909950512757
-      Virtual Size: '0x3e8'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2013-07-03 22:27:55'
-  Imphash: cc81a908891587ccac8059435eda4c66
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: gdrv.sys
-  MD5: 4e093256b034925ecd6b29473ff16858
-  SHA1: eba5483bb47ec6ff51d91a9bdf1eee3b6344493d
-  SHA256: 81aafae4c4158d0b9a6431aff0410745a0f6a43fb20a9ab316ffeb8c2e2ccac0
-  Authentihash:
-    MD5: ce38d9daee9b1de9c5fbaac0e6932ed3
-    SHA1: 025656c5696aa4834b4d32149a93176cf0322854
-    SHA256: 35b1fdfa5cc9bb4a0d6e148140d59351447fa35c5c899e95da5f62a6b054af56
-  Description: GIGA-BYTE NonPnP Driver
-  Company: GIGA-BYTE TECHNOLOGY CO., LTD.
-  InternalName: gdrv.sys
-  OriginalFilename: gdrv.sys
-  FileVersion: 1.1.0.1
-  Product: GIGA-BYTE Software driver
-  ProductVersion: 1.0.0.1
-  Copyright: Copyright (C) 2017
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - WDFLDR.SYS
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - DbgPrint
-  - ExAllocatePool
-  - MmBuildMdlForNonPagedPool
-  - MmMapLockedPagesSpecifyCache
-  - MmMapIoSpace
-  - MmAllocateContiguousMemory
-  - MmFreeContiguousMemory
-  - IoAllocateMdl
-  - RtlInitUnicodeString
-  - ZwClose
-  - ZwOpenSection
-  - ZwMapViewOfSection
-  - ZwUnmapViewOfSection
-  - MmGetPhysicalAddress
-  - MmIsAddressValid
-  - IoFreeMdl
-  - KeBugCheckEx
-  - RtlCopyUnicodeString
-  - MmUnmapIoSpace
-  - MmUnmapLockedPages
-  - ObReferenceObjectByHandle
-  - ExFreePoolWithTag
-  - WdfVersionBind
-  - WdfVersionUnbind
-  - WdfVersionUnbindClass
-  - WdfVersionBindClass
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Timestamping CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2028-01-28 12:00:00'
-      Signature: 4e5e56901e46b4d94931f3bb1739281bc216ddfd41dc0905049b6fb2a29ad6992e40990055b5ea3fa52076d38634d417cc553ac782eeefa8babcd8069f1550dfcd167b523a02d7191afdaff0785ce04bc518df3a241edaacb8a95804020730dbb0125efe31bef00448f4f070f83a5e5683cf3dfb0dbcf4c5ed979db9d4dba52784e3389b8ba735864420a43b6da46a0ba183fd28ebdaef28f6cc885dfb0a3b00abe021ebe22f356c0f8e344597eba2f79933357ecb9a8abb454de73f9fc2d98afa65b26ec77e65ffe892e12c31a2f7b02736488f266f3bee4d761f79c3e57f9635bc2d0ecc01b08e7fff518080a792d4b34446648c874f166307314b63b0dff3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee152d7
-      Version: 3
-      TBS:
-        MD5: e140543fe3256027cfa79fc3c19c1776
-        SHA1: c655f94eb1ecc93de319fc0c9a2dc6c5ec063728
-        SHA256: 3ca71e85908ff67368e4dc00253f5691b9e6d50c966e7784143d75fb92aa3448
-        SHA384: d9d366f9328f2b55ee19a32cc5fd5148b81d764282fe5dc196c872ae249caa51d2c212ef39f33945dfe0cda81925e326
-    - Subject: C=SG, O=GMO GlobalSign Pte Ltd, CN=GlobalSign TSA for MS Authenticode
-        , G2
-      ValidFrom: '2016-05-24 00:00:00'
-      ValidTo: '2027-06-24 00:00:00'
-      Signature: 8fa91a916d04a637200e8396de23d36b6e1f6edd643d682122b5f84736698ee1a545c724a222b72909cc545aaec6bccd638eb33d5048e5b4ccaecd928d9e288b134a11aabda3efd3b236fcb4a172bf6d9763798c44bc702f7ef3bcdd8253ab1af6ebfa1c97bcb6379ca41c30bcabbc2d4736df922003e871c658f675059a34f00b595a824434aa80e42f84f6475d96c9b6caca9db7a6bae450d3d437b8ba200ed0d3922a5bc459bba16ddb3cce449dc1382aade38dbdcd09771a10be670a02366488b9b31b26eee79e60c446a8bc61336ccf4eb99cb96af09f37feb53d4f9ad34dffde208e4e97a6fd9f09bc4dca1876c9b04d8550f280d21d06f5580407b118
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1121d699a764973ef1f8427ee919cc534114
-      Version: 3
-      TBS:
-        MD5: acb5170547d76873f1e4ff18ed5de2eb
-        SHA1: bd6e261e75b807381bada7287de04d259258a5fa
-        SHA256: 4783380498acf592286ef2dea0fcc5bdea3f54d5e374d3e3497df9d5f662cfb6
-        SHA384: 4f428f115cf3d008248f15f32007fc7c54bd454e1b48b765776b4c87c23ab8818d8fbcbb3646d35eca012b025260a3b8
-    - Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 Extended Validation Code Signing CA , G2
-      ValidFrom: '2014-03-04 00:00:00'
-      ValidTo: '2024-03-03 23:59:59'
-      Signature: 3f5b19f3fa13d575382a5aee9f5aa04ca91dc5cc94eede15fef5106ea41ba56483541858c40b28a185c34e74e5ff897cfed5ed3cba719f5602268f162a88feb0a32722ce4be2388e00a63a865f9de53ea8de644941744121fd07c88417da1d653082cb264f39d60427a481b14b49c3238b7e02321827b7ab0bf31872b6a4ee67066f38a6588de0f17e5da460c6a8e5505fe0e8bae28f9958b6b5a0a876f1a2f11c8841727e52979b0a36998d50f701eb3ce7f0226ae5358c63368a1ab1d967665f971aefa8209df02fba6cced9948500f158f17dc97c22b5075d02c6e60bbfab9393ff27188e33367e5734f1c3af04c184f156b3e8878336f8d30a31dc6e2c6d
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 191a32cb759c97b8cfac118dd5127f49
-      Version: 3
-      TBS:
-        MD5: 788b61bd26da89253179e3de2cdb527f
-        SHA1: 7d06f16e7bf21bce4f71c2cb7a3e74351451bf69
-        SHA256: b3c925b4048c3f7c444d248a2b101186b57cba39596eb5dce0e17a4ee4b32f19
-        SHA384: 2955e28cb7ec0ea9730b499a0f189f9621eceb02591a9486b583f12bb845885a30d6a871826318a167cc5f06b274e58c
-    - Subject: ??=TW, ??=, ??=NEW TAIPEI, ??=Private Organization, serialNumber=22044755,
-        C=TW, L=NEW TAIPEI, O=GIGA,BYTE Technology Co., Ltd., CN=GIGA,BYTE Technology
-        Co., Ltd.
-      ValidFrom: '2018-12-07 00:00:00'
-      ValidTo: '2021-12-06 23:59:59'
-      Signature: 502fd3341b71cab45e302c7b586f9beefdce61639b7ccbaf643eb13bb29fcc6d5e37ba8f8af0b2d775216237d659088cbf124514ebe1fc6a663f20cbbd920afd64fbec463254a4e845cdb452b5768fcb2fb74e13043899381b57ce63419679395729d52fc8efbe19e08c5a4c6337eb910e048d30c2888718355460150ae33f20c8ea3724251dbe28d45de130843b462e11ff1ca90fb98e097b5f372b0aa1c5b2791897b4cf79cdbc02c5aca5a935a3ccf67fb67ef28390ed7913ee32e708869acbba27f24d6c7fc45b795b5e90c7200551babe0bae400343fc6fd75d36da7b5def7fde3a7f97519796d3bd14755a3adaa7cafcbe2cc24eb9a1a046ea8e05376d
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 4f8eefa0dcc85bbd656ab0f160743d34
-      Version: 3
-      TBS:
-        MD5: 5415ec7433f8ae320658011dfcfa2998
-        SHA1: 044407fe1b8e4b5af9eecf34ea87a0ecb32ee6bb
-        SHA256: f828f449f9b365a1455b8358b044385beaf097166a80defc440eacb8deb6ef26
-        SHA384: 640b5b53eabd60a97be0f1fcf7c893edb3d8ebf507c63958114532cd445246dc0ae92a4dadec314dd5babee5d7f0497c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    Signer:
-    - SerialNumber: 4f8eefa0dcc85bbd656ab0f160743d34
-      Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 Extended Validation Code Signing CA , G2
-      Version: 1
-  RichPEHeaderHash:
-    MD5: f1eee79b5bca1d22a2ec7aee5aa93969
-    SHA1: 84f9d21c87106474f076754327ecb668e0198513
-    SHA256: 8b097d0e3d4ca917b1313f09d35e23e7ce7ff3893233c415fdd9384b7a600010
-  Sections:
-    .text:
-      Entropy: 6.302884181466605
-      Virtual Size: '0x1c8e'
-    .rdata:
-      Entropy: 5.4427400878221235
-      Virtual Size: '0xa4c'
-    .data:
-      Entropy: 0.754659278632904
-      Virtual Size: '0xfb8'
-    .pdata:
-      Entropy: 4.00331954100182
-      Virtual Size: '0x1bc'
-    PAGE:
-      Entropy: 6.057356040541468
-      Virtual Size: '0xba4'
-    INIT:
-      Entropy: 5.399422660207438
-      Virtual Size: '0x468'
-    .rsrc:
-      Entropy: 3.3405007945158087
-      Virtual Size: '0x368'
-    .reloc:
-      Entropy: 3.1867043459100257
-      Virtual Size: '0x2c'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2021-01-25 00:05:25'
-  Imphash: 81acb4bb89ef49c4e7f30513b4750e53
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: gdrv.sys
-  MD5: 1549e6cbce408acaddeb4d24796f2eaf
-  SHA1: 18f09ec53f0b7d2b1ab64949157e0e84628d0f0a
-  SHA256: 8b92cdb91a2e2fab3881d54f5862e723826b759749f837a11c9e9d85d52095a2
-  Authentihash:
-    MD5: 9524a8cc0f1ce8a124e88f31c917c89d
-    SHA1: 8d6286e5d3e1558f6870bf1c4343da8a1d77aef3
-    SHA256: 3ede3c99d8a049232cd6baae9d44518a73c19d93230a1d320407a3fc2f506569
-  Description: GIGA-BYTE NonPnP Driver
-  Company: GIGA-BYTE TECHNOLOGY CO., LTD.
-  InternalName: gdrv.sys
-  OriginalFilename: gdrv.sys
-  FileVersion: 1.0.0.1
-  Product: GIGA-BYTE Software driver
-  ProductVersion: 1.0.0.1
-  Copyright: Copyright (C) 2017
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - WDFLDR.SYS
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - DbgPrint
-  - ExAllocatePool
-  - MmBuildMdlForNonPagedPool
-  - MmMapLockedPagesSpecifyCache
-  - MmMapIoSpace
-  - MmAllocateContiguousMemory
-  - MmFreeContiguousMemory
-  - IoAllocateMdl
-  - MmGetPhysicalAddress
-  - MmIsAddressValid
-  - KeBugCheckEx
-  - RtlCopyUnicodeString
-  - IoFreeMdl
-  - MmUnmapIoSpace
-  - MmUnmapLockedPages
-  - ExFreePoolWithTag
-  - WdfVersionBindClass
-  - WdfVersionBind
-  - WdfVersionUnbind
-  - WdfVersionUnbindClass
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 Extended Validation Code Signing CA , G2
-      ValidFrom: '2014-03-04 00:00:00'
-      ValidTo: '2024-03-03 23:59:59'
-      Signature: 3f5b19f3fa13d575382a5aee9f5aa04ca91dc5cc94eede15fef5106ea41ba56483541858c40b28a185c34e74e5ff897cfed5ed3cba719f5602268f162a88feb0a32722ce4be2388e00a63a865f9de53ea8de644941744121fd07c88417da1d653082cb264f39d60427a481b14b49c3238b7e02321827b7ab0bf31872b6a4ee67066f38a6588de0f17e5da460c6a8e5505fe0e8bae28f9958b6b5a0a876f1a2f11c8841727e52979b0a36998d50f701eb3ce7f0226ae5358c63368a1ab1d967665f971aefa8209df02fba6cced9948500f158f17dc97c22b5075d02c6e60bbfab9393ff27188e33367e5734f1c3af04c184f156b3e8878336f8d30a31dc6e2c6d
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 191a32cb759c97b8cfac118dd5127f49
-      Version: 3
-      TBS:
-        MD5: 788b61bd26da89253179e3de2cdb527f
-        SHA1: 7d06f16e7bf21bce4f71c2cb7a3e74351451bf69
-        SHA256: b3c925b4048c3f7c444d248a2b101186b57cba39596eb5dce0e17a4ee4b32f19
-        SHA384: 2955e28cb7ec0ea9730b499a0f189f9621eceb02591a9486b583f12bb845885a30d6a871826318a167cc5f06b274e58c
-    - Subject: ??=TW, ??=, ??=NEW TAIPEI, ??=Private Organization, serialNumber=22044755,
-        C=TW, L=NEW TAIPEI, O=GIGA,BYTE Technology Co., Ltd., CN=GIGA,BYTE Technology
-        Co., Ltd.
-      ValidFrom: '2018-12-07 00:00:00'
-      ValidTo: '2021-12-06 23:59:59'
-      Signature: 502fd3341b71cab45e302c7b586f9beefdce61639b7ccbaf643eb13bb29fcc6d5e37ba8f8af0b2d775216237d659088cbf124514ebe1fc6a663f20cbbd920afd64fbec463254a4e845cdb452b5768fcb2fb74e13043899381b57ce63419679395729d52fc8efbe19e08c5a4c6337eb910e048d30c2888718355460150ae33f20c8ea3724251dbe28d45de130843b462e11ff1ca90fb98e097b5f372b0aa1c5b2791897b4cf79cdbc02c5aca5a935a3ccf67fb67ef28390ed7913ee32e708869acbba27f24d6c7fc45b795b5e90c7200551babe0bae400343fc6fd75d36da7b5def7fde3a7f97519796d3bd14755a3adaa7cafcbe2cc24eb9a1a046ea8e05376d
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 4f8eefa0dcc85bbd656ab0f160743d34
-      Version: 3
-      TBS:
-        MD5: 5415ec7433f8ae320658011dfcfa2998
-        SHA1: 044407fe1b8e4b5af9eecf34ea87a0ecb32ee6bb
-        SHA256: f828f449f9b365a1455b8358b044385beaf097166a80defc440eacb8deb6ef26
-        SHA384: 640b5b53eabd60a97be0f1fcf7c893edb3d8ebf507c63958114532cd445246dc0ae92a4dadec314dd5babee5d7f0497c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    Signer:
-    - SerialNumber: 4f8eefa0dcc85bbd656ab0f160743d34
-      Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 Extended Validation Code Signing CA , G2
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 7eb18352afe92c32e6d8fafe1eb5e93b
-    SHA1: 3f0f2ac39a0d40eab850d3c520c8530787cb9979
-    SHA256: 71b608735d9c6d4adcdade732f8df7684c6a8bc7c5b8d427d584c58c52bd04a9
-  Sections:
-    .text:
-      Entropy: 6.1668404611605645
-      Virtual Size: '0x103e'
-    .rdata:
-      Entropy: 4.224340384192507
-      Virtual Size: '0x6b0'
-    .data:
-      Entropy: 0.754659278632904
-      Virtual Size: '0xfb8'
-    .pdata:
-      Entropy: 3.7951668454952525
-      Virtual Size: '0x174'
-    .gfids:
-      Entropy: 0.8112781244591328
-      Virtual Size: '0x4'
-    PAGE:
-      Entropy: 6.072611130069712
-      Virtual Size: '0x844'
-    INIT:
-      Entropy: 5.430018205225444
-      Virtual Size: '0x3bc'
-    .rsrc:
-      Entropy: 3.3337739108428788
-      Virtual Size: '0x368'
-    .reloc:
-      Entropy: 3.251870619839375
-      Virtual Size: '0x2c'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2019-01-17 01:52:53'
-  Imphash: f7d07bcaa23837d219dcb64e76290252
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: gdrv.sys
-  MD5: c832a4313ff082258240b61b88efa025
-  SHA1: 1f1ce28c10453acbc9d3844b4604c59c0ab0ad46
-  SHA256: cfc5c585dd4e592dd1a08887ded28b92d9a5820587b6f4f8fa4f56d60289259b
-  Authentihash:
-    MD5: 1c0c9b05800e86e0e1d158e0b44d4b99
-    SHA1: a2c4f33de0b2ebb8a505f97697d550ccb3f7b114
-    SHA256: b5433ec27586bdd8d2ef606f9212d8ed75ae3ae2e201a1acaf325d9b12239df8
-  Description: GIGABYTE Tools
-  Company: Windows (R) 2000 DDK provider
-  InternalName: gdrv.sys
-  OriginalFilename: gdrv.sys
-  FileVersion: 5.00.2195.1620
-  Product: Windows (R) 2000 DDK driver
-  ProductVersion: 5.00.2195.1620
-  Copyright: Copyright (C) Microsoft Corp. 1981-1999
-  MachineType: I386
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - ExFreePool
-  - MmUnmapIoSpace
-  - IoFreeMdl
-  - MmUnmapLockedPages
-  - ZwUnmapViewOfSection
-  - IoDeleteSymbolicLink
-  - IoAllocateMdl
-  - MmAllocateContiguousMemory
-  - MmFreeContiguousMemory
-  - MmGetPhysicalAddress
-  - ZwClose
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - MmBuildMdlForNonPagedPool
-  - MmMapLockedPages
-  - ExAllocatePoolWithTag
-  - RtlInitUnicodeString
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - DbgPrint
-  - IoDeleteDevice
-  - KfReleaseSpinLock
-  - HalTranslateBusAddress
-  - WRITE_PORT_ULONG
-  - WRITE_PORT_USHORT
-  - READ_PORT_ULONG
-  - READ_PORT_USHORT
-  - KfAcquireSpinLock
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=TW, ST=Taiwan, L=Taipei Hsien, O=Giga,Byte Technology, OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=Testing Department, CN=Giga,Byte
-        Technology
-      ValidFrom: '2010-08-23 00:00:00'
-      ValidTo: '2013-10-17 23:59:59'
-      Signature: a91cbb579fbb2bc2ed2fe0fa0055cc881ce21e175262d28efea8bd12eff1095eb750b2fc7b842c4c739c2e4ef41d1065df039d1d62e0c5db62340fd1989efcc16e97b23caaa71e40dcabaf4aa34dd7d53a3ef5c0f2fec1b964798d2a1c8b11d68ea326495fbede162652faa523ce52ed60ca5227dddeab211b90965b866425adc84465117f3ec040cb005aa590ef69a70db0de17af66f3e52da6b8c93237fc1975e2891c89712971266c80956a21542c71e1962b16655373911c3ea09bd0b26c866eb1a9fe4f1d0f7be30888c529b148990b4f226897e2a4a651c80cc79196f2731949d190c67be01b82362956317bc3487f490b460924ad135d97c6f9526292
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 248472542c24ab8e429229acf121ca26
-      Version: 3
-      TBS:
-        MD5: dc48abdae01614d4607b1f5760dfce88
-        SHA1: 467c1868ddb5ef8db746e66acbaab9fdd03fb740
-        SHA256: a7f448e2fe327e481adfd1e89db612d5c58ff7891373a6e398ab98ddaeae74c5
-        SHA384: eb0d25fdcfab622d1c80a92ecd689bde520ed2b8099b4120194daa1a0013cabc5bd5792b0c1f12ca9c93fa4518aa2ca7
-    Signer:
-    - SerialNumber: 248472542c24ab8e429229acf121ca26
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 540df91a76386d807eb40d21a50eb268
-    SHA1: c10a75fa85a326d57816eb8e66831aebf57e5fc2
-    SHA256: 20cac3057e8c5950794a61475dc8d992b5e75dc8b036bd0de4dc431ce662e152
-  Sections:
-    .text:
-      Entropy: 6.566467066736124
-      Virtual Size: '0x1c1a'
-    .rdata:
-      Entropy: 2.789529208002623
-      Virtual Size: '0xe4'
-    INIT:
-      Entropy: 5.25344296666572
-      Virtual Size: '0x352'
-    .rsrc:
-      Entropy: 3.446470809809315
-      Virtual Size: '0x3a0'
-    .reloc:
-      Entropy: 4.981256903616009
-      Virtual Size: '0x12c'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2013-07-03 22:27:29'
-  Imphash: 45f8f347e3fb919f3164a4a3278f1c71
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: gdrv.sys
-  MD5: d556cb79967e92b5cc69686d16c1d846
-  SHA1: de2b56ef7a30a4697e9c4cdcae0fc215d45d061d
-  SHA256: f4ff679066269392f6b7c3ba6257fc60dd609e4f9c491b00e1a16e4c405b0b9b
-  Authentihash:
-    MD5: 906258ee90744ed1307ba969a1c8722e
-    SHA1: 2b94ace70d946caa1fed6c8f97f2fafdb45d6c54
-    SHA256: 1251eef40b877fd379c175c02bb83e230fa5acd30020e54acc0718ab326818b3
-  Description: GIGABYTE Tools
-  Company: Windows (R) 2000 DDK provider
-  InternalName: gdrv.sys
-  OriginalFilename: gdrv.sys
-  FileVersion: 5.00.2195.1620
-  Product: Windows (R) 2000 DDK driver
-  ProductVersion: 5.00.2195.1620
-  Copyright: Copyright (C) Microsoft Corp. 1981-1999
-  MachineType: I386
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - MmAllocateContiguousMemory
-  - MmFreeContiguousMemory
-  - MmGetPhysicalAddress
-  - MmUnmapIoSpace
-  - DbgPrint
-  - ZwClose
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - IoDeleteSymbolicLink
-  - ZwUnmapViewOfSection
-  - IofCompleteRequest
-  - RtlInitUnicodeString
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - MmMapIoSpace
-  - IoDeleteDevice
-  - KfReleaseSpinLock
-  - HalTranslateBusAddress
-  - WRITE_PORT_ULONG
-  - WRITE_PORT_USHORT
-  - READ_PORT_ULONG
-  - READ_PORT_USHORT
-  - KfAcquireSpinLock
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=TW, ST=Taiwan, L=Taipei Hsien, O=Giga,Byte Technology, OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=Testing Department, CN=Giga,Byte
-        Technology
-      ValidFrom: '2007-10-02 00:00:00'
-      ValidTo: '2010-10-18 23:59:59'
-      Signature: 5c404cbb1176300b3b0f2b98924c5be7571d28c8e8086cea2fe21a4d3687b441facd3aec26e2722d2d4dabac900ab1158ad7b53edc2a3678743ae411eeb48e00560ce2e49a4954a5d3223cbb3fbcb6f19185ea33ac10f5c96fc80593236a3512ad98599c931486810fd0ca98df4c75fcdd6d69aceb0d6f755c74d4779ed39cc17946fc61e7a17bee5e5bc46220509aea779cc200315bfb778edc11429dc9763a4a3c7a04346ed759ef357c4744088ac9f4f949e783b42eec05b777c3629b718e0766c5ac956b0f67834009d3e0d171da24ee6b151d7bb40cf9f8e6f1e1a08fe2ec1fb101b766ec261c0ce6f98de3fb452a81a57bb0b72a44c06a01f199a8143d
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 720ef3aaa1a44f7d0717a805c290c378
-      Version: 3
-      TBS:
-        MD5: 0695cf8f3778103101610eccc2a78d04
-        SHA1: ab5b9a4474b73d3317a7853116f62e83c9301b0d
-        SHA256: 6b88dbf87d212b8a91c4fd09d6725e3ae498d898c8292e77657be9d44e2503ca
-        SHA384: 3dab111c5395ec6bda188690b936c86ed2e9d46d5f718488bd3f7608338556cf774df25f2ad4a64564d067c21dc05cdc
-    Signer:
-    - SerialNumber: 720ef3aaa1a44f7d0717a805c290c378
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: c90743abe4555532b75fa33632ea0776
-    SHA1: bf077c31fddab7757d9f63f0143ff99a250c0719
-    SHA256: 851842a00e07f2b11092dfc28ddea69804461fa27a8eb4fe3366b4994c31a520
-  Sections:
-    .text:
-      Entropy: 6.524533743036898
-      Virtual Size: '0x194e'
-    .rdata:
-      Entropy: 2.691603448798156
-      Virtual Size: '0xc4'
-    INIT:
-      Entropy: 5.184577293889747
-      Virtual Size: '0x2ae'
-    .rsrc:
-      Entropy: 4.514825600793878
-      Virtual Size: '0x614'
-    .reloc:
-      Entropy: 4.802440942775519
-      Virtual Size: '0xf8'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2009-03-12 21:17:32'
-  Imphash: b4c857bd3a7b1d8125c0f62aec45401e
-  LoadsDespiteHVCI: 'FALSE'
-Tags:
-- gdrv.sys
+-   Filename: gdrv.sys
+    MD5: b0954711c133d284a171dd560c8f492a
+    SHA1: 4f0d9122f57f4f8df41f3c3950359eb1284b9ab5
+    SHA256: 092d04284fdeb6762e65e6ac5b813920d6c69a5e99d110769c5c1a78e11c5ba0
+    Authentihash:
+        MD5: f4a434113ef1b0bfed60b8a5bcd4fa9c
+        SHA1: bffa9edada9f48685c5178f247c416029b423834
+        SHA256: 1bd6a40e294f4f74f9baf172f5a3e21dad3b7e31b5757d91bda309bd54a72fbe
+    Description: GIGA-BYTE NonPnP Driver
+    Company: GIGA-BYTE TECHNOLOGY CO., LTD.
+    InternalName: gdrv.sys
+    OriginalFilename: gdrv.sys
+    FileVersion: 1.0.1.1
+    Product: GIGA-BYTE Software driver
+    ProductVersion: 1.0.0.1
+    Copyright: Copyright (C) 2017
+    MachineType: I386
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    - WDFLDR.SYS
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - MmFreeContiguousMemory
+    - IoAllocateMdl
+    - MmAllocateContiguousMemory
+    - MmGetPhysicalAddress
+    - MmIsAddressValid
+    - KeBugCheckEx
+    - MmMapIoSpace
+    - MmMapLockedPagesSpecifyCache
+    - MmBuildMdlForNonPagedPool
+    - ExAllocatePool
+    - DbgPrint
+    - memset
+    - RtlCopyUnicodeString
+    - IoFreeMdl
+    - MmUnmapIoSpace
+    - MmUnmapLockedPages
+    - ExFreePoolWithTag
+    - WRITE_PORT_ULONG
+    - READ_PORT_USHORT
+    - READ_PORT_ULONG
+    - WRITE_PORT_UCHAR
+    - READ_PORT_UCHAR
+    - WRITE_PORT_USHORT
+    - WdfVersionBind
+    - WdfVersionBindClass
+    - WdfVersionUnbind
+    - WdfVersionUnbindClass
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 Extended Validation Code Signing CA , G2
+            ValidFrom: '2014-03-04 00:00:00'
+            ValidTo: '2024-03-03 23:59:59'
+            Signature: 3f5b19f3fa13d575382a5aee9f5aa04ca91dc5cc94eede15fef5106ea41ba56483541858c40b28a185c34e74e5ff897cfed5ed3cba719f5602268f162a88feb0a32722ce4be2388e00a63a865f9de53ea8de644941744121fd07c88417da1d653082cb264f39d60427a481b14b49c3238b7e02321827b7ab0bf31872b6a4ee67066f38a6588de0f17e5da460c6a8e5505fe0e8bae28f9958b6b5a0a876f1a2f11c8841727e52979b0a36998d50f701eb3ce7f0226ae5358c63368a1ab1d967665f971aefa8209df02fba6cced9948500f158f17dc97c22b5075d02c6e60bbfab9393ff27188e33367e5734f1c3af04c184f156b3e8878336f8d30a31dc6e2c6d
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 191a32cb759c97b8cfac118dd5127f49
+            Version: 3
+            TBS:
+                MD5: 788b61bd26da89253179e3de2cdb527f
+                SHA1: 7d06f16e7bf21bce4f71c2cb7a3e74351451bf69
+                SHA256: b3c925b4048c3f7c444d248a2b101186b57cba39596eb5dce0e17a4ee4b32f19
+                SHA384: 2955e28cb7ec0ea9730b499a0f189f9621eceb02591a9486b583f12bb845885a30d6a871826318a167cc5f06b274e58c
+        -   Subject: ??=TW, ??=, ??=NEW TAIPEI, ??=Private Organization, serialNumber=22044755,
+                C=TW, L=NEW TAIPEI, O=GIGA,BYTE Technology Co., Ltd., CN=GIGA,BYTE
+                Technology Co., Ltd.
+            ValidFrom: '2018-12-07 00:00:00'
+            ValidTo: '2021-12-06 23:59:59'
+            Signature: 502fd3341b71cab45e302c7b586f9beefdce61639b7ccbaf643eb13bb29fcc6d5e37ba8f8af0b2d775216237d659088cbf124514ebe1fc6a663f20cbbd920afd64fbec463254a4e845cdb452b5768fcb2fb74e13043899381b57ce63419679395729d52fc8efbe19e08c5a4c6337eb910e048d30c2888718355460150ae33f20c8ea3724251dbe28d45de130843b462e11ff1ca90fb98e097b5f372b0aa1c5b2791897b4cf79cdbc02c5aca5a935a3ccf67fb67ef28390ed7913ee32e708869acbba27f24d6c7fc45b795b5e90c7200551babe0bae400343fc6fd75d36da7b5def7fde3a7f97519796d3bd14755a3adaa7cafcbe2cc24eb9a1a046ea8e05376d
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 4f8eefa0dcc85bbd656ab0f160743d34
+            Version: 3
+            TBS:
+                MD5: 5415ec7433f8ae320658011dfcfa2998
+                SHA1: 044407fe1b8e4b5af9eecf34ea87a0ecb32ee6bb
+                SHA256: f828f449f9b365a1455b8358b044385beaf097166a80defc440eacb8deb6ef26
+                SHA384: 640b5b53eabd60a97be0f1fcf7c893edb3d8ebf507c63958114532cd445246dc0ae92a4dadec314dd5babee5d7f0497c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        Signer:
+        -   SerialNumber: 4f8eefa0dcc85bbd656ab0f160743d34
+            Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 Extended Validation Code Signing CA , G2
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 03eb5694b86b7b4bd881c01e7c65c229
+        SHA1: 9ea2af86738603b8014145f6e57cdca30052d682
+        SHA256: fe972e5d0cd1b46882d0c1cacca6f8fd9f7034d006e00f8439a549090d7fd40f
+    Sections:
+        .text:
+            Entropy: 6.079755030506782
+            Virtual Size: '0x383'
+        .rdata:
+            Entropy: 3.9588953379045915
+            Virtual Size: '0x3cc'
+        .data:
+            Entropy: 0.568711264156015
+            Virtual Size: '0x8b8'
+        PAGE:
+            Entropy: 6.197689857125293
+            Virtual Size: '0xa7e'
+        INIT:
+            Entropy: 5.617941004832402
+            Virtual Size: '0x3ba'
+        .rsrc:
+            Entropy: 3.3378742704604414
+            Virtual Size: '0x368'
+        .reloc:
+            Entropy: 5.642936600253398
+            Virtual Size: '0x188'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2019-02-12 20:25:54'
+    Imphash: 59b3f3fa2775e407721c2491ddb2890b
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: gdrv.sys
+    MD5: 043d5a1fc66662a3f91b8a9c027f9be9
+    SHA1: 3d8cc9123be74b31c597b0014c2a72090f0c44ef
+    SHA256: 0ce40a2cdd3f45c7632b858e8089ddfdd12d9acb286f2015a4b1b0c0346a572c
+    Authentihash:
+        MD5: 5029d92e78dd56446eae97c8acd56926
+        SHA1: 00e5f35b31d5bfd2745bb04909f1faf26abfcec0
+        SHA256: 12ae98c0f1d7209cffe3bc8be5b76aa1f4faba40af99a6dd299462cdd3820c94
+    Description: GIGA-BYTE NonPnP Driver
+    Company: GIGA-BYTE TECHNOLOGY CO., LTD.
+    InternalName: gdrv.sys
+    OriginalFilename: gdrv.sys
+    FileVersion: 1.0.1.1
+    Product: GIGA-BYTE Software driver
+    ProductVersion: 1.0.0.1
+    Copyright: Copyright (C) 2017
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - WDFLDR.SYS
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - DbgPrint
+    - ExAllocatePool
+    - MmBuildMdlForNonPagedPool
+    - MmMapLockedPagesSpecifyCache
+    - MmMapIoSpace
+    - MmAllocateContiguousMemory
+    - MmFreeContiguousMemory
+    - IoAllocateMdl
+    - MmGetPhysicalAddress
+    - MmIsAddressValid
+    - KeBugCheckEx
+    - RtlCopyUnicodeString
+    - IoFreeMdl
+    - MmUnmapIoSpace
+    - MmUnmapLockedPages
+    - ExFreePoolWithTag
+    - WdfVersionBindClass
+    - WdfVersionBind
+    - WdfVersionUnbind
+    - WdfVersionUnbindClass
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 Extended Validation Code Signing CA , G2
+            ValidFrom: '2014-03-04 00:00:00'
+            ValidTo: '2024-03-03 23:59:59'
+            Signature: 3f5b19f3fa13d575382a5aee9f5aa04ca91dc5cc94eede15fef5106ea41ba56483541858c40b28a185c34e74e5ff897cfed5ed3cba719f5602268f162a88feb0a32722ce4be2388e00a63a865f9de53ea8de644941744121fd07c88417da1d653082cb264f39d60427a481b14b49c3238b7e02321827b7ab0bf31872b6a4ee67066f38a6588de0f17e5da460c6a8e5505fe0e8bae28f9958b6b5a0a876f1a2f11c8841727e52979b0a36998d50f701eb3ce7f0226ae5358c63368a1ab1d967665f971aefa8209df02fba6cced9948500f158f17dc97c22b5075d02c6e60bbfab9393ff27188e33367e5734f1c3af04c184f156b3e8878336f8d30a31dc6e2c6d
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 191a32cb759c97b8cfac118dd5127f49
+            Version: 3
+            TBS:
+                MD5: 788b61bd26da89253179e3de2cdb527f
+                SHA1: 7d06f16e7bf21bce4f71c2cb7a3e74351451bf69
+                SHA256: b3c925b4048c3f7c444d248a2b101186b57cba39596eb5dce0e17a4ee4b32f19
+                SHA384: 2955e28cb7ec0ea9730b499a0f189f9621eceb02591a9486b583f12bb845885a30d6a871826318a167cc5f06b274e58c
+        -   Subject: ??=TW, ??=, ??=NEW TAIPEI, ??=Private Organization, serialNumber=22044755,
+                C=TW, L=NEW TAIPEI, O=GIGA,BYTE Technology Co., Ltd., CN=GIGA,BYTE
+                Technology Co., Ltd.
+            ValidFrom: '2018-12-07 00:00:00'
+            ValidTo: '2021-12-06 23:59:59'
+            Signature: 502fd3341b71cab45e302c7b586f9beefdce61639b7ccbaf643eb13bb29fcc6d5e37ba8f8af0b2d775216237d659088cbf124514ebe1fc6a663f20cbbd920afd64fbec463254a4e845cdb452b5768fcb2fb74e13043899381b57ce63419679395729d52fc8efbe19e08c5a4c6337eb910e048d30c2888718355460150ae33f20c8ea3724251dbe28d45de130843b462e11ff1ca90fb98e097b5f372b0aa1c5b2791897b4cf79cdbc02c5aca5a935a3ccf67fb67ef28390ed7913ee32e708869acbba27f24d6c7fc45b795b5e90c7200551babe0bae400343fc6fd75d36da7b5def7fde3a7f97519796d3bd14755a3adaa7cafcbe2cc24eb9a1a046ea8e05376d
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 4f8eefa0dcc85bbd656ab0f160743d34
+            Version: 3
+            TBS:
+                MD5: 5415ec7433f8ae320658011dfcfa2998
+                SHA1: 044407fe1b8e4b5af9eecf34ea87a0ecb32ee6bb
+                SHA256: f828f449f9b365a1455b8358b044385beaf097166a80defc440eacb8deb6ef26
+                SHA384: 640b5b53eabd60a97be0f1fcf7c893edb3d8ebf507c63958114532cd445246dc0ae92a4dadec314dd5babee5d7f0497c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        Signer:
+        -   SerialNumber: 4f8eefa0dcc85bbd656ab0f160743d34
+            Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 Extended Validation Code Signing CA , G2
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 7eb18352afe92c32e6d8fafe1eb5e93b
+        SHA1: 3f0f2ac39a0d40eab850d3c520c8530787cb9979
+        SHA256: 71b608735d9c6d4adcdade732f8df7684c6a8bc7c5b8d427d584c58c52bd04a9
+    Sections:
+        .text:
+            Entropy: 6.1918639017358545
+            Virtual Size: '0x103e'
+        .rdata:
+            Entropy: 4.237177841304867
+            Virtual Size: '0x6b0'
+        .data:
+            Entropy: 0.754659278632904
+            Virtual Size: '0xfb8'
+        .pdata:
+            Entropy: 3.811205019243734
+            Virtual Size: '0x174'
+        .gfids:
+            Entropy: 0.8112781244591328
+            Virtual Size: '0x4'
+        PAGE:
+            Entropy: 6.06059048417531
+            Virtual Size: '0x834'
+        INIT:
+            Entropy: 5.430018205225444
+            Virtual Size: '0x3bc'
+        .rsrc:
+            Entropy: 3.340167848442093
+            Virtual Size: '0x368'
+        .reloc:
+            Entropy: 3.251870619839375
+            Virtual Size: '0x2c'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2019-02-12 20:23:11'
+    Imphash: f7d07bcaa23837d219dcb64e76290252
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: gdrv.sys
+    MD5: 3c55092900343d3d28564e2d34e7be2c
+    SHA1: 1a56614ea7d335c844b7fc6edd5feb59b8df7b55
+    SHA256: 133e542842656197c5d22429bd56d57aa33c9522897fdf29853a6d321033c743
+    Authentihash:
+        MD5: b661326f2405e4947bf879cc97f13438
+        SHA1: c7e06ef18efee6d133c5014ef45d6657e1e36b90
+        SHA256: c92d943a465e20f50bae8d46ea38b635d2da85ae4e34f0170fd6f451890c76d7
+    Description: GIGA-BYTE NonPnP Driver
+    Company: GIGA-BYTE TECHNOLOGY CO., LTD.
+    InternalName: gdrv.sys
+    OriginalFilename: gdrv.sys
+    FileVersion: 1.0.1.3
+    Product: GIGA-BYTE Software driver
+    ProductVersion: 1.0.0.1
+    Copyright: Copyright (C) 2017
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - WDFLDR.SYS
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - DbgPrint
+    - ExAllocatePool
+    - MmBuildMdlForNonPagedPool
+    - MmMapLockedPagesSpecifyCache
+    - MmMapIoSpace
+    - MmAllocateContiguousMemory
+    - MmFreeContiguousMemory
+    - IoAllocateMdl
+    - RtlInitUnicodeString
+    - ZwClose
+    - ZwOpenSection
+    - ZwMapViewOfSection
+    - ZwUnmapViewOfSection
+    - MmGetPhysicalAddress
+    - MmIsAddressValid
+    - KeBugCheckEx
+    - RtlCopyUnicodeString
+    - IoFreeMdl
+    - MmUnmapIoSpace
+    - MmUnmapLockedPages
+    - ObReferenceObjectByHandle
+    - ExFreePoolWithTag
+    - WdfVersionBindClass
+    - WdfVersionBind
+    - WdfVersionUnbind
+    - WdfVersionUnbindClass
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 Extended Validation Code Signing CA , G2
+            ValidFrom: '2014-03-04 00:00:00'
+            ValidTo: '2024-03-03 23:59:59'
+            Signature: 3f5b19f3fa13d575382a5aee9f5aa04ca91dc5cc94eede15fef5106ea41ba56483541858c40b28a185c34e74e5ff897cfed5ed3cba719f5602268f162a88feb0a32722ce4be2388e00a63a865f9de53ea8de644941744121fd07c88417da1d653082cb264f39d60427a481b14b49c3238b7e02321827b7ab0bf31872b6a4ee67066f38a6588de0f17e5da460c6a8e5505fe0e8bae28f9958b6b5a0a876f1a2f11c8841727e52979b0a36998d50f701eb3ce7f0226ae5358c63368a1ab1d967665f971aefa8209df02fba6cced9948500f158f17dc97c22b5075d02c6e60bbfab9393ff27188e33367e5734f1c3af04c184f156b3e8878336f8d30a31dc6e2c6d
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 191a32cb759c97b8cfac118dd5127f49
+            Version: 3
+            TBS:
+                MD5: 788b61bd26da89253179e3de2cdb527f
+                SHA1: 7d06f16e7bf21bce4f71c2cb7a3e74351451bf69
+                SHA256: b3c925b4048c3f7c444d248a2b101186b57cba39596eb5dce0e17a4ee4b32f19
+                SHA384: 2955e28cb7ec0ea9730b499a0f189f9621eceb02591a9486b583f12bb845885a30d6a871826318a167cc5f06b274e58c
+        -   Subject: ??=TW, ??=, ??=NEW TAIPEI, ??=Private Organization, serialNumber=22044755,
+                C=TW, L=NEW TAIPEI, O=GIGA,BYTE Technology Co., Ltd., CN=GIGA,BYTE
+                Technology Co., Ltd.
+            ValidFrom: '2018-12-07 00:00:00'
+            ValidTo: '2021-12-06 23:59:59'
+            Signature: 502fd3341b71cab45e302c7b586f9beefdce61639b7ccbaf643eb13bb29fcc6d5e37ba8f8af0b2d775216237d659088cbf124514ebe1fc6a663f20cbbd920afd64fbec463254a4e845cdb452b5768fcb2fb74e13043899381b57ce63419679395729d52fc8efbe19e08c5a4c6337eb910e048d30c2888718355460150ae33f20c8ea3724251dbe28d45de130843b462e11ff1ca90fb98e097b5f372b0aa1c5b2791897b4cf79cdbc02c5aca5a935a3ccf67fb67ef28390ed7913ee32e708869acbba27f24d6c7fc45b795b5e90c7200551babe0bae400343fc6fd75d36da7b5def7fde3a7f97519796d3bd14755a3adaa7cafcbe2cc24eb9a1a046ea8e05376d
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 4f8eefa0dcc85bbd656ab0f160743d34
+            Version: 3
+            TBS:
+                MD5: 5415ec7433f8ae320658011dfcfa2998
+                SHA1: 044407fe1b8e4b5af9eecf34ea87a0ecb32ee6bb
+                SHA256: f828f449f9b365a1455b8358b044385beaf097166a80defc440eacb8deb6ef26
+                SHA384: 640b5b53eabd60a97be0f1fcf7c893edb3d8ebf507c63958114532cd445246dc0ae92a4dadec314dd5babee5d7f0497c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        Signer:
+        -   SerialNumber: 4f8eefa0dcc85bbd656ab0f160743d34
+            Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 Extended Validation Code Signing CA , G2
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 7eb18352afe92c32e6d8fafe1eb5e93b
+        SHA1: 3f0f2ac39a0d40eab850d3c520c8530787cb9979
+        SHA256: 71b608735d9c6d4adcdade732f8df7684c6a8bc7c5b8d427d584c58c52bd04a9
+    Sections:
+        .text:
+            Entropy: 6.174048897397458
+            Virtual Size: '0x138e'
+        .rdata:
+            Entropy: 4.254293906774769
+            Virtual Size: '0x710'
+        .data:
+            Entropy: 0.7345015722226091
+            Virtual Size: '0xfb8'
+        .pdata:
+            Entropy: 3.8098736809486815
+            Virtual Size: '0x1a4'
+        .gfids:
+            Entropy: 0.8112781244591328
+            Virtual Size: '0x4'
+        PAGE:
+            Entropy: 6.056099606920948
+            Virtual Size: '0x964'
+        INIT:
+            Entropy: 5.472943444636511
+            Virtual Size: '0x468'
+        .rsrc:
+            Entropy: 3.3475705158878046
+            Virtual Size: '0x368'
+        .reloc:
+            Entropy: 3.3380209612256118
+            Virtual Size: '0x2c'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2019-04-15 01:45:51'
+    Imphash: d6dc99d60798b2647006ddba21671160
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: gdrv.sys
+    MD5: 7907e14f9bcf3a4689c9a74a1a873cb6
+    SHA1: b9b72a5be3871ddc0446bae35548ea176c4ea613
+    SHA256: 17927b93b2d6ab4271c158f039cae2d60591d6a14458f5a5690aec86f5d54229
+    Authentihash:
+        MD5: b4709bbd5e329d55130e0db781afc89c
+        SHA1: b483cdd20bb24ed9a20f4168628b7053b04ebb93
+        SHA256: bb0063e65c44da66d705d25121af09b641070219c174f5d83e288ba8fe59e46f
+    Description: GIGABYTE Tools
+    Company: Windows (R) Server 2003 DDK provider
+    InternalName: gdrv.sys
+    OriginalFilename: gdrv.sys
+    FileVersion: '5.2.3790.1830 built by: WinDDK'
+    Product: Windows (R) Server 2003 DDK driver
+    ProductVersion: 5.2.3790.1830
+    Copyright: "\xA9 Microsoft Corporation. All rights reserved."
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoCreateDevice
+    - RtlInitUnicodeString
+    - DbgPrint
+    - IoDeleteSymbolicLink
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - ZwClose
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - IoCreateSymbolicLink
+    - KeReleaseInStackQueuedSpinLock
+    - KeAcquireInStackQueuedSpinLock
+    - MmFreeContiguousMemory
+    - MmIsAddressValid
+    - MmAllocateContiguousMemory
+    - MmGetPhysicalAddress
+    - IofCompleteRequest
+    - ZwUnmapViewOfSection
+    - ZwOpenSection
+    - IoDeleteDevice
+    - HalTranslateBusAddress
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=TW, ST=Taiwan, L=Taipei Hsien, O=Giga,Byte Technology, OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, OU=Testing Department,
+                CN=Giga,Byte Technology
+            ValidFrom: '2007-10-02 00:00:00'
+            ValidTo: '2010-10-18 23:59:59'
+            Signature: 5c404cbb1176300b3b0f2b98924c5be7571d28c8e8086cea2fe21a4d3687b441facd3aec26e2722d2d4dabac900ab1158ad7b53edc2a3678743ae411eeb48e00560ce2e49a4954a5d3223cbb3fbcb6f19185ea33ac10f5c96fc80593236a3512ad98599c931486810fd0ca98df4c75fcdd6d69aceb0d6f755c74d4779ed39cc17946fc61e7a17bee5e5bc46220509aea779cc200315bfb778edc11429dc9763a4a3c7a04346ed759ef357c4744088ac9f4f949e783b42eec05b777c3629b718e0766c5ac956b0f67834009d3e0d171da24ee6b151d7bb40cf9f8e6f1e1a08fe2ec1fb101b766ec261c0ce6f98de3fb452a81a57bb0b72a44c06a01f199a8143d
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 720ef3aaa1a44f7d0717a805c290c378
+            Version: 3
+            TBS:
+                MD5: 0695cf8f3778103101610eccc2a78d04
+                SHA1: ab5b9a4474b73d3317a7853116f62e83c9301b0d
+                SHA256: 6b88dbf87d212b8a91c4fd09d6725e3ae498d898c8292e77657be9d44e2503ca
+                SHA384: 3dab111c5395ec6bda188690b936c86ed2e9d46d5f718488bd3f7608338556cf774df25f2ad4a64564d067c21dc05cdc
+        Signer:
+        -   SerialNumber: 720ef3aaa1a44f7d0717a805c290c378
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 692489f3a392b18a282362c2a5fb716c
+        SHA1: 8761b768f8363715c0bba36e2d1745517eef2ae2
+        SHA256: 0e6e9bb637b9d83dd448097c3f58f1040e5302ee4b0aaebca70f7c5044309c7e
+    Sections:
+        .text:
+            Entropy: 6.2433654070225355
+            Virtual Size: '0x2c18'
+        .rdata:
+            Entropy: 4.588619241668126
+            Virtual Size: '0x5fc'
+        .data:
+            Entropy: 0.4231266687750792
+            Virtual Size: '0x158'
+        .pdata:
+            Entropy: 4.115714399866766
+            Virtual Size: '0x2dc'
+        INIT:
+            Entropy: 4.901958142373141
+            Virtual Size: '0x34c'
+        .rsrc:
+            Entropy: 4.481086585534943
+            Virtual Size: '0x65c'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2009-03-12 21:22:29'
+    Imphash: 6816dabcee7b7d027bfbb93a16297afa
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: gdrv.sys
+    MD5: a72e10ecea2fdeb8b9d4f45d0294086b
+    SHA1: 4692730f6b56eeb0399460c72ade8a15ddd43a62
+    SHA256: 26c28746e947389856543837aa59a5b1f4697e5721a04d00aa28151a2659b097
+    Authentihash:
+        MD5: 8e9f3d61eaa5d5df8ac92c3c89eb7347
+        SHA1: c1b7be5e37f29ee8114b701f88d68748f196c530
+        SHA256: b213524b22aadcc273142c4b8afc2a6219d6b8b7cab4b41adf9944efb8f46005
+    Description: GIGA-BYTE NonPnP Driver
+    Company: GIGA-BYTE TECHNOLOGY CO., LTD.
+    InternalName: gdrv.sys
+    OriginalFilename: gdrv.sys
+    FileVersion: 1.0.0.5
+    Product: GIGA-BYTE Software driver
+    ProductVersion: 1.0.0.1
+    Copyright: Copyright (C) 2017
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - WDFLDR.SYS
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - DbgPrint
+    - ExAllocatePool
+    - MmBuildMdlForNonPagedPool
+    - MmMapLockedPagesSpecifyCache
+    - MmMapIoSpace
+    - MmAllocateContiguousMemory
+    - MmFreeContiguousMemory
+    - IoAllocateMdl
+    - RtlInitUnicodeString
+    - ZwClose
+    - ZwOpenSection
+    - ZwMapViewOfSection
+    - ZwUnmapViewOfSection
+    - MmGetPhysicalAddress
+    - MmIsAddressValid
+    - KeBugCheckEx
+    - RtlCopyUnicodeString
+    - IoFreeMdl
+    - MmUnmapIoSpace
+    - MmUnmapLockedPages
+    - ObReferenceObjectByHandle
+    - ExFreePoolWithTag
+    - WdfVersionBindClass
+    - WdfVersionBind
+    - WdfVersionUnbind
+    - WdfVersionUnbindClass
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 Extended Validation Code Signing CA , G2
+            ValidFrom: '2014-03-04 00:00:00'
+            ValidTo: '2024-03-03 23:59:59'
+            Signature: 3f5b19f3fa13d575382a5aee9f5aa04ca91dc5cc94eede15fef5106ea41ba56483541858c40b28a185c34e74e5ff897cfed5ed3cba719f5602268f162a88feb0a32722ce4be2388e00a63a865f9de53ea8de644941744121fd07c88417da1d653082cb264f39d60427a481b14b49c3238b7e02321827b7ab0bf31872b6a4ee67066f38a6588de0f17e5da460c6a8e5505fe0e8bae28f9958b6b5a0a876f1a2f11c8841727e52979b0a36998d50f701eb3ce7f0226ae5358c63368a1ab1d967665f971aefa8209df02fba6cced9948500f158f17dc97c22b5075d02c6e60bbfab9393ff27188e33367e5734f1c3af04c184f156b3e8878336f8d30a31dc6e2c6d
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 191a32cb759c97b8cfac118dd5127f49
+            Version: 3
+            TBS:
+                MD5: 788b61bd26da89253179e3de2cdb527f
+                SHA1: 7d06f16e7bf21bce4f71c2cb7a3e74351451bf69
+                SHA256: b3c925b4048c3f7c444d248a2b101186b57cba39596eb5dce0e17a4ee4b32f19
+                SHA384: 2955e28cb7ec0ea9730b499a0f189f9621eceb02591a9486b583f12bb845885a30d6a871826318a167cc5f06b274e58c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: ??=TW, ??=Private Organization, serialNumber=22044755, C=TW,
+                ST=Taiwan, L=New Taipei, O=GIGA,BYTE TECHNOLOGY CO., LTD., OU=Quality
+                Validation Department II, CN=GIGA,BYTE TECHNOLOGY CO., LTD.
+            ValidFrom: '2015-11-25 00:00:00'
+            ValidTo: '2018-11-24 23:59:59'
+            Signature: 4b80390dbbac3854acdd732ced7a533a35cb04b57da3e63120d90c4111b9e11f0255d4264a960873efa865d8dd122d77d082d72b197f3fd2b1df36bc03dac88c0e193e023129b8e144e4e75f75ff24ad2843094442e85611c4c8a1a622fcd7cdc61984d07df686844320b6af005280432251809de912567b74cf92e07daa504060bf26ed15cfaa23b09096c79fab8607e6bfb848c62a0e9f8734e20837fa5b420374642dc972cb188a71714087a47114dbf41e2f339707c404189e288d6f26fb2c5c24ee3d9dc8c03201c03155ce1eabe56e125913c361fc425dda869335fbb8f8d19afb58d1a19dd65e4a85ffd75021946cfcb5b0170624616009ce5b2b0d2f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 47547865fbe14ca43b8231902649d74d
+            Version: 3
+            TBS:
+                MD5: 7ce6ab4209b99d039125f7d2466f7707
+                SHA1: 6f99eeb729cc36377229a2b37172f0da37e6bbb1
+                SHA256: 864a2f84905d3ccee358fdad2333d71065de08345ee97cecaab964195f85fcd3
+                SHA384: ae8ccffac5ac06f978822df110f59000024525bc59262df7c1f2fea08ff49285afca479959f163ce4bfe43e956cfa220
+        Signer:
+        -   SerialNumber: 47547865fbe14ca43b8231902649d74d
+            Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 Extended Validation Code Signing CA , G2
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 7eb18352afe92c32e6d8fafe1eb5e93b
+        SHA1: 3f0f2ac39a0d40eab850d3c520c8530787cb9979
+        SHA256: 71b608735d9c6d4adcdade732f8df7684c6a8bc7c5b8d427d584c58c52bd04a9
+    Sections:
+        .text:
+            Entropy: 6.1762923779720875
+            Virtual Size: '0x134e'
+        .rdata:
+            Entropy: 4.255692242153894
+            Virtual Size: '0x750'
+        .data:
+            Entropy: 0.7345015722226091
+            Virtual Size: '0xfb8'
+        .pdata:
+            Entropy: 3.8755184712871364
+            Virtual Size: '0x1a4'
+        .gfids:
+            Entropy: 0.8112781244591328
+            Virtual Size: '0x4'
+        PAGE:
+            Entropy: 6.058280996869597
+            Virtual Size: '0x964'
+        INIT:
+            Entropy: 5.476143480518104
+            Virtual Size: '0x468'
+        .rsrc:
+            Entropy: 3.3444821443483326
+            Virtual Size: '0x368'
+        .reloc:
+            Entropy: 3.248587587731763
+            Virtual Size: '0x2c'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2018-04-20 04:38:40'
+    Imphash: d6dc99d60798b2647006ddba21671160
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: gdrv.sys
+    MD5: 31f34de4374a6ed0e70a022a0efa2570
+    SHA1: c70989ed7a6ad9d7cd40ae970e90f3c3f2f84860
+    SHA256: 6f1fc8287dd8d724972d7a165683f2b2ad6837e16f09fe292714e8e38ecd1e38
+    Authentihash:
+        MD5: b18b1bff521337695d2d6a0768340252
+        SHA1: 0f5034fcf5b34be22a72d2ecc29e348e93b6f00f
+        SHA256: 9c0e80958b907c8df345ec2f8d711acefb4951ee3e6e84892ecd429f5e1f3acb
+    Description: GIGABYTE Tools
+    Company: Windows (R) Server 2003 DDK provider
+    InternalName: gdrv.sys
+    OriginalFilename: gdrv.sys
+    FileVersion: '5.2.3790.1830 built by: WinDDK'
+    Product: Windows (R) Server 2003 DDK driver
+    ProductVersion: 5.2.3790.1830
+    Copyright: "\xA9 Microsoft Corporation. All rights reserved."
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoCreateDevice
+    - RtlInitUnicodeString
+    - DbgPrint
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - MmUnmapIoSpace
+    - IoFreeMdl
+    - MmUnmapLockedPages
+    - MmMapIoSpace
+    - ZwClose
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - IoCreateSymbolicLink
+    - KeAcquireInStackQueuedSpinLock
+    - MmFreeContiguousMemory
+    - MmIsAddressValid
+    - MmAllocateContiguousMemory
+    - MmGetPhysicalAddress
+    - IofCompleteRequest
+    - ExAllocatePoolWithTag
+    - MmMapLockedPages
+    - MmBuildMdlForNonPagedPool
+    - IoAllocateMdl
+    - ZwUnmapViewOfSection
+    - KeReleaseInStackQueuedSpinLock
+    - IoDeleteDevice
+    - HalTranslateBusAddress
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G3
+            ValidFrom: '2016-03-16 00:00:00'
+            ValidTo: '2024-03-16 00:00:00'
+            Signature: 3b41bbc84f561182b719e3d96dc185ae9e690ec84326234b8d44c8e87d5f070e5341d563444a890bb874ac7db578792f8426e2d7f7bad1ae2dfd69cffa7c64dc24162a4adac097a9bbd5dd88e7a1929a0aa5f6f7bace85d6e4e3d455deeddc3e211f1bc87788cffc65fb05b48f12a630d30d66982f6c2e6f85187c8ff5f6fbb1ab10e183270885b07321ba5d2cba8330b73984dd5db67fd28bb455534c42a2bc4a6c78395b631ca37827bfbe34836b6d7b1e60fbc29b0d88ac8c72546bdc3b88ba81525e689783b8ce7fa3cdf9ea2f2676facd0b06ac4344497bf64c9442b2abcfd542d51942696e618664c7b37d078bdbe5767b6e5f65a91690a2cee4ae6492
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47c30ffefc22bb280f96fea75251
+            Version: 3
+            TBS:
+                MD5: 729cf4baceff4ef7aa199ad4f4ebed3d
+                SHA1: f478f0e790d5c8ec6056a3ab2567404a991d2837
+                SHA256: c3c88c2a500cb5a97abca837193a5bd382f6eb3aeb0008edbce65ea2a3dbfd5c
+                SHA384: e62bbb1ba1ad3df59f2c7265df5576af6b5d4a7473b74985a9d956975fdfc517ffbdd2172b0e3ea36befcb6a9026c872
+        -   Subject: C=US, O=DigiCert, Inc., CN=DigiCert Timestamp 2021
+            ValidFrom: '2021-01-01 00:00:00'
+            ValidTo: '2031-01-06 00:00:00'
+            Signature: 481cdcb5e99a23bce71ae7200e8e6746fd427251740a2347a3ab92d225c47059be14a0e52781a54d1415190779f0d104c386d93bbdfe4402664ded69a40ff6b870cf62e8f5514a7879367a27b7f3e7529f93a7ed439e7be7b4dd412289fb87a246034efcf4feb76477635f2352698382fa1a53ed90cc8da117730df4f36539704bf39cd67a7bda0cbc3d32d01bcbf561fc75080076bc810ef8c0e15ccfc41172e71b6449d8229a751542f52d323881daf460a2bab452fb5ce06124254fb2dfc929a8734351dabd63d61f5b9bf72e1b4f131df74a0d717e97b7f43f84ebc1e3a349a1facea7bf56cfba597661895f7ea7b48e6778f93698e1cb28da5b87a68a2f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 0d424ae0be3a88ff604021ce1400f0dd
+            Version: 3
+            TBS:
+                MD5: c0189c338449a42fe8358c2c1fbecc60
+                SHA1: b8ac0ee6875594b80ad86a6df6dd1fa3048c187c
+                SHA256: a43de6baf968a942da017b70769fdb65b3cfb1bbca1f9174da26a7d8aae78ec5
+                SHA384: 76d3a316a5a106050298418cce3beea16100524723d9e3220b0de51bfb6f1c35a5d4c7cd10b358fef7bf94c3e3562150
+        -   Subject: C=US, O=DigiCert, Inc., CN=DigiCert Timestamp 2021
+            ValidFrom: '2021-01-01 00:00:00'
+            ValidTo: '2031-01-06 00:00:00'
+            Signature: 481cdcb5e99a23bce71ae7200e8e6746fd427251740a2347a3ab92d225c47059be14a0e52781a54d1415190779f0d104c386d93bbdfe4402664ded69a40ff6b870cf62e8f5514a7879367a27b7f3e7529f93a7ed439e7be7b4dd412289fb87a246034efcf4feb76477635f2352698382fa1a53ed90cc8da117730df4f36539704bf39cd67a7bda0cbc3d32d01bcbf561fc75080076bc810ef8c0e15ccfc41172e71b6449d8229a751542f52d323881daf460a2bab452fb5ce06124254fb2dfc929a8734351dabd63d61f5b9bf72e1b4f131df74a0d717e97b7f43f84ebc1e3a349a1facea7bf56cfba597661895f7ea7b48e6778f93698e1cb28da5b87a68a2f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 0d424ae0be3a88ff604021ce1400f0dd
+            Version: 3
+            TBS:
+                MD5: c0189c338449a42fe8358c2c1fbecc60
+                SHA1: b8ac0ee6875594b80ad86a6df6dd1fa3048c187c
+                SHA256: a43de6baf968a942da017b70769fdb65b3cfb1bbca1f9174da26a7d8aae78ec5
+                SHA384: 76d3a316a5a106050298418cce3beea16100524723d9e3220b0de51bfb6f1c35a5d4c7cd10b358fef7bf94c3e3562150
+        -   Subject: C=CN, ST=, L=, O=, CN=
+            ValidFrom: '2020-01-02 07:05:30'
+            ValidTo: '2021-01-02 03:42:16'
+            Signature: 42c4e375f4ebd7d918dfa735bb07fdb9af9b462be297aa35cf580fc20f8033e6cc7f9188539e9955409465acef09c83073cfc95205e3fac3f134e7b9d6294998c88f01a2931463d3e61fc754fffd99444abf886172aeeb6a87f12d925aed520cfa07fa6f5c43c4548bb2d7f60e6a0e6b742d32da2edbfc4effe616ec5a94582419ffd89e0b741b8fad70b5a6ac110f270182eba9cda4f99f24a04712bf09301f4642e2a4b0df9fd3efbb9dd2a2b735deb4604aa2356b48502c4ac1d2492ad1461fb1e8d496da60d9d17ad123db61173e01f99d284d6d8a5dce80e7bf062424154a66fd03d987e4b70c6fa576a136c186347e3d467a18e4d0eba18ee1a313a4b5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0f05d43d469ef74a803e0b3c
+            Version: 3
+            TBS:
+                MD5: 123a13c6529f9736a927a9c5e9b63fe2
+                SHA1: 5af3705dcda674e6509c0c61e91a4806f71dcb62
+                SHA256: 183fa9cdb2c0c101e4d50479e304de6cec444744fd66fb4ca2f6038c661f19a2
+                SHA384: a432c1a652dbae1681bab4e6775628c55c7f6f999be2513cf117a6f09588b32f325be5424664d5c5a8dd040e1ed94bd7
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2011-04-15 19:55:08'
+            ValidTo: '2021-04-15 20:05:08'
+            Signature: 5ff8d065746a81c6a6ca5b03b6914ae84bbdef2ba142f0efb4a5adcd3389ec0b9585ac62501108aa58d25aa08310e5a6337af25af2c5fe787cf09c83df190ad97396002dd62ccde914d41d9de83f3c1a76f7904efb01350a6c9313a0c356eb67a0e4d17a96dec267f190f80a7bf5321b94ec5f751f8d1b34da6c58a7cb2d279e2226b7c9aa30cc0777b836e38201b5393ccc8dd9a75f7f23b3877fdb5798918bd7ce2520e39d644fdd87f72b68490318e0a5df7c5f68644d36838d4781f2e9e0a869abfa7b163c05a449ea8830190a6c73055178dfd41ddd3ad47f2de44e54be83431e7a7433b4a4ebd77073bc2a02988966eef6bc8f749378e329025a5a43e258ce7ccf9acad236893be25fda26054ec8d4e72c910e1797c5beee8b13112323294ffa83d050f6bafad53db3173df4ff034aa325dce67561d1fa35086bd62744d068b78d45e0eb852cc8a15d614474160e5958aed2b5eea5bcd6d7076ab62978fd976767dd8d4f17944fd2ed0caf972437c3a29c81da6be143b6577b4cecbf791319e79fe844e94781b75e701e91f83dd17b27f50b7056434805dda92fab86101d0b12e31ad04c6e75ded645b30b748887935c564a41029af7aeb799d8b67f88fa11f2457cf4d71b91c01cf1a0fbd4080a411a142acef4eb34486e66879ed54b7a397fbb0e3d3861cf735706e412066bd96b5308cd7018c22d4f974691bca9f0
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 6129152700000000002a
+            Version: 3
+            TBS:
+                MD5: 0bb058d116f02817737920f112d9fd3b
+                SHA1: fd116235171a4feafedee586b7a59185fb5fd7e6
+                SHA256: f970426cc46d2ae0fc5f899fa19dbe76e05f07e525654c60c3c9399492c291f4
+                SHA384: c0df876be008c26ca407fe904e6f5e7ccded17f9c16830ce9f8022309c9e64c97f494810f152811ae43e223b82ad7cc6
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Assured
+                ID Timestamping CA
+            ValidFrom: '2016-01-07 12:00:00'
+            ValidTo: '2031-01-07 12:00:00'
+            Signature: 719512e951875669cdefddda7caa637ab378cf06374084ef4b84bfcacf0302fdc5a7c30e20422caf77f32b1f0c215a2ab705341d6aae99f827a266bf09aa60df76a43a930ff8b2d1d87c1962e85e82251ec4ba1c7b2c21e2d65b2c1435430468b2db7502e072c798d63c64e51f4810185f8938614d62462487638c91522caf2989e5781fd60b14a580d7124770b375d59385937eb69267fb536189a8f56b96c0f458690d7cc801b1b92875b7996385228c61ca79947e59fc8c0fe36fb50126b66ca5ee875121e458609bba0c2d2b6da2c47ebbc4252b4702087c49ae13b6e17c424228c61856cf4134b6665db6747bf55633222f2236b24ba24a95d8f5a68e52
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 0aa125d6d6321b7e41e405da3697c215
+            Version: 3
+            TBS:
+                MD5: 8d26184fc613f89aba1cefb30fce1b53
+                SHA1: 63a7e376bad5ec2e419d514a403bcf46c8d31d95
+                SHA256: 56b5f0d9db578e3f142921daa387902722a76700375c7e1c4ae0ba004bacaa0c
+                SHA384: d8c9691fe9dbe182f07b49b07fbb4f589fa7b38b5c4d21f265d3a2e818f4b1bfb39e03faab2ec05bb10333a99914fb8a
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Assured
+                ID Timestamping CA
+            ValidFrom: '2016-01-07 12:00:00'
+            ValidTo: '2031-01-07 12:00:00'
+            Signature: 719512e951875669cdefddda7caa637ab378cf06374084ef4b84bfcacf0302fdc5a7c30e20422caf77f32b1f0c215a2ab705341d6aae99f827a266bf09aa60df76a43a930ff8b2d1d87c1962e85e82251ec4ba1c7b2c21e2d65b2c1435430468b2db7502e072c798d63c64e51f4810185f8938614d62462487638c91522caf2989e5781fd60b14a580d7124770b375d59385937eb69267fb536189a8f56b96c0f458690d7cc801b1b92875b7996385228c61ca79947e59fc8c0fe36fb50126b66ca5ee875121e458609bba0c2d2b6da2c47ebbc4252b4702087c49ae13b6e17c424228c61856cf4134b6665db6747bf55633222f2236b24ba24a95d8f5a68e52
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 0aa125d6d6321b7e41e405da3697c215
+            Version: 3
+            TBS:
+                MD5: 8d26184fc613f89aba1cefb30fce1b53
+                SHA1: 63a7e376bad5ec2e419d514a403bcf46c8d31d95
+                SHA256: 56b5f0d9db578e3f142921daa387902722a76700375c7e1c4ae0ba004bacaa0c
+                SHA384: d8c9691fe9dbe182f07b49b07fbb4f589fa7b38b5c4d21f265d3a2e818f4b1bfb39e03faab2ec05bb10333a99914fb8a
+        Signer:
+        -   SerialNumber: 0f05d43d469ef74a803e0b3c
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G3
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 2c77dbb41d635860b678106d8fa08bb9
+        SHA1: 4051f5ac448fe8692e040214388d39e15e328d94
+        SHA256: 6254640a7abc96cdb67d146d6295362aaff6ef9f6a04015883379d7008d86322
+    Sections:
+        .text:
+            Entropy: 6.2502047491555315
+            Virtual Size: '0x2dc8'
+        .rdata:
+            Entropy: 4.431694959682769
+            Virtual Size: '0x610'
+        .data:
+            Entropy: 0.4231266687750792
+            Virtual Size: '0x158'
+        .pdata:
+            Entropy: 4.120326366692263
+            Virtual Size: '0x2dc'
+        INIT:
+            Entropy: 4.963482726390094
+            Virtual Size: '0x412'
+        .rsrc:
+            Entropy: 3.471909950512757
+            Virtual Size: '0x3e8'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2013-07-03 22:27:55'
+    Imphash: cc81a908891587ccac8059435eda4c66
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: gdrv.sys
+    MD5: 4e093256b034925ecd6b29473ff16858
+    SHA1: eba5483bb47ec6ff51d91a9bdf1eee3b6344493d
+    SHA256: 81aafae4c4158d0b9a6431aff0410745a0f6a43fb20a9ab316ffeb8c2e2ccac0
+    Authentihash:
+        MD5: ce38d9daee9b1de9c5fbaac0e6932ed3
+        SHA1: 025656c5696aa4834b4d32149a93176cf0322854
+        SHA256: 35b1fdfa5cc9bb4a0d6e148140d59351447fa35c5c899e95da5f62a6b054af56
+    Description: GIGA-BYTE NonPnP Driver
+    Company: GIGA-BYTE TECHNOLOGY CO., LTD.
+    InternalName: gdrv.sys
+    OriginalFilename: gdrv.sys
+    FileVersion: 1.1.0.1
+    Product: GIGA-BYTE Software driver
+    ProductVersion: 1.0.0.1
+    Copyright: Copyright (C) 2017
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - WDFLDR.SYS
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - DbgPrint
+    - ExAllocatePool
+    - MmBuildMdlForNonPagedPool
+    - MmMapLockedPagesSpecifyCache
+    - MmMapIoSpace
+    - MmAllocateContiguousMemory
+    - MmFreeContiguousMemory
+    - IoAllocateMdl
+    - RtlInitUnicodeString
+    - ZwClose
+    - ZwOpenSection
+    - ZwMapViewOfSection
+    - ZwUnmapViewOfSection
+    - MmGetPhysicalAddress
+    - MmIsAddressValid
+    - IoFreeMdl
+    - KeBugCheckEx
+    - RtlCopyUnicodeString
+    - MmUnmapIoSpace
+    - MmUnmapLockedPages
+    - ObReferenceObjectByHandle
+    - ExFreePoolWithTag
+    - WdfVersionBind
+    - WdfVersionUnbind
+    - WdfVersionUnbindClass
+    - WdfVersionBindClass
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Timestamping CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2028-01-28 12:00:00'
+            Signature: 4e5e56901e46b4d94931f3bb1739281bc216ddfd41dc0905049b6fb2a29ad6992e40990055b5ea3fa52076d38634d417cc553ac782eeefa8babcd8069f1550dfcd167b523a02d7191afdaff0785ce04bc518df3a241edaacb8a95804020730dbb0125efe31bef00448f4f070f83a5e5683cf3dfb0dbcf4c5ed979db9d4dba52784e3389b8ba735864420a43b6da46a0ba183fd28ebdaef28f6cc885dfb0a3b00abe021ebe22f356c0f8e344597eba2f79933357ecb9a8abb454de73f9fc2d98afa65b26ec77e65ffe892e12c31a2f7b02736488f266f3bee4d761f79c3e57f9635bc2d0ecc01b08e7fff518080a792d4b34446648c874f166307314b63b0dff3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee152d7
+            Version: 3
+            TBS:
+                MD5: e140543fe3256027cfa79fc3c19c1776
+                SHA1: c655f94eb1ecc93de319fc0c9a2dc6c5ec063728
+                SHA256: 3ca71e85908ff67368e4dc00253f5691b9e6d50c966e7784143d75fb92aa3448
+                SHA384: d9d366f9328f2b55ee19a32cc5fd5148b81d764282fe5dc196c872ae249caa51d2c212ef39f33945dfe0cda81925e326
+        -   Subject: C=SG, O=GMO GlobalSign Pte Ltd, CN=GlobalSign TSA for MS Authenticode
+                , G2
+            ValidFrom: '2016-05-24 00:00:00'
+            ValidTo: '2027-06-24 00:00:00'
+            Signature: 8fa91a916d04a637200e8396de23d36b6e1f6edd643d682122b5f84736698ee1a545c724a222b72909cc545aaec6bccd638eb33d5048e5b4ccaecd928d9e288b134a11aabda3efd3b236fcb4a172bf6d9763798c44bc702f7ef3bcdd8253ab1af6ebfa1c97bcb6379ca41c30bcabbc2d4736df922003e871c658f675059a34f00b595a824434aa80e42f84f6475d96c9b6caca9db7a6bae450d3d437b8ba200ed0d3922a5bc459bba16ddb3cce449dc1382aade38dbdcd09771a10be670a02366488b9b31b26eee79e60c446a8bc61336ccf4eb99cb96af09f37feb53d4f9ad34dffde208e4e97a6fd9f09bc4dca1876c9b04d8550f280d21d06f5580407b118
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1121d699a764973ef1f8427ee919cc534114
+            Version: 3
+            TBS:
+                MD5: acb5170547d76873f1e4ff18ed5de2eb
+                SHA1: bd6e261e75b807381bada7287de04d259258a5fa
+                SHA256: 4783380498acf592286ef2dea0fcc5bdea3f54d5e374d3e3497df9d5f662cfb6
+                SHA384: 4f428f115cf3d008248f15f32007fc7c54bd454e1b48b765776b4c87c23ab8818d8fbcbb3646d35eca012b025260a3b8
+        -   Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 Extended Validation Code Signing CA , G2
+            ValidFrom: '2014-03-04 00:00:00'
+            ValidTo: '2024-03-03 23:59:59'
+            Signature: 3f5b19f3fa13d575382a5aee9f5aa04ca91dc5cc94eede15fef5106ea41ba56483541858c40b28a185c34e74e5ff897cfed5ed3cba719f5602268f162a88feb0a32722ce4be2388e00a63a865f9de53ea8de644941744121fd07c88417da1d653082cb264f39d60427a481b14b49c3238b7e02321827b7ab0bf31872b6a4ee67066f38a6588de0f17e5da460c6a8e5505fe0e8bae28f9958b6b5a0a876f1a2f11c8841727e52979b0a36998d50f701eb3ce7f0226ae5358c63368a1ab1d967665f971aefa8209df02fba6cced9948500f158f17dc97c22b5075d02c6e60bbfab9393ff27188e33367e5734f1c3af04c184f156b3e8878336f8d30a31dc6e2c6d
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 191a32cb759c97b8cfac118dd5127f49
+            Version: 3
+            TBS:
+                MD5: 788b61bd26da89253179e3de2cdb527f
+                SHA1: 7d06f16e7bf21bce4f71c2cb7a3e74351451bf69
+                SHA256: b3c925b4048c3f7c444d248a2b101186b57cba39596eb5dce0e17a4ee4b32f19
+                SHA384: 2955e28cb7ec0ea9730b499a0f189f9621eceb02591a9486b583f12bb845885a30d6a871826318a167cc5f06b274e58c
+        -   Subject: ??=TW, ??=, ??=NEW TAIPEI, ??=Private Organization, serialNumber=22044755,
+                C=TW, L=NEW TAIPEI, O=GIGA,BYTE Technology Co., Ltd., CN=GIGA,BYTE
+                Technology Co., Ltd.
+            ValidFrom: '2018-12-07 00:00:00'
+            ValidTo: '2021-12-06 23:59:59'
+            Signature: 502fd3341b71cab45e302c7b586f9beefdce61639b7ccbaf643eb13bb29fcc6d5e37ba8f8af0b2d775216237d659088cbf124514ebe1fc6a663f20cbbd920afd64fbec463254a4e845cdb452b5768fcb2fb74e13043899381b57ce63419679395729d52fc8efbe19e08c5a4c6337eb910e048d30c2888718355460150ae33f20c8ea3724251dbe28d45de130843b462e11ff1ca90fb98e097b5f372b0aa1c5b2791897b4cf79cdbc02c5aca5a935a3ccf67fb67ef28390ed7913ee32e708869acbba27f24d6c7fc45b795b5e90c7200551babe0bae400343fc6fd75d36da7b5def7fde3a7f97519796d3bd14755a3adaa7cafcbe2cc24eb9a1a046ea8e05376d
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 4f8eefa0dcc85bbd656ab0f160743d34
+            Version: 3
+            TBS:
+                MD5: 5415ec7433f8ae320658011dfcfa2998
+                SHA1: 044407fe1b8e4b5af9eecf34ea87a0ecb32ee6bb
+                SHA256: f828f449f9b365a1455b8358b044385beaf097166a80defc440eacb8deb6ef26
+                SHA384: 640b5b53eabd60a97be0f1fcf7c893edb3d8ebf507c63958114532cd445246dc0ae92a4dadec314dd5babee5d7f0497c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        Signer:
+        -   SerialNumber: 4f8eefa0dcc85bbd656ab0f160743d34
+            Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 Extended Validation Code Signing CA , G2
+            Version: 1
+    RichPEHeaderHash:
+        MD5: f1eee79b5bca1d22a2ec7aee5aa93969
+        SHA1: 84f9d21c87106474f076754327ecb668e0198513
+        SHA256: 8b097d0e3d4ca917b1313f09d35e23e7ce7ff3893233c415fdd9384b7a600010
+    Sections:
+        .text:
+            Entropy: 6.302884181466605
+            Virtual Size: '0x1c8e'
+        .rdata:
+            Entropy: 5.4427400878221235
+            Virtual Size: '0xa4c'
+        .data:
+            Entropy: 0.754659278632904
+            Virtual Size: '0xfb8'
+        .pdata:
+            Entropy: 4.00331954100182
+            Virtual Size: '0x1bc'
+        PAGE:
+            Entropy: 6.057356040541468
+            Virtual Size: '0xba4'
+        INIT:
+            Entropy: 5.399422660207438
+            Virtual Size: '0x468'
+        .rsrc:
+            Entropy: 3.3405007945158087
+            Virtual Size: '0x368'
+        .reloc:
+            Entropy: 3.1867043459100257
+            Virtual Size: '0x2c'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2021-01-25 00:05:25'
+    Imphash: 81acb4bb89ef49c4e7f30513b4750e53
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: gdrv.sys
+    MD5: 1549e6cbce408acaddeb4d24796f2eaf
+    SHA1: 18f09ec53f0b7d2b1ab64949157e0e84628d0f0a
+    SHA256: 8b92cdb91a2e2fab3881d54f5862e723826b759749f837a11c9e9d85d52095a2
+    Authentihash:
+        MD5: 9524a8cc0f1ce8a124e88f31c917c89d
+        SHA1: 8d6286e5d3e1558f6870bf1c4343da8a1d77aef3
+        SHA256: 3ede3c99d8a049232cd6baae9d44518a73c19d93230a1d320407a3fc2f506569
+    Description: GIGA-BYTE NonPnP Driver
+    Company: GIGA-BYTE TECHNOLOGY CO., LTD.
+    InternalName: gdrv.sys
+    OriginalFilename: gdrv.sys
+    FileVersion: 1.0.0.1
+    Product: GIGA-BYTE Software driver
+    ProductVersion: 1.0.0.1
+    Copyright: Copyright (C) 2017
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - WDFLDR.SYS
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - DbgPrint
+    - ExAllocatePool
+    - MmBuildMdlForNonPagedPool
+    - MmMapLockedPagesSpecifyCache
+    - MmMapIoSpace
+    - MmAllocateContiguousMemory
+    - MmFreeContiguousMemory
+    - IoAllocateMdl
+    - MmGetPhysicalAddress
+    - MmIsAddressValid
+    - KeBugCheckEx
+    - RtlCopyUnicodeString
+    - IoFreeMdl
+    - MmUnmapIoSpace
+    - MmUnmapLockedPages
+    - ExFreePoolWithTag
+    - WdfVersionBindClass
+    - WdfVersionBind
+    - WdfVersionUnbind
+    - WdfVersionUnbindClass
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 Extended Validation Code Signing CA , G2
+            ValidFrom: '2014-03-04 00:00:00'
+            ValidTo: '2024-03-03 23:59:59'
+            Signature: 3f5b19f3fa13d575382a5aee9f5aa04ca91dc5cc94eede15fef5106ea41ba56483541858c40b28a185c34e74e5ff897cfed5ed3cba719f5602268f162a88feb0a32722ce4be2388e00a63a865f9de53ea8de644941744121fd07c88417da1d653082cb264f39d60427a481b14b49c3238b7e02321827b7ab0bf31872b6a4ee67066f38a6588de0f17e5da460c6a8e5505fe0e8bae28f9958b6b5a0a876f1a2f11c8841727e52979b0a36998d50f701eb3ce7f0226ae5358c63368a1ab1d967665f971aefa8209df02fba6cced9948500f158f17dc97c22b5075d02c6e60bbfab9393ff27188e33367e5734f1c3af04c184f156b3e8878336f8d30a31dc6e2c6d
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 191a32cb759c97b8cfac118dd5127f49
+            Version: 3
+            TBS:
+                MD5: 788b61bd26da89253179e3de2cdb527f
+                SHA1: 7d06f16e7bf21bce4f71c2cb7a3e74351451bf69
+                SHA256: b3c925b4048c3f7c444d248a2b101186b57cba39596eb5dce0e17a4ee4b32f19
+                SHA384: 2955e28cb7ec0ea9730b499a0f189f9621eceb02591a9486b583f12bb845885a30d6a871826318a167cc5f06b274e58c
+        -   Subject: ??=TW, ??=, ??=NEW TAIPEI, ??=Private Organization, serialNumber=22044755,
+                C=TW, L=NEW TAIPEI, O=GIGA,BYTE Technology Co., Ltd., CN=GIGA,BYTE
+                Technology Co., Ltd.
+            ValidFrom: '2018-12-07 00:00:00'
+            ValidTo: '2021-12-06 23:59:59'
+            Signature: 502fd3341b71cab45e302c7b586f9beefdce61639b7ccbaf643eb13bb29fcc6d5e37ba8f8af0b2d775216237d659088cbf124514ebe1fc6a663f20cbbd920afd64fbec463254a4e845cdb452b5768fcb2fb74e13043899381b57ce63419679395729d52fc8efbe19e08c5a4c6337eb910e048d30c2888718355460150ae33f20c8ea3724251dbe28d45de130843b462e11ff1ca90fb98e097b5f372b0aa1c5b2791897b4cf79cdbc02c5aca5a935a3ccf67fb67ef28390ed7913ee32e708869acbba27f24d6c7fc45b795b5e90c7200551babe0bae400343fc6fd75d36da7b5def7fde3a7f97519796d3bd14755a3adaa7cafcbe2cc24eb9a1a046ea8e05376d
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 4f8eefa0dcc85bbd656ab0f160743d34
+            Version: 3
+            TBS:
+                MD5: 5415ec7433f8ae320658011dfcfa2998
+                SHA1: 044407fe1b8e4b5af9eecf34ea87a0ecb32ee6bb
+                SHA256: f828f449f9b365a1455b8358b044385beaf097166a80defc440eacb8deb6ef26
+                SHA384: 640b5b53eabd60a97be0f1fcf7c893edb3d8ebf507c63958114532cd445246dc0ae92a4dadec314dd5babee5d7f0497c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        Signer:
+        -   SerialNumber: 4f8eefa0dcc85bbd656ab0f160743d34
+            Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 Extended Validation Code Signing CA , G2
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 7eb18352afe92c32e6d8fafe1eb5e93b
+        SHA1: 3f0f2ac39a0d40eab850d3c520c8530787cb9979
+        SHA256: 71b608735d9c6d4adcdade732f8df7684c6a8bc7c5b8d427d584c58c52bd04a9
+    Sections:
+        .text:
+            Entropy: 6.1668404611605645
+            Virtual Size: '0x103e'
+        .rdata:
+            Entropy: 4.224340384192507
+            Virtual Size: '0x6b0'
+        .data:
+            Entropy: 0.754659278632904
+            Virtual Size: '0xfb8'
+        .pdata:
+            Entropy: 3.7951668454952525
+            Virtual Size: '0x174'
+        .gfids:
+            Entropy: 0.8112781244591328
+            Virtual Size: '0x4'
+        PAGE:
+            Entropy: 6.072611130069712
+            Virtual Size: '0x844'
+        INIT:
+            Entropy: 5.430018205225444
+            Virtual Size: '0x3bc'
+        .rsrc:
+            Entropy: 3.3337739108428788
+            Virtual Size: '0x368'
+        .reloc:
+            Entropy: 3.251870619839375
+            Virtual Size: '0x2c'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2019-01-17 01:52:53'
+    Imphash: f7d07bcaa23837d219dcb64e76290252
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: gdrv.sys
+    MD5: c832a4313ff082258240b61b88efa025
+    SHA1: 1f1ce28c10453acbc9d3844b4604c59c0ab0ad46
+    SHA256: cfc5c585dd4e592dd1a08887ded28b92d9a5820587b6f4f8fa4f56d60289259b
+    Authentihash:
+        MD5: 1c0c9b05800e86e0e1d158e0b44d4b99
+        SHA1: a2c4f33de0b2ebb8a505f97697d550ccb3f7b114
+        SHA256: b5433ec27586bdd8d2ef606f9212d8ed75ae3ae2e201a1acaf325d9b12239df8
+    Description: GIGABYTE Tools
+    Company: Windows (R) 2000 DDK provider
+    InternalName: gdrv.sys
+    OriginalFilename: gdrv.sys
+    FileVersion: 5.00.2195.1620
+    Product: Windows (R) 2000 DDK driver
+    ProductVersion: 5.00.2195.1620
+    Copyright: Copyright (C) Microsoft Corp. 1981-1999
+    MachineType: I386
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - ExFreePool
+    - MmUnmapIoSpace
+    - IoFreeMdl
+    - MmUnmapLockedPages
+    - ZwUnmapViewOfSection
+    - IoDeleteSymbolicLink
+    - IoAllocateMdl
+    - MmAllocateContiguousMemory
+    - MmFreeContiguousMemory
+    - MmGetPhysicalAddress
+    - ZwClose
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - MmBuildMdlForNonPagedPool
+    - MmMapLockedPages
+    - ExAllocatePoolWithTag
+    - RtlInitUnicodeString
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - DbgPrint
+    - IoDeleteDevice
+    - KfReleaseSpinLock
+    - HalTranslateBusAddress
+    - WRITE_PORT_ULONG
+    - WRITE_PORT_USHORT
+    - READ_PORT_ULONG
+    - READ_PORT_USHORT
+    - KfAcquireSpinLock
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=TW, ST=Taiwan, L=Taipei Hsien, O=Giga,Byte Technology, OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, OU=Testing Department,
+                CN=Giga,Byte Technology
+            ValidFrom: '2010-08-23 00:00:00'
+            ValidTo: '2013-10-17 23:59:59'
+            Signature: a91cbb579fbb2bc2ed2fe0fa0055cc881ce21e175262d28efea8bd12eff1095eb750b2fc7b842c4c739c2e4ef41d1065df039d1d62e0c5db62340fd1989efcc16e97b23caaa71e40dcabaf4aa34dd7d53a3ef5c0f2fec1b964798d2a1c8b11d68ea326495fbede162652faa523ce52ed60ca5227dddeab211b90965b866425adc84465117f3ec040cb005aa590ef69a70db0de17af66f3e52da6b8c93237fc1975e2891c89712971266c80956a21542c71e1962b16655373911c3ea09bd0b26c866eb1a9fe4f1d0f7be30888c529b148990b4f226897e2a4a651c80cc79196f2731949d190c67be01b82362956317bc3487f490b460924ad135d97c6f9526292
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 248472542c24ab8e429229acf121ca26
+            Version: 3
+            TBS:
+                MD5: dc48abdae01614d4607b1f5760dfce88
+                SHA1: 467c1868ddb5ef8db746e66acbaab9fdd03fb740
+                SHA256: a7f448e2fe327e481adfd1e89db612d5c58ff7891373a6e398ab98ddaeae74c5
+                SHA384: eb0d25fdcfab622d1c80a92ecd689bde520ed2b8099b4120194daa1a0013cabc5bd5792b0c1f12ca9c93fa4518aa2ca7
+        Signer:
+        -   SerialNumber: 248472542c24ab8e429229acf121ca26
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 540df91a76386d807eb40d21a50eb268
+        SHA1: c10a75fa85a326d57816eb8e66831aebf57e5fc2
+        SHA256: 20cac3057e8c5950794a61475dc8d992b5e75dc8b036bd0de4dc431ce662e152
+    Sections:
+        .text:
+            Entropy: 6.566467066736124
+            Virtual Size: '0x1c1a'
+        .rdata:
+            Entropy: 2.789529208002623
+            Virtual Size: '0xe4'
+        INIT:
+            Entropy: 5.25344296666572
+            Virtual Size: '0x352'
+        .rsrc:
+            Entropy: 3.446470809809315
+            Virtual Size: '0x3a0'
+        .reloc:
+            Entropy: 4.981256903616009
+            Virtual Size: '0x12c'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2013-07-03 22:27:29'
+    Imphash: 45f8f347e3fb919f3164a4a3278f1c71
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: gdrv.sys
+    MD5: d556cb79967e92b5cc69686d16c1d846
+    SHA1: de2b56ef7a30a4697e9c4cdcae0fc215d45d061d
+    SHA256: f4ff679066269392f6b7c3ba6257fc60dd609e4f9c491b00e1a16e4c405b0b9b
+    Authentihash:
+        MD5: 906258ee90744ed1307ba969a1c8722e
+        SHA1: 2b94ace70d946caa1fed6c8f97f2fafdb45d6c54
+        SHA256: 1251eef40b877fd379c175c02bb83e230fa5acd30020e54acc0718ab326818b3
+    Description: GIGABYTE Tools
+    Company: Windows (R) 2000 DDK provider
+    InternalName: gdrv.sys
+    OriginalFilename: gdrv.sys
+    FileVersion: 5.00.2195.1620
+    Product: Windows (R) 2000 DDK driver
+    ProductVersion: 5.00.2195.1620
+    Copyright: Copyright (C) Microsoft Corp. 1981-1999
+    MachineType: I386
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - MmAllocateContiguousMemory
+    - MmFreeContiguousMemory
+    - MmGetPhysicalAddress
+    - MmUnmapIoSpace
+    - DbgPrint
+    - ZwClose
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - IoDeleteSymbolicLink
+    - ZwUnmapViewOfSection
+    - IofCompleteRequest
+    - RtlInitUnicodeString
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - MmMapIoSpace
+    - IoDeleteDevice
+    - KfReleaseSpinLock
+    - HalTranslateBusAddress
+    - WRITE_PORT_ULONG
+    - WRITE_PORT_USHORT
+    - READ_PORT_ULONG
+    - READ_PORT_USHORT
+    - KfAcquireSpinLock
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=TW, ST=Taiwan, L=Taipei Hsien, O=Giga,Byte Technology, OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, OU=Testing Department,
+                CN=Giga,Byte Technology
+            ValidFrom: '2007-10-02 00:00:00'
+            ValidTo: '2010-10-18 23:59:59'
+            Signature: 5c404cbb1176300b3b0f2b98924c5be7571d28c8e8086cea2fe21a4d3687b441facd3aec26e2722d2d4dabac900ab1158ad7b53edc2a3678743ae411eeb48e00560ce2e49a4954a5d3223cbb3fbcb6f19185ea33ac10f5c96fc80593236a3512ad98599c931486810fd0ca98df4c75fcdd6d69aceb0d6f755c74d4779ed39cc17946fc61e7a17bee5e5bc46220509aea779cc200315bfb778edc11429dc9763a4a3c7a04346ed759ef357c4744088ac9f4f949e783b42eec05b777c3629b718e0766c5ac956b0f67834009d3e0d171da24ee6b151d7bb40cf9f8e6f1e1a08fe2ec1fb101b766ec261c0ce6f98de3fb452a81a57bb0b72a44c06a01f199a8143d
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 720ef3aaa1a44f7d0717a805c290c378
+            Version: 3
+            TBS:
+                MD5: 0695cf8f3778103101610eccc2a78d04
+                SHA1: ab5b9a4474b73d3317a7853116f62e83c9301b0d
+                SHA256: 6b88dbf87d212b8a91c4fd09d6725e3ae498d898c8292e77657be9d44e2503ca
+                SHA384: 3dab111c5395ec6bda188690b936c86ed2e9d46d5f718488bd3f7608338556cf774df25f2ad4a64564d067c21dc05cdc
+        Signer:
+        -   SerialNumber: 720ef3aaa1a44f7d0717a805c290c378
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: c90743abe4555532b75fa33632ea0776
+        SHA1: bf077c31fddab7757d9f63f0143ff99a250c0719
+        SHA256: 851842a00e07f2b11092dfc28ddea69804461fa27a8eb4fe3366b4994c31a520
+    Sections:
+        .text:
+            Entropy: 6.524533743036898
+            Virtual Size: '0x194e'
+        .rdata:
+            Entropy: 2.691603448798156
+            Virtual Size: '0xc4'
+        INIT:
+            Entropy: 5.184577293889747
+            Virtual Size: '0x2ae'
+        .rsrc:
+            Entropy: 4.514825600793878
+            Virtual Size: '0x614'
+        .reloc:
+            Entropy: 4.802440942775519
+            Virtual Size: '0xf8'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2009-03-12 21:17:32'
+    Imphash: b4c857bd3a7b1d8125c0f62aec45401e
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/61514cbd-6f34-4a3e-a022-9ecbccc16feb.yaml b/yaml/61514cbd-6f34-4a3e-a022-9ecbccc16feb.yaml
index 239ab61b3..3b701430b 100644
--- a/yaml/61514cbd-6f34-4a3e-a022-9ecbccc16feb.yaml
+++ b/yaml/61514cbd-6f34-4a3e-a022-9ecbccc16feb.yaml
@@ -1,557 +1,559 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 61514cbd-6f34-4a3e-a022-9ecbccc16feb
+Tags:
+- atillk64.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create atillk64.sys binPath=C:\windows\temp\atillk64.sys type=kernel
-    && sc.exe start atillk64.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/5c04c274a708c9a7d993e33be3ea9e6119dc29527a767410dbaf93996f87369a.yara
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: 61514cbd-6f34-4a3e-a022-9ecbccc16feb
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 281880f5f33d1aab062ceccd237ef992
-    SHA1: e8e533d9e8df018648ccbafbd6081507f5c0f41a
-    SHA256: 126719d008d106b7100ae47ed47666c1334701bd7ddb32d5b8e84048f258700f
-  Company: ATI Technologies Inc.
-  Copyright: Copyright (C) ATI Technologies Inc., 2003
-  CreationTimestamp: '2011-04-15 15:18:51'
-  Date: ''
-  Description: ATI Diagnostics Hardware Abstraction Sys
-  ExportedFunctions: ''
-  FileVersion: 5.11.9.0
-  Filename: atillk64.sys
-  ImportedFunctions:
-  - IoDeleteDevice
-  - MmUnmapIoSpace
-  - MmBuildMdlForNonPagedPool
-  - IoFreeMdl
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - RtlInitUnicodeString
-  - IoCreateDevice
-  - IoAllocateMdl
-  - KeBugCheckEx
-  - MmMapLockedPages
-  - IoCreateSymbolicLink
-  - IoDeleteSymbolicLink
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: atillk64.sys
-  MD5: 62f02339fe267dc7438f603bfb5431a1
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: atillk64.sys
-  Product: ATI Diagnostics
-  ProductVersion: 5.11.9.0
-  Publisher: '"ATI Technologies, Inc"'
-  RichPEHeaderHash:
-    MD5: 9a290b6aa359474f64ca33193d8516d5
-    SHA1: d6fa643c1dd86eb99fbb65a631509f417cefff33
-    SHA256: 54336aec6e8c6fd49516ffb9b781b0f7e2ac819eaa6e6d8d9a6531fa0fbfb240
-  SHA1: c52cef5b9e1d4a78431b7af56a6fdb6aa1bcad65
-  SHA256: 5c04c274a708c9a7d993e33be3ea9e6119dc29527a767410dbaf93996f87369a
-  Sections:
-    .text:
-      Entropy: 6.024399825980691
-      Virtual Size: '0x9aa'
-    .rdata:
-      Entropy: 4.486635449414708
-      Virtual Size: '0x174'
-    .data:
-      Entropy: 0.5159719988134768
-      Virtual Size: '0x110'
-    .pdata:
-      Entropy: 3.1158730908486914
-      Virtual Size: '0x48'
-    INIT:
-      Entropy: 5.026533926282324
-      Virtual Size: '0x28e'
-    .rsrc:
-      Entropy: 3.3307368674259283
-      Virtual Size: '0x3a8'
-  Signature:
-  - ATI Technologies, Inc
-  - VeriSign Class 3 Code Signing 2004 CA
-  - VeriSign Class 3 Public Primary CA
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=CA, ST=Ontario, L=Thornhill, O=ATI Technologies, Inc, OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, CN=ATI Technologies, Inc
-      ValidFrom: '2009-02-25 00:00:00'
-      ValidTo: '2012-03-20 23:59:59'
-      Signature: bbdc0c5def48ac9f4caa68f9b953d41f106bb5ac9446556fbb0779155b8fabc4c397e761dd06f401011be515c165515f7354104dae09adbd7579b82fa6125260f512a15c0540e95316a57f0d86b43322179756662043fb85c116beb763e9a1ebfec5df2927c81023b109ca9ce8826da3b45390bee26170a231ef0a73b1db7695ee43f8c329c7db23a28514665bfe290db7df6e4bb301a5edfa8c0aa3f11f2e76130684a5e0d56935c9d623ba5a466c3f3f9add1f3b0c209d1cf336fd37e201848dc574e3c0c8c77b3483700b4ddd587b4d342983d50824d50adc13e91725536b2185e973b8464de2b695bc70390bac1cba88de5a2c81e2847d84d8c81a46fc59
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3de959ef88a52c10bc8511ef057c233f
-      Version: 3
-      TBS:
-        MD5: e600fbca7c2701b9111579168a30d24f
-        SHA1: e4cd7d4093a1274a4fb11fa72e24074afd131299
-        SHA256: 5cf62822df938d9b5b5dc367ed8555404c1d65bc548782d70980f12d7628a7cc
-        SHA384: f8bc2d6a5407c50430de0b98e3aad644afc7de9d2247897a24e9df8589d844e4e3a83071860af0e3a699fea81c6a3cc6
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 3de959ef88a52c10bc8511ef057c233f
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  Imphash: 634f3c43b014dc8845b086c9328a678c
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 78103f6de4cad64d95a8beda5f8b9112
-    SHA1: 0358bcba83349cb23ea44d5c36b9e22adaec8d94
-    SHA256: 2952ae305f9e206bb0b6d7986f2b6942656c310f9d201cf2e2dd6e961c18804e
-  Company: ATI Technologies Inc.
-  Copyright: Copyright (C) ATI Technologies Inc., 2003
-  CreationTimestamp: '2005-09-09 12:40:54'
-  Date: ''
-  Description: ATI Diagnostics Hardware Abstraction Sys
-  ExportedFunctions: ''
-  FileVersion: 5.11.9.0
-  Filename: ''
-  ImportedFunctions:
-  - RtlInitUnicodeString
-  - MmUnmapIoSpace
-  - IoFreeMdl
-  - MmMapLockedPages
-  - MmBuildMdlForNonPagedPool
-  - IoAllocateMdl
-  - IoCreateDevice
-  - IofCompleteRequest
-  - IoDeleteSymbolicLink
-  - IoCreateSymbolicLink
-  - MmMapIoSpace
-  - IoDeleteDevice
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: atillk64.sys
-  MD5: a0074303fe697a36d9397c0122e04973
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: atillk64.sys
-  PDBPath: ''
-  Product: ATI Diagnostics
-  ProductVersion: 5.11.9.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: acb8ae81124f862a3e913e3aa625f35d
-    SHA1: 49255f0aea0d3a98ff31799c93fae2a40b0085b5
-    SHA256: 8bbe121f8f400e2f6858cbb2ba3f15c89de8e434fa27298831bf5d23244ba97d
-  SHA1: 5853e44ea0b6b4e9844651aa57d631193c1ed0f0
-  SHA256: be66f3bbfed7d648cfd110853ddb8cef561f94a45405afc6be06e846b697d2b0
-  Sections:
-    .text:
-      Entropy: 5.939518444890944
-      Virtual Size: '0xae2'
-    .rdata:
-      Entropy: 4.464303279960791
-      Virtual Size: '0x158'
-    .data:
-      Entropy: 0.5159719988134768
-      Virtual Size: '0x110'
-    .pdata:
-      Entropy: 2.674419891996053
-      Virtual Size: '0x30'
-    INIT:
-      Entropy: 4.792686708537381
-      Virtual Size: '0x25e'
-    .rsrc:
-      Entropy: 3.3307368674259283
-      Virtual Size: '0x3a8'
-  Signature: ''
-  Signatures: {}
-  Imphash: b4c2607b2af5376910bf80b561e9a18a
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 75c20227e11024bdfd5fbe23e769bbca
-    SHA1: 2e3cf3678d476420696ec7df46b08d4d24d25644
-    SHA256: c9b8ecd0657fda14476920fe47783bd8a951d7a4a640935d9199b4a7ae4b8b69
-  Company: ATI Technologies Inc.
-  Copyright: Copyright (C) ATI Technologies Inc., 2003
-  CreationTimestamp: '2005-09-09 12:36:29'
-  Date: ''
-  Description: ATI Diagnostics Hardware Abstraction Sys
-  ExportedFunctions: ''
-  FileVersion: 5.11.9.0
-  Filename: ''
-  ImportedFunctions:
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - MmUnmapIoSpace
-  - IoDeleteSymbolicLink
-  - KeTickCount
-  - IoAllocateMdl
-  - MmBuildMdlForNonPagedPool
-  - MmMapLockedPages
-  - IoFreeMdl
-  - RtlInitUnicodeString
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - HalGetBusDataByOffset
-  - WRITE_PORT_UCHAR
-  - WRITE_PORT_USHORT
-  - WRITE_PORT_ULONG
-  - READ_PORT_UCHAR
-  - READ_PORT_USHORT
-  - READ_PORT_ULONG
-  - HalSetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: atillk64.sys
-  MD5: 7461f0f9b931044a9d5f1d44eb4e8e09
-  MachineType: IA64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: atillk64.sys
-  PDBPath: ''
-  Product: ATI Diagnostics
-  ProductVersion: 5.11.9.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: f1899a92dac775dd91c488238c47121f
-    SHA1: f87117679e6a15d2f7cb1eb9a955920f7e27182f
-    SHA256: 7a797dd2fc95f2cc57884cc125ece95a449fb288004a431c565207c6689478db
-  SHA1: 22c9cd0f5986e91b733fbd5eda377720fd76c86d
-  SHA256: c825a47817399e988912bb75106befaefae0babc0743a7e32b46f17469c78cad
-  Sections:
-    .text:
-      Entropy: 5.408148680070703
-      Virtual Size: '0x2540'
-    .rdata:
-      Entropy: 3.945423865388493
-      Virtual Size: '0x27c'
-    .pdata:
-      Entropy: 3.0150554354522017
-      Virtual Size: '0x6c'
-    .srdata:
-      Entropy: 1.77520470625279
-      Virtual Size: '0x20'
-    .sdata:
-      Entropy: 2.1249953441922287
-      Virtual Size: '0xc8'
-    INIT:
-      Entropy: 5.150279397766819
-      Virtual Size: '0x370'
-    .rsrc:
-      Entropy: 3.3270115807792875
-      Virtual Size: '0x3a8'
-    .reloc:
-      Entropy: 0.6102086113176999
-      Virtual Size: '0x128'
-  Signature: ''
-  Signatures: {}
-  Imphash: a18b467c3b43f334ca455c495a3ef70d
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 78103f6de4cad64d95a8beda5f8b9112
-    SHA1: 0358bcba83349cb23ea44d5c36b9e22adaec8d94
-    SHA256: 2952ae305f9e206bb0b6d7986f2b6942656c310f9d201cf2e2dd6e961c18804e
-  Company: ATI Technologies Inc.
-  Copyright: Copyright (C) ATI Technologies Inc., 2003
-  CreationTimestamp: '2005-09-09 12:40:54'
-  Date: ''
-  Description: ATI Diagnostics Hardware Abstraction Sys
-  ExportedFunctions: ''
-  FileVersion: 5.11.9.0
-  Filename: ''
-  ImportedFunctions:
-  - RtlInitUnicodeString
-  - MmUnmapIoSpace
-  - IoFreeMdl
-  - MmMapLockedPages
-  - MmBuildMdlForNonPagedPool
-  - IoAllocateMdl
-  - IoCreateDevice
-  - IofCompleteRequest
-  - IoDeleteSymbolicLink
-  - IoCreateSymbolicLink
-  - MmMapIoSpace
-  - IoDeleteDevice
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: atillk64.sys
-  MD5: 5e35c049bc8076406910da36edf9212d
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: atillk64.sys
-  PDBPath: ''
-  Product: ATI Diagnostics
-  ProductVersion: 5.11.9.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: acb8ae81124f862a3e913e3aa625f35d
-    SHA1: 49255f0aea0d3a98ff31799c93fae2a40b0085b5
-    SHA256: 8bbe121f8f400e2f6858cbb2ba3f15c89de8e434fa27298831bf5d23244ba97d
-  SHA1: 48a09ca5fdbc214e675083c2259e051b0629457b
-  SHA256: 6c6c5e35accc37c928d721c800476ccf4c4b5b06a1b0906dc5ff4df71ff50943
-  Sections:
-    .text:
-      Entropy: 5.939518444890944
-      Virtual Size: '0xae2'
-    .rdata:
-      Entropy: 4.464303279960791
-      Virtual Size: '0x158'
-    .data:
-      Entropy: 0.5159719988134768
-      Virtual Size: '0x110'
-    .pdata:
-      Entropy: 2.674419891996053
-      Virtual Size: '0x30'
-    INIT:
-      Entropy: 4.792686708537381
-      Virtual Size: '0x25e'
-    .rsrc:
-      Entropy: 3.3307368674259283
-      Virtual Size: '0x3a8'
-  Signature: ''
-  Signatures: {}
-  Imphash: b4c2607b2af5376910bf80b561e9a18a
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 35dfa37479c8966aa9d3428660358a43
-    SHA1: 6ee2e56413ce129ea2319d6dba28ba4f27cf75b7
-    SHA256: 94111de210f6b3b48dda16b3422f0f9180e30bcb5765b6858c451d1d89196199
-  Company: Overclocking Tool
-  Copyright: Copyright (C), 2005
-  CreationTimestamp: '2005-10-20 08:35:08'
-  Date: ''
-  Description: Overclocking Hardware Abstraction Sys
-  ExportedFunctions: ''
-  FileVersion: 5.10.20.0
-  Filename: ''
-  ImportedFunctions:
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - MmUnmapIoSpace
-  - IoDeleteSymbolicLink
-  - KeTickCount
-  - IoAllocateMdl
-  - MmBuildMdlForNonPagedPool
-  - MmMapLockedPages
-  - IoFreeMdl
-  - RtlInitUnicodeString
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - HalGetBusDataByOffset
-  - WRITE_PORT_UCHAR
-  - WRITE_PORT_USHORT
-  - WRITE_PORT_ULONG
-  - READ_PORT_UCHAR
-  - READ_PORT_USHORT
-  - READ_PORT_ULONG
-  - HalSetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: atillk64.sys
-  MD5: ee59b64ae296a87bf7a6aee38ad09617
-  MachineType: IA64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: atillk64.sys
-  PDBPath: ''
-  Product: Overclocking Tool
-  ProductVersion: 5.10.20.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: f1899a92dac775dd91c488238c47121f
-    SHA1: f87117679e6a15d2f7cb1eb9a955920f7e27182f
-    SHA256: 7a797dd2fc95f2cc57884cc125ece95a449fb288004a431c565207c6689478db
-  SHA1: 5abffd08f4939a0dee81a5d95cf1c02e2e14218c
-  SHA256: 11a9787831ac4f0657aeb5e7019c23acc39d8833faf28f85bd10d7590ea4cc5f
-  Sections:
-    .text:
-      Entropy: 5.408148680070703
-      Virtual Size: '0x2540'
-    .rdata:
-      Entropy: 4.005865295392332
-      Virtual Size: '0x284'
-    .pdata:
-      Entropy: 3.032649273691926
-      Virtual Size: '0x6c'
-    .srdata:
-      Entropy: 1.77520470625279
-      Virtual Size: '0x20'
-    .sdata:
-      Entropy: 2.1249953441922287
-      Virtual Size: '0xc8'
-    INIT:
-      Entropy: 5.150279397766819
-      Virtual Size: '0x370'
-    .rsrc:
-      Entropy: 3.3091519076430678
-      Virtual Size: '0x370'
-    .reloc:
-      Entropy: 0.6102086113176999
-      Virtual Size: '0x128'
-  Signature: ''
-  Signatures: {}
-  Imphash: a18b467c3b43f334ca455c495a3ef70d
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 4fee47ce2601648cb3ebd757ddd1af8b
-    SHA1: fe625d7ad61b93ea376b4924fa088cb22b3fa28d
-    SHA256: fb19f241ddae74ec4a0f87dff025ec68dc809f9dd883649c0e58822de28e6f1b
-  Company: Overclocking Tool
-  Copyright: Copyright (C), 2005
-  CreationTimestamp: '2005-10-20 08:34:01'
-  Date: ''
-  Description: Overclocking Hardware Abstraction Sys
-  ExportedFunctions: ''
-  FileVersion: 5.10.20.0
-  Filename: ''
-  ImportedFunctions:
-  - RtlInitUnicodeString
-  - MmUnmapIoSpace
-  - IoFreeMdl
-  - MmMapLockedPages
-  - MmBuildMdlForNonPagedPool
-  - IoAllocateMdl
-  - IoCreateDevice
-  - IofCompleteRequest
-  - IoDeleteSymbolicLink
-  - IoCreateSymbolicLink
-  - MmMapIoSpace
-  - IoDeleteDevice
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: atillk64.sys
-  MD5: 7962d91b1f53ce55c7338788bd4eb378
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: atillk64.sys
-  PDBPath: ''
-  Product: Overclocking Tool
-  ProductVersion: 5.10.20.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: acb8ae81124f862a3e913e3aa625f35d
-    SHA1: 49255f0aea0d3a98ff31799c93fae2a40b0085b5
-    SHA256: 8bbe121f8f400e2f6858cbb2ba3f15c89de8e434fa27298831bf5d23244ba97d
-  SHA1: 0b63e76fad88ac48dbfc7cf227890332fcd994a5
-  SHA256: d2182b6ef3255c7c1a69223cd3c2d68eb8ba3112ce433cd49cd803dc76412d4b
-  Sections:
-    .text:
-      Entropy: 5.939518444890944
-      Virtual Size: '0xae2'
-    .rdata:
-      Entropy: 4.499086331786735
-      Virtual Size: '0x164'
-    .data:
-      Entropy: 0.5159719988134768
-      Virtual Size: '0x110'
-    .pdata:
-      Entropy: 2.71608655866272
-      Virtual Size: '0x30'
-    INIT:
-      Entropy: 4.792686708537381
-      Virtual Size: '0x25e'
-    .rsrc:
-      Entropy: 3.3131142579854043
-      Virtual Size: '0x370'
-  Signature: ''
-  Signatures: {}
-  Imphash: b4c2607b2af5376910bf80b561e9a18a
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create atillk64.sys binPath=C:\windows\temp\atillk64.sys type=kernel
+        && sc.exe start atillk64.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://github.com/namazso/physmem_drivers
-Tags:
-- atillk64.sys
-Verified: 'TRUE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/5c04c274a708c9a7d993e33be3ea9e6119dc29527a767410dbaf93996f87369a.yara
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 281880f5f33d1aab062ceccd237ef992
+        SHA1: e8e533d9e8df018648ccbafbd6081507f5c0f41a
+        SHA256: 126719d008d106b7100ae47ed47666c1334701bd7ddb32d5b8e84048f258700f
+    Company: ATI Technologies Inc.
+    Copyright: Copyright (C) ATI Technologies Inc., 2003
+    CreationTimestamp: '2011-04-15 15:18:51'
+    Date: ''
+    Description: ATI Diagnostics Hardware Abstraction Sys
+    ExportedFunctions: ''
+    FileVersion: 5.11.9.0
+    Filename: atillk64.sys
+    ImportedFunctions:
+    - IoDeleteDevice
+    - MmUnmapIoSpace
+    - MmBuildMdlForNonPagedPool
+    - IoFreeMdl
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - RtlInitUnicodeString
+    - IoCreateDevice
+    - IoAllocateMdl
+    - KeBugCheckEx
+    - MmMapLockedPages
+    - IoCreateSymbolicLink
+    - IoDeleteSymbolicLink
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: atillk64.sys
+    MD5: 62f02339fe267dc7438f603bfb5431a1
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: atillk64.sys
+    Product: ATI Diagnostics
+    ProductVersion: 5.11.9.0
+    Publisher: '"ATI Technologies, Inc"'
+    RichPEHeaderHash:
+        MD5: 9a290b6aa359474f64ca33193d8516d5
+        SHA1: d6fa643c1dd86eb99fbb65a631509f417cefff33
+        SHA256: 54336aec6e8c6fd49516ffb9b781b0f7e2ac819eaa6e6d8d9a6531fa0fbfb240
+    SHA1: c52cef5b9e1d4a78431b7af56a6fdb6aa1bcad65
+    SHA256: 5c04c274a708c9a7d993e33be3ea9e6119dc29527a767410dbaf93996f87369a
+    Sections:
+        .text:
+            Entropy: 6.024399825980691
+            Virtual Size: '0x9aa'
+        .rdata:
+            Entropy: 4.486635449414708
+            Virtual Size: '0x174'
+        .data:
+            Entropy: 0.5159719988134768
+            Virtual Size: '0x110'
+        .pdata:
+            Entropy: 3.1158730908486914
+            Virtual Size: '0x48'
+        INIT:
+            Entropy: 5.026533926282324
+            Virtual Size: '0x28e'
+        .rsrc:
+            Entropy: 3.3307368674259283
+            Virtual Size: '0x3a8'
+    Signature:
+    - ATI Technologies, Inc
+    - VeriSign Class 3 Code Signing 2004 CA
+    - VeriSign Class 3 Public Primary CA
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=CA, ST=Ontario, L=Thornhill, O=ATI Technologies, Inc, OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, CN=ATI Technologies,
+                Inc
+            ValidFrom: '2009-02-25 00:00:00'
+            ValidTo: '2012-03-20 23:59:59'
+            Signature: bbdc0c5def48ac9f4caa68f9b953d41f106bb5ac9446556fbb0779155b8fabc4c397e761dd06f401011be515c165515f7354104dae09adbd7579b82fa6125260f512a15c0540e95316a57f0d86b43322179756662043fb85c116beb763e9a1ebfec5df2927c81023b109ca9ce8826da3b45390bee26170a231ef0a73b1db7695ee43f8c329c7db23a28514665bfe290db7df6e4bb301a5edfa8c0aa3f11f2e76130684a5e0d56935c9d623ba5a466c3f3f9add1f3b0c209d1cf336fd37e201848dc574e3c0c8c77b3483700b4ddd587b4d342983d50824d50adc13e91725536b2185e973b8464de2b695bc70390bac1cba88de5a2c81e2847d84d8c81a46fc59
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3de959ef88a52c10bc8511ef057c233f
+            Version: 3
+            TBS:
+                MD5: e600fbca7c2701b9111579168a30d24f
+                SHA1: e4cd7d4093a1274a4fb11fa72e24074afd131299
+                SHA256: 5cf62822df938d9b5b5dc367ed8555404c1d65bc548782d70980f12d7628a7cc
+                SHA384: f8bc2d6a5407c50430de0b98e3aad644afc7de9d2247897a24e9df8589d844e4e3a83071860af0e3a699fea81c6a3cc6
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 3de959ef88a52c10bc8511ef057c233f
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    Imphash: 634f3c43b014dc8845b086c9328a678c
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 78103f6de4cad64d95a8beda5f8b9112
+        SHA1: 0358bcba83349cb23ea44d5c36b9e22adaec8d94
+        SHA256: 2952ae305f9e206bb0b6d7986f2b6942656c310f9d201cf2e2dd6e961c18804e
+    Company: ATI Technologies Inc.
+    Copyright: Copyright (C) ATI Technologies Inc., 2003
+    CreationTimestamp: '2005-09-09 12:40:54'
+    Date: ''
+    Description: ATI Diagnostics Hardware Abstraction Sys
+    ExportedFunctions: ''
+    FileVersion: 5.11.9.0
+    Filename: ''
+    ImportedFunctions:
+    - RtlInitUnicodeString
+    - MmUnmapIoSpace
+    - IoFreeMdl
+    - MmMapLockedPages
+    - MmBuildMdlForNonPagedPool
+    - IoAllocateMdl
+    - IoCreateDevice
+    - IofCompleteRequest
+    - IoDeleteSymbolicLink
+    - IoCreateSymbolicLink
+    - MmMapIoSpace
+    - IoDeleteDevice
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: atillk64.sys
+    MD5: a0074303fe697a36d9397c0122e04973
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: atillk64.sys
+    PDBPath: ''
+    Product: ATI Diagnostics
+    ProductVersion: 5.11.9.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: acb8ae81124f862a3e913e3aa625f35d
+        SHA1: 49255f0aea0d3a98ff31799c93fae2a40b0085b5
+        SHA256: 8bbe121f8f400e2f6858cbb2ba3f15c89de8e434fa27298831bf5d23244ba97d
+    SHA1: 5853e44ea0b6b4e9844651aa57d631193c1ed0f0
+    SHA256: be66f3bbfed7d648cfd110853ddb8cef561f94a45405afc6be06e846b697d2b0
+    Sections:
+        .text:
+            Entropy: 5.939518444890944
+            Virtual Size: '0xae2'
+        .rdata:
+            Entropy: 4.464303279960791
+            Virtual Size: '0x158'
+        .data:
+            Entropy: 0.5159719988134768
+            Virtual Size: '0x110'
+        .pdata:
+            Entropy: 2.674419891996053
+            Virtual Size: '0x30'
+        INIT:
+            Entropy: 4.792686708537381
+            Virtual Size: '0x25e'
+        .rsrc:
+            Entropy: 3.3307368674259283
+            Virtual Size: '0x3a8'
+    Signature: ''
+    Signatures: {}
+    Imphash: b4c2607b2af5376910bf80b561e9a18a
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 75c20227e11024bdfd5fbe23e769bbca
+        SHA1: 2e3cf3678d476420696ec7df46b08d4d24d25644
+        SHA256: c9b8ecd0657fda14476920fe47783bd8a951d7a4a640935d9199b4a7ae4b8b69
+    Company: ATI Technologies Inc.
+    Copyright: Copyright (C) ATI Technologies Inc., 2003
+    CreationTimestamp: '2005-09-09 12:36:29'
+    Date: ''
+    Description: ATI Diagnostics Hardware Abstraction Sys
+    ExportedFunctions: ''
+    FileVersion: 5.11.9.0
+    Filename: ''
+    ImportedFunctions:
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - MmUnmapIoSpace
+    - IoDeleteSymbolicLink
+    - KeTickCount
+    - IoAllocateMdl
+    - MmBuildMdlForNonPagedPool
+    - MmMapLockedPages
+    - IoFreeMdl
+    - RtlInitUnicodeString
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - HalGetBusDataByOffset
+    - WRITE_PORT_UCHAR
+    - WRITE_PORT_USHORT
+    - WRITE_PORT_ULONG
+    - READ_PORT_UCHAR
+    - READ_PORT_USHORT
+    - READ_PORT_ULONG
+    - HalSetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: atillk64.sys
+    MD5: 7461f0f9b931044a9d5f1d44eb4e8e09
+    MachineType: IA64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: atillk64.sys
+    PDBPath: ''
+    Product: ATI Diagnostics
+    ProductVersion: 5.11.9.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: f1899a92dac775dd91c488238c47121f
+        SHA1: f87117679e6a15d2f7cb1eb9a955920f7e27182f
+        SHA256: 7a797dd2fc95f2cc57884cc125ece95a449fb288004a431c565207c6689478db
+    SHA1: 22c9cd0f5986e91b733fbd5eda377720fd76c86d
+    SHA256: c825a47817399e988912bb75106befaefae0babc0743a7e32b46f17469c78cad
+    Sections:
+        .text:
+            Entropy: 5.408148680070703
+            Virtual Size: '0x2540'
+        .rdata:
+            Entropy: 3.945423865388493
+            Virtual Size: '0x27c'
+        .pdata:
+            Entropy: 3.0150554354522017
+            Virtual Size: '0x6c'
+        .srdata:
+            Entropy: 1.77520470625279
+            Virtual Size: '0x20'
+        .sdata:
+            Entropy: 2.1249953441922287
+            Virtual Size: '0xc8'
+        INIT:
+            Entropy: 5.150279397766819
+            Virtual Size: '0x370'
+        .rsrc:
+            Entropy: 3.3270115807792875
+            Virtual Size: '0x3a8'
+        .reloc:
+            Entropy: 0.6102086113176999
+            Virtual Size: '0x128'
+    Signature: ''
+    Signatures: {}
+    Imphash: a18b467c3b43f334ca455c495a3ef70d
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 78103f6de4cad64d95a8beda5f8b9112
+        SHA1: 0358bcba83349cb23ea44d5c36b9e22adaec8d94
+        SHA256: 2952ae305f9e206bb0b6d7986f2b6942656c310f9d201cf2e2dd6e961c18804e
+    Company: ATI Technologies Inc.
+    Copyright: Copyright (C) ATI Technologies Inc., 2003
+    CreationTimestamp: '2005-09-09 12:40:54'
+    Date: ''
+    Description: ATI Diagnostics Hardware Abstraction Sys
+    ExportedFunctions: ''
+    FileVersion: 5.11.9.0
+    Filename: ''
+    ImportedFunctions:
+    - RtlInitUnicodeString
+    - MmUnmapIoSpace
+    - IoFreeMdl
+    - MmMapLockedPages
+    - MmBuildMdlForNonPagedPool
+    - IoAllocateMdl
+    - IoCreateDevice
+    - IofCompleteRequest
+    - IoDeleteSymbolicLink
+    - IoCreateSymbolicLink
+    - MmMapIoSpace
+    - IoDeleteDevice
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: atillk64.sys
+    MD5: 5e35c049bc8076406910da36edf9212d
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: atillk64.sys
+    PDBPath: ''
+    Product: ATI Diagnostics
+    ProductVersion: 5.11.9.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: acb8ae81124f862a3e913e3aa625f35d
+        SHA1: 49255f0aea0d3a98ff31799c93fae2a40b0085b5
+        SHA256: 8bbe121f8f400e2f6858cbb2ba3f15c89de8e434fa27298831bf5d23244ba97d
+    SHA1: 48a09ca5fdbc214e675083c2259e051b0629457b
+    SHA256: 6c6c5e35accc37c928d721c800476ccf4c4b5b06a1b0906dc5ff4df71ff50943
+    Sections:
+        .text:
+            Entropy: 5.939518444890944
+            Virtual Size: '0xae2'
+        .rdata:
+            Entropy: 4.464303279960791
+            Virtual Size: '0x158'
+        .data:
+            Entropy: 0.5159719988134768
+            Virtual Size: '0x110'
+        .pdata:
+            Entropy: 2.674419891996053
+            Virtual Size: '0x30'
+        INIT:
+            Entropy: 4.792686708537381
+            Virtual Size: '0x25e'
+        .rsrc:
+            Entropy: 3.3307368674259283
+            Virtual Size: '0x3a8'
+    Signature: ''
+    Signatures: {}
+    Imphash: b4c2607b2af5376910bf80b561e9a18a
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 35dfa37479c8966aa9d3428660358a43
+        SHA1: 6ee2e56413ce129ea2319d6dba28ba4f27cf75b7
+        SHA256: 94111de210f6b3b48dda16b3422f0f9180e30bcb5765b6858c451d1d89196199
+    Company: Overclocking Tool
+    Copyright: Copyright (C), 2005
+    CreationTimestamp: '2005-10-20 08:35:08'
+    Date: ''
+    Description: Overclocking Hardware Abstraction Sys
+    ExportedFunctions: ''
+    FileVersion: 5.10.20.0
+    Filename: ''
+    ImportedFunctions:
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - MmUnmapIoSpace
+    - IoDeleteSymbolicLink
+    - KeTickCount
+    - IoAllocateMdl
+    - MmBuildMdlForNonPagedPool
+    - MmMapLockedPages
+    - IoFreeMdl
+    - RtlInitUnicodeString
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - HalGetBusDataByOffset
+    - WRITE_PORT_UCHAR
+    - WRITE_PORT_USHORT
+    - WRITE_PORT_ULONG
+    - READ_PORT_UCHAR
+    - READ_PORT_USHORT
+    - READ_PORT_ULONG
+    - HalSetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: atillk64.sys
+    MD5: ee59b64ae296a87bf7a6aee38ad09617
+    MachineType: IA64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: atillk64.sys
+    PDBPath: ''
+    Product: Overclocking Tool
+    ProductVersion: 5.10.20.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: f1899a92dac775dd91c488238c47121f
+        SHA1: f87117679e6a15d2f7cb1eb9a955920f7e27182f
+        SHA256: 7a797dd2fc95f2cc57884cc125ece95a449fb288004a431c565207c6689478db
+    SHA1: 5abffd08f4939a0dee81a5d95cf1c02e2e14218c
+    SHA256: 11a9787831ac4f0657aeb5e7019c23acc39d8833faf28f85bd10d7590ea4cc5f
+    Sections:
+        .text:
+            Entropy: 5.408148680070703
+            Virtual Size: '0x2540'
+        .rdata:
+            Entropy: 4.005865295392332
+            Virtual Size: '0x284'
+        .pdata:
+            Entropy: 3.032649273691926
+            Virtual Size: '0x6c'
+        .srdata:
+            Entropy: 1.77520470625279
+            Virtual Size: '0x20'
+        .sdata:
+            Entropy: 2.1249953441922287
+            Virtual Size: '0xc8'
+        INIT:
+            Entropy: 5.150279397766819
+            Virtual Size: '0x370'
+        .rsrc:
+            Entropy: 3.3091519076430678
+            Virtual Size: '0x370'
+        .reloc:
+            Entropy: 0.6102086113176999
+            Virtual Size: '0x128'
+    Signature: ''
+    Signatures: {}
+    Imphash: a18b467c3b43f334ca455c495a3ef70d
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 4fee47ce2601648cb3ebd757ddd1af8b
+        SHA1: fe625d7ad61b93ea376b4924fa088cb22b3fa28d
+        SHA256: fb19f241ddae74ec4a0f87dff025ec68dc809f9dd883649c0e58822de28e6f1b
+    Company: Overclocking Tool
+    Copyright: Copyright (C), 2005
+    CreationTimestamp: '2005-10-20 08:34:01'
+    Date: ''
+    Description: Overclocking Hardware Abstraction Sys
+    ExportedFunctions: ''
+    FileVersion: 5.10.20.0
+    Filename: ''
+    ImportedFunctions:
+    - RtlInitUnicodeString
+    - MmUnmapIoSpace
+    - IoFreeMdl
+    - MmMapLockedPages
+    - MmBuildMdlForNonPagedPool
+    - IoAllocateMdl
+    - IoCreateDevice
+    - IofCompleteRequest
+    - IoDeleteSymbolicLink
+    - IoCreateSymbolicLink
+    - MmMapIoSpace
+    - IoDeleteDevice
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: atillk64.sys
+    MD5: 7962d91b1f53ce55c7338788bd4eb378
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: atillk64.sys
+    PDBPath: ''
+    Product: Overclocking Tool
+    ProductVersion: 5.10.20.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: acb8ae81124f862a3e913e3aa625f35d
+        SHA1: 49255f0aea0d3a98ff31799c93fae2a40b0085b5
+        SHA256: 8bbe121f8f400e2f6858cbb2ba3f15c89de8e434fa27298831bf5d23244ba97d
+    SHA1: 0b63e76fad88ac48dbfc7cf227890332fcd994a5
+    SHA256: d2182b6ef3255c7c1a69223cd3c2d68eb8ba3112ce433cd49cd803dc76412d4b
+    Sections:
+        .text:
+            Entropy: 5.939518444890944
+            Virtual Size: '0xae2'
+        .rdata:
+            Entropy: 4.499086331786735
+            Virtual Size: '0x164'
+        .data:
+            Entropy: 0.5159719988134768
+            Virtual Size: '0x110'
+        .pdata:
+            Entropy: 2.71608655866272
+            Virtual Size: '0x30'
+        INIT:
+            Entropy: 4.792686708537381
+            Virtual Size: '0x25e'
+        .rsrc:
+            Entropy: 3.3131142579854043
+            Virtual Size: '0x370'
+    Signature: ''
+    Signatures: {}
+    Imphash: b4c2607b2af5376910bf80b561e9a18a
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/618fbf89-f4e3-4b2a-a4b4-cc4bf7c180e0.yaml b/yaml/618fbf89-f4e3-4b2a-a4b4-cc4bf7c180e0.yaml
index 0b869cf1b..89c73c223 100644
--- a/yaml/618fbf89-f4e3-4b2a-a4b4-cc4bf7c180e0.yaml
+++ b/yaml/618fbf89-f4e3-4b2a-a4b4-cc4bf7c180e0.yaml
@@ -1,179 +1,179 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 618fbf89-f4e3-4b2a-a4b4-cc4bf7c180e0
+Tags:
+- POORTRY2.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: malicious
-Commands:
-  Command: sc.exe create POORTRY2.sys binPath=C:\windows\temp\POORTRY2.sys type=kernel
-    && sc.exe start POORTRY2.sys
-  Description: Driver categorized as POORTRY by Mandiant.
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-03-04'
-Detection: []
-Id: 618fbf89-f4e3-4b2a-a4b4-cc4bf7c180e0
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: ffbbaeada1f7507faca4ef59c6e3e577
-    SHA1: 56f9aa37f099409170b4656079edbf52e464b700
-    SHA256: 29bf8618816bce5fa2845409d98b7b96915e0763bb04719535ca885e4713cfaf
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2022-08-16 06:58:09'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: POORTRY2.sys
-  ImportedFunctions:
-  - RtlTimeToTimeFields
-  - ExAllocatePoolWithTag
-  - ZwCreateKey
-  - ExFreePoolWithTag
-  - NtQuerySystemInformation
-  - ZwReadFile
-  - RtlInitUnicodeString
-  - IoCreateFile
-  - RtlUnicodeStringToAnsiString
-  - _wcslwr
-  - IoFileObjectType
-  - ZwCreateFile
-  - wcsstr
-  - ZwQueryValueKey
-  - ExAllocatePool
-  - PsTerminateSystemThread
-  - ZwClose
-  - RtlFreeAnsiString
-  - ZwQueryInformationFile
-  - KeWaitForMultipleObjects
-  - ZwWriteFile
-  - _vsnprintf
-  - KeBugCheck
-  - DbgPrint
-  - PsGetCurrentProcessId
-  - memmove
-  - ZwAllocateVirtualMemory
-  - atoi
-  - _strlwr
-  - NtQueryInformationProcess
-  - DbgBreakPoint
-  - ZwOpenProcess
-  - KeServiceDescriptorTable
-  - strrchr
-  - ObQueryNameString
-  - NtOpenThread
-  - NtClose
-  - NtOpenProcess
-  - ExSystemTimeToLocalTime
-  - RtlFreeUnicodeString
-  - KeQuerySystemTime
-  - RtlInitAnsiString
-  - MmGetSystemRoutineAddress
-  - RtlAnsiStringToUnicodeString
-  - sprintf
-  - swprintf_s
-  - ObfDereferenceObject
-  - KeSetEvent
-  - KeWaitForSingleObject
-  - ObReferenceObjectByHandle
-  - PsCreateSystemThread
-  - KeInitializeEvent
-  - PsSetCreateProcessNotifyRoutineEx
-  - _except_handler3
-  - memcpy
-  - memset
-  - FltStartFiltering
-  - FltRegisterFilter
-  - FltBuildDefaultSecurityDescriptor
-  - FltCloseCommunicationPort
-  - FltUnregisterFilter
-  - FltFreeSecurityDescriptor
-  - FltCreateCommunicationPort
-  - FltCloseClientPort
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: ''
-  MD5: b164daf106566f444dfb280d743bc2f7
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 104f21983f4d9023b3caea75e150d708
-    SHA1: f7c1d81b689da74283e59a207c099add982ebe65
-    SHA256: d7cc985c73b6cab2c875fcdabc34930c0849b055477e264061c4ef8351c69fa0
-  SHA1: 7e836dadc2e149a0b758c7e22c989cbfcce18684
-  SHA256: 9bb09752cf3a464455422909edef518ac18fe63cf5e1e8d9d6c2e68db62e0c87
-  Sections:
-    .text:
-      Entropy: 6.45038937848739
-      Virtual Size: '0x62f0'
-    .text1:
-      Entropy: 5.165948744304026
-      Virtual Size: '0x297'
-    .rdata:
-      Entropy: 5.232271695468786
-      Virtual Size: '0x1124'
-    .data:
-      Entropy: 5.293435318357553
-      Virtual Size: '0x1444'
-    INIT:
-      Entropy: 5.301289658142679
-      Virtual Size: '0x65c'
-    .reloc:
-      Entropy: 5.3198588285526975
-      Virtual Size: '0x624'
-  Signature:
-  - Microsoft Windows Hardware Compatibility Publisher
-  - Microsoft Windows Third Party Component CA 2014
-  - Microsoft Root Certificate Authority 2010
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Hardware Compatibility Publisher
-      ValidFrom: '2022-06-07 18:08:06'
-      ValidTo: '2023-06-01 18:08:06'
-      Signature: 0a835e40cdb627d4f0a0d3dbbf64a46a05c132d0b5df9d11cd9c195d7037737057d57a342732ae68d67de47f460e7211c7c40dc29b0a079caff871c4834a9a2fc85e759de9b78659ad6fd79b7320e538e9ba5d52227ad67cc00b0a770ef662af3d743a558643ad89cfb015591709a69b6271a9b65db71898e7cb9964c6376dc474898301a6133198b486b518fdd9d7b9723dcffc441e026833f7c72e27986026c97b9184a0048b10d1fe6847ae467f02173f7a69120be780e5b6b9e6399402cc58735a31b537cc33578fbea443135a4a612359150bcf9ab316f6a9248bc71ef3f3480b9b3fa2341692bc3a121d80214688f7bd87d5ec56dcbd0ea61abf2c7ed2b739a07590adb596d401735d955f5f94c591d69ab4363a42f9fca549d439495711ff7990448c03724792ed4acf31f2b35b136c1b2f37aa82b1aabf7daf059dcb2e976e95311ec6e9cc53876dd09632cf512d39c801849a7c1088a565691953e07c7ff17b22518e982dd2dcc0feda8c834ca1f5e247aef1c3af5f13cd4b8cc1b6c0179bc876db88d677047c34366533e349796dbdea86389ad640710b7742ae8cc4ec88f10fa80ede4b1c93f81b55480fc8228216d54813df0327e74b3db9f3512a40c0568e4215827f9b7a2613deea72a7ec4df2def05e5559015049fe83edc83300526045cb128119e131b7d3573b268e24b0a25b9ad59f6301c8fc8f409322
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 3300000057ee4d659a923e7c10000000000057
-      Version: 3
-      TBS:
-        MD5: fdc11a5676aed4e9cc0c09eeb7450dfb
-        SHA1: 4902077d9a05d4231b791d3b05bafa4a79132f03
-        SHA256: 5db56c23d83bf67c7152e28ad4a684a7372b4ae4f52afe7a81ce91eef94caec3
-        SHA384: c952d7f0e0ea5216ce4400601fb7c0829f0f3fcd6eb2b5b9112fbe45d133e00c4abd660f8e1794f7ac4ef95123e2c0ab
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2014
-      ValidFrom: '2014-10-15 20:31:27'
-      ValidTo: '2029-10-15 20:41:27'
-      Signature: 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 330000000d690d5d7893d076df00000000000d
-      Version: 3
-      TBS:
-        MD5: 83f69422963f11c3c340b81712eef319
-        SHA1: 0c5e5f24590b53bc291e28583acb78e5adc95601
-        SHA256: d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
-        SHA384: 260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63
-    Signer:
-    - SerialNumber: 3300000057ee4d659a923e7c10000000000057
-      Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2014
-      Version: 1
-  Imphash: 0ad7da35304c75ccf859bc29fe9ed09e
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: malicious
+Commands:
+    Command: sc.exe create POORTRY2.sys binPath=C:\windows\temp\POORTRY2.sys type=kernel
+        && sc.exe start POORTRY2.sys
+    Description: Driver categorized as POORTRY by Mandiant.
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://www.mandiant.com/resources/blog/hunting-attestation-signed-malware
 - ''
-Tags:
-- POORTRY2.sys
-Verified: 'TRUE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: ffbbaeada1f7507faca4ef59c6e3e577
+        SHA1: 56f9aa37f099409170b4656079edbf52e464b700
+        SHA256: 29bf8618816bce5fa2845409d98b7b96915e0763bb04719535ca885e4713cfaf
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2022-08-16 06:58:09'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: POORTRY2.sys
+    ImportedFunctions:
+    - RtlTimeToTimeFields
+    - ExAllocatePoolWithTag
+    - ZwCreateKey
+    - ExFreePoolWithTag
+    - NtQuerySystemInformation
+    - ZwReadFile
+    - RtlInitUnicodeString
+    - IoCreateFile
+    - RtlUnicodeStringToAnsiString
+    - _wcslwr
+    - IoFileObjectType
+    - ZwCreateFile
+    - wcsstr
+    - ZwQueryValueKey
+    - ExAllocatePool
+    - PsTerminateSystemThread
+    - ZwClose
+    - RtlFreeAnsiString
+    - ZwQueryInformationFile
+    - KeWaitForMultipleObjects
+    - ZwWriteFile
+    - _vsnprintf
+    - KeBugCheck
+    - DbgPrint
+    - PsGetCurrentProcessId
+    - memmove
+    - ZwAllocateVirtualMemory
+    - atoi
+    - _strlwr
+    - NtQueryInformationProcess
+    - DbgBreakPoint
+    - ZwOpenProcess
+    - KeServiceDescriptorTable
+    - strrchr
+    - ObQueryNameString
+    - NtOpenThread
+    - NtClose
+    - NtOpenProcess
+    - ExSystemTimeToLocalTime
+    - RtlFreeUnicodeString
+    - KeQuerySystemTime
+    - RtlInitAnsiString
+    - MmGetSystemRoutineAddress
+    - RtlAnsiStringToUnicodeString
+    - sprintf
+    - swprintf_s
+    - ObfDereferenceObject
+    - KeSetEvent
+    - KeWaitForSingleObject
+    - ObReferenceObjectByHandle
+    - PsCreateSystemThread
+    - KeInitializeEvent
+    - PsSetCreateProcessNotifyRoutineEx
+    - _except_handler3
+    - memcpy
+    - memset
+    - FltStartFiltering
+    - FltRegisterFilter
+    - FltBuildDefaultSecurityDescriptor
+    - FltCloseCommunicationPort
+    - FltUnregisterFilter
+    - FltFreeSecurityDescriptor
+    - FltCreateCommunicationPort
+    - FltCloseClientPort
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: ''
+    MD5: b164daf106566f444dfb280d743bc2f7
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 104f21983f4d9023b3caea75e150d708
+        SHA1: f7c1d81b689da74283e59a207c099add982ebe65
+        SHA256: d7cc985c73b6cab2c875fcdabc34930c0849b055477e264061c4ef8351c69fa0
+    SHA1: 7e836dadc2e149a0b758c7e22c989cbfcce18684
+    SHA256: 9bb09752cf3a464455422909edef518ac18fe63cf5e1e8d9d6c2e68db62e0c87
+    Sections:
+        .text:
+            Entropy: 6.45038937848739
+            Virtual Size: '0x62f0'
+        .text1:
+            Entropy: 5.165948744304026
+            Virtual Size: '0x297'
+        .rdata:
+            Entropy: 5.232271695468786
+            Virtual Size: '0x1124'
+        .data:
+            Entropy: 5.293435318357553
+            Virtual Size: '0x1444'
+        INIT:
+            Entropy: 5.301289658142679
+            Virtual Size: '0x65c'
+        .reloc:
+            Entropy: 5.3198588285526975
+            Virtual Size: '0x624'
+    Signature:
+    - Microsoft Windows Hardware Compatibility Publisher
+    - Microsoft Windows Third Party Component CA 2014
+    - Microsoft Root Certificate Authority 2010
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Hardware Compatibility Publisher
+            ValidFrom: '2022-06-07 18:08:06'
+            ValidTo: '2023-06-01 18:08:06'
+            Signature: 0a835e40cdb627d4f0a0d3dbbf64a46a05c132d0b5df9d11cd9c195d7037737057d57a342732ae68d67de47f460e7211c7c40dc29b0a079caff871c4834a9a2fc85e759de9b78659ad6fd79b7320e538e9ba5d52227ad67cc00b0a770ef662af3d743a558643ad89cfb015591709a69b6271a9b65db71898e7cb9964c6376dc474898301a6133198b486b518fdd9d7b9723dcffc441e026833f7c72e27986026c97b9184a0048b10d1fe6847ae467f02173f7a69120be780e5b6b9e6399402cc58735a31b537cc33578fbea443135a4a612359150bcf9ab316f6a9248bc71ef3f3480b9b3fa2341692bc3a121d80214688f7bd87d5ec56dcbd0ea61abf2c7ed2b739a07590adb596d401735d955f5f94c591d69ab4363a42f9fca549d439495711ff7990448c03724792ed4acf31f2b35b136c1b2f37aa82b1aabf7daf059dcb2e976e95311ec6e9cc53876dd09632cf512d39c801849a7c1088a565691953e07c7ff17b22518e982dd2dcc0feda8c834ca1f5e247aef1c3af5f13cd4b8cc1b6c0179bc876db88d677047c34366533e349796dbdea86389ad640710b7742ae8cc4ec88f10fa80ede4b1c93f81b55480fc8228216d54813df0327e74b3db9f3512a40c0568e4215827f9b7a2613deea72a7ec4df2def05e5559015049fe83edc83300526045cb128119e131b7d3573b268e24b0a25b9ad59f6301c8fc8f409322
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 3300000057ee4d659a923e7c10000000000057
+            Version: 3
+            TBS:
+                MD5: fdc11a5676aed4e9cc0c09eeb7450dfb
+                SHA1: 4902077d9a05d4231b791d3b05bafa4a79132f03
+                SHA256: 5db56c23d83bf67c7152e28ad4a684a7372b4ae4f52afe7a81ce91eef94caec3
+                SHA384: c952d7f0e0ea5216ce4400601fb7c0829f0f3fcd6eb2b5b9112fbe45d133e00c4abd660f8e1794f7ac4ef95123e2c0ab
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2014
+            ValidFrom: '2014-10-15 20:31:27'
+            ValidTo: '2029-10-15 20:41:27'
+            Signature: 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 330000000d690d5d7893d076df00000000000d
+            Version: 3
+            TBS:
+                MD5: 83f69422963f11c3c340b81712eef319
+                SHA1: 0c5e5f24590b53bc291e28583acb78e5adc95601
+                SHA256: d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
+                SHA384: 260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63
+        Signer:
+        -   SerialNumber: 3300000057ee4d659a923e7c10000000000057
+            Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2014
+            Version: 1
+    Imphash: 0ad7da35304c75ccf859bc29fe9ed09e
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/61abe019-08cb-48a3-89b2-62810696f277.yaml b/yaml/61abe019-08cb-48a3-89b2-62810696f277.yaml
index 63d3149aa..53f06d0af 100644
--- a/yaml/61abe019-08cb-48a3-89b2-62810696f277.yaml
+++ b/yaml/61abe019-08cb-48a3-89b2-62810696f277.yaml
@@ -1,124 +1,124 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 61abe019-08cb-48a3-89b2-62810696f277
+Tags:
+- NQrmq.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: malicious
-Commands:
-  Command: sc.exe create NQrmq.sys binPath=C:\windows\temp\NQrmq.sys type=kernel &&
-    sc.exe start NQrmq.sys
-  Description: Found via RichPEHeaderHash pivoting.
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-06-05'
-Detection: []
-Id: 61abe019-08cb-48a3-89b2-62810696f277
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: deb930efdc62da7c54923e3c7802a85c
-    SHA1: 1ce8dfaf518604b9043f7fe3c31eae11f84e74cb
-    SHA256: 16a1977a9251d6d4bec86bb0702a97bcaefa94444bbfe3978af2f79ee10d62a6
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2022-06-02 04:09:08'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: NQrmq.sys
-  ImportedFunctions:
-  - rand
-  - rand
-  Imports:
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: 550b7991d93534bc510bc4f237155a7a
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: a7d4acb55095eb7efa7945ef805fcf8b
-    SHA1: 10103bfe4f9a5b22c45d64354f88be415249f384
-    SHA256: 58bcb1d3215317fc95d1b8ddef6945aead4de70049db273b0d4a82a7e22b38d8
-  SHA1: 9382981b05b1fb950245313992444bfa0db5f881
-  SHA256: ad938d15ecfd70083c474e1642a88b078c3cea02cdbddf66d4fb1c01b9b29d9a
-  Sections:
-    .text:
-      Entropy: 2.2994112768420387
-      Virtual Size: '0x7000'
-    .sedata:
-      Entropy: 7.680349963553791
-      Virtual Size: '0x9e000'
-    .idata:
-      Entropy: 0.6151813085609522
-      Virtual Size: '0x1000'
-    .reloc:
-      Entropy: 2.262142397286403
-      Virtual Size: '0x1000'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=CN, ST=Beijing, L=Beijing, O=Beijing Ruidongtiandi Info.Tech.Co.,Ltd.,
-        OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=Beijing Ruidongtiandi
-        Info.Tech.Co.,Ltd.
-      ValidFrom: '2010-11-11 00:00:00'
-      ValidTo: '2012-11-10 23:59:59'
-      Signature: 0deefa571424a975661ebbc39f31c4b21c6b532da119c9580d7cb43165cda51c78e8c6f5c0252d0ae3c6f6c7b3574ec72ae4a2717b3a5b02701d2131b30beda55976f7c575c67d6470b4d20321dd0661e12ec795a43a136b73f30e707e8381519001327be6d121656ad1289c11b235fd992f716228ac548e8af94ee3f3915c461123cf5a1d0781e5a6d37c7b88ed1ce39fd7374ebbe94e63524385f871731573501559c76d8a9178f4a8af2b9c2c90e087ec7c8c664d60a253eb5f420f7a0c011e5c4ea286dc0d7ad7cfc8b976d1a1f14eed65d0305e3ef2f2536e86513b98a73991f8e40fad315bbf44e092310fe628bda7bfde5ac9523781696278dfb6482d
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 05d98a22e3a0fb56daa205538300381f
-      Version: 3
-      TBS:
-        MD5: aa52b74b487a98ed02319a5bbd21c7e8
-        SHA1: 6cd85ce4aa7b0dcc72ac530bb2fcce7397c05ccd
-        SHA256: a05893720458c10992edda14a39d25d38d2c28e4d3f9b2116e8cb3c46a6eeb16
-        SHA384: 678607015840297e5a80477da01188a001bb6a9e7b65b17636c153fe79f3875d9b5b41b28aaaba3cf53fb197c8212d38
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 05d98a22e3a0fb56daa205538300381f
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: dbf09dd3e675f15c7cc9b4d2b8e6cd90
-  LoadsDespiteHVCI: 'TRUE'
 MitreID: T1068
+Category: malicious
+Commands:
+    Command: sc.exe create NQrmq.sys binPath=C:\windows\temp\NQrmq.sys type=kernel
+        && sc.exe start NQrmq.sys
+    Description: Found via RichPEHeaderHash pivoting.
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - ''
-Tags:
-- NQrmq.sys
-Verified: 'TRUE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: deb930efdc62da7c54923e3c7802a85c
+        SHA1: 1ce8dfaf518604b9043f7fe3c31eae11f84e74cb
+        SHA256: 16a1977a9251d6d4bec86bb0702a97bcaefa94444bbfe3978af2f79ee10d62a6
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2022-06-02 04:09:08'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: NQrmq.sys
+    ImportedFunctions:
+    - rand
+    - rand
+    Imports:
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: 550b7991d93534bc510bc4f237155a7a
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: a7d4acb55095eb7efa7945ef805fcf8b
+        SHA1: 10103bfe4f9a5b22c45d64354f88be415249f384
+        SHA256: 58bcb1d3215317fc95d1b8ddef6945aead4de70049db273b0d4a82a7e22b38d8
+    SHA1: 9382981b05b1fb950245313992444bfa0db5f881
+    SHA256: ad938d15ecfd70083c474e1642a88b078c3cea02cdbddf66d4fb1c01b9b29d9a
+    Sections:
+        .text:
+            Entropy: 2.2994112768420387
+            Virtual Size: '0x7000'
+        .sedata:
+            Entropy: 7.680349963553791
+            Virtual Size: '0x9e000'
+        .idata:
+            Entropy: 0.6151813085609522
+            Virtual Size: '0x1000'
+        .reloc:
+            Entropy: 2.262142397286403
+            Virtual Size: '0x1000'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=CN, ST=Beijing, L=Beijing, O=Beijing Ruidongtiandi Info.Tech.Co.,Ltd.,
+                OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=Beijing
+                Ruidongtiandi Info.Tech.Co.,Ltd.
+            ValidFrom: '2010-11-11 00:00:00'
+            ValidTo: '2012-11-10 23:59:59'
+            Signature: 0deefa571424a975661ebbc39f31c4b21c6b532da119c9580d7cb43165cda51c78e8c6f5c0252d0ae3c6f6c7b3574ec72ae4a2717b3a5b02701d2131b30beda55976f7c575c67d6470b4d20321dd0661e12ec795a43a136b73f30e707e8381519001327be6d121656ad1289c11b235fd992f716228ac548e8af94ee3f3915c461123cf5a1d0781e5a6d37c7b88ed1ce39fd7374ebbe94e63524385f871731573501559c76d8a9178f4a8af2b9c2c90e087ec7c8c664d60a253eb5f420f7a0c011e5c4ea286dc0d7ad7cfc8b976d1a1f14eed65d0305e3ef2f2536e86513b98a73991f8e40fad315bbf44e092310fe628bda7bfde5ac9523781696278dfb6482d
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 05d98a22e3a0fb56daa205538300381f
+            Version: 3
+            TBS:
+                MD5: aa52b74b487a98ed02319a5bbd21c7e8
+                SHA1: 6cd85ce4aa7b0dcc72ac530bb2fcce7397c05ccd
+                SHA256: a05893720458c10992edda14a39d25d38d2c28e4d3f9b2116e8cb3c46a6eeb16
+                SHA384: 678607015840297e5a80477da01188a001bb6a9e7b65b17636c153fe79f3875d9b5b41b28aaaba3cf53fb197c8212d38
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 05d98a22e3a0fb56daa205538300381f
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: dbf09dd3e675f15c7cc9b4d2b8e6cd90
+    LoadsDespiteHVCI: 'TRUE'
diff --git a/yaml/62e2a967-1f03-4225-a325-122b109208f3.yaml b/yaml/62e2a967-1f03-4225-a325-122b109208f3.yaml
index c63dc5383..a798596c8 100644
--- a/yaml/62e2a967-1f03-4225-a325-122b109208f3.yaml
+++ b/yaml/62e2a967-1f03-4225-a325-122b109208f3.yaml
@@ -1,998 +1,1004 @@
 Id: 62e2a967-1f03-4225-a325-122b109208f3
+Tags:
+- DirectIo.sys
+Verified: 'TRUE'
 Author: Nasreddine Bencherchali
 Created: '2023-05-06'
 MitreID: T1068
 Category: vulnerable driver
-Verified: 'TRUE'
 Commands:
-  Command: sc.exe create DirectIo.sys binPath=C:\windows\temp\DirectIo.sys type=kernel
-    && sc.exe start DirectIo.sys
-  Description: ''
-  Usecase: Elevate privileges
-  Privileges: kernel
-  OperatingSystem: Windows 10
+    Command: sc.exe create DirectIo.sys binPath=C:\windows\temp\DirectIo.sys type=kernel
+        && sc.exe start DirectIo.sys
+    Description: ''
+    Usecase: Elevate privileges
+    Privileges: kernel
+    OperatingSystem: Windows 10
 Resources:
 - Internal Research
-Acknowledgement:
-  Person: ''
-  Handle: ''
 Detection: []
+Acknowledgement:
+    Person: ''
+    Handle: ''
 KnownVulnerableSamples:
-- Filename: DirectIo.sys
-  MD5: d77fb9fb256b0c2ec0258c39b80dc513
-  SHA1: bdfb1a2b08d823009c912808425b357d22480ecc
-  SHA256: 2b186926ed815d87eaf72759a69095a11274f5d13c33b8cc2b8700a1f020be1d
-  Authentihash:
-    MD5: 79f811fc9166bce5a871174b384370a7
-    SHA1: 79f909fb1ffe781e45351fc683e7cece43cfe465
-    SHA256: d166b6ffd164dbea53f0f588a979f4c5f1f2a1793fc10cda84a4530b7b22fd0c
-  Description: ''
-  Company: ''
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  Product: ''
-  ProductVersion: ''
-  Copyright: ''
-  MachineType: I386
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - ZwClose
-  - ZwUnmapViewOfSection
-  - IoWriteErrorLogEntry
-  - memmove
-  - IoAllocateErrorLogEntry
-  - IofCompleteRequest
-  - memcpy
-  - IoDeleteDevice
-  - RtlAppendUnicodeStringToString
-  - RtlIntegerToUnicodeString
-  - RtlAppendUnicodeToString
-  - IoDeleteSymbolicLink
-  - RtlQueryRegistryValues
-  - ZwOpenSection
-  - memset
-  - RtlWriteRegistryValue
-  - KeWaitForSingleObject
-  - IofCallDriver
-  - IoBuildDeviceIoControlRequest
-  - KeInitializeEvent
-  - IoCreateSymbolicLink
-  - ObfDereferenceObject
-  - ObReferenceObjectByPointer
-  - IoGetDeviceObjectPointer
-  - IoCreateDevice
-  - KeTickCount
-  - KeBugCheckEx
-  - ObReferenceObjectByHandle
-  - ZwMapViewOfSection
-  - DbgPrint
-  - RtlInitUnicodeString
-  - ExAllocatePool
-  - ZwQueryValueKey
-  - ZwOpenKey
-  - ExFreePoolWithTag
-  - READ_PORT_USHORT
-  - READ_PORT_UCHAR
-  - WRITE_PORT_ULONG
-  - WRITE_PORT_USHORT
-  - WRITE_PORT_UCHAR
-  - KeGetCurrentIrql
-  - READ_PORT_ULONG
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=AU, ST=NSW, O=PassMark Software Pty Ltd, OU=Digital ID Class 3 ,
-        Microsoft Software Validation v2, CN=PassMark Software Pty Ltd
-      ValidFrom: '2007-10-16 00:00:00'
-      ValidTo: '2009-10-19 23:59:59'
-      Signature: 27590ffbf55ce7075377d7997de4f53c5377b36a064eb2342d722f7f5b5e804d5db0d6b466f2fa6673e9edf7d4352b136607ab22d384864154080bffb6606478d4b4ba3ffb40ad82364798d8532ff649ed8579e3f8dac0e00e575ec7c62a3503750608e10ee5f652ff874117ebd2bb6260572159e5fd024be4318a7a46a4e6a2829bbacb2f119e5ae61a4329830f26dabecb26412826b6098d8b8852514c52be67b32a27f889594db3721bdc3bbcf94d37b0dcb3d7a0a2d0c2e34401d24984a290a00337ba6b5d799bda733e61578d34058ec81050678a60cbf8318adc0f1fe800eeb01a5ca9a5f5e11683c96d3a58f35656003c5db4dad59e78a947830c03f7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 6204d256fa7f1bbb6b94137201342edb
-      Version: 3
-      TBS:
-        MD5: 6d1e29bfc506a25c8c94f3187928f78a
-        SHA1: 8148e95f805e70a0099df66b0af3014ccd3e9c54
-        SHA256: a8ebde025316b08aee32311f8e9d2951724cfa0bfc3758ccdfc350e67d472ea8
-        SHA384: 70a1e68b764d966da3179c64ddd8492bbb9ba2290ec0e38013345427a9aa734630ad9a10403da776a0bf028343796c42
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 6204d256fa7f1bbb6b94137201342edb
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 0c098bb8b3d8ab496a48df72e7d7b738
-    SHA1: e0651092bc73d531f171e38fbc3f4e0d13655c27
-    SHA256: 13dba82c11b63ac1edf1b4017d9a3c658b188f88cf0172513e4019e764f80761
-  Sections:
-    .text:
-      Entropy: 5.621982105180218
-      Virtual Size: '0x179a'
-    .rdata:
-      Entropy: 4.305717440945202
-      Virtual Size: '0x114'
-    .data:
-      Entropy: 3.8219280948873617
-      Virtual Size: '0x14'
-    INIT:
-      Entropy: 5.431417999610977
-      Virtual Size: '0x4b0'
-    .reloc:
-      Entropy: 4.913420364027462
-      Virtual Size: '0x16c'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2009-09-29 00:09:53'
-  Imphash: fce118020e70919e5c8c629687f89e56
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: DirectIo.sys
-  MD5: 590875a0b2eeb171403fc7d0f5110cb2
-  SHA1: 4f94789cffb23c301f93d6913b594748684abf6a
-  SHA256: 31f4140c12ac31f5729a8de4dc051d3acd07783564604df831a2a6722c979192
-  Authentihash:
-    MD5: 92d24cb91b1cdc8139614ac03a00af5c
-    SHA1: 562695a1b80864b303b234fa801f064d7546b4f8
-    SHA256: f5c267770f18d720313eedc7ff363989b04b21394e7c0179088d74b4d0fb2630
-  Description: ''
-  Company: ''
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  Product: ''
-  ProductVersion: ''
-  Copyright: ''
-  MachineType: I386
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - ZwOpenSection
-  - ZwClose
-  - ZwUnmapViewOfSection
-  - IoWriteErrorLogEntry
-  - memmove
-  - IoAllocateErrorLogEntry
-  - IofCompleteRequest
-  - IoDeleteDevice
-  - RtlAppendUnicodeStringToString
-  - RtlIntegerToUnicodeString
-  - RtlAppendUnicodeToString
-  - IoDeleteSymbolicLink
-  - ObReferenceObjectByHandle
-  - ZwOpenKey
-  - RtlWriteRegistryValue
-  - KeWaitForSingleObject
-  - IofCallDriver
-  - IoBuildDeviceIoControlRequest
-  - KeInitializeEvent
-  - IoCreateSymbolicLink
-  - ObfDereferenceObject
-  - ObReferenceObjectByPointer
-  - IoGetDeviceObjectPointer
-  - IoCreateDevice
-  - ZwMapViewOfSection
-  - DbgPrint
-  - RtlAssert
-  - RtlInitUnicodeString
-  - ExAllocatePoolWithTag
-  - ZwQueryValueKey
-  - RtlQueryRegistryValues
-  - ExFreePool
-  - READ_PORT_USHORT
-  - READ_PORT_UCHAR
-  - WRITE_PORT_ULONG
-  - WRITE_PORT_USHORT
-  - WRITE_PORT_UCHAR
-  - KeGetCurrentIrql
-  - READ_PORT_ULONG
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=ZA, O=Thawte Consulting (Pty) Ltd., CN=Thawte Code Signing CA
-      ValidFrom: '2003-08-06 00:00:00'
-      ValidTo: '2013-08-05 23:59:59'
-      Signature: 76b29cee139f1bf62d349294457334dc8e6b2e5cfc4c7d89ebc368f1d7990f2e1d17c8b5168bbecd8a0506f219493a035b05c9208e6d52e17681a0c3658a2267e41c53533746bfbcd72feb7b9ed014456c402108e25d757666301ef4df828a2fbdf3a20cbf1ddb9f14a29a72374db07748e84a3f09ce55192cefe60724e1afec
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0a
-      Version: 3
-      TBS:
-        MD5: 6c239df74ade9185bb735cea2298c028
-        SHA1: f6297a00d3b2b4ce4750402b66e7ea018d54f683
-        SHA256: c5e3eebf1434d85e615b06e3c7a4d3c31d10a4fb0ff7a9b262bd41b43a6aaefe
-        SHA384: 48520b9f122b94ccc316982c87d8ebf6ca4fc4e6fd4504c8fcee63b307b5502c403bf0676ef96ca9dc2004a11bbc825b
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=AU, ST=NSW, L=Sydney, O=PassMark Software Pty Ltd, OU=Secure Application
-        Development, CN=PassMark Software Pty Ltd
-      ValidFrom: '2005-10-20 07:03:10'
-      ValidTo: '2007-10-20 07:03:10'
-      Signature: 3116ad5ee2031661e893bffa3e28036440e1342ac82cb00ffa19b541cc558bb494ac845d401892bc236a2d26f6826d580da1b6eb998a81ea3867ddb07fdf2a267452f6abc71242c3dc904e528953ec2eebdb5ca5dd9c1e607527822dff5fb577a2be4fbdb33332abd62448751055ec5a857ff146bf07ccb4856e84f32debaa67
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.4
-      IsCertificateAuthority: false
-      SerialNumber: '401630'
-      Version: 3
-      TBS:
-        MD5: 391972f40ad0e59490bd1803af723015
-        SHA1: e66f420395c523174f01f8952b6f4915c32bc1f1
-        SHA256: 5df9a71e9b686740112195dd58c94639fd0bcce56227b37dc36b6a7e26a61130
-        SHA384: 23c676950785a7ad29464e024f6adb73d241c28bbaa207074c5ed8f6f2264d9e8b91e7f98c2b749f9fb999f1c2692029
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2008-12-03 23:59:59'
-      Signature: 877870da4e5201205be079c98230c4fdb91996bd9100c3bdcdcdc6f40ed8fff94dc033623011c5f5741bd492de5f9c2013b17c45be50cd83e7801783a72793671346fbcab8984103cc9b515b058b7fa86ff31b501b242ef2698d6c22f7bbca1695ed0c74c06877d9eb996287c17390f889747a23aba3987b97b1f78f29714d2e751b4841daf0b50d2054d677a097826369fd09cf8af075bb099bd9f91155269a6132be7a02b07b86bea2c38b222c78d13576bc92735cf9b9e64c150a23cce4d2d4342e4940153c0f607a24c6a566ef96cf70eb3ee7f40d7edcd17ca3767169c19c4f47303521b1a2af1a623c2bd98eaa2a077bd818b35c7be29da56ffe3c89ad
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0de92bf0d4d82988183205095e9a7688
-      Version: 3
-      TBS:
-        MD5: 45c204b8a20f6abb0188d2d38a3fb0c9
-        SHA1: cdf3a3c5c2eda4c29621f30fd3154f9f8c765739
-        SHA256: e32839dddc0f4ed2474efaf37f59d46db400c700fd19533cb0895a111124bc77
-        SHA384: ee9c75832cb252218b3201619852209df490d2ef7a5f7a28afdb37f1c1dd56f4604898838e558f615b1c798d4a488223
-    Signer:
-    - SerialNumber: '401630'
-      Issuer: C=ZA, O=Thawte Consulting (Pty) Ltd., CN=Thawte Code Signing CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: b1eff54c064351c9c1d8d59de7e66e67
-    SHA1: 76718b32f65623dfb388e3c069405322ec996245
-    SHA256: 1a090c4b92b5f86ac63e50623d7caa8fdc90ef78b4132d3511e212b4c9180b53
-  Sections:
-    .text:
-      Entropy: 5.489870201579556
-      Virtual Size: '0x1594'
-    .rdata:
-      Entropy: 4.312098470238592
-      Virtual Size: '0x114'
-    .data:
-      Entropy: 2.8453509366224368
-      Virtual Size: '0xb'
-    INIT:
-      Entropy: 5.307601538228162
-      Virtual Size: '0x436'
-    .reloc:
-      Entropy: 4.914864452783341
-      Virtual Size: '0x134'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2003-08-13 22:34:23'
-  Imphash: be2d638c3933fc3f5a96e539f9910c5f
-  LoadsDespiteHVCI: 'TRUE'
-- Filename: DirectIo.sys
-  MD5: 392d7180653b0ca77a78bdf15953d865
-  SHA1: 3e917f0986802d47c0ffe4d6f5944998987c4160
-  SHA256: 673b63b67345773cd6d66f6adcf2c753e2d949232bff818d5bb6e05786538d92
-  Authentihash:
-    MD5: a905e5bba9e716972e78843a7de4d30e
-    SHA1: 08de981cec441bf0bc18a90a44e13941ba4e781d
-    SHA256: 15cf3ce2a0ee32488de26222492842a378d6b8af6924578b35dac89fb0c7cb5c
-  Description: ''
-  Company: ''
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  Product: ''
-  ProductVersion: ''
-  Copyright: ''
-  MachineType: I386
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - ZwOpenSection
-  - ZwClose
-  - ZwUnmapViewOfSection
-  - ObfDereferenceObject
-  - ZwWriteFile
-  - PsGetProcessId
-  - NtBuildNumber
-  - RtlFillMemoryUlong
-  - ExAllocatePoolWithTag
-  - ZwCreateFile
-  - memset
-  - memcpy
-  - MmGetPhysicalMemoryRanges
-  - IoWriteErrorLogEntry
-  - memmove
-  - IoAllocateErrorLogEntry
-  - IofCompleteRequest
-  - IoDeleteDevice
-  - RtlAppendUnicodeStringToString
-  - ObReferenceObjectByHandle
-  - RtlAppendUnicodeToString
-  - IoDeleteSymbolicLink
-  - RtlQueryRegistryValues
-  - ZwOpenKey
-  - RtlWriteRegistryValue
-  - KeWaitForSingleObject
-  - IofCallDriver
-  - IoBuildDeviceIoControlRequest
-  - KeInitializeEvent
-  - IoCreateSymbolicLink
-  - ObReferenceObjectByPointer
-  - IoGetDeviceObjectPointer
-  - IoCreateDevice
-  - KeQueryActiveProcessors
-  - KeRevertToUserAffinityThread
-  - KeSetSystemAffinityThread
-  - KeTickCount
-  - KeBugCheckEx
-  - ZwMapViewOfSection
-  - DbgPrint
-  - RtlInitUnicodeString
-  - ExAllocatePool
-  - ZwQueryValueKey
-  - ExFreePoolWithTag
-  - RtlIntegerToUnicodeString
-  - RtlAssert
-  - READ_PORT_USHORT
-  - READ_PORT_UCHAR
-  - WRITE_PORT_ULONG
-  - WRITE_PORT_USHORT
-  - WRITE_PORT_UCHAR
-  - KeGetCurrentIrql
-  - READ_PORT_ULONG
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=AU, ST=NSW, O=PassMark Software Pty Ltd, OU=Digital ID Class 3 ,
-        Microsoft Software Validation v2, CN=PassMark Software Pty Ltd
-      ValidFrom: '2009-09-22 00:00:00'
-      ValidTo: '2012-10-18 23:59:59'
-      Signature: b7f68f477ab8836d5a2eaa9eaf9449186c71f90679d58058c558928f1ad7c76398511ce520afd6dce66540f536c377f824cf5b84fd60f83ead01a592fbce29cc51cca7da2fe8b50e89bc6999104fb406db3b878a7f9f148c767b668b84fcba161c1c14215de332cfcfc2fa52bce1543341231dd345b41da888372d4a2f82711f6125e029fd71859711bccd6b600247a440b6603296cfa9451e6ec81d51b1b7512705461af59e23e0423ba441c68025359a6e591c6370fa516188f8d720a16c6c7b24e975a204fbe5a3b8236443813e993d717df40642fe7d88d85aa1a51b47a3a05232da19c8f2de4144aa11d4577379c794ef9a48d60fc40f8793d5273a25da
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 38e7fa0db1a398f805bb85a69171dc9d
-      Version: 3
-      TBS:
-        MD5: 159feaed9447c7d71653069c337ec2b3
-        SHA1: 5079a8aa946ee016c86153d4456f58277360c036
-        SHA256: e76ee5754b8da5b514befb3a89eed638de08605326a1e611ddbed9e864551abf
-        SHA384: 9830194c19654f1196e74505a987588c36aa700489f3f482f1ad017bba6e39ebf9be18ab153da8cd9f8a672801820a87
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 38e7fa0db1a398f805bb85a69171dc9d
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 514099db0a673f041c38ff1523919f0b
-    SHA1: 82aa88e06f8c93a602236506b7388d7ff52aeb69
-    SHA256: f8340b629757f4646721bd2fdc56847de527e35235165ee4c3996fa1cf7f6d62
-  Sections:
-    .text:
-      Entropy: 6.044666553764061
-      Virtual Size: '0x25b3'
-    .rdata:
-      Entropy: 4.241242147614977
-      Virtual Size: '0x144'
-    .data:
-      Entropy: 3.625
-      Virtual Size: '0x20'
-    INIT:
-      Entropy: 5.45258905196258
-      Virtual Size: '0x5d0'
-    .reloc:
-      Entropy: 5.373707929571261
-      Virtual Size: '0x240'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2011-12-20 17:07:39'
-  Imphash: 67f975f0734a5b0598223fbe00b3367e
-  LoadsDespiteHVCI: 'TRUE'
-- Filename: DirectIo.sys
-  MD5: e3fda6120dfa016a76d975fdab7954f6
-  SHA1: e2e7a2b2550b889235aafd9ffd1966ccd20badfe
-  SHA256: 83f7be0a13c1fccf024c31da5c68c0ea1decf4f48fc39d6e4fd324bbe789ae8a
-  Authentihash:
-    MD5: 4235df36aa97725d3a17e653dd5e1524
-    SHA1: 9fa6e7d69545a0f7b82c01e9bec2c8f19d1ab65b
-    SHA256: 2b03a8bad9ecfcacc8e8a21ee310ce359e1382d7a5d5ce5284b32ecc2bcc4b8a
-  Description: ''
-  Company: ''
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  Product: ''
-  ProductVersion: ''
-  Copyright: ''
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - ExFreePoolWithTag
-  - ZwQueryValueKey
-  - ExAllocatePoolWithTag
-  - RtlInitUnicodeString
-  - RtlAssert
-  - DbgPrint
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - ZwClose
-  - ZwUnmapViewOfSection
-  - IoWriteErrorLogEntry
-  - IoAllocateErrorLogEntry
-  - IofCompleteRequest
-  - IoDeleteDevice
-  - RtlAppendUnicodeStringToString
-  - RtlIntegerToUnicodeString
-  - RtlAppendUnicodeToString
-  - IoDeleteSymbolicLink
-  - RtlQueryRegistryValues
-  - ZwOpenKey
-  - RtlWriteRegistryValue
-  - KeWaitForSingleObject
-  - IofCallDriver
-  - IoBuildDeviceIoControlRequest
-  - KeInitializeEvent
-  - IoCreateSymbolicLink
-  - ObfDereferenceObject
-  - ObReferenceObjectByPointer
-  - IoGetDeviceObjectPointer
-  - IoCreateDevice
-  - KeBugCheckEx
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2008-12-03 23:59:59'
-      Signature: 877870da4e5201205be079c98230c4fdb91996bd9100c3bdcdcdc6f40ed8fff94dc033623011c5f5741bd492de5f9c2013b17c45be50cd83e7801783a72793671346fbcab8984103cc9b515b058b7fa86ff31b501b242ef2698d6c22f7bbca1695ed0c74c06877d9eb996287c17390f889747a23aba3987b97b1f78f29714d2e751b4841daf0b50d2054d677a097826369fd09cf8af075bb099bd9f91155269a6132be7a02b07b86bea2c38b222c78d13576bc92735cf9b9e64c150a23cce4d2d4342e4940153c0f607a24c6a566ef96cf70eb3ee7f40d7edcd17ca3767169c19c4f47303521b1a2af1a623c2bd98eaa2a077bd818b35c7be29da56ffe3c89ad
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0de92bf0d4d82988183205095e9a7688
-      Version: 3
-      TBS:
-        MD5: 45c204b8a20f6abb0188d2d38a3fb0c9
-        SHA1: cdf3a3c5c2eda4c29621f30fd3154f9f8c765739
-        SHA256: e32839dddc0f4ed2474efaf37f59d46db400c700fd19533cb0895a111124bc77
-        SHA384: ee9c75832cb252218b3201619852209df490d2ef7a5f7a28afdb37f1c1dd56f4604898838e558f615b1c798d4a488223
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=AU, ST=NSW, O=PassMark Software Pty Ltd, OU=Digital ID Class 3 ,
-        Microsoft Software Validation v2, CN=PassMark Software Pty Ltd
-      ValidFrom: '2006-10-19 00:00:00'
-      ValidTo: '2007-10-19 23:59:59'
-      Signature: 9bf8ac41d262fb76c85a3584db7eabfb020d1c1585e06c41a27ad555c19f6918bdf3c14582f8e9f47cf06f96d827c5da7ad99da6f51a346dccd9f141e501d2b383fe875f1701cdff354e2348870698178a99f3753dd465f5e2599d7da4c7e906767c865c017d66c63972407ba9886476f6466b607e1ae7299e1d8704b7ef534c5e91e36e94b91ff4a15ee5f8cffb09851c346003f2a5f28109a511cd58cc209dbbbe8b29ebabd0877136c823cc07ddf6ea4e84a1a611a114326a60a4781d3dd45681e43952be5954f26da67cdf51c2667f93ffe97180001d37fcf4c57747b81b6946fc323f45453a861f0dd45d11d033f95af78da4407ba75e00bdfa24d5e675
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 6365cef4a64e1054779b87cb364f5ba7
-      Version: 3
-      TBS:
-        MD5: a333a5d8e036bd92dcf209381fc331d5
-        SHA1: e5cd8df5f677bc92b27eed5ed408a6db2a1f0153
-        SHA256: b870910241ae9b44b91890b43fd7105b0af45bf7509b25d3f907a651ac21733d
-        SHA384: a3145574b39a4c5e13e48125dcab20eb80d4ade33f0dca8c3eb9782e741352d54064dfdff6e376973d7a6a94b57632a7
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 6365cef4a64e1054779b87cb364f5ba7
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: fcd102d43841ff49976a6a32b6456c2f
-    SHA1: 1eb8dc8cd2cd7b688bd03928605985347118386c
-    SHA256: 3568804e9adb8de713d9b72b27275ff0bbe16d5aad413143c00b11b4a8c79c60
-  Sections:
-    .text:
-      Entropy: 5.72785644824468
-      Virtual Size: '0x2512'
-    .rdata:
-      Entropy: 4.174482219291641
-      Virtual Size: '0x350'
-    .data:
-      Entropy: 0.8149399521927442
-      Virtual Size: '0x120'
-    .pdata:
-      Entropy: 3.8028644197826855
-      Virtual Size: '0x12c'
-    INIT:
-      Entropy: 4.96025225558874
-      Virtual Size: '0x462'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2004-09-27 02:11:28'
-  Imphash: 77ec8b2c372741f12098f084a13a56a8
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: DirectIo.sys
-  MD5: a17c403c4b74d4fa920c3887066daeb2
-  SHA1: 30c6e1da8745c3d53df696af407ef095a8398273
-  SHA256: 94be67c319a67de75ebed050d5537cfaa795d72bba52f3d8cf349e7bd075410e
-  Authentihash:
-    MD5: 9377db4b59048af79f44c26fc34298a5
-    SHA1: d0559503988daa407fcc11e59079560cb456bb84
-    SHA256: eb6f186c9bf73b0efd227d99e09659c321f0414bda568e99ee9a3863dc1a380d
-  Description: ''
-  Company: ''
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  Product: ''
-  ProductVersion: ''
-  Copyright: ''
-  MachineType: I386
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - ZwClose
-  - ZwUnmapViewOfSection
-  - IoWriteErrorLogEntry
-  - memmove
-  - IoAllocateErrorLogEntry
-  - IofCompleteRequest
-  - memcpy
-  - IoDeleteDevice
-  - RtlAppendUnicodeStringToString
-  - RtlIntegerToUnicodeString
-  - RtlAppendUnicodeToString
-  - IoDeleteSymbolicLink
-  - RtlQueryRegistryValues
-  - ZwOpenSection
-  - memset
-  - RtlWriteRegistryValue
-  - KeWaitForSingleObject
-  - IofCallDriver
-  - IoBuildDeviceIoControlRequest
-  - KeInitializeEvent
-  - IoCreateSymbolicLink
-  - ObfDereferenceObject
-  - ObReferenceObjectByPointer
-  - IoGetDeviceObjectPointer
-  - IoCreateDevice
-  - KeTickCount
-  - KeBugCheckEx
-  - ObReferenceObjectByHandle
-  - ZwMapViewOfSection
-  - DbgPrint
-  - RtlInitUnicodeString
-  - ExAllocatePool
-  - ZwQueryValueKey
-  - ZwOpenKey
-  - ExFreePoolWithTag
-  - READ_PORT_USHORT
-  - READ_PORT_UCHAR
-  - WRITE_PORT_ULONG
-  - WRITE_PORT_USHORT
-  - WRITE_PORT_UCHAR
-  - KeGetCurrentIrql
-  - READ_PORT_ULONG
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=AU, ST=NSW, O=PassMark Software Pty Ltd, OU=Digital ID Class 3 ,
-        Microsoft Software Validation v2, CN=PassMark Software Pty Ltd
-      ValidFrom: '2007-10-16 00:00:00'
-      ValidTo: '2009-10-19 23:59:59'
-      Signature: 27590ffbf55ce7075377d7997de4f53c5377b36a064eb2342d722f7f5b5e804d5db0d6b466f2fa6673e9edf7d4352b136607ab22d384864154080bffb6606478d4b4ba3ffb40ad82364798d8532ff649ed8579e3f8dac0e00e575ec7c62a3503750608e10ee5f652ff874117ebd2bb6260572159e5fd024be4318a7a46a4e6a2829bbacb2f119e5ae61a4329830f26dabecb26412826b6098d8b8852514c52be67b32a27f889594db3721bdc3bbcf94d37b0dcb3d7a0a2d0c2e34401d24984a290a00337ba6b5d799bda733e61578d34058ec81050678a60cbf8318adc0f1fe800eeb01a5ca9a5f5e11683c96d3a58f35656003c5db4dad59e78a947830c03f7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 6204d256fa7f1bbb6b94137201342edb
-      Version: 3
-      TBS:
-        MD5: 6d1e29bfc506a25c8c94f3187928f78a
-        SHA1: 8148e95f805e70a0099df66b0af3014ccd3e9c54
-        SHA256: a8ebde025316b08aee32311f8e9d2951724cfa0bfc3758ccdfc350e67d472ea8
-        SHA384: 70a1e68b764d966da3179c64ddd8492bbb9ba2290ec0e38013345427a9aa734630ad9a10403da776a0bf028343796c42
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 6204d256fa7f1bbb6b94137201342edb
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: ac3b596da38376a84935a26e5aca6915
-    SHA1: e38256e7c3ef84b3fa5d5b005a9d54ff5adad19b
-    SHA256: a57d9c917192aa7db89b0379b8601693e19aa75bdc57c24439f036878be692a9
-  Sections:
-    .text:
-      Entropy: 5.605951337306646
-      Virtual Size: '0x16e8'
-    .rdata:
-      Entropy: 4.355262991817329
-      Virtual Size: '0x114'
-    .data:
-      Entropy: 3.8219280948873617
-      Virtual Size: '0x14'
-    INIT:
-      Entropy: 5.4991652276764285
-      Virtual Size: '0x4b0'
-    .reloc:
-      Entropy: 5.080423885108474
-      Virtual Size: '0x158'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2008-03-09 18:42:32'
-  Imphash: fce118020e70919e5c8c629687f89e56
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: DirectIo.sys
-  MD5: 7056549baa6da18910151b08121e2c94
-  SHA1: 84d44e166072bccf1f8e1e9eb51880ffa065a274
-  SHA256: bb68552936a6b0a68fb53ce864a6387d2698332aac10a7adfdd5a48b97027ce3
-  Authentihash:
-    MD5: 92d24cb91b1cdc8139614ac03a00af5c
-    SHA1: 562695a1b80864b303b234fa801f064d7546b4f8
-    SHA256: f5c267770f18d720313eedc7ff363989b04b21394e7c0179088d74b4d0fb2630
-  Description: ''
-  Company: ''
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  Product: ''
-  ProductVersion: ''
-  Copyright: ''
-  MachineType: I386
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - ZwOpenSection
-  - ZwClose
-  - ZwUnmapViewOfSection
-  - IoWriteErrorLogEntry
-  - memmove
-  - IoAllocateErrorLogEntry
-  - IofCompleteRequest
-  - IoDeleteDevice
-  - RtlAppendUnicodeStringToString
-  - RtlIntegerToUnicodeString
-  - RtlAppendUnicodeToString
-  - IoDeleteSymbolicLink
-  - ObReferenceObjectByHandle
-  - ZwOpenKey
-  - RtlWriteRegistryValue
-  - KeWaitForSingleObject
-  - IofCallDriver
-  - IoBuildDeviceIoControlRequest
-  - KeInitializeEvent
-  - IoCreateSymbolicLink
-  - ObfDereferenceObject
-  - ObReferenceObjectByPointer
-  - IoGetDeviceObjectPointer
-  - IoCreateDevice
-  - ZwMapViewOfSection
-  - DbgPrint
-  - RtlAssert
-  - RtlInitUnicodeString
-  - ExAllocatePoolWithTag
-  - ZwQueryValueKey
-  - RtlQueryRegistryValues
-  - ExFreePool
-  - READ_PORT_USHORT
-  - READ_PORT_UCHAR
-  - WRITE_PORT_ULONG
-  - WRITE_PORT_USHORT
-  - WRITE_PORT_UCHAR
-  - KeGetCurrentIrql
-  - READ_PORT_ULONG
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2008-12-03 23:59:59'
-      Signature: 877870da4e5201205be079c98230c4fdb91996bd9100c3bdcdcdc6f40ed8fff94dc033623011c5f5741bd492de5f9c2013b17c45be50cd83e7801783a72793671346fbcab8984103cc9b515b058b7fa86ff31b501b242ef2698d6c22f7bbca1695ed0c74c06877d9eb996287c17390f889747a23aba3987b97b1f78f29714d2e751b4841daf0b50d2054d677a097826369fd09cf8af075bb099bd9f91155269a6132be7a02b07b86bea2c38b222c78d13576bc92735cf9b9e64c150a23cce4d2d4342e4940153c0f607a24c6a566ef96cf70eb3ee7f40d7edcd17ca3767169c19c4f47303521b1a2af1a623c2bd98eaa2a077bd818b35c7be29da56ffe3c89ad
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0de92bf0d4d82988183205095e9a7688
-      Version: 3
-      TBS:
-        MD5: 45c204b8a20f6abb0188d2d38a3fb0c9
-        SHA1: cdf3a3c5c2eda4c29621f30fd3154f9f8c765739
-        SHA256: e32839dddc0f4ed2474efaf37f59d46db400c700fd19533cb0895a111124bc77
-        SHA384: ee9c75832cb252218b3201619852209df490d2ef7a5f7a28afdb37f1c1dd56f4604898838e558f615b1c798d4a488223
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=AU, ST=NSW, O=PassMark Software Pty Ltd, OU=Digital ID Class 3 ,
-        Microsoft Software Validation v2, CN=PassMark Software Pty Ltd
-      ValidFrom: '2006-10-19 00:00:00'
-      ValidTo: '2007-10-19 23:59:59'
-      Signature: 9bf8ac41d262fb76c85a3584db7eabfb020d1c1585e06c41a27ad555c19f6918bdf3c14582f8e9f47cf06f96d827c5da7ad99da6f51a346dccd9f141e501d2b383fe875f1701cdff354e2348870698178a99f3753dd465f5e2599d7da4c7e906767c865c017d66c63972407ba9886476f6466b607e1ae7299e1d8704b7ef534c5e91e36e94b91ff4a15ee5f8cffb09851c346003f2a5f28109a511cd58cc209dbbbe8b29ebabd0877136c823cc07ddf6ea4e84a1a611a114326a60a4781d3dd45681e43952be5954f26da67cdf51c2667f93ffe97180001d37fcf4c57747b81b6946fc323f45453a861f0dd45d11d033f95af78da4407ba75e00bdfa24d5e675
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 6365cef4a64e1054779b87cb364f5ba7
-      Version: 3
-      TBS:
-        MD5: a333a5d8e036bd92dcf209381fc331d5
-        SHA1: e5cd8df5f677bc92b27eed5ed408a6db2a1f0153
-        SHA256: b870910241ae9b44b91890b43fd7105b0af45bf7509b25d3f907a651ac21733d
-        SHA384: a3145574b39a4c5e13e48125dcab20eb80d4ade33f0dca8c3eb9782e741352d54064dfdff6e376973d7a6a94b57632a7
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 6365cef4a64e1054779b87cb364f5ba7
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: b1eff54c064351c9c1d8d59de7e66e67
-    SHA1: 76718b32f65623dfb388e3c069405322ec996245
-    SHA256: 1a090c4b92b5f86ac63e50623d7caa8fdc90ef78b4132d3511e212b4c9180b53
-  Sections:
-    .text:
-      Entropy: 5.489870201579556
-      Virtual Size: '0x1594'
-    .rdata:
-      Entropy: 4.312098470238592
-      Virtual Size: '0x114'
-    .data:
-      Entropy: 2.8453509366224368
-      Virtual Size: '0xb'
-    INIT:
-      Entropy: 5.307601538228162
-      Virtual Size: '0x436'
-    .reloc:
-      Entropy: 4.914864452783341
-      Virtual Size: '0x134'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2003-08-13 22:34:23'
-  Imphash: be2d638c3933fc3f5a96e539f9910c5f
-  LoadsDespiteHVCI: 'FALSE'
-Tags:
-- DirectIo.sys
+-   Filename: DirectIo.sys
+    MD5: d77fb9fb256b0c2ec0258c39b80dc513
+    SHA1: bdfb1a2b08d823009c912808425b357d22480ecc
+    SHA256: 2b186926ed815d87eaf72759a69095a11274f5d13c33b8cc2b8700a1f020be1d
+    Authentihash:
+        MD5: 79f811fc9166bce5a871174b384370a7
+        SHA1: 79f909fb1ffe781e45351fc683e7cece43cfe465
+        SHA256: d166b6ffd164dbea53f0f588a979f4c5f1f2a1793fc10cda84a4530b7b22fd0c
+    Description: ''
+    Company: ''
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    Product: ''
+    ProductVersion: ''
+    Copyright: ''
+    MachineType: I386
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - ZwClose
+    - ZwUnmapViewOfSection
+    - IoWriteErrorLogEntry
+    - memmove
+    - IoAllocateErrorLogEntry
+    - IofCompleteRequest
+    - memcpy
+    - IoDeleteDevice
+    - RtlAppendUnicodeStringToString
+    - RtlIntegerToUnicodeString
+    - RtlAppendUnicodeToString
+    - IoDeleteSymbolicLink
+    - RtlQueryRegistryValues
+    - ZwOpenSection
+    - memset
+    - RtlWriteRegistryValue
+    - KeWaitForSingleObject
+    - IofCallDriver
+    - IoBuildDeviceIoControlRequest
+    - KeInitializeEvent
+    - IoCreateSymbolicLink
+    - ObfDereferenceObject
+    - ObReferenceObjectByPointer
+    - IoGetDeviceObjectPointer
+    - IoCreateDevice
+    - KeTickCount
+    - KeBugCheckEx
+    - ObReferenceObjectByHandle
+    - ZwMapViewOfSection
+    - DbgPrint
+    - RtlInitUnicodeString
+    - ExAllocatePool
+    - ZwQueryValueKey
+    - ZwOpenKey
+    - ExFreePoolWithTag
+    - READ_PORT_USHORT
+    - READ_PORT_UCHAR
+    - WRITE_PORT_ULONG
+    - WRITE_PORT_USHORT
+    - WRITE_PORT_UCHAR
+    - KeGetCurrentIrql
+    - READ_PORT_ULONG
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=AU, ST=NSW, O=PassMark Software Pty Ltd, OU=Digital ID Class
+                3 , Microsoft Software Validation v2, CN=PassMark Software Pty Ltd
+            ValidFrom: '2007-10-16 00:00:00'
+            ValidTo: '2009-10-19 23:59:59'
+            Signature: 27590ffbf55ce7075377d7997de4f53c5377b36a064eb2342d722f7f5b5e804d5db0d6b466f2fa6673e9edf7d4352b136607ab22d384864154080bffb6606478d4b4ba3ffb40ad82364798d8532ff649ed8579e3f8dac0e00e575ec7c62a3503750608e10ee5f652ff874117ebd2bb6260572159e5fd024be4318a7a46a4e6a2829bbacb2f119e5ae61a4329830f26dabecb26412826b6098d8b8852514c52be67b32a27f889594db3721bdc3bbcf94d37b0dcb3d7a0a2d0c2e34401d24984a290a00337ba6b5d799bda733e61578d34058ec81050678a60cbf8318adc0f1fe800eeb01a5ca9a5f5e11683c96d3a58f35656003c5db4dad59e78a947830c03f7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 6204d256fa7f1bbb6b94137201342edb
+            Version: 3
+            TBS:
+                MD5: 6d1e29bfc506a25c8c94f3187928f78a
+                SHA1: 8148e95f805e70a0099df66b0af3014ccd3e9c54
+                SHA256: a8ebde025316b08aee32311f8e9d2951724cfa0bfc3758ccdfc350e67d472ea8
+                SHA384: 70a1e68b764d966da3179c64ddd8492bbb9ba2290ec0e38013345427a9aa734630ad9a10403da776a0bf028343796c42
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 6204d256fa7f1bbb6b94137201342edb
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 0c098bb8b3d8ab496a48df72e7d7b738
+        SHA1: e0651092bc73d531f171e38fbc3f4e0d13655c27
+        SHA256: 13dba82c11b63ac1edf1b4017d9a3c658b188f88cf0172513e4019e764f80761
+    Sections:
+        .text:
+            Entropy: 5.621982105180218
+            Virtual Size: '0x179a'
+        .rdata:
+            Entropy: 4.305717440945202
+            Virtual Size: '0x114'
+        .data:
+            Entropy: 3.8219280948873617
+            Virtual Size: '0x14'
+        INIT:
+            Entropy: 5.431417999610977
+            Virtual Size: '0x4b0'
+        .reloc:
+            Entropy: 4.913420364027462
+            Virtual Size: '0x16c'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2009-09-29 00:09:53'
+    Imphash: fce118020e70919e5c8c629687f89e56
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: DirectIo.sys
+    MD5: 590875a0b2eeb171403fc7d0f5110cb2
+    SHA1: 4f94789cffb23c301f93d6913b594748684abf6a
+    SHA256: 31f4140c12ac31f5729a8de4dc051d3acd07783564604df831a2a6722c979192
+    Authentihash:
+        MD5: 92d24cb91b1cdc8139614ac03a00af5c
+        SHA1: 562695a1b80864b303b234fa801f064d7546b4f8
+        SHA256: f5c267770f18d720313eedc7ff363989b04b21394e7c0179088d74b4d0fb2630
+    Description: ''
+    Company: ''
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    Product: ''
+    ProductVersion: ''
+    Copyright: ''
+    MachineType: I386
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - ZwOpenSection
+    - ZwClose
+    - ZwUnmapViewOfSection
+    - IoWriteErrorLogEntry
+    - memmove
+    - IoAllocateErrorLogEntry
+    - IofCompleteRequest
+    - IoDeleteDevice
+    - RtlAppendUnicodeStringToString
+    - RtlIntegerToUnicodeString
+    - RtlAppendUnicodeToString
+    - IoDeleteSymbolicLink
+    - ObReferenceObjectByHandle
+    - ZwOpenKey
+    - RtlWriteRegistryValue
+    - KeWaitForSingleObject
+    - IofCallDriver
+    - IoBuildDeviceIoControlRequest
+    - KeInitializeEvent
+    - IoCreateSymbolicLink
+    - ObfDereferenceObject
+    - ObReferenceObjectByPointer
+    - IoGetDeviceObjectPointer
+    - IoCreateDevice
+    - ZwMapViewOfSection
+    - DbgPrint
+    - RtlAssert
+    - RtlInitUnicodeString
+    - ExAllocatePoolWithTag
+    - ZwQueryValueKey
+    - RtlQueryRegistryValues
+    - ExFreePool
+    - READ_PORT_USHORT
+    - READ_PORT_UCHAR
+    - WRITE_PORT_ULONG
+    - WRITE_PORT_USHORT
+    - WRITE_PORT_UCHAR
+    - KeGetCurrentIrql
+    - READ_PORT_ULONG
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=ZA, O=Thawte Consulting (Pty) Ltd., CN=Thawte Code Signing
+                CA
+            ValidFrom: '2003-08-06 00:00:00'
+            ValidTo: '2013-08-05 23:59:59'
+            Signature: 76b29cee139f1bf62d349294457334dc8e6b2e5cfc4c7d89ebc368f1d7990f2e1d17c8b5168bbecd8a0506f219493a035b05c9208e6d52e17681a0c3658a2267e41c53533746bfbcd72feb7b9ed014456c402108e25d757666301ef4df828a2fbdf3a20cbf1ddb9f14a29a72374db07748e84a3f09ce55192cefe60724e1afec
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0a
+            Version: 3
+            TBS:
+                MD5: 6c239df74ade9185bb735cea2298c028
+                SHA1: f6297a00d3b2b4ce4750402b66e7ea018d54f683
+                SHA256: c5e3eebf1434d85e615b06e3c7a4d3c31d10a4fb0ff7a9b262bd41b43a6aaefe
+                SHA384: 48520b9f122b94ccc316982c87d8ebf6ca4fc4e6fd4504c8fcee63b307b5502c403bf0676ef96ca9dc2004a11bbc825b
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=AU, ST=NSW, L=Sydney, O=PassMark Software Pty Ltd, OU=Secure
+                Application Development, CN=PassMark Software Pty Ltd
+            ValidFrom: '2005-10-20 07:03:10'
+            ValidTo: '2007-10-20 07:03:10'
+            Signature: 3116ad5ee2031661e893bffa3e28036440e1342ac82cb00ffa19b541cc558bb494ac845d401892bc236a2d26f6826d580da1b6eb998a81ea3867ddb07fdf2a267452f6abc71242c3dc904e528953ec2eebdb5ca5dd9c1e607527822dff5fb577a2be4fbdb33332abd62448751055ec5a857ff146bf07ccb4856e84f32debaa67
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.4
+            IsCertificateAuthority: false
+            SerialNumber: '401630'
+            Version: 3
+            TBS:
+                MD5: 391972f40ad0e59490bd1803af723015
+                SHA1: e66f420395c523174f01f8952b6f4915c32bc1f1
+                SHA256: 5df9a71e9b686740112195dd58c94639fd0bcce56227b37dc36b6a7e26a61130
+                SHA384: 23c676950785a7ad29464e024f6adb73d241c28bbaa207074c5ed8f6f2264d9e8b91e7f98c2b749f9fb999f1c2692029
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2008-12-03 23:59:59'
+            Signature: 877870da4e5201205be079c98230c4fdb91996bd9100c3bdcdcdc6f40ed8fff94dc033623011c5f5741bd492de5f9c2013b17c45be50cd83e7801783a72793671346fbcab8984103cc9b515b058b7fa86ff31b501b242ef2698d6c22f7bbca1695ed0c74c06877d9eb996287c17390f889747a23aba3987b97b1f78f29714d2e751b4841daf0b50d2054d677a097826369fd09cf8af075bb099bd9f91155269a6132be7a02b07b86bea2c38b222c78d13576bc92735cf9b9e64c150a23cce4d2d4342e4940153c0f607a24c6a566ef96cf70eb3ee7f40d7edcd17ca3767169c19c4f47303521b1a2af1a623c2bd98eaa2a077bd818b35c7be29da56ffe3c89ad
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0de92bf0d4d82988183205095e9a7688
+            Version: 3
+            TBS:
+                MD5: 45c204b8a20f6abb0188d2d38a3fb0c9
+                SHA1: cdf3a3c5c2eda4c29621f30fd3154f9f8c765739
+                SHA256: e32839dddc0f4ed2474efaf37f59d46db400c700fd19533cb0895a111124bc77
+                SHA384: ee9c75832cb252218b3201619852209df490d2ef7a5f7a28afdb37f1c1dd56f4604898838e558f615b1c798d4a488223
+        Signer:
+        -   SerialNumber: '401630'
+            Issuer: C=ZA, O=Thawte Consulting (Pty) Ltd., CN=Thawte Code Signing CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: b1eff54c064351c9c1d8d59de7e66e67
+        SHA1: 76718b32f65623dfb388e3c069405322ec996245
+        SHA256: 1a090c4b92b5f86ac63e50623d7caa8fdc90ef78b4132d3511e212b4c9180b53
+    Sections:
+        .text:
+            Entropy: 5.489870201579556
+            Virtual Size: '0x1594'
+        .rdata:
+            Entropy: 4.312098470238592
+            Virtual Size: '0x114'
+        .data:
+            Entropy: 2.8453509366224368
+            Virtual Size: '0xb'
+        INIT:
+            Entropy: 5.307601538228162
+            Virtual Size: '0x436'
+        .reloc:
+            Entropy: 4.914864452783341
+            Virtual Size: '0x134'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2003-08-13 22:34:23'
+    Imphash: be2d638c3933fc3f5a96e539f9910c5f
+    LoadsDespiteHVCI: 'TRUE'
+-   Filename: DirectIo.sys
+    MD5: 392d7180653b0ca77a78bdf15953d865
+    SHA1: 3e917f0986802d47c0ffe4d6f5944998987c4160
+    SHA256: 673b63b67345773cd6d66f6adcf2c753e2d949232bff818d5bb6e05786538d92
+    Authentihash:
+        MD5: a905e5bba9e716972e78843a7de4d30e
+        SHA1: 08de981cec441bf0bc18a90a44e13941ba4e781d
+        SHA256: 15cf3ce2a0ee32488de26222492842a378d6b8af6924578b35dac89fb0c7cb5c
+    Description: ''
+    Company: ''
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    Product: ''
+    ProductVersion: ''
+    Copyright: ''
+    MachineType: I386
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - ZwOpenSection
+    - ZwClose
+    - ZwUnmapViewOfSection
+    - ObfDereferenceObject
+    - ZwWriteFile
+    - PsGetProcessId
+    - NtBuildNumber
+    - RtlFillMemoryUlong
+    - ExAllocatePoolWithTag
+    - ZwCreateFile
+    - memset
+    - memcpy
+    - MmGetPhysicalMemoryRanges
+    - IoWriteErrorLogEntry
+    - memmove
+    - IoAllocateErrorLogEntry
+    - IofCompleteRequest
+    - IoDeleteDevice
+    - RtlAppendUnicodeStringToString
+    - ObReferenceObjectByHandle
+    - RtlAppendUnicodeToString
+    - IoDeleteSymbolicLink
+    - RtlQueryRegistryValues
+    - ZwOpenKey
+    - RtlWriteRegistryValue
+    - KeWaitForSingleObject
+    - IofCallDriver
+    - IoBuildDeviceIoControlRequest
+    - KeInitializeEvent
+    - IoCreateSymbolicLink
+    - ObReferenceObjectByPointer
+    - IoGetDeviceObjectPointer
+    - IoCreateDevice
+    - KeQueryActiveProcessors
+    - KeRevertToUserAffinityThread
+    - KeSetSystemAffinityThread
+    - KeTickCount
+    - KeBugCheckEx
+    - ZwMapViewOfSection
+    - DbgPrint
+    - RtlInitUnicodeString
+    - ExAllocatePool
+    - ZwQueryValueKey
+    - ExFreePoolWithTag
+    - RtlIntegerToUnicodeString
+    - RtlAssert
+    - READ_PORT_USHORT
+    - READ_PORT_UCHAR
+    - WRITE_PORT_ULONG
+    - WRITE_PORT_USHORT
+    - WRITE_PORT_UCHAR
+    - KeGetCurrentIrql
+    - READ_PORT_ULONG
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=AU, ST=NSW, O=PassMark Software Pty Ltd, OU=Digital ID Class
+                3 , Microsoft Software Validation v2, CN=PassMark Software Pty Ltd
+            ValidFrom: '2009-09-22 00:00:00'
+            ValidTo: '2012-10-18 23:59:59'
+            Signature: b7f68f477ab8836d5a2eaa9eaf9449186c71f90679d58058c558928f1ad7c76398511ce520afd6dce66540f536c377f824cf5b84fd60f83ead01a592fbce29cc51cca7da2fe8b50e89bc6999104fb406db3b878a7f9f148c767b668b84fcba161c1c14215de332cfcfc2fa52bce1543341231dd345b41da888372d4a2f82711f6125e029fd71859711bccd6b600247a440b6603296cfa9451e6ec81d51b1b7512705461af59e23e0423ba441c68025359a6e591c6370fa516188f8d720a16c6c7b24e975a204fbe5a3b8236443813e993d717df40642fe7d88d85aa1a51b47a3a05232da19c8f2de4144aa11d4577379c794ef9a48d60fc40f8793d5273a25da
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 38e7fa0db1a398f805bb85a69171dc9d
+            Version: 3
+            TBS:
+                MD5: 159feaed9447c7d71653069c337ec2b3
+                SHA1: 5079a8aa946ee016c86153d4456f58277360c036
+                SHA256: e76ee5754b8da5b514befb3a89eed638de08605326a1e611ddbed9e864551abf
+                SHA384: 9830194c19654f1196e74505a987588c36aa700489f3f482f1ad017bba6e39ebf9be18ab153da8cd9f8a672801820a87
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 38e7fa0db1a398f805bb85a69171dc9d
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 514099db0a673f041c38ff1523919f0b
+        SHA1: 82aa88e06f8c93a602236506b7388d7ff52aeb69
+        SHA256: f8340b629757f4646721bd2fdc56847de527e35235165ee4c3996fa1cf7f6d62
+    Sections:
+        .text:
+            Entropy: 6.044666553764061
+            Virtual Size: '0x25b3'
+        .rdata:
+            Entropy: 4.241242147614977
+            Virtual Size: '0x144'
+        .data:
+            Entropy: 3.625
+            Virtual Size: '0x20'
+        INIT:
+            Entropy: 5.45258905196258
+            Virtual Size: '0x5d0'
+        .reloc:
+            Entropy: 5.373707929571261
+            Virtual Size: '0x240'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2011-12-20 17:07:39'
+    Imphash: 67f975f0734a5b0598223fbe00b3367e
+    LoadsDespiteHVCI: 'TRUE'
+-   Filename: DirectIo.sys
+    MD5: e3fda6120dfa016a76d975fdab7954f6
+    SHA1: e2e7a2b2550b889235aafd9ffd1966ccd20badfe
+    SHA256: 83f7be0a13c1fccf024c31da5c68c0ea1decf4f48fc39d6e4fd324bbe789ae8a
+    Authentihash:
+        MD5: 4235df36aa97725d3a17e653dd5e1524
+        SHA1: 9fa6e7d69545a0f7b82c01e9bec2c8f19d1ab65b
+        SHA256: 2b03a8bad9ecfcacc8e8a21ee310ce359e1382d7a5d5ce5284b32ecc2bcc4b8a
+    Description: ''
+    Company: ''
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    Product: ''
+    ProductVersion: ''
+    Copyright: ''
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - ExFreePoolWithTag
+    - ZwQueryValueKey
+    - ExAllocatePoolWithTag
+    - RtlInitUnicodeString
+    - RtlAssert
+    - DbgPrint
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - ZwClose
+    - ZwUnmapViewOfSection
+    - IoWriteErrorLogEntry
+    - IoAllocateErrorLogEntry
+    - IofCompleteRequest
+    - IoDeleteDevice
+    - RtlAppendUnicodeStringToString
+    - RtlIntegerToUnicodeString
+    - RtlAppendUnicodeToString
+    - IoDeleteSymbolicLink
+    - RtlQueryRegistryValues
+    - ZwOpenKey
+    - RtlWriteRegistryValue
+    - KeWaitForSingleObject
+    - IofCallDriver
+    - IoBuildDeviceIoControlRequest
+    - KeInitializeEvent
+    - IoCreateSymbolicLink
+    - ObfDereferenceObject
+    - ObReferenceObjectByPointer
+    - IoGetDeviceObjectPointer
+    - IoCreateDevice
+    - KeBugCheckEx
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2008-12-03 23:59:59'
+            Signature: 877870da4e5201205be079c98230c4fdb91996bd9100c3bdcdcdc6f40ed8fff94dc033623011c5f5741bd492de5f9c2013b17c45be50cd83e7801783a72793671346fbcab8984103cc9b515b058b7fa86ff31b501b242ef2698d6c22f7bbca1695ed0c74c06877d9eb996287c17390f889747a23aba3987b97b1f78f29714d2e751b4841daf0b50d2054d677a097826369fd09cf8af075bb099bd9f91155269a6132be7a02b07b86bea2c38b222c78d13576bc92735cf9b9e64c150a23cce4d2d4342e4940153c0f607a24c6a566ef96cf70eb3ee7f40d7edcd17ca3767169c19c4f47303521b1a2af1a623c2bd98eaa2a077bd818b35c7be29da56ffe3c89ad
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0de92bf0d4d82988183205095e9a7688
+            Version: 3
+            TBS:
+                MD5: 45c204b8a20f6abb0188d2d38a3fb0c9
+                SHA1: cdf3a3c5c2eda4c29621f30fd3154f9f8c765739
+                SHA256: e32839dddc0f4ed2474efaf37f59d46db400c700fd19533cb0895a111124bc77
+                SHA384: ee9c75832cb252218b3201619852209df490d2ef7a5f7a28afdb37f1c1dd56f4604898838e558f615b1c798d4a488223
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=AU, ST=NSW, O=PassMark Software Pty Ltd, OU=Digital ID Class
+                3 , Microsoft Software Validation v2, CN=PassMark Software Pty Ltd
+            ValidFrom: '2006-10-19 00:00:00'
+            ValidTo: '2007-10-19 23:59:59'
+            Signature: 9bf8ac41d262fb76c85a3584db7eabfb020d1c1585e06c41a27ad555c19f6918bdf3c14582f8e9f47cf06f96d827c5da7ad99da6f51a346dccd9f141e501d2b383fe875f1701cdff354e2348870698178a99f3753dd465f5e2599d7da4c7e906767c865c017d66c63972407ba9886476f6466b607e1ae7299e1d8704b7ef534c5e91e36e94b91ff4a15ee5f8cffb09851c346003f2a5f28109a511cd58cc209dbbbe8b29ebabd0877136c823cc07ddf6ea4e84a1a611a114326a60a4781d3dd45681e43952be5954f26da67cdf51c2667f93ffe97180001d37fcf4c57747b81b6946fc323f45453a861f0dd45d11d033f95af78da4407ba75e00bdfa24d5e675
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 6365cef4a64e1054779b87cb364f5ba7
+            Version: 3
+            TBS:
+                MD5: a333a5d8e036bd92dcf209381fc331d5
+                SHA1: e5cd8df5f677bc92b27eed5ed408a6db2a1f0153
+                SHA256: b870910241ae9b44b91890b43fd7105b0af45bf7509b25d3f907a651ac21733d
+                SHA384: a3145574b39a4c5e13e48125dcab20eb80d4ade33f0dca8c3eb9782e741352d54064dfdff6e376973d7a6a94b57632a7
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 6365cef4a64e1054779b87cb364f5ba7
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: fcd102d43841ff49976a6a32b6456c2f
+        SHA1: 1eb8dc8cd2cd7b688bd03928605985347118386c
+        SHA256: 3568804e9adb8de713d9b72b27275ff0bbe16d5aad413143c00b11b4a8c79c60
+    Sections:
+        .text:
+            Entropy: 5.72785644824468
+            Virtual Size: '0x2512'
+        .rdata:
+            Entropy: 4.174482219291641
+            Virtual Size: '0x350'
+        .data:
+            Entropy: 0.8149399521927442
+            Virtual Size: '0x120'
+        .pdata:
+            Entropy: 3.8028644197826855
+            Virtual Size: '0x12c'
+        INIT:
+            Entropy: 4.96025225558874
+            Virtual Size: '0x462'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2004-09-27 02:11:28'
+    Imphash: 77ec8b2c372741f12098f084a13a56a8
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: DirectIo.sys
+    MD5: a17c403c4b74d4fa920c3887066daeb2
+    SHA1: 30c6e1da8745c3d53df696af407ef095a8398273
+    SHA256: 94be67c319a67de75ebed050d5537cfaa795d72bba52f3d8cf349e7bd075410e
+    Authentihash:
+        MD5: 9377db4b59048af79f44c26fc34298a5
+        SHA1: d0559503988daa407fcc11e59079560cb456bb84
+        SHA256: eb6f186c9bf73b0efd227d99e09659c321f0414bda568e99ee9a3863dc1a380d
+    Description: ''
+    Company: ''
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    Product: ''
+    ProductVersion: ''
+    Copyright: ''
+    MachineType: I386
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - ZwClose
+    - ZwUnmapViewOfSection
+    - IoWriteErrorLogEntry
+    - memmove
+    - IoAllocateErrorLogEntry
+    - IofCompleteRequest
+    - memcpy
+    - IoDeleteDevice
+    - RtlAppendUnicodeStringToString
+    - RtlIntegerToUnicodeString
+    - RtlAppendUnicodeToString
+    - IoDeleteSymbolicLink
+    - RtlQueryRegistryValues
+    - ZwOpenSection
+    - memset
+    - RtlWriteRegistryValue
+    - KeWaitForSingleObject
+    - IofCallDriver
+    - IoBuildDeviceIoControlRequest
+    - KeInitializeEvent
+    - IoCreateSymbolicLink
+    - ObfDereferenceObject
+    - ObReferenceObjectByPointer
+    - IoGetDeviceObjectPointer
+    - IoCreateDevice
+    - KeTickCount
+    - KeBugCheckEx
+    - ObReferenceObjectByHandle
+    - ZwMapViewOfSection
+    - DbgPrint
+    - RtlInitUnicodeString
+    - ExAllocatePool
+    - ZwQueryValueKey
+    - ZwOpenKey
+    - ExFreePoolWithTag
+    - READ_PORT_USHORT
+    - READ_PORT_UCHAR
+    - WRITE_PORT_ULONG
+    - WRITE_PORT_USHORT
+    - WRITE_PORT_UCHAR
+    - KeGetCurrentIrql
+    - READ_PORT_ULONG
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=AU, ST=NSW, O=PassMark Software Pty Ltd, OU=Digital ID Class
+                3 , Microsoft Software Validation v2, CN=PassMark Software Pty Ltd
+            ValidFrom: '2007-10-16 00:00:00'
+            ValidTo: '2009-10-19 23:59:59'
+            Signature: 27590ffbf55ce7075377d7997de4f53c5377b36a064eb2342d722f7f5b5e804d5db0d6b466f2fa6673e9edf7d4352b136607ab22d384864154080bffb6606478d4b4ba3ffb40ad82364798d8532ff649ed8579e3f8dac0e00e575ec7c62a3503750608e10ee5f652ff874117ebd2bb6260572159e5fd024be4318a7a46a4e6a2829bbacb2f119e5ae61a4329830f26dabecb26412826b6098d8b8852514c52be67b32a27f889594db3721bdc3bbcf94d37b0dcb3d7a0a2d0c2e34401d24984a290a00337ba6b5d799bda733e61578d34058ec81050678a60cbf8318adc0f1fe800eeb01a5ca9a5f5e11683c96d3a58f35656003c5db4dad59e78a947830c03f7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 6204d256fa7f1bbb6b94137201342edb
+            Version: 3
+            TBS:
+                MD5: 6d1e29bfc506a25c8c94f3187928f78a
+                SHA1: 8148e95f805e70a0099df66b0af3014ccd3e9c54
+                SHA256: a8ebde025316b08aee32311f8e9d2951724cfa0bfc3758ccdfc350e67d472ea8
+                SHA384: 70a1e68b764d966da3179c64ddd8492bbb9ba2290ec0e38013345427a9aa734630ad9a10403da776a0bf028343796c42
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 6204d256fa7f1bbb6b94137201342edb
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: ac3b596da38376a84935a26e5aca6915
+        SHA1: e38256e7c3ef84b3fa5d5b005a9d54ff5adad19b
+        SHA256: a57d9c917192aa7db89b0379b8601693e19aa75bdc57c24439f036878be692a9
+    Sections:
+        .text:
+            Entropy: 5.605951337306646
+            Virtual Size: '0x16e8'
+        .rdata:
+            Entropy: 4.355262991817329
+            Virtual Size: '0x114'
+        .data:
+            Entropy: 3.8219280948873617
+            Virtual Size: '0x14'
+        INIT:
+            Entropy: 5.4991652276764285
+            Virtual Size: '0x4b0'
+        .reloc:
+            Entropy: 5.080423885108474
+            Virtual Size: '0x158'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2008-03-09 18:42:32'
+    Imphash: fce118020e70919e5c8c629687f89e56
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: DirectIo.sys
+    MD5: 7056549baa6da18910151b08121e2c94
+    SHA1: 84d44e166072bccf1f8e1e9eb51880ffa065a274
+    SHA256: bb68552936a6b0a68fb53ce864a6387d2698332aac10a7adfdd5a48b97027ce3
+    Authentihash:
+        MD5: 92d24cb91b1cdc8139614ac03a00af5c
+        SHA1: 562695a1b80864b303b234fa801f064d7546b4f8
+        SHA256: f5c267770f18d720313eedc7ff363989b04b21394e7c0179088d74b4d0fb2630
+    Description: ''
+    Company: ''
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    Product: ''
+    ProductVersion: ''
+    Copyright: ''
+    MachineType: I386
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - ZwOpenSection
+    - ZwClose
+    - ZwUnmapViewOfSection
+    - IoWriteErrorLogEntry
+    - memmove
+    - IoAllocateErrorLogEntry
+    - IofCompleteRequest
+    - IoDeleteDevice
+    - RtlAppendUnicodeStringToString
+    - RtlIntegerToUnicodeString
+    - RtlAppendUnicodeToString
+    - IoDeleteSymbolicLink
+    - ObReferenceObjectByHandle
+    - ZwOpenKey
+    - RtlWriteRegistryValue
+    - KeWaitForSingleObject
+    - IofCallDriver
+    - IoBuildDeviceIoControlRequest
+    - KeInitializeEvent
+    - IoCreateSymbolicLink
+    - ObfDereferenceObject
+    - ObReferenceObjectByPointer
+    - IoGetDeviceObjectPointer
+    - IoCreateDevice
+    - ZwMapViewOfSection
+    - DbgPrint
+    - RtlAssert
+    - RtlInitUnicodeString
+    - ExAllocatePoolWithTag
+    - ZwQueryValueKey
+    - RtlQueryRegistryValues
+    - ExFreePool
+    - READ_PORT_USHORT
+    - READ_PORT_UCHAR
+    - WRITE_PORT_ULONG
+    - WRITE_PORT_USHORT
+    - WRITE_PORT_UCHAR
+    - KeGetCurrentIrql
+    - READ_PORT_ULONG
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2008-12-03 23:59:59'
+            Signature: 877870da4e5201205be079c98230c4fdb91996bd9100c3bdcdcdc6f40ed8fff94dc033623011c5f5741bd492de5f9c2013b17c45be50cd83e7801783a72793671346fbcab8984103cc9b515b058b7fa86ff31b501b242ef2698d6c22f7bbca1695ed0c74c06877d9eb996287c17390f889747a23aba3987b97b1f78f29714d2e751b4841daf0b50d2054d677a097826369fd09cf8af075bb099bd9f91155269a6132be7a02b07b86bea2c38b222c78d13576bc92735cf9b9e64c150a23cce4d2d4342e4940153c0f607a24c6a566ef96cf70eb3ee7f40d7edcd17ca3767169c19c4f47303521b1a2af1a623c2bd98eaa2a077bd818b35c7be29da56ffe3c89ad
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0de92bf0d4d82988183205095e9a7688
+            Version: 3
+            TBS:
+                MD5: 45c204b8a20f6abb0188d2d38a3fb0c9
+                SHA1: cdf3a3c5c2eda4c29621f30fd3154f9f8c765739
+                SHA256: e32839dddc0f4ed2474efaf37f59d46db400c700fd19533cb0895a111124bc77
+                SHA384: ee9c75832cb252218b3201619852209df490d2ef7a5f7a28afdb37f1c1dd56f4604898838e558f615b1c798d4a488223
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=AU, ST=NSW, O=PassMark Software Pty Ltd, OU=Digital ID Class
+                3 , Microsoft Software Validation v2, CN=PassMark Software Pty Ltd
+            ValidFrom: '2006-10-19 00:00:00'
+            ValidTo: '2007-10-19 23:59:59'
+            Signature: 9bf8ac41d262fb76c85a3584db7eabfb020d1c1585e06c41a27ad555c19f6918bdf3c14582f8e9f47cf06f96d827c5da7ad99da6f51a346dccd9f141e501d2b383fe875f1701cdff354e2348870698178a99f3753dd465f5e2599d7da4c7e906767c865c017d66c63972407ba9886476f6466b607e1ae7299e1d8704b7ef534c5e91e36e94b91ff4a15ee5f8cffb09851c346003f2a5f28109a511cd58cc209dbbbe8b29ebabd0877136c823cc07ddf6ea4e84a1a611a114326a60a4781d3dd45681e43952be5954f26da67cdf51c2667f93ffe97180001d37fcf4c57747b81b6946fc323f45453a861f0dd45d11d033f95af78da4407ba75e00bdfa24d5e675
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 6365cef4a64e1054779b87cb364f5ba7
+            Version: 3
+            TBS:
+                MD5: a333a5d8e036bd92dcf209381fc331d5
+                SHA1: e5cd8df5f677bc92b27eed5ed408a6db2a1f0153
+                SHA256: b870910241ae9b44b91890b43fd7105b0af45bf7509b25d3f907a651ac21733d
+                SHA384: a3145574b39a4c5e13e48125dcab20eb80d4ade33f0dca8c3eb9782e741352d54064dfdff6e376973d7a6a94b57632a7
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 6365cef4a64e1054779b87cb364f5ba7
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: b1eff54c064351c9c1d8d59de7e66e67
+        SHA1: 76718b32f65623dfb388e3c069405322ec996245
+        SHA256: 1a090c4b92b5f86ac63e50623d7caa8fdc90ef78b4132d3511e212b4c9180b53
+    Sections:
+        .text:
+            Entropy: 5.489870201579556
+            Virtual Size: '0x1594'
+        .rdata:
+            Entropy: 4.312098470238592
+            Virtual Size: '0x114'
+        .data:
+            Entropy: 2.8453509366224368
+            Virtual Size: '0xb'
+        INIT:
+            Entropy: 5.307601538228162
+            Virtual Size: '0x436'
+        .reloc:
+            Entropy: 4.914864452783341
+            Virtual Size: '0x134'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2003-08-13 22:34:23'
+    Imphash: be2d638c3933fc3f5a96e539f9910c5f
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/62f76f62-ef82-49ea-a26f-36e5727e8d83.yaml b/yaml/62f76f62-ef82-49ea-a26f-36e5727e8d83.yaml
index 315d7d2ca..053c89606 100644
--- a/yaml/62f76f62-ef82-49ea-a26f-36e5727e8d83.yaml
+++ b/yaml/62f76f62-ef82-49ea-a26f-36e5727e8d83.yaml
@@ -1,373 +1,376 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 62f76f62-ef82-49ea-a26f-36e5727e8d83
+Tags:
+- sysconp.sys
+Verified: 'TRUE'
 Author: Takahiro Haruyama
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create sysconpsys binPath= C:\windows\temp\sysconpsys.sys type=kernel
-    && sc.exe start sysconpsys
-  Description: The Carbon Black Threat Analysis Unit (TAU) discovered 34 unique vulnerable
-    drivers (237 file hashes) accepting firmware access. Six allow kernel memory access.
-    All give full control of the devices to non-admin users. By exploiting the vulnerable
-    drivers, an attacker without the system privilege may erase/alter firmware, and/or
-    elevate privileges. As of the time of writing in October 2023, the filenames of
-    the vulnerable drivers have not been made public until now.
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-11-02'
-Detection: []
-Id: 62f76f62-ef82-49ea-a26f-36e5727e8d83
-KnownVulnerableSamples:
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: ''
-  MD5: bc1eeb4993a601e6f7776233028ac095
-  MachineType: AMD64
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: 0e1df95042081fa2408782f14ce483f0db19d5ab
-  SHA256: dba8db472e51edd59f0bbaf4e09df71613d4dd26fd05f14a9bc7e3fc217a78aa
-  Signature: ''
-  Imphash: 604b5bd94f1892fd9e9025ef7a2bbe54
-  Authentihash:
-    MD5: 098c6c8b888882dc30a5ad289503d39e
-    SHA1: 7d7bbe8f7c7445b98b02d0ac4da109b6275331bf
-    SHA256: 42446592b42e34bf569a631265bcaf2a2192d424531a343a7680f52199b88462
-  RichPEHeaderHash:
-    MD5: 204ddc0fcad4a99a086860c54380a424
-    SHA1: 93220442cc08a28ed6b00909367449ba4408de01
-    SHA256: bcbb408d5c46058cf9cc641e04a5310321458238e9a08b1a0bef382dbf4d6d6d
-  Sections:
-    .text:
-      Entropy: 5.387055038109642
-      Virtual Size: '0x39f1'
-    .rdata:
-      Entropy: 4.071091699940131
-      Virtual Size: '0x270'
-    .data:
-      Entropy: 0.8321299419738373
-      Virtual Size: '0x11b'
-    .pdata:
-      Entropy: 3.888243949920883
-      Virtual Size: '0x1f8'
-    INIT:
-      Entropy: 5.184632949990556
-      Virtual Size: '0x472'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2011-10-26 13:46:20'
-  InternalName: ''
-  Copyright: ''
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - ExFreePoolWithTag
-  - IoQueryDeviceDescription
-  - KeSetSystemGroupAffinityThread
-  - MmMapLockedPages
-  - KeSetSystemAffinityThreadEx
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - RtlUnicodeStringToAnsiString
-  - MmUnmapIoSpace
-  - MmBuildMdlForNonPagedPool
-  - IoFreeMdl
-  - MmMapLockedPagesSpecifyCache
-  - IoDeleteSymbolicLink
-  - ExAllocatePool
-  - MmMapIoSpace
-  - ZwClose
-  - IofCompleteRequest
-  - KeRevertToUserAffinityThreadEx
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeRevertToUserGroupAffinityThread
-  - DbgPrint
-  - IoAllocateMdl
-  - ZwOpenKey
-  - KeBugCheckEx
-  - KeQueryActiveProcessors
-  - ZwQueryValueKey
-  - MmUnmapLockedPages
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=US, ST=North Carolina, L=RESEARCH TRIANGLE PARK, O=IBM, OU=Digital
-        ID Class 3 , Microsoft VBA Software Validation v2, CN=IBM
-      ValidFrom: '2011-04-20 00:00:00'
-      ValidTo: '2012-07-19 23:59:59'
-      Signature: 56291a14baf3f935354316c3c171519cb7da463c8f4cb2977f347e8a592815cf8990b3e66585577d9fc02a29112aa06489a0344c703c62b90d674392abb27e11fa8f8dc5fb53f052a6a6a0972eb84e42f51d8fd94be0173ed9a673404ca44d183db4b23bc6b1eae66f3aebba8fb57b742fa33e2b2aecdab2bd3b66cca9211bfdcba858f87301dd35ba51e3fe3690aeed2d97b953458bfbacde74eefaad0d17c6a1a09a75bfc78c144437ec650f5fd18f4151d18894bfd9802a4cc4b52e43bec3b43319c9972d6b88a57b39527d5a39b1cdefef21804ad236ebdd44de5b1b02dcb40d312b4ff408b8a1013d2e1fa75757c92267fada76c201e6ea408957784322
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3a0593c75cd5460ae4a6b31bdaac5ea4
-      Version: 3
-      TBS:
-        MD5: 0cbd510eccadadb08dd14dab94b78e8e
-        SHA1: 567c2082d494ccc1ab4f5a18515521cecf63e646
-        SHA256: 650364646a43560b50c2131a0fa2617d290c00179155c6a4119d15a2717ec114
-        SHA384: e899d39966818628a0ed8550fdf7a55433f175c1a4ea1998477bfc64dd01c82735aafeed37729ae53cb87c21bd4d207c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 3a0593c75cd5460ae4a6b31bdaac5ea4
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: ''
-  MD5: a2be99e4904264baa5649c4d4cd13a17
-  MachineType: AMD64
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: ec1eafb87340b18c7ef3bc349fed1ddd5d3678f6
-  SHA256: df4c02beb039d15ff0c691bbc3595c9edfc1d24e783c8538a859bc5ea537188d
-  Signature: ''
-  Imphash: 604b5bd94f1892fd9e9025ef7a2bbe54
-  Authentihash:
-    MD5: 3992bbdd329cc77ce637f85b10bc93a7
-    SHA1: f02835c1c4e0d69f9ed80e97345ee6f2258c601c
-    SHA256: 9303894ee50d95911ccd4583b2aa5484db63de0d8f799b14854577e15914df2d
-  RichPEHeaderHash:
-    MD5: 204ddc0fcad4a99a086860c54380a424
-    SHA1: 93220442cc08a28ed6b00909367449ba4408de01
-    SHA256: bcbb408d5c46058cf9cc641e04a5310321458238e9a08b1a0bef382dbf4d6d6d
-  Sections:
-    .text:
-      Entropy: 5.38255738424075
-      Virtual Size: '0x3f61'
-    .rdata:
-      Entropy: 4.073000609161481
-      Virtual Size: '0x270'
-    .data:
-      Entropy: 0.8321299419738373
-      Virtual Size: '0x11b'
-    .pdata:
-      Entropy: 3.9772103317486094
-      Virtual Size: '0x228'
-    INIT:
-      Entropy: 5.184632949990556
-      Virtual Size: '0x472'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2012-01-31 11:42:33'
-  InternalName: ''
-  Copyright: ''
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - ExFreePoolWithTag
-  - IoQueryDeviceDescription
-  - KeSetSystemGroupAffinityThread
-  - MmMapLockedPages
-  - KeSetSystemAffinityThreadEx
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - RtlUnicodeStringToAnsiString
-  - MmUnmapIoSpace
-  - MmBuildMdlForNonPagedPool
-  - IoFreeMdl
-  - MmMapLockedPagesSpecifyCache
-  - IoDeleteSymbolicLink
-  - ExAllocatePool
-  - MmMapIoSpace
-  - ZwClose
-  - IofCompleteRequest
-  - KeRevertToUserAffinityThreadEx
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeRevertToUserGroupAffinityThread
-  - DbgPrint
-  - IoAllocateMdl
-  - ZwOpenKey
-  - KeBugCheckEx
-  - KeQueryActiveProcessors
-  - ZwQueryValueKey
-  - MmUnmapLockedPages
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=US, ST=North Carolina, L=RESEARCH TRIANGLE PARK, O=IBM, OU=Digital
-        ID Class 3 , Microsoft VBA Software Validation v2, CN=IBM
-      ValidFrom: '2011-04-20 00:00:00'
-      ValidTo: '2012-07-19 23:59:59'
-      Signature: 56291a14baf3f935354316c3c171519cb7da463c8f4cb2977f347e8a592815cf8990b3e66585577d9fc02a29112aa06489a0344c703c62b90d674392abb27e11fa8f8dc5fb53f052a6a6a0972eb84e42f51d8fd94be0173ed9a673404ca44d183db4b23bc6b1eae66f3aebba8fb57b742fa33e2b2aecdab2bd3b66cca9211bfdcba858f87301dd35ba51e3fe3690aeed2d97b953458bfbacde74eefaad0d17c6a1a09a75bfc78c144437ec650f5fd18f4151d18894bfd9802a4cc4b52e43bec3b43319c9972d6b88a57b39527d5a39b1cdefef21804ad236ebdd44de5b1b02dcb40d312b4ff408b8a1013d2e1fa75757c92267fada76c201e6ea408957784322
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3a0593c75cd5460ae4a6b31bdaac5ea4
-      Version: 3
-      TBS:
-        MD5: 0cbd510eccadadb08dd14dab94b78e8e
-        SHA1: 567c2082d494ccc1ab4f5a18515521cecf63e646
-        SHA256: 650364646a43560b50c2131a0fa2617d290c00179155c6a4119d15a2717ec114
-        SHA384: e899d39966818628a0ed8550fdf7a55433f175c1a4ea1998477bfc64dd01c82735aafeed37729ae53cb87c21bd4d207c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 3a0593c75cd5460ae4a6b31bdaac5ea4
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create sysconpsys binPath= C:\windows\temp\sysconpsys.sys type=kernel
+        && sc.exe start sysconpsys
+    Description: The Carbon Black Threat Analysis Unit (TAU) discovered 34 unique
+        vulnerable drivers (237 file hashes) accepting firmware access. Six allow
+        kernel memory access. All give full control of the devices to non-admin users.
+        By exploiting the vulnerable drivers, an attacker without the system privilege
+        may erase/alter firmware, and/or elevate privileges. As of the time of writing
+        in October 2023, the filenames of the vulnerable drivers have not been made
+        public until now.
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://blogs.vmware.com/security/2023/10/hunting-vulnerable-kernel-drivers.html
-Tags:
-- sysconp.sys
-Verified: 'TRUE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: ''
+    MD5: bc1eeb4993a601e6f7776233028ac095
+    MachineType: AMD64
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: 0e1df95042081fa2408782f14ce483f0db19d5ab
+    SHA256: dba8db472e51edd59f0bbaf4e09df71613d4dd26fd05f14a9bc7e3fc217a78aa
+    Signature: ''
+    Imphash: 604b5bd94f1892fd9e9025ef7a2bbe54
+    Authentihash:
+        MD5: 098c6c8b888882dc30a5ad289503d39e
+        SHA1: 7d7bbe8f7c7445b98b02d0ac4da109b6275331bf
+        SHA256: 42446592b42e34bf569a631265bcaf2a2192d424531a343a7680f52199b88462
+    RichPEHeaderHash:
+        MD5: 204ddc0fcad4a99a086860c54380a424
+        SHA1: 93220442cc08a28ed6b00909367449ba4408de01
+        SHA256: bcbb408d5c46058cf9cc641e04a5310321458238e9a08b1a0bef382dbf4d6d6d
+    Sections:
+        .text:
+            Entropy: 5.387055038109642
+            Virtual Size: '0x39f1'
+        .rdata:
+            Entropy: 4.071091699940131
+            Virtual Size: '0x270'
+        .data:
+            Entropy: 0.8321299419738373
+            Virtual Size: '0x11b'
+        .pdata:
+            Entropy: 3.888243949920883
+            Virtual Size: '0x1f8'
+        INIT:
+            Entropy: 5.184632949990556
+            Virtual Size: '0x472'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2011-10-26 13:46:20'
+    InternalName: ''
+    Copyright: ''
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - ExFreePoolWithTag
+    - IoQueryDeviceDescription
+    - KeSetSystemGroupAffinityThread
+    - MmMapLockedPages
+    - KeSetSystemAffinityThreadEx
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - RtlUnicodeStringToAnsiString
+    - MmUnmapIoSpace
+    - MmBuildMdlForNonPagedPool
+    - IoFreeMdl
+    - MmMapLockedPagesSpecifyCache
+    - IoDeleteSymbolicLink
+    - ExAllocatePool
+    - MmMapIoSpace
+    - ZwClose
+    - IofCompleteRequest
+    - KeRevertToUserAffinityThreadEx
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeRevertToUserGroupAffinityThread
+    - DbgPrint
+    - IoAllocateMdl
+    - ZwOpenKey
+    - KeBugCheckEx
+    - KeQueryActiveProcessors
+    - ZwQueryValueKey
+    - MmUnmapLockedPages
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=US, ST=North Carolina, L=RESEARCH TRIANGLE PARK, O=IBM, OU=Digital
+                ID Class 3 , Microsoft VBA Software Validation v2, CN=IBM
+            ValidFrom: '2011-04-20 00:00:00'
+            ValidTo: '2012-07-19 23:59:59'
+            Signature: 56291a14baf3f935354316c3c171519cb7da463c8f4cb2977f347e8a592815cf8990b3e66585577d9fc02a29112aa06489a0344c703c62b90d674392abb27e11fa8f8dc5fb53f052a6a6a0972eb84e42f51d8fd94be0173ed9a673404ca44d183db4b23bc6b1eae66f3aebba8fb57b742fa33e2b2aecdab2bd3b66cca9211bfdcba858f87301dd35ba51e3fe3690aeed2d97b953458bfbacde74eefaad0d17c6a1a09a75bfc78c144437ec650f5fd18f4151d18894bfd9802a4cc4b52e43bec3b43319c9972d6b88a57b39527d5a39b1cdefef21804ad236ebdd44de5b1b02dcb40d312b4ff408b8a1013d2e1fa75757c92267fada76c201e6ea408957784322
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3a0593c75cd5460ae4a6b31bdaac5ea4
+            Version: 3
+            TBS:
+                MD5: 0cbd510eccadadb08dd14dab94b78e8e
+                SHA1: 567c2082d494ccc1ab4f5a18515521cecf63e646
+                SHA256: 650364646a43560b50c2131a0fa2617d290c00179155c6a4119d15a2717ec114
+                SHA384: e899d39966818628a0ed8550fdf7a55433f175c1a4ea1998477bfc64dd01c82735aafeed37729ae53cb87c21bd4d207c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 3a0593c75cd5460ae4a6b31bdaac5ea4
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: ''
+    MD5: a2be99e4904264baa5649c4d4cd13a17
+    MachineType: AMD64
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: ec1eafb87340b18c7ef3bc349fed1ddd5d3678f6
+    SHA256: df4c02beb039d15ff0c691bbc3595c9edfc1d24e783c8538a859bc5ea537188d
+    Signature: ''
+    Imphash: 604b5bd94f1892fd9e9025ef7a2bbe54
+    Authentihash:
+        MD5: 3992bbdd329cc77ce637f85b10bc93a7
+        SHA1: f02835c1c4e0d69f9ed80e97345ee6f2258c601c
+        SHA256: 9303894ee50d95911ccd4583b2aa5484db63de0d8f799b14854577e15914df2d
+    RichPEHeaderHash:
+        MD5: 204ddc0fcad4a99a086860c54380a424
+        SHA1: 93220442cc08a28ed6b00909367449ba4408de01
+        SHA256: bcbb408d5c46058cf9cc641e04a5310321458238e9a08b1a0bef382dbf4d6d6d
+    Sections:
+        .text:
+            Entropy: 5.38255738424075
+            Virtual Size: '0x3f61'
+        .rdata:
+            Entropy: 4.073000609161481
+            Virtual Size: '0x270'
+        .data:
+            Entropy: 0.8321299419738373
+            Virtual Size: '0x11b'
+        .pdata:
+            Entropy: 3.9772103317486094
+            Virtual Size: '0x228'
+        INIT:
+            Entropy: 5.184632949990556
+            Virtual Size: '0x472'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2012-01-31 11:42:33'
+    InternalName: ''
+    Copyright: ''
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - ExFreePoolWithTag
+    - IoQueryDeviceDescription
+    - KeSetSystemGroupAffinityThread
+    - MmMapLockedPages
+    - KeSetSystemAffinityThreadEx
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - RtlUnicodeStringToAnsiString
+    - MmUnmapIoSpace
+    - MmBuildMdlForNonPagedPool
+    - IoFreeMdl
+    - MmMapLockedPagesSpecifyCache
+    - IoDeleteSymbolicLink
+    - ExAllocatePool
+    - MmMapIoSpace
+    - ZwClose
+    - IofCompleteRequest
+    - KeRevertToUserAffinityThreadEx
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeRevertToUserGroupAffinityThread
+    - DbgPrint
+    - IoAllocateMdl
+    - ZwOpenKey
+    - KeBugCheckEx
+    - KeQueryActiveProcessors
+    - ZwQueryValueKey
+    - MmUnmapLockedPages
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=US, ST=North Carolina, L=RESEARCH TRIANGLE PARK, O=IBM, OU=Digital
+                ID Class 3 , Microsoft VBA Software Validation v2, CN=IBM
+            ValidFrom: '2011-04-20 00:00:00'
+            ValidTo: '2012-07-19 23:59:59'
+            Signature: 56291a14baf3f935354316c3c171519cb7da463c8f4cb2977f347e8a592815cf8990b3e66585577d9fc02a29112aa06489a0344c703c62b90d674392abb27e11fa8f8dc5fb53f052a6a6a0972eb84e42f51d8fd94be0173ed9a673404ca44d183db4b23bc6b1eae66f3aebba8fb57b742fa33e2b2aecdab2bd3b66cca9211bfdcba858f87301dd35ba51e3fe3690aeed2d97b953458bfbacde74eefaad0d17c6a1a09a75bfc78c144437ec650f5fd18f4151d18894bfd9802a4cc4b52e43bec3b43319c9972d6b88a57b39527d5a39b1cdefef21804ad236ebdd44de5b1b02dcb40d312b4ff408b8a1013d2e1fa75757c92267fada76c201e6ea408957784322
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3a0593c75cd5460ae4a6b31bdaac5ea4
+            Version: 3
+            TBS:
+                MD5: 0cbd510eccadadb08dd14dab94b78e8e
+                SHA1: 567c2082d494ccc1ab4f5a18515521cecf63e646
+                SHA256: 650364646a43560b50c2131a0fa2617d290c00179155c6a4119d15a2717ec114
+                SHA384: e899d39966818628a0ed8550fdf7a55433f175c1a4ea1998477bfc64dd01c82735aafeed37729ae53cb87c21bd4d207c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 3a0593c75cd5460ae4a6b31bdaac5ea4
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/6356d7d9-3b82-4731-9d5f-cc9bc37558fc.yaml b/yaml/6356d7d9-3b82-4731-9d5f-cc9bc37558fc.yaml
index 05f14850f..5fdeb8291 100644
--- a/yaml/6356d7d9-3b82-4731-9d5f-cc9bc37558fc.yaml
+++ b/yaml/6356d7d9-3b82-4731-9d5f-cc9bc37558fc.yaml
@@ -1,245 +1,245 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 6356d7d9-3b82-4731-9d5f-cc9bc37558fc
+Tags:
+- test2.sys
+Verified: 'TRUE'
 Author: Michael Haag
+Created: '2023-07-22'
+MitreID: T1068
 CVE:
 - ''
 Category: vulnerable drivers
 Commands:
-  Command: ''
-  Description: Confirmed vulnerable driver from Microsoft Block List
-  OperatingSystem: Windows
-  Privileges: kernel
-  Usecase: Elevate privileges
-Created: '2023-07-22'
-Detection:
-- type: ''
-  value: ''
-Id: 6356d7d9-3b82-4731-9d5f-cc9bc37558fc
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: ff295de93e6b6dcc3938d50901a7240d
-    SHA1: 484c72dd4fd91083b249f3ccc733a3c8335e583f
-    SHA256: 0c7809ac1fa074408518ddc0ac118912c9cd43ed9c89213bc4d59043016b040c
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2020-08-16 21:38:03'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - NtQuerySystemInformation
-  - RtlInitUnicodeString
-  - ExAllocatePool
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - _wcsicmp
-  - RtlInitString
-  - RtlAnsiStringToUnicodeString
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - ZwClose
-  - MmIsAddressValid
-  - ZwOpenDirectoryObject
-  - ZwQueryDirectoryObject
-  - ObReferenceObjectByName
-  - ZwQuerySystemInformation
-  - __C_specific_handler
-  - MmHighestUserAddress
-  - IoDriverObjectType
-  - KeQueryTimeIncrement
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - PsGetProcessWow64Process
-  - PsGetProcessPeb
-  - MmUnlockPages
-  - MmGetSystemRoutineAddress
-  - MmUnmapLockedPages
-  - IoFreeMdl
-  - ZwTerminateProcess
-  - PsGetProcessImageFileName
-  - ObOpenObjectByPointer
-  - PsReferenceProcessFilePointer
-  - IoQueryFileDosDeviceName
-  - ZwQueryVirtualMemory
-  - MmProbeAndLockPages
-  - PsLookupProcessByProcessId
-  - MmMapLockedPagesSpecifyCache
-  - IoAllocateMdl
-  - IoGetCurrentProcess
-  - MmCopyVirtualMemory
-  - KeClearEvent
-  - KeSetEvent
-  - KeWaitForSingleObject
-  - MmMapLockedPages
-  - ObReferenceObjectByHandle
-  - PsSetCreateProcessNotifyRoutineEx
-  - PsSetCreateThreadNotifyRoutine
-  - PsRemoveCreateThreadNotifyRoutine
-  - PsSetLoadImageNotifyRoutine
-  - PsRemoveLoadImageNotifyRoutine
-  - ExEventObjectType
-  - ObRegisterCallbacks
-  - ObUnRegisterCallbacks
-  - ObGetFilterVersion
-  - IoThreadToProcess
-  - strcmp
-  - PsProcessType
-  - PsThreadType
-  - RtlGetVersion
-  - ObfReferenceObject
-  - ObGetObjectType
-  - ExEnumHandleTable
-  - ExfUnblockPushLock
-  - _snprintf
-  - vsprintf_s
-  - ZwCreateFile
-  - ZwWriteFile
-  - PsLookupThreadByThreadId
-  - NtQueryInformationThread
-  - PsGetThreadProcess
-  - DbgPrint
-  - KeDelayExecutionThread
-  - KdDisableDebugger
-  - KdChangeOption
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - KdDebuggerEnabled
-  - PsGetVersion
-  - KeInitializeEvent
-  - RtlCopyUnicodeString
-  - ObfDereferenceObject
-  - ExReleaseFastMutex
-  - ExAcquireFastMutex
-  - MmBuildMdlForNonPagedPool
-  - WdfVersionBindClass
-  - WdfVersionBind
-  - WdfVersionUnbind
-  - WdfVersionUnbindClass
-  Imports:
-  - ntoskrnl.exe
-  - WDFLDR.SYS
-  InternalName: ''
-  MD5: 665a059e07c388eaf57dc04aec0c8552
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: ffdf660eb1ebf020a1d0a55a90712dfb
-    SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
-    SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
-  SHA1: aaa066705016399e8fa11d71df937fd089550064
-  SHA256: 6709a2d7925248fe172e9bc5495f45b9bb74060c43e1c58e671f0e6c434fd82b
-  Sections:
-    .text:
-      Entropy: 6.183070832014416
-      Virtual Size: '0x6ed0'
-    .rdata:
-      Entropy: 4.768973580594352
-      Virtual Size: '0x159c'
-    .data:
-      Entropy: 0.807954115503613
-      Virtual Size: '0x15f8'
-    .pdata:
-      Entropy: 7.83996638727823
-      Virtual Size: '0x684'
-    PAGE:
-      Entropy: 5.929327209049661
-      Virtual Size: '0xb7a'
-    INIT:
-      Entropy: 5.3523212488458185
-      Virtual Size: '0xe54'
-    .upx0:
-      Entropy: 7.037246397744446
-      Virtual Size: '0x124190'
-    .reloc:
-      Entropy: 3.9077681077271933
-      Virtual Size: '0xcc'
-    .rsrc:
-      Entropy: 2.9056718289000636
-      Virtual Size: '0x22c'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=DE, postalCode=66625, ST=Saarland, L=Nohfelden, ??=Obere Seestrasse
-        13, O=1.A Connect GmbH, OU=Management, CN=1.A Connect GmbH
-      ValidFrom: '2018-08-13 00:00:00'
-      ValidTo: '2022-08-13 23:59:59'
-      Signature: a17f7613d7b3b098555faa45c76f490612d91d968017212ec35725598d6490a9c7ab1f4eea77ddbc9504121362cdc70e800112726c2861a359948d752cd8b2da45216da758545c5f2544b2f45f8db1145b82dbe2f42096cfa1768a4f53560607c2f0b16ad9eff4c4f37c25ca964ef5a40ce93c1ff8efecd883202627907f96e6af3b418789adfe6afdc3aa5e6e5d27f387455c9d2d83cf27ded71661e8c4c0bc72a2f06ea0f4b3c23939ba6be4b50e98d0bb3f730913b99f35a210e853ced120a625367b40a124f2da476b77a17a3ef4d3d48a56709ee92f18f59e40c89a8b74a2d01053fddcb480412dbe49c77d397296928d5089c92fc8d658909ba016ad17
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 00a7e4ded4bf949d15aa4201843f1ab64d
-      Version: 3
-      TBS:
-        MD5: a999fc8af07f531dd59dcb4b972e90a1
-        SHA1: 118bc957893b1d91a35e13a91b209729b6561722
-        SHA256: c68fba18b2592dc3c38394ced6857c78ac7e93d7939ee16db4f07ac6607c68de
-        SHA384: 62678cf106b6763f89a3c04ce67549f949633a3bfeeb562198f4933a2ba2084a006afaf122e814bdaa6b2cedd80c3a4d
-    - Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO
-        RSA Code Signing CA
-      ValidFrom: '2013-05-09 00:00:00'
-      ValidTo: '2028-05-08 23:59:59'
-      Signature: 023f0239c3eef8ca3b89de0c6d4db1f14e924fafc2382c04ccc56311ab0963afaba2d7023fcc6f19c33dd61a0894ff25d8a988a72b101ae09bb107221a511c3ad4e1e909bfe62474af1e7b16316e23ef54512d5202e27508054cf1b751e15100c687f66cee104476576af1df586b21aa49d47c374ebdffb67554401836576711cd4f02e4fef3dafc7517dbecb7f7650923491f435783ea7e207761c84df2bb654da8f7854507af7a6927659029408bdf7b3a51398ca81f7079ad6d4220a2cf0c6c038c4ccd730794e75a8e3a04baa2a17c1fcb633a15a7d4151ba7524732a9f4bf6447d1aa1f534e323073c26fb778829d5cff46bb6b221d880bf81baa34a6fc8cf5dd7f658c8c315731d036ec47a1cfcb8ba8ef1c1858c50677ca4b9b51af4c084a7a8fe2a352e28e8ecc26e4b2d8e538c2a8edc6819c356ba958614a0a97b44b42b6559dbe99e7706d59f86d2a0c7f19605f0c9a886c30ac520990161bff2b9ddbd020ca89ea287e328e19df7b48331ed765f8aec9f8831493767d64d08ecebe357dff72314d9f9ebd1e6c2fa88f0c0650fb8c27b376c9f4e6d7c334e28c87218661febf5574e12177030a686cbbe4c9a9e6cf5925eb7cec450e796668e822cdb8ef98854d96113c098ad07fbc282813fb6aca548d925ccdc26598069ece485bd4b5379346417c07ddcffa43efba6761ff7d49e0bb307d5c80e3e616394ba7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.12
-      IsCertificateAuthority: true
-      SerialNumber: 2e7c87cc0e934a52fe94fd1cb7cd34af
-      Version: 3
-      TBS:
-        MD5: f64df7e88bb2b95c7204bc07bb197a87
-        SHA1: a1bfa9f0f46a1e9ac66259c9b2b1b2dcaf16db9b
-        SHA256: a3dd3858c0e514dd37cacd5f23fc8222443ff636eef4a9fe90bc0ecbbb051fd1
-        SHA384: 4805a7e23d6c8ff5e149f197b744bcb2346e73f19a48835a2f64129183981109256b75ea371a331746d01fd4e135ab6e
-    - Subject: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo
-        RSA Time Stamping CA
-      ValidFrom: '2019-05-02 00:00:00'
-      ValidTo: '2038-01-18 23:59:59'
-      Signature: 6d5481a5335d16e1b553819175df037a320b2d258411b2b0db2a7d2a05f5bc3b27f45aa0b9495990296c61cbb550dbe27df99f00ef40c3add3e2e456f95841cff142e5107dffb0741f8fc65c09f9335eeaa01c26585cf3b4110fd5d5c3e2bcd55878bf4876e144676d8fb043100f8de4f93862bf1301c585a34cc5ccb2533095a4d6f4965608b8cd5c7f0196be72526a3b42377c1678399393949bb1dcb26d416d67cdc96f903d7f4572c11b23d6c2558466e4b3c56606f6f3d64b5eada32b428a2192fea86f5a2570628173635ea0bbd8dcd74ad33daf830638121d24872de4fc02d63e7704bc0436b5e777cb9c2e8d2318b9a3c2471df05dd6a1735705689aa7c937651dbeeabcd842834305a58ba609ffd1a194a64eaa3d09f5056cb7d2645ad82a22c24b9df1395e4cde483d9b34969a095f8efdf7b15291ce3f89f61ca1b5a9751f71bf5b435d653d50816eabf0d0d3fcb2b31fb6999626f43c798b5c64cccdee279ae5a0c00c7287c16e4d5ad31eeaf044e6326f1ceb174e94c37865203b0f41aa1fe9a1419dfeb1b8a0652a34e0dea8f93ce6c130bbc0a0632cfc5c1600a8d0c47fea119d1e06c6a66d325db438092b4907aafdec30daf1a72fcfb7fdfad0a384d9279efb016677b95610e1206ec6aeb1f9b6bac8355d33768ef17c200c2a77aeb5a20286ba29eeb45a00b18cabe3f90ac9545dd4b96a749ebd48ae98
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.12
-      IsCertificateAuthority: true
-      SerialNumber: 300f6facdd6698747ca94636a7782db9
-      Version: 3
-      TBS:
-        MD5: 63499ed59a1293b786649470e4ce0bd7
-        SHA1: 7309d8eaa65da1f3da7030c08f00a3b0a20fa908
-        SHA256: 8c8d2046b29e792e71b28705fe67c435208a336dde074a75452d98e72c734937
-        SHA384: 5dbc5eae13908fee4c4e5216f87e3e87208fff0d1052f5fa9f0856a429d6a6c422c625f2318f2f29aea26ece09c1e811
-    - Subject: 'C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo
-        RSA Time Stamping Signer #2'
-      ValidFrom: '2020-10-23 00:00:00'
-      ValidTo: '2032-01-22 23:59:59'
-      Signature: 4a0378904233ec7b1a830936339855bb9d4006306b456af1940e1950ff5b255e3be139c45bbae995903737bddffb64ece582b795cc5755704b4ef4a887dd2285a657bbb82127d4a02a31948a07219e8abda71af50215cb4450998cec3eba0377a6820290c22e93a9be21347563b9e02d0fcf0137cb8da2fab85a9aaea17a9e139319558f09902edfea881716eb69d6e125bd45089780d75420284fca7bb3b3a5d200b0603465c4e3c5c3a5e4ba85aa7a69db75a43e79689a368b43ae36d461723c0e85620da05e70db642f01c7c1a1c72494a3b23c6eb25ea2d0faa8d1b8251c16e6c0d57f681ac46529352a2d88bceaae74d682e7c088b8e14f78f05ccac0405cc29fd5321c2cda3cac36f706529aa3403017b0291699c9aab78849f7e80b2533b53f6daf9f5f0a56df12b1c3eece9177e82013e95c24c7ea440b4ae613841c4deb0db5b886a030a78ba19fb42cccc01623c991e542034b80cee44de62a013ec05e85a024a11740d5dbdbe79810a4f1ea191b8054fa4789e89881a975c00edfd0689479a1a09e8eb6b74266cbd9d96b2f4dd8de3e321e20e4ec9c4d428d9dc73399823744d4262926408e782fb9eefa2ff1f18ffe50b878dd1496de1c0e70b02a856ab16c68e92ae4102b6e21fdd37c9d37e42a06d6c3f1d768e34f0779810813feb2645ee9b13ce6d07823b2092ce22662bf3ba99751ccc7443281b2afcfdf
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.12
-      IsCertificateAuthority: false
-      SerialNumber: 008c77a0008ff4d1b0c63d9f3a48838d6b
-      Version: 3
-      TBS:
-        MD5: 6efd500ce038df7aa3087c1e63a5eb5c
-        SHA1: 1c961712a02fb995c585080eda53a753656ca3ad
-        SHA256: f60d4f8f7b56499de889264b1e64890694c5b106129d3db068976ed33495577a
-        SHA384: 031fdf7c078e205b4d3ffaff40de36f48f91f87c3b0005b482ff614b320f5e47785045cb87a3e6a75085c24ae8409498
-    Signer:
-    - SerialNumber: 00a7e4ded4bf949d15aa4201843f1ab64d
-      Issuer: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO
-        RSA Code Signing CA
-      Version: 1
-  Imphash: a74f61fdcea718cb9579907b2caf54ab
-  LoadsDespiteHVCI: 'FALSE'
-MitreID: T1068
+    Command: ''
+    Description: Confirmed vulnerable driver from Microsoft Block List
+    OperatingSystem: Windows
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://gist.github.com/mgraeber-rc/1bde6a2a83237f17b463d051d32e802c
-Tags:
-- test2.sys
-Verified: 'TRUE'
+Detection:
+-   type: ''
+    value: ''
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: ff295de93e6b6dcc3938d50901a7240d
+        SHA1: 484c72dd4fd91083b249f3ccc733a3c8335e583f
+        SHA256: 0c7809ac1fa074408518ddc0ac118912c9cd43ed9c89213bc4d59043016b040c
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2020-08-16 21:38:03'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - NtQuerySystemInformation
+    - RtlInitUnicodeString
+    - ExAllocatePool
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - _wcsicmp
+    - RtlInitString
+    - RtlAnsiStringToUnicodeString
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - ZwClose
+    - MmIsAddressValid
+    - ZwOpenDirectoryObject
+    - ZwQueryDirectoryObject
+    - ObReferenceObjectByName
+    - ZwQuerySystemInformation
+    - __C_specific_handler
+    - MmHighestUserAddress
+    - IoDriverObjectType
+    - KeQueryTimeIncrement
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - PsGetProcessWow64Process
+    - PsGetProcessPeb
+    - MmUnlockPages
+    - MmGetSystemRoutineAddress
+    - MmUnmapLockedPages
+    - IoFreeMdl
+    - ZwTerminateProcess
+    - PsGetProcessImageFileName
+    - ObOpenObjectByPointer
+    - PsReferenceProcessFilePointer
+    - IoQueryFileDosDeviceName
+    - ZwQueryVirtualMemory
+    - MmProbeAndLockPages
+    - PsLookupProcessByProcessId
+    - MmMapLockedPagesSpecifyCache
+    - IoAllocateMdl
+    - IoGetCurrentProcess
+    - MmCopyVirtualMemory
+    - KeClearEvent
+    - KeSetEvent
+    - KeWaitForSingleObject
+    - MmMapLockedPages
+    - ObReferenceObjectByHandle
+    - PsSetCreateProcessNotifyRoutineEx
+    - PsSetCreateThreadNotifyRoutine
+    - PsRemoveCreateThreadNotifyRoutine
+    - PsSetLoadImageNotifyRoutine
+    - PsRemoveLoadImageNotifyRoutine
+    - ExEventObjectType
+    - ObRegisterCallbacks
+    - ObUnRegisterCallbacks
+    - ObGetFilterVersion
+    - IoThreadToProcess
+    - strcmp
+    - PsProcessType
+    - PsThreadType
+    - RtlGetVersion
+    - ObfReferenceObject
+    - ObGetObjectType
+    - ExEnumHandleTable
+    - ExfUnblockPushLock
+    - _snprintf
+    - vsprintf_s
+    - ZwCreateFile
+    - ZwWriteFile
+    - PsLookupThreadByThreadId
+    - NtQueryInformationThread
+    - PsGetThreadProcess
+    - DbgPrint
+    - KeDelayExecutionThread
+    - KdDisableDebugger
+    - KdChangeOption
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - KdDebuggerEnabled
+    - PsGetVersion
+    - KeInitializeEvent
+    - RtlCopyUnicodeString
+    - ObfDereferenceObject
+    - ExReleaseFastMutex
+    - ExAcquireFastMutex
+    - MmBuildMdlForNonPagedPool
+    - WdfVersionBindClass
+    - WdfVersionBind
+    - WdfVersionUnbind
+    - WdfVersionUnbindClass
+    Imports:
+    - ntoskrnl.exe
+    - WDFLDR.SYS
+    InternalName: ''
+    MD5: 665a059e07c388eaf57dc04aec0c8552
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: ffdf660eb1ebf020a1d0a55a90712dfb
+        SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
+        SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
+    SHA1: aaa066705016399e8fa11d71df937fd089550064
+    SHA256: 6709a2d7925248fe172e9bc5495f45b9bb74060c43e1c58e671f0e6c434fd82b
+    Sections:
+        .text:
+            Entropy: 6.183070832014416
+            Virtual Size: '0x6ed0'
+        .rdata:
+            Entropy: 4.768973580594352
+            Virtual Size: '0x159c'
+        .data:
+            Entropy: 0.807954115503613
+            Virtual Size: '0x15f8'
+        .pdata:
+            Entropy: 7.83996638727823
+            Virtual Size: '0x684'
+        PAGE:
+            Entropy: 5.929327209049661
+            Virtual Size: '0xb7a'
+        INIT:
+            Entropy: 5.3523212488458185
+            Virtual Size: '0xe54'
+        .upx0:
+            Entropy: 7.037246397744446
+            Virtual Size: '0x124190'
+        .reloc:
+            Entropy: 3.9077681077271933
+            Virtual Size: '0xcc'
+        .rsrc:
+            Entropy: 2.9056718289000636
+            Virtual Size: '0x22c'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=DE, postalCode=66625, ST=Saarland, L=Nohfelden, ??=Obere Seestrasse
+                13, O=1.A Connect GmbH, OU=Management, CN=1.A Connect GmbH
+            ValidFrom: '2018-08-13 00:00:00'
+            ValidTo: '2022-08-13 23:59:59'
+            Signature: a17f7613d7b3b098555faa45c76f490612d91d968017212ec35725598d6490a9c7ab1f4eea77ddbc9504121362cdc70e800112726c2861a359948d752cd8b2da45216da758545c5f2544b2f45f8db1145b82dbe2f42096cfa1768a4f53560607c2f0b16ad9eff4c4f37c25ca964ef5a40ce93c1ff8efecd883202627907f96e6af3b418789adfe6afdc3aa5e6e5d27f387455c9d2d83cf27ded71661e8c4c0bc72a2f06ea0f4b3c23939ba6be4b50e98d0bb3f730913b99f35a210e853ced120a625367b40a124f2da476b77a17a3ef4d3d48a56709ee92f18f59e40c89a8b74a2d01053fddcb480412dbe49c77d397296928d5089c92fc8d658909ba016ad17
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 00a7e4ded4bf949d15aa4201843f1ab64d
+            Version: 3
+            TBS:
+                MD5: a999fc8af07f531dd59dcb4b972e90a1
+                SHA1: 118bc957893b1d91a35e13a91b209729b6561722
+                SHA256: c68fba18b2592dc3c38394ced6857c78ac7e93d7939ee16db4f07ac6607c68de
+                SHA384: 62678cf106b6763f89a3c04ce67549f949633a3bfeeb562198f4933a2ba2084a006afaf122e814bdaa6b2cedd80c3a4d
+        -   Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited,
+                CN=COMODO RSA Code Signing CA
+            ValidFrom: '2013-05-09 00:00:00'
+            ValidTo: '2028-05-08 23:59:59'
+            Signature: 023f0239c3eef8ca3b89de0c6d4db1f14e924fafc2382c04ccc56311ab0963afaba2d7023fcc6f19c33dd61a0894ff25d8a988a72b101ae09bb107221a511c3ad4e1e909bfe62474af1e7b16316e23ef54512d5202e27508054cf1b751e15100c687f66cee104476576af1df586b21aa49d47c374ebdffb67554401836576711cd4f02e4fef3dafc7517dbecb7f7650923491f435783ea7e207761c84df2bb654da8f7854507af7a6927659029408bdf7b3a51398ca81f7079ad6d4220a2cf0c6c038c4ccd730794e75a8e3a04baa2a17c1fcb633a15a7d4151ba7524732a9f4bf6447d1aa1f534e323073c26fb778829d5cff46bb6b221d880bf81baa34a6fc8cf5dd7f658c8c315731d036ec47a1cfcb8ba8ef1c1858c50677ca4b9b51af4c084a7a8fe2a352e28e8ecc26e4b2d8e538c2a8edc6819c356ba958614a0a97b44b42b6559dbe99e7706d59f86d2a0c7f19605f0c9a886c30ac520990161bff2b9ddbd020ca89ea287e328e19df7b48331ed765f8aec9f8831493767d64d08ecebe357dff72314d9f9ebd1e6c2fa88f0c0650fb8c27b376c9f4e6d7c334e28c87218661febf5574e12177030a686cbbe4c9a9e6cf5925eb7cec450e796668e822cdb8ef98854d96113c098ad07fbc282813fb6aca548d925ccdc26598069ece485bd4b5379346417c07ddcffa43efba6761ff7d49e0bb307d5c80e3e616394ba7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.12
+            IsCertificateAuthority: true
+            SerialNumber: 2e7c87cc0e934a52fe94fd1cb7cd34af
+            Version: 3
+            TBS:
+                MD5: f64df7e88bb2b95c7204bc07bb197a87
+                SHA1: a1bfa9f0f46a1e9ac66259c9b2b1b2dcaf16db9b
+                SHA256: a3dd3858c0e514dd37cacd5f23fc8222443ff636eef4a9fe90bc0ecbbb051fd1
+                SHA384: 4805a7e23d6c8ff5e149f197b744bcb2346e73f19a48835a2f64129183981109256b75ea371a331746d01fd4e135ab6e
+        -   Subject: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo
+                RSA Time Stamping CA
+            ValidFrom: '2019-05-02 00:00:00'
+            ValidTo: '2038-01-18 23:59:59'
+            Signature: 6d5481a5335d16e1b553819175df037a320b2d258411b2b0db2a7d2a05f5bc3b27f45aa0b9495990296c61cbb550dbe27df99f00ef40c3add3e2e456f95841cff142e5107dffb0741f8fc65c09f9335eeaa01c26585cf3b4110fd5d5c3e2bcd55878bf4876e144676d8fb043100f8de4f93862bf1301c585a34cc5ccb2533095a4d6f4965608b8cd5c7f0196be72526a3b42377c1678399393949bb1dcb26d416d67cdc96f903d7f4572c11b23d6c2558466e4b3c56606f6f3d64b5eada32b428a2192fea86f5a2570628173635ea0bbd8dcd74ad33daf830638121d24872de4fc02d63e7704bc0436b5e777cb9c2e8d2318b9a3c2471df05dd6a1735705689aa7c937651dbeeabcd842834305a58ba609ffd1a194a64eaa3d09f5056cb7d2645ad82a22c24b9df1395e4cde483d9b34969a095f8efdf7b15291ce3f89f61ca1b5a9751f71bf5b435d653d50816eabf0d0d3fcb2b31fb6999626f43c798b5c64cccdee279ae5a0c00c7287c16e4d5ad31eeaf044e6326f1ceb174e94c37865203b0f41aa1fe9a1419dfeb1b8a0652a34e0dea8f93ce6c130bbc0a0632cfc5c1600a8d0c47fea119d1e06c6a66d325db438092b4907aafdec30daf1a72fcfb7fdfad0a384d9279efb016677b95610e1206ec6aeb1f9b6bac8355d33768ef17c200c2a77aeb5a20286ba29eeb45a00b18cabe3f90ac9545dd4b96a749ebd48ae98
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.12
+            IsCertificateAuthority: true
+            SerialNumber: 300f6facdd6698747ca94636a7782db9
+            Version: 3
+            TBS:
+                MD5: 63499ed59a1293b786649470e4ce0bd7
+                SHA1: 7309d8eaa65da1f3da7030c08f00a3b0a20fa908
+                SHA256: 8c8d2046b29e792e71b28705fe67c435208a336dde074a75452d98e72c734937
+                SHA384: 5dbc5eae13908fee4c4e5216f87e3e87208fff0d1052f5fa9f0856a429d6a6c422c625f2318f2f29aea26ece09c1e811
+        -   Subject: 'C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo
+                RSA Time Stamping Signer #2'
+            ValidFrom: '2020-10-23 00:00:00'
+            ValidTo: '2032-01-22 23:59:59'
+            Signature: 4a0378904233ec7b1a830936339855bb9d4006306b456af1940e1950ff5b255e3be139c45bbae995903737bddffb64ece582b795cc5755704b4ef4a887dd2285a657bbb82127d4a02a31948a07219e8abda71af50215cb4450998cec3eba0377a6820290c22e93a9be21347563b9e02d0fcf0137cb8da2fab85a9aaea17a9e139319558f09902edfea881716eb69d6e125bd45089780d75420284fca7bb3b3a5d200b0603465c4e3c5c3a5e4ba85aa7a69db75a43e79689a368b43ae36d461723c0e85620da05e70db642f01c7c1a1c72494a3b23c6eb25ea2d0faa8d1b8251c16e6c0d57f681ac46529352a2d88bceaae74d682e7c088b8e14f78f05ccac0405cc29fd5321c2cda3cac36f706529aa3403017b0291699c9aab78849f7e80b2533b53f6daf9f5f0a56df12b1c3eece9177e82013e95c24c7ea440b4ae613841c4deb0db5b886a030a78ba19fb42cccc01623c991e542034b80cee44de62a013ec05e85a024a11740d5dbdbe79810a4f1ea191b8054fa4789e89881a975c00edfd0689479a1a09e8eb6b74266cbd9d96b2f4dd8de3e321e20e4ec9c4d428d9dc73399823744d4262926408e782fb9eefa2ff1f18ffe50b878dd1496de1c0e70b02a856ab16c68e92ae4102b6e21fdd37c9d37e42a06d6c3f1d768e34f0779810813feb2645ee9b13ce6d07823b2092ce22662bf3ba99751ccc7443281b2afcfdf
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.12
+            IsCertificateAuthority: false
+            SerialNumber: 008c77a0008ff4d1b0c63d9f3a48838d6b
+            Version: 3
+            TBS:
+                MD5: 6efd500ce038df7aa3087c1e63a5eb5c
+                SHA1: 1c961712a02fb995c585080eda53a753656ca3ad
+                SHA256: f60d4f8f7b56499de889264b1e64890694c5b106129d3db068976ed33495577a
+                SHA384: 031fdf7c078e205b4d3ffaff40de36f48f91f87c3b0005b482ff614b320f5e47785045cb87a3e6a75085c24ae8409498
+        Signer:
+        -   SerialNumber: 00a7e4ded4bf949d15aa4201843f1ab64d
+            Issuer: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO
+                RSA Code Signing CA
+            Version: 1
+    Imphash: a74f61fdcea718cb9579907b2caf54ab
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/64f3d4b0-6d2b-4275-b3d4-15d092af4092.yaml b/yaml/64f3d4b0-6d2b-4275-b3d4-15d092af4092.yaml
index 8e6a1ee2c..24802f97f 100644
--- a/yaml/64f3d4b0-6d2b-4275-b3d4-15d092af4092.yaml
+++ b/yaml/64f3d4b0-6d2b-4275-b3d4-15d092af4092.yaml
@@ -1,195 +1,197 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 64f3d4b0-6d2b-4275-b3d4-15d092af4092
+Tags:
+- fiddrv64.sys
+Verified: 'TRUE'
 Author: Michael Haag
+Created: '2023-01-09'
+MitreID: T1068
 Category: vulnerable driver
 Commands:
-  Command: sc.exe create fiddrv64.sys binPath=C:\windows\temp\fiddrv64.sys type=kernel
-    && sc.exe start fiddrv64.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
-Created: '2023-01-09'
+    Command: sc.exe create fiddrv64.sys binPath=C:\windows\temp\fiddrv64.sys type=kernel
+        && sc.exe start fiddrv64.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
+Resources:
+- https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules
 Detection: []
-Id: 64f3d4b0-6d2b-4275-b3d4-15d092af4092
+Acknowledgement:
+    Handle: ''
+    Person: ''
 KnownVulnerableSamples:
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: fiddrv64.sys
-  MachineType: ''
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: 10e15ba8ff8ed926ddd3636cec66a0f08c9860a4
-  Signature: []
-  LoadsDespiteHVCI: 'FALSE'
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: fiddrv64.sys
-  MachineType: ''
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: e4436c8c42ba5ffabd58a3b2256f6e86ccc907ab
-  Signature: []
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 6f12156b03f79cac857e541cc10b7366
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: fiddrv64.sys
+    MachineType: ''
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
     SHA1: 10e15ba8ff8ed926ddd3636cec66a0f08c9860a4
-    SHA256: feef191064d18b6fb63b7299415d1b1e2ec8fcdd742854aa96268d0ec4a0f7b6
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2009-11-19 11:54:07'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - IofCompleteRequest
-  - KeBugCheckEx
-  - __C_specific_handler
-  Imports:
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: bd067efb8cafd971142bc964b4f85df1
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: deba1df19727baf467b29c60b7c563c7
-    SHA1: 710b0baee7b3343dabd7d4d048e2aa88e86a684a
-    SHA256: ada352b06916b92ba7cbc0b7a3465c9e6e3a1ae2068643a99447a003c066f905
-  SHA1: 0d8a832b9383fcdc23e83487b188ddd30963ca82
-  SHA256: 4bf4cced4209c73aa37a9e2bf9ff27d458d8d7201eefa6f6ad4849ee276ad158
-  Sections:
-    .text:
-      Entropy: 5.315469915674853
-      Virtual Size: '0xde'
-    INIT:
-      Entropy: 4.7533822074782845
-      Virtual Size: '0x11a'
-    PAGE:
-      Entropy: 5.562502416171061
-      Virtual Size: '0x23a'
-    .rdata:
-      Entropy: 4.0522535591944555
-      Virtual Size: '0x1d8'
-    .data:
-      Entropy: 4.418157288156419
-      Virtual Size: '0x1d'
-    .pdata:
-      Entropy: 2.7073211214245667
-      Virtual Size: '0x3c'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Intel Corporation, CN=Intel External Basic Policy CA
-      ValidFrom: '2006-02-16 18:01:30'
-      ValidTo: '2016-02-19 18:01:30'
-      Signature: 131038ada454a5489545b02d3772c09f9ed8ef8f0bfb9096d2b6177951cab3df067ebdb4e9083f84a00c939fb31ca86c8acf2deef99012f0f83a26d773810e9fc4319259d4282541f555f1ca3d993dda64c8d21864223209092d1de331fafdd347d764a8f95dea8227e24fd2612124611d54263e145964b098d5f3a7c3aead50
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 05b0ff
-      Version: 3
-      TBS:
-        MD5: f532f9999c3f7a078f0f973c726a2a04
-        SHA1: f56832bc9412c372f9a8744591258f8bb11af2d8
-        SHA256: 4c75ce4be51027c4e1f7422775c3ae79d5195ffc0ff7f379123a603ccb702c60
-        SHA384: 084772ceb63ae50ebd8125ba9eba0c9b38d0e94a806f58513f71f1d5489f52489b0dfbb8c67603a425a603451b3b1719
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=Equifax, OU=Equifax Secure Certificate Authority
-      ValidFrom: '2006-05-23 17:01:15'
-      ValidTo: '2016-05-23 17:11:15'
-      Signature: 87a40f6b55916248ff54811ccf5db6c5a514aa671df485f6860d38b31c8d22ce7c867946fb71e16114d0ed4e46a48bca64654094f92ad7870ca9b7bedcc40bbd09c106eb9530841b9d8de7bc70c6f86539c4e5c4e65c8fcda130baef065e555290edd8587f15142ecc21a593dab8508d805e6e22a70fde8093add71d24b02aa2f4f20b98750131cc69bc359b3d13662f21bde54ec3639cc8518d59f5b600937ef10c35b0f4180dbfa7bdb2aae16b9f3ce6bb41b5d904e7c8a63abf8a5bdcaa9a3cd2c8dfcb1774163d78470b4c108e406616a0f300ede034998af0f9460ff27fbf202c972616d59e81da94a6dc61c8f18e092d4e32d03df682267d91d7a6c67bc1311d210ed4a342c1b4dfc0446b4f2aeebb29d62787b0a450ae1a9ab5f996f4ccabe52b3df166e2d5e1c3f0c687b659536638026e6194df1563aa415052f9bb64dc95e05b6c2aacfed6e603c21ff65557fe7e813fcb5a0bc1029cac84e47cd3f4c25a17c312706009ec82e5eccdd0b2106d69868c8da60e0416c57164ebd95bb8b08cfc32427e60846f655b7244272b846181f461d50fd51dbc05a27a5f937f26d1c8b3afa0190723e43e225d32d14a0fcee7b72a5c7b6e1c57126864e8337e8c501340a487b0d3a69b1eacbd3d7812bc52af09e0bab0508e5c81f98383af1482f50a6d035721bb9ac32e66fb04215b0a120fc1c907d63cecabf9a52f90883a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610bdc8f00000000001a
-      Version: 3
-      TBS:
-        MD5: 6e11ed171e9a07e607b8ca65bf0e8858
-        SHA1: 6d329a72420f76868584957854cdc45172e9f902
-        SHA256: 75efb8656a18ba5dacc596757bfb0fa11f0d3d81fd5f8cf9bb8975ced87e7b1b
-        SHA384: c41060ed797c77588692c0b3e36e19cca2d48c354863437f3df76009e25c916e8d2c7e17b297fbc59da085e98d070093
-    - Subject: CN=Intel(R) Processor Identification Utility
-      ValidFrom: '2009-03-19 00:29:29'
-      ValidTo: '2012-03-18 00:29:29'
-      Signature: 86c24504c2f46f4eb6f3dc997172bd94eecd17fe47c54e3be9e7d9c6a1dfb0158bbee32ab23b4e48d4c889e91edbde24cd5753feb01ac761e3c236ab02ef21345a0afe54a61cc5587f89484170d6bdd703606685ee22539b68c84201a0ac746ff98a719d7b8a358d0109d599d46bc8dc15392b3f9ed67a5092665aa4c0ece1c1591915ed5479a123c9a2da0aafa79b69dee0e16d89949c2139f73174e914ac0ac224660c083684ff56d29df499539b701e80a45b69107f7dc25e031fb9f491475e0d0ff6c7a2127caad2978c4a292d3e126ff06f841183fea1a4a66e831fd7ecce3132413239db87e78850d743953f73d140b22d7d2a50b468be4662ec2a06a6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 13fd5f58000000002ea3
-      Version: 3
-      TBS:
-        MD5: b3bd1f3e90334bd036db0c87a99bbe67
-        SHA1: 560fd30788b6778228d6f72d2383fdad0ea7d6f4
-        SHA256: bf0423565349e55db360084fa861a2189f3a186453b49849eea648fbe6c38a06
-        SHA384: 86a06d6f26ddbfe8e607ef1f25ded4a7077162c098a1127b37bff187b9dfdf94ac831eff028d137642a6d7a9fde216ae
-    - Subject: C=US, O=Intel Corporation, CN=Intel External Basic Issuing CA 3A
-      ValidFrom: '2006-03-22 22:22:42'
-      ValidTo: '2012-03-22 22:32:42'
-      Signature: ae3429de709faf0e95f3b073b3304cb3e0a8133436c944e1da83c1ff65581aeeca1ca09c82f872aa0df420c627d5a2b6d36d26a3081100c6a83a6db356049eaa28e1479de06b5e410d7f959d0f9d1e093085591577108b0710e43590fd1e35857911de21a7dcbac00495eb3db3f3a3b8faaa2e2c98a8c3800886808a0fcac4c83ece0e04ef8ef2c22a9b15c8f946d633954ac392205d95526b9e0262b74455389e9f37cdeacafe3d06dfba308678840d3e998709147745cbe399edd66ef20293046e75d44c735a5e713e3fdf249379c35dd5b6e6c07ee7159c611dc6a6031d4226603ff7f4299fb264a344ee0729dc8fcee295ea50d588b0b4984e2deca00476
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 612c9489000000000005
-      Version: 3
-      TBS:
-        MD5: 5563adcf63b9dd7859bcf84b3c2c95bb
-        SHA1: 83c83dbb905a1b9612d3de74267f36cfb88f714c
-        SHA256: 335520ee32bdf0d48087cde95c0964d6f64ebfb89223dc1b85ab22307c6328f1
-        SHA384: 3770ae5456ac5ac1e9027fd13495d9cbbb51379a0dc00c7bd8b96b2d566cfd4c158c05ebe9bf63768b9684680a4cc4e4
-    Signer:
-    - SerialNumber: 13fd5f58000000002ea3
-      Issuer: C=US, O=Intel Corporation, CN=Intel External Basic Issuing CA 3A
-      Version: 1
-  Imphash: 840e656bdb2987fa422092ec9d588895
-  LoadsDespiteHVCI: 'FALSE'
-MitreID: T1068
-Resources:
-- https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules
-Tags:
-- fiddrv64.sys
-Verified: 'TRUE'
+    Signature: []
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: fiddrv64.sys
+    MachineType: ''
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: e4436c8c42ba5ffabd58a3b2256f6e86ccc907ab
+    Signature: []
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 6f12156b03f79cac857e541cc10b7366
+        SHA1: 10e15ba8ff8ed926ddd3636cec66a0f08c9860a4
+        SHA256: feef191064d18b6fb63b7299415d1b1e2ec8fcdd742854aa96268d0ec4a0f7b6
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2009-11-19 11:54:07'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - IofCompleteRequest
+    - KeBugCheckEx
+    - __C_specific_handler
+    Imports:
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: bd067efb8cafd971142bc964b4f85df1
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: deba1df19727baf467b29c60b7c563c7
+        SHA1: 710b0baee7b3343dabd7d4d048e2aa88e86a684a
+        SHA256: ada352b06916b92ba7cbc0b7a3465c9e6e3a1ae2068643a99447a003c066f905
+    SHA1: 0d8a832b9383fcdc23e83487b188ddd30963ca82
+    SHA256: 4bf4cced4209c73aa37a9e2bf9ff27d458d8d7201eefa6f6ad4849ee276ad158
+    Sections:
+        .text:
+            Entropy: 5.315469915674853
+            Virtual Size: '0xde'
+        INIT:
+            Entropy: 4.7533822074782845
+            Virtual Size: '0x11a'
+        PAGE:
+            Entropy: 5.562502416171061
+            Virtual Size: '0x23a'
+        .rdata:
+            Entropy: 4.0522535591944555
+            Virtual Size: '0x1d8'
+        .data:
+            Entropy: 4.418157288156419
+            Virtual Size: '0x1d'
+        .pdata:
+            Entropy: 2.7073211214245667
+            Virtual Size: '0x3c'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Intel Corporation, CN=Intel External Basic Policy CA
+            ValidFrom: '2006-02-16 18:01:30'
+            ValidTo: '2016-02-19 18:01:30'
+            Signature: 131038ada454a5489545b02d3772c09f9ed8ef8f0bfb9096d2b6177951cab3df067ebdb4e9083f84a00c939fb31ca86c8acf2deef99012f0f83a26d773810e9fc4319259d4282541f555f1ca3d993dda64c8d21864223209092d1de331fafdd347d764a8f95dea8227e24fd2612124611d54263e145964b098d5f3a7c3aead50
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 05b0ff
+            Version: 3
+            TBS:
+                MD5: f532f9999c3f7a078f0f973c726a2a04
+                SHA1: f56832bc9412c372f9a8744591258f8bb11af2d8
+                SHA256: 4c75ce4be51027c4e1f7422775c3ae79d5195ffc0ff7f379123a603ccb702c60
+                SHA384: 084772ceb63ae50ebd8125ba9eba0c9b38d0e94a806f58513f71f1d5489f52489b0dfbb8c67603a425a603451b3b1719
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=Equifax, OU=Equifax Secure Certificate Authority
+            ValidFrom: '2006-05-23 17:01:15'
+            ValidTo: '2016-05-23 17:11:15'
+            Signature: 87a40f6b55916248ff54811ccf5db6c5a514aa671df485f6860d38b31c8d22ce7c867946fb71e16114d0ed4e46a48bca64654094f92ad7870ca9b7bedcc40bbd09c106eb9530841b9d8de7bc70c6f86539c4e5c4e65c8fcda130baef065e555290edd8587f15142ecc21a593dab8508d805e6e22a70fde8093add71d24b02aa2f4f20b98750131cc69bc359b3d13662f21bde54ec3639cc8518d59f5b600937ef10c35b0f4180dbfa7bdb2aae16b9f3ce6bb41b5d904e7c8a63abf8a5bdcaa9a3cd2c8dfcb1774163d78470b4c108e406616a0f300ede034998af0f9460ff27fbf202c972616d59e81da94a6dc61c8f18e092d4e32d03df682267d91d7a6c67bc1311d210ed4a342c1b4dfc0446b4f2aeebb29d62787b0a450ae1a9ab5f996f4ccabe52b3df166e2d5e1c3f0c687b659536638026e6194df1563aa415052f9bb64dc95e05b6c2aacfed6e603c21ff65557fe7e813fcb5a0bc1029cac84e47cd3f4c25a17c312706009ec82e5eccdd0b2106d69868c8da60e0416c57164ebd95bb8b08cfc32427e60846f655b7244272b846181f461d50fd51dbc05a27a5f937f26d1c8b3afa0190723e43e225d32d14a0fcee7b72a5c7b6e1c57126864e8337e8c501340a487b0d3a69b1eacbd3d7812bc52af09e0bab0508e5c81f98383af1482f50a6d035721bb9ac32e66fb04215b0a120fc1c907d63cecabf9a52f90883a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610bdc8f00000000001a
+            Version: 3
+            TBS:
+                MD5: 6e11ed171e9a07e607b8ca65bf0e8858
+                SHA1: 6d329a72420f76868584957854cdc45172e9f902
+                SHA256: 75efb8656a18ba5dacc596757bfb0fa11f0d3d81fd5f8cf9bb8975ced87e7b1b
+                SHA384: c41060ed797c77588692c0b3e36e19cca2d48c354863437f3df76009e25c916e8d2c7e17b297fbc59da085e98d070093
+        -   Subject: CN=Intel(R) Processor Identification Utility
+            ValidFrom: '2009-03-19 00:29:29'
+            ValidTo: '2012-03-18 00:29:29'
+            Signature: 86c24504c2f46f4eb6f3dc997172bd94eecd17fe47c54e3be9e7d9c6a1dfb0158bbee32ab23b4e48d4c889e91edbde24cd5753feb01ac761e3c236ab02ef21345a0afe54a61cc5587f89484170d6bdd703606685ee22539b68c84201a0ac746ff98a719d7b8a358d0109d599d46bc8dc15392b3f9ed67a5092665aa4c0ece1c1591915ed5479a123c9a2da0aafa79b69dee0e16d89949c2139f73174e914ac0ac224660c083684ff56d29df499539b701e80a45b69107f7dc25e031fb9f491475e0d0ff6c7a2127caad2978c4a292d3e126ff06f841183fea1a4a66e831fd7ecce3132413239db87e78850d743953f73d140b22d7d2a50b468be4662ec2a06a6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 13fd5f58000000002ea3
+            Version: 3
+            TBS:
+                MD5: b3bd1f3e90334bd036db0c87a99bbe67
+                SHA1: 560fd30788b6778228d6f72d2383fdad0ea7d6f4
+                SHA256: bf0423565349e55db360084fa861a2189f3a186453b49849eea648fbe6c38a06
+                SHA384: 86a06d6f26ddbfe8e607ef1f25ded4a7077162c098a1127b37bff187b9dfdf94ac831eff028d137642a6d7a9fde216ae
+        -   Subject: C=US, O=Intel Corporation, CN=Intel External Basic Issuing CA
+                3A
+            ValidFrom: '2006-03-22 22:22:42'
+            ValidTo: '2012-03-22 22:32:42'
+            Signature: ae3429de709faf0e95f3b073b3304cb3e0a8133436c944e1da83c1ff65581aeeca1ca09c82f872aa0df420c627d5a2b6d36d26a3081100c6a83a6db356049eaa28e1479de06b5e410d7f959d0f9d1e093085591577108b0710e43590fd1e35857911de21a7dcbac00495eb3db3f3a3b8faaa2e2c98a8c3800886808a0fcac4c83ece0e04ef8ef2c22a9b15c8f946d633954ac392205d95526b9e0262b74455389e9f37cdeacafe3d06dfba308678840d3e998709147745cbe399edd66ef20293046e75d44c735a5e713e3fdf249379c35dd5b6e6c07ee7159c611dc6a6031d4226603ff7f4299fb264a344ee0729dc8fcee295ea50d588b0b4984e2deca00476
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 612c9489000000000005
+            Version: 3
+            TBS:
+                MD5: 5563adcf63b9dd7859bcf84b3c2c95bb
+                SHA1: 83c83dbb905a1b9612d3de74267f36cfb88f714c
+                SHA256: 335520ee32bdf0d48087cde95c0964d6f64ebfb89223dc1b85ab22307c6328f1
+                SHA384: 3770ae5456ac5ac1e9027fd13495d9cbbb51379a0dc00c7bd8b96b2d566cfd4c158c05ebe9bf63768b9684680a4cc4e4
+        Signer:
+        -   SerialNumber: 13fd5f58000000002ea3
+            Issuer: C=US, O=Intel Corporation, CN=Intel External Basic Issuing CA
+                3A
+            Version: 1
+    Imphash: 840e656bdb2987fa422092ec9d588895
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/65660363-0080-4432-abd9-64368dac0283.yaml b/yaml/65660363-0080-4432-abd9-64368dac0283.yaml
index ff5158ee5..de97024b6 100644
--- a/yaml/65660363-0080-4432-abd9-64368dac0283.yaml
+++ b/yaml/65660363-0080-4432-abd9-64368dac0283.yaml
@@ -1,35 +1,35 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 65660363-0080-4432-abd9-64368dac0283
+Tags:
+- t.sys
+Verified: 'FALSE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create t.sys binPath=C:\windows\temp\t.sys type=kernel && sc.exe
-    start t.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection: []
-Id: 65660363-0080-4432-abd9-64368dac0283
-KnownVulnerableSamples:
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: t.sys
-  MachineType: ''
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA256: 146d77e80ca70ea5cb17bfc9a5cea92334f809cbdc87a51c2d10b8579a4b9c88
-  Signature: []
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create t.sys binPath=C:\windows\temp\t.sys type=kernel && sc.exe
+        start t.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules
-Tags:
-- t.sys
-Verified: 'FALSE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: t.sys
+    MachineType: ''
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA256: 146d77e80ca70ea5cb17bfc9a5cea92334f809cbdc87a51c2d10b8579a4b9c88
+    Signature: []
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/66813e1f-13c8-4884-931a-62b46350c345.yaml b/yaml/66813e1f-13c8-4884-931a-62b46350c345.yaml
index 3e27c2bd7..54aa8a141 100644
--- a/yaml/66813e1f-13c8-4884-931a-62b46350c345.yaml
+++ b/yaml/66813e1f-13c8-4884-931a-62b46350c345.yaml
@@ -1,223 +1,223 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 66813e1f-13c8-4884-931a-62b46350c345
+Tags:
+- 834761775.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: malicious
-Commands:
-  Command: sc.exe create 834761775.sys binPath=C:\windows\temp\834761775.sys type=kernel
-    && sc.exe start 834761775.sys
-  Description: "Cisco Talos has identified multiple versions of an undocumented malicious\
-    \ driver named \u201CRedDriver,\u201D a driver-based browser hijacker that uses\
-    \ the Windows Filtering Platform (WFP) to intercept browser traffic. RedDriver\
-    \ has been active since at least 2021.\nRedDriver utilizes HookSignTool to forge\
-    \ its signature timestamp to bypass Windows driver-signing policies.\nCode from\
-    \ multiple open-source tools has been used in the development of RedDriver's infection\
-    \ chain, including HP-Socket and a custom implementation of ReflectiveLoader.\n\
-    The authors of RedDriver appear to be skilled in driver development and have deep\
-    \ knowledge of the Windows operating system.\nThis threat appears to target native\
-    \ Chinese speakers, as it searches for Chinese language browsers to hijack. Additionally,\
-    \ the authors are likely Chinese speakers themselves."
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-07-12'
-Detection: []
-Id: 66813e1f-13c8-4884-931a-62b46350c345
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: d572a2339ab3259578bfb39301b78884
-    SHA1: d8e79ba181f2a646bbaa9e28ce2c4c490074fda2
-    SHA256: 22074c412bb82bd97768eba0cb40e451d75d969e94d0548af804aafc04ca02fd
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2022-10-10 19:26:25'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: 834761775.sys
-  ImportedFunctions:
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - PsCreateSystemThread
-  - ZwClose
-  - ZwOpenProcess
-  - ZwWaitForSingleObject
-  - RtlIpv4AddressToStringA
-  - ZwCreateFile
-  - ZwWriteFile
-  - ZwDeleteFile
-  - ZwOpenSymbolicLinkObject
-  - ZwQuerySymbolicLinkObject
-  - RtlUnicodeStringToAnsiString
-  - ExAllocatePool
-  - RtlFreeAnsiString
-  - _vsnprintf
-  - _vsnwprintf
-  - KeInitializeEvent
-  - KeWaitForSingleObject
-  - RtlRandomEx
-  - RtlCopyUnicodeString
-  - KeEnterCriticalRegion
-  - KeLeaveCriticalRegion
-  - ExInitializeResourceLite
-  - ExAcquireResourceExclusiveLite
-  - ExReleaseResourceLite
-  - KeBugCheckEx
-  - KeReleaseInStackQueuedSpinLock
-  - KeAcquireInStackQueuedSpinLock
-  - _strlwr
-  - IoWMIRegistrationControl
-  - MmGetSystemRoutineAddress
-  - RtlCompareMemory
-  - ExSystemTimeToLocalTime
-  - RtlTimeToTimeFields
-  - RtlAppendUnicodeToString
-  - RtlAppendUnicodeStringToString
-  - RtlInitUnicodeString
-  - FwpsAcquireWritableLayerDataPointer0
-  - FwpsReleaseClassifyHandle0
-  - FwpsAcquireClassifyHandle0
-  - FwpsCalloutRegister1
-  - FwpsApplyModifiedLayerData0
-  - WdfVersionBindClass
-  - WdfVersionBind
-  - WdfVersionUnbind
-  - WdfVersionUnbindClass
-  Imports:
-  - ntoskrnl.exe
-  - fwpkclnt.sys
-  - WDFLDR.SYS
-  InternalName: ''
-  MD5: 072ba2309b825ce1dba37d8d924ea8ed
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 704ff674d65cee070ccb97324955d0af
-    SHA1: c83a46f6adfb07de81e62046c7a9d8bd95c36dcf
-    SHA256: 586df7c43db7e44e51d3eef5aad1a38022c5f6d3598b05a47eec523d5ad74b2b
-  SHA1: 89a74d0e9fd03129082c5b868f5ad62558ca34fd
-  SHA256: 24c900024d213549502301c366d18c318887630f04c96bf0a3d6ba74e0df164f
-  Sections:
-    .text:
-      Entropy: 6.293307409084567
-      Virtual Size: '0x30a0'
-    .rdata:
-      Entropy: 4.578734482189957
-      Virtual Size: '0xb70'
-    .data:
-      Entropy: 1.8195102265290914
-      Virtual Size: '0x17e8'
-    .pdata:
-      Entropy: 4.204635975366644
-      Virtual Size: '0x324'
-    .gfids:
-      Entropy: 0.8112781244591328
-      Virtual Size: '0x4'
-    PAGE:
-      Entropy: 6.019078078470311
-      Virtual Size: '0x4fc'
-    INIT:
-      Entropy: 5.17688181935493
-      Virtual Size: '0x6be'
-    .rsrc:
-      Entropy: 2.6182828359466233
-      Virtual Size: '0x140'
-    .reloc:
-      Entropy: 3.7531088905778556
-      Virtual Size: '0x58'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=CN, ST=Beijing, L=Beijing, O=Beijing JoinHope Image Technology Ltd.,
-        CN=Beijing JoinHope Image Technology Ltd.
-      ValidFrom: '2014-05-16 00:00:00'
-      ValidTo: '2015-05-16 23:59:59'
-      Signature: e896f8811ed9938fcbdc8c37f8c029045bb36722791c608d7d59f1d50b9e8923777b3ce973553c8164d7445f038c3720516d74f2f95fd734cd1349c1e6cf17f1c9042f069fb94350f7cd8f36f676fd175742d32adbc5d143423e3bc38bea71f9d021110303529d578ba7aab16d53c61642cf1f7e16964718a083182429d4347a09ea0047d9e53bad112ca5a5a14a180539ceb64000a677709bb70e9e3aea68158977072e7f130f1f99b08c2593b4003523f3f6cd441a7e4d8e88f3a2b871e6a03627dd3dadd97487df1dc5b93119ec65b60d1e4e0248a1978ee7480c08b8b8e54d890e7941aa852cf65d731cf0a6cf66584a0d0fba70d6697ee22a8d859919f4
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0a005d2e2bcd4137168217d8c727747c
-      Version: 3
-      TBS:
-        MD5: 4d213d99215f488050faaa39765656d1
-        SHA1: 0308508b5a3fcd330bbf28931f8e1a9c93c3ee69
-        SHA256: ea947432de238a25fdb7892e436f4ef44f30ab16ae9e1eb914860f4808b25ef2
-        SHA384: 430e932514f35ed55f31f050f33bcc0b9244fd83c6d1d28ee240306e54292e93b5894ef4eb9c09bf84cdc8068c6a7230
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=CN, O=JemmyLoveJenny PKI Service, OU=timestamp.pki.jemmylovejenny.tk,
-        CN=Fake TimeStamp Responder
-      ValidFrom: '2000-01-01 00:00:00'
-      ValidTo: '2099-12-31 23:59:59'
-      Signature: 21ce1a74cffdc5be464c890b9ae11fe6f037b1145a8a3be179136f33eb4e74650c0d22055a26096e231fdc9be25bcfbe8d8d590d84d2443e19d0d8bb163e7d492162ba8f1ee020445d0338d6cf96bc7543da921f04874ae92a524585895d0f358b045c941ab49b34f287579f7d7aaa70122b519c8bb604c7f072ea20fb5e1b1c2c048f4c7e42dc6ee7caab6de80627c32632d0ea2756277ca3c98c2fa58a9d07364017c29844e99cac28cefc4d4bca807da970d2bdf548cec8844b5f72541940835e827c447773ed5b4e8114c2cf04d39bc2f2dc8c2ba8a6e67687e76b7805971e8b87096474fcac24da030e8d591f9edae5644199a235280d05761143af1292
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1eb132d57e7968960df26e854eb0dda6
-      Version: 3
-      TBS:
-        MD5: 5ab6e3eff526144c0498d28f2e8744cc
-        SHA1: 7ab94f2c92d6886a876615876fb3c7d996cc0ea3
-        SHA256: ff83ab76196af2d3172c0be1ab23720770de769bed8daf815a059ca46df241af
-        SHA384: 9990f7fd996aa8f520b4d64eee4060d0009b6cd517416b7300245df65cb15eb72ab985f520bc02346c544d46ad172ae5
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    - Subject: C=CN, O=JemmyLoveJenny PKI Service, OU=pki.jemmylovejenny.tk, CN=JemmyLoveJenny
-        SHA1 TimeStamping Services CA
-      ValidFrom: '2000-01-01 00:00:00'
-      ValidTo: '2099-12-31 23:59:59'
-      Signature: 7a25039f8882f1960adb0b6781366e4e15e38a1b13b332e864e5b39e93128f9400648246af7f78526380ebc32a670c0d7184c0172442e5bdbb7873dac548349bbb5681f1f0b2e5fb7230153f95caaa5d7aeeb64cdc6f4cb9505f4b62b2e61f7b8856c43e91be32fc9918cd4ace9060388c8ef39c745adb7cbe0943353ae6c7e8f9e3a9a26da5fab1e43d7fafc02fa8433e1d9a3f3981c78f70c040e03c74258d5abca8231e3bff819e85f52d422dd507879f4e922b52f4ea358e887d8d3deb4bc81d5b3c42ae13aac56364c929da045225104ed04f3a041c9677cc731acbc153746b1f5e968cb468f52ab576515f967ce0159331e1ac575f27f4faf159ec70c3825d7366eb08f579909cab42adf8fe71c14f71d19326dad89dcd763ed3c4aad601c34aa8fa5ea6f16843d15692198c1c79f92c1d1feadeecae329206d02133c625875839baa3265b8e635a43c192755dfd260f0ffe7f2e320be8713639c0204fde54d92c59cb12c253b837e7fcbb3f1a47d7a1066a9568e1b5d9ddf1dc69da4bb6e5965dc72f35c5e8d78eca195cd7b18e41a12bb4eb4de8fc938b919c509871fcd1f808938bb5de8da978371b64ce5269a983f03d937c28a547ad3defd5d24c032fa67493cd00e9f0f835a3c22948ff71ec8c29eb66906ead31e09c6bd3fe0137bfcec27cd8bcbefed081fb2df4ee70ebe2d7c4b2a19419c2f3d79df8344236
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 1eb132d57e796896
-      Version: 3
-      TBS:
-        MD5: 953110dc4528bb8653d24128ec59f13b
-        SHA1: 3a111b3ec6c092f7181132509479ba73bc3c828f
-        SHA256: 3434a95dfbfdb4b2cdff9d76632bcfc1d8c9a2b805596ed3f8af1c97f61643b1
-        SHA384: 41c54e667a7ccaab3d4b6288e8c78789163e4adce5029f5e43de2a25ea9ad07bd3f4679538ebc301477917f46cfb8788
-    Signer:
-    - SerialNumber: 0a005d2e2bcd4137168217d8c727747c
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 0262d4147f21d681f8519ab2af79283f
-  LoadsDespiteHVCI: 'TRUE'
 MitreID: T1068
+Category: malicious
+Commands:
+    Command: sc.exe create 834761775.sys binPath=C:\windows\temp\834761775.sys type=kernel
+        && sc.exe start 834761775.sys
+    Description: "Cisco Talos has identified multiple versions of an undocumented\
+        \ malicious driver named \u201CRedDriver,\u201D a driver-based browser hijacker\
+        \ that uses the Windows Filtering Platform (WFP) to intercept browser traffic.\
+        \ RedDriver has been active since at least 2021.\nRedDriver utilizes HookSignTool\
+        \ to forge its signature timestamp to bypass Windows driver-signing policies.\n\
+        Code from multiple open-source tools has been used in the development of RedDriver's\
+        \ infection chain, including HP-Socket and a custom implementation of ReflectiveLoader.\n\
+        The authors of RedDriver appear to be skilled in driver development and have\
+        \ deep knowledge of the Windows operating system.\nThis threat appears to\
+        \ target native Chinese speakers, as it searches for Chinese language browsers\
+        \ to hijack. Additionally, the authors are likely Chinese speakers themselves."
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://blog.talosintelligence.com/undocumented-reddriver/
-Tags:
-- 834761775.sys
-Verified: 'TRUE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: d572a2339ab3259578bfb39301b78884
+        SHA1: d8e79ba181f2a646bbaa9e28ce2c4c490074fda2
+        SHA256: 22074c412bb82bd97768eba0cb40e451d75d969e94d0548af804aafc04ca02fd
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2022-10-10 19:26:25'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: 834761775.sys
+    ImportedFunctions:
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - PsCreateSystemThread
+    - ZwClose
+    - ZwOpenProcess
+    - ZwWaitForSingleObject
+    - RtlIpv4AddressToStringA
+    - ZwCreateFile
+    - ZwWriteFile
+    - ZwDeleteFile
+    - ZwOpenSymbolicLinkObject
+    - ZwQuerySymbolicLinkObject
+    - RtlUnicodeStringToAnsiString
+    - ExAllocatePool
+    - RtlFreeAnsiString
+    - _vsnprintf
+    - _vsnwprintf
+    - KeInitializeEvent
+    - KeWaitForSingleObject
+    - RtlRandomEx
+    - RtlCopyUnicodeString
+    - KeEnterCriticalRegion
+    - KeLeaveCriticalRegion
+    - ExInitializeResourceLite
+    - ExAcquireResourceExclusiveLite
+    - ExReleaseResourceLite
+    - KeBugCheckEx
+    - KeReleaseInStackQueuedSpinLock
+    - KeAcquireInStackQueuedSpinLock
+    - _strlwr
+    - IoWMIRegistrationControl
+    - MmGetSystemRoutineAddress
+    - RtlCompareMemory
+    - ExSystemTimeToLocalTime
+    - RtlTimeToTimeFields
+    - RtlAppendUnicodeToString
+    - RtlAppendUnicodeStringToString
+    - RtlInitUnicodeString
+    - FwpsAcquireWritableLayerDataPointer0
+    - FwpsReleaseClassifyHandle0
+    - FwpsAcquireClassifyHandle0
+    - FwpsCalloutRegister1
+    - FwpsApplyModifiedLayerData0
+    - WdfVersionBindClass
+    - WdfVersionBind
+    - WdfVersionUnbind
+    - WdfVersionUnbindClass
+    Imports:
+    - ntoskrnl.exe
+    - fwpkclnt.sys
+    - WDFLDR.SYS
+    InternalName: ''
+    MD5: 072ba2309b825ce1dba37d8d924ea8ed
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 704ff674d65cee070ccb97324955d0af
+        SHA1: c83a46f6adfb07de81e62046c7a9d8bd95c36dcf
+        SHA256: 586df7c43db7e44e51d3eef5aad1a38022c5f6d3598b05a47eec523d5ad74b2b
+    SHA1: 89a74d0e9fd03129082c5b868f5ad62558ca34fd
+    SHA256: 24c900024d213549502301c366d18c318887630f04c96bf0a3d6ba74e0df164f
+    Sections:
+        .text:
+            Entropy: 6.293307409084567
+            Virtual Size: '0x30a0'
+        .rdata:
+            Entropy: 4.578734482189957
+            Virtual Size: '0xb70'
+        .data:
+            Entropy: 1.8195102265290914
+            Virtual Size: '0x17e8'
+        .pdata:
+            Entropy: 4.204635975366644
+            Virtual Size: '0x324'
+        .gfids:
+            Entropy: 0.8112781244591328
+            Virtual Size: '0x4'
+        PAGE:
+            Entropy: 6.019078078470311
+            Virtual Size: '0x4fc'
+        INIT:
+            Entropy: 5.17688181935493
+            Virtual Size: '0x6be'
+        .rsrc:
+            Entropy: 2.6182828359466233
+            Virtual Size: '0x140'
+        .reloc:
+            Entropy: 3.7531088905778556
+            Virtual Size: '0x58'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=CN, ST=Beijing, L=Beijing, O=Beijing JoinHope Image Technology
+                Ltd., CN=Beijing JoinHope Image Technology Ltd.
+            ValidFrom: '2014-05-16 00:00:00'
+            ValidTo: '2015-05-16 23:59:59'
+            Signature: e896f8811ed9938fcbdc8c37f8c029045bb36722791c608d7d59f1d50b9e8923777b3ce973553c8164d7445f038c3720516d74f2f95fd734cd1349c1e6cf17f1c9042f069fb94350f7cd8f36f676fd175742d32adbc5d143423e3bc38bea71f9d021110303529d578ba7aab16d53c61642cf1f7e16964718a083182429d4347a09ea0047d9e53bad112ca5a5a14a180539ceb64000a677709bb70e9e3aea68158977072e7f130f1f99b08c2593b4003523f3f6cd441a7e4d8e88f3a2b871e6a03627dd3dadd97487df1dc5b93119ec65b60d1e4e0248a1978ee7480c08b8b8e54d890e7941aa852cf65d731cf0a6cf66584a0d0fba70d6697ee22a8d859919f4
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0a005d2e2bcd4137168217d8c727747c
+            Version: 3
+            TBS:
+                MD5: 4d213d99215f488050faaa39765656d1
+                SHA1: 0308508b5a3fcd330bbf28931f8e1a9c93c3ee69
+                SHA256: ea947432de238a25fdb7892e436f4ef44f30ab16ae9e1eb914860f4808b25ef2
+                SHA384: 430e932514f35ed55f31f050f33bcc0b9244fd83c6d1d28ee240306e54292e93b5894ef4eb9c09bf84cdc8068c6a7230
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=CN, O=JemmyLoveJenny PKI Service, OU=timestamp.pki.jemmylovejenny.tk,
+                CN=Fake TimeStamp Responder
+            ValidFrom: '2000-01-01 00:00:00'
+            ValidTo: '2099-12-31 23:59:59'
+            Signature: 21ce1a74cffdc5be464c890b9ae11fe6f037b1145a8a3be179136f33eb4e74650c0d22055a26096e231fdc9be25bcfbe8d8d590d84d2443e19d0d8bb163e7d492162ba8f1ee020445d0338d6cf96bc7543da921f04874ae92a524585895d0f358b045c941ab49b34f287579f7d7aaa70122b519c8bb604c7f072ea20fb5e1b1c2c048f4c7e42dc6ee7caab6de80627c32632d0ea2756277ca3c98c2fa58a9d07364017c29844e99cac28cefc4d4bca807da970d2bdf548cec8844b5f72541940835e827c447773ed5b4e8114c2cf04d39bc2f2dc8c2ba8a6e67687e76b7805971e8b87096474fcac24da030e8d591f9edae5644199a235280d05761143af1292
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1eb132d57e7968960df26e854eb0dda6
+            Version: 3
+            TBS:
+                MD5: 5ab6e3eff526144c0498d28f2e8744cc
+                SHA1: 7ab94f2c92d6886a876615876fb3c7d996cc0ea3
+                SHA256: ff83ab76196af2d3172c0be1ab23720770de769bed8daf815a059ca46df241af
+                SHA384: 9990f7fd996aa8f520b4d64eee4060d0009b6cd517416b7300245df65cb15eb72ab985f520bc02346c544d46ad172ae5
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        -   Subject: C=CN, O=JemmyLoveJenny PKI Service, OU=pki.jemmylovejenny.tk,
+                CN=JemmyLoveJenny SHA1 TimeStamping Services CA
+            ValidFrom: '2000-01-01 00:00:00'
+            ValidTo: '2099-12-31 23:59:59'
+            Signature: 7a25039f8882f1960adb0b6781366e4e15e38a1b13b332e864e5b39e93128f9400648246af7f78526380ebc32a670c0d7184c0172442e5bdbb7873dac548349bbb5681f1f0b2e5fb7230153f95caaa5d7aeeb64cdc6f4cb9505f4b62b2e61f7b8856c43e91be32fc9918cd4ace9060388c8ef39c745adb7cbe0943353ae6c7e8f9e3a9a26da5fab1e43d7fafc02fa8433e1d9a3f3981c78f70c040e03c74258d5abca8231e3bff819e85f52d422dd507879f4e922b52f4ea358e887d8d3deb4bc81d5b3c42ae13aac56364c929da045225104ed04f3a041c9677cc731acbc153746b1f5e968cb468f52ab576515f967ce0159331e1ac575f27f4faf159ec70c3825d7366eb08f579909cab42adf8fe71c14f71d19326dad89dcd763ed3c4aad601c34aa8fa5ea6f16843d15692198c1c79f92c1d1feadeecae329206d02133c625875839baa3265b8e635a43c192755dfd260f0ffe7f2e320be8713639c0204fde54d92c59cb12c253b837e7fcbb3f1a47d7a1066a9568e1b5d9ddf1dc69da4bb6e5965dc72f35c5e8d78eca195cd7b18e41a12bb4eb4de8fc938b919c509871fcd1f808938bb5de8da978371b64ce5269a983f03d937c28a547ad3defd5d24c032fa67493cd00e9f0f835a3c22948ff71ec8c29eb66906ead31e09c6bd3fe0137bfcec27cd8bcbefed081fb2df4ee70ebe2d7c4b2a19419c2f3d79df8344236
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 1eb132d57e796896
+            Version: 3
+            TBS:
+                MD5: 953110dc4528bb8653d24128ec59f13b
+                SHA1: 3a111b3ec6c092f7181132509479ba73bc3c828f
+                SHA256: 3434a95dfbfdb4b2cdff9d76632bcfc1d8c9a2b805596ed3f8af1c97f61643b1
+                SHA384: 41c54e667a7ccaab3d4b6288e8c78789163e4adce5029f5e43de2a25ea9ad07bd3f4679538ebc301477917f46cfb8788
+        Signer:
+        -   SerialNumber: 0a005d2e2bcd4137168217d8c727747c
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 0262d4147f21d681f8519ab2af79283f
+    LoadsDespiteHVCI: 'TRUE'
diff --git a/yaml/66be9e0a-9246-4404-b5b5-7fbde351668f.yaml b/yaml/66be9e0a-9246-4404-b5b5-7fbde351668f.yaml
index 41d75947c..8c90b575d 100644
--- a/yaml/66be9e0a-9246-4404-b5b5-7fbde351668f.yaml
+++ b/yaml/66be9e0a-9246-4404-b5b5-7fbde351668f.yaml
@@ -1,172 +1,173 @@
 Id: 66be9e0a-9246-4404-b5b5-7fbde351668f
+Tags:
+- BS_I2cIo.sys
+Verified: 'TRUE'
 Author: Nasreddine Bencherchali
 Created: '2023-05-06'
 MitreID: T1068
 Category: vulnerable driver
-Verified: 'TRUE'
 Commands:
-  Command: sc.exe create BS_I2cIo.sys binPath=C:\windows\temp\BS_I2cIo.sys type=kernel
-    && sc.exe start BS_I2cIo.sys
-  Description: ''
-  Usecase: Elevate privileges
-  Privileges: kernel
-  OperatingSystem: Windows 10
+    Command: sc.exe create BS_I2cIo.sys binPath=C:\windows\temp\BS_I2cIo.sys type=kernel
+        && sc.exe start BS_I2cIo.sys
+    Description: ''
+    Usecase: Elevate privileges
+    Privileges: kernel
+    OperatingSystem: Windows 10
 Resources:
 - Internal Research
-Acknowledgement:
-  Person: ''
-  Handle: ''
 Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Person: ''
+    Handle: ''
 KnownVulnerableSamples:
-- Filename: BS_I2cIo.sys
-  MD5: 3c4154866f3d483fdc9f4f64ef868888
-  SHA1: f7ce71891738a976cd8d4b516c8d7a8e2f6b0ad6
-  SHA256: 42e170a7ab1d2c160d60abfc906872f9cfd0c2ee169ed76f6acb3f83b3eeefdb
-  Authentihash:
-    MD5: 2e6a361506f00fc7de30642776c8d3be
-    SHA1: 862fef3d6a6d7488ef4d6f7799ac296cd96256b7
-    SHA256: 21af8e034ca42ab24a5d1623f70de9c66eeea63d72aeb0f1846b1e04dbdf4f51
-  Description: I/O Interface driver file
-  Company: BIOSTAR Group
-  InternalName: I/O driver
-  OriginalFilename: BS_I2cIo.sys
-  FileVersion: 1, 1, 0, 0
-  Product: BIOSTAR I/O driver fle
-  ProductVersion: 1, 1, 0, 0
-  Copyright: Copyright (c) 2002-2006 BIOSTAR Group
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - KeInitializeEvent
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - ObfDereferenceObject
-  - KeWaitForSingleObject
-  - ExInterlockedInsertTailList
-  - RtlTimeToTimeFields
-  - PsTerminateSystemThread
-  - ZwWriteFile
-  - ExInterlockedRemoveHeadList
-  - KeSetPriorityThread
-  - ZwCreateFile
-  - RtlInitUnicodeString
-  - PsCreateSystemThread
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - IoDeleteSymbolicLink
-  - IoStartNextPacket
-  - IoReleaseCancelSpinLock
-  - IoAcquireCancelSpinLock
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - KeRemoveEntryDeviceQueue
-  - IoStartPacket
-  - IofCompleteRequest
-  - ObReferenceObjectByHandle
-  - ZwClose
-  - IoDeleteDevice
-  - KeSetEvent
-  - HalSetBusDataByOffset
-  - HalTranslateBusAddress
-  - HalGetBusDataByOffset
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=TW, ST=TAIPEI HSIEN, L=HSIN TIEN, O=BIOSTAR MICROTECH INT'L CORP,
-        OU=Digital ID Class 3 , Microsoft Software Validation v2, OU=BMA;BMG, CN=BIOSTAR
-        MICROTECH INT'L CORP
-      ValidFrom: '2006-09-25 00:00:00'
-      ValidTo: '2007-10-20 23:59:59'
-      Signature: 0f57cd03d7933c61e5a7149ca948f303376e3d2efe529e8255e98c48ee2dcef4506770eae209c5f308beba1c77ce9a4c0fb27eba18fa8a27911d889259e1064b66028050b2f8dfca9c3cabd33908fdd95cfc71cb64626d108260b629cbeb70d94e12294a00d0f8f040bb05c94d71279e08ce449731bdba08392e11b847d9113ccbef6f585b7f359a33cc5768e1a785c50dc515391d4e14f8123558da7e9890615e275a2348b03e46c7357ec6c0746565851ede90ded73b98607c685c79ab30e8376b5a9b900f9e9047174e6ee8819459ed01243727a9d3bb4fbfb6484a36a0693d17405c4864e60d8fbb39a297fbdf0e7dc593a227ed9929ae05a0cddeb85b26
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 49a570277854e9481d38e34c081226ee
-      Version: 3
-      TBS:
-        MD5: 27a32ddae1fd74f01b6324484fb5995a
-        SHA1: d68dfe595f9f0f94672e1a7b876a2987ba81e675
-        SHA256: 66ef4bb0b353d5f97d46898668f3ea82ac36dd6bf50e70b84fa9a19568fec33f
-        SHA384: db35c2600ef6f07d526d98a2a67e5bc86d2e18d596d4e0e27a1f28e4fa3f88a46bdb554c99ede8158a74554492c3f4ad
-    Signer:
-    - SerialNumber: 49a570277854e9481d38e34c081226ee
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 4ed2618a21b160612d932949de7cc9c1
-    SHA1: c8532f6c93c3309ef18d1af84e23974e37c416c9
-    SHA256: b6afffab9ad144e0b85cfb4291c424fe49ccb7755d35ecc957a676995d30d30a
-  Sections:
-    .text:
-      Entropy: 5.498248181512732
-      Virtual Size: '0x2de0'
-    .rdata:
-      Entropy: 4.75791853939054
-      Virtual Size: '0xa34'
-    .data:
-      Entropy: 2.072964022170868
-      Virtual Size: '0x478'
-    .pdata:
-      Entropy: 3.8957107229710917
-      Virtual Size: '0x174'
-    PAGE:
-      Entropy: 5.049224790555508
-      Virtual Size: '0x14b'
-    INIT:
-      Entropy: 5.468703078901586
-      Virtual Size: '0x7e4'
-    .rsrc:
-      Entropy: 3.2817760862665835
-      Virtual Size: '0x408'
-    .reloc:
-      Entropy: 3.593030469985413
-      Virtual Size: '0xf8'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2006-12-11 00:48:39'
-  Imphash: f939ef0b7f792672866386600f82aa04
-  LoadsDespiteHVCI: 'FALSE'
-Tags:
-- BS_I2cIo.sys
+-   Filename: BS_I2cIo.sys
+    MD5: 3c4154866f3d483fdc9f4f64ef868888
+    SHA1: f7ce71891738a976cd8d4b516c8d7a8e2f6b0ad6
+    SHA256: 42e170a7ab1d2c160d60abfc906872f9cfd0c2ee169ed76f6acb3f83b3eeefdb
+    Authentihash:
+        MD5: 2e6a361506f00fc7de30642776c8d3be
+        SHA1: 862fef3d6a6d7488ef4d6f7799ac296cd96256b7
+        SHA256: 21af8e034ca42ab24a5d1623f70de9c66eeea63d72aeb0f1846b1e04dbdf4f51
+    Description: I/O Interface driver file
+    Company: BIOSTAR Group
+    InternalName: I/O driver
+    OriginalFilename: BS_I2cIo.sys
+    FileVersion: 1, 1, 0, 0
+    Product: BIOSTAR I/O driver fle
+    ProductVersion: 1, 1, 0, 0
+    Copyright: Copyright (c) 2002-2006 BIOSTAR Group
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - KeInitializeEvent
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - ObfDereferenceObject
+    - KeWaitForSingleObject
+    - ExInterlockedInsertTailList
+    - RtlTimeToTimeFields
+    - PsTerminateSystemThread
+    - ZwWriteFile
+    - ExInterlockedRemoveHeadList
+    - KeSetPriorityThread
+    - ZwCreateFile
+    - RtlInitUnicodeString
+    - PsCreateSystemThread
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - IoDeleteSymbolicLink
+    - IoStartNextPacket
+    - IoReleaseCancelSpinLock
+    - IoAcquireCancelSpinLock
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - KeRemoveEntryDeviceQueue
+    - IoStartPacket
+    - IofCompleteRequest
+    - ObReferenceObjectByHandle
+    - ZwClose
+    - IoDeleteDevice
+    - KeSetEvent
+    - HalSetBusDataByOffset
+    - HalTranslateBusAddress
+    - HalGetBusDataByOffset
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=TW, ST=TAIPEI HSIEN, L=HSIN TIEN, O=BIOSTAR MICROTECH INT'L
+                CORP, OU=Digital ID Class 3 , Microsoft Software Validation v2, OU=BMA;BMG,
+                CN=BIOSTAR MICROTECH INT'L CORP
+            ValidFrom: '2006-09-25 00:00:00'
+            ValidTo: '2007-10-20 23:59:59'
+            Signature: 0f57cd03d7933c61e5a7149ca948f303376e3d2efe529e8255e98c48ee2dcef4506770eae209c5f308beba1c77ce9a4c0fb27eba18fa8a27911d889259e1064b66028050b2f8dfca9c3cabd33908fdd95cfc71cb64626d108260b629cbeb70d94e12294a00d0f8f040bb05c94d71279e08ce449731bdba08392e11b847d9113ccbef6f585b7f359a33cc5768e1a785c50dc515391d4e14f8123558da7e9890615e275a2348b03e46c7357ec6c0746565851ede90ded73b98607c685c79ab30e8376b5a9b900f9e9047174e6ee8819459ed01243727a9d3bb4fbfb6484a36a0693d17405c4864e60d8fbb39a297fbdf0e7dc593a227ed9929ae05a0cddeb85b26
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 49a570277854e9481d38e34c081226ee
+            Version: 3
+            TBS:
+                MD5: 27a32ddae1fd74f01b6324484fb5995a
+                SHA1: d68dfe595f9f0f94672e1a7b876a2987ba81e675
+                SHA256: 66ef4bb0b353d5f97d46898668f3ea82ac36dd6bf50e70b84fa9a19568fec33f
+                SHA384: db35c2600ef6f07d526d98a2a67e5bc86d2e18d596d4e0e27a1f28e4fa3f88a46bdb554c99ede8158a74554492c3f4ad
+        Signer:
+        -   SerialNumber: 49a570277854e9481d38e34c081226ee
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 4ed2618a21b160612d932949de7cc9c1
+        SHA1: c8532f6c93c3309ef18d1af84e23974e37c416c9
+        SHA256: b6afffab9ad144e0b85cfb4291c424fe49ccb7755d35ecc957a676995d30d30a
+    Sections:
+        .text:
+            Entropy: 5.498248181512732
+            Virtual Size: '0x2de0'
+        .rdata:
+            Entropy: 4.75791853939054
+            Virtual Size: '0xa34'
+        .data:
+            Entropy: 2.072964022170868
+            Virtual Size: '0x478'
+        .pdata:
+            Entropy: 3.8957107229710917
+            Virtual Size: '0x174'
+        PAGE:
+            Entropy: 5.049224790555508
+            Virtual Size: '0x14b'
+        INIT:
+            Entropy: 5.468703078901586
+            Virtual Size: '0x7e4'
+        .rsrc:
+            Entropy: 3.2817760862665835
+            Virtual Size: '0x408'
+        .reloc:
+            Entropy: 3.593030469985413
+            Virtual Size: '0xf8'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2006-12-11 00:48:39'
+    Imphash: f939ef0b7f792672866386600f82aa04
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/670dc258-78b5-4552-a16b-b41917c86f8d.yaml b/yaml/670dc258-78b5-4552-a16b-b41917c86f8d.yaml
index 3dbf80f35..07e798d00 100644
--- a/yaml/670dc258-78b5-4552-a16b-b41917c86f8d.yaml
+++ b/yaml/670dc258-78b5-4552-a16b-b41917c86f8d.yaml
@@ -1,225 +1,226 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 670dc258-78b5-4552-a16b-b41917c86f8d
+Tags:
+- driver7-x86.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create driver7-x86.sys binPath=C:\windows\temp\driver7-x86.sys     type=kernel
-    && sc.exe start driver7-x86.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/42851a01469ba97cdc38939b10cf9ea13237aa1f6c37b1ac84904c5a12a81fa0.yara
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: 670dc258-78b5-4552-a16b-b41917c86f8d
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: c5d6296b11390f68dc48dcec40990676
-    SHA1: 7a3c1908302851a032d45a73e67c4a3e699807a5
-    SHA256: c67c6f1e03a466dc660bcad6051fc38eb6e9004a4e252abe52c6155f5768ad90
-  Company: ASUStek
-  Copyright: 'Copyright '
-  CreationTimestamp: '2013-03-21 06:35:40'
-  Date: ''
-  Description: The driver for the ECtool driver-based tools
-  ExportedFunctions: ''
-  FileVersion: 2.5.0.2
-  Filename: driver7-x86.sys
-  ImportedFunctions:
-  - ExFreePoolWithTag
-  - MmGetPhysicalAddress
-  - ExAllocatePoolWithTag
-  - memcpy
-  - memset
-  - ObfDereferenceObject
-  - IoWMIQueryAllData
-  - DbgPrint
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeTickCount
-  - KeBugCheckEx
-  - ZwUnmapViewOfSection
-  - RtlInitUnicodeString
-  - ZwOpenSection
-  - ObReferenceObjectByHandle
-  - ZwMapViewOfSection
-  - ZwClose
-  - IoWMIOpenBlock
-  - IofCompleteRequest
-  - WRITE_PORT_ULONG
-  - READ_PORT_USHORT
-  - WRITE_PORT_USHORT
-  - HalTranslateBusAddress
-  - WRITE_PORT_UCHAR
-  - READ_PORT_UCHAR
-  - READ_PORT_ULONG
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: Driver7.sys
-  MD5: 1f950cfd5ed8dd9de3de004f5416fe20
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: Driver7
-  Product: EC tool
-  ProductVersion: '2.5'
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: a38923e8abb96949fc424dd99eec3432
-    SHA1: 0d59c38fe3ef4cfbd965b0e97e246b52d432ed16
-    SHA256: dfc817695494af78b64d1aa6aec9036d5275a4ace2b81ac3c8dacead6593e1c7
-  SHA1: 00b4e8b7644d1bf93f5ddb5740b444b445e81b02
-  SHA256: 42851a01469ba97cdc38939b10cf9ea13237aa1f6c37b1ac84904c5a12a81fa0
-  Sections:
-    .text:
-      Entropy: 6.293093056035602
-      Virtual Size: '0x1896'
-    .rdata:
-      Entropy: 4.174490511934242
-      Virtual Size: '0x13e'
-    .data:
-      Entropy: 2.973851389610044
-      Virtual Size: '0x24'
-    PAGE:
-      Entropy: 4.540942370558041
-      Virtual Size: '0x4f'
-    INIT:
-      Entropy: 5.797080426236261
-      Virtual Size: '0x412'
-    .rsrc:
-      Entropy: 3.249450450014059
-      Virtual Size: '0x398'
-    .reloc:
-      Entropy: 4.704894076979481
-      Virtual Size: '0x18e'
-  Signature:
-  - ASUSTeK Computer Inc.
-  - VeriSign Class 3 Code Signing 2010 CA
-  - VeriSign
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=TW, ST=Taiwan, L=Taipei / Peitou, O=ASUSTeK Computer Inc., OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=Quality Testing Department,
-        CN=ASUSTeK Computer Inc.
-      ValidFrom: '2012-07-31 00:00:00'
-      ValidTo: '2015-08-03 23:59:59'
-      Signature: 03cd161c1960e13d0b06441f08fdfc9df8319f8d87a83ecc865bc20767841d4087e40dc9d770bdc5c0fe6ccb9cf3e08bee7364451b03fb3130356761cae54417e8a282ed7cd33b0becd72e8799b616a2766976a7172a1cc299e8321ebeb479f592e03f425da4b2ea6a0cd0b5cc32b9bdeec80aa3ef0a62d6e16b72765301d53ef883ab9210a4b868ff2e2724e37804feb5277d3e26da8ba9d0b6ef61769d1c0f62a78757779d7134a63320b1a692584f12162d3fa20ec6e1b038b1a8d7afc2fad7b692759c6a000159714271f40d608fed3c08213b757fa75baf4674380f5aea46b7125f17532c636876c1f3e0d4b0350822f2a640001fda794b969e2cc681c2
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 7d08d9bc130726de26ee4ef28e133084
-      Version: 3
-      TBS:
-        MD5: 72cafb0a175f0481177fa2c9803283c7
-        SHA1: b603167b958c5fcd7094552891ddc4e2ea4c149f
-        SHA256: a36a0024075771a4b30eab8f1288817059fe1a01003d0c1d92f647df17f3b688
-        SHA384: 33c28dc6857ce5d20a2e9ba8a47f6bc80a9a98fba518fd732963bedbbb408848b89b3d8438d413f8b933ee761ffa1653
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 7d08d9bc130726de26ee4ef28e133084
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 2424cf613f90884493009dd6bee95693
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create driver7-x86.sys binPath=C:\windows\temp\driver7-x86.sys     type=kernel
+        && sc.exe start driver7-x86.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://github.com/Chigusa0w0/AsusDriversPrivEscala
-Tags:
-- driver7-x86.sys
-Verified: 'TRUE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/42851a01469ba97cdc38939b10cf9ea13237aa1f6c37b1ac84904c5a12a81fa0.yara
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: c5d6296b11390f68dc48dcec40990676
+        SHA1: 7a3c1908302851a032d45a73e67c4a3e699807a5
+        SHA256: c67c6f1e03a466dc660bcad6051fc38eb6e9004a4e252abe52c6155f5768ad90
+    Company: ASUStek
+    Copyright: 'Copyright '
+    CreationTimestamp: '2013-03-21 06:35:40'
+    Date: ''
+    Description: The driver for the ECtool driver-based tools
+    ExportedFunctions: ''
+    FileVersion: 2.5.0.2
+    Filename: driver7-x86.sys
+    ImportedFunctions:
+    - ExFreePoolWithTag
+    - MmGetPhysicalAddress
+    - ExAllocatePoolWithTag
+    - memcpy
+    - memset
+    - ObfDereferenceObject
+    - IoWMIQueryAllData
+    - DbgPrint
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeTickCount
+    - KeBugCheckEx
+    - ZwUnmapViewOfSection
+    - RtlInitUnicodeString
+    - ZwOpenSection
+    - ObReferenceObjectByHandle
+    - ZwMapViewOfSection
+    - ZwClose
+    - IoWMIOpenBlock
+    - IofCompleteRequest
+    - WRITE_PORT_ULONG
+    - READ_PORT_USHORT
+    - WRITE_PORT_USHORT
+    - HalTranslateBusAddress
+    - WRITE_PORT_UCHAR
+    - READ_PORT_UCHAR
+    - READ_PORT_ULONG
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: Driver7.sys
+    MD5: 1f950cfd5ed8dd9de3de004f5416fe20
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: Driver7
+    Product: EC tool
+    ProductVersion: '2.5'
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: a38923e8abb96949fc424dd99eec3432
+        SHA1: 0d59c38fe3ef4cfbd965b0e97e246b52d432ed16
+        SHA256: dfc817695494af78b64d1aa6aec9036d5275a4ace2b81ac3c8dacead6593e1c7
+    SHA1: 00b4e8b7644d1bf93f5ddb5740b444b445e81b02
+    SHA256: 42851a01469ba97cdc38939b10cf9ea13237aa1f6c37b1ac84904c5a12a81fa0
+    Sections:
+        .text:
+            Entropy: 6.293093056035602
+            Virtual Size: '0x1896'
+        .rdata:
+            Entropy: 4.174490511934242
+            Virtual Size: '0x13e'
+        .data:
+            Entropy: 2.973851389610044
+            Virtual Size: '0x24'
+        PAGE:
+            Entropy: 4.540942370558041
+            Virtual Size: '0x4f'
+        INIT:
+            Entropy: 5.797080426236261
+            Virtual Size: '0x412'
+        .rsrc:
+            Entropy: 3.249450450014059
+            Virtual Size: '0x398'
+        .reloc:
+            Entropy: 4.704894076979481
+            Virtual Size: '0x18e'
+    Signature:
+    - ASUSTeK Computer Inc.
+    - VeriSign Class 3 Code Signing 2010 CA
+    - VeriSign
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=TW, ST=Taiwan, L=Taipei / Peitou, O=ASUSTeK Computer Inc.,
+                OU=Digital ID Class 3 , Microsoft Software Validation v2, OU=Quality
+                Testing Department, CN=ASUSTeK Computer Inc.
+            ValidFrom: '2012-07-31 00:00:00'
+            ValidTo: '2015-08-03 23:59:59'
+            Signature: 03cd161c1960e13d0b06441f08fdfc9df8319f8d87a83ecc865bc20767841d4087e40dc9d770bdc5c0fe6ccb9cf3e08bee7364451b03fb3130356761cae54417e8a282ed7cd33b0becd72e8799b616a2766976a7172a1cc299e8321ebeb479f592e03f425da4b2ea6a0cd0b5cc32b9bdeec80aa3ef0a62d6e16b72765301d53ef883ab9210a4b868ff2e2724e37804feb5277d3e26da8ba9d0b6ef61769d1c0f62a78757779d7134a63320b1a692584f12162d3fa20ec6e1b038b1a8d7afc2fad7b692759c6a000159714271f40d608fed3c08213b757fa75baf4674380f5aea46b7125f17532c636876c1f3e0d4b0350822f2a640001fda794b969e2cc681c2
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 7d08d9bc130726de26ee4ef28e133084
+            Version: 3
+            TBS:
+                MD5: 72cafb0a175f0481177fa2c9803283c7
+                SHA1: b603167b958c5fcd7094552891ddc4e2ea4c149f
+                SHA256: a36a0024075771a4b30eab8f1288817059fe1a01003d0c1d92f647df17f3b688
+                SHA384: 33c28dc6857ce5d20a2e9ba8a47f6bc80a9a98fba518fd732963bedbbb408848b89b3d8438d413f8b933ee761ffa1653
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 7d08d9bc130726de26ee4ef28e133084
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 2424cf613f90884493009dd6bee95693
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/6736cbe7-33ea-4488-b464-231c0b8d1049.yaml b/yaml/6736cbe7-33ea-4488-b464-231c0b8d1049.yaml
index 52d3956aa..838632656 100644
--- a/yaml/6736cbe7-33ea-4488-b464-231c0b8d1049.yaml
+++ b/yaml/6736cbe7-33ea-4488-b464-231c0b8d1049.yaml
@@ -1,167 +1,168 @@
 Id: 6736cbe7-33ea-4488-b464-231c0b8d1049
+Tags:
+- gpcidrv64.sys
+Verified: 'TRUE'
 Author: Takahiro Haruyama
 Created: '2023-10-12'
 MitreID: T1542
 Category: vulnerable driver
-Verified: 'TRUE'
 Commands:
-  Command: sc.exe create gpcidrv64.sys binPath=C:\windows\temp\gpcidrv64.sys type=kernel
-    && sc.exe start gpcidrv64.sys
-  Description: ''
-  Usecase: firmware erasing/modification
-  Privileges: kernel
-  OperatingSystem: Windows 11
+    Command: sc.exe create gpcidrv64.sys binPath=C:\windows\temp\gpcidrv64.sys type=kernel
+        && sc.exe start gpcidrv64.sys
+    Description: ''
+    Usecase: firmware erasing/modification
+    Privileges: kernel
+    OperatingSystem: Windows 11
 Resources:
 - https://github.com/ucsb-seclab/popkorn-artifact/tree/main/evaluation
-Acknowledgement:
-  Person: ''
-  Handle: ''
 Detection: []
+Acknowledgement:
+    Person: ''
+    Handle: ''
 KnownVulnerableSamples:
-- Filename: ''
-  MD5: 5d4df0bac74e9ac62af6bc99440b050b
-  SHA1: 1743b073cccf44368dc83ed3659057eb5f644b06
-  SHA256: 655110646bff890c448c0951e11132dc3592bda6e080696341b930d090224723
-  Signature: ''
-  Date: ''
-  Publisher: ''
-  Company: ''
-  Description: ''
-  Product: ''
-  ProductVersion: ''
-  FileVersion: ''
-  MachineType: AMD64
-  OriginalFilename: ''
-  Imphash: 4aaef0105216f062a5f3ee071a72770c
-  Authentihash:
-    MD5: f2c76d31ca3d7f31c1b631a083f82cb9
-    SHA1: d79a25a5f52da4ce25a76422710764aca046bbe8
-    SHA256: c53b5f071de2bbc03387451052ab81bae9b8ec0a6e075c970600f791157b0b25
-  RichPEHeaderHash:
-    MD5: e945273f211e972149c8dc34cf62ded7
-    SHA1: ba832d4d71984adb8bf1868b64919f18a8167e0f
-    SHA256: f7e39435f8beaea2ce4f99fd10e3cad124f21b3e901c9c311972eaffee3c0014
-  Sections:
-    .text:
-      Entropy: 6.139164323839344
-      Virtual Size: '0xf94'
-    .rdata:
-      Entropy: 4.4411034485988194
-      Virtual Size: '0x16c'
-    .data:
-      Entropy: 0.4804878386624626
-      Virtual Size: '0x128'
-    .pdata:
-      Entropy: 3.1368421881310096
-      Virtual Size: '0x48'
-    INIT:
-      Entropy: 4.884811337685559
-      Virtual Size: '0x284'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2008-07-10 06:58:31'
-  InternalName: ''
-  Copyright: ''
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoCreateDevice
-  - ZwOpenSection
-  - DbgPrint
-  - IoDeleteSymbolicLink
-  - ZwMapViewOfSection
-  - RtlInitUnicodeString
-  - IoCreateSymbolicLink
-  - MmUnmapIoSpace
-  - ZwUnmapViewOfSection
-  - MmMapIoSpace
-  - ZwClose
-  - IofCompleteRequest
-  - KeBugCheckEx
-  - IoDeleteDevice
-  - ObReferenceObjectByHandle
-  - HalTranslateBusAddress
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=TW, ST=Taiwan, L=Taipei Hsien, O=Giga,Byte Technology, OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=Testing Department, CN=Giga,Byte
-        Technology
-      ValidFrom: '2007-10-02 00:00:00'
-      ValidTo: '2010-10-18 23:59:59'
-      Signature: 5c404cbb1176300b3b0f2b98924c5be7571d28c8e8086cea2fe21a4d3687b441facd3aec26e2722d2d4dabac900ab1158ad7b53edc2a3678743ae411eeb48e00560ce2e49a4954a5d3223cbb3fbcb6f19185ea33ac10f5c96fc80593236a3512ad98599c931486810fd0ca98df4c75fcdd6d69aceb0d6f755c74d4779ed39cc17946fc61e7a17bee5e5bc46220509aea779cc200315bfb778edc11429dc9763a4a3c7a04346ed759ef357c4744088ac9f4f949e783b42eec05b777c3629b718e0766c5ac956b0f67834009d3e0d171da24ee6b151d7bb40cf9f8e6f1e1a08fe2ec1fb101b766ec261c0ce6f98de3fb452a81a57bb0b72a44c06a01f199a8143d
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 720ef3aaa1a44f7d0717a805c290c378
-      Version: 3
-      TBS:
-        MD5: 0695cf8f3778103101610eccc2a78d04
-        SHA1: ab5b9a4474b73d3317a7853116f62e83c9301b0d
-        SHA256: 6b88dbf87d212b8a91c4fd09d6725e3ae498d898c8292e77657be9d44e2503ca
-        SHA384: 3dab111c5395ec6bda188690b936c86ed2e9d46d5f718488bd3f7608338556cf774df25f2ad4a64564d067c21dc05cdc
-    Signer:
-    - SerialNumber: 720ef3aaa1a44f7d0717a805c290c378
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-Tags:
-- gpcidrv64.sys
+-   Filename: ''
+    MD5: 5d4df0bac74e9ac62af6bc99440b050b
+    SHA1: 1743b073cccf44368dc83ed3659057eb5f644b06
+    SHA256: 655110646bff890c448c0951e11132dc3592bda6e080696341b930d090224723
+    Signature: ''
+    Date: ''
+    Publisher: ''
+    Company: ''
+    Description: ''
+    Product: ''
+    ProductVersion: ''
+    FileVersion: ''
+    MachineType: AMD64
+    OriginalFilename: ''
+    Imphash: 4aaef0105216f062a5f3ee071a72770c
+    Authentihash:
+        MD5: f2c76d31ca3d7f31c1b631a083f82cb9
+        SHA1: d79a25a5f52da4ce25a76422710764aca046bbe8
+        SHA256: c53b5f071de2bbc03387451052ab81bae9b8ec0a6e075c970600f791157b0b25
+    RichPEHeaderHash:
+        MD5: e945273f211e972149c8dc34cf62ded7
+        SHA1: ba832d4d71984adb8bf1868b64919f18a8167e0f
+        SHA256: f7e39435f8beaea2ce4f99fd10e3cad124f21b3e901c9c311972eaffee3c0014
+    Sections:
+        .text:
+            Entropy: 6.139164323839344
+            Virtual Size: '0xf94'
+        .rdata:
+            Entropy: 4.4411034485988194
+            Virtual Size: '0x16c'
+        .data:
+            Entropy: 0.4804878386624626
+            Virtual Size: '0x128'
+        .pdata:
+            Entropy: 3.1368421881310096
+            Virtual Size: '0x48'
+        INIT:
+            Entropy: 4.884811337685559
+            Virtual Size: '0x284'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2008-07-10 06:58:31'
+    InternalName: ''
+    Copyright: ''
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoCreateDevice
+    - ZwOpenSection
+    - DbgPrint
+    - IoDeleteSymbolicLink
+    - ZwMapViewOfSection
+    - RtlInitUnicodeString
+    - IoCreateSymbolicLink
+    - MmUnmapIoSpace
+    - ZwUnmapViewOfSection
+    - MmMapIoSpace
+    - ZwClose
+    - IofCompleteRequest
+    - KeBugCheckEx
+    - IoDeleteDevice
+    - ObReferenceObjectByHandle
+    - HalTranslateBusAddress
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=TW, ST=Taiwan, L=Taipei Hsien, O=Giga,Byte Technology, OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, OU=Testing Department,
+                CN=Giga,Byte Technology
+            ValidFrom: '2007-10-02 00:00:00'
+            ValidTo: '2010-10-18 23:59:59'
+            Signature: 5c404cbb1176300b3b0f2b98924c5be7571d28c8e8086cea2fe21a4d3687b441facd3aec26e2722d2d4dabac900ab1158ad7b53edc2a3678743ae411eeb48e00560ce2e49a4954a5d3223cbb3fbcb6f19185ea33ac10f5c96fc80593236a3512ad98599c931486810fd0ca98df4c75fcdd6d69aceb0d6f755c74d4779ed39cc17946fc61e7a17bee5e5bc46220509aea779cc200315bfb778edc11429dc9763a4a3c7a04346ed759ef357c4744088ac9f4f949e783b42eec05b777c3629b718e0766c5ac956b0f67834009d3e0d171da24ee6b151d7bb40cf9f8e6f1e1a08fe2ec1fb101b766ec261c0ce6f98de3fb452a81a57bb0b72a44c06a01f199a8143d
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 720ef3aaa1a44f7d0717a805c290c378
+            Version: 3
+            TBS:
+                MD5: 0695cf8f3778103101610eccc2a78d04
+                SHA1: ab5b9a4474b73d3317a7853116f62e83c9301b0d
+                SHA256: 6b88dbf87d212b8a91c4fd09d6725e3ae498d898c8292e77657be9d44e2503ca
+                SHA384: 3dab111c5395ec6bda188690b936c86ed2e9d46d5f718488bd3f7608338556cf774df25f2ad4a64564d067c21dc05cdc
+        Signer:
+        -   SerialNumber: 720ef3aaa1a44f7d0717a805c290c378
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/69b924ab-2e4a-4eae-8091-4151c238136e.yaml b/yaml/69b924ab-2e4a-4eae-8091-4151c238136e.yaml
index bdd3a706d..3cf92e104 100644
--- a/yaml/69b924ab-2e4a-4eae-8091-4151c238136e.yaml
+++ b/yaml/69b924ab-2e4a-4eae-8091-4151c238136e.yaml
@@ -1,35 +1,35 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 69b924ab-2e4a-4eae-8091-4151c238136e
+Tags:
+- b1.sys
+Verified: 'FALSE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create b1.sys binPath=C:\windows\temp\b1.sys type=kernel && sc.exe
-    start b1.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection: []
-Id: 69b924ab-2e4a-4eae-8091-4151c238136e
-KnownVulnerableSamples:
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: b1.sys
-  MachineType: ''
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA256: a3e507e713f11901017fc328186ae98e23de7cea5594687480229f77d45848d8
-  Signature: []
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create b1.sys binPath=C:\windows\temp\b1.sys type=kernel && sc.exe
+        start b1.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules
-Tags:
-- b1.sys
-Verified: 'FALSE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: b1.sys
+    MachineType: ''
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA256: a3e507e713f11901017fc328186ae98e23de7cea5594687480229f77d45848d8
+    Signature: []
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/6a50e368-1120-434b-9232-1a0702c80437.yaml b/yaml/6a50e368-1120-434b-9232-1a0702c80437.yaml
index 5f615c7d2..b9e9cb5f2 100644
--- a/yaml/6a50e368-1120-434b-9232-1a0702c80437.yaml
+++ b/yaml/6a50e368-1120-434b-9232-1a0702c80437.yaml
@@ -1,234 +1,236 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 6a50e368-1120-434b-9232-1a0702c80437
+Tags:
+- AsrDrv106.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create AsrDrv106.sys binPath=C:\windows\temp\AsrDrv106.sys type=kernel
-    && sc.exe start AsrDrv106.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/3943a796cc7c5352aa57ccf544295bfd6fb69aae147bc8235a00202dc6ed6838.yara
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: 6a50e368-1120-434b-9232-1a0702c80437
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: f67b148a13ad3caa51c3c2ef142791ea
-    SHA1: f621633290173daac18bb14ca3f52bc027cd2721
-    SHA256: ac7b3c3b74e6e282c7f50c17a6213b81b181f779cd7c0c78e3cb426c427a98db
-  Company: ASRock Incorporation
-  Copyright: Copyright (C) 2012 ASRock Incorporation
-  CreationTimestamp: '2021-11-15 00:04:46'
-  Date: ''
-  Description: ASRock IO Driver
-  ExportedFunctions: ''
-  FileVersion: '1.00.00.0000 built by: WinDDK'
-  Filename: AsrDrv106.sys
-  ImportedFunctions:
-  - RtlQueryRegistryValues
-  - MmUnmapIoSpace
-  - IoFreeMdl
-  - MmGetPhysicalAddress
-  - IoBuildAsynchronousFsdRequest
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - IoFreeIrp
-  - RtlCompareMemory
-  - MmUnlockPages
-  - IoCreateSymbolicLink
-  - MmAllocateContiguousMemorySpecifyCache
-  - IofCallDriver
-  - KeBugCheckEx
-  - IoDeleteDevice
-  - MmGetSystemRoutineAddress
-  - IoCreateDevice
-  - ZwClose
-  - ObOpenObjectByPointer
-  - ZwSetSecurityObject
-  - IoDeviceObjectType
-  - _snwprintf
-  - RtlLengthSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - RtlCreateSecurityDescriptor
-  - RtlSetDaclSecurityDescriptor
-  - RtlAbsoluteToSelfRelativeSD
-  - IoIsWdmVersionAvailable
-  - SeExports
-  - wcschr
-  - _wcsnicmp
-  - RtlLengthSid
-  - RtlAddAccessAllowedAce
-  - RtlGetSaclSecurityDescriptor
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - ZwOpenKey
-  - ZwCreateKey
-  - ZwQueryValueKey
-  - ZwSetValueKey
-  - RtlFreeUnicodeString
-  - RtlInitUnicodeString
-  - MmFreeContiguousMemorySpecifyCache
-  - ExFreePoolWithTag
-  - IoDeleteSymbolicLink
-  - ExAllocatePoolWithTag
-  - KeStallExecutionProcessor
-  - BCryptCloseAlgorithmProvider
-  - BCryptGenerateSymmetricKey
-  - BCryptOpenAlgorithmProvider
-  - BCryptDecrypt
-  - BCryptDestroyKey
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  - cng.sys
-  InternalName: AsrDrv.sys
-  MD5: 12908c285b9d68ee1f39186110df0f1e
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: AsrDrv.sys
-  Product: ASRock IO Driver
-  ProductVersion: 1.00.00.0000
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 6540c04d181ea1395978a08c3d816451
-    SHA1: b3b7c684121b40f53751e0b7757ec248ef0670b4
-    SHA256: c68faaf4251928872474abfd81ef5ce8a2b5e5bd48c2edb586a4d2e518baa09d
-  SHA1: b0032b8d8e6f4bd19a31619ce38d8e010f29a816
-  SHA256: 3943a796cc7c5352aa57ccf544295bfd6fb69aae147bc8235a00202dc6ed6838
-  Sections:
-    .text:
-      Entropy: 6.3058037590863005
-      Virtual Size: '0x2238'
-    .rdata:
-      Entropy: 4.480768786103598
-      Virtual Size: '0x7c4'
-    .data:
-      Entropy: 1.3791658791138062
-      Virtual Size: '0x31c'
-    .pdata:
-      Entropy: 4.2004883967539595
-      Virtual Size: '0x2b8'
-    PAGE:
-      Entropy: 6.220333128676603
-      Virtual Size: '0x1a47'
-    INIT:
-      Entropy: 5.434583432431194
-      Virtual Size: '0x93a'
-    .rsrc:
-      Entropy: 3.2917593657396744
-      Virtual Size: '0x3a0'
-    .reloc:
-      Entropy: 1.2280731978955797
-      Virtual Size: '0x60'
-  Signature:
-  - ASROCK INC.
-  - GlobalSign GCC R45 EV CodeSigning CA 2020
-  - GlobalSign Code Signing Root R45
-  - GlobalSign
-  - GlobalSign Root CA - R1
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: OU=GlobalSign Root CA , R3, O=GlobalSign, CN=GlobalSign
-      ValidFrom: '2018-09-19 00:00:00'
-      ValidTo: '2028-01-28 12:00:00'
-      Signature: 2370e9cfe2bef559ae94426fc44333aacd3f3ab96417f262064b48f140880617a1feabd15f3cc633f2f38edd1f1d3ecc1a6099820bacc7fc7e9a872aa57d0fa657eeac3b6a85d6debd4063f8ada6c888b012fcf641df0f09971e38ea539fbe05f43eead39f501276be098bc20b487d1e2e51f68d53d3ab1f401b8a8eed7dfb4f7956705f0cd38e1bb3a7700d372b9795abdae0126b1c40cec5c77eedc26258ec77ed7322c28af5864388adea136efdd8fe422fb97d5ead18ef9490ca3d27ab26949975c7cbd37bf7ca4cd3af5121925b847d2b9f153f74cb51e89e830e166f1be746ce23bdf9e4a28bd2396baa791c912ce261242d8e2a487090c41ec5e8e070
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 01ee5f169dff97352b6465d66a
-      Version: 3
-      TBS:
-        MD5: 51c3959a45cecf3d21a3effb05762573
-        SHA1: ecfcd25fd0525448a74875ba271566bc0bfbf061
-        SHA256: de1da11668f0a8d5e13346ed3ab2755f5d25bebffcfd1d0bde5b9f87bc292c91
-        SHA384: f0eab75baf1f24a53d63bd795cd07292a312f603513c8cb0f40fe5acbdb477ed72607d309fad21471a16f6223fb3a838
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2011-04-15 19:55:08'
-      ValidTo: '2021-04-15 20:05:08'
-      Signature: 5ff8d065746a81c6a6ca5b03b6914ae84bbdef2ba142f0efb4a5adcd3389ec0b9585ac62501108aa58d25aa08310e5a6337af25af2c5fe787cf09c83df190ad97396002dd62ccde914d41d9de83f3c1a76f7904efb01350a6c9313a0c356eb67a0e4d17a96dec267f190f80a7bf5321b94ec5f751f8d1b34da6c58a7cb2d279e2226b7c9aa30cc0777b836e38201b5393ccc8dd9a75f7f23b3877fdb5798918bd7ce2520e39d644fdd87f72b68490318e0a5df7c5f68644d36838d4781f2e9e0a869abfa7b163c05a449ea8830190a6c73055178dfd41ddd3ad47f2de44e54be83431e7a7433b4a4ebd77073bc2a02988966eef6bc8f749378e329025a5a43e258ce7ccf9acad236893be25fda26054ec8d4e72c910e1797c5beee8b13112323294ffa83d050f6bafad53db3173df4ff034aa325dce67561d1fa35086bd62744d068b78d45e0eb852cc8a15d614474160e5958aed2b5eea5bcd6d7076ab62978fd976767dd8d4f17944fd2ed0caf972437c3a29c81da6be143b6577b4cecbf791319e79fe844e94781b75e701e91f83dd17b27f50b7056434805dda92fab86101d0b12e31ad04c6e75ded645b30b748887935c564a41029af7aeb799d8b67f88fa11f2457cf4d71b91c01cf1a0fbd4080a411a142acef4eb34486e66879ed54b7a397fbb0e3d3861cf735706e412066bd96b5308cd7018c22d4f974691bca9f0
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 6129152700000000002a
-      Version: 3
-      TBS:
-        MD5: 0bb058d116f02817737920f112d9fd3b
-        SHA1: fd116235171a4feafedee586b7a59185fb5fd7e6
-        SHA256: f970426cc46d2ae0fc5f899fa19dbe76e05f07e525654c60c3c9399492c291f4
-        SHA384: c0df876be008c26ca407fe904e6f5e7ccded17f9c16830ce9f8022309c9e64c97f494810f152811ae43e223b82ad7cc6
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Code Signing Root R45
-      ValidFrom: '2020-07-28 00:00:00'
-      ValidTo: '2029-03-18 00:00:00'
-      Signature: acf7cc158b3079a81d0b28881909d71c7ffe86bd7b5a336e0d670e7b62d9e1185cb0bd135d1d23ae39507637aa44fd5f01235986564cccadbc64131430a420a8e03fe89c72dc7ef3d80c23baa82daa3cf6ec9f87310765f539a7518275e1f22f97f6d1e165968364fea11d51fbb5249bf5d27769bc852c5cfa5877d1aea7b10be2d677bba9b4344aa96f3df4f30d955de6f97a45b02517312edbf70f68e6831fa9f7e5d49d988cd3614b2fc3287e7ade930eb47da00a6d92c4b4663f7da758eeacf7ecc30801ab38fc0a1ca9c597b288c8090219f65c9a1af14d6c30d4b306ab0060480d78abcf17ad9293622077756cbdc832b4dc4debd9dfc1909629bdc17f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.12
-      IsCertificateAuthority: true
-      SerialNumber: 7803184245708a41cf6f01b8eeb4a954
-      Version: 3
-      TBS:
-        MD5: a33260428269bc902bc1cd280e4b1837
-        SHA1: 254209ca172cffcc67bd2a88996556d2f09538f0
-        SHA256: a67411358594f2cf016741a63fd49f36de917f86531b3e3a43eb6a421c654868
-        SHA384: fec727af43d1569995cea26e8eb97167165842a5b185304425a92c03b71254c5d51222837515f33e60cb8ed2e8c625ba
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign GCC R45 EV CodeSigning CA 2020
-      ValidFrom: '2020-07-28 00:00:00'
-      ValidTo: '2030-07-28 00:00:00'
-      Signature: 2575a009c939bab7a139892f189fabd6eb1d4be8947c0d07689b1c9def71b6176a6b024fb33f864587cc659b4ce35806022266d56102c5638fd4a2f1b65e250b7796e9cd7140338829eceef3a26dbc4db53e064bc97333ca08142d3d4ce8b0ba75a6742da4583a6c1349f8a5150a149685b16a68342542af9656f410fa247df12b72c116e16bebe6a998c73e5af4d0189dfd74978677462a3d237d28738aaeef2b1b9abf6c53a7149e3c8771c05e8ec8fbd32a9233ea574d5e075ecac118ac812d1a21fa6ecf97617bdf717a3aca63f7d530443732febb4385dcbafca6ca33192b776ddbcb05f07e5f752ea2b6bf35aa3663c9ce64d9bdfcbc2cf3495600c8122bc627bb37af57efc4cf1e29c4f4e22dce2a61cf57edf50a40e2f518d61ee9902fcad3875f938a481a111de537859f2e66629a5e814e95ac555743dc538b257e3c610f8a0bbaf53fa6d78ef704565e21bb9fd76a7180bf96de7203d8d8222bf327164f38e851400cae92efbe3d7df780c64c36578495a7841548300e5227088d8ea2bd22c719c9a6ca0ea87a36db6aba615f112495a4e28e68ee19a949995ed0b434bdd6f940c710973152393529118724d3c4fba963cb7748d5fa62fc24e0047a4ed0e46edece9e385026f4217165d70925d4c907007ab8c7f377e8c5d4e255d0d31ef67f52e2498db911720c88442633660144dfe4330e21de62894807daf5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 77bd0e05b7590bb61d4761531e3f75ed
-      Version: 3
-      TBS:
-        MD5: 65fd1dac1f115d9507f4e1840c8cb36a
-        SHA1: c7cf5607e19b22fe60c055e71d9b555d70f71f66
-        SHA256: d9c7db0b704f07089440c56e69a0f31d730edf77cfbf7514630e8b5390a270fe
-        SHA384: defe810317bd1215b4d1ee0ec8a5fb38b21d094ef1173cae670956cd899232638e4f9473fd947bd550a4a77300bbb2ab
-    - Subject: ??=Private Organization, serialNumber=80333613, ??=TW, C=TW, ST=Taipei,
-        L=Taipei, ??=2F., No. 37, Sec. 2, Zhongyang S. Rd., Beitou Dist., O=ASROCK
-        INC., CN=ASROCK INC.
-      ValidFrom: '2021-09-17 08:05:26'
-      ValidTo: '2024-09-17 08:05:26'
-      Signature: a55d62e7c374666fc5f4d61d7c92d6a8c0b220441906ce5196674436a3f42f969875922d7a88766d7191ede53d1bcf28605c1a94a5b2fbe5598a686ee80ee3090a6cc96070fd98e7a975fdc7af0e12dbd070f5648a1b75d7f492448a1131dd6e4313a64293abaf9ba2a95fb1eaad5f20b04992d5e3b160501de906a7dc3c52d59bc106bc0b80928a1ad86cc4eb6e711e2d25c32ad092642679f257a32d7c0bc56af451d55e01473deac2c62d58c9e70d9d03dcaf493c5b4443caf3e120f0a5a8638c3a79d3b3c84554e90016bdcd301d9892193cc85a2e40a675ff543a78328be3b85c0cad5cfd9c59ed7a5e1978cc4f6af8d3b68640375405535be14e04a3c988992626fda57d1b3b30a10050c4aca6b499b53b9806b4b3620cbd458820c919bfdeccb5f7901ff7a3110fc2df7034acd4be5b4170395c4249c88ee70f11f20867623ba709a8788c40a7db56003ce5569303cd0ca7f14866b2170a559e0f70479c640b5a7076c91290ea7cb106262f87eb01e1167a842d116307f765e5632663e0f07b10139c17fd3732087602ec0a6f43dd57decad308e53f2a2a2ae45b10e7895a56ff73f0697e1e96f63324294b660a795bcf1e634ce94d77edc753157a70fc47628ef9c8fc764775fbe465dd8585c597d9d022a35a3662a289ec71351c325fe83370cababb5399e0882cbaf7aa3a58d00213097cb3eeb13ca1fb4a457d6e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 3be24b96d2c8d729eddb03e3
-      Version: 3
-      TBS:
-        MD5: bce317dc724ff8d4f6f02fca3e0e481e
-        SHA1: c84cd3e5f7120b9fcf38bbd968c2921dbd0a1e76
-        SHA256: 9b51dea8257984791d5cd3d82426595e92baba100bfd4cb0c960b1366f0a261e
-        SHA384: 403399db25033616ddd75c1e9f8df3fc60f3c235523ae77716568897bca0e2b7756a1fd7a12a2ebbeec5836c6ca7d5ac
-    Signer:
-    - SerialNumber: 3be24b96d2c8d729eddb03e3
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign GCC R45 EV CodeSigning CA 2020
-      Version: 1
-  Imphash: 88e21ed9e717781eaf87209acbdbb567
-  LoadsDespiteHVCI: 'TRUE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create AsrDrv106.sys binPath=C:\windows\temp\AsrDrv106.sys type=kernel
+        && sc.exe start AsrDrv106.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://github.com/elastic/protections-artifacts/search?q=VulnDriver
-Tags:
-- AsrDrv106.sys
-Verified: 'TRUE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/3943a796cc7c5352aa57ccf544295bfd6fb69aae147bc8235a00202dc6ed6838.yara
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: f67b148a13ad3caa51c3c2ef142791ea
+        SHA1: f621633290173daac18bb14ca3f52bc027cd2721
+        SHA256: ac7b3c3b74e6e282c7f50c17a6213b81b181f779cd7c0c78e3cb426c427a98db
+    Company: ASRock Incorporation
+    Copyright: Copyright (C) 2012 ASRock Incorporation
+    CreationTimestamp: '2021-11-15 00:04:46'
+    Date: ''
+    Description: ASRock IO Driver
+    ExportedFunctions: ''
+    FileVersion: '1.00.00.0000 built by: WinDDK'
+    Filename: AsrDrv106.sys
+    ImportedFunctions:
+    - RtlQueryRegistryValues
+    - MmUnmapIoSpace
+    - IoFreeMdl
+    - MmGetPhysicalAddress
+    - IoBuildAsynchronousFsdRequest
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - IoFreeIrp
+    - RtlCompareMemory
+    - MmUnlockPages
+    - IoCreateSymbolicLink
+    - MmAllocateContiguousMemorySpecifyCache
+    - IofCallDriver
+    - KeBugCheckEx
+    - IoDeleteDevice
+    - MmGetSystemRoutineAddress
+    - IoCreateDevice
+    - ZwClose
+    - ObOpenObjectByPointer
+    - ZwSetSecurityObject
+    - IoDeviceObjectType
+    - _snwprintf
+    - RtlLengthSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - RtlCreateSecurityDescriptor
+    - RtlSetDaclSecurityDescriptor
+    - RtlAbsoluteToSelfRelativeSD
+    - IoIsWdmVersionAvailable
+    - SeExports
+    - wcschr
+    - _wcsnicmp
+    - RtlLengthSid
+    - RtlAddAccessAllowedAce
+    - RtlGetSaclSecurityDescriptor
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - ZwOpenKey
+    - ZwCreateKey
+    - ZwQueryValueKey
+    - ZwSetValueKey
+    - RtlFreeUnicodeString
+    - RtlInitUnicodeString
+    - MmFreeContiguousMemorySpecifyCache
+    - ExFreePoolWithTag
+    - IoDeleteSymbolicLink
+    - ExAllocatePoolWithTag
+    - KeStallExecutionProcessor
+    - BCryptCloseAlgorithmProvider
+    - BCryptGenerateSymmetricKey
+    - BCryptOpenAlgorithmProvider
+    - BCryptDecrypt
+    - BCryptDestroyKey
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    - cng.sys
+    InternalName: AsrDrv.sys
+    MD5: 12908c285b9d68ee1f39186110df0f1e
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: AsrDrv.sys
+    Product: ASRock IO Driver
+    ProductVersion: 1.00.00.0000
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 6540c04d181ea1395978a08c3d816451
+        SHA1: b3b7c684121b40f53751e0b7757ec248ef0670b4
+        SHA256: c68faaf4251928872474abfd81ef5ce8a2b5e5bd48c2edb586a4d2e518baa09d
+    SHA1: b0032b8d8e6f4bd19a31619ce38d8e010f29a816
+    SHA256: 3943a796cc7c5352aa57ccf544295bfd6fb69aae147bc8235a00202dc6ed6838
+    Sections:
+        .text:
+            Entropy: 6.3058037590863005
+            Virtual Size: '0x2238'
+        .rdata:
+            Entropy: 4.480768786103598
+            Virtual Size: '0x7c4'
+        .data:
+            Entropy: 1.3791658791138062
+            Virtual Size: '0x31c'
+        .pdata:
+            Entropy: 4.2004883967539595
+            Virtual Size: '0x2b8'
+        PAGE:
+            Entropy: 6.220333128676603
+            Virtual Size: '0x1a47'
+        INIT:
+            Entropy: 5.434583432431194
+            Virtual Size: '0x93a'
+        .rsrc:
+            Entropy: 3.2917593657396744
+            Virtual Size: '0x3a0'
+        .reloc:
+            Entropy: 1.2280731978955797
+            Virtual Size: '0x60'
+    Signature:
+    - ASROCK INC.
+    - GlobalSign GCC R45 EV CodeSigning CA 2020
+    - GlobalSign Code Signing Root R45
+    - GlobalSign
+    - GlobalSign Root CA - R1
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: OU=GlobalSign Root CA , R3, O=GlobalSign, CN=GlobalSign
+            ValidFrom: '2018-09-19 00:00:00'
+            ValidTo: '2028-01-28 12:00:00'
+            Signature: 2370e9cfe2bef559ae94426fc44333aacd3f3ab96417f262064b48f140880617a1feabd15f3cc633f2f38edd1f1d3ecc1a6099820bacc7fc7e9a872aa57d0fa657eeac3b6a85d6debd4063f8ada6c888b012fcf641df0f09971e38ea539fbe05f43eead39f501276be098bc20b487d1e2e51f68d53d3ab1f401b8a8eed7dfb4f7956705f0cd38e1bb3a7700d372b9795abdae0126b1c40cec5c77eedc26258ec77ed7322c28af5864388adea136efdd8fe422fb97d5ead18ef9490ca3d27ab26949975c7cbd37bf7ca4cd3af5121925b847d2b9f153f74cb51e89e830e166f1be746ce23bdf9e4a28bd2396baa791c912ce261242d8e2a487090c41ec5e8e070
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 01ee5f169dff97352b6465d66a
+            Version: 3
+            TBS:
+                MD5: 51c3959a45cecf3d21a3effb05762573
+                SHA1: ecfcd25fd0525448a74875ba271566bc0bfbf061
+                SHA256: de1da11668f0a8d5e13346ed3ab2755f5d25bebffcfd1d0bde5b9f87bc292c91
+                SHA384: f0eab75baf1f24a53d63bd795cd07292a312f603513c8cb0f40fe5acbdb477ed72607d309fad21471a16f6223fb3a838
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2011-04-15 19:55:08'
+            ValidTo: '2021-04-15 20:05:08'
+            Signature: 5ff8d065746a81c6a6ca5b03b6914ae84bbdef2ba142f0efb4a5adcd3389ec0b9585ac62501108aa58d25aa08310e5a6337af25af2c5fe787cf09c83df190ad97396002dd62ccde914d41d9de83f3c1a76f7904efb01350a6c9313a0c356eb67a0e4d17a96dec267f190f80a7bf5321b94ec5f751f8d1b34da6c58a7cb2d279e2226b7c9aa30cc0777b836e38201b5393ccc8dd9a75f7f23b3877fdb5798918bd7ce2520e39d644fdd87f72b68490318e0a5df7c5f68644d36838d4781f2e9e0a869abfa7b163c05a449ea8830190a6c73055178dfd41ddd3ad47f2de44e54be83431e7a7433b4a4ebd77073bc2a02988966eef6bc8f749378e329025a5a43e258ce7ccf9acad236893be25fda26054ec8d4e72c910e1797c5beee8b13112323294ffa83d050f6bafad53db3173df4ff034aa325dce67561d1fa35086bd62744d068b78d45e0eb852cc8a15d614474160e5958aed2b5eea5bcd6d7076ab62978fd976767dd8d4f17944fd2ed0caf972437c3a29c81da6be143b6577b4cecbf791319e79fe844e94781b75e701e91f83dd17b27f50b7056434805dda92fab86101d0b12e31ad04c6e75ded645b30b748887935c564a41029af7aeb799d8b67f88fa11f2457cf4d71b91c01cf1a0fbd4080a411a142acef4eb34486e66879ed54b7a397fbb0e3d3861cf735706e412066bd96b5308cd7018c22d4f974691bca9f0
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 6129152700000000002a
+            Version: 3
+            TBS:
+                MD5: 0bb058d116f02817737920f112d9fd3b
+                SHA1: fd116235171a4feafedee586b7a59185fb5fd7e6
+                SHA256: f970426cc46d2ae0fc5f899fa19dbe76e05f07e525654c60c3c9399492c291f4
+                SHA384: c0df876be008c26ca407fe904e6f5e7ccded17f9c16830ce9f8022309c9e64c97f494810f152811ae43e223b82ad7cc6
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Code Signing Root R45
+            ValidFrom: '2020-07-28 00:00:00'
+            ValidTo: '2029-03-18 00:00:00'
+            Signature: acf7cc158b3079a81d0b28881909d71c7ffe86bd7b5a336e0d670e7b62d9e1185cb0bd135d1d23ae39507637aa44fd5f01235986564cccadbc64131430a420a8e03fe89c72dc7ef3d80c23baa82daa3cf6ec9f87310765f539a7518275e1f22f97f6d1e165968364fea11d51fbb5249bf5d27769bc852c5cfa5877d1aea7b10be2d677bba9b4344aa96f3df4f30d955de6f97a45b02517312edbf70f68e6831fa9f7e5d49d988cd3614b2fc3287e7ade930eb47da00a6d92c4b4663f7da758eeacf7ecc30801ab38fc0a1ca9c597b288c8090219f65c9a1af14d6c30d4b306ab0060480d78abcf17ad9293622077756cbdc832b4dc4debd9dfc1909629bdc17f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.12
+            IsCertificateAuthority: true
+            SerialNumber: 7803184245708a41cf6f01b8eeb4a954
+            Version: 3
+            TBS:
+                MD5: a33260428269bc902bc1cd280e4b1837
+                SHA1: 254209ca172cffcc67bd2a88996556d2f09538f0
+                SHA256: a67411358594f2cf016741a63fd49f36de917f86531b3e3a43eb6a421c654868
+                SHA384: fec727af43d1569995cea26e8eb97167165842a5b185304425a92c03b71254c5d51222837515f33e60cb8ed2e8c625ba
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign GCC R45 EV CodeSigning
+                CA 2020
+            ValidFrom: '2020-07-28 00:00:00'
+            ValidTo: '2030-07-28 00:00:00'
+            Signature: 2575a009c939bab7a139892f189fabd6eb1d4be8947c0d07689b1c9def71b6176a6b024fb33f864587cc659b4ce35806022266d56102c5638fd4a2f1b65e250b7796e9cd7140338829eceef3a26dbc4db53e064bc97333ca08142d3d4ce8b0ba75a6742da4583a6c1349f8a5150a149685b16a68342542af9656f410fa247df12b72c116e16bebe6a998c73e5af4d0189dfd74978677462a3d237d28738aaeef2b1b9abf6c53a7149e3c8771c05e8ec8fbd32a9233ea574d5e075ecac118ac812d1a21fa6ecf97617bdf717a3aca63f7d530443732febb4385dcbafca6ca33192b776ddbcb05f07e5f752ea2b6bf35aa3663c9ce64d9bdfcbc2cf3495600c8122bc627bb37af57efc4cf1e29c4f4e22dce2a61cf57edf50a40e2f518d61ee9902fcad3875f938a481a111de537859f2e66629a5e814e95ac555743dc538b257e3c610f8a0bbaf53fa6d78ef704565e21bb9fd76a7180bf96de7203d8d8222bf327164f38e851400cae92efbe3d7df780c64c36578495a7841548300e5227088d8ea2bd22c719c9a6ca0ea87a36db6aba615f112495a4e28e68ee19a949995ed0b434bdd6f940c710973152393529118724d3c4fba963cb7748d5fa62fc24e0047a4ed0e46edece9e385026f4217165d70925d4c907007ab8c7f377e8c5d4e255d0d31ef67f52e2498db911720c88442633660144dfe4330e21de62894807daf5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 77bd0e05b7590bb61d4761531e3f75ed
+            Version: 3
+            TBS:
+                MD5: 65fd1dac1f115d9507f4e1840c8cb36a
+                SHA1: c7cf5607e19b22fe60c055e71d9b555d70f71f66
+                SHA256: d9c7db0b704f07089440c56e69a0f31d730edf77cfbf7514630e8b5390a270fe
+                SHA384: defe810317bd1215b4d1ee0ec8a5fb38b21d094ef1173cae670956cd899232638e4f9473fd947bd550a4a77300bbb2ab
+        -   Subject: ??=Private Organization, serialNumber=80333613, ??=TW, C=TW,
+                ST=Taipei, L=Taipei, ??=2F., No. 37, Sec. 2, Zhongyang S. Rd., Beitou
+                Dist., O=ASROCK INC., CN=ASROCK INC.
+            ValidFrom: '2021-09-17 08:05:26'
+            ValidTo: '2024-09-17 08:05:26'
+            Signature: a55d62e7c374666fc5f4d61d7c92d6a8c0b220441906ce5196674436a3f42f969875922d7a88766d7191ede53d1bcf28605c1a94a5b2fbe5598a686ee80ee3090a6cc96070fd98e7a975fdc7af0e12dbd070f5648a1b75d7f492448a1131dd6e4313a64293abaf9ba2a95fb1eaad5f20b04992d5e3b160501de906a7dc3c52d59bc106bc0b80928a1ad86cc4eb6e711e2d25c32ad092642679f257a32d7c0bc56af451d55e01473deac2c62d58c9e70d9d03dcaf493c5b4443caf3e120f0a5a8638c3a79d3b3c84554e90016bdcd301d9892193cc85a2e40a675ff543a78328be3b85c0cad5cfd9c59ed7a5e1978cc4f6af8d3b68640375405535be14e04a3c988992626fda57d1b3b30a10050c4aca6b499b53b9806b4b3620cbd458820c919bfdeccb5f7901ff7a3110fc2df7034acd4be5b4170395c4249c88ee70f11f20867623ba709a8788c40a7db56003ce5569303cd0ca7f14866b2170a559e0f70479c640b5a7076c91290ea7cb106262f87eb01e1167a842d116307f765e5632663e0f07b10139c17fd3732087602ec0a6f43dd57decad308e53f2a2a2ae45b10e7895a56ff73f0697e1e96f63324294b660a795bcf1e634ce94d77edc753157a70fc47628ef9c8fc764775fbe465dd8585c597d9d022a35a3662a289ec71351c325fe83370cababb5399e0882cbaf7aa3a58d00213097cb3eeb13ca1fb4a457d6e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 3be24b96d2c8d729eddb03e3
+            Version: 3
+            TBS:
+                MD5: bce317dc724ff8d4f6f02fca3e0e481e
+                SHA1: c84cd3e5f7120b9fcf38bbd968c2921dbd0a1e76
+                SHA256: 9b51dea8257984791d5cd3d82426595e92baba100bfd4cb0c960b1366f0a261e
+                SHA384: 403399db25033616ddd75c1e9f8df3fc60f3c235523ae77716568897bca0e2b7756a1fd7a12a2ebbeec5836c6ca7d5ac
+        Signer:
+        -   SerialNumber: 3be24b96d2c8d729eddb03e3
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign GCC R45 EV CodeSigning
+                CA 2020
+            Version: 1
+    Imphash: 88e21ed9e717781eaf87209acbdbb567
+    LoadsDespiteHVCI: 'TRUE'
diff --git a/yaml/6a7d882b-3d9d-4334-be5f-2e29c6bf9ff8.yaml b/yaml/6a7d882b-3d9d-4334-be5f-2e29c6bf9ff8.yaml
index 31bd5e5a2..c9cded235 100644
--- a/yaml/6a7d882b-3d9d-4334-be5f-2e29c6bf9ff8.yaml
+++ b/yaml/6a7d882b-3d9d-4334-be5f-2e29c6bf9ff8.yaml
@@ -1,317 +1,317 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 6a7d882b-3d9d-4334-be5f-2e29c6bf9ff8
+Tags:
+- kbdcap64.sys
+Verified: 'TRUE'
 Author: Michael Haag
+Created: '2023-01-09'
+MitreID: T1068
 Category: vulnerable driver
 Commands:
-  Command: sc.exe create kbdcap64.sys binPath=C:\windows\temp\kbdcap64.sys type=kernel
-    && sc.exe start kbdcap64.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
-Created: '2023-01-09'
+    Command: sc.exe create kbdcap64.sys binPath=C:\windows\temp\kbdcap64.sys type=kernel
+        && sc.exe start kbdcap64.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
+Resources:
+- https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules
 Detection: []
-Id: 6a7d882b-3d9d-4334-be5f-2e29c6bf9ff8
+Acknowledgement:
+    Handle: ''
+    Person: ''
 KnownVulnerableSamples:
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: kbdcap64.sys
-  MachineType: ''
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA256: 72b99147839bcfb062d29014ec09fe20a8f261748b5925b00171ef3cb849a4c1
-  Signature: []
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 038cbc948ff5ba06ac0b54ca31401fe4
-    SHA1: 83660d245fe618ecafe4900ac1e2ad0292c2da2a
-    SHA256: 72b99147839bcfb062d29014ec09fe20a8f261748b5925b00171ef3cb849a4c1
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2019-11-03 23:10:09'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - MmUnmapLockedPages
-  - KeClearEvent
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - IoRegisterPlugPlayNotification
-  - KeReadStateEvent
-  - MmMapLockedPages
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeSetEvent
-  - KeInitializeEvent
-  - KeReleaseSpinLock
-  - IoDetachDevice
-  - MmBuildMdlForNonPagedPool
-  - IoFreeMdl
-  - IoCancelIrp
-  - KeDelayExecutionThread
-  - ObQueryNameString
-  - IoDriverObjectType
-  - wcsstr
-  - MmMapLockedPagesSpecifyCache
-  - ExInterlockedInsertHeadList
-  - ExAllocatePool
-  - ExInterlockedInsertTailList
-  - PoStartNextPowerIrp
-  - IoUnregisterPlugPlayNotification
-  - IofCompleteRequest
-  - ObReferenceObjectByHandle
-  - IoAttachDeviceToDeviceStack
-  - PoCallDriver
-  - ExInterlockedRemoveHeadList
-  - IoCreateSymbolicLink
-  - ObfDereferenceObject
-  - ObReferenceObjectByName
-  - IoCreateDevice
-  - DbgPrint
-  - IoAllocateMdl
-  - IofCallDriver
-  - KeAcquireSpinLockRaiseToDpc
-  - KeBugCheckEx
-  - __C_specific_handler
-  Imports:
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: 13bd61916343d94ebefc9a7911d7bf88
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: a53e7b4810b8e8a6646827967165e841
-    SHA1: 6e089a0ffce20d92395e42c69b619bf59c140999
-    SHA256: 6d1066a1530eeb73686043235fe52052b0934d77e8e9ee471b0c67bfa61172c5
-  SHA1: 44a3a00394a6d233a27189482852babf070ffebe
-  SHA256: 97030f3c81906334429afebbf365a89b66804ed890cd74038815ca18823d626c
-  Sections:
-    .text:
-      Entropy: 6.286294718424334
-      Virtual Size: '0x1c97'
-    .rdata:
-      Entropy: 4.142075435632616
-      Virtual Size: '0x33c'
-    .data:
-      Entropy: 0.4316511568077503
-      Virtual Size: '0x150'
-    .pdata:
-      Entropy: 3.6825504342841513
-      Virtual Size: '0xd8'
-    INIT:
-      Entropy: 5.082788661818898
-      Virtual Size: '0x594'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: ??=CN, ??=Shanghai, ??=Private Organization, serialNumber=9131010707118381X9,
-        C=CN, ST=Shanghai, L=Shanghai, O=, CN=
-      ValidFrom: '2019-08-27 00:00:00'
-      ValidTo: '2022-08-19 12:00:00'
-      Signature: 3a72522da9ea787347ffe4ac96c364ffda35372ea83b3427ca0bb30d1478767ed738daaf84648998b3557ff959565e4000ffadb512d64361834b9ad550365a25a69f95ef9e7a4a38294ae14e9edd1724230f84b35deb1cedb5dc3f53d80ddfe9488df913ce93bf1a3989c325424bc35b601a0e85af646c3d764688e1922ba094b4c0e1de92186f4a0d0c1cad81673f9fca92b58e180101d9215fae80d2d42fe02c20fb1602a1cb72ec472d1d4725f1de0f76849cbd02cb7397920c623dbdebe4ea5d94b273ca1180cc5f29b45cc7c064a1bb7fa22f2d8e8e43d85c5e716481cb7beea87bb70eb5672220cec0ba61f08cbffb48114e48c11b1cdc3a13de5d221a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 09b92d7a420083c94eaf18145cfaedd1
-      Version: 3
-      TBS:
-        MD5: 62acdecc22447b159a7e2efb0350bd63
-        SHA1: ddd0bd1dded2c9189fc5b8563f8210deb83c590b
-        SHA256: ae3a19b6b64e739d5d2abb0e1471874b7d8b6b1e3f1e38ed483166a664355a4e
-        SHA384: 9af686e9341ce78dc60186100fa406916c8b90ea25a604401ffe99f3e2c4bfcf20e9106e1cfc05414972a2e069dae5e0
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA
-      ValidFrom: '2012-04-18 12:00:00'
-      ValidTo: '2027-04-18 12:00:00'
-      Signature: 9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0dd0e3374ac95bdbfa6b434b2a48ec06
-      Version: 3
-      TBS:
-        MD5: f92649915476229b093c211c2b18e6c4
-        SHA1: 2d54c16a8f8b69ccdea48d0603c132f547a5cf75
-        SHA256: 2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
-        SHA384: 511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace
-    Signer:
-    - SerialNumber: 09b92d7a420083c94eaf18145cfaedd1
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA
-      Version: 1
-  Imphash: b679ac08daf4b4ce8a58d85a8e0904ac
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 038cbc948ff5ba06ac0b54ca31401fe4
-    SHA1: 83660d245fe618ecafe4900ac1e2ad0292c2da2a
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: kbdcap64.sys
+    MachineType: ''
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
     SHA256: 72b99147839bcfb062d29014ec09fe20a8f261748b5925b00171ef3cb849a4c1
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2019-11-03 23:10:09'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - MmUnmapLockedPages
-  - KeClearEvent
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - IoRegisterPlugPlayNotification
-  - KeReadStateEvent
-  - MmMapLockedPages
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeSetEvent
-  - KeInitializeEvent
-  - KeReleaseSpinLock
-  - IoDetachDevice
-  - MmBuildMdlForNonPagedPool
-  - IoFreeMdl
-  - IoCancelIrp
-  - KeDelayExecutionThread
-  - ObQueryNameString
-  - IoDriverObjectType
-  - wcsstr
-  - MmMapLockedPagesSpecifyCache
-  - ExInterlockedInsertHeadList
-  - ExAllocatePool
-  - ExInterlockedInsertTailList
-  - PoStartNextPowerIrp
-  - IoUnregisterPlugPlayNotification
-  - IofCompleteRequest
-  - ObReferenceObjectByHandle
-  - IoAttachDeviceToDeviceStack
-  - PoCallDriver
-  - ExInterlockedRemoveHeadList
-  - IoCreateSymbolicLink
-  - ObfDereferenceObject
-  - ObReferenceObjectByName
-  - IoCreateDevice
-  - DbgPrint
-  - IoAllocateMdl
-  - IofCallDriver
-  - KeAcquireSpinLockRaiseToDpc
-  - KeBugCheckEx
-  - __C_specific_handler
-  Imports:
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: 91203acddac81511d17a68a030d063a8
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: a53e7b4810b8e8a6646827967165e841
-    SHA1: 6e089a0ffce20d92395e42c69b619bf59c140999
-    SHA256: 6d1066a1530eeb73686043235fe52052b0934d77e8e9ee471b0c67bfa61172c5
-  SHA1: f5293ac70d75cdfe580ff6a9edcc83236012eaf1
-  SHA256: 0b8887921e4a22e24fd058ba5ac40061b4bb569ac7207b9548168af9d6995e7c
-  Sections:
-    .text:
-      Entropy: 6.286294718424334
-      Virtual Size: '0x1c97'
-    .rdata:
-      Entropy: 4.142075435632616
-      Virtual Size: '0x33c'
-    .data:
-      Entropy: 0.4316511568077503
-      Virtual Size: '0x150'
-    .pdata:
-      Entropy: 3.6825504342841513
-      Virtual Size: '0xd8'
-    INIT:
-      Entropy: 5.082788661818898
-      Virtual Size: '0x594'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: ??=CN, ??=Shanghai, ??=Private Organization, serialNumber=9131010707118381X9,
-        C=CN, ST=Shanghai, L=Shanghai, O=, CN=
-      ValidFrom: '2019-08-27 00:00:00'
-      ValidTo: '2022-08-19 12:00:00'
-      Signature: 3a72522da9ea787347ffe4ac96c364ffda35372ea83b3427ca0bb30d1478767ed738daaf84648998b3557ff959565e4000ffadb512d64361834b9ad550365a25a69f95ef9e7a4a38294ae14e9edd1724230f84b35deb1cedb5dc3f53d80ddfe9488df913ce93bf1a3989c325424bc35b601a0e85af646c3d764688e1922ba094b4c0e1de92186f4a0d0c1cad81673f9fca92b58e180101d9215fae80d2d42fe02c20fb1602a1cb72ec472d1d4725f1de0f76849cbd02cb7397920c623dbdebe4ea5d94b273ca1180cc5f29b45cc7c064a1bb7fa22f2d8e8e43d85c5e716481cb7beea87bb70eb5672220cec0ba61f08cbffb48114e48c11b1cdc3a13de5d221a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 09b92d7a420083c94eaf18145cfaedd1
-      Version: 3
-      TBS:
-        MD5: 62acdecc22447b159a7e2efb0350bd63
-        SHA1: ddd0bd1dded2c9189fc5b8563f8210deb83c590b
-        SHA256: ae3a19b6b64e739d5d2abb0e1471874b7d8b6b1e3f1e38ed483166a664355a4e
-        SHA384: 9af686e9341ce78dc60186100fa406916c8b90ea25a604401ffe99f3e2c4bfcf20e9106e1cfc05414972a2e069dae5e0
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA
-      ValidFrom: '2012-04-18 12:00:00'
-      ValidTo: '2027-04-18 12:00:00'
-      Signature: 9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0dd0e3374ac95bdbfa6b434b2a48ec06
-      Version: 3
-      TBS:
-        MD5: f92649915476229b093c211c2b18e6c4
-        SHA1: 2d54c16a8f8b69ccdea48d0603c132f547a5cf75
-        SHA256: 2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
-        SHA384: 511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace
-    Signer:
-    - SerialNumber: 09b92d7a420083c94eaf18145cfaedd1
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA
-      Version: 1
-  Imphash: b679ac08daf4b4ce8a58d85a8e0904ac
-  LoadsDespiteHVCI: 'FALSE'
-MitreID: T1068
-Resources:
-- https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules
-Tags:
-- kbdcap64.sys
-Verified: 'TRUE'
+    Signature: []
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 038cbc948ff5ba06ac0b54ca31401fe4
+        SHA1: 83660d245fe618ecafe4900ac1e2ad0292c2da2a
+        SHA256: 72b99147839bcfb062d29014ec09fe20a8f261748b5925b00171ef3cb849a4c1
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2019-11-03 23:10:09'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - MmUnmapLockedPages
+    - KeClearEvent
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - IoRegisterPlugPlayNotification
+    - KeReadStateEvent
+    - MmMapLockedPages
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeSetEvent
+    - KeInitializeEvent
+    - KeReleaseSpinLock
+    - IoDetachDevice
+    - MmBuildMdlForNonPagedPool
+    - IoFreeMdl
+    - IoCancelIrp
+    - KeDelayExecutionThread
+    - ObQueryNameString
+    - IoDriverObjectType
+    - wcsstr
+    - MmMapLockedPagesSpecifyCache
+    - ExInterlockedInsertHeadList
+    - ExAllocatePool
+    - ExInterlockedInsertTailList
+    - PoStartNextPowerIrp
+    - IoUnregisterPlugPlayNotification
+    - IofCompleteRequest
+    - ObReferenceObjectByHandle
+    - IoAttachDeviceToDeviceStack
+    - PoCallDriver
+    - ExInterlockedRemoveHeadList
+    - IoCreateSymbolicLink
+    - ObfDereferenceObject
+    - ObReferenceObjectByName
+    - IoCreateDevice
+    - DbgPrint
+    - IoAllocateMdl
+    - IofCallDriver
+    - KeAcquireSpinLockRaiseToDpc
+    - KeBugCheckEx
+    - __C_specific_handler
+    Imports:
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: 13bd61916343d94ebefc9a7911d7bf88
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: a53e7b4810b8e8a6646827967165e841
+        SHA1: 6e089a0ffce20d92395e42c69b619bf59c140999
+        SHA256: 6d1066a1530eeb73686043235fe52052b0934d77e8e9ee471b0c67bfa61172c5
+    SHA1: 44a3a00394a6d233a27189482852babf070ffebe
+    SHA256: 97030f3c81906334429afebbf365a89b66804ed890cd74038815ca18823d626c
+    Sections:
+        .text:
+            Entropy: 6.286294718424334
+            Virtual Size: '0x1c97'
+        .rdata:
+            Entropy: 4.142075435632616
+            Virtual Size: '0x33c'
+        .data:
+            Entropy: 0.4316511568077503
+            Virtual Size: '0x150'
+        .pdata:
+            Entropy: 3.6825504342841513
+            Virtual Size: '0xd8'
+        INIT:
+            Entropy: 5.082788661818898
+            Virtual Size: '0x594'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: ??=CN, ??=Shanghai, ??=Private Organization, serialNumber=9131010707118381X9,
+                C=CN, ST=Shanghai, L=Shanghai, O=, CN=
+            ValidFrom: '2019-08-27 00:00:00'
+            ValidTo: '2022-08-19 12:00:00'
+            Signature: 3a72522da9ea787347ffe4ac96c364ffda35372ea83b3427ca0bb30d1478767ed738daaf84648998b3557ff959565e4000ffadb512d64361834b9ad550365a25a69f95ef9e7a4a38294ae14e9edd1724230f84b35deb1cedb5dc3f53d80ddfe9488df913ce93bf1a3989c325424bc35b601a0e85af646c3d764688e1922ba094b4c0e1de92186f4a0d0c1cad81673f9fca92b58e180101d9215fae80d2d42fe02c20fb1602a1cb72ec472d1d4725f1de0f76849cbd02cb7397920c623dbdebe4ea5d94b273ca1180cc5f29b45cc7c064a1bb7fa22f2d8e8e43d85c5e716481cb7beea87bb70eb5672220cec0ba61f08cbffb48114e48c11b1cdc3a13de5d221a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 09b92d7a420083c94eaf18145cfaedd1
+            Version: 3
+            TBS:
+                MD5: 62acdecc22447b159a7e2efb0350bd63
+                SHA1: ddd0bd1dded2c9189fc5b8563f8210deb83c590b
+                SHA256: ae3a19b6b64e739d5d2abb0e1471874b7d8b6b1e3f1e38ed483166a664355a4e
+                SHA384: 9af686e9341ce78dc60186100fa406916c8b90ea25a604401ffe99f3e2c4bfcf20e9106e1cfc05414972a2e069dae5e0
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA
+            ValidFrom: '2012-04-18 12:00:00'
+            ValidTo: '2027-04-18 12:00:00'
+            Signature: 9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0dd0e3374ac95bdbfa6b434b2a48ec06
+            Version: 3
+            TBS:
+                MD5: f92649915476229b093c211c2b18e6c4
+                SHA1: 2d54c16a8f8b69ccdea48d0603c132f547a5cf75
+                SHA256: 2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
+                SHA384: 511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace
+        Signer:
+        -   SerialNumber: 09b92d7a420083c94eaf18145cfaedd1
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA
+            Version: 1
+    Imphash: b679ac08daf4b4ce8a58d85a8e0904ac
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 038cbc948ff5ba06ac0b54ca31401fe4
+        SHA1: 83660d245fe618ecafe4900ac1e2ad0292c2da2a
+        SHA256: 72b99147839bcfb062d29014ec09fe20a8f261748b5925b00171ef3cb849a4c1
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2019-11-03 23:10:09'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - MmUnmapLockedPages
+    - KeClearEvent
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - IoRegisterPlugPlayNotification
+    - KeReadStateEvent
+    - MmMapLockedPages
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeSetEvent
+    - KeInitializeEvent
+    - KeReleaseSpinLock
+    - IoDetachDevice
+    - MmBuildMdlForNonPagedPool
+    - IoFreeMdl
+    - IoCancelIrp
+    - KeDelayExecutionThread
+    - ObQueryNameString
+    - IoDriverObjectType
+    - wcsstr
+    - MmMapLockedPagesSpecifyCache
+    - ExInterlockedInsertHeadList
+    - ExAllocatePool
+    - ExInterlockedInsertTailList
+    - PoStartNextPowerIrp
+    - IoUnregisterPlugPlayNotification
+    - IofCompleteRequest
+    - ObReferenceObjectByHandle
+    - IoAttachDeviceToDeviceStack
+    - PoCallDriver
+    - ExInterlockedRemoveHeadList
+    - IoCreateSymbolicLink
+    - ObfDereferenceObject
+    - ObReferenceObjectByName
+    - IoCreateDevice
+    - DbgPrint
+    - IoAllocateMdl
+    - IofCallDriver
+    - KeAcquireSpinLockRaiseToDpc
+    - KeBugCheckEx
+    - __C_specific_handler
+    Imports:
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: 91203acddac81511d17a68a030d063a8
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: a53e7b4810b8e8a6646827967165e841
+        SHA1: 6e089a0ffce20d92395e42c69b619bf59c140999
+        SHA256: 6d1066a1530eeb73686043235fe52052b0934d77e8e9ee471b0c67bfa61172c5
+    SHA1: f5293ac70d75cdfe580ff6a9edcc83236012eaf1
+    SHA256: 0b8887921e4a22e24fd058ba5ac40061b4bb569ac7207b9548168af9d6995e7c
+    Sections:
+        .text:
+            Entropy: 6.286294718424334
+            Virtual Size: '0x1c97'
+        .rdata:
+            Entropy: 4.142075435632616
+            Virtual Size: '0x33c'
+        .data:
+            Entropy: 0.4316511568077503
+            Virtual Size: '0x150'
+        .pdata:
+            Entropy: 3.6825504342841513
+            Virtual Size: '0xd8'
+        INIT:
+            Entropy: 5.082788661818898
+            Virtual Size: '0x594'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: ??=CN, ??=Shanghai, ??=Private Organization, serialNumber=9131010707118381X9,
+                C=CN, ST=Shanghai, L=Shanghai, O=, CN=
+            ValidFrom: '2019-08-27 00:00:00'
+            ValidTo: '2022-08-19 12:00:00'
+            Signature: 3a72522da9ea787347ffe4ac96c364ffda35372ea83b3427ca0bb30d1478767ed738daaf84648998b3557ff959565e4000ffadb512d64361834b9ad550365a25a69f95ef9e7a4a38294ae14e9edd1724230f84b35deb1cedb5dc3f53d80ddfe9488df913ce93bf1a3989c325424bc35b601a0e85af646c3d764688e1922ba094b4c0e1de92186f4a0d0c1cad81673f9fca92b58e180101d9215fae80d2d42fe02c20fb1602a1cb72ec472d1d4725f1de0f76849cbd02cb7397920c623dbdebe4ea5d94b273ca1180cc5f29b45cc7c064a1bb7fa22f2d8e8e43d85c5e716481cb7beea87bb70eb5672220cec0ba61f08cbffb48114e48c11b1cdc3a13de5d221a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 09b92d7a420083c94eaf18145cfaedd1
+            Version: 3
+            TBS:
+                MD5: 62acdecc22447b159a7e2efb0350bd63
+                SHA1: ddd0bd1dded2c9189fc5b8563f8210deb83c590b
+                SHA256: ae3a19b6b64e739d5d2abb0e1471874b7d8b6b1e3f1e38ed483166a664355a4e
+                SHA384: 9af686e9341ce78dc60186100fa406916c8b90ea25a604401ffe99f3e2c4bfcf20e9106e1cfc05414972a2e069dae5e0
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA
+            ValidFrom: '2012-04-18 12:00:00'
+            ValidTo: '2027-04-18 12:00:00'
+            Signature: 9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0dd0e3374ac95bdbfa6b434b2a48ec06
+            Version: 3
+            TBS:
+                MD5: f92649915476229b093c211c2b18e6c4
+                SHA1: 2d54c16a8f8b69ccdea48d0603c132f547a5cf75
+                SHA256: 2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
+                SHA384: 511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace
+        Signer:
+        -   SerialNumber: 09b92d7a420083c94eaf18145cfaedd1
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA
+            Version: 1
+    Imphash: b679ac08daf4b4ce8a58d85a8e0904ac
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/6c0c60f0-895d-428a-a8ae-e10390bceb12.yaml b/yaml/6c0c60f0-895d-428a-a8ae-e10390bceb12.yaml
index 9d7cf4218..8e992e53a 100644
--- a/yaml/6c0c60f0-895d-428a-a8ae-e10390bceb12.yaml
+++ b/yaml/6c0c60f0-895d-428a-a8ae-e10390bceb12.yaml
@@ -1,369 +1,372 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 6c0c60f0-895d-428a-a8ae-e10390bceb12
+Tags:
+- sfdrvx32.sys
+Verified: 'TRUE'
 Author: Michael Haag
+Created: '2023-07-22'
+MitreID: T1068
 CVE:
 - ''
 Category: vulnerable drivers
 Commands:
-  Command: ''
-  Description: Confirmed vulnerable driver from Microsoft Block List
-  OperatingSystem: Windows
-  Privileges: kernel
-  Usecase: Elevate privileges
-Created: '2023-07-22'
-Detection:
-- type: ''
-  value: ''
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: 6c0c60f0-895d-428a-a8ae-e10390bceb12
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 5f5051317d69905771acacf6dac671b2
-    SHA1: 3da89d7bad83f509960e66dc225e8278fd5a2535
-    SHA256: af10796af9886b896de11d9067ed2b1569e48e0a5a8cacbc06bc50a533d8bec8
-  Company: Almico Software
-  Copyright: "Copyright \xA9 Almico Software 2001-2011"
-  CreationTimestamp: '2011-03-18 10:08:45'
-  Date: ''
-  Description: SpeedFan x32 Driver
-  ExportedFunctions: ''
-  FileVersion: X2.01.07
-  Filename: ''
-  ImportedFunctions:
-  - IoDeleteDevice
-  - DbgPrint
-  - IoDeleteSymbolicLink
-  - ObfDereferenceObject
-  - IofCompleteRequest
-  - ExFreePoolWithTag
-  - ObfReferenceObject
-  - RtlCompareMemory
-  - IoGetDeviceProperty
-  - ExAllocatePool
-  - PsGetVersion
-  - MmGetSystemRoutineAddress
-  - RtlInitUnicodeString
-  - RtlQueryRegistryValues
-  - ExAllocatePoolWithTag
-  - IoGetDeviceObjectPointer
-  - IoCancelIrp
-  - KeWaitForSingleObject
-  - IofCallDriver
-  - IoBuildDeviceIoControlRequest
-  - KeInitializeEvent
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeTickCount
-  - KeBugCheckEx
-  - RtlUnwind
-  Imports:
-  - ntoskrnl.exe
-  InternalName: sfdrvx32.sys
-  MD5: 3fa2e254bfbce52b3c6f1bf23aab6911
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: sfdrvx32.sys
-  PDBPath: ''
-  Product: SpeedFan
-  ProductVersion: X2.01.07
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 9ad02093abf595e857ae3cfbecc7e8d8
-    SHA1: d4b87eb18f620f79bf89214c28a71794cf4479fa
-    SHA256: 65c98afd7d3c2f8787f6e92d4b4e4d142f6926f09473937f4cfdb47bc70f3bea
-  SHA1: a91730e65008b73d9264e8254792ae19208f5c69
-  SHA256: 1e94d4e6d903e98f60c240dc841dcace5f9e8bbb0802e6648a49ab80c23318cb
-  Sections:
-    .text:
-      Entropy: 6.618252192171536
-      Virtual Size: '0x26e7'
-    .rdata:
-      Entropy: 4.422031295522142
-      Virtual Size: '0x148'
-    .data:
-      Entropy: 2.709147917027245
-      Virtual Size: '0x18'
-    PAGE:
-      Entropy: 6.0609570817512575
-      Virtual Size: '0x78c'
-    INIT:
-      Entropy: 5.994685980292978
-      Virtual Size: '0x4ae'
-    .rsrc:
-      Entropy: 3.299318831864529
-      Virtual Size: '0x3f8'
-    .reloc:
-      Entropy: 5.93098804608987
-      Virtual Size: '0x220'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=IT, ST=Marche, L=Ancona, O=Sokno S.R.L., OU=Digital ID Class 3 ,
-        Microsoft Software Validation v2, OU=Software Development, CN=Sokno S.R.L.
-      ValidFrom: '2011-01-17 00:00:00'
-      ValidTo: '2012-01-17 23:59:59'
-      Signature: b396a37f2fb9e14df27dd96d28e595a5dc8393f79c1c5451fe80a40bf1b137f382f6cc19893e6bb8593ab5a791d0a8376b5c15f222ca18da6e98b795b91dc91905a5686cf774b2302bc2699b8e0948ab317b61661199a9434d3ac99de902ecc7917a876e6f2be824f6579f604e8a5ddfa346a48b80447601863ff2895272339a56fe6e1a4eadd5819322fc61d7b7f6bafa4c4100050db7dc28b8fee2b57569f7b84e0a75a7779246854ce23f119e6a7473ca567a4d00036fa0fda173c2416eecd7e75ceee28e6f4333b9cd10b176de0ded58198970cd627874e2d256daeb2e2c3f6f96c54b678eb3b5eee0cf35a81f7519e48f7515983c6b573bd52feecc5406
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 13aeb106771cc3a1bcef3513c2e03196
-      Version: 3
-      TBS:
-        MD5: 3ba7a92d9261090182e93029fbb8cb5f
-        SHA1: 909fd9f95fcd160634f33a56914a1177ee818e0d
-        SHA256: 85bbc71865ceb6cd1a1b3c5564db193364e7ca285f97573b5daae275412b9b79
-        SHA384: e5b1b724776ed2fbfa0d3cd1a183811da25ebeb8dc98451513321ba23efb1f6a3eb55d38d4b9f7ccaec17ca6ca4e5a68
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 13aeb106771cc3a1bcef3513c2e03196
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 79bd6aa7fc10b9dec95deb431c299ab0
-  LoadsDespiteHVCI: 'TRUE'
-- Authentihash:
-    MD5: 1dd0af6b54c93c4328f7c5006cd4f96a
-    SHA1: 29f2f4ac858b8736927ed1df4921ff283bbaa05f
-    SHA256: 103c1735b0ad3fc22070c3268580cd3fdbef0129a787dbc51bd5d36639515a8f
-  Company: Almico Software
-  Copyright: "Copyright \xA9 Almico Software 2001-2013"
-  CreationTimestamp: '2012-12-29 13:59:33'
-  Date: ''
-  Description: SpeedFan x32 Driver
-  ExportedFunctions: ''
-  FileVersion: X2.03.11
-  Filename: ''
-  ImportedFunctions:
-  - IoDeleteDevice
-  - DbgPrint
-  - IoDeleteSymbolicLink
-  - ObfDereferenceObject
-  - IofCompleteRequest
-  - ExFreePoolWithTag
-  - ObfReferenceObject
-  - RtlCompareMemory
-  - IoGetDeviceProperty
-  - ExAllocatePool
-  - PsGetVersion
-  - MmGetSystemRoutineAddress
-  - RtlInitUnicodeString
-  - RtlQueryRegistryValues
-  - ExAllocatePoolWithTag
-  - IoGetDeviceObjectPointer
-  - IoCancelIrp
-  - KeWaitForSingleObject
-  - IofCallDriver
-  - IoBuildDeviceIoControlRequest
-  - KeInitializeEvent
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeTickCount
-  - KeBugCheckEx
-  - RtlUnwind
-  Imports:
-  - ntoskrnl.exe
-  InternalName: sfdrvx32.sys
-  MD5: dc8d2952fb6ffbaec67bd1b93a34df11
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: sfdrvx32.sys
-  PDBPath: ''
-  Product: SpeedFan
-  ProductVersion: X2.03.11
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 9ad02093abf595e857ae3cfbecc7e8d8
-    SHA1: d4b87eb18f620f79bf89214c28a71794cf4479fa
-    SHA256: 65c98afd7d3c2f8787f6e92d4b4e4d142f6926f09473937f4cfdb47bc70f3bea
-  SHA1: 68f675b6ac401e9ec90c59a81e454705c7b138be
-  SHA256: 0bd1523a68900b80ed1bccb967643525cca55d4ff4622d0128913690e6bb619e
-  Sections:
-    .text:
-      Entropy: 6.6079108434429035
-      Virtual Size: '0x2767'
-    .rdata:
-      Entropy: 4.426405325622073
-      Virtual Size: '0x148'
-    .data:
-      Entropy: 2.709147917027245
-      Virtual Size: '0x18'
-    PAGE:
-      Entropy: 6.104049311214361
-      Virtual Size: '0x894'
-    INIT:
-      Entropy: 6.023660971492092
-      Virtual Size: '0x4ae'
-    .rsrc:
-      Entropy: 3.3041499768150944
-      Virtual Size: '0x3f8'
-    .reloc:
-      Entropy: 5.93983865686401
-      Virtual Size: '0x226'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: OU=Timestamping CA, O=GlobalSign, CN=GlobalSign Timestamping CA
-      ValidFrom: '2009-03-18 11:00:00'
-      ValidTo: '2028-01-28 12:00:00'
-      Signature: 5df6cb2b0d0140849f857a43706ae0c5e7aa0600d76713c9089131654f14a8a905dc389e6aa0300abd8dc78028ee4245ca94f3de5845a9803204f5595c6a70003927944df5b44634e81c5331b2b35416e9cc42abd5d959301cfb462725b88723b1e8758824831ec876377b01494548a4ede25dd27c9ca2dc2dba105a126265abae00c710343bcb72bd14240cdcc37627b4a7fee15829f20e169f91391d89a6e60f1c878ce258ac927e243eaaec14e73a33348bc63bac83ab0f14627aba1a2d4d4b1bc530f00b92797d3c78e0f8e6d215965999392b3061e8b8f8c0a1e9221411787dc4dc89bec0bb94e172aeebb540404fef171e585ed0a88996ac9228e9babf
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012019c19066
-      Version: 3
-      TBS:
-        MD5: 42023b9487cafe46c1b6a49c369a362e
-        SHA1: 7c7b524d269334b9f073c32e888e09544c6acd98
-        SHA256: b7126567833f3daa4085ff41e73112daad3d1e3808a942c1936520e2d6c46c78
-        SHA384: 0ee4f63d6f157ec4f6990c3ebb411ccd76cb1e2123c7f692459e43f96c0da2dbf60a2bce6afeacc60621d3055028baea
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=BE, O=GlobalSign NV, CN=GlobalSign Time Stamping Authority
-      ValidFrom: '2009-12-21 09:32:56'
-      ValidTo: '2020-12-22 09:32:56'
-      Signature: bc89ecfee63655935c79d4117a86808f17b693b26d9b91a1561811c655eaf608edad9b9ef52b81c8bbdd607b1b47991e6d403e1d80c213d58e04052fdbe7ae529e688472a1e54a603cf89bd52f46d8c3b2b79353ac9b6c432424d1f1fce9562e3411581843eaefff34746ca0c06c7fad031969881e9560cabbbd0cbb76efc724b081c63831cf36ad0c38b89020849b2e8f28b99ff6ca9427cdac396157e0e3955a9c769230f5dea6973d721c2a6032a8334d8635338a5cf3a4fdf7062ce16b4b30f5cbd34362f841b9de7d20cb058c8e2cf65f35fd338d42896508362ca389f45a858bb0b97bdb6ccba1f8d20e1bbb977cd12779be9d7c3be6a75634d8c991a9
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 01000000000125b0b4cc01
-      Version: 3
-      TBS:
-        MD5: e3369c8e5aec0504b3a50455f615d9f9
-        SHA1: 13c244a894b40ecd18aaf97c362f20385bd005a7
-        SHA256: 26da721a670c72836926032fee6920118bfb9bff89cc8d0ce30d9452c33f2532
-        SHA384: 1524902f0e25addc6d74039d439366d2b06199e215004fd8e145369f50ea94a021ce6312e8a62b35470da0309ccb975c
-    - Subject: C=IT, ST=AN, L=Ancona, O=SOKNO S.R.L., OU=Software development, CN=SOKNO
-        S.R.L.
-      ValidFrom: '2012-01-23 11:31:42'
-      ValidTo: '2013-01-23 11:31:42'
-      Signature: 12db538df515e86a2fdf7a491c37cf868a49d272d18b2e31558ea2e2d4f0c4a24609a65dcc6af470994f183cb6cf31d5d486efbac82a49ff4c989abae0e12781ab507666c0a5eef221c92c944ff94912678a22800af588d70fec25bc5e562809f1a14f280429deedab4aedc7d722b74cb0caf26cc06a49fe9698917f43918f1d01c8f33e45605be1c2a1e3efa3ec6b51d0c8504651a2647bede351730a3d0b2df454b5bcd32ca3a3054ab0f32a4fa624c3857ed0bce29578d0141236ffe9d464679ad3ff4aa120bab73e7da7df39f1d41c1ab18704c7e23cdcfa3e687d7a0ce421800860b92ca47843bdccde80b821e21f6af5a64e1fb0c92d9f2d9138704529
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112195d7aa105e2ffc7b0e33f36da1636e74
-      Version: 3
-      TBS:
-        MD5: 84bc78b97f6e7688634c980ee0a78102
-        SHA1: 53a67d0f8677e0c85cc75c779ffe199fcff5df42
-        SHA256: 1d016faa85d7797373fe502c17c35461aff2f8f8fbec5a30f1871691820d5753
-        SHA384: d655b57f8805eb589506a3a1e7bc0cf4aa5d5c59b8d5f1f052991d9b6a6d37f8fc454ea3d6305bd46455e59ec3d2875f
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2011-04-15 19:55:08'
-      ValidTo: '2021-04-15 20:05:08'
-      Signature: 5ff8d065746a81c6a6ca5b03b6914ae84bbdef2ba142f0efb4a5adcd3389ec0b9585ac62501108aa58d25aa08310e5a6337af25af2c5fe787cf09c83df190ad97396002dd62ccde914d41d9de83f3c1a76f7904efb01350a6c9313a0c356eb67a0e4d17a96dec267f190f80a7bf5321b94ec5f751f8d1b34da6c58a7cb2d279e2226b7c9aa30cc0777b836e38201b5393ccc8dd9a75f7f23b3877fdb5798918bd7ce2520e39d644fdd87f72b68490318e0a5df7c5f68644d36838d4781f2e9e0a869abfa7b163c05a449ea8830190a6c73055178dfd41ddd3ad47f2de44e54be83431e7a7433b4a4ebd77073bc2a02988966eef6bc8f749378e329025a5a43e258ce7ccf9acad236893be25fda26054ec8d4e72c910e1797c5beee8b13112323294ffa83d050f6bafad53db3173df4ff034aa325dce67561d1fa35086bd62744d068b78d45e0eb852cc8a15d614474160e5958aed2b5eea5bcd6d7076ab62978fd976767dd8d4f17944fd2ed0caf972437c3a29c81da6be143b6577b4cecbf791319e79fe844e94781b75e701e91f83dd17b27f50b7056434805dda92fab86101d0b12e31ad04c6e75ded645b30b748887935c564a41029af7aeb799d8b67f88fa11f2457cf4d71b91c01cf1a0fbd4080a411a142acef4eb34486e66879ed54b7a397fbb0e3d3861cf735706e412066bd96b5308cd7018c22d4f974691bca9f0
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 6129152700000000002a
-      Version: 3
-      TBS:
-        MD5: 0bb058d116f02817737920f112d9fd3b
-        SHA1: fd116235171a4feafedee586b7a59185fb5fd7e6
-        SHA256: f970426cc46d2ae0fc5f899fa19dbe76e05f07e525654c60c3c9399492c291f4
-        SHA384: c0df876be008c26ca407fe904e6f5e7ccded17f9c16830ce9f8022309c9e64c97f494810f152811ae43e223b82ad7cc6
-    Signer:
-    - SerialNumber: 112195d7aa105e2ffc7b0e33f36da1636e74
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 79bd6aa7fc10b9dec95deb431c299ab0
-  LoadsDespiteHVCI: 'FALSE'
-MitreID: T1068
+    Command: ''
+    Description: Confirmed vulnerable driver from Microsoft Block List
+    OperatingSystem: Windows
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://gist.github.com/mgraeber-rc/1bde6a2a83237f17b463d051d32e802c
-Tags:
-- sfdrvx32.sys
-Verified: 'TRUE'
+Detection:
+-   type: ''
+    value: ''
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 5f5051317d69905771acacf6dac671b2
+        SHA1: 3da89d7bad83f509960e66dc225e8278fd5a2535
+        SHA256: af10796af9886b896de11d9067ed2b1569e48e0a5a8cacbc06bc50a533d8bec8
+    Company: Almico Software
+    Copyright: "Copyright \xA9 Almico Software 2001-2011"
+    CreationTimestamp: '2011-03-18 10:08:45'
+    Date: ''
+    Description: SpeedFan x32 Driver
+    ExportedFunctions: ''
+    FileVersion: X2.01.07
+    Filename: ''
+    ImportedFunctions:
+    - IoDeleteDevice
+    - DbgPrint
+    - IoDeleteSymbolicLink
+    - ObfDereferenceObject
+    - IofCompleteRequest
+    - ExFreePoolWithTag
+    - ObfReferenceObject
+    - RtlCompareMemory
+    - IoGetDeviceProperty
+    - ExAllocatePool
+    - PsGetVersion
+    - MmGetSystemRoutineAddress
+    - RtlInitUnicodeString
+    - RtlQueryRegistryValues
+    - ExAllocatePoolWithTag
+    - IoGetDeviceObjectPointer
+    - IoCancelIrp
+    - KeWaitForSingleObject
+    - IofCallDriver
+    - IoBuildDeviceIoControlRequest
+    - KeInitializeEvent
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeTickCount
+    - KeBugCheckEx
+    - RtlUnwind
+    Imports:
+    - ntoskrnl.exe
+    InternalName: sfdrvx32.sys
+    MD5: 3fa2e254bfbce52b3c6f1bf23aab6911
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: sfdrvx32.sys
+    PDBPath: ''
+    Product: SpeedFan
+    ProductVersion: X2.01.07
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 9ad02093abf595e857ae3cfbecc7e8d8
+        SHA1: d4b87eb18f620f79bf89214c28a71794cf4479fa
+        SHA256: 65c98afd7d3c2f8787f6e92d4b4e4d142f6926f09473937f4cfdb47bc70f3bea
+    SHA1: a91730e65008b73d9264e8254792ae19208f5c69
+    SHA256: 1e94d4e6d903e98f60c240dc841dcace5f9e8bbb0802e6648a49ab80c23318cb
+    Sections:
+        .text:
+            Entropy: 6.618252192171536
+            Virtual Size: '0x26e7'
+        .rdata:
+            Entropy: 4.422031295522142
+            Virtual Size: '0x148'
+        .data:
+            Entropy: 2.709147917027245
+            Virtual Size: '0x18'
+        PAGE:
+            Entropy: 6.0609570817512575
+            Virtual Size: '0x78c'
+        INIT:
+            Entropy: 5.994685980292978
+            Virtual Size: '0x4ae'
+        .rsrc:
+            Entropy: 3.299318831864529
+            Virtual Size: '0x3f8'
+        .reloc:
+            Entropy: 5.93098804608987
+            Virtual Size: '0x220'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=IT, ST=Marche, L=Ancona, O=Sokno S.R.L., OU=Digital ID Class
+                3 , Microsoft Software Validation v2, OU=Software Development, CN=Sokno
+                S.R.L.
+            ValidFrom: '2011-01-17 00:00:00'
+            ValidTo: '2012-01-17 23:59:59'
+            Signature: b396a37f2fb9e14df27dd96d28e595a5dc8393f79c1c5451fe80a40bf1b137f382f6cc19893e6bb8593ab5a791d0a8376b5c15f222ca18da6e98b795b91dc91905a5686cf774b2302bc2699b8e0948ab317b61661199a9434d3ac99de902ecc7917a876e6f2be824f6579f604e8a5ddfa346a48b80447601863ff2895272339a56fe6e1a4eadd5819322fc61d7b7f6bafa4c4100050db7dc28b8fee2b57569f7b84e0a75a7779246854ce23f119e6a7473ca567a4d00036fa0fda173c2416eecd7e75ceee28e6f4333b9cd10b176de0ded58198970cd627874e2d256daeb2e2c3f6f96c54b678eb3b5eee0cf35a81f7519e48f7515983c6b573bd52feecc5406
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 13aeb106771cc3a1bcef3513c2e03196
+            Version: 3
+            TBS:
+                MD5: 3ba7a92d9261090182e93029fbb8cb5f
+                SHA1: 909fd9f95fcd160634f33a56914a1177ee818e0d
+                SHA256: 85bbc71865ceb6cd1a1b3c5564db193364e7ca285f97573b5daae275412b9b79
+                SHA384: e5b1b724776ed2fbfa0d3cd1a183811da25ebeb8dc98451513321ba23efb1f6a3eb55d38d4b9f7ccaec17ca6ca4e5a68
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 13aeb106771cc3a1bcef3513c2e03196
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 79bd6aa7fc10b9dec95deb431c299ab0
+    LoadsDespiteHVCI: 'TRUE'
+-   Authentihash:
+        MD5: 1dd0af6b54c93c4328f7c5006cd4f96a
+        SHA1: 29f2f4ac858b8736927ed1df4921ff283bbaa05f
+        SHA256: 103c1735b0ad3fc22070c3268580cd3fdbef0129a787dbc51bd5d36639515a8f
+    Company: Almico Software
+    Copyright: "Copyright \xA9 Almico Software 2001-2013"
+    CreationTimestamp: '2012-12-29 13:59:33'
+    Date: ''
+    Description: SpeedFan x32 Driver
+    ExportedFunctions: ''
+    FileVersion: X2.03.11
+    Filename: ''
+    ImportedFunctions:
+    - IoDeleteDevice
+    - DbgPrint
+    - IoDeleteSymbolicLink
+    - ObfDereferenceObject
+    - IofCompleteRequest
+    - ExFreePoolWithTag
+    - ObfReferenceObject
+    - RtlCompareMemory
+    - IoGetDeviceProperty
+    - ExAllocatePool
+    - PsGetVersion
+    - MmGetSystemRoutineAddress
+    - RtlInitUnicodeString
+    - RtlQueryRegistryValues
+    - ExAllocatePoolWithTag
+    - IoGetDeviceObjectPointer
+    - IoCancelIrp
+    - KeWaitForSingleObject
+    - IofCallDriver
+    - IoBuildDeviceIoControlRequest
+    - KeInitializeEvent
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeTickCount
+    - KeBugCheckEx
+    - RtlUnwind
+    Imports:
+    - ntoskrnl.exe
+    InternalName: sfdrvx32.sys
+    MD5: dc8d2952fb6ffbaec67bd1b93a34df11
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: sfdrvx32.sys
+    PDBPath: ''
+    Product: SpeedFan
+    ProductVersion: X2.03.11
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 9ad02093abf595e857ae3cfbecc7e8d8
+        SHA1: d4b87eb18f620f79bf89214c28a71794cf4479fa
+        SHA256: 65c98afd7d3c2f8787f6e92d4b4e4d142f6926f09473937f4cfdb47bc70f3bea
+    SHA1: 68f675b6ac401e9ec90c59a81e454705c7b138be
+    SHA256: 0bd1523a68900b80ed1bccb967643525cca55d4ff4622d0128913690e6bb619e
+    Sections:
+        .text:
+            Entropy: 6.6079108434429035
+            Virtual Size: '0x2767'
+        .rdata:
+            Entropy: 4.426405325622073
+            Virtual Size: '0x148'
+        .data:
+            Entropy: 2.709147917027245
+            Virtual Size: '0x18'
+        PAGE:
+            Entropy: 6.104049311214361
+            Virtual Size: '0x894'
+        INIT:
+            Entropy: 6.023660971492092
+            Virtual Size: '0x4ae'
+        .rsrc:
+            Entropy: 3.3041499768150944
+            Virtual Size: '0x3f8'
+        .reloc:
+            Entropy: 5.93983865686401
+            Virtual Size: '0x226'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: OU=Timestamping CA, O=GlobalSign, CN=GlobalSign Timestamping
+                CA
+            ValidFrom: '2009-03-18 11:00:00'
+            ValidTo: '2028-01-28 12:00:00'
+            Signature: 5df6cb2b0d0140849f857a43706ae0c5e7aa0600d76713c9089131654f14a8a905dc389e6aa0300abd8dc78028ee4245ca94f3de5845a9803204f5595c6a70003927944df5b44634e81c5331b2b35416e9cc42abd5d959301cfb462725b88723b1e8758824831ec876377b01494548a4ede25dd27c9ca2dc2dba105a126265abae00c710343bcb72bd14240cdcc37627b4a7fee15829f20e169f91391d89a6e60f1c878ce258ac927e243eaaec14e73a33348bc63bac83ab0f14627aba1a2d4d4b1bc530f00b92797d3c78e0f8e6d215965999392b3061e8b8f8c0a1e9221411787dc4dc89bec0bb94e172aeebb540404fef171e585ed0a88996ac9228e9babf
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012019c19066
+            Version: 3
+            TBS:
+                MD5: 42023b9487cafe46c1b6a49c369a362e
+                SHA1: 7c7b524d269334b9f073c32e888e09544c6acd98
+                SHA256: b7126567833f3daa4085ff41e73112daad3d1e3808a942c1936520e2d6c46c78
+                SHA384: 0ee4f63d6f157ec4f6990c3ebb411ccd76cb1e2123c7f692459e43f96c0da2dbf60a2bce6afeacc60621d3055028baea
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=BE, O=GlobalSign NV, CN=GlobalSign Time Stamping Authority
+            ValidFrom: '2009-12-21 09:32:56'
+            ValidTo: '2020-12-22 09:32:56'
+            Signature: bc89ecfee63655935c79d4117a86808f17b693b26d9b91a1561811c655eaf608edad9b9ef52b81c8bbdd607b1b47991e6d403e1d80c213d58e04052fdbe7ae529e688472a1e54a603cf89bd52f46d8c3b2b79353ac9b6c432424d1f1fce9562e3411581843eaefff34746ca0c06c7fad031969881e9560cabbbd0cbb76efc724b081c63831cf36ad0c38b89020849b2e8f28b99ff6ca9427cdac396157e0e3955a9c769230f5dea6973d721c2a6032a8334d8635338a5cf3a4fdf7062ce16b4b30f5cbd34362f841b9de7d20cb058c8e2cf65f35fd338d42896508362ca389f45a858bb0b97bdb6ccba1f8d20e1bbb977cd12779be9d7c3be6a75634d8c991a9
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 01000000000125b0b4cc01
+            Version: 3
+            TBS:
+                MD5: e3369c8e5aec0504b3a50455f615d9f9
+                SHA1: 13c244a894b40ecd18aaf97c362f20385bd005a7
+                SHA256: 26da721a670c72836926032fee6920118bfb9bff89cc8d0ce30d9452c33f2532
+                SHA384: 1524902f0e25addc6d74039d439366d2b06199e215004fd8e145369f50ea94a021ce6312e8a62b35470da0309ccb975c
+        -   Subject: C=IT, ST=AN, L=Ancona, O=SOKNO S.R.L., OU=Software development,
+                CN=SOKNO S.R.L.
+            ValidFrom: '2012-01-23 11:31:42'
+            ValidTo: '2013-01-23 11:31:42'
+            Signature: 12db538df515e86a2fdf7a491c37cf868a49d272d18b2e31558ea2e2d4f0c4a24609a65dcc6af470994f183cb6cf31d5d486efbac82a49ff4c989abae0e12781ab507666c0a5eef221c92c944ff94912678a22800af588d70fec25bc5e562809f1a14f280429deedab4aedc7d722b74cb0caf26cc06a49fe9698917f43918f1d01c8f33e45605be1c2a1e3efa3ec6b51d0c8504651a2647bede351730a3d0b2df454b5bcd32ca3a3054ab0f32a4fa624c3857ed0bce29578d0141236ffe9d464679ad3ff4aa120bab73e7da7df39f1d41c1ab18704c7e23cdcfa3e687d7a0ce421800860b92ca47843bdccde80b821e21f6af5a64e1fb0c92d9f2d9138704529
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112195d7aa105e2ffc7b0e33f36da1636e74
+            Version: 3
+            TBS:
+                MD5: 84bc78b97f6e7688634c980ee0a78102
+                SHA1: 53a67d0f8677e0c85cc75c779ffe199fcff5df42
+                SHA256: 1d016faa85d7797373fe502c17c35461aff2f8f8fbec5a30f1871691820d5753
+                SHA384: d655b57f8805eb589506a3a1e7bc0cf4aa5d5c59b8d5f1f052991d9b6a6d37f8fc454ea3d6305bd46455e59ec3d2875f
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2011-04-15 19:55:08'
+            ValidTo: '2021-04-15 20:05:08'
+            Signature: 5ff8d065746a81c6a6ca5b03b6914ae84bbdef2ba142f0efb4a5adcd3389ec0b9585ac62501108aa58d25aa08310e5a6337af25af2c5fe787cf09c83df190ad97396002dd62ccde914d41d9de83f3c1a76f7904efb01350a6c9313a0c356eb67a0e4d17a96dec267f190f80a7bf5321b94ec5f751f8d1b34da6c58a7cb2d279e2226b7c9aa30cc0777b836e38201b5393ccc8dd9a75f7f23b3877fdb5798918bd7ce2520e39d644fdd87f72b68490318e0a5df7c5f68644d36838d4781f2e9e0a869abfa7b163c05a449ea8830190a6c73055178dfd41ddd3ad47f2de44e54be83431e7a7433b4a4ebd77073bc2a02988966eef6bc8f749378e329025a5a43e258ce7ccf9acad236893be25fda26054ec8d4e72c910e1797c5beee8b13112323294ffa83d050f6bafad53db3173df4ff034aa325dce67561d1fa35086bd62744d068b78d45e0eb852cc8a15d614474160e5958aed2b5eea5bcd6d7076ab62978fd976767dd8d4f17944fd2ed0caf972437c3a29c81da6be143b6577b4cecbf791319e79fe844e94781b75e701e91f83dd17b27f50b7056434805dda92fab86101d0b12e31ad04c6e75ded645b30b748887935c564a41029af7aeb799d8b67f88fa11f2457cf4d71b91c01cf1a0fbd4080a411a142acef4eb34486e66879ed54b7a397fbb0e3d3861cf735706e412066bd96b5308cd7018c22d4f974691bca9f0
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 6129152700000000002a
+            Version: 3
+            TBS:
+                MD5: 0bb058d116f02817737920f112d9fd3b
+                SHA1: fd116235171a4feafedee586b7a59185fb5fd7e6
+                SHA256: f970426cc46d2ae0fc5f899fa19dbe76e05f07e525654c60c3c9399492c291f4
+                SHA384: c0df876be008c26ca407fe904e6f5e7ccded17f9c16830ce9f8022309c9e64c97f494810f152811ae43e223b82ad7cc6
+        Signer:
+        -   SerialNumber: 112195d7aa105e2ffc7b0e33f36da1636e74
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 79bd6aa7fc10b9dec95deb431c299ab0
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/6d21df78-d718-44df-b722-99eec654f5b2.yaml b/yaml/6d21df78-d718-44df-b722-99eec654f5b2.yaml
index 075a88fa1..269560fd9 100644
--- a/yaml/6d21df78-d718-44df-b722-99eec654f5b2.yaml
+++ b/yaml/6d21df78-d718-44df-b722-99eec654f5b2.yaml
@@ -1,155 +1,155 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 6d21df78-d718-44df-b722-99eec654f5b2
+Tags:
+- MsIo64.sys
+Verified: 'TRUE'
 Author: Michael Haag
+Created: '2023-01-09'
+MitreID: T1068
 CVE:
 - CVE-2020-17382
 Category: vulnerable driver
 Commands:
-  Command: sc.exe create MsIo64.sys binPath=C:\windows\temp\MsIo64.sys type=kernel
-    && sc.exe start MsIo64.sys
-  Description: The MSI AmbientLink MsIo64 driver 1.0.0.8 has a Buffer Overflow (0x80102040,
-    0x80102044, 0x80102050,and 0x80102054)
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
-Created: '2023-01-09'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/43ba8d96d5e8e54cab59d82d495eeca730eeb16e4743ed134cdd495c51a4fc89.yara
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: 6d21df78-d718-44df-b722-99eec654f5b2
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 9bb721ac0afc94a499a238ae32418d51
-    SHA1: 04a903f13528536f1d0b1751886754d9aa5cdafa
-    SHA256: 5bf00eff58e5bbe4cf578ec37b9e13c8fa74511fb2644352fcc091347153a709
-  Company: MICSYS Technology Co., LTd
-  Copyright: Copyright (c) 2019 MICSYS
-  CreationTimestamp: '2019-10-16 19:19:01'
-  Date: ''
-  Description: MICSYS driver
-  ExportedFunctions: ''
-  FileVersion: '1.1 x64 built by: WinDDK'
-  Filename: MsIo64.sys
-  ImportedFunctions:
-  - RtlInitUnicodeString
-  - DbgPrint
-  - ZwClose
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - IoDeleteSymbolicLink
-  - ZwUnmapViewOfSection
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - ObfDereferenceObject
-  - IoDeleteDevice
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: MsIo64.sys
-  MD5: dc943bf367ae77016ae399df8e71d38a
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: MsIo64.sys
-  Product: MsIo64 Driver Version 1.1
-  ProductVersion: 1.1 x64
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 16fd38750e66bdbd1fea732d9f09426a
-    SHA1: 7ce9165e772f5ac8f706f6f6af8144fcf014918d
-    SHA256: cca1d17de91fd6c28483d04c00c9e3040abe9ddc2db79db94f16372a6dedfe85
-  SHA1: 6b54f8f137778c1391285fee6150dfa58a8120b1
-  SHA256: 43ba8d96d5e8e54cab59d82d495eeca730eeb16e4743ed134cdd495c51a4fc89
-  Sections:
-    .text:
-      Entropy: 6.129792436837484
-      Virtual Size: '0x1005'
-    .rdata:
-      Entropy: 4.205714713533588
-      Virtual Size: '0x174'
-    .data:
-      Entropy: 0.4975521352521052
-      Virtual Size: '0x11c'
-    .pdata:
-      Entropy: 3.197487339123456
-      Virtual Size: '0x60'
-    INIT:
-      Entropy: 4.759649157271499
-      Virtual Size: '0x262'
-    .rsrc:
-      Entropy: 3.379586366740354
-      Virtual Size: '0x388'
-  Signature:
-  - Microsoft Windows Hardware Compatibility Publisher
-  - Microsoft Windows Third Party Component CA 2014
-  - Microsoft Root Certificate Authority 2010
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Hardware Compatibility Publisher
-      ValidFrom: '2019-06-05 18:34:00'
-      ValidTo: '2020-06-03 18:34:00'
-      Signature: 312314217055afc1a5751181c7d2d7619b23ba17166e6ae6f358b16921c925c6e3b75c31b93035f357c154fe4d347019e927db1957193b741e3371b46f4d6212b3bec972d6ff2297e8b1f2391f840045471ee31c524d4f5bf1cae4a32b73f6e48f51f777bb5b8a726db2a387c7c8df42289540f4f3d27b37d4ab4854efba809021879f3257d5670d70003a51d62bbc68e345a769f37ccb3ad336b7b3c494f5d56ef8300228d29835e5129b070742a220f83b6c9d5e2589cf2e7a1f7b59cfc81cda3232fc2fa448d736db546dc4b274cad3da83433deaa3eb9919b23ad08dc4055a8026711adcfccdb47d7a7c1adb2671ecc7198a786973807699a0ee236a46771f88913b769693b0b8ce9b002a40c2aa426edfd9a98368f89817b0d174458a390e11628e21f77e751431fae13831228e0e357610a24d89806d85390e9b3831792f62688bf04f91ee9a854b252452de7e752f39e57765a09a4ff41ae96144593a8a99688c6c9ad6b9fcaba1189ef2372b99e96db3fe6402b0e125b17f36c6f70fc1eb83257ce639b6c691a9ec031dddb9fa6536bb8e6080c9db976533f4ddfb73309b6498543cc94d3283d43668d614dd60a4fe707eb3b871da3204c534c8cc73cbc66aeb36cefd765439eef68d7ee9c515eb617f051a72097d0a25003df2dceccc9a0c4be1fd27e473955cc83ee9dba626748b1cb723c3b1c8b8ebc59321a0f5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 33000000319479a318f5522d06000000000031
-      Version: 3
-      TBS:
-        MD5: 5b81fd0f706522a8d7c9f2957283c0b4
-        SHA1: 84d894599653a8ed0e0b2802db3197dc177908cc
-        SHA256: 4fa629304df4287c97ae5b7e481974316e9daf776b0cdeffab1671e7dca68fb4
-        SHA384: 0b89dc122fc7ebf80881a5047ffbbcb0bec30636516aff4f43307e2a925a476cabfc26e2cc392ad748d655f6ec4c8b75
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2014
-      ValidFrom: '2014-10-15 20:31:27'
-      ValidTo: '2029-10-15 20:41:27'
-      Signature: 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 330000000d690d5d7893d076df00000000000d
-      Version: 3
-      TBS:
-        MD5: 83f69422963f11c3c340b81712eef319
-        SHA1: 0c5e5f24590b53bc291e28583acb78e5adc95601
-        SHA256: d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
-        SHA384: 260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63
-    Signer:
-    - SerialNumber: 33000000319479a318f5522d06000000000031
-      Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2014
-      Version: 1
-  Imphash: 8a424cd36ae3eab0d11332ce3b982a02
-  LoadsDespiteHVCI: 'FALSE'
-MitreID: T1068
+    Command: sc.exe create MsIo64.sys binPath=C:\windows\temp\MsIo64.sys type=kernel
+        && sc.exe start MsIo64.sys
+    Description: The MSI AmbientLink MsIo64 driver 1.0.0.8 has a Buffer Overflow (0x80102040,
+        0x80102044, 0x80102050,and 0x80102054)
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://www.matteomalvica.com/blog/2020/09/24/weaponizing-cve-2020-17382/
 - https://packetstormsecurity.com/files/159315/MSI-Ambient-Link-Driver-1.0.0.8-Privilege-Escalation.html
 - https://www.coresecurity.com/core-labs/advisories/msi-ambient-link-multiple-vulnerabilities
 - https://github.com/Exploitables/CVE-2020-17382
 - https://github.com/namazso/physmem_drivers
-Tags:
-- MsIo64.sys
-Verified: 'TRUE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/43ba8d96d5e8e54cab59d82d495eeca730eeb16e4743ed134cdd495c51a4fc89.yara
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 9bb721ac0afc94a499a238ae32418d51
+        SHA1: 04a903f13528536f1d0b1751886754d9aa5cdafa
+        SHA256: 5bf00eff58e5bbe4cf578ec37b9e13c8fa74511fb2644352fcc091347153a709
+    Company: MICSYS Technology Co., LTd
+    Copyright: Copyright (c) 2019 MICSYS
+    CreationTimestamp: '2019-10-16 19:19:01'
+    Date: ''
+    Description: MICSYS driver
+    ExportedFunctions: ''
+    FileVersion: '1.1 x64 built by: WinDDK'
+    Filename: MsIo64.sys
+    ImportedFunctions:
+    - RtlInitUnicodeString
+    - DbgPrint
+    - ZwClose
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - IoDeleteSymbolicLink
+    - ZwUnmapViewOfSection
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - ObfDereferenceObject
+    - IoDeleteDevice
+    - HalTranslateBusAddress
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: MsIo64.sys
+    MD5: dc943bf367ae77016ae399df8e71d38a
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: MsIo64.sys
+    Product: MsIo64 Driver Version 1.1
+    ProductVersion: 1.1 x64
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 16fd38750e66bdbd1fea732d9f09426a
+        SHA1: 7ce9165e772f5ac8f706f6f6af8144fcf014918d
+        SHA256: cca1d17de91fd6c28483d04c00c9e3040abe9ddc2db79db94f16372a6dedfe85
+    SHA1: 6b54f8f137778c1391285fee6150dfa58a8120b1
+    SHA256: 43ba8d96d5e8e54cab59d82d495eeca730eeb16e4743ed134cdd495c51a4fc89
+    Sections:
+        .text:
+            Entropy: 6.129792436837484
+            Virtual Size: '0x1005'
+        .rdata:
+            Entropy: 4.205714713533588
+            Virtual Size: '0x174'
+        .data:
+            Entropy: 0.4975521352521052
+            Virtual Size: '0x11c'
+        .pdata:
+            Entropy: 3.197487339123456
+            Virtual Size: '0x60'
+        INIT:
+            Entropy: 4.759649157271499
+            Virtual Size: '0x262'
+        .rsrc:
+            Entropy: 3.379586366740354
+            Virtual Size: '0x388'
+    Signature:
+    - Microsoft Windows Hardware Compatibility Publisher
+    - Microsoft Windows Third Party Component CA 2014
+    - Microsoft Root Certificate Authority 2010
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Hardware Compatibility Publisher
+            ValidFrom: '2019-06-05 18:34:00'
+            ValidTo: '2020-06-03 18:34:00'
+            Signature: 312314217055afc1a5751181c7d2d7619b23ba17166e6ae6f358b16921c925c6e3b75c31b93035f357c154fe4d347019e927db1957193b741e3371b46f4d6212b3bec972d6ff2297e8b1f2391f840045471ee31c524d4f5bf1cae4a32b73f6e48f51f777bb5b8a726db2a387c7c8df42289540f4f3d27b37d4ab4854efba809021879f3257d5670d70003a51d62bbc68e345a769f37ccb3ad336b7b3c494f5d56ef8300228d29835e5129b070742a220f83b6c9d5e2589cf2e7a1f7b59cfc81cda3232fc2fa448d736db546dc4b274cad3da83433deaa3eb9919b23ad08dc4055a8026711adcfccdb47d7a7c1adb2671ecc7198a786973807699a0ee236a46771f88913b769693b0b8ce9b002a40c2aa426edfd9a98368f89817b0d174458a390e11628e21f77e751431fae13831228e0e357610a24d89806d85390e9b3831792f62688bf04f91ee9a854b252452de7e752f39e57765a09a4ff41ae96144593a8a99688c6c9ad6b9fcaba1189ef2372b99e96db3fe6402b0e125b17f36c6f70fc1eb83257ce639b6c691a9ec031dddb9fa6536bb8e6080c9db976533f4ddfb73309b6498543cc94d3283d43668d614dd60a4fe707eb3b871da3204c534c8cc73cbc66aeb36cefd765439eef68d7ee9c515eb617f051a72097d0a25003df2dceccc9a0c4be1fd27e473955cc83ee9dba626748b1cb723c3b1c8b8ebc59321a0f5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 33000000319479a318f5522d06000000000031
+            Version: 3
+            TBS:
+                MD5: 5b81fd0f706522a8d7c9f2957283c0b4
+                SHA1: 84d894599653a8ed0e0b2802db3197dc177908cc
+                SHA256: 4fa629304df4287c97ae5b7e481974316e9daf776b0cdeffab1671e7dca68fb4
+                SHA384: 0b89dc122fc7ebf80881a5047ffbbcb0bec30636516aff4f43307e2a925a476cabfc26e2cc392ad748d655f6ec4c8b75
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2014
+            ValidFrom: '2014-10-15 20:31:27'
+            ValidTo: '2029-10-15 20:41:27'
+            Signature: 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 330000000d690d5d7893d076df00000000000d
+            Version: 3
+            TBS:
+                MD5: 83f69422963f11c3c340b81712eef319
+                SHA1: 0c5e5f24590b53bc291e28583acb78e5adc95601
+                SHA256: d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
+                SHA384: 260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63
+        Signer:
+        -   SerialNumber: 33000000319479a318f5522d06000000000031
+            Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2014
+            Version: 1
+    Imphash: 8a424cd36ae3eab0d11332ce3b982a02
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/6ec5ddda-f302-4008-a73e-12814c1d571f.yaml b/yaml/6ec5ddda-f302-4008-a73e-12814c1d571f.yaml
index e82917c9b..18caafd6a 100644
--- a/yaml/6ec5ddda-f302-4008-a73e-12814c1d571f.yaml
+++ b/yaml/6ec5ddda-f302-4008-a73e-12814c1d571f.yaml
@@ -1,1408 +1,1415 @@
 Id: 6ec5ddda-f302-4008-a73e-12814c1d571f
+Tags:
+- ATSZIO.sys
+Verified: 'TRUE'
 Author: Nasreddine Bencherchali
 Created: '2023-05-06'
 MitreID: T1068
 Category: vulnerable driver
-Verified: 'TRUE'
 Commands:
-  Command: sc.exe create ATSZIO.sys binPath=C:\windows\temp\ATSZIO.sys type=kernel
-    && sc.exe start ATSZIO.sys
-  Description: ''
-  Usecase: Elevate privileges
-  Privileges: kernel
-  OperatingSystem: Windows 10
+    Command: sc.exe create ATSZIO.sys binPath=C:\windows\temp\ATSZIO.sys type=kernel
+        && sc.exe start ATSZIO.sys
+    Description: ''
+    Usecase: Elevate privileges
+    Privileges: kernel
+    OperatingSystem: Windows 10
 Resources:
 - Internal Research
-Acknowledgement:
-  Person: ''
-  Handle: ''
 Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Person: ''
+    Handle: ''
 KnownVulnerableSamples:
-- Filename: ATSZIO.sys
-  MD5: 17b97fbe2e8834d7ad30211635e1b271
-  SHA1: e88259de797573fa515603ad3354aed0bce572f1
-  SHA256: 0da746e49fd662be910d0e366934a7e02898714eaaa577e261ab40eb44222b5c
-  Authentihash:
-    MD5: f1d41369bc171a32ece45fd99af06814
-    SHA1: b3511e640bde63fcfbc22b2043a27d84824ad597
-    SHA256: 8926be6aa6df3b5d20483e0e698ea14fa0fb760844468ed69143d7f503250349
-  Description: ATSZIO Driver
-  Company: ASUSTek Computer Inc.
-  InternalName: ATSZIO.sys
-  OriginalFilename: ATSZIO.sys
-  FileVersion: 0.2.1.7
-  Product: ATSZIO Driver
-  ProductVersion: 0.2.1.7
-  Copyright: Copyright (C) 2012
-  MachineType: I386
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoCreateSynchronizationEvent
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ObReferenceObjectByHandle
-  - ZwClose
-  - ZwOpenSection
-  - IofCompleteRequest
-  - ZwUnmapViewOfSection
-  - MmGetPhysicalAddress
-  - _aullrem
-  - memcpy
-  - KeTickCount
-  - KeBugCheckEx
-  - RtlUnwind
-  - MmFreeContiguousMemory
-  - MmAllocateContiguousMemory
-  - ExFreePoolWithTag
-  - ExAllocatePool
-  - KeWaitForSingleObject
-  - KeSetEvent
-  - DbgPrint
-  - ZwMapViewOfSection
-  - RtlInitUnicodeString
-  - HalSetBusDataByOffset
-  - WRITE_PORT_ULONG
-  - WRITE_PORT_USHORT
-  - WRITE_PORT_UCHAR
-  - READ_PORT_ULONG
-  - READ_PORT_USHORT
-  - READ_PORT_UCHAR
-  - HalGetBusDataByOffset
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=TW, ST=Taiwan, L=Taipei / Peitou, O=ASUSTeK Computer Inc., OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=Quality Testing Department,
-        CN=ASUSTeK Computer Inc.
-      ValidFrom: '2012-07-31 00:00:00'
-      ValidTo: '2015-08-03 23:59:59'
-      Signature: 03cd161c1960e13d0b06441f08fdfc9df8319f8d87a83ecc865bc20767841d4087e40dc9d770bdc5c0fe6ccb9cf3e08bee7364451b03fb3130356761cae54417e8a282ed7cd33b0becd72e8799b616a2766976a7172a1cc299e8321ebeb479f592e03f425da4b2ea6a0cd0b5cc32b9bdeec80aa3ef0a62d6e16b72765301d53ef883ab9210a4b868ff2e2724e37804feb5277d3e26da8ba9d0b6ef61769d1c0f62a78757779d7134a63320b1a692584f12162d3fa20ec6e1b038b1a8d7afc2fad7b692759c6a000159714271f40d608fed3c08213b757fa75baf4674380f5aea46b7125f17532c636876c1f3e0d4b0350822f2a640001fda794b969e2cc681c2
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 7d08d9bc130726de26ee4ef28e133084
-      Version: 3
-      TBS:
-        MD5: 72cafb0a175f0481177fa2c9803283c7
-        SHA1: b603167b958c5fcd7094552891ddc4e2ea4c149f
-        SHA256: a36a0024075771a4b30eab8f1288817059fe1a01003d0c1d92f647df17f3b688
-        SHA384: 33c28dc6857ce5d20a2e9ba8a47f6bc80a9a98fba518fd732963bedbbb408848b89b3d8438d413f8b933ee761ffa1653
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 7d08d9bc130726de26ee4ef28e133084
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 77e31117ca3b0811284211afccebd400
-    SHA1: 82163fc8de4b350f7c6a885feab41396ba4f510a
-    SHA256: ca3b2e281532691f7dad80aeabf21f1b6b6a6d030317d5aa540e8168e4e0e2a4
-  Sections:
-    .text:
-      Entropy: 5.868585177859296
-      Virtual Size: '0x3b8'
-    .rdata:
-      Entropy: 4.357749189445287
-      Virtual Size: '0x1f8'
-    .data:
-      Entropy: 2.450212064914747
-      Virtual Size: '0x1c'
-    PAGE:
-      Entropy: 5.939514313917668
-      Virtual Size: '0x185a'
-    INIT:
-      Entropy: 5.998008213295148
-      Virtual Size: '0x718'
-    .rsrc:
-      Entropy: 3.2691875406923323
-      Virtual Size: '0x330'
-    .reloc:
-      Entropy: 5.157296790524136
-      Virtual Size: '0x1c0'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2014-09-18 06:05:53'
-  Imphash: bb56f25a810b329868a0ff8e94080bad
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: ATSZIO.sys
-  MD5: 7ee0c884e7d282958c5b3a9e47f23e13
-  SHA1: 86e893e59352fcb220768fb758fcc5bbd91dd39e
-  SHA256: 1a4f7d7926efc3e3488758ce318246ea78a061bde759ec6c906ff005dd8213e5
-  Authentihash:
-    MD5: 69a92cb6ac87c99f10b24eefa13f0b10
-    SHA1: b66bf2b1b07f8f2bab1418131ae66b0a55265f73
-    SHA256: 0ff8bcc7f938ec71ee33fbe089d38e40a8190603558d4765c47b1b09e1dd764a
-  Description: ATSZIO Driver
-  Company: ASUSTek Computer Inc.
-  InternalName: ATSZIO.sys
-  OriginalFilename: ATSZIO.sys
-  FileVersion: 0.2.1.7
-  Product: ATSZIO Driver
-  ProductVersion: 0.2.1.7
-  Copyright: Copyright (C) 2012
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - KeWaitForSingleObject
-  - ExAllocatePool
-  - ExFreePoolWithTag
-  - MmAllocateContiguousMemory
-  - MmFreeContiguousMemory
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoCreateSynchronizationEvent
-  - KeSetEvent
-  - IoDeleteSymbolicLink
-  - ObReferenceObjectByHandle
-  - ZwClose
-  - ZwOpenSection
-  - ZwMapViewOfSection
-  - ZwUnmapViewOfSection
-  - MmGetPhysicalAddress
-  - __C_specific_handler
-  - DbgPrint
-  - IoDeleteDevice
-  - RtlInitUnicodeString
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Hardware Compatibility Publisher
-      ValidFrom: '2021-09-09 19:15:59'
-      ValidTo: '2022-09-01 19:15:59'
-      Signature: 1757782e797188079911866d54bd474a2432707984658c549a407e7fb4e5efa2ba72367a02b382d2116d4c4538836ddcd4616fcd231229df1ae5d0da6b3abe499ee5d8b47a7919940f6bbcbe2575018dca65eef4913e3d38410f2cd6cca3082d9ba2c061173cd828635665f76e8f0f685e03da24290b9d2cae7039da974de7b7e85798ba64cbe9ba34e0308c3bd6b4d68e9723fde74274fd3806fe799d04d6a3835f82d4fefc52088ccda4b4c817116f2f5a99445a3e952d78bc27753e65e97c6271c71ac7c9e3439b847e8984ab06a5904d150223f9ca92bbda86c02663c3f4964da5e106619b6eaff2768143cce9e5a8b0b2cba90e82cd87866d9fd6499c6cfbc96529a18b5653d12b54a6c928693a4e3d197ffbfcce7ed71a909b18d09b4345b24bc25eb8dfa1821a9cd0971ffc7d38a26580e2f118c4ac55bf926d0666b72ad7ba6ec20f0b54d694bc3b8a0dbddda27bd64194da085319841d1ebc9dc067ef72ea064a475bea865828b13077bc8e14e2f7544b90f0045f3cd84bcc0d5a80645a6fb65528e4f768ec775bdb0225399f3c81c0b667714676d0949f9ffaddc8549dc45e5ce4345c4ea7dc0aff4ac510f5527ad94a2181edc4b73bcfde813a83d81ca897854c98712346001a12e5d3bf9a45c807f9b3c7d3e0bb99c035ea54ee39e2c9af4147dbea7aabec85b47192b945e083ddf6061afb901e83b11135d24e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 330000004de597a775e3157f7b00000000004d
-      Version: 3
-      TBS:
-        MD5: 9f0782e89bd41cdd96ec55357457478a
-        SHA1: 35c2180572baad19019acca1334e6c653699c389
-        SHA256: 50814710213afec410f26e573d25267a2e21d3d15f158be8a43a666c9cc6fa08
-        SHA384: 8d48f066b0284071d64bbc556e018824a8388ccd142a56c7b7b04ef6d27cade07da57ac82d8067e18ad64d35af11e2a7
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2014
-      ValidFrom: '2014-10-15 20:31:27'
-      ValidTo: '2029-10-15 20:41:27'
-      Signature: 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 330000000d690d5d7893d076df00000000000d
-      Version: 3
-      TBS:
-        MD5: 83f69422963f11c3c340b81712eef319
-        SHA1: 0c5e5f24590b53bc291e28583acb78e5adc95601
-        SHA256: d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
-        SHA384: 260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63
-    Signer:
-    - SerialNumber: 330000004de597a775e3157f7b00000000004d
-      Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2014
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 5633aed816ac7f25c13e7f4286ee4097
-    SHA1: 65f5dfbb3adcd40e7bdac184b5f599df9317377a
-    SHA256: 63b956b0064047af48cfdc479899aa30c5f0c2944c96e6ad03e3c26171d83147
-  Sections:
-    .text:
-      Entropy: 5.55616133376499
-      Virtual Size: '0x5d4'
-    .rdata:
-      Entropy: 3.9257359466643256
-      Virtual Size: '0x2ec'
-    .data:
-      Entropy: 0.5035334969292564
-      Virtual Size: '0x118'
-    .pdata:
-      Entropy: 3.305451172213043
-      Virtual Size: '0x60'
-    PAGE:
-      Entropy: 6.205978336553792
-      Virtual Size: '0xcfe'
-    INIT:
-      Entropy: 5.6051981124019505
-      Virtual Size: '0x5dc'
-    .rsrc:
-      Entropy: 3.2691875406923323
-      Virtual Size: '0x330'
-    .reloc:
-      Entropy: 1.584962500721156
-      Virtual Size: '0xc'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2014-09-18 06:04:29'
-  Imphash: b19743993dc7f1d48b2a86fe9b9c91e3
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: ATSZIO.sys
-  MD5: 030c8432981e4d41b191624b3e07afe2
-  SHA1: 87d47340d1940eaeb788523606804855818569e3
-  SHA256: 31d8fc6f5fb837d5eb29db828d13ba8ee11867d86a90b2c2483a578e1d0ec43a
-  Authentihash:
-    MD5: f3a217e8c7a1c871d6588e7ef85ed660
-    SHA1: b5407f564315cfd3eac7c7663fac575fd18f565d
-    SHA256: 028aed97e90c5a231069a3fa0853c67ea5853c4bbfea6247c6f4b53509581d05
-  Description: ATSZIO Driver
-  Company: ''
-  InternalName: ATSZIO
-  OriginalFilename: ATSZIO.sys
-  FileVersion: 0, 2, 1, 2
-  Product: ATSZIO Driver
-  ProductVersion: 0, 2, 1, 2
-  Copyright: Copyright (C) 2010
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoCreateDevice
-  - RtlInitUnicodeString
-  - IoDeleteSymbolicLink
-  - ZwClose
-  - IofCompleteRequest
-  - __C_specific_handler
-  - MmFreeContiguousMemory
-  - MmGetPhysicalAddress
-  - IoCreateSynchronizationEvent
-  - KeSetEvent
-  - KeWaitForSingleObject
-  - RtlAssert
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - ZwUnmapViewOfSection
-  - IoDeleteDevice
-  - MmAllocateContiguousMemory
-  - IoCreateSymbolicLink
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=TW, ST=Taiwan, L=Taipei / Peitou, O=ASUSTeK Computer Inc., OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=Quality Testing Department,
-        CN=ASUSTeK Computer Inc.
-      ValidFrom: '2009-08-03 00:00:00'
-      ValidTo: '2012-08-03 23:59:59'
-      Signature: bdc1dedf888c617c55af86763028f36094aeaadb7ebe82208e02d910305a252b4156a62a7f17366536fde06c13ff2bd8891e303a1e8c5c3cdb5fb257627367e3b6446b76c8080f61feac4424c5ef89467a79dc55fcb929805b727a10b39493038f97535686250f46e169bc85a02fb1f8a2626235a540e058084d1b17dbb7c426e76a8d3c2b3e2c0c4f33b9d6cc8d7a3590f8f61358ea5380ee0af3df7197dc4a615bcef1bcd119dba007d955d1acd14b42ab89d3539047d13d3e767de04ab5aa289fa0a698a582e84a5a65a1c9fabed2f75576629e8ad1826b68f2fca2baa751745f5ec968ed91cdf9761244a80b8c0d957900297ac3523c7a20c64e35be1b0a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 12d5c9e2949d48abaccd3514f0fb22ad
-      Version: 3
-      TBS:
-        MD5: a8e2727ca2cb8705c02aaef015feb372
-        SHA1: 94a0711ecebe96729e048ae1c7de9c4ba5c25ec4
-        SHA256: dd670882ef38bfeecfb2865ad06f52e36b07f99fbf5937b2ede58178d2221961
-        SHA384: 508037c851d72d2bf8f35ba25436903a510d02d58f923b6d2c694a9a27f4a82b0b0953ee7b3c68078faafe3886a64aa4
-    Signer:
-    - SerialNumber: 12d5c9e2949d48abaccd3514f0fb22ad
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 3dc6d69ce1ae56d00286bda816862677
-    SHA1: 80ad1e727f443db7d78e9fc875eaa3d29dcf67c1
-    SHA256: 1e2ad898c34cb73fe3468988c17185c8a3a10497601d8293da289f21938ff307
-  Sections:
-    .text:
-      Entropy: 4.948916770686984
-      Virtual Size: '0x1a0'
-    .rdata:
-      Entropy: 4.490690230329159
-      Virtual Size: '0x310'
-    .data:
-      Entropy: 0.0
-      Virtual Size: '0x8'
-    .pdata:
-      Entropy: 3.2171634497268213
-      Virtual Size: '0x9c'
-    PAGE:
-      Entropy: 5.211344772340833
-      Virtual Size: '0x1a74'
-    INIT:
-      Entropy: 5.422880577078522
-      Virtual Size: '0x51e'
-    .rsrc:
-      Entropy: 3.6129747487589423
-      Virtual Size: '0x384'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2011-03-03 22:49:03'
-  Imphash: 2233472cee6457ad207017803048aaff
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: ATSZIO.sys
-  MD5: 715ac0756234a203cb7ce8524b6ddc0d
-  SHA1: d73dabcb3f55935b701542fd26875006217ebbbe
-  SHA256: 55a1535e173c998fbbc978009b02d36ca0c737340d84ac2a8da73dfc2f450ef9
-  Authentihash:
-    MD5: 272a0dd6f4b32694511cadaba438aec8
-    SHA1: 584b6a0e2dc45ce2d5ee5becf3ef09e7877a619b
-    SHA256: 18bea05d56bcbc0e23663db9b6dc79d9db3a218e711415a1e420dea2e183cb5e
-  Description: ATSZIO Driver
-  Company: ASUSTek Computer Inc.
-  InternalName: ATSZIO.sys
-  OriginalFilename: ATSZIO.sys
-  FileVersion: 0.2.1.6
-  Product: ATSZIO Driver
-  ProductVersion: 0.2.1.6
-  Copyright: Copyright (C) 2012
-  MachineType: I386
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoCreateSymbolicLink
-  - IoCreateSynchronizationEvent
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ObReferenceObjectByHandle
-  - ZwClose
-  - IoCreateDevice
-  - ZwMapViewOfSection
-  - ZwUnmapViewOfSection
-  - MmGetPhysicalAddress
-  - memcpy
-  - KeTickCount
-  - RtlUnwind
-  - IofCompleteRequest
-  - MmFreeContiguousMemory
-  - MmAllocateContiguousMemory
-  - ExAllocatePool
-  - KeWaitForSingleObject
-  - KeSetEvent
-  - DbgPrint
-  - ZwOpenSection
-  - RtlInitUnicodeString
-  - KeBugCheckEx
-  - HalSetBusDataByOffset
-  - WRITE_PORT_ULONG
-  - WRITE_PORT_USHORT
-  - WRITE_PORT_UCHAR
-  - READ_PORT_ULONG
-  - READ_PORT_USHORT
-  - READ_PORT_UCHAR
-  - HalGetBusDataByOffset
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=TW, ST=Taiwan, L=Taipei / Peitou, O=ASUSTeK Computer Inc., OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=Quality Testing Department,
-        CN=ASUSTeK Computer Inc.
-      ValidFrom: '2012-07-31 00:00:00'
-      ValidTo: '2015-08-03 23:59:59'
-      Signature: 03cd161c1960e13d0b06441f08fdfc9df8319f8d87a83ecc865bc20767841d4087e40dc9d770bdc5c0fe6ccb9cf3e08bee7364451b03fb3130356761cae54417e8a282ed7cd33b0becd72e8799b616a2766976a7172a1cc299e8321ebeb479f592e03f425da4b2ea6a0cd0b5cc32b9bdeec80aa3ef0a62d6e16b72765301d53ef883ab9210a4b868ff2e2724e37804feb5277d3e26da8ba9d0b6ef61769d1c0f62a78757779d7134a63320b1a692584f12162d3fa20ec6e1b038b1a8d7afc2fad7b692759c6a000159714271f40d608fed3c08213b757fa75baf4674380f5aea46b7125f17532c636876c1f3e0d4b0350822f2a640001fda794b969e2cc681c2
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 7d08d9bc130726de26ee4ef28e133084
-      Version: 3
-      TBS:
-        MD5: 72cafb0a175f0481177fa2c9803283c7
-        SHA1: b603167b958c5fcd7094552891ddc4e2ea4c149f
-        SHA256: a36a0024075771a4b30eab8f1288817059fe1a01003d0c1d92f647df17f3b688
-        SHA384: 33c28dc6857ce5d20a2e9ba8a47f6bc80a9a98fba518fd732963bedbbb408848b89b3d8438d413f8b933ee761ffa1653
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 7d08d9bc130726de26ee4ef28e133084
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 437fa46984a3255a7a5fdacd2ab50317
-    SHA1: d6aad3b796e1fecfdc71cd91de7f92719e158d36
-    SHA256: 25b7e6a886196d4028fd20dcd1d83b54348bedac1557396b3360e7cee1ec5e79
-  Sections:
-    .text:
-      Entropy: 5.86706170836468
-      Virtual Size: '0x3c8'
-    .rdata:
-      Entropy: 3.9276963740014468
-      Virtual Size: '0x1c8'
-    .data:
-      Entropy: 2.709147917027245
-      Virtual Size: '0x18'
-    PAGE:
-      Entropy: 6.274279745602613
-      Virtual Size: '0xb78'
-    INIT:
-      Entropy: 5.997110576759958
-      Virtual Size: '0x614'
-    .rsrc:
-      Entropy: 3.2681400493047423
-      Virtual Size: '0x330'
-    .reloc:
-      Entropy: 4.460990027729786
-      Virtual Size: '0x13c'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2013-04-26 05:50:44'
-  Imphash: ff605557fd515d7ab30ff41dbd8bd24a
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: ATSZIO.sys
-  MD5: f84da507b3067f019c340b737cd68d32
-  SHA1: 5e9538d76b75f87f94ca5409ae3ddc363e8aba7f
-  SHA256: 673bcec3d53fab5efd6e3bac25ac9d6cc51f6bbdf8336e38aade2713dc1ae11b
-  Authentihash:
-    MD5: aec83d758be98eb60b7463bc71eb1242
-    SHA1: 1ce64a20f37b9a86bd55b2ae592a5b90e6e9ea40
-    SHA256: 1631d124bd8b2917c37abfe0f7b3dfa9e309ec54f69bdab2e2b5de3929d523d7
-  Description: ATSZIO Driver
-  Company: ''
-  InternalName: ATSZIO
-  OriginalFilename: ATSZIO.sys
-  FileVersion: 0, 2, 1, 2
-  Product: ATSZIO Driver
-  ProductVersion: 0, 2, 1, 2
-  Copyright: Copyright (C) 2010
-  MachineType: I386
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - MmGetPhysicalAddress
-  - MmAllocateContiguousMemory
-  - KeSetEvent
-  - KeWaitForSingleObject
-  - _except_handler3
-  - MmFreeContiguousMemory
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - ZwUnmapViewOfSection
-  - IofCompleteRequest
-  - ZwClose
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - IoCreateDevice
-  - IoCreateSynchronizationEvent
-  - IoDeleteDevice
-  - RtlAssert
-  - IoCreateSymbolicLink
-  - READ_PORT_ULONG
-  - HalGetBusDataByOffset
-  - HalSetBusDataByOffset
-  - READ_PORT_UCHAR
-  - READ_PORT_USHORT
-  - WRITE_PORT_UCHAR
-  - WRITE_PORT_USHORT
-  - WRITE_PORT_ULONG
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=TW, ST=Taiwan, L=Taipei / Peitou, O=ASUSTeK Computer Inc., OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=Quality Testing Department,
-        CN=ASUSTeK Computer Inc.
-      ValidFrom: '2009-08-03 00:00:00'
-      ValidTo: '2012-08-03 23:59:59'
-      Signature: bdc1dedf888c617c55af86763028f36094aeaadb7ebe82208e02d910305a252b4156a62a7f17366536fde06c13ff2bd8891e303a1e8c5c3cdb5fb257627367e3b6446b76c8080f61feac4424c5ef89467a79dc55fcb929805b727a10b39493038f97535686250f46e169bc85a02fb1f8a2626235a540e058084d1b17dbb7c426e76a8d3c2b3e2c0c4f33b9d6cc8d7a3590f8f61358ea5380ee0af3df7197dc4a615bcef1bcd119dba007d955d1acd14b42ab89d3539047d13d3e767de04ab5aa289fa0a698a582e84a5a65a1c9fabed2f75576629e8ad1826b68f2fca2baa751745f5ec968ed91cdf9761244a80b8c0d957900297ac3523c7a20c64e35be1b0a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 12d5c9e2949d48abaccd3514f0fb22ad
-      Version: 3
-      TBS:
-        MD5: a8e2727ca2cb8705c02aaef015feb372
-        SHA1: 94a0711ecebe96729e048ae1c7de9c4ba5c25ec4
-        SHA256: dd670882ef38bfeecfb2865ad06f52e36b07f99fbf5937b2ede58178d2221961
-        SHA384: 508037c851d72d2bf8f35ba25436903a510d02d58f923b6d2c694a9a27f4a82b0b0953ee7b3c68078faafe3886a64aa4
-    Signer:
-    - SerialNumber: 12d5c9e2949d48abaccd3514f0fb22ad
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 2d2207d6271a44ea47cc5e0230631ce0
-    SHA1: 168950e41c503b355cfd6d2b776c53ae4d248c40
-    SHA256: 204c757b293a5f4989de859b000b26f2c0539510611344b77f2b78c09c765f86
-  Sections:
-    .text:
-      Entropy: 4.314057326449281
-      Virtual Size: '0xee'
-    .rdata:
-      Entropy: 4.505177600844715
-      Virtual Size: '0x2a0'
-    .data:
-      Entropy: 1.061278124459133
-      Virtual Size: '0x8'
-    PAGE:
-      Entropy: 5.687847565957662
-      Virtual Size: '0x13fc'
-    INIT:
-      Entropy: 5.817706393295498
-      Virtual Size: '0x482'
-    .rsrc:
-      Entropy: 3.607511682433773
-      Virtual Size: '0x384'
-    .reloc:
-      Entropy: 5.356685436726801
-      Virtual Size: '0x164'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2011-03-03 22:49:25'
-  Imphash: e717a2158439123c6fca79b6b2c0ba49
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: ATSZIO.sys
-  MD5: 4814205270caa80d35569eee8081838e
-  SHA1: d6de8983dbd9c4c83f514f4edf1ac7be7f68632f
-  SHA256: c64d4ac416363c7a1aa828929544d1c1d78cf032b39769943b851cfc4c0faafc
-  Authentihash:
-    MD5: 84fc06779f79be8a59caa24378db6eaf
-    SHA1: 2905cbd9b37d55b657f952ec5b5804bd3b1f4263
-    SHA256: e5e4dc1a918e201ec2cf02a036e4dd03dd04dfd179091c8adfbc6745eb830f2f
-  Description: ATSZIO Driver
-  Company: ASUSTek Computer Inc.
-  InternalName: ATSZIO.sys
-  OriginalFilename: ATSZIO.sys
-  FileVersion: 0.2.1.6
-  Product: ATSZIO Driver
-  ProductVersion: 0.2.1.6
-  Copyright: Copyright (C) 2012
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - KeWaitForSingleObject
-  - ExAllocatePool
-  - MmAllocateContiguousMemory
-  - MmFreeContiguousMemory
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoCreateSynchronizationEvent
-  - KeSetEvent
-  - IoDeleteSymbolicLink
-  - ObReferenceObjectByHandle
-  - ZwClose
-  - ZwOpenSection
-  - ZwMapViewOfSection
-  - ZwUnmapViewOfSection
-  - MmGetPhysicalAddress
-  - __C_specific_handler
-  - DbgPrint
-  - IoDeleteDevice
-  - RtlInitUnicodeString
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=TW, ST=Taiwan, L=Taipei / Peitou, O=ASUSTeK Computer Inc., OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=Quality Testing Department,
-        CN=ASUSTeK Computer Inc.
-      ValidFrom: '2012-07-31 00:00:00'
-      ValidTo: '2015-08-03 23:59:59'
-      Signature: 03cd161c1960e13d0b06441f08fdfc9df8319f8d87a83ecc865bc20767841d4087e40dc9d770bdc5c0fe6ccb9cf3e08bee7364451b03fb3130356761cae54417e8a282ed7cd33b0becd72e8799b616a2766976a7172a1cc299e8321ebeb479f592e03f425da4b2ea6a0cd0b5cc32b9bdeec80aa3ef0a62d6e16b72765301d53ef883ab9210a4b868ff2e2724e37804feb5277d3e26da8ba9d0b6ef61769d1c0f62a78757779d7134a63320b1a692584f12162d3fa20ec6e1b038b1a8d7afc2fad7b692759c6a000159714271f40d608fed3c08213b757fa75baf4674380f5aea46b7125f17532c636876c1f3e0d4b0350822f2a640001fda794b969e2cc681c2
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 7d08d9bc130726de26ee4ef28e133084
-      Version: 3
-      TBS:
-        MD5: 72cafb0a175f0481177fa2c9803283c7
-        SHA1: b603167b958c5fcd7094552891ddc4e2ea4c149f
-        SHA256: a36a0024075771a4b30eab8f1288817059fe1a01003d0c1d92f647df17f3b688
-        SHA384: 33c28dc6857ce5d20a2e9ba8a47f6bc80a9a98fba518fd732963bedbbb408848b89b3d8438d413f8b933ee761ffa1653
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 7d08d9bc130726de26ee4ef28e133084
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: c32211b1cd14e7273ae39d610150c37f
-    SHA1: 15e84309be606103c1c0c8b8de4973e973316f26
-    SHA256: e514e2dfdac458b9ce27a41bcafa31f6ac16e83ebadb8f3d9b0a7c1980a2aa13
-  Sections:
-    .text:
-      Entropy: 5.629840921958782
-      Virtual Size: '0x454'
-    .rdata:
-      Entropy: 3.6810420956008976
-      Virtual Size: '0x2ac'
-    .data:
-      Entropy: 0.5159719988134768
-      Virtual Size: '0x110'
-    .pdata:
-      Entropy: 3.335021386184604
-      Virtual Size: '0x60'
-    PAGE:
-      Entropy: 6.2165621918116205
-      Virtual Size: '0xc9e'
-    INIT:
-      Entropy: 5.579359768822763
-      Virtual Size: '0x5c0'
-    .rsrc:
-      Entropy: 3.265811453067132
-      Virtual Size: '0x330'
-    .reloc:
-      Entropy: 1.584962500721156
-      Virtual Size: '0xc'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2013-04-26 05:50:14'
-  Imphash: bb981f82c2bfc3c22471df92d9d0fb89
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: ATSZIO.sys
-  MD5: dbf11f3fad1db3eb08e2ee24b5ebfb95
-  SHA1: cea540a2864ece0a868d841ab27680ff841fcbe6
-  SHA256: e32ab30d01dcff6418544d93f99ae812d2ce6396e809686620547bea05074f6f
-  Authentihash:
-    MD5: 2e9b394c4437948e1c27e2f39a966b6c
-    SHA1: 0ddcc3e9e7d0790007fd6e12e4554f460d2c4d9b
-    SHA256: 6e64c1bbaa6b5dba3f3795f5932511f8f8a49d68d420267896e2e4e51b9d46bc
-  Description: ATSZIO Driver
-  Company: ASUSTek Computer Inc.
-  InternalName: ATSZIO.sys
-  OriginalFilename: ATSZIO.sys
-  FileVersion: 0.2.1.7
-  Product: ATSZIO Driver
-  ProductVersion: 0.2.1.7
-  Copyright: Copyright (C) 2012
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - KeWaitForSingleObject
-  - ExAllocatePool
-  - ExFreePoolWithTag
-  - MmAllocateContiguousMemory
-  - MmFreeContiguousMemory
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoCreateSynchronizationEvent
-  - KeSetEvent
-  - IoDeleteSymbolicLink
-  - ObReferenceObjectByHandle
-  - ZwClose
-  - ZwOpenSection
-  - ZwMapViewOfSection
-  - ZwUnmapViewOfSection
-  - MmGetPhysicalAddress
-  - __C_specific_handler
-  - DbgPrint
-  - IoDeleteDevice
-  - RtlInitUnicodeString
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: ??=TW, ??=Private Organization, serialNumber=23638777, C=TW, ST=Taipei
-        City, L=Beitou District, O=ASUSTeK COMPUTER INC., CN=ASUSTeK COMPUTER INC.
-      ValidFrom: '2020-10-30 00:00:00'
-      ValidTo: '2023-11-02 23:59:59'
-      Signature: 301a945778ef7ae17addaaa66604eba2c6dfdcb0b9db4200e8ac84b325dda0a55eec1d660fa8a409edb3f943e63b40cdb85bc2716c69a014161abc4f455a69a205f263833c8784c78592fcc004d3f99f7e81469ac6dd9e7306add663ea093ce5025330d97968167f535981948f68e02ba22f48fff4074fd8228d8ddfe3a8b363e83a8b606fba71eaac6c91b1bac39ffd8933f69d5177199519a39ba05b5e48e031a8e86bcdd2250c61192fe1ee0d9142e74c07791f25ba2f5830a7b5a892e059576b8844ce45460e7733aa2a3f5bed53a9e1d93e07f5b9eeb6b36faa4c7e2149da1326c6e5a9c9eb288989290f20d4e5b95a60cb537a098acd6dbc9b77f94878
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 068642beebecb7ddb4272ae42e83b490
-      Version: 3
-      TBS:
-        MD5: 2c5294ef0ebb9b6df1431035fef94108
-        SHA1: 4b57c734704a14602480c6912c2d51d9d5052d33
-        SHA256: 9814fbf030a51ce111c153543774960f7a3154a99cca857e8a05ba5b30cb2bc5
-        SHA384: 280d33e5f2de737492037c68617a108e313b911c7597d32a8fc2f3563728e06143fb3eb4b3bb44621f5f2beb9e98f305
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA (SHA2)
-      ValidFrom: '2012-04-18 12:00:00'
-      ValidTo: '2027-04-18 12:00:00'
-      Signature: 19334a0c813337dbad36c9e4c93abbb51b2e7aa2e2f44342179ebf4ea14de1b1dbe981dd9f01f2e488d5e9fe09fd21c1ec5d80d2f0d6c143c2fe772bdbf9d79133ce6cd5b2193be62ed6c9934f88408ecde1f57ef10fc6595672e8eb6a41bd1cd546d57c49ca663815c1bfe091707787dcc98d31c90c29a233ed8de287cd898d3f1bffd5e01a978b7cda6dfba8c6b23a666b7b01b3cdd8a634ec1201ab9558a5c45357a860e6e70212a0b92364a24dbb7c81256421becfee42184397bba53706af4dff26a54d614bec4641b865ceb8799e08960b818c8a3b8fc7998ca32a6e986d5e61c696b78ab9612d93b8eb0e0443d7f5fea6f062d4996aa5c1c1f0649480
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 03f1b4e15f3a82f1149678b3d7d8475c
-      Version: 3
-      TBS:
-        MD5: 83f5de89f641d0fbf60248e10a7b9534
-        SHA1: 382a73a059a08698d6eb98c87e1b36fc750933a4
-        SHA256: eec58131dc11cd7f512501b15fdbc6074c603b68ca91f7162d5a042054edb0cf
-        SHA384: 4a25018683cabfb8ec2cad136334f37f33c89aa8540326322991d997c8adfb7faf06ab602ebd46630fe75fe3d2edc6b1
-    Signer:
-    - SerialNumber: 068642beebecb7ddb4272ae42e83b490
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA (SHA2)
-      Version: 1
-  RichPEHeaderHash:
-    MD5: ea3f57a8bfd8f0e4e847dc32fe9fdba6
-    SHA1: d52bd313fe769bfbf1e5c87df47d4b15f691638d
-    SHA256: 3dc7e16159d35301cb2697bea3164851946104ffc37a5db7211bbd073c32da45
-  Sections:
-    .text:
-      Entropy: 4.839719683879561
-      Virtual Size: '0x3c0'
-    .rdata:
-      Entropy: 3.885151031792537
-      Virtual Size: '0x2c8'
-    .data:
-      Entropy: 0.5035334969292564
-      Virtual Size: '0x118'
-    .pdata:
-      Entropy: 3.34177538214681
-      Virtual Size: '0xa8'
-    PAGE:
-      Entropy: 5.318840689937703
-      Virtual Size: '0x1d6c'
-    INIT:
-      Entropy: 5.551508672970147
-      Virtual Size: '0x72c'
-    .rsrc:
-      Entropy: 3.270591029696899
-      Virtual Size: '0x330'
-    .reloc:
-      Entropy: 1.584962500721156
-      Virtual Size: '0xc'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2014-09-18 06:04:14'
-  Imphash: b19743993dc7f1d48b2a86fe9b9c91e3
-  LoadsDespiteHVCI: 'TRUE'
-- Filename: ATSZIO.sys
-  MD5: 5a1ee9e6a177f305765f09b0ae6ac1c5
-  SHA1: 3f67a43ae174a715795e49f72bc350302de83323
-  SHA256: ecfc52a22e4a41bf53865b0e28309411c60af34a44e31a5c53cdc8c5733e8282
-  Authentihash:
-    MD5: 2e9b394c4437948e1c27e2f39a966b6c
-    SHA1: 0ddcc3e9e7d0790007fd6e12e4554f460d2c4d9b
-    SHA256: 6e64c1bbaa6b5dba3f3795f5932511f8f8a49d68d420267896e2e4e51b9d46bc
-  Description: ATSZIO Driver
-  Company: ASUSTek Computer Inc.
-  InternalName: ATSZIO.sys
-  OriginalFilename: ATSZIO.sys
-  FileVersion: 0.2.1.7
-  Product: ATSZIO Driver
-  ProductVersion: 0.2.1.7
-  Copyright: Copyright (C) 2012
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - KeWaitForSingleObject
-  - ExAllocatePool
-  - ExFreePoolWithTag
-  - MmAllocateContiguousMemory
-  - MmFreeContiguousMemory
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoCreateSynchronizationEvent
-  - KeSetEvent
-  - IoDeleteSymbolicLink
-  - ObReferenceObjectByHandle
-  - ZwClose
-  - ZwOpenSection
-  - ZwMapViewOfSection
-  - ZwUnmapViewOfSection
-  - MmGetPhysicalAddress
-  - __C_specific_handler
-  - DbgPrint
-  - IoDeleteDevice
-  - RtlInitUnicodeString
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=TW, ST=Taiwan, L=Taipei / Peitou, O=ASUSTeK Computer Inc., OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=Quality Testing Department,
-        CN=ASUSTeK Computer Inc.
-      ValidFrom: '2012-07-31 00:00:00'
-      ValidTo: '2015-08-03 23:59:59'
-      Signature: 03cd161c1960e13d0b06441f08fdfc9df8319f8d87a83ecc865bc20767841d4087e40dc9d770bdc5c0fe6ccb9cf3e08bee7364451b03fb3130356761cae54417e8a282ed7cd33b0becd72e8799b616a2766976a7172a1cc299e8321ebeb479f592e03f425da4b2ea6a0cd0b5cc32b9bdeec80aa3ef0a62d6e16b72765301d53ef883ab9210a4b868ff2e2724e37804feb5277d3e26da8ba9d0b6ef61769d1c0f62a78757779d7134a63320b1a692584f12162d3fa20ec6e1b038b1a8d7afc2fad7b692759c6a000159714271f40d608fed3c08213b757fa75baf4674380f5aea46b7125f17532c636876c1f3e0d4b0350822f2a640001fda794b969e2cc681c2
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 7d08d9bc130726de26ee4ef28e133084
-      Version: 3
-      TBS:
-        MD5: 72cafb0a175f0481177fa2c9803283c7
-        SHA1: b603167b958c5fcd7094552891ddc4e2ea4c149f
-        SHA256: a36a0024075771a4b30eab8f1288817059fe1a01003d0c1d92f647df17f3b688
-        SHA384: 33c28dc6857ce5d20a2e9ba8a47f6bc80a9a98fba518fd732963bedbbb408848b89b3d8438d413f8b933ee761ffa1653
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 7d08d9bc130726de26ee4ef28e133084
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: ea3f57a8bfd8f0e4e847dc32fe9fdba6
-    SHA1: d52bd313fe769bfbf1e5c87df47d4b15f691638d
-    SHA256: 3dc7e16159d35301cb2697bea3164851946104ffc37a5db7211bbd073c32da45
-  Sections:
-    .text:
-      Entropy: 4.839719683879561
-      Virtual Size: '0x3c0'
-    .rdata:
-      Entropy: 3.885151031792537
-      Virtual Size: '0x2c8'
-    .data:
-      Entropy: 0.5035334969292564
-      Virtual Size: '0x118'
-    .pdata:
-      Entropy: 3.34177538214681
-      Virtual Size: '0xa8'
-    PAGE:
-      Entropy: 5.318840689937703
-      Virtual Size: '0x1d6c'
-    INIT:
-      Entropy: 5.551508672970147
-      Virtual Size: '0x72c'
-    .rsrc:
-      Entropy: 3.270591029696899
-      Virtual Size: '0x330'
-    .reloc:
-      Entropy: 1.584962500721156
-      Virtual Size: '0xc'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2014-09-18 06:04:14'
-  Imphash: b19743993dc7f1d48b2a86fe9b9c91e3
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: ATSZIO.sys
-  MD5: 6682176866d6bd6b4ea3c8e398bd3aae
-  SHA1: 962e2ac84c28ed5e373d4d4ccb434eceee011974
-  SHA256: fb6b0d304433bf88cc7d57728683dbb4b9833459dc33528918ead09b3907ff22
-  Authentihash:
-    MD5: 34057e393322867a580b2a72bc4b282b
-    SHA1: 439a577db1e655d7f4fde8dea0391867b081b59a
-    SHA256: 1d5ded14ba7821a1021815e70399801bf87dadf9b9eb17325e3c918d53971c8e
-  Description: ATSZIO Driver
-  Company: ASUSTek Computer Inc.
-  InternalName: ATSZIO.sys
-  OriginalFilename: ATSZIO.sys
-  FileVersion: 0.2.2.3
-  Product: ATSZIO Driver
-  ProductVersion: 0.2.2.3
-  Copyright: Copyright (C) 2012
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - KeWaitForSingleObject
-  - ExAllocatePool
-  - ExFreePoolWithTag
-  - MmAllocateContiguousMemory
-  - MmFreeContiguousMemory
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoCreateSynchronizationEvent
-  - KeSetEvent
-  - IoDeleteSymbolicLink
-  - ObReferenceObjectByHandle
-  - ZwClose
-  - ZwOpenSection
-  - ZwMapViewOfSection
-  - ZwUnmapViewOfSection
-  - MmGetPhysicalAddress
-  - __C_specific_handler
-  - DbgPrint
-  - IoDeleteDevice
-  - RtlInitUnicodeString
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: ??=Private Organization, ??=TW, serialNumber=23638777, ??=Pei Tou District,
-        ??=4F No. 150, Li,te Rd, postalCode=11259, C=TW, ST=Taipei, L=Taipei City,
-        O=ASUSTeK Computer Inc., CN=ASUSTeK Computer Inc.
-      ValidFrom: '2015-06-16 00:00:00'
-      ValidTo: '2018-06-19 12:00:00'
-      Signature: 62395f09957b06539614f157a39a1becf829e9b17f3620785bc445abedbf75d9018c75fdf7d2b5616f6f97ca685ed7c53b4b1e21456c94e9f6258ae51c535d69214696004d0d17d46123bfdcfadf1d03d83d70100dfa74516a74d0793ff5e2b9e5a99d172a94a521cb5902ebc205a1bf8c7f581a1a53b351460be4cb493afa23eb80020c4e9163f64112b474e454cceb4bf5d0ac7418394317a9ad3d6b7a13915309540c983f7172d19a787ce2733381cc1f32d9915a047bb3b53cae37b61870d5b3b17720bbc02c8b38538d9ab60de7b0319f3c541ac55c87df0fe344e8dd91cea16894c8a08509a3a77a817b7b6dd513079ec1b365b613d86d6fca5185dad9
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 031c8403876518b80064120f1485a103
-      Version: 3
-      TBS:
-        MD5: 88eada557d1906ff97f3f5f8ef1130cb
-        SHA1: a9f92d787fd948a439fb335046e164acfe06eafa
-        SHA256: 29c935337f78b627161a888c3abe58ff9fab1faf9f78dbdb4786f5e15e459443
-        SHA384: 9848bd68989a313b47170ffe11d1c1ea03457f77e415c430c53d318f67807ac20c1fa7ede8c126727e85860723fc73a0
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA (SHA2)
-      ValidFrom: '2012-04-18 12:00:00'
-      ValidTo: '2027-04-18 12:00:00'
-      Signature: 19334a0c813337dbad36c9e4c93abbb51b2e7aa2e2f44342179ebf4ea14de1b1dbe981dd9f01f2e488d5e9fe09fd21c1ec5d80d2f0d6c143c2fe772bdbf9d79133ce6cd5b2193be62ed6c9934f88408ecde1f57ef10fc6595672e8eb6a41bd1cd546d57c49ca663815c1bfe091707787dcc98d31c90c29a233ed8de287cd898d3f1bffd5e01a978b7cda6dfba8c6b23a666b7b01b3cdd8a634ec1201ab9558a5c45357a860e6e70212a0b92364a24dbb7c81256421becfee42184397bba53706af4dff26a54d614bec4641b865ceb8799e08960b818c8a3b8fc7998ca32a6e986d5e61c696b78ab9612d93b8eb0e0443d7f5fea6f062d4996aa5c1c1f0649480
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 03f1b4e15f3a82f1149678b3d7d8475c
-      Version: 3
-      TBS:
-        MD5: 83f5de89f641d0fbf60248e10a7b9534
-        SHA1: 382a73a059a08698d6eb98c87e1b36fc750933a4
-        SHA256: eec58131dc11cd7f512501b15fdbc6074c603b68ca91f7162d5a042054edb0cf
-        SHA384: 4a25018683cabfb8ec2cad136334f37f33c89aa8540326322991d997c8adfb7faf06ab602ebd46630fe75fe3d2edc6b1
-    Signer:
-    - SerialNumber: 031c8403876518b80064120f1485a103
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA (SHA2)
-      Version: 1
-  RichPEHeaderHash:
-    MD5: bac4d2ba186d83a765b80d179acec778
-    SHA1: d965b6b321fe08249c15669489b3979210f1c1d2
-    SHA256: 4f13446e9695b775949e6ca1af50af4b5167836490480f832d878ded3d7274de
-  Sections:
-    .text:
-      Entropy: 4.8769136993115145
-      Virtual Size: '0x320'
-    .rdata:
-      Entropy: 4.175844561698759
-      Virtual Size: '0x360'
-    .data:
-      Entropy: 0.0
-      Virtual Size: '0x8'
-    .pdata:
-      Entropy: 3.569589067368789
-      Virtual Size: '0xc0'
-    PAGE:
-      Entropy: 5.3401920653450565
-      Virtual Size: '0x2158'
-    INIT:
-      Entropy: 5.486437549085012
-      Virtual Size: '0x62c'
-    .rsrc:
-      Entropy: 3.273940943248981
-      Virtual Size: '0x330'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2018-04-11 05:38:01'
-  Imphash: b19743993dc7f1d48b2a86fe9b9c91e3
-  LoadsDespiteHVCI: 'TRUE'
-Tags:
-- ATSZIO.sys
+-   Filename: ATSZIO.sys
+    MD5: 17b97fbe2e8834d7ad30211635e1b271
+    SHA1: e88259de797573fa515603ad3354aed0bce572f1
+    SHA256: 0da746e49fd662be910d0e366934a7e02898714eaaa577e261ab40eb44222b5c
+    Authentihash:
+        MD5: f1d41369bc171a32ece45fd99af06814
+        SHA1: b3511e640bde63fcfbc22b2043a27d84824ad597
+        SHA256: 8926be6aa6df3b5d20483e0e698ea14fa0fb760844468ed69143d7f503250349
+    Description: ATSZIO Driver
+    Company: ASUSTek Computer Inc.
+    InternalName: ATSZIO.sys
+    OriginalFilename: ATSZIO.sys
+    FileVersion: 0.2.1.7
+    Product: ATSZIO Driver
+    ProductVersion: 0.2.1.7
+    Copyright: Copyright (C) 2012
+    MachineType: I386
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoCreateSynchronizationEvent
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - ObReferenceObjectByHandle
+    - ZwClose
+    - ZwOpenSection
+    - IofCompleteRequest
+    - ZwUnmapViewOfSection
+    - MmGetPhysicalAddress
+    - _aullrem
+    - memcpy
+    - KeTickCount
+    - KeBugCheckEx
+    - RtlUnwind
+    - MmFreeContiguousMemory
+    - MmAllocateContiguousMemory
+    - ExFreePoolWithTag
+    - ExAllocatePool
+    - KeWaitForSingleObject
+    - KeSetEvent
+    - DbgPrint
+    - ZwMapViewOfSection
+    - RtlInitUnicodeString
+    - HalSetBusDataByOffset
+    - WRITE_PORT_ULONG
+    - WRITE_PORT_USHORT
+    - WRITE_PORT_UCHAR
+    - READ_PORT_ULONG
+    - READ_PORT_USHORT
+    - READ_PORT_UCHAR
+    - HalGetBusDataByOffset
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=TW, ST=Taiwan, L=Taipei / Peitou, O=ASUSTeK Computer Inc.,
+                OU=Digital ID Class 3 , Microsoft Software Validation v2, OU=Quality
+                Testing Department, CN=ASUSTeK Computer Inc.
+            ValidFrom: '2012-07-31 00:00:00'
+            ValidTo: '2015-08-03 23:59:59'
+            Signature: 03cd161c1960e13d0b06441f08fdfc9df8319f8d87a83ecc865bc20767841d4087e40dc9d770bdc5c0fe6ccb9cf3e08bee7364451b03fb3130356761cae54417e8a282ed7cd33b0becd72e8799b616a2766976a7172a1cc299e8321ebeb479f592e03f425da4b2ea6a0cd0b5cc32b9bdeec80aa3ef0a62d6e16b72765301d53ef883ab9210a4b868ff2e2724e37804feb5277d3e26da8ba9d0b6ef61769d1c0f62a78757779d7134a63320b1a692584f12162d3fa20ec6e1b038b1a8d7afc2fad7b692759c6a000159714271f40d608fed3c08213b757fa75baf4674380f5aea46b7125f17532c636876c1f3e0d4b0350822f2a640001fda794b969e2cc681c2
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 7d08d9bc130726de26ee4ef28e133084
+            Version: 3
+            TBS:
+                MD5: 72cafb0a175f0481177fa2c9803283c7
+                SHA1: b603167b958c5fcd7094552891ddc4e2ea4c149f
+                SHA256: a36a0024075771a4b30eab8f1288817059fe1a01003d0c1d92f647df17f3b688
+                SHA384: 33c28dc6857ce5d20a2e9ba8a47f6bc80a9a98fba518fd732963bedbbb408848b89b3d8438d413f8b933ee761ffa1653
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 7d08d9bc130726de26ee4ef28e133084
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 77e31117ca3b0811284211afccebd400
+        SHA1: 82163fc8de4b350f7c6a885feab41396ba4f510a
+        SHA256: ca3b2e281532691f7dad80aeabf21f1b6b6a6d030317d5aa540e8168e4e0e2a4
+    Sections:
+        .text:
+            Entropy: 5.868585177859296
+            Virtual Size: '0x3b8'
+        .rdata:
+            Entropy: 4.357749189445287
+            Virtual Size: '0x1f8'
+        .data:
+            Entropy: 2.450212064914747
+            Virtual Size: '0x1c'
+        PAGE:
+            Entropy: 5.939514313917668
+            Virtual Size: '0x185a'
+        INIT:
+            Entropy: 5.998008213295148
+            Virtual Size: '0x718'
+        .rsrc:
+            Entropy: 3.2691875406923323
+            Virtual Size: '0x330'
+        .reloc:
+            Entropy: 5.157296790524136
+            Virtual Size: '0x1c0'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2014-09-18 06:05:53'
+    Imphash: bb56f25a810b329868a0ff8e94080bad
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: ATSZIO.sys
+    MD5: 7ee0c884e7d282958c5b3a9e47f23e13
+    SHA1: 86e893e59352fcb220768fb758fcc5bbd91dd39e
+    SHA256: 1a4f7d7926efc3e3488758ce318246ea78a061bde759ec6c906ff005dd8213e5
+    Authentihash:
+        MD5: 69a92cb6ac87c99f10b24eefa13f0b10
+        SHA1: b66bf2b1b07f8f2bab1418131ae66b0a55265f73
+        SHA256: 0ff8bcc7f938ec71ee33fbe089d38e40a8190603558d4765c47b1b09e1dd764a
+    Description: ATSZIO Driver
+    Company: ASUSTek Computer Inc.
+    InternalName: ATSZIO.sys
+    OriginalFilename: ATSZIO.sys
+    FileVersion: 0.2.1.7
+    Product: ATSZIO Driver
+    ProductVersion: 0.2.1.7
+    Copyright: Copyright (C) 2012
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - KeWaitForSingleObject
+    - ExAllocatePool
+    - ExFreePoolWithTag
+    - MmAllocateContiguousMemory
+    - MmFreeContiguousMemory
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoCreateSynchronizationEvent
+    - KeSetEvent
+    - IoDeleteSymbolicLink
+    - ObReferenceObjectByHandle
+    - ZwClose
+    - ZwOpenSection
+    - ZwMapViewOfSection
+    - ZwUnmapViewOfSection
+    - MmGetPhysicalAddress
+    - __C_specific_handler
+    - DbgPrint
+    - IoDeleteDevice
+    - RtlInitUnicodeString
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Hardware Compatibility Publisher
+            ValidFrom: '2021-09-09 19:15:59'
+            ValidTo: '2022-09-01 19:15:59'
+            Signature: 1757782e797188079911866d54bd474a2432707984658c549a407e7fb4e5efa2ba72367a02b382d2116d4c4538836ddcd4616fcd231229df1ae5d0da6b3abe499ee5d8b47a7919940f6bbcbe2575018dca65eef4913e3d38410f2cd6cca3082d9ba2c061173cd828635665f76e8f0f685e03da24290b9d2cae7039da974de7b7e85798ba64cbe9ba34e0308c3bd6b4d68e9723fde74274fd3806fe799d04d6a3835f82d4fefc52088ccda4b4c817116f2f5a99445a3e952d78bc27753e65e97c6271c71ac7c9e3439b847e8984ab06a5904d150223f9ca92bbda86c02663c3f4964da5e106619b6eaff2768143cce9e5a8b0b2cba90e82cd87866d9fd6499c6cfbc96529a18b5653d12b54a6c928693a4e3d197ffbfcce7ed71a909b18d09b4345b24bc25eb8dfa1821a9cd0971ffc7d38a26580e2f118c4ac55bf926d0666b72ad7ba6ec20f0b54d694bc3b8a0dbddda27bd64194da085319841d1ebc9dc067ef72ea064a475bea865828b13077bc8e14e2f7544b90f0045f3cd84bcc0d5a80645a6fb65528e4f768ec775bdb0225399f3c81c0b667714676d0949f9ffaddc8549dc45e5ce4345c4ea7dc0aff4ac510f5527ad94a2181edc4b73bcfde813a83d81ca897854c98712346001a12e5d3bf9a45c807f9b3c7d3e0bb99c035ea54ee39e2c9af4147dbea7aabec85b47192b945e083ddf6061afb901e83b11135d24e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 330000004de597a775e3157f7b00000000004d
+            Version: 3
+            TBS:
+                MD5: 9f0782e89bd41cdd96ec55357457478a
+                SHA1: 35c2180572baad19019acca1334e6c653699c389
+                SHA256: 50814710213afec410f26e573d25267a2e21d3d15f158be8a43a666c9cc6fa08
+                SHA384: 8d48f066b0284071d64bbc556e018824a8388ccd142a56c7b7b04ef6d27cade07da57ac82d8067e18ad64d35af11e2a7
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2014
+            ValidFrom: '2014-10-15 20:31:27'
+            ValidTo: '2029-10-15 20:41:27'
+            Signature: 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 330000000d690d5d7893d076df00000000000d
+            Version: 3
+            TBS:
+                MD5: 83f69422963f11c3c340b81712eef319
+                SHA1: 0c5e5f24590b53bc291e28583acb78e5adc95601
+                SHA256: d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
+                SHA384: 260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63
+        Signer:
+        -   SerialNumber: 330000004de597a775e3157f7b00000000004d
+            Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2014
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 5633aed816ac7f25c13e7f4286ee4097
+        SHA1: 65f5dfbb3adcd40e7bdac184b5f599df9317377a
+        SHA256: 63b956b0064047af48cfdc479899aa30c5f0c2944c96e6ad03e3c26171d83147
+    Sections:
+        .text:
+            Entropy: 5.55616133376499
+            Virtual Size: '0x5d4'
+        .rdata:
+            Entropy: 3.9257359466643256
+            Virtual Size: '0x2ec'
+        .data:
+            Entropy: 0.5035334969292564
+            Virtual Size: '0x118'
+        .pdata:
+            Entropy: 3.305451172213043
+            Virtual Size: '0x60'
+        PAGE:
+            Entropy: 6.205978336553792
+            Virtual Size: '0xcfe'
+        INIT:
+            Entropy: 5.6051981124019505
+            Virtual Size: '0x5dc'
+        .rsrc:
+            Entropy: 3.2691875406923323
+            Virtual Size: '0x330'
+        .reloc:
+            Entropy: 1.584962500721156
+            Virtual Size: '0xc'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2014-09-18 06:04:29'
+    Imphash: b19743993dc7f1d48b2a86fe9b9c91e3
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: ATSZIO.sys
+    MD5: 030c8432981e4d41b191624b3e07afe2
+    SHA1: 87d47340d1940eaeb788523606804855818569e3
+    SHA256: 31d8fc6f5fb837d5eb29db828d13ba8ee11867d86a90b2c2483a578e1d0ec43a
+    Authentihash:
+        MD5: f3a217e8c7a1c871d6588e7ef85ed660
+        SHA1: b5407f564315cfd3eac7c7663fac575fd18f565d
+        SHA256: 028aed97e90c5a231069a3fa0853c67ea5853c4bbfea6247c6f4b53509581d05
+    Description: ATSZIO Driver
+    Company: ''
+    InternalName: ATSZIO
+    OriginalFilename: ATSZIO.sys
+    FileVersion: 0, 2, 1, 2
+    Product: ATSZIO Driver
+    ProductVersion: 0, 2, 1, 2
+    Copyright: Copyright (C) 2010
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoCreateDevice
+    - RtlInitUnicodeString
+    - IoDeleteSymbolicLink
+    - ZwClose
+    - IofCompleteRequest
+    - __C_specific_handler
+    - MmFreeContiguousMemory
+    - MmGetPhysicalAddress
+    - IoCreateSynchronizationEvent
+    - KeSetEvent
+    - KeWaitForSingleObject
+    - RtlAssert
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - ZwUnmapViewOfSection
+    - IoDeleteDevice
+    - MmAllocateContiguousMemory
+    - IoCreateSymbolicLink
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=TW, ST=Taiwan, L=Taipei / Peitou, O=ASUSTeK Computer Inc.,
+                OU=Digital ID Class 3 , Microsoft Software Validation v2, OU=Quality
+                Testing Department, CN=ASUSTeK Computer Inc.
+            ValidFrom: '2009-08-03 00:00:00'
+            ValidTo: '2012-08-03 23:59:59'
+            Signature: bdc1dedf888c617c55af86763028f36094aeaadb7ebe82208e02d910305a252b4156a62a7f17366536fde06c13ff2bd8891e303a1e8c5c3cdb5fb257627367e3b6446b76c8080f61feac4424c5ef89467a79dc55fcb929805b727a10b39493038f97535686250f46e169bc85a02fb1f8a2626235a540e058084d1b17dbb7c426e76a8d3c2b3e2c0c4f33b9d6cc8d7a3590f8f61358ea5380ee0af3df7197dc4a615bcef1bcd119dba007d955d1acd14b42ab89d3539047d13d3e767de04ab5aa289fa0a698a582e84a5a65a1c9fabed2f75576629e8ad1826b68f2fca2baa751745f5ec968ed91cdf9761244a80b8c0d957900297ac3523c7a20c64e35be1b0a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 12d5c9e2949d48abaccd3514f0fb22ad
+            Version: 3
+            TBS:
+                MD5: a8e2727ca2cb8705c02aaef015feb372
+                SHA1: 94a0711ecebe96729e048ae1c7de9c4ba5c25ec4
+                SHA256: dd670882ef38bfeecfb2865ad06f52e36b07f99fbf5937b2ede58178d2221961
+                SHA384: 508037c851d72d2bf8f35ba25436903a510d02d58f923b6d2c694a9a27f4a82b0b0953ee7b3c68078faafe3886a64aa4
+        Signer:
+        -   SerialNumber: 12d5c9e2949d48abaccd3514f0fb22ad
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 3dc6d69ce1ae56d00286bda816862677
+        SHA1: 80ad1e727f443db7d78e9fc875eaa3d29dcf67c1
+        SHA256: 1e2ad898c34cb73fe3468988c17185c8a3a10497601d8293da289f21938ff307
+    Sections:
+        .text:
+            Entropy: 4.948916770686984
+            Virtual Size: '0x1a0'
+        .rdata:
+            Entropy: 4.490690230329159
+            Virtual Size: '0x310'
+        .data:
+            Entropy: 0.0
+            Virtual Size: '0x8'
+        .pdata:
+            Entropy: 3.2171634497268213
+            Virtual Size: '0x9c'
+        PAGE:
+            Entropy: 5.211344772340833
+            Virtual Size: '0x1a74'
+        INIT:
+            Entropy: 5.422880577078522
+            Virtual Size: '0x51e'
+        .rsrc:
+            Entropy: 3.6129747487589423
+            Virtual Size: '0x384'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2011-03-03 22:49:03'
+    Imphash: 2233472cee6457ad207017803048aaff
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: ATSZIO.sys
+    MD5: 715ac0756234a203cb7ce8524b6ddc0d
+    SHA1: d73dabcb3f55935b701542fd26875006217ebbbe
+    SHA256: 55a1535e173c998fbbc978009b02d36ca0c737340d84ac2a8da73dfc2f450ef9
+    Authentihash:
+        MD5: 272a0dd6f4b32694511cadaba438aec8
+        SHA1: 584b6a0e2dc45ce2d5ee5becf3ef09e7877a619b
+        SHA256: 18bea05d56bcbc0e23663db9b6dc79d9db3a218e711415a1e420dea2e183cb5e
+    Description: ATSZIO Driver
+    Company: ASUSTek Computer Inc.
+    InternalName: ATSZIO.sys
+    OriginalFilename: ATSZIO.sys
+    FileVersion: 0.2.1.6
+    Product: ATSZIO Driver
+    ProductVersion: 0.2.1.6
+    Copyright: Copyright (C) 2012
+    MachineType: I386
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoCreateSymbolicLink
+    - IoCreateSynchronizationEvent
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - ObReferenceObjectByHandle
+    - ZwClose
+    - IoCreateDevice
+    - ZwMapViewOfSection
+    - ZwUnmapViewOfSection
+    - MmGetPhysicalAddress
+    - memcpy
+    - KeTickCount
+    - RtlUnwind
+    - IofCompleteRequest
+    - MmFreeContiguousMemory
+    - MmAllocateContiguousMemory
+    - ExAllocatePool
+    - KeWaitForSingleObject
+    - KeSetEvent
+    - DbgPrint
+    - ZwOpenSection
+    - RtlInitUnicodeString
+    - KeBugCheckEx
+    - HalSetBusDataByOffset
+    - WRITE_PORT_ULONG
+    - WRITE_PORT_USHORT
+    - WRITE_PORT_UCHAR
+    - READ_PORT_ULONG
+    - READ_PORT_USHORT
+    - READ_PORT_UCHAR
+    - HalGetBusDataByOffset
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=TW, ST=Taiwan, L=Taipei / Peitou, O=ASUSTeK Computer Inc.,
+                OU=Digital ID Class 3 , Microsoft Software Validation v2, OU=Quality
+                Testing Department, CN=ASUSTeK Computer Inc.
+            ValidFrom: '2012-07-31 00:00:00'
+            ValidTo: '2015-08-03 23:59:59'
+            Signature: 03cd161c1960e13d0b06441f08fdfc9df8319f8d87a83ecc865bc20767841d4087e40dc9d770bdc5c0fe6ccb9cf3e08bee7364451b03fb3130356761cae54417e8a282ed7cd33b0becd72e8799b616a2766976a7172a1cc299e8321ebeb479f592e03f425da4b2ea6a0cd0b5cc32b9bdeec80aa3ef0a62d6e16b72765301d53ef883ab9210a4b868ff2e2724e37804feb5277d3e26da8ba9d0b6ef61769d1c0f62a78757779d7134a63320b1a692584f12162d3fa20ec6e1b038b1a8d7afc2fad7b692759c6a000159714271f40d608fed3c08213b757fa75baf4674380f5aea46b7125f17532c636876c1f3e0d4b0350822f2a640001fda794b969e2cc681c2
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 7d08d9bc130726de26ee4ef28e133084
+            Version: 3
+            TBS:
+                MD5: 72cafb0a175f0481177fa2c9803283c7
+                SHA1: b603167b958c5fcd7094552891ddc4e2ea4c149f
+                SHA256: a36a0024075771a4b30eab8f1288817059fe1a01003d0c1d92f647df17f3b688
+                SHA384: 33c28dc6857ce5d20a2e9ba8a47f6bc80a9a98fba518fd732963bedbbb408848b89b3d8438d413f8b933ee761ffa1653
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 7d08d9bc130726de26ee4ef28e133084
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 437fa46984a3255a7a5fdacd2ab50317
+        SHA1: d6aad3b796e1fecfdc71cd91de7f92719e158d36
+        SHA256: 25b7e6a886196d4028fd20dcd1d83b54348bedac1557396b3360e7cee1ec5e79
+    Sections:
+        .text:
+            Entropy: 5.86706170836468
+            Virtual Size: '0x3c8'
+        .rdata:
+            Entropy: 3.9276963740014468
+            Virtual Size: '0x1c8'
+        .data:
+            Entropy: 2.709147917027245
+            Virtual Size: '0x18'
+        PAGE:
+            Entropy: 6.274279745602613
+            Virtual Size: '0xb78'
+        INIT:
+            Entropy: 5.997110576759958
+            Virtual Size: '0x614'
+        .rsrc:
+            Entropy: 3.2681400493047423
+            Virtual Size: '0x330'
+        .reloc:
+            Entropy: 4.460990027729786
+            Virtual Size: '0x13c'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2013-04-26 05:50:44'
+    Imphash: ff605557fd515d7ab30ff41dbd8bd24a
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: ATSZIO.sys
+    MD5: f84da507b3067f019c340b737cd68d32
+    SHA1: 5e9538d76b75f87f94ca5409ae3ddc363e8aba7f
+    SHA256: 673bcec3d53fab5efd6e3bac25ac9d6cc51f6bbdf8336e38aade2713dc1ae11b
+    Authentihash:
+        MD5: aec83d758be98eb60b7463bc71eb1242
+        SHA1: 1ce64a20f37b9a86bd55b2ae592a5b90e6e9ea40
+        SHA256: 1631d124bd8b2917c37abfe0f7b3dfa9e309ec54f69bdab2e2b5de3929d523d7
+    Description: ATSZIO Driver
+    Company: ''
+    InternalName: ATSZIO
+    OriginalFilename: ATSZIO.sys
+    FileVersion: 0, 2, 1, 2
+    Product: ATSZIO Driver
+    ProductVersion: 0, 2, 1, 2
+    Copyright: Copyright (C) 2010
+    MachineType: I386
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - MmGetPhysicalAddress
+    - MmAllocateContiguousMemory
+    - KeSetEvent
+    - KeWaitForSingleObject
+    - _except_handler3
+    - MmFreeContiguousMemory
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - ZwUnmapViewOfSection
+    - IofCompleteRequest
+    - ZwClose
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - IoCreateDevice
+    - IoCreateSynchronizationEvent
+    - IoDeleteDevice
+    - RtlAssert
+    - IoCreateSymbolicLink
+    - READ_PORT_ULONG
+    - HalGetBusDataByOffset
+    - HalSetBusDataByOffset
+    - READ_PORT_UCHAR
+    - READ_PORT_USHORT
+    - WRITE_PORT_UCHAR
+    - WRITE_PORT_USHORT
+    - WRITE_PORT_ULONG
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=TW, ST=Taiwan, L=Taipei / Peitou, O=ASUSTeK Computer Inc.,
+                OU=Digital ID Class 3 , Microsoft Software Validation v2, OU=Quality
+                Testing Department, CN=ASUSTeK Computer Inc.
+            ValidFrom: '2009-08-03 00:00:00'
+            ValidTo: '2012-08-03 23:59:59'
+            Signature: bdc1dedf888c617c55af86763028f36094aeaadb7ebe82208e02d910305a252b4156a62a7f17366536fde06c13ff2bd8891e303a1e8c5c3cdb5fb257627367e3b6446b76c8080f61feac4424c5ef89467a79dc55fcb929805b727a10b39493038f97535686250f46e169bc85a02fb1f8a2626235a540e058084d1b17dbb7c426e76a8d3c2b3e2c0c4f33b9d6cc8d7a3590f8f61358ea5380ee0af3df7197dc4a615bcef1bcd119dba007d955d1acd14b42ab89d3539047d13d3e767de04ab5aa289fa0a698a582e84a5a65a1c9fabed2f75576629e8ad1826b68f2fca2baa751745f5ec968ed91cdf9761244a80b8c0d957900297ac3523c7a20c64e35be1b0a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 12d5c9e2949d48abaccd3514f0fb22ad
+            Version: 3
+            TBS:
+                MD5: a8e2727ca2cb8705c02aaef015feb372
+                SHA1: 94a0711ecebe96729e048ae1c7de9c4ba5c25ec4
+                SHA256: dd670882ef38bfeecfb2865ad06f52e36b07f99fbf5937b2ede58178d2221961
+                SHA384: 508037c851d72d2bf8f35ba25436903a510d02d58f923b6d2c694a9a27f4a82b0b0953ee7b3c68078faafe3886a64aa4
+        Signer:
+        -   SerialNumber: 12d5c9e2949d48abaccd3514f0fb22ad
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 2d2207d6271a44ea47cc5e0230631ce0
+        SHA1: 168950e41c503b355cfd6d2b776c53ae4d248c40
+        SHA256: 204c757b293a5f4989de859b000b26f2c0539510611344b77f2b78c09c765f86
+    Sections:
+        .text:
+            Entropy: 4.314057326449281
+            Virtual Size: '0xee'
+        .rdata:
+            Entropy: 4.505177600844715
+            Virtual Size: '0x2a0'
+        .data:
+            Entropy: 1.061278124459133
+            Virtual Size: '0x8'
+        PAGE:
+            Entropy: 5.687847565957662
+            Virtual Size: '0x13fc'
+        INIT:
+            Entropy: 5.817706393295498
+            Virtual Size: '0x482'
+        .rsrc:
+            Entropy: 3.607511682433773
+            Virtual Size: '0x384'
+        .reloc:
+            Entropy: 5.356685436726801
+            Virtual Size: '0x164'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2011-03-03 22:49:25'
+    Imphash: e717a2158439123c6fca79b6b2c0ba49
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: ATSZIO.sys
+    MD5: 4814205270caa80d35569eee8081838e
+    SHA1: d6de8983dbd9c4c83f514f4edf1ac7be7f68632f
+    SHA256: c64d4ac416363c7a1aa828929544d1c1d78cf032b39769943b851cfc4c0faafc
+    Authentihash:
+        MD5: 84fc06779f79be8a59caa24378db6eaf
+        SHA1: 2905cbd9b37d55b657f952ec5b5804bd3b1f4263
+        SHA256: e5e4dc1a918e201ec2cf02a036e4dd03dd04dfd179091c8adfbc6745eb830f2f
+    Description: ATSZIO Driver
+    Company: ASUSTek Computer Inc.
+    InternalName: ATSZIO.sys
+    OriginalFilename: ATSZIO.sys
+    FileVersion: 0.2.1.6
+    Product: ATSZIO Driver
+    ProductVersion: 0.2.1.6
+    Copyright: Copyright (C) 2012
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - KeWaitForSingleObject
+    - ExAllocatePool
+    - MmAllocateContiguousMemory
+    - MmFreeContiguousMemory
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoCreateSynchronizationEvent
+    - KeSetEvent
+    - IoDeleteSymbolicLink
+    - ObReferenceObjectByHandle
+    - ZwClose
+    - ZwOpenSection
+    - ZwMapViewOfSection
+    - ZwUnmapViewOfSection
+    - MmGetPhysicalAddress
+    - __C_specific_handler
+    - DbgPrint
+    - IoDeleteDevice
+    - RtlInitUnicodeString
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=TW, ST=Taiwan, L=Taipei / Peitou, O=ASUSTeK Computer Inc.,
+                OU=Digital ID Class 3 , Microsoft Software Validation v2, OU=Quality
+                Testing Department, CN=ASUSTeK Computer Inc.
+            ValidFrom: '2012-07-31 00:00:00'
+            ValidTo: '2015-08-03 23:59:59'
+            Signature: 03cd161c1960e13d0b06441f08fdfc9df8319f8d87a83ecc865bc20767841d4087e40dc9d770bdc5c0fe6ccb9cf3e08bee7364451b03fb3130356761cae54417e8a282ed7cd33b0becd72e8799b616a2766976a7172a1cc299e8321ebeb479f592e03f425da4b2ea6a0cd0b5cc32b9bdeec80aa3ef0a62d6e16b72765301d53ef883ab9210a4b868ff2e2724e37804feb5277d3e26da8ba9d0b6ef61769d1c0f62a78757779d7134a63320b1a692584f12162d3fa20ec6e1b038b1a8d7afc2fad7b692759c6a000159714271f40d608fed3c08213b757fa75baf4674380f5aea46b7125f17532c636876c1f3e0d4b0350822f2a640001fda794b969e2cc681c2
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 7d08d9bc130726de26ee4ef28e133084
+            Version: 3
+            TBS:
+                MD5: 72cafb0a175f0481177fa2c9803283c7
+                SHA1: b603167b958c5fcd7094552891ddc4e2ea4c149f
+                SHA256: a36a0024075771a4b30eab8f1288817059fe1a01003d0c1d92f647df17f3b688
+                SHA384: 33c28dc6857ce5d20a2e9ba8a47f6bc80a9a98fba518fd732963bedbbb408848b89b3d8438d413f8b933ee761ffa1653
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 7d08d9bc130726de26ee4ef28e133084
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: c32211b1cd14e7273ae39d610150c37f
+        SHA1: 15e84309be606103c1c0c8b8de4973e973316f26
+        SHA256: e514e2dfdac458b9ce27a41bcafa31f6ac16e83ebadb8f3d9b0a7c1980a2aa13
+    Sections:
+        .text:
+            Entropy: 5.629840921958782
+            Virtual Size: '0x454'
+        .rdata:
+            Entropy: 3.6810420956008976
+            Virtual Size: '0x2ac'
+        .data:
+            Entropy: 0.5159719988134768
+            Virtual Size: '0x110'
+        .pdata:
+            Entropy: 3.335021386184604
+            Virtual Size: '0x60'
+        PAGE:
+            Entropy: 6.2165621918116205
+            Virtual Size: '0xc9e'
+        INIT:
+            Entropy: 5.579359768822763
+            Virtual Size: '0x5c0'
+        .rsrc:
+            Entropy: 3.265811453067132
+            Virtual Size: '0x330'
+        .reloc:
+            Entropy: 1.584962500721156
+            Virtual Size: '0xc'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2013-04-26 05:50:14'
+    Imphash: bb981f82c2bfc3c22471df92d9d0fb89
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: ATSZIO.sys
+    MD5: dbf11f3fad1db3eb08e2ee24b5ebfb95
+    SHA1: cea540a2864ece0a868d841ab27680ff841fcbe6
+    SHA256: e32ab30d01dcff6418544d93f99ae812d2ce6396e809686620547bea05074f6f
+    Authentihash:
+        MD5: 2e9b394c4437948e1c27e2f39a966b6c
+        SHA1: 0ddcc3e9e7d0790007fd6e12e4554f460d2c4d9b
+        SHA256: 6e64c1bbaa6b5dba3f3795f5932511f8f8a49d68d420267896e2e4e51b9d46bc
+    Description: ATSZIO Driver
+    Company: ASUSTek Computer Inc.
+    InternalName: ATSZIO.sys
+    OriginalFilename: ATSZIO.sys
+    FileVersion: 0.2.1.7
+    Product: ATSZIO Driver
+    ProductVersion: 0.2.1.7
+    Copyright: Copyright (C) 2012
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - KeWaitForSingleObject
+    - ExAllocatePool
+    - ExFreePoolWithTag
+    - MmAllocateContiguousMemory
+    - MmFreeContiguousMemory
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoCreateSynchronizationEvent
+    - KeSetEvent
+    - IoDeleteSymbolicLink
+    - ObReferenceObjectByHandle
+    - ZwClose
+    - ZwOpenSection
+    - ZwMapViewOfSection
+    - ZwUnmapViewOfSection
+    - MmGetPhysicalAddress
+    - __C_specific_handler
+    - DbgPrint
+    - IoDeleteDevice
+    - RtlInitUnicodeString
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: ??=TW, ??=Private Organization, serialNumber=23638777, C=TW,
+                ST=Taipei City, L=Beitou District, O=ASUSTeK COMPUTER INC., CN=ASUSTeK
+                COMPUTER INC.
+            ValidFrom: '2020-10-30 00:00:00'
+            ValidTo: '2023-11-02 23:59:59'
+            Signature: 301a945778ef7ae17addaaa66604eba2c6dfdcb0b9db4200e8ac84b325dda0a55eec1d660fa8a409edb3f943e63b40cdb85bc2716c69a014161abc4f455a69a205f263833c8784c78592fcc004d3f99f7e81469ac6dd9e7306add663ea093ce5025330d97968167f535981948f68e02ba22f48fff4074fd8228d8ddfe3a8b363e83a8b606fba71eaac6c91b1bac39ffd8933f69d5177199519a39ba05b5e48e031a8e86bcdd2250c61192fe1ee0d9142e74c07791f25ba2f5830a7b5a892e059576b8844ce45460e7733aa2a3f5bed53a9e1d93e07f5b9eeb6b36faa4c7e2149da1326c6e5a9c9eb288989290f20d4e5b95a60cb537a098acd6dbc9b77f94878
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 068642beebecb7ddb4272ae42e83b490
+            Version: 3
+            TBS:
+                MD5: 2c5294ef0ebb9b6df1431035fef94108
+                SHA1: 4b57c734704a14602480c6912c2d51d9d5052d33
+                SHA256: 9814fbf030a51ce111c153543774960f7a3154a99cca857e8a05ba5b30cb2bc5
+                SHA384: 280d33e5f2de737492037c68617a108e313b911c7597d32a8fc2f3563728e06143fb3eb4b3bb44621f5f2beb9e98f305
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA (SHA2)
+            ValidFrom: '2012-04-18 12:00:00'
+            ValidTo: '2027-04-18 12:00:00'
+            Signature: 19334a0c813337dbad36c9e4c93abbb51b2e7aa2e2f44342179ebf4ea14de1b1dbe981dd9f01f2e488d5e9fe09fd21c1ec5d80d2f0d6c143c2fe772bdbf9d79133ce6cd5b2193be62ed6c9934f88408ecde1f57ef10fc6595672e8eb6a41bd1cd546d57c49ca663815c1bfe091707787dcc98d31c90c29a233ed8de287cd898d3f1bffd5e01a978b7cda6dfba8c6b23a666b7b01b3cdd8a634ec1201ab9558a5c45357a860e6e70212a0b92364a24dbb7c81256421becfee42184397bba53706af4dff26a54d614bec4641b865ceb8799e08960b818c8a3b8fc7998ca32a6e986d5e61c696b78ab9612d93b8eb0e0443d7f5fea6f062d4996aa5c1c1f0649480
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 03f1b4e15f3a82f1149678b3d7d8475c
+            Version: 3
+            TBS:
+                MD5: 83f5de89f641d0fbf60248e10a7b9534
+                SHA1: 382a73a059a08698d6eb98c87e1b36fc750933a4
+                SHA256: eec58131dc11cd7f512501b15fdbc6074c603b68ca91f7162d5a042054edb0cf
+                SHA384: 4a25018683cabfb8ec2cad136334f37f33c89aa8540326322991d997c8adfb7faf06ab602ebd46630fe75fe3d2edc6b1
+        Signer:
+        -   SerialNumber: 068642beebecb7ddb4272ae42e83b490
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA (SHA2)
+            Version: 1
+    RichPEHeaderHash:
+        MD5: ea3f57a8bfd8f0e4e847dc32fe9fdba6
+        SHA1: d52bd313fe769bfbf1e5c87df47d4b15f691638d
+        SHA256: 3dc7e16159d35301cb2697bea3164851946104ffc37a5db7211bbd073c32da45
+    Sections:
+        .text:
+            Entropy: 4.839719683879561
+            Virtual Size: '0x3c0'
+        .rdata:
+            Entropy: 3.885151031792537
+            Virtual Size: '0x2c8'
+        .data:
+            Entropy: 0.5035334969292564
+            Virtual Size: '0x118'
+        .pdata:
+            Entropy: 3.34177538214681
+            Virtual Size: '0xa8'
+        PAGE:
+            Entropy: 5.318840689937703
+            Virtual Size: '0x1d6c'
+        INIT:
+            Entropy: 5.551508672970147
+            Virtual Size: '0x72c'
+        .rsrc:
+            Entropy: 3.270591029696899
+            Virtual Size: '0x330'
+        .reloc:
+            Entropy: 1.584962500721156
+            Virtual Size: '0xc'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2014-09-18 06:04:14'
+    Imphash: b19743993dc7f1d48b2a86fe9b9c91e3
+    LoadsDespiteHVCI: 'TRUE'
+-   Filename: ATSZIO.sys
+    MD5: 5a1ee9e6a177f305765f09b0ae6ac1c5
+    SHA1: 3f67a43ae174a715795e49f72bc350302de83323
+    SHA256: ecfc52a22e4a41bf53865b0e28309411c60af34a44e31a5c53cdc8c5733e8282
+    Authentihash:
+        MD5: 2e9b394c4437948e1c27e2f39a966b6c
+        SHA1: 0ddcc3e9e7d0790007fd6e12e4554f460d2c4d9b
+        SHA256: 6e64c1bbaa6b5dba3f3795f5932511f8f8a49d68d420267896e2e4e51b9d46bc
+    Description: ATSZIO Driver
+    Company: ASUSTek Computer Inc.
+    InternalName: ATSZIO.sys
+    OriginalFilename: ATSZIO.sys
+    FileVersion: 0.2.1.7
+    Product: ATSZIO Driver
+    ProductVersion: 0.2.1.7
+    Copyright: Copyright (C) 2012
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - KeWaitForSingleObject
+    - ExAllocatePool
+    - ExFreePoolWithTag
+    - MmAllocateContiguousMemory
+    - MmFreeContiguousMemory
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoCreateSynchronizationEvent
+    - KeSetEvent
+    - IoDeleteSymbolicLink
+    - ObReferenceObjectByHandle
+    - ZwClose
+    - ZwOpenSection
+    - ZwMapViewOfSection
+    - ZwUnmapViewOfSection
+    - MmGetPhysicalAddress
+    - __C_specific_handler
+    - DbgPrint
+    - IoDeleteDevice
+    - RtlInitUnicodeString
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=TW, ST=Taiwan, L=Taipei / Peitou, O=ASUSTeK Computer Inc.,
+                OU=Digital ID Class 3 , Microsoft Software Validation v2, OU=Quality
+                Testing Department, CN=ASUSTeK Computer Inc.
+            ValidFrom: '2012-07-31 00:00:00'
+            ValidTo: '2015-08-03 23:59:59'
+            Signature: 03cd161c1960e13d0b06441f08fdfc9df8319f8d87a83ecc865bc20767841d4087e40dc9d770bdc5c0fe6ccb9cf3e08bee7364451b03fb3130356761cae54417e8a282ed7cd33b0becd72e8799b616a2766976a7172a1cc299e8321ebeb479f592e03f425da4b2ea6a0cd0b5cc32b9bdeec80aa3ef0a62d6e16b72765301d53ef883ab9210a4b868ff2e2724e37804feb5277d3e26da8ba9d0b6ef61769d1c0f62a78757779d7134a63320b1a692584f12162d3fa20ec6e1b038b1a8d7afc2fad7b692759c6a000159714271f40d608fed3c08213b757fa75baf4674380f5aea46b7125f17532c636876c1f3e0d4b0350822f2a640001fda794b969e2cc681c2
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 7d08d9bc130726de26ee4ef28e133084
+            Version: 3
+            TBS:
+                MD5: 72cafb0a175f0481177fa2c9803283c7
+                SHA1: b603167b958c5fcd7094552891ddc4e2ea4c149f
+                SHA256: a36a0024075771a4b30eab8f1288817059fe1a01003d0c1d92f647df17f3b688
+                SHA384: 33c28dc6857ce5d20a2e9ba8a47f6bc80a9a98fba518fd732963bedbbb408848b89b3d8438d413f8b933ee761ffa1653
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 7d08d9bc130726de26ee4ef28e133084
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: ea3f57a8bfd8f0e4e847dc32fe9fdba6
+        SHA1: d52bd313fe769bfbf1e5c87df47d4b15f691638d
+        SHA256: 3dc7e16159d35301cb2697bea3164851946104ffc37a5db7211bbd073c32da45
+    Sections:
+        .text:
+            Entropy: 4.839719683879561
+            Virtual Size: '0x3c0'
+        .rdata:
+            Entropy: 3.885151031792537
+            Virtual Size: '0x2c8'
+        .data:
+            Entropy: 0.5035334969292564
+            Virtual Size: '0x118'
+        .pdata:
+            Entropy: 3.34177538214681
+            Virtual Size: '0xa8'
+        PAGE:
+            Entropy: 5.318840689937703
+            Virtual Size: '0x1d6c'
+        INIT:
+            Entropy: 5.551508672970147
+            Virtual Size: '0x72c'
+        .rsrc:
+            Entropy: 3.270591029696899
+            Virtual Size: '0x330'
+        .reloc:
+            Entropy: 1.584962500721156
+            Virtual Size: '0xc'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2014-09-18 06:04:14'
+    Imphash: b19743993dc7f1d48b2a86fe9b9c91e3
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: ATSZIO.sys
+    MD5: 6682176866d6bd6b4ea3c8e398bd3aae
+    SHA1: 962e2ac84c28ed5e373d4d4ccb434eceee011974
+    SHA256: fb6b0d304433bf88cc7d57728683dbb4b9833459dc33528918ead09b3907ff22
+    Authentihash:
+        MD5: 34057e393322867a580b2a72bc4b282b
+        SHA1: 439a577db1e655d7f4fde8dea0391867b081b59a
+        SHA256: 1d5ded14ba7821a1021815e70399801bf87dadf9b9eb17325e3c918d53971c8e
+    Description: ATSZIO Driver
+    Company: ASUSTek Computer Inc.
+    InternalName: ATSZIO.sys
+    OriginalFilename: ATSZIO.sys
+    FileVersion: 0.2.2.3
+    Product: ATSZIO Driver
+    ProductVersion: 0.2.2.3
+    Copyright: Copyright (C) 2012
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - KeWaitForSingleObject
+    - ExAllocatePool
+    - ExFreePoolWithTag
+    - MmAllocateContiguousMemory
+    - MmFreeContiguousMemory
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoCreateSynchronizationEvent
+    - KeSetEvent
+    - IoDeleteSymbolicLink
+    - ObReferenceObjectByHandle
+    - ZwClose
+    - ZwOpenSection
+    - ZwMapViewOfSection
+    - ZwUnmapViewOfSection
+    - MmGetPhysicalAddress
+    - __C_specific_handler
+    - DbgPrint
+    - IoDeleteDevice
+    - RtlInitUnicodeString
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: ??=Private Organization, ??=TW, serialNumber=23638777, ??=Pei
+                Tou District, ??=4F No. 150, Li,te Rd, postalCode=11259, C=TW, ST=Taipei,
+                L=Taipei City, O=ASUSTeK Computer Inc., CN=ASUSTeK Computer Inc.
+            ValidFrom: '2015-06-16 00:00:00'
+            ValidTo: '2018-06-19 12:00:00'
+            Signature: 62395f09957b06539614f157a39a1becf829e9b17f3620785bc445abedbf75d9018c75fdf7d2b5616f6f97ca685ed7c53b4b1e21456c94e9f6258ae51c535d69214696004d0d17d46123bfdcfadf1d03d83d70100dfa74516a74d0793ff5e2b9e5a99d172a94a521cb5902ebc205a1bf8c7f581a1a53b351460be4cb493afa23eb80020c4e9163f64112b474e454cceb4bf5d0ac7418394317a9ad3d6b7a13915309540c983f7172d19a787ce2733381cc1f32d9915a047bb3b53cae37b61870d5b3b17720bbc02c8b38538d9ab60de7b0319f3c541ac55c87df0fe344e8dd91cea16894c8a08509a3a77a817b7b6dd513079ec1b365b613d86d6fca5185dad9
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 031c8403876518b80064120f1485a103
+            Version: 3
+            TBS:
+                MD5: 88eada557d1906ff97f3f5f8ef1130cb
+                SHA1: a9f92d787fd948a439fb335046e164acfe06eafa
+                SHA256: 29c935337f78b627161a888c3abe58ff9fab1faf9f78dbdb4786f5e15e459443
+                SHA384: 9848bd68989a313b47170ffe11d1c1ea03457f77e415c430c53d318f67807ac20c1fa7ede8c126727e85860723fc73a0
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA (SHA2)
+            ValidFrom: '2012-04-18 12:00:00'
+            ValidTo: '2027-04-18 12:00:00'
+            Signature: 19334a0c813337dbad36c9e4c93abbb51b2e7aa2e2f44342179ebf4ea14de1b1dbe981dd9f01f2e488d5e9fe09fd21c1ec5d80d2f0d6c143c2fe772bdbf9d79133ce6cd5b2193be62ed6c9934f88408ecde1f57ef10fc6595672e8eb6a41bd1cd546d57c49ca663815c1bfe091707787dcc98d31c90c29a233ed8de287cd898d3f1bffd5e01a978b7cda6dfba8c6b23a666b7b01b3cdd8a634ec1201ab9558a5c45357a860e6e70212a0b92364a24dbb7c81256421becfee42184397bba53706af4dff26a54d614bec4641b865ceb8799e08960b818c8a3b8fc7998ca32a6e986d5e61c696b78ab9612d93b8eb0e0443d7f5fea6f062d4996aa5c1c1f0649480
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 03f1b4e15f3a82f1149678b3d7d8475c
+            Version: 3
+            TBS:
+                MD5: 83f5de89f641d0fbf60248e10a7b9534
+                SHA1: 382a73a059a08698d6eb98c87e1b36fc750933a4
+                SHA256: eec58131dc11cd7f512501b15fdbc6074c603b68ca91f7162d5a042054edb0cf
+                SHA384: 4a25018683cabfb8ec2cad136334f37f33c89aa8540326322991d997c8adfb7faf06ab602ebd46630fe75fe3d2edc6b1
+        Signer:
+        -   SerialNumber: 031c8403876518b80064120f1485a103
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA (SHA2)
+            Version: 1
+    RichPEHeaderHash:
+        MD5: bac4d2ba186d83a765b80d179acec778
+        SHA1: d965b6b321fe08249c15669489b3979210f1c1d2
+        SHA256: 4f13446e9695b775949e6ca1af50af4b5167836490480f832d878ded3d7274de
+    Sections:
+        .text:
+            Entropy: 4.8769136993115145
+            Virtual Size: '0x320'
+        .rdata:
+            Entropy: 4.175844561698759
+            Virtual Size: '0x360'
+        .data:
+            Entropy: 0.0
+            Virtual Size: '0x8'
+        .pdata:
+            Entropy: 3.569589067368789
+            Virtual Size: '0xc0'
+        PAGE:
+            Entropy: 5.3401920653450565
+            Virtual Size: '0x2158'
+        INIT:
+            Entropy: 5.486437549085012
+            Virtual Size: '0x62c'
+        .rsrc:
+            Entropy: 3.273940943248981
+            Virtual Size: '0x330'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2018-04-11 05:38:01'
+    Imphash: b19743993dc7f1d48b2a86fe9b9c91e3
+    LoadsDespiteHVCI: 'TRUE'
diff --git a/yaml/6fc3034f-8b40-44ef-807a-f61d3ea2dece.yaml b/yaml/6fc3034f-8b40-44ef-807a-f61d3ea2dece.yaml
index 5731e2704..c1e90c83d 100644
--- a/yaml/6fc3034f-8b40-44ef-807a-f61d3ea2dece.yaml
+++ b/yaml/6fc3034f-8b40-44ef-807a-f61d3ea2dece.yaml
@@ -1,186 +1,186 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 6fc3034f-8b40-44ef-807a-f61d3ea2dece
+Tags:
+- NBIOLib_X64.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create NBIOLib_X64.sys binPath=C:\windows\temp\NBIOLib_X64.sys     type=kernel
-    && sc.exe start NBIOLib_X64.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/3f2fda9a7a9c57b7138687bbce49a2e156d6095dddabb3454ea09737e02c3fa5.yara
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: 6fc3034f-8b40-44ef-807a-f61d3ea2dece
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 2d87365d63e81ef0edc577bf0cb33995
-    SHA1: b472d32094e258b2af60914db8604cd0bf439c4b
-    SHA256: d33f19a12cd8e8649a56ce2a41e2b56d2ed80f203e5ededc4114c78ef773ffa8
-  Company: MSI
-  Copyright: Copyright (C) 2008-2009 MSI. All rights reserved.
-  CreationTimestamp: '2015-11-23 23:34:45'
-  Date: ''
-  Description: NTIOLib
-  ExportedFunctions: ''
-  FileVersion: 1.0.0.0
-  Filename: NBIOLib_X64.sys
-  ImportedFunctions:
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - IoDeleteDevice
-  - IoCreateDevice
-  - KeBugCheckEx
-  - RtlInitUnicodeString
-  - IoCreateSymbolicLink
-  - IoDeleteSymbolicLink
-  - __C_specific_handler
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: NTIOLib.sys
-  MD5: f2f728d2f69765f5dfda913d407783d2
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: NTIOLib.sys
-  Product: NTIOLib
-  ProductVersion: 1.0.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 41ddd08b440611823bc5d8cb732c563d
-    SHA1: 8acdfc9ac988c6250e2a031640f6e169b5fddb73
-    SHA256: 189683b4db2e68d2f0b3f91f1141907b3887f23991867a68a22389d40ad3634e
-  SHA1: 35829e096a15e559fcbabf3441d99e580ca3b26e
-  SHA256: 3f2fda9a7a9c57b7138687bbce49a2e156d6095dddabb3454ea09737e02c3fa5
-  Sections:
-    .text:
-      Entropy: 5.973820627052045
-      Virtual Size: '0x7b2'
-    .rdata:
-      Entropy: 4.093549068276716
-      Virtual Size: '0x18c'
-    .data:
-      Entropy: 0.5096713223407059
-      Virtual Size: '0x114'
-    .pdata:
-      Entropy: 3.3271014689815064
-      Virtual Size: '0x78'
-    INIT:
-      Entropy: 5.046663153942613
-      Virtual Size: '0x242'
-    .rsrc:
-      Entropy: 3.2498244109800973
-      Virtual Size: '0x370'
-  Signature:
-  - MICRO-STAR INTERNATIONAL CO., LTD.
-  - GlobalSign CodeSigning CA - G2
-  - GlobalSign Root CA - R1
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2011-04-15 19:55:08'
-      ValidTo: '2021-04-15 20:05:08'
-      Signature: 5ff8d065746a81c6a6ca5b03b6914ae84bbdef2ba142f0efb4a5adcd3389ec0b9585ac62501108aa58d25aa08310e5a6337af25af2c5fe787cf09c83df190ad97396002dd62ccde914d41d9de83f3c1a76f7904efb01350a6c9313a0c356eb67a0e4d17a96dec267f190f80a7bf5321b94ec5f751f8d1b34da6c58a7cb2d279e2226b7c9aa30cc0777b836e38201b5393ccc8dd9a75f7f23b3877fdb5798918bd7ce2520e39d644fdd87f72b68490318e0a5df7c5f68644d36838d4781f2e9e0a869abfa7b163c05a449ea8830190a6c73055178dfd41ddd3ad47f2de44e54be83431e7a7433b4a4ebd77073bc2a02988966eef6bc8f749378e329025a5a43e258ce7ccf9acad236893be25fda26054ec8d4e72c910e1797c5beee8b13112323294ffa83d050f6bafad53db3173df4ff034aa325dce67561d1fa35086bd62744d068b78d45e0eb852cc8a15d614474160e5958aed2b5eea5bcd6d7076ab62978fd976767dd8d4f17944fd2ed0caf972437c3a29c81da6be143b6577b4cecbf791319e79fe844e94781b75e701e91f83dd17b27f50b7056434805dda92fab86101d0b12e31ad04c6e75ded645b30b748887935c564a41029af7aeb799d8b67f88fa11f2457cf4d71b91c01cf1a0fbd4080a411a142acef4eb34486e66879ed54b7a397fbb0e3d3861cf735706e412066bd96b5308cd7018c22d4f974691bca9f0
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 6129152700000000002a
-      Version: 3
-      TBS:
-        MD5: 0bb058d116f02817737920f112d9fd3b
-        SHA1: fd116235171a4feafedee586b7a59185fb5fd7e6
-        SHA256: f970426cc46d2ae0fc5f899fa19dbe76e05f07e525654c60c3c9399492c291f4
-        SHA384: c0df876be008c26ca407fe904e6f5e7ccded17f9c16830ce9f8022309c9e64c97f494810f152811ae43e223b82ad7cc6
-    - Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL CO.,
-        LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL CO.,
-        LTD.
-      ValidFrom: '2014-06-03 09:16:15'
-      ValidTo: '2017-09-03 09:16:15'
-      Signature: 8c35a5b5d3503f50119ab8f99b07a4bb4b71cafaf983206f744545c2997ae1762032fa2d37f4780cfe83bfa999d7bcbd863dc4a51ff39978160e2e191482ae6d7f08e8ffa337c96d8c2d38ddf476a497265a890c1bbf0dee89b1abd32343889a3757732d205ba06525fa8f6e15005405a53e55cef71ac0b6af3a640e4c8aef5e950ab8a8b5c8bcddb2ade96ad9473a3d860ae16fdbe3362cabfd916da089167d906d378dbf4534f7ffb77d87baba29f8f5bbbd9b4b7c127ac170a270dc7a7272d38fdf3bbadbfb448d47e5dd4d310a588666a0d66762e1b3704b1e00e39739190c02f4b981cf2d27ba07d2472ec320edf29e263f26278995d162102968c999b3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112158044863e4dc19cf29a85668b7f45842
-      Version: 3
-      TBS:
-        MD5: 403bb44a62aed1a94bd5df05b3292482
-        SHA1: e4a0353e75940ab1e8cbff2f433f186c7f0b0f09
-        SHA256: 5b81998ed98b343c04134c336e03f3051779eae0e9f882e8339593d18556375d
-        SHA384: db0076cad41a0ef4ea68754ef6905bd5ff772adcb745b05c0060344e43588abc95952dc3ad272f5a8f17b206e4089aca
-    Signer:
-    - SerialNumber: 112158044863e4dc19cf29a85668b7f45842
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: d6f977640d4810a784d152e4d3c63a6b
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create NBIOLib_X64.sys binPath=C:\windows\temp\NBIOLib_X64.sys     type=kernel
+        && sc.exe start NBIOLib_X64.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://github.com/eclypsium/Screwed-Drivers/blob/master/DRIVERS.md
-Tags:
-- NBIOLib_X64.sys
-Verified: 'TRUE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/3f2fda9a7a9c57b7138687bbce49a2e156d6095dddabb3454ea09737e02c3fa5.yara
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 2d87365d63e81ef0edc577bf0cb33995
+        SHA1: b472d32094e258b2af60914db8604cd0bf439c4b
+        SHA256: d33f19a12cd8e8649a56ce2a41e2b56d2ed80f203e5ededc4114c78ef773ffa8
+    Company: MSI
+    Copyright: Copyright (C) 2008-2009 MSI. All rights reserved.
+    CreationTimestamp: '2015-11-23 23:34:45'
+    Date: ''
+    Description: NTIOLib
+    ExportedFunctions: ''
+    FileVersion: 1.0.0.0
+    Filename: NBIOLib_X64.sys
+    ImportedFunctions:
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - IoDeleteDevice
+    - IoCreateDevice
+    - KeBugCheckEx
+    - RtlInitUnicodeString
+    - IoCreateSymbolicLink
+    - IoDeleteSymbolicLink
+    - __C_specific_handler
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: NTIOLib.sys
+    MD5: f2f728d2f69765f5dfda913d407783d2
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: NTIOLib.sys
+    Product: NTIOLib
+    ProductVersion: 1.0.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 41ddd08b440611823bc5d8cb732c563d
+        SHA1: 8acdfc9ac988c6250e2a031640f6e169b5fddb73
+        SHA256: 189683b4db2e68d2f0b3f91f1141907b3887f23991867a68a22389d40ad3634e
+    SHA1: 35829e096a15e559fcbabf3441d99e580ca3b26e
+    SHA256: 3f2fda9a7a9c57b7138687bbce49a2e156d6095dddabb3454ea09737e02c3fa5
+    Sections:
+        .text:
+            Entropy: 5.973820627052045
+            Virtual Size: '0x7b2'
+        .rdata:
+            Entropy: 4.093549068276716
+            Virtual Size: '0x18c'
+        .data:
+            Entropy: 0.5096713223407059
+            Virtual Size: '0x114'
+        .pdata:
+            Entropy: 3.3271014689815064
+            Virtual Size: '0x78'
+        INIT:
+            Entropy: 5.046663153942613
+            Virtual Size: '0x242'
+        .rsrc:
+            Entropy: 3.2498244109800973
+            Virtual Size: '0x370'
+    Signature:
+    - MICRO-STAR INTERNATIONAL CO., LTD.
+    - GlobalSign CodeSigning CA - G2
+    - GlobalSign Root CA - R1
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2011-04-15 19:55:08'
+            ValidTo: '2021-04-15 20:05:08'
+            Signature: 5ff8d065746a81c6a6ca5b03b6914ae84bbdef2ba142f0efb4a5adcd3389ec0b9585ac62501108aa58d25aa08310e5a6337af25af2c5fe787cf09c83df190ad97396002dd62ccde914d41d9de83f3c1a76f7904efb01350a6c9313a0c356eb67a0e4d17a96dec267f190f80a7bf5321b94ec5f751f8d1b34da6c58a7cb2d279e2226b7c9aa30cc0777b836e38201b5393ccc8dd9a75f7f23b3877fdb5798918bd7ce2520e39d644fdd87f72b68490318e0a5df7c5f68644d36838d4781f2e9e0a869abfa7b163c05a449ea8830190a6c73055178dfd41ddd3ad47f2de44e54be83431e7a7433b4a4ebd77073bc2a02988966eef6bc8f749378e329025a5a43e258ce7ccf9acad236893be25fda26054ec8d4e72c910e1797c5beee8b13112323294ffa83d050f6bafad53db3173df4ff034aa325dce67561d1fa35086bd62744d068b78d45e0eb852cc8a15d614474160e5958aed2b5eea5bcd6d7076ab62978fd976767dd8d4f17944fd2ed0caf972437c3a29c81da6be143b6577b4cecbf791319e79fe844e94781b75e701e91f83dd17b27f50b7056434805dda92fab86101d0b12e31ad04c6e75ded645b30b748887935c564a41029af7aeb799d8b67f88fa11f2457cf4d71b91c01cf1a0fbd4080a411a142acef4eb34486e66879ed54b7a397fbb0e3d3861cf735706e412066bd96b5308cd7018c22d4f974691bca9f0
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 6129152700000000002a
+            Version: 3
+            TBS:
+                MD5: 0bb058d116f02817737920f112d9fd3b
+                SHA1: fd116235171a4feafedee586b7a59185fb5fd7e6
+                SHA256: f970426cc46d2ae0fc5f899fa19dbe76e05f07e525654c60c3c9399492c291f4
+                SHA384: c0df876be008c26ca407fe904e6f5e7ccded17f9c16830ce9f8022309c9e64c97f494810f152811ae43e223b82ad7cc6
+        -   Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL
+                CO., LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL
+                CO., LTD.
+            ValidFrom: '2014-06-03 09:16:15'
+            ValidTo: '2017-09-03 09:16:15'
+            Signature: 8c35a5b5d3503f50119ab8f99b07a4bb4b71cafaf983206f744545c2997ae1762032fa2d37f4780cfe83bfa999d7bcbd863dc4a51ff39978160e2e191482ae6d7f08e8ffa337c96d8c2d38ddf476a497265a890c1bbf0dee89b1abd32343889a3757732d205ba06525fa8f6e15005405a53e55cef71ac0b6af3a640e4c8aef5e950ab8a8b5c8bcddb2ade96ad9473a3d860ae16fdbe3362cabfd916da089167d906d378dbf4534f7ffb77d87baba29f8f5bbbd9b4b7c127ac170a270dc7a7272d38fdf3bbadbfb448d47e5dd4d310a588666a0d66762e1b3704b1e00e39739190c02f4b981cf2d27ba07d2472ec320edf29e263f26278995d162102968c999b3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112158044863e4dc19cf29a85668b7f45842
+            Version: 3
+            TBS:
+                MD5: 403bb44a62aed1a94bd5df05b3292482
+                SHA1: e4a0353e75940ab1e8cbff2f433f186c7f0b0f09
+                SHA256: 5b81998ed98b343c04134c336e03f3051779eae0e9f882e8339593d18556375d
+                SHA384: db0076cad41a0ef4ea68754ef6905bd5ff772adcb745b05c0060344e43588abc95952dc3ad272f5a8f17b206e4089aca
+        Signer:
+        -   SerialNumber: 112158044863e4dc19cf29a85668b7f45842
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: d6f977640d4810a784d152e4d3c63a6b
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/6fe10a55-7fb8-4a9d-9ebc-1b27b6e5b833.yaml b/yaml/6fe10a55-7fb8-4a9d-9ebc-1b27b6e5b833.yaml
index 76b15e9e8..9cb41dd25 100644
--- a/yaml/6fe10a55-7fb8-4a9d-9ebc-1b27b6e5b833.yaml
+++ b/yaml/6fe10a55-7fb8-4a9d-9ebc-1b27b6e5b833.yaml
@@ -1,155 +1,155 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 6fe10a55-7fb8-4a9d-9ebc-1b27b6e5b833
+Tags:
+- prokiller64.sys
+Verified: 'TRUE'
 Author: Guus Verbeek
-Category: malicious
-Commands:
-  Command: sc.exe create prokiller64.sys binPath=C:\windows\temp\prokiller64.sys type=kernel
-    && sc.exe start prokiller64.sys
-  Description: Signed POORTRY Samples
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-05-07'
-Detection: []
-Id: 6fe10a55-7fb8-4a9d-9ebc-1b27b6e5b833
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 4252d83e18ad41f0cea7ac168218d95b
-    SHA1: cf9cb05c9b725efca68c4b7d6f53c8e233217ac4
-    SHA256: cd66e893300e7e59a749fe4e1b1706f8ccb5ae140254def9f5a614648e2da36f
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2022-06-02 04:09:08'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: prokiller64.sys
-  ImportedFunctions:
-  - rand
-  - srand
-  - RtlInitUnicodeString
-  - RtlGetVersion
-  - KeDelayExecutionThread
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - ExSystemTimeToLocalTime
-  - MmGetSystemRoutineAddress
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoGetCurrentProcess
-  - ObReferenceObjectByHandleWithTag
-  - ObfDereferenceObject
-  - ObfDereferenceObjectWithTag
-  - MmIsAddressValid
-  - PsGetProcessExitStatus
-  - PsIsThreadTerminating
-  - PsLookupProcessByProcessId
-  - PsLookupThreadByThreadId
-  - PsGetThreadProcess
-  - PsIsSystemThread
-  - ObOpenObjectByPointerWithTag
-  - KeBugCheckEx
-  Imports:
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: 10f3679384a03cb487bda9621ceb5f90
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: a7d4acb55095eb7efa7945ef805fcf8b
-    SHA1: 10103bfe4f9a5b22c45d64354f88be415249f384
-    SHA256: 58bcb1d3215317fc95d1b8ddef6945aead4de70049db273b0d4a82a7e22b38d8
-  SHA1: 31cc8718894d6e6ce8c132f68b8caaba39b5ba7a
-  SHA256: 0440ef40c46fdd2b5d86e7feef8577a8591de862cfd7928cdbcc8f47b8fa3ffc
-  Sections:
-    .text:
-      Entropy: 5.867789766876108
-      Virtual Size: '0x16a8'
-    .rdata:
-      Entropy: 3.699262445440139
-      Virtual Size: '0x5b0'
-    .data:
-      Entropy: 0.6050836155077387
-      Virtual Size: '0x110'
-    .pdata:
-      Entropy: 3.6860326615335524
-      Virtual Size: '0x15c'
-    INIT:
-      Entropy: 5.264965850546818
-      Virtual Size: '0x3ee'
-    .reloc:
-      Entropy: 3.566428031846024
-      Virtual Size: '0x20'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=CN, ST=guangdong, L=zhuhai, O=Zhuhai liancheng Technology Co., Ltd.,
-        OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=Zhuhai liancheng
-        Technology Co., Ltd.
-      ValidFrom: '2013-02-04 00:00:00'
-      ValidTo: '2014-02-04 23:59:59'
-      Signature: 6eb0af9de955b9bd1bda967942685c5b630bf60dd0be149178bce893c7c32039076006dd75f9655b497470e44e7954cd89fe4ee04a580992f0ee9268e8129afcf0b58519158d6864e56caa6e78d66b0278a86083b751cf8a030ba0139969509259e5d1ea91dc593e1d093fb5e4ebabe1a38359d920acb85f9c02f6939096522b010158d086bc5ff52bbe2be1ab364ca496ed5a3ac72531274daf4e808d483686118d6132d2b98018074a0e989eed4f43fe28298363e05e9c3cace4a954525ac021e0b10445e09a3528eff35b525e7cca44332744aa81b41dd4244ec54da168b2f1026a23ca9b9929199f037689956b69c21ca77e6605483439670dcf9baf2991
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 627dfdf73a1455de5143a270799e6b7b
-      Version: 3
-      TBS:
-        MD5: b91ec3270e80aa93214c42d1eed66d36
-        SHA1: c27a40cbc754d2bb1f7b872a5a9fd385ff1c2b2f
-        SHA256: 7b4a9879162ce64e75cca2bcc675be06dacb6c9eeae4df6c929080b4db819cd4
-        SHA384: 394fa6e52375f53d18f79f1abb7b26b02bbb000784279547bd81d16c18fabe1b8156b64ad1c356e85e1829fa2ab3f870
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 627dfdf73a1455de5143a270799e6b7b
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 832219eb71b8bdb771f1d29d27b0acf4
-  LoadsDespiteHVCI: 'TRUE'
 MitreID: T1068
+Category: malicious
+Commands:
+    Command: sc.exe create prokiller64.sys binPath=C:\windows\temp\prokiller64.sys
+        type=kernel && sc.exe start prokiller64.sys
+    Description: Signed POORTRY Samples
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://www.mandiant.com/resources/blog/hunting-attestation-signed-malware
 - https://news.sophos.com/en-us/2022/12/13/signed-driver-malware-moves-up-the-software-trust-chain/
-Tags:
-- prokiller64.sys
-Verified: 'TRUE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 4252d83e18ad41f0cea7ac168218d95b
+        SHA1: cf9cb05c9b725efca68c4b7d6f53c8e233217ac4
+        SHA256: cd66e893300e7e59a749fe4e1b1706f8ccb5ae140254def9f5a614648e2da36f
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2022-06-02 04:09:08'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: prokiller64.sys
+    ImportedFunctions:
+    - rand
+    - srand
+    - RtlInitUnicodeString
+    - RtlGetVersion
+    - KeDelayExecutionThread
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - ExSystemTimeToLocalTime
+    - MmGetSystemRoutineAddress
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoGetCurrentProcess
+    - ObReferenceObjectByHandleWithTag
+    - ObfDereferenceObject
+    - ObfDereferenceObjectWithTag
+    - MmIsAddressValid
+    - PsGetProcessExitStatus
+    - PsIsThreadTerminating
+    - PsLookupProcessByProcessId
+    - PsLookupThreadByThreadId
+    - PsGetThreadProcess
+    - PsIsSystemThread
+    - ObOpenObjectByPointerWithTag
+    - KeBugCheckEx
+    Imports:
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: 10f3679384a03cb487bda9621ceb5f90
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: a7d4acb55095eb7efa7945ef805fcf8b
+        SHA1: 10103bfe4f9a5b22c45d64354f88be415249f384
+        SHA256: 58bcb1d3215317fc95d1b8ddef6945aead4de70049db273b0d4a82a7e22b38d8
+    SHA1: 31cc8718894d6e6ce8c132f68b8caaba39b5ba7a
+    SHA256: 0440ef40c46fdd2b5d86e7feef8577a8591de862cfd7928cdbcc8f47b8fa3ffc
+    Sections:
+        .text:
+            Entropy: 5.867789766876108
+            Virtual Size: '0x16a8'
+        .rdata:
+            Entropy: 3.699262445440139
+            Virtual Size: '0x5b0'
+        .data:
+            Entropy: 0.6050836155077387
+            Virtual Size: '0x110'
+        .pdata:
+            Entropy: 3.6860326615335524
+            Virtual Size: '0x15c'
+        INIT:
+            Entropy: 5.264965850546818
+            Virtual Size: '0x3ee'
+        .reloc:
+            Entropy: 3.566428031846024
+            Virtual Size: '0x20'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=CN, ST=guangdong, L=zhuhai, O=Zhuhai liancheng Technology Co.,
+                Ltd., OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=Zhuhai
+                liancheng Technology Co., Ltd.
+            ValidFrom: '2013-02-04 00:00:00'
+            ValidTo: '2014-02-04 23:59:59'
+            Signature: 6eb0af9de955b9bd1bda967942685c5b630bf60dd0be149178bce893c7c32039076006dd75f9655b497470e44e7954cd89fe4ee04a580992f0ee9268e8129afcf0b58519158d6864e56caa6e78d66b0278a86083b751cf8a030ba0139969509259e5d1ea91dc593e1d093fb5e4ebabe1a38359d920acb85f9c02f6939096522b010158d086bc5ff52bbe2be1ab364ca496ed5a3ac72531274daf4e808d483686118d6132d2b98018074a0e989eed4f43fe28298363e05e9c3cace4a954525ac021e0b10445e09a3528eff35b525e7cca44332744aa81b41dd4244ec54da168b2f1026a23ca9b9929199f037689956b69c21ca77e6605483439670dcf9baf2991
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 627dfdf73a1455de5143a270799e6b7b
+            Version: 3
+            TBS:
+                MD5: b91ec3270e80aa93214c42d1eed66d36
+                SHA1: c27a40cbc754d2bb1f7b872a5a9fd385ff1c2b2f
+                SHA256: 7b4a9879162ce64e75cca2bcc675be06dacb6c9eeae4df6c929080b4db819cd4
+                SHA384: 394fa6e52375f53d18f79f1abb7b26b02bbb000784279547bd81d16c18fabe1b8156b64ad1c356e85e1829fa2ab3f870
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 627dfdf73a1455de5143a270799e6b7b
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 832219eb71b8bdb771f1d29d27b0acf4
+    LoadsDespiteHVCI: 'TRUE'
diff --git a/yaml/705facba-b595-41dd-86a6-93aefe6a6234.yaml b/yaml/705facba-b595-41dd-86a6-93aefe6a6234.yaml
index 3e1f26cb6..988f8b83b 100644
--- a/yaml/705facba-b595-41dd-86a6-93aefe6a6234.yaml
+++ b/yaml/705facba-b595-41dd-86a6-93aefe6a6234.yaml
@@ -1,184 +1,184 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 705facba-b595-41dd-86a6-93aefe6a6234
+Tags:
+- titidrv.sys
+Verified: 'TRUE'
 Author: Michael Haag
+Created: '2023-07-22'
+MitreID: T1068
 CVE:
 - ''
 Category: vulnerable drivers
 Commands:
-  Command: ''
-  Description: Confirmed vulnerable driver from Microsoft Block List
-  OperatingSystem: Windows
-  Privileges: kernel
-  Usecase: Elevate privileges
-Created: '2023-07-22'
-Detection:
-- type: ''
-  value: ''
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: 705facba-b595-41dd-86a6-93aefe6a6234
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: dbb48a1b8fa3673466b53c6f16f2eddf
-    SHA1: af1f5823b678666b85c23a2e5280c1ce3924917c
-    SHA256: 7afdb552a7fa25dd716fe3a55c988a59d120e78f9ee95067f31901f51987ab8d
-  Company: genitlkiwi (Benjamin XXXXX)
-  Copyright: Copyright (c) 2007 - 2017 genitlkiwi (Benjamin XXXXX)
-  CreationTimestamp: '2017-12-03 13:13:32'
-  Date: ''
-  Description: titidrv for Windows (titicatz)
-  ExportedFunctions: ''
-  FileVersion: 2.1.0.0
-  Filename: ''
-  ImportedFunctions:
-  - KeBugCheck
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsProcessType
-  - PsGetProcessImageFileName
-  - PsLookupProcessByProcessId
-  - PsReferencePrimaryToken
-  - ZwOpenProcessTokenEx
-  - IoGetCurrentProcess
-  - ZwSetInformationProcess
-  - ZwClose
-  - ZwDuplicateToken
-  - PsInitialSystemProcess
-  - _vsnwprintf
-  - ObfDereferenceObject
-  - ObOpenObjectByPointer
-  - PsGetProcessId
-  - PsDereferencePrimaryToken
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IoFreeMdl
-  - MmProbeAndLockPages
-  - MmUnlockPages
-  - IoAllocateMdl
-  - ZwUnloadKey
-  - IoEnumerateRegisteredFiltersList
-  - KeBugCheckEx
-  - MmGetSystemRoutineAddress
-  - IoDeleteDevice
-  - RtlInitUnicodeString
-  - NtBuildNumber
-  - RtlCompareMemory
-  - IoDeleteSymbolicLink
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwindEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltEnumerateFilters
-  - FltObjectDereference
-  - FltGetVolumeFromInstance
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: titidrv
-  MD5: 79e368a81e3a7ae8a5d2db97dd5138e2
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: titidrv.sys
-  PDBPath: ''
-  Product: titidrv (titicatz)
-  ProductVersion: 2.1.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: d45d2640e1584c776a1d10e5f695d7ad
-    SHA1: fef88c261764494d9a145b37b7739f3454786729
-    SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
-  SHA1: c8d520d4ce717c17f4d9aaedc5b0070f94955c12
-  SHA256: 208ea38734979aa2c86332eba1ea5269999227077ff110ac0a0d411073165f85
-  Sections:
-    .text:
-      Entropy: 6.137944463935485
-      Virtual Size: '0x319c'
-    .rdata:
-      Entropy: 3.8514461681575236
-      Virtual Size: '0x1340'
-    .data:
-      Entropy: 2.3461427985512437
-      Virtual Size: '0x12e4'
-    .pdata:
-      Entropy: 4.010051195917961
-      Virtual Size: '0x1b0'
-    PAGE:
-      Entropy: 6.083244237405415
-      Virtual Size: '0x28b'
-    INIT:
-      Entropy: 5.119968261124173
-      Virtual Size: '0x5e6'
-    .rsrc:
-      Entropy: 3.3505178703454606
-      Virtual Size: '0x440'
-    .reloc:
-      Entropy: 4.705915669612521
-      Virtual Size: '0x1d4'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 059c6bd84285f4960e767f032b33f19b
-  LoadsDespiteHVCI: 'FALSE'
-MitreID: T1068
+    Command: ''
+    Description: Confirmed vulnerable driver from Microsoft Block List
+    OperatingSystem: Windows
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://gist.github.com/mgraeber-rc/1bde6a2a83237f17b463d051d32e802c
-Tags:
-- titidrv.sys
-Verified: 'TRUE'
+Detection:
+-   type: ''
+    value: ''
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: dbb48a1b8fa3673466b53c6f16f2eddf
+        SHA1: af1f5823b678666b85c23a2e5280c1ce3924917c
+        SHA256: 7afdb552a7fa25dd716fe3a55c988a59d120e78f9ee95067f31901f51987ab8d
+    Company: genitlkiwi (Benjamin XXXXX)
+    Copyright: Copyright (c) 2007 - 2017 genitlkiwi (Benjamin XXXXX)
+    CreationTimestamp: '2017-12-03 13:13:32'
+    Date: ''
+    Description: titidrv for Windows (titicatz)
+    ExportedFunctions: ''
+    FileVersion: 2.1.0.0
+    Filename: ''
+    ImportedFunctions:
+    - KeBugCheck
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsProcessType
+    - PsGetProcessImageFileName
+    - PsLookupProcessByProcessId
+    - PsReferencePrimaryToken
+    - ZwOpenProcessTokenEx
+    - IoGetCurrentProcess
+    - ZwSetInformationProcess
+    - ZwClose
+    - ZwDuplicateToken
+    - PsInitialSystemProcess
+    - _vsnwprintf
+    - ObfDereferenceObject
+    - ObOpenObjectByPointer
+    - PsGetProcessId
+    - PsDereferencePrimaryToken
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - IoFreeMdl
+    - MmProbeAndLockPages
+    - MmUnlockPages
+    - IoAllocateMdl
+    - ZwUnloadKey
+    - IoEnumerateRegisteredFiltersList
+    - KeBugCheckEx
+    - MmGetSystemRoutineAddress
+    - IoDeleteDevice
+    - RtlInitUnicodeString
+    - NtBuildNumber
+    - RtlCompareMemory
+    - IoDeleteSymbolicLink
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwindEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltEnumerateFilters
+    - FltObjectDereference
+    - FltGetVolumeFromInstance
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: titidrv
+    MD5: 79e368a81e3a7ae8a5d2db97dd5138e2
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: titidrv.sys
+    PDBPath: ''
+    Product: titidrv (titicatz)
+    ProductVersion: 2.1.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: d45d2640e1584c776a1d10e5f695d7ad
+        SHA1: fef88c261764494d9a145b37b7739f3454786729
+        SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
+    SHA1: c8d520d4ce717c17f4d9aaedc5b0070f94955c12
+    SHA256: 208ea38734979aa2c86332eba1ea5269999227077ff110ac0a0d411073165f85
+    Sections:
+        .text:
+            Entropy: 6.137944463935485
+            Virtual Size: '0x319c'
+        .rdata:
+            Entropy: 3.8514461681575236
+            Virtual Size: '0x1340'
+        .data:
+            Entropy: 2.3461427985512437
+            Virtual Size: '0x12e4'
+        .pdata:
+            Entropy: 4.010051195917961
+            Virtual Size: '0x1b0'
+        PAGE:
+            Entropy: 6.083244237405415
+            Virtual Size: '0x28b'
+        INIT:
+            Entropy: 5.119968261124173
+            Virtual Size: '0x5e6'
+        .rsrc:
+            Entropy: 3.3505178703454606
+            Virtual Size: '0x440'
+        .reloc:
+            Entropy: 4.705915669612521
+            Virtual Size: '0x1d4'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 059c6bd84285f4960e767f032b33f19b
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/70acea34-7ed2-42d5-885c-eca3c2de640c.yaml b/yaml/70acea34-7ed2-42d5-885c-eca3c2de640c.yaml
index f84cc57f7..b211ab03a 100644
--- a/yaml/70acea34-7ed2-42d5-885c-eca3c2de640c.yaml
+++ b/yaml/70acea34-7ed2-42d5-885c-eca3c2de640c.yaml
@@ -1,441 +1,441 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 70acea34-7ed2-42d5-885c-eca3c2de640c
+Tags:
+- Sense5Ext.sys
+Verified: 'TRUE'
 Author: Michael Haag, Guus Verbeek
-Category: malicious
-Commands:
-  Command: sc.exe create Sense5Ext.sys binPath=C:\windows\temp\Sense5Ext.sys type=kernel
-    && sc.exe start Sense5Ext.sys
-  Description: Driver categorized as POORTRY by Mandiant.
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-03-04'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/7f4555a940ce1156c9bcea9a2a0b801f9a5e44ec9400b61b14a7b1a6404ffdf6.yara
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/42b22faa489b5de936db33f12184f6233198bdf851a18264d31210207827ba25.yara
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_mal_drivers_strict.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: 70acea34-7ed2-42d5-885c-eca3c2de640c
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 0b2ce413f69677a0bf78a40ed0d081a7
-    SHA1: af83d2f800c68099976dcf75ee31681708d32ed9
-    SHA256: 13cd99ff2120d9fd651814d826b6c8481d549f684a8fbfb2d8775c9faa1c27f5
-  Company: Sense5 CORP
-  Copyright: Copyright (C) 2022
-  CreationTimestamp: '2022-08-22 07:52:21'
-  Date: ''
-  Description: Sense5 Driver
-  ExportedFunctions: ''
-  FileVersion: 2.6.0.0
-  Filename: Sense5Ext.sys
-  ImportedFunctions:
-  - IoGetCurrentProcess
-  - ObReferenceObjectByHandle
-  - ObfDereferenceObject
-  - PsGetCurrentProcessId
-  - NtBuildNumber
-  - RtlTimeToTimeFields
-  - ExSystemTimeToLocalTime
-  - ZwCreateFile
-  - ZwWriteFile
-  - ZwClose
-  - _snprintf
-  - _vsnprintf
-  - ZwQueryInformationFile
-  - ZwReadFile
-  - strcmp
-  - strncmp
-  - RtlCompareMemory
-  - RtlImageNtHeader
-  - RtlCompareUnicodeString
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - isupper
-  - isdigit
-  - tolower
-  - strlen
-  - _stricmp
-  - strstr
-  - wcscat
-  - wcslen
-  - RtlInitAnsiString
-  - RtlQueryRegistryValues
-  - RtlAnsiStringToUnicodeString
-  - RtlCompareUnicodeStrings
-  - ExAllocatePool
-  - MmGetSystemRoutineAddress
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - PsSetCreateProcessNotifyRoutineEx
-  - PsSetLoadImageNotifyRoutine
-  - PsRemoveLoadImageNotifyRoutine
-  - ZwOpenProcess
-  - PsGetProcessPeb
-  - PsGetProcessSessionId
-  - RtlRandomEx
-  - KeBugCheckEx
-  - RtlInitUnicodeString
-  - _stricmp
-  - NtQuerySystemInformation
-  - ZwClose
-  - ZwQueryValueKey
-  - ZwOpenKey
-  - RtlInitUnicodeString
-  - ZwWaitForSingleObject
-  - ZwDeviceIoControlFile
-  - ZwOpenFile
-  - _wcsnicmp
-  - ZwEnumerateKey
-  - ZwCreateEvent
-  - MmGetSystemRoutineAddress
-  - ZwCreateFile
-  - __C_specific_handler
-  - KeSetSystemAffinityThread
-  - KeQueryActiveProcessors
-  - KeQueryTimeIncrement
-  - DbgBreakPointWithStatus
-  - RtlTimeToTimeFields
-  - ExSystemTimeToLocalTime
-  - IoAllocateMdl
-  - IoFreeMdl
-  - MmUnlockPages
-  - MmMapLockedPagesSpecifyCache
-  - MmProbeAndLockPages
-  - KeWaitForSingleObject
-  - KeReleaseMutex
-  - KeInitializeMutex
-  - ExFreePoolWithTag
-  - ExAllocatePool
-  - KeRevertToUserAffinityThread
-  - DbgPrint
-  - KeQueryPerformanceCounter
-  - ExAllocatePool
-  - NtQuerySystemInformation
-  - ExFreePoolWithTag
-  - IoAllocateMdl
-  - MmProbeAndLockPages
-  - MmMapLockedPagesSpecifyCache
-  - MmUnlockPages
-  - IoFreeMdl
-  - KeQueryActiveProcessors
-  - KeSetSystemAffinityThread
-  - KeRevertToUserAffinityThread
-  - DbgPrint
-  - KeQueryPerformanceCounter
-  Imports:
-  - ntoskrnl.exe
-  - ntoskrnl.exe
-  - HAL.dll
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: f9844524fb0009e5b784c21c7bad4220
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: 2.6.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: ffdf660eb1ebf020a1d0a55a90712dfb
-    SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
-    SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
-  SHA1: e6765d8866cad6193df1507c18f31fa7f723ca3e
-  SHA256: 7f4555a940ce1156c9bcea9a2a0b801f9a5e44ec9400b61b14a7b1a6404ffdf6
-  Sections:
-    .text:
-      Entropy: 6.870248263937928
-      Virtual Size: '0x7870'
-    .rdata:
-      Entropy: 5.897354598934941
-      Virtual Size: '0x96c'
-    .data:
-      Entropy: 0.7351616034595755
-      Virtual Size: '0x80190'
-    .pdata:
-      Entropy: 7.583918822532478
-      Virtual Size: '0x288'
-    INIT:
-      Entropy: 7.689240999337947
-      Virtual Size: '0x63c'
-    .gg0:
-      Entropy: 7.616860950546135
-      Virtual Size: '0x2a80df'
-    .gg1:
-      Entropy: 2.618757537927313
-      Virtual Size: '0x3b8'
-    .gg2:
-      Entropy: 7.230402020600491
-      Virtual Size: '0x1975ac'
-    .reloc:
-      Entropy: 4.083360602517506
-      Virtual Size: '0x1b0'
-    .rsrc:
-      Entropy: 3.1369885402408006
-      Virtual Size: '0x260'
-  Signature:
-  - Microsoft Windows Hardware Compatibility Publisher
-  - Microsoft Windows Third Party Component CA 2014
-  - Microsoft Root Certificate Authority 2010
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Hardware Compatibility Publisher
-      ValidFrom: '2022-06-07 18:08:06'
-      ValidTo: '2023-06-01 18:08:06'
-      Signature: 0a835e40cdb627d4f0a0d3dbbf64a46a05c132d0b5df9d11cd9c195d7037737057d57a342732ae68d67de47f460e7211c7c40dc29b0a079caff871c4834a9a2fc85e759de9b78659ad6fd79b7320e538e9ba5d52227ad67cc00b0a770ef662af3d743a558643ad89cfb015591709a69b6271a9b65db71898e7cb9964c6376dc474898301a6133198b486b518fdd9d7b9723dcffc441e026833f7c72e27986026c97b9184a0048b10d1fe6847ae467f02173f7a69120be780e5b6b9e6399402cc58735a31b537cc33578fbea443135a4a612359150bcf9ab316f6a9248bc71ef3f3480b9b3fa2341692bc3a121d80214688f7bd87d5ec56dcbd0ea61abf2c7ed2b739a07590adb596d401735d955f5f94c591d69ab4363a42f9fca549d439495711ff7990448c03724792ed4acf31f2b35b136c1b2f37aa82b1aabf7daf059dcb2e976e95311ec6e9cc53876dd09632cf512d39c801849a7c1088a565691953e07c7ff17b22518e982dd2dcc0feda8c834ca1f5e247aef1c3af5f13cd4b8cc1b6c0179bc876db88d677047c34366533e349796dbdea86389ad640710b7742ae8cc4ec88f10fa80ede4b1c93f81b55480fc8228216d54813df0327e74b3db9f3512a40c0568e4215827f9b7a2613deea72a7ec4df2def05e5559015049fe83edc83300526045cb128119e131b7d3573b268e24b0a25b9ad59f6301c8fc8f409322
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 3300000057ee4d659a923e7c10000000000057
-      Version: 3
-      TBS:
-        MD5: fdc11a5676aed4e9cc0c09eeb7450dfb
-        SHA1: 4902077d9a05d4231b791d3b05bafa4a79132f03
-        SHA256: 5db56c23d83bf67c7152e28ad4a684a7372b4ae4f52afe7a81ce91eef94caec3
-        SHA384: c952d7f0e0ea5216ce4400601fb7c0829f0f3fcd6eb2b5b9112fbe45d133e00c4abd660f8e1794f7ac4ef95123e2c0ab
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2014
-      ValidFrom: '2014-10-15 20:31:27'
-      ValidTo: '2029-10-15 20:41:27'
-      Signature: 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 330000000d690d5d7893d076df00000000000d
-      Version: 3
-      TBS:
-        MD5: 83f69422963f11c3c340b81712eef319
-        SHA1: 0c5e5f24590b53bc291e28583acb78e5adc95601
-        SHA256: d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
-        SHA384: 260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63
-    Signer:
-    - SerialNumber: 3300000057ee4d659a923e7c10000000000057
-      Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2014
-      Version: 1
-  Imphash: c214aac08575c139e48d04f5aee21585
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 2855f88dffa0bb68f988d5c116b336fb
-    SHA1: 169b81ce8a74d3a404384ad3e90ac3b053323d50
-    SHA256: dcfab3c5f99c15cbb7df17c59914af551b90e0ed3c1dc040bad9927b12b67125
-  Company: Sense5 CORP
-  Copyright: Copyright (C) 2022
-  CreationTimestamp: '2022-08-08 23:58:08'
-  Date: ''
-  Description: Sense5 Driver
-  ExportedFunctions: ''
-  FileVersion: 2.5.0.0
-  Filename: Sense5Ext.sys
-  ImportedFunctions:
-  - IoGetCurrentProcess
-  - ObReferenceObjectByHandle
-  - ObfDereferenceObject
-  - PsGetCurrentProcessId
-  - NtBuildNumber
-  - RtlTimeToTimeFields
-  - ExSystemTimeToLocalTime
-  - ZwCreateFile
-  - ZwWriteFile
-  - ZwClose
-  - _snprintf
-  - _vsnprintf
-  - ZwQueryInformationFile
-  - ZwReadFile
-  - strcmp
-  - strncmp
-  - RtlCompareMemory
-  - RtlImageNtHeader
-  - RtlCompareUnicodeString
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - isupper
-  - isdigit
-  - tolower
-  - strlen
-  - _stricmp
-  - strstr
-  - wcscat
-  - wcslen
-  - RtlInitAnsiString
-  - RtlQueryRegistryValues
-  - RtlAnsiStringToUnicodeString
-  - RtlCompareUnicodeStrings
-  - ExAllocatePool
-  - MmGetSystemRoutineAddress
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - PsSetCreateProcessNotifyRoutineEx
-  - PsSetLoadImageNotifyRoutine
-  - PsRemoveLoadImageNotifyRoutine
-  - ZwOpenProcess
-  - PsGetProcessPeb
-  - PsGetProcessSessionId
-  - RtlRandomEx
-  - KeBugCheckEx
-  - RtlInitUnicodeString
-  - _stricmp
-  - NtQuerySystemInformation
-  - ZwClose
-  - ZwQueryValueKey
-  - ZwOpenKey
-  - RtlInitUnicodeString
-  - ZwWaitForSingleObject
-  - ZwDeviceIoControlFile
-  - ZwOpenFile
-  - _wcsnicmp
-  - ZwEnumerateKey
-  - ZwCreateEvent
-  - MmGetSystemRoutineAddress
-  - ZwCreateFile
-  - __C_specific_handler
-  - KeSetSystemAffinityThread
-  - KeQueryActiveProcessors
-  - KeQueryTimeIncrement
-  - DbgBreakPointWithStatus
-  - RtlTimeToTimeFields
-  - ExSystemTimeToLocalTime
-  - IoAllocateMdl
-  - IoFreeMdl
-  - MmUnlockPages
-  - MmMapLockedPagesSpecifyCache
-  - MmProbeAndLockPages
-  - KeWaitForSingleObject
-  - KeReleaseMutex
-  - KeInitializeMutex
-  - ExFreePoolWithTag
-  - ExAllocatePool
-  - KeRevertToUserAffinityThread
-  - DbgPrint
-  - KeQueryPerformanceCounter
-  - ExAllocatePool
-  - NtQuerySystemInformation
-  - ExFreePoolWithTag
-  - IoAllocateMdl
-  - MmProbeAndLockPages
-  - MmMapLockedPagesSpecifyCache
-  - MmUnlockPages
-  - IoFreeMdl
-  - KeQueryActiveProcessors
-  - KeSetSystemAffinityThread
-  - KeRevertToUserAffinityThread
-  - DbgPrint
-  - KeQueryPerformanceCounter
-  Imports:
-  - ntoskrnl.exe
-  - ntoskrnl.exe
-  - HAL.dll
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: 4e1f656001af3677856f664e96282a6f
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: 2.5.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: ffdf660eb1ebf020a1d0a55a90712dfb
-    SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
-    SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
-  SHA1: bc62fe2b38008f154fc9ea65d851947581b52f49
-  SHA256: 42b22faa489b5de936db33f12184f6233198bdf851a18264d31210207827ba25
-  Sections:
-    .text:
-      Entropy: 6.842945751587992
-      Virtual Size: '0x78c0'
-    .rdata:
-      Entropy: 5.938498750442647
-      Virtual Size: '0x96c'
-    .data:
-      Entropy: 0.7351616034595755
-      Virtual Size: '0x80190'
-    .pdata:
-      Entropy: 7.636341499640352
-      Virtual Size: '0x288'
-    INIT:
-      Entropy: 7.669235447153766
-      Virtual Size: '0x63c'
-    .gg0:
-      Entropy: 7.613447126933157
-      Virtual Size: '0x2a6be8'
-    .gg1:
-      Entropy: 2.624443455503771
-      Virtual Size: '0x3b8'
-    .gg2:
-      Entropy: 7.2332731109027
-      Virtual Size: '0x195c4c'
-    .reloc:
-      Entropy: 4.1612553058698465
-      Virtual Size: '0x178'
-    .rsrc:
-      Entropy: 3.1435087623386986
-      Virtual Size: '0x260'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Hardware Compatibility Publisher
-      ValidFrom: '2022-06-07 18:08:06'
-      ValidTo: '2023-06-01 18:08:06'
-      Signature: 0a835e40cdb627d4f0a0d3dbbf64a46a05c132d0b5df9d11cd9c195d7037737057d57a342732ae68d67de47f460e7211c7c40dc29b0a079caff871c4834a9a2fc85e759de9b78659ad6fd79b7320e538e9ba5d52227ad67cc00b0a770ef662af3d743a558643ad89cfb015591709a69b6271a9b65db71898e7cb9964c6376dc474898301a6133198b486b518fdd9d7b9723dcffc441e026833f7c72e27986026c97b9184a0048b10d1fe6847ae467f02173f7a69120be780e5b6b9e6399402cc58735a31b537cc33578fbea443135a4a612359150bcf9ab316f6a9248bc71ef3f3480b9b3fa2341692bc3a121d80214688f7bd87d5ec56dcbd0ea61abf2c7ed2b739a07590adb596d401735d955f5f94c591d69ab4363a42f9fca549d439495711ff7990448c03724792ed4acf31f2b35b136c1b2f37aa82b1aabf7daf059dcb2e976e95311ec6e9cc53876dd09632cf512d39c801849a7c1088a565691953e07c7ff17b22518e982dd2dcc0feda8c834ca1f5e247aef1c3af5f13cd4b8cc1b6c0179bc876db88d677047c34366533e349796dbdea86389ad640710b7742ae8cc4ec88f10fa80ede4b1c93f81b55480fc8228216d54813df0327e74b3db9f3512a40c0568e4215827f9b7a2613deea72a7ec4df2def05e5559015049fe83edc83300526045cb128119e131b7d3573b268e24b0a25b9ad59f6301c8fc8f409322
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 3300000057ee4d659a923e7c10000000000057
-      Version: 3
-      TBS:
-        MD5: fdc11a5676aed4e9cc0c09eeb7450dfb
-        SHA1: 4902077d9a05d4231b791d3b05bafa4a79132f03
-        SHA256: 5db56c23d83bf67c7152e28ad4a684a7372b4ae4f52afe7a81ce91eef94caec3
-        SHA384: c952d7f0e0ea5216ce4400601fb7c0829f0f3fcd6eb2b5b9112fbe45d133e00c4abd660f8e1794f7ac4ef95123e2c0ab
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2014
-      ValidFrom: '2014-10-15 20:31:27'
-      ValidTo: '2029-10-15 20:41:27'
-      Signature: 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 330000000d690d5d7893d076df00000000000d
-      Version: 3
-      TBS:
-        MD5: 83f69422963f11c3c340b81712eef319
-        SHA1: 0c5e5f24590b53bc291e28583acb78e5adc95601
-        SHA256: d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
-        SHA384: 260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63
-    Signer:
-    - SerialNumber: 3300000057ee4d659a923e7c10000000000057
-      Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2014
-      Version: 1
-  Imphash: c214aac08575c139e48d04f5aee21585
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: malicious
+Commands:
+    Command: sc.exe create Sense5Ext.sys binPath=C:\windows\temp\Sense5Ext.sys type=kernel
+        && sc.exe start Sense5Ext.sys
+    Description: Driver categorized as POORTRY by Mandiant.
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://www.mandiant.com/resources/blog/hunting-attestation-signed-malware
-Tags:
-- Sense5Ext.sys
-Verified: 'TRUE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/7f4555a940ce1156c9bcea9a2a0b801f9a5e44ec9400b61b14a7b1a6404ffdf6.yara
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/42b22faa489b5de936db33f12184f6233198bdf851a18264d31210207827ba25.yara
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_mal_drivers_strict.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 0b2ce413f69677a0bf78a40ed0d081a7
+        SHA1: af83d2f800c68099976dcf75ee31681708d32ed9
+        SHA256: 13cd99ff2120d9fd651814d826b6c8481d549f684a8fbfb2d8775c9faa1c27f5
+    Company: Sense5 CORP
+    Copyright: Copyright (C) 2022
+    CreationTimestamp: '2022-08-22 07:52:21'
+    Date: ''
+    Description: Sense5 Driver
+    ExportedFunctions: ''
+    FileVersion: 2.6.0.0
+    Filename: Sense5Ext.sys
+    ImportedFunctions:
+    - IoGetCurrentProcess
+    - ObReferenceObjectByHandle
+    - ObfDereferenceObject
+    - PsGetCurrentProcessId
+    - NtBuildNumber
+    - RtlTimeToTimeFields
+    - ExSystemTimeToLocalTime
+    - ZwCreateFile
+    - ZwWriteFile
+    - ZwClose
+    - _snprintf
+    - _vsnprintf
+    - ZwQueryInformationFile
+    - ZwReadFile
+    - strcmp
+    - strncmp
+    - RtlCompareMemory
+    - RtlImageNtHeader
+    - RtlCompareUnicodeString
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - isupper
+    - isdigit
+    - tolower
+    - strlen
+    - _stricmp
+    - strstr
+    - wcscat
+    - wcslen
+    - RtlInitAnsiString
+    - RtlQueryRegistryValues
+    - RtlAnsiStringToUnicodeString
+    - RtlCompareUnicodeStrings
+    - ExAllocatePool
+    - MmGetSystemRoutineAddress
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - PsSetCreateProcessNotifyRoutineEx
+    - PsSetLoadImageNotifyRoutine
+    - PsRemoveLoadImageNotifyRoutine
+    - ZwOpenProcess
+    - PsGetProcessPeb
+    - PsGetProcessSessionId
+    - RtlRandomEx
+    - KeBugCheckEx
+    - RtlInitUnicodeString
+    - _stricmp
+    - NtQuerySystemInformation
+    - ZwClose
+    - ZwQueryValueKey
+    - ZwOpenKey
+    - RtlInitUnicodeString
+    - ZwWaitForSingleObject
+    - ZwDeviceIoControlFile
+    - ZwOpenFile
+    - _wcsnicmp
+    - ZwEnumerateKey
+    - ZwCreateEvent
+    - MmGetSystemRoutineAddress
+    - ZwCreateFile
+    - __C_specific_handler
+    - KeSetSystemAffinityThread
+    - KeQueryActiveProcessors
+    - KeQueryTimeIncrement
+    - DbgBreakPointWithStatus
+    - RtlTimeToTimeFields
+    - ExSystemTimeToLocalTime
+    - IoAllocateMdl
+    - IoFreeMdl
+    - MmUnlockPages
+    - MmMapLockedPagesSpecifyCache
+    - MmProbeAndLockPages
+    - KeWaitForSingleObject
+    - KeReleaseMutex
+    - KeInitializeMutex
+    - ExFreePoolWithTag
+    - ExAllocatePool
+    - KeRevertToUserAffinityThread
+    - DbgPrint
+    - KeQueryPerformanceCounter
+    - ExAllocatePool
+    - NtQuerySystemInformation
+    - ExFreePoolWithTag
+    - IoAllocateMdl
+    - MmProbeAndLockPages
+    - MmMapLockedPagesSpecifyCache
+    - MmUnlockPages
+    - IoFreeMdl
+    - KeQueryActiveProcessors
+    - KeSetSystemAffinityThread
+    - KeRevertToUserAffinityThread
+    - DbgPrint
+    - KeQueryPerformanceCounter
+    Imports:
+    - ntoskrnl.exe
+    - ntoskrnl.exe
+    - HAL.dll
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: f9844524fb0009e5b784c21c7bad4220
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: 2.6.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: ffdf660eb1ebf020a1d0a55a90712dfb
+        SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
+        SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
+    SHA1: e6765d8866cad6193df1507c18f31fa7f723ca3e
+    SHA256: 7f4555a940ce1156c9bcea9a2a0b801f9a5e44ec9400b61b14a7b1a6404ffdf6
+    Sections:
+        .text:
+            Entropy: 6.870248263937928
+            Virtual Size: '0x7870'
+        .rdata:
+            Entropy: 5.897354598934941
+            Virtual Size: '0x96c'
+        .data:
+            Entropy: 0.7351616034595755
+            Virtual Size: '0x80190'
+        .pdata:
+            Entropy: 7.583918822532478
+            Virtual Size: '0x288'
+        INIT:
+            Entropy: 7.689240999337947
+            Virtual Size: '0x63c'
+        .gg0:
+            Entropy: 7.616860950546135
+            Virtual Size: '0x2a80df'
+        .gg1:
+            Entropy: 2.618757537927313
+            Virtual Size: '0x3b8'
+        .gg2:
+            Entropy: 7.230402020600491
+            Virtual Size: '0x1975ac'
+        .reloc:
+            Entropy: 4.083360602517506
+            Virtual Size: '0x1b0'
+        .rsrc:
+            Entropy: 3.1369885402408006
+            Virtual Size: '0x260'
+    Signature:
+    - Microsoft Windows Hardware Compatibility Publisher
+    - Microsoft Windows Third Party Component CA 2014
+    - Microsoft Root Certificate Authority 2010
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Hardware Compatibility Publisher
+            ValidFrom: '2022-06-07 18:08:06'
+            ValidTo: '2023-06-01 18:08:06'
+            Signature: 0a835e40cdb627d4f0a0d3dbbf64a46a05c132d0b5df9d11cd9c195d7037737057d57a342732ae68d67de47f460e7211c7c40dc29b0a079caff871c4834a9a2fc85e759de9b78659ad6fd79b7320e538e9ba5d52227ad67cc00b0a770ef662af3d743a558643ad89cfb015591709a69b6271a9b65db71898e7cb9964c6376dc474898301a6133198b486b518fdd9d7b9723dcffc441e026833f7c72e27986026c97b9184a0048b10d1fe6847ae467f02173f7a69120be780e5b6b9e6399402cc58735a31b537cc33578fbea443135a4a612359150bcf9ab316f6a9248bc71ef3f3480b9b3fa2341692bc3a121d80214688f7bd87d5ec56dcbd0ea61abf2c7ed2b739a07590adb596d401735d955f5f94c591d69ab4363a42f9fca549d439495711ff7990448c03724792ed4acf31f2b35b136c1b2f37aa82b1aabf7daf059dcb2e976e95311ec6e9cc53876dd09632cf512d39c801849a7c1088a565691953e07c7ff17b22518e982dd2dcc0feda8c834ca1f5e247aef1c3af5f13cd4b8cc1b6c0179bc876db88d677047c34366533e349796dbdea86389ad640710b7742ae8cc4ec88f10fa80ede4b1c93f81b55480fc8228216d54813df0327e74b3db9f3512a40c0568e4215827f9b7a2613deea72a7ec4df2def05e5559015049fe83edc83300526045cb128119e131b7d3573b268e24b0a25b9ad59f6301c8fc8f409322
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 3300000057ee4d659a923e7c10000000000057
+            Version: 3
+            TBS:
+                MD5: fdc11a5676aed4e9cc0c09eeb7450dfb
+                SHA1: 4902077d9a05d4231b791d3b05bafa4a79132f03
+                SHA256: 5db56c23d83bf67c7152e28ad4a684a7372b4ae4f52afe7a81ce91eef94caec3
+                SHA384: c952d7f0e0ea5216ce4400601fb7c0829f0f3fcd6eb2b5b9112fbe45d133e00c4abd660f8e1794f7ac4ef95123e2c0ab
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2014
+            ValidFrom: '2014-10-15 20:31:27'
+            ValidTo: '2029-10-15 20:41:27'
+            Signature: 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 330000000d690d5d7893d076df00000000000d
+            Version: 3
+            TBS:
+                MD5: 83f69422963f11c3c340b81712eef319
+                SHA1: 0c5e5f24590b53bc291e28583acb78e5adc95601
+                SHA256: d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
+                SHA384: 260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63
+        Signer:
+        -   SerialNumber: 3300000057ee4d659a923e7c10000000000057
+            Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2014
+            Version: 1
+    Imphash: c214aac08575c139e48d04f5aee21585
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 2855f88dffa0bb68f988d5c116b336fb
+        SHA1: 169b81ce8a74d3a404384ad3e90ac3b053323d50
+        SHA256: dcfab3c5f99c15cbb7df17c59914af551b90e0ed3c1dc040bad9927b12b67125
+    Company: Sense5 CORP
+    Copyright: Copyright (C) 2022
+    CreationTimestamp: '2022-08-08 23:58:08'
+    Date: ''
+    Description: Sense5 Driver
+    ExportedFunctions: ''
+    FileVersion: 2.5.0.0
+    Filename: Sense5Ext.sys
+    ImportedFunctions:
+    - IoGetCurrentProcess
+    - ObReferenceObjectByHandle
+    - ObfDereferenceObject
+    - PsGetCurrentProcessId
+    - NtBuildNumber
+    - RtlTimeToTimeFields
+    - ExSystemTimeToLocalTime
+    - ZwCreateFile
+    - ZwWriteFile
+    - ZwClose
+    - _snprintf
+    - _vsnprintf
+    - ZwQueryInformationFile
+    - ZwReadFile
+    - strcmp
+    - strncmp
+    - RtlCompareMemory
+    - RtlImageNtHeader
+    - RtlCompareUnicodeString
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - isupper
+    - isdigit
+    - tolower
+    - strlen
+    - _stricmp
+    - strstr
+    - wcscat
+    - wcslen
+    - RtlInitAnsiString
+    - RtlQueryRegistryValues
+    - RtlAnsiStringToUnicodeString
+    - RtlCompareUnicodeStrings
+    - ExAllocatePool
+    - MmGetSystemRoutineAddress
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - PsSetCreateProcessNotifyRoutineEx
+    - PsSetLoadImageNotifyRoutine
+    - PsRemoveLoadImageNotifyRoutine
+    - ZwOpenProcess
+    - PsGetProcessPeb
+    - PsGetProcessSessionId
+    - RtlRandomEx
+    - KeBugCheckEx
+    - RtlInitUnicodeString
+    - _stricmp
+    - NtQuerySystemInformation
+    - ZwClose
+    - ZwQueryValueKey
+    - ZwOpenKey
+    - RtlInitUnicodeString
+    - ZwWaitForSingleObject
+    - ZwDeviceIoControlFile
+    - ZwOpenFile
+    - _wcsnicmp
+    - ZwEnumerateKey
+    - ZwCreateEvent
+    - MmGetSystemRoutineAddress
+    - ZwCreateFile
+    - __C_specific_handler
+    - KeSetSystemAffinityThread
+    - KeQueryActiveProcessors
+    - KeQueryTimeIncrement
+    - DbgBreakPointWithStatus
+    - RtlTimeToTimeFields
+    - ExSystemTimeToLocalTime
+    - IoAllocateMdl
+    - IoFreeMdl
+    - MmUnlockPages
+    - MmMapLockedPagesSpecifyCache
+    - MmProbeAndLockPages
+    - KeWaitForSingleObject
+    - KeReleaseMutex
+    - KeInitializeMutex
+    - ExFreePoolWithTag
+    - ExAllocatePool
+    - KeRevertToUserAffinityThread
+    - DbgPrint
+    - KeQueryPerformanceCounter
+    - ExAllocatePool
+    - NtQuerySystemInformation
+    - ExFreePoolWithTag
+    - IoAllocateMdl
+    - MmProbeAndLockPages
+    - MmMapLockedPagesSpecifyCache
+    - MmUnlockPages
+    - IoFreeMdl
+    - KeQueryActiveProcessors
+    - KeSetSystemAffinityThread
+    - KeRevertToUserAffinityThread
+    - DbgPrint
+    - KeQueryPerformanceCounter
+    Imports:
+    - ntoskrnl.exe
+    - ntoskrnl.exe
+    - HAL.dll
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: 4e1f656001af3677856f664e96282a6f
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: 2.5.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: ffdf660eb1ebf020a1d0a55a90712dfb
+        SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
+        SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
+    SHA1: bc62fe2b38008f154fc9ea65d851947581b52f49
+    SHA256: 42b22faa489b5de936db33f12184f6233198bdf851a18264d31210207827ba25
+    Sections:
+        .text:
+            Entropy: 6.842945751587992
+            Virtual Size: '0x78c0'
+        .rdata:
+            Entropy: 5.938498750442647
+            Virtual Size: '0x96c'
+        .data:
+            Entropy: 0.7351616034595755
+            Virtual Size: '0x80190'
+        .pdata:
+            Entropy: 7.636341499640352
+            Virtual Size: '0x288'
+        INIT:
+            Entropy: 7.669235447153766
+            Virtual Size: '0x63c'
+        .gg0:
+            Entropy: 7.613447126933157
+            Virtual Size: '0x2a6be8'
+        .gg1:
+            Entropy: 2.624443455503771
+            Virtual Size: '0x3b8'
+        .gg2:
+            Entropy: 7.2332731109027
+            Virtual Size: '0x195c4c'
+        .reloc:
+            Entropy: 4.1612553058698465
+            Virtual Size: '0x178'
+        .rsrc:
+            Entropy: 3.1435087623386986
+            Virtual Size: '0x260'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Hardware Compatibility Publisher
+            ValidFrom: '2022-06-07 18:08:06'
+            ValidTo: '2023-06-01 18:08:06'
+            Signature: 0a835e40cdb627d4f0a0d3dbbf64a46a05c132d0b5df9d11cd9c195d7037737057d57a342732ae68d67de47f460e7211c7c40dc29b0a079caff871c4834a9a2fc85e759de9b78659ad6fd79b7320e538e9ba5d52227ad67cc00b0a770ef662af3d743a558643ad89cfb015591709a69b6271a9b65db71898e7cb9964c6376dc474898301a6133198b486b518fdd9d7b9723dcffc441e026833f7c72e27986026c97b9184a0048b10d1fe6847ae467f02173f7a69120be780e5b6b9e6399402cc58735a31b537cc33578fbea443135a4a612359150bcf9ab316f6a9248bc71ef3f3480b9b3fa2341692bc3a121d80214688f7bd87d5ec56dcbd0ea61abf2c7ed2b739a07590adb596d401735d955f5f94c591d69ab4363a42f9fca549d439495711ff7990448c03724792ed4acf31f2b35b136c1b2f37aa82b1aabf7daf059dcb2e976e95311ec6e9cc53876dd09632cf512d39c801849a7c1088a565691953e07c7ff17b22518e982dd2dcc0feda8c834ca1f5e247aef1c3af5f13cd4b8cc1b6c0179bc876db88d677047c34366533e349796dbdea86389ad640710b7742ae8cc4ec88f10fa80ede4b1c93f81b55480fc8228216d54813df0327e74b3db9f3512a40c0568e4215827f9b7a2613deea72a7ec4df2def05e5559015049fe83edc83300526045cb128119e131b7d3573b268e24b0a25b9ad59f6301c8fc8f409322
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 3300000057ee4d659a923e7c10000000000057
+            Version: 3
+            TBS:
+                MD5: fdc11a5676aed4e9cc0c09eeb7450dfb
+                SHA1: 4902077d9a05d4231b791d3b05bafa4a79132f03
+                SHA256: 5db56c23d83bf67c7152e28ad4a684a7372b4ae4f52afe7a81ce91eef94caec3
+                SHA384: c952d7f0e0ea5216ce4400601fb7c0829f0f3fcd6eb2b5b9112fbe45d133e00c4abd660f8e1794f7ac4ef95123e2c0ab
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2014
+            ValidFrom: '2014-10-15 20:31:27'
+            ValidTo: '2029-10-15 20:41:27'
+            Signature: 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 330000000d690d5d7893d076df00000000000d
+            Version: 3
+            TBS:
+                MD5: 83f69422963f11c3c340b81712eef319
+                SHA1: 0c5e5f24590b53bc291e28583acb78e5adc95601
+                SHA256: d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
+                SHA384: 260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63
+        Signer:
+        -   SerialNumber: 3300000057ee4d659a923e7c10000000000057
+            Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2014
+            Version: 1
+    Imphash: c214aac08575c139e48d04f5aee21585
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/70fa8606-c147-4c40-8b7a-980290075327.yaml b/yaml/70fa8606-c147-4c40-8b7a-980290075327.yaml
index a5babeb0e..32ad32b99 100644
--- a/yaml/70fa8606-c147-4c40-8b7a-980290075327.yaml
+++ b/yaml/70fa8606-c147-4c40-8b7a-980290075327.yaml
@@ -1,448 +1,448 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 70fa8606-c147-4c40-8b7a-980290075327
+Tags:
+- VBoxUSB.Sys
+Verified: 'TRUE'
 Author: Michael Haag
+Created: '2023-07-22'
+MitreID: T1068
 CVE:
 - ''
 Category: vulnerable drivers
 Commands:
-  Command: ''
-  Description: Confirmed vulnerable driver from Microsoft Block List
-  OperatingSystem: Windows
-  Privileges: kernel
-  Usecase: Elevate privileges
-Created: '2023-07-22'
-Detection:
-- type: ''
-  value: ''
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: 70fa8606-c147-4c40-8b7a-980290075327
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: e22b3c91868ed22db04212ba9a5264b6
-    SHA1: 5967c7199681ed30f3cb7c37c0129420a68b4701
-    SHA256: 62a17c9ec21461badecd1c25744a42bf5c9c0ed39b979fb07ca817f30c862a35
-  Company: innotek GmbH
-  Copyright: innotek GmbH
-  CreationTimestamp: '2007-12-29 01:25:17'
-  Date: ''
-  Description: VirtualBox USB driver
-  ExportedFunctions:
-  - AssertMsg1
-  FileVersion: '1.01'
-  Filename: ''
-  ImportedFunctions:
-  - IoDeleteDevice
-  - IoAttachDeviceToDeviceStack
-  - PoSetPowerState
-  - KeInitializeEvent
-  - KeInitializeSpinLock
-  - IoCreateDevice
-  - IofCallDriver
-  - IofCompleteRequest
-  - DbgPrint
-  - memmove
-  - ExAllocatePoolWithTag
-  - InterlockedDecrement
-  - KeWaitForSingleObject
-  - IoBuildDeviceIoControlRequest
-  - KeSetEvent
-  - IoFreeIrp
-  - IoCancelIrp
-  - InterlockedExchange
-  - IoFreeMdl
-  - MmUnlockPages
-  - MmMapLockedPagesSpecifyCache
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - _except_handler3
-  - IoRegisterDeviceInterface
-  - PoRequestPowerIrp
-  - KeSetTimerEx
-  - RtlFreeAnsiString
-  - strncpy
-  - RtlUnicodeStringToAnsiString
-  - RtlInitAnsiString
-  - RtlInitUnicodeString
-  - KeCancelTimer
-  - IoAllocateIrp
-  - KeClearEvent
-  - RtlQueryRegistryValues
-  - wcslen
-  - IoFreeWorkItem
-  - RtlFreeUnicodeString
-  - IoSetDeviceInterfaceState
-  - IoQueueWorkItem
-  - IoAllocateWorkItem
-  - PoStartNextPowerIrp
-  - PoCallDriver
-  - KefAcquireSpinLockAtDpcLevel
-  - IoReleaseCancelSpinLock
-  - IoBuildPartialMdl
-  - MmUnmapLockedPages
-  - IoDetachDevice
-  - IoIsWdmVersionAvailable
-  - KeInitializeDpc
-  - KeInitializeTimerEx
-  - InterlockedIncrement
-  - ExFreePool
-  - KfAcquireSpinLock
-  - KfReleaseSpinLock
-  - _USBD_ParseConfigurationDescriptorEx@28
-  - _USBD_CreateConfigurationRequestEx@8
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  - USBD.SYS
-  InternalName: VBoxUSB.Sys
-  MD5: f142e613d2ebc11c6bec22baf9392337
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: VBoxUSB.Sys
-  PDBPath: ''
-  Product: VirtualBox USB driver
-  ProductVersion: '1.01'
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 3c6327762d0a0553cc2ee0bc584483e0
-    SHA1: 8e63b4b377eb2d18057e4e2c4a43c92de5646aa7
-    SHA256: 933ffa38a2384c2f8b5d1489fab74e9a7f50a8393c4c6b8c02cc22a219558819
-  SHA1: 29930854867211089548d75210950d3236237563
-  SHA256: c509935f3812ad9b363754216561e0a529fc2d5b8e86bfa7302b8d149b7d04aa
-  Sections:
-    .text:
-      Entropy: 6.249679038259272
-      Virtual Size: '0x448e'
-    .rdata:
-      Entropy: 5.193262321101551
-      Virtual Size: '0x5dc'
-    .data:
-      Entropy: 0.41381685030363374
-      Virtual Size: '0xc'
-    .edata:
-      Entropy: 3.418053203814864
-      Virtual Size: '0x49'
-    INIT:
-      Entropy: 5.197785813717649
-      Virtual Size: '0x626'
-    .rsrc:
-      Entropy: 3.218993138682817
-      Virtual Size: '0x330'
-    .reloc:
-      Entropy: 6.536164686331755
-      Virtual Size: '0x474'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=DE, O=InnoTek Systemberatung GmbH, CN=InnoTek Systemberatung GmbH,
-        emailAddress=info@innotek.de
-      ValidFrom: '2007-01-09 12:35:15'
-      ValidTo: '2008-01-09 12:35:15'
-      Signature: afdad3534508399d12ede2f611e2d0eeb79cddeb8193638a13865632fad7e8c879fa7dc83a9731e81f85ceb8bf6ef42b257af4b265a03fa7b445ea06869fda28efe2e0642c277fcb46d1e3d14394a70872581cff992979238c319514f6665e7906c738d7152ce8ae0e5660392ed454ef57309d41a139f32e4ef4ecd1fe9c8560da48ab88522492523bf103ca8a47d3ac853fd6d3502788ef56a107baa0a7335e25dca7dc2aa6456240144ba583c206ec308ba5b04c1be2229126c4d817e723ca2b8eb36d692329e7372e0dc4d78d82ace182d44856e88163ef041e16b415ab851b2dba181948f3c92fbaad952e41e7922e7e5354687f63204e6c76455b01ab5c
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0100000000011006daed6b
-      Version: 3
-      TBS:
-        MD5: bfbe9f4dc7264d47b48dbc2ec48aa897
-        SHA1: 699c3e67f349f262426097a4c9320951f0d56e8f
-        SHA256: 785b2e779c33465eaba8a6326a40af1ff990d22a5493b55ce3c1f3aa04f3b3e2
-        SHA384: 3178625856310ac3802a36f337bf9af1e2b62fbc7881221390cbd8f2e1be0f8d82c165dba90745f99c09c0bad2eced79
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
-        Primary Object Publishing CA
-      ValidFrom: '1999-01-28 12:00:00'
-      ValidTo: '2014-01-27 11:00:00'
-      Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9611cd6
-      Version: 3
-      TBS:
-        MD5: 698f075151097d84c0b1f3e7bc3d6fca
-        SHA1: 041750993d7c9e063f02dfe74699598640911aab
-        SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
-        SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      ValidFrom: '2004-01-22 09:00:00'
-      ValidTo: '2014-01-27 10:00:00'
-      Signature: 11d45d8af43d0d9d7e4fa70071610b56b34caa70e1b2d1dec7886d1d897c2ba946e58b1f8e4cc26695911fe34d394ae31b70b7446edc068a4d6d25e89812dcbca0dd864eae8f81130540905a542529944acaf165b4ef0679dae7cb86f004c918dcee72b320015748dfe333e12ccd9c077f9447278d888d340ca67c5c20c17d07b3736b648c26d29bd7e87965a6a891a174862a050282c1847cf279cd3c2a2b0f99291eea8c8a1ab16aeaa266380e65e1add8c6c91f888d3976ee1782c4138d97ce6341e77af5b4b66c15c33813b3930b620688dde1447f10a950248b60dc05f75ba514b27b56720b96eabffc057090659e051ca4dd07af4b57dec639673bc574
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9612448
-      Version: 3
-      TBS:
-        MD5: 2fc76031fc24eec1ef3db2d246d21d6a
-        SHA1: 75c3a1f76b9dfa31ef6bf56325e7bd0bf6e4779d
-        SHA256: 9238292d441c56dc89684c253343c17de3ed9cecd7f83d1d8f793b5ebc91f7b9
-        SHA384: 9279c1377eb701fdd79ef85038ff151cd8902169ba55fca84b9850f003563f73a1daaf869544252a2e42f06f58d2275f
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 0100000000011006daed6b
-      Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      Version: 1
-  Imphash: 5dc868004c7214c10f9f8aa53947cd3a
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: f5bd837b7d2161050fbd98f598eefe23
-    SHA1: 0b1bd6933058aa655f03244b6ba228301700dfa5
-    SHA256: c2557b448d71c6873bf71f5ab41cc618d12d5c91717bf8738b6b5dce187326c2
-  Company: Sun Microsystems, Inc.
-  Copyright: Sun Microsystems, Inc.
-  CreationTimestamp: '2008-04-30 14:07:14'
-  Date: ''
-  Description: VirtualBox USB driver
-  ExportedFunctions:
-  - AssertMsg1
-  FileVersion: '1.01'
-  Filename: ''
-  ImportedFunctions:
-  - IoDeleteDevice
-  - IoAttachDeviceToDeviceStack
-  - PoSetPowerState
-  - KeInitializeEvent
-  - KeInitializeSpinLock
-  - IoCreateDevice
-  - IofCallDriver
-  - IofCompleteRequest
-  - DbgPrint
-  - memmove
-  - ExAllocatePoolWithTag
-  - InterlockedDecrement
-  - KeWaitForSingleObject
-  - IoBuildDeviceIoControlRequest
-  - KeSetEvent
-  - IoFreeIrp
-  - IoCancelIrp
-  - InterlockedExchange
-  - IoAllocateIrp
-  - IoFreeMdl
-  - MmUnlockPages
-  - MmMapLockedPagesSpecifyCache
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - IoRegisterDeviceInterface
-  - InterlockedIncrement
-  - PoRequestPowerIrp
-  - KeSetTimerEx
-  - RtlFreeAnsiString
-  - strncpy
-  - RtlUnicodeStringToAnsiString
-  - RtlInitAnsiString
-  - RtlInitUnicodeString
-  - KeCancelTimer
-  - KeClearEvent
-  - RtlQueryRegistryValues
-  - wcslen
-  - IoFreeWorkItem
-  - IoSetDeviceInterfaceState
-  - RtlFreeUnicodeString
-  - IoQueueWorkItem
-  - IoAllocateWorkItem
-  - PoStartNextPowerIrp
-  - PoCallDriver
-  - KefAcquireSpinLockAtDpcLevel
-  - IoReleaseCancelSpinLock
-  - IoBuildPartialMdl
-  - MmUnmapLockedPages
-  - IoDetachDevice
-  - IoIsWdmVersionAvailable
-  - KeInitializeDpc
-  - KeInitializeTimerEx
-  - _except_handler3
-  - ExFreePool
-  - KfAcquireSpinLock
-  - KfReleaseSpinLock
-  - _USBD_ParseConfigurationDescriptorEx@28
-  - _USBD_CreateConfigurationRequestEx@8
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  - USBD.SYS
-  InternalName: VBoxUSB.Sys
-  MD5: 667843470a9f0e910c65cb41a749d104
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: VBoxUSB.Sys
-  PDBPath: ''
-  Product: VirtualBox USB driver
-  ProductVersion: '1.01'
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 3c6327762d0a0553cc2ee0bc584483e0
-    SHA1: 8e63b4b377eb2d18057e4e2c4a43c92de5646aa7
-    SHA256: 933ffa38a2384c2f8b5d1489fab74e9a7f50a8393c4c6b8c02cc22a219558819
-  SHA1: f1b602cdada1de1211a3d08392840c52d8748cde
-  SHA256: 5b26c4678ecd37d1829513f41ff9e9df9ef1d1d6fea9e3d477353c90cc915291
-  Sections:
-    .text:
-      Entropy: 6.230053820438241
-      Virtual Size: '0x49de'
-    .rdata:
-      Entropy: 5.273330041253125
-      Virtual Size: '0x5e8'
-    .data:
-      Entropy: 0.41381685030363374
-      Virtual Size: '0xc'
-    .edata:
-      Entropy: 3.418053203814864
-      Virtual Size: '0x49'
-    INIT:
-      Entropy: 5.235956163867849
-      Virtual Size: '0x626'
-    .rsrc:
-      Entropy: 3.212651091576294
-      Virtual Size: '0x358'
-    .reloc:
-      Entropy: 6.553128904591033
-      Virtual Size: '0x4a6'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=DE, O=innotek GmbH, CN=innotek GmbH, emailAddress=info@innotek.de
-      ValidFrom: '2007-12-27 14:37:17'
-      ValidTo: '2010-12-27 14:37:17'
-      Signature: 2a6d31919705290526ee3286d2825883af75a52ec1257276e9ab0eeff47a83adeab4bc2068eb7f76f84a356d466012e17b91d4f5c2913d28c73ee15018243e2ba7487f70d21f954eeeefb9854fc980d1ee61bf9a779e6e9a661938d7d9d6d101ddb49a9917264622f0ce4d63ac106b50769c38e9361a34f6cf5c5cae3ef50eb2a49d0f02c001af28d1f1fe250f2c99e5436b485a107eab17295180e5750eb31faee1ea0937a827bc140906a014b85409d8c48afbfcee20bf53f4e74661c1f555823c4bee18fde06e1e3e44fb8930e3ea84385e5006fd994fe8e69205a84ed7ed0f25c7b9f8fcb6f7d5b30188c27bf99050175afb1fc60f89ed2462ce999ca5dc
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 010000000001171c092665
-      Version: 3
-      TBS:
-        MD5: 5cfd8530475b20ed5a2bed70b37ee977
-        SHA1: 4761dbd41ba2b01f21b9306ca21e8add93a30f09
-        SHA256: 219041cc8d9e3248c69d9b116d440a0bbaa6aa500aa0c5de2d5af15908d83c7f
-        SHA384: 46dcdf272bf47e608519abe5183dae12858d1b3763b78d7f5212be2adc021325e7f7a2ff3e18cc9b5307f43a61b184c5
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
-        Primary Object Publishing CA
-      ValidFrom: '1999-01-28 12:00:00'
-      ValidTo: '2014-01-27 11:00:00'
-      Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9611cd6
-      Version: 3
-      TBS:
-        MD5: 698f075151097d84c0b1f3e7bc3d6fca
-        SHA1: 041750993d7c9e063f02dfe74699598640911aab
-        SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
-        SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      ValidFrom: '2004-01-22 09:00:00'
-      ValidTo: '2014-01-27 10:00:00'
-      Signature: 11d45d8af43d0d9d7e4fa70071610b56b34caa70e1b2d1dec7886d1d897c2ba946e58b1f8e4cc26695911fe34d394ae31b70b7446edc068a4d6d25e89812dcbca0dd864eae8f81130540905a542529944acaf165b4ef0679dae7cb86f004c918dcee72b320015748dfe333e12ccd9c077f9447278d888d340ca67c5c20c17d07b3736b648c26d29bd7e87965a6a891a174862a050282c1847cf279cd3c2a2b0f99291eea8c8a1ab16aeaa266380e65e1add8c6c91f888d3976ee1782c4138d97ce6341e77af5b4b66c15c33813b3930b620688dde1447f10a950248b60dc05f75ba514b27b56720b96eabffc057090659e051ca4dd07af4b57dec639673bc574
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9612448
-      Version: 3
-      TBS:
-        MD5: 2fc76031fc24eec1ef3db2d246d21d6a
-        SHA1: 75c3a1f76b9dfa31ef6bf56325e7bd0bf6e4779d
-        SHA256: 9238292d441c56dc89684c253343c17de3ed9cecd7f83d1d8f793b5ebc91f7b9
-        SHA384: 9279c1377eb701fdd79ef85038ff151cd8902169ba55fca84b9850f003563f73a1daaf869544252a2e42f06f58d2275f
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 010000000001171c092665
-      Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      Version: 1
-  Imphash: bda5fae6640f659c3a67cb8962317e29
-  LoadsDespiteHVCI: 'FALSE'
-MitreID: T1068
+    Command: ''
+    Description: Confirmed vulnerable driver from Microsoft Block List
+    OperatingSystem: Windows
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://gist.github.com/mgraeber-rc/1bde6a2a83237f17b463d051d32e802c
-Tags:
-- VBoxUSB.Sys
-Verified: 'TRUE'
+Detection:
+-   type: ''
+    value: ''
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: e22b3c91868ed22db04212ba9a5264b6
+        SHA1: 5967c7199681ed30f3cb7c37c0129420a68b4701
+        SHA256: 62a17c9ec21461badecd1c25744a42bf5c9c0ed39b979fb07ca817f30c862a35
+    Company: innotek GmbH
+    Copyright: innotek GmbH
+    CreationTimestamp: '2007-12-29 01:25:17'
+    Date: ''
+    Description: VirtualBox USB driver
+    ExportedFunctions:
+    - AssertMsg1
+    FileVersion: '1.01'
+    Filename: ''
+    ImportedFunctions:
+    - IoDeleteDevice
+    - IoAttachDeviceToDeviceStack
+    - PoSetPowerState
+    - KeInitializeEvent
+    - KeInitializeSpinLock
+    - IoCreateDevice
+    - IofCallDriver
+    - IofCompleteRequest
+    - DbgPrint
+    - memmove
+    - ExAllocatePoolWithTag
+    - InterlockedDecrement
+    - KeWaitForSingleObject
+    - IoBuildDeviceIoControlRequest
+    - KeSetEvent
+    - IoFreeIrp
+    - IoCancelIrp
+    - InterlockedExchange
+    - IoFreeMdl
+    - MmUnlockPages
+    - MmMapLockedPagesSpecifyCache
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - _except_handler3
+    - IoRegisterDeviceInterface
+    - PoRequestPowerIrp
+    - KeSetTimerEx
+    - RtlFreeAnsiString
+    - strncpy
+    - RtlUnicodeStringToAnsiString
+    - RtlInitAnsiString
+    - RtlInitUnicodeString
+    - KeCancelTimer
+    - IoAllocateIrp
+    - KeClearEvent
+    - RtlQueryRegistryValues
+    - wcslen
+    - IoFreeWorkItem
+    - RtlFreeUnicodeString
+    - IoSetDeviceInterfaceState
+    - IoQueueWorkItem
+    - IoAllocateWorkItem
+    - PoStartNextPowerIrp
+    - PoCallDriver
+    - KefAcquireSpinLockAtDpcLevel
+    - IoReleaseCancelSpinLock
+    - IoBuildPartialMdl
+    - MmUnmapLockedPages
+    - IoDetachDevice
+    - IoIsWdmVersionAvailable
+    - KeInitializeDpc
+    - KeInitializeTimerEx
+    - InterlockedIncrement
+    - ExFreePool
+    - KfAcquireSpinLock
+    - KfReleaseSpinLock
+    - _USBD_ParseConfigurationDescriptorEx@28
+    - _USBD_CreateConfigurationRequestEx@8
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    - USBD.SYS
+    InternalName: VBoxUSB.Sys
+    MD5: f142e613d2ebc11c6bec22baf9392337
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: VBoxUSB.Sys
+    PDBPath: ''
+    Product: VirtualBox USB driver
+    ProductVersion: '1.01'
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 3c6327762d0a0553cc2ee0bc584483e0
+        SHA1: 8e63b4b377eb2d18057e4e2c4a43c92de5646aa7
+        SHA256: 933ffa38a2384c2f8b5d1489fab74e9a7f50a8393c4c6b8c02cc22a219558819
+    SHA1: 29930854867211089548d75210950d3236237563
+    SHA256: c509935f3812ad9b363754216561e0a529fc2d5b8e86bfa7302b8d149b7d04aa
+    Sections:
+        .text:
+            Entropy: 6.249679038259272
+            Virtual Size: '0x448e'
+        .rdata:
+            Entropy: 5.193262321101551
+            Virtual Size: '0x5dc'
+        .data:
+            Entropy: 0.41381685030363374
+            Virtual Size: '0xc'
+        .edata:
+            Entropy: 3.418053203814864
+            Virtual Size: '0x49'
+        INIT:
+            Entropy: 5.197785813717649
+            Virtual Size: '0x626'
+        .rsrc:
+            Entropy: 3.218993138682817
+            Virtual Size: '0x330'
+        .reloc:
+            Entropy: 6.536164686331755
+            Virtual Size: '0x474'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=DE, O=InnoTek Systemberatung GmbH, CN=InnoTek Systemberatung
+                GmbH, emailAddress=info@innotek.de
+            ValidFrom: '2007-01-09 12:35:15'
+            ValidTo: '2008-01-09 12:35:15'
+            Signature: afdad3534508399d12ede2f611e2d0eeb79cddeb8193638a13865632fad7e8c879fa7dc83a9731e81f85ceb8bf6ef42b257af4b265a03fa7b445ea06869fda28efe2e0642c277fcb46d1e3d14394a70872581cff992979238c319514f6665e7906c738d7152ce8ae0e5660392ed454ef57309d41a139f32e4ef4ecd1fe9c8560da48ab88522492523bf103ca8a47d3ac853fd6d3502788ef56a107baa0a7335e25dca7dc2aa6456240144ba583c206ec308ba5b04c1be2229126c4d817e723ca2b8eb36d692329e7372e0dc4d78d82ace182d44856e88163ef041e16b415ab851b2dba181948f3c92fbaad952e41e7922e7e5354687f63204e6c76455b01ab5c
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0100000000011006daed6b
+            Version: 3
+            TBS:
+                MD5: bfbe9f4dc7264d47b48dbc2ec48aa897
+                SHA1: 699c3e67f349f262426097a4c9320951f0d56e8f
+                SHA256: 785b2e779c33465eaba8a6326a40af1ff990d22a5493b55ce3c1f3aa04f3b3e2
+                SHA384: 3178625856310ac3802a36f337bf9af1e2b62fbc7881221390cbd8f2e1be0f8d82c165dba90745f99c09c0bad2eced79
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
+                Primary Object Publishing CA
+            ValidFrom: '1999-01-28 12:00:00'
+            ValidTo: '2014-01-27 11:00:00'
+            Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9611cd6
+            Version: 3
+            TBS:
+                MD5: 698f075151097d84c0b1f3e7bc3d6fca
+                SHA1: 041750993d7c9e063f02dfe74699598640911aab
+                SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
+                SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            ValidFrom: '2004-01-22 09:00:00'
+            ValidTo: '2014-01-27 10:00:00'
+            Signature: 11d45d8af43d0d9d7e4fa70071610b56b34caa70e1b2d1dec7886d1d897c2ba946e58b1f8e4cc26695911fe34d394ae31b70b7446edc068a4d6d25e89812dcbca0dd864eae8f81130540905a542529944acaf165b4ef0679dae7cb86f004c918dcee72b320015748dfe333e12ccd9c077f9447278d888d340ca67c5c20c17d07b3736b648c26d29bd7e87965a6a891a174862a050282c1847cf279cd3c2a2b0f99291eea8c8a1ab16aeaa266380e65e1add8c6c91f888d3976ee1782c4138d97ce6341e77af5b4b66c15c33813b3930b620688dde1447f10a950248b60dc05f75ba514b27b56720b96eabffc057090659e051ca4dd07af4b57dec639673bc574
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9612448
+            Version: 3
+            TBS:
+                MD5: 2fc76031fc24eec1ef3db2d246d21d6a
+                SHA1: 75c3a1f76b9dfa31ef6bf56325e7bd0bf6e4779d
+                SHA256: 9238292d441c56dc89684c253343c17de3ed9cecd7f83d1d8f793b5ebc91f7b9
+                SHA384: 9279c1377eb701fdd79ef85038ff151cd8902169ba55fca84b9850f003563f73a1daaf869544252a2e42f06f58d2275f
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 0100000000011006daed6b
+            Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            Version: 1
+    Imphash: 5dc868004c7214c10f9f8aa53947cd3a
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: f5bd837b7d2161050fbd98f598eefe23
+        SHA1: 0b1bd6933058aa655f03244b6ba228301700dfa5
+        SHA256: c2557b448d71c6873bf71f5ab41cc618d12d5c91717bf8738b6b5dce187326c2
+    Company: Sun Microsystems, Inc.
+    Copyright: Sun Microsystems, Inc.
+    CreationTimestamp: '2008-04-30 14:07:14'
+    Date: ''
+    Description: VirtualBox USB driver
+    ExportedFunctions:
+    - AssertMsg1
+    FileVersion: '1.01'
+    Filename: ''
+    ImportedFunctions:
+    - IoDeleteDevice
+    - IoAttachDeviceToDeviceStack
+    - PoSetPowerState
+    - KeInitializeEvent
+    - KeInitializeSpinLock
+    - IoCreateDevice
+    - IofCallDriver
+    - IofCompleteRequest
+    - DbgPrint
+    - memmove
+    - ExAllocatePoolWithTag
+    - InterlockedDecrement
+    - KeWaitForSingleObject
+    - IoBuildDeviceIoControlRequest
+    - KeSetEvent
+    - IoFreeIrp
+    - IoCancelIrp
+    - InterlockedExchange
+    - IoAllocateIrp
+    - IoFreeMdl
+    - MmUnlockPages
+    - MmMapLockedPagesSpecifyCache
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - IoRegisterDeviceInterface
+    - InterlockedIncrement
+    - PoRequestPowerIrp
+    - KeSetTimerEx
+    - RtlFreeAnsiString
+    - strncpy
+    - RtlUnicodeStringToAnsiString
+    - RtlInitAnsiString
+    - RtlInitUnicodeString
+    - KeCancelTimer
+    - KeClearEvent
+    - RtlQueryRegistryValues
+    - wcslen
+    - IoFreeWorkItem
+    - IoSetDeviceInterfaceState
+    - RtlFreeUnicodeString
+    - IoQueueWorkItem
+    - IoAllocateWorkItem
+    - PoStartNextPowerIrp
+    - PoCallDriver
+    - KefAcquireSpinLockAtDpcLevel
+    - IoReleaseCancelSpinLock
+    - IoBuildPartialMdl
+    - MmUnmapLockedPages
+    - IoDetachDevice
+    - IoIsWdmVersionAvailable
+    - KeInitializeDpc
+    - KeInitializeTimerEx
+    - _except_handler3
+    - ExFreePool
+    - KfAcquireSpinLock
+    - KfReleaseSpinLock
+    - _USBD_ParseConfigurationDescriptorEx@28
+    - _USBD_CreateConfigurationRequestEx@8
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    - USBD.SYS
+    InternalName: VBoxUSB.Sys
+    MD5: 667843470a9f0e910c65cb41a749d104
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: VBoxUSB.Sys
+    PDBPath: ''
+    Product: VirtualBox USB driver
+    ProductVersion: '1.01'
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 3c6327762d0a0553cc2ee0bc584483e0
+        SHA1: 8e63b4b377eb2d18057e4e2c4a43c92de5646aa7
+        SHA256: 933ffa38a2384c2f8b5d1489fab74e9a7f50a8393c4c6b8c02cc22a219558819
+    SHA1: f1b602cdada1de1211a3d08392840c52d8748cde
+    SHA256: 5b26c4678ecd37d1829513f41ff9e9df9ef1d1d6fea9e3d477353c90cc915291
+    Sections:
+        .text:
+            Entropy: 6.230053820438241
+            Virtual Size: '0x49de'
+        .rdata:
+            Entropy: 5.273330041253125
+            Virtual Size: '0x5e8'
+        .data:
+            Entropy: 0.41381685030363374
+            Virtual Size: '0xc'
+        .edata:
+            Entropy: 3.418053203814864
+            Virtual Size: '0x49'
+        INIT:
+            Entropy: 5.235956163867849
+            Virtual Size: '0x626'
+        .rsrc:
+            Entropy: 3.212651091576294
+            Virtual Size: '0x358'
+        .reloc:
+            Entropy: 6.553128904591033
+            Virtual Size: '0x4a6'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=DE, O=innotek GmbH, CN=innotek GmbH, emailAddress=info@innotek.de
+            ValidFrom: '2007-12-27 14:37:17'
+            ValidTo: '2010-12-27 14:37:17'
+            Signature: 2a6d31919705290526ee3286d2825883af75a52ec1257276e9ab0eeff47a83adeab4bc2068eb7f76f84a356d466012e17b91d4f5c2913d28c73ee15018243e2ba7487f70d21f954eeeefb9854fc980d1ee61bf9a779e6e9a661938d7d9d6d101ddb49a9917264622f0ce4d63ac106b50769c38e9361a34f6cf5c5cae3ef50eb2a49d0f02c001af28d1f1fe250f2c99e5436b485a107eab17295180e5750eb31faee1ea0937a827bc140906a014b85409d8c48afbfcee20bf53f4e74661c1f555823c4bee18fde06e1e3e44fb8930e3ea84385e5006fd994fe8e69205a84ed7ed0f25c7b9f8fcb6f7d5b30188c27bf99050175afb1fc60f89ed2462ce999ca5dc
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 010000000001171c092665
+            Version: 3
+            TBS:
+                MD5: 5cfd8530475b20ed5a2bed70b37ee977
+                SHA1: 4761dbd41ba2b01f21b9306ca21e8add93a30f09
+                SHA256: 219041cc8d9e3248c69d9b116d440a0bbaa6aa500aa0c5de2d5af15908d83c7f
+                SHA384: 46dcdf272bf47e608519abe5183dae12858d1b3763b78d7f5212be2adc021325e7f7a2ff3e18cc9b5307f43a61b184c5
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
+                Primary Object Publishing CA
+            ValidFrom: '1999-01-28 12:00:00'
+            ValidTo: '2014-01-27 11:00:00'
+            Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9611cd6
+            Version: 3
+            TBS:
+                MD5: 698f075151097d84c0b1f3e7bc3d6fca
+                SHA1: 041750993d7c9e063f02dfe74699598640911aab
+                SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
+                SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            ValidFrom: '2004-01-22 09:00:00'
+            ValidTo: '2014-01-27 10:00:00'
+            Signature: 11d45d8af43d0d9d7e4fa70071610b56b34caa70e1b2d1dec7886d1d897c2ba946e58b1f8e4cc26695911fe34d394ae31b70b7446edc068a4d6d25e89812dcbca0dd864eae8f81130540905a542529944acaf165b4ef0679dae7cb86f004c918dcee72b320015748dfe333e12ccd9c077f9447278d888d340ca67c5c20c17d07b3736b648c26d29bd7e87965a6a891a174862a050282c1847cf279cd3c2a2b0f99291eea8c8a1ab16aeaa266380e65e1add8c6c91f888d3976ee1782c4138d97ce6341e77af5b4b66c15c33813b3930b620688dde1447f10a950248b60dc05f75ba514b27b56720b96eabffc057090659e051ca4dd07af4b57dec639673bc574
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9612448
+            Version: 3
+            TBS:
+                MD5: 2fc76031fc24eec1ef3db2d246d21d6a
+                SHA1: 75c3a1f76b9dfa31ef6bf56325e7bd0bf6e4779d
+                SHA256: 9238292d441c56dc89684c253343c17de3ed9cecd7f83d1d8f793b5ebc91f7b9
+                SHA384: 9279c1377eb701fdd79ef85038ff151cd8902169ba55fca84b9850f003563f73a1daaf869544252a2e42f06f58d2275f
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 010000000001171c092665
+            Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            Version: 1
+    Imphash: bda5fae6640f659c3a67cb8962317e29
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/7196366e-04f0-4aaf-9184-ed0a0d21a75f.yaml b/yaml/7196366e-04f0-4aaf-9184-ed0a0d21a75f.yaml
index 4bb36142e..51fe33ea2 100644
--- a/yaml/7196366e-04f0-4aaf-9184-ed0a0d21a75f.yaml
+++ b/yaml/7196366e-04f0-4aaf-9184-ed0a0d21a75f.yaml
@@ -1,35 +1,35 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 7196366e-04f0-4aaf-9184-ed0a0d21a75f
+Tags:
+- t7.sys
+Verified: 'FALSE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create t7.sys binPath=C:\windows\temp\t7.sys type=kernel && sc.exe
-    start t7.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection: []
-Id: 7196366e-04f0-4aaf-9184-ed0a0d21a75f
-KnownVulnerableSamples:
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: t7.sys
-  MachineType: ''
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA256: be03e9541f56ac6ed1e81407dcd7cc85c0ffc538c3c2c2c8a9c747edbcf13100
-  Signature: []
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create t7.sys binPath=C:\windows\temp\t7.sys type=kernel && sc.exe
+        start t7.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules
-Tags:
-- t7.sys
-Verified: 'FALSE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: t7.sys
+    MachineType: ''
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA256: be03e9541f56ac6ed1e81407dcd7cc85c0ffc538c3c2c2c8a9c747edbcf13100
+    Signature: []
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/722772ee-a461-48ec-933d-f3df1578963e.yaml b/yaml/722772ee-a461-48ec-933d-f3df1578963e.yaml
index 5c852446d..7b400dc51 100644
--- a/yaml/722772ee-a461-48ec-933d-f3df1578963e.yaml
+++ b/yaml/722772ee-a461-48ec-933d-f3df1578963e.yaml
@@ -1,234 +1,234 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 722772ee-a461-48ec-933d-f3df1578963e
+Tags:
+- BlackBoneDrv10.sys
+Verified: 'FALSE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create BlackBoneDrv10.sys binPath=C:\windows\temp\BlackBoneDrv10.sys     type=kernel
-    && sc.exe start BlackBoneDrv10.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection: []
-Id: 722772ee-a461-48ec-933d-f3df1578963e
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 068d02b18a4c87366e8d54200f319e50
-    SHA1: 79ef55ea5d6cab924abb722d501e9b950fdae904
-    SHA256: a4ac619fb531793945ad4c72bdd809ebd38512fc234aa452cb8364ee05465a7b
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2020-08-22 02:28:52'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: BlackBoneDrv10.sys
-  ImportedFunctions:
-  - RtlUnicodeStringToInteger
-  - RtlInitAnsiString
-  - DbgPrintEx
-  - RtlGetVersion
-  - KeInitializeGuardedMutex
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ZwClose
-  - ZwOpenKey
-  - ZwQueryValueKey
-  - RtlInitializeGenericTableAvl
-  - RtlCompareString
-  - PsSetCreateProcessNotifyRoutine
-  - RtlImageNtHeader
-  - IofCompleteRequest
-  - RtlInitUnicodeString
-  - KeDelayExecutionThread
-  - ProbeForRead
-  - IoGetCurrentProcess
-  - ObfDereferenceObject
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - PsIsThreadTerminating
-  - PsLookupProcessByProcessId
-  - ZwAllocateVirtualMemory
-  - ZwFreeVirtualMemory
-  - PsGetProcessWow64Process
-  - PsIsProtectedProcess
-  - ZwProtectVirtualMemory
-  - __C_specific_handler
-  - RtlImageDirectoryEntryToData
-  - RtlAnsiStringToUnicodeString
-  - RtlCompareUnicodeString
-  - RtlAppendUnicodeToString
-  - RtlFreeUnicodeString
-  - KeWaitForSingleObject
-  - MmMapLockedPagesSpecifyCache
-  - MmAllocatePagesForMdl
-  - MmFreePagesFromMdl
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - PsWrapApcWow64Thread
-  - ObReferenceObjectByHandle
-  - ZwCreateFile
-  - ZwQueryInformationFile
-  - ZwReadFile
-  - PsGetCurrentThreadId
-  - PsGetProcessId
-  - PsLookupThreadByThreadId
-  - ZwWaitForSingleObject
-  - ZwQuerySystemInformation
-  - ZwQueryInformationThread
-  - PsGetProcessPeb
-  - PsGetThreadTeb
-  - PsGetCurrentProcessWow64Process
-  - KeTestAlertThread
-  - KeInitializeApc
-  - KeInsertQueueApc
-  - PsThreadType
-  - RtlCopyUnicodeString
-  - KeResetEvent
-  - ZwWriteFile
-  - RtlRandomEx
-  - RtlCreateUnicodeString
-  - RtlDowncaseUnicodeString
-  - ZwCreateEvent
-  - ZwDeleteFile
-  - ZwQueryInformationProcess
-  - _vsnwprintf
-  - ExEventObjectType
-  - KeAcquireGuardedMutex
-  - KeReleaseGuardedMutex
-  - MmGetSystemRoutineAddress
-  - RtlCaptureContext
-  - KeCapturePersistentThreadState
-  - ProbeForWrite
-  - MmProbeAndLockPages
-  - MmUnlockPages
-  - MmBuildMdlForNonPagedPool
-  - MmUnmapLockedPages
-  - IoAllocateMdl
-  - IoFreeMdl
-  - ObCloseHandle
-  - ZwOpenFile
-  - RtlInsertElementGenericTableAvl
-  - RtlDeleteElementGenericTableAvl
-  - RtlLookupElementGenericTableAvl
-  - RtlEnumerateGenericTableAvl
-  - RtlIsGenericTableEmptyAvl
-  - PsGetCurrentProcessId
-  - ZwQueryVirtualMemory
-  - MmHighestUserAddress
-  - MmCopyVirtualMemory
-  - ExEnumHandleTable
-  - ExfUnblockPushLock
-  - RtlCompareUnicodeStrings
-  Imports:
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: f7393fb917aed182e4cbef25ce8af950
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 8ae03f4a21c195de4eeb96ec5dae9b7a
-    SHA1: 93e1d3ff812963175c270d4f8c23c6cface99c06
-    SHA256: d372fd5e9e55f5a8a5719a0691ead276968e1666719a27dcc6967d4f745dfd6d
-  SHA1: 3ee2fd08137e9262d2e911158090e4a7c7427ea0
-  SHA256: f51bdb0ad924178131c21e39a8ccd191e46b5512b0f2e1cc8486f63e84e5d960
-  Sections:
-    .text:
-      Entropy: 6.43962487299422
-      Virtual Size: '0x1a5a'
-    .rdata:
-      Entropy: 4.697945169758717
-      Virtual Size: '0xf5c'
-    .data:
-      Entropy: 1.0815311650012875
-      Virtual Size: '0x570'
-    .pdata:
-      Entropy: 4.50622088620596
-      Virtual Size: '0x4ec'
-    PAGE:
-      Entropy: 6.481384276672756
-      Virtual Size: '0x9935'
-    INIT:
-      Entropy: 6.131034821076418
-      Virtual Size: '0x1ca6'
-    .reloc:
-      Entropy: 2.708694969562842
-      Virtual Size: '0x14'
-  Signature:
-  - Nanjing Zhixiao Information Technology Co.,Ltd
-  - VeriSign Class 3 Code Signing 2010 CA
-  - VeriSign
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=CN, ST=Jiangsu, L=Nanjing, O=Nanjing Zhixiao Information Technology
-        Co.,Ltd, OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=Nanjing
-        Zhixiao Information Technology Co.,Ltd
-      ValidFrom: '2013-11-14 00:00:00'
-      ValidTo: '2014-11-14 23:59:59'
-      Signature: 88a030b879440999e5a66689adae51847fe59596574be2288fb361a7e5b00229efe74d69db86c75590c5e826c268678647664010a9e9c710e4aa4c6b2f6f6a3b9f7530664feae19ab86797591da69186ab36046efbe764c6e17eff1444a78ef3df601a66614e80d30b2447ed7224fdede1ac5aaa8baa0165fdc8382e344f7dcc6a18fb6b621d47076bf1f7d639a36fc494163633c431a404e75fa34097c9e378e2db12299f9579bbcf9bf27a76d66ecfbefcce02c97f5c53487885a4768daba930de4fcf6952f30b466fa454c01983345de51c11eb6bafc45881b66d26d0ee4eec1b7096f0b63c2b1a440077a71b4ff26e543601c0a2e00f648957c04aa8a8a0
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 20e65f5d29b5822410504b1ac183ca3d
-      Version: 3
-      TBS:
-        MD5: 8219b89810131cf32fbe06e74b40f51f
-        SHA1: f5e1c4d98f9ce552ead3776c16f3ad91fe5f3984
-        SHA256: 82d80ae75a0d82b17f868b4400e7f0139954c8b42d529cb4126f49bc64b01fab
-        SHA384: f635a792b1fb34fe16b37ab3db2808ce1d286620241239204b31299366b68015957f103ccb6a502a5aaff0094157c8e1
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 20e65f5d29b5822410504b1ac183ca3d
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 5988ec9f159fefbdf89d893aa634dd92
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create BlackBoneDrv10.sys binPath=C:\windows\temp\BlackBoneDrv10.sys     type=kernel
+        && sc.exe start BlackBoneDrv10.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules
-Tags:
-- BlackBoneDrv10.sys
-Verified: 'FALSE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 068d02b18a4c87366e8d54200f319e50
+        SHA1: 79ef55ea5d6cab924abb722d501e9b950fdae904
+        SHA256: a4ac619fb531793945ad4c72bdd809ebd38512fc234aa452cb8364ee05465a7b
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2020-08-22 02:28:52'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: BlackBoneDrv10.sys
+    ImportedFunctions:
+    - RtlUnicodeStringToInteger
+    - RtlInitAnsiString
+    - DbgPrintEx
+    - RtlGetVersion
+    - KeInitializeGuardedMutex
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - ZwClose
+    - ZwOpenKey
+    - ZwQueryValueKey
+    - RtlInitializeGenericTableAvl
+    - RtlCompareString
+    - PsSetCreateProcessNotifyRoutine
+    - RtlImageNtHeader
+    - IofCompleteRequest
+    - RtlInitUnicodeString
+    - KeDelayExecutionThread
+    - ProbeForRead
+    - IoGetCurrentProcess
+    - ObfDereferenceObject
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - PsIsThreadTerminating
+    - PsLookupProcessByProcessId
+    - ZwAllocateVirtualMemory
+    - ZwFreeVirtualMemory
+    - PsGetProcessWow64Process
+    - PsIsProtectedProcess
+    - ZwProtectVirtualMemory
+    - __C_specific_handler
+    - RtlImageDirectoryEntryToData
+    - RtlAnsiStringToUnicodeString
+    - RtlCompareUnicodeString
+    - RtlAppendUnicodeToString
+    - RtlFreeUnicodeString
+    - KeWaitForSingleObject
+    - MmMapLockedPagesSpecifyCache
+    - MmAllocatePagesForMdl
+    - MmFreePagesFromMdl
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - PsWrapApcWow64Thread
+    - ObReferenceObjectByHandle
+    - ZwCreateFile
+    - ZwQueryInformationFile
+    - ZwReadFile
+    - PsGetCurrentThreadId
+    - PsGetProcessId
+    - PsLookupThreadByThreadId
+    - ZwWaitForSingleObject
+    - ZwQuerySystemInformation
+    - ZwQueryInformationThread
+    - PsGetProcessPeb
+    - PsGetThreadTeb
+    - PsGetCurrentProcessWow64Process
+    - KeTestAlertThread
+    - KeInitializeApc
+    - KeInsertQueueApc
+    - PsThreadType
+    - RtlCopyUnicodeString
+    - KeResetEvent
+    - ZwWriteFile
+    - RtlRandomEx
+    - RtlCreateUnicodeString
+    - RtlDowncaseUnicodeString
+    - ZwCreateEvent
+    - ZwDeleteFile
+    - ZwQueryInformationProcess
+    - _vsnwprintf
+    - ExEventObjectType
+    - KeAcquireGuardedMutex
+    - KeReleaseGuardedMutex
+    - MmGetSystemRoutineAddress
+    - RtlCaptureContext
+    - KeCapturePersistentThreadState
+    - ProbeForWrite
+    - MmProbeAndLockPages
+    - MmUnlockPages
+    - MmBuildMdlForNonPagedPool
+    - MmUnmapLockedPages
+    - IoAllocateMdl
+    - IoFreeMdl
+    - ObCloseHandle
+    - ZwOpenFile
+    - RtlInsertElementGenericTableAvl
+    - RtlDeleteElementGenericTableAvl
+    - RtlLookupElementGenericTableAvl
+    - RtlEnumerateGenericTableAvl
+    - RtlIsGenericTableEmptyAvl
+    - PsGetCurrentProcessId
+    - ZwQueryVirtualMemory
+    - MmHighestUserAddress
+    - MmCopyVirtualMemory
+    - ExEnumHandleTable
+    - ExfUnblockPushLock
+    - RtlCompareUnicodeStrings
+    Imports:
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: f7393fb917aed182e4cbef25ce8af950
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 8ae03f4a21c195de4eeb96ec5dae9b7a
+        SHA1: 93e1d3ff812963175c270d4f8c23c6cface99c06
+        SHA256: d372fd5e9e55f5a8a5719a0691ead276968e1666719a27dcc6967d4f745dfd6d
+    SHA1: 3ee2fd08137e9262d2e911158090e4a7c7427ea0
+    SHA256: f51bdb0ad924178131c21e39a8ccd191e46b5512b0f2e1cc8486f63e84e5d960
+    Sections:
+        .text:
+            Entropy: 6.43962487299422
+            Virtual Size: '0x1a5a'
+        .rdata:
+            Entropy: 4.697945169758717
+            Virtual Size: '0xf5c'
+        .data:
+            Entropy: 1.0815311650012875
+            Virtual Size: '0x570'
+        .pdata:
+            Entropy: 4.50622088620596
+            Virtual Size: '0x4ec'
+        PAGE:
+            Entropy: 6.481384276672756
+            Virtual Size: '0x9935'
+        INIT:
+            Entropy: 6.131034821076418
+            Virtual Size: '0x1ca6'
+        .reloc:
+            Entropy: 2.708694969562842
+            Virtual Size: '0x14'
+    Signature:
+    - Nanjing Zhixiao Information Technology Co.,Ltd
+    - VeriSign Class 3 Code Signing 2010 CA
+    - VeriSign
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=CN, ST=Jiangsu, L=Nanjing, O=Nanjing Zhixiao Information Technology
+                Co.,Ltd, OU=Digital ID Class 3 , Microsoft Software Validation v2,
+                CN=Nanjing Zhixiao Information Technology Co.,Ltd
+            ValidFrom: '2013-11-14 00:00:00'
+            ValidTo: '2014-11-14 23:59:59'
+            Signature: 88a030b879440999e5a66689adae51847fe59596574be2288fb361a7e5b00229efe74d69db86c75590c5e826c268678647664010a9e9c710e4aa4c6b2f6f6a3b9f7530664feae19ab86797591da69186ab36046efbe764c6e17eff1444a78ef3df601a66614e80d30b2447ed7224fdede1ac5aaa8baa0165fdc8382e344f7dcc6a18fb6b621d47076bf1f7d639a36fc494163633c431a404e75fa34097c9e378e2db12299f9579bbcf9bf27a76d66ecfbefcce02c97f5c53487885a4768daba930de4fcf6952f30b466fa454c01983345de51c11eb6bafc45881b66d26d0ee4eec1b7096f0b63c2b1a440077a71b4ff26e543601c0a2e00f648957c04aa8a8a0
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 20e65f5d29b5822410504b1ac183ca3d
+            Version: 3
+            TBS:
+                MD5: 8219b89810131cf32fbe06e74b40f51f
+                SHA1: f5e1c4d98f9ce552ead3776c16f3ad91fe5f3984
+                SHA256: 82d80ae75a0d82b17f868b4400e7f0139954c8b42d529cb4126f49bc64b01fab
+                SHA384: f635a792b1fb34fe16b37ab3db2808ce1d286620241239204b31299366b68015957f103ccb6a502a5aaff0094157c8e1
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 20e65f5d29b5822410504b1ac183ca3d
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 5988ec9f159fefbdf89d893aa634dd92
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/724d7989-dfce-4bb2-9beb-dee15df5b790.yaml b/yaml/724d7989-dfce-4bb2-9beb-dee15df5b790.yaml
index 42842e4f1..723b4873d 100644
--- a/yaml/724d7989-dfce-4bb2-9beb-dee15df5b790.yaml
+++ b/yaml/724d7989-dfce-4bb2-9beb-dee15df5b790.yaml
@@ -1,82 +1,82 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 724d7989-dfce-4bb2-9beb-dee15df5b790
+Tags:
+- skill.sys
+Verified: 'TRUE'
 Author: Michael Haag
+Created: '2023-07-22'
+MitreID: T1068
 CVE:
 - ''
 Category: vulnerable drivers
 Commands:
-  Command: ''
-  Description: Confirmed vulnerable driver from Microsoft Block List
-  OperatingSystem: Windows
-  Privileges: kernel
-  Usecase: Elevate privileges
-Created: '2023-07-22'
-Detection:
-- type: ''
-  value: ''
-Id: 724d7989-dfce-4bb2-9beb-dee15df5b790
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 37458813b5115cbf06552da28fefbbbb
-    SHA1: 1d1cafc73c97c6bcd2331f8777d90fdca57125a3
-    SHA256: faa08cb609a5b7be6bfdb61f1e4a5e8adf2f5a1d2492f262483df7326934f5d4
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2016-09-05 00:43:33'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - IofCompleteRequest
-  - MmGetSystemRoutineAddress
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - IoDeleteDevice
-  Imports:
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: 2b36d61f6e7420977648ed27e784adf1
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: b2f23c03be4553a744ff25735a80073c
-    SHA1: 2703d60c8f12df9d6adf5ae475bfeb1786486888
-    SHA256: 46ffd109664b6694974986a39d508002d564434d60a0fb9f861401f2cb2c83f1
-  SHA1: c92a386622f04a5733cb238d33cedea4272a3f85
-  SHA256: 0c1b21978c6aef881f056f7b9c909b56488019459ed256511d78a4588d1aa7a4
-  Sections:
-    .text:
-      Entropy: 5.848826218029174
-      Virtual Size: '0x4e0'
-    .data:
-      Entropy: -0.0
-      Virtual Size: '0xc0'
-    .pdata:
-      Entropy: 3.006469661076665
-      Virtual Size: '0x48'
-    .info:
-      Entropy: 1.3665783978789787
-      Virtual Size: '0xa0'
-    INIT:
-      Entropy: 4.123682579107587
-      Virtual Size: '0x114'
-  Signature: ''
-  Signatures: {}
-  Imphash: 45bfe170e0cd654bc1e2ae3fca3ac3f4
-  LoadsDespiteHVCI: 'FALSE'
-MitreID: T1068
+    Command: ''
+    Description: Confirmed vulnerable driver from Microsoft Block List
+    OperatingSystem: Windows
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://gist.github.com/mgraeber-rc/1bde6a2a83237f17b463d051d32e802c
-Tags:
-- skill.sys
-Verified: 'TRUE'
+Detection:
+-   type: ''
+    value: ''
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 37458813b5115cbf06552da28fefbbbb
+        SHA1: 1d1cafc73c97c6bcd2331f8777d90fdca57125a3
+        SHA256: faa08cb609a5b7be6bfdb61f1e4a5e8adf2f5a1d2492f262483df7326934f5d4
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2016-09-05 00:43:33'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - IofCompleteRequest
+    - MmGetSystemRoutineAddress
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - IoDeleteDevice
+    Imports:
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: 2b36d61f6e7420977648ed27e784adf1
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: b2f23c03be4553a744ff25735a80073c
+        SHA1: 2703d60c8f12df9d6adf5ae475bfeb1786486888
+        SHA256: 46ffd109664b6694974986a39d508002d564434d60a0fb9f861401f2cb2c83f1
+    SHA1: c92a386622f04a5733cb238d33cedea4272a3f85
+    SHA256: 0c1b21978c6aef881f056f7b9c909b56488019459ed256511d78a4588d1aa7a4
+    Sections:
+        .text:
+            Entropy: 5.848826218029174
+            Virtual Size: '0x4e0'
+        .data:
+            Entropy: -0.0
+            Virtual Size: '0xc0'
+        .pdata:
+            Entropy: 3.006469661076665
+            Virtual Size: '0x48'
+        .info:
+            Entropy: 1.3665783978789787
+            Virtual Size: '0xa0'
+        INIT:
+            Entropy: 4.123682579107587
+            Virtual Size: '0x114'
+    Signature: ''
+    Signatures: {}
+    Imphash: 45bfe170e0cd654bc1e2ae3fca3ac3f4
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/72637cb1-5ca2-4ad0-a5df-20da17b231b5.yaml b/yaml/72637cb1-5ca2-4ad0-a5df-20da17b231b5.yaml
index 64406b5b9..a3cb171a0 100644
--- a/yaml/72637cb1-5ca2-4ad0-a5df-20da17b231b5.yaml
+++ b/yaml/72637cb1-5ca2-4ad0-a5df-20da17b231b5.yaml
@@ -1,234 +1,234 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 72637cb1-5ca2-4ad0-a5df-20da17b231b5
+Tags:
+- wantd_4.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: malicious
-Commands:
-  Command: sc.exe create wantd_4.sys binPath=C:\windows\temp\wantd_4.sys type=kernel
-    && sc.exe start wantd_4.sys
-  Description: Driver used in the Daxin malware campaign.
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-02-28'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/8d9a2363b757d3f127b9c6ed8f7b8b018e652369bc070aa3500b3a978feaa6ce.yara
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_mal_drivers_strict.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: 72637cb1-5ca2-4ad0-a5df-20da17b231b5
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 00a677b8d21de4be1c7c16f2f105dbc6
-    SHA1: a10f5c6c4d5ae78f0ca771328c74eb9fc51e593d
-    SHA256: 3f55375fb70cb355fe7de7f59904b12ef996447cbc7113fefa379995e040d678
-  Company: Microsoft Corporation
-  Copyright: Microsoft Corporation. All rights reserved.
-  CreationTimestamp: '2013-11-27 16:59:02'
-  Date: ''
-  Description: WAN Transport Driver
-  ExportedFunctions: ''
-  FileVersion: 6.1.7600.1172
-  Filename: wantd_4.sys
-  ImportedFunctions:
-  - wcsncmp
-  - IoAllocateMdl
-  - _stricmp
-  - sprintf
-  - RtlLengthRequiredSid
-  - _strnicmp
-  - ExAllocatePoolWithTag
-  - vsprintf
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - RtlAnsiStringToUnicodeString
-  - NtWriteFile
-  - RtlCreateAcl
-  - PsLookupProcessByProcessId
-  - NtQuerySystemInformation
-  - _wcsnicmp
-  - ZwReadFile
-  - RtlSetDaclSecurityDescriptor
-  - KeInitializeApc
-  - IoDeleteDevice
-  - NtFsControlFile
-  - KeInsertQueueApc
-  - MmGetSystemRoutineAddress
-  - IoCreateFile
-  - atoi
-  - _snprintf
-  - ZwQuerySystemInformation
-  - KeReleaseSpinLock
-  - RtlAddAccessAllowedAce
-  - RtlImageDirectoryEntryToData
-  - KeDetachProcess
-  - ZwOpenFile
-  - ZwCreateFile
-  - PsCreateSystemThread
-  - ZwQueryValueKey
-  - PsTerminateSystemThread
-  - ZwFreeVirtualMemory
-  - KeQueryTimeIncrement
-  - ObReferenceObjectByHandle
-  - KeWaitForSingleObject
-  - KeAttachProcess
-  - PsGetVersion
-  - PsThreadType
-  - RtlCompareUnicodeString
-  - ZwOpenProcess
-  - ZwQueryInformationProcess
-  - IoCreateSymbolicLink
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - ZwTerminateProcess
-  - ZwQueryInformationFile
-  - KeWaitForMultipleObjects
-  - ZwWriteFile
-  - NtReadFile
-  - PsLookupThreadByThreadId
-  - RtlLengthSid
-  - RtlCreateSecurityDescriptor
-  - ZwAllocateVirtualMemory
-  - ZwOpenKey
-  - KeAcquireSpinLockRaiseToDpc
-  - RtlUnicodeStringToInteger
-  - MmIsAddressValid
-  - ZwDeviceIoControlFile
-  - IofCompleteRequest
-  - ZwClose
-  - MmMapLockedPagesSpecifyCache
-  - KeDelayExecutionThread
-  - MmUserProbeAddress
-  - MmBuildMdlForNonPagedPool
-  - memchr
-  - ZwWaitForSingleObject
-  - RtlInitUnicodeString
-  - NdisAllocateMemoryWithTag
-  - NdisAllocateNetBufferAndNetBufferList
-  - NdisMSendNetBufferListsComplete
-  - NdisReturnNetBufferLists
-  - NdisAllocateNetBufferListPool
-  - NdisFreeMemory
-  - NdisMIndicateStatus
-  - NdisFreeMdl
-  - NdisFreeNetBufferListPool
-  - NdisFreeNetBufferList
-  - NdisSendNetBufferLists
-  Imports:
-  - ntoskrnl.exe
-  - NDIS.SYS
-  InternalName: wantd.sys
-  MD5: 79df0eabbf2895e4e2dae15a4772868c
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: wantd.sys
-  Product: Microsoft Windows Operating System
-  ProductVersion: 6.1.7600.1172
-  Publisher: Anhua Xinda (Beijing) Technology Co., Ltd.
-  RichPEHeaderHash:
-    MD5: 8cdd468850a9084b109fb26005e28d1f
-    SHA1: abee83f631fc7792dc07a572a003c103903f305e
-    SHA256: aa49c3910540c2edd0e4a9154e5741d5cc65662a1364616e057ca3fc74243755
-  SHA1: d02403f85be6f243054395a873b41ef8a17ea279
-  SHA256: 8d9a2363b757d3f127b9c6ed8f7b8b018e652369bc070aa3500b3a978feaa6ce
-  Sections:
-    .text:
-      Entropy: 6.377924141957717
-      Virtual Size: '0xd88c'
-    .rdata:
-      Entropy: 4.702371843577182
-      Virtual Size: '0x84c'
-    .data:
-      Entropy: 1.0571423331776753
-      Virtual Size: '0x12590'
-    .pdata:
-      Entropy: 4.5393227380510455
-      Virtual Size: '0x8c4'
-    INIT:
-      Entropy: 5.794638723454717
-      Virtual Size: '0xd8c'
-    .rsrc:
-      Entropy: 3.262685485179719
-      Virtual Size: '0x3b0'
-  Signature: The digital signature of the object did not verify.
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=CN, ST=Beijing, L=Beijing, O=Anhua Xinda (Beijing) Technology Co.,
-        Ltd., OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=Anhua Xinda
-        (Beijing) Technology Co., Ltd.
-      ValidFrom: '2011-06-28 00:00:00'
-      ValidTo: '2014-06-27 23:59:59'
-      Signature: 75446640570a5790bb9af0f472df1738c47e362aedd568599f66a121e1c27b51008ca2e0d72ed727e61ee0c76a578dc56de22c5ee58136db144fc68aca0fd0196d70716bd8c9d19b5fdd8a147d749367a953604b24502efdd039577033df13b8d20a8cc7ca4829a303c11e7f6bf3c370d98b64b875ca3745546285bb70c204467968b1c4a416b0636c590dff6f7a3091ed00351c626e32e859bdd58d363940a5ed33d121e423d2ba1b8ad85c5c1296e23d627e0aafe9268945bce9567c38719621eecdde83a74139fb3e0920a32e558fd64c0149cfec10f4b82fdcc8cdaed4011977c2169035b71edc68fabaf43d59f989ee5d97ec94eaa05ef2a62bfc480fa9
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 387c9476e28320264594846317d46540
-      Version: 3
-      TBS:
-        MD5: ce372214eabe9d311e4a156fe2044327
-        SHA1: 7f7eb1a547c9b0b2e41b0f44515dfd20c16edceb
-        SHA256: 03d59cc81c6960a93ab4b02e5521aa9fb349e8d7df9dfdf675201e48c23b5a34
-        SHA384: 4b8829bc6980e82affeb7ad29efb59fc3ca9b02d015e6c0f385b9f2cf275609cd45936659f41fce579c073e34c2ca308
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 387c9476e28320264594846317d46540
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: c32d9a9af7f702814e1368c689877f3a
-  LoadsDespiteHVCI: 'TRUE'
 MitreID: T1068
+Category: malicious
+Commands:
+    Command: sc.exe create wantd_4.sys binPath=C:\windows\temp\wantd_4.sys type=kernel
+        && sc.exe start wantd_4.sys
+    Description: Driver used in the Daxin malware campaign.
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://gist.github.com/MHaggis/9ab3bb795a6018d70fb11fa7c31f8f48
 - https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/daxin-backdoor-espionage
 - ''
-Tags:
-- wantd_4.sys
-Verified: 'TRUE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/8d9a2363b757d3f127b9c6ed8f7b8b018e652369bc070aa3500b3a978feaa6ce.yara
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_mal_drivers_strict.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 00a677b8d21de4be1c7c16f2f105dbc6
+        SHA1: a10f5c6c4d5ae78f0ca771328c74eb9fc51e593d
+        SHA256: 3f55375fb70cb355fe7de7f59904b12ef996447cbc7113fefa379995e040d678
+    Company: Microsoft Corporation
+    Copyright: Microsoft Corporation. All rights reserved.
+    CreationTimestamp: '2013-11-27 16:59:02'
+    Date: ''
+    Description: WAN Transport Driver
+    ExportedFunctions: ''
+    FileVersion: 6.1.7600.1172
+    Filename: wantd_4.sys
+    ImportedFunctions:
+    - wcsncmp
+    - IoAllocateMdl
+    - _stricmp
+    - sprintf
+    - RtlLengthRequiredSid
+    - _strnicmp
+    - ExAllocatePoolWithTag
+    - vsprintf
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - RtlAnsiStringToUnicodeString
+    - NtWriteFile
+    - RtlCreateAcl
+    - PsLookupProcessByProcessId
+    - NtQuerySystemInformation
+    - _wcsnicmp
+    - ZwReadFile
+    - RtlSetDaclSecurityDescriptor
+    - KeInitializeApc
+    - IoDeleteDevice
+    - NtFsControlFile
+    - KeInsertQueueApc
+    - MmGetSystemRoutineAddress
+    - IoCreateFile
+    - atoi
+    - _snprintf
+    - ZwQuerySystemInformation
+    - KeReleaseSpinLock
+    - RtlAddAccessAllowedAce
+    - RtlImageDirectoryEntryToData
+    - KeDetachProcess
+    - ZwOpenFile
+    - ZwCreateFile
+    - PsCreateSystemThread
+    - ZwQueryValueKey
+    - PsTerminateSystemThread
+    - ZwFreeVirtualMemory
+    - KeQueryTimeIncrement
+    - ObReferenceObjectByHandle
+    - KeWaitForSingleObject
+    - KeAttachProcess
+    - PsGetVersion
+    - PsThreadType
+    - RtlCompareUnicodeString
+    - ZwOpenProcess
+    - ZwQueryInformationProcess
+    - IoCreateSymbolicLink
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - ZwTerminateProcess
+    - ZwQueryInformationFile
+    - KeWaitForMultipleObjects
+    - ZwWriteFile
+    - NtReadFile
+    - PsLookupThreadByThreadId
+    - RtlLengthSid
+    - RtlCreateSecurityDescriptor
+    - ZwAllocateVirtualMemory
+    - ZwOpenKey
+    - KeAcquireSpinLockRaiseToDpc
+    - RtlUnicodeStringToInteger
+    - MmIsAddressValid
+    - ZwDeviceIoControlFile
+    - IofCompleteRequest
+    - ZwClose
+    - MmMapLockedPagesSpecifyCache
+    - KeDelayExecutionThread
+    - MmUserProbeAddress
+    - MmBuildMdlForNonPagedPool
+    - memchr
+    - ZwWaitForSingleObject
+    - RtlInitUnicodeString
+    - NdisAllocateMemoryWithTag
+    - NdisAllocateNetBufferAndNetBufferList
+    - NdisMSendNetBufferListsComplete
+    - NdisReturnNetBufferLists
+    - NdisAllocateNetBufferListPool
+    - NdisFreeMemory
+    - NdisMIndicateStatus
+    - NdisFreeMdl
+    - NdisFreeNetBufferListPool
+    - NdisFreeNetBufferList
+    - NdisSendNetBufferLists
+    Imports:
+    - ntoskrnl.exe
+    - NDIS.SYS
+    InternalName: wantd.sys
+    MD5: 79df0eabbf2895e4e2dae15a4772868c
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: wantd.sys
+    Product: Microsoft Windows Operating System
+    ProductVersion: 6.1.7600.1172
+    Publisher: Anhua Xinda (Beijing) Technology Co., Ltd.
+    RichPEHeaderHash:
+        MD5: 8cdd468850a9084b109fb26005e28d1f
+        SHA1: abee83f631fc7792dc07a572a003c103903f305e
+        SHA256: aa49c3910540c2edd0e4a9154e5741d5cc65662a1364616e057ca3fc74243755
+    SHA1: d02403f85be6f243054395a873b41ef8a17ea279
+    SHA256: 8d9a2363b757d3f127b9c6ed8f7b8b018e652369bc070aa3500b3a978feaa6ce
+    Sections:
+        .text:
+            Entropy: 6.377924141957717
+            Virtual Size: '0xd88c'
+        .rdata:
+            Entropy: 4.702371843577182
+            Virtual Size: '0x84c'
+        .data:
+            Entropy: 1.0571423331776753
+            Virtual Size: '0x12590'
+        .pdata:
+            Entropy: 4.5393227380510455
+            Virtual Size: '0x8c4'
+        INIT:
+            Entropy: 5.794638723454717
+            Virtual Size: '0xd8c'
+        .rsrc:
+            Entropy: 3.262685485179719
+            Virtual Size: '0x3b0'
+    Signature: The digital signature of the object did not verify.
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=CN, ST=Beijing, L=Beijing, O=Anhua Xinda (Beijing) Technology
+                Co., Ltd., OU=Digital ID Class 3 , Microsoft Software Validation v2,
+                CN=Anhua Xinda (Beijing) Technology Co., Ltd.
+            ValidFrom: '2011-06-28 00:00:00'
+            ValidTo: '2014-06-27 23:59:59'
+            Signature: 75446640570a5790bb9af0f472df1738c47e362aedd568599f66a121e1c27b51008ca2e0d72ed727e61ee0c76a578dc56de22c5ee58136db144fc68aca0fd0196d70716bd8c9d19b5fdd8a147d749367a953604b24502efdd039577033df13b8d20a8cc7ca4829a303c11e7f6bf3c370d98b64b875ca3745546285bb70c204467968b1c4a416b0636c590dff6f7a3091ed00351c626e32e859bdd58d363940a5ed33d121e423d2ba1b8ad85c5c1296e23d627e0aafe9268945bce9567c38719621eecdde83a74139fb3e0920a32e558fd64c0149cfec10f4b82fdcc8cdaed4011977c2169035b71edc68fabaf43d59f989ee5d97ec94eaa05ef2a62bfc480fa9
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 387c9476e28320264594846317d46540
+            Version: 3
+            TBS:
+                MD5: ce372214eabe9d311e4a156fe2044327
+                SHA1: 7f7eb1a547c9b0b2e41b0f44515dfd20c16edceb
+                SHA256: 03d59cc81c6960a93ab4b02e5521aa9fb349e8d7df9dfdf675201e48c23b5a34
+                SHA384: 4b8829bc6980e82affeb7ad29efb59fc3ca9b02d015e6c0f385b9f2cf275609cd45936659f41fce579c073e34c2ca308
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 387c9476e28320264594846317d46540
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: c32d9a9af7f702814e1368c689877f3a
+    LoadsDespiteHVCI: 'TRUE'
diff --git a/yaml/73196456-40ae-4b6d-8562-07cf99458a7d.yaml b/yaml/73196456-40ae-4b6d-8562-07cf99458a7d.yaml
index 5847f628d..4afc524f6 100644
--- a/yaml/73196456-40ae-4b6d-8562-07cf99458a7d.yaml
+++ b/yaml/73196456-40ae-4b6d-8562-07cf99458a7d.yaml
@@ -1,512 +1,512 @@
 Id: 73196456-40ae-4b6d-8562-07cf99458a7d
+Tags:
+- kEvP64.sys
+Verified: 'TRUE'
 Author: Nasreddine Bencherchali
 Created: '2023-05-06'
 MitreID: T1068
 Category: vulnerable driver
-Verified: 'TRUE'
 Commands:
-  Command: sc.exe create kEvP64.sys binPath=C:\windows\temp\kEvP64.sys type=kernel
-    && sc.exe start kEvP64.sys
-  Description: ''
-  Usecase: Elevate privileges
-  Privileges: kernel
-  OperatingSystem: Windows 10
+    Command: sc.exe create kEvP64.sys binPath=C:\windows\temp\kEvP64.sys type=kernel
+        && sc.exe start kEvP64.sys
+    Description: ''
+    Usecase: Elevate privileges
+    Privileges: kernel
+    OperatingSystem: Windows 10
 Resources:
 - Internal Research
-Acknowledgement:
-  Person: ''
-  Handle: ''
 Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Person: ''
+    Handle: ''
 KnownVulnerableSamples:
-- Filename: kEvP64.sys
-  MD5: 4ff880566f22919ed94ffae215d39da5
-  SHA1: 755349d56cdd668ca22eebc4fc89f0cccef47327
-  SHA256: 09b0e07af8b17db1d896b78da4dd3f55db76738ee1f4ced083a97d737334a184
-  Authentihash:
-    MD5: 99efb8e481f1832bba9f4c16a09722b0
-    SHA1: 74747434945444864206dad33d5d5cb80c21d142
-    SHA256: af7b9e3dca8fd4f9eb548bd06cf9f14dbce9f947fc375064aa90b47e7ee8940c
-  Description: PowerTool
-  Company: PowerTool
-  InternalName: kEvP64.sys
-  OriginalFilename: kEvP64.sys
-  FileVersion: '1.0.1.0 built by: WinDDK'
-  Product: PowerTool
-  ProductVersion: 1.0.1.0
-  Copyright: PowerTool
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  - FLTMGR.SYS
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoThreadToProcess
-  - ExAllocatePoolWithTag
-  - ProbeForRead
-  - KeClearEvent
-  - PsProcessType
-  - IoReuseIrp
-  - ObRegisterCallbacks
-  - IoBuildDeviceIoControlRequest
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - RtlAnsiStringToUnicodeString
-  - ObUnRegisterCallbacks
-  - PsGetProcessImageFileName
-  - PsRemoveCreateThreadNotifyRoutine
-  - PsLookupProcessByProcessId
-  - ZwQuerySymbolicLinkObject
-  - _wcsnicmp
-  - SeCreateAccessState
-  - KeInitializeApc
-  - IoGetRelatedDeviceObject
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeSetEvent
-  - ExGetPreviousMode
-  - ProbeForWrite
-  - IoGetFileObjectGenericMapping
-  - swprintf
-  - ObCreateObject
-  - ObGetFilterVersion
-  - MmGetSystemRoutineAddress
-  - IoCreateFile
-  - KeInitializeEvent
-  - RtlInitAnsiString
-  - RtlUnicodeStringToAnsiString
-  - RtlGetVersion
-  - ZwQuerySystemInformation
-  - ExReleaseRundownProtection
-  - PsSetCreateProcessNotifyRoutine
-  - RtlEqualUnicodeString
-  - MmBuildMdlForNonPagedPool
-  - ZwOpenSymbolicLinkObject
-  - IoFreeMdl
-  - KeUnstackDetachProcess
-  - ExInitializeRundownProtection
-  - ZwOpenDirectoryObject
-  - IoVolumeDeviceToDosName
-  - KeDelayExecutionThread
-  - RtlFreeUnicodeString
-  - ExEnumHandleTable
-  - ExAcquireRundownProtection
-  - IoFileObjectType
-  - IoDriverObjectType
-  - ZwCreateFile
-  - wcsstr
-  - MmMapLockedPagesSpecifyCache
-  - IoGetDeviceObjectPointer
-  - IoStopTimer
-  - ExAllocatePool
-  - IoUnregisterShutdownNotification
-  - IoGetCurrentProcess
-  - NtClose
-  - ZwClose
-  - IofCompleteRequest
-  - ObReferenceObjectByHandle
-  - KeWaitForSingleObject
-  - ZwQueryDirectoryObject
-  - PsRemoveLoadImageNotifyRoutine
-  - IoFreeIrp
-  - MmProbeAndLockPages
-  - PsThreadType
-  - RtlCompareUnicodeString
-  - IoAllocateIrp
-  - ObSetHandleAttributes
-  - MmUnlockPages
-  - ZwQueryInformationProcess
-  - IoCreateSymbolicLink
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - ObReferenceObjectByName
-  - IoCreateDevice
-  - ZwTerminateProcess
-  - RtlAssert
-  - KeCancelTimer
-  - CmUnRegisterCallback
-  - ObOpenObjectByPointer
-  - DbgPrint
-  - KeStackAttachProcess
-  - PsGetProcessWow64Process
-  - IoAllocateMdl
-  - IofCallDriver
-  - KeBugCheckEx
-  - sprintf
-  - PsGetProcessPeb
-  - ExWaitForRundownProtectionRelease
-  - _wcsicmp
-  - _stricmp
-  - ObQueryNameString
-  - __C_specific_handler
-  - KeStallExecutionProcessor
-  - FltUnregisterFilter
-  - FltEnumerateFilters
-  - FltObjectDereference
-  - FltRegisterFilter
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=CN, ST=Beijing, L=Beijing, O=, OU=RD, CN=
-      ValidFrom: '2015-07-27 00:00:00'
-      ValidTo: '2016-08-25 23:59:59'
-      Signature: cb382c80e762f190213e6d4d24123b8e2851f2775f1df964e29655c927f1395c81bd01aa4106ceba3895b1db2744a41d4b0bc9b4305f7f5826764c038808d14dd7d3429ffbf6cbac8462d86c176c36ca145a8b9298eed05a55f84731eff3f5e98f6d4d0d7bda39e2a1e8854362dff3bd1b9be33f4f34f97e1e74354f5afd2689260230c61481f8cc6bbba9659f47dd114e9991e9c0d9cb91453001dd604edd328454ecb389c37ebbfb4ed2477a9abbca65723363ffd0814ddff8248ff33129df16bcd5a47c4140d1ff4d245c2b3f2cbf39ca68fcba6377cfb455d3a564ebe8af38855b4482176763e1d9a63777a1112972edf7f0b7ebaecde68653b23acd229d
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 195c5f9885214bfb4f88dd2ad1f0be8c
-      Version: 3
-      TBS:
-        MD5: 29354273ffa68d860d2e9deb5fe3d602
-        SHA1: fa3d720490408dcaad3762167515dd5023710e1a
-        SHA256: f2be523e7f4c60d579119a390a4bfc10c4400b4e5104bc1187dd67cdde7491e0
-        SHA384: c5706cd33379ce04bf38d2ad2016b09a5a53da722a8998b6387c8bd5fcda06bad32415c7b1ab1a09a1f1b76a85fbb03b
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 195c5f9885214bfb4f88dd2ad1f0be8c
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: fcdc85906fc0d379ce5bd1f99cd4ec0e
-    SHA1: 862a2c25721e0e4bd332fd64324d347d1bcdc617
-    SHA256: 3b55a7c6f619060d5a89038de0943b3fe83d4653e92b8062581f97ba14bf51ea
-  Sections:
-    .text:
-      Entropy: 5.613631106472611
-      Virtual Size: '0x1b1ad'
-    .rdata:
-      Entropy: 5.0751353959883
-      Virtual Size: '0x3a28'
-    .data:
-      Entropy: 4.884576013154239
-      Virtual Size: '0x6c80'
-    .pdata:
-      Entropy: 5.001144635940318
-      Virtual Size: '0x9cc'
-    PAGE:
-      Entropy: 5.56864239699956
-      Virtual Size: '0xd0d'
-    INIT:
-      Entropy: 5.551018134028347
-      Virtual Size: '0xf62'
-    .rsrc:
-      Entropy: 3.234842024525819
-      Virtual Size: '0x318'
-    .reloc:
-      Entropy: 1.3741854163060885
-      Virtual Size: '0x18'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2015-12-21 00:56:08'
-  Imphash: f5030145594c486434040aa2636a5dde
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: kEvP64.sys
-  MD5: 7e7e3f5532b6af24dcc252ac4b240311
-  SHA1: 3ccf1f3ac636a5e21b39ede48ff49fa23e05413f
-  SHA256: 8e6363a6393eb4234667c6f614b2072e33512866b3204f8395bbe01530d63f2f
-  Authentihash:
-    MD5: c1e7d7652812e872d65dae145650a273
-    SHA1: 80377b08aee1125170652757852eaacae5c2a62a
-    SHA256: 23ab90e1990b4c5250f7bacbc7ff90e989583a2ccacf4ba333255f1d385d0ad8
-  Description: PowerTool
-  Company: PowerTool
-  InternalName: kEvP64.sys
-  OriginalFilename: kEvP64.sys
-  FileVersion: '1.0.1.0 built by: WinDDK'
-  Product: PowerTool
-  ProductVersion: 1.0.1.0
-  Copyright: PowerTool
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  - FLTMGR.SYS
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoThreadToProcess
-  - ExAllocatePoolWithTag
-  - ProbeForRead
-  - KeClearEvent
-  - PsProcessType
-  - IoReuseIrp
-  - ObRegisterCallbacks
-  - IoBuildDeviceIoControlRequest
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - RtlAnsiStringToUnicodeString
-  - ObUnRegisterCallbacks
-  - PsGetProcessImageFileName
-  - PsRemoveCreateThreadNotifyRoutine
-  - PsLookupProcessByProcessId
-  - ZwQuerySymbolicLinkObject
-  - _wcsnicmp
-  - SeCreateAccessState
-  - KeInitializeApc
-  - IoGetRelatedDeviceObject
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeSetEvent
-  - ExGetPreviousMode
-  - ProbeForWrite
-  - IoGetFileObjectGenericMapping
-  - swprintf
-  - ObCreateObject
-  - ObGetFilterVersion
-  - MmGetSystemRoutineAddress
-  - IoCreateFile
-  - KeInitializeEvent
-  - RtlInitAnsiString
-  - RtlUnicodeStringToAnsiString
-  - RtlGetVersion
-  - ZwQuerySystemInformation
-  - ExReleaseRundownProtection
-  - PsSetCreateProcessNotifyRoutine
-  - RtlEqualUnicodeString
-  - MmBuildMdlForNonPagedPool
-  - ZwOpenSymbolicLinkObject
-  - IoFreeMdl
-  - KeUnstackDetachProcess
-  - ExInitializeRundownProtection
-  - ZwOpenDirectoryObject
-  - IoVolumeDeviceToDosName
-  - KeDelayExecutionThread
-  - RtlFreeUnicodeString
-  - ExEnumHandleTable
-  - ExAcquireRundownProtection
-  - IoFileObjectType
-  - IoDriverObjectType
-  - ZwCreateFile
-  - wcsstr
-  - MmMapLockedPagesSpecifyCache
-  - IoGetDeviceObjectPointer
-  - IoStopTimer
-  - ExAllocatePool
-  - IoUnregisterShutdownNotification
-  - IoGetCurrentProcess
-  - NtClose
-  - ZwClose
-  - IofCompleteRequest
-  - ObReferenceObjectByHandle
-  - KeWaitForSingleObject
-  - ZwQueryDirectoryObject
-  - PsRemoveLoadImageNotifyRoutine
-  - IoFreeIrp
-  - MmProbeAndLockPages
-  - PsThreadType
-  - RtlCompareUnicodeString
-  - IoAllocateIrp
-  - ObSetHandleAttributes
-  - MmUnlockPages
-  - ZwQueryInformationProcess
-  - IoCreateSymbolicLink
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - ObReferenceObjectByName
-  - IoCreateDevice
-  - ZwTerminateProcess
-  - RtlAssert
-  - KeCancelTimer
-  - CmUnRegisterCallback
-  - ObOpenObjectByPointer
-  - DbgPrint
-  - KeStackAttachProcess
-  - PsGetProcessWow64Process
-  - IoAllocateMdl
-  - IofCallDriver
-  - KeBugCheckEx
-  - sprintf
-  - PsGetProcessPeb
-  - ExWaitForRundownProtectionRelease
-  - _wcsicmp
-  - _stricmp
-  - ObQueryNameString
-  - __C_specific_handler
-  - KeStallExecutionProcessor
-  - FltUnregisterFilter
-  - FltEnumerateFilters
-  - FltObjectDereference
-  - FltRegisterFilter
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=CN, ST=Beijing, L=Beijing, O=, OU=RD, CN=
-      ValidFrom: '2015-07-27 00:00:00'
-      ValidTo: '2016-08-25 23:59:59'
-      Signature: cb382c80e762f190213e6d4d24123b8e2851f2775f1df964e29655c927f1395c81bd01aa4106ceba3895b1db2744a41d4b0bc9b4305f7f5826764c038808d14dd7d3429ffbf6cbac8462d86c176c36ca145a8b9298eed05a55f84731eff3f5e98f6d4d0d7bda39e2a1e8854362dff3bd1b9be33f4f34f97e1e74354f5afd2689260230c61481f8cc6bbba9659f47dd114e9991e9c0d9cb91453001dd604edd328454ecb389c37ebbfb4ed2477a9abbca65723363ffd0814ddff8248ff33129df16bcd5a47c4140d1ff4d245c2b3f2cbf39ca68fcba6377cfb455d3a564ebe8af38855b4482176763e1d9a63777a1112972edf7f0b7ebaecde68653b23acd229d
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 195c5f9885214bfb4f88dd2ad1f0be8c
-      Version: 3
-      TBS:
-        MD5: 29354273ffa68d860d2e9deb5fe3d602
-        SHA1: fa3d720490408dcaad3762167515dd5023710e1a
-        SHA256: f2be523e7f4c60d579119a390a4bfc10c4400b4e5104bc1187dd67cdde7491e0
-        SHA384: c5706cd33379ce04bf38d2ad2016b09a5a53da722a8998b6387c8bd5fcda06bad32415c7b1ab1a09a1f1b76a85fbb03b
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 195c5f9885214bfb4f88dd2ad1f0be8c
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: fcdc85906fc0d379ce5bd1f99cd4ec0e
-    SHA1: 862a2c25721e0e4bd332fd64324d347d1bcdc617
-    SHA256: 3b55a7c6f619060d5a89038de0943b3fe83d4653e92b8062581f97ba14bf51ea
-  Sections:
-    .text:
-      Entropy: 5.6112015272148374
-      Virtual Size: '0x1b49d'
-    .rdata:
-      Entropy: 5.075219300211116
-      Virtual Size: '0x3a28'
-    .data:
-      Entropy: 4.884576013154239
-      Virtual Size: '0x6c80'
-    .pdata:
-      Entropy: 4.9553740981969785
-      Virtual Size: '0x9e4'
-    PAGE:
-      Entropy: 5.596201545135429
-      Virtual Size: '0xd9d'
-    INIT:
-      Entropy: 5.553006501210225
-      Virtual Size: '0xf62'
-    .rsrc:
-      Entropy: 3.234842024525819
-      Virtual Size: '0x318'
-    .reloc:
-      Entropy: 1.3741854163060885
-      Virtual Size: '0x18'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2015-12-08 19:11:57'
-  Imphash: f5030145594c486434040aa2636a5dde
-  LoadsDespiteHVCI: 'FALSE'
-Tags:
-- kEvP64.sys
+-   Filename: kEvP64.sys
+    MD5: 4ff880566f22919ed94ffae215d39da5
+    SHA1: 755349d56cdd668ca22eebc4fc89f0cccef47327
+    SHA256: 09b0e07af8b17db1d896b78da4dd3f55db76738ee1f4ced083a97d737334a184
+    Authentihash:
+        MD5: 99efb8e481f1832bba9f4c16a09722b0
+        SHA1: 74747434945444864206dad33d5d5cb80c21d142
+        SHA256: af7b9e3dca8fd4f9eb548bd06cf9f14dbce9f947fc375064aa90b47e7ee8940c
+    Description: PowerTool
+    Company: PowerTool
+    InternalName: kEvP64.sys
+    OriginalFilename: kEvP64.sys
+    FileVersion: '1.0.1.0 built by: WinDDK'
+    Product: PowerTool
+    ProductVersion: 1.0.1.0
+    Copyright: PowerTool
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    - FLTMGR.SYS
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoThreadToProcess
+    - ExAllocatePoolWithTag
+    - ProbeForRead
+    - KeClearEvent
+    - PsProcessType
+    - IoReuseIrp
+    - ObRegisterCallbacks
+    - IoBuildDeviceIoControlRequest
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - RtlAnsiStringToUnicodeString
+    - ObUnRegisterCallbacks
+    - PsGetProcessImageFileName
+    - PsRemoveCreateThreadNotifyRoutine
+    - PsLookupProcessByProcessId
+    - ZwQuerySymbolicLinkObject
+    - _wcsnicmp
+    - SeCreateAccessState
+    - KeInitializeApc
+    - IoGetRelatedDeviceObject
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeSetEvent
+    - ExGetPreviousMode
+    - ProbeForWrite
+    - IoGetFileObjectGenericMapping
+    - swprintf
+    - ObCreateObject
+    - ObGetFilterVersion
+    - MmGetSystemRoutineAddress
+    - IoCreateFile
+    - KeInitializeEvent
+    - RtlInitAnsiString
+    - RtlUnicodeStringToAnsiString
+    - RtlGetVersion
+    - ZwQuerySystemInformation
+    - ExReleaseRundownProtection
+    - PsSetCreateProcessNotifyRoutine
+    - RtlEqualUnicodeString
+    - MmBuildMdlForNonPagedPool
+    - ZwOpenSymbolicLinkObject
+    - IoFreeMdl
+    - KeUnstackDetachProcess
+    - ExInitializeRundownProtection
+    - ZwOpenDirectoryObject
+    - IoVolumeDeviceToDosName
+    - KeDelayExecutionThread
+    - RtlFreeUnicodeString
+    - ExEnumHandleTable
+    - ExAcquireRundownProtection
+    - IoFileObjectType
+    - IoDriverObjectType
+    - ZwCreateFile
+    - wcsstr
+    - MmMapLockedPagesSpecifyCache
+    - IoGetDeviceObjectPointer
+    - IoStopTimer
+    - ExAllocatePool
+    - IoUnregisterShutdownNotification
+    - IoGetCurrentProcess
+    - NtClose
+    - ZwClose
+    - IofCompleteRequest
+    - ObReferenceObjectByHandle
+    - KeWaitForSingleObject
+    - ZwQueryDirectoryObject
+    - PsRemoveLoadImageNotifyRoutine
+    - IoFreeIrp
+    - MmProbeAndLockPages
+    - PsThreadType
+    - RtlCompareUnicodeString
+    - IoAllocateIrp
+    - ObSetHandleAttributes
+    - MmUnlockPages
+    - ZwQueryInformationProcess
+    - IoCreateSymbolicLink
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - ObReferenceObjectByName
+    - IoCreateDevice
+    - ZwTerminateProcess
+    - RtlAssert
+    - KeCancelTimer
+    - CmUnRegisterCallback
+    - ObOpenObjectByPointer
+    - DbgPrint
+    - KeStackAttachProcess
+    - PsGetProcessWow64Process
+    - IoAllocateMdl
+    - IofCallDriver
+    - KeBugCheckEx
+    - sprintf
+    - PsGetProcessPeb
+    - ExWaitForRundownProtectionRelease
+    - _wcsicmp
+    - _stricmp
+    - ObQueryNameString
+    - __C_specific_handler
+    - KeStallExecutionProcessor
+    - FltUnregisterFilter
+    - FltEnumerateFilters
+    - FltObjectDereference
+    - FltRegisterFilter
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=CN, ST=Beijing, L=Beijing, O=, OU=RD, CN=
+            ValidFrom: '2015-07-27 00:00:00'
+            ValidTo: '2016-08-25 23:59:59'
+            Signature: cb382c80e762f190213e6d4d24123b8e2851f2775f1df964e29655c927f1395c81bd01aa4106ceba3895b1db2744a41d4b0bc9b4305f7f5826764c038808d14dd7d3429ffbf6cbac8462d86c176c36ca145a8b9298eed05a55f84731eff3f5e98f6d4d0d7bda39e2a1e8854362dff3bd1b9be33f4f34f97e1e74354f5afd2689260230c61481f8cc6bbba9659f47dd114e9991e9c0d9cb91453001dd604edd328454ecb389c37ebbfb4ed2477a9abbca65723363ffd0814ddff8248ff33129df16bcd5a47c4140d1ff4d245c2b3f2cbf39ca68fcba6377cfb455d3a564ebe8af38855b4482176763e1d9a63777a1112972edf7f0b7ebaecde68653b23acd229d
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 195c5f9885214bfb4f88dd2ad1f0be8c
+            Version: 3
+            TBS:
+                MD5: 29354273ffa68d860d2e9deb5fe3d602
+                SHA1: fa3d720490408dcaad3762167515dd5023710e1a
+                SHA256: f2be523e7f4c60d579119a390a4bfc10c4400b4e5104bc1187dd67cdde7491e0
+                SHA384: c5706cd33379ce04bf38d2ad2016b09a5a53da722a8998b6387c8bd5fcda06bad32415c7b1ab1a09a1f1b76a85fbb03b
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 195c5f9885214bfb4f88dd2ad1f0be8c
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: fcdc85906fc0d379ce5bd1f99cd4ec0e
+        SHA1: 862a2c25721e0e4bd332fd64324d347d1bcdc617
+        SHA256: 3b55a7c6f619060d5a89038de0943b3fe83d4653e92b8062581f97ba14bf51ea
+    Sections:
+        .text:
+            Entropy: 5.613631106472611
+            Virtual Size: '0x1b1ad'
+        .rdata:
+            Entropy: 5.0751353959883
+            Virtual Size: '0x3a28'
+        .data:
+            Entropy: 4.884576013154239
+            Virtual Size: '0x6c80'
+        .pdata:
+            Entropy: 5.001144635940318
+            Virtual Size: '0x9cc'
+        PAGE:
+            Entropy: 5.56864239699956
+            Virtual Size: '0xd0d'
+        INIT:
+            Entropy: 5.551018134028347
+            Virtual Size: '0xf62'
+        .rsrc:
+            Entropy: 3.234842024525819
+            Virtual Size: '0x318'
+        .reloc:
+            Entropy: 1.3741854163060885
+            Virtual Size: '0x18'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2015-12-21 00:56:08'
+    Imphash: f5030145594c486434040aa2636a5dde
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: kEvP64.sys
+    MD5: 7e7e3f5532b6af24dcc252ac4b240311
+    SHA1: 3ccf1f3ac636a5e21b39ede48ff49fa23e05413f
+    SHA256: 8e6363a6393eb4234667c6f614b2072e33512866b3204f8395bbe01530d63f2f
+    Authentihash:
+        MD5: c1e7d7652812e872d65dae145650a273
+        SHA1: 80377b08aee1125170652757852eaacae5c2a62a
+        SHA256: 23ab90e1990b4c5250f7bacbc7ff90e989583a2ccacf4ba333255f1d385d0ad8
+    Description: PowerTool
+    Company: PowerTool
+    InternalName: kEvP64.sys
+    OriginalFilename: kEvP64.sys
+    FileVersion: '1.0.1.0 built by: WinDDK'
+    Product: PowerTool
+    ProductVersion: 1.0.1.0
+    Copyright: PowerTool
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    - FLTMGR.SYS
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoThreadToProcess
+    - ExAllocatePoolWithTag
+    - ProbeForRead
+    - KeClearEvent
+    - PsProcessType
+    - IoReuseIrp
+    - ObRegisterCallbacks
+    - IoBuildDeviceIoControlRequest
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - RtlAnsiStringToUnicodeString
+    - ObUnRegisterCallbacks
+    - PsGetProcessImageFileName
+    - PsRemoveCreateThreadNotifyRoutine
+    - PsLookupProcessByProcessId
+    - ZwQuerySymbolicLinkObject
+    - _wcsnicmp
+    - SeCreateAccessState
+    - KeInitializeApc
+    - IoGetRelatedDeviceObject
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeSetEvent
+    - ExGetPreviousMode
+    - ProbeForWrite
+    - IoGetFileObjectGenericMapping
+    - swprintf
+    - ObCreateObject
+    - ObGetFilterVersion
+    - MmGetSystemRoutineAddress
+    - IoCreateFile
+    - KeInitializeEvent
+    - RtlInitAnsiString
+    - RtlUnicodeStringToAnsiString
+    - RtlGetVersion
+    - ZwQuerySystemInformation
+    - ExReleaseRundownProtection
+    - PsSetCreateProcessNotifyRoutine
+    - RtlEqualUnicodeString
+    - MmBuildMdlForNonPagedPool
+    - ZwOpenSymbolicLinkObject
+    - IoFreeMdl
+    - KeUnstackDetachProcess
+    - ExInitializeRundownProtection
+    - ZwOpenDirectoryObject
+    - IoVolumeDeviceToDosName
+    - KeDelayExecutionThread
+    - RtlFreeUnicodeString
+    - ExEnumHandleTable
+    - ExAcquireRundownProtection
+    - IoFileObjectType
+    - IoDriverObjectType
+    - ZwCreateFile
+    - wcsstr
+    - MmMapLockedPagesSpecifyCache
+    - IoGetDeviceObjectPointer
+    - IoStopTimer
+    - ExAllocatePool
+    - IoUnregisterShutdownNotification
+    - IoGetCurrentProcess
+    - NtClose
+    - ZwClose
+    - IofCompleteRequest
+    - ObReferenceObjectByHandle
+    - KeWaitForSingleObject
+    - ZwQueryDirectoryObject
+    - PsRemoveLoadImageNotifyRoutine
+    - IoFreeIrp
+    - MmProbeAndLockPages
+    - PsThreadType
+    - RtlCompareUnicodeString
+    - IoAllocateIrp
+    - ObSetHandleAttributes
+    - MmUnlockPages
+    - ZwQueryInformationProcess
+    - IoCreateSymbolicLink
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - ObReferenceObjectByName
+    - IoCreateDevice
+    - ZwTerminateProcess
+    - RtlAssert
+    - KeCancelTimer
+    - CmUnRegisterCallback
+    - ObOpenObjectByPointer
+    - DbgPrint
+    - KeStackAttachProcess
+    - PsGetProcessWow64Process
+    - IoAllocateMdl
+    - IofCallDriver
+    - KeBugCheckEx
+    - sprintf
+    - PsGetProcessPeb
+    - ExWaitForRundownProtectionRelease
+    - _wcsicmp
+    - _stricmp
+    - ObQueryNameString
+    - __C_specific_handler
+    - KeStallExecutionProcessor
+    - FltUnregisterFilter
+    - FltEnumerateFilters
+    - FltObjectDereference
+    - FltRegisterFilter
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=CN, ST=Beijing, L=Beijing, O=, OU=RD, CN=
+            ValidFrom: '2015-07-27 00:00:00'
+            ValidTo: '2016-08-25 23:59:59'
+            Signature: cb382c80e762f190213e6d4d24123b8e2851f2775f1df964e29655c927f1395c81bd01aa4106ceba3895b1db2744a41d4b0bc9b4305f7f5826764c038808d14dd7d3429ffbf6cbac8462d86c176c36ca145a8b9298eed05a55f84731eff3f5e98f6d4d0d7bda39e2a1e8854362dff3bd1b9be33f4f34f97e1e74354f5afd2689260230c61481f8cc6bbba9659f47dd114e9991e9c0d9cb91453001dd604edd328454ecb389c37ebbfb4ed2477a9abbca65723363ffd0814ddff8248ff33129df16bcd5a47c4140d1ff4d245c2b3f2cbf39ca68fcba6377cfb455d3a564ebe8af38855b4482176763e1d9a63777a1112972edf7f0b7ebaecde68653b23acd229d
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 195c5f9885214bfb4f88dd2ad1f0be8c
+            Version: 3
+            TBS:
+                MD5: 29354273ffa68d860d2e9deb5fe3d602
+                SHA1: fa3d720490408dcaad3762167515dd5023710e1a
+                SHA256: f2be523e7f4c60d579119a390a4bfc10c4400b4e5104bc1187dd67cdde7491e0
+                SHA384: c5706cd33379ce04bf38d2ad2016b09a5a53da722a8998b6387c8bd5fcda06bad32415c7b1ab1a09a1f1b76a85fbb03b
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 195c5f9885214bfb4f88dd2ad1f0be8c
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: fcdc85906fc0d379ce5bd1f99cd4ec0e
+        SHA1: 862a2c25721e0e4bd332fd64324d347d1bcdc617
+        SHA256: 3b55a7c6f619060d5a89038de0943b3fe83d4653e92b8062581f97ba14bf51ea
+    Sections:
+        .text:
+            Entropy: 5.6112015272148374
+            Virtual Size: '0x1b49d'
+        .rdata:
+            Entropy: 5.075219300211116
+            Virtual Size: '0x3a28'
+        .data:
+            Entropy: 4.884576013154239
+            Virtual Size: '0x6c80'
+        .pdata:
+            Entropy: 4.9553740981969785
+            Virtual Size: '0x9e4'
+        PAGE:
+            Entropy: 5.596201545135429
+            Virtual Size: '0xd9d'
+        INIT:
+            Entropy: 5.553006501210225
+            Virtual Size: '0xf62'
+        .rsrc:
+            Entropy: 3.234842024525819
+            Virtual Size: '0x318'
+        .reloc:
+            Entropy: 1.3741854163060885
+            Virtual Size: '0x18'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2015-12-08 19:11:57'
+    Imphash: f5030145594c486434040aa2636a5dde
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/73290fcb-a0d7-481e-81a5-65a9859b50f5.yaml b/yaml/73290fcb-a0d7-481e-81a5-65a9859b50f5.yaml
index 82e8017e4..08d107480 100644
--- a/yaml/73290fcb-a0d7-481e-81a5-65a9859b50f5.yaml
+++ b/yaml/73290fcb-a0d7-481e-81a5-65a9859b50f5.yaml
@@ -1,261 +1,262 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 73290fcb-a0d7-481e-81a5-65a9859b50f5
+Tags:
+- pchunter.sys
+Verified: 'TRUE'
 Author: Michael Haag
+Created: '2023-07-22'
+MitreID: T1068
 CVE:
 - ''
 Category: vulnerable drivers
 Commands:
-  Command: ''
-  Description: Confirmed vulnerable driver from Microsoft Block List
-  OperatingSystem: Windows
-  Privileges: kernel
-  Usecase: Elevate privileges
-Created: '2023-07-22'
-Detection:
-- type: ''
-  value: ''
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: 73290fcb-a0d7-481e-81a5-65a9859b50f5
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: c5eb8ca809d54657aebef56f74ec3ab6
-    SHA1: 16269bb8d638d7753f49f739881fa5f89a535eb1
-    SHA256: 81b772e718e40e8d1d815cb3b16690c1ebd4e0bc555933db306037cc3341537f
-  Company: "\u5B89\u82AF\u7F51\u76FE\uFF08\u5317\u4EAC\uFF09\u79D1\u6280\u6709\u9650\
-    \u516C\u53F8"
-  Copyright: (C) 2019-2021 AnXinSec Corporation. All Rights Reserved.
-  CreationTimestamp: '2020-07-29 09:37:31'
-  Date: ''
-  Description: "\u7CFB\u7EDF\u4FE1\u606F\u67E5\u770B\u5DE5\u5177"
-  ExportedFunctions: ''
-  FileVersion: 1.0.0.5
-  Filename: ''
-  ImportedFunctions:
-  - FltRegisterFilter
-  - FltUnregisterFilter
-  - FltStartFiltering
-  - FltGetFileNameInformation
-  - FltReleaseFileNameInformation
-  - FltParseFileNameInformation
-  - FltCreateFile
-  - FltClose
-  - NtBuildNumber
-  - IoGetCurrentProcess
-  - ProbeForRead
-  - ObfDereferenceObject
-  - MmIsAddressValid
-  - PsLookupProcessByProcessId
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - ObReferenceObjectByHandle
-  - ZwClose
-  - IoFileObjectType
-  - RtlInitUnicodeString
-  - ZwCreateKey
-  - ZwSetValueKey
-  - ExGetPreviousMode
-  - _wcsicmp
-  - KeInitializeMutex
-  - KeReleaseMutex
-  - KeWaitForSingleObject
-  - ExAllocatePool
-  - ExFreePoolWithTag
-  - PsGetCurrentProcessId
-  - KeInitializeEvent
-  - KeSetEvent
-  - MmProbeAndLockPages
-  - MmUnlockPages
-  - MmBuildMdlForNonPagedPool
-  - IoAllocateIrp
-  - IoAllocateMdl
-  - IoCreateFile
-  - IoFreeIrp
-  - IoFreeMdl
-  - ZwOpenSymbolicLinkObject
-  - MmUserProbeAddress
-  - IoGetFileObjectGenericMapping
-  - ObCreateObject
-  - SeCreateAccessState
-  - ObOpenObjectByPointer
-  - MmGetSystemRoutineAddress
-  - NtFsControlFile
-  - NtDeviceIoControlFile
-  - swprintf
-  - ExAllocatePoolWithQuotaTag
-  - KeBugCheckEx
-  - ExAllocatePoolWithTag
-  - ObQueryNameString
-  - MmSectionObjectType
-  - PsLookupThreadByThreadId
-  - wcsncat
-  - wcsrchr
-  - KeDelayExecutionThread
-  - MmMapIoSpace
-  - MmUnmapIoSpace
-  - PsGetVersion
-  - IoAttachDevice
-  - IoAttachDeviceToDeviceStack
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ObReferenceObjectByPointer
-  - ZwOpenFile
-  - ZwLoadDriver
-  - ZwUnloadDriver
-  - ZwCreateSection
-  - ZwOpenSection
-  - ZwMapViewOfSection
-  - ZwDeleteKey
-  - ZwDeleteValueKey
-  - ZwEnumerateKey
-  - ZwEnumerateValueKey
-  - ZwQueryKey
-  - IoAttachDeviceByPointer
-  - MmMapLockedPagesSpecifyCache
-  - MmUnmapLockedPages
-  - MmSystemRangeStart
-  - __C_specific_handler
-  - ProbeForWrite
-  - ZwQuerySymbolicLinkObject
-  - HalGetAdapter
-  - HalGetBusDataByOffset
-  - HalAllocateCrashDumpRegisters
-  Imports:
-  - FLTMGR.SYS
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: 366bd312aad96a7eb4912688b9e8d268
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: 1.0.5.7
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 33bde87c8fb9123b7d70d57b8e73020c
-    SHA1: 826c38506602b5424cfcbf743ec1c41d53adc22c
-    SHA256: ac9127c639427ab4be7575f6d949d2d868707cc9bc7de85f207038fcb303578b
-  SHA1: 8d15036ef8dd0d79d89cc7b02920bd073849a381
-  SHA256: 3f20ac5dac9171857fc5791865458fdb6eac4fab837d7eabc42cb0a83cb522fc
-  Sections:
-    .text:
-      Entropy: 6.359392273224201
-      Virtual Size: '0x7b52a'
-    .rdata:
-      Entropy: 5.354522573439451
-      Virtual Size: '0x627c'
-    .data:
-      Entropy: 2.8635639411042924
-      Virtual Size: '0x300a0'
-    .pdata:
-      Entropy: 5.867567283432031
-      Virtual Size: '0x3828'
-    INIT:
-      Entropy: 5.385748558199811
-      Virtual Size: '0xb4a'
-    .rsrc:
-      Entropy: 3.5635144751881898
-      Virtual Size: '0x320'
-    .reloc:
-      Entropy: 4.883553433346755
-      Virtual Size: '0x17c'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: ??=CN, ??=, ??=Private Organization, serialNumber=91110108MA01JM458L,
-        C=CN, ST=, O=, CN=
-      ValidFrom: '2020-06-30 00:00:00'
-      ValidTo: '2023-07-05 12:00:00'
-      Signature: af7bb35185d70056d33c3268e10d651f0cf79542d8b5d24d553b409983443d3a02d1c84c51d56e007637b5b6b9a2a315b4787579bdcbd6e9b9f11bd3403b3b475218bd8743b1c01135e344c6dd50d8bd8444c3b4abb81e37121fd26c1161347885bfffae9c6c3f9086ee84b09a572db926ccecb2824fcc766f8a996598be644ed4d93e0857f61a54e5711cbc4f9f6d972b39673291f31a2ef738f09cdabf3d1ab66a02918d9b57e457f267e2d70f6f9a33d20b1fd11e281ea2f2f05c41f162fc8baa4af8564015f6168950924d9b7d15a31d9041ba8e5b05e40ccab46568d4e3b7533ef6e872a7e0ab0577b43175a984de8ef0c67d3e350df7855a033869f60d
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0551bc8c6aa2ca032bc6713830d849a3
-      Version: 3
-      TBS:
-        MD5: 3e1a270566dbef6f024e8a592eea2b08
-        SHA1: 740d462ba0502946e1dc537ab97cf3825631caf9
-        SHA256: 3d0941c030b3f19ed3901ab914720a83bba65ac57ad753f65efdb12d628d4bf6
-        SHA384: a251e658b68090e4d93dc64c7b90f55537db16e46c9bde91b638ce59d1047cf1bad1fb7c76b18ad75ba8cfece1ed8521
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA
-      ValidFrom: '2012-04-18 12:00:00'
-      ValidTo: '2027-04-18 12:00:00'
-      Signature: 9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0dd0e3374ac95bdbfa6b434b2a48ec06
-      Version: 3
-      TBS:
-        MD5: f92649915476229b093c211c2b18e6c4
-        SHA1: 2d54c16a8f8b69ccdea48d0603c132f547a5cf75
-        SHA256: 2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
-        SHA384: 511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 0551bc8c6aa2ca032bc6713830d849a3
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA
-      Version: 1
-  Imphash: c56dbf2e72704141d7b2279a64c54621
-  LoadsDespiteHVCI: 'FALSE'
-MitreID: T1068
+    Command: ''
+    Description: Confirmed vulnerable driver from Microsoft Block List
+    OperatingSystem: Windows
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://gist.github.com/mgraeber-rc/1bde6a2a83237f17b463d051d32e802c
-Tags:
-- pchunter.sys
-Verified: 'TRUE'
+Detection:
+-   type: ''
+    value: ''
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: c5eb8ca809d54657aebef56f74ec3ab6
+        SHA1: 16269bb8d638d7753f49f739881fa5f89a535eb1
+        SHA256: 81b772e718e40e8d1d815cb3b16690c1ebd4e0bc555933db306037cc3341537f
+    Company: "\u5B89\u82AF\u7F51\u76FE\uFF08\u5317\u4EAC\uFF09\u79D1\u6280\u6709\u9650\
+        \u516C\u53F8"
+    Copyright: (C) 2019-2021 AnXinSec Corporation. All Rights Reserved.
+    CreationTimestamp: '2020-07-29 09:37:31'
+    Date: ''
+    Description: "\u7CFB\u7EDF\u4FE1\u606F\u67E5\u770B\u5DE5\u5177"
+    ExportedFunctions: ''
+    FileVersion: 1.0.0.5
+    Filename: ''
+    ImportedFunctions:
+    - FltRegisterFilter
+    - FltUnregisterFilter
+    - FltStartFiltering
+    - FltGetFileNameInformation
+    - FltReleaseFileNameInformation
+    - FltParseFileNameInformation
+    - FltCreateFile
+    - FltClose
+    - NtBuildNumber
+    - IoGetCurrentProcess
+    - ProbeForRead
+    - ObfDereferenceObject
+    - MmIsAddressValid
+    - PsLookupProcessByProcessId
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - ObReferenceObjectByHandle
+    - ZwClose
+    - IoFileObjectType
+    - RtlInitUnicodeString
+    - ZwCreateKey
+    - ZwSetValueKey
+    - ExGetPreviousMode
+    - _wcsicmp
+    - KeInitializeMutex
+    - KeReleaseMutex
+    - KeWaitForSingleObject
+    - ExAllocatePool
+    - ExFreePoolWithTag
+    - PsGetCurrentProcessId
+    - KeInitializeEvent
+    - KeSetEvent
+    - MmProbeAndLockPages
+    - MmUnlockPages
+    - MmBuildMdlForNonPagedPool
+    - IoAllocateIrp
+    - IoAllocateMdl
+    - IoCreateFile
+    - IoFreeIrp
+    - IoFreeMdl
+    - ZwOpenSymbolicLinkObject
+    - MmUserProbeAddress
+    - IoGetFileObjectGenericMapping
+    - ObCreateObject
+    - SeCreateAccessState
+    - ObOpenObjectByPointer
+    - MmGetSystemRoutineAddress
+    - NtFsControlFile
+    - NtDeviceIoControlFile
+    - swprintf
+    - ExAllocatePoolWithQuotaTag
+    - KeBugCheckEx
+    - ExAllocatePoolWithTag
+    - ObQueryNameString
+    - MmSectionObjectType
+    - PsLookupThreadByThreadId
+    - wcsncat
+    - wcsrchr
+    - KeDelayExecutionThread
+    - MmMapIoSpace
+    - MmUnmapIoSpace
+    - PsGetVersion
+    - IoAttachDevice
+    - IoAttachDeviceToDeviceStack
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - ObReferenceObjectByPointer
+    - ZwOpenFile
+    - ZwLoadDriver
+    - ZwUnloadDriver
+    - ZwCreateSection
+    - ZwOpenSection
+    - ZwMapViewOfSection
+    - ZwDeleteKey
+    - ZwDeleteValueKey
+    - ZwEnumerateKey
+    - ZwEnumerateValueKey
+    - ZwQueryKey
+    - IoAttachDeviceByPointer
+    - MmMapLockedPagesSpecifyCache
+    - MmUnmapLockedPages
+    - MmSystemRangeStart
+    - __C_specific_handler
+    - ProbeForWrite
+    - ZwQuerySymbolicLinkObject
+    - HalGetAdapter
+    - HalGetBusDataByOffset
+    - HalAllocateCrashDumpRegisters
+    Imports:
+    - FLTMGR.SYS
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: 366bd312aad96a7eb4912688b9e8d268
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: 1.0.5.7
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 33bde87c8fb9123b7d70d57b8e73020c
+        SHA1: 826c38506602b5424cfcbf743ec1c41d53adc22c
+        SHA256: ac9127c639427ab4be7575f6d949d2d868707cc9bc7de85f207038fcb303578b
+    SHA1: 8d15036ef8dd0d79d89cc7b02920bd073849a381
+    SHA256: 3f20ac5dac9171857fc5791865458fdb6eac4fab837d7eabc42cb0a83cb522fc
+    Sections:
+        .text:
+            Entropy: 6.359392273224201
+            Virtual Size: '0x7b52a'
+        .rdata:
+            Entropy: 5.354522573439451
+            Virtual Size: '0x627c'
+        .data:
+            Entropy: 2.8635639411042924
+            Virtual Size: '0x300a0'
+        .pdata:
+            Entropy: 5.867567283432031
+            Virtual Size: '0x3828'
+        INIT:
+            Entropy: 5.385748558199811
+            Virtual Size: '0xb4a'
+        .rsrc:
+            Entropy: 3.5635144751881898
+            Virtual Size: '0x320'
+        .reloc:
+            Entropy: 4.883553433346755
+            Virtual Size: '0x17c'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: ??=CN, ??=, ??=Private Organization, serialNumber=91110108MA01JM458L,
+                C=CN, ST=, O=, CN=
+            ValidFrom: '2020-06-30 00:00:00'
+            ValidTo: '2023-07-05 12:00:00'
+            Signature: af7bb35185d70056d33c3268e10d651f0cf79542d8b5d24d553b409983443d3a02d1c84c51d56e007637b5b6b9a2a315b4787579bdcbd6e9b9f11bd3403b3b475218bd8743b1c01135e344c6dd50d8bd8444c3b4abb81e37121fd26c1161347885bfffae9c6c3f9086ee84b09a572db926ccecb2824fcc766f8a996598be644ed4d93e0857f61a54e5711cbc4f9f6d972b39673291f31a2ef738f09cdabf3d1ab66a02918d9b57e457f267e2d70f6f9a33d20b1fd11e281ea2f2f05c41f162fc8baa4af8564015f6168950924d9b7d15a31d9041ba8e5b05e40ccab46568d4e3b7533ef6e872a7e0ab0577b43175a984de8ef0c67d3e350df7855a033869f60d
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0551bc8c6aa2ca032bc6713830d849a3
+            Version: 3
+            TBS:
+                MD5: 3e1a270566dbef6f024e8a592eea2b08
+                SHA1: 740d462ba0502946e1dc537ab97cf3825631caf9
+                SHA256: 3d0941c030b3f19ed3901ab914720a83bba65ac57ad753f65efdb12d628d4bf6
+                SHA384: a251e658b68090e4d93dc64c7b90f55537db16e46c9bde91b638ce59d1047cf1bad1fb7c76b18ad75ba8cfece1ed8521
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA
+            ValidFrom: '2012-04-18 12:00:00'
+            ValidTo: '2027-04-18 12:00:00'
+            Signature: 9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0dd0e3374ac95bdbfa6b434b2a48ec06
+            Version: 3
+            TBS:
+                MD5: f92649915476229b093c211c2b18e6c4
+                SHA1: 2d54c16a8f8b69ccdea48d0603c132f547a5cf75
+                SHA256: 2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
+                SHA384: 511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 0551bc8c6aa2ca032bc6713830d849a3
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA
+            Version: 1
+    Imphash: c56dbf2e72704141d7b2279a64c54621
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/7437388f-821e-421f-a3c1-62ce2c725a6a.yaml b/yaml/7437388f-821e-421f-a3c1-62ce2c725a6a.yaml
index 30e516fc3..6d508494d 100644
--- a/yaml/7437388f-821e-421f-a3c1-62ce2c725a6a.yaml
+++ b/yaml/7437388f-821e-421f-a3c1-62ce2c725a6a.yaml
@@ -1,35 +1,35 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 7437388f-821e-421f-a3c1-62ce2c725a6a
+Tags:
+- windows8-10-32.sys
+Verified: 'FALSE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create windows8-10-32.sys binPath=C:\windows\temp\windows8-10-32.sys     type=kernel
-    type=kernel && sc.exe start windows8-10-32.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection: []
-Id: 7437388f-821e-421f-a3c1-62ce2c725a6a
-KnownVulnerableSamples:
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: windows8-10-32.sys
-  MachineType: ''
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA256: 5b9623da9ba8e5c80c49473f40ffe7ad315dcadffc3230afdc9d9226d60a715a
-  Signature: []
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create windows8-10-32.sys binPath=C:\windows\temp\windows8-10-32.sys     type=kernel
+        type=kernel && sc.exe start windows8-10-32.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules
-Tags:
-- windows8-10-32.sys
-Verified: 'FALSE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: windows8-10-32.sys
+    MachineType: ''
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA256: 5b9623da9ba8e5c80c49473f40ffe7ad315dcadffc3230afdc9d9226d60a715a
+    Signature: []
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/75a66604-f024-4f11-8ba7-fdd64a0df3bf.yaml b/yaml/75a66604-f024-4f11-8ba7-fdd64a0df3bf.yaml
index 1456768d1..8824f9d58 100644
--- a/yaml/75a66604-f024-4f11-8ba7-fdd64a0df3bf.yaml
+++ b/yaml/75a66604-f024-4f11-8ba7-fdd64a0df3bf.yaml
@@ -1,219 +1,219 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 75a66604-f024-4f11-8ba7-fdd64a0df3bf
+Tags:
+- mhyprotnap.sys
+Verified: 'TRUE'
 Author: Michael Haag
+Created: '2023-07-22'
+MitreID: T1068
 CVE:
 - ''
 Category: vulnerable drivers
 Commands:
-  Command: ''
-  Description: Confirmed vulnerable driver from Microsoft Block List
-  OperatingSystem: Windows
-  Privileges: kernel
-  Usecase: Elevate privileges
-Created: '2023-07-22'
-Detection:
-- type: ''
-  value: ''
-Id: 75a66604-f024-4f11-8ba7-fdd64a0df3bf
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 3a94d517fd2a56f4d20100a8f254b183
-    SHA1: 05b36efe08674891c40db96cbb5e69abea6f4daf
-    SHA256: 9e428c1d1cd7358e2c2f25ede45e718b22cb5d04634a4d1ec08a87e71248685b
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2022-03-28 00:31:12'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - NtQuerySystemInformation
-  - RtlInitUnicodeString
-  - ExAllocatePool
-  - ExFreePoolWithTag
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - IoGetCurrentProcess
-  - _wcsicmp
-  - RtlInitString
-  - RtlAnsiStringToUnicodeString
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - ZwClose
-  - MmIsAddressValid
-  - ZwOpenDirectoryObject
-  - ZwQueryDirectoryObject
-  - ObReferenceObjectByName
-  - ZwQuerySystemInformation
-  - __C_specific_handler
-  - MmHighestUserAddress
-  - IoDriverObjectType
-  - KeQueryTimeIncrement
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - PsGetProcessWow64Process
-  - PsGetProcessPeb
-  - MmUnlockPages
-  - MmGetSystemRoutineAddress
-  - MmUnmapLockedPages
-  - IoFreeMdl
-  - ZwTerminateProcess
-  - PsGetProcessImageFileName
-  - ZwQueryObject
-  - ObOpenObjectByPointer
-  - PsReferenceProcessFilePointer
-  - IoQueryFileDosDeviceName
-  - MmProbeAndLockPages
-  - PsLookupProcessByProcessId
-  - MmMapLockedPagesSpecifyCache
-  - IoAllocateMdl
-  - MmCopyVirtualMemory
-  - KeClearEvent
-  - KeSetEvent
-  - KeWaitForSingleObject
-  - MmMapLockedPages
-  - ObReferenceObjectByHandle
-  - PsSetCreateProcessNotifyRoutineEx
-  - PsSetCreateThreadNotifyRoutine
-  - PsRemoveCreateThreadNotifyRoutine
-  - PsSetLoadImageNotifyRoutine
-  - PsRemoveLoadImageNotifyRoutine
-  - ExEventObjectType
-  - ObRegisterCallbacks
-  - ObUnRegisterCallbacks
-  - ObGetFilterVersion
-  - PsGetProcessId
-  - IoThreadToProcess
-  - strcmp
-  - PsProcessType
-  - PsThreadType
-  - RtlEqualUnicodeString
-  - RtlGetVersion
-  - ObfReferenceObject
-  - ObGetObjectType
-  - ExEnumHandleTable
-  - ExfUnblockPushLock
-  - PsAcquireProcessExitSynchronization
-  - PsReleaseProcessExitSynchronization
-  - _snprintf
-  - vsprintf_s
-  - ZwCreateFile
-  - ZwWriteFile
-  - PsLookupThreadByThreadId
-  - NtQueryInformationThread
-  - PsGetThreadProcess
-  - KeDelayExecutionThread
-  - KdDisableDebugger
-  - KdChangeOption
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - KdDebuggerEnabled
-  - PsGetVersion
-  - KeInitializeEvent
-  - RtlCopyUnicodeString
-  - ObfDereferenceObject
-  - ExReleaseFastMutex
-  - ExAcquireFastMutex
-  - MmBuildMdlForNonPagedPool
-  - WdfVersionBindClass
-  - WdfVersionBind
-  - WdfVersionUnbind
-  - WdfVersionUnbindClass
-  Imports:
-  - ntoskrnl.exe
-  - WDFLDR.SYS
-  InternalName: ''
-  MD5: 64ae0358860e2a5b658383f7e651038e
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: ffdf660eb1ebf020a1d0a55a90712dfb
-    SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
-    SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
-  SHA1: acacebea32c33fc1315d9549504a6b0cabd1e974
-  SHA256: 40263b08b3c3659529ab605d1daa3033db0fdc4b19c26aa375be0c19686807e6
-  Sections:
-    .text:
-      Entropy: 6.158588705904711
-      Virtual Size: '0x6b90'
-    .rdata:
-      Entropy: 4.776602523336272
-      Virtual Size: '0x1534'
-    .data:
-      Entropy: 0.807954115503613
-      Virtual Size: '0x15f8'
-    .pdata:
-      Entropy: 7.7487340950598105
-      Virtual Size: '0x660'
-    PAGE:
-      Entropy: 5.561481006920357
-      Virtual Size: '0xb0e'
-    INIT:
-      Entropy: 5.389152085711221
-      Virtual Size: '0xeae'
-    .upx0:
-      Entropy: 7.13264162039016
-      Virtual Size: '0x13a664'
-    .reloc:
-      Entropy: 3.886161748240218
-      Virtual Size: '0xc0'
-    .rsrc:
-      Entropy: 2.9070295402348902
-      Virtual Size: '0x22c'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Hardware Compatibility Publisher
-      ValidFrom: '2021-09-09 19:16:00'
-      ValidTo: '2022-09-01 19:16:00'
-      Signature: 7b7b91445abb831e254190c9b985d928d36a304fcd1047a1e72e0fb7a0c533676a5fa6f4071e22878ab6ffbef445846d5bed9fd5e5995fcd1674c9eefe23d3bc0a7b4284573daefcb1eeb5e8e6fe607bb833ae121138cc8ff9239dbcbd784dd74e0b7a489d33cfca295b4bd3e8705f58a8dcf7396d88793e0e9edaace46eed0fd40623826f7770c86a4c5699a9097011fdd8765e8c8550a9e7816e034954ad7cbbc7c61bc9dfc5c5d7c1bd33ec6d9fd8a7e5e1452605850a83017c07b93d35297de19da40b0817897694e1baa9f0e9bf4aed86f1cd872a42af30c8491063aa02b305e6806e83949ceddec43793a03b3d79ec556ba6a3435fcc6775627c694b4180d193ded57885f53217c7e14ca0558f7bb0afdf14f2e07fd8481d15119d90e6b54d39860fca5acb90fa98ed0e85090cabe7de390d74cdc93416c3afc39ba45be2b410e64ca280c41748ba2b2c3fc1e08592b6ed8542f6c5784b7dd3c19641f2758782af123d84d1055eb538a7159b302097cbe6315f5dbdf7b5a0bc62a313e8a330ae1028e8678458c55a5038c8038de55af0c9ec5cbc6eaa7413a5b046364b027cbe2b67de79e7807f09d83dbd55fd34c07f9536a2bf7d216febd30fa3714b580d2c1f9e915010944f8dd74e4b469ff66bf68e14da72ccf2e6d8960387891225a1986d96b4068042352843a5f6ea17cca27d2d7de08e90eaa496983049efe0
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 330000004e595610832b4e0c6c00000000004e
-      Version: 3
-      TBS:
-        MD5: cd4b92926b0c62a20cbbf01178422b63
-        SHA1: 2172402fc331352ecf707599578205d2ad32da6e
-        SHA256: 16060ca074a311e7fe9d8c47dbdae7dcffb04e6fee1c50b5f3d2c90af8b5fdbc
-        SHA384: 8ae2ad20d42c9eb0d4b570c58d76395f896230e0a235f1d73f281d4df028174a4a457e7794514b47f39659f2a62212f3
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2014
-      ValidFrom: '2014-10-15 20:31:27'
-      ValidTo: '2029-10-15 20:41:27'
-      Signature: 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 330000000d690d5d7893d076df00000000000d
-      Version: 3
-      TBS:
-        MD5: 83f69422963f11c3c340b81712eef319
-        SHA1: 0c5e5f24590b53bc291e28583acb78e5adc95601
-        SHA256: d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
-        SHA384: 260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63
-    Signer:
-    - SerialNumber: 330000004e595610832b4e0c6c00000000004e
-      Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2014
-      Version: 1
-  Imphash: ebb99842fa08915eb8b7f67d8dc7a13a
-  LoadsDespiteHVCI: 'FALSE'
-MitreID: T1068
+    Command: ''
+    Description: Confirmed vulnerable driver from Microsoft Block List
+    OperatingSystem: Windows
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://gist.github.com/mgraeber-rc/1bde6a2a83237f17b463d051d32e802c
-Tags:
-- mhyprotnap.sys
-Verified: 'TRUE'
+Detection:
+-   type: ''
+    value: ''
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 3a94d517fd2a56f4d20100a8f254b183
+        SHA1: 05b36efe08674891c40db96cbb5e69abea6f4daf
+        SHA256: 9e428c1d1cd7358e2c2f25ede45e718b22cb5d04634a4d1ec08a87e71248685b
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2022-03-28 00:31:12'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - NtQuerySystemInformation
+    - RtlInitUnicodeString
+    - ExAllocatePool
+    - ExFreePoolWithTag
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - IoGetCurrentProcess
+    - _wcsicmp
+    - RtlInitString
+    - RtlAnsiStringToUnicodeString
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - ZwClose
+    - MmIsAddressValid
+    - ZwOpenDirectoryObject
+    - ZwQueryDirectoryObject
+    - ObReferenceObjectByName
+    - ZwQuerySystemInformation
+    - __C_specific_handler
+    - MmHighestUserAddress
+    - IoDriverObjectType
+    - KeQueryTimeIncrement
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - PsGetProcessWow64Process
+    - PsGetProcessPeb
+    - MmUnlockPages
+    - MmGetSystemRoutineAddress
+    - MmUnmapLockedPages
+    - IoFreeMdl
+    - ZwTerminateProcess
+    - PsGetProcessImageFileName
+    - ZwQueryObject
+    - ObOpenObjectByPointer
+    - PsReferenceProcessFilePointer
+    - IoQueryFileDosDeviceName
+    - MmProbeAndLockPages
+    - PsLookupProcessByProcessId
+    - MmMapLockedPagesSpecifyCache
+    - IoAllocateMdl
+    - MmCopyVirtualMemory
+    - KeClearEvent
+    - KeSetEvent
+    - KeWaitForSingleObject
+    - MmMapLockedPages
+    - ObReferenceObjectByHandle
+    - PsSetCreateProcessNotifyRoutineEx
+    - PsSetCreateThreadNotifyRoutine
+    - PsRemoveCreateThreadNotifyRoutine
+    - PsSetLoadImageNotifyRoutine
+    - PsRemoveLoadImageNotifyRoutine
+    - ExEventObjectType
+    - ObRegisterCallbacks
+    - ObUnRegisterCallbacks
+    - ObGetFilterVersion
+    - PsGetProcessId
+    - IoThreadToProcess
+    - strcmp
+    - PsProcessType
+    - PsThreadType
+    - RtlEqualUnicodeString
+    - RtlGetVersion
+    - ObfReferenceObject
+    - ObGetObjectType
+    - ExEnumHandleTable
+    - ExfUnblockPushLock
+    - PsAcquireProcessExitSynchronization
+    - PsReleaseProcessExitSynchronization
+    - _snprintf
+    - vsprintf_s
+    - ZwCreateFile
+    - ZwWriteFile
+    - PsLookupThreadByThreadId
+    - NtQueryInformationThread
+    - PsGetThreadProcess
+    - KeDelayExecutionThread
+    - KdDisableDebugger
+    - KdChangeOption
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - KdDebuggerEnabled
+    - PsGetVersion
+    - KeInitializeEvent
+    - RtlCopyUnicodeString
+    - ObfDereferenceObject
+    - ExReleaseFastMutex
+    - ExAcquireFastMutex
+    - MmBuildMdlForNonPagedPool
+    - WdfVersionBindClass
+    - WdfVersionBind
+    - WdfVersionUnbind
+    - WdfVersionUnbindClass
+    Imports:
+    - ntoskrnl.exe
+    - WDFLDR.SYS
+    InternalName: ''
+    MD5: 64ae0358860e2a5b658383f7e651038e
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: ffdf660eb1ebf020a1d0a55a90712dfb
+        SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
+        SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
+    SHA1: acacebea32c33fc1315d9549504a6b0cabd1e974
+    SHA256: 40263b08b3c3659529ab605d1daa3033db0fdc4b19c26aa375be0c19686807e6
+    Sections:
+        .text:
+            Entropy: 6.158588705904711
+            Virtual Size: '0x6b90'
+        .rdata:
+            Entropy: 4.776602523336272
+            Virtual Size: '0x1534'
+        .data:
+            Entropy: 0.807954115503613
+            Virtual Size: '0x15f8'
+        .pdata:
+            Entropy: 7.7487340950598105
+            Virtual Size: '0x660'
+        PAGE:
+            Entropy: 5.561481006920357
+            Virtual Size: '0xb0e'
+        INIT:
+            Entropy: 5.389152085711221
+            Virtual Size: '0xeae'
+        .upx0:
+            Entropy: 7.13264162039016
+            Virtual Size: '0x13a664'
+        .reloc:
+            Entropy: 3.886161748240218
+            Virtual Size: '0xc0'
+        .rsrc:
+            Entropy: 2.9070295402348902
+            Virtual Size: '0x22c'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Hardware Compatibility Publisher
+            ValidFrom: '2021-09-09 19:16:00'
+            ValidTo: '2022-09-01 19:16:00'
+            Signature: 7b7b91445abb831e254190c9b985d928d36a304fcd1047a1e72e0fb7a0c533676a5fa6f4071e22878ab6ffbef445846d5bed9fd5e5995fcd1674c9eefe23d3bc0a7b4284573daefcb1eeb5e8e6fe607bb833ae121138cc8ff9239dbcbd784dd74e0b7a489d33cfca295b4bd3e8705f58a8dcf7396d88793e0e9edaace46eed0fd40623826f7770c86a4c5699a9097011fdd8765e8c8550a9e7816e034954ad7cbbc7c61bc9dfc5c5d7c1bd33ec6d9fd8a7e5e1452605850a83017c07b93d35297de19da40b0817897694e1baa9f0e9bf4aed86f1cd872a42af30c8491063aa02b305e6806e83949ceddec43793a03b3d79ec556ba6a3435fcc6775627c694b4180d193ded57885f53217c7e14ca0558f7bb0afdf14f2e07fd8481d15119d90e6b54d39860fca5acb90fa98ed0e85090cabe7de390d74cdc93416c3afc39ba45be2b410e64ca280c41748ba2b2c3fc1e08592b6ed8542f6c5784b7dd3c19641f2758782af123d84d1055eb538a7159b302097cbe6315f5dbdf7b5a0bc62a313e8a330ae1028e8678458c55a5038c8038de55af0c9ec5cbc6eaa7413a5b046364b027cbe2b67de79e7807f09d83dbd55fd34c07f9536a2bf7d216febd30fa3714b580d2c1f9e915010944f8dd74e4b469ff66bf68e14da72ccf2e6d8960387891225a1986d96b4068042352843a5f6ea17cca27d2d7de08e90eaa496983049efe0
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 330000004e595610832b4e0c6c00000000004e
+            Version: 3
+            TBS:
+                MD5: cd4b92926b0c62a20cbbf01178422b63
+                SHA1: 2172402fc331352ecf707599578205d2ad32da6e
+                SHA256: 16060ca074a311e7fe9d8c47dbdae7dcffb04e6fee1c50b5f3d2c90af8b5fdbc
+                SHA384: 8ae2ad20d42c9eb0d4b570c58d76395f896230e0a235f1d73f281d4df028174a4a457e7794514b47f39659f2a62212f3
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2014
+            ValidFrom: '2014-10-15 20:31:27'
+            ValidTo: '2029-10-15 20:41:27'
+            Signature: 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 330000000d690d5d7893d076df00000000000d
+            Version: 3
+            TBS:
+                MD5: 83f69422963f11c3c340b81712eef319
+                SHA1: 0c5e5f24590b53bc291e28583acb78e5adc95601
+                SHA256: d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
+                SHA384: 260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63
+        Signer:
+        -   SerialNumber: 330000004e595610832b4e0c6c00000000004e
+            Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2014
+            Version: 1
+    Imphash: ebb99842fa08915eb8b7f67d8dc7a13a
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/75a933b4-82d8-4eb8-8ed5-a0a2178630a3.yaml b/yaml/75a933b4-82d8-4eb8-8ed5-a0a2178630a3.yaml
index 07b0b2915..ef37c4f88 100644
--- a/yaml/75a933b4-82d8-4eb8-8ed5-a0a2178630a3.yaml
+++ b/yaml/75a933b4-82d8-4eb8-8ed5-a0a2178630a3.yaml
@@ -1,48 +1,48 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 75a933b4-82d8-4eb8-8ed5-a0a2178630a3
+Tags:
+- fiddrv.sys
+Verified: 'FALSE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create fiddrv.sys binPath=C:\windows\temp\fiddrv.sys type=kernel
-    && sc.exe start fiddrv.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection: []
-Id: 75a933b4-82d8-4eb8-8ed5-a0a2178630a3
-KnownVulnerableSamples:
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: fiddrv.sys
-  MachineType: ''
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: 8cc8974a05e81678e3d28acfe434e7804abd019c
-  Signature: []
-  LoadsDespiteHVCI: 'FALSE'
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: fiddrv.sys
-  MachineType: ''
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: 282bb241bda5c4c1b8eb9bf56d018896649ca0e1
-  Signature: []
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create fiddrv.sys binPath=C:\windows\temp\fiddrv.sys type=kernel
+        && sc.exe start fiddrv.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules
-Tags:
-- fiddrv.sys
-Verified: 'FALSE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: fiddrv.sys
+    MachineType: ''
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: 8cc8974a05e81678e3d28acfe434e7804abd019c
+    Signature: []
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: fiddrv.sys
+    MachineType: ''
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: 282bb241bda5c4c1b8eb9bf56d018896649ca0e1
+    Signature: []
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/75b9b0c5-dd3e-4cf3-a693-c80f2feabb6a.yaml b/yaml/75b9b0c5-dd3e-4cf3-a693-c80f2feabb6a.yaml
index 8ad8d07e4..e0466ef76 100644
--- a/yaml/75b9b0c5-dd3e-4cf3-a693-c80f2feabb6a.yaml
+++ b/yaml/75b9b0c5-dd3e-4cf3-a693-c80f2feabb6a.yaml
@@ -1,224 +1,225 @@
 Id: 75b9b0c5-dd3e-4cf3-a693-c80f2feabb6a
+Tags:
+- 5a4fe297c7d42539303137b6d75b150d.sys
+Verified: 'TRUE'
 Author: Alice Climent-Pommeret
 Created: '2023-07-31'
 MitreID: T1014
 Category: malicious
-Verified: 'TRUE'
 Commands:
-  Command: sc.exe create 5a4fe297c7d42539303137b6d75b150d.sys binPath=C:\windows\temp\5a4fe297c7d42539303137b6d75b150d.sys
-    type=kernel && sc.exe start 5a4fe297c7d42539303137b6d75b150d.sys
-  Description: "Cisco Talos has identified multiple versions of an undocumented malicious\
-    \ driver named \u201CRedDriver,\u201D a driver-based browser hijacker that uses\
-    \ the Windows Filtering Platform (WFP) to intercept browser traffic. RedDriver\
-    \ has been active since at least 2021. RedDriver utilizes HookSignTool to forge\
-    \ its signature timestamp to bypass Windows driver-signing policies. Code from\
-    \ multiple open-source tools has been used in the development of RedDriver's infection\
-    \ chain, including HP-Socket and a custom implementation of ReflectiveLoader.\
-    \ The authors of RedDriver appear to be skilled in driver development and have\
-    \ deep knowledge of the Windows operating system. This threat appears to target\
-    \ native Chinese speakers, as it searches for Chinese language browsers to hijack.\
-    \ Additionally, the authors are likely Chinese speakers themselves."
-  Usecase: ''
-  Privileges: kernel
-  OperatingSystem: Windows 10
+    Command: sc.exe create 5a4fe297c7d42539303137b6d75b150d.sys binPath=C:\windows\temp\5a4fe297c7d42539303137b6d75b150d.sys
+        type=kernel && sc.exe start 5a4fe297c7d42539303137b6d75b150d.sys
+    Description: "Cisco Talos has identified multiple versions of an undocumented\
+        \ malicious driver named \u201CRedDriver,\u201D a driver-based browser hijacker\
+        \ that uses the Windows Filtering Platform (WFP) to intercept browser traffic.\
+        \ RedDriver has been active since at least 2021. RedDriver utilizes HookSignTool\
+        \ to forge its signature timestamp to bypass Windows driver-signing policies.\
+        \ Code from multiple open-source tools has been used in the development of\
+        \ RedDriver's infection chain, including HP-Socket and a custom implementation\
+        \ of ReflectiveLoader. The authors of RedDriver appear to be skilled in driver\
+        \ development and have deep knowledge of the Windows operating system. This\
+        \ threat appears to target native Chinese speakers, as it searches for Chinese\
+        \ language browsers to hijack. Additionally, the authors are likely Chinese\
+        \ speakers themselves."
+    Usecase: ''
+    Privileges: kernel
+    OperatingSystem: Windows 10
 Resources:
 - https://blog.talosintelligence.com/undocumented-reddriver/
-Acknowledgement:
-  Person: ''
-  Handle: ''
 Detection: []
+Acknowledgement:
+    Person: ''
+    Handle: ''
 KnownVulnerableSamples:
-- Filename: ''
-  MD5: 5a4fe297c7d42539303137b6d75b150d
-  SHA1: ebd8b7e964b8c692eea4a8c406b9cd0be621ebe2
-  SHA256: 9a67626fb468d3f114c23ac73fd8057f43d06393d3eca04da1d6676f89da2d40
-  Signature: ''
-  Date: ''
-  Publisher: ''
-  Company: ''
-  Description: ''
-  Product: ''
-  ProductVersion: ''
-  FileVersion: ''
-  MachineType: AMD64
-  OriginalFilename: ''
-  Authentihash:
-    MD5: e5c54b958d6608cbb97e1a21c200dcd9
-    SHA1: cc9b2ee8d9f3031eeab893e29231208eee30e494
-    SHA256: 47bcbe0e7087cde7a9fb01fcec12b5ab185112c8f7f5638543715efa774b0cec
-  RichPEHeaderHash:
-    MD5: ecdd5c0e8a78b145a8e5d9443ff0f2eb
-    SHA1: 3ed3a76d965f1b5e387959ceedc84567a2f7bca4
-    SHA256: 1edc4e310bd57e5c317b972f0bdb9f1f0794009b7039364dd6a879ee5f342754
-  Sections:
-    .text:
-      Entropy: 6.2119592546505995
-      Virtual Size: '0xc1ee'
-    .rdata:
-      Entropy: 5.110403242864534
-      Virtual Size: '0xbac'
-    .data:
-      Entropy: 7.8800439180453505
-      Virtual Size: '0xa5490'
-    .pdata:
-      Entropy: 4.5968345164469415
-      Virtual Size: '0x540'
-    PAGE:
-      Entropy: 6.308757256393646
-      Virtual Size: '0x9b5'
-    INIT:
-      Entropy: 5.268683087271941
-      Virtual Size: '0xa96'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2023-06-29 19:57:11'
-  InternalName: ''
-  Copyright: ''
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IoRegisterDriverReinitialization
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeSetEvent
-  - KeInitializeEvent
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - ZwClose
-  - IofCompleteRequest
-  - ObReferenceObjectByHandle
-  - KeWaitForSingleObject
-  - PsThreadType
-  - IoIsWdmVersionAvailable
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - ZwReadFile
-  - IoCreateFile
-  - ZwSetInformationFile
-  - ZwCreateFile
-  - ZwQueryDirectoryFile
-  - ZwDeleteFile
-  - ZwOpenFile
-  - RtlImageNtHeader
-  - ZwQueryInformationFile
-  - ZwWriteFile
-  - ZwSetValueKey
-  - ZwQueryValueKey
-  - _vsnprintf
-  - ZwFlushKey
-  - ZwDeleteKey
-  - ZwOpenKey
-  - _stricmp
-  - ZwCreateKey
-  - PsSetLoadImageNotifyRoutine
-  - PsGetProcessImageFileName
-  - PsLookupProcessByProcessId
-  - MmGetSystemRoutineAddress
-  - RtlGetVersion
-  - FsRtlIsNameInExpression
-  - wcsrchr
-  - PsRemoveLoadImageNotifyRoutine
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - KeUnstackDetachProcess
-  - ObOpenObjectByPointer
-  - KeStackAttachProcess
-  - ZwAllocateVirtualMemory
-  - KeClearEvent
-  - _wcsnicmp
-  - ObCreateObject
-  - IoFileObjectType
-  - IoDriverObjectType
-  - MmMapLockedPagesSpecifyCache
-  - IoGetCurrentProcess
-  - _vsnwprintf
-  - KeQueryTimeIncrement
-  - IoGetDeviceAttachmentBaseRef
-  - IoFreeIrp
-  - IoAllocateIrp
-  - RtlCompareUnicodeString
-  - CmRegisterCallback
-  - PsGetCurrentProcessId
-  - RtlCopyUnicodeString
-  - CmCallbackGetKeyObjectID
-  - ZwEnumerateKey
-  - strstr
-  - KeDelayExecutionThread
-  - ExSystemTimeToLocalTime
-  - RtlTimeToTimeFields
-  - RtlMultiByteToUnicodeN
-  - IoBuildDeviceIoControlRequest
-  - IoGetRelatedDeviceObject
-  - IoFreeMdl
-  - IoCancelIrp
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - IofCallDriver
-  - ZwMapViewOfSection
-  - ExGetPreviousMode
-  - ZwQuerySystemInformation
-  - ZwUnmapViewOfSection
-  - ZwCreateSection
-  - ExFreePool
-  - KeBugCheckEx
-  - __C_specific_handler
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=CN, ST=Beijing, L=Beijing, O=Beijing JoinHope Image Technology Ltd.,
-        CN=Beijing JoinHope Image Technology Ltd.
-      ValidFrom: '2014-05-16 00:00:00'
-      ValidTo: '2015-05-16 23:59:59'
-      Signature: e896f8811ed9938fcbdc8c37f8c029045bb36722791c608d7d59f1d50b9e8923777b3ce973553c8164d7445f038c3720516d74f2f95fd734cd1349c1e6cf17f1c9042f069fb94350f7cd8f36f676fd175742d32adbc5d143423e3bc38bea71f9d021110303529d578ba7aab16d53c61642cf1f7e16964718a083182429d4347a09ea0047d9e53bad112ca5a5a14a180539ceb64000a677709bb70e9e3aea68158977072e7f130f1f99b08c2593b4003523f3f6cd441a7e4d8e88f3a2b871e6a03627dd3dadd97487df1dc5b93119ec65b60d1e4e0248a1978ee7480c08b8b8e54d890e7941aa852cf65d731cf0a6cf66584a0d0fba70d6697ee22a8d859919f4
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0a005d2e2bcd4137168217d8c727747c
-      Version: 3
-      TBS:
-        MD5: 4d213d99215f488050faaa39765656d1
-        SHA1: 0308508b5a3fcd330bbf28931f8e1a9c93c3ee69
-        SHA256: ea947432de238a25fdb7892e436f4ef44f30ab16ae9e1eb914860f4808b25ef2
-        SHA384: 430e932514f35ed55f31f050f33bcc0b9244fd83c6d1d28ee240306e54292e93b5894ef4eb9c09bf84cdc8068c6a7230
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 0a005d2e2bcd4137168217d8c727747c
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: be0dd8b8e045356d600ee55a64d9d197
-  LoadsDespiteHVCI: 'TRUE'
-Tags:
-- 5a4fe297c7d42539303137b6d75b150d.sys
+-   Filename: ''
+    MD5: 5a4fe297c7d42539303137b6d75b150d
+    SHA1: ebd8b7e964b8c692eea4a8c406b9cd0be621ebe2
+    SHA256: 9a67626fb468d3f114c23ac73fd8057f43d06393d3eca04da1d6676f89da2d40
+    Signature: ''
+    Date: ''
+    Publisher: ''
+    Company: ''
+    Description: ''
+    Product: ''
+    ProductVersion: ''
+    FileVersion: ''
+    MachineType: AMD64
+    OriginalFilename: ''
+    Authentihash:
+        MD5: e5c54b958d6608cbb97e1a21c200dcd9
+        SHA1: cc9b2ee8d9f3031eeab893e29231208eee30e494
+        SHA256: 47bcbe0e7087cde7a9fb01fcec12b5ab185112c8f7f5638543715efa774b0cec
+    RichPEHeaderHash:
+        MD5: ecdd5c0e8a78b145a8e5d9443ff0f2eb
+        SHA1: 3ed3a76d965f1b5e387959ceedc84567a2f7bca4
+        SHA256: 1edc4e310bd57e5c317b972f0bdb9f1f0794009b7039364dd6a879ee5f342754
+    Sections:
+        .text:
+            Entropy: 6.2119592546505995
+            Virtual Size: '0xc1ee'
+        .rdata:
+            Entropy: 5.110403242864534
+            Virtual Size: '0xbac'
+        .data:
+            Entropy: 7.8800439180453505
+            Virtual Size: '0xa5490'
+        .pdata:
+            Entropy: 4.5968345164469415
+            Virtual Size: '0x540'
+        PAGE:
+            Entropy: 6.308757256393646
+            Virtual Size: '0x9b5'
+        INIT:
+            Entropy: 5.268683087271941
+            Virtual Size: '0xa96'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2023-06-29 19:57:11'
+    InternalName: ''
+    Copyright: ''
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - IoRegisterDriverReinitialization
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeSetEvent
+    - KeInitializeEvent
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - ZwClose
+    - IofCompleteRequest
+    - ObReferenceObjectByHandle
+    - KeWaitForSingleObject
+    - PsThreadType
+    - IoIsWdmVersionAvailable
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - ZwReadFile
+    - IoCreateFile
+    - ZwSetInformationFile
+    - ZwCreateFile
+    - ZwQueryDirectoryFile
+    - ZwDeleteFile
+    - ZwOpenFile
+    - RtlImageNtHeader
+    - ZwQueryInformationFile
+    - ZwWriteFile
+    - ZwSetValueKey
+    - ZwQueryValueKey
+    - _vsnprintf
+    - ZwFlushKey
+    - ZwDeleteKey
+    - ZwOpenKey
+    - _stricmp
+    - ZwCreateKey
+    - PsSetLoadImageNotifyRoutine
+    - PsGetProcessImageFileName
+    - PsLookupProcessByProcessId
+    - MmGetSystemRoutineAddress
+    - RtlGetVersion
+    - FsRtlIsNameInExpression
+    - wcsrchr
+    - PsRemoveLoadImageNotifyRoutine
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - KeUnstackDetachProcess
+    - ObOpenObjectByPointer
+    - KeStackAttachProcess
+    - ZwAllocateVirtualMemory
+    - KeClearEvent
+    - _wcsnicmp
+    - ObCreateObject
+    - IoFileObjectType
+    - IoDriverObjectType
+    - MmMapLockedPagesSpecifyCache
+    - IoGetCurrentProcess
+    - _vsnwprintf
+    - KeQueryTimeIncrement
+    - IoGetDeviceAttachmentBaseRef
+    - IoFreeIrp
+    - IoAllocateIrp
+    - RtlCompareUnicodeString
+    - CmRegisterCallback
+    - PsGetCurrentProcessId
+    - RtlCopyUnicodeString
+    - CmCallbackGetKeyObjectID
+    - ZwEnumerateKey
+    - strstr
+    - KeDelayExecutionThread
+    - ExSystemTimeToLocalTime
+    - RtlTimeToTimeFields
+    - RtlMultiByteToUnicodeN
+    - IoBuildDeviceIoControlRequest
+    - IoGetRelatedDeviceObject
+    - IoFreeMdl
+    - IoCancelIrp
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - IofCallDriver
+    - ZwMapViewOfSection
+    - ExGetPreviousMode
+    - ZwQuerySystemInformation
+    - ZwUnmapViewOfSection
+    - ZwCreateSection
+    - ExFreePool
+    - KeBugCheckEx
+    - __C_specific_handler
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=CN, ST=Beijing, L=Beijing, O=Beijing JoinHope Image Technology
+                Ltd., CN=Beijing JoinHope Image Technology Ltd.
+            ValidFrom: '2014-05-16 00:00:00'
+            ValidTo: '2015-05-16 23:59:59'
+            Signature: e896f8811ed9938fcbdc8c37f8c029045bb36722791c608d7d59f1d50b9e8923777b3ce973553c8164d7445f038c3720516d74f2f95fd734cd1349c1e6cf17f1c9042f069fb94350f7cd8f36f676fd175742d32adbc5d143423e3bc38bea71f9d021110303529d578ba7aab16d53c61642cf1f7e16964718a083182429d4347a09ea0047d9e53bad112ca5a5a14a180539ceb64000a677709bb70e9e3aea68158977072e7f130f1f99b08c2593b4003523f3f6cd441a7e4d8e88f3a2b871e6a03627dd3dadd97487df1dc5b93119ec65b60d1e4e0248a1978ee7480c08b8b8e54d890e7941aa852cf65d731cf0a6cf66584a0d0fba70d6697ee22a8d859919f4
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0a005d2e2bcd4137168217d8c727747c
+            Version: 3
+            TBS:
+                MD5: 4d213d99215f488050faaa39765656d1
+                SHA1: 0308508b5a3fcd330bbf28931f8e1a9c93c3ee69
+                SHA256: ea947432de238a25fdb7892e436f4ef44f30ab16ae9e1eb914860f4808b25ef2
+                SHA384: 430e932514f35ed55f31f050f33bcc0b9244fd83c6d1d28ee240306e54292e93b5894ef4eb9c09bf84cdc8068c6a7230
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 0a005d2e2bcd4137168217d8c727747c
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: be0dd8b8e045356d600ee55a64d9d197
+    LoadsDespiteHVCI: 'TRUE'
diff --git a/yaml/76b5dfae-b384-45ce-8646-b2eec6b76a1e.yaml b/yaml/76b5dfae-b384-45ce-8646-b2eec6b76a1e.yaml
index 100bc8fb8..50df41030 100644
--- a/yaml/76b5dfae-b384-45ce-8646-b2eec6b76a1e.yaml
+++ b/yaml/76b5dfae-b384-45ce-8646-b2eec6b76a1e.yaml
@@ -1,266 +1,267 @@
-Acknowledgement:
-  Handle: zwclose
-  Person: zwclose
+Id: 76b5dfae-b384-45ce-8646-b2eec6b76a1e
+Tags:
+- KfeCo11X64.sys
+Verified: 'TRUE'
 Author: Paul Michaud
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create KfeCo11X64.sys binPath=C:\windows\temp\KfeCo11X64.sys type=kernel
-    && sc.exe start KfeCo11X64.sys
-  Description: Killer exposes COM interfaces that allow non-privileged users 1) to
-    block network for any process 2) to manage any service in the OS. Killer is preinstalled
-    to laptops equipped with Intel Killer NICs (e.g. Dell). Since Intel patched the
-    vulnerability quietly, it's not clear which version is safe. Also, it is unclear
-    which OEMs are affected. Dell is definitely in the list, but it is likely that
-    other vendors with Killer NICs on board, such as Acer and MSI, are affected too.
-    Some users think that Killer suite is required for the NIC to work properly, so
-    they install it even after a fresh Windows install. This version is confirmed
-    vulnerable based on the script usage from zwclose.
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-05-12'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/9a91d6e83b8fdec536580f6617f10dfc64eedf14ead29a6a644eb154426622ba.yara
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: 76b5dfae-b384-45ce-8646-b2eec6b76a1e
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 758090532f58b19865d76a41389c2d58
-    SHA1: 6aa5070d7346f164d618915d32ddb9cfe1c1fecc
-    SHA256: a7047cee090ddbd150d7337a9357e03ccea56f004a2d29ddb7b8a0636a396240
-  Company: Rivet Networks, LLC.
-  Copyright: Copyright (C) 2015-2018 Rivet Networks, LLC.
-  CreationTimestamp: '2022-03-29 11:25:42'
-  Date: ''
-  Description: Killer Traffic Control Callout Driver
-  ExportedFunctions: ''
-  FileVersion: 9.8.4.59
-  Filename: KfeCo11X64.sys
-  ImportedFunctions:
-  - ExFreePoolWithTag
-  - KeReleaseInStackQueuedSpinLockFromDpcLevel
-  - RtlCopyUnicodeString
-  - DbgPrintEx
-  - KeInitializeEvent
-  - strstr
-  - RtlCompareMemory
-  - RtlIpv4StringToAddressA
-  - RtlIpv6StringToAddressA
-  - memchr
-  - ObfDereferenceObject
-  - MmBuildMdlForNonPagedPool
-  - KeInitializeSpinLock
-  - KeSetTimer
-  - KeCancelTimer
-  - KeInitializeTimer
-  - KeSetPriorityThread
-  - KeSetImportanceDpc
-  - KeInsertQueueDpc
-  - KeInitializeDpc
-  - IoQueueWorkItem
-  - IoFreeWorkItem
-  - IoAllocateWorkItem
-  - PsTerminateSystemThread
-  - KeWaitForMultipleObjects
-  - KeDelayExecutionThread
-  - KeClearEvent
-  - RtlEthernetAddressToStringW
-  - RtlRandomEx
-  - ZwClose
-  - PsCreateSystemThread
-  - KeWaitForSingleObject
-  - KeSetEvent
-  - KeQueryInterruptTimePrecise
-  - ExEventObjectType
-  - __C_specific_handler
-  - ObReferenceObjectByHandle
-  - MmMapLockedPagesSpecifyCache
-  - MmUnlockPages
-  - MmProbeAndLockPages
-  - ProbeForWrite
-  - ProbeForRead
-  - IoFreeMdl
-  - ExAllocatePool2
-  - IoAllocateMdl
-  - KeAcquireInStackQueuedSpinLockAtDpcLevel
-  - KeReleaseInStackQueuedSpinLock
-  - KeAcquireInStackQueuedSpinLock
-  - KeGetCurrentIrql
-  - NdisRetreatNetBufferDataStart
-  - NdisAdvanceNetBufferDataStart
-  - NdisGetDataBuffer
-  - NdisCopySendNetBufferListInfo
-  - NdisFreeNetBufferPool
-  - NdisAllocateNetBufferPool
-  - NdisFreeNetBufferListPool
-  - NdisAllocateNetBufferListPool
-  - NdisFreeGenericObject
-  - NdisCopyReceiveNetBufferListInfo
-  - NdisAllocateGenericObject
-  - FwpsInjectTransportReceiveAsync0
-  - FwpsQueryConnectionRedirectState0
-  - FwpsRedirectHandleDestroy0
-  - FwpsRedirectHandleCreate0
-  - FwpsApplyModifiedLayerData0
-  - FwpsAcquireWritableLayerDataPointer0
-  - FwpsCompleteClassify0
-  - FwpsPendClassify0
-  - FwpsReleaseClassifyHandle0
-  - FwpsAcquireClassifyHandle0
-  - FwpsCalloutUnregisterByKey0
-  - FwpsConstructIpHeaderForTransportPacket0
-  - FwpsDereferenceNetBufferList0
-  - FwpsReferenceNetBufferList0
-  - FwpsInjectMacSendAsync0
-  - FwpsInjectMacReceiveAsync0
-  - FwpsAllocateCloneNetBufferList0
-  - FwpsFreeNetBufferList0
-  - FwpsAllocateNetBufferAndNetBufferList0
-  - FwpmFilterDeleteById0
-  - FwpsCalloutRegister3
-  - FwpmFilterAdd0
-  - FwpmCalloutDeleteByKey0
-  - FwpmSubLayerDeleteByKey0
-  - FwpmProviderContextDeleteByKey0
-  - FwpsInjectTransportSendAsync1
-  - FwpsFreeCloneNetBufferList0
-  - FwpsFlowRemoveContext0
-  - FwpsFlowAssociateContext0
-  - FwpsCalloutUnregisterById0
-  - FwpmCalloutAdd0
-  - FwpmSubLayerAdd0
-  - FwpmProviderAdd0
-  - FwpmTransactionAbort0
-  - FwpmTransactionCommit0
-  - FwpmTransactionBegin0
-  - FwpmEngineClose0
-  - FwpmEngineOpen0
-  - FwpsInjectionHandleDestroy0
-  - FwpsInjectionHandleCreate0
-  - FwpsQueryPacketInjectionState0
-  - FwpsGetPacketListSecurityInformation0
-  - WdfVersionUnbind
-  - WdfVersionBindClass
-  - WdfVersionUnbindClass
-  - WdfVersionBind
-  Imports:
-  - ntoskrnl.exe
-  - NDIS.SYS
-  - fwpkclnt.sys
-  - WDFLDR.SYS
-  InternalName: KfeCoDrv.sys
-  MD5: c901887f28bbb55a10eb934755b47227
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: KfeCoDrv.sys
-  Product: Killer Traffic Control
-  ProductVersion: 9.8.4.59
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: c02c92737cc75210cbdb22db9985bd7c
-    SHA1: 91b9fe88004bdda4bff995e0c46393f755e4d6fc
-    SHA256: 4642f08acdd1a88ef296c925ce1fcaecf013e5e98de934eb839ac24a4e06f467
-  SHA1: 2540205480ea3d59e4031de3c6632e3ce2596459
-  SHA256: 9a91d6e83b8fdec536580f6617f10dfc64eedf14ead29a6a644eb154426622ba
-  Sections:
-    .text:
-      Entropy: 6.401436855573186
-      Virtual Size: '0x20be6'
-    .rdata:
-      Entropy: 5.653552737913285
-      Virtual Size: '0x33d0'
-    .data:
-      Entropy: 5.555301615962117
-      Virtual Size: '0x13ba258'
-    .pdata:
-      Entropy: 5.387931457488882
-      Virtual Size: '0x1644'
-    INIT:
-      Entropy: 5.361670872068078
-      Virtual Size: '0xeb0'
-    .rsrc:
-      Entropy: 3.6430731262668115
-      Virtual Size: '0xc40'
-    .reloc:
-      Entropy: 4.191396558286582
-      Virtual Size: '0x34'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=California, L=Santa Clara, O=Intel Corporation, OU=Intel(R)
-        Connectivity Innovation, CN=Intel Corporation
-      ValidFrom: '2021-04-01 00:00:00'
-      ValidTo: '2023-04-01 23:59:59'
-      Signature: 1b7cfebb08c68ed60abcba3a04dbad328d046911c5325ffe46fb569e1d0c3c9f3413ff65a1d8ec402ac7c08f375ce9f48eb9212e1cb9ae1d4460e6c6e680d2553c47885c2119915d8401830970df37563b1a1649f0485848b55617a993a59612fb47cfeb541b0fa464fb781e87f4e8c1557600774719a502f23f4197963127c78a0d4641b34e0bcb8f86faacecfbd4c9798bdf92797bb629240970d04cd9267566d9e8226e41e6b2fe167dde6e3a471340982eb23969e27769a60d2f802d31601d6152c64019662357278b43a3965359050bca6ff45466d65fd54ba05a1f8eacc08660cdd55050249b001237f0fa9c6e28779f310b7de38a994f1637d8b387ec
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 00bfcce9854e3f154ff8e62c2ce2fde84d
-      Version: 3
-      TBS:
-        MD5: 6e52024b4fb80fcfdb67508172f48293
-        SHA1: 30760fb50b6398765ff477da4c21f1178e5408ca
-        SHA256: c3e02d446cd74203a21e7a6cf8be25669401c7d9e8a893698a8cb8b4f57ae2b4
-        SHA384: 7aef7d354f49169034ea09963d73e3d927dd6b796ff3ce3f83d1762e7280845e56582ff1a15cce812dde13468bc7d5d9
-    - Subject: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo
-        RSA Code Signing CA
-      ValidFrom: '2018-11-02 00:00:00'
-      ValidTo: '2030-12-31 23:59:59'
-      Signature: 4d6350ed47344a61a4dbde6a2a8c9bf100001e1d627b3ad732c2f6b3e063b3fb6100889a1b6d1007044fbeb8ea897822eb0f46ecf3465e40468912f40b775a9c2a413afcd6f4ebe7f7159533c3a18328b7de2fe494f78533832d4a4048bf9ac24f4ab18f24f4b38137d3b764b0a6236a596852425fff04ebe174657908f5a993de6b71409996ba78f1b9c8e2c30816b1ab635ac815806d745e4a757ea5b8c36cb5cfdf4a79875cc7404d6335f630d3cfb50a0e0b047fa04baebba3a5d08400933e535d34a50035696cbe9f2025100d19fb509061be398f7a8e4df69f0e1efe075112668326194895ce4ac9c17ff33a059bf96fdf887fc0239ed21e437a4531c19c4da9f059b25919e86a8d290402777c4b4bcd70be3ab2555a783ebcbb6f0310257715348af936cc4392e4ba4ff1629328255729fb5119c7a125406a8457c6b29db1bc1c0ada7c677e7d2ee9284c187ec47b3141719a4b29ec0b3d5750d2caddfd9e0551e54478dd01deb175980d5424fdf04ee3e2f883bd72bacb3d3aeef05e1792686dc861f9a6f12a0a0ba5b9f49eee983205859eebf98329d3c62c7dbd3a772e8b3742a06a82ed3b4aaa9410a4e10df817c5b65a79331892e3b575f8a1e98e0a251ee41ef19f5a8723ff9fa4519efb398011cddbb5c4a7a8806fe553d4e0e3a2c2d25b1afa32262d6a57701c3ca4582ea3f35b4b07dc3259f387a71a6d58
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.12
-      IsCertificateAuthority: true
-      SerialNumber: 1da248306f9b2618d082e0967d33d36a
-      Version: 3
-      TBS:
-        MD5: c1eabfb5994258ad955adb7c2df165e6
-        SHA1: fa33b3c00cebc469b269220d9eab26926c9b8ad8
-        SHA256: 70dffac37eb787b2198816982c7d44f541d2e39a7dac069d37b367dc9f354b32
-        SHA384: 20adc5b59cb532e215f01ba09a9c745898c206555613512fea7c295ccfd17ced4fe2c5bc3274ca8a270fc68799b8343c
-    - Subject: C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust
-        RSA Certification Authority
-      ValidFrom: '2015-07-22 21:03:49'
-      ValidTo: '2025-07-22 21:03:49'
-      Signature: 6b22933c3d395471646b0ef2e43c3011c5204a4b860f92f1ff33793ad9e498a70e40a022807e61b2e0a719cf2695312a65d46a4f3186eac0c62ec5648c3d4859cd0b2f743d9426131042d49798275e3c76d278691d1a64e7057275e0eb6640439f8f0c46ff9760a6c867ad10089b62a6e9be3a8ad3074d9f729325bc0611e02c90383e671cfd19d79e90ce3dc2e0e761acc0e504f51e99540c910d01567137ae27d49e4322a5c927cd4de571123924a5415687ffbc55140f25ca89eec797e5d213ff3d7e1aa08f3fc82cd7a370d0c760c0fcd83e51e797c63e3bedcf78be8acae3c4f2a7a7ed9eae08028fa052db721ed53bc34d9f8efa9b70c7f8e3bf6c3f929be4373eec6a8c29f9c1a2bf8b3e1a6966fb1c634f2601c902c43ed2ffc343a81bfd99fad4bca5b9e2932f3b01c5d1f43a2f68c3e064b75a955e46cc078369bb3c05925673357345984e7cd812a5b742e9a263f642601870d13b6f31c087c7e671e1f34616e9f5b872b3e96d1f622649a3498bdd68c78b6856f7defcfa8724b80381178fe5f1676a1daed374f78ca55db30b8e422996ce49c4777e667c01171a6c1424c3b0177705d81a40b7866bd8e47b40ac7edf4e6f24f92080828c33e7e5fa29d89dda8b705d2bc91d824c0b67cb84419ee7067e1183442d8a19eef47f9add791c37191e9f3f8c29ba0d5c1086376c48cd455dcd70bcbcd14d5dd8c5b876
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 3300000044b73ffcef5acfa27a000000000044
-      Version: 3
-      TBS:
-        MD5: a2d2ae7554f77f6e9ffb0b1a9b700ac4
-        SHA1: 9f69ff166f5dc446578a45d7d69482373755e141
-        SHA256: ad394b7e5cb9ccf6429762405f9840b648e38e8faf2de376f1aa375c6729abb7
-        SHA384: eda103bac2997f31d778637ce8d1fa1263485a9d6a77d6e381bad8312e6bbec020ce5036e16ca96087e50f6ab200944a
-    Signer:
-    - SerialNumber: 00bfcce9854e3f154ff8e62c2ce2fde84d
-      Issuer: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo
-        RSA Code Signing CA
-      Version: 1
-  Imphash: 13300d56528646611f26704266713952
-  LoadsDespiteHVCI: 'TRUE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create KfeCo11X64.sys binPath=C:\windows\temp\KfeCo11X64.sys type=kernel
+        && sc.exe start KfeCo11X64.sys
+    Description: Killer exposes COM interfaces that allow non-privileged users 1)
+        to block network for any process 2) to manage any service in the OS. Killer
+        is preinstalled to laptops equipped with Intel Killer NICs (e.g. Dell). Since
+        Intel patched the vulnerability quietly, it's not clear which version is safe.
+        Also, it is unclear which OEMs are affected. Dell is definitely in the list,
+        but it is likely that other vendors with Killer NICs on board, such as Acer
+        and MSI, are affected too. Some users think that Killer suite is required
+        for the NIC to work properly, so they install it even after a fresh Windows
+        install. This version is confirmed vulnerable based on the script usage from
+        zwclose.
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://zwclose.github.io/2023/04/18/killer2.html
 - https://twitter.com/zwclose/status/1648441215808049153
 - https://zwclose.github.io/2022/12/18/killer1.html
-Tags:
-- KfeCo11X64.sys
-Verified: 'TRUE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/9a91d6e83b8fdec536580f6617f10dfc64eedf14ead29a6a644eb154426622ba.yara
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: zwclose
+    Person: zwclose
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 758090532f58b19865d76a41389c2d58
+        SHA1: 6aa5070d7346f164d618915d32ddb9cfe1c1fecc
+        SHA256: a7047cee090ddbd150d7337a9357e03ccea56f004a2d29ddb7b8a0636a396240
+    Company: Rivet Networks, LLC.
+    Copyright: Copyright (C) 2015-2018 Rivet Networks, LLC.
+    CreationTimestamp: '2022-03-29 11:25:42'
+    Date: ''
+    Description: Killer Traffic Control Callout Driver
+    ExportedFunctions: ''
+    FileVersion: 9.8.4.59
+    Filename: KfeCo11X64.sys
+    ImportedFunctions:
+    - ExFreePoolWithTag
+    - KeReleaseInStackQueuedSpinLockFromDpcLevel
+    - RtlCopyUnicodeString
+    - DbgPrintEx
+    - KeInitializeEvent
+    - strstr
+    - RtlCompareMemory
+    - RtlIpv4StringToAddressA
+    - RtlIpv6StringToAddressA
+    - memchr
+    - ObfDereferenceObject
+    - MmBuildMdlForNonPagedPool
+    - KeInitializeSpinLock
+    - KeSetTimer
+    - KeCancelTimer
+    - KeInitializeTimer
+    - KeSetPriorityThread
+    - KeSetImportanceDpc
+    - KeInsertQueueDpc
+    - KeInitializeDpc
+    - IoQueueWorkItem
+    - IoFreeWorkItem
+    - IoAllocateWorkItem
+    - PsTerminateSystemThread
+    - KeWaitForMultipleObjects
+    - KeDelayExecutionThread
+    - KeClearEvent
+    - RtlEthernetAddressToStringW
+    - RtlRandomEx
+    - ZwClose
+    - PsCreateSystemThread
+    - KeWaitForSingleObject
+    - KeSetEvent
+    - KeQueryInterruptTimePrecise
+    - ExEventObjectType
+    - __C_specific_handler
+    - ObReferenceObjectByHandle
+    - MmMapLockedPagesSpecifyCache
+    - MmUnlockPages
+    - MmProbeAndLockPages
+    - ProbeForWrite
+    - ProbeForRead
+    - IoFreeMdl
+    - ExAllocatePool2
+    - IoAllocateMdl
+    - KeAcquireInStackQueuedSpinLockAtDpcLevel
+    - KeReleaseInStackQueuedSpinLock
+    - KeAcquireInStackQueuedSpinLock
+    - KeGetCurrentIrql
+    - NdisRetreatNetBufferDataStart
+    - NdisAdvanceNetBufferDataStart
+    - NdisGetDataBuffer
+    - NdisCopySendNetBufferListInfo
+    - NdisFreeNetBufferPool
+    - NdisAllocateNetBufferPool
+    - NdisFreeNetBufferListPool
+    - NdisAllocateNetBufferListPool
+    - NdisFreeGenericObject
+    - NdisCopyReceiveNetBufferListInfo
+    - NdisAllocateGenericObject
+    - FwpsInjectTransportReceiveAsync0
+    - FwpsQueryConnectionRedirectState0
+    - FwpsRedirectHandleDestroy0
+    - FwpsRedirectHandleCreate0
+    - FwpsApplyModifiedLayerData0
+    - FwpsAcquireWritableLayerDataPointer0
+    - FwpsCompleteClassify0
+    - FwpsPendClassify0
+    - FwpsReleaseClassifyHandle0
+    - FwpsAcquireClassifyHandle0
+    - FwpsCalloutUnregisterByKey0
+    - FwpsConstructIpHeaderForTransportPacket0
+    - FwpsDereferenceNetBufferList0
+    - FwpsReferenceNetBufferList0
+    - FwpsInjectMacSendAsync0
+    - FwpsInjectMacReceiveAsync0
+    - FwpsAllocateCloneNetBufferList0
+    - FwpsFreeNetBufferList0
+    - FwpsAllocateNetBufferAndNetBufferList0
+    - FwpmFilterDeleteById0
+    - FwpsCalloutRegister3
+    - FwpmFilterAdd0
+    - FwpmCalloutDeleteByKey0
+    - FwpmSubLayerDeleteByKey0
+    - FwpmProviderContextDeleteByKey0
+    - FwpsInjectTransportSendAsync1
+    - FwpsFreeCloneNetBufferList0
+    - FwpsFlowRemoveContext0
+    - FwpsFlowAssociateContext0
+    - FwpsCalloutUnregisterById0
+    - FwpmCalloutAdd0
+    - FwpmSubLayerAdd0
+    - FwpmProviderAdd0
+    - FwpmTransactionAbort0
+    - FwpmTransactionCommit0
+    - FwpmTransactionBegin0
+    - FwpmEngineClose0
+    - FwpmEngineOpen0
+    - FwpsInjectionHandleDestroy0
+    - FwpsInjectionHandleCreate0
+    - FwpsQueryPacketInjectionState0
+    - FwpsGetPacketListSecurityInformation0
+    - WdfVersionUnbind
+    - WdfVersionBindClass
+    - WdfVersionUnbindClass
+    - WdfVersionBind
+    Imports:
+    - ntoskrnl.exe
+    - NDIS.SYS
+    - fwpkclnt.sys
+    - WDFLDR.SYS
+    InternalName: KfeCoDrv.sys
+    MD5: c901887f28bbb55a10eb934755b47227
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: KfeCoDrv.sys
+    Product: Killer Traffic Control
+    ProductVersion: 9.8.4.59
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: c02c92737cc75210cbdb22db9985bd7c
+        SHA1: 91b9fe88004bdda4bff995e0c46393f755e4d6fc
+        SHA256: 4642f08acdd1a88ef296c925ce1fcaecf013e5e98de934eb839ac24a4e06f467
+    SHA1: 2540205480ea3d59e4031de3c6632e3ce2596459
+    SHA256: 9a91d6e83b8fdec536580f6617f10dfc64eedf14ead29a6a644eb154426622ba
+    Sections:
+        .text:
+            Entropy: 6.401436855573186
+            Virtual Size: '0x20be6'
+        .rdata:
+            Entropy: 5.653552737913285
+            Virtual Size: '0x33d0'
+        .data:
+            Entropy: 5.555301615962117
+            Virtual Size: '0x13ba258'
+        .pdata:
+            Entropy: 5.387931457488882
+            Virtual Size: '0x1644'
+        INIT:
+            Entropy: 5.361670872068078
+            Virtual Size: '0xeb0'
+        .rsrc:
+            Entropy: 3.6430731262668115
+            Virtual Size: '0xc40'
+        .reloc:
+            Entropy: 4.191396558286582
+            Virtual Size: '0x34'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=California, L=Santa Clara, O=Intel Corporation, OU=Intel(R)
+                Connectivity Innovation, CN=Intel Corporation
+            ValidFrom: '2021-04-01 00:00:00'
+            ValidTo: '2023-04-01 23:59:59'
+            Signature: 1b7cfebb08c68ed60abcba3a04dbad328d046911c5325ffe46fb569e1d0c3c9f3413ff65a1d8ec402ac7c08f375ce9f48eb9212e1cb9ae1d4460e6c6e680d2553c47885c2119915d8401830970df37563b1a1649f0485848b55617a993a59612fb47cfeb541b0fa464fb781e87f4e8c1557600774719a502f23f4197963127c78a0d4641b34e0bcb8f86faacecfbd4c9798bdf92797bb629240970d04cd9267566d9e8226e41e6b2fe167dde6e3a471340982eb23969e27769a60d2f802d31601d6152c64019662357278b43a3965359050bca6ff45466d65fd54ba05a1f8eacc08660cdd55050249b001237f0fa9c6e28779f310b7de38a994f1637d8b387ec
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 00bfcce9854e3f154ff8e62c2ce2fde84d
+            Version: 3
+            TBS:
+                MD5: 6e52024b4fb80fcfdb67508172f48293
+                SHA1: 30760fb50b6398765ff477da4c21f1178e5408ca
+                SHA256: c3e02d446cd74203a21e7a6cf8be25669401c7d9e8a893698a8cb8b4f57ae2b4
+                SHA384: 7aef7d354f49169034ea09963d73e3d927dd6b796ff3ce3f83d1762e7280845e56582ff1a15cce812dde13468bc7d5d9
+        -   Subject: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo
+                RSA Code Signing CA
+            ValidFrom: '2018-11-02 00:00:00'
+            ValidTo: '2030-12-31 23:59:59'
+            Signature: 4d6350ed47344a61a4dbde6a2a8c9bf100001e1d627b3ad732c2f6b3e063b3fb6100889a1b6d1007044fbeb8ea897822eb0f46ecf3465e40468912f40b775a9c2a413afcd6f4ebe7f7159533c3a18328b7de2fe494f78533832d4a4048bf9ac24f4ab18f24f4b38137d3b764b0a6236a596852425fff04ebe174657908f5a993de6b71409996ba78f1b9c8e2c30816b1ab635ac815806d745e4a757ea5b8c36cb5cfdf4a79875cc7404d6335f630d3cfb50a0e0b047fa04baebba3a5d08400933e535d34a50035696cbe9f2025100d19fb509061be398f7a8e4df69f0e1efe075112668326194895ce4ac9c17ff33a059bf96fdf887fc0239ed21e437a4531c19c4da9f059b25919e86a8d290402777c4b4bcd70be3ab2555a783ebcbb6f0310257715348af936cc4392e4ba4ff1629328255729fb5119c7a125406a8457c6b29db1bc1c0ada7c677e7d2ee9284c187ec47b3141719a4b29ec0b3d5750d2caddfd9e0551e54478dd01deb175980d5424fdf04ee3e2f883bd72bacb3d3aeef05e1792686dc861f9a6f12a0a0ba5b9f49eee983205859eebf98329d3c62c7dbd3a772e8b3742a06a82ed3b4aaa9410a4e10df817c5b65a79331892e3b575f8a1e98e0a251ee41ef19f5a8723ff9fa4519efb398011cddbb5c4a7a8806fe553d4e0e3a2c2d25b1afa32262d6a57701c3ca4582ea3f35b4b07dc3259f387a71a6d58
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.12
+            IsCertificateAuthority: true
+            SerialNumber: 1da248306f9b2618d082e0967d33d36a
+            Version: 3
+            TBS:
+                MD5: c1eabfb5994258ad955adb7c2df165e6
+                SHA1: fa33b3c00cebc469b269220d9eab26926c9b8ad8
+                SHA256: 70dffac37eb787b2198816982c7d44f541d2e39a7dac069d37b367dc9f354b32
+                SHA384: 20adc5b59cb532e215f01ba09a9c745898c206555613512fea7c295ccfd17ced4fe2c5bc3274ca8a270fc68799b8343c
+        -   Subject: C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network,
+                CN=USERTrust RSA Certification Authority
+            ValidFrom: '2015-07-22 21:03:49'
+            ValidTo: '2025-07-22 21:03:49'
+            Signature: 6b22933c3d395471646b0ef2e43c3011c5204a4b860f92f1ff33793ad9e498a70e40a022807e61b2e0a719cf2695312a65d46a4f3186eac0c62ec5648c3d4859cd0b2f743d9426131042d49798275e3c76d278691d1a64e7057275e0eb6640439f8f0c46ff9760a6c867ad10089b62a6e9be3a8ad3074d9f729325bc0611e02c90383e671cfd19d79e90ce3dc2e0e761acc0e504f51e99540c910d01567137ae27d49e4322a5c927cd4de571123924a5415687ffbc55140f25ca89eec797e5d213ff3d7e1aa08f3fc82cd7a370d0c760c0fcd83e51e797c63e3bedcf78be8acae3c4f2a7a7ed9eae08028fa052db721ed53bc34d9f8efa9b70c7f8e3bf6c3f929be4373eec6a8c29f9c1a2bf8b3e1a6966fb1c634f2601c902c43ed2ffc343a81bfd99fad4bca5b9e2932f3b01c5d1f43a2f68c3e064b75a955e46cc078369bb3c05925673357345984e7cd812a5b742e9a263f642601870d13b6f31c087c7e671e1f34616e9f5b872b3e96d1f622649a3498bdd68c78b6856f7defcfa8724b80381178fe5f1676a1daed374f78ca55db30b8e422996ce49c4777e667c01171a6c1424c3b0177705d81a40b7866bd8e47b40ac7edf4e6f24f92080828c33e7e5fa29d89dda8b705d2bc91d824c0b67cb84419ee7067e1183442d8a19eef47f9add791c37191e9f3f8c29ba0d5c1086376c48cd455dcd70bcbcd14d5dd8c5b876
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 3300000044b73ffcef5acfa27a000000000044
+            Version: 3
+            TBS:
+                MD5: a2d2ae7554f77f6e9ffb0b1a9b700ac4
+                SHA1: 9f69ff166f5dc446578a45d7d69482373755e141
+                SHA256: ad394b7e5cb9ccf6429762405f9840b648e38e8faf2de376f1aa375c6729abb7
+                SHA384: eda103bac2997f31d778637ce8d1fa1263485a9d6a77d6e381bad8312e6bbec020ce5036e16ca96087e50f6ab200944a
+        Signer:
+        -   SerialNumber: 00bfcce9854e3f154ff8e62c2ce2fde84d
+            Issuer: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo
+                RSA Code Signing CA
+            Version: 1
+    Imphash: 13300d56528646611f26704266713952
+    LoadsDespiteHVCI: 'TRUE'
diff --git a/yaml/79542852-3a0c-43bc-bfa3-3eeb0e1d7fd2.yaml b/yaml/79542852-3a0c-43bc-bfa3-3eeb0e1d7fd2.yaml
index 8f4240450..d6f5c69ca 100644
--- a/yaml/79542852-3a0c-43bc-bfa3-3eeb0e1d7fd2.yaml
+++ b/yaml/79542852-3a0c-43bc-bfa3-3eeb0e1d7fd2.yaml
@@ -1,5079 +1,5087 @@
 Id: 79542852-3a0c-43bc-bfa3-3eeb0e1d7fd2
+Tags:
+- VBoxDrv.sys
+Verified: 'TRUE'
 Author: Nasreddine Bencherchali
 Created: '2023-05-06'
 MitreID: T1068
 Category: vulnerable driver
-Verified: 'TRUE'
 Commands:
-  Command: sc.exe create VBoxDrv.sys binPath=C:\windows\temp\VBoxDrv.sys type=kernel
-    && sc.exe start VBoxDrv.sys
-  Description: ''
-  Usecase: Elevate privileges
-  Privileges: kernel
-  OperatingSystem: Windows 10
+    Command: sc.exe create VBoxDrv.sys binPath=C:\windows\temp\VBoxDrv.sys type=kernel
+        && sc.exe start VBoxDrv.sys
+    Description: ''
+    Usecase: Elevate privileges
+    Privileges: kernel
+    OperatingSystem: Windows 10
 Resources:
 - Internal Research
-Acknowledgement:
-  Person: ''
-  Handle: ''
 Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Person: ''
+    Handle: ''
 KnownVulnerableSamples:
-- Filename: VBoxDrv.sys
-  MD5: b1b8e6b85dd03c7f1290b1a071fc79c1
-  SHA1: a22dead5cdf05bd2f79a4d0066ffcf01c7d303ec
-  SHA256: 26f41e4268be59f5de07552b51fa52d18d88be94f8895eb4a16de0f3940cf712
-  Authentihash:
-    MD5: 6837b5fe3a3a100c88c7cf4f0408f528
-    SHA1: d679aadb2844462deaaf069d48e7d0fc76979741
-    SHA256: 7dcd81140dc57d1d412c39940643ea923a1925815097f83788d840c1a7b57d25
-  Description: VirtualBox Support Driver
-  Company: Vektor T13 Security Service
-  InternalName: VBoxDrv
-  OriginalFilename: VBoxDrv.sys
-  FileVersion: 1.2.0.119230
-  Product: Antidetect 2018 Public by Vektor T13 (rev.05)
-  ProductVersion: 1.2.0.119230
-  Copyright: Copyright (C) 2009-2018 Oracle Corporation
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions:
-  - ASMAtomicBitClear
-  - ASMAtomicXchgU16
-  - ASMAtomicXchgU8
-  - ASMGetCS
-  - ASMGetDS
-  - ASMGetES
-  - ASMGetFS
-  - ASMGetGS
-  - ASMGetIDTR
-  - ASMGetSS
-  - ASMMultU64ByU32DivByU32
-  - ASMNopPause
-  - RTAssertAreQuiet
-  - RTAssertMayPanic
-  - RTAssertMsg1
-  - RTAssertMsg1Weak
-  - RTAssertMsg2AddV
-  - RTAssertMsg2V
-  - RTAssertMsg2Weak
-  - RTAssertMsg2WeakV
-  - RTAssertSetMayPanic
-  - RTAssertSetQuiet
-  - RTAssertShouldPanic
-  - RTAvlPVDestroy
-  - RTAvlPVDoWithAll
-  - RTAvlPVGet
-  - RTAvlPVGetBestFit
-  - RTAvlPVInsert
-  - RTAvlPVRemove
-  - RTAvlPVRemoveBestFit
-  - RTCrc32
-  - RTCrc32Finish
-  - RTCrc32Process
-  - RTCrc32Start
-  - RTErrConvertFromErrno
-  - RTErrConvertFromNtStatus
-  - RTErrConvertToErrno
-  - RTErrInfoAdd
-  - RTErrInfoAddF
-  - RTErrInfoAddV
-  - RTErrInfoSet
-  - RTErrInfoSetF
-  - RTErrInfoSetV
-  - RTErrVarsAreEqual
-  - RTErrVarsHaveChanged
-  - RTErrVarsRestore
-  - RTErrVarsSave
-  - RTHandleTableAllocWithCtx
-  - RTHandleTableCreate
-  - RTHandleTableCreateEx
-  - RTHandleTableDestroy
-  - RTHandleTableFreeWithCtx
-  - RTHandleTableLookupWithCtx
-  - RTLatin1CalcUtf8Len
-  - RTLatin1CalcUtf8LenEx
-  - RTLatin1ToUtf8ExTag
-  - RTLatin1ToUtf8Tag
-  - RTLogClearFileDelayFlag
-  - RTLogCloneRC
-  - RTLogComPrintf
-  - RTLogComPrintfV
-  - RTLogCreate
-  - RTLogCreateEx
-  - RTLogCreateExV
-  - RTLogDefaultInit
-  - RTLogDefaultInstance
-  - RTLogDefaultInstanceEx
-  - RTLogDestinations
-  - RTLogDestroy
-  - RTLogDumpPrintfV
-  - RTLogFlags
-  - RTLogFlush
-  - RTLogFlushRC
-  - RTLogFlushToLogger
-  - RTLogFormatV
-  - RTLogGetDefaultInstance
-  - RTLogGetDefaultInstanceEx
-  - RTLogGetDestinations
-  - RTLogGetFlags
-  - RTLogGetGroupSettings
-  - RTLogGroupSettings
-  - RTLogLogger
-  - RTLogLoggerEx
-  - RTLogLoggerExV
-  - RTLogLoggerV
-  - RTLogPrintf
-  - RTLogPrintfV
-  - RTLogRelGetDefaultInstance
-  - RTLogRelGetDefaultInstanceEx
-  - RTLogRelLoggerV
-  - RTLogRelPrintfV
-  - RTLogRelSetBuffering
-  - RTLogRelSetDefaultInstance
-  - RTLogSetBuffering
-  - RTLogSetCustomPrefixCallback
-  - RTLogSetDefaultInstance
-  - RTLogSetDefaultInstanceThread
-  - RTLogWriteCom
-  - RTLogWriteDebugger
-  - RTLogWriteStdErr
-  - RTLogWriteStdOut
-  - RTLogWriteUser
-  - RTMemAllocExTag
-  - RTMemAllocTag
-  - RTMemAllocVarTag
-  - RTMemAllocZTag
-  - RTMemAllocZVarTag
-  - RTMemContAlloc
-  - RTMemContFree
-  - RTMemDupExTag
-  - RTMemDupTag
-  - RTMemExecAllocTag
-  - RTMemExecFree
-  - RTMemFree
-  - RTMemFreeEx
-  - RTMemReallocTag
-  - RTMemTmpAllocTag
-  - RTMemTmpAllocZTag
-  - RTMemTmpFree
-  - RTMpCpuId
-  - RTMpCpuIdFromSetIndex
-  - RTMpCpuIdToSetIndex
-  - RTMpCurSetIndex
-  - RTMpCurSetIndexAndId
-  - RTMpGetArraySize
-  - RTMpGetCount
-  - RTMpGetCpuGroupCounts
-  - RTMpGetMaxCpuGroupCount
-  - RTMpGetMaxCpuId
-  - RTMpGetOnlineCoreCount
-  - RTMpGetOnlineCount
-  - RTMpGetOnlineSet
-  - RTMpGetPresentCoreCount
-  - RTMpGetPresentCount
-  - RTMpGetPresentSet
-  - RTMpGetSet
-  - RTMpIsCpuOnline
-  - RTMpIsCpuPossible
-  - RTMpIsCpuPresent
-  - RTMpIsCpuWorkPending
-  - RTMpNotificationDeregister
-  - RTMpNotificationRegister
-  - RTMpOnAll
-  - RTMpOnAllIsConcurrentSafe
-  - RTMpOnOthers
-  - RTMpOnPair
-  - RTMpOnPairIsConcurrentExecSupported
-  - RTMpOnSpecific
-  - RTMpPokeCpu
-  - RTMpSetIndexFromCpuGroupMember
-  - RTNetIPv4AddDataChecksum
-  - RTNetIPv4AddTCPChecksum
-  - RTNetIPv4AddUDPChecksum
-  - RTNetIPv4FinalizeChecksum
-  - RTNetIPv4HdrChecksum
-  - RTNetIPv4IsDHCPValid
-  - RTNetIPv4IsHdrValid
-  - RTNetIPv4IsTCPSizeValid
-  - RTNetIPv4IsTCPValid
-  - RTNetIPv4IsUDPSizeValid
-  - RTNetIPv4IsUDPValid
-  - RTNetIPv4PseudoChecksum
-  - RTNetIPv4PseudoChecksumBits
-  - RTNetIPv4TCPChecksum
-  - RTNetIPv4UDPChecksum
-  - RTNetIPv6PseudoChecksum
-  - RTNetIPv6PseudoChecksumBits
-  - RTNetIPv6PseudoChecksumEx
-  - RTNetTCPChecksum
-  - RTNetUDPChecksum
-  - RTOnceReset
-  - RTOnceSlow
-  - RTPowerNotificationDeregister
-  - RTPowerNotificationRegister
-  - RTPowerSignalEvent
-  - RTProcSelf
-  - RTR0AssertPanicSystem
-  - RTR0Init
-  - RTR0MemAreKrnlAndUsrDifferent
-  - RTR0MemKernelCopyFrom
-  - RTR0MemKernelCopyTo
-  - RTR0MemKernelIsValidAddr
-  - RTR0MemObjAddress
-  - RTR0MemObjAddressR3
-  - RTR0MemObjAllocContTag
-  - RTR0MemObjAllocLowTag
-  - RTR0MemObjAllocPageTag
-  - RTR0MemObjAllocPhysExTag
-  - RTR0MemObjAllocPhysNCTag
-  - RTR0MemObjAllocPhysTag
-  - RTR0MemObjEnterPhysTag
-  - RTR0MemObjFree
-  - RTR0MemObjGetPagePhysAddr
-  - RTR0MemObjIsMapping
-  - RTR0MemObjLockKernelTag
-  - RTR0MemObjLockUserTag
-  - RTR0MemObjMapKernelExTag
-  - RTR0MemObjMapKernelTag
-  - RTR0MemObjMapUserTag
-  - RTR0MemObjProtect
-  - RTR0MemObjReserveKernelTag
-  - RTR0MemObjReserveUserTag
-  - RTR0MemObjSize
-  - RTR0MemUserCopyFrom
-  - RTR0MemUserCopyTo
-  - RTR0MemUserIsValidAddr
-  - RTR0ProcHandleSelf
-  - RTR0Term
-  - RTR0TermForced
-  - RTSemEventCreate
-  - RTSemEventCreateEx
-  - RTSemEventDestroy
-  - RTSemEventGetResolution
-  - RTSemEventMultiCreate
-  - RTSemEventMultiCreateEx
-  - RTSemEventMultiDestroy
-  - RTSemEventMultiGetResolution
-  - RTSemEventMultiReset
-  - RTSemEventMultiSignal
-  - RTSemEventMultiWait
-  - RTSemEventMultiWaitEx
-  - RTSemEventMultiWaitExDebug
-  - RTSemEventMultiWaitNoResume
-  - RTSemEventSignal
-  - RTSemEventWait
-  - RTSemEventWaitEx
-  - RTSemEventWaitExDebug
-  - RTSemEventWaitNoResume
-  - RTSemFastMutexCreate
-  - RTSemFastMutexDestroy
-  - RTSemFastMutexRelease
-  - RTSemFastMutexRequest
-  - RTSemMutexCreate
-  - RTSemMutexCreateEx
-  - RTSemMutexDestroy
-  - RTSemMutexIsOwned
-  - RTSemMutexRelease
-  - RTSemMutexRequest
-  - RTSemMutexRequestDebug
-  - RTSemMutexRequestNoResume
-  - RTSemMutexRequestNoResumeDebug
-  - RTSemSpinMutexCreate
-  - RTSemSpinMutexDestroy
-  - RTSemSpinMutexRelease
-  - RTSemSpinMutexRequest
-  - RTSemSpinMutexTryRequest
-  - RTSpinlockAcquire
-  - RTSpinlockCreate
-  - RTSpinlockDestroy
-  - RTSpinlockRelease
-  - RTStrAAppendNTag
-  - RTStrAAppendTag
-  - RTStrATruncateTag
-  - RTStrAllocExTag
-  - RTStrAllocTag
-  - RTStrCalcLatin1Len
-  - RTStrCalcLatin1LenEx
-  - RTStrCalcUtf16Len
-  - RTStrCalcUtf16LenEx
-  - RTStrCat
-  - RTStrConvertHexBytes
-  - RTStrCopy
-  - RTStrCopyEx
-  - RTStrCopyP
-  - RTStrDupExTag
-  - RTStrDupNTag
-  - RTStrDupTag
-  - RTStrFormat
-  - RTStrFormatNumber
-  - RTStrFormatTypeDeregister
-  - RTStrFormatTypeRegister
-  - RTStrFormatTypeSetUser
-  - RTStrFormatV
-  - RTStrFree
-  - RTStrGetCpExInternal
-  - RTStrGetCpInternal
-  - RTStrGetCpNExInternal
-  - RTStrIsValidEncoding
-  - RTStrNCmp
-  - RTStrPrevCp
-  - RTStrPrintf
-  - RTStrPrintfEx
-  - RTStrPrintfExV
-  - RTStrPrintfV
-  - RTStrPurgeComplementSet
-  - RTStrPurgeEncoding
-  - RTStrPutCpInternal
-  - RTStrReallocTag
-  - RTStrToInt16
-  - RTStrToInt16Ex
-  - RTStrToInt16Full
-  - RTStrToInt32
-  - RTStrToInt32Ex
-  - RTStrToInt32Full
-  - RTStrToInt64
-  - RTStrToInt64Ex
-  - RTStrToInt64Full
-  - RTStrToInt8
-  - RTStrToInt8Ex
-  - RTStrToInt8Full
-  - RTStrToLatin1ExTag
-  - RTStrToLatin1Tag
-  - RTStrToUInt16
-  - RTStrToUInt16Ex
-  - RTStrToUInt16Full
-  - RTStrToUInt32
-  - RTStrToUInt32Ex
-  - RTStrToUInt32Full
-  - RTStrToUInt64
-  - RTStrToUInt64Ex
-  - RTStrToUInt64Full
-  - RTStrToUInt8
-  - RTStrToUInt8Ex
-  - RTStrToUInt8Full
-  - RTStrToUni
-  - RTStrToUniEx
-  - RTStrToUtf16BigExTag
-  - RTStrToUtf16BigTag
-  - RTStrToUtf16ExTag
-  - RTStrToUtf16Tag
-  - RTStrUniLen
-  - RTStrUniLenEx
-  - RTStrValidateEncoding
-  - RTStrValidateEncodingEx
-  - RTTermDeregisterCallback
-  - RTTermRegisterCallback
-  - RTTermRunCallbacks
-  - RTThreadCreate
-  - RTThreadCreateF
-  - RTThreadCreateV
-  - RTThreadCtxHookCreate
-  - RTThreadCtxHookDestroy
-  - RTThreadCtxHookDisable
-  - RTThreadCtxHookEnable
-  - RTThreadCtxHookIsEnabled
-  - RTThreadFromNative
-  - RTThreadGetName
-  - RTThreadGetNative
-  - RTThreadGetType
-  - RTThreadIsInInterrupt
-  - RTThreadIsInitialized
-  - RTThreadIsMain
-  - RTThreadIsSelfAlive
-  - RTThreadIsSelfKnown
-  - RTThreadNativeSelf
-  - RTThreadPreemptDisable
-  - RTThreadPreemptIsEnabled
-  - RTThreadPreemptIsPending
-  - RTThreadPreemptIsPendingTrusty
-  - RTThreadPreemptIsPossible
-  - RTThreadPreemptRestore
-  - RTThreadSelf
-  - RTThreadSelfName
-  - RTThreadSetName
-  - RTThreadSetType
-  - RTThreadSleep
-  - RTThreadUserReset
-  - RTThreadUserSignal
-  - RTThreadUserWait
-  - RTThreadUserWaitNoResume
-  - RTThreadWait
-  - RTThreadWaitNoResume
-  - RTThreadYield
-  - RTTimeExplode
-  - RTTimeFromString
-  - RTTimeImplode
-  - RTTimeIsLeapYear
-  - RTTimeMilliTS
-  - RTTimeNanoTS
-  - RTTimeNormalize
-  - RTTimeNow
-  - RTTimeSpecFromString
-  - RTTimeSpecToString
-  - RTTimeSystemMilliTS
-  - RTTimeSystemNanoTS
-  - RTTimeToString
-  - RTTimerCanDoHighResolution
-  - RTTimerChangeInterval
-  - RTTimerCreate
-  - RTTimerCreateEx
-  - RTTimerDestroy
-  - RTTimerGetSystemGranularity
-  - RTTimerReleaseSystemGranularity
-  - RTTimerRequestSystemGranularity
-  - RTTimerStart
-  - RTTimerStop
-  - RTUuidClear
-  - RTUuidCompare
-  - RTUuidCompare2Strs
-  - RTUuidCompareStr
-  - RTUuidFromStr
-  - RTUuidFromUtf16
-  - RTUuidIsNull
-  - RTUuidToStr
-  - RTUuidToUtf16
-  - SUPGetCpuHzFromGipForAsyncMode
-  - SUPGetGIP
-  - SUPGetTscDeltaSlow
-  - SUPIsTscFreqCompatible
-  - SUPIsTscFreqCompatibleEx
-  - SUPR0BadContext
-  - SUPR0ChangeCR4
-  - SUPR0ComponentDeregisterFactory
-  - SUPR0ComponentQueryFactory
-  - SUPR0ComponentRegisterFactory
-  - SUPR0ContAlloc
-  - SUPR0ContFree
-  - SUPR0EnableVTx
-  - SUPR0GetCurrentGdtRw
-  - SUPR0GetKernelFeatures
-  - SUPR0GetPagingMode
-  - SUPR0GetSessionGVM
-  - SUPR0GetSessionVM
-  - SUPR0GetSvmUsability
-  - SUPR0GetVmxUsability
-  - SUPR0GipMap
-  - SUPR0GipUnmap
-  - SUPR0LockMem
-  - SUPR0LowAlloc
-  - SUPR0LowFree
-  - SUPR0MemAlloc
-  - SUPR0MemFree
-  - SUPR0MemGetPhys
-  - SUPR0ObjAddRef
-  - SUPR0ObjAddRefEx
-  - SUPR0ObjRegister
-  - SUPR0ObjRelease
-  - SUPR0ObjVerifyAccess
-  - SUPR0PageAllocEx
-  - SUPR0PageFree
-  - SUPR0PageMapKernel
-  - SUPR0PageProtect
-  - SUPR0Printf
-  - SUPR0QueryUcodeRev
-  - SUPR0QueryVTCaps
-  - SUPR0ResumeVTxOnCpu
-  - SUPR0SetSessionVM
-  - SUPR0SuspendVTxOnCpu
-  - SUPR0TracerDeregisterDrv
-  - SUPR0TracerDeregisterImpl
-  - SUPR0TracerFireProbe
-  - SUPR0TracerRegisterDrv
-  - SUPR0TracerRegisterImpl
-  - SUPR0TracerRegisterModule
-  - SUPR0TracerUmodProbeFire
-  - SUPR0TscDeltaMeasureBySetIndex
-  - SUPR0UnlockMem
-  - SUPReadTscWithDelta
-  - SUPSemEventClose
-  - SUPSemEventCreate
-  - SUPSemEventGetResolution
-  - SUPSemEventMultiClose
-  - SUPSemEventMultiCreate
-  - SUPSemEventMultiGetResolution
-  - SUPSemEventMultiReset
-  - SUPSemEventMultiSignal
-  - SUPSemEventMultiWait
-  - SUPSemEventMultiWaitNoResume
-  - SUPSemEventMultiWaitNsAbsIntr
-  - SUPSemEventMultiWaitNsRelIntr
-  - SUPSemEventSignal
-  - SUPSemEventWait
-  - SUPSemEventWaitNoResume
-  - SUPSemEventWaitNsAbsIntr
-  - SUPSemEventWaitNsRelIntr
-  - g_pSUPGlobalInfoPage
-  - g_pszRTAssertExpr
-  - g_pszRTAssertFile
-  - g_pszRTAssertFunction
-  - g_szRTAssertMsg1
-  - g_szRTAssertMsg2
-  - g_u32RTAssertLine
-  ImportedFunctions:
-  - strchr
-  - IoDeleteDevice
-  - IoCreateDevice
-  - RtlInitUnicodeString
-  - ObfDereferenceObject
-  - ExUnregisterCallback
-  - IofCompleteRequest
-  - __C_specific_handler
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - IoIs32bitProcess
-  - ZwSetSystemInformation
-  - ExRegisterCallback
-  - ExCreateCallback
-  - MmGetSystemRoutineAddress
-  - RtlQueryRegistryValues
-  - DbgPrint
-  - KeSetTimerEx
-  - KeInsertQueueDpc
-  - KeRemoveQueueDpc
-  - KeCancelTimer
-  - KeSetImportanceDpc
-  - KeInitializeDpc
-  - KeInitializeTimerEx
-  - KeQueryTimeIncrement
-  - KeDelayExecutionThread
-  - ZwYieldExecution
-  - KeSetPriorityThread
-  - KeWaitForSingleObject
-  - ZwClose
-  - ObReferenceObjectByHandle
-  - PsCreateSystemThread
-  - KeAcquireSpinLockRaiseToDpc
-  - KeReleaseSpinLock
-  - KeInitializeMutex
-  - KeReleaseMutex
-  - KeReadStateMutex
-  - KeInitializeEvent
-  - ExAcquireFastMutex
-  - ExReleaseFastMutex
-  - KeSetEvent
-  - KeResetEvent
-  - PsGetCurrentProcessId
-  - IoGetCurrentProcess
-  - ProbeForRead
-  - ProbeForWrite
-  - MmHighestUserAddress
-  - MmSystemRangeStart
-  - KeSetTargetProcessorDpc
-  - KeNumberProcessors
-  - PsGetVersion
-  - MmIsAddressValid
-  - MmUnmapIoSpace
-  - MmUnlockPages
-  - MmFreeContiguousMemory
-  - IoFreeMdl
-  - MmFreePagesFromMdl
-  - MmUnsecureVirtualMemory
-  - MmUnmapLockedPages
-  - MmProtectMdlSystemAddress
-  - MmBuildMdlForNonPagedPool
-  - IoAllocateMdl
-  - MmAllocateContiguousMemorySpecifyCache
-  - MmAllocatePagesForMdl
-  - MmSecureVirtualMemory
-  - MmProbeAndLockPages
-  - MmMapIoSpace
-  - MmMapLockedPagesSpecifyCache
-  - MmGetPhysicalAddress
-  - MmAllocateContiguousMemory
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: CN=Vektor T13 Security Service
-      ValidFrom: '2018-04-19 00:15:30'
-      ValidTo: '2039-12-31 23:59:59'
-      Signature: 6a53b7553edfd579a2a4dd005b893883cc26c3e314683b8b92b95b8b60e33d6c9841d1761bd52c2e5a69f9bec38e457bf5a06f43fdb4d4f601a2ae0b0c7e16e180b8447308fca66dcbdf34c0a4319e96af6f96f4b9037bfd7f1360efe2fd24efe837d59c64e895cee83d63952d217672932decd29af822e80d0d25a580d53e0c
-      SignatureAlgorithmOID: 1.3.14.3.2.29
-      IsCertificateAuthority: true
-      SerialNumber: c3b2c606d320e0bf4f71f1e73668a938
-      Version: 3
-      TBS:
-        MD5: bdf06d2ae5584184829321a1af947932
-        SHA1: ffbcdef9b656d73245e310774c99d2d48645eb01
-        SHA256: 4ab0c3d0bd9761a17acd26fcc700469539d69032c9e4946ed50447486c1d8148
-        SHA384: d2f7f4fe7b034b7d714b31cf6f49fb915cd61914e41433a8e768bfd7a05f2f9dae331b8ea9f85f6cabbdc6b168f4f59f
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: c3b2c606d320e0bf4f71f1e73668a938
-      Issuer: CN=Vektor T13 Security Service
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 2699d722188f4664155df5d5ec416047
-    SHA1: 1d9a8b11fbf151fc371dcb9a1a3b333f0dadb1e0
-    SHA256: 6292be78ca89765e09fcf9a02d007dd8adafbf18a032d9d71e35686f922cd1f6
-  Sections:
-    .text:
-      Entropy: 6.420460567884749
-      Virtual Size: '0x2bc30'
-    .rdata:
-      Entropy: 5.939129698977538
-      Virtual Size: '0xf690'
-    .data:
-      Entropy: 4.2622979727406065
-      Virtual Size: '0x12a40'
-    .pdata:
-      Entropy: 5.55793348559494
-      Virtual Size: '0x32c4'
-    .edata:
-      Entropy: 5.804608403248267
-      Virtual Size: '0x34f8'
-    INIT:
-      Entropy: 5.082239885482413
-      Virtual Size: '0x856'
-    .rsrc:
-      Entropy: 3.442966233517804
-      Virtual Size: '0x420'
-    .reloc:
-      Entropy: 4.07818833178508
-      Virtual Size: '0xfb8'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2018-06-22 05:17:13'
-  Imphash: 9470f56376e665fb981a35b303436041
-  LoadsDespiteHVCI: 'TRUE'
-- Filename: VBoxDrv.sys
-  MD5: 02a1d77ef13bd41cad04abcce896d0b9
-  SHA1: 59c0fa0d61576d9eb839c9c7e15d57047ee7fe29
-  SHA256: 3724b39e97936bb20ada51c6119aded04530ed86f6b8d6b45fbfb2f3b9a4114b
-  Authentihash:
-    MD5: 49f3b147b53aa5ebce9ddce9a20fe9ff
-    SHA1: 46064d1e248e2c9d24950d6a5dcf68a2c12aeb9d
-    SHA256: 7e5abe4530eff3838d44516f95c15d8b3ec6cec44ca7b67998e50641c939d12a
-  Description: VirtualBox Support Driver
-  Company: Vektor T13 Security Service
-  InternalName: VBoxDrv
-  OriginalFilename: VBoxDrv.sys
-  FileVersion: 1.4.2.119230
-  Product: Antidetect 2019 Public
-  ProductVersion: 1.4.2.119230
-  Copyright: Copyright (C) 2009-2019 Oracle Corporation
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions:
-  - ASMAtomicBitClear
-  - ASMAtomicXchgU16
-  - ASMAtomicXchgU8
-  - ASMGetCS
-  - ASMGetDS
-  - ASMGetES
-  - ASMGetFS
-  - ASMGetGS
-  - ASMGetIDTR
-  - ASMGetSS
-  - ASMMultU64ByU32DivByU32
-  - ASMNopPause
-  - RTAssertAreQuiet
-  - RTAssertMayPanic
-  - RTAssertMsg1
-  - RTAssertMsg1Weak
-  - RTAssertMsg2AddV
-  - RTAssertMsg2V
-  - RTAssertMsg2Weak
-  - RTAssertMsg2WeakV
-  - RTAssertSetMayPanic
-  - RTAssertSetQuiet
-  - RTAssertShouldPanic
-  - RTAvlPVDestroy
-  - RTAvlPVDoWithAll
-  - RTAvlPVGet
-  - RTAvlPVGetBestFit
-  - RTAvlPVInsert
-  - RTAvlPVRemove
-  - RTAvlPVRemoveBestFit
-  - RTCrc32
-  - RTCrc32Finish
-  - RTCrc32Process
-  - RTCrc32Start
-  - RTErrConvertFromErrno
-  - RTErrConvertFromNtStatus
-  - RTErrConvertToErrno
-  - RTErrInfoAdd
-  - RTErrInfoAddF
-  - RTErrInfoAddV
-  - RTErrInfoSet
-  - RTErrInfoSetF
-  - RTErrInfoSetV
-  - RTErrVarsAreEqual
-  - RTErrVarsHaveChanged
-  - RTErrVarsRestore
-  - RTErrVarsSave
-  - RTHandleTableAllocWithCtx
-  - RTHandleTableCreate
-  - RTHandleTableCreateEx
-  - RTHandleTableDestroy
-  - RTHandleTableFreeWithCtx
-  - RTHandleTableLookupWithCtx
-  - RTLatin1CalcUtf8Len
-  - RTLatin1CalcUtf8LenEx
-  - RTLatin1ToUtf8ExTag
-  - RTLatin1ToUtf8Tag
-  - RTLogClearFileDelayFlag
-  - RTLogCloneRC
-  - RTLogComPrintf
-  - RTLogComPrintfV
-  - RTLogCreate
-  - RTLogCreateEx
-  - RTLogCreateExV
-  - RTLogDefaultInit
-  - RTLogDefaultInstance
-  - RTLogDefaultInstanceEx
-  - RTLogDestinations
-  - RTLogDestroy
-  - RTLogDumpPrintfV
-  - RTLogFlags
-  - RTLogFlush
-  - RTLogFlushRC
-  - RTLogFlushToLogger
-  - RTLogFormatV
-  - RTLogGetDefaultInstance
-  - RTLogGetDefaultInstanceEx
-  - RTLogGetDestinations
-  - RTLogGetFlags
-  - RTLogGetGroupSettings
-  - RTLogGroupSettings
-  - RTLogLogger
-  - RTLogLoggerEx
-  - RTLogLoggerExV
-  - RTLogLoggerV
-  - RTLogPrintf
-  - RTLogPrintfV
-  - RTLogRelGetDefaultInstance
-  - RTLogRelGetDefaultInstanceEx
-  - RTLogRelLoggerV
-  - RTLogRelPrintfV
-  - RTLogRelSetBuffering
-  - RTLogRelSetDefaultInstance
-  - RTLogSetBuffering
-  - RTLogSetCustomPrefixCallback
-  - RTLogSetDefaultInstance
-  - RTLogSetDefaultInstanceThread
-  - RTLogWriteCom
-  - RTLogWriteDebugger
-  - RTLogWriteStdErr
-  - RTLogWriteStdOut
-  - RTLogWriteUser
-  - RTMemAllocExTag
-  - RTMemAllocTag
-  - RTMemAllocVarTag
-  - RTMemAllocZTag
-  - RTMemAllocZVarTag
-  - RTMemContAlloc
-  - RTMemContFree
-  - RTMemDupExTag
-  - RTMemDupTag
-  - RTMemExecAllocTag
-  - RTMemExecFree
-  - RTMemFree
-  - RTMemFreeEx
-  - RTMemReallocTag
-  - RTMemTmpAllocTag
-  - RTMemTmpAllocZTag
-  - RTMemTmpFree
-  - RTMpCpuId
-  - RTMpCpuIdFromSetIndex
-  - RTMpCpuIdToSetIndex
-  - RTMpCurSetIndex
-  - RTMpCurSetIndexAndId
-  - RTMpGetArraySize
-  - RTMpGetCount
-  - RTMpGetCpuGroupCounts
-  - RTMpGetMaxCpuGroupCount
-  - RTMpGetMaxCpuId
-  - RTMpGetOnlineCoreCount
-  - RTMpGetOnlineCount
-  - RTMpGetOnlineSet
-  - RTMpGetPresentCoreCount
-  - RTMpGetPresentCount
-  - RTMpGetPresentSet
-  - RTMpGetSet
-  - RTMpIsCpuOnline
-  - RTMpIsCpuPossible
-  - RTMpIsCpuPresent
-  - RTMpIsCpuWorkPending
-  - RTMpNotificationDeregister
-  - RTMpNotificationRegister
-  - RTMpOnAll
-  - RTMpOnAllIsConcurrentSafe
-  - RTMpOnOthers
-  - RTMpOnPair
-  - RTMpOnPairIsConcurrentExecSupported
-  - RTMpOnSpecific
-  - RTMpPokeCpu
-  - RTMpSetIndexFromCpuGroupMember
-  - RTNetIPv4AddDataChecksum
-  - RTNetIPv4AddTCPChecksum
-  - RTNetIPv4AddUDPChecksum
-  - RTNetIPv4FinalizeChecksum
-  - RTNetIPv4HdrChecksum
-  - RTNetIPv4IsDHCPValid
-  - RTNetIPv4IsHdrValid
-  - RTNetIPv4IsTCPSizeValid
-  - RTNetIPv4IsTCPValid
-  - RTNetIPv4IsUDPSizeValid
-  - RTNetIPv4IsUDPValid
-  - RTNetIPv4PseudoChecksum
-  - RTNetIPv4PseudoChecksumBits
-  - RTNetIPv4TCPChecksum
-  - RTNetIPv4UDPChecksum
-  - RTNetIPv6PseudoChecksum
-  - RTNetIPv6PseudoChecksumBits
-  - RTNetIPv6PseudoChecksumEx
-  - RTNetTCPChecksum
-  - RTNetUDPChecksum
-  - RTOnceReset
-  - RTOnceSlow
-  - RTPowerNotificationDeregister
-  - RTPowerNotificationRegister
-  - RTPowerSignalEvent
-  - RTProcSelf
-  - RTR0AssertPanicSystem
-  - RTR0Init
-  - RTR0MemAreKrnlAndUsrDifferent
-  - RTR0MemKernelCopyFrom
-  - RTR0MemKernelCopyTo
-  - RTR0MemKernelIsValidAddr
-  - RTR0MemObjAddress
-  - RTR0MemObjAddressR3
-  - RTR0MemObjAllocContTag
-  - RTR0MemObjAllocLowTag
-  - RTR0MemObjAllocPageTag
-  - RTR0MemObjAllocPhysExTag
-  - RTR0MemObjAllocPhysNCTag
-  - RTR0MemObjAllocPhysTag
-  - RTR0MemObjEnterPhysTag
-  - RTR0MemObjFree
-  - RTR0MemObjGetPagePhysAddr
-  - RTR0MemObjIsMapping
-  - RTR0MemObjLockKernelTag
-  - RTR0MemObjLockUserTag
-  - RTR0MemObjMapKernelExTag
-  - RTR0MemObjMapKernelTag
-  - RTR0MemObjMapUserTag
-  - RTR0MemObjProtect
-  - RTR0MemObjReserveKernelTag
-  - RTR0MemObjReserveUserTag
-  - RTR0MemObjSize
-  - RTR0MemUserCopyFrom
-  - RTR0MemUserCopyTo
-  - RTR0MemUserIsValidAddr
-  - RTR0ProcHandleSelf
-  - RTR0Term
-  - RTR0TermForced
-  - RTSemEventCreate
-  - RTSemEventCreateEx
-  - RTSemEventDestroy
-  - RTSemEventGetResolution
-  - RTSemEventMultiCreate
-  - RTSemEventMultiCreateEx
-  - RTSemEventMultiDestroy
-  - RTSemEventMultiGetResolution
-  - RTSemEventMultiReset
-  - RTSemEventMultiSignal
-  - RTSemEventMultiWait
-  - RTSemEventMultiWaitEx
-  - RTSemEventMultiWaitExDebug
-  - RTSemEventMultiWaitNoResume
-  - RTSemEventSignal
-  - RTSemEventWait
-  - RTSemEventWaitEx
-  - RTSemEventWaitExDebug
-  - RTSemEventWaitNoResume
-  - RTSemFastMutexCreate
-  - RTSemFastMutexDestroy
-  - RTSemFastMutexRelease
-  - RTSemFastMutexRequest
-  - RTSemMutexCreate
-  - RTSemMutexCreateEx
-  - RTSemMutexDestroy
-  - RTSemMutexIsOwned
-  - RTSemMutexRelease
-  - RTSemMutexRequest
-  - RTSemMutexRequestDebug
-  - RTSemMutexRequestNoResume
-  - RTSemMutexRequestNoResumeDebug
-  - RTSemSpinMutexCreate
-  - RTSemSpinMutexDestroy
-  - RTSemSpinMutexRelease
-  - RTSemSpinMutexRequest
-  - RTSemSpinMutexTryRequest
-  - RTSpinlockAcquire
-  - RTSpinlockCreate
-  - RTSpinlockDestroy
-  - RTSpinlockRelease
-  - RTStrAAppendNTag
-  - RTStrAAppendTag
-  - RTStrATruncateTag
-  - RTStrAllocExTag
-  - RTStrAllocTag
-  - RTStrCalcLatin1Len
-  - RTStrCalcLatin1LenEx
-  - RTStrCalcUtf16Len
-  - RTStrCalcUtf16LenEx
-  - RTStrCat
-  - RTStrConvertHexBytes
-  - RTStrCopy
-  - RTStrCopyEx
-  - RTStrCopyP
-  - RTStrDupExTag
-  - RTStrDupNTag
-  - RTStrDupTag
-  - RTStrFormat
-  - RTStrFormatNumber
-  - RTStrFormatTypeDeregister
-  - RTStrFormatTypeRegister
-  - RTStrFormatTypeSetUser
-  - RTStrFormatV
-  - RTStrFree
-  - RTStrGetCpExInternal
-  - RTStrGetCpInternal
-  - RTStrGetCpNExInternal
-  - RTStrIsValidEncoding
-  - RTStrNCmp
-  - RTStrPrevCp
-  - RTStrPrintf
-  - RTStrPrintfEx
-  - RTStrPrintfExV
-  - RTStrPrintfV
-  - RTStrPurgeComplementSet
-  - RTStrPurgeEncoding
-  - RTStrPutCpInternal
-  - RTStrReallocTag
-  - RTStrToInt16
-  - RTStrToInt16Ex
-  - RTStrToInt16Full
-  - RTStrToInt32
-  - RTStrToInt32Ex
-  - RTStrToInt32Full
-  - RTStrToInt64
-  - RTStrToInt64Ex
-  - RTStrToInt64Full
-  - RTStrToInt8
-  - RTStrToInt8Ex
-  - RTStrToInt8Full
-  - RTStrToLatin1ExTag
-  - RTStrToLatin1Tag
-  - RTStrToUInt16
-  - RTStrToUInt16Ex
-  - RTStrToUInt16Full
-  - RTStrToUInt32
-  - RTStrToUInt32Ex
-  - RTStrToUInt32Full
-  - RTStrToUInt64
-  - RTStrToUInt64Ex
-  - RTStrToUInt64Full
-  - RTStrToUInt8
-  - RTStrToUInt8Ex
-  - RTStrToUInt8Full
-  - RTStrToUni
-  - RTStrToUniEx
-  - RTStrToUtf16BigExTag
-  - RTStrToUtf16BigTag
-  - RTStrToUtf16ExTag
-  - RTStrToUtf16Tag
-  - RTStrUniLen
-  - RTStrUniLenEx
-  - RTStrValidateEncoding
-  - RTStrValidateEncodingEx
-  - RTTermDeregisterCallback
-  - RTTermRegisterCallback
-  - RTTermRunCallbacks
-  - RTThreadCreate
-  - RTThreadCreateF
-  - RTThreadCreateV
-  - RTThreadCtxHookCreate
-  - RTThreadCtxHookDestroy
-  - RTThreadCtxHookDisable
-  - RTThreadCtxHookEnable
-  - RTThreadCtxHookIsEnabled
-  - RTThreadFromNative
-  - RTThreadGetName
-  - RTThreadGetNative
-  - RTThreadGetType
-  - RTThreadIsInInterrupt
-  - RTThreadIsInitialized
-  - RTThreadIsMain
-  - RTThreadIsSelfAlive
-  - RTThreadIsSelfKnown
-  - RTThreadNativeSelf
-  - RTThreadPreemptDisable
-  - RTThreadPreemptIsEnabled
-  - RTThreadPreemptIsPending
-  - RTThreadPreemptIsPendingTrusty
-  - RTThreadPreemptIsPossible
-  - RTThreadPreemptRestore
-  - RTThreadSelf
-  - RTThreadSelfName
-  - RTThreadSetName
-  - RTThreadSetType
-  - RTThreadSleep
-  - RTThreadUserReset
-  - RTThreadUserSignal
-  - RTThreadUserWait
-  - RTThreadUserWaitNoResume
-  - RTThreadWait
-  - RTThreadWaitNoResume
-  - RTThreadYield
-  - RTTimeExplode
-  - RTTimeFromString
-  - RTTimeImplode
-  - RTTimeIsLeapYear
-  - RTTimeMilliTS
-  - RTTimeNanoTS
-  - RTTimeNormalize
-  - RTTimeNow
-  - RTTimeSpecFromString
-  - RTTimeSpecToString
-  - RTTimeSystemMilliTS
-  - RTTimeSystemNanoTS
-  - RTTimeToString
-  - RTTimerCanDoHighResolution
-  - RTTimerChangeInterval
-  - RTTimerCreate
-  - RTTimerCreateEx
-  - RTTimerDestroy
-  - RTTimerGetSystemGranularity
-  - RTTimerReleaseSystemGranularity
-  - RTTimerRequestSystemGranularity
-  - RTTimerStart
-  - RTTimerStop
-  - RTUuidClear
-  - RTUuidCompare
-  - RTUuidCompare2Strs
-  - RTUuidCompareStr
-  - RTUuidFromStr
-  - RTUuidFromUtf16
-  - RTUuidIsNull
-  - RTUuidToStr
-  - RTUuidToUtf16
-  - SUPGetCpuHzFromGipForAsyncMode
-  - SUPGetGIP
-  - SUPGetTscDeltaSlow
-  - SUPIsTscFreqCompatible
-  - SUPIsTscFreqCompatibleEx
-  - SUPR0BadContext
-  - SUPR0ChangeCR4
-  - SUPR0ComponentDeregisterFactory
-  - SUPR0ComponentQueryFactory
-  - SUPR0ComponentRegisterFactory
-  - SUPR0ContAlloc
-  - SUPR0ContFree
-  - SUPR0EnableVTx
-  - SUPR0GetCurrentGdtRw
-  - SUPR0GetKernelFeatures
-  - SUPR0GetPagingMode
-  - SUPR0GetSessionGVM
-  - SUPR0GetSessionVM
-  - SUPR0GetSvmUsability
-  - SUPR0GetVmxUsability
-  - SUPR0GipMap
-  - SUPR0GipUnmap
-  - SUPR0LockMem
-  - SUPR0LowAlloc
-  - SUPR0LowFree
-  - SUPR0MemAlloc
-  - SUPR0MemFree
-  - SUPR0MemGetPhys
-  - SUPR0ObjAddRef
-  - SUPR0ObjAddRefEx
-  - SUPR0ObjRegister
-  - SUPR0ObjRelease
-  - SUPR0ObjVerifyAccess
-  - SUPR0PageAllocEx
-  - SUPR0PageFree
-  - SUPR0PageMapKernel
-  - SUPR0PageProtect
-  - SUPR0Printf
-  - SUPR0QueryUcodeRev
-  - SUPR0QueryVTCaps
-  - SUPR0ResumeVTxOnCpu
-  - SUPR0SetSessionVM
-  - SUPR0SuspendVTxOnCpu
-  - SUPR0TracerDeregisterDrv
-  - SUPR0TracerDeregisterImpl
-  - SUPR0TracerFireProbe
-  - SUPR0TracerRegisterDrv
-  - SUPR0TracerRegisterImpl
-  - SUPR0TracerRegisterModule
-  - SUPR0TracerUmodProbeFire
-  - SUPR0TscDeltaMeasureBySetIndex
-  - SUPR0UnlockMem
-  - SUPReadTscWithDelta
-  - SUPSemEventClose
-  - SUPSemEventCreate
-  - SUPSemEventGetResolution
-  - SUPSemEventMultiClose
-  - SUPSemEventMultiCreate
-  - SUPSemEventMultiGetResolution
-  - SUPSemEventMultiReset
-  - SUPSemEventMultiSignal
-  - SUPSemEventMultiWait
-  - SUPSemEventMultiWaitNoResume
-  - SUPSemEventMultiWaitNsAbsIntr
-  - SUPSemEventMultiWaitNsRelIntr
-  - SUPSemEventSignal
-  - SUPSemEventWait
-  - SUPSemEventWaitNoResume
-  - SUPSemEventWaitNsAbsIntr
-  - SUPSemEventWaitNsRelIntr
-  - g_pSUPGlobalInfoPage
-  - g_pszRTAssertExpr
-  - g_pszRTAssertFile
-  - g_pszRTAssertFunction
-  - g_szRTAssertMsg1
-  - g_szRTAssertMsg2
-  - g_u32RTAssertLine
-  ImportedFunctions:
-  - strchr
-  - IoDeleteDevice
-  - IoCreateDevice
-  - RtlInitUnicodeString
-  - ObfDereferenceObject
-  - ExUnregisterCallback
-  - IofCompleteRequest
-  - __C_specific_handler
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - IoIs32bitProcess
-  - ZwSetSystemInformation
-  - ExRegisterCallback
-  - ExCreateCallback
-  - MmGetSystemRoutineAddress
-  - RtlQueryRegistryValues
-  - DbgPrint
-  - KeSetTimerEx
-  - KeInsertQueueDpc
-  - KeRemoveQueueDpc
-  - KeCancelTimer
-  - KeSetImportanceDpc
-  - KeInitializeDpc
-  - KeInitializeTimerEx
-  - KeQueryTimeIncrement
-  - KeDelayExecutionThread
-  - ZwYieldExecution
-  - KeSetPriorityThread
-  - KeWaitForSingleObject
-  - ZwClose
-  - ObReferenceObjectByHandle
-  - PsCreateSystemThread
-  - KeAcquireSpinLockRaiseToDpc
-  - KeReleaseSpinLock
-  - KeInitializeMutex
-  - KeReleaseMutex
-  - KeReadStateMutex
-  - KeInitializeEvent
-  - ExAcquireFastMutex
-  - ExReleaseFastMutex
-  - KeSetEvent
-  - KeResetEvent
-  - PsGetCurrentProcessId
-  - IoGetCurrentProcess
-  - ProbeForRead
-  - ProbeForWrite
-  - MmHighestUserAddress
-  - MmSystemRangeStart
-  - KeSetTargetProcessorDpc
-  - KeNumberProcessors
-  - PsGetVersion
-  - MmIsAddressValid
-  - MmUnmapIoSpace
-  - MmUnlockPages
-  - MmFreeContiguousMemory
-  - IoFreeMdl
-  - MmFreePagesFromMdl
-  - MmUnsecureVirtualMemory
-  - MmUnmapLockedPages
-  - MmProtectMdlSystemAddress
-  - MmBuildMdlForNonPagedPool
-  - IoAllocateMdl
-  - MmAllocateContiguousMemorySpecifyCache
-  - MmAllocatePagesForMdl
-  - MmSecureVirtualMemory
-  - MmProbeAndLockPages
-  - MmMapIoSpace
-  - MmMapLockedPagesSpecifyCache
-  - MmGetPhysicalAddress
-  - MmAllocateContiguousMemory
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: CN=Vektor T13 Technology
-      ValidFrom: '2018-08-10 07:42:52'
-      ValidTo: '2039-12-31 23:59:59'
-      Signature: 4819acb135277102eb22d1ebf53707b6651b1dac668cbe264acefb52a0567dee778627ae98f2f8a69142e210ed9a585a826bea9339108f6cc8567a8a0d3b471dde8e932b4d7b466e657e0592faa7578e548c1d1f3b746190fac243e75735ad18bb9cf901d94d92ed4bfbe7729d439bdd300a6cb5fb75d17364033f92a8d15398
-      SignatureAlgorithmOID: 1.3.14.3.2.29
-      IsCertificateAuthority: true
-      SerialNumber: 4d87df1b3d1e239b405dc85d0a0bad22
-      Version: 3
-      TBS:
-        MD5: fbe18b58073fb49c37c5790f1e2065f0
-        SHA1: a0a8778312b53234bbf75e19e10664c52e0c524c
-        SHA256: 42da0182b3119325ebc53f870276cc8b9f6f4d7248d6223372fea7fc994d85a8
-        SHA384: 12140c817a8d0771e3ee4c8e1eecda708c7203c537b4a702175fb370098e2bc704fca98b9b65cf346d80845fd961ed03
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 4d87df1b3d1e239b405dc85d0a0bad22
-      Issuer: CN=Vektor T13 Technology
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 2699d722188f4664155df5d5ec416047
-    SHA1: 1d9a8b11fbf151fc371dcb9a1a3b333f0dadb1e0
-    SHA256: 6292be78ca89765e09fcf9a02d007dd8adafbf18a032d9d71e35686f922cd1f6
-  Sections:
-    .text:
-      Entropy: 6.419823737384689
-      Virtual Size: '0x2bc30'
-    .rdata:
-      Entropy: 5.946657911688005
-      Virtual Size: '0xf8c8'
-    .data:
-      Entropy: 4.260596456256825
-      Virtual Size: '0x12a40'
-    .pdata:
-      Entropy: 5.559894875195939
-      Virtual Size: '0x32c4'
-    .edata:
-      Entropy: 5.803857413810883
-      Virtual Size: '0x34f8'
-    INIT:
-      Entropy: 5.082239885482413
-      Virtual Size: '0x856'
-    .rsrc:
-      Entropy: 3.4258421343253227
-      Virtual Size: '0x400'
-    .reloc:
-      Entropy: 4.078099091032765
-      Virtual Size: '0xfb8'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2019-02-15 22:57:54'
-  Imphash: 9470f56376e665fb981a35b303436041
-  LoadsDespiteHVCI: 'TRUE'
-- Filename: VBoxDrv.sys
-  MD5: 962a33a191dbe56915fd196e3a868cf0
-  SHA1: 449ff4f5ce2fdddac05a6c82e45a7e802b1c1305
-  SHA256: 7539157df91923d4575f7f57c8eb8b0fd87f064c919c1db85e73eebb2910b60c
-  Authentihash:
-    MD5: 5491106d0dc46b737e07072122359638
-    SHA1: 2fa597885c165e354736143e9645570e3637b57b
-    SHA256: c62bf9d0cc1edfffc15f3f002cd7f51efe3372320ec89d9dc96011000915c186
-  Description: VirtualBox Support Driver
-  Company: Sun Microsystems, Inc.
-  InternalName: VBoxDrv.sys
-  OriginalFilename: VBoxDrv.sys
-  FileVersion: 3.0.0.r49315
-  Product: Sun VirtualBox
-  ProductVersion: 3.0.0.r49315
-  Copyright: Copyright (C) 2009 Sun Microsystems, Inc.
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions:
-  - ?RTThreadAdopt@@YAHW4RTTHREADTYPE@@IPEBDPEAPEAURTTHREADINT@@@Z
-  - AssertMsg1
-  - AssertMsg2
-  - RTAssertShouldPanic
-  - RTAvlPVDestroy
-  - RTAvlPVDoWithAll
-  - RTAvlPVGet
-  - RTAvlPVGetBestFit
-  - RTAvlPVInsert
-  - RTAvlPVRemove
-  - RTAvlPVRemoveBestFit
-  - RTErrConvertFromNtStatus
-  - RTHandleTableAllocWithCtx
-  - RTHandleTableCreate
-  - RTHandleTableCreateEx
-  - RTHandleTableDestroy
-  - RTHandleTableFreeWithCtx
-  - RTHandleTableLookupWithCtx
-  - RTLogCloneRC
-  - RTLogComPrintf
-  - RTLogComPrintfV
-  - RTLogCopyGroupsAndFlags
-  - RTLogCreate
-  - RTLogCreateEx
-  - RTLogCreateExV
-  - RTLogDefaultInit
-  - RTLogDefaultInstance
-  - RTLogDestroy
-  - RTLogFlags
-  - RTLogFlush
-  - RTLogFlushRC
-  - RTLogFlushToLogger
-  - RTLogFormatV
-  - RTLogGetDefaultInstance
-  - RTLogGroupSettings
-  - RTLogLogger
-  - RTLogLoggerEx
-  - RTLogLoggerExV
-  - RTLogLoggerV
-  - RTLogPrintf
-  - RTLogPrintfV
-  - RTLogRelDefaultInstance
-  - RTLogRelLoggerV
-  - RTLogRelPrintfV
-  - RTLogRelSetDefaultInstance
-  - RTLogSetCustomPrefixCallback
-  - RTLogSetDefaultInstance
-  - RTLogSetDefaultInstanceThread
-  - RTLogWriteCom
-  - RTLogWriteDebugger
-  - RTLogWriteStdErr
-  - RTLogWriteStdOut
-  - RTLogWriteUser
-  - RTMemAlloc
-  - RTMemAllocZ
-  - RTMemContAlloc
-  - RTMemContFree
-  - RTMemDup
-  - RTMemDupEx
-  - RTMemExecAlloc
-  - RTMemExecFree
-  - RTMemFree
-  - RTMemRealloc
-  - RTMemTmpAlloc
-  - RTMemTmpAllocZ
-  - RTMemTmpFree
-  - RTMpCpuId
-  - RTMpCpuIdFromSetIndex
-  - RTMpCpuIdToSetIndex
-  - RTMpGetCount
-  - RTMpGetMaxCpuId
-  - RTMpGetOnlineCount
-  - RTMpGetOnlineSet
-  - RTMpGetSet
-  - RTMpIsCpuOnline
-  - RTMpIsCpuPossible
-  - RTMpIsCpuWorkPending
-  - RTMpNotificationDeregister
-  - RTMpNotificationRegister
-  - RTMpOnAll
-  - RTMpOnOthers
-  - RTMpOnSpecific
-  - RTMpPokeCpu
-  - RTPowerNotificationDeregister
-  - RTPowerNotificationRegister
-  - RTPowerSignalEvent
-  - RTProcSelf
-  - RTR0Init
-  - RTR0MemObjAddress
-  - RTR0MemObjAddressR3
-  - RTR0MemObjAllocCont
-  - RTR0MemObjAllocLow
-  - RTR0MemObjAllocPage
-  - RTR0MemObjAllocPhys
-  - RTR0MemObjAllocPhysNC
-  - RTR0MemObjEnterPhys
-  - RTR0MemObjFree
-  - RTR0MemObjGetPagePhysAddr
-  - RTR0MemObjIsMapping
-  - RTR0MemObjLockKernel
-  - RTR0MemObjLockUser
-  - RTR0MemObjMapKernel
-  - RTR0MemObjMapKernelEx
-  - RTR0MemObjMapUser
-  - RTR0MemObjProtect
-  - RTR0MemObjReserveKernel
-  - RTR0MemObjReserveUser
-  - RTR0MemObjSize
-  - RTR0ProcHandleSelf
-  - RTR0Term
-  - RTSemEventCreate
-  - RTSemEventDestroy
-  - RTSemEventMultiCreate
-  - RTSemEventMultiDestroy
-  - RTSemEventMultiReset
-  - RTSemEventMultiSignal
-  - RTSemEventMultiWait
-  - RTSemEventMultiWaitNoResume
-  - RTSemEventSignal
-  - RTSemEventWait
-  - RTSemEventWaitNoResume
-  - RTSemFastMutexCreate
-  - RTSemFastMutexDestroy
-  - RTSemFastMutexRelease
-  - RTSemFastMutexRequest
-  - RTSpinlockAcquire
-  - RTSpinlockAcquireNoInts
-  - RTSpinlockCreate
-  - RTSpinlockDestroy
-  - RTSpinlockRelease
-  - RTSpinlockReleaseNoInts
-  - RTStrFormat
-  - RTStrFormatNumber
-  - RTStrFormatTypeDeregister
-  - RTStrFormatTypeRegister
-  - RTStrFormatTypeSetUser
-  - RTStrFormatV
-  - RTStrPrintf
-  - RTStrPrintfEx
-  - RTStrPrintfExV
-  - RTStrPrintfV
-  - RTStrToInt16
-  - RTStrToInt16Ex
-  - RTStrToInt16Full
-  - RTStrToInt32
-  - RTStrToInt32Ex
-  - RTStrToInt32Full
-  - RTStrToInt64
-  - RTStrToInt64Ex
-  - RTStrToInt64Full
-  - RTStrToInt8
-  - RTStrToInt8Ex
-  - RTStrToInt8Full
-  - RTStrToUInt16
-  - RTStrToUInt16Ex
-  - RTStrToUInt16Full
-  - RTStrToUInt32
-  - RTStrToUInt32Ex
-  - RTStrToUInt32Full
-  - RTStrToUInt64
-  - RTStrToUInt64Ex
-  - RTStrToUInt64Full
-  - RTStrToUInt8
-  - RTStrToUInt8Ex
-  - RTStrToUInt8Full
-  - RTThreadCreate
-  - RTThreadCreateF
-  - RTThreadCreateV
-  - RTThreadFromNative
-  - RTThreadGetName
-  - RTThreadGetNative
-  - RTThreadGetType
-  - RTThreadNativeSelf
-  - RTThreadPreemptDisable
-  - RTThreadPreemptIsEnabled
-  - RTThreadPreemptIsPending
-  - RTThreadPreemptIsPendingTrusty
-  - RTThreadPreemptRestore
-  - RTThreadSelf
-  - RTThreadSelfName
-  - RTThreadSetName
-  - RTThreadSetType
-  - RTThreadSleep
-  - RTThreadUserReset
-  - RTThreadUserSignal
-  - RTThreadUserWait
-  - RTThreadUserWaitNoResume
-  - RTThreadWait
-  - RTThreadWaitNoResume
-  - RTThreadYield
-  - RTTimeMilliTS
-  - RTTimeNanoTS
-  - RTTimeNow
-  - RTTimeSystemMilliTS
-  - RTTimeSystemNanoTS
-  - RTTimerCreateEx
-  - RTTimerDestroy
-  - RTTimerGetSystemGranularity
-  - RTTimerReleaseSystemGranularity
-  - RTTimerRequestSystemGranularity
-  - RTTimerStart
-  - RTTimerStop
-  - SUPR0ComponentDeregisterFactory
-  - SUPR0ComponentQueryFactory
-  - SUPR0ComponentRegisterFactory
-  - SUPR0ContAlloc
-  - SUPR0ContFree
-  - SUPR0EnableVTx
-  - SUPR0GetPagingMode
-  - SUPR0GipMap
-  - SUPR0GipUnmap
-  - SUPR0LockMem
-  - SUPR0LowAlloc
-  - SUPR0LowFree
-  - SUPR0MemAlloc
-  - SUPR0MemFree
-  - SUPR0MemGetPhys
-  - SUPR0ObjAddRef
-  - SUPR0ObjAddRefEx
-  - SUPR0ObjRegister
-  - SUPR0ObjRelease
-  - SUPR0ObjVerifyAccess
-  - SUPR0PageAllocEx
-  - SUPR0PageFree
-  - SUPR0PageMapKernel
-  - SUPR0PageProtect
-  - SUPR0UnlockMem
-  - SUPSemEventClose
-  - SUPSemEventCreate
-  - SUPSemEventMultiClose
-  - SUPSemEventMultiCreate
-  - SUPSemEventMultiReset
-  - SUPSemEventMultiSignal
-  - SUPSemEventMultiWait
-  - SUPSemEventMultiWaitNoResume
-  - SUPSemEventSignal
-  - SUPSemEventWait
-  - SUPSemEventWaitNoResume
-  - g_szRTAssertMsg1
-  - g_szRTAssertMsg2
-  ImportedFunctions:
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - ObfDereferenceObject
-  - ExUnregisterCallback
-  - IofCompleteRequest
-  - DbgPrint
-  - IoIs32bitProcess
-  - ExRegisterCallback
-  - ExCreateCallback
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - IoGetStackLimits
-  - memchr
-  - strncmp
-  - KeInitializeEvent
-  - ExAcquireFastMutex
-  - ExReleaseFastMutex
-  - KeSetEvent
-  - KeWaitForSingleObject
-  - KeResetEvent
-  - KeAcquireSpinLockRaiseToDpc
-  - KeReleaseSpinLock
-  - KeDelayExecutionThread
-  - ZwYieldExecution
-  - ExFreePoolWithTag
-  - KeInsertQueueDpc
-  - KeSetTargetProcessorDpc
-  - KeSetImportanceDpc
-  - KeInitializeDpc
-  - ExAllocatePoolWithTag
-  - KeQueryActiveProcessors
-  - strchr
-  - PsGetCurrentProcessId
-  - IoGetCurrentProcess
-  - KeSetTimerEx
-  - KeRemoveQueueDpc
-  - KeCancelTimer
-  - KeInitializeTimerEx
-  - KeQueryTimeIncrement
-  - __C_specific_handler
-  - PsGetVersion
-  - MmGetSystemRoutineAddress
-  - MmFreeContiguousMemory
-  - MmGetPhysicalAddress
-  - MmAllocateContiguousMemory
-  - MmUnmapIoSpace
-  - MmUnlockPages
-  - IoFreeMdl
-  - MmFreePagesFromMdl
-  - MmUnsecureVirtualMemory
-  - MmUnmapLockedPages
-  - MmProtectMdlSystemAddress
-  - MmBuildMdlForNonPagedPool
-  - IoAllocateMdl
-  - MmAllocatePagesForMdl
-  - MmSecureVirtualMemory
-  - MmProbeAndLockPages
-  - MmMapIoSpace
-  - MmMapLockedPagesSpecifyCache
-  - KeSetPriorityThread
-  - ZwClose
-  - ObReferenceObjectByHandle
-  - PsCreateSystemThread
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=US, ST=California, L=Menlo Park, O=Sun Microsystems, Inc., OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, CN=Sun Microsystems, Inc.
-      ValidFrom: '2008-06-11 00:00:00'
-      ValidTo: '2011-06-11 23:59:59'
-      Signature: 537c2adf2d3f7cf7cfc86476029fe81f7b8f12596a595cda0d5fbbfd227cce6bce2f8ad1af7fbb1a92a8b8de23a8797748094aae39bc845308e3ccd8fb9dc09b51bdf7b26c4eb8fb4052a8bdc714eaf36fca04d720e06798e36308c2fcaf50c48e61087a3ba0c4b0e77972a69af1ecc9d05e3f001e02ad94db98aa5e1453b541b0c257337fd78bb0372dc7841987424e0abce9cb1f0102a934bd037475b39cfe29dc27e77b3eb89fe805f8c6b1574d768dd2805d1a4b98143b7b6208abfebe7645a607084b1fd13ec7f088ac49cd5adc916090bcebe2e63786a7b80a009abd81349a9f34e135a7f4a2d569be474fe316b1b9f06ddf4d90a6650f7340181a27e1
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 693a64818c1e086b1b15aee63fa054a2
-      Version: 3
-      TBS:
-        MD5: 50b256a55cdc23561dd4aa76abed4fd9
-        SHA1: b3ee591b9218cfdcd394180558bd01bb674df627
-        SHA256: fc1c2199740f069b26f02d81313408734051ecb7fa216b2a86458938fac6a909
-        SHA384: 81c9c8b202f6fe3354dd5503ef9ee6d418b9a28064968506bc2c49d7bd0efbaa9da9ce51d7c384992aa531ca905442a7
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 693a64818c1e086b1b15aee63fa054a2
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 261d758721838be6952a5d436ef49482
-    SHA1: 48fb54a77fa0accb2465db44427fa54dadb40c71
-    SHA256: fc0103dc5d498962537d247bb47b20b3afcd43026871bda30382d13a5345e851
-  Sections:
-    .text:
-      Entropy: 6.370050981269774
-      Virtual Size: '0x19504'
-    .rdata:
-      Entropy: 5.499324680689697
-      Virtual Size: '0x7a7c'
-    .data:
-      Entropy: 1.867829218165165
-      Virtual Size: '0x48d4'
-    .pdata:
-      Entropy: 5.337655653168031
-      Virtual Size: '0x27c0'
-    .edata:
-      Entropy: 5.736737915363427
-      Virtual Size: '0x1a66'
-    INIT:
-      Entropy: 5.000542465514514
-      Virtual Size: '0x788'
-    .rsrc:
-      Entropy: 3.301923093235062
-      Virtual Size: '0x398'
-    .reloc:
-      Entropy: 4.803419428597937
-      Virtual Size: '0x6ea'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2009-06-30 05:41:34'
-  Imphash: fd133033a24971502ff0b2f189215c56
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: VBoxDrv.sys
-  MD5: 3e87e3346441539d3a90278a120766df
-  SHA1: ce5681896e7631b6e83cccb7aa056a33e72a1bbe
-  SHA256: 9dab4b6fddc8e1ec0a186aa8382b184a5d52cfcabaaf04ff9e3767021eb09cf4
-  Authentihash:
-    MD5: d8e8d4c6d5dd6ba5ca58979f569cba95
-    SHA1: c9027b3e1c731d0a16acd94c947f446df1a23318
-    SHA256: 681de794238060ec929aa5cf6c4701069f113a8524d31fb2f411648968ca17de
-  Description: VirtualBox Support Driver
-  Company: Pinduoduo Ltd Corp
-  InternalName: VBoxDrv
-  OriginalFilename: VBoxDrv.sys
-  FileVersion: 1.2.0.137904
-  Product: Pinduoduo Secure VDI
-  ProductVersion: 1.2.0.137904
-  Copyright: Copyright (C) 2015-2021 Pinduoduo Corporation
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions:
-  - ?RTAsn1VideotexString_CheckSanity@@YAHPEBURTASN1STRING@@IPEAURTERRINFO@@PEBD@Z
-  - ?RTAsn1VideotexString_Clone@@YAHPEAURTASN1STRING@@PEBU1@PEBURTASN1ALLOCATORVTABLE@@@Z
-  - ?RTAsn1VideotexString_Compare@@YAHPEBURTASN1STRING@@0@Z
-  - ?RTAsn1VideotexString_DecodeAsn1@@YAHPEAURTASN1CURSOR@@IPEAURTASN1STRING@@PEBD@Z
-  - ?RTAsn1VideotexString_Delete@@YAXPEAURTASN1STRING@@@Z
-  - ?RTAsn1VideotexString_Enum@@YAHPEAURTASN1STRING@@P6AHPEAURTASN1CORE@@PEBDIPEAX@ZI3@Z
-  - ?RTAsn1VideotexString_Init@@YAHPEAURTASN1STRING@@PEBURTASN1ALLOCATORVTABLE@@@Z
-  - ?RTCrPkcs7Cert_SetAcV1@@YAHPEAURTCRPKCS7CERT@@PEBURTASN1CORE@@PEBURTASN1ALLOCATORVTABLE@@@Z
-  - ?RTCrPkcs7Cert_SetAcV2@@YAHPEAURTCRPKCS7CERT@@PEBURTASN1CORE@@PEBURTASN1ALLOCATORVTABLE@@@Z
-  - ?RTCrPkcs7Cert_SetExtendedCert@@YAHPEAURTCRPKCS7CERT@@PEBURTASN1CORE@@PEBURTASN1ALLOCATORVTABLE@@@Z
-  - ?RTCrPkcs7Cert_SetOtherCert@@YAHPEAURTCRPKCS7CERT@@PEBURTASN1CORE@@PEBURTASN1ALLOCATORVTABLE@@@Z
-  - ?RTCrPkcs7Cert_SetX509Cert@@YAHPEAURTCRPKCS7CERT@@PEBURTCRX509CERTIFICATE@@PEBURTASN1ALLOCATORVTABLE@@@Z
-  - ?RTCrSpcLink_SetFile@@YAHPEAURTCRSPCLINK@@PEBURTCRSPCSTRING@@PEBURTASN1ALLOCATORVTABLE@@@Z
-  - ?RTCrSpcLink_SetMoniker@@YAHPEAURTCRSPCLINK@@PEBURTCRSPCSERIALIZEDOBJECT@@PEBURTASN1ALLOCATORVTABLE@@@Z
-  - ?RTCrSpcLink_SetUrl@@YAHPEAURTCRSPCLINK@@PEBURTASN1STRING@@PEBURTASN1ALLOCATORVTABLE@@@Z
-  - ?RTCrSpcString_SetAscii@@YAHPEAURTCRSPCSTRING@@PEBURTASN1STRING@@PEBURTASN1ALLOCATORVTABLE@@@Z
-  - ?RTCrSpcString_SetUcs2@@YAHPEAURTCRSPCSTRING@@PEBURTASN1STRING@@PEBURTASN1ALLOCATORVTABLE@@@Z
-  - ?RTCrTafTrustAnchorChoice_SetCertificate@@YAHPEAURTCRTAFTRUSTANCHORCHOICE@@PEBURTCRX509CERTIFICATE@@PEBURTASN1ALLOCATORVTABLE@@@Z
-  - ?RTCrTafTrustAnchorChoice_SetTaInfo@@YAHPEAURTCRTAFTRUSTANCHORCHOICE@@PEBURTCRTAFTRUSTANCHORINFO@@PEBURTASN1ALLOCATORVTABLE@@@Z
-  - ?RTCrTafTrustAnchorChoice_SetTbsCert@@YAHPEAURTCRTAFTRUSTANCHORCHOICE@@PEBURTCRX509TBSCERTIFICATE@@PEBURTASN1ALLOCATORVTABLE@@@Z
-  - ?RTCrX509AttributeTypeAndValue_MatchAsRdnByRfc5280@@YA_NPEBURTCRX509ATTRIBUTETYPEANDVALUE@@0@Z
-  - ?RTCrX509GeneralName_SetDirectoryName@@YAHPEAURTCRX509GENERALNAME@@PEBURTCRX509NAME@@PEBURTASN1ALLOCATORVTABLE@@@Z
-  - ?RTCrX509GeneralName_SetDnsType@@YAHPEAURTCRX509GENERALNAME@@PEBURTASN1STRING@@PEBURTASN1ALLOCATORVTABLE@@@Z
-  - ?RTCrX509GeneralName_SetEdiPartyName@@YAHPEAURTCRX509GENERALNAME@@PEBURTASN1DYNTYPE@@PEBURTASN1ALLOCATORVTABLE@@@Z
-  - ?RTCrX509GeneralName_SetIpAddress@@YAHPEAURTCRX509GENERALNAME@@PEBURTASN1OCTETSTRING@@PEBURTASN1ALLOCATORVTABLE@@@Z
-  - ?RTCrX509GeneralName_SetOtherName@@YAHPEAURTCRX509GENERALNAME@@PEBURTCRX509OTHERNAME@@PEBURTASN1ALLOCATORVTABLE@@@Z
-  - ?RTCrX509GeneralName_SetRegisteredId@@YAHPEAURTCRX509GENERALNAME@@PEBURTASN1OBJID@@PEBURTASN1ALLOCATORVTABLE@@@Z
-  - ?RTCrX509GeneralName_SetRfc822@@YAHPEAURTCRX509GENERALNAME@@PEBURTASN1STRING@@PEBURTASN1ALLOCATORVTABLE@@@Z
-  - ?RTCrX509GeneralName_SetUri@@YAHPEAURTCRX509GENERALNAME@@PEBURTASN1STRING@@PEBURTASN1ALLOCATORVTABLE@@@Z
-  - ?RTCrX509GeneralName_SetX400Address@@YAHPEAURTCRX509GENERALNAME@@PEBURTASN1DYNTYPE@@PEBURTASN1ALLOCATORVTABLE@@@Z
-  - ?RTCrX509RelativeDistinguishedName_MatchByRfc5280@@YA_NPEBURTCRX509ATTRIBUTETYPEANDVALUES@@0@Z
-  - ASMAtomicBitClear
-  - ASMAtomicXchgU16
-  - ASMAtomicXchgU8
-  - ASMCpuIdExSlow
-  - ASMGetCS
-  - ASMGetDS
-  - ASMGetES
-  - ASMGetFS
-  - ASMGetFlags
-  - ASMGetGS
-  - ASMGetIDTR
-  - ASMGetSS
-  - ASMMemFirstMismatchingU8
-  - ASMMemFirstNonZero
-  - ASMMultU64ByU32DivByU32
-  - ASMNopPause
-  - ASMSetFlags
-  - RTAsn1BitString_AreContentBitsValid
-  - RTAsn1BitString_CheckSanity
-  - RTAsn1BitString_Clone
-  - RTAsn1BitString_Compare
-  - RTAsn1BitString_DecodeAsn1
-  - RTAsn1BitString_DecodeAsn1Ex
-  - RTAsn1BitString_Delete
-  - RTAsn1BitString_Enum
-  - RTAsn1BitString_GetAsUInt64
-  - RTAsn1BitString_Init
-  - RTAsn1BitString_RefreshContent
-  - RTAsn1BmpString_CheckSanity
-  - RTAsn1BmpString_Clone
-  - RTAsn1BmpString_Compare
-  - RTAsn1BmpString_DecodeAsn1
-  - RTAsn1BmpString_Delete
-  - RTAsn1BmpString_Enum
-  - RTAsn1BmpString_Init
-  - RTAsn1Boolean_CheckSanity
-  - RTAsn1Boolean_Clone
-  - RTAsn1Boolean_Compare
-  - RTAsn1Boolean_DecodeAsn1
-  - RTAsn1Boolean_Delete
-  - RTAsn1Boolean_Enum
-  - RTAsn1Boolean_Init
-  - RTAsn1Boolean_InitDefault
-  - RTAsn1Boolean_Set
-  - RTAsn1ContentAllocZ
-  - RTAsn1ContentDup
-  - RTAsn1ContentFree
-  - RTAsn1ContentReallocZ
-  - RTAsn1ContextTagN_Clone
-  - RTAsn1ContextTagN_Init
-  - RTAsn1Core_ChangeTag
-  - RTAsn1Core_CheckSanity
-  - RTAsn1Core_Clone
-  - RTAsn1Core_CloneContent
-  - RTAsn1Core_CloneNoContent
-  - RTAsn1Core_Compare
-  - RTAsn1Core_CompareEx
-  - RTAsn1Core_DecodeAsn1
-  - RTAsn1Core_Delete
-  - RTAsn1Core_Enum
-  - RTAsn1Core_Init
-  - RTAsn1Core_InitDefault
-  - RTAsn1Core_InitEx
-  - RTAsn1Core_ResetImplict
-  - RTAsn1Core_SetTagAndFlags
-  - RTAsn1CursorCheckEnd
-  - RTAsn1CursorCheckOctStrEnd
-  - RTAsn1CursorCheckSeqEnd
-  - RTAsn1CursorCheckSetEnd
-  - RTAsn1CursorGetBitString
-  - RTAsn1CursorGetBitStringEx
-  - RTAsn1CursorGetBmpString
-  - RTAsn1CursorGetBoolean
-  - RTAsn1CursorGetContextTagNCursor
-  - RTAsn1CursorGetCore
-  - RTAsn1CursorGetDynType
-  - RTAsn1CursorGetIa5String
-  - RTAsn1CursorGetInteger
-  - RTAsn1CursorGetNull
-  - RTAsn1CursorGetObjId
-  - RTAsn1CursorGetOctetString
-  - RTAsn1CursorGetSequenceCursor
-  - RTAsn1CursorGetSetCursor
-  - RTAsn1CursorGetString
-  - RTAsn1CursorGetTime
-  - RTAsn1CursorGetUtf8String
-  - RTAsn1CursorInitAllocation
-  - RTAsn1CursorInitArrayAllocation
-  - RTAsn1CursorInitPrimary
-  - RTAsn1CursorInitSub
-  - RTAsn1CursorInitSubFromCore
-  - RTAsn1CursorIsEnd
-  - RTAsn1CursorIsNextEx
-  - RTAsn1CursorMatchTagClassFlagsEx
-  - RTAsn1CursorPeek
-  - RTAsn1CursorReadHdr
-  - RTAsn1CursorSetInfo
-  - RTAsn1CursorSetInfoV
-  - RTAsn1Dummy_InitEx
-  - RTAsn1Dump
-  - RTAsn1DynType_CheckSanity
-  - RTAsn1DynType_Clone
-  - RTAsn1DynType_Compare
-  - RTAsn1DynType_DecodeAsn1
-  - RTAsn1DynType_Delete
-  - RTAsn1DynType_Enum
-  - RTAsn1DynType_Init
-  - RTAsn1EncodePrepare
-  - RTAsn1EncodeRecalcHdrSize
-  - RTAsn1EncodeToBuffer
-  - RTAsn1EncodeWrite
-  - RTAsn1EncodeWriteHeader
-  - RTAsn1GeneralString_CheckSanity
-  - RTAsn1GeneralString_Clone
-  - RTAsn1GeneralString_Compare
-  - RTAsn1GeneralString_DecodeAsn1
-  - RTAsn1GeneralString_Delete
-  - RTAsn1GeneralString_Enum
-  - RTAsn1GeneralString_Init
-  - RTAsn1GeneralizedTime_CheckSanity
-  - RTAsn1GeneralizedTime_Clone
-  - RTAsn1GeneralizedTime_Compare
-  - RTAsn1GeneralizedTime_DecodeAsn1
-  - RTAsn1GeneralizedTime_Delete
-  - RTAsn1GeneralizedTime_Enum
-  - RTAsn1GeneralizedTime_Init
-  - RTAsn1GraphicString_CheckSanity
-  - RTAsn1GraphicString_Clone
-  - RTAsn1GraphicString_Compare
-  - RTAsn1GraphicString_DecodeAsn1
-  - RTAsn1GraphicString_Delete
-  - RTAsn1GraphicString_Enum
-  - RTAsn1GraphicString_Init
-  - RTAsn1Ia5String_CheckSanity
-  - RTAsn1Ia5String_Clone
-  - RTAsn1Ia5String_Compare
-  - RTAsn1Ia5String_DecodeAsn1
-  - RTAsn1Ia5String_Delete
-  - RTAsn1Ia5String_Enum
-  - RTAsn1Ia5String_Init
-  - RTAsn1Integer_CheckSanity
-  - RTAsn1Integer_Clone
-  - RTAsn1Integer_Compare
-  - RTAsn1Integer_DecodeAsn1
-  - RTAsn1Integer_Delete
-  - RTAsn1Integer_Enum
-  - RTAsn1Integer_FromBigNum
-  - RTAsn1Integer_Init
-  - RTAsn1Integer_InitDefault
-  - RTAsn1Integer_InitU64
-  - RTAsn1Integer_ToBigNum
-  - RTAsn1Integer_ToString
-  - RTAsn1Integer_UnsignedCompare
-  - RTAsn1Integer_UnsignedCompareWithU32
-  - RTAsn1Integer_UnsignedCompareWithU64
-  - RTAsn1Integer_UnsignedLastBit
-  - RTAsn1MemAllocZ
-  - RTAsn1MemDup
-  - RTAsn1MemFree
-  - RTAsn1MemFreeArray
-  - RTAsn1MemInitAllocation
-  - RTAsn1MemInitArrayAllocation
-  - RTAsn1MemResizeArray
-  - RTAsn1Null_CheckSanity
-  - RTAsn1Null_Clone
-  - RTAsn1Null_Compare
-  - RTAsn1Null_DecodeAsn1
-  - RTAsn1Null_Delete
-  - RTAsn1Null_Enum
-  - RTAsn1Null_Init
-  - RTAsn1NumericString_CheckSanity
-  - RTAsn1NumericString_Clone
-  - RTAsn1NumericString_Compare
-  - RTAsn1NumericString_DecodeAsn1
-  - RTAsn1NumericString_Delete
-  - RTAsn1NumericString_Enum
-  - RTAsn1NumericString_Init
-  - RTAsn1ObjIdCountComponents
-  - RTAsn1ObjIdGetComponentsAsUInt32
-  - RTAsn1ObjIdGetLastComponentsAsUInt32
-  - RTAsn1ObjId_CheckSanity
-  - RTAsn1ObjId_Clone
-  - RTAsn1ObjId_Compare
-  - RTAsn1ObjId_CompareWithString
-  - RTAsn1ObjId_DecodeAsn1
-  - RTAsn1ObjId_Delete
-  - RTAsn1ObjId_Enum
-  - RTAsn1ObjId_Init
-  - RTAsn1ObjId_InitFromString
-  - RTAsn1ObjId_StartsWith
-  - RTAsn1OctetString_AreContentBytesValid
-  - RTAsn1OctetString_CheckSanity
-  - RTAsn1OctetString_Clone
-  - RTAsn1OctetString_Compare
-  - RTAsn1OctetString_DecodeAsn1
-  - RTAsn1OctetString_Delete
-  - RTAsn1OctetString_Enum
-  - RTAsn1OctetString_Init
-  - RTAsn1OctetString_RefreshContent
-  - RTAsn1PrintableString_CheckSanity
-  - RTAsn1PrintableString_Clone
-  - RTAsn1PrintableString_Compare
-  - RTAsn1PrintableString_DecodeAsn1
-  - RTAsn1PrintableString_Delete
-  - RTAsn1PrintableString_Enum
-  - RTAsn1PrintableString_Init
-  - RTAsn1QueryObjIdName
-  - RTAsn1SeqOfBitStrings_CheckSanity
-  - RTAsn1SeqOfBitStrings_Clone
-  - RTAsn1SeqOfBitStrings_Compare
-  - RTAsn1SeqOfBitStrings_DecodeAsn1
-  - RTAsn1SeqOfBitStrings_Delete
-  - RTAsn1SeqOfBitStrings_Enum
-  - RTAsn1SeqOfBitStrings_Erase
-  - RTAsn1SeqOfBitStrings_Init
-  - RTAsn1SeqOfBitStrings_InsertEx
-  - RTAsn1SeqOfBooleans_CheckSanity
-  - RTAsn1SeqOfBooleans_Clone
-  - RTAsn1SeqOfBooleans_Compare
-  - RTAsn1SeqOfBooleans_DecodeAsn1
-  - RTAsn1SeqOfBooleans_Delete
-  - RTAsn1SeqOfBooleans_Enum
-  - RTAsn1SeqOfBooleans_Erase
-  - RTAsn1SeqOfBooleans_Init
-  - RTAsn1SeqOfBooleans_InsertEx
-  - RTAsn1SeqOfCore_Clone
-  - RTAsn1SeqOfCore_Init
-  - RTAsn1SeqOfCores_CheckSanity
-  - RTAsn1SeqOfCores_Clone
-  - RTAsn1SeqOfCores_Compare
-  - RTAsn1SeqOfCores_DecodeAsn1
-  - RTAsn1SeqOfCores_Delete
-  - RTAsn1SeqOfCores_Enum
-  - RTAsn1SeqOfCores_Erase
-  - RTAsn1SeqOfCores_Init
-  - RTAsn1SeqOfCores_InsertEx
-  - RTAsn1SeqOfIntegers_CheckSanity
-  - RTAsn1SeqOfIntegers_Clone
-  - RTAsn1SeqOfIntegers_Compare
-  - RTAsn1SeqOfIntegers_DecodeAsn1
-  - RTAsn1SeqOfIntegers_Delete
-  - RTAsn1SeqOfIntegers_Enum
-  - RTAsn1SeqOfIntegers_Erase
-  - RTAsn1SeqOfIntegers_Init
-  - RTAsn1SeqOfIntegers_InsertEx
-  - RTAsn1SeqOfObjIds_CheckSanity
-  - RTAsn1SeqOfObjIds_Clone
-  - RTAsn1SeqOfObjIds_Compare
-  - RTAsn1SeqOfObjIds_DecodeAsn1
-  - RTAsn1SeqOfObjIds_Delete
-  - RTAsn1SeqOfObjIds_Enum
-  - RTAsn1SeqOfObjIds_Erase
-  - RTAsn1SeqOfObjIds_Init
-  - RTAsn1SeqOfObjIds_InsertEx
-  - RTAsn1SeqOfOctetStrings_CheckSanity
-  - RTAsn1SeqOfOctetStrings_Clone
-  - RTAsn1SeqOfOctetStrings_Compare
-  - RTAsn1SeqOfOctetStrings_DecodeAsn1
-  - RTAsn1SeqOfOctetStrings_Delete
-  - RTAsn1SeqOfOctetStrings_Enum
-  - RTAsn1SeqOfOctetStrings_Erase
-  - RTAsn1SeqOfOctetStrings_Init
-  - RTAsn1SeqOfOctetStrings_InsertEx
-  - RTAsn1SeqOfStrings_CheckSanity
-  - RTAsn1SeqOfStrings_Clone
-  - RTAsn1SeqOfStrings_Compare
-  - RTAsn1SeqOfStrings_DecodeAsn1
-  - RTAsn1SeqOfStrings_Delete
-  - RTAsn1SeqOfStrings_Enum
-  - RTAsn1SeqOfStrings_Erase
-  - RTAsn1SeqOfStrings_Init
-  - RTAsn1SeqOfStrings_InsertEx
-  - RTAsn1SeqOfTimes_CheckSanity
-  - RTAsn1SeqOfTimes_Clone
-  - RTAsn1SeqOfTimes_Compare
-  - RTAsn1SeqOfTimes_DecodeAsn1
-  - RTAsn1SeqOfTimes_Delete
-  - RTAsn1SeqOfTimes_Enum
-  - RTAsn1SeqOfTimes_Erase
-  - RTAsn1SeqOfTimes_Init
-  - RTAsn1SeqOfTimes_InsertEx
-  - RTAsn1SequenceCore_Clone
-  - RTAsn1SequenceCore_Init
-  - RTAsn1SetCore_Clone
-  - RTAsn1SetCore_Init
-  - RTAsn1SetOfBitStrings_CheckSanity
-  - RTAsn1SetOfBitStrings_Clone
-  - RTAsn1SetOfBitStrings_Compare
-  - RTAsn1SetOfBitStrings_DecodeAsn1
-  - RTAsn1SetOfBitStrings_Delete
-  - RTAsn1SetOfBitStrings_Enum
-  - RTAsn1SetOfBitStrings_Erase
-  - RTAsn1SetOfBitStrings_Init
-  - RTAsn1SetOfBitStrings_InsertEx
-  - RTAsn1SetOfBooleans_CheckSanity
-  - RTAsn1SetOfBooleans_Clone
-  - RTAsn1SetOfBooleans_Compare
-  - RTAsn1SetOfBooleans_DecodeAsn1
-  - RTAsn1SetOfBooleans_Delete
-  - RTAsn1SetOfBooleans_Enum
-  - RTAsn1SetOfBooleans_Erase
-  - RTAsn1SetOfBooleans_Init
-  - RTAsn1SetOfBooleans_InsertEx
-  - RTAsn1SetOfCore_Clone
-  - RTAsn1SetOfCore_Init
-  - RTAsn1SetOfCores_CheckSanity
-  - RTAsn1SetOfCores_Clone
-  - RTAsn1SetOfCores_Compare
-  - RTAsn1SetOfCores_DecodeAsn1
-  - RTAsn1SetOfCores_Delete
-  - RTAsn1SetOfCores_Enum
-  - RTAsn1SetOfCores_Erase
-  - RTAsn1SetOfCores_Init
-  - RTAsn1SetOfCores_InsertEx
-  - RTAsn1SetOfIntegers_CheckSanity
-  - RTAsn1SetOfIntegers_Clone
-  - RTAsn1SetOfIntegers_Compare
-  - RTAsn1SetOfIntegers_DecodeAsn1
-  - RTAsn1SetOfIntegers_Delete
-  - RTAsn1SetOfIntegers_Enum
-  - RTAsn1SetOfIntegers_Erase
-  - RTAsn1SetOfIntegers_Init
-  - RTAsn1SetOfIntegers_InsertEx
-  - RTAsn1SetOfObjIdSeqs_CheckSanity
-  - RTAsn1SetOfObjIdSeqs_Clone
-  - RTAsn1SetOfObjIdSeqs_Compare
-  - RTAsn1SetOfObjIdSeqs_DecodeAsn1
-  - RTAsn1SetOfObjIdSeqs_Delete
-  - RTAsn1SetOfObjIdSeqs_Enum
-  - RTAsn1SetOfObjIdSeqs_Erase
-  - RTAsn1SetOfObjIdSeqs_Init
-  - RTAsn1SetOfObjIdSeqs_InsertEx
-  - RTAsn1SetOfObjIds_CheckSanity
-  - RTAsn1SetOfObjIds_Clone
-  - RTAsn1SetOfObjIds_Compare
-  - RTAsn1SetOfObjIds_DecodeAsn1
-  - RTAsn1SetOfObjIds_Delete
-  - RTAsn1SetOfObjIds_Enum
-  - RTAsn1SetOfObjIds_Erase
-  - RTAsn1SetOfObjIds_Init
-  - RTAsn1SetOfObjIds_InsertEx
-  - RTAsn1SetOfOctetStrings_CheckSanity
-  - RTAsn1SetOfOctetStrings_Clone
-  - RTAsn1SetOfOctetStrings_Compare
-  - RTAsn1SetOfOctetStrings_DecodeAsn1
-  - RTAsn1SetOfOctetStrings_Delete
-  - RTAsn1SetOfOctetStrings_Enum
-  - RTAsn1SetOfOctetStrings_Erase
-  - RTAsn1SetOfOctetStrings_Init
-  - RTAsn1SetOfOctetStrings_InsertEx
-  - RTAsn1SetOfStrings_CheckSanity
-  - RTAsn1SetOfStrings_Clone
-  - RTAsn1SetOfStrings_Compare
-  - RTAsn1SetOfStrings_DecodeAsn1
-  - RTAsn1SetOfStrings_Delete
-  - RTAsn1SetOfStrings_Enum
-  - RTAsn1SetOfStrings_Erase
-  - RTAsn1SetOfStrings_Init
-  - RTAsn1SetOfStrings_InsertEx
-  - RTAsn1SetOfTimes_CheckSanity
-  - RTAsn1SetOfTimes_Clone
-  - RTAsn1SetOfTimes_Compare
-  - RTAsn1SetOfTimes_DecodeAsn1
-  - RTAsn1SetOfTimes_Delete
-  - RTAsn1SetOfTimes_Enum
-  - RTAsn1SetOfTimes_Erase
-  - RTAsn1SetOfTimes_Init
-  - RTAsn1SetOfTimes_InsertEx
-  - RTAsn1String_CheckSanity
-  - RTAsn1String_Clone
-  - RTAsn1String_Compare
-  - RTAsn1String_CompareEx
-  - RTAsn1String_CompareValues
-  - RTAsn1String_CompareWithString
-  - RTAsn1String_DecodeAsn1
-  - RTAsn1String_Delete
-  - RTAsn1String_Enum
-  - RTAsn1String_Init
-  - RTAsn1String_InitEx
-  - RTAsn1String_InitWithValue
-  - RTAsn1String_QueryUtf8
-  - RTAsn1String_QueryUtf8Len
-  - RTAsn1String_RecodeAsUtf8
-  - RTAsn1T61String_CheckSanity
-  - RTAsn1T61String_Clone
-  - RTAsn1T61String_Compare
-  - RTAsn1T61String_DecodeAsn1
-  - RTAsn1T61String_Delete
-  - RTAsn1T61String_Enum
-  - RTAsn1T61String_Init
-  - RTAsn1Time_CheckSanity
-  - RTAsn1Time_Clone
-  - RTAsn1Time_Compare
-  - RTAsn1Time_CompareWithTimeSpec
-  - RTAsn1Time_DecodeAsn1
-  - RTAsn1Time_Delete
-  - RTAsn1Time_Enum
-  - RTAsn1Time_Init
-  - RTAsn1Time_InitEx
-  - RTAsn1UniversalString_CheckSanity
-  - RTAsn1UniversalString_Clone
-  - RTAsn1UniversalString_Compare
-  - RTAsn1UniversalString_DecodeAsn1
-  - RTAsn1UniversalString_Delete
-  - RTAsn1UniversalString_Enum
-  - RTAsn1UniversalString_Init
-  - RTAsn1UtcTime_CheckSanity
-  - RTAsn1UtcTime_Clone
-  - RTAsn1UtcTime_Compare
-  - RTAsn1UtcTime_DecodeAsn1
-  - RTAsn1UtcTime_Delete
-  - RTAsn1UtcTime_Enum
-  - RTAsn1UtcTime_Init
-  - RTAsn1Utf8String_CheckSanity
-  - RTAsn1Utf8String_Clone
-  - RTAsn1Utf8String_Compare
-  - RTAsn1Utf8String_DecodeAsn1
-  - RTAsn1Utf8String_Delete
-  - RTAsn1Utf8String_Enum
-  - RTAsn1Utf8String_Init
-  - RTAsn1VisibleString_CheckSanity
-  - RTAsn1VisibleString_Clone
-  - RTAsn1VisibleString_Compare
-  - RTAsn1VisibleString_DecodeAsn1
-  - RTAsn1VisibleString_Delete
-  - RTAsn1VisibleString_Enum
-  - RTAsn1VisibleString_Init
-  - RTAsn1VtCheckSanity
-  - RTAsn1VtClone
-  - RTAsn1VtCompare
-  - RTAsn1VtDeepEnum
-  - RTAsn1VtDelete
-  - RTAssertAreQuiet
-  - RTAssertMayPanic
-  - RTAssertMsg1
-  - RTAssertMsg1Weak
-  - RTAssertMsg2AddV
-  - RTAssertMsg2V
-  - RTAssertMsg2Weak
-  - RTAssertMsg2WeakV
-  - RTAssertSetMayPanic
-  - RTAssertSetQuiet
-  - RTAssertShouldPanic
-  - RTAvlPVDestroy
-  - RTAvlPVDoWithAll
-  - RTAvlPVGet
-  - RTAvlPVGetBestFit
-  - RTAvlPVInsert
-  - RTAvlPVRemove
-  - RTAvlPVRemoveBestFit
-  - RTBigNumAdd
-  - RTBigNumAssign
-  - RTBigNumBitWidth
-  - RTBigNumByteWidth
-  - RTBigNumClone
-  - RTBigNumCompare
-  - RTBigNumCompareWithS64
-  - RTBigNumCompareWithU64
-  - RTBigNumDestroy
-  - RTBigNumDivide
-  - RTBigNumDivideLong
-  - RTBigNumExponentiate
-  - RTBigNumInit
-  - RTBigNumInitZero
-  - RTBigNumModExp
-  - RTBigNumModulo
-  - RTBigNumMultiply
-  - RTBigNumNegate
-  - RTBigNumNegateThis
-  - RTBigNumShiftLeft
-  - RTBigNumShiftRight
-  - RTBigNumSubtract
-  - RTBigNumToBytesBigEndian
-  - RTCrCertCtxRelease
-  - RTCrCertCtxRetain
-  - RTCrDigestClone
-  - RTCrDigestCreate
-  - RTCrDigestCreateByObjId
-  - RTCrDigestCreateByObjIdString
-  - RTCrDigestCreateByType
-  - RTCrDigestFinal
-  - RTCrDigestFindByObjId
-  - RTCrDigestFindByObjIdString
-  - RTCrDigestFindByType
-  - RTCrDigestGetAlgorithmOid
-  - RTCrDigestGetConsumedSize
-  - RTCrDigestGetFlags
-  - RTCrDigestGetHash
-  - RTCrDigestGetHashSize
-  - RTCrDigestGetType
-  - RTCrDigestIsFinalized
-  - RTCrDigestMatch
-  - RTCrDigestRelease
-  - RTCrDigestReset
-  - RTCrDigestRetain
-  - RTCrDigestTypeToAlgorithmOid
-  - RTCrDigestTypeToHashSize
-  - RTCrDigestTypeToName
-  - RTCrDigestUpdate
-  - RTCrKeyCreateFromPublicAlgorithmAndBits
-  - RTCrKeyCreateFromSubjectPublicKeyInfo
-  - RTCrKeyGetBitCount
-  - RTCrKeyGetType
-  - RTCrKeyHasPrivatePart
-  - RTCrKeyHasPublicPart
-  - RTCrKeyQueryRsaModulus
-  - RTCrKeyQueryRsaPrivateExponent
-  - RTCrKeyRelease
-  - RTCrKeyRetain
-  - RTCrPkcs7Attribute_CheckSanity
-  - RTCrPkcs7Attribute_Clone
-  - RTCrPkcs7Attribute_Compare
-  - RTCrPkcs7Attribute_DecodeAsn1
-  - RTCrPkcs7Attribute_Delete
-  - RTCrPkcs7Attribute_Enum
-  - RTCrPkcs7Attribute_Init
-  - RTCrPkcs7Attributes_CheckSanity
-  - RTCrPkcs7Attributes_Clone
-  - RTCrPkcs7Attributes_Compare
-  - RTCrPkcs7Attributes_DecodeAsn1
-  - RTCrPkcs7Attributes_Delete
-  - RTCrPkcs7Attributes_Enum
-  - RTCrPkcs7Attributes_Erase
-  - RTCrPkcs7Attributes_Init
-  - RTCrPkcs7Attributes_InsertEx
-  - RTCrPkcs7Cert_CheckSanity
-  - RTCrPkcs7Cert_Clone
-  - RTCrPkcs7Cert_Compare
-  - RTCrPkcs7Cert_DecodeAsn1
-  - RTCrPkcs7Cert_Delete
-  - RTCrPkcs7Cert_Enum
-  - RTCrPkcs7Cert_Init
-  - RTCrPkcs7ContentInfo_CheckSanity
-  - RTCrPkcs7ContentInfo_Clone
-  - RTCrPkcs7ContentInfo_Compare
-  - RTCrPkcs7ContentInfo_DecodeAsn1
-  - RTCrPkcs7ContentInfo_Delete
-  - RTCrPkcs7ContentInfo_Enum
-  - RTCrPkcs7ContentInfo_Init
-  - RTCrPkcs7ContentInfo_IsSignedData
-  - RTCrPkcs7DigestInfo_CheckSanity
-  - RTCrPkcs7DigestInfo_Clone
-  - RTCrPkcs7DigestInfo_Compare
-  - RTCrPkcs7DigestInfo_DecodeAsn1
-  - RTCrPkcs7DigestInfo_Delete
-  - RTCrPkcs7DigestInfo_Enum
-  - RTCrPkcs7DigestInfo_Init
-  - RTCrPkcs7IssuerAndSerialNumber_CheckSanity
-  - RTCrPkcs7IssuerAndSerialNumber_Clone
-  - RTCrPkcs7IssuerAndSerialNumber_Compare
-  - RTCrPkcs7IssuerAndSerialNumber_DecodeAsn1
-  - RTCrPkcs7IssuerAndSerialNumber_Delete
-  - RTCrPkcs7IssuerAndSerialNumber_Enum
-  - RTCrPkcs7IssuerAndSerialNumber_Init
-  - RTCrPkcs7SetOfCerts_CheckSanity
-  - RTCrPkcs7SetOfCerts_Clone
-  - RTCrPkcs7SetOfCerts_Compare
-  - RTCrPkcs7SetOfCerts_DecodeAsn1
-  - RTCrPkcs7SetOfCerts_Delete
-  - RTCrPkcs7SetOfCerts_Enum
-  - RTCrPkcs7SetOfCerts_Erase
-  - RTCrPkcs7SetOfCerts_FindX509ByIssuerAndSerialNumber
-  - RTCrPkcs7SetOfCerts_Init
-  - RTCrPkcs7SetOfCerts_InsertEx
-  - RTCrPkcs7SetOfContentInfos_CheckSanity
-  - RTCrPkcs7SetOfContentInfos_Clone
-  - RTCrPkcs7SetOfContentInfos_Compare
-  - RTCrPkcs7SetOfContentInfos_DecodeAsn1
-  - RTCrPkcs7SetOfContentInfos_Delete
-  - RTCrPkcs7SetOfContentInfos_Enum
-  - RTCrPkcs7SetOfContentInfos_Erase
-  - RTCrPkcs7SetOfContentInfos_Init
-  - RTCrPkcs7SetOfContentInfos_InsertEx
-  - RTCrPkcs7SetOfSignedData_CheckSanity
-  - RTCrPkcs7SetOfSignedData_Clone
-  - RTCrPkcs7SetOfSignedData_Compare
-  - RTCrPkcs7SetOfSignedData_DecodeAsn1
-  - RTCrPkcs7SetOfSignedData_Delete
-  - RTCrPkcs7SetOfSignedData_Enum
-  - RTCrPkcs7SetOfSignedData_Erase
-  - RTCrPkcs7SetOfSignedData_Init
-  - RTCrPkcs7SetOfSignedData_InsertEx
-  - RTCrPkcs7SignedData_CheckSanity
-  - RTCrPkcs7SignedData_Clone
-  - RTCrPkcs7SignedData_Compare
-  - RTCrPkcs7SignedData_DecodeAsn1
-  - RTCrPkcs7SignedData_Delete
-  - RTCrPkcs7SignedData_Enum
-  - RTCrPkcs7SignedData_Init
-  - RTCrPkcs7SignerInfo_CheckSanity
-  - RTCrPkcs7SignerInfo_Clone
-  - RTCrPkcs7SignerInfo_Compare
-  - RTCrPkcs7SignerInfo_DecodeAsn1
-  - RTCrPkcs7SignerInfo_Delete
-  - RTCrPkcs7SignerInfo_Enum
-  - RTCrPkcs7SignerInfo_GetMsTimestamp
-  - RTCrPkcs7SignerInfo_GetSigningTime
-  - RTCrPkcs7SignerInfo_Init
-  - RTCrPkcs7SignerInfos_CheckSanity
-  - RTCrPkcs7SignerInfos_Clone
-  - RTCrPkcs7SignerInfos_Compare
-  - RTCrPkcs7SignerInfos_DecodeAsn1
-  - RTCrPkcs7SignerInfos_Delete
-  - RTCrPkcs7SignerInfos_Enum
-  - RTCrPkcs7SignerInfos_Erase
-  - RTCrPkcs7SignerInfos_Init
-  - RTCrPkcs7SignerInfos_InsertEx
-  - RTCrPkcs7VerifyCertCallbackCodeSigning
-  - RTCrPkcs7VerifyCertCallbackDefault
-  - RTCrPkcs7VerifySignedData
-  - RTCrPkcs7VerifySignedDataWithExternalData
-  - RTCrPkixGetCiperOidFromSignatureAlgorithm
-  - RTCrPkixPubKeyVerifySignature
-  - RTCrPkixPubKeyVerifySignedDigest
-  - RTCrPkixPubKeyVerifySignedDigestByCertPubKeyInfo
-  - RTCrPkixSignatureCreate
-  - RTCrPkixSignatureCreateByObjId
-  - RTCrPkixSignatureCreateByObjIdString
-  - RTCrPkixSignatureRelease
-  - RTCrPkixSignatureRetain
-  - RTCrPkixSignatureSign
-  - RTCrPkixSignatureVerify
-  - RTCrPkixSignatureVerifyBitString
-  - RTCrPkixSignatureVerifyOctetString
-  - RTCrRsaDigestInfo_CheckSanity
-  - RTCrRsaDigestInfo_Clone
-  - RTCrRsaDigestInfo_Compare
-  - RTCrRsaDigestInfo_DecodeAsn1
-  - RTCrRsaDigestInfo_Delete
-  - RTCrRsaDigestInfo_Enum
-  - RTCrRsaDigestInfo_Init
-  - RTCrRsaOtherPrimeInfo_CheckSanity
-  - RTCrRsaOtherPrimeInfo_Clone
-  - RTCrRsaOtherPrimeInfo_Compare
-  - RTCrRsaOtherPrimeInfo_DecodeAsn1
-  - RTCrRsaOtherPrimeInfo_Delete
-  - RTCrRsaOtherPrimeInfo_Enum
-  - RTCrRsaOtherPrimeInfo_Init
-  - RTCrRsaOtherPrimeInfos_CheckSanity
-  - RTCrRsaOtherPrimeInfos_Clone
-  - RTCrRsaOtherPrimeInfos_Compare
-  - RTCrRsaOtherPrimeInfos_DecodeAsn1
-  - RTCrRsaOtherPrimeInfos_Delete
-  - RTCrRsaOtherPrimeInfos_Enum
-  - RTCrRsaOtherPrimeInfos_Erase
-  - RTCrRsaOtherPrimeInfos_Init
-  - RTCrRsaOtherPrimeInfos_InsertEx
-  - RTCrRsaPrivateKey_CheckSanity
-  - RTCrRsaPrivateKey_Clone
-  - RTCrRsaPrivateKey_Compare
-  - RTCrRsaPrivateKey_DecodeAsn1
-  - RTCrRsaPrivateKey_Delete
-  - RTCrRsaPrivateKey_Enum
-  - RTCrRsaPrivateKey_Init
-  - RTCrRsaPublicKey_CheckSanity
-  - RTCrRsaPublicKey_Clone
-  - RTCrRsaPublicKey_Compare
-  - RTCrRsaPublicKey_DecodeAsn1
-  - RTCrRsaPublicKey_Delete
-  - RTCrRsaPublicKey_Enum
-  - RTCrRsaPublicKey_Init
-  - RTCrSpcAttributeTypeAndOptionalValue_CheckSanity
-  - RTCrSpcAttributeTypeAndOptionalValue_Clone
-  - RTCrSpcAttributeTypeAndOptionalValue_Compare
-  - RTCrSpcAttributeTypeAndOptionalValue_DecodeAsn1
-  - RTCrSpcAttributeTypeAndOptionalValue_Delete
-  - RTCrSpcAttributeTypeAndOptionalValue_Enum
-  - RTCrSpcAttributeTypeAndOptionalValue_Init
-  - RTCrSpcIndirectDataContent_CheckSanity
-  - RTCrSpcIndirectDataContent_CheckSanityEx
-  - RTCrSpcIndirectDataContent_Clone
-  - RTCrSpcIndirectDataContent_Compare
-  - RTCrSpcIndirectDataContent_DecodeAsn1
-  - RTCrSpcIndirectDataContent_Delete
-  - RTCrSpcIndirectDataContent_Enum
-  - RTCrSpcIndirectDataContent_GetPeImageObjAttrib
-  - RTCrSpcIndirectDataContent_Init
-  - RTCrSpcLink_CheckSanity
-  - RTCrSpcLink_Clone
-  - RTCrSpcLink_Compare
-  - RTCrSpcLink_DecodeAsn1
-  - RTCrSpcLink_Delete
-  - RTCrSpcLink_Enum
-  - RTCrSpcLink_Init
-  - RTCrSpcPeImageData_CheckSanity
-  - RTCrSpcPeImageData_Clone
-  - RTCrSpcPeImageData_Compare
-  - RTCrSpcPeImageData_DecodeAsn1
-  - RTCrSpcPeImageData_Delete
-  - RTCrSpcPeImageData_Enum
-  - RTCrSpcPeImageData_Init
-  - RTCrSpcSerializedObjectAttribute_CheckSanity
-  - RTCrSpcSerializedObjectAttribute_Clone
-  - RTCrSpcSerializedObjectAttribute_Compare
-  - RTCrSpcSerializedObjectAttribute_DecodeAsn1
-  - RTCrSpcSerializedObjectAttribute_Delete
-  - RTCrSpcSerializedObjectAttribute_Enum
-  - RTCrSpcSerializedObjectAttribute_Init
-  - RTCrSpcSerializedObjectAttributes_CheckSanity
-  - RTCrSpcSerializedObjectAttributes_Clone
-  - RTCrSpcSerializedObjectAttributes_Compare
-  - RTCrSpcSerializedObjectAttributes_DecodeAsn1
-  - RTCrSpcSerializedObjectAttributes_Delete
-  - RTCrSpcSerializedObjectAttributes_Enum
-  - RTCrSpcSerializedObjectAttributes_Erase
-  - RTCrSpcSerializedObjectAttributes_Init
-  - RTCrSpcSerializedObjectAttributes_InsertEx
-  - RTCrSpcSerializedObject_CheckSanity
-  - RTCrSpcSerializedObject_Clone
-  - RTCrSpcSerializedObject_Compare
-  - RTCrSpcSerializedObject_DecodeAsn1
-  - RTCrSpcSerializedObject_Delete
-  - RTCrSpcSerializedObject_Enum
-  - RTCrSpcSerializedObject_Init
-  - RTCrSpcSerializedPageHashes_CheckSanity
-  - RTCrSpcSerializedPageHashes_Clone
-  - RTCrSpcSerializedPageHashes_Compare
-  - RTCrSpcSerializedPageHashes_DecodeAsn1
-  - RTCrSpcSerializedPageHashes_Delete
-  - RTCrSpcSerializedPageHashes_Enum
-  - RTCrSpcSerializedPageHashes_Init
-  - RTCrSpcSerializedPageHashes_UpdateDerivedData
-  - RTCrSpcString_CheckSanity
-  - RTCrSpcString_Clone
-  - RTCrSpcString_Compare
-  - RTCrSpcString_DecodeAsn1
-  - RTCrSpcString_Delete
-  - RTCrSpcString_Enum
-  - RTCrSpcString_Init
-  - RTCrStoreCertAddEncoded
-  - RTCrStoreCertByIssuerAndSerialNo
-  - RTCrStoreCertCount
-  - RTCrStoreCertFindAll
-  - RTCrStoreCertFindBySubjectOrAltSubjectByRfc5280
-  - RTCrStoreCertSearchDestroy
-  - RTCrStoreCertSearchNext
-  - RTCrStoreCreateInMem
-  - RTCrStoreRelease
-  - RTCrStoreRetain
-  - RTCrTafCertPathControls_CheckSanity
-  - RTCrTafCertPathControls_Clone
-  - RTCrTafCertPathControls_Compare
-  - RTCrTafCertPathControls_DecodeAsn1
-  - RTCrTafCertPathControls_Delete
-  - RTCrTafCertPathControls_Enum
-  - RTCrTafCertPathControls_Init
-  - RTCrTafTrustAnchorChoice_CheckSanity
-  - RTCrTafTrustAnchorChoice_Clone
-  - RTCrTafTrustAnchorChoice_Compare
-  - RTCrTafTrustAnchorChoice_DecodeAsn1
-  - RTCrTafTrustAnchorChoice_Delete
-  - RTCrTafTrustAnchorChoice_Enum
-  - RTCrTafTrustAnchorChoice_Init
-  - RTCrTafTrustAnchorInfo_CheckSanity
-  - RTCrTafTrustAnchorInfo_Clone
-  - RTCrTafTrustAnchorInfo_Compare
-  - RTCrTafTrustAnchorInfo_DecodeAsn1
-  - RTCrTafTrustAnchorInfo_Delete
-  - RTCrTafTrustAnchorInfo_Enum
-  - RTCrTafTrustAnchorInfo_Init
-  - RTCrTafTrustAnchorList_CheckSanity
-  - RTCrTafTrustAnchorList_Clone
-  - RTCrTafTrustAnchorList_Compare
-  - RTCrTafTrustAnchorList_DecodeAsn1
-  - RTCrTafTrustAnchorList_Delete
-  - RTCrTafTrustAnchorList_Enum
-  - RTCrTafTrustAnchorList_Erase
-  - RTCrTafTrustAnchorList_Init
-  - RTCrTafTrustAnchorList_InsertEx
-  - RTCrTspAccuracy_CheckSanity
-  - RTCrTspAccuracy_Clone
-  - RTCrTspAccuracy_Compare
-  - RTCrTspAccuracy_DecodeAsn1
-  - RTCrTspAccuracy_Delete
-  - RTCrTspAccuracy_Enum
-  - RTCrTspAccuracy_Init
-  - RTCrTspMessageImprint_CheckSanity
-  - RTCrTspMessageImprint_Clone
-  - RTCrTspMessageImprint_Compare
-  - RTCrTspMessageImprint_DecodeAsn1
-  - RTCrTspMessageImprint_Delete
-  - RTCrTspMessageImprint_Enum
-  - RTCrTspMessageImprint_Init
-  - RTCrTspTstInfo_CheckSanity
-  - RTCrTspTstInfo_Clone
-  - RTCrTspTstInfo_Compare
-  - RTCrTspTstInfo_DecodeAsn1
-  - RTCrTspTstInfo_Delete
-  - RTCrTspTstInfo_Enum
-  - RTCrTspTstInfo_Init
-  - RTCrX509AlgorithmIdentifier_CheckSanity
-  - RTCrX509AlgorithmIdentifier_Clone
-  - RTCrX509AlgorithmIdentifier_CombineEncryptionAndDigest
-  - RTCrX509AlgorithmIdentifier_CombineEncryptionOidAndDigestOid
-  - RTCrX509AlgorithmIdentifier_Compare
-  - RTCrX509AlgorithmIdentifier_CompareDigestAndEncryptedDigest
-  - RTCrX509AlgorithmIdentifier_CompareDigestOidAndEncryptedDigestOid
-  - RTCrX509AlgorithmIdentifier_CompareWithString
-  - RTCrX509AlgorithmIdentifier_DecodeAsn1
-  - RTCrX509AlgorithmIdentifier_Delete
-  - RTCrX509AlgorithmIdentifier_Enum
-  - RTCrX509AlgorithmIdentifier_Init
-  - RTCrX509AlgorithmIdentifier_QueryDigestSize
-  - RTCrX509AlgorithmIdentifier_QueryDigestType
-  - RTCrX509AlgorithmIdentifiers_CheckSanity
-  - RTCrX509AlgorithmIdentifiers_Clone
-  - RTCrX509AlgorithmIdentifiers_Compare
-  - RTCrX509AlgorithmIdentifiers_DecodeAsn1
-  - RTCrX509AlgorithmIdentifiers_Delete
-  - RTCrX509AlgorithmIdentifiers_Enum
-  - RTCrX509AlgorithmIdentifiers_Erase
-  - RTCrX509AlgorithmIdentifiers_Init
-  - RTCrX509AlgorithmIdentifiers_InsertEx
-  - RTCrX509AttributeTypeAndValue_CheckSanity
-  - RTCrX509AttributeTypeAndValue_Clone
-  - RTCrX509AttributeTypeAndValue_Compare
-  - RTCrX509AttributeTypeAndValue_DecodeAsn1
-  - RTCrX509AttributeTypeAndValue_Delete
-  - RTCrX509AttributeTypeAndValue_Enum
-  - RTCrX509AttributeTypeAndValue_Init
-  - RTCrX509AttributeTypeAndValues_CheckSanity
-  - RTCrX509AttributeTypeAndValues_Clone
-  - RTCrX509AttributeTypeAndValues_Compare
-  - RTCrX509AttributeTypeAndValues_DecodeAsn1
-  - RTCrX509AttributeTypeAndValues_Delete
-  - RTCrX509AttributeTypeAndValues_Enum
-  - RTCrX509AttributeTypeAndValues_Erase
-  - RTCrX509AttributeTypeAndValues_Init
-  - RTCrX509AttributeTypeAndValues_InsertEx
-  - RTCrX509AuthorityKeyIdentifier_CheckSanity
-  - RTCrX509AuthorityKeyIdentifier_Clone
-  - RTCrX509AuthorityKeyIdentifier_Compare
-  - RTCrX509AuthorityKeyIdentifier_DecodeAsn1
-  - RTCrX509AuthorityKeyIdentifier_Delete
-  - RTCrX509AuthorityKeyIdentifier_Enum
-  - RTCrX509AuthorityKeyIdentifier_Init
-  - RTCrX509BasicConstraints_CheckSanity
-  - RTCrX509BasicConstraints_Clone
-  - RTCrX509BasicConstraints_Compare
-  - RTCrX509BasicConstraints_DecodeAsn1
-  - RTCrX509BasicConstraints_Delete
-  - RTCrX509BasicConstraints_Enum
-  - RTCrX509BasicConstraints_Init
-  - RTCrX509CertPathsBuild
-  - RTCrX509CertPathsCreate
-  - RTCrX509CertPathsCreateEx
-  - RTCrX509CertPathsDumpAll
-  - RTCrX509CertPathsDumpOne
-  - RTCrX509CertPathsGetPathCount
-  - RTCrX509CertPathsGetPathLength
-  - RTCrX509CertPathsGetPathNodeCert
-  - RTCrX509CertPathsGetPathVerifyResult
-  - RTCrX509CertPathsQueryPathInfo
-  - RTCrX509CertPathsRelease
-  - RTCrX509CertPathsRetain
-  - RTCrX509CertPathsSetTrustedStore
-  - RTCrX509CertPathsSetUntrustedArray
-  - RTCrX509CertPathsSetUntrustedSet
-  - RTCrX509CertPathsSetUntrustedStore
-  - RTCrX509CertPathsSetValidTime
-  - RTCrX509CertPathsSetValidTimeSpec
-  - RTCrX509CertPathsValidateAll
-  - RTCrX509CertPathsValidateOne
-  - RTCrX509CertificatePolicies_CheckSanity
-  - RTCrX509CertificatePolicies_Clone
-  - RTCrX509CertificatePolicies_Compare
-  - RTCrX509CertificatePolicies_DecodeAsn1
-  - RTCrX509CertificatePolicies_Delete
-  - RTCrX509CertificatePolicies_Enum
-  - RTCrX509CertificatePolicies_Erase
-  - RTCrX509CertificatePolicies_Init
-  - RTCrX509CertificatePolicies_InsertEx
-  - RTCrX509Certificate_CheckSanity
-  - RTCrX509Certificate_Clone
-  - RTCrX509Certificate_Compare
-  - RTCrX509Certificate_DecodeAsn1
-  - RTCrX509Certificate_Delete
-  - RTCrX509Certificate_Enum
-  - RTCrX509Certificate_Init
-  - RTCrX509Certificate_IsSelfSigned
-  - RTCrX509Certificate_MatchIssuerAndSerialNumber
-  - RTCrX509Certificate_MatchSubjectOrAltSubjectByRfc5280
-  - RTCrX509Certificate_VerifySignature
-  - RTCrX509Certificate_VerifySignatureSelfSigned
-  - RTCrX509Certificates_CheckSanity
-  - RTCrX509Certificates_Clone
-  - RTCrX509Certificates_Compare
-  - RTCrX509Certificates_DecodeAsn1
-  - RTCrX509Certificates_Delete
-  - RTCrX509Certificates_Enum
-  - RTCrX509Certificates_Erase
-  - RTCrX509Certificates_FindByIssuerAndSerialNumber
-  - RTCrX509Certificates_Init
-  - RTCrX509Certificates_InsertEx
-  - RTCrX509Extension_CheckSanity
-  - RTCrX509Extension_Clone
-  - RTCrX509Extension_Compare
-  - RTCrX509Extension_DecodeAsn1
-  - RTCrX509Extension_Delete
-  - RTCrX509Extension_Enum
-  - RTCrX509Extension_ExtnValue_DecodeAsn1
-  - RTCrX509Extension_Init
-  - RTCrX509Extensions_CheckSanity
-  - RTCrX509Extensions_Clone
-  - RTCrX509Extensions_Compare
-  - RTCrX509Extensions_DecodeAsn1
-  - RTCrX509Extensions_Delete
-  - RTCrX509Extensions_Enum
-  - RTCrX509Extensions_Erase
-  - RTCrX509Extensions_Init
-  - RTCrX509Extensions_InsertEx
-  - RTCrX509GeneralName_CheckSanity
-  - RTCrX509GeneralName_Clone
-  - RTCrX509GeneralName_Compare
-  - RTCrX509GeneralName_ConstraintMatch
-  - RTCrX509GeneralName_DecodeAsn1
-  - RTCrX509GeneralName_Delete
-  - RTCrX509GeneralName_Enum
-  - RTCrX509GeneralName_Init
-  - RTCrX509GeneralNames_CheckSanity
-  - RTCrX509GeneralNames_Clone
-  - RTCrX509GeneralNames_Compare
-  - RTCrX509GeneralNames_DecodeAsn1
-  - RTCrX509GeneralNames_Delete
-  - RTCrX509GeneralNames_Enum
-  - RTCrX509GeneralNames_Erase
-  - RTCrX509GeneralNames_Init
-  - RTCrX509GeneralNames_InsertEx
-  - RTCrX509GeneralSubtree_CheckSanity
-  - RTCrX509GeneralSubtree_Clone
-  - RTCrX509GeneralSubtree_Compare
-  - RTCrX509GeneralSubtree_ConstraintMatch
-  - RTCrX509GeneralSubtree_DecodeAsn1
-  - RTCrX509GeneralSubtree_Delete
-  - RTCrX509GeneralSubtree_Enum
-  - RTCrX509GeneralSubtree_Init
-  - RTCrX509GeneralSubtrees_CheckSanity
-  - RTCrX509GeneralSubtrees_Clone
-  - RTCrX509GeneralSubtrees_Compare
-  - RTCrX509GeneralSubtrees_DecodeAsn1
-  - RTCrX509GeneralSubtrees_Delete
-  - RTCrX509GeneralSubtrees_Enum
-  - RTCrX509GeneralSubtrees_Erase
-  - RTCrX509GeneralSubtrees_Init
-  - RTCrX509GeneralSubtrees_InsertEx
-  - RTCrX509NameConstraints_CheckSanity
-  - RTCrX509NameConstraints_Clone
-  - RTCrX509NameConstraints_Compare
-  - RTCrX509NameConstraints_DecodeAsn1
-  - RTCrX509NameConstraints_Delete
-  - RTCrX509NameConstraints_Enum
-  - RTCrX509NameConstraints_Init
-  - RTCrX509Name_CheckSanity
-  - RTCrX509Name_Clone
-  - RTCrX509Name_Compare
-  - RTCrX509Name_ConstraintMatch
-  - RTCrX509Name_DecodeAsn1
-  - RTCrX509Name_Delete
-  - RTCrX509Name_Enum
-  - RTCrX509Name_Erase
-  - RTCrX509Name_FormatAsString
-  - RTCrX509Name_GetShortRdn
-  - RTCrX509Name_Init
-  - RTCrX509Name_InsertEx
-  - RTCrX509Name_MatchByRfc5280
-  - RTCrX509Name_MatchWithString
-  - RTCrX509Name_RecodeAsUtf8
-  - RTCrX509OldAuthorityKeyIdentifier_CheckSanity
-  - RTCrX509OldAuthorityKeyIdentifier_Clone
-  - RTCrX509OldAuthorityKeyIdentifier_Compare
-  - RTCrX509OldAuthorityKeyIdentifier_DecodeAsn1
-  - RTCrX509OldAuthorityKeyIdentifier_Delete
-  - RTCrX509OldAuthorityKeyIdentifier_Enum
-  - RTCrX509OldAuthorityKeyIdentifier_Init
-  - RTCrX509OtherName_CheckSanity
-  - RTCrX509OtherName_Clone
-  - RTCrX509OtherName_Compare
-  - RTCrX509OtherName_DecodeAsn1
-  - RTCrX509OtherName_Delete
-  - RTCrX509OtherName_Enum
-  - RTCrX509OtherName_Init
-  - RTCrX509PolicyConstraints_CheckSanity
-  - RTCrX509PolicyConstraints_Clone
-  - RTCrX509PolicyConstraints_Compare
-  - RTCrX509PolicyConstraints_DecodeAsn1
-  - RTCrX509PolicyConstraints_Delete
-  - RTCrX509PolicyConstraints_Enum
-  - RTCrX509PolicyConstraints_Init
-  - RTCrX509PolicyInformation_CheckSanity
-  - RTCrX509PolicyInformation_Clone
-  - RTCrX509PolicyInformation_Compare
-  - RTCrX509PolicyInformation_DecodeAsn1
-  - RTCrX509PolicyInformation_Delete
-  - RTCrX509PolicyInformation_Enum
-  - RTCrX509PolicyInformation_Init
-  - RTCrX509PolicyMapping_CheckSanity
-  - RTCrX509PolicyMapping_Clone
-  - RTCrX509PolicyMapping_Compare
-  - RTCrX509PolicyMapping_DecodeAsn1
-  - RTCrX509PolicyMapping_Delete
-  - RTCrX509PolicyMapping_Enum
-  - RTCrX509PolicyMapping_Init
-  - RTCrX509PolicyMappings_CheckSanity
-  - RTCrX509PolicyMappings_Clone
-  - RTCrX509PolicyMappings_Compare
-  - RTCrX509PolicyMappings_DecodeAsn1
-  - RTCrX509PolicyMappings_Delete
-  - RTCrX509PolicyMappings_Enum
-  - RTCrX509PolicyMappings_Erase
-  - RTCrX509PolicyMappings_Init
-  - RTCrX509PolicyMappings_InsertEx
-  - RTCrX509PolicyQualifierInfo_CheckSanity
-  - RTCrX509PolicyQualifierInfo_Clone
-  - RTCrX509PolicyQualifierInfo_Compare
-  - RTCrX509PolicyQualifierInfo_DecodeAsn1
-  - RTCrX509PolicyQualifierInfo_Delete
-  - RTCrX509PolicyQualifierInfo_Enum
-  - RTCrX509PolicyQualifierInfo_Init
-  - RTCrX509PolicyQualifierInfos_CheckSanity
-  - RTCrX509PolicyQualifierInfos_Clone
-  - RTCrX509PolicyQualifierInfos_Compare
-  - RTCrX509PolicyQualifierInfos_DecodeAsn1
-  - RTCrX509PolicyQualifierInfos_Delete
-  - RTCrX509PolicyQualifierInfos_Enum
-  - RTCrX509PolicyQualifierInfos_Erase
-  - RTCrX509PolicyQualifierInfos_Init
-  - RTCrX509PolicyQualifierInfos_InsertEx
-  - RTCrX509SubjectPublicKeyInfo_CheckSanity
-  - RTCrX509SubjectPublicKeyInfo_Clone
-  - RTCrX509SubjectPublicKeyInfo_Compare
-  - RTCrX509SubjectPublicKeyInfo_DecodeAsn1
-  - RTCrX509SubjectPublicKeyInfo_Delete
-  - RTCrX509SubjectPublicKeyInfo_Enum
-  - RTCrX509SubjectPublicKeyInfo_Init
-  - RTCrX509TbsCertificate_CheckSanity
-  - RTCrX509TbsCertificate_Clone
-  - RTCrX509TbsCertificate_Compare
-  - RTCrX509TbsCertificate_DecodeAsn1
-  - RTCrX509TbsCertificate_Delete
-  - RTCrX509TbsCertificate_Enum
-  - RTCrX509TbsCertificate_Init
-  - RTCrX509TbsCertificate_ReprocessExtensions
-  - RTCrX509Validity_CheckSanity
-  - RTCrX509Validity_Clone
-  - RTCrX509Validity_Compare
-  - RTCrX509Validity_DecodeAsn1
-  - RTCrX509Validity_Delete
-  - RTCrX509Validity_Enum
-  - RTCrX509Validity_Init
-  - RTCrX509Validity_IsValidAtTimeSpec
-  - RTCrc32
-  - RTCrc32Finish
-  - RTCrc32Process
-  - RTCrc32Start
-  - RTErrConvertFromErrno
-  - RTErrConvertFromNtStatus
-  - RTErrConvertToErrno
-  - RTErrInfoAdd
-  - RTErrInfoAddF
-  - RTErrInfoAddV
-  - RTErrInfoLogAndAdd
-  - RTErrInfoLogAndAddF
-  - RTErrInfoLogAndAddV
-  - RTErrInfoLogAndSet
-  - RTErrInfoLogAndSetF
-  - RTErrInfoLogAndSetV
-  - RTErrInfoSet
-  - RTErrInfoSetF
-  - RTErrInfoSetV
-  - RTErrVarsAreEqual
-  - RTErrVarsHaveChanged
-  - RTErrVarsRestore
-  - RTErrVarsSave
-  - RTHandleTableAllocWithCtx
-  - RTHandleTableCreate
-  - RTHandleTableCreateEx
-  - RTHandleTableDestroy
-  - RTHandleTableFreeWithCtx
-  - RTHandleTableLookupWithCtx
-  - RTLatin1CalcUtf8Len
-  - RTLatin1CalcUtf8LenEx
-  - RTLatin1ToUtf8ExTag
-  - RTLatin1ToUtf8Tag
-  - RTLdrArchName
-  - RTLdrClose
-  - RTLdrEnumDbgInfo
-  - RTLdrEnumSegments
-  - RTLdrEnumSymbols
-  - RTLdrGetArch
-  - RTLdrGetBits
-  - RTLdrGetEndian
-  - RTLdrGetFormat
-  - RTLdrGetFunction
-  - RTLdrGetHostArch
-  - RTLdrGetSymbol
-  - RTLdrGetSymbolEx
-  - RTLdrGetType
-  - RTLdrHashImage
-  - RTLdrLinkAddressToRva
-  - RTLdrLinkAddressToSegOffset
-  - RTLdrOpenWithReader
-  - RTLdrQueryForwarderInfo
-  - RTLdrQueryProp
-  - RTLdrQueryPropEx
-  - RTLdrRelocate
-  - RTLdrRvaToSegOffset
-  - RTLdrSegOffsetToRva
-  - RTLdrSize
-  - RTLdrUnwindFrame
-  - RTLdrVerifySignature
-  - RTLogClearFileDelayFlag
-  - RTLogCloneRC
-  - RTLogComPrintf
-  - RTLogComPrintfV
-  - RTLogCreate
-  - RTLogCreateEx
-  - RTLogCreateExV
-  - RTLogDefaultInit
-  - RTLogDefaultInstance
-  - RTLogDefaultInstanceEx
-  - RTLogDestinations
-  - RTLogDestroy
-  - RTLogDumpPrintfV
-  - RTLogFlags
-  - RTLogFlush
-  - RTLogFlushRC
-  - RTLogFlushToLogger
-  - RTLogFormatV
-  - RTLogGetDefaultInstance
-  - RTLogGetDefaultInstanceEx
-  - RTLogGetDestinations
-  - RTLogGetFlags
-  - RTLogGetGroupSettings
-  - RTLogGroupSettings
-  - RTLogLogger
-  - RTLogLoggerEx
-  - RTLogLoggerExV
-  - RTLogLoggerV
-  - RTLogPrintf
-  - RTLogPrintfV
-  - RTLogRelGetDefaultInstance
-  - RTLogRelGetDefaultInstanceEx
-  - RTLogRelLoggerV
-  - RTLogRelPrintfV
-  - RTLogRelSetBuffering
-  - RTLogRelSetDefaultInstance
-  - RTLogSetBuffering
-  - RTLogSetCustomPrefixCallback
-  - RTLogSetDefaultInstance
-  - RTLogSetDefaultInstanceThread
-  - RTLogWriteCom
-  - RTLogWriteDebugger
-  - RTLogWriteStdErr
-  - RTLogWriteStdOut
-  - RTLogWriteUser
-  - RTMd2
-  - RTMd2Final
-  - RTMd2Init
-  - RTMd2Update
-  - RTMd5
-  - RTMd5Final
-  - RTMd5FromString
-  - RTMd5Init
-  - RTMd5ToString
-  - RTMd5Update
-  - RTMemAllocExTag
-  - RTMemAllocTag
-  - RTMemAllocVarTag
-  - RTMemAllocZTag
-  - RTMemAllocZVarTag
-  - RTMemContAlloc
-  - RTMemContFree
-  - RTMemDupExTag
-  - RTMemDupTag
-  - RTMemExecAllocTag
-  - RTMemExecFree
-  - RTMemFree
-  - RTMemFreeEx
-  - RTMemFreeZ
-  - RTMemReallocTag
-  - RTMemReallocZTag
-  - RTMemSaferAllocZExTag
-  - RTMemSaferAllocZTag
-  - RTMemSaferFree
-  - RTMemSaferReallocZExTag
-  - RTMemSaferReallocZTag
-  - RTMemSaferScramble
-  - RTMemSaferUnscramble
-  - RTMemTmpAllocTag
-  - RTMemTmpAllocZTag
-  - RTMemTmpFree
-  - RTMemTmpFreeZ
-  - RTMemWipeThoroughly
-  - RTMpCpuId
-  - RTMpCpuIdFromSetIndex
-  - RTMpCpuIdToSetIndex
-  - RTMpCurSetIndex
-  - RTMpCurSetIndexAndId
-  - RTMpGetArraySize
-  - RTMpGetCount
-  - RTMpGetCpuGroupCounts
-  - RTMpGetMaxCpuGroupCount
-  - RTMpGetMaxCpuId
-  - RTMpGetOnlineCoreCount
-  - RTMpGetOnlineCount
-  - RTMpGetOnlineSet
-  - RTMpGetPresentCoreCount
-  - RTMpGetPresentCount
-  - RTMpGetPresentSet
-  - RTMpGetSet
-  - RTMpIsCpuOnline
-  - RTMpIsCpuPossible
-  - RTMpIsCpuPresent
-  - RTMpIsCpuWorkPending
-  - RTMpNotificationDeregister
-  - RTMpNotificationRegister
-  - RTMpOnAll
-  - RTMpOnAllIsConcurrentSafe
-  - RTMpOnOthers
-  - RTMpOnPair
-  - RTMpOnPairIsConcurrentExecSupported
-  - RTMpOnSpecific
-  - RTMpPokeCpu
-  - RTMpSetIndexFromCpuGroupMember
-  - RTNetIPv4AddDataChecksum
-  - RTNetIPv4AddTCPChecksum
-  - RTNetIPv4AddUDPChecksum
-  - RTNetIPv4FinalizeChecksum
-  - RTNetIPv4HdrChecksum
-  - RTNetIPv4IsDHCPValid
-  - RTNetIPv4IsHdrValid
-  - RTNetIPv4IsTCPSizeValid
-  - RTNetIPv4IsTCPValid
-  - RTNetIPv4IsUDPSizeValid
-  - RTNetIPv4IsUDPValid
-  - RTNetIPv4PseudoChecksum
-  - RTNetIPv4PseudoChecksumBits
-  - RTNetIPv4TCPChecksum
-  - RTNetIPv4UDPChecksum
-  - RTNetIPv6PseudoChecksum
-  - RTNetIPv6PseudoChecksumBits
-  - RTNetIPv6PseudoChecksumEx
-  - RTNetTCPChecksum
-  - RTNetUDPChecksum
-  - RTNtPathExpand8dot3Path
-  - RTNtPathExpand8dot3PathA
-  - RTNtPathFindPossible8dot3Name
-  - RTOnceReset
-  - RTOnceSlow
-  - RTPathChangeToUnixSlashes
-  - RTPowerNotificationDeregister
-  - RTPowerNotificationRegister
-  - RTPowerSignalEvent
-  - RTProcSelf
-  - RTR0AssertPanicSystem
-  - RTR0DbgKrnlInfoGetSymbol
-  - RTR0DbgKrnlInfoOpen
-  - RTR0DbgKrnlInfoQueryMember
-  - RTR0DbgKrnlInfoQuerySize
-  - RTR0DbgKrnlInfoQuerySymbol
-  - RTR0DbgKrnlInfoRelease
-  - RTR0DbgKrnlInfoRetain
-  - RTR0Init
-  - RTR0MemAreKrnlAndUsrDifferent
-  - RTR0MemKernelCopyFrom
-  - RTR0MemKernelCopyTo
-  - RTR0MemKernelIsValidAddr
-  - RTR0MemObjAddress
-  - RTR0MemObjAddressR3
-  - RTR0MemObjAllocContTag
-  - RTR0MemObjAllocLowTag
-  - RTR0MemObjAllocPageTag
-  - RTR0MemObjAllocPhysExTag
-  - RTR0MemObjAllocPhysNCTag
-  - RTR0MemObjAllocPhysTag
-  - RTR0MemObjEnterPhysTag
-  - RTR0MemObjFree
-  - RTR0MemObjGetPagePhysAddr
-  - RTR0MemObjIsMapping
-  - RTR0MemObjLockKernelTag
-  - RTR0MemObjLockUserTag
-  - RTR0MemObjMapKernelExTag
-  - RTR0MemObjMapKernelTag
-  - RTR0MemObjMapUserExTag
-  - RTR0MemObjMapUserTag
-  - RTR0MemObjProtect
-  - RTR0MemObjReserveKernelTag
-  - RTR0MemObjReserveUserTag
-  - RTR0MemObjSize
-  - RTR0MemUserCopyFrom
-  - RTR0MemUserCopyTo
-  - RTR0MemUserIsValidAddr
-  - RTR0ProcHandleSelf
-  - RTR0Term
-  - RTR0TermForced
-  - RTRandAdvBytes
-  - RTRandAdvCreateParkMiller
-  - RTRandAdvCreateSystemFaster
-  - RTRandAdvDestroy
-  - RTRandAdvRestoreState
-  - RTRandAdvS32
-  - RTRandAdvS32Ex
-  - RTRandAdvS64
-  - RTRandAdvS64Ex
-  - RTRandAdvSaveState
-  - RTRandAdvSeed
-  - RTRandAdvU32
-  - RTRandAdvU32Ex
-  - RTRandAdvU64
-  - RTRandAdvU64Ex
-  - RTRandBytes
-  - RTRandS32
-  - RTRandS32Ex
-  - RTRandS64
-  - RTRandS64Ex
-  - RTRandU32
-  - RTRandU32Ex
-  - RTRandU64
-  - RTRandU64Ex
-  - RTSemEventCreate
-  - RTSemEventCreateEx
-  - RTSemEventDestroy
-  - RTSemEventGetResolution
-  - RTSemEventMultiCreate
-  - RTSemEventMultiCreateEx
-  - RTSemEventMultiDestroy
-  - RTSemEventMultiGetResolution
-  - RTSemEventMultiReset
-  - RTSemEventMultiSignal
-  - RTSemEventMultiWait
-  - RTSemEventMultiWaitEx
-  - RTSemEventMultiWaitExDebug
-  - RTSemEventMultiWaitNoResume
-  - RTSemEventSignal
-  - RTSemEventWait
-  - RTSemEventWaitEx
-  - RTSemEventWaitExDebug
-  - RTSemEventWaitNoResume
-  - RTSemFastMutexCreate
-  - RTSemFastMutexDestroy
-  - RTSemFastMutexRelease
-  - RTSemFastMutexRequest
-  - RTSemMutexCreate
-  - RTSemMutexCreateEx
-  - RTSemMutexDestroy
-  - RTSemMutexIsOwned
-  - RTSemMutexRelease
-  - RTSemMutexRequest
-  - RTSemMutexRequestDebug
-  - RTSemMutexRequestNoResume
-  - RTSemMutexRequestNoResumeDebug
-  - RTSemSpinMutexCreate
-  - RTSemSpinMutexDestroy
-  - RTSemSpinMutexRelease
-  - RTSemSpinMutexRequest
-  - RTSemSpinMutexTryRequest
-  - RTSha1
-  - RTSha1Check
-  - RTSha1Final
-  - RTSha1FromString
-  - RTSha1Init
-  - RTSha1ToString
-  - RTSha1Update
-  - RTSha224
-  - RTSha224Check
-  - RTSha224Final
-  - RTSha224Init
-  - RTSha224Update
-  - RTSha256
-  - RTSha256Check
-  - RTSha256Final
-  - RTSha256FromString
-  - RTSha256Init
-  - RTSha256ToString
-  - RTSha256Update
-  - RTSha384
-  - RTSha384Check
-  - RTSha384Final
-  - RTSha384Init
-  - RTSha384Update
-  - RTSha512
-  - RTSha512Check
-  - RTSha512Final
-  - RTSha512FromString
-  - RTSha512Init
-  - RTSha512ToString
-  - RTSha512Update
-  - RTSha512t224
-  - RTSha512t224Check
-  - RTSha512t224Final
-  - RTSha512t224Init
-  - RTSha512t224Update
-  - RTSha512t256
-  - RTSha512t256Check
-  - RTSha512t256Final
-  - RTSha512t256Init
-  - RTSha512t256Update
-  - RTSpinlockAcquire
-  - RTSpinlockCreate
-  - RTSpinlockDestroy
-  - RTSpinlockRelease
-  - RTStrAAppendNTag
-  - RTStrAAppendTag
-  - RTStrATruncateTag
-  - RTStrAllocExTag
-  - RTStrAllocTag
-  - RTStrCalcLatin1Len
-  - RTStrCalcLatin1LenEx
-  - RTStrCalcUtf16Len
-  - RTStrCalcUtf16LenEx
-  - RTStrCat
-  - RTStrCmp
-  - RTStrConvertHexBytes
-  - RTStrConvertHexBytesEx
-  - RTStrCopy
-  - RTStrCopyEx
-  - RTStrCopyP
-  - RTStrDupExTag
-  - RTStrDupNTag
-  - RTStrDupTag
-  - RTStrFormat
-  - RTStrFormatNumber
-  - RTStrFormatR80
-  - RTStrFormatR80u2
-  - RTStrFormatTypeDeregister
-  - RTStrFormatTypeRegister
-  - RTStrFormatTypeSetUser
-  - RTStrFormatU128
-  - RTStrFormatU16
-  - RTStrFormatU256
-  - RTStrFormatU32
-  - RTStrFormatU512
-  - RTStrFormatU64
-  - RTStrFormatU8
-  - RTStrFormatV
-  - RTStrFree
-  - RTStrGetCpExInternal
-  - RTStrGetCpInternal
-  - RTStrGetCpNExInternal
-  - RTStrICmp
-  - RTStrICmpAscii
-  - RTStrIStr
-  - RTStrIsValidEncoding
-  - RTStrNCmp
-  - RTStrNICmp
-  - RTStrNLen
-  - RTStrPrevCp
-  - RTStrPrintHexBytes
-  - RTStrPrintf
-  - RTStrPrintfEx
-  - RTStrPrintfExV
-  - RTStrPrintfV
-  - RTStrPurgeComplementSet
-  - RTStrPurgeEncoding
-  - RTStrPutCpInternal
-  - RTStrReallocTag
-  - RTStrStrip
-  - RTStrStripL
-  - RTStrStripR
-  - RTStrToInt16
-  - RTStrToInt16Ex
-  - RTStrToInt16Full
-  - RTStrToInt32
-  - RTStrToInt32Ex
-  - RTStrToInt32Full
-  - RTStrToInt64
-  - RTStrToInt64Ex
-  - RTStrToInt64Full
-  - RTStrToInt8
-  - RTStrToInt8Ex
-  - RTStrToInt8Full
-  - RTStrToLatin1ExTag
-  - RTStrToLatin1Tag
-  - RTStrToLower
-  - RTStrToUInt16
-  - RTStrToUInt16Ex
-  - RTStrToUInt16Full
-  - RTStrToUInt32
-  - RTStrToUInt32Ex
-  - RTStrToUInt32Full
-  - RTStrToUInt64
-  - RTStrToUInt64Ex
-  - RTStrToUInt64Full
-  - RTStrToUInt8
-  - RTStrToUInt8Ex
-  - RTStrToUInt8Full
-  - RTStrToUni
-  - RTStrToUniEx
-  - RTStrToUpper
-  - RTStrToUtf16BigExTag
-  - RTStrToUtf16BigTag
-  - RTStrToUtf16ExTag
-  - RTStrToUtf16Tag
-  - RTStrUniLen
-  - RTStrUniLenEx
-  - RTStrValidateEncoding
-  - RTStrValidateEncodingEx
-  - RTTermDeregisterCallback
-  - RTTermRegisterCallback
-  - RTTermRunCallbacks
-  - RTThreadCreate
-  - RTThreadCreateF
-  - RTThreadCreateV
-  - RTThreadCtxHookCreate
-  - RTThreadCtxHookDestroy
-  - RTThreadCtxHookDisable
-  - RTThreadCtxHookEnable
-  - RTThreadCtxHookIsEnabled
-  - RTThreadFromNative
-  - RTThreadGetName
-  - RTThreadGetNative
-  - RTThreadGetType
-  - RTThreadIsInInterrupt
-  - RTThreadIsInitialized
-  - RTThreadIsMain
-  - RTThreadIsSelfAlive
-  - RTThreadIsSelfKnown
-  - RTThreadNativeSelf
-  - RTThreadPreemptDisable
-  - RTThreadPreemptIsEnabled
-  - RTThreadPreemptIsPending
-  - RTThreadPreemptIsPendingTrusty
-  - RTThreadPreemptIsPossible
-  - RTThreadPreemptRestore
-  - RTThreadSelf
-  - RTThreadSelfName
-  - RTThreadSetName
-  - RTThreadSetType
-  - RTThreadSleep
-  - RTThreadUserReset
-  - RTThreadUserSignal
-  - RTThreadUserWait
-  - RTThreadUserWaitNoResume
-  - RTThreadWait
-  - RTThreadWaitNoResume
-  - RTThreadYield
-  - RTTimeCompare
-  - RTTimeConvertToZulu
-  - RTTimeExplode
-  - RTTimeFromRfc2822
-  - RTTimeFromString
-  - RTTimeImplode
-  - RTTimeIsLeapYear
-  - RTTimeLocalNormalize
-  - RTTimeMilliTS
-  - RTTimeNanoTS
-  - RTTimeNormalize
-  - RTTimeNow
-  - RTTimeSpecFromString
-  - RTTimeSpecToString
-  - RTTimeSystemMilliTS
-  - RTTimeSystemNanoTS
-  - RTTimeToRfc2822
-  - RTTimeToString
-  - RTTimeToStringEx
-  - RTTimerCanDoHighResolution
-  - RTTimerChangeInterval
-  - RTTimerCreate
-  - RTTimerCreateEx
-  - RTTimerDestroy
-  - RTTimerGetSystemGranularity
-  - RTTimerReleaseSystemGranularity
-  - RTTimerRequestSystemGranularity
-  - RTTimerStart
-  - RTTimerStop
-  - RTUInt128MulByU64
-  - RTUtf16AllocTag
-  - RTUtf16BigCalcUtf8Len
-  - RTUtf16BigCalcUtf8LenEx
-  - RTUtf16BigGetCpExInternal
-  - RTUtf16BigToUtf8ExTag
-  - RTUtf16BigToUtf8Tag
-  - RTUtf16CalcUtf8Len
-  - RTUtf16CalcUtf8LenEx
-  - RTUtf16CatAscii
-  - RTUtf16Cmp
-  - RTUtf16CmpUtf8
-  - RTUtf16CopyAscii
-  - RTUtf16DupExTag
-  - RTUtf16DupTag
-  - RTUtf16End
-  - RTUtf16Free
-  - RTUtf16GetCpExInternal
-  - RTUtf16GetCpInternal
-  - RTUtf16ICmpAscii
-  - RTUtf16IsValidEncoding
-  - RTUtf16Len
-  - RTUtf16LittleCalcUtf8Len
-  - RTUtf16LittleCalcUtf8LenEx
-  - RTUtf16LittleToUtf8ExTag
-  - RTUtf16LittleToUtf8Tag
-  - RTUtf16PurgeComplementSet
-  - RTUtf16PutCpInternal
-  - RTUtf16ReallocTag
-  - RTUtf16ToUtf8ExTag
-  - RTUtf16ToUtf8Tag
-  - RTUtf16ValidateEncoding
-  - RTUtf16ValidateEncodingEx
-  - RTUuidClear
-  - RTUuidCompare
-  - RTUuidCompare2Strs
-  - RTUuidCompareStr
-  - RTUuidFromStr
-  - RTUuidFromUtf16
-  - RTUuidIsNull
-  - RTUuidToStr
-  - RTUuidToUtf16
-  - SUPGetCpuHzFromGipForAsyncMode
-  - SUPGetGIP
-  - SUPGetTscDeltaSlow
-  - SUPIsTscFreqCompatible
-  - SUPIsTscFreqCompatibleEx
-  - SUPR0BadContext
-  - SUPR0ChangeCR4
-  - SUPR0ComponentDeregisterFactory
-  - SUPR0ComponentQueryFactory
-  - SUPR0ComponentRegisterFactory
-  - SUPR0ContAlloc
-  - SUPR0ContFree
-  - SUPR0EnableVTx
-  - SUPR0GetCurrentGdtRw
-  - SUPR0GetDefaultLogInstanceEx
-  - SUPR0GetDefaultLogRelInstanceEx
-  - SUPR0GetHwvirtMsrs
-  - SUPR0GetKernelFeatures
-  - SUPR0GetPagingMode
-  - SUPR0GetSessionGVM
-  - SUPR0GetSessionVM
-  - SUPR0GetSvmUsability
-  - SUPR0GetVTSupport
-  - SUPR0GetVmxUsability
-  - SUPR0GipMap
-  - SUPR0GipUnmap
-  - SUPR0IoCtlCleanup
-  - SUPR0IoCtlPerform
-  - SUPR0IoCtlSetupForHandle
-  - SUPR0LdrIsLockOwnerByMod
-  - SUPR0LdrLock
-  - SUPR0LdrModByName
-  - SUPR0LdrModRelease
-  - SUPR0LdrModRetain
-  - SUPR0LdrUnlock
-  - SUPR0LockMem
-  - SUPR0LowAlloc
-  - SUPR0LowFree
-  - SUPR0MemAlloc
-  - SUPR0MemFree
-  - SUPR0MemGetPhys
-  - SUPR0ObjAddRef
-  - SUPR0ObjAddRefEx
-  - SUPR0ObjRegister
-  - SUPR0ObjRelease
-  - SUPR0ObjVerifyAccess
-  - SUPR0PageAllocEx
-  - SUPR0PageFree
-  - SUPR0PageMapKernel
-  - SUPR0PageProtect
-  - SUPR0Printf
-  - SUPR0QueryUcodeRev
-  - SUPR0QueryVTCaps
-  - SUPR0ResumeVTxOnCpu
-  - SUPR0SetSessionVM
-  - SUPR0SuspendVTxOnCpu
-  - SUPR0TracerDeregisterDrv
-  - SUPR0TracerDeregisterImpl
-  - SUPR0TracerFireProbe
-  - SUPR0TracerRegisterDrv
-  - SUPR0TracerRegisterImpl
-  - SUPR0TracerRegisterModule
-  - SUPR0TracerUmodProbeFire
-  - SUPR0TscDeltaMeasureBySetIndex
-  - SUPR0UnlockMem
-  - SUPReadTscWithDelta
-  - SUPSemEventClose
-  - SUPSemEventCreate
-  - SUPSemEventGetResolution
-  - SUPSemEventMultiClose
-  - SUPSemEventMultiCreate
-  - SUPSemEventMultiGetResolution
-  - SUPSemEventMultiReset
-  - SUPSemEventMultiSignal
-  - SUPSemEventMultiWait
-  - SUPSemEventMultiWaitNoResume
-  - SUPSemEventMultiWaitNsAbsIntr
-  - SUPSemEventMultiWaitNsRelIntr
-  - SUPSemEventSignal
-  - SUPSemEventWait
-  - SUPSemEventWaitNoResume
-  - SUPSemEventWaitNsAbsIntr
-  - SUPSemEventWaitNsRelIntr
-  - g_RTAsn1BitString_Vtable
-  - g_RTAsn1Boolean_Vtable
-  - g_RTAsn1Core_Vtable
-  - g_RTAsn1DefaultAllocator
-  - g_RTAsn1Integer_Vtable
-  - g_RTAsn1Null_Vtable
-  - g_RTAsn1ObjId_Vtable
-  - g_RTAsn1OctetString_Vtable
-  - g_RTAsn1SaferAllocator
-  - g_RTAsn1String_Vtable
-  - g_RTAsn1Time_Vtable
-  - g_aRTUniLowerRanges
-  - g_aRTUniUpperRanges
-  - g_abRTZero16K
-  - g_abRTZero32K
-  - g_abRTZero4K
-  - g_abRTZero64K
-  - g_abRTZero8K
-  - g_abRTZeroPage
-  - g_pSUPGlobalInfoPage
-  - g_pszRTAssertExpr
-  - g_pszRTAssertFile
-  - g_pszRTAssertFunction
-  - g_szRTAssertMsg1
-  - g_szRTAssertMsg2
-  - g_u32RTAssertLine
-  ImportedFunctions:
-  - strchr
-  - IoDeleteDevice
-  - IoCreateDevice
-  - RtlInitUnicodeString
-  - IofCompleteRequest
-  - PsGetCurrentProcessId
-  - PsGetCurrentThreadId
-  - ObfDereferenceObject
-  - IoGetRelatedDeviceObject
-  - ObReferenceObjectByHandle
-  - IoFileObjectType
-  - KeWaitForSingleObject
-  - IofCallDriver
-  - IoBuildDeviceIoControlRequest
-  - KeInitializeEvent
-  - ObQueryNameString
-  - PsGetProcessImageFileName
-  - ZwClose
-  - PsGetProcessId
-  - IoGetCurrentProcess
-  - LpcPortObjectType
-  - __C_specific_handler
-  - PsLookupProcessByProcessId
-  - ZwQuerySystemInformation
-  - ObReferenceObjectByName
-  - PsGetProcessSessionId
-  - PsThreadType
-  - PsLookupThreadByThreadId
-  - ObOpenObjectByPointer
-  - PsProcessType
-  - PsInitialSystemProcess
-  - PsIsProcessBeingDebugged
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - IoIs32bitProcess
-  - ZwSetSystemInformation
-  - ObfReferenceObject
-  - ExGetPreviousMode
-  - PsGetProcessInheritedFromUniqueProcessId
-  - IoThreadToProcess
-  - PsSetCreateProcessNotifyRoutine
-  - DbgPrint
-  - ZwRequestWaitReplyPort
-  - MmGetSystemRoutineAddress
-  - PsGetVersion
-  - ExUnregisterCallback
-  - ExRegisterCallback
-  - ExCreateCallback
-  - RtlQueryRegistryValues
-  - ZwReadFile
-  - ZwQueryInformationFile
-  - RtlEqualSid
-  - ZwQuerySecurityObject
-  - ZwQueryObject
-  - ZwCreateFile
-  - RtlSubAuthoritySid
-  - RtlInitializeSid
-  - __chkstk
-  - ZwQueryInformationThread
-  - ZwQueryInformationProcess
-  - KeSetTimerEx
-  - KeInsertQueueDpc
-  - KeRemoveQueueDpc
-  - KeCancelTimer
-  - KeInitializeDpc
-  - KeInitializeTimer
-  - KeQueryTimeIncrement
-  - KeDelayExecutionThread
-  - ZwYieldExecution
-  - KeSetPriorityThread
-  - PsCreateSystemThread
-  - KeAcquireSpinLockRaiseToDpc
-  - KeReleaseSpinLock
-  - KeInitializeMutex
-  - KeReleaseMutex
-  - KeReadStateMutex
-  - ExAcquireFastMutex
-  - ExReleaseFastMutex
-  - KeSetEvent
-  - KeResetEvent
-  - ProbeForRead
-  - ProbeForWrite
-  - MmHighestUserAddress
-  - MmSystemRangeStart
-  - KeNumberProcessors
-  - ZwQueryDirectoryFile
-  - MmIsAddressValid
-  - MmUnmapIoSpace
-  - MmUnlockPages
-  - MmFreeContiguousMemory
-  - IoFreeMdl
-  - ExFreePool
-  - MmUnmapLockedPages
-  - MmBuildMdlForNonPagedPool
-  - IoAllocateMdl
-  - ExAllocatePool
-  - MmProtectMdlSystemAddress
-  - MmAllocateContiguousMemory
-  - MmProbeAndLockPages
-  - MmMapIoSpace
-  - MmMapLockedPages
-  - IoBuildPartialMdl
-  - MmGetPhysicalAddress
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=CN, ST=Guangdong, L=Heyuan, O=No Organization Affiliation, OU=Individual
-        Developer, CN=Huiping Zhong
-      ValidFrom: '2013-07-18 00:00:00'
-      ValidTo: '2014-07-18 23:59:59'
-      Signature: b0adb278c1270674ee67a03d06eae088afed344bb288e3ee4374147d355eed1ad772a5217c265921af4b61b4e582ddbe3f09682ea4dc7f8fc250945aaf2099899dbc855ff62d5f4ac58536f542b0d1f5a0e1ed5a039bbcd0f89f6286fb5cfe8daf551661b2685c7b61db150cb4dce8f0b0cdf5a4747c67ae1b363e5f58c90c48318145dd6609fc5b31e734d0ab3fa09a4ee243018ff40a82b223b99fcbece516fb04e0e1785939df2ffc6f74bcf54f818fa340534c55db6086a8352edba5323477dea3e7341782f969cf26f12d224cb2ae462fe50527da03c96cde8c262b10fee42da29a6271d2b6cbb21bd9625e451f63d54b88ccf4395ff6339582362aad87
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 77769240d819a3f2eb2e7f8baffecd26
-      Version: 3
-      TBS:
-        MD5: 1922bd7053ed4bb7a7fb5ea723b2caae
-        SHA1: db658eba418c008978ed8e7be3da0545d0eaaa35
-        SHA256: 93abf46847d3ecf10002b85d19f02b34c99cae9ce7e62692f35e649406a96cb3
-        SHA384: 090ed57bfcd73abded056cb32e7cfe4031dd9ff5462590b1d0c7ad8eb618511ae1a90b44f8a5dc1f6cd8bbfecb0414bf
-    - Subject: C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 56fe535ce1c79ebca7ed7e536d6a144b518c405e805faaa4e82fef38c804c9ca3ecfdf3a584eb0d4b663c52957fa02059a454d68db2a1bd4343d9f00c35acb9549a56ee1b0c5fc414d414a6fd377c8d7388de419de18f31f1565836d450c53f90a9a2ea55dbf6f32811892196a5500ad631c52067e55d92968ae4a7c189a79886b2323d827382a298776cafbc7b662231fed7a564cdd9c325bf53d0c4618953b2a2368836441d9006d0f1924156872bdc571676eac4cdb90eb51a51a6207d0be6a00473c722fec4f613e7385ce5a0ab7bac01c1375e3223928dd6d1d09469d4fbae8408191c6a4ce94721b01cf2a6e15679589ae7db7b7cdf90a3d75b66b3c25
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47974d7873a5bcab0d2fb370192fce5e
-      Version: 3
-      TBS:
-        MD5: e3a93dc2a8a8a668fdbb286bfe9afab5
-        SHA1: 95795d2aa2a554a423bc8c6e5b0a016d14887d35
-        SHA256: d8844186775bddbccaf3dc017064df7d760fd4b85c5d07561a3efd7da950f89e
-        SHA384: 78d972495720b43a6470b18ae1226bcca20707628087717a9364c14ca053ba264e6d149718b103542d9942200138a69d
-    - Subject: C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006
-        thawte, Inc. , For authorized use only, CN=thawte Primary Root CA
-      ValidFrom: '2011-02-22 19:31:57'
-      ValidTo: '2021-02-22 19:41:57'
-      Signature: 2dcc71b5e8ba94ff5ee64467007b6afc412c3ee70e41855ab12a932ba95b89f2f72b499c8003f297b8e760a80ed7fd5de545467594f4ed1c9de166228b61fb29f2c6a8bdf387c98f7f47e1c058b64a1aa2e7f718606969e083069e26c775c40c0d79da746b52b9fae8ea3359b9bb18dd291a14dfd36a37277a9da0dacffffc22c4faf009ff33e93e17ba1cc742cfce2743d30c0c5581303db96060ce02ece19ee81ddc852ce0a18d966d95ac17a4713ea16741b6281d2ce3b615e5b7e5a2f6256d86e320acf9f8314f8e629b9833376d6af735523e90feb03b5fc5b852a9e06ea0479a279e97aea24a9e531939ec357ec659de3ae0aaf533f06abda0821812dea18c4570ca2bd62e959145995a5c240049bd23b30ceca43df5b9e1d1b1825a38eea3fba1ab483a8c5dffa065223fd3d3fe4990db1446a3852e8a554b09ab38b2ab63a008d1fdad48e273d812bcc26ca516fad09ac05e38383a2b718e553aac42197a1f0d4220e7ab5d8c6880524ca1c0d488d02321fb901309007b4937afa9df486022abf4f6c2363bf8513c34bbc586e43ae19f4b90fe5461024b159c34176aa94b8d4cb69d2326c83af1d6b805cdda1d6240183a2f1b41cd3a993a0aa9d1d77eb8c4aff7b8c980105ed55df6ce7a9a02c50f6381efb564e9fc5bd8d2619a68c37cf9c78df91e87d5fa2cf816ae9dab068fc86dc741cda14e84e3dac26ebcfb
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611fb0a400000000001d
-      Version: 3
-      TBS:
-        MD5: a3f222107d4e1085e73b5b589c2f480b
-        SHA1: b94aa26cd77c48d91a53ac44506cbd255e1d362c
-        SHA256: a39ed0d6fd4eb1a6f7fed60f726e23eae668b7591bc004644625d22c701213fa
-        SHA384: 64b7643e4146016cbf83c911eb67e4601b6bb8d66f8ee8dcee67b815f91770d86ab23678b984430f22a963e5484881b7
-    Signer:
-    - SerialNumber: 77769240d819a3f2eb2e7f8baffecd26
-      Issuer: C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2
-      Version: 1
-  RichPEHeaderHash:
-    MD5: e881e9812edfc587557fdf092f5ed1b3
-    SHA1: e996f7f323aba3f36f07686de8fe5962968613d8
-    SHA256: a5d2323fd5a7cd2cde7bd7d7544a7d2b6b9fc64ffc9101cd32f55604d4a1b80f
-  Sections:
-    .text:
-      Entropy: 6.078871446594794
-      Virtual Size: '0x9cf80'
-    .rdata:
-      Entropy: 5.919734586176505
-      Virtual Size: '0x329ac'
-    .data:
-      Entropy: 4.235626395827553
-      Virtual Size: '0x20be8'
-    .pdata:
-      Entropy: 5.978428144405096
-      Virtual Size: '0xae48'
-    .edata:
-      Entropy: 6.050660464332838
-      Virtual Size: '0xf1dd'
-    INIT:
-      Entropy: 5.191528166334399
-      Virtual Size: '0xc28'
-    .rsrc:
-      Entropy: 3.3885006610569786
-      Virtual Size: '0x3f0'
-    .reloc:
-      Entropy: 3.995412021920204
-      Virtual Size: '0x1e0a'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2021-05-30 09:08:50'
-  Imphash: 2a20cc9578bb34a4bb10b87b49b24982
-  LoadsDespiteHVCI: 'TRUE'
-- Filename: VBoxDrv.sys
-  MD5: e3bdb307b32b13b8f7e621e8d5cc8cd3
-  SHA1: 58fe23f1bb9d4bcc1b07b102222a7d776cc90f6c
-  SHA256: c26b51b4c37330800cff8519252e110116c3aaade94ceb9894ec5bfb1b8f9924
-  Authentihash:
-    MD5: eb532e54636f61b9af61f97d46ca8cae
-    SHA1: 018d626382f2453ef584b732e1e03ceab51e84db
-    SHA256: 6ab14c5c89759695dbb4b310b7cad68d9ec2007277e3b4f3abb883bd05ef557c
-  Description: VirtualBox Support Driver
-  Company: Sun Microsystems, Inc.
-  InternalName: VBoxDrv.sys
-  OriginalFilename: VBoxDrv.sys
-  FileVersion: 2.2.0.r45846
-  Product: Sun VirtualBox
-  ProductVersion: 2.2.0.r45846
-  Copyright: Copyright (C) 2009 Sun Microsystems, Inc.
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions:
-  - AssertMsg1
-  - AssertMsg2
-  - RTAssertShouldPanic
-  - RTErrConvertFromNtStatus
-  - RTLogCloneRC
-  - RTLogComPrintf
-  - RTLogComPrintfV
-  - RTLogCopyGroupsAndFlags
-  - RTLogCreate
-  - RTLogCreateEx
-  - RTLogCreateExV
-  - RTLogDefaultInit
-  - RTLogDefaultInstance
-  - RTLogDestroy
-  - RTLogFlags
-  - RTLogFlush
-  - RTLogFlushRC
-  - RTLogFlushToLogger
-  - RTLogFormatV
-  - RTLogGetDefaultInstance
-  - RTLogGroupSettings
-  - RTLogLogger
-  - RTLogLoggerEx
-  - RTLogLoggerExV
-  - RTLogLoggerV
-  - RTLogPrintf
-  - RTLogPrintfV
-  - RTLogRelDefaultInstance
-  - RTLogRelLoggerV
-  - RTLogRelPrintfV
-  - RTLogRelSetDefaultInstance
-  - RTLogSetDefaultInstance
-  - RTLogSetDefaultInstanceThread
-  - RTLogWriteCom
-  - RTLogWriteDebugger
-  - RTLogWriteStdErr
-  - RTLogWriteStdOut
-  - RTLogWriteUser
-  - RTMemAlloc
-  - RTMemAllocZ
-  - RTMemContAlloc
-  - RTMemContFree
-  - RTMemDup
-  - RTMemDupEx
-  - RTMemExecAlloc
-  - RTMemExecFree
-  - RTMemFree
-  - RTMemRealloc
-  - RTMemTmpAlloc
-  - RTMemTmpAllocZ
-  - RTMemTmpFree
-  - RTMpCpuId
-  - RTMpCpuIdFromSetIndex
-  - RTMpCpuIdToSetIndex
-  - RTMpGetCount
-  - RTMpGetMaxCpuId
-  - RTMpGetOnlineCount
-  - RTMpGetOnlineSet
-  - RTMpGetSet
-  - RTMpIsCpuOnline
-  - RTMpIsCpuPossible
-  - RTMpIsCpuWorkPending
-  - RTMpNotificationDeregister
-  - RTMpNotificationRegister
-  - RTMpOnAll
-  - RTMpOnOthers
-  - RTMpOnSpecific
-  - RTPowerNotificationDeregister
-  - RTPowerNotificationRegister
-  - RTPowerSignalEvent
-  - RTProcSelf
-  - RTR0Init
-  - RTR0MemObjAddress
-  - RTR0MemObjAddressR3
-  - RTR0MemObjAllocCont
-  - RTR0MemObjAllocLow
-  - RTR0MemObjAllocPage
-  - RTR0MemObjAllocPhys
-  - RTR0MemObjAllocPhysNC
-  - RTR0MemObjEnterPhys
-  - RTR0MemObjFree
-  - RTR0MemObjGetPagePhysAddr
-  - RTR0MemObjIsMapping
-  - RTR0MemObjLockKernel
-  - RTR0MemObjLockUser
-  - RTR0MemObjMapKernel
-  - RTR0MemObjMapKernelEx
-  - RTR0MemObjMapUser
-  - RTR0MemObjReserveKernel
-  - RTR0MemObjReserveUser
-  - RTR0MemObjSize
-  - RTR0ProcHandleSelf
-  - RTR0Term
-  - RTSemEventCreate
-  - RTSemEventDestroy
-  - RTSemEventMultiCreate
-  - RTSemEventMultiDestroy
-  - RTSemEventMultiReset
-  - RTSemEventMultiSignal
-  - RTSemEventMultiWait
-  - RTSemEventMultiWaitNoResume
-  - RTSemEventSignal
-  - RTSemEventWait
-  - RTSemEventWaitNoResume
-  - RTSemFastMutexCreate
-  - RTSemFastMutexDestroy
-  - RTSemFastMutexRelease
-  - RTSemFastMutexRequest
-  - RTSpinlockAcquire
-  - RTSpinlockAcquireNoInts
-  - RTSpinlockCreate
-  - RTSpinlockDestroy
-  - RTSpinlockRelease
-  - RTSpinlockReleaseNoInts
-  - RTStrFormat
-  - RTStrFormatNumber
-  - RTStrFormatTypeDeregister
-  - RTStrFormatTypeRegister
-  - RTStrFormatTypeSetUser
-  - RTStrFormatV
-  - RTStrPrintf
-  - RTStrPrintfEx
-  - RTStrPrintfExV
-  - RTStrPrintfV
-  - RTStrToInt16
-  - RTStrToInt16Ex
-  - RTStrToInt16Full
-  - RTStrToInt32
-  - RTStrToInt32Ex
-  - RTStrToInt32Full
-  - RTStrToInt64
-  - RTStrToInt64Ex
-  - RTStrToInt64Full
-  - RTStrToInt8
-  - RTStrToInt8Ex
-  - RTStrToInt8Full
-  - RTStrToUInt16
-  - RTStrToUInt16Ex
-  - RTStrToUInt16Full
-  - RTStrToUInt32
-  - RTStrToUInt32Ex
-  - RTStrToUInt32Full
-  - RTStrToUInt64
-  - RTStrToUInt64Ex
-  - RTStrToUInt64Full
-  - RTStrToUInt8
-  - RTStrToUInt8Ex
-  - RTStrToUInt8Full
-  - RTThreadNativeSelf
-  - RTThreadPreemptDisable
-  - RTThreadPreemptIsEnabled
-  - RTThreadPreemptRestore
-  - RTThreadSleep
-  - RTThreadYield
-  - RTTimeMilliTS
-  - RTTimeNanoTS
-  - RTTimeNow
-  - RTTimeSystemMilliTS
-  - RTTimeSystemNanoTS
-  - RTTimerCreateEx
-  - RTTimerDestroy
-  - RTTimerGetSystemGranularity
-  - RTTimerReleaseSystemGranularity
-  - RTTimerRequestSystemGranularity
-  - RTTimerStart
-  - RTTimerStop
-  - SUPR0ComponentDeregisterFactory
-  - SUPR0ComponentQueryFactory
-  - SUPR0ComponentRegisterFactory
-  - SUPR0ContAlloc
-  - SUPR0ContFree
-  - SUPR0EnableVTx
-  - SUPR0GetPagingMode
-  - SUPR0GipMap
-  - SUPR0GipUnmap
-  - SUPR0LockMem
-  - SUPR0LowAlloc
-  - SUPR0LowFree
-  - SUPR0MemAlloc
-  - SUPR0MemFree
-  - SUPR0MemGetPhys
-  - SUPR0ObjAddRef
-  - SUPR0ObjAddRefEx
-  - SUPR0ObjRegister
-  - SUPR0ObjRelease
-  - SUPR0ObjVerifyAccess
-  - SUPR0PageAlloc
-  - SUPR0PageAllocEx
-  - SUPR0PageFree
-  - SUPR0PageMapKernel
-  - SUPR0UnlockMem
-  - g_szRTAssertMsg1
-  - g_szRTAssertMsg2
-  ImportedFunctions:
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - ObfDereferenceObject
-  - ExUnregisterCallback
-  - IofCompleteRequest
-  - DbgPrint
-  - IoIs32bitProcess
-  - ExRegisterCallback
-  - ExCreateCallback
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - IoGetStackLimits
-  - memchr
-  - strncmp
-  - KeInitializeEvent
-  - ExAcquireFastMutex
-  - ExReleaseFastMutex
-  - KeSetEvent
-  - KeWaitForSingleObject
-  - KeResetEvent
-  - KeAcquireSpinLockRaiseToDpc
-  - KeReleaseSpinLock
-  - KeDelayExecutionThread
-  - ZwYieldExecution
-  - ExFreePoolWithTag
-  - KeInsertQueueDpc
-  - KeSetTargetProcessorDpc
-  - KeSetImportanceDpc
-  - KeInitializeDpc
-  - ExAllocatePoolWithTag
-  - KeQueryActiveProcessors
-  - strchr
-  - PsGetCurrentProcessId
-  - IoGetCurrentProcess
-  - KeSetTimerEx
-  - KeRemoveQueueDpc
-  - KeCancelTimer
-  - KeInitializeTimerEx
-  - KeQueryTimeIncrement
-  - MmGetSystemRoutineAddress
-  - MmFreeContiguousMemory
-  - MmGetPhysicalAddress
-  - MmAllocateContiguousMemory
-  - MmUnmapIoSpace
-  - MmUnlockPages
-  - IoFreeMdl
-  - MmFreePagesFromMdl
-  - MmUnsecureVirtualMemory
-  - MmUnmapLockedPages
-  - MmProtectMdlSystemAddress
-  - MmBuildMdlForNonPagedPool
-  - IoAllocateMdl
-  - MmAllocatePagesForMdl
-  - __C_specific_handler
-  - MmSecureVirtualMemory
-  - MmProbeAndLockPages
-  - MmMapIoSpace
-  - MmMapLockedPagesSpecifyCache
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows
-      ValidFrom: '2021-09-02 18:23:41'
-      ValidTo: '2022-09-01 18:23:41'
-      Signature: 699045742c403812de1bdf9ea2be22132e82a7c006ab278e0c9f460bd435386348031a6b5cbdf450ae5a243331dcb2cc7eace8371cf71ec35a6f663147bd211ea357614e6a611eeacca6486a778d4cd788106ade12d6625574e7a89ecab4eb0bb99295c498dd5f565680a2d26bf2545e727c4204023c48d8021b608fd901c6fefd16ce0c3a669fb0ce758dc671f2cdd7434c163f9de9453e5523d94a78205c828a4615e50330d9f52a8a77f7683d2b61ff1324382d40d31001c518b56b286fbb8c754f6940590c2071385ed0a9387b529c06bf71fff89c74634550fc331b389d558696ace05787144e5af53d20a75a84981bf8380ddac3743f407d8ff27c089e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 330000033c89c66a7b45bb1fbd00000000033c
-      Version: 3
-      TBS:
-        MD5: 46f57c3b860b08484cb79066ac1014ad
-        SHA1: c1fe3ab97b834a98460e4ae92fe2468d16f61a92
-        SHA256: d78e6b22fec42de5200f6c56731dd6742c79fa2bf7c01c8dc04d3d5738474c9b
-        SHA384: d64e2d7f3cf0c23601d2d260f80e767d2e2a92fc43d93fdae6006987af96b6706d0c1e60e573e207a49334269e178e87
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Production PCA 2011
-      ValidFrom: '2011-10-19 18:41:42'
-      ValidTo: '2026-10-19 18:51:42'
-      Signature: 14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: '61077656000000000008'
-      Version: 3
-      TBS:
-        MD5: 30a3f0b64324ed7f465e7fc618cb69e7
-        SHA1: 002de3561519b662c5e3f5faba1b92c403fb7c41
-        SHA256: 4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146
-        SHA384: 4f9a02c3eac5e83c38074d54c0bf270e03a1d668e0001c9812c509eb08a19075ee778a7630e65598e4608fc66e2d1c66
-    Signer:
-    - SerialNumber: 330000033c89c66a7b45bb1fbd00000000033c
-      Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Production PCA 2011
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 778da7e612af67a3de121ab863ceed34
-    SHA1: 4c054a77104d0843f0a0f79ba3cdd6f7a500a261
-    SHA256: c7ad11fb172299df62c32563cb4c0c6c44c833b76897b86057a544ce552b39ca
-  Sections:
-    .text:
-      Entropy: 6.374436237194225
-      Virtual Size: '0x14d26'
-    .rdata:
-      Entropy: 5.492063385586473
-      Virtual Size: '0x6ca4'
-    .data:
-      Entropy: 2.136306008585543
-      Virtual Size: '0x35b4'
-    .pdata:
-      Entropy: 5.201973567849435
-      Virtual Size: '0x1f20'
-    .edata:
-      Entropy: 5.704943815176372
-      Virtual Size: '0x14d5'
-    INIT:
-      Entropy: 4.983784792331664
-      Virtual Size: '0x6fc'
-    .rsrc:
-      Entropy: 3.308916632980912
-      Virtual Size: '0x398'
-    .reloc:
-      Entropy: 4.900332523869931
-      Virtual Size: '0x672'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2009-04-07 12:30:47'
-  Imphash: 6723b1d5bd0f1fc13216cb44541e619e
-  LoadsDespiteHVCI: 'TRUE'
-- Filename: VBoxDrv.sys
-  MD5: 443689645455987cb347154b391f734d
-  SHA1: 2fed7eddd63f10ed4649d9425b94f86140f91385
-  SHA256: c8940e2e9b069ec94f9f711150b313b437f8429f78d522810601b6ee8b52bada
-  Authentihash:
-    MD5: ed53ea124ed4c30df39c29a4f5b01182
-    SHA1: 2903352a4e038c68c044a48edebd118af7e80098
-    SHA256: 79e3b14b68f1fcf805ccfe7bc2dc81b98346d2e83a6335816b276970e2e2691a
-  Description: VirtualBox Support Driver
-  Company: Sun Microsystems, Inc.
-  InternalName: VBoxDrv.sys
-  OriginalFilename: VBoxDrv.sys
-  FileVersion: 2.2.4.r47978
-  Product: Sun VirtualBox
-  ProductVersion: 2.2.4.r47978
-  Copyright: Copyright (C) 2009 Sun Microsystems, Inc.
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions:
-  - AssertMsg1
-  - AssertMsg2
-  - RTAssertShouldPanic
-  - RTErrConvertFromNtStatus
-  - RTLogCloneRC
-  - RTLogComPrintf
-  - RTLogComPrintfV
-  - RTLogCopyGroupsAndFlags
-  - RTLogCreate
-  - RTLogCreateEx
-  - RTLogCreateExV
-  - RTLogDefaultInit
-  - RTLogDefaultInstance
-  - RTLogDestroy
-  - RTLogFlags
-  - RTLogFlush
-  - RTLogFlushRC
-  - RTLogFlushToLogger
-  - RTLogFormatV
-  - RTLogGetDefaultInstance
-  - RTLogGroupSettings
-  - RTLogLogger
-  - RTLogLoggerEx
-  - RTLogLoggerExV
-  - RTLogLoggerV
-  - RTLogPrintf
-  - RTLogPrintfV
-  - RTLogRelDefaultInstance
-  - RTLogRelLoggerV
-  - RTLogRelPrintfV
-  - RTLogRelSetDefaultInstance
-  - RTLogSetDefaultInstance
-  - RTLogSetDefaultInstanceThread
-  - RTLogWriteCom
-  - RTLogWriteDebugger
-  - RTLogWriteStdErr
-  - RTLogWriteStdOut
-  - RTLogWriteUser
-  - RTMemAlloc
-  - RTMemAllocZ
-  - RTMemContAlloc
-  - RTMemContFree
-  - RTMemDup
-  - RTMemDupEx
-  - RTMemExecAlloc
-  - RTMemExecFree
-  - RTMemFree
-  - RTMemRealloc
-  - RTMemTmpAlloc
-  - RTMemTmpAllocZ
-  - RTMemTmpFree
-  - RTMpCpuId
-  - RTMpCpuIdFromSetIndex
-  - RTMpCpuIdToSetIndex
-  - RTMpGetCount
-  - RTMpGetMaxCpuId
-  - RTMpGetOnlineCount
-  - RTMpGetOnlineSet
-  - RTMpGetSet
-  - RTMpIsCpuOnline
-  - RTMpIsCpuPossible
-  - RTMpIsCpuWorkPending
-  - RTMpNotificationDeregister
-  - RTMpNotificationRegister
-  - RTMpOnAll
-  - RTMpOnOthers
-  - RTMpOnSpecific
-  - RTPowerNotificationDeregister
-  - RTPowerNotificationRegister
-  - RTPowerSignalEvent
-  - RTProcSelf
-  - RTR0Init
-  - RTR0MemObjAddress
-  - RTR0MemObjAddressR3
-  - RTR0MemObjAllocCont
-  - RTR0MemObjAllocLow
-  - RTR0MemObjAllocPage
-  - RTR0MemObjAllocPhys
-  - RTR0MemObjAllocPhysNC
-  - RTR0MemObjEnterPhys
-  - RTR0MemObjFree
-  - RTR0MemObjGetPagePhysAddr
-  - RTR0MemObjIsMapping
-  - RTR0MemObjLockKernel
-  - RTR0MemObjLockUser
-  - RTR0MemObjMapKernel
-  - RTR0MemObjMapKernelEx
-  - RTR0MemObjMapUser
-  - RTR0MemObjReserveKernel
-  - RTR0MemObjReserveUser
-  - RTR0MemObjSize
-  - RTR0ProcHandleSelf
-  - RTR0Term
-  - RTSemEventCreate
-  - RTSemEventDestroy
-  - RTSemEventMultiCreate
-  - RTSemEventMultiDestroy
-  - RTSemEventMultiReset
-  - RTSemEventMultiSignal
-  - RTSemEventMultiWait
-  - RTSemEventMultiWaitNoResume
-  - RTSemEventSignal
-  - RTSemEventWait
-  - RTSemEventWaitNoResume
-  - RTSemFastMutexCreate
-  - RTSemFastMutexDestroy
-  - RTSemFastMutexRelease
-  - RTSemFastMutexRequest
-  - RTSpinlockAcquire
-  - RTSpinlockAcquireNoInts
-  - RTSpinlockCreate
-  - RTSpinlockDestroy
-  - RTSpinlockRelease
-  - RTSpinlockReleaseNoInts
-  - RTStrFormat
-  - RTStrFormatNumber
-  - RTStrFormatTypeDeregister
-  - RTStrFormatTypeRegister
-  - RTStrFormatTypeSetUser
-  - RTStrFormatV
-  - RTStrPrintf
-  - RTStrPrintfEx
-  - RTStrPrintfExV
-  - RTStrPrintfV
-  - RTStrToInt16
-  - RTStrToInt16Ex
-  - RTStrToInt16Full
-  - RTStrToInt32
-  - RTStrToInt32Ex
-  - RTStrToInt32Full
-  - RTStrToInt64
-  - RTStrToInt64Ex
-  - RTStrToInt64Full
-  - RTStrToInt8
-  - RTStrToInt8Ex
-  - RTStrToInt8Full
-  - RTStrToUInt16
-  - RTStrToUInt16Ex
-  - RTStrToUInt16Full
-  - RTStrToUInt32
-  - RTStrToUInt32Ex
-  - RTStrToUInt32Full
-  - RTStrToUInt64
-  - RTStrToUInt64Ex
-  - RTStrToUInt64Full
-  - RTStrToUInt8
-  - RTStrToUInt8Ex
-  - RTStrToUInt8Full
-  - RTThreadNativeSelf
-  - RTThreadPreemptDisable
-  - RTThreadPreemptIsEnabled
-  - RTThreadPreemptRestore
-  - RTThreadSleep
-  - RTThreadYield
-  - RTTimeMilliTS
-  - RTTimeNanoTS
-  - RTTimeNow
-  - RTTimeSystemMilliTS
-  - RTTimeSystemNanoTS
-  - RTTimerCreateEx
-  - RTTimerDestroy
-  - RTTimerGetSystemGranularity
-  - RTTimerReleaseSystemGranularity
-  - RTTimerRequestSystemGranularity
-  - RTTimerStart
-  - RTTimerStop
-  - SUPR0ComponentDeregisterFactory
-  - SUPR0ComponentQueryFactory
-  - SUPR0ComponentRegisterFactory
-  - SUPR0ContAlloc
-  - SUPR0ContFree
-  - SUPR0EnableVTx
-  - SUPR0GetPagingMode
-  - SUPR0GipMap
-  - SUPR0GipUnmap
-  - SUPR0LockMem
-  - SUPR0LowAlloc
-  - SUPR0LowFree
-  - SUPR0MemAlloc
-  - SUPR0MemFree
-  - SUPR0MemGetPhys
-  - SUPR0ObjAddRef
-  - SUPR0ObjAddRefEx
-  - SUPR0ObjRegister
-  - SUPR0ObjRelease
-  - SUPR0ObjVerifyAccess
-  - SUPR0PageAlloc
-  - SUPR0PageAllocEx
-  - SUPR0PageFree
-  - SUPR0PageMapKernel
-  - SUPR0UnlockMem
-  - g_szRTAssertMsg1
-  - g_szRTAssertMsg2
-  ImportedFunctions:
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - ObfDereferenceObject
-  - ExUnregisterCallback
-  - IofCompleteRequest
-  - DbgPrint
-  - IoIs32bitProcess
-  - ExRegisterCallback
-  - ExCreateCallback
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - IoGetStackLimits
-  - memchr
-  - strncmp
-  - KeInitializeEvent
-  - ExAcquireFastMutex
-  - ExReleaseFastMutex
-  - KeSetEvent
-  - KeWaitForSingleObject
-  - KeResetEvent
-  - KeAcquireSpinLockRaiseToDpc
-  - KeReleaseSpinLock
-  - KeDelayExecutionThread
-  - ZwYieldExecution
-  - ExFreePoolWithTag
-  - KeInsertQueueDpc
-  - KeSetTargetProcessorDpc
-  - KeSetImportanceDpc
-  - KeInitializeDpc
-  - ExAllocatePoolWithTag
-  - KeQueryActiveProcessors
-  - strchr
-  - PsGetCurrentProcessId
-  - IoGetCurrentProcess
-  - KeSetTimerEx
-  - KeRemoveQueueDpc
-  - KeCancelTimer
-  - KeInitializeTimerEx
-  - KeQueryTimeIncrement
-  - MmGetSystemRoutineAddress
-  - MmFreeContiguousMemory
-  - MmGetPhysicalAddress
-  - MmAllocateContiguousMemory
-  - MmUnmapIoSpace
-  - MmUnlockPages
-  - IoFreeMdl
-  - MmFreePagesFromMdl
-  - MmUnsecureVirtualMemory
-  - MmUnmapLockedPages
-  - MmProtectMdlSystemAddress
-  - MmBuildMdlForNonPagedPool
-  - IoAllocateMdl
-  - MmAllocatePagesForMdl
-  - __C_specific_handler
-  - MmSecureVirtualMemory
-  - MmProbeAndLockPages
-  - MmMapIoSpace
-  - MmMapLockedPagesSpecifyCache
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=US, ST=California, L=Menlo Park, O=Sun Microsystems, Inc., OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, CN=Sun Microsystems, Inc.
-      ValidFrom: '2008-06-11 00:00:00'
-      ValidTo: '2011-06-11 23:59:59'
-      Signature: 537c2adf2d3f7cf7cfc86476029fe81f7b8f12596a595cda0d5fbbfd227cce6bce2f8ad1af7fbb1a92a8b8de23a8797748094aae39bc845308e3ccd8fb9dc09b51bdf7b26c4eb8fb4052a8bdc714eaf36fca04d720e06798e36308c2fcaf50c48e61087a3ba0c4b0e77972a69af1ecc9d05e3f001e02ad94db98aa5e1453b541b0c257337fd78bb0372dc7841987424e0abce9cb1f0102a934bd037475b39cfe29dc27e77b3eb89fe805f8c6b1574d768dd2805d1a4b98143b7b6208abfebe7645a607084b1fd13ec7f088ac49cd5adc916090bcebe2e63786a7b80a009abd81349a9f34e135a7f4a2d569be474fe316b1b9f06ddf4d90a6650f7340181a27e1
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 693a64818c1e086b1b15aee63fa054a2
-      Version: 3
-      TBS:
-        MD5: 50b256a55cdc23561dd4aa76abed4fd9
-        SHA1: b3ee591b9218cfdcd394180558bd01bb674df627
-        SHA256: fc1c2199740f069b26f02d81313408734051ecb7fa216b2a86458938fac6a909
-        SHA384: 81c9c8b202f6fe3354dd5503ef9ee6d418b9a28064968506bc2c49d7bd0efbaa9da9ce51d7c384992aa531ca905442a7
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 693a64818c1e086b1b15aee63fa054a2
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 778da7e612af67a3de121ab863ceed34
-    SHA1: 4c054a77104d0843f0a0f79ba3cdd6f7a500a261
-    SHA256: c7ad11fb172299df62c32563cb4c0c6c44c833b76897b86057a544ce552b39ca
-  Sections:
-    .text:
-      Entropy: 6.374380491704822
-      Virtual Size: '0x14d26'
-    .rdata:
-      Entropy: 5.4914437952124455
-      Virtual Size: '0x6ca4'
-    .data:
-      Entropy: 2.136306008585543
-      Virtual Size: '0x35b4'
-    .pdata:
-      Entropy: 5.201973567849435
-      Virtual Size: '0x1f20'
-    .edata:
-      Entropy: 5.703304599123732
-      Virtual Size: '0x14d5'
-    INIT:
-      Entropy: 4.983784792331664
-      Virtual Size: '0x6fc'
-    .rsrc:
-      Entropy: 3.3208922490557096
-      Virtual Size: '0x398'
-    .reloc:
-      Entropy: 4.900332523869931
-      Virtual Size: '0x672'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2009-05-29 11:54:09'
-  Imphash: 6723b1d5bd0f1fc13216cb44541e619e
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: VBoxDrv.sys
-  MD5: 6beb1d8146f5a4aaa2f7b8c0c9bced30
-  SHA1: 07f62d9b6321bed0008e106e9ce4240cb3f76da2
-  SHA256: cfb7af8ac67a379e7869289aeee21837c448ea6f8ab6c93988e7aa423653bd40
-  Authentihash:
-    MD5: 71bbd7b5164d35bc41d5a7f61a2d81f0
-    SHA1: eec7692de436743eed432729fb620c5da3d5318f
-    SHA256: 1c9c86ba5ae540bb5729626cdaec89ca421f8129e4bbf6e1ea49c532b44ea0c9
-  Description: VirtualBox Support Driver
-  Company: Vektor T13 Security Service
-  InternalName: VBoxDrv
-  OriginalFilename: VBoxDrv.sys
-  FileVersion: 1.4.0.119230
-  Product: Antidetect 2019 Public
-  ProductVersion: 1.4.0.119230
-  Copyright: Copyright (C) 2009-2019 Oracle Corporation
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions:
-  - ASMAtomicBitClear
-  - ASMAtomicXchgU16
-  - ASMAtomicXchgU8
-  - ASMGetCS
-  - ASMGetDS
-  - ASMGetES
-  - ASMGetFS
-  - ASMGetGS
-  - ASMGetIDTR
-  - ASMGetSS
-  - ASMMultU64ByU32DivByU32
-  - ASMNopPause
-  - RTAssertAreQuiet
-  - RTAssertMayPanic
-  - RTAssertMsg1
-  - RTAssertMsg1Weak
-  - RTAssertMsg2AddV
-  - RTAssertMsg2V
-  - RTAssertMsg2Weak
-  - RTAssertMsg2WeakV
-  - RTAssertSetMayPanic
-  - RTAssertSetQuiet
-  - RTAssertShouldPanic
-  - RTAvlPVDestroy
-  - RTAvlPVDoWithAll
-  - RTAvlPVGet
-  - RTAvlPVGetBestFit
-  - RTAvlPVInsert
-  - RTAvlPVRemove
-  - RTAvlPVRemoveBestFit
-  - RTCrc32
-  - RTCrc32Finish
-  - RTCrc32Process
-  - RTCrc32Start
-  - RTErrConvertFromErrno
-  - RTErrConvertFromNtStatus
-  - RTErrConvertToErrno
-  - RTErrInfoAdd
-  - RTErrInfoAddF
-  - RTErrInfoAddV
-  - RTErrInfoSet
-  - RTErrInfoSetF
-  - RTErrInfoSetV
-  - RTErrVarsAreEqual
-  - RTErrVarsHaveChanged
-  - RTErrVarsRestore
-  - RTErrVarsSave
-  - RTHandleTableAllocWithCtx
-  - RTHandleTableCreate
-  - RTHandleTableCreateEx
-  - RTHandleTableDestroy
-  - RTHandleTableFreeWithCtx
-  - RTHandleTableLookupWithCtx
-  - RTLatin1CalcUtf8Len
-  - RTLatin1CalcUtf8LenEx
-  - RTLatin1ToUtf8ExTag
-  - RTLatin1ToUtf8Tag
-  - RTLogClearFileDelayFlag
-  - RTLogCloneRC
-  - RTLogComPrintf
-  - RTLogComPrintfV
-  - RTLogCreate
-  - RTLogCreateEx
-  - RTLogCreateExV
-  - RTLogDefaultInit
-  - RTLogDefaultInstance
-  - RTLogDefaultInstanceEx
-  - RTLogDestinations
-  - RTLogDestroy
-  - RTLogDumpPrintfV
-  - RTLogFlags
-  - RTLogFlush
-  - RTLogFlushRC
-  - RTLogFlushToLogger
-  - RTLogFormatV
-  - RTLogGetDefaultInstance
-  - RTLogGetDefaultInstanceEx
-  - RTLogGetDestinations
-  - RTLogGetFlags
-  - RTLogGetGroupSettings
-  - RTLogGroupSettings
-  - RTLogLogger
-  - RTLogLoggerEx
-  - RTLogLoggerExV
-  - RTLogLoggerV
-  - RTLogPrintf
-  - RTLogPrintfV
-  - RTLogRelGetDefaultInstance
-  - RTLogRelGetDefaultInstanceEx
-  - RTLogRelLoggerV
-  - RTLogRelPrintfV
-  - RTLogRelSetBuffering
-  - RTLogRelSetDefaultInstance
-  - RTLogSetBuffering
-  - RTLogSetCustomPrefixCallback
-  - RTLogSetDefaultInstance
-  - RTLogSetDefaultInstanceThread
-  - RTLogWriteCom
-  - RTLogWriteDebugger
-  - RTLogWriteStdErr
-  - RTLogWriteStdOut
-  - RTLogWriteUser
-  - RTMemAllocExTag
-  - RTMemAllocTag
-  - RTMemAllocVarTag
-  - RTMemAllocZTag
-  - RTMemAllocZVarTag
-  - RTMemContAlloc
-  - RTMemContFree
-  - RTMemDupExTag
-  - RTMemDupTag
-  - RTMemExecAllocTag
-  - RTMemExecFree
-  - RTMemFree
-  - RTMemFreeEx
-  - RTMemReallocTag
-  - RTMemTmpAllocTag
-  - RTMemTmpAllocZTag
-  - RTMemTmpFree
-  - RTMpCpuId
-  - RTMpCpuIdFromSetIndex
-  - RTMpCpuIdToSetIndex
-  - RTMpCurSetIndex
-  - RTMpCurSetIndexAndId
-  - RTMpGetArraySize
-  - RTMpGetCount
-  - RTMpGetCpuGroupCounts
-  - RTMpGetMaxCpuGroupCount
-  - RTMpGetMaxCpuId
-  - RTMpGetOnlineCoreCount
-  - RTMpGetOnlineCount
-  - RTMpGetOnlineSet
-  - RTMpGetPresentCoreCount
-  - RTMpGetPresentCount
-  - RTMpGetPresentSet
-  - RTMpGetSet
-  - RTMpIsCpuOnline
-  - RTMpIsCpuPossible
-  - RTMpIsCpuPresent
-  - RTMpIsCpuWorkPending
-  - RTMpNotificationDeregister
-  - RTMpNotificationRegister
-  - RTMpOnAll
-  - RTMpOnAllIsConcurrentSafe
-  - RTMpOnOthers
-  - RTMpOnPair
-  - RTMpOnPairIsConcurrentExecSupported
-  - RTMpOnSpecific
-  - RTMpPokeCpu
-  - RTMpSetIndexFromCpuGroupMember
-  - RTNetIPv4AddDataChecksum
-  - RTNetIPv4AddTCPChecksum
-  - RTNetIPv4AddUDPChecksum
-  - RTNetIPv4FinalizeChecksum
-  - RTNetIPv4HdrChecksum
-  - RTNetIPv4IsDHCPValid
-  - RTNetIPv4IsHdrValid
-  - RTNetIPv4IsTCPSizeValid
-  - RTNetIPv4IsTCPValid
-  - RTNetIPv4IsUDPSizeValid
-  - RTNetIPv4IsUDPValid
-  - RTNetIPv4PseudoChecksum
-  - RTNetIPv4PseudoChecksumBits
-  - RTNetIPv4TCPChecksum
-  - RTNetIPv4UDPChecksum
-  - RTNetIPv6PseudoChecksum
-  - RTNetIPv6PseudoChecksumBits
-  - RTNetIPv6PseudoChecksumEx
-  - RTNetTCPChecksum
-  - RTNetUDPChecksum
-  - RTOnceReset
-  - RTOnceSlow
-  - RTPowerNotificationDeregister
-  - RTPowerNotificationRegister
-  - RTPowerSignalEvent
-  - RTProcSelf
-  - RTR0AssertPanicSystem
-  - RTR0Init
-  - RTR0MemAreKrnlAndUsrDifferent
-  - RTR0MemKernelCopyFrom
-  - RTR0MemKernelCopyTo
-  - RTR0MemKernelIsValidAddr
-  - RTR0MemObjAddress
-  - RTR0MemObjAddressR3
-  - RTR0MemObjAllocContTag
-  - RTR0MemObjAllocLowTag
-  - RTR0MemObjAllocPageTag
-  - RTR0MemObjAllocPhysExTag
-  - RTR0MemObjAllocPhysNCTag
-  - RTR0MemObjAllocPhysTag
-  - RTR0MemObjEnterPhysTag
-  - RTR0MemObjFree
-  - RTR0MemObjGetPagePhysAddr
-  - RTR0MemObjIsMapping
-  - RTR0MemObjLockKernelTag
-  - RTR0MemObjLockUserTag
-  - RTR0MemObjMapKernelExTag
-  - RTR0MemObjMapKernelTag
-  - RTR0MemObjMapUserTag
-  - RTR0MemObjProtect
-  - RTR0MemObjReserveKernelTag
-  - RTR0MemObjReserveUserTag
-  - RTR0MemObjSize
-  - RTR0MemUserCopyFrom
-  - RTR0MemUserCopyTo
-  - RTR0MemUserIsValidAddr
-  - RTR0ProcHandleSelf
-  - RTR0Term
-  - RTR0TermForced
-  - RTSemEventCreate
-  - RTSemEventCreateEx
-  - RTSemEventDestroy
-  - RTSemEventGetResolution
-  - RTSemEventMultiCreate
-  - RTSemEventMultiCreateEx
-  - RTSemEventMultiDestroy
-  - RTSemEventMultiGetResolution
-  - RTSemEventMultiReset
-  - RTSemEventMultiSignal
-  - RTSemEventMultiWait
-  - RTSemEventMultiWaitEx
-  - RTSemEventMultiWaitExDebug
-  - RTSemEventMultiWaitNoResume
-  - RTSemEventSignal
-  - RTSemEventWait
-  - RTSemEventWaitEx
-  - RTSemEventWaitExDebug
-  - RTSemEventWaitNoResume
-  - RTSemFastMutexCreate
-  - RTSemFastMutexDestroy
-  - RTSemFastMutexRelease
-  - RTSemFastMutexRequest
-  - RTSemMutexCreate
-  - RTSemMutexCreateEx
-  - RTSemMutexDestroy
-  - RTSemMutexIsOwned
-  - RTSemMutexRelease
-  - RTSemMutexRequest
-  - RTSemMutexRequestDebug
-  - RTSemMutexRequestNoResume
-  - RTSemMutexRequestNoResumeDebug
-  - RTSemSpinMutexCreate
-  - RTSemSpinMutexDestroy
-  - RTSemSpinMutexRelease
-  - RTSemSpinMutexRequest
-  - RTSemSpinMutexTryRequest
-  - RTSpinlockAcquire
-  - RTSpinlockCreate
-  - RTSpinlockDestroy
-  - RTSpinlockRelease
-  - RTStrAAppendNTag
-  - RTStrAAppendTag
-  - RTStrATruncateTag
-  - RTStrAllocExTag
-  - RTStrAllocTag
-  - RTStrCalcLatin1Len
-  - RTStrCalcLatin1LenEx
-  - RTStrCalcUtf16Len
-  - RTStrCalcUtf16LenEx
-  - RTStrCat
-  - RTStrConvertHexBytes
-  - RTStrCopy
-  - RTStrCopyEx
-  - RTStrCopyP
-  - RTStrDupExTag
-  - RTStrDupNTag
-  - RTStrDupTag
-  - RTStrFormat
-  - RTStrFormatNumber
-  - RTStrFormatTypeDeregister
-  - RTStrFormatTypeRegister
-  - RTStrFormatTypeSetUser
-  - RTStrFormatV
-  - RTStrFree
-  - RTStrGetCpExInternal
-  - RTStrGetCpInternal
-  - RTStrGetCpNExInternal
-  - RTStrIsValidEncoding
-  - RTStrNCmp
-  - RTStrPrevCp
-  - RTStrPrintf
-  - RTStrPrintfEx
-  - RTStrPrintfExV
-  - RTStrPrintfV
-  - RTStrPurgeComplementSet
-  - RTStrPurgeEncoding
-  - RTStrPutCpInternal
-  - RTStrReallocTag
-  - RTStrToInt16
-  - RTStrToInt16Ex
-  - RTStrToInt16Full
-  - RTStrToInt32
-  - RTStrToInt32Ex
-  - RTStrToInt32Full
-  - RTStrToInt64
-  - RTStrToInt64Ex
-  - RTStrToInt64Full
-  - RTStrToInt8
-  - RTStrToInt8Ex
-  - RTStrToInt8Full
-  - RTStrToLatin1ExTag
-  - RTStrToLatin1Tag
-  - RTStrToUInt16
-  - RTStrToUInt16Ex
-  - RTStrToUInt16Full
-  - RTStrToUInt32
-  - RTStrToUInt32Ex
-  - RTStrToUInt32Full
-  - RTStrToUInt64
-  - RTStrToUInt64Ex
-  - RTStrToUInt64Full
-  - RTStrToUInt8
-  - RTStrToUInt8Ex
-  - RTStrToUInt8Full
-  - RTStrToUni
-  - RTStrToUniEx
-  - RTStrToUtf16BigExTag
-  - RTStrToUtf16BigTag
-  - RTStrToUtf16ExTag
-  - RTStrToUtf16Tag
-  - RTStrUniLen
-  - RTStrUniLenEx
-  - RTStrValidateEncoding
-  - RTStrValidateEncodingEx
-  - RTTermDeregisterCallback
-  - RTTermRegisterCallback
-  - RTTermRunCallbacks
-  - RTThreadCreate
-  - RTThreadCreateF
-  - RTThreadCreateV
-  - RTThreadCtxHookCreate
-  - RTThreadCtxHookDestroy
-  - RTThreadCtxHookDisable
-  - RTThreadCtxHookEnable
-  - RTThreadCtxHookIsEnabled
-  - RTThreadFromNative
-  - RTThreadGetName
-  - RTThreadGetNative
-  - RTThreadGetType
-  - RTThreadIsInInterrupt
-  - RTThreadIsInitialized
-  - RTThreadIsMain
-  - RTThreadIsSelfAlive
-  - RTThreadIsSelfKnown
-  - RTThreadNativeSelf
-  - RTThreadPreemptDisable
-  - RTThreadPreemptIsEnabled
-  - RTThreadPreemptIsPending
-  - RTThreadPreemptIsPendingTrusty
-  - RTThreadPreemptIsPossible
-  - RTThreadPreemptRestore
-  - RTThreadSelf
-  - RTThreadSelfName
-  - RTThreadSetName
-  - RTThreadSetType
-  - RTThreadSleep
-  - RTThreadUserReset
-  - RTThreadUserSignal
-  - RTThreadUserWait
-  - RTThreadUserWaitNoResume
-  - RTThreadWait
-  - RTThreadWaitNoResume
-  - RTThreadYield
-  - RTTimeExplode
-  - RTTimeFromString
-  - RTTimeImplode
-  - RTTimeIsLeapYear
-  - RTTimeMilliTS
-  - RTTimeNanoTS
-  - RTTimeNormalize
-  - RTTimeNow
-  - RTTimeSpecFromString
-  - RTTimeSpecToString
-  - RTTimeSystemMilliTS
-  - RTTimeSystemNanoTS
-  - RTTimeToString
-  - RTTimerCanDoHighResolution
-  - RTTimerChangeInterval
-  - RTTimerCreate
-  - RTTimerCreateEx
-  - RTTimerDestroy
-  - RTTimerGetSystemGranularity
-  - RTTimerReleaseSystemGranularity
-  - RTTimerRequestSystemGranularity
-  - RTTimerStart
-  - RTTimerStop
-  - RTUuidClear
-  - RTUuidCompare
-  - RTUuidCompare2Strs
-  - RTUuidCompareStr
-  - RTUuidFromStr
-  - RTUuidFromUtf16
-  - RTUuidIsNull
-  - RTUuidToStr
-  - RTUuidToUtf16
-  - SUPGetCpuHzFromGipForAsyncMode
-  - SUPGetGIP
-  - SUPGetTscDeltaSlow
-  - SUPIsTscFreqCompatible
-  - SUPIsTscFreqCompatibleEx
-  - SUPR0BadContext
-  - SUPR0ChangeCR4
-  - SUPR0ComponentDeregisterFactory
-  - SUPR0ComponentQueryFactory
-  - SUPR0ComponentRegisterFactory
-  - SUPR0ContAlloc
-  - SUPR0ContFree
-  - SUPR0EnableVTx
-  - SUPR0GetCurrentGdtRw
-  - SUPR0GetKernelFeatures
-  - SUPR0GetPagingMode
-  - SUPR0GetSessionGVM
-  - SUPR0GetSessionVM
-  - SUPR0GetSvmUsability
-  - SUPR0GetVmxUsability
-  - SUPR0GipMap
-  - SUPR0GipUnmap
-  - SUPR0LockMem
-  - SUPR0LowAlloc
-  - SUPR0LowFree
-  - SUPR0MemAlloc
-  - SUPR0MemFree
-  - SUPR0MemGetPhys
-  - SUPR0ObjAddRef
-  - SUPR0ObjAddRefEx
-  - SUPR0ObjRegister
-  - SUPR0ObjRelease
-  - SUPR0ObjVerifyAccess
-  - SUPR0PageAllocEx
-  - SUPR0PageFree
-  - SUPR0PageMapKernel
-  - SUPR0PageProtect
-  - SUPR0Printf
-  - SUPR0QueryUcodeRev
-  - SUPR0QueryVTCaps
-  - SUPR0ResumeVTxOnCpu
-  - SUPR0SetSessionVM
-  - SUPR0SuspendVTxOnCpu
-  - SUPR0TracerDeregisterDrv
-  - SUPR0TracerDeregisterImpl
-  - SUPR0TracerFireProbe
-  - SUPR0TracerRegisterDrv
-  - SUPR0TracerRegisterImpl
-  - SUPR0TracerRegisterModule
-  - SUPR0TracerUmodProbeFire
-  - SUPR0TscDeltaMeasureBySetIndex
-  - SUPR0UnlockMem
-  - SUPReadTscWithDelta
-  - SUPSemEventClose
-  - SUPSemEventCreate
-  - SUPSemEventGetResolution
-  - SUPSemEventMultiClose
-  - SUPSemEventMultiCreate
-  - SUPSemEventMultiGetResolution
-  - SUPSemEventMultiReset
-  - SUPSemEventMultiSignal
-  - SUPSemEventMultiWait
-  - SUPSemEventMultiWaitNoResume
-  - SUPSemEventMultiWaitNsAbsIntr
-  - SUPSemEventMultiWaitNsRelIntr
-  - SUPSemEventSignal
-  - SUPSemEventWait
-  - SUPSemEventWaitNoResume
-  - SUPSemEventWaitNsAbsIntr
-  - SUPSemEventWaitNsRelIntr
-  - g_pSUPGlobalInfoPage
-  - g_pszRTAssertExpr
-  - g_pszRTAssertFile
-  - g_pszRTAssertFunction
-  - g_szRTAssertMsg1
-  - g_szRTAssertMsg2
-  - g_u32RTAssertLine
-  ImportedFunctions:
-  - strchr
-  - IoDeleteDevice
-  - IoCreateDevice
-  - RtlInitUnicodeString
-  - ObfDereferenceObject
-  - ExUnregisterCallback
-  - IofCompleteRequest
-  - __C_specific_handler
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - IoIs32bitProcess
-  - ZwSetSystemInformation
-  - ExRegisterCallback
-  - ExCreateCallback
-  - MmGetSystemRoutineAddress
-  - RtlQueryRegistryValues
-  - DbgPrint
-  - KeSetTimerEx
-  - KeInsertQueueDpc
-  - KeRemoveQueueDpc
-  - KeCancelTimer
-  - KeSetImportanceDpc
-  - KeInitializeDpc
-  - KeInitializeTimerEx
-  - KeQueryTimeIncrement
-  - KeDelayExecutionThread
-  - ZwYieldExecution
-  - KeSetPriorityThread
-  - KeWaitForSingleObject
-  - ZwClose
-  - ObReferenceObjectByHandle
-  - PsCreateSystemThread
-  - KeAcquireSpinLockRaiseToDpc
-  - KeReleaseSpinLock
-  - KeInitializeMutex
-  - KeReleaseMutex
-  - KeReadStateMutex
-  - KeInitializeEvent
-  - ExAcquireFastMutex
-  - ExReleaseFastMutex
-  - KeSetEvent
-  - KeResetEvent
-  - PsGetCurrentProcessId
-  - IoGetCurrentProcess
-  - ProbeForRead
-  - ProbeForWrite
-  - MmHighestUserAddress
-  - MmSystemRangeStart
-  - KeSetTargetProcessorDpc
-  - KeNumberProcessors
-  - PsGetVersion
-  - MmIsAddressValid
-  - MmUnmapIoSpace
-  - MmUnlockPages
-  - MmFreeContiguousMemory
-  - IoFreeMdl
-  - MmFreePagesFromMdl
-  - MmUnsecureVirtualMemory
-  - MmUnmapLockedPages
-  - MmProtectMdlSystemAddress
-  - MmBuildMdlForNonPagedPool
-  - IoAllocateMdl
-  - MmAllocateContiguousMemorySpecifyCache
-  - MmAllocatePagesForMdl
-  - MmSecureVirtualMemory
-  - MmProbeAndLockPages
-  - MmMapIoSpace
-  - MmMapLockedPagesSpecifyCache
-  - MmGetPhysicalAddress
-  - MmAllocateContiguousMemory
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: CN=Vektor T13 Technology
-      ValidFrom: '2018-08-10 07:42:52'
-      ValidTo: '2039-12-31 23:59:59'
-      Signature: 4819acb135277102eb22d1ebf53707b6651b1dac668cbe264acefb52a0567dee778627ae98f2f8a69142e210ed9a585a826bea9339108f6cc8567a8a0d3b471dde8e932b4d7b466e657e0592faa7578e548c1d1f3b746190fac243e75735ad18bb9cf901d94d92ed4bfbe7729d439bdd300a6cb5fb75d17364033f92a8d15398
-      SignatureAlgorithmOID: 1.3.14.3.2.29
-      IsCertificateAuthority: true
-      SerialNumber: 4d87df1b3d1e239b405dc85d0a0bad22
-      Version: 3
-      TBS:
-        MD5: fbe18b58073fb49c37c5790f1e2065f0
-        SHA1: a0a8778312b53234bbf75e19e10664c52e0c524c
-        SHA256: 42da0182b3119325ebc53f870276cc8b9f6f4d7248d6223372fea7fc994d85a8
-        SHA384: 12140c817a8d0771e3ee4c8e1eecda708c7203c537b4a702175fb370098e2bc704fca98b9b65cf346d80845fd961ed03
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 4d87df1b3d1e239b405dc85d0a0bad22
-      Issuer: CN=Vektor T13 Technology
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 2699d722188f4664155df5d5ec416047
-    SHA1: 1d9a8b11fbf151fc371dcb9a1a3b333f0dadb1e0
-    SHA256: 6292be78ca89765e09fcf9a02d007dd8adafbf18a032d9d71e35686f922cd1f6
-  Sections:
-    .text:
-      Entropy: 6.419823737384689
-      Virtual Size: '0x2bc30'
-    .rdata:
-      Entropy: 5.946377532455778
-      Virtual Size: '0xf8c8'
-    .data:
-      Entropy: 4.260596456256825
-      Virtual Size: '0x12a40'
-    .pdata:
-      Entropy: 5.559894875195939
-      Virtual Size: '0x32c4'
-    .edata:
-      Entropy: 5.804189453998891
-      Virtual Size: '0x34f8'
-    INIT:
-      Entropy: 5.082239885482413
-      Virtual Size: '0x856'
-    .rsrc:
-      Entropy: 3.407529902677342
-      Virtual Size: '0x400'
-    .reloc:
-      Entropy: 4.078099091032765
-      Virtual Size: '0xfb8'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2019-02-04 15:27:31'
-  Imphash: 9470f56376e665fb981a35b303436041
-  LoadsDespiteHVCI: 'TRUE'
-Tags:
-- VBoxDrv.sys
+-   Filename: VBoxDrv.sys
+    MD5: b1b8e6b85dd03c7f1290b1a071fc79c1
+    SHA1: a22dead5cdf05bd2f79a4d0066ffcf01c7d303ec
+    SHA256: 26f41e4268be59f5de07552b51fa52d18d88be94f8895eb4a16de0f3940cf712
+    Authentihash:
+        MD5: 6837b5fe3a3a100c88c7cf4f0408f528
+        SHA1: d679aadb2844462deaaf069d48e7d0fc76979741
+        SHA256: 7dcd81140dc57d1d412c39940643ea923a1925815097f83788d840c1a7b57d25
+    Description: VirtualBox Support Driver
+    Company: Vektor T13 Security Service
+    InternalName: VBoxDrv
+    OriginalFilename: VBoxDrv.sys
+    FileVersion: 1.2.0.119230
+    Product: Antidetect 2018 Public by Vektor T13 (rev.05)
+    ProductVersion: 1.2.0.119230
+    Copyright: Copyright (C) 2009-2018 Oracle Corporation
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions:
+    - ASMAtomicBitClear
+    - ASMAtomicXchgU16
+    - ASMAtomicXchgU8
+    - ASMGetCS
+    - ASMGetDS
+    - ASMGetES
+    - ASMGetFS
+    - ASMGetGS
+    - ASMGetIDTR
+    - ASMGetSS
+    - ASMMultU64ByU32DivByU32
+    - ASMNopPause
+    - RTAssertAreQuiet
+    - RTAssertMayPanic
+    - RTAssertMsg1
+    - RTAssertMsg1Weak
+    - RTAssertMsg2AddV
+    - RTAssertMsg2V
+    - RTAssertMsg2Weak
+    - RTAssertMsg2WeakV
+    - RTAssertSetMayPanic
+    - RTAssertSetQuiet
+    - RTAssertShouldPanic
+    - RTAvlPVDestroy
+    - RTAvlPVDoWithAll
+    - RTAvlPVGet
+    - RTAvlPVGetBestFit
+    - RTAvlPVInsert
+    - RTAvlPVRemove
+    - RTAvlPVRemoveBestFit
+    - RTCrc32
+    - RTCrc32Finish
+    - RTCrc32Process
+    - RTCrc32Start
+    - RTErrConvertFromErrno
+    - RTErrConvertFromNtStatus
+    - RTErrConvertToErrno
+    - RTErrInfoAdd
+    - RTErrInfoAddF
+    - RTErrInfoAddV
+    - RTErrInfoSet
+    - RTErrInfoSetF
+    - RTErrInfoSetV
+    - RTErrVarsAreEqual
+    - RTErrVarsHaveChanged
+    - RTErrVarsRestore
+    - RTErrVarsSave
+    - RTHandleTableAllocWithCtx
+    - RTHandleTableCreate
+    - RTHandleTableCreateEx
+    - RTHandleTableDestroy
+    - RTHandleTableFreeWithCtx
+    - RTHandleTableLookupWithCtx
+    - RTLatin1CalcUtf8Len
+    - RTLatin1CalcUtf8LenEx
+    - RTLatin1ToUtf8ExTag
+    - RTLatin1ToUtf8Tag
+    - RTLogClearFileDelayFlag
+    - RTLogCloneRC
+    - RTLogComPrintf
+    - RTLogComPrintfV
+    - RTLogCreate
+    - RTLogCreateEx
+    - RTLogCreateExV
+    - RTLogDefaultInit
+    - RTLogDefaultInstance
+    - RTLogDefaultInstanceEx
+    - RTLogDestinations
+    - RTLogDestroy
+    - RTLogDumpPrintfV
+    - RTLogFlags
+    - RTLogFlush
+    - RTLogFlushRC
+    - RTLogFlushToLogger
+    - RTLogFormatV
+    - RTLogGetDefaultInstance
+    - RTLogGetDefaultInstanceEx
+    - RTLogGetDestinations
+    - RTLogGetFlags
+    - RTLogGetGroupSettings
+    - RTLogGroupSettings
+    - RTLogLogger
+    - RTLogLoggerEx
+    - RTLogLoggerExV
+    - RTLogLoggerV
+    - RTLogPrintf
+    - RTLogPrintfV
+    - RTLogRelGetDefaultInstance
+    - RTLogRelGetDefaultInstanceEx
+    - RTLogRelLoggerV
+    - RTLogRelPrintfV
+    - RTLogRelSetBuffering
+    - RTLogRelSetDefaultInstance
+    - RTLogSetBuffering
+    - RTLogSetCustomPrefixCallback
+    - RTLogSetDefaultInstance
+    - RTLogSetDefaultInstanceThread
+    - RTLogWriteCom
+    - RTLogWriteDebugger
+    - RTLogWriteStdErr
+    - RTLogWriteStdOut
+    - RTLogWriteUser
+    - RTMemAllocExTag
+    - RTMemAllocTag
+    - RTMemAllocVarTag
+    - RTMemAllocZTag
+    - RTMemAllocZVarTag
+    - RTMemContAlloc
+    - RTMemContFree
+    - RTMemDupExTag
+    - RTMemDupTag
+    - RTMemExecAllocTag
+    - RTMemExecFree
+    - RTMemFree
+    - RTMemFreeEx
+    - RTMemReallocTag
+    - RTMemTmpAllocTag
+    - RTMemTmpAllocZTag
+    - RTMemTmpFree
+    - RTMpCpuId
+    - RTMpCpuIdFromSetIndex
+    - RTMpCpuIdToSetIndex
+    - RTMpCurSetIndex
+    - RTMpCurSetIndexAndId
+    - RTMpGetArraySize
+    - RTMpGetCount
+    - RTMpGetCpuGroupCounts
+    - RTMpGetMaxCpuGroupCount
+    - RTMpGetMaxCpuId
+    - RTMpGetOnlineCoreCount
+    - RTMpGetOnlineCount
+    - RTMpGetOnlineSet
+    - RTMpGetPresentCoreCount
+    - RTMpGetPresentCount
+    - RTMpGetPresentSet
+    - RTMpGetSet
+    - RTMpIsCpuOnline
+    - RTMpIsCpuPossible
+    - RTMpIsCpuPresent
+    - RTMpIsCpuWorkPending
+    - RTMpNotificationDeregister
+    - RTMpNotificationRegister
+    - RTMpOnAll
+    - RTMpOnAllIsConcurrentSafe
+    - RTMpOnOthers
+    - RTMpOnPair
+    - RTMpOnPairIsConcurrentExecSupported
+    - RTMpOnSpecific
+    - RTMpPokeCpu
+    - RTMpSetIndexFromCpuGroupMember
+    - RTNetIPv4AddDataChecksum
+    - RTNetIPv4AddTCPChecksum
+    - RTNetIPv4AddUDPChecksum
+    - RTNetIPv4FinalizeChecksum
+    - RTNetIPv4HdrChecksum
+    - RTNetIPv4IsDHCPValid
+    - RTNetIPv4IsHdrValid
+    - RTNetIPv4IsTCPSizeValid
+    - RTNetIPv4IsTCPValid
+    - RTNetIPv4IsUDPSizeValid
+    - RTNetIPv4IsUDPValid
+    - RTNetIPv4PseudoChecksum
+    - RTNetIPv4PseudoChecksumBits
+    - RTNetIPv4TCPChecksum
+    - RTNetIPv4UDPChecksum
+    - RTNetIPv6PseudoChecksum
+    - RTNetIPv6PseudoChecksumBits
+    - RTNetIPv6PseudoChecksumEx
+    - RTNetTCPChecksum
+    - RTNetUDPChecksum
+    - RTOnceReset
+    - RTOnceSlow
+    - RTPowerNotificationDeregister
+    - RTPowerNotificationRegister
+    - RTPowerSignalEvent
+    - RTProcSelf
+    - RTR0AssertPanicSystem
+    - RTR0Init
+    - RTR0MemAreKrnlAndUsrDifferent
+    - RTR0MemKernelCopyFrom
+    - RTR0MemKernelCopyTo
+    - RTR0MemKernelIsValidAddr
+    - RTR0MemObjAddress
+    - RTR0MemObjAddressR3
+    - RTR0MemObjAllocContTag
+    - RTR0MemObjAllocLowTag
+    - RTR0MemObjAllocPageTag
+    - RTR0MemObjAllocPhysExTag
+    - RTR0MemObjAllocPhysNCTag
+    - RTR0MemObjAllocPhysTag
+    - RTR0MemObjEnterPhysTag
+    - RTR0MemObjFree
+    - RTR0MemObjGetPagePhysAddr
+    - RTR0MemObjIsMapping
+    - RTR0MemObjLockKernelTag
+    - RTR0MemObjLockUserTag
+    - RTR0MemObjMapKernelExTag
+    - RTR0MemObjMapKernelTag
+    - RTR0MemObjMapUserTag
+    - RTR0MemObjProtect
+    - RTR0MemObjReserveKernelTag
+    - RTR0MemObjReserveUserTag
+    - RTR0MemObjSize
+    - RTR0MemUserCopyFrom
+    - RTR0MemUserCopyTo
+    - RTR0MemUserIsValidAddr
+    - RTR0ProcHandleSelf
+    - RTR0Term
+    - RTR0TermForced
+    - RTSemEventCreate
+    - RTSemEventCreateEx
+    - RTSemEventDestroy
+    - RTSemEventGetResolution
+    - RTSemEventMultiCreate
+    - RTSemEventMultiCreateEx
+    - RTSemEventMultiDestroy
+    - RTSemEventMultiGetResolution
+    - RTSemEventMultiReset
+    - RTSemEventMultiSignal
+    - RTSemEventMultiWait
+    - RTSemEventMultiWaitEx
+    - RTSemEventMultiWaitExDebug
+    - RTSemEventMultiWaitNoResume
+    - RTSemEventSignal
+    - RTSemEventWait
+    - RTSemEventWaitEx
+    - RTSemEventWaitExDebug
+    - RTSemEventWaitNoResume
+    - RTSemFastMutexCreate
+    - RTSemFastMutexDestroy
+    - RTSemFastMutexRelease
+    - RTSemFastMutexRequest
+    - RTSemMutexCreate
+    - RTSemMutexCreateEx
+    - RTSemMutexDestroy
+    - RTSemMutexIsOwned
+    - RTSemMutexRelease
+    - RTSemMutexRequest
+    - RTSemMutexRequestDebug
+    - RTSemMutexRequestNoResume
+    - RTSemMutexRequestNoResumeDebug
+    - RTSemSpinMutexCreate
+    - RTSemSpinMutexDestroy
+    - RTSemSpinMutexRelease
+    - RTSemSpinMutexRequest
+    - RTSemSpinMutexTryRequest
+    - RTSpinlockAcquire
+    - RTSpinlockCreate
+    - RTSpinlockDestroy
+    - RTSpinlockRelease
+    - RTStrAAppendNTag
+    - RTStrAAppendTag
+    - RTStrATruncateTag
+    - RTStrAllocExTag
+    - RTStrAllocTag
+    - RTStrCalcLatin1Len
+    - RTStrCalcLatin1LenEx
+    - RTStrCalcUtf16Len
+    - RTStrCalcUtf16LenEx
+    - RTStrCat
+    - RTStrConvertHexBytes
+    - RTStrCopy
+    - RTStrCopyEx
+    - RTStrCopyP
+    - RTStrDupExTag
+    - RTStrDupNTag
+    - RTStrDupTag
+    - RTStrFormat
+    - RTStrFormatNumber
+    - RTStrFormatTypeDeregister
+    - RTStrFormatTypeRegister
+    - RTStrFormatTypeSetUser
+    - RTStrFormatV
+    - RTStrFree
+    - RTStrGetCpExInternal
+    - RTStrGetCpInternal
+    - RTStrGetCpNExInternal
+    - RTStrIsValidEncoding
+    - RTStrNCmp
+    - RTStrPrevCp
+    - RTStrPrintf
+    - RTStrPrintfEx
+    - RTStrPrintfExV
+    - RTStrPrintfV
+    - RTStrPurgeComplementSet
+    - RTStrPurgeEncoding
+    - RTStrPutCpInternal
+    - RTStrReallocTag
+    - RTStrToInt16
+    - RTStrToInt16Ex
+    - RTStrToInt16Full
+    - RTStrToInt32
+    - RTStrToInt32Ex
+    - RTStrToInt32Full
+    - RTStrToInt64
+    - RTStrToInt64Ex
+    - RTStrToInt64Full
+    - RTStrToInt8
+    - RTStrToInt8Ex
+    - RTStrToInt8Full
+    - RTStrToLatin1ExTag
+    - RTStrToLatin1Tag
+    - RTStrToUInt16
+    - RTStrToUInt16Ex
+    - RTStrToUInt16Full
+    - RTStrToUInt32
+    - RTStrToUInt32Ex
+    - RTStrToUInt32Full
+    - RTStrToUInt64
+    - RTStrToUInt64Ex
+    - RTStrToUInt64Full
+    - RTStrToUInt8
+    - RTStrToUInt8Ex
+    - RTStrToUInt8Full
+    - RTStrToUni
+    - RTStrToUniEx
+    - RTStrToUtf16BigExTag
+    - RTStrToUtf16BigTag
+    - RTStrToUtf16ExTag
+    - RTStrToUtf16Tag
+    - RTStrUniLen
+    - RTStrUniLenEx
+    - RTStrValidateEncoding
+    - RTStrValidateEncodingEx
+    - RTTermDeregisterCallback
+    - RTTermRegisterCallback
+    - RTTermRunCallbacks
+    - RTThreadCreate
+    - RTThreadCreateF
+    - RTThreadCreateV
+    - RTThreadCtxHookCreate
+    - RTThreadCtxHookDestroy
+    - RTThreadCtxHookDisable
+    - RTThreadCtxHookEnable
+    - RTThreadCtxHookIsEnabled
+    - RTThreadFromNative
+    - RTThreadGetName
+    - RTThreadGetNative
+    - RTThreadGetType
+    - RTThreadIsInInterrupt
+    - RTThreadIsInitialized
+    - RTThreadIsMain
+    - RTThreadIsSelfAlive
+    - RTThreadIsSelfKnown
+    - RTThreadNativeSelf
+    - RTThreadPreemptDisable
+    - RTThreadPreemptIsEnabled
+    - RTThreadPreemptIsPending
+    - RTThreadPreemptIsPendingTrusty
+    - RTThreadPreemptIsPossible
+    - RTThreadPreemptRestore
+    - RTThreadSelf
+    - RTThreadSelfName
+    - RTThreadSetName
+    - RTThreadSetType
+    - RTThreadSleep
+    - RTThreadUserReset
+    - RTThreadUserSignal
+    - RTThreadUserWait
+    - RTThreadUserWaitNoResume
+    - RTThreadWait
+    - RTThreadWaitNoResume
+    - RTThreadYield
+    - RTTimeExplode
+    - RTTimeFromString
+    - RTTimeImplode
+    - RTTimeIsLeapYear
+    - RTTimeMilliTS
+    - RTTimeNanoTS
+    - RTTimeNormalize
+    - RTTimeNow
+    - RTTimeSpecFromString
+    - RTTimeSpecToString
+    - RTTimeSystemMilliTS
+    - RTTimeSystemNanoTS
+    - RTTimeToString
+    - RTTimerCanDoHighResolution
+    - RTTimerChangeInterval
+    - RTTimerCreate
+    - RTTimerCreateEx
+    - RTTimerDestroy
+    - RTTimerGetSystemGranularity
+    - RTTimerReleaseSystemGranularity
+    - RTTimerRequestSystemGranularity
+    - RTTimerStart
+    - RTTimerStop
+    - RTUuidClear
+    - RTUuidCompare
+    - RTUuidCompare2Strs
+    - RTUuidCompareStr
+    - RTUuidFromStr
+    - RTUuidFromUtf16
+    - RTUuidIsNull
+    - RTUuidToStr
+    - RTUuidToUtf16
+    - SUPGetCpuHzFromGipForAsyncMode
+    - SUPGetGIP
+    - SUPGetTscDeltaSlow
+    - SUPIsTscFreqCompatible
+    - SUPIsTscFreqCompatibleEx
+    - SUPR0BadContext
+    - SUPR0ChangeCR4
+    - SUPR0ComponentDeregisterFactory
+    - SUPR0ComponentQueryFactory
+    - SUPR0ComponentRegisterFactory
+    - SUPR0ContAlloc
+    - SUPR0ContFree
+    - SUPR0EnableVTx
+    - SUPR0GetCurrentGdtRw
+    - SUPR0GetKernelFeatures
+    - SUPR0GetPagingMode
+    - SUPR0GetSessionGVM
+    - SUPR0GetSessionVM
+    - SUPR0GetSvmUsability
+    - SUPR0GetVmxUsability
+    - SUPR0GipMap
+    - SUPR0GipUnmap
+    - SUPR0LockMem
+    - SUPR0LowAlloc
+    - SUPR0LowFree
+    - SUPR0MemAlloc
+    - SUPR0MemFree
+    - SUPR0MemGetPhys
+    - SUPR0ObjAddRef
+    - SUPR0ObjAddRefEx
+    - SUPR0ObjRegister
+    - SUPR0ObjRelease
+    - SUPR0ObjVerifyAccess
+    - SUPR0PageAllocEx
+    - SUPR0PageFree
+    - SUPR0PageMapKernel
+    - SUPR0PageProtect
+    - SUPR0Printf
+    - SUPR0QueryUcodeRev
+    - SUPR0QueryVTCaps
+    - SUPR0ResumeVTxOnCpu
+    - SUPR0SetSessionVM
+    - SUPR0SuspendVTxOnCpu
+    - SUPR0TracerDeregisterDrv
+    - SUPR0TracerDeregisterImpl
+    - SUPR0TracerFireProbe
+    - SUPR0TracerRegisterDrv
+    - SUPR0TracerRegisterImpl
+    - SUPR0TracerRegisterModule
+    - SUPR0TracerUmodProbeFire
+    - SUPR0TscDeltaMeasureBySetIndex
+    - SUPR0UnlockMem
+    - SUPReadTscWithDelta
+    - SUPSemEventClose
+    - SUPSemEventCreate
+    - SUPSemEventGetResolution
+    - SUPSemEventMultiClose
+    - SUPSemEventMultiCreate
+    - SUPSemEventMultiGetResolution
+    - SUPSemEventMultiReset
+    - SUPSemEventMultiSignal
+    - SUPSemEventMultiWait
+    - SUPSemEventMultiWaitNoResume
+    - SUPSemEventMultiWaitNsAbsIntr
+    - SUPSemEventMultiWaitNsRelIntr
+    - SUPSemEventSignal
+    - SUPSemEventWait
+    - SUPSemEventWaitNoResume
+    - SUPSemEventWaitNsAbsIntr
+    - SUPSemEventWaitNsRelIntr
+    - g_pSUPGlobalInfoPage
+    - g_pszRTAssertExpr
+    - g_pszRTAssertFile
+    - g_pszRTAssertFunction
+    - g_szRTAssertMsg1
+    - g_szRTAssertMsg2
+    - g_u32RTAssertLine
+    ImportedFunctions:
+    - strchr
+    - IoDeleteDevice
+    - IoCreateDevice
+    - RtlInitUnicodeString
+    - ObfDereferenceObject
+    - ExUnregisterCallback
+    - IofCompleteRequest
+    - __C_specific_handler
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - IoIs32bitProcess
+    - ZwSetSystemInformation
+    - ExRegisterCallback
+    - ExCreateCallback
+    - MmGetSystemRoutineAddress
+    - RtlQueryRegistryValues
+    - DbgPrint
+    - KeSetTimerEx
+    - KeInsertQueueDpc
+    - KeRemoveQueueDpc
+    - KeCancelTimer
+    - KeSetImportanceDpc
+    - KeInitializeDpc
+    - KeInitializeTimerEx
+    - KeQueryTimeIncrement
+    - KeDelayExecutionThread
+    - ZwYieldExecution
+    - KeSetPriorityThread
+    - KeWaitForSingleObject
+    - ZwClose
+    - ObReferenceObjectByHandle
+    - PsCreateSystemThread
+    - KeAcquireSpinLockRaiseToDpc
+    - KeReleaseSpinLock
+    - KeInitializeMutex
+    - KeReleaseMutex
+    - KeReadStateMutex
+    - KeInitializeEvent
+    - ExAcquireFastMutex
+    - ExReleaseFastMutex
+    - KeSetEvent
+    - KeResetEvent
+    - PsGetCurrentProcessId
+    - IoGetCurrentProcess
+    - ProbeForRead
+    - ProbeForWrite
+    - MmHighestUserAddress
+    - MmSystemRangeStart
+    - KeSetTargetProcessorDpc
+    - KeNumberProcessors
+    - PsGetVersion
+    - MmIsAddressValid
+    - MmUnmapIoSpace
+    - MmUnlockPages
+    - MmFreeContiguousMemory
+    - IoFreeMdl
+    - MmFreePagesFromMdl
+    - MmUnsecureVirtualMemory
+    - MmUnmapLockedPages
+    - MmProtectMdlSystemAddress
+    - MmBuildMdlForNonPagedPool
+    - IoAllocateMdl
+    - MmAllocateContiguousMemorySpecifyCache
+    - MmAllocatePagesForMdl
+    - MmSecureVirtualMemory
+    - MmProbeAndLockPages
+    - MmMapIoSpace
+    - MmMapLockedPagesSpecifyCache
+    - MmGetPhysicalAddress
+    - MmAllocateContiguousMemory
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: CN=Vektor T13 Security Service
+            ValidFrom: '2018-04-19 00:15:30'
+            ValidTo: '2039-12-31 23:59:59'
+            Signature: 6a53b7553edfd579a2a4dd005b893883cc26c3e314683b8b92b95b8b60e33d6c9841d1761bd52c2e5a69f9bec38e457bf5a06f43fdb4d4f601a2ae0b0c7e16e180b8447308fca66dcbdf34c0a4319e96af6f96f4b9037bfd7f1360efe2fd24efe837d59c64e895cee83d63952d217672932decd29af822e80d0d25a580d53e0c
+            SignatureAlgorithmOID: 1.3.14.3.2.29
+            IsCertificateAuthority: true
+            SerialNumber: c3b2c606d320e0bf4f71f1e73668a938
+            Version: 3
+            TBS:
+                MD5: bdf06d2ae5584184829321a1af947932
+                SHA1: ffbcdef9b656d73245e310774c99d2d48645eb01
+                SHA256: 4ab0c3d0bd9761a17acd26fcc700469539d69032c9e4946ed50447486c1d8148
+                SHA384: d2f7f4fe7b034b7d714b31cf6f49fb915cd61914e41433a8e768bfd7a05f2f9dae331b8ea9f85f6cabbdc6b168f4f59f
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: c3b2c606d320e0bf4f71f1e73668a938
+            Issuer: CN=Vektor T13 Security Service
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 2699d722188f4664155df5d5ec416047
+        SHA1: 1d9a8b11fbf151fc371dcb9a1a3b333f0dadb1e0
+        SHA256: 6292be78ca89765e09fcf9a02d007dd8adafbf18a032d9d71e35686f922cd1f6
+    Sections:
+        .text:
+            Entropy: 6.420460567884749
+            Virtual Size: '0x2bc30'
+        .rdata:
+            Entropy: 5.939129698977538
+            Virtual Size: '0xf690'
+        .data:
+            Entropy: 4.2622979727406065
+            Virtual Size: '0x12a40'
+        .pdata:
+            Entropy: 5.55793348559494
+            Virtual Size: '0x32c4'
+        .edata:
+            Entropy: 5.804608403248267
+            Virtual Size: '0x34f8'
+        INIT:
+            Entropy: 5.082239885482413
+            Virtual Size: '0x856'
+        .rsrc:
+            Entropy: 3.442966233517804
+            Virtual Size: '0x420'
+        .reloc:
+            Entropy: 4.07818833178508
+            Virtual Size: '0xfb8'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2018-06-22 05:17:13'
+    Imphash: 9470f56376e665fb981a35b303436041
+    LoadsDespiteHVCI: 'TRUE'
+-   Filename: VBoxDrv.sys
+    MD5: 02a1d77ef13bd41cad04abcce896d0b9
+    SHA1: 59c0fa0d61576d9eb839c9c7e15d57047ee7fe29
+    SHA256: 3724b39e97936bb20ada51c6119aded04530ed86f6b8d6b45fbfb2f3b9a4114b
+    Authentihash:
+        MD5: 49f3b147b53aa5ebce9ddce9a20fe9ff
+        SHA1: 46064d1e248e2c9d24950d6a5dcf68a2c12aeb9d
+        SHA256: 7e5abe4530eff3838d44516f95c15d8b3ec6cec44ca7b67998e50641c939d12a
+    Description: VirtualBox Support Driver
+    Company: Vektor T13 Security Service
+    InternalName: VBoxDrv
+    OriginalFilename: VBoxDrv.sys
+    FileVersion: 1.4.2.119230
+    Product: Antidetect 2019 Public
+    ProductVersion: 1.4.2.119230
+    Copyright: Copyright (C) 2009-2019 Oracle Corporation
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions:
+    - ASMAtomicBitClear
+    - ASMAtomicXchgU16
+    - ASMAtomicXchgU8
+    - ASMGetCS
+    - ASMGetDS
+    - ASMGetES
+    - ASMGetFS
+    - ASMGetGS
+    - ASMGetIDTR
+    - ASMGetSS
+    - ASMMultU64ByU32DivByU32
+    - ASMNopPause
+    - RTAssertAreQuiet
+    - RTAssertMayPanic
+    - RTAssertMsg1
+    - RTAssertMsg1Weak
+    - RTAssertMsg2AddV
+    - RTAssertMsg2V
+    - RTAssertMsg2Weak
+    - RTAssertMsg2WeakV
+    - RTAssertSetMayPanic
+    - RTAssertSetQuiet
+    - RTAssertShouldPanic
+    - RTAvlPVDestroy
+    - RTAvlPVDoWithAll
+    - RTAvlPVGet
+    - RTAvlPVGetBestFit
+    - RTAvlPVInsert
+    - RTAvlPVRemove
+    - RTAvlPVRemoveBestFit
+    - RTCrc32
+    - RTCrc32Finish
+    - RTCrc32Process
+    - RTCrc32Start
+    - RTErrConvertFromErrno
+    - RTErrConvertFromNtStatus
+    - RTErrConvertToErrno
+    - RTErrInfoAdd
+    - RTErrInfoAddF
+    - RTErrInfoAddV
+    - RTErrInfoSet
+    - RTErrInfoSetF
+    - RTErrInfoSetV
+    - RTErrVarsAreEqual
+    - RTErrVarsHaveChanged
+    - RTErrVarsRestore
+    - RTErrVarsSave
+    - RTHandleTableAllocWithCtx
+    - RTHandleTableCreate
+    - RTHandleTableCreateEx
+    - RTHandleTableDestroy
+    - RTHandleTableFreeWithCtx
+    - RTHandleTableLookupWithCtx
+    - RTLatin1CalcUtf8Len
+    - RTLatin1CalcUtf8LenEx
+    - RTLatin1ToUtf8ExTag
+    - RTLatin1ToUtf8Tag
+    - RTLogClearFileDelayFlag
+    - RTLogCloneRC
+    - RTLogComPrintf
+    - RTLogComPrintfV
+    - RTLogCreate
+    - RTLogCreateEx
+    - RTLogCreateExV
+    - RTLogDefaultInit
+    - RTLogDefaultInstance
+    - RTLogDefaultInstanceEx
+    - RTLogDestinations
+    - RTLogDestroy
+    - RTLogDumpPrintfV
+    - RTLogFlags
+    - RTLogFlush
+    - RTLogFlushRC
+    - RTLogFlushToLogger
+    - RTLogFormatV
+    - RTLogGetDefaultInstance
+    - RTLogGetDefaultInstanceEx
+    - RTLogGetDestinations
+    - RTLogGetFlags
+    - RTLogGetGroupSettings
+    - RTLogGroupSettings
+    - RTLogLogger
+    - RTLogLoggerEx
+    - RTLogLoggerExV
+    - RTLogLoggerV
+    - RTLogPrintf
+    - RTLogPrintfV
+    - RTLogRelGetDefaultInstance
+    - RTLogRelGetDefaultInstanceEx
+    - RTLogRelLoggerV
+    - RTLogRelPrintfV
+    - RTLogRelSetBuffering
+    - RTLogRelSetDefaultInstance
+    - RTLogSetBuffering
+    - RTLogSetCustomPrefixCallback
+    - RTLogSetDefaultInstance
+    - RTLogSetDefaultInstanceThread
+    - RTLogWriteCom
+    - RTLogWriteDebugger
+    - RTLogWriteStdErr
+    - RTLogWriteStdOut
+    - RTLogWriteUser
+    - RTMemAllocExTag
+    - RTMemAllocTag
+    - RTMemAllocVarTag
+    - RTMemAllocZTag
+    - RTMemAllocZVarTag
+    - RTMemContAlloc
+    - RTMemContFree
+    - RTMemDupExTag
+    - RTMemDupTag
+    - RTMemExecAllocTag
+    - RTMemExecFree
+    - RTMemFree
+    - RTMemFreeEx
+    - RTMemReallocTag
+    - RTMemTmpAllocTag
+    - RTMemTmpAllocZTag
+    - RTMemTmpFree
+    - RTMpCpuId
+    - RTMpCpuIdFromSetIndex
+    - RTMpCpuIdToSetIndex
+    - RTMpCurSetIndex
+    - RTMpCurSetIndexAndId
+    - RTMpGetArraySize
+    - RTMpGetCount
+    - RTMpGetCpuGroupCounts
+    - RTMpGetMaxCpuGroupCount
+    - RTMpGetMaxCpuId
+    - RTMpGetOnlineCoreCount
+    - RTMpGetOnlineCount
+    - RTMpGetOnlineSet
+    - RTMpGetPresentCoreCount
+    - RTMpGetPresentCount
+    - RTMpGetPresentSet
+    - RTMpGetSet
+    - RTMpIsCpuOnline
+    - RTMpIsCpuPossible
+    - RTMpIsCpuPresent
+    - RTMpIsCpuWorkPending
+    - RTMpNotificationDeregister
+    - RTMpNotificationRegister
+    - RTMpOnAll
+    - RTMpOnAllIsConcurrentSafe
+    - RTMpOnOthers
+    - RTMpOnPair
+    - RTMpOnPairIsConcurrentExecSupported
+    - RTMpOnSpecific
+    - RTMpPokeCpu
+    - RTMpSetIndexFromCpuGroupMember
+    - RTNetIPv4AddDataChecksum
+    - RTNetIPv4AddTCPChecksum
+    - RTNetIPv4AddUDPChecksum
+    - RTNetIPv4FinalizeChecksum
+    - RTNetIPv4HdrChecksum
+    - RTNetIPv4IsDHCPValid
+    - RTNetIPv4IsHdrValid
+    - RTNetIPv4IsTCPSizeValid
+    - RTNetIPv4IsTCPValid
+    - RTNetIPv4IsUDPSizeValid
+    - RTNetIPv4IsUDPValid
+    - RTNetIPv4PseudoChecksum
+    - RTNetIPv4PseudoChecksumBits
+    - RTNetIPv4TCPChecksum
+    - RTNetIPv4UDPChecksum
+    - RTNetIPv6PseudoChecksum
+    - RTNetIPv6PseudoChecksumBits
+    - RTNetIPv6PseudoChecksumEx
+    - RTNetTCPChecksum
+    - RTNetUDPChecksum
+    - RTOnceReset
+    - RTOnceSlow
+    - RTPowerNotificationDeregister
+    - RTPowerNotificationRegister
+    - RTPowerSignalEvent
+    - RTProcSelf
+    - RTR0AssertPanicSystem
+    - RTR0Init
+    - RTR0MemAreKrnlAndUsrDifferent
+    - RTR0MemKernelCopyFrom
+    - RTR0MemKernelCopyTo
+    - RTR0MemKernelIsValidAddr
+    - RTR0MemObjAddress
+    - RTR0MemObjAddressR3
+    - RTR0MemObjAllocContTag
+    - RTR0MemObjAllocLowTag
+    - RTR0MemObjAllocPageTag
+    - RTR0MemObjAllocPhysExTag
+    - RTR0MemObjAllocPhysNCTag
+    - RTR0MemObjAllocPhysTag
+    - RTR0MemObjEnterPhysTag
+    - RTR0MemObjFree
+    - RTR0MemObjGetPagePhysAddr
+    - RTR0MemObjIsMapping
+    - RTR0MemObjLockKernelTag
+    - RTR0MemObjLockUserTag
+    - RTR0MemObjMapKernelExTag
+    - RTR0MemObjMapKernelTag
+    - RTR0MemObjMapUserTag
+    - RTR0MemObjProtect
+    - RTR0MemObjReserveKernelTag
+    - RTR0MemObjReserveUserTag
+    - RTR0MemObjSize
+    - RTR0MemUserCopyFrom
+    - RTR0MemUserCopyTo
+    - RTR0MemUserIsValidAddr
+    - RTR0ProcHandleSelf
+    - RTR0Term
+    - RTR0TermForced
+    - RTSemEventCreate
+    - RTSemEventCreateEx
+    - RTSemEventDestroy
+    - RTSemEventGetResolution
+    - RTSemEventMultiCreate
+    - RTSemEventMultiCreateEx
+    - RTSemEventMultiDestroy
+    - RTSemEventMultiGetResolution
+    - RTSemEventMultiReset
+    - RTSemEventMultiSignal
+    - RTSemEventMultiWait
+    - RTSemEventMultiWaitEx
+    - RTSemEventMultiWaitExDebug
+    - RTSemEventMultiWaitNoResume
+    - RTSemEventSignal
+    - RTSemEventWait
+    - RTSemEventWaitEx
+    - RTSemEventWaitExDebug
+    - RTSemEventWaitNoResume
+    - RTSemFastMutexCreate
+    - RTSemFastMutexDestroy
+    - RTSemFastMutexRelease
+    - RTSemFastMutexRequest
+    - RTSemMutexCreate
+    - RTSemMutexCreateEx
+    - RTSemMutexDestroy
+    - RTSemMutexIsOwned
+    - RTSemMutexRelease
+    - RTSemMutexRequest
+    - RTSemMutexRequestDebug
+    - RTSemMutexRequestNoResume
+    - RTSemMutexRequestNoResumeDebug
+    - RTSemSpinMutexCreate
+    - RTSemSpinMutexDestroy
+    - RTSemSpinMutexRelease
+    - RTSemSpinMutexRequest
+    - RTSemSpinMutexTryRequest
+    - RTSpinlockAcquire
+    - RTSpinlockCreate
+    - RTSpinlockDestroy
+    - RTSpinlockRelease
+    - RTStrAAppendNTag
+    - RTStrAAppendTag
+    - RTStrATruncateTag
+    - RTStrAllocExTag
+    - RTStrAllocTag
+    - RTStrCalcLatin1Len
+    - RTStrCalcLatin1LenEx
+    - RTStrCalcUtf16Len
+    - RTStrCalcUtf16LenEx
+    - RTStrCat
+    - RTStrConvertHexBytes
+    - RTStrCopy
+    - RTStrCopyEx
+    - RTStrCopyP
+    - RTStrDupExTag
+    - RTStrDupNTag
+    - RTStrDupTag
+    - RTStrFormat
+    - RTStrFormatNumber
+    - RTStrFormatTypeDeregister
+    - RTStrFormatTypeRegister
+    - RTStrFormatTypeSetUser
+    - RTStrFormatV
+    - RTStrFree
+    - RTStrGetCpExInternal
+    - RTStrGetCpInternal
+    - RTStrGetCpNExInternal
+    - RTStrIsValidEncoding
+    - RTStrNCmp
+    - RTStrPrevCp
+    - RTStrPrintf
+    - RTStrPrintfEx
+    - RTStrPrintfExV
+    - RTStrPrintfV
+    - RTStrPurgeComplementSet
+    - RTStrPurgeEncoding
+    - RTStrPutCpInternal
+    - RTStrReallocTag
+    - RTStrToInt16
+    - RTStrToInt16Ex
+    - RTStrToInt16Full
+    - RTStrToInt32
+    - RTStrToInt32Ex
+    - RTStrToInt32Full
+    - RTStrToInt64
+    - RTStrToInt64Ex
+    - RTStrToInt64Full
+    - RTStrToInt8
+    - RTStrToInt8Ex
+    - RTStrToInt8Full
+    - RTStrToLatin1ExTag
+    - RTStrToLatin1Tag
+    - RTStrToUInt16
+    - RTStrToUInt16Ex
+    - RTStrToUInt16Full
+    - RTStrToUInt32
+    - RTStrToUInt32Ex
+    - RTStrToUInt32Full
+    - RTStrToUInt64
+    - RTStrToUInt64Ex
+    - RTStrToUInt64Full
+    - RTStrToUInt8
+    - RTStrToUInt8Ex
+    - RTStrToUInt8Full
+    - RTStrToUni
+    - RTStrToUniEx
+    - RTStrToUtf16BigExTag
+    - RTStrToUtf16BigTag
+    - RTStrToUtf16ExTag
+    - RTStrToUtf16Tag
+    - RTStrUniLen
+    - RTStrUniLenEx
+    - RTStrValidateEncoding
+    - RTStrValidateEncodingEx
+    - RTTermDeregisterCallback
+    - RTTermRegisterCallback
+    - RTTermRunCallbacks
+    - RTThreadCreate
+    - RTThreadCreateF
+    - RTThreadCreateV
+    - RTThreadCtxHookCreate
+    - RTThreadCtxHookDestroy
+    - RTThreadCtxHookDisable
+    - RTThreadCtxHookEnable
+    - RTThreadCtxHookIsEnabled
+    - RTThreadFromNative
+    - RTThreadGetName
+    - RTThreadGetNative
+    - RTThreadGetType
+    - RTThreadIsInInterrupt
+    - RTThreadIsInitialized
+    - RTThreadIsMain
+    - RTThreadIsSelfAlive
+    - RTThreadIsSelfKnown
+    - RTThreadNativeSelf
+    - RTThreadPreemptDisable
+    - RTThreadPreemptIsEnabled
+    - RTThreadPreemptIsPending
+    - RTThreadPreemptIsPendingTrusty
+    - RTThreadPreemptIsPossible
+    - RTThreadPreemptRestore
+    - RTThreadSelf
+    - RTThreadSelfName
+    - RTThreadSetName
+    - RTThreadSetType
+    - RTThreadSleep
+    - RTThreadUserReset
+    - RTThreadUserSignal
+    - RTThreadUserWait
+    - RTThreadUserWaitNoResume
+    - RTThreadWait
+    - RTThreadWaitNoResume
+    - RTThreadYield
+    - RTTimeExplode
+    - RTTimeFromString
+    - RTTimeImplode
+    - RTTimeIsLeapYear
+    - RTTimeMilliTS
+    - RTTimeNanoTS
+    - RTTimeNormalize
+    - RTTimeNow
+    - RTTimeSpecFromString
+    - RTTimeSpecToString
+    - RTTimeSystemMilliTS
+    - RTTimeSystemNanoTS
+    - RTTimeToString
+    - RTTimerCanDoHighResolution
+    - RTTimerChangeInterval
+    - RTTimerCreate
+    - RTTimerCreateEx
+    - RTTimerDestroy
+    - RTTimerGetSystemGranularity
+    - RTTimerReleaseSystemGranularity
+    - RTTimerRequestSystemGranularity
+    - RTTimerStart
+    - RTTimerStop
+    - RTUuidClear
+    - RTUuidCompare
+    - RTUuidCompare2Strs
+    - RTUuidCompareStr
+    - RTUuidFromStr
+    - RTUuidFromUtf16
+    - RTUuidIsNull
+    - RTUuidToStr
+    - RTUuidToUtf16
+    - SUPGetCpuHzFromGipForAsyncMode
+    - SUPGetGIP
+    - SUPGetTscDeltaSlow
+    - SUPIsTscFreqCompatible
+    - SUPIsTscFreqCompatibleEx
+    - SUPR0BadContext
+    - SUPR0ChangeCR4
+    - SUPR0ComponentDeregisterFactory
+    - SUPR0ComponentQueryFactory
+    - SUPR0ComponentRegisterFactory
+    - SUPR0ContAlloc
+    - SUPR0ContFree
+    - SUPR0EnableVTx
+    - SUPR0GetCurrentGdtRw
+    - SUPR0GetKernelFeatures
+    - SUPR0GetPagingMode
+    - SUPR0GetSessionGVM
+    - SUPR0GetSessionVM
+    - SUPR0GetSvmUsability
+    - SUPR0GetVmxUsability
+    - SUPR0GipMap
+    - SUPR0GipUnmap
+    - SUPR0LockMem
+    - SUPR0LowAlloc
+    - SUPR0LowFree
+    - SUPR0MemAlloc
+    - SUPR0MemFree
+    - SUPR0MemGetPhys
+    - SUPR0ObjAddRef
+    - SUPR0ObjAddRefEx
+    - SUPR0ObjRegister
+    - SUPR0ObjRelease
+    - SUPR0ObjVerifyAccess
+    - SUPR0PageAllocEx
+    - SUPR0PageFree
+    - SUPR0PageMapKernel
+    - SUPR0PageProtect
+    - SUPR0Printf
+    - SUPR0QueryUcodeRev
+    - SUPR0QueryVTCaps
+    - SUPR0ResumeVTxOnCpu
+    - SUPR0SetSessionVM
+    - SUPR0SuspendVTxOnCpu
+    - SUPR0TracerDeregisterDrv
+    - SUPR0TracerDeregisterImpl
+    - SUPR0TracerFireProbe
+    - SUPR0TracerRegisterDrv
+    - SUPR0TracerRegisterImpl
+    - SUPR0TracerRegisterModule
+    - SUPR0TracerUmodProbeFire
+    - SUPR0TscDeltaMeasureBySetIndex
+    - SUPR0UnlockMem
+    - SUPReadTscWithDelta
+    - SUPSemEventClose
+    - SUPSemEventCreate
+    - SUPSemEventGetResolution
+    - SUPSemEventMultiClose
+    - SUPSemEventMultiCreate
+    - SUPSemEventMultiGetResolution
+    - SUPSemEventMultiReset
+    - SUPSemEventMultiSignal
+    - SUPSemEventMultiWait
+    - SUPSemEventMultiWaitNoResume
+    - SUPSemEventMultiWaitNsAbsIntr
+    - SUPSemEventMultiWaitNsRelIntr
+    - SUPSemEventSignal
+    - SUPSemEventWait
+    - SUPSemEventWaitNoResume
+    - SUPSemEventWaitNsAbsIntr
+    - SUPSemEventWaitNsRelIntr
+    - g_pSUPGlobalInfoPage
+    - g_pszRTAssertExpr
+    - g_pszRTAssertFile
+    - g_pszRTAssertFunction
+    - g_szRTAssertMsg1
+    - g_szRTAssertMsg2
+    - g_u32RTAssertLine
+    ImportedFunctions:
+    - strchr
+    - IoDeleteDevice
+    - IoCreateDevice
+    - RtlInitUnicodeString
+    - ObfDereferenceObject
+    - ExUnregisterCallback
+    - IofCompleteRequest
+    - __C_specific_handler
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - IoIs32bitProcess
+    - ZwSetSystemInformation
+    - ExRegisterCallback
+    - ExCreateCallback
+    - MmGetSystemRoutineAddress
+    - RtlQueryRegistryValues
+    - DbgPrint
+    - KeSetTimerEx
+    - KeInsertQueueDpc
+    - KeRemoveQueueDpc
+    - KeCancelTimer
+    - KeSetImportanceDpc
+    - KeInitializeDpc
+    - KeInitializeTimerEx
+    - KeQueryTimeIncrement
+    - KeDelayExecutionThread
+    - ZwYieldExecution
+    - KeSetPriorityThread
+    - KeWaitForSingleObject
+    - ZwClose
+    - ObReferenceObjectByHandle
+    - PsCreateSystemThread
+    - KeAcquireSpinLockRaiseToDpc
+    - KeReleaseSpinLock
+    - KeInitializeMutex
+    - KeReleaseMutex
+    - KeReadStateMutex
+    - KeInitializeEvent
+    - ExAcquireFastMutex
+    - ExReleaseFastMutex
+    - KeSetEvent
+    - KeResetEvent
+    - PsGetCurrentProcessId
+    - IoGetCurrentProcess
+    - ProbeForRead
+    - ProbeForWrite
+    - MmHighestUserAddress
+    - MmSystemRangeStart
+    - KeSetTargetProcessorDpc
+    - KeNumberProcessors
+    - PsGetVersion
+    - MmIsAddressValid
+    - MmUnmapIoSpace
+    - MmUnlockPages
+    - MmFreeContiguousMemory
+    - IoFreeMdl
+    - MmFreePagesFromMdl
+    - MmUnsecureVirtualMemory
+    - MmUnmapLockedPages
+    - MmProtectMdlSystemAddress
+    - MmBuildMdlForNonPagedPool
+    - IoAllocateMdl
+    - MmAllocateContiguousMemorySpecifyCache
+    - MmAllocatePagesForMdl
+    - MmSecureVirtualMemory
+    - MmProbeAndLockPages
+    - MmMapIoSpace
+    - MmMapLockedPagesSpecifyCache
+    - MmGetPhysicalAddress
+    - MmAllocateContiguousMemory
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: CN=Vektor T13 Technology
+            ValidFrom: '2018-08-10 07:42:52'
+            ValidTo: '2039-12-31 23:59:59'
+            Signature: 4819acb135277102eb22d1ebf53707b6651b1dac668cbe264acefb52a0567dee778627ae98f2f8a69142e210ed9a585a826bea9339108f6cc8567a8a0d3b471dde8e932b4d7b466e657e0592faa7578e548c1d1f3b746190fac243e75735ad18bb9cf901d94d92ed4bfbe7729d439bdd300a6cb5fb75d17364033f92a8d15398
+            SignatureAlgorithmOID: 1.3.14.3.2.29
+            IsCertificateAuthority: true
+            SerialNumber: 4d87df1b3d1e239b405dc85d0a0bad22
+            Version: 3
+            TBS:
+                MD5: fbe18b58073fb49c37c5790f1e2065f0
+                SHA1: a0a8778312b53234bbf75e19e10664c52e0c524c
+                SHA256: 42da0182b3119325ebc53f870276cc8b9f6f4d7248d6223372fea7fc994d85a8
+                SHA384: 12140c817a8d0771e3ee4c8e1eecda708c7203c537b4a702175fb370098e2bc704fca98b9b65cf346d80845fd961ed03
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 4d87df1b3d1e239b405dc85d0a0bad22
+            Issuer: CN=Vektor T13 Technology
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 2699d722188f4664155df5d5ec416047
+        SHA1: 1d9a8b11fbf151fc371dcb9a1a3b333f0dadb1e0
+        SHA256: 6292be78ca89765e09fcf9a02d007dd8adafbf18a032d9d71e35686f922cd1f6
+    Sections:
+        .text:
+            Entropy: 6.419823737384689
+            Virtual Size: '0x2bc30'
+        .rdata:
+            Entropy: 5.946657911688005
+            Virtual Size: '0xf8c8'
+        .data:
+            Entropy: 4.260596456256825
+            Virtual Size: '0x12a40'
+        .pdata:
+            Entropy: 5.559894875195939
+            Virtual Size: '0x32c4'
+        .edata:
+            Entropy: 5.803857413810883
+            Virtual Size: '0x34f8'
+        INIT:
+            Entropy: 5.082239885482413
+            Virtual Size: '0x856'
+        .rsrc:
+            Entropy: 3.4258421343253227
+            Virtual Size: '0x400'
+        .reloc:
+            Entropy: 4.078099091032765
+            Virtual Size: '0xfb8'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2019-02-15 22:57:54'
+    Imphash: 9470f56376e665fb981a35b303436041
+    LoadsDespiteHVCI: 'TRUE'
+-   Filename: VBoxDrv.sys
+    MD5: 962a33a191dbe56915fd196e3a868cf0
+    SHA1: 449ff4f5ce2fdddac05a6c82e45a7e802b1c1305
+    SHA256: 7539157df91923d4575f7f57c8eb8b0fd87f064c919c1db85e73eebb2910b60c
+    Authentihash:
+        MD5: 5491106d0dc46b737e07072122359638
+        SHA1: 2fa597885c165e354736143e9645570e3637b57b
+        SHA256: c62bf9d0cc1edfffc15f3f002cd7f51efe3372320ec89d9dc96011000915c186
+    Description: VirtualBox Support Driver
+    Company: Sun Microsystems, Inc.
+    InternalName: VBoxDrv.sys
+    OriginalFilename: VBoxDrv.sys
+    FileVersion: 3.0.0.r49315
+    Product: Sun VirtualBox
+    ProductVersion: 3.0.0.r49315
+    Copyright: Copyright (C) 2009 Sun Microsystems, Inc.
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions:
+    - ?RTThreadAdopt@@YAHW4RTTHREADTYPE@@IPEBDPEAPEAURTTHREADINT@@@Z
+    - AssertMsg1
+    - AssertMsg2
+    - RTAssertShouldPanic
+    - RTAvlPVDestroy
+    - RTAvlPVDoWithAll
+    - RTAvlPVGet
+    - RTAvlPVGetBestFit
+    - RTAvlPVInsert
+    - RTAvlPVRemove
+    - RTAvlPVRemoveBestFit
+    - RTErrConvertFromNtStatus
+    - RTHandleTableAllocWithCtx
+    - RTHandleTableCreate
+    - RTHandleTableCreateEx
+    - RTHandleTableDestroy
+    - RTHandleTableFreeWithCtx
+    - RTHandleTableLookupWithCtx
+    - RTLogCloneRC
+    - RTLogComPrintf
+    - RTLogComPrintfV
+    - RTLogCopyGroupsAndFlags
+    - RTLogCreate
+    - RTLogCreateEx
+    - RTLogCreateExV
+    - RTLogDefaultInit
+    - RTLogDefaultInstance
+    - RTLogDestroy
+    - RTLogFlags
+    - RTLogFlush
+    - RTLogFlushRC
+    - RTLogFlushToLogger
+    - RTLogFormatV
+    - RTLogGetDefaultInstance
+    - RTLogGroupSettings
+    - RTLogLogger
+    - RTLogLoggerEx
+    - RTLogLoggerExV
+    - RTLogLoggerV
+    - RTLogPrintf
+    - RTLogPrintfV
+    - RTLogRelDefaultInstance
+    - RTLogRelLoggerV
+    - RTLogRelPrintfV
+    - RTLogRelSetDefaultInstance
+    - RTLogSetCustomPrefixCallback
+    - RTLogSetDefaultInstance
+    - RTLogSetDefaultInstanceThread
+    - RTLogWriteCom
+    - RTLogWriteDebugger
+    - RTLogWriteStdErr
+    - RTLogWriteStdOut
+    - RTLogWriteUser
+    - RTMemAlloc
+    - RTMemAllocZ
+    - RTMemContAlloc
+    - RTMemContFree
+    - RTMemDup
+    - RTMemDupEx
+    - RTMemExecAlloc
+    - RTMemExecFree
+    - RTMemFree
+    - RTMemRealloc
+    - RTMemTmpAlloc
+    - RTMemTmpAllocZ
+    - RTMemTmpFree
+    - RTMpCpuId
+    - RTMpCpuIdFromSetIndex
+    - RTMpCpuIdToSetIndex
+    - RTMpGetCount
+    - RTMpGetMaxCpuId
+    - RTMpGetOnlineCount
+    - RTMpGetOnlineSet
+    - RTMpGetSet
+    - RTMpIsCpuOnline
+    - RTMpIsCpuPossible
+    - RTMpIsCpuWorkPending
+    - RTMpNotificationDeregister
+    - RTMpNotificationRegister
+    - RTMpOnAll
+    - RTMpOnOthers
+    - RTMpOnSpecific
+    - RTMpPokeCpu
+    - RTPowerNotificationDeregister
+    - RTPowerNotificationRegister
+    - RTPowerSignalEvent
+    - RTProcSelf
+    - RTR0Init
+    - RTR0MemObjAddress
+    - RTR0MemObjAddressR3
+    - RTR0MemObjAllocCont
+    - RTR0MemObjAllocLow
+    - RTR0MemObjAllocPage
+    - RTR0MemObjAllocPhys
+    - RTR0MemObjAllocPhysNC
+    - RTR0MemObjEnterPhys
+    - RTR0MemObjFree
+    - RTR0MemObjGetPagePhysAddr
+    - RTR0MemObjIsMapping
+    - RTR0MemObjLockKernel
+    - RTR0MemObjLockUser
+    - RTR0MemObjMapKernel
+    - RTR0MemObjMapKernelEx
+    - RTR0MemObjMapUser
+    - RTR0MemObjProtect
+    - RTR0MemObjReserveKernel
+    - RTR0MemObjReserveUser
+    - RTR0MemObjSize
+    - RTR0ProcHandleSelf
+    - RTR0Term
+    - RTSemEventCreate
+    - RTSemEventDestroy
+    - RTSemEventMultiCreate
+    - RTSemEventMultiDestroy
+    - RTSemEventMultiReset
+    - RTSemEventMultiSignal
+    - RTSemEventMultiWait
+    - RTSemEventMultiWaitNoResume
+    - RTSemEventSignal
+    - RTSemEventWait
+    - RTSemEventWaitNoResume
+    - RTSemFastMutexCreate
+    - RTSemFastMutexDestroy
+    - RTSemFastMutexRelease
+    - RTSemFastMutexRequest
+    - RTSpinlockAcquire
+    - RTSpinlockAcquireNoInts
+    - RTSpinlockCreate
+    - RTSpinlockDestroy
+    - RTSpinlockRelease
+    - RTSpinlockReleaseNoInts
+    - RTStrFormat
+    - RTStrFormatNumber
+    - RTStrFormatTypeDeregister
+    - RTStrFormatTypeRegister
+    - RTStrFormatTypeSetUser
+    - RTStrFormatV
+    - RTStrPrintf
+    - RTStrPrintfEx
+    - RTStrPrintfExV
+    - RTStrPrintfV
+    - RTStrToInt16
+    - RTStrToInt16Ex
+    - RTStrToInt16Full
+    - RTStrToInt32
+    - RTStrToInt32Ex
+    - RTStrToInt32Full
+    - RTStrToInt64
+    - RTStrToInt64Ex
+    - RTStrToInt64Full
+    - RTStrToInt8
+    - RTStrToInt8Ex
+    - RTStrToInt8Full
+    - RTStrToUInt16
+    - RTStrToUInt16Ex
+    - RTStrToUInt16Full
+    - RTStrToUInt32
+    - RTStrToUInt32Ex
+    - RTStrToUInt32Full
+    - RTStrToUInt64
+    - RTStrToUInt64Ex
+    - RTStrToUInt64Full
+    - RTStrToUInt8
+    - RTStrToUInt8Ex
+    - RTStrToUInt8Full
+    - RTThreadCreate
+    - RTThreadCreateF
+    - RTThreadCreateV
+    - RTThreadFromNative
+    - RTThreadGetName
+    - RTThreadGetNative
+    - RTThreadGetType
+    - RTThreadNativeSelf
+    - RTThreadPreemptDisable
+    - RTThreadPreemptIsEnabled
+    - RTThreadPreemptIsPending
+    - RTThreadPreemptIsPendingTrusty
+    - RTThreadPreemptRestore
+    - RTThreadSelf
+    - RTThreadSelfName
+    - RTThreadSetName
+    - RTThreadSetType
+    - RTThreadSleep
+    - RTThreadUserReset
+    - RTThreadUserSignal
+    - RTThreadUserWait
+    - RTThreadUserWaitNoResume
+    - RTThreadWait
+    - RTThreadWaitNoResume
+    - RTThreadYield
+    - RTTimeMilliTS
+    - RTTimeNanoTS
+    - RTTimeNow
+    - RTTimeSystemMilliTS
+    - RTTimeSystemNanoTS
+    - RTTimerCreateEx
+    - RTTimerDestroy
+    - RTTimerGetSystemGranularity
+    - RTTimerReleaseSystemGranularity
+    - RTTimerRequestSystemGranularity
+    - RTTimerStart
+    - RTTimerStop
+    - SUPR0ComponentDeregisterFactory
+    - SUPR0ComponentQueryFactory
+    - SUPR0ComponentRegisterFactory
+    - SUPR0ContAlloc
+    - SUPR0ContFree
+    - SUPR0EnableVTx
+    - SUPR0GetPagingMode
+    - SUPR0GipMap
+    - SUPR0GipUnmap
+    - SUPR0LockMem
+    - SUPR0LowAlloc
+    - SUPR0LowFree
+    - SUPR0MemAlloc
+    - SUPR0MemFree
+    - SUPR0MemGetPhys
+    - SUPR0ObjAddRef
+    - SUPR0ObjAddRefEx
+    - SUPR0ObjRegister
+    - SUPR0ObjRelease
+    - SUPR0ObjVerifyAccess
+    - SUPR0PageAllocEx
+    - SUPR0PageFree
+    - SUPR0PageMapKernel
+    - SUPR0PageProtect
+    - SUPR0UnlockMem
+    - SUPSemEventClose
+    - SUPSemEventCreate
+    - SUPSemEventMultiClose
+    - SUPSemEventMultiCreate
+    - SUPSemEventMultiReset
+    - SUPSemEventMultiSignal
+    - SUPSemEventMultiWait
+    - SUPSemEventMultiWaitNoResume
+    - SUPSemEventSignal
+    - SUPSemEventWait
+    - SUPSemEventWaitNoResume
+    - g_szRTAssertMsg1
+    - g_szRTAssertMsg2
+    ImportedFunctions:
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - ObfDereferenceObject
+    - ExUnregisterCallback
+    - IofCompleteRequest
+    - DbgPrint
+    - IoIs32bitProcess
+    - ExRegisterCallback
+    - ExCreateCallback
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - IoGetStackLimits
+    - memchr
+    - strncmp
+    - KeInitializeEvent
+    - ExAcquireFastMutex
+    - ExReleaseFastMutex
+    - KeSetEvent
+    - KeWaitForSingleObject
+    - KeResetEvent
+    - KeAcquireSpinLockRaiseToDpc
+    - KeReleaseSpinLock
+    - KeDelayExecutionThread
+    - ZwYieldExecution
+    - ExFreePoolWithTag
+    - KeInsertQueueDpc
+    - KeSetTargetProcessorDpc
+    - KeSetImportanceDpc
+    - KeInitializeDpc
+    - ExAllocatePoolWithTag
+    - KeQueryActiveProcessors
+    - strchr
+    - PsGetCurrentProcessId
+    - IoGetCurrentProcess
+    - KeSetTimerEx
+    - KeRemoveQueueDpc
+    - KeCancelTimer
+    - KeInitializeTimerEx
+    - KeQueryTimeIncrement
+    - __C_specific_handler
+    - PsGetVersion
+    - MmGetSystemRoutineAddress
+    - MmFreeContiguousMemory
+    - MmGetPhysicalAddress
+    - MmAllocateContiguousMemory
+    - MmUnmapIoSpace
+    - MmUnlockPages
+    - IoFreeMdl
+    - MmFreePagesFromMdl
+    - MmUnsecureVirtualMemory
+    - MmUnmapLockedPages
+    - MmProtectMdlSystemAddress
+    - MmBuildMdlForNonPagedPool
+    - IoAllocateMdl
+    - MmAllocatePagesForMdl
+    - MmSecureVirtualMemory
+    - MmProbeAndLockPages
+    - MmMapIoSpace
+    - MmMapLockedPagesSpecifyCache
+    - KeSetPriorityThread
+    - ZwClose
+    - ObReferenceObjectByHandle
+    - PsCreateSystemThread
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=US, ST=California, L=Menlo Park, O=Sun Microsystems, Inc.,
+                OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=Sun Microsystems,
+                Inc.
+            ValidFrom: '2008-06-11 00:00:00'
+            ValidTo: '2011-06-11 23:59:59'
+            Signature: 537c2adf2d3f7cf7cfc86476029fe81f7b8f12596a595cda0d5fbbfd227cce6bce2f8ad1af7fbb1a92a8b8de23a8797748094aae39bc845308e3ccd8fb9dc09b51bdf7b26c4eb8fb4052a8bdc714eaf36fca04d720e06798e36308c2fcaf50c48e61087a3ba0c4b0e77972a69af1ecc9d05e3f001e02ad94db98aa5e1453b541b0c257337fd78bb0372dc7841987424e0abce9cb1f0102a934bd037475b39cfe29dc27e77b3eb89fe805f8c6b1574d768dd2805d1a4b98143b7b6208abfebe7645a607084b1fd13ec7f088ac49cd5adc916090bcebe2e63786a7b80a009abd81349a9f34e135a7f4a2d569be474fe316b1b9f06ddf4d90a6650f7340181a27e1
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 693a64818c1e086b1b15aee63fa054a2
+            Version: 3
+            TBS:
+                MD5: 50b256a55cdc23561dd4aa76abed4fd9
+                SHA1: b3ee591b9218cfdcd394180558bd01bb674df627
+                SHA256: fc1c2199740f069b26f02d81313408734051ecb7fa216b2a86458938fac6a909
+                SHA384: 81c9c8b202f6fe3354dd5503ef9ee6d418b9a28064968506bc2c49d7bd0efbaa9da9ce51d7c384992aa531ca905442a7
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 693a64818c1e086b1b15aee63fa054a2
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 261d758721838be6952a5d436ef49482
+        SHA1: 48fb54a77fa0accb2465db44427fa54dadb40c71
+        SHA256: fc0103dc5d498962537d247bb47b20b3afcd43026871bda30382d13a5345e851
+    Sections:
+        .text:
+            Entropy: 6.370050981269774
+            Virtual Size: '0x19504'
+        .rdata:
+            Entropy: 5.499324680689697
+            Virtual Size: '0x7a7c'
+        .data:
+            Entropy: 1.867829218165165
+            Virtual Size: '0x48d4'
+        .pdata:
+            Entropy: 5.337655653168031
+            Virtual Size: '0x27c0'
+        .edata:
+            Entropy: 5.736737915363427
+            Virtual Size: '0x1a66'
+        INIT:
+            Entropy: 5.000542465514514
+            Virtual Size: '0x788'
+        .rsrc:
+            Entropy: 3.301923093235062
+            Virtual Size: '0x398'
+        .reloc:
+            Entropy: 4.803419428597937
+            Virtual Size: '0x6ea'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2009-06-30 05:41:34'
+    Imphash: fd133033a24971502ff0b2f189215c56
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: VBoxDrv.sys
+    MD5: 3e87e3346441539d3a90278a120766df
+    SHA1: ce5681896e7631b6e83cccb7aa056a33e72a1bbe
+    SHA256: 9dab4b6fddc8e1ec0a186aa8382b184a5d52cfcabaaf04ff9e3767021eb09cf4
+    Authentihash:
+        MD5: d8e8d4c6d5dd6ba5ca58979f569cba95
+        SHA1: c9027b3e1c731d0a16acd94c947f446df1a23318
+        SHA256: 681de794238060ec929aa5cf6c4701069f113a8524d31fb2f411648968ca17de
+    Description: VirtualBox Support Driver
+    Company: Pinduoduo Ltd Corp
+    InternalName: VBoxDrv
+    OriginalFilename: VBoxDrv.sys
+    FileVersion: 1.2.0.137904
+    Product: Pinduoduo Secure VDI
+    ProductVersion: 1.2.0.137904
+    Copyright: Copyright (C) 2015-2021 Pinduoduo Corporation
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions:
+    - ?RTAsn1VideotexString_CheckSanity@@YAHPEBURTASN1STRING@@IPEAURTERRINFO@@PEBD@Z
+    - ?RTAsn1VideotexString_Clone@@YAHPEAURTASN1STRING@@PEBU1@PEBURTASN1ALLOCATORVTABLE@@@Z
+    - ?RTAsn1VideotexString_Compare@@YAHPEBURTASN1STRING@@0@Z
+    - ?RTAsn1VideotexString_DecodeAsn1@@YAHPEAURTASN1CURSOR@@IPEAURTASN1STRING@@PEBD@Z
+    - ?RTAsn1VideotexString_Delete@@YAXPEAURTASN1STRING@@@Z
+    - ?RTAsn1VideotexString_Enum@@YAHPEAURTASN1STRING@@P6AHPEAURTASN1CORE@@PEBDIPEAX@ZI3@Z
+    - ?RTAsn1VideotexString_Init@@YAHPEAURTASN1STRING@@PEBURTASN1ALLOCATORVTABLE@@@Z
+    - ?RTCrPkcs7Cert_SetAcV1@@YAHPEAURTCRPKCS7CERT@@PEBURTASN1CORE@@PEBURTASN1ALLOCATORVTABLE@@@Z
+    - ?RTCrPkcs7Cert_SetAcV2@@YAHPEAURTCRPKCS7CERT@@PEBURTASN1CORE@@PEBURTASN1ALLOCATORVTABLE@@@Z
+    - ?RTCrPkcs7Cert_SetExtendedCert@@YAHPEAURTCRPKCS7CERT@@PEBURTASN1CORE@@PEBURTASN1ALLOCATORVTABLE@@@Z
+    - ?RTCrPkcs7Cert_SetOtherCert@@YAHPEAURTCRPKCS7CERT@@PEBURTASN1CORE@@PEBURTASN1ALLOCATORVTABLE@@@Z
+    - ?RTCrPkcs7Cert_SetX509Cert@@YAHPEAURTCRPKCS7CERT@@PEBURTCRX509CERTIFICATE@@PEBURTASN1ALLOCATORVTABLE@@@Z
+    - ?RTCrSpcLink_SetFile@@YAHPEAURTCRSPCLINK@@PEBURTCRSPCSTRING@@PEBURTASN1ALLOCATORVTABLE@@@Z
+    - ?RTCrSpcLink_SetMoniker@@YAHPEAURTCRSPCLINK@@PEBURTCRSPCSERIALIZEDOBJECT@@PEBURTASN1ALLOCATORVTABLE@@@Z
+    - ?RTCrSpcLink_SetUrl@@YAHPEAURTCRSPCLINK@@PEBURTASN1STRING@@PEBURTASN1ALLOCATORVTABLE@@@Z
+    - ?RTCrSpcString_SetAscii@@YAHPEAURTCRSPCSTRING@@PEBURTASN1STRING@@PEBURTASN1ALLOCATORVTABLE@@@Z
+    - ?RTCrSpcString_SetUcs2@@YAHPEAURTCRSPCSTRING@@PEBURTASN1STRING@@PEBURTASN1ALLOCATORVTABLE@@@Z
+    - ?RTCrTafTrustAnchorChoice_SetCertificate@@YAHPEAURTCRTAFTRUSTANCHORCHOICE@@PEBURTCRX509CERTIFICATE@@PEBURTASN1ALLOCATORVTABLE@@@Z
+    - ?RTCrTafTrustAnchorChoice_SetTaInfo@@YAHPEAURTCRTAFTRUSTANCHORCHOICE@@PEBURTCRTAFTRUSTANCHORINFO@@PEBURTASN1ALLOCATORVTABLE@@@Z
+    - ?RTCrTafTrustAnchorChoice_SetTbsCert@@YAHPEAURTCRTAFTRUSTANCHORCHOICE@@PEBURTCRX509TBSCERTIFICATE@@PEBURTASN1ALLOCATORVTABLE@@@Z
+    - ?RTCrX509AttributeTypeAndValue_MatchAsRdnByRfc5280@@YA_NPEBURTCRX509ATTRIBUTETYPEANDVALUE@@0@Z
+    - ?RTCrX509GeneralName_SetDirectoryName@@YAHPEAURTCRX509GENERALNAME@@PEBURTCRX509NAME@@PEBURTASN1ALLOCATORVTABLE@@@Z
+    - ?RTCrX509GeneralName_SetDnsType@@YAHPEAURTCRX509GENERALNAME@@PEBURTASN1STRING@@PEBURTASN1ALLOCATORVTABLE@@@Z
+    - ?RTCrX509GeneralName_SetEdiPartyName@@YAHPEAURTCRX509GENERALNAME@@PEBURTASN1DYNTYPE@@PEBURTASN1ALLOCATORVTABLE@@@Z
+    - ?RTCrX509GeneralName_SetIpAddress@@YAHPEAURTCRX509GENERALNAME@@PEBURTASN1OCTETSTRING@@PEBURTASN1ALLOCATORVTABLE@@@Z
+    - ?RTCrX509GeneralName_SetOtherName@@YAHPEAURTCRX509GENERALNAME@@PEBURTCRX509OTHERNAME@@PEBURTASN1ALLOCATORVTABLE@@@Z
+    - ?RTCrX509GeneralName_SetRegisteredId@@YAHPEAURTCRX509GENERALNAME@@PEBURTASN1OBJID@@PEBURTASN1ALLOCATORVTABLE@@@Z
+    - ?RTCrX509GeneralName_SetRfc822@@YAHPEAURTCRX509GENERALNAME@@PEBURTASN1STRING@@PEBURTASN1ALLOCATORVTABLE@@@Z
+    - ?RTCrX509GeneralName_SetUri@@YAHPEAURTCRX509GENERALNAME@@PEBURTASN1STRING@@PEBURTASN1ALLOCATORVTABLE@@@Z
+    - ?RTCrX509GeneralName_SetX400Address@@YAHPEAURTCRX509GENERALNAME@@PEBURTASN1DYNTYPE@@PEBURTASN1ALLOCATORVTABLE@@@Z
+    - ?RTCrX509RelativeDistinguishedName_MatchByRfc5280@@YA_NPEBURTCRX509ATTRIBUTETYPEANDVALUES@@0@Z
+    - ASMAtomicBitClear
+    - ASMAtomicXchgU16
+    - ASMAtomicXchgU8
+    - ASMCpuIdExSlow
+    - ASMGetCS
+    - ASMGetDS
+    - ASMGetES
+    - ASMGetFS
+    - ASMGetFlags
+    - ASMGetGS
+    - ASMGetIDTR
+    - ASMGetSS
+    - ASMMemFirstMismatchingU8
+    - ASMMemFirstNonZero
+    - ASMMultU64ByU32DivByU32
+    - ASMNopPause
+    - ASMSetFlags
+    - RTAsn1BitString_AreContentBitsValid
+    - RTAsn1BitString_CheckSanity
+    - RTAsn1BitString_Clone
+    - RTAsn1BitString_Compare
+    - RTAsn1BitString_DecodeAsn1
+    - RTAsn1BitString_DecodeAsn1Ex
+    - RTAsn1BitString_Delete
+    - RTAsn1BitString_Enum
+    - RTAsn1BitString_GetAsUInt64
+    - RTAsn1BitString_Init
+    - RTAsn1BitString_RefreshContent
+    - RTAsn1BmpString_CheckSanity
+    - RTAsn1BmpString_Clone
+    - RTAsn1BmpString_Compare
+    - RTAsn1BmpString_DecodeAsn1
+    - RTAsn1BmpString_Delete
+    - RTAsn1BmpString_Enum
+    - RTAsn1BmpString_Init
+    - RTAsn1Boolean_CheckSanity
+    - RTAsn1Boolean_Clone
+    - RTAsn1Boolean_Compare
+    - RTAsn1Boolean_DecodeAsn1
+    - RTAsn1Boolean_Delete
+    - RTAsn1Boolean_Enum
+    - RTAsn1Boolean_Init
+    - RTAsn1Boolean_InitDefault
+    - RTAsn1Boolean_Set
+    - RTAsn1ContentAllocZ
+    - RTAsn1ContentDup
+    - RTAsn1ContentFree
+    - RTAsn1ContentReallocZ
+    - RTAsn1ContextTagN_Clone
+    - RTAsn1ContextTagN_Init
+    - RTAsn1Core_ChangeTag
+    - RTAsn1Core_CheckSanity
+    - RTAsn1Core_Clone
+    - RTAsn1Core_CloneContent
+    - RTAsn1Core_CloneNoContent
+    - RTAsn1Core_Compare
+    - RTAsn1Core_CompareEx
+    - RTAsn1Core_DecodeAsn1
+    - RTAsn1Core_Delete
+    - RTAsn1Core_Enum
+    - RTAsn1Core_Init
+    - RTAsn1Core_InitDefault
+    - RTAsn1Core_InitEx
+    - RTAsn1Core_ResetImplict
+    - RTAsn1Core_SetTagAndFlags
+    - RTAsn1CursorCheckEnd
+    - RTAsn1CursorCheckOctStrEnd
+    - RTAsn1CursorCheckSeqEnd
+    - RTAsn1CursorCheckSetEnd
+    - RTAsn1CursorGetBitString
+    - RTAsn1CursorGetBitStringEx
+    - RTAsn1CursorGetBmpString
+    - RTAsn1CursorGetBoolean
+    - RTAsn1CursorGetContextTagNCursor
+    - RTAsn1CursorGetCore
+    - RTAsn1CursorGetDynType
+    - RTAsn1CursorGetIa5String
+    - RTAsn1CursorGetInteger
+    - RTAsn1CursorGetNull
+    - RTAsn1CursorGetObjId
+    - RTAsn1CursorGetOctetString
+    - RTAsn1CursorGetSequenceCursor
+    - RTAsn1CursorGetSetCursor
+    - RTAsn1CursorGetString
+    - RTAsn1CursorGetTime
+    - RTAsn1CursorGetUtf8String
+    - RTAsn1CursorInitAllocation
+    - RTAsn1CursorInitArrayAllocation
+    - RTAsn1CursorInitPrimary
+    - RTAsn1CursorInitSub
+    - RTAsn1CursorInitSubFromCore
+    - RTAsn1CursorIsEnd
+    - RTAsn1CursorIsNextEx
+    - RTAsn1CursorMatchTagClassFlagsEx
+    - RTAsn1CursorPeek
+    - RTAsn1CursorReadHdr
+    - RTAsn1CursorSetInfo
+    - RTAsn1CursorSetInfoV
+    - RTAsn1Dummy_InitEx
+    - RTAsn1Dump
+    - RTAsn1DynType_CheckSanity
+    - RTAsn1DynType_Clone
+    - RTAsn1DynType_Compare
+    - RTAsn1DynType_DecodeAsn1
+    - RTAsn1DynType_Delete
+    - RTAsn1DynType_Enum
+    - RTAsn1DynType_Init
+    - RTAsn1EncodePrepare
+    - RTAsn1EncodeRecalcHdrSize
+    - RTAsn1EncodeToBuffer
+    - RTAsn1EncodeWrite
+    - RTAsn1EncodeWriteHeader
+    - RTAsn1GeneralString_CheckSanity
+    - RTAsn1GeneralString_Clone
+    - RTAsn1GeneralString_Compare
+    - RTAsn1GeneralString_DecodeAsn1
+    - RTAsn1GeneralString_Delete
+    - RTAsn1GeneralString_Enum
+    - RTAsn1GeneralString_Init
+    - RTAsn1GeneralizedTime_CheckSanity
+    - RTAsn1GeneralizedTime_Clone
+    - RTAsn1GeneralizedTime_Compare
+    - RTAsn1GeneralizedTime_DecodeAsn1
+    - RTAsn1GeneralizedTime_Delete
+    - RTAsn1GeneralizedTime_Enum
+    - RTAsn1GeneralizedTime_Init
+    - RTAsn1GraphicString_CheckSanity
+    - RTAsn1GraphicString_Clone
+    - RTAsn1GraphicString_Compare
+    - RTAsn1GraphicString_DecodeAsn1
+    - RTAsn1GraphicString_Delete
+    - RTAsn1GraphicString_Enum
+    - RTAsn1GraphicString_Init
+    - RTAsn1Ia5String_CheckSanity
+    - RTAsn1Ia5String_Clone
+    - RTAsn1Ia5String_Compare
+    - RTAsn1Ia5String_DecodeAsn1
+    - RTAsn1Ia5String_Delete
+    - RTAsn1Ia5String_Enum
+    - RTAsn1Ia5String_Init
+    - RTAsn1Integer_CheckSanity
+    - RTAsn1Integer_Clone
+    - RTAsn1Integer_Compare
+    - RTAsn1Integer_DecodeAsn1
+    - RTAsn1Integer_Delete
+    - RTAsn1Integer_Enum
+    - RTAsn1Integer_FromBigNum
+    - RTAsn1Integer_Init
+    - RTAsn1Integer_InitDefault
+    - RTAsn1Integer_InitU64
+    - RTAsn1Integer_ToBigNum
+    - RTAsn1Integer_ToString
+    - RTAsn1Integer_UnsignedCompare
+    - RTAsn1Integer_UnsignedCompareWithU32
+    - RTAsn1Integer_UnsignedCompareWithU64
+    - RTAsn1Integer_UnsignedLastBit
+    - RTAsn1MemAllocZ
+    - RTAsn1MemDup
+    - RTAsn1MemFree
+    - RTAsn1MemFreeArray
+    - RTAsn1MemInitAllocation
+    - RTAsn1MemInitArrayAllocation
+    - RTAsn1MemResizeArray
+    - RTAsn1Null_CheckSanity
+    - RTAsn1Null_Clone
+    - RTAsn1Null_Compare
+    - RTAsn1Null_DecodeAsn1
+    - RTAsn1Null_Delete
+    - RTAsn1Null_Enum
+    - RTAsn1Null_Init
+    - RTAsn1NumericString_CheckSanity
+    - RTAsn1NumericString_Clone
+    - RTAsn1NumericString_Compare
+    - RTAsn1NumericString_DecodeAsn1
+    - RTAsn1NumericString_Delete
+    - RTAsn1NumericString_Enum
+    - RTAsn1NumericString_Init
+    - RTAsn1ObjIdCountComponents
+    - RTAsn1ObjIdGetComponentsAsUInt32
+    - RTAsn1ObjIdGetLastComponentsAsUInt32
+    - RTAsn1ObjId_CheckSanity
+    - RTAsn1ObjId_Clone
+    - RTAsn1ObjId_Compare
+    - RTAsn1ObjId_CompareWithString
+    - RTAsn1ObjId_DecodeAsn1
+    - RTAsn1ObjId_Delete
+    - RTAsn1ObjId_Enum
+    - RTAsn1ObjId_Init
+    - RTAsn1ObjId_InitFromString
+    - RTAsn1ObjId_StartsWith
+    - RTAsn1OctetString_AreContentBytesValid
+    - RTAsn1OctetString_CheckSanity
+    - RTAsn1OctetString_Clone
+    - RTAsn1OctetString_Compare
+    - RTAsn1OctetString_DecodeAsn1
+    - RTAsn1OctetString_Delete
+    - RTAsn1OctetString_Enum
+    - RTAsn1OctetString_Init
+    - RTAsn1OctetString_RefreshContent
+    - RTAsn1PrintableString_CheckSanity
+    - RTAsn1PrintableString_Clone
+    - RTAsn1PrintableString_Compare
+    - RTAsn1PrintableString_DecodeAsn1
+    - RTAsn1PrintableString_Delete
+    - RTAsn1PrintableString_Enum
+    - RTAsn1PrintableString_Init
+    - RTAsn1QueryObjIdName
+    - RTAsn1SeqOfBitStrings_CheckSanity
+    - RTAsn1SeqOfBitStrings_Clone
+    - RTAsn1SeqOfBitStrings_Compare
+    - RTAsn1SeqOfBitStrings_DecodeAsn1
+    - RTAsn1SeqOfBitStrings_Delete
+    - RTAsn1SeqOfBitStrings_Enum
+    - RTAsn1SeqOfBitStrings_Erase
+    - RTAsn1SeqOfBitStrings_Init
+    - RTAsn1SeqOfBitStrings_InsertEx
+    - RTAsn1SeqOfBooleans_CheckSanity
+    - RTAsn1SeqOfBooleans_Clone
+    - RTAsn1SeqOfBooleans_Compare
+    - RTAsn1SeqOfBooleans_DecodeAsn1
+    - RTAsn1SeqOfBooleans_Delete
+    - RTAsn1SeqOfBooleans_Enum
+    - RTAsn1SeqOfBooleans_Erase
+    - RTAsn1SeqOfBooleans_Init
+    - RTAsn1SeqOfBooleans_InsertEx
+    - RTAsn1SeqOfCore_Clone
+    - RTAsn1SeqOfCore_Init
+    - RTAsn1SeqOfCores_CheckSanity
+    - RTAsn1SeqOfCores_Clone
+    - RTAsn1SeqOfCores_Compare
+    - RTAsn1SeqOfCores_DecodeAsn1
+    - RTAsn1SeqOfCores_Delete
+    - RTAsn1SeqOfCores_Enum
+    - RTAsn1SeqOfCores_Erase
+    - RTAsn1SeqOfCores_Init
+    - RTAsn1SeqOfCores_InsertEx
+    - RTAsn1SeqOfIntegers_CheckSanity
+    - RTAsn1SeqOfIntegers_Clone
+    - RTAsn1SeqOfIntegers_Compare
+    - RTAsn1SeqOfIntegers_DecodeAsn1
+    - RTAsn1SeqOfIntegers_Delete
+    - RTAsn1SeqOfIntegers_Enum
+    - RTAsn1SeqOfIntegers_Erase
+    - RTAsn1SeqOfIntegers_Init
+    - RTAsn1SeqOfIntegers_InsertEx
+    - RTAsn1SeqOfObjIds_CheckSanity
+    - RTAsn1SeqOfObjIds_Clone
+    - RTAsn1SeqOfObjIds_Compare
+    - RTAsn1SeqOfObjIds_DecodeAsn1
+    - RTAsn1SeqOfObjIds_Delete
+    - RTAsn1SeqOfObjIds_Enum
+    - RTAsn1SeqOfObjIds_Erase
+    - RTAsn1SeqOfObjIds_Init
+    - RTAsn1SeqOfObjIds_InsertEx
+    - RTAsn1SeqOfOctetStrings_CheckSanity
+    - RTAsn1SeqOfOctetStrings_Clone
+    - RTAsn1SeqOfOctetStrings_Compare
+    - RTAsn1SeqOfOctetStrings_DecodeAsn1
+    - RTAsn1SeqOfOctetStrings_Delete
+    - RTAsn1SeqOfOctetStrings_Enum
+    - RTAsn1SeqOfOctetStrings_Erase
+    - RTAsn1SeqOfOctetStrings_Init
+    - RTAsn1SeqOfOctetStrings_InsertEx
+    - RTAsn1SeqOfStrings_CheckSanity
+    - RTAsn1SeqOfStrings_Clone
+    - RTAsn1SeqOfStrings_Compare
+    - RTAsn1SeqOfStrings_DecodeAsn1
+    - RTAsn1SeqOfStrings_Delete
+    - RTAsn1SeqOfStrings_Enum
+    - RTAsn1SeqOfStrings_Erase
+    - RTAsn1SeqOfStrings_Init
+    - RTAsn1SeqOfStrings_InsertEx
+    - RTAsn1SeqOfTimes_CheckSanity
+    - RTAsn1SeqOfTimes_Clone
+    - RTAsn1SeqOfTimes_Compare
+    - RTAsn1SeqOfTimes_DecodeAsn1
+    - RTAsn1SeqOfTimes_Delete
+    - RTAsn1SeqOfTimes_Enum
+    - RTAsn1SeqOfTimes_Erase
+    - RTAsn1SeqOfTimes_Init
+    - RTAsn1SeqOfTimes_InsertEx
+    - RTAsn1SequenceCore_Clone
+    - RTAsn1SequenceCore_Init
+    - RTAsn1SetCore_Clone
+    - RTAsn1SetCore_Init
+    - RTAsn1SetOfBitStrings_CheckSanity
+    - RTAsn1SetOfBitStrings_Clone
+    - RTAsn1SetOfBitStrings_Compare
+    - RTAsn1SetOfBitStrings_DecodeAsn1
+    - RTAsn1SetOfBitStrings_Delete
+    - RTAsn1SetOfBitStrings_Enum
+    - RTAsn1SetOfBitStrings_Erase
+    - RTAsn1SetOfBitStrings_Init
+    - RTAsn1SetOfBitStrings_InsertEx
+    - RTAsn1SetOfBooleans_CheckSanity
+    - RTAsn1SetOfBooleans_Clone
+    - RTAsn1SetOfBooleans_Compare
+    - RTAsn1SetOfBooleans_DecodeAsn1
+    - RTAsn1SetOfBooleans_Delete
+    - RTAsn1SetOfBooleans_Enum
+    - RTAsn1SetOfBooleans_Erase
+    - RTAsn1SetOfBooleans_Init
+    - RTAsn1SetOfBooleans_InsertEx
+    - RTAsn1SetOfCore_Clone
+    - RTAsn1SetOfCore_Init
+    - RTAsn1SetOfCores_CheckSanity
+    - RTAsn1SetOfCores_Clone
+    - RTAsn1SetOfCores_Compare
+    - RTAsn1SetOfCores_DecodeAsn1
+    - RTAsn1SetOfCores_Delete
+    - RTAsn1SetOfCores_Enum
+    - RTAsn1SetOfCores_Erase
+    - RTAsn1SetOfCores_Init
+    - RTAsn1SetOfCores_InsertEx
+    - RTAsn1SetOfIntegers_CheckSanity
+    - RTAsn1SetOfIntegers_Clone
+    - RTAsn1SetOfIntegers_Compare
+    - RTAsn1SetOfIntegers_DecodeAsn1
+    - RTAsn1SetOfIntegers_Delete
+    - RTAsn1SetOfIntegers_Enum
+    - RTAsn1SetOfIntegers_Erase
+    - RTAsn1SetOfIntegers_Init
+    - RTAsn1SetOfIntegers_InsertEx
+    - RTAsn1SetOfObjIdSeqs_CheckSanity
+    - RTAsn1SetOfObjIdSeqs_Clone
+    - RTAsn1SetOfObjIdSeqs_Compare
+    - RTAsn1SetOfObjIdSeqs_DecodeAsn1
+    - RTAsn1SetOfObjIdSeqs_Delete
+    - RTAsn1SetOfObjIdSeqs_Enum
+    - RTAsn1SetOfObjIdSeqs_Erase
+    - RTAsn1SetOfObjIdSeqs_Init
+    - RTAsn1SetOfObjIdSeqs_InsertEx
+    - RTAsn1SetOfObjIds_CheckSanity
+    - RTAsn1SetOfObjIds_Clone
+    - RTAsn1SetOfObjIds_Compare
+    - RTAsn1SetOfObjIds_DecodeAsn1
+    - RTAsn1SetOfObjIds_Delete
+    - RTAsn1SetOfObjIds_Enum
+    - RTAsn1SetOfObjIds_Erase
+    - RTAsn1SetOfObjIds_Init
+    - RTAsn1SetOfObjIds_InsertEx
+    - RTAsn1SetOfOctetStrings_CheckSanity
+    - RTAsn1SetOfOctetStrings_Clone
+    - RTAsn1SetOfOctetStrings_Compare
+    - RTAsn1SetOfOctetStrings_DecodeAsn1
+    - RTAsn1SetOfOctetStrings_Delete
+    - RTAsn1SetOfOctetStrings_Enum
+    - RTAsn1SetOfOctetStrings_Erase
+    - RTAsn1SetOfOctetStrings_Init
+    - RTAsn1SetOfOctetStrings_InsertEx
+    - RTAsn1SetOfStrings_CheckSanity
+    - RTAsn1SetOfStrings_Clone
+    - RTAsn1SetOfStrings_Compare
+    - RTAsn1SetOfStrings_DecodeAsn1
+    - RTAsn1SetOfStrings_Delete
+    - RTAsn1SetOfStrings_Enum
+    - RTAsn1SetOfStrings_Erase
+    - RTAsn1SetOfStrings_Init
+    - RTAsn1SetOfStrings_InsertEx
+    - RTAsn1SetOfTimes_CheckSanity
+    - RTAsn1SetOfTimes_Clone
+    - RTAsn1SetOfTimes_Compare
+    - RTAsn1SetOfTimes_DecodeAsn1
+    - RTAsn1SetOfTimes_Delete
+    - RTAsn1SetOfTimes_Enum
+    - RTAsn1SetOfTimes_Erase
+    - RTAsn1SetOfTimes_Init
+    - RTAsn1SetOfTimes_InsertEx
+    - RTAsn1String_CheckSanity
+    - RTAsn1String_Clone
+    - RTAsn1String_Compare
+    - RTAsn1String_CompareEx
+    - RTAsn1String_CompareValues
+    - RTAsn1String_CompareWithString
+    - RTAsn1String_DecodeAsn1
+    - RTAsn1String_Delete
+    - RTAsn1String_Enum
+    - RTAsn1String_Init
+    - RTAsn1String_InitEx
+    - RTAsn1String_InitWithValue
+    - RTAsn1String_QueryUtf8
+    - RTAsn1String_QueryUtf8Len
+    - RTAsn1String_RecodeAsUtf8
+    - RTAsn1T61String_CheckSanity
+    - RTAsn1T61String_Clone
+    - RTAsn1T61String_Compare
+    - RTAsn1T61String_DecodeAsn1
+    - RTAsn1T61String_Delete
+    - RTAsn1T61String_Enum
+    - RTAsn1T61String_Init
+    - RTAsn1Time_CheckSanity
+    - RTAsn1Time_Clone
+    - RTAsn1Time_Compare
+    - RTAsn1Time_CompareWithTimeSpec
+    - RTAsn1Time_DecodeAsn1
+    - RTAsn1Time_Delete
+    - RTAsn1Time_Enum
+    - RTAsn1Time_Init
+    - RTAsn1Time_InitEx
+    - RTAsn1UniversalString_CheckSanity
+    - RTAsn1UniversalString_Clone
+    - RTAsn1UniversalString_Compare
+    - RTAsn1UniversalString_DecodeAsn1
+    - RTAsn1UniversalString_Delete
+    - RTAsn1UniversalString_Enum
+    - RTAsn1UniversalString_Init
+    - RTAsn1UtcTime_CheckSanity
+    - RTAsn1UtcTime_Clone
+    - RTAsn1UtcTime_Compare
+    - RTAsn1UtcTime_DecodeAsn1
+    - RTAsn1UtcTime_Delete
+    - RTAsn1UtcTime_Enum
+    - RTAsn1UtcTime_Init
+    - RTAsn1Utf8String_CheckSanity
+    - RTAsn1Utf8String_Clone
+    - RTAsn1Utf8String_Compare
+    - RTAsn1Utf8String_DecodeAsn1
+    - RTAsn1Utf8String_Delete
+    - RTAsn1Utf8String_Enum
+    - RTAsn1Utf8String_Init
+    - RTAsn1VisibleString_CheckSanity
+    - RTAsn1VisibleString_Clone
+    - RTAsn1VisibleString_Compare
+    - RTAsn1VisibleString_DecodeAsn1
+    - RTAsn1VisibleString_Delete
+    - RTAsn1VisibleString_Enum
+    - RTAsn1VisibleString_Init
+    - RTAsn1VtCheckSanity
+    - RTAsn1VtClone
+    - RTAsn1VtCompare
+    - RTAsn1VtDeepEnum
+    - RTAsn1VtDelete
+    - RTAssertAreQuiet
+    - RTAssertMayPanic
+    - RTAssertMsg1
+    - RTAssertMsg1Weak
+    - RTAssertMsg2AddV
+    - RTAssertMsg2V
+    - RTAssertMsg2Weak
+    - RTAssertMsg2WeakV
+    - RTAssertSetMayPanic
+    - RTAssertSetQuiet
+    - RTAssertShouldPanic
+    - RTAvlPVDestroy
+    - RTAvlPVDoWithAll
+    - RTAvlPVGet
+    - RTAvlPVGetBestFit
+    - RTAvlPVInsert
+    - RTAvlPVRemove
+    - RTAvlPVRemoveBestFit
+    - RTBigNumAdd
+    - RTBigNumAssign
+    - RTBigNumBitWidth
+    - RTBigNumByteWidth
+    - RTBigNumClone
+    - RTBigNumCompare
+    - RTBigNumCompareWithS64
+    - RTBigNumCompareWithU64
+    - RTBigNumDestroy
+    - RTBigNumDivide
+    - RTBigNumDivideLong
+    - RTBigNumExponentiate
+    - RTBigNumInit
+    - RTBigNumInitZero
+    - RTBigNumModExp
+    - RTBigNumModulo
+    - RTBigNumMultiply
+    - RTBigNumNegate
+    - RTBigNumNegateThis
+    - RTBigNumShiftLeft
+    - RTBigNumShiftRight
+    - RTBigNumSubtract
+    - RTBigNumToBytesBigEndian
+    - RTCrCertCtxRelease
+    - RTCrCertCtxRetain
+    - RTCrDigestClone
+    - RTCrDigestCreate
+    - RTCrDigestCreateByObjId
+    - RTCrDigestCreateByObjIdString
+    - RTCrDigestCreateByType
+    - RTCrDigestFinal
+    - RTCrDigestFindByObjId
+    - RTCrDigestFindByObjIdString
+    - RTCrDigestFindByType
+    - RTCrDigestGetAlgorithmOid
+    - RTCrDigestGetConsumedSize
+    - RTCrDigestGetFlags
+    - RTCrDigestGetHash
+    - RTCrDigestGetHashSize
+    - RTCrDigestGetType
+    - RTCrDigestIsFinalized
+    - RTCrDigestMatch
+    - RTCrDigestRelease
+    - RTCrDigestReset
+    - RTCrDigestRetain
+    - RTCrDigestTypeToAlgorithmOid
+    - RTCrDigestTypeToHashSize
+    - RTCrDigestTypeToName
+    - RTCrDigestUpdate
+    - RTCrKeyCreateFromPublicAlgorithmAndBits
+    - RTCrKeyCreateFromSubjectPublicKeyInfo
+    - RTCrKeyGetBitCount
+    - RTCrKeyGetType
+    - RTCrKeyHasPrivatePart
+    - RTCrKeyHasPublicPart
+    - RTCrKeyQueryRsaModulus
+    - RTCrKeyQueryRsaPrivateExponent
+    - RTCrKeyRelease
+    - RTCrKeyRetain
+    - RTCrPkcs7Attribute_CheckSanity
+    - RTCrPkcs7Attribute_Clone
+    - RTCrPkcs7Attribute_Compare
+    - RTCrPkcs7Attribute_DecodeAsn1
+    - RTCrPkcs7Attribute_Delete
+    - RTCrPkcs7Attribute_Enum
+    - RTCrPkcs7Attribute_Init
+    - RTCrPkcs7Attributes_CheckSanity
+    - RTCrPkcs7Attributes_Clone
+    - RTCrPkcs7Attributes_Compare
+    - RTCrPkcs7Attributes_DecodeAsn1
+    - RTCrPkcs7Attributes_Delete
+    - RTCrPkcs7Attributes_Enum
+    - RTCrPkcs7Attributes_Erase
+    - RTCrPkcs7Attributes_Init
+    - RTCrPkcs7Attributes_InsertEx
+    - RTCrPkcs7Cert_CheckSanity
+    - RTCrPkcs7Cert_Clone
+    - RTCrPkcs7Cert_Compare
+    - RTCrPkcs7Cert_DecodeAsn1
+    - RTCrPkcs7Cert_Delete
+    - RTCrPkcs7Cert_Enum
+    - RTCrPkcs7Cert_Init
+    - RTCrPkcs7ContentInfo_CheckSanity
+    - RTCrPkcs7ContentInfo_Clone
+    - RTCrPkcs7ContentInfo_Compare
+    - RTCrPkcs7ContentInfo_DecodeAsn1
+    - RTCrPkcs7ContentInfo_Delete
+    - RTCrPkcs7ContentInfo_Enum
+    - RTCrPkcs7ContentInfo_Init
+    - RTCrPkcs7ContentInfo_IsSignedData
+    - RTCrPkcs7DigestInfo_CheckSanity
+    - RTCrPkcs7DigestInfo_Clone
+    - RTCrPkcs7DigestInfo_Compare
+    - RTCrPkcs7DigestInfo_DecodeAsn1
+    - RTCrPkcs7DigestInfo_Delete
+    - RTCrPkcs7DigestInfo_Enum
+    - RTCrPkcs7DigestInfo_Init
+    - RTCrPkcs7IssuerAndSerialNumber_CheckSanity
+    - RTCrPkcs7IssuerAndSerialNumber_Clone
+    - RTCrPkcs7IssuerAndSerialNumber_Compare
+    - RTCrPkcs7IssuerAndSerialNumber_DecodeAsn1
+    - RTCrPkcs7IssuerAndSerialNumber_Delete
+    - RTCrPkcs7IssuerAndSerialNumber_Enum
+    - RTCrPkcs7IssuerAndSerialNumber_Init
+    - RTCrPkcs7SetOfCerts_CheckSanity
+    - RTCrPkcs7SetOfCerts_Clone
+    - RTCrPkcs7SetOfCerts_Compare
+    - RTCrPkcs7SetOfCerts_DecodeAsn1
+    - RTCrPkcs7SetOfCerts_Delete
+    - RTCrPkcs7SetOfCerts_Enum
+    - RTCrPkcs7SetOfCerts_Erase
+    - RTCrPkcs7SetOfCerts_FindX509ByIssuerAndSerialNumber
+    - RTCrPkcs7SetOfCerts_Init
+    - RTCrPkcs7SetOfCerts_InsertEx
+    - RTCrPkcs7SetOfContentInfos_CheckSanity
+    - RTCrPkcs7SetOfContentInfos_Clone
+    - RTCrPkcs7SetOfContentInfos_Compare
+    - RTCrPkcs7SetOfContentInfos_DecodeAsn1
+    - RTCrPkcs7SetOfContentInfos_Delete
+    - RTCrPkcs7SetOfContentInfos_Enum
+    - RTCrPkcs7SetOfContentInfos_Erase
+    - RTCrPkcs7SetOfContentInfos_Init
+    - RTCrPkcs7SetOfContentInfos_InsertEx
+    - RTCrPkcs7SetOfSignedData_CheckSanity
+    - RTCrPkcs7SetOfSignedData_Clone
+    - RTCrPkcs7SetOfSignedData_Compare
+    - RTCrPkcs7SetOfSignedData_DecodeAsn1
+    - RTCrPkcs7SetOfSignedData_Delete
+    - RTCrPkcs7SetOfSignedData_Enum
+    - RTCrPkcs7SetOfSignedData_Erase
+    - RTCrPkcs7SetOfSignedData_Init
+    - RTCrPkcs7SetOfSignedData_InsertEx
+    - RTCrPkcs7SignedData_CheckSanity
+    - RTCrPkcs7SignedData_Clone
+    - RTCrPkcs7SignedData_Compare
+    - RTCrPkcs7SignedData_DecodeAsn1
+    - RTCrPkcs7SignedData_Delete
+    - RTCrPkcs7SignedData_Enum
+    - RTCrPkcs7SignedData_Init
+    - RTCrPkcs7SignerInfo_CheckSanity
+    - RTCrPkcs7SignerInfo_Clone
+    - RTCrPkcs7SignerInfo_Compare
+    - RTCrPkcs7SignerInfo_DecodeAsn1
+    - RTCrPkcs7SignerInfo_Delete
+    - RTCrPkcs7SignerInfo_Enum
+    - RTCrPkcs7SignerInfo_GetMsTimestamp
+    - RTCrPkcs7SignerInfo_GetSigningTime
+    - RTCrPkcs7SignerInfo_Init
+    - RTCrPkcs7SignerInfos_CheckSanity
+    - RTCrPkcs7SignerInfos_Clone
+    - RTCrPkcs7SignerInfos_Compare
+    - RTCrPkcs7SignerInfos_DecodeAsn1
+    - RTCrPkcs7SignerInfos_Delete
+    - RTCrPkcs7SignerInfos_Enum
+    - RTCrPkcs7SignerInfos_Erase
+    - RTCrPkcs7SignerInfos_Init
+    - RTCrPkcs7SignerInfos_InsertEx
+    - RTCrPkcs7VerifyCertCallbackCodeSigning
+    - RTCrPkcs7VerifyCertCallbackDefault
+    - RTCrPkcs7VerifySignedData
+    - RTCrPkcs7VerifySignedDataWithExternalData
+    - RTCrPkixGetCiperOidFromSignatureAlgorithm
+    - RTCrPkixPubKeyVerifySignature
+    - RTCrPkixPubKeyVerifySignedDigest
+    - RTCrPkixPubKeyVerifySignedDigestByCertPubKeyInfo
+    - RTCrPkixSignatureCreate
+    - RTCrPkixSignatureCreateByObjId
+    - RTCrPkixSignatureCreateByObjIdString
+    - RTCrPkixSignatureRelease
+    - RTCrPkixSignatureRetain
+    - RTCrPkixSignatureSign
+    - RTCrPkixSignatureVerify
+    - RTCrPkixSignatureVerifyBitString
+    - RTCrPkixSignatureVerifyOctetString
+    - RTCrRsaDigestInfo_CheckSanity
+    - RTCrRsaDigestInfo_Clone
+    - RTCrRsaDigestInfo_Compare
+    - RTCrRsaDigestInfo_DecodeAsn1
+    - RTCrRsaDigestInfo_Delete
+    - RTCrRsaDigestInfo_Enum
+    - RTCrRsaDigestInfo_Init
+    - RTCrRsaOtherPrimeInfo_CheckSanity
+    - RTCrRsaOtherPrimeInfo_Clone
+    - RTCrRsaOtherPrimeInfo_Compare
+    - RTCrRsaOtherPrimeInfo_DecodeAsn1
+    - RTCrRsaOtherPrimeInfo_Delete
+    - RTCrRsaOtherPrimeInfo_Enum
+    - RTCrRsaOtherPrimeInfo_Init
+    - RTCrRsaOtherPrimeInfos_CheckSanity
+    - RTCrRsaOtherPrimeInfos_Clone
+    - RTCrRsaOtherPrimeInfos_Compare
+    - RTCrRsaOtherPrimeInfos_DecodeAsn1
+    - RTCrRsaOtherPrimeInfos_Delete
+    - RTCrRsaOtherPrimeInfos_Enum
+    - RTCrRsaOtherPrimeInfos_Erase
+    - RTCrRsaOtherPrimeInfos_Init
+    - RTCrRsaOtherPrimeInfos_InsertEx
+    - RTCrRsaPrivateKey_CheckSanity
+    - RTCrRsaPrivateKey_Clone
+    - RTCrRsaPrivateKey_Compare
+    - RTCrRsaPrivateKey_DecodeAsn1
+    - RTCrRsaPrivateKey_Delete
+    - RTCrRsaPrivateKey_Enum
+    - RTCrRsaPrivateKey_Init
+    - RTCrRsaPublicKey_CheckSanity
+    - RTCrRsaPublicKey_Clone
+    - RTCrRsaPublicKey_Compare
+    - RTCrRsaPublicKey_DecodeAsn1
+    - RTCrRsaPublicKey_Delete
+    - RTCrRsaPublicKey_Enum
+    - RTCrRsaPublicKey_Init
+    - RTCrSpcAttributeTypeAndOptionalValue_CheckSanity
+    - RTCrSpcAttributeTypeAndOptionalValue_Clone
+    - RTCrSpcAttributeTypeAndOptionalValue_Compare
+    - RTCrSpcAttributeTypeAndOptionalValue_DecodeAsn1
+    - RTCrSpcAttributeTypeAndOptionalValue_Delete
+    - RTCrSpcAttributeTypeAndOptionalValue_Enum
+    - RTCrSpcAttributeTypeAndOptionalValue_Init
+    - RTCrSpcIndirectDataContent_CheckSanity
+    - RTCrSpcIndirectDataContent_CheckSanityEx
+    - RTCrSpcIndirectDataContent_Clone
+    - RTCrSpcIndirectDataContent_Compare
+    - RTCrSpcIndirectDataContent_DecodeAsn1
+    - RTCrSpcIndirectDataContent_Delete
+    - RTCrSpcIndirectDataContent_Enum
+    - RTCrSpcIndirectDataContent_GetPeImageObjAttrib
+    - RTCrSpcIndirectDataContent_Init
+    - RTCrSpcLink_CheckSanity
+    - RTCrSpcLink_Clone
+    - RTCrSpcLink_Compare
+    - RTCrSpcLink_DecodeAsn1
+    - RTCrSpcLink_Delete
+    - RTCrSpcLink_Enum
+    - RTCrSpcLink_Init
+    - RTCrSpcPeImageData_CheckSanity
+    - RTCrSpcPeImageData_Clone
+    - RTCrSpcPeImageData_Compare
+    - RTCrSpcPeImageData_DecodeAsn1
+    - RTCrSpcPeImageData_Delete
+    - RTCrSpcPeImageData_Enum
+    - RTCrSpcPeImageData_Init
+    - RTCrSpcSerializedObjectAttribute_CheckSanity
+    - RTCrSpcSerializedObjectAttribute_Clone
+    - RTCrSpcSerializedObjectAttribute_Compare
+    - RTCrSpcSerializedObjectAttribute_DecodeAsn1
+    - RTCrSpcSerializedObjectAttribute_Delete
+    - RTCrSpcSerializedObjectAttribute_Enum
+    - RTCrSpcSerializedObjectAttribute_Init
+    - RTCrSpcSerializedObjectAttributes_CheckSanity
+    - RTCrSpcSerializedObjectAttributes_Clone
+    - RTCrSpcSerializedObjectAttributes_Compare
+    - RTCrSpcSerializedObjectAttributes_DecodeAsn1
+    - RTCrSpcSerializedObjectAttributes_Delete
+    - RTCrSpcSerializedObjectAttributes_Enum
+    - RTCrSpcSerializedObjectAttributes_Erase
+    - RTCrSpcSerializedObjectAttributes_Init
+    - RTCrSpcSerializedObjectAttributes_InsertEx
+    - RTCrSpcSerializedObject_CheckSanity
+    - RTCrSpcSerializedObject_Clone
+    - RTCrSpcSerializedObject_Compare
+    - RTCrSpcSerializedObject_DecodeAsn1
+    - RTCrSpcSerializedObject_Delete
+    - RTCrSpcSerializedObject_Enum
+    - RTCrSpcSerializedObject_Init
+    - RTCrSpcSerializedPageHashes_CheckSanity
+    - RTCrSpcSerializedPageHashes_Clone
+    - RTCrSpcSerializedPageHashes_Compare
+    - RTCrSpcSerializedPageHashes_DecodeAsn1
+    - RTCrSpcSerializedPageHashes_Delete
+    - RTCrSpcSerializedPageHashes_Enum
+    - RTCrSpcSerializedPageHashes_Init
+    - RTCrSpcSerializedPageHashes_UpdateDerivedData
+    - RTCrSpcString_CheckSanity
+    - RTCrSpcString_Clone
+    - RTCrSpcString_Compare
+    - RTCrSpcString_DecodeAsn1
+    - RTCrSpcString_Delete
+    - RTCrSpcString_Enum
+    - RTCrSpcString_Init
+    - RTCrStoreCertAddEncoded
+    - RTCrStoreCertByIssuerAndSerialNo
+    - RTCrStoreCertCount
+    - RTCrStoreCertFindAll
+    - RTCrStoreCertFindBySubjectOrAltSubjectByRfc5280
+    - RTCrStoreCertSearchDestroy
+    - RTCrStoreCertSearchNext
+    - RTCrStoreCreateInMem
+    - RTCrStoreRelease
+    - RTCrStoreRetain
+    - RTCrTafCertPathControls_CheckSanity
+    - RTCrTafCertPathControls_Clone
+    - RTCrTafCertPathControls_Compare
+    - RTCrTafCertPathControls_DecodeAsn1
+    - RTCrTafCertPathControls_Delete
+    - RTCrTafCertPathControls_Enum
+    - RTCrTafCertPathControls_Init
+    - RTCrTafTrustAnchorChoice_CheckSanity
+    - RTCrTafTrustAnchorChoice_Clone
+    - RTCrTafTrustAnchorChoice_Compare
+    - RTCrTafTrustAnchorChoice_DecodeAsn1
+    - RTCrTafTrustAnchorChoice_Delete
+    - RTCrTafTrustAnchorChoice_Enum
+    - RTCrTafTrustAnchorChoice_Init
+    - RTCrTafTrustAnchorInfo_CheckSanity
+    - RTCrTafTrustAnchorInfo_Clone
+    - RTCrTafTrustAnchorInfo_Compare
+    - RTCrTafTrustAnchorInfo_DecodeAsn1
+    - RTCrTafTrustAnchorInfo_Delete
+    - RTCrTafTrustAnchorInfo_Enum
+    - RTCrTafTrustAnchorInfo_Init
+    - RTCrTafTrustAnchorList_CheckSanity
+    - RTCrTafTrustAnchorList_Clone
+    - RTCrTafTrustAnchorList_Compare
+    - RTCrTafTrustAnchorList_DecodeAsn1
+    - RTCrTafTrustAnchorList_Delete
+    - RTCrTafTrustAnchorList_Enum
+    - RTCrTafTrustAnchorList_Erase
+    - RTCrTafTrustAnchorList_Init
+    - RTCrTafTrustAnchorList_InsertEx
+    - RTCrTspAccuracy_CheckSanity
+    - RTCrTspAccuracy_Clone
+    - RTCrTspAccuracy_Compare
+    - RTCrTspAccuracy_DecodeAsn1
+    - RTCrTspAccuracy_Delete
+    - RTCrTspAccuracy_Enum
+    - RTCrTspAccuracy_Init
+    - RTCrTspMessageImprint_CheckSanity
+    - RTCrTspMessageImprint_Clone
+    - RTCrTspMessageImprint_Compare
+    - RTCrTspMessageImprint_DecodeAsn1
+    - RTCrTspMessageImprint_Delete
+    - RTCrTspMessageImprint_Enum
+    - RTCrTspMessageImprint_Init
+    - RTCrTspTstInfo_CheckSanity
+    - RTCrTspTstInfo_Clone
+    - RTCrTspTstInfo_Compare
+    - RTCrTspTstInfo_DecodeAsn1
+    - RTCrTspTstInfo_Delete
+    - RTCrTspTstInfo_Enum
+    - RTCrTspTstInfo_Init
+    - RTCrX509AlgorithmIdentifier_CheckSanity
+    - RTCrX509AlgorithmIdentifier_Clone
+    - RTCrX509AlgorithmIdentifier_CombineEncryptionAndDigest
+    - RTCrX509AlgorithmIdentifier_CombineEncryptionOidAndDigestOid
+    - RTCrX509AlgorithmIdentifier_Compare
+    - RTCrX509AlgorithmIdentifier_CompareDigestAndEncryptedDigest
+    - RTCrX509AlgorithmIdentifier_CompareDigestOidAndEncryptedDigestOid
+    - RTCrX509AlgorithmIdentifier_CompareWithString
+    - RTCrX509AlgorithmIdentifier_DecodeAsn1
+    - RTCrX509AlgorithmIdentifier_Delete
+    - RTCrX509AlgorithmIdentifier_Enum
+    - RTCrX509AlgorithmIdentifier_Init
+    - RTCrX509AlgorithmIdentifier_QueryDigestSize
+    - RTCrX509AlgorithmIdentifier_QueryDigestType
+    - RTCrX509AlgorithmIdentifiers_CheckSanity
+    - RTCrX509AlgorithmIdentifiers_Clone
+    - RTCrX509AlgorithmIdentifiers_Compare
+    - RTCrX509AlgorithmIdentifiers_DecodeAsn1
+    - RTCrX509AlgorithmIdentifiers_Delete
+    - RTCrX509AlgorithmIdentifiers_Enum
+    - RTCrX509AlgorithmIdentifiers_Erase
+    - RTCrX509AlgorithmIdentifiers_Init
+    - RTCrX509AlgorithmIdentifiers_InsertEx
+    - RTCrX509AttributeTypeAndValue_CheckSanity
+    - RTCrX509AttributeTypeAndValue_Clone
+    - RTCrX509AttributeTypeAndValue_Compare
+    - RTCrX509AttributeTypeAndValue_DecodeAsn1
+    - RTCrX509AttributeTypeAndValue_Delete
+    - RTCrX509AttributeTypeAndValue_Enum
+    - RTCrX509AttributeTypeAndValue_Init
+    - RTCrX509AttributeTypeAndValues_CheckSanity
+    - RTCrX509AttributeTypeAndValues_Clone
+    - RTCrX509AttributeTypeAndValues_Compare
+    - RTCrX509AttributeTypeAndValues_DecodeAsn1
+    - RTCrX509AttributeTypeAndValues_Delete
+    - RTCrX509AttributeTypeAndValues_Enum
+    - RTCrX509AttributeTypeAndValues_Erase
+    - RTCrX509AttributeTypeAndValues_Init
+    - RTCrX509AttributeTypeAndValues_InsertEx
+    - RTCrX509AuthorityKeyIdentifier_CheckSanity
+    - RTCrX509AuthorityKeyIdentifier_Clone
+    - RTCrX509AuthorityKeyIdentifier_Compare
+    - RTCrX509AuthorityKeyIdentifier_DecodeAsn1
+    - RTCrX509AuthorityKeyIdentifier_Delete
+    - RTCrX509AuthorityKeyIdentifier_Enum
+    - RTCrX509AuthorityKeyIdentifier_Init
+    - RTCrX509BasicConstraints_CheckSanity
+    - RTCrX509BasicConstraints_Clone
+    - RTCrX509BasicConstraints_Compare
+    - RTCrX509BasicConstraints_DecodeAsn1
+    - RTCrX509BasicConstraints_Delete
+    - RTCrX509BasicConstraints_Enum
+    - RTCrX509BasicConstraints_Init
+    - RTCrX509CertPathsBuild
+    - RTCrX509CertPathsCreate
+    - RTCrX509CertPathsCreateEx
+    - RTCrX509CertPathsDumpAll
+    - RTCrX509CertPathsDumpOne
+    - RTCrX509CertPathsGetPathCount
+    - RTCrX509CertPathsGetPathLength
+    - RTCrX509CertPathsGetPathNodeCert
+    - RTCrX509CertPathsGetPathVerifyResult
+    - RTCrX509CertPathsQueryPathInfo
+    - RTCrX509CertPathsRelease
+    - RTCrX509CertPathsRetain
+    - RTCrX509CertPathsSetTrustedStore
+    - RTCrX509CertPathsSetUntrustedArray
+    - RTCrX509CertPathsSetUntrustedSet
+    - RTCrX509CertPathsSetUntrustedStore
+    - RTCrX509CertPathsSetValidTime
+    - RTCrX509CertPathsSetValidTimeSpec
+    - RTCrX509CertPathsValidateAll
+    - RTCrX509CertPathsValidateOne
+    - RTCrX509CertificatePolicies_CheckSanity
+    - RTCrX509CertificatePolicies_Clone
+    - RTCrX509CertificatePolicies_Compare
+    - RTCrX509CertificatePolicies_DecodeAsn1
+    - RTCrX509CertificatePolicies_Delete
+    - RTCrX509CertificatePolicies_Enum
+    - RTCrX509CertificatePolicies_Erase
+    - RTCrX509CertificatePolicies_Init
+    - RTCrX509CertificatePolicies_InsertEx
+    - RTCrX509Certificate_CheckSanity
+    - RTCrX509Certificate_Clone
+    - RTCrX509Certificate_Compare
+    - RTCrX509Certificate_DecodeAsn1
+    - RTCrX509Certificate_Delete
+    - RTCrX509Certificate_Enum
+    - RTCrX509Certificate_Init
+    - RTCrX509Certificate_IsSelfSigned
+    - RTCrX509Certificate_MatchIssuerAndSerialNumber
+    - RTCrX509Certificate_MatchSubjectOrAltSubjectByRfc5280
+    - RTCrX509Certificate_VerifySignature
+    - RTCrX509Certificate_VerifySignatureSelfSigned
+    - RTCrX509Certificates_CheckSanity
+    - RTCrX509Certificates_Clone
+    - RTCrX509Certificates_Compare
+    - RTCrX509Certificates_DecodeAsn1
+    - RTCrX509Certificates_Delete
+    - RTCrX509Certificates_Enum
+    - RTCrX509Certificates_Erase
+    - RTCrX509Certificates_FindByIssuerAndSerialNumber
+    - RTCrX509Certificates_Init
+    - RTCrX509Certificates_InsertEx
+    - RTCrX509Extension_CheckSanity
+    - RTCrX509Extension_Clone
+    - RTCrX509Extension_Compare
+    - RTCrX509Extension_DecodeAsn1
+    - RTCrX509Extension_Delete
+    - RTCrX509Extension_Enum
+    - RTCrX509Extension_ExtnValue_DecodeAsn1
+    - RTCrX509Extension_Init
+    - RTCrX509Extensions_CheckSanity
+    - RTCrX509Extensions_Clone
+    - RTCrX509Extensions_Compare
+    - RTCrX509Extensions_DecodeAsn1
+    - RTCrX509Extensions_Delete
+    - RTCrX509Extensions_Enum
+    - RTCrX509Extensions_Erase
+    - RTCrX509Extensions_Init
+    - RTCrX509Extensions_InsertEx
+    - RTCrX509GeneralName_CheckSanity
+    - RTCrX509GeneralName_Clone
+    - RTCrX509GeneralName_Compare
+    - RTCrX509GeneralName_ConstraintMatch
+    - RTCrX509GeneralName_DecodeAsn1
+    - RTCrX509GeneralName_Delete
+    - RTCrX509GeneralName_Enum
+    - RTCrX509GeneralName_Init
+    - RTCrX509GeneralNames_CheckSanity
+    - RTCrX509GeneralNames_Clone
+    - RTCrX509GeneralNames_Compare
+    - RTCrX509GeneralNames_DecodeAsn1
+    - RTCrX509GeneralNames_Delete
+    - RTCrX509GeneralNames_Enum
+    - RTCrX509GeneralNames_Erase
+    - RTCrX509GeneralNames_Init
+    - RTCrX509GeneralNames_InsertEx
+    - RTCrX509GeneralSubtree_CheckSanity
+    - RTCrX509GeneralSubtree_Clone
+    - RTCrX509GeneralSubtree_Compare
+    - RTCrX509GeneralSubtree_ConstraintMatch
+    - RTCrX509GeneralSubtree_DecodeAsn1
+    - RTCrX509GeneralSubtree_Delete
+    - RTCrX509GeneralSubtree_Enum
+    - RTCrX509GeneralSubtree_Init
+    - RTCrX509GeneralSubtrees_CheckSanity
+    - RTCrX509GeneralSubtrees_Clone
+    - RTCrX509GeneralSubtrees_Compare
+    - RTCrX509GeneralSubtrees_DecodeAsn1
+    - RTCrX509GeneralSubtrees_Delete
+    - RTCrX509GeneralSubtrees_Enum
+    - RTCrX509GeneralSubtrees_Erase
+    - RTCrX509GeneralSubtrees_Init
+    - RTCrX509GeneralSubtrees_InsertEx
+    - RTCrX509NameConstraints_CheckSanity
+    - RTCrX509NameConstraints_Clone
+    - RTCrX509NameConstraints_Compare
+    - RTCrX509NameConstraints_DecodeAsn1
+    - RTCrX509NameConstraints_Delete
+    - RTCrX509NameConstraints_Enum
+    - RTCrX509NameConstraints_Init
+    - RTCrX509Name_CheckSanity
+    - RTCrX509Name_Clone
+    - RTCrX509Name_Compare
+    - RTCrX509Name_ConstraintMatch
+    - RTCrX509Name_DecodeAsn1
+    - RTCrX509Name_Delete
+    - RTCrX509Name_Enum
+    - RTCrX509Name_Erase
+    - RTCrX509Name_FormatAsString
+    - RTCrX509Name_GetShortRdn
+    - RTCrX509Name_Init
+    - RTCrX509Name_InsertEx
+    - RTCrX509Name_MatchByRfc5280
+    - RTCrX509Name_MatchWithString
+    - RTCrX509Name_RecodeAsUtf8
+    - RTCrX509OldAuthorityKeyIdentifier_CheckSanity
+    - RTCrX509OldAuthorityKeyIdentifier_Clone
+    - RTCrX509OldAuthorityKeyIdentifier_Compare
+    - RTCrX509OldAuthorityKeyIdentifier_DecodeAsn1
+    - RTCrX509OldAuthorityKeyIdentifier_Delete
+    - RTCrX509OldAuthorityKeyIdentifier_Enum
+    - RTCrX509OldAuthorityKeyIdentifier_Init
+    - RTCrX509OtherName_CheckSanity
+    - RTCrX509OtherName_Clone
+    - RTCrX509OtherName_Compare
+    - RTCrX509OtherName_DecodeAsn1
+    - RTCrX509OtherName_Delete
+    - RTCrX509OtherName_Enum
+    - RTCrX509OtherName_Init
+    - RTCrX509PolicyConstraints_CheckSanity
+    - RTCrX509PolicyConstraints_Clone
+    - RTCrX509PolicyConstraints_Compare
+    - RTCrX509PolicyConstraints_DecodeAsn1
+    - RTCrX509PolicyConstraints_Delete
+    - RTCrX509PolicyConstraints_Enum
+    - RTCrX509PolicyConstraints_Init
+    - RTCrX509PolicyInformation_CheckSanity
+    - RTCrX509PolicyInformation_Clone
+    - RTCrX509PolicyInformation_Compare
+    - RTCrX509PolicyInformation_DecodeAsn1
+    - RTCrX509PolicyInformation_Delete
+    - RTCrX509PolicyInformation_Enum
+    - RTCrX509PolicyInformation_Init
+    - RTCrX509PolicyMapping_CheckSanity
+    - RTCrX509PolicyMapping_Clone
+    - RTCrX509PolicyMapping_Compare
+    - RTCrX509PolicyMapping_DecodeAsn1
+    - RTCrX509PolicyMapping_Delete
+    - RTCrX509PolicyMapping_Enum
+    - RTCrX509PolicyMapping_Init
+    - RTCrX509PolicyMappings_CheckSanity
+    - RTCrX509PolicyMappings_Clone
+    - RTCrX509PolicyMappings_Compare
+    - RTCrX509PolicyMappings_DecodeAsn1
+    - RTCrX509PolicyMappings_Delete
+    - RTCrX509PolicyMappings_Enum
+    - RTCrX509PolicyMappings_Erase
+    - RTCrX509PolicyMappings_Init
+    - RTCrX509PolicyMappings_InsertEx
+    - RTCrX509PolicyQualifierInfo_CheckSanity
+    - RTCrX509PolicyQualifierInfo_Clone
+    - RTCrX509PolicyQualifierInfo_Compare
+    - RTCrX509PolicyQualifierInfo_DecodeAsn1
+    - RTCrX509PolicyQualifierInfo_Delete
+    - RTCrX509PolicyQualifierInfo_Enum
+    - RTCrX509PolicyQualifierInfo_Init
+    - RTCrX509PolicyQualifierInfos_CheckSanity
+    - RTCrX509PolicyQualifierInfos_Clone
+    - RTCrX509PolicyQualifierInfos_Compare
+    - RTCrX509PolicyQualifierInfos_DecodeAsn1
+    - RTCrX509PolicyQualifierInfos_Delete
+    - RTCrX509PolicyQualifierInfos_Enum
+    - RTCrX509PolicyQualifierInfos_Erase
+    - RTCrX509PolicyQualifierInfos_Init
+    - RTCrX509PolicyQualifierInfos_InsertEx
+    - RTCrX509SubjectPublicKeyInfo_CheckSanity
+    - RTCrX509SubjectPublicKeyInfo_Clone
+    - RTCrX509SubjectPublicKeyInfo_Compare
+    - RTCrX509SubjectPublicKeyInfo_DecodeAsn1
+    - RTCrX509SubjectPublicKeyInfo_Delete
+    - RTCrX509SubjectPublicKeyInfo_Enum
+    - RTCrX509SubjectPublicKeyInfo_Init
+    - RTCrX509TbsCertificate_CheckSanity
+    - RTCrX509TbsCertificate_Clone
+    - RTCrX509TbsCertificate_Compare
+    - RTCrX509TbsCertificate_DecodeAsn1
+    - RTCrX509TbsCertificate_Delete
+    - RTCrX509TbsCertificate_Enum
+    - RTCrX509TbsCertificate_Init
+    - RTCrX509TbsCertificate_ReprocessExtensions
+    - RTCrX509Validity_CheckSanity
+    - RTCrX509Validity_Clone
+    - RTCrX509Validity_Compare
+    - RTCrX509Validity_DecodeAsn1
+    - RTCrX509Validity_Delete
+    - RTCrX509Validity_Enum
+    - RTCrX509Validity_Init
+    - RTCrX509Validity_IsValidAtTimeSpec
+    - RTCrc32
+    - RTCrc32Finish
+    - RTCrc32Process
+    - RTCrc32Start
+    - RTErrConvertFromErrno
+    - RTErrConvertFromNtStatus
+    - RTErrConvertToErrno
+    - RTErrInfoAdd
+    - RTErrInfoAddF
+    - RTErrInfoAddV
+    - RTErrInfoLogAndAdd
+    - RTErrInfoLogAndAddF
+    - RTErrInfoLogAndAddV
+    - RTErrInfoLogAndSet
+    - RTErrInfoLogAndSetF
+    - RTErrInfoLogAndSetV
+    - RTErrInfoSet
+    - RTErrInfoSetF
+    - RTErrInfoSetV
+    - RTErrVarsAreEqual
+    - RTErrVarsHaveChanged
+    - RTErrVarsRestore
+    - RTErrVarsSave
+    - RTHandleTableAllocWithCtx
+    - RTHandleTableCreate
+    - RTHandleTableCreateEx
+    - RTHandleTableDestroy
+    - RTHandleTableFreeWithCtx
+    - RTHandleTableLookupWithCtx
+    - RTLatin1CalcUtf8Len
+    - RTLatin1CalcUtf8LenEx
+    - RTLatin1ToUtf8ExTag
+    - RTLatin1ToUtf8Tag
+    - RTLdrArchName
+    - RTLdrClose
+    - RTLdrEnumDbgInfo
+    - RTLdrEnumSegments
+    - RTLdrEnumSymbols
+    - RTLdrGetArch
+    - RTLdrGetBits
+    - RTLdrGetEndian
+    - RTLdrGetFormat
+    - RTLdrGetFunction
+    - RTLdrGetHostArch
+    - RTLdrGetSymbol
+    - RTLdrGetSymbolEx
+    - RTLdrGetType
+    - RTLdrHashImage
+    - RTLdrLinkAddressToRva
+    - RTLdrLinkAddressToSegOffset
+    - RTLdrOpenWithReader
+    - RTLdrQueryForwarderInfo
+    - RTLdrQueryProp
+    - RTLdrQueryPropEx
+    - RTLdrRelocate
+    - RTLdrRvaToSegOffset
+    - RTLdrSegOffsetToRva
+    - RTLdrSize
+    - RTLdrUnwindFrame
+    - RTLdrVerifySignature
+    - RTLogClearFileDelayFlag
+    - RTLogCloneRC
+    - RTLogComPrintf
+    - RTLogComPrintfV
+    - RTLogCreate
+    - RTLogCreateEx
+    - RTLogCreateExV
+    - RTLogDefaultInit
+    - RTLogDefaultInstance
+    - RTLogDefaultInstanceEx
+    - RTLogDestinations
+    - RTLogDestroy
+    - RTLogDumpPrintfV
+    - RTLogFlags
+    - RTLogFlush
+    - RTLogFlushRC
+    - RTLogFlushToLogger
+    - RTLogFormatV
+    - RTLogGetDefaultInstance
+    - RTLogGetDefaultInstanceEx
+    - RTLogGetDestinations
+    - RTLogGetFlags
+    - RTLogGetGroupSettings
+    - RTLogGroupSettings
+    - RTLogLogger
+    - RTLogLoggerEx
+    - RTLogLoggerExV
+    - RTLogLoggerV
+    - RTLogPrintf
+    - RTLogPrintfV
+    - RTLogRelGetDefaultInstance
+    - RTLogRelGetDefaultInstanceEx
+    - RTLogRelLoggerV
+    - RTLogRelPrintfV
+    - RTLogRelSetBuffering
+    - RTLogRelSetDefaultInstance
+    - RTLogSetBuffering
+    - RTLogSetCustomPrefixCallback
+    - RTLogSetDefaultInstance
+    - RTLogSetDefaultInstanceThread
+    - RTLogWriteCom
+    - RTLogWriteDebugger
+    - RTLogWriteStdErr
+    - RTLogWriteStdOut
+    - RTLogWriteUser
+    - RTMd2
+    - RTMd2Final
+    - RTMd2Init
+    - RTMd2Update
+    - RTMd5
+    - RTMd5Final
+    - RTMd5FromString
+    - RTMd5Init
+    - RTMd5ToString
+    - RTMd5Update
+    - RTMemAllocExTag
+    - RTMemAllocTag
+    - RTMemAllocVarTag
+    - RTMemAllocZTag
+    - RTMemAllocZVarTag
+    - RTMemContAlloc
+    - RTMemContFree
+    - RTMemDupExTag
+    - RTMemDupTag
+    - RTMemExecAllocTag
+    - RTMemExecFree
+    - RTMemFree
+    - RTMemFreeEx
+    - RTMemFreeZ
+    - RTMemReallocTag
+    - RTMemReallocZTag
+    - RTMemSaferAllocZExTag
+    - RTMemSaferAllocZTag
+    - RTMemSaferFree
+    - RTMemSaferReallocZExTag
+    - RTMemSaferReallocZTag
+    - RTMemSaferScramble
+    - RTMemSaferUnscramble
+    - RTMemTmpAllocTag
+    - RTMemTmpAllocZTag
+    - RTMemTmpFree
+    - RTMemTmpFreeZ
+    - RTMemWipeThoroughly
+    - RTMpCpuId
+    - RTMpCpuIdFromSetIndex
+    - RTMpCpuIdToSetIndex
+    - RTMpCurSetIndex
+    - RTMpCurSetIndexAndId
+    - RTMpGetArraySize
+    - RTMpGetCount
+    - RTMpGetCpuGroupCounts
+    - RTMpGetMaxCpuGroupCount
+    - RTMpGetMaxCpuId
+    - RTMpGetOnlineCoreCount
+    - RTMpGetOnlineCount
+    - RTMpGetOnlineSet
+    - RTMpGetPresentCoreCount
+    - RTMpGetPresentCount
+    - RTMpGetPresentSet
+    - RTMpGetSet
+    - RTMpIsCpuOnline
+    - RTMpIsCpuPossible
+    - RTMpIsCpuPresent
+    - RTMpIsCpuWorkPending
+    - RTMpNotificationDeregister
+    - RTMpNotificationRegister
+    - RTMpOnAll
+    - RTMpOnAllIsConcurrentSafe
+    - RTMpOnOthers
+    - RTMpOnPair
+    - RTMpOnPairIsConcurrentExecSupported
+    - RTMpOnSpecific
+    - RTMpPokeCpu
+    - RTMpSetIndexFromCpuGroupMember
+    - RTNetIPv4AddDataChecksum
+    - RTNetIPv4AddTCPChecksum
+    - RTNetIPv4AddUDPChecksum
+    - RTNetIPv4FinalizeChecksum
+    - RTNetIPv4HdrChecksum
+    - RTNetIPv4IsDHCPValid
+    - RTNetIPv4IsHdrValid
+    - RTNetIPv4IsTCPSizeValid
+    - RTNetIPv4IsTCPValid
+    - RTNetIPv4IsUDPSizeValid
+    - RTNetIPv4IsUDPValid
+    - RTNetIPv4PseudoChecksum
+    - RTNetIPv4PseudoChecksumBits
+    - RTNetIPv4TCPChecksum
+    - RTNetIPv4UDPChecksum
+    - RTNetIPv6PseudoChecksum
+    - RTNetIPv6PseudoChecksumBits
+    - RTNetIPv6PseudoChecksumEx
+    - RTNetTCPChecksum
+    - RTNetUDPChecksum
+    - RTNtPathExpand8dot3Path
+    - RTNtPathExpand8dot3PathA
+    - RTNtPathFindPossible8dot3Name
+    - RTOnceReset
+    - RTOnceSlow
+    - RTPathChangeToUnixSlashes
+    - RTPowerNotificationDeregister
+    - RTPowerNotificationRegister
+    - RTPowerSignalEvent
+    - RTProcSelf
+    - RTR0AssertPanicSystem
+    - RTR0DbgKrnlInfoGetSymbol
+    - RTR0DbgKrnlInfoOpen
+    - RTR0DbgKrnlInfoQueryMember
+    - RTR0DbgKrnlInfoQuerySize
+    - RTR0DbgKrnlInfoQuerySymbol
+    - RTR0DbgKrnlInfoRelease
+    - RTR0DbgKrnlInfoRetain
+    - RTR0Init
+    - RTR0MemAreKrnlAndUsrDifferent
+    - RTR0MemKernelCopyFrom
+    - RTR0MemKernelCopyTo
+    - RTR0MemKernelIsValidAddr
+    - RTR0MemObjAddress
+    - RTR0MemObjAddressR3
+    - RTR0MemObjAllocContTag
+    - RTR0MemObjAllocLowTag
+    - RTR0MemObjAllocPageTag
+    - RTR0MemObjAllocPhysExTag
+    - RTR0MemObjAllocPhysNCTag
+    - RTR0MemObjAllocPhysTag
+    - RTR0MemObjEnterPhysTag
+    - RTR0MemObjFree
+    - RTR0MemObjGetPagePhysAddr
+    - RTR0MemObjIsMapping
+    - RTR0MemObjLockKernelTag
+    - RTR0MemObjLockUserTag
+    - RTR0MemObjMapKernelExTag
+    - RTR0MemObjMapKernelTag
+    - RTR0MemObjMapUserExTag
+    - RTR0MemObjMapUserTag
+    - RTR0MemObjProtect
+    - RTR0MemObjReserveKernelTag
+    - RTR0MemObjReserveUserTag
+    - RTR0MemObjSize
+    - RTR0MemUserCopyFrom
+    - RTR0MemUserCopyTo
+    - RTR0MemUserIsValidAddr
+    - RTR0ProcHandleSelf
+    - RTR0Term
+    - RTR0TermForced
+    - RTRandAdvBytes
+    - RTRandAdvCreateParkMiller
+    - RTRandAdvCreateSystemFaster
+    - RTRandAdvDestroy
+    - RTRandAdvRestoreState
+    - RTRandAdvS32
+    - RTRandAdvS32Ex
+    - RTRandAdvS64
+    - RTRandAdvS64Ex
+    - RTRandAdvSaveState
+    - RTRandAdvSeed
+    - RTRandAdvU32
+    - RTRandAdvU32Ex
+    - RTRandAdvU64
+    - RTRandAdvU64Ex
+    - RTRandBytes
+    - RTRandS32
+    - RTRandS32Ex
+    - RTRandS64
+    - RTRandS64Ex
+    - RTRandU32
+    - RTRandU32Ex
+    - RTRandU64
+    - RTRandU64Ex
+    - RTSemEventCreate
+    - RTSemEventCreateEx
+    - RTSemEventDestroy
+    - RTSemEventGetResolution
+    - RTSemEventMultiCreate
+    - RTSemEventMultiCreateEx
+    - RTSemEventMultiDestroy
+    - RTSemEventMultiGetResolution
+    - RTSemEventMultiReset
+    - RTSemEventMultiSignal
+    - RTSemEventMultiWait
+    - RTSemEventMultiWaitEx
+    - RTSemEventMultiWaitExDebug
+    - RTSemEventMultiWaitNoResume
+    - RTSemEventSignal
+    - RTSemEventWait
+    - RTSemEventWaitEx
+    - RTSemEventWaitExDebug
+    - RTSemEventWaitNoResume
+    - RTSemFastMutexCreate
+    - RTSemFastMutexDestroy
+    - RTSemFastMutexRelease
+    - RTSemFastMutexRequest
+    - RTSemMutexCreate
+    - RTSemMutexCreateEx
+    - RTSemMutexDestroy
+    - RTSemMutexIsOwned
+    - RTSemMutexRelease
+    - RTSemMutexRequest
+    - RTSemMutexRequestDebug
+    - RTSemMutexRequestNoResume
+    - RTSemMutexRequestNoResumeDebug
+    - RTSemSpinMutexCreate
+    - RTSemSpinMutexDestroy
+    - RTSemSpinMutexRelease
+    - RTSemSpinMutexRequest
+    - RTSemSpinMutexTryRequest
+    - RTSha1
+    - RTSha1Check
+    - RTSha1Final
+    - RTSha1FromString
+    - RTSha1Init
+    - RTSha1ToString
+    - RTSha1Update
+    - RTSha224
+    - RTSha224Check
+    - RTSha224Final
+    - RTSha224Init
+    - RTSha224Update
+    - RTSha256
+    - RTSha256Check
+    - RTSha256Final
+    - RTSha256FromString
+    - RTSha256Init
+    - RTSha256ToString
+    - RTSha256Update
+    - RTSha384
+    - RTSha384Check
+    - RTSha384Final
+    - RTSha384Init
+    - RTSha384Update
+    - RTSha512
+    - RTSha512Check
+    - RTSha512Final
+    - RTSha512FromString
+    - RTSha512Init
+    - RTSha512ToString
+    - RTSha512Update
+    - RTSha512t224
+    - RTSha512t224Check
+    - RTSha512t224Final
+    - RTSha512t224Init
+    - RTSha512t224Update
+    - RTSha512t256
+    - RTSha512t256Check
+    - RTSha512t256Final
+    - RTSha512t256Init
+    - RTSha512t256Update
+    - RTSpinlockAcquire
+    - RTSpinlockCreate
+    - RTSpinlockDestroy
+    - RTSpinlockRelease
+    - RTStrAAppendNTag
+    - RTStrAAppendTag
+    - RTStrATruncateTag
+    - RTStrAllocExTag
+    - RTStrAllocTag
+    - RTStrCalcLatin1Len
+    - RTStrCalcLatin1LenEx
+    - RTStrCalcUtf16Len
+    - RTStrCalcUtf16LenEx
+    - RTStrCat
+    - RTStrCmp
+    - RTStrConvertHexBytes
+    - RTStrConvertHexBytesEx
+    - RTStrCopy
+    - RTStrCopyEx
+    - RTStrCopyP
+    - RTStrDupExTag
+    - RTStrDupNTag
+    - RTStrDupTag
+    - RTStrFormat
+    - RTStrFormatNumber
+    - RTStrFormatR80
+    - RTStrFormatR80u2
+    - RTStrFormatTypeDeregister
+    - RTStrFormatTypeRegister
+    - RTStrFormatTypeSetUser
+    - RTStrFormatU128
+    - RTStrFormatU16
+    - RTStrFormatU256
+    - RTStrFormatU32
+    - RTStrFormatU512
+    - RTStrFormatU64
+    - RTStrFormatU8
+    - RTStrFormatV
+    - RTStrFree
+    - RTStrGetCpExInternal
+    - RTStrGetCpInternal
+    - RTStrGetCpNExInternal
+    - RTStrICmp
+    - RTStrICmpAscii
+    - RTStrIStr
+    - RTStrIsValidEncoding
+    - RTStrNCmp
+    - RTStrNICmp
+    - RTStrNLen
+    - RTStrPrevCp
+    - RTStrPrintHexBytes
+    - RTStrPrintf
+    - RTStrPrintfEx
+    - RTStrPrintfExV
+    - RTStrPrintfV
+    - RTStrPurgeComplementSet
+    - RTStrPurgeEncoding
+    - RTStrPutCpInternal
+    - RTStrReallocTag
+    - RTStrStrip
+    - RTStrStripL
+    - RTStrStripR
+    - RTStrToInt16
+    - RTStrToInt16Ex
+    - RTStrToInt16Full
+    - RTStrToInt32
+    - RTStrToInt32Ex
+    - RTStrToInt32Full
+    - RTStrToInt64
+    - RTStrToInt64Ex
+    - RTStrToInt64Full
+    - RTStrToInt8
+    - RTStrToInt8Ex
+    - RTStrToInt8Full
+    - RTStrToLatin1ExTag
+    - RTStrToLatin1Tag
+    - RTStrToLower
+    - RTStrToUInt16
+    - RTStrToUInt16Ex
+    - RTStrToUInt16Full
+    - RTStrToUInt32
+    - RTStrToUInt32Ex
+    - RTStrToUInt32Full
+    - RTStrToUInt64
+    - RTStrToUInt64Ex
+    - RTStrToUInt64Full
+    - RTStrToUInt8
+    - RTStrToUInt8Ex
+    - RTStrToUInt8Full
+    - RTStrToUni
+    - RTStrToUniEx
+    - RTStrToUpper
+    - RTStrToUtf16BigExTag
+    - RTStrToUtf16BigTag
+    - RTStrToUtf16ExTag
+    - RTStrToUtf16Tag
+    - RTStrUniLen
+    - RTStrUniLenEx
+    - RTStrValidateEncoding
+    - RTStrValidateEncodingEx
+    - RTTermDeregisterCallback
+    - RTTermRegisterCallback
+    - RTTermRunCallbacks
+    - RTThreadCreate
+    - RTThreadCreateF
+    - RTThreadCreateV
+    - RTThreadCtxHookCreate
+    - RTThreadCtxHookDestroy
+    - RTThreadCtxHookDisable
+    - RTThreadCtxHookEnable
+    - RTThreadCtxHookIsEnabled
+    - RTThreadFromNative
+    - RTThreadGetName
+    - RTThreadGetNative
+    - RTThreadGetType
+    - RTThreadIsInInterrupt
+    - RTThreadIsInitialized
+    - RTThreadIsMain
+    - RTThreadIsSelfAlive
+    - RTThreadIsSelfKnown
+    - RTThreadNativeSelf
+    - RTThreadPreemptDisable
+    - RTThreadPreemptIsEnabled
+    - RTThreadPreemptIsPending
+    - RTThreadPreemptIsPendingTrusty
+    - RTThreadPreemptIsPossible
+    - RTThreadPreemptRestore
+    - RTThreadSelf
+    - RTThreadSelfName
+    - RTThreadSetName
+    - RTThreadSetType
+    - RTThreadSleep
+    - RTThreadUserReset
+    - RTThreadUserSignal
+    - RTThreadUserWait
+    - RTThreadUserWaitNoResume
+    - RTThreadWait
+    - RTThreadWaitNoResume
+    - RTThreadYield
+    - RTTimeCompare
+    - RTTimeConvertToZulu
+    - RTTimeExplode
+    - RTTimeFromRfc2822
+    - RTTimeFromString
+    - RTTimeImplode
+    - RTTimeIsLeapYear
+    - RTTimeLocalNormalize
+    - RTTimeMilliTS
+    - RTTimeNanoTS
+    - RTTimeNormalize
+    - RTTimeNow
+    - RTTimeSpecFromString
+    - RTTimeSpecToString
+    - RTTimeSystemMilliTS
+    - RTTimeSystemNanoTS
+    - RTTimeToRfc2822
+    - RTTimeToString
+    - RTTimeToStringEx
+    - RTTimerCanDoHighResolution
+    - RTTimerChangeInterval
+    - RTTimerCreate
+    - RTTimerCreateEx
+    - RTTimerDestroy
+    - RTTimerGetSystemGranularity
+    - RTTimerReleaseSystemGranularity
+    - RTTimerRequestSystemGranularity
+    - RTTimerStart
+    - RTTimerStop
+    - RTUInt128MulByU64
+    - RTUtf16AllocTag
+    - RTUtf16BigCalcUtf8Len
+    - RTUtf16BigCalcUtf8LenEx
+    - RTUtf16BigGetCpExInternal
+    - RTUtf16BigToUtf8ExTag
+    - RTUtf16BigToUtf8Tag
+    - RTUtf16CalcUtf8Len
+    - RTUtf16CalcUtf8LenEx
+    - RTUtf16CatAscii
+    - RTUtf16Cmp
+    - RTUtf16CmpUtf8
+    - RTUtf16CopyAscii
+    - RTUtf16DupExTag
+    - RTUtf16DupTag
+    - RTUtf16End
+    - RTUtf16Free
+    - RTUtf16GetCpExInternal
+    - RTUtf16GetCpInternal
+    - RTUtf16ICmpAscii
+    - RTUtf16IsValidEncoding
+    - RTUtf16Len
+    - RTUtf16LittleCalcUtf8Len
+    - RTUtf16LittleCalcUtf8LenEx
+    - RTUtf16LittleToUtf8ExTag
+    - RTUtf16LittleToUtf8Tag
+    - RTUtf16PurgeComplementSet
+    - RTUtf16PutCpInternal
+    - RTUtf16ReallocTag
+    - RTUtf16ToUtf8ExTag
+    - RTUtf16ToUtf8Tag
+    - RTUtf16ValidateEncoding
+    - RTUtf16ValidateEncodingEx
+    - RTUuidClear
+    - RTUuidCompare
+    - RTUuidCompare2Strs
+    - RTUuidCompareStr
+    - RTUuidFromStr
+    - RTUuidFromUtf16
+    - RTUuidIsNull
+    - RTUuidToStr
+    - RTUuidToUtf16
+    - SUPGetCpuHzFromGipForAsyncMode
+    - SUPGetGIP
+    - SUPGetTscDeltaSlow
+    - SUPIsTscFreqCompatible
+    - SUPIsTscFreqCompatibleEx
+    - SUPR0BadContext
+    - SUPR0ChangeCR4
+    - SUPR0ComponentDeregisterFactory
+    - SUPR0ComponentQueryFactory
+    - SUPR0ComponentRegisterFactory
+    - SUPR0ContAlloc
+    - SUPR0ContFree
+    - SUPR0EnableVTx
+    - SUPR0GetCurrentGdtRw
+    - SUPR0GetDefaultLogInstanceEx
+    - SUPR0GetDefaultLogRelInstanceEx
+    - SUPR0GetHwvirtMsrs
+    - SUPR0GetKernelFeatures
+    - SUPR0GetPagingMode
+    - SUPR0GetSessionGVM
+    - SUPR0GetSessionVM
+    - SUPR0GetSvmUsability
+    - SUPR0GetVTSupport
+    - SUPR0GetVmxUsability
+    - SUPR0GipMap
+    - SUPR0GipUnmap
+    - SUPR0IoCtlCleanup
+    - SUPR0IoCtlPerform
+    - SUPR0IoCtlSetupForHandle
+    - SUPR0LdrIsLockOwnerByMod
+    - SUPR0LdrLock
+    - SUPR0LdrModByName
+    - SUPR0LdrModRelease
+    - SUPR0LdrModRetain
+    - SUPR0LdrUnlock
+    - SUPR0LockMem
+    - SUPR0LowAlloc
+    - SUPR0LowFree
+    - SUPR0MemAlloc
+    - SUPR0MemFree
+    - SUPR0MemGetPhys
+    - SUPR0ObjAddRef
+    - SUPR0ObjAddRefEx
+    - SUPR0ObjRegister
+    - SUPR0ObjRelease
+    - SUPR0ObjVerifyAccess
+    - SUPR0PageAllocEx
+    - SUPR0PageFree
+    - SUPR0PageMapKernel
+    - SUPR0PageProtect
+    - SUPR0Printf
+    - SUPR0QueryUcodeRev
+    - SUPR0QueryVTCaps
+    - SUPR0ResumeVTxOnCpu
+    - SUPR0SetSessionVM
+    - SUPR0SuspendVTxOnCpu
+    - SUPR0TracerDeregisterDrv
+    - SUPR0TracerDeregisterImpl
+    - SUPR0TracerFireProbe
+    - SUPR0TracerRegisterDrv
+    - SUPR0TracerRegisterImpl
+    - SUPR0TracerRegisterModule
+    - SUPR0TracerUmodProbeFire
+    - SUPR0TscDeltaMeasureBySetIndex
+    - SUPR0UnlockMem
+    - SUPReadTscWithDelta
+    - SUPSemEventClose
+    - SUPSemEventCreate
+    - SUPSemEventGetResolution
+    - SUPSemEventMultiClose
+    - SUPSemEventMultiCreate
+    - SUPSemEventMultiGetResolution
+    - SUPSemEventMultiReset
+    - SUPSemEventMultiSignal
+    - SUPSemEventMultiWait
+    - SUPSemEventMultiWaitNoResume
+    - SUPSemEventMultiWaitNsAbsIntr
+    - SUPSemEventMultiWaitNsRelIntr
+    - SUPSemEventSignal
+    - SUPSemEventWait
+    - SUPSemEventWaitNoResume
+    - SUPSemEventWaitNsAbsIntr
+    - SUPSemEventWaitNsRelIntr
+    - g_RTAsn1BitString_Vtable
+    - g_RTAsn1Boolean_Vtable
+    - g_RTAsn1Core_Vtable
+    - g_RTAsn1DefaultAllocator
+    - g_RTAsn1Integer_Vtable
+    - g_RTAsn1Null_Vtable
+    - g_RTAsn1ObjId_Vtable
+    - g_RTAsn1OctetString_Vtable
+    - g_RTAsn1SaferAllocator
+    - g_RTAsn1String_Vtable
+    - g_RTAsn1Time_Vtable
+    - g_aRTUniLowerRanges
+    - g_aRTUniUpperRanges
+    - g_abRTZero16K
+    - g_abRTZero32K
+    - g_abRTZero4K
+    - g_abRTZero64K
+    - g_abRTZero8K
+    - g_abRTZeroPage
+    - g_pSUPGlobalInfoPage
+    - g_pszRTAssertExpr
+    - g_pszRTAssertFile
+    - g_pszRTAssertFunction
+    - g_szRTAssertMsg1
+    - g_szRTAssertMsg2
+    - g_u32RTAssertLine
+    ImportedFunctions:
+    - strchr
+    - IoDeleteDevice
+    - IoCreateDevice
+    - RtlInitUnicodeString
+    - IofCompleteRequest
+    - PsGetCurrentProcessId
+    - PsGetCurrentThreadId
+    - ObfDereferenceObject
+    - IoGetRelatedDeviceObject
+    - ObReferenceObjectByHandle
+    - IoFileObjectType
+    - KeWaitForSingleObject
+    - IofCallDriver
+    - IoBuildDeviceIoControlRequest
+    - KeInitializeEvent
+    - ObQueryNameString
+    - PsGetProcessImageFileName
+    - ZwClose
+    - PsGetProcessId
+    - IoGetCurrentProcess
+    - LpcPortObjectType
+    - __C_specific_handler
+    - PsLookupProcessByProcessId
+    - ZwQuerySystemInformation
+    - ObReferenceObjectByName
+    - PsGetProcessSessionId
+    - PsThreadType
+    - PsLookupThreadByThreadId
+    - ObOpenObjectByPointer
+    - PsProcessType
+    - PsInitialSystemProcess
+    - PsIsProcessBeingDebugged
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - IoIs32bitProcess
+    - ZwSetSystemInformation
+    - ObfReferenceObject
+    - ExGetPreviousMode
+    - PsGetProcessInheritedFromUniqueProcessId
+    - IoThreadToProcess
+    - PsSetCreateProcessNotifyRoutine
+    - DbgPrint
+    - ZwRequestWaitReplyPort
+    - MmGetSystemRoutineAddress
+    - PsGetVersion
+    - ExUnregisterCallback
+    - ExRegisterCallback
+    - ExCreateCallback
+    - RtlQueryRegistryValues
+    - ZwReadFile
+    - ZwQueryInformationFile
+    - RtlEqualSid
+    - ZwQuerySecurityObject
+    - ZwQueryObject
+    - ZwCreateFile
+    - RtlSubAuthoritySid
+    - RtlInitializeSid
+    - __chkstk
+    - ZwQueryInformationThread
+    - ZwQueryInformationProcess
+    - KeSetTimerEx
+    - KeInsertQueueDpc
+    - KeRemoveQueueDpc
+    - KeCancelTimer
+    - KeInitializeDpc
+    - KeInitializeTimer
+    - KeQueryTimeIncrement
+    - KeDelayExecutionThread
+    - ZwYieldExecution
+    - KeSetPriorityThread
+    - PsCreateSystemThread
+    - KeAcquireSpinLockRaiseToDpc
+    - KeReleaseSpinLock
+    - KeInitializeMutex
+    - KeReleaseMutex
+    - KeReadStateMutex
+    - ExAcquireFastMutex
+    - ExReleaseFastMutex
+    - KeSetEvent
+    - KeResetEvent
+    - ProbeForRead
+    - ProbeForWrite
+    - MmHighestUserAddress
+    - MmSystemRangeStart
+    - KeNumberProcessors
+    - ZwQueryDirectoryFile
+    - MmIsAddressValid
+    - MmUnmapIoSpace
+    - MmUnlockPages
+    - MmFreeContiguousMemory
+    - IoFreeMdl
+    - ExFreePool
+    - MmUnmapLockedPages
+    - MmBuildMdlForNonPagedPool
+    - IoAllocateMdl
+    - ExAllocatePool
+    - MmProtectMdlSystemAddress
+    - MmAllocateContiguousMemory
+    - MmProbeAndLockPages
+    - MmMapIoSpace
+    - MmMapLockedPages
+    - IoBuildPartialMdl
+    - MmGetPhysicalAddress
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=CN, ST=Guangdong, L=Heyuan, O=No Organization Affiliation,
+                OU=Individual Developer, CN=Huiping Zhong
+            ValidFrom: '2013-07-18 00:00:00'
+            ValidTo: '2014-07-18 23:59:59'
+            Signature: b0adb278c1270674ee67a03d06eae088afed344bb288e3ee4374147d355eed1ad772a5217c265921af4b61b4e582ddbe3f09682ea4dc7f8fc250945aaf2099899dbc855ff62d5f4ac58536f542b0d1f5a0e1ed5a039bbcd0f89f6286fb5cfe8daf551661b2685c7b61db150cb4dce8f0b0cdf5a4747c67ae1b363e5f58c90c48318145dd6609fc5b31e734d0ab3fa09a4ee243018ff40a82b223b99fcbece516fb04e0e1785939df2ffc6f74bcf54f818fa340534c55db6086a8352edba5323477dea3e7341782f969cf26f12d224cb2ae462fe50527da03c96cde8c262b10fee42da29a6271d2b6cbb21bd9625e451f63d54b88ccf4395ff6339582362aad87
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 77769240d819a3f2eb2e7f8baffecd26
+            Version: 3
+            TBS:
+                MD5: 1922bd7053ed4bb7a7fb5ea723b2caae
+                SHA1: db658eba418c008978ed8e7be3da0545d0eaaa35
+                SHA256: 93abf46847d3ecf10002b85d19f02b34c99cae9ce7e62692f35e649406a96cb3
+                SHA384: 090ed57bfcd73abded056cb32e7cfe4031dd9ff5462590b1d0c7ad8eb618511ae1a90b44f8a5dc1f6cd8bbfecb0414bf
+        -   Subject: C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 56fe535ce1c79ebca7ed7e536d6a144b518c405e805faaa4e82fef38c804c9ca3ecfdf3a584eb0d4b663c52957fa02059a454d68db2a1bd4343d9f00c35acb9549a56ee1b0c5fc414d414a6fd377c8d7388de419de18f31f1565836d450c53f90a9a2ea55dbf6f32811892196a5500ad631c52067e55d92968ae4a7c189a79886b2323d827382a298776cafbc7b662231fed7a564cdd9c325bf53d0c4618953b2a2368836441d9006d0f1924156872bdc571676eac4cdb90eb51a51a6207d0be6a00473c722fec4f613e7385ce5a0ab7bac01c1375e3223928dd6d1d09469d4fbae8408191c6a4ce94721b01cf2a6e15679589ae7db7b7cdf90a3d75b66b3c25
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47974d7873a5bcab0d2fb370192fce5e
+            Version: 3
+            TBS:
+                MD5: e3a93dc2a8a8a668fdbb286bfe9afab5
+                SHA1: 95795d2aa2a554a423bc8c6e5b0a016d14887d35
+                SHA256: d8844186775bddbccaf3dc017064df7d760fd4b85c5d07561a3efd7da950f89e
+                SHA384: 78d972495720b43a6470b18ae1226bcca20707628087717a9364c14ca053ba264e6d149718b103542d9942200138a69d
+        -   Subject: C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c)
+                2006 thawte, Inc. , For authorized use only, CN=thawte Primary Root
+                CA
+            ValidFrom: '2011-02-22 19:31:57'
+            ValidTo: '2021-02-22 19:41:57'
+            Signature: 2dcc71b5e8ba94ff5ee64467007b6afc412c3ee70e41855ab12a932ba95b89f2f72b499c8003f297b8e760a80ed7fd5de545467594f4ed1c9de166228b61fb29f2c6a8bdf387c98f7f47e1c058b64a1aa2e7f718606969e083069e26c775c40c0d79da746b52b9fae8ea3359b9bb18dd291a14dfd36a37277a9da0dacffffc22c4faf009ff33e93e17ba1cc742cfce2743d30c0c5581303db96060ce02ece19ee81ddc852ce0a18d966d95ac17a4713ea16741b6281d2ce3b615e5b7e5a2f6256d86e320acf9f8314f8e629b9833376d6af735523e90feb03b5fc5b852a9e06ea0479a279e97aea24a9e531939ec357ec659de3ae0aaf533f06abda0821812dea18c4570ca2bd62e959145995a5c240049bd23b30ceca43df5b9e1d1b1825a38eea3fba1ab483a8c5dffa065223fd3d3fe4990db1446a3852e8a554b09ab38b2ab63a008d1fdad48e273d812bcc26ca516fad09ac05e38383a2b718e553aac42197a1f0d4220e7ab5d8c6880524ca1c0d488d02321fb901309007b4937afa9df486022abf4f6c2363bf8513c34bbc586e43ae19f4b90fe5461024b159c34176aa94b8d4cb69d2326c83af1d6b805cdda1d6240183a2f1b41cd3a993a0aa9d1d77eb8c4aff7b8c980105ed55df6ce7a9a02c50f6381efb564e9fc5bd8d2619a68c37cf9c78df91e87d5fa2cf816ae9dab068fc86dc741cda14e84e3dac26ebcfb
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611fb0a400000000001d
+            Version: 3
+            TBS:
+                MD5: a3f222107d4e1085e73b5b589c2f480b
+                SHA1: b94aa26cd77c48d91a53ac44506cbd255e1d362c
+                SHA256: a39ed0d6fd4eb1a6f7fed60f726e23eae668b7591bc004644625d22c701213fa
+                SHA384: 64b7643e4146016cbf83c911eb67e4601b6bb8d66f8ee8dcee67b815f91770d86ab23678b984430f22a963e5484881b7
+        Signer:
+        -   SerialNumber: 77769240d819a3f2eb2e7f8baffecd26
+            Issuer: C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2
+            Version: 1
+    RichPEHeaderHash:
+        MD5: e881e9812edfc587557fdf092f5ed1b3
+        SHA1: e996f7f323aba3f36f07686de8fe5962968613d8
+        SHA256: a5d2323fd5a7cd2cde7bd7d7544a7d2b6b9fc64ffc9101cd32f55604d4a1b80f
+    Sections:
+        .text:
+            Entropy: 6.078871446594794
+            Virtual Size: '0x9cf80'
+        .rdata:
+            Entropy: 5.919734586176505
+            Virtual Size: '0x329ac'
+        .data:
+            Entropy: 4.235626395827553
+            Virtual Size: '0x20be8'
+        .pdata:
+            Entropy: 5.978428144405096
+            Virtual Size: '0xae48'
+        .edata:
+            Entropy: 6.050660464332838
+            Virtual Size: '0xf1dd'
+        INIT:
+            Entropy: 5.191528166334399
+            Virtual Size: '0xc28'
+        .rsrc:
+            Entropy: 3.3885006610569786
+            Virtual Size: '0x3f0'
+        .reloc:
+            Entropy: 3.995412021920204
+            Virtual Size: '0x1e0a'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2021-05-30 09:08:50'
+    Imphash: 2a20cc9578bb34a4bb10b87b49b24982
+    LoadsDespiteHVCI: 'TRUE'
+-   Filename: VBoxDrv.sys
+    MD5: e3bdb307b32b13b8f7e621e8d5cc8cd3
+    SHA1: 58fe23f1bb9d4bcc1b07b102222a7d776cc90f6c
+    SHA256: c26b51b4c37330800cff8519252e110116c3aaade94ceb9894ec5bfb1b8f9924
+    Authentihash:
+        MD5: eb532e54636f61b9af61f97d46ca8cae
+        SHA1: 018d626382f2453ef584b732e1e03ceab51e84db
+        SHA256: 6ab14c5c89759695dbb4b310b7cad68d9ec2007277e3b4f3abb883bd05ef557c
+    Description: VirtualBox Support Driver
+    Company: Sun Microsystems, Inc.
+    InternalName: VBoxDrv.sys
+    OriginalFilename: VBoxDrv.sys
+    FileVersion: 2.2.0.r45846
+    Product: Sun VirtualBox
+    ProductVersion: 2.2.0.r45846
+    Copyright: Copyright (C) 2009 Sun Microsystems, Inc.
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions:
+    - AssertMsg1
+    - AssertMsg2
+    - RTAssertShouldPanic
+    - RTErrConvertFromNtStatus
+    - RTLogCloneRC
+    - RTLogComPrintf
+    - RTLogComPrintfV
+    - RTLogCopyGroupsAndFlags
+    - RTLogCreate
+    - RTLogCreateEx
+    - RTLogCreateExV
+    - RTLogDefaultInit
+    - RTLogDefaultInstance
+    - RTLogDestroy
+    - RTLogFlags
+    - RTLogFlush
+    - RTLogFlushRC
+    - RTLogFlushToLogger
+    - RTLogFormatV
+    - RTLogGetDefaultInstance
+    - RTLogGroupSettings
+    - RTLogLogger
+    - RTLogLoggerEx
+    - RTLogLoggerExV
+    - RTLogLoggerV
+    - RTLogPrintf
+    - RTLogPrintfV
+    - RTLogRelDefaultInstance
+    - RTLogRelLoggerV
+    - RTLogRelPrintfV
+    - RTLogRelSetDefaultInstance
+    - RTLogSetDefaultInstance
+    - RTLogSetDefaultInstanceThread
+    - RTLogWriteCom
+    - RTLogWriteDebugger
+    - RTLogWriteStdErr
+    - RTLogWriteStdOut
+    - RTLogWriteUser
+    - RTMemAlloc
+    - RTMemAllocZ
+    - RTMemContAlloc
+    - RTMemContFree
+    - RTMemDup
+    - RTMemDupEx
+    - RTMemExecAlloc
+    - RTMemExecFree
+    - RTMemFree
+    - RTMemRealloc
+    - RTMemTmpAlloc
+    - RTMemTmpAllocZ
+    - RTMemTmpFree
+    - RTMpCpuId
+    - RTMpCpuIdFromSetIndex
+    - RTMpCpuIdToSetIndex
+    - RTMpGetCount
+    - RTMpGetMaxCpuId
+    - RTMpGetOnlineCount
+    - RTMpGetOnlineSet
+    - RTMpGetSet
+    - RTMpIsCpuOnline
+    - RTMpIsCpuPossible
+    - RTMpIsCpuWorkPending
+    - RTMpNotificationDeregister
+    - RTMpNotificationRegister
+    - RTMpOnAll
+    - RTMpOnOthers
+    - RTMpOnSpecific
+    - RTPowerNotificationDeregister
+    - RTPowerNotificationRegister
+    - RTPowerSignalEvent
+    - RTProcSelf
+    - RTR0Init
+    - RTR0MemObjAddress
+    - RTR0MemObjAddressR3
+    - RTR0MemObjAllocCont
+    - RTR0MemObjAllocLow
+    - RTR0MemObjAllocPage
+    - RTR0MemObjAllocPhys
+    - RTR0MemObjAllocPhysNC
+    - RTR0MemObjEnterPhys
+    - RTR0MemObjFree
+    - RTR0MemObjGetPagePhysAddr
+    - RTR0MemObjIsMapping
+    - RTR0MemObjLockKernel
+    - RTR0MemObjLockUser
+    - RTR0MemObjMapKernel
+    - RTR0MemObjMapKernelEx
+    - RTR0MemObjMapUser
+    - RTR0MemObjReserveKernel
+    - RTR0MemObjReserveUser
+    - RTR0MemObjSize
+    - RTR0ProcHandleSelf
+    - RTR0Term
+    - RTSemEventCreate
+    - RTSemEventDestroy
+    - RTSemEventMultiCreate
+    - RTSemEventMultiDestroy
+    - RTSemEventMultiReset
+    - RTSemEventMultiSignal
+    - RTSemEventMultiWait
+    - RTSemEventMultiWaitNoResume
+    - RTSemEventSignal
+    - RTSemEventWait
+    - RTSemEventWaitNoResume
+    - RTSemFastMutexCreate
+    - RTSemFastMutexDestroy
+    - RTSemFastMutexRelease
+    - RTSemFastMutexRequest
+    - RTSpinlockAcquire
+    - RTSpinlockAcquireNoInts
+    - RTSpinlockCreate
+    - RTSpinlockDestroy
+    - RTSpinlockRelease
+    - RTSpinlockReleaseNoInts
+    - RTStrFormat
+    - RTStrFormatNumber
+    - RTStrFormatTypeDeregister
+    - RTStrFormatTypeRegister
+    - RTStrFormatTypeSetUser
+    - RTStrFormatV
+    - RTStrPrintf
+    - RTStrPrintfEx
+    - RTStrPrintfExV
+    - RTStrPrintfV
+    - RTStrToInt16
+    - RTStrToInt16Ex
+    - RTStrToInt16Full
+    - RTStrToInt32
+    - RTStrToInt32Ex
+    - RTStrToInt32Full
+    - RTStrToInt64
+    - RTStrToInt64Ex
+    - RTStrToInt64Full
+    - RTStrToInt8
+    - RTStrToInt8Ex
+    - RTStrToInt8Full
+    - RTStrToUInt16
+    - RTStrToUInt16Ex
+    - RTStrToUInt16Full
+    - RTStrToUInt32
+    - RTStrToUInt32Ex
+    - RTStrToUInt32Full
+    - RTStrToUInt64
+    - RTStrToUInt64Ex
+    - RTStrToUInt64Full
+    - RTStrToUInt8
+    - RTStrToUInt8Ex
+    - RTStrToUInt8Full
+    - RTThreadNativeSelf
+    - RTThreadPreemptDisable
+    - RTThreadPreemptIsEnabled
+    - RTThreadPreemptRestore
+    - RTThreadSleep
+    - RTThreadYield
+    - RTTimeMilliTS
+    - RTTimeNanoTS
+    - RTTimeNow
+    - RTTimeSystemMilliTS
+    - RTTimeSystemNanoTS
+    - RTTimerCreateEx
+    - RTTimerDestroy
+    - RTTimerGetSystemGranularity
+    - RTTimerReleaseSystemGranularity
+    - RTTimerRequestSystemGranularity
+    - RTTimerStart
+    - RTTimerStop
+    - SUPR0ComponentDeregisterFactory
+    - SUPR0ComponentQueryFactory
+    - SUPR0ComponentRegisterFactory
+    - SUPR0ContAlloc
+    - SUPR0ContFree
+    - SUPR0EnableVTx
+    - SUPR0GetPagingMode
+    - SUPR0GipMap
+    - SUPR0GipUnmap
+    - SUPR0LockMem
+    - SUPR0LowAlloc
+    - SUPR0LowFree
+    - SUPR0MemAlloc
+    - SUPR0MemFree
+    - SUPR0MemGetPhys
+    - SUPR0ObjAddRef
+    - SUPR0ObjAddRefEx
+    - SUPR0ObjRegister
+    - SUPR0ObjRelease
+    - SUPR0ObjVerifyAccess
+    - SUPR0PageAlloc
+    - SUPR0PageAllocEx
+    - SUPR0PageFree
+    - SUPR0PageMapKernel
+    - SUPR0UnlockMem
+    - g_szRTAssertMsg1
+    - g_szRTAssertMsg2
+    ImportedFunctions:
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - ObfDereferenceObject
+    - ExUnregisterCallback
+    - IofCompleteRequest
+    - DbgPrint
+    - IoIs32bitProcess
+    - ExRegisterCallback
+    - ExCreateCallback
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - IoGetStackLimits
+    - memchr
+    - strncmp
+    - KeInitializeEvent
+    - ExAcquireFastMutex
+    - ExReleaseFastMutex
+    - KeSetEvent
+    - KeWaitForSingleObject
+    - KeResetEvent
+    - KeAcquireSpinLockRaiseToDpc
+    - KeReleaseSpinLock
+    - KeDelayExecutionThread
+    - ZwYieldExecution
+    - ExFreePoolWithTag
+    - KeInsertQueueDpc
+    - KeSetTargetProcessorDpc
+    - KeSetImportanceDpc
+    - KeInitializeDpc
+    - ExAllocatePoolWithTag
+    - KeQueryActiveProcessors
+    - strchr
+    - PsGetCurrentProcessId
+    - IoGetCurrentProcess
+    - KeSetTimerEx
+    - KeRemoveQueueDpc
+    - KeCancelTimer
+    - KeInitializeTimerEx
+    - KeQueryTimeIncrement
+    - MmGetSystemRoutineAddress
+    - MmFreeContiguousMemory
+    - MmGetPhysicalAddress
+    - MmAllocateContiguousMemory
+    - MmUnmapIoSpace
+    - MmUnlockPages
+    - IoFreeMdl
+    - MmFreePagesFromMdl
+    - MmUnsecureVirtualMemory
+    - MmUnmapLockedPages
+    - MmProtectMdlSystemAddress
+    - MmBuildMdlForNonPagedPool
+    - IoAllocateMdl
+    - MmAllocatePagesForMdl
+    - __C_specific_handler
+    - MmSecureVirtualMemory
+    - MmProbeAndLockPages
+    - MmMapIoSpace
+    - MmMapLockedPagesSpecifyCache
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows
+            ValidFrom: '2021-09-02 18:23:41'
+            ValidTo: '2022-09-01 18:23:41'
+            Signature: 699045742c403812de1bdf9ea2be22132e82a7c006ab278e0c9f460bd435386348031a6b5cbdf450ae5a243331dcb2cc7eace8371cf71ec35a6f663147bd211ea357614e6a611eeacca6486a778d4cd788106ade12d6625574e7a89ecab4eb0bb99295c498dd5f565680a2d26bf2545e727c4204023c48d8021b608fd901c6fefd16ce0c3a669fb0ce758dc671f2cdd7434c163f9de9453e5523d94a78205c828a4615e50330d9f52a8a77f7683d2b61ff1324382d40d31001c518b56b286fbb8c754f6940590c2071385ed0a9387b529c06bf71fff89c74634550fc331b389d558696ace05787144e5af53d20a75a84981bf8380ddac3743f407d8ff27c089e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 330000033c89c66a7b45bb1fbd00000000033c
+            Version: 3
+            TBS:
+                MD5: 46f57c3b860b08484cb79066ac1014ad
+                SHA1: c1fe3ab97b834a98460e4ae92fe2468d16f61a92
+                SHA256: d78e6b22fec42de5200f6c56731dd6742c79fa2bf7c01c8dc04d3d5738474c9b
+                SHA384: d64e2d7f3cf0c23601d2d260f80e767d2e2a92fc43d93fdae6006987af96b6706d0c1e60e573e207a49334269e178e87
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Production PCA 2011
+            ValidFrom: '2011-10-19 18:41:42'
+            ValidTo: '2026-10-19 18:51:42'
+            Signature: 14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: '61077656000000000008'
+            Version: 3
+            TBS:
+                MD5: 30a3f0b64324ed7f465e7fc618cb69e7
+                SHA1: 002de3561519b662c5e3f5faba1b92c403fb7c41
+                SHA256: 4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146
+                SHA384: 4f9a02c3eac5e83c38074d54c0bf270e03a1d668e0001c9812c509eb08a19075ee778a7630e65598e4608fc66e2d1c66
+        Signer:
+        -   SerialNumber: 330000033c89c66a7b45bb1fbd00000000033c
+            Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Production PCA 2011
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 778da7e612af67a3de121ab863ceed34
+        SHA1: 4c054a77104d0843f0a0f79ba3cdd6f7a500a261
+        SHA256: c7ad11fb172299df62c32563cb4c0c6c44c833b76897b86057a544ce552b39ca
+    Sections:
+        .text:
+            Entropy: 6.374436237194225
+            Virtual Size: '0x14d26'
+        .rdata:
+            Entropy: 5.492063385586473
+            Virtual Size: '0x6ca4'
+        .data:
+            Entropy: 2.136306008585543
+            Virtual Size: '0x35b4'
+        .pdata:
+            Entropy: 5.201973567849435
+            Virtual Size: '0x1f20'
+        .edata:
+            Entropy: 5.704943815176372
+            Virtual Size: '0x14d5'
+        INIT:
+            Entropy: 4.983784792331664
+            Virtual Size: '0x6fc'
+        .rsrc:
+            Entropy: 3.308916632980912
+            Virtual Size: '0x398'
+        .reloc:
+            Entropy: 4.900332523869931
+            Virtual Size: '0x672'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2009-04-07 12:30:47'
+    Imphash: 6723b1d5bd0f1fc13216cb44541e619e
+    LoadsDespiteHVCI: 'TRUE'
+-   Filename: VBoxDrv.sys
+    MD5: 443689645455987cb347154b391f734d
+    SHA1: 2fed7eddd63f10ed4649d9425b94f86140f91385
+    SHA256: c8940e2e9b069ec94f9f711150b313b437f8429f78d522810601b6ee8b52bada
+    Authentihash:
+        MD5: ed53ea124ed4c30df39c29a4f5b01182
+        SHA1: 2903352a4e038c68c044a48edebd118af7e80098
+        SHA256: 79e3b14b68f1fcf805ccfe7bc2dc81b98346d2e83a6335816b276970e2e2691a
+    Description: VirtualBox Support Driver
+    Company: Sun Microsystems, Inc.
+    InternalName: VBoxDrv.sys
+    OriginalFilename: VBoxDrv.sys
+    FileVersion: 2.2.4.r47978
+    Product: Sun VirtualBox
+    ProductVersion: 2.2.4.r47978
+    Copyright: Copyright (C) 2009 Sun Microsystems, Inc.
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions:
+    - AssertMsg1
+    - AssertMsg2
+    - RTAssertShouldPanic
+    - RTErrConvertFromNtStatus
+    - RTLogCloneRC
+    - RTLogComPrintf
+    - RTLogComPrintfV
+    - RTLogCopyGroupsAndFlags
+    - RTLogCreate
+    - RTLogCreateEx
+    - RTLogCreateExV
+    - RTLogDefaultInit
+    - RTLogDefaultInstance
+    - RTLogDestroy
+    - RTLogFlags
+    - RTLogFlush
+    - RTLogFlushRC
+    - RTLogFlushToLogger
+    - RTLogFormatV
+    - RTLogGetDefaultInstance
+    - RTLogGroupSettings
+    - RTLogLogger
+    - RTLogLoggerEx
+    - RTLogLoggerExV
+    - RTLogLoggerV
+    - RTLogPrintf
+    - RTLogPrintfV
+    - RTLogRelDefaultInstance
+    - RTLogRelLoggerV
+    - RTLogRelPrintfV
+    - RTLogRelSetDefaultInstance
+    - RTLogSetDefaultInstance
+    - RTLogSetDefaultInstanceThread
+    - RTLogWriteCom
+    - RTLogWriteDebugger
+    - RTLogWriteStdErr
+    - RTLogWriteStdOut
+    - RTLogWriteUser
+    - RTMemAlloc
+    - RTMemAllocZ
+    - RTMemContAlloc
+    - RTMemContFree
+    - RTMemDup
+    - RTMemDupEx
+    - RTMemExecAlloc
+    - RTMemExecFree
+    - RTMemFree
+    - RTMemRealloc
+    - RTMemTmpAlloc
+    - RTMemTmpAllocZ
+    - RTMemTmpFree
+    - RTMpCpuId
+    - RTMpCpuIdFromSetIndex
+    - RTMpCpuIdToSetIndex
+    - RTMpGetCount
+    - RTMpGetMaxCpuId
+    - RTMpGetOnlineCount
+    - RTMpGetOnlineSet
+    - RTMpGetSet
+    - RTMpIsCpuOnline
+    - RTMpIsCpuPossible
+    - RTMpIsCpuWorkPending
+    - RTMpNotificationDeregister
+    - RTMpNotificationRegister
+    - RTMpOnAll
+    - RTMpOnOthers
+    - RTMpOnSpecific
+    - RTPowerNotificationDeregister
+    - RTPowerNotificationRegister
+    - RTPowerSignalEvent
+    - RTProcSelf
+    - RTR0Init
+    - RTR0MemObjAddress
+    - RTR0MemObjAddressR3
+    - RTR0MemObjAllocCont
+    - RTR0MemObjAllocLow
+    - RTR0MemObjAllocPage
+    - RTR0MemObjAllocPhys
+    - RTR0MemObjAllocPhysNC
+    - RTR0MemObjEnterPhys
+    - RTR0MemObjFree
+    - RTR0MemObjGetPagePhysAddr
+    - RTR0MemObjIsMapping
+    - RTR0MemObjLockKernel
+    - RTR0MemObjLockUser
+    - RTR0MemObjMapKernel
+    - RTR0MemObjMapKernelEx
+    - RTR0MemObjMapUser
+    - RTR0MemObjReserveKernel
+    - RTR0MemObjReserveUser
+    - RTR0MemObjSize
+    - RTR0ProcHandleSelf
+    - RTR0Term
+    - RTSemEventCreate
+    - RTSemEventDestroy
+    - RTSemEventMultiCreate
+    - RTSemEventMultiDestroy
+    - RTSemEventMultiReset
+    - RTSemEventMultiSignal
+    - RTSemEventMultiWait
+    - RTSemEventMultiWaitNoResume
+    - RTSemEventSignal
+    - RTSemEventWait
+    - RTSemEventWaitNoResume
+    - RTSemFastMutexCreate
+    - RTSemFastMutexDestroy
+    - RTSemFastMutexRelease
+    - RTSemFastMutexRequest
+    - RTSpinlockAcquire
+    - RTSpinlockAcquireNoInts
+    - RTSpinlockCreate
+    - RTSpinlockDestroy
+    - RTSpinlockRelease
+    - RTSpinlockReleaseNoInts
+    - RTStrFormat
+    - RTStrFormatNumber
+    - RTStrFormatTypeDeregister
+    - RTStrFormatTypeRegister
+    - RTStrFormatTypeSetUser
+    - RTStrFormatV
+    - RTStrPrintf
+    - RTStrPrintfEx
+    - RTStrPrintfExV
+    - RTStrPrintfV
+    - RTStrToInt16
+    - RTStrToInt16Ex
+    - RTStrToInt16Full
+    - RTStrToInt32
+    - RTStrToInt32Ex
+    - RTStrToInt32Full
+    - RTStrToInt64
+    - RTStrToInt64Ex
+    - RTStrToInt64Full
+    - RTStrToInt8
+    - RTStrToInt8Ex
+    - RTStrToInt8Full
+    - RTStrToUInt16
+    - RTStrToUInt16Ex
+    - RTStrToUInt16Full
+    - RTStrToUInt32
+    - RTStrToUInt32Ex
+    - RTStrToUInt32Full
+    - RTStrToUInt64
+    - RTStrToUInt64Ex
+    - RTStrToUInt64Full
+    - RTStrToUInt8
+    - RTStrToUInt8Ex
+    - RTStrToUInt8Full
+    - RTThreadNativeSelf
+    - RTThreadPreemptDisable
+    - RTThreadPreemptIsEnabled
+    - RTThreadPreemptRestore
+    - RTThreadSleep
+    - RTThreadYield
+    - RTTimeMilliTS
+    - RTTimeNanoTS
+    - RTTimeNow
+    - RTTimeSystemMilliTS
+    - RTTimeSystemNanoTS
+    - RTTimerCreateEx
+    - RTTimerDestroy
+    - RTTimerGetSystemGranularity
+    - RTTimerReleaseSystemGranularity
+    - RTTimerRequestSystemGranularity
+    - RTTimerStart
+    - RTTimerStop
+    - SUPR0ComponentDeregisterFactory
+    - SUPR0ComponentQueryFactory
+    - SUPR0ComponentRegisterFactory
+    - SUPR0ContAlloc
+    - SUPR0ContFree
+    - SUPR0EnableVTx
+    - SUPR0GetPagingMode
+    - SUPR0GipMap
+    - SUPR0GipUnmap
+    - SUPR0LockMem
+    - SUPR0LowAlloc
+    - SUPR0LowFree
+    - SUPR0MemAlloc
+    - SUPR0MemFree
+    - SUPR0MemGetPhys
+    - SUPR0ObjAddRef
+    - SUPR0ObjAddRefEx
+    - SUPR0ObjRegister
+    - SUPR0ObjRelease
+    - SUPR0ObjVerifyAccess
+    - SUPR0PageAlloc
+    - SUPR0PageAllocEx
+    - SUPR0PageFree
+    - SUPR0PageMapKernel
+    - SUPR0UnlockMem
+    - g_szRTAssertMsg1
+    - g_szRTAssertMsg2
+    ImportedFunctions:
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - ObfDereferenceObject
+    - ExUnregisterCallback
+    - IofCompleteRequest
+    - DbgPrint
+    - IoIs32bitProcess
+    - ExRegisterCallback
+    - ExCreateCallback
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - IoGetStackLimits
+    - memchr
+    - strncmp
+    - KeInitializeEvent
+    - ExAcquireFastMutex
+    - ExReleaseFastMutex
+    - KeSetEvent
+    - KeWaitForSingleObject
+    - KeResetEvent
+    - KeAcquireSpinLockRaiseToDpc
+    - KeReleaseSpinLock
+    - KeDelayExecutionThread
+    - ZwYieldExecution
+    - ExFreePoolWithTag
+    - KeInsertQueueDpc
+    - KeSetTargetProcessorDpc
+    - KeSetImportanceDpc
+    - KeInitializeDpc
+    - ExAllocatePoolWithTag
+    - KeQueryActiveProcessors
+    - strchr
+    - PsGetCurrentProcessId
+    - IoGetCurrentProcess
+    - KeSetTimerEx
+    - KeRemoveQueueDpc
+    - KeCancelTimer
+    - KeInitializeTimerEx
+    - KeQueryTimeIncrement
+    - MmGetSystemRoutineAddress
+    - MmFreeContiguousMemory
+    - MmGetPhysicalAddress
+    - MmAllocateContiguousMemory
+    - MmUnmapIoSpace
+    - MmUnlockPages
+    - IoFreeMdl
+    - MmFreePagesFromMdl
+    - MmUnsecureVirtualMemory
+    - MmUnmapLockedPages
+    - MmProtectMdlSystemAddress
+    - MmBuildMdlForNonPagedPool
+    - IoAllocateMdl
+    - MmAllocatePagesForMdl
+    - __C_specific_handler
+    - MmSecureVirtualMemory
+    - MmProbeAndLockPages
+    - MmMapIoSpace
+    - MmMapLockedPagesSpecifyCache
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=US, ST=California, L=Menlo Park, O=Sun Microsystems, Inc.,
+                OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=Sun Microsystems,
+                Inc.
+            ValidFrom: '2008-06-11 00:00:00'
+            ValidTo: '2011-06-11 23:59:59'
+            Signature: 537c2adf2d3f7cf7cfc86476029fe81f7b8f12596a595cda0d5fbbfd227cce6bce2f8ad1af7fbb1a92a8b8de23a8797748094aae39bc845308e3ccd8fb9dc09b51bdf7b26c4eb8fb4052a8bdc714eaf36fca04d720e06798e36308c2fcaf50c48e61087a3ba0c4b0e77972a69af1ecc9d05e3f001e02ad94db98aa5e1453b541b0c257337fd78bb0372dc7841987424e0abce9cb1f0102a934bd037475b39cfe29dc27e77b3eb89fe805f8c6b1574d768dd2805d1a4b98143b7b6208abfebe7645a607084b1fd13ec7f088ac49cd5adc916090bcebe2e63786a7b80a009abd81349a9f34e135a7f4a2d569be474fe316b1b9f06ddf4d90a6650f7340181a27e1
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 693a64818c1e086b1b15aee63fa054a2
+            Version: 3
+            TBS:
+                MD5: 50b256a55cdc23561dd4aa76abed4fd9
+                SHA1: b3ee591b9218cfdcd394180558bd01bb674df627
+                SHA256: fc1c2199740f069b26f02d81313408734051ecb7fa216b2a86458938fac6a909
+                SHA384: 81c9c8b202f6fe3354dd5503ef9ee6d418b9a28064968506bc2c49d7bd0efbaa9da9ce51d7c384992aa531ca905442a7
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 693a64818c1e086b1b15aee63fa054a2
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 778da7e612af67a3de121ab863ceed34
+        SHA1: 4c054a77104d0843f0a0f79ba3cdd6f7a500a261
+        SHA256: c7ad11fb172299df62c32563cb4c0c6c44c833b76897b86057a544ce552b39ca
+    Sections:
+        .text:
+            Entropy: 6.374380491704822
+            Virtual Size: '0x14d26'
+        .rdata:
+            Entropy: 5.4914437952124455
+            Virtual Size: '0x6ca4'
+        .data:
+            Entropy: 2.136306008585543
+            Virtual Size: '0x35b4'
+        .pdata:
+            Entropy: 5.201973567849435
+            Virtual Size: '0x1f20'
+        .edata:
+            Entropy: 5.703304599123732
+            Virtual Size: '0x14d5'
+        INIT:
+            Entropy: 4.983784792331664
+            Virtual Size: '0x6fc'
+        .rsrc:
+            Entropy: 3.3208922490557096
+            Virtual Size: '0x398'
+        .reloc:
+            Entropy: 4.900332523869931
+            Virtual Size: '0x672'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2009-05-29 11:54:09'
+    Imphash: 6723b1d5bd0f1fc13216cb44541e619e
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: VBoxDrv.sys
+    MD5: 6beb1d8146f5a4aaa2f7b8c0c9bced30
+    SHA1: 07f62d9b6321bed0008e106e9ce4240cb3f76da2
+    SHA256: cfb7af8ac67a379e7869289aeee21837c448ea6f8ab6c93988e7aa423653bd40
+    Authentihash:
+        MD5: 71bbd7b5164d35bc41d5a7f61a2d81f0
+        SHA1: eec7692de436743eed432729fb620c5da3d5318f
+        SHA256: 1c9c86ba5ae540bb5729626cdaec89ca421f8129e4bbf6e1ea49c532b44ea0c9
+    Description: VirtualBox Support Driver
+    Company: Vektor T13 Security Service
+    InternalName: VBoxDrv
+    OriginalFilename: VBoxDrv.sys
+    FileVersion: 1.4.0.119230
+    Product: Antidetect 2019 Public
+    ProductVersion: 1.4.0.119230
+    Copyright: Copyright (C) 2009-2019 Oracle Corporation
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions:
+    - ASMAtomicBitClear
+    - ASMAtomicXchgU16
+    - ASMAtomicXchgU8
+    - ASMGetCS
+    - ASMGetDS
+    - ASMGetES
+    - ASMGetFS
+    - ASMGetGS
+    - ASMGetIDTR
+    - ASMGetSS
+    - ASMMultU64ByU32DivByU32
+    - ASMNopPause
+    - RTAssertAreQuiet
+    - RTAssertMayPanic
+    - RTAssertMsg1
+    - RTAssertMsg1Weak
+    - RTAssertMsg2AddV
+    - RTAssertMsg2V
+    - RTAssertMsg2Weak
+    - RTAssertMsg2WeakV
+    - RTAssertSetMayPanic
+    - RTAssertSetQuiet
+    - RTAssertShouldPanic
+    - RTAvlPVDestroy
+    - RTAvlPVDoWithAll
+    - RTAvlPVGet
+    - RTAvlPVGetBestFit
+    - RTAvlPVInsert
+    - RTAvlPVRemove
+    - RTAvlPVRemoveBestFit
+    - RTCrc32
+    - RTCrc32Finish
+    - RTCrc32Process
+    - RTCrc32Start
+    - RTErrConvertFromErrno
+    - RTErrConvertFromNtStatus
+    - RTErrConvertToErrno
+    - RTErrInfoAdd
+    - RTErrInfoAddF
+    - RTErrInfoAddV
+    - RTErrInfoSet
+    - RTErrInfoSetF
+    - RTErrInfoSetV
+    - RTErrVarsAreEqual
+    - RTErrVarsHaveChanged
+    - RTErrVarsRestore
+    - RTErrVarsSave
+    - RTHandleTableAllocWithCtx
+    - RTHandleTableCreate
+    - RTHandleTableCreateEx
+    - RTHandleTableDestroy
+    - RTHandleTableFreeWithCtx
+    - RTHandleTableLookupWithCtx
+    - RTLatin1CalcUtf8Len
+    - RTLatin1CalcUtf8LenEx
+    - RTLatin1ToUtf8ExTag
+    - RTLatin1ToUtf8Tag
+    - RTLogClearFileDelayFlag
+    - RTLogCloneRC
+    - RTLogComPrintf
+    - RTLogComPrintfV
+    - RTLogCreate
+    - RTLogCreateEx
+    - RTLogCreateExV
+    - RTLogDefaultInit
+    - RTLogDefaultInstance
+    - RTLogDefaultInstanceEx
+    - RTLogDestinations
+    - RTLogDestroy
+    - RTLogDumpPrintfV
+    - RTLogFlags
+    - RTLogFlush
+    - RTLogFlushRC
+    - RTLogFlushToLogger
+    - RTLogFormatV
+    - RTLogGetDefaultInstance
+    - RTLogGetDefaultInstanceEx
+    - RTLogGetDestinations
+    - RTLogGetFlags
+    - RTLogGetGroupSettings
+    - RTLogGroupSettings
+    - RTLogLogger
+    - RTLogLoggerEx
+    - RTLogLoggerExV
+    - RTLogLoggerV
+    - RTLogPrintf
+    - RTLogPrintfV
+    - RTLogRelGetDefaultInstance
+    - RTLogRelGetDefaultInstanceEx
+    - RTLogRelLoggerV
+    - RTLogRelPrintfV
+    - RTLogRelSetBuffering
+    - RTLogRelSetDefaultInstance
+    - RTLogSetBuffering
+    - RTLogSetCustomPrefixCallback
+    - RTLogSetDefaultInstance
+    - RTLogSetDefaultInstanceThread
+    - RTLogWriteCom
+    - RTLogWriteDebugger
+    - RTLogWriteStdErr
+    - RTLogWriteStdOut
+    - RTLogWriteUser
+    - RTMemAllocExTag
+    - RTMemAllocTag
+    - RTMemAllocVarTag
+    - RTMemAllocZTag
+    - RTMemAllocZVarTag
+    - RTMemContAlloc
+    - RTMemContFree
+    - RTMemDupExTag
+    - RTMemDupTag
+    - RTMemExecAllocTag
+    - RTMemExecFree
+    - RTMemFree
+    - RTMemFreeEx
+    - RTMemReallocTag
+    - RTMemTmpAllocTag
+    - RTMemTmpAllocZTag
+    - RTMemTmpFree
+    - RTMpCpuId
+    - RTMpCpuIdFromSetIndex
+    - RTMpCpuIdToSetIndex
+    - RTMpCurSetIndex
+    - RTMpCurSetIndexAndId
+    - RTMpGetArraySize
+    - RTMpGetCount
+    - RTMpGetCpuGroupCounts
+    - RTMpGetMaxCpuGroupCount
+    - RTMpGetMaxCpuId
+    - RTMpGetOnlineCoreCount
+    - RTMpGetOnlineCount
+    - RTMpGetOnlineSet
+    - RTMpGetPresentCoreCount
+    - RTMpGetPresentCount
+    - RTMpGetPresentSet
+    - RTMpGetSet
+    - RTMpIsCpuOnline
+    - RTMpIsCpuPossible
+    - RTMpIsCpuPresent
+    - RTMpIsCpuWorkPending
+    - RTMpNotificationDeregister
+    - RTMpNotificationRegister
+    - RTMpOnAll
+    - RTMpOnAllIsConcurrentSafe
+    - RTMpOnOthers
+    - RTMpOnPair
+    - RTMpOnPairIsConcurrentExecSupported
+    - RTMpOnSpecific
+    - RTMpPokeCpu
+    - RTMpSetIndexFromCpuGroupMember
+    - RTNetIPv4AddDataChecksum
+    - RTNetIPv4AddTCPChecksum
+    - RTNetIPv4AddUDPChecksum
+    - RTNetIPv4FinalizeChecksum
+    - RTNetIPv4HdrChecksum
+    - RTNetIPv4IsDHCPValid
+    - RTNetIPv4IsHdrValid
+    - RTNetIPv4IsTCPSizeValid
+    - RTNetIPv4IsTCPValid
+    - RTNetIPv4IsUDPSizeValid
+    - RTNetIPv4IsUDPValid
+    - RTNetIPv4PseudoChecksum
+    - RTNetIPv4PseudoChecksumBits
+    - RTNetIPv4TCPChecksum
+    - RTNetIPv4UDPChecksum
+    - RTNetIPv6PseudoChecksum
+    - RTNetIPv6PseudoChecksumBits
+    - RTNetIPv6PseudoChecksumEx
+    - RTNetTCPChecksum
+    - RTNetUDPChecksum
+    - RTOnceReset
+    - RTOnceSlow
+    - RTPowerNotificationDeregister
+    - RTPowerNotificationRegister
+    - RTPowerSignalEvent
+    - RTProcSelf
+    - RTR0AssertPanicSystem
+    - RTR0Init
+    - RTR0MemAreKrnlAndUsrDifferent
+    - RTR0MemKernelCopyFrom
+    - RTR0MemKernelCopyTo
+    - RTR0MemKernelIsValidAddr
+    - RTR0MemObjAddress
+    - RTR0MemObjAddressR3
+    - RTR0MemObjAllocContTag
+    - RTR0MemObjAllocLowTag
+    - RTR0MemObjAllocPageTag
+    - RTR0MemObjAllocPhysExTag
+    - RTR0MemObjAllocPhysNCTag
+    - RTR0MemObjAllocPhysTag
+    - RTR0MemObjEnterPhysTag
+    - RTR0MemObjFree
+    - RTR0MemObjGetPagePhysAddr
+    - RTR0MemObjIsMapping
+    - RTR0MemObjLockKernelTag
+    - RTR0MemObjLockUserTag
+    - RTR0MemObjMapKernelExTag
+    - RTR0MemObjMapKernelTag
+    - RTR0MemObjMapUserTag
+    - RTR0MemObjProtect
+    - RTR0MemObjReserveKernelTag
+    - RTR0MemObjReserveUserTag
+    - RTR0MemObjSize
+    - RTR0MemUserCopyFrom
+    - RTR0MemUserCopyTo
+    - RTR0MemUserIsValidAddr
+    - RTR0ProcHandleSelf
+    - RTR0Term
+    - RTR0TermForced
+    - RTSemEventCreate
+    - RTSemEventCreateEx
+    - RTSemEventDestroy
+    - RTSemEventGetResolution
+    - RTSemEventMultiCreate
+    - RTSemEventMultiCreateEx
+    - RTSemEventMultiDestroy
+    - RTSemEventMultiGetResolution
+    - RTSemEventMultiReset
+    - RTSemEventMultiSignal
+    - RTSemEventMultiWait
+    - RTSemEventMultiWaitEx
+    - RTSemEventMultiWaitExDebug
+    - RTSemEventMultiWaitNoResume
+    - RTSemEventSignal
+    - RTSemEventWait
+    - RTSemEventWaitEx
+    - RTSemEventWaitExDebug
+    - RTSemEventWaitNoResume
+    - RTSemFastMutexCreate
+    - RTSemFastMutexDestroy
+    - RTSemFastMutexRelease
+    - RTSemFastMutexRequest
+    - RTSemMutexCreate
+    - RTSemMutexCreateEx
+    - RTSemMutexDestroy
+    - RTSemMutexIsOwned
+    - RTSemMutexRelease
+    - RTSemMutexRequest
+    - RTSemMutexRequestDebug
+    - RTSemMutexRequestNoResume
+    - RTSemMutexRequestNoResumeDebug
+    - RTSemSpinMutexCreate
+    - RTSemSpinMutexDestroy
+    - RTSemSpinMutexRelease
+    - RTSemSpinMutexRequest
+    - RTSemSpinMutexTryRequest
+    - RTSpinlockAcquire
+    - RTSpinlockCreate
+    - RTSpinlockDestroy
+    - RTSpinlockRelease
+    - RTStrAAppendNTag
+    - RTStrAAppendTag
+    - RTStrATruncateTag
+    - RTStrAllocExTag
+    - RTStrAllocTag
+    - RTStrCalcLatin1Len
+    - RTStrCalcLatin1LenEx
+    - RTStrCalcUtf16Len
+    - RTStrCalcUtf16LenEx
+    - RTStrCat
+    - RTStrConvertHexBytes
+    - RTStrCopy
+    - RTStrCopyEx
+    - RTStrCopyP
+    - RTStrDupExTag
+    - RTStrDupNTag
+    - RTStrDupTag
+    - RTStrFormat
+    - RTStrFormatNumber
+    - RTStrFormatTypeDeregister
+    - RTStrFormatTypeRegister
+    - RTStrFormatTypeSetUser
+    - RTStrFormatV
+    - RTStrFree
+    - RTStrGetCpExInternal
+    - RTStrGetCpInternal
+    - RTStrGetCpNExInternal
+    - RTStrIsValidEncoding
+    - RTStrNCmp
+    - RTStrPrevCp
+    - RTStrPrintf
+    - RTStrPrintfEx
+    - RTStrPrintfExV
+    - RTStrPrintfV
+    - RTStrPurgeComplementSet
+    - RTStrPurgeEncoding
+    - RTStrPutCpInternal
+    - RTStrReallocTag
+    - RTStrToInt16
+    - RTStrToInt16Ex
+    - RTStrToInt16Full
+    - RTStrToInt32
+    - RTStrToInt32Ex
+    - RTStrToInt32Full
+    - RTStrToInt64
+    - RTStrToInt64Ex
+    - RTStrToInt64Full
+    - RTStrToInt8
+    - RTStrToInt8Ex
+    - RTStrToInt8Full
+    - RTStrToLatin1ExTag
+    - RTStrToLatin1Tag
+    - RTStrToUInt16
+    - RTStrToUInt16Ex
+    - RTStrToUInt16Full
+    - RTStrToUInt32
+    - RTStrToUInt32Ex
+    - RTStrToUInt32Full
+    - RTStrToUInt64
+    - RTStrToUInt64Ex
+    - RTStrToUInt64Full
+    - RTStrToUInt8
+    - RTStrToUInt8Ex
+    - RTStrToUInt8Full
+    - RTStrToUni
+    - RTStrToUniEx
+    - RTStrToUtf16BigExTag
+    - RTStrToUtf16BigTag
+    - RTStrToUtf16ExTag
+    - RTStrToUtf16Tag
+    - RTStrUniLen
+    - RTStrUniLenEx
+    - RTStrValidateEncoding
+    - RTStrValidateEncodingEx
+    - RTTermDeregisterCallback
+    - RTTermRegisterCallback
+    - RTTermRunCallbacks
+    - RTThreadCreate
+    - RTThreadCreateF
+    - RTThreadCreateV
+    - RTThreadCtxHookCreate
+    - RTThreadCtxHookDestroy
+    - RTThreadCtxHookDisable
+    - RTThreadCtxHookEnable
+    - RTThreadCtxHookIsEnabled
+    - RTThreadFromNative
+    - RTThreadGetName
+    - RTThreadGetNative
+    - RTThreadGetType
+    - RTThreadIsInInterrupt
+    - RTThreadIsInitialized
+    - RTThreadIsMain
+    - RTThreadIsSelfAlive
+    - RTThreadIsSelfKnown
+    - RTThreadNativeSelf
+    - RTThreadPreemptDisable
+    - RTThreadPreemptIsEnabled
+    - RTThreadPreemptIsPending
+    - RTThreadPreemptIsPendingTrusty
+    - RTThreadPreemptIsPossible
+    - RTThreadPreemptRestore
+    - RTThreadSelf
+    - RTThreadSelfName
+    - RTThreadSetName
+    - RTThreadSetType
+    - RTThreadSleep
+    - RTThreadUserReset
+    - RTThreadUserSignal
+    - RTThreadUserWait
+    - RTThreadUserWaitNoResume
+    - RTThreadWait
+    - RTThreadWaitNoResume
+    - RTThreadYield
+    - RTTimeExplode
+    - RTTimeFromString
+    - RTTimeImplode
+    - RTTimeIsLeapYear
+    - RTTimeMilliTS
+    - RTTimeNanoTS
+    - RTTimeNormalize
+    - RTTimeNow
+    - RTTimeSpecFromString
+    - RTTimeSpecToString
+    - RTTimeSystemMilliTS
+    - RTTimeSystemNanoTS
+    - RTTimeToString
+    - RTTimerCanDoHighResolution
+    - RTTimerChangeInterval
+    - RTTimerCreate
+    - RTTimerCreateEx
+    - RTTimerDestroy
+    - RTTimerGetSystemGranularity
+    - RTTimerReleaseSystemGranularity
+    - RTTimerRequestSystemGranularity
+    - RTTimerStart
+    - RTTimerStop
+    - RTUuidClear
+    - RTUuidCompare
+    - RTUuidCompare2Strs
+    - RTUuidCompareStr
+    - RTUuidFromStr
+    - RTUuidFromUtf16
+    - RTUuidIsNull
+    - RTUuidToStr
+    - RTUuidToUtf16
+    - SUPGetCpuHzFromGipForAsyncMode
+    - SUPGetGIP
+    - SUPGetTscDeltaSlow
+    - SUPIsTscFreqCompatible
+    - SUPIsTscFreqCompatibleEx
+    - SUPR0BadContext
+    - SUPR0ChangeCR4
+    - SUPR0ComponentDeregisterFactory
+    - SUPR0ComponentQueryFactory
+    - SUPR0ComponentRegisterFactory
+    - SUPR0ContAlloc
+    - SUPR0ContFree
+    - SUPR0EnableVTx
+    - SUPR0GetCurrentGdtRw
+    - SUPR0GetKernelFeatures
+    - SUPR0GetPagingMode
+    - SUPR0GetSessionGVM
+    - SUPR0GetSessionVM
+    - SUPR0GetSvmUsability
+    - SUPR0GetVmxUsability
+    - SUPR0GipMap
+    - SUPR0GipUnmap
+    - SUPR0LockMem
+    - SUPR0LowAlloc
+    - SUPR0LowFree
+    - SUPR0MemAlloc
+    - SUPR0MemFree
+    - SUPR0MemGetPhys
+    - SUPR0ObjAddRef
+    - SUPR0ObjAddRefEx
+    - SUPR0ObjRegister
+    - SUPR0ObjRelease
+    - SUPR0ObjVerifyAccess
+    - SUPR0PageAllocEx
+    - SUPR0PageFree
+    - SUPR0PageMapKernel
+    - SUPR0PageProtect
+    - SUPR0Printf
+    - SUPR0QueryUcodeRev
+    - SUPR0QueryVTCaps
+    - SUPR0ResumeVTxOnCpu
+    - SUPR0SetSessionVM
+    - SUPR0SuspendVTxOnCpu
+    - SUPR0TracerDeregisterDrv
+    - SUPR0TracerDeregisterImpl
+    - SUPR0TracerFireProbe
+    - SUPR0TracerRegisterDrv
+    - SUPR0TracerRegisterImpl
+    - SUPR0TracerRegisterModule
+    - SUPR0TracerUmodProbeFire
+    - SUPR0TscDeltaMeasureBySetIndex
+    - SUPR0UnlockMem
+    - SUPReadTscWithDelta
+    - SUPSemEventClose
+    - SUPSemEventCreate
+    - SUPSemEventGetResolution
+    - SUPSemEventMultiClose
+    - SUPSemEventMultiCreate
+    - SUPSemEventMultiGetResolution
+    - SUPSemEventMultiReset
+    - SUPSemEventMultiSignal
+    - SUPSemEventMultiWait
+    - SUPSemEventMultiWaitNoResume
+    - SUPSemEventMultiWaitNsAbsIntr
+    - SUPSemEventMultiWaitNsRelIntr
+    - SUPSemEventSignal
+    - SUPSemEventWait
+    - SUPSemEventWaitNoResume
+    - SUPSemEventWaitNsAbsIntr
+    - SUPSemEventWaitNsRelIntr
+    - g_pSUPGlobalInfoPage
+    - g_pszRTAssertExpr
+    - g_pszRTAssertFile
+    - g_pszRTAssertFunction
+    - g_szRTAssertMsg1
+    - g_szRTAssertMsg2
+    - g_u32RTAssertLine
+    ImportedFunctions:
+    - strchr
+    - IoDeleteDevice
+    - IoCreateDevice
+    - RtlInitUnicodeString
+    - ObfDereferenceObject
+    - ExUnregisterCallback
+    - IofCompleteRequest
+    - __C_specific_handler
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - IoIs32bitProcess
+    - ZwSetSystemInformation
+    - ExRegisterCallback
+    - ExCreateCallback
+    - MmGetSystemRoutineAddress
+    - RtlQueryRegistryValues
+    - DbgPrint
+    - KeSetTimerEx
+    - KeInsertQueueDpc
+    - KeRemoveQueueDpc
+    - KeCancelTimer
+    - KeSetImportanceDpc
+    - KeInitializeDpc
+    - KeInitializeTimerEx
+    - KeQueryTimeIncrement
+    - KeDelayExecutionThread
+    - ZwYieldExecution
+    - KeSetPriorityThread
+    - KeWaitForSingleObject
+    - ZwClose
+    - ObReferenceObjectByHandle
+    - PsCreateSystemThread
+    - KeAcquireSpinLockRaiseToDpc
+    - KeReleaseSpinLock
+    - KeInitializeMutex
+    - KeReleaseMutex
+    - KeReadStateMutex
+    - KeInitializeEvent
+    - ExAcquireFastMutex
+    - ExReleaseFastMutex
+    - KeSetEvent
+    - KeResetEvent
+    - PsGetCurrentProcessId
+    - IoGetCurrentProcess
+    - ProbeForRead
+    - ProbeForWrite
+    - MmHighestUserAddress
+    - MmSystemRangeStart
+    - KeSetTargetProcessorDpc
+    - KeNumberProcessors
+    - PsGetVersion
+    - MmIsAddressValid
+    - MmUnmapIoSpace
+    - MmUnlockPages
+    - MmFreeContiguousMemory
+    - IoFreeMdl
+    - MmFreePagesFromMdl
+    - MmUnsecureVirtualMemory
+    - MmUnmapLockedPages
+    - MmProtectMdlSystemAddress
+    - MmBuildMdlForNonPagedPool
+    - IoAllocateMdl
+    - MmAllocateContiguousMemorySpecifyCache
+    - MmAllocatePagesForMdl
+    - MmSecureVirtualMemory
+    - MmProbeAndLockPages
+    - MmMapIoSpace
+    - MmMapLockedPagesSpecifyCache
+    - MmGetPhysicalAddress
+    - MmAllocateContiguousMemory
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: CN=Vektor T13 Technology
+            ValidFrom: '2018-08-10 07:42:52'
+            ValidTo: '2039-12-31 23:59:59'
+            Signature: 4819acb135277102eb22d1ebf53707b6651b1dac668cbe264acefb52a0567dee778627ae98f2f8a69142e210ed9a585a826bea9339108f6cc8567a8a0d3b471dde8e932b4d7b466e657e0592faa7578e548c1d1f3b746190fac243e75735ad18bb9cf901d94d92ed4bfbe7729d439bdd300a6cb5fb75d17364033f92a8d15398
+            SignatureAlgorithmOID: 1.3.14.3.2.29
+            IsCertificateAuthority: true
+            SerialNumber: 4d87df1b3d1e239b405dc85d0a0bad22
+            Version: 3
+            TBS:
+                MD5: fbe18b58073fb49c37c5790f1e2065f0
+                SHA1: a0a8778312b53234bbf75e19e10664c52e0c524c
+                SHA256: 42da0182b3119325ebc53f870276cc8b9f6f4d7248d6223372fea7fc994d85a8
+                SHA384: 12140c817a8d0771e3ee4c8e1eecda708c7203c537b4a702175fb370098e2bc704fca98b9b65cf346d80845fd961ed03
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 4d87df1b3d1e239b405dc85d0a0bad22
+            Issuer: CN=Vektor T13 Technology
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 2699d722188f4664155df5d5ec416047
+        SHA1: 1d9a8b11fbf151fc371dcb9a1a3b333f0dadb1e0
+        SHA256: 6292be78ca89765e09fcf9a02d007dd8adafbf18a032d9d71e35686f922cd1f6
+    Sections:
+        .text:
+            Entropy: 6.419823737384689
+            Virtual Size: '0x2bc30'
+        .rdata:
+            Entropy: 5.946377532455778
+            Virtual Size: '0xf8c8'
+        .data:
+            Entropy: 4.260596456256825
+            Virtual Size: '0x12a40'
+        .pdata:
+            Entropy: 5.559894875195939
+            Virtual Size: '0x32c4'
+        .edata:
+            Entropy: 5.804189453998891
+            Virtual Size: '0x34f8'
+        INIT:
+            Entropy: 5.082239885482413
+            Virtual Size: '0x856'
+        .rsrc:
+            Entropy: 3.407529902677342
+            Virtual Size: '0x400'
+        .reloc:
+            Entropy: 4.078099091032765
+            Virtual Size: '0xfb8'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2019-02-04 15:27:31'
+    Imphash: 9470f56376e665fb981a35b303436041
+    LoadsDespiteHVCI: 'TRUE'
diff --git a/yaml/7a0842ca-1a64-4ad1-9d66-25eb983d1742.yaml b/yaml/7a0842ca-1a64-4ad1-9d66-25eb983d1742.yaml
index f206780b8..06701c428 100644
--- a/yaml/7a0842ca-1a64-4ad1-9d66-25eb983d1742.yaml
+++ b/yaml/7a0842ca-1a64-4ad1-9d66-25eb983d1742.yaml
@@ -1,206 +1,206 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 7a0842ca-1a64-4ad1-9d66-25eb983d1742
+Tags:
+- directio32_legacy.sys
+- DirectIo32.sys
+Verified: 'TRUE'
 Author: Michael Haag
+Created: '2023-07-22'
+MitreID: T1068
 CVE:
 - ''
 Category: vulnerable drivers
 Commands:
-  Command: ''
-  Description: Confirmed vulnerable driver from Microsoft Block List
-  OperatingSystem: Windows
-  Privileges: kernel
-  Usecase: Elevate privileges
-Created: '2023-07-22'
-Detection:
-- type: ''
-  value: ''
-Id: 7a0842ca-1a64-4ad1-9d66-25eb983d1742
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: a25749ae40ff475524e5df6431998825
-    SHA1: 59c8f056dea50a4b6f6f63e50037089965568910
-    SHA256: 2fb5d7e6db01c9090bba92abf580d38993e02ce9357e08fe1f224a9b18056e5a
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2020-08-11 23:45:00'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - DbgPrintEx
-  - RtlGetVersion
-  - KeInitializeEvent
-  - KeWaitForSingleObject
-  - ExAllocatePoolWithTag
-  - ExAllocatePoolWithQuotaTag
-  - ExFreePoolWithTag
-  - MmBuildMdlForNonPagedPool
-  - MmMapLockedPagesSpecifyCache
-  - MmUnmapLockedPages
-  - MmMapIoSpace
-  - MmUnmapIoSpace
-  - IoAllocateErrorLogEntry
-  - IoAllocateMdl
-  - IoBuildDeviceIoControlRequest
-  - IoBuildSynchronousFsdRequest
-  - IofCallDriver
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - IoFreeMdl
-  - IoGetAttachedDeviceReference
-  - IoGetDeviceObjectPointer
-  - IoWriteErrorLogEntry
-  - IoGetDeviceProperty
-  - ObReferenceObjectByHandle
-  - ObReferenceObjectByPointer
-  - RtlAppendUnicodeToString
-  - ZwCreateFile
-  - ZwWriteFile
-  - ZwClose
-  - ZwOpenSection
-  - ZwMapViewOfSection
-  - ZwUnmapViewOfSection
-  - ZwOpenKey
-  - ZwQueryValueKey
-  - MmGetPhysicalMemoryRanges
-  - PsGetProcessId
-  - RtlFillMemoryUlong
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - IoEnumerateDeviceObjectList
-  - ObQueryNameString
-  - _vsnwprintf
-  - ObReferenceObjectByName
-  - memcpy
-  - memmove
-  - memset
-  - IoFileObjectType
-  - PsProcessType
-  - PsInitialSystemProcess
-  - NtBuildNumber
-  - IoDriverObjectType
-  - KeRevertToUserAffinityThread
-  - KeSetSystemAffinityThread
-  - KeQueryActiveProcessors
-  - KeBugCheckEx
-  - RtlAppendUnicodeStringToString
-  - RtlUnwind
-  - RtlWriteRegistryValue
-  - MmGetSystemRoutineAddress
-  - RtlQueryRegistryValues
-  - RtlInitUnicodeString
-  - RtlIntegerToUnicodeString
-  - ObfDereferenceObject
-  - wcsrchr
-  - WRITE_PORT_USHORT
-  - WRITE_PORT_UCHAR
-  - READ_PORT_ULONG
-  - READ_PORT_USHORT
-  - READ_PORT_UCHAR
-  - KeStallExecutionProcessor
-  - WRITE_PORT_ULONG
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: 2da707d2fa073d60c4b069ce76a789ef
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 78c0e4d4898d4d4cc2c6df5285c1e11b
-    SHA1: 0c932c2f26d8d024936f27bc6ff33dc736587a6e
-    SHA256: cae87d0bcaa037bfb6c422692648e50bb26aad2909044f1cdb1d6cb706dd94d1
-  SHA1: 75c924435e87f38f20e5e77b7f2c382b9c9b974b
-  SHA256: 035b96ff8b85d312be0f9df6271714392a802ec8bab59ae8229812ddc67ced5a
-  Sections:
-    .text:
-      Entropy: 6.122291821648682
-      Virtual Size: '0x3162'
-    .rdata:
-      Entropy: 4.091327919587039
-      Virtual Size: '0x454'
-    .data:
-      Entropy: 2.450212064914747
-      Virtual Size: '0x1c'
-    PAGE:
-      Entropy: 5.1712774885026676
-      Virtual Size: '0x82'
-    INIT:
-      Entropy: 5.60467066998622
-      Virtual Size: '0x824'
-    .reloc:
-      Entropy: 6.43814817478269
-      Virtual Size: '0x28c'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: ??=AU, ??=Private Organization, serialNumber=099 321 392, C=AU, ST=New
-        South Wales, L=Surry Hills, O=PassMark Software Pty Ltd, CN=PassMark Software
-        Pty Ltd
-      ValidFrom: '2018-10-18 00:00:00'
-      ValidTo: '2021-02-28 12:00:00'
-      Signature: 5c01ed6a6f6c302d1b2ff3c17bae241ce2fcd501196d753b285ea9d44ba291565fc97503fa50ba4b0abba54066e1b04ac66018e8eb06c8104515df0b903f432e04c1d486336929a4d637fe7e06197a75ad7199bfae0a3a66ea6e55cf1ba9b68e33ef35f5b46cef71f5c8b6230d459c2e843a09b01ebe5020852ac9948357f09a66ad78bc60d795fce62fb63288f5550bc6446acbe7fdad31f8dd76045d7ed50bb79dc6ee9333ad8c12b64e2e544f922dfea0586b0d1cb80c37f96fc68b20f95b104f11ef5fe49349829afe35ceecfd22c96b5f89263701f95364d4f0816bcd0bee9e40aa1b956cd4659181e05d0872f4838b3208138b67d9c03faad605f1b924
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 0d671c2c3c13676231329afa97b1ec2b
-      Version: 3
-      TBS:
-        MD5: fd290a4891edd36420e082391a96d9b0
-        SHA1: fe33d6386cb017f4d39d5b1e21861bbc387aae7a
-        SHA256: 57e2af9bbd6fed434ad5df9b194936fc6d3a1b71658bdd31c2d289f8a0f5c2e0
-        SHA384: feff93a9900bd0c3ac0d46892b5c06dc002eb55bc2daa6c4d62d20491c9f5141771c7563166751af02b2308059449e52
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA (SHA2)
-      ValidFrom: '2012-04-18 12:00:00'
-      ValidTo: '2027-04-18 12:00:00'
-      Signature: 19334a0c813337dbad36c9e4c93abbb51b2e7aa2e2f44342179ebf4ea14de1b1dbe981dd9f01f2e488d5e9fe09fd21c1ec5d80d2f0d6c143c2fe772bdbf9d79133ce6cd5b2193be62ed6c9934f88408ecde1f57ef10fc6595672e8eb6a41bd1cd546d57c49ca663815c1bfe091707787dcc98d31c90c29a233ed8de287cd898d3f1bffd5e01a978b7cda6dfba8c6b23a666b7b01b3cdd8a634ec1201ab9558a5c45357a860e6e70212a0b92364a24dbb7c81256421becfee42184397bba53706af4dff26a54d614bec4641b865ceb8799e08960b818c8a3b8fc7998ca32a6e986d5e61c696b78ab9612d93b8eb0e0443d7f5fea6f062d4996aa5c1c1f0649480
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 03f1b4e15f3a82f1149678b3d7d8475c
-      Version: 3
-      TBS:
-        MD5: 83f5de89f641d0fbf60248e10a7b9534
-        SHA1: 382a73a059a08698d6eb98c87e1b36fc750933a4
-        SHA256: eec58131dc11cd7f512501b15fdbc6074c603b68ca91f7162d5a042054edb0cf
-        SHA384: 4a25018683cabfb8ec2cad136334f37f33c89aa8540326322991d997c8adfb7faf06ab602ebd46630fe75fe3d2edc6b1
-    Signer:
-    - SerialNumber: 0d671c2c3c13676231329afa97b1ec2b
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA (SHA2)
-      Version: 1
-  Imphash: 62bc9fd136b469e6cdc0f267f74be4b8
-  LoadsDespiteHVCI: 'FALSE'
-MitreID: T1068
+    Command: ''
+    Description: Confirmed vulnerable driver from Microsoft Block List
+    OperatingSystem: Windows
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://gist.github.com/mgraeber-rc/1bde6a2a83237f17b463d051d32e802c
-Tags:
-- directio32_legacy.sys
-- DirectIo32.sys
-Verified: 'TRUE'
+Detection:
+-   type: ''
+    value: ''
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: a25749ae40ff475524e5df6431998825
+        SHA1: 59c8f056dea50a4b6f6f63e50037089965568910
+        SHA256: 2fb5d7e6db01c9090bba92abf580d38993e02ce9357e08fe1f224a9b18056e5a
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2020-08-11 23:45:00'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - DbgPrintEx
+    - RtlGetVersion
+    - KeInitializeEvent
+    - KeWaitForSingleObject
+    - ExAllocatePoolWithTag
+    - ExAllocatePoolWithQuotaTag
+    - ExFreePoolWithTag
+    - MmBuildMdlForNonPagedPool
+    - MmMapLockedPagesSpecifyCache
+    - MmUnmapLockedPages
+    - MmMapIoSpace
+    - MmUnmapIoSpace
+    - IoAllocateErrorLogEntry
+    - IoAllocateMdl
+    - IoBuildDeviceIoControlRequest
+    - IoBuildSynchronousFsdRequest
+    - IofCallDriver
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - IoFreeMdl
+    - IoGetAttachedDeviceReference
+    - IoGetDeviceObjectPointer
+    - IoWriteErrorLogEntry
+    - IoGetDeviceProperty
+    - ObReferenceObjectByHandle
+    - ObReferenceObjectByPointer
+    - RtlAppendUnicodeToString
+    - ZwCreateFile
+    - ZwWriteFile
+    - ZwClose
+    - ZwOpenSection
+    - ZwMapViewOfSection
+    - ZwUnmapViewOfSection
+    - ZwOpenKey
+    - ZwQueryValueKey
+    - MmGetPhysicalMemoryRanges
+    - PsGetProcessId
+    - RtlFillMemoryUlong
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - IoEnumerateDeviceObjectList
+    - ObQueryNameString
+    - _vsnwprintf
+    - ObReferenceObjectByName
+    - memcpy
+    - memmove
+    - memset
+    - IoFileObjectType
+    - PsProcessType
+    - PsInitialSystemProcess
+    - NtBuildNumber
+    - IoDriverObjectType
+    - KeRevertToUserAffinityThread
+    - KeSetSystemAffinityThread
+    - KeQueryActiveProcessors
+    - KeBugCheckEx
+    - RtlAppendUnicodeStringToString
+    - RtlUnwind
+    - RtlWriteRegistryValue
+    - MmGetSystemRoutineAddress
+    - RtlQueryRegistryValues
+    - RtlInitUnicodeString
+    - RtlIntegerToUnicodeString
+    - ObfDereferenceObject
+    - wcsrchr
+    - WRITE_PORT_USHORT
+    - WRITE_PORT_UCHAR
+    - READ_PORT_ULONG
+    - READ_PORT_USHORT
+    - READ_PORT_UCHAR
+    - KeStallExecutionProcessor
+    - WRITE_PORT_ULONG
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: 2da707d2fa073d60c4b069ce76a789ef
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 78c0e4d4898d4d4cc2c6df5285c1e11b
+        SHA1: 0c932c2f26d8d024936f27bc6ff33dc736587a6e
+        SHA256: cae87d0bcaa037bfb6c422692648e50bb26aad2909044f1cdb1d6cb706dd94d1
+    SHA1: 75c924435e87f38f20e5e77b7f2c382b9c9b974b
+    SHA256: 035b96ff8b85d312be0f9df6271714392a802ec8bab59ae8229812ddc67ced5a
+    Sections:
+        .text:
+            Entropy: 6.122291821648682
+            Virtual Size: '0x3162'
+        .rdata:
+            Entropy: 4.091327919587039
+            Virtual Size: '0x454'
+        .data:
+            Entropy: 2.450212064914747
+            Virtual Size: '0x1c'
+        PAGE:
+            Entropy: 5.1712774885026676
+            Virtual Size: '0x82'
+        INIT:
+            Entropy: 5.60467066998622
+            Virtual Size: '0x824'
+        .reloc:
+            Entropy: 6.43814817478269
+            Virtual Size: '0x28c'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: ??=AU, ??=Private Organization, serialNumber=099 321 392, C=AU,
+                ST=New South Wales, L=Surry Hills, O=PassMark Software Pty Ltd, CN=PassMark
+                Software Pty Ltd
+            ValidFrom: '2018-10-18 00:00:00'
+            ValidTo: '2021-02-28 12:00:00'
+            Signature: 5c01ed6a6f6c302d1b2ff3c17bae241ce2fcd501196d753b285ea9d44ba291565fc97503fa50ba4b0abba54066e1b04ac66018e8eb06c8104515df0b903f432e04c1d486336929a4d637fe7e06197a75ad7199bfae0a3a66ea6e55cf1ba9b68e33ef35f5b46cef71f5c8b6230d459c2e843a09b01ebe5020852ac9948357f09a66ad78bc60d795fce62fb63288f5550bc6446acbe7fdad31f8dd76045d7ed50bb79dc6ee9333ad8c12b64e2e544f922dfea0586b0d1cb80c37f96fc68b20f95b104f11ef5fe49349829afe35ceecfd22c96b5f89263701f95364d4f0816bcd0bee9e40aa1b956cd4659181e05d0872f4838b3208138b67d9c03faad605f1b924
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 0d671c2c3c13676231329afa97b1ec2b
+            Version: 3
+            TBS:
+                MD5: fd290a4891edd36420e082391a96d9b0
+                SHA1: fe33d6386cb017f4d39d5b1e21861bbc387aae7a
+                SHA256: 57e2af9bbd6fed434ad5df9b194936fc6d3a1b71658bdd31c2d289f8a0f5c2e0
+                SHA384: feff93a9900bd0c3ac0d46892b5c06dc002eb55bc2daa6c4d62d20491c9f5141771c7563166751af02b2308059449e52
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA (SHA2)
+            ValidFrom: '2012-04-18 12:00:00'
+            ValidTo: '2027-04-18 12:00:00'
+            Signature: 19334a0c813337dbad36c9e4c93abbb51b2e7aa2e2f44342179ebf4ea14de1b1dbe981dd9f01f2e488d5e9fe09fd21c1ec5d80d2f0d6c143c2fe772bdbf9d79133ce6cd5b2193be62ed6c9934f88408ecde1f57ef10fc6595672e8eb6a41bd1cd546d57c49ca663815c1bfe091707787dcc98d31c90c29a233ed8de287cd898d3f1bffd5e01a978b7cda6dfba8c6b23a666b7b01b3cdd8a634ec1201ab9558a5c45357a860e6e70212a0b92364a24dbb7c81256421becfee42184397bba53706af4dff26a54d614bec4641b865ceb8799e08960b818c8a3b8fc7998ca32a6e986d5e61c696b78ab9612d93b8eb0e0443d7f5fea6f062d4996aa5c1c1f0649480
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 03f1b4e15f3a82f1149678b3d7d8475c
+            Version: 3
+            TBS:
+                MD5: 83f5de89f641d0fbf60248e10a7b9534
+                SHA1: 382a73a059a08698d6eb98c87e1b36fc750933a4
+                SHA256: eec58131dc11cd7f512501b15fdbc6074c603b68ca91f7162d5a042054edb0cf
+                SHA384: 4a25018683cabfb8ec2cad136334f37f33c89aa8540326322991d997c8adfb7faf06ab602ebd46630fe75fe3d2edc6b1
+        Signer:
+        -   SerialNumber: 0d671c2c3c13676231329afa97b1ec2b
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA (SHA2)
+            Version: 1
+    Imphash: 62bc9fd136b469e6cdc0f267f74be4b8
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/7a5fe570-3b35-4fad-b7d6-7518bd5436a0.yaml b/yaml/7a5fe570-3b35-4fad-b7d6-7518bd5436a0.yaml
index 7507d584a..5ce908c01 100644
--- a/yaml/7a5fe570-3b35-4fad-b7d6-7518bd5436a0.yaml
+++ b/yaml/7a5fe570-3b35-4fad-b7d6-7518bd5436a0.yaml
@@ -1,141 +1,141 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 7a5fe570-3b35-4fad-b7d6-7518bd5436a0
+Tags:
+- NodeDriver.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: malicious
-Commands:
-  Command: sc.exe create NodeDriver.sys binPath=C:\windows\temp\NodeDriver.sys type=kernel
-    && sc.exe start NodeDriver.sys
-  Description: Driver categorized as POORTRY by Mandiant.
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-03-02'
-Detection: []
-Id: 7a5fe570-3b35-4fad-b7d6-7518bd5436a0
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: cb01e86f3c5a26629d53856c5e4990ec
-    SHA1: fbbb429de5458a274b4a4ab44ed6785139f4a7e4
-    SHA256: 43374fd68dc06c8491b16d177156444ee44f497bbceafd0165f40ba48bf6802f
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2022-08-20 09:19:01'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: NodeDriver.sys
-  ImportedFunctions:
-  - WskCaptureProviderNPI
-  - ExAllocatePoolWithTag
-  - ExAllocatePool
-  - NtQuerySystemInformation
-  - ExFreePoolWithTag
-  - IoAllocateMdl
-  - MmProbeAndLockPages
-  - MmMapLockedPagesSpecifyCache
-  - MmUnlockPages
-  - IoFreeMdl
-  - KeQueryActiveProcessors
-  - KeSetSystemAffinityThread
-  - KeRevertToUserAffinityThread
-  - DbgPrint
-  - KeQueryPerformanceCounter
-  Imports:
-  - NETIO.SYS
-  - ntoskrnl.exe
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: ee6b1a79cb6641aa44c762ee90786fe0
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: ffdf660eb1ebf020a1d0a55a90712dfb
-    SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
-    SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
-  SHA1: 3ef30c95e40a854cc4ded94fc503d0c3dc3e620e
-  SHA256: 05b146a48a69dd62a02759487e769bd30d39f16374bc76c86453b4ae59e7ffa4
-  Sections:
-    .text:
-      Entropy: 0.0
-      Virtual Size: '0x1ffb'
-    .rdata:
-      Entropy: 0.0
-      Virtual Size: '0x96c'
-    .data:
-      Entropy: 0.0
-      Virtual Size: '0xdc'
-    .pdata:
-      Entropy: 0.0
-      Virtual Size: '0x210'
-    INIT:
-      Entropy: 0.0
-      Virtual Size: '0x6e4'
-    .vmp0:
-      Entropy: 0.0
-      Virtual Size: '0x14a8f5'
-    .vmp1:
-      Entropy: 2.75
-      Virtual Size: '0x8'
-    .vmp2:
-      Entropy: 7.68378408308375
-      Virtual Size: '0x28e558'
-    .reloc:
-      Entropy: 3.782851919585966
-      Virtual Size: '0xe8'
-  Signature:
-  - Microsoft Windows Hardware Compatibility Publisher
-  - Microsoft Windows Third Party Component CA 2014
-  - Microsoft Root Certificate Authority 2010
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Hardware Compatibility Publisher
-      ValidFrom: '2022-06-07 18:08:06'
-      ValidTo: '2023-06-01 18:08:06'
-      Signature: 0a835e40cdb627d4f0a0d3dbbf64a46a05c132d0b5df9d11cd9c195d7037737057d57a342732ae68d67de47f460e7211c7c40dc29b0a079caff871c4834a9a2fc85e759de9b78659ad6fd79b7320e538e9ba5d52227ad67cc00b0a770ef662af3d743a558643ad89cfb015591709a69b6271a9b65db71898e7cb9964c6376dc474898301a6133198b486b518fdd9d7b9723dcffc441e026833f7c72e27986026c97b9184a0048b10d1fe6847ae467f02173f7a69120be780e5b6b9e6399402cc58735a31b537cc33578fbea443135a4a612359150bcf9ab316f6a9248bc71ef3f3480b9b3fa2341692bc3a121d80214688f7bd87d5ec56dcbd0ea61abf2c7ed2b739a07590adb596d401735d955f5f94c591d69ab4363a42f9fca549d439495711ff7990448c03724792ed4acf31f2b35b136c1b2f37aa82b1aabf7daf059dcb2e976e95311ec6e9cc53876dd09632cf512d39c801849a7c1088a565691953e07c7ff17b22518e982dd2dcc0feda8c834ca1f5e247aef1c3af5f13cd4b8cc1b6c0179bc876db88d677047c34366533e349796dbdea86389ad640710b7742ae8cc4ec88f10fa80ede4b1c93f81b55480fc8228216d54813df0327e74b3db9f3512a40c0568e4215827f9b7a2613deea72a7ec4df2def05e5559015049fe83edc83300526045cb128119e131b7d3573b268e24b0a25b9ad59f6301c8fc8f409322
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 3300000057ee4d659a923e7c10000000000057
-      Version: 3
-      TBS:
-        MD5: fdc11a5676aed4e9cc0c09eeb7450dfb
-        SHA1: 4902077d9a05d4231b791d3b05bafa4a79132f03
-        SHA256: 5db56c23d83bf67c7152e28ad4a684a7372b4ae4f52afe7a81ce91eef94caec3
-        SHA384: c952d7f0e0ea5216ce4400601fb7c0829f0f3fcd6eb2b5b9112fbe45d133e00c4abd660f8e1794f7ac4ef95123e2c0ab
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2014
-      ValidFrom: '2014-10-15 20:31:27'
-      ValidTo: '2029-10-15 20:41:27'
-      Signature: 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 330000000d690d5d7893d076df00000000000d
-      Version: 3
-      TBS:
-        MD5: 83f69422963f11c3c340b81712eef319
-        SHA1: 0c5e5f24590b53bc291e28583acb78e5adc95601
-        SHA256: d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
-        SHA384: 260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63
-    Signer:
-    - SerialNumber: 3300000057ee4d659a923e7c10000000000057
-      Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2014
-      Version: 1
-  Imphash: e717abe060bc5c34925fe3120ac22f45
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: malicious
+Commands:
+    Command: sc.exe create NodeDriver.sys binPath=C:\windows\temp\NodeDriver.sys type=kernel
+        && sc.exe start NodeDriver.sys
+    Description: Driver categorized as POORTRY by Mandiant.
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://www.mandiant.com/resources/blog/hunting-attestation-signed-malware
 - ''
-Tags:
-- NodeDriver.sys
-Verified: 'TRUE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: cb01e86f3c5a26629d53856c5e4990ec
+        SHA1: fbbb429de5458a274b4a4ab44ed6785139f4a7e4
+        SHA256: 43374fd68dc06c8491b16d177156444ee44f497bbceafd0165f40ba48bf6802f
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2022-08-20 09:19:01'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: NodeDriver.sys
+    ImportedFunctions:
+    - WskCaptureProviderNPI
+    - ExAllocatePoolWithTag
+    - ExAllocatePool
+    - NtQuerySystemInformation
+    - ExFreePoolWithTag
+    - IoAllocateMdl
+    - MmProbeAndLockPages
+    - MmMapLockedPagesSpecifyCache
+    - MmUnlockPages
+    - IoFreeMdl
+    - KeQueryActiveProcessors
+    - KeSetSystemAffinityThread
+    - KeRevertToUserAffinityThread
+    - DbgPrint
+    - KeQueryPerformanceCounter
+    Imports:
+    - NETIO.SYS
+    - ntoskrnl.exe
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: ee6b1a79cb6641aa44c762ee90786fe0
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: ffdf660eb1ebf020a1d0a55a90712dfb
+        SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
+        SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
+    SHA1: 3ef30c95e40a854cc4ded94fc503d0c3dc3e620e
+    SHA256: 05b146a48a69dd62a02759487e769bd30d39f16374bc76c86453b4ae59e7ffa4
+    Sections:
+        .text:
+            Entropy: 0.0
+            Virtual Size: '0x1ffb'
+        .rdata:
+            Entropy: 0.0
+            Virtual Size: '0x96c'
+        .data:
+            Entropy: 0.0
+            Virtual Size: '0xdc'
+        .pdata:
+            Entropy: 0.0
+            Virtual Size: '0x210'
+        INIT:
+            Entropy: 0.0
+            Virtual Size: '0x6e4'
+        .vmp0:
+            Entropy: 0.0
+            Virtual Size: '0x14a8f5'
+        .vmp1:
+            Entropy: 2.75
+            Virtual Size: '0x8'
+        .vmp2:
+            Entropy: 7.68378408308375
+            Virtual Size: '0x28e558'
+        .reloc:
+            Entropy: 3.782851919585966
+            Virtual Size: '0xe8'
+    Signature:
+    - Microsoft Windows Hardware Compatibility Publisher
+    - Microsoft Windows Third Party Component CA 2014
+    - Microsoft Root Certificate Authority 2010
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Hardware Compatibility Publisher
+            ValidFrom: '2022-06-07 18:08:06'
+            ValidTo: '2023-06-01 18:08:06'
+            Signature: 0a835e40cdb627d4f0a0d3dbbf64a46a05c132d0b5df9d11cd9c195d7037737057d57a342732ae68d67de47f460e7211c7c40dc29b0a079caff871c4834a9a2fc85e759de9b78659ad6fd79b7320e538e9ba5d52227ad67cc00b0a770ef662af3d743a558643ad89cfb015591709a69b6271a9b65db71898e7cb9964c6376dc474898301a6133198b486b518fdd9d7b9723dcffc441e026833f7c72e27986026c97b9184a0048b10d1fe6847ae467f02173f7a69120be780e5b6b9e6399402cc58735a31b537cc33578fbea443135a4a612359150bcf9ab316f6a9248bc71ef3f3480b9b3fa2341692bc3a121d80214688f7bd87d5ec56dcbd0ea61abf2c7ed2b739a07590adb596d401735d955f5f94c591d69ab4363a42f9fca549d439495711ff7990448c03724792ed4acf31f2b35b136c1b2f37aa82b1aabf7daf059dcb2e976e95311ec6e9cc53876dd09632cf512d39c801849a7c1088a565691953e07c7ff17b22518e982dd2dcc0feda8c834ca1f5e247aef1c3af5f13cd4b8cc1b6c0179bc876db88d677047c34366533e349796dbdea86389ad640710b7742ae8cc4ec88f10fa80ede4b1c93f81b55480fc8228216d54813df0327e74b3db9f3512a40c0568e4215827f9b7a2613deea72a7ec4df2def05e5559015049fe83edc83300526045cb128119e131b7d3573b268e24b0a25b9ad59f6301c8fc8f409322
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 3300000057ee4d659a923e7c10000000000057
+            Version: 3
+            TBS:
+                MD5: fdc11a5676aed4e9cc0c09eeb7450dfb
+                SHA1: 4902077d9a05d4231b791d3b05bafa4a79132f03
+                SHA256: 5db56c23d83bf67c7152e28ad4a684a7372b4ae4f52afe7a81ce91eef94caec3
+                SHA384: c952d7f0e0ea5216ce4400601fb7c0829f0f3fcd6eb2b5b9112fbe45d133e00c4abd660f8e1794f7ac4ef95123e2c0ab
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2014
+            ValidFrom: '2014-10-15 20:31:27'
+            ValidTo: '2029-10-15 20:41:27'
+            Signature: 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 330000000d690d5d7893d076df00000000000d
+            Version: 3
+            TBS:
+                MD5: 83f69422963f11c3c340b81712eef319
+                SHA1: 0c5e5f24590b53bc291e28583acb78e5adc95601
+                SHA256: d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
+                SHA384: 260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63
+        Signer:
+        -   SerialNumber: 3300000057ee4d659a923e7c10000000000057
+            Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2014
+            Version: 1
+    Imphash: e717abe060bc5c34925fe3120ac22f45
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/7a722cd5-69ec-4680-9f20-9387f249a891.yaml b/yaml/7a722cd5-69ec-4680-9f20-9387f249a891.yaml
index c3e58e7c0..019850ed2 100644
--- a/yaml/7a722cd5-69ec-4680-9f20-9387f249a891.yaml
+++ b/yaml/7a722cd5-69ec-4680-9f20-9387f249a891.yaml
@@ -1,1864 +1,1864 @@
 Id: 7a722cd5-69ec-4680-9f20-9387f249a891
+Tags:
+- ElbyCDIO.sys
+Verified: 'TRUE'
 Author: Nasreddine Bencherchali
 Created: '2023-05-06'
 MitreID: T1068
 Category: vulnerable driver
-Verified: 'TRUE'
 Commands:
-  Command: sc.exe create ElbyCDIO.sys binPath=C:\windows\temp\ElbyCDIO.sys type=kernel
-    && sc.exe start ElbyCDIO.sys
-  Description: ''
-  Usecase: Elevate privileges
-  Privileges: kernel
-  OperatingSystem: Windows 10
+    Command: sc.exe create ElbyCDIO.sys binPath=C:\windows\temp\ElbyCDIO.sys type=kernel
+        && sc.exe start ElbyCDIO.sys
+    Description: ''
+    Usecase: Elevate privileges
+    Privileges: kernel
+    OperatingSystem: Windows 10
 Resources:
 - Internal Research
-Acknowledgement:
-  Person: ''
-  Handle: ''
 Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Person: ''
+    Handle: ''
 KnownVulnerableSamples:
-- Filename: ElbyCDIO.sys
-  MD5: 702d5606cf2199e0edea6f0e0d27cd10
-  SHA1: 879e327292616c56bd4aafc279fbda6cc393b74d
-  SHA256: 238046cfe126a1f8ab96d8b62f6aa5ec97bab830e2bae5b1b6ab2d31894c79e4
-  Authentihash:
-    MD5: 350ab25a105b2fee583f1b903d48788e
-    SHA1: 23a6345ab41ff68e31cef025de23cc8c81c90725
-    SHA256: 86236392bb2cc77100bd83d34a30e3fb60aa727d0b11c147a838d9a205bae80e
-  Description: ElbyCD Windows x64 I/O driver
-  Company: Elaborate Bytes AG
-  InternalName: ElbyCDIO
-  OriginalFilename: ElbyCDIO.sys
-  FileVersion: 6, 0, 3, 2
-  Product: CDRTools
-  ProductVersion: 6, 0, 0, 0
-  Copyright: Copyright (C) 2000 - 2009 Elaborate Bytes AG
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - KeAcquireSpinLockRaiseToDpc
-  - KeReleaseSpinLock
-  - KeWaitForSingleObject
-  - KeReleaseMutex
-  - __C_specific_handler
-  - ProbeForRead
-  - ProbeForWrite
-  - ZwReadFile
-  - ZwWriteFile
-  - ZwCreateFile
-  - RtlInitUnicodeString
-  - swprintf
-  - ZwQueryVolumeInformationFile
-  - ZwOpenFile
-  - ZwClose
-  - ZwQuerySymbolicLinkObject
-  - ZwOpenSymbolicLinkObject
-  - PsTerminateSystemThread
-  - ZwSetInformationThread
-  - ObfDereferenceObject
-  - ObReferenceObjectByHandle
-  - PsCreateSystemThread
-  - KeInitializeEvent
-  - PsGetCurrentProcessId
-  - IofCompleteRequest
-  - KeInitializeMutex
-  - ExAllocatePool
-  - ExFreePool
-  - RtlFreeUnicodeString
-  - RtlAnsiStringToUnicodeString
-  - RtlInitAnsiString
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - IofCallDriver
-  - IoBuildDeviceIoControlRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeBugCheckEx
-  - KeSetEvent
-  - KeQueryPerformanceCounter
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
-        Primary Object Publishing CA
-      ValidFrom: '1999-01-28 12:00:00'
-      ValidTo: '2014-01-27 11:00:00'
-      Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9611cd6
-      Version: 3
-      TBS:
-        MD5: 698f075151097d84c0b1f3e7bc3d6fca
-        SHA1: 041750993d7c9e063f02dfe74699598640911aab
-        SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
-        SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
-    - Subject: C=CH, O=Elaborate Bytes AG, CN=Elaborate Bytes AG, emailAddress=admin@elby.ch
-      ValidFrom: '2008-12-23 13:26:11'
-      ValidTo: '2011-12-23 13:26:11'
-      Signature: 5a634dbf49c9d1dbe5ed4b484689b4f95ee13686141c393683a1decdc986cf94613342607a120df492112daaa92fd772bbbcb1c0f14cec7c0c20304c92d62508859c387138f2d145dbcc54c561f1b9dd73d3686ae3859ea986e4f539db7495a64b551b60d6f976ae6075ca3f6dbe1187b875ee267784b5baefaa850078595fb8b1c8944c9c3da355a802ebc52eacb9bdffdd57b0aae5f49c02c5ae6505b7ca1afb2b29e39374eab8bf1e643c3e1c8240dc113ceb078c70a401e92d0610538eaed48e291cad84635d6100930c8e7b9801323490e4f3e58d9f9fea04843f06633f8b8a8774d2b679be008d1d92bb31815f8f01c5e08144ed9574a605b245de2ba7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0100000000011e643e96d0
-      Version: 3
-      TBS:
-        MD5: f39798a2df6dda6c76b4697e743c8b80
-        SHA1: d97d9f0d2cad2881eda58fa0467cff6396be6408
-        SHA256: 5086b06e5d91585b5a110b3ec4048ce6a43a58e4fc7eb8aa99c391af5b2f8d9f
-        SHA384: 99096e0926f74d7dd4bc744bea78d7310e623f6c782a3f38d4db933e9cdf2bc8e1b813e5f6a0aacd8e59606f075e4afd
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      ValidFrom: '2004-01-22 09:00:00'
-      ValidTo: '2014-01-27 10:00:00'
-      Signature: 11d45d8af43d0d9d7e4fa70071610b56b34caa70e1b2d1dec7886d1d897c2ba946e58b1f8e4cc26695911fe34d394ae31b70b7446edc068a4d6d25e89812dcbca0dd864eae8f81130540905a542529944acaf165b4ef0679dae7cb86f004c918dcee72b320015748dfe333e12ccd9c077f9447278d888d340ca67c5c20c17d07b3736b648c26d29bd7e87965a6a891a174862a050282c1847cf279cd3c2a2b0f99291eea8c8a1ab16aeaa266380e65e1add8c6c91f888d3976ee1782c4138d97ce6341e77af5b4b66c15c33813b3930b620688dde1447f10a950248b60dc05f75ba514b27b56720b96eabffc057090659e051ca4dd07af4b57dec639673bc574
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9612448
-      Version: 3
-      TBS:
-        MD5: 2fc76031fc24eec1ef3db2d246d21d6a
-        SHA1: 75c3a1f76b9dfa31ef6bf56325e7bd0bf6e4779d
-        SHA256: 9238292d441c56dc89684c253343c17de3ed9cecd7f83d1d8f793b5ebc91f7b9
-        SHA384: 9279c1377eb701fdd79ef85038ff151cd8902169ba55fca84b9850f003563f73a1daaf869544252a2e42f06f58d2275f
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 0100000000011e643e96d0
-      Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 19c3041e63a42fad9800c3d4098a28a7
-    SHA1: 083ef31132cacb2ead9d826d90646517ca732570
-    SHA256: 3829fddcb11b40682e3936be4c0f376d99a9caf02692368aef98332f68ce80e8
-  Sections:
-    .text:
-      Entropy: 6.236432237090433
-      Virtual Size: '0x3b02'
-    .rdata:
-      Entropy: 6.243435646899353
-      Virtual Size: '0xb78'
-    .data:
-      Entropy: 0.5159719988134768
-      Virtual Size: '0x110'
-    .pdata:
-      Entropy: 4.200185461485669
-      Virtual Size: '0x30c'
-    INIT:
-      Entropy: 5.002469637112522
-      Virtual Size: '0x562'
-    .rsrc:
-      Entropy: 3.322459175866386
-      Virtual Size: '0x4a8'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2009-02-17 10:11:23'
-  Imphash: 959dce366573a7aae10b74a08931722a
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: ElbyCDIO.sys
-  MD5: 945ef111161bae49075107e5bc11a23f
-  SHA1: ea37a4241fa4d92c168d052c4e095ccd22a83080
-  SHA256: 2fbbc276737047cb9b3ba5396756d28c1737342d89dce1b64c23a9c4513ae445
-  Authentihash:
-    MD5: 5560e048b895a592a481f9340852e3cd
-    SHA1: 1e73dbe3d0bed9def62c1f76a0c58aa6c61e8f74
-    SHA256: d378162a47648bed192270ab4ddd67c99b4ebe8093a267fa1fe1e092559504b0
-  Description: ElbyCD Windows NT/2000/XP I/O driver
-  Company: Elaborate Bytes AG
-  InternalName: ElbyCDIO
-  OriginalFilename: ElbyCDIO.sys
-  FileVersion: 6, 0, 0, 2
-  Product: CDRTools
-  ProductVersion: 6, 0, 0, 0
-  Copyright: Copyright (C) 2000 - 2007 Elaborate Bytes AG
-  MachineType: I386
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - KeWaitForSingleObject
-  - RtlFreeUnicodeString
-  - ZwCreateFile
-  - RtlAnsiStringToUnicodeString
-  - RtlInitAnsiString
-  - ZwCreateKey
-  - ZwOpenKey
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - IofCallDriver
-  - IoBuildDeviceIoControlRequest
-  - KeInitializeEvent
-  - IoFreeMdl
-  - MmUnlockPages
-  - KeReleaseMutex
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - ExFreePool
-  - ObfDereferenceObject
-  - ObReferenceObjectByHandle
-  - ExAllocatePool
-  - ZwDeleteKey
-  - ZwClose
-  - ZwDeviceIoControlFile
-  - IoCreateSymbolicLink
-  - KeInitializeMutex
-  - IoCreateDevice
-  - RtlUnwind
-  - KeTickCount
-  - MmMapLockedPages
-  - IofCompleteRequest
-  - KeQueryPerformanceCounter
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=CH, O=Elaborate Bytes AG, CN=Elaborate Bytes AG, emailAddress=admin@elby.ch
-      ValidFrom: '2006-12-07 11:07:29'
-      ValidTo: '2008-12-07 11:07:29'
-      Signature: 312a78bb7289ca49f93bb483f0a56c77003b9bc3dda8096af5a455a642aeb201ceaadcacce82396eadef1bc05108e296eae1d8d074949170f28f78fa24bed56e7dca69067866d2d790c10929db5d6e7026906dc96a4c3e2b0254b86328393272826bad272dc3911b2c3ec6832d88e95a696d7e5da86c3f946c306df5a5d7e78b0cba5df4d78035e76fa33c452afc780ffe36246c58fdd0e150d22fce7df4dd954eae19a60009e5b99b8649b6d728a46bd9f90ddfbccb6951dfa7b106a6d0fda3b76b23ef475dcf2d1147ae15d4d34035e1929681fe802dfbc5bbbcd98e107c39cbe07cce6911a9202709853bcc4748fde8dc409b7939be5e4b6c97fb90dc6031
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0100000000010f5c98b8f5
-      Version: 3
-      TBS:
-        MD5: 832074a51bea8e4758c8dfeb2e96ad84
-        SHA1: 04ba895ed074635a01875a1f25da93e2e2cbbfba
-        SHA256: c5ba90a16c07cee0cb480ee21c9bedaf3ea4cbe004589b74fb9c2c0bedbc7c1b
-        SHA384: 94a7139c5e1fb29c73f8882dc40027a3929d0aab66c9be0138707c68ba43a1f329477f4bcec47cb0d0d48e918fecc91d
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
-        Primary Object Publishing CA
-      ValidFrom: '1999-01-28 12:00:00'
-      ValidTo: '2014-01-27 11:00:00'
-      Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9611cd6
-      Version: 3
-      TBS:
-        MD5: 698f075151097d84c0b1f3e7bc3d6fca
-        SHA1: 041750993d7c9e063f02dfe74699598640911aab
-        SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
-        SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2008-12-03 23:59:59'
-      Signature: 877870da4e5201205be079c98230c4fdb91996bd9100c3bdcdcdc6f40ed8fff94dc033623011c5f5741bd492de5f9c2013b17c45be50cd83e7801783a72793671346fbcab8984103cc9b515b058b7fa86ff31b501b242ef2698d6c22f7bbca1695ed0c74c06877d9eb996287c17390f889747a23aba3987b97b1f78f29714d2e751b4841daf0b50d2054d677a097826369fd09cf8af075bb099bd9f91155269a6132be7a02b07b86bea2c38b222c78d13576bc92735cf9b9e64c150a23cce4d2d4342e4940153c0f607a24c6a566ef96cf70eb3ee7f40d7edcd17ca3767169c19c4f47303521b1a2af1a623c2bd98eaa2a077bd818b35c7be29da56ffe3c89ad
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0de92bf0d4d82988183205095e9a7688
-      Version: 3
-      TBS:
-        MD5: 45c204b8a20f6abb0188d2d38a3fb0c9
-        SHA1: cdf3a3c5c2eda4c29621f30fd3154f9f8c765739
-        SHA256: e32839dddc0f4ed2474efaf37f59d46db400c700fd19533cb0895a111124bc77
-        SHA384: ee9c75832cb252218b3201619852209df490d2ef7a5f7a28afdb37f1c1dd56f4604898838e558f615b1c798d4a488223
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      ValidFrom: '2004-01-22 09:00:00'
-      ValidTo: '2014-01-27 10:00:00'
-      Signature: 11d45d8af43d0d9d7e4fa70071610b56b34caa70e1b2d1dec7886d1d897c2ba946e58b1f8e4cc26695911fe34d394ae31b70b7446edc068a4d6d25e89812dcbca0dd864eae8f81130540905a542529944acaf165b4ef0679dae7cb86f004c918dcee72b320015748dfe333e12ccd9c077f9447278d888d340ca67c5c20c17d07b3736b648c26d29bd7e87965a6a891a174862a050282c1847cf279cd3c2a2b0f99291eea8c8a1ab16aeaa266380e65e1add8c6c91f888d3976ee1782c4138d97ce6341e77af5b4b66c15c33813b3930b620688dde1447f10a950248b60dc05f75ba514b27b56720b96eabffc057090659e051ca4dd07af4b57dec639673bc574
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9612448
-      Version: 3
-      TBS:
-        MD5: 2fc76031fc24eec1ef3db2d246d21d6a
-        SHA1: 75c3a1f76b9dfa31ef6bf56325e7bd0bf6e4779d
-        SHA256: 9238292d441c56dc89684c253343c17de3ed9cecd7f83d1d8f793b5ebc91f7b9
-        SHA384: 9279c1377eb701fdd79ef85038ff151cd8902169ba55fca84b9850f003563f73a1daaf869544252a2e42f06f58d2275f
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 0100000000010f5c98b8f5
-      Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: c15e20cb179a835c6a295f891d4f43f6
-    SHA1: fb716dec77e711df26bca8c29284c5c21c92a808
-    SHA256: 626b9fbb41fcf7bc7185e02b6d4ca83f5070929c4645876c4b19aa50765655e1
-  Sections:
-    .text:
-      Entropy: 6.014899913315142
-      Virtual Size: '0xe10'
-    .rdata:
-      Entropy: 3.9543650485820954
-      Virtual Size: '0x178'
-    .data:
-      Entropy: 1.9182958340544898
-      Virtual Size: '0x18'
-    INIT:
-      Entropy: 5.282185901600035
-      Virtual Size: '0x3a0'
-    .rsrc:
-      Entropy: 3.3264202882353087
-      Virtual Size: '0x4d8'
-    .reloc:
-      Entropy: 4.897249100220145
-      Virtual Size: '0x134'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2007-02-28 13:56:05'
-  Imphash: b91054cdc4c8b3169cfe6c157f6d9f07
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: ElbyCDIO.sys
-  MD5: 24fe18891c173a7c76426d08d2b0630e
-  SHA1: f640c94e71921479cc48d06b59aba41ffa50a769
-  SHA256: 5cfad3d473961763306d72c12bd5ae14183a1a5778325c9acacca764b79ca185
-  Authentihash:
-    MD5: 46eca1eab6ab83208b56787f55ed4117
-    SHA1: 1b62759087cbe7f5f9a82477bc2f2b19bb51f41d
-    SHA256: e35d09a903d76810830aff2fc87bb3071026d982a334b3ee4c68f66cba865109
-  Description: ElbyCD Windows NT/2000/XP I/O driver
-  Company: Elaborate Bytes AG
-  InternalName: ElbyCDIO
-  OriginalFilename: ElbyCDIO.sys
-  FileVersion: 6, 0, 1, 1
-  Product: CDRTools
-  ProductVersion: 6, 0, 0, 0
-  Copyright: Copyright (C) 2000 - 2008 Elaborate Bytes AG
-  MachineType: I386
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - ZwWriteFile
-  - ZwCreateFile
-  - RtlInitUnicodeString
-  - swprintf
-  - ZwQueryVolumeInformationFile
-  - ZwOpenFile
-  - ZwClose
-  - ZwQuerySymbolicLinkObject
-  - ZwOpenSymbolicLinkObject
-  - PsTerminateSystemThread
-  - ZwSetInformationThread
-  - KeWaitForSingleObject
-  - KeSetEvent
-  - ObfDereferenceObject
-  - ObReferenceObjectByHandle
-  - PsCreateSystemThread
-  - KeInitializeEvent
-  - KeReleaseMutex
-  - PsGetCurrentProcessId
-  - IofCompleteRequest
-  - KeInitializeMutex
-  - ZwReadFile
-  - RtlFreeUnicodeString
-  - RtlAnsiStringToUnicodeString
-  - RtlInitAnsiString
-  - ZwCreateKey
-  - ZwOpenKey
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - IofCallDriver
-  - IoBuildDeviceIoControlRequest
-  - IoFreeMdl
-  - MmUnlockPages
-  - MmMapLockedPages
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - _except_handler3
-  - ZwDeleteKey
-  - ZwDeviceIoControlFile
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeTickCount
-  - KeBugCheckEx
-  - KeInitializeSpinLock
-  - ExFreePool
-  - ExAllocatePool
-  - KfReleaseSpinLock
-  - KfAcquireSpinLock
-  - KeQueryPerformanceCounter
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=CH, O=Elaborate Bytes AG, CN=Elaborate Bytes AG, emailAddress=admin@elby.ch
-      ValidFrom: '2006-12-07 11:07:29'
-      ValidTo: '2008-12-07 11:07:29'
-      Signature: 312a78bb7289ca49f93bb483f0a56c77003b9bc3dda8096af5a455a642aeb201ceaadcacce82396eadef1bc05108e296eae1d8d074949170f28f78fa24bed56e7dca69067866d2d790c10929db5d6e7026906dc96a4c3e2b0254b86328393272826bad272dc3911b2c3ec6832d88e95a696d7e5da86c3f946c306df5a5d7e78b0cba5df4d78035e76fa33c452afc780ffe36246c58fdd0e150d22fce7df4dd954eae19a60009e5b99b8649b6d728a46bd9f90ddfbccb6951dfa7b106a6d0fda3b76b23ef475dcf2d1147ae15d4d34035e1929681fe802dfbc5bbbcd98e107c39cbe07cce6911a9202709853bcc4748fde8dc409b7939be5e4b6c97fb90dc6031
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0100000000010f5c98b8f5
-      Version: 3
-      TBS:
-        MD5: 832074a51bea8e4758c8dfeb2e96ad84
-        SHA1: 04ba895ed074635a01875a1f25da93e2e2cbbfba
-        SHA256: c5ba90a16c07cee0cb480ee21c9bedaf3ea4cbe004589b74fb9c2c0bedbc7c1b
-        SHA384: 94a7139c5e1fb29c73f8882dc40027a3929d0aab66c9be0138707c68ba43a1f329477f4bcec47cb0d0d48e918fecc91d
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
-        Primary Object Publishing CA
-      ValidFrom: '1999-01-28 12:00:00'
-      ValidTo: '2014-01-27 11:00:00'
-      Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9611cd6
-      Version: 3
-      TBS:
-        MD5: 698f075151097d84c0b1f3e7bc3d6fca
-        SHA1: 041750993d7c9e063f02dfe74699598640911aab
-        SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
-        SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      ValidFrom: '2004-01-22 09:00:00'
-      ValidTo: '2014-01-27 10:00:00'
-      Signature: 11d45d8af43d0d9d7e4fa70071610b56b34caa70e1b2d1dec7886d1d897c2ba946e58b1f8e4cc26695911fe34d394ae31b70b7446edc068a4d6d25e89812dcbca0dd864eae8f81130540905a542529944acaf165b4ef0679dae7cb86f004c918dcee72b320015748dfe333e12ccd9c077f9447278d888d340ca67c5c20c17d07b3736b648c26d29bd7e87965a6a891a174862a050282c1847cf279cd3c2a2b0f99291eea8c8a1ab16aeaa266380e65e1add8c6c91f888d3976ee1782c4138d97ce6341e77af5b4b66c15c33813b3930b620688dde1447f10a950248b60dc05f75ba514b27b56720b96eabffc057090659e051ca4dd07af4b57dec639673bc574
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9612448
-      Version: 3
-      TBS:
-        MD5: 2fc76031fc24eec1ef3db2d246d21d6a
-        SHA1: 75c3a1f76b9dfa31ef6bf56325e7bd0bf6e4779d
-        SHA256: 9238292d441c56dc89684c253343c17de3ed9cecd7f83d1d8f793b5ebc91f7b9
-        SHA384: 9279c1377eb701fdd79ef85038ff151cd8902169ba55fca84b9850f003563f73a1daaf869544252a2e42f06f58d2275f
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 0100000000010f5c98b8f5
-      Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 27082193599c13d88cd3571465c0869f
-    SHA1: 0ca5abc904d8a25537355902fe3e897263b7c780
-    SHA256: 345dc7d1b4b40f3ae817e86ae8a68038f88f5c21c8c34876e2f0c320a681e724
-  Sections:
-    .text:
-      Entropy: 6.424057457116316
-      Virtual Size: '0x2bf0'
-    .rdata:
-      Entropy: 7.160715749285086
-      Virtual Size: '0x5d4'
-    .data:
-      Entropy: 2.0
-      Virtual Size: '0x4'
-    INIT:
-      Entropy: 5.4154107889213075
-      Virtual Size: '0x538'
-    .rsrc:
-      Entropy: 3.332445756647145
-      Virtual Size: '0x4d8'
-    .reloc:
-      Entropy: 5.01593937139053
-      Virtual Size: '0x1c2'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2008-07-16 14:59:48'
-  Imphash: 3a4e0bc46866ca54459753f62c879b62
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: ElbyCDIO.sys
-  MD5: aaa8999a169e39fb8b48ae49cd6ac30a
-  SHA1: 2eeab9786dac3f5f69e642f6e29f4e4819038551
-  SHA256: 8137ce22d0d0fc5ea5b174d6ad3506a4949506477b1325da2ccb76511f4c4f60
-  Authentihash:
-    MD5: efa9728ff65fc5bd690400a9a6252642
-    SHA1: b827692fe57b0b51f7671d55c0a5dd6446342acd
-    SHA256: 911541d26b605a97ba099563b9eb7e027c102f139dba5884a57df5a13cf3dcef
-  Description: ElbyCD Windows NT/2000/XP I/O driver
-  Company: Elaborate Bytes AG
-  InternalName: ElbyCDIO
-  OriginalFilename: ElbyCDIO.sys
-  FileVersion: 6, 0, 1, 0
-  Product: CDRTools
-  ProductVersion: 6, 0, 0, 0
-  Copyright: Copyright (C) 2000 - 2007 Elaborate Bytes AG
-  MachineType: I386
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - ZwWriteFile
-  - ZwClose
-  - ZwSetInformationFile
-  - ZwQueryInformationFile
-  - ZwOpenFile
-  - RtlInitUnicodeString
-  - ZwCreateFile
-  - ZwCreateKey
-  - swprintf
-  - ZwQueryVolumeInformationFile
-  - ZwQuerySymbolicLinkObject
-  - ZwOpenSymbolicLinkObject
-  - ZwQueryValueKey
-  - ZwOpenKey
-  - ZwSetValueKey
-  - ZwSetInformationThread
-  - PsTerminateSystemThread
-  - KeWaitForSingleObject
-  - KeSetEvent
-  - ObfDereferenceObject
-  - ObReferenceObjectByHandle
-  - PsCreateSystemThread
-  - KeInitializeEvent
-  - ZwReadFile
-  - PsGetCurrentProcessId
-  - IofCompleteRequest
-  - KeInitializeMutex
-  - ExAllocatePool
-  - RtlFreeUnicodeString
-  - RtlAnsiStringToUnicodeString
-  - RtlInitAnsiString
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - IofCallDriver
-  - IoBuildDeviceIoControlRequest
-  - IoFreeMdl
-  - MmUnlockPages
-  - MmMapLockedPages
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - _except_handler3
-  - ZwDeleteKey
-  - ZwDeviceIoControlFile
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeTickCount
-  - KeBugCheckEx
-  - KeInitializeSpinLock
-  - ExFreePool
-  - KeReleaseMutex
-  - KfReleaseSpinLock
-  - KfAcquireSpinLock
-  - KeQueryPerformanceCounter
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=CH, O=Elaborate Bytes AG, CN=Elaborate Bytes AG, emailAddress=admin@elby.ch
-      ValidFrom: '2006-12-07 11:07:29'
-      ValidTo: '2008-12-07 11:07:29'
-      Signature: 312a78bb7289ca49f93bb483f0a56c77003b9bc3dda8096af5a455a642aeb201ceaadcacce82396eadef1bc05108e296eae1d8d074949170f28f78fa24bed56e7dca69067866d2d790c10929db5d6e7026906dc96a4c3e2b0254b86328393272826bad272dc3911b2c3ec6832d88e95a696d7e5da86c3f946c306df5a5d7e78b0cba5df4d78035e76fa33c452afc780ffe36246c58fdd0e150d22fce7df4dd954eae19a60009e5b99b8649b6d728a46bd9f90ddfbccb6951dfa7b106a6d0fda3b76b23ef475dcf2d1147ae15d4d34035e1929681fe802dfbc5bbbcd98e107c39cbe07cce6911a9202709853bcc4748fde8dc409b7939be5e4b6c97fb90dc6031
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0100000000010f5c98b8f5
-      Version: 3
-      TBS:
-        MD5: 832074a51bea8e4758c8dfeb2e96ad84
-        SHA1: 04ba895ed074635a01875a1f25da93e2e2cbbfba
-        SHA256: c5ba90a16c07cee0cb480ee21c9bedaf3ea4cbe004589b74fb9c2c0bedbc7c1b
-        SHA384: 94a7139c5e1fb29c73f8882dc40027a3929d0aab66c9be0138707c68ba43a1f329477f4bcec47cb0d0d48e918fecc91d
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
-        Primary Object Publishing CA
-      ValidFrom: '1999-01-28 12:00:00'
-      ValidTo: '2014-01-27 11:00:00'
-      Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9611cd6
-      Version: 3
-      TBS:
-        MD5: 698f075151097d84c0b1f3e7bc3d6fca
-        SHA1: 041750993d7c9e063f02dfe74699598640911aab
-        SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
-        SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      ValidFrom: '2004-01-22 09:00:00'
-      ValidTo: '2014-01-27 10:00:00'
-      Signature: 11d45d8af43d0d9d7e4fa70071610b56b34caa70e1b2d1dec7886d1d897c2ba946e58b1f8e4cc26695911fe34d394ae31b70b7446edc068a4d6d25e89812dcbca0dd864eae8f81130540905a542529944acaf165b4ef0679dae7cb86f004c918dcee72b320015748dfe333e12ccd9c077f9447278d888d340ca67c5c20c17d07b3736b648c26d29bd7e87965a6a891a174862a050282c1847cf279cd3c2a2b0f99291eea8c8a1ab16aeaa266380e65e1add8c6c91f888d3976ee1782c4138d97ce6341e77af5b4b66c15c33813b3930b620688dde1447f10a950248b60dc05f75ba514b27b56720b96eabffc057090659e051ca4dd07af4b57dec639673bc574
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9612448
-      Version: 3
-      TBS:
-        MD5: 2fc76031fc24eec1ef3db2d246d21d6a
-        SHA1: 75c3a1f76b9dfa31ef6bf56325e7bd0bf6e4779d
-        SHA256: 9238292d441c56dc89684c253343c17de3ed9cecd7f83d1d8f793b5ebc91f7b9
-        SHA384: 9279c1377eb701fdd79ef85038ff151cd8902169ba55fca84b9850f003563f73a1daaf869544252a2e42f06f58d2275f
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 0100000000010f5c98b8f5
-      Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 2bd828d8b8ded8e0c78b284e2297acf9
-    SHA1: 2ab50048d7b02cbbbffdf54058b0df8f317c21af
-    SHA256: 56c02208d99c7edffe52c78ded19f95263f6e97639c8f4c6497ebf2191a732fd
-  Sections:
-    .text:
-      Entropy: 6.372399086395989
-      Virtual Size: '0x2e68'
-    .rdata:
-      Entropy: 7.130199720860538
-      Virtual Size: '0x5e4'
-    .data:
-      Entropy: 2.0
-      Virtual Size: '0x4'
-    INIT:
-      Entropy: 5.4063363613622535
-      Virtual Size: '0x59c'
-    .rsrc:
-      Entropy: 3.323528167515758
-      Virtual Size: '0x4d8'
-    .reloc:
-      Entropy: 5.105327103742467
-      Virtual Size: '0x1f0'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2007-08-07 13:48:32'
-  Imphash: f4b8d579fbdb32eabd01954394f5bf3a
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: ElbyCDIO.sys
-  MD5: d21fba3d09e5b060bd08796916166218
-  SHA1: caa0cb48368542a54949be18475d45b342fb76e5
-  SHA256: 82fbcb371d53b8a76a25fbbafaae31147c0d1f6b9f26b3ea45262c2267386989
-  Authentihash:
-    MD5: 2b8c47b3e15625119ef7576646fdefda
-    SHA1: 5ad820b5cac4e44ded1534169631e7d3fc8547d1
-    SHA256: 8907c476440abdd7f71feb068443a7c9736aa6bf625dfb8b6931c46341aa4abf
-  Description: ElbyCD Windows NT/2000/XP I/O driver
-  Company: Elaborate Bytes AG
-  InternalName: ElbyCDIO
-  OriginalFilename: ElbyCDIO.sys
-  FileVersion: 6, 0, 0, 7
-  Product: CDRTools
-  ProductVersion: 6, 0, 0, 0
-  Copyright: Copyright (C) 2000 - 2007 Elaborate Bytes AG
-  MachineType: I386
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - ZwWriteFile
-  - ZwClose
-  - ZwSetInformationFile
-  - ZwQueryInformationFile
-  - ZwOpenFile
-  - RtlInitUnicodeString
-  - ZwCreateFile
-  - ZwOpenKey
-  - swprintf
-  - ZwQueryVolumeInformationFile
-  - ZwQuerySymbolicLinkObject
-  - ZwOpenSymbolicLinkObject
-  - PsTerminateSystemThread
-  - ZwQueryInformationProcess
-  - ZwSetInformationThread
-  - KeReleaseMutex
-  - ObfDereferenceObject
-  - KeWaitForMultipleObjects
-  - PsCreateSystemThread
-  - KeWaitForSingleObject
-  - ObReferenceObjectByHandle
-  - ZwOpenProcess
-  - KeSetEvent
-  - KeInitializeEvent
-  - ZwReadFile
-  - IofCompleteRequest
-  - KeInitializeMutex
-  - ExAllocatePool
-  - RtlFreeUnicodeString
-  - RtlAnsiStringToUnicodeString
-  - RtlInitAnsiString
-  - ZwCreateKey
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - IofCallDriver
-  - IoBuildDeviceIoControlRequest
-  - IoFreeMdl
-  - MmUnlockPages
-  - MmMapLockedPages
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - _except_handler3
-  - ZwDeleteKey
-  - ZwDeviceIoControlFile
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeTickCount
-  - KeBugCheckEx
-  - KeInitializeSpinLock
-  - ExFreePool
-  - PsGetCurrentProcessId
-  - KfReleaseSpinLock
-  - KfAcquireSpinLock
-  - KeQueryPerformanceCounter
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=CH, O=Elaborate Bytes AG, CN=Elaborate Bytes AG, emailAddress=admin@elby.ch
-      ValidFrom: '2006-12-07 11:07:29'
-      ValidTo: '2008-12-07 11:07:29'
-      Signature: 312a78bb7289ca49f93bb483f0a56c77003b9bc3dda8096af5a455a642aeb201ceaadcacce82396eadef1bc05108e296eae1d8d074949170f28f78fa24bed56e7dca69067866d2d790c10929db5d6e7026906dc96a4c3e2b0254b86328393272826bad272dc3911b2c3ec6832d88e95a696d7e5da86c3f946c306df5a5d7e78b0cba5df4d78035e76fa33c452afc780ffe36246c58fdd0e150d22fce7df4dd954eae19a60009e5b99b8649b6d728a46bd9f90ddfbccb6951dfa7b106a6d0fda3b76b23ef475dcf2d1147ae15d4d34035e1929681fe802dfbc5bbbcd98e107c39cbe07cce6911a9202709853bcc4748fde8dc409b7939be5e4b6c97fb90dc6031
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0100000000010f5c98b8f5
-      Version: 3
-      TBS:
-        MD5: 832074a51bea8e4758c8dfeb2e96ad84
-        SHA1: 04ba895ed074635a01875a1f25da93e2e2cbbfba
-        SHA256: c5ba90a16c07cee0cb480ee21c9bedaf3ea4cbe004589b74fb9c2c0bedbc7c1b
-        SHA384: 94a7139c5e1fb29c73f8882dc40027a3929d0aab66c9be0138707c68ba43a1f329477f4bcec47cb0d0d48e918fecc91d
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
-        Primary Object Publishing CA
-      ValidFrom: '1999-01-28 12:00:00'
-      ValidTo: '2014-01-27 11:00:00'
-      Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9611cd6
-      Version: 3
-      TBS:
-        MD5: 698f075151097d84c0b1f3e7bc3d6fca
-        SHA1: 041750993d7c9e063f02dfe74699598640911aab
-        SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
-        SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      ValidFrom: '2004-01-22 09:00:00'
-      ValidTo: '2014-01-27 10:00:00'
-      Signature: 11d45d8af43d0d9d7e4fa70071610b56b34caa70e1b2d1dec7886d1d897c2ba946e58b1f8e4cc26695911fe34d394ae31b70b7446edc068a4d6d25e89812dcbca0dd864eae8f81130540905a542529944acaf165b4ef0679dae7cb86f004c918dcee72b320015748dfe333e12ccd9c077f9447278d888d340ca67c5c20c17d07b3736b648c26d29bd7e87965a6a891a174862a050282c1847cf279cd3c2a2b0f99291eea8c8a1ab16aeaa266380e65e1add8c6c91f888d3976ee1782c4138d97ce6341e77af5b4b66c15c33813b3930b620688dde1447f10a950248b60dc05f75ba514b27b56720b96eabffc057090659e051ca4dd07af4b57dec639673bc574
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9612448
-      Version: 3
-      TBS:
-        MD5: 2fc76031fc24eec1ef3db2d246d21d6a
-        SHA1: 75c3a1f76b9dfa31ef6bf56325e7bd0bf6e4779d
-        SHA256: 9238292d441c56dc89684c253343c17de3ed9cecd7f83d1d8f793b5ebc91f7b9
-        SHA384: 9279c1377eb701fdd79ef85038ff151cd8902169ba55fca84b9850f003563f73a1daaf869544252a2e42f06f58d2275f
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 0100000000010f5c98b8f5
-      Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 589450fa6c6213445bb9aa901c944d47
-    SHA1: de49771e01d34ce6f4663a14eea50c9f509ab899
-    SHA256: 9e7a40176c4bb2dc5645359adf4e7252cab1ba935e18e191db2889044dc6c13d
-  Sections:
-    .text:
-      Entropy: 6.418688362028714
-      Virtual Size: '0x2f68'
-    .rdata:
-      Entropy: 7.152099793791149
-      Virtual Size: '0x5e4'
-    .data:
-      Entropy: 2.0
-      Virtual Size: '0x4'
-    INIT:
-      Entropy: 5.406740545618571
-      Virtual Size: '0x5c6'
-    .rsrc:
-      Entropy: 3.328147473275693
-      Virtual Size: '0x4d8'
-    .reloc:
-      Entropy: 5.197766729983576
-      Virtual Size: '0x20c'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2007-08-01 15:38:24'
-  Imphash: 0265c50548889ffd5c2d3a2539885efe
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: ElbyCDIO.sys
-  MD5: b5326548762bfaae7a42d5b0898dfeac
-  SHA1: f3029dba668285aac04117273599ac12a94a3564
-  SHA256: 8f68ca89910ebe9da3d02ec82d935de1814d79c44f36cd30ea02fa49ae488f00
-  Authentihash:
-    MD5: fc16498ddf3716e03fdd527c456ea80b
-    SHA1: 7436e16cf348558015593cbf5ab9c117d97738cc
-    SHA256: a3cf1a6edd205e04653b4338c077072ee753cde0a692490ecaf7afde27df5f0b
-  Description: ElbyCD Windows NT/2000/XP I/O driver
-  Company: Elaborate Bytes AG
-  InternalName: ElbyCDIO
-  OriginalFilename: ElbyCDIO.sys
-  FileVersion: 6, 0, 0, 1
-  Product: CDRTools
-  ProductVersion: 6, 0, 0, 0
-  Copyright: Copyright (C) 2000 - 2006 Elaborate Bytes AG
-  MachineType: I386
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - KeWaitForSingleObject
-  - RtlFreeUnicodeString
-  - ZwCreateFile
-  - RtlAnsiStringToUnicodeString
-  - RtlInitAnsiString
-  - ZwCreateKey
-  - ZwOpenKey
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - IofCallDriver
-  - IoBuildDeviceIoControlRequest
-  - KeInitializeEvent
-  - IoFreeMdl
-  - MmUnlockPages
-  - KeReleaseMutex
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - ExFreePool
-  - ObfDereferenceObject
-  - ObReferenceObjectByHandle
-  - ExAllocatePool
-  - ZwDeleteKey
-  - ZwClose
-  - ZwDeviceIoControlFile
-  - IoCreateSymbolicLink
-  - KeInitializeMutex
-  - IoCreateDevice
-  - RtlUnwind
-  - KeTickCount
-  - MmMapLockedPages
-  - IofCompleteRequest
-  - KeQueryPerformanceCounter
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=CH, O=Elaborate Bytes AG, CN=Elaborate Bytes AG, emailAddress=admin@elby.ch
-      ValidFrom: '2006-12-07 11:07:29'
-      ValidTo: '2008-12-07 11:07:29'
-      Signature: 312a78bb7289ca49f93bb483f0a56c77003b9bc3dda8096af5a455a642aeb201ceaadcacce82396eadef1bc05108e296eae1d8d074949170f28f78fa24bed56e7dca69067866d2d790c10929db5d6e7026906dc96a4c3e2b0254b86328393272826bad272dc3911b2c3ec6832d88e95a696d7e5da86c3f946c306df5a5d7e78b0cba5df4d78035e76fa33c452afc780ffe36246c58fdd0e150d22fce7df4dd954eae19a60009e5b99b8649b6d728a46bd9f90ddfbccb6951dfa7b106a6d0fda3b76b23ef475dcf2d1147ae15d4d34035e1929681fe802dfbc5bbbcd98e107c39cbe07cce6911a9202709853bcc4748fde8dc409b7939be5e4b6c97fb90dc6031
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0100000000010f5c98b8f5
-      Version: 3
-      TBS:
-        MD5: 832074a51bea8e4758c8dfeb2e96ad84
-        SHA1: 04ba895ed074635a01875a1f25da93e2e2cbbfba
-        SHA256: c5ba90a16c07cee0cb480ee21c9bedaf3ea4cbe004589b74fb9c2c0bedbc7c1b
-        SHA384: 94a7139c5e1fb29c73f8882dc40027a3929d0aab66c9be0138707c68ba43a1f329477f4bcec47cb0d0d48e918fecc91d
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
-        Primary Object Publishing CA
-      ValidFrom: '1999-01-28 12:00:00'
-      ValidTo: '2014-01-27 11:00:00'
-      Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9611cd6
-      Version: 3
-      TBS:
-        MD5: 698f075151097d84c0b1f3e7bc3d6fca
-        SHA1: 041750993d7c9e063f02dfe74699598640911aab
-        SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
-        SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2008-12-03 23:59:59'
-      Signature: 877870da4e5201205be079c98230c4fdb91996bd9100c3bdcdcdc6f40ed8fff94dc033623011c5f5741bd492de5f9c2013b17c45be50cd83e7801783a72793671346fbcab8984103cc9b515b058b7fa86ff31b501b242ef2698d6c22f7bbca1695ed0c74c06877d9eb996287c17390f889747a23aba3987b97b1f78f29714d2e751b4841daf0b50d2054d677a097826369fd09cf8af075bb099bd9f91155269a6132be7a02b07b86bea2c38b222c78d13576bc92735cf9b9e64c150a23cce4d2d4342e4940153c0f607a24c6a566ef96cf70eb3ee7f40d7edcd17ca3767169c19c4f47303521b1a2af1a623c2bd98eaa2a077bd818b35c7be29da56ffe3c89ad
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0de92bf0d4d82988183205095e9a7688
-      Version: 3
-      TBS:
-        MD5: 45c204b8a20f6abb0188d2d38a3fb0c9
-        SHA1: cdf3a3c5c2eda4c29621f30fd3154f9f8c765739
-        SHA256: e32839dddc0f4ed2474efaf37f59d46db400c700fd19533cb0895a111124bc77
-        SHA384: ee9c75832cb252218b3201619852209df490d2ef7a5f7a28afdb37f1c1dd56f4604898838e558f615b1c798d4a488223
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      ValidFrom: '2004-01-22 09:00:00'
-      ValidTo: '2014-01-27 10:00:00'
-      Signature: 11d45d8af43d0d9d7e4fa70071610b56b34caa70e1b2d1dec7886d1d897c2ba946e58b1f8e4cc26695911fe34d394ae31b70b7446edc068a4d6d25e89812dcbca0dd864eae8f81130540905a542529944acaf165b4ef0679dae7cb86f004c918dcee72b320015748dfe333e12ccd9c077f9447278d888d340ca67c5c20c17d07b3736b648c26d29bd7e87965a6a891a174862a050282c1847cf279cd3c2a2b0f99291eea8c8a1ab16aeaa266380e65e1add8c6c91f888d3976ee1782c4138d97ce6341e77af5b4b66c15c33813b3930b620688dde1447f10a950248b60dc05f75ba514b27b56720b96eabffc057090659e051ca4dd07af4b57dec639673bc574
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9612448
-      Version: 3
-      TBS:
-        MD5: 2fc76031fc24eec1ef3db2d246d21d6a
-        SHA1: 75c3a1f76b9dfa31ef6bf56325e7bd0bf6e4779d
-        SHA256: 9238292d441c56dc89684c253343c17de3ed9cecd7f83d1d8f793b5ebc91f7b9
-        SHA384: 9279c1377eb701fdd79ef85038ff151cd8902169ba55fca84b9850f003563f73a1daaf869544252a2e42f06f58d2275f
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 0100000000010f5c98b8f5
-      Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: c15e20cb179a835c6a295f891d4f43f6
-    SHA1: fb716dec77e711df26bca8c29284c5c21c92a808
-    SHA256: 626b9fbb41fcf7bc7185e02b6d4ca83f5070929c4645876c4b19aa50765655e1
-  Sections:
-    .text:
-      Entropy: 6.0145723403420055
-      Virtual Size: '0xe10'
-    .rdata:
-      Entropy: 3.950676692337647
-      Virtual Size: '0x178'
-    .data:
-      Entropy: 1.9182958340544898
-      Virtual Size: '0x18'
-    INIT:
-      Entropy: 5.282185901600035
-      Virtual Size: '0x3a0'
-    .rsrc:
-      Entropy: 3.322524044533632
-      Virtual Size: '0x4d8'
-    .reloc:
-      Entropy: 4.897249100220145
-      Virtual Size: '0x134'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2006-12-12 15:48:53'
-  Imphash: b91054cdc4c8b3169cfe6c157f6d9f07
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: ElbyCDIO.sys
-  MD5: e9ccb6bac8715918a2ac35d8f0b4e1e6
-  SHA1: 9feacc95d30107ce3e1e9a491e2c12d73eef2979
-  SHA256: 9679758455c69877fce866267d60c39d108b495dca183954e4af869902965b3d
-  Authentihash:
-    MD5: b5cb05a635b6932ea1f7c0ee35592e37
-    SHA1: e8dc3aa48d494fb2bc096523e11859afdd18b10a
-    SHA256: e85d36ca271c4d65abc1cdfff0e629dc5d14edb5bf97669badbb40d2715c1d47
-  Description: ElbyCD Windows x64 I/O driver
-  Company: Elaborate Bytes AG
-  InternalName: ElbyCDIO
-  OriginalFilename: ElbyCDIO.sys
-  FileVersion: 6, 0, 1, 1
-  Product: CDRTools
-  ProductVersion: 6, 0, 0, 0
-  Copyright: Copyright (C) 2000 - 2008 Elaborate Bytes AG
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - KeAcquireSpinLockRaiseToDpc
-  - KeReleaseSpinLock
-  - ZwReadFile
-  - ZwWriteFile
-  - ZwCreateFile
-  - RtlInitUnicodeString
-  - swprintf
-  - ZwQueryVolumeInformationFile
-  - ZwOpenFile
-  - ZwClose
-  - ZwQuerySymbolicLinkObject
-  - ZwOpenSymbolicLinkObject
-  - PsTerminateSystemThread
-  - ZwSetInformationThread
-  - KeWaitForSingleObject
-  - KeSetEvent
-  - ObfDereferenceObject
-  - ObReferenceObjectByHandle
-  - PsCreateSystemThread
-  - KeInitializeEvent
-  - KeReleaseMutex
-  - PsGetCurrentProcessId
-  - IofCompleteRequest
-  - ExAllocatePool
-  - ExFreePool
-  - RtlFreeUnicodeString
-  - RtlAnsiStringToUnicodeString
-  - RtlInitAnsiString
-  - ZwCreateKey
-  - ZwOpenKey
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - IofCallDriver
-  - IoBuildDeviceIoControlRequest
-  - __C_specific_handler
-  - IoFreeMdl
-  - MmUnlockPages
-  - MmMapLockedPages
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - ZwDeviceIoControlFile
-  - ZwDeleteKey
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeBugCheckEx
-  - KeInitializeMutex
-  - KeQueryPerformanceCounter
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=CH, O=Elaborate Bytes AG, CN=Elaborate Bytes AG, emailAddress=admin@elby.ch
-      ValidFrom: '2006-12-07 11:07:29'
-      ValidTo: '2008-12-07 11:07:29'
-      Signature: 312a78bb7289ca49f93bb483f0a56c77003b9bc3dda8096af5a455a642aeb201ceaadcacce82396eadef1bc05108e296eae1d8d074949170f28f78fa24bed56e7dca69067866d2d790c10929db5d6e7026906dc96a4c3e2b0254b86328393272826bad272dc3911b2c3ec6832d88e95a696d7e5da86c3f946c306df5a5d7e78b0cba5df4d78035e76fa33c452afc780ffe36246c58fdd0e150d22fce7df4dd954eae19a60009e5b99b8649b6d728a46bd9f90ddfbccb6951dfa7b106a6d0fda3b76b23ef475dcf2d1147ae15d4d34035e1929681fe802dfbc5bbbcd98e107c39cbe07cce6911a9202709853bcc4748fde8dc409b7939be5e4b6c97fb90dc6031
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0100000000010f5c98b8f5
-      Version: 3
-      TBS:
-        MD5: 832074a51bea8e4758c8dfeb2e96ad84
-        SHA1: 04ba895ed074635a01875a1f25da93e2e2cbbfba
-        SHA256: c5ba90a16c07cee0cb480ee21c9bedaf3ea4cbe004589b74fb9c2c0bedbc7c1b
-        SHA384: 94a7139c5e1fb29c73f8882dc40027a3929d0aab66c9be0138707c68ba43a1f329477f4bcec47cb0d0d48e918fecc91d
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
-        Primary Object Publishing CA
-      ValidFrom: '1999-01-28 12:00:00'
-      ValidTo: '2014-01-27 11:00:00'
-      Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9611cd6
-      Version: 3
-      TBS:
-        MD5: 698f075151097d84c0b1f3e7bc3d6fca
-        SHA1: 041750993d7c9e063f02dfe74699598640911aab
-        SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
-        SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      ValidFrom: '2004-01-22 09:00:00'
-      ValidTo: '2014-01-27 10:00:00'
-      Signature: 11d45d8af43d0d9d7e4fa70071610b56b34caa70e1b2d1dec7886d1d897c2ba946e58b1f8e4cc26695911fe34d394ae31b70b7446edc068a4d6d25e89812dcbca0dd864eae8f81130540905a542529944acaf165b4ef0679dae7cb86f004c918dcee72b320015748dfe333e12ccd9c077f9447278d888d340ca67c5c20c17d07b3736b648c26d29bd7e87965a6a891a174862a050282c1847cf279cd3c2a2b0f99291eea8c8a1ab16aeaa266380e65e1add8c6c91f888d3976ee1782c4138d97ce6341e77af5b4b66c15c33813b3930b620688dde1447f10a950248b60dc05f75ba514b27b56720b96eabffc057090659e051ca4dd07af4b57dec639673bc574
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9612448
-      Version: 3
-      TBS:
-        MD5: 2fc76031fc24eec1ef3db2d246d21d6a
-        SHA1: 75c3a1f76b9dfa31ef6bf56325e7bd0bf6e4779d
-        SHA256: 9238292d441c56dc89684c253343c17de3ed9cecd7f83d1d8f793b5ebc91f7b9
-        SHA384: 9279c1377eb701fdd79ef85038ff151cd8902169ba55fca84b9850f003563f73a1daaf869544252a2e42f06f58d2275f
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 0100000000010f5c98b8f5
-      Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: add874dc7800e93a88bff903834a5d72
-    SHA1: ed0bb5ae3434fbd499bdb7a1a42a5bae1a47966d
-    SHA256: ef169f60c3155370805f35d7174379ea25c0fb03402cce2957e3af2bcc70690b
-  Sections:
-    .text:
-      Entropy: 6.208771681315594
-      Virtual Size: '0x3c52'
-    .rdata:
-      Entropy: 6.179147948380344
-      Virtual Size: '0xb78'
-    .data:
-      Entropy: 0.5159719988134768
-      Virtual Size: '0x110'
-    .pdata:
-      Entropy: 4.160152730018761
-      Virtual Size: '0x2e8'
-    INIT:
-      Entropy: 5.032885005168776
-      Virtual Size: '0x610'
-    .rsrc:
-      Entropy: 3.3171665901498995
-      Virtual Size: '0x4a8'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2008-07-16 14:59:51'
-  Imphash: e804d4ee2c20f3eb1d3c955e38a2fe11
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: ElbyCDIO.sys
-  MD5: 28cb0b64134ad62c2acf77db8501a619
-  SHA1: 5742ad3d30bd34c0c26c466ac6475a2b832ad59e
-  SHA256: ada4e42bf5ef58ef1aad94435441003b1cc1fcaa5d38bfdbe1a3d736dc451d47
-  Authentihash:
-    MD5: 47a02497d57e9ffa7ab2490d15a0bf90
-    SHA1: da00f69b9d1e4a997094651f4af2c0faad653a10
-    SHA256: c1bbe628f79528417ea741dfad2f589fc4e5c62152e632a89ed080da029d5384
-  Description: ElbyCD Windows NT/2000/XP I/O driver
-  Company: Elaborate Bytes AG
-  InternalName: ElbyCDIO
-  OriginalFilename: ElbyCDIO.sys
-  FileVersion: 6, 0, 1, 2
-  Product: CDRTools
-  ProductVersion: 6, 0, 0, 0
-  Copyright: Copyright (C) 2000 - 2008 Elaborate Bytes AG
-  MachineType: I386
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - ZwWriteFile
-  - ZwCreateFile
-  - RtlInitUnicodeString
-  - swprintf
-  - ZwQueryVolumeInformationFile
-  - ZwOpenFile
-  - ZwClose
-  - ZwQuerySymbolicLinkObject
-  - ZwOpenSymbolicLinkObject
-  - PsTerminateSystemThread
-  - KeWaitForSingleObject
-  - ZwSetInformationThread
-  - KeSetEvent
-  - ObfDereferenceObject
-  - ObReferenceObjectByHandle
-  - PsCreateSystemThread
-  - KeInitializeEvent
-  - KeReleaseMutex
-  - PsGetCurrentProcessId
-  - IofCompleteRequest
-  - KeInitializeMutex
-  - ZwReadFile
-  - RtlFreeUnicodeString
-  - RtlAnsiStringToUnicodeString
-  - RtlInitAnsiString
-  - ZwCreateKey
-  - ZwOpenKey
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - IofCallDriver
-  - IoBuildDeviceIoControlRequest
-  - IoFreeMdl
-  - MmUnlockPages
-  - MmMapLockedPages
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - _except_handler3
-  - ZwDeleteKey
-  - ZwDeviceIoControlFile
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeTickCount
-  - KeBugCheckEx
-  - KeInitializeSpinLock
-  - ExFreePool
-  - ExAllocatePool
-  - KfReleaseSpinLock
-  - KfAcquireSpinLock
-  - KeQueryPerformanceCounter
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=CH, O=Elaborate Bytes AG, CN=Elaborate Bytes AG, emailAddress=admin@elby.ch
-      ValidFrom: '2006-12-07 11:07:29'
-      ValidTo: '2008-12-07 11:07:29'
-      Signature: 312a78bb7289ca49f93bb483f0a56c77003b9bc3dda8096af5a455a642aeb201ceaadcacce82396eadef1bc05108e296eae1d8d074949170f28f78fa24bed56e7dca69067866d2d790c10929db5d6e7026906dc96a4c3e2b0254b86328393272826bad272dc3911b2c3ec6832d88e95a696d7e5da86c3f946c306df5a5d7e78b0cba5df4d78035e76fa33c452afc780ffe36246c58fdd0e150d22fce7df4dd954eae19a60009e5b99b8649b6d728a46bd9f90ddfbccb6951dfa7b106a6d0fda3b76b23ef475dcf2d1147ae15d4d34035e1929681fe802dfbc5bbbcd98e107c39cbe07cce6911a9202709853bcc4748fde8dc409b7939be5e4b6c97fb90dc6031
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0100000000010f5c98b8f5
-      Version: 3
-      TBS:
-        MD5: 832074a51bea8e4758c8dfeb2e96ad84
-        SHA1: 04ba895ed074635a01875a1f25da93e2e2cbbfba
-        SHA256: c5ba90a16c07cee0cb480ee21c9bedaf3ea4cbe004589b74fb9c2c0bedbc7c1b
-        SHA384: 94a7139c5e1fb29c73f8882dc40027a3929d0aab66c9be0138707c68ba43a1f329477f4bcec47cb0d0d48e918fecc91d
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
-        Primary Object Publishing CA
-      ValidFrom: '1999-01-28 12:00:00'
-      ValidTo: '2014-01-27 11:00:00'
-      Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9611cd6
-      Version: 3
-      TBS:
-        MD5: 698f075151097d84c0b1f3e7bc3d6fca
-        SHA1: 041750993d7c9e063f02dfe74699598640911aab
-        SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
-        SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      ValidFrom: '2004-01-22 09:00:00'
-      ValidTo: '2014-01-27 10:00:00'
-      Signature: 11d45d8af43d0d9d7e4fa70071610b56b34caa70e1b2d1dec7886d1d897c2ba946e58b1f8e4cc26695911fe34d394ae31b70b7446edc068a4d6d25e89812dcbca0dd864eae8f81130540905a542529944acaf165b4ef0679dae7cb86f004c918dcee72b320015748dfe333e12ccd9c077f9447278d888d340ca67c5c20c17d07b3736b648c26d29bd7e87965a6a891a174862a050282c1847cf279cd3c2a2b0f99291eea8c8a1ab16aeaa266380e65e1add8c6c91f888d3976ee1782c4138d97ce6341e77af5b4b66c15c33813b3930b620688dde1447f10a950248b60dc05f75ba514b27b56720b96eabffc057090659e051ca4dd07af4b57dec639673bc574
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9612448
-      Version: 3
-      TBS:
-        MD5: 2fc76031fc24eec1ef3db2d246d21d6a
-        SHA1: 75c3a1f76b9dfa31ef6bf56325e7bd0bf6e4779d
-        SHA256: 9238292d441c56dc89684c253343c17de3ed9cecd7f83d1d8f793b5ebc91f7b9
-        SHA384: 9279c1377eb701fdd79ef85038ff151cd8902169ba55fca84b9850f003563f73a1daaf869544252a2e42f06f58d2275f
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 0100000000010f5c98b8f5
-      Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 27082193599c13d88cd3571465c0869f
-    SHA1: 0ca5abc904d8a25537355902fe3e897263b7c780
-    SHA256: 345dc7d1b4b40f3ae817e86ae8a68038f88f5c21c8c34876e2f0c320a681e724
-  Sections:
-    .text:
-      Entropy: 6.423559104609518
-      Virtual Size: '0x2bf4'
-    .rdata:
-      Entropy: 7.167113007266431
-      Virtual Size: '0x5d4'
-    .data:
-      Entropy: 2.0
-      Virtual Size: '0x4'
-    INIT:
-      Entropy: 5.419300948032812
-      Virtual Size: '0x538'
-    .rsrc:
-      Entropy: 3.3353960748169276
-      Virtual Size: '0x4d8'
-    .reloc:
-      Entropy: 4.982180549430246
-      Virtual Size: '0x1c4'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2008-07-21 06:11:57'
-  Imphash: 751c6b5c201f8c52f5512350cad88ddc
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: ElbyCDIO.sys
-  MD5: f141db170bb4c6e088f30ddc58404ad3
-  SHA1: 34b0f1b2038a1572ee6381022a24333357b033c4
-  SHA256: c8eaa5e6d3230b93c126d2d58e32409e4aeeb23ccf0dd047a17f1ef552f92fe9
-  Authentihash:
-    MD5: fc16498ddf3716e03fdd527c456ea80b
-    SHA1: 7436e16cf348558015593cbf5ab9c117d97738cc
-    SHA256: a3cf1a6edd205e04653b4338c077072ee753cde0a692490ecaf7afde27df5f0b
-  Description: ElbyCD Windows NT/2000/XP I/O driver
-  Company: Elaborate Bytes AG
-  InternalName: ElbyCDIO
-  OriginalFilename: ElbyCDIO.sys
-  FileVersion: 6, 0, 0, 1
-  Product: CDRTools
-  ProductVersion: 6, 0, 0, 0
-  Copyright: Copyright (C) 2000 - 2006 Elaborate Bytes AG
-  MachineType: I386
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - KeWaitForSingleObject
-  - RtlFreeUnicodeString
-  - ZwCreateFile
-  - RtlAnsiStringToUnicodeString
-  - RtlInitAnsiString
-  - ZwCreateKey
-  - ZwOpenKey
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - IofCallDriver
-  - IoBuildDeviceIoControlRequest
-  - KeInitializeEvent
-  - IoFreeMdl
-  - MmUnlockPages
-  - KeReleaseMutex
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - ExFreePool
-  - ObfDereferenceObject
-  - ObReferenceObjectByHandle
-  - ExAllocatePool
-  - ZwDeleteKey
-  - ZwClose
-  - ZwDeviceIoControlFile
-  - IoCreateSymbolicLink
-  - KeInitializeMutex
-  - IoCreateDevice
-  - RtlUnwind
-  - KeTickCount
-  - MmMapLockedPages
-  - IofCompleteRequest
-  - KeQueryPerformanceCounter
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=CH, O=Elaborate Bytes AG, CN=Elaborate Bytes AG, emailAddress=admin@elby.ch
-      ValidFrom: '2006-12-07 11:07:29'
-      ValidTo: '2008-12-07 11:07:29'
-      Signature: 312a78bb7289ca49f93bb483f0a56c77003b9bc3dda8096af5a455a642aeb201ceaadcacce82396eadef1bc05108e296eae1d8d074949170f28f78fa24bed56e7dca69067866d2d790c10929db5d6e7026906dc96a4c3e2b0254b86328393272826bad272dc3911b2c3ec6832d88e95a696d7e5da86c3f946c306df5a5d7e78b0cba5df4d78035e76fa33c452afc780ffe36246c58fdd0e150d22fce7df4dd954eae19a60009e5b99b8649b6d728a46bd9f90ddfbccb6951dfa7b106a6d0fda3b76b23ef475dcf2d1147ae15d4d34035e1929681fe802dfbc5bbbcd98e107c39cbe07cce6911a9202709853bcc4748fde8dc409b7939be5e4b6c97fb90dc6031
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0100000000010f5c98b8f5
-      Version: 3
-      TBS:
-        MD5: 832074a51bea8e4758c8dfeb2e96ad84
-        SHA1: 04ba895ed074635a01875a1f25da93e2e2cbbfba
-        SHA256: c5ba90a16c07cee0cb480ee21c9bedaf3ea4cbe004589b74fb9c2c0bedbc7c1b
-        SHA384: 94a7139c5e1fb29c73f8882dc40027a3929d0aab66c9be0138707c68ba43a1f329477f4bcec47cb0d0d48e918fecc91d
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
-        Primary Object Publishing CA
-      ValidFrom: '1999-01-28 12:00:00'
-      ValidTo: '2014-01-27 11:00:00'
-      Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9611cd6
-      Version: 3
-      TBS:
-        MD5: 698f075151097d84c0b1f3e7bc3d6fca
-        SHA1: 041750993d7c9e063f02dfe74699598640911aab
-        SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
-        SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2008-12-03 23:59:59'
-      Signature: 877870da4e5201205be079c98230c4fdb91996bd9100c3bdcdcdc6f40ed8fff94dc033623011c5f5741bd492de5f9c2013b17c45be50cd83e7801783a72793671346fbcab8984103cc9b515b058b7fa86ff31b501b242ef2698d6c22f7bbca1695ed0c74c06877d9eb996287c17390f889747a23aba3987b97b1f78f29714d2e751b4841daf0b50d2054d677a097826369fd09cf8af075bb099bd9f91155269a6132be7a02b07b86bea2c38b222c78d13576bc92735cf9b9e64c150a23cce4d2d4342e4940153c0f607a24c6a566ef96cf70eb3ee7f40d7edcd17ca3767169c19c4f47303521b1a2af1a623c2bd98eaa2a077bd818b35c7be29da56ffe3c89ad
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0de92bf0d4d82988183205095e9a7688
-      Version: 3
-      TBS:
-        MD5: 45c204b8a20f6abb0188d2d38a3fb0c9
-        SHA1: cdf3a3c5c2eda4c29621f30fd3154f9f8c765739
-        SHA256: e32839dddc0f4ed2474efaf37f59d46db400c700fd19533cb0895a111124bc77
-        SHA384: ee9c75832cb252218b3201619852209df490d2ef7a5f7a28afdb37f1c1dd56f4604898838e558f615b1c798d4a488223
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      ValidFrom: '2004-01-22 09:00:00'
-      ValidTo: '2014-01-27 10:00:00'
-      Signature: 11d45d8af43d0d9d7e4fa70071610b56b34caa70e1b2d1dec7886d1d897c2ba946e58b1f8e4cc26695911fe34d394ae31b70b7446edc068a4d6d25e89812dcbca0dd864eae8f81130540905a542529944acaf165b4ef0679dae7cb86f004c918dcee72b320015748dfe333e12ccd9c077f9447278d888d340ca67c5c20c17d07b3736b648c26d29bd7e87965a6a891a174862a050282c1847cf279cd3c2a2b0f99291eea8c8a1ab16aeaa266380e65e1add8c6c91f888d3976ee1782c4138d97ce6341e77af5b4b66c15c33813b3930b620688dde1447f10a950248b60dc05f75ba514b27b56720b96eabffc057090659e051ca4dd07af4b57dec639673bc574
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9612448
-      Version: 3
-      TBS:
-        MD5: 2fc76031fc24eec1ef3db2d246d21d6a
-        SHA1: 75c3a1f76b9dfa31ef6bf56325e7bd0bf6e4779d
-        SHA256: 9238292d441c56dc89684c253343c17de3ed9cecd7f83d1d8f793b5ebc91f7b9
-        SHA384: 9279c1377eb701fdd79ef85038ff151cd8902169ba55fca84b9850f003563f73a1daaf869544252a2e42f06f58d2275f
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 0100000000010f5c98b8f5
-      Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: c15e20cb179a835c6a295f891d4f43f6
-    SHA1: fb716dec77e711df26bca8c29284c5c21c92a808
-    SHA256: 626b9fbb41fcf7bc7185e02b6d4ca83f5070929c4645876c4b19aa50765655e1
-  Sections:
-    .text:
-      Entropy: 6.0145723403420055
-      Virtual Size: '0xe10'
-    .rdata:
-      Entropy: 3.950676692337647
-      Virtual Size: '0x178'
-    .data:
-      Entropy: 1.9182958340544898
-      Virtual Size: '0x18'
-    INIT:
-      Entropy: 5.282185901600035
-      Virtual Size: '0x3a0'
-    .rsrc:
-      Entropy: 3.322524044533632
-      Virtual Size: '0x4d8'
-    .reloc:
-      Entropy: 4.897249100220145
-      Virtual Size: '0x134'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2006-12-12 15:48:53'
-  Imphash: b91054cdc4c8b3169cfe6c157f6d9f07
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: ElbyCDIO.sys
-  MD5: 0634299fc837b47b531e4762d946b2ae
-  SHA1: 0a19a9c4c9185b80188da529ec9c9f45cbe73186
-  SHA256: f85eb576acb5db0d2f48e5f09a7244165a876fa1ca8697ebb773e4d7071d4439
-  Authentihash:
-    MD5: c18c29b48a4e04a3cd761dc733cfda55
-    SHA1: f43590d096d3ed0bbcfd2b0e41a327ba365bd9ec
-    SHA256: 262268f21c789c2bdaf1950b556456a9a5114ed5759d806200b0cec107bf76d7
-  Description: ElbyCD Windows NT/2000/XP I/O driver
-  Company: Elaborate Bytes AG
-  InternalName: ElbyCDIO
-  OriginalFilename: ElbyCDIO.sys
-  FileVersion: 6, 0, 0, 4
-  Product: CDRTools
-  ProductVersion: 6, 0, 0, 0
-  Copyright: Copyright (C) 2000 - 2007 Elaborate Bytes AG
-  MachineType: I386
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - ZwWriteFile
-  - ZwClose
-  - ZwSetInformationFile
-  - ZwQueryInformationFile
-  - ZwOpenFile
-  - RtlInitUnicodeString
-  - ZwCreateFile
-  - swprintf
-  - ZwQueryVolumeInformationFile
-  - ZwQuerySymbolicLinkObject
-  - ZwOpenSymbolicLinkObject
-  - PsTerminateSystemThread
-  - ZwQueryInformationProcess
-  - ZwSetInformationThread
-  - KeReleaseMutex
-  - ObfDereferenceObject
-  - KeWaitForMultipleObjects
-  - PsCreateSystemThread
-  - KeWaitForSingleObject
-  - ObReferenceObjectByHandle
-  - ZwOpenProcess
-  - KeSetEvent
-  - KeInitializeEvent
-  - PsGetCurrentProcessId
-  - ZwReadFile
-  - KeInitializeMutex
-  - ExAllocatePool
-  - RtlFreeUnicodeString
-  - RtlAnsiStringToUnicodeString
-  - RtlInitAnsiString
-  - ZwCreateKey
-  - ZwOpenKey
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - IofCallDriver
-  - IoBuildDeviceIoControlRequest
-  - IoFreeMdl
-  - MmUnlockPages
-  - MmMapLockedPages
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - _except_handler3
-  - ZwDeleteKey
-  - ZwDeviceIoControlFile
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeTickCount
-  - KeBugCheckEx
-  - KeInitializeSpinLock
-  - ExFreePool
-  - IofCompleteRequest
-  - KfReleaseSpinLock
-  - KfAcquireSpinLock
-  - KeQueryPerformanceCounter
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=CH, O=Elaborate Bytes AG, CN=Elaborate Bytes AG, emailAddress=admin@elby.ch
-      ValidFrom: '2006-12-07 11:07:29'
-      ValidTo: '2008-12-07 11:07:29'
-      Signature: 312a78bb7289ca49f93bb483f0a56c77003b9bc3dda8096af5a455a642aeb201ceaadcacce82396eadef1bc05108e296eae1d8d074949170f28f78fa24bed56e7dca69067866d2d790c10929db5d6e7026906dc96a4c3e2b0254b86328393272826bad272dc3911b2c3ec6832d88e95a696d7e5da86c3f946c306df5a5d7e78b0cba5df4d78035e76fa33c452afc780ffe36246c58fdd0e150d22fce7df4dd954eae19a60009e5b99b8649b6d728a46bd9f90ddfbccb6951dfa7b106a6d0fda3b76b23ef475dcf2d1147ae15d4d34035e1929681fe802dfbc5bbbcd98e107c39cbe07cce6911a9202709853bcc4748fde8dc409b7939be5e4b6c97fb90dc6031
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0100000000010f5c98b8f5
-      Version: 3
-      TBS:
-        MD5: 832074a51bea8e4758c8dfeb2e96ad84
-        SHA1: 04ba895ed074635a01875a1f25da93e2e2cbbfba
-        SHA256: c5ba90a16c07cee0cb480ee21c9bedaf3ea4cbe004589b74fb9c2c0bedbc7c1b
-        SHA384: 94a7139c5e1fb29c73f8882dc40027a3929d0aab66c9be0138707c68ba43a1f329477f4bcec47cb0d0d48e918fecc91d
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
-        Primary Object Publishing CA
-      ValidFrom: '1999-01-28 12:00:00'
-      ValidTo: '2014-01-27 11:00:00'
-      Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9611cd6
-      Version: 3
-      TBS:
-        MD5: 698f075151097d84c0b1f3e7bc3d6fca
-        SHA1: 041750993d7c9e063f02dfe74699598640911aab
-        SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
-        SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      ValidFrom: '2004-01-22 09:00:00'
-      ValidTo: '2014-01-27 10:00:00'
-      Signature: 11d45d8af43d0d9d7e4fa70071610b56b34caa70e1b2d1dec7886d1d897c2ba946e58b1f8e4cc26695911fe34d394ae31b70b7446edc068a4d6d25e89812dcbca0dd864eae8f81130540905a542529944acaf165b4ef0679dae7cb86f004c918dcee72b320015748dfe333e12ccd9c077f9447278d888d340ca67c5c20c17d07b3736b648c26d29bd7e87965a6a891a174862a050282c1847cf279cd3c2a2b0f99291eea8c8a1ab16aeaa266380e65e1add8c6c91f888d3976ee1782c4138d97ce6341e77af5b4b66c15c33813b3930b620688dde1447f10a950248b60dc05f75ba514b27b56720b96eabffc057090659e051ca4dd07af4b57dec639673bc574
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9612448
-      Version: 3
-      TBS:
-        MD5: 2fc76031fc24eec1ef3db2d246d21d6a
-        SHA1: 75c3a1f76b9dfa31ef6bf56325e7bd0bf6e4779d
-        SHA256: 9238292d441c56dc89684c253343c17de3ed9cecd7f83d1d8f793b5ebc91f7b9
-        SHA384: 9279c1377eb701fdd79ef85038ff151cd8902169ba55fca84b9850f003563f73a1daaf869544252a2e42f06f58d2275f
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 0100000000010f5c98b8f5
-      Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 589450fa6c6213445bb9aa901c944d47
-    SHA1: de49771e01d34ce6f4663a14eea50c9f509ab899
-    SHA256: 9e7a40176c4bb2dc5645359adf4e7252cab1ba935e18e191db2889044dc6c13d
-  Sections:
-    .text:
-      Entropy: 6.3852385935006275
-      Virtual Size: '0x2e68'
-    .rdata:
-      Entropy: 7.145465057024416
-      Virtual Size: '0x5e4'
-    .data:
-      Entropy: 2.0
-      Virtual Size: '0x4'
-    INIT:
-      Entropy: 5.397728657185974
-      Virtual Size: '0x5c6'
-    .rsrc:
-      Entropy: 3.32214356727726
-      Virtual Size: '0x4d8'
-    .reloc:
-      Entropy: 5.170233620489706
-      Virtual Size: '0x202'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2007-07-20 05:58:51'
-  Imphash: bc44fdc145156a15d0a803d18877b218
-  LoadsDespiteHVCI: 'FALSE'
-Tags:
-- ElbyCDIO.sys
+-   Filename: ElbyCDIO.sys
+    MD5: 702d5606cf2199e0edea6f0e0d27cd10
+    SHA1: 879e327292616c56bd4aafc279fbda6cc393b74d
+    SHA256: 238046cfe126a1f8ab96d8b62f6aa5ec97bab830e2bae5b1b6ab2d31894c79e4
+    Authentihash:
+        MD5: 350ab25a105b2fee583f1b903d48788e
+        SHA1: 23a6345ab41ff68e31cef025de23cc8c81c90725
+        SHA256: 86236392bb2cc77100bd83d34a30e3fb60aa727d0b11c147a838d9a205bae80e
+    Description: ElbyCD Windows x64 I/O driver
+    Company: Elaborate Bytes AG
+    InternalName: ElbyCDIO
+    OriginalFilename: ElbyCDIO.sys
+    FileVersion: 6, 0, 3, 2
+    Product: CDRTools
+    ProductVersion: 6, 0, 0, 0
+    Copyright: Copyright (C) 2000 - 2009 Elaborate Bytes AG
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - KeAcquireSpinLockRaiseToDpc
+    - KeReleaseSpinLock
+    - KeWaitForSingleObject
+    - KeReleaseMutex
+    - __C_specific_handler
+    - ProbeForRead
+    - ProbeForWrite
+    - ZwReadFile
+    - ZwWriteFile
+    - ZwCreateFile
+    - RtlInitUnicodeString
+    - swprintf
+    - ZwQueryVolumeInformationFile
+    - ZwOpenFile
+    - ZwClose
+    - ZwQuerySymbolicLinkObject
+    - ZwOpenSymbolicLinkObject
+    - PsTerminateSystemThread
+    - ZwSetInformationThread
+    - ObfDereferenceObject
+    - ObReferenceObjectByHandle
+    - PsCreateSystemThread
+    - KeInitializeEvent
+    - PsGetCurrentProcessId
+    - IofCompleteRequest
+    - KeInitializeMutex
+    - ExAllocatePool
+    - ExFreePool
+    - RtlFreeUnicodeString
+    - RtlAnsiStringToUnicodeString
+    - RtlInitAnsiString
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - IofCallDriver
+    - IoBuildDeviceIoControlRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeBugCheckEx
+    - KeSetEvent
+    - KeQueryPerformanceCounter
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
+                Primary Object Publishing CA
+            ValidFrom: '1999-01-28 12:00:00'
+            ValidTo: '2014-01-27 11:00:00'
+            Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9611cd6
+            Version: 3
+            TBS:
+                MD5: 698f075151097d84c0b1f3e7bc3d6fca
+                SHA1: 041750993d7c9e063f02dfe74699598640911aab
+                SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
+                SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
+        -   Subject: C=CH, O=Elaborate Bytes AG, CN=Elaborate Bytes AG, emailAddress=admin@elby.ch
+            ValidFrom: '2008-12-23 13:26:11'
+            ValidTo: '2011-12-23 13:26:11'
+            Signature: 5a634dbf49c9d1dbe5ed4b484689b4f95ee13686141c393683a1decdc986cf94613342607a120df492112daaa92fd772bbbcb1c0f14cec7c0c20304c92d62508859c387138f2d145dbcc54c561f1b9dd73d3686ae3859ea986e4f539db7495a64b551b60d6f976ae6075ca3f6dbe1187b875ee267784b5baefaa850078595fb8b1c8944c9c3da355a802ebc52eacb9bdffdd57b0aae5f49c02c5ae6505b7ca1afb2b29e39374eab8bf1e643c3e1c8240dc113ceb078c70a401e92d0610538eaed48e291cad84635d6100930c8e7b9801323490e4f3e58d9f9fea04843f06633f8b8a8774d2b679be008d1d92bb31815f8f01c5e08144ed9574a605b245de2ba7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0100000000011e643e96d0
+            Version: 3
+            TBS:
+                MD5: f39798a2df6dda6c76b4697e743c8b80
+                SHA1: d97d9f0d2cad2881eda58fa0467cff6396be6408
+                SHA256: 5086b06e5d91585b5a110b3ec4048ce6a43a58e4fc7eb8aa99c391af5b2f8d9f
+                SHA384: 99096e0926f74d7dd4bc744bea78d7310e623f6c782a3f38d4db933e9cdf2bc8e1b813e5f6a0aacd8e59606f075e4afd
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            ValidFrom: '2004-01-22 09:00:00'
+            ValidTo: '2014-01-27 10:00:00'
+            Signature: 11d45d8af43d0d9d7e4fa70071610b56b34caa70e1b2d1dec7886d1d897c2ba946e58b1f8e4cc26695911fe34d394ae31b70b7446edc068a4d6d25e89812dcbca0dd864eae8f81130540905a542529944acaf165b4ef0679dae7cb86f004c918dcee72b320015748dfe333e12ccd9c077f9447278d888d340ca67c5c20c17d07b3736b648c26d29bd7e87965a6a891a174862a050282c1847cf279cd3c2a2b0f99291eea8c8a1ab16aeaa266380e65e1add8c6c91f888d3976ee1782c4138d97ce6341e77af5b4b66c15c33813b3930b620688dde1447f10a950248b60dc05f75ba514b27b56720b96eabffc057090659e051ca4dd07af4b57dec639673bc574
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9612448
+            Version: 3
+            TBS:
+                MD5: 2fc76031fc24eec1ef3db2d246d21d6a
+                SHA1: 75c3a1f76b9dfa31ef6bf56325e7bd0bf6e4779d
+                SHA256: 9238292d441c56dc89684c253343c17de3ed9cecd7f83d1d8f793b5ebc91f7b9
+                SHA384: 9279c1377eb701fdd79ef85038ff151cd8902169ba55fca84b9850f003563f73a1daaf869544252a2e42f06f58d2275f
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 0100000000011e643e96d0
+            Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 19c3041e63a42fad9800c3d4098a28a7
+        SHA1: 083ef31132cacb2ead9d826d90646517ca732570
+        SHA256: 3829fddcb11b40682e3936be4c0f376d99a9caf02692368aef98332f68ce80e8
+    Sections:
+        .text:
+            Entropy: 6.236432237090433
+            Virtual Size: '0x3b02'
+        .rdata:
+            Entropy: 6.243435646899353
+            Virtual Size: '0xb78'
+        .data:
+            Entropy: 0.5159719988134768
+            Virtual Size: '0x110'
+        .pdata:
+            Entropy: 4.200185461485669
+            Virtual Size: '0x30c'
+        INIT:
+            Entropy: 5.002469637112522
+            Virtual Size: '0x562'
+        .rsrc:
+            Entropy: 3.322459175866386
+            Virtual Size: '0x4a8'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2009-02-17 10:11:23'
+    Imphash: 959dce366573a7aae10b74a08931722a
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: ElbyCDIO.sys
+    MD5: 945ef111161bae49075107e5bc11a23f
+    SHA1: ea37a4241fa4d92c168d052c4e095ccd22a83080
+    SHA256: 2fbbc276737047cb9b3ba5396756d28c1737342d89dce1b64c23a9c4513ae445
+    Authentihash:
+        MD5: 5560e048b895a592a481f9340852e3cd
+        SHA1: 1e73dbe3d0bed9def62c1f76a0c58aa6c61e8f74
+        SHA256: d378162a47648bed192270ab4ddd67c99b4ebe8093a267fa1fe1e092559504b0
+    Description: ElbyCD Windows NT/2000/XP I/O driver
+    Company: Elaborate Bytes AG
+    InternalName: ElbyCDIO
+    OriginalFilename: ElbyCDIO.sys
+    FileVersion: 6, 0, 0, 2
+    Product: CDRTools
+    ProductVersion: 6, 0, 0, 0
+    Copyright: Copyright (C) 2000 - 2007 Elaborate Bytes AG
+    MachineType: I386
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - KeWaitForSingleObject
+    - RtlFreeUnicodeString
+    - ZwCreateFile
+    - RtlAnsiStringToUnicodeString
+    - RtlInitAnsiString
+    - ZwCreateKey
+    - ZwOpenKey
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - IofCallDriver
+    - IoBuildDeviceIoControlRequest
+    - KeInitializeEvent
+    - IoFreeMdl
+    - MmUnlockPages
+    - KeReleaseMutex
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - ExFreePool
+    - ObfDereferenceObject
+    - ObReferenceObjectByHandle
+    - ExAllocatePool
+    - ZwDeleteKey
+    - ZwClose
+    - ZwDeviceIoControlFile
+    - IoCreateSymbolicLink
+    - KeInitializeMutex
+    - IoCreateDevice
+    - RtlUnwind
+    - KeTickCount
+    - MmMapLockedPages
+    - IofCompleteRequest
+    - KeQueryPerformanceCounter
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=CH, O=Elaborate Bytes AG, CN=Elaborate Bytes AG, emailAddress=admin@elby.ch
+            ValidFrom: '2006-12-07 11:07:29'
+            ValidTo: '2008-12-07 11:07:29'
+            Signature: 312a78bb7289ca49f93bb483f0a56c77003b9bc3dda8096af5a455a642aeb201ceaadcacce82396eadef1bc05108e296eae1d8d074949170f28f78fa24bed56e7dca69067866d2d790c10929db5d6e7026906dc96a4c3e2b0254b86328393272826bad272dc3911b2c3ec6832d88e95a696d7e5da86c3f946c306df5a5d7e78b0cba5df4d78035e76fa33c452afc780ffe36246c58fdd0e150d22fce7df4dd954eae19a60009e5b99b8649b6d728a46bd9f90ddfbccb6951dfa7b106a6d0fda3b76b23ef475dcf2d1147ae15d4d34035e1929681fe802dfbc5bbbcd98e107c39cbe07cce6911a9202709853bcc4748fde8dc409b7939be5e4b6c97fb90dc6031
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0100000000010f5c98b8f5
+            Version: 3
+            TBS:
+                MD5: 832074a51bea8e4758c8dfeb2e96ad84
+                SHA1: 04ba895ed074635a01875a1f25da93e2e2cbbfba
+                SHA256: c5ba90a16c07cee0cb480ee21c9bedaf3ea4cbe004589b74fb9c2c0bedbc7c1b
+                SHA384: 94a7139c5e1fb29c73f8882dc40027a3929d0aab66c9be0138707c68ba43a1f329477f4bcec47cb0d0d48e918fecc91d
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
+                Primary Object Publishing CA
+            ValidFrom: '1999-01-28 12:00:00'
+            ValidTo: '2014-01-27 11:00:00'
+            Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9611cd6
+            Version: 3
+            TBS:
+                MD5: 698f075151097d84c0b1f3e7bc3d6fca
+                SHA1: 041750993d7c9e063f02dfe74699598640911aab
+                SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
+                SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2008-12-03 23:59:59'
+            Signature: 877870da4e5201205be079c98230c4fdb91996bd9100c3bdcdcdc6f40ed8fff94dc033623011c5f5741bd492de5f9c2013b17c45be50cd83e7801783a72793671346fbcab8984103cc9b515b058b7fa86ff31b501b242ef2698d6c22f7bbca1695ed0c74c06877d9eb996287c17390f889747a23aba3987b97b1f78f29714d2e751b4841daf0b50d2054d677a097826369fd09cf8af075bb099bd9f91155269a6132be7a02b07b86bea2c38b222c78d13576bc92735cf9b9e64c150a23cce4d2d4342e4940153c0f607a24c6a566ef96cf70eb3ee7f40d7edcd17ca3767169c19c4f47303521b1a2af1a623c2bd98eaa2a077bd818b35c7be29da56ffe3c89ad
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0de92bf0d4d82988183205095e9a7688
+            Version: 3
+            TBS:
+                MD5: 45c204b8a20f6abb0188d2d38a3fb0c9
+                SHA1: cdf3a3c5c2eda4c29621f30fd3154f9f8c765739
+                SHA256: e32839dddc0f4ed2474efaf37f59d46db400c700fd19533cb0895a111124bc77
+                SHA384: ee9c75832cb252218b3201619852209df490d2ef7a5f7a28afdb37f1c1dd56f4604898838e558f615b1c798d4a488223
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            ValidFrom: '2004-01-22 09:00:00'
+            ValidTo: '2014-01-27 10:00:00'
+            Signature: 11d45d8af43d0d9d7e4fa70071610b56b34caa70e1b2d1dec7886d1d897c2ba946e58b1f8e4cc26695911fe34d394ae31b70b7446edc068a4d6d25e89812dcbca0dd864eae8f81130540905a542529944acaf165b4ef0679dae7cb86f004c918dcee72b320015748dfe333e12ccd9c077f9447278d888d340ca67c5c20c17d07b3736b648c26d29bd7e87965a6a891a174862a050282c1847cf279cd3c2a2b0f99291eea8c8a1ab16aeaa266380e65e1add8c6c91f888d3976ee1782c4138d97ce6341e77af5b4b66c15c33813b3930b620688dde1447f10a950248b60dc05f75ba514b27b56720b96eabffc057090659e051ca4dd07af4b57dec639673bc574
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9612448
+            Version: 3
+            TBS:
+                MD5: 2fc76031fc24eec1ef3db2d246d21d6a
+                SHA1: 75c3a1f76b9dfa31ef6bf56325e7bd0bf6e4779d
+                SHA256: 9238292d441c56dc89684c253343c17de3ed9cecd7f83d1d8f793b5ebc91f7b9
+                SHA384: 9279c1377eb701fdd79ef85038ff151cd8902169ba55fca84b9850f003563f73a1daaf869544252a2e42f06f58d2275f
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 0100000000010f5c98b8f5
+            Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: c15e20cb179a835c6a295f891d4f43f6
+        SHA1: fb716dec77e711df26bca8c29284c5c21c92a808
+        SHA256: 626b9fbb41fcf7bc7185e02b6d4ca83f5070929c4645876c4b19aa50765655e1
+    Sections:
+        .text:
+            Entropy: 6.014899913315142
+            Virtual Size: '0xe10'
+        .rdata:
+            Entropy: 3.9543650485820954
+            Virtual Size: '0x178'
+        .data:
+            Entropy: 1.9182958340544898
+            Virtual Size: '0x18'
+        INIT:
+            Entropy: 5.282185901600035
+            Virtual Size: '0x3a0'
+        .rsrc:
+            Entropy: 3.3264202882353087
+            Virtual Size: '0x4d8'
+        .reloc:
+            Entropy: 4.897249100220145
+            Virtual Size: '0x134'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2007-02-28 13:56:05'
+    Imphash: b91054cdc4c8b3169cfe6c157f6d9f07
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: ElbyCDIO.sys
+    MD5: 24fe18891c173a7c76426d08d2b0630e
+    SHA1: f640c94e71921479cc48d06b59aba41ffa50a769
+    SHA256: 5cfad3d473961763306d72c12bd5ae14183a1a5778325c9acacca764b79ca185
+    Authentihash:
+        MD5: 46eca1eab6ab83208b56787f55ed4117
+        SHA1: 1b62759087cbe7f5f9a82477bc2f2b19bb51f41d
+        SHA256: e35d09a903d76810830aff2fc87bb3071026d982a334b3ee4c68f66cba865109
+    Description: ElbyCD Windows NT/2000/XP I/O driver
+    Company: Elaborate Bytes AG
+    InternalName: ElbyCDIO
+    OriginalFilename: ElbyCDIO.sys
+    FileVersion: 6, 0, 1, 1
+    Product: CDRTools
+    ProductVersion: 6, 0, 0, 0
+    Copyright: Copyright (C) 2000 - 2008 Elaborate Bytes AG
+    MachineType: I386
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - ZwWriteFile
+    - ZwCreateFile
+    - RtlInitUnicodeString
+    - swprintf
+    - ZwQueryVolumeInformationFile
+    - ZwOpenFile
+    - ZwClose
+    - ZwQuerySymbolicLinkObject
+    - ZwOpenSymbolicLinkObject
+    - PsTerminateSystemThread
+    - ZwSetInformationThread
+    - KeWaitForSingleObject
+    - KeSetEvent
+    - ObfDereferenceObject
+    - ObReferenceObjectByHandle
+    - PsCreateSystemThread
+    - KeInitializeEvent
+    - KeReleaseMutex
+    - PsGetCurrentProcessId
+    - IofCompleteRequest
+    - KeInitializeMutex
+    - ZwReadFile
+    - RtlFreeUnicodeString
+    - RtlAnsiStringToUnicodeString
+    - RtlInitAnsiString
+    - ZwCreateKey
+    - ZwOpenKey
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - IofCallDriver
+    - IoBuildDeviceIoControlRequest
+    - IoFreeMdl
+    - MmUnlockPages
+    - MmMapLockedPages
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - _except_handler3
+    - ZwDeleteKey
+    - ZwDeviceIoControlFile
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeTickCount
+    - KeBugCheckEx
+    - KeInitializeSpinLock
+    - ExFreePool
+    - ExAllocatePool
+    - KfReleaseSpinLock
+    - KfAcquireSpinLock
+    - KeQueryPerformanceCounter
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=CH, O=Elaborate Bytes AG, CN=Elaborate Bytes AG, emailAddress=admin@elby.ch
+            ValidFrom: '2006-12-07 11:07:29'
+            ValidTo: '2008-12-07 11:07:29'
+            Signature: 312a78bb7289ca49f93bb483f0a56c77003b9bc3dda8096af5a455a642aeb201ceaadcacce82396eadef1bc05108e296eae1d8d074949170f28f78fa24bed56e7dca69067866d2d790c10929db5d6e7026906dc96a4c3e2b0254b86328393272826bad272dc3911b2c3ec6832d88e95a696d7e5da86c3f946c306df5a5d7e78b0cba5df4d78035e76fa33c452afc780ffe36246c58fdd0e150d22fce7df4dd954eae19a60009e5b99b8649b6d728a46bd9f90ddfbccb6951dfa7b106a6d0fda3b76b23ef475dcf2d1147ae15d4d34035e1929681fe802dfbc5bbbcd98e107c39cbe07cce6911a9202709853bcc4748fde8dc409b7939be5e4b6c97fb90dc6031
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0100000000010f5c98b8f5
+            Version: 3
+            TBS:
+                MD5: 832074a51bea8e4758c8dfeb2e96ad84
+                SHA1: 04ba895ed074635a01875a1f25da93e2e2cbbfba
+                SHA256: c5ba90a16c07cee0cb480ee21c9bedaf3ea4cbe004589b74fb9c2c0bedbc7c1b
+                SHA384: 94a7139c5e1fb29c73f8882dc40027a3929d0aab66c9be0138707c68ba43a1f329477f4bcec47cb0d0d48e918fecc91d
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
+                Primary Object Publishing CA
+            ValidFrom: '1999-01-28 12:00:00'
+            ValidTo: '2014-01-27 11:00:00'
+            Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9611cd6
+            Version: 3
+            TBS:
+                MD5: 698f075151097d84c0b1f3e7bc3d6fca
+                SHA1: 041750993d7c9e063f02dfe74699598640911aab
+                SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
+                SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            ValidFrom: '2004-01-22 09:00:00'
+            ValidTo: '2014-01-27 10:00:00'
+            Signature: 11d45d8af43d0d9d7e4fa70071610b56b34caa70e1b2d1dec7886d1d897c2ba946e58b1f8e4cc26695911fe34d394ae31b70b7446edc068a4d6d25e89812dcbca0dd864eae8f81130540905a542529944acaf165b4ef0679dae7cb86f004c918dcee72b320015748dfe333e12ccd9c077f9447278d888d340ca67c5c20c17d07b3736b648c26d29bd7e87965a6a891a174862a050282c1847cf279cd3c2a2b0f99291eea8c8a1ab16aeaa266380e65e1add8c6c91f888d3976ee1782c4138d97ce6341e77af5b4b66c15c33813b3930b620688dde1447f10a950248b60dc05f75ba514b27b56720b96eabffc057090659e051ca4dd07af4b57dec639673bc574
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9612448
+            Version: 3
+            TBS:
+                MD5: 2fc76031fc24eec1ef3db2d246d21d6a
+                SHA1: 75c3a1f76b9dfa31ef6bf56325e7bd0bf6e4779d
+                SHA256: 9238292d441c56dc89684c253343c17de3ed9cecd7f83d1d8f793b5ebc91f7b9
+                SHA384: 9279c1377eb701fdd79ef85038ff151cd8902169ba55fca84b9850f003563f73a1daaf869544252a2e42f06f58d2275f
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 0100000000010f5c98b8f5
+            Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 27082193599c13d88cd3571465c0869f
+        SHA1: 0ca5abc904d8a25537355902fe3e897263b7c780
+        SHA256: 345dc7d1b4b40f3ae817e86ae8a68038f88f5c21c8c34876e2f0c320a681e724
+    Sections:
+        .text:
+            Entropy: 6.424057457116316
+            Virtual Size: '0x2bf0'
+        .rdata:
+            Entropy: 7.160715749285086
+            Virtual Size: '0x5d4'
+        .data:
+            Entropy: 2.0
+            Virtual Size: '0x4'
+        INIT:
+            Entropy: 5.4154107889213075
+            Virtual Size: '0x538'
+        .rsrc:
+            Entropy: 3.332445756647145
+            Virtual Size: '0x4d8'
+        .reloc:
+            Entropy: 5.01593937139053
+            Virtual Size: '0x1c2'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2008-07-16 14:59:48'
+    Imphash: 3a4e0bc46866ca54459753f62c879b62
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: ElbyCDIO.sys
+    MD5: aaa8999a169e39fb8b48ae49cd6ac30a
+    SHA1: 2eeab9786dac3f5f69e642f6e29f4e4819038551
+    SHA256: 8137ce22d0d0fc5ea5b174d6ad3506a4949506477b1325da2ccb76511f4c4f60
+    Authentihash:
+        MD5: efa9728ff65fc5bd690400a9a6252642
+        SHA1: b827692fe57b0b51f7671d55c0a5dd6446342acd
+        SHA256: 911541d26b605a97ba099563b9eb7e027c102f139dba5884a57df5a13cf3dcef
+    Description: ElbyCD Windows NT/2000/XP I/O driver
+    Company: Elaborate Bytes AG
+    InternalName: ElbyCDIO
+    OriginalFilename: ElbyCDIO.sys
+    FileVersion: 6, 0, 1, 0
+    Product: CDRTools
+    ProductVersion: 6, 0, 0, 0
+    Copyright: Copyright (C) 2000 - 2007 Elaborate Bytes AG
+    MachineType: I386
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - ZwWriteFile
+    - ZwClose
+    - ZwSetInformationFile
+    - ZwQueryInformationFile
+    - ZwOpenFile
+    - RtlInitUnicodeString
+    - ZwCreateFile
+    - ZwCreateKey
+    - swprintf
+    - ZwQueryVolumeInformationFile
+    - ZwQuerySymbolicLinkObject
+    - ZwOpenSymbolicLinkObject
+    - ZwQueryValueKey
+    - ZwOpenKey
+    - ZwSetValueKey
+    - ZwSetInformationThread
+    - PsTerminateSystemThread
+    - KeWaitForSingleObject
+    - KeSetEvent
+    - ObfDereferenceObject
+    - ObReferenceObjectByHandle
+    - PsCreateSystemThread
+    - KeInitializeEvent
+    - ZwReadFile
+    - PsGetCurrentProcessId
+    - IofCompleteRequest
+    - KeInitializeMutex
+    - ExAllocatePool
+    - RtlFreeUnicodeString
+    - RtlAnsiStringToUnicodeString
+    - RtlInitAnsiString
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - IofCallDriver
+    - IoBuildDeviceIoControlRequest
+    - IoFreeMdl
+    - MmUnlockPages
+    - MmMapLockedPages
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - _except_handler3
+    - ZwDeleteKey
+    - ZwDeviceIoControlFile
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeTickCount
+    - KeBugCheckEx
+    - KeInitializeSpinLock
+    - ExFreePool
+    - KeReleaseMutex
+    - KfReleaseSpinLock
+    - KfAcquireSpinLock
+    - KeQueryPerformanceCounter
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=CH, O=Elaborate Bytes AG, CN=Elaborate Bytes AG, emailAddress=admin@elby.ch
+            ValidFrom: '2006-12-07 11:07:29'
+            ValidTo: '2008-12-07 11:07:29'
+            Signature: 312a78bb7289ca49f93bb483f0a56c77003b9bc3dda8096af5a455a642aeb201ceaadcacce82396eadef1bc05108e296eae1d8d074949170f28f78fa24bed56e7dca69067866d2d790c10929db5d6e7026906dc96a4c3e2b0254b86328393272826bad272dc3911b2c3ec6832d88e95a696d7e5da86c3f946c306df5a5d7e78b0cba5df4d78035e76fa33c452afc780ffe36246c58fdd0e150d22fce7df4dd954eae19a60009e5b99b8649b6d728a46bd9f90ddfbccb6951dfa7b106a6d0fda3b76b23ef475dcf2d1147ae15d4d34035e1929681fe802dfbc5bbbcd98e107c39cbe07cce6911a9202709853bcc4748fde8dc409b7939be5e4b6c97fb90dc6031
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0100000000010f5c98b8f5
+            Version: 3
+            TBS:
+                MD5: 832074a51bea8e4758c8dfeb2e96ad84
+                SHA1: 04ba895ed074635a01875a1f25da93e2e2cbbfba
+                SHA256: c5ba90a16c07cee0cb480ee21c9bedaf3ea4cbe004589b74fb9c2c0bedbc7c1b
+                SHA384: 94a7139c5e1fb29c73f8882dc40027a3929d0aab66c9be0138707c68ba43a1f329477f4bcec47cb0d0d48e918fecc91d
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
+                Primary Object Publishing CA
+            ValidFrom: '1999-01-28 12:00:00'
+            ValidTo: '2014-01-27 11:00:00'
+            Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9611cd6
+            Version: 3
+            TBS:
+                MD5: 698f075151097d84c0b1f3e7bc3d6fca
+                SHA1: 041750993d7c9e063f02dfe74699598640911aab
+                SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
+                SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            ValidFrom: '2004-01-22 09:00:00'
+            ValidTo: '2014-01-27 10:00:00'
+            Signature: 11d45d8af43d0d9d7e4fa70071610b56b34caa70e1b2d1dec7886d1d897c2ba946e58b1f8e4cc26695911fe34d394ae31b70b7446edc068a4d6d25e89812dcbca0dd864eae8f81130540905a542529944acaf165b4ef0679dae7cb86f004c918dcee72b320015748dfe333e12ccd9c077f9447278d888d340ca67c5c20c17d07b3736b648c26d29bd7e87965a6a891a174862a050282c1847cf279cd3c2a2b0f99291eea8c8a1ab16aeaa266380e65e1add8c6c91f888d3976ee1782c4138d97ce6341e77af5b4b66c15c33813b3930b620688dde1447f10a950248b60dc05f75ba514b27b56720b96eabffc057090659e051ca4dd07af4b57dec639673bc574
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9612448
+            Version: 3
+            TBS:
+                MD5: 2fc76031fc24eec1ef3db2d246d21d6a
+                SHA1: 75c3a1f76b9dfa31ef6bf56325e7bd0bf6e4779d
+                SHA256: 9238292d441c56dc89684c253343c17de3ed9cecd7f83d1d8f793b5ebc91f7b9
+                SHA384: 9279c1377eb701fdd79ef85038ff151cd8902169ba55fca84b9850f003563f73a1daaf869544252a2e42f06f58d2275f
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 0100000000010f5c98b8f5
+            Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 2bd828d8b8ded8e0c78b284e2297acf9
+        SHA1: 2ab50048d7b02cbbbffdf54058b0df8f317c21af
+        SHA256: 56c02208d99c7edffe52c78ded19f95263f6e97639c8f4c6497ebf2191a732fd
+    Sections:
+        .text:
+            Entropy: 6.372399086395989
+            Virtual Size: '0x2e68'
+        .rdata:
+            Entropy: 7.130199720860538
+            Virtual Size: '0x5e4'
+        .data:
+            Entropy: 2.0
+            Virtual Size: '0x4'
+        INIT:
+            Entropy: 5.4063363613622535
+            Virtual Size: '0x59c'
+        .rsrc:
+            Entropy: 3.323528167515758
+            Virtual Size: '0x4d8'
+        .reloc:
+            Entropy: 5.105327103742467
+            Virtual Size: '0x1f0'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2007-08-07 13:48:32'
+    Imphash: f4b8d579fbdb32eabd01954394f5bf3a
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: ElbyCDIO.sys
+    MD5: d21fba3d09e5b060bd08796916166218
+    SHA1: caa0cb48368542a54949be18475d45b342fb76e5
+    SHA256: 82fbcb371d53b8a76a25fbbafaae31147c0d1f6b9f26b3ea45262c2267386989
+    Authentihash:
+        MD5: 2b8c47b3e15625119ef7576646fdefda
+        SHA1: 5ad820b5cac4e44ded1534169631e7d3fc8547d1
+        SHA256: 8907c476440abdd7f71feb068443a7c9736aa6bf625dfb8b6931c46341aa4abf
+    Description: ElbyCD Windows NT/2000/XP I/O driver
+    Company: Elaborate Bytes AG
+    InternalName: ElbyCDIO
+    OriginalFilename: ElbyCDIO.sys
+    FileVersion: 6, 0, 0, 7
+    Product: CDRTools
+    ProductVersion: 6, 0, 0, 0
+    Copyright: Copyright (C) 2000 - 2007 Elaborate Bytes AG
+    MachineType: I386
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - ZwWriteFile
+    - ZwClose
+    - ZwSetInformationFile
+    - ZwQueryInformationFile
+    - ZwOpenFile
+    - RtlInitUnicodeString
+    - ZwCreateFile
+    - ZwOpenKey
+    - swprintf
+    - ZwQueryVolumeInformationFile
+    - ZwQuerySymbolicLinkObject
+    - ZwOpenSymbolicLinkObject
+    - PsTerminateSystemThread
+    - ZwQueryInformationProcess
+    - ZwSetInformationThread
+    - KeReleaseMutex
+    - ObfDereferenceObject
+    - KeWaitForMultipleObjects
+    - PsCreateSystemThread
+    - KeWaitForSingleObject
+    - ObReferenceObjectByHandle
+    - ZwOpenProcess
+    - KeSetEvent
+    - KeInitializeEvent
+    - ZwReadFile
+    - IofCompleteRequest
+    - KeInitializeMutex
+    - ExAllocatePool
+    - RtlFreeUnicodeString
+    - RtlAnsiStringToUnicodeString
+    - RtlInitAnsiString
+    - ZwCreateKey
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - IofCallDriver
+    - IoBuildDeviceIoControlRequest
+    - IoFreeMdl
+    - MmUnlockPages
+    - MmMapLockedPages
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - _except_handler3
+    - ZwDeleteKey
+    - ZwDeviceIoControlFile
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeTickCount
+    - KeBugCheckEx
+    - KeInitializeSpinLock
+    - ExFreePool
+    - PsGetCurrentProcessId
+    - KfReleaseSpinLock
+    - KfAcquireSpinLock
+    - KeQueryPerformanceCounter
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=CH, O=Elaborate Bytes AG, CN=Elaborate Bytes AG, emailAddress=admin@elby.ch
+            ValidFrom: '2006-12-07 11:07:29'
+            ValidTo: '2008-12-07 11:07:29'
+            Signature: 312a78bb7289ca49f93bb483f0a56c77003b9bc3dda8096af5a455a642aeb201ceaadcacce82396eadef1bc05108e296eae1d8d074949170f28f78fa24bed56e7dca69067866d2d790c10929db5d6e7026906dc96a4c3e2b0254b86328393272826bad272dc3911b2c3ec6832d88e95a696d7e5da86c3f946c306df5a5d7e78b0cba5df4d78035e76fa33c452afc780ffe36246c58fdd0e150d22fce7df4dd954eae19a60009e5b99b8649b6d728a46bd9f90ddfbccb6951dfa7b106a6d0fda3b76b23ef475dcf2d1147ae15d4d34035e1929681fe802dfbc5bbbcd98e107c39cbe07cce6911a9202709853bcc4748fde8dc409b7939be5e4b6c97fb90dc6031
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0100000000010f5c98b8f5
+            Version: 3
+            TBS:
+                MD5: 832074a51bea8e4758c8dfeb2e96ad84
+                SHA1: 04ba895ed074635a01875a1f25da93e2e2cbbfba
+                SHA256: c5ba90a16c07cee0cb480ee21c9bedaf3ea4cbe004589b74fb9c2c0bedbc7c1b
+                SHA384: 94a7139c5e1fb29c73f8882dc40027a3929d0aab66c9be0138707c68ba43a1f329477f4bcec47cb0d0d48e918fecc91d
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
+                Primary Object Publishing CA
+            ValidFrom: '1999-01-28 12:00:00'
+            ValidTo: '2014-01-27 11:00:00'
+            Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9611cd6
+            Version: 3
+            TBS:
+                MD5: 698f075151097d84c0b1f3e7bc3d6fca
+                SHA1: 041750993d7c9e063f02dfe74699598640911aab
+                SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
+                SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            ValidFrom: '2004-01-22 09:00:00'
+            ValidTo: '2014-01-27 10:00:00'
+            Signature: 11d45d8af43d0d9d7e4fa70071610b56b34caa70e1b2d1dec7886d1d897c2ba946e58b1f8e4cc26695911fe34d394ae31b70b7446edc068a4d6d25e89812dcbca0dd864eae8f81130540905a542529944acaf165b4ef0679dae7cb86f004c918dcee72b320015748dfe333e12ccd9c077f9447278d888d340ca67c5c20c17d07b3736b648c26d29bd7e87965a6a891a174862a050282c1847cf279cd3c2a2b0f99291eea8c8a1ab16aeaa266380e65e1add8c6c91f888d3976ee1782c4138d97ce6341e77af5b4b66c15c33813b3930b620688dde1447f10a950248b60dc05f75ba514b27b56720b96eabffc057090659e051ca4dd07af4b57dec639673bc574
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9612448
+            Version: 3
+            TBS:
+                MD5: 2fc76031fc24eec1ef3db2d246d21d6a
+                SHA1: 75c3a1f76b9dfa31ef6bf56325e7bd0bf6e4779d
+                SHA256: 9238292d441c56dc89684c253343c17de3ed9cecd7f83d1d8f793b5ebc91f7b9
+                SHA384: 9279c1377eb701fdd79ef85038ff151cd8902169ba55fca84b9850f003563f73a1daaf869544252a2e42f06f58d2275f
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 0100000000010f5c98b8f5
+            Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 589450fa6c6213445bb9aa901c944d47
+        SHA1: de49771e01d34ce6f4663a14eea50c9f509ab899
+        SHA256: 9e7a40176c4bb2dc5645359adf4e7252cab1ba935e18e191db2889044dc6c13d
+    Sections:
+        .text:
+            Entropy: 6.418688362028714
+            Virtual Size: '0x2f68'
+        .rdata:
+            Entropy: 7.152099793791149
+            Virtual Size: '0x5e4'
+        .data:
+            Entropy: 2.0
+            Virtual Size: '0x4'
+        INIT:
+            Entropy: 5.406740545618571
+            Virtual Size: '0x5c6'
+        .rsrc:
+            Entropy: 3.328147473275693
+            Virtual Size: '0x4d8'
+        .reloc:
+            Entropy: 5.197766729983576
+            Virtual Size: '0x20c'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2007-08-01 15:38:24'
+    Imphash: 0265c50548889ffd5c2d3a2539885efe
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: ElbyCDIO.sys
+    MD5: b5326548762bfaae7a42d5b0898dfeac
+    SHA1: f3029dba668285aac04117273599ac12a94a3564
+    SHA256: 8f68ca89910ebe9da3d02ec82d935de1814d79c44f36cd30ea02fa49ae488f00
+    Authentihash:
+        MD5: fc16498ddf3716e03fdd527c456ea80b
+        SHA1: 7436e16cf348558015593cbf5ab9c117d97738cc
+        SHA256: a3cf1a6edd205e04653b4338c077072ee753cde0a692490ecaf7afde27df5f0b
+    Description: ElbyCD Windows NT/2000/XP I/O driver
+    Company: Elaborate Bytes AG
+    InternalName: ElbyCDIO
+    OriginalFilename: ElbyCDIO.sys
+    FileVersion: 6, 0, 0, 1
+    Product: CDRTools
+    ProductVersion: 6, 0, 0, 0
+    Copyright: Copyright (C) 2000 - 2006 Elaborate Bytes AG
+    MachineType: I386
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - KeWaitForSingleObject
+    - RtlFreeUnicodeString
+    - ZwCreateFile
+    - RtlAnsiStringToUnicodeString
+    - RtlInitAnsiString
+    - ZwCreateKey
+    - ZwOpenKey
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - IofCallDriver
+    - IoBuildDeviceIoControlRequest
+    - KeInitializeEvent
+    - IoFreeMdl
+    - MmUnlockPages
+    - KeReleaseMutex
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - ExFreePool
+    - ObfDereferenceObject
+    - ObReferenceObjectByHandle
+    - ExAllocatePool
+    - ZwDeleteKey
+    - ZwClose
+    - ZwDeviceIoControlFile
+    - IoCreateSymbolicLink
+    - KeInitializeMutex
+    - IoCreateDevice
+    - RtlUnwind
+    - KeTickCount
+    - MmMapLockedPages
+    - IofCompleteRequest
+    - KeQueryPerformanceCounter
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=CH, O=Elaborate Bytes AG, CN=Elaborate Bytes AG, emailAddress=admin@elby.ch
+            ValidFrom: '2006-12-07 11:07:29'
+            ValidTo: '2008-12-07 11:07:29'
+            Signature: 312a78bb7289ca49f93bb483f0a56c77003b9bc3dda8096af5a455a642aeb201ceaadcacce82396eadef1bc05108e296eae1d8d074949170f28f78fa24bed56e7dca69067866d2d790c10929db5d6e7026906dc96a4c3e2b0254b86328393272826bad272dc3911b2c3ec6832d88e95a696d7e5da86c3f946c306df5a5d7e78b0cba5df4d78035e76fa33c452afc780ffe36246c58fdd0e150d22fce7df4dd954eae19a60009e5b99b8649b6d728a46bd9f90ddfbccb6951dfa7b106a6d0fda3b76b23ef475dcf2d1147ae15d4d34035e1929681fe802dfbc5bbbcd98e107c39cbe07cce6911a9202709853bcc4748fde8dc409b7939be5e4b6c97fb90dc6031
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0100000000010f5c98b8f5
+            Version: 3
+            TBS:
+                MD5: 832074a51bea8e4758c8dfeb2e96ad84
+                SHA1: 04ba895ed074635a01875a1f25da93e2e2cbbfba
+                SHA256: c5ba90a16c07cee0cb480ee21c9bedaf3ea4cbe004589b74fb9c2c0bedbc7c1b
+                SHA384: 94a7139c5e1fb29c73f8882dc40027a3929d0aab66c9be0138707c68ba43a1f329477f4bcec47cb0d0d48e918fecc91d
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
+                Primary Object Publishing CA
+            ValidFrom: '1999-01-28 12:00:00'
+            ValidTo: '2014-01-27 11:00:00'
+            Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9611cd6
+            Version: 3
+            TBS:
+                MD5: 698f075151097d84c0b1f3e7bc3d6fca
+                SHA1: 041750993d7c9e063f02dfe74699598640911aab
+                SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
+                SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2008-12-03 23:59:59'
+            Signature: 877870da4e5201205be079c98230c4fdb91996bd9100c3bdcdcdc6f40ed8fff94dc033623011c5f5741bd492de5f9c2013b17c45be50cd83e7801783a72793671346fbcab8984103cc9b515b058b7fa86ff31b501b242ef2698d6c22f7bbca1695ed0c74c06877d9eb996287c17390f889747a23aba3987b97b1f78f29714d2e751b4841daf0b50d2054d677a097826369fd09cf8af075bb099bd9f91155269a6132be7a02b07b86bea2c38b222c78d13576bc92735cf9b9e64c150a23cce4d2d4342e4940153c0f607a24c6a566ef96cf70eb3ee7f40d7edcd17ca3767169c19c4f47303521b1a2af1a623c2bd98eaa2a077bd818b35c7be29da56ffe3c89ad
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0de92bf0d4d82988183205095e9a7688
+            Version: 3
+            TBS:
+                MD5: 45c204b8a20f6abb0188d2d38a3fb0c9
+                SHA1: cdf3a3c5c2eda4c29621f30fd3154f9f8c765739
+                SHA256: e32839dddc0f4ed2474efaf37f59d46db400c700fd19533cb0895a111124bc77
+                SHA384: ee9c75832cb252218b3201619852209df490d2ef7a5f7a28afdb37f1c1dd56f4604898838e558f615b1c798d4a488223
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            ValidFrom: '2004-01-22 09:00:00'
+            ValidTo: '2014-01-27 10:00:00'
+            Signature: 11d45d8af43d0d9d7e4fa70071610b56b34caa70e1b2d1dec7886d1d897c2ba946e58b1f8e4cc26695911fe34d394ae31b70b7446edc068a4d6d25e89812dcbca0dd864eae8f81130540905a542529944acaf165b4ef0679dae7cb86f004c918dcee72b320015748dfe333e12ccd9c077f9447278d888d340ca67c5c20c17d07b3736b648c26d29bd7e87965a6a891a174862a050282c1847cf279cd3c2a2b0f99291eea8c8a1ab16aeaa266380e65e1add8c6c91f888d3976ee1782c4138d97ce6341e77af5b4b66c15c33813b3930b620688dde1447f10a950248b60dc05f75ba514b27b56720b96eabffc057090659e051ca4dd07af4b57dec639673bc574
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9612448
+            Version: 3
+            TBS:
+                MD5: 2fc76031fc24eec1ef3db2d246d21d6a
+                SHA1: 75c3a1f76b9dfa31ef6bf56325e7bd0bf6e4779d
+                SHA256: 9238292d441c56dc89684c253343c17de3ed9cecd7f83d1d8f793b5ebc91f7b9
+                SHA384: 9279c1377eb701fdd79ef85038ff151cd8902169ba55fca84b9850f003563f73a1daaf869544252a2e42f06f58d2275f
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 0100000000010f5c98b8f5
+            Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: c15e20cb179a835c6a295f891d4f43f6
+        SHA1: fb716dec77e711df26bca8c29284c5c21c92a808
+        SHA256: 626b9fbb41fcf7bc7185e02b6d4ca83f5070929c4645876c4b19aa50765655e1
+    Sections:
+        .text:
+            Entropy: 6.0145723403420055
+            Virtual Size: '0xe10'
+        .rdata:
+            Entropy: 3.950676692337647
+            Virtual Size: '0x178'
+        .data:
+            Entropy: 1.9182958340544898
+            Virtual Size: '0x18'
+        INIT:
+            Entropy: 5.282185901600035
+            Virtual Size: '0x3a0'
+        .rsrc:
+            Entropy: 3.322524044533632
+            Virtual Size: '0x4d8'
+        .reloc:
+            Entropy: 4.897249100220145
+            Virtual Size: '0x134'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2006-12-12 15:48:53'
+    Imphash: b91054cdc4c8b3169cfe6c157f6d9f07
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: ElbyCDIO.sys
+    MD5: e9ccb6bac8715918a2ac35d8f0b4e1e6
+    SHA1: 9feacc95d30107ce3e1e9a491e2c12d73eef2979
+    SHA256: 9679758455c69877fce866267d60c39d108b495dca183954e4af869902965b3d
+    Authentihash:
+        MD5: b5cb05a635b6932ea1f7c0ee35592e37
+        SHA1: e8dc3aa48d494fb2bc096523e11859afdd18b10a
+        SHA256: e85d36ca271c4d65abc1cdfff0e629dc5d14edb5bf97669badbb40d2715c1d47
+    Description: ElbyCD Windows x64 I/O driver
+    Company: Elaborate Bytes AG
+    InternalName: ElbyCDIO
+    OriginalFilename: ElbyCDIO.sys
+    FileVersion: 6, 0, 1, 1
+    Product: CDRTools
+    ProductVersion: 6, 0, 0, 0
+    Copyright: Copyright (C) 2000 - 2008 Elaborate Bytes AG
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - KeAcquireSpinLockRaiseToDpc
+    - KeReleaseSpinLock
+    - ZwReadFile
+    - ZwWriteFile
+    - ZwCreateFile
+    - RtlInitUnicodeString
+    - swprintf
+    - ZwQueryVolumeInformationFile
+    - ZwOpenFile
+    - ZwClose
+    - ZwQuerySymbolicLinkObject
+    - ZwOpenSymbolicLinkObject
+    - PsTerminateSystemThread
+    - ZwSetInformationThread
+    - KeWaitForSingleObject
+    - KeSetEvent
+    - ObfDereferenceObject
+    - ObReferenceObjectByHandle
+    - PsCreateSystemThread
+    - KeInitializeEvent
+    - KeReleaseMutex
+    - PsGetCurrentProcessId
+    - IofCompleteRequest
+    - ExAllocatePool
+    - ExFreePool
+    - RtlFreeUnicodeString
+    - RtlAnsiStringToUnicodeString
+    - RtlInitAnsiString
+    - ZwCreateKey
+    - ZwOpenKey
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - IofCallDriver
+    - IoBuildDeviceIoControlRequest
+    - __C_specific_handler
+    - IoFreeMdl
+    - MmUnlockPages
+    - MmMapLockedPages
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - ZwDeviceIoControlFile
+    - ZwDeleteKey
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeBugCheckEx
+    - KeInitializeMutex
+    - KeQueryPerformanceCounter
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=CH, O=Elaborate Bytes AG, CN=Elaborate Bytes AG, emailAddress=admin@elby.ch
+            ValidFrom: '2006-12-07 11:07:29'
+            ValidTo: '2008-12-07 11:07:29'
+            Signature: 312a78bb7289ca49f93bb483f0a56c77003b9bc3dda8096af5a455a642aeb201ceaadcacce82396eadef1bc05108e296eae1d8d074949170f28f78fa24bed56e7dca69067866d2d790c10929db5d6e7026906dc96a4c3e2b0254b86328393272826bad272dc3911b2c3ec6832d88e95a696d7e5da86c3f946c306df5a5d7e78b0cba5df4d78035e76fa33c452afc780ffe36246c58fdd0e150d22fce7df4dd954eae19a60009e5b99b8649b6d728a46bd9f90ddfbccb6951dfa7b106a6d0fda3b76b23ef475dcf2d1147ae15d4d34035e1929681fe802dfbc5bbbcd98e107c39cbe07cce6911a9202709853bcc4748fde8dc409b7939be5e4b6c97fb90dc6031
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0100000000010f5c98b8f5
+            Version: 3
+            TBS:
+                MD5: 832074a51bea8e4758c8dfeb2e96ad84
+                SHA1: 04ba895ed074635a01875a1f25da93e2e2cbbfba
+                SHA256: c5ba90a16c07cee0cb480ee21c9bedaf3ea4cbe004589b74fb9c2c0bedbc7c1b
+                SHA384: 94a7139c5e1fb29c73f8882dc40027a3929d0aab66c9be0138707c68ba43a1f329477f4bcec47cb0d0d48e918fecc91d
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
+                Primary Object Publishing CA
+            ValidFrom: '1999-01-28 12:00:00'
+            ValidTo: '2014-01-27 11:00:00'
+            Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9611cd6
+            Version: 3
+            TBS:
+                MD5: 698f075151097d84c0b1f3e7bc3d6fca
+                SHA1: 041750993d7c9e063f02dfe74699598640911aab
+                SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
+                SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            ValidFrom: '2004-01-22 09:00:00'
+            ValidTo: '2014-01-27 10:00:00'
+            Signature: 11d45d8af43d0d9d7e4fa70071610b56b34caa70e1b2d1dec7886d1d897c2ba946e58b1f8e4cc26695911fe34d394ae31b70b7446edc068a4d6d25e89812dcbca0dd864eae8f81130540905a542529944acaf165b4ef0679dae7cb86f004c918dcee72b320015748dfe333e12ccd9c077f9447278d888d340ca67c5c20c17d07b3736b648c26d29bd7e87965a6a891a174862a050282c1847cf279cd3c2a2b0f99291eea8c8a1ab16aeaa266380e65e1add8c6c91f888d3976ee1782c4138d97ce6341e77af5b4b66c15c33813b3930b620688dde1447f10a950248b60dc05f75ba514b27b56720b96eabffc057090659e051ca4dd07af4b57dec639673bc574
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9612448
+            Version: 3
+            TBS:
+                MD5: 2fc76031fc24eec1ef3db2d246d21d6a
+                SHA1: 75c3a1f76b9dfa31ef6bf56325e7bd0bf6e4779d
+                SHA256: 9238292d441c56dc89684c253343c17de3ed9cecd7f83d1d8f793b5ebc91f7b9
+                SHA384: 9279c1377eb701fdd79ef85038ff151cd8902169ba55fca84b9850f003563f73a1daaf869544252a2e42f06f58d2275f
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 0100000000010f5c98b8f5
+            Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: add874dc7800e93a88bff903834a5d72
+        SHA1: ed0bb5ae3434fbd499bdb7a1a42a5bae1a47966d
+        SHA256: ef169f60c3155370805f35d7174379ea25c0fb03402cce2957e3af2bcc70690b
+    Sections:
+        .text:
+            Entropy: 6.208771681315594
+            Virtual Size: '0x3c52'
+        .rdata:
+            Entropy: 6.179147948380344
+            Virtual Size: '0xb78'
+        .data:
+            Entropy: 0.5159719988134768
+            Virtual Size: '0x110'
+        .pdata:
+            Entropy: 4.160152730018761
+            Virtual Size: '0x2e8'
+        INIT:
+            Entropy: 5.032885005168776
+            Virtual Size: '0x610'
+        .rsrc:
+            Entropy: 3.3171665901498995
+            Virtual Size: '0x4a8'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2008-07-16 14:59:51'
+    Imphash: e804d4ee2c20f3eb1d3c955e38a2fe11
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: ElbyCDIO.sys
+    MD5: 28cb0b64134ad62c2acf77db8501a619
+    SHA1: 5742ad3d30bd34c0c26c466ac6475a2b832ad59e
+    SHA256: ada4e42bf5ef58ef1aad94435441003b1cc1fcaa5d38bfdbe1a3d736dc451d47
+    Authentihash:
+        MD5: 47a02497d57e9ffa7ab2490d15a0bf90
+        SHA1: da00f69b9d1e4a997094651f4af2c0faad653a10
+        SHA256: c1bbe628f79528417ea741dfad2f589fc4e5c62152e632a89ed080da029d5384
+    Description: ElbyCD Windows NT/2000/XP I/O driver
+    Company: Elaborate Bytes AG
+    InternalName: ElbyCDIO
+    OriginalFilename: ElbyCDIO.sys
+    FileVersion: 6, 0, 1, 2
+    Product: CDRTools
+    ProductVersion: 6, 0, 0, 0
+    Copyright: Copyright (C) 2000 - 2008 Elaborate Bytes AG
+    MachineType: I386
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - ZwWriteFile
+    - ZwCreateFile
+    - RtlInitUnicodeString
+    - swprintf
+    - ZwQueryVolumeInformationFile
+    - ZwOpenFile
+    - ZwClose
+    - ZwQuerySymbolicLinkObject
+    - ZwOpenSymbolicLinkObject
+    - PsTerminateSystemThread
+    - KeWaitForSingleObject
+    - ZwSetInformationThread
+    - KeSetEvent
+    - ObfDereferenceObject
+    - ObReferenceObjectByHandle
+    - PsCreateSystemThread
+    - KeInitializeEvent
+    - KeReleaseMutex
+    - PsGetCurrentProcessId
+    - IofCompleteRequest
+    - KeInitializeMutex
+    - ZwReadFile
+    - RtlFreeUnicodeString
+    - RtlAnsiStringToUnicodeString
+    - RtlInitAnsiString
+    - ZwCreateKey
+    - ZwOpenKey
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - IofCallDriver
+    - IoBuildDeviceIoControlRequest
+    - IoFreeMdl
+    - MmUnlockPages
+    - MmMapLockedPages
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - _except_handler3
+    - ZwDeleteKey
+    - ZwDeviceIoControlFile
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeTickCount
+    - KeBugCheckEx
+    - KeInitializeSpinLock
+    - ExFreePool
+    - ExAllocatePool
+    - KfReleaseSpinLock
+    - KfAcquireSpinLock
+    - KeQueryPerformanceCounter
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=CH, O=Elaborate Bytes AG, CN=Elaborate Bytes AG, emailAddress=admin@elby.ch
+            ValidFrom: '2006-12-07 11:07:29'
+            ValidTo: '2008-12-07 11:07:29'
+            Signature: 312a78bb7289ca49f93bb483f0a56c77003b9bc3dda8096af5a455a642aeb201ceaadcacce82396eadef1bc05108e296eae1d8d074949170f28f78fa24bed56e7dca69067866d2d790c10929db5d6e7026906dc96a4c3e2b0254b86328393272826bad272dc3911b2c3ec6832d88e95a696d7e5da86c3f946c306df5a5d7e78b0cba5df4d78035e76fa33c452afc780ffe36246c58fdd0e150d22fce7df4dd954eae19a60009e5b99b8649b6d728a46bd9f90ddfbccb6951dfa7b106a6d0fda3b76b23ef475dcf2d1147ae15d4d34035e1929681fe802dfbc5bbbcd98e107c39cbe07cce6911a9202709853bcc4748fde8dc409b7939be5e4b6c97fb90dc6031
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0100000000010f5c98b8f5
+            Version: 3
+            TBS:
+                MD5: 832074a51bea8e4758c8dfeb2e96ad84
+                SHA1: 04ba895ed074635a01875a1f25da93e2e2cbbfba
+                SHA256: c5ba90a16c07cee0cb480ee21c9bedaf3ea4cbe004589b74fb9c2c0bedbc7c1b
+                SHA384: 94a7139c5e1fb29c73f8882dc40027a3929d0aab66c9be0138707c68ba43a1f329477f4bcec47cb0d0d48e918fecc91d
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
+                Primary Object Publishing CA
+            ValidFrom: '1999-01-28 12:00:00'
+            ValidTo: '2014-01-27 11:00:00'
+            Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9611cd6
+            Version: 3
+            TBS:
+                MD5: 698f075151097d84c0b1f3e7bc3d6fca
+                SHA1: 041750993d7c9e063f02dfe74699598640911aab
+                SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
+                SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            ValidFrom: '2004-01-22 09:00:00'
+            ValidTo: '2014-01-27 10:00:00'
+            Signature: 11d45d8af43d0d9d7e4fa70071610b56b34caa70e1b2d1dec7886d1d897c2ba946e58b1f8e4cc26695911fe34d394ae31b70b7446edc068a4d6d25e89812dcbca0dd864eae8f81130540905a542529944acaf165b4ef0679dae7cb86f004c918dcee72b320015748dfe333e12ccd9c077f9447278d888d340ca67c5c20c17d07b3736b648c26d29bd7e87965a6a891a174862a050282c1847cf279cd3c2a2b0f99291eea8c8a1ab16aeaa266380e65e1add8c6c91f888d3976ee1782c4138d97ce6341e77af5b4b66c15c33813b3930b620688dde1447f10a950248b60dc05f75ba514b27b56720b96eabffc057090659e051ca4dd07af4b57dec639673bc574
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9612448
+            Version: 3
+            TBS:
+                MD5: 2fc76031fc24eec1ef3db2d246d21d6a
+                SHA1: 75c3a1f76b9dfa31ef6bf56325e7bd0bf6e4779d
+                SHA256: 9238292d441c56dc89684c253343c17de3ed9cecd7f83d1d8f793b5ebc91f7b9
+                SHA384: 9279c1377eb701fdd79ef85038ff151cd8902169ba55fca84b9850f003563f73a1daaf869544252a2e42f06f58d2275f
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 0100000000010f5c98b8f5
+            Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 27082193599c13d88cd3571465c0869f
+        SHA1: 0ca5abc904d8a25537355902fe3e897263b7c780
+        SHA256: 345dc7d1b4b40f3ae817e86ae8a68038f88f5c21c8c34876e2f0c320a681e724
+    Sections:
+        .text:
+            Entropy: 6.423559104609518
+            Virtual Size: '0x2bf4'
+        .rdata:
+            Entropy: 7.167113007266431
+            Virtual Size: '0x5d4'
+        .data:
+            Entropy: 2.0
+            Virtual Size: '0x4'
+        INIT:
+            Entropy: 5.419300948032812
+            Virtual Size: '0x538'
+        .rsrc:
+            Entropy: 3.3353960748169276
+            Virtual Size: '0x4d8'
+        .reloc:
+            Entropy: 4.982180549430246
+            Virtual Size: '0x1c4'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2008-07-21 06:11:57'
+    Imphash: 751c6b5c201f8c52f5512350cad88ddc
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: ElbyCDIO.sys
+    MD5: f141db170bb4c6e088f30ddc58404ad3
+    SHA1: 34b0f1b2038a1572ee6381022a24333357b033c4
+    SHA256: c8eaa5e6d3230b93c126d2d58e32409e4aeeb23ccf0dd047a17f1ef552f92fe9
+    Authentihash:
+        MD5: fc16498ddf3716e03fdd527c456ea80b
+        SHA1: 7436e16cf348558015593cbf5ab9c117d97738cc
+        SHA256: a3cf1a6edd205e04653b4338c077072ee753cde0a692490ecaf7afde27df5f0b
+    Description: ElbyCD Windows NT/2000/XP I/O driver
+    Company: Elaborate Bytes AG
+    InternalName: ElbyCDIO
+    OriginalFilename: ElbyCDIO.sys
+    FileVersion: 6, 0, 0, 1
+    Product: CDRTools
+    ProductVersion: 6, 0, 0, 0
+    Copyright: Copyright (C) 2000 - 2006 Elaborate Bytes AG
+    MachineType: I386
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - KeWaitForSingleObject
+    - RtlFreeUnicodeString
+    - ZwCreateFile
+    - RtlAnsiStringToUnicodeString
+    - RtlInitAnsiString
+    - ZwCreateKey
+    - ZwOpenKey
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - IofCallDriver
+    - IoBuildDeviceIoControlRequest
+    - KeInitializeEvent
+    - IoFreeMdl
+    - MmUnlockPages
+    - KeReleaseMutex
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - ExFreePool
+    - ObfDereferenceObject
+    - ObReferenceObjectByHandle
+    - ExAllocatePool
+    - ZwDeleteKey
+    - ZwClose
+    - ZwDeviceIoControlFile
+    - IoCreateSymbolicLink
+    - KeInitializeMutex
+    - IoCreateDevice
+    - RtlUnwind
+    - KeTickCount
+    - MmMapLockedPages
+    - IofCompleteRequest
+    - KeQueryPerformanceCounter
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=CH, O=Elaborate Bytes AG, CN=Elaborate Bytes AG, emailAddress=admin@elby.ch
+            ValidFrom: '2006-12-07 11:07:29'
+            ValidTo: '2008-12-07 11:07:29'
+            Signature: 312a78bb7289ca49f93bb483f0a56c77003b9bc3dda8096af5a455a642aeb201ceaadcacce82396eadef1bc05108e296eae1d8d074949170f28f78fa24bed56e7dca69067866d2d790c10929db5d6e7026906dc96a4c3e2b0254b86328393272826bad272dc3911b2c3ec6832d88e95a696d7e5da86c3f946c306df5a5d7e78b0cba5df4d78035e76fa33c452afc780ffe36246c58fdd0e150d22fce7df4dd954eae19a60009e5b99b8649b6d728a46bd9f90ddfbccb6951dfa7b106a6d0fda3b76b23ef475dcf2d1147ae15d4d34035e1929681fe802dfbc5bbbcd98e107c39cbe07cce6911a9202709853bcc4748fde8dc409b7939be5e4b6c97fb90dc6031
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0100000000010f5c98b8f5
+            Version: 3
+            TBS:
+                MD5: 832074a51bea8e4758c8dfeb2e96ad84
+                SHA1: 04ba895ed074635a01875a1f25da93e2e2cbbfba
+                SHA256: c5ba90a16c07cee0cb480ee21c9bedaf3ea4cbe004589b74fb9c2c0bedbc7c1b
+                SHA384: 94a7139c5e1fb29c73f8882dc40027a3929d0aab66c9be0138707c68ba43a1f329477f4bcec47cb0d0d48e918fecc91d
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
+                Primary Object Publishing CA
+            ValidFrom: '1999-01-28 12:00:00'
+            ValidTo: '2014-01-27 11:00:00'
+            Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9611cd6
+            Version: 3
+            TBS:
+                MD5: 698f075151097d84c0b1f3e7bc3d6fca
+                SHA1: 041750993d7c9e063f02dfe74699598640911aab
+                SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
+                SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2008-12-03 23:59:59'
+            Signature: 877870da4e5201205be079c98230c4fdb91996bd9100c3bdcdcdc6f40ed8fff94dc033623011c5f5741bd492de5f9c2013b17c45be50cd83e7801783a72793671346fbcab8984103cc9b515b058b7fa86ff31b501b242ef2698d6c22f7bbca1695ed0c74c06877d9eb996287c17390f889747a23aba3987b97b1f78f29714d2e751b4841daf0b50d2054d677a097826369fd09cf8af075bb099bd9f91155269a6132be7a02b07b86bea2c38b222c78d13576bc92735cf9b9e64c150a23cce4d2d4342e4940153c0f607a24c6a566ef96cf70eb3ee7f40d7edcd17ca3767169c19c4f47303521b1a2af1a623c2bd98eaa2a077bd818b35c7be29da56ffe3c89ad
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0de92bf0d4d82988183205095e9a7688
+            Version: 3
+            TBS:
+                MD5: 45c204b8a20f6abb0188d2d38a3fb0c9
+                SHA1: cdf3a3c5c2eda4c29621f30fd3154f9f8c765739
+                SHA256: e32839dddc0f4ed2474efaf37f59d46db400c700fd19533cb0895a111124bc77
+                SHA384: ee9c75832cb252218b3201619852209df490d2ef7a5f7a28afdb37f1c1dd56f4604898838e558f615b1c798d4a488223
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            ValidFrom: '2004-01-22 09:00:00'
+            ValidTo: '2014-01-27 10:00:00'
+            Signature: 11d45d8af43d0d9d7e4fa70071610b56b34caa70e1b2d1dec7886d1d897c2ba946e58b1f8e4cc26695911fe34d394ae31b70b7446edc068a4d6d25e89812dcbca0dd864eae8f81130540905a542529944acaf165b4ef0679dae7cb86f004c918dcee72b320015748dfe333e12ccd9c077f9447278d888d340ca67c5c20c17d07b3736b648c26d29bd7e87965a6a891a174862a050282c1847cf279cd3c2a2b0f99291eea8c8a1ab16aeaa266380e65e1add8c6c91f888d3976ee1782c4138d97ce6341e77af5b4b66c15c33813b3930b620688dde1447f10a950248b60dc05f75ba514b27b56720b96eabffc057090659e051ca4dd07af4b57dec639673bc574
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9612448
+            Version: 3
+            TBS:
+                MD5: 2fc76031fc24eec1ef3db2d246d21d6a
+                SHA1: 75c3a1f76b9dfa31ef6bf56325e7bd0bf6e4779d
+                SHA256: 9238292d441c56dc89684c253343c17de3ed9cecd7f83d1d8f793b5ebc91f7b9
+                SHA384: 9279c1377eb701fdd79ef85038ff151cd8902169ba55fca84b9850f003563f73a1daaf869544252a2e42f06f58d2275f
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 0100000000010f5c98b8f5
+            Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: c15e20cb179a835c6a295f891d4f43f6
+        SHA1: fb716dec77e711df26bca8c29284c5c21c92a808
+        SHA256: 626b9fbb41fcf7bc7185e02b6d4ca83f5070929c4645876c4b19aa50765655e1
+    Sections:
+        .text:
+            Entropy: 6.0145723403420055
+            Virtual Size: '0xe10'
+        .rdata:
+            Entropy: 3.950676692337647
+            Virtual Size: '0x178'
+        .data:
+            Entropy: 1.9182958340544898
+            Virtual Size: '0x18'
+        INIT:
+            Entropy: 5.282185901600035
+            Virtual Size: '0x3a0'
+        .rsrc:
+            Entropy: 3.322524044533632
+            Virtual Size: '0x4d8'
+        .reloc:
+            Entropy: 4.897249100220145
+            Virtual Size: '0x134'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2006-12-12 15:48:53'
+    Imphash: b91054cdc4c8b3169cfe6c157f6d9f07
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: ElbyCDIO.sys
+    MD5: 0634299fc837b47b531e4762d946b2ae
+    SHA1: 0a19a9c4c9185b80188da529ec9c9f45cbe73186
+    SHA256: f85eb576acb5db0d2f48e5f09a7244165a876fa1ca8697ebb773e4d7071d4439
+    Authentihash:
+        MD5: c18c29b48a4e04a3cd761dc733cfda55
+        SHA1: f43590d096d3ed0bbcfd2b0e41a327ba365bd9ec
+        SHA256: 262268f21c789c2bdaf1950b556456a9a5114ed5759d806200b0cec107bf76d7
+    Description: ElbyCD Windows NT/2000/XP I/O driver
+    Company: Elaborate Bytes AG
+    InternalName: ElbyCDIO
+    OriginalFilename: ElbyCDIO.sys
+    FileVersion: 6, 0, 0, 4
+    Product: CDRTools
+    ProductVersion: 6, 0, 0, 0
+    Copyright: Copyright (C) 2000 - 2007 Elaborate Bytes AG
+    MachineType: I386
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - ZwWriteFile
+    - ZwClose
+    - ZwSetInformationFile
+    - ZwQueryInformationFile
+    - ZwOpenFile
+    - RtlInitUnicodeString
+    - ZwCreateFile
+    - swprintf
+    - ZwQueryVolumeInformationFile
+    - ZwQuerySymbolicLinkObject
+    - ZwOpenSymbolicLinkObject
+    - PsTerminateSystemThread
+    - ZwQueryInformationProcess
+    - ZwSetInformationThread
+    - KeReleaseMutex
+    - ObfDereferenceObject
+    - KeWaitForMultipleObjects
+    - PsCreateSystemThread
+    - KeWaitForSingleObject
+    - ObReferenceObjectByHandle
+    - ZwOpenProcess
+    - KeSetEvent
+    - KeInitializeEvent
+    - PsGetCurrentProcessId
+    - ZwReadFile
+    - KeInitializeMutex
+    - ExAllocatePool
+    - RtlFreeUnicodeString
+    - RtlAnsiStringToUnicodeString
+    - RtlInitAnsiString
+    - ZwCreateKey
+    - ZwOpenKey
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - IofCallDriver
+    - IoBuildDeviceIoControlRequest
+    - IoFreeMdl
+    - MmUnlockPages
+    - MmMapLockedPages
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - _except_handler3
+    - ZwDeleteKey
+    - ZwDeviceIoControlFile
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeTickCount
+    - KeBugCheckEx
+    - KeInitializeSpinLock
+    - ExFreePool
+    - IofCompleteRequest
+    - KfReleaseSpinLock
+    - KfAcquireSpinLock
+    - KeQueryPerformanceCounter
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=CH, O=Elaborate Bytes AG, CN=Elaborate Bytes AG, emailAddress=admin@elby.ch
+            ValidFrom: '2006-12-07 11:07:29'
+            ValidTo: '2008-12-07 11:07:29'
+            Signature: 312a78bb7289ca49f93bb483f0a56c77003b9bc3dda8096af5a455a642aeb201ceaadcacce82396eadef1bc05108e296eae1d8d074949170f28f78fa24bed56e7dca69067866d2d790c10929db5d6e7026906dc96a4c3e2b0254b86328393272826bad272dc3911b2c3ec6832d88e95a696d7e5da86c3f946c306df5a5d7e78b0cba5df4d78035e76fa33c452afc780ffe36246c58fdd0e150d22fce7df4dd954eae19a60009e5b99b8649b6d728a46bd9f90ddfbccb6951dfa7b106a6d0fda3b76b23ef475dcf2d1147ae15d4d34035e1929681fe802dfbc5bbbcd98e107c39cbe07cce6911a9202709853bcc4748fde8dc409b7939be5e4b6c97fb90dc6031
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0100000000010f5c98b8f5
+            Version: 3
+            TBS:
+                MD5: 832074a51bea8e4758c8dfeb2e96ad84
+                SHA1: 04ba895ed074635a01875a1f25da93e2e2cbbfba
+                SHA256: c5ba90a16c07cee0cb480ee21c9bedaf3ea4cbe004589b74fb9c2c0bedbc7c1b
+                SHA384: 94a7139c5e1fb29c73f8882dc40027a3929d0aab66c9be0138707c68ba43a1f329477f4bcec47cb0d0d48e918fecc91d
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
+                Primary Object Publishing CA
+            ValidFrom: '1999-01-28 12:00:00'
+            ValidTo: '2014-01-27 11:00:00'
+            Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9611cd6
+            Version: 3
+            TBS:
+                MD5: 698f075151097d84c0b1f3e7bc3d6fca
+                SHA1: 041750993d7c9e063f02dfe74699598640911aab
+                SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
+                SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            ValidFrom: '2004-01-22 09:00:00'
+            ValidTo: '2014-01-27 10:00:00'
+            Signature: 11d45d8af43d0d9d7e4fa70071610b56b34caa70e1b2d1dec7886d1d897c2ba946e58b1f8e4cc26695911fe34d394ae31b70b7446edc068a4d6d25e89812dcbca0dd864eae8f81130540905a542529944acaf165b4ef0679dae7cb86f004c918dcee72b320015748dfe333e12ccd9c077f9447278d888d340ca67c5c20c17d07b3736b648c26d29bd7e87965a6a891a174862a050282c1847cf279cd3c2a2b0f99291eea8c8a1ab16aeaa266380e65e1add8c6c91f888d3976ee1782c4138d97ce6341e77af5b4b66c15c33813b3930b620688dde1447f10a950248b60dc05f75ba514b27b56720b96eabffc057090659e051ca4dd07af4b57dec639673bc574
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9612448
+            Version: 3
+            TBS:
+                MD5: 2fc76031fc24eec1ef3db2d246d21d6a
+                SHA1: 75c3a1f76b9dfa31ef6bf56325e7bd0bf6e4779d
+                SHA256: 9238292d441c56dc89684c253343c17de3ed9cecd7f83d1d8f793b5ebc91f7b9
+                SHA384: 9279c1377eb701fdd79ef85038ff151cd8902169ba55fca84b9850f003563f73a1daaf869544252a2e42f06f58d2275f
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 0100000000010f5c98b8f5
+            Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 589450fa6c6213445bb9aa901c944d47
+        SHA1: de49771e01d34ce6f4663a14eea50c9f509ab899
+        SHA256: 9e7a40176c4bb2dc5645359adf4e7252cab1ba935e18e191db2889044dc6c13d
+    Sections:
+        .text:
+            Entropy: 6.3852385935006275
+            Virtual Size: '0x2e68'
+        .rdata:
+            Entropy: 7.145465057024416
+            Virtual Size: '0x5e4'
+        .data:
+            Entropy: 2.0
+            Virtual Size: '0x4'
+        INIT:
+            Entropy: 5.397728657185974
+            Virtual Size: '0x5c6'
+        .rsrc:
+            Entropy: 3.32214356727726
+            Virtual Size: '0x4d8'
+        .reloc:
+            Entropy: 5.170233620489706
+            Virtual Size: '0x202'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2007-07-20 05:58:51'
+    Imphash: bc44fdc145156a15d0a803d18877b218
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/7a7630d6-d007-4d84-a17d-81236d9693e1.yaml b/yaml/7a7630d6-d007-4d84-a17d-81236d9693e1.yaml
index 7034ea3e4..97a11f22d 100644
--- a/yaml/7a7630d6-d007-4d84-a17d-81236d9693e1.yaml
+++ b/yaml/7a7630d6-d007-4d84-a17d-81236d9693e1.yaml
@@ -1,134 +1,134 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 7a7630d6-d007-4d84-a17d-81236d9693e1
+Tags:
+- d.sys
+Verified: 'FALSE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create d.sys binPath=C:\windows\temp\d.sys type=kernel && sc.exe
-    start d.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection: []
-Id: 7a7630d6-d007-4d84-a17d-81236d9693e1
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 19dd018ebddfa9044b05fbb9ddffd7f9
-    SHA1: 80111a99c4f127cca12f1902ca241b3e65f339ff
-    SHA256: a4ca4a0932afa09e8df3469768f5ac6feaff2b7ae27ac208a218288fc4fbf102
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2007-06-19 23:46:07'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: d.sys
-  ImportedFunctions:
-  - KeInitializeEvent
-  - ObReferenceObjectByHandle
-  - ZwClose
-  - ObfDereferenceObject
-  - PsCreateSystemThread
-  - IoGetCurrentProcess
-  - _stricmp
-  - strchr
-  - ZwCreateFile
-  - RtlInitUnicodeString
-  - ZwReadFile
-  - ZwQueryInformationFile
-  - KeDetachProcess
-  - ProbeForRead
-  - ZwQueryInformationProcess
-  - KeAttachProcess
-  - KeLeaveCriticalRegion
-  - KeEnterCriticalRegion
-  - ObOpenObjectByName
-  - KeServiceDescriptorTable
-  - KeAddSystemServiceTable
-  - PsGetCurrentProcessId
-  - ProbeForWrite
-  - wcsstr
-  - ObQueryNameString
-  - IoFileObjectType
-  - SeSinglePrivilegeCheck
-  - KeGetPreviousMode
-  - KeDelayExecutionThread
-  - ZwAllocateVirtualMemory
-  - ZwQuerySection
-  - ExfInterlockedInsertTailList
-  - ExFreePoolWithTag
-  - sprintf
-  - RtlVolumeDeviceToDosName
-  - IoGetDeviceObjectPointer
-  - MmSectionObjectType
-  - strstr
-  - _strlwr
-  - PsProcessType
-  - PsSetCreateProcessNotifyRoutine
-  - KeInitializeSpinLock
-  - PsThreadType
-  - PsTerminateSystemThread
-  - vsprintf
-  - KeQuerySystemTime
-  - ExfInterlockedRemoveHeadList
-  - NtBuildNumber
-  - ExAllocatePoolWithTag
-  - ZwOpenKey
-  - ZwEnumerateKey
-  - ZwDeleteKey
-  - _except_handler3
-  - swprintf
-  - _wcsnicmp
-  - ZwQuerySystemInformation
-  - PsLookupProcessByProcessId
-  - wcstombs
-  - ExAcquireFastMutex
-  - ExReleaseFastMutex
-  - KfAcquireSpinLock
-  - KfReleaseSpinLock
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: a60c9173563b940203cf4ad38ccf2082
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: f3e1fc89f2b01c40ea38fc9510166f54
-    SHA1: e532da616b3b77c80bdcb3512ea2ed13872d5c52
-    SHA256: 7e846d33fc8dd8d0efe1e5aab73002ad4d85b7d714cf1740430761c502b839b3
-  SHA1: a3636986cdcd1d1cb8ab540f3d5c29dcc90bb8f0
-  SHA256: c1c4310e5d467d24e864177bdbfc57cb5d29aac697481bfa9c11ddbeebfd4cc8
-  Sections:
-    .text:
-      Entropy: 6.494811181987745
-      Virtual Size: '0x29ea'
-    .rdata:
-      Entropy: 4.39758457014392
-      Virtual Size: '0x1a8'
-    .data:
-      Entropy: 1.8565370577491536
-      Virtual Size: '0x4c8'
-    INIT:
-      Entropy: 5.340341272296366
-      Virtual Size: '0x640'
-    .reloc:
-      Entropy: 5.3775866734053865
-      Virtual Size: '0x4aa'
-  Signature: []
-  Signatures: {}
-  Imphash: 56307b5227183c002e4231320a72b961
-  LoadsDespiteHVCI: 'TRUE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create d.sys binPath=C:\windows\temp\d.sys type=kernel && sc.exe
+        start d.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules
-Tags:
-- d.sys
-Verified: 'FALSE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 19dd018ebddfa9044b05fbb9ddffd7f9
+        SHA1: 80111a99c4f127cca12f1902ca241b3e65f339ff
+        SHA256: a4ca4a0932afa09e8df3469768f5ac6feaff2b7ae27ac208a218288fc4fbf102
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2007-06-19 23:46:07'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: d.sys
+    ImportedFunctions:
+    - KeInitializeEvent
+    - ObReferenceObjectByHandle
+    - ZwClose
+    - ObfDereferenceObject
+    - PsCreateSystemThread
+    - IoGetCurrentProcess
+    - _stricmp
+    - strchr
+    - ZwCreateFile
+    - RtlInitUnicodeString
+    - ZwReadFile
+    - ZwQueryInformationFile
+    - KeDetachProcess
+    - ProbeForRead
+    - ZwQueryInformationProcess
+    - KeAttachProcess
+    - KeLeaveCriticalRegion
+    - KeEnterCriticalRegion
+    - ObOpenObjectByName
+    - KeServiceDescriptorTable
+    - KeAddSystemServiceTable
+    - PsGetCurrentProcessId
+    - ProbeForWrite
+    - wcsstr
+    - ObQueryNameString
+    - IoFileObjectType
+    - SeSinglePrivilegeCheck
+    - KeGetPreviousMode
+    - KeDelayExecutionThread
+    - ZwAllocateVirtualMemory
+    - ZwQuerySection
+    - ExfInterlockedInsertTailList
+    - ExFreePoolWithTag
+    - sprintf
+    - RtlVolumeDeviceToDosName
+    - IoGetDeviceObjectPointer
+    - MmSectionObjectType
+    - strstr
+    - _strlwr
+    - PsProcessType
+    - PsSetCreateProcessNotifyRoutine
+    - KeInitializeSpinLock
+    - PsThreadType
+    - PsTerminateSystemThread
+    - vsprintf
+    - KeQuerySystemTime
+    - ExfInterlockedRemoveHeadList
+    - NtBuildNumber
+    - ExAllocatePoolWithTag
+    - ZwOpenKey
+    - ZwEnumerateKey
+    - ZwDeleteKey
+    - _except_handler3
+    - swprintf
+    - _wcsnicmp
+    - ZwQuerySystemInformation
+    - PsLookupProcessByProcessId
+    - wcstombs
+    - ExAcquireFastMutex
+    - ExReleaseFastMutex
+    - KfAcquireSpinLock
+    - KfReleaseSpinLock
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: a60c9173563b940203cf4ad38ccf2082
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: f3e1fc89f2b01c40ea38fc9510166f54
+        SHA1: e532da616b3b77c80bdcb3512ea2ed13872d5c52
+        SHA256: 7e846d33fc8dd8d0efe1e5aab73002ad4d85b7d714cf1740430761c502b839b3
+    SHA1: a3636986cdcd1d1cb8ab540f3d5c29dcc90bb8f0
+    SHA256: c1c4310e5d467d24e864177bdbfc57cb5d29aac697481bfa9c11ddbeebfd4cc8
+    Sections:
+        .text:
+            Entropy: 6.494811181987745
+            Virtual Size: '0x29ea'
+        .rdata:
+            Entropy: 4.39758457014392
+            Virtual Size: '0x1a8'
+        .data:
+            Entropy: 1.8565370577491536
+            Virtual Size: '0x4c8'
+        INIT:
+            Entropy: 5.340341272296366
+            Virtual Size: '0x640'
+        .reloc:
+            Entropy: 5.3775866734053865
+            Virtual Size: '0x4aa'
+    Signature: []
+    Signatures: {}
+    Imphash: 56307b5227183c002e4231320a72b961
+    LoadsDespiteHVCI: 'TRUE'
diff --git a/yaml/7abc873d-9c28-44c2-8f60-701a8e26af29.yaml b/yaml/7abc873d-9c28-44c2-8f60-701a8e26af29.yaml
index 33b164dee..746b872cd 100644
--- a/yaml/7abc873d-9c28-44c2-8f60-701a8e26af29.yaml
+++ b/yaml/7abc873d-9c28-44c2-8f60-701a8e26af29.yaml
@@ -1,435 +1,435 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 7abc873d-9c28-44c2-8f60-701a8e26af29
+Tags:
+- mhyprotect.sys
+Verified: 'TRUE'
 Author: Michael Haag
+Created: '2023-07-22'
+MitreID: T1068
 CVE:
 - ''
 Category: vulnerable drivers
 Commands:
-  Command: ''
-  Description: Confirmed vulnerable driver from Microsoft Block List
-  OperatingSystem: Windows
-  Privileges: kernel
-  Usecase: Elevate privileges
-Created: '2023-07-22'
-Detection:
-- type: ''
-  value: ''
-Id: 7abc873d-9c28-44c2-8f60-701a8e26af29
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 75ac8a7373e9f09f18bb498481b5d3d1
-    SHA1: 195171715aad9d8f79c147cb045ac278115475e5
-    SHA256: 14bd76f66fe5749d1812f7cf47cc5f9a8a830c53a7ede5e42a14a4140a70f5d2
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2019-07-31 20:57:34'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - NtQuerySystemInformation
-  - WdfVersionBindClass
-  - _stricmp
-  - KeQueryPerformanceCounter
-  - ExAllocatePool
-  - NtQuerySystemInformation
-  - ExFreePoolWithTag
-  - IoAllocateMdl
-  - MmProbeAndLockPages
-  - MmMapLockedPagesSpecifyCache
-  - MmUnlockPages
-  - IoFreeMdl
-  - KeQueryActiveProcessors
-  - KeSetSystemAffinityThread
-  - KeRevertToUserAffinityThread
-  - DbgPrint
-  - KeQueryPerformanceCounter
-  Imports:
-  - ntoskrnl.exe
-  - WDFLDR.SYS
-  - ntoskrnl.exe
-  - HAL.dll
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: 982d39a9c76395dd4c826fe77c00a4bd
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: ffdf660eb1ebf020a1d0a55a90712dfb
-    SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
-    SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
-  SHA1: 134186ba0ba5cda2418818295ca186e80e571ba4
-  SHA256: edeb35e4341034b2de389017c4884b081a821f34349a620897a2a845c84cb09e
-  Sections:
-    .text:
-      Entropy: 0.0
-      Virtual Size: '0x6b90'
-    .rdata:
-      Entropy: 0.0
-      Virtual Size: '0x1544'
-    .data:
-      Entropy: 0.0
-      Virtual Size: '0x15e8'
-    .pdata:
-      Entropy: 0.0
-      Virtual Size: '0x678'
-    PAGE:
-      Entropy: 0.0
-      Virtual Size: '0xb5e'
-    INIT:
-      Entropy: 0.0
-      Virtual Size: '0xe36'
-    .upx0:
-      Entropy: 0.0
-      Virtual Size: '0x2cc0a4'
-    .upx1:
-      Entropy: 2.75
-      Virtual Size: '0x8'
-    .upx2:
-      Entropy: 7.8543365533926535
-      Virtual Size: '0x40b8a0'
-    .reloc:
-      Entropy: 3.8151747449169244
-      Virtual Size: '0xc4'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com,
-        CN=UTN,USERFirst,Object
-      ValidFrom: '2005-06-07 08:09:10'
-      ValidTo: '2020-05-30 10:48:38'
-      Signature: 4d422fa6c18aeb07809058468cf81939662a3c5a2c6dcfd4d987558d790b12887b408fd5c7f84b8d551663adb757dc3b2bbdd3c14f1e03874b449be3e2404526f326492b6a84f1547ad442dafcd36abb667eca9eeae9bbdc07c7c3924e833c81499f92d53209ea492ea111719a36d2c54e68b6cb0e1b2516af6cde5d76d81f72b193268617db18deaf45e9dffb98af1418eda45ef6899445f055044addff27dd064a40f6b4bcf1e40f9902bbfd5d0e2e28c1be3b5f1a3f971084bc163ed8a39c631d66cb5c5fda3ef30f0a093522dbdbc03f00f9e60d5d67d1fda01e032bd940f7becc87665480a6a3b8f51962d5d226b19826ee9acb44a7455a8195151af551
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 421af2940984191f520a4bc62426a74b
-      Version: 3
-      TBS:
-        MD5: 5e970fa8e5b374d84d23bf98aab0173c
-        SHA1: c45627b5584bf62327df60d6185744a2d2f2bcbf
-        SHA256: 1834ca09fa8c45bad85fd11092023310ca8d7bd1a61ce68d5a1b97f176edabac
-        SHA384: d50356245ed5e5d5d2f1d2751b46e65cba80c1a0a643ed735bf0ccc884199f8972ddcf417bd28b08e11bd7a2f2fe5b98
-    - Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO
-        Time Stamping CA
-      ValidFrom: '2011-04-27 00:00:00'
-      ValidTo: '2020-05-30 10:48:38'
-      Signature: 11c93de105e83b65acc9743103b7da8338c692bafdcdf8db639b7d1e90a498c8d9586834b5f00b21539e5946fd6385dffe47aa70e43f5e0895285f14f1fd22ae70e4b7f1b0b6569fb167b868835ea860db9839f6dc495e13a790674be36ee7ebf043c7d02f7dff965aa703d69b54a023d3a5c2a08ef94fd1b20621fe215d278ca0afd9b052eefcc8edb79cf1c92638d6a532ed4897945e3de03d35b4b0c958afc758ff627416926441dacaa8eb8b03bdc14eae1f9132b8e1243b7bed146809869628c93bc96c28c22569f54a61ade027f853a77515b05131b0f141ff3e5a261e607ee2e36a399ac4eaee3fe6b2133f5503044d0b9072d4ebfbbc879051b23819
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 625c4d908cd542fbab2ea5733ff15419
-      Version: 3
-      TBS:
-        MD5: 3e187409e1fcd68ffc6120fb6009cf62
-        SHA1: 9bd61e6a791b075faa44aa3acbe313c5691c75d8
-        SHA256: b770099c68730d04e672fa6b2c95967942de79acf1618b8fae65f12cd9550b6b
-        SHA384: 44bed61de98fb6e1a63b050967e3d6066156e35d7a7aa4d1035fe470fcda13a905a9b5dbe518b7369a2b2e3b9ecf0b4c
-    - Subject: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo
-        SHA,1 Time Stamping Signer
-      ValidFrom: '2019-05-02 00:00:00'
-      ValidTo: '2020-05-30 10:48:38'
-      Signature: 7a7fa94ad2b0a41c1d0d9d2d5cc6ae5add8f451df09e5c90f65eac70fed3d9cde419a40a4375606a83a4c399842031bad6fe4ccf13f810f754097eeadcd22e79d7074c54b7b5c99db2f0f21e2414d09cc7c867aa0b62b7b4f106e4e7e4214b19329934b91961770a3390676cc0884a92f5a14301f3aea26fc995bd9638f783f7ad7c281ff338df8e21c87168532dcbaeaae2301783222918b5e18c89eb6ef87e38bb904fb95f0734126b97d5e63b91be0017216ee26dfc5279ef8125bacf13d0fbdd2bcd81b657894ef0ddf30b4a34ca85ff08b9965feb1113e0e1c503ad571ce15d9206be1bc83c3fa5209f69d069c1c5c2c93ee7c572f7ea1b96e294af862e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 2b73db7463114c5a5b324af230577249
-      Version: 3
-      TBS:
-        MD5: 592ad76ae898df37d17988b22279fb3b
-        SHA1: bedaabb03cb578e823720eea01085b81464a3a8e
-        SHA256: ae3daea3edbaf9106e68f4aeb1806d245b7a22ca71cf373b822e33da849878b3
-        SHA384: 0f03543c450255d894a64cddbedabc2b946134197db1810666cbf86557d72fd0442972c75426ba17a2876a4849100270
-    - Subject: C=CN, L=Shanghai, O=miHoYo Co.,Ltd., OU=OPS, CN=miHoYo Co.,Ltd.
-      ValidFrom: '2019-04-08 00:00:00'
-      ValidTo: '2022-04-08 12:00:00'
-      Signature: 46a5e6f6c38a63b314f7e2677bb86d4bcd7839eef8e006048ddd58c6783ff0657456e61c800efb31966c611f7ca7d1de1785e006e3f4c0b24cb652842e42cbae016320a774724537fc30e8f09895fdb626daa26b5740c7538aa1df1f97dcab12c3a743c2048f6c9a754f66189ac0f21544399798fb780cd347c9cac0443c8d778736938e17cdd5eca8a2338d8171efd61e13c868dff862da9df4ca8c653a227e0971030aa7e6b44dc2199d1ebd9cae00c6f0a3e91bb883cc509fb297902ba5c13e5826071d92178ace51f1a0653b0445cf7ba17226401c92d7db4f67a37d1243f9094ad5f32873891ea5004a8cbfec77129d4955e344492aaee456f852001ded
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 05a7559541e0fdc678d79e3272468907
-      Version: 3
-      TBS:
-        MD5: 3e83a7572d1c522dd9072ba6399029d7
-        SHA1: e2c2d59b70f028a66a8711bfa97f842475f84639
-        SHA256: 5a504a929cb21f72008d5d57bcd992a7cac13f6aa90cbb886b5ecd809e3b59dd
-        SHA384: 72916ab6c7eb3f5cb7444b3d7d2ac8cb52944605477c5a0f181d060e4edb4c37ebe5eb3c0566dda9de2d2707636ec355
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root
-        CA
-      ValidFrom: '2011-04-15 19:41:37'
-      ValidTo: '2021-04-15 19:51:37'
-      Signature: 5cf5b22d02ceed01b53512d813f7aa4014c7a15ca08a55ed7e55ea6ac457176fd04722423658efc5ac61c5f62c52ce6ae6c80d85dab334420ea40225182672b92a4ea57e4b16f2a0e40c449ce24d9af474f0f927a6699031c244654348c74869d0fc8409f286140ac22996857f11eb8713176ed3ec6bff1d578ab17b1ea5a07ce9a27a68e5fac6b161d67263fa379163835599f81d614f0c6fa3f7bcb1152acc8d85e31417ef7e49443fb022c0f0acbe2fdbe10c86b0f4585c5a10a94bcdf3448a4652083e0a6210e9459504b78b8d4b074f500db7bbe7fb8ca27878c6c53b7663b2cfe521845a66fce04c79834ecfa8ee700586587cc29cd73ca3ad3c7e76625c87d0ed7cd5c55b1421f4be75a275d2e9e15ad020307841624d6b5e6e1b1710244ad8588775d015d762bbfd185665842561977faad49df4f35d6da031c2e19e02ac3e90c3327ee832903416d08b14cf95accee58c54a265b8bfed186a57073ed3e79a4a2f081a041c49871a8ae61b08a365d81c31c50d9cbab368ddf45076160675fec403e7d13edfdc862e10027e661296534e7af3365879b12042d8963f35be3f8ef2999743f5e40ce13c68728c8d49d75a52b573fb7a35943a61b08482c04885c19732d39b725fa0d2348f7ef0467cf28c7294c707b0d7b5b230b81965f09c8327b0a0abd0a2727e050fb3aeddb95b9b42bcc32663456b86f11d4643edc8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611cb28a000000000026
-      Version: 3
-      TBS:
-        MD5: 983a0c315a50542362f2bd6a5d71c8d0
-        SHA1: 8047f476001f5cb16a661d2a3fd0c3576168f5e2
-        SHA256: 5f6a519ed2e35cd0fa1cdfc90f4387162c36287bbf9e4d6648251d99542a9e83
-        SHA384: 5f014b60511ddab3247ef0b3c03fe82c622237ba76015e2911d1adc50dc632d56ebd1ee532f3c2b6cbfe68d80a2c91dc
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code
-        Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 7b721d64ff88c83ac1b7e9e7a9c487bbdb9492d7905933fa2b87dea85b80253f138f9b831b7c43c4e68cdf393ec315ecb0da3b21257b24c1725db84791811346fa9c3f6a5138deb425cbf0abdfc528015479104624d1380f26a161904dbabd28e63ff1c4aa9bf6da35534fc9f23dd36cdc23edaaa04d6709f33a803d3cfb364c90e776a4ddf23abf56352fa24c65e8e0d4dad1c7c8916a2d234f373b199418d4d59c103cd5b11c19ff8fc86b9b9ef8ae9c999678d1cd9c51155b4226725a8d0a4a239240e886de22c2933ad49b68a6df297f06b93c0ebd9fc4869c82474271328609997209794b9d7169f541ff7f397764f1848dbe8b1eb27d68a3a590b10cff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0fa8490615d700a0be2176fdc5ec6dbd
-      Version: 3
-      TBS:
-        MD5: a9a31555bbc92b6033975c5428fb3679
-        SHA1: 47f4b9898631773231b32844ec0d49990ac4eb1e
-        SHA256: c826846e4b1d73edb7561ab1b41c949354e237a91e82fe1be5b7e2e1701f52d1
-        SHA384: 86f49574f368a561914a52d7ae043ec6784ef8c718960700f834e123594605d25d39f1ad45f1eb5052c9567f3edd0e16
-    Signer:
-    - SerialNumber: 05a7559541e0fdc678d79e3272468907
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code
-        Signing CA,1
-      Version: 1
-  Imphash: 99b8ab1f6f7cf3c4104347e2872bef54
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 788a1df0b3fd2dfa3fdfc24e441f9d2c
-    SHA1: 2a40c0a92107d9b3faa9aecdedf5016c1ea564f1
-    SHA256: 25454028a4f56d3c58747811a86be43397a6290d1a053bc30d97b41bf3c58c6f
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2020-04-19 21:19:37'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - NtQuerySystemInformation
-  - RtlInitUnicodeString
-  - ExAllocatePool
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - _wcsicmp
-  - RtlInitString
-  - RtlAnsiStringToUnicodeString
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - ZwClose
-  - MmIsAddressValid
-  - ZwOpenDirectoryObject
-  - ZwQueryDirectoryObject
-  - ObReferenceObjectByName
-  - ZwQuerySystemInformation
-  - __C_specific_handler
-  - MmHighestUserAddress
-  - IoDriverObjectType
-  - KeQueryTimeIncrement
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - PsGetProcessWow64Process
-  - PsGetProcessPeb
-  - MmUnlockPages
-  - MmGetSystemRoutineAddress
-  - MmUnmapLockedPages
-  - IoFreeMdl
-  - ZwTerminateProcess
-  - PsGetProcessImageFileName
-  - ObOpenObjectByPointer
-  - PsReferenceProcessFilePointer
-  - IoQueryFileDosDeviceName
-  - ZwQueryVirtualMemory
-  - MmProbeAndLockPages
-  - PsLookupProcessByProcessId
-  - MmMapLockedPagesSpecifyCache
-  - IoAllocateMdl
-  - IoGetCurrentProcess
-  - MmCopyVirtualMemory
-  - KeClearEvent
-  - KeSetEvent
-  - KeWaitForSingleObject
-  - MmMapLockedPages
-  - ObReferenceObjectByHandle
-  - PsSetCreateProcessNotifyRoutineEx
-  - PsSetCreateThreadNotifyRoutine
-  - PsRemoveCreateThreadNotifyRoutine
-  - PsSetLoadImageNotifyRoutine
-  - PsRemoveLoadImageNotifyRoutine
-  - ExEventObjectType
-  - ObRegisterCallbacks
-  - ObUnRegisterCallbacks
-  - ObGetFilterVersion
-  - IoThreadToProcess
-  - strcmp
-  - PsProcessType
-  - PsThreadType
-  - RtlGetVersion
-  - ObfReferenceObject
-  - ObGetObjectType
-  - ExEnumHandleTable
-  - ExfUnblockPushLock
-  - _snprintf
-  - vsprintf_s
-  - ZwCreateFile
-  - ZwWriteFile
-  - PsLookupThreadByThreadId
-  - NtQueryInformationThread
-  - DbgPrint
-  - KeDelayExecutionThread
-  - KdDisableDebugger
-  - KdChangeOption
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - KdDebuggerEnabled
-  - PsGetVersion
-  - KeInitializeEvent
-  - RtlCopyUnicodeString
-  - ObfDereferenceObject
-  - ExReleaseFastMutex
-  - ExAcquireFastMutex
-  - MmBuildMdlForNonPagedPool
-  - WdfVersionBindClass
-  - WdfVersionBind
-  - WdfVersionUnbind
-  - WdfVersionUnbindClass
-  Imports:
-  - ntoskrnl.exe
-  - WDFLDR.SYS
-  InternalName: ''
-  MD5: 3f79ea5d2bbd2023d2f3e47d531f0e33
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: ffdf660eb1ebf020a1d0a55a90712dfb
-    SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
-    SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
-  SHA1: 6946f1c8ab8977e9a8db9eade9180b16dcd72bd9
-  SHA256: 8bdcf7457c2caf7fa0386571f972d7f5220d385ad686e2c3536f4c67ba4333e6
-  Sections:
-    .text:
-      Entropy: 6.1912018117070735
-      Virtual Size: '0x6c80'
-    .rdata:
-      Entropy: 4.780472480164167
-      Virtual Size: '0x1584'
-    .data:
-      Entropy: 0.805522255156276
-      Virtual Size: '0x15f8'
-    .pdata:
-      Entropy: 7.695557676550278
-      Virtual Size: '0x678'
-    PAGE:
-      Entropy: 5.92926389421831
-      Virtual Size: '0xb0e'
-    INIT:
-      Entropy: 5.364167422952783
-      Virtual Size: '0xe36'
-    .upx0:
-      Entropy: 7.020133249394464
-      Virtual Size: '0x11f974'
-    .reloc:
-      Entropy: 3.8296982621776037
-      Virtual Size: '0xc0'
-    .rsrc:
-      Entropy: 2.892850468812766
-      Virtual Size: '0x22c'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=CN, L=Shanghai, O=miHoYo Co.,Ltd., OU=OPS, CN=miHoYo Co.,Ltd.
-      ValidFrom: '2019-04-08 00:00:00'
-      ValidTo: '2022-04-08 12:00:00'
-      Signature: 46a5e6f6c38a63b314f7e2677bb86d4bcd7839eef8e006048ddd58c6783ff0657456e61c800efb31966c611f7ca7d1de1785e006e3f4c0b24cb652842e42cbae016320a774724537fc30e8f09895fdb626daa26b5740c7538aa1df1f97dcab12c3a743c2048f6c9a754f66189ac0f21544399798fb780cd347c9cac0443c8d778736938e17cdd5eca8a2338d8171efd61e13c868dff862da9df4ca8c653a227e0971030aa7e6b44dc2199d1ebd9cae00c6f0a3e91bb883cc509fb297902ba5c13e5826071d92178ace51f1a0653b0445cf7ba17226401c92d7db4f67a37d1243f9094ad5f32873891ea5004a8cbfec77129d4955e344492aaee456f852001ded
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 05a7559541e0fdc678d79e3272468907
-      Version: 3
-      TBS:
-        MD5: 3e83a7572d1c522dd9072ba6399029d7
-        SHA1: e2c2d59b70f028a66a8711bfa97f842475f84639
-        SHA256: 5a504a929cb21f72008d5d57bcd992a7cac13f6aa90cbb886b5ecd809e3b59dd
-        SHA384: 72916ab6c7eb3f5cb7444b3d7d2ac8cb52944605477c5a0f181d060e4edb4c37ebe5eb3c0566dda9de2d2707636ec355
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root
-        CA
-      ValidFrom: '2011-04-15 19:41:37'
-      ValidTo: '2021-04-15 19:51:37'
-      Signature: 5cf5b22d02ceed01b53512d813f7aa4014c7a15ca08a55ed7e55ea6ac457176fd04722423658efc5ac61c5f62c52ce6ae6c80d85dab334420ea40225182672b92a4ea57e4b16f2a0e40c449ce24d9af474f0f927a6699031c244654348c74869d0fc8409f286140ac22996857f11eb8713176ed3ec6bff1d578ab17b1ea5a07ce9a27a68e5fac6b161d67263fa379163835599f81d614f0c6fa3f7bcb1152acc8d85e31417ef7e49443fb022c0f0acbe2fdbe10c86b0f4585c5a10a94bcdf3448a4652083e0a6210e9459504b78b8d4b074f500db7bbe7fb8ca27878c6c53b7663b2cfe521845a66fce04c79834ecfa8ee700586587cc29cd73ca3ad3c7e76625c87d0ed7cd5c55b1421f4be75a275d2e9e15ad020307841624d6b5e6e1b1710244ad8588775d015d762bbfd185665842561977faad49df4f35d6da031c2e19e02ac3e90c3327ee832903416d08b14cf95accee58c54a265b8bfed186a57073ed3e79a4a2f081a041c49871a8ae61b08a365d81c31c50d9cbab368ddf45076160675fec403e7d13edfdc862e10027e661296534e7af3365879b12042d8963f35be3f8ef2999743f5e40ce13c68728c8d49d75a52b573fb7a35943a61b08482c04885c19732d39b725fa0d2348f7ef0467cf28c7294c707b0d7b5b230b81965f09c8327b0a0abd0a2727e050fb3aeddb95b9b42bcc32663456b86f11d4643edc8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611cb28a000000000026
-      Version: 3
-      TBS:
-        MD5: 983a0c315a50542362f2bd6a5d71c8d0
-        SHA1: 8047f476001f5cb16a661d2a3fd0c3576168f5e2
-        SHA256: 5f6a519ed2e35cd0fa1cdfc90f4387162c36287bbf9e4d6648251d99542a9e83
-        SHA384: 5f014b60511ddab3247ef0b3c03fe82c622237ba76015e2911d1adc50dc632d56ebd1ee532f3c2b6cbfe68d80a2c91dc
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code
-        Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 7b721d64ff88c83ac1b7e9e7a9c487bbdb9492d7905933fa2b87dea85b80253f138f9b831b7c43c4e68cdf393ec315ecb0da3b21257b24c1725db84791811346fa9c3f6a5138deb425cbf0abdfc528015479104624d1380f26a161904dbabd28e63ff1c4aa9bf6da35534fc9f23dd36cdc23edaaa04d6709f33a803d3cfb364c90e776a4ddf23abf56352fa24c65e8e0d4dad1c7c8916a2d234f373b199418d4d59c103cd5b11c19ff8fc86b9b9ef8ae9c999678d1cd9c51155b4226725a8d0a4a239240e886de22c2933ad49b68a6df297f06b93c0ebd9fc4869c82474271328609997209794b9d7169f541ff7f397764f1848dbe8b1eb27d68a3a590b10cff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0fa8490615d700a0be2176fdc5ec6dbd
-      Version: 3
-      TBS:
-        MD5: a9a31555bbc92b6033975c5428fb3679
-        SHA1: 47f4b9898631773231b32844ec0d49990ac4eb1e
-        SHA256: c826846e4b1d73edb7561ab1b41c949354e237a91e82fe1be5b7e2e1701f52d1
-        SHA384: 86f49574f368a561914a52d7ae043ec6784ef8c718960700f834e123594605d25d39f1ad45f1eb5052c9567f3edd0e16
-    Signer:
-    - SerialNumber: 05a7559541e0fdc678d79e3272468907
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code
-        Signing CA,1
-      Version: 1
-  Imphash: 409d2ab916237fb129c57aacbb7cb4fe
-  LoadsDespiteHVCI: 'FALSE'
-MitreID: T1068
+    Command: ''
+    Description: Confirmed vulnerable driver from Microsoft Block List
+    OperatingSystem: Windows
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://gist.github.com/mgraeber-rc/1bde6a2a83237f17b463d051d32e802c
-Tags:
-- mhyprotect.sys
-Verified: 'TRUE'
+Detection:
+-   type: ''
+    value: ''
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 75ac8a7373e9f09f18bb498481b5d3d1
+        SHA1: 195171715aad9d8f79c147cb045ac278115475e5
+        SHA256: 14bd76f66fe5749d1812f7cf47cc5f9a8a830c53a7ede5e42a14a4140a70f5d2
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2019-07-31 20:57:34'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - NtQuerySystemInformation
+    - WdfVersionBindClass
+    - _stricmp
+    - KeQueryPerformanceCounter
+    - ExAllocatePool
+    - NtQuerySystemInformation
+    - ExFreePoolWithTag
+    - IoAllocateMdl
+    - MmProbeAndLockPages
+    - MmMapLockedPagesSpecifyCache
+    - MmUnlockPages
+    - IoFreeMdl
+    - KeQueryActiveProcessors
+    - KeSetSystemAffinityThread
+    - KeRevertToUserAffinityThread
+    - DbgPrint
+    - KeQueryPerformanceCounter
+    Imports:
+    - ntoskrnl.exe
+    - WDFLDR.SYS
+    - ntoskrnl.exe
+    - HAL.dll
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: 982d39a9c76395dd4c826fe77c00a4bd
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: ffdf660eb1ebf020a1d0a55a90712dfb
+        SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
+        SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
+    SHA1: 134186ba0ba5cda2418818295ca186e80e571ba4
+    SHA256: edeb35e4341034b2de389017c4884b081a821f34349a620897a2a845c84cb09e
+    Sections:
+        .text:
+            Entropy: 0.0
+            Virtual Size: '0x6b90'
+        .rdata:
+            Entropy: 0.0
+            Virtual Size: '0x1544'
+        .data:
+            Entropy: 0.0
+            Virtual Size: '0x15e8'
+        .pdata:
+            Entropy: 0.0
+            Virtual Size: '0x678'
+        PAGE:
+            Entropy: 0.0
+            Virtual Size: '0xb5e'
+        INIT:
+            Entropy: 0.0
+            Virtual Size: '0xe36'
+        .upx0:
+            Entropy: 0.0
+            Virtual Size: '0x2cc0a4'
+        .upx1:
+            Entropy: 2.75
+            Virtual Size: '0x8'
+        .upx2:
+            Entropy: 7.8543365533926535
+            Virtual Size: '0x40b8a0'
+        .reloc:
+            Entropy: 3.8151747449169244
+            Virtual Size: '0xc4'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com,
+                CN=UTN,USERFirst,Object
+            ValidFrom: '2005-06-07 08:09:10'
+            ValidTo: '2020-05-30 10:48:38'
+            Signature: 4d422fa6c18aeb07809058468cf81939662a3c5a2c6dcfd4d987558d790b12887b408fd5c7f84b8d551663adb757dc3b2bbdd3c14f1e03874b449be3e2404526f326492b6a84f1547ad442dafcd36abb667eca9eeae9bbdc07c7c3924e833c81499f92d53209ea492ea111719a36d2c54e68b6cb0e1b2516af6cde5d76d81f72b193268617db18deaf45e9dffb98af1418eda45ef6899445f055044addff27dd064a40f6b4bcf1e40f9902bbfd5d0e2e28c1be3b5f1a3f971084bc163ed8a39c631d66cb5c5fda3ef30f0a093522dbdbc03f00f9e60d5d67d1fda01e032bd940f7becc87665480a6a3b8f51962d5d226b19826ee9acb44a7455a8195151af551
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 421af2940984191f520a4bc62426a74b
+            Version: 3
+            TBS:
+                MD5: 5e970fa8e5b374d84d23bf98aab0173c
+                SHA1: c45627b5584bf62327df60d6185744a2d2f2bcbf
+                SHA256: 1834ca09fa8c45bad85fd11092023310ca8d7bd1a61ce68d5a1b97f176edabac
+                SHA384: d50356245ed5e5d5d2f1d2751b46e65cba80c1a0a643ed735bf0ccc884199f8972ddcf417bd28b08e11bd7a2f2fe5b98
+        -   Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited,
+                CN=COMODO Time Stamping CA
+            ValidFrom: '2011-04-27 00:00:00'
+            ValidTo: '2020-05-30 10:48:38'
+            Signature: 11c93de105e83b65acc9743103b7da8338c692bafdcdf8db639b7d1e90a498c8d9586834b5f00b21539e5946fd6385dffe47aa70e43f5e0895285f14f1fd22ae70e4b7f1b0b6569fb167b868835ea860db9839f6dc495e13a790674be36ee7ebf043c7d02f7dff965aa703d69b54a023d3a5c2a08ef94fd1b20621fe215d278ca0afd9b052eefcc8edb79cf1c92638d6a532ed4897945e3de03d35b4b0c958afc758ff627416926441dacaa8eb8b03bdc14eae1f9132b8e1243b7bed146809869628c93bc96c28c22569f54a61ade027f853a77515b05131b0f141ff3e5a261e607ee2e36a399ac4eaee3fe6b2133f5503044d0b9072d4ebfbbc879051b23819
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 625c4d908cd542fbab2ea5733ff15419
+            Version: 3
+            TBS:
+                MD5: 3e187409e1fcd68ffc6120fb6009cf62
+                SHA1: 9bd61e6a791b075faa44aa3acbe313c5691c75d8
+                SHA256: b770099c68730d04e672fa6b2c95967942de79acf1618b8fae65f12cd9550b6b
+                SHA384: 44bed61de98fb6e1a63b050967e3d6066156e35d7a7aa4d1035fe470fcda13a905a9b5dbe518b7369a2b2e3b9ecf0b4c
+        -   Subject: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo
+                SHA,1 Time Stamping Signer
+            ValidFrom: '2019-05-02 00:00:00'
+            ValidTo: '2020-05-30 10:48:38'
+            Signature: 7a7fa94ad2b0a41c1d0d9d2d5cc6ae5add8f451df09e5c90f65eac70fed3d9cde419a40a4375606a83a4c399842031bad6fe4ccf13f810f754097eeadcd22e79d7074c54b7b5c99db2f0f21e2414d09cc7c867aa0b62b7b4f106e4e7e4214b19329934b91961770a3390676cc0884a92f5a14301f3aea26fc995bd9638f783f7ad7c281ff338df8e21c87168532dcbaeaae2301783222918b5e18c89eb6ef87e38bb904fb95f0734126b97d5e63b91be0017216ee26dfc5279ef8125bacf13d0fbdd2bcd81b657894ef0ddf30b4a34ca85ff08b9965feb1113e0e1c503ad571ce15d9206be1bc83c3fa5209f69d069c1c5c2c93ee7c572f7ea1b96e294af862e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 2b73db7463114c5a5b324af230577249
+            Version: 3
+            TBS:
+                MD5: 592ad76ae898df37d17988b22279fb3b
+                SHA1: bedaabb03cb578e823720eea01085b81464a3a8e
+                SHA256: ae3daea3edbaf9106e68f4aeb1806d245b7a22ca71cf373b822e33da849878b3
+                SHA384: 0f03543c450255d894a64cddbedabc2b946134197db1810666cbf86557d72fd0442972c75426ba17a2876a4849100270
+        -   Subject: C=CN, L=Shanghai, O=miHoYo Co.,Ltd., OU=OPS, CN=miHoYo Co.,Ltd.
+            ValidFrom: '2019-04-08 00:00:00'
+            ValidTo: '2022-04-08 12:00:00'
+            Signature: 46a5e6f6c38a63b314f7e2677bb86d4bcd7839eef8e006048ddd58c6783ff0657456e61c800efb31966c611f7ca7d1de1785e006e3f4c0b24cb652842e42cbae016320a774724537fc30e8f09895fdb626daa26b5740c7538aa1df1f97dcab12c3a743c2048f6c9a754f66189ac0f21544399798fb780cd347c9cac0443c8d778736938e17cdd5eca8a2338d8171efd61e13c868dff862da9df4ca8c653a227e0971030aa7e6b44dc2199d1ebd9cae00c6f0a3e91bb883cc509fb297902ba5c13e5826071d92178ace51f1a0653b0445cf7ba17226401c92d7db4f67a37d1243f9094ad5f32873891ea5004a8cbfec77129d4955e344492aaee456f852001ded
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 05a7559541e0fdc678d79e3272468907
+            Version: 3
+            TBS:
+                MD5: 3e83a7572d1c522dd9072ba6399029d7
+                SHA1: e2c2d59b70f028a66a8711bfa97f842475f84639
+                SHA256: 5a504a929cb21f72008d5d57bcd992a7cac13f6aa90cbb886b5ecd809e3b59dd
+                SHA384: 72916ab6c7eb3f5cb7444b3d7d2ac8cb52944605477c5a0f181d060e4edb4c37ebe5eb3c0566dda9de2d2707636ec355
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID Root CA
+            ValidFrom: '2011-04-15 19:41:37'
+            ValidTo: '2021-04-15 19:51:37'
+            Signature: 5cf5b22d02ceed01b53512d813f7aa4014c7a15ca08a55ed7e55ea6ac457176fd04722423658efc5ac61c5f62c52ce6ae6c80d85dab334420ea40225182672b92a4ea57e4b16f2a0e40c449ce24d9af474f0f927a6699031c244654348c74869d0fc8409f286140ac22996857f11eb8713176ed3ec6bff1d578ab17b1ea5a07ce9a27a68e5fac6b161d67263fa379163835599f81d614f0c6fa3f7bcb1152acc8d85e31417ef7e49443fb022c0f0acbe2fdbe10c86b0f4585c5a10a94bcdf3448a4652083e0a6210e9459504b78b8d4b074f500db7bbe7fb8ca27878c6c53b7663b2cfe521845a66fce04c79834ecfa8ee700586587cc29cd73ca3ad3c7e76625c87d0ed7cd5c55b1421f4be75a275d2e9e15ad020307841624d6b5e6e1b1710244ad8588775d015d762bbfd185665842561977faad49df4f35d6da031c2e19e02ac3e90c3327ee832903416d08b14cf95accee58c54a265b8bfed186a57073ed3e79a4a2f081a041c49871a8ae61b08a365d81c31c50d9cbab368ddf45076160675fec403e7d13edfdc862e10027e661296534e7af3365879b12042d8963f35be3f8ef2999743f5e40ce13c68728c8d49d75a52b573fb7a35943a61b08482c04885c19732d39b725fa0d2348f7ef0467cf28c7294c707b0d7b5b230b81965f09c8327b0a0abd0a2727e050fb3aeddb95b9b42bcc32663456b86f11d4643edc8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611cb28a000000000026
+            Version: 3
+            TBS:
+                MD5: 983a0c315a50542362f2bd6a5d71c8d0
+                SHA1: 8047f476001f5cb16a661d2a3fd0c3576168f5e2
+                SHA256: 5f6a519ed2e35cd0fa1cdfc90f4387162c36287bbf9e4d6648251d99542a9e83
+                SHA384: 5f014b60511ddab3247ef0b3c03fe82c622237ba76015e2911d1adc50dc632d56ebd1ee532f3c2b6cbfe68d80a2c91dc
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 7b721d64ff88c83ac1b7e9e7a9c487bbdb9492d7905933fa2b87dea85b80253f138f9b831b7c43c4e68cdf393ec315ecb0da3b21257b24c1725db84791811346fa9c3f6a5138deb425cbf0abdfc528015479104624d1380f26a161904dbabd28e63ff1c4aa9bf6da35534fc9f23dd36cdc23edaaa04d6709f33a803d3cfb364c90e776a4ddf23abf56352fa24c65e8e0d4dad1c7c8916a2d234f373b199418d4d59c103cd5b11c19ff8fc86b9b9ef8ae9c999678d1cd9c51155b4226725a8d0a4a239240e886de22c2933ad49b68a6df297f06b93c0ebd9fc4869c82474271328609997209794b9d7169f541ff7f397764f1848dbe8b1eb27d68a3a590b10cff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0fa8490615d700a0be2176fdc5ec6dbd
+            Version: 3
+            TBS:
+                MD5: a9a31555bbc92b6033975c5428fb3679
+                SHA1: 47f4b9898631773231b32844ec0d49990ac4eb1e
+                SHA256: c826846e4b1d73edb7561ab1b41c949354e237a91e82fe1be5b7e2e1701f52d1
+                SHA384: 86f49574f368a561914a52d7ae043ec6784ef8c718960700f834e123594605d25d39f1ad45f1eb5052c9567f3edd0e16
+        Signer:
+        -   SerialNumber: 05a7559541e0fdc678d79e3272468907
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID Code Signing CA,1
+            Version: 1
+    Imphash: 99b8ab1f6f7cf3c4104347e2872bef54
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 788a1df0b3fd2dfa3fdfc24e441f9d2c
+        SHA1: 2a40c0a92107d9b3faa9aecdedf5016c1ea564f1
+        SHA256: 25454028a4f56d3c58747811a86be43397a6290d1a053bc30d97b41bf3c58c6f
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2020-04-19 21:19:37'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - NtQuerySystemInformation
+    - RtlInitUnicodeString
+    - ExAllocatePool
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - _wcsicmp
+    - RtlInitString
+    - RtlAnsiStringToUnicodeString
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - ZwClose
+    - MmIsAddressValid
+    - ZwOpenDirectoryObject
+    - ZwQueryDirectoryObject
+    - ObReferenceObjectByName
+    - ZwQuerySystemInformation
+    - __C_specific_handler
+    - MmHighestUserAddress
+    - IoDriverObjectType
+    - KeQueryTimeIncrement
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - PsGetProcessWow64Process
+    - PsGetProcessPeb
+    - MmUnlockPages
+    - MmGetSystemRoutineAddress
+    - MmUnmapLockedPages
+    - IoFreeMdl
+    - ZwTerminateProcess
+    - PsGetProcessImageFileName
+    - ObOpenObjectByPointer
+    - PsReferenceProcessFilePointer
+    - IoQueryFileDosDeviceName
+    - ZwQueryVirtualMemory
+    - MmProbeAndLockPages
+    - PsLookupProcessByProcessId
+    - MmMapLockedPagesSpecifyCache
+    - IoAllocateMdl
+    - IoGetCurrentProcess
+    - MmCopyVirtualMemory
+    - KeClearEvent
+    - KeSetEvent
+    - KeWaitForSingleObject
+    - MmMapLockedPages
+    - ObReferenceObjectByHandle
+    - PsSetCreateProcessNotifyRoutineEx
+    - PsSetCreateThreadNotifyRoutine
+    - PsRemoveCreateThreadNotifyRoutine
+    - PsSetLoadImageNotifyRoutine
+    - PsRemoveLoadImageNotifyRoutine
+    - ExEventObjectType
+    - ObRegisterCallbacks
+    - ObUnRegisterCallbacks
+    - ObGetFilterVersion
+    - IoThreadToProcess
+    - strcmp
+    - PsProcessType
+    - PsThreadType
+    - RtlGetVersion
+    - ObfReferenceObject
+    - ObGetObjectType
+    - ExEnumHandleTable
+    - ExfUnblockPushLock
+    - _snprintf
+    - vsprintf_s
+    - ZwCreateFile
+    - ZwWriteFile
+    - PsLookupThreadByThreadId
+    - NtQueryInformationThread
+    - DbgPrint
+    - KeDelayExecutionThread
+    - KdDisableDebugger
+    - KdChangeOption
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - KdDebuggerEnabled
+    - PsGetVersion
+    - KeInitializeEvent
+    - RtlCopyUnicodeString
+    - ObfDereferenceObject
+    - ExReleaseFastMutex
+    - ExAcquireFastMutex
+    - MmBuildMdlForNonPagedPool
+    - WdfVersionBindClass
+    - WdfVersionBind
+    - WdfVersionUnbind
+    - WdfVersionUnbindClass
+    Imports:
+    - ntoskrnl.exe
+    - WDFLDR.SYS
+    InternalName: ''
+    MD5: 3f79ea5d2bbd2023d2f3e47d531f0e33
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: ffdf660eb1ebf020a1d0a55a90712dfb
+        SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
+        SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
+    SHA1: 6946f1c8ab8977e9a8db9eade9180b16dcd72bd9
+    SHA256: 8bdcf7457c2caf7fa0386571f972d7f5220d385ad686e2c3536f4c67ba4333e6
+    Sections:
+        .text:
+            Entropy: 6.1912018117070735
+            Virtual Size: '0x6c80'
+        .rdata:
+            Entropy: 4.780472480164167
+            Virtual Size: '0x1584'
+        .data:
+            Entropy: 0.805522255156276
+            Virtual Size: '0x15f8'
+        .pdata:
+            Entropy: 7.695557676550278
+            Virtual Size: '0x678'
+        PAGE:
+            Entropy: 5.92926389421831
+            Virtual Size: '0xb0e'
+        INIT:
+            Entropy: 5.364167422952783
+            Virtual Size: '0xe36'
+        .upx0:
+            Entropy: 7.020133249394464
+            Virtual Size: '0x11f974'
+        .reloc:
+            Entropy: 3.8296982621776037
+            Virtual Size: '0xc0'
+        .rsrc:
+            Entropy: 2.892850468812766
+            Virtual Size: '0x22c'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=CN, L=Shanghai, O=miHoYo Co.,Ltd., OU=OPS, CN=miHoYo Co.,Ltd.
+            ValidFrom: '2019-04-08 00:00:00'
+            ValidTo: '2022-04-08 12:00:00'
+            Signature: 46a5e6f6c38a63b314f7e2677bb86d4bcd7839eef8e006048ddd58c6783ff0657456e61c800efb31966c611f7ca7d1de1785e006e3f4c0b24cb652842e42cbae016320a774724537fc30e8f09895fdb626daa26b5740c7538aa1df1f97dcab12c3a743c2048f6c9a754f66189ac0f21544399798fb780cd347c9cac0443c8d778736938e17cdd5eca8a2338d8171efd61e13c868dff862da9df4ca8c653a227e0971030aa7e6b44dc2199d1ebd9cae00c6f0a3e91bb883cc509fb297902ba5c13e5826071d92178ace51f1a0653b0445cf7ba17226401c92d7db4f67a37d1243f9094ad5f32873891ea5004a8cbfec77129d4955e344492aaee456f852001ded
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 05a7559541e0fdc678d79e3272468907
+            Version: 3
+            TBS:
+                MD5: 3e83a7572d1c522dd9072ba6399029d7
+                SHA1: e2c2d59b70f028a66a8711bfa97f842475f84639
+                SHA256: 5a504a929cb21f72008d5d57bcd992a7cac13f6aa90cbb886b5ecd809e3b59dd
+                SHA384: 72916ab6c7eb3f5cb7444b3d7d2ac8cb52944605477c5a0f181d060e4edb4c37ebe5eb3c0566dda9de2d2707636ec355
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID Root CA
+            ValidFrom: '2011-04-15 19:41:37'
+            ValidTo: '2021-04-15 19:51:37'
+            Signature: 5cf5b22d02ceed01b53512d813f7aa4014c7a15ca08a55ed7e55ea6ac457176fd04722423658efc5ac61c5f62c52ce6ae6c80d85dab334420ea40225182672b92a4ea57e4b16f2a0e40c449ce24d9af474f0f927a6699031c244654348c74869d0fc8409f286140ac22996857f11eb8713176ed3ec6bff1d578ab17b1ea5a07ce9a27a68e5fac6b161d67263fa379163835599f81d614f0c6fa3f7bcb1152acc8d85e31417ef7e49443fb022c0f0acbe2fdbe10c86b0f4585c5a10a94bcdf3448a4652083e0a6210e9459504b78b8d4b074f500db7bbe7fb8ca27878c6c53b7663b2cfe521845a66fce04c79834ecfa8ee700586587cc29cd73ca3ad3c7e76625c87d0ed7cd5c55b1421f4be75a275d2e9e15ad020307841624d6b5e6e1b1710244ad8588775d015d762bbfd185665842561977faad49df4f35d6da031c2e19e02ac3e90c3327ee832903416d08b14cf95accee58c54a265b8bfed186a57073ed3e79a4a2f081a041c49871a8ae61b08a365d81c31c50d9cbab368ddf45076160675fec403e7d13edfdc862e10027e661296534e7af3365879b12042d8963f35be3f8ef2999743f5e40ce13c68728c8d49d75a52b573fb7a35943a61b08482c04885c19732d39b725fa0d2348f7ef0467cf28c7294c707b0d7b5b230b81965f09c8327b0a0abd0a2727e050fb3aeddb95b9b42bcc32663456b86f11d4643edc8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611cb28a000000000026
+            Version: 3
+            TBS:
+                MD5: 983a0c315a50542362f2bd6a5d71c8d0
+                SHA1: 8047f476001f5cb16a661d2a3fd0c3576168f5e2
+                SHA256: 5f6a519ed2e35cd0fa1cdfc90f4387162c36287bbf9e4d6648251d99542a9e83
+                SHA384: 5f014b60511ddab3247ef0b3c03fe82c622237ba76015e2911d1adc50dc632d56ebd1ee532f3c2b6cbfe68d80a2c91dc
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 7b721d64ff88c83ac1b7e9e7a9c487bbdb9492d7905933fa2b87dea85b80253f138f9b831b7c43c4e68cdf393ec315ecb0da3b21257b24c1725db84791811346fa9c3f6a5138deb425cbf0abdfc528015479104624d1380f26a161904dbabd28e63ff1c4aa9bf6da35534fc9f23dd36cdc23edaaa04d6709f33a803d3cfb364c90e776a4ddf23abf56352fa24c65e8e0d4dad1c7c8916a2d234f373b199418d4d59c103cd5b11c19ff8fc86b9b9ef8ae9c999678d1cd9c51155b4226725a8d0a4a239240e886de22c2933ad49b68a6df297f06b93c0ebd9fc4869c82474271328609997209794b9d7169f541ff7f397764f1848dbe8b1eb27d68a3a590b10cff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0fa8490615d700a0be2176fdc5ec6dbd
+            Version: 3
+            TBS:
+                MD5: a9a31555bbc92b6033975c5428fb3679
+                SHA1: 47f4b9898631773231b32844ec0d49990ac4eb1e
+                SHA256: c826846e4b1d73edb7561ab1b41c949354e237a91e82fe1be5b7e2e1701f52d1
+                SHA384: 86f49574f368a561914a52d7ae043ec6784ef8c718960700f834e123594605d25d39f1ad45f1eb5052c9567f3edd0e16
+        Signer:
+        -   SerialNumber: 05a7559541e0fdc678d79e3272468907
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID Code Signing CA,1
+            Version: 1
+    Imphash: 409d2ab916237fb129c57aacbb7cb4fe
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/7b893f79-b5b0-4373-9d29-c53a21fe6fc3.yaml b/yaml/7b893f79-b5b0-4373-9d29-c53a21fe6fc3.yaml
index 8fa585891..e6d9dd283 100644
--- a/yaml/7b893f79-b5b0-4373-9d29-c53a21fe6fc3.yaml
+++ b/yaml/7b893f79-b5b0-4373-9d29-c53a21fe6fc3.yaml
@@ -1,443 +1,446 @@
 Id: 7b893f79-b5b0-4373-9d29-c53a21fe6fc3
+Tags:
+- WinFlash64.sys
+Verified: 'TRUE'
 Author: Nasreddine Bencherchali
 Created: '2023-05-06'
 MitreID: T1068
 Category: vulnerable driver
-Verified: 'TRUE'
 Commands:
-  Command: sc.exe create WinFlash64.sys binPath=C:\windows\temp\WinFlash64.sys type=kernel
-    && sc.exe start WinFlash64.sys
-  Description: ''
-  Usecase: Elevate privileges
-  Privileges: kernel
-  OperatingSystem: Windows 10
+    Command: sc.exe create WinFlash64.sys binPath=C:\windows\temp\WinFlash64.sys type=kernel
+        && sc.exe start WinFlash64.sys
+    Description: ''
+    Usecase: Elevate privileges
+    Privileges: kernel
+    OperatingSystem: Windows 10
 Resources:
 - Internal Research
-Acknowledgement:
-  Person: ''
-  Handle: ''
 Detection: []
+Acknowledgement:
+    Person: ''
+    Handle: ''
 KnownVulnerableSamples:
-- Filename: WinFlash64.sys
-  MD5: a216803d691d92acc44ac77d981aa767
-  SHA1: 48be0ec2e8cb90cac2be49ef71e44390a0f648ce
-  SHA256: 316a27e2bdb86222bc7c8af4e5472166b02aec7f3f526901ce939094e5861f6d
-  Authentihash:
-    MD5: 62fecd37b50c9973478b3c1a02838c22
-    SHA1: a1e4fbc16c0fc98a4c2256f2b0b45c1ece8f8f0b
-    SHA256: ad6360cee0b1b293be38348f0f9deb7221e205516524f437aaf8f468b308cb4e
-  Description: ''
-  Company: ''
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  Product: ''
-  ProductVersion: ''
-  Copyright: ''
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoDeleteDevice
-  - RtlFreeUnicodeString
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - RtlAnsiStringToUnicodeString
-  - RtlInitString
-  - IofCompleteRequest
-  - MmMapLockedPages
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - KeBugCheckEx
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2008-12-03 23:59:59'
-      Signature: 877870da4e5201205be079c98230c4fdb91996bd9100c3bdcdcdc6f40ed8fff94dc033623011c5f5741bd492de5f9c2013b17c45be50cd83e7801783a72793671346fbcab8984103cc9b515b058b7fa86ff31b501b242ef2698d6c22f7bbca1695ed0c74c06877d9eb996287c17390f889747a23aba3987b97b1f78f29714d2e751b4841daf0b50d2054d677a097826369fd09cf8af075bb099bd9f91155269a6132be7a02b07b86bea2c38b222c78d13576bc92735cf9b9e64c150a23cce4d2d4342e4940153c0f607a24c6a566ef96cf70eb3ee7f40d7edcd17ca3767169c19c4f47303521b1a2af1a623c2bd98eaa2a077bd818b35c7be29da56ffe3c89ad
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0de92bf0d4d82988183205095e9a7688
-      Version: 3
-      TBS:
-        MD5: 45c204b8a20f6abb0188d2d38a3fb0c9
-        SHA1: cdf3a3c5c2eda4c29621f30fd3154f9f8c765739
-        SHA256: e32839dddc0f4ed2474efaf37f59d46db400c700fd19533cb0895a111124bc77
-        SHA384: ee9c75832cb252218b3201619852209df490d2ef7a5f7a28afdb37f1c1dd56f4604898838e558f615b1c798d4a488223
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=US, ST=California, L=Milpitas, O=Phoenix Technology Ltd., OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=CSS Core Features Development,
-        CN=Phoenix Technology Ltd.
-      ValidFrom: '2006-10-17 00:00:00'
-      ValidTo: '2007-10-17 23:59:59'
-      Signature: 66da102458b1f7a00e4d83c2b5fc3f96e6c55489b52830af684ef682ba836adeaf11984c59a876a882bf9bf2de527d34872a457e01a02c8bb8c630e41e364b96980b7e774228d49597ba47674b21c4da7d9cccd87bb5af940b761a9b70c64d2d4455d764a0004a9e55cecb4cde90e49481fced746ec91fe2b63f0176df8b7400928964cb53088a06e779021ae79280e58c9d0a7ac19ad0b9ab042e223ea97c13830cc55dcad096dab50f11126be42fe8142814e943a0b408659ff0f155449719c2afbf4c911fd78cba7f91d4ca280b1959a40fc8e7785d58b7a71e5357c946e5ddf20ea489e58877cf26a28691eccdcf20b4a40f353dbaa91e703db89aa7470b
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 2ca9ca93cd9b19a96ddad68aff3a668d
-      Version: 3
-      TBS:
-        MD5: 47b0f73f8cc709595616e0d6ae88c5db
-        SHA1: 83d27f045fa24c61544842dd4a9ac8759fa6900a
-        SHA256: 47a75a2e532e11a257ac26424155874c7254eadf8c3aa2882ebdf1c26c592db7
-        SHA384: 47b81b4771455e9cd188c0b7354dd8b1db838d9efa8f9019b1e8c74768c2d421118e6997bb6d025d7bcbe80851caaa2e
-    Signer:
-    - SerialNumber: 2ca9ca93cd9b19a96ddad68aff3a668d
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: f611e8b47daf79029d2e777e3071d939
-    SHA1: 2dc185768c738521fb43db6d6b100bb04d43177f
-    SHA256: 66f092383abb8b873a957d01b5079e4f2b52a63770dcf68fff59410500f5974f
-  Sections:
-    .text:
-      Entropy: 6.1124279668868535
-      Virtual Size: '0x99a'
-    .rdata:
-      Entropy: 4.181912236524795
-      Virtual Size: '0x17c'
-    .data:
-      Entropy: 0.4917211838342579
-      Virtual Size: '0x120'
-    .pdata:
-      Entropy: 3.2078137022986275
-      Virtual Size: '0x78'
-    INIT:
-      Entropy: 4.880215733396521
-      Virtual Size: '0x262'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2006-11-09 02:11:41'
-  Imphash: 7a4a0df0bde1f8da6547a580d5bee7c3
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: WinFlash64.sys
-  MD5: bf2a954160cb155df0df433929e9102b
-  SHA1: 7a1689cde189378e7db84456212b0e438f9bf90a
-  SHA256: 8797d9afc7a6bb0933f100a8acbb5d0666ec691779d522ac66c66817155b1c0d
-  Authentihash:
-    MD5: 066fa975190d01fa5a8e99b0d5f3a5ae
-    SHA1: 0086ddd495c6c89c9b7732f2a2b58c06a82f31bc
-    SHA256: 63041a13d1658e22fecc34706e98ab08b54b94e7d028bf2b1308ff85995a01c3
-  Description: ''
-  Company: ''
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  Product: ''
-  ProductVersion: ''
-  Copyright: ''
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoDeleteDevice
-  - RtlFreeUnicodeString
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - RtlAnsiStringToUnicodeString
-  - RtlInitString
-  - IofCompleteRequest
-  - MmMapLockedPages
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2008-12-03 23:59:59'
-      Signature: 877870da4e5201205be079c98230c4fdb91996bd9100c3bdcdcdc6f40ed8fff94dc033623011c5f5741bd492de5f9c2013b17c45be50cd83e7801783a72793671346fbcab8984103cc9b515b058b7fa86ff31b501b242ef2698d6c22f7bbca1695ed0c74c06877d9eb996287c17390f889747a23aba3987b97b1f78f29714d2e751b4841daf0b50d2054d677a097826369fd09cf8af075bb099bd9f91155269a6132be7a02b07b86bea2c38b222c78d13576bc92735cf9b9e64c150a23cce4d2d4342e4940153c0f607a24c6a566ef96cf70eb3ee7f40d7edcd17ca3767169c19c4f47303521b1a2af1a623c2bd98eaa2a077bd818b35c7be29da56ffe3c89ad
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0de92bf0d4d82988183205095e9a7688
-      Version: 3
-      TBS:
-        MD5: 45c204b8a20f6abb0188d2d38a3fb0c9
-        SHA1: cdf3a3c5c2eda4c29621f30fd3154f9f8c765739
-        SHA256: e32839dddc0f4ed2474efaf37f59d46db400c700fd19533cb0895a111124bc77
-        SHA384: ee9c75832cb252218b3201619852209df490d2ef7a5f7a28afdb37f1c1dd56f4604898838e558f615b1c798d4a488223
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=TW, ST=TAIWAN, L=TAIPEI, O=Universal ABIT Co., Ltd., OU=Digital ID
-        Class 3 , Microsoft Software Validation v2, OU=R&D DIV. TECH.SUPP.DEPT, CN=Universal
-        ABIT Co., Ltd.
-      ValidFrom: '2006-07-19 00:00:00'
-      ValidTo: '2007-07-19 23:59:59'
-      Signature: 72879dd41a0938989ce82b000bdea2326d4885c8c604fb6ec746303afda5ee11102860f7f94ffb67b5e49b8288d3775cbb244a5ef88a021987a48f4801691176d2fdf7092cc116f097e90fbe35d2415f7a64cdb1c1649c0de4bcb81a9e92796d34129ed6b5abe91b2a4a921895f6c1342afb5944338a5140de94c3a997033dabd6b14631bd78371cfdf0e10c0ef63c4310581f547febc19b6887c973a901a47d9d978644527fd2f1dcf0d5fd78f6c1d715ddf01ec40d5d30afa081a896c6d78897c507f361d63c9a702735b373588517ff2663a4a0c0aa91a0ce1446942d35cfd4e98f893fc3390948d3863f3731901e274988753f550c66bce31372052f96d2
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 226a266fde87a6d82d69d22ba10dce2f
-      Version: 3
-      TBS:
-        MD5: 8d6e9b2b7b3354b41c443655b723f844
-        SHA1: 5836b80ddac629024f98b948f5160fd2d9012176
-        SHA256: da103ae61a236502e0e1b7119c8f73be07ef1eab21d822c676813aa6a81d0a34
-        SHA384: 7562adce44734d9aed0bc5b442e60df4281b5c27432ae0d721ce55951cb200ee5bb2df9ece6a69462b7325f851943707
-    Signer:
-    - SerialNumber: 226a266fde87a6d82d69d22ba10dce2f
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 0c9e08d5cf93fb4262a36e966a86de52
-    SHA1: a3315f5e172b18139ce5319aedd7b29e7df79266
-    SHA256: f7700767767d65fddd999cffbbd8096cbca748f75bf714ab6d7f16252d41c936
-  Sections:
-    .text:
-      Entropy: 6.056955062079251
-      Virtual Size: '0x6b5'
-    .rdata:
-      Entropy: 4.186311764072058
-      Virtual Size: '0x134'
-    .data:
-      Entropy: 0.0
-      Virtual Size: '0x10'
-    .pdata:
-      Entropy: 2.9618989105959033
-      Virtual Size: '0x3c'
-    INIT:
-      Entropy: 4.456575761689918
-      Virtual Size: '0x1da'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2005-11-22 18:14:16'
-  Imphash: e4f1a9234e4ea105321909d4c0e597ae
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: WinFlash64.sys
-  MD5: bc6ff00fb3a14437c94b37ac9a2101d4
-  SHA1: d5326fea00bcde2ef7155acf3285c245c9fb4ece
-  SHA256: 8bda0108de82ebeae82f43108046c5feb6f042e312fa0115475a9e32274fae59
-  Authentihash:
-    MD5: 32c5590f86eda2c188d19fa91107e3b7
-    SHA1: d3bc762eaebf1ea4f291aeb614dd7e1d3c027a39
-    SHA256: bddf1750dc00725c1384b34740e798b4f5f70218ab71ac62a5a96773b377df5a
-  Description: ''
-  Company: ''
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  Product: ''
-  ProductVersion: ''
-  Copyright: ''
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoDeleteDevice
-  - RtlFreeUnicodeString
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - RtlAnsiStringToUnicodeString
-  - RtlInitString
-  - IofCompleteRequest
-  - MmMapLockedPages
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - MmFreeContiguousMemorySpecifyCache
-  - MmGetPhysicalAddress
-  - MmAllocateContiguousMemorySpecifyCache
-  - MmFreeContiguousMemory
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - KeBugCheckEx
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=US, ST=California, L=Milpitas, O=Phoenix Technology Ltd., OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=CSS Core Features Development,
-        CN=Phoenix Technology Ltd.
-      ValidFrom: '2008-11-14 00:00:00'
-      ValidTo: '2009-11-14 23:59:59'
-      Signature: addfb0156ef6ad5c431dffc5ef41cefa457136306d15d84146668cbe5be0f54450614be60c40f7b9ecf7b16b10fe5bcaeff5e31433abd8e218e5cfac8ecb246b3d59d8b3aa0b5ae88feab0b12dd24dc2f4cb51fec3a2a302f67903a652d52197b07e77410d4e480d0f2c3003e150f5da93bd09c91977fbc8d7652f4f5bb7c06d672dbda83f7458f6cb52719cd7f393395e1b036a9701608eccb8c1d2f42ccbee6e53e5fc342b9d5b65aac07d35b2d3b69fb8f51184699a46ac6d3ce7de8fa73353f74f58572f5d982d0d56ce29321d35633de97a04f99d73969c4c0b3bce7cdb95ec67c0b78deee1c5af17e49e9d4978db7f4063c9670adf5094c3e5a730d4fe
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 55272d7780471b989f3def09bb221c53
-      Version: 3
-      TBS:
-        MD5: e25e721298ff095a569a15965845ad33
-        SHA1: 241fbb78e76a1bed275262fa03b82141602acce0
-        SHA256: a854ee1ec235e308c5493d99dda2703087298f201bfcb177c872c07cbe8fe68b
-        SHA384: 2ae82a4e45a28c6e27561c03828abae37e6719c609657118b1189634d51bb0c2202091d32a415fcb606eec3a20080f3a
-    Signer:
-    - SerialNumber: 55272d7780471b989f3def09bb221c53
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: e45555d3e32b95a48e57c427a5597932
-    SHA1: db8a20a54bc6f571ca43e0bc2788aa04204db9e9
-    SHA256: d30a5037cb0cb3db5c1476f497c13de3be584ef147122d66c2731e7a1db1d24a
-  Sections:
-    .text:
-      Entropy: 6.116060932352326
-      Virtual Size: '0x1ee8'
-    .rdata:
-      Entropy: 4.357037573780156
-      Virtual Size: '0x368'
-    .data:
-      Entropy: 1.8627713410236661
-      Virtual Size: '0x38a'
-    .pdata:
-      Entropy: 3.8892446964499157
-      Virtual Size: '0x1b0'
-    INIT:
-      Entropy: 4.9483973408107955
-      Virtual Size: '0x304'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2009-06-24 00:53:27'
-  Imphash: 8c3af6c25ab40c4daefb4f836d12e1c8
-  LoadsDespiteHVCI: 'FALSE'
-Tags:
-- WinFlash64.sys
+-   Filename: WinFlash64.sys
+    MD5: a216803d691d92acc44ac77d981aa767
+    SHA1: 48be0ec2e8cb90cac2be49ef71e44390a0f648ce
+    SHA256: 316a27e2bdb86222bc7c8af4e5472166b02aec7f3f526901ce939094e5861f6d
+    Authentihash:
+        MD5: 62fecd37b50c9973478b3c1a02838c22
+        SHA1: a1e4fbc16c0fc98a4c2256f2b0b45c1ece8f8f0b
+        SHA256: ad6360cee0b1b293be38348f0f9deb7221e205516524f437aaf8f468b308cb4e
+    Description: ''
+    Company: ''
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    Product: ''
+    ProductVersion: ''
+    Copyright: ''
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoDeleteDevice
+    - RtlFreeUnicodeString
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - RtlAnsiStringToUnicodeString
+    - RtlInitString
+    - IofCompleteRequest
+    - MmMapLockedPages
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - KeBugCheckEx
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2008-12-03 23:59:59'
+            Signature: 877870da4e5201205be079c98230c4fdb91996bd9100c3bdcdcdc6f40ed8fff94dc033623011c5f5741bd492de5f9c2013b17c45be50cd83e7801783a72793671346fbcab8984103cc9b515b058b7fa86ff31b501b242ef2698d6c22f7bbca1695ed0c74c06877d9eb996287c17390f889747a23aba3987b97b1f78f29714d2e751b4841daf0b50d2054d677a097826369fd09cf8af075bb099bd9f91155269a6132be7a02b07b86bea2c38b222c78d13576bc92735cf9b9e64c150a23cce4d2d4342e4940153c0f607a24c6a566ef96cf70eb3ee7f40d7edcd17ca3767169c19c4f47303521b1a2af1a623c2bd98eaa2a077bd818b35c7be29da56ffe3c89ad
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0de92bf0d4d82988183205095e9a7688
+            Version: 3
+            TBS:
+                MD5: 45c204b8a20f6abb0188d2d38a3fb0c9
+                SHA1: cdf3a3c5c2eda4c29621f30fd3154f9f8c765739
+                SHA256: e32839dddc0f4ed2474efaf37f59d46db400c700fd19533cb0895a111124bc77
+                SHA384: ee9c75832cb252218b3201619852209df490d2ef7a5f7a28afdb37f1c1dd56f4604898838e558f615b1c798d4a488223
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=US, ST=California, L=Milpitas, O=Phoenix Technology Ltd., OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, OU=CSS Core Features
+                Development, CN=Phoenix Technology Ltd.
+            ValidFrom: '2006-10-17 00:00:00'
+            ValidTo: '2007-10-17 23:59:59'
+            Signature: 66da102458b1f7a00e4d83c2b5fc3f96e6c55489b52830af684ef682ba836adeaf11984c59a876a882bf9bf2de527d34872a457e01a02c8bb8c630e41e364b96980b7e774228d49597ba47674b21c4da7d9cccd87bb5af940b761a9b70c64d2d4455d764a0004a9e55cecb4cde90e49481fced746ec91fe2b63f0176df8b7400928964cb53088a06e779021ae79280e58c9d0a7ac19ad0b9ab042e223ea97c13830cc55dcad096dab50f11126be42fe8142814e943a0b408659ff0f155449719c2afbf4c911fd78cba7f91d4ca280b1959a40fc8e7785d58b7a71e5357c946e5ddf20ea489e58877cf26a28691eccdcf20b4a40f353dbaa91e703db89aa7470b
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 2ca9ca93cd9b19a96ddad68aff3a668d
+            Version: 3
+            TBS:
+                MD5: 47b0f73f8cc709595616e0d6ae88c5db
+                SHA1: 83d27f045fa24c61544842dd4a9ac8759fa6900a
+                SHA256: 47a75a2e532e11a257ac26424155874c7254eadf8c3aa2882ebdf1c26c592db7
+                SHA384: 47b81b4771455e9cd188c0b7354dd8b1db838d9efa8f9019b1e8c74768c2d421118e6997bb6d025d7bcbe80851caaa2e
+        Signer:
+        -   SerialNumber: 2ca9ca93cd9b19a96ddad68aff3a668d
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: f611e8b47daf79029d2e777e3071d939
+        SHA1: 2dc185768c738521fb43db6d6b100bb04d43177f
+        SHA256: 66f092383abb8b873a957d01b5079e4f2b52a63770dcf68fff59410500f5974f
+    Sections:
+        .text:
+            Entropy: 6.1124279668868535
+            Virtual Size: '0x99a'
+        .rdata:
+            Entropy: 4.181912236524795
+            Virtual Size: '0x17c'
+        .data:
+            Entropy: 0.4917211838342579
+            Virtual Size: '0x120'
+        .pdata:
+            Entropy: 3.2078137022986275
+            Virtual Size: '0x78'
+        INIT:
+            Entropy: 4.880215733396521
+            Virtual Size: '0x262'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2006-11-09 02:11:41'
+    Imphash: 7a4a0df0bde1f8da6547a580d5bee7c3
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: WinFlash64.sys
+    MD5: bf2a954160cb155df0df433929e9102b
+    SHA1: 7a1689cde189378e7db84456212b0e438f9bf90a
+    SHA256: 8797d9afc7a6bb0933f100a8acbb5d0666ec691779d522ac66c66817155b1c0d
+    Authentihash:
+        MD5: 066fa975190d01fa5a8e99b0d5f3a5ae
+        SHA1: 0086ddd495c6c89c9b7732f2a2b58c06a82f31bc
+        SHA256: 63041a13d1658e22fecc34706e98ab08b54b94e7d028bf2b1308ff85995a01c3
+    Description: ''
+    Company: ''
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    Product: ''
+    ProductVersion: ''
+    Copyright: ''
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoDeleteDevice
+    - RtlFreeUnicodeString
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - RtlAnsiStringToUnicodeString
+    - RtlInitString
+    - IofCompleteRequest
+    - MmMapLockedPages
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2008-12-03 23:59:59'
+            Signature: 877870da4e5201205be079c98230c4fdb91996bd9100c3bdcdcdc6f40ed8fff94dc033623011c5f5741bd492de5f9c2013b17c45be50cd83e7801783a72793671346fbcab8984103cc9b515b058b7fa86ff31b501b242ef2698d6c22f7bbca1695ed0c74c06877d9eb996287c17390f889747a23aba3987b97b1f78f29714d2e751b4841daf0b50d2054d677a097826369fd09cf8af075bb099bd9f91155269a6132be7a02b07b86bea2c38b222c78d13576bc92735cf9b9e64c150a23cce4d2d4342e4940153c0f607a24c6a566ef96cf70eb3ee7f40d7edcd17ca3767169c19c4f47303521b1a2af1a623c2bd98eaa2a077bd818b35c7be29da56ffe3c89ad
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0de92bf0d4d82988183205095e9a7688
+            Version: 3
+            TBS:
+                MD5: 45c204b8a20f6abb0188d2d38a3fb0c9
+                SHA1: cdf3a3c5c2eda4c29621f30fd3154f9f8c765739
+                SHA256: e32839dddc0f4ed2474efaf37f59d46db400c700fd19533cb0895a111124bc77
+                SHA384: ee9c75832cb252218b3201619852209df490d2ef7a5f7a28afdb37f1c1dd56f4604898838e558f615b1c798d4a488223
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=TW, ST=TAIWAN, L=TAIPEI, O=Universal ABIT Co., Ltd., OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, OU=R&D DIV. TECH.SUPP.DEPT,
+                CN=Universal ABIT Co., Ltd.
+            ValidFrom: '2006-07-19 00:00:00'
+            ValidTo: '2007-07-19 23:59:59'
+            Signature: 72879dd41a0938989ce82b000bdea2326d4885c8c604fb6ec746303afda5ee11102860f7f94ffb67b5e49b8288d3775cbb244a5ef88a021987a48f4801691176d2fdf7092cc116f097e90fbe35d2415f7a64cdb1c1649c0de4bcb81a9e92796d34129ed6b5abe91b2a4a921895f6c1342afb5944338a5140de94c3a997033dabd6b14631bd78371cfdf0e10c0ef63c4310581f547febc19b6887c973a901a47d9d978644527fd2f1dcf0d5fd78f6c1d715ddf01ec40d5d30afa081a896c6d78897c507f361d63c9a702735b373588517ff2663a4a0c0aa91a0ce1446942d35cfd4e98f893fc3390948d3863f3731901e274988753f550c66bce31372052f96d2
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 226a266fde87a6d82d69d22ba10dce2f
+            Version: 3
+            TBS:
+                MD5: 8d6e9b2b7b3354b41c443655b723f844
+                SHA1: 5836b80ddac629024f98b948f5160fd2d9012176
+                SHA256: da103ae61a236502e0e1b7119c8f73be07ef1eab21d822c676813aa6a81d0a34
+                SHA384: 7562adce44734d9aed0bc5b442e60df4281b5c27432ae0d721ce55951cb200ee5bb2df9ece6a69462b7325f851943707
+        Signer:
+        -   SerialNumber: 226a266fde87a6d82d69d22ba10dce2f
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 0c9e08d5cf93fb4262a36e966a86de52
+        SHA1: a3315f5e172b18139ce5319aedd7b29e7df79266
+        SHA256: f7700767767d65fddd999cffbbd8096cbca748f75bf714ab6d7f16252d41c936
+    Sections:
+        .text:
+            Entropy: 6.056955062079251
+            Virtual Size: '0x6b5'
+        .rdata:
+            Entropy: 4.186311764072058
+            Virtual Size: '0x134'
+        .data:
+            Entropy: 0.0
+            Virtual Size: '0x10'
+        .pdata:
+            Entropy: 2.9618989105959033
+            Virtual Size: '0x3c'
+        INIT:
+            Entropy: 4.456575761689918
+            Virtual Size: '0x1da'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2005-11-22 18:14:16'
+    Imphash: e4f1a9234e4ea105321909d4c0e597ae
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: WinFlash64.sys
+    MD5: bc6ff00fb3a14437c94b37ac9a2101d4
+    SHA1: d5326fea00bcde2ef7155acf3285c245c9fb4ece
+    SHA256: 8bda0108de82ebeae82f43108046c5feb6f042e312fa0115475a9e32274fae59
+    Authentihash:
+        MD5: 32c5590f86eda2c188d19fa91107e3b7
+        SHA1: d3bc762eaebf1ea4f291aeb614dd7e1d3c027a39
+        SHA256: bddf1750dc00725c1384b34740e798b4f5f70218ab71ac62a5a96773b377df5a
+    Description: ''
+    Company: ''
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    Product: ''
+    ProductVersion: ''
+    Copyright: ''
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoDeleteDevice
+    - RtlFreeUnicodeString
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - RtlAnsiStringToUnicodeString
+    - RtlInitString
+    - IofCompleteRequest
+    - MmMapLockedPages
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - MmFreeContiguousMemorySpecifyCache
+    - MmGetPhysicalAddress
+    - MmAllocateContiguousMemorySpecifyCache
+    - MmFreeContiguousMemory
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - KeBugCheckEx
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=US, ST=California, L=Milpitas, O=Phoenix Technology Ltd., OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, OU=CSS Core Features
+                Development, CN=Phoenix Technology Ltd.
+            ValidFrom: '2008-11-14 00:00:00'
+            ValidTo: '2009-11-14 23:59:59'
+            Signature: addfb0156ef6ad5c431dffc5ef41cefa457136306d15d84146668cbe5be0f54450614be60c40f7b9ecf7b16b10fe5bcaeff5e31433abd8e218e5cfac8ecb246b3d59d8b3aa0b5ae88feab0b12dd24dc2f4cb51fec3a2a302f67903a652d52197b07e77410d4e480d0f2c3003e150f5da93bd09c91977fbc8d7652f4f5bb7c06d672dbda83f7458f6cb52719cd7f393395e1b036a9701608eccb8c1d2f42ccbee6e53e5fc342b9d5b65aac07d35b2d3b69fb8f51184699a46ac6d3ce7de8fa73353f74f58572f5d982d0d56ce29321d35633de97a04f99d73969c4c0b3bce7cdb95ec67c0b78deee1c5af17e49e9d4978db7f4063c9670adf5094c3e5a730d4fe
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 55272d7780471b989f3def09bb221c53
+            Version: 3
+            TBS:
+                MD5: e25e721298ff095a569a15965845ad33
+                SHA1: 241fbb78e76a1bed275262fa03b82141602acce0
+                SHA256: a854ee1ec235e308c5493d99dda2703087298f201bfcb177c872c07cbe8fe68b
+                SHA384: 2ae82a4e45a28c6e27561c03828abae37e6719c609657118b1189634d51bb0c2202091d32a415fcb606eec3a20080f3a
+        Signer:
+        -   SerialNumber: 55272d7780471b989f3def09bb221c53
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: e45555d3e32b95a48e57c427a5597932
+        SHA1: db8a20a54bc6f571ca43e0bc2788aa04204db9e9
+        SHA256: d30a5037cb0cb3db5c1476f497c13de3be584ef147122d66c2731e7a1db1d24a
+    Sections:
+        .text:
+            Entropy: 6.116060932352326
+            Virtual Size: '0x1ee8'
+        .rdata:
+            Entropy: 4.357037573780156
+            Virtual Size: '0x368'
+        .data:
+            Entropy: 1.8627713410236661
+            Virtual Size: '0x38a'
+        .pdata:
+            Entropy: 3.8892446964499157
+            Virtual Size: '0x1b0'
+        INIT:
+            Entropy: 4.9483973408107955
+            Virtual Size: '0x304'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2009-06-24 00:53:27'
+    Imphash: 8c3af6c25ab40c4daefb4f836d12e1c8
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/7bb4d807-9a66-48ff-9fb7-82780f3b015e.yaml b/yaml/7bb4d807-9a66-48ff-9fb7-82780f3b015e.yaml
index 9d4c6e493..dc8ea73e5 100644
--- a/yaml/7bb4d807-9a66-48ff-9fb7-82780f3b015e.yaml
+++ b/yaml/7bb4d807-9a66-48ff-9fb7-82780f3b015e.yaml
@@ -1,1037 +1,1038 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 7bb4d807-9a66-48ff-9fb7-82780f3b015e
+Tags:
+- RadHwMgr.sys
+Verified: 'TRUE'
 Author: Takahiro Haruyama
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create RadHwMgrsys binPath= C:\windows\temp\RadHwMgrsys.sys type=kernel
-    && sc.exe start RadHwMgrsys
-  Description: The Carbon Black Threat Analysis Unit (TAU) discovered 34 unique vulnerable
-    drivers (237 file hashes) accepting firmware access. Six allow kernel memory access.
-    All give full control of the devices to non-admin users. By exploiting the vulnerable
-    drivers, an attacker without the system privilege may erase/alter firmware, and/or
-    elevate privileges. As of the time of writing in October 2023, the filenames of
-    the vulnerable drivers have not been made public until now.
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-11-02'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: 7bb4d807-9a66-48ff-9fb7-82780f3b015e
-KnownVulnerableSamples:
-- Company: 'Radiant Systems, Inc. '
-  Date: ''
-  Description: Radiant Hardware Manager for P15xx Platform
-  FileVersion: '3.1.0.22 built by: WinDDK'
-  Filename: ''
-  MD5: 048549f7e9978aff602a24dea98ee48a
-  MachineType: I386
-  OriginalFilename: RadHwMgr.sys
-  Product: Radiant Systems, Inc.  Hardware Manager driver
-  ProductVersion: 3.1.0.22
-  Publisher: ''
-  SHA1: 472cc191937349a712aabcbc4d118c1c982ab7c9
-  SHA256: 00c3e86952eebb113d91d118629077b3370ebc41eeacb419762d2de30a43c09c
-  Signature: ''
-  Imphash: cc88330f6dca52a40e258f689d3e2db4
-  Authentihash:
-    MD5: baaf9c8dfdaf03f0e280ddf06061ba5b
-    SHA1: 8b460b62a12db011c7602f0d4a7145fa28c0b75c
-    SHA256: be62ed235421930c84ce9c7789f3beb6b7a48a6bca9065063b7ce78effde1db2
-  RichPEHeaderHash:
-    MD5: c9e0146dd1b319a2380b33fb0561f30c
-    SHA1: 4f0ee635ee13432c90ed6362762168d9f04dbfb3
-    SHA256: e0da52b20535227a0a083c55d2fafc9902ddc1ac81927838d22332eb03f6ccc8
-  Sections:
-    .text:
-      Entropy: 6.65394812892549
-      Virtual Size: '0x5b4e'
-    .rdata:
-      Entropy: 4.058685148042817
-      Virtual Size: '0x1d4'
-    .data:
-      Entropy: 2.5
-      Virtual Size: '0x8'
-    PAGE:
-      Entropy: 6.487068233986764
-      Virtual Size: '0x13f0'
-    INIT:
-      Entropy: 5.582365387106486
-      Virtual Size: '0x5ec'
-    .rsrc:
-      Entropy: 3.3754791300877836
-      Virtual Size: '0x420'
-    .reloc:
-      Entropy: 6.033927912538727
-      Virtual Size: '0x3a6'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2008-03-04 09:24:19'
-  InternalName: RadHwMgr.sys
-  Copyright: 'Copyright (c) 2002-2004 Radiant Systems, Inc. '
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoAttachDeviceToDeviceStack
-  - IoCreateDevice
-  - RtlInitUnicodeString
-  - IoReleaseRemoveLockEx
-  - KeWaitForSingleObject
-  - IoDetachDevice
-  - IoReleaseRemoveLockAndWaitEx
-  - KeDelayExecutionThread
-  - MmGetSystemRoutineAddress
-  - KeCancelTimer
-  - IoDeleteDevice
-  - IoAcquireRemoveLockEx
-  - _except_handler3
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - MmGetPhysicalAddress
-  - KeReleaseMutex
-  - _vsnprintf
-  - strstr
-  - KeTickCount
-  - KeBugCheckEx
-  - KeInitializeDpc
-  - KeInitializeTimer
-  - IoInitializeRemoveLockEx
-  - KeInitializeMutex
-  - KeInitializeEvent
-  - IofCompleteRequest
-  - IofCallDriver
-  - PoStartNextPowerIrp
-  - PoCallDriver
-  - DbgPrint
-  - IoCreateSymbolicLink
-  - KeSetTimerEx
-  - IoDeleteSymbolicLink
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - KeSetEvent
-  - KeGetCurrentIrql
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  - WRITE_PORT_ULONG
-  - WRITE_PORT_USHORT
-  - READ_PORT_USHORT
-  - ExAcquireFastMutex
-  - ExReleaseFastMutex
-  - WRITE_PORT_UCHAR
-  - READ_PORT_UCHAR
-  - HalTranslateBusAddress
-  - READ_PORT_ULONG
-  - KeStallExecutionProcessor
-  Signatures: {}
-  LoadsDespiteHVCI: 'FALSE'
-- Company: 'Radiant Systems, Inc. '
-  Date: ''
-  Description: Radiant Hardware Manager for P15xx Platform
-  FileVersion: '2.20.0.7 built by: WinDDK'
-  Filename: ''
-  MD5: 30550db8f400b1e11593dffd644abb67
-  MachineType: I386
-  OriginalFilename: RadHwMgr.sys
-  Product: Radiant Systems, Inc.  Hardware Manager driver
-  ProductVersion: 2.20.0.7
-  Publisher: ''
-  SHA1: c31049605f028a56ce939cd2f97c2e56c12d99f8
-  SHA256: 0f30ecd4faec147a2335a4fc031c8a1ac9310c35339ebeb651eb1429421951a0
-  Signature: ''
-  Imphash: 7abb0911ca4cc4697ee1e9897932d3ac
-  Authentihash:
-    MD5: 442c6809d9d2cfea4c12df554c21fa52
-    SHA1: 86e92cafe050d6ab258ddc828a3ffc3e0c5bec5f
-    SHA256: 5074f17c7cc4fdabec65b3b07132425ad0d9fefd993e896baba2f97f16277581
-  RichPEHeaderHash:
-    MD5: 86a1a5bbf18f32bffc685d21bbd86131
-    SHA1: ba315e2820f8076e881a26554dc68836154875ad
-    SHA256: ee752592c32cb1b737058c3bfd35b0acdc64c5ed04c74ff38ab8131ea0ee955e
-  Sections:
-    .text:
-      Entropy: 6.620755788028627
-      Virtual Size: '0x13088'
-    .rdata:
-      Entropy: 1.1080551934343312
-      Virtual Size: '0x8c24'
-    .data:
-      Entropy: 1.268183338204401
-      Virtual Size: '0x34'
-    PAGE:
-      Entropy: 6.445912359019107
-      Virtual Size: '0x1cd5'
-    INIT:
-      Entropy: 5.777203228017578
-      Virtual Size: '0x7f0'
-    .rsrc:
-      Entropy: 3.3725877356359955
-      Virtual Size: '0x400'
-    .reloc:
-      Entropy: 6.411381788361578
-      Virtual Size: '0xbb8'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2016-05-12 15:00:20'
-  InternalName: RadHwMgr.sys
-  Copyright: '2002-2009 Radiant Systems, Inc. '
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoCreateSymbolicLink
-  - _except_handler3
-  - IoReleaseRemoveLockEx
-  - KeWaitForSingleObject
-  - IoDetachDevice
-  - IoReleaseRemoveLockAndWaitEx
-  - KeDelayExecutionThread
-  - MmGetSystemRoutineAddress
-  - KeCancelTimer
-  - IoDeleteSymbolicLink
-  - IoAcquireRemoveLockEx
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - MmGetPhysicalAddress
-  - KeReleaseMutex
-  - RtlRandom
-  - KeQuerySystemTime
-  - KeRestoreFloatingPointState
-  - KeSaveFloatingPointState
-  - KeSetTimerEx
-  - KeQueryActiveProcessors
-  - ZwSetInformationThread
-  - KeInitializeSpinLock
-  - KeClearEvent
-  - _allmul
-  - ZwClose
-  - ZwSetValueKey
-  - ZwCreateKey
-  - ExFreePoolWithTag
-  - ZwQueryValueKey
-  - ZwOpenKey
-  - ExAllocatePoolWithTag
-  - _vsnprintf
-  - PsTerminateSystemThread
-  - ObfDereferenceObject
-  - ObReferenceObjectByHandle
-  - PsCreateSystemThread
-  - KeTickCount
-  - KeBugCheckEx
-  - RtlInitUnicodeString
-  - IoCreateDevice
-  - IoAttachDeviceToDeviceStack
-  - IoDeleteDevice
-  - KeInitializeDpc
-  - KeInitializeTimer
-  - IoInitializeRemoveLockEx
-  - KeInitializeMutex
-  - KeInitializeEvent
-  - IofCompleteRequest
-  - IofCallDriver
-  - PoStartNextPowerIrp
-  - PoCallDriver
-  - KeSetEvent
-  - swprintf
-  - _stricmp
-  - strstr
-  - DbgPrint
-  - KeGetCurrentIrql
-  - KfAcquireSpinLock
-  - KfReleaseSpinLock
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  - WRITE_PORT_ULONG
-  - WRITE_PORT_USHORT
-  - READ_PORT_ULONG
-  - READ_PORT_USHORT
-  - ExAcquireFastMutex
-  - ExReleaseFastMutex
-  - KeStallExecutionProcessor
-  - WRITE_PORT_UCHAR
-  - READ_PORT_UCHAR
-  - HalTranslateBusAddress
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, ST=Georgia, L=Duluth, O=NCR Corporation, CN=NCR Corporation
-      ValidFrom: '2014-10-21 00:00:00'
-      ValidTo: '2017-11-19 23:59:59'
-      Signature: b6ae0546b74d187046efd534e763f13a4db98af9802d0a6aaf8ee7907ed06e76a58dbdead745ce4a28aa3591f254170cbbfcab6949f873702387f338692e5ab622db1549930bd1077974f149d604716977e59fa6e580c5cba239d8d14dafe95a363b874b3c613f44e321ed3fb03da3c386bc59d597d17e8223d406d4021d721407918e32ac299f85b7ed14eccc5249a01a53e3864932d16099d2428a051dec6ad35c5b25bb11d7a0564e08603fd1dde05d22da9e993e172f753558084875975a63d6149b863248d9ea67fbb7d06c22b29b5c6b02f43da356f74659f58fee80dacd228110b0149df32bae7dbdd743bb9ea68d4f94c26c8981445e19432bde81be
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 052d77dc3058212fb02ee74e72ef1bf5
-      Version: 3
-      TBS:
-        MD5: 4ec91835fedc5ed3d50a9ae6947fd588
-        SHA1: 021ebc3c130aeea57308098aba78932d9a155dac
-        SHA256: 2e422275df3b5001343731714f189dff59e11f996cd8af9044445c9717bc4ed4
-        SHA384: 7db8d4d20695cdaf496250e4b8fd00db7b1046e6e34a903dd4e724cfc274a0a3505dae1c830b300b7c54c9d8f23d3675
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 052d77dc3058212fb02ee74e72ef1bf5
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: 'Radiant Systems, Inc. '
-  Date: ''
-  Description: Radiant Hardware Manager for P15xx Platform
-  FileVersion: '9.9.0.1 built by: WinDDK'
-  Filename: ''
-  MD5: f80ceb0dbb889663f0bee058b109ce0e
-  MachineType: I386
-  OriginalFilename: RadHwMgr.sys
-  Product: Radiant Systems, Inc.  Hardware Manager driver
-  ProductVersion: 9.9.0.1
-  Publisher: ''
-  SHA1: a809831166a70700b59076e0dbc8975f57b14398
-  SHA256: 7c79e5196c2f51d2ab16e40b9d5725a8bf6ae0aaa70b02377aedc0f4e93ca37f
-  Signature: ''
-  Imphash: c1ab6741cd29de98a138f2bd639f620a
-  Authentihash:
-    MD5: 860d15f6aeb63343a73c093e4937303f
-    SHA1: 67d6ef20f45720baa689b80c289a2908a8b63d2d
-    SHA256: 66a9052d6b1d35147f581249f6b524d8cab0b7c6ff80f621a4481f43db462540
-  RichPEHeaderHash:
-    MD5: 62327ebcb89530154cbb776457ab5244
-    SHA1: d291944167ccb9e50b05c540feeaeae301a542b5
-    SHA256: 616d97d7a11a9860148d8c0d4814a3acc5d31a58ef12bce7343aacf935af2a17
-  Sections:
-    .text:
-      Entropy: 6.648546061933855
-      Virtual Size: '0xb318'
-    .rdata:
-      Entropy: 0.6537110501533921
-      Virtual Size: '0x3d84'
-    .data:
-      Entropy: 1.7573891057053235
-      Virtual Size: '0x24'
-    PAGE:
-      Entropy: 6.457364250090256
-      Virtual Size: '0x1421'
-    INIT:
-      Entropy: 5.7473511985559105
-      Virtual Size: '0x752'
-    .rsrc:
-      Entropy: 3.3458169332987127
-      Virtual Size: '0x400'
-    .reloc:
-      Entropy: 6.153106727619113
-      Virtual Size: '0x69c'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2010-09-15 14:56:51'
-  InternalName: RadHwMgr.sys
-  Copyright: '2002-2009 Radiant Systems, Inc. '
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoCreateDevice
-  - RtlInitUnicodeString
-  - IoReleaseRemoveLockEx
-  - KeWaitForSingleObject
-  - IoDetachDevice
-  - IoReleaseRemoveLockAndWaitEx
-  - KeDelayExecutionThread
-  - MmGetSystemRoutineAddress
-  - KeCancelTimer
-  - IoDeleteSymbolicLink
-  - IoAcquireRemoveLockEx
-  - _except_handler3
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - MmGetPhysicalAddress
-  - KeReleaseMutex
-  - IoAttachDeviceToDeviceStack
-  - KeQueryActiveProcessors
-  - KeRestoreFloatingPointState
-  - KeSaveFloatingPointState
-  - ZwSetInformationThread
-  - KeClearEvent
-  - _allmul
-  - ZwClose
-  - ZwSetValueKey
-  - ZwCreateKey
-  - ExFreePoolWithTag
-  - ZwQueryValueKey
-  - ZwOpenKey
-  - ExAllocatePoolWithTag
-  - KeTickCount
-  - KeBugCheckEx
-  - IoDeleteDevice
-  - KeInitializeDpc
-  - KeInitializeTimer
-  - IoInitializeRemoveLockEx
-  - KeInitializeMutex
-  - KeInitializeEvent
-  - IofCompleteRequest
-  - IofCallDriver
-  - PoStartNextPowerIrp
-  - PoCallDriver
-  - KeInitializeSpinLock
-  - IoCreateSymbolicLink
-  - KeSetTimerEx
-  - KeSetEvent
-  - swprintf
-  - _vsnprintf
-  - strstr
-  - _stricmp
-  - DbgPrint
-  - KeGetCurrentIrql
-  - KfAcquireSpinLock
-  - KfReleaseSpinLock
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  - WRITE_PORT_ULONG
-  - WRITE_PORT_USHORT
-  - READ_PORT_ULONG
-  - READ_PORT_USHORT
-  - ExAcquireFastMutex
-  - ExReleaseFastMutex
-  - WRITE_PORT_UCHAR
-  - READ_PORT_UCHAR
-  - KeStallExecutionProcessor
-  - HalTranslateBusAddress
-  Signatures: {}
-  LoadsDespiteHVCI: 'FALSE'
-- Company: NCR Corporation
-  Date: ''
-  Description: Radiant Hardware Manager for P15xx Platform
-  FileVersion: '2.33.0.0 built by: WinDDK'
-  Filename: ''
-  MD5: d4a9f80ecb448da510e5bf82c4a699ee
-  MachineType: I386
-  OriginalFilename: RadHwMgr.sys
-  Product: NCR Corporation Hardware Manager driver
-  ProductVersion: 2.33.0.0
-  Publisher: ''
-  SHA1: 091a039f5f2ae1bb0fa0f83660f4c178fd3a5a10
-  SHA256: 7c8ad57b3a224fdc2aac9dd2d7c3624f1fcd3542d4db804de25a90155657e2cc
-  Signature: ''
-  Imphash: 0c959096cf4b3180530cc7865ef29157
-  Authentihash:
-    MD5: e0ed4c5de74ee4b3a3eb93ec1bec6641
-    SHA1: c4285308befc60b3f6500b34534b2d5fc253d38d
-    SHA256: da5e27b18d3c1403975a8e17431242f208621348264ebe770db8b07813a1a0f8
-  RichPEHeaderHash:
-    MD5: 7af0d8a4180cecad6b1ae0cd913e6e2d
-    SHA1: f9faafd76a0aaf2bce75c215a34493ca7d50f567
-    SHA256: 68906ebfb190e050a2a4b0852f8c16006cbf11a15b6eb1fea401d3811ae35b62
-  Sections:
-    .text:
-      Entropy: 6.607353322313261
-      Virtual Size: '0x16bc6'
-    .rdata:
-      Entropy: 1.04772282980368
-      Virtual Size: '0xc494'
-    .data:
-      Entropy: 4.226107835035677
-      Virtual Size: '0x54'
-    PAGE:
-      Entropy: 6.426747314335844
-      Virtual Size: '0x2296'
-    INIT:
-      Entropy: 5.755583765575611
-      Virtual Size: '0x844'
-    .rsrc:
-      Entropy: 3.343040206996372
-      Virtual Size: '0x3d0'
-    .reloc:
-      Entropy: 6.44725210281668
-      Virtual Size: '0xfac'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2022-02-10 14:57:04'
-  InternalName: RadHwMgr.sys
-  Copyright: 2002-2018NCR Corporation
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoCreateSymbolicLink
-  - _except_handler3
-  - IoReleaseRemoveLockEx
-  - KeWaitForSingleObject
-  - IoDetachDevice
-  - IoReleaseRemoveLockAndWaitEx
-  - KeDelayExecutionThread
-  - MmGetSystemRoutineAddress
-  - KeCancelTimer
-  - IoDeleteSymbolicLink
-  - IoAcquireRemoveLockEx
-  - MmGetPhysicalAddress
-  - KeReleaseMutex
-  - RtlRandom
-  - KeQuerySystemTime
-  - MmMapIoSpace
-  - KeRestoreFloatingPointState
-  - KeSaveFloatingPointState
-  - swprintf
-  - KeQueryActiveProcessors
-  - KeSetTimerEx
-  - ZwSetInformationThread
-  - KeInitializeSpinLock
-  - KeClearEvent
-  - _allmul
-  - ZwClose
-  - ZwWriteFile
-  - ZwCreateFile
-  - ZwSetValueKey
-  - ZwCreateKey
-  - ExFreePoolWithTag
-  - ZwQueryValueKey
-  - ZwOpenKey
-  - ExAllocatePoolWithTag
-  - PsTerminateSystemThread
-  - ObfDereferenceObject
-  - ObReferenceObjectByHandle
-  - PsCreateSystemThread
-  - KeTickCount
-  - KeBugCheckEx
-  - RtlInitUnicodeString
-  - IoCreateDevice
-  - IoAttachDeviceToDeviceStack
-  - IoDeleteDevice
-  - KeInitializeDpc
-  - KeInitializeTimer
-  - IoInitializeRemoveLockEx
-  - KeInitializeMutex
-  - KeInitializeEvent
-  - IofCompleteRequest
-  - IofCallDriver
-  - PoStartNextPowerIrp
-  - PoCallDriver
-  - KeSetEvent
-  - MmUnmapIoSpace
-  - _vsnprintf
-  - IoWMIQueryAllData
-  - IoWMIOpenBlock
-  - strstr
-  - _stricmp
-  - DbgPrint
-  - KeGetCurrentIrql
-  - KfAcquireSpinLock
-  - KfReleaseSpinLock
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  - WRITE_PORT_ULONG
-  - WRITE_PORT_USHORT
-  - READ_PORT_ULONG
-  - READ_PORT_USHORT
-  - ExAcquireFastMutex
-  - ExReleaseFastMutex
-  - KeStallExecutionProcessor
-  - WRITE_PORT_UCHAR
-  - READ_PORT_UCHAR
-  - HalTranslateBusAddress
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Hardware Compatibility Publisher
-      ValidFrom: '2022-06-07 18:08:06'
-      ValidTo: '2023-06-01 18:08:06'
-      Signature: 0a835e40cdb627d4f0a0d3dbbf64a46a05c132d0b5df9d11cd9c195d7037737057d57a342732ae68d67de47f460e7211c7c40dc29b0a079caff871c4834a9a2fc85e759de9b78659ad6fd79b7320e538e9ba5d52227ad67cc00b0a770ef662af3d743a558643ad89cfb015591709a69b6271a9b65db71898e7cb9964c6376dc474898301a6133198b486b518fdd9d7b9723dcffc441e026833f7c72e27986026c97b9184a0048b10d1fe6847ae467f02173f7a69120be780e5b6b9e6399402cc58735a31b537cc33578fbea443135a4a612359150bcf9ab316f6a9248bc71ef3f3480b9b3fa2341692bc3a121d80214688f7bd87d5ec56dcbd0ea61abf2c7ed2b739a07590adb596d401735d955f5f94c591d69ab4363a42f9fca549d439495711ff7990448c03724792ed4acf31f2b35b136c1b2f37aa82b1aabf7daf059dcb2e976e95311ec6e9cc53876dd09632cf512d39c801849a7c1088a565691953e07c7ff17b22518e982dd2dcc0feda8c834ca1f5e247aef1c3af5f13cd4b8cc1b6c0179bc876db88d677047c34366533e349796dbdea86389ad640710b7742ae8cc4ec88f10fa80ede4b1c93f81b55480fc8228216d54813df0327e74b3db9f3512a40c0568e4215827f9b7a2613deea72a7ec4df2def05e5559015049fe83edc83300526045cb128119e131b7d3573b268e24b0a25b9ad59f6301c8fc8f409322
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 3300000057ee4d659a923e7c10000000000057
-      Version: 3
-      TBS:
-        MD5: fdc11a5676aed4e9cc0c09eeb7450dfb
-        SHA1: 4902077d9a05d4231b791d3b05bafa4a79132f03
-        SHA256: 5db56c23d83bf67c7152e28ad4a684a7372b4ae4f52afe7a81ce91eef94caec3
-        SHA384: c952d7f0e0ea5216ce4400601fb7c0829f0f3fcd6eb2b5b9112fbe45d133e00c4abd660f8e1794f7ac4ef95123e2c0ab
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2014
-      ValidFrom: '2014-10-15 20:31:27'
-      ValidTo: '2029-10-15 20:41:27'
-      Signature: 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 330000000d690d5d7893d076df00000000000d
-      Version: 3
-      TBS:
-        MD5: 83f69422963f11c3c340b81712eef319
-        SHA1: 0c5e5f24590b53bc291e28583acb78e5adc95601
-        SHA256: d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
-        SHA384: 260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63
-    Signer:
-    - SerialNumber: 3300000057ee4d659a923e7c10000000000057
-      Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2014
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: 'Radiant Systems, Inc. '
-  Date: ''
-  Description: Radiant Hardware Manager for P15xx Platform
-  FileVersion: '2.20.0.7 built by: WinDDK'
-  Filename: ''
-  MD5: f36b8094c2fbf57f99870bfaeeacb25c
-  MachineType: AMD64
-  OriginalFilename: RadHwMgr.sys
-  Product: Radiant Systems, Inc.  Hardware Manager driver
-  ProductVersion: 2.20.0.7
-  Publisher: ''
-  SHA1: c4454a3a4a95e6772acb8a3d998b78a329259566
-  SHA256: 903d6d71da64566b1d9c32d4fb1a1491e9f91006ad2281bb91d4f1ee9567ef7b
-  Signature: ''
-  Imphash: ced7ea67fdf3d89a48849e0062278f7d
-  Authentihash:
-    MD5: 750aee72c5954cc95d596310f814ada7
-    SHA1: ff9e5f196b16c49e9ac0e7004f815a39ef5e3397
-    SHA256: a60d45d46e5a3dda02f41d20e5782135dd0da42c75eb9c39307bd67a7c9152ea
-  RichPEHeaderHash:
-    MD5: 9604fd6a2485f7ffa9724e86b26d3baf
-    SHA1: 315d17ed8ae2b181503db0cc68deb3a57b8fb3e3
-    SHA256: 6d6185d80827f92609da61d4fb89a8a2a067713426f7b775fc60cf41912d1f61
-  Sections:
-    .text:
-      Entropy: 6.576618598040922
-      Virtual Size: '0x1454e'
-    .rdata:
-      Entropy: 1.3224464261275246
-      Virtual Size: '0x9714'
-    .data:
-      Entropy: 0.57686453185674
-      Virtual Size: '0x138'
-    .pdata:
-      Entropy: 4.90237047258828
-      Virtual Size: '0x870'
-    PAGE:
-      Entropy: 6.293595811886365
-      Virtual Size: '0x1fec'
-    INIT:
-      Entropy: 5.38119340478477
-      Virtual Size: '0x820'
-    .rsrc:
-      Entropy: 3.370895926409806
-      Virtual Size: '0x400'
-    .reloc:
-      Entropy: 2.893334805056936
-      Virtual Size: '0x250'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2016-05-12 15:00:29'
-  InternalName: RadHwMgr.sys
-  Copyright: '2002-2009 Radiant Systems, Inc. '
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeSetEvent
-  - MmGetSystemRoutineAddress
-  - KeInitializeEvent
-  - KeInitializeDpc
-  - IoReleaseRemoveLockEx
-  - IoDetachDevice
-  - KeInitializeTimer
-  - KeSetTimerEx
-  - KeDelayExecutionThread
-  - PoStartNextPowerIrp
-  - IofCompleteRequest
-  - IoReleaseRemoveLockAndWaitEx
-  - KeWaitForSingleObject
-  - IoAttachDeviceToDeviceStack
-  - PoCallDriver
-  - IoCreateSymbolicLink
-  - IoInitializeRemoveLockEx
-  - IoCreateDevice
-  - KeCancelTimer
-  - DbgPrint
-  - IofCallDriver
-  - ExAcquireFastMutex
-  - MmGetPhysicalAddress
-  - MmMapIoSpace
-  - KeReleaseMutex
-  - RtlRandom
-  - KeQueryActiveProcessors
-  - swprintf
-  - KeReleaseSpinLock
-  - ZwSetInformationThread
-  - KeAcquireSpinLockRaiseToDpc
-  - KeClearEvent
-  - ExAllocatePoolWithTag
-  - ZwCreateKey
-  - ExFreePoolWithTag
-  - ZwSetValueKey
-  - ZwQueryValueKey
-  - ZwClose
-  - ZwOpenKey
-  - _vsnprintf
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - ObReferenceObjectByHandle
-  - ObfDereferenceObject
-  - KeBugCheckEx
-  - KeInitializeMutex
-  - ExReleaseFastMutex
-  - IoDeleteSymbolicLink
-  - MmUnmapIoSpace
-  - IoAcquireRemoveLockEx
-  - _stricmp
-  - strstr
-  - __C_specific_handler
-  - HalSetBusDataByOffset
-  - HalTranslateBusAddress
-  - KeStallExecutionProcessor
-  - HalGetBusDataByOffset
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, ST=Georgia, L=Duluth, O=NCR Corporation, CN=NCR Corporation
-      ValidFrom: '2014-10-21 00:00:00'
-      ValidTo: '2017-11-19 23:59:59'
-      Signature: b6ae0546b74d187046efd534e763f13a4db98af9802d0a6aaf8ee7907ed06e76a58dbdead745ce4a28aa3591f254170cbbfcab6949f873702387f338692e5ab622db1549930bd1077974f149d604716977e59fa6e580c5cba239d8d14dafe95a363b874b3c613f44e321ed3fb03da3c386bc59d597d17e8223d406d4021d721407918e32ac299f85b7ed14eccc5249a01a53e3864932d16099d2428a051dec6ad35c5b25bb11d7a0564e08603fd1dde05d22da9e993e172f753558084875975a63d6149b863248d9ea67fbb7d06c22b29b5c6b02f43da356f74659f58fee80dacd228110b0149df32bae7dbdd743bb9ea68d4f94c26c8981445e19432bde81be
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 052d77dc3058212fb02ee74e72ef1bf5
-      Version: 3
-      TBS:
-        MD5: 4ec91835fedc5ed3d50a9ae6947fd588
-        SHA1: 021ebc3c130aeea57308098aba78932d9a155dac
-        SHA256: 2e422275df3b5001343731714f189dff59e11f996cd8af9044445c9717bc4ed4
-        SHA384: 7db8d4d20695cdaf496250e4b8fd00db7b1046e6e34a903dd4e724cfc274a0a3505dae1c830b300b7c54c9d8f23d3675
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 052d77dc3058212fb02ee74e72ef1bf5
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: NCR Corporation
-  Date: ''
-  Description: Radiant Hardware Manager for P15xx Platform
-  FileVersion: '0.0.0.2 Dev built by: WinDDK'
-  Filename: ''
-  MD5: 2580fb4131353ec417b0df59811f705c
-  MachineType: AMD64
-  OriginalFilename: RadHwMgr.sys
-  Product: NCR Corporation Hardware Manager driver
-  ProductVersion: 0.0.0.2 Dev
-  Publisher: ''
-  SHA1: de2c073c8b4db6ffd11a99784d307f880444e5d3
-  SHA256: df96d844b967d404e58a12fc57487abc24cd3bd1f8417acfe1ce1ee4a0b0b858
-  Signature: ''
-  Imphash: aca7bbc6be02770c50b07eb6f94d1d78
-  Authentihash:
-    MD5: 66109ba4eaff3279c0420053192bbdc7
-    SHA1: 21bc11d6fe4ecee29fe9c0d09717c230fef8bf5a
-    SHA256: ba386547523c5779e47c59ccb1b853918386cd398f054ac767a3a5b333e3fad3
-  RichPEHeaderHash:
-    MD5: db9bb181e841f689974bb185ac9fa2be
-    SHA1: 818b83369bc1318811f9e552896b6a8547576409
-    SHA256: 4e12bf194b5d9b32d9857e4c91beec52f4b936e6c625166993350f15221cb097
-  Sections:
-    .text:
-      Entropy: 6.5596978482501855
-      Virtual Size: '0x195ed'
-    .rdata:
-      Entropy: 1.1744707670381698
-      Virtual Size: '0xe0cc'
-    .data:
-      Entropy: 1.4822667005925465
-      Virtual Size: '0x19c'
-    .pdata:
-      Entropy: 4.891959904722085
-      Virtual Size: '0x9cc'
-    PAGE:
-      Entropy: 6.297270480417571
-      Virtual Size: '0x254c'
-    INIT:
-      Entropy: 5.443388294044633
-      Virtual Size: '0x884'
-    .rsrc:
-      Entropy: 3.3468218584482647
-      Virtual Size: '0x3f8'
-    .reloc:
-      Entropy: 4.065762782521356
-      Virtual Size: '0x450'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2022-03-10 10:26:21'
-  InternalName: RadHwMgr.sys
-  Copyright: Copyright (c) 2002-2017 NCR Corporation
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeSetEvent
-  - MmGetSystemRoutineAddress
-  - KeInitializeEvent
-  - KeInitializeDpc
-  - IoReleaseRemoveLockEx
-  - IoDetachDevice
-  - KeInitializeTimer
-  - KeSetTimerEx
-  - KeDelayExecutionThread
-  - PoStartNextPowerIrp
-  - IofCompleteRequest
-  - IoReleaseRemoveLockAndWaitEx
-  - KeWaitForSingleObject
-  - IoAttachDeviceToDeviceStack
-  - PoCallDriver
-  - IoCreateSymbolicLink
-  - IoInitializeRemoveLockEx
-  - IoCreateDevice
-  - KeCancelTimer
-  - DbgPrint
-  - IofCallDriver
-  - MmGetPhysicalAddress
-  - ExAcquireFastMutex
-  - RtlRandom
-  - KeQueryActiveProcessors
-  - swprintf
-  - KeReleaseSpinLock
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - ZwSetInformationThread
-  - KeAcquireSpinLockRaiseToDpc
-  - KeClearEvent
-  - ZwCreateFile
-  - ZwClose
-  - ZwWriteFile
-  - ExAllocatePoolWithTag
-  - ZwCreateKey
-  - ExFreePoolWithTag
-  - ZwSetValueKey
-  - ZwQueryValueKey
-  - ZwOpenKey
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - ObReferenceObjectByHandle
-  - ObfDereferenceObject
-  - KeBugCheckEx
-  - KeInitializeMutex
-  - ExReleaseFastMutex
-  - IoDeleteSymbolicLink
-  - KeReleaseMutex
-  - IoAcquireRemoveLockEx
-  - _stricmp
-  - IoWMIQueryAllData
-  - strstr
-  - IoWMIOpenBlock
-  - _vsnprintf
-  - __C_specific_handler
-  - HalSetBusDataByOffset
-  - HalTranslateBusAddress
-  - KeStallExecutionProcessor
-  - HalGetBusDataByOffset
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert, Inc., CN=DigiCert Timestamp 2021
-      ValidFrom: '2021-01-01 00:00:00'
-      ValidTo: '2031-01-06 00:00:00'
-      Signature: 481cdcb5e99a23bce71ae7200e8e6746fd427251740a2347a3ab92d225c47059be14a0e52781a54d1415190779f0d104c386d93bbdfe4402664ded69a40ff6b870cf62e8f5514a7879367a27b7f3e7529f93a7ed439e7be7b4dd412289fb87a246034efcf4feb76477635f2352698382fa1a53ed90cc8da117730df4f36539704bf39cd67a7bda0cbc3d32d01bcbf561fc75080076bc810ef8c0e15ccfc41172e71b6449d8229a751542f52d323881daf460a2bab452fb5ce06124254fb2dfc929a8734351dabd63d61f5b9bf72e1b4f131df74a0d717e97b7f43f84ebc1e3a349a1facea7bf56cfba597661895f7ea7b48e6778f93698e1cb28da5b87a68a2f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 0d424ae0be3a88ff604021ce1400f0dd
-      Version: 3
-      TBS:
-        MD5: c0189c338449a42fe8358c2c1fbecc60
-        SHA1: b8ac0ee6875594b80ad86a6df6dd1fa3048c187c
-        SHA256: a43de6baf968a942da017b70769fdb65b3cfb1bbca1f9174da26a7d8aae78ec5
-        SHA384: 76d3a316a5a106050298418cce3beea16100524723d9e3220b0de51bfb6f1c35a5d4c7cd10b358fef7bf94c3e3562150
-    - Subject: C=US, ST=Georgia, L=Atlanta, O=NCR Corporation, CN=NCR Corporation
-      ValidFrom: '2020-11-04 00:00:00'
-      ValidTo: '2023-12-12 23:59:59'
-      Signature: 4d55b7aeb5d2a5d0d57011d7737f9335b10f8a0c5dbd4df8ee165240aca58253c158eb39ff8c6de2d3581bf5223cbc8cafd41d644818a671357a801414ed8bfd7527ecc733e80dfb66591a8496da4b7c6eee9609edda6a68c0511cd58cdc7c632977bbaf0cd171bda99bfa32d8479efcdd7424b718a70fac3413019c98f1f47bd6bc9c96efd583ccb21c74b11ca06e1843336bd9bded749fd968d882e5b81c5418c7fc23e4a5fd53836819773310297d2c96193f0395b5fc45fb153eebf099c2c16600c146246de9d8d489807ab8faf0d81edbbb4410d67357f937a984eb458f832337c11aca1d3dd6305b607d173854e7a8e25e79d8220a621d62a3d1c1037b
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 0ccd588d98ef92c984668dd925028a5a
-      Version: 3
-      TBS:
-        MD5: 9cbe98d11c2841cb53918871ade1e650
-        SHA1: 40fedcc9e4ff9a555f8b2de0c3af80e6595832f3
-        SHA256: 46052421da2dfa5a2ebbd382dc55cec0ce68f0bc492aaad269256cf10996901b
-        SHA384: a5aa8d451be71c239e2828f733046ef3df030212889b09edc157daa83ee0278da5daee835db3745f82291efa1229f7f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Assured
-        ID Code Signing CA
-      ValidFrom: '2013-10-22 12:00:00'
-      ValidTo: '2028-10-22 12:00:00'
-      Signature: 3eec0d5a24b3f322d115c82c7c252976a81d5d1c2d3a1ac4ef3061d77e0b60fdc33d0fc4af8bfdef2adf205537b0e1f6d192750f51b46ea58e5ae25e24814e10a4ee3f718e630e134badd75f4479f33614068af79c464e5cff90b11b070e9115fbbaafb551c28d24ae24c6c7272aa129281a3a7128023c2e91a3c02511e29c1447a17a6868af9ba75c205cd971b10c8fbba8f8c512689fcf40cb4044a513f0e6640c25084232b2368a2402fe2f727e1cd7494596e8591de9fa74646bb2eb6643dab3b08cd5e90dddf60120ce9931633d081a18b3819b4fc6931006fc0781fa8bdaf98249f7626ea153fa129418852e9291ea686c4432b266a1e718a49a6451ef
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 0409181b5fd5bb66755343b56f955008
-      Version: 3
-      TBS:
-        MD5: 9359496ca4f021408b9d8923cab8b179
-        SHA1: 2aed40d7759997830870769be250199fd609e40e
-        SHA256: e767799478f64a34b3f53ff3bb9057fe1768f4ab178041b0dcc0ff1e210cba65
-        SHA384: 5cb7e7b4f1dbccd48d10db7e71b6f8c05fcb4bcb0085a6fefcfa0c2148f9a594e59f56ac4304004f3b398e259035c40c
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Assured
-        ID Timestamping CA
-      ValidFrom: '2016-01-07 12:00:00'
-      ValidTo: '2031-01-07 12:00:00'
-      Signature: 719512e951875669cdefddda7caa637ab378cf06374084ef4b84bfcacf0302fdc5a7c30e20422caf77f32b1f0c215a2ab705341d6aae99f827a266bf09aa60df76a43a930ff8b2d1d87c1962e85e82251ec4ba1c7b2c21e2d65b2c1435430468b2db7502e072c798d63c64e51f4810185f8938614d62462487638c91522caf2989e5781fd60b14a580d7124770b375d59385937eb69267fb536189a8f56b96c0f458690d7cc801b1b92875b7996385228c61ca79947e59fc8c0fe36fb50126b66ca5ee875121e458609bba0c2d2b6da2c47ebbc4252b4702087c49ae13b6e17c424228c61856cf4134b6665db6747bf55633222f2236b24ba24a95d8f5a68e52
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 0aa125d6d6321b7e41e405da3697c215
-      Version: 3
-      TBS:
-        MD5: 8d26184fc613f89aba1cefb30fce1b53
-        SHA1: 63a7e376bad5ec2e419d514a403bcf46c8d31d95
-        SHA256: 56b5f0d9db578e3f142921daa387902722a76700375c7e1c4ae0ba004bacaa0c
-        SHA384: d8c9691fe9dbe182f07b49b07fbb4f589fa7b38b5c4d21f265d3a2e818f4b1bfb39e03faab2ec05bb10333a99914fb8a
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root
-        CA
-      ValidFrom: '2011-04-15 19:41:37'
-      ValidTo: '2021-04-15 19:51:37'
-      Signature: 5cf5b22d02ceed01b53512d813f7aa4014c7a15ca08a55ed7e55ea6ac457176fd04722423658efc5ac61c5f62c52ce6ae6c80d85dab334420ea40225182672b92a4ea57e4b16f2a0e40c449ce24d9af474f0f927a6699031c244654348c74869d0fc8409f286140ac22996857f11eb8713176ed3ec6bff1d578ab17b1ea5a07ce9a27a68e5fac6b161d67263fa379163835599f81d614f0c6fa3f7bcb1152acc8d85e31417ef7e49443fb022c0f0acbe2fdbe10c86b0f4585c5a10a94bcdf3448a4652083e0a6210e9459504b78b8d4b074f500db7bbe7fb8ca27878c6c53b7663b2cfe521845a66fce04c79834ecfa8ee700586587cc29cd73ca3ad3c7e76625c87d0ed7cd5c55b1421f4be75a275d2e9e15ad020307841624d6b5e6e1b1710244ad8588775d015d762bbfd185665842561977faad49df4f35d6da031c2e19e02ac3e90c3327ee832903416d08b14cf95accee58c54a265b8bfed186a57073ed3e79a4a2f081a041c49871a8ae61b08a365d81c31c50d9cbab368ddf45076160675fec403e7d13edfdc862e10027e661296534e7af3365879b12042d8963f35be3f8ef2999743f5e40ce13c68728c8d49d75a52b573fb7a35943a61b08482c04885c19732d39b725fa0d2348f7ef0467cf28c7294c707b0d7b5b230b81965f09c8327b0a0abd0a2727e050fb3aeddb95b9b42bcc32663456b86f11d4643edc8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611cb28a000000000026
-      Version: 3
-      TBS:
-        MD5: 983a0c315a50542362f2bd6a5d71c8d0
-        SHA1: 8047f476001f5cb16a661d2a3fd0c3576168f5e2
-        SHA256: 5f6a519ed2e35cd0fa1cdfc90f4387162c36287bbf9e4d6648251d99542a9e83
-        SHA384: 5f014b60511ddab3247ef0b3c03fe82c622237ba76015e2911d1adc50dc632d56ebd1ee532f3c2b6cbfe68d80a2c91dc
-    Signer:
-    - SerialNumber: 0ccd588d98ef92c984668dd925028a5a
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Assured
-        ID Code Signing CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create RadHwMgrsys binPath= C:\windows\temp\RadHwMgrsys.sys type=kernel
+        && sc.exe start RadHwMgrsys
+    Description: The Carbon Black Threat Analysis Unit (TAU) discovered 34 unique
+        vulnerable drivers (237 file hashes) accepting firmware access. Six allow
+        kernel memory access. All give full control of the devices to non-admin users.
+        By exploiting the vulnerable drivers, an attacker without the system privilege
+        may erase/alter firmware, and/or elevate privileges. As of the time of writing
+        in October 2023, the filenames of the vulnerable drivers have not been made
+        public until now.
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://blogs.vmware.com/security/2023/10/hunting-vulnerable-kernel-drivers.html
-Tags:
-- RadHwMgr.sys
-Verified: 'TRUE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Company: 'Radiant Systems, Inc. '
+    Date: ''
+    Description: Radiant Hardware Manager for P15xx Platform
+    FileVersion: '3.1.0.22 built by: WinDDK'
+    Filename: ''
+    MD5: 048549f7e9978aff602a24dea98ee48a
+    MachineType: I386
+    OriginalFilename: RadHwMgr.sys
+    Product: Radiant Systems, Inc.  Hardware Manager driver
+    ProductVersion: 3.1.0.22
+    Publisher: ''
+    SHA1: 472cc191937349a712aabcbc4d118c1c982ab7c9
+    SHA256: 00c3e86952eebb113d91d118629077b3370ebc41eeacb419762d2de30a43c09c
+    Signature: ''
+    Imphash: cc88330f6dca52a40e258f689d3e2db4
+    Authentihash:
+        MD5: baaf9c8dfdaf03f0e280ddf06061ba5b
+        SHA1: 8b460b62a12db011c7602f0d4a7145fa28c0b75c
+        SHA256: be62ed235421930c84ce9c7789f3beb6b7a48a6bca9065063b7ce78effde1db2
+    RichPEHeaderHash:
+        MD5: c9e0146dd1b319a2380b33fb0561f30c
+        SHA1: 4f0ee635ee13432c90ed6362762168d9f04dbfb3
+        SHA256: e0da52b20535227a0a083c55d2fafc9902ddc1ac81927838d22332eb03f6ccc8
+    Sections:
+        .text:
+            Entropy: 6.65394812892549
+            Virtual Size: '0x5b4e'
+        .rdata:
+            Entropy: 4.058685148042817
+            Virtual Size: '0x1d4'
+        .data:
+            Entropy: 2.5
+            Virtual Size: '0x8'
+        PAGE:
+            Entropy: 6.487068233986764
+            Virtual Size: '0x13f0'
+        INIT:
+            Entropy: 5.582365387106486
+            Virtual Size: '0x5ec'
+        .rsrc:
+            Entropy: 3.3754791300877836
+            Virtual Size: '0x420'
+        .reloc:
+            Entropy: 6.033927912538727
+            Virtual Size: '0x3a6'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2008-03-04 09:24:19'
+    InternalName: RadHwMgr.sys
+    Copyright: 'Copyright (c) 2002-2004 Radiant Systems, Inc. '
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoAttachDeviceToDeviceStack
+    - IoCreateDevice
+    - RtlInitUnicodeString
+    - IoReleaseRemoveLockEx
+    - KeWaitForSingleObject
+    - IoDetachDevice
+    - IoReleaseRemoveLockAndWaitEx
+    - KeDelayExecutionThread
+    - MmGetSystemRoutineAddress
+    - KeCancelTimer
+    - IoDeleteDevice
+    - IoAcquireRemoveLockEx
+    - _except_handler3
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - MmGetPhysicalAddress
+    - KeReleaseMutex
+    - _vsnprintf
+    - strstr
+    - KeTickCount
+    - KeBugCheckEx
+    - KeInitializeDpc
+    - KeInitializeTimer
+    - IoInitializeRemoveLockEx
+    - KeInitializeMutex
+    - KeInitializeEvent
+    - IofCompleteRequest
+    - IofCallDriver
+    - PoStartNextPowerIrp
+    - PoCallDriver
+    - DbgPrint
+    - IoCreateSymbolicLink
+    - KeSetTimerEx
+    - IoDeleteSymbolicLink
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - KeSetEvent
+    - KeGetCurrentIrql
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    - WRITE_PORT_ULONG
+    - WRITE_PORT_USHORT
+    - READ_PORT_USHORT
+    - ExAcquireFastMutex
+    - ExReleaseFastMutex
+    - WRITE_PORT_UCHAR
+    - READ_PORT_UCHAR
+    - HalTranslateBusAddress
+    - READ_PORT_ULONG
+    - KeStallExecutionProcessor
+    Signatures: {}
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: 'Radiant Systems, Inc. '
+    Date: ''
+    Description: Radiant Hardware Manager for P15xx Platform
+    FileVersion: '2.20.0.7 built by: WinDDK'
+    Filename: ''
+    MD5: 30550db8f400b1e11593dffd644abb67
+    MachineType: I386
+    OriginalFilename: RadHwMgr.sys
+    Product: Radiant Systems, Inc.  Hardware Manager driver
+    ProductVersion: 2.20.0.7
+    Publisher: ''
+    SHA1: c31049605f028a56ce939cd2f97c2e56c12d99f8
+    SHA256: 0f30ecd4faec147a2335a4fc031c8a1ac9310c35339ebeb651eb1429421951a0
+    Signature: ''
+    Imphash: 7abb0911ca4cc4697ee1e9897932d3ac
+    Authentihash:
+        MD5: 442c6809d9d2cfea4c12df554c21fa52
+        SHA1: 86e92cafe050d6ab258ddc828a3ffc3e0c5bec5f
+        SHA256: 5074f17c7cc4fdabec65b3b07132425ad0d9fefd993e896baba2f97f16277581
+    RichPEHeaderHash:
+        MD5: 86a1a5bbf18f32bffc685d21bbd86131
+        SHA1: ba315e2820f8076e881a26554dc68836154875ad
+        SHA256: ee752592c32cb1b737058c3bfd35b0acdc64c5ed04c74ff38ab8131ea0ee955e
+    Sections:
+        .text:
+            Entropy: 6.620755788028627
+            Virtual Size: '0x13088'
+        .rdata:
+            Entropy: 1.1080551934343312
+            Virtual Size: '0x8c24'
+        .data:
+            Entropy: 1.268183338204401
+            Virtual Size: '0x34'
+        PAGE:
+            Entropy: 6.445912359019107
+            Virtual Size: '0x1cd5'
+        INIT:
+            Entropy: 5.777203228017578
+            Virtual Size: '0x7f0'
+        .rsrc:
+            Entropy: 3.3725877356359955
+            Virtual Size: '0x400'
+        .reloc:
+            Entropy: 6.411381788361578
+            Virtual Size: '0xbb8'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2016-05-12 15:00:20'
+    InternalName: RadHwMgr.sys
+    Copyright: '2002-2009 Radiant Systems, Inc. '
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoCreateSymbolicLink
+    - _except_handler3
+    - IoReleaseRemoveLockEx
+    - KeWaitForSingleObject
+    - IoDetachDevice
+    - IoReleaseRemoveLockAndWaitEx
+    - KeDelayExecutionThread
+    - MmGetSystemRoutineAddress
+    - KeCancelTimer
+    - IoDeleteSymbolicLink
+    - IoAcquireRemoveLockEx
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - MmGetPhysicalAddress
+    - KeReleaseMutex
+    - RtlRandom
+    - KeQuerySystemTime
+    - KeRestoreFloatingPointState
+    - KeSaveFloatingPointState
+    - KeSetTimerEx
+    - KeQueryActiveProcessors
+    - ZwSetInformationThread
+    - KeInitializeSpinLock
+    - KeClearEvent
+    - _allmul
+    - ZwClose
+    - ZwSetValueKey
+    - ZwCreateKey
+    - ExFreePoolWithTag
+    - ZwQueryValueKey
+    - ZwOpenKey
+    - ExAllocatePoolWithTag
+    - _vsnprintf
+    - PsTerminateSystemThread
+    - ObfDereferenceObject
+    - ObReferenceObjectByHandle
+    - PsCreateSystemThread
+    - KeTickCount
+    - KeBugCheckEx
+    - RtlInitUnicodeString
+    - IoCreateDevice
+    - IoAttachDeviceToDeviceStack
+    - IoDeleteDevice
+    - KeInitializeDpc
+    - KeInitializeTimer
+    - IoInitializeRemoveLockEx
+    - KeInitializeMutex
+    - KeInitializeEvent
+    - IofCompleteRequest
+    - IofCallDriver
+    - PoStartNextPowerIrp
+    - PoCallDriver
+    - KeSetEvent
+    - swprintf
+    - _stricmp
+    - strstr
+    - DbgPrint
+    - KeGetCurrentIrql
+    - KfAcquireSpinLock
+    - KfReleaseSpinLock
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    - WRITE_PORT_ULONG
+    - WRITE_PORT_USHORT
+    - READ_PORT_ULONG
+    - READ_PORT_USHORT
+    - ExAcquireFastMutex
+    - ExReleaseFastMutex
+    - KeStallExecutionProcessor
+    - WRITE_PORT_UCHAR
+    - READ_PORT_UCHAR
+    - HalTranslateBusAddress
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, ST=Georgia, L=Duluth, O=NCR Corporation, CN=NCR Corporation
+            ValidFrom: '2014-10-21 00:00:00'
+            ValidTo: '2017-11-19 23:59:59'
+            Signature: b6ae0546b74d187046efd534e763f13a4db98af9802d0a6aaf8ee7907ed06e76a58dbdead745ce4a28aa3591f254170cbbfcab6949f873702387f338692e5ab622db1549930bd1077974f149d604716977e59fa6e580c5cba239d8d14dafe95a363b874b3c613f44e321ed3fb03da3c386bc59d597d17e8223d406d4021d721407918e32ac299f85b7ed14eccc5249a01a53e3864932d16099d2428a051dec6ad35c5b25bb11d7a0564e08603fd1dde05d22da9e993e172f753558084875975a63d6149b863248d9ea67fbb7d06c22b29b5c6b02f43da356f74659f58fee80dacd228110b0149df32bae7dbdd743bb9ea68d4f94c26c8981445e19432bde81be
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 052d77dc3058212fb02ee74e72ef1bf5
+            Version: 3
+            TBS:
+                MD5: 4ec91835fedc5ed3d50a9ae6947fd588
+                SHA1: 021ebc3c130aeea57308098aba78932d9a155dac
+                SHA256: 2e422275df3b5001343731714f189dff59e11f996cd8af9044445c9717bc4ed4
+                SHA384: 7db8d4d20695cdaf496250e4b8fd00db7b1046e6e34a903dd4e724cfc274a0a3505dae1c830b300b7c54c9d8f23d3675
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 052d77dc3058212fb02ee74e72ef1bf5
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: 'Radiant Systems, Inc. '
+    Date: ''
+    Description: Radiant Hardware Manager for P15xx Platform
+    FileVersion: '9.9.0.1 built by: WinDDK'
+    Filename: ''
+    MD5: f80ceb0dbb889663f0bee058b109ce0e
+    MachineType: I386
+    OriginalFilename: RadHwMgr.sys
+    Product: Radiant Systems, Inc.  Hardware Manager driver
+    ProductVersion: 9.9.0.1
+    Publisher: ''
+    SHA1: a809831166a70700b59076e0dbc8975f57b14398
+    SHA256: 7c79e5196c2f51d2ab16e40b9d5725a8bf6ae0aaa70b02377aedc0f4e93ca37f
+    Signature: ''
+    Imphash: c1ab6741cd29de98a138f2bd639f620a
+    Authentihash:
+        MD5: 860d15f6aeb63343a73c093e4937303f
+        SHA1: 67d6ef20f45720baa689b80c289a2908a8b63d2d
+        SHA256: 66a9052d6b1d35147f581249f6b524d8cab0b7c6ff80f621a4481f43db462540
+    RichPEHeaderHash:
+        MD5: 62327ebcb89530154cbb776457ab5244
+        SHA1: d291944167ccb9e50b05c540feeaeae301a542b5
+        SHA256: 616d97d7a11a9860148d8c0d4814a3acc5d31a58ef12bce7343aacf935af2a17
+    Sections:
+        .text:
+            Entropy: 6.648546061933855
+            Virtual Size: '0xb318'
+        .rdata:
+            Entropy: 0.6537110501533921
+            Virtual Size: '0x3d84'
+        .data:
+            Entropy: 1.7573891057053235
+            Virtual Size: '0x24'
+        PAGE:
+            Entropy: 6.457364250090256
+            Virtual Size: '0x1421'
+        INIT:
+            Entropy: 5.7473511985559105
+            Virtual Size: '0x752'
+        .rsrc:
+            Entropy: 3.3458169332987127
+            Virtual Size: '0x400'
+        .reloc:
+            Entropy: 6.153106727619113
+            Virtual Size: '0x69c'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2010-09-15 14:56:51'
+    InternalName: RadHwMgr.sys
+    Copyright: '2002-2009 Radiant Systems, Inc. '
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoCreateDevice
+    - RtlInitUnicodeString
+    - IoReleaseRemoveLockEx
+    - KeWaitForSingleObject
+    - IoDetachDevice
+    - IoReleaseRemoveLockAndWaitEx
+    - KeDelayExecutionThread
+    - MmGetSystemRoutineAddress
+    - KeCancelTimer
+    - IoDeleteSymbolicLink
+    - IoAcquireRemoveLockEx
+    - _except_handler3
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - MmGetPhysicalAddress
+    - KeReleaseMutex
+    - IoAttachDeviceToDeviceStack
+    - KeQueryActiveProcessors
+    - KeRestoreFloatingPointState
+    - KeSaveFloatingPointState
+    - ZwSetInformationThread
+    - KeClearEvent
+    - _allmul
+    - ZwClose
+    - ZwSetValueKey
+    - ZwCreateKey
+    - ExFreePoolWithTag
+    - ZwQueryValueKey
+    - ZwOpenKey
+    - ExAllocatePoolWithTag
+    - KeTickCount
+    - KeBugCheckEx
+    - IoDeleteDevice
+    - KeInitializeDpc
+    - KeInitializeTimer
+    - IoInitializeRemoveLockEx
+    - KeInitializeMutex
+    - KeInitializeEvent
+    - IofCompleteRequest
+    - IofCallDriver
+    - PoStartNextPowerIrp
+    - PoCallDriver
+    - KeInitializeSpinLock
+    - IoCreateSymbolicLink
+    - KeSetTimerEx
+    - KeSetEvent
+    - swprintf
+    - _vsnprintf
+    - strstr
+    - _stricmp
+    - DbgPrint
+    - KeGetCurrentIrql
+    - KfAcquireSpinLock
+    - KfReleaseSpinLock
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    - WRITE_PORT_ULONG
+    - WRITE_PORT_USHORT
+    - READ_PORT_ULONG
+    - READ_PORT_USHORT
+    - ExAcquireFastMutex
+    - ExReleaseFastMutex
+    - WRITE_PORT_UCHAR
+    - READ_PORT_UCHAR
+    - KeStallExecutionProcessor
+    - HalTranslateBusAddress
+    Signatures: {}
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: NCR Corporation
+    Date: ''
+    Description: Radiant Hardware Manager for P15xx Platform
+    FileVersion: '2.33.0.0 built by: WinDDK'
+    Filename: ''
+    MD5: d4a9f80ecb448da510e5bf82c4a699ee
+    MachineType: I386
+    OriginalFilename: RadHwMgr.sys
+    Product: NCR Corporation Hardware Manager driver
+    ProductVersion: 2.33.0.0
+    Publisher: ''
+    SHA1: 091a039f5f2ae1bb0fa0f83660f4c178fd3a5a10
+    SHA256: 7c8ad57b3a224fdc2aac9dd2d7c3624f1fcd3542d4db804de25a90155657e2cc
+    Signature: ''
+    Imphash: 0c959096cf4b3180530cc7865ef29157
+    Authentihash:
+        MD5: e0ed4c5de74ee4b3a3eb93ec1bec6641
+        SHA1: c4285308befc60b3f6500b34534b2d5fc253d38d
+        SHA256: da5e27b18d3c1403975a8e17431242f208621348264ebe770db8b07813a1a0f8
+    RichPEHeaderHash:
+        MD5: 7af0d8a4180cecad6b1ae0cd913e6e2d
+        SHA1: f9faafd76a0aaf2bce75c215a34493ca7d50f567
+        SHA256: 68906ebfb190e050a2a4b0852f8c16006cbf11a15b6eb1fea401d3811ae35b62
+    Sections:
+        .text:
+            Entropy: 6.607353322313261
+            Virtual Size: '0x16bc6'
+        .rdata:
+            Entropy: 1.04772282980368
+            Virtual Size: '0xc494'
+        .data:
+            Entropy: 4.226107835035677
+            Virtual Size: '0x54'
+        PAGE:
+            Entropy: 6.426747314335844
+            Virtual Size: '0x2296'
+        INIT:
+            Entropy: 5.755583765575611
+            Virtual Size: '0x844'
+        .rsrc:
+            Entropy: 3.343040206996372
+            Virtual Size: '0x3d0'
+        .reloc:
+            Entropy: 6.44725210281668
+            Virtual Size: '0xfac'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2022-02-10 14:57:04'
+    InternalName: RadHwMgr.sys
+    Copyright: 2002-2018NCR Corporation
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoCreateSymbolicLink
+    - _except_handler3
+    - IoReleaseRemoveLockEx
+    - KeWaitForSingleObject
+    - IoDetachDevice
+    - IoReleaseRemoveLockAndWaitEx
+    - KeDelayExecutionThread
+    - MmGetSystemRoutineAddress
+    - KeCancelTimer
+    - IoDeleteSymbolicLink
+    - IoAcquireRemoveLockEx
+    - MmGetPhysicalAddress
+    - KeReleaseMutex
+    - RtlRandom
+    - KeQuerySystemTime
+    - MmMapIoSpace
+    - KeRestoreFloatingPointState
+    - KeSaveFloatingPointState
+    - swprintf
+    - KeQueryActiveProcessors
+    - KeSetTimerEx
+    - ZwSetInformationThread
+    - KeInitializeSpinLock
+    - KeClearEvent
+    - _allmul
+    - ZwClose
+    - ZwWriteFile
+    - ZwCreateFile
+    - ZwSetValueKey
+    - ZwCreateKey
+    - ExFreePoolWithTag
+    - ZwQueryValueKey
+    - ZwOpenKey
+    - ExAllocatePoolWithTag
+    - PsTerminateSystemThread
+    - ObfDereferenceObject
+    - ObReferenceObjectByHandle
+    - PsCreateSystemThread
+    - KeTickCount
+    - KeBugCheckEx
+    - RtlInitUnicodeString
+    - IoCreateDevice
+    - IoAttachDeviceToDeviceStack
+    - IoDeleteDevice
+    - KeInitializeDpc
+    - KeInitializeTimer
+    - IoInitializeRemoveLockEx
+    - KeInitializeMutex
+    - KeInitializeEvent
+    - IofCompleteRequest
+    - IofCallDriver
+    - PoStartNextPowerIrp
+    - PoCallDriver
+    - KeSetEvent
+    - MmUnmapIoSpace
+    - _vsnprintf
+    - IoWMIQueryAllData
+    - IoWMIOpenBlock
+    - strstr
+    - _stricmp
+    - DbgPrint
+    - KeGetCurrentIrql
+    - KfAcquireSpinLock
+    - KfReleaseSpinLock
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    - WRITE_PORT_ULONG
+    - WRITE_PORT_USHORT
+    - READ_PORT_ULONG
+    - READ_PORT_USHORT
+    - ExAcquireFastMutex
+    - ExReleaseFastMutex
+    - KeStallExecutionProcessor
+    - WRITE_PORT_UCHAR
+    - READ_PORT_UCHAR
+    - HalTranslateBusAddress
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Hardware Compatibility Publisher
+            ValidFrom: '2022-06-07 18:08:06'
+            ValidTo: '2023-06-01 18:08:06'
+            Signature: 0a835e40cdb627d4f0a0d3dbbf64a46a05c132d0b5df9d11cd9c195d7037737057d57a342732ae68d67de47f460e7211c7c40dc29b0a079caff871c4834a9a2fc85e759de9b78659ad6fd79b7320e538e9ba5d52227ad67cc00b0a770ef662af3d743a558643ad89cfb015591709a69b6271a9b65db71898e7cb9964c6376dc474898301a6133198b486b518fdd9d7b9723dcffc441e026833f7c72e27986026c97b9184a0048b10d1fe6847ae467f02173f7a69120be780e5b6b9e6399402cc58735a31b537cc33578fbea443135a4a612359150bcf9ab316f6a9248bc71ef3f3480b9b3fa2341692bc3a121d80214688f7bd87d5ec56dcbd0ea61abf2c7ed2b739a07590adb596d401735d955f5f94c591d69ab4363a42f9fca549d439495711ff7990448c03724792ed4acf31f2b35b136c1b2f37aa82b1aabf7daf059dcb2e976e95311ec6e9cc53876dd09632cf512d39c801849a7c1088a565691953e07c7ff17b22518e982dd2dcc0feda8c834ca1f5e247aef1c3af5f13cd4b8cc1b6c0179bc876db88d677047c34366533e349796dbdea86389ad640710b7742ae8cc4ec88f10fa80ede4b1c93f81b55480fc8228216d54813df0327e74b3db9f3512a40c0568e4215827f9b7a2613deea72a7ec4df2def05e5559015049fe83edc83300526045cb128119e131b7d3573b268e24b0a25b9ad59f6301c8fc8f409322
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 3300000057ee4d659a923e7c10000000000057
+            Version: 3
+            TBS:
+                MD5: fdc11a5676aed4e9cc0c09eeb7450dfb
+                SHA1: 4902077d9a05d4231b791d3b05bafa4a79132f03
+                SHA256: 5db56c23d83bf67c7152e28ad4a684a7372b4ae4f52afe7a81ce91eef94caec3
+                SHA384: c952d7f0e0ea5216ce4400601fb7c0829f0f3fcd6eb2b5b9112fbe45d133e00c4abd660f8e1794f7ac4ef95123e2c0ab
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2014
+            ValidFrom: '2014-10-15 20:31:27'
+            ValidTo: '2029-10-15 20:41:27'
+            Signature: 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 330000000d690d5d7893d076df00000000000d
+            Version: 3
+            TBS:
+                MD5: 83f69422963f11c3c340b81712eef319
+                SHA1: 0c5e5f24590b53bc291e28583acb78e5adc95601
+                SHA256: d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
+                SHA384: 260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63
+        Signer:
+        -   SerialNumber: 3300000057ee4d659a923e7c10000000000057
+            Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2014
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: 'Radiant Systems, Inc. '
+    Date: ''
+    Description: Radiant Hardware Manager for P15xx Platform
+    FileVersion: '2.20.0.7 built by: WinDDK'
+    Filename: ''
+    MD5: f36b8094c2fbf57f99870bfaeeacb25c
+    MachineType: AMD64
+    OriginalFilename: RadHwMgr.sys
+    Product: Radiant Systems, Inc.  Hardware Manager driver
+    ProductVersion: 2.20.0.7
+    Publisher: ''
+    SHA1: c4454a3a4a95e6772acb8a3d998b78a329259566
+    SHA256: 903d6d71da64566b1d9c32d4fb1a1491e9f91006ad2281bb91d4f1ee9567ef7b
+    Signature: ''
+    Imphash: ced7ea67fdf3d89a48849e0062278f7d
+    Authentihash:
+        MD5: 750aee72c5954cc95d596310f814ada7
+        SHA1: ff9e5f196b16c49e9ac0e7004f815a39ef5e3397
+        SHA256: a60d45d46e5a3dda02f41d20e5782135dd0da42c75eb9c39307bd67a7c9152ea
+    RichPEHeaderHash:
+        MD5: 9604fd6a2485f7ffa9724e86b26d3baf
+        SHA1: 315d17ed8ae2b181503db0cc68deb3a57b8fb3e3
+        SHA256: 6d6185d80827f92609da61d4fb89a8a2a067713426f7b775fc60cf41912d1f61
+    Sections:
+        .text:
+            Entropy: 6.576618598040922
+            Virtual Size: '0x1454e'
+        .rdata:
+            Entropy: 1.3224464261275246
+            Virtual Size: '0x9714'
+        .data:
+            Entropy: 0.57686453185674
+            Virtual Size: '0x138'
+        .pdata:
+            Entropy: 4.90237047258828
+            Virtual Size: '0x870'
+        PAGE:
+            Entropy: 6.293595811886365
+            Virtual Size: '0x1fec'
+        INIT:
+            Entropy: 5.38119340478477
+            Virtual Size: '0x820'
+        .rsrc:
+            Entropy: 3.370895926409806
+            Virtual Size: '0x400'
+        .reloc:
+            Entropy: 2.893334805056936
+            Virtual Size: '0x250'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2016-05-12 15:00:29'
+    InternalName: RadHwMgr.sys
+    Copyright: '2002-2009 Radiant Systems, Inc. '
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeSetEvent
+    - MmGetSystemRoutineAddress
+    - KeInitializeEvent
+    - KeInitializeDpc
+    - IoReleaseRemoveLockEx
+    - IoDetachDevice
+    - KeInitializeTimer
+    - KeSetTimerEx
+    - KeDelayExecutionThread
+    - PoStartNextPowerIrp
+    - IofCompleteRequest
+    - IoReleaseRemoveLockAndWaitEx
+    - KeWaitForSingleObject
+    - IoAttachDeviceToDeviceStack
+    - PoCallDriver
+    - IoCreateSymbolicLink
+    - IoInitializeRemoveLockEx
+    - IoCreateDevice
+    - KeCancelTimer
+    - DbgPrint
+    - IofCallDriver
+    - ExAcquireFastMutex
+    - MmGetPhysicalAddress
+    - MmMapIoSpace
+    - KeReleaseMutex
+    - RtlRandom
+    - KeQueryActiveProcessors
+    - swprintf
+    - KeReleaseSpinLock
+    - ZwSetInformationThread
+    - KeAcquireSpinLockRaiseToDpc
+    - KeClearEvent
+    - ExAllocatePoolWithTag
+    - ZwCreateKey
+    - ExFreePoolWithTag
+    - ZwSetValueKey
+    - ZwQueryValueKey
+    - ZwClose
+    - ZwOpenKey
+    - _vsnprintf
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - ObReferenceObjectByHandle
+    - ObfDereferenceObject
+    - KeBugCheckEx
+    - KeInitializeMutex
+    - ExReleaseFastMutex
+    - IoDeleteSymbolicLink
+    - MmUnmapIoSpace
+    - IoAcquireRemoveLockEx
+    - _stricmp
+    - strstr
+    - __C_specific_handler
+    - HalSetBusDataByOffset
+    - HalTranslateBusAddress
+    - KeStallExecutionProcessor
+    - HalGetBusDataByOffset
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, ST=Georgia, L=Duluth, O=NCR Corporation, CN=NCR Corporation
+            ValidFrom: '2014-10-21 00:00:00'
+            ValidTo: '2017-11-19 23:59:59'
+            Signature: b6ae0546b74d187046efd534e763f13a4db98af9802d0a6aaf8ee7907ed06e76a58dbdead745ce4a28aa3591f254170cbbfcab6949f873702387f338692e5ab622db1549930bd1077974f149d604716977e59fa6e580c5cba239d8d14dafe95a363b874b3c613f44e321ed3fb03da3c386bc59d597d17e8223d406d4021d721407918e32ac299f85b7ed14eccc5249a01a53e3864932d16099d2428a051dec6ad35c5b25bb11d7a0564e08603fd1dde05d22da9e993e172f753558084875975a63d6149b863248d9ea67fbb7d06c22b29b5c6b02f43da356f74659f58fee80dacd228110b0149df32bae7dbdd743bb9ea68d4f94c26c8981445e19432bde81be
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 052d77dc3058212fb02ee74e72ef1bf5
+            Version: 3
+            TBS:
+                MD5: 4ec91835fedc5ed3d50a9ae6947fd588
+                SHA1: 021ebc3c130aeea57308098aba78932d9a155dac
+                SHA256: 2e422275df3b5001343731714f189dff59e11f996cd8af9044445c9717bc4ed4
+                SHA384: 7db8d4d20695cdaf496250e4b8fd00db7b1046e6e34a903dd4e724cfc274a0a3505dae1c830b300b7c54c9d8f23d3675
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 052d77dc3058212fb02ee74e72ef1bf5
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: NCR Corporation
+    Date: ''
+    Description: Radiant Hardware Manager for P15xx Platform
+    FileVersion: '0.0.0.2 Dev built by: WinDDK'
+    Filename: ''
+    MD5: 2580fb4131353ec417b0df59811f705c
+    MachineType: AMD64
+    OriginalFilename: RadHwMgr.sys
+    Product: NCR Corporation Hardware Manager driver
+    ProductVersion: 0.0.0.2 Dev
+    Publisher: ''
+    SHA1: de2c073c8b4db6ffd11a99784d307f880444e5d3
+    SHA256: df96d844b967d404e58a12fc57487abc24cd3bd1f8417acfe1ce1ee4a0b0b858
+    Signature: ''
+    Imphash: aca7bbc6be02770c50b07eb6f94d1d78
+    Authentihash:
+        MD5: 66109ba4eaff3279c0420053192bbdc7
+        SHA1: 21bc11d6fe4ecee29fe9c0d09717c230fef8bf5a
+        SHA256: ba386547523c5779e47c59ccb1b853918386cd398f054ac767a3a5b333e3fad3
+    RichPEHeaderHash:
+        MD5: db9bb181e841f689974bb185ac9fa2be
+        SHA1: 818b83369bc1318811f9e552896b6a8547576409
+        SHA256: 4e12bf194b5d9b32d9857e4c91beec52f4b936e6c625166993350f15221cb097
+    Sections:
+        .text:
+            Entropy: 6.5596978482501855
+            Virtual Size: '0x195ed'
+        .rdata:
+            Entropy: 1.1744707670381698
+            Virtual Size: '0xe0cc'
+        .data:
+            Entropy: 1.4822667005925465
+            Virtual Size: '0x19c'
+        .pdata:
+            Entropy: 4.891959904722085
+            Virtual Size: '0x9cc'
+        PAGE:
+            Entropy: 6.297270480417571
+            Virtual Size: '0x254c'
+        INIT:
+            Entropy: 5.443388294044633
+            Virtual Size: '0x884'
+        .rsrc:
+            Entropy: 3.3468218584482647
+            Virtual Size: '0x3f8'
+        .reloc:
+            Entropy: 4.065762782521356
+            Virtual Size: '0x450'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2022-03-10 10:26:21'
+    InternalName: RadHwMgr.sys
+    Copyright: Copyright (c) 2002-2017 NCR Corporation
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeSetEvent
+    - MmGetSystemRoutineAddress
+    - KeInitializeEvent
+    - KeInitializeDpc
+    - IoReleaseRemoveLockEx
+    - IoDetachDevice
+    - KeInitializeTimer
+    - KeSetTimerEx
+    - KeDelayExecutionThread
+    - PoStartNextPowerIrp
+    - IofCompleteRequest
+    - IoReleaseRemoveLockAndWaitEx
+    - KeWaitForSingleObject
+    - IoAttachDeviceToDeviceStack
+    - PoCallDriver
+    - IoCreateSymbolicLink
+    - IoInitializeRemoveLockEx
+    - IoCreateDevice
+    - KeCancelTimer
+    - DbgPrint
+    - IofCallDriver
+    - MmGetPhysicalAddress
+    - ExAcquireFastMutex
+    - RtlRandom
+    - KeQueryActiveProcessors
+    - swprintf
+    - KeReleaseSpinLock
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - ZwSetInformationThread
+    - KeAcquireSpinLockRaiseToDpc
+    - KeClearEvent
+    - ZwCreateFile
+    - ZwClose
+    - ZwWriteFile
+    - ExAllocatePoolWithTag
+    - ZwCreateKey
+    - ExFreePoolWithTag
+    - ZwSetValueKey
+    - ZwQueryValueKey
+    - ZwOpenKey
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - ObReferenceObjectByHandle
+    - ObfDereferenceObject
+    - KeBugCheckEx
+    - KeInitializeMutex
+    - ExReleaseFastMutex
+    - IoDeleteSymbolicLink
+    - KeReleaseMutex
+    - IoAcquireRemoveLockEx
+    - _stricmp
+    - IoWMIQueryAllData
+    - strstr
+    - IoWMIOpenBlock
+    - _vsnprintf
+    - __C_specific_handler
+    - HalSetBusDataByOffset
+    - HalTranslateBusAddress
+    - KeStallExecutionProcessor
+    - HalGetBusDataByOffset
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert, Inc., CN=DigiCert Timestamp 2021
+            ValidFrom: '2021-01-01 00:00:00'
+            ValidTo: '2031-01-06 00:00:00'
+            Signature: 481cdcb5e99a23bce71ae7200e8e6746fd427251740a2347a3ab92d225c47059be14a0e52781a54d1415190779f0d104c386d93bbdfe4402664ded69a40ff6b870cf62e8f5514a7879367a27b7f3e7529f93a7ed439e7be7b4dd412289fb87a246034efcf4feb76477635f2352698382fa1a53ed90cc8da117730df4f36539704bf39cd67a7bda0cbc3d32d01bcbf561fc75080076bc810ef8c0e15ccfc41172e71b6449d8229a751542f52d323881daf460a2bab452fb5ce06124254fb2dfc929a8734351dabd63d61f5b9bf72e1b4f131df74a0d717e97b7f43f84ebc1e3a349a1facea7bf56cfba597661895f7ea7b48e6778f93698e1cb28da5b87a68a2f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 0d424ae0be3a88ff604021ce1400f0dd
+            Version: 3
+            TBS:
+                MD5: c0189c338449a42fe8358c2c1fbecc60
+                SHA1: b8ac0ee6875594b80ad86a6df6dd1fa3048c187c
+                SHA256: a43de6baf968a942da017b70769fdb65b3cfb1bbca1f9174da26a7d8aae78ec5
+                SHA384: 76d3a316a5a106050298418cce3beea16100524723d9e3220b0de51bfb6f1c35a5d4c7cd10b358fef7bf94c3e3562150
+        -   Subject: C=US, ST=Georgia, L=Atlanta, O=NCR Corporation, CN=NCR Corporation
+            ValidFrom: '2020-11-04 00:00:00'
+            ValidTo: '2023-12-12 23:59:59'
+            Signature: 4d55b7aeb5d2a5d0d57011d7737f9335b10f8a0c5dbd4df8ee165240aca58253c158eb39ff8c6de2d3581bf5223cbc8cafd41d644818a671357a801414ed8bfd7527ecc733e80dfb66591a8496da4b7c6eee9609edda6a68c0511cd58cdc7c632977bbaf0cd171bda99bfa32d8479efcdd7424b718a70fac3413019c98f1f47bd6bc9c96efd583ccb21c74b11ca06e1843336bd9bded749fd968d882e5b81c5418c7fc23e4a5fd53836819773310297d2c96193f0395b5fc45fb153eebf099c2c16600c146246de9d8d489807ab8faf0d81edbbb4410d67357f937a984eb458f832337c11aca1d3dd6305b607d173854e7a8e25e79d8220a621d62a3d1c1037b
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 0ccd588d98ef92c984668dd925028a5a
+            Version: 3
+            TBS:
+                MD5: 9cbe98d11c2841cb53918871ade1e650
+                SHA1: 40fedcc9e4ff9a555f8b2de0c3af80e6595832f3
+                SHA256: 46052421da2dfa5a2ebbd382dc55cec0ce68f0bc492aaad269256cf10996901b
+                SHA384: a5aa8d451be71c239e2828f733046ef3df030212889b09edc157daa83ee0278da5daee835db3745f82291efa1229f7f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Assured
+                ID Code Signing CA
+            ValidFrom: '2013-10-22 12:00:00'
+            ValidTo: '2028-10-22 12:00:00'
+            Signature: 3eec0d5a24b3f322d115c82c7c252976a81d5d1c2d3a1ac4ef3061d77e0b60fdc33d0fc4af8bfdef2adf205537b0e1f6d192750f51b46ea58e5ae25e24814e10a4ee3f718e630e134badd75f4479f33614068af79c464e5cff90b11b070e9115fbbaafb551c28d24ae24c6c7272aa129281a3a7128023c2e91a3c02511e29c1447a17a6868af9ba75c205cd971b10c8fbba8f8c512689fcf40cb4044a513f0e6640c25084232b2368a2402fe2f727e1cd7494596e8591de9fa74646bb2eb6643dab3b08cd5e90dddf60120ce9931633d081a18b3819b4fc6931006fc0781fa8bdaf98249f7626ea153fa129418852e9291ea686c4432b266a1e718a49a6451ef
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 0409181b5fd5bb66755343b56f955008
+            Version: 3
+            TBS:
+                MD5: 9359496ca4f021408b9d8923cab8b179
+                SHA1: 2aed40d7759997830870769be250199fd609e40e
+                SHA256: e767799478f64a34b3f53ff3bb9057fe1768f4ab178041b0dcc0ff1e210cba65
+                SHA384: 5cb7e7b4f1dbccd48d10db7e71b6f8c05fcb4bcb0085a6fefcfa0c2148f9a594e59f56ac4304004f3b398e259035c40c
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Assured
+                ID Timestamping CA
+            ValidFrom: '2016-01-07 12:00:00'
+            ValidTo: '2031-01-07 12:00:00'
+            Signature: 719512e951875669cdefddda7caa637ab378cf06374084ef4b84bfcacf0302fdc5a7c30e20422caf77f32b1f0c215a2ab705341d6aae99f827a266bf09aa60df76a43a930ff8b2d1d87c1962e85e82251ec4ba1c7b2c21e2d65b2c1435430468b2db7502e072c798d63c64e51f4810185f8938614d62462487638c91522caf2989e5781fd60b14a580d7124770b375d59385937eb69267fb536189a8f56b96c0f458690d7cc801b1b92875b7996385228c61ca79947e59fc8c0fe36fb50126b66ca5ee875121e458609bba0c2d2b6da2c47ebbc4252b4702087c49ae13b6e17c424228c61856cf4134b6665db6747bf55633222f2236b24ba24a95d8f5a68e52
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 0aa125d6d6321b7e41e405da3697c215
+            Version: 3
+            TBS:
+                MD5: 8d26184fc613f89aba1cefb30fce1b53
+                SHA1: 63a7e376bad5ec2e419d514a403bcf46c8d31d95
+                SHA256: 56b5f0d9db578e3f142921daa387902722a76700375c7e1c4ae0ba004bacaa0c
+                SHA384: d8c9691fe9dbe182f07b49b07fbb4f589fa7b38b5c4d21f265d3a2e818f4b1bfb39e03faab2ec05bb10333a99914fb8a
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID Root CA
+            ValidFrom: '2011-04-15 19:41:37'
+            ValidTo: '2021-04-15 19:51:37'
+            Signature: 5cf5b22d02ceed01b53512d813f7aa4014c7a15ca08a55ed7e55ea6ac457176fd04722423658efc5ac61c5f62c52ce6ae6c80d85dab334420ea40225182672b92a4ea57e4b16f2a0e40c449ce24d9af474f0f927a6699031c244654348c74869d0fc8409f286140ac22996857f11eb8713176ed3ec6bff1d578ab17b1ea5a07ce9a27a68e5fac6b161d67263fa379163835599f81d614f0c6fa3f7bcb1152acc8d85e31417ef7e49443fb022c0f0acbe2fdbe10c86b0f4585c5a10a94bcdf3448a4652083e0a6210e9459504b78b8d4b074f500db7bbe7fb8ca27878c6c53b7663b2cfe521845a66fce04c79834ecfa8ee700586587cc29cd73ca3ad3c7e76625c87d0ed7cd5c55b1421f4be75a275d2e9e15ad020307841624d6b5e6e1b1710244ad8588775d015d762bbfd185665842561977faad49df4f35d6da031c2e19e02ac3e90c3327ee832903416d08b14cf95accee58c54a265b8bfed186a57073ed3e79a4a2f081a041c49871a8ae61b08a365d81c31c50d9cbab368ddf45076160675fec403e7d13edfdc862e10027e661296534e7af3365879b12042d8963f35be3f8ef2999743f5e40ce13c68728c8d49d75a52b573fb7a35943a61b08482c04885c19732d39b725fa0d2348f7ef0467cf28c7294c707b0d7b5b230b81965f09c8327b0a0abd0a2727e050fb3aeddb95b9b42bcc32663456b86f11d4643edc8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611cb28a000000000026
+            Version: 3
+            TBS:
+                MD5: 983a0c315a50542362f2bd6a5d71c8d0
+                SHA1: 8047f476001f5cb16a661d2a3fd0c3576168f5e2
+                SHA256: 5f6a519ed2e35cd0fa1cdfc90f4387162c36287bbf9e4d6648251d99542a9e83
+                SHA384: 5f014b60511ddab3247ef0b3c03fe82c622237ba76015e2911d1adc50dc632d56ebd1ee532f3c2b6cbfe68d80a2c91dc
+        Signer:
+        -   SerialNumber: 0ccd588d98ef92c984668dd925028a5a
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Assured
+                ID Code Signing CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/7bb5ff05-25f8-410d-ae99-c8e8f082d24f.yaml b/yaml/7bb5ff05-25f8-410d-ae99-c8e8f082d24f.yaml
index e2ff02912..18c60d499 100644
--- a/yaml/7bb5ff05-25f8-410d-ae99-c8e8f082d24f.yaml
+++ b/yaml/7bb5ff05-25f8-410d-ae99-c8e8f082d24f.yaml
@@ -1,647 +1,647 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 7bb5ff05-25f8-410d-ae99-c8e8f082d24f
+Tags:
+- WinRing0.sys
+- WinRing0x64
+Verified: 'TRUE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create WinRing0.sys binPath=C:\windows\temp\WinRing0.sys type=kernel
-    && sc.exe start WinRing0.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/3ec5ad51e6879464dfbccb9f4ed76c6325056a42548d5994ba869da9c4c039a8.yara
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/47eaebc920ccf99e09fc9924feb6b19b8a28589f52783327067c9b09754b5e84.yara
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/a7b000abbcc344444a9b00cfade7aa22ab92ce0cadec196c30eb1851ae4fa062.yara
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: 7bb5ff05-25f8-410d-ae99-c8e8f082d24f
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 650fa4b522e8d06d0cdfa4bf278e85f1
-    SHA1: dfe2533a4398d67dfc722eb8d9f8ffa3a823a721
-    SHA256: 7188af66fe23bd8cf27f003ad6c7550cdb6faa5c948fe7c3b1435c9246345eb3
-  Company: OpenLibSys.org
-  Copyright: Copyright (C) 2007 OpenLibSys.org. All rights reserved.
-  CreationTimestamp: '2007-12-15 01:04:52'
-  Date: ''
-  Description: WinRing0
-  ExportedFunctions: ''
-  FileVersion: 1.0.1.2
-  Filename: WinRing0.sys
-  ImportedFunctions:
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - IoDeleteDevice
-  - IoCreateDevice
-  - KeBugCheckEx
-  - RtlInitUnicodeString
-  - IoCreateSymbolicLink
-  - IoDeleteSymbolicLink
-  - __C_specific_handler
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: WinRing0.sys
-  MD5: 828bb9cb1dd449cd65a29b18ec46055f
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: WinRing0.sys
-  Product: WinRing0
-  ProductVersion: 1.0.1.2
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 6c9272bb390e89b75934eea3b15a1858
-    SHA1: 16dab615286d22f060143bb9316a28122f8e4d1b
-    SHA256: 4a41cc91e3a5794be7d9088e93b0277f123a88d3b6568c5f92fe084bb5c78b4a
-  SHA1: 558aad879b6a47d94a968f39d0a4e3a3aaef1ef1
-  SHA256: 3ec5ad51e6879464dfbccb9f4ed76c6325056a42548d5994ba869da9c4c039a8
-  Sections:
-    .text:
-      Entropy: 6.02563890741647
-      Virtual Size: '0x796'
-    .rdata:
-      Entropy: 4.1567602868650235
-      Virtual Size: '0x190'
-    .data:
-      Entropy: 0.5096713223407059
-      Virtual Size: '0x114'
-    .pdata:
-      Entropy: 3.2625699366690815
-      Virtual Size: '0x6c'
-    INIT:
-      Entropy: 4.864582637105269
-      Virtual Size: '0x222'
-    .rsrc:
-      Entropy: 3.2650956402233735
-      Virtual Size: '0x3b0'
-  Signature:
-  - TOSHIBA AMERICA INFORMATION SYSTEMS, INC.
-  - VeriSign Class 3 Code Signing 2004 CA
-  - VeriSign Class 3 Public Primary CA
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=US, ST=California, L=Irvine, O=TOSHIBA AMERICA INFORMATION SYSTEMS,
-        INC., OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=TOSHIBA
-        AMERICA INFORMATION SYSTEMS, INC.
-      ValidFrom: '2006-11-30 00:00:00'
-      ValidTo: '2010-01-29 23:59:59'
-      Signature: 35f3925f76c3466b8c0daadad42eb075428bf02b75db96deb7707f1c83e412baede827abc43aa2ec558328ebdd68366e3b218e534ac5e9d1df82072d5256a2cd701f2bd3548a3c18cf5264763f06886720342754f9279d80d673e9f2b2637e470ad966c0fefcc280b24786dd8fbe2f36c5e4d64376fd5d92a86d27312afdf6f6694c2954a180da2d67eeda7f61f86118b7fec7d4ac4492896c151497239031ebfaa871f762f67eed10288530df1949b56799160071956db962d3bec37a6cdcbdae597a2c2299a6c07beb4746824bc4db989f9debabf682f36ed8597e3a1123267e0cb8ec2337daf0b0b5c03d6ac0167cca5ee4ff0c9cef4b0215801bd32c9cdb
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 450d3382b4c87b8d7220cff8951f1aa2
-      Version: 3
-      TBS:
-        MD5: dfda998e348c0cd822de571eefd95842
-        SHA1: 873c99b0c3d5715130af541dcaed94e096c665b3
-        SHA256: 747e487b2ba3288953bdeaf49c199766b2be332796fae6a41c3fbd0ff81611c6
-        SHA384: 0a5669530912b1b0e566b775057dfe6f8b8611a780e59eaae90d95dfa3d36ae7cc509713e739453471cded2cf6807d86
-    Signer:
-    - SerialNumber: 450d3382b4c87b8d7220cff8951f1aa2
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  Imphash: d6f977640d4810a784d152e4d3c63a6b
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 650fa4b522e8d06d0cdfa4bf278e85f1
-    SHA1: dfe2533a4398d67dfc722eb8d9f8ffa3a823a721
-    SHA256: 7188af66fe23bd8cf27f003ad6c7550cdb6faa5c948fe7c3b1435c9246345eb3
-  Company: OpenLibSys.org
-  Copyright: Copyright (C) 2007 OpenLibSys.org. All rights reserved.
-  CreationTimestamp: '2007-12-15 01:04:52'
-  Date: ''
-  Description: WinRing0
-  ExportedFunctions: ''
-  FileVersion: 1.0.1.2
-  Filename: WinRing0.sys
-  ImportedFunctions:
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - IoDeleteDevice
-  - IoCreateDevice
-  - KeBugCheckEx
-  - RtlInitUnicodeString
-  - IoCreateSymbolicLink
-  - IoDeleteSymbolicLink
-  - __C_specific_handler
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: WinRing0.sys
-  MD5: 12cecc3c14160f32b21279c1a36b8338
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: WinRing0.sys
-  Product: WinRing0
-  ProductVersion: 1.0.1.2
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 6c9272bb390e89b75934eea3b15a1858
-    SHA1: 16dab615286d22f060143bb9316a28122f8e4d1b
-    SHA256: 4a41cc91e3a5794be7d9088e93b0277f123a88d3b6568c5f92fe084bb5c78b4a
-  SHA1: 7fb52290883a6b69a96d480f2867643396727e83
-  SHA256: 47eaebc920ccf99e09fc9924feb6b19b8a28589f52783327067c9b09754b5e84
-  Sections:
-    .text:
-      Entropy: 6.02563890741647
-      Virtual Size: '0x796'
-    .rdata:
-      Entropy: 4.1567602868650235
-      Virtual Size: '0x190'
-    .data:
-      Entropy: 0.5096713223407059
-      Virtual Size: '0x114'
-    .pdata:
-      Entropy: 3.2625699366690815
-      Virtual Size: '0x6c'
-    INIT:
-      Entropy: 4.864582637105269
-      Virtual Size: '0x222'
-    .rsrc:
-      Entropy: 3.2650956402233735
-      Virtual Size: '0x3b0'
-  Signature:
-  - Noriyuki MIYAZAKI
-  - GlobalSign ObjectSign CA
-  - GlobalSign Primary Object Publishing CA
-  - GlobalSign Root CA - R1
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=JP, CN=Noriyuki MIYAZAKI, emailAddress=hiyohiyo@crystalmark.info
-      ValidFrom: '2007-09-24 10:50:55'
-      ValidTo: '2008-09-24 10:50:55'
-      Signature: 4b6c4ea808b550cbae0f97c27726a0445d0e3e021ee0e0087bfe5bbc290e3e45ca35333f2a97fb7667f64326629f7a99fe2fec4da9fe14f0d858419982b983457848fbd6a9115769db6c5626b4d2f87fc77019a755a9efdf81b1968dfbfa638bf87bd25a8adf1c6c3bba3735f06b54d127462ed40dc364ad4c4f29c9f9692b29ff9557300a7c0d395f250172e312ff253b7ce8885ef8c1fe60c448676180e4ca09b34b52ae116b01f22b446b827a748ca80aee5f8e9ff6725e1dce5a7984c26eb72a615a9ef272f6f7b2e03e6d34665caf506b93cb5a2de127177eb1923cf5bc499e312d6c43ff5a26124ea63a4dc9a3340daa6449c2322857adf98166423cfb
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 01000000000115372421a8
-      Version: 3
-      TBS:
-        MD5: c11203d7c1fcb38e1eaff246bb8e7595
-        SHA1: 99f00de6eefb2076662465e682a2429373ebcb26
-        SHA256: 08a073aa77d42d608a9457a6b1d63eadcf5113407d8a55025ea1bbef0716dca5
-        SHA384: ef57f44999a39185b9ebf97894ce5a3cca2894e15bc0733a865501c3a41ea9054be5d7517aa59006b04a853cadbed567
-    - Subject: CN=GlobalSign RootSign Partners CA, OU=RootSign Partners CA, O=GlobalSign
-        nv,sa, C=BE
-      ValidFrom: '2003-12-16 13:00:00'
-      ValidTo: '2014-01-27 11:00:00'
-      Signature: 5c2f2e674a26b3e7b53f353cdda003ed569af9443752163065c7d14ea20f8db7b6b6678ee74cec8d95bee6cea7227874acd7f87499b3f7ce8b1338d596cc8d76c52f38b23aae61be0b8799e321626423398d84f6858df777ffb03806f07ec1485fb5ee582606660522749283a7dbb5f992e3e8c3192c2e63efbb1fdff9f70747660d0789977ef8332c9ecbae143df11cdfa3f179afc8928f9471c4d144c554db1eb50b0aa942a3afd643391dee8f9398585bbe6e9c0bf563ec5e99c2f954fa010746da0db06424cf8ed1061d4f3ca26377455ba4bc5fb080bb31e00b54015c161d724ed52a6947d11b667e5f016ef135916be02efeb045d81627b5c58bc2da53
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 040000000000f97faa2e1e
-      Version: 3
-      TBS:
-        MD5: 59466cb0c1788b2f251fce3495837102
-        SHA1: c5cfc5f6a131a3a77c3905c9893c99bb1b2baa0b
-        SHA256: eedda02668f7636eeec69429a7164cc47ca3de0539122d37f5b8078df7ee56db
-        SHA384: 982b72c3ee7066ce80ee642444c91adc60e7009fc6ef981a32edf666591d6aedb09d258e10e86f4ef265eae8149bbd92
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
-        Primary Object Publishing CA
-      ValidFrom: '1999-01-28 12:00:00'
-      ValidTo: '2014-01-27 11:00:00'
-      Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9611cd6
-      Version: 3
-      TBS:
-        MD5: 698f075151097d84c0b1f3e7bc3d6fca
-        SHA1: 041750993d7c9e063f02dfe74699598640911aab
-        SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
-        SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
-    - Subject: O=GlobalSign, CN=GlobalSign Time Stamping Authority, emailAddress=timestampinfo@globalsign.com
-      ValidFrom: '2007-02-05 09:00:00'
-      ValidTo: '2014-01-27 09:00:00'
-      Signature: 649b07caaccc411e37ef6f349cb5e8ca48f9daeafaf7172e5cad193b7311ec5adbfd7b213161c092515bb166b07c64d8fe10b471a8bc9e75379c5f6ff2da0437b8ecc003e256b7785995581d7a7c3e18d74c32bdf91ee723457fdee08d65825b45fd64c66fc3d7ea12411d0c395ef696f8c3cd9e1fff51886976988b8eb42788821ad63c7aabb04eb73ee8d434d2c1a439533cb2747b15373054a6ebb924cc2f084b4364f14aaf8d9ce8546cb2dbdc3bb1c722849f558e72a8b2a8f6f0ff03c996ebab8273dabe45561936fdba6cbc71f0d3c7c376d7e4bce2a1a67200cfbdb200ed92aa39ab09d16e3953862ad43b517398b754e9972d9977ee123e3642257f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000011092eb8295
-      Version: 3
-      TBS:
-        MD5: 11d73a3638fc78e0bac6c459feadcc42
-        SHA1: 6636f7dcf81b370b919966f9063295ec84422f91
-        SHA256: 1eb5fc1d2e3254b1e3c4587a6efed87ee65306525e684b4cfa4b51893cfe86a3
-        SHA384: a13c07e505c79c58654ad2cffe219c6c801fa092c52f18c489a6061420c6475706f11c200f4dadd51718c660e49b3f24
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      ValidFrom: '2004-01-22 09:00:00'
-      ValidTo: '2014-01-27 10:00:00'
-      Signature: 11d45d8af43d0d9d7e4fa70071610b56b34caa70e1b2d1dec7886d1d897c2ba946e58b1f8e4cc26695911fe34d394ae31b70b7446edc068a4d6d25e89812dcbca0dd864eae8f81130540905a542529944acaf165b4ef0679dae7cb86f004c918dcee72b320015748dfe333e12ccd9c077f9447278d888d340ca67c5c20c17d07b3736b648c26d29bd7e87965a6a891a174862a050282c1847cf279cd3c2a2b0f99291eea8c8a1ab16aeaa266380e65e1add8c6c91f888d3976ee1782c4138d97ce6341e77af5b4b66c15c33813b3930b620688dde1447f10a950248b60dc05f75ba514b27b56720b96eabffc057090659e051ca4dd07af4b57dec639673bc574
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9612448
-      Version: 3
-      TBS:
-        MD5: 2fc76031fc24eec1ef3db2d246d21d6a
-        SHA1: 75c3a1f76b9dfa31ef6bf56325e7bd0bf6e4779d
-        SHA256: 9238292d441c56dc89684c253343c17de3ed9cecd7f83d1d8f793b5ebc91f7b9
-        SHA384: 9279c1377eb701fdd79ef85038ff151cd8902169ba55fca84b9850f003563f73a1daaf869544252a2e42f06f58d2275f
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 01000000000115372421a8
-      Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      Version: 1
-  Imphash: d6f977640d4810a784d152e4d3c63a6b
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: c4355451eccb590e5e6d817760d2d2ef
-    SHA1: 7aed8186977fcf7ee219da493baecdb95ec8040d
-    SHA256: 9305f0834e67aa16fb252bd30927e5f835639ef4b868f20d232260edffefd6f0
-  Company: OpenLibSys.org
-  Copyright: Copyright (C) 2007-2008 OpenLibSys.org. All rights reserved.
-  CreationTimestamp: '2013-05-01 20:19:47'
-  Date: ''
-  Description: WinRing0
-  ExportedFunctions: ''
-  FileVersion: 1.2.0.5
-  Filename: WinRing0.sys
-  ImportedFunctions:
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - IoDeleteDevice
-  - IoCreateDevice
-  - KeBugCheckEx
-  - RtlInitUnicodeString
-  - IoCreateSymbolicLink
-  - IoDeleteSymbolicLink
-  - __C_specific_handler
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: WinRing0.sys
-  MD5: 27bcbeec8a466178a6057b64bef66512
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: WinRing0.sys
-  Product: WinRing0
-  ProductVersion: 1.2.0.5
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: bc02c8d775721faba8edc4cde3e2f975
-    SHA1: 0b5efeae6fcaa45d68933a6570412dea379750b9
-    SHA256: 0d456f914c7a3a9b70f1a5ba7320682340381f11e9373de2d2d1585fe23e8a8e
-  SHA1: 012db3a80faf1f7f727b538cbe5d94064e7159de
-  SHA256: a7b000abbcc344444a9b00cfade7aa22ab92ce0cadec196c30eb1851ae4fa062
-  Sections:
-    .text:
-      Entropy: 5.995968257191882
-      Virtual Size: '0x796'
-    .rdata:
-      Entropy: 4.182802481161083
-      Virtual Size: '0x19c'
-    .data:
-      Entropy: 0.5096713223407059
-      Virtual Size: '0x114'
-    .pdata:
-      Entropy: 3.276775635503942
-      Virtual Size: '0x78'
-    INIT:
-      Entropy: 5.031588684181026
-      Virtual Size: '0x242'
-    .rsrc:
-      Entropy: 3.2858216134068057
-      Virtual Size: '0x3c0'
-  Signature:
-  - EVGA
-  - VeriSign Class 3 Code Signing 2010 CA
-  - VeriSign
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, ST=California, L=Brea, O=EVGA, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=EVGA
-      ValidFrom: '2012-02-29 00:00:00'
-      ValidTo: '2014-04-15 23:59:59'
-      Signature: d77d9dbdeea6d42d15335f0b16117963e49d39b89af081160a467824968e611f0947648a83375d1380acca6cbe1117f488b428bcab943b20dad29e72dd48e7d01b080b12c444727bba415a098799abd5e5673dd7eda91787920c3cc53aac068e0a3d1faef713c14f7ec6f68f69a33340b70e81083db2ce1daf45592063235d05232a1d3d8052fc3f102b2b71e1c46275eff3d4a2dc5ee0d5d727d180da205055a3709a32ad6bd11317b1f109e7c5eca18c8293c937ba6f76278bc306c10f0f1bc865cedcf2c2331e7a7f5c0bcfab91786b8ff848d8ef9c59937ddb94f6369884162148f882e7d0c4343538ad23aeb6ab3db0f6d125a8e2fe3889e40ed66bc66a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 26d7f5563eb3e42a81f7c715fcd2799d
-      Version: 3
-      TBS:
-        MD5: e994671d8d440b7739cdd9775bbca72f
-        SHA1: ea9446b39b968aa6953e1bf74a36435759b3d2e3
-        SHA256: 37a9886a67c19d644c74505801f947d3b2756a5540cbd89a0c8d500511cb838d
-        SHA384: 41d34e73f1b002f885c80004e3c366299392258ce5ba880150875ed8811ebc9913dc34cdf7c9800a8303dd512207787c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 26d7f5563eb3e42a81f7c715fcd2799d
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: d6f977640d4810a784d152e4d3c63a6b
-  LoadsDespiteHVCI: 'TRUE'
-- Authentihash:
-    MD5: 2bab314d894a026ac6073efe43c14a3d
-    SHA1: 266821a39174d29f6f8791cf9f44f1a1f3439dda
-    SHA256: 1b845e5e43ce9e9b645ac198549e81f45c08197aad69708d96cdb9a719eb0e29
-  Company: OpenLibSys.org
-  Copyright: Copyright (C) 2007-2008 OpenLibSys.org. All rights reserved.
-  CreationTimestamp: '2008-07-26 07:29:37'
-  Date: ''
-  Description: WinRing0
-  ExportedFunctions: ''
-  FileVersion: 1.2.0.5
-  Filename: WinRing0x64.sys
-  ImportedFunctions:
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - IoCreateDevice
-  - MmMapIoSpace
-  - KeBugCheckEx
-  - IoCreateSymbolicLink
-  - MmUnmapIoSpace
-  - IofCompleteRequest
-  - __C_specific_handler
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: WinRing0.sys
-  MD5: 0c0195c48b6b8582fa6f6373032118da
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: WinRing0.sys
-  Product: WinRing0
-  ProductVersion: 1.2.0.5
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 6c9272bb390e89b75934eea3b15a1858
-    SHA1: 16dab615286d22f060143bb9316a28122f8e4d1b
-    SHA256: 4a41cc91e3a5794be7d9088e93b0277f123a88d3b6568c5f92fe084bb5c78b4a
-  SHA1: d25340ae8e92a6d29f599fef426a2bc1b5217299
-  SHA256: 11bd2c9f9e2397c9a16e0990e4ed2cf0679498fe0fd418a3dfdac60b5c160ee5
-  Sections:
-    .text:
-      Entropy: 5.985778783373138
-      Virtual Size: '0x6c6'
-    .rdata:
-      Entropy: 4.1187644683409586
-      Virtual Size: '0x17c'
-    .data:
-      Entropy: 0.5096713223407059
-      Virtual Size: '0x114'
-    .pdata:
-      Entropy: 3.180043880366087
-      Virtual Size: '0x60'
-    INIT:
-      Entropy: 4.880913698813426
-      Virtual Size: '0x222'
-    .rsrc:
-      Entropy: 3.2858216134068057
-      Virtual Size: '0x3c0'
-  Signature:
-  - Noriyuki MIYAZAKI
-  - GlobalSign ObjectSign CA
-  - GlobalSign Primary Object Publishing CA
-  - GlobalSign Root CA - R1
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=JP, CN=Noriyuki MIYAZAKI, emailAddress=hiyohiyo@crystalmark.info
-      ValidFrom: '2007-09-24 10:50:55'
-      ValidTo: '2008-09-24 10:50:55'
-      Signature: 4b6c4ea808b550cbae0f97c27726a0445d0e3e021ee0e0087bfe5bbc290e3e45ca35333f2a97fb7667f64326629f7a99fe2fec4da9fe14f0d858419982b983457848fbd6a9115769db6c5626b4d2f87fc77019a755a9efdf81b1968dfbfa638bf87bd25a8adf1c6c3bba3735f06b54d127462ed40dc364ad4c4f29c9f9692b29ff9557300a7c0d395f250172e312ff253b7ce8885ef8c1fe60c448676180e4ca09b34b52ae116b01f22b446b827a748ca80aee5f8e9ff6725e1dce5a7984c26eb72a615a9ef272f6f7b2e03e6d34665caf506b93cb5a2de127177eb1923cf5bc499e312d6c43ff5a26124ea63a4dc9a3340daa6449c2322857adf98166423cfb
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 01000000000115372421a8
-      Version: 3
-      TBS:
-        MD5: c11203d7c1fcb38e1eaff246bb8e7595
-        SHA1: 99f00de6eefb2076662465e682a2429373ebcb26
-        SHA256: 08a073aa77d42d608a9457a6b1d63eadcf5113407d8a55025ea1bbef0716dca5
-        SHA384: ef57f44999a39185b9ebf97894ce5a3cca2894e15bc0733a865501c3a41ea9054be5d7517aa59006b04a853cadbed567
-    - Subject: CN=GlobalSign RootSign Partners CA, OU=RootSign Partners CA, O=GlobalSign
-        nv,sa, C=BE
-      ValidFrom: '2003-12-16 13:00:00'
-      ValidTo: '2014-01-27 11:00:00'
-      Signature: 5c2f2e674a26b3e7b53f353cdda003ed569af9443752163065c7d14ea20f8db7b6b6678ee74cec8d95bee6cea7227874acd7f87499b3f7ce8b1338d596cc8d76c52f38b23aae61be0b8799e321626423398d84f6858df777ffb03806f07ec1485fb5ee582606660522749283a7dbb5f992e3e8c3192c2e63efbb1fdff9f70747660d0789977ef8332c9ecbae143df11cdfa3f179afc8928f9471c4d144c554db1eb50b0aa942a3afd643391dee8f9398585bbe6e9c0bf563ec5e99c2f954fa010746da0db06424cf8ed1061d4f3ca26377455ba4bc5fb080bb31e00b54015c161d724ed52a6947d11b667e5f016ef135916be02efeb045d81627b5c58bc2da53
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 040000000000f97faa2e1e
-      Version: 3
-      TBS:
-        MD5: 59466cb0c1788b2f251fce3495837102
-        SHA1: c5cfc5f6a131a3a77c3905c9893c99bb1b2baa0b
-        SHA256: eedda02668f7636eeec69429a7164cc47ca3de0539122d37f5b8078df7ee56db
-        SHA384: 982b72c3ee7066ce80ee642444c91adc60e7009fc6ef981a32edf666591d6aedb09d258e10e86f4ef265eae8149bbd92
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
-        Primary Object Publishing CA
-      ValidFrom: '1999-01-28 12:00:00'
-      ValidTo: '2014-01-27 11:00:00'
-      Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9611cd6
-      Version: 3
-      TBS:
-        MD5: 698f075151097d84c0b1f3e7bc3d6fca
-        SHA1: 041750993d7c9e063f02dfe74699598640911aab
-        SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
-        SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
-    - Subject: O=GlobalSign, CN=GlobalSign Time Stamping Authority, emailAddress=timestampinfo@globalsign.com
-      ValidFrom: '2007-02-05 09:00:00'
-      ValidTo: '2014-01-27 09:00:00'
-      Signature: 649b07caaccc411e37ef6f349cb5e8ca48f9daeafaf7172e5cad193b7311ec5adbfd7b213161c092515bb166b07c64d8fe10b471a8bc9e75379c5f6ff2da0437b8ecc003e256b7785995581d7a7c3e18d74c32bdf91ee723457fdee08d65825b45fd64c66fc3d7ea12411d0c395ef696f8c3cd9e1fff51886976988b8eb42788821ad63c7aabb04eb73ee8d434d2c1a439533cb2747b15373054a6ebb924cc2f084b4364f14aaf8d9ce8546cb2dbdc3bb1c722849f558e72a8b2a8f6f0ff03c996ebab8273dabe45561936fdba6cbc71f0d3c7c376d7e4bce2a1a67200cfbdb200ed92aa39ab09d16e3953862ad43b517398b754e9972d9977ee123e3642257f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000011092eb8295
-      Version: 3
-      TBS:
-        MD5: 11d73a3638fc78e0bac6c459feadcc42
-        SHA1: 6636f7dcf81b370b919966f9063295ec84422f91
-        SHA256: 1eb5fc1d2e3254b1e3c4587a6efed87ee65306525e684b4cfa4b51893cfe86a3
-        SHA384: a13c07e505c79c58654ad2cffe219c6c801fa092c52f18c489a6061420c6475706f11c200f4dadd51718c660e49b3f24
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      ValidFrom: '2004-01-22 09:00:00'
-      ValidTo: '2014-01-27 10:00:00'
-      Signature: 11d45d8af43d0d9d7e4fa70071610b56b34caa70e1b2d1dec7886d1d897c2ba946e58b1f8e4cc26695911fe34d394ae31b70b7446edc068a4d6d25e89812dcbca0dd864eae8f81130540905a542529944acaf165b4ef0679dae7cb86f004c918dcee72b320015748dfe333e12ccd9c077f9447278d888d340ca67c5c20c17d07b3736b648c26d29bd7e87965a6a891a174862a050282c1847cf279cd3c2a2b0f99291eea8c8a1ab16aeaa266380e65e1add8c6c91f888d3976ee1782c4138d97ce6341e77af5b4b66c15c33813b3930b620688dde1447f10a950248b60dc05f75ba514b27b56720b96eabffc057090659e051ca4dd07af4b57dec639673bc574
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9612448
-      Version: 3
-      TBS:
-        MD5: 2fc76031fc24eec1ef3db2d246d21d6a
-        SHA1: 75c3a1f76b9dfa31ef6bf56325e7bd0bf6e4779d
-        SHA256: 9238292d441c56dc89684c253343c17de3ed9cecd7f83d1d8f793b5ebc91f7b9
-        SHA384: 9279c1377eb701fdd79ef85038ff151cd8902169ba55fca84b9850f003563f73a1daaf869544252a2e42f06f58d2275f
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 01000000000115372421a8
-      Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      Version: 1
-  Imphash: d41fa95d4642dc981f10de36f4dc8cd7
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create WinRing0.sys binPath=C:\windows\temp\WinRing0.sys type=kernel
+        && sc.exe start WinRing0.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://github.com/namazso/physmem_drivers
 - https://github.com/eclypsium/Screwed-Drivers/blob/master/DRIVERS.md
-Tags:
-- WinRing0.sys
-- WinRing0x64
-Verified: 'TRUE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/3ec5ad51e6879464dfbccb9f4ed76c6325056a42548d5994ba869da9c4c039a8.yara
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/47eaebc920ccf99e09fc9924feb6b19b8a28589f52783327067c9b09754b5e84.yara
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/a7b000abbcc344444a9b00cfade7aa22ab92ce0cadec196c30eb1851ae4fa062.yara
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 650fa4b522e8d06d0cdfa4bf278e85f1
+        SHA1: dfe2533a4398d67dfc722eb8d9f8ffa3a823a721
+        SHA256: 7188af66fe23bd8cf27f003ad6c7550cdb6faa5c948fe7c3b1435c9246345eb3
+    Company: OpenLibSys.org
+    Copyright: Copyright (C) 2007 OpenLibSys.org. All rights reserved.
+    CreationTimestamp: '2007-12-15 01:04:52'
+    Date: ''
+    Description: WinRing0
+    ExportedFunctions: ''
+    FileVersion: 1.0.1.2
+    Filename: WinRing0.sys
+    ImportedFunctions:
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - IoDeleteDevice
+    - IoCreateDevice
+    - KeBugCheckEx
+    - RtlInitUnicodeString
+    - IoCreateSymbolicLink
+    - IoDeleteSymbolicLink
+    - __C_specific_handler
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: WinRing0.sys
+    MD5: 828bb9cb1dd449cd65a29b18ec46055f
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: WinRing0.sys
+    Product: WinRing0
+    ProductVersion: 1.0.1.2
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 6c9272bb390e89b75934eea3b15a1858
+        SHA1: 16dab615286d22f060143bb9316a28122f8e4d1b
+        SHA256: 4a41cc91e3a5794be7d9088e93b0277f123a88d3b6568c5f92fe084bb5c78b4a
+    SHA1: 558aad879b6a47d94a968f39d0a4e3a3aaef1ef1
+    SHA256: 3ec5ad51e6879464dfbccb9f4ed76c6325056a42548d5994ba869da9c4c039a8
+    Sections:
+        .text:
+            Entropy: 6.02563890741647
+            Virtual Size: '0x796'
+        .rdata:
+            Entropy: 4.1567602868650235
+            Virtual Size: '0x190'
+        .data:
+            Entropy: 0.5096713223407059
+            Virtual Size: '0x114'
+        .pdata:
+            Entropy: 3.2625699366690815
+            Virtual Size: '0x6c'
+        INIT:
+            Entropy: 4.864582637105269
+            Virtual Size: '0x222'
+        .rsrc:
+            Entropy: 3.2650956402233735
+            Virtual Size: '0x3b0'
+    Signature:
+    - TOSHIBA AMERICA INFORMATION SYSTEMS, INC.
+    - VeriSign Class 3 Code Signing 2004 CA
+    - VeriSign Class 3 Public Primary CA
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=US, ST=California, L=Irvine, O=TOSHIBA AMERICA INFORMATION
+                SYSTEMS, INC., OU=Digital ID Class 3 , Microsoft Software Validation
+                v2, CN=TOSHIBA AMERICA INFORMATION SYSTEMS, INC.
+            ValidFrom: '2006-11-30 00:00:00'
+            ValidTo: '2010-01-29 23:59:59'
+            Signature: 35f3925f76c3466b8c0daadad42eb075428bf02b75db96deb7707f1c83e412baede827abc43aa2ec558328ebdd68366e3b218e534ac5e9d1df82072d5256a2cd701f2bd3548a3c18cf5264763f06886720342754f9279d80d673e9f2b2637e470ad966c0fefcc280b24786dd8fbe2f36c5e4d64376fd5d92a86d27312afdf6f6694c2954a180da2d67eeda7f61f86118b7fec7d4ac4492896c151497239031ebfaa871f762f67eed10288530df1949b56799160071956db962d3bec37a6cdcbdae597a2c2299a6c07beb4746824bc4db989f9debabf682f36ed8597e3a1123267e0cb8ec2337daf0b0b5c03d6ac0167cca5ee4ff0c9cef4b0215801bd32c9cdb
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 450d3382b4c87b8d7220cff8951f1aa2
+            Version: 3
+            TBS:
+                MD5: dfda998e348c0cd822de571eefd95842
+                SHA1: 873c99b0c3d5715130af541dcaed94e096c665b3
+                SHA256: 747e487b2ba3288953bdeaf49c199766b2be332796fae6a41c3fbd0ff81611c6
+                SHA384: 0a5669530912b1b0e566b775057dfe6f8b8611a780e59eaae90d95dfa3d36ae7cc509713e739453471cded2cf6807d86
+        Signer:
+        -   SerialNumber: 450d3382b4c87b8d7220cff8951f1aa2
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    Imphash: d6f977640d4810a784d152e4d3c63a6b
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 650fa4b522e8d06d0cdfa4bf278e85f1
+        SHA1: dfe2533a4398d67dfc722eb8d9f8ffa3a823a721
+        SHA256: 7188af66fe23bd8cf27f003ad6c7550cdb6faa5c948fe7c3b1435c9246345eb3
+    Company: OpenLibSys.org
+    Copyright: Copyright (C) 2007 OpenLibSys.org. All rights reserved.
+    CreationTimestamp: '2007-12-15 01:04:52'
+    Date: ''
+    Description: WinRing0
+    ExportedFunctions: ''
+    FileVersion: 1.0.1.2
+    Filename: WinRing0.sys
+    ImportedFunctions:
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - IoDeleteDevice
+    - IoCreateDevice
+    - KeBugCheckEx
+    - RtlInitUnicodeString
+    - IoCreateSymbolicLink
+    - IoDeleteSymbolicLink
+    - __C_specific_handler
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: WinRing0.sys
+    MD5: 12cecc3c14160f32b21279c1a36b8338
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: WinRing0.sys
+    Product: WinRing0
+    ProductVersion: 1.0.1.2
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 6c9272bb390e89b75934eea3b15a1858
+        SHA1: 16dab615286d22f060143bb9316a28122f8e4d1b
+        SHA256: 4a41cc91e3a5794be7d9088e93b0277f123a88d3b6568c5f92fe084bb5c78b4a
+    SHA1: 7fb52290883a6b69a96d480f2867643396727e83
+    SHA256: 47eaebc920ccf99e09fc9924feb6b19b8a28589f52783327067c9b09754b5e84
+    Sections:
+        .text:
+            Entropy: 6.02563890741647
+            Virtual Size: '0x796'
+        .rdata:
+            Entropy: 4.1567602868650235
+            Virtual Size: '0x190'
+        .data:
+            Entropy: 0.5096713223407059
+            Virtual Size: '0x114'
+        .pdata:
+            Entropy: 3.2625699366690815
+            Virtual Size: '0x6c'
+        INIT:
+            Entropy: 4.864582637105269
+            Virtual Size: '0x222'
+        .rsrc:
+            Entropy: 3.2650956402233735
+            Virtual Size: '0x3b0'
+    Signature:
+    - Noriyuki MIYAZAKI
+    - GlobalSign ObjectSign CA
+    - GlobalSign Primary Object Publishing CA
+    - GlobalSign Root CA - R1
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=JP, CN=Noriyuki MIYAZAKI, emailAddress=hiyohiyo@crystalmark.info
+            ValidFrom: '2007-09-24 10:50:55'
+            ValidTo: '2008-09-24 10:50:55'
+            Signature: 4b6c4ea808b550cbae0f97c27726a0445d0e3e021ee0e0087bfe5bbc290e3e45ca35333f2a97fb7667f64326629f7a99fe2fec4da9fe14f0d858419982b983457848fbd6a9115769db6c5626b4d2f87fc77019a755a9efdf81b1968dfbfa638bf87bd25a8adf1c6c3bba3735f06b54d127462ed40dc364ad4c4f29c9f9692b29ff9557300a7c0d395f250172e312ff253b7ce8885ef8c1fe60c448676180e4ca09b34b52ae116b01f22b446b827a748ca80aee5f8e9ff6725e1dce5a7984c26eb72a615a9ef272f6f7b2e03e6d34665caf506b93cb5a2de127177eb1923cf5bc499e312d6c43ff5a26124ea63a4dc9a3340daa6449c2322857adf98166423cfb
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 01000000000115372421a8
+            Version: 3
+            TBS:
+                MD5: c11203d7c1fcb38e1eaff246bb8e7595
+                SHA1: 99f00de6eefb2076662465e682a2429373ebcb26
+                SHA256: 08a073aa77d42d608a9457a6b1d63eadcf5113407d8a55025ea1bbef0716dca5
+                SHA384: ef57f44999a39185b9ebf97894ce5a3cca2894e15bc0733a865501c3a41ea9054be5d7517aa59006b04a853cadbed567
+        -   Subject: CN=GlobalSign RootSign Partners CA, OU=RootSign Partners CA,
+                O=GlobalSign nv,sa, C=BE
+            ValidFrom: '2003-12-16 13:00:00'
+            ValidTo: '2014-01-27 11:00:00'
+            Signature: 5c2f2e674a26b3e7b53f353cdda003ed569af9443752163065c7d14ea20f8db7b6b6678ee74cec8d95bee6cea7227874acd7f87499b3f7ce8b1338d596cc8d76c52f38b23aae61be0b8799e321626423398d84f6858df777ffb03806f07ec1485fb5ee582606660522749283a7dbb5f992e3e8c3192c2e63efbb1fdff9f70747660d0789977ef8332c9ecbae143df11cdfa3f179afc8928f9471c4d144c554db1eb50b0aa942a3afd643391dee8f9398585bbe6e9c0bf563ec5e99c2f954fa010746da0db06424cf8ed1061d4f3ca26377455ba4bc5fb080bb31e00b54015c161d724ed52a6947d11b667e5f016ef135916be02efeb045d81627b5c58bc2da53
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 040000000000f97faa2e1e
+            Version: 3
+            TBS:
+                MD5: 59466cb0c1788b2f251fce3495837102
+                SHA1: c5cfc5f6a131a3a77c3905c9893c99bb1b2baa0b
+                SHA256: eedda02668f7636eeec69429a7164cc47ca3de0539122d37f5b8078df7ee56db
+                SHA384: 982b72c3ee7066ce80ee642444c91adc60e7009fc6ef981a32edf666591d6aedb09d258e10e86f4ef265eae8149bbd92
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
+                Primary Object Publishing CA
+            ValidFrom: '1999-01-28 12:00:00'
+            ValidTo: '2014-01-27 11:00:00'
+            Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9611cd6
+            Version: 3
+            TBS:
+                MD5: 698f075151097d84c0b1f3e7bc3d6fca
+                SHA1: 041750993d7c9e063f02dfe74699598640911aab
+                SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
+                SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
+        -   Subject: O=GlobalSign, CN=GlobalSign Time Stamping Authority, emailAddress=timestampinfo@globalsign.com
+            ValidFrom: '2007-02-05 09:00:00'
+            ValidTo: '2014-01-27 09:00:00'
+            Signature: 649b07caaccc411e37ef6f349cb5e8ca48f9daeafaf7172e5cad193b7311ec5adbfd7b213161c092515bb166b07c64d8fe10b471a8bc9e75379c5f6ff2da0437b8ecc003e256b7785995581d7a7c3e18d74c32bdf91ee723457fdee08d65825b45fd64c66fc3d7ea12411d0c395ef696f8c3cd9e1fff51886976988b8eb42788821ad63c7aabb04eb73ee8d434d2c1a439533cb2747b15373054a6ebb924cc2f084b4364f14aaf8d9ce8546cb2dbdc3bb1c722849f558e72a8b2a8f6f0ff03c996ebab8273dabe45561936fdba6cbc71f0d3c7c376d7e4bce2a1a67200cfbdb200ed92aa39ab09d16e3953862ad43b517398b754e9972d9977ee123e3642257f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000011092eb8295
+            Version: 3
+            TBS:
+                MD5: 11d73a3638fc78e0bac6c459feadcc42
+                SHA1: 6636f7dcf81b370b919966f9063295ec84422f91
+                SHA256: 1eb5fc1d2e3254b1e3c4587a6efed87ee65306525e684b4cfa4b51893cfe86a3
+                SHA384: a13c07e505c79c58654ad2cffe219c6c801fa092c52f18c489a6061420c6475706f11c200f4dadd51718c660e49b3f24
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            ValidFrom: '2004-01-22 09:00:00'
+            ValidTo: '2014-01-27 10:00:00'
+            Signature: 11d45d8af43d0d9d7e4fa70071610b56b34caa70e1b2d1dec7886d1d897c2ba946e58b1f8e4cc26695911fe34d394ae31b70b7446edc068a4d6d25e89812dcbca0dd864eae8f81130540905a542529944acaf165b4ef0679dae7cb86f004c918dcee72b320015748dfe333e12ccd9c077f9447278d888d340ca67c5c20c17d07b3736b648c26d29bd7e87965a6a891a174862a050282c1847cf279cd3c2a2b0f99291eea8c8a1ab16aeaa266380e65e1add8c6c91f888d3976ee1782c4138d97ce6341e77af5b4b66c15c33813b3930b620688dde1447f10a950248b60dc05f75ba514b27b56720b96eabffc057090659e051ca4dd07af4b57dec639673bc574
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9612448
+            Version: 3
+            TBS:
+                MD5: 2fc76031fc24eec1ef3db2d246d21d6a
+                SHA1: 75c3a1f76b9dfa31ef6bf56325e7bd0bf6e4779d
+                SHA256: 9238292d441c56dc89684c253343c17de3ed9cecd7f83d1d8f793b5ebc91f7b9
+                SHA384: 9279c1377eb701fdd79ef85038ff151cd8902169ba55fca84b9850f003563f73a1daaf869544252a2e42f06f58d2275f
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 01000000000115372421a8
+            Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            Version: 1
+    Imphash: d6f977640d4810a784d152e4d3c63a6b
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: c4355451eccb590e5e6d817760d2d2ef
+        SHA1: 7aed8186977fcf7ee219da493baecdb95ec8040d
+        SHA256: 9305f0834e67aa16fb252bd30927e5f835639ef4b868f20d232260edffefd6f0
+    Company: OpenLibSys.org
+    Copyright: Copyright (C) 2007-2008 OpenLibSys.org. All rights reserved.
+    CreationTimestamp: '2013-05-01 20:19:47'
+    Date: ''
+    Description: WinRing0
+    ExportedFunctions: ''
+    FileVersion: 1.2.0.5
+    Filename: WinRing0.sys
+    ImportedFunctions:
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - IoDeleteDevice
+    - IoCreateDevice
+    - KeBugCheckEx
+    - RtlInitUnicodeString
+    - IoCreateSymbolicLink
+    - IoDeleteSymbolicLink
+    - __C_specific_handler
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: WinRing0.sys
+    MD5: 27bcbeec8a466178a6057b64bef66512
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: WinRing0.sys
+    Product: WinRing0
+    ProductVersion: 1.2.0.5
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: bc02c8d775721faba8edc4cde3e2f975
+        SHA1: 0b5efeae6fcaa45d68933a6570412dea379750b9
+        SHA256: 0d456f914c7a3a9b70f1a5ba7320682340381f11e9373de2d2d1585fe23e8a8e
+    SHA1: 012db3a80faf1f7f727b538cbe5d94064e7159de
+    SHA256: a7b000abbcc344444a9b00cfade7aa22ab92ce0cadec196c30eb1851ae4fa062
+    Sections:
+        .text:
+            Entropy: 5.995968257191882
+            Virtual Size: '0x796'
+        .rdata:
+            Entropy: 4.182802481161083
+            Virtual Size: '0x19c'
+        .data:
+            Entropy: 0.5096713223407059
+            Virtual Size: '0x114'
+        .pdata:
+            Entropy: 3.276775635503942
+            Virtual Size: '0x78'
+        INIT:
+            Entropy: 5.031588684181026
+            Virtual Size: '0x242'
+        .rsrc:
+            Entropy: 3.2858216134068057
+            Virtual Size: '0x3c0'
+    Signature:
+    - EVGA
+    - VeriSign Class 3 Code Signing 2010 CA
+    - VeriSign
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, ST=California, L=Brea, O=EVGA, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=EVGA
+            ValidFrom: '2012-02-29 00:00:00'
+            ValidTo: '2014-04-15 23:59:59'
+            Signature: d77d9dbdeea6d42d15335f0b16117963e49d39b89af081160a467824968e611f0947648a83375d1380acca6cbe1117f488b428bcab943b20dad29e72dd48e7d01b080b12c444727bba415a098799abd5e5673dd7eda91787920c3cc53aac068e0a3d1faef713c14f7ec6f68f69a33340b70e81083db2ce1daf45592063235d05232a1d3d8052fc3f102b2b71e1c46275eff3d4a2dc5ee0d5d727d180da205055a3709a32ad6bd11317b1f109e7c5eca18c8293c937ba6f76278bc306c10f0f1bc865cedcf2c2331e7a7f5c0bcfab91786b8ff848d8ef9c59937ddb94f6369884162148f882e7d0c4343538ad23aeb6ab3db0f6d125a8e2fe3889e40ed66bc66a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 26d7f5563eb3e42a81f7c715fcd2799d
+            Version: 3
+            TBS:
+                MD5: e994671d8d440b7739cdd9775bbca72f
+                SHA1: ea9446b39b968aa6953e1bf74a36435759b3d2e3
+                SHA256: 37a9886a67c19d644c74505801f947d3b2756a5540cbd89a0c8d500511cb838d
+                SHA384: 41d34e73f1b002f885c80004e3c366299392258ce5ba880150875ed8811ebc9913dc34cdf7c9800a8303dd512207787c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 26d7f5563eb3e42a81f7c715fcd2799d
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: d6f977640d4810a784d152e4d3c63a6b
+    LoadsDespiteHVCI: 'TRUE'
+-   Authentihash:
+        MD5: 2bab314d894a026ac6073efe43c14a3d
+        SHA1: 266821a39174d29f6f8791cf9f44f1a1f3439dda
+        SHA256: 1b845e5e43ce9e9b645ac198549e81f45c08197aad69708d96cdb9a719eb0e29
+    Company: OpenLibSys.org
+    Copyright: Copyright (C) 2007-2008 OpenLibSys.org. All rights reserved.
+    CreationTimestamp: '2008-07-26 07:29:37'
+    Date: ''
+    Description: WinRing0
+    ExportedFunctions: ''
+    FileVersion: 1.2.0.5
+    Filename: WinRing0x64.sys
+    ImportedFunctions:
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - IoCreateDevice
+    - MmMapIoSpace
+    - KeBugCheckEx
+    - IoCreateSymbolicLink
+    - MmUnmapIoSpace
+    - IofCompleteRequest
+    - __C_specific_handler
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: WinRing0.sys
+    MD5: 0c0195c48b6b8582fa6f6373032118da
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: WinRing0.sys
+    Product: WinRing0
+    ProductVersion: 1.2.0.5
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 6c9272bb390e89b75934eea3b15a1858
+        SHA1: 16dab615286d22f060143bb9316a28122f8e4d1b
+        SHA256: 4a41cc91e3a5794be7d9088e93b0277f123a88d3b6568c5f92fe084bb5c78b4a
+    SHA1: d25340ae8e92a6d29f599fef426a2bc1b5217299
+    SHA256: 11bd2c9f9e2397c9a16e0990e4ed2cf0679498fe0fd418a3dfdac60b5c160ee5
+    Sections:
+        .text:
+            Entropy: 5.985778783373138
+            Virtual Size: '0x6c6'
+        .rdata:
+            Entropy: 4.1187644683409586
+            Virtual Size: '0x17c'
+        .data:
+            Entropy: 0.5096713223407059
+            Virtual Size: '0x114'
+        .pdata:
+            Entropy: 3.180043880366087
+            Virtual Size: '0x60'
+        INIT:
+            Entropy: 4.880913698813426
+            Virtual Size: '0x222'
+        .rsrc:
+            Entropy: 3.2858216134068057
+            Virtual Size: '0x3c0'
+    Signature:
+    - Noriyuki MIYAZAKI
+    - GlobalSign ObjectSign CA
+    - GlobalSign Primary Object Publishing CA
+    - GlobalSign Root CA - R1
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=JP, CN=Noriyuki MIYAZAKI, emailAddress=hiyohiyo@crystalmark.info
+            ValidFrom: '2007-09-24 10:50:55'
+            ValidTo: '2008-09-24 10:50:55'
+            Signature: 4b6c4ea808b550cbae0f97c27726a0445d0e3e021ee0e0087bfe5bbc290e3e45ca35333f2a97fb7667f64326629f7a99fe2fec4da9fe14f0d858419982b983457848fbd6a9115769db6c5626b4d2f87fc77019a755a9efdf81b1968dfbfa638bf87bd25a8adf1c6c3bba3735f06b54d127462ed40dc364ad4c4f29c9f9692b29ff9557300a7c0d395f250172e312ff253b7ce8885ef8c1fe60c448676180e4ca09b34b52ae116b01f22b446b827a748ca80aee5f8e9ff6725e1dce5a7984c26eb72a615a9ef272f6f7b2e03e6d34665caf506b93cb5a2de127177eb1923cf5bc499e312d6c43ff5a26124ea63a4dc9a3340daa6449c2322857adf98166423cfb
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 01000000000115372421a8
+            Version: 3
+            TBS:
+                MD5: c11203d7c1fcb38e1eaff246bb8e7595
+                SHA1: 99f00de6eefb2076662465e682a2429373ebcb26
+                SHA256: 08a073aa77d42d608a9457a6b1d63eadcf5113407d8a55025ea1bbef0716dca5
+                SHA384: ef57f44999a39185b9ebf97894ce5a3cca2894e15bc0733a865501c3a41ea9054be5d7517aa59006b04a853cadbed567
+        -   Subject: CN=GlobalSign RootSign Partners CA, OU=RootSign Partners CA,
+                O=GlobalSign nv,sa, C=BE
+            ValidFrom: '2003-12-16 13:00:00'
+            ValidTo: '2014-01-27 11:00:00'
+            Signature: 5c2f2e674a26b3e7b53f353cdda003ed569af9443752163065c7d14ea20f8db7b6b6678ee74cec8d95bee6cea7227874acd7f87499b3f7ce8b1338d596cc8d76c52f38b23aae61be0b8799e321626423398d84f6858df777ffb03806f07ec1485fb5ee582606660522749283a7dbb5f992e3e8c3192c2e63efbb1fdff9f70747660d0789977ef8332c9ecbae143df11cdfa3f179afc8928f9471c4d144c554db1eb50b0aa942a3afd643391dee8f9398585bbe6e9c0bf563ec5e99c2f954fa010746da0db06424cf8ed1061d4f3ca26377455ba4bc5fb080bb31e00b54015c161d724ed52a6947d11b667e5f016ef135916be02efeb045d81627b5c58bc2da53
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 040000000000f97faa2e1e
+            Version: 3
+            TBS:
+                MD5: 59466cb0c1788b2f251fce3495837102
+                SHA1: c5cfc5f6a131a3a77c3905c9893c99bb1b2baa0b
+                SHA256: eedda02668f7636eeec69429a7164cc47ca3de0539122d37f5b8078df7ee56db
+                SHA384: 982b72c3ee7066ce80ee642444c91adc60e7009fc6ef981a32edf666591d6aedb09d258e10e86f4ef265eae8149bbd92
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
+                Primary Object Publishing CA
+            ValidFrom: '1999-01-28 12:00:00'
+            ValidTo: '2014-01-27 11:00:00'
+            Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9611cd6
+            Version: 3
+            TBS:
+                MD5: 698f075151097d84c0b1f3e7bc3d6fca
+                SHA1: 041750993d7c9e063f02dfe74699598640911aab
+                SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
+                SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
+        -   Subject: O=GlobalSign, CN=GlobalSign Time Stamping Authority, emailAddress=timestampinfo@globalsign.com
+            ValidFrom: '2007-02-05 09:00:00'
+            ValidTo: '2014-01-27 09:00:00'
+            Signature: 649b07caaccc411e37ef6f349cb5e8ca48f9daeafaf7172e5cad193b7311ec5adbfd7b213161c092515bb166b07c64d8fe10b471a8bc9e75379c5f6ff2da0437b8ecc003e256b7785995581d7a7c3e18d74c32bdf91ee723457fdee08d65825b45fd64c66fc3d7ea12411d0c395ef696f8c3cd9e1fff51886976988b8eb42788821ad63c7aabb04eb73ee8d434d2c1a439533cb2747b15373054a6ebb924cc2f084b4364f14aaf8d9ce8546cb2dbdc3bb1c722849f558e72a8b2a8f6f0ff03c996ebab8273dabe45561936fdba6cbc71f0d3c7c376d7e4bce2a1a67200cfbdb200ed92aa39ab09d16e3953862ad43b517398b754e9972d9977ee123e3642257f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000011092eb8295
+            Version: 3
+            TBS:
+                MD5: 11d73a3638fc78e0bac6c459feadcc42
+                SHA1: 6636f7dcf81b370b919966f9063295ec84422f91
+                SHA256: 1eb5fc1d2e3254b1e3c4587a6efed87ee65306525e684b4cfa4b51893cfe86a3
+                SHA384: a13c07e505c79c58654ad2cffe219c6c801fa092c52f18c489a6061420c6475706f11c200f4dadd51718c660e49b3f24
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            ValidFrom: '2004-01-22 09:00:00'
+            ValidTo: '2014-01-27 10:00:00'
+            Signature: 11d45d8af43d0d9d7e4fa70071610b56b34caa70e1b2d1dec7886d1d897c2ba946e58b1f8e4cc26695911fe34d394ae31b70b7446edc068a4d6d25e89812dcbca0dd864eae8f81130540905a542529944acaf165b4ef0679dae7cb86f004c918dcee72b320015748dfe333e12ccd9c077f9447278d888d340ca67c5c20c17d07b3736b648c26d29bd7e87965a6a891a174862a050282c1847cf279cd3c2a2b0f99291eea8c8a1ab16aeaa266380e65e1add8c6c91f888d3976ee1782c4138d97ce6341e77af5b4b66c15c33813b3930b620688dde1447f10a950248b60dc05f75ba514b27b56720b96eabffc057090659e051ca4dd07af4b57dec639673bc574
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9612448
+            Version: 3
+            TBS:
+                MD5: 2fc76031fc24eec1ef3db2d246d21d6a
+                SHA1: 75c3a1f76b9dfa31ef6bf56325e7bd0bf6e4779d
+                SHA256: 9238292d441c56dc89684c253343c17de3ed9cecd7f83d1d8f793b5ebc91f7b9
+                SHA384: 9279c1377eb701fdd79ef85038ff151cd8902169ba55fca84b9850f003563f73a1daaf869544252a2e42f06f58d2275f
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 01000000000115372421a8
+            Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            Version: 1
+    Imphash: d41fa95d4642dc981f10de36f4dc8cd7
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/7c83cb1a-a5ab-4ea0-aa69-0e9a1d09a82f.yaml b/yaml/7c83cb1a-a5ab-4ea0-aa69-0e9a1d09a82f.yaml
index 1a7e852fe..4f34b7a41 100644
--- a/yaml/7c83cb1a-a5ab-4ea0-aa69-0e9a1d09a82f.yaml
+++ b/yaml/7c83cb1a-a5ab-4ea0-aa69-0e9a1d09a82f.yaml
@@ -1,176 +1,176 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 7c83cb1a-a5ab-4ea0-aa69-0e9a1d09a82f
+Tags:
+- GVCIDrv64.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create GVCIDrv64.sys binPath=C:\windows\temp\GVCIDrv64.sys type=kernel
-    && sc.exe start GVCIDrv64.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection: []
-Id: 7c83cb1a-a5ab-4ea0-aa69-0e9a1d09a82f
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 263d00295d36d976b90f44aadc1faa90
-    SHA1: 4eae38e9dc262eb7b6ede4b3d3f4ad068933845e
-    SHA256: 2ff09bb919a9909068166c30322c4e904befeba5429e9a11d011297fb8a73c07
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2019-01-14 20:00:52'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: GVCIDrv64.sys
-  ImportedFunctions:
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ObReferenceObjectByHandle
-  - IoCreateSymbolicLink
-  - ZwOpenSection
-  - ZwMapViewOfSection
-  - ZwUnmapViewOfSection
-  - IoCreateDevice
-  - IofCompleteRequest
-  - RtlCopyUnicodeString
-  - DbgPrint
-  - ZwClose
-  - RtlInitUnicodeString
-  - HalTranslateBusAddress
-  - WdfVersionUnbind
-  - WdfVersionBind
-  - WdfVersionUnbindClass
-  - WdfVersionBindClass
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  - WDFLDR.SYS
-  InternalName: ''
-  MD5: 8b287636041792f640f92e77e560725e
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 5989194a389d2f7302b66de35c6b4ff5
-    SHA1: bcd3bbaf6c808eb23b0cad3cef6586bfcd063d62
-    SHA256: 83dbcc75fa740bdc3df5599b038ff6386a6a58805acfdaa77173f37b1808c012
-  SHA1: e92817a8744ebc4e4fa5383cdce2b2977f01ecd4
-  SHA256: 42f0b036687cbd7717c9efed6991c00d4e3e7b032dc965a2556c02177dfdad0f
-  Sections:
-    .text:
-      Entropy: 6.147035799967813
-      Virtual Size: '0xe0b'
-    .rdata:
-      Entropy: 3.806114293929385
-      Virtual Size: '0x54c'
-    .data:
-      Entropy: 0.5982968479127164
-      Virtual Size: '0xf28'
-    .pdata:
-      Entropy: 3.4469659354420483
-      Virtual Size: '0xb4'
-    INIT:
-      Entropy: 4.9556661025850675
-      Virtual Size: '0x2fa'
-    .reloc:
-      Entropy: 3.0890191852411095
-      Virtual Size: '0x24'
-  Signature:
-  - GIGA-BYTE TECHNOLOGY CO., LTD.
-  - Symantec Class 3 SHA256 Code Signing CA
-  - VeriSign
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=TW, ST=Taiwan, L=NEW TAIPEI, O=GIGA,BYTE TECHNOLOGY CO., LTD., CN=GIGA,BYTE
-        TECHNOLOGY CO., LTD.
-      ValidFrom: '2016-07-21 00:00:00'
-      ValidTo: '2019-09-19 23:59:59'
-      Signature: 088e59029abef549a30601c39db2cb687032de13f40c63bd0d88dbe858d6ddddbdc235044f1f31ddf3f6c960583264c9b7306dadb38eb64160a40e804bfee6deac624b7283eba48591daa22ca7523b1518ce792115fbbc4d9c312d824dd0c4566aa985e8a60cb486447fbba0f2c1de3eff0d98cbdeef89653f045203fda3b6a421d08ed13e45616e7c196ed56284b68d16e24e62ba8222fa6b15c7b586132dd3777b42908d930ab082f549516d886449ae87c20bb0c8474777de6c91917d8f173468f72ef3f89898fed2d861c31a8ea2659eabc3cc023e2008fca26f4c1c7d05594faecb6e437d61c11e947f6fdb6cc0db9cdfd6546d5212c94ed8a37fb723e7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 2ad22e071f61cafe7884bfa43a31b21b
-      Version: 3
-      TBS:
-        MD5: 50709ce3a9d9947196f8c152ac6b7e98
-        SHA1: 5132abcc111cb532cccd06ff4f92bd9269fd9c8b
-        SHA256: 163f38b3e76f73f6ed3909bae3036f6e3a923b202d3a9f994aa084ee81f3788a
-        SHA384: 6cab2d8d58f99daa3b8d7dd9b711172d5953748a8368ecd1e8e15af8ff0fac8e66c126f952be97321b75fe7a1bc87cb8
-    - Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 SHA256 Code Signing CA
-      ValidFrom: '2013-12-10 00:00:00'
-      ValidTo: '2023-12-09 23:59:59'
-      Signature: 13851a1e69a937f7a0bda4af7e1d6153fe9d8c5e0ca6751e781723ddfdec1a035539fb7195c7655aa78e30d2445a61db706fda2105c22e73ba49f1d193fe5dc9cd5e03e0899e3f741ed7f7388ba9d6cfbb352f3358a89256d1c84d3b82e6798416fc28b0b147f31da23eee87d9a67fa456a53fad842e29de7cbca8aaa33d0401eaba93a20e502229174c87e43a115fd6a425899b056b2fb4c9014c277b0bac190522a060153fdac9fb4d4c8ffb726777fd2794c7ba350e8849fe8dfd28af4a12bd0db39705de440c15fa362b03dcc15001f1a1115d14e5e2bd274b54be2b845e0fa6c374050aef97c38922b11f77f3bdcd43d4f14ca93fb58b84af64f2d01421
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 3d78d7f9764960b2617df4f01eca862a
-      Version: 3
-      TBS:
-        MD5: 1f056ff7d5f874984dc605402b7cb042
-        SHA1: bdb348353a2203deb4b767914fa1bd7248dd728b
-        SHA256: a08e79c386083d875014c409c13d144e0a24386132980df11ff59737c8489eb1
-        SHA384: fa2729064b49e0d77540c1ee95d5f74acaf8eaf55197851a3a40383335f8113e51190bc48b552196edf8ac5cf0c89278
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    Signer:
-    - SerialNumber: 2ad22e071f61cafe7884bfa43a31b21b
-      Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 SHA256 Code Signing CA
-      Version: 1
-  Imphash: ad374977f06fefefbb9c77155f7a0733
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create GVCIDrv64.sys binPath=C:\windows\temp\GVCIDrv64.sys type=kernel
+        && sc.exe start GVCIDrv64.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://github.com/eclypsium/Screwed-Drivers/blob/master/DRIVERS.md
-Tags:
-- GVCIDrv64.sys
-Verified: 'TRUE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 263d00295d36d976b90f44aadc1faa90
+        SHA1: 4eae38e9dc262eb7b6ede4b3d3f4ad068933845e
+        SHA256: 2ff09bb919a9909068166c30322c4e904befeba5429e9a11d011297fb8a73c07
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2019-01-14 20:00:52'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: GVCIDrv64.sys
+    ImportedFunctions:
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - ObReferenceObjectByHandle
+    - IoCreateSymbolicLink
+    - ZwOpenSection
+    - ZwMapViewOfSection
+    - ZwUnmapViewOfSection
+    - IoCreateDevice
+    - IofCompleteRequest
+    - RtlCopyUnicodeString
+    - DbgPrint
+    - ZwClose
+    - RtlInitUnicodeString
+    - HalTranslateBusAddress
+    - WdfVersionUnbind
+    - WdfVersionBind
+    - WdfVersionUnbindClass
+    - WdfVersionBindClass
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    - WDFLDR.SYS
+    InternalName: ''
+    MD5: 8b287636041792f640f92e77e560725e
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 5989194a389d2f7302b66de35c6b4ff5
+        SHA1: bcd3bbaf6c808eb23b0cad3cef6586bfcd063d62
+        SHA256: 83dbcc75fa740bdc3df5599b038ff6386a6a58805acfdaa77173f37b1808c012
+    SHA1: e92817a8744ebc4e4fa5383cdce2b2977f01ecd4
+    SHA256: 42f0b036687cbd7717c9efed6991c00d4e3e7b032dc965a2556c02177dfdad0f
+    Sections:
+        .text:
+            Entropy: 6.147035799967813
+            Virtual Size: '0xe0b'
+        .rdata:
+            Entropy: 3.806114293929385
+            Virtual Size: '0x54c'
+        .data:
+            Entropy: 0.5982968479127164
+            Virtual Size: '0xf28'
+        .pdata:
+            Entropy: 3.4469659354420483
+            Virtual Size: '0xb4'
+        INIT:
+            Entropy: 4.9556661025850675
+            Virtual Size: '0x2fa'
+        .reloc:
+            Entropy: 3.0890191852411095
+            Virtual Size: '0x24'
+    Signature:
+    - GIGA-BYTE TECHNOLOGY CO., LTD.
+    - Symantec Class 3 SHA256 Code Signing CA
+    - VeriSign
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=TW, ST=Taiwan, L=NEW TAIPEI, O=GIGA,BYTE TECHNOLOGY CO., LTD.,
+                CN=GIGA,BYTE TECHNOLOGY CO., LTD.
+            ValidFrom: '2016-07-21 00:00:00'
+            ValidTo: '2019-09-19 23:59:59'
+            Signature: 088e59029abef549a30601c39db2cb687032de13f40c63bd0d88dbe858d6ddddbdc235044f1f31ddf3f6c960583264c9b7306dadb38eb64160a40e804bfee6deac624b7283eba48591daa22ca7523b1518ce792115fbbc4d9c312d824dd0c4566aa985e8a60cb486447fbba0f2c1de3eff0d98cbdeef89653f045203fda3b6a421d08ed13e45616e7c196ed56284b68d16e24e62ba8222fa6b15c7b586132dd3777b42908d930ab082f549516d886449ae87c20bb0c8474777de6c91917d8f173468f72ef3f89898fed2d861c31a8ea2659eabc3cc023e2008fca26f4c1c7d05594faecb6e437d61c11e947f6fdb6cc0db9cdfd6546d5212c94ed8a37fb723e7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 2ad22e071f61cafe7884bfa43a31b21b
+            Version: 3
+            TBS:
+                MD5: 50709ce3a9d9947196f8c152ac6b7e98
+                SHA1: 5132abcc111cb532cccd06ff4f92bd9269fd9c8b
+                SHA256: 163f38b3e76f73f6ed3909bae3036f6e3a923b202d3a9f994aa084ee81f3788a
+                SHA384: 6cab2d8d58f99daa3b8d7dd9b711172d5953748a8368ecd1e8e15af8ff0fac8e66c126f952be97321b75fe7a1bc87cb8
+        -   Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 SHA256 Code Signing CA
+            ValidFrom: '2013-12-10 00:00:00'
+            ValidTo: '2023-12-09 23:59:59'
+            Signature: 13851a1e69a937f7a0bda4af7e1d6153fe9d8c5e0ca6751e781723ddfdec1a035539fb7195c7655aa78e30d2445a61db706fda2105c22e73ba49f1d193fe5dc9cd5e03e0899e3f741ed7f7388ba9d6cfbb352f3358a89256d1c84d3b82e6798416fc28b0b147f31da23eee87d9a67fa456a53fad842e29de7cbca8aaa33d0401eaba93a20e502229174c87e43a115fd6a425899b056b2fb4c9014c277b0bac190522a060153fdac9fb4d4c8ffb726777fd2794c7ba350e8849fe8dfd28af4a12bd0db39705de440c15fa362b03dcc15001f1a1115d14e5e2bd274b54be2b845e0fa6c374050aef97c38922b11f77f3bdcd43d4f14ca93fb58b84af64f2d01421
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 3d78d7f9764960b2617df4f01eca862a
+            Version: 3
+            TBS:
+                MD5: 1f056ff7d5f874984dc605402b7cb042
+                SHA1: bdb348353a2203deb4b767914fa1bd7248dd728b
+                SHA256: a08e79c386083d875014c409c13d144e0a24386132980df11ff59737c8489eb1
+                SHA384: fa2729064b49e0d77540c1ee95d5f74acaf8eaf55197851a3a40383335f8113e51190bc48b552196edf8ac5cf0c89278
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        Signer:
+        -   SerialNumber: 2ad22e071f61cafe7884bfa43a31b21b
+            Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 SHA256 Code Signing CA
+            Version: 1
+    Imphash: ad374977f06fefefbb9c77155f7a0733
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/7ce8fb06-46eb-4f4f-90d5-5518a6561f15.yaml b/yaml/7ce8fb06-46eb-4f4f-90d5-5518a6561f15.yaml
index 1b674a025..98d0fd198 100644
--- a/yaml/7ce8fb06-46eb-4f4f-90d5-5518a6561f15.yaml
+++ b/yaml/7ce8fb06-46eb-4f4f-90d5-5518a6561f15.yaml
@@ -1,436 +1,436 @@
-Acknowledgement:
-  Handle: hfiref0x
-  Person: hfiref0x
+Id: 7ce8fb06-46eb-4f4f-90d5-5518a6561f15
+Tags:
+- gmer64.sys
+- superman.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: malicious
-Commands:
-  Command: sc.exe create gmer64.sys binPath=C:\windows\temp\gmer64.sys type=kernel
-    && sc.exe start gmer64.sys
-  Description: Driver used by the GMER application. Which is an application that detects
-    and removes rootkits
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-05-22'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/18c909a2b8c5e16821d6ef908f56881aa0ecceeaccb5fa1e54995935fcfd12f7.yara
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_mal_drivers_strict.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: 7ce8fb06-46eb-4f4f-90d5-5518a6561f15
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 7514f440c5b9e5c4a0498e4489b76d62
-    SHA1: 0bca6c35159282fd64615abc4d398399b061847b
-    SHA256: 3913d9754b78182aa25d38fbd7ea02502bdf1d81e6525ab4b5ffe5f543200478
-  Company: GMER
-  Copyright: Copyright (C) GMER 2003-2013
-  CreationTimestamp: '2016-03-09 00:28:57'
-  Date: ''
-  Description: GMER Driver http://www.gmer.net
-  ExportedFunctions: ''
-  FileVersion: '2, 0, 6983 built by: WinDDK'
-  Filename: gmer64.sys
-  ImportedFunctions:
-  - PsProcessType
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - strncmp
-  - _snwprintf
-  - PsLookupProcessByProcessId
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeUnstackDetachProcess
-  - KeDetachProcess
-  - IoDriverObjectType
-  - wcsrchr
-  - ExAllocatePool
-  - ZwClose
-  - KeBugCheck
-  - IofCompleteRequest
-  - ObReferenceObjectByHandle
-  - KeAttachProcess
-  - PsGetVersion
-  - PsThreadType
-  - IoCreateSymbolicLink
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - ObReferenceObjectByName
-  - IoCreateDevice
-  - ObOpenObjectByPointer
-  - KeStackAttachProcess
-  - PsLookupThreadByThreadId
-  - KeClearEvent
-  - IoGetBaseFileSystemDeviceObject
-  - IoBuildSynchronousFsdRequest
-  - _wcsnicmp
-  - ZwReadFile
-  - wcsncpy
-  - KeInitializeEvent
-  - ZwSetInformationFile
-  - strncpy
-  - IoGetDeviceObjectPointer
-  - NtClose
-  - KeWaitForSingleObject
-  - ZwDeleteFile
-  - RtlCompareUnicodeString
-  - ObfReferenceObject
-  - ZwOpenFile
-  - ZwQueryInformationFile
-  - ZwWriteFile
-  - IofCallDriver
-  - wcschr
-  - MmUnmapLockedPages
-  - _stricmp
-  - _strnicmp
-  - RtlVolumeDeviceToDosName
-  - ZwMapViewOfSection
-  - MmGetSystemRoutineAddress
-  - ZwQuerySystemInformation
-  - KeReleaseSpinLock
-  - ZwOpenThread
-  - IoFreeMdl
-  - KeDelayExecutionThread
-  - MmMapLockedPagesSpecifyCache
-  - ZwUnmapViewOfSection
-  - IoGetCurrentProcess
-  - MmProbeAndLockPages
-  - ZwOpenProcess
-  - MmUnlockPages
-  - ZwQueryInformationProcess
-  - ZwCreateSection
-  - wcsncmp
-  - ZwTerminateProcess
-  - ZwQueryInformationThread
-  - IoAllocateMdl
-  - KeAcquireSpinLockRaiseToDpc
-  - ZwQuerySymbolicLinkObject
-  - KeSetEvent
-  - RtlEqualUnicodeString
-  - ZwOpenSymbolicLinkObject
-  - ZwOpenDirectoryObject
-  - ZwQueryDirectoryObject
-  - IoFreeIrp
-  - IoAllocateIrp
-  - IoGetDeviceInterfaces
-  - IoCreateNotificationEvent
-  - ObQueryNameString
-  - ZwWaitForSingleObject
-  - ZwQueryDirectoryFile
-  - KeResetEvent
-  - KdDebuggerNotPresent
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - KeBugCheckEx
-  - __C_specific_handler
-  Imports:
-  - ntoskrnl.exe
-  InternalName: gmer64.sys
-  MD5: a822b9e6eedf69211013e192967bf523
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: gmer64.sys
-  Product: GMER
-  ProductVersion: 2, 0, 6983
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: ae0016968883c7b6d9bf26bf6adcb454
-    SHA1: ae1e456ae17f0bce4cb62e8cc3a76e5b83c53caa
-    SHA256: 9c178663dffdd9f9429f961711da30f4c966a2437d235785d182a6e5afb40fbc
-  SHA1: 83506de48bd0c50ea00c9e889fe980f56e6c6e1b
-  SHA256: 18c909a2b8c5e16821d6ef908f56881aa0ecceeaccb5fa1e54995935fcfd12f7
-  Sections:
-    .text:
-      Entropy: 6.190031082489791
-      Virtual Size: '0x9ed1'
-    .rdata:
-      Entropy: 4.557929170549758
-      Virtual Size: '0xe44'
-    .data:
-      Entropy: 0.30140680731160896
-      Virtual Size: '0xf50'
-    .pdata:
-      Entropy: 4.428217198958577
-      Virtual Size: '0x468'
-    INIT:
-      Entropy: 5.165565402631577
-      Virtual Size: '0xace'
-    .rsrc:
-      Entropy: 3.389674147151622
-      Virtual Size: '0x368'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=PL, ST=Katowice, L=Katowice, O=GMEREK Systemy Komputerowe Przemyslaw
-        Gmerek, CN=GMEREK Systemy Komputerowe Przemyslaw Gmerek
-      ValidFrom: '2014-01-02 07:01:46'
-      ValidTo: '2015-02-04 15:04:09'
-      Signature: ad49289aa50c6f87bd70af8712f5c8bf00f5e44e58d92f3e0429b2179e6368a89ba4d6a35a08a6bb271dbaa454a1ffeaa1e774eb5e3b564d08998c930453ce3db67186fe7797ebf4aeb2b3f693ff919ce7ffe24ad3715ed12a2838ffd6b3a43d79b6771dd89e5b076fae811e8aca865f6ed5475a5316ee5ab85888101e65671416a1afb6fee3ac3d70a45090331e481e2bbbbe8c48f0fe31e44cc172c45c563897e70cd1c7d5afb602735b7160cb4853b6ec4b61efee01be7408f6a00214bd9381b173531fd1c903839906b8eb104a1684084a30f9618774ef23ecfbc7b6f5c7e53ed59e4be74fe4e18ceec5cb4ea9561bf8827e8bce6d30299ec8d5d5df62d2
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1121c5bcad73319ee0131e328a2b814e164a
-      Version: 3
-      TBS:
-        MD5: 6f0e4c627d045bd81b94ec79fd4b371d
-        SHA1: a624238b100a59ac8722559c4d1e75aa4f7d99a4
-        SHA256: f0f8a64560267f1ff198c83420155851c8b91ae9eeb6227c9d1833b29b504e83
-        SHA384: 3f63878ac97adadd93ed3e316d703f25459441d2d9847dd8caec36af8c904906aaf96b55cde8cefda3d3c8031c722dd1
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2011-04-15 19:55:08'
-      ValidTo: '2021-04-15 20:05:08'
-      Signature: 5ff8d065746a81c6a6ca5b03b6914ae84bbdef2ba142f0efb4a5adcd3389ec0b9585ac62501108aa58d25aa08310e5a6337af25af2c5fe787cf09c83df190ad97396002dd62ccde914d41d9de83f3c1a76f7904efb01350a6c9313a0c356eb67a0e4d17a96dec267f190f80a7bf5321b94ec5f751f8d1b34da6c58a7cb2d279e2226b7c9aa30cc0777b836e38201b5393ccc8dd9a75f7f23b3877fdb5798918bd7ce2520e39d644fdd87f72b68490318e0a5df7c5f68644d36838d4781f2e9e0a869abfa7b163c05a449ea8830190a6c73055178dfd41ddd3ad47f2de44e54be83431e7a7433b4a4ebd77073bc2a02988966eef6bc8f749378e329025a5a43e258ce7ccf9acad236893be25fda26054ec8d4e72c910e1797c5beee8b13112323294ffa83d050f6bafad53db3173df4ff034aa325dce67561d1fa35086bd62744d068b78d45e0eb852cc8a15d614474160e5958aed2b5eea5bcd6d7076ab62978fd976767dd8d4f17944fd2ed0caf972437c3a29c81da6be143b6577b4cecbf791319e79fe844e94781b75e701e91f83dd17b27f50b7056434805dda92fab86101d0b12e31ad04c6e75ded645b30b748887935c564a41029af7aeb799d8b67f88fa11f2457cf4d71b91c01cf1a0fbd4080a411a142acef4eb34486e66879ed54b7a397fbb0e3d3861cf735706e412066bd96b5308cd7018c22d4f974691bca9f0
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 6129152700000000002a
-      Version: 3
-      TBS:
-        MD5: 0bb058d116f02817737920f112d9fd3b
-        SHA1: fd116235171a4feafedee586b7a59185fb5fd7e6
-        SHA256: f970426cc46d2ae0fc5f899fa19dbe76e05f07e525654c60c3c9399492c291f4
-        SHA384: c0df876be008c26ca407fe904e6f5e7ccded17f9c16830ce9f8022309c9e64c97f494810f152811ae43e223b82ad7cc6
-    Signer:
-    - SerialNumber: 1121c5bcad73319ee0131e328a2b814e164a
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: a998fe47a44bfbf2399968e21cfdf7ca
-- Filename: ''
-  Libraries:
-  - ntoskrnl.exe
-  ImportedFunctions:
-  - PsProcessType
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - strncmp
-  - _snwprintf
-  - PsLookupProcessByProcessId
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeUnstackDetachProcess
-  - KeDetachProcess
-  - IoDriverObjectType
-  - wcsrchr
-  - ExAllocatePool
-  - ZwClose
-  - KeBugCheck
-  - IofCompleteRequest
-  - ObReferenceObjectByHandle
-  - KeAttachProcess
-  - PsGetVersion
-  - PsThreadType
-  - IoCreateSymbolicLink
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - ObReferenceObjectByName
-  - IoCreateDevice
-  - ObOpenObjectByPointer
-  - KeStackAttachProcess
-  - PsLookupThreadByThreadId
-  - KeClearEvent
-  - IoGetBaseFileSystemDeviceObject
-  - IoBuildSynchronousFsdRequest
-  - _wcsnicmp
-  - ZwReadFile
-  - wcsncpy
-  - KeInitializeEvent
-  - ZwSetInformationFile
-  - strncpy
-  - IoGetDeviceObjectPointer
-  - NtClose
-  - KeWaitForSingleObject
-  - ZwDeleteFile
-  - RtlCompareUnicodeString
-  - ObfReferenceObject
-  - ZwOpenFile
-  - ZwQueryInformationFile
-  - ZwWriteFile
-  - IofCallDriver
-  - wcschr
-  - MmUnmapLockedPages
-  - _stricmp
-  - _strnicmp
-  - RtlVolumeDeviceToDosName
-  - ZwMapViewOfSection
-  - MmGetSystemRoutineAddress
-  - ZwQuerySystemInformation
-  - KeReleaseSpinLock
-  - ZwOpenThread
-  - IoFreeMdl
-  - KeDelayExecutionThread
-  - MmMapLockedPagesSpecifyCache
-  - ZwUnmapViewOfSection
-  - IoGetCurrentProcess
-  - MmProbeAndLockPages
-  - ZwOpenProcess
-  - MmUnlockPages
-  - ZwQueryInformationProcess
-  - ZwCreateSection
-  - wcsncmp
-  - ZwTerminateProcess
-  - ZwQueryInformationThread
-  - IoAllocateMdl
-  - KeAcquireSpinLockRaiseToDpc
-  - ZwQuerySymbolicLinkObject
-  - KeSetEvent
-  - RtlEqualUnicodeString
-  - ZwOpenSymbolicLinkObject
-  - ZwOpenDirectoryObject
-  - ZwQueryDirectoryObject
-  - IoFreeIrp
-  - IoAllocateIrp
-  - IoGetDeviceInterfaces
-  - IoCreateNotificationEvent
-  - ObQueryNameString
-  - ZwWaitForSingleObject
-  - ZwQueryDirectoryFile
-  - KeResetEvent
-  - KdDebuggerNotPresent
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - KeBugCheckEx
-  - __C_specific_handler
-  ExportedFunctions: ''
-  MD5: 98b8507e725b3d28537fc374eb2de72d
-  SHA1: c80d7fe8279ddfd466505a24b9c8cc7a68b9d0e4
-  SHA256: 0052aa88e42055a2eed5ddd17c3499c692360155e5e031a211edfcef577acce3
-  Imphash: a998fe47a44bfbf2399968e21cfdf7ca
-  Machine: AMD64
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2016-03-09 00:28:57'
-  RichPEHeaderMD5: ae0016968883c7b6d9bf26bf6adcb454
-  RichPEHeaderSHA1: ae1e456ae17f0bce4cb62e8cc3a76e5b83c53caa
-  RichPEHeaderSHA256: 9c178663dffdd9f9429f961711da30f4c966a2437d235785d182a6e5afb40fbc
-  AuthentihashMD5: 7514f440c5b9e5c4a0498e4489b76d62
-  AuthentihashSHA1: 0bca6c35159282fd64615abc4d398399b061847b
-  AuthentihashSHA256: 3913d9754b78182aa25d38fbd7ea02502bdf1d81e6525ab4b5ffe5f543200478
-  Sections:
-    .text:
-      Entropy: 6.190031082489791
-      Virtual Size: '0x9ed1'
-    .rdata:
-      Entropy: 4.557929170549758
-      Virtual Size: '0xe44'
-    .data:
-      Entropy: 0.30140680731160896
-      Virtual Size: '0xf50'
-    .pdata:
-      Entropy: 4.428217198958577
-      Virtual Size: '0x468'
-    INIT:
-      Entropy: 5.165565402631577
-      Virtual Size: '0xace'
-    .rsrc:
-      Entropy: 3.389674147151622
-      Virtual Size: '0x368'
-  CompanyName: GMER
-  FileDescription: GMER Driver http://www.gmer.net
-  InternalName: gmer64.sys
-  OriginalFilename: gmer64.sys
-  FileVersion: '2, 0, 6983 built by: WinDDK'
-  ProductName: GMER
-  LegalCopyright: Copyright (C) GMER 2003-2013
-  ProductVersion: 2, 0, 6983
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=PL, ST=Katowice, L=Katowice, O=GMEREK Systemy Komputerowe Przemyslaw
-        Gmerek, CN=GMEREK Systemy Komputerowe Przemyslaw Gmerek
-      ValidFrom: '2014-01-02 07:01:46'
-      ValidTo: '2015-02-04 15:04:09'
-      Signature: ad49289aa50c6f87bd70af8712f5c8bf00f5e44e58d92f3e0429b2179e6368a89ba4d6a35a08a6bb271dbaa454a1ffeaa1e774eb5e3b564d08998c930453ce3db67186fe7797ebf4aeb2b3f693ff919ce7ffe24ad3715ed12a2838ffd6b3a43d79b6771dd89e5b076fae811e8aca865f6ed5475a5316ee5ab85888101e65671416a1afb6fee3ac3d70a45090331e481e2bbbbe8c48f0fe31e44cc172c45c563897e70cd1c7d5afb602735b7160cb4853b6ec4b61efee01be7408f6a00214bd9381b173531fd1c903839906b8eb104a1684084a30f9618774ef23ecfbc7b6f5c7e53ed59e4be74fe4e18ceec5cb4ea9561bf8827e8bce6d30299ec8d5d5df62d2
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1121c5bcad73319ee0131e328a2b814e164a
-      Version: 3
-      TBS:
-        MD5: 6f0e4c627d045bd81b94ec79fd4b371d
-        SHA1: a624238b100a59ac8722559c4d1e75aa4f7d99a4
-        SHA256: f0f8a64560267f1ff198c83420155851c8b91ae9eeb6227c9d1833b29b504e83
-        SHA384: 3f63878ac97adadd93ed3e316d703f25459441d2d9847dd8caec36af8c904906aaf96b55cde8cefda3d3c8031c722dd1
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2011-04-15 19:55:08'
-      ValidTo: '2021-04-15 20:05:08'
-      Signature: 5ff8d065746a81c6a6ca5b03b6914ae84bbdef2ba142f0efb4a5adcd3389ec0b9585ac62501108aa58d25aa08310e5a6337af25af2c5fe787cf09c83df190ad97396002dd62ccde914d41d9de83f3c1a76f7904efb01350a6c9313a0c356eb67a0e4d17a96dec267f190f80a7bf5321b94ec5f751f8d1b34da6c58a7cb2d279e2226b7c9aa30cc0777b836e38201b5393ccc8dd9a75f7f23b3877fdb5798918bd7ce2520e39d644fdd87f72b68490318e0a5df7c5f68644d36838d4781f2e9e0a869abfa7b163c05a449ea8830190a6c73055178dfd41ddd3ad47f2de44e54be83431e7a7433b4a4ebd77073bc2a02988966eef6bc8f749378e329025a5a43e258ce7ccf9acad236893be25fda26054ec8d4e72c910e1797c5beee8b13112323294ffa83d050f6bafad53db3173df4ff034aa325dce67561d1fa35086bd62744d068b78d45e0eb852cc8a15d614474160e5958aed2b5eea5bcd6d7076ab62978fd976767dd8d4f17944fd2ed0caf972437c3a29c81da6be143b6577b4cecbf791319e79fe844e94781b75e701e91f83dd17b27f50b7056434805dda92fab86101d0b12e31ad04c6e75ded645b30b748887935c564a41029af7aeb799d8b67f88fa11f2457cf4d71b91c01cf1a0fbd4080a411a142acef4eb34486e66879ed54b7a397fbb0e3d3861cf735706e412066bd96b5308cd7018c22d4f974691bca9f0
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 6129152700000000002a
-      Version: 3
-      TBS:
-        MD5: 0bb058d116f02817737920f112d9fd3b
-        SHA1: fd116235171a4feafedee586b7a59185fb5fd7e6
-        SHA256: f970426cc46d2ae0fc5f899fa19dbe76e05f07e525654c60c3c9399492c291f4
-        SHA384: c0df876be008c26ca407fe904e6f5e7ccded17f9c16830ce9f8022309c9e64c97f494810f152811ae43e223b82ad7cc6
-    Signer:
-    - SerialNumber: 1121c5bcad73319ee0131e328a2b814e164a
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Authentihash:
-    MD5: 7514f440c5b9e5c4a0498e4489b76d62
-    SHA1: 0bca6c35159282fd64615abc4d398399b061847b
-    SHA256: 3913d9754b78182aa25d38fbd7ea02502bdf1d81e6525ab4b5ffe5f543200478
-  RichPEHeaderHash:
-    MD5: ae0016968883c7b6d9bf26bf6adcb454
-    SHA1: ae1e456ae17f0bce4cb62e8cc3a76e5b83c53caa
-    SHA256: 9c178663dffdd9f9429f961711da30f4c966a2437d235785d182a6e5afb40fbc
-  Description: GMER Driver http://www.gmer.net
-  Company: GMER
-  Product: GMER
-  Copyright: Copyright (C) GMER 2003-2013
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
 MitreID: T1068
+Category: malicious
+Commands:
+    Command: sc.exe create gmer64.sys binPath=C:\windows\temp\gmer64.sys type=kernel
+        && sc.exe start gmer64.sys
+    Description: Driver used by the GMER application. Which is an application that
+        detects and removes rootkits
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://github.com/magicsword-io/LOLDrivers/issues/55#issuecomment-1537161951
 - http://www.gmer.net/
 - https://github.com/gtworek/PSBits/blob/master/Misc/KillWithLolDriver.ps1
 - https://github.com/ZeroMemoryEx/Blackout
 - https://github.com/b1-team/superman
-Tags:
-- gmer64.sys
-- superman.sys
-Verified: 'TRUE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/18c909a2b8c5e16821d6ef908f56881aa0ecceeaccb5fa1e54995935fcfd12f7.yara
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_mal_drivers_strict.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: hfiref0x
+    Person: hfiref0x
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 7514f440c5b9e5c4a0498e4489b76d62
+        SHA1: 0bca6c35159282fd64615abc4d398399b061847b
+        SHA256: 3913d9754b78182aa25d38fbd7ea02502bdf1d81e6525ab4b5ffe5f543200478
+    Company: GMER
+    Copyright: Copyright (C) GMER 2003-2013
+    CreationTimestamp: '2016-03-09 00:28:57'
+    Date: ''
+    Description: GMER Driver http://www.gmer.net
+    ExportedFunctions: ''
+    FileVersion: '2, 0, 6983 built by: WinDDK'
+    Filename: gmer64.sys
+    ImportedFunctions:
+    - PsProcessType
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - strncmp
+    - _snwprintf
+    - PsLookupProcessByProcessId
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeUnstackDetachProcess
+    - KeDetachProcess
+    - IoDriverObjectType
+    - wcsrchr
+    - ExAllocatePool
+    - ZwClose
+    - KeBugCheck
+    - IofCompleteRequest
+    - ObReferenceObjectByHandle
+    - KeAttachProcess
+    - PsGetVersion
+    - PsThreadType
+    - IoCreateSymbolicLink
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - ObReferenceObjectByName
+    - IoCreateDevice
+    - ObOpenObjectByPointer
+    - KeStackAttachProcess
+    - PsLookupThreadByThreadId
+    - KeClearEvent
+    - IoGetBaseFileSystemDeviceObject
+    - IoBuildSynchronousFsdRequest
+    - _wcsnicmp
+    - ZwReadFile
+    - wcsncpy
+    - KeInitializeEvent
+    - ZwSetInformationFile
+    - strncpy
+    - IoGetDeviceObjectPointer
+    - NtClose
+    - KeWaitForSingleObject
+    - ZwDeleteFile
+    - RtlCompareUnicodeString
+    - ObfReferenceObject
+    - ZwOpenFile
+    - ZwQueryInformationFile
+    - ZwWriteFile
+    - IofCallDriver
+    - wcschr
+    - MmUnmapLockedPages
+    - _stricmp
+    - _strnicmp
+    - RtlVolumeDeviceToDosName
+    - ZwMapViewOfSection
+    - MmGetSystemRoutineAddress
+    - ZwQuerySystemInformation
+    - KeReleaseSpinLock
+    - ZwOpenThread
+    - IoFreeMdl
+    - KeDelayExecutionThread
+    - MmMapLockedPagesSpecifyCache
+    - ZwUnmapViewOfSection
+    - IoGetCurrentProcess
+    - MmProbeAndLockPages
+    - ZwOpenProcess
+    - MmUnlockPages
+    - ZwQueryInformationProcess
+    - ZwCreateSection
+    - wcsncmp
+    - ZwTerminateProcess
+    - ZwQueryInformationThread
+    - IoAllocateMdl
+    - KeAcquireSpinLockRaiseToDpc
+    - ZwQuerySymbolicLinkObject
+    - KeSetEvent
+    - RtlEqualUnicodeString
+    - ZwOpenSymbolicLinkObject
+    - ZwOpenDirectoryObject
+    - ZwQueryDirectoryObject
+    - IoFreeIrp
+    - IoAllocateIrp
+    - IoGetDeviceInterfaces
+    - IoCreateNotificationEvent
+    - ObQueryNameString
+    - ZwWaitForSingleObject
+    - ZwQueryDirectoryFile
+    - KeResetEvent
+    - KdDebuggerNotPresent
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - KeBugCheckEx
+    - __C_specific_handler
+    Imports:
+    - ntoskrnl.exe
+    InternalName: gmer64.sys
+    MD5: a822b9e6eedf69211013e192967bf523
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: gmer64.sys
+    Product: GMER
+    ProductVersion: 2, 0, 6983
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: ae0016968883c7b6d9bf26bf6adcb454
+        SHA1: ae1e456ae17f0bce4cb62e8cc3a76e5b83c53caa
+        SHA256: 9c178663dffdd9f9429f961711da30f4c966a2437d235785d182a6e5afb40fbc
+    SHA1: 83506de48bd0c50ea00c9e889fe980f56e6c6e1b
+    SHA256: 18c909a2b8c5e16821d6ef908f56881aa0ecceeaccb5fa1e54995935fcfd12f7
+    Sections:
+        .text:
+            Entropy: 6.190031082489791
+            Virtual Size: '0x9ed1'
+        .rdata:
+            Entropy: 4.557929170549758
+            Virtual Size: '0xe44'
+        .data:
+            Entropy: 0.30140680731160896
+            Virtual Size: '0xf50'
+        .pdata:
+            Entropy: 4.428217198958577
+            Virtual Size: '0x468'
+        INIT:
+            Entropy: 5.165565402631577
+            Virtual Size: '0xace'
+        .rsrc:
+            Entropy: 3.389674147151622
+            Virtual Size: '0x368'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=PL, ST=Katowice, L=Katowice, O=GMEREK Systemy Komputerowe Przemyslaw
+                Gmerek, CN=GMEREK Systemy Komputerowe Przemyslaw Gmerek
+            ValidFrom: '2014-01-02 07:01:46'
+            ValidTo: '2015-02-04 15:04:09'
+            Signature: ad49289aa50c6f87bd70af8712f5c8bf00f5e44e58d92f3e0429b2179e6368a89ba4d6a35a08a6bb271dbaa454a1ffeaa1e774eb5e3b564d08998c930453ce3db67186fe7797ebf4aeb2b3f693ff919ce7ffe24ad3715ed12a2838ffd6b3a43d79b6771dd89e5b076fae811e8aca865f6ed5475a5316ee5ab85888101e65671416a1afb6fee3ac3d70a45090331e481e2bbbbe8c48f0fe31e44cc172c45c563897e70cd1c7d5afb602735b7160cb4853b6ec4b61efee01be7408f6a00214bd9381b173531fd1c903839906b8eb104a1684084a30f9618774ef23ecfbc7b6f5c7e53ed59e4be74fe4e18ceec5cb4ea9561bf8827e8bce6d30299ec8d5d5df62d2
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1121c5bcad73319ee0131e328a2b814e164a
+            Version: 3
+            TBS:
+                MD5: 6f0e4c627d045bd81b94ec79fd4b371d
+                SHA1: a624238b100a59ac8722559c4d1e75aa4f7d99a4
+                SHA256: f0f8a64560267f1ff198c83420155851c8b91ae9eeb6227c9d1833b29b504e83
+                SHA384: 3f63878ac97adadd93ed3e316d703f25459441d2d9847dd8caec36af8c904906aaf96b55cde8cefda3d3c8031c722dd1
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2011-04-15 19:55:08'
+            ValidTo: '2021-04-15 20:05:08'
+            Signature: 5ff8d065746a81c6a6ca5b03b6914ae84bbdef2ba142f0efb4a5adcd3389ec0b9585ac62501108aa58d25aa08310e5a6337af25af2c5fe787cf09c83df190ad97396002dd62ccde914d41d9de83f3c1a76f7904efb01350a6c9313a0c356eb67a0e4d17a96dec267f190f80a7bf5321b94ec5f751f8d1b34da6c58a7cb2d279e2226b7c9aa30cc0777b836e38201b5393ccc8dd9a75f7f23b3877fdb5798918bd7ce2520e39d644fdd87f72b68490318e0a5df7c5f68644d36838d4781f2e9e0a869abfa7b163c05a449ea8830190a6c73055178dfd41ddd3ad47f2de44e54be83431e7a7433b4a4ebd77073bc2a02988966eef6bc8f749378e329025a5a43e258ce7ccf9acad236893be25fda26054ec8d4e72c910e1797c5beee8b13112323294ffa83d050f6bafad53db3173df4ff034aa325dce67561d1fa35086bd62744d068b78d45e0eb852cc8a15d614474160e5958aed2b5eea5bcd6d7076ab62978fd976767dd8d4f17944fd2ed0caf972437c3a29c81da6be143b6577b4cecbf791319e79fe844e94781b75e701e91f83dd17b27f50b7056434805dda92fab86101d0b12e31ad04c6e75ded645b30b748887935c564a41029af7aeb799d8b67f88fa11f2457cf4d71b91c01cf1a0fbd4080a411a142acef4eb34486e66879ed54b7a397fbb0e3d3861cf735706e412066bd96b5308cd7018c22d4f974691bca9f0
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 6129152700000000002a
+            Version: 3
+            TBS:
+                MD5: 0bb058d116f02817737920f112d9fd3b
+                SHA1: fd116235171a4feafedee586b7a59185fb5fd7e6
+                SHA256: f970426cc46d2ae0fc5f899fa19dbe76e05f07e525654c60c3c9399492c291f4
+                SHA384: c0df876be008c26ca407fe904e6f5e7ccded17f9c16830ce9f8022309c9e64c97f494810f152811ae43e223b82ad7cc6
+        Signer:
+        -   SerialNumber: 1121c5bcad73319ee0131e328a2b814e164a
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: a998fe47a44bfbf2399968e21cfdf7ca
+-   Filename: ''
+    Libraries:
+    - ntoskrnl.exe
+    ImportedFunctions:
+    - PsProcessType
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - strncmp
+    - _snwprintf
+    - PsLookupProcessByProcessId
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeUnstackDetachProcess
+    - KeDetachProcess
+    - IoDriverObjectType
+    - wcsrchr
+    - ExAllocatePool
+    - ZwClose
+    - KeBugCheck
+    - IofCompleteRequest
+    - ObReferenceObjectByHandle
+    - KeAttachProcess
+    - PsGetVersion
+    - PsThreadType
+    - IoCreateSymbolicLink
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - ObReferenceObjectByName
+    - IoCreateDevice
+    - ObOpenObjectByPointer
+    - KeStackAttachProcess
+    - PsLookupThreadByThreadId
+    - KeClearEvent
+    - IoGetBaseFileSystemDeviceObject
+    - IoBuildSynchronousFsdRequest
+    - _wcsnicmp
+    - ZwReadFile
+    - wcsncpy
+    - KeInitializeEvent
+    - ZwSetInformationFile
+    - strncpy
+    - IoGetDeviceObjectPointer
+    - NtClose
+    - KeWaitForSingleObject
+    - ZwDeleteFile
+    - RtlCompareUnicodeString
+    - ObfReferenceObject
+    - ZwOpenFile
+    - ZwQueryInformationFile
+    - ZwWriteFile
+    - IofCallDriver
+    - wcschr
+    - MmUnmapLockedPages
+    - _stricmp
+    - _strnicmp
+    - RtlVolumeDeviceToDosName
+    - ZwMapViewOfSection
+    - MmGetSystemRoutineAddress
+    - ZwQuerySystemInformation
+    - KeReleaseSpinLock
+    - ZwOpenThread
+    - IoFreeMdl
+    - KeDelayExecutionThread
+    - MmMapLockedPagesSpecifyCache
+    - ZwUnmapViewOfSection
+    - IoGetCurrentProcess
+    - MmProbeAndLockPages
+    - ZwOpenProcess
+    - MmUnlockPages
+    - ZwQueryInformationProcess
+    - ZwCreateSection
+    - wcsncmp
+    - ZwTerminateProcess
+    - ZwQueryInformationThread
+    - IoAllocateMdl
+    - KeAcquireSpinLockRaiseToDpc
+    - ZwQuerySymbolicLinkObject
+    - KeSetEvent
+    - RtlEqualUnicodeString
+    - ZwOpenSymbolicLinkObject
+    - ZwOpenDirectoryObject
+    - ZwQueryDirectoryObject
+    - IoFreeIrp
+    - IoAllocateIrp
+    - IoGetDeviceInterfaces
+    - IoCreateNotificationEvent
+    - ObQueryNameString
+    - ZwWaitForSingleObject
+    - ZwQueryDirectoryFile
+    - KeResetEvent
+    - KdDebuggerNotPresent
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - KeBugCheckEx
+    - __C_specific_handler
+    ExportedFunctions: ''
+    MD5: 98b8507e725b3d28537fc374eb2de72d
+    SHA1: c80d7fe8279ddfd466505a24b9c8cc7a68b9d0e4
+    SHA256: 0052aa88e42055a2eed5ddd17c3499c692360155e5e031a211edfcef577acce3
+    Imphash: a998fe47a44bfbf2399968e21cfdf7ca
+    Machine: AMD64
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2016-03-09 00:28:57'
+    RichPEHeaderMD5: ae0016968883c7b6d9bf26bf6adcb454
+    RichPEHeaderSHA1: ae1e456ae17f0bce4cb62e8cc3a76e5b83c53caa
+    RichPEHeaderSHA256: 9c178663dffdd9f9429f961711da30f4c966a2437d235785d182a6e5afb40fbc
+    AuthentihashMD5: 7514f440c5b9e5c4a0498e4489b76d62
+    AuthentihashSHA1: 0bca6c35159282fd64615abc4d398399b061847b
+    AuthentihashSHA256: 3913d9754b78182aa25d38fbd7ea02502bdf1d81e6525ab4b5ffe5f543200478
+    Sections:
+        .text:
+            Entropy: 6.190031082489791
+            Virtual Size: '0x9ed1'
+        .rdata:
+            Entropy: 4.557929170549758
+            Virtual Size: '0xe44'
+        .data:
+            Entropy: 0.30140680731160896
+            Virtual Size: '0xf50'
+        .pdata:
+            Entropy: 4.428217198958577
+            Virtual Size: '0x468'
+        INIT:
+            Entropy: 5.165565402631577
+            Virtual Size: '0xace'
+        .rsrc:
+            Entropy: 3.389674147151622
+            Virtual Size: '0x368'
+    CompanyName: GMER
+    FileDescription: GMER Driver http://www.gmer.net
+    InternalName: gmer64.sys
+    OriginalFilename: gmer64.sys
+    FileVersion: '2, 0, 6983 built by: WinDDK'
+    ProductName: GMER
+    LegalCopyright: Copyright (C) GMER 2003-2013
+    ProductVersion: 2, 0, 6983
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=PL, ST=Katowice, L=Katowice, O=GMEREK Systemy Komputerowe Przemyslaw
+                Gmerek, CN=GMEREK Systemy Komputerowe Przemyslaw Gmerek
+            ValidFrom: '2014-01-02 07:01:46'
+            ValidTo: '2015-02-04 15:04:09'
+            Signature: ad49289aa50c6f87bd70af8712f5c8bf00f5e44e58d92f3e0429b2179e6368a89ba4d6a35a08a6bb271dbaa454a1ffeaa1e774eb5e3b564d08998c930453ce3db67186fe7797ebf4aeb2b3f693ff919ce7ffe24ad3715ed12a2838ffd6b3a43d79b6771dd89e5b076fae811e8aca865f6ed5475a5316ee5ab85888101e65671416a1afb6fee3ac3d70a45090331e481e2bbbbe8c48f0fe31e44cc172c45c563897e70cd1c7d5afb602735b7160cb4853b6ec4b61efee01be7408f6a00214bd9381b173531fd1c903839906b8eb104a1684084a30f9618774ef23ecfbc7b6f5c7e53ed59e4be74fe4e18ceec5cb4ea9561bf8827e8bce6d30299ec8d5d5df62d2
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1121c5bcad73319ee0131e328a2b814e164a
+            Version: 3
+            TBS:
+                MD5: 6f0e4c627d045bd81b94ec79fd4b371d
+                SHA1: a624238b100a59ac8722559c4d1e75aa4f7d99a4
+                SHA256: f0f8a64560267f1ff198c83420155851c8b91ae9eeb6227c9d1833b29b504e83
+                SHA384: 3f63878ac97adadd93ed3e316d703f25459441d2d9847dd8caec36af8c904906aaf96b55cde8cefda3d3c8031c722dd1
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2011-04-15 19:55:08'
+            ValidTo: '2021-04-15 20:05:08'
+            Signature: 5ff8d065746a81c6a6ca5b03b6914ae84bbdef2ba142f0efb4a5adcd3389ec0b9585ac62501108aa58d25aa08310e5a6337af25af2c5fe787cf09c83df190ad97396002dd62ccde914d41d9de83f3c1a76f7904efb01350a6c9313a0c356eb67a0e4d17a96dec267f190f80a7bf5321b94ec5f751f8d1b34da6c58a7cb2d279e2226b7c9aa30cc0777b836e38201b5393ccc8dd9a75f7f23b3877fdb5798918bd7ce2520e39d644fdd87f72b68490318e0a5df7c5f68644d36838d4781f2e9e0a869abfa7b163c05a449ea8830190a6c73055178dfd41ddd3ad47f2de44e54be83431e7a7433b4a4ebd77073bc2a02988966eef6bc8f749378e329025a5a43e258ce7ccf9acad236893be25fda26054ec8d4e72c910e1797c5beee8b13112323294ffa83d050f6bafad53db3173df4ff034aa325dce67561d1fa35086bd62744d068b78d45e0eb852cc8a15d614474160e5958aed2b5eea5bcd6d7076ab62978fd976767dd8d4f17944fd2ed0caf972437c3a29c81da6be143b6577b4cecbf791319e79fe844e94781b75e701e91f83dd17b27f50b7056434805dda92fab86101d0b12e31ad04c6e75ded645b30b748887935c564a41029af7aeb799d8b67f88fa11f2457cf4d71b91c01cf1a0fbd4080a411a142acef4eb34486e66879ed54b7a397fbb0e3d3861cf735706e412066bd96b5308cd7018c22d4f974691bca9f0
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 6129152700000000002a
+            Version: 3
+            TBS:
+                MD5: 0bb058d116f02817737920f112d9fd3b
+                SHA1: fd116235171a4feafedee586b7a59185fb5fd7e6
+                SHA256: f970426cc46d2ae0fc5f899fa19dbe76e05f07e525654c60c3c9399492c291f4
+                SHA384: c0df876be008c26ca407fe904e6f5e7ccded17f9c16830ce9f8022309c9e64c97f494810f152811ae43e223b82ad7cc6
+        Signer:
+        -   SerialNumber: 1121c5bcad73319ee0131e328a2b814e164a
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Authentihash:
+        MD5: 7514f440c5b9e5c4a0498e4489b76d62
+        SHA1: 0bca6c35159282fd64615abc4d398399b061847b
+        SHA256: 3913d9754b78182aa25d38fbd7ea02502bdf1d81e6525ab4b5ffe5f543200478
+    RichPEHeaderHash:
+        MD5: ae0016968883c7b6d9bf26bf6adcb454
+        SHA1: ae1e456ae17f0bce4cb62e8cc3a76e5b83c53caa
+        SHA256: 9c178663dffdd9f9429f961711da30f4c966a2437d235785d182a6e5afb40fbc
+    Description: GMER Driver http://www.gmer.net
+    Company: GMER
+    Product: GMER
+    Copyright: Copyright (C) GMER 2003-2013
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
diff --git a/yaml/7cee2ce8-7881-4a9a-bb18-61587c95f4a2.yaml b/yaml/7cee2ce8-7881-4a9a-bb18-61587c95f4a2.yaml
index ae9a1a28e..d09829f6c 100644
--- a/yaml/7cee2ce8-7881-4a9a-bb18-61587c95f4a2.yaml
+++ b/yaml/7cee2ce8-7881-4a9a-bb18-61587c95f4a2.yaml
@@ -1,1430 +1,1430 @@
 Id: 7cee2ce8-7881-4a9a-bb18-61587c95f4a2
+Tags:
+- DcProtect.sys
+Verified: 'TRUE'
 Author: Wack0
 Created: '2023-11-30'
 MitreID: T1068
 Category: vulnerable driver
-Verified: 'TRUE'
 Commands:
-  Command: sc.exe create DcProtect.sys binPath=C:\windows\temp\DcProtect.sys type=kernel
-    && sc.exe start DcProtect.sys
-  Description: bundled with chinese application "DrvCeo" is a set of rootkits. The
-    malicious functionality. prevents registry value writing where the registry key
-    or value includes "dcprotect" or "drvceo". Prevents file deletion if pathname
-    contains "driverdownload", "program files\sysceo", "program files (x86)\sysceo"
-  Usecase: Elevate privileges
-  Privileges: kernel
-  OperatingSystem: Windows 10
+    Command: sc.exe create DcProtect.sys binPath=C:\windows\temp\DcProtect.sys type=kernel
+        && sc.exe start DcProtect.sys
+    Description: bundled with chinese application "DrvCeo" is a set of rootkits. The
+        malicious functionality. prevents registry value writing where the registry
+        key or value includes "dcprotect" or "drvceo". Prevents file deletion if pathname
+        contains "driverdownload", "program files\sysceo", "program files (x86)\sysceo"
+    Usecase: Elevate privileges
+    Privileges: kernel
+    OperatingSystem: Windows 10
 Resources:
 - https://github.com/magicsword-io/LOLDrivers/issues/154
 - https://www.virustotal.com/gui/user/slipstream
-Acknowledgement:
-  Person: ''
-  Handle: ''
 Detection: []
+Acknowledgement:
+    Person: ''
+    Handle: ''
 KnownVulnerableSamples:
-- Filename: ''
-  Libraries:
-  - FLTMGR.SYS
-  - ntoskrnl.exe
-  ImportedFunctions:
-  - FltRegisterFilter
-  - FltUnregisterFilter
-  - FltStartFiltering
-  - FltCreateCommunicationPort
-  - FltCloseCommunicationPort
-  - FltCloseClientPort
-  - FltBuildDefaultSecurityDescriptor
-  - FltFreeSecurityDescriptor
-  - _strlwr
-  - strstr
-  - RtlInitUnicodeString
-  - RtlCopyUnicodeString
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - ExGetPreviousMode
-  - CmUnRegisterCallback
-  - CmRegisterCallbackEx
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - IoGetCurrentProcess
-  - MmIsAddressValid
-  - PsGetProcessId
-  - ObQueryNameString
-  - FsRtlIsNameInExpression
-  - sprintf
-  - __C_specific_handler
-  ExportedFunctions: ''
-  MD5: 563b33cfc3c815feff659caaa94edc33
-  SHA1: da689e8e0e3fc4c7114b44d185eef4c768e15946
-  SHA256: b2247e68386c1bdfd48687105c3728ebbad672daffa91b57845b4e49693ffd71
-  Imphash: e800cd3299d4cda0d9e02255acc3b7dd
-  Machine: AMD64
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2021-01-06 09:17:50'
-  RichPEHeaderMD5: 4d8a663ae2f765ff317d5e042cf62899
-  RichPEHeaderSHA1: b11ddc426a9801d4f3dd3b6cd1fa2ca1e1d86ada
-  RichPEHeaderSHA256: 1427e72e0fca467e4abd192177e4e875daa5b27e2cb22ce10aee1f1500df6b2c
-  AuthentihashMD5: 6eb18a9f44c6022e259088a2106f048c
-  AuthentihashSHA1: ea9a484278d7a80a46edcd096447bbea0c892f64
-  AuthentihashSHA256: 1ff54579dc4b76e814495d8e1d452a6f868adf06c2de0afdc5c3878b380d0a17
-  Sections:
-    .text:
-      Entropy: 6.1933071166252995
-      Virtual Size: '0xeff'
-    .rdata:
-      Entropy: 3.480895603142913
-      Virtual Size: '0x6dc'
-    .data:
-      Entropy: 1.1394755320256174
-      Virtual Size: '0x68'
-    .pdata:
-      Entropy: 3.502267951968367
-      Virtual Size: '0xfc'
-    PAGE:
-      Entropy: 4.079225801519104
-      Virtual Size: '0x2c'
-    INIT:
-      Entropy: 5.40476343320525
-      Virtual Size: '0x522'
-    .rsrc:
-      Entropy: 3.567006043557736
-      Virtual Size: '0x450'
-    .reloc:
-      Entropy: 3.5093407582869136
-      Virtual Size: '0x28'
-  CompanyName: Windows (R) Win 7 DDK provider
-  FileDescription: DcProtect Driver
-  InternalName: DcProtect.sys
-  OriginalFilename: DcProtect.sys
-  FileVersion: 1.2.0.0
-  ProductName: 'DcProtect (R) Win10x64 driver '
-  LegalCopyright: Copyright (C) 2012-2020 Jiangmen Eyun Network Co.,Ltd. 2019
-  ProductVersion: 1.2.0.0
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert, Inc., CN=DigiCert Timestamp 2021
-      ValidFrom: '2021-01-01 00:00:00'
-      ValidTo: '2031-01-06 00:00:00'
-      Signature: 481cdcb5e99a23bce71ae7200e8e6746fd427251740a2347a3ab92d225c47059be14a0e52781a54d1415190779f0d104c386d93bbdfe4402664ded69a40ff6b870cf62e8f5514a7879367a27b7f3e7529f93a7ed439e7be7b4dd412289fb87a246034efcf4feb76477635f2352698382fa1a53ed90cc8da117730df4f36539704bf39cd67a7bda0cbc3d32d01bcbf561fc75080076bc810ef8c0e15ccfc41172e71b6449d8229a751542f52d323881daf460a2bab452fb5ce06124254fb2dfc929a8734351dabd63d61f5b9bf72e1b4f131df74a0d717e97b7f43f84ebc1e3a349a1facea7bf56cfba597661895f7ea7b48e6778f93698e1cb28da5b87a68a2f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 0d424ae0be3a88ff604021ce1400f0dd
-      Version: 3
-      TBS:
-        MD5: c0189c338449a42fe8358c2c1fbecc60
-        SHA1: b8ac0ee6875594b80ad86a6df6dd1fa3048c187c
-        SHA256: a43de6baf968a942da017b70769fdb65b3cfb1bbca1f9174da26a7d8aae78ec5
-        SHA384: 76d3a316a5a106050298418cce3beea16100524723d9e3220b0de51bfb6f1c35a5d4c7cd10b358fef7bf94c3e3562150
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Assured
-        ID Timestamping CA
-      ValidFrom: '2016-01-07 12:00:00'
-      ValidTo: '2031-01-07 12:00:00'
-      Signature: 719512e951875669cdefddda7caa637ab378cf06374084ef4b84bfcacf0302fdc5a7c30e20422caf77f32b1f0c215a2ab705341d6aae99f827a266bf09aa60df76a43a930ff8b2d1d87c1962e85e82251ec4ba1c7b2c21e2d65b2c1435430468b2db7502e072c798d63c64e51f4810185f8938614d62462487638c91522caf2989e5781fd60b14a580d7124770b375d59385937eb69267fb536189a8f56b96c0f458690d7cc801b1b92875b7996385228c61ca79947e59fc8c0fe36fb50126b66ca5ee875121e458609bba0c2d2b6da2c47ebbc4252b4702087c49ae13b6e17c424228c61856cf4134b6665db6747bf55633222f2236b24ba24a95d8f5a68e52
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 0aa125d6d6321b7e41e405da3697c215
-      Version: 3
-      TBS:
-        MD5: 8d26184fc613f89aba1cefb30fce1b53
-        SHA1: 63a7e376bad5ec2e419d514a403bcf46c8d31d95
-        SHA256: 56b5f0d9db578e3f142921daa387902722a76700375c7e1c4ae0ba004bacaa0c
-        SHA384: d8c9691fe9dbe182f07b49b07fbb4f589fa7b38b5c4d21f265d3a2e818f4b1bfb39e03faab2ec05bb10333a99914fb8a
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: ??=CN, ??=, ??=, ??=Private Organization, serialNumber=91440703345542411W,
-        C=CN, ST=Guangdong, L=Jiangmen, O=Jiangmen Eyun Network Co., Ltd., CN=Jiangmen
-        Eyun Network Co., Ltd.
-      ValidFrom: '2019-04-24 00:00:00'
-      ValidTo: '2021-04-28 12:00:00'
-      Signature: 40287d210da467c6e8ff239183f0afaded732c19b48eaed1ac490ed9f5e6660576c79ca74ca3d27e2647113e26953c4da58bcbcbd2fd9ef4a402ec0f9715bc44d7c1a4c2fb3909b19e532db2acbf644434b8ad7a583192ca0abd8f8270b08f3cbd1af5874520c8d86173b5b4177a6f4c84fe1a06e4bc4d2378d6d8021c77bba07044d90a91fae6eaf3db9cb8c5954ce2ac5a67be7150a56785a5ff65ed27ec3bd9c47017a5460cd592108d84d803de5ab05d21de72829bbd5bdc42c36d2e1a4e4e0946c0d6e9987ee5634c5eb7340f2b8b30ac11a321b43d20043c88fe1164f8e18d55b00eb050e66be95f2589dc4719590d5a57213bbf51e8777f2a28e20fb4
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0abe0ae214534ce0db8c4784e7b8b9f6
-      Version: 3
-      TBS:
-        MD5: 85b79b9fe18b3766b667a26271e4c146
-        SHA1: 74ff1f4cae4c7cc002981fc5b4b01b62347bc21b
-        SHA256: 6a558777a73413544b90a528696e6ccaab26a49ea0694d59b50252147681f7e4
-        SHA384: af51a957aea8ab15498d1feb160d1304a4ebf17f02199acbf0a02eda15a33afaa5360e39d17d383521546e1a57b384d2
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA
-      ValidFrom: '2012-04-18 12:00:00'
-      ValidTo: '2027-04-18 12:00:00'
-      Signature: 9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0dd0e3374ac95bdbfa6b434b2a48ec06
-      Version: 3
-      TBS:
-        MD5: f92649915476229b093c211c2b18e6c4
-        SHA1: 2d54c16a8f8b69ccdea48d0603c132f547a5cf75
-        SHA256: 2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
-        SHA384: 511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace
-    Signer:
-    - SerialNumber: 0abe0ae214534ce0db8c4784e7b8b9f6
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA
-      Version: 1
-  Authentihash:
-    MD5: 6eb18a9f44c6022e259088a2106f048c
-    SHA1: ea9a484278d7a80a46edcd096447bbea0c892f64
-    SHA256: 1ff54579dc4b76e814495d8e1d452a6f868adf06c2de0afdc5c3878b380d0a17
-  RichPEHeaderHash:
-    MD5: 4d8a663ae2f765ff317d5e042cf62899
-    SHA1: b11ddc426a9801d4f3dd3b6cd1fa2ca1e1d86ada
-    SHA256: 1427e72e0fca467e4abd192177e4e875daa5b27e2cb22ce10aee1f1500df6b2c
-  Description: DcProtect Driver
-  Company: Windows (R) Win 7 DDK provider
-  Product: 'DcProtect (R) Win10x64 driver '
-  Copyright: Copyright (C) 2012-2020 Jiangmen Eyun Network Co.,Ltd. 2019
-  MachineType: AMD64
-  Imports:
-  - FLTMGR.SYS
-  - ntoskrnl.exe
-- Filename: ''
-  Libraries:
-  - FLTMGR.SYS
-  - ntoskrnl.exe
-  ImportedFunctions:
-  - FltRegisterFilter
-  - FltUnregisterFilter
-  - FltStartFiltering
-  - FltCreateCommunicationPort
-  - FltCloseCommunicationPort
-  - FltCloseClientPort
-  - FltBuildDefaultSecurityDescriptor
-  - FltFreeSecurityDescriptor
-  - _strlwr
-  - strstr
-  - RtlInitUnicodeString
-  - RtlCopyUnicodeString
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - ExGetPreviousMode
-  - CmUnRegisterCallback
-  - CmRegisterCallbackEx
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - IoGetCurrentProcess
-  - MmIsAddressValid
-  - PsGetProcessId
-  - ObQueryNameString
-  - FsRtlIsNameInExpression
-  - sprintf
-  - _except_handler3
-  - memcpy
-  - memset
-  ExportedFunctions: ''
-  MD5: 53f103e490bc11624ef6a51a6d3bdc05
-  SHA1: 5499f1bca93a3613428e8c18ac93a93b9a7249fb
-  SHA256: 3af9c376d43321e813057ecd0403e71cafc3302139e2409ab41e254386c33ecb
-  Imphash: 2ece23bdef16ee294bd905c7ba1be589
-  Machine: I386
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2021-01-06 09:15:15'
-  RichPEHeaderMD5: 555e8cb2ed5b1eea11f804a11c4aef99
-  RichPEHeaderSHA1: 632b7ac9f88af93d18cefa583390b26172e109e5
-  RichPEHeaderSHA256: be22bb21e6e37fe1daf872d2d703d4aa26a6a58f2d5844ae4c57990aaf50a389
-  AuthentihashMD5: bc49e6eba2c3a95f1fe0d1c5c4f2fb70
-  AuthentihashSHA1: fc759e3940f05c22d3919c20d08c44d4fd806b99
-  AuthentihashSHA256: fcffb9cecbcefc399a2a08d99fcc2b797911afa26f3d69a28a139311cb61c39a
-  Sections:
-    .text:
-      Entropy: 6.308037981479057
-      Virtual Size: '0x946'
-    .rdata:
-      Entropy: 3.7031047583665897
-      Virtual Size: '0x444'
-    .data:
-      Entropy: 0.830872163407438
-      Virtual Size: '0x54'
-    PAGE:
-      Entropy: 3.895638807527667
-      Virtual Size: '0x24'
-    INIT:
-      Entropy: 5.643218995926574
-      Virtual Size: '0x452'
-    .rsrc:
-      Entropy: 3.5730720453802185
-      Virtual Size: '0x450'
-    .reloc:
-      Entropy: 5.6072871377452635
-      Virtual Size: '0x114'
-  CompanyName: Windows (R) Win 7 DDK provider
-  FileDescription: DcProtect Driver
-  InternalName: DcProtect.sys
-  OriginalFilename: DcProtect.sys
-  FileVersion: 1.2.0.0
-  ProductName: 'DcProtect (R) Win10x86 driver '
-  LegalCopyright: Copyright (C) 2012-2020 Jiangmen Eyun Network Co.,Ltd. 2019
-  ProductVersion: 1.2.0.0
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert, Inc., CN=DigiCert Timestamp 2021
-      ValidFrom: '2021-01-01 00:00:00'
-      ValidTo: '2031-01-06 00:00:00'
-      Signature: 481cdcb5e99a23bce71ae7200e8e6746fd427251740a2347a3ab92d225c47059be14a0e52781a54d1415190779f0d104c386d93bbdfe4402664ded69a40ff6b870cf62e8f5514a7879367a27b7f3e7529f93a7ed439e7be7b4dd412289fb87a246034efcf4feb76477635f2352698382fa1a53ed90cc8da117730df4f36539704bf39cd67a7bda0cbc3d32d01bcbf561fc75080076bc810ef8c0e15ccfc41172e71b6449d8229a751542f52d323881daf460a2bab452fb5ce06124254fb2dfc929a8734351dabd63d61f5b9bf72e1b4f131df74a0d717e97b7f43f84ebc1e3a349a1facea7bf56cfba597661895f7ea7b48e6778f93698e1cb28da5b87a68a2f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 0d424ae0be3a88ff604021ce1400f0dd
-      Version: 3
-      TBS:
-        MD5: c0189c338449a42fe8358c2c1fbecc60
-        SHA1: b8ac0ee6875594b80ad86a6df6dd1fa3048c187c
-        SHA256: a43de6baf968a942da017b70769fdb65b3cfb1bbca1f9174da26a7d8aae78ec5
-        SHA384: 76d3a316a5a106050298418cce3beea16100524723d9e3220b0de51bfb6f1c35a5d4c7cd10b358fef7bf94c3e3562150
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Assured
-        ID Timestamping CA
-      ValidFrom: '2016-01-07 12:00:00'
-      ValidTo: '2031-01-07 12:00:00'
-      Signature: 719512e951875669cdefddda7caa637ab378cf06374084ef4b84bfcacf0302fdc5a7c30e20422caf77f32b1f0c215a2ab705341d6aae99f827a266bf09aa60df76a43a930ff8b2d1d87c1962e85e82251ec4ba1c7b2c21e2d65b2c1435430468b2db7502e072c798d63c64e51f4810185f8938614d62462487638c91522caf2989e5781fd60b14a580d7124770b375d59385937eb69267fb536189a8f56b96c0f458690d7cc801b1b92875b7996385228c61ca79947e59fc8c0fe36fb50126b66ca5ee875121e458609bba0c2d2b6da2c47ebbc4252b4702087c49ae13b6e17c424228c61856cf4134b6665db6747bf55633222f2236b24ba24a95d8f5a68e52
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 0aa125d6d6321b7e41e405da3697c215
-      Version: 3
-      TBS:
-        MD5: 8d26184fc613f89aba1cefb30fce1b53
-        SHA1: 63a7e376bad5ec2e419d514a403bcf46c8d31d95
-        SHA256: 56b5f0d9db578e3f142921daa387902722a76700375c7e1c4ae0ba004bacaa0c
-        SHA384: d8c9691fe9dbe182f07b49b07fbb4f589fa7b38b5c4d21f265d3a2e818f4b1bfb39e03faab2ec05bb10333a99914fb8a
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: ??=CN, ??=, ??=, ??=Private Organization, serialNumber=91440703345542411W,
-        C=CN, ST=Guangdong, L=Jiangmen, O=Jiangmen Eyun Network Co., Ltd., CN=Jiangmen
-        Eyun Network Co., Ltd.
-      ValidFrom: '2019-04-24 00:00:00'
-      ValidTo: '2021-04-28 12:00:00'
-      Signature: 40287d210da467c6e8ff239183f0afaded732c19b48eaed1ac490ed9f5e6660576c79ca74ca3d27e2647113e26953c4da58bcbcbd2fd9ef4a402ec0f9715bc44d7c1a4c2fb3909b19e532db2acbf644434b8ad7a583192ca0abd8f8270b08f3cbd1af5874520c8d86173b5b4177a6f4c84fe1a06e4bc4d2378d6d8021c77bba07044d90a91fae6eaf3db9cb8c5954ce2ac5a67be7150a56785a5ff65ed27ec3bd9c47017a5460cd592108d84d803de5ab05d21de72829bbd5bdc42c36d2e1a4e4e0946c0d6e9987ee5634c5eb7340f2b8b30ac11a321b43d20043c88fe1164f8e18d55b00eb050e66be95f2589dc4719590d5a57213bbf51e8777f2a28e20fb4
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0abe0ae214534ce0db8c4784e7b8b9f6
-      Version: 3
-      TBS:
-        MD5: 85b79b9fe18b3766b667a26271e4c146
-        SHA1: 74ff1f4cae4c7cc002981fc5b4b01b62347bc21b
-        SHA256: 6a558777a73413544b90a528696e6ccaab26a49ea0694d59b50252147681f7e4
-        SHA384: af51a957aea8ab15498d1feb160d1304a4ebf17f02199acbf0a02eda15a33afaa5360e39d17d383521546e1a57b384d2
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA
-      ValidFrom: '2012-04-18 12:00:00'
-      ValidTo: '2027-04-18 12:00:00'
-      Signature: 9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0dd0e3374ac95bdbfa6b434b2a48ec06
-      Version: 3
-      TBS:
-        MD5: f92649915476229b093c211c2b18e6c4
-        SHA1: 2d54c16a8f8b69ccdea48d0603c132f547a5cf75
-        SHA256: 2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
-        SHA384: 511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace
-    Signer:
-    - SerialNumber: 0abe0ae214534ce0db8c4784e7b8b9f6
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA
-      Version: 1
-  Authentihash:
-    MD5: bc49e6eba2c3a95f1fe0d1c5c4f2fb70
-    SHA1: fc759e3940f05c22d3919c20d08c44d4fd806b99
-    SHA256: fcffb9cecbcefc399a2a08d99fcc2b797911afa26f3d69a28a139311cb61c39a
-  RichPEHeaderHash:
-    MD5: 555e8cb2ed5b1eea11f804a11c4aef99
-    SHA1: 632b7ac9f88af93d18cefa583390b26172e109e5
-    SHA256: be22bb21e6e37fe1daf872d2d703d4aa26a6a58f2d5844ae4c57990aaf50a389
-  Description: DcProtect Driver
-  Company: Windows (R) Win 7 DDK provider
-  Product: 'DcProtect (R) Win10x86 driver '
-  Copyright: Copyright (C) 2012-2020 Jiangmen Eyun Network Co.,Ltd. 2019
-  MachineType: I386
-  Imports:
-  - FLTMGR.SYS
-  - ntoskrnl.exe
-- Filename: ''
-  Libraries:
-  - FLTMGR.SYS
-  - ntoskrnl.exe
-  ImportedFunctions:
-  - FltRegisterFilter
-  - FltUnregisterFilter
-  - FltStartFiltering
-  - FltCreateCommunicationPort
-  - FltCloseCommunicationPort
-  - FltCloseClientPort
-  - FltBuildDefaultSecurityDescriptor
-  - FltFreeSecurityDescriptor
-  - _strlwr
-  - strstr
-  - RtlInitUnicodeString
-  - RtlCopyUnicodeString
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - ExGetPreviousMode
-  - CmUnRegisterCallback
-  - CmRegisterCallbackEx
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - IoGetCurrentProcess
-  - MmIsAddressValid
-  - PsGetProcessId
-  - ObQueryNameString
-  - FsRtlIsNameInExpression
-  - sprintf
-  - __C_specific_handler
-  ExportedFunctions: ''
-  MD5: d90cdd8f2826e5ea3faf8e258f20dc40
-  SHA1: a71c17bfeefd76a9f89e74a52a2b6fdd3efbabe2
-  SHA256: 9dee9c925f7ea84f56d4a2ad4cf9a88c4dac27380887bf9ac73e7c8108066504
-  Imphash: e800cd3299d4cda0d9e02255acc3b7dd
-  Machine: AMD64
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2021-01-06 09:17:24'
-  RichPEHeaderMD5: 4d8a663ae2f765ff317d5e042cf62899
-  RichPEHeaderSHA1: b11ddc426a9801d4f3dd3b6cd1fa2ca1e1d86ada
-  RichPEHeaderSHA256: 1427e72e0fca467e4abd192177e4e875daa5b27e2cb22ce10aee1f1500df6b2c
-  AuthentihashMD5: 96cd68100963cf38f3090777a3dfc543
-  AuthentihashSHA1: 87c65b5bc7991c7161e41dcd609ab3cacf1c5753
-  AuthentihashSHA256: 3f085bc766d865fa012163ed7c044af25285525b1276b6cef2085efab78e9b66
-  Sections:
-    .text:
-      Entropy: 6.1933071166252995
-      Virtual Size: '0xeff'
-    .rdata:
-      Entropy: 3.4777226067165428
-      Virtual Size: '0x6dc'
-    .data:
-      Entropy: 1.1394755320256174
-      Virtual Size: '0x68'
-    .pdata:
-      Entropy: 3.502267951968367
-      Virtual Size: '0xfc'
-    PAGE:
-      Entropy: 4.079225801519104
-      Virtual Size: '0x2c'
-    INIT:
-      Entropy: 5.40476343320525
-      Virtual Size: '0x522'
-    .rsrc:
-      Entropy: 3.572691865904277
-      Virtual Size: '0x450'
-    .reloc:
-      Entropy: 3.5093407582869136
-      Virtual Size: '0x28'
-  CompanyName: Windows (R) Win 7 DDK provider
-  FileDescription: DcProtect Driver
-  InternalName: DcProtect.sys
-  OriginalFilename: DcProtect.sys
-  FileVersion: 1.2.0.0
-  ProductName: 'DcProtect (R) Win8.1x64 driver '
-  LegalCopyright: Copyright (C) 2012-2020 Jiangmen Eyun Network Co.,Ltd. 2019
-  ProductVersion: 1.2.0.0
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert, Inc., CN=DigiCert Timestamp 2021
-      ValidFrom: '2021-01-01 00:00:00'
-      ValidTo: '2031-01-06 00:00:00'
-      Signature: 481cdcb5e99a23bce71ae7200e8e6746fd427251740a2347a3ab92d225c47059be14a0e52781a54d1415190779f0d104c386d93bbdfe4402664ded69a40ff6b870cf62e8f5514a7879367a27b7f3e7529f93a7ed439e7be7b4dd412289fb87a246034efcf4feb76477635f2352698382fa1a53ed90cc8da117730df4f36539704bf39cd67a7bda0cbc3d32d01bcbf561fc75080076bc810ef8c0e15ccfc41172e71b6449d8229a751542f52d323881daf460a2bab452fb5ce06124254fb2dfc929a8734351dabd63d61f5b9bf72e1b4f131df74a0d717e97b7f43f84ebc1e3a349a1facea7bf56cfba597661895f7ea7b48e6778f93698e1cb28da5b87a68a2f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 0d424ae0be3a88ff604021ce1400f0dd
-      Version: 3
-      TBS:
-        MD5: c0189c338449a42fe8358c2c1fbecc60
-        SHA1: b8ac0ee6875594b80ad86a6df6dd1fa3048c187c
-        SHA256: a43de6baf968a942da017b70769fdb65b3cfb1bbca1f9174da26a7d8aae78ec5
-        SHA384: 76d3a316a5a106050298418cce3beea16100524723d9e3220b0de51bfb6f1c35a5d4c7cd10b358fef7bf94c3e3562150
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Assured
-        ID Timestamping CA
-      ValidFrom: '2016-01-07 12:00:00'
-      ValidTo: '2031-01-07 12:00:00'
-      Signature: 719512e951875669cdefddda7caa637ab378cf06374084ef4b84bfcacf0302fdc5a7c30e20422caf77f32b1f0c215a2ab705341d6aae99f827a266bf09aa60df76a43a930ff8b2d1d87c1962e85e82251ec4ba1c7b2c21e2d65b2c1435430468b2db7502e072c798d63c64e51f4810185f8938614d62462487638c91522caf2989e5781fd60b14a580d7124770b375d59385937eb69267fb536189a8f56b96c0f458690d7cc801b1b92875b7996385228c61ca79947e59fc8c0fe36fb50126b66ca5ee875121e458609bba0c2d2b6da2c47ebbc4252b4702087c49ae13b6e17c424228c61856cf4134b6665db6747bf55633222f2236b24ba24a95d8f5a68e52
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 0aa125d6d6321b7e41e405da3697c215
-      Version: 3
-      TBS:
-        MD5: 8d26184fc613f89aba1cefb30fce1b53
-        SHA1: 63a7e376bad5ec2e419d514a403bcf46c8d31d95
-        SHA256: 56b5f0d9db578e3f142921daa387902722a76700375c7e1c4ae0ba004bacaa0c
-        SHA384: d8c9691fe9dbe182f07b49b07fbb4f589fa7b38b5c4d21f265d3a2e818f4b1bfb39e03faab2ec05bb10333a99914fb8a
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: ??=CN, ??=, ??=, ??=Private Organization, serialNumber=91440703345542411W,
-        C=CN, ST=Guangdong, L=Jiangmen, O=Jiangmen Eyun Network Co., Ltd., CN=Jiangmen
-        Eyun Network Co., Ltd.
-      ValidFrom: '2019-04-24 00:00:00'
-      ValidTo: '2021-04-28 12:00:00'
-      Signature: 40287d210da467c6e8ff239183f0afaded732c19b48eaed1ac490ed9f5e6660576c79ca74ca3d27e2647113e26953c4da58bcbcbd2fd9ef4a402ec0f9715bc44d7c1a4c2fb3909b19e532db2acbf644434b8ad7a583192ca0abd8f8270b08f3cbd1af5874520c8d86173b5b4177a6f4c84fe1a06e4bc4d2378d6d8021c77bba07044d90a91fae6eaf3db9cb8c5954ce2ac5a67be7150a56785a5ff65ed27ec3bd9c47017a5460cd592108d84d803de5ab05d21de72829bbd5bdc42c36d2e1a4e4e0946c0d6e9987ee5634c5eb7340f2b8b30ac11a321b43d20043c88fe1164f8e18d55b00eb050e66be95f2589dc4719590d5a57213bbf51e8777f2a28e20fb4
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0abe0ae214534ce0db8c4784e7b8b9f6
-      Version: 3
-      TBS:
-        MD5: 85b79b9fe18b3766b667a26271e4c146
-        SHA1: 74ff1f4cae4c7cc002981fc5b4b01b62347bc21b
-        SHA256: 6a558777a73413544b90a528696e6ccaab26a49ea0694d59b50252147681f7e4
-        SHA384: af51a957aea8ab15498d1feb160d1304a4ebf17f02199acbf0a02eda15a33afaa5360e39d17d383521546e1a57b384d2
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA
-      ValidFrom: '2012-04-18 12:00:00'
-      ValidTo: '2027-04-18 12:00:00'
-      Signature: 9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0dd0e3374ac95bdbfa6b434b2a48ec06
-      Version: 3
-      TBS:
-        MD5: f92649915476229b093c211c2b18e6c4
-        SHA1: 2d54c16a8f8b69ccdea48d0603c132f547a5cf75
-        SHA256: 2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
-        SHA384: 511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace
-    Signer:
-    - SerialNumber: 0abe0ae214534ce0db8c4784e7b8b9f6
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA
-      Version: 1
-  Authentihash:
-    MD5: 96cd68100963cf38f3090777a3dfc543
-    SHA1: 87c65b5bc7991c7161e41dcd609ab3cacf1c5753
-    SHA256: 3f085bc766d865fa012163ed7c044af25285525b1276b6cef2085efab78e9b66
-  RichPEHeaderHash:
-    MD5: 4d8a663ae2f765ff317d5e042cf62899
-    SHA1: b11ddc426a9801d4f3dd3b6cd1fa2ca1e1d86ada
-    SHA256: 1427e72e0fca467e4abd192177e4e875daa5b27e2cb22ce10aee1f1500df6b2c
-  Description: DcProtect Driver
-  Company: Windows (R) Win 7 DDK provider
-  Product: 'DcProtect (R) Win8.1x64 driver '
-  Copyright: Copyright (C) 2012-2020 Jiangmen Eyun Network Co.,Ltd. 2019
-  MachineType: AMD64
-  Imports:
-  - FLTMGR.SYS
-  - ntoskrnl.exe
-- Filename: ''
-  Libraries:
-  - FLTMGR.SYS
-  - ntoskrnl.exe
-  ImportedFunctions:
-  - FltRegisterFilter
-  - FltUnregisterFilter
-  - FltStartFiltering
-  - FltCreateCommunicationPort
-  - FltCloseCommunicationPort
-  - FltCloseClientPort
-  - FltBuildDefaultSecurityDescriptor
-  - FltFreeSecurityDescriptor
-  - _strlwr
-  - strstr
-  - RtlInitUnicodeString
-  - RtlCopyUnicodeString
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - ExGetPreviousMode
-  - CmUnRegisterCallback
-  - CmRegisterCallbackEx
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - IoGetCurrentProcess
-  - MmIsAddressValid
-  - PsGetProcessId
-  - ObQueryNameString
-  - FsRtlIsNameInExpression
-  - sprintf
-  - _except_handler3
-  - memcpy
-  - memset
-  ExportedFunctions: ''
-  MD5: c28b4a60ebd4b8c12861829cc13aa6ff
-  SHA1: ba5b4eaa7cab012b71a8a973899eeee47a12becc
-  SHA256: ff55c1f308a5694eb66a3e9ba326266c826c5341c44958831a7a59a23ed5ecc8
-  Imphash: 2ece23bdef16ee294bd905c7ba1be589
-  Machine: I386
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2021-01-06 09:14:24'
-  RichPEHeaderMD5: 555e8cb2ed5b1eea11f804a11c4aef99
-  RichPEHeaderSHA1: 632b7ac9f88af93d18cefa583390b26172e109e5
-  RichPEHeaderSHA256: be22bb21e6e37fe1daf872d2d703d4aa26a6a58f2d5844ae4c57990aaf50a389
-  AuthentihashMD5: 9674f398b8e67adf4d10637287d56acb
-  AuthentihashSHA1: c7cf5617544aea0c8df8adb71cdc1951b88cb381
-  AuthentihashSHA256: 68fcb5cf6723dd195cf6d929cf9c6aaaca649f6956eb3bd63c2c1a8391c0b21f
-  Sections:
-    .text:
-      Entropy: 6.308037981479057
-      Virtual Size: '0x946'
-    .rdata:
-      Entropy: 3.7050277120937967
-      Virtual Size: '0x444'
-    .data:
-      Entropy: 0.830872163407438
-      Virtual Size: '0x54'
-    PAGE:
-      Entropy: 3.895638807527667
-      Virtual Size: '0x24'
-    INIT:
-      Entropy: 5.643218995926574
-      Virtual Size: '0x452'
-    .rsrc:
-      Entropy: 3.5759323102278784
-      Virtual Size: '0x450'
-    .reloc:
-      Entropy: 5.6072871377452635
-      Virtual Size: '0x114'
-  CompanyName: Windows (R) Win 7 DDK provider
-  FileDescription: DcProtect Driver
-  InternalName: DcProtect.sys
-  OriginalFilename: DcProtect.sys
-  FileVersion: 1.2.0.0
-  ProductName: 'DcProtect (R) Win8.1x86 driver '
-  LegalCopyright: Copyright (C) 2012-2020 Jiangmen Eyun Network Co.,Ltd. 2019
-  ProductVersion: 1.2.0.0
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert, Inc., CN=DigiCert Timestamp 2021
-      ValidFrom: '2021-01-01 00:00:00'
-      ValidTo: '2031-01-06 00:00:00'
-      Signature: 481cdcb5e99a23bce71ae7200e8e6746fd427251740a2347a3ab92d225c47059be14a0e52781a54d1415190779f0d104c386d93bbdfe4402664ded69a40ff6b870cf62e8f5514a7879367a27b7f3e7529f93a7ed439e7be7b4dd412289fb87a246034efcf4feb76477635f2352698382fa1a53ed90cc8da117730df4f36539704bf39cd67a7bda0cbc3d32d01bcbf561fc75080076bc810ef8c0e15ccfc41172e71b6449d8229a751542f52d323881daf460a2bab452fb5ce06124254fb2dfc929a8734351dabd63d61f5b9bf72e1b4f131df74a0d717e97b7f43f84ebc1e3a349a1facea7bf56cfba597661895f7ea7b48e6778f93698e1cb28da5b87a68a2f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 0d424ae0be3a88ff604021ce1400f0dd
-      Version: 3
-      TBS:
-        MD5: c0189c338449a42fe8358c2c1fbecc60
-        SHA1: b8ac0ee6875594b80ad86a6df6dd1fa3048c187c
-        SHA256: a43de6baf968a942da017b70769fdb65b3cfb1bbca1f9174da26a7d8aae78ec5
-        SHA384: 76d3a316a5a106050298418cce3beea16100524723d9e3220b0de51bfb6f1c35a5d4c7cd10b358fef7bf94c3e3562150
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Assured
-        ID Timestamping CA
-      ValidFrom: '2016-01-07 12:00:00'
-      ValidTo: '2031-01-07 12:00:00'
-      Signature: 719512e951875669cdefddda7caa637ab378cf06374084ef4b84bfcacf0302fdc5a7c30e20422caf77f32b1f0c215a2ab705341d6aae99f827a266bf09aa60df76a43a930ff8b2d1d87c1962e85e82251ec4ba1c7b2c21e2d65b2c1435430468b2db7502e072c798d63c64e51f4810185f8938614d62462487638c91522caf2989e5781fd60b14a580d7124770b375d59385937eb69267fb536189a8f56b96c0f458690d7cc801b1b92875b7996385228c61ca79947e59fc8c0fe36fb50126b66ca5ee875121e458609bba0c2d2b6da2c47ebbc4252b4702087c49ae13b6e17c424228c61856cf4134b6665db6747bf55633222f2236b24ba24a95d8f5a68e52
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 0aa125d6d6321b7e41e405da3697c215
-      Version: 3
-      TBS:
-        MD5: 8d26184fc613f89aba1cefb30fce1b53
-        SHA1: 63a7e376bad5ec2e419d514a403bcf46c8d31d95
-        SHA256: 56b5f0d9db578e3f142921daa387902722a76700375c7e1c4ae0ba004bacaa0c
-        SHA384: d8c9691fe9dbe182f07b49b07fbb4f589fa7b38b5c4d21f265d3a2e818f4b1bfb39e03faab2ec05bb10333a99914fb8a
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: ??=CN, ??=, ??=, ??=Private Organization, serialNumber=91440703345542411W,
-        C=CN, ST=Guangdong, L=Jiangmen, O=Jiangmen Eyun Network Co., Ltd., CN=Jiangmen
-        Eyun Network Co., Ltd.
-      ValidFrom: '2019-04-24 00:00:00'
-      ValidTo: '2021-04-28 12:00:00'
-      Signature: 40287d210da467c6e8ff239183f0afaded732c19b48eaed1ac490ed9f5e6660576c79ca74ca3d27e2647113e26953c4da58bcbcbd2fd9ef4a402ec0f9715bc44d7c1a4c2fb3909b19e532db2acbf644434b8ad7a583192ca0abd8f8270b08f3cbd1af5874520c8d86173b5b4177a6f4c84fe1a06e4bc4d2378d6d8021c77bba07044d90a91fae6eaf3db9cb8c5954ce2ac5a67be7150a56785a5ff65ed27ec3bd9c47017a5460cd592108d84d803de5ab05d21de72829bbd5bdc42c36d2e1a4e4e0946c0d6e9987ee5634c5eb7340f2b8b30ac11a321b43d20043c88fe1164f8e18d55b00eb050e66be95f2589dc4719590d5a57213bbf51e8777f2a28e20fb4
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0abe0ae214534ce0db8c4784e7b8b9f6
-      Version: 3
-      TBS:
-        MD5: 85b79b9fe18b3766b667a26271e4c146
-        SHA1: 74ff1f4cae4c7cc002981fc5b4b01b62347bc21b
-        SHA256: 6a558777a73413544b90a528696e6ccaab26a49ea0694d59b50252147681f7e4
-        SHA384: af51a957aea8ab15498d1feb160d1304a4ebf17f02199acbf0a02eda15a33afaa5360e39d17d383521546e1a57b384d2
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA
-      ValidFrom: '2012-04-18 12:00:00'
-      ValidTo: '2027-04-18 12:00:00'
-      Signature: 9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0dd0e3374ac95bdbfa6b434b2a48ec06
-      Version: 3
-      TBS:
-        MD5: f92649915476229b093c211c2b18e6c4
-        SHA1: 2d54c16a8f8b69ccdea48d0603c132f547a5cf75
-        SHA256: 2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
-        SHA384: 511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace
-    Signer:
-    - SerialNumber: 0abe0ae214534ce0db8c4784e7b8b9f6
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA
-      Version: 1
-  Authentihash:
-    MD5: 9674f398b8e67adf4d10637287d56acb
-    SHA1: c7cf5617544aea0c8df8adb71cdc1951b88cb381
-    SHA256: 68fcb5cf6723dd195cf6d929cf9c6aaaca649f6956eb3bd63c2c1a8391c0b21f
-  RichPEHeaderHash:
-    MD5: 555e8cb2ed5b1eea11f804a11c4aef99
-    SHA1: 632b7ac9f88af93d18cefa583390b26172e109e5
-    SHA256: be22bb21e6e37fe1daf872d2d703d4aa26a6a58f2d5844ae4c57990aaf50a389
-  Description: DcProtect Driver
-  Company: Windows (R) Win 7 DDK provider
-  Product: 'DcProtect (R) Win8.1x86 driver '
-  Copyright: Copyright (C) 2012-2020 Jiangmen Eyun Network Co.,Ltd. 2019
-  MachineType: I386
-  Imports:
-  - FLTMGR.SYS
-  - ntoskrnl.exe
-- Filename: ''
-  Libraries:
-  - FLTMGR.SYS
-  - ntoskrnl.exe
-  ImportedFunctions:
-  - FltRegisterFilter
-  - FltUnregisterFilter
-  - FltStartFiltering
-  - FltCreateCommunicationPort
-  - FltCloseCommunicationPort
-  - FltCloseClientPort
-  - FltBuildDefaultSecurityDescriptor
-  - FltFreeSecurityDescriptor
-  - _strlwr
-  - strstr
-  - RtlInitUnicodeString
-  - RtlCopyUnicodeString
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - ExGetPreviousMode
-  - CmUnRegisterCallback
-  - CmRegisterCallbackEx
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - IoGetCurrentProcess
-  - MmIsAddressValid
-  - PsGetProcessId
-  - ObQueryNameString
-  - FsRtlIsNameInExpression
-  - sprintf
-  - __C_specific_handler
-  ExportedFunctions: ''
-  MD5: c52dce2bee8ec88748411e470ff531f6
-  SHA1: 47830d6d3ee2d2a643abf46a72738d77f14114bc
-  SHA256: f8d45fa03f56e2ea14920b902856666b8d44f1f1b16644baf8c1ae9a61851fb6
-  Imphash: e800cd3299d4cda0d9e02255acc3b7dd
-  Machine: AMD64
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2021-01-06 09:16:44'
-  RichPEHeaderMD5: 4d8a663ae2f765ff317d5e042cf62899
-  RichPEHeaderSHA1: b11ddc426a9801d4f3dd3b6cd1fa2ca1e1d86ada
-  RichPEHeaderSHA256: 1427e72e0fca467e4abd192177e4e875daa5b27e2cb22ce10aee1f1500df6b2c
-  AuthentihashMD5: d23bcd43e1a50a59ecdbf9069b37207a
-  AuthentihashSHA1: 79e6df018bd867ebefb8400297f57f5d1586d10a
-  AuthentihashSHA256: 1b14ff6a1054fa4bae158111fbcaf35baeedaa9b664c8fb7241db98f7e1c6c20
-  Sections:
-    .text:
-      Entropy: 6.1933071166252995
-      Virtual Size: '0xeff'
-    .rdata:
-      Entropy: 3.4786745698115404
-      Virtual Size: '0x6dc'
-    .data:
-      Entropy: 1.1394755320256174
-      Virtual Size: '0x68'
-    .pdata:
-      Entropy: 3.502267951968367
-      Virtual Size: '0xfc'
-    PAGE:
-      Entropy: 4.079225801519104
-      Virtual Size: '0x2c'
-    INIT:
-      Entropy: 5.40476343320525
-      Virtual Size: '0x522'
-    .rsrc:
-      Entropy: 3.562368572646181
-      Virtual Size: '0x450'
-    .reloc:
-      Entropy: 3.5093407582869136
-      Virtual Size: '0x28'
-  CompanyName: Windows (R) Win 7 DDK provider
-  FileDescription: DcProtect Driver
-  InternalName: DcProtect.sys
-  OriginalFilename: DcProtect.sys
-  FileVersion: 1.2.0.0
-  ProductName: 'DcProtect (R) Win8x64 driver '
-  LegalCopyright: Copyright (C) 2012-2020 Jiangmen Eyun Network Co.,Ltd. 2019
-  ProductVersion: 1.2.0.0
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert, Inc., CN=DigiCert Timestamp 2021
-      ValidFrom: '2021-01-01 00:00:00'
-      ValidTo: '2031-01-06 00:00:00'
-      Signature: 481cdcb5e99a23bce71ae7200e8e6746fd427251740a2347a3ab92d225c47059be14a0e52781a54d1415190779f0d104c386d93bbdfe4402664ded69a40ff6b870cf62e8f5514a7879367a27b7f3e7529f93a7ed439e7be7b4dd412289fb87a246034efcf4feb76477635f2352698382fa1a53ed90cc8da117730df4f36539704bf39cd67a7bda0cbc3d32d01bcbf561fc75080076bc810ef8c0e15ccfc41172e71b6449d8229a751542f52d323881daf460a2bab452fb5ce06124254fb2dfc929a8734351dabd63d61f5b9bf72e1b4f131df74a0d717e97b7f43f84ebc1e3a349a1facea7bf56cfba597661895f7ea7b48e6778f93698e1cb28da5b87a68a2f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 0d424ae0be3a88ff604021ce1400f0dd
-      Version: 3
-      TBS:
-        MD5: c0189c338449a42fe8358c2c1fbecc60
-        SHA1: b8ac0ee6875594b80ad86a6df6dd1fa3048c187c
-        SHA256: a43de6baf968a942da017b70769fdb65b3cfb1bbca1f9174da26a7d8aae78ec5
-        SHA384: 76d3a316a5a106050298418cce3beea16100524723d9e3220b0de51bfb6f1c35a5d4c7cd10b358fef7bf94c3e3562150
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Assured
-        ID Timestamping CA
-      ValidFrom: '2016-01-07 12:00:00'
-      ValidTo: '2031-01-07 12:00:00'
-      Signature: 719512e951875669cdefddda7caa637ab378cf06374084ef4b84bfcacf0302fdc5a7c30e20422caf77f32b1f0c215a2ab705341d6aae99f827a266bf09aa60df76a43a930ff8b2d1d87c1962e85e82251ec4ba1c7b2c21e2d65b2c1435430468b2db7502e072c798d63c64e51f4810185f8938614d62462487638c91522caf2989e5781fd60b14a580d7124770b375d59385937eb69267fb536189a8f56b96c0f458690d7cc801b1b92875b7996385228c61ca79947e59fc8c0fe36fb50126b66ca5ee875121e458609bba0c2d2b6da2c47ebbc4252b4702087c49ae13b6e17c424228c61856cf4134b6665db6747bf55633222f2236b24ba24a95d8f5a68e52
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 0aa125d6d6321b7e41e405da3697c215
-      Version: 3
-      TBS:
-        MD5: 8d26184fc613f89aba1cefb30fce1b53
-        SHA1: 63a7e376bad5ec2e419d514a403bcf46c8d31d95
-        SHA256: 56b5f0d9db578e3f142921daa387902722a76700375c7e1c4ae0ba004bacaa0c
-        SHA384: d8c9691fe9dbe182f07b49b07fbb4f589fa7b38b5c4d21f265d3a2e818f4b1bfb39e03faab2ec05bb10333a99914fb8a
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: ??=CN, ??=, ??=, ??=Private Organization, serialNumber=91440703345542411W,
-        C=CN, ST=Guangdong, L=Jiangmen, O=Jiangmen Eyun Network Co., Ltd., CN=Jiangmen
-        Eyun Network Co., Ltd.
-      ValidFrom: '2019-04-24 00:00:00'
-      ValidTo: '2021-04-28 12:00:00'
-      Signature: 40287d210da467c6e8ff239183f0afaded732c19b48eaed1ac490ed9f5e6660576c79ca74ca3d27e2647113e26953c4da58bcbcbd2fd9ef4a402ec0f9715bc44d7c1a4c2fb3909b19e532db2acbf644434b8ad7a583192ca0abd8f8270b08f3cbd1af5874520c8d86173b5b4177a6f4c84fe1a06e4bc4d2378d6d8021c77bba07044d90a91fae6eaf3db9cb8c5954ce2ac5a67be7150a56785a5ff65ed27ec3bd9c47017a5460cd592108d84d803de5ab05d21de72829bbd5bdc42c36d2e1a4e4e0946c0d6e9987ee5634c5eb7340f2b8b30ac11a321b43d20043c88fe1164f8e18d55b00eb050e66be95f2589dc4719590d5a57213bbf51e8777f2a28e20fb4
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0abe0ae214534ce0db8c4784e7b8b9f6
-      Version: 3
-      TBS:
-        MD5: 85b79b9fe18b3766b667a26271e4c146
-        SHA1: 74ff1f4cae4c7cc002981fc5b4b01b62347bc21b
-        SHA256: 6a558777a73413544b90a528696e6ccaab26a49ea0694d59b50252147681f7e4
-        SHA384: af51a957aea8ab15498d1feb160d1304a4ebf17f02199acbf0a02eda15a33afaa5360e39d17d383521546e1a57b384d2
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA
-      ValidFrom: '2012-04-18 12:00:00'
-      ValidTo: '2027-04-18 12:00:00'
-      Signature: 9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0dd0e3374ac95bdbfa6b434b2a48ec06
-      Version: 3
-      TBS:
-        MD5: f92649915476229b093c211c2b18e6c4
-        SHA1: 2d54c16a8f8b69ccdea48d0603c132f547a5cf75
-        SHA256: 2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
-        SHA384: 511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace
-    Signer:
-    - SerialNumber: 0abe0ae214534ce0db8c4784e7b8b9f6
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA
-      Version: 1
-  Authentihash:
-    MD5: d23bcd43e1a50a59ecdbf9069b37207a
-    SHA1: 79e6df018bd867ebefb8400297f57f5d1586d10a
-    SHA256: 1b14ff6a1054fa4bae158111fbcaf35baeedaa9b664c8fb7241db98f7e1c6c20
-  RichPEHeaderHash:
-    MD5: 4d8a663ae2f765ff317d5e042cf62899
-    SHA1: b11ddc426a9801d4f3dd3b6cd1fa2ca1e1d86ada
-    SHA256: 1427e72e0fca467e4abd192177e4e875daa5b27e2cb22ce10aee1f1500df6b2c
-  Description: DcProtect Driver
-  Company: Windows (R) Win 7 DDK provider
-  Product: 'DcProtect (R) Win8x64 driver '
-  Copyright: Copyright (C) 2012-2020 Jiangmen Eyun Network Co.,Ltd. 2019
-  MachineType: AMD64
-  Imports:
-  - FLTMGR.SYS
-  - ntoskrnl.exe
-- Filename: ''
-  Libraries:
-  - FLTMGR.SYS
-  - ntoskrnl.exe
-  ImportedFunctions:
-  - FltRegisterFilter
-  - FltUnregisterFilter
-  - FltStartFiltering
-  - FltCreateCommunicationPort
-  - FltCloseCommunicationPort
-  - FltCloseClientPort
-  - FltBuildDefaultSecurityDescriptor
-  - FltFreeSecurityDescriptor
-  - _strlwr
-  - strstr
-  - RtlInitUnicodeString
-  - RtlCopyUnicodeString
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - ExGetPreviousMode
-  - CmUnRegisterCallback
-  - CmRegisterCallbackEx
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - IoGetCurrentProcess
-  - MmIsAddressValid
-  - PsGetProcessId
-  - ObQueryNameString
-  - FsRtlIsNameInExpression
-  - sprintf
-  - _except_handler3
-  - memcpy
-  - memset
-  ExportedFunctions: ''
-  MD5: 3e9ee8418f22a8ae0e2bf6ff293988fa
-  SHA1: f8e88630dae53e0b54edefdefa36d96c3dcbd776
-  SHA256: c35cab244bd88bf0b1e7fc89c587d82763f66cf1108084713f867f72cc6f3633
-  Imphash: 2ece23bdef16ee294bd905c7ba1be589
-  Machine: I386
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2021-01-06 09:13:53'
-  RichPEHeaderMD5: 555e8cb2ed5b1eea11f804a11c4aef99
-  RichPEHeaderSHA1: 632b7ac9f88af93d18cefa583390b26172e109e5
-  RichPEHeaderSHA256: be22bb21e6e37fe1daf872d2d703d4aa26a6a58f2d5844ae4c57990aaf50a389
-  AuthentihashMD5: ac737185ad0ab4144de464bc0c1aa6a6
-  AuthentihashSHA1: 8d81b766e0a9e03109ccf5414649d95c0b0c7466
-  AuthentihashSHA256: bf1264cf5b9ca687a447a5021394db27eecf31f009185deb634b32f7ed49f620
-  Sections:
-    .text:
-      Entropy: 6.308037981479057
-      Virtual Size: '0x946'
-    .rdata:
-      Entropy: 3.7057190010151917
-      Virtual Size: '0x444'
-    .data:
-      Entropy: 0.830872163407438
-      Virtual Size: '0x54'
-    PAGE:
-      Entropy: 3.895638807527667
-      Virtual Size: '0x24'
-    INIT:
-      Entropy: 5.643218995926574
-      Virtual Size: '0x452'
-    .rsrc:
-      Entropy: 3.5681043860840607
-      Virtual Size: '0x450'
-    .reloc:
-      Entropy: 5.6072871377452635
-      Virtual Size: '0x114'
-  CompanyName: Windows (R) Win 7 DDK provider
-  FileDescription: DcProtect Driver
-  InternalName: DcProtect.sys
-  OriginalFilename: DcProtect.sys
-  FileVersion: 1.2.0.0
-  ProductName: 'DcProtect (R) Win8x86 driver '
-  LegalCopyright: Copyright (C) 2012-2020 Jiangmen Eyun Network Co.,Ltd. 2019
-  ProductVersion: 1.2.0.0
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert, Inc., CN=DigiCert Timestamp 2021
-      ValidFrom: '2021-01-01 00:00:00'
-      ValidTo: '2031-01-06 00:00:00'
-      Signature: 481cdcb5e99a23bce71ae7200e8e6746fd427251740a2347a3ab92d225c47059be14a0e52781a54d1415190779f0d104c386d93bbdfe4402664ded69a40ff6b870cf62e8f5514a7879367a27b7f3e7529f93a7ed439e7be7b4dd412289fb87a246034efcf4feb76477635f2352698382fa1a53ed90cc8da117730df4f36539704bf39cd67a7bda0cbc3d32d01bcbf561fc75080076bc810ef8c0e15ccfc41172e71b6449d8229a751542f52d323881daf460a2bab452fb5ce06124254fb2dfc929a8734351dabd63d61f5b9bf72e1b4f131df74a0d717e97b7f43f84ebc1e3a349a1facea7bf56cfba597661895f7ea7b48e6778f93698e1cb28da5b87a68a2f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 0d424ae0be3a88ff604021ce1400f0dd
-      Version: 3
-      TBS:
-        MD5: c0189c338449a42fe8358c2c1fbecc60
-        SHA1: b8ac0ee6875594b80ad86a6df6dd1fa3048c187c
-        SHA256: a43de6baf968a942da017b70769fdb65b3cfb1bbca1f9174da26a7d8aae78ec5
-        SHA384: 76d3a316a5a106050298418cce3beea16100524723d9e3220b0de51bfb6f1c35a5d4c7cd10b358fef7bf94c3e3562150
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Assured
-        ID Timestamping CA
-      ValidFrom: '2016-01-07 12:00:00'
-      ValidTo: '2031-01-07 12:00:00'
-      Signature: 719512e951875669cdefddda7caa637ab378cf06374084ef4b84bfcacf0302fdc5a7c30e20422caf77f32b1f0c215a2ab705341d6aae99f827a266bf09aa60df76a43a930ff8b2d1d87c1962e85e82251ec4ba1c7b2c21e2d65b2c1435430468b2db7502e072c798d63c64e51f4810185f8938614d62462487638c91522caf2989e5781fd60b14a580d7124770b375d59385937eb69267fb536189a8f56b96c0f458690d7cc801b1b92875b7996385228c61ca79947e59fc8c0fe36fb50126b66ca5ee875121e458609bba0c2d2b6da2c47ebbc4252b4702087c49ae13b6e17c424228c61856cf4134b6665db6747bf55633222f2236b24ba24a95d8f5a68e52
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 0aa125d6d6321b7e41e405da3697c215
-      Version: 3
-      TBS:
-        MD5: 8d26184fc613f89aba1cefb30fce1b53
-        SHA1: 63a7e376bad5ec2e419d514a403bcf46c8d31d95
-        SHA256: 56b5f0d9db578e3f142921daa387902722a76700375c7e1c4ae0ba004bacaa0c
-        SHA384: d8c9691fe9dbe182f07b49b07fbb4f589fa7b38b5c4d21f265d3a2e818f4b1bfb39e03faab2ec05bb10333a99914fb8a
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: ??=CN, ??=, ??=, ??=Private Organization, serialNumber=91440703345542411W,
-        C=CN, ST=Guangdong, L=Jiangmen, O=Jiangmen Eyun Network Co., Ltd., CN=Jiangmen
-        Eyun Network Co., Ltd.
-      ValidFrom: '2019-04-24 00:00:00'
-      ValidTo: '2021-04-28 12:00:00'
-      Signature: 40287d210da467c6e8ff239183f0afaded732c19b48eaed1ac490ed9f5e6660576c79ca74ca3d27e2647113e26953c4da58bcbcbd2fd9ef4a402ec0f9715bc44d7c1a4c2fb3909b19e532db2acbf644434b8ad7a583192ca0abd8f8270b08f3cbd1af5874520c8d86173b5b4177a6f4c84fe1a06e4bc4d2378d6d8021c77bba07044d90a91fae6eaf3db9cb8c5954ce2ac5a67be7150a56785a5ff65ed27ec3bd9c47017a5460cd592108d84d803de5ab05d21de72829bbd5bdc42c36d2e1a4e4e0946c0d6e9987ee5634c5eb7340f2b8b30ac11a321b43d20043c88fe1164f8e18d55b00eb050e66be95f2589dc4719590d5a57213bbf51e8777f2a28e20fb4
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0abe0ae214534ce0db8c4784e7b8b9f6
-      Version: 3
-      TBS:
-        MD5: 85b79b9fe18b3766b667a26271e4c146
-        SHA1: 74ff1f4cae4c7cc002981fc5b4b01b62347bc21b
-        SHA256: 6a558777a73413544b90a528696e6ccaab26a49ea0694d59b50252147681f7e4
-        SHA384: af51a957aea8ab15498d1feb160d1304a4ebf17f02199acbf0a02eda15a33afaa5360e39d17d383521546e1a57b384d2
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA
-      ValidFrom: '2012-04-18 12:00:00'
-      ValidTo: '2027-04-18 12:00:00'
-      Signature: 9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0dd0e3374ac95bdbfa6b434b2a48ec06
-      Version: 3
-      TBS:
-        MD5: f92649915476229b093c211c2b18e6c4
-        SHA1: 2d54c16a8f8b69ccdea48d0603c132f547a5cf75
-        SHA256: 2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
-        SHA384: 511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace
-    Signer:
-    - SerialNumber: 0abe0ae214534ce0db8c4784e7b8b9f6
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA
-      Version: 1
-  Authentihash:
-    MD5: ac737185ad0ab4144de464bc0c1aa6a6
-    SHA1: 8d81b766e0a9e03109ccf5414649d95c0b0c7466
-    SHA256: bf1264cf5b9ca687a447a5021394db27eecf31f009185deb634b32f7ed49f620
-  RichPEHeaderHash:
-    MD5: 555e8cb2ed5b1eea11f804a11c4aef99
-    SHA1: 632b7ac9f88af93d18cefa583390b26172e109e5
-    SHA256: be22bb21e6e37fe1daf872d2d703d4aa26a6a58f2d5844ae4c57990aaf50a389
-  Description: DcProtect Driver
-  Company: Windows (R) Win 7 DDK provider
-  Product: 'DcProtect (R) Win8x86 driver '
-  Copyright: Copyright (C) 2012-2020 Jiangmen Eyun Network Co.,Ltd. 2019
-  MachineType: I386
-  Imports:
-  - FLTMGR.SYS
-  - ntoskrnl.exe
-- Filename: ''
-  Libraries:
-  - FLTMGR.SYS
-  - ntoskrnl.exe
-  ImportedFunctions:
-  - FltRegisterFilter
-  - FltUnregisterFilter
-  - FltStartFiltering
-  - FltCreateCommunicationPort
-  - FltCloseCommunicationPort
-  - FltCloseClientPort
-  - FltBuildDefaultSecurityDescriptor
-  - FltFreeSecurityDescriptor
-  - _strlwr
-  - strstr
-  - RtlInitUnicodeString
-  - RtlCopyUnicodeString
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - ExGetPreviousMode
-  - CmUnRegisterCallback
-  - CmRegisterCallbackEx
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - IoGetCurrentProcess
-  - MmIsAddressValid
-  - PsGetProcessId
-  - ObQueryNameString
-  - FsRtlIsNameInExpression
-  - sprintf
-  - __C_specific_handler
-  ExportedFunctions: ''
-  MD5: 2ab9f5a66d75adb01171bb04ab4380f2
-  SHA1: 1479717fab67d98bbc3665f6b12adddfca74e0ef
-  SHA256: 1698ba7eeee6ff9272cc25b242af89190ff23fd9530f21aa8f0f3792412594f3
-  Imphash: e800cd3299d4cda0d9e02255acc3b7dd
-  Machine: AMD64
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2021-01-06 09:16:01'
-  RichPEHeaderMD5: c4e7e7af2fdd10d405127dc885585e78
-  RichPEHeaderSHA1: bb15c357ab3f88e7eb311098667c091cd5f129c3
-  RichPEHeaderSHA256: 7f2615ebe7385406ee5a6aba05c2a4b97cfdf498617fa8dae127640c6b6d465d
-  AuthentihashMD5: 039cffceb3ae187e569f5d727270298d
-  AuthentihashSHA1: a8b62bfd32512bd382fa1e236dbbe01a5be4cbeb
-  AuthentihashSHA256: 9923b3d6e508aa2086c66b36038b37206b0f8d26beaf87022290a2b574c2e047
-  Sections:
-    .text:
-      Entropy: 6.1933071166252995
-      Virtual Size: '0xeff'
-    .rdata:
-      Entropy: 3.5078823792385885
-      Virtual Size: '0x6cc'
-    .data:
-      Entropy: 1.1394755320256174
-      Virtual Size: '0x68'
-    .pdata:
-      Entropy: 3.530940511531345
-      Virtual Size: '0xfc'
-    PAGE:
-      Entropy: 4.079225801519104
-      Virtual Size: '0x2c'
-    INIT:
-      Entropy: 5.476024924621617
-      Virtual Size: '0x55a'
-    .rsrc:
-      Entropy: 3.561775255588161
-      Virtual Size: '0x450'
-    .reloc:
-      Entropy: 3.4420918598895933
-      Virtual Size: '0x28'
-  CompanyName: Windows (R) Win 7 DDK provider
-  FileDescription: DcProtect Driver
-  InternalName: DcProtect.sys
-  OriginalFilename: DcProtect.sys
-  FileVersion: 1.2.0.0
-  ProductName: 'DcProtect (R) Win7x64 driver '
-  LegalCopyright: Copyright (C) 2012-2020 Jiangmen Eyun Network Co.,Ltd. 2019
-  ProductVersion: 1.2.0.0
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert, Inc., CN=DigiCert Timestamp 2021
-      ValidFrom: '2021-01-01 00:00:00'
-      ValidTo: '2031-01-06 00:00:00'
-      Signature: 481cdcb5e99a23bce71ae7200e8e6746fd427251740a2347a3ab92d225c47059be14a0e52781a54d1415190779f0d104c386d93bbdfe4402664ded69a40ff6b870cf62e8f5514a7879367a27b7f3e7529f93a7ed439e7be7b4dd412289fb87a246034efcf4feb76477635f2352698382fa1a53ed90cc8da117730df4f36539704bf39cd67a7bda0cbc3d32d01bcbf561fc75080076bc810ef8c0e15ccfc41172e71b6449d8229a751542f52d323881daf460a2bab452fb5ce06124254fb2dfc929a8734351dabd63d61f5b9bf72e1b4f131df74a0d717e97b7f43f84ebc1e3a349a1facea7bf56cfba597661895f7ea7b48e6778f93698e1cb28da5b87a68a2f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 0d424ae0be3a88ff604021ce1400f0dd
-      Version: 3
-      TBS:
-        MD5: c0189c338449a42fe8358c2c1fbecc60
-        SHA1: b8ac0ee6875594b80ad86a6df6dd1fa3048c187c
-        SHA256: a43de6baf968a942da017b70769fdb65b3cfb1bbca1f9174da26a7d8aae78ec5
-        SHA384: 76d3a316a5a106050298418cce3beea16100524723d9e3220b0de51bfb6f1c35a5d4c7cd10b358fef7bf94c3e3562150
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Assured
-        ID Timestamping CA
-      ValidFrom: '2016-01-07 12:00:00'
-      ValidTo: '2031-01-07 12:00:00'
-      Signature: 719512e951875669cdefddda7caa637ab378cf06374084ef4b84bfcacf0302fdc5a7c30e20422caf77f32b1f0c215a2ab705341d6aae99f827a266bf09aa60df76a43a930ff8b2d1d87c1962e85e82251ec4ba1c7b2c21e2d65b2c1435430468b2db7502e072c798d63c64e51f4810185f8938614d62462487638c91522caf2989e5781fd60b14a580d7124770b375d59385937eb69267fb536189a8f56b96c0f458690d7cc801b1b92875b7996385228c61ca79947e59fc8c0fe36fb50126b66ca5ee875121e458609bba0c2d2b6da2c47ebbc4252b4702087c49ae13b6e17c424228c61856cf4134b6665db6747bf55633222f2236b24ba24a95d8f5a68e52
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 0aa125d6d6321b7e41e405da3697c215
-      Version: 3
-      TBS:
-        MD5: 8d26184fc613f89aba1cefb30fce1b53
-        SHA1: 63a7e376bad5ec2e419d514a403bcf46c8d31d95
-        SHA256: 56b5f0d9db578e3f142921daa387902722a76700375c7e1c4ae0ba004bacaa0c
-        SHA384: d8c9691fe9dbe182f07b49b07fbb4f589fa7b38b5c4d21f265d3a2e818f4b1bfb39e03faab2ec05bb10333a99914fb8a
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: ??=CN, ??=, ??=, ??=Private Organization, serialNumber=91440703345542411W,
-        C=CN, ST=Guangdong, L=Jiangmen, O=Jiangmen Eyun Network Co., Ltd., CN=Jiangmen
-        Eyun Network Co., Ltd.
-      ValidFrom: '2019-04-24 00:00:00'
-      ValidTo: '2021-04-28 12:00:00'
-      Signature: 40287d210da467c6e8ff239183f0afaded732c19b48eaed1ac490ed9f5e6660576c79ca74ca3d27e2647113e26953c4da58bcbcbd2fd9ef4a402ec0f9715bc44d7c1a4c2fb3909b19e532db2acbf644434b8ad7a583192ca0abd8f8270b08f3cbd1af5874520c8d86173b5b4177a6f4c84fe1a06e4bc4d2378d6d8021c77bba07044d90a91fae6eaf3db9cb8c5954ce2ac5a67be7150a56785a5ff65ed27ec3bd9c47017a5460cd592108d84d803de5ab05d21de72829bbd5bdc42c36d2e1a4e4e0946c0d6e9987ee5634c5eb7340f2b8b30ac11a321b43d20043c88fe1164f8e18d55b00eb050e66be95f2589dc4719590d5a57213bbf51e8777f2a28e20fb4
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0abe0ae214534ce0db8c4784e7b8b9f6
-      Version: 3
-      TBS:
-        MD5: 85b79b9fe18b3766b667a26271e4c146
-        SHA1: 74ff1f4cae4c7cc002981fc5b4b01b62347bc21b
-        SHA256: 6a558777a73413544b90a528696e6ccaab26a49ea0694d59b50252147681f7e4
-        SHA384: af51a957aea8ab15498d1feb160d1304a4ebf17f02199acbf0a02eda15a33afaa5360e39d17d383521546e1a57b384d2
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA
-      ValidFrom: '2012-04-18 12:00:00'
-      ValidTo: '2027-04-18 12:00:00'
-      Signature: 9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0dd0e3374ac95bdbfa6b434b2a48ec06
-      Version: 3
-      TBS:
-        MD5: f92649915476229b093c211c2b18e6c4
-        SHA1: 2d54c16a8f8b69ccdea48d0603c132f547a5cf75
-        SHA256: 2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
-        SHA384: 511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace
-    Signer:
-    - SerialNumber: 0abe0ae214534ce0db8c4784e7b8b9f6
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA
-      Version: 1
-  Authentihash:
-    MD5: 039cffceb3ae187e569f5d727270298d
-    SHA1: a8b62bfd32512bd382fa1e236dbbe01a5be4cbeb
-    SHA256: 9923b3d6e508aa2086c66b36038b37206b0f8d26beaf87022290a2b574c2e047
-  RichPEHeaderHash:
-    MD5: c4e7e7af2fdd10d405127dc885585e78
-    SHA1: bb15c357ab3f88e7eb311098667c091cd5f129c3
-    SHA256: 7f2615ebe7385406ee5a6aba05c2a4b97cfdf498617fa8dae127640c6b6d465d
-  Description: DcProtect Driver
-  Company: Windows (R) Win 7 DDK provider
-  Product: 'DcProtect (R) Win7x64 driver '
-  Copyright: Copyright (C) 2012-2020 Jiangmen Eyun Network Co.,Ltd. 2019
-  MachineType: AMD64
-  Imports:
-  - FLTMGR.SYS
-  - ntoskrnl.exe
-- Filename: ''
-  Libraries:
-  - FLTMGR.SYS
-  - ntoskrnl.exe
-  ImportedFunctions:
-  - FltRegisterFilter
-  - FltUnregisterFilter
-  - FltStartFiltering
-  - FltCreateCommunicationPort
-  - FltCloseCommunicationPort
-  - FltCloseClientPort
-  - FltBuildDefaultSecurityDescriptor
-  - FltFreeSecurityDescriptor
-  - _strlwr
-  - strstr
-  - RtlInitUnicodeString
-  - RtlCopyUnicodeString
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - ExGetPreviousMode
-  - CmUnRegisterCallback
-  - CmRegisterCallbackEx
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - IoGetCurrentProcess
-  - MmIsAddressValid
-  - PsGetProcessId
-  - ObQueryNameString
-  - FsRtlIsNameInExpression
-  - sprintf
-  - _except_handler3
-  - memcpy
-  - memset
-  ExportedFunctions: ''
-  MD5: 2c957aa79231fad8e221e035db6d0d81
-  SHA1: 6de3d5c2e33d91eef975a30bc07b0e53a68e77b8
-  SHA256: 55b5bcbf8fb4e1ce99d201d3903d785888c928aa26e947ce2cdb99eefd0dae03
-  Imphash: 2ece23bdef16ee294bd905c7ba1be589
-  Machine: I386
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2021-01-06 09:13:00'
-  RichPEHeaderMD5: 331d5fbc7084c96f08da4705084c4bc3
-  RichPEHeaderSHA1: 6e6ddabbb0c5d4d90269650e65477ae67bf17947
-  RichPEHeaderSHA256: 50cf67aa86ee44eeccc56f3ebc2f441c284470cd58f40766cfa05f534542983e
-  AuthentihashMD5: 007b4e42848dd962ea718006bab02c73
-  AuthentihashSHA1: b19d88aecf348d25a9dbe3d884a4069e5f79c49a
-  AuthentihashSHA256: 52b1c4667ef36a02a0e6d7f147b8d4bc0e30645e6c88bd2984e53abc693bc18e
-  Sections:
-    .text:
-      Entropy: 6.308037981479057
-      Virtual Size: '0x946'
-    .rdata:
-      Entropy: 3.7023655017712978
-      Virtual Size: '0x444'
-    .data:
-      Entropy: 0.830872163407438
-      Virtual Size: '0x54'
-    PAGE:
-      Entropy: 3.895638807527667
-      Virtual Size: '0x24'
-    INIT:
-      Entropy: 5.649483257924144
-      Virtual Size: '0x46a'
-    .rsrc:
-      Entropy: 3.5678412574106426
-      Virtual Size: '0x450'
-    .reloc:
-      Entropy: 5.595838177817881
-      Virtual Size: '0x11c'
-  CompanyName: Windows (R) Win 7 DDK provider
-  FileDescription: DcProtect Driver
-  InternalName: DcProtect.sys
-  OriginalFilename: DcProtect.sys
-  FileVersion: 1.2.0.0
-  ProductName: 'DcProtect (R) Win7x86 driver '
-  LegalCopyright: Copyright (C) 2012-2020 Jiangmen Eyun Network Co.,Ltd. 2019
-  ProductVersion: 1.2.0.0
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert, Inc., CN=DigiCert Timestamp 2021
-      ValidFrom: '2021-01-01 00:00:00'
-      ValidTo: '2031-01-06 00:00:00'
-      Signature: 481cdcb5e99a23bce71ae7200e8e6746fd427251740a2347a3ab92d225c47059be14a0e52781a54d1415190779f0d104c386d93bbdfe4402664ded69a40ff6b870cf62e8f5514a7879367a27b7f3e7529f93a7ed439e7be7b4dd412289fb87a246034efcf4feb76477635f2352698382fa1a53ed90cc8da117730df4f36539704bf39cd67a7bda0cbc3d32d01bcbf561fc75080076bc810ef8c0e15ccfc41172e71b6449d8229a751542f52d323881daf460a2bab452fb5ce06124254fb2dfc929a8734351dabd63d61f5b9bf72e1b4f131df74a0d717e97b7f43f84ebc1e3a349a1facea7bf56cfba597661895f7ea7b48e6778f93698e1cb28da5b87a68a2f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 0d424ae0be3a88ff604021ce1400f0dd
-      Version: 3
-      TBS:
-        MD5: c0189c338449a42fe8358c2c1fbecc60
-        SHA1: b8ac0ee6875594b80ad86a6df6dd1fa3048c187c
-        SHA256: a43de6baf968a942da017b70769fdb65b3cfb1bbca1f9174da26a7d8aae78ec5
-        SHA384: 76d3a316a5a106050298418cce3beea16100524723d9e3220b0de51bfb6f1c35a5d4c7cd10b358fef7bf94c3e3562150
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Assured
-        ID Timestamping CA
-      ValidFrom: '2016-01-07 12:00:00'
-      ValidTo: '2031-01-07 12:00:00'
-      Signature: 719512e951875669cdefddda7caa637ab378cf06374084ef4b84bfcacf0302fdc5a7c30e20422caf77f32b1f0c215a2ab705341d6aae99f827a266bf09aa60df76a43a930ff8b2d1d87c1962e85e82251ec4ba1c7b2c21e2d65b2c1435430468b2db7502e072c798d63c64e51f4810185f8938614d62462487638c91522caf2989e5781fd60b14a580d7124770b375d59385937eb69267fb536189a8f56b96c0f458690d7cc801b1b92875b7996385228c61ca79947e59fc8c0fe36fb50126b66ca5ee875121e458609bba0c2d2b6da2c47ebbc4252b4702087c49ae13b6e17c424228c61856cf4134b6665db6747bf55633222f2236b24ba24a95d8f5a68e52
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 0aa125d6d6321b7e41e405da3697c215
-      Version: 3
-      TBS:
-        MD5: 8d26184fc613f89aba1cefb30fce1b53
-        SHA1: 63a7e376bad5ec2e419d514a403bcf46c8d31d95
-        SHA256: 56b5f0d9db578e3f142921daa387902722a76700375c7e1c4ae0ba004bacaa0c
-        SHA384: d8c9691fe9dbe182f07b49b07fbb4f589fa7b38b5c4d21f265d3a2e818f4b1bfb39e03faab2ec05bb10333a99914fb8a
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: ??=CN, ??=, ??=, ??=Private Organization, serialNumber=91440703345542411W,
-        C=CN, ST=Guangdong, L=Jiangmen, O=Jiangmen Eyun Network Co., Ltd., CN=Jiangmen
-        Eyun Network Co., Ltd.
-      ValidFrom: '2019-04-24 00:00:00'
-      ValidTo: '2021-04-28 12:00:00'
-      Signature: 40287d210da467c6e8ff239183f0afaded732c19b48eaed1ac490ed9f5e6660576c79ca74ca3d27e2647113e26953c4da58bcbcbd2fd9ef4a402ec0f9715bc44d7c1a4c2fb3909b19e532db2acbf644434b8ad7a583192ca0abd8f8270b08f3cbd1af5874520c8d86173b5b4177a6f4c84fe1a06e4bc4d2378d6d8021c77bba07044d90a91fae6eaf3db9cb8c5954ce2ac5a67be7150a56785a5ff65ed27ec3bd9c47017a5460cd592108d84d803de5ab05d21de72829bbd5bdc42c36d2e1a4e4e0946c0d6e9987ee5634c5eb7340f2b8b30ac11a321b43d20043c88fe1164f8e18d55b00eb050e66be95f2589dc4719590d5a57213bbf51e8777f2a28e20fb4
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0abe0ae214534ce0db8c4784e7b8b9f6
-      Version: 3
-      TBS:
-        MD5: 85b79b9fe18b3766b667a26271e4c146
-        SHA1: 74ff1f4cae4c7cc002981fc5b4b01b62347bc21b
-        SHA256: 6a558777a73413544b90a528696e6ccaab26a49ea0694d59b50252147681f7e4
-        SHA384: af51a957aea8ab15498d1feb160d1304a4ebf17f02199acbf0a02eda15a33afaa5360e39d17d383521546e1a57b384d2
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA
-      ValidFrom: '2012-04-18 12:00:00'
-      ValidTo: '2027-04-18 12:00:00'
-      Signature: 9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0dd0e3374ac95bdbfa6b434b2a48ec06
-      Version: 3
-      TBS:
-        MD5: f92649915476229b093c211c2b18e6c4
-        SHA1: 2d54c16a8f8b69ccdea48d0603c132f547a5cf75
-        SHA256: 2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
-        SHA384: 511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace
-    Signer:
-    - SerialNumber: 0abe0ae214534ce0db8c4784e7b8b9f6
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA
-      Version: 1
-  Authentihash:
-    MD5: 007b4e42848dd962ea718006bab02c73
-    SHA1: b19d88aecf348d25a9dbe3d884a4069e5f79c49a
-    SHA256: 52b1c4667ef36a02a0e6d7f147b8d4bc0e30645e6c88bd2984e53abc693bc18e
-  RichPEHeaderHash:
-    MD5: 331d5fbc7084c96f08da4705084c4bc3
-    SHA1: 6e6ddabbb0c5d4d90269650e65477ae67bf17947
-    SHA256: 50cf67aa86ee44eeccc56f3ebc2f441c284470cd58f40766cfa05f534542983e
-  Description: DcProtect Driver
-  Company: Windows (R) Win 7 DDK provider
-  Product: 'DcProtect (R) Win7x86 driver '
-  Copyright: Copyright (C) 2012-2020 Jiangmen Eyun Network Co.,Ltd. 2019
-  MachineType: I386
-  Imports:
-  - FLTMGR.SYS
-  - ntoskrnl.exe
-Tags:
-- DcProtect.sys
+-   Filename: ''
+    Libraries:
+    - FLTMGR.SYS
+    - ntoskrnl.exe
+    ImportedFunctions:
+    - FltRegisterFilter
+    - FltUnregisterFilter
+    - FltStartFiltering
+    - FltCreateCommunicationPort
+    - FltCloseCommunicationPort
+    - FltCloseClientPort
+    - FltBuildDefaultSecurityDescriptor
+    - FltFreeSecurityDescriptor
+    - _strlwr
+    - strstr
+    - RtlInitUnicodeString
+    - RtlCopyUnicodeString
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - ExGetPreviousMode
+    - CmUnRegisterCallback
+    - CmRegisterCallbackEx
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - IoGetCurrentProcess
+    - MmIsAddressValid
+    - PsGetProcessId
+    - ObQueryNameString
+    - FsRtlIsNameInExpression
+    - sprintf
+    - __C_specific_handler
+    ExportedFunctions: ''
+    MD5: 563b33cfc3c815feff659caaa94edc33
+    SHA1: da689e8e0e3fc4c7114b44d185eef4c768e15946
+    SHA256: b2247e68386c1bdfd48687105c3728ebbad672daffa91b57845b4e49693ffd71
+    Imphash: e800cd3299d4cda0d9e02255acc3b7dd
+    Machine: AMD64
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2021-01-06 09:17:50'
+    RichPEHeaderMD5: 4d8a663ae2f765ff317d5e042cf62899
+    RichPEHeaderSHA1: b11ddc426a9801d4f3dd3b6cd1fa2ca1e1d86ada
+    RichPEHeaderSHA256: 1427e72e0fca467e4abd192177e4e875daa5b27e2cb22ce10aee1f1500df6b2c
+    AuthentihashMD5: 6eb18a9f44c6022e259088a2106f048c
+    AuthentihashSHA1: ea9a484278d7a80a46edcd096447bbea0c892f64
+    AuthentihashSHA256: 1ff54579dc4b76e814495d8e1d452a6f868adf06c2de0afdc5c3878b380d0a17
+    Sections:
+        .text:
+            Entropy: 6.1933071166252995
+            Virtual Size: '0xeff'
+        .rdata:
+            Entropy: 3.480895603142913
+            Virtual Size: '0x6dc'
+        .data:
+            Entropy: 1.1394755320256174
+            Virtual Size: '0x68'
+        .pdata:
+            Entropy: 3.502267951968367
+            Virtual Size: '0xfc'
+        PAGE:
+            Entropy: 4.079225801519104
+            Virtual Size: '0x2c'
+        INIT:
+            Entropy: 5.40476343320525
+            Virtual Size: '0x522'
+        .rsrc:
+            Entropy: 3.567006043557736
+            Virtual Size: '0x450'
+        .reloc:
+            Entropy: 3.5093407582869136
+            Virtual Size: '0x28'
+    CompanyName: Windows (R) Win 7 DDK provider
+    FileDescription: DcProtect Driver
+    InternalName: DcProtect.sys
+    OriginalFilename: DcProtect.sys
+    FileVersion: 1.2.0.0
+    ProductName: 'DcProtect (R) Win10x64 driver '
+    LegalCopyright: Copyright (C) 2012-2020 Jiangmen Eyun Network Co.,Ltd. 2019
+    ProductVersion: 1.2.0.0
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert, Inc., CN=DigiCert Timestamp 2021
+            ValidFrom: '2021-01-01 00:00:00'
+            ValidTo: '2031-01-06 00:00:00'
+            Signature: 481cdcb5e99a23bce71ae7200e8e6746fd427251740a2347a3ab92d225c47059be14a0e52781a54d1415190779f0d104c386d93bbdfe4402664ded69a40ff6b870cf62e8f5514a7879367a27b7f3e7529f93a7ed439e7be7b4dd412289fb87a246034efcf4feb76477635f2352698382fa1a53ed90cc8da117730df4f36539704bf39cd67a7bda0cbc3d32d01bcbf561fc75080076bc810ef8c0e15ccfc41172e71b6449d8229a751542f52d323881daf460a2bab452fb5ce06124254fb2dfc929a8734351dabd63d61f5b9bf72e1b4f131df74a0d717e97b7f43f84ebc1e3a349a1facea7bf56cfba597661895f7ea7b48e6778f93698e1cb28da5b87a68a2f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 0d424ae0be3a88ff604021ce1400f0dd
+            Version: 3
+            TBS:
+                MD5: c0189c338449a42fe8358c2c1fbecc60
+                SHA1: b8ac0ee6875594b80ad86a6df6dd1fa3048c187c
+                SHA256: a43de6baf968a942da017b70769fdb65b3cfb1bbca1f9174da26a7d8aae78ec5
+                SHA384: 76d3a316a5a106050298418cce3beea16100524723d9e3220b0de51bfb6f1c35a5d4c7cd10b358fef7bf94c3e3562150
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Assured
+                ID Timestamping CA
+            ValidFrom: '2016-01-07 12:00:00'
+            ValidTo: '2031-01-07 12:00:00'
+            Signature: 719512e951875669cdefddda7caa637ab378cf06374084ef4b84bfcacf0302fdc5a7c30e20422caf77f32b1f0c215a2ab705341d6aae99f827a266bf09aa60df76a43a930ff8b2d1d87c1962e85e82251ec4ba1c7b2c21e2d65b2c1435430468b2db7502e072c798d63c64e51f4810185f8938614d62462487638c91522caf2989e5781fd60b14a580d7124770b375d59385937eb69267fb536189a8f56b96c0f458690d7cc801b1b92875b7996385228c61ca79947e59fc8c0fe36fb50126b66ca5ee875121e458609bba0c2d2b6da2c47ebbc4252b4702087c49ae13b6e17c424228c61856cf4134b6665db6747bf55633222f2236b24ba24a95d8f5a68e52
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 0aa125d6d6321b7e41e405da3697c215
+            Version: 3
+            TBS:
+                MD5: 8d26184fc613f89aba1cefb30fce1b53
+                SHA1: 63a7e376bad5ec2e419d514a403bcf46c8d31d95
+                SHA256: 56b5f0d9db578e3f142921daa387902722a76700375c7e1c4ae0ba004bacaa0c
+                SHA384: d8c9691fe9dbe182f07b49b07fbb4f589fa7b38b5c4d21f265d3a2e818f4b1bfb39e03faab2ec05bb10333a99914fb8a
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: ??=CN, ??=, ??=, ??=Private Organization, serialNumber=91440703345542411W,
+                C=CN, ST=Guangdong, L=Jiangmen, O=Jiangmen Eyun Network Co., Ltd.,
+                CN=Jiangmen Eyun Network Co., Ltd.
+            ValidFrom: '2019-04-24 00:00:00'
+            ValidTo: '2021-04-28 12:00:00'
+            Signature: 40287d210da467c6e8ff239183f0afaded732c19b48eaed1ac490ed9f5e6660576c79ca74ca3d27e2647113e26953c4da58bcbcbd2fd9ef4a402ec0f9715bc44d7c1a4c2fb3909b19e532db2acbf644434b8ad7a583192ca0abd8f8270b08f3cbd1af5874520c8d86173b5b4177a6f4c84fe1a06e4bc4d2378d6d8021c77bba07044d90a91fae6eaf3db9cb8c5954ce2ac5a67be7150a56785a5ff65ed27ec3bd9c47017a5460cd592108d84d803de5ab05d21de72829bbd5bdc42c36d2e1a4e4e0946c0d6e9987ee5634c5eb7340f2b8b30ac11a321b43d20043c88fe1164f8e18d55b00eb050e66be95f2589dc4719590d5a57213bbf51e8777f2a28e20fb4
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0abe0ae214534ce0db8c4784e7b8b9f6
+            Version: 3
+            TBS:
+                MD5: 85b79b9fe18b3766b667a26271e4c146
+                SHA1: 74ff1f4cae4c7cc002981fc5b4b01b62347bc21b
+                SHA256: 6a558777a73413544b90a528696e6ccaab26a49ea0694d59b50252147681f7e4
+                SHA384: af51a957aea8ab15498d1feb160d1304a4ebf17f02199acbf0a02eda15a33afaa5360e39d17d383521546e1a57b384d2
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA
+            ValidFrom: '2012-04-18 12:00:00'
+            ValidTo: '2027-04-18 12:00:00'
+            Signature: 9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0dd0e3374ac95bdbfa6b434b2a48ec06
+            Version: 3
+            TBS:
+                MD5: f92649915476229b093c211c2b18e6c4
+                SHA1: 2d54c16a8f8b69ccdea48d0603c132f547a5cf75
+                SHA256: 2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
+                SHA384: 511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace
+        Signer:
+        -   SerialNumber: 0abe0ae214534ce0db8c4784e7b8b9f6
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA
+            Version: 1
+    Authentihash:
+        MD5: 6eb18a9f44c6022e259088a2106f048c
+        SHA1: ea9a484278d7a80a46edcd096447bbea0c892f64
+        SHA256: 1ff54579dc4b76e814495d8e1d452a6f868adf06c2de0afdc5c3878b380d0a17
+    RichPEHeaderHash:
+        MD5: 4d8a663ae2f765ff317d5e042cf62899
+        SHA1: b11ddc426a9801d4f3dd3b6cd1fa2ca1e1d86ada
+        SHA256: 1427e72e0fca467e4abd192177e4e875daa5b27e2cb22ce10aee1f1500df6b2c
+    Description: DcProtect Driver
+    Company: Windows (R) Win 7 DDK provider
+    Product: 'DcProtect (R) Win10x64 driver '
+    Copyright: Copyright (C) 2012-2020 Jiangmen Eyun Network Co.,Ltd. 2019
+    MachineType: AMD64
+    Imports:
+    - FLTMGR.SYS
+    - ntoskrnl.exe
+-   Filename: ''
+    Libraries:
+    - FLTMGR.SYS
+    - ntoskrnl.exe
+    ImportedFunctions:
+    - FltRegisterFilter
+    - FltUnregisterFilter
+    - FltStartFiltering
+    - FltCreateCommunicationPort
+    - FltCloseCommunicationPort
+    - FltCloseClientPort
+    - FltBuildDefaultSecurityDescriptor
+    - FltFreeSecurityDescriptor
+    - _strlwr
+    - strstr
+    - RtlInitUnicodeString
+    - RtlCopyUnicodeString
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - ExGetPreviousMode
+    - CmUnRegisterCallback
+    - CmRegisterCallbackEx
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - IoGetCurrentProcess
+    - MmIsAddressValid
+    - PsGetProcessId
+    - ObQueryNameString
+    - FsRtlIsNameInExpression
+    - sprintf
+    - _except_handler3
+    - memcpy
+    - memset
+    ExportedFunctions: ''
+    MD5: 53f103e490bc11624ef6a51a6d3bdc05
+    SHA1: 5499f1bca93a3613428e8c18ac93a93b9a7249fb
+    SHA256: 3af9c376d43321e813057ecd0403e71cafc3302139e2409ab41e254386c33ecb
+    Imphash: 2ece23bdef16ee294bd905c7ba1be589
+    Machine: I386
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2021-01-06 09:15:15'
+    RichPEHeaderMD5: 555e8cb2ed5b1eea11f804a11c4aef99
+    RichPEHeaderSHA1: 632b7ac9f88af93d18cefa583390b26172e109e5
+    RichPEHeaderSHA256: be22bb21e6e37fe1daf872d2d703d4aa26a6a58f2d5844ae4c57990aaf50a389
+    AuthentihashMD5: bc49e6eba2c3a95f1fe0d1c5c4f2fb70
+    AuthentihashSHA1: fc759e3940f05c22d3919c20d08c44d4fd806b99
+    AuthentihashSHA256: fcffb9cecbcefc399a2a08d99fcc2b797911afa26f3d69a28a139311cb61c39a
+    Sections:
+        .text:
+            Entropy: 6.308037981479057
+            Virtual Size: '0x946'
+        .rdata:
+            Entropy: 3.7031047583665897
+            Virtual Size: '0x444'
+        .data:
+            Entropy: 0.830872163407438
+            Virtual Size: '0x54'
+        PAGE:
+            Entropy: 3.895638807527667
+            Virtual Size: '0x24'
+        INIT:
+            Entropy: 5.643218995926574
+            Virtual Size: '0x452'
+        .rsrc:
+            Entropy: 3.5730720453802185
+            Virtual Size: '0x450'
+        .reloc:
+            Entropy: 5.6072871377452635
+            Virtual Size: '0x114'
+    CompanyName: Windows (R) Win 7 DDK provider
+    FileDescription: DcProtect Driver
+    InternalName: DcProtect.sys
+    OriginalFilename: DcProtect.sys
+    FileVersion: 1.2.0.0
+    ProductName: 'DcProtect (R) Win10x86 driver '
+    LegalCopyright: Copyright (C) 2012-2020 Jiangmen Eyun Network Co.,Ltd. 2019
+    ProductVersion: 1.2.0.0
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert, Inc., CN=DigiCert Timestamp 2021
+            ValidFrom: '2021-01-01 00:00:00'
+            ValidTo: '2031-01-06 00:00:00'
+            Signature: 481cdcb5e99a23bce71ae7200e8e6746fd427251740a2347a3ab92d225c47059be14a0e52781a54d1415190779f0d104c386d93bbdfe4402664ded69a40ff6b870cf62e8f5514a7879367a27b7f3e7529f93a7ed439e7be7b4dd412289fb87a246034efcf4feb76477635f2352698382fa1a53ed90cc8da117730df4f36539704bf39cd67a7bda0cbc3d32d01bcbf561fc75080076bc810ef8c0e15ccfc41172e71b6449d8229a751542f52d323881daf460a2bab452fb5ce06124254fb2dfc929a8734351dabd63d61f5b9bf72e1b4f131df74a0d717e97b7f43f84ebc1e3a349a1facea7bf56cfba597661895f7ea7b48e6778f93698e1cb28da5b87a68a2f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 0d424ae0be3a88ff604021ce1400f0dd
+            Version: 3
+            TBS:
+                MD5: c0189c338449a42fe8358c2c1fbecc60
+                SHA1: b8ac0ee6875594b80ad86a6df6dd1fa3048c187c
+                SHA256: a43de6baf968a942da017b70769fdb65b3cfb1bbca1f9174da26a7d8aae78ec5
+                SHA384: 76d3a316a5a106050298418cce3beea16100524723d9e3220b0de51bfb6f1c35a5d4c7cd10b358fef7bf94c3e3562150
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Assured
+                ID Timestamping CA
+            ValidFrom: '2016-01-07 12:00:00'
+            ValidTo: '2031-01-07 12:00:00'
+            Signature: 719512e951875669cdefddda7caa637ab378cf06374084ef4b84bfcacf0302fdc5a7c30e20422caf77f32b1f0c215a2ab705341d6aae99f827a266bf09aa60df76a43a930ff8b2d1d87c1962e85e82251ec4ba1c7b2c21e2d65b2c1435430468b2db7502e072c798d63c64e51f4810185f8938614d62462487638c91522caf2989e5781fd60b14a580d7124770b375d59385937eb69267fb536189a8f56b96c0f458690d7cc801b1b92875b7996385228c61ca79947e59fc8c0fe36fb50126b66ca5ee875121e458609bba0c2d2b6da2c47ebbc4252b4702087c49ae13b6e17c424228c61856cf4134b6665db6747bf55633222f2236b24ba24a95d8f5a68e52
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 0aa125d6d6321b7e41e405da3697c215
+            Version: 3
+            TBS:
+                MD5: 8d26184fc613f89aba1cefb30fce1b53
+                SHA1: 63a7e376bad5ec2e419d514a403bcf46c8d31d95
+                SHA256: 56b5f0d9db578e3f142921daa387902722a76700375c7e1c4ae0ba004bacaa0c
+                SHA384: d8c9691fe9dbe182f07b49b07fbb4f589fa7b38b5c4d21f265d3a2e818f4b1bfb39e03faab2ec05bb10333a99914fb8a
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: ??=CN, ??=, ??=, ??=Private Organization, serialNumber=91440703345542411W,
+                C=CN, ST=Guangdong, L=Jiangmen, O=Jiangmen Eyun Network Co., Ltd.,
+                CN=Jiangmen Eyun Network Co., Ltd.
+            ValidFrom: '2019-04-24 00:00:00'
+            ValidTo: '2021-04-28 12:00:00'
+            Signature: 40287d210da467c6e8ff239183f0afaded732c19b48eaed1ac490ed9f5e6660576c79ca74ca3d27e2647113e26953c4da58bcbcbd2fd9ef4a402ec0f9715bc44d7c1a4c2fb3909b19e532db2acbf644434b8ad7a583192ca0abd8f8270b08f3cbd1af5874520c8d86173b5b4177a6f4c84fe1a06e4bc4d2378d6d8021c77bba07044d90a91fae6eaf3db9cb8c5954ce2ac5a67be7150a56785a5ff65ed27ec3bd9c47017a5460cd592108d84d803de5ab05d21de72829bbd5bdc42c36d2e1a4e4e0946c0d6e9987ee5634c5eb7340f2b8b30ac11a321b43d20043c88fe1164f8e18d55b00eb050e66be95f2589dc4719590d5a57213bbf51e8777f2a28e20fb4
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0abe0ae214534ce0db8c4784e7b8b9f6
+            Version: 3
+            TBS:
+                MD5: 85b79b9fe18b3766b667a26271e4c146
+                SHA1: 74ff1f4cae4c7cc002981fc5b4b01b62347bc21b
+                SHA256: 6a558777a73413544b90a528696e6ccaab26a49ea0694d59b50252147681f7e4
+                SHA384: af51a957aea8ab15498d1feb160d1304a4ebf17f02199acbf0a02eda15a33afaa5360e39d17d383521546e1a57b384d2
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA
+            ValidFrom: '2012-04-18 12:00:00'
+            ValidTo: '2027-04-18 12:00:00'
+            Signature: 9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0dd0e3374ac95bdbfa6b434b2a48ec06
+            Version: 3
+            TBS:
+                MD5: f92649915476229b093c211c2b18e6c4
+                SHA1: 2d54c16a8f8b69ccdea48d0603c132f547a5cf75
+                SHA256: 2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
+                SHA384: 511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace
+        Signer:
+        -   SerialNumber: 0abe0ae214534ce0db8c4784e7b8b9f6
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA
+            Version: 1
+    Authentihash:
+        MD5: bc49e6eba2c3a95f1fe0d1c5c4f2fb70
+        SHA1: fc759e3940f05c22d3919c20d08c44d4fd806b99
+        SHA256: fcffb9cecbcefc399a2a08d99fcc2b797911afa26f3d69a28a139311cb61c39a
+    RichPEHeaderHash:
+        MD5: 555e8cb2ed5b1eea11f804a11c4aef99
+        SHA1: 632b7ac9f88af93d18cefa583390b26172e109e5
+        SHA256: be22bb21e6e37fe1daf872d2d703d4aa26a6a58f2d5844ae4c57990aaf50a389
+    Description: DcProtect Driver
+    Company: Windows (R) Win 7 DDK provider
+    Product: 'DcProtect (R) Win10x86 driver '
+    Copyright: Copyright (C) 2012-2020 Jiangmen Eyun Network Co.,Ltd. 2019
+    MachineType: I386
+    Imports:
+    - FLTMGR.SYS
+    - ntoskrnl.exe
+-   Filename: ''
+    Libraries:
+    - FLTMGR.SYS
+    - ntoskrnl.exe
+    ImportedFunctions:
+    - FltRegisterFilter
+    - FltUnregisterFilter
+    - FltStartFiltering
+    - FltCreateCommunicationPort
+    - FltCloseCommunicationPort
+    - FltCloseClientPort
+    - FltBuildDefaultSecurityDescriptor
+    - FltFreeSecurityDescriptor
+    - _strlwr
+    - strstr
+    - RtlInitUnicodeString
+    - RtlCopyUnicodeString
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - ExGetPreviousMode
+    - CmUnRegisterCallback
+    - CmRegisterCallbackEx
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - IoGetCurrentProcess
+    - MmIsAddressValid
+    - PsGetProcessId
+    - ObQueryNameString
+    - FsRtlIsNameInExpression
+    - sprintf
+    - __C_specific_handler
+    ExportedFunctions: ''
+    MD5: d90cdd8f2826e5ea3faf8e258f20dc40
+    SHA1: a71c17bfeefd76a9f89e74a52a2b6fdd3efbabe2
+    SHA256: 9dee9c925f7ea84f56d4a2ad4cf9a88c4dac27380887bf9ac73e7c8108066504
+    Imphash: e800cd3299d4cda0d9e02255acc3b7dd
+    Machine: AMD64
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2021-01-06 09:17:24'
+    RichPEHeaderMD5: 4d8a663ae2f765ff317d5e042cf62899
+    RichPEHeaderSHA1: b11ddc426a9801d4f3dd3b6cd1fa2ca1e1d86ada
+    RichPEHeaderSHA256: 1427e72e0fca467e4abd192177e4e875daa5b27e2cb22ce10aee1f1500df6b2c
+    AuthentihashMD5: 96cd68100963cf38f3090777a3dfc543
+    AuthentihashSHA1: 87c65b5bc7991c7161e41dcd609ab3cacf1c5753
+    AuthentihashSHA256: 3f085bc766d865fa012163ed7c044af25285525b1276b6cef2085efab78e9b66
+    Sections:
+        .text:
+            Entropy: 6.1933071166252995
+            Virtual Size: '0xeff'
+        .rdata:
+            Entropy: 3.4777226067165428
+            Virtual Size: '0x6dc'
+        .data:
+            Entropy: 1.1394755320256174
+            Virtual Size: '0x68'
+        .pdata:
+            Entropy: 3.502267951968367
+            Virtual Size: '0xfc'
+        PAGE:
+            Entropy: 4.079225801519104
+            Virtual Size: '0x2c'
+        INIT:
+            Entropy: 5.40476343320525
+            Virtual Size: '0x522'
+        .rsrc:
+            Entropy: 3.572691865904277
+            Virtual Size: '0x450'
+        .reloc:
+            Entropy: 3.5093407582869136
+            Virtual Size: '0x28'
+    CompanyName: Windows (R) Win 7 DDK provider
+    FileDescription: DcProtect Driver
+    InternalName: DcProtect.sys
+    OriginalFilename: DcProtect.sys
+    FileVersion: 1.2.0.0
+    ProductName: 'DcProtect (R) Win8.1x64 driver '
+    LegalCopyright: Copyright (C) 2012-2020 Jiangmen Eyun Network Co.,Ltd. 2019
+    ProductVersion: 1.2.0.0
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert, Inc., CN=DigiCert Timestamp 2021
+            ValidFrom: '2021-01-01 00:00:00'
+            ValidTo: '2031-01-06 00:00:00'
+            Signature: 481cdcb5e99a23bce71ae7200e8e6746fd427251740a2347a3ab92d225c47059be14a0e52781a54d1415190779f0d104c386d93bbdfe4402664ded69a40ff6b870cf62e8f5514a7879367a27b7f3e7529f93a7ed439e7be7b4dd412289fb87a246034efcf4feb76477635f2352698382fa1a53ed90cc8da117730df4f36539704bf39cd67a7bda0cbc3d32d01bcbf561fc75080076bc810ef8c0e15ccfc41172e71b6449d8229a751542f52d323881daf460a2bab452fb5ce06124254fb2dfc929a8734351dabd63d61f5b9bf72e1b4f131df74a0d717e97b7f43f84ebc1e3a349a1facea7bf56cfba597661895f7ea7b48e6778f93698e1cb28da5b87a68a2f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 0d424ae0be3a88ff604021ce1400f0dd
+            Version: 3
+            TBS:
+                MD5: c0189c338449a42fe8358c2c1fbecc60
+                SHA1: b8ac0ee6875594b80ad86a6df6dd1fa3048c187c
+                SHA256: a43de6baf968a942da017b70769fdb65b3cfb1bbca1f9174da26a7d8aae78ec5
+                SHA384: 76d3a316a5a106050298418cce3beea16100524723d9e3220b0de51bfb6f1c35a5d4c7cd10b358fef7bf94c3e3562150
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Assured
+                ID Timestamping CA
+            ValidFrom: '2016-01-07 12:00:00'
+            ValidTo: '2031-01-07 12:00:00'
+            Signature: 719512e951875669cdefddda7caa637ab378cf06374084ef4b84bfcacf0302fdc5a7c30e20422caf77f32b1f0c215a2ab705341d6aae99f827a266bf09aa60df76a43a930ff8b2d1d87c1962e85e82251ec4ba1c7b2c21e2d65b2c1435430468b2db7502e072c798d63c64e51f4810185f8938614d62462487638c91522caf2989e5781fd60b14a580d7124770b375d59385937eb69267fb536189a8f56b96c0f458690d7cc801b1b92875b7996385228c61ca79947e59fc8c0fe36fb50126b66ca5ee875121e458609bba0c2d2b6da2c47ebbc4252b4702087c49ae13b6e17c424228c61856cf4134b6665db6747bf55633222f2236b24ba24a95d8f5a68e52
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 0aa125d6d6321b7e41e405da3697c215
+            Version: 3
+            TBS:
+                MD5: 8d26184fc613f89aba1cefb30fce1b53
+                SHA1: 63a7e376bad5ec2e419d514a403bcf46c8d31d95
+                SHA256: 56b5f0d9db578e3f142921daa387902722a76700375c7e1c4ae0ba004bacaa0c
+                SHA384: d8c9691fe9dbe182f07b49b07fbb4f589fa7b38b5c4d21f265d3a2e818f4b1bfb39e03faab2ec05bb10333a99914fb8a
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: ??=CN, ??=, ??=, ??=Private Organization, serialNumber=91440703345542411W,
+                C=CN, ST=Guangdong, L=Jiangmen, O=Jiangmen Eyun Network Co., Ltd.,
+                CN=Jiangmen Eyun Network Co., Ltd.
+            ValidFrom: '2019-04-24 00:00:00'
+            ValidTo: '2021-04-28 12:00:00'
+            Signature: 40287d210da467c6e8ff239183f0afaded732c19b48eaed1ac490ed9f5e6660576c79ca74ca3d27e2647113e26953c4da58bcbcbd2fd9ef4a402ec0f9715bc44d7c1a4c2fb3909b19e532db2acbf644434b8ad7a583192ca0abd8f8270b08f3cbd1af5874520c8d86173b5b4177a6f4c84fe1a06e4bc4d2378d6d8021c77bba07044d90a91fae6eaf3db9cb8c5954ce2ac5a67be7150a56785a5ff65ed27ec3bd9c47017a5460cd592108d84d803de5ab05d21de72829bbd5bdc42c36d2e1a4e4e0946c0d6e9987ee5634c5eb7340f2b8b30ac11a321b43d20043c88fe1164f8e18d55b00eb050e66be95f2589dc4719590d5a57213bbf51e8777f2a28e20fb4
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0abe0ae214534ce0db8c4784e7b8b9f6
+            Version: 3
+            TBS:
+                MD5: 85b79b9fe18b3766b667a26271e4c146
+                SHA1: 74ff1f4cae4c7cc002981fc5b4b01b62347bc21b
+                SHA256: 6a558777a73413544b90a528696e6ccaab26a49ea0694d59b50252147681f7e4
+                SHA384: af51a957aea8ab15498d1feb160d1304a4ebf17f02199acbf0a02eda15a33afaa5360e39d17d383521546e1a57b384d2
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA
+            ValidFrom: '2012-04-18 12:00:00'
+            ValidTo: '2027-04-18 12:00:00'
+            Signature: 9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0dd0e3374ac95bdbfa6b434b2a48ec06
+            Version: 3
+            TBS:
+                MD5: f92649915476229b093c211c2b18e6c4
+                SHA1: 2d54c16a8f8b69ccdea48d0603c132f547a5cf75
+                SHA256: 2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
+                SHA384: 511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace
+        Signer:
+        -   SerialNumber: 0abe0ae214534ce0db8c4784e7b8b9f6
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA
+            Version: 1
+    Authentihash:
+        MD5: 96cd68100963cf38f3090777a3dfc543
+        SHA1: 87c65b5bc7991c7161e41dcd609ab3cacf1c5753
+        SHA256: 3f085bc766d865fa012163ed7c044af25285525b1276b6cef2085efab78e9b66
+    RichPEHeaderHash:
+        MD5: 4d8a663ae2f765ff317d5e042cf62899
+        SHA1: b11ddc426a9801d4f3dd3b6cd1fa2ca1e1d86ada
+        SHA256: 1427e72e0fca467e4abd192177e4e875daa5b27e2cb22ce10aee1f1500df6b2c
+    Description: DcProtect Driver
+    Company: Windows (R) Win 7 DDK provider
+    Product: 'DcProtect (R) Win8.1x64 driver '
+    Copyright: Copyright (C) 2012-2020 Jiangmen Eyun Network Co.,Ltd. 2019
+    MachineType: AMD64
+    Imports:
+    - FLTMGR.SYS
+    - ntoskrnl.exe
+-   Filename: ''
+    Libraries:
+    - FLTMGR.SYS
+    - ntoskrnl.exe
+    ImportedFunctions:
+    - FltRegisterFilter
+    - FltUnregisterFilter
+    - FltStartFiltering
+    - FltCreateCommunicationPort
+    - FltCloseCommunicationPort
+    - FltCloseClientPort
+    - FltBuildDefaultSecurityDescriptor
+    - FltFreeSecurityDescriptor
+    - _strlwr
+    - strstr
+    - RtlInitUnicodeString
+    - RtlCopyUnicodeString
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - ExGetPreviousMode
+    - CmUnRegisterCallback
+    - CmRegisterCallbackEx
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - IoGetCurrentProcess
+    - MmIsAddressValid
+    - PsGetProcessId
+    - ObQueryNameString
+    - FsRtlIsNameInExpression
+    - sprintf
+    - _except_handler3
+    - memcpy
+    - memset
+    ExportedFunctions: ''
+    MD5: c28b4a60ebd4b8c12861829cc13aa6ff
+    SHA1: ba5b4eaa7cab012b71a8a973899eeee47a12becc
+    SHA256: ff55c1f308a5694eb66a3e9ba326266c826c5341c44958831a7a59a23ed5ecc8
+    Imphash: 2ece23bdef16ee294bd905c7ba1be589
+    Machine: I386
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2021-01-06 09:14:24'
+    RichPEHeaderMD5: 555e8cb2ed5b1eea11f804a11c4aef99
+    RichPEHeaderSHA1: 632b7ac9f88af93d18cefa583390b26172e109e5
+    RichPEHeaderSHA256: be22bb21e6e37fe1daf872d2d703d4aa26a6a58f2d5844ae4c57990aaf50a389
+    AuthentihashMD5: 9674f398b8e67adf4d10637287d56acb
+    AuthentihashSHA1: c7cf5617544aea0c8df8adb71cdc1951b88cb381
+    AuthentihashSHA256: 68fcb5cf6723dd195cf6d929cf9c6aaaca649f6956eb3bd63c2c1a8391c0b21f
+    Sections:
+        .text:
+            Entropy: 6.308037981479057
+            Virtual Size: '0x946'
+        .rdata:
+            Entropy: 3.7050277120937967
+            Virtual Size: '0x444'
+        .data:
+            Entropy: 0.830872163407438
+            Virtual Size: '0x54'
+        PAGE:
+            Entropy: 3.895638807527667
+            Virtual Size: '0x24'
+        INIT:
+            Entropy: 5.643218995926574
+            Virtual Size: '0x452'
+        .rsrc:
+            Entropy: 3.5759323102278784
+            Virtual Size: '0x450'
+        .reloc:
+            Entropy: 5.6072871377452635
+            Virtual Size: '0x114'
+    CompanyName: Windows (R) Win 7 DDK provider
+    FileDescription: DcProtect Driver
+    InternalName: DcProtect.sys
+    OriginalFilename: DcProtect.sys
+    FileVersion: 1.2.0.0
+    ProductName: 'DcProtect (R) Win8.1x86 driver '
+    LegalCopyright: Copyright (C) 2012-2020 Jiangmen Eyun Network Co.,Ltd. 2019
+    ProductVersion: 1.2.0.0
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert, Inc., CN=DigiCert Timestamp 2021
+            ValidFrom: '2021-01-01 00:00:00'
+            ValidTo: '2031-01-06 00:00:00'
+            Signature: 481cdcb5e99a23bce71ae7200e8e6746fd427251740a2347a3ab92d225c47059be14a0e52781a54d1415190779f0d104c386d93bbdfe4402664ded69a40ff6b870cf62e8f5514a7879367a27b7f3e7529f93a7ed439e7be7b4dd412289fb87a246034efcf4feb76477635f2352698382fa1a53ed90cc8da117730df4f36539704bf39cd67a7bda0cbc3d32d01bcbf561fc75080076bc810ef8c0e15ccfc41172e71b6449d8229a751542f52d323881daf460a2bab452fb5ce06124254fb2dfc929a8734351dabd63d61f5b9bf72e1b4f131df74a0d717e97b7f43f84ebc1e3a349a1facea7bf56cfba597661895f7ea7b48e6778f93698e1cb28da5b87a68a2f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 0d424ae0be3a88ff604021ce1400f0dd
+            Version: 3
+            TBS:
+                MD5: c0189c338449a42fe8358c2c1fbecc60
+                SHA1: b8ac0ee6875594b80ad86a6df6dd1fa3048c187c
+                SHA256: a43de6baf968a942da017b70769fdb65b3cfb1bbca1f9174da26a7d8aae78ec5
+                SHA384: 76d3a316a5a106050298418cce3beea16100524723d9e3220b0de51bfb6f1c35a5d4c7cd10b358fef7bf94c3e3562150
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Assured
+                ID Timestamping CA
+            ValidFrom: '2016-01-07 12:00:00'
+            ValidTo: '2031-01-07 12:00:00'
+            Signature: 719512e951875669cdefddda7caa637ab378cf06374084ef4b84bfcacf0302fdc5a7c30e20422caf77f32b1f0c215a2ab705341d6aae99f827a266bf09aa60df76a43a930ff8b2d1d87c1962e85e82251ec4ba1c7b2c21e2d65b2c1435430468b2db7502e072c798d63c64e51f4810185f8938614d62462487638c91522caf2989e5781fd60b14a580d7124770b375d59385937eb69267fb536189a8f56b96c0f458690d7cc801b1b92875b7996385228c61ca79947e59fc8c0fe36fb50126b66ca5ee875121e458609bba0c2d2b6da2c47ebbc4252b4702087c49ae13b6e17c424228c61856cf4134b6665db6747bf55633222f2236b24ba24a95d8f5a68e52
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 0aa125d6d6321b7e41e405da3697c215
+            Version: 3
+            TBS:
+                MD5: 8d26184fc613f89aba1cefb30fce1b53
+                SHA1: 63a7e376bad5ec2e419d514a403bcf46c8d31d95
+                SHA256: 56b5f0d9db578e3f142921daa387902722a76700375c7e1c4ae0ba004bacaa0c
+                SHA384: d8c9691fe9dbe182f07b49b07fbb4f589fa7b38b5c4d21f265d3a2e818f4b1bfb39e03faab2ec05bb10333a99914fb8a
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: ??=CN, ??=, ??=, ??=Private Organization, serialNumber=91440703345542411W,
+                C=CN, ST=Guangdong, L=Jiangmen, O=Jiangmen Eyun Network Co., Ltd.,
+                CN=Jiangmen Eyun Network Co., Ltd.
+            ValidFrom: '2019-04-24 00:00:00'
+            ValidTo: '2021-04-28 12:00:00'
+            Signature: 40287d210da467c6e8ff239183f0afaded732c19b48eaed1ac490ed9f5e6660576c79ca74ca3d27e2647113e26953c4da58bcbcbd2fd9ef4a402ec0f9715bc44d7c1a4c2fb3909b19e532db2acbf644434b8ad7a583192ca0abd8f8270b08f3cbd1af5874520c8d86173b5b4177a6f4c84fe1a06e4bc4d2378d6d8021c77bba07044d90a91fae6eaf3db9cb8c5954ce2ac5a67be7150a56785a5ff65ed27ec3bd9c47017a5460cd592108d84d803de5ab05d21de72829bbd5bdc42c36d2e1a4e4e0946c0d6e9987ee5634c5eb7340f2b8b30ac11a321b43d20043c88fe1164f8e18d55b00eb050e66be95f2589dc4719590d5a57213bbf51e8777f2a28e20fb4
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0abe0ae214534ce0db8c4784e7b8b9f6
+            Version: 3
+            TBS:
+                MD5: 85b79b9fe18b3766b667a26271e4c146
+                SHA1: 74ff1f4cae4c7cc002981fc5b4b01b62347bc21b
+                SHA256: 6a558777a73413544b90a528696e6ccaab26a49ea0694d59b50252147681f7e4
+                SHA384: af51a957aea8ab15498d1feb160d1304a4ebf17f02199acbf0a02eda15a33afaa5360e39d17d383521546e1a57b384d2
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA
+            ValidFrom: '2012-04-18 12:00:00'
+            ValidTo: '2027-04-18 12:00:00'
+            Signature: 9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0dd0e3374ac95bdbfa6b434b2a48ec06
+            Version: 3
+            TBS:
+                MD5: f92649915476229b093c211c2b18e6c4
+                SHA1: 2d54c16a8f8b69ccdea48d0603c132f547a5cf75
+                SHA256: 2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
+                SHA384: 511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace
+        Signer:
+        -   SerialNumber: 0abe0ae214534ce0db8c4784e7b8b9f6
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA
+            Version: 1
+    Authentihash:
+        MD5: 9674f398b8e67adf4d10637287d56acb
+        SHA1: c7cf5617544aea0c8df8adb71cdc1951b88cb381
+        SHA256: 68fcb5cf6723dd195cf6d929cf9c6aaaca649f6956eb3bd63c2c1a8391c0b21f
+    RichPEHeaderHash:
+        MD5: 555e8cb2ed5b1eea11f804a11c4aef99
+        SHA1: 632b7ac9f88af93d18cefa583390b26172e109e5
+        SHA256: be22bb21e6e37fe1daf872d2d703d4aa26a6a58f2d5844ae4c57990aaf50a389
+    Description: DcProtect Driver
+    Company: Windows (R) Win 7 DDK provider
+    Product: 'DcProtect (R) Win8.1x86 driver '
+    Copyright: Copyright (C) 2012-2020 Jiangmen Eyun Network Co.,Ltd. 2019
+    MachineType: I386
+    Imports:
+    - FLTMGR.SYS
+    - ntoskrnl.exe
+-   Filename: ''
+    Libraries:
+    - FLTMGR.SYS
+    - ntoskrnl.exe
+    ImportedFunctions:
+    - FltRegisterFilter
+    - FltUnregisterFilter
+    - FltStartFiltering
+    - FltCreateCommunicationPort
+    - FltCloseCommunicationPort
+    - FltCloseClientPort
+    - FltBuildDefaultSecurityDescriptor
+    - FltFreeSecurityDescriptor
+    - _strlwr
+    - strstr
+    - RtlInitUnicodeString
+    - RtlCopyUnicodeString
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - ExGetPreviousMode
+    - CmUnRegisterCallback
+    - CmRegisterCallbackEx
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - IoGetCurrentProcess
+    - MmIsAddressValid
+    - PsGetProcessId
+    - ObQueryNameString
+    - FsRtlIsNameInExpression
+    - sprintf
+    - __C_specific_handler
+    ExportedFunctions: ''
+    MD5: c52dce2bee8ec88748411e470ff531f6
+    SHA1: 47830d6d3ee2d2a643abf46a72738d77f14114bc
+    SHA256: f8d45fa03f56e2ea14920b902856666b8d44f1f1b16644baf8c1ae9a61851fb6
+    Imphash: e800cd3299d4cda0d9e02255acc3b7dd
+    Machine: AMD64
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2021-01-06 09:16:44'
+    RichPEHeaderMD5: 4d8a663ae2f765ff317d5e042cf62899
+    RichPEHeaderSHA1: b11ddc426a9801d4f3dd3b6cd1fa2ca1e1d86ada
+    RichPEHeaderSHA256: 1427e72e0fca467e4abd192177e4e875daa5b27e2cb22ce10aee1f1500df6b2c
+    AuthentihashMD5: d23bcd43e1a50a59ecdbf9069b37207a
+    AuthentihashSHA1: 79e6df018bd867ebefb8400297f57f5d1586d10a
+    AuthentihashSHA256: 1b14ff6a1054fa4bae158111fbcaf35baeedaa9b664c8fb7241db98f7e1c6c20
+    Sections:
+        .text:
+            Entropy: 6.1933071166252995
+            Virtual Size: '0xeff'
+        .rdata:
+            Entropy: 3.4786745698115404
+            Virtual Size: '0x6dc'
+        .data:
+            Entropy: 1.1394755320256174
+            Virtual Size: '0x68'
+        .pdata:
+            Entropy: 3.502267951968367
+            Virtual Size: '0xfc'
+        PAGE:
+            Entropy: 4.079225801519104
+            Virtual Size: '0x2c'
+        INIT:
+            Entropy: 5.40476343320525
+            Virtual Size: '0x522'
+        .rsrc:
+            Entropy: 3.562368572646181
+            Virtual Size: '0x450'
+        .reloc:
+            Entropy: 3.5093407582869136
+            Virtual Size: '0x28'
+    CompanyName: Windows (R) Win 7 DDK provider
+    FileDescription: DcProtect Driver
+    InternalName: DcProtect.sys
+    OriginalFilename: DcProtect.sys
+    FileVersion: 1.2.0.0
+    ProductName: 'DcProtect (R) Win8x64 driver '
+    LegalCopyright: Copyright (C) 2012-2020 Jiangmen Eyun Network Co.,Ltd. 2019
+    ProductVersion: 1.2.0.0
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert, Inc., CN=DigiCert Timestamp 2021
+            ValidFrom: '2021-01-01 00:00:00'
+            ValidTo: '2031-01-06 00:00:00'
+            Signature: 481cdcb5e99a23bce71ae7200e8e6746fd427251740a2347a3ab92d225c47059be14a0e52781a54d1415190779f0d104c386d93bbdfe4402664ded69a40ff6b870cf62e8f5514a7879367a27b7f3e7529f93a7ed439e7be7b4dd412289fb87a246034efcf4feb76477635f2352698382fa1a53ed90cc8da117730df4f36539704bf39cd67a7bda0cbc3d32d01bcbf561fc75080076bc810ef8c0e15ccfc41172e71b6449d8229a751542f52d323881daf460a2bab452fb5ce06124254fb2dfc929a8734351dabd63d61f5b9bf72e1b4f131df74a0d717e97b7f43f84ebc1e3a349a1facea7bf56cfba597661895f7ea7b48e6778f93698e1cb28da5b87a68a2f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 0d424ae0be3a88ff604021ce1400f0dd
+            Version: 3
+            TBS:
+                MD5: c0189c338449a42fe8358c2c1fbecc60
+                SHA1: b8ac0ee6875594b80ad86a6df6dd1fa3048c187c
+                SHA256: a43de6baf968a942da017b70769fdb65b3cfb1bbca1f9174da26a7d8aae78ec5
+                SHA384: 76d3a316a5a106050298418cce3beea16100524723d9e3220b0de51bfb6f1c35a5d4c7cd10b358fef7bf94c3e3562150
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Assured
+                ID Timestamping CA
+            ValidFrom: '2016-01-07 12:00:00'
+            ValidTo: '2031-01-07 12:00:00'
+            Signature: 719512e951875669cdefddda7caa637ab378cf06374084ef4b84bfcacf0302fdc5a7c30e20422caf77f32b1f0c215a2ab705341d6aae99f827a266bf09aa60df76a43a930ff8b2d1d87c1962e85e82251ec4ba1c7b2c21e2d65b2c1435430468b2db7502e072c798d63c64e51f4810185f8938614d62462487638c91522caf2989e5781fd60b14a580d7124770b375d59385937eb69267fb536189a8f56b96c0f458690d7cc801b1b92875b7996385228c61ca79947e59fc8c0fe36fb50126b66ca5ee875121e458609bba0c2d2b6da2c47ebbc4252b4702087c49ae13b6e17c424228c61856cf4134b6665db6747bf55633222f2236b24ba24a95d8f5a68e52
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 0aa125d6d6321b7e41e405da3697c215
+            Version: 3
+            TBS:
+                MD5: 8d26184fc613f89aba1cefb30fce1b53
+                SHA1: 63a7e376bad5ec2e419d514a403bcf46c8d31d95
+                SHA256: 56b5f0d9db578e3f142921daa387902722a76700375c7e1c4ae0ba004bacaa0c
+                SHA384: d8c9691fe9dbe182f07b49b07fbb4f589fa7b38b5c4d21f265d3a2e818f4b1bfb39e03faab2ec05bb10333a99914fb8a
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: ??=CN, ??=, ??=, ??=Private Organization, serialNumber=91440703345542411W,
+                C=CN, ST=Guangdong, L=Jiangmen, O=Jiangmen Eyun Network Co., Ltd.,
+                CN=Jiangmen Eyun Network Co., Ltd.
+            ValidFrom: '2019-04-24 00:00:00'
+            ValidTo: '2021-04-28 12:00:00'
+            Signature: 40287d210da467c6e8ff239183f0afaded732c19b48eaed1ac490ed9f5e6660576c79ca74ca3d27e2647113e26953c4da58bcbcbd2fd9ef4a402ec0f9715bc44d7c1a4c2fb3909b19e532db2acbf644434b8ad7a583192ca0abd8f8270b08f3cbd1af5874520c8d86173b5b4177a6f4c84fe1a06e4bc4d2378d6d8021c77bba07044d90a91fae6eaf3db9cb8c5954ce2ac5a67be7150a56785a5ff65ed27ec3bd9c47017a5460cd592108d84d803de5ab05d21de72829bbd5bdc42c36d2e1a4e4e0946c0d6e9987ee5634c5eb7340f2b8b30ac11a321b43d20043c88fe1164f8e18d55b00eb050e66be95f2589dc4719590d5a57213bbf51e8777f2a28e20fb4
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0abe0ae214534ce0db8c4784e7b8b9f6
+            Version: 3
+            TBS:
+                MD5: 85b79b9fe18b3766b667a26271e4c146
+                SHA1: 74ff1f4cae4c7cc002981fc5b4b01b62347bc21b
+                SHA256: 6a558777a73413544b90a528696e6ccaab26a49ea0694d59b50252147681f7e4
+                SHA384: af51a957aea8ab15498d1feb160d1304a4ebf17f02199acbf0a02eda15a33afaa5360e39d17d383521546e1a57b384d2
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA
+            ValidFrom: '2012-04-18 12:00:00'
+            ValidTo: '2027-04-18 12:00:00'
+            Signature: 9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0dd0e3374ac95bdbfa6b434b2a48ec06
+            Version: 3
+            TBS:
+                MD5: f92649915476229b093c211c2b18e6c4
+                SHA1: 2d54c16a8f8b69ccdea48d0603c132f547a5cf75
+                SHA256: 2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
+                SHA384: 511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace
+        Signer:
+        -   SerialNumber: 0abe0ae214534ce0db8c4784e7b8b9f6
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA
+            Version: 1
+    Authentihash:
+        MD5: d23bcd43e1a50a59ecdbf9069b37207a
+        SHA1: 79e6df018bd867ebefb8400297f57f5d1586d10a
+        SHA256: 1b14ff6a1054fa4bae158111fbcaf35baeedaa9b664c8fb7241db98f7e1c6c20
+    RichPEHeaderHash:
+        MD5: 4d8a663ae2f765ff317d5e042cf62899
+        SHA1: b11ddc426a9801d4f3dd3b6cd1fa2ca1e1d86ada
+        SHA256: 1427e72e0fca467e4abd192177e4e875daa5b27e2cb22ce10aee1f1500df6b2c
+    Description: DcProtect Driver
+    Company: Windows (R) Win 7 DDK provider
+    Product: 'DcProtect (R) Win8x64 driver '
+    Copyright: Copyright (C) 2012-2020 Jiangmen Eyun Network Co.,Ltd. 2019
+    MachineType: AMD64
+    Imports:
+    - FLTMGR.SYS
+    - ntoskrnl.exe
+-   Filename: ''
+    Libraries:
+    - FLTMGR.SYS
+    - ntoskrnl.exe
+    ImportedFunctions:
+    - FltRegisterFilter
+    - FltUnregisterFilter
+    - FltStartFiltering
+    - FltCreateCommunicationPort
+    - FltCloseCommunicationPort
+    - FltCloseClientPort
+    - FltBuildDefaultSecurityDescriptor
+    - FltFreeSecurityDescriptor
+    - _strlwr
+    - strstr
+    - RtlInitUnicodeString
+    - RtlCopyUnicodeString
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - ExGetPreviousMode
+    - CmUnRegisterCallback
+    - CmRegisterCallbackEx
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - IoGetCurrentProcess
+    - MmIsAddressValid
+    - PsGetProcessId
+    - ObQueryNameString
+    - FsRtlIsNameInExpression
+    - sprintf
+    - _except_handler3
+    - memcpy
+    - memset
+    ExportedFunctions: ''
+    MD5: 3e9ee8418f22a8ae0e2bf6ff293988fa
+    SHA1: f8e88630dae53e0b54edefdefa36d96c3dcbd776
+    SHA256: c35cab244bd88bf0b1e7fc89c587d82763f66cf1108084713f867f72cc6f3633
+    Imphash: 2ece23bdef16ee294bd905c7ba1be589
+    Machine: I386
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2021-01-06 09:13:53'
+    RichPEHeaderMD5: 555e8cb2ed5b1eea11f804a11c4aef99
+    RichPEHeaderSHA1: 632b7ac9f88af93d18cefa583390b26172e109e5
+    RichPEHeaderSHA256: be22bb21e6e37fe1daf872d2d703d4aa26a6a58f2d5844ae4c57990aaf50a389
+    AuthentihashMD5: ac737185ad0ab4144de464bc0c1aa6a6
+    AuthentihashSHA1: 8d81b766e0a9e03109ccf5414649d95c0b0c7466
+    AuthentihashSHA256: bf1264cf5b9ca687a447a5021394db27eecf31f009185deb634b32f7ed49f620
+    Sections:
+        .text:
+            Entropy: 6.308037981479057
+            Virtual Size: '0x946'
+        .rdata:
+            Entropy: 3.7057190010151917
+            Virtual Size: '0x444'
+        .data:
+            Entropy: 0.830872163407438
+            Virtual Size: '0x54'
+        PAGE:
+            Entropy: 3.895638807527667
+            Virtual Size: '0x24'
+        INIT:
+            Entropy: 5.643218995926574
+            Virtual Size: '0x452'
+        .rsrc:
+            Entropy: 3.5681043860840607
+            Virtual Size: '0x450'
+        .reloc:
+            Entropy: 5.6072871377452635
+            Virtual Size: '0x114'
+    CompanyName: Windows (R) Win 7 DDK provider
+    FileDescription: DcProtect Driver
+    InternalName: DcProtect.sys
+    OriginalFilename: DcProtect.sys
+    FileVersion: 1.2.0.0
+    ProductName: 'DcProtect (R) Win8x86 driver '
+    LegalCopyright: Copyright (C) 2012-2020 Jiangmen Eyun Network Co.,Ltd. 2019
+    ProductVersion: 1.2.0.0
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert, Inc., CN=DigiCert Timestamp 2021
+            ValidFrom: '2021-01-01 00:00:00'
+            ValidTo: '2031-01-06 00:00:00'
+            Signature: 481cdcb5e99a23bce71ae7200e8e6746fd427251740a2347a3ab92d225c47059be14a0e52781a54d1415190779f0d104c386d93bbdfe4402664ded69a40ff6b870cf62e8f5514a7879367a27b7f3e7529f93a7ed439e7be7b4dd412289fb87a246034efcf4feb76477635f2352698382fa1a53ed90cc8da117730df4f36539704bf39cd67a7bda0cbc3d32d01bcbf561fc75080076bc810ef8c0e15ccfc41172e71b6449d8229a751542f52d323881daf460a2bab452fb5ce06124254fb2dfc929a8734351dabd63d61f5b9bf72e1b4f131df74a0d717e97b7f43f84ebc1e3a349a1facea7bf56cfba597661895f7ea7b48e6778f93698e1cb28da5b87a68a2f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 0d424ae0be3a88ff604021ce1400f0dd
+            Version: 3
+            TBS:
+                MD5: c0189c338449a42fe8358c2c1fbecc60
+                SHA1: b8ac0ee6875594b80ad86a6df6dd1fa3048c187c
+                SHA256: a43de6baf968a942da017b70769fdb65b3cfb1bbca1f9174da26a7d8aae78ec5
+                SHA384: 76d3a316a5a106050298418cce3beea16100524723d9e3220b0de51bfb6f1c35a5d4c7cd10b358fef7bf94c3e3562150
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Assured
+                ID Timestamping CA
+            ValidFrom: '2016-01-07 12:00:00'
+            ValidTo: '2031-01-07 12:00:00'
+            Signature: 719512e951875669cdefddda7caa637ab378cf06374084ef4b84bfcacf0302fdc5a7c30e20422caf77f32b1f0c215a2ab705341d6aae99f827a266bf09aa60df76a43a930ff8b2d1d87c1962e85e82251ec4ba1c7b2c21e2d65b2c1435430468b2db7502e072c798d63c64e51f4810185f8938614d62462487638c91522caf2989e5781fd60b14a580d7124770b375d59385937eb69267fb536189a8f56b96c0f458690d7cc801b1b92875b7996385228c61ca79947e59fc8c0fe36fb50126b66ca5ee875121e458609bba0c2d2b6da2c47ebbc4252b4702087c49ae13b6e17c424228c61856cf4134b6665db6747bf55633222f2236b24ba24a95d8f5a68e52
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 0aa125d6d6321b7e41e405da3697c215
+            Version: 3
+            TBS:
+                MD5: 8d26184fc613f89aba1cefb30fce1b53
+                SHA1: 63a7e376bad5ec2e419d514a403bcf46c8d31d95
+                SHA256: 56b5f0d9db578e3f142921daa387902722a76700375c7e1c4ae0ba004bacaa0c
+                SHA384: d8c9691fe9dbe182f07b49b07fbb4f589fa7b38b5c4d21f265d3a2e818f4b1bfb39e03faab2ec05bb10333a99914fb8a
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: ??=CN, ??=, ??=, ??=Private Organization, serialNumber=91440703345542411W,
+                C=CN, ST=Guangdong, L=Jiangmen, O=Jiangmen Eyun Network Co., Ltd.,
+                CN=Jiangmen Eyun Network Co., Ltd.
+            ValidFrom: '2019-04-24 00:00:00'
+            ValidTo: '2021-04-28 12:00:00'
+            Signature: 40287d210da467c6e8ff239183f0afaded732c19b48eaed1ac490ed9f5e6660576c79ca74ca3d27e2647113e26953c4da58bcbcbd2fd9ef4a402ec0f9715bc44d7c1a4c2fb3909b19e532db2acbf644434b8ad7a583192ca0abd8f8270b08f3cbd1af5874520c8d86173b5b4177a6f4c84fe1a06e4bc4d2378d6d8021c77bba07044d90a91fae6eaf3db9cb8c5954ce2ac5a67be7150a56785a5ff65ed27ec3bd9c47017a5460cd592108d84d803de5ab05d21de72829bbd5bdc42c36d2e1a4e4e0946c0d6e9987ee5634c5eb7340f2b8b30ac11a321b43d20043c88fe1164f8e18d55b00eb050e66be95f2589dc4719590d5a57213bbf51e8777f2a28e20fb4
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0abe0ae214534ce0db8c4784e7b8b9f6
+            Version: 3
+            TBS:
+                MD5: 85b79b9fe18b3766b667a26271e4c146
+                SHA1: 74ff1f4cae4c7cc002981fc5b4b01b62347bc21b
+                SHA256: 6a558777a73413544b90a528696e6ccaab26a49ea0694d59b50252147681f7e4
+                SHA384: af51a957aea8ab15498d1feb160d1304a4ebf17f02199acbf0a02eda15a33afaa5360e39d17d383521546e1a57b384d2
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA
+            ValidFrom: '2012-04-18 12:00:00'
+            ValidTo: '2027-04-18 12:00:00'
+            Signature: 9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0dd0e3374ac95bdbfa6b434b2a48ec06
+            Version: 3
+            TBS:
+                MD5: f92649915476229b093c211c2b18e6c4
+                SHA1: 2d54c16a8f8b69ccdea48d0603c132f547a5cf75
+                SHA256: 2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
+                SHA384: 511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace
+        Signer:
+        -   SerialNumber: 0abe0ae214534ce0db8c4784e7b8b9f6
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA
+            Version: 1
+    Authentihash:
+        MD5: ac737185ad0ab4144de464bc0c1aa6a6
+        SHA1: 8d81b766e0a9e03109ccf5414649d95c0b0c7466
+        SHA256: bf1264cf5b9ca687a447a5021394db27eecf31f009185deb634b32f7ed49f620
+    RichPEHeaderHash:
+        MD5: 555e8cb2ed5b1eea11f804a11c4aef99
+        SHA1: 632b7ac9f88af93d18cefa583390b26172e109e5
+        SHA256: be22bb21e6e37fe1daf872d2d703d4aa26a6a58f2d5844ae4c57990aaf50a389
+    Description: DcProtect Driver
+    Company: Windows (R) Win 7 DDK provider
+    Product: 'DcProtect (R) Win8x86 driver '
+    Copyright: Copyright (C) 2012-2020 Jiangmen Eyun Network Co.,Ltd. 2019
+    MachineType: I386
+    Imports:
+    - FLTMGR.SYS
+    - ntoskrnl.exe
+-   Filename: ''
+    Libraries:
+    - FLTMGR.SYS
+    - ntoskrnl.exe
+    ImportedFunctions:
+    - FltRegisterFilter
+    - FltUnregisterFilter
+    - FltStartFiltering
+    - FltCreateCommunicationPort
+    - FltCloseCommunicationPort
+    - FltCloseClientPort
+    - FltBuildDefaultSecurityDescriptor
+    - FltFreeSecurityDescriptor
+    - _strlwr
+    - strstr
+    - RtlInitUnicodeString
+    - RtlCopyUnicodeString
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - ExGetPreviousMode
+    - CmUnRegisterCallback
+    - CmRegisterCallbackEx
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - IoGetCurrentProcess
+    - MmIsAddressValid
+    - PsGetProcessId
+    - ObQueryNameString
+    - FsRtlIsNameInExpression
+    - sprintf
+    - __C_specific_handler
+    ExportedFunctions: ''
+    MD5: 2ab9f5a66d75adb01171bb04ab4380f2
+    SHA1: 1479717fab67d98bbc3665f6b12adddfca74e0ef
+    SHA256: 1698ba7eeee6ff9272cc25b242af89190ff23fd9530f21aa8f0f3792412594f3
+    Imphash: e800cd3299d4cda0d9e02255acc3b7dd
+    Machine: AMD64
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2021-01-06 09:16:01'
+    RichPEHeaderMD5: c4e7e7af2fdd10d405127dc885585e78
+    RichPEHeaderSHA1: bb15c357ab3f88e7eb311098667c091cd5f129c3
+    RichPEHeaderSHA256: 7f2615ebe7385406ee5a6aba05c2a4b97cfdf498617fa8dae127640c6b6d465d
+    AuthentihashMD5: 039cffceb3ae187e569f5d727270298d
+    AuthentihashSHA1: a8b62bfd32512bd382fa1e236dbbe01a5be4cbeb
+    AuthentihashSHA256: 9923b3d6e508aa2086c66b36038b37206b0f8d26beaf87022290a2b574c2e047
+    Sections:
+        .text:
+            Entropy: 6.1933071166252995
+            Virtual Size: '0xeff'
+        .rdata:
+            Entropy: 3.5078823792385885
+            Virtual Size: '0x6cc'
+        .data:
+            Entropy: 1.1394755320256174
+            Virtual Size: '0x68'
+        .pdata:
+            Entropy: 3.530940511531345
+            Virtual Size: '0xfc'
+        PAGE:
+            Entropy: 4.079225801519104
+            Virtual Size: '0x2c'
+        INIT:
+            Entropy: 5.476024924621617
+            Virtual Size: '0x55a'
+        .rsrc:
+            Entropy: 3.561775255588161
+            Virtual Size: '0x450'
+        .reloc:
+            Entropy: 3.4420918598895933
+            Virtual Size: '0x28'
+    CompanyName: Windows (R) Win 7 DDK provider
+    FileDescription: DcProtect Driver
+    InternalName: DcProtect.sys
+    OriginalFilename: DcProtect.sys
+    FileVersion: 1.2.0.0
+    ProductName: 'DcProtect (R) Win7x64 driver '
+    LegalCopyright: Copyright (C) 2012-2020 Jiangmen Eyun Network Co.,Ltd. 2019
+    ProductVersion: 1.2.0.0
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert, Inc., CN=DigiCert Timestamp 2021
+            ValidFrom: '2021-01-01 00:00:00'
+            ValidTo: '2031-01-06 00:00:00'
+            Signature: 481cdcb5e99a23bce71ae7200e8e6746fd427251740a2347a3ab92d225c47059be14a0e52781a54d1415190779f0d104c386d93bbdfe4402664ded69a40ff6b870cf62e8f5514a7879367a27b7f3e7529f93a7ed439e7be7b4dd412289fb87a246034efcf4feb76477635f2352698382fa1a53ed90cc8da117730df4f36539704bf39cd67a7bda0cbc3d32d01bcbf561fc75080076bc810ef8c0e15ccfc41172e71b6449d8229a751542f52d323881daf460a2bab452fb5ce06124254fb2dfc929a8734351dabd63d61f5b9bf72e1b4f131df74a0d717e97b7f43f84ebc1e3a349a1facea7bf56cfba597661895f7ea7b48e6778f93698e1cb28da5b87a68a2f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 0d424ae0be3a88ff604021ce1400f0dd
+            Version: 3
+            TBS:
+                MD5: c0189c338449a42fe8358c2c1fbecc60
+                SHA1: b8ac0ee6875594b80ad86a6df6dd1fa3048c187c
+                SHA256: a43de6baf968a942da017b70769fdb65b3cfb1bbca1f9174da26a7d8aae78ec5
+                SHA384: 76d3a316a5a106050298418cce3beea16100524723d9e3220b0de51bfb6f1c35a5d4c7cd10b358fef7bf94c3e3562150
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Assured
+                ID Timestamping CA
+            ValidFrom: '2016-01-07 12:00:00'
+            ValidTo: '2031-01-07 12:00:00'
+            Signature: 719512e951875669cdefddda7caa637ab378cf06374084ef4b84bfcacf0302fdc5a7c30e20422caf77f32b1f0c215a2ab705341d6aae99f827a266bf09aa60df76a43a930ff8b2d1d87c1962e85e82251ec4ba1c7b2c21e2d65b2c1435430468b2db7502e072c798d63c64e51f4810185f8938614d62462487638c91522caf2989e5781fd60b14a580d7124770b375d59385937eb69267fb536189a8f56b96c0f458690d7cc801b1b92875b7996385228c61ca79947e59fc8c0fe36fb50126b66ca5ee875121e458609bba0c2d2b6da2c47ebbc4252b4702087c49ae13b6e17c424228c61856cf4134b6665db6747bf55633222f2236b24ba24a95d8f5a68e52
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 0aa125d6d6321b7e41e405da3697c215
+            Version: 3
+            TBS:
+                MD5: 8d26184fc613f89aba1cefb30fce1b53
+                SHA1: 63a7e376bad5ec2e419d514a403bcf46c8d31d95
+                SHA256: 56b5f0d9db578e3f142921daa387902722a76700375c7e1c4ae0ba004bacaa0c
+                SHA384: d8c9691fe9dbe182f07b49b07fbb4f589fa7b38b5c4d21f265d3a2e818f4b1bfb39e03faab2ec05bb10333a99914fb8a
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: ??=CN, ??=, ??=, ??=Private Organization, serialNumber=91440703345542411W,
+                C=CN, ST=Guangdong, L=Jiangmen, O=Jiangmen Eyun Network Co., Ltd.,
+                CN=Jiangmen Eyun Network Co., Ltd.
+            ValidFrom: '2019-04-24 00:00:00'
+            ValidTo: '2021-04-28 12:00:00'
+            Signature: 40287d210da467c6e8ff239183f0afaded732c19b48eaed1ac490ed9f5e6660576c79ca74ca3d27e2647113e26953c4da58bcbcbd2fd9ef4a402ec0f9715bc44d7c1a4c2fb3909b19e532db2acbf644434b8ad7a583192ca0abd8f8270b08f3cbd1af5874520c8d86173b5b4177a6f4c84fe1a06e4bc4d2378d6d8021c77bba07044d90a91fae6eaf3db9cb8c5954ce2ac5a67be7150a56785a5ff65ed27ec3bd9c47017a5460cd592108d84d803de5ab05d21de72829bbd5bdc42c36d2e1a4e4e0946c0d6e9987ee5634c5eb7340f2b8b30ac11a321b43d20043c88fe1164f8e18d55b00eb050e66be95f2589dc4719590d5a57213bbf51e8777f2a28e20fb4
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0abe0ae214534ce0db8c4784e7b8b9f6
+            Version: 3
+            TBS:
+                MD5: 85b79b9fe18b3766b667a26271e4c146
+                SHA1: 74ff1f4cae4c7cc002981fc5b4b01b62347bc21b
+                SHA256: 6a558777a73413544b90a528696e6ccaab26a49ea0694d59b50252147681f7e4
+                SHA384: af51a957aea8ab15498d1feb160d1304a4ebf17f02199acbf0a02eda15a33afaa5360e39d17d383521546e1a57b384d2
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA
+            ValidFrom: '2012-04-18 12:00:00'
+            ValidTo: '2027-04-18 12:00:00'
+            Signature: 9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0dd0e3374ac95bdbfa6b434b2a48ec06
+            Version: 3
+            TBS:
+                MD5: f92649915476229b093c211c2b18e6c4
+                SHA1: 2d54c16a8f8b69ccdea48d0603c132f547a5cf75
+                SHA256: 2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
+                SHA384: 511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace
+        Signer:
+        -   SerialNumber: 0abe0ae214534ce0db8c4784e7b8b9f6
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA
+            Version: 1
+    Authentihash:
+        MD5: 039cffceb3ae187e569f5d727270298d
+        SHA1: a8b62bfd32512bd382fa1e236dbbe01a5be4cbeb
+        SHA256: 9923b3d6e508aa2086c66b36038b37206b0f8d26beaf87022290a2b574c2e047
+    RichPEHeaderHash:
+        MD5: c4e7e7af2fdd10d405127dc885585e78
+        SHA1: bb15c357ab3f88e7eb311098667c091cd5f129c3
+        SHA256: 7f2615ebe7385406ee5a6aba05c2a4b97cfdf498617fa8dae127640c6b6d465d
+    Description: DcProtect Driver
+    Company: Windows (R) Win 7 DDK provider
+    Product: 'DcProtect (R) Win7x64 driver '
+    Copyright: Copyright (C) 2012-2020 Jiangmen Eyun Network Co.,Ltd. 2019
+    MachineType: AMD64
+    Imports:
+    - FLTMGR.SYS
+    - ntoskrnl.exe
+-   Filename: ''
+    Libraries:
+    - FLTMGR.SYS
+    - ntoskrnl.exe
+    ImportedFunctions:
+    - FltRegisterFilter
+    - FltUnregisterFilter
+    - FltStartFiltering
+    - FltCreateCommunicationPort
+    - FltCloseCommunicationPort
+    - FltCloseClientPort
+    - FltBuildDefaultSecurityDescriptor
+    - FltFreeSecurityDescriptor
+    - _strlwr
+    - strstr
+    - RtlInitUnicodeString
+    - RtlCopyUnicodeString
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - ExGetPreviousMode
+    - CmUnRegisterCallback
+    - CmRegisterCallbackEx
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - IoGetCurrentProcess
+    - MmIsAddressValid
+    - PsGetProcessId
+    - ObQueryNameString
+    - FsRtlIsNameInExpression
+    - sprintf
+    - _except_handler3
+    - memcpy
+    - memset
+    ExportedFunctions: ''
+    MD5: 2c957aa79231fad8e221e035db6d0d81
+    SHA1: 6de3d5c2e33d91eef975a30bc07b0e53a68e77b8
+    SHA256: 55b5bcbf8fb4e1ce99d201d3903d785888c928aa26e947ce2cdb99eefd0dae03
+    Imphash: 2ece23bdef16ee294bd905c7ba1be589
+    Machine: I386
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2021-01-06 09:13:00'
+    RichPEHeaderMD5: 331d5fbc7084c96f08da4705084c4bc3
+    RichPEHeaderSHA1: 6e6ddabbb0c5d4d90269650e65477ae67bf17947
+    RichPEHeaderSHA256: 50cf67aa86ee44eeccc56f3ebc2f441c284470cd58f40766cfa05f534542983e
+    AuthentihashMD5: 007b4e42848dd962ea718006bab02c73
+    AuthentihashSHA1: b19d88aecf348d25a9dbe3d884a4069e5f79c49a
+    AuthentihashSHA256: 52b1c4667ef36a02a0e6d7f147b8d4bc0e30645e6c88bd2984e53abc693bc18e
+    Sections:
+        .text:
+            Entropy: 6.308037981479057
+            Virtual Size: '0x946'
+        .rdata:
+            Entropy: 3.7023655017712978
+            Virtual Size: '0x444'
+        .data:
+            Entropy: 0.830872163407438
+            Virtual Size: '0x54'
+        PAGE:
+            Entropy: 3.895638807527667
+            Virtual Size: '0x24'
+        INIT:
+            Entropy: 5.649483257924144
+            Virtual Size: '0x46a'
+        .rsrc:
+            Entropy: 3.5678412574106426
+            Virtual Size: '0x450'
+        .reloc:
+            Entropy: 5.595838177817881
+            Virtual Size: '0x11c'
+    CompanyName: Windows (R) Win 7 DDK provider
+    FileDescription: DcProtect Driver
+    InternalName: DcProtect.sys
+    OriginalFilename: DcProtect.sys
+    FileVersion: 1.2.0.0
+    ProductName: 'DcProtect (R) Win7x86 driver '
+    LegalCopyright: Copyright (C) 2012-2020 Jiangmen Eyun Network Co.,Ltd. 2019
+    ProductVersion: 1.2.0.0
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert, Inc., CN=DigiCert Timestamp 2021
+            ValidFrom: '2021-01-01 00:00:00'
+            ValidTo: '2031-01-06 00:00:00'
+            Signature: 481cdcb5e99a23bce71ae7200e8e6746fd427251740a2347a3ab92d225c47059be14a0e52781a54d1415190779f0d104c386d93bbdfe4402664ded69a40ff6b870cf62e8f5514a7879367a27b7f3e7529f93a7ed439e7be7b4dd412289fb87a246034efcf4feb76477635f2352698382fa1a53ed90cc8da117730df4f36539704bf39cd67a7bda0cbc3d32d01bcbf561fc75080076bc810ef8c0e15ccfc41172e71b6449d8229a751542f52d323881daf460a2bab452fb5ce06124254fb2dfc929a8734351dabd63d61f5b9bf72e1b4f131df74a0d717e97b7f43f84ebc1e3a349a1facea7bf56cfba597661895f7ea7b48e6778f93698e1cb28da5b87a68a2f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 0d424ae0be3a88ff604021ce1400f0dd
+            Version: 3
+            TBS:
+                MD5: c0189c338449a42fe8358c2c1fbecc60
+                SHA1: b8ac0ee6875594b80ad86a6df6dd1fa3048c187c
+                SHA256: a43de6baf968a942da017b70769fdb65b3cfb1bbca1f9174da26a7d8aae78ec5
+                SHA384: 76d3a316a5a106050298418cce3beea16100524723d9e3220b0de51bfb6f1c35a5d4c7cd10b358fef7bf94c3e3562150
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Assured
+                ID Timestamping CA
+            ValidFrom: '2016-01-07 12:00:00'
+            ValidTo: '2031-01-07 12:00:00'
+            Signature: 719512e951875669cdefddda7caa637ab378cf06374084ef4b84bfcacf0302fdc5a7c30e20422caf77f32b1f0c215a2ab705341d6aae99f827a266bf09aa60df76a43a930ff8b2d1d87c1962e85e82251ec4ba1c7b2c21e2d65b2c1435430468b2db7502e072c798d63c64e51f4810185f8938614d62462487638c91522caf2989e5781fd60b14a580d7124770b375d59385937eb69267fb536189a8f56b96c0f458690d7cc801b1b92875b7996385228c61ca79947e59fc8c0fe36fb50126b66ca5ee875121e458609bba0c2d2b6da2c47ebbc4252b4702087c49ae13b6e17c424228c61856cf4134b6665db6747bf55633222f2236b24ba24a95d8f5a68e52
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 0aa125d6d6321b7e41e405da3697c215
+            Version: 3
+            TBS:
+                MD5: 8d26184fc613f89aba1cefb30fce1b53
+                SHA1: 63a7e376bad5ec2e419d514a403bcf46c8d31d95
+                SHA256: 56b5f0d9db578e3f142921daa387902722a76700375c7e1c4ae0ba004bacaa0c
+                SHA384: d8c9691fe9dbe182f07b49b07fbb4f589fa7b38b5c4d21f265d3a2e818f4b1bfb39e03faab2ec05bb10333a99914fb8a
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: ??=CN, ??=, ??=, ??=Private Organization, serialNumber=91440703345542411W,
+                C=CN, ST=Guangdong, L=Jiangmen, O=Jiangmen Eyun Network Co., Ltd.,
+                CN=Jiangmen Eyun Network Co., Ltd.
+            ValidFrom: '2019-04-24 00:00:00'
+            ValidTo: '2021-04-28 12:00:00'
+            Signature: 40287d210da467c6e8ff239183f0afaded732c19b48eaed1ac490ed9f5e6660576c79ca74ca3d27e2647113e26953c4da58bcbcbd2fd9ef4a402ec0f9715bc44d7c1a4c2fb3909b19e532db2acbf644434b8ad7a583192ca0abd8f8270b08f3cbd1af5874520c8d86173b5b4177a6f4c84fe1a06e4bc4d2378d6d8021c77bba07044d90a91fae6eaf3db9cb8c5954ce2ac5a67be7150a56785a5ff65ed27ec3bd9c47017a5460cd592108d84d803de5ab05d21de72829bbd5bdc42c36d2e1a4e4e0946c0d6e9987ee5634c5eb7340f2b8b30ac11a321b43d20043c88fe1164f8e18d55b00eb050e66be95f2589dc4719590d5a57213bbf51e8777f2a28e20fb4
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0abe0ae214534ce0db8c4784e7b8b9f6
+            Version: 3
+            TBS:
+                MD5: 85b79b9fe18b3766b667a26271e4c146
+                SHA1: 74ff1f4cae4c7cc002981fc5b4b01b62347bc21b
+                SHA256: 6a558777a73413544b90a528696e6ccaab26a49ea0694d59b50252147681f7e4
+                SHA384: af51a957aea8ab15498d1feb160d1304a4ebf17f02199acbf0a02eda15a33afaa5360e39d17d383521546e1a57b384d2
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA
+            ValidFrom: '2012-04-18 12:00:00'
+            ValidTo: '2027-04-18 12:00:00'
+            Signature: 9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0dd0e3374ac95bdbfa6b434b2a48ec06
+            Version: 3
+            TBS:
+                MD5: f92649915476229b093c211c2b18e6c4
+                SHA1: 2d54c16a8f8b69ccdea48d0603c132f547a5cf75
+                SHA256: 2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
+                SHA384: 511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace
+        Signer:
+        -   SerialNumber: 0abe0ae214534ce0db8c4784e7b8b9f6
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA
+            Version: 1
+    Authentihash:
+        MD5: 007b4e42848dd962ea718006bab02c73
+        SHA1: b19d88aecf348d25a9dbe3d884a4069e5f79c49a
+        SHA256: 52b1c4667ef36a02a0e6d7f147b8d4bc0e30645e6c88bd2984e53abc693bc18e
+    RichPEHeaderHash:
+        MD5: 331d5fbc7084c96f08da4705084c4bc3
+        SHA1: 6e6ddabbb0c5d4d90269650e65477ae67bf17947
+        SHA256: 50cf67aa86ee44eeccc56f3ebc2f441c284470cd58f40766cfa05f534542983e
+    Description: DcProtect Driver
+    Company: Windows (R) Win 7 DDK provider
+    Product: 'DcProtect (R) Win7x86 driver '
+    Copyright: Copyright (C) 2012-2020 Jiangmen Eyun Network Co.,Ltd. 2019
+    MachineType: I386
+    Imports:
+    - FLTMGR.SYS
+    - ntoskrnl.exe
diff --git a/yaml/7e80423f-8b30-4ee2-b904-9f5421826a8c.yaml b/yaml/7e80423f-8b30-4ee2-b904-9f5421826a8c.yaml
index c0611961d..075bd30c6 100644
--- a/yaml/7e80423f-8b30-4ee2-b904-9f5421826a8c.yaml
+++ b/yaml/7e80423f-8b30-4ee2-b904-9f5421826a8c.yaml
@@ -1,238 +1,238 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 7e80423f-8b30-4ee2-b904-9f5421826a8c
+Tags:
+- daxin_blank.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: malicious
-Commands:
-  Command: sc.exe create daxin_blank.sys binPath=C:\windows\temp\daxin_blank.sys     type=kernel
-    && sc.exe start daxin_blank.sys
-  Description: Driver used in the Daxin malware campaign.
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-02-28'
-Detection: []
-Id: 7e80423f-8b30-4ee2-b904-9f5421826a8c
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 253bde63495fa4f995a6debae44e598e
-    SHA1: 57391d4c4e30f91e3e780d5242fd98a178ec67ac
-    SHA256: a000d211840cb8fbcbf95c334b1d04eadb45ba03b0413c96472e47e9e22413ff
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2013-01-23 00:07:26'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: daxin_blank.sys
-  ImportedFunctions:
-  - wcsncmp
-  - DbgPrint
-  - IoAllocateMdl
-  - _stricmp
-  - sprintf
-  - RtlLengthRequiredSid
-  - ExAllocatePoolWithTag
-  - vsprintf
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - RtlAnsiStringToUnicodeString
-  - NtWriteFile
-  - RtlCreateAcl
-  - PsLookupProcessByProcessId
-  - NtQuerySystemInformation
-  - _wcsnicmp
-  - ZwReadFile
-  - RtlSetDaclSecurityDescriptor
-  - KeInitializeApc
-  - IoDeleteDevice
-  - NtFsControlFile
-  - KeInsertQueueApc
-  - MmGetSystemRoutineAddress
-  - IoCreateFile
-  - ZwQuerySystemInformation
-  - KeReleaseSpinLock
-  - RtlAddAccessAllowedAce
-  - RtlImageDirectoryEntryToData
-  - KeDetachProcess
-  - ZwOpenFile
-  - ZwWaitForSingleObject
-  - ZwCreateFile
-  - PsCreateSystemThread
-  - ZwQueryValueKey
-  - PsTerminateSystemThread
-  - ZwFreeVirtualMemory
-  - KeQueryTimeIncrement
-  - ObReferenceObjectByHandle
-  - KeWaitForSingleObject
-  - KeAttachProcess
-  - PsGetVersion
-  - PsThreadType
-  - RtlCompareUnicodeString
-  - ZwOpenProcess
-  - ZwQueryInformationProcess
-  - IoCreateSymbolicLink
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - ZwTerminateProcess
-  - ZwQueryInformationFile
-  - KeWaitForMultipleObjects
-  - ZwWriteFile
-  - NtReadFile
-  - PsLookupThreadByThreadId
-  - RtlLengthSid
-  - RtlCreateSecurityDescriptor
-  - ZwAllocateVirtualMemory
-  - ZwOpenKey
-  - KeAcquireSpinLockRaiseToDpc
-  - RtlUnicodeStringToInteger
-  - MmIsAddressValid
-  - PsGetCurrentProcessId
-  - ZwDeviceIoControlFile
-  - IofCompleteRequest
-  - ZwClose
-  - MmMapLockedPagesSpecifyCache
-  - MmUserProbeAddress
-  - MmBuildMdlForNonPagedPool
-  - memchr
-  - KeDelayExecutionThread
-  - RtlInitUnicodeString
-  - NdisAllocateMemoryWithTag
-  - NdisAllocateNetBufferAndNetBufferList
-  - NdisMSendNetBufferListsComplete
-  - NdisReturnNetBufferLists
-  - NdisAllocateNetBufferListPool
-  - NdisFreeMemory
-  - NdisCopyFromNetBufferToNetBuffer
-  - NdisFreeMdl
-  - NdisFreeNetBufferListPool
-  - NdisFreeNetBufferList
-  - NdisSendNetBufferLists
-  Imports:
-  - ntoskrnl.exe
-  - NDIS.SYS
-  InternalName: ''
-  MD5: 62c18d61ed324088f963510bae43b831
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: Anhua Xinda (Beijing) Technology Co., Ltd.
-  RichPEHeaderHash:
-    MD5: 8f9faa12ddcbb631cbad8b74124e28c1
-    SHA1: c120a5848e8e01e01846164408d19dcb972cc894
-    SHA256: edf117e94236b5914ca392b30047f8acb8c10d19d1ab6d09d5ca116dfc756d39
-  SHA1: 8302802b709ad242a81b939b6c90b3230e1a1f1e
-  SHA256: 49c827cf48efb122a9d6fd87b426482b7496ccd4a2dbca31ebbf6b2b80c98530
-  Sections:
-    .text:
-      Entropy: 6.330285813038149
-      Virtual Size: '0xa994'
-    .rdata:
-      Entropy: 4.611583743512791
-      Virtual Size: '0x72c'
-    .data:
-      Entropy: 0.7386195307662838
-      Virtual Size: '0x195558'
-    .pdata:
-      Entropy: 4.5208242156082745
-      Virtual Size: '0x720'
-    INIT:
-      Entropy: 5.8159894517645485
-      Virtual Size: '0xdae'
-  Signature: Signed
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=CN, ST=Beijing, L=Beijing, O=Anhua Xinda (Beijing) Technology Co.,
-        Ltd., OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=Anhua Xinda
-        (Beijing) Technology Co., Ltd.
-      ValidFrom: '2011-06-28 00:00:00'
-      ValidTo: '2014-06-27 23:59:59'
-      Signature: 75446640570a5790bb9af0f472df1738c47e362aedd568599f66a121e1c27b51008ca2e0d72ed727e61ee0c76a578dc56de22c5ee58136db144fc68aca0fd0196d70716bd8c9d19b5fdd8a147d749367a953604b24502efdd039577033df13b8d20a8cc7ca4829a303c11e7f6bf3c370d98b64b875ca3745546285bb70c204467968b1c4a416b0636c590dff6f7a3091ed00351c626e32e859bdd58d363940a5ed33d121e423d2ba1b8ad85c5c1296e23d627e0aafe9268945bce9567c38719621eecdde83a74139fb3e0920a32e558fd64c0149cfec10f4b82fdcc8cdaed4011977c2169035b71edc68fabaf43d59f989ee5d97ec94eaa05ef2a62bfc480fa9
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 387c9476e28320264594846317d46540
-      Version: 3
-      TBS:
-        MD5: ce372214eabe9d311e4a156fe2044327
-        SHA1: 7f7eb1a547c9b0b2e41b0f44515dfd20c16edceb
-        SHA256: 03d59cc81c6960a93ab4b02e5521aa9fb349e8d7df9dfdf675201e48c23b5a34
-        SHA384: 4b8829bc6980e82affeb7ad29efb59fc3ca9b02d015e6c0f385b9f2cf275609cd45936659f41fce579c073e34c2ca308
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 387c9476e28320264594846317d46540
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 4b47f6031c558106eee17655f8f8a32f
-  LoadsDespiteHVCI: 'TRUE'
 MitreID: T1068
+Category: malicious
+Commands:
+    Command: sc.exe create daxin_blank.sys binPath=C:\windows\temp\daxin_blank.sys     type=kernel
+        && sc.exe start daxin_blank.sys
+    Description: Driver used in the Daxin malware campaign.
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://gist.github.com/MHaggis/9ab3bb795a6018d70fb11fa7c31f8f48
 - https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/daxin-backdoor-espionage
 - ''
-Tags:
-- daxin_blank.sys
-Verified: 'TRUE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 253bde63495fa4f995a6debae44e598e
+        SHA1: 57391d4c4e30f91e3e780d5242fd98a178ec67ac
+        SHA256: a000d211840cb8fbcbf95c334b1d04eadb45ba03b0413c96472e47e9e22413ff
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2013-01-23 00:07:26'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: daxin_blank.sys
+    ImportedFunctions:
+    - wcsncmp
+    - DbgPrint
+    - IoAllocateMdl
+    - _stricmp
+    - sprintf
+    - RtlLengthRequiredSid
+    - ExAllocatePoolWithTag
+    - vsprintf
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - RtlAnsiStringToUnicodeString
+    - NtWriteFile
+    - RtlCreateAcl
+    - PsLookupProcessByProcessId
+    - NtQuerySystemInformation
+    - _wcsnicmp
+    - ZwReadFile
+    - RtlSetDaclSecurityDescriptor
+    - KeInitializeApc
+    - IoDeleteDevice
+    - NtFsControlFile
+    - KeInsertQueueApc
+    - MmGetSystemRoutineAddress
+    - IoCreateFile
+    - ZwQuerySystemInformation
+    - KeReleaseSpinLock
+    - RtlAddAccessAllowedAce
+    - RtlImageDirectoryEntryToData
+    - KeDetachProcess
+    - ZwOpenFile
+    - ZwWaitForSingleObject
+    - ZwCreateFile
+    - PsCreateSystemThread
+    - ZwQueryValueKey
+    - PsTerminateSystemThread
+    - ZwFreeVirtualMemory
+    - KeQueryTimeIncrement
+    - ObReferenceObjectByHandle
+    - KeWaitForSingleObject
+    - KeAttachProcess
+    - PsGetVersion
+    - PsThreadType
+    - RtlCompareUnicodeString
+    - ZwOpenProcess
+    - ZwQueryInformationProcess
+    - IoCreateSymbolicLink
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - ZwTerminateProcess
+    - ZwQueryInformationFile
+    - KeWaitForMultipleObjects
+    - ZwWriteFile
+    - NtReadFile
+    - PsLookupThreadByThreadId
+    - RtlLengthSid
+    - RtlCreateSecurityDescriptor
+    - ZwAllocateVirtualMemory
+    - ZwOpenKey
+    - KeAcquireSpinLockRaiseToDpc
+    - RtlUnicodeStringToInteger
+    - MmIsAddressValid
+    - PsGetCurrentProcessId
+    - ZwDeviceIoControlFile
+    - IofCompleteRequest
+    - ZwClose
+    - MmMapLockedPagesSpecifyCache
+    - MmUserProbeAddress
+    - MmBuildMdlForNonPagedPool
+    - memchr
+    - KeDelayExecutionThread
+    - RtlInitUnicodeString
+    - NdisAllocateMemoryWithTag
+    - NdisAllocateNetBufferAndNetBufferList
+    - NdisMSendNetBufferListsComplete
+    - NdisReturnNetBufferLists
+    - NdisAllocateNetBufferListPool
+    - NdisFreeMemory
+    - NdisCopyFromNetBufferToNetBuffer
+    - NdisFreeMdl
+    - NdisFreeNetBufferListPool
+    - NdisFreeNetBufferList
+    - NdisSendNetBufferLists
+    Imports:
+    - ntoskrnl.exe
+    - NDIS.SYS
+    InternalName: ''
+    MD5: 62c18d61ed324088f963510bae43b831
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: Anhua Xinda (Beijing) Technology Co., Ltd.
+    RichPEHeaderHash:
+        MD5: 8f9faa12ddcbb631cbad8b74124e28c1
+        SHA1: c120a5848e8e01e01846164408d19dcb972cc894
+        SHA256: edf117e94236b5914ca392b30047f8acb8c10d19d1ab6d09d5ca116dfc756d39
+    SHA1: 8302802b709ad242a81b939b6c90b3230e1a1f1e
+    SHA256: 49c827cf48efb122a9d6fd87b426482b7496ccd4a2dbca31ebbf6b2b80c98530
+    Sections:
+        .text:
+            Entropy: 6.330285813038149
+            Virtual Size: '0xa994'
+        .rdata:
+            Entropy: 4.611583743512791
+            Virtual Size: '0x72c'
+        .data:
+            Entropy: 0.7386195307662838
+            Virtual Size: '0x195558'
+        .pdata:
+            Entropy: 4.5208242156082745
+            Virtual Size: '0x720'
+        INIT:
+            Entropy: 5.8159894517645485
+            Virtual Size: '0xdae'
+    Signature: Signed
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=CN, ST=Beijing, L=Beijing, O=Anhua Xinda (Beijing) Technology
+                Co., Ltd., OU=Digital ID Class 3 , Microsoft Software Validation v2,
+                CN=Anhua Xinda (Beijing) Technology Co., Ltd.
+            ValidFrom: '2011-06-28 00:00:00'
+            ValidTo: '2014-06-27 23:59:59'
+            Signature: 75446640570a5790bb9af0f472df1738c47e362aedd568599f66a121e1c27b51008ca2e0d72ed727e61ee0c76a578dc56de22c5ee58136db144fc68aca0fd0196d70716bd8c9d19b5fdd8a147d749367a953604b24502efdd039577033df13b8d20a8cc7ca4829a303c11e7f6bf3c370d98b64b875ca3745546285bb70c204467968b1c4a416b0636c590dff6f7a3091ed00351c626e32e859bdd58d363940a5ed33d121e423d2ba1b8ad85c5c1296e23d627e0aafe9268945bce9567c38719621eecdde83a74139fb3e0920a32e558fd64c0149cfec10f4b82fdcc8cdaed4011977c2169035b71edc68fabaf43d59f989ee5d97ec94eaa05ef2a62bfc480fa9
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 387c9476e28320264594846317d46540
+            Version: 3
+            TBS:
+                MD5: ce372214eabe9d311e4a156fe2044327
+                SHA1: 7f7eb1a547c9b0b2e41b0f44515dfd20c16edceb
+                SHA256: 03d59cc81c6960a93ab4b02e5521aa9fb349e8d7df9dfdf675201e48c23b5a34
+                SHA384: 4b8829bc6980e82affeb7ad29efb59fc3ca9b02d015e6c0f385b9f2cf275609cd45936659f41fce579c073e34c2ca308
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 387c9476e28320264594846317d46540
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 4b47f6031c558106eee17655f8f8a32f
+    LoadsDespiteHVCI: 'TRUE'
diff --git a/yaml/7edb5602-239f-460a-89d6-363ff1059765.yaml b/yaml/7edb5602-239f-460a-89d6-363ff1059765.yaml
index 8097a6349..2abf6202e 100644
--- a/yaml/7edb5602-239f-460a-89d6-363ff1059765.yaml
+++ b/yaml/7edb5602-239f-460a-89d6-363ff1059765.yaml
@@ -1,1869 +1,1877 @@
 Id: 7edb5602-239f-460a-89d6-363ff1059765
+Tags:
+- viragt64.sys
+Verified: 'TRUE'
 Author: Nasreddine Bencherchali
 Created: '2023-05-06'
 MitreID: T1068
 Category: vulnerable driver
-Verified: 'TRUE'
 Commands:
-  Command: sc.exe create viragt64.sys binPath=C:\windows\temp\viragt64.sys type=kernel
-    && sc.exe start viragt64.sys
-  Description: ''
-  Usecase: Elevate privileges
-  Privileges: kernel
-  OperatingSystem: Windows 10
+    Command: sc.exe create viragt64.sys binPath=C:\windows\temp\viragt64.sys type=kernel
+        && sc.exe start viragt64.sys
+    Description: ''
+    Usecase: Elevate privileges
+    Privileges: kernel
+    OperatingSystem: Windows 10
 Resources:
 - Internal Research
-Acknowledgement:
-  Person: ''
-  Handle: ''
 Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Person: ''
+    Handle: ''
 KnownVulnerableSamples:
-- Filename: viragt64.sys
-  MD5: 779af226b7b72ff9d78ce1f03d4a3389
-  SHA1: 9eef72e0c4d5055f6ae5fe49f7f812de29afbf37
-  SHA256: 18deed37f60b6aa8634dda2565a0485452487d7bce88afb49301a7352db4e506
-  Authentihash:
-    MD5: 835b8a268127c12be0ebcdd13eae3f16
-    SHA1: 40082d350533c99578bdabfcaf03afe52c83d4a8
-    SHA256: 5f353fc46843155b6b63e75994f5328b9d4344654d5759a5145cd6e64babe3de
-  Description: VirIT Agent System
-  Company: TG Soft S.a.s.
-  InternalName: viragt.sys
-  OriginalFilename: viragt64.sys
-  FileVersion: 1, 0, 0, 0
-  Product: VirIT Agent System
-  ProductVersion: 1, 0, 0, 0
-  Copyright: Copyright (C) TG Soft S.a.s. 2011, 2012 - www.tgsoft.it
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - mbstowcs
-  - ExAllocatePoolWithTag
-  - KeSetTargetProcessorDpc
-  - ZwCreateKey
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - KeInitializeMutex
-  - RtlAnsiStringToUnicodeString
-  - ZwReadFile
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - RtlInitAnsiString
-  - ZwSetValueKey
-  - _strupr
-  - KeInitializeDpc
-  - ZwQuerySystemInformation
-  - MmBuildMdlForNonPagedPool
-  - IoFreeMdl
-  - ZwSetInformationFile
-  - KeReleaseMutex
-  - KeDelayExecutionThread
-  - ZwCreateFile
-  - PsCreateSystemThread
-  - MmMapLockedPagesSpecifyCache
-  - ExSystemTimeToLocalTime
-  - ZwQueryValueKey
-  - PsTerminateSystemThread
-  - KeInsertQueueDpc
-  - ZwEnumerateValueKey
-  - ZwClose
-  - sprintf
-  - ObReferenceObjectByHandle
-  - KeWaitForSingleObject
-  - RtlTimeToTimeFields
-  - MmProbeAndLockPages
-  - ZwOpenProcess
-  - MmUnlockPages
-  - IoCreateSymbolicLink
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - ZwTerminateProcess
-  - wcstombs
-  - KeNumberProcessors
-  - ZwQueryInformationFile
-  - MmIsNonPagedSystemAddressValid
-  - ZwWriteFile
-  - ZwDeleteKey
-  - RtlFormatCurrentUserKeyPath
-  - ZwEnumerateKey
-  - IoAllocateMdl
-  - ZwOpenKey
-  - ObOpenObjectByName
-  - swprintf
-  - RtlUnicodeStringToAnsiString
-  - ZwOpenDirectoryObject
-  - IoFileObjectType
-  - IoDriverObjectType
-  - ZwQueryDirectoryObject
-  - KeQueryActiveProcessors
-  - KeBugCheckEx
-  - IofCompleteRequest
-  - ExQueueWorkItem
-  - __C_specific_handler
-  - __chkstk
-  - KeStallExecutionProcessor
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G3
-      ValidFrom: '2012-05-01 00:00:00'
-      ValidTo: '2012-12-31 23:59:59'
-      Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
-      Version: 3
-      TBS:
-        MD5: e6d820afb23af20a65cf0b03247ea05e
-        SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
-        SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
-        SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=IT, ST=Padova, L=Rubano, O=TG Soft S.a.s. Di Tonello Gianfranco e
-        C., OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=TG Soft S.a.s.
-        Di Tonello Gianfranco e C.
-      ValidFrom: '2010-01-15 00:00:00'
-      ValidTo: '2013-01-26 23:59:59'
-      Signature: 49acd6daead15fe8d7445a98d9c495f32e30c0bfe703acba889230d0e71911d319656ef50b2116f52fafc0e98010c27d23c59fc85bfd5a20c274a171279702f4c34435fe76b9746a39c64fd401aec55d0e1dedb33f6a8a4a35b3e4438ea30563562e3627df7abd77736982bd73966cd56b223a57e8cb3e709c316aa968eb8f9ef84560f0d68dc6e37ae179cca59e1ca21216cd04ac1f0913dbfb2ea258ebce38b3b329b2b9bd4dce4c6b568bebe1323e4622a0678ee5326540fbf0667684c9936eae2d879bb500e7f5684633e203cf5c9fcffad04ed7c712678d4209f32f280c1bf91b228a1d88a43f2b9cc0f68109b0ee81f935a87bfef1cf309fa7093a9c51
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 25008956fcdc548a3079b096ef96c928
-      Version: 3
-      TBS:
-        MD5: 3bab1e250b6b9f2257ee7e262dfbcb65
-        SHA1: f99ffe487f507ecaa1874aedf700f26529baed68
-        SHA256: 7273308094902ec5a0f89bcd6b8c487363c60ce6527c419dfa163e7f47c2f09d
-        SHA384: 55f33ea190b96f03dc48a54984dc6889f3b365e5f34e4bb80f4303ff60c8ad231226c5d45649a6091cbd96dfe735ad3a
-    Signer:
-    - SerialNumber: 25008956fcdc548a3079b096ef96c928
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 5c2da98d3c7d93dc28810b2002ce0d6e
-    SHA1: 7f456a9479c32703788bae3343a1033564eaea02
-    SHA256: c02480322b0c662ee9626946cdcb09d460738355c470505d294deb2a34c6b62b
-  Sections:
-    .text:
-      Entropy: 6.358217634774591
-      Virtual Size: '0xa40a'
-    .rdata:
-      Entropy: 4.938894324300715
-      Virtual Size: '0xbbc'
-    .data:
-      Entropy: 0.9258397206248276
-      Virtual Size: '0x2e78'
-    .pdata:
-      Entropy: 4.328762906209764
-      Virtual Size: '0x300'
-    INIT:
-      Entropy: 5.215013023190219
-      Virtual Size: '0x830'
-    .rsrc:
-      Entropy: 3.277844539512829
-      Virtual Size: '0x438'
-    .reloc:
-      Entropy: 2.539629799045108
-      Virtual Size: '0x124'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2012-08-23 01:57:10'
-  Imphash: 22a9d7a42282b48c566b4423363d3a3e
-  LoadsDespiteHVCI: 'TRUE'
-- Filename: viragt.sys
-  MD5: 25ebe6f757129adbe78ec312a5f1800b
-  SHA1: d17656f11b899d58dca7b6c3dd6eef3d65ae88e2
-  SHA256: 263e8f1e20612849aea95272da85773f577fd962a7a6d525b53f43407aa7ad24
-  Authentihash:
-    MD5: 78428144608ab49b0508197849200ab0
-    SHA1: eb528a7bc5b0d9efe5872e16f42420291c6df07f
-    SHA256: 04f771d72a812fe9dd6bced402b36b081c80bd3397fdd66dbaa44906ac088159
-  Description: VirIT Agent System
-  Company: TG Soft S.a.s.
-  InternalName: viragt.sys
-  OriginalFilename: viragt.sys
-  FileVersion: 1.25.0.0
-  Product: VirIT Agent System
-  ProductVersion: 1.25.0.0
-  Copyright: Copyright (C) TG Soft S.a.s. 2006, 2010 - www.tgsoft.it
-  MachineType: I386
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - ZwCreateKey
-  - RtlAnsiStringToUnicodeString
-  - RtlInitAnsiString
-  - wcstombs
-  - ZwOpenKey
-  - ZwSetValueKey
-  - ZwDeleteKey
-  - RtlFormatCurrentUserKeyPath
-  - ZwEnumerateKey
-  - ZwEnumerateValueKey
-  - ZwCreateFile
-  - KeWaitForSingleObject
-  - ObfDereferenceObject
-  - ObReferenceObjectByHandle
-  - ZwReadFile
-  - ZwWriteFile
-  - ZwSetInformationFile
-  - ZwOpenProcess
-  - ZwTerminateProcess
-  - _strupr
-  - ZwQuerySystemInformation
-  - IoFreeMdl
-  - MmUnlockPages
-  - MmIsAddressValid
-  - MmProbeAndLockPages
-  - MmMapLockedPagesSpecifyCache
-  - MmBuildMdlForNonPagedPool
-  - IoAllocateMdl
-  - MmIsNonPagedSystemAddressValid
-  - IoGetCurrentProcess
-  - PsLookupProcessByProcessId
-  - IoDeleteDevice
-  - ZwQueryValueKey
-  - RtlInitUnicodeString
-  - sprintf
-  - RtlTimeToTimeFields
-  - ExSystemTimeToLocalTime
-  - KeQuerySystemTime
-  - KeServiceDescriptorTable
-  - KeReleaseMutex
-  - KeDelayExecutionThread
-  - PsTerminateSystemThread
-  - ExQueueWorkItem
-  - KeInsertQueueDpc
-  - KeSetTargetProcessorDpc
-  - KeInitializeDpc
-  - KeNumberProcessors
-  - IofCompleteRequest
-  - memcpy
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsCreateSystemThread
-  - KeInitializeMutex
-  - ObOpenObjectByName
-  - IoDriverObjectType
-  - ZwOpenDirectoryObject
-  - RtlUnicodeStringToAnsiString
-  - ZwQueryDirectoryObject
-  - KeTickCount
-  - KeBugCheckEx
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - mbstowcs
-  - ZwClose
-  - memset
-  - IoDeleteSymbolicLink
-  - ZwQueryInformationFile
-  - RtlUnwind
-  - KfLowerIrql
-  - KeGetCurrentIrql
-  - READ_PORT_ULONG
-  - WRITE_PORT_UCHAR
-  - READ_PORT_UCHAR
-  - READ_PORT_BUFFER_UCHAR
-  - KfRaiseIrql
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=IT, ST=Padova, L=Rubano, O=TG Soft S.a.s. Di Tonello Gianfranco e
-        C., OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=TG Soft S.a.s.
-        Di Tonello Gianfranco e C.
-      ValidFrom: '2010-01-15 00:00:00'
-      ValidTo: '2013-01-26 23:59:59'
-      Signature: 49acd6daead15fe8d7445a98d9c495f32e30c0bfe703acba889230d0e71911d319656ef50b2116f52fafc0e98010c27d23c59fc85bfd5a20c274a171279702f4c34435fe76b9746a39c64fd401aec55d0e1dedb33f6a8a4a35b3e4438ea30563562e3627df7abd77736982bd73966cd56b223a57e8cb3e709c316aa968eb8f9ef84560f0d68dc6e37ae179cca59e1ca21216cd04ac1f0913dbfb2ea258ebce38b3b329b2b9bd4dce4c6b568bebe1323e4622a0678ee5326540fbf0667684c9936eae2d879bb500e7f5684633e203cf5c9fcffad04ed7c712678d4209f32f280c1bf91b228a1d88a43f2b9cc0f68109b0ee81f935a87bfef1cf309fa7093a9c51
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 25008956fcdc548a3079b096ef96c928
-      Version: 3
-      TBS:
-        MD5: 3bab1e250b6b9f2257ee7e262dfbcb65
-        SHA1: f99ffe487f507ecaa1874aedf700f26529baed68
-        SHA256: 7273308094902ec5a0f89bcd6b8c487363c60ce6527c419dfa163e7f47c2f09d
-        SHA384: 55f33ea190b96f03dc48a54984dc6889f3b365e5f34e4bb80f4303ff60c8ad231226c5d45649a6091cbd96dfe735ad3a
-    Signer:
-    - SerialNumber: 25008956fcdc548a3079b096ef96c928
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 83156fdf8815d162dca182f334360c2c
-    SHA1: 1d222f1dcccbe673cd1f14eb1305f4f8ee5187c9
-    SHA256: 7c182ba80bba313816b3138a0ad8b3e06306bdf22d80874913b0e75514bb9099
-  Sections:
-    .text:
-      Entropy: 6.614398650577266
-      Virtual Size: '0x6e3c'
-    .rdata:
-      Entropy: 4.918649218922101
-      Virtual Size: '0x564'
-    .data:
-      Entropy: 0.055433058128354515
-      Virtual Size: '0x2a0c'
-    INIT:
-      Entropy: 5.537679642862586
-      Virtual Size: '0x7be'
-    .rsrc:
-      Entropy: 3.294627465002607
-      Virtual Size: '0x428'
-    .reloc:
-      Entropy: 6.064753530375784
-      Virtual Size: '0xad0'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2010-11-30 01:59:42'
-  Imphash: f079f8637a1d4fe2fb93af2a267b68ef
-  LoadsDespiteHVCI: 'TRUE'
-- Filename: viragt.sys
-  MD5: 650f6531db6fb0ed25d7fc70be35a4da
-  SHA1: 7ee675f0106e36d9159c5507b96c3237fb9348cd
-  SHA256: 2a6212f3b68a6f263e96420b3607b31cfdfe51afff516f3c87d27bf8a89721e8
-  Authentihash:
-    MD5: fbbb02331ba15c59930554299f14b793
-    SHA1: 2c300726f3806b6d077fe58ae8d2b257d654a700
-    SHA256: f78e06f649bc0d88770c5465d7792abeb27631ec0ce9a0fa68698b94ebf2cf49
-  Description: VirIT Agent System
-  Company: TG Soft S.a.s.
-  InternalName: viragt.sys
-  OriginalFilename: viragt.sys
-  FileVersion: 1, 65, 0, 0
-  Product: VirIT Agent System
-  ProductVersion: 1, 65, 0, 0
-  Copyright: Copyright (C) TG Soft S.a.s. 2006, 2012 - www.tgsoft.it
-  MachineType: I386
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - RtlInitAnsiString
-  - wcstombs
-  - ZwOpenKey
-  - ZwSetValueKey
-  - ZwDeleteKey
-  - RtlFormatCurrentUserKeyPath
-  - ZwEnumerateKey
-  - ZwEnumerateValueKey
-  - ZwCreateFile
-  - KeWaitForSingleObject
-  - IofCallDriver
-  - IoBuildSynchronousFsdRequest
-  - KeInitializeEvent
-  - ObfDereferenceObject
-  - IoGetRelatedDeviceObject
-  - ObReferenceObjectByHandle
-  - ZwReadFile
-  - ZwWriteFile
-  - ZwSetInformationFile
-  - ZwOpenProcess
-  - ZwTerminateProcess
-  - _strupr
-  - ZwQuerySystemInformation
-  - IoFreeMdl
-  - MmUnlockPages
-  - MmIsAddressValid
-  - MmProbeAndLockPages
-  - MmMapLockedPagesSpecifyCache
-  - MmBuildMdlForNonPagedPool
-  - IoAllocateMdl
-  - MmIsNonPagedSystemAddressValid
-  - IoGetCurrentProcess
-  - PsLookupProcessByProcessId
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - sprintf
-  - RtlTimeToTimeFields
-  - ExSystemTimeToLocalTime
-  - KeQuerySystemTime
-  - KeServiceDescriptorTable
-  - KeReleaseMutex
-  - KeDelayExecutionThread
-  - RtlAnsiStringToUnicodeString
-  - ExQueueWorkItem
-  - KeInsertQueueDpc
-  - KeSetTargetProcessorDpc
-  - KeInitializeDpc
-  - KeNumberProcessors
-  - IofCompleteRequest
-  - memcpy
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsCreateSystemThread
-  - KeInitializeMutex
-  - ObOpenObjectByName
-  - IoDriverObjectType
-  - ZwOpenDirectoryObject
-  - RtlUnicodeStringToAnsiString
-  - ZwQueryDirectoryObject
-  - IoFileObjectType
-  - swprintf
-  - DbgPrint
-  - IoFreeIrp
-  - MmUnmapLockedPages
-  - KeSetEvent
-  - MmLockPagableSectionByHandle
-  - MmLockPagableDataSection
-  - IoAllocateIrp
-  - _wcsnicmp
-  - RtlCompareMemory
-  - IoBuildDeviceIoControlRequest
-  - _alldiv
-  - wcsrchr
-  - ZwQueryVolumeInformationFile
-  - ZwDeviceIoControlFile
-  - _strnicmp
-  - ZwFsControlFile
-  - _allmul
-  - ObfReferenceObject
-  - _allrem
-  - _stricmp
-  - strrchr
-  - KeQueryActiveProcessors
-  - KeTickCount
-  - KeBugCheckEx
-  - ZwCreateKey
-  - ZwQueryValueKey
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - mbstowcs
-  - ZwClose
-  - memset
-  - PsTerminateSystemThread
-  - ZwQueryInformationFile
-  - RtlUnwind
-  - KeRaiseIrqlToDpcLevel
-  - KfRaiseIrql
-  - KfLowerIrql
-  - KeGetCurrentIrql
-  - READ_PORT_ULONG
-  - WRITE_PORT_UCHAR
-  - READ_PORT_UCHAR
-  - READ_PORT_BUFFER_UCHAR
-  - KeStallExecutionProcessor
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G3
-      ValidFrom: '2012-05-01 00:00:00'
-      ValidTo: '2012-12-31 23:59:59'
-      Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
-      Version: 3
-      TBS:
-        MD5: e6d820afb23af20a65cf0b03247ea05e
-        SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
-        SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
-        SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=IT, ST=Padova, L=Rubano, O=TG Soft S.a.s. Di Tonello Gianfranco e
-        C., OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=TG Soft S.a.s.
-        Di Tonello Gianfranco e C.
-      ValidFrom: '2010-01-15 00:00:00'
-      ValidTo: '2013-01-26 23:59:59'
-      Signature: 49acd6daead15fe8d7445a98d9c495f32e30c0bfe703acba889230d0e71911d319656ef50b2116f52fafc0e98010c27d23c59fc85bfd5a20c274a171279702f4c34435fe76b9746a39c64fd401aec55d0e1dedb33f6a8a4a35b3e4438ea30563562e3627df7abd77736982bd73966cd56b223a57e8cb3e709c316aa968eb8f9ef84560f0d68dc6e37ae179cca59e1ca21216cd04ac1f0913dbfb2ea258ebce38b3b329b2b9bd4dce4c6b568bebe1323e4622a0678ee5326540fbf0667684c9936eae2d879bb500e7f5684633e203cf5c9fcffad04ed7c712678d4209f32f280c1bf91b228a1d88a43f2b9cc0f68109b0ee81f935a87bfef1cf309fa7093a9c51
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 25008956fcdc548a3079b096ef96c928
-      Version: 3
-      TBS:
-        MD5: 3bab1e250b6b9f2257ee7e262dfbcb65
-        SHA1: f99ffe487f507ecaa1874aedf700f26529baed68
-        SHA256: 7273308094902ec5a0f89bcd6b8c487363c60ce6527c419dfa163e7f47c2f09d
-        SHA384: 55f33ea190b96f03dc48a54984dc6889f3b365e5f34e4bb80f4303ff60c8ad231226c5d45649a6091cbd96dfe735ad3a
-    Signer:
-    - SerialNumber: 25008956fcdc548a3079b096ef96c928
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 49e861e9b5ef11a45073189555706b16
-    SHA1: 8b4484b05b022e8e3e31fd31af8d0375babefd7e
-    SHA256: 79c8030870681fcb556c799112ac97f555ad4c5b81e30c73a57fb9090c2745dc
-  Sections:
-    .text:
-      Entropy: 6.74718533044259
-      Virtual Size: '0xd44d'
-    NonPaged:
-      Entropy: 6.7226298853008695
-      Virtual Size: '0x7ad'
-    .rdata:
-      Entropy: 5.073235232857102
-      Virtual Size: '0x5d4'
-    .data:
-      Entropy: 0.05436146587565968
-      Virtual Size: '0x2c2c'
-    INIT:
-      Entropy: 5.659367301217331
-      Virtual Size: '0xa76'
-    .rsrc:
-      Entropy: 3.3244864509059133
-      Virtual Size: '0x430'
-    .reloc:
-      Entropy: 6.2771882804364765
-      Virtual Size: '0xedc'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2012-07-30 09:03:12'
-  Imphash: 80ae2342fd6c7f5e1c642918e33dafb1
-  LoadsDespiteHVCI: 'TRUE'
-- Filename: viragt.sys
-  MD5: 3467b0d996251dc56a72fc51a536dd6b
-  SHA1: ca33c88cd74e00ece898dca32a24bdfcacc3f756
-  SHA256: 2b4c7d3820fe08400a7791e2556132b902a9bbadc1942de57077ecb9d21bf47a
-  Authentihash:
-    MD5: e39802ea77fa83f1939a50985f9036c0
-    SHA1: 070c6795aa64c2bce7867e280016fb1d2af86dca
-    SHA256: ac42c7b1d9feccd48c305698942186d580b7bfd047bb73dbf028f3fed7aa24ad
-  Description: VirIT Agent System
-  Company: TG Soft S.a.s.
-  InternalName: viragt.sys
-  OriginalFilename: viragt.sys
-  FileVersion: 1, 74, 0, 0
-  Product: VirIT Agent System
-  ProductVersion: 1, 74, 0, 0
-  Copyright: Copyright (C) TG Soft S.a.s. 2006, 2013 - www.tgsoft.it
-  MachineType: I386
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - RtlInitAnsiString
-  - wcstombs
-  - ZwOpenKey
-  - ZwSetValueKey
-  - ZwDeleteKey
-  - RtlFormatCurrentUserKeyPath
-  - ZwEnumerateKey
-  - ZwEnumerateValueKey
-  - ZwCreateFile
-  - KeWaitForSingleObject
-  - IofCallDriver
-  - IoBuildSynchronousFsdRequest
-  - KeInitializeEvent
-  - ObfDereferenceObject
-  - IoGetRelatedDeviceObject
-  - ObReferenceObjectByHandle
-  - ZwReadFile
-  - ZwWriteFile
-  - ZwSetInformationFile
-  - ZwOpenProcess
-  - ZwTerminateProcess
-  - _strupr
-  - ZwQuerySystemInformation
-  - IoFreeMdl
-  - MmUnlockPages
-  - MmIsAddressValid
-  - MmProbeAndLockPages
-  - MmMapLockedPagesSpecifyCache
-  - MmBuildMdlForNonPagedPool
-  - IoAllocateMdl
-  - MmIsNonPagedSystemAddressValid
-  - IoGetCurrentProcess
-  - PsLookupProcessByProcessId
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - sprintf
-  - RtlTimeToTimeFields
-  - ExSystemTimeToLocalTime
-  - KeQuerySystemTime
-  - strstr
-  - KeServiceDescriptorTable
-  - KeReleaseMutex
-  - KeDelayExecutionThread
-  - RtlAnsiStringToUnicodeString
-  - ExQueueWorkItem
-  - KeInsertQueueDpc
-  - KeSetTargetProcessorDpc
-  - KeInitializeDpc
-  - KeNumberProcessors
-  - IofCompleteRequest
-  - PsCreateSystemThread
-  - memcpy
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeInitializeMutex
-  - RtlUnicodeStringToAnsiString
-  - IoGetDeviceObjectPointer
-  - ObOpenObjectByName
-  - IoDriverObjectType
-  - ZwOpenDirectoryObject
-  - ZwQueryDirectoryObject
-  - IoFileObjectType
-  - swprintf
-  - DbgPrint
-  - IoFreeIrp
-  - MmUnmapLockedPages
-  - KeSetEvent
-  - MmLockPagableSectionByHandle
-  - MmLockPagableDataSection
-  - IoAllocateIrp
-  - _wcsnicmp
-  - RtlCompareMemory
-  - IoBuildDeviceIoControlRequest
-  - _alldiv
-  - wcsrchr
-  - ZwQueryVolumeInformationFile
-  - ZwDeviceIoControlFile
-  - _strnicmp
-  - ZwFsControlFile
-  - _allmul
-  - ObfReferenceObject
-  - _allrem
-  - _stricmp
-  - strrchr
-  - KeQueryActiveProcessors
-  - KeTickCount
-  - KeBugCheckEx
-  - ZwCreateKey
-  - ZwQueryValueKey
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - mbstowcs
-  - ZwClose
-  - memset
-  - PsTerminateSystemThread
-  - ZwQueryInformationFile
-  - RtlUnwind
-  - KeRaiseIrqlToDpcLevel
-  - KfRaiseIrql
-  - KfLowerIrql
-  - KeGetCurrentIrql
-  - READ_PORT_ULONG
-  - WRITE_PORT_UCHAR
-  - READ_PORT_UCHAR
-  - READ_PORT_BUFFER_UCHAR
-  - KeStallExecutionProcessor
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=IT, ST=Padova, L=Rubano, O=TG Soft S.a.s. Di Tonello Gianfranco e
-        C., OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=TG Soft S.a.s.
-        Di Tonello Gianfranco e C.
-      ValidFrom: '2012-12-31 00:00:00'
-      ValidTo: '2016-02-29 23:59:59'
-      Signature: c7c9efc50350a4c32f6dacc513ba6ac9fe5fd749bd74dcb912bdc41655a751ecd628c0d94677c4bc71424ba27a3b82680532cb0fa85f6d7ae2a5a9b5a0f2c87059ce4c5c80c426bafe6fa0713e23787b5fe5274c659c221a58a376d27d9866a1843d21788bc53012b5af4b9a8787b5a6dd2d41498e60967e5248c6cc8b08ccafc5f39006f0597ae03b91f0aed26337f40550dc1fe4490df7258d2f0bdf0448d5a68c3bb8222007b91f9f83e4813edfb134738bfdd5c5cd9f8413b360231472ec5a22d32e7c6e15b127a34f84edea31ce625a0c87aaa07e31a14221dc51689e68e5a0e13bd563475134ee102e1a86788dc909dbdb4c7a370e0d418c8424e88a14
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 4cccaccf48f6d93fb37178d7fce6209c
-      Version: 3
-      TBS:
-        MD5: 1f0b47e6661a3261d4c982b2eb35b0ec
-        SHA1: 8320a06969446f33184f8a25a91942870a5a54d5
-        SHA256: 15e095f260d9ceca3f947817c1f53ddf687e32438d55a51be1b66785183e9840
-        SHA384: 184afc72b02ad7f852cdc9db26f294ce37ac12ec9ed3375d34acf6918a1662c0afd7d1cc39ecf1decc7e667645a3fc67
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 4cccaccf48f6d93fb37178d7fce6209c
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: fd47e50698bf05f04850340b52ac1853
-    SHA1: ee25f84fd5c60f82580743dfaab31e2e5e1fbe30
-    SHA256: 44490b82f96dcb06373c259b6532d209604916c484dccba49970a77732bd9906
-  Sections:
-    .text:
-      Entropy: 6.743205565471687
-      Virtual Size: '0xe1a3'
-    NonPaged:
-      Entropy: 6.721263787719743
-      Virtual Size: '0x7ad'
-    .rdata:
-      Entropy: 5.0998682627524055
-      Virtual Size: '0x5e4'
-    .data:
-      Entropy: 0.038694334699246394
-      Virtual Size: '0x408c'
-    INIT:
-      Entropy: 5.652792104683904
-      Virtual Size: '0xaa4'
-    .rsrc:
-      Entropy: 3.329379279728522
-      Virtual Size: '0x430'
-    .reloc:
-      Entropy: 6.290375726968473
-      Virtual Size: '0xfda'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2013-11-29 04:59:32'
-  Imphash: 3815f9107b799b863cd905178e6e07d0
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: viragt64.sys
-  MD5: 688a10e87af9bcf0e40277d927923a00
-  SHA1: 388819a7048179848425441c60b3a8390ad04a69
-  SHA256: 9b2f051ac901ab47d0012a1002cb8b2db28c14e9480c0dd55e1ac11c81ba9285
-  Authentihash:
-    MD5: 2a499183392f0d3835f957bbe6b538ba
-    SHA1: f8a9a8d7c704069d4fff9c26740115c1f4ba3499
-    SHA256: 605e0efa14fc8443dc43c2068f17e6f175369909d5f7f1c3730fb5fe062528e6
-  Description: VirIT Agent System
-  Company: TG Soft S.a.s.
-  InternalName: viragt.sys
-  OriginalFilename: viragt64.sys
-  FileVersion: 1, 0, 0, 4
-  Product: VirIT Agent System
-  ProductVersion: 1, 0, 0, 4
-  Copyright: Copyright (C) TG Soft S.a.s. 2011, 2013 - www.tgsoft.it
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - mbstowcs
-  - ExAllocatePoolWithTag
-  - KeSetTargetProcessorDpc
-  - ZwCreateKey
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - KeInitializeMutex
-  - RtlAnsiStringToUnicodeString
-  - ZwReadFile
-  - strstr
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - RtlInitAnsiString
-  - ZwSetValueKey
-  - _strupr
-  - KeInitializeDpc
-  - ZwQuerySystemInformation
-  - MmBuildMdlForNonPagedPool
-  - IoFreeMdl
-  - ZwSetInformationFile
-  - KeReleaseMutex
-  - KeDelayExecutionThread
-  - ZwCreateFile
-  - PsCreateSystemThread
-  - MmMapLockedPagesSpecifyCache
-  - ExSystemTimeToLocalTime
-  - ZwQueryValueKey
-  - PsTerminateSystemThread
-  - KeInsertQueueDpc
-  - ZwEnumerateValueKey
-  - ZwClose
-  - sprintf
-  - ObReferenceObjectByHandle
-  - KeWaitForSingleObject
-  - RtlTimeToTimeFields
-  - MmProbeAndLockPages
-  - ZwOpenProcess
-  - MmUnlockPages
-  - IoCreateSymbolicLink
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - ZwTerminateProcess
-  - KeNumberProcessors
-  - ZwQueryInformationFile
-  - MmIsNonPagedSystemAddressValid
-  - ZwWriteFile
-  - ZwDeleteKey
-  - RtlFormatCurrentUserKeyPath
-  - ZwEnumerateKey
-  - IoAllocateMdl
-  - ZwOpenKey
-  - ObOpenObjectByName
-  - swprintf
-  - RtlUnicodeStringToAnsiString
-  - ZwOpenDirectoryObject
-  - IoFileObjectType
-  - IoDriverObjectType
-  - ZwQueryDirectoryObject
-  - wcstombs
-  - KeQueryActiveProcessors
-  - KeBugCheckEx
-  - IofCompleteRequest
-  - ExQueueWorkItem
-  - __C_specific_handler
-  - __chkstk
-  - KeStallExecutionProcessor
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=IT, ST=Padova, L=Rubano, O=TG Soft S.a.s. Di Tonello Gianfranco e
-        C., OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=TG Soft S.a.s.
-        Di Tonello Gianfranco e C.
-      ValidFrom: '2012-12-31 00:00:00'
-      ValidTo: '2016-02-29 23:59:59'
-      Signature: c7c9efc50350a4c32f6dacc513ba6ac9fe5fd749bd74dcb912bdc41655a751ecd628c0d94677c4bc71424ba27a3b82680532cb0fa85f6d7ae2a5a9b5a0f2c87059ce4c5c80c426bafe6fa0713e23787b5fe5274c659c221a58a376d27d9866a1843d21788bc53012b5af4b9a8787b5a6dd2d41498e60967e5248c6cc8b08ccafc5f39006f0597ae03b91f0aed26337f40550dc1fe4490df7258d2f0bdf0448d5a68c3bb8222007b91f9f83e4813edfb134738bfdd5c5cd9f8413b360231472ec5a22d32e7c6e15b127a34f84edea31ce625a0c87aaa07e31a14221dc51689e68e5a0e13bd563475134ee102e1a86788dc909dbdb4c7a370e0d418c8424e88a14
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 4cccaccf48f6d93fb37178d7fce6209c
-      Version: 3
-      TBS:
-        MD5: 1f0b47e6661a3261d4c982b2eb35b0ec
-        SHA1: 8320a06969446f33184f8a25a91942870a5a54d5
-        SHA256: 15e095f260d9ceca3f947817c1f53ddf687e32438d55a51be1b66785183e9840
-        SHA384: 184afc72b02ad7f852cdc9db26f294ce37ac12ec9ed3375d34acf6918a1662c0afd7d1cc39ecf1decc7e667645a3fc67
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 4cccaccf48f6d93fb37178d7fce6209c
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: a93c261e407f22e8e9e11096ef7669a4
-    SHA1: 579ea1a06578ca54a9b86ccfa3c06b3be01831bf
-    SHA256: b566c96b0a5ca93fe5cdd066966b85657108a1cc6eadb0b683932c781d3a3510
-  Sections:
-    .text:
-      Entropy: 6.359719252023205
-      Virtual Size: '0xacfa'
-    .rdata:
-      Entropy: 5.002975701263856
-      Virtual Size: '0xbf4'
-    .data:
-      Entropy: 0.9258397206248276
-      Virtual Size: '0x3878'
-    .pdata:
-      Entropy: 4.3026349695848545
-      Virtual Size: '0x318'
-    INIT:
-      Entropy: 5.225312935704256
-      Virtual Size: '0x842'
-    .rsrc:
-      Entropy: 3.294410486328847
-      Virtual Size: '0x438'
-    .reloc:
-      Entropy: 2.4653384645476275
-      Virtual Size: '0x12e'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2013-01-23 01:42:36'
-  Imphash: 85fd19df117fbc21efbcb1d587063e12
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: viragt.sys
-  MD5: 3d5164e85d740bce0391e2b81d49d308
-  SHA1: 7ce978092fadbef44441a5f8dcb434df2464f193
-  SHA256: d0e25b879d830e4f867b09d6540a664b6f88bad353cd14494c33b31a8091f605
-  Authentihash:
-    MD5: fca297e7088250ac73298a7d623e1137
-    SHA1: d1d6535cd02ff50825941130fe992fcdc91c71cd
-    SHA256: 401ed2d2768707b5c47556774c119f989986a9e2fa88e1e2626f14e22b85e66b
-  Description: VirIT Agent System
-  Company: TG Soft S.a.s.
-  InternalName: viragt.sys
-  OriginalFilename: viragt.sys
-  FileVersion: 1, 60, 0, 0
-  Product: VirIT Agent System
-  ProductVersion: 1, 60, 0, 0
-  Copyright: Copyright (C) TG Soft S.a.s. 2006, 2011 - www.tgsoft.it
-  MachineType: I386
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - RtlInitAnsiString
-  - wcstombs
-  - ZwOpenKey
-  - ZwSetValueKey
-  - ZwDeleteKey
-  - RtlFormatCurrentUserKeyPath
-  - ZwEnumerateKey
-  - ZwEnumerateValueKey
-  - ZwCreateFile
-  - KeWaitForSingleObject
-  - IofCallDriver
-  - IoBuildSynchronousFsdRequest
-  - KeInitializeEvent
-  - ObfDereferenceObject
-  - IoGetRelatedDeviceObject
-  - ObReferenceObjectByHandle
-  - ZwReadFile
-  - ZwWriteFile
-  - ZwSetInformationFile
-  - ZwOpenProcess
-  - ZwTerminateProcess
-  - _strupr
-  - ZwQuerySystemInformation
-  - IoFreeMdl
-  - MmUnlockPages
-  - MmIsAddressValid
-  - MmProbeAndLockPages
-  - MmMapLockedPagesSpecifyCache
-  - MmBuildMdlForNonPagedPool
-  - IoAllocateMdl
-  - MmIsNonPagedSystemAddressValid
-  - IoGetCurrentProcess
-  - PsLookupProcessByProcessId
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - sprintf
-  - RtlTimeToTimeFields
-  - ExSystemTimeToLocalTime
-  - KeQuerySystemTime
-  - KeServiceDescriptorTable
-  - KeReleaseMutex
-  - KeDelayExecutionThread
-  - RtlAnsiStringToUnicodeString
-  - ExQueueWorkItem
-  - KeInsertQueueDpc
-  - KeSetTargetProcessorDpc
-  - KeInitializeDpc
-  - KeNumberProcessors
-  - IofCompleteRequest
-  - memcpy
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsCreateSystemThread
-  - KeInitializeMutex
-  - ObOpenObjectByName
-  - IoDriverObjectType
-  - ZwOpenDirectoryObject
-  - RtlUnicodeStringToAnsiString
-  - ZwQueryDirectoryObject
-  - DbgPrint
-  - IoFileObjectType
-  - swprintf
-  - IoFreeIrp
-  - MmUnmapLockedPages
-  - KeSetEvent
-  - MmLockPagableSectionByHandle
-  - MmLockPagableDataSection
-  - IoAllocateIrp
-  - _wcsnicmp
-  - RtlCompareMemory
-  - IoBuildDeviceIoControlRequest
-  - _alldiv
-  - wcsrchr
-  - ZwQueryVolumeInformationFile
-  - ZwDeviceIoControlFile
-  - _strnicmp
-  - ZwFsControlFile
-  - _allmul
-  - ObfReferenceObject
-  - _allrem
-  - _stricmp
-  - strrchr
-  - KeQueryActiveProcessors
-  - KeTickCount
-  - KeBugCheckEx
-  - ZwCreateKey
-  - ZwQueryValueKey
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - mbstowcs
-  - ZwClose
-  - memset
-  - PsTerminateSystemThread
-  - ZwQueryInformationFile
-  - RtlUnwind
-  - KeRaiseIrqlToDpcLevel
-  - KfRaiseIrql
-  - KfLowerIrql
-  - KeGetCurrentIrql
-  - READ_PORT_ULONG
-  - WRITE_PORT_UCHAR
-  - READ_PORT_UCHAR
-  - READ_PORT_BUFFER_UCHAR
-  - KeStallExecutionProcessor
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=IT, ST=Padova, L=Rubano, O=TG Soft S.a.s. Di Tonello Gianfranco e
-        C., OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=TG Soft S.a.s.
-        Di Tonello Gianfranco e C.
-      ValidFrom: '2010-01-15 00:00:00'
-      ValidTo: '2013-01-26 23:59:59'
-      Signature: 49acd6daead15fe8d7445a98d9c495f32e30c0bfe703acba889230d0e71911d319656ef50b2116f52fafc0e98010c27d23c59fc85bfd5a20c274a171279702f4c34435fe76b9746a39c64fd401aec55d0e1dedb33f6a8a4a35b3e4438ea30563562e3627df7abd77736982bd73966cd56b223a57e8cb3e709c316aa968eb8f9ef84560f0d68dc6e37ae179cca59e1ca21216cd04ac1f0913dbfb2ea258ebce38b3b329b2b9bd4dce4c6b568bebe1323e4622a0678ee5326540fbf0667684c9936eae2d879bb500e7f5684633e203cf5c9fcffad04ed7c712678d4209f32f280c1bf91b228a1d88a43f2b9cc0f68109b0ee81f935a87bfef1cf309fa7093a9c51
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 25008956fcdc548a3079b096ef96c928
-      Version: 3
-      TBS:
-        MD5: 3bab1e250b6b9f2257ee7e262dfbcb65
-        SHA1: f99ffe487f507ecaa1874aedf700f26529baed68
-        SHA256: 7273308094902ec5a0f89bcd6b8c487363c60ce6527c419dfa163e7f47c2f09d
-        SHA384: 55f33ea190b96f03dc48a54984dc6889f3b365e5f34e4bb80f4303ff60c8ad231226c5d45649a6091cbd96dfe735ad3a
-    Signer:
-    - SerialNumber: 25008956fcdc548a3079b096ef96c928
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 49e861e9b5ef11a45073189555706b16
-    SHA1: 8b4484b05b022e8e3e31fd31af8d0375babefd7e
-    SHA256: 79c8030870681fcb556c799112ac97f555ad4c5b81e30c73a57fb9090c2745dc
-  Sections:
-    .text:
-      Entropy: 6.7574464380724875
-      Virtual Size: '0xca37'
-    NonPaged:
-      Entropy: 6.719726825659327
-      Virtual Size: '0x7ad'
-    .rdata:
-      Entropy: 5.082272229315413
-      Virtual Size: '0x5d4'
-    .data:
-      Entropy: 0.05436146587565968
-      Virtual Size: '0x2c2c'
-    INIT:
-      Entropy: 5.658986288806626
-      Virtual Size: '0xa76'
-    .rsrc:
-      Entropy: 3.3172637315998217
-      Virtual Size: '0x430'
-    .reloc:
-      Entropy: 6.247994097967221
-      Virtual Size: '0xe18'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2011-12-29 10:38:08'
-  Imphash: 48e2ef3c2d32ecca62510d90e12b6632
-  LoadsDespiteHVCI: 'TRUE'
-- Filename: viragt.sys
-  MD5: 3ad7b36a584504b3c70b5f552ba33015
-  SHA1: d363011d6991219d7f152609164aba63c266b740
-  SHA256: e4eca7db365929ff7c5c785e2eab04ef8ec67ea9edcf7392f2b74eccd9449148
-  Authentihash:
-    MD5: bec44ba7f52a8c4700876db0c566d696
-    SHA1: 3854d0364d7379bcb7d59311823cadc3e34d1612
-    SHA256: 230fe99d425e870cc03383b195d5a8c0ef3d191baaa4104f6f4cdee4960c48fc
-  Description: VirIT Agent System
-  Company: TG Soft S.a.s.
-  InternalName: viragt.sys
-  OriginalFilename: viragt.sys
-  FileVersion: 1, 38, 0, 0
-  Product: VirIT Agent System
-  ProductVersion: 1, 38, 0, 0
-  Copyright: Copyright (C) TG Soft S.a.s. 2006, 2011 - www.tgsoft.it
-  MachineType: I386
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - RtlInitAnsiString
-  - wcstombs
-  - ZwOpenKey
-  - ZwSetValueKey
-  - ZwDeleteKey
-  - RtlFormatCurrentUserKeyPath
-  - ZwEnumerateKey
-  - ZwEnumerateValueKey
-  - ZwCreateFile
-  - KeWaitForSingleObject
-  - IofCallDriver
-  - IoBuildSynchronousFsdRequest
-  - KeInitializeEvent
-  - ObfDereferenceObject
-  - IoGetRelatedDeviceObject
-  - ObReferenceObjectByHandle
-  - ZwReadFile
-  - ZwWriteFile
-  - ZwSetInformationFile
-  - ZwOpenProcess
-  - ZwTerminateProcess
-  - _strupr
-  - ZwQuerySystemInformation
-  - IoFreeMdl
-  - MmUnlockPages
-  - MmIsAddressValid
-  - MmProbeAndLockPages
-  - MmMapLockedPagesSpecifyCache
-  - MmBuildMdlForNonPagedPool
-  - IoAllocateMdl
-  - MmIsNonPagedSystemAddressValid
-  - IoGetCurrentProcess
-  - PsLookupProcessByProcessId
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - sprintf
-  - RtlTimeToTimeFields
-  - ExSystemTimeToLocalTime
-  - KeQuerySystemTime
-  - KeServiceDescriptorTable
-  - KeReleaseMutex
-  - KeDelayExecutionThread
-  - RtlAnsiStringToUnicodeString
-  - ExQueueWorkItem
-  - KeInsertQueueDpc
-  - KeSetTargetProcessorDpc
-  - KeInitializeDpc
-  - KeNumberProcessors
-  - IofCompleteRequest
-  - memcpy
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsCreateSystemThread
-  - KeInitializeMutex
-  - ObOpenObjectByName
-  - IoDriverObjectType
-  - ZwOpenDirectoryObject
-  - RtlUnicodeStringToAnsiString
-  - ZwQueryDirectoryObject
-  - DbgPrint
-  - IoFileObjectType
-  - swprintf
-  - IoFreeIrp
-  - MmUnmapLockedPages
-  - KeSetEvent
-  - MmLockPagableSectionByHandle
-  - MmLockPagableDataSection
-  - IoAllocateIrp
-  - _wcsnicmp
-  - RtlCompareMemory
-  - IoBuildDeviceIoControlRequest
-  - _alldiv
-  - wcsrchr
-  - ZwQueryVolumeInformationFile
-  - ZwDeviceIoControlFile
-  - _strnicmp
-  - ZwFsControlFile
-  - _allmul
-  - ObfReferenceObject
-  - _allrem
-  - _stricmp
-  - strrchr
-  - KeQueryActiveProcessors
-  - KeTickCount
-  - KeBugCheckEx
-  - ZwCreateKey
-  - ZwQueryValueKey
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - mbstowcs
-  - ZwClose
-  - memset
-  - PsTerminateSystemThread
-  - ZwQueryInformationFile
-  - RtlUnwind
-  - KeRaiseIrqlToDpcLevel
-  - KfRaiseIrql
-  - KfLowerIrql
-  - KeGetCurrentIrql
-  - READ_PORT_ULONG
-  - WRITE_PORT_UCHAR
-  - READ_PORT_UCHAR
-  - READ_PORT_BUFFER_UCHAR
-  - KeStallExecutionProcessor
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=IT, ST=Padova, L=Rubano, O=TG Soft S.a.s. Di Tonello Gianfranco e
-        C., OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=TG Soft S.a.s.
-        Di Tonello Gianfranco e C.
-      ValidFrom: '2010-01-15 00:00:00'
-      ValidTo: '2013-01-26 23:59:59'
-      Signature: 49acd6daead15fe8d7445a98d9c495f32e30c0bfe703acba889230d0e71911d319656ef50b2116f52fafc0e98010c27d23c59fc85bfd5a20c274a171279702f4c34435fe76b9746a39c64fd401aec55d0e1dedb33f6a8a4a35b3e4438ea30563562e3627df7abd77736982bd73966cd56b223a57e8cb3e709c316aa968eb8f9ef84560f0d68dc6e37ae179cca59e1ca21216cd04ac1f0913dbfb2ea258ebce38b3b329b2b9bd4dce4c6b568bebe1323e4622a0678ee5326540fbf0667684c9936eae2d879bb500e7f5684633e203cf5c9fcffad04ed7c712678d4209f32f280c1bf91b228a1d88a43f2b9cc0f68109b0ee81f935a87bfef1cf309fa7093a9c51
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 25008956fcdc548a3079b096ef96c928
-      Version: 3
-      TBS:
-        MD5: 3bab1e250b6b9f2257ee7e262dfbcb65
-        SHA1: f99ffe487f507ecaa1874aedf700f26529baed68
-        SHA256: 7273308094902ec5a0f89bcd6b8c487363c60ce6527c419dfa163e7f47c2f09d
-        SHA384: 55f33ea190b96f03dc48a54984dc6889f3b365e5f34e4bb80f4303ff60c8ad231226c5d45649a6091cbd96dfe735ad3a
-    Signer:
-    - SerialNumber: 25008956fcdc548a3079b096ef96c928
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 49e861e9b5ef11a45073189555706b16
-    SHA1: 8b4484b05b022e8e3e31fd31af8d0375babefd7e
-    SHA256: 79c8030870681fcb556c799112ac97f555ad4c5b81e30c73a57fb9090c2745dc
-  Sections:
-    .text:
-      Entropy: 6.742992739782107
-      Virtual Size: '0xc377'
-    NonPaged:
-      Entropy: 6.721977941994172
-      Virtual Size: '0x7ad'
-    .rdata:
-      Entropy: 5.077510577226486
-      Virtual Size: '0x5d4'
-    .data:
-      Entropy: 0.05436146587565968
-      Virtual Size: '0x2c2c'
-    INIT:
-      Entropy: 5.644887759534148
-      Virtual Size: '0xa76'
-    .rsrc:
-      Entropy: 3.327760494753233
-      Virtual Size: '0x430'
-    .reloc:
-      Entropy: 6.239805134913373
-      Virtual Size: '0xe14'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2011-05-10 10:33:08'
-  Imphash: 48e2ef3c2d32ecca62510d90e12b6632
-  LoadsDespiteHVCI: 'TRUE'
-- Filename: viragt.sys
-  MD5: 08e06b839499cb4b752347399db41b57
-  SHA1: b53c360b35174bd89f97f681bf7c17f40e519eb6
-  SHA256: ef6d3c00f9d0aa31a218094480299ef73fc85146adf62fd0c2f4f88972c5c850
-  Authentihash:
-    MD5: d1d42d44e5fcfd9c0a148b0d85f911d0
-    SHA1: eb2d192b58a979cdb127fb81049ff19b07dbe45e
-    SHA256: b59ad4a1f71f8379c89fc3bc1d2827b0785bbb0192b43549034f24a133eea3a5
-  Description: VirIT Agent System
-  Company: TG Soft S.a.s.
-  InternalName: viragt.sys
-  OriginalFilename: viragt.sys
-  FileVersion: 1, 80, 0, 0
-  Product: VirIT Agent System
-  ProductVersion: 1, 80, 0, 0
-  Copyright: Copyright (C) TG Soft S.a.s. 2006, 2016 - www.tgsoft.it
-  MachineType: I386
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - RtlInitAnsiString
-  - wcstombs
-  - ZwOpenKey
-  - ZwSetValueKey
-  - ZwDeleteKey
-  - RtlFormatCurrentUserKeyPath
-  - ZwEnumerateKey
-  - ZwEnumerateValueKey
-  - ZwCreateFile
-  - KeWaitForSingleObject
-  - IofCallDriver
-  - IoBuildSynchronousFsdRequest
-  - KeInitializeEvent
-  - ObfDereferenceObject
-  - IoGetRelatedDeviceObject
-  - ObReferenceObjectByHandle
-  - ZwReadFile
-  - ZwWriteFile
-  - ZwSetInformationFile
-  - ZwOpenProcess
-  - ZwTerminateProcess
-  - _strupr
-  - ZwQuerySystemInformation
-  - IoFreeMdl
-  - MmUnlockPages
-  - MmIsAddressValid
-  - MmProbeAndLockPages
-  - MmMapLockedPagesSpecifyCache
-  - MmBuildMdlForNonPagedPool
-  - IoAllocateMdl
-  - MmIsNonPagedSystemAddressValid
-  - IoGetCurrentProcess
-  - PsLookupProcessByProcessId
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - sprintf
-  - RtlTimeToTimeFields
-  - ExSystemTimeToLocalTime
-  - KeQuerySystemTime
-  - strstr
-  - KeServiceDescriptorTable
-  - KeReleaseMutex
-  - KeDelayExecutionThread
-  - RtlAnsiStringToUnicodeString
-  - ExQueueWorkItem
-  - KeInsertQueueDpc
-  - KeSetTargetProcessorDpc
-  - KeInitializeDpc
-  - KeNumberProcessors
-  - IofCompleteRequest
-  - PsCreateSystemThread
-  - memcpy
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeInitializeMutex
-  - RtlUnicodeStringToAnsiString
-  - IoGetDeviceObjectPointer
-  - ObOpenObjectByName
-  - IoDriverObjectType
-  - ZwOpenDirectoryObject
-  - ZwQueryDirectoryObject
-  - IoFileObjectType
-  - swprintf
-  - DbgPrint
-  - IoFreeIrp
-  - MmUnmapLockedPages
-  - KeSetEvent
-  - MmLockPagableSectionByHandle
-  - MmLockPagableDataSection
-  - IoAllocateIrp
-  - _wcsnicmp
-  - RtlCompareMemory
-  - IoBuildDeviceIoControlRequest
-  - _alldiv
-  - wcsrchr
-  - ZwQueryVolumeInformationFile
-  - ZwDeviceIoControlFile
-  - _strnicmp
-  - ZwFsControlFile
-  - _allmul
-  - ObfReferenceObject
-  - _allrem
-  - _stricmp
-  - strrchr
-  - KeQueryActiveProcessors
-  - KeTickCount
-  - KeBugCheckEx
-  - ZwCreateKey
-  - ZwQueryValueKey
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - mbstowcs
-  - ZwClose
-  - memset
-  - PsTerminateSystemThread
-  - ZwQueryInformationFile
-  - RtlUnwind
-  - KeRaiseIrqlToDpcLevel
-  - KfRaiseIrql
-  - KfLowerIrql
-  - KeGetCurrentIrql
-  - READ_PORT_ULONG
-  - WRITE_PORT_UCHAR
-  - READ_PORT_UCHAR
-  - READ_PORT_BUFFER_UCHAR
-  - KeStallExecutionProcessor
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=IT, ST=Padova, L=Rubano, O=TG Soft S.a.s. Di Tonello Gianfranco e
-        C., CN=TG Soft S.a.s. Di Tonello Gianfranco e C.
-      ValidFrom: '2016-01-20 00:00:00'
-      ValidTo: '2019-03-11 23:59:59'
-      Signature: 629f1e9a0f9ce5d38b9d6a8dd11af5b17d415d1891039677a3bc1ead43fdf569a403413d461fcfd48f76688244a7a7115e5408682f43319e9526d6dce0fd8ec4a0599331dc94ed2bb68aca4d58e63472587d17cea864ff3cf9ce209f122d904dfafb0db7cab4648b5b903922150f153a527764236b0222d9c1d51ff9631b87fba8b7b079b2ec5839af1be2c721dcebfa5dba429157f785d3a4929c785422ea5d2dacdc68dd1b3ca98c81aba0d7e232fefa7065e861fe51480983ed865dad87663c3a8c505c047ac1b6983917657497403bd7d0df0c71860aa2bec36b1954b1d2dc987e20e71c193f1e59a627c8d6a345b8f7e9b21f0841636672190217727209
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 7380a219373c43f82746ddf3ed55eaea
-      Version: 3
-      TBS:
-        MD5: 7ce1cf724ff7a2f7a8a062ec56732b01
-        SHA1: 744e935b56e4974671931f3cbf233d10e95f63bc
-        SHA256: f091c42ab9e8f450b435dfb1e09109137a0b578737cd49d1f5a1259b5ed44d8c
-        SHA384: d7b3f6cd2bb4fa23da07031f240e9e7195f211d2a96f3d6aa24c9eb67781ec0418b45024538a7235d0e336b2d47fbc07
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 7380a219373c43f82746ddf3ed55eaea
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: fd47e50698bf05f04850340b52ac1853
-    SHA1: ee25f84fd5c60f82580743dfaab31e2e5e1fbe30
-    SHA256: 44490b82f96dcb06373c259b6532d209604916c484dccba49970a77732bd9906
-  Sections:
-    .text:
-      Entropy: 6.775686647068779
-      Virtual Size: '0xf949'
-    NonPaged:
-      Entropy: 6.7142510976055005
-      Virtual Size: '0x7ad'
-    .rdata:
-      Entropy: 5.026653618294461
-      Virtual Size: '0x5e4'
-    .data:
-      Entropy: 0.03841873461812914
-      Virtual Size: '0x4110'
-    INIT:
-      Entropy: 5.5783216010211705
-      Virtual Size: '0xaa4'
-    .rsrc:
-      Entropy: 3.315762201306504
-      Virtual Size: '0x430'
-    .reloc:
-      Entropy: 6.404375411917709
-      Virtual Size: '0x12a4'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2016-09-07 02:16:07'
-  Imphash: 3815f9107b799b863cd905178e6e07d0
-  LoadsDespiteHVCI: 'FALSE'
-Tags:
-- viragt64.sys
+-   Filename: viragt64.sys
+    MD5: 779af226b7b72ff9d78ce1f03d4a3389
+    SHA1: 9eef72e0c4d5055f6ae5fe49f7f812de29afbf37
+    SHA256: 18deed37f60b6aa8634dda2565a0485452487d7bce88afb49301a7352db4e506
+    Authentihash:
+        MD5: 835b8a268127c12be0ebcdd13eae3f16
+        SHA1: 40082d350533c99578bdabfcaf03afe52c83d4a8
+        SHA256: 5f353fc46843155b6b63e75994f5328b9d4344654d5759a5145cd6e64babe3de
+    Description: VirIT Agent System
+    Company: TG Soft S.a.s.
+    InternalName: viragt.sys
+    OriginalFilename: viragt64.sys
+    FileVersion: 1, 0, 0, 0
+    Product: VirIT Agent System
+    ProductVersion: 1, 0, 0, 0
+    Copyright: Copyright (C) TG Soft S.a.s. 2011, 2012 - www.tgsoft.it
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - mbstowcs
+    - ExAllocatePoolWithTag
+    - KeSetTargetProcessorDpc
+    - ZwCreateKey
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - KeInitializeMutex
+    - RtlAnsiStringToUnicodeString
+    - ZwReadFile
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - RtlInitAnsiString
+    - ZwSetValueKey
+    - _strupr
+    - KeInitializeDpc
+    - ZwQuerySystemInformation
+    - MmBuildMdlForNonPagedPool
+    - IoFreeMdl
+    - ZwSetInformationFile
+    - KeReleaseMutex
+    - KeDelayExecutionThread
+    - ZwCreateFile
+    - PsCreateSystemThread
+    - MmMapLockedPagesSpecifyCache
+    - ExSystemTimeToLocalTime
+    - ZwQueryValueKey
+    - PsTerminateSystemThread
+    - KeInsertQueueDpc
+    - ZwEnumerateValueKey
+    - ZwClose
+    - sprintf
+    - ObReferenceObjectByHandle
+    - KeWaitForSingleObject
+    - RtlTimeToTimeFields
+    - MmProbeAndLockPages
+    - ZwOpenProcess
+    - MmUnlockPages
+    - IoCreateSymbolicLink
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - ZwTerminateProcess
+    - wcstombs
+    - KeNumberProcessors
+    - ZwQueryInformationFile
+    - MmIsNonPagedSystemAddressValid
+    - ZwWriteFile
+    - ZwDeleteKey
+    - RtlFormatCurrentUserKeyPath
+    - ZwEnumerateKey
+    - IoAllocateMdl
+    - ZwOpenKey
+    - ObOpenObjectByName
+    - swprintf
+    - RtlUnicodeStringToAnsiString
+    - ZwOpenDirectoryObject
+    - IoFileObjectType
+    - IoDriverObjectType
+    - ZwQueryDirectoryObject
+    - KeQueryActiveProcessors
+    - KeBugCheckEx
+    - IofCompleteRequest
+    - ExQueueWorkItem
+    - __C_specific_handler
+    - __chkstk
+    - KeStallExecutionProcessor
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G3
+            ValidFrom: '2012-05-01 00:00:00'
+            ValidTo: '2012-12-31 23:59:59'
+            Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
+            Version: 3
+            TBS:
+                MD5: e6d820afb23af20a65cf0b03247ea05e
+                SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
+                SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
+                SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=IT, ST=Padova, L=Rubano, O=TG Soft S.a.s. Di Tonello Gianfranco
+                e C., OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=TG
+                Soft S.a.s. Di Tonello Gianfranco e C.
+            ValidFrom: '2010-01-15 00:00:00'
+            ValidTo: '2013-01-26 23:59:59'
+            Signature: 49acd6daead15fe8d7445a98d9c495f32e30c0bfe703acba889230d0e71911d319656ef50b2116f52fafc0e98010c27d23c59fc85bfd5a20c274a171279702f4c34435fe76b9746a39c64fd401aec55d0e1dedb33f6a8a4a35b3e4438ea30563562e3627df7abd77736982bd73966cd56b223a57e8cb3e709c316aa968eb8f9ef84560f0d68dc6e37ae179cca59e1ca21216cd04ac1f0913dbfb2ea258ebce38b3b329b2b9bd4dce4c6b568bebe1323e4622a0678ee5326540fbf0667684c9936eae2d879bb500e7f5684633e203cf5c9fcffad04ed7c712678d4209f32f280c1bf91b228a1d88a43f2b9cc0f68109b0ee81f935a87bfef1cf309fa7093a9c51
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 25008956fcdc548a3079b096ef96c928
+            Version: 3
+            TBS:
+                MD5: 3bab1e250b6b9f2257ee7e262dfbcb65
+                SHA1: f99ffe487f507ecaa1874aedf700f26529baed68
+                SHA256: 7273308094902ec5a0f89bcd6b8c487363c60ce6527c419dfa163e7f47c2f09d
+                SHA384: 55f33ea190b96f03dc48a54984dc6889f3b365e5f34e4bb80f4303ff60c8ad231226c5d45649a6091cbd96dfe735ad3a
+        Signer:
+        -   SerialNumber: 25008956fcdc548a3079b096ef96c928
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 5c2da98d3c7d93dc28810b2002ce0d6e
+        SHA1: 7f456a9479c32703788bae3343a1033564eaea02
+        SHA256: c02480322b0c662ee9626946cdcb09d460738355c470505d294deb2a34c6b62b
+    Sections:
+        .text:
+            Entropy: 6.358217634774591
+            Virtual Size: '0xa40a'
+        .rdata:
+            Entropy: 4.938894324300715
+            Virtual Size: '0xbbc'
+        .data:
+            Entropy: 0.9258397206248276
+            Virtual Size: '0x2e78'
+        .pdata:
+            Entropy: 4.328762906209764
+            Virtual Size: '0x300'
+        INIT:
+            Entropy: 5.215013023190219
+            Virtual Size: '0x830'
+        .rsrc:
+            Entropy: 3.277844539512829
+            Virtual Size: '0x438'
+        .reloc:
+            Entropy: 2.539629799045108
+            Virtual Size: '0x124'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2012-08-23 01:57:10'
+    Imphash: 22a9d7a42282b48c566b4423363d3a3e
+    LoadsDespiteHVCI: 'TRUE'
+-   Filename: viragt.sys
+    MD5: 25ebe6f757129adbe78ec312a5f1800b
+    SHA1: d17656f11b899d58dca7b6c3dd6eef3d65ae88e2
+    SHA256: 263e8f1e20612849aea95272da85773f577fd962a7a6d525b53f43407aa7ad24
+    Authentihash:
+        MD5: 78428144608ab49b0508197849200ab0
+        SHA1: eb528a7bc5b0d9efe5872e16f42420291c6df07f
+        SHA256: 04f771d72a812fe9dd6bced402b36b081c80bd3397fdd66dbaa44906ac088159
+    Description: VirIT Agent System
+    Company: TG Soft S.a.s.
+    InternalName: viragt.sys
+    OriginalFilename: viragt.sys
+    FileVersion: 1.25.0.0
+    Product: VirIT Agent System
+    ProductVersion: 1.25.0.0
+    Copyright: Copyright (C) TG Soft S.a.s. 2006, 2010 - www.tgsoft.it
+    MachineType: I386
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - ZwCreateKey
+    - RtlAnsiStringToUnicodeString
+    - RtlInitAnsiString
+    - wcstombs
+    - ZwOpenKey
+    - ZwSetValueKey
+    - ZwDeleteKey
+    - RtlFormatCurrentUserKeyPath
+    - ZwEnumerateKey
+    - ZwEnumerateValueKey
+    - ZwCreateFile
+    - KeWaitForSingleObject
+    - ObfDereferenceObject
+    - ObReferenceObjectByHandle
+    - ZwReadFile
+    - ZwWriteFile
+    - ZwSetInformationFile
+    - ZwOpenProcess
+    - ZwTerminateProcess
+    - _strupr
+    - ZwQuerySystemInformation
+    - IoFreeMdl
+    - MmUnlockPages
+    - MmIsAddressValid
+    - MmProbeAndLockPages
+    - MmMapLockedPagesSpecifyCache
+    - MmBuildMdlForNonPagedPool
+    - IoAllocateMdl
+    - MmIsNonPagedSystemAddressValid
+    - IoGetCurrentProcess
+    - PsLookupProcessByProcessId
+    - IoDeleteDevice
+    - ZwQueryValueKey
+    - RtlInitUnicodeString
+    - sprintf
+    - RtlTimeToTimeFields
+    - ExSystemTimeToLocalTime
+    - KeQuerySystemTime
+    - KeServiceDescriptorTable
+    - KeReleaseMutex
+    - KeDelayExecutionThread
+    - PsTerminateSystemThread
+    - ExQueueWorkItem
+    - KeInsertQueueDpc
+    - KeSetTargetProcessorDpc
+    - KeInitializeDpc
+    - KeNumberProcessors
+    - IofCompleteRequest
+    - memcpy
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsCreateSystemThread
+    - KeInitializeMutex
+    - ObOpenObjectByName
+    - IoDriverObjectType
+    - ZwOpenDirectoryObject
+    - RtlUnicodeStringToAnsiString
+    - ZwQueryDirectoryObject
+    - KeTickCount
+    - KeBugCheckEx
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - mbstowcs
+    - ZwClose
+    - memset
+    - IoDeleteSymbolicLink
+    - ZwQueryInformationFile
+    - RtlUnwind
+    - KfLowerIrql
+    - KeGetCurrentIrql
+    - READ_PORT_ULONG
+    - WRITE_PORT_UCHAR
+    - READ_PORT_UCHAR
+    - READ_PORT_BUFFER_UCHAR
+    - KfRaiseIrql
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=IT, ST=Padova, L=Rubano, O=TG Soft S.a.s. Di Tonello Gianfranco
+                e C., OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=TG
+                Soft S.a.s. Di Tonello Gianfranco e C.
+            ValidFrom: '2010-01-15 00:00:00'
+            ValidTo: '2013-01-26 23:59:59'
+            Signature: 49acd6daead15fe8d7445a98d9c495f32e30c0bfe703acba889230d0e71911d319656ef50b2116f52fafc0e98010c27d23c59fc85bfd5a20c274a171279702f4c34435fe76b9746a39c64fd401aec55d0e1dedb33f6a8a4a35b3e4438ea30563562e3627df7abd77736982bd73966cd56b223a57e8cb3e709c316aa968eb8f9ef84560f0d68dc6e37ae179cca59e1ca21216cd04ac1f0913dbfb2ea258ebce38b3b329b2b9bd4dce4c6b568bebe1323e4622a0678ee5326540fbf0667684c9936eae2d879bb500e7f5684633e203cf5c9fcffad04ed7c712678d4209f32f280c1bf91b228a1d88a43f2b9cc0f68109b0ee81f935a87bfef1cf309fa7093a9c51
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 25008956fcdc548a3079b096ef96c928
+            Version: 3
+            TBS:
+                MD5: 3bab1e250b6b9f2257ee7e262dfbcb65
+                SHA1: f99ffe487f507ecaa1874aedf700f26529baed68
+                SHA256: 7273308094902ec5a0f89bcd6b8c487363c60ce6527c419dfa163e7f47c2f09d
+                SHA384: 55f33ea190b96f03dc48a54984dc6889f3b365e5f34e4bb80f4303ff60c8ad231226c5d45649a6091cbd96dfe735ad3a
+        Signer:
+        -   SerialNumber: 25008956fcdc548a3079b096ef96c928
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 83156fdf8815d162dca182f334360c2c
+        SHA1: 1d222f1dcccbe673cd1f14eb1305f4f8ee5187c9
+        SHA256: 7c182ba80bba313816b3138a0ad8b3e06306bdf22d80874913b0e75514bb9099
+    Sections:
+        .text:
+            Entropy: 6.614398650577266
+            Virtual Size: '0x6e3c'
+        .rdata:
+            Entropy: 4.918649218922101
+            Virtual Size: '0x564'
+        .data:
+            Entropy: 0.055433058128354515
+            Virtual Size: '0x2a0c'
+        INIT:
+            Entropy: 5.537679642862586
+            Virtual Size: '0x7be'
+        .rsrc:
+            Entropy: 3.294627465002607
+            Virtual Size: '0x428'
+        .reloc:
+            Entropy: 6.064753530375784
+            Virtual Size: '0xad0'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2010-11-30 01:59:42'
+    Imphash: f079f8637a1d4fe2fb93af2a267b68ef
+    LoadsDespiteHVCI: 'TRUE'
+-   Filename: viragt.sys
+    MD5: 650f6531db6fb0ed25d7fc70be35a4da
+    SHA1: 7ee675f0106e36d9159c5507b96c3237fb9348cd
+    SHA256: 2a6212f3b68a6f263e96420b3607b31cfdfe51afff516f3c87d27bf8a89721e8
+    Authentihash:
+        MD5: fbbb02331ba15c59930554299f14b793
+        SHA1: 2c300726f3806b6d077fe58ae8d2b257d654a700
+        SHA256: f78e06f649bc0d88770c5465d7792abeb27631ec0ce9a0fa68698b94ebf2cf49
+    Description: VirIT Agent System
+    Company: TG Soft S.a.s.
+    InternalName: viragt.sys
+    OriginalFilename: viragt.sys
+    FileVersion: 1, 65, 0, 0
+    Product: VirIT Agent System
+    ProductVersion: 1, 65, 0, 0
+    Copyright: Copyright (C) TG Soft S.a.s. 2006, 2012 - www.tgsoft.it
+    MachineType: I386
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - RtlInitAnsiString
+    - wcstombs
+    - ZwOpenKey
+    - ZwSetValueKey
+    - ZwDeleteKey
+    - RtlFormatCurrentUserKeyPath
+    - ZwEnumerateKey
+    - ZwEnumerateValueKey
+    - ZwCreateFile
+    - KeWaitForSingleObject
+    - IofCallDriver
+    - IoBuildSynchronousFsdRequest
+    - KeInitializeEvent
+    - ObfDereferenceObject
+    - IoGetRelatedDeviceObject
+    - ObReferenceObjectByHandle
+    - ZwReadFile
+    - ZwWriteFile
+    - ZwSetInformationFile
+    - ZwOpenProcess
+    - ZwTerminateProcess
+    - _strupr
+    - ZwQuerySystemInformation
+    - IoFreeMdl
+    - MmUnlockPages
+    - MmIsAddressValid
+    - MmProbeAndLockPages
+    - MmMapLockedPagesSpecifyCache
+    - MmBuildMdlForNonPagedPool
+    - IoAllocateMdl
+    - MmIsNonPagedSystemAddressValid
+    - IoGetCurrentProcess
+    - PsLookupProcessByProcessId
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - sprintf
+    - RtlTimeToTimeFields
+    - ExSystemTimeToLocalTime
+    - KeQuerySystemTime
+    - KeServiceDescriptorTable
+    - KeReleaseMutex
+    - KeDelayExecutionThread
+    - RtlAnsiStringToUnicodeString
+    - ExQueueWorkItem
+    - KeInsertQueueDpc
+    - KeSetTargetProcessorDpc
+    - KeInitializeDpc
+    - KeNumberProcessors
+    - IofCompleteRequest
+    - memcpy
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsCreateSystemThread
+    - KeInitializeMutex
+    - ObOpenObjectByName
+    - IoDriverObjectType
+    - ZwOpenDirectoryObject
+    - RtlUnicodeStringToAnsiString
+    - ZwQueryDirectoryObject
+    - IoFileObjectType
+    - swprintf
+    - DbgPrint
+    - IoFreeIrp
+    - MmUnmapLockedPages
+    - KeSetEvent
+    - MmLockPagableSectionByHandle
+    - MmLockPagableDataSection
+    - IoAllocateIrp
+    - _wcsnicmp
+    - RtlCompareMemory
+    - IoBuildDeviceIoControlRequest
+    - _alldiv
+    - wcsrchr
+    - ZwQueryVolumeInformationFile
+    - ZwDeviceIoControlFile
+    - _strnicmp
+    - ZwFsControlFile
+    - _allmul
+    - ObfReferenceObject
+    - _allrem
+    - _stricmp
+    - strrchr
+    - KeQueryActiveProcessors
+    - KeTickCount
+    - KeBugCheckEx
+    - ZwCreateKey
+    - ZwQueryValueKey
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - mbstowcs
+    - ZwClose
+    - memset
+    - PsTerminateSystemThread
+    - ZwQueryInformationFile
+    - RtlUnwind
+    - KeRaiseIrqlToDpcLevel
+    - KfRaiseIrql
+    - KfLowerIrql
+    - KeGetCurrentIrql
+    - READ_PORT_ULONG
+    - WRITE_PORT_UCHAR
+    - READ_PORT_UCHAR
+    - READ_PORT_BUFFER_UCHAR
+    - KeStallExecutionProcessor
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G3
+            ValidFrom: '2012-05-01 00:00:00'
+            ValidTo: '2012-12-31 23:59:59'
+            Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
+            Version: 3
+            TBS:
+                MD5: e6d820afb23af20a65cf0b03247ea05e
+                SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
+                SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
+                SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=IT, ST=Padova, L=Rubano, O=TG Soft S.a.s. Di Tonello Gianfranco
+                e C., OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=TG
+                Soft S.a.s. Di Tonello Gianfranco e C.
+            ValidFrom: '2010-01-15 00:00:00'
+            ValidTo: '2013-01-26 23:59:59'
+            Signature: 49acd6daead15fe8d7445a98d9c495f32e30c0bfe703acba889230d0e71911d319656ef50b2116f52fafc0e98010c27d23c59fc85bfd5a20c274a171279702f4c34435fe76b9746a39c64fd401aec55d0e1dedb33f6a8a4a35b3e4438ea30563562e3627df7abd77736982bd73966cd56b223a57e8cb3e709c316aa968eb8f9ef84560f0d68dc6e37ae179cca59e1ca21216cd04ac1f0913dbfb2ea258ebce38b3b329b2b9bd4dce4c6b568bebe1323e4622a0678ee5326540fbf0667684c9936eae2d879bb500e7f5684633e203cf5c9fcffad04ed7c712678d4209f32f280c1bf91b228a1d88a43f2b9cc0f68109b0ee81f935a87bfef1cf309fa7093a9c51
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 25008956fcdc548a3079b096ef96c928
+            Version: 3
+            TBS:
+                MD5: 3bab1e250b6b9f2257ee7e262dfbcb65
+                SHA1: f99ffe487f507ecaa1874aedf700f26529baed68
+                SHA256: 7273308094902ec5a0f89bcd6b8c487363c60ce6527c419dfa163e7f47c2f09d
+                SHA384: 55f33ea190b96f03dc48a54984dc6889f3b365e5f34e4bb80f4303ff60c8ad231226c5d45649a6091cbd96dfe735ad3a
+        Signer:
+        -   SerialNumber: 25008956fcdc548a3079b096ef96c928
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 49e861e9b5ef11a45073189555706b16
+        SHA1: 8b4484b05b022e8e3e31fd31af8d0375babefd7e
+        SHA256: 79c8030870681fcb556c799112ac97f555ad4c5b81e30c73a57fb9090c2745dc
+    Sections:
+        .text:
+            Entropy: 6.74718533044259
+            Virtual Size: '0xd44d'
+        NonPaged:
+            Entropy: 6.7226298853008695
+            Virtual Size: '0x7ad'
+        .rdata:
+            Entropy: 5.073235232857102
+            Virtual Size: '0x5d4'
+        .data:
+            Entropy: 0.05436146587565968
+            Virtual Size: '0x2c2c'
+        INIT:
+            Entropy: 5.659367301217331
+            Virtual Size: '0xa76'
+        .rsrc:
+            Entropy: 3.3244864509059133
+            Virtual Size: '0x430'
+        .reloc:
+            Entropy: 6.2771882804364765
+            Virtual Size: '0xedc'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2012-07-30 09:03:12'
+    Imphash: 80ae2342fd6c7f5e1c642918e33dafb1
+    LoadsDespiteHVCI: 'TRUE'
+-   Filename: viragt.sys
+    MD5: 3467b0d996251dc56a72fc51a536dd6b
+    SHA1: ca33c88cd74e00ece898dca32a24bdfcacc3f756
+    SHA256: 2b4c7d3820fe08400a7791e2556132b902a9bbadc1942de57077ecb9d21bf47a
+    Authentihash:
+        MD5: e39802ea77fa83f1939a50985f9036c0
+        SHA1: 070c6795aa64c2bce7867e280016fb1d2af86dca
+        SHA256: ac42c7b1d9feccd48c305698942186d580b7bfd047bb73dbf028f3fed7aa24ad
+    Description: VirIT Agent System
+    Company: TG Soft S.a.s.
+    InternalName: viragt.sys
+    OriginalFilename: viragt.sys
+    FileVersion: 1, 74, 0, 0
+    Product: VirIT Agent System
+    ProductVersion: 1, 74, 0, 0
+    Copyright: Copyright (C) TG Soft S.a.s. 2006, 2013 - www.tgsoft.it
+    MachineType: I386
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - RtlInitAnsiString
+    - wcstombs
+    - ZwOpenKey
+    - ZwSetValueKey
+    - ZwDeleteKey
+    - RtlFormatCurrentUserKeyPath
+    - ZwEnumerateKey
+    - ZwEnumerateValueKey
+    - ZwCreateFile
+    - KeWaitForSingleObject
+    - IofCallDriver
+    - IoBuildSynchronousFsdRequest
+    - KeInitializeEvent
+    - ObfDereferenceObject
+    - IoGetRelatedDeviceObject
+    - ObReferenceObjectByHandle
+    - ZwReadFile
+    - ZwWriteFile
+    - ZwSetInformationFile
+    - ZwOpenProcess
+    - ZwTerminateProcess
+    - _strupr
+    - ZwQuerySystemInformation
+    - IoFreeMdl
+    - MmUnlockPages
+    - MmIsAddressValid
+    - MmProbeAndLockPages
+    - MmMapLockedPagesSpecifyCache
+    - MmBuildMdlForNonPagedPool
+    - IoAllocateMdl
+    - MmIsNonPagedSystemAddressValid
+    - IoGetCurrentProcess
+    - PsLookupProcessByProcessId
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - sprintf
+    - RtlTimeToTimeFields
+    - ExSystemTimeToLocalTime
+    - KeQuerySystemTime
+    - strstr
+    - KeServiceDescriptorTable
+    - KeReleaseMutex
+    - KeDelayExecutionThread
+    - RtlAnsiStringToUnicodeString
+    - ExQueueWorkItem
+    - KeInsertQueueDpc
+    - KeSetTargetProcessorDpc
+    - KeInitializeDpc
+    - KeNumberProcessors
+    - IofCompleteRequest
+    - PsCreateSystemThread
+    - memcpy
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeInitializeMutex
+    - RtlUnicodeStringToAnsiString
+    - IoGetDeviceObjectPointer
+    - ObOpenObjectByName
+    - IoDriverObjectType
+    - ZwOpenDirectoryObject
+    - ZwQueryDirectoryObject
+    - IoFileObjectType
+    - swprintf
+    - DbgPrint
+    - IoFreeIrp
+    - MmUnmapLockedPages
+    - KeSetEvent
+    - MmLockPagableSectionByHandle
+    - MmLockPagableDataSection
+    - IoAllocateIrp
+    - _wcsnicmp
+    - RtlCompareMemory
+    - IoBuildDeviceIoControlRequest
+    - _alldiv
+    - wcsrchr
+    - ZwQueryVolumeInformationFile
+    - ZwDeviceIoControlFile
+    - _strnicmp
+    - ZwFsControlFile
+    - _allmul
+    - ObfReferenceObject
+    - _allrem
+    - _stricmp
+    - strrchr
+    - KeQueryActiveProcessors
+    - KeTickCount
+    - KeBugCheckEx
+    - ZwCreateKey
+    - ZwQueryValueKey
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - mbstowcs
+    - ZwClose
+    - memset
+    - PsTerminateSystemThread
+    - ZwQueryInformationFile
+    - RtlUnwind
+    - KeRaiseIrqlToDpcLevel
+    - KfRaiseIrql
+    - KfLowerIrql
+    - KeGetCurrentIrql
+    - READ_PORT_ULONG
+    - WRITE_PORT_UCHAR
+    - READ_PORT_UCHAR
+    - READ_PORT_BUFFER_UCHAR
+    - KeStallExecutionProcessor
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=IT, ST=Padova, L=Rubano, O=TG Soft S.a.s. Di Tonello Gianfranco
+                e C., OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=TG
+                Soft S.a.s. Di Tonello Gianfranco e C.
+            ValidFrom: '2012-12-31 00:00:00'
+            ValidTo: '2016-02-29 23:59:59'
+            Signature: c7c9efc50350a4c32f6dacc513ba6ac9fe5fd749bd74dcb912bdc41655a751ecd628c0d94677c4bc71424ba27a3b82680532cb0fa85f6d7ae2a5a9b5a0f2c87059ce4c5c80c426bafe6fa0713e23787b5fe5274c659c221a58a376d27d9866a1843d21788bc53012b5af4b9a8787b5a6dd2d41498e60967e5248c6cc8b08ccafc5f39006f0597ae03b91f0aed26337f40550dc1fe4490df7258d2f0bdf0448d5a68c3bb8222007b91f9f83e4813edfb134738bfdd5c5cd9f8413b360231472ec5a22d32e7c6e15b127a34f84edea31ce625a0c87aaa07e31a14221dc51689e68e5a0e13bd563475134ee102e1a86788dc909dbdb4c7a370e0d418c8424e88a14
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 4cccaccf48f6d93fb37178d7fce6209c
+            Version: 3
+            TBS:
+                MD5: 1f0b47e6661a3261d4c982b2eb35b0ec
+                SHA1: 8320a06969446f33184f8a25a91942870a5a54d5
+                SHA256: 15e095f260d9ceca3f947817c1f53ddf687e32438d55a51be1b66785183e9840
+                SHA384: 184afc72b02ad7f852cdc9db26f294ce37ac12ec9ed3375d34acf6918a1662c0afd7d1cc39ecf1decc7e667645a3fc67
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 4cccaccf48f6d93fb37178d7fce6209c
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: fd47e50698bf05f04850340b52ac1853
+        SHA1: ee25f84fd5c60f82580743dfaab31e2e5e1fbe30
+        SHA256: 44490b82f96dcb06373c259b6532d209604916c484dccba49970a77732bd9906
+    Sections:
+        .text:
+            Entropy: 6.743205565471687
+            Virtual Size: '0xe1a3'
+        NonPaged:
+            Entropy: 6.721263787719743
+            Virtual Size: '0x7ad'
+        .rdata:
+            Entropy: 5.0998682627524055
+            Virtual Size: '0x5e4'
+        .data:
+            Entropy: 0.038694334699246394
+            Virtual Size: '0x408c'
+        INIT:
+            Entropy: 5.652792104683904
+            Virtual Size: '0xaa4'
+        .rsrc:
+            Entropy: 3.329379279728522
+            Virtual Size: '0x430'
+        .reloc:
+            Entropy: 6.290375726968473
+            Virtual Size: '0xfda'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2013-11-29 04:59:32'
+    Imphash: 3815f9107b799b863cd905178e6e07d0
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: viragt64.sys
+    MD5: 688a10e87af9bcf0e40277d927923a00
+    SHA1: 388819a7048179848425441c60b3a8390ad04a69
+    SHA256: 9b2f051ac901ab47d0012a1002cb8b2db28c14e9480c0dd55e1ac11c81ba9285
+    Authentihash:
+        MD5: 2a499183392f0d3835f957bbe6b538ba
+        SHA1: f8a9a8d7c704069d4fff9c26740115c1f4ba3499
+        SHA256: 605e0efa14fc8443dc43c2068f17e6f175369909d5f7f1c3730fb5fe062528e6
+    Description: VirIT Agent System
+    Company: TG Soft S.a.s.
+    InternalName: viragt.sys
+    OriginalFilename: viragt64.sys
+    FileVersion: 1, 0, 0, 4
+    Product: VirIT Agent System
+    ProductVersion: 1, 0, 0, 4
+    Copyright: Copyright (C) TG Soft S.a.s. 2011, 2013 - www.tgsoft.it
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - mbstowcs
+    - ExAllocatePoolWithTag
+    - KeSetTargetProcessorDpc
+    - ZwCreateKey
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - KeInitializeMutex
+    - RtlAnsiStringToUnicodeString
+    - ZwReadFile
+    - strstr
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - RtlInitAnsiString
+    - ZwSetValueKey
+    - _strupr
+    - KeInitializeDpc
+    - ZwQuerySystemInformation
+    - MmBuildMdlForNonPagedPool
+    - IoFreeMdl
+    - ZwSetInformationFile
+    - KeReleaseMutex
+    - KeDelayExecutionThread
+    - ZwCreateFile
+    - PsCreateSystemThread
+    - MmMapLockedPagesSpecifyCache
+    - ExSystemTimeToLocalTime
+    - ZwQueryValueKey
+    - PsTerminateSystemThread
+    - KeInsertQueueDpc
+    - ZwEnumerateValueKey
+    - ZwClose
+    - sprintf
+    - ObReferenceObjectByHandle
+    - KeWaitForSingleObject
+    - RtlTimeToTimeFields
+    - MmProbeAndLockPages
+    - ZwOpenProcess
+    - MmUnlockPages
+    - IoCreateSymbolicLink
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - ZwTerminateProcess
+    - KeNumberProcessors
+    - ZwQueryInformationFile
+    - MmIsNonPagedSystemAddressValid
+    - ZwWriteFile
+    - ZwDeleteKey
+    - RtlFormatCurrentUserKeyPath
+    - ZwEnumerateKey
+    - IoAllocateMdl
+    - ZwOpenKey
+    - ObOpenObjectByName
+    - swprintf
+    - RtlUnicodeStringToAnsiString
+    - ZwOpenDirectoryObject
+    - IoFileObjectType
+    - IoDriverObjectType
+    - ZwQueryDirectoryObject
+    - wcstombs
+    - KeQueryActiveProcessors
+    - KeBugCheckEx
+    - IofCompleteRequest
+    - ExQueueWorkItem
+    - __C_specific_handler
+    - __chkstk
+    - KeStallExecutionProcessor
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=IT, ST=Padova, L=Rubano, O=TG Soft S.a.s. Di Tonello Gianfranco
+                e C., OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=TG
+                Soft S.a.s. Di Tonello Gianfranco e C.
+            ValidFrom: '2012-12-31 00:00:00'
+            ValidTo: '2016-02-29 23:59:59'
+            Signature: c7c9efc50350a4c32f6dacc513ba6ac9fe5fd749bd74dcb912bdc41655a751ecd628c0d94677c4bc71424ba27a3b82680532cb0fa85f6d7ae2a5a9b5a0f2c87059ce4c5c80c426bafe6fa0713e23787b5fe5274c659c221a58a376d27d9866a1843d21788bc53012b5af4b9a8787b5a6dd2d41498e60967e5248c6cc8b08ccafc5f39006f0597ae03b91f0aed26337f40550dc1fe4490df7258d2f0bdf0448d5a68c3bb8222007b91f9f83e4813edfb134738bfdd5c5cd9f8413b360231472ec5a22d32e7c6e15b127a34f84edea31ce625a0c87aaa07e31a14221dc51689e68e5a0e13bd563475134ee102e1a86788dc909dbdb4c7a370e0d418c8424e88a14
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 4cccaccf48f6d93fb37178d7fce6209c
+            Version: 3
+            TBS:
+                MD5: 1f0b47e6661a3261d4c982b2eb35b0ec
+                SHA1: 8320a06969446f33184f8a25a91942870a5a54d5
+                SHA256: 15e095f260d9ceca3f947817c1f53ddf687e32438d55a51be1b66785183e9840
+                SHA384: 184afc72b02ad7f852cdc9db26f294ce37ac12ec9ed3375d34acf6918a1662c0afd7d1cc39ecf1decc7e667645a3fc67
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 4cccaccf48f6d93fb37178d7fce6209c
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: a93c261e407f22e8e9e11096ef7669a4
+        SHA1: 579ea1a06578ca54a9b86ccfa3c06b3be01831bf
+        SHA256: b566c96b0a5ca93fe5cdd066966b85657108a1cc6eadb0b683932c781d3a3510
+    Sections:
+        .text:
+            Entropy: 6.359719252023205
+            Virtual Size: '0xacfa'
+        .rdata:
+            Entropy: 5.002975701263856
+            Virtual Size: '0xbf4'
+        .data:
+            Entropy: 0.9258397206248276
+            Virtual Size: '0x3878'
+        .pdata:
+            Entropy: 4.3026349695848545
+            Virtual Size: '0x318'
+        INIT:
+            Entropy: 5.225312935704256
+            Virtual Size: '0x842'
+        .rsrc:
+            Entropy: 3.294410486328847
+            Virtual Size: '0x438'
+        .reloc:
+            Entropy: 2.4653384645476275
+            Virtual Size: '0x12e'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2013-01-23 01:42:36'
+    Imphash: 85fd19df117fbc21efbcb1d587063e12
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: viragt.sys
+    MD5: 3d5164e85d740bce0391e2b81d49d308
+    SHA1: 7ce978092fadbef44441a5f8dcb434df2464f193
+    SHA256: d0e25b879d830e4f867b09d6540a664b6f88bad353cd14494c33b31a8091f605
+    Authentihash:
+        MD5: fca297e7088250ac73298a7d623e1137
+        SHA1: d1d6535cd02ff50825941130fe992fcdc91c71cd
+        SHA256: 401ed2d2768707b5c47556774c119f989986a9e2fa88e1e2626f14e22b85e66b
+    Description: VirIT Agent System
+    Company: TG Soft S.a.s.
+    InternalName: viragt.sys
+    OriginalFilename: viragt.sys
+    FileVersion: 1, 60, 0, 0
+    Product: VirIT Agent System
+    ProductVersion: 1, 60, 0, 0
+    Copyright: Copyright (C) TG Soft S.a.s. 2006, 2011 - www.tgsoft.it
+    MachineType: I386
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - RtlInitAnsiString
+    - wcstombs
+    - ZwOpenKey
+    - ZwSetValueKey
+    - ZwDeleteKey
+    - RtlFormatCurrentUserKeyPath
+    - ZwEnumerateKey
+    - ZwEnumerateValueKey
+    - ZwCreateFile
+    - KeWaitForSingleObject
+    - IofCallDriver
+    - IoBuildSynchronousFsdRequest
+    - KeInitializeEvent
+    - ObfDereferenceObject
+    - IoGetRelatedDeviceObject
+    - ObReferenceObjectByHandle
+    - ZwReadFile
+    - ZwWriteFile
+    - ZwSetInformationFile
+    - ZwOpenProcess
+    - ZwTerminateProcess
+    - _strupr
+    - ZwQuerySystemInformation
+    - IoFreeMdl
+    - MmUnlockPages
+    - MmIsAddressValid
+    - MmProbeAndLockPages
+    - MmMapLockedPagesSpecifyCache
+    - MmBuildMdlForNonPagedPool
+    - IoAllocateMdl
+    - MmIsNonPagedSystemAddressValid
+    - IoGetCurrentProcess
+    - PsLookupProcessByProcessId
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - sprintf
+    - RtlTimeToTimeFields
+    - ExSystemTimeToLocalTime
+    - KeQuerySystemTime
+    - KeServiceDescriptorTable
+    - KeReleaseMutex
+    - KeDelayExecutionThread
+    - RtlAnsiStringToUnicodeString
+    - ExQueueWorkItem
+    - KeInsertQueueDpc
+    - KeSetTargetProcessorDpc
+    - KeInitializeDpc
+    - KeNumberProcessors
+    - IofCompleteRequest
+    - memcpy
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsCreateSystemThread
+    - KeInitializeMutex
+    - ObOpenObjectByName
+    - IoDriverObjectType
+    - ZwOpenDirectoryObject
+    - RtlUnicodeStringToAnsiString
+    - ZwQueryDirectoryObject
+    - DbgPrint
+    - IoFileObjectType
+    - swprintf
+    - IoFreeIrp
+    - MmUnmapLockedPages
+    - KeSetEvent
+    - MmLockPagableSectionByHandle
+    - MmLockPagableDataSection
+    - IoAllocateIrp
+    - _wcsnicmp
+    - RtlCompareMemory
+    - IoBuildDeviceIoControlRequest
+    - _alldiv
+    - wcsrchr
+    - ZwQueryVolumeInformationFile
+    - ZwDeviceIoControlFile
+    - _strnicmp
+    - ZwFsControlFile
+    - _allmul
+    - ObfReferenceObject
+    - _allrem
+    - _stricmp
+    - strrchr
+    - KeQueryActiveProcessors
+    - KeTickCount
+    - KeBugCheckEx
+    - ZwCreateKey
+    - ZwQueryValueKey
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - mbstowcs
+    - ZwClose
+    - memset
+    - PsTerminateSystemThread
+    - ZwQueryInformationFile
+    - RtlUnwind
+    - KeRaiseIrqlToDpcLevel
+    - KfRaiseIrql
+    - KfLowerIrql
+    - KeGetCurrentIrql
+    - READ_PORT_ULONG
+    - WRITE_PORT_UCHAR
+    - READ_PORT_UCHAR
+    - READ_PORT_BUFFER_UCHAR
+    - KeStallExecutionProcessor
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=IT, ST=Padova, L=Rubano, O=TG Soft S.a.s. Di Tonello Gianfranco
+                e C., OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=TG
+                Soft S.a.s. Di Tonello Gianfranco e C.
+            ValidFrom: '2010-01-15 00:00:00'
+            ValidTo: '2013-01-26 23:59:59'
+            Signature: 49acd6daead15fe8d7445a98d9c495f32e30c0bfe703acba889230d0e71911d319656ef50b2116f52fafc0e98010c27d23c59fc85bfd5a20c274a171279702f4c34435fe76b9746a39c64fd401aec55d0e1dedb33f6a8a4a35b3e4438ea30563562e3627df7abd77736982bd73966cd56b223a57e8cb3e709c316aa968eb8f9ef84560f0d68dc6e37ae179cca59e1ca21216cd04ac1f0913dbfb2ea258ebce38b3b329b2b9bd4dce4c6b568bebe1323e4622a0678ee5326540fbf0667684c9936eae2d879bb500e7f5684633e203cf5c9fcffad04ed7c712678d4209f32f280c1bf91b228a1d88a43f2b9cc0f68109b0ee81f935a87bfef1cf309fa7093a9c51
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 25008956fcdc548a3079b096ef96c928
+            Version: 3
+            TBS:
+                MD5: 3bab1e250b6b9f2257ee7e262dfbcb65
+                SHA1: f99ffe487f507ecaa1874aedf700f26529baed68
+                SHA256: 7273308094902ec5a0f89bcd6b8c487363c60ce6527c419dfa163e7f47c2f09d
+                SHA384: 55f33ea190b96f03dc48a54984dc6889f3b365e5f34e4bb80f4303ff60c8ad231226c5d45649a6091cbd96dfe735ad3a
+        Signer:
+        -   SerialNumber: 25008956fcdc548a3079b096ef96c928
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 49e861e9b5ef11a45073189555706b16
+        SHA1: 8b4484b05b022e8e3e31fd31af8d0375babefd7e
+        SHA256: 79c8030870681fcb556c799112ac97f555ad4c5b81e30c73a57fb9090c2745dc
+    Sections:
+        .text:
+            Entropy: 6.7574464380724875
+            Virtual Size: '0xca37'
+        NonPaged:
+            Entropy: 6.719726825659327
+            Virtual Size: '0x7ad'
+        .rdata:
+            Entropy: 5.082272229315413
+            Virtual Size: '0x5d4'
+        .data:
+            Entropy: 0.05436146587565968
+            Virtual Size: '0x2c2c'
+        INIT:
+            Entropy: 5.658986288806626
+            Virtual Size: '0xa76'
+        .rsrc:
+            Entropy: 3.3172637315998217
+            Virtual Size: '0x430'
+        .reloc:
+            Entropy: 6.247994097967221
+            Virtual Size: '0xe18'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2011-12-29 10:38:08'
+    Imphash: 48e2ef3c2d32ecca62510d90e12b6632
+    LoadsDespiteHVCI: 'TRUE'
+-   Filename: viragt.sys
+    MD5: 3ad7b36a584504b3c70b5f552ba33015
+    SHA1: d363011d6991219d7f152609164aba63c266b740
+    SHA256: e4eca7db365929ff7c5c785e2eab04ef8ec67ea9edcf7392f2b74eccd9449148
+    Authentihash:
+        MD5: bec44ba7f52a8c4700876db0c566d696
+        SHA1: 3854d0364d7379bcb7d59311823cadc3e34d1612
+        SHA256: 230fe99d425e870cc03383b195d5a8c0ef3d191baaa4104f6f4cdee4960c48fc
+    Description: VirIT Agent System
+    Company: TG Soft S.a.s.
+    InternalName: viragt.sys
+    OriginalFilename: viragt.sys
+    FileVersion: 1, 38, 0, 0
+    Product: VirIT Agent System
+    ProductVersion: 1, 38, 0, 0
+    Copyright: Copyright (C) TG Soft S.a.s. 2006, 2011 - www.tgsoft.it
+    MachineType: I386
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - RtlInitAnsiString
+    - wcstombs
+    - ZwOpenKey
+    - ZwSetValueKey
+    - ZwDeleteKey
+    - RtlFormatCurrentUserKeyPath
+    - ZwEnumerateKey
+    - ZwEnumerateValueKey
+    - ZwCreateFile
+    - KeWaitForSingleObject
+    - IofCallDriver
+    - IoBuildSynchronousFsdRequest
+    - KeInitializeEvent
+    - ObfDereferenceObject
+    - IoGetRelatedDeviceObject
+    - ObReferenceObjectByHandle
+    - ZwReadFile
+    - ZwWriteFile
+    - ZwSetInformationFile
+    - ZwOpenProcess
+    - ZwTerminateProcess
+    - _strupr
+    - ZwQuerySystemInformation
+    - IoFreeMdl
+    - MmUnlockPages
+    - MmIsAddressValid
+    - MmProbeAndLockPages
+    - MmMapLockedPagesSpecifyCache
+    - MmBuildMdlForNonPagedPool
+    - IoAllocateMdl
+    - MmIsNonPagedSystemAddressValid
+    - IoGetCurrentProcess
+    - PsLookupProcessByProcessId
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - sprintf
+    - RtlTimeToTimeFields
+    - ExSystemTimeToLocalTime
+    - KeQuerySystemTime
+    - KeServiceDescriptorTable
+    - KeReleaseMutex
+    - KeDelayExecutionThread
+    - RtlAnsiStringToUnicodeString
+    - ExQueueWorkItem
+    - KeInsertQueueDpc
+    - KeSetTargetProcessorDpc
+    - KeInitializeDpc
+    - KeNumberProcessors
+    - IofCompleteRequest
+    - memcpy
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsCreateSystemThread
+    - KeInitializeMutex
+    - ObOpenObjectByName
+    - IoDriverObjectType
+    - ZwOpenDirectoryObject
+    - RtlUnicodeStringToAnsiString
+    - ZwQueryDirectoryObject
+    - DbgPrint
+    - IoFileObjectType
+    - swprintf
+    - IoFreeIrp
+    - MmUnmapLockedPages
+    - KeSetEvent
+    - MmLockPagableSectionByHandle
+    - MmLockPagableDataSection
+    - IoAllocateIrp
+    - _wcsnicmp
+    - RtlCompareMemory
+    - IoBuildDeviceIoControlRequest
+    - _alldiv
+    - wcsrchr
+    - ZwQueryVolumeInformationFile
+    - ZwDeviceIoControlFile
+    - _strnicmp
+    - ZwFsControlFile
+    - _allmul
+    - ObfReferenceObject
+    - _allrem
+    - _stricmp
+    - strrchr
+    - KeQueryActiveProcessors
+    - KeTickCount
+    - KeBugCheckEx
+    - ZwCreateKey
+    - ZwQueryValueKey
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - mbstowcs
+    - ZwClose
+    - memset
+    - PsTerminateSystemThread
+    - ZwQueryInformationFile
+    - RtlUnwind
+    - KeRaiseIrqlToDpcLevel
+    - KfRaiseIrql
+    - KfLowerIrql
+    - KeGetCurrentIrql
+    - READ_PORT_ULONG
+    - WRITE_PORT_UCHAR
+    - READ_PORT_UCHAR
+    - READ_PORT_BUFFER_UCHAR
+    - KeStallExecutionProcessor
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=IT, ST=Padova, L=Rubano, O=TG Soft S.a.s. Di Tonello Gianfranco
+                e C., OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=TG
+                Soft S.a.s. Di Tonello Gianfranco e C.
+            ValidFrom: '2010-01-15 00:00:00'
+            ValidTo: '2013-01-26 23:59:59'
+            Signature: 49acd6daead15fe8d7445a98d9c495f32e30c0bfe703acba889230d0e71911d319656ef50b2116f52fafc0e98010c27d23c59fc85bfd5a20c274a171279702f4c34435fe76b9746a39c64fd401aec55d0e1dedb33f6a8a4a35b3e4438ea30563562e3627df7abd77736982bd73966cd56b223a57e8cb3e709c316aa968eb8f9ef84560f0d68dc6e37ae179cca59e1ca21216cd04ac1f0913dbfb2ea258ebce38b3b329b2b9bd4dce4c6b568bebe1323e4622a0678ee5326540fbf0667684c9936eae2d879bb500e7f5684633e203cf5c9fcffad04ed7c712678d4209f32f280c1bf91b228a1d88a43f2b9cc0f68109b0ee81f935a87bfef1cf309fa7093a9c51
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 25008956fcdc548a3079b096ef96c928
+            Version: 3
+            TBS:
+                MD5: 3bab1e250b6b9f2257ee7e262dfbcb65
+                SHA1: f99ffe487f507ecaa1874aedf700f26529baed68
+                SHA256: 7273308094902ec5a0f89bcd6b8c487363c60ce6527c419dfa163e7f47c2f09d
+                SHA384: 55f33ea190b96f03dc48a54984dc6889f3b365e5f34e4bb80f4303ff60c8ad231226c5d45649a6091cbd96dfe735ad3a
+        Signer:
+        -   SerialNumber: 25008956fcdc548a3079b096ef96c928
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 49e861e9b5ef11a45073189555706b16
+        SHA1: 8b4484b05b022e8e3e31fd31af8d0375babefd7e
+        SHA256: 79c8030870681fcb556c799112ac97f555ad4c5b81e30c73a57fb9090c2745dc
+    Sections:
+        .text:
+            Entropy: 6.742992739782107
+            Virtual Size: '0xc377'
+        NonPaged:
+            Entropy: 6.721977941994172
+            Virtual Size: '0x7ad'
+        .rdata:
+            Entropy: 5.077510577226486
+            Virtual Size: '0x5d4'
+        .data:
+            Entropy: 0.05436146587565968
+            Virtual Size: '0x2c2c'
+        INIT:
+            Entropy: 5.644887759534148
+            Virtual Size: '0xa76'
+        .rsrc:
+            Entropy: 3.327760494753233
+            Virtual Size: '0x430'
+        .reloc:
+            Entropy: 6.239805134913373
+            Virtual Size: '0xe14'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2011-05-10 10:33:08'
+    Imphash: 48e2ef3c2d32ecca62510d90e12b6632
+    LoadsDespiteHVCI: 'TRUE'
+-   Filename: viragt.sys
+    MD5: 08e06b839499cb4b752347399db41b57
+    SHA1: b53c360b35174bd89f97f681bf7c17f40e519eb6
+    SHA256: ef6d3c00f9d0aa31a218094480299ef73fc85146adf62fd0c2f4f88972c5c850
+    Authentihash:
+        MD5: d1d42d44e5fcfd9c0a148b0d85f911d0
+        SHA1: eb2d192b58a979cdb127fb81049ff19b07dbe45e
+        SHA256: b59ad4a1f71f8379c89fc3bc1d2827b0785bbb0192b43549034f24a133eea3a5
+    Description: VirIT Agent System
+    Company: TG Soft S.a.s.
+    InternalName: viragt.sys
+    OriginalFilename: viragt.sys
+    FileVersion: 1, 80, 0, 0
+    Product: VirIT Agent System
+    ProductVersion: 1, 80, 0, 0
+    Copyright: Copyright (C) TG Soft S.a.s. 2006, 2016 - www.tgsoft.it
+    MachineType: I386
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - RtlInitAnsiString
+    - wcstombs
+    - ZwOpenKey
+    - ZwSetValueKey
+    - ZwDeleteKey
+    - RtlFormatCurrentUserKeyPath
+    - ZwEnumerateKey
+    - ZwEnumerateValueKey
+    - ZwCreateFile
+    - KeWaitForSingleObject
+    - IofCallDriver
+    - IoBuildSynchronousFsdRequest
+    - KeInitializeEvent
+    - ObfDereferenceObject
+    - IoGetRelatedDeviceObject
+    - ObReferenceObjectByHandle
+    - ZwReadFile
+    - ZwWriteFile
+    - ZwSetInformationFile
+    - ZwOpenProcess
+    - ZwTerminateProcess
+    - _strupr
+    - ZwQuerySystemInformation
+    - IoFreeMdl
+    - MmUnlockPages
+    - MmIsAddressValid
+    - MmProbeAndLockPages
+    - MmMapLockedPagesSpecifyCache
+    - MmBuildMdlForNonPagedPool
+    - IoAllocateMdl
+    - MmIsNonPagedSystemAddressValid
+    - IoGetCurrentProcess
+    - PsLookupProcessByProcessId
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - sprintf
+    - RtlTimeToTimeFields
+    - ExSystemTimeToLocalTime
+    - KeQuerySystemTime
+    - strstr
+    - KeServiceDescriptorTable
+    - KeReleaseMutex
+    - KeDelayExecutionThread
+    - RtlAnsiStringToUnicodeString
+    - ExQueueWorkItem
+    - KeInsertQueueDpc
+    - KeSetTargetProcessorDpc
+    - KeInitializeDpc
+    - KeNumberProcessors
+    - IofCompleteRequest
+    - PsCreateSystemThread
+    - memcpy
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeInitializeMutex
+    - RtlUnicodeStringToAnsiString
+    - IoGetDeviceObjectPointer
+    - ObOpenObjectByName
+    - IoDriverObjectType
+    - ZwOpenDirectoryObject
+    - ZwQueryDirectoryObject
+    - IoFileObjectType
+    - swprintf
+    - DbgPrint
+    - IoFreeIrp
+    - MmUnmapLockedPages
+    - KeSetEvent
+    - MmLockPagableSectionByHandle
+    - MmLockPagableDataSection
+    - IoAllocateIrp
+    - _wcsnicmp
+    - RtlCompareMemory
+    - IoBuildDeviceIoControlRequest
+    - _alldiv
+    - wcsrchr
+    - ZwQueryVolumeInformationFile
+    - ZwDeviceIoControlFile
+    - _strnicmp
+    - ZwFsControlFile
+    - _allmul
+    - ObfReferenceObject
+    - _allrem
+    - _stricmp
+    - strrchr
+    - KeQueryActiveProcessors
+    - KeTickCount
+    - KeBugCheckEx
+    - ZwCreateKey
+    - ZwQueryValueKey
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - mbstowcs
+    - ZwClose
+    - memset
+    - PsTerminateSystemThread
+    - ZwQueryInformationFile
+    - RtlUnwind
+    - KeRaiseIrqlToDpcLevel
+    - KfRaiseIrql
+    - KfLowerIrql
+    - KeGetCurrentIrql
+    - READ_PORT_ULONG
+    - WRITE_PORT_UCHAR
+    - READ_PORT_UCHAR
+    - READ_PORT_BUFFER_UCHAR
+    - KeStallExecutionProcessor
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=IT, ST=Padova, L=Rubano, O=TG Soft S.a.s. Di Tonello Gianfranco
+                e C., CN=TG Soft S.a.s. Di Tonello Gianfranco e C.
+            ValidFrom: '2016-01-20 00:00:00'
+            ValidTo: '2019-03-11 23:59:59'
+            Signature: 629f1e9a0f9ce5d38b9d6a8dd11af5b17d415d1891039677a3bc1ead43fdf569a403413d461fcfd48f76688244a7a7115e5408682f43319e9526d6dce0fd8ec4a0599331dc94ed2bb68aca4d58e63472587d17cea864ff3cf9ce209f122d904dfafb0db7cab4648b5b903922150f153a527764236b0222d9c1d51ff9631b87fba8b7b079b2ec5839af1be2c721dcebfa5dba429157f785d3a4929c785422ea5d2dacdc68dd1b3ca98c81aba0d7e232fefa7065e861fe51480983ed865dad87663c3a8c505c047ac1b6983917657497403bd7d0df0c71860aa2bec36b1954b1d2dc987e20e71c193f1e59a627c8d6a345b8f7e9b21f0841636672190217727209
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 7380a219373c43f82746ddf3ed55eaea
+            Version: 3
+            TBS:
+                MD5: 7ce1cf724ff7a2f7a8a062ec56732b01
+                SHA1: 744e935b56e4974671931f3cbf233d10e95f63bc
+                SHA256: f091c42ab9e8f450b435dfb1e09109137a0b578737cd49d1f5a1259b5ed44d8c
+                SHA384: d7b3f6cd2bb4fa23da07031f240e9e7195f211d2a96f3d6aa24c9eb67781ec0418b45024538a7235d0e336b2d47fbc07
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 7380a219373c43f82746ddf3ed55eaea
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: fd47e50698bf05f04850340b52ac1853
+        SHA1: ee25f84fd5c60f82580743dfaab31e2e5e1fbe30
+        SHA256: 44490b82f96dcb06373c259b6532d209604916c484dccba49970a77732bd9906
+    Sections:
+        .text:
+            Entropy: 6.775686647068779
+            Virtual Size: '0xf949'
+        NonPaged:
+            Entropy: 6.7142510976055005
+            Virtual Size: '0x7ad'
+        .rdata:
+            Entropy: 5.026653618294461
+            Virtual Size: '0x5e4'
+        .data:
+            Entropy: 0.03841873461812914
+            Virtual Size: '0x4110'
+        INIT:
+            Entropy: 5.5783216010211705
+            Virtual Size: '0xaa4'
+        .rsrc:
+            Entropy: 3.315762201306504
+            Virtual Size: '0x430'
+        .reloc:
+            Entropy: 6.404375411917709
+            Virtual Size: '0x12a4'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2016-09-07 02:16:07'
+    Imphash: 3815f9107b799b863cd905178e6e07d0
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/7f645b95-4374-47ae-be1a-e4415308b550.yaml b/yaml/7f645b95-4374-47ae-be1a-e4415308b550.yaml
index 7ef62134d..7fa25ca60 100644
--- a/yaml/7f645b95-4374-47ae-be1a-e4415308b550.yaml
+++ b/yaml/7f645b95-4374-47ae-be1a-e4415308b550.yaml
@@ -1,190 +1,191 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 7f645b95-4374-47ae-be1a-e4415308b550
+Tags:
+- WCPU.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create WCPU.sys binPath=C:\windows\temp\WCPU.sys type=kernel &&
-    sc.exe start WCPU.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/159e7c5a12157af92e0d14a0d3ea116f91c09e21a9831486e6dc592c93c10980.yara
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: 7f645b95-4374-47ae-be1a-e4415308b550
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 1a77777592eb402fe56bcb43d618d02e
-    SHA1: 81e3e81048e0f323eee8d04aa9b291d77caa21e0
-    SHA256: 54bc506b2f0cf66d12d4a2415ab743c2b2a1f3079089e3e0c0c1f3f49dd7335e
-  Company: Windows (R) Codename Longhorn DDK provider
-  Copyright: Copyright by ASUSTek COMPUTER INC. 2006
-  CreationTimestamp: '2006-12-21 03:21:24'
-  Date: ''
-  Description: ASUS TDE CPU Driver
-  ExportedFunctions: ''
-  FileVersion: '6.0.6000.16386 built by: WinDDK'
-  Filename: WCPU.sys
-  ImportedFunctions:
-  - ZwUnmapViewOfSection
-  - ZwClose
-  - IofCompleteRequest
-  - ObReferenceObjectByHandle
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - ZwOpenSection
-  - IoDeleteSymbolicLink
-  - ZwMapViewOfSection
-  - KeBugCheckEx
-  - IoCreateDevice
-  - RtlInitUnicodeString
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: CPU Driver
-  MD5: c1d063c9422a19944cdaa6714623f2ec
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: CPU Driver
-  Product: Windows (R) Codename Longhorn DDK driver
-  ProductVersion: 6.0.6000.16386
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: d101f9368f4b720f40c512b9a7b67cc4
-    SHA1: abea1a5ff4c4e312d9bfb9d3cbcc21f4195c4809
-    SHA256: 0d1f45e9aa0988e1a7aee185bbf5bf48fd4c4b7e1168c8ecb79f47a15dd03616
-  SHA1: f36a47edfacd85e0c6d4d22133dd386aee4eec15
-  SHA256: 159e7c5a12157af92e0d14a0d3ea116f91c09e21a9831486e6dc592c93c10980
-  Sections:
-    .text:
-      Entropy: 5.985625350824249
-      Virtual Size: '0xade'
-    .rdata:
-      Entropy: 3.954197356499777
-      Virtual Size: '0x124'
-    .data:
-      Entropy: 0.4498563545832192
-      Virtual Size: '0x140'
-    .pdata:
-      Entropy: 3.1473267367721696
-      Virtual Size: '0x48'
-    INIT:
-      Entropy: 4.911287908556835
-      Virtual Size: '0x23e'
-    .rsrc:
-      Entropy: 3.4268548853633605
-      Virtual Size: '0x408'
-  Signature:
-  - ASUSTeK Computer Inc.
-  - VeriSign Class 3 Code Signing 2004 CA
-  - VeriSign Class 3 Public Primary CA
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=TW, ST=Taiwan, L=Taipei / Peitou, O=ASUSTeK Computer Inc., OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=Quality Testing Department,
-        CN=ASUSTeK Computer Inc.
-      ValidFrom: '2007-07-03 00:00:00'
-      ValidTo: '2008-07-26 23:59:59'
-      Signature: 2eca2db768d60f241f8c155b9db4bc91a02d16a3f1ec09059aa3b91a4ee0e44317d1f286d12133f44f4b282141287a8b9a3781b46184f732a599edb622e6057156d99221a130091c9f171f1a5f75125a68270d5c21ac379541136b8bf164a0ee6c9b9f5557754ea940f1c836e6d823528d764aaa41b038d84523e395c0ada5e17fea7912a0d10aa807fc0b89d4d116b92dbfc7028f1a23d5d679ac9a1023952a2cf98940ad5cc16bd9381403751ebd52c892205205d51d72b2a83ddb92547fce93e2b6617a42c7249312344ee0b9184859e8b1dd39bd5e61ab5999cbc8aa8807c8538c1926e49a9bbc29dcdf266a603c85f8df773c9659bcf08ffe2ba0f1cfa5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 23eab3ac30c7016a299c8d31d99f3ae8
-      Version: 3
-      TBS:
-        MD5: 54f73eaca10fe12ff2e14194e2f019b8
-        SHA1: 471cb77202e7d4941a5bff8ba813f5ed221dc32e
-        SHA256: 9dba2d4765226ca91fb7104e0cbd01308c4e8ed9727ea661eeaa473d7825ee35
-        SHA384: 272d877ad02e5487a0864e4d876a9e06fea5ead9cd149e7a48c4f111cfa8dc2f05f1042f2822b42360896da334e6390d
-    Signer:
-    - SerialNumber: 23eab3ac30c7016a299c8d31d99f3ae8
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  Imphash: d169b0949781ca2a6efea5a106266a02
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create WCPU.sys binPath=C:\windows\temp\WCPU.sys type=kernel &&
+        sc.exe start WCPU.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://github.com/namazso/physmem_drivers
-Tags:
-- WCPU.sys
-Verified: 'TRUE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/159e7c5a12157af92e0d14a0d3ea116f91c09e21a9831486e6dc592c93c10980.yara
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 1a77777592eb402fe56bcb43d618d02e
+        SHA1: 81e3e81048e0f323eee8d04aa9b291d77caa21e0
+        SHA256: 54bc506b2f0cf66d12d4a2415ab743c2b2a1f3079089e3e0c0c1f3f49dd7335e
+    Company: Windows (R) Codename Longhorn DDK provider
+    Copyright: Copyright by ASUSTek COMPUTER INC. 2006
+    CreationTimestamp: '2006-12-21 03:21:24'
+    Date: ''
+    Description: ASUS TDE CPU Driver
+    ExportedFunctions: ''
+    FileVersion: '6.0.6000.16386 built by: WinDDK'
+    Filename: WCPU.sys
+    ImportedFunctions:
+    - ZwUnmapViewOfSection
+    - ZwClose
+    - IofCompleteRequest
+    - ObReferenceObjectByHandle
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - ZwOpenSection
+    - IoDeleteSymbolicLink
+    - ZwMapViewOfSection
+    - KeBugCheckEx
+    - IoCreateDevice
+    - RtlInitUnicodeString
+    - HalTranslateBusAddress
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: CPU Driver
+    MD5: c1d063c9422a19944cdaa6714623f2ec
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: CPU Driver
+    Product: Windows (R) Codename Longhorn DDK driver
+    ProductVersion: 6.0.6000.16386
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: d101f9368f4b720f40c512b9a7b67cc4
+        SHA1: abea1a5ff4c4e312d9bfb9d3cbcc21f4195c4809
+        SHA256: 0d1f45e9aa0988e1a7aee185bbf5bf48fd4c4b7e1168c8ecb79f47a15dd03616
+    SHA1: f36a47edfacd85e0c6d4d22133dd386aee4eec15
+    SHA256: 159e7c5a12157af92e0d14a0d3ea116f91c09e21a9831486e6dc592c93c10980
+    Sections:
+        .text:
+            Entropy: 5.985625350824249
+            Virtual Size: '0xade'
+        .rdata:
+            Entropy: 3.954197356499777
+            Virtual Size: '0x124'
+        .data:
+            Entropy: 0.4498563545832192
+            Virtual Size: '0x140'
+        .pdata:
+            Entropy: 3.1473267367721696
+            Virtual Size: '0x48'
+        INIT:
+            Entropy: 4.911287908556835
+            Virtual Size: '0x23e'
+        .rsrc:
+            Entropy: 3.4268548853633605
+            Virtual Size: '0x408'
+    Signature:
+    - ASUSTeK Computer Inc.
+    - VeriSign Class 3 Code Signing 2004 CA
+    - VeriSign Class 3 Public Primary CA
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=TW, ST=Taiwan, L=Taipei / Peitou, O=ASUSTeK Computer Inc.,
+                OU=Digital ID Class 3 , Microsoft Software Validation v2, OU=Quality
+                Testing Department, CN=ASUSTeK Computer Inc.
+            ValidFrom: '2007-07-03 00:00:00'
+            ValidTo: '2008-07-26 23:59:59'
+            Signature: 2eca2db768d60f241f8c155b9db4bc91a02d16a3f1ec09059aa3b91a4ee0e44317d1f286d12133f44f4b282141287a8b9a3781b46184f732a599edb622e6057156d99221a130091c9f171f1a5f75125a68270d5c21ac379541136b8bf164a0ee6c9b9f5557754ea940f1c836e6d823528d764aaa41b038d84523e395c0ada5e17fea7912a0d10aa807fc0b89d4d116b92dbfc7028f1a23d5d679ac9a1023952a2cf98940ad5cc16bd9381403751ebd52c892205205d51d72b2a83ddb92547fce93e2b6617a42c7249312344ee0b9184859e8b1dd39bd5e61ab5999cbc8aa8807c8538c1926e49a9bbc29dcdf266a603c85f8df773c9659bcf08ffe2ba0f1cfa5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 23eab3ac30c7016a299c8d31d99f3ae8
+            Version: 3
+            TBS:
+                MD5: 54f73eaca10fe12ff2e14194e2f019b8
+                SHA1: 471cb77202e7d4941a5bff8ba813f5ed221dc32e
+                SHA256: 9dba2d4765226ca91fb7104e0cbd01308c4e8ed9727ea661eeaa473d7825ee35
+                SHA384: 272d877ad02e5487a0864e4d876a9e06fea5ead9cd149e7a48c4f111cfa8dc2f05f1042f2822b42360896da334e6390d
+        Signer:
+        -   SerialNumber: 23eab3ac30c7016a299c8d31d99f3ae8
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    Imphash: d169b0949781ca2a6efea5a106266a02
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/7f9842a0-8118-462e-8860-227265ff4379.yaml b/yaml/7f9842a0-8118-462e-8860-227265ff4379.yaml
index b2113686e..d81e52b04 100644
--- a/yaml/7f9842a0-8118-462e-8860-227265ff4379.yaml
+++ b/yaml/7f9842a0-8118-462e-8860-227265ff4379.yaml
@@ -1,771 +1,771 @@
 Id: 7f9842a0-8118-462e-8860-227265ff4379
+Tags:
+- NTIOLib.sys
+Verified: 'TRUE'
 Author: Nasreddine Bencherchali
 Created: '2023-05-06'
 MitreID: T1068
 Category: vulnerable driver
-Verified: 'TRUE'
 Commands:
-  Command: sc.exe create NTIOLib.sys binPath=C:\windows\temp\NTIOLib.sys type=kernel
-    && sc.exe start NTIOLib.sys
-  Description: ''
-  Usecase: Elevate privileges
-  Privileges: kernel
-  OperatingSystem: Windows 10
+    Command: sc.exe create NTIOLib.sys binPath=C:\windows\temp\NTIOLib.sys type=kernel
+        && sc.exe start NTIOLib.sys
+    Description: ''
+    Usecase: Elevate privileges
+    Privileges: kernel
+    OperatingSystem: Windows 10
 Resources:
 - Internal Research
-Acknowledgement:
-  Person: ''
-  Handle: ''
 Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Person: ''
+    Handle: ''
 KnownVulnerableSamples:
-- Filename: NTIOLib.sys
-  MD5: 4d99d02f49e027332a0a9c31c674e13b
-  SHA1: 39e57a0bb3b349c70ad5f11592f9282860bbcc0a
-  SHA256: 18776682fcc0c6863147143759a8d4050a4115a8ede0136e49a7cf885c8a4805
-  Authentihash:
-    MD5: eed041909fbbbe05f6cc68006d541b0d
-    SHA1: d3809c4439f7828a4a76aef68627eb1e6e703d43
-    SHA256: c84806a49da944c20a01e7dba7721e88859a5f65ec338ddb5da3a0d6895e7268
-  Description: NTIOLib
-  Company: MSI
-  InternalName: NTIOLib.sys
-  OriginalFilename: NTIOLib.sys
-  FileVersion: 1.0.0.0
-  Product: NTIOLib
-  ProductVersion: 1.0.0.0
-  Copyright: Copyright (C) 2008-2009 MSI. All rights reserved.
-  MachineType: I386
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - WRITE_REGISTER_BUFFER_USHORT
-  - WRITE_REGISTER_BUFFER_ULONG
-  - IofCompleteRequest
-  - WRITE_REGISTER_BUFFER_UCHAR
-  - IoCreateDevice
-  - KeTickCount
-  - MmMapIoSpace
-  - READ_REGISTER_BUFFER_ULONG
-  - READ_REGISTER_BUFFER_USHORT
-  - READ_REGISTER_BUFFER_UCHAR
-  - MmUnmapIoSpace
-  - RtlInitUnicodeString
-  - IoDeleteSymbolicLink
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - RtlUnwind
-  - KeBugCheckEx
-  - HalGetBusDataByOffset
-  - WRITE_PORT_ULONG
-  - WRITE_PORT_USHORT
-  - WRITE_PORT_UCHAR
-  - READ_PORT_ULONG
-  - READ_PORT_USHORT
-  - READ_PORT_UCHAR
-  - HalSetBusDataByOffset
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL CO.,
-        LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL CO.,
-        LTD.
-      ValidFrom: '2011-08-30 06:46:09'
-      ValidTo: '2014-08-30 06:46:09'
-      Signature: 87bf57ab7ffd7e005076b34b14ddd924045ec7e389871661794f1ece1bef10e050893b28236cb650af1415f8cd95e86c2052d93311d73e0bbe6fb1c22ddea438a93c8b18bd4b8c0f81ad07032efb46d406bbaa730dd3ac92cbf0d9cc711a397a0e0320b213a5161e6be83ec69967a712b463129ea56d5a8ecd3ff8901be09dfaa0a0f10e879b307863e1b1c3a3149ac73bc3f3160db7012229b57bced6d47b875878663642a8cddd03da1e7f236b8cf16713a5e0f4c892aaca77a8c7dab41d84567e2bbf09b336a2824e0e18d54d199e6e024d2630bb210cd24a9ef4b377be0429e2ecc9bf8478a8c6a78c686e26f29c95925baee85e4bbb97b6eecffe44a25e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
-      Version: 3
-      TBS:
-        MD5: 3a98a18e8636f2a01e49e2a6d116c360
-        SHA1: a2938150e46525adcec2e3a2348824bc1cf532b2
-        SHA256: 01a2e2d31d0a4f3005753cce5972b5da2a7c08b0750fb6947e0fd231e64ae7ec
-        SHA384: 722398e51e6b5bbe064df372be6b6a9ccfcc9719ad775213cae46920e0a3e6c5a4dc8b912de3148abfc60ff4a59050ea
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 32723c8062c08c35296c3e94f2b13cca
-    SHA1: ccb30ac21cfd87ec3d5f72a3e00fc7272f6bedd9
-    SHA256: 08f465c1cc08c882dc26c9b12af153532f5fc848ddb5dd7731009af08ece586c
-  Sections:
-    .text:
-      Entropy: 6.149675600679578
-      Virtual Size: '0xafa'
-    .rdata:
-      Entropy: 3.7506155543068602
-      Virtual Size: '0x184'
-    .data:
-      Entropy: 2.9182958340544896
-      Virtual Size: '0xc'
-    INIT:
-      Entropy: 5.357690848786986
-      Virtual Size: '0x336'
-    .rsrc:
-      Entropy: 3.2489665842730933
-      Virtual Size: '0x370'
-    .reloc:
-      Entropy: 4.2991771373904095
-      Virtual Size: '0xea'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2014-03-17 04:23:54'
-  Imphash: a1d29a3af6402793ec9d23883512938a
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: NTIOLib.sys
-  MD5: 2e5f016ff9378be41fe98fa62f99b12d
-  SHA1: 4518758452af35d593e0cae80d9841a86af6d3de
-  SHA256: 7893307df2fdde25371645a924f0333e1b2de31b6bc839d8e2a908d7830c6504
-  Authentihash:
-    MD5: dbca419735abe58370b336d8d3da5ad8
-    SHA1: 2986d3251738a29bd73f2938545cd3ffc8e2aadc
-    SHA256: c0fc1c1c1ff39ea9a695996482ab31cb65c74aaf9f20cba21e9ff34ef054a008
-  Description: NTIOLib
-  Company: MSI
-  InternalName: NTIOLib.sys
-  OriginalFilename: NTIOLib.sys
-  FileVersion: 1.0.0.0
-  Product: NTIOLib
-  ProductVersion: 1.0.0.0
-  Copyright: Copyright (C) 2008-2009 MSI. All rights reserved.
-  MachineType: I386
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - WRITE_REGISTER_BUFFER_USHORT
-  - WRITE_REGISTER_BUFFER_ULONG
-  - IofCompleteRequest
-  - WRITE_REGISTER_BUFFER_UCHAR
-  - IoCreateDevice
-  - KeTickCount
-  - MmMapIoSpace
-  - READ_REGISTER_BUFFER_ULONG
-  - READ_REGISTER_BUFFER_USHORT
-  - READ_REGISTER_BUFFER_UCHAR
-  - MmUnmapIoSpace
-  - RtlInitUnicodeString
-  - IoDeleteSymbolicLink
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - RtlUnwind
-  - KeBugCheckEx
-  - HalGetBusDataByOffset
-  - WRITE_PORT_ULONG
-  - WRITE_PORT_USHORT
-  - WRITE_PORT_UCHAR
-  - READ_PORT_ULONG
-  - READ_PORT_USHORT
-  - READ_PORT_UCHAR
-  - HalSetBusDataByOffset
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G3
-      ValidFrom: '2012-05-01 00:00:00'
-      ValidTo: '2012-12-31 23:59:59'
-      Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
-      Version: 3
-      TBS:
-        MD5: e6d820afb23af20a65cf0b03247ea05e
-        SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
-        SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
-        SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL CO.,
-        LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL CO.,
-        LTD.
-      ValidFrom: '2011-08-30 06:46:09'
-      ValidTo: '2014-08-30 06:46:09'
-      Signature: 87bf57ab7ffd7e005076b34b14ddd924045ec7e389871661794f1ece1bef10e050893b28236cb650af1415f8cd95e86c2052d93311d73e0bbe6fb1c22ddea438a93c8b18bd4b8c0f81ad07032efb46d406bbaa730dd3ac92cbf0d9cc711a397a0e0320b213a5161e6be83ec69967a712b463129ea56d5a8ecd3ff8901be09dfaa0a0f10e879b307863e1b1c3a3149ac73bc3f3160db7012229b57bced6d47b875878663642a8cddd03da1e7f236b8cf16713a5e0f4c892aaca77a8c7dab41d84567e2bbf09b336a2824e0e18d54d199e6e024d2630bb210cd24a9ef4b377be0429e2ecc9bf8478a8c6a78c686e26f29c95925baee85e4bbb97b6eecffe44a25e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
-      Version: 3
-      TBS:
-        MD5: 3a98a18e8636f2a01e49e2a6d116c360
-        SHA1: a2938150e46525adcec2e3a2348824bc1cf532b2
-        SHA256: 01a2e2d31d0a4f3005753cce5972b5da2a7c08b0750fb6947e0fd231e64ae7ec
-        SHA384: 722398e51e6b5bbe064df372be6b6a9ccfcc9719ad775213cae46920e0a3e6c5a4dc8b912de3148abfc60ff4a59050ea
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 32723c8062c08c35296c3e94f2b13cca
-    SHA1: ccb30ac21cfd87ec3d5f72a3e00fc7272f6bedd9
-    SHA256: 08f465c1cc08c882dc26c9b12af153532f5fc848ddb5dd7731009af08ece586c
-  Sections:
-    .text:
-      Entropy: 6.152429670255876
-      Virtual Size: '0xaf6'
-    .rdata:
-      Entropy: 4.122254945364257
-      Virtual Size: '0x1b4'
-    .data:
-      Entropy: 2.9182958340544896
-      Virtual Size: '0xc'
-    INIT:
-      Entropy: 5.357690848786986
-      Virtual Size: '0x336'
-    .rsrc:
-      Entropy: 3.2489665842730933
-      Virtual Size: '0x370'
-    .reloc:
-      Entropy: 4.290630128843401
-      Virtual Size: '0xea'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2012-10-25 20:11:23'
-  Imphash: a1d29a3af6402793ec9d23883512938a
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: NTIOLib.sys
-  MD5: 6d97ee5b3300d0f7fa359f2712834c40
-  SHA1: 8dc2097a90eb7e9d6ee31a7c7a95e7a0b2093b89
-  SHA256: 952199c28332bc90cfd74530a77ee237967ed32b3c71322559c59f7a42187dc4
-  Authentihash:
-    MD5: 2f6cff8603866aad75277f79179ca16e
-    SHA1: 55df6777d508865628b433631b8faaaa38dc0908
-    SHA256: 2018ad5f3695295599f756caf556722291485cd67eb9c3f7ec701b206cca4e00
-  Description: NTIOLib
-  Company: MSI
-  InternalName: NTIOLib.sys
-  OriginalFilename: NTIOLib.sys
-  FileVersion: 1.0.0.0
-  Product: NTIOLib
-  ProductVersion: 1.0.0.0
-  Copyright: Copyright (C) 2008-2009 MSI. All rights reserved.
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - IoDeleteDevice
-  - IoCreateDevice
-  - KeBugCheckEx
-  - RtlInitUnicodeString
-  - IoCreateSymbolicLink
-  - IoDeleteSymbolicLink
-  - __C_specific_handler
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL CO.,
-        LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL CO.,
-        LTD.
-      ValidFrom: '2011-08-30 06:46:09'
-      ValidTo: '2014-08-30 06:46:09'
-      Signature: 87bf57ab7ffd7e005076b34b14ddd924045ec7e389871661794f1ece1bef10e050893b28236cb650af1415f8cd95e86c2052d93311d73e0bbe6fb1c22ddea438a93c8b18bd4b8c0f81ad07032efb46d406bbaa730dd3ac92cbf0d9cc711a397a0e0320b213a5161e6be83ec69967a712b463129ea56d5a8ecd3ff8901be09dfaa0a0f10e879b307863e1b1c3a3149ac73bc3f3160db7012229b57bced6d47b875878663642a8cddd03da1e7f236b8cf16713a5e0f4c892aaca77a8c7dab41d84567e2bbf09b336a2824e0e18d54d199e6e024d2630bb210cd24a9ef4b377be0429e2ecc9bf8478a8c6a78c686e26f29c95925baee85e4bbb97b6eecffe44a25e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
-      Version: 3
-      TBS:
-        MD5: 3a98a18e8636f2a01e49e2a6d116c360
-        SHA1: a2938150e46525adcec2e3a2348824bc1cf532b2
-        SHA256: 01a2e2d31d0a4f3005753cce5972b5da2a7c08b0750fb6947e0fd231e64ae7ec
-        SHA384: 722398e51e6b5bbe064df372be6b6a9ccfcc9719ad775213cae46920e0a3e6c5a4dc8b912de3148abfc60ff4a59050ea
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 41ddd08b440611823bc5d8cb732c563d
-    SHA1: 8acdfc9ac988c6250e2a031640f6e169b5fddb73
-    SHA256: 189683b4db2e68d2f0b3f91f1141907b3887f23991867a68a22389d40ad3634e
-  Sections:
-    .text:
-      Entropy: 5.964276717069934
-      Virtual Size: '0x7c4'
-    .rdata:
-      Entropy: 3.9594180584072785
-      Virtual Size: '0x180'
-    .data:
-      Entropy: 0.5096713223407059
-      Virtual Size: '0x114'
-    .pdata:
-      Entropy: 3.3677730066584752
-      Virtual Size: '0x78'
-    INIT:
-      Entropy: 5.046663153942613
-      Virtual Size: '0x242'
-    .rsrc:
-      Entropy: 3.2498244109800973
-      Virtual Size: '0x370'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2012-02-13 20:30:19'
-  Imphash: d6f977640d4810a784d152e4d3c63a6b
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: NTIOLib.sys
-  MD5: 2f1ebc14bd8a29b89896737ca4076002
-  SHA1: 6bfeac43be3ebd8d95a5eba963e18d97d76d2b05
-  SHA256: c2a4ddcc9c3b339d752c48925d62fc4cc5adbf6fae8fedef74cdd47e88da01f8
-  Authentihash:
-    MD5: 00f93b0c0de351b93a4c71c3595e968e
-    SHA1: 02a53e837651d224f3c91aaf37a3067e81d2f6ac
-    SHA256: ee15f36881b84a2da82fee37e8ad65e47f1224e64d1d6fe43f7a5ad2efe92f5d
-  Description: NTIOLib
-  Company: MSI
-  InternalName: NTIOLib.sys
-  OriginalFilename: NTIOLib.sys
-  FileVersion: 1.0.0.0
-  Product: NTIOLib
-  ProductVersion: 1.0.0.0
-  Copyright: Copyright (C) 2008-2009 MSI. All rights reserved.
-  MachineType: I386
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - WRITE_REGISTER_BUFFER_USHORT
-  - WRITE_REGISTER_BUFFER_ULONG
-  - IofCompleteRequest
-  - WRITE_REGISTER_BUFFER_UCHAR
-  - IoCreateDevice
-  - KeTickCount
-  - MmMapIoSpace
-  - READ_REGISTER_BUFFER_ULONG
-  - READ_REGISTER_BUFFER_USHORT
-  - READ_REGISTER_BUFFER_UCHAR
-  - MmUnmapIoSpace
-  - RtlInitUnicodeString
-  - IoDeleteSymbolicLink
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - RtlUnwind
-  - KeBugCheckEx
-  - HalGetBusDataByOffset
-  - WRITE_PORT_ULONG
-  - WRITE_PORT_USHORT
-  - WRITE_PORT_UCHAR
-  - READ_PORT_ULONG
-  - READ_PORT_USHORT
-  - READ_PORT_UCHAR
-  - HalSetBusDataByOffset
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G3
-      ValidFrom: '2012-05-01 00:00:00'
-      ValidTo: '2012-12-31 23:59:59'
-      Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
-      Version: 3
-      TBS:
-        MD5: e6d820afb23af20a65cf0b03247ea05e
-        SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
-        SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
-        SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL CO.,
-        LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL CO.,
-        LTD.
-      ValidFrom: '2011-08-30 06:46:09'
-      ValidTo: '2014-08-30 06:46:09'
-      Signature: 87bf57ab7ffd7e005076b34b14ddd924045ec7e389871661794f1ece1bef10e050893b28236cb650af1415f8cd95e86c2052d93311d73e0bbe6fb1c22ddea438a93c8b18bd4b8c0f81ad07032efb46d406bbaa730dd3ac92cbf0d9cc711a397a0e0320b213a5161e6be83ec69967a712b463129ea56d5a8ecd3ff8901be09dfaa0a0f10e879b307863e1b1c3a3149ac73bc3f3160db7012229b57bced6d47b875878663642a8cddd03da1e7f236b8cf16713a5e0f4c892aaca77a8c7dab41d84567e2bbf09b336a2824e0e18d54d199e6e024d2630bb210cd24a9ef4b377be0429e2ecc9bf8478a8c6a78c686e26f29c95925baee85e4bbb97b6eecffe44a25e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
-      Version: 3
-      TBS:
-        MD5: 3a98a18e8636f2a01e49e2a6d116c360
-        SHA1: a2938150e46525adcec2e3a2348824bc1cf532b2
-        SHA256: 01a2e2d31d0a4f3005753cce5972b5da2a7c08b0750fb6947e0fd231e64ae7ec
-        SHA384: 722398e51e6b5bbe064df372be6b6a9ccfcc9719ad775213cae46920e0a3e6c5a4dc8b912de3148abfc60ff4a59050ea
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  RichPEHeaderHash:
-    MD5: e6ca734874fb5874f377c8af68ef3ae0
-    SHA1: 3426c9554996928617d663cc5aa57ce393dfb7ef
-    SHA256: 4abfffb0bc6a9e8a872c47ef216e46e989134b311ce0c3105481d6f22f9e5090
-  Sections:
-    .text:
-      Entropy: 6.156987746306859
-      Virtual Size: '0xade'
-    .rdata:
-      Entropy: 3.7023944898597785
-      Virtual Size: '0x194'
-    .data:
-      Entropy: 2.9182958340544896
-      Virtual Size: '0xc'
-    INIT:
-      Entropy: 5.296180554570102
-      Virtual Size: '0x32a'
-    .rsrc:
-      Entropy: 3.2489665842730933
-      Virtual Size: '0x370'
-    .reloc:
-      Entropy: 4.284529245435381
-      Virtual Size: '0xea'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2012-10-25 01:57:06'
-  Imphash: a1d29a3af6402793ec9d23883512938a
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: NTIOLib.sys
-  MD5: 1c4acf27317a2b5eaedff3ce6094794d
-  SHA1: 4a7324ca485973d514fd087699f6d759ff32743b
-  SHA256: e3936d3356573ce2e472495cd3ce769f49a613e453b010433dafce5ea498ddc2
-  Authentihash:
-    MD5: fc7eef91aa6574643560ad954e800138
-    SHA1: cc9c3d9b69f4a4be1f2c3dc33ab7441f41e47a55
-    SHA256: 1f5e9fc579028d5cae916743528891aa39a4eecb3f573ea522eeb8da97f95953
-  Description: NTIOLib
-  Company: MSI
-  InternalName: NTIOLib.sys
-  OriginalFilename: NTIOLib.sys
-  FileVersion: 1.0.0.0
-  Product: NTIOLib
-  ProductVersion: 1.0.0.0
-  Copyright: Copyright (C) 2008-2009 MSI. All rights reserved.
-  MachineType: I386
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - WRITE_REGISTER_BUFFER_USHORT
-  - WRITE_REGISTER_BUFFER_ULONG
-  - IofCompleteRequest
-  - WRITE_REGISTER_BUFFER_UCHAR
-  - IoCreateDevice
-  - KeTickCount
-  - MmMapIoSpace
-  - READ_REGISTER_BUFFER_ULONG
-  - READ_REGISTER_BUFFER_USHORT
-  - READ_REGISTER_BUFFER_UCHAR
-  - MmUnmapIoSpace
-  - RtlInitUnicodeString
-  - IoDeleteSymbolicLink
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - RtlUnwind
-  - KeBugCheckEx
-  - HalGetBusDataByOffset
-  - WRITE_PORT_ULONG
-  - WRITE_PORT_USHORT
-  - WRITE_PORT_UCHAR
-  - READ_PORT_ULONG
-  - READ_PORT_USHORT
-  - READ_PORT_UCHAR
-  - HalSetBusDataByOffset
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL CO.,
-        LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL CO.,
-        LTD.
-      ValidFrom: '2011-08-30 06:46:09'
-      ValidTo: '2014-08-30 06:46:09'
-      Signature: 87bf57ab7ffd7e005076b34b14ddd924045ec7e389871661794f1ece1bef10e050893b28236cb650af1415f8cd95e86c2052d93311d73e0bbe6fb1c22ddea438a93c8b18bd4b8c0f81ad07032efb46d406bbaa730dd3ac92cbf0d9cc711a397a0e0320b213a5161e6be83ec69967a712b463129ea56d5a8ecd3ff8901be09dfaa0a0f10e879b307863e1b1c3a3149ac73bc3f3160db7012229b57bced6d47b875878663642a8cddd03da1e7f236b8cf16713a5e0f4c892aaca77a8c7dab41d84567e2bbf09b336a2824e0e18d54d199e6e024d2630bb210cd24a9ef4b377be0429e2ecc9bf8478a8c6a78c686e26f29c95925baee85e4bbb97b6eecffe44a25e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
-      Version: 3
-      TBS:
-        MD5: 3a98a18e8636f2a01e49e2a6d116c360
-        SHA1: a2938150e46525adcec2e3a2348824bc1cf532b2
-        SHA256: 01a2e2d31d0a4f3005753cce5972b5da2a7c08b0750fb6947e0fd231e64ae7ec
-        SHA384: 722398e51e6b5bbe064df372be6b6a9ccfcc9719ad775213cae46920e0a3e6c5a4dc8b912de3148abfc60ff4a59050ea
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  RichPEHeaderHash:
-    MD5: e6ca734874fb5874f377c8af68ef3ae0
-    SHA1: 3426c9554996928617d663cc5aa57ce393dfb7ef
-    SHA256: 4abfffb0bc6a9e8a872c47ef216e46e989134b311ce0c3105481d6f22f9e5090
-  Sections:
-    .text:
-      Entropy: 6.162452908056975
-      Virtual Size: '0xade'
-    .rdata:
-      Entropy: 4.156650182430353
-      Virtual Size: '0x1b4'
-    .data:
-      Entropy: 2.9182958340544896
-      Virtual Size: '0xc'
-    INIT:
-      Entropy: 5.296180554570102
-      Virtual Size: '0x32a'
-    .rsrc:
-      Entropy: 3.2489665842730933
-      Virtual Size: '0x370'
-    .reloc:
-      Entropy: 4.284529245435381
-      Virtual Size: '0xea'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2011-01-05 20:03:57'
-  Imphash: a1d29a3af6402793ec9d23883512938a
-  LoadsDespiteHVCI: 'FALSE'
-Tags:
-- NTIOLib.sys
+-   Filename: NTIOLib.sys
+    MD5: 4d99d02f49e027332a0a9c31c674e13b
+    SHA1: 39e57a0bb3b349c70ad5f11592f9282860bbcc0a
+    SHA256: 18776682fcc0c6863147143759a8d4050a4115a8ede0136e49a7cf885c8a4805
+    Authentihash:
+        MD5: eed041909fbbbe05f6cc68006d541b0d
+        SHA1: d3809c4439f7828a4a76aef68627eb1e6e703d43
+        SHA256: c84806a49da944c20a01e7dba7721e88859a5f65ec338ddb5da3a0d6895e7268
+    Description: NTIOLib
+    Company: MSI
+    InternalName: NTIOLib.sys
+    OriginalFilename: NTIOLib.sys
+    FileVersion: 1.0.0.0
+    Product: NTIOLib
+    ProductVersion: 1.0.0.0
+    Copyright: Copyright (C) 2008-2009 MSI. All rights reserved.
+    MachineType: I386
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - WRITE_REGISTER_BUFFER_USHORT
+    - WRITE_REGISTER_BUFFER_ULONG
+    - IofCompleteRequest
+    - WRITE_REGISTER_BUFFER_UCHAR
+    - IoCreateDevice
+    - KeTickCount
+    - MmMapIoSpace
+    - READ_REGISTER_BUFFER_ULONG
+    - READ_REGISTER_BUFFER_USHORT
+    - READ_REGISTER_BUFFER_UCHAR
+    - MmUnmapIoSpace
+    - RtlInitUnicodeString
+    - IoDeleteSymbolicLink
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - RtlUnwind
+    - KeBugCheckEx
+    - HalGetBusDataByOffset
+    - WRITE_PORT_ULONG
+    - WRITE_PORT_USHORT
+    - WRITE_PORT_UCHAR
+    - READ_PORT_ULONG
+    - READ_PORT_USHORT
+    - READ_PORT_UCHAR
+    - HalSetBusDataByOffset
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL
+                CO., LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL
+                CO., LTD.
+            ValidFrom: '2011-08-30 06:46:09'
+            ValidTo: '2014-08-30 06:46:09'
+            Signature: 87bf57ab7ffd7e005076b34b14ddd924045ec7e389871661794f1ece1bef10e050893b28236cb650af1415f8cd95e86c2052d93311d73e0bbe6fb1c22ddea438a93c8b18bd4b8c0f81ad07032efb46d406bbaa730dd3ac92cbf0d9cc711a397a0e0320b213a5161e6be83ec69967a712b463129ea56d5a8ecd3ff8901be09dfaa0a0f10e879b307863e1b1c3a3149ac73bc3f3160db7012229b57bced6d47b875878663642a8cddd03da1e7f236b8cf16713a5e0f4c892aaca77a8c7dab41d84567e2bbf09b336a2824e0e18d54d199e6e024d2630bb210cd24a9ef4b377be0429e2ecc9bf8478a8c6a78c686e26f29c95925baee85e4bbb97b6eecffe44a25e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
+            Version: 3
+            TBS:
+                MD5: 3a98a18e8636f2a01e49e2a6d116c360
+                SHA1: a2938150e46525adcec2e3a2348824bc1cf532b2
+                SHA256: 01a2e2d31d0a4f3005753cce5972b5da2a7c08b0750fb6947e0fd231e64ae7ec
+                SHA384: 722398e51e6b5bbe064df372be6b6a9ccfcc9719ad775213cae46920e0a3e6c5a4dc8b912de3148abfc60ff4a59050ea
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 32723c8062c08c35296c3e94f2b13cca
+        SHA1: ccb30ac21cfd87ec3d5f72a3e00fc7272f6bedd9
+        SHA256: 08f465c1cc08c882dc26c9b12af153532f5fc848ddb5dd7731009af08ece586c
+    Sections:
+        .text:
+            Entropy: 6.149675600679578
+            Virtual Size: '0xafa'
+        .rdata:
+            Entropy: 3.7506155543068602
+            Virtual Size: '0x184'
+        .data:
+            Entropy: 2.9182958340544896
+            Virtual Size: '0xc'
+        INIT:
+            Entropy: 5.357690848786986
+            Virtual Size: '0x336'
+        .rsrc:
+            Entropy: 3.2489665842730933
+            Virtual Size: '0x370'
+        .reloc:
+            Entropy: 4.2991771373904095
+            Virtual Size: '0xea'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2014-03-17 04:23:54'
+    Imphash: a1d29a3af6402793ec9d23883512938a
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: NTIOLib.sys
+    MD5: 2e5f016ff9378be41fe98fa62f99b12d
+    SHA1: 4518758452af35d593e0cae80d9841a86af6d3de
+    SHA256: 7893307df2fdde25371645a924f0333e1b2de31b6bc839d8e2a908d7830c6504
+    Authentihash:
+        MD5: dbca419735abe58370b336d8d3da5ad8
+        SHA1: 2986d3251738a29bd73f2938545cd3ffc8e2aadc
+        SHA256: c0fc1c1c1ff39ea9a695996482ab31cb65c74aaf9f20cba21e9ff34ef054a008
+    Description: NTIOLib
+    Company: MSI
+    InternalName: NTIOLib.sys
+    OriginalFilename: NTIOLib.sys
+    FileVersion: 1.0.0.0
+    Product: NTIOLib
+    ProductVersion: 1.0.0.0
+    Copyright: Copyright (C) 2008-2009 MSI. All rights reserved.
+    MachineType: I386
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - WRITE_REGISTER_BUFFER_USHORT
+    - WRITE_REGISTER_BUFFER_ULONG
+    - IofCompleteRequest
+    - WRITE_REGISTER_BUFFER_UCHAR
+    - IoCreateDevice
+    - KeTickCount
+    - MmMapIoSpace
+    - READ_REGISTER_BUFFER_ULONG
+    - READ_REGISTER_BUFFER_USHORT
+    - READ_REGISTER_BUFFER_UCHAR
+    - MmUnmapIoSpace
+    - RtlInitUnicodeString
+    - IoDeleteSymbolicLink
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - RtlUnwind
+    - KeBugCheckEx
+    - HalGetBusDataByOffset
+    - WRITE_PORT_ULONG
+    - WRITE_PORT_USHORT
+    - WRITE_PORT_UCHAR
+    - READ_PORT_ULONG
+    - READ_PORT_USHORT
+    - READ_PORT_UCHAR
+    - HalSetBusDataByOffset
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G3
+            ValidFrom: '2012-05-01 00:00:00'
+            ValidTo: '2012-12-31 23:59:59'
+            Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
+            Version: 3
+            TBS:
+                MD5: e6d820afb23af20a65cf0b03247ea05e
+                SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
+                SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
+                SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL
+                CO., LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL
+                CO., LTD.
+            ValidFrom: '2011-08-30 06:46:09'
+            ValidTo: '2014-08-30 06:46:09'
+            Signature: 87bf57ab7ffd7e005076b34b14ddd924045ec7e389871661794f1ece1bef10e050893b28236cb650af1415f8cd95e86c2052d93311d73e0bbe6fb1c22ddea438a93c8b18bd4b8c0f81ad07032efb46d406bbaa730dd3ac92cbf0d9cc711a397a0e0320b213a5161e6be83ec69967a712b463129ea56d5a8ecd3ff8901be09dfaa0a0f10e879b307863e1b1c3a3149ac73bc3f3160db7012229b57bced6d47b875878663642a8cddd03da1e7f236b8cf16713a5e0f4c892aaca77a8c7dab41d84567e2bbf09b336a2824e0e18d54d199e6e024d2630bb210cd24a9ef4b377be0429e2ecc9bf8478a8c6a78c686e26f29c95925baee85e4bbb97b6eecffe44a25e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
+            Version: 3
+            TBS:
+                MD5: 3a98a18e8636f2a01e49e2a6d116c360
+                SHA1: a2938150e46525adcec2e3a2348824bc1cf532b2
+                SHA256: 01a2e2d31d0a4f3005753cce5972b5da2a7c08b0750fb6947e0fd231e64ae7ec
+                SHA384: 722398e51e6b5bbe064df372be6b6a9ccfcc9719ad775213cae46920e0a3e6c5a4dc8b912de3148abfc60ff4a59050ea
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 32723c8062c08c35296c3e94f2b13cca
+        SHA1: ccb30ac21cfd87ec3d5f72a3e00fc7272f6bedd9
+        SHA256: 08f465c1cc08c882dc26c9b12af153532f5fc848ddb5dd7731009af08ece586c
+    Sections:
+        .text:
+            Entropy: 6.152429670255876
+            Virtual Size: '0xaf6'
+        .rdata:
+            Entropy: 4.122254945364257
+            Virtual Size: '0x1b4'
+        .data:
+            Entropy: 2.9182958340544896
+            Virtual Size: '0xc'
+        INIT:
+            Entropy: 5.357690848786986
+            Virtual Size: '0x336'
+        .rsrc:
+            Entropy: 3.2489665842730933
+            Virtual Size: '0x370'
+        .reloc:
+            Entropy: 4.290630128843401
+            Virtual Size: '0xea'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2012-10-25 20:11:23'
+    Imphash: a1d29a3af6402793ec9d23883512938a
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: NTIOLib.sys
+    MD5: 6d97ee5b3300d0f7fa359f2712834c40
+    SHA1: 8dc2097a90eb7e9d6ee31a7c7a95e7a0b2093b89
+    SHA256: 952199c28332bc90cfd74530a77ee237967ed32b3c71322559c59f7a42187dc4
+    Authentihash:
+        MD5: 2f6cff8603866aad75277f79179ca16e
+        SHA1: 55df6777d508865628b433631b8faaaa38dc0908
+        SHA256: 2018ad5f3695295599f756caf556722291485cd67eb9c3f7ec701b206cca4e00
+    Description: NTIOLib
+    Company: MSI
+    InternalName: NTIOLib.sys
+    OriginalFilename: NTIOLib.sys
+    FileVersion: 1.0.0.0
+    Product: NTIOLib
+    ProductVersion: 1.0.0.0
+    Copyright: Copyright (C) 2008-2009 MSI. All rights reserved.
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - IoDeleteDevice
+    - IoCreateDevice
+    - KeBugCheckEx
+    - RtlInitUnicodeString
+    - IoCreateSymbolicLink
+    - IoDeleteSymbolicLink
+    - __C_specific_handler
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL
+                CO., LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL
+                CO., LTD.
+            ValidFrom: '2011-08-30 06:46:09'
+            ValidTo: '2014-08-30 06:46:09'
+            Signature: 87bf57ab7ffd7e005076b34b14ddd924045ec7e389871661794f1ece1bef10e050893b28236cb650af1415f8cd95e86c2052d93311d73e0bbe6fb1c22ddea438a93c8b18bd4b8c0f81ad07032efb46d406bbaa730dd3ac92cbf0d9cc711a397a0e0320b213a5161e6be83ec69967a712b463129ea56d5a8ecd3ff8901be09dfaa0a0f10e879b307863e1b1c3a3149ac73bc3f3160db7012229b57bced6d47b875878663642a8cddd03da1e7f236b8cf16713a5e0f4c892aaca77a8c7dab41d84567e2bbf09b336a2824e0e18d54d199e6e024d2630bb210cd24a9ef4b377be0429e2ecc9bf8478a8c6a78c686e26f29c95925baee85e4bbb97b6eecffe44a25e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
+            Version: 3
+            TBS:
+                MD5: 3a98a18e8636f2a01e49e2a6d116c360
+                SHA1: a2938150e46525adcec2e3a2348824bc1cf532b2
+                SHA256: 01a2e2d31d0a4f3005753cce5972b5da2a7c08b0750fb6947e0fd231e64ae7ec
+                SHA384: 722398e51e6b5bbe064df372be6b6a9ccfcc9719ad775213cae46920e0a3e6c5a4dc8b912de3148abfc60ff4a59050ea
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 41ddd08b440611823bc5d8cb732c563d
+        SHA1: 8acdfc9ac988c6250e2a031640f6e169b5fddb73
+        SHA256: 189683b4db2e68d2f0b3f91f1141907b3887f23991867a68a22389d40ad3634e
+    Sections:
+        .text:
+            Entropy: 5.964276717069934
+            Virtual Size: '0x7c4'
+        .rdata:
+            Entropy: 3.9594180584072785
+            Virtual Size: '0x180'
+        .data:
+            Entropy: 0.5096713223407059
+            Virtual Size: '0x114'
+        .pdata:
+            Entropy: 3.3677730066584752
+            Virtual Size: '0x78'
+        INIT:
+            Entropy: 5.046663153942613
+            Virtual Size: '0x242'
+        .rsrc:
+            Entropy: 3.2498244109800973
+            Virtual Size: '0x370'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2012-02-13 20:30:19'
+    Imphash: d6f977640d4810a784d152e4d3c63a6b
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: NTIOLib.sys
+    MD5: 2f1ebc14bd8a29b89896737ca4076002
+    SHA1: 6bfeac43be3ebd8d95a5eba963e18d97d76d2b05
+    SHA256: c2a4ddcc9c3b339d752c48925d62fc4cc5adbf6fae8fedef74cdd47e88da01f8
+    Authentihash:
+        MD5: 00f93b0c0de351b93a4c71c3595e968e
+        SHA1: 02a53e837651d224f3c91aaf37a3067e81d2f6ac
+        SHA256: ee15f36881b84a2da82fee37e8ad65e47f1224e64d1d6fe43f7a5ad2efe92f5d
+    Description: NTIOLib
+    Company: MSI
+    InternalName: NTIOLib.sys
+    OriginalFilename: NTIOLib.sys
+    FileVersion: 1.0.0.0
+    Product: NTIOLib
+    ProductVersion: 1.0.0.0
+    Copyright: Copyright (C) 2008-2009 MSI. All rights reserved.
+    MachineType: I386
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - WRITE_REGISTER_BUFFER_USHORT
+    - WRITE_REGISTER_BUFFER_ULONG
+    - IofCompleteRequest
+    - WRITE_REGISTER_BUFFER_UCHAR
+    - IoCreateDevice
+    - KeTickCount
+    - MmMapIoSpace
+    - READ_REGISTER_BUFFER_ULONG
+    - READ_REGISTER_BUFFER_USHORT
+    - READ_REGISTER_BUFFER_UCHAR
+    - MmUnmapIoSpace
+    - RtlInitUnicodeString
+    - IoDeleteSymbolicLink
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - RtlUnwind
+    - KeBugCheckEx
+    - HalGetBusDataByOffset
+    - WRITE_PORT_ULONG
+    - WRITE_PORT_USHORT
+    - WRITE_PORT_UCHAR
+    - READ_PORT_ULONG
+    - READ_PORT_USHORT
+    - READ_PORT_UCHAR
+    - HalSetBusDataByOffset
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G3
+            ValidFrom: '2012-05-01 00:00:00'
+            ValidTo: '2012-12-31 23:59:59'
+            Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
+            Version: 3
+            TBS:
+                MD5: e6d820afb23af20a65cf0b03247ea05e
+                SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
+                SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
+                SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL
+                CO., LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL
+                CO., LTD.
+            ValidFrom: '2011-08-30 06:46:09'
+            ValidTo: '2014-08-30 06:46:09'
+            Signature: 87bf57ab7ffd7e005076b34b14ddd924045ec7e389871661794f1ece1bef10e050893b28236cb650af1415f8cd95e86c2052d93311d73e0bbe6fb1c22ddea438a93c8b18bd4b8c0f81ad07032efb46d406bbaa730dd3ac92cbf0d9cc711a397a0e0320b213a5161e6be83ec69967a712b463129ea56d5a8ecd3ff8901be09dfaa0a0f10e879b307863e1b1c3a3149ac73bc3f3160db7012229b57bced6d47b875878663642a8cddd03da1e7f236b8cf16713a5e0f4c892aaca77a8c7dab41d84567e2bbf09b336a2824e0e18d54d199e6e024d2630bb210cd24a9ef4b377be0429e2ecc9bf8478a8c6a78c686e26f29c95925baee85e4bbb97b6eecffe44a25e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
+            Version: 3
+            TBS:
+                MD5: 3a98a18e8636f2a01e49e2a6d116c360
+                SHA1: a2938150e46525adcec2e3a2348824bc1cf532b2
+                SHA256: 01a2e2d31d0a4f3005753cce5972b5da2a7c08b0750fb6947e0fd231e64ae7ec
+                SHA384: 722398e51e6b5bbe064df372be6b6a9ccfcc9719ad775213cae46920e0a3e6c5a4dc8b912de3148abfc60ff4a59050ea
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    RichPEHeaderHash:
+        MD5: e6ca734874fb5874f377c8af68ef3ae0
+        SHA1: 3426c9554996928617d663cc5aa57ce393dfb7ef
+        SHA256: 4abfffb0bc6a9e8a872c47ef216e46e989134b311ce0c3105481d6f22f9e5090
+    Sections:
+        .text:
+            Entropy: 6.156987746306859
+            Virtual Size: '0xade'
+        .rdata:
+            Entropy: 3.7023944898597785
+            Virtual Size: '0x194'
+        .data:
+            Entropy: 2.9182958340544896
+            Virtual Size: '0xc'
+        INIT:
+            Entropy: 5.296180554570102
+            Virtual Size: '0x32a'
+        .rsrc:
+            Entropy: 3.2489665842730933
+            Virtual Size: '0x370'
+        .reloc:
+            Entropy: 4.284529245435381
+            Virtual Size: '0xea'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2012-10-25 01:57:06'
+    Imphash: a1d29a3af6402793ec9d23883512938a
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: NTIOLib.sys
+    MD5: 1c4acf27317a2b5eaedff3ce6094794d
+    SHA1: 4a7324ca485973d514fd087699f6d759ff32743b
+    SHA256: e3936d3356573ce2e472495cd3ce769f49a613e453b010433dafce5ea498ddc2
+    Authentihash:
+        MD5: fc7eef91aa6574643560ad954e800138
+        SHA1: cc9c3d9b69f4a4be1f2c3dc33ab7441f41e47a55
+        SHA256: 1f5e9fc579028d5cae916743528891aa39a4eecb3f573ea522eeb8da97f95953
+    Description: NTIOLib
+    Company: MSI
+    InternalName: NTIOLib.sys
+    OriginalFilename: NTIOLib.sys
+    FileVersion: 1.0.0.0
+    Product: NTIOLib
+    ProductVersion: 1.0.0.0
+    Copyright: Copyright (C) 2008-2009 MSI. All rights reserved.
+    MachineType: I386
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - WRITE_REGISTER_BUFFER_USHORT
+    - WRITE_REGISTER_BUFFER_ULONG
+    - IofCompleteRequest
+    - WRITE_REGISTER_BUFFER_UCHAR
+    - IoCreateDevice
+    - KeTickCount
+    - MmMapIoSpace
+    - READ_REGISTER_BUFFER_ULONG
+    - READ_REGISTER_BUFFER_USHORT
+    - READ_REGISTER_BUFFER_UCHAR
+    - MmUnmapIoSpace
+    - RtlInitUnicodeString
+    - IoDeleteSymbolicLink
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - RtlUnwind
+    - KeBugCheckEx
+    - HalGetBusDataByOffset
+    - WRITE_PORT_ULONG
+    - WRITE_PORT_USHORT
+    - WRITE_PORT_UCHAR
+    - READ_PORT_ULONG
+    - READ_PORT_USHORT
+    - READ_PORT_UCHAR
+    - HalSetBusDataByOffset
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL
+                CO., LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL
+                CO., LTD.
+            ValidFrom: '2011-08-30 06:46:09'
+            ValidTo: '2014-08-30 06:46:09'
+            Signature: 87bf57ab7ffd7e005076b34b14ddd924045ec7e389871661794f1ece1bef10e050893b28236cb650af1415f8cd95e86c2052d93311d73e0bbe6fb1c22ddea438a93c8b18bd4b8c0f81ad07032efb46d406bbaa730dd3ac92cbf0d9cc711a397a0e0320b213a5161e6be83ec69967a712b463129ea56d5a8ecd3ff8901be09dfaa0a0f10e879b307863e1b1c3a3149ac73bc3f3160db7012229b57bced6d47b875878663642a8cddd03da1e7f236b8cf16713a5e0f4c892aaca77a8c7dab41d84567e2bbf09b336a2824e0e18d54d199e6e024d2630bb210cd24a9ef4b377be0429e2ecc9bf8478a8c6a78c686e26f29c95925baee85e4bbb97b6eecffe44a25e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
+            Version: 3
+            TBS:
+                MD5: 3a98a18e8636f2a01e49e2a6d116c360
+                SHA1: a2938150e46525adcec2e3a2348824bc1cf532b2
+                SHA256: 01a2e2d31d0a4f3005753cce5972b5da2a7c08b0750fb6947e0fd231e64ae7ec
+                SHA384: 722398e51e6b5bbe064df372be6b6a9ccfcc9719ad775213cae46920e0a3e6c5a4dc8b912de3148abfc60ff4a59050ea
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    RichPEHeaderHash:
+        MD5: e6ca734874fb5874f377c8af68ef3ae0
+        SHA1: 3426c9554996928617d663cc5aa57ce393dfb7ef
+        SHA256: 4abfffb0bc6a9e8a872c47ef216e46e989134b311ce0c3105481d6f22f9e5090
+    Sections:
+        .text:
+            Entropy: 6.162452908056975
+            Virtual Size: '0xade'
+        .rdata:
+            Entropy: 4.156650182430353
+            Virtual Size: '0x1b4'
+        .data:
+            Entropy: 2.9182958340544896
+            Virtual Size: '0xc'
+        INIT:
+            Entropy: 5.296180554570102
+            Virtual Size: '0x32a'
+        .rsrc:
+            Entropy: 3.2489665842730933
+            Virtual Size: '0x370'
+        .reloc:
+            Entropy: 4.284529245435381
+            Virtual Size: '0xea'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2011-01-05 20:03:57'
+    Imphash: a1d29a3af6402793ec9d23883512938a
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/809e7c77-f0fa-46fb-862c-71969ae0c032.yaml b/yaml/809e7c77-f0fa-46fb-862c-71969ae0c032.yaml
index 9a6aff8a1..a9c905aa7 100644
--- a/yaml/809e7c77-f0fa-46fb-862c-71969ae0c032.yaml
+++ b/yaml/809e7c77-f0fa-46fb-862c-71969ae0c032.yaml
@@ -1,216 +1,217 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 809e7c77-f0fa-46fb-862c-71969ae0c032
+Tags:
+- ktmutil7ODM.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: malicious
-Commands:
-  Command: sc.exe create ktmutil7ODM.sys binPath=C:\windows\temp\ktmutil7ODM.sys type=kernel
-    && sc.exe start ktmutil7ODM.sys
-  Description: "Cisco Talos has identified multiple versions of an undocumented malicious\
-    \ driver named \u201CRedDriver,\u201D a driver-based browser hijacker that uses\
-    \ the Windows Filtering Platform (WFP) to intercept browser traffic. RedDriver\
-    \ has been active since at least 2021.\nRedDriver utilizes HookSignTool to forge\
-    \ its signature timestamp to bypass Windows driver-signing policies.\nCode from\
-    \ multiple open-source tools has been used in the development of RedDriver's infection\
-    \ chain, including HP-Socket and a custom implementation of ReflectiveLoader.\n\
-    The authors of RedDriver appear to be skilled in driver development and have deep\
-    \ knowledge of the Windows operating system.\nThis threat appears to target native\
-    \ Chinese speakers, as it searches for Chinese language browsers to hijack. Additionally,\
-    \ the authors are likely Chinese speakers themselves."
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-07-12'
-Detection: []
-Id: 809e7c77-f0fa-46fb-862c-71969ae0c032
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 66027547e4679835323129a1aa2427eb
-    SHA1: cccd3eca8716d9a3b111ca0cf89d384fbd852b39
-    SHA256: 625fce937dd4fed61bc3a0475e10b6f05d9061c99b5335bf3f33dc43511300b3
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2023-04-25 19:02:54'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - FwpsReleaseClassifyHandle0
-  - FwpsAcquireClassifyHandle0
-  - FwpsApplyModifiedLayerData0
-  - FwpsAcquireWritableLayerDataPointer0
-  - FwpsCalloutRegister1
-  - RtlCompareMemory
-  - ExAllocatePool
-  - ExFreePoolWithTag
-  - CmRegisterCallback
-  - PsCreateSystemThread
-  - ZwClose
-  - MmIsAddressValid
-  - PsSetCreateProcessNotifyRoutine
-  - PsSetCreateThreadNotifyRoutine
-  - PsSetLoadImageNotifyRoutine
-  - __C_specific_handler
-  - RtlInitUnicodeString
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - ObfDereferenceObject
-  - PsGetCurrentProcessId
-  - ZwOpenProcess
-  - PsLookupProcessByProcessId
-  - ZwWaitForSingleObject
-  - PsReferenceProcessFilePointer
-  - RtlCompareUnicodeStrings
-  - KeEnterCriticalRegion
-  - KeLeaveCriticalRegion
-  - KeWaitForSingleObject
-  - ExQueryDepthSList
-  - ExpInterlockedPopEntrySList
-  - ExpInterlockedPushEntrySList
-  - ExInitializeNPagedLookasideList
-  - ExInitializeResourceLite
-  - ExAcquireResourceSharedLite
-  - ExAcquireResourceExclusiveLite
-  - ExReleaseResourceLite
-  - PsTerminateSystemThread
-  - ObReferenceObjectByHandle
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - PsGetProcessWow64Process
-  - PsGetProcessImageFileName
-  - ZwCreateFile
-  - ZwQueryInformationFile
-  - ZwReadFile
-  - ExAllocatePoolWithTag
-  - MmGetSystemRoutineAddress
-  - KeAcquireInStackQueuedSpinLock
-  - KeReleaseInStackQueuedSpinLock
-  - RtlIpv4AddressToStringA
-  - IoGetCurrentProcess
-  - PsGetProcessId
-  - PsProcessType
-  - PsGetProcessPeb
-  - RtlInitAnsiString
-  - RtlAnsiStringToUnicodeString
-  - RtlFreeUnicodeString
-  - _vsnprintf
-  - _vsnwprintf
-  - RtlGetVersion
-  - KeInitializeEvent
-  - KeQueryTimeIncrement
-  - RtlRandomEx
-  - ZwSetInformationFile
-  - ZwWriteFile
-  - IoFileObjectType
-  - ZwTerminateProcess
-  - RtlCopyUnicodeString
-  - KeBugCheckEx
-  - _wcslwr
-  - wcsstr
-  - ExSystemTimeToLocalTime
-  - RtlTimeToTimeFields
-  - WdfVersionBind
-  - WdfVersionBindClass
-  - WdfVersionUnbindClass
-  - WdfVersionUnbind
-  Imports:
-  - fwpkclnt.sys
-  - ntoskrnl.exe
-  - WDFLDR.SYS
-  InternalName: ''
-  MD5: 0b9b78d1281c7d4ab50497cf6ea7452a
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: ceb1860de56dcebdf714302cb649ff71
-    SHA1: a03c600569d3c813667c3520788e423f1c5eed0f
-    SHA256: 39e0e1bb3f0a24fd42b1e55d492f5b87a926d6689b172c3475e1898f737be750
-  SHA1: c3ca396b5af2064c6f7d05fa0fb697e68d0b9631
-  SHA256: 751e9376cb7cb9de63e1808d43579d787d3f6d659173038fe44a2d7fdb4fd17e
-  Sections:
-    .text:
-      Entropy: 6.259941019226518
-      Virtual Size: '0x6bb4'
-    .rdata:
-      Entropy: 4.496937704423252
-      Virtual Size: '0xd38'
-    .data:
-      Entropy: 5.434886649336555
-      Virtual Size: '0x2f28'
-    .pdata:
-      Entropy: 4.420943866714438
-      Virtual Size: '0x57c'
-    .gfids:
-      Entropy: 0.8112781244591328
-      Virtual Size: '0x4'
-    INIT:
-      Entropy: 5.1734289362463395
-      Virtual Size: '0xad4'
-    .reloc:
-      Entropy: 3.084183719779188
-      Virtual Size: '0x28'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=thawte, Inc., CN=thawte SHA256 Code Signing CA
-      ValidFrom: '2013-12-10 00:00:00'
-      ValidTo: '2023-12-09 23:59:59'
-      Signature: 243bf5d7a03613c743fef0098768d198316e12e43f1e1f967b6b4c1e879e8bc56ca3b10c7b5092d5819cb18f2c29b7eef99105b98e41f12cf6d0592d98e0b9ea8001474095b83d9d03bd79bb35b6ad9c4c27f6674510c9c5bc874e557bd287bbdddc30efc6d46ccc99356d1ce060d3cd688f29594b89960846c98efc754fc5dc09cc4e278b44cd07bcac04e0b533a5879ff4dd730c91ea12816fe375f01eb5936c4417d53e97c9bd072c56771f85dd46e8bfde2c8194a3f7e5b7a7c1379f75ca55774d5e3629ca85d84541725775c0795bfa3410066d642042b73ac81f1d4664025fc647bef0c43a2854daf61e4f9aa21943a46f49f8fc5e422028848b47206e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 71a0b73695ddb1afc23b2b9a18ee54cb
-      Version: 3
-      TBS:
-        MD5: 8314595952398203ab24badbbc927d39
-        SHA1: b07dcf73133408eee2786a208ce4b2543bf6c583
-        SHA256: c734685d985b8ea13db4fc1a6dcd26aa0dde78b4c3b651ea5d58e32e081b2a41
-        SHA384: 874ded773c743b4e18744d7978b41cfe2e55529c61d45a0e34b3950aaad56b6c7a3780880133bcd1df3b1f86d468d46d
-    - Subject: C=CN, L=, O=, OU=, CN=
-      ValidFrom: '2018-08-15 00:00:00'
-      ValidTo: '2019-08-15 23:59:59'
-      Signature: 3ebdf2009f802c1033d2a14df88ed84c6282db1e8d19d6324b21ffb8e69fbc0752d101bd22ab4fae6c8c45bb82b7ba0d9a7213d7a29a2f587bdf68c7ae3ab6f9ed7cc23e27d6f44a0a5311124381f6f9bdeec2e19c59fc7362d5d59f09951b8ffa03215e5679ae4bcffe45b7059426a96c2897107c07b2b3e6cbcbee46527908db76f7a1bf2af19c986eba31504c9c5c3cb34e81ba2a1eb55965a2d192820cac79f640a3e9672bb507dc3a561de5d94f9a0105a355f42bea235ea5349d7d2b104a71c56640e0170433fe1ef075d9f865f17be8989b590765917215c0f7b709e9820f7106dff8cec57d59ee2777cec96f8b1de8e3a93bc7e7b757d87c9888b9a2
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 0dbdf488aeaa9795e332a1ca2747af0d
-      Version: 3
-      TBS:
-        MD5: 5037c865c427f7d514ac954ef7e66ccf
-        SHA1: cfcc3ebb5c9003e88373beb66781dbdf9e1904d2
-        SHA256: cd684ad96d510b669c0767e4b845fb7a04fba27c1f3a0935b09a988d94938f6e
-        SHA384: 30bf56d04a2a54ae834ea9b111da02fe53c0c13ddd66f815aed8100bb887c6d5b299e518ba1f4abc0f2c3bb02029141b
-    - Subject: C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006
-        thawte, Inc. , For authorized use only, CN=thawte Primary Root CA
-      ValidFrom: '2011-02-22 19:31:57'
-      ValidTo: '2021-02-22 19:41:57'
-      Signature: 2dcc71b5e8ba94ff5ee64467007b6afc412c3ee70e41855ab12a932ba95b89f2f72b499c8003f297b8e760a80ed7fd5de545467594f4ed1c9de166228b61fb29f2c6a8bdf387c98f7f47e1c058b64a1aa2e7f718606969e083069e26c775c40c0d79da746b52b9fae8ea3359b9bb18dd291a14dfd36a37277a9da0dacffffc22c4faf009ff33e93e17ba1cc742cfce2743d30c0c5581303db96060ce02ece19ee81ddc852ce0a18d966d95ac17a4713ea16741b6281d2ce3b615e5b7e5a2f6256d86e320acf9f8314f8e629b9833376d6af735523e90feb03b5fc5b852a9e06ea0479a279e97aea24a9e531939ec357ec659de3ae0aaf533f06abda0821812dea18c4570ca2bd62e959145995a5c240049bd23b30ceca43df5b9e1d1b1825a38eea3fba1ab483a8c5dffa065223fd3d3fe4990db1446a3852e8a554b09ab38b2ab63a008d1fdad48e273d812bcc26ca516fad09ac05e38383a2b718e553aac42197a1f0d4220e7ab5d8c6880524ca1c0d488d02321fb901309007b4937afa9df486022abf4f6c2363bf8513c34bbc586e43ae19f4b90fe5461024b159c34176aa94b8d4cb69d2326c83af1d6b805cdda1d6240183a2f1b41cd3a993a0aa9d1d77eb8c4aff7b8c980105ed55df6ce7a9a02c50f6381efb564e9fc5bd8d2619a68c37cf9c78df91e87d5fa2cf816ae9dab068fc86dc741cda14e84e3dac26ebcfb
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611fb0a400000000001d
-      Version: 3
-      TBS:
-        MD5: a3f222107d4e1085e73b5b589c2f480b
-        SHA1: b94aa26cd77c48d91a53ac44506cbd255e1d362c
-        SHA256: a39ed0d6fd4eb1a6f7fed60f726e23eae668b7591bc004644625d22c701213fa
-        SHA384: 64b7643e4146016cbf83c911eb67e4601b6bb8d66f8ee8dcee67b815f91770d86ab23678b984430f22a963e5484881b7
-    Signer:
-    - SerialNumber: 0dbdf488aeaa9795e332a1ca2747af0d
-      Issuer: C=US, O=thawte, Inc., CN=thawte SHA256 Code Signing CA
-      Version: 1
-  Imphash: d51f0f6034eb5e45f0ed4e9b7bbc9c97
-  LoadsDespiteHVCI: 'TRUE'
 MitreID: T1068
+Category: malicious
+Commands:
+    Command: sc.exe create ktmutil7ODM.sys binPath=C:\windows\temp\ktmutil7ODM.sys
+        type=kernel && sc.exe start ktmutil7ODM.sys
+    Description: "Cisco Talos has identified multiple versions of an undocumented\
+        \ malicious driver named \u201CRedDriver,\u201D a driver-based browser hijacker\
+        \ that uses the Windows Filtering Platform (WFP) to intercept browser traffic.\
+        \ RedDriver has been active since at least 2021.\nRedDriver utilizes HookSignTool\
+        \ to forge its signature timestamp to bypass Windows driver-signing policies.\n\
+        Code from multiple open-source tools has been used in the development of RedDriver's\
+        \ infection chain, including HP-Socket and a custom implementation of ReflectiveLoader.\n\
+        The authors of RedDriver appear to be skilled in driver development and have\
+        \ deep knowledge of the Windows operating system.\nThis threat appears to\
+        \ target native Chinese speakers, as it searches for Chinese language browsers\
+        \ to hijack. Additionally, the authors are likely Chinese speakers themselves."
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://blog.talosintelligence.com/undocumented-reddriver/
-Tags:
-- ktmutil7ODM.sys
-Verified: 'TRUE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 66027547e4679835323129a1aa2427eb
+        SHA1: cccd3eca8716d9a3b111ca0cf89d384fbd852b39
+        SHA256: 625fce937dd4fed61bc3a0475e10b6f05d9061c99b5335bf3f33dc43511300b3
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2023-04-25 19:02:54'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - FwpsReleaseClassifyHandle0
+    - FwpsAcquireClassifyHandle0
+    - FwpsApplyModifiedLayerData0
+    - FwpsAcquireWritableLayerDataPointer0
+    - FwpsCalloutRegister1
+    - RtlCompareMemory
+    - ExAllocatePool
+    - ExFreePoolWithTag
+    - CmRegisterCallback
+    - PsCreateSystemThread
+    - ZwClose
+    - MmIsAddressValid
+    - PsSetCreateProcessNotifyRoutine
+    - PsSetCreateThreadNotifyRoutine
+    - PsSetLoadImageNotifyRoutine
+    - __C_specific_handler
+    - RtlInitUnicodeString
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - ObfDereferenceObject
+    - PsGetCurrentProcessId
+    - ZwOpenProcess
+    - PsLookupProcessByProcessId
+    - ZwWaitForSingleObject
+    - PsReferenceProcessFilePointer
+    - RtlCompareUnicodeStrings
+    - KeEnterCriticalRegion
+    - KeLeaveCriticalRegion
+    - KeWaitForSingleObject
+    - ExQueryDepthSList
+    - ExpInterlockedPopEntrySList
+    - ExpInterlockedPushEntrySList
+    - ExInitializeNPagedLookasideList
+    - ExInitializeResourceLite
+    - ExAcquireResourceSharedLite
+    - ExAcquireResourceExclusiveLite
+    - ExReleaseResourceLite
+    - PsTerminateSystemThread
+    - ObReferenceObjectByHandle
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - PsGetProcessWow64Process
+    - PsGetProcessImageFileName
+    - ZwCreateFile
+    - ZwQueryInformationFile
+    - ZwReadFile
+    - ExAllocatePoolWithTag
+    - MmGetSystemRoutineAddress
+    - KeAcquireInStackQueuedSpinLock
+    - KeReleaseInStackQueuedSpinLock
+    - RtlIpv4AddressToStringA
+    - IoGetCurrentProcess
+    - PsGetProcessId
+    - PsProcessType
+    - PsGetProcessPeb
+    - RtlInitAnsiString
+    - RtlAnsiStringToUnicodeString
+    - RtlFreeUnicodeString
+    - _vsnprintf
+    - _vsnwprintf
+    - RtlGetVersion
+    - KeInitializeEvent
+    - KeQueryTimeIncrement
+    - RtlRandomEx
+    - ZwSetInformationFile
+    - ZwWriteFile
+    - IoFileObjectType
+    - ZwTerminateProcess
+    - RtlCopyUnicodeString
+    - KeBugCheckEx
+    - _wcslwr
+    - wcsstr
+    - ExSystemTimeToLocalTime
+    - RtlTimeToTimeFields
+    - WdfVersionBind
+    - WdfVersionBindClass
+    - WdfVersionUnbindClass
+    - WdfVersionUnbind
+    Imports:
+    - fwpkclnt.sys
+    - ntoskrnl.exe
+    - WDFLDR.SYS
+    InternalName: ''
+    MD5: 0b9b78d1281c7d4ab50497cf6ea7452a
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: ceb1860de56dcebdf714302cb649ff71
+        SHA1: a03c600569d3c813667c3520788e423f1c5eed0f
+        SHA256: 39e0e1bb3f0a24fd42b1e55d492f5b87a926d6689b172c3475e1898f737be750
+    SHA1: c3ca396b5af2064c6f7d05fa0fb697e68d0b9631
+    SHA256: 751e9376cb7cb9de63e1808d43579d787d3f6d659173038fe44a2d7fdb4fd17e
+    Sections:
+        .text:
+            Entropy: 6.259941019226518
+            Virtual Size: '0x6bb4'
+        .rdata:
+            Entropy: 4.496937704423252
+            Virtual Size: '0xd38'
+        .data:
+            Entropy: 5.434886649336555
+            Virtual Size: '0x2f28'
+        .pdata:
+            Entropy: 4.420943866714438
+            Virtual Size: '0x57c'
+        .gfids:
+            Entropy: 0.8112781244591328
+            Virtual Size: '0x4'
+        INIT:
+            Entropy: 5.1734289362463395
+            Virtual Size: '0xad4'
+        .reloc:
+            Entropy: 3.084183719779188
+            Virtual Size: '0x28'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=thawte, Inc., CN=thawte SHA256 Code Signing CA
+            ValidFrom: '2013-12-10 00:00:00'
+            ValidTo: '2023-12-09 23:59:59'
+            Signature: 243bf5d7a03613c743fef0098768d198316e12e43f1e1f967b6b4c1e879e8bc56ca3b10c7b5092d5819cb18f2c29b7eef99105b98e41f12cf6d0592d98e0b9ea8001474095b83d9d03bd79bb35b6ad9c4c27f6674510c9c5bc874e557bd287bbdddc30efc6d46ccc99356d1ce060d3cd688f29594b89960846c98efc754fc5dc09cc4e278b44cd07bcac04e0b533a5879ff4dd730c91ea12816fe375f01eb5936c4417d53e97c9bd072c56771f85dd46e8bfde2c8194a3f7e5b7a7c1379f75ca55774d5e3629ca85d84541725775c0795bfa3410066d642042b73ac81f1d4664025fc647bef0c43a2854daf61e4f9aa21943a46f49f8fc5e422028848b47206e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 71a0b73695ddb1afc23b2b9a18ee54cb
+            Version: 3
+            TBS:
+                MD5: 8314595952398203ab24badbbc927d39
+                SHA1: b07dcf73133408eee2786a208ce4b2543bf6c583
+                SHA256: c734685d985b8ea13db4fc1a6dcd26aa0dde78b4c3b651ea5d58e32e081b2a41
+                SHA384: 874ded773c743b4e18744d7978b41cfe2e55529c61d45a0e34b3950aaad56b6c7a3780880133bcd1df3b1f86d468d46d
+        -   Subject: C=CN, L=, O=, OU=, CN=
+            ValidFrom: '2018-08-15 00:00:00'
+            ValidTo: '2019-08-15 23:59:59'
+            Signature: 3ebdf2009f802c1033d2a14df88ed84c6282db1e8d19d6324b21ffb8e69fbc0752d101bd22ab4fae6c8c45bb82b7ba0d9a7213d7a29a2f587bdf68c7ae3ab6f9ed7cc23e27d6f44a0a5311124381f6f9bdeec2e19c59fc7362d5d59f09951b8ffa03215e5679ae4bcffe45b7059426a96c2897107c07b2b3e6cbcbee46527908db76f7a1bf2af19c986eba31504c9c5c3cb34e81ba2a1eb55965a2d192820cac79f640a3e9672bb507dc3a561de5d94f9a0105a355f42bea235ea5349d7d2b104a71c56640e0170433fe1ef075d9f865f17be8989b590765917215c0f7b709e9820f7106dff8cec57d59ee2777cec96f8b1de8e3a93bc7e7b757d87c9888b9a2
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 0dbdf488aeaa9795e332a1ca2747af0d
+            Version: 3
+            TBS:
+                MD5: 5037c865c427f7d514ac954ef7e66ccf
+                SHA1: cfcc3ebb5c9003e88373beb66781dbdf9e1904d2
+                SHA256: cd684ad96d510b669c0767e4b845fb7a04fba27c1f3a0935b09a988d94938f6e
+                SHA384: 30bf56d04a2a54ae834ea9b111da02fe53c0c13ddd66f815aed8100bb887c6d5b299e518ba1f4abc0f2c3bb02029141b
+        -   Subject: C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c)
+                2006 thawte, Inc. , For authorized use only, CN=thawte Primary Root
+                CA
+            ValidFrom: '2011-02-22 19:31:57'
+            ValidTo: '2021-02-22 19:41:57'
+            Signature: 2dcc71b5e8ba94ff5ee64467007b6afc412c3ee70e41855ab12a932ba95b89f2f72b499c8003f297b8e760a80ed7fd5de545467594f4ed1c9de166228b61fb29f2c6a8bdf387c98f7f47e1c058b64a1aa2e7f718606969e083069e26c775c40c0d79da746b52b9fae8ea3359b9bb18dd291a14dfd36a37277a9da0dacffffc22c4faf009ff33e93e17ba1cc742cfce2743d30c0c5581303db96060ce02ece19ee81ddc852ce0a18d966d95ac17a4713ea16741b6281d2ce3b615e5b7e5a2f6256d86e320acf9f8314f8e629b9833376d6af735523e90feb03b5fc5b852a9e06ea0479a279e97aea24a9e531939ec357ec659de3ae0aaf533f06abda0821812dea18c4570ca2bd62e959145995a5c240049bd23b30ceca43df5b9e1d1b1825a38eea3fba1ab483a8c5dffa065223fd3d3fe4990db1446a3852e8a554b09ab38b2ab63a008d1fdad48e273d812bcc26ca516fad09ac05e38383a2b718e553aac42197a1f0d4220e7ab5d8c6880524ca1c0d488d02321fb901309007b4937afa9df486022abf4f6c2363bf8513c34bbc586e43ae19f4b90fe5461024b159c34176aa94b8d4cb69d2326c83af1d6b805cdda1d6240183a2f1b41cd3a993a0aa9d1d77eb8c4aff7b8c980105ed55df6ce7a9a02c50f6381efb564e9fc5bd8d2619a68c37cf9c78df91e87d5fa2cf816ae9dab068fc86dc741cda14e84e3dac26ebcfb
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611fb0a400000000001d
+            Version: 3
+            TBS:
+                MD5: a3f222107d4e1085e73b5b589c2f480b
+                SHA1: b94aa26cd77c48d91a53ac44506cbd255e1d362c
+                SHA256: a39ed0d6fd4eb1a6f7fed60f726e23eae668b7591bc004644625d22c701213fa
+                SHA384: 64b7643e4146016cbf83c911eb67e4601b6bb8d66f8ee8dcee67b815f91770d86ab23678b984430f22a963e5484881b7
+        Signer:
+        -   SerialNumber: 0dbdf488aeaa9795e332a1ca2747af0d
+            Issuer: C=US, O=thawte, Inc., CN=thawte SHA256 Code Signing CA
+            Version: 1
+    Imphash: d51f0f6034eb5e45f0ed4e9b7bbc9c97
+    LoadsDespiteHVCI: 'TRUE'
diff --git a/yaml/8198f5af-4b40-4800-a22a-4a7cf957ef37.yaml b/yaml/8198f5af-4b40-4800-a22a-4a7cf957ef37.yaml
index 0d73cfa63..f273d6e30 100644
--- a/yaml/8198f5af-4b40-4800-a22a-4a7cf957ef37.yaml
+++ b/yaml/8198f5af-4b40-4800-a22a-4a7cf957ef37.yaml
@@ -1,130 +1,130 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 8198f5af-4b40-4800-a22a-4a7cf957ef37
+Tags:
+- MSqPq.sys
+Verified: 'TRUE'
 Author: Guus Verbeek
-Category: malicious
-Commands:
-  Command: sc.exe create MSqPq.sys binPath=C:\windows\temp\MSqPq.sys type=kernel &&
-    sc.exe start MSqPq.sys
-  Description: BlackCat Ransomware Deploys New Signed Kernel Driver. BlackCat ransomware
-    incident that occurred in February 2023.
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-06-05'
-Detection: []
-Id: 8198f5af-4b40-4800-a22a-4a7cf957ef37
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: e66ea646261c73baee310361524fbb7c
-    SHA1: 12d1ff0396dc1ffe15ad4fcb42319f6d4ee99393
-    SHA256: 0527451d72ba02db8479ea69689350cc563b939bb2cc685386719ab32b7e2772
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2022-12-21 06:07:48'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: MSqPq.sys
-  ImportedFunctions:
-  - KeInitializeEvent
-  - KeInitializeEvent
-  - HalReturnToFirmware
-  - HalReturnToFirmware
-  - HalReturnToFirmware
-  - HalReturnToFirmware
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: 97539c78d6e2b5356ce79e40bcd4d570
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: b3c2084dcf3f40c0653c0d83ed93d1ec
-    SHA1: 98192b19393d287eeaa3c6cb52aa97723a66d136
-    SHA256: 783d7f55f46700737aafd36725d14b1c98049d9c0179f13143227d1e285d624b
-  SHA1: f6793243ad20359d8be40d3accac168a15a327fb
-  SHA256: 56066ed07bad3b5c1474e8fae5ee2543d17d7977369b34450bd0775517e3b25c
-  Sections:
-    .text:
-      Entropy: 7.939220758583228
-      Virtual Size: '0x8000'
-    .py:
-      Entropy: 7.692954758388239
-      Virtual Size: '0x93000'
-    .idata:
-      Entropy: 1.51240178581866
-      Virtual Size: '0x1000'
-    .reloc:
-      Entropy: 2.192572025670077
-      Virtual Size: '0x1000'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=CN, ST=Sichuan, L=Pingchang, O=No Organization Affiliation, OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=Individual Developer, CN=YI
-        ZENG
-      ValidFrom: '2013-12-31 00:00:00'
-      ValidTo: '2014-12-31 23:59:59'
-      Signature: 432c93efbd6e349900bc3e13152ced0c09907fd2517e9206860024b072d5e2e89d7d25f475476620d516b3faef06bc9933aedcd0144475c660c13c8e4bf23fa72fb67120ca241b00b7e2b172ad72514536c5f8760961a77beff475b9485b4d1b61151654c52eb24ae4b5c5f8c891ac3cffede838d7df8f27790c6939961ef0f06df8d2c27843ad2c9724fdf2b6bcacb9376f2e00e8448837f9c865ee243f1fc57bd58e163243a79f7e24dd209526fd699c0ccb42c4427e96fff07dca30b6f374dc777d3b2b076370c543e1d3bdddad307b200ad8b41a00492acf0dade86f47b1f8170a88f15813e920a835f64292432f1ad4744ba387ba592b388a8e6f1dd71f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 650869732d03e27a4fd494dc51845887
-      Version: 3
-      TBS:
-        MD5: 25491518fa7930337802391dc6ba0a58
-        SHA1: 86d84a70f5ffcab0f069df5a064c21d3ae4f5c9b
-        SHA256: 608df7f76afec05ddbc17edf9194ff9be0c0393a39fafed038e46e8e6fff4424
-        SHA384: 5764c4369b430f60b38834619195fc4f2bb623b947d0f299b372830272bdde9bd61ed4b577685ec5b6bccd57e2536a4c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 650869732d03e27a4fd494dc51845887
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: fca0f3c7b6d79f494034b9d2a1f5921a
-  LoadsDespiteHVCI: 'TRUE'
 MitreID: T1068
+Category: malicious
+Commands:
+    Command: sc.exe create MSqPq.sys binPath=C:\windows\temp\MSqPq.sys type=kernel
+        && sc.exe start MSqPq.sys
+    Description: BlackCat Ransomware Deploys New Signed Kernel Driver. BlackCat ransomware
+        incident that occurred in February 2023.
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://www.trendmicro.com/en_us/research/23/e/blackcat-ransomware-deploys-new-signed-kernel-driver.html
-Tags:
-- MSqPq.sys
-Verified: 'TRUE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: e66ea646261c73baee310361524fbb7c
+        SHA1: 12d1ff0396dc1ffe15ad4fcb42319f6d4ee99393
+        SHA256: 0527451d72ba02db8479ea69689350cc563b939bb2cc685386719ab32b7e2772
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2022-12-21 06:07:48'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: MSqPq.sys
+    ImportedFunctions:
+    - KeInitializeEvent
+    - KeInitializeEvent
+    - HalReturnToFirmware
+    - HalReturnToFirmware
+    - HalReturnToFirmware
+    - HalReturnToFirmware
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: 97539c78d6e2b5356ce79e40bcd4d570
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: b3c2084dcf3f40c0653c0d83ed93d1ec
+        SHA1: 98192b19393d287eeaa3c6cb52aa97723a66d136
+        SHA256: 783d7f55f46700737aafd36725d14b1c98049d9c0179f13143227d1e285d624b
+    SHA1: f6793243ad20359d8be40d3accac168a15a327fb
+    SHA256: 56066ed07bad3b5c1474e8fae5ee2543d17d7977369b34450bd0775517e3b25c
+    Sections:
+        .text:
+            Entropy: 7.939220758583228
+            Virtual Size: '0x8000'
+        .py:
+            Entropy: 7.692954758388239
+            Virtual Size: '0x93000'
+        .idata:
+            Entropy: 1.51240178581866
+            Virtual Size: '0x1000'
+        .reloc:
+            Entropy: 2.192572025670077
+            Virtual Size: '0x1000'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=CN, ST=Sichuan, L=Pingchang, O=No Organization Affiliation,
+                OU=Digital ID Class 3 , Microsoft Software Validation v2, OU=Individual
+                Developer, CN=YI ZENG
+            ValidFrom: '2013-12-31 00:00:00'
+            ValidTo: '2014-12-31 23:59:59'
+            Signature: 432c93efbd6e349900bc3e13152ced0c09907fd2517e9206860024b072d5e2e89d7d25f475476620d516b3faef06bc9933aedcd0144475c660c13c8e4bf23fa72fb67120ca241b00b7e2b172ad72514536c5f8760961a77beff475b9485b4d1b61151654c52eb24ae4b5c5f8c891ac3cffede838d7df8f27790c6939961ef0f06df8d2c27843ad2c9724fdf2b6bcacb9376f2e00e8448837f9c865ee243f1fc57bd58e163243a79f7e24dd209526fd699c0ccb42c4427e96fff07dca30b6f374dc777d3b2b076370c543e1d3bdddad307b200ad8b41a00492acf0dade86f47b1f8170a88f15813e920a835f64292432f1ad4744ba387ba592b388a8e6f1dd71f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 650869732d03e27a4fd494dc51845887
+            Version: 3
+            TBS:
+                MD5: 25491518fa7930337802391dc6ba0a58
+                SHA1: 86d84a70f5ffcab0f069df5a064c21d3ae4f5c9b
+                SHA256: 608df7f76afec05ddbc17edf9194ff9be0c0393a39fafed038e46e8e6fff4424
+                SHA384: 5764c4369b430f60b38834619195fc4f2bb623b947d0f299b372830272bdde9bd61ed4b577685ec5b6bccd57e2536a4c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 650869732d03e27a4fd494dc51845887
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: fca0f3c7b6d79f494034b9d2a1f5921a
+    LoadsDespiteHVCI: 'TRUE'
diff --git a/yaml/81a73e57-2e92-4d21-97d3-1c21eb4c3aea.yaml b/yaml/81a73e57-2e92-4d21-97d3-1c21eb4c3aea.yaml
index 610bb7082..49da2a604 100644
--- a/yaml/81a73e57-2e92-4d21-97d3-1c21eb4c3aea.yaml
+++ b/yaml/81a73e57-2e92-4d21-97d3-1c21eb4c3aea.yaml
@@ -1,184 +1,184 @@
-Acknowledgement:
-  Handle: alfarom256
-  Person: Mike Alfaro
+Id: 81a73e57-2e92-4d21-97d3-1c21eb4c3aea
+Tags:
+- LenovoDiagnosticsDriver.sys
+Verified: 'TRUE'
 Author: Michael Haag
+Created: '2023-01-09'
+MitreID: T1068
 CVE:
 - CVE-2022-3699
 Category: vulnerable driver
 Commands:
-  Command: sc.exe create LenovoDiagnosticsDriver.sys binPath=C:\windows\temp\LenovoDiagnosticsDriver.sys
-    type=kernel && sc.exe start LenovoDiagnosticsDriver.sys
-  Description: The aforementioned driver has been identified as vulnerable to CVE-2022-3699
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
-Created: '2023-01-09'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/f05b1ee9e2f6ab704b8919d5071becbce6f9d0f9d0ba32a460c41d5272134abe.yara
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: 81a73e57-2e92-4d21-97d3-1c21eb4c3aea
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 56b6144e389ce3b1e2a0a96a954aa7d8
-    SHA1: 6d9543725aca0c9c8f403425952692ccc1d2d7f2
-    SHA256: 34e6a56c60746c51034b45a7b2a36617205b598d0bbcc695f92404605a0975d5
-  Company: Lenovo Group Limited (R)
-  Copyright: "\xA9 2021 Lenovo Group Limited. All rights reserved."
-  CreationTimestamp: '2022-01-28 10:59:24'
-  Date: ''
-  Description: Lenovo Diagnostics Driver for Windows 10 and later.
-  ExportedFunctions: ''
-  FileVersion: 1.0.4.0
-  Filename: LenovoDiagnosticsDriver.sys
-  ImportedFunctions:
-  - MmMapIoSpace
-  - MmUnmapIoSpace
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - __C_specific_handler
-  - MmGetSystemRoutineAddress
-  - RtlInitUnicodeString
-  - ExFreePoolWithTag
-  - ZwClose
-  - ZwSetSecurityObject
-  - IoDeviceObjectType
-  - IoCreateDevice
-  - ObOpenObjectByPointer
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - ExAllocatePoolWithTag
-  - RtlGetSaclSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - _snwprintf
-  - RtlLengthSecurityDescriptor
-  - SeExports
-  - RtlCreateSecurityDescriptor
-  - _wcsnicmp
-  - wcschr
-  - RtlAbsoluteToSelfRelativeSD
-  - RtlAddAccessAllowedAce
-  - RtlLengthSid
-  - IoIsWdmVersionAvailable
-  - RtlSetDaclSecurityDescriptor
-  - ZwOpenKey
-  - ZwSetValueKey
-  - ZwQueryValueKey
-  - ZwCreateKey
-  - RtlFreeUnicodeString
-  - RtlGetOwnerSecurityDescriptor
-  - DbgPrintEx
-  - HalGetBusDataByOffset
-  - HalSetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: LenovoDiagnosticsDriver.sys
-  MD5: b941c8364308990ee4cc6eadf7214e0f
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: LenovoDiagnosticsDriver.sys
-  Product: Lenovo Diagnostics
-  ProductVersion: 1.0.4.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: f9a028999bfd69ee65e86573d56d2de3
-    SHA1: ac40538efeecc7ae93b551aa2d861851a798b17f
-    SHA256: 681234bfceb8f11e214c9d4fbec06523b80744dad37cbef0be64b84fc7dd4da1
-  SHA1: b89a8eef5aeae806af5ba212a8068845cafdab6f
-  SHA256: f05b1ee9e2f6ab704b8919d5071becbce6f9d0f9d0ba32a460c41d5272134abe
-  Sections:
-    .text:
-      Entropy: 6.202281459012431
-      Virtual Size: '0x11b6'
-    .rdata:
-      Entropy: 4.307397917054479
-      Virtual Size: '0xe34'
-    .data:
-      Entropy: 2.112180138315051
-      Virtual Size: '0x280'
-    .pdata:
-      Entropy: 4.122037812300564
-      Virtual Size: '0x2dc'
-    PAGE:
-      Entropy: 6.215624893450104
-      Virtual Size: '0x1c8c'
-    INIT:
-      Entropy: 5.135213694052921
-      Virtual Size: '0x56e'
-    .rsrc:
-      Entropy: 3.5035036535702537
-      Virtual Size: '0x498'
-    .reloc:
-      Entropy: 3.8431390622295667
-      Virtual Size: '0x40'
-  Signature:
-  - Lenovo
-  - DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1
-  - DigiCert Trusted Root G4
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert, Inc., CN=DigiCert Trusted G4 Code Signing RSA4096
-        SHA384 2021 CA1
-      ValidFrom: '2021-04-29 00:00:00'
-      ValidTo: '2036-04-28 23:59:59'
-      Signature: 3a23443d8d0876ee8fbc3a99d356e0021aa5f84834f32cb6e67466f79472b100caaf6c302713129e90449f4bfd9ea37c26d537bc3a5d486d95d53f49f427bb16814550fd9cbdb685e0767e3771cb22f75aaa90cff5936ae3eb20d1d55079889a8a8ac1b6bda148187edcd8801a111918cd61998156f6c9e376e7c4e41b5f43f83e94ff76393d9ed499cf4add28eb5f26a1955848d51afed7273ffd90d17686dd1cb0605cf30da8eee089a1bd39e1384eda6ebb369dfbe521535ac3cae96af1a23edb43b833c84f38149299f5ddce546dd95d02141f40337c03e295b2c221757352cb46d8c4341ca2a54b8dcd6f76372c853f1ace26e918be9007b0437f9588208270f0cccaeffd29355c1f893855f7378a8b09a1cb0be9311aff2e195c3971e1be9ca70a06d62667b792e64e5fde7aac49cf2ea47492addb3ca49c861fe3c1561b2b23ff8fb5ea887b706be6a0bafd3a3f45a6c4e81691528b41c048844b964dab4440e38df01528ceedf11856072a2f10c40c08643c338fae288c3ccb8f880b0dbf3bf4ce1e7b8eefb5ebcbb7f07713e6e7283fac12aea52f226c41f9825c1566cc6c0ecac586c3f626330c074ba0d307026a6a4030484b34a85120bbad1b8508e2590d6dca05502bea4a1c9ea5fda0a71f0674e7f2d65290fdaf854821f9573bb49c03ed8645f4b4616ebf68e2266086eac8afa9fe941de7631b3a8656784e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.12
-      IsCertificateAuthority: true
-      SerialNumber: 08ad40b260d29c4c9f5ecda9bd93aed9
-      Version: 3
-      TBS:
-        MD5: 5d8003a64dfa5a4d88365da1566038cb
-        SHA1: 79465b56bc7ad55a37bdf633943da8bfc84db228
-        SHA256: 84bdc82e2f2a7f7aaa782667dac556ffcb2b33240c1f9c0a00a3264526a98332
-        SHA384: 65b1d4076a89ae273f57e6eeedecb3eae129b4168f76fa7671914cdf461d542255c59d9b85b916ae0ca6fc0fcf7a8e64
-    - Subject: C=US, ST=North Carolina, L=Morrisville, O=Lenovo, OU=G14, CN=Lenovo
-      ValidFrom: '2021-11-22 00:00:00'
-      ValidTo: '2022-03-30 23:59:59'
-      Signature: 640fc986f34aa41e35444a37b92461d4eed33b163b6e4f883d188628bbb07ee70df9a8839fdc34ff36d4622cef4a664c73711efaf6b03c7e5c83138199cdc1a7defb5a39cfe365578d2f7af63f2ceb9e745be37e3c2b8612419f7dd1b37232c42e8d63ed1cdab404a0033145c0590be269777ec6c3234a3ba42a3b225a168485eedd9dc9df15978a9aa884f5ff3fb2514cce184fec8c026426ffd20510a00ef203f521b75b994ab7fb14aec2610d7f873d20cd76e608157421a4ca786e0f2e202dda5ecc96680d2d7a4e43031538752be859691b1935de593356fa32fd1f631fed6c5aa475d92c60ff1047ace01d023642c96813e70f5f496942560e9f09b1a79ab47808dacfe1fd36cc957ef31536287b77f7d602b0dbf015e5f8a30299470569757f72bea7a1ee115f7d34cc29bc5d0f8d0080633370dcf5bce318d117831c8501e56f4aac5feace080c836f864b0c8e5a11178bd3b3c244915eeced7db59c6eb299163f566099e33ff606f45ed608dedbb055e19474b82b31269a61221b875eb36e16738c75190f5a14d0c3bfc7d3fff27d4313e9d3852db215295205f1fb3bb8b9d51f70b5222dddd7398deb6a947065d1b2ecd4eb91d84957b71728d2bbec08c0aec19a8fbb0aea3f7be228dfd87a1ead0d674205d1f9bce65b380395059b4d56c46b470a71562eb5aa2e163e7985e134d54b60e865df4d2229ab35efe7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 01d4b02045832881e2d7530641135991
-      Version: 3
-      TBS:
-        MD5: 3452c838cdc0fad2580244b9efd5d8de
-        SHA1: f4d9f9525fa79caa80e5ef5b88ea4b07d6e272ad
-        SHA256: 4d66a4b0e68dc05b77e33ff1c284de96b040b4a6b3fe69326bc6cc2477e70866
-        SHA384: fd4fbb32ae0c9b9d6796dd2028d09121a186975991e6008ab1dc57ebbef199ba873f6bc26bd710852ef16d4249856392
-    Signer:
-    - SerialNumber: 01d4b02045832881e2d7530641135991
-      Issuer: C=US, O=DigiCert, Inc., CN=DigiCert Trusted G4 Code Signing RSA4096
-        SHA384 2021 CA1
-      Version: 1
-  Imphash: 225e24ee3c4081a16ef32831b70bf8ef
-  LoadsDespiteHVCI: 'FALSE'
-MitreID: T1068
+    Command: sc.exe create LenovoDiagnosticsDriver.sys binPath=C:\windows\temp\LenovoDiagnosticsDriver.sys
+        type=kernel && sc.exe start LenovoDiagnosticsDriver.sys
+    Description: The aforementioned driver has been identified as vulnerable to CVE-2022-3699
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules
 - https://nephosec.com/cve-2022-3699-lenovo-diagnostics-driver-eop-arbitrary-r-w/
 - https://github.com/alfarom256/CVE-2022-3699
 - https://support.lenovo.com/us/en/product_security/LEN-94532
-Tags:
-- LenovoDiagnosticsDriver.sys
-Verified: 'TRUE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/f05b1ee9e2f6ab704b8919d5071becbce6f9d0f9d0ba32a460c41d5272134abe.yara
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: alfarom256
+    Person: Mike Alfaro
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 56b6144e389ce3b1e2a0a96a954aa7d8
+        SHA1: 6d9543725aca0c9c8f403425952692ccc1d2d7f2
+        SHA256: 34e6a56c60746c51034b45a7b2a36617205b598d0bbcc695f92404605a0975d5
+    Company: Lenovo Group Limited (R)
+    Copyright: "\xA9 2021 Lenovo Group Limited. All rights reserved."
+    CreationTimestamp: '2022-01-28 10:59:24'
+    Date: ''
+    Description: Lenovo Diagnostics Driver for Windows 10 and later.
+    ExportedFunctions: ''
+    FileVersion: 1.0.4.0
+    Filename: LenovoDiagnosticsDriver.sys
+    ImportedFunctions:
+    - MmMapIoSpace
+    - MmUnmapIoSpace
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - __C_specific_handler
+    - MmGetSystemRoutineAddress
+    - RtlInitUnicodeString
+    - ExFreePoolWithTag
+    - ZwClose
+    - ZwSetSecurityObject
+    - IoDeviceObjectType
+    - IoCreateDevice
+    - ObOpenObjectByPointer
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - ExAllocatePoolWithTag
+    - RtlGetSaclSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - _snwprintf
+    - RtlLengthSecurityDescriptor
+    - SeExports
+    - RtlCreateSecurityDescriptor
+    - _wcsnicmp
+    - wcschr
+    - RtlAbsoluteToSelfRelativeSD
+    - RtlAddAccessAllowedAce
+    - RtlLengthSid
+    - IoIsWdmVersionAvailable
+    - RtlSetDaclSecurityDescriptor
+    - ZwOpenKey
+    - ZwSetValueKey
+    - ZwQueryValueKey
+    - ZwCreateKey
+    - RtlFreeUnicodeString
+    - RtlGetOwnerSecurityDescriptor
+    - DbgPrintEx
+    - HalGetBusDataByOffset
+    - HalSetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: LenovoDiagnosticsDriver.sys
+    MD5: b941c8364308990ee4cc6eadf7214e0f
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: LenovoDiagnosticsDriver.sys
+    Product: Lenovo Diagnostics
+    ProductVersion: 1.0.4.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: f9a028999bfd69ee65e86573d56d2de3
+        SHA1: ac40538efeecc7ae93b551aa2d861851a798b17f
+        SHA256: 681234bfceb8f11e214c9d4fbec06523b80744dad37cbef0be64b84fc7dd4da1
+    SHA1: b89a8eef5aeae806af5ba212a8068845cafdab6f
+    SHA256: f05b1ee9e2f6ab704b8919d5071becbce6f9d0f9d0ba32a460c41d5272134abe
+    Sections:
+        .text:
+            Entropy: 6.202281459012431
+            Virtual Size: '0x11b6'
+        .rdata:
+            Entropy: 4.307397917054479
+            Virtual Size: '0xe34'
+        .data:
+            Entropy: 2.112180138315051
+            Virtual Size: '0x280'
+        .pdata:
+            Entropy: 4.122037812300564
+            Virtual Size: '0x2dc'
+        PAGE:
+            Entropy: 6.215624893450104
+            Virtual Size: '0x1c8c'
+        INIT:
+            Entropy: 5.135213694052921
+            Virtual Size: '0x56e'
+        .rsrc:
+            Entropy: 3.5035036535702537
+            Virtual Size: '0x498'
+        .reloc:
+            Entropy: 3.8431390622295667
+            Virtual Size: '0x40'
+    Signature:
+    - Lenovo
+    - DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1
+    - DigiCert Trusted Root G4
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert, Inc., CN=DigiCert Trusted G4 Code Signing RSA4096
+                SHA384 2021 CA1
+            ValidFrom: '2021-04-29 00:00:00'
+            ValidTo: '2036-04-28 23:59:59'
+            Signature: 3a23443d8d0876ee8fbc3a99d356e0021aa5f84834f32cb6e67466f79472b100caaf6c302713129e90449f4bfd9ea37c26d537bc3a5d486d95d53f49f427bb16814550fd9cbdb685e0767e3771cb22f75aaa90cff5936ae3eb20d1d55079889a8a8ac1b6bda148187edcd8801a111918cd61998156f6c9e376e7c4e41b5f43f83e94ff76393d9ed499cf4add28eb5f26a1955848d51afed7273ffd90d17686dd1cb0605cf30da8eee089a1bd39e1384eda6ebb369dfbe521535ac3cae96af1a23edb43b833c84f38149299f5ddce546dd95d02141f40337c03e295b2c221757352cb46d8c4341ca2a54b8dcd6f76372c853f1ace26e918be9007b0437f9588208270f0cccaeffd29355c1f893855f7378a8b09a1cb0be9311aff2e195c3971e1be9ca70a06d62667b792e64e5fde7aac49cf2ea47492addb3ca49c861fe3c1561b2b23ff8fb5ea887b706be6a0bafd3a3f45a6c4e81691528b41c048844b964dab4440e38df01528ceedf11856072a2f10c40c08643c338fae288c3ccb8f880b0dbf3bf4ce1e7b8eefb5ebcbb7f07713e6e7283fac12aea52f226c41f9825c1566cc6c0ecac586c3f626330c074ba0d307026a6a4030484b34a85120bbad1b8508e2590d6dca05502bea4a1c9ea5fda0a71f0674e7f2d65290fdaf854821f9573bb49c03ed8645f4b4616ebf68e2266086eac8afa9fe941de7631b3a8656784e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.12
+            IsCertificateAuthority: true
+            SerialNumber: 08ad40b260d29c4c9f5ecda9bd93aed9
+            Version: 3
+            TBS:
+                MD5: 5d8003a64dfa5a4d88365da1566038cb
+                SHA1: 79465b56bc7ad55a37bdf633943da8bfc84db228
+                SHA256: 84bdc82e2f2a7f7aaa782667dac556ffcb2b33240c1f9c0a00a3264526a98332
+                SHA384: 65b1d4076a89ae273f57e6eeedecb3eae129b4168f76fa7671914cdf461d542255c59d9b85b916ae0ca6fc0fcf7a8e64
+        -   Subject: C=US, ST=North Carolina, L=Morrisville, O=Lenovo, OU=G14, CN=Lenovo
+            ValidFrom: '2021-11-22 00:00:00'
+            ValidTo: '2022-03-30 23:59:59'
+            Signature: 640fc986f34aa41e35444a37b92461d4eed33b163b6e4f883d188628bbb07ee70df9a8839fdc34ff36d4622cef4a664c73711efaf6b03c7e5c83138199cdc1a7defb5a39cfe365578d2f7af63f2ceb9e745be37e3c2b8612419f7dd1b37232c42e8d63ed1cdab404a0033145c0590be269777ec6c3234a3ba42a3b225a168485eedd9dc9df15978a9aa884f5ff3fb2514cce184fec8c026426ffd20510a00ef203f521b75b994ab7fb14aec2610d7f873d20cd76e608157421a4ca786e0f2e202dda5ecc96680d2d7a4e43031538752be859691b1935de593356fa32fd1f631fed6c5aa475d92c60ff1047ace01d023642c96813e70f5f496942560e9f09b1a79ab47808dacfe1fd36cc957ef31536287b77f7d602b0dbf015e5f8a30299470569757f72bea7a1ee115f7d34cc29bc5d0f8d0080633370dcf5bce318d117831c8501e56f4aac5feace080c836f864b0c8e5a11178bd3b3c244915eeced7db59c6eb299163f566099e33ff606f45ed608dedbb055e19474b82b31269a61221b875eb36e16738c75190f5a14d0c3bfc7d3fff27d4313e9d3852db215295205f1fb3bb8b9d51f70b5222dddd7398deb6a947065d1b2ecd4eb91d84957b71728d2bbec08c0aec19a8fbb0aea3f7be228dfd87a1ead0d674205d1f9bce65b380395059b4d56c46b470a71562eb5aa2e163e7985e134d54b60e865df4d2229ab35efe7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 01d4b02045832881e2d7530641135991
+            Version: 3
+            TBS:
+                MD5: 3452c838cdc0fad2580244b9efd5d8de
+                SHA1: f4d9f9525fa79caa80e5ef5b88ea4b07d6e272ad
+                SHA256: 4d66a4b0e68dc05b77e33ff1c284de96b040b4a6b3fe69326bc6cc2477e70866
+                SHA384: fd4fbb32ae0c9b9d6796dd2028d09121a186975991e6008ab1dc57ebbef199ba873f6bc26bd710852ef16d4249856392
+        Signer:
+        -   SerialNumber: 01d4b02045832881e2d7530641135991
+            Issuer: C=US, O=DigiCert, Inc., CN=DigiCert Trusted G4 Code Signing RSA4096
+                SHA384 2021 CA1
+            Version: 1
+    Imphash: 225e24ee3c4081a16ef32831b70bf8ef
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/833fc08f-217d-4d3f-8c8e-782c61120407.yaml b/yaml/833fc08f-217d-4d3f-8c8e-782c61120407.yaml
index c33bb4fcf..a42d8bbc6 100644
--- a/yaml/833fc08f-217d-4d3f-8c8e-782c61120407.yaml
+++ b/yaml/833fc08f-217d-4d3f-8c8e-782c61120407.yaml
@@ -1,38 +1,38 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 833fc08f-217d-4d3f-8c8e-782c61120407
+Tags:
+- kt2.sys
+Verified: 'FALSE'
 Author: Guus Verbeek
-Category: malicious
-Commands:
-  Command: sc.exe create kt2.sys binPath=C:\windows\temp\kt2.sys type=kernel && sc.exe
-    start kt2.sys
-  Description: BlackCat Ransomware Deploys New Signed Kernel Driver. BlackCat ransomware
-    incident that occurred in February 2023.
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-06-05'
-Detection: []
-Id: 833fc08f-217d-4d3f-8c8e-782c61120407
-KnownVulnerableSamples:
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: kt2.sys
-  MD5: ''
-  MachineType: ''
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: cb25a5125fb353496b59b910263209f273f3552d
-  SHA256: ''
-  Signature: ''
-  LoadsDespiteHVCI: 'TRUE'
 MitreID: T1068
+Category: malicious
+Commands:
+    Command: sc.exe create kt2.sys binPath=C:\windows\temp\kt2.sys type=kernel &&
+        sc.exe start kt2.sys
+    Description: BlackCat Ransomware Deploys New Signed Kernel Driver. BlackCat ransomware
+        incident that occurred in February 2023.
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://www.trendmicro.com/en_us/research/23/e/blackcat-ransomware-deploys-new-signed-kernel-driver.html
-Tags:
-- kt2.sys
-Verified: 'FALSE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: kt2.sys
+    MD5: ''
+    MachineType: ''
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: cb25a5125fb353496b59b910263209f273f3552d
+    SHA256: ''
+    Signature: ''
+    LoadsDespiteHVCI: 'TRUE'
diff --git a/yaml/837ad058-65f4-4b75-8f21-b842e48db8a5.yaml b/yaml/837ad058-65f4-4b75-8f21-b842e48db8a5.yaml
index 35cd287d1..3b99db5da 100644
--- a/yaml/837ad058-65f4-4b75-8f21-b842e48db8a5.yaml
+++ b/yaml/837ad058-65f4-4b75-8f21-b842e48db8a5.yaml
@@ -1,196 +1,199 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 837ad058-65f4-4b75-8f21-b842e48db8a5
+Tags:
+- nvaudio.sys
+Verified: 'TRUE'
 Author: Takahiro Haruyama
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create nvaudiosys binPath= C:\windows\temp\nvaudiosys.sys type=kernel
-    && sc.exe start nvaudiosys
-  Description: The Carbon Black Threat Analysis Unit (TAU) discovered 34 unique vulnerable
-    drivers (237 file hashes) accepting firmware access. Six allow kernel memory access.
-    All give full control of the devices to non-admin users. By exploiting the vulnerable
-    drivers, an attacker without the system privilege may erase/alter firmware, and/or
-    elevate privileges. As of the time of writing in October 2023, the filenames of
-    the vulnerable drivers have not been made public until now.
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-11-02'
-Detection: []
-Id: 837ad058-65f4-4b75-8f21-b842e48db8a5
-KnownVulnerableSamples:
-- Company: NVidia Corp.
-  Date: ''
-  Description: NVidia System Utility Driver
-  FileVersion: 7.00.00
-  Filename: ''
-  MD5: b2600502a5b962b8cdfac2ead24b17b4
-  MachineType: AMD64
-  OriginalFilename: nvoclock.sys
-  Product: NVidia System Utility Driver
-  ProductVersion: 7.00.00
-  Publisher: ''
-  SHA1: bda102afbc60f3f3c5bcbd5390ffbbbb89170b9c
-  SHA256: b0dcdbdc62949c981c4fc04ccea64be008676d23506fc05637d9686151a4b77f
-  Signature: ''
-  Imphash: f475387e3959dbea86854d61602db136
-  Authentihash:
-    MD5: 8b46a9553a2d586084c114be70b5367f
-    SHA1: 0fb1d0ef14ab73fcb4c62043859064cc5f9f88c2
-    SHA256: 6b3196a346973837242d92f3a0ff7bdc2485075d51de0b53650e4ef7348c7a83
-  RichPEHeaderHash:
-    MD5: 467ab399e8e2dbd4eadb35a620251e79
-    SHA1: 0a8aa46f42c40afd85a5efd219c4c2e8af6f95f9
-    SHA256: 107c7240faa51c5bf254f4f1adeefb93f49fa233a36c38cb5406a5c3a1cdbabe
-  Sections:
-    .text:
-      Entropy: 6.009503444874845
-      Virtual Size: '0x252a'
-    .rdata:
-      Entropy: 7.960602550565364
-      Virtual Size: '0x4400'
-    .data:
-      Entropy: 1.4126878900165245
-      Virtual Size: '0x20'
-    .pdata:
-      Entropy: 3.8179099735453104
-      Virtual Size: '0x168'
-    PAGE:
-      Entropy: 6.131698232777024
-      Virtual Size: '0x1313'
-    INIT:
-      Entropy: 5.304993358451985
-      Virtual Size: '0x4e0'
-    .rsrc:
-      Entropy: 3.248372667410239
-      Virtual Size: '0x388'
-    .reloc:
-      Entropy: 1.0689156580850052
-      Virtual Size: '0x24'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2010-06-24 09:29:58'
-  InternalName: nvoclock.sys
-  Copyright: "Copyright \xA9NVIDIA Corp. 2003-2004"
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - ExAllocatePoolWithTag
-  - DbgPrint
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - ExFreePoolWithTag
-  - MmUnmapIoSpace
-  - IoFreeMdl
-  - MmUnmapLockedPages
-  - PoCallDriver
-  - IofCompleteRequest
-  - PoStartNextPowerIrp
-  - KeSetSystemAffinityThread
-  - KeQueryActiveProcessors
-  - KeDelayExecutionThread
-  - MmMapIoSpace
-  - __C_specific_handler
-  - ObfDereferenceObject
-  - KeSetEvent
-  - ObReferenceObjectByHandle
-  - ExEventObjectType
-  - MmGetPhysicalAddress
-  - MmMapLockedPages
-  - MmBuildMdlForNonPagedPool
-  - IoAllocateMdl
-  - KeWaitForSingleObject
-  - IofCallDriver
-  - IoBuildSynchronousFsdRequest
-  - KeInitializeEvent
-  - IoGetDeviceObjectPointer
-  - IoGetDeviceInterfaces
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=US, ST=California, L=Santa Clara, O=NVIDIA Corporation, OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=Software, CN=NVIDIA Corporation
-      ValidFrom: '2009-07-31 00:00:00'
-      ValidTo: '2011-09-01 23:59:59'
-      Signature: 637b2f21e7ca2d9c511e9d61685062a36b1fa997fd860d4ebad28445116b417cef4a1bd7dfeb3a0aa4de2e23eae4c7f3abf12e823e3f4aa43e11df3c5bc1822d42125ae4c85c5b1de854950abdf7c1c1dce54186c2294bee017fdacfb123b13d8b1fce69fd7f1f40a112a4b8ca5e17a54251afae7b60f5e5e75cc20cc86bb0578c8478d21c7293af4613094ceff5ead14b0933572693afa4157fbb2ab13cb7a8d44d99fff11be3c0813bbb421ee7a0ed6e6da8f0d0ba915af1db2c9bd63d1bf371ddad6002debf35d03c124253aa9f4b06e5e448a075ef4d084b8061724d7263d19c48b28d916c8a582b5841a161e18d48d6c9618b8100f4194ca648a2fc656b
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 534abed0be56d9840dd12ddb84f8b031
-      Version: 3
-      TBS:
-        MD5: 4914c1d2c944d48a9636059155440df8
-        SHA1: 0337264fca5a8d774786b5b275e03ab42edb11ae
-        SHA256: 8833131f04e02297c80b986ec7e7793e194fb144470dc36cc57a376487c2750b
-        SHA384: 8450d31af22887ac50415c01d88f7eb6081b7044ab8f35ac0b63e09828786258e73fed98f37c99df6d5472b6a34f6db3
-    Signer:
-    - SerialNumber: 534abed0be56d9840dd12ddb84f8b031
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create nvaudiosys binPath= C:\windows\temp\nvaudiosys.sys type=kernel
+        && sc.exe start nvaudiosys
+    Description: The Carbon Black Threat Analysis Unit (TAU) discovered 34 unique
+        vulnerable drivers (237 file hashes) accepting firmware access. Six allow
+        kernel memory access. All give full control of the devices to non-admin users.
+        By exploiting the vulnerable drivers, an attacker without the system privilege
+        may erase/alter firmware, and/or elevate privileges. As of the time of writing
+        in October 2023, the filenames of the vulnerable drivers have not been made
+        public until now.
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://blogs.vmware.com/security/2023/10/hunting-vulnerable-kernel-drivers.html
-Tags:
-- nvaudio.sys
-Verified: 'TRUE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Company: NVidia Corp.
+    Date: ''
+    Description: NVidia System Utility Driver
+    FileVersion: 7.00.00
+    Filename: ''
+    MD5: b2600502a5b962b8cdfac2ead24b17b4
+    MachineType: AMD64
+    OriginalFilename: nvoclock.sys
+    Product: NVidia System Utility Driver
+    ProductVersion: 7.00.00
+    Publisher: ''
+    SHA1: bda102afbc60f3f3c5bcbd5390ffbbbb89170b9c
+    SHA256: b0dcdbdc62949c981c4fc04ccea64be008676d23506fc05637d9686151a4b77f
+    Signature: ''
+    Imphash: f475387e3959dbea86854d61602db136
+    Authentihash:
+        MD5: 8b46a9553a2d586084c114be70b5367f
+        SHA1: 0fb1d0ef14ab73fcb4c62043859064cc5f9f88c2
+        SHA256: 6b3196a346973837242d92f3a0ff7bdc2485075d51de0b53650e4ef7348c7a83
+    RichPEHeaderHash:
+        MD5: 467ab399e8e2dbd4eadb35a620251e79
+        SHA1: 0a8aa46f42c40afd85a5efd219c4c2e8af6f95f9
+        SHA256: 107c7240faa51c5bf254f4f1adeefb93f49fa233a36c38cb5406a5c3a1cdbabe
+    Sections:
+        .text:
+            Entropy: 6.009503444874845
+            Virtual Size: '0x252a'
+        .rdata:
+            Entropy: 7.960602550565364
+            Virtual Size: '0x4400'
+        .data:
+            Entropy: 1.4126878900165245
+            Virtual Size: '0x20'
+        .pdata:
+            Entropy: 3.8179099735453104
+            Virtual Size: '0x168'
+        PAGE:
+            Entropy: 6.131698232777024
+            Virtual Size: '0x1313'
+        INIT:
+            Entropy: 5.304993358451985
+            Virtual Size: '0x4e0'
+        .rsrc:
+            Entropy: 3.248372667410239
+            Virtual Size: '0x388'
+        .reloc:
+            Entropy: 1.0689156580850052
+            Virtual Size: '0x24'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2010-06-24 09:29:58'
+    InternalName: nvoclock.sys
+    Copyright: "Copyright \xA9NVIDIA Corp. 2003-2004"
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - ExAllocatePoolWithTag
+    - DbgPrint
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - ExFreePoolWithTag
+    - MmUnmapIoSpace
+    - IoFreeMdl
+    - MmUnmapLockedPages
+    - PoCallDriver
+    - IofCompleteRequest
+    - PoStartNextPowerIrp
+    - KeSetSystemAffinityThread
+    - KeQueryActiveProcessors
+    - KeDelayExecutionThread
+    - MmMapIoSpace
+    - __C_specific_handler
+    - ObfDereferenceObject
+    - KeSetEvent
+    - ObReferenceObjectByHandle
+    - ExEventObjectType
+    - MmGetPhysicalAddress
+    - MmMapLockedPages
+    - MmBuildMdlForNonPagedPool
+    - IoAllocateMdl
+    - KeWaitForSingleObject
+    - IofCallDriver
+    - IoBuildSynchronousFsdRequest
+    - KeInitializeEvent
+    - IoGetDeviceObjectPointer
+    - IoGetDeviceInterfaces
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=US, ST=California, L=Santa Clara, O=NVIDIA Corporation, OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, OU=Software, CN=NVIDIA
+                Corporation
+            ValidFrom: '2009-07-31 00:00:00'
+            ValidTo: '2011-09-01 23:59:59'
+            Signature: 637b2f21e7ca2d9c511e9d61685062a36b1fa997fd860d4ebad28445116b417cef4a1bd7dfeb3a0aa4de2e23eae4c7f3abf12e823e3f4aa43e11df3c5bc1822d42125ae4c85c5b1de854950abdf7c1c1dce54186c2294bee017fdacfb123b13d8b1fce69fd7f1f40a112a4b8ca5e17a54251afae7b60f5e5e75cc20cc86bb0578c8478d21c7293af4613094ceff5ead14b0933572693afa4157fbb2ab13cb7a8d44d99fff11be3c0813bbb421ee7a0ed6e6da8f0d0ba915af1db2c9bd63d1bf371ddad6002debf35d03c124253aa9f4b06e5e448a075ef4d084b8061724d7263d19c48b28d916c8a582b5841a161e18d48d6c9618b8100f4194ca648a2fc656b
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 534abed0be56d9840dd12ddb84f8b031
+            Version: 3
+            TBS:
+                MD5: 4914c1d2c944d48a9636059155440df8
+                SHA1: 0337264fca5a8d774786b5b275e03ab42edb11ae
+                SHA256: 8833131f04e02297c80b986ec7e7793e194fb144470dc36cc57a376487c2750b
+                SHA384: 8450d31af22887ac50415c01d88f7eb6081b7044ab8f35ac0b63e09828786258e73fed98f37c99df6d5472b6a34f6db3
+        Signer:
+        -   SerialNumber: 534abed0be56d9840dd12ddb84f8b031
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/84ccb68d-ce34-4aa2-98d5-7f473c2e1b07.yaml b/yaml/84ccb68d-ce34-4aa2-98d5-7f473c2e1b07.yaml
index 537e4e6d2..b9f63d1e3 100644
--- a/yaml/84ccb68d-ce34-4aa2-98d5-7f473c2e1b07.yaml
+++ b/yaml/84ccb68d-ce34-4aa2-98d5-7f473c2e1b07.yaml
@@ -1,185 +1,185 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 84ccb68d-ce34-4aa2-98d5-7f473c2e1b07
+Tags:
+- SysInfo.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create SysInfo.sys binPath=C:\windows\temp\SysInfo.sys type=kernel
-    && sc.exe start SysInfo.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection: []
-Id: 84ccb68d-ce34-4aa2-98d5-7f473c2e1b07
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 0f56e9fddae9389425d93099ad609867
-    SHA1: ca88f321631c1552e3e0bcd1f26ad3435cc9f1ae
-    SHA256: a82d08ef67bdfccf0a2cf6d507c9fbb6ac42bd74bf2ade46ec07fe253deb6573
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2005-09-18 15:24:12'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: SysInfo.sys
-  ImportedFunctions:
-  - RtlInitUnicodeString
-  - __C_specific_handler
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - IoDisconnectInterrupt
-  - IoConnectInterrupt
-  - IoCreateDevice
-  - KeInsertQueueDpc
-  - ZwClose
-  - IoDeleteSymbolicLink
-  - IofCompleteRequest
-  - KeInitializeDpc
-  - IoCreateSymbolicLink
-  - KeClearEvent
-  - IoDeleteDevice
-  - HalGetBusDataByOffset
-  - HalSetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: 5228b7a738dc90a06ae4f4a7412cb1e9
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 6f1cb980913392475dc6ef6c3e569966
-    SHA1: f9a5cfdfccc186ff84aa40a07c1cdb730d82e085
-    SHA256: bad3eabf9d630efa497af8ca6a682b596241143a6ce77f4e267cf15e19895da9
-  SHA1: f0c463d29a5914b01e4607889094f1b7d95e7aaf
-  SHA256: 7049f3c939efe76a5556c2a2c04386db51daf61d56b679f4868bb0983c996ebb
-  Sections:
-    .text:
-      Entropy: 5.870227791947925
-      Virtual Size: '0x14fe'
-    .rdata:
-      Entropy: 4.287500138971227
-      Virtual Size: '0x3d0'
-    .data:
-      Entropy: 1.2323958376791513
-      Virtual Size: '0x194'
-    .pdata:
-      Entropy: 3.8940062848117547
-      Virtual Size: '0x1e0'
-    INIT:
-      Entropy: 4.784186682731765
-      Virtual Size: '0x2b0'
-    .reloc:
-      Entropy: 2.011866957009745
-      Virtual Size: '0x5c'
-  Signature:
-  - Noriyuki MIYAZAKI
-  - GlobalSign ObjectSign CA
-  - GlobalSign Primary Object Publishing CA
-  - GlobalSign Root CA - R1
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=JP, CN=Noriyuki MIYAZAKI, emailAddress=hiyohiyo@crystalmark.info
-      ValidFrom: '2007-09-24 10:50:55'
-      ValidTo: '2008-09-24 10:50:55'
-      Signature: 4b6c4ea808b550cbae0f97c27726a0445d0e3e021ee0e0087bfe5bbc290e3e45ca35333f2a97fb7667f64326629f7a99fe2fec4da9fe14f0d858419982b983457848fbd6a9115769db6c5626b4d2f87fc77019a755a9efdf81b1968dfbfa638bf87bd25a8adf1c6c3bba3735f06b54d127462ed40dc364ad4c4f29c9f9692b29ff9557300a7c0d395f250172e312ff253b7ce8885ef8c1fe60c448676180e4ca09b34b52ae116b01f22b446b827a748ca80aee5f8e9ff6725e1dce5a7984c26eb72a615a9ef272f6f7b2e03e6d34665caf506b93cb5a2de127177eb1923cf5bc499e312d6c43ff5a26124ea63a4dc9a3340daa6449c2322857adf98166423cfb
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 01000000000115372421a8
-      Version: 3
-      TBS:
-        MD5: c11203d7c1fcb38e1eaff246bb8e7595
-        SHA1: 99f00de6eefb2076662465e682a2429373ebcb26
-        SHA256: 08a073aa77d42d608a9457a6b1d63eadcf5113407d8a55025ea1bbef0716dca5
-        SHA384: ef57f44999a39185b9ebf97894ce5a3cca2894e15bc0733a865501c3a41ea9054be5d7517aa59006b04a853cadbed567
-    - Subject: CN=GlobalSign RootSign Partners CA, OU=RootSign Partners CA, O=GlobalSign
-        nv,sa, C=BE
-      ValidFrom: '2003-12-16 13:00:00'
-      ValidTo: '2014-01-27 11:00:00'
-      Signature: 5c2f2e674a26b3e7b53f353cdda003ed569af9443752163065c7d14ea20f8db7b6b6678ee74cec8d95bee6cea7227874acd7f87499b3f7ce8b1338d596cc8d76c52f38b23aae61be0b8799e321626423398d84f6858df777ffb03806f07ec1485fb5ee582606660522749283a7dbb5f992e3e8c3192c2e63efbb1fdff9f70747660d0789977ef8332c9ecbae143df11cdfa3f179afc8928f9471c4d144c554db1eb50b0aa942a3afd643391dee8f9398585bbe6e9c0bf563ec5e99c2f954fa010746da0db06424cf8ed1061d4f3ca26377455ba4bc5fb080bb31e00b54015c161d724ed52a6947d11b667e5f016ef135916be02efeb045d81627b5c58bc2da53
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 040000000000f97faa2e1e
-      Version: 3
-      TBS:
-        MD5: 59466cb0c1788b2f251fce3495837102
-        SHA1: c5cfc5f6a131a3a77c3905c9893c99bb1b2baa0b
-        SHA256: eedda02668f7636eeec69429a7164cc47ca3de0539122d37f5b8078df7ee56db
-        SHA384: 982b72c3ee7066ce80ee642444c91adc60e7009fc6ef981a32edf666591d6aedb09d258e10e86f4ef265eae8149bbd92
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
-        Primary Object Publishing CA
-      ValidFrom: '1999-01-28 12:00:00'
-      ValidTo: '2014-01-27 11:00:00'
-      Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9611cd6
-      Version: 3
-      TBS:
-        MD5: 698f075151097d84c0b1f3e7bc3d6fca
-        SHA1: 041750993d7c9e063f02dfe74699598640911aab
-        SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
-        SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
-    - Subject: O=GlobalSign, CN=GlobalSign Time Stamping Authority, emailAddress=timestampinfo@globalsign.com
-      ValidFrom: '2007-02-05 09:00:00'
-      ValidTo: '2014-01-27 09:00:00'
-      Signature: 649b07caaccc411e37ef6f349cb5e8ca48f9daeafaf7172e5cad193b7311ec5adbfd7b213161c092515bb166b07c64d8fe10b471a8bc9e75379c5f6ff2da0437b8ecc003e256b7785995581d7a7c3e18d74c32bdf91ee723457fdee08d65825b45fd64c66fc3d7ea12411d0c395ef696f8c3cd9e1fff51886976988b8eb42788821ad63c7aabb04eb73ee8d434d2c1a439533cb2747b15373054a6ebb924cc2f084b4364f14aaf8d9ce8546cb2dbdc3bb1c722849f558e72a8b2a8f6f0ff03c996ebab8273dabe45561936fdba6cbc71f0d3c7c376d7e4bce2a1a67200cfbdb200ed92aa39ab09d16e3953862ad43b517398b754e9972d9977ee123e3642257f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000011092eb8295
-      Version: 3
-      TBS:
-        MD5: 11d73a3638fc78e0bac6c459feadcc42
-        SHA1: 6636f7dcf81b370b919966f9063295ec84422f91
-        SHA256: 1eb5fc1d2e3254b1e3c4587a6efed87ee65306525e684b4cfa4b51893cfe86a3
-        SHA384: a13c07e505c79c58654ad2cffe219c6c801fa092c52f18c489a6061420c6475706f11c200f4dadd51718c660e49b3f24
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      ValidFrom: '2004-01-22 09:00:00'
-      ValidTo: '2014-01-27 10:00:00'
-      Signature: 11d45d8af43d0d9d7e4fa70071610b56b34caa70e1b2d1dec7886d1d897c2ba946e58b1f8e4cc26695911fe34d394ae31b70b7446edc068a4d6d25e89812dcbca0dd864eae8f81130540905a542529944acaf165b4ef0679dae7cb86f004c918dcee72b320015748dfe333e12ccd9c077f9447278d888d340ca67c5c20c17d07b3736b648c26d29bd7e87965a6a891a174862a050282c1847cf279cd3c2a2b0f99291eea8c8a1ab16aeaa266380e65e1add8c6c91f888d3976ee1782c4138d97ce6341e77af5b4b66c15c33813b3930b620688dde1447f10a950248b60dc05f75ba514b27b56720b96eabffc057090659e051ca4dd07af4b57dec639673bc574
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9612448
-      Version: 3
-      TBS:
-        MD5: 2fc76031fc24eec1ef3db2d246d21d6a
-        SHA1: 75c3a1f76b9dfa31ef6bf56325e7bd0bf6e4779d
-        SHA256: 9238292d441c56dc89684c253343c17de3ed9cecd7f83d1d8f793b5ebc91f7b9
-        SHA384: 9279c1377eb701fdd79ef85038ff151cd8902169ba55fca84b9850f003563f73a1daaf869544252a2e42f06f58d2275f
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 01000000000115372421a8
-      Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      Version: 1
-  Imphash: 3c61f9a38aaa7650fcd33b46e794d1bb
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create SysInfo.sys binPath=C:\windows\temp\SysInfo.sys type=kernel
+        && sc.exe start SysInfo.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://github.com/namazso/physmem_drivers
-Tags:
-- SysInfo.sys
-Verified: 'TRUE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 0f56e9fddae9389425d93099ad609867
+        SHA1: ca88f321631c1552e3e0bcd1f26ad3435cc9f1ae
+        SHA256: a82d08ef67bdfccf0a2cf6d507c9fbb6ac42bd74bf2ade46ec07fe253deb6573
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2005-09-18 15:24:12'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: SysInfo.sys
+    ImportedFunctions:
+    - RtlInitUnicodeString
+    - __C_specific_handler
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - IoDisconnectInterrupt
+    - IoConnectInterrupt
+    - IoCreateDevice
+    - KeInsertQueueDpc
+    - ZwClose
+    - IoDeleteSymbolicLink
+    - IofCompleteRequest
+    - KeInitializeDpc
+    - IoCreateSymbolicLink
+    - KeClearEvent
+    - IoDeleteDevice
+    - HalGetBusDataByOffset
+    - HalSetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: 5228b7a738dc90a06ae4f4a7412cb1e9
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 6f1cb980913392475dc6ef6c3e569966
+        SHA1: f9a5cfdfccc186ff84aa40a07c1cdb730d82e085
+        SHA256: bad3eabf9d630efa497af8ca6a682b596241143a6ce77f4e267cf15e19895da9
+    SHA1: f0c463d29a5914b01e4607889094f1b7d95e7aaf
+    SHA256: 7049f3c939efe76a5556c2a2c04386db51daf61d56b679f4868bb0983c996ebb
+    Sections:
+        .text:
+            Entropy: 5.870227791947925
+            Virtual Size: '0x14fe'
+        .rdata:
+            Entropy: 4.287500138971227
+            Virtual Size: '0x3d0'
+        .data:
+            Entropy: 1.2323958376791513
+            Virtual Size: '0x194'
+        .pdata:
+            Entropy: 3.8940062848117547
+            Virtual Size: '0x1e0'
+        INIT:
+            Entropy: 4.784186682731765
+            Virtual Size: '0x2b0'
+        .reloc:
+            Entropy: 2.011866957009745
+            Virtual Size: '0x5c'
+    Signature:
+    - Noriyuki MIYAZAKI
+    - GlobalSign ObjectSign CA
+    - GlobalSign Primary Object Publishing CA
+    - GlobalSign Root CA - R1
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=JP, CN=Noriyuki MIYAZAKI, emailAddress=hiyohiyo@crystalmark.info
+            ValidFrom: '2007-09-24 10:50:55'
+            ValidTo: '2008-09-24 10:50:55'
+            Signature: 4b6c4ea808b550cbae0f97c27726a0445d0e3e021ee0e0087bfe5bbc290e3e45ca35333f2a97fb7667f64326629f7a99fe2fec4da9fe14f0d858419982b983457848fbd6a9115769db6c5626b4d2f87fc77019a755a9efdf81b1968dfbfa638bf87bd25a8adf1c6c3bba3735f06b54d127462ed40dc364ad4c4f29c9f9692b29ff9557300a7c0d395f250172e312ff253b7ce8885ef8c1fe60c448676180e4ca09b34b52ae116b01f22b446b827a748ca80aee5f8e9ff6725e1dce5a7984c26eb72a615a9ef272f6f7b2e03e6d34665caf506b93cb5a2de127177eb1923cf5bc499e312d6c43ff5a26124ea63a4dc9a3340daa6449c2322857adf98166423cfb
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 01000000000115372421a8
+            Version: 3
+            TBS:
+                MD5: c11203d7c1fcb38e1eaff246bb8e7595
+                SHA1: 99f00de6eefb2076662465e682a2429373ebcb26
+                SHA256: 08a073aa77d42d608a9457a6b1d63eadcf5113407d8a55025ea1bbef0716dca5
+                SHA384: ef57f44999a39185b9ebf97894ce5a3cca2894e15bc0733a865501c3a41ea9054be5d7517aa59006b04a853cadbed567
+        -   Subject: CN=GlobalSign RootSign Partners CA, OU=RootSign Partners CA,
+                O=GlobalSign nv,sa, C=BE
+            ValidFrom: '2003-12-16 13:00:00'
+            ValidTo: '2014-01-27 11:00:00'
+            Signature: 5c2f2e674a26b3e7b53f353cdda003ed569af9443752163065c7d14ea20f8db7b6b6678ee74cec8d95bee6cea7227874acd7f87499b3f7ce8b1338d596cc8d76c52f38b23aae61be0b8799e321626423398d84f6858df777ffb03806f07ec1485fb5ee582606660522749283a7dbb5f992e3e8c3192c2e63efbb1fdff9f70747660d0789977ef8332c9ecbae143df11cdfa3f179afc8928f9471c4d144c554db1eb50b0aa942a3afd643391dee8f9398585bbe6e9c0bf563ec5e99c2f954fa010746da0db06424cf8ed1061d4f3ca26377455ba4bc5fb080bb31e00b54015c161d724ed52a6947d11b667e5f016ef135916be02efeb045d81627b5c58bc2da53
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 040000000000f97faa2e1e
+            Version: 3
+            TBS:
+                MD5: 59466cb0c1788b2f251fce3495837102
+                SHA1: c5cfc5f6a131a3a77c3905c9893c99bb1b2baa0b
+                SHA256: eedda02668f7636eeec69429a7164cc47ca3de0539122d37f5b8078df7ee56db
+                SHA384: 982b72c3ee7066ce80ee642444c91adc60e7009fc6ef981a32edf666591d6aedb09d258e10e86f4ef265eae8149bbd92
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
+                Primary Object Publishing CA
+            ValidFrom: '1999-01-28 12:00:00'
+            ValidTo: '2014-01-27 11:00:00'
+            Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9611cd6
+            Version: 3
+            TBS:
+                MD5: 698f075151097d84c0b1f3e7bc3d6fca
+                SHA1: 041750993d7c9e063f02dfe74699598640911aab
+                SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
+                SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
+        -   Subject: O=GlobalSign, CN=GlobalSign Time Stamping Authority, emailAddress=timestampinfo@globalsign.com
+            ValidFrom: '2007-02-05 09:00:00'
+            ValidTo: '2014-01-27 09:00:00'
+            Signature: 649b07caaccc411e37ef6f349cb5e8ca48f9daeafaf7172e5cad193b7311ec5adbfd7b213161c092515bb166b07c64d8fe10b471a8bc9e75379c5f6ff2da0437b8ecc003e256b7785995581d7a7c3e18d74c32bdf91ee723457fdee08d65825b45fd64c66fc3d7ea12411d0c395ef696f8c3cd9e1fff51886976988b8eb42788821ad63c7aabb04eb73ee8d434d2c1a439533cb2747b15373054a6ebb924cc2f084b4364f14aaf8d9ce8546cb2dbdc3bb1c722849f558e72a8b2a8f6f0ff03c996ebab8273dabe45561936fdba6cbc71f0d3c7c376d7e4bce2a1a67200cfbdb200ed92aa39ab09d16e3953862ad43b517398b754e9972d9977ee123e3642257f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000011092eb8295
+            Version: 3
+            TBS:
+                MD5: 11d73a3638fc78e0bac6c459feadcc42
+                SHA1: 6636f7dcf81b370b919966f9063295ec84422f91
+                SHA256: 1eb5fc1d2e3254b1e3c4587a6efed87ee65306525e684b4cfa4b51893cfe86a3
+                SHA384: a13c07e505c79c58654ad2cffe219c6c801fa092c52f18c489a6061420c6475706f11c200f4dadd51718c660e49b3f24
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            ValidFrom: '2004-01-22 09:00:00'
+            ValidTo: '2014-01-27 10:00:00'
+            Signature: 11d45d8af43d0d9d7e4fa70071610b56b34caa70e1b2d1dec7886d1d897c2ba946e58b1f8e4cc26695911fe34d394ae31b70b7446edc068a4d6d25e89812dcbca0dd864eae8f81130540905a542529944acaf165b4ef0679dae7cb86f004c918dcee72b320015748dfe333e12ccd9c077f9447278d888d340ca67c5c20c17d07b3736b648c26d29bd7e87965a6a891a174862a050282c1847cf279cd3c2a2b0f99291eea8c8a1ab16aeaa266380e65e1add8c6c91f888d3976ee1782c4138d97ce6341e77af5b4b66c15c33813b3930b620688dde1447f10a950248b60dc05f75ba514b27b56720b96eabffc057090659e051ca4dd07af4b57dec639673bc574
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9612448
+            Version: 3
+            TBS:
+                MD5: 2fc76031fc24eec1ef3db2d246d21d6a
+                SHA1: 75c3a1f76b9dfa31ef6bf56325e7bd0bf6e4779d
+                SHA256: 9238292d441c56dc89684c253343c17de3ed9cecd7f83d1d8f793b5ebc91f7b9
+                SHA384: 9279c1377eb701fdd79ef85038ff151cd8902169ba55fca84b9850f003563f73a1daaf869544252a2e42f06f58d2275f
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 01000000000115372421a8
+            Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            Version: 1
+    Imphash: 3c61f9a38aaa7650fcd33b46e794d1bb
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/855ade1f-8a9e-4c9d-ab8e-d7e409609852.yaml b/yaml/855ade1f-8a9e-4c9d-ab8e-d7e409609852.yaml
index 20fc6ec97..de0c7bc9a 100644
--- a/yaml/855ade1f-8a9e-4c9d-ab8e-d7e409609852.yaml
+++ b/yaml/855ade1f-8a9e-4c9d-ab8e-d7e409609852.yaml
@@ -1,5138 +1,5138 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 855ade1f-8a9e-4c9d-ab8e-d7e409609852
+Tags:
+- elbycdio.sys
+Verified: 'TRUE'
 Author: Michael Haag
+Created: '2023-01-09'
+MitreID: T1068
 CVE:
 - CVE-2009-0824
 Category: vulnerable driver
 Commands:
-  Command: sc.exe create elbycdio.sys binPath=C:\windows\temp\elbycdio.sys type=kernel
-    && sc.exe start elbycdio.sys
-  Description: elbycdio.sys is a vulnerable driver. CVE-2009-0824.
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
-Created: '2023-01-09'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/eea53103e7a5a55dc1df79797395a2a3e96123ebd71cdd2db4b1be80e7b3f02b.yara
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: 855ade1f-8a9e-4c9d-ab8e-d7e409609852
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 1e7d48bdea295db001ff57b6d05d99a2
-    SHA1: 95a797b14c5718495e847f1aa7a5b554d1855893
-    SHA256: 45b7ec74cc78651975d01d88308f3231df4c96036d6c2273d79f53abdfc8888c
-  Company: Elaborate Bytes AG
-  Copyright: Copyright (C) 2000 - 2009 Elaborate Bytes AG
-  CreationTimestamp: '2009-01-29 15:57:56'
-  Date: ''
-  Description: ElbyCD Windows NT/2000/XP I/O driver
-  ExportedFunctions: ''
-  FileVersion: 6, 0, 2, 0
-  Filename: elbycdio.sys
-  ImportedFunctions:
-  - ZwWriteFile
-  - ZwCreateFile
-  - RtlInitUnicodeString
-  - swprintf
-  - ZwQueryVolumeInformationFile
-  - ZwOpenFile
-  - ZwClose
-  - ZwQuerySymbolicLinkObject
-  - ZwOpenSymbolicLinkObject
-  - PsTerminateSystemThread
-  - KeWaitForSingleObject
-  - ZwSetInformationThread
-  - KeSetEvent
-  - ObfDereferenceObject
-  - ObReferenceObjectByHandle
-  - PsCreateSystemThread
-  - KeInitializeEvent
-  - KeReleaseMutex
-  - ZwReadFile
-  - IofCompleteRequest
-  - KeInitializeMutex
-  - ExAllocatePool
-  - RtlFreeUnicodeString
-  - RtlAnsiStringToUnicodeString
-  - RtlInitAnsiString
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - IofCallDriver
-  - IoBuildDeviceIoControlRequest
-  - _except_handler3
-  - ProbeForRead
-  - ProbeForWrite
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeTickCount
-  - KeBugCheckEx
-  - KeInitializeSpinLock
-  - ExFreePool
-  - PsGetCurrentProcessId
-  - KfReleaseSpinLock
-  - KfAcquireSpinLock
-  - KeQueryPerformanceCounter
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ElbyCDIO
-  MD5: ae5eb2759305402821aeddc52ba9a6d6
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ElbyCDIO.sys
-  Product: CDRTools
-  ProductVersion: 6, 0, 0, 0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: eb06a2eb0c23a14191762653f6ae93bb
-    SHA1: 6de72a1325439feafb8d05a1c5a1a49444776d8d
-    SHA256: 08949d1698a747437b865766408f6835874da215b5c46e8cde9be943664218f5
-  SHA1: 3599ea2ac1fa78f423423a4cf90106ea0938dde8
-  SHA256: eea53103e7a5a55dc1df79797395a2a3e96123ebd71cdd2db4b1be80e7b3f02b
-  Sections:
-    .text:
-      Entropy: 6.40392416560879
-      Virtual Size: '0x29f0'
-    .rdata:
-      Entropy: 7.172875502424685
-      Virtual Size: '0x5c4'
-    .data:
-      Entropy: 2.0
-      Virtual Size: '0x4'
-    INIT:
-      Entropy: 5.383736240323343
-      Virtual Size: '0x4a6'
-    .rsrc:
-      Entropy: 3.3248073850095023
-      Virtual Size: '0x4d8'
-    .reloc:
-      Entropy: 5.0667220228838765
-      Virtual Size: '0x18e'
-  Signature:
-  - Elaborate Bytes AG
-  - GlobalSign ObjectSign CA
-  - GlobalSign Primary Object Publishing CA
-  - GlobalSign Root CA - R1
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
-        Primary Object Publishing CA
-      ValidFrom: '1999-01-28 12:00:00'
-      ValidTo: '2014-01-27 11:00:00'
-      Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9611cd6
-      Version: 3
-      TBS:
-        MD5: 698f075151097d84c0b1f3e7bc3d6fca
-        SHA1: 041750993d7c9e063f02dfe74699598640911aab
-        SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
-        SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
-    - Subject: C=CH, O=Elaborate Bytes AG, CN=Elaborate Bytes AG, emailAddress=admin@elby.ch
-      ValidFrom: '2008-12-23 13:26:11'
-      ValidTo: '2011-12-23 13:26:11'
-      Signature: 5a634dbf49c9d1dbe5ed4b484689b4f95ee13686141c393683a1decdc986cf94613342607a120df492112daaa92fd772bbbcb1c0f14cec7c0c20304c92d62508859c387138f2d145dbcc54c561f1b9dd73d3686ae3859ea986e4f539db7495a64b551b60d6f976ae6075ca3f6dbe1187b875ee267784b5baefaa850078595fb8b1c8944c9c3da355a802ebc52eacb9bdffdd57b0aae5f49c02c5ae6505b7ca1afb2b29e39374eab8bf1e643c3e1c8240dc113ceb078c70a401e92d0610538eaed48e291cad84635d6100930c8e7b9801323490e4f3e58d9f9fea04843f06633f8b8a8774d2b679be008d1d92bb31815f8f01c5e08144ed9574a605b245de2ba7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0100000000011e643e96d0
-      Version: 3
-      TBS:
-        MD5: f39798a2df6dda6c76b4697e743c8b80
-        SHA1: d97d9f0d2cad2881eda58fa0467cff6396be6408
-        SHA256: 5086b06e5d91585b5a110b3ec4048ce6a43a58e4fc7eb8aa99c391af5b2f8d9f
-        SHA384: 99096e0926f74d7dd4bc744bea78d7310e623f6c782a3f38d4db933e9cdf2bc8e1b813e5f6a0aacd8e59606f075e4afd
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      ValidFrom: '2004-01-22 09:00:00'
-      ValidTo: '2014-01-27 10:00:00'
-      Signature: 11d45d8af43d0d9d7e4fa70071610b56b34caa70e1b2d1dec7886d1d897c2ba946e58b1f8e4cc26695911fe34d394ae31b70b7446edc068a4d6d25e89812dcbca0dd864eae8f81130540905a542529944acaf165b4ef0679dae7cb86f004c918dcee72b320015748dfe333e12ccd9c077f9447278d888d340ca67c5c20c17d07b3736b648c26d29bd7e87965a6a891a174862a050282c1847cf279cd3c2a2b0f99291eea8c8a1ab16aeaa266380e65e1add8c6c91f888d3976ee1782c4138d97ce6341e77af5b4b66c15c33813b3930b620688dde1447f10a950248b60dc05f75ba514b27b56720b96eabffc057090659e051ca4dd07af4b57dec639673bc574
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9612448
-      Version: 3
-      TBS:
-        MD5: 2fc76031fc24eec1ef3db2d246d21d6a
-        SHA1: 75c3a1f76b9dfa31ef6bf56325e7bd0bf6e4779d
-        SHA256: 9238292d441c56dc89684c253343c17de3ed9cecd7f83d1d8f793b5ebc91f7b9
-        SHA384: 9279c1377eb701fdd79ef85038ff151cd8902169ba55fca84b9850f003563f73a1daaf869544252a2e42f06f58d2275f
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 0100000000011e643e96d0
-      Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      Version: 1
-  Imphash: f531646e31cc12dfaac5b8352653c384
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 350ab25a105b2fee583f1b903d48788e
-    SHA1: 23a6345ab41ff68e31cef025de23cc8c81c90725
-    SHA256: 86236392bb2cc77100bd83d34a30e3fb60aa727d0b11c147a838d9a205bae80e
-  Company: Elaborate Bytes AG
-  Copyright: Copyright (C) 2000 - 2009 Elaborate Bytes AG
-  CreationTimestamp: '2009-02-17 10:11:23'
-  Description: ElbyCD Windows x64 I/O driver
-  ExportedFunctions: ''
-  FileVersion: 6, 0, 3, 2
-  Filename: ElbyCDIO.sys
-  ImportedFunctions:
-  - KeAcquireSpinLockRaiseToDpc
-  - KeReleaseSpinLock
-  - KeWaitForSingleObject
-  - KeReleaseMutex
-  - __C_specific_handler
-  - ProbeForRead
-  - ProbeForWrite
-  - ZwReadFile
-  - ZwWriteFile
-  - ZwCreateFile
-  - RtlInitUnicodeString
-  - swprintf
-  - ZwQueryVolumeInformationFile
-  - ZwOpenFile
-  - ZwClose
-  - ZwQuerySymbolicLinkObject
-  - ZwOpenSymbolicLinkObject
-  - PsTerminateSystemThread
-  - ZwSetInformationThread
-  - ObfDereferenceObject
-  - ObReferenceObjectByHandle
-  - PsCreateSystemThread
-  - KeInitializeEvent
-  - PsGetCurrentProcessId
-  - IofCompleteRequest
-  - KeInitializeMutex
-  - ExAllocatePool
-  - ExFreePool
-  - RtlFreeUnicodeString
-  - RtlAnsiStringToUnicodeString
-  - RtlInitAnsiString
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - IofCallDriver
-  - IoBuildDeviceIoControlRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeBugCheckEx
-  - KeSetEvent
-  - KeQueryPerformanceCounter
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ElbyCDIO
-  MD5: 702d5606cf2199e0edea6f0e0d27cd10
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ElbyCDIO.sys
-  Product: CDRTools
-  ProductVersion: 6, 0, 0, 0
-  RichPEHeaderHash:
-    MD5: 19c3041e63a42fad9800c3d4098a28a7
-    SHA1: 083ef31132cacb2ead9d826d90646517ca732570
-    SHA256: 3829fddcb11b40682e3936be4c0f376d99a9caf02692368aef98332f68ce80e8
-  SHA1: 879e327292616c56bd4aafc279fbda6cc393b74d
-  SHA256: 238046cfe126a1f8ab96d8b62f6aa5ec97bab830e2bae5b1b6ab2d31894c79e4
-  Sections:
-    .text:
-      Entropy: 6.236432237090433
-      Virtual Size: '0x3b02'
-    .rdata:
-      Entropy: 6.243435646899353
-      Virtual Size: '0xb78'
-    .data:
-      Entropy: 0.5159719988134768
-      Virtual Size: '0x110'
-    .pdata:
-      Entropy: 4.200185461485669
-      Virtual Size: '0x30c'
-    INIT:
-      Entropy: 5.002469637112522
-      Virtual Size: '0x562'
-    .rsrc:
-      Entropy: 3.322459175866386
-      Virtual Size: '0x4a8'
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
-        Primary Object Publishing CA
-      ValidFrom: '1999-01-28 12:00:00'
-      ValidTo: '2014-01-27 11:00:00'
-      Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9611cd6
-      Version: 3
-      TBS:
-        MD5: 698f075151097d84c0b1f3e7bc3d6fca
-        SHA1: 041750993d7c9e063f02dfe74699598640911aab
-        SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
-        SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
-    - Subject: C=CH, O=Elaborate Bytes AG, CN=Elaborate Bytes AG, emailAddress=admin@elby.ch
-      ValidFrom: '2008-12-23 13:26:11'
-      ValidTo: '2011-12-23 13:26:11'
-      Signature: 5a634dbf49c9d1dbe5ed4b484689b4f95ee13686141c393683a1decdc986cf94613342607a120df492112daaa92fd772bbbcb1c0f14cec7c0c20304c92d62508859c387138f2d145dbcc54c561f1b9dd73d3686ae3859ea986e4f539db7495a64b551b60d6f976ae6075ca3f6dbe1187b875ee267784b5baefaa850078595fb8b1c8944c9c3da355a802ebc52eacb9bdffdd57b0aae5f49c02c5ae6505b7ca1afb2b29e39374eab8bf1e643c3e1c8240dc113ceb078c70a401e92d0610538eaed48e291cad84635d6100930c8e7b9801323490e4f3e58d9f9fea04843f06633f8b8a8774d2b679be008d1d92bb31815f8f01c5e08144ed9574a605b245de2ba7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0100000000011e643e96d0
-      Version: 3
-      TBS:
-        MD5: f39798a2df6dda6c76b4697e743c8b80
-        SHA1: d97d9f0d2cad2881eda58fa0467cff6396be6408
-        SHA256: 5086b06e5d91585b5a110b3ec4048ce6a43a58e4fc7eb8aa99c391af5b2f8d9f
-        SHA384: 99096e0926f74d7dd4bc744bea78d7310e623f6c782a3f38d4db933e9cdf2bc8e1b813e5f6a0aacd8e59606f075e4afd
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      ValidFrom: '2004-01-22 09:00:00'
-      ValidTo: '2014-01-27 10:00:00'
-      Signature: 11d45d8af43d0d9d7e4fa70071610b56b34caa70e1b2d1dec7886d1d897c2ba946e58b1f8e4cc26695911fe34d394ae31b70b7446edc068a4d6d25e89812dcbca0dd864eae8f81130540905a542529944acaf165b4ef0679dae7cb86f004c918dcee72b320015748dfe333e12ccd9c077f9447278d888d340ca67c5c20c17d07b3736b648c26d29bd7e87965a6a891a174862a050282c1847cf279cd3c2a2b0f99291eea8c8a1ab16aeaa266380e65e1add8c6c91f888d3976ee1782c4138d97ce6341e77af5b4b66c15c33813b3930b620688dde1447f10a950248b60dc05f75ba514b27b56720b96eabffc057090659e051ca4dd07af4b57dec639673bc574
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9612448
-      Version: 3
-      TBS:
-        MD5: 2fc76031fc24eec1ef3db2d246d21d6a
-        SHA1: 75c3a1f76b9dfa31ef6bf56325e7bd0bf6e4779d
-        SHA256: 9238292d441c56dc89684c253343c17de3ed9cecd7f83d1d8f793b5ebc91f7b9
-        SHA384: 9279c1377eb701fdd79ef85038ff151cd8902169ba55fca84b9850f003563f73a1daaf869544252a2e42f06f58d2275f
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 0100000000011e643e96d0
-      Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      Version: 1
-  Imphash: 959dce366573a7aae10b74a08931722a
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 5560e048b895a592a481f9340852e3cd
-    SHA1: 1e73dbe3d0bed9def62c1f76a0c58aa6c61e8f74
-    SHA256: d378162a47648bed192270ab4ddd67c99b4ebe8093a267fa1fe1e092559504b0
-  Company: Elaborate Bytes AG
-  Copyright: Copyright (C) 2000 - 2007 Elaborate Bytes AG
-  CreationTimestamp: '2007-02-28 13:56:05'
-  Description: ElbyCD Windows NT/2000/XP I/O driver
-  ExportedFunctions: ''
-  FileVersion: 6, 0, 0, 2
-  Filename: ElbyCDIO.sys
-  ImportedFunctions:
-  - KeWaitForSingleObject
-  - RtlFreeUnicodeString
-  - ZwCreateFile
-  - RtlAnsiStringToUnicodeString
-  - RtlInitAnsiString
-  - ZwCreateKey
-  - ZwOpenKey
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - IofCallDriver
-  - IoBuildDeviceIoControlRequest
-  - KeInitializeEvent
-  - IoFreeMdl
-  - MmUnlockPages
-  - KeReleaseMutex
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - ExFreePool
-  - ObfDereferenceObject
-  - ObReferenceObjectByHandle
-  - ExAllocatePool
-  - ZwDeleteKey
-  - ZwClose
-  - ZwDeviceIoControlFile
-  - IoCreateSymbolicLink
-  - KeInitializeMutex
-  - IoCreateDevice
-  - RtlUnwind
-  - KeTickCount
-  - MmMapLockedPages
-  - IofCompleteRequest
-  - KeQueryPerformanceCounter
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ElbyCDIO
-  MD5: 945ef111161bae49075107e5bc11a23f
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ElbyCDIO.sys
-  Product: CDRTools
-  ProductVersion: 6, 0, 0, 0
-  RichPEHeaderHash:
-    MD5: c15e20cb179a835c6a295f891d4f43f6
-    SHA1: fb716dec77e711df26bca8c29284c5c21c92a808
-    SHA256: 626b9fbb41fcf7bc7185e02b6d4ca83f5070929c4645876c4b19aa50765655e1
-  SHA1: ea37a4241fa4d92c168d052c4e095ccd22a83080
-  SHA256: 2fbbc276737047cb9b3ba5396756d28c1737342d89dce1b64c23a9c4513ae445
-  Sections:
-    .text:
-      Entropy: 6.014899913315142
-      Virtual Size: '0xe10'
-    .rdata:
-      Entropy: 3.9543650485820954
-      Virtual Size: '0x178'
-    .data:
-      Entropy: 1.9182958340544898
-      Virtual Size: '0x18'
-    INIT:
-      Entropy: 5.282185901600035
-      Virtual Size: '0x3a0'
-    .rsrc:
-      Entropy: 3.3264202882353087
-      Virtual Size: '0x4d8'
-    .reloc:
-      Entropy: 4.897249100220145
-      Virtual Size: '0x134'
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=CH, O=Elaborate Bytes AG, CN=Elaborate Bytes AG, emailAddress=admin@elby.ch
-      ValidFrom: '2006-12-07 11:07:29'
-      ValidTo: '2008-12-07 11:07:29'
-      Signature: 312a78bb7289ca49f93bb483f0a56c77003b9bc3dda8096af5a455a642aeb201ceaadcacce82396eadef1bc05108e296eae1d8d074949170f28f78fa24bed56e7dca69067866d2d790c10929db5d6e7026906dc96a4c3e2b0254b86328393272826bad272dc3911b2c3ec6832d88e95a696d7e5da86c3f946c306df5a5d7e78b0cba5df4d78035e76fa33c452afc780ffe36246c58fdd0e150d22fce7df4dd954eae19a60009e5b99b8649b6d728a46bd9f90ddfbccb6951dfa7b106a6d0fda3b76b23ef475dcf2d1147ae15d4d34035e1929681fe802dfbc5bbbcd98e107c39cbe07cce6911a9202709853bcc4748fde8dc409b7939be5e4b6c97fb90dc6031
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0100000000010f5c98b8f5
-      Version: 3
-      TBS:
-        MD5: 832074a51bea8e4758c8dfeb2e96ad84
-        SHA1: 04ba895ed074635a01875a1f25da93e2e2cbbfba
-        SHA256: c5ba90a16c07cee0cb480ee21c9bedaf3ea4cbe004589b74fb9c2c0bedbc7c1b
-        SHA384: 94a7139c5e1fb29c73f8882dc40027a3929d0aab66c9be0138707c68ba43a1f329477f4bcec47cb0d0d48e918fecc91d
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
-        Primary Object Publishing CA
-      ValidFrom: '1999-01-28 12:00:00'
-      ValidTo: '2014-01-27 11:00:00'
-      Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9611cd6
-      Version: 3
-      TBS:
-        MD5: 698f075151097d84c0b1f3e7bc3d6fca
-        SHA1: 041750993d7c9e063f02dfe74699598640911aab
-        SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
-        SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2008-12-03 23:59:59'
-      Signature: 877870da4e5201205be079c98230c4fdb91996bd9100c3bdcdcdc6f40ed8fff94dc033623011c5f5741bd492de5f9c2013b17c45be50cd83e7801783a72793671346fbcab8984103cc9b515b058b7fa86ff31b501b242ef2698d6c22f7bbca1695ed0c74c06877d9eb996287c17390f889747a23aba3987b97b1f78f29714d2e751b4841daf0b50d2054d677a097826369fd09cf8af075bb099bd9f91155269a6132be7a02b07b86bea2c38b222c78d13576bc92735cf9b9e64c150a23cce4d2d4342e4940153c0f607a24c6a566ef96cf70eb3ee7f40d7edcd17ca3767169c19c4f47303521b1a2af1a623c2bd98eaa2a077bd818b35c7be29da56ffe3c89ad
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0de92bf0d4d82988183205095e9a7688
-      Version: 3
-      TBS:
-        MD5: 45c204b8a20f6abb0188d2d38a3fb0c9
-        SHA1: cdf3a3c5c2eda4c29621f30fd3154f9f8c765739
-        SHA256: e32839dddc0f4ed2474efaf37f59d46db400c700fd19533cb0895a111124bc77
-        SHA384: ee9c75832cb252218b3201619852209df490d2ef7a5f7a28afdb37f1c1dd56f4604898838e558f615b1c798d4a488223
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      ValidFrom: '2004-01-22 09:00:00'
-      ValidTo: '2014-01-27 10:00:00'
-      Signature: 11d45d8af43d0d9d7e4fa70071610b56b34caa70e1b2d1dec7886d1d897c2ba946e58b1f8e4cc26695911fe34d394ae31b70b7446edc068a4d6d25e89812dcbca0dd864eae8f81130540905a542529944acaf165b4ef0679dae7cb86f004c918dcee72b320015748dfe333e12ccd9c077f9447278d888d340ca67c5c20c17d07b3736b648c26d29bd7e87965a6a891a174862a050282c1847cf279cd3c2a2b0f99291eea8c8a1ab16aeaa266380e65e1add8c6c91f888d3976ee1782c4138d97ce6341e77af5b4b66c15c33813b3930b620688dde1447f10a950248b60dc05f75ba514b27b56720b96eabffc057090659e051ca4dd07af4b57dec639673bc574
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9612448
-      Version: 3
-      TBS:
-        MD5: 2fc76031fc24eec1ef3db2d246d21d6a
-        SHA1: 75c3a1f76b9dfa31ef6bf56325e7bd0bf6e4779d
-        SHA256: 9238292d441c56dc89684c253343c17de3ed9cecd7f83d1d8f793b5ebc91f7b9
-        SHA384: 9279c1377eb701fdd79ef85038ff151cd8902169ba55fca84b9850f003563f73a1daaf869544252a2e42f06f58d2275f
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 0100000000010f5c98b8f5
-      Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      Version: 1
-  Imphash: b91054cdc4c8b3169cfe6c157f6d9f07
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 46eca1eab6ab83208b56787f55ed4117
-    SHA1: 1b62759087cbe7f5f9a82477bc2f2b19bb51f41d
-    SHA256: e35d09a903d76810830aff2fc87bb3071026d982a334b3ee4c68f66cba865109
-  Company: Elaborate Bytes AG
-  Copyright: Copyright (C) 2000 - 2008 Elaborate Bytes AG
-  CreationTimestamp: '2008-07-16 14:59:48'
-  Description: ElbyCD Windows NT/2000/XP I/O driver
-  ExportedFunctions: ''
-  FileVersion: 6, 0, 1, 1
-  Filename: ElbyCDIO.sys
-  ImportedFunctions:
-  - ZwWriteFile
-  - ZwCreateFile
-  - RtlInitUnicodeString
-  - swprintf
-  - ZwQueryVolumeInformationFile
-  - ZwOpenFile
-  - ZwClose
-  - ZwQuerySymbolicLinkObject
-  - ZwOpenSymbolicLinkObject
-  - PsTerminateSystemThread
-  - ZwSetInformationThread
-  - KeWaitForSingleObject
-  - KeSetEvent
-  - ObfDereferenceObject
-  - ObReferenceObjectByHandle
-  - PsCreateSystemThread
-  - KeInitializeEvent
-  - KeReleaseMutex
-  - PsGetCurrentProcessId
-  - IofCompleteRequest
-  - KeInitializeMutex
-  - ZwReadFile
-  - RtlFreeUnicodeString
-  - RtlAnsiStringToUnicodeString
-  - RtlInitAnsiString
-  - ZwCreateKey
-  - ZwOpenKey
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - IofCallDriver
-  - IoBuildDeviceIoControlRequest
-  - IoFreeMdl
-  - MmUnlockPages
-  - MmMapLockedPages
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - _except_handler3
-  - ZwDeleteKey
-  - ZwDeviceIoControlFile
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeTickCount
-  - KeBugCheckEx
-  - KeInitializeSpinLock
-  - ExFreePool
-  - ExAllocatePool
-  - KfReleaseSpinLock
-  - KfAcquireSpinLock
-  - KeQueryPerformanceCounter
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ElbyCDIO
-  MD5: 24fe18891c173a7c76426d08d2b0630e
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ElbyCDIO.sys
-  Product: CDRTools
-  ProductVersion: 6, 0, 0, 0
-  RichPEHeaderHash:
-    MD5: 27082193599c13d88cd3571465c0869f
-    SHA1: 0ca5abc904d8a25537355902fe3e897263b7c780
-    SHA256: 345dc7d1b4b40f3ae817e86ae8a68038f88f5c21c8c34876e2f0c320a681e724
-  SHA1: f640c94e71921479cc48d06b59aba41ffa50a769
-  SHA256: 5cfad3d473961763306d72c12bd5ae14183a1a5778325c9acacca764b79ca185
-  Sections:
-    .text:
-      Entropy: 6.424057457116316
-      Virtual Size: '0x2bf0'
-    .rdata:
-      Entropy: 7.160715749285086
-      Virtual Size: '0x5d4'
-    .data:
-      Entropy: 2.0
-      Virtual Size: '0x4'
-    INIT:
-      Entropy: 5.4154107889213075
-      Virtual Size: '0x538'
-    .rsrc:
-      Entropy: 3.332445756647145
-      Virtual Size: '0x4d8'
-    .reloc:
-      Entropy: 5.01593937139053
-      Virtual Size: '0x1c2'
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=CH, O=Elaborate Bytes AG, CN=Elaborate Bytes AG, emailAddress=admin@elby.ch
-      ValidFrom: '2006-12-07 11:07:29'
-      ValidTo: '2008-12-07 11:07:29'
-      Signature: 312a78bb7289ca49f93bb483f0a56c77003b9bc3dda8096af5a455a642aeb201ceaadcacce82396eadef1bc05108e296eae1d8d074949170f28f78fa24bed56e7dca69067866d2d790c10929db5d6e7026906dc96a4c3e2b0254b86328393272826bad272dc3911b2c3ec6832d88e95a696d7e5da86c3f946c306df5a5d7e78b0cba5df4d78035e76fa33c452afc780ffe36246c58fdd0e150d22fce7df4dd954eae19a60009e5b99b8649b6d728a46bd9f90ddfbccb6951dfa7b106a6d0fda3b76b23ef475dcf2d1147ae15d4d34035e1929681fe802dfbc5bbbcd98e107c39cbe07cce6911a9202709853bcc4748fde8dc409b7939be5e4b6c97fb90dc6031
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0100000000010f5c98b8f5
-      Version: 3
-      TBS:
-        MD5: 832074a51bea8e4758c8dfeb2e96ad84
-        SHA1: 04ba895ed074635a01875a1f25da93e2e2cbbfba
-        SHA256: c5ba90a16c07cee0cb480ee21c9bedaf3ea4cbe004589b74fb9c2c0bedbc7c1b
-        SHA384: 94a7139c5e1fb29c73f8882dc40027a3929d0aab66c9be0138707c68ba43a1f329477f4bcec47cb0d0d48e918fecc91d
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
-        Primary Object Publishing CA
-      ValidFrom: '1999-01-28 12:00:00'
-      ValidTo: '2014-01-27 11:00:00'
-      Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9611cd6
-      Version: 3
-      TBS:
-        MD5: 698f075151097d84c0b1f3e7bc3d6fca
-        SHA1: 041750993d7c9e063f02dfe74699598640911aab
-        SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
-        SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      ValidFrom: '2004-01-22 09:00:00'
-      ValidTo: '2014-01-27 10:00:00'
-      Signature: 11d45d8af43d0d9d7e4fa70071610b56b34caa70e1b2d1dec7886d1d897c2ba946e58b1f8e4cc26695911fe34d394ae31b70b7446edc068a4d6d25e89812dcbca0dd864eae8f81130540905a542529944acaf165b4ef0679dae7cb86f004c918dcee72b320015748dfe333e12ccd9c077f9447278d888d340ca67c5c20c17d07b3736b648c26d29bd7e87965a6a891a174862a050282c1847cf279cd3c2a2b0f99291eea8c8a1ab16aeaa266380e65e1add8c6c91f888d3976ee1782c4138d97ce6341e77af5b4b66c15c33813b3930b620688dde1447f10a950248b60dc05f75ba514b27b56720b96eabffc057090659e051ca4dd07af4b57dec639673bc574
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9612448
-      Version: 3
-      TBS:
-        MD5: 2fc76031fc24eec1ef3db2d246d21d6a
-        SHA1: 75c3a1f76b9dfa31ef6bf56325e7bd0bf6e4779d
-        SHA256: 9238292d441c56dc89684c253343c17de3ed9cecd7f83d1d8f793b5ebc91f7b9
-        SHA384: 9279c1377eb701fdd79ef85038ff151cd8902169ba55fca84b9850f003563f73a1daaf869544252a2e42f06f58d2275f
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 0100000000010f5c98b8f5
-      Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      Version: 1
-  Imphash: 3a4e0bc46866ca54459753f62c879b62
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: efa9728ff65fc5bd690400a9a6252642
-    SHA1: b827692fe57b0b51f7671d55c0a5dd6446342acd
-    SHA256: 911541d26b605a97ba099563b9eb7e027c102f139dba5884a57df5a13cf3dcef
-  Company: Elaborate Bytes AG
-  Copyright: Copyright (C) 2000 - 2007 Elaborate Bytes AG
-  CreationTimestamp: '2007-08-07 13:48:32'
-  Description: ElbyCD Windows NT/2000/XP I/O driver
-  ExportedFunctions: ''
-  FileVersion: 6, 0, 1, 0
-  Filename: ElbyCDIO.sys
-  ImportedFunctions:
-  - ZwWriteFile
-  - ZwClose
-  - ZwSetInformationFile
-  - ZwQueryInformationFile
-  - ZwOpenFile
-  - RtlInitUnicodeString
-  - ZwCreateFile
-  - ZwCreateKey
-  - swprintf
-  - ZwQueryVolumeInformationFile
-  - ZwQuerySymbolicLinkObject
-  - ZwOpenSymbolicLinkObject
-  - ZwQueryValueKey
-  - ZwOpenKey
-  - ZwSetValueKey
-  - ZwSetInformationThread
-  - PsTerminateSystemThread
-  - KeWaitForSingleObject
-  - KeSetEvent
-  - ObfDereferenceObject
-  - ObReferenceObjectByHandle
-  - PsCreateSystemThread
-  - KeInitializeEvent
-  - ZwReadFile
-  - PsGetCurrentProcessId
-  - IofCompleteRequest
-  - KeInitializeMutex
-  - ExAllocatePool
-  - RtlFreeUnicodeString
-  - RtlAnsiStringToUnicodeString
-  - RtlInitAnsiString
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - IofCallDriver
-  - IoBuildDeviceIoControlRequest
-  - IoFreeMdl
-  - MmUnlockPages
-  - MmMapLockedPages
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - _except_handler3
-  - ZwDeleteKey
-  - ZwDeviceIoControlFile
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeTickCount
-  - KeBugCheckEx
-  - KeInitializeSpinLock
-  - ExFreePool
-  - KeReleaseMutex
-  - KfReleaseSpinLock
-  - KfAcquireSpinLock
-  - KeQueryPerformanceCounter
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ElbyCDIO
-  MD5: aaa8999a169e39fb8b48ae49cd6ac30a
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ElbyCDIO.sys
-  Product: CDRTools
-  ProductVersion: 6, 0, 0, 0
-  RichPEHeaderHash:
-    MD5: 2bd828d8b8ded8e0c78b284e2297acf9
-    SHA1: 2ab50048d7b02cbbbffdf54058b0df8f317c21af
-    SHA256: 56c02208d99c7edffe52c78ded19f95263f6e97639c8f4c6497ebf2191a732fd
-  SHA1: 2eeab9786dac3f5f69e642f6e29f4e4819038551
-  SHA256: 8137ce22d0d0fc5ea5b174d6ad3506a4949506477b1325da2ccb76511f4c4f60
-  Sections:
-    .text:
-      Entropy: 6.372399086395989
-      Virtual Size: '0x2e68'
-    .rdata:
-      Entropy: 7.130199720860538
-      Virtual Size: '0x5e4'
-    .data:
-      Entropy: 2.0
-      Virtual Size: '0x4'
-    INIT:
-      Entropy: 5.4063363613622535
-      Virtual Size: '0x59c'
-    .rsrc:
-      Entropy: 3.323528167515758
-      Virtual Size: '0x4d8'
-    .reloc:
-      Entropy: 5.105327103742467
-      Virtual Size: '0x1f0'
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=CH, O=Elaborate Bytes AG, CN=Elaborate Bytes AG, emailAddress=admin@elby.ch
-      ValidFrom: '2006-12-07 11:07:29'
-      ValidTo: '2008-12-07 11:07:29'
-      Signature: 312a78bb7289ca49f93bb483f0a56c77003b9bc3dda8096af5a455a642aeb201ceaadcacce82396eadef1bc05108e296eae1d8d074949170f28f78fa24bed56e7dca69067866d2d790c10929db5d6e7026906dc96a4c3e2b0254b86328393272826bad272dc3911b2c3ec6832d88e95a696d7e5da86c3f946c306df5a5d7e78b0cba5df4d78035e76fa33c452afc780ffe36246c58fdd0e150d22fce7df4dd954eae19a60009e5b99b8649b6d728a46bd9f90ddfbccb6951dfa7b106a6d0fda3b76b23ef475dcf2d1147ae15d4d34035e1929681fe802dfbc5bbbcd98e107c39cbe07cce6911a9202709853bcc4748fde8dc409b7939be5e4b6c97fb90dc6031
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0100000000010f5c98b8f5
-      Version: 3
-      TBS:
-        MD5: 832074a51bea8e4758c8dfeb2e96ad84
-        SHA1: 04ba895ed074635a01875a1f25da93e2e2cbbfba
-        SHA256: c5ba90a16c07cee0cb480ee21c9bedaf3ea4cbe004589b74fb9c2c0bedbc7c1b
-        SHA384: 94a7139c5e1fb29c73f8882dc40027a3929d0aab66c9be0138707c68ba43a1f329477f4bcec47cb0d0d48e918fecc91d
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
-        Primary Object Publishing CA
-      ValidFrom: '1999-01-28 12:00:00'
-      ValidTo: '2014-01-27 11:00:00'
-      Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9611cd6
-      Version: 3
-      TBS:
-        MD5: 698f075151097d84c0b1f3e7bc3d6fca
-        SHA1: 041750993d7c9e063f02dfe74699598640911aab
-        SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
-        SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      ValidFrom: '2004-01-22 09:00:00'
-      ValidTo: '2014-01-27 10:00:00'
-      Signature: 11d45d8af43d0d9d7e4fa70071610b56b34caa70e1b2d1dec7886d1d897c2ba946e58b1f8e4cc26695911fe34d394ae31b70b7446edc068a4d6d25e89812dcbca0dd864eae8f81130540905a542529944acaf165b4ef0679dae7cb86f004c918dcee72b320015748dfe333e12ccd9c077f9447278d888d340ca67c5c20c17d07b3736b648c26d29bd7e87965a6a891a174862a050282c1847cf279cd3c2a2b0f99291eea8c8a1ab16aeaa266380e65e1add8c6c91f888d3976ee1782c4138d97ce6341e77af5b4b66c15c33813b3930b620688dde1447f10a950248b60dc05f75ba514b27b56720b96eabffc057090659e051ca4dd07af4b57dec639673bc574
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9612448
-      Version: 3
-      TBS:
-        MD5: 2fc76031fc24eec1ef3db2d246d21d6a
-        SHA1: 75c3a1f76b9dfa31ef6bf56325e7bd0bf6e4779d
-        SHA256: 9238292d441c56dc89684c253343c17de3ed9cecd7f83d1d8f793b5ebc91f7b9
-        SHA384: 9279c1377eb701fdd79ef85038ff151cd8902169ba55fca84b9850f003563f73a1daaf869544252a2e42f06f58d2275f
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 0100000000010f5c98b8f5
-      Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      Version: 1
-  Imphash: f4b8d579fbdb32eabd01954394f5bf3a
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 2b8c47b3e15625119ef7576646fdefda
-    SHA1: 5ad820b5cac4e44ded1534169631e7d3fc8547d1
-    SHA256: 8907c476440abdd7f71feb068443a7c9736aa6bf625dfb8b6931c46341aa4abf
-  Company: Elaborate Bytes AG
-  Copyright: Copyright (C) 2000 - 2007 Elaborate Bytes AG
-  CreationTimestamp: '2007-08-01 15:38:24'
-  Description: ElbyCD Windows NT/2000/XP I/O driver
-  ExportedFunctions: ''
-  FileVersion: 6, 0, 0, 7
-  Filename: ElbyCDIO.sys
-  ImportedFunctions:
-  - ZwWriteFile
-  - ZwClose
-  - ZwSetInformationFile
-  - ZwQueryInformationFile
-  - ZwOpenFile
-  - RtlInitUnicodeString
-  - ZwCreateFile
-  - ZwOpenKey
-  - swprintf
-  - ZwQueryVolumeInformationFile
-  - ZwQuerySymbolicLinkObject
-  - ZwOpenSymbolicLinkObject
-  - PsTerminateSystemThread
-  - ZwQueryInformationProcess
-  - ZwSetInformationThread
-  - KeReleaseMutex
-  - ObfDereferenceObject
-  - KeWaitForMultipleObjects
-  - PsCreateSystemThread
-  - KeWaitForSingleObject
-  - ObReferenceObjectByHandle
-  - ZwOpenProcess
-  - KeSetEvent
-  - KeInitializeEvent
-  - ZwReadFile
-  - IofCompleteRequest
-  - KeInitializeMutex
-  - ExAllocatePool
-  - RtlFreeUnicodeString
-  - RtlAnsiStringToUnicodeString
-  - RtlInitAnsiString
-  - ZwCreateKey
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - IofCallDriver
-  - IoBuildDeviceIoControlRequest
-  - IoFreeMdl
-  - MmUnlockPages
-  - MmMapLockedPages
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - _except_handler3
-  - ZwDeleteKey
-  - ZwDeviceIoControlFile
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeTickCount
-  - KeBugCheckEx
-  - KeInitializeSpinLock
-  - ExFreePool
-  - PsGetCurrentProcessId
-  - KfReleaseSpinLock
-  - KfAcquireSpinLock
-  - KeQueryPerformanceCounter
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ElbyCDIO
-  MD5: d21fba3d09e5b060bd08796916166218
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ElbyCDIO.sys
-  Product: CDRTools
-  ProductVersion: 6, 0, 0, 0
-  RichPEHeaderHash:
-    MD5: 589450fa6c6213445bb9aa901c944d47
-    SHA1: de49771e01d34ce6f4663a14eea50c9f509ab899
-    SHA256: 9e7a40176c4bb2dc5645359adf4e7252cab1ba935e18e191db2889044dc6c13d
-  SHA1: caa0cb48368542a54949be18475d45b342fb76e5
-  SHA256: 82fbcb371d53b8a76a25fbbafaae31147c0d1f6b9f26b3ea45262c2267386989
-  Sections:
-    .text:
-      Entropy: 6.418688362028714
-      Virtual Size: '0x2f68'
-    .rdata:
-      Entropy: 7.152099793791149
-      Virtual Size: '0x5e4'
-    .data:
-      Entropy: 2.0
-      Virtual Size: '0x4'
-    INIT:
-      Entropy: 5.406740545618571
-      Virtual Size: '0x5c6'
-    .rsrc:
-      Entropy: 3.328147473275693
-      Virtual Size: '0x4d8'
-    .reloc:
-      Entropy: 5.197766729983576
-      Virtual Size: '0x20c'
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=CH, O=Elaborate Bytes AG, CN=Elaborate Bytes AG, emailAddress=admin@elby.ch
-      ValidFrom: '2006-12-07 11:07:29'
-      ValidTo: '2008-12-07 11:07:29'
-      Signature: 312a78bb7289ca49f93bb483f0a56c77003b9bc3dda8096af5a455a642aeb201ceaadcacce82396eadef1bc05108e296eae1d8d074949170f28f78fa24bed56e7dca69067866d2d790c10929db5d6e7026906dc96a4c3e2b0254b86328393272826bad272dc3911b2c3ec6832d88e95a696d7e5da86c3f946c306df5a5d7e78b0cba5df4d78035e76fa33c452afc780ffe36246c58fdd0e150d22fce7df4dd954eae19a60009e5b99b8649b6d728a46bd9f90ddfbccb6951dfa7b106a6d0fda3b76b23ef475dcf2d1147ae15d4d34035e1929681fe802dfbc5bbbcd98e107c39cbe07cce6911a9202709853bcc4748fde8dc409b7939be5e4b6c97fb90dc6031
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0100000000010f5c98b8f5
-      Version: 3
-      TBS:
-        MD5: 832074a51bea8e4758c8dfeb2e96ad84
-        SHA1: 04ba895ed074635a01875a1f25da93e2e2cbbfba
-        SHA256: c5ba90a16c07cee0cb480ee21c9bedaf3ea4cbe004589b74fb9c2c0bedbc7c1b
-        SHA384: 94a7139c5e1fb29c73f8882dc40027a3929d0aab66c9be0138707c68ba43a1f329477f4bcec47cb0d0d48e918fecc91d
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
-        Primary Object Publishing CA
-      ValidFrom: '1999-01-28 12:00:00'
-      ValidTo: '2014-01-27 11:00:00'
-      Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9611cd6
-      Version: 3
-      TBS:
-        MD5: 698f075151097d84c0b1f3e7bc3d6fca
-        SHA1: 041750993d7c9e063f02dfe74699598640911aab
-        SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
-        SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      ValidFrom: '2004-01-22 09:00:00'
-      ValidTo: '2014-01-27 10:00:00'
-      Signature: 11d45d8af43d0d9d7e4fa70071610b56b34caa70e1b2d1dec7886d1d897c2ba946e58b1f8e4cc26695911fe34d394ae31b70b7446edc068a4d6d25e89812dcbca0dd864eae8f81130540905a542529944acaf165b4ef0679dae7cb86f004c918dcee72b320015748dfe333e12ccd9c077f9447278d888d340ca67c5c20c17d07b3736b648c26d29bd7e87965a6a891a174862a050282c1847cf279cd3c2a2b0f99291eea8c8a1ab16aeaa266380e65e1add8c6c91f888d3976ee1782c4138d97ce6341e77af5b4b66c15c33813b3930b620688dde1447f10a950248b60dc05f75ba514b27b56720b96eabffc057090659e051ca4dd07af4b57dec639673bc574
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9612448
-      Version: 3
-      TBS:
-        MD5: 2fc76031fc24eec1ef3db2d246d21d6a
-        SHA1: 75c3a1f76b9dfa31ef6bf56325e7bd0bf6e4779d
-        SHA256: 9238292d441c56dc89684c253343c17de3ed9cecd7f83d1d8f793b5ebc91f7b9
-        SHA384: 9279c1377eb701fdd79ef85038ff151cd8902169ba55fca84b9850f003563f73a1daaf869544252a2e42f06f58d2275f
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 0100000000010f5c98b8f5
-      Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      Version: 1
-  Imphash: 0265c50548889ffd5c2d3a2539885efe
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: fc16498ddf3716e03fdd527c456ea80b
-    SHA1: 7436e16cf348558015593cbf5ab9c117d97738cc
-    SHA256: a3cf1a6edd205e04653b4338c077072ee753cde0a692490ecaf7afde27df5f0b
-  Company: Elaborate Bytes AG
-  Copyright: Copyright (C) 2000 - 2006 Elaborate Bytes AG
-  CreationTimestamp: '2006-12-12 15:48:53'
-  Description: ElbyCD Windows NT/2000/XP I/O driver
-  ExportedFunctions: ''
-  FileVersion: 6, 0, 0, 1
-  Filename: ElbyCDIO.sys
-  ImportedFunctions:
-  - KeWaitForSingleObject
-  - RtlFreeUnicodeString
-  - ZwCreateFile
-  - RtlAnsiStringToUnicodeString
-  - RtlInitAnsiString
-  - ZwCreateKey
-  - ZwOpenKey
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - IofCallDriver
-  - IoBuildDeviceIoControlRequest
-  - KeInitializeEvent
-  - IoFreeMdl
-  - MmUnlockPages
-  - KeReleaseMutex
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - ExFreePool
-  - ObfDereferenceObject
-  - ObReferenceObjectByHandle
-  - ExAllocatePool
-  - ZwDeleteKey
-  - ZwClose
-  - ZwDeviceIoControlFile
-  - IoCreateSymbolicLink
-  - KeInitializeMutex
-  - IoCreateDevice
-  - RtlUnwind
-  - KeTickCount
-  - MmMapLockedPages
-  - IofCompleteRequest
-  - KeQueryPerformanceCounter
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ElbyCDIO
-  MD5: b5326548762bfaae7a42d5b0898dfeac
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ElbyCDIO.sys
-  Product: CDRTools
-  ProductVersion: 6, 0, 0, 0
-  RichPEHeaderHash:
-    MD5: c15e20cb179a835c6a295f891d4f43f6
-    SHA1: fb716dec77e711df26bca8c29284c5c21c92a808
-    SHA256: 626b9fbb41fcf7bc7185e02b6d4ca83f5070929c4645876c4b19aa50765655e1
-  SHA1: f3029dba668285aac04117273599ac12a94a3564
-  SHA256: 8f68ca89910ebe9da3d02ec82d935de1814d79c44f36cd30ea02fa49ae488f00
-  Sections:
-    .text:
-      Entropy: 6.0145723403420055
-      Virtual Size: '0xe10'
-    .rdata:
-      Entropy: 3.950676692337647
-      Virtual Size: '0x178'
-    .data:
-      Entropy: 1.9182958340544898
-      Virtual Size: '0x18'
-    INIT:
-      Entropy: 5.282185901600035
-      Virtual Size: '0x3a0'
-    .rsrc:
-      Entropy: 3.322524044533632
-      Virtual Size: '0x4d8'
-    .reloc:
-      Entropy: 4.897249100220145
-      Virtual Size: '0x134'
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=CH, O=Elaborate Bytes AG, CN=Elaborate Bytes AG, emailAddress=admin@elby.ch
-      ValidFrom: '2006-12-07 11:07:29'
-      ValidTo: '2008-12-07 11:07:29'
-      Signature: 312a78bb7289ca49f93bb483f0a56c77003b9bc3dda8096af5a455a642aeb201ceaadcacce82396eadef1bc05108e296eae1d8d074949170f28f78fa24bed56e7dca69067866d2d790c10929db5d6e7026906dc96a4c3e2b0254b86328393272826bad272dc3911b2c3ec6832d88e95a696d7e5da86c3f946c306df5a5d7e78b0cba5df4d78035e76fa33c452afc780ffe36246c58fdd0e150d22fce7df4dd954eae19a60009e5b99b8649b6d728a46bd9f90ddfbccb6951dfa7b106a6d0fda3b76b23ef475dcf2d1147ae15d4d34035e1929681fe802dfbc5bbbcd98e107c39cbe07cce6911a9202709853bcc4748fde8dc409b7939be5e4b6c97fb90dc6031
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0100000000010f5c98b8f5
-      Version: 3
-      TBS:
-        MD5: 832074a51bea8e4758c8dfeb2e96ad84
-        SHA1: 04ba895ed074635a01875a1f25da93e2e2cbbfba
-        SHA256: c5ba90a16c07cee0cb480ee21c9bedaf3ea4cbe004589b74fb9c2c0bedbc7c1b
-        SHA384: 94a7139c5e1fb29c73f8882dc40027a3929d0aab66c9be0138707c68ba43a1f329477f4bcec47cb0d0d48e918fecc91d
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
-        Primary Object Publishing CA
-      ValidFrom: '1999-01-28 12:00:00'
-      ValidTo: '2014-01-27 11:00:00'
-      Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9611cd6
-      Version: 3
-      TBS:
-        MD5: 698f075151097d84c0b1f3e7bc3d6fca
-        SHA1: 041750993d7c9e063f02dfe74699598640911aab
-        SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
-        SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2008-12-03 23:59:59'
-      Signature: 877870da4e5201205be079c98230c4fdb91996bd9100c3bdcdcdc6f40ed8fff94dc033623011c5f5741bd492de5f9c2013b17c45be50cd83e7801783a72793671346fbcab8984103cc9b515b058b7fa86ff31b501b242ef2698d6c22f7bbca1695ed0c74c06877d9eb996287c17390f889747a23aba3987b97b1f78f29714d2e751b4841daf0b50d2054d677a097826369fd09cf8af075bb099bd9f91155269a6132be7a02b07b86bea2c38b222c78d13576bc92735cf9b9e64c150a23cce4d2d4342e4940153c0f607a24c6a566ef96cf70eb3ee7f40d7edcd17ca3767169c19c4f47303521b1a2af1a623c2bd98eaa2a077bd818b35c7be29da56ffe3c89ad
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0de92bf0d4d82988183205095e9a7688
-      Version: 3
-      TBS:
-        MD5: 45c204b8a20f6abb0188d2d38a3fb0c9
-        SHA1: cdf3a3c5c2eda4c29621f30fd3154f9f8c765739
-        SHA256: e32839dddc0f4ed2474efaf37f59d46db400c700fd19533cb0895a111124bc77
-        SHA384: ee9c75832cb252218b3201619852209df490d2ef7a5f7a28afdb37f1c1dd56f4604898838e558f615b1c798d4a488223
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      ValidFrom: '2004-01-22 09:00:00'
-      ValidTo: '2014-01-27 10:00:00'
-      Signature: 11d45d8af43d0d9d7e4fa70071610b56b34caa70e1b2d1dec7886d1d897c2ba946e58b1f8e4cc26695911fe34d394ae31b70b7446edc068a4d6d25e89812dcbca0dd864eae8f81130540905a542529944acaf165b4ef0679dae7cb86f004c918dcee72b320015748dfe333e12ccd9c077f9447278d888d340ca67c5c20c17d07b3736b648c26d29bd7e87965a6a891a174862a050282c1847cf279cd3c2a2b0f99291eea8c8a1ab16aeaa266380e65e1add8c6c91f888d3976ee1782c4138d97ce6341e77af5b4b66c15c33813b3930b620688dde1447f10a950248b60dc05f75ba514b27b56720b96eabffc057090659e051ca4dd07af4b57dec639673bc574
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9612448
-      Version: 3
-      TBS:
-        MD5: 2fc76031fc24eec1ef3db2d246d21d6a
-        SHA1: 75c3a1f76b9dfa31ef6bf56325e7bd0bf6e4779d
-        SHA256: 9238292d441c56dc89684c253343c17de3ed9cecd7f83d1d8f793b5ebc91f7b9
-        SHA384: 9279c1377eb701fdd79ef85038ff151cd8902169ba55fca84b9850f003563f73a1daaf869544252a2e42f06f58d2275f
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 0100000000010f5c98b8f5
-      Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      Version: 1
-  Imphash: b91054cdc4c8b3169cfe6c157f6d9f07
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: b5cb05a635b6932ea1f7c0ee35592e37
-    SHA1: e8dc3aa48d494fb2bc096523e11859afdd18b10a
-    SHA256: e85d36ca271c4d65abc1cdfff0e629dc5d14edb5bf97669badbb40d2715c1d47
-  Company: Elaborate Bytes AG
-  Copyright: Copyright (C) 2000 - 2008 Elaborate Bytes AG
-  CreationTimestamp: '2008-07-16 14:59:51'
-  Description: ElbyCD Windows x64 I/O driver
-  ExportedFunctions: ''
-  FileVersion: 6, 0, 1, 1
-  Filename: ElbyCDIO.sys
-  ImportedFunctions:
-  - KeAcquireSpinLockRaiseToDpc
-  - KeReleaseSpinLock
-  - ZwReadFile
-  - ZwWriteFile
-  - ZwCreateFile
-  - RtlInitUnicodeString
-  - swprintf
-  - ZwQueryVolumeInformationFile
-  - ZwOpenFile
-  - ZwClose
-  - ZwQuerySymbolicLinkObject
-  - ZwOpenSymbolicLinkObject
-  - PsTerminateSystemThread
-  - ZwSetInformationThread
-  - KeWaitForSingleObject
-  - KeSetEvent
-  - ObfDereferenceObject
-  - ObReferenceObjectByHandle
-  - PsCreateSystemThread
-  - KeInitializeEvent
-  - KeReleaseMutex
-  - PsGetCurrentProcessId
-  - IofCompleteRequest
-  - ExAllocatePool
-  - ExFreePool
-  - RtlFreeUnicodeString
-  - RtlAnsiStringToUnicodeString
-  - RtlInitAnsiString
-  - ZwCreateKey
-  - ZwOpenKey
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - IofCallDriver
-  - IoBuildDeviceIoControlRequest
-  - __C_specific_handler
-  - IoFreeMdl
-  - MmUnlockPages
-  - MmMapLockedPages
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - ZwDeviceIoControlFile
-  - ZwDeleteKey
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeBugCheckEx
-  - KeInitializeMutex
-  - KeQueryPerformanceCounter
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ElbyCDIO
-  MD5: e9ccb6bac8715918a2ac35d8f0b4e1e6
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ElbyCDIO.sys
-  Product: CDRTools
-  ProductVersion: 6, 0, 0, 0
-  RichPEHeaderHash:
-    MD5: add874dc7800e93a88bff903834a5d72
-    SHA1: ed0bb5ae3434fbd499bdb7a1a42a5bae1a47966d
-    SHA256: ef169f60c3155370805f35d7174379ea25c0fb03402cce2957e3af2bcc70690b
-  SHA1: 9feacc95d30107ce3e1e9a491e2c12d73eef2979
-  SHA256: 9679758455c69877fce866267d60c39d108b495dca183954e4af869902965b3d
-  Sections:
-    .text:
-      Entropy: 6.208771681315594
-      Virtual Size: '0x3c52'
-    .rdata:
-      Entropy: 6.179147948380344
-      Virtual Size: '0xb78'
-    .data:
-      Entropy: 0.5159719988134768
-      Virtual Size: '0x110'
-    .pdata:
-      Entropy: 4.160152730018761
-      Virtual Size: '0x2e8'
-    INIT:
-      Entropy: 5.032885005168776
-      Virtual Size: '0x610'
-    .rsrc:
-      Entropy: 3.3171665901498995
-      Virtual Size: '0x4a8'
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=CH, O=Elaborate Bytes AG, CN=Elaborate Bytes AG, emailAddress=admin@elby.ch
-      ValidFrom: '2006-12-07 11:07:29'
-      ValidTo: '2008-12-07 11:07:29'
-      Signature: 312a78bb7289ca49f93bb483f0a56c77003b9bc3dda8096af5a455a642aeb201ceaadcacce82396eadef1bc05108e296eae1d8d074949170f28f78fa24bed56e7dca69067866d2d790c10929db5d6e7026906dc96a4c3e2b0254b86328393272826bad272dc3911b2c3ec6832d88e95a696d7e5da86c3f946c306df5a5d7e78b0cba5df4d78035e76fa33c452afc780ffe36246c58fdd0e150d22fce7df4dd954eae19a60009e5b99b8649b6d728a46bd9f90ddfbccb6951dfa7b106a6d0fda3b76b23ef475dcf2d1147ae15d4d34035e1929681fe802dfbc5bbbcd98e107c39cbe07cce6911a9202709853bcc4748fde8dc409b7939be5e4b6c97fb90dc6031
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0100000000010f5c98b8f5
-      Version: 3
-      TBS:
-        MD5: 832074a51bea8e4758c8dfeb2e96ad84
-        SHA1: 04ba895ed074635a01875a1f25da93e2e2cbbfba
-        SHA256: c5ba90a16c07cee0cb480ee21c9bedaf3ea4cbe004589b74fb9c2c0bedbc7c1b
-        SHA384: 94a7139c5e1fb29c73f8882dc40027a3929d0aab66c9be0138707c68ba43a1f329477f4bcec47cb0d0d48e918fecc91d
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
-        Primary Object Publishing CA
-      ValidFrom: '1999-01-28 12:00:00'
-      ValidTo: '2014-01-27 11:00:00'
-      Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9611cd6
-      Version: 3
-      TBS:
-        MD5: 698f075151097d84c0b1f3e7bc3d6fca
-        SHA1: 041750993d7c9e063f02dfe74699598640911aab
-        SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
-        SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      ValidFrom: '2004-01-22 09:00:00'
-      ValidTo: '2014-01-27 10:00:00'
-      Signature: 11d45d8af43d0d9d7e4fa70071610b56b34caa70e1b2d1dec7886d1d897c2ba946e58b1f8e4cc26695911fe34d394ae31b70b7446edc068a4d6d25e89812dcbca0dd864eae8f81130540905a542529944acaf165b4ef0679dae7cb86f004c918dcee72b320015748dfe333e12ccd9c077f9447278d888d340ca67c5c20c17d07b3736b648c26d29bd7e87965a6a891a174862a050282c1847cf279cd3c2a2b0f99291eea8c8a1ab16aeaa266380e65e1add8c6c91f888d3976ee1782c4138d97ce6341e77af5b4b66c15c33813b3930b620688dde1447f10a950248b60dc05f75ba514b27b56720b96eabffc057090659e051ca4dd07af4b57dec639673bc574
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9612448
-      Version: 3
-      TBS:
-        MD5: 2fc76031fc24eec1ef3db2d246d21d6a
-        SHA1: 75c3a1f76b9dfa31ef6bf56325e7bd0bf6e4779d
-        SHA256: 9238292d441c56dc89684c253343c17de3ed9cecd7f83d1d8f793b5ebc91f7b9
-        SHA384: 9279c1377eb701fdd79ef85038ff151cd8902169ba55fca84b9850f003563f73a1daaf869544252a2e42f06f58d2275f
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 0100000000010f5c98b8f5
-      Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      Version: 1
-  Imphash: e804d4ee2c20f3eb1d3c955e38a2fe11
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 47a02497d57e9ffa7ab2490d15a0bf90
-    SHA1: da00f69b9d1e4a997094651f4af2c0faad653a10
-    SHA256: c1bbe628f79528417ea741dfad2f589fc4e5c62152e632a89ed080da029d5384
-  Company: Elaborate Bytes AG
-  Copyright: Copyright (C) 2000 - 2008 Elaborate Bytes AG
-  CreationTimestamp: '2008-07-21 06:11:57'
-  Description: ElbyCD Windows NT/2000/XP I/O driver
-  ExportedFunctions: ''
-  FileVersion: 6, 0, 1, 2
-  Filename: ElbyCDIO.sys
-  ImportedFunctions:
-  - ZwWriteFile
-  - ZwCreateFile
-  - RtlInitUnicodeString
-  - swprintf
-  - ZwQueryVolumeInformationFile
-  - ZwOpenFile
-  - ZwClose
-  - ZwQuerySymbolicLinkObject
-  - ZwOpenSymbolicLinkObject
-  - PsTerminateSystemThread
-  - KeWaitForSingleObject
-  - ZwSetInformationThread
-  - KeSetEvent
-  - ObfDereferenceObject
-  - ObReferenceObjectByHandle
-  - PsCreateSystemThread
-  - KeInitializeEvent
-  - KeReleaseMutex
-  - PsGetCurrentProcessId
-  - IofCompleteRequest
-  - KeInitializeMutex
-  - ZwReadFile
-  - RtlFreeUnicodeString
-  - RtlAnsiStringToUnicodeString
-  - RtlInitAnsiString
-  - ZwCreateKey
-  - ZwOpenKey
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - IofCallDriver
-  - IoBuildDeviceIoControlRequest
-  - IoFreeMdl
-  - MmUnlockPages
-  - MmMapLockedPages
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - _except_handler3
-  - ZwDeleteKey
-  - ZwDeviceIoControlFile
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeTickCount
-  - KeBugCheckEx
-  - KeInitializeSpinLock
-  - ExFreePool
-  - ExAllocatePool
-  - KfReleaseSpinLock
-  - KfAcquireSpinLock
-  - KeQueryPerformanceCounter
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ElbyCDIO
-  MD5: 28cb0b64134ad62c2acf77db8501a619
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ElbyCDIO.sys
-  Product: CDRTools
-  ProductVersion: 6, 0, 0, 0
-  RichPEHeaderHash:
-    MD5: 27082193599c13d88cd3571465c0869f
-    SHA1: 0ca5abc904d8a25537355902fe3e897263b7c780
-    SHA256: 345dc7d1b4b40f3ae817e86ae8a68038f88f5c21c8c34876e2f0c320a681e724
-  SHA1: 5742ad3d30bd34c0c26c466ac6475a2b832ad59e
-  SHA256: ada4e42bf5ef58ef1aad94435441003b1cc1fcaa5d38bfdbe1a3d736dc451d47
-  Sections:
-    .text:
-      Entropy: 6.423559104609518
-      Virtual Size: '0x2bf4'
-    .rdata:
-      Entropy: 7.167113007266431
-      Virtual Size: '0x5d4'
-    .data:
-      Entropy: 2.0
-      Virtual Size: '0x4'
-    INIT:
-      Entropy: 5.419300948032812
-      Virtual Size: '0x538'
-    .rsrc:
-      Entropy: 3.3353960748169276
-      Virtual Size: '0x4d8'
-    .reloc:
-      Entropy: 4.982180549430246
-      Virtual Size: '0x1c4'
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=CH, O=Elaborate Bytes AG, CN=Elaborate Bytes AG, emailAddress=admin@elby.ch
-      ValidFrom: '2006-12-07 11:07:29'
-      ValidTo: '2008-12-07 11:07:29'
-      Signature: 312a78bb7289ca49f93bb483f0a56c77003b9bc3dda8096af5a455a642aeb201ceaadcacce82396eadef1bc05108e296eae1d8d074949170f28f78fa24bed56e7dca69067866d2d790c10929db5d6e7026906dc96a4c3e2b0254b86328393272826bad272dc3911b2c3ec6832d88e95a696d7e5da86c3f946c306df5a5d7e78b0cba5df4d78035e76fa33c452afc780ffe36246c58fdd0e150d22fce7df4dd954eae19a60009e5b99b8649b6d728a46bd9f90ddfbccb6951dfa7b106a6d0fda3b76b23ef475dcf2d1147ae15d4d34035e1929681fe802dfbc5bbbcd98e107c39cbe07cce6911a9202709853bcc4748fde8dc409b7939be5e4b6c97fb90dc6031
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0100000000010f5c98b8f5
-      Version: 3
-      TBS:
-        MD5: 832074a51bea8e4758c8dfeb2e96ad84
-        SHA1: 04ba895ed074635a01875a1f25da93e2e2cbbfba
-        SHA256: c5ba90a16c07cee0cb480ee21c9bedaf3ea4cbe004589b74fb9c2c0bedbc7c1b
-        SHA384: 94a7139c5e1fb29c73f8882dc40027a3929d0aab66c9be0138707c68ba43a1f329477f4bcec47cb0d0d48e918fecc91d
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
-        Primary Object Publishing CA
-      ValidFrom: '1999-01-28 12:00:00'
-      ValidTo: '2014-01-27 11:00:00'
-      Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9611cd6
-      Version: 3
-      TBS:
-        MD5: 698f075151097d84c0b1f3e7bc3d6fca
-        SHA1: 041750993d7c9e063f02dfe74699598640911aab
-        SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
-        SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      ValidFrom: '2004-01-22 09:00:00'
-      ValidTo: '2014-01-27 10:00:00'
-      Signature: 11d45d8af43d0d9d7e4fa70071610b56b34caa70e1b2d1dec7886d1d897c2ba946e58b1f8e4cc26695911fe34d394ae31b70b7446edc068a4d6d25e89812dcbca0dd864eae8f81130540905a542529944acaf165b4ef0679dae7cb86f004c918dcee72b320015748dfe333e12ccd9c077f9447278d888d340ca67c5c20c17d07b3736b648c26d29bd7e87965a6a891a174862a050282c1847cf279cd3c2a2b0f99291eea8c8a1ab16aeaa266380e65e1add8c6c91f888d3976ee1782c4138d97ce6341e77af5b4b66c15c33813b3930b620688dde1447f10a950248b60dc05f75ba514b27b56720b96eabffc057090659e051ca4dd07af4b57dec639673bc574
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9612448
-      Version: 3
-      TBS:
-        MD5: 2fc76031fc24eec1ef3db2d246d21d6a
-        SHA1: 75c3a1f76b9dfa31ef6bf56325e7bd0bf6e4779d
-        SHA256: 9238292d441c56dc89684c253343c17de3ed9cecd7f83d1d8f793b5ebc91f7b9
-        SHA384: 9279c1377eb701fdd79ef85038ff151cd8902169ba55fca84b9850f003563f73a1daaf869544252a2e42f06f58d2275f
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 0100000000010f5c98b8f5
-      Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      Version: 1
-  Imphash: 751c6b5c201f8c52f5512350cad88ddc
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: fc16498ddf3716e03fdd527c456ea80b
-    SHA1: 7436e16cf348558015593cbf5ab9c117d97738cc
-    SHA256: a3cf1a6edd205e04653b4338c077072ee753cde0a692490ecaf7afde27df5f0b
-  Company: Elaborate Bytes AG
-  Copyright: Copyright (C) 2000 - 2006 Elaborate Bytes AG
-  CreationTimestamp: '2006-12-12 15:48:53'
-  Description: ElbyCD Windows NT/2000/XP I/O driver
-  ExportedFunctions: ''
-  FileVersion: 6, 0, 0, 1
-  Filename: ElbyCDIO.sys
-  ImportedFunctions:
-  - KeWaitForSingleObject
-  - RtlFreeUnicodeString
-  - ZwCreateFile
-  - RtlAnsiStringToUnicodeString
-  - RtlInitAnsiString
-  - ZwCreateKey
-  - ZwOpenKey
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - IofCallDriver
-  - IoBuildDeviceIoControlRequest
-  - KeInitializeEvent
-  - IoFreeMdl
-  - MmUnlockPages
-  - KeReleaseMutex
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - ExFreePool
-  - ObfDereferenceObject
-  - ObReferenceObjectByHandle
-  - ExAllocatePool
-  - ZwDeleteKey
-  - ZwClose
-  - ZwDeviceIoControlFile
-  - IoCreateSymbolicLink
-  - KeInitializeMutex
-  - IoCreateDevice
-  - RtlUnwind
-  - KeTickCount
-  - MmMapLockedPages
-  - IofCompleteRequest
-  - KeQueryPerformanceCounter
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ElbyCDIO
-  MD5: f141db170bb4c6e088f30ddc58404ad3
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ElbyCDIO.sys
-  Product: CDRTools
-  ProductVersion: 6, 0, 0, 0
-  RichPEHeaderHash:
-    MD5: c15e20cb179a835c6a295f891d4f43f6
-    SHA1: fb716dec77e711df26bca8c29284c5c21c92a808
-    SHA256: 626b9fbb41fcf7bc7185e02b6d4ca83f5070929c4645876c4b19aa50765655e1
-  SHA1: 34b0f1b2038a1572ee6381022a24333357b033c4
-  SHA256: c8eaa5e6d3230b93c126d2d58e32409e4aeeb23ccf0dd047a17f1ef552f92fe9
-  Sections:
-    .text:
-      Entropy: 6.0145723403420055
-      Virtual Size: '0xe10'
-    .rdata:
-      Entropy: 3.950676692337647
-      Virtual Size: '0x178'
-    .data:
-      Entropy: 1.9182958340544898
-      Virtual Size: '0x18'
-    INIT:
-      Entropy: 5.282185901600035
-      Virtual Size: '0x3a0'
-    .rsrc:
-      Entropy: 3.322524044533632
-      Virtual Size: '0x4d8'
-    .reloc:
-      Entropy: 4.897249100220145
-      Virtual Size: '0x134'
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=CH, O=Elaborate Bytes AG, CN=Elaborate Bytes AG, emailAddress=admin@elby.ch
-      ValidFrom: '2006-12-07 11:07:29'
-      ValidTo: '2008-12-07 11:07:29'
-      Signature: 312a78bb7289ca49f93bb483f0a56c77003b9bc3dda8096af5a455a642aeb201ceaadcacce82396eadef1bc05108e296eae1d8d074949170f28f78fa24bed56e7dca69067866d2d790c10929db5d6e7026906dc96a4c3e2b0254b86328393272826bad272dc3911b2c3ec6832d88e95a696d7e5da86c3f946c306df5a5d7e78b0cba5df4d78035e76fa33c452afc780ffe36246c58fdd0e150d22fce7df4dd954eae19a60009e5b99b8649b6d728a46bd9f90ddfbccb6951dfa7b106a6d0fda3b76b23ef475dcf2d1147ae15d4d34035e1929681fe802dfbc5bbbcd98e107c39cbe07cce6911a9202709853bcc4748fde8dc409b7939be5e4b6c97fb90dc6031
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0100000000010f5c98b8f5
-      Version: 3
-      TBS:
-        MD5: 832074a51bea8e4758c8dfeb2e96ad84
-        SHA1: 04ba895ed074635a01875a1f25da93e2e2cbbfba
-        SHA256: c5ba90a16c07cee0cb480ee21c9bedaf3ea4cbe004589b74fb9c2c0bedbc7c1b
-        SHA384: 94a7139c5e1fb29c73f8882dc40027a3929d0aab66c9be0138707c68ba43a1f329477f4bcec47cb0d0d48e918fecc91d
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
-        Primary Object Publishing CA
-      ValidFrom: '1999-01-28 12:00:00'
-      ValidTo: '2014-01-27 11:00:00'
-      Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9611cd6
-      Version: 3
-      TBS:
-        MD5: 698f075151097d84c0b1f3e7bc3d6fca
-        SHA1: 041750993d7c9e063f02dfe74699598640911aab
-        SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
-        SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2008-12-03 23:59:59'
-      Signature: 877870da4e5201205be079c98230c4fdb91996bd9100c3bdcdcdc6f40ed8fff94dc033623011c5f5741bd492de5f9c2013b17c45be50cd83e7801783a72793671346fbcab8984103cc9b515b058b7fa86ff31b501b242ef2698d6c22f7bbca1695ed0c74c06877d9eb996287c17390f889747a23aba3987b97b1f78f29714d2e751b4841daf0b50d2054d677a097826369fd09cf8af075bb099bd9f91155269a6132be7a02b07b86bea2c38b222c78d13576bc92735cf9b9e64c150a23cce4d2d4342e4940153c0f607a24c6a566ef96cf70eb3ee7f40d7edcd17ca3767169c19c4f47303521b1a2af1a623c2bd98eaa2a077bd818b35c7be29da56ffe3c89ad
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0de92bf0d4d82988183205095e9a7688
-      Version: 3
-      TBS:
-        MD5: 45c204b8a20f6abb0188d2d38a3fb0c9
-        SHA1: cdf3a3c5c2eda4c29621f30fd3154f9f8c765739
-        SHA256: e32839dddc0f4ed2474efaf37f59d46db400c700fd19533cb0895a111124bc77
-        SHA384: ee9c75832cb252218b3201619852209df490d2ef7a5f7a28afdb37f1c1dd56f4604898838e558f615b1c798d4a488223
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      ValidFrom: '2004-01-22 09:00:00'
-      ValidTo: '2014-01-27 10:00:00'
-      Signature: 11d45d8af43d0d9d7e4fa70071610b56b34caa70e1b2d1dec7886d1d897c2ba946e58b1f8e4cc26695911fe34d394ae31b70b7446edc068a4d6d25e89812dcbca0dd864eae8f81130540905a542529944acaf165b4ef0679dae7cb86f004c918dcee72b320015748dfe333e12ccd9c077f9447278d888d340ca67c5c20c17d07b3736b648c26d29bd7e87965a6a891a174862a050282c1847cf279cd3c2a2b0f99291eea8c8a1ab16aeaa266380e65e1add8c6c91f888d3976ee1782c4138d97ce6341e77af5b4b66c15c33813b3930b620688dde1447f10a950248b60dc05f75ba514b27b56720b96eabffc057090659e051ca4dd07af4b57dec639673bc574
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9612448
-      Version: 3
-      TBS:
-        MD5: 2fc76031fc24eec1ef3db2d246d21d6a
-        SHA1: 75c3a1f76b9dfa31ef6bf56325e7bd0bf6e4779d
-        SHA256: 9238292d441c56dc89684c253343c17de3ed9cecd7f83d1d8f793b5ebc91f7b9
-        SHA384: 9279c1377eb701fdd79ef85038ff151cd8902169ba55fca84b9850f003563f73a1daaf869544252a2e42f06f58d2275f
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 0100000000010f5c98b8f5
-      Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      Version: 1
-  Imphash: b91054cdc4c8b3169cfe6c157f6d9f07
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: c18c29b48a4e04a3cd761dc733cfda55
-    SHA1: f43590d096d3ed0bbcfd2b0e41a327ba365bd9ec
-    SHA256: 262268f21c789c2bdaf1950b556456a9a5114ed5759d806200b0cec107bf76d7
-  Company: Elaborate Bytes AG
-  Copyright: Copyright (C) 2000 - 2007 Elaborate Bytes AG
-  CreationTimestamp: '2007-07-20 05:58:51'
-  Description: ElbyCD Windows NT/2000/XP I/O driver
-  ExportedFunctions: ''
-  FileVersion: 6, 0, 0, 4
-  Filename: ElbyCDIO.sys
-  ImportedFunctions:
-  - ZwWriteFile
-  - ZwClose
-  - ZwSetInformationFile
-  - ZwQueryInformationFile
-  - ZwOpenFile
-  - RtlInitUnicodeString
-  - ZwCreateFile
-  - swprintf
-  - ZwQueryVolumeInformationFile
-  - ZwQuerySymbolicLinkObject
-  - ZwOpenSymbolicLinkObject
-  - PsTerminateSystemThread
-  - ZwQueryInformationProcess
-  - ZwSetInformationThread
-  - KeReleaseMutex
-  - ObfDereferenceObject
-  - KeWaitForMultipleObjects
-  - PsCreateSystemThread
-  - KeWaitForSingleObject
-  - ObReferenceObjectByHandle
-  - ZwOpenProcess
-  - KeSetEvent
-  - KeInitializeEvent
-  - PsGetCurrentProcessId
-  - ZwReadFile
-  - KeInitializeMutex
-  - ExAllocatePool
-  - RtlFreeUnicodeString
-  - RtlAnsiStringToUnicodeString
-  - RtlInitAnsiString
-  - ZwCreateKey
-  - ZwOpenKey
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - IofCallDriver
-  - IoBuildDeviceIoControlRequest
-  - IoFreeMdl
-  - MmUnlockPages
-  - MmMapLockedPages
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - _except_handler3
-  - ZwDeleteKey
-  - ZwDeviceIoControlFile
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeTickCount
-  - KeBugCheckEx
-  - KeInitializeSpinLock
-  - ExFreePool
-  - IofCompleteRequest
-  - KfReleaseSpinLock
-  - KfAcquireSpinLock
-  - KeQueryPerformanceCounter
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ElbyCDIO
-  MD5: 0634299fc837b47b531e4762d946b2ae
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ElbyCDIO.sys
-  Product: CDRTools
-  ProductVersion: 6, 0, 0, 0
-  RichPEHeaderHash:
-    MD5: 589450fa6c6213445bb9aa901c944d47
-    SHA1: de49771e01d34ce6f4663a14eea50c9f509ab899
-    SHA256: 9e7a40176c4bb2dc5645359adf4e7252cab1ba935e18e191db2889044dc6c13d
-  SHA1: 0a19a9c4c9185b80188da529ec9c9f45cbe73186
-  SHA256: f85eb576acb5db0d2f48e5f09a7244165a876fa1ca8697ebb773e4d7071d4439
-  Sections:
-    .text:
-      Entropy: 6.3852385935006275
-      Virtual Size: '0x2e68'
-    .rdata:
-      Entropy: 7.145465057024416
-      Virtual Size: '0x5e4'
-    .data:
-      Entropy: 2.0
-      Virtual Size: '0x4'
-    INIT:
-      Entropy: 5.397728657185974
-      Virtual Size: '0x5c6'
-    .rsrc:
-      Entropy: 3.32214356727726
-      Virtual Size: '0x4d8'
-    .reloc:
-      Entropy: 5.170233620489706
-      Virtual Size: '0x202'
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=CH, O=Elaborate Bytes AG, CN=Elaborate Bytes AG, emailAddress=admin@elby.ch
-      ValidFrom: '2006-12-07 11:07:29'
-      ValidTo: '2008-12-07 11:07:29'
-      Signature: 312a78bb7289ca49f93bb483f0a56c77003b9bc3dda8096af5a455a642aeb201ceaadcacce82396eadef1bc05108e296eae1d8d074949170f28f78fa24bed56e7dca69067866d2d790c10929db5d6e7026906dc96a4c3e2b0254b86328393272826bad272dc3911b2c3ec6832d88e95a696d7e5da86c3f946c306df5a5d7e78b0cba5df4d78035e76fa33c452afc780ffe36246c58fdd0e150d22fce7df4dd954eae19a60009e5b99b8649b6d728a46bd9f90ddfbccb6951dfa7b106a6d0fda3b76b23ef475dcf2d1147ae15d4d34035e1929681fe802dfbc5bbbcd98e107c39cbe07cce6911a9202709853bcc4748fde8dc409b7939be5e4b6c97fb90dc6031
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0100000000010f5c98b8f5
-      Version: 3
-      TBS:
-        MD5: 832074a51bea8e4758c8dfeb2e96ad84
-        SHA1: 04ba895ed074635a01875a1f25da93e2e2cbbfba
-        SHA256: c5ba90a16c07cee0cb480ee21c9bedaf3ea4cbe004589b74fb9c2c0bedbc7c1b
-        SHA384: 94a7139c5e1fb29c73f8882dc40027a3929d0aab66c9be0138707c68ba43a1f329477f4bcec47cb0d0d48e918fecc91d
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
-        Primary Object Publishing CA
-      ValidFrom: '1999-01-28 12:00:00'
-      ValidTo: '2014-01-27 11:00:00'
-      Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9611cd6
-      Version: 3
-      TBS:
-        MD5: 698f075151097d84c0b1f3e7bc3d6fca
-        SHA1: 041750993d7c9e063f02dfe74699598640911aab
-        SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
-        SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      ValidFrom: '2004-01-22 09:00:00'
-      ValidTo: '2014-01-27 10:00:00'
-      Signature: 11d45d8af43d0d9d7e4fa70071610b56b34caa70e1b2d1dec7886d1d897c2ba946e58b1f8e4cc26695911fe34d394ae31b70b7446edc068a4d6d25e89812dcbca0dd864eae8f81130540905a542529944acaf165b4ef0679dae7cb86f004c918dcee72b320015748dfe333e12ccd9c077f9447278d888d340ca67c5c20c17d07b3736b648c26d29bd7e87965a6a891a174862a050282c1847cf279cd3c2a2b0f99291eea8c8a1ab16aeaa266380e65e1add8c6c91f888d3976ee1782c4138d97ce6341e77af5b4b66c15c33813b3930b620688dde1447f10a950248b60dc05f75ba514b27b56720b96eabffc057090659e051ca4dd07af4b57dec639673bc574
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9612448
-      Version: 3
-      TBS:
-        MD5: 2fc76031fc24eec1ef3db2d246d21d6a
-        SHA1: 75c3a1f76b9dfa31ef6bf56325e7bd0bf6e4779d
-        SHA256: 9238292d441c56dc89684c253343c17de3ed9cecd7f83d1d8f793b5ebc91f7b9
-        SHA384: 9279c1377eb701fdd79ef85038ff151cd8902169ba55fca84b9850f003563f73a1daaf869544252a2e42f06f58d2275f
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 0100000000010f5c98b8f5
-      Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      Version: 1
-  Imphash: bc44fdc145156a15d0a803d18877b218
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 8fded3a6c81ca6901a7d7f618e79695c
-    SHA1: f164f2b99d6d505009a431e7e7702a8c07ce6df8
-    SHA256: 197896f4764d0c9e146cf532bbc531f93e6d61dbf28d25e3e96e2ba48d2b6c6a
-  Company: Elaborate Bytes AG
-  Copyright: Copyright (C) 2000 - 2009 Elaborate Bytes AG
-  CreationTimestamp: '2009-02-17 10:11:28'
-  Date: ''
-  Description: ElbyCD Windows NT/2000/XP I/O driver
-  ExportedFunctions: ''
-  FileVersion: 6, 0, 3, 2
-  Filename: ''
-  ImportedFunctions:
-  - KeReleaseMutex
-  - ProbeForRead
-  - ProbeForWrite
-  - _except_handler3
-  - ZwReadFile
-  - ZwWriteFile
-  - ZwCreateFile
-  - RtlInitUnicodeString
-  - swprintf
-  - ZwQueryVolumeInformationFile
-  - ZwOpenFile
-  - ZwClose
-  - ZwQuerySymbolicLinkObject
-  - ZwOpenSymbolicLinkObject
-  - PsTerminateSystemThread
-  - ZwSetInformationThread
-  - KeSetEvent
-  - ObfDereferenceObject
-  - ObReferenceObjectByHandle
-  - KeWaitForSingleObject
-  - KeInitializeEvent
-  - PsGetCurrentProcessId
-  - IofCompleteRequest
-  - KeInitializeMutex
-  - ExAllocatePool
-  - InterlockedIncrement
-  - RtlFreeUnicodeString
-  - RtlAnsiStringToUnicodeString
-  - RtlInitAnsiString
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - IofCallDriver
-  - IoBuildDeviceIoControlRequest
-  - InterlockedDecrement
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeTickCount
-  - KeBugCheckEx
-  - KeInitializeSpinLock
-  - ExFreePool
-  - PsCreateSystemThread
-  - KfReleaseSpinLock
-  - KfAcquireSpinLock
-  - KeQueryPerformanceCounter
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ElbyCDIO
-  MD5: 178cc9403816c082d22a1d47fa1f9c85
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ElbyCDIO.sys
-  PDBPath: ''
-  Product: CDRTools
-  ProductVersion: 6, 0, 0, 0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 68c265960ba9dbbeb5339eeaeac86554
-    SHA1: 8d25aca765706a60b288a10f42d68e9be8c025f0
-    SHA256: 843cba3393d38bbd23bfc5edfbed8559389e307362c071e83549e1657275c64e
-  SHA1: a838303cda908530ef124f8d6f7fb69938b613bc
-  SHA256: b9ad7199c00d477ebbc15f2dcf78a6ba60c2670dad0ef0994cebccb19111f890
-  Sections:
-    .text:
-      Entropy: 6.428816614413231
-      Virtual Size: '0x2ac0'
-    .rdata:
-      Entropy: 7.101350513884741
-      Virtual Size: '0x5e4'
-    .data:
-      Entropy: 2.0
-      Virtual Size: '0x4'
-    INIT:
-      Entropy: 5.366610331670354
-      Virtual Size: '0x4de'
-    .rsrc:
-      Entropy: 3.337104380194252
-      Virtual Size: '0x4d8'
-    .reloc:
-      Entropy: 5.016379779325141
-      Virtual Size: '0x19a'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
-        Primary Object Publishing CA
-      ValidFrom: '1999-01-28 12:00:00'
-      ValidTo: '2014-01-27 11:00:00'
-      Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9611cd6
-      Version: 3
-      TBS:
-        MD5: 698f075151097d84c0b1f3e7bc3d6fca
-        SHA1: 041750993d7c9e063f02dfe74699598640911aab
-        SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
-        SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
-    - Subject: C=CH, O=Elaborate Bytes AG, CN=Elaborate Bytes AG, emailAddress=admin@elby.ch
-      ValidFrom: '2008-12-23 13:26:11'
-      ValidTo: '2011-12-23 13:26:11'
-      Signature: 5a634dbf49c9d1dbe5ed4b484689b4f95ee13686141c393683a1decdc986cf94613342607a120df492112daaa92fd772bbbcb1c0f14cec7c0c20304c92d62508859c387138f2d145dbcc54c561f1b9dd73d3686ae3859ea986e4f539db7495a64b551b60d6f976ae6075ca3f6dbe1187b875ee267784b5baefaa850078595fb8b1c8944c9c3da355a802ebc52eacb9bdffdd57b0aae5f49c02c5ae6505b7ca1afb2b29e39374eab8bf1e643c3e1c8240dc113ceb078c70a401e92d0610538eaed48e291cad84635d6100930c8e7b9801323490e4f3e58d9f9fea04843f06633f8b8a8774d2b679be008d1d92bb31815f8f01c5e08144ed9574a605b245de2ba7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0100000000011e643e96d0
-      Version: 3
-      TBS:
-        MD5: f39798a2df6dda6c76b4697e743c8b80
-        SHA1: d97d9f0d2cad2881eda58fa0467cff6396be6408
-        SHA256: 5086b06e5d91585b5a110b3ec4048ce6a43a58e4fc7eb8aa99c391af5b2f8d9f
-        SHA384: 99096e0926f74d7dd4bc744bea78d7310e623f6c782a3f38d4db933e9cdf2bc8e1b813e5f6a0aacd8e59606f075e4afd
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      ValidFrom: '2004-01-22 09:00:00'
-      ValidTo: '2014-01-27 10:00:00'
-      Signature: 11d45d8af43d0d9d7e4fa70071610b56b34caa70e1b2d1dec7886d1d897c2ba946e58b1f8e4cc26695911fe34d394ae31b70b7446edc068a4d6d25e89812dcbca0dd864eae8f81130540905a542529944acaf165b4ef0679dae7cb86f004c918dcee72b320015748dfe333e12ccd9c077f9447278d888d340ca67c5c20c17d07b3736b648c26d29bd7e87965a6a891a174862a050282c1847cf279cd3c2a2b0f99291eea8c8a1ab16aeaa266380e65e1add8c6c91f888d3976ee1782c4138d97ce6341e77af5b4b66c15c33813b3930b620688dde1447f10a950248b60dc05f75ba514b27b56720b96eabffc057090659e051ca4dd07af4b57dec639673bc574
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9612448
-      Version: 3
-      TBS:
-        MD5: 2fc76031fc24eec1ef3db2d246d21d6a
-        SHA1: 75c3a1f76b9dfa31ef6bf56325e7bd0bf6e4779d
-        SHA256: 9238292d441c56dc89684c253343c17de3ed9cecd7f83d1d8f793b5ebc91f7b9
-        SHA384: 9279c1377eb701fdd79ef85038ff151cd8902169ba55fca84b9850f003563f73a1daaf869544252a2e42f06f58d2275f
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 0100000000011e643e96d0
-      Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      Version: 1
-  Imphash: 71c580daf556775f690f0af3db12506f
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: ffb66883d7aead2388847f28741500fe
-    SHA1: bf589f9a1a1db11133f2c33285694e4e578bd3eb
-    SHA256: fe50be756c689ef56976d96135486ee66192a4de0b82b0d52521978fc589f6fa
-  Company: Elaborate Bytes AG
-  Copyright: Copyright (C) 2000 - 2009 Elaborate Bytes AG
-  CreationTimestamp: '2009-01-14 14:42:52'
-  Date: ''
-  Description: ElbyCD Windows x64 I/O driver
-  ExportedFunctions: ''
-  FileVersion: 6, 0, 1, 6
-  Filename: ''
-  ImportedFunctions:
-  - KeAcquireSpinLockRaiseToDpc
-  - KeReleaseSpinLock
-  - ZwReadFile
-  - ZwWriteFile
-  - ZwCreateFile
-  - RtlInitUnicodeString
-  - swprintf
-  - ZwQueryVolumeInformationFile
-  - ZwOpenFile
-  - ZwClose
-  - ZwQuerySymbolicLinkObject
-  - ZwOpenSymbolicLinkObject
-  - PsTerminateSystemThread
-  - KeWaitForSingleObject
-  - ZwSetInformationThread
-  - KeSetEvent
-  - ObfDereferenceObject
-  - ObReferenceObjectByHandle
-  - PsCreateSystemThread
-  - KeInitializeEvent
-  - KeReleaseMutex
-  - IofCompleteRequest
-  - KeInitializeMutex
-  - ExAllocatePool
-  - ExFreePool
-  - RtlFreeUnicodeString
-  - RtlAnsiStringToUnicodeString
-  - RtlInitAnsiString
-  - ZwCreateKey
-  - ZwOpenKey
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - IofCallDriver
-  - IoBuildDeviceIoControlRequest
-  - __C_specific_handler
-  - ZwDeleteKey
-  - ProbeForRead
-  - ProbeForWrite
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeBugCheckEx
-  - PsGetCurrentProcessId
-  - KeQueryPerformanceCounter
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ElbyCDIO
-  MD5: 05b4463677e2566414ad53434ad9e7e5
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ElbyCDIO.sys
-  PDBPath: ''
-  Product: CDRTools
-  ProductVersion: 6, 0, 0, 0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 5bc8b6cc9da34212119204d829ade385
-    SHA1: feeb5e18281056a80a3e5bcf0dc3317b2b6d4637
-    SHA256: 86c7da06ed319a61df05b0f03fdd6f9e69aa4154defc8a6883e3156f2d946b3c
-  SHA1: ef95f500b60c49f40ed6ce3014ffdb294b301e95
-  SHA256: 1f15fd9b81092a98fabcc4ac95e45cec2d9ff3874d2e3faac482f3e86edad441
-  Sections:
-    .text:
-      Entropy: 6.215345701926514
-      Virtual Size: '0x3b52'
-    .rdata:
-      Entropy: 6.228295730042114
-      Virtual Size: '0xb44'
-    .data:
-      Entropy: 0.5159719988134768
-      Virtual Size: '0x110'
-    .pdata:
-      Entropy: 4.148487076169079
-      Virtual Size: '0x2e8'
-    INIT:
-      Entropy: 4.995998931942705
-      Virtual Size: '0x5a2'
-    .rsrc:
-      Entropy: 3.3181272293684843
-      Virtual Size: '0x4a8'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
-        Primary Object Publishing CA
-      ValidFrom: '1999-01-28 12:00:00'
-      ValidTo: '2014-01-27 11:00:00'
-      Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9611cd6
-      Version: 3
-      TBS:
-        MD5: 698f075151097d84c0b1f3e7bc3d6fca
-        SHA1: 041750993d7c9e063f02dfe74699598640911aab
-        SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
-        SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
-    - Subject: C=CH, O=Elaborate Bytes AG, CN=Elaborate Bytes AG, emailAddress=admin@elby.ch
-      ValidFrom: '2008-12-23 13:26:11'
-      ValidTo: '2011-12-23 13:26:11'
-      Signature: 5a634dbf49c9d1dbe5ed4b484689b4f95ee13686141c393683a1decdc986cf94613342607a120df492112daaa92fd772bbbcb1c0f14cec7c0c20304c92d62508859c387138f2d145dbcc54c561f1b9dd73d3686ae3859ea986e4f539db7495a64b551b60d6f976ae6075ca3f6dbe1187b875ee267784b5baefaa850078595fb8b1c8944c9c3da355a802ebc52eacb9bdffdd57b0aae5f49c02c5ae6505b7ca1afb2b29e39374eab8bf1e643c3e1c8240dc113ceb078c70a401e92d0610538eaed48e291cad84635d6100930c8e7b9801323490e4f3e58d9f9fea04843f06633f8b8a8774d2b679be008d1d92bb31815f8f01c5e08144ed9574a605b245de2ba7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0100000000011e643e96d0
-      Version: 3
-      TBS:
-        MD5: f39798a2df6dda6c76b4697e743c8b80
-        SHA1: d97d9f0d2cad2881eda58fa0467cff6396be6408
-        SHA256: 5086b06e5d91585b5a110b3ec4048ce6a43a58e4fc7eb8aa99c391af5b2f8d9f
-        SHA384: 99096e0926f74d7dd4bc744bea78d7310e623f6c782a3f38d4db933e9cdf2bc8e1b813e5f6a0aacd8e59606f075e4afd
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      ValidFrom: '2004-01-22 09:00:00'
-      ValidTo: '2014-01-27 10:00:00'
-      Signature: 11d45d8af43d0d9d7e4fa70071610b56b34caa70e1b2d1dec7886d1d897c2ba946e58b1f8e4cc26695911fe34d394ae31b70b7446edc068a4d6d25e89812dcbca0dd864eae8f81130540905a542529944acaf165b4ef0679dae7cb86f004c918dcee72b320015748dfe333e12ccd9c077f9447278d888d340ca67c5c20c17d07b3736b648c26d29bd7e87965a6a891a174862a050282c1847cf279cd3c2a2b0f99291eea8c8a1ab16aeaa266380e65e1add8c6c91f888d3976ee1782c4138d97ce6341e77af5b4b66c15c33813b3930b620688dde1447f10a950248b60dc05f75ba514b27b56720b96eabffc057090659e051ca4dd07af4b57dec639673bc574
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9612448
-      Version: 3
-      TBS:
-        MD5: 2fc76031fc24eec1ef3db2d246d21d6a
-        SHA1: 75c3a1f76b9dfa31ef6bf56325e7bd0bf6e4779d
-        SHA256: 9238292d441c56dc89684c253343c17de3ed9cecd7f83d1d8f793b5ebc91f7b9
-        SHA384: 9279c1377eb701fdd79ef85038ff151cd8902169ba55fca84b9850f003563f73a1daaf869544252a2e42f06f58d2275f
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 0100000000011e643e96d0
-      Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      Version: 1
-  Imphash: 656ad5c2eac95f75d3fe6d5ca59e0d8d
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: f6ec1910d05b0270c47ce480c15bc7cd
-    SHA1: 43632833ba3e81cc5a130e11f6feb5937c1c6f21
-    SHA256: 253a549a1e13a5a7e242ac1b39d5bebc61dcec7794171a58093700ae760d4b71
-  Company: Elaborate Bytes AG
-  Copyright: Copyright (C) 2000 - 2008 Elaborate Bytes AG
-  CreationTimestamp: '2008-07-21 06:11:55'
-  Date: ''
-  Description: ElbyCD Windows x64 I/O driver
-  ExportedFunctions: ''
-  FileVersion: 6, 0, 1, 2
-  Filename: ''
-  ImportedFunctions:
-  - KeAcquireSpinLockRaiseToDpc
-  - KeReleaseSpinLock
-  - ZwReadFile
-  - ZwWriteFile
-  - ZwCreateFile
-  - RtlInitUnicodeString
-  - swprintf
-  - ZwQueryVolumeInformationFile
-  - ZwOpenFile
-  - ZwClose
-  - ZwQuerySymbolicLinkObject
-  - ZwOpenSymbolicLinkObject
-  - PsTerminateSystemThread
-  - KeWaitForSingleObject
-  - ZwSetInformationThread
-  - KeSetEvent
-  - ObfDereferenceObject
-  - ObReferenceObjectByHandle
-  - PsCreateSystemThread
-  - KeInitializeEvent
-  - KeReleaseMutex
-  - PsGetCurrentProcessId
-  - IofCompleteRequest
-  - ExAllocatePool
-  - ExFreePool
-  - RtlFreeUnicodeString
-  - RtlAnsiStringToUnicodeString
-  - RtlInitAnsiString
-  - ZwCreateKey
-  - ZwOpenKey
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - IofCallDriver
-  - IoBuildDeviceIoControlRequest
-  - __C_specific_handler
-  - IoFreeMdl
-  - MmUnlockPages
-  - MmMapLockedPages
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - ZwDeviceIoControlFile
-  - ZwDeleteKey
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeBugCheckEx
-  - KeInitializeMutex
-  - KeQueryPerformanceCounter
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ElbyCDIO
-  MD5: 15814b675e9d08953f2c64e4e5ccb4f4
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ElbyCDIO.sys
-  PDBPath: ''
-  Product: CDRTools
-  ProductVersion: 6, 0, 0, 0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: add874dc7800e93a88bff903834a5d72
-    SHA1: ed0bb5ae3434fbd499bdb7a1a42a5bae1a47966d
-    SHA256: ef169f60c3155370805f35d7174379ea25c0fb03402cce2957e3af2bcc70690b
-  SHA1: c8864c0c66ea45011c1c4e79328a3a1acf7e84a9
-  SHA256: 033c4634ab1a43bc3247384864f3380401d3b4006a383312193799dded0de4c7
-  Sections:
-    .text:
-      Entropy: 6.208673584594836
-      Virtual Size: '0x3c52'
-    .rdata:
-      Entropy: 6.180900411430657
-      Virtual Size: '0xb78'
-    .data:
-      Entropy: 0.5159719988134768
-      Virtual Size: '0x110'
-    .pdata:
-      Entropy: 4.163418132630147
-      Virtual Size: '0x2e8'
-    INIT:
-      Entropy: 5.031371786389396
-      Virtual Size: '0x610'
-    .rsrc:
-      Entropy: 3.320682079668498
-      Virtual Size: '0x4a8'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=CH, O=Elaborate Bytes AG, CN=Elaborate Bytes AG, emailAddress=admin@elby.ch
-      ValidFrom: '2006-12-07 11:07:29'
-      ValidTo: '2008-12-07 11:07:29'
-      Signature: 312a78bb7289ca49f93bb483f0a56c77003b9bc3dda8096af5a455a642aeb201ceaadcacce82396eadef1bc05108e296eae1d8d074949170f28f78fa24bed56e7dca69067866d2d790c10929db5d6e7026906dc96a4c3e2b0254b86328393272826bad272dc3911b2c3ec6832d88e95a696d7e5da86c3f946c306df5a5d7e78b0cba5df4d78035e76fa33c452afc780ffe36246c58fdd0e150d22fce7df4dd954eae19a60009e5b99b8649b6d728a46bd9f90ddfbccb6951dfa7b106a6d0fda3b76b23ef475dcf2d1147ae15d4d34035e1929681fe802dfbc5bbbcd98e107c39cbe07cce6911a9202709853bcc4748fde8dc409b7939be5e4b6c97fb90dc6031
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0100000000010f5c98b8f5
-      Version: 3
-      TBS:
-        MD5: 832074a51bea8e4758c8dfeb2e96ad84
-        SHA1: 04ba895ed074635a01875a1f25da93e2e2cbbfba
-        SHA256: c5ba90a16c07cee0cb480ee21c9bedaf3ea4cbe004589b74fb9c2c0bedbc7c1b
-        SHA384: 94a7139c5e1fb29c73f8882dc40027a3929d0aab66c9be0138707c68ba43a1f329477f4bcec47cb0d0d48e918fecc91d
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
-        Primary Object Publishing CA
-      ValidFrom: '1999-01-28 12:00:00'
-      ValidTo: '2014-01-27 11:00:00'
-      Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9611cd6
-      Version: 3
-      TBS:
-        MD5: 698f075151097d84c0b1f3e7bc3d6fca
-        SHA1: 041750993d7c9e063f02dfe74699598640911aab
-        SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
-        SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      ValidFrom: '2004-01-22 09:00:00'
-      ValidTo: '2014-01-27 10:00:00'
-      Signature: 11d45d8af43d0d9d7e4fa70071610b56b34caa70e1b2d1dec7886d1d897c2ba946e58b1f8e4cc26695911fe34d394ae31b70b7446edc068a4d6d25e89812dcbca0dd864eae8f81130540905a542529944acaf165b4ef0679dae7cb86f004c918dcee72b320015748dfe333e12ccd9c077f9447278d888d340ca67c5c20c17d07b3736b648c26d29bd7e87965a6a891a174862a050282c1847cf279cd3c2a2b0f99291eea8c8a1ab16aeaa266380e65e1add8c6c91f888d3976ee1782c4138d97ce6341e77af5b4b66c15c33813b3930b620688dde1447f10a950248b60dc05f75ba514b27b56720b96eabffc057090659e051ca4dd07af4b57dec639673bc574
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9612448
-      Version: 3
-      TBS:
-        MD5: 2fc76031fc24eec1ef3db2d246d21d6a
-        SHA1: 75c3a1f76b9dfa31ef6bf56325e7bd0bf6e4779d
-        SHA256: 9238292d441c56dc89684c253343c17de3ed9cecd7f83d1d8f793b5ebc91f7b9
-        SHA384: 9279c1377eb701fdd79ef85038ff151cd8902169ba55fca84b9850f003563f73a1daaf869544252a2e42f06f58d2275f
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 0100000000010f5c98b8f5
-      Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      Version: 1
-  Imphash: 8919b7bae28d98c4a9e5967c9c55ce70
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: fc16498ddf3716e03fdd527c456ea80b
-    SHA1: 7436e16cf348558015593cbf5ab9c117d97738cc
-    SHA256: a3cf1a6edd205e04653b4338c077072ee753cde0a692490ecaf7afde27df5f0b
-  Company: Elaborate Bytes AG
-  Copyright: Copyright (C) 2000 - 2006 Elaborate Bytes AG
-  CreationTimestamp: '2006-12-12 15:48:53'
-  Date: ''
-  Description: ElbyCD Windows NT/2000/XP I/O driver
-  ExportedFunctions: ''
-  FileVersion: 6, 0, 0, 1
-  Filename: ''
-  ImportedFunctions:
-  - KeWaitForSingleObject
-  - RtlFreeUnicodeString
-  - ZwCreateFile
-  - RtlAnsiStringToUnicodeString
-  - RtlInitAnsiString
-  - ZwCreateKey
-  - ZwOpenKey
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - IofCallDriver
-  - IoBuildDeviceIoControlRequest
-  - KeInitializeEvent
-  - IoFreeMdl
-  - MmUnlockPages
-  - KeReleaseMutex
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - ExFreePool
-  - ObfDereferenceObject
-  - ObReferenceObjectByHandle
-  - ExAllocatePool
-  - ZwDeleteKey
-  - ZwClose
-  - ZwDeviceIoControlFile
-  - IoCreateSymbolicLink
-  - KeInitializeMutex
-  - IoCreateDevice
-  - RtlUnwind
-  - KeTickCount
-  - MmMapLockedPages
-  - IofCompleteRequest
-  - KeQueryPerformanceCounter
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ElbyCDIO
-  MD5: 94c80490b02cc655d2d80597c3aef08f
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ElbyCDIO.sys
-  PDBPath: ''
-  Product: CDRTools
-  ProductVersion: 6, 0, 0, 0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: c15e20cb179a835c6a295f891d4f43f6
-    SHA1: fb716dec77e711df26bca8c29284c5c21c92a808
-    SHA256: 626b9fbb41fcf7bc7185e02b6d4ca83f5070929c4645876c4b19aa50765655e1
-  SHA1: 5672e2212c3b427c1aef83fcd725b587a3d3f979
-  SHA256: 7227377a47204f8e2ff167eee54b4b3545c0a19e3727f0ec59974e1a904f4a96
-  Sections:
-    .text:
-      Entropy: 6.0145723403420055
-      Virtual Size: '0xe10'
-    .rdata:
-      Entropy: 3.950676692337647
-      Virtual Size: '0x178'
-    .data:
-      Entropy: 1.9182958340544898
-      Virtual Size: '0x18'
-    INIT:
-      Entropy: 5.282185901600035
-      Virtual Size: '0x3a0'
-    .rsrc:
-      Entropy: 3.322524044533632
-      Virtual Size: '0x4d8'
-    .reloc:
-      Entropy: 4.897249100220145
-      Virtual Size: '0x134'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=CH, O=Elaborate Bytes AG, CN=Elaborate Bytes AG, emailAddress=admin@elby.ch
-      ValidFrom: '2006-12-07 11:07:29'
-      ValidTo: '2008-12-07 11:07:29'
-      Signature: 312a78bb7289ca49f93bb483f0a56c77003b9bc3dda8096af5a455a642aeb201ceaadcacce82396eadef1bc05108e296eae1d8d074949170f28f78fa24bed56e7dca69067866d2d790c10929db5d6e7026906dc96a4c3e2b0254b86328393272826bad272dc3911b2c3ec6832d88e95a696d7e5da86c3f946c306df5a5d7e78b0cba5df4d78035e76fa33c452afc780ffe36246c58fdd0e150d22fce7df4dd954eae19a60009e5b99b8649b6d728a46bd9f90ddfbccb6951dfa7b106a6d0fda3b76b23ef475dcf2d1147ae15d4d34035e1929681fe802dfbc5bbbcd98e107c39cbe07cce6911a9202709853bcc4748fde8dc409b7939be5e4b6c97fb90dc6031
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0100000000010f5c98b8f5
-      Version: 3
-      TBS:
-        MD5: 832074a51bea8e4758c8dfeb2e96ad84
-        SHA1: 04ba895ed074635a01875a1f25da93e2e2cbbfba
-        SHA256: c5ba90a16c07cee0cb480ee21c9bedaf3ea4cbe004589b74fb9c2c0bedbc7c1b
-        SHA384: 94a7139c5e1fb29c73f8882dc40027a3929d0aab66c9be0138707c68ba43a1f329477f4bcec47cb0d0d48e918fecc91d
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
-        Primary Object Publishing CA
-      ValidFrom: '1999-01-28 12:00:00'
-      ValidTo: '2014-01-27 11:00:00'
-      Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9611cd6
-      Version: 3
-      TBS:
-        MD5: 698f075151097d84c0b1f3e7bc3d6fca
-        SHA1: 041750993d7c9e063f02dfe74699598640911aab
-        SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
-        SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2008-12-03 23:59:59'
-      Signature: 877870da4e5201205be079c98230c4fdb91996bd9100c3bdcdcdc6f40ed8fff94dc033623011c5f5741bd492de5f9c2013b17c45be50cd83e7801783a72793671346fbcab8984103cc9b515b058b7fa86ff31b501b242ef2698d6c22f7bbca1695ed0c74c06877d9eb996287c17390f889747a23aba3987b97b1f78f29714d2e751b4841daf0b50d2054d677a097826369fd09cf8af075bb099bd9f91155269a6132be7a02b07b86bea2c38b222c78d13576bc92735cf9b9e64c150a23cce4d2d4342e4940153c0f607a24c6a566ef96cf70eb3ee7f40d7edcd17ca3767169c19c4f47303521b1a2af1a623c2bd98eaa2a077bd818b35c7be29da56ffe3c89ad
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0de92bf0d4d82988183205095e9a7688
-      Version: 3
-      TBS:
-        MD5: 45c204b8a20f6abb0188d2d38a3fb0c9
-        SHA1: cdf3a3c5c2eda4c29621f30fd3154f9f8c765739
-        SHA256: e32839dddc0f4ed2474efaf37f59d46db400c700fd19533cb0895a111124bc77
-        SHA384: ee9c75832cb252218b3201619852209df490d2ef7a5f7a28afdb37f1c1dd56f4604898838e558f615b1c798d4a488223
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      ValidFrom: '2004-01-22 09:00:00'
-      ValidTo: '2014-01-27 10:00:00'
-      Signature: 11d45d8af43d0d9d7e4fa70071610b56b34caa70e1b2d1dec7886d1d897c2ba946e58b1f8e4cc26695911fe34d394ae31b70b7446edc068a4d6d25e89812dcbca0dd864eae8f81130540905a542529944acaf165b4ef0679dae7cb86f004c918dcee72b320015748dfe333e12ccd9c077f9447278d888d340ca67c5c20c17d07b3736b648c26d29bd7e87965a6a891a174862a050282c1847cf279cd3c2a2b0f99291eea8c8a1ab16aeaa266380e65e1add8c6c91f888d3976ee1782c4138d97ce6341e77af5b4b66c15c33813b3930b620688dde1447f10a950248b60dc05f75ba514b27b56720b96eabffc057090659e051ca4dd07af4b57dec639673bc574
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9612448
-      Version: 3
-      TBS:
-        MD5: 2fc76031fc24eec1ef3db2d246d21d6a
-        SHA1: 75c3a1f76b9dfa31ef6bf56325e7bd0bf6e4779d
-        SHA256: 9238292d441c56dc89684c253343c17de3ed9cecd7f83d1d8f793b5ebc91f7b9
-        SHA384: 9279c1377eb701fdd79ef85038ff151cd8902169ba55fca84b9850f003563f73a1daaf869544252a2e42f06f58d2275f
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 0100000000010f5c98b8f5
-      Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      Version: 1
-  Imphash: b91054cdc4c8b3169cfe6c157f6d9f07
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: b1fd26613e70e4254f5aa6b399971f97
-    SHA1: c97772d482a4a30a18fc44e6253e5cb30b9e5bfb
-    SHA256: ad5418a4b5edf1c963da343b1bdba14fac9e8ee49489b2f35136c4aebc9540b8
-  Company: Elaborate Bytes AG
-  Copyright: Copyright (C) 2000 - 2006 Elaborate Bytes AG
-  CreationTimestamp: '2006-12-12 15:51:36'
-  Date: ''
-  Description: ElbyCD Windows x64 I/O driver
-  ExportedFunctions: ''
-  FileVersion: 6, 0, 0, 1
-  Filename: ''
-  ImportedFunctions:
-  - IofCompleteRequest
-  - RtlFreeUnicodeString
-  - ZwCreateFile
-  - RtlAnsiStringToUnicodeString
-  - RtlInitAnsiString
-  - ZwDeviceIoControlFile
-  - ZwClose
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  Imports:
-  - ntoskrnl.exe
-  InternalName: ElbyCDIO
-  MD5: 238769fd8379ec476c1114bd2bd28ca6
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ElbyCDIO.sys
-  PDBPath: ''
-  Product: CDRTools
-  ProductVersion: 6, 0, 0, 0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 91713e95c3474f56518b75dc246d7251
-    SHA1: 1817d561308b7d33c72568081aae4ed8255a054b
-    SHA256: 44e77970b62508f64c200e6241a403c1ef3b43b486f152223ea1c56553b29fe3
-  SHA1: 247065af09fc6fd56b07d3f5c26f555a5ccbfda4
-  SHA256: fed0fe2489ae807913be33827b3b11359652a127e33b64464cc570c05abd0d17
-  Sections:
-    .text:
-      Entropy: 5.2989531841302835
-      Virtual Size: '0x3e2'
-    .rdata:
-      Entropy: 4.33093622028126
-      Virtual Size: '0x154'
-    .data:
-      Entropy: 0.5159719988134768
-      Virtual Size: '0x110'
-    .pdata:
-      Entropy: 3.0864053667599327
-      Virtual Size: '0x54'
-    INIT:
-      Entropy: 4.733893393417776
-      Virtual Size: '0x20e'
-    .rsrc:
-      Entropy: 3.3305259301896464
-      Virtual Size: '0x4d8'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=CH, O=Elaborate Bytes AG, CN=Elaborate Bytes AG, emailAddress=admin@elby.ch
-      ValidFrom: '2006-12-07 11:07:29'
-      ValidTo: '2008-12-07 11:07:29'
-      Signature: 312a78bb7289ca49f93bb483f0a56c77003b9bc3dda8096af5a455a642aeb201ceaadcacce82396eadef1bc05108e296eae1d8d074949170f28f78fa24bed56e7dca69067866d2d790c10929db5d6e7026906dc96a4c3e2b0254b86328393272826bad272dc3911b2c3ec6832d88e95a696d7e5da86c3f946c306df5a5d7e78b0cba5df4d78035e76fa33c452afc780ffe36246c58fdd0e150d22fce7df4dd954eae19a60009e5b99b8649b6d728a46bd9f90ddfbccb6951dfa7b106a6d0fda3b76b23ef475dcf2d1147ae15d4d34035e1929681fe802dfbc5bbbcd98e107c39cbe07cce6911a9202709853bcc4748fde8dc409b7939be5e4b6c97fb90dc6031
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0100000000010f5c98b8f5
-      Version: 3
-      TBS:
-        MD5: 832074a51bea8e4758c8dfeb2e96ad84
-        SHA1: 04ba895ed074635a01875a1f25da93e2e2cbbfba
-        SHA256: c5ba90a16c07cee0cb480ee21c9bedaf3ea4cbe004589b74fb9c2c0bedbc7c1b
-        SHA384: 94a7139c5e1fb29c73f8882dc40027a3929d0aab66c9be0138707c68ba43a1f329477f4bcec47cb0d0d48e918fecc91d
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
-        Primary Object Publishing CA
-      ValidFrom: '1999-01-28 12:00:00'
-      ValidTo: '2014-01-27 11:00:00'
-      Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9611cd6
-      Version: 3
-      TBS:
-        MD5: 698f075151097d84c0b1f3e7bc3d6fca
-        SHA1: 041750993d7c9e063f02dfe74699598640911aab
-        SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
-        SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2008-12-03 23:59:59'
-      Signature: 877870da4e5201205be079c98230c4fdb91996bd9100c3bdcdcdc6f40ed8fff94dc033623011c5f5741bd492de5f9c2013b17c45be50cd83e7801783a72793671346fbcab8984103cc9b515b058b7fa86ff31b501b242ef2698d6c22f7bbca1695ed0c74c06877d9eb996287c17390f889747a23aba3987b97b1f78f29714d2e751b4841daf0b50d2054d677a097826369fd09cf8af075bb099bd9f91155269a6132be7a02b07b86bea2c38b222c78d13576bc92735cf9b9e64c150a23cce4d2d4342e4940153c0f607a24c6a566ef96cf70eb3ee7f40d7edcd17ca3767169c19c4f47303521b1a2af1a623c2bd98eaa2a077bd818b35c7be29da56ffe3c89ad
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0de92bf0d4d82988183205095e9a7688
-      Version: 3
-      TBS:
-        MD5: 45c204b8a20f6abb0188d2d38a3fb0c9
-        SHA1: cdf3a3c5c2eda4c29621f30fd3154f9f8c765739
-        SHA256: e32839dddc0f4ed2474efaf37f59d46db400c700fd19533cb0895a111124bc77
-        SHA384: ee9c75832cb252218b3201619852209df490d2ef7a5f7a28afdb37f1c1dd56f4604898838e558f615b1c798d4a488223
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      ValidFrom: '2004-01-22 09:00:00'
-      ValidTo: '2014-01-27 10:00:00'
-      Signature: 11d45d8af43d0d9d7e4fa70071610b56b34caa70e1b2d1dec7886d1d897c2ba946e58b1f8e4cc26695911fe34d394ae31b70b7446edc068a4d6d25e89812dcbca0dd864eae8f81130540905a542529944acaf165b4ef0679dae7cb86f004c918dcee72b320015748dfe333e12ccd9c077f9447278d888d340ca67c5c20c17d07b3736b648c26d29bd7e87965a6a891a174862a050282c1847cf279cd3c2a2b0f99291eea8c8a1ab16aeaa266380e65e1add8c6c91f888d3976ee1782c4138d97ce6341e77af5b4b66c15c33813b3930b620688dde1447f10a950248b60dc05f75ba514b27b56720b96eabffc057090659e051ca4dd07af4b57dec639673bc574
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9612448
-      Version: 3
-      TBS:
-        MD5: 2fc76031fc24eec1ef3db2d246d21d6a
-        SHA1: 75c3a1f76b9dfa31ef6bf56325e7bd0bf6e4779d
-        SHA256: 9238292d441c56dc89684c253343c17de3ed9cecd7f83d1d8f793b5ebc91f7b9
-        SHA384: 9279c1377eb701fdd79ef85038ff151cd8902169ba55fca84b9850f003563f73a1daaf869544252a2e42f06f58d2275f
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 0100000000010f5c98b8f5
-      Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      Version: 1
-  Imphash: bd4f9a93da2bb4b5f6e90d4f9381661c
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: b1fd26613e70e4254f5aa6b399971f97
-    SHA1: c97772d482a4a30a18fc44e6253e5cb30b9e5bfb
-    SHA256: ad5418a4b5edf1c963da343b1bdba14fac9e8ee49489b2f35136c4aebc9540b8
-  Company: Elaborate Bytes AG
-  Copyright: Copyright (C) 2000 - 2006 Elaborate Bytes AG
-  CreationTimestamp: '2006-12-12 15:51:36'
-  Date: ''
-  Description: ElbyCD Windows x64 I/O driver
-  ExportedFunctions: ''
-  FileVersion: 6, 0, 0, 1
-  Filename: ''
-  ImportedFunctions:
-  - IofCompleteRequest
-  - RtlFreeUnicodeString
-  - ZwCreateFile
-  - RtlAnsiStringToUnicodeString
-  - RtlInitAnsiString
-  - ZwDeviceIoControlFile
-  - ZwClose
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  Imports:
-  - ntoskrnl.exe
-  InternalName: ElbyCDIO
-  MD5: ea2ff60fcce3b9ffe0bd77658b88512d
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ElbyCDIO.sys
-  PDBPath: ''
-  Product: CDRTools
-  ProductVersion: 6, 0, 0, 0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 91713e95c3474f56518b75dc246d7251
-    SHA1: 1817d561308b7d33c72568081aae4ed8255a054b
-    SHA256: 44e77970b62508f64c200e6241a403c1ef3b43b486f152223ea1c56553b29fe3
-  SHA1: 4c021c4a5592c07d4d415ab11b23a70ba419174b
-  SHA256: d80714d87529bb0bc7abcc12d768c43a697fbca59741c38fa0b46900da4db30e
-  Sections:
-    .text:
-      Entropy: 5.2989531841302835
-      Virtual Size: '0x3e2'
-    .rdata:
-      Entropy: 4.33093622028126
-      Virtual Size: '0x154'
-    .data:
-      Entropy: 0.5159719988134768
-      Virtual Size: '0x110'
-    .pdata:
-      Entropy: 3.0864053667599327
-      Virtual Size: '0x54'
-    INIT:
-      Entropy: 4.733893393417776
-      Virtual Size: '0x20e'
-    .rsrc:
-      Entropy: 3.3305259301896464
-      Virtual Size: '0x4d8'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=CH, O=Elaborate Bytes AG, CN=Elaborate Bytes AG, emailAddress=admin@elby.ch
-      ValidFrom: '2006-12-07 11:07:29'
-      ValidTo: '2008-12-07 11:07:29'
-      Signature: 312a78bb7289ca49f93bb483f0a56c77003b9bc3dda8096af5a455a642aeb201ceaadcacce82396eadef1bc05108e296eae1d8d074949170f28f78fa24bed56e7dca69067866d2d790c10929db5d6e7026906dc96a4c3e2b0254b86328393272826bad272dc3911b2c3ec6832d88e95a696d7e5da86c3f946c306df5a5d7e78b0cba5df4d78035e76fa33c452afc780ffe36246c58fdd0e150d22fce7df4dd954eae19a60009e5b99b8649b6d728a46bd9f90ddfbccb6951dfa7b106a6d0fda3b76b23ef475dcf2d1147ae15d4d34035e1929681fe802dfbc5bbbcd98e107c39cbe07cce6911a9202709853bcc4748fde8dc409b7939be5e4b6c97fb90dc6031
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0100000000010f5c98b8f5
-      Version: 3
-      TBS:
-        MD5: 832074a51bea8e4758c8dfeb2e96ad84
-        SHA1: 04ba895ed074635a01875a1f25da93e2e2cbbfba
-        SHA256: c5ba90a16c07cee0cb480ee21c9bedaf3ea4cbe004589b74fb9c2c0bedbc7c1b
-        SHA384: 94a7139c5e1fb29c73f8882dc40027a3929d0aab66c9be0138707c68ba43a1f329477f4bcec47cb0d0d48e918fecc91d
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
-        Primary Object Publishing CA
-      ValidFrom: '1999-01-28 12:00:00'
-      ValidTo: '2014-01-27 11:00:00'
-      Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9611cd6
-      Version: 3
-      TBS:
-        MD5: 698f075151097d84c0b1f3e7bc3d6fca
-        SHA1: 041750993d7c9e063f02dfe74699598640911aab
-        SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
-        SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2008-12-03 23:59:59'
-      Signature: 877870da4e5201205be079c98230c4fdb91996bd9100c3bdcdcdc6f40ed8fff94dc033623011c5f5741bd492de5f9c2013b17c45be50cd83e7801783a72793671346fbcab8984103cc9b515b058b7fa86ff31b501b242ef2698d6c22f7bbca1695ed0c74c06877d9eb996287c17390f889747a23aba3987b97b1f78f29714d2e751b4841daf0b50d2054d677a097826369fd09cf8af075bb099bd9f91155269a6132be7a02b07b86bea2c38b222c78d13576bc92735cf9b9e64c150a23cce4d2d4342e4940153c0f607a24c6a566ef96cf70eb3ee7f40d7edcd17ca3767169c19c4f47303521b1a2af1a623c2bd98eaa2a077bd818b35c7be29da56ffe3c89ad
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0de92bf0d4d82988183205095e9a7688
-      Version: 3
-      TBS:
-        MD5: 45c204b8a20f6abb0188d2d38a3fb0c9
-        SHA1: cdf3a3c5c2eda4c29621f30fd3154f9f8c765739
-        SHA256: e32839dddc0f4ed2474efaf37f59d46db400c700fd19533cb0895a111124bc77
-        SHA384: ee9c75832cb252218b3201619852209df490d2ef7a5f7a28afdb37f1c1dd56f4604898838e558f615b1c798d4a488223
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      ValidFrom: '2004-01-22 09:00:00'
-      ValidTo: '2014-01-27 10:00:00'
-      Signature: 11d45d8af43d0d9d7e4fa70071610b56b34caa70e1b2d1dec7886d1d897c2ba946e58b1f8e4cc26695911fe34d394ae31b70b7446edc068a4d6d25e89812dcbca0dd864eae8f81130540905a542529944acaf165b4ef0679dae7cb86f004c918dcee72b320015748dfe333e12ccd9c077f9447278d888d340ca67c5c20c17d07b3736b648c26d29bd7e87965a6a891a174862a050282c1847cf279cd3c2a2b0f99291eea8c8a1ab16aeaa266380e65e1add8c6c91f888d3976ee1782c4138d97ce6341e77af5b4b66c15c33813b3930b620688dde1447f10a950248b60dc05f75ba514b27b56720b96eabffc057090659e051ca4dd07af4b57dec639673bc574
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9612448
-      Version: 3
-      TBS:
-        MD5: 2fc76031fc24eec1ef3db2d246d21d6a
-        SHA1: 75c3a1f76b9dfa31ef6bf56325e7bd0bf6e4779d
-        SHA256: 9238292d441c56dc89684c253343c17de3ed9cecd7f83d1d8f793b5ebc91f7b9
-        SHA384: 9279c1377eb701fdd79ef85038ff151cd8902169ba55fca84b9850f003563f73a1daaf869544252a2e42f06f58d2275f
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 0100000000010f5c98b8f5
-      Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      Version: 1
-  Imphash: bd4f9a93da2bb4b5f6e90d4f9381661c
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 697316476aee4bef0d581e458007fedd
-    SHA1: 83481f6760efd3c9c85a603afb3c3e4b73733da8
-    SHA256: 32d6b047b0489421f7983da7d5d11f8deb2a56935d5ae0ae23cca1c0903ecad5
-  Company: Elaborate Bytes AG
-  Copyright: Copyright (C) 2000 - 2004 Elaborate Bytes AG
-  CreationTimestamp: '2004-07-21 15:45:25'
-  Date: ''
-  Description: ElbyCD Windows NT/2000/XP I/O driver
-  ExportedFunctions: ''
-  FileVersion: 4, 3, 1, 1
-  Filename: ''
-  ImportedFunctions:
-  - KeWaitForSingleObject
-  - ExFreePool
-  - RtlFreeUnicodeString
-  - IoDeleteSymbolicLink
-  - RtlAnsiStringToUnicodeString
-  - RtlInitAnsiString
-  - ExAllocatePool
-  - IoCreateUnprotectedSymbolicLink
-  - ZwCreateFile
-  - ZwCreateKey
-  - ZwOpenKey
-  - IoFreeMdl
-  - MmMapLockedPages
-  - MmBuildMdlForNonPagedPool
-  - IoAllocateMdl
-  - MmUnmapLockedPages
-  - KeReleaseMutex
-  - MmUnlockPages
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - IofCallDriver
-  - IoBuildDeviceIoControlRequest
-  - KeInitializeEvent
-  - ObfDereferenceObject
-  - ObReferenceObjectByHandle
-  - ZwDeleteKey
-  - ZwClose
-  - ZwDeviceIoControlFile
-  - IoCreateSymbolicLink
-  - KeInitializeMutex
-  - IoCreateDevice
-  - RtlUnwind
-  - MmProbeAndLockPages
-  - IofCompleteRequest
-  - KeQueryPerformanceCounter
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ElbyCDIO
-  MD5: e4788e5b3e5f0a0bbb318a9c426c2812
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ElbyCDIO.sys
-  PDBPath: ''
-  Product: CDRTools
-  ProductVersion: 4, 3, 1, 0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 7d357a968c06de113fc7cd4ee41a5c30
-    SHA1: 3f129b8486a9be0877c6316ac38e0c083e38f22e
-    SHA256: 7ddb39875104d8c7226a102d142642322f7082c0dd7f8c6af57bdccdf9509898
-  SHA1: 86b1186a4e282341daf2088204ab9ff2d0402d28
-  SHA256: 1228d0b6b4f907384346f64e918cc28021fe1cd7d4e39687bca34a708998261a
-  Sections:
-    .text:
-      Entropy: 6.144876250769586
-      Virtual Size: '0x15fc'
-    .rdata:
-      Entropy: 4.426299810162793
-      Virtual Size: '0x12d'
-    .data:
-      Entropy: -0.0
-      Virtual Size: '0x4'
-    INIT:
-      Entropy: 5.197390663550614
-      Virtual Size: '0x3b6'
-    .rsrc:
-      Entropy: 3.368524445255426
-      Virtual Size: '0x510'
-    .reloc:
-      Entropy: 5.268142184882856
-      Virtual Size: '0x1d2'
-  Signature: ''
-  Signatures: {}
-  Imphash: 32247962aa01af8ad5dca696260a05ab
-  LoadsDespiteHVCI: 'TRUE'
-- Authentihash:
-    MD5: 41a6b67cc46b4cfab21bdd50f4f04cbc
-    SHA1: 442d1f5509d9653ea1f11acf77ac42e41ba61eee
-    SHA256: c4fc8f04721363f4b570accf700f507fb0b0381a81d3a8ffb768ded65978ac50
-  Company: Elaborate Bytes AG
-  Copyright: Copyright (C) 2000 - 2005 Elaborate Bytes AG
-  CreationTimestamp: '2005-04-11 10:42:04'
-  Date: ''
-  Description: ElbyCD Windows NT/2000/XP I/O driver
-  ExportedFunctions: ''
-  FileVersion: 5, 0, 0, 0
-  Filename: ''
-  ImportedFunctions:
-  - IofCompleteRequest
-  - RtlFreeUnicodeString
-  - ZwCreateFile
-  - RtlAnsiStringToUnicodeString
-  - RtlInitAnsiString
-  - ZwCreateKey
-  - ZwOpenKey
-  - ZwDeviceIoControlFile
-  - ZwClose
-  - ZwDeleteKey
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeTickCount
-  Imports:
-  - ntoskrnl.exe
-  InternalName: ElbyCDIO
-  MD5: 4f5ca81806098204c4dea0927a8fec66
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ElbyCDIO.sys
-  PDBPath: ''
-  Product: CDRTools
-  ProductVersion: 5, 0, 0, 0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: b6f6983c7ae00c0d9dd893e713fb9f95
-    SHA1: fe2b5cd3b737dd7daf9a60d0354ff3cb7149d901
-    SHA256: ab7bec943462e37ccf88aa774dd3d11566628ffc78a20a93dcf5737c5671c6c8
-  SHA1: 69849d68d1857c83b09e1956a46fe879260d2aab
-  SHA256: 0dc4ff96d7e7db696e0391c5a1dda92a0b0aedbf1b0535bf5d62ebeec5b2311c
-  Sections:
-    .text:
-      Entropy: 5.792215261445064
-      Virtual Size: '0x41b'
-    .rdata:
-      Entropy: 4.683298608269187
-      Virtual Size: '0xcb'
-    .data:
-      Entropy: 2.0
-      Virtual Size: '0x4'
-    INIT:
-      Entropy: 5.046012536174207
-      Virtual Size: '0x1e8'
-    .rsrc:
-      Entropy: 3.3285394751228035
-      Virtual Size: '0x4c8'
-    .reloc:
-      Entropy: 3.671842315050062
-      Virtual Size: '0x82'
-  Signature: ''
-  Signatures: {}
-  Imphash: f233a65b937c69b447824889fb7425ff
-  LoadsDespiteHVCI: 'TRUE'
-- Authentihash:
-    MD5: b1fd26613e70e4254f5aa6b399971f97
-    SHA1: c97772d482a4a30a18fc44e6253e5cb30b9e5bfb
-    SHA256: ad5418a4b5edf1c963da343b1bdba14fac9e8ee49489b2f35136c4aebc9540b8
-  Company: Elaborate Bytes AG
-  Copyright: Copyright (C) 2000 - 2006 Elaborate Bytes AG
-  CreationTimestamp: '2006-12-12 15:51:36'
-  Date: ''
-  Description: ElbyCD Windows x64 I/O driver
-  ExportedFunctions: ''
-  FileVersion: 6, 0, 0, 1
-  Filename: ''
-  ImportedFunctions:
-  - IofCompleteRequest
-  - RtlFreeUnicodeString
-  - ZwCreateFile
-  - RtlAnsiStringToUnicodeString
-  - RtlInitAnsiString
-  - ZwDeviceIoControlFile
-  - ZwClose
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  Imports:
-  - ntoskrnl.exe
-  InternalName: ElbyCDIO
-  MD5: 5c5e3c7ca39d9472099ea81c329b7d75
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ElbyCDIO.sys
-  PDBPath: ''
-  Product: CDRTools
-  ProductVersion: 6, 0, 0, 0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 91713e95c3474f56518b75dc246d7251
-    SHA1: 1817d561308b7d33c72568081aae4ed8255a054b
-    SHA256: 44e77970b62508f64c200e6241a403c1ef3b43b486f152223ea1c56553b29fe3
-  SHA1: 008a292f71f49be1fb538f876de6556ce7b5603a
-  SHA256: 7048d90ed4c83ad52eb9c677f615627b32815066e34230c3b407ebb01279bae6
-  Sections:
-    .text:
-      Entropy: 5.2989531841302835
-      Virtual Size: '0x3e2'
-    .rdata:
-      Entropy: 4.33093622028126
-      Virtual Size: '0x154'
-    .data:
-      Entropy: 0.5159719988134768
-      Virtual Size: '0x110'
-    .pdata:
-      Entropy: 3.0864053667599327
-      Virtual Size: '0x54'
-    INIT:
-      Entropy: 4.733893393417776
-      Virtual Size: '0x20e'
-    .rsrc:
-      Entropy: 3.3305259301896464
-      Virtual Size: '0x4d8'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=CH, O=Elaborate Bytes AG, CN=Elaborate Bytes AG, emailAddress=admin@elby.ch
-      ValidFrom: '2006-12-07 11:07:29'
-      ValidTo: '2008-12-07 11:07:29'
-      Signature: 312a78bb7289ca49f93bb483f0a56c77003b9bc3dda8096af5a455a642aeb201ceaadcacce82396eadef1bc05108e296eae1d8d074949170f28f78fa24bed56e7dca69067866d2d790c10929db5d6e7026906dc96a4c3e2b0254b86328393272826bad272dc3911b2c3ec6832d88e95a696d7e5da86c3f946c306df5a5d7e78b0cba5df4d78035e76fa33c452afc780ffe36246c58fdd0e150d22fce7df4dd954eae19a60009e5b99b8649b6d728a46bd9f90ddfbccb6951dfa7b106a6d0fda3b76b23ef475dcf2d1147ae15d4d34035e1929681fe802dfbc5bbbcd98e107c39cbe07cce6911a9202709853bcc4748fde8dc409b7939be5e4b6c97fb90dc6031
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0100000000010f5c98b8f5
-      Version: 3
-      TBS:
-        MD5: 832074a51bea8e4758c8dfeb2e96ad84
-        SHA1: 04ba895ed074635a01875a1f25da93e2e2cbbfba
-        SHA256: c5ba90a16c07cee0cb480ee21c9bedaf3ea4cbe004589b74fb9c2c0bedbc7c1b
-        SHA384: 94a7139c5e1fb29c73f8882dc40027a3929d0aab66c9be0138707c68ba43a1f329477f4bcec47cb0d0d48e918fecc91d
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
-        Primary Object Publishing CA
-      ValidFrom: '1999-01-28 12:00:00'
-      ValidTo: '2014-01-27 11:00:00'
-      Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9611cd6
-      Version: 3
-      TBS:
-        MD5: 698f075151097d84c0b1f3e7bc3d6fca
-        SHA1: 041750993d7c9e063f02dfe74699598640911aab
-        SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
-        SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2008-12-03 23:59:59'
-      Signature: 877870da4e5201205be079c98230c4fdb91996bd9100c3bdcdcdc6f40ed8fff94dc033623011c5f5741bd492de5f9c2013b17c45be50cd83e7801783a72793671346fbcab8984103cc9b515b058b7fa86ff31b501b242ef2698d6c22f7bbca1695ed0c74c06877d9eb996287c17390f889747a23aba3987b97b1f78f29714d2e751b4841daf0b50d2054d677a097826369fd09cf8af075bb099bd9f91155269a6132be7a02b07b86bea2c38b222c78d13576bc92735cf9b9e64c150a23cce4d2d4342e4940153c0f607a24c6a566ef96cf70eb3ee7f40d7edcd17ca3767169c19c4f47303521b1a2af1a623c2bd98eaa2a077bd818b35c7be29da56ffe3c89ad
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0de92bf0d4d82988183205095e9a7688
-      Version: 3
-      TBS:
-        MD5: 45c204b8a20f6abb0188d2d38a3fb0c9
-        SHA1: cdf3a3c5c2eda4c29621f30fd3154f9f8c765739
-        SHA256: e32839dddc0f4ed2474efaf37f59d46db400c700fd19533cb0895a111124bc77
-        SHA384: ee9c75832cb252218b3201619852209df490d2ef7a5f7a28afdb37f1c1dd56f4604898838e558f615b1c798d4a488223
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      ValidFrom: '2004-01-22 09:00:00'
-      ValidTo: '2014-01-27 10:00:00'
-      Signature: 11d45d8af43d0d9d7e4fa70071610b56b34caa70e1b2d1dec7886d1d897c2ba946e58b1f8e4cc26695911fe34d394ae31b70b7446edc068a4d6d25e89812dcbca0dd864eae8f81130540905a542529944acaf165b4ef0679dae7cb86f004c918dcee72b320015748dfe333e12ccd9c077f9447278d888d340ca67c5c20c17d07b3736b648c26d29bd7e87965a6a891a174862a050282c1847cf279cd3c2a2b0f99291eea8c8a1ab16aeaa266380e65e1add8c6c91f888d3976ee1782c4138d97ce6341e77af5b4b66c15c33813b3930b620688dde1447f10a950248b60dc05f75ba514b27b56720b96eabffc057090659e051ca4dd07af4b57dec639673bc574
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9612448
-      Version: 3
-      TBS:
-        MD5: 2fc76031fc24eec1ef3db2d246d21d6a
-        SHA1: 75c3a1f76b9dfa31ef6bf56325e7bd0bf6e4779d
-        SHA256: 9238292d441c56dc89684c253343c17de3ed9cecd7f83d1d8f793b5ebc91f7b9
-        SHA384: 9279c1377eb701fdd79ef85038ff151cd8902169ba55fca84b9850f003563f73a1daaf869544252a2e42f06f58d2275f
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 0100000000010f5c98b8f5
-      Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      Version: 1
-  Imphash: bd4f9a93da2bb4b5f6e90d4f9381661c
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 56f8e517fb77f6ac31085b190051e447
-    SHA1: 2817006c320dcad5d27737f8ffa76b3652dd8a1a
-    SHA256: 633ae4822602acd252ff23e73ef4cc98130f3e3988ac459f7fda5102fcef5fce
-  Company: Elaborate Bytes AG
-  Copyright: Copyright (C) 2000 - 2009 Elaborate Bytes AG
-  CreationTimestamp: '2009-01-29 15:58:02'
-  Date: ''
-  Description: ElbyCD Windows x64 I/O driver
-  ExportedFunctions: ''
-  FileVersion: 6, 0, 2, 0
-  Filename: ''
-  ImportedFunctions:
-  - KeAcquireSpinLockRaiseToDpc
-  - KeReleaseSpinLock
-  - ZwReadFile
-  - ZwWriteFile
-  - ZwCreateFile
-  - RtlInitUnicodeString
-  - swprintf
-  - ZwQueryVolumeInformationFile
-  - ZwOpenFile
-  - ZwClose
-  - ZwQuerySymbolicLinkObject
-  - ZwOpenSymbolicLinkObject
-  - PsTerminateSystemThread
-  - KeWaitForSingleObject
-  - ZwSetInformationThread
-  - KeSetEvent
-  - ObfDereferenceObject
-  - ObReferenceObjectByHandle
-  - PsCreateSystemThread
-  - KeReleaseMutex
-  - PsGetCurrentProcessId
-  - IofCompleteRequest
-  - KeInitializeMutex
-  - ExAllocatePool
-  - ExFreePool
-  - RtlFreeUnicodeString
-  - RtlAnsiStringToUnicodeString
-  - RtlInitAnsiString
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - IofCallDriver
-  - IoBuildDeviceIoControlRequest
-  - __C_specific_handler
-  - ProbeForRead
-  - ProbeForWrite
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeBugCheckEx
-  - KeInitializeEvent
-  - KeQueryPerformanceCounter
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ElbyCDIO
-  MD5: 7db75077d53a63531ef2742d98ca6acc
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ElbyCDIO.sys
-  PDBPath: ''
-  Product: CDRTools
-  ProductVersion: 6, 0, 0, 0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 19c3041e63a42fad9800c3d4098a28a7
-    SHA1: 083ef31132cacb2ead9d826d90646517ca732570
-    SHA256: 3829fddcb11b40682e3936be4c0f376d99a9caf02692368aef98332f68ce80e8
-  SHA1: 517504aaf8afc9748d6aec657d46a6f7bbc60c09
-  SHA256: f42eb29f5b2bcb2a70d796fd71fd1b259d5380b216ee672cf46dcdd4604b87ad
-  Sections:
-    .text:
-      Entropy: 6.212128997400468
-      Virtual Size: '0x3922'
-    .rdata:
-      Entropy: 6.257713359438222
-      Virtual Size: '0xb04'
-    .data:
-      Entropy: 0.5159719988134768
-      Virtual Size: '0x110'
-    .pdata:
-      Entropy: 4.166721937534716
-      Virtual Size: '0x2d0'
-    INIT:
-      Entropy: 5.009554548726637
-      Virtual Size: '0x562'
-    .rsrc:
-      Entropy: 3.3117651862816273
-      Virtual Size: '0x4a8'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
-        Primary Object Publishing CA
-      ValidFrom: '1999-01-28 12:00:00'
-      ValidTo: '2014-01-27 11:00:00'
-      Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9611cd6
-      Version: 3
-      TBS:
-        MD5: 698f075151097d84c0b1f3e7bc3d6fca
-        SHA1: 041750993d7c9e063f02dfe74699598640911aab
-        SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
-        SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
-    - Subject: C=CH, O=Elaborate Bytes AG, CN=Elaborate Bytes AG, emailAddress=admin@elby.ch
-      ValidFrom: '2008-12-23 13:26:11'
-      ValidTo: '2011-12-23 13:26:11'
-      Signature: 5a634dbf49c9d1dbe5ed4b484689b4f95ee13686141c393683a1decdc986cf94613342607a120df492112daaa92fd772bbbcb1c0f14cec7c0c20304c92d62508859c387138f2d145dbcc54c561f1b9dd73d3686ae3859ea986e4f539db7495a64b551b60d6f976ae6075ca3f6dbe1187b875ee267784b5baefaa850078595fb8b1c8944c9c3da355a802ebc52eacb9bdffdd57b0aae5f49c02c5ae6505b7ca1afb2b29e39374eab8bf1e643c3e1c8240dc113ceb078c70a401e92d0610538eaed48e291cad84635d6100930c8e7b9801323490e4f3e58d9f9fea04843f06633f8b8a8774d2b679be008d1d92bb31815f8f01c5e08144ed9574a605b245de2ba7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0100000000011e643e96d0
-      Version: 3
-      TBS:
-        MD5: f39798a2df6dda6c76b4697e743c8b80
-        SHA1: d97d9f0d2cad2881eda58fa0467cff6396be6408
-        SHA256: 5086b06e5d91585b5a110b3ec4048ce6a43a58e4fc7eb8aa99c391af5b2f8d9f
-        SHA384: 99096e0926f74d7dd4bc744bea78d7310e623f6c782a3f38d4db933e9cdf2bc8e1b813e5f6a0aacd8e59606f075e4afd
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      ValidFrom: '2004-01-22 09:00:00'
-      ValidTo: '2014-01-27 10:00:00'
-      Signature: 11d45d8af43d0d9d7e4fa70071610b56b34caa70e1b2d1dec7886d1d897c2ba946e58b1f8e4cc26695911fe34d394ae31b70b7446edc068a4d6d25e89812dcbca0dd864eae8f81130540905a542529944acaf165b4ef0679dae7cb86f004c918dcee72b320015748dfe333e12ccd9c077f9447278d888d340ca67c5c20c17d07b3736b648c26d29bd7e87965a6a891a174862a050282c1847cf279cd3c2a2b0f99291eea8c8a1ab16aeaa266380e65e1add8c6c91f888d3976ee1782c4138d97ce6341e77af5b4b66c15c33813b3930b620688dde1447f10a950248b60dc05f75ba514b27b56720b96eabffc057090659e051ca4dd07af4b57dec639673bc574
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9612448
-      Version: 3
-      TBS:
-        MD5: 2fc76031fc24eec1ef3db2d246d21d6a
-        SHA1: 75c3a1f76b9dfa31ef6bf56325e7bd0bf6e4779d
-        SHA256: 9238292d441c56dc89684c253343c17de3ed9cecd7f83d1d8f793b5ebc91f7b9
-        SHA384: 9279c1377eb701fdd79ef85038ff151cd8902169ba55fca84b9850f003563f73a1daaf869544252a2e42f06f58d2275f
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 0100000000011e643e96d0
-      Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      Version: 1
-  Imphash: 037b9d19995faadf69a2ce134473e346
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 412ef4ebc757553588f2cab078fce8b2
-    SHA1: 66e230a181956aaddb22599e94a3ff5690f3686b
-    SHA256: a70e41db9103b4b842af8962a531adeefcaba559b12a5c0063e4084e0cee75be
-  Company: Elaborate Bytes
-  Copyright: Copyright (C) Elaborate Bytes 2000
-  CreationTimestamp: '2000-11-30 16:02:08'
-  Date: ''
-  Description: ElbyCD Windows NT/2000 I/O driver
-  ExportedFunctions: ''
-  FileVersion: 1, 0, 1, 0
-  Filename: ''
-  ImportedFunctions:
-  - RtlInitAnsiString
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - RtlInitUnicodeString
-  - IofCompleteRequest
-  - RtlFreeUnicodeString
-  - IoDeleteSymbolicLink
-  - RtlAnsiStringToUnicodeString
-  - IoDeleteDevice
-  - IoCreateUnprotectedSymbolicLink
-  - ZwCreateFile
-  - ZwCreateKey
-  - ZwOpenKey
-  - ZwDeviceIoControlFile
-  - ZwClose
-  Imports:
-  - ntoskrnl.exe
-  InternalName: ElbyCDIO
-  MD5: 520c18f50d3cb2ce162767c4c1998b86
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ElbyCDIO.sys
-  PDBPath: ''
-  Product: CDRTools
-  ProductVersion: 3, 0, 0, 1
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 4572daeecc881e542f45787723a4437f
-    SHA1: ab98fa2e494f5c14d63e10a40afe41dc972b1ce6
-    SHA256: eb9978531ba9788ada8169d387a0a5d6a44ec56025546013ebcab36d477aab65
-  SHA1: eb2496304073727564b513efd6387a77ce395443
-  SHA256: 98ec7cc994d26699f5d26103a0aeb361128cff3c2c4d624fc99126540e23e97e
-  Sections:
-    .text:
-      Entropy: 5.752189074044081
-      Virtual Size: '0x57e'
-    INIT:
-      Entropy: 4.716354335922163
-      Virtual Size: '0x1b2'
-    .rsrc:
-      Entropy: 3.325319101382068
-      Virtual Size: '0x4d8'
-    .reloc:
-      Entropy: 4.010989732097636
-      Virtual Size: '0x78'
-  Signature: ''
-  Signatures: {}
-  Imphash: cb876abd8c6ca8a47d50aec4a520a020
-  LoadsDespiteHVCI: 'TRUE'
-- Authentihash:
-    MD5: 38585151f074ca827f399c34778b18c9
-    SHA1: 48d8d3e47c7963bda3400e91f436959492cd2ad9
-    SHA256: 72876e44135f9b49932b547129e32acf9ce3df98a3f9c5c31355160f6d06ca3c
-  Company: Elaborate Bytes AG
-  Copyright: Copyright (C) 2000 - 2005 Elaborate Bytes AG
-  CreationTimestamp: '2005-04-21 05:40:36'
-  Date: ''
-  Description: ElbyCD Windows NT/2000/XP I/O driver
-  ExportedFunctions: ''
-  FileVersion: 5, 1, 0, 1
-  Filename: ''
-  ImportedFunctions:
-  - KeWaitForSingleObject
-  - ExFreePool
-  - RtlFreeUnicodeString
-  - IoDeleteSymbolicLink
-  - RtlAnsiStringToUnicodeString
-  - RtlInitAnsiString
-  - ExAllocatePool
-  - IoCreateUnprotectedSymbolicLink
-  - ZwCreateFile
-  - ZwCreateKey
-  - ZwOpenKey
-  - IoFreeMdl
-  - MmMapLockedPages
-  - MmBuildMdlForNonPagedPool
-  - IoAllocateMdl
-  - MmUnmapLockedPages
-  - MmProbeAndLockPages
-  - KeReleaseMutex
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - IofCallDriver
-  - IoBuildDeviceIoControlRequest
-  - KeInitializeEvent
-  - ObfDereferenceObject
-  - ObReferenceObjectByHandle
-  - ZwDeleteKey
-  - ZwClose
-  - ZwDeviceIoControlFile
-  - IoCreateSymbolicLink
-  - KeInitializeMutex
-  - IoCreateDevice
-  - RtlUnwind
-  - KeTickCount
-  - MmUnlockPages
-  - IofCompleteRequest
-  - KeQueryPerformanceCounter
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ElbyCDIO
-  MD5: 084a13f18856d610d44d3109a9d2acde
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ElbyCDIO.sys
-  PDBPath: ''
-  Product: CDRTools
-  ProductVersion: 5, 1, 0, 1
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 6f0797841833cc65f106ddb0968c4775
-    SHA1: ef95bab6dd0adab37fbb37450f15f0c998aa3007
-    SHA256: 0892bdefb762302cd3df4ea7e172cdf8523fa61e32ee5db38e23baea875f86e0
-  SHA1: 309a799f1a00868ab05cdbb851b3297db34d9b0d
-  SHA256: 83a1fabf782d5f041132d7c7281525f6610207b38f33ff3c5e44eb9444dd0cbc
-  Sections:
-    .text:
-      Entropy: 6.046605840515147
-      Virtual Size: '0x1704'
-    .rdata:
-      Entropy: 4.071934216777132
-      Virtual Size: '0x198'
-    .data:
-      Entropy: 1.9182958340544898
-      Virtual Size: '0x18'
-    INIT:
-      Entropy: 5.3629021368656105
-      Virtual Size: '0x400'
-    .rsrc:
-      Entropy: 3.367217874848274
-      Virtual Size: '0x500'
-    .reloc:
-      Entropy: 5.3044962687499275
-      Virtual Size: '0x1ee'
-  Signature: ''
-  Signatures: {}
-  Imphash: ca6e77f472ebd5b2ade876e7c773bb57
-  LoadsDespiteHVCI: 'TRUE'
-- Authentihash:
-    MD5: 18fb56fabbd62de931ed334197e5989c
-    SHA1: 83e3725839448a2324dc280ebb5aeb21cf1a41e8
-    SHA256: 3bf4f8cb26ba38e54636864c744aac0839e7a1d6cb7b6cf13995e8ab19b9f7f8
-  Company: Elaborate Bytes AG
-  Copyright: Copyright (C) 2000 - 2003 Elaborate Bytes AG
-  CreationTimestamp: '2003-09-15 10:57:35'
-  Date: ''
-  Description: ElbyCD Windows NT/2000/XP I/O driver
-  ExportedFunctions: ''
-  FileVersion: 4, 3, 0, 3
-  Filename: ''
-  ImportedFunctions:
-  - KeWaitForSingleObject
-  - ExFreePool
-  - RtlFreeUnicodeString
-  - IoDeleteSymbolicLink
-  - RtlAnsiStringToUnicodeString
-  - RtlInitAnsiString
-  - ExAllocatePool
-  - IoCreateUnprotectedSymbolicLink
-  - ZwCreateFile
-  - ZwCreateKey
-  - ZwOpenKey
-  - IoFreeMdl
-  - MmMapLockedPages
-  - MmBuildMdlForNonPagedPool
-  - IoAllocateMdl
-  - MmUnmapLockedPages
-  - KeReleaseMutex
-  - MmUnlockPages
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - IofCallDriver
-  - IoBuildDeviceIoControlRequest
-  - KeInitializeEvent
-  - ObfDereferenceObject
-  - ObReferenceObjectByHandle
-  - ZwDeleteKey
-  - ZwClose
-  - ZwDeviceIoControlFile
-  - IoCreateSymbolicLink
-  - KeInitializeMutex
-  - IoCreateDevice
-  - RtlUnwind
-  - MmProbeAndLockPages
-  - IofCompleteRequest
-  - KeQueryPerformanceCounter
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ElbyCDIO
-  MD5: 37c3a9fef349d13685ec9c2acaaeafce
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ElbyCDIO.sys
-  PDBPath: ''
-  Product: CDRTools
-  ProductVersion: 4, 3, 0, 0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 7d357a968c06de113fc7cd4ee41a5c30
-    SHA1: 3f129b8486a9be0877c6316ac38e0c083e38f22e
-    SHA256: 7ddb39875104d8c7226a102d142642322f7082c0dd7f8c6af57bdccdf9509898
-  SHA1: 5b83c61178afb87ef7d58fd786808effcaaae861
-  SHA256: 51480eebbbfb684149842c3e19a8ffbd3f71183c017e0c4bc6cf06aacf9c0292
-  Sections:
-    .text:
-      Entropy: 6.141181767034272
-      Virtual Size: '0x15cc'
-    .rdata:
-      Entropy: 4.409291785316403
-      Virtual Size: '0x12d'
-    .data:
-      Entropy: -0.0
-      Virtual Size: '0x4'
-    INIT:
-      Entropy: 5.197390663550614
-      Virtual Size: '0x3b6'
-    .rsrc:
-      Entropy: 3.3444284436528027
-      Virtual Size: '0x4e0'
-    .reloc:
-      Entropy: 5.266299268761837
-      Virtual Size: '0x1d2'
-  Signature: ''
-  Signatures: {}
-  Imphash: 32247962aa01af8ad5dca696260a05ab
-  LoadsDespiteHVCI: 'TRUE'
-- Authentihash:
-    MD5: 6322f5016d86ff1f4d4e5473881d1feb
-    SHA1: 8cefaf430f293e4700861112a94f360ef6b57907
-    SHA256: c155197986db77be55716c49262ac009aefce647dae68268a2b9c7a7fd97c7a0
-  Company: Elaborate Bytes AG
-  Copyright: Copyright (C) 2000 - 2007 Elaborate Bytes AG
-  CreationTimestamp: '2007-08-03 17:44:47'
-  Date: ''
-  Description: ElbyCD Windows x64 I/O driver
-  ExportedFunctions: ''
-  FileVersion: 6, 0, 0, 9
-  Filename: ''
-  ImportedFunctions:
-  - KeAcquireSpinLockRaiseToDpc
-  - KeReleaseSpinLock
-  - ZwReadFile
-  - ZwWriteFile
-  - ZwClose
-  - ZwSetInformationFile
-  - ZwQueryInformationFile
-  - ZwOpenFile
-  - RtlInitUnicodeString
-  - ZwCreateFile
-  - ZwCreateKey
-  - swprintf
-  - ZwQueryVolumeInformationFile
-  - ZwQuerySymbolicLinkObject
-  - ZwOpenSymbolicLinkObject
-  - ZwQueryValueKey
-  - ZwOpenKey
-  - ZwSetValueKey
-  - ZwSetInformationThread
-  - PsTerminateSystemThread
-  - KeWaitForSingleObject
-  - KeSetEvent
-  - ObfDereferenceObject
-  - ObReferenceObjectByHandle
-  - PsCreateSystemThread
-  - KeReleaseMutex
-  - PsGetCurrentProcessId
-  - IofCompleteRequest
-  - ExAllocatePool
-  - ExFreePool
-  - RtlFreeUnicodeString
-  - RtlAnsiStringToUnicodeString
-  - RtlInitAnsiString
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - IofCallDriver
-  - IoBuildDeviceIoControlRequest
-  - __C_specific_handler
-  - IoFreeMdl
-  - MmUnlockPages
-  - MmMapLockedPages
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - ZwDeleteKey
-  - ZwDeviceIoControlFile
-  - IoCreateSymbolicLink
-  - KeInitializeMutex
-  - IoCreateDevice
-  - KeBugCheckEx
-  - KeInitializeEvent
-  - KeQueryPerformanceCounter
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ElbyCDIO
-  MD5: 239224202ccdea1f09813a70be8413ee
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ElbyCDIO.sys
-  PDBPath: ''
-  Product: CDRTools
-  ProductVersion: 6, 0, 0, 0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 8950d52e0c8fa95c85dc60914efa8fad
-    SHA1: 4eae47391f4247edb70e318d50bf205e77411897
-    SHA256: a08f9802da8b030d083d66f587f90807ae23ce8757b1f08932e2570f7287bcac
-  SHA1: 3048f3422b2b31b74eace0dab3f5c4440bdc7bb2
-  SHA256: 9ca586b49135166eea00c6f83329a2d134152e0e9423822a51c13394265b6340
-  Sections:
-    .text:
-      Entropy: 6.188968125347442
-      Virtual Size: '0x3e02'
-    .rdata:
-      Entropy: 6.1754487168128005
-      Virtual Size: '0xb90'
-    .data:
-      Entropy: 0.5159719988134768
-      Virtual Size: '0x110'
-    .pdata:
-      Entropy: 4.1596812588931975
-      Virtual Size: '0x2f4'
-    INIT:
-      Entropy: 5.027185950670429
-      Virtual Size: '0x684'
-    .rsrc:
-      Entropy: 3.3124822609227964
-      Virtual Size: '0x4a8'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=CH, O=Elaborate Bytes AG, CN=Elaborate Bytes AG, emailAddress=admin@elby.ch
-      ValidFrom: '2006-12-07 11:07:29'
-      ValidTo: '2008-12-07 11:07:29'
-      Signature: 312a78bb7289ca49f93bb483f0a56c77003b9bc3dda8096af5a455a642aeb201ceaadcacce82396eadef1bc05108e296eae1d8d074949170f28f78fa24bed56e7dca69067866d2d790c10929db5d6e7026906dc96a4c3e2b0254b86328393272826bad272dc3911b2c3ec6832d88e95a696d7e5da86c3f946c306df5a5d7e78b0cba5df4d78035e76fa33c452afc780ffe36246c58fdd0e150d22fce7df4dd954eae19a60009e5b99b8649b6d728a46bd9f90ddfbccb6951dfa7b106a6d0fda3b76b23ef475dcf2d1147ae15d4d34035e1929681fe802dfbc5bbbcd98e107c39cbe07cce6911a9202709853bcc4748fde8dc409b7939be5e4b6c97fb90dc6031
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0100000000010f5c98b8f5
-      Version: 3
-      TBS:
-        MD5: 832074a51bea8e4758c8dfeb2e96ad84
-        SHA1: 04ba895ed074635a01875a1f25da93e2e2cbbfba
-        SHA256: c5ba90a16c07cee0cb480ee21c9bedaf3ea4cbe004589b74fb9c2c0bedbc7c1b
-        SHA384: 94a7139c5e1fb29c73f8882dc40027a3929d0aab66c9be0138707c68ba43a1f329477f4bcec47cb0d0d48e918fecc91d
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
-        Primary Object Publishing CA
-      ValidFrom: '1999-01-28 12:00:00'
-      ValidTo: '2014-01-27 11:00:00'
-      Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9611cd6
-      Version: 3
-      TBS:
-        MD5: 698f075151097d84c0b1f3e7bc3d6fca
-        SHA1: 041750993d7c9e063f02dfe74699598640911aab
-        SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
-        SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      ValidFrom: '2004-01-22 09:00:00'
-      ValidTo: '2014-01-27 10:00:00'
-      Signature: 11d45d8af43d0d9d7e4fa70071610b56b34caa70e1b2d1dec7886d1d897c2ba946e58b1f8e4cc26695911fe34d394ae31b70b7446edc068a4d6d25e89812dcbca0dd864eae8f81130540905a542529944acaf165b4ef0679dae7cb86f004c918dcee72b320015748dfe333e12ccd9c077f9447278d888d340ca67c5c20c17d07b3736b648c26d29bd7e87965a6a891a174862a050282c1847cf279cd3c2a2b0f99291eea8c8a1ab16aeaa266380e65e1add8c6c91f888d3976ee1782c4138d97ce6341e77af5b4b66c15c33813b3930b620688dde1447f10a950248b60dc05f75ba514b27b56720b96eabffc057090659e051ca4dd07af4b57dec639673bc574
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9612448
-      Version: 3
-      TBS:
-        MD5: 2fc76031fc24eec1ef3db2d246d21d6a
-        SHA1: 75c3a1f76b9dfa31ef6bf56325e7bd0bf6e4779d
-        SHA256: 9238292d441c56dc89684c253343c17de3ed9cecd7f83d1d8f793b5ebc91f7b9
-        SHA384: 9279c1377eb701fdd79ef85038ff151cd8902169ba55fca84b9850f003563f73a1daaf869544252a2e42f06f58d2275f
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 0100000000010f5c98b8f5
-      Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      Version: 1
-  Imphash: 7e798c3abcbd0f1cfa8b2b9688e01936
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: da95f12b1f0747d1890aa9224b3753cd
-    SHA1: 63ab2ebc7c24394a2273150f8cf416aa9a043ce9
-    SHA256: 992eb531739029456311043f99fa48ac896a59e70edc48093facaf3479e0c3f0
-  Company: Elaborate Bytes AG
-  Copyright: Copyright (C) 2000 - 2008 Elaborate Bytes AG
-  CreationTimestamp: '2008-12-30 10:07:45'
-  Date: ''
-  Description: ElbyCD Windows NT/2000/XP I/O driver
-  ExportedFunctions: ''
-  FileVersion: 6, 0, 1, 3
-  Filename: ''
-  ImportedFunctions:
-  - ProbeForWrite
-  - _except_handler3
-  - ZwReadFile
-  - ZwWriteFile
-  - ZwCreateFile
-  - RtlInitUnicodeString
-  - swprintf
-  - ZwQueryVolumeInformationFile
-  - ZwOpenFile
-  - ZwClose
-  - ZwQuerySymbolicLinkObject
-  - ZwOpenSymbolicLinkObject
-  - PsTerminateSystemThread
-  - KeWaitForSingleObject
-  - ZwSetInformationThread
-  - KeSetEvent
-  - ObfDereferenceObject
-  - ObReferenceObjectByHandle
-  - PsCreateSystemThread
-  - KeInitializeEvent
-  - KeReleaseMutex
-  - PsGetCurrentProcessId
-  - ProbeForRead
-  - KeInitializeMutex
-  - ExAllocatePool
-  - RtlFreeUnicodeString
-  - RtlAnsiStringToUnicodeString
-  - RtlInitAnsiString
-  - ZwCreateKey
-  - ZwOpenKey
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - IofCallDriver
-  - IoBuildDeviceIoControlRequest
-  - IoFreeMdl
-  - MmUnlockPages
-  - MmMapLockedPages
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - ZwDeleteKey
-  - ZwDeviceIoControlFile
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeTickCount
-  - KeBugCheckEx
-  - KeInitializeSpinLock
-  - ExFreePool
-  - IofCompleteRequest
-  - KfReleaseSpinLock
-  - KfAcquireSpinLock
-  - KeQueryPerformanceCounter
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ElbyCDIO
-  MD5: 384370c812acb7181f972d57dc77c324
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ElbyCDIO.sys
-  PDBPath: ''
-  Product: CDRTools
-  ProductVersion: 6, 0, 0, 0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 2217e43755e8c1e005309e82a43575ba
-    SHA1: 181c1217f38458e9444fcb3793a73006da879861
-    SHA256: 2ef6823b4586266ec12007db69887e6ca9d47210153ae3a068990bd4cbd3f68f
-  SHA1: 4a887ae6b773000864f9228800aab75e6ff34240
-  SHA256: 16b591cf5dc1e7282fdb25e45497fe3efc8095cbe31c05f6d97c5221a9a547e1
-  Sections:
-    .text:
-      Entropy: 6.423870952571043
-      Virtual Size: '0x2cec'
-    .rdata:
-      Entropy: 7.111588473125042
-      Virtual Size: '0x5f4'
-    .data:
-      Entropy: 2.0
-      Virtual Size: '0x4'
-    INIT:
-      Entropy: 5.425383304434217
-      Virtual Size: '0x560'
-    .rsrc:
-      Entropy: 3.3358251627005076
-      Virtual Size: '0x4d8'
-    .reloc:
-      Entropy: 4.986377816263342
-      Virtual Size: '0x1d2'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
-        Primary Object Publishing CA
-      ValidFrom: '1999-01-28 12:00:00'
-      ValidTo: '2014-01-27 11:00:00'
-      Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9611cd6
-      Version: 3
-      TBS:
-        MD5: 698f075151097d84c0b1f3e7bc3d6fca
-        SHA1: 041750993d7c9e063f02dfe74699598640911aab
-        SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
-        SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
-    - Subject: C=CH, O=Elaborate Bytes AG, CN=Elaborate Bytes AG, emailAddress=admin@elby.ch
-      ValidFrom: '2008-12-23 13:26:11'
-      ValidTo: '2011-12-23 13:26:11'
-      Signature: 5a634dbf49c9d1dbe5ed4b484689b4f95ee13686141c393683a1decdc986cf94613342607a120df492112daaa92fd772bbbcb1c0f14cec7c0c20304c92d62508859c387138f2d145dbcc54c561f1b9dd73d3686ae3859ea986e4f539db7495a64b551b60d6f976ae6075ca3f6dbe1187b875ee267784b5baefaa850078595fb8b1c8944c9c3da355a802ebc52eacb9bdffdd57b0aae5f49c02c5ae6505b7ca1afb2b29e39374eab8bf1e643c3e1c8240dc113ceb078c70a401e92d0610538eaed48e291cad84635d6100930c8e7b9801323490e4f3e58d9f9fea04843f06633f8b8a8774d2b679be008d1d92bb31815f8f01c5e08144ed9574a605b245de2ba7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0100000000011e643e96d0
-      Version: 3
-      TBS:
-        MD5: f39798a2df6dda6c76b4697e743c8b80
-        SHA1: d97d9f0d2cad2881eda58fa0467cff6396be6408
-        SHA256: 5086b06e5d91585b5a110b3ec4048ce6a43a58e4fc7eb8aa99c391af5b2f8d9f
-        SHA384: 99096e0926f74d7dd4bc744bea78d7310e623f6c782a3f38d4db933e9cdf2bc8e1b813e5f6a0aacd8e59606f075e4afd
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      ValidFrom: '2004-01-22 09:00:00'
-      ValidTo: '2014-01-27 10:00:00'
-      Signature: 11d45d8af43d0d9d7e4fa70071610b56b34caa70e1b2d1dec7886d1d897c2ba946e58b1f8e4cc26695911fe34d394ae31b70b7446edc068a4d6d25e89812dcbca0dd864eae8f81130540905a542529944acaf165b4ef0679dae7cb86f004c918dcee72b320015748dfe333e12ccd9c077f9447278d888d340ca67c5c20c17d07b3736b648c26d29bd7e87965a6a891a174862a050282c1847cf279cd3c2a2b0f99291eea8c8a1ab16aeaa266380e65e1add8c6c91f888d3976ee1782c4138d97ce6341e77af5b4b66c15c33813b3930b620688dde1447f10a950248b60dc05f75ba514b27b56720b96eabffc057090659e051ca4dd07af4b57dec639673bc574
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9612448
-      Version: 3
-      TBS:
-        MD5: 2fc76031fc24eec1ef3db2d246d21d6a
-        SHA1: 75c3a1f76b9dfa31ef6bf56325e7bd0bf6e4779d
-        SHA256: 9238292d441c56dc89684c253343c17de3ed9cecd7f83d1d8f793b5ebc91f7b9
-        SHA384: 9279c1377eb701fdd79ef85038ff151cd8902169ba55fca84b9850f003563f73a1daaf869544252a2e42f06f58d2275f
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 0100000000011e643e96d0
-      Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      Version: 1
-  Imphash: aa03d5a319bc221875846e19e01276f7
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: fc16498ddf3716e03fdd527c456ea80b
-    SHA1: 7436e16cf348558015593cbf5ab9c117d97738cc
-    SHA256: a3cf1a6edd205e04653b4338c077072ee753cde0a692490ecaf7afde27df5f0b
-  Company: Elaborate Bytes AG
-  Copyright: Copyright (C) 2000 - 2006 Elaborate Bytes AG
-  CreationTimestamp: '2006-12-12 15:48:53'
-  Date: ''
-  Description: ElbyCD Windows NT/2000/XP I/O driver
-  ExportedFunctions: ''
-  FileVersion: 6, 0, 0, 1
-  Filename: ''
-  ImportedFunctions:
-  - KeWaitForSingleObject
-  - RtlFreeUnicodeString
-  - ZwCreateFile
-  - RtlAnsiStringToUnicodeString
-  - RtlInitAnsiString
-  - ZwCreateKey
-  - ZwOpenKey
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - IofCallDriver
-  - IoBuildDeviceIoControlRequest
-  - KeInitializeEvent
-  - IoFreeMdl
-  - MmUnlockPages
-  - KeReleaseMutex
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - ExFreePool
-  - ObfDereferenceObject
-  - ObReferenceObjectByHandle
-  - ExAllocatePool
-  - ZwDeleteKey
-  - ZwClose
-  - ZwDeviceIoControlFile
-  - IoCreateSymbolicLink
-  - KeInitializeMutex
-  - IoCreateDevice
-  - RtlUnwind
-  - KeTickCount
-  - MmMapLockedPages
-  - IofCompleteRequest
-  - KeQueryPerformanceCounter
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ElbyCDIO
-  MD5: c9c7113f5e15f70fcc576e835c859d56
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ElbyCDIO.sys
-  PDBPath: ''
-  Product: CDRTools
-  ProductVersion: 6, 0, 0, 0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: c15e20cb179a835c6a295f891d4f43f6
-    SHA1: fb716dec77e711df26bca8c29284c5c21c92a808
-    SHA256: 626b9fbb41fcf7bc7185e02b6d4ca83f5070929c4645876c4b19aa50765655e1
-  SHA1: 0aecdc0b8208b81b0c37eef3b0eaea8d8ebef42e
-  SHA256: b11e109f6b3dbc8aa82cd7da0b7ba93d07d9809ee2a4b21ec014f6a676a53027
-  Sections:
-    .text:
-      Entropy: 6.0145723403420055
-      Virtual Size: '0xe10'
-    .rdata:
-      Entropy: 3.950676692337647
-      Virtual Size: '0x178'
-    .data:
-      Entropy: 1.9182958340544898
-      Virtual Size: '0x18'
-    INIT:
-      Entropy: 5.282185901600035
-      Virtual Size: '0x3a0'
-    .rsrc:
-      Entropy: 3.322524044533632
-      Virtual Size: '0x4d8'
-    .reloc:
-      Entropy: 4.897249100220145
-      Virtual Size: '0x134'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=CH, O=Elaborate Bytes AG, CN=Elaborate Bytes AG, emailAddress=admin@elby.ch
-      ValidFrom: '2006-12-07 11:07:29'
-      ValidTo: '2008-12-07 11:07:29'
-      Signature: 312a78bb7289ca49f93bb483f0a56c77003b9bc3dda8096af5a455a642aeb201ceaadcacce82396eadef1bc05108e296eae1d8d074949170f28f78fa24bed56e7dca69067866d2d790c10929db5d6e7026906dc96a4c3e2b0254b86328393272826bad272dc3911b2c3ec6832d88e95a696d7e5da86c3f946c306df5a5d7e78b0cba5df4d78035e76fa33c452afc780ffe36246c58fdd0e150d22fce7df4dd954eae19a60009e5b99b8649b6d728a46bd9f90ddfbccb6951dfa7b106a6d0fda3b76b23ef475dcf2d1147ae15d4d34035e1929681fe802dfbc5bbbcd98e107c39cbe07cce6911a9202709853bcc4748fde8dc409b7939be5e4b6c97fb90dc6031
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0100000000010f5c98b8f5
-      Version: 3
-      TBS:
-        MD5: 832074a51bea8e4758c8dfeb2e96ad84
-        SHA1: 04ba895ed074635a01875a1f25da93e2e2cbbfba
-        SHA256: c5ba90a16c07cee0cb480ee21c9bedaf3ea4cbe004589b74fb9c2c0bedbc7c1b
-        SHA384: 94a7139c5e1fb29c73f8882dc40027a3929d0aab66c9be0138707c68ba43a1f329477f4bcec47cb0d0d48e918fecc91d
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
-        Primary Object Publishing CA
-      ValidFrom: '1999-01-28 12:00:00'
-      ValidTo: '2014-01-27 11:00:00'
-      Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9611cd6
-      Version: 3
-      TBS:
-        MD5: 698f075151097d84c0b1f3e7bc3d6fca
-        SHA1: 041750993d7c9e063f02dfe74699598640911aab
-        SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
-        SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2008-12-03 23:59:59'
-      Signature: 877870da4e5201205be079c98230c4fdb91996bd9100c3bdcdcdc6f40ed8fff94dc033623011c5f5741bd492de5f9c2013b17c45be50cd83e7801783a72793671346fbcab8984103cc9b515b058b7fa86ff31b501b242ef2698d6c22f7bbca1695ed0c74c06877d9eb996287c17390f889747a23aba3987b97b1f78f29714d2e751b4841daf0b50d2054d677a097826369fd09cf8af075bb099bd9f91155269a6132be7a02b07b86bea2c38b222c78d13576bc92735cf9b9e64c150a23cce4d2d4342e4940153c0f607a24c6a566ef96cf70eb3ee7f40d7edcd17ca3767169c19c4f47303521b1a2af1a623c2bd98eaa2a077bd818b35c7be29da56ffe3c89ad
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0de92bf0d4d82988183205095e9a7688
-      Version: 3
-      TBS:
-        MD5: 45c204b8a20f6abb0188d2d38a3fb0c9
-        SHA1: cdf3a3c5c2eda4c29621f30fd3154f9f8c765739
-        SHA256: e32839dddc0f4ed2474efaf37f59d46db400c700fd19533cb0895a111124bc77
-        SHA384: ee9c75832cb252218b3201619852209df490d2ef7a5f7a28afdb37f1c1dd56f4604898838e558f615b1c798d4a488223
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      ValidFrom: '2004-01-22 09:00:00'
-      ValidTo: '2014-01-27 10:00:00'
-      Signature: 11d45d8af43d0d9d7e4fa70071610b56b34caa70e1b2d1dec7886d1d897c2ba946e58b1f8e4cc26695911fe34d394ae31b70b7446edc068a4d6d25e89812dcbca0dd864eae8f81130540905a542529944acaf165b4ef0679dae7cb86f004c918dcee72b320015748dfe333e12ccd9c077f9447278d888d340ca67c5c20c17d07b3736b648c26d29bd7e87965a6a891a174862a050282c1847cf279cd3c2a2b0f99291eea8c8a1ab16aeaa266380e65e1add8c6c91f888d3976ee1782c4138d97ce6341e77af5b4b66c15c33813b3930b620688dde1447f10a950248b60dc05f75ba514b27b56720b96eabffc057090659e051ca4dd07af4b57dec639673bc574
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9612448
-      Version: 3
-      TBS:
-        MD5: 2fc76031fc24eec1ef3db2d246d21d6a
-        SHA1: 75c3a1f76b9dfa31ef6bf56325e7bd0bf6e4779d
-        SHA256: 9238292d441c56dc89684c253343c17de3ed9cecd7f83d1d8f793b5ebc91f7b9
-        SHA384: 9279c1377eb701fdd79ef85038ff151cd8902169ba55fca84b9850f003563f73a1daaf869544252a2e42f06f58d2275f
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 0100000000010f5c98b8f5
-      Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      Version: 1
-  Imphash: b91054cdc4c8b3169cfe6c157f6d9f07
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 73002b48efe7e3852acc803a2a0bc806
-    SHA1: c3fb8cdc5b36a3f5a6505c2ee3ecdfba2c314703
-    SHA256: a975856b36523ab51b5c4043bc7b13ed22cd74c2a01b6763a89c118563227bd3
-  Company: Elaborate Bytes AG
-  Copyright: Copyright (C) 2000 - 2002 Elaborate Bytes AG
-  CreationTimestamp: '2002-11-29 04:38:16'
-  Date: ''
-  Description: ElbyCD Windows NT/2000/XP I/O driver
-  ExportedFunctions: ''
-  FileVersion: 4, 2, 0, 0
-  Filename: ''
-  ImportedFunctions:
-  - IoCreateSymbolicLink
-  - KeInitializeMutex
-  - IoCreateDevice
-  - RtlInitUnicodeString
-  - IofCompleteRequest
-  - KeReleaseMutex
-  - KeWaitForSingleObject
-  - ExFreePool
-  - IoCreateUnprotectedSymbolicLink
-  - RtlFreeUnicodeString
-  - RtlAnsiStringToUnicodeString
-  - RtlInitAnsiString
-  - IoFreeMdl
-  - MmUnmapLockedPages
-  - MmUnlockPages
-  - ZwDeleteKey
-  - IofCallDriver
-  - IoBuildDeviceIoControlRequest
-  - IoDeleteDevice
-  - ZwClose
-  - IoDeleteSymbolicLink
-  - ExAllocatePoolWithTag
-  - ZwCreateFile
-  - ZwCreateKey
-  - ZwOpenKey
-  - MmMapLockedPages
-  - MmBuildMdlForNonPagedPool
-  - IoAllocateMdl
-  - MmProbeAndLockPages
-  - ObfDereferenceObject
-  - ObReferenceObjectByHandle
-  - KeSetEvent
-  - InterlockedDecrement
-  - InterlockedExchange
-  - IoGetDeviceObjectPointer
-  - InterlockedIncrement
-  - RtlUnwind
-  - ZwDeviceIoControlFile
-  - KeInitializeEvent
-  - KeQueryPerformanceCounter
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ElbyCDIO
-  MD5: 389823db299b350f2ee830d47376eeac
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ElbyCDIO.sys
-  PDBPath: ''
-  Product: CDRTools
-  ProductVersion: 4, 2, 0, 0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 33aa6ad4da57c65cb3bc7804b52f9f85
-    SHA1: 183a65bcf6812eff3f15bff51b8d93be23033e51
-    SHA256: 14754aac57514a4defbf148a27bd52f604f0889e01a06ecd82ca57e0617063bb
-  SHA1: 22c909898f5babe37cc421b4f5ed0522196f8127
-  SHA256: af16c36480d806adca881e4073dcd41acb20c35ed0b1a8f9bd4331de655036e1
-  Sections:
-    .text:
-      Entropy: 6.233851950481471
-      Virtual Size: '0x184e'
-    .data:
-      Entropy: -0.0
-      Virtual Size: '0x4'
-    INIT:
-      Entropy: 5.158307594735602
-      Virtual Size: '0x440'
-    .rsrc:
-      Entropy: 3.345760450837308
-      Virtual Size: '0x510'
-    .reloc:
-      Entropy: 5.453740684150887
-      Virtual Size: '0x1b2'
-  Signature: ''
-  Signatures: {}
-  Imphash: b7a0100fe60d7a8263da64820f7d0120
-  LoadsDespiteHVCI: 'TRUE'
-- Authentihash:
-    MD5: 90d8ab45c4a785f983786f7c088ba9ea
-    SHA1: cd9c30ba2ab80129eaa603a81ae3a7050add5894
-    SHA256: 34d55c87feec5eeb4f826fc6301c22017cd3e83387529a06c5493c260597599b
-  Company: Elaborate Bytes AG
-  Copyright: Copyright (C) 2000 - 2007 Elaborate Bytes AG
-  CreationTimestamp: '2007-08-01 15:38:17'
-  Date: ''
-  Description: ElbyCD Windows x64 I/O driver
-  ExportedFunctions: ''
-  FileVersion: 6, 0, 0, 7
-  Filename: ''
-  ImportedFunctions:
-  - KeAcquireSpinLockRaiseToDpc
-  - KeReleaseSpinLock
-  - ZwReadFile
-  - ZwWriteFile
-  - ZwClose
-  - ZwSetInformationFile
-  - ZwQueryInformationFile
-  - ZwOpenFile
-  - RtlInitUnicodeString
-  - ZwCreateFile
-  - ZwOpenKey
-  - swprintf
-  - ZwQueryVolumeInformationFile
-  - ZwQuerySymbolicLinkObject
-  - ZwOpenSymbolicLinkObject
-  - PsTerminateSystemThread
-  - ZwQueryInformationProcess
-  - ZwSetInformationThread
-  - KeReleaseMutex
-  - ObfDereferenceObject
-  - KeWaitForMultipleObjects
-  - PsCreateSystemThread
-  - KeWaitForSingleObject
-  - ObReferenceObjectByHandle
-  - ZwOpenProcess
-  - KeInitializeEvent
-  - PsGetCurrentProcessId
-  - IofCompleteRequest
-  - KeInitializeMutex
-  - ExAllocatePool
-  - ExFreePool
-  - RtlFreeUnicodeString
-  - RtlAnsiStringToUnicodeString
-  - RtlInitAnsiString
-  - ZwCreateKey
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - IofCallDriver
-  - IoBuildDeviceIoControlRequest
-  - __C_specific_handler
-  - IoFreeMdl
-  - MmUnlockPages
-  - MmMapLockedPages
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - ZwDeleteKey
-  - ZwDeviceIoControlFile
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeBugCheckEx
-  - KeSetEvent
-  - KeQueryPerformanceCounter
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ElbyCDIO
-  MD5: 07fc1e043654fdde56da98d93523635c
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ElbyCDIO.sys
-  PDBPath: ''
-  Product: CDRTools
-  ProductVersion: 6, 0, 0, 0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 874dfd989f2b89a3c9dc3332aa89b783
-    SHA1: ad7fbd30f31d4f229f54e54cd2ada523d42f7f0b
-    SHA256: a410ec935e4d2bd05d28e73a07a0b8bdca974c7b886e69589975b63835bd3b04
-  SHA1: 7ee65bedaf7967c752831c83e26540e65358175e
-  SHA256: 7cf756afcaf2ce4f8fb479fdede152a17eabf4c5c7c329699dab026a4c1d4fd0
-  Sections:
-    .text:
-      Entropy: 6.173973377009215
-      Virtual Size: '0x4292'
-    .rdata:
-      Entropy: 6.115632894160688
-      Virtual Size: '0xc88'
-    .data:
-      Entropy: 0.5159719988134768
-      Virtual Size: '0x110'
-    .pdata:
-      Entropy: 4.217934892681612
-      Virtual Size: '0x384'
-    INIT:
-      Entropy: 5.047783889667945
-      Virtual Size: '0x6b2'
-    .rsrc:
-      Entropy: 3.3131155558071614
-      Virtual Size: '0x4a8'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=CH, O=Elaborate Bytes AG, CN=Elaborate Bytes AG, emailAddress=admin@elby.ch
-      ValidFrom: '2006-12-07 11:07:29'
-      ValidTo: '2008-12-07 11:07:29'
-      Signature: 312a78bb7289ca49f93bb483f0a56c77003b9bc3dda8096af5a455a642aeb201ceaadcacce82396eadef1bc05108e296eae1d8d074949170f28f78fa24bed56e7dca69067866d2d790c10929db5d6e7026906dc96a4c3e2b0254b86328393272826bad272dc3911b2c3ec6832d88e95a696d7e5da86c3f946c306df5a5d7e78b0cba5df4d78035e76fa33c452afc780ffe36246c58fdd0e150d22fce7df4dd954eae19a60009e5b99b8649b6d728a46bd9f90ddfbccb6951dfa7b106a6d0fda3b76b23ef475dcf2d1147ae15d4d34035e1929681fe802dfbc5bbbcd98e107c39cbe07cce6911a9202709853bcc4748fde8dc409b7939be5e4b6c97fb90dc6031
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0100000000010f5c98b8f5
-      Version: 3
-      TBS:
-        MD5: 832074a51bea8e4758c8dfeb2e96ad84
-        SHA1: 04ba895ed074635a01875a1f25da93e2e2cbbfba
-        SHA256: c5ba90a16c07cee0cb480ee21c9bedaf3ea4cbe004589b74fb9c2c0bedbc7c1b
-        SHA384: 94a7139c5e1fb29c73f8882dc40027a3929d0aab66c9be0138707c68ba43a1f329477f4bcec47cb0d0d48e918fecc91d
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
-        Primary Object Publishing CA
-      ValidFrom: '1999-01-28 12:00:00'
-      ValidTo: '2014-01-27 11:00:00'
-      Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9611cd6
-      Version: 3
-      TBS:
-        MD5: 698f075151097d84c0b1f3e7bc3d6fca
-        SHA1: 041750993d7c9e063f02dfe74699598640911aab
-        SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
-        SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      ValidFrom: '2004-01-22 09:00:00'
-      ValidTo: '2014-01-27 10:00:00'
-      Signature: 11d45d8af43d0d9d7e4fa70071610b56b34caa70e1b2d1dec7886d1d897c2ba946e58b1f8e4cc26695911fe34d394ae31b70b7446edc068a4d6d25e89812dcbca0dd864eae8f81130540905a542529944acaf165b4ef0679dae7cb86f004c918dcee72b320015748dfe333e12ccd9c077f9447278d888d340ca67c5c20c17d07b3736b648c26d29bd7e87965a6a891a174862a050282c1847cf279cd3c2a2b0f99291eea8c8a1ab16aeaa266380e65e1add8c6c91f888d3976ee1782c4138d97ce6341e77af5b4b66c15c33813b3930b620688dde1447f10a950248b60dc05f75ba514b27b56720b96eabffc057090659e051ca4dd07af4b57dec639673bc574
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9612448
-      Version: 3
-      TBS:
-        MD5: 2fc76031fc24eec1ef3db2d246d21d6a
-        SHA1: 75c3a1f76b9dfa31ef6bf56325e7bd0bf6e4779d
-        SHA256: 9238292d441c56dc89684c253343c17de3ed9cecd7f83d1d8f793b5ebc91f7b9
-        SHA384: 9279c1377eb701fdd79ef85038ff151cd8902169ba55fca84b9850f003563f73a1daaf869544252a2e42f06f58d2275f
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 0100000000010f5c98b8f5
-      Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      Version: 1
-  Imphash: afee876e89b51e2cc7c91353fb588fe6
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: af23e615a116b1c4976d0f53d4369431
-    SHA1: 330d0e648948b46ba1f3c7297f92f4c8f6b686a8
-    SHA256: 80b9c02772e93f64330ad2ccfa04e10d2546732de00626e85f42c19dc53019f1
-  Company: Elaborate Bytes
-  Copyright: Copyright (C) Elaborate Bytes 2000
-  CreationTimestamp: '2001-03-27 07:38:46'
-  Date: ''
-  Description: ElbyCD Windows NT/2000 I/O driver
-  ExportedFunctions: ''
-  FileVersion: 3, 0, 0, 0
-  Filename: ''
-  ImportedFunctions:
-  - MmUnmapLockedPages
-  - IoCreateSymbolicLink
-  - KeInitializeMutex
-  - IoCreateDevice
-  - RtlInitUnicodeString
-  - IofCompleteRequest
-  - KeReleaseMutex
-  - KeWaitForSingleObject
-  - PsGetCurrentProcessId
-  - ExFreePool
-  - IoCreateUnprotectedSymbolicLink
-  - RtlFreeUnicodeString
-  - RtlAnsiStringToUnicodeString
-  - RtlInitAnsiString
-  - IoFreeMdl
-  - IoDeleteDevice
-  - MmUnlockPages
-  - ZwDeviceIoControlFile
-  - ZwClose
-  - IoDeleteSymbolicLink
-  - ExAllocatePoolWithTag
-  - ZwCreateFile
-  - ZwCreateKey
-  - ZwOpenKey
-  - MmMapLockedPages
-  - MmBuildMdlForNonPagedPool
-  - IoAllocateMdl
-  - MmProbeAndLockPages
-  - RtlUnwind
-  Imports:
-  - ntoskrnl.exe
-  InternalName: ElbyCDIO
-  MD5: d1f9ffe5569642c8f8c10ed7ee5d9391
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ElbyCDIO.sys
-  PDBPath: ''
-  Product: CDRTools
-  ProductVersion: 3, 0, 0, 5
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: ac89ec59ccd52561baecef043386db39
-    SHA1: 58f397cd4214fef5c60388c1ac8ea7ac5796ee22
-    SHA256: 767dd9bfd22782127ce1fb08657a6299f4844de09b85d76035c9706a96861798
-  SHA1: feb8e6e7419713a2993c48b9758c039bd322b699
-  SHA256: 07af8c5659ad293214364789df270c0e6d03d90f4f4495da76abc2d534c64d88
-  Sections:
-    .text:
-      Entropy: 6.216558319832571
-      Virtual Size: '0xea8'
-    INIT:
-      Entropy: 5.117148951216235
-      Virtual Size: '0x2fa'
-    .rsrc:
-      Entropy: 3.3316925889474445
-      Virtual Size: '0x4d8'
-    .reloc:
-      Entropy: 5.060131110565544
-      Virtual Size: '0x112'
-  Signature: ''
-  Signatures: {}
-  Imphash: b5967a61e1a4e1d57b3d8ffefc5721ed
-  LoadsDespiteHVCI: 'TRUE'
-- Authentihash:
-    MD5: a3e446885ff8aeb08aebf648e0658e2f
-    SHA1: 8644110e1460c97743ad9f632dde2e5122bfbb26
-    SHA256: a233680b53bcdfba264005644e51bfa4ba9923f0a3544ed4596e28fb9f3fd682
-  Company: Elaborate Bytes AG
-  Copyright: Copyright (C) 2000 - 2007 Elaborate Bytes AG
-  CreationTimestamp: '2007-08-07 13:48:36'
-  Date: ''
-  Description: ElbyCD Windows x64 I/O driver
-  ExportedFunctions: ''
-  FileVersion: 6, 0, 1, 0
-  Filename: ''
-  ImportedFunctions:
-  - KeAcquireSpinLockRaiseToDpc
-  - KeReleaseSpinLock
-  - ZwReadFile
-  - ZwWriteFile
-  - ZwClose
-  - ZwSetInformationFile
-  - ZwQueryInformationFile
-  - ZwOpenFile
-  - RtlInitUnicodeString
-  - ZwCreateFile
-  - ZwCreateKey
-  - swprintf
-  - ZwQueryVolumeInformationFile
-  - ZwQuerySymbolicLinkObject
-  - ZwOpenSymbolicLinkObject
-  - ZwQueryValueKey
-  - ZwOpenKey
-  - ZwSetValueKey
-  - ZwSetInformationThread
-  - PsTerminateSystemThread
-  - KeWaitForSingleObject
-  - KeSetEvent
-  - ObfDereferenceObject
-  - ObReferenceObjectByHandle
-  - PsCreateSystemThread
-  - KeReleaseMutex
-  - PsGetCurrentProcessId
-  - IofCompleteRequest
-  - KeInitializeMutex
-  - ExAllocatePool
-  - ExFreePool
-  - RtlFreeUnicodeString
-  - RtlAnsiStringToUnicodeString
-  - RtlInitAnsiString
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - IofCallDriver
-  - IoBuildDeviceIoControlRequest
-  - __C_specific_handler
-  - IoFreeMdl
-  - MmUnlockPages
-  - MmMapLockedPages
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - ZwDeleteKey
-  - ZwDeviceIoControlFile
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeBugCheckEx
-  - KeInitializeEvent
-  - KeQueryPerformanceCounter
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ElbyCDIO
-  MD5: 3836e2db9034543f63943cdbb52a691a
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ElbyCDIO.sys
-  PDBPath: ''
-  Product: CDRTools
-  ProductVersion: 6, 0, 0, 0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 8950d52e0c8fa95c85dc60914efa8fad
-    SHA1: 4eae47391f4247edb70e318d50bf205e77411897
-    SHA256: a08f9802da8b030d083d66f587f90807ae23ce8757b1f08932e2570f7287bcac
-  SHA1: 49b1e6a922a8d2cb2101c48155dfc08c17d09341
-  SHA256: 828a18b16418c021b6c4aa8c6d54cef4e815efca0d48b9ff14822f9ccb69dff2
-  Sections:
-    .text:
-      Entropy: 6.189049565559284
-      Virtual Size: '0x3f82'
-    .rdata:
-      Entropy: 6.165841873710771
-      Virtual Size: '0xb90'
-    .data:
-      Entropy: 0.5159719988134768
-      Virtual Size: '0x110'
-    .pdata:
-      Entropy: 4.15802276728414
-      Virtual Size: '0x2f4'
-    INIT:
-      Entropy: 5.018091808451433
-      Virtual Size: '0x684'
-    .rsrc:
-      Entropy: 3.3099880900837397
-      Virtual Size: '0x4a8'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=CH, O=Elaborate Bytes AG, CN=Elaborate Bytes AG, emailAddress=admin@elby.ch
-      ValidFrom: '2006-12-07 11:07:29'
-      ValidTo: '2008-12-07 11:07:29'
-      Signature: 312a78bb7289ca49f93bb483f0a56c77003b9bc3dda8096af5a455a642aeb201ceaadcacce82396eadef1bc05108e296eae1d8d074949170f28f78fa24bed56e7dca69067866d2d790c10929db5d6e7026906dc96a4c3e2b0254b86328393272826bad272dc3911b2c3ec6832d88e95a696d7e5da86c3f946c306df5a5d7e78b0cba5df4d78035e76fa33c452afc780ffe36246c58fdd0e150d22fce7df4dd954eae19a60009e5b99b8649b6d728a46bd9f90ddfbccb6951dfa7b106a6d0fda3b76b23ef475dcf2d1147ae15d4d34035e1929681fe802dfbc5bbbcd98e107c39cbe07cce6911a9202709853bcc4748fde8dc409b7939be5e4b6c97fb90dc6031
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0100000000010f5c98b8f5
-      Version: 3
-      TBS:
-        MD5: 832074a51bea8e4758c8dfeb2e96ad84
-        SHA1: 04ba895ed074635a01875a1f25da93e2e2cbbfba
-        SHA256: c5ba90a16c07cee0cb480ee21c9bedaf3ea4cbe004589b74fb9c2c0bedbc7c1b
-        SHA384: 94a7139c5e1fb29c73f8882dc40027a3929d0aab66c9be0138707c68ba43a1f329477f4bcec47cb0d0d48e918fecc91d
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
-        Primary Object Publishing CA
-      ValidFrom: '1999-01-28 12:00:00'
-      ValidTo: '2014-01-27 11:00:00'
-      Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9611cd6
-      Version: 3
-      TBS:
-        MD5: 698f075151097d84c0b1f3e7bc3d6fca
-        SHA1: 041750993d7c9e063f02dfe74699598640911aab
-        SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
-        SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      ValidFrom: '2004-01-22 09:00:00'
-      ValidTo: '2014-01-27 10:00:00'
-      Signature: 11d45d8af43d0d9d7e4fa70071610b56b34caa70e1b2d1dec7886d1d897c2ba946e58b1f8e4cc26695911fe34d394ae31b70b7446edc068a4d6d25e89812dcbca0dd864eae8f81130540905a542529944acaf165b4ef0679dae7cb86f004c918dcee72b320015748dfe333e12ccd9c077f9447278d888d340ca67c5c20c17d07b3736b648c26d29bd7e87965a6a891a174862a050282c1847cf279cd3c2a2b0f99291eea8c8a1ab16aeaa266380e65e1add8c6c91f888d3976ee1782c4138d97ce6341e77af5b4b66c15c33813b3930b620688dde1447f10a950248b60dc05f75ba514b27b56720b96eabffc057090659e051ca4dd07af4b57dec639673bc574
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9612448
-      Version: 3
-      TBS:
-        MD5: 2fc76031fc24eec1ef3db2d246d21d6a
-        SHA1: 75c3a1f76b9dfa31ef6bf56325e7bd0bf6e4779d
-        SHA256: 9238292d441c56dc89684c253343c17de3ed9cecd7f83d1d8f793b5ebc91f7b9
-        SHA384: 9279c1377eb701fdd79ef85038ff151cd8902169ba55fca84b9850f003563f73a1daaf869544252a2e42f06f58d2275f
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 0100000000010f5c98b8f5
-      Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      Version: 1
-  Imphash: 9fd359d308a1e93106189b4ebd945855
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: d00443b7b4e5529a942c4866001af949
-    SHA1: 31913db2c43fa5b235b701dd0f79ef5f0110f322
-    SHA256: 07e8a7f0fcc8be78167704c6679c70ea184961f5a5bd2066620a4b7eeb939885
-  Company: Elaborate Bytes AG
-  Copyright: Copyright (C) 2000 - 2007 Elaborate Bytes AG
-  CreationTimestamp: '2007-02-28 13:51:48'
-  Date: ''
-  Description: ElbyCD Windows x64 I/O driver
-  ExportedFunctions: ''
-  FileVersion: 6, 0, 0, 2
-  Filename: ''
-  ImportedFunctions:
-  - KeWaitForSingleObject
-  - RtlFreeUnicodeString
-  - ZwCreateFile
-  - RtlAnsiStringToUnicodeString
-  - RtlInitAnsiString
-  - ZwCreateKey
-  - ZwOpenKey
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - IofCallDriver
-  - IoBuildDeviceIoControlRequest
-  - KeInitializeEvent
-  - __C_specific_handler
-  - IoFreeMdl
-  - KeReleaseMutex
-  - MmMapLockedPages
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - ExFreePool
-  - ObfDereferenceObject
-  - ObReferenceObjectByHandle
-  - ExAllocatePool
-  - ZwDeleteKey
-  - ZwClose
-  - ZwDeviceIoControlFile
-  - IoCreateSymbolicLink
-  - KeInitializeMutex
-  - IoCreateDevice
-  - MmUnlockPages
-  - IofCompleteRequest
-  - KeQueryPerformanceCounter
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ElbyCDIO
-  MD5: 978cd6d9666627842340ef774fd9e2ac
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ElbyCDIO.sys
-  PDBPath: ''
-  Product: CDRTools
-  ProductVersion: 6, 0, 0, 0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 759951b21f9ce1aa3225d912cd7ce0fd
-    SHA1: d4d438eaa49f8acad4af402a729d7f56bcb8a180
-    SHA256: 09ea7d2d96e137334c09a82e85e003795af40ed5b77d1e15077a1297b1d69a06
-  SHA1: 7192e22e0f8343058ec29fb7b8065e09ce389a5b
-  SHA256: 3e85cf32562a47d51827b21ab1e7f8c26c0dbd1cd86272f3cc64caae61a7e5fb
-  Sections:
-    .text:
-      Entropy: 5.938003849097046
-      Virtual Size: '0xfe2'
-    .rdata:
-      Entropy: 4.344400543989659
-      Virtual Size: '0x30c'
-    .data:
-      Entropy: 0.5035334969292564
-      Virtual Size: '0x118'
-    .pdata:
-      Entropy: 3.6032604168924314
-      Virtual Size: '0xcc'
-    INIT:
-      Entropy: 4.916138301325644
-      Virtual Size: '0x456'
-    .rsrc:
-      Entropy: 3.3100873339326338
-      Virtual Size: '0x4a8'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=CH, O=Elaborate Bytes AG, CN=Elaborate Bytes AG, emailAddress=admin@elby.ch
-      ValidFrom: '2006-12-07 11:07:29'
-      ValidTo: '2008-12-07 11:07:29'
-      Signature: 312a78bb7289ca49f93bb483f0a56c77003b9bc3dda8096af5a455a642aeb201ceaadcacce82396eadef1bc05108e296eae1d8d074949170f28f78fa24bed56e7dca69067866d2d790c10929db5d6e7026906dc96a4c3e2b0254b86328393272826bad272dc3911b2c3ec6832d88e95a696d7e5da86c3f946c306df5a5d7e78b0cba5df4d78035e76fa33c452afc780ffe36246c58fdd0e150d22fce7df4dd954eae19a60009e5b99b8649b6d728a46bd9f90ddfbccb6951dfa7b106a6d0fda3b76b23ef475dcf2d1147ae15d4d34035e1929681fe802dfbc5bbbcd98e107c39cbe07cce6911a9202709853bcc4748fde8dc409b7939be5e4b6c97fb90dc6031
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0100000000010f5c98b8f5
-      Version: 3
-      TBS:
-        MD5: 832074a51bea8e4758c8dfeb2e96ad84
-        SHA1: 04ba895ed074635a01875a1f25da93e2e2cbbfba
-        SHA256: c5ba90a16c07cee0cb480ee21c9bedaf3ea4cbe004589b74fb9c2c0bedbc7c1b
-        SHA384: 94a7139c5e1fb29c73f8882dc40027a3929d0aab66c9be0138707c68ba43a1f329477f4bcec47cb0d0d48e918fecc91d
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
-        Primary Object Publishing CA
-      ValidFrom: '1999-01-28 12:00:00'
-      ValidTo: '2014-01-27 11:00:00'
-      Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9611cd6
-      Version: 3
-      TBS:
-        MD5: 698f075151097d84c0b1f3e7bc3d6fca
-        SHA1: 041750993d7c9e063f02dfe74699598640911aab
-        SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
-        SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2008-12-03 23:59:59'
-      Signature: 877870da4e5201205be079c98230c4fdb91996bd9100c3bdcdcdc6f40ed8fff94dc033623011c5f5741bd492de5f9c2013b17c45be50cd83e7801783a72793671346fbcab8984103cc9b515b058b7fa86ff31b501b242ef2698d6c22f7bbca1695ed0c74c06877d9eb996287c17390f889747a23aba3987b97b1f78f29714d2e751b4841daf0b50d2054d677a097826369fd09cf8af075bb099bd9f91155269a6132be7a02b07b86bea2c38b222c78d13576bc92735cf9b9e64c150a23cce4d2d4342e4940153c0f607a24c6a566ef96cf70eb3ee7f40d7edcd17ca3767169c19c4f47303521b1a2af1a623c2bd98eaa2a077bd818b35c7be29da56ffe3c89ad
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0de92bf0d4d82988183205095e9a7688
-      Version: 3
-      TBS:
-        MD5: 45c204b8a20f6abb0188d2d38a3fb0c9
-        SHA1: cdf3a3c5c2eda4c29621f30fd3154f9f8c765739
-        SHA256: e32839dddc0f4ed2474efaf37f59d46db400c700fd19533cb0895a111124bc77
-        SHA384: ee9c75832cb252218b3201619852209df490d2ef7a5f7a28afdb37f1c1dd56f4604898838e558f615b1c798d4a488223
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      ValidFrom: '2004-01-22 09:00:00'
-      ValidTo: '2014-01-27 10:00:00'
-      Signature: 11d45d8af43d0d9d7e4fa70071610b56b34caa70e1b2d1dec7886d1d897c2ba946e58b1f8e4cc26695911fe34d394ae31b70b7446edc068a4d6d25e89812dcbca0dd864eae8f81130540905a542529944acaf165b4ef0679dae7cb86f004c918dcee72b320015748dfe333e12ccd9c077f9447278d888d340ca67c5c20c17d07b3736b648c26d29bd7e87965a6a891a174862a050282c1847cf279cd3c2a2b0f99291eea8c8a1ab16aeaa266380e65e1add8c6c91f888d3976ee1782c4138d97ce6341e77af5b4b66c15c33813b3930b620688dde1447f10a950248b60dc05f75ba514b27b56720b96eabffc057090659e051ca4dd07af4b57dec639673bc574
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9612448
-      Version: 3
-      TBS:
-        MD5: 2fc76031fc24eec1ef3db2d246d21d6a
-        SHA1: 75c3a1f76b9dfa31ef6bf56325e7bd0bf6e4779d
-        SHA256: 9238292d441c56dc89684c253343c17de3ed9cecd7f83d1d8f793b5ebc91f7b9
-        SHA384: 9279c1377eb701fdd79ef85038ff151cd8902169ba55fca84b9850f003563f73a1daaf869544252a2e42f06f58d2275f
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 0100000000010f5c98b8f5
-      Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      Version: 1
-  Imphash: 84d83741445d9f5a6717b874fed3d8f3
-  LoadsDespiteHVCI: 'FALSE'
-MitreID: T1068
+    Command: sc.exe create elbycdio.sys binPath=C:\windows\temp\elbycdio.sys type=kernel
+        && sc.exe start elbycdio.sys
+    Description: elbycdio.sys is a vulnerable driver. CVE-2009-0824.
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://github.com/jbaines-r7/dellicious
 - https://www.rapid7.com/blog/post/2021/12/13/driver-based-attacks-past-and-present/
 - https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/08064459/Equation_group_questions_and_answers.pdf
-Tags:
-- elbycdio.sys
-Verified: 'TRUE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/eea53103e7a5a55dc1df79797395a2a3e96123ebd71cdd2db4b1be80e7b3f02b.yara
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 1e7d48bdea295db001ff57b6d05d99a2
+        SHA1: 95a797b14c5718495e847f1aa7a5b554d1855893
+        SHA256: 45b7ec74cc78651975d01d88308f3231df4c96036d6c2273d79f53abdfc8888c
+    Company: Elaborate Bytes AG
+    Copyright: Copyright (C) 2000 - 2009 Elaborate Bytes AG
+    CreationTimestamp: '2009-01-29 15:57:56'
+    Date: ''
+    Description: ElbyCD Windows NT/2000/XP I/O driver
+    ExportedFunctions: ''
+    FileVersion: 6, 0, 2, 0
+    Filename: elbycdio.sys
+    ImportedFunctions:
+    - ZwWriteFile
+    - ZwCreateFile
+    - RtlInitUnicodeString
+    - swprintf
+    - ZwQueryVolumeInformationFile
+    - ZwOpenFile
+    - ZwClose
+    - ZwQuerySymbolicLinkObject
+    - ZwOpenSymbolicLinkObject
+    - PsTerminateSystemThread
+    - KeWaitForSingleObject
+    - ZwSetInformationThread
+    - KeSetEvent
+    - ObfDereferenceObject
+    - ObReferenceObjectByHandle
+    - PsCreateSystemThread
+    - KeInitializeEvent
+    - KeReleaseMutex
+    - ZwReadFile
+    - IofCompleteRequest
+    - KeInitializeMutex
+    - ExAllocatePool
+    - RtlFreeUnicodeString
+    - RtlAnsiStringToUnicodeString
+    - RtlInitAnsiString
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - IofCallDriver
+    - IoBuildDeviceIoControlRequest
+    - _except_handler3
+    - ProbeForRead
+    - ProbeForWrite
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeTickCount
+    - KeBugCheckEx
+    - KeInitializeSpinLock
+    - ExFreePool
+    - PsGetCurrentProcessId
+    - KfReleaseSpinLock
+    - KfAcquireSpinLock
+    - KeQueryPerformanceCounter
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ElbyCDIO
+    MD5: ae5eb2759305402821aeddc52ba9a6d6
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ElbyCDIO.sys
+    Product: CDRTools
+    ProductVersion: 6, 0, 0, 0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: eb06a2eb0c23a14191762653f6ae93bb
+        SHA1: 6de72a1325439feafb8d05a1c5a1a49444776d8d
+        SHA256: 08949d1698a747437b865766408f6835874da215b5c46e8cde9be943664218f5
+    SHA1: 3599ea2ac1fa78f423423a4cf90106ea0938dde8
+    SHA256: eea53103e7a5a55dc1df79797395a2a3e96123ebd71cdd2db4b1be80e7b3f02b
+    Sections:
+        .text:
+            Entropy: 6.40392416560879
+            Virtual Size: '0x29f0'
+        .rdata:
+            Entropy: 7.172875502424685
+            Virtual Size: '0x5c4'
+        .data:
+            Entropy: 2.0
+            Virtual Size: '0x4'
+        INIT:
+            Entropy: 5.383736240323343
+            Virtual Size: '0x4a6'
+        .rsrc:
+            Entropy: 3.3248073850095023
+            Virtual Size: '0x4d8'
+        .reloc:
+            Entropy: 5.0667220228838765
+            Virtual Size: '0x18e'
+    Signature:
+    - Elaborate Bytes AG
+    - GlobalSign ObjectSign CA
+    - GlobalSign Primary Object Publishing CA
+    - GlobalSign Root CA - R1
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
+                Primary Object Publishing CA
+            ValidFrom: '1999-01-28 12:00:00'
+            ValidTo: '2014-01-27 11:00:00'
+            Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9611cd6
+            Version: 3
+            TBS:
+                MD5: 698f075151097d84c0b1f3e7bc3d6fca
+                SHA1: 041750993d7c9e063f02dfe74699598640911aab
+                SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
+                SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
+        -   Subject: C=CH, O=Elaborate Bytes AG, CN=Elaborate Bytes AG, emailAddress=admin@elby.ch
+            ValidFrom: '2008-12-23 13:26:11'
+            ValidTo: '2011-12-23 13:26:11'
+            Signature: 5a634dbf49c9d1dbe5ed4b484689b4f95ee13686141c393683a1decdc986cf94613342607a120df492112daaa92fd772bbbcb1c0f14cec7c0c20304c92d62508859c387138f2d145dbcc54c561f1b9dd73d3686ae3859ea986e4f539db7495a64b551b60d6f976ae6075ca3f6dbe1187b875ee267784b5baefaa850078595fb8b1c8944c9c3da355a802ebc52eacb9bdffdd57b0aae5f49c02c5ae6505b7ca1afb2b29e39374eab8bf1e643c3e1c8240dc113ceb078c70a401e92d0610538eaed48e291cad84635d6100930c8e7b9801323490e4f3e58d9f9fea04843f06633f8b8a8774d2b679be008d1d92bb31815f8f01c5e08144ed9574a605b245de2ba7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0100000000011e643e96d0
+            Version: 3
+            TBS:
+                MD5: f39798a2df6dda6c76b4697e743c8b80
+                SHA1: d97d9f0d2cad2881eda58fa0467cff6396be6408
+                SHA256: 5086b06e5d91585b5a110b3ec4048ce6a43a58e4fc7eb8aa99c391af5b2f8d9f
+                SHA384: 99096e0926f74d7dd4bc744bea78d7310e623f6c782a3f38d4db933e9cdf2bc8e1b813e5f6a0aacd8e59606f075e4afd
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            ValidFrom: '2004-01-22 09:00:00'
+            ValidTo: '2014-01-27 10:00:00'
+            Signature: 11d45d8af43d0d9d7e4fa70071610b56b34caa70e1b2d1dec7886d1d897c2ba946e58b1f8e4cc26695911fe34d394ae31b70b7446edc068a4d6d25e89812dcbca0dd864eae8f81130540905a542529944acaf165b4ef0679dae7cb86f004c918dcee72b320015748dfe333e12ccd9c077f9447278d888d340ca67c5c20c17d07b3736b648c26d29bd7e87965a6a891a174862a050282c1847cf279cd3c2a2b0f99291eea8c8a1ab16aeaa266380e65e1add8c6c91f888d3976ee1782c4138d97ce6341e77af5b4b66c15c33813b3930b620688dde1447f10a950248b60dc05f75ba514b27b56720b96eabffc057090659e051ca4dd07af4b57dec639673bc574
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9612448
+            Version: 3
+            TBS:
+                MD5: 2fc76031fc24eec1ef3db2d246d21d6a
+                SHA1: 75c3a1f76b9dfa31ef6bf56325e7bd0bf6e4779d
+                SHA256: 9238292d441c56dc89684c253343c17de3ed9cecd7f83d1d8f793b5ebc91f7b9
+                SHA384: 9279c1377eb701fdd79ef85038ff151cd8902169ba55fca84b9850f003563f73a1daaf869544252a2e42f06f58d2275f
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 0100000000011e643e96d0
+            Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            Version: 1
+    Imphash: f531646e31cc12dfaac5b8352653c384
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 350ab25a105b2fee583f1b903d48788e
+        SHA1: 23a6345ab41ff68e31cef025de23cc8c81c90725
+        SHA256: 86236392bb2cc77100bd83d34a30e3fb60aa727d0b11c147a838d9a205bae80e
+    Company: Elaborate Bytes AG
+    Copyright: Copyright (C) 2000 - 2009 Elaborate Bytes AG
+    CreationTimestamp: '2009-02-17 10:11:23'
+    Description: ElbyCD Windows x64 I/O driver
+    ExportedFunctions: ''
+    FileVersion: 6, 0, 3, 2
+    Filename: ElbyCDIO.sys
+    ImportedFunctions:
+    - KeAcquireSpinLockRaiseToDpc
+    - KeReleaseSpinLock
+    - KeWaitForSingleObject
+    - KeReleaseMutex
+    - __C_specific_handler
+    - ProbeForRead
+    - ProbeForWrite
+    - ZwReadFile
+    - ZwWriteFile
+    - ZwCreateFile
+    - RtlInitUnicodeString
+    - swprintf
+    - ZwQueryVolumeInformationFile
+    - ZwOpenFile
+    - ZwClose
+    - ZwQuerySymbolicLinkObject
+    - ZwOpenSymbolicLinkObject
+    - PsTerminateSystemThread
+    - ZwSetInformationThread
+    - ObfDereferenceObject
+    - ObReferenceObjectByHandle
+    - PsCreateSystemThread
+    - KeInitializeEvent
+    - PsGetCurrentProcessId
+    - IofCompleteRequest
+    - KeInitializeMutex
+    - ExAllocatePool
+    - ExFreePool
+    - RtlFreeUnicodeString
+    - RtlAnsiStringToUnicodeString
+    - RtlInitAnsiString
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - IofCallDriver
+    - IoBuildDeviceIoControlRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeBugCheckEx
+    - KeSetEvent
+    - KeQueryPerformanceCounter
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ElbyCDIO
+    MD5: 702d5606cf2199e0edea6f0e0d27cd10
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ElbyCDIO.sys
+    Product: CDRTools
+    ProductVersion: 6, 0, 0, 0
+    RichPEHeaderHash:
+        MD5: 19c3041e63a42fad9800c3d4098a28a7
+        SHA1: 083ef31132cacb2ead9d826d90646517ca732570
+        SHA256: 3829fddcb11b40682e3936be4c0f376d99a9caf02692368aef98332f68ce80e8
+    SHA1: 879e327292616c56bd4aafc279fbda6cc393b74d
+    SHA256: 238046cfe126a1f8ab96d8b62f6aa5ec97bab830e2bae5b1b6ab2d31894c79e4
+    Sections:
+        .text:
+            Entropy: 6.236432237090433
+            Virtual Size: '0x3b02'
+        .rdata:
+            Entropy: 6.243435646899353
+            Virtual Size: '0xb78'
+        .data:
+            Entropy: 0.5159719988134768
+            Virtual Size: '0x110'
+        .pdata:
+            Entropy: 4.200185461485669
+            Virtual Size: '0x30c'
+        INIT:
+            Entropy: 5.002469637112522
+            Virtual Size: '0x562'
+        .rsrc:
+            Entropy: 3.322459175866386
+            Virtual Size: '0x4a8'
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
+                Primary Object Publishing CA
+            ValidFrom: '1999-01-28 12:00:00'
+            ValidTo: '2014-01-27 11:00:00'
+            Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9611cd6
+            Version: 3
+            TBS:
+                MD5: 698f075151097d84c0b1f3e7bc3d6fca
+                SHA1: 041750993d7c9e063f02dfe74699598640911aab
+                SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
+                SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
+        -   Subject: C=CH, O=Elaborate Bytes AG, CN=Elaborate Bytes AG, emailAddress=admin@elby.ch
+            ValidFrom: '2008-12-23 13:26:11'
+            ValidTo: '2011-12-23 13:26:11'
+            Signature: 5a634dbf49c9d1dbe5ed4b484689b4f95ee13686141c393683a1decdc986cf94613342607a120df492112daaa92fd772bbbcb1c0f14cec7c0c20304c92d62508859c387138f2d145dbcc54c561f1b9dd73d3686ae3859ea986e4f539db7495a64b551b60d6f976ae6075ca3f6dbe1187b875ee267784b5baefaa850078595fb8b1c8944c9c3da355a802ebc52eacb9bdffdd57b0aae5f49c02c5ae6505b7ca1afb2b29e39374eab8bf1e643c3e1c8240dc113ceb078c70a401e92d0610538eaed48e291cad84635d6100930c8e7b9801323490e4f3e58d9f9fea04843f06633f8b8a8774d2b679be008d1d92bb31815f8f01c5e08144ed9574a605b245de2ba7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0100000000011e643e96d0
+            Version: 3
+            TBS:
+                MD5: f39798a2df6dda6c76b4697e743c8b80
+                SHA1: d97d9f0d2cad2881eda58fa0467cff6396be6408
+                SHA256: 5086b06e5d91585b5a110b3ec4048ce6a43a58e4fc7eb8aa99c391af5b2f8d9f
+                SHA384: 99096e0926f74d7dd4bc744bea78d7310e623f6c782a3f38d4db933e9cdf2bc8e1b813e5f6a0aacd8e59606f075e4afd
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            ValidFrom: '2004-01-22 09:00:00'
+            ValidTo: '2014-01-27 10:00:00'
+            Signature: 11d45d8af43d0d9d7e4fa70071610b56b34caa70e1b2d1dec7886d1d897c2ba946e58b1f8e4cc26695911fe34d394ae31b70b7446edc068a4d6d25e89812dcbca0dd864eae8f81130540905a542529944acaf165b4ef0679dae7cb86f004c918dcee72b320015748dfe333e12ccd9c077f9447278d888d340ca67c5c20c17d07b3736b648c26d29bd7e87965a6a891a174862a050282c1847cf279cd3c2a2b0f99291eea8c8a1ab16aeaa266380e65e1add8c6c91f888d3976ee1782c4138d97ce6341e77af5b4b66c15c33813b3930b620688dde1447f10a950248b60dc05f75ba514b27b56720b96eabffc057090659e051ca4dd07af4b57dec639673bc574
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9612448
+            Version: 3
+            TBS:
+                MD5: 2fc76031fc24eec1ef3db2d246d21d6a
+                SHA1: 75c3a1f76b9dfa31ef6bf56325e7bd0bf6e4779d
+                SHA256: 9238292d441c56dc89684c253343c17de3ed9cecd7f83d1d8f793b5ebc91f7b9
+                SHA384: 9279c1377eb701fdd79ef85038ff151cd8902169ba55fca84b9850f003563f73a1daaf869544252a2e42f06f58d2275f
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 0100000000011e643e96d0
+            Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            Version: 1
+    Imphash: 959dce366573a7aae10b74a08931722a
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 5560e048b895a592a481f9340852e3cd
+        SHA1: 1e73dbe3d0bed9def62c1f76a0c58aa6c61e8f74
+        SHA256: d378162a47648bed192270ab4ddd67c99b4ebe8093a267fa1fe1e092559504b0
+    Company: Elaborate Bytes AG
+    Copyright: Copyright (C) 2000 - 2007 Elaborate Bytes AG
+    CreationTimestamp: '2007-02-28 13:56:05'
+    Description: ElbyCD Windows NT/2000/XP I/O driver
+    ExportedFunctions: ''
+    FileVersion: 6, 0, 0, 2
+    Filename: ElbyCDIO.sys
+    ImportedFunctions:
+    - KeWaitForSingleObject
+    - RtlFreeUnicodeString
+    - ZwCreateFile
+    - RtlAnsiStringToUnicodeString
+    - RtlInitAnsiString
+    - ZwCreateKey
+    - ZwOpenKey
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - IofCallDriver
+    - IoBuildDeviceIoControlRequest
+    - KeInitializeEvent
+    - IoFreeMdl
+    - MmUnlockPages
+    - KeReleaseMutex
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - ExFreePool
+    - ObfDereferenceObject
+    - ObReferenceObjectByHandle
+    - ExAllocatePool
+    - ZwDeleteKey
+    - ZwClose
+    - ZwDeviceIoControlFile
+    - IoCreateSymbolicLink
+    - KeInitializeMutex
+    - IoCreateDevice
+    - RtlUnwind
+    - KeTickCount
+    - MmMapLockedPages
+    - IofCompleteRequest
+    - KeQueryPerformanceCounter
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ElbyCDIO
+    MD5: 945ef111161bae49075107e5bc11a23f
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ElbyCDIO.sys
+    Product: CDRTools
+    ProductVersion: 6, 0, 0, 0
+    RichPEHeaderHash:
+        MD5: c15e20cb179a835c6a295f891d4f43f6
+        SHA1: fb716dec77e711df26bca8c29284c5c21c92a808
+        SHA256: 626b9fbb41fcf7bc7185e02b6d4ca83f5070929c4645876c4b19aa50765655e1
+    SHA1: ea37a4241fa4d92c168d052c4e095ccd22a83080
+    SHA256: 2fbbc276737047cb9b3ba5396756d28c1737342d89dce1b64c23a9c4513ae445
+    Sections:
+        .text:
+            Entropy: 6.014899913315142
+            Virtual Size: '0xe10'
+        .rdata:
+            Entropy: 3.9543650485820954
+            Virtual Size: '0x178'
+        .data:
+            Entropy: 1.9182958340544898
+            Virtual Size: '0x18'
+        INIT:
+            Entropy: 5.282185901600035
+            Virtual Size: '0x3a0'
+        .rsrc:
+            Entropy: 3.3264202882353087
+            Virtual Size: '0x4d8'
+        .reloc:
+            Entropy: 4.897249100220145
+            Virtual Size: '0x134'
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=CH, O=Elaborate Bytes AG, CN=Elaborate Bytes AG, emailAddress=admin@elby.ch
+            ValidFrom: '2006-12-07 11:07:29'
+            ValidTo: '2008-12-07 11:07:29'
+            Signature: 312a78bb7289ca49f93bb483f0a56c77003b9bc3dda8096af5a455a642aeb201ceaadcacce82396eadef1bc05108e296eae1d8d074949170f28f78fa24bed56e7dca69067866d2d790c10929db5d6e7026906dc96a4c3e2b0254b86328393272826bad272dc3911b2c3ec6832d88e95a696d7e5da86c3f946c306df5a5d7e78b0cba5df4d78035e76fa33c452afc780ffe36246c58fdd0e150d22fce7df4dd954eae19a60009e5b99b8649b6d728a46bd9f90ddfbccb6951dfa7b106a6d0fda3b76b23ef475dcf2d1147ae15d4d34035e1929681fe802dfbc5bbbcd98e107c39cbe07cce6911a9202709853bcc4748fde8dc409b7939be5e4b6c97fb90dc6031
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0100000000010f5c98b8f5
+            Version: 3
+            TBS:
+                MD5: 832074a51bea8e4758c8dfeb2e96ad84
+                SHA1: 04ba895ed074635a01875a1f25da93e2e2cbbfba
+                SHA256: c5ba90a16c07cee0cb480ee21c9bedaf3ea4cbe004589b74fb9c2c0bedbc7c1b
+                SHA384: 94a7139c5e1fb29c73f8882dc40027a3929d0aab66c9be0138707c68ba43a1f329477f4bcec47cb0d0d48e918fecc91d
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
+                Primary Object Publishing CA
+            ValidFrom: '1999-01-28 12:00:00'
+            ValidTo: '2014-01-27 11:00:00'
+            Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9611cd6
+            Version: 3
+            TBS:
+                MD5: 698f075151097d84c0b1f3e7bc3d6fca
+                SHA1: 041750993d7c9e063f02dfe74699598640911aab
+                SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
+                SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2008-12-03 23:59:59'
+            Signature: 877870da4e5201205be079c98230c4fdb91996bd9100c3bdcdcdc6f40ed8fff94dc033623011c5f5741bd492de5f9c2013b17c45be50cd83e7801783a72793671346fbcab8984103cc9b515b058b7fa86ff31b501b242ef2698d6c22f7bbca1695ed0c74c06877d9eb996287c17390f889747a23aba3987b97b1f78f29714d2e751b4841daf0b50d2054d677a097826369fd09cf8af075bb099bd9f91155269a6132be7a02b07b86bea2c38b222c78d13576bc92735cf9b9e64c150a23cce4d2d4342e4940153c0f607a24c6a566ef96cf70eb3ee7f40d7edcd17ca3767169c19c4f47303521b1a2af1a623c2bd98eaa2a077bd818b35c7be29da56ffe3c89ad
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0de92bf0d4d82988183205095e9a7688
+            Version: 3
+            TBS:
+                MD5: 45c204b8a20f6abb0188d2d38a3fb0c9
+                SHA1: cdf3a3c5c2eda4c29621f30fd3154f9f8c765739
+                SHA256: e32839dddc0f4ed2474efaf37f59d46db400c700fd19533cb0895a111124bc77
+                SHA384: ee9c75832cb252218b3201619852209df490d2ef7a5f7a28afdb37f1c1dd56f4604898838e558f615b1c798d4a488223
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            ValidFrom: '2004-01-22 09:00:00'
+            ValidTo: '2014-01-27 10:00:00'
+            Signature: 11d45d8af43d0d9d7e4fa70071610b56b34caa70e1b2d1dec7886d1d897c2ba946e58b1f8e4cc26695911fe34d394ae31b70b7446edc068a4d6d25e89812dcbca0dd864eae8f81130540905a542529944acaf165b4ef0679dae7cb86f004c918dcee72b320015748dfe333e12ccd9c077f9447278d888d340ca67c5c20c17d07b3736b648c26d29bd7e87965a6a891a174862a050282c1847cf279cd3c2a2b0f99291eea8c8a1ab16aeaa266380e65e1add8c6c91f888d3976ee1782c4138d97ce6341e77af5b4b66c15c33813b3930b620688dde1447f10a950248b60dc05f75ba514b27b56720b96eabffc057090659e051ca4dd07af4b57dec639673bc574
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9612448
+            Version: 3
+            TBS:
+                MD5: 2fc76031fc24eec1ef3db2d246d21d6a
+                SHA1: 75c3a1f76b9dfa31ef6bf56325e7bd0bf6e4779d
+                SHA256: 9238292d441c56dc89684c253343c17de3ed9cecd7f83d1d8f793b5ebc91f7b9
+                SHA384: 9279c1377eb701fdd79ef85038ff151cd8902169ba55fca84b9850f003563f73a1daaf869544252a2e42f06f58d2275f
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 0100000000010f5c98b8f5
+            Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            Version: 1
+    Imphash: b91054cdc4c8b3169cfe6c157f6d9f07
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 46eca1eab6ab83208b56787f55ed4117
+        SHA1: 1b62759087cbe7f5f9a82477bc2f2b19bb51f41d
+        SHA256: e35d09a903d76810830aff2fc87bb3071026d982a334b3ee4c68f66cba865109
+    Company: Elaborate Bytes AG
+    Copyright: Copyright (C) 2000 - 2008 Elaborate Bytes AG
+    CreationTimestamp: '2008-07-16 14:59:48'
+    Description: ElbyCD Windows NT/2000/XP I/O driver
+    ExportedFunctions: ''
+    FileVersion: 6, 0, 1, 1
+    Filename: ElbyCDIO.sys
+    ImportedFunctions:
+    - ZwWriteFile
+    - ZwCreateFile
+    - RtlInitUnicodeString
+    - swprintf
+    - ZwQueryVolumeInformationFile
+    - ZwOpenFile
+    - ZwClose
+    - ZwQuerySymbolicLinkObject
+    - ZwOpenSymbolicLinkObject
+    - PsTerminateSystemThread
+    - ZwSetInformationThread
+    - KeWaitForSingleObject
+    - KeSetEvent
+    - ObfDereferenceObject
+    - ObReferenceObjectByHandle
+    - PsCreateSystemThread
+    - KeInitializeEvent
+    - KeReleaseMutex
+    - PsGetCurrentProcessId
+    - IofCompleteRequest
+    - KeInitializeMutex
+    - ZwReadFile
+    - RtlFreeUnicodeString
+    - RtlAnsiStringToUnicodeString
+    - RtlInitAnsiString
+    - ZwCreateKey
+    - ZwOpenKey
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - IofCallDriver
+    - IoBuildDeviceIoControlRequest
+    - IoFreeMdl
+    - MmUnlockPages
+    - MmMapLockedPages
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - _except_handler3
+    - ZwDeleteKey
+    - ZwDeviceIoControlFile
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeTickCount
+    - KeBugCheckEx
+    - KeInitializeSpinLock
+    - ExFreePool
+    - ExAllocatePool
+    - KfReleaseSpinLock
+    - KfAcquireSpinLock
+    - KeQueryPerformanceCounter
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ElbyCDIO
+    MD5: 24fe18891c173a7c76426d08d2b0630e
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ElbyCDIO.sys
+    Product: CDRTools
+    ProductVersion: 6, 0, 0, 0
+    RichPEHeaderHash:
+        MD5: 27082193599c13d88cd3571465c0869f
+        SHA1: 0ca5abc904d8a25537355902fe3e897263b7c780
+        SHA256: 345dc7d1b4b40f3ae817e86ae8a68038f88f5c21c8c34876e2f0c320a681e724
+    SHA1: f640c94e71921479cc48d06b59aba41ffa50a769
+    SHA256: 5cfad3d473961763306d72c12bd5ae14183a1a5778325c9acacca764b79ca185
+    Sections:
+        .text:
+            Entropy: 6.424057457116316
+            Virtual Size: '0x2bf0'
+        .rdata:
+            Entropy: 7.160715749285086
+            Virtual Size: '0x5d4'
+        .data:
+            Entropy: 2.0
+            Virtual Size: '0x4'
+        INIT:
+            Entropy: 5.4154107889213075
+            Virtual Size: '0x538'
+        .rsrc:
+            Entropy: 3.332445756647145
+            Virtual Size: '0x4d8'
+        .reloc:
+            Entropy: 5.01593937139053
+            Virtual Size: '0x1c2'
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=CH, O=Elaborate Bytes AG, CN=Elaborate Bytes AG, emailAddress=admin@elby.ch
+            ValidFrom: '2006-12-07 11:07:29'
+            ValidTo: '2008-12-07 11:07:29'
+            Signature: 312a78bb7289ca49f93bb483f0a56c77003b9bc3dda8096af5a455a642aeb201ceaadcacce82396eadef1bc05108e296eae1d8d074949170f28f78fa24bed56e7dca69067866d2d790c10929db5d6e7026906dc96a4c3e2b0254b86328393272826bad272dc3911b2c3ec6832d88e95a696d7e5da86c3f946c306df5a5d7e78b0cba5df4d78035e76fa33c452afc780ffe36246c58fdd0e150d22fce7df4dd954eae19a60009e5b99b8649b6d728a46bd9f90ddfbccb6951dfa7b106a6d0fda3b76b23ef475dcf2d1147ae15d4d34035e1929681fe802dfbc5bbbcd98e107c39cbe07cce6911a9202709853bcc4748fde8dc409b7939be5e4b6c97fb90dc6031
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0100000000010f5c98b8f5
+            Version: 3
+            TBS:
+                MD5: 832074a51bea8e4758c8dfeb2e96ad84
+                SHA1: 04ba895ed074635a01875a1f25da93e2e2cbbfba
+                SHA256: c5ba90a16c07cee0cb480ee21c9bedaf3ea4cbe004589b74fb9c2c0bedbc7c1b
+                SHA384: 94a7139c5e1fb29c73f8882dc40027a3929d0aab66c9be0138707c68ba43a1f329477f4bcec47cb0d0d48e918fecc91d
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
+                Primary Object Publishing CA
+            ValidFrom: '1999-01-28 12:00:00'
+            ValidTo: '2014-01-27 11:00:00'
+            Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9611cd6
+            Version: 3
+            TBS:
+                MD5: 698f075151097d84c0b1f3e7bc3d6fca
+                SHA1: 041750993d7c9e063f02dfe74699598640911aab
+                SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
+                SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            ValidFrom: '2004-01-22 09:00:00'
+            ValidTo: '2014-01-27 10:00:00'
+            Signature: 11d45d8af43d0d9d7e4fa70071610b56b34caa70e1b2d1dec7886d1d897c2ba946e58b1f8e4cc26695911fe34d394ae31b70b7446edc068a4d6d25e89812dcbca0dd864eae8f81130540905a542529944acaf165b4ef0679dae7cb86f004c918dcee72b320015748dfe333e12ccd9c077f9447278d888d340ca67c5c20c17d07b3736b648c26d29bd7e87965a6a891a174862a050282c1847cf279cd3c2a2b0f99291eea8c8a1ab16aeaa266380e65e1add8c6c91f888d3976ee1782c4138d97ce6341e77af5b4b66c15c33813b3930b620688dde1447f10a950248b60dc05f75ba514b27b56720b96eabffc057090659e051ca4dd07af4b57dec639673bc574
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9612448
+            Version: 3
+            TBS:
+                MD5: 2fc76031fc24eec1ef3db2d246d21d6a
+                SHA1: 75c3a1f76b9dfa31ef6bf56325e7bd0bf6e4779d
+                SHA256: 9238292d441c56dc89684c253343c17de3ed9cecd7f83d1d8f793b5ebc91f7b9
+                SHA384: 9279c1377eb701fdd79ef85038ff151cd8902169ba55fca84b9850f003563f73a1daaf869544252a2e42f06f58d2275f
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 0100000000010f5c98b8f5
+            Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            Version: 1
+    Imphash: 3a4e0bc46866ca54459753f62c879b62
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: efa9728ff65fc5bd690400a9a6252642
+        SHA1: b827692fe57b0b51f7671d55c0a5dd6446342acd
+        SHA256: 911541d26b605a97ba099563b9eb7e027c102f139dba5884a57df5a13cf3dcef
+    Company: Elaborate Bytes AG
+    Copyright: Copyright (C) 2000 - 2007 Elaborate Bytes AG
+    CreationTimestamp: '2007-08-07 13:48:32'
+    Description: ElbyCD Windows NT/2000/XP I/O driver
+    ExportedFunctions: ''
+    FileVersion: 6, 0, 1, 0
+    Filename: ElbyCDIO.sys
+    ImportedFunctions:
+    - ZwWriteFile
+    - ZwClose
+    - ZwSetInformationFile
+    - ZwQueryInformationFile
+    - ZwOpenFile
+    - RtlInitUnicodeString
+    - ZwCreateFile
+    - ZwCreateKey
+    - swprintf
+    - ZwQueryVolumeInformationFile
+    - ZwQuerySymbolicLinkObject
+    - ZwOpenSymbolicLinkObject
+    - ZwQueryValueKey
+    - ZwOpenKey
+    - ZwSetValueKey
+    - ZwSetInformationThread
+    - PsTerminateSystemThread
+    - KeWaitForSingleObject
+    - KeSetEvent
+    - ObfDereferenceObject
+    - ObReferenceObjectByHandle
+    - PsCreateSystemThread
+    - KeInitializeEvent
+    - ZwReadFile
+    - PsGetCurrentProcessId
+    - IofCompleteRequest
+    - KeInitializeMutex
+    - ExAllocatePool
+    - RtlFreeUnicodeString
+    - RtlAnsiStringToUnicodeString
+    - RtlInitAnsiString
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - IofCallDriver
+    - IoBuildDeviceIoControlRequest
+    - IoFreeMdl
+    - MmUnlockPages
+    - MmMapLockedPages
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - _except_handler3
+    - ZwDeleteKey
+    - ZwDeviceIoControlFile
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeTickCount
+    - KeBugCheckEx
+    - KeInitializeSpinLock
+    - ExFreePool
+    - KeReleaseMutex
+    - KfReleaseSpinLock
+    - KfAcquireSpinLock
+    - KeQueryPerformanceCounter
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ElbyCDIO
+    MD5: aaa8999a169e39fb8b48ae49cd6ac30a
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ElbyCDIO.sys
+    Product: CDRTools
+    ProductVersion: 6, 0, 0, 0
+    RichPEHeaderHash:
+        MD5: 2bd828d8b8ded8e0c78b284e2297acf9
+        SHA1: 2ab50048d7b02cbbbffdf54058b0df8f317c21af
+        SHA256: 56c02208d99c7edffe52c78ded19f95263f6e97639c8f4c6497ebf2191a732fd
+    SHA1: 2eeab9786dac3f5f69e642f6e29f4e4819038551
+    SHA256: 8137ce22d0d0fc5ea5b174d6ad3506a4949506477b1325da2ccb76511f4c4f60
+    Sections:
+        .text:
+            Entropy: 6.372399086395989
+            Virtual Size: '0x2e68'
+        .rdata:
+            Entropy: 7.130199720860538
+            Virtual Size: '0x5e4'
+        .data:
+            Entropy: 2.0
+            Virtual Size: '0x4'
+        INIT:
+            Entropy: 5.4063363613622535
+            Virtual Size: '0x59c'
+        .rsrc:
+            Entropy: 3.323528167515758
+            Virtual Size: '0x4d8'
+        .reloc:
+            Entropy: 5.105327103742467
+            Virtual Size: '0x1f0'
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=CH, O=Elaborate Bytes AG, CN=Elaborate Bytes AG, emailAddress=admin@elby.ch
+            ValidFrom: '2006-12-07 11:07:29'
+            ValidTo: '2008-12-07 11:07:29'
+            Signature: 312a78bb7289ca49f93bb483f0a56c77003b9bc3dda8096af5a455a642aeb201ceaadcacce82396eadef1bc05108e296eae1d8d074949170f28f78fa24bed56e7dca69067866d2d790c10929db5d6e7026906dc96a4c3e2b0254b86328393272826bad272dc3911b2c3ec6832d88e95a696d7e5da86c3f946c306df5a5d7e78b0cba5df4d78035e76fa33c452afc780ffe36246c58fdd0e150d22fce7df4dd954eae19a60009e5b99b8649b6d728a46bd9f90ddfbccb6951dfa7b106a6d0fda3b76b23ef475dcf2d1147ae15d4d34035e1929681fe802dfbc5bbbcd98e107c39cbe07cce6911a9202709853bcc4748fde8dc409b7939be5e4b6c97fb90dc6031
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0100000000010f5c98b8f5
+            Version: 3
+            TBS:
+                MD5: 832074a51bea8e4758c8dfeb2e96ad84
+                SHA1: 04ba895ed074635a01875a1f25da93e2e2cbbfba
+                SHA256: c5ba90a16c07cee0cb480ee21c9bedaf3ea4cbe004589b74fb9c2c0bedbc7c1b
+                SHA384: 94a7139c5e1fb29c73f8882dc40027a3929d0aab66c9be0138707c68ba43a1f329477f4bcec47cb0d0d48e918fecc91d
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
+                Primary Object Publishing CA
+            ValidFrom: '1999-01-28 12:00:00'
+            ValidTo: '2014-01-27 11:00:00'
+            Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9611cd6
+            Version: 3
+            TBS:
+                MD5: 698f075151097d84c0b1f3e7bc3d6fca
+                SHA1: 041750993d7c9e063f02dfe74699598640911aab
+                SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
+                SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            ValidFrom: '2004-01-22 09:00:00'
+            ValidTo: '2014-01-27 10:00:00'
+            Signature: 11d45d8af43d0d9d7e4fa70071610b56b34caa70e1b2d1dec7886d1d897c2ba946e58b1f8e4cc26695911fe34d394ae31b70b7446edc068a4d6d25e89812dcbca0dd864eae8f81130540905a542529944acaf165b4ef0679dae7cb86f004c918dcee72b320015748dfe333e12ccd9c077f9447278d888d340ca67c5c20c17d07b3736b648c26d29bd7e87965a6a891a174862a050282c1847cf279cd3c2a2b0f99291eea8c8a1ab16aeaa266380e65e1add8c6c91f888d3976ee1782c4138d97ce6341e77af5b4b66c15c33813b3930b620688dde1447f10a950248b60dc05f75ba514b27b56720b96eabffc057090659e051ca4dd07af4b57dec639673bc574
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9612448
+            Version: 3
+            TBS:
+                MD5: 2fc76031fc24eec1ef3db2d246d21d6a
+                SHA1: 75c3a1f76b9dfa31ef6bf56325e7bd0bf6e4779d
+                SHA256: 9238292d441c56dc89684c253343c17de3ed9cecd7f83d1d8f793b5ebc91f7b9
+                SHA384: 9279c1377eb701fdd79ef85038ff151cd8902169ba55fca84b9850f003563f73a1daaf869544252a2e42f06f58d2275f
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 0100000000010f5c98b8f5
+            Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            Version: 1
+    Imphash: f4b8d579fbdb32eabd01954394f5bf3a
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 2b8c47b3e15625119ef7576646fdefda
+        SHA1: 5ad820b5cac4e44ded1534169631e7d3fc8547d1
+        SHA256: 8907c476440abdd7f71feb068443a7c9736aa6bf625dfb8b6931c46341aa4abf
+    Company: Elaborate Bytes AG
+    Copyright: Copyright (C) 2000 - 2007 Elaborate Bytes AG
+    CreationTimestamp: '2007-08-01 15:38:24'
+    Description: ElbyCD Windows NT/2000/XP I/O driver
+    ExportedFunctions: ''
+    FileVersion: 6, 0, 0, 7
+    Filename: ElbyCDIO.sys
+    ImportedFunctions:
+    - ZwWriteFile
+    - ZwClose
+    - ZwSetInformationFile
+    - ZwQueryInformationFile
+    - ZwOpenFile
+    - RtlInitUnicodeString
+    - ZwCreateFile
+    - ZwOpenKey
+    - swprintf
+    - ZwQueryVolumeInformationFile
+    - ZwQuerySymbolicLinkObject
+    - ZwOpenSymbolicLinkObject
+    - PsTerminateSystemThread
+    - ZwQueryInformationProcess
+    - ZwSetInformationThread
+    - KeReleaseMutex
+    - ObfDereferenceObject
+    - KeWaitForMultipleObjects
+    - PsCreateSystemThread
+    - KeWaitForSingleObject
+    - ObReferenceObjectByHandle
+    - ZwOpenProcess
+    - KeSetEvent
+    - KeInitializeEvent
+    - ZwReadFile
+    - IofCompleteRequest
+    - KeInitializeMutex
+    - ExAllocatePool
+    - RtlFreeUnicodeString
+    - RtlAnsiStringToUnicodeString
+    - RtlInitAnsiString
+    - ZwCreateKey
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - IofCallDriver
+    - IoBuildDeviceIoControlRequest
+    - IoFreeMdl
+    - MmUnlockPages
+    - MmMapLockedPages
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - _except_handler3
+    - ZwDeleteKey
+    - ZwDeviceIoControlFile
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeTickCount
+    - KeBugCheckEx
+    - KeInitializeSpinLock
+    - ExFreePool
+    - PsGetCurrentProcessId
+    - KfReleaseSpinLock
+    - KfAcquireSpinLock
+    - KeQueryPerformanceCounter
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ElbyCDIO
+    MD5: d21fba3d09e5b060bd08796916166218
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ElbyCDIO.sys
+    Product: CDRTools
+    ProductVersion: 6, 0, 0, 0
+    RichPEHeaderHash:
+        MD5: 589450fa6c6213445bb9aa901c944d47
+        SHA1: de49771e01d34ce6f4663a14eea50c9f509ab899
+        SHA256: 9e7a40176c4bb2dc5645359adf4e7252cab1ba935e18e191db2889044dc6c13d
+    SHA1: caa0cb48368542a54949be18475d45b342fb76e5
+    SHA256: 82fbcb371d53b8a76a25fbbafaae31147c0d1f6b9f26b3ea45262c2267386989
+    Sections:
+        .text:
+            Entropy: 6.418688362028714
+            Virtual Size: '0x2f68'
+        .rdata:
+            Entropy: 7.152099793791149
+            Virtual Size: '0x5e4'
+        .data:
+            Entropy: 2.0
+            Virtual Size: '0x4'
+        INIT:
+            Entropy: 5.406740545618571
+            Virtual Size: '0x5c6'
+        .rsrc:
+            Entropy: 3.328147473275693
+            Virtual Size: '0x4d8'
+        .reloc:
+            Entropy: 5.197766729983576
+            Virtual Size: '0x20c'
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=CH, O=Elaborate Bytes AG, CN=Elaborate Bytes AG, emailAddress=admin@elby.ch
+            ValidFrom: '2006-12-07 11:07:29'
+            ValidTo: '2008-12-07 11:07:29'
+            Signature: 312a78bb7289ca49f93bb483f0a56c77003b9bc3dda8096af5a455a642aeb201ceaadcacce82396eadef1bc05108e296eae1d8d074949170f28f78fa24bed56e7dca69067866d2d790c10929db5d6e7026906dc96a4c3e2b0254b86328393272826bad272dc3911b2c3ec6832d88e95a696d7e5da86c3f946c306df5a5d7e78b0cba5df4d78035e76fa33c452afc780ffe36246c58fdd0e150d22fce7df4dd954eae19a60009e5b99b8649b6d728a46bd9f90ddfbccb6951dfa7b106a6d0fda3b76b23ef475dcf2d1147ae15d4d34035e1929681fe802dfbc5bbbcd98e107c39cbe07cce6911a9202709853bcc4748fde8dc409b7939be5e4b6c97fb90dc6031
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0100000000010f5c98b8f5
+            Version: 3
+            TBS:
+                MD5: 832074a51bea8e4758c8dfeb2e96ad84
+                SHA1: 04ba895ed074635a01875a1f25da93e2e2cbbfba
+                SHA256: c5ba90a16c07cee0cb480ee21c9bedaf3ea4cbe004589b74fb9c2c0bedbc7c1b
+                SHA384: 94a7139c5e1fb29c73f8882dc40027a3929d0aab66c9be0138707c68ba43a1f329477f4bcec47cb0d0d48e918fecc91d
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
+                Primary Object Publishing CA
+            ValidFrom: '1999-01-28 12:00:00'
+            ValidTo: '2014-01-27 11:00:00'
+            Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9611cd6
+            Version: 3
+            TBS:
+                MD5: 698f075151097d84c0b1f3e7bc3d6fca
+                SHA1: 041750993d7c9e063f02dfe74699598640911aab
+                SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
+                SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            ValidFrom: '2004-01-22 09:00:00'
+            ValidTo: '2014-01-27 10:00:00'
+            Signature: 11d45d8af43d0d9d7e4fa70071610b56b34caa70e1b2d1dec7886d1d897c2ba946e58b1f8e4cc26695911fe34d394ae31b70b7446edc068a4d6d25e89812dcbca0dd864eae8f81130540905a542529944acaf165b4ef0679dae7cb86f004c918dcee72b320015748dfe333e12ccd9c077f9447278d888d340ca67c5c20c17d07b3736b648c26d29bd7e87965a6a891a174862a050282c1847cf279cd3c2a2b0f99291eea8c8a1ab16aeaa266380e65e1add8c6c91f888d3976ee1782c4138d97ce6341e77af5b4b66c15c33813b3930b620688dde1447f10a950248b60dc05f75ba514b27b56720b96eabffc057090659e051ca4dd07af4b57dec639673bc574
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9612448
+            Version: 3
+            TBS:
+                MD5: 2fc76031fc24eec1ef3db2d246d21d6a
+                SHA1: 75c3a1f76b9dfa31ef6bf56325e7bd0bf6e4779d
+                SHA256: 9238292d441c56dc89684c253343c17de3ed9cecd7f83d1d8f793b5ebc91f7b9
+                SHA384: 9279c1377eb701fdd79ef85038ff151cd8902169ba55fca84b9850f003563f73a1daaf869544252a2e42f06f58d2275f
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 0100000000010f5c98b8f5
+            Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            Version: 1
+    Imphash: 0265c50548889ffd5c2d3a2539885efe
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: fc16498ddf3716e03fdd527c456ea80b
+        SHA1: 7436e16cf348558015593cbf5ab9c117d97738cc
+        SHA256: a3cf1a6edd205e04653b4338c077072ee753cde0a692490ecaf7afde27df5f0b
+    Company: Elaborate Bytes AG
+    Copyright: Copyright (C) 2000 - 2006 Elaborate Bytes AG
+    CreationTimestamp: '2006-12-12 15:48:53'
+    Description: ElbyCD Windows NT/2000/XP I/O driver
+    ExportedFunctions: ''
+    FileVersion: 6, 0, 0, 1
+    Filename: ElbyCDIO.sys
+    ImportedFunctions:
+    - KeWaitForSingleObject
+    - RtlFreeUnicodeString
+    - ZwCreateFile
+    - RtlAnsiStringToUnicodeString
+    - RtlInitAnsiString
+    - ZwCreateKey
+    - ZwOpenKey
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - IofCallDriver
+    - IoBuildDeviceIoControlRequest
+    - KeInitializeEvent
+    - IoFreeMdl
+    - MmUnlockPages
+    - KeReleaseMutex
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - ExFreePool
+    - ObfDereferenceObject
+    - ObReferenceObjectByHandle
+    - ExAllocatePool
+    - ZwDeleteKey
+    - ZwClose
+    - ZwDeviceIoControlFile
+    - IoCreateSymbolicLink
+    - KeInitializeMutex
+    - IoCreateDevice
+    - RtlUnwind
+    - KeTickCount
+    - MmMapLockedPages
+    - IofCompleteRequest
+    - KeQueryPerformanceCounter
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ElbyCDIO
+    MD5: b5326548762bfaae7a42d5b0898dfeac
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ElbyCDIO.sys
+    Product: CDRTools
+    ProductVersion: 6, 0, 0, 0
+    RichPEHeaderHash:
+        MD5: c15e20cb179a835c6a295f891d4f43f6
+        SHA1: fb716dec77e711df26bca8c29284c5c21c92a808
+        SHA256: 626b9fbb41fcf7bc7185e02b6d4ca83f5070929c4645876c4b19aa50765655e1
+    SHA1: f3029dba668285aac04117273599ac12a94a3564
+    SHA256: 8f68ca89910ebe9da3d02ec82d935de1814d79c44f36cd30ea02fa49ae488f00
+    Sections:
+        .text:
+            Entropy: 6.0145723403420055
+            Virtual Size: '0xe10'
+        .rdata:
+            Entropy: 3.950676692337647
+            Virtual Size: '0x178'
+        .data:
+            Entropy: 1.9182958340544898
+            Virtual Size: '0x18'
+        INIT:
+            Entropy: 5.282185901600035
+            Virtual Size: '0x3a0'
+        .rsrc:
+            Entropy: 3.322524044533632
+            Virtual Size: '0x4d8'
+        .reloc:
+            Entropy: 4.897249100220145
+            Virtual Size: '0x134'
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=CH, O=Elaborate Bytes AG, CN=Elaborate Bytes AG, emailAddress=admin@elby.ch
+            ValidFrom: '2006-12-07 11:07:29'
+            ValidTo: '2008-12-07 11:07:29'
+            Signature: 312a78bb7289ca49f93bb483f0a56c77003b9bc3dda8096af5a455a642aeb201ceaadcacce82396eadef1bc05108e296eae1d8d074949170f28f78fa24bed56e7dca69067866d2d790c10929db5d6e7026906dc96a4c3e2b0254b86328393272826bad272dc3911b2c3ec6832d88e95a696d7e5da86c3f946c306df5a5d7e78b0cba5df4d78035e76fa33c452afc780ffe36246c58fdd0e150d22fce7df4dd954eae19a60009e5b99b8649b6d728a46bd9f90ddfbccb6951dfa7b106a6d0fda3b76b23ef475dcf2d1147ae15d4d34035e1929681fe802dfbc5bbbcd98e107c39cbe07cce6911a9202709853bcc4748fde8dc409b7939be5e4b6c97fb90dc6031
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0100000000010f5c98b8f5
+            Version: 3
+            TBS:
+                MD5: 832074a51bea8e4758c8dfeb2e96ad84
+                SHA1: 04ba895ed074635a01875a1f25da93e2e2cbbfba
+                SHA256: c5ba90a16c07cee0cb480ee21c9bedaf3ea4cbe004589b74fb9c2c0bedbc7c1b
+                SHA384: 94a7139c5e1fb29c73f8882dc40027a3929d0aab66c9be0138707c68ba43a1f329477f4bcec47cb0d0d48e918fecc91d
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
+                Primary Object Publishing CA
+            ValidFrom: '1999-01-28 12:00:00'
+            ValidTo: '2014-01-27 11:00:00'
+            Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9611cd6
+            Version: 3
+            TBS:
+                MD5: 698f075151097d84c0b1f3e7bc3d6fca
+                SHA1: 041750993d7c9e063f02dfe74699598640911aab
+                SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
+                SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2008-12-03 23:59:59'
+            Signature: 877870da4e5201205be079c98230c4fdb91996bd9100c3bdcdcdc6f40ed8fff94dc033623011c5f5741bd492de5f9c2013b17c45be50cd83e7801783a72793671346fbcab8984103cc9b515b058b7fa86ff31b501b242ef2698d6c22f7bbca1695ed0c74c06877d9eb996287c17390f889747a23aba3987b97b1f78f29714d2e751b4841daf0b50d2054d677a097826369fd09cf8af075bb099bd9f91155269a6132be7a02b07b86bea2c38b222c78d13576bc92735cf9b9e64c150a23cce4d2d4342e4940153c0f607a24c6a566ef96cf70eb3ee7f40d7edcd17ca3767169c19c4f47303521b1a2af1a623c2bd98eaa2a077bd818b35c7be29da56ffe3c89ad
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0de92bf0d4d82988183205095e9a7688
+            Version: 3
+            TBS:
+                MD5: 45c204b8a20f6abb0188d2d38a3fb0c9
+                SHA1: cdf3a3c5c2eda4c29621f30fd3154f9f8c765739
+                SHA256: e32839dddc0f4ed2474efaf37f59d46db400c700fd19533cb0895a111124bc77
+                SHA384: ee9c75832cb252218b3201619852209df490d2ef7a5f7a28afdb37f1c1dd56f4604898838e558f615b1c798d4a488223
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            ValidFrom: '2004-01-22 09:00:00'
+            ValidTo: '2014-01-27 10:00:00'
+            Signature: 11d45d8af43d0d9d7e4fa70071610b56b34caa70e1b2d1dec7886d1d897c2ba946e58b1f8e4cc26695911fe34d394ae31b70b7446edc068a4d6d25e89812dcbca0dd864eae8f81130540905a542529944acaf165b4ef0679dae7cb86f004c918dcee72b320015748dfe333e12ccd9c077f9447278d888d340ca67c5c20c17d07b3736b648c26d29bd7e87965a6a891a174862a050282c1847cf279cd3c2a2b0f99291eea8c8a1ab16aeaa266380e65e1add8c6c91f888d3976ee1782c4138d97ce6341e77af5b4b66c15c33813b3930b620688dde1447f10a950248b60dc05f75ba514b27b56720b96eabffc057090659e051ca4dd07af4b57dec639673bc574
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9612448
+            Version: 3
+            TBS:
+                MD5: 2fc76031fc24eec1ef3db2d246d21d6a
+                SHA1: 75c3a1f76b9dfa31ef6bf56325e7bd0bf6e4779d
+                SHA256: 9238292d441c56dc89684c253343c17de3ed9cecd7f83d1d8f793b5ebc91f7b9
+                SHA384: 9279c1377eb701fdd79ef85038ff151cd8902169ba55fca84b9850f003563f73a1daaf869544252a2e42f06f58d2275f
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 0100000000010f5c98b8f5
+            Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            Version: 1
+    Imphash: b91054cdc4c8b3169cfe6c157f6d9f07
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: b5cb05a635b6932ea1f7c0ee35592e37
+        SHA1: e8dc3aa48d494fb2bc096523e11859afdd18b10a
+        SHA256: e85d36ca271c4d65abc1cdfff0e629dc5d14edb5bf97669badbb40d2715c1d47
+    Company: Elaborate Bytes AG
+    Copyright: Copyright (C) 2000 - 2008 Elaborate Bytes AG
+    CreationTimestamp: '2008-07-16 14:59:51'
+    Description: ElbyCD Windows x64 I/O driver
+    ExportedFunctions: ''
+    FileVersion: 6, 0, 1, 1
+    Filename: ElbyCDIO.sys
+    ImportedFunctions:
+    - KeAcquireSpinLockRaiseToDpc
+    - KeReleaseSpinLock
+    - ZwReadFile
+    - ZwWriteFile
+    - ZwCreateFile
+    - RtlInitUnicodeString
+    - swprintf
+    - ZwQueryVolumeInformationFile
+    - ZwOpenFile
+    - ZwClose
+    - ZwQuerySymbolicLinkObject
+    - ZwOpenSymbolicLinkObject
+    - PsTerminateSystemThread
+    - ZwSetInformationThread
+    - KeWaitForSingleObject
+    - KeSetEvent
+    - ObfDereferenceObject
+    - ObReferenceObjectByHandle
+    - PsCreateSystemThread
+    - KeInitializeEvent
+    - KeReleaseMutex
+    - PsGetCurrentProcessId
+    - IofCompleteRequest
+    - ExAllocatePool
+    - ExFreePool
+    - RtlFreeUnicodeString
+    - RtlAnsiStringToUnicodeString
+    - RtlInitAnsiString
+    - ZwCreateKey
+    - ZwOpenKey
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - IofCallDriver
+    - IoBuildDeviceIoControlRequest
+    - __C_specific_handler
+    - IoFreeMdl
+    - MmUnlockPages
+    - MmMapLockedPages
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - ZwDeviceIoControlFile
+    - ZwDeleteKey
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeBugCheckEx
+    - KeInitializeMutex
+    - KeQueryPerformanceCounter
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ElbyCDIO
+    MD5: e9ccb6bac8715918a2ac35d8f0b4e1e6
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ElbyCDIO.sys
+    Product: CDRTools
+    ProductVersion: 6, 0, 0, 0
+    RichPEHeaderHash:
+        MD5: add874dc7800e93a88bff903834a5d72
+        SHA1: ed0bb5ae3434fbd499bdb7a1a42a5bae1a47966d
+        SHA256: ef169f60c3155370805f35d7174379ea25c0fb03402cce2957e3af2bcc70690b
+    SHA1: 9feacc95d30107ce3e1e9a491e2c12d73eef2979
+    SHA256: 9679758455c69877fce866267d60c39d108b495dca183954e4af869902965b3d
+    Sections:
+        .text:
+            Entropy: 6.208771681315594
+            Virtual Size: '0x3c52'
+        .rdata:
+            Entropy: 6.179147948380344
+            Virtual Size: '0xb78'
+        .data:
+            Entropy: 0.5159719988134768
+            Virtual Size: '0x110'
+        .pdata:
+            Entropy: 4.160152730018761
+            Virtual Size: '0x2e8'
+        INIT:
+            Entropy: 5.032885005168776
+            Virtual Size: '0x610'
+        .rsrc:
+            Entropy: 3.3171665901498995
+            Virtual Size: '0x4a8'
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=CH, O=Elaborate Bytes AG, CN=Elaborate Bytes AG, emailAddress=admin@elby.ch
+            ValidFrom: '2006-12-07 11:07:29'
+            ValidTo: '2008-12-07 11:07:29'
+            Signature: 312a78bb7289ca49f93bb483f0a56c77003b9bc3dda8096af5a455a642aeb201ceaadcacce82396eadef1bc05108e296eae1d8d074949170f28f78fa24bed56e7dca69067866d2d790c10929db5d6e7026906dc96a4c3e2b0254b86328393272826bad272dc3911b2c3ec6832d88e95a696d7e5da86c3f946c306df5a5d7e78b0cba5df4d78035e76fa33c452afc780ffe36246c58fdd0e150d22fce7df4dd954eae19a60009e5b99b8649b6d728a46bd9f90ddfbccb6951dfa7b106a6d0fda3b76b23ef475dcf2d1147ae15d4d34035e1929681fe802dfbc5bbbcd98e107c39cbe07cce6911a9202709853bcc4748fde8dc409b7939be5e4b6c97fb90dc6031
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0100000000010f5c98b8f5
+            Version: 3
+            TBS:
+                MD5: 832074a51bea8e4758c8dfeb2e96ad84
+                SHA1: 04ba895ed074635a01875a1f25da93e2e2cbbfba
+                SHA256: c5ba90a16c07cee0cb480ee21c9bedaf3ea4cbe004589b74fb9c2c0bedbc7c1b
+                SHA384: 94a7139c5e1fb29c73f8882dc40027a3929d0aab66c9be0138707c68ba43a1f329477f4bcec47cb0d0d48e918fecc91d
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
+                Primary Object Publishing CA
+            ValidFrom: '1999-01-28 12:00:00'
+            ValidTo: '2014-01-27 11:00:00'
+            Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9611cd6
+            Version: 3
+            TBS:
+                MD5: 698f075151097d84c0b1f3e7bc3d6fca
+                SHA1: 041750993d7c9e063f02dfe74699598640911aab
+                SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
+                SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            ValidFrom: '2004-01-22 09:00:00'
+            ValidTo: '2014-01-27 10:00:00'
+            Signature: 11d45d8af43d0d9d7e4fa70071610b56b34caa70e1b2d1dec7886d1d897c2ba946e58b1f8e4cc26695911fe34d394ae31b70b7446edc068a4d6d25e89812dcbca0dd864eae8f81130540905a542529944acaf165b4ef0679dae7cb86f004c918dcee72b320015748dfe333e12ccd9c077f9447278d888d340ca67c5c20c17d07b3736b648c26d29bd7e87965a6a891a174862a050282c1847cf279cd3c2a2b0f99291eea8c8a1ab16aeaa266380e65e1add8c6c91f888d3976ee1782c4138d97ce6341e77af5b4b66c15c33813b3930b620688dde1447f10a950248b60dc05f75ba514b27b56720b96eabffc057090659e051ca4dd07af4b57dec639673bc574
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9612448
+            Version: 3
+            TBS:
+                MD5: 2fc76031fc24eec1ef3db2d246d21d6a
+                SHA1: 75c3a1f76b9dfa31ef6bf56325e7bd0bf6e4779d
+                SHA256: 9238292d441c56dc89684c253343c17de3ed9cecd7f83d1d8f793b5ebc91f7b9
+                SHA384: 9279c1377eb701fdd79ef85038ff151cd8902169ba55fca84b9850f003563f73a1daaf869544252a2e42f06f58d2275f
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 0100000000010f5c98b8f5
+            Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            Version: 1
+    Imphash: e804d4ee2c20f3eb1d3c955e38a2fe11
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 47a02497d57e9ffa7ab2490d15a0bf90
+        SHA1: da00f69b9d1e4a997094651f4af2c0faad653a10
+        SHA256: c1bbe628f79528417ea741dfad2f589fc4e5c62152e632a89ed080da029d5384
+    Company: Elaborate Bytes AG
+    Copyright: Copyright (C) 2000 - 2008 Elaborate Bytes AG
+    CreationTimestamp: '2008-07-21 06:11:57'
+    Description: ElbyCD Windows NT/2000/XP I/O driver
+    ExportedFunctions: ''
+    FileVersion: 6, 0, 1, 2
+    Filename: ElbyCDIO.sys
+    ImportedFunctions:
+    - ZwWriteFile
+    - ZwCreateFile
+    - RtlInitUnicodeString
+    - swprintf
+    - ZwQueryVolumeInformationFile
+    - ZwOpenFile
+    - ZwClose
+    - ZwQuerySymbolicLinkObject
+    - ZwOpenSymbolicLinkObject
+    - PsTerminateSystemThread
+    - KeWaitForSingleObject
+    - ZwSetInformationThread
+    - KeSetEvent
+    - ObfDereferenceObject
+    - ObReferenceObjectByHandle
+    - PsCreateSystemThread
+    - KeInitializeEvent
+    - KeReleaseMutex
+    - PsGetCurrentProcessId
+    - IofCompleteRequest
+    - KeInitializeMutex
+    - ZwReadFile
+    - RtlFreeUnicodeString
+    - RtlAnsiStringToUnicodeString
+    - RtlInitAnsiString
+    - ZwCreateKey
+    - ZwOpenKey
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - IofCallDriver
+    - IoBuildDeviceIoControlRequest
+    - IoFreeMdl
+    - MmUnlockPages
+    - MmMapLockedPages
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - _except_handler3
+    - ZwDeleteKey
+    - ZwDeviceIoControlFile
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeTickCount
+    - KeBugCheckEx
+    - KeInitializeSpinLock
+    - ExFreePool
+    - ExAllocatePool
+    - KfReleaseSpinLock
+    - KfAcquireSpinLock
+    - KeQueryPerformanceCounter
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ElbyCDIO
+    MD5: 28cb0b64134ad62c2acf77db8501a619
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ElbyCDIO.sys
+    Product: CDRTools
+    ProductVersion: 6, 0, 0, 0
+    RichPEHeaderHash:
+        MD5: 27082193599c13d88cd3571465c0869f
+        SHA1: 0ca5abc904d8a25537355902fe3e897263b7c780
+        SHA256: 345dc7d1b4b40f3ae817e86ae8a68038f88f5c21c8c34876e2f0c320a681e724
+    SHA1: 5742ad3d30bd34c0c26c466ac6475a2b832ad59e
+    SHA256: ada4e42bf5ef58ef1aad94435441003b1cc1fcaa5d38bfdbe1a3d736dc451d47
+    Sections:
+        .text:
+            Entropy: 6.423559104609518
+            Virtual Size: '0x2bf4'
+        .rdata:
+            Entropy: 7.167113007266431
+            Virtual Size: '0x5d4'
+        .data:
+            Entropy: 2.0
+            Virtual Size: '0x4'
+        INIT:
+            Entropy: 5.419300948032812
+            Virtual Size: '0x538'
+        .rsrc:
+            Entropy: 3.3353960748169276
+            Virtual Size: '0x4d8'
+        .reloc:
+            Entropy: 4.982180549430246
+            Virtual Size: '0x1c4'
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=CH, O=Elaborate Bytes AG, CN=Elaborate Bytes AG, emailAddress=admin@elby.ch
+            ValidFrom: '2006-12-07 11:07:29'
+            ValidTo: '2008-12-07 11:07:29'
+            Signature: 312a78bb7289ca49f93bb483f0a56c77003b9bc3dda8096af5a455a642aeb201ceaadcacce82396eadef1bc05108e296eae1d8d074949170f28f78fa24bed56e7dca69067866d2d790c10929db5d6e7026906dc96a4c3e2b0254b86328393272826bad272dc3911b2c3ec6832d88e95a696d7e5da86c3f946c306df5a5d7e78b0cba5df4d78035e76fa33c452afc780ffe36246c58fdd0e150d22fce7df4dd954eae19a60009e5b99b8649b6d728a46bd9f90ddfbccb6951dfa7b106a6d0fda3b76b23ef475dcf2d1147ae15d4d34035e1929681fe802dfbc5bbbcd98e107c39cbe07cce6911a9202709853bcc4748fde8dc409b7939be5e4b6c97fb90dc6031
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0100000000010f5c98b8f5
+            Version: 3
+            TBS:
+                MD5: 832074a51bea8e4758c8dfeb2e96ad84
+                SHA1: 04ba895ed074635a01875a1f25da93e2e2cbbfba
+                SHA256: c5ba90a16c07cee0cb480ee21c9bedaf3ea4cbe004589b74fb9c2c0bedbc7c1b
+                SHA384: 94a7139c5e1fb29c73f8882dc40027a3929d0aab66c9be0138707c68ba43a1f329477f4bcec47cb0d0d48e918fecc91d
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
+                Primary Object Publishing CA
+            ValidFrom: '1999-01-28 12:00:00'
+            ValidTo: '2014-01-27 11:00:00'
+            Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9611cd6
+            Version: 3
+            TBS:
+                MD5: 698f075151097d84c0b1f3e7bc3d6fca
+                SHA1: 041750993d7c9e063f02dfe74699598640911aab
+                SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
+                SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            ValidFrom: '2004-01-22 09:00:00'
+            ValidTo: '2014-01-27 10:00:00'
+            Signature: 11d45d8af43d0d9d7e4fa70071610b56b34caa70e1b2d1dec7886d1d897c2ba946e58b1f8e4cc26695911fe34d394ae31b70b7446edc068a4d6d25e89812dcbca0dd864eae8f81130540905a542529944acaf165b4ef0679dae7cb86f004c918dcee72b320015748dfe333e12ccd9c077f9447278d888d340ca67c5c20c17d07b3736b648c26d29bd7e87965a6a891a174862a050282c1847cf279cd3c2a2b0f99291eea8c8a1ab16aeaa266380e65e1add8c6c91f888d3976ee1782c4138d97ce6341e77af5b4b66c15c33813b3930b620688dde1447f10a950248b60dc05f75ba514b27b56720b96eabffc057090659e051ca4dd07af4b57dec639673bc574
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9612448
+            Version: 3
+            TBS:
+                MD5: 2fc76031fc24eec1ef3db2d246d21d6a
+                SHA1: 75c3a1f76b9dfa31ef6bf56325e7bd0bf6e4779d
+                SHA256: 9238292d441c56dc89684c253343c17de3ed9cecd7f83d1d8f793b5ebc91f7b9
+                SHA384: 9279c1377eb701fdd79ef85038ff151cd8902169ba55fca84b9850f003563f73a1daaf869544252a2e42f06f58d2275f
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 0100000000010f5c98b8f5
+            Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            Version: 1
+    Imphash: 751c6b5c201f8c52f5512350cad88ddc
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: fc16498ddf3716e03fdd527c456ea80b
+        SHA1: 7436e16cf348558015593cbf5ab9c117d97738cc
+        SHA256: a3cf1a6edd205e04653b4338c077072ee753cde0a692490ecaf7afde27df5f0b
+    Company: Elaborate Bytes AG
+    Copyright: Copyright (C) 2000 - 2006 Elaborate Bytes AG
+    CreationTimestamp: '2006-12-12 15:48:53'
+    Description: ElbyCD Windows NT/2000/XP I/O driver
+    ExportedFunctions: ''
+    FileVersion: 6, 0, 0, 1
+    Filename: ElbyCDIO.sys
+    ImportedFunctions:
+    - KeWaitForSingleObject
+    - RtlFreeUnicodeString
+    - ZwCreateFile
+    - RtlAnsiStringToUnicodeString
+    - RtlInitAnsiString
+    - ZwCreateKey
+    - ZwOpenKey
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - IofCallDriver
+    - IoBuildDeviceIoControlRequest
+    - KeInitializeEvent
+    - IoFreeMdl
+    - MmUnlockPages
+    - KeReleaseMutex
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - ExFreePool
+    - ObfDereferenceObject
+    - ObReferenceObjectByHandle
+    - ExAllocatePool
+    - ZwDeleteKey
+    - ZwClose
+    - ZwDeviceIoControlFile
+    - IoCreateSymbolicLink
+    - KeInitializeMutex
+    - IoCreateDevice
+    - RtlUnwind
+    - KeTickCount
+    - MmMapLockedPages
+    - IofCompleteRequest
+    - KeQueryPerformanceCounter
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ElbyCDIO
+    MD5: f141db170bb4c6e088f30ddc58404ad3
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ElbyCDIO.sys
+    Product: CDRTools
+    ProductVersion: 6, 0, 0, 0
+    RichPEHeaderHash:
+        MD5: c15e20cb179a835c6a295f891d4f43f6
+        SHA1: fb716dec77e711df26bca8c29284c5c21c92a808
+        SHA256: 626b9fbb41fcf7bc7185e02b6d4ca83f5070929c4645876c4b19aa50765655e1
+    SHA1: 34b0f1b2038a1572ee6381022a24333357b033c4
+    SHA256: c8eaa5e6d3230b93c126d2d58e32409e4aeeb23ccf0dd047a17f1ef552f92fe9
+    Sections:
+        .text:
+            Entropy: 6.0145723403420055
+            Virtual Size: '0xe10'
+        .rdata:
+            Entropy: 3.950676692337647
+            Virtual Size: '0x178'
+        .data:
+            Entropy: 1.9182958340544898
+            Virtual Size: '0x18'
+        INIT:
+            Entropy: 5.282185901600035
+            Virtual Size: '0x3a0'
+        .rsrc:
+            Entropy: 3.322524044533632
+            Virtual Size: '0x4d8'
+        .reloc:
+            Entropy: 4.897249100220145
+            Virtual Size: '0x134'
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=CH, O=Elaborate Bytes AG, CN=Elaborate Bytes AG, emailAddress=admin@elby.ch
+            ValidFrom: '2006-12-07 11:07:29'
+            ValidTo: '2008-12-07 11:07:29'
+            Signature: 312a78bb7289ca49f93bb483f0a56c77003b9bc3dda8096af5a455a642aeb201ceaadcacce82396eadef1bc05108e296eae1d8d074949170f28f78fa24bed56e7dca69067866d2d790c10929db5d6e7026906dc96a4c3e2b0254b86328393272826bad272dc3911b2c3ec6832d88e95a696d7e5da86c3f946c306df5a5d7e78b0cba5df4d78035e76fa33c452afc780ffe36246c58fdd0e150d22fce7df4dd954eae19a60009e5b99b8649b6d728a46bd9f90ddfbccb6951dfa7b106a6d0fda3b76b23ef475dcf2d1147ae15d4d34035e1929681fe802dfbc5bbbcd98e107c39cbe07cce6911a9202709853bcc4748fde8dc409b7939be5e4b6c97fb90dc6031
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0100000000010f5c98b8f5
+            Version: 3
+            TBS:
+                MD5: 832074a51bea8e4758c8dfeb2e96ad84
+                SHA1: 04ba895ed074635a01875a1f25da93e2e2cbbfba
+                SHA256: c5ba90a16c07cee0cb480ee21c9bedaf3ea4cbe004589b74fb9c2c0bedbc7c1b
+                SHA384: 94a7139c5e1fb29c73f8882dc40027a3929d0aab66c9be0138707c68ba43a1f329477f4bcec47cb0d0d48e918fecc91d
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
+                Primary Object Publishing CA
+            ValidFrom: '1999-01-28 12:00:00'
+            ValidTo: '2014-01-27 11:00:00'
+            Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9611cd6
+            Version: 3
+            TBS:
+                MD5: 698f075151097d84c0b1f3e7bc3d6fca
+                SHA1: 041750993d7c9e063f02dfe74699598640911aab
+                SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
+                SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2008-12-03 23:59:59'
+            Signature: 877870da4e5201205be079c98230c4fdb91996bd9100c3bdcdcdc6f40ed8fff94dc033623011c5f5741bd492de5f9c2013b17c45be50cd83e7801783a72793671346fbcab8984103cc9b515b058b7fa86ff31b501b242ef2698d6c22f7bbca1695ed0c74c06877d9eb996287c17390f889747a23aba3987b97b1f78f29714d2e751b4841daf0b50d2054d677a097826369fd09cf8af075bb099bd9f91155269a6132be7a02b07b86bea2c38b222c78d13576bc92735cf9b9e64c150a23cce4d2d4342e4940153c0f607a24c6a566ef96cf70eb3ee7f40d7edcd17ca3767169c19c4f47303521b1a2af1a623c2bd98eaa2a077bd818b35c7be29da56ffe3c89ad
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0de92bf0d4d82988183205095e9a7688
+            Version: 3
+            TBS:
+                MD5: 45c204b8a20f6abb0188d2d38a3fb0c9
+                SHA1: cdf3a3c5c2eda4c29621f30fd3154f9f8c765739
+                SHA256: e32839dddc0f4ed2474efaf37f59d46db400c700fd19533cb0895a111124bc77
+                SHA384: ee9c75832cb252218b3201619852209df490d2ef7a5f7a28afdb37f1c1dd56f4604898838e558f615b1c798d4a488223
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            ValidFrom: '2004-01-22 09:00:00'
+            ValidTo: '2014-01-27 10:00:00'
+            Signature: 11d45d8af43d0d9d7e4fa70071610b56b34caa70e1b2d1dec7886d1d897c2ba946e58b1f8e4cc26695911fe34d394ae31b70b7446edc068a4d6d25e89812dcbca0dd864eae8f81130540905a542529944acaf165b4ef0679dae7cb86f004c918dcee72b320015748dfe333e12ccd9c077f9447278d888d340ca67c5c20c17d07b3736b648c26d29bd7e87965a6a891a174862a050282c1847cf279cd3c2a2b0f99291eea8c8a1ab16aeaa266380e65e1add8c6c91f888d3976ee1782c4138d97ce6341e77af5b4b66c15c33813b3930b620688dde1447f10a950248b60dc05f75ba514b27b56720b96eabffc057090659e051ca4dd07af4b57dec639673bc574
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9612448
+            Version: 3
+            TBS:
+                MD5: 2fc76031fc24eec1ef3db2d246d21d6a
+                SHA1: 75c3a1f76b9dfa31ef6bf56325e7bd0bf6e4779d
+                SHA256: 9238292d441c56dc89684c253343c17de3ed9cecd7f83d1d8f793b5ebc91f7b9
+                SHA384: 9279c1377eb701fdd79ef85038ff151cd8902169ba55fca84b9850f003563f73a1daaf869544252a2e42f06f58d2275f
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 0100000000010f5c98b8f5
+            Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            Version: 1
+    Imphash: b91054cdc4c8b3169cfe6c157f6d9f07
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: c18c29b48a4e04a3cd761dc733cfda55
+        SHA1: f43590d096d3ed0bbcfd2b0e41a327ba365bd9ec
+        SHA256: 262268f21c789c2bdaf1950b556456a9a5114ed5759d806200b0cec107bf76d7
+    Company: Elaborate Bytes AG
+    Copyright: Copyright (C) 2000 - 2007 Elaborate Bytes AG
+    CreationTimestamp: '2007-07-20 05:58:51'
+    Description: ElbyCD Windows NT/2000/XP I/O driver
+    ExportedFunctions: ''
+    FileVersion: 6, 0, 0, 4
+    Filename: ElbyCDIO.sys
+    ImportedFunctions:
+    - ZwWriteFile
+    - ZwClose
+    - ZwSetInformationFile
+    - ZwQueryInformationFile
+    - ZwOpenFile
+    - RtlInitUnicodeString
+    - ZwCreateFile
+    - swprintf
+    - ZwQueryVolumeInformationFile
+    - ZwQuerySymbolicLinkObject
+    - ZwOpenSymbolicLinkObject
+    - PsTerminateSystemThread
+    - ZwQueryInformationProcess
+    - ZwSetInformationThread
+    - KeReleaseMutex
+    - ObfDereferenceObject
+    - KeWaitForMultipleObjects
+    - PsCreateSystemThread
+    - KeWaitForSingleObject
+    - ObReferenceObjectByHandle
+    - ZwOpenProcess
+    - KeSetEvent
+    - KeInitializeEvent
+    - PsGetCurrentProcessId
+    - ZwReadFile
+    - KeInitializeMutex
+    - ExAllocatePool
+    - RtlFreeUnicodeString
+    - RtlAnsiStringToUnicodeString
+    - RtlInitAnsiString
+    - ZwCreateKey
+    - ZwOpenKey
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - IofCallDriver
+    - IoBuildDeviceIoControlRequest
+    - IoFreeMdl
+    - MmUnlockPages
+    - MmMapLockedPages
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - _except_handler3
+    - ZwDeleteKey
+    - ZwDeviceIoControlFile
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeTickCount
+    - KeBugCheckEx
+    - KeInitializeSpinLock
+    - ExFreePool
+    - IofCompleteRequest
+    - KfReleaseSpinLock
+    - KfAcquireSpinLock
+    - KeQueryPerformanceCounter
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ElbyCDIO
+    MD5: 0634299fc837b47b531e4762d946b2ae
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ElbyCDIO.sys
+    Product: CDRTools
+    ProductVersion: 6, 0, 0, 0
+    RichPEHeaderHash:
+        MD5: 589450fa6c6213445bb9aa901c944d47
+        SHA1: de49771e01d34ce6f4663a14eea50c9f509ab899
+        SHA256: 9e7a40176c4bb2dc5645359adf4e7252cab1ba935e18e191db2889044dc6c13d
+    SHA1: 0a19a9c4c9185b80188da529ec9c9f45cbe73186
+    SHA256: f85eb576acb5db0d2f48e5f09a7244165a876fa1ca8697ebb773e4d7071d4439
+    Sections:
+        .text:
+            Entropy: 6.3852385935006275
+            Virtual Size: '0x2e68'
+        .rdata:
+            Entropy: 7.145465057024416
+            Virtual Size: '0x5e4'
+        .data:
+            Entropy: 2.0
+            Virtual Size: '0x4'
+        INIT:
+            Entropy: 5.397728657185974
+            Virtual Size: '0x5c6'
+        .rsrc:
+            Entropy: 3.32214356727726
+            Virtual Size: '0x4d8'
+        .reloc:
+            Entropy: 5.170233620489706
+            Virtual Size: '0x202'
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=CH, O=Elaborate Bytes AG, CN=Elaborate Bytes AG, emailAddress=admin@elby.ch
+            ValidFrom: '2006-12-07 11:07:29'
+            ValidTo: '2008-12-07 11:07:29'
+            Signature: 312a78bb7289ca49f93bb483f0a56c77003b9bc3dda8096af5a455a642aeb201ceaadcacce82396eadef1bc05108e296eae1d8d074949170f28f78fa24bed56e7dca69067866d2d790c10929db5d6e7026906dc96a4c3e2b0254b86328393272826bad272dc3911b2c3ec6832d88e95a696d7e5da86c3f946c306df5a5d7e78b0cba5df4d78035e76fa33c452afc780ffe36246c58fdd0e150d22fce7df4dd954eae19a60009e5b99b8649b6d728a46bd9f90ddfbccb6951dfa7b106a6d0fda3b76b23ef475dcf2d1147ae15d4d34035e1929681fe802dfbc5bbbcd98e107c39cbe07cce6911a9202709853bcc4748fde8dc409b7939be5e4b6c97fb90dc6031
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0100000000010f5c98b8f5
+            Version: 3
+            TBS:
+                MD5: 832074a51bea8e4758c8dfeb2e96ad84
+                SHA1: 04ba895ed074635a01875a1f25da93e2e2cbbfba
+                SHA256: c5ba90a16c07cee0cb480ee21c9bedaf3ea4cbe004589b74fb9c2c0bedbc7c1b
+                SHA384: 94a7139c5e1fb29c73f8882dc40027a3929d0aab66c9be0138707c68ba43a1f329477f4bcec47cb0d0d48e918fecc91d
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
+                Primary Object Publishing CA
+            ValidFrom: '1999-01-28 12:00:00'
+            ValidTo: '2014-01-27 11:00:00'
+            Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9611cd6
+            Version: 3
+            TBS:
+                MD5: 698f075151097d84c0b1f3e7bc3d6fca
+                SHA1: 041750993d7c9e063f02dfe74699598640911aab
+                SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
+                SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            ValidFrom: '2004-01-22 09:00:00'
+            ValidTo: '2014-01-27 10:00:00'
+            Signature: 11d45d8af43d0d9d7e4fa70071610b56b34caa70e1b2d1dec7886d1d897c2ba946e58b1f8e4cc26695911fe34d394ae31b70b7446edc068a4d6d25e89812dcbca0dd864eae8f81130540905a542529944acaf165b4ef0679dae7cb86f004c918dcee72b320015748dfe333e12ccd9c077f9447278d888d340ca67c5c20c17d07b3736b648c26d29bd7e87965a6a891a174862a050282c1847cf279cd3c2a2b0f99291eea8c8a1ab16aeaa266380e65e1add8c6c91f888d3976ee1782c4138d97ce6341e77af5b4b66c15c33813b3930b620688dde1447f10a950248b60dc05f75ba514b27b56720b96eabffc057090659e051ca4dd07af4b57dec639673bc574
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9612448
+            Version: 3
+            TBS:
+                MD5: 2fc76031fc24eec1ef3db2d246d21d6a
+                SHA1: 75c3a1f76b9dfa31ef6bf56325e7bd0bf6e4779d
+                SHA256: 9238292d441c56dc89684c253343c17de3ed9cecd7f83d1d8f793b5ebc91f7b9
+                SHA384: 9279c1377eb701fdd79ef85038ff151cd8902169ba55fca84b9850f003563f73a1daaf869544252a2e42f06f58d2275f
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 0100000000010f5c98b8f5
+            Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            Version: 1
+    Imphash: bc44fdc145156a15d0a803d18877b218
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 8fded3a6c81ca6901a7d7f618e79695c
+        SHA1: f164f2b99d6d505009a431e7e7702a8c07ce6df8
+        SHA256: 197896f4764d0c9e146cf532bbc531f93e6d61dbf28d25e3e96e2ba48d2b6c6a
+    Company: Elaborate Bytes AG
+    Copyright: Copyright (C) 2000 - 2009 Elaborate Bytes AG
+    CreationTimestamp: '2009-02-17 10:11:28'
+    Date: ''
+    Description: ElbyCD Windows NT/2000/XP I/O driver
+    ExportedFunctions: ''
+    FileVersion: 6, 0, 3, 2
+    Filename: ''
+    ImportedFunctions:
+    - KeReleaseMutex
+    - ProbeForRead
+    - ProbeForWrite
+    - _except_handler3
+    - ZwReadFile
+    - ZwWriteFile
+    - ZwCreateFile
+    - RtlInitUnicodeString
+    - swprintf
+    - ZwQueryVolumeInformationFile
+    - ZwOpenFile
+    - ZwClose
+    - ZwQuerySymbolicLinkObject
+    - ZwOpenSymbolicLinkObject
+    - PsTerminateSystemThread
+    - ZwSetInformationThread
+    - KeSetEvent
+    - ObfDereferenceObject
+    - ObReferenceObjectByHandle
+    - KeWaitForSingleObject
+    - KeInitializeEvent
+    - PsGetCurrentProcessId
+    - IofCompleteRequest
+    - KeInitializeMutex
+    - ExAllocatePool
+    - InterlockedIncrement
+    - RtlFreeUnicodeString
+    - RtlAnsiStringToUnicodeString
+    - RtlInitAnsiString
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - IofCallDriver
+    - IoBuildDeviceIoControlRequest
+    - InterlockedDecrement
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeTickCount
+    - KeBugCheckEx
+    - KeInitializeSpinLock
+    - ExFreePool
+    - PsCreateSystemThread
+    - KfReleaseSpinLock
+    - KfAcquireSpinLock
+    - KeQueryPerformanceCounter
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ElbyCDIO
+    MD5: 178cc9403816c082d22a1d47fa1f9c85
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ElbyCDIO.sys
+    PDBPath: ''
+    Product: CDRTools
+    ProductVersion: 6, 0, 0, 0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 68c265960ba9dbbeb5339eeaeac86554
+        SHA1: 8d25aca765706a60b288a10f42d68e9be8c025f0
+        SHA256: 843cba3393d38bbd23bfc5edfbed8559389e307362c071e83549e1657275c64e
+    SHA1: a838303cda908530ef124f8d6f7fb69938b613bc
+    SHA256: b9ad7199c00d477ebbc15f2dcf78a6ba60c2670dad0ef0994cebccb19111f890
+    Sections:
+        .text:
+            Entropy: 6.428816614413231
+            Virtual Size: '0x2ac0'
+        .rdata:
+            Entropy: 7.101350513884741
+            Virtual Size: '0x5e4'
+        .data:
+            Entropy: 2.0
+            Virtual Size: '0x4'
+        INIT:
+            Entropy: 5.366610331670354
+            Virtual Size: '0x4de'
+        .rsrc:
+            Entropy: 3.337104380194252
+            Virtual Size: '0x4d8'
+        .reloc:
+            Entropy: 5.016379779325141
+            Virtual Size: '0x19a'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
+                Primary Object Publishing CA
+            ValidFrom: '1999-01-28 12:00:00'
+            ValidTo: '2014-01-27 11:00:00'
+            Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9611cd6
+            Version: 3
+            TBS:
+                MD5: 698f075151097d84c0b1f3e7bc3d6fca
+                SHA1: 041750993d7c9e063f02dfe74699598640911aab
+                SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
+                SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
+        -   Subject: C=CH, O=Elaborate Bytes AG, CN=Elaborate Bytes AG, emailAddress=admin@elby.ch
+            ValidFrom: '2008-12-23 13:26:11'
+            ValidTo: '2011-12-23 13:26:11'
+            Signature: 5a634dbf49c9d1dbe5ed4b484689b4f95ee13686141c393683a1decdc986cf94613342607a120df492112daaa92fd772bbbcb1c0f14cec7c0c20304c92d62508859c387138f2d145dbcc54c561f1b9dd73d3686ae3859ea986e4f539db7495a64b551b60d6f976ae6075ca3f6dbe1187b875ee267784b5baefaa850078595fb8b1c8944c9c3da355a802ebc52eacb9bdffdd57b0aae5f49c02c5ae6505b7ca1afb2b29e39374eab8bf1e643c3e1c8240dc113ceb078c70a401e92d0610538eaed48e291cad84635d6100930c8e7b9801323490e4f3e58d9f9fea04843f06633f8b8a8774d2b679be008d1d92bb31815f8f01c5e08144ed9574a605b245de2ba7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0100000000011e643e96d0
+            Version: 3
+            TBS:
+                MD5: f39798a2df6dda6c76b4697e743c8b80
+                SHA1: d97d9f0d2cad2881eda58fa0467cff6396be6408
+                SHA256: 5086b06e5d91585b5a110b3ec4048ce6a43a58e4fc7eb8aa99c391af5b2f8d9f
+                SHA384: 99096e0926f74d7dd4bc744bea78d7310e623f6c782a3f38d4db933e9cdf2bc8e1b813e5f6a0aacd8e59606f075e4afd
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            ValidFrom: '2004-01-22 09:00:00'
+            ValidTo: '2014-01-27 10:00:00'
+            Signature: 11d45d8af43d0d9d7e4fa70071610b56b34caa70e1b2d1dec7886d1d897c2ba946e58b1f8e4cc26695911fe34d394ae31b70b7446edc068a4d6d25e89812dcbca0dd864eae8f81130540905a542529944acaf165b4ef0679dae7cb86f004c918dcee72b320015748dfe333e12ccd9c077f9447278d888d340ca67c5c20c17d07b3736b648c26d29bd7e87965a6a891a174862a050282c1847cf279cd3c2a2b0f99291eea8c8a1ab16aeaa266380e65e1add8c6c91f888d3976ee1782c4138d97ce6341e77af5b4b66c15c33813b3930b620688dde1447f10a950248b60dc05f75ba514b27b56720b96eabffc057090659e051ca4dd07af4b57dec639673bc574
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9612448
+            Version: 3
+            TBS:
+                MD5: 2fc76031fc24eec1ef3db2d246d21d6a
+                SHA1: 75c3a1f76b9dfa31ef6bf56325e7bd0bf6e4779d
+                SHA256: 9238292d441c56dc89684c253343c17de3ed9cecd7f83d1d8f793b5ebc91f7b9
+                SHA384: 9279c1377eb701fdd79ef85038ff151cd8902169ba55fca84b9850f003563f73a1daaf869544252a2e42f06f58d2275f
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 0100000000011e643e96d0
+            Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            Version: 1
+    Imphash: 71c580daf556775f690f0af3db12506f
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: ffb66883d7aead2388847f28741500fe
+        SHA1: bf589f9a1a1db11133f2c33285694e4e578bd3eb
+        SHA256: fe50be756c689ef56976d96135486ee66192a4de0b82b0d52521978fc589f6fa
+    Company: Elaborate Bytes AG
+    Copyright: Copyright (C) 2000 - 2009 Elaborate Bytes AG
+    CreationTimestamp: '2009-01-14 14:42:52'
+    Date: ''
+    Description: ElbyCD Windows x64 I/O driver
+    ExportedFunctions: ''
+    FileVersion: 6, 0, 1, 6
+    Filename: ''
+    ImportedFunctions:
+    - KeAcquireSpinLockRaiseToDpc
+    - KeReleaseSpinLock
+    - ZwReadFile
+    - ZwWriteFile
+    - ZwCreateFile
+    - RtlInitUnicodeString
+    - swprintf
+    - ZwQueryVolumeInformationFile
+    - ZwOpenFile
+    - ZwClose
+    - ZwQuerySymbolicLinkObject
+    - ZwOpenSymbolicLinkObject
+    - PsTerminateSystemThread
+    - KeWaitForSingleObject
+    - ZwSetInformationThread
+    - KeSetEvent
+    - ObfDereferenceObject
+    - ObReferenceObjectByHandle
+    - PsCreateSystemThread
+    - KeInitializeEvent
+    - KeReleaseMutex
+    - IofCompleteRequest
+    - KeInitializeMutex
+    - ExAllocatePool
+    - ExFreePool
+    - RtlFreeUnicodeString
+    - RtlAnsiStringToUnicodeString
+    - RtlInitAnsiString
+    - ZwCreateKey
+    - ZwOpenKey
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - IofCallDriver
+    - IoBuildDeviceIoControlRequest
+    - __C_specific_handler
+    - ZwDeleteKey
+    - ProbeForRead
+    - ProbeForWrite
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeBugCheckEx
+    - PsGetCurrentProcessId
+    - KeQueryPerformanceCounter
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ElbyCDIO
+    MD5: 05b4463677e2566414ad53434ad9e7e5
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ElbyCDIO.sys
+    PDBPath: ''
+    Product: CDRTools
+    ProductVersion: 6, 0, 0, 0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 5bc8b6cc9da34212119204d829ade385
+        SHA1: feeb5e18281056a80a3e5bcf0dc3317b2b6d4637
+        SHA256: 86c7da06ed319a61df05b0f03fdd6f9e69aa4154defc8a6883e3156f2d946b3c
+    SHA1: ef95f500b60c49f40ed6ce3014ffdb294b301e95
+    SHA256: 1f15fd9b81092a98fabcc4ac95e45cec2d9ff3874d2e3faac482f3e86edad441
+    Sections:
+        .text:
+            Entropy: 6.215345701926514
+            Virtual Size: '0x3b52'
+        .rdata:
+            Entropy: 6.228295730042114
+            Virtual Size: '0xb44'
+        .data:
+            Entropy: 0.5159719988134768
+            Virtual Size: '0x110'
+        .pdata:
+            Entropy: 4.148487076169079
+            Virtual Size: '0x2e8'
+        INIT:
+            Entropy: 4.995998931942705
+            Virtual Size: '0x5a2'
+        .rsrc:
+            Entropy: 3.3181272293684843
+            Virtual Size: '0x4a8'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
+                Primary Object Publishing CA
+            ValidFrom: '1999-01-28 12:00:00'
+            ValidTo: '2014-01-27 11:00:00'
+            Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9611cd6
+            Version: 3
+            TBS:
+                MD5: 698f075151097d84c0b1f3e7bc3d6fca
+                SHA1: 041750993d7c9e063f02dfe74699598640911aab
+                SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
+                SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
+        -   Subject: C=CH, O=Elaborate Bytes AG, CN=Elaborate Bytes AG, emailAddress=admin@elby.ch
+            ValidFrom: '2008-12-23 13:26:11'
+            ValidTo: '2011-12-23 13:26:11'
+            Signature: 5a634dbf49c9d1dbe5ed4b484689b4f95ee13686141c393683a1decdc986cf94613342607a120df492112daaa92fd772bbbcb1c0f14cec7c0c20304c92d62508859c387138f2d145dbcc54c561f1b9dd73d3686ae3859ea986e4f539db7495a64b551b60d6f976ae6075ca3f6dbe1187b875ee267784b5baefaa850078595fb8b1c8944c9c3da355a802ebc52eacb9bdffdd57b0aae5f49c02c5ae6505b7ca1afb2b29e39374eab8bf1e643c3e1c8240dc113ceb078c70a401e92d0610538eaed48e291cad84635d6100930c8e7b9801323490e4f3e58d9f9fea04843f06633f8b8a8774d2b679be008d1d92bb31815f8f01c5e08144ed9574a605b245de2ba7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0100000000011e643e96d0
+            Version: 3
+            TBS:
+                MD5: f39798a2df6dda6c76b4697e743c8b80
+                SHA1: d97d9f0d2cad2881eda58fa0467cff6396be6408
+                SHA256: 5086b06e5d91585b5a110b3ec4048ce6a43a58e4fc7eb8aa99c391af5b2f8d9f
+                SHA384: 99096e0926f74d7dd4bc744bea78d7310e623f6c782a3f38d4db933e9cdf2bc8e1b813e5f6a0aacd8e59606f075e4afd
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            ValidFrom: '2004-01-22 09:00:00'
+            ValidTo: '2014-01-27 10:00:00'
+            Signature: 11d45d8af43d0d9d7e4fa70071610b56b34caa70e1b2d1dec7886d1d897c2ba946e58b1f8e4cc26695911fe34d394ae31b70b7446edc068a4d6d25e89812dcbca0dd864eae8f81130540905a542529944acaf165b4ef0679dae7cb86f004c918dcee72b320015748dfe333e12ccd9c077f9447278d888d340ca67c5c20c17d07b3736b648c26d29bd7e87965a6a891a174862a050282c1847cf279cd3c2a2b0f99291eea8c8a1ab16aeaa266380e65e1add8c6c91f888d3976ee1782c4138d97ce6341e77af5b4b66c15c33813b3930b620688dde1447f10a950248b60dc05f75ba514b27b56720b96eabffc057090659e051ca4dd07af4b57dec639673bc574
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9612448
+            Version: 3
+            TBS:
+                MD5: 2fc76031fc24eec1ef3db2d246d21d6a
+                SHA1: 75c3a1f76b9dfa31ef6bf56325e7bd0bf6e4779d
+                SHA256: 9238292d441c56dc89684c253343c17de3ed9cecd7f83d1d8f793b5ebc91f7b9
+                SHA384: 9279c1377eb701fdd79ef85038ff151cd8902169ba55fca84b9850f003563f73a1daaf869544252a2e42f06f58d2275f
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 0100000000011e643e96d0
+            Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            Version: 1
+    Imphash: 656ad5c2eac95f75d3fe6d5ca59e0d8d
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: f6ec1910d05b0270c47ce480c15bc7cd
+        SHA1: 43632833ba3e81cc5a130e11f6feb5937c1c6f21
+        SHA256: 253a549a1e13a5a7e242ac1b39d5bebc61dcec7794171a58093700ae760d4b71
+    Company: Elaborate Bytes AG
+    Copyright: Copyright (C) 2000 - 2008 Elaborate Bytes AG
+    CreationTimestamp: '2008-07-21 06:11:55'
+    Date: ''
+    Description: ElbyCD Windows x64 I/O driver
+    ExportedFunctions: ''
+    FileVersion: 6, 0, 1, 2
+    Filename: ''
+    ImportedFunctions:
+    - KeAcquireSpinLockRaiseToDpc
+    - KeReleaseSpinLock
+    - ZwReadFile
+    - ZwWriteFile
+    - ZwCreateFile
+    - RtlInitUnicodeString
+    - swprintf
+    - ZwQueryVolumeInformationFile
+    - ZwOpenFile
+    - ZwClose
+    - ZwQuerySymbolicLinkObject
+    - ZwOpenSymbolicLinkObject
+    - PsTerminateSystemThread
+    - KeWaitForSingleObject
+    - ZwSetInformationThread
+    - KeSetEvent
+    - ObfDereferenceObject
+    - ObReferenceObjectByHandle
+    - PsCreateSystemThread
+    - KeInitializeEvent
+    - KeReleaseMutex
+    - PsGetCurrentProcessId
+    - IofCompleteRequest
+    - ExAllocatePool
+    - ExFreePool
+    - RtlFreeUnicodeString
+    - RtlAnsiStringToUnicodeString
+    - RtlInitAnsiString
+    - ZwCreateKey
+    - ZwOpenKey
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - IofCallDriver
+    - IoBuildDeviceIoControlRequest
+    - __C_specific_handler
+    - IoFreeMdl
+    - MmUnlockPages
+    - MmMapLockedPages
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - ZwDeviceIoControlFile
+    - ZwDeleteKey
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeBugCheckEx
+    - KeInitializeMutex
+    - KeQueryPerformanceCounter
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ElbyCDIO
+    MD5: 15814b675e9d08953f2c64e4e5ccb4f4
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ElbyCDIO.sys
+    PDBPath: ''
+    Product: CDRTools
+    ProductVersion: 6, 0, 0, 0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: add874dc7800e93a88bff903834a5d72
+        SHA1: ed0bb5ae3434fbd499bdb7a1a42a5bae1a47966d
+        SHA256: ef169f60c3155370805f35d7174379ea25c0fb03402cce2957e3af2bcc70690b
+    SHA1: c8864c0c66ea45011c1c4e79328a3a1acf7e84a9
+    SHA256: 033c4634ab1a43bc3247384864f3380401d3b4006a383312193799dded0de4c7
+    Sections:
+        .text:
+            Entropy: 6.208673584594836
+            Virtual Size: '0x3c52'
+        .rdata:
+            Entropy: 6.180900411430657
+            Virtual Size: '0xb78'
+        .data:
+            Entropy: 0.5159719988134768
+            Virtual Size: '0x110'
+        .pdata:
+            Entropy: 4.163418132630147
+            Virtual Size: '0x2e8'
+        INIT:
+            Entropy: 5.031371786389396
+            Virtual Size: '0x610'
+        .rsrc:
+            Entropy: 3.320682079668498
+            Virtual Size: '0x4a8'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=CH, O=Elaborate Bytes AG, CN=Elaborate Bytes AG, emailAddress=admin@elby.ch
+            ValidFrom: '2006-12-07 11:07:29'
+            ValidTo: '2008-12-07 11:07:29'
+            Signature: 312a78bb7289ca49f93bb483f0a56c77003b9bc3dda8096af5a455a642aeb201ceaadcacce82396eadef1bc05108e296eae1d8d074949170f28f78fa24bed56e7dca69067866d2d790c10929db5d6e7026906dc96a4c3e2b0254b86328393272826bad272dc3911b2c3ec6832d88e95a696d7e5da86c3f946c306df5a5d7e78b0cba5df4d78035e76fa33c452afc780ffe36246c58fdd0e150d22fce7df4dd954eae19a60009e5b99b8649b6d728a46bd9f90ddfbccb6951dfa7b106a6d0fda3b76b23ef475dcf2d1147ae15d4d34035e1929681fe802dfbc5bbbcd98e107c39cbe07cce6911a9202709853bcc4748fde8dc409b7939be5e4b6c97fb90dc6031
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0100000000010f5c98b8f5
+            Version: 3
+            TBS:
+                MD5: 832074a51bea8e4758c8dfeb2e96ad84
+                SHA1: 04ba895ed074635a01875a1f25da93e2e2cbbfba
+                SHA256: c5ba90a16c07cee0cb480ee21c9bedaf3ea4cbe004589b74fb9c2c0bedbc7c1b
+                SHA384: 94a7139c5e1fb29c73f8882dc40027a3929d0aab66c9be0138707c68ba43a1f329477f4bcec47cb0d0d48e918fecc91d
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
+                Primary Object Publishing CA
+            ValidFrom: '1999-01-28 12:00:00'
+            ValidTo: '2014-01-27 11:00:00'
+            Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9611cd6
+            Version: 3
+            TBS:
+                MD5: 698f075151097d84c0b1f3e7bc3d6fca
+                SHA1: 041750993d7c9e063f02dfe74699598640911aab
+                SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
+                SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            ValidFrom: '2004-01-22 09:00:00'
+            ValidTo: '2014-01-27 10:00:00'
+            Signature: 11d45d8af43d0d9d7e4fa70071610b56b34caa70e1b2d1dec7886d1d897c2ba946e58b1f8e4cc26695911fe34d394ae31b70b7446edc068a4d6d25e89812dcbca0dd864eae8f81130540905a542529944acaf165b4ef0679dae7cb86f004c918dcee72b320015748dfe333e12ccd9c077f9447278d888d340ca67c5c20c17d07b3736b648c26d29bd7e87965a6a891a174862a050282c1847cf279cd3c2a2b0f99291eea8c8a1ab16aeaa266380e65e1add8c6c91f888d3976ee1782c4138d97ce6341e77af5b4b66c15c33813b3930b620688dde1447f10a950248b60dc05f75ba514b27b56720b96eabffc057090659e051ca4dd07af4b57dec639673bc574
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9612448
+            Version: 3
+            TBS:
+                MD5: 2fc76031fc24eec1ef3db2d246d21d6a
+                SHA1: 75c3a1f76b9dfa31ef6bf56325e7bd0bf6e4779d
+                SHA256: 9238292d441c56dc89684c253343c17de3ed9cecd7f83d1d8f793b5ebc91f7b9
+                SHA384: 9279c1377eb701fdd79ef85038ff151cd8902169ba55fca84b9850f003563f73a1daaf869544252a2e42f06f58d2275f
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 0100000000010f5c98b8f5
+            Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            Version: 1
+    Imphash: 8919b7bae28d98c4a9e5967c9c55ce70
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: fc16498ddf3716e03fdd527c456ea80b
+        SHA1: 7436e16cf348558015593cbf5ab9c117d97738cc
+        SHA256: a3cf1a6edd205e04653b4338c077072ee753cde0a692490ecaf7afde27df5f0b
+    Company: Elaborate Bytes AG
+    Copyright: Copyright (C) 2000 - 2006 Elaborate Bytes AG
+    CreationTimestamp: '2006-12-12 15:48:53'
+    Date: ''
+    Description: ElbyCD Windows NT/2000/XP I/O driver
+    ExportedFunctions: ''
+    FileVersion: 6, 0, 0, 1
+    Filename: ''
+    ImportedFunctions:
+    - KeWaitForSingleObject
+    - RtlFreeUnicodeString
+    - ZwCreateFile
+    - RtlAnsiStringToUnicodeString
+    - RtlInitAnsiString
+    - ZwCreateKey
+    - ZwOpenKey
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - IofCallDriver
+    - IoBuildDeviceIoControlRequest
+    - KeInitializeEvent
+    - IoFreeMdl
+    - MmUnlockPages
+    - KeReleaseMutex
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - ExFreePool
+    - ObfDereferenceObject
+    - ObReferenceObjectByHandle
+    - ExAllocatePool
+    - ZwDeleteKey
+    - ZwClose
+    - ZwDeviceIoControlFile
+    - IoCreateSymbolicLink
+    - KeInitializeMutex
+    - IoCreateDevice
+    - RtlUnwind
+    - KeTickCount
+    - MmMapLockedPages
+    - IofCompleteRequest
+    - KeQueryPerformanceCounter
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ElbyCDIO
+    MD5: 94c80490b02cc655d2d80597c3aef08f
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ElbyCDIO.sys
+    PDBPath: ''
+    Product: CDRTools
+    ProductVersion: 6, 0, 0, 0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: c15e20cb179a835c6a295f891d4f43f6
+        SHA1: fb716dec77e711df26bca8c29284c5c21c92a808
+        SHA256: 626b9fbb41fcf7bc7185e02b6d4ca83f5070929c4645876c4b19aa50765655e1
+    SHA1: 5672e2212c3b427c1aef83fcd725b587a3d3f979
+    SHA256: 7227377a47204f8e2ff167eee54b4b3545c0a19e3727f0ec59974e1a904f4a96
+    Sections:
+        .text:
+            Entropy: 6.0145723403420055
+            Virtual Size: '0xe10'
+        .rdata:
+            Entropy: 3.950676692337647
+            Virtual Size: '0x178'
+        .data:
+            Entropy: 1.9182958340544898
+            Virtual Size: '0x18'
+        INIT:
+            Entropy: 5.282185901600035
+            Virtual Size: '0x3a0'
+        .rsrc:
+            Entropy: 3.322524044533632
+            Virtual Size: '0x4d8'
+        .reloc:
+            Entropy: 4.897249100220145
+            Virtual Size: '0x134'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=CH, O=Elaborate Bytes AG, CN=Elaborate Bytes AG, emailAddress=admin@elby.ch
+            ValidFrom: '2006-12-07 11:07:29'
+            ValidTo: '2008-12-07 11:07:29'
+            Signature: 312a78bb7289ca49f93bb483f0a56c77003b9bc3dda8096af5a455a642aeb201ceaadcacce82396eadef1bc05108e296eae1d8d074949170f28f78fa24bed56e7dca69067866d2d790c10929db5d6e7026906dc96a4c3e2b0254b86328393272826bad272dc3911b2c3ec6832d88e95a696d7e5da86c3f946c306df5a5d7e78b0cba5df4d78035e76fa33c452afc780ffe36246c58fdd0e150d22fce7df4dd954eae19a60009e5b99b8649b6d728a46bd9f90ddfbccb6951dfa7b106a6d0fda3b76b23ef475dcf2d1147ae15d4d34035e1929681fe802dfbc5bbbcd98e107c39cbe07cce6911a9202709853bcc4748fde8dc409b7939be5e4b6c97fb90dc6031
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0100000000010f5c98b8f5
+            Version: 3
+            TBS:
+                MD5: 832074a51bea8e4758c8dfeb2e96ad84
+                SHA1: 04ba895ed074635a01875a1f25da93e2e2cbbfba
+                SHA256: c5ba90a16c07cee0cb480ee21c9bedaf3ea4cbe004589b74fb9c2c0bedbc7c1b
+                SHA384: 94a7139c5e1fb29c73f8882dc40027a3929d0aab66c9be0138707c68ba43a1f329477f4bcec47cb0d0d48e918fecc91d
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
+                Primary Object Publishing CA
+            ValidFrom: '1999-01-28 12:00:00'
+            ValidTo: '2014-01-27 11:00:00'
+            Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9611cd6
+            Version: 3
+            TBS:
+                MD5: 698f075151097d84c0b1f3e7bc3d6fca
+                SHA1: 041750993d7c9e063f02dfe74699598640911aab
+                SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
+                SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2008-12-03 23:59:59'
+            Signature: 877870da4e5201205be079c98230c4fdb91996bd9100c3bdcdcdc6f40ed8fff94dc033623011c5f5741bd492de5f9c2013b17c45be50cd83e7801783a72793671346fbcab8984103cc9b515b058b7fa86ff31b501b242ef2698d6c22f7bbca1695ed0c74c06877d9eb996287c17390f889747a23aba3987b97b1f78f29714d2e751b4841daf0b50d2054d677a097826369fd09cf8af075bb099bd9f91155269a6132be7a02b07b86bea2c38b222c78d13576bc92735cf9b9e64c150a23cce4d2d4342e4940153c0f607a24c6a566ef96cf70eb3ee7f40d7edcd17ca3767169c19c4f47303521b1a2af1a623c2bd98eaa2a077bd818b35c7be29da56ffe3c89ad
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0de92bf0d4d82988183205095e9a7688
+            Version: 3
+            TBS:
+                MD5: 45c204b8a20f6abb0188d2d38a3fb0c9
+                SHA1: cdf3a3c5c2eda4c29621f30fd3154f9f8c765739
+                SHA256: e32839dddc0f4ed2474efaf37f59d46db400c700fd19533cb0895a111124bc77
+                SHA384: ee9c75832cb252218b3201619852209df490d2ef7a5f7a28afdb37f1c1dd56f4604898838e558f615b1c798d4a488223
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            ValidFrom: '2004-01-22 09:00:00'
+            ValidTo: '2014-01-27 10:00:00'
+            Signature: 11d45d8af43d0d9d7e4fa70071610b56b34caa70e1b2d1dec7886d1d897c2ba946e58b1f8e4cc26695911fe34d394ae31b70b7446edc068a4d6d25e89812dcbca0dd864eae8f81130540905a542529944acaf165b4ef0679dae7cb86f004c918dcee72b320015748dfe333e12ccd9c077f9447278d888d340ca67c5c20c17d07b3736b648c26d29bd7e87965a6a891a174862a050282c1847cf279cd3c2a2b0f99291eea8c8a1ab16aeaa266380e65e1add8c6c91f888d3976ee1782c4138d97ce6341e77af5b4b66c15c33813b3930b620688dde1447f10a950248b60dc05f75ba514b27b56720b96eabffc057090659e051ca4dd07af4b57dec639673bc574
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9612448
+            Version: 3
+            TBS:
+                MD5: 2fc76031fc24eec1ef3db2d246d21d6a
+                SHA1: 75c3a1f76b9dfa31ef6bf56325e7bd0bf6e4779d
+                SHA256: 9238292d441c56dc89684c253343c17de3ed9cecd7f83d1d8f793b5ebc91f7b9
+                SHA384: 9279c1377eb701fdd79ef85038ff151cd8902169ba55fca84b9850f003563f73a1daaf869544252a2e42f06f58d2275f
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 0100000000010f5c98b8f5
+            Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            Version: 1
+    Imphash: b91054cdc4c8b3169cfe6c157f6d9f07
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: b1fd26613e70e4254f5aa6b399971f97
+        SHA1: c97772d482a4a30a18fc44e6253e5cb30b9e5bfb
+        SHA256: ad5418a4b5edf1c963da343b1bdba14fac9e8ee49489b2f35136c4aebc9540b8
+    Company: Elaborate Bytes AG
+    Copyright: Copyright (C) 2000 - 2006 Elaborate Bytes AG
+    CreationTimestamp: '2006-12-12 15:51:36'
+    Date: ''
+    Description: ElbyCD Windows x64 I/O driver
+    ExportedFunctions: ''
+    FileVersion: 6, 0, 0, 1
+    Filename: ''
+    ImportedFunctions:
+    - IofCompleteRequest
+    - RtlFreeUnicodeString
+    - ZwCreateFile
+    - RtlAnsiStringToUnicodeString
+    - RtlInitAnsiString
+    - ZwDeviceIoControlFile
+    - ZwClose
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    Imports:
+    - ntoskrnl.exe
+    InternalName: ElbyCDIO
+    MD5: 238769fd8379ec476c1114bd2bd28ca6
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ElbyCDIO.sys
+    PDBPath: ''
+    Product: CDRTools
+    ProductVersion: 6, 0, 0, 0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 91713e95c3474f56518b75dc246d7251
+        SHA1: 1817d561308b7d33c72568081aae4ed8255a054b
+        SHA256: 44e77970b62508f64c200e6241a403c1ef3b43b486f152223ea1c56553b29fe3
+    SHA1: 247065af09fc6fd56b07d3f5c26f555a5ccbfda4
+    SHA256: fed0fe2489ae807913be33827b3b11359652a127e33b64464cc570c05abd0d17
+    Sections:
+        .text:
+            Entropy: 5.2989531841302835
+            Virtual Size: '0x3e2'
+        .rdata:
+            Entropy: 4.33093622028126
+            Virtual Size: '0x154'
+        .data:
+            Entropy: 0.5159719988134768
+            Virtual Size: '0x110'
+        .pdata:
+            Entropy: 3.0864053667599327
+            Virtual Size: '0x54'
+        INIT:
+            Entropy: 4.733893393417776
+            Virtual Size: '0x20e'
+        .rsrc:
+            Entropy: 3.3305259301896464
+            Virtual Size: '0x4d8'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=CH, O=Elaborate Bytes AG, CN=Elaborate Bytes AG, emailAddress=admin@elby.ch
+            ValidFrom: '2006-12-07 11:07:29'
+            ValidTo: '2008-12-07 11:07:29'
+            Signature: 312a78bb7289ca49f93bb483f0a56c77003b9bc3dda8096af5a455a642aeb201ceaadcacce82396eadef1bc05108e296eae1d8d074949170f28f78fa24bed56e7dca69067866d2d790c10929db5d6e7026906dc96a4c3e2b0254b86328393272826bad272dc3911b2c3ec6832d88e95a696d7e5da86c3f946c306df5a5d7e78b0cba5df4d78035e76fa33c452afc780ffe36246c58fdd0e150d22fce7df4dd954eae19a60009e5b99b8649b6d728a46bd9f90ddfbccb6951dfa7b106a6d0fda3b76b23ef475dcf2d1147ae15d4d34035e1929681fe802dfbc5bbbcd98e107c39cbe07cce6911a9202709853bcc4748fde8dc409b7939be5e4b6c97fb90dc6031
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0100000000010f5c98b8f5
+            Version: 3
+            TBS:
+                MD5: 832074a51bea8e4758c8dfeb2e96ad84
+                SHA1: 04ba895ed074635a01875a1f25da93e2e2cbbfba
+                SHA256: c5ba90a16c07cee0cb480ee21c9bedaf3ea4cbe004589b74fb9c2c0bedbc7c1b
+                SHA384: 94a7139c5e1fb29c73f8882dc40027a3929d0aab66c9be0138707c68ba43a1f329477f4bcec47cb0d0d48e918fecc91d
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
+                Primary Object Publishing CA
+            ValidFrom: '1999-01-28 12:00:00'
+            ValidTo: '2014-01-27 11:00:00'
+            Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9611cd6
+            Version: 3
+            TBS:
+                MD5: 698f075151097d84c0b1f3e7bc3d6fca
+                SHA1: 041750993d7c9e063f02dfe74699598640911aab
+                SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
+                SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2008-12-03 23:59:59'
+            Signature: 877870da4e5201205be079c98230c4fdb91996bd9100c3bdcdcdc6f40ed8fff94dc033623011c5f5741bd492de5f9c2013b17c45be50cd83e7801783a72793671346fbcab8984103cc9b515b058b7fa86ff31b501b242ef2698d6c22f7bbca1695ed0c74c06877d9eb996287c17390f889747a23aba3987b97b1f78f29714d2e751b4841daf0b50d2054d677a097826369fd09cf8af075bb099bd9f91155269a6132be7a02b07b86bea2c38b222c78d13576bc92735cf9b9e64c150a23cce4d2d4342e4940153c0f607a24c6a566ef96cf70eb3ee7f40d7edcd17ca3767169c19c4f47303521b1a2af1a623c2bd98eaa2a077bd818b35c7be29da56ffe3c89ad
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0de92bf0d4d82988183205095e9a7688
+            Version: 3
+            TBS:
+                MD5: 45c204b8a20f6abb0188d2d38a3fb0c9
+                SHA1: cdf3a3c5c2eda4c29621f30fd3154f9f8c765739
+                SHA256: e32839dddc0f4ed2474efaf37f59d46db400c700fd19533cb0895a111124bc77
+                SHA384: ee9c75832cb252218b3201619852209df490d2ef7a5f7a28afdb37f1c1dd56f4604898838e558f615b1c798d4a488223
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            ValidFrom: '2004-01-22 09:00:00'
+            ValidTo: '2014-01-27 10:00:00'
+            Signature: 11d45d8af43d0d9d7e4fa70071610b56b34caa70e1b2d1dec7886d1d897c2ba946e58b1f8e4cc26695911fe34d394ae31b70b7446edc068a4d6d25e89812dcbca0dd864eae8f81130540905a542529944acaf165b4ef0679dae7cb86f004c918dcee72b320015748dfe333e12ccd9c077f9447278d888d340ca67c5c20c17d07b3736b648c26d29bd7e87965a6a891a174862a050282c1847cf279cd3c2a2b0f99291eea8c8a1ab16aeaa266380e65e1add8c6c91f888d3976ee1782c4138d97ce6341e77af5b4b66c15c33813b3930b620688dde1447f10a950248b60dc05f75ba514b27b56720b96eabffc057090659e051ca4dd07af4b57dec639673bc574
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9612448
+            Version: 3
+            TBS:
+                MD5: 2fc76031fc24eec1ef3db2d246d21d6a
+                SHA1: 75c3a1f76b9dfa31ef6bf56325e7bd0bf6e4779d
+                SHA256: 9238292d441c56dc89684c253343c17de3ed9cecd7f83d1d8f793b5ebc91f7b9
+                SHA384: 9279c1377eb701fdd79ef85038ff151cd8902169ba55fca84b9850f003563f73a1daaf869544252a2e42f06f58d2275f
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 0100000000010f5c98b8f5
+            Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            Version: 1
+    Imphash: bd4f9a93da2bb4b5f6e90d4f9381661c
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: b1fd26613e70e4254f5aa6b399971f97
+        SHA1: c97772d482a4a30a18fc44e6253e5cb30b9e5bfb
+        SHA256: ad5418a4b5edf1c963da343b1bdba14fac9e8ee49489b2f35136c4aebc9540b8
+    Company: Elaborate Bytes AG
+    Copyright: Copyright (C) 2000 - 2006 Elaborate Bytes AG
+    CreationTimestamp: '2006-12-12 15:51:36'
+    Date: ''
+    Description: ElbyCD Windows x64 I/O driver
+    ExportedFunctions: ''
+    FileVersion: 6, 0, 0, 1
+    Filename: ''
+    ImportedFunctions:
+    - IofCompleteRequest
+    - RtlFreeUnicodeString
+    - ZwCreateFile
+    - RtlAnsiStringToUnicodeString
+    - RtlInitAnsiString
+    - ZwDeviceIoControlFile
+    - ZwClose
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    Imports:
+    - ntoskrnl.exe
+    InternalName: ElbyCDIO
+    MD5: ea2ff60fcce3b9ffe0bd77658b88512d
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ElbyCDIO.sys
+    PDBPath: ''
+    Product: CDRTools
+    ProductVersion: 6, 0, 0, 0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 91713e95c3474f56518b75dc246d7251
+        SHA1: 1817d561308b7d33c72568081aae4ed8255a054b
+        SHA256: 44e77970b62508f64c200e6241a403c1ef3b43b486f152223ea1c56553b29fe3
+    SHA1: 4c021c4a5592c07d4d415ab11b23a70ba419174b
+    SHA256: d80714d87529bb0bc7abcc12d768c43a697fbca59741c38fa0b46900da4db30e
+    Sections:
+        .text:
+            Entropy: 5.2989531841302835
+            Virtual Size: '0x3e2'
+        .rdata:
+            Entropy: 4.33093622028126
+            Virtual Size: '0x154'
+        .data:
+            Entropy: 0.5159719988134768
+            Virtual Size: '0x110'
+        .pdata:
+            Entropy: 3.0864053667599327
+            Virtual Size: '0x54'
+        INIT:
+            Entropy: 4.733893393417776
+            Virtual Size: '0x20e'
+        .rsrc:
+            Entropy: 3.3305259301896464
+            Virtual Size: '0x4d8'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=CH, O=Elaborate Bytes AG, CN=Elaborate Bytes AG, emailAddress=admin@elby.ch
+            ValidFrom: '2006-12-07 11:07:29'
+            ValidTo: '2008-12-07 11:07:29'
+            Signature: 312a78bb7289ca49f93bb483f0a56c77003b9bc3dda8096af5a455a642aeb201ceaadcacce82396eadef1bc05108e296eae1d8d074949170f28f78fa24bed56e7dca69067866d2d790c10929db5d6e7026906dc96a4c3e2b0254b86328393272826bad272dc3911b2c3ec6832d88e95a696d7e5da86c3f946c306df5a5d7e78b0cba5df4d78035e76fa33c452afc780ffe36246c58fdd0e150d22fce7df4dd954eae19a60009e5b99b8649b6d728a46bd9f90ddfbccb6951dfa7b106a6d0fda3b76b23ef475dcf2d1147ae15d4d34035e1929681fe802dfbc5bbbcd98e107c39cbe07cce6911a9202709853bcc4748fde8dc409b7939be5e4b6c97fb90dc6031
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0100000000010f5c98b8f5
+            Version: 3
+            TBS:
+                MD5: 832074a51bea8e4758c8dfeb2e96ad84
+                SHA1: 04ba895ed074635a01875a1f25da93e2e2cbbfba
+                SHA256: c5ba90a16c07cee0cb480ee21c9bedaf3ea4cbe004589b74fb9c2c0bedbc7c1b
+                SHA384: 94a7139c5e1fb29c73f8882dc40027a3929d0aab66c9be0138707c68ba43a1f329477f4bcec47cb0d0d48e918fecc91d
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
+                Primary Object Publishing CA
+            ValidFrom: '1999-01-28 12:00:00'
+            ValidTo: '2014-01-27 11:00:00'
+            Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9611cd6
+            Version: 3
+            TBS:
+                MD5: 698f075151097d84c0b1f3e7bc3d6fca
+                SHA1: 041750993d7c9e063f02dfe74699598640911aab
+                SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
+                SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2008-12-03 23:59:59'
+            Signature: 877870da4e5201205be079c98230c4fdb91996bd9100c3bdcdcdc6f40ed8fff94dc033623011c5f5741bd492de5f9c2013b17c45be50cd83e7801783a72793671346fbcab8984103cc9b515b058b7fa86ff31b501b242ef2698d6c22f7bbca1695ed0c74c06877d9eb996287c17390f889747a23aba3987b97b1f78f29714d2e751b4841daf0b50d2054d677a097826369fd09cf8af075bb099bd9f91155269a6132be7a02b07b86bea2c38b222c78d13576bc92735cf9b9e64c150a23cce4d2d4342e4940153c0f607a24c6a566ef96cf70eb3ee7f40d7edcd17ca3767169c19c4f47303521b1a2af1a623c2bd98eaa2a077bd818b35c7be29da56ffe3c89ad
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0de92bf0d4d82988183205095e9a7688
+            Version: 3
+            TBS:
+                MD5: 45c204b8a20f6abb0188d2d38a3fb0c9
+                SHA1: cdf3a3c5c2eda4c29621f30fd3154f9f8c765739
+                SHA256: e32839dddc0f4ed2474efaf37f59d46db400c700fd19533cb0895a111124bc77
+                SHA384: ee9c75832cb252218b3201619852209df490d2ef7a5f7a28afdb37f1c1dd56f4604898838e558f615b1c798d4a488223
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            ValidFrom: '2004-01-22 09:00:00'
+            ValidTo: '2014-01-27 10:00:00'
+            Signature: 11d45d8af43d0d9d7e4fa70071610b56b34caa70e1b2d1dec7886d1d897c2ba946e58b1f8e4cc26695911fe34d394ae31b70b7446edc068a4d6d25e89812dcbca0dd864eae8f81130540905a542529944acaf165b4ef0679dae7cb86f004c918dcee72b320015748dfe333e12ccd9c077f9447278d888d340ca67c5c20c17d07b3736b648c26d29bd7e87965a6a891a174862a050282c1847cf279cd3c2a2b0f99291eea8c8a1ab16aeaa266380e65e1add8c6c91f888d3976ee1782c4138d97ce6341e77af5b4b66c15c33813b3930b620688dde1447f10a950248b60dc05f75ba514b27b56720b96eabffc057090659e051ca4dd07af4b57dec639673bc574
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9612448
+            Version: 3
+            TBS:
+                MD5: 2fc76031fc24eec1ef3db2d246d21d6a
+                SHA1: 75c3a1f76b9dfa31ef6bf56325e7bd0bf6e4779d
+                SHA256: 9238292d441c56dc89684c253343c17de3ed9cecd7f83d1d8f793b5ebc91f7b9
+                SHA384: 9279c1377eb701fdd79ef85038ff151cd8902169ba55fca84b9850f003563f73a1daaf869544252a2e42f06f58d2275f
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 0100000000010f5c98b8f5
+            Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            Version: 1
+    Imphash: bd4f9a93da2bb4b5f6e90d4f9381661c
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 697316476aee4bef0d581e458007fedd
+        SHA1: 83481f6760efd3c9c85a603afb3c3e4b73733da8
+        SHA256: 32d6b047b0489421f7983da7d5d11f8deb2a56935d5ae0ae23cca1c0903ecad5
+    Company: Elaborate Bytes AG
+    Copyright: Copyright (C) 2000 - 2004 Elaborate Bytes AG
+    CreationTimestamp: '2004-07-21 15:45:25'
+    Date: ''
+    Description: ElbyCD Windows NT/2000/XP I/O driver
+    ExportedFunctions: ''
+    FileVersion: 4, 3, 1, 1
+    Filename: ''
+    ImportedFunctions:
+    - KeWaitForSingleObject
+    - ExFreePool
+    - RtlFreeUnicodeString
+    - IoDeleteSymbolicLink
+    - RtlAnsiStringToUnicodeString
+    - RtlInitAnsiString
+    - ExAllocatePool
+    - IoCreateUnprotectedSymbolicLink
+    - ZwCreateFile
+    - ZwCreateKey
+    - ZwOpenKey
+    - IoFreeMdl
+    - MmMapLockedPages
+    - MmBuildMdlForNonPagedPool
+    - IoAllocateMdl
+    - MmUnmapLockedPages
+    - KeReleaseMutex
+    - MmUnlockPages
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - IofCallDriver
+    - IoBuildDeviceIoControlRequest
+    - KeInitializeEvent
+    - ObfDereferenceObject
+    - ObReferenceObjectByHandle
+    - ZwDeleteKey
+    - ZwClose
+    - ZwDeviceIoControlFile
+    - IoCreateSymbolicLink
+    - KeInitializeMutex
+    - IoCreateDevice
+    - RtlUnwind
+    - MmProbeAndLockPages
+    - IofCompleteRequest
+    - KeQueryPerformanceCounter
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ElbyCDIO
+    MD5: e4788e5b3e5f0a0bbb318a9c426c2812
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ElbyCDIO.sys
+    PDBPath: ''
+    Product: CDRTools
+    ProductVersion: 4, 3, 1, 0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 7d357a968c06de113fc7cd4ee41a5c30
+        SHA1: 3f129b8486a9be0877c6316ac38e0c083e38f22e
+        SHA256: 7ddb39875104d8c7226a102d142642322f7082c0dd7f8c6af57bdccdf9509898
+    SHA1: 86b1186a4e282341daf2088204ab9ff2d0402d28
+    SHA256: 1228d0b6b4f907384346f64e918cc28021fe1cd7d4e39687bca34a708998261a
+    Sections:
+        .text:
+            Entropy: 6.144876250769586
+            Virtual Size: '0x15fc'
+        .rdata:
+            Entropy: 4.426299810162793
+            Virtual Size: '0x12d'
+        .data:
+            Entropy: -0.0
+            Virtual Size: '0x4'
+        INIT:
+            Entropy: 5.197390663550614
+            Virtual Size: '0x3b6'
+        .rsrc:
+            Entropy: 3.368524445255426
+            Virtual Size: '0x510'
+        .reloc:
+            Entropy: 5.268142184882856
+            Virtual Size: '0x1d2'
+    Signature: ''
+    Signatures: {}
+    Imphash: 32247962aa01af8ad5dca696260a05ab
+    LoadsDespiteHVCI: 'TRUE'
+-   Authentihash:
+        MD5: 41a6b67cc46b4cfab21bdd50f4f04cbc
+        SHA1: 442d1f5509d9653ea1f11acf77ac42e41ba61eee
+        SHA256: c4fc8f04721363f4b570accf700f507fb0b0381a81d3a8ffb768ded65978ac50
+    Company: Elaborate Bytes AG
+    Copyright: Copyright (C) 2000 - 2005 Elaborate Bytes AG
+    CreationTimestamp: '2005-04-11 10:42:04'
+    Date: ''
+    Description: ElbyCD Windows NT/2000/XP I/O driver
+    ExportedFunctions: ''
+    FileVersion: 5, 0, 0, 0
+    Filename: ''
+    ImportedFunctions:
+    - IofCompleteRequest
+    - RtlFreeUnicodeString
+    - ZwCreateFile
+    - RtlAnsiStringToUnicodeString
+    - RtlInitAnsiString
+    - ZwCreateKey
+    - ZwOpenKey
+    - ZwDeviceIoControlFile
+    - ZwClose
+    - ZwDeleteKey
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeTickCount
+    Imports:
+    - ntoskrnl.exe
+    InternalName: ElbyCDIO
+    MD5: 4f5ca81806098204c4dea0927a8fec66
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ElbyCDIO.sys
+    PDBPath: ''
+    Product: CDRTools
+    ProductVersion: 5, 0, 0, 0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: b6f6983c7ae00c0d9dd893e713fb9f95
+        SHA1: fe2b5cd3b737dd7daf9a60d0354ff3cb7149d901
+        SHA256: ab7bec943462e37ccf88aa774dd3d11566628ffc78a20a93dcf5737c5671c6c8
+    SHA1: 69849d68d1857c83b09e1956a46fe879260d2aab
+    SHA256: 0dc4ff96d7e7db696e0391c5a1dda92a0b0aedbf1b0535bf5d62ebeec5b2311c
+    Sections:
+        .text:
+            Entropy: 5.792215261445064
+            Virtual Size: '0x41b'
+        .rdata:
+            Entropy: 4.683298608269187
+            Virtual Size: '0xcb'
+        .data:
+            Entropy: 2.0
+            Virtual Size: '0x4'
+        INIT:
+            Entropy: 5.046012536174207
+            Virtual Size: '0x1e8'
+        .rsrc:
+            Entropy: 3.3285394751228035
+            Virtual Size: '0x4c8'
+        .reloc:
+            Entropy: 3.671842315050062
+            Virtual Size: '0x82'
+    Signature: ''
+    Signatures: {}
+    Imphash: f233a65b937c69b447824889fb7425ff
+    LoadsDespiteHVCI: 'TRUE'
+-   Authentihash:
+        MD5: b1fd26613e70e4254f5aa6b399971f97
+        SHA1: c97772d482a4a30a18fc44e6253e5cb30b9e5bfb
+        SHA256: ad5418a4b5edf1c963da343b1bdba14fac9e8ee49489b2f35136c4aebc9540b8
+    Company: Elaborate Bytes AG
+    Copyright: Copyright (C) 2000 - 2006 Elaborate Bytes AG
+    CreationTimestamp: '2006-12-12 15:51:36'
+    Date: ''
+    Description: ElbyCD Windows x64 I/O driver
+    ExportedFunctions: ''
+    FileVersion: 6, 0, 0, 1
+    Filename: ''
+    ImportedFunctions:
+    - IofCompleteRequest
+    - RtlFreeUnicodeString
+    - ZwCreateFile
+    - RtlAnsiStringToUnicodeString
+    - RtlInitAnsiString
+    - ZwDeviceIoControlFile
+    - ZwClose
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    Imports:
+    - ntoskrnl.exe
+    InternalName: ElbyCDIO
+    MD5: 5c5e3c7ca39d9472099ea81c329b7d75
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ElbyCDIO.sys
+    PDBPath: ''
+    Product: CDRTools
+    ProductVersion: 6, 0, 0, 0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 91713e95c3474f56518b75dc246d7251
+        SHA1: 1817d561308b7d33c72568081aae4ed8255a054b
+        SHA256: 44e77970b62508f64c200e6241a403c1ef3b43b486f152223ea1c56553b29fe3
+    SHA1: 008a292f71f49be1fb538f876de6556ce7b5603a
+    SHA256: 7048d90ed4c83ad52eb9c677f615627b32815066e34230c3b407ebb01279bae6
+    Sections:
+        .text:
+            Entropy: 5.2989531841302835
+            Virtual Size: '0x3e2'
+        .rdata:
+            Entropy: 4.33093622028126
+            Virtual Size: '0x154'
+        .data:
+            Entropy: 0.5159719988134768
+            Virtual Size: '0x110'
+        .pdata:
+            Entropy: 3.0864053667599327
+            Virtual Size: '0x54'
+        INIT:
+            Entropy: 4.733893393417776
+            Virtual Size: '0x20e'
+        .rsrc:
+            Entropy: 3.3305259301896464
+            Virtual Size: '0x4d8'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=CH, O=Elaborate Bytes AG, CN=Elaborate Bytes AG, emailAddress=admin@elby.ch
+            ValidFrom: '2006-12-07 11:07:29'
+            ValidTo: '2008-12-07 11:07:29'
+            Signature: 312a78bb7289ca49f93bb483f0a56c77003b9bc3dda8096af5a455a642aeb201ceaadcacce82396eadef1bc05108e296eae1d8d074949170f28f78fa24bed56e7dca69067866d2d790c10929db5d6e7026906dc96a4c3e2b0254b86328393272826bad272dc3911b2c3ec6832d88e95a696d7e5da86c3f946c306df5a5d7e78b0cba5df4d78035e76fa33c452afc780ffe36246c58fdd0e150d22fce7df4dd954eae19a60009e5b99b8649b6d728a46bd9f90ddfbccb6951dfa7b106a6d0fda3b76b23ef475dcf2d1147ae15d4d34035e1929681fe802dfbc5bbbcd98e107c39cbe07cce6911a9202709853bcc4748fde8dc409b7939be5e4b6c97fb90dc6031
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0100000000010f5c98b8f5
+            Version: 3
+            TBS:
+                MD5: 832074a51bea8e4758c8dfeb2e96ad84
+                SHA1: 04ba895ed074635a01875a1f25da93e2e2cbbfba
+                SHA256: c5ba90a16c07cee0cb480ee21c9bedaf3ea4cbe004589b74fb9c2c0bedbc7c1b
+                SHA384: 94a7139c5e1fb29c73f8882dc40027a3929d0aab66c9be0138707c68ba43a1f329477f4bcec47cb0d0d48e918fecc91d
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
+                Primary Object Publishing CA
+            ValidFrom: '1999-01-28 12:00:00'
+            ValidTo: '2014-01-27 11:00:00'
+            Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9611cd6
+            Version: 3
+            TBS:
+                MD5: 698f075151097d84c0b1f3e7bc3d6fca
+                SHA1: 041750993d7c9e063f02dfe74699598640911aab
+                SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
+                SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2008-12-03 23:59:59'
+            Signature: 877870da4e5201205be079c98230c4fdb91996bd9100c3bdcdcdc6f40ed8fff94dc033623011c5f5741bd492de5f9c2013b17c45be50cd83e7801783a72793671346fbcab8984103cc9b515b058b7fa86ff31b501b242ef2698d6c22f7bbca1695ed0c74c06877d9eb996287c17390f889747a23aba3987b97b1f78f29714d2e751b4841daf0b50d2054d677a097826369fd09cf8af075bb099bd9f91155269a6132be7a02b07b86bea2c38b222c78d13576bc92735cf9b9e64c150a23cce4d2d4342e4940153c0f607a24c6a566ef96cf70eb3ee7f40d7edcd17ca3767169c19c4f47303521b1a2af1a623c2bd98eaa2a077bd818b35c7be29da56ffe3c89ad
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0de92bf0d4d82988183205095e9a7688
+            Version: 3
+            TBS:
+                MD5: 45c204b8a20f6abb0188d2d38a3fb0c9
+                SHA1: cdf3a3c5c2eda4c29621f30fd3154f9f8c765739
+                SHA256: e32839dddc0f4ed2474efaf37f59d46db400c700fd19533cb0895a111124bc77
+                SHA384: ee9c75832cb252218b3201619852209df490d2ef7a5f7a28afdb37f1c1dd56f4604898838e558f615b1c798d4a488223
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            ValidFrom: '2004-01-22 09:00:00'
+            ValidTo: '2014-01-27 10:00:00'
+            Signature: 11d45d8af43d0d9d7e4fa70071610b56b34caa70e1b2d1dec7886d1d897c2ba946e58b1f8e4cc26695911fe34d394ae31b70b7446edc068a4d6d25e89812dcbca0dd864eae8f81130540905a542529944acaf165b4ef0679dae7cb86f004c918dcee72b320015748dfe333e12ccd9c077f9447278d888d340ca67c5c20c17d07b3736b648c26d29bd7e87965a6a891a174862a050282c1847cf279cd3c2a2b0f99291eea8c8a1ab16aeaa266380e65e1add8c6c91f888d3976ee1782c4138d97ce6341e77af5b4b66c15c33813b3930b620688dde1447f10a950248b60dc05f75ba514b27b56720b96eabffc057090659e051ca4dd07af4b57dec639673bc574
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9612448
+            Version: 3
+            TBS:
+                MD5: 2fc76031fc24eec1ef3db2d246d21d6a
+                SHA1: 75c3a1f76b9dfa31ef6bf56325e7bd0bf6e4779d
+                SHA256: 9238292d441c56dc89684c253343c17de3ed9cecd7f83d1d8f793b5ebc91f7b9
+                SHA384: 9279c1377eb701fdd79ef85038ff151cd8902169ba55fca84b9850f003563f73a1daaf869544252a2e42f06f58d2275f
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 0100000000010f5c98b8f5
+            Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            Version: 1
+    Imphash: bd4f9a93da2bb4b5f6e90d4f9381661c
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 56f8e517fb77f6ac31085b190051e447
+        SHA1: 2817006c320dcad5d27737f8ffa76b3652dd8a1a
+        SHA256: 633ae4822602acd252ff23e73ef4cc98130f3e3988ac459f7fda5102fcef5fce
+    Company: Elaborate Bytes AG
+    Copyright: Copyright (C) 2000 - 2009 Elaborate Bytes AG
+    CreationTimestamp: '2009-01-29 15:58:02'
+    Date: ''
+    Description: ElbyCD Windows x64 I/O driver
+    ExportedFunctions: ''
+    FileVersion: 6, 0, 2, 0
+    Filename: ''
+    ImportedFunctions:
+    - KeAcquireSpinLockRaiseToDpc
+    - KeReleaseSpinLock
+    - ZwReadFile
+    - ZwWriteFile
+    - ZwCreateFile
+    - RtlInitUnicodeString
+    - swprintf
+    - ZwQueryVolumeInformationFile
+    - ZwOpenFile
+    - ZwClose
+    - ZwQuerySymbolicLinkObject
+    - ZwOpenSymbolicLinkObject
+    - PsTerminateSystemThread
+    - KeWaitForSingleObject
+    - ZwSetInformationThread
+    - KeSetEvent
+    - ObfDereferenceObject
+    - ObReferenceObjectByHandle
+    - PsCreateSystemThread
+    - KeReleaseMutex
+    - PsGetCurrentProcessId
+    - IofCompleteRequest
+    - KeInitializeMutex
+    - ExAllocatePool
+    - ExFreePool
+    - RtlFreeUnicodeString
+    - RtlAnsiStringToUnicodeString
+    - RtlInitAnsiString
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - IofCallDriver
+    - IoBuildDeviceIoControlRequest
+    - __C_specific_handler
+    - ProbeForRead
+    - ProbeForWrite
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeBugCheckEx
+    - KeInitializeEvent
+    - KeQueryPerformanceCounter
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ElbyCDIO
+    MD5: 7db75077d53a63531ef2742d98ca6acc
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ElbyCDIO.sys
+    PDBPath: ''
+    Product: CDRTools
+    ProductVersion: 6, 0, 0, 0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 19c3041e63a42fad9800c3d4098a28a7
+        SHA1: 083ef31132cacb2ead9d826d90646517ca732570
+        SHA256: 3829fddcb11b40682e3936be4c0f376d99a9caf02692368aef98332f68ce80e8
+    SHA1: 517504aaf8afc9748d6aec657d46a6f7bbc60c09
+    SHA256: f42eb29f5b2bcb2a70d796fd71fd1b259d5380b216ee672cf46dcdd4604b87ad
+    Sections:
+        .text:
+            Entropy: 6.212128997400468
+            Virtual Size: '0x3922'
+        .rdata:
+            Entropy: 6.257713359438222
+            Virtual Size: '0xb04'
+        .data:
+            Entropy: 0.5159719988134768
+            Virtual Size: '0x110'
+        .pdata:
+            Entropy: 4.166721937534716
+            Virtual Size: '0x2d0'
+        INIT:
+            Entropy: 5.009554548726637
+            Virtual Size: '0x562'
+        .rsrc:
+            Entropy: 3.3117651862816273
+            Virtual Size: '0x4a8'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
+                Primary Object Publishing CA
+            ValidFrom: '1999-01-28 12:00:00'
+            ValidTo: '2014-01-27 11:00:00'
+            Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9611cd6
+            Version: 3
+            TBS:
+                MD5: 698f075151097d84c0b1f3e7bc3d6fca
+                SHA1: 041750993d7c9e063f02dfe74699598640911aab
+                SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
+                SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
+        -   Subject: C=CH, O=Elaborate Bytes AG, CN=Elaborate Bytes AG, emailAddress=admin@elby.ch
+            ValidFrom: '2008-12-23 13:26:11'
+            ValidTo: '2011-12-23 13:26:11'
+            Signature: 5a634dbf49c9d1dbe5ed4b484689b4f95ee13686141c393683a1decdc986cf94613342607a120df492112daaa92fd772bbbcb1c0f14cec7c0c20304c92d62508859c387138f2d145dbcc54c561f1b9dd73d3686ae3859ea986e4f539db7495a64b551b60d6f976ae6075ca3f6dbe1187b875ee267784b5baefaa850078595fb8b1c8944c9c3da355a802ebc52eacb9bdffdd57b0aae5f49c02c5ae6505b7ca1afb2b29e39374eab8bf1e643c3e1c8240dc113ceb078c70a401e92d0610538eaed48e291cad84635d6100930c8e7b9801323490e4f3e58d9f9fea04843f06633f8b8a8774d2b679be008d1d92bb31815f8f01c5e08144ed9574a605b245de2ba7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0100000000011e643e96d0
+            Version: 3
+            TBS:
+                MD5: f39798a2df6dda6c76b4697e743c8b80
+                SHA1: d97d9f0d2cad2881eda58fa0467cff6396be6408
+                SHA256: 5086b06e5d91585b5a110b3ec4048ce6a43a58e4fc7eb8aa99c391af5b2f8d9f
+                SHA384: 99096e0926f74d7dd4bc744bea78d7310e623f6c782a3f38d4db933e9cdf2bc8e1b813e5f6a0aacd8e59606f075e4afd
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            ValidFrom: '2004-01-22 09:00:00'
+            ValidTo: '2014-01-27 10:00:00'
+            Signature: 11d45d8af43d0d9d7e4fa70071610b56b34caa70e1b2d1dec7886d1d897c2ba946e58b1f8e4cc26695911fe34d394ae31b70b7446edc068a4d6d25e89812dcbca0dd864eae8f81130540905a542529944acaf165b4ef0679dae7cb86f004c918dcee72b320015748dfe333e12ccd9c077f9447278d888d340ca67c5c20c17d07b3736b648c26d29bd7e87965a6a891a174862a050282c1847cf279cd3c2a2b0f99291eea8c8a1ab16aeaa266380e65e1add8c6c91f888d3976ee1782c4138d97ce6341e77af5b4b66c15c33813b3930b620688dde1447f10a950248b60dc05f75ba514b27b56720b96eabffc057090659e051ca4dd07af4b57dec639673bc574
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9612448
+            Version: 3
+            TBS:
+                MD5: 2fc76031fc24eec1ef3db2d246d21d6a
+                SHA1: 75c3a1f76b9dfa31ef6bf56325e7bd0bf6e4779d
+                SHA256: 9238292d441c56dc89684c253343c17de3ed9cecd7f83d1d8f793b5ebc91f7b9
+                SHA384: 9279c1377eb701fdd79ef85038ff151cd8902169ba55fca84b9850f003563f73a1daaf869544252a2e42f06f58d2275f
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 0100000000011e643e96d0
+            Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            Version: 1
+    Imphash: 037b9d19995faadf69a2ce134473e346
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 412ef4ebc757553588f2cab078fce8b2
+        SHA1: 66e230a181956aaddb22599e94a3ff5690f3686b
+        SHA256: a70e41db9103b4b842af8962a531adeefcaba559b12a5c0063e4084e0cee75be
+    Company: Elaborate Bytes
+    Copyright: Copyright (C) Elaborate Bytes 2000
+    CreationTimestamp: '2000-11-30 16:02:08'
+    Date: ''
+    Description: ElbyCD Windows NT/2000 I/O driver
+    ExportedFunctions: ''
+    FileVersion: 1, 0, 1, 0
+    Filename: ''
+    ImportedFunctions:
+    - RtlInitAnsiString
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - RtlInitUnicodeString
+    - IofCompleteRequest
+    - RtlFreeUnicodeString
+    - IoDeleteSymbolicLink
+    - RtlAnsiStringToUnicodeString
+    - IoDeleteDevice
+    - IoCreateUnprotectedSymbolicLink
+    - ZwCreateFile
+    - ZwCreateKey
+    - ZwOpenKey
+    - ZwDeviceIoControlFile
+    - ZwClose
+    Imports:
+    - ntoskrnl.exe
+    InternalName: ElbyCDIO
+    MD5: 520c18f50d3cb2ce162767c4c1998b86
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ElbyCDIO.sys
+    PDBPath: ''
+    Product: CDRTools
+    ProductVersion: 3, 0, 0, 1
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 4572daeecc881e542f45787723a4437f
+        SHA1: ab98fa2e494f5c14d63e10a40afe41dc972b1ce6
+        SHA256: eb9978531ba9788ada8169d387a0a5d6a44ec56025546013ebcab36d477aab65
+    SHA1: eb2496304073727564b513efd6387a77ce395443
+    SHA256: 98ec7cc994d26699f5d26103a0aeb361128cff3c2c4d624fc99126540e23e97e
+    Sections:
+        .text:
+            Entropy: 5.752189074044081
+            Virtual Size: '0x57e'
+        INIT:
+            Entropy: 4.716354335922163
+            Virtual Size: '0x1b2'
+        .rsrc:
+            Entropy: 3.325319101382068
+            Virtual Size: '0x4d8'
+        .reloc:
+            Entropy: 4.010989732097636
+            Virtual Size: '0x78'
+    Signature: ''
+    Signatures: {}
+    Imphash: cb876abd8c6ca8a47d50aec4a520a020
+    LoadsDespiteHVCI: 'TRUE'
+-   Authentihash:
+        MD5: 38585151f074ca827f399c34778b18c9
+        SHA1: 48d8d3e47c7963bda3400e91f436959492cd2ad9
+        SHA256: 72876e44135f9b49932b547129e32acf9ce3df98a3f9c5c31355160f6d06ca3c
+    Company: Elaborate Bytes AG
+    Copyright: Copyright (C) 2000 - 2005 Elaborate Bytes AG
+    CreationTimestamp: '2005-04-21 05:40:36'
+    Date: ''
+    Description: ElbyCD Windows NT/2000/XP I/O driver
+    ExportedFunctions: ''
+    FileVersion: 5, 1, 0, 1
+    Filename: ''
+    ImportedFunctions:
+    - KeWaitForSingleObject
+    - ExFreePool
+    - RtlFreeUnicodeString
+    - IoDeleteSymbolicLink
+    - RtlAnsiStringToUnicodeString
+    - RtlInitAnsiString
+    - ExAllocatePool
+    - IoCreateUnprotectedSymbolicLink
+    - ZwCreateFile
+    - ZwCreateKey
+    - ZwOpenKey
+    - IoFreeMdl
+    - MmMapLockedPages
+    - MmBuildMdlForNonPagedPool
+    - IoAllocateMdl
+    - MmUnmapLockedPages
+    - MmProbeAndLockPages
+    - KeReleaseMutex
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - IofCallDriver
+    - IoBuildDeviceIoControlRequest
+    - KeInitializeEvent
+    - ObfDereferenceObject
+    - ObReferenceObjectByHandle
+    - ZwDeleteKey
+    - ZwClose
+    - ZwDeviceIoControlFile
+    - IoCreateSymbolicLink
+    - KeInitializeMutex
+    - IoCreateDevice
+    - RtlUnwind
+    - KeTickCount
+    - MmUnlockPages
+    - IofCompleteRequest
+    - KeQueryPerformanceCounter
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ElbyCDIO
+    MD5: 084a13f18856d610d44d3109a9d2acde
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ElbyCDIO.sys
+    PDBPath: ''
+    Product: CDRTools
+    ProductVersion: 5, 1, 0, 1
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 6f0797841833cc65f106ddb0968c4775
+        SHA1: ef95bab6dd0adab37fbb37450f15f0c998aa3007
+        SHA256: 0892bdefb762302cd3df4ea7e172cdf8523fa61e32ee5db38e23baea875f86e0
+    SHA1: 309a799f1a00868ab05cdbb851b3297db34d9b0d
+    SHA256: 83a1fabf782d5f041132d7c7281525f6610207b38f33ff3c5e44eb9444dd0cbc
+    Sections:
+        .text:
+            Entropy: 6.046605840515147
+            Virtual Size: '0x1704'
+        .rdata:
+            Entropy: 4.071934216777132
+            Virtual Size: '0x198'
+        .data:
+            Entropy: 1.9182958340544898
+            Virtual Size: '0x18'
+        INIT:
+            Entropy: 5.3629021368656105
+            Virtual Size: '0x400'
+        .rsrc:
+            Entropy: 3.367217874848274
+            Virtual Size: '0x500'
+        .reloc:
+            Entropy: 5.3044962687499275
+            Virtual Size: '0x1ee'
+    Signature: ''
+    Signatures: {}
+    Imphash: ca6e77f472ebd5b2ade876e7c773bb57
+    LoadsDespiteHVCI: 'TRUE'
+-   Authentihash:
+        MD5: 18fb56fabbd62de931ed334197e5989c
+        SHA1: 83e3725839448a2324dc280ebb5aeb21cf1a41e8
+        SHA256: 3bf4f8cb26ba38e54636864c744aac0839e7a1d6cb7b6cf13995e8ab19b9f7f8
+    Company: Elaborate Bytes AG
+    Copyright: Copyright (C) 2000 - 2003 Elaborate Bytes AG
+    CreationTimestamp: '2003-09-15 10:57:35'
+    Date: ''
+    Description: ElbyCD Windows NT/2000/XP I/O driver
+    ExportedFunctions: ''
+    FileVersion: 4, 3, 0, 3
+    Filename: ''
+    ImportedFunctions:
+    - KeWaitForSingleObject
+    - ExFreePool
+    - RtlFreeUnicodeString
+    - IoDeleteSymbolicLink
+    - RtlAnsiStringToUnicodeString
+    - RtlInitAnsiString
+    - ExAllocatePool
+    - IoCreateUnprotectedSymbolicLink
+    - ZwCreateFile
+    - ZwCreateKey
+    - ZwOpenKey
+    - IoFreeMdl
+    - MmMapLockedPages
+    - MmBuildMdlForNonPagedPool
+    - IoAllocateMdl
+    - MmUnmapLockedPages
+    - KeReleaseMutex
+    - MmUnlockPages
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - IofCallDriver
+    - IoBuildDeviceIoControlRequest
+    - KeInitializeEvent
+    - ObfDereferenceObject
+    - ObReferenceObjectByHandle
+    - ZwDeleteKey
+    - ZwClose
+    - ZwDeviceIoControlFile
+    - IoCreateSymbolicLink
+    - KeInitializeMutex
+    - IoCreateDevice
+    - RtlUnwind
+    - MmProbeAndLockPages
+    - IofCompleteRequest
+    - KeQueryPerformanceCounter
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ElbyCDIO
+    MD5: 37c3a9fef349d13685ec9c2acaaeafce
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ElbyCDIO.sys
+    PDBPath: ''
+    Product: CDRTools
+    ProductVersion: 4, 3, 0, 0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 7d357a968c06de113fc7cd4ee41a5c30
+        SHA1: 3f129b8486a9be0877c6316ac38e0c083e38f22e
+        SHA256: 7ddb39875104d8c7226a102d142642322f7082c0dd7f8c6af57bdccdf9509898
+    SHA1: 5b83c61178afb87ef7d58fd786808effcaaae861
+    SHA256: 51480eebbbfb684149842c3e19a8ffbd3f71183c017e0c4bc6cf06aacf9c0292
+    Sections:
+        .text:
+            Entropy: 6.141181767034272
+            Virtual Size: '0x15cc'
+        .rdata:
+            Entropy: 4.409291785316403
+            Virtual Size: '0x12d'
+        .data:
+            Entropy: -0.0
+            Virtual Size: '0x4'
+        INIT:
+            Entropy: 5.197390663550614
+            Virtual Size: '0x3b6'
+        .rsrc:
+            Entropy: 3.3444284436528027
+            Virtual Size: '0x4e0'
+        .reloc:
+            Entropy: 5.266299268761837
+            Virtual Size: '0x1d2'
+    Signature: ''
+    Signatures: {}
+    Imphash: 32247962aa01af8ad5dca696260a05ab
+    LoadsDespiteHVCI: 'TRUE'
+-   Authentihash:
+        MD5: 6322f5016d86ff1f4d4e5473881d1feb
+        SHA1: 8cefaf430f293e4700861112a94f360ef6b57907
+        SHA256: c155197986db77be55716c49262ac009aefce647dae68268a2b9c7a7fd97c7a0
+    Company: Elaborate Bytes AG
+    Copyright: Copyright (C) 2000 - 2007 Elaborate Bytes AG
+    CreationTimestamp: '2007-08-03 17:44:47'
+    Date: ''
+    Description: ElbyCD Windows x64 I/O driver
+    ExportedFunctions: ''
+    FileVersion: 6, 0, 0, 9
+    Filename: ''
+    ImportedFunctions:
+    - KeAcquireSpinLockRaiseToDpc
+    - KeReleaseSpinLock
+    - ZwReadFile
+    - ZwWriteFile
+    - ZwClose
+    - ZwSetInformationFile
+    - ZwQueryInformationFile
+    - ZwOpenFile
+    - RtlInitUnicodeString
+    - ZwCreateFile
+    - ZwCreateKey
+    - swprintf
+    - ZwQueryVolumeInformationFile
+    - ZwQuerySymbolicLinkObject
+    - ZwOpenSymbolicLinkObject
+    - ZwQueryValueKey
+    - ZwOpenKey
+    - ZwSetValueKey
+    - ZwSetInformationThread
+    - PsTerminateSystemThread
+    - KeWaitForSingleObject
+    - KeSetEvent
+    - ObfDereferenceObject
+    - ObReferenceObjectByHandle
+    - PsCreateSystemThread
+    - KeReleaseMutex
+    - PsGetCurrentProcessId
+    - IofCompleteRequest
+    - ExAllocatePool
+    - ExFreePool
+    - RtlFreeUnicodeString
+    - RtlAnsiStringToUnicodeString
+    - RtlInitAnsiString
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - IofCallDriver
+    - IoBuildDeviceIoControlRequest
+    - __C_specific_handler
+    - IoFreeMdl
+    - MmUnlockPages
+    - MmMapLockedPages
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - ZwDeleteKey
+    - ZwDeviceIoControlFile
+    - IoCreateSymbolicLink
+    - KeInitializeMutex
+    - IoCreateDevice
+    - KeBugCheckEx
+    - KeInitializeEvent
+    - KeQueryPerformanceCounter
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ElbyCDIO
+    MD5: 239224202ccdea1f09813a70be8413ee
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ElbyCDIO.sys
+    PDBPath: ''
+    Product: CDRTools
+    ProductVersion: 6, 0, 0, 0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 8950d52e0c8fa95c85dc60914efa8fad
+        SHA1: 4eae47391f4247edb70e318d50bf205e77411897
+        SHA256: a08f9802da8b030d083d66f587f90807ae23ce8757b1f08932e2570f7287bcac
+    SHA1: 3048f3422b2b31b74eace0dab3f5c4440bdc7bb2
+    SHA256: 9ca586b49135166eea00c6f83329a2d134152e0e9423822a51c13394265b6340
+    Sections:
+        .text:
+            Entropy: 6.188968125347442
+            Virtual Size: '0x3e02'
+        .rdata:
+            Entropy: 6.1754487168128005
+            Virtual Size: '0xb90'
+        .data:
+            Entropy: 0.5159719988134768
+            Virtual Size: '0x110'
+        .pdata:
+            Entropy: 4.1596812588931975
+            Virtual Size: '0x2f4'
+        INIT:
+            Entropy: 5.027185950670429
+            Virtual Size: '0x684'
+        .rsrc:
+            Entropy: 3.3124822609227964
+            Virtual Size: '0x4a8'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=CH, O=Elaborate Bytes AG, CN=Elaborate Bytes AG, emailAddress=admin@elby.ch
+            ValidFrom: '2006-12-07 11:07:29'
+            ValidTo: '2008-12-07 11:07:29'
+            Signature: 312a78bb7289ca49f93bb483f0a56c77003b9bc3dda8096af5a455a642aeb201ceaadcacce82396eadef1bc05108e296eae1d8d074949170f28f78fa24bed56e7dca69067866d2d790c10929db5d6e7026906dc96a4c3e2b0254b86328393272826bad272dc3911b2c3ec6832d88e95a696d7e5da86c3f946c306df5a5d7e78b0cba5df4d78035e76fa33c452afc780ffe36246c58fdd0e150d22fce7df4dd954eae19a60009e5b99b8649b6d728a46bd9f90ddfbccb6951dfa7b106a6d0fda3b76b23ef475dcf2d1147ae15d4d34035e1929681fe802dfbc5bbbcd98e107c39cbe07cce6911a9202709853bcc4748fde8dc409b7939be5e4b6c97fb90dc6031
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0100000000010f5c98b8f5
+            Version: 3
+            TBS:
+                MD5: 832074a51bea8e4758c8dfeb2e96ad84
+                SHA1: 04ba895ed074635a01875a1f25da93e2e2cbbfba
+                SHA256: c5ba90a16c07cee0cb480ee21c9bedaf3ea4cbe004589b74fb9c2c0bedbc7c1b
+                SHA384: 94a7139c5e1fb29c73f8882dc40027a3929d0aab66c9be0138707c68ba43a1f329477f4bcec47cb0d0d48e918fecc91d
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
+                Primary Object Publishing CA
+            ValidFrom: '1999-01-28 12:00:00'
+            ValidTo: '2014-01-27 11:00:00'
+            Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9611cd6
+            Version: 3
+            TBS:
+                MD5: 698f075151097d84c0b1f3e7bc3d6fca
+                SHA1: 041750993d7c9e063f02dfe74699598640911aab
+                SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
+                SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            ValidFrom: '2004-01-22 09:00:00'
+            ValidTo: '2014-01-27 10:00:00'
+            Signature: 11d45d8af43d0d9d7e4fa70071610b56b34caa70e1b2d1dec7886d1d897c2ba946e58b1f8e4cc26695911fe34d394ae31b70b7446edc068a4d6d25e89812dcbca0dd864eae8f81130540905a542529944acaf165b4ef0679dae7cb86f004c918dcee72b320015748dfe333e12ccd9c077f9447278d888d340ca67c5c20c17d07b3736b648c26d29bd7e87965a6a891a174862a050282c1847cf279cd3c2a2b0f99291eea8c8a1ab16aeaa266380e65e1add8c6c91f888d3976ee1782c4138d97ce6341e77af5b4b66c15c33813b3930b620688dde1447f10a950248b60dc05f75ba514b27b56720b96eabffc057090659e051ca4dd07af4b57dec639673bc574
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9612448
+            Version: 3
+            TBS:
+                MD5: 2fc76031fc24eec1ef3db2d246d21d6a
+                SHA1: 75c3a1f76b9dfa31ef6bf56325e7bd0bf6e4779d
+                SHA256: 9238292d441c56dc89684c253343c17de3ed9cecd7f83d1d8f793b5ebc91f7b9
+                SHA384: 9279c1377eb701fdd79ef85038ff151cd8902169ba55fca84b9850f003563f73a1daaf869544252a2e42f06f58d2275f
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 0100000000010f5c98b8f5
+            Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            Version: 1
+    Imphash: 7e798c3abcbd0f1cfa8b2b9688e01936
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: da95f12b1f0747d1890aa9224b3753cd
+        SHA1: 63ab2ebc7c24394a2273150f8cf416aa9a043ce9
+        SHA256: 992eb531739029456311043f99fa48ac896a59e70edc48093facaf3479e0c3f0
+    Company: Elaborate Bytes AG
+    Copyright: Copyright (C) 2000 - 2008 Elaborate Bytes AG
+    CreationTimestamp: '2008-12-30 10:07:45'
+    Date: ''
+    Description: ElbyCD Windows NT/2000/XP I/O driver
+    ExportedFunctions: ''
+    FileVersion: 6, 0, 1, 3
+    Filename: ''
+    ImportedFunctions:
+    - ProbeForWrite
+    - _except_handler3
+    - ZwReadFile
+    - ZwWriteFile
+    - ZwCreateFile
+    - RtlInitUnicodeString
+    - swprintf
+    - ZwQueryVolumeInformationFile
+    - ZwOpenFile
+    - ZwClose
+    - ZwQuerySymbolicLinkObject
+    - ZwOpenSymbolicLinkObject
+    - PsTerminateSystemThread
+    - KeWaitForSingleObject
+    - ZwSetInformationThread
+    - KeSetEvent
+    - ObfDereferenceObject
+    - ObReferenceObjectByHandle
+    - PsCreateSystemThread
+    - KeInitializeEvent
+    - KeReleaseMutex
+    - PsGetCurrentProcessId
+    - ProbeForRead
+    - KeInitializeMutex
+    - ExAllocatePool
+    - RtlFreeUnicodeString
+    - RtlAnsiStringToUnicodeString
+    - RtlInitAnsiString
+    - ZwCreateKey
+    - ZwOpenKey
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - IofCallDriver
+    - IoBuildDeviceIoControlRequest
+    - IoFreeMdl
+    - MmUnlockPages
+    - MmMapLockedPages
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - ZwDeleteKey
+    - ZwDeviceIoControlFile
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeTickCount
+    - KeBugCheckEx
+    - KeInitializeSpinLock
+    - ExFreePool
+    - IofCompleteRequest
+    - KfReleaseSpinLock
+    - KfAcquireSpinLock
+    - KeQueryPerformanceCounter
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ElbyCDIO
+    MD5: 384370c812acb7181f972d57dc77c324
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ElbyCDIO.sys
+    PDBPath: ''
+    Product: CDRTools
+    ProductVersion: 6, 0, 0, 0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 2217e43755e8c1e005309e82a43575ba
+        SHA1: 181c1217f38458e9444fcb3793a73006da879861
+        SHA256: 2ef6823b4586266ec12007db69887e6ca9d47210153ae3a068990bd4cbd3f68f
+    SHA1: 4a887ae6b773000864f9228800aab75e6ff34240
+    SHA256: 16b591cf5dc1e7282fdb25e45497fe3efc8095cbe31c05f6d97c5221a9a547e1
+    Sections:
+        .text:
+            Entropy: 6.423870952571043
+            Virtual Size: '0x2cec'
+        .rdata:
+            Entropy: 7.111588473125042
+            Virtual Size: '0x5f4'
+        .data:
+            Entropy: 2.0
+            Virtual Size: '0x4'
+        INIT:
+            Entropy: 5.425383304434217
+            Virtual Size: '0x560'
+        .rsrc:
+            Entropy: 3.3358251627005076
+            Virtual Size: '0x4d8'
+        .reloc:
+            Entropy: 4.986377816263342
+            Virtual Size: '0x1d2'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
+                Primary Object Publishing CA
+            ValidFrom: '1999-01-28 12:00:00'
+            ValidTo: '2014-01-27 11:00:00'
+            Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9611cd6
+            Version: 3
+            TBS:
+                MD5: 698f075151097d84c0b1f3e7bc3d6fca
+                SHA1: 041750993d7c9e063f02dfe74699598640911aab
+                SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
+                SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
+        -   Subject: C=CH, O=Elaborate Bytes AG, CN=Elaborate Bytes AG, emailAddress=admin@elby.ch
+            ValidFrom: '2008-12-23 13:26:11'
+            ValidTo: '2011-12-23 13:26:11'
+            Signature: 5a634dbf49c9d1dbe5ed4b484689b4f95ee13686141c393683a1decdc986cf94613342607a120df492112daaa92fd772bbbcb1c0f14cec7c0c20304c92d62508859c387138f2d145dbcc54c561f1b9dd73d3686ae3859ea986e4f539db7495a64b551b60d6f976ae6075ca3f6dbe1187b875ee267784b5baefaa850078595fb8b1c8944c9c3da355a802ebc52eacb9bdffdd57b0aae5f49c02c5ae6505b7ca1afb2b29e39374eab8bf1e643c3e1c8240dc113ceb078c70a401e92d0610538eaed48e291cad84635d6100930c8e7b9801323490e4f3e58d9f9fea04843f06633f8b8a8774d2b679be008d1d92bb31815f8f01c5e08144ed9574a605b245de2ba7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0100000000011e643e96d0
+            Version: 3
+            TBS:
+                MD5: f39798a2df6dda6c76b4697e743c8b80
+                SHA1: d97d9f0d2cad2881eda58fa0467cff6396be6408
+                SHA256: 5086b06e5d91585b5a110b3ec4048ce6a43a58e4fc7eb8aa99c391af5b2f8d9f
+                SHA384: 99096e0926f74d7dd4bc744bea78d7310e623f6c782a3f38d4db933e9cdf2bc8e1b813e5f6a0aacd8e59606f075e4afd
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            ValidFrom: '2004-01-22 09:00:00'
+            ValidTo: '2014-01-27 10:00:00'
+            Signature: 11d45d8af43d0d9d7e4fa70071610b56b34caa70e1b2d1dec7886d1d897c2ba946e58b1f8e4cc26695911fe34d394ae31b70b7446edc068a4d6d25e89812dcbca0dd864eae8f81130540905a542529944acaf165b4ef0679dae7cb86f004c918dcee72b320015748dfe333e12ccd9c077f9447278d888d340ca67c5c20c17d07b3736b648c26d29bd7e87965a6a891a174862a050282c1847cf279cd3c2a2b0f99291eea8c8a1ab16aeaa266380e65e1add8c6c91f888d3976ee1782c4138d97ce6341e77af5b4b66c15c33813b3930b620688dde1447f10a950248b60dc05f75ba514b27b56720b96eabffc057090659e051ca4dd07af4b57dec639673bc574
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9612448
+            Version: 3
+            TBS:
+                MD5: 2fc76031fc24eec1ef3db2d246d21d6a
+                SHA1: 75c3a1f76b9dfa31ef6bf56325e7bd0bf6e4779d
+                SHA256: 9238292d441c56dc89684c253343c17de3ed9cecd7f83d1d8f793b5ebc91f7b9
+                SHA384: 9279c1377eb701fdd79ef85038ff151cd8902169ba55fca84b9850f003563f73a1daaf869544252a2e42f06f58d2275f
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 0100000000011e643e96d0
+            Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            Version: 1
+    Imphash: aa03d5a319bc221875846e19e01276f7
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: fc16498ddf3716e03fdd527c456ea80b
+        SHA1: 7436e16cf348558015593cbf5ab9c117d97738cc
+        SHA256: a3cf1a6edd205e04653b4338c077072ee753cde0a692490ecaf7afde27df5f0b
+    Company: Elaborate Bytes AG
+    Copyright: Copyright (C) 2000 - 2006 Elaborate Bytes AG
+    CreationTimestamp: '2006-12-12 15:48:53'
+    Date: ''
+    Description: ElbyCD Windows NT/2000/XP I/O driver
+    ExportedFunctions: ''
+    FileVersion: 6, 0, 0, 1
+    Filename: ''
+    ImportedFunctions:
+    - KeWaitForSingleObject
+    - RtlFreeUnicodeString
+    - ZwCreateFile
+    - RtlAnsiStringToUnicodeString
+    - RtlInitAnsiString
+    - ZwCreateKey
+    - ZwOpenKey
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - IofCallDriver
+    - IoBuildDeviceIoControlRequest
+    - KeInitializeEvent
+    - IoFreeMdl
+    - MmUnlockPages
+    - KeReleaseMutex
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - ExFreePool
+    - ObfDereferenceObject
+    - ObReferenceObjectByHandle
+    - ExAllocatePool
+    - ZwDeleteKey
+    - ZwClose
+    - ZwDeviceIoControlFile
+    - IoCreateSymbolicLink
+    - KeInitializeMutex
+    - IoCreateDevice
+    - RtlUnwind
+    - KeTickCount
+    - MmMapLockedPages
+    - IofCompleteRequest
+    - KeQueryPerformanceCounter
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ElbyCDIO
+    MD5: c9c7113f5e15f70fcc576e835c859d56
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ElbyCDIO.sys
+    PDBPath: ''
+    Product: CDRTools
+    ProductVersion: 6, 0, 0, 0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: c15e20cb179a835c6a295f891d4f43f6
+        SHA1: fb716dec77e711df26bca8c29284c5c21c92a808
+        SHA256: 626b9fbb41fcf7bc7185e02b6d4ca83f5070929c4645876c4b19aa50765655e1
+    SHA1: 0aecdc0b8208b81b0c37eef3b0eaea8d8ebef42e
+    SHA256: b11e109f6b3dbc8aa82cd7da0b7ba93d07d9809ee2a4b21ec014f6a676a53027
+    Sections:
+        .text:
+            Entropy: 6.0145723403420055
+            Virtual Size: '0xe10'
+        .rdata:
+            Entropy: 3.950676692337647
+            Virtual Size: '0x178'
+        .data:
+            Entropy: 1.9182958340544898
+            Virtual Size: '0x18'
+        INIT:
+            Entropy: 5.282185901600035
+            Virtual Size: '0x3a0'
+        .rsrc:
+            Entropy: 3.322524044533632
+            Virtual Size: '0x4d8'
+        .reloc:
+            Entropy: 4.897249100220145
+            Virtual Size: '0x134'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=CH, O=Elaborate Bytes AG, CN=Elaborate Bytes AG, emailAddress=admin@elby.ch
+            ValidFrom: '2006-12-07 11:07:29'
+            ValidTo: '2008-12-07 11:07:29'
+            Signature: 312a78bb7289ca49f93bb483f0a56c77003b9bc3dda8096af5a455a642aeb201ceaadcacce82396eadef1bc05108e296eae1d8d074949170f28f78fa24bed56e7dca69067866d2d790c10929db5d6e7026906dc96a4c3e2b0254b86328393272826bad272dc3911b2c3ec6832d88e95a696d7e5da86c3f946c306df5a5d7e78b0cba5df4d78035e76fa33c452afc780ffe36246c58fdd0e150d22fce7df4dd954eae19a60009e5b99b8649b6d728a46bd9f90ddfbccb6951dfa7b106a6d0fda3b76b23ef475dcf2d1147ae15d4d34035e1929681fe802dfbc5bbbcd98e107c39cbe07cce6911a9202709853bcc4748fde8dc409b7939be5e4b6c97fb90dc6031
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0100000000010f5c98b8f5
+            Version: 3
+            TBS:
+                MD5: 832074a51bea8e4758c8dfeb2e96ad84
+                SHA1: 04ba895ed074635a01875a1f25da93e2e2cbbfba
+                SHA256: c5ba90a16c07cee0cb480ee21c9bedaf3ea4cbe004589b74fb9c2c0bedbc7c1b
+                SHA384: 94a7139c5e1fb29c73f8882dc40027a3929d0aab66c9be0138707c68ba43a1f329477f4bcec47cb0d0d48e918fecc91d
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
+                Primary Object Publishing CA
+            ValidFrom: '1999-01-28 12:00:00'
+            ValidTo: '2014-01-27 11:00:00'
+            Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9611cd6
+            Version: 3
+            TBS:
+                MD5: 698f075151097d84c0b1f3e7bc3d6fca
+                SHA1: 041750993d7c9e063f02dfe74699598640911aab
+                SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
+                SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2008-12-03 23:59:59'
+            Signature: 877870da4e5201205be079c98230c4fdb91996bd9100c3bdcdcdc6f40ed8fff94dc033623011c5f5741bd492de5f9c2013b17c45be50cd83e7801783a72793671346fbcab8984103cc9b515b058b7fa86ff31b501b242ef2698d6c22f7bbca1695ed0c74c06877d9eb996287c17390f889747a23aba3987b97b1f78f29714d2e751b4841daf0b50d2054d677a097826369fd09cf8af075bb099bd9f91155269a6132be7a02b07b86bea2c38b222c78d13576bc92735cf9b9e64c150a23cce4d2d4342e4940153c0f607a24c6a566ef96cf70eb3ee7f40d7edcd17ca3767169c19c4f47303521b1a2af1a623c2bd98eaa2a077bd818b35c7be29da56ffe3c89ad
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0de92bf0d4d82988183205095e9a7688
+            Version: 3
+            TBS:
+                MD5: 45c204b8a20f6abb0188d2d38a3fb0c9
+                SHA1: cdf3a3c5c2eda4c29621f30fd3154f9f8c765739
+                SHA256: e32839dddc0f4ed2474efaf37f59d46db400c700fd19533cb0895a111124bc77
+                SHA384: ee9c75832cb252218b3201619852209df490d2ef7a5f7a28afdb37f1c1dd56f4604898838e558f615b1c798d4a488223
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            ValidFrom: '2004-01-22 09:00:00'
+            ValidTo: '2014-01-27 10:00:00'
+            Signature: 11d45d8af43d0d9d7e4fa70071610b56b34caa70e1b2d1dec7886d1d897c2ba946e58b1f8e4cc26695911fe34d394ae31b70b7446edc068a4d6d25e89812dcbca0dd864eae8f81130540905a542529944acaf165b4ef0679dae7cb86f004c918dcee72b320015748dfe333e12ccd9c077f9447278d888d340ca67c5c20c17d07b3736b648c26d29bd7e87965a6a891a174862a050282c1847cf279cd3c2a2b0f99291eea8c8a1ab16aeaa266380e65e1add8c6c91f888d3976ee1782c4138d97ce6341e77af5b4b66c15c33813b3930b620688dde1447f10a950248b60dc05f75ba514b27b56720b96eabffc057090659e051ca4dd07af4b57dec639673bc574
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9612448
+            Version: 3
+            TBS:
+                MD5: 2fc76031fc24eec1ef3db2d246d21d6a
+                SHA1: 75c3a1f76b9dfa31ef6bf56325e7bd0bf6e4779d
+                SHA256: 9238292d441c56dc89684c253343c17de3ed9cecd7f83d1d8f793b5ebc91f7b9
+                SHA384: 9279c1377eb701fdd79ef85038ff151cd8902169ba55fca84b9850f003563f73a1daaf869544252a2e42f06f58d2275f
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 0100000000010f5c98b8f5
+            Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            Version: 1
+    Imphash: b91054cdc4c8b3169cfe6c157f6d9f07
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 73002b48efe7e3852acc803a2a0bc806
+        SHA1: c3fb8cdc5b36a3f5a6505c2ee3ecdfba2c314703
+        SHA256: a975856b36523ab51b5c4043bc7b13ed22cd74c2a01b6763a89c118563227bd3
+    Company: Elaborate Bytes AG
+    Copyright: Copyright (C) 2000 - 2002 Elaborate Bytes AG
+    CreationTimestamp: '2002-11-29 04:38:16'
+    Date: ''
+    Description: ElbyCD Windows NT/2000/XP I/O driver
+    ExportedFunctions: ''
+    FileVersion: 4, 2, 0, 0
+    Filename: ''
+    ImportedFunctions:
+    - IoCreateSymbolicLink
+    - KeInitializeMutex
+    - IoCreateDevice
+    - RtlInitUnicodeString
+    - IofCompleteRequest
+    - KeReleaseMutex
+    - KeWaitForSingleObject
+    - ExFreePool
+    - IoCreateUnprotectedSymbolicLink
+    - RtlFreeUnicodeString
+    - RtlAnsiStringToUnicodeString
+    - RtlInitAnsiString
+    - IoFreeMdl
+    - MmUnmapLockedPages
+    - MmUnlockPages
+    - ZwDeleteKey
+    - IofCallDriver
+    - IoBuildDeviceIoControlRequest
+    - IoDeleteDevice
+    - ZwClose
+    - IoDeleteSymbolicLink
+    - ExAllocatePoolWithTag
+    - ZwCreateFile
+    - ZwCreateKey
+    - ZwOpenKey
+    - MmMapLockedPages
+    - MmBuildMdlForNonPagedPool
+    - IoAllocateMdl
+    - MmProbeAndLockPages
+    - ObfDereferenceObject
+    - ObReferenceObjectByHandle
+    - KeSetEvent
+    - InterlockedDecrement
+    - InterlockedExchange
+    - IoGetDeviceObjectPointer
+    - InterlockedIncrement
+    - RtlUnwind
+    - ZwDeviceIoControlFile
+    - KeInitializeEvent
+    - KeQueryPerformanceCounter
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ElbyCDIO
+    MD5: 389823db299b350f2ee830d47376eeac
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ElbyCDIO.sys
+    PDBPath: ''
+    Product: CDRTools
+    ProductVersion: 4, 2, 0, 0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 33aa6ad4da57c65cb3bc7804b52f9f85
+        SHA1: 183a65bcf6812eff3f15bff51b8d93be23033e51
+        SHA256: 14754aac57514a4defbf148a27bd52f604f0889e01a06ecd82ca57e0617063bb
+    SHA1: 22c909898f5babe37cc421b4f5ed0522196f8127
+    SHA256: af16c36480d806adca881e4073dcd41acb20c35ed0b1a8f9bd4331de655036e1
+    Sections:
+        .text:
+            Entropy: 6.233851950481471
+            Virtual Size: '0x184e'
+        .data:
+            Entropy: -0.0
+            Virtual Size: '0x4'
+        INIT:
+            Entropy: 5.158307594735602
+            Virtual Size: '0x440'
+        .rsrc:
+            Entropy: 3.345760450837308
+            Virtual Size: '0x510'
+        .reloc:
+            Entropy: 5.453740684150887
+            Virtual Size: '0x1b2'
+    Signature: ''
+    Signatures: {}
+    Imphash: b7a0100fe60d7a8263da64820f7d0120
+    LoadsDespiteHVCI: 'TRUE'
+-   Authentihash:
+        MD5: 90d8ab45c4a785f983786f7c088ba9ea
+        SHA1: cd9c30ba2ab80129eaa603a81ae3a7050add5894
+        SHA256: 34d55c87feec5eeb4f826fc6301c22017cd3e83387529a06c5493c260597599b
+    Company: Elaborate Bytes AG
+    Copyright: Copyright (C) 2000 - 2007 Elaborate Bytes AG
+    CreationTimestamp: '2007-08-01 15:38:17'
+    Date: ''
+    Description: ElbyCD Windows x64 I/O driver
+    ExportedFunctions: ''
+    FileVersion: 6, 0, 0, 7
+    Filename: ''
+    ImportedFunctions:
+    - KeAcquireSpinLockRaiseToDpc
+    - KeReleaseSpinLock
+    - ZwReadFile
+    - ZwWriteFile
+    - ZwClose
+    - ZwSetInformationFile
+    - ZwQueryInformationFile
+    - ZwOpenFile
+    - RtlInitUnicodeString
+    - ZwCreateFile
+    - ZwOpenKey
+    - swprintf
+    - ZwQueryVolumeInformationFile
+    - ZwQuerySymbolicLinkObject
+    - ZwOpenSymbolicLinkObject
+    - PsTerminateSystemThread
+    - ZwQueryInformationProcess
+    - ZwSetInformationThread
+    - KeReleaseMutex
+    - ObfDereferenceObject
+    - KeWaitForMultipleObjects
+    - PsCreateSystemThread
+    - KeWaitForSingleObject
+    - ObReferenceObjectByHandle
+    - ZwOpenProcess
+    - KeInitializeEvent
+    - PsGetCurrentProcessId
+    - IofCompleteRequest
+    - KeInitializeMutex
+    - ExAllocatePool
+    - ExFreePool
+    - RtlFreeUnicodeString
+    - RtlAnsiStringToUnicodeString
+    - RtlInitAnsiString
+    - ZwCreateKey
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - IofCallDriver
+    - IoBuildDeviceIoControlRequest
+    - __C_specific_handler
+    - IoFreeMdl
+    - MmUnlockPages
+    - MmMapLockedPages
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - ZwDeleteKey
+    - ZwDeviceIoControlFile
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeBugCheckEx
+    - KeSetEvent
+    - KeQueryPerformanceCounter
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ElbyCDIO
+    MD5: 07fc1e043654fdde56da98d93523635c
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ElbyCDIO.sys
+    PDBPath: ''
+    Product: CDRTools
+    ProductVersion: 6, 0, 0, 0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 874dfd989f2b89a3c9dc3332aa89b783
+        SHA1: ad7fbd30f31d4f229f54e54cd2ada523d42f7f0b
+        SHA256: a410ec935e4d2bd05d28e73a07a0b8bdca974c7b886e69589975b63835bd3b04
+    SHA1: 7ee65bedaf7967c752831c83e26540e65358175e
+    SHA256: 7cf756afcaf2ce4f8fb479fdede152a17eabf4c5c7c329699dab026a4c1d4fd0
+    Sections:
+        .text:
+            Entropy: 6.173973377009215
+            Virtual Size: '0x4292'
+        .rdata:
+            Entropy: 6.115632894160688
+            Virtual Size: '0xc88'
+        .data:
+            Entropy: 0.5159719988134768
+            Virtual Size: '0x110'
+        .pdata:
+            Entropy: 4.217934892681612
+            Virtual Size: '0x384'
+        INIT:
+            Entropy: 5.047783889667945
+            Virtual Size: '0x6b2'
+        .rsrc:
+            Entropy: 3.3131155558071614
+            Virtual Size: '0x4a8'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=CH, O=Elaborate Bytes AG, CN=Elaborate Bytes AG, emailAddress=admin@elby.ch
+            ValidFrom: '2006-12-07 11:07:29'
+            ValidTo: '2008-12-07 11:07:29'
+            Signature: 312a78bb7289ca49f93bb483f0a56c77003b9bc3dda8096af5a455a642aeb201ceaadcacce82396eadef1bc05108e296eae1d8d074949170f28f78fa24bed56e7dca69067866d2d790c10929db5d6e7026906dc96a4c3e2b0254b86328393272826bad272dc3911b2c3ec6832d88e95a696d7e5da86c3f946c306df5a5d7e78b0cba5df4d78035e76fa33c452afc780ffe36246c58fdd0e150d22fce7df4dd954eae19a60009e5b99b8649b6d728a46bd9f90ddfbccb6951dfa7b106a6d0fda3b76b23ef475dcf2d1147ae15d4d34035e1929681fe802dfbc5bbbcd98e107c39cbe07cce6911a9202709853bcc4748fde8dc409b7939be5e4b6c97fb90dc6031
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0100000000010f5c98b8f5
+            Version: 3
+            TBS:
+                MD5: 832074a51bea8e4758c8dfeb2e96ad84
+                SHA1: 04ba895ed074635a01875a1f25da93e2e2cbbfba
+                SHA256: c5ba90a16c07cee0cb480ee21c9bedaf3ea4cbe004589b74fb9c2c0bedbc7c1b
+                SHA384: 94a7139c5e1fb29c73f8882dc40027a3929d0aab66c9be0138707c68ba43a1f329477f4bcec47cb0d0d48e918fecc91d
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
+                Primary Object Publishing CA
+            ValidFrom: '1999-01-28 12:00:00'
+            ValidTo: '2014-01-27 11:00:00'
+            Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9611cd6
+            Version: 3
+            TBS:
+                MD5: 698f075151097d84c0b1f3e7bc3d6fca
+                SHA1: 041750993d7c9e063f02dfe74699598640911aab
+                SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
+                SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            ValidFrom: '2004-01-22 09:00:00'
+            ValidTo: '2014-01-27 10:00:00'
+            Signature: 11d45d8af43d0d9d7e4fa70071610b56b34caa70e1b2d1dec7886d1d897c2ba946e58b1f8e4cc26695911fe34d394ae31b70b7446edc068a4d6d25e89812dcbca0dd864eae8f81130540905a542529944acaf165b4ef0679dae7cb86f004c918dcee72b320015748dfe333e12ccd9c077f9447278d888d340ca67c5c20c17d07b3736b648c26d29bd7e87965a6a891a174862a050282c1847cf279cd3c2a2b0f99291eea8c8a1ab16aeaa266380e65e1add8c6c91f888d3976ee1782c4138d97ce6341e77af5b4b66c15c33813b3930b620688dde1447f10a950248b60dc05f75ba514b27b56720b96eabffc057090659e051ca4dd07af4b57dec639673bc574
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9612448
+            Version: 3
+            TBS:
+                MD5: 2fc76031fc24eec1ef3db2d246d21d6a
+                SHA1: 75c3a1f76b9dfa31ef6bf56325e7bd0bf6e4779d
+                SHA256: 9238292d441c56dc89684c253343c17de3ed9cecd7f83d1d8f793b5ebc91f7b9
+                SHA384: 9279c1377eb701fdd79ef85038ff151cd8902169ba55fca84b9850f003563f73a1daaf869544252a2e42f06f58d2275f
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 0100000000010f5c98b8f5
+            Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            Version: 1
+    Imphash: afee876e89b51e2cc7c91353fb588fe6
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: af23e615a116b1c4976d0f53d4369431
+        SHA1: 330d0e648948b46ba1f3c7297f92f4c8f6b686a8
+        SHA256: 80b9c02772e93f64330ad2ccfa04e10d2546732de00626e85f42c19dc53019f1
+    Company: Elaborate Bytes
+    Copyright: Copyright (C) Elaborate Bytes 2000
+    CreationTimestamp: '2001-03-27 07:38:46'
+    Date: ''
+    Description: ElbyCD Windows NT/2000 I/O driver
+    ExportedFunctions: ''
+    FileVersion: 3, 0, 0, 0
+    Filename: ''
+    ImportedFunctions:
+    - MmUnmapLockedPages
+    - IoCreateSymbolicLink
+    - KeInitializeMutex
+    - IoCreateDevice
+    - RtlInitUnicodeString
+    - IofCompleteRequest
+    - KeReleaseMutex
+    - KeWaitForSingleObject
+    - PsGetCurrentProcessId
+    - ExFreePool
+    - IoCreateUnprotectedSymbolicLink
+    - RtlFreeUnicodeString
+    - RtlAnsiStringToUnicodeString
+    - RtlInitAnsiString
+    - IoFreeMdl
+    - IoDeleteDevice
+    - MmUnlockPages
+    - ZwDeviceIoControlFile
+    - ZwClose
+    - IoDeleteSymbolicLink
+    - ExAllocatePoolWithTag
+    - ZwCreateFile
+    - ZwCreateKey
+    - ZwOpenKey
+    - MmMapLockedPages
+    - MmBuildMdlForNonPagedPool
+    - IoAllocateMdl
+    - MmProbeAndLockPages
+    - RtlUnwind
+    Imports:
+    - ntoskrnl.exe
+    InternalName: ElbyCDIO
+    MD5: d1f9ffe5569642c8f8c10ed7ee5d9391
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ElbyCDIO.sys
+    PDBPath: ''
+    Product: CDRTools
+    ProductVersion: 3, 0, 0, 5
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: ac89ec59ccd52561baecef043386db39
+        SHA1: 58f397cd4214fef5c60388c1ac8ea7ac5796ee22
+        SHA256: 767dd9bfd22782127ce1fb08657a6299f4844de09b85d76035c9706a96861798
+    SHA1: feb8e6e7419713a2993c48b9758c039bd322b699
+    SHA256: 07af8c5659ad293214364789df270c0e6d03d90f4f4495da76abc2d534c64d88
+    Sections:
+        .text:
+            Entropy: 6.216558319832571
+            Virtual Size: '0xea8'
+        INIT:
+            Entropy: 5.117148951216235
+            Virtual Size: '0x2fa'
+        .rsrc:
+            Entropy: 3.3316925889474445
+            Virtual Size: '0x4d8'
+        .reloc:
+            Entropy: 5.060131110565544
+            Virtual Size: '0x112'
+    Signature: ''
+    Signatures: {}
+    Imphash: b5967a61e1a4e1d57b3d8ffefc5721ed
+    LoadsDespiteHVCI: 'TRUE'
+-   Authentihash:
+        MD5: a3e446885ff8aeb08aebf648e0658e2f
+        SHA1: 8644110e1460c97743ad9f632dde2e5122bfbb26
+        SHA256: a233680b53bcdfba264005644e51bfa4ba9923f0a3544ed4596e28fb9f3fd682
+    Company: Elaborate Bytes AG
+    Copyright: Copyright (C) 2000 - 2007 Elaborate Bytes AG
+    CreationTimestamp: '2007-08-07 13:48:36'
+    Date: ''
+    Description: ElbyCD Windows x64 I/O driver
+    ExportedFunctions: ''
+    FileVersion: 6, 0, 1, 0
+    Filename: ''
+    ImportedFunctions:
+    - KeAcquireSpinLockRaiseToDpc
+    - KeReleaseSpinLock
+    - ZwReadFile
+    - ZwWriteFile
+    - ZwClose
+    - ZwSetInformationFile
+    - ZwQueryInformationFile
+    - ZwOpenFile
+    - RtlInitUnicodeString
+    - ZwCreateFile
+    - ZwCreateKey
+    - swprintf
+    - ZwQueryVolumeInformationFile
+    - ZwQuerySymbolicLinkObject
+    - ZwOpenSymbolicLinkObject
+    - ZwQueryValueKey
+    - ZwOpenKey
+    - ZwSetValueKey
+    - ZwSetInformationThread
+    - PsTerminateSystemThread
+    - KeWaitForSingleObject
+    - KeSetEvent
+    - ObfDereferenceObject
+    - ObReferenceObjectByHandle
+    - PsCreateSystemThread
+    - KeReleaseMutex
+    - PsGetCurrentProcessId
+    - IofCompleteRequest
+    - KeInitializeMutex
+    - ExAllocatePool
+    - ExFreePool
+    - RtlFreeUnicodeString
+    - RtlAnsiStringToUnicodeString
+    - RtlInitAnsiString
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - IofCallDriver
+    - IoBuildDeviceIoControlRequest
+    - __C_specific_handler
+    - IoFreeMdl
+    - MmUnlockPages
+    - MmMapLockedPages
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - ZwDeleteKey
+    - ZwDeviceIoControlFile
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeBugCheckEx
+    - KeInitializeEvent
+    - KeQueryPerformanceCounter
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ElbyCDIO
+    MD5: 3836e2db9034543f63943cdbb52a691a
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ElbyCDIO.sys
+    PDBPath: ''
+    Product: CDRTools
+    ProductVersion: 6, 0, 0, 0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 8950d52e0c8fa95c85dc60914efa8fad
+        SHA1: 4eae47391f4247edb70e318d50bf205e77411897
+        SHA256: a08f9802da8b030d083d66f587f90807ae23ce8757b1f08932e2570f7287bcac
+    SHA1: 49b1e6a922a8d2cb2101c48155dfc08c17d09341
+    SHA256: 828a18b16418c021b6c4aa8c6d54cef4e815efca0d48b9ff14822f9ccb69dff2
+    Sections:
+        .text:
+            Entropy: 6.189049565559284
+            Virtual Size: '0x3f82'
+        .rdata:
+            Entropy: 6.165841873710771
+            Virtual Size: '0xb90'
+        .data:
+            Entropy: 0.5159719988134768
+            Virtual Size: '0x110'
+        .pdata:
+            Entropy: 4.15802276728414
+            Virtual Size: '0x2f4'
+        INIT:
+            Entropy: 5.018091808451433
+            Virtual Size: '0x684'
+        .rsrc:
+            Entropy: 3.3099880900837397
+            Virtual Size: '0x4a8'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=CH, O=Elaborate Bytes AG, CN=Elaborate Bytes AG, emailAddress=admin@elby.ch
+            ValidFrom: '2006-12-07 11:07:29'
+            ValidTo: '2008-12-07 11:07:29'
+            Signature: 312a78bb7289ca49f93bb483f0a56c77003b9bc3dda8096af5a455a642aeb201ceaadcacce82396eadef1bc05108e296eae1d8d074949170f28f78fa24bed56e7dca69067866d2d790c10929db5d6e7026906dc96a4c3e2b0254b86328393272826bad272dc3911b2c3ec6832d88e95a696d7e5da86c3f946c306df5a5d7e78b0cba5df4d78035e76fa33c452afc780ffe36246c58fdd0e150d22fce7df4dd954eae19a60009e5b99b8649b6d728a46bd9f90ddfbccb6951dfa7b106a6d0fda3b76b23ef475dcf2d1147ae15d4d34035e1929681fe802dfbc5bbbcd98e107c39cbe07cce6911a9202709853bcc4748fde8dc409b7939be5e4b6c97fb90dc6031
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0100000000010f5c98b8f5
+            Version: 3
+            TBS:
+                MD5: 832074a51bea8e4758c8dfeb2e96ad84
+                SHA1: 04ba895ed074635a01875a1f25da93e2e2cbbfba
+                SHA256: c5ba90a16c07cee0cb480ee21c9bedaf3ea4cbe004589b74fb9c2c0bedbc7c1b
+                SHA384: 94a7139c5e1fb29c73f8882dc40027a3929d0aab66c9be0138707c68ba43a1f329477f4bcec47cb0d0d48e918fecc91d
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
+                Primary Object Publishing CA
+            ValidFrom: '1999-01-28 12:00:00'
+            ValidTo: '2014-01-27 11:00:00'
+            Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9611cd6
+            Version: 3
+            TBS:
+                MD5: 698f075151097d84c0b1f3e7bc3d6fca
+                SHA1: 041750993d7c9e063f02dfe74699598640911aab
+                SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
+                SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            ValidFrom: '2004-01-22 09:00:00'
+            ValidTo: '2014-01-27 10:00:00'
+            Signature: 11d45d8af43d0d9d7e4fa70071610b56b34caa70e1b2d1dec7886d1d897c2ba946e58b1f8e4cc26695911fe34d394ae31b70b7446edc068a4d6d25e89812dcbca0dd864eae8f81130540905a542529944acaf165b4ef0679dae7cb86f004c918dcee72b320015748dfe333e12ccd9c077f9447278d888d340ca67c5c20c17d07b3736b648c26d29bd7e87965a6a891a174862a050282c1847cf279cd3c2a2b0f99291eea8c8a1ab16aeaa266380e65e1add8c6c91f888d3976ee1782c4138d97ce6341e77af5b4b66c15c33813b3930b620688dde1447f10a950248b60dc05f75ba514b27b56720b96eabffc057090659e051ca4dd07af4b57dec639673bc574
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9612448
+            Version: 3
+            TBS:
+                MD5: 2fc76031fc24eec1ef3db2d246d21d6a
+                SHA1: 75c3a1f76b9dfa31ef6bf56325e7bd0bf6e4779d
+                SHA256: 9238292d441c56dc89684c253343c17de3ed9cecd7f83d1d8f793b5ebc91f7b9
+                SHA384: 9279c1377eb701fdd79ef85038ff151cd8902169ba55fca84b9850f003563f73a1daaf869544252a2e42f06f58d2275f
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 0100000000010f5c98b8f5
+            Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            Version: 1
+    Imphash: 9fd359d308a1e93106189b4ebd945855
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: d00443b7b4e5529a942c4866001af949
+        SHA1: 31913db2c43fa5b235b701dd0f79ef5f0110f322
+        SHA256: 07e8a7f0fcc8be78167704c6679c70ea184961f5a5bd2066620a4b7eeb939885
+    Company: Elaborate Bytes AG
+    Copyright: Copyright (C) 2000 - 2007 Elaborate Bytes AG
+    CreationTimestamp: '2007-02-28 13:51:48'
+    Date: ''
+    Description: ElbyCD Windows x64 I/O driver
+    ExportedFunctions: ''
+    FileVersion: 6, 0, 0, 2
+    Filename: ''
+    ImportedFunctions:
+    - KeWaitForSingleObject
+    - RtlFreeUnicodeString
+    - ZwCreateFile
+    - RtlAnsiStringToUnicodeString
+    - RtlInitAnsiString
+    - ZwCreateKey
+    - ZwOpenKey
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - IofCallDriver
+    - IoBuildDeviceIoControlRequest
+    - KeInitializeEvent
+    - __C_specific_handler
+    - IoFreeMdl
+    - KeReleaseMutex
+    - MmMapLockedPages
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - ExFreePool
+    - ObfDereferenceObject
+    - ObReferenceObjectByHandle
+    - ExAllocatePool
+    - ZwDeleteKey
+    - ZwClose
+    - ZwDeviceIoControlFile
+    - IoCreateSymbolicLink
+    - KeInitializeMutex
+    - IoCreateDevice
+    - MmUnlockPages
+    - IofCompleteRequest
+    - KeQueryPerformanceCounter
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ElbyCDIO
+    MD5: 978cd6d9666627842340ef774fd9e2ac
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ElbyCDIO.sys
+    PDBPath: ''
+    Product: CDRTools
+    ProductVersion: 6, 0, 0, 0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 759951b21f9ce1aa3225d912cd7ce0fd
+        SHA1: d4d438eaa49f8acad4af402a729d7f56bcb8a180
+        SHA256: 09ea7d2d96e137334c09a82e85e003795af40ed5b77d1e15077a1297b1d69a06
+    SHA1: 7192e22e0f8343058ec29fb7b8065e09ce389a5b
+    SHA256: 3e85cf32562a47d51827b21ab1e7f8c26c0dbd1cd86272f3cc64caae61a7e5fb
+    Sections:
+        .text:
+            Entropy: 5.938003849097046
+            Virtual Size: '0xfe2'
+        .rdata:
+            Entropy: 4.344400543989659
+            Virtual Size: '0x30c'
+        .data:
+            Entropy: 0.5035334969292564
+            Virtual Size: '0x118'
+        .pdata:
+            Entropy: 3.6032604168924314
+            Virtual Size: '0xcc'
+        INIT:
+            Entropy: 4.916138301325644
+            Virtual Size: '0x456'
+        .rsrc:
+            Entropy: 3.3100873339326338
+            Virtual Size: '0x4a8'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=CH, O=Elaborate Bytes AG, CN=Elaborate Bytes AG, emailAddress=admin@elby.ch
+            ValidFrom: '2006-12-07 11:07:29'
+            ValidTo: '2008-12-07 11:07:29'
+            Signature: 312a78bb7289ca49f93bb483f0a56c77003b9bc3dda8096af5a455a642aeb201ceaadcacce82396eadef1bc05108e296eae1d8d074949170f28f78fa24bed56e7dca69067866d2d790c10929db5d6e7026906dc96a4c3e2b0254b86328393272826bad272dc3911b2c3ec6832d88e95a696d7e5da86c3f946c306df5a5d7e78b0cba5df4d78035e76fa33c452afc780ffe36246c58fdd0e150d22fce7df4dd954eae19a60009e5b99b8649b6d728a46bd9f90ddfbccb6951dfa7b106a6d0fda3b76b23ef475dcf2d1147ae15d4d34035e1929681fe802dfbc5bbbcd98e107c39cbe07cce6911a9202709853bcc4748fde8dc409b7939be5e4b6c97fb90dc6031
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0100000000010f5c98b8f5
+            Version: 3
+            TBS:
+                MD5: 832074a51bea8e4758c8dfeb2e96ad84
+                SHA1: 04ba895ed074635a01875a1f25da93e2e2cbbfba
+                SHA256: c5ba90a16c07cee0cb480ee21c9bedaf3ea4cbe004589b74fb9c2c0bedbc7c1b
+                SHA384: 94a7139c5e1fb29c73f8882dc40027a3929d0aab66c9be0138707c68ba43a1f329477f4bcec47cb0d0d48e918fecc91d
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
+                Primary Object Publishing CA
+            ValidFrom: '1999-01-28 12:00:00'
+            ValidTo: '2014-01-27 11:00:00'
+            Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9611cd6
+            Version: 3
+            TBS:
+                MD5: 698f075151097d84c0b1f3e7bc3d6fca
+                SHA1: 041750993d7c9e063f02dfe74699598640911aab
+                SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
+                SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2008-12-03 23:59:59'
+            Signature: 877870da4e5201205be079c98230c4fdb91996bd9100c3bdcdcdc6f40ed8fff94dc033623011c5f5741bd492de5f9c2013b17c45be50cd83e7801783a72793671346fbcab8984103cc9b515b058b7fa86ff31b501b242ef2698d6c22f7bbca1695ed0c74c06877d9eb996287c17390f889747a23aba3987b97b1f78f29714d2e751b4841daf0b50d2054d677a097826369fd09cf8af075bb099bd9f91155269a6132be7a02b07b86bea2c38b222c78d13576bc92735cf9b9e64c150a23cce4d2d4342e4940153c0f607a24c6a566ef96cf70eb3ee7f40d7edcd17ca3767169c19c4f47303521b1a2af1a623c2bd98eaa2a077bd818b35c7be29da56ffe3c89ad
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0de92bf0d4d82988183205095e9a7688
+            Version: 3
+            TBS:
+                MD5: 45c204b8a20f6abb0188d2d38a3fb0c9
+                SHA1: cdf3a3c5c2eda4c29621f30fd3154f9f8c765739
+                SHA256: e32839dddc0f4ed2474efaf37f59d46db400c700fd19533cb0895a111124bc77
+                SHA384: ee9c75832cb252218b3201619852209df490d2ef7a5f7a28afdb37f1c1dd56f4604898838e558f615b1c798d4a488223
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            ValidFrom: '2004-01-22 09:00:00'
+            ValidTo: '2014-01-27 10:00:00'
+            Signature: 11d45d8af43d0d9d7e4fa70071610b56b34caa70e1b2d1dec7886d1d897c2ba946e58b1f8e4cc26695911fe34d394ae31b70b7446edc068a4d6d25e89812dcbca0dd864eae8f81130540905a542529944acaf165b4ef0679dae7cb86f004c918dcee72b320015748dfe333e12ccd9c077f9447278d888d340ca67c5c20c17d07b3736b648c26d29bd7e87965a6a891a174862a050282c1847cf279cd3c2a2b0f99291eea8c8a1ab16aeaa266380e65e1add8c6c91f888d3976ee1782c4138d97ce6341e77af5b4b66c15c33813b3930b620688dde1447f10a950248b60dc05f75ba514b27b56720b96eabffc057090659e051ca4dd07af4b57dec639673bc574
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9612448
+            Version: 3
+            TBS:
+                MD5: 2fc76031fc24eec1ef3db2d246d21d6a
+                SHA1: 75c3a1f76b9dfa31ef6bf56325e7bd0bf6e4779d
+                SHA256: 9238292d441c56dc89684c253343c17de3ed9cecd7f83d1d8f793b5ebc91f7b9
+                SHA384: 9279c1377eb701fdd79ef85038ff151cd8902169ba55fca84b9850f003563f73a1daaf869544252a2e42f06f58d2275f
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 0100000000010f5c98b8f5
+            Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            Version: 1
+    Imphash: 84d83741445d9f5a6717b874fed3d8f3
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/868c6920-f6cb-4088-8277-095a1358abe1.yaml b/yaml/868c6920-f6cb-4088-8277-095a1358abe1.yaml
index d6798671b..c1098cf9c 100644
--- a/yaml/868c6920-f6cb-4088-8277-095a1358abe1.yaml
+++ b/yaml/868c6920-f6cb-4088-8277-095a1358abe1.yaml
@@ -1,316 +1,318 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 868c6920-f6cb-4088-8277-095a1358abe1
+Tags:
+- GLCKIO2.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create GLCKIO2.sys binPath=C:\windows\temp\GLCKIO2.sys type=kernel
-    && sc.exe start GLCKIO2.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection: []
-Id: 868c6920-f6cb-4088-8277-095a1358abe1
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 505c5b85b442f9159ba715d4867f9ac4
-    SHA1: 83644f9ece6d6ef3517e1829595c52380922ed35
-    SHA256: 25a0854ef48a4dfbc7f04e94d2b11757e3613b241d39d46a19cb389ce42887e4
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2018-03-07 20:19:59'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: GLCKIO2.sys
-  ImportedFunctions:
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - MmGetSystemRoutineAddress
-  - ObfDereferenceObject
-  - ZwClose
-  - ZwOpenSection
-  - ZwMapViewOfSection
-  - ZwUnmapViewOfSection
-  - KeBugCheckEx
-  - ObReferenceObjectByHandle
-  - RtlInitUnicodeString
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: e700a820f117f65e813b216fccbf78c9
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ASUSTeK Computer Inc.
-  RichPEHeaderHash:
-    MD5: c313873f5ce214b5624db6b499102fee
-    SHA1: d5ee39a2895fbe8b482f5dbfbde742c7d7d15cc0
-    SHA256: 4ec4d45de9901ae64bb1910901ea62302741290c44b2dadca489704f503a9191
-  SHA1: 2dfcb799b3c42ecb0472e27c19b24ac7532775ce
-  SHA256: 3a5ec83fe670e5e23aef3afa0a7241053f5b6be5e6ca01766d6b5f9177183c25
-  Sections:
-    .text:
-      Entropy: 6.3934424260540705
-      Virtual Size: '0x1334'
-    .rdata:
-      Entropy: 5.626296674970018
-      Virtual Size: '0x6d4'
-    .data:
-      Entropy: 0.28109187076190567
-      Virtual Size: '0x218'
-    .pdata:
-      Entropy: 3.6286301597756387
-      Virtual Size: '0xf0'
-    INIT:
-      Entropy: 5.203390798662231
-      Virtual Size: '0x2b2'
-    .reloc:
-      Entropy: 2.7841837197791888
-      Virtual Size: '0x14'
-  Signature:
-  - ASUSTeK Computer Inc.
-  - DigiCert SHA2 High Assurance Code Signing CA
-  - DigiCert
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=TW, ST=Taipei, L=Taipei City, O=ASUSTeK Computer Inc., CN=ASUSTeK
-        Computer Inc.
-      ValidFrom: '2015-07-27 00:00:00'
-      ValidTo: '2018-08-01 12:00:00'
-      Signature: 2948e468e6568d1fedd506d0da7e29571b2a943cf7e9c221d7724383882eec14c491862ca1e2e56951e303305332234a0434b832e00953a239ab49df85d1fb32325a6a9a8ba53493c9d0c161cad6557aec67738ee61cbfdd01646b97c7f4a8c3f96bb76573bbec2ca86ed604cd9b6c373bf494c2b4841b2d1816b944813f3345f551bd6b22b37be6e0eb71ccfde21911624acb7d8675be96c911a67839285c5f72b991ff235d0fa7361b01ce420eed7425d7b98941b7ab278bd02e8e75f5695560c278ce556ce884921f15fb5688fca91ba4fff3bda818689671e834e37e4d4e1802e7d7e0692087fba38845fb672d5091e8e3c8af16accf318e000a89b53fe5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 081666295845159f57ae88f441bf237e
-      Version: 3
-      TBS:
-        MD5: 10f65f793a1d7843aca33673879fea69
-        SHA1: e211b40ceb03f3e15ab8b2407bab60a5b072080a
-        SHA256: d75ee672c954049678034ffd7a95c420ead0b757ab0f52b88db1a02c8730df94
-        SHA384: 73eb8b32bbfd0f7da9d7f6c75757e136299c9001695638ad23fc2ae085194051270430961541d58ed4b4420740af2c1f
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance
-        Code Signing CA
-      ValidFrom: '2013-10-22 12:00:00'
-      ValidTo: '2028-10-22 12:00:00'
-      Signature: 6a0eff7e137c06a54bc02e8cf9536409e2ba58913050eccc9fe1d3a82f4846361829d078285f9856400f1ebabdb13b875cdc5bd8200ded1a164dd51124214bf127699013eb11a101dafdb54e795975bd382a6ac3f68e412b8aa28bd72c5151d99ca0c8e34eba6ca847d24ed1681f8c02573bb3296a8e6a202ab9f2006264bac8e900f9cca4d4ba9a35d8af2c656c167c5821de4a30d0faeb245d06c99d16b7ad4a45d325e20cf040aa5c4dac7ecd0682b976466908d832b682fee3a95834431b8e6767973f6831163638953e87f7c7c3af9d7a7719d9de93b5fd6e2bfc94f93db74c12352c30bee88d9e05709a4813f48cd6e71eac38e7a8f3ad0cb77aec67ed
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 0b7e10903c38490ffa2f679a87a1a7b9
-      Version: 3
-      TBS:
-        MD5: 7b0fbcf5c5aa55932726e9222f56efe2
-        SHA1: f09486b2b82a88a8b82aa2a12440496c8e53c452
-        SHA256: 0bf095b845b69928b5d7dfd1c42ae4f90feb8dc97f7830598c93e848877021fb
-        SHA384: f2a7644292efe9a7adc26cdeb0aa13980ea792d21845ba696684ac64d7f906839f3ec7625c3a88efefe3a451d961d317
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 081666295845159f57ae88f441bf237e
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance
-        Code Signing CA
-      Version: 1
-  Imphash: 531d2392dbdd314fb1d9318fe9e5c4d2
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 86b5239d6b6fe0d6fad286f809d7571a
-    SHA1: d99b80b3269d735cac43af5e43483e64ca7961c3
-    SHA256: 47dba240967fd0088be618163672dfbddf0138178cccd45b54037f622b221220
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2018-04-23 01:12:05'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: GLCKIO2.sys
-  ImportedFunctions:
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - MmGetSystemRoutineAddress
-  - ObfDereferenceObject
-  - ZwClose
-  - ZwOpenSection
-  - ZwMapViewOfSection
-  - ZwUnmapViewOfSection
-  - KeBugCheckEx
-  - ObReferenceObjectByHandle
-  - RtlInitUnicodeString
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: d253c19194a18030296ae62a10821640
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ASUSTeK Computer Inc.
-  RichPEHeaderHash:
-    MD5: 3e4e63f1d63e32f35d6a20d42c7497c3
-    SHA1: 402c8409593413412a856d04cee831eb090974d3
-    SHA256: a5652922be958f012a7daec6d23e41aba301616e53e0971ca5edddcc7112eb58
-  SHA1: cc51be79ae56bc97211f6b73cc905c3492da8f9d
-  SHA256: 61a1bdddd3c512e681818debb5bee94db701768fc25e674fcad46592a3259bd0
-  Sections:
-    .text:
-      Entropy: 6.405831545608102
-      Virtual Size: '0x1374'
-    .rdata:
-      Entropy: 5.632017178608109
-      Virtual Size: '0x6d4'
-    .data:
-      Entropy: 0.28109187076190567
-      Virtual Size: '0x218'
-    .pdata:
-      Entropy: 3.6367331036245374
-      Virtual Size: '0xfc'
-    INIT:
-      Entropy: 5.203390798662231
-      Virtual Size: '0x2b2'
-    .reloc:
-      Entropy: 2.7841837197791888
-      Virtual Size: '0x14'
-  Signature:
-  - ASUSTeK Computer Inc.
-  - DigiCert SHA2 High Assurance Code Signing CA
-  - DigiCert
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=TW, ST=Taipei, L=Taipei City, O=ASUSTeK Computer Inc., CN=ASUSTeK
-        Computer Inc.
-      ValidFrom: '2015-07-27 00:00:00'
-      ValidTo: '2018-08-01 12:00:00'
-      Signature: 2948e468e6568d1fedd506d0da7e29571b2a943cf7e9c221d7724383882eec14c491862ca1e2e56951e303305332234a0434b832e00953a239ab49df85d1fb32325a6a9a8ba53493c9d0c161cad6557aec67738ee61cbfdd01646b97c7f4a8c3f96bb76573bbec2ca86ed604cd9b6c373bf494c2b4841b2d1816b944813f3345f551bd6b22b37be6e0eb71ccfde21911624acb7d8675be96c911a67839285c5f72b991ff235d0fa7361b01ce420eed7425d7b98941b7ab278bd02e8e75f5695560c278ce556ce884921f15fb5688fca91ba4fff3bda818689671e834e37e4d4e1802e7d7e0692087fba38845fb672d5091e8e3c8af16accf318e000a89b53fe5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 081666295845159f57ae88f441bf237e
-      Version: 3
-      TBS:
-        MD5: 10f65f793a1d7843aca33673879fea69
-        SHA1: e211b40ceb03f3e15ab8b2407bab60a5b072080a
-        SHA256: d75ee672c954049678034ffd7a95c420ead0b757ab0f52b88db1a02c8730df94
-        SHA384: 73eb8b32bbfd0f7da9d7f6c75757e136299c9001695638ad23fc2ae085194051270430961541d58ed4b4420740af2c1f
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance
-        Code Signing CA
-      ValidFrom: '2013-10-22 12:00:00'
-      ValidTo: '2028-10-22 12:00:00'
-      Signature: 6a0eff7e137c06a54bc02e8cf9536409e2ba58913050eccc9fe1d3a82f4846361829d078285f9856400f1ebabdb13b875cdc5bd8200ded1a164dd51124214bf127699013eb11a101dafdb54e795975bd382a6ac3f68e412b8aa28bd72c5151d99ca0c8e34eba6ca847d24ed1681f8c02573bb3296a8e6a202ab9f2006264bac8e900f9cca4d4ba9a35d8af2c656c167c5821de4a30d0faeb245d06c99d16b7ad4a45d325e20cf040aa5c4dac7ecd0682b976466908d832b682fee3a95834431b8e6767973f6831163638953e87f7c7c3af9d7a7719d9de93b5fd6e2bfc94f93db74c12352c30bee88d9e05709a4813f48cd6e71eac38e7a8f3ad0cb77aec67ed
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 0b7e10903c38490ffa2f679a87a1a7b9
-      Version: 3
-      TBS:
-        MD5: 7b0fbcf5c5aa55932726e9222f56efe2
-        SHA1: f09486b2b82a88a8b82aa2a12440496c8e53c452
-        SHA256: 0bf095b845b69928b5d7dfd1c42ae4f90feb8dc97f7830598c93e848877021fb
-        SHA384: f2a7644292efe9a7adc26cdeb0aa13980ea792d21845ba696684ac64d7f906839f3ec7625c3a88efefe3a451d961d317
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 081666295845159f57ae88f441bf237e
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance
-        Code Signing CA
-      Version: 1
-  Imphash: 531d2392dbdd314fb1d9318fe9e5c4d2
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create GLCKIO2.sys binPath=C:\windows\temp\GLCKIO2.sys type=kernel
+        && sc.exe start GLCKIO2.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://github.com/namazso/physmem_drivers
-Tags:
-- GLCKIO2.sys
-Verified: 'TRUE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 505c5b85b442f9159ba715d4867f9ac4
+        SHA1: 83644f9ece6d6ef3517e1829595c52380922ed35
+        SHA256: 25a0854ef48a4dfbc7f04e94d2b11757e3613b241d39d46a19cb389ce42887e4
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2018-03-07 20:19:59'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: GLCKIO2.sys
+    ImportedFunctions:
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - MmGetSystemRoutineAddress
+    - ObfDereferenceObject
+    - ZwClose
+    - ZwOpenSection
+    - ZwMapViewOfSection
+    - ZwUnmapViewOfSection
+    - KeBugCheckEx
+    - ObReferenceObjectByHandle
+    - RtlInitUnicodeString
+    - HalTranslateBusAddress
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: e700a820f117f65e813b216fccbf78c9
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ASUSTeK Computer Inc.
+    RichPEHeaderHash:
+        MD5: c313873f5ce214b5624db6b499102fee
+        SHA1: d5ee39a2895fbe8b482f5dbfbde742c7d7d15cc0
+        SHA256: 4ec4d45de9901ae64bb1910901ea62302741290c44b2dadca489704f503a9191
+    SHA1: 2dfcb799b3c42ecb0472e27c19b24ac7532775ce
+    SHA256: 3a5ec83fe670e5e23aef3afa0a7241053f5b6be5e6ca01766d6b5f9177183c25
+    Sections:
+        .text:
+            Entropy: 6.3934424260540705
+            Virtual Size: '0x1334'
+        .rdata:
+            Entropy: 5.626296674970018
+            Virtual Size: '0x6d4'
+        .data:
+            Entropy: 0.28109187076190567
+            Virtual Size: '0x218'
+        .pdata:
+            Entropy: 3.6286301597756387
+            Virtual Size: '0xf0'
+        INIT:
+            Entropy: 5.203390798662231
+            Virtual Size: '0x2b2'
+        .reloc:
+            Entropy: 2.7841837197791888
+            Virtual Size: '0x14'
+    Signature:
+    - ASUSTeK Computer Inc.
+    - DigiCert SHA2 High Assurance Code Signing CA
+    - DigiCert
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=TW, ST=Taipei, L=Taipei City, O=ASUSTeK Computer Inc., CN=ASUSTeK
+                Computer Inc.
+            ValidFrom: '2015-07-27 00:00:00'
+            ValidTo: '2018-08-01 12:00:00'
+            Signature: 2948e468e6568d1fedd506d0da7e29571b2a943cf7e9c221d7724383882eec14c491862ca1e2e56951e303305332234a0434b832e00953a239ab49df85d1fb32325a6a9a8ba53493c9d0c161cad6557aec67738ee61cbfdd01646b97c7f4a8c3f96bb76573bbec2ca86ed604cd9b6c373bf494c2b4841b2d1816b944813f3345f551bd6b22b37be6e0eb71ccfde21911624acb7d8675be96c911a67839285c5f72b991ff235d0fa7361b01ce420eed7425d7b98941b7ab278bd02e8e75f5695560c278ce556ce884921f15fb5688fca91ba4fff3bda818689671e834e37e4d4e1802e7d7e0692087fba38845fb672d5091e8e3c8af16accf318e000a89b53fe5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 081666295845159f57ae88f441bf237e
+            Version: 3
+            TBS:
+                MD5: 10f65f793a1d7843aca33673879fea69
+                SHA1: e211b40ceb03f3e15ab8b2407bab60a5b072080a
+                SHA256: d75ee672c954049678034ffd7a95c420ead0b757ab0f52b88db1a02c8730df94
+                SHA384: 73eb8b32bbfd0f7da9d7f6c75757e136299c9001695638ad23fc2ae085194051270430961541d58ed4b4420740af2c1f
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High
+                Assurance Code Signing CA
+            ValidFrom: '2013-10-22 12:00:00'
+            ValidTo: '2028-10-22 12:00:00'
+            Signature: 6a0eff7e137c06a54bc02e8cf9536409e2ba58913050eccc9fe1d3a82f4846361829d078285f9856400f1ebabdb13b875cdc5bd8200ded1a164dd51124214bf127699013eb11a101dafdb54e795975bd382a6ac3f68e412b8aa28bd72c5151d99ca0c8e34eba6ca847d24ed1681f8c02573bb3296a8e6a202ab9f2006264bac8e900f9cca4d4ba9a35d8af2c656c167c5821de4a30d0faeb245d06c99d16b7ad4a45d325e20cf040aa5c4dac7ecd0682b976466908d832b682fee3a95834431b8e6767973f6831163638953e87f7c7c3af9d7a7719d9de93b5fd6e2bfc94f93db74c12352c30bee88d9e05709a4813f48cd6e71eac38e7a8f3ad0cb77aec67ed
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 0b7e10903c38490ffa2f679a87a1a7b9
+            Version: 3
+            TBS:
+                MD5: 7b0fbcf5c5aa55932726e9222f56efe2
+                SHA1: f09486b2b82a88a8b82aa2a12440496c8e53c452
+                SHA256: 0bf095b845b69928b5d7dfd1c42ae4f90feb8dc97f7830598c93e848877021fb
+                SHA384: f2a7644292efe9a7adc26cdeb0aa13980ea792d21845ba696684ac64d7f906839f3ec7625c3a88efefe3a451d961d317
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 081666295845159f57ae88f441bf237e
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High
+                Assurance Code Signing CA
+            Version: 1
+    Imphash: 531d2392dbdd314fb1d9318fe9e5c4d2
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 86b5239d6b6fe0d6fad286f809d7571a
+        SHA1: d99b80b3269d735cac43af5e43483e64ca7961c3
+        SHA256: 47dba240967fd0088be618163672dfbddf0138178cccd45b54037f622b221220
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2018-04-23 01:12:05'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: GLCKIO2.sys
+    ImportedFunctions:
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - MmGetSystemRoutineAddress
+    - ObfDereferenceObject
+    - ZwClose
+    - ZwOpenSection
+    - ZwMapViewOfSection
+    - ZwUnmapViewOfSection
+    - KeBugCheckEx
+    - ObReferenceObjectByHandle
+    - RtlInitUnicodeString
+    - HalTranslateBusAddress
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: d253c19194a18030296ae62a10821640
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ASUSTeK Computer Inc.
+    RichPEHeaderHash:
+        MD5: 3e4e63f1d63e32f35d6a20d42c7497c3
+        SHA1: 402c8409593413412a856d04cee831eb090974d3
+        SHA256: a5652922be958f012a7daec6d23e41aba301616e53e0971ca5edddcc7112eb58
+    SHA1: cc51be79ae56bc97211f6b73cc905c3492da8f9d
+    SHA256: 61a1bdddd3c512e681818debb5bee94db701768fc25e674fcad46592a3259bd0
+    Sections:
+        .text:
+            Entropy: 6.405831545608102
+            Virtual Size: '0x1374'
+        .rdata:
+            Entropy: 5.632017178608109
+            Virtual Size: '0x6d4'
+        .data:
+            Entropy: 0.28109187076190567
+            Virtual Size: '0x218'
+        .pdata:
+            Entropy: 3.6367331036245374
+            Virtual Size: '0xfc'
+        INIT:
+            Entropy: 5.203390798662231
+            Virtual Size: '0x2b2'
+        .reloc:
+            Entropy: 2.7841837197791888
+            Virtual Size: '0x14'
+    Signature:
+    - ASUSTeK Computer Inc.
+    - DigiCert SHA2 High Assurance Code Signing CA
+    - DigiCert
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=TW, ST=Taipei, L=Taipei City, O=ASUSTeK Computer Inc., CN=ASUSTeK
+                Computer Inc.
+            ValidFrom: '2015-07-27 00:00:00'
+            ValidTo: '2018-08-01 12:00:00'
+            Signature: 2948e468e6568d1fedd506d0da7e29571b2a943cf7e9c221d7724383882eec14c491862ca1e2e56951e303305332234a0434b832e00953a239ab49df85d1fb32325a6a9a8ba53493c9d0c161cad6557aec67738ee61cbfdd01646b97c7f4a8c3f96bb76573bbec2ca86ed604cd9b6c373bf494c2b4841b2d1816b944813f3345f551bd6b22b37be6e0eb71ccfde21911624acb7d8675be96c911a67839285c5f72b991ff235d0fa7361b01ce420eed7425d7b98941b7ab278bd02e8e75f5695560c278ce556ce884921f15fb5688fca91ba4fff3bda818689671e834e37e4d4e1802e7d7e0692087fba38845fb672d5091e8e3c8af16accf318e000a89b53fe5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 081666295845159f57ae88f441bf237e
+            Version: 3
+            TBS:
+                MD5: 10f65f793a1d7843aca33673879fea69
+                SHA1: e211b40ceb03f3e15ab8b2407bab60a5b072080a
+                SHA256: d75ee672c954049678034ffd7a95c420ead0b757ab0f52b88db1a02c8730df94
+                SHA384: 73eb8b32bbfd0f7da9d7f6c75757e136299c9001695638ad23fc2ae085194051270430961541d58ed4b4420740af2c1f
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High
+                Assurance Code Signing CA
+            ValidFrom: '2013-10-22 12:00:00'
+            ValidTo: '2028-10-22 12:00:00'
+            Signature: 6a0eff7e137c06a54bc02e8cf9536409e2ba58913050eccc9fe1d3a82f4846361829d078285f9856400f1ebabdb13b875cdc5bd8200ded1a164dd51124214bf127699013eb11a101dafdb54e795975bd382a6ac3f68e412b8aa28bd72c5151d99ca0c8e34eba6ca847d24ed1681f8c02573bb3296a8e6a202ab9f2006264bac8e900f9cca4d4ba9a35d8af2c656c167c5821de4a30d0faeb245d06c99d16b7ad4a45d325e20cf040aa5c4dac7ecd0682b976466908d832b682fee3a95834431b8e6767973f6831163638953e87f7c7c3af9d7a7719d9de93b5fd6e2bfc94f93db74c12352c30bee88d9e05709a4813f48cd6e71eac38e7a8f3ad0cb77aec67ed
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 0b7e10903c38490ffa2f679a87a1a7b9
+            Version: 3
+            TBS:
+                MD5: 7b0fbcf5c5aa55932726e9222f56efe2
+                SHA1: f09486b2b82a88a8b82aa2a12440496c8e53c452
+                SHA256: 0bf095b845b69928b5d7dfd1c42ae4f90feb8dc97f7830598c93e848877021fb
+                SHA384: f2a7644292efe9a7adc26cdeb0aa13980ea792d21845ba696684ac64d7f906839f3ec7625c3a88efefe3a451d961d317
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 081666295845159f57ae88f441bf237e
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High
+                Assurance Code Signing CA
+            Version: 1
+    Imphash: 531d2392dbdd314fb1d9318fe9e5c4d2
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/86b520f6-cc90-4488-b343-168cad88010d.yaml b/yaml/86b520f6-cc90-4488-b343-168cad88010d.yaml
index 945fb038b..29fdd35e8 100644
--- a/yaml/86b520f6-cc90-4488-b343-168cad88010d.yaml
+++ b/yaml/86b520f6-cc90-4488-b343-168cad88010d.yaml
@@ -1,35 +1,35 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 86b520f6-cc90-4488-b343-168cad88010d
+Tags:
+- gameink.sys
+Verified: 'FALSE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create gameink.sys binPath=C:\windows\temp\gameink.sys type=kernel
-    && sc.exe start gameink.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection: []
-Id: 86b520f6-cc90-4488-b343-168cad88010d
-KnownVulnerableSamples:
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: gameink.sys
-  MachineType: ''
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: 3ae56ab63230d6d9552360845b4a37b5801cc5ea
-  Signature: []
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create gameink.sys binPath=C:\windows\temp\gameink.sys type=kernel
+        && sc.exe start gameink.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules
-Tags:
-- gameink.sys
-Verified: 'FALSE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: gameink.sys
+    MachineType: ''
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: 3ae56ab63230d6d9552360845b4a37b5801cc5ea
+    Signature: []
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/86cff0de-2536-4b8d-a846-a7312c569597.yaml b/yaml/86cff0de-2536-4b8d-a846-a7312c569597.yaml
index 5a79705a8..07e3bf19d 100644
--- a/yaml/86cff0de-2536-4b8d-a846-a7312c569597.yaml
+++ b/yaml/86cff0de-2536-4b8d-a846-a7312c569597.yaml
@@ -1,3897 +1,3913 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 86cff0de-2536-4b8d-a846-a7312c569597
+Tags:
+- nicm.sys
+Verified: 'TRUE'
 Author: Michael Haag
+Created: '2023-01-09'
+MitreID: T1068
 CVE:
 - CVE-2013-3956
 Category: vulnerable driver
 Commands:
-  Command: sc.exe create nicm.sys binPath=C:\windows\temp \n \n \n  icm.sys type=kernel
-    && sc.exe start nicm.sys
-  Description: nicm.sys is a vulnerable driver. CVE-2013-3956.
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
-Created: '2023-01-09'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/e6056443537d4d2314dabca1b9168f1eaaf17a14eb41f6f5741b6b82b3119790.yara
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: 86cff0de-2536-4b8d-a846-a7312c569597
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 8ab7a633b1d27ac3e7c25caea6609472
-    SHA1: 872091f5134150b9d0dee6a749bc1cd7a8145bd6
-    SHA256: 714d8791e37373f92f0242a6694cc232686caab69d7ae64b5ed31094cc352893
-  Company: Novell, Inc.
-  Copyright: "Copyright \xA9 1997-2007 Novell, Inc."
-  CreationTimestamp: '2007-08-09 13:33:01'
-  Date: ''
-  Description: Novell Client Portability Layer
-  ExportedFunctions:
-  - DllGetClassObject
-  - XTCOM_Table
-  FileVersion: 3.1.0.0
-  Filename: ''
-  ImportedFunctions:
-  - KeWaitForSingleObject
-  - ZwEnumerateKey
-  - ZwOpenKey
-  - ExAllocatePoolWithTag
-  - ZwCreateKey
-  - ExFreePoolWithTag
-  - ExReleaseFastMutex
-  - ExAcquireFastMutex
-  - RtlInitUnicodeString
-  - ZwSetValueKey
-  - ZwQueryValueKey
-  - ZwEnumerateValueKey
-  - ZwClose
-  - RtlAppendUnicodeStringToString
-  - RtlCopyUnicodeString
-  - ZwDeleteKey
-  - DbgBreakPoint
-  - DbgPrintEx
-  - DbgPrint
-  - RtlUpcaseUnicodeString
-  - RtlAnsiStringToUnicodeString
-  - RtlUnicodeStringToAnsiString
-  - RtlUnicodeStringToOemString
-  - RtlFreeUnicodeString
-  - RtlOemStringToUnicodeString
-  - RtlFreeAnsiString
-  - KeReleaseSpinLock
-  - KeAcquireSpinLockRaiseToDpc
-  - RtlIntegerToUnicodeString
-  - RtlAppendUnicodeToString
-  - RtlInitString
-  - RtlEqualUnicodeString
-  - RtlCompareString
-  - KeReleaseMutex
-  - RtlCompareUnicodeString
-  - RtlEqualString
-  - RtlUnicodeStringToInteger
-  - ExDeleteResourceLite
-  - ExInitializeResourceLite
-  - KeWaitForMultipleObjects
-  - ExAcquireResourceExclusiveLite
-  - KeResetEvent
-  - KeInitializeMutex
-  - KeLeaveCriticalRegion
-  - KeSetEvent
-  - ExIsResourceAcquiredSharedLite
-  - ExIsResourceAcquiredExclusiveLite
-  - KeEnterCriticalRegion
-  - ExAcquireResourceSharedLite
-  - ExReleaseResourceLite
-  - KeSetPriorityThread
-  - IoDeleteDevice
-  - IoCreateDevice
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - RtlCompareMemory
-  - IoUninitializeWorkItem
-  - IoFreeWorkItem
-  - KeInitializeDpc
-  - KeInitializeTimer
-  - KeDelayExecutionThread
-  - IoAllocateWorkItem
-  - KeSetTimer
-  - IoInitializeWorkItem
-  - IoQueueWorkItem
-  - KeCancelTimer
-  - KeBugCheckEx
-  - RtlCopyString
-  - KeInitializeEvent
-  - NicmCreateInstance
-  Imports:
-  - ntoskrnl.exe
-  - nicm.sys
-  InternalName: ''
-  MD5: f0470f82ba58bc4309f83a0f2aefa4d5
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: NICM.SYS
-  PDBPath: ''
-  Product: Novell XTier for Windows
-  ProductVersion: v3.1 (20060808)
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 7ccba2f5532d28974864bb49f2f7ecde
-    SHA1: d70b833fc592a8822e52af45961fb0eb6675311c
-    SHA256: 2c7265667f82af5943f1c9d0a07c904f2bc44c93380430659daaabd4527fa943
-  SHA1: 468cc011807704c04892ed209cf81d7896a12a0c
-  SHA256: 7a2cd1dc110d014165c001ce65578da0c0c8d7d41cc1fa44f974e8a82296fc25
-  Sections:
-    .text:
-      Entropy: 6.271115658266926
-      Virtual Size: '0x7b1f'
-    .rdata:
-      Entropy: 4.718199381290541
-      Virtual Size: '0x7c8'
-    .data:
-      Entropy: 2.3540808182213286
-      Virtual Size: '0x8c8'
-    .pdata:
-      Entropy: 4.31228440148608
-      Virtual Size: '0x5ac'
-    .edata:
-      Entropy: 4.031879483268685
-      Virtual Size: '0x63'
-    INIT:
-      Entropy: 5.176988201091535
-      Virtual Size: '0x96e'
-    .rsrc:
-      Entropy: 3.3027380404804765
-      Virtual Size: '0x350'
-    .reloc:
-      Entropy: 3.6567400216610486
-      Virtual Size: '0x160'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, OU=Novell Products Group, CN=Novell, Inc.
-      ValidFrom: '2007-04-04 00:00:00'
-      ValidTo: '2010-04-27 23:59:59'
-      Signature: 267f71f6ee43755fd6395f85c34bb15a72a6f2a959c2074627d294395fb1aaa4c7bbeff369d735628b233bde7e5c95a0f1837e5ad03704270834ce9c1b07649a256027930f44e064568666b06e7f9dc3cd299b38b0a6766301200ab58434a05a34a369ab99bbbf2aaa6b3603481e0393a80ea09e78a7cf55317a9590c49887f02e1fd948c3b1f6d203e91782ce423d0569f45e7f074205df5f92be6ccd9836641439af4390022242e0ca84aedb0d71c5a50f2dbd1ed30e5ac9c1bda67c694f94f2fe4aa83945ed32e426afe26f44dcb6dcc8186728f86f1a1bddc1ea7dd82b76578a42d1e63bf5f8f348fbcd509094858978e375d277394529df1dd5d78abab2
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 4808d93b14b8600dbfa18dab5d15310f
-      Version: 3
-      TBS:
-        MD5: adddb65a3a360b3c1a55cb33e426f32a
-        SHA1: 93d9b282265288a94ee4f1a01c5fb3a08badb7ac
-        SHA256: d98d63f26125a94eb767fdd2526f6c74bfb40cb4d117a1d87ca3ed0d99bd6f0b
-        SHA384: cf20d9d6343b52b05ebaeace8a75ad950089e2d55508571cf5b153583fdf2d7b11bc61b8f38bfa70f09b2e7ac63d9ef5
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 4808d93b14b8600dbfa18dab5d15310f
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  Imphash: f2dc136141066311fddef65f7f417c44
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 7697518920cf8fbf166debae5a206af1
-    SHA1: 1f88ab369211281a41f2b14032beec28dfa8fb9a
-    SHA256: aeaafcb5d6a7f0354915c615bd0cf0e024168d17bd87d4dfe0bd60099482b4a4
-  Company: Novell, Inc.
-  Copyright: (C) Copyright 2000-2015, Novell, Inc. All Rights Reserved.
-  CreationTimestamp: '2015-12-22 01:29:49'
-  Date: ''
-  Description: Novell Client Portability Layer
-  ExportedFunctions:
-  - DllGetClassObject
-  - XTCOM_Table
-  FileVersion: 3.1.12.0
-  Filename: ''
-  ImportedFunctions:
-  - KeWaitForSingleObject
-  - ExAllocatePoolWithTag
-  - ZwCreateKey
-  - ExFreePoolWithTag
-  - ExReleaseFastMutex
-  - ExAcquireFastMutex
-  - RtlInitUnicodeString
-  - ZwSetValueKey
-  - ZwQueryValueKey
-  - ZwEnumerateValueKey
-  - ZwClose
-  - RtlAppendUnicodeStringToString
-  - RtlCopyUnicodeString
-  - ZwDeleteKey
-  - ZwEnumerateKey
-  - ZwOpenKey
-  - DbgPrintEx
-  - RtlUpcaseUnicodeString
-  - RtlAnsiStringToUnicodeString
-  - RtlUnicodeStringToAnsiString
-  - RtlUnicodeStringToOemString
-  - RtlFreeUnicodeString
-  - RtlOemStringToUnicodeString
-  - RtlFreeAnsiString
-  - DbgPrint
-  - KeReleaseSpinLock
-  - KeAcquireSpinLockRaiseToDpc
-  - RtlIntegerToUnicodeString
-  - RtlAppendUnicodeToString
-  - RtlInitString
-  - RtlEqualUnicodeString
-  - RtlCompareString
-  - RtlCopyString
-  - KeReleaseMutex
-  - RtlEqualString
-  - RtlUnicodeStringToInteger
-  - ExAcquireResourceExclusiveLite
-  - KeResetEvent
-  - KeInitializeMutex
-  - KeLeaveCriticalRegion
-  - KeSetEvent
-  - ExIsResourceAcquiredSharedLite
-  - ExIsResourceAcquiredExclusiveLite
-  - KeEnterCriticalRegion
-  - ExAcquireResourceSharedLite
-  - ExReleaseResourceLite
-  - ExDeleteResourceLite
-  - ExInitializeResourceLite
-  - KeWaitForMultipleObjects
-  - KeSetPriorityThread
-  - IoDeleteDevice
-  - IoCreateDevice
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - RtlCompareMemory
-  - IoUninitializeWorkItem
-  - IoFreeWorkItem
-  - KeInitializeDpc
-  - KeInitializeTimer
-  - KeDelayExecutionThread
-  - IoAllocateWorkItem
-  - KeSetTimer
-  - IoInitializeWorkItem
-  - IoQueueWorkItem
-  - KeCancelTimer
-  - KeBugCheckEx
-  - RtlCompareUnicodeString
-  - KeInitializeEvent
-  - NicmCreateInstance
-  Imports:
-  - ntoskrnl.exe
-  - nicm.sys
-  InternalName: ''
-  MD5: afae2a21e36158f5cf4f76f896649c75
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: NICM.SYS
-  PDBPath: ''
-  Product: Novell XTier
-  ProductVersion: 3.1.12
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 69be7d6bc33a7ee9619315180123bd46
-    SHA1: 7ee6731a37901780d7908fc3fad4474835f832bf
-    SHA256: 14ccd7b6557e31d8e57079e70c05cb15da8336c7380554b9b40f44840989f524
-  SHA1: 341225961c15a969c62de38b4ec1938f65fda178
-  SHA256: 18f306b6edcfacd33b7b244eaecdd0986ef342f0d381158844d1f0ee1ac5c8d7
-  Sections:
-    .text:
-      Entropy: 6.2855065800689305
-      Virtual Size: '0x7b2f'
-    .rdata:
-      Entropy: 4.660382805116314
-      Virtual Size: '0x7c4'
-    .data:
-      Entropy: 2.3645507783558646
-      Virtual Size: '0x8c8'
-    .pdata:
-      Entropy: 4.358085264959065
-      Virtual Size: '0x5dc'
-    .edata:
-      Entropy: 4.011677463066665
-      Virtual Size: '0x63'
-    INIT:
-      Entropy: 5.216888652235111
-      Virtual Size: '0x976'
-    .rsrc:
-      Entropy: 3.2874866188516565
-      Virtual Size: '0x360'
-    .reloc:
-      Entropy: 3.6567400216610486
-      Virtual Size: '0x160'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=Novell, Inc.
-      ValidFrom: '2013-03-05 00:00:00'
-      ValidTo: '2016-06-03 23:59:59'
-      Signature: dbb57cdba61b53b01c104cf3d4e6d31a0b127402fa3a5213dd686a48a858b7581868cb93fe789e249ef175deca865e2387ba579d8088691b5475c836d8c9fcafcca373a0d43c5a07029da9915827d5ca8fb80c0c676ce33f8f028e00d7a197b7ae7b0f726a1eed35d30591fffdbb14bd78c01c1d47cc18de85424fc81bbbbb1733498a35712ed119db159f3939fae462bcf5e2bde54b32c1cbe38a40f6389d5d849459a9401c4c0edeec46fe8dde11e184efb79298c1aa8f0a776e32be63d49b072d7f24c88eded44e6345e5df49a5592094278f8605402082896432b788f3bf1ea2e3912bc3c4bdaf6d609ee52d38fb25b9245441277b5ab7d70b0bda6fbfee
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 22184f284c89a9c053cd2b78b4189eea
-      Version: 3
-      TBS:
-        MD5: 5b1207ffffc0eff3784003d17b3e71a9
-        SHA1: 564b29bd3d1ae704393bf72a6e3e6931d3d4184d
-        SHA256: 2b9c106aae9a1675874a797c8571eb9fcec0a503ca4ddff69603321350fe3e68
-        SHA384: eac8e04313e7d424d650203026e3011abf7f02f40fecd7ab1a139aa229fabe40ac62b1f262780c4b27758214b08f7e87
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 22184f284c89a9c053cd2b78b4189eea
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 8ec78cf864273fd81203678b61c41f04
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 3b9d5fd8e9bbb6a450a9d8e0e0d7e586
-    SHA1: b532f7e149057c438812c98d253786608b269f9c
-    SHA256: 1c4f56281d762bfaeb2168c13f3349611c8e3443602d2015540a742d6e79e6bc
-  Company: Novell, Inc.
-  Copyright: (C) Copyright 2000-2011, Novell, Inc. All Rights Reserved.
-  CreationTimestamp: '2011-09-29 19:29:13'
-  Date: ''
-  Description: Novell Client Portability Layer
-  ExportedFunctions:
-  - DllGetClassObject
-  - XTCOM_Table
-  FileVersion: 3.1.6.0
-  Filename: ''
-  ImportedFunctions:
-  - KeWaitForSingleObject
-  - ZwEnumerateKey
-  - ZwOpenKey
-  - ExAllocatePoolWithTag
-  - ZwCreateKey
-  - ExFreePoolWithTag
-  - ExReleaseFastMutex
-  - ExAcquireFastMutex
-  - RtlInitUnicodeString
-  - ZwSetValueKey
-  - ZwQueryValueKey
-  - ZwEnumerateValueKey
-  - ZwClose
-  - RtlAppendUnicodeStringToString
-  - RtlCopyUnicodeString
-  - ZwDeleteKey
-  - DbgBreakPoint
-  - DbgPrintEx
-  - DbgPrint
-  - RtlUpcaseUnicodeString
-  - RtlAnsiStringToUnicodeString
-  - RtlUnicodeStringToAnsiString
-  - RtlUnicodeStringToOemString
-  - RtlFreeUnicodeString
-  - RtlOemStringToUnicodeString
-  - RtlFreeAnsiString
-  - KeReleaseSpinLock
-  - KeAcquireSpinLockRaiseToDpc
-  - RtlIntegerToUnicodeString
-  - RtlAppendUnicodeToString
-  - RtlInitString
-  - RtlEqualUnicodeString
-  - RtlCompareString
-  - KeReleaseMutex
-  - RtlCompareUnicodeString
-  - RtlEqualString
-  - RtlUnicodeStringToInteger
-  - ExDeleteResourceLite
-  - ExInitializeResourceLite
-  - KeWaitForMultipleObjects
-  - ExAcquireResourceExclusiveLite
-  - KeResetEvent
-  - KeInitializeMutex
-  - KeLeaveCriticalRegion
-  - KeSetEvent
-  - ExIsResourceAcquiredSharedLite
-  - ExIsResourceAcquiredExclusiveLite
-  - KeEnterCriticalRegion
-  - ExAcquireResourceSharedLite
-  - ExReleaseResourceLite
-  - KeSetPriorityThread
-  - IoDeleteDevice
-  - IoCreateDevice
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - RtlCompareMemory
-  - IoUninitializeWorkItem
-  - IoFreeWorkItem
-  - KeInitializeDpc
-  - KeInitializeTimer
-  - KeDelayExecutionThread
-  - IoAllocateWorkItem
-  - KeSetTimer
-  - IoInitializeWorkItem
-  - IoQueueWorkItem
-  - KeCancelTimer
-  - KeBugCheckEx
-  - RtlCopyString
-  - KeInitializeEvent
-  - NicmCreateInstance
-  Imports:
-  - ntoskrnl.exe
-  - nicm.sys
-  InternalName: ''
-  MD5: f0fdfdf3303e2f7c141aa3a24d523af1
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: NICM.SYS
-  PDBPath: ''
-  Product: Novell XTier
-  ProductVersion: 3.1.6
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 7ccba2f5532d28974864bb49f2f7ecde
-    SHA1: d70b833fc592a8822e52af45961fb0eb6675311c
-    SHA256: 2c7265667f82af5943f1c9d0a07c904f2bc44c93380430659daaabd4527fa943
-  SHA1: 7d1ff4096a75f9fcc67c7c9c810d99874c096b6b
-  SHA256: ec1307356828426d60eab78ffb5fc48a06a389dea6e7cc13621f1fa82858a613
-  Sections:
-    .text:
-      Entropy: 6.2707978239378175
-      Virtual Size: '0x7b1f'
-    .rdata:
-      Entropy: 4.6917392818323265
-      Virtual Size: '0x7bc'
-    .data:
-      Entropy: 2.3540808182213286
-      Virtual Size: '0x8c8'
-    .pdata:
-      Entropy: 4.361174275174132
-      Virtual Size: '0x5ac'
-    .edata:
-      Entropy: 4.011677463066665
-      Virtual Size: '0x63'
-    INIT:
-      Entropy: 5.176988201091535
-      Virtual Size: '0x96e'
-    .rsrc:
-      Entropy: 3.2847696985415267
-      Virtual Size: '0x358'
-    .reloc:
-      Entropy: 3.6567400216610486
-      Virtual Size: '0x160'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, OU=Novell Products Group, CN=Novell, Inc.
-      ValidFrom: '2010-04-03 00:00:00'
-      ValidTo: '2013-04-26 23:59:59'
-      Signature: 2d2eec4636a0c1f359ef30a107e6c2301ad12c09ab9fdac02211aaef81323d1daee3a14a150bf9f4c7d0d788d5f486ea75e40abeb502a2267171be53030fe7614af7a2015eabd4c26e887ec9220beb3666fc68158d2b8dd659e3fe55245821c10e37ddeebac63eb1848512c64a543a13ba6735b156c6dc13395890e8003e03e7c2613e2c1de1dfadfe072cd7655e3b4166fe973233b4f81ecf810541382d67c92f29d76e220543a7179b606011b932cee250f99f260b29e79236cec10b67e0e0e48cb74593a7ce2e3cfafb6c58ac7ae5c10a591037c380b5f7516cac8f4ec695b020ca2445cb9bf97eb56c09d4a62618871b482ef97c5894349e10f62e2ee68b
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 41ec87c0295f2c734169b8a23c66ac9a
-      Version: 3
-      TBS:
-        MD5: b1504f143b89a6080710bafcededb833
-        SHA1: 5c2696893ebba1e81d918a4fadda143c25c77286
-        SHA256: ae1dc09d08e93ace95fe203adfbfadcd4c029529d3f99ab381c368064b58d9a0
-        SHA384: 18c6db711578cfcd4bce87c63d053e242c7c196efc892c2d4a8733cb75bb7dc3cac3f702e0e1d4b7fa2c590acb53fdee
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 41ec87c0295f2c734169b8a23c66ac9a
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  Imphash: f2dc136141066311fddef65f7f417c44
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: cc800895376e2545965a860cd6087f2c
-    SHA1: 1db41ce46ac93d045f5e2d282018d142e19b796c
-    SHA256: bae01ea7b49bd090e198448c41293830a6e2c68821d65f69ec7dc98a16baef21
-  Company: Novell, Inc.
-  Copyright: (C) Copyright 2000-2008, Novell, Inc. All Rights Reserved.
-  CreationTimestamp: '2009-09-08 13:36:24'
-  Date: ''
-  Description: Novell Client Portability Layer
-  ExportedFunctions:
-  - DllGetClassObject
-  - XTCOM_Table
-  FileVersion: 3.1.6.0
-  Filename: ''
-  ImportedFunctions:
-  - KeWaitForSingleObject
-  - ZwEnumerateKey
-  - ZwOpenKey
-  - ExAllocatePoolWithTag
-  - ZwCreateKey
-  - ExFreePoolWithTag
-  - ExReleaseFastMutex
-  - ExAcquireFastMutex
-  - RtlInitUnicodeString
-  - ZwSetValueKey
-  - ZwQueryValueKey
-  - ZwEnumerateValueKey
-  - ZwClose
-  - RtlAppendUnicodeStringToString
-  - RtlCopyUnicodeString
-  - ZwDeleteKey
-  - DbgBreakPoint
-  - DbgPrintEx
-  - DbgPrint
-  - RtlUpcaseUnicodeString
-  - RtlAnsiStringToUnicodeString
-  - RtlUnicodeStringToAnsiString
-  - RtlUnicodeStringToOemString
-  - RtlFreeUnicodeString
-  - RtlOemStringToUnicodeString
-  - RtlFreeAnsiString
-  - KeReleaseSpinLock
-  - KeAcquireSpinLockRaiseToDpc
-  - RtlIntegerToUnicodeString
-  - RtlAppendUnicodeToString
-  - RtlInitString
-  - RtlEqualUnicodeString
-  - RtlCompareString
-  - KeReleaseMutex
-  - RtlCompareUnicodeString
-  - RtlEqualString
-  - RtlUnicodeStringToInteger
-  - ExDeleteResourceLite
-  - ExInitializeResourceLite
-  - KeWaitForMultipleObjects
-  - ExAcquireResourceExclusiveLite
-  - KeResetEvent
-  - KeInitializeMutex
-  - KeLeaveCriticalRegion
-  - KeSetEvent
-  - ExIsResourceAcquiredSharedLite
-  - ExIsResourceAcquiredExclusiveLite
-  - KeEnterCriticalRegion
-  - ExAcquireResourceSharedLite
-  - ExReleaseResourceLite
-  - KeSetPriorityThread
-  - IoDeleteDevice
-  - IoCreateDevice
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - RtlCompareMemory
-  - IoUninitializeWorkItem
-  - IoFreeWorkItem
-  - KeInitializeDpc
-  - KeInitializeTimer
-  - KeDelayExecutionThread
-  - IoAllocateWorkItem
-  - KeSetTimer
-  - IoInitializeWorkItem
-  - IoQueueWorkItem
-  - KeCancelTimer
-  - KeBugCheckEx
-  - RtlCopyString
-  - KeInitializeEvent
-  - NicmCreateInstance
-  Imports:
-  - ntoskrnl.exe
-  - nicm.sys
-  InternalName: ''
-  MD5: 18b4bbeae6b07d2e21729b8698bbd25a
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: NICM.SYS
-  PDBPath: ''
-  Product: Novell XTier
-  ProductVersion: 3.1.6
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 7ccba2f5532d28974864bb49f2f7ecde
-    SHA1: d70b833fc592a8822e52af45961fb0eb6675311c
-    SHA256: 2c7265667f82af5943f1c9d0a07c904f2bc44c93380430659daaabd4527fa943
-  SHA1: 4f077a95908b154ea12faa95de711cb44359c162
-  SHA256: 6b71b7f86e41540a82d7750a698e0386b74f52962b879cbb46f17935183cd2c7
-  Sections:
-    .text:
-      Entropy: 6.2707978239378175
-      Virtual Size: '0x7b1f'
-    .rdata:
-      Entropy: 4.6759014067495945
-      Virtual Size: '0x7b0'
-    .data:
-      Entropy: 2.3540808182213286
-      Virtual Size: '0x8c8'
-    .pdata:
-      Entropy: 4.350999244708875
-      Virtual Size: '0x5ac'
-    .edata:
-      Entropy: 4.031879483268685
-      Virtual Size: '0x63'
-    INIT:
-      Entropy: 5.176988201091535
-      Virtual Size: '0x96e'
-    .rsrc:
-      Entropy: 3.285837261243419
-      Virtual Size: '0x358'
-    .reloc:
-      Entropy: 3.6567400216610486
-      Virtual Size: '0x160'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, OU=Novell Products Group, CN=Novell, Inc.
-      ValidFrom: '2007-04-04 00:00:00'
-      ValidTo: '2010-04-27 23:59:59'
-      Signature: 267f71f6ee43755fd6395f85c34bb15a72a6f2a959c2074627d294395fb1aaa4c7bbeff369d735628b233bde7e5c95a0f1837e5ad03704270834ce9c1b07649a256027930f44e064568666b06e7f9dc3cd299b38b0a6766301200ab58434a05a34a369ab99bbbf2aaa6b3603481e0393a80ea09e78a7cf55317a9590c49887f02e1fd948c3b1f6d203e91782ce423d0569f45e7f074205df5f92be6ccd9836641439af4390022242e0ca84aedb0d71c5a50f2dbd1ed30e5ac9c1bda67c694f94f2fe4aa83945ed32e426afe26f44dcb6dcc8186728f86f1a1bddc1ea7dd82b76578a42d1e63bf5f8f348fbcd509094858978e375d277394529df1dd5d78abab2
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 4808d93b14b8600dbfa18dab5d15310f
-      Version: 3
-      TBS:
-        MD5: adddb65a3a360b3c1a55cb33e426f32a
-        SHA1: 93d9b282265288a94ee4f1a01c5fb3a08badb7ac
-        SHA256: d98d63f26125a94eb767fdd2526f6c74bfb40cb4d117a1d87ca3ed0d99bd6f0b
-        SHA384: cf20d9d6343b52b05ebaeace8a75ad950089e2d55508571cf5b153583fdf2d7b11bc61b8f38bfa70f09b2e7ac63d9ef5
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 4808d93b14b8600dbfa18dab5d15310f
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  Imphash: f2dc136141066311fddef65f7f417c44
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 03cdc4a6f210907018e5feed9e180b74
-    SHA1: 8332c7bb24562beafcdf743797ff2774ff81b7f1
-    SHA256: 4b5ef4b48a5b23818e84e415c70bd7058f665cb7cba379d05da689e1cbe1148e
-  Company: Novell, Inc.
-  Copyright: (C) Copyright 2000-2011, Novell, Inc. All Rights Reserved.
-  CreationTimestamp: '2011-07-17 21:24:37'
-  Date: ''
-  Description: Novell Client Portability Layer
-  ExportedFunctions:
-  - DllGetClassObject
-  - XTCOM_Table
-  FileVersion: 3.1.6.0
-  Filename: ''
-  ImportedFunctions:
-  - RtlCopyUnicodeString
-  - RtlInitUnicodeString
-  - ExAllocatePoolWithTag
-  - ZwDeleteKey
-  - ZwEnumerateKey
-  - ZwEnumerateValueKey
-  - ZwOpenKey
-  - ZwQueryValueKey
-  - ZwSetValueKey
-  - DbgBreakPoint
-  - memset
-  - _aulldvrm
-  - DbgPrintEx
-  - RtlUpcaseUnicodeString
-  - RtlFreeUnicodeString
-  - RtlAnsiStringToUnicodeString
-  - RtlOemStringToUnicodeString
-  - RtlFreeAnsiString
-  - RtlUnicodeStringToAnsiString
-  - RtlUnicodeStringToOemString
-  - DbgPrint
-  - RtlAppendUnicodeToString
-  - RtlCompareString
-  - RtlCompareUnicodeString
-  - RtlCopyString
-  - RtlEqualString
-  - RtlEqualUnicodeString
-  - RtlInitString
-  - RtlIntegerToUnicodeString
-  - RtlUnicodeStringToInteger
-  - KeLeaveCriticalRegion
-  - KeGetCurrentThread
-  - ExAcquireResourceSharedLite
-  - RtlAppendUnicodeStringToString
-  - ExAcquireResourceExclusiveLite
-  - KeInitializeMutex
-  - ExInitializeResourceLite
-  - KeSetEvent
-  - ExDeleteResourceLite
-  - ExIsResourceAcquiredSharedLite
-  - ExIsResourceAcquiredExclusiveLite
-  - ExReleaseResourceLite
-  - KeResetEvent
-  - KeWaitForMultipleObjects
-  - _allmul
-  - KeSetPriorityThread
-  - KeQuerySystemTime
-  - IoDeleteDevice
-  - IoCreateDevice
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - RtlCompareMemory
-  - memcpy
-  - memmove
-  - IoInitializeWorkItem
-  - IoAllocateWorkItem
-  - KeCancelTimer
-  - IoFreeWorkItem
-  - IoUninitializeWorkItem
-  - KeSetTimer
-  - KeDelayExecutionThread
-  - KeInitializeDpc
-  - KeInitializeTimer
-  - IoQueueWorkItem
-  - KeTickCount
-  - KeBugCheckEx
-  - ZwCreateKey
-  - ZwClose
-  - ExFreePoolWithTag
-  - KeWaitForSingleObject
-  - KeReleaseMutex
-  - KeEnterCriticalRegion
-  - KeInitializeEvent
-  - KfAcquireSpinLock
-  - KfReleaseSpinLock
-  - ExAcquireFastMutex
-  - ExReleaseFastMutex
-  - NicmCreateInstance
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  - nicm.sys
-  InternalName: ''
-  MD5: d43dcba796b40234267ad2862fa52600
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: NICM.SYS
-  PDBPath: ''
-  Product: Novell XTier
-  ProductVersion: 3.1.6
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 9a271840015f5068d0bd867da9c79669
-    SHA1: e758d2f4525ea5880a0cd08f8f0032d89b4bd4e7
-    SHA256: d5afe68d99aac43ff5850dd37b3184bed8f8f14e681b622515121d8000b4fbbb
-  SHA1: e8234c44f3b7e4c510ef868e8c080e00e2832b07
-  SHA256: 6c5aef14613b8471f5f4fdeb9f25b5907c2335a4bc18b3c2266fb1ffd8f1741d
-  Sections:
-    .text:
-      Entropy: 6.380228257440719
-      Virtual Size: '0x5f2d'
-    .rdata:
-      Entropy: 4.9468275818590755
-      Virtual Size: '0x484'
-    .data:
-      Entropy: 3.286914336177474
-      Virtual Size: '0x4a4'
-    .edata:
-      Entropy: 4.011677463066665
-      Virtual Size: '0x63'
-    INIT:
-      Entropy: 5.486682664178041
-      Virtual Size: '0x8b0'
-    .rsrc:
-      Entropy: 3.2847696985415267
-      Virtual Size: '0x358'
-    .reloc:
-      Entropy: 6.153392798668095
-      Virtual Size: '0x600'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, OU=Novell Products Group, CN=Novell, Inc.
-      ValidFrom: '2010-04-03 00:00:00'
-      ValidTo: '2013-04-26 23:59:59'
-      Signature: 2d2eec4636a0c1f359ef30a107e6c2301ad12c09ab9fdac02211aaef81323d1daee3a14a150bf9f4c7d0d788d5f486ea75e40abeb502a2267171be53030fe7614af7a2015eabd4c26e887ec9220beb3666fc68158d2b8dd659e3fe55245821c10e37ddeebac63eb1848512c64a543a13ba6735b156c6dc13395890e8003e03e7c2613e2c1de1dfadfe072cd7655e3b4166fe973233b4f81ecf810541382d67c92f29d76e220543a7179b606011b932cee250f99f260b29e79236cec10b67e0e0e48cb74593a7ce2e3cfafb6c58ac7ae5c10a591037c380b5f7516cac8f4ec695b020ca2445cb9bf97eb56c09d4a62618871b482ef97c5894349e10f62e2ee68b
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 41ec87c0295f2c734169b8a23c66ac9a
-      Version: 3
-      TBS:
-        MD5: b1504f143b89a6080710bafcededb833
-        SHA1: 5c2696893ebba1e81d918a4fadda143c25c77286
-        SHA256: ae1dc09d08e93ace95fe203adfbfadcd4c029529d3f99ab381c368064b58d9a0
-        SHA384: 18c6db711578cfcd4bce87c63d053e242c7c196efc892c2d4a8733cb75bb7dc3cac3f702e0e1d4b7fa2c590acb53fdee
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 41ec87c0295f2c734169b8a23c66ac9a
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  Imphash: 0e4f5481813eeec4e5dd96e36020135f
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: f92697db36bdb2c33b58b765f9a1c4cc
-    SHA1: c7cee16eed16089b709b7af6c0cc8d7aacb0a5a5
-    SHA256: 75f1bea34e2bb1d26cf173eba44daeb9bbee8106d43b911a01f73f76be17a165
-  Company: Novell, Inc.
-  Copyright: (C) Copyright 2000-2013, Novell, Inc. All Rights Reserved.
-  CreationTimestamp: '2013-01-15 23:20:09'
-  Date: ''
-  Description: Novell Client Portability Layer
-  ExportedFunctions:
-  - DllGetClassObject
-  - XTCOM_Table
-  FileVersion: 3.1.11.0
-  Filename: ''
-  ImportedFunctions:
-  - RtlCopyUnicodeString
-  - RtlInitUnicodeString
-  - ExAllocatePoolWithTag
-  - ZwDeleteKey
-  - ZwEnumerateKey
-  - ZwEnumerateValueKey
-  - ZwOpenKey
-  - ZwQueryValueKey
-  - ZwSetValueKey
-  - memset
-  - _aulldvrm
-  - DbgPrintEx
-  - RtlUpcaseUnicodeString
-  - RtlFreeUnicodeString
-  - RtlAnsiStringToUnicodeString
-  - RtlOemStringToUnicodeString
-  - RtlFreeAnsiString
-  - RtlUnicodeStringToAnsiString
-  - RtlUnicodeStringToOemString
-  - DbgPrint
-  - RtlAppendUnicodeToString
-  - RtlCompareString
-  - RtlCompareUnicodeString
-  - RtlCopyString
-  - RtlEqualString
-  - RtlEqualUnicodeString
-  - RtlInitString
-  - RtlIntegerToUnicodeString
-  - RtlUnicodeStringToInteger
-  - KeGetCurrentThread
-  - KeLeaveCriticalRegion
-  - ExAcquireResourceSharedLite
-  - RtlAppendUnicodeStringToString
-  - ExAcquireResourceExclusiveLite
-  - KeInitializeMutex
-  - ExInitializeResourceLite
-  - KeSetEvent
-  - ExDeleteResourceLite
-  - ExIsResourceAcquiredSharedLite
-  - ExIsResourceAcquiredExclusiveLite
-  - ExReleaseResourceLite
-  - KeResetEvent
-  - KeWaitForMultipleObjects
-  - _allmul
-  - KeSetPriorityThread
-  - KeQuerySystemTime
-  - IoDeleteDevice
-  - IoCreateDevice
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - RtlCompareMemory
-  - memcpy
-  - memmove
-  - IoInitializeWorkItem
-  - IoAllocateWorkItem
-  - KeCancelTimer
-  - IoFreeWorkItem
-  - IoUninitializeWorkItem
-  - KeSetTimer
-  - KeDelayExecutionThread
-  - KeInitializeDpc
-  - KeInitializeTimer
-  - IoQueueWorkItem
-  - KeTickCount
-  - KeBugCheckEx
-  - ZwCreateKey
-  - ZwClose
-  - ExFreePoolWithTag
-  - KeWaitForSingleObject
-  - KeReleaseMutex
-  - KeEnterCriticalRegion
-  - KeInitializeEvent
-  - KfAcquireSpinLock
-  - KfReleaseSpinLock
-  - ExAcquireFastMutex
-  - ExReleaseFastMutex
-  - NicmCreateInstance
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  - nicm.sys
-  InternalName: ''
-  MD5: c9390a8f3ca511c1306a039ca5d80997
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: NICM.SYS
-  PDBPath: ''
-  Product: Novell XTier
-  ProductVersion: 3.1.11
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 149b373eaaa6b9300573216ad5472a05
-    SHA1: 364c8ccdf1a4cdf3aa7b575a80f594852ada2198
-    SHA256: fc5c0859d1efbed8f3831036697d4e852ade24731e8e487550e3f618650d4efe
-  SHA1: cd828ee0725f6185861fd0a9d3bd78f1d96e55bf
-  SHA256: e279e425d906ba77784fb5b2738913f5065a567d03abe4fd5571695d418c1c0f
-  Sections:
-    .text:
-      Entropy: 6.377738293670074
-      Virtual Size: '0x5f2d'
-    .rdata:
-      Entropy: 5.008103271033984
-      Virtual Size: '0x47d'
-    .data:
-      Entropy: 3.300874018242627
-      Virtual Size: '0x4a4'
-    .edata:
-      Entropy: 4.011677463066665
-      Virtual Size: '0x63'
-    INIT:
-      Entropy: 5.500070222833352
-      Virtual Size: '0x8a4'
-    .rsrc:
-      Entropy: 3.2836822710764215
-      Virtual Size: '0x360'
-    .reloc:
-      Entropy: 6.098446944342447
-      Virtual Size: '0x606'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, OU=Novell Products Group, CN=Novell, Inc.
-      ValidFrom: '2010-04-03 00:00:00'
-      ValidTo: '2013-04-26 23:59:59'
-      Signature: 2d2eec4636a0c1f359ef30a107e6c2301ad12c09ab9fdac02211aaef81323d1daee3a14a150bf9f4c7d0d788d5f486ea75e40abeb502a2267171be53030fe7614af7a2015eabd4c26e887ec9220beb3666fc68158d2b8dd659e3fe55245821c10e37ddeebac63eb1848512c64a543a13ba6735b156c6dc13395890e8003e03e7c2613e2c1de1dfadfe072cd7655e3b4166fe973233b4f81ecf810541382d67c92f29d76e220543a7179b606011b932cee250f99f260b29e79236cec10b67e0e0e48cb74593a7ce2e3cfafb6c58ac7ae5c10a591037c380b5f7516cac8f4ec695b020ca2445cb9bf97eb56c09d4a62618871b482ef97c5894349e10f62e2ee68b
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 41ec87c0295f2c734169b8a23c66ac9a
-      Version: 3
-      TBS:
-        MD5: b1504f143b89a6080710bafcededb833
-        SHA1: 5c2696893ebba1e81d918a4fadda143c25c77286
-        SHA256: ae1dc09d08e93ace95fe203adfbfadcd4c029529d3f99ab381c368064b58d9a0
-        SHA384: 18c6db711578cfcd4bce87c63d053e242c7c196efc892c2d4a8733cb75bb7dc3cac3f702e0e1d4b7fa2c590acb53fdee
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 41ec87c0295f2c734169b8a23c66ac9a
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  Imphash: 24c3d3be20e794c17844d030be03fd2f
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 3190ab9249afb0e3915a6a96b42b79a3
-    SHA1: 2c3d046b089521c5cac415b28f55e498d3050622
-    SHA256: fe425d4ea7c8d8bc2e8f32969d058f06a02ab11a0e15e465b989e526be17ca84
-  Company: Novell, Inc.
-  Copyright: (C) Copyright 2000-2014, Novell, Inc. All Rights Reserved.
-  CreationTimestamp: '2014-08-26 13:53:15'
-  Date: ''
-  Description: Novell Client Portability Layer
-  ExportedFunctions:
-  - DllGetClassObject
-  - XTCOM_Table
-  FileVersion: 3.1.11.0
-  Filename: ''
-  ImportedFunctions:
-  - RtlCopyUnicodeString
-  - RtlInitUnicodeString
-  - ExAllocatePoolWithTag
-  - ZwDeleteKey
-  - ZwEnumerateKey
-  - ZwEnumerateValueKey
-  - ZwOpenKey
-  - ZwQueryValueKey
-  - ZwSetValueKey
-  - memset
-  - _aulldvrm
-  - DbgPrintEx
-  - RtlUpcaseUnicodeString
-  - RtlFreeUnicodeString
-  - RtlAnsiStringToUnicodeString
-  - RtlOemStringToUnicodeString
-  - RtlFreeAnsiString
-  - RtlUnicodeStringToAnsiString
-  - RtlUnicodeStringToOemString
-  - DbgPrint
-  - RtlAppendUnicodeToString
-  - RtlCompareString
-  - RtlCompareUnicodeString
-  - RtlCopyString
-  - RtlEqualString
-  - RtlEqualUnicodeString
-  - RtlInitString
-  - RtlIntegerToUnicodeString
-  - RtlUnicodeStringToInteger
-  - KeGetCurrentThread
-  - KeLeaveCriticalRegion
-  - ExAcquireResourceSharedLite
-  - RtlAppendUnicodeStringToString
-  - ExAcquireResourceExclusiveLite
-  - KeInitializeMutex
-  - ExInitializeResourceLite
-  - KeSetEvent
-  - ExDeleteResourceLite
-  - ExIsResourceAcquiredSharedLite
-  - ExIsResourceAcquiredExclusiveLite
-  - ExReleaseResourceLite
-  - KeResetEvent
-  - KeWaitForMultipleObjects
-  - _allmul
-  - KeSetPriorityThread
-  - KeQuerySystemTime
-  - IoDeleteDevice
-  - IoCreateDevice
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - RtlCompareMemory
-  - memcpy
-  - memmove
-  - IoInitializeWorkItem
-  - IoAllocateWorkItem
-  - KeCancelTimer
-  - IoFreeWorkItem
-  - IoUninitializeWorkItem
-  - KeSetTimer
-  - KeDelayExecutionThread
-  - KeInitializeDpc
-  - KeInitializeTimer
-  - IoQueueWorkItem
-  - KeTickCount
-  - KeBugCheckEx
-  - ZwCreateKey
-  - ZwClose
-  - ExFreePoolWithTag
-  - KeWaitForSingleObject
-  - KeReleaseMutex
-  - KeEnterCriticalRegion
-  - KeInitializeEvent
-  - KfAcquireSpinLock
-  - KfReleaseSpinLock
-  - ExAcquireFastMutex
-  - ExReleaseFastMutex
-  - NicmCreateInstance
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  - nicm.sys
-  InternalName: ''
-  MD5: f44f6ec546850ceb796a2cb528928a91
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: NICM.SYS
-  PDBPath: ''
-  Product: Novell XTier
-  ProductVersion: 3.1.11
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 149b373eaaa6b9300573216ad5472a05
-    SHA1: 364c8ccdf1a4cdf3aa7b575a80f594852ada2198
-    SHA256: fc5c0859d1efbed8f3831036697d4e852ade24731e8e487550e3f618650d4efe
-  SHA1: d1ba4c95697a25ec265a3908acbff269e29e760c
-  SHA256: e728b259113d772b4e96466ab8fe18980f37c36f187b286361c852bd88101717
-  Sections:
-    .text:
-      Entropy: 6.377674698612541
-      Virtual Size: '0x5f39'
-    .rdata:
-      Entropy: 4.992703297266737
-      Virtual Size: '0x475'
-    .data:
-      Entropy: 3.2933421529227025
-      Virtual Size: '0x4a4'
-    .edata:
-      Entropy: 4.004052336782185
-      Virtual Size: '0x63'
-    INIT:
-      Entropy: 5.500633112750999
-      Virtual Size: '0x8a4'
-    .rsrc:
-      Entropy: 3.2826929736548087
-      Virtual Size: '0x360'
-    .reloc:
-      Entropy: 6.0982244391191385
-      Virtual Size: '0x606'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=Novell, Inc.
-      ValidFrom: '2013-03-05 00:00:00'
-      ValidTo: '2016-06-03 23:59:59'
-      Signature: dbb57cdba61b53b01c104cf3d4e6d31a0b127402fa3a5213dd686a48a858b7581868cb93fe789e249ef175deca865e2387ba579d8088691b5475c836d8c9fcafcca373a0d43c5a07029da9915827d5ca8fb80c0c676ce33f8f028e00d7a197b7ae7b0f726a1eed35d30591fffdbb14bd78c01c1d47cc18de85424fc81bbbbb1733498a35712ed119db159f3939fae462bcf5e2bde54b32c1cbe38a40f6389d5d849459a9401c4c0edeec46fe8dde11e184efb79298c1aa8f0a776e32be63d49b072d7f24c88eded44e6345e5df49a5592094278f8605402082896432b788f3bf1ea2e3912bc3c4bdaf6d609ee52d38fb25b9245441277b5ab7d70b0bda6fbfee
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 22184f284c89a9c053cd2b78b4189eea
-      Version: 3
-      TBS:
-        MD5: 5b1207ffffc0eff3784003d17b3e71a9
-        SHA1: 564b29bd3d1ae704393bf72a6e3e6931d3d4184d
-        SHA256: 2b9c106aae9a1675874a797c8571eb9fcec0a503ca4ddff69603321350fe3e68
-        SHA384: eac8e04313e7d424d650203026e3011abf7f02f40fecd7ab1a139aa229fabe40ac62b1f262780c4b27758214b08f7e87
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 22184f284c89a9c053cd2b78b4189eea
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 24c3d3be20e794c17844d030be03fd2f
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 16ad7e2dcc5d51f8d844c5817a3ada77
-    SHA1: 2871eec82d1c7ce329579dee37f610f6994eed1a
-    SHA256: 1e556fc49ab6caeb5b835abf683ff04a39f0e467ea5607187c8b2fcf2ca77314
-  Company: Novell, Inc.
-  Copyright: (C) Copyright 2000-2015, Novell, Inc. All Rights Reserved.
-  CreationTimestamp: '2015-09-26 07:20:29'
-  Date: ''
-  Description: Novell Client Portability Layer
-  ExportedFunctions:
-  - DllGetClassObject
-  - XTCOM_Table
-  FileVersion: 3.1.12.0
-  Filename: ''
-  ImportedFunctions:
-  - KeWaitForSingleObject
-  - ExAllocatePoolWithTag
-  - ZwCreateKey
-  - ExFreePoolWithTag
-  - ExReleaseFastMutex
-  - ExAcquireFastMutex
-  - RtlInitUnicodeString
-  - ZwSetValueKey
-  - ZwQueryValueKey
-  - ZwEnumerateValueKey
-  - ZwClose
-  - RtlAppendUnicodeStringToString
-  - RtlCopyUnicodeString
-  - ZwDeleteKey
-  - ZwEnumerateKey
-  - ZwOpenKey
-  - DbgPrintEx
-  - RtlUpcaseUnicodeString
-  - RtlAnsiStringToUnicodeString
-  - RtlUnicodeStringToAnsiString
-  - RtlUnicodeStringToOemString
-  - RtlFreeUnicodeString
-  - RtlOemStringToUnicodeString
-  - RtlFreeAnsiString
-  - DbgPrint
-  - KeReleaseSpinLock
-  - KeAcquireSpinLockRaiseToDpc
-  - RtlIntegerToUnicodeString
-  - RtlAppendUnicodeToString
-  - RtlInitString
-  - RtlEqualUnicodeString
-  - RtlCompareString
-  - RtlCopyString
-  - KeReleaseMutex
-  - RtlEqualString
-  - RtlUnicodeStringToInteger
-  - ExAcquireResourceExclusiveLite
-  - KeResetEvent
-  - KeInitializeMutex
-  - KeLeaveCriticalRegion
-  - KeSetEvent
-  - ExIsResourceAcquiredSharedLite
-  - ExIsResourceAcquiredExclusiveLite
-  - KeEnterCriticalRegion
-  - ExAcquireResourceSharedLite
-  - ExReleaseResourceLite
-  - ExDeleteResourceLite
-  - ExInitializeResourceLite
-  - KeWaitForMultipleObjects
-  - KeSetPriorityThread
-  - IoDeleteDevice
-  - IoCreateDevice
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - RtlCompareMemory
-  - IoUninitializeWorkItem
-  - IoFreeWorkItem
-  - KeInitializeDpc
-  - KeInitializeTimer
-  - KeDelayExecutionThread
-  - IoAllocateWorkItem
-  - KeSetTimer
-  - IoInitializeWorkItem
-  - IoQueueWorkItem
-  - KeCancelTimer
-  - KeBugCheckEx
-  - RtlCompareUnicodeString
-  - KeInitializeEvent
-  - NicmCreateInstance
-  Imports:
-  - ntoskrnl.exe
-  - nicm.sys
-  InternalName: ''
-  MD5: 91755cc5c3ccf97313dc2bece813b4d9
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: NICM.SYS
-  PDBPath: ''
-  Product: Novell XTier
-  ProductVersion: 3.1.12
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 69be7d6bc33a7ee9619315180123bd46
-    SHA1: 7ee6731a37901780d7908fc3fad4474835f832bf
-    SHA256: 14ccd7b6557e31d8e57079e70c05cb15da8336c7380554b9b40f44840989f524
-  SHA1: 7626036baf98ddcb492a8ec34e58c022ebd70a80
-  SHA256: c08581e3e444849729c5b956d0d6030080553d0bc6e5ae7e9a348d45617b9746
-  Sections:
-    .text:
-      Entropy: 6.2855065800689305
-      Virtual Size: '0x7b2f'
-    .rdata:
-      Entropy: 4.629576071481795
-      Virtual Size: '0x7bc'
-    .data:
-      Entropy: 2.3645507783558646
-      Virtual Size: '0x8c8'
-    .pdata:
-      Entropy: 4.3104861152515666
-      Virtual Size: '0x5dc'
-    .edata:
-      Entropy: 4.011677463066665
-      Virtual Size: '0x63'
-    INIT:
-      Entropy: 5.216888652235111
-      Virtual Size: '0x976'
-    .rsrc:
-      Entropy: 3.2874866188516565
-      Virtual Size: '0x360'
-    .reloc:
-      Entropy: 3.6567400216610486
-      Virtual Size: '0x160'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=Novell, Inc.
-      ValidFrom: '2013-03-05 00:00:00'
-      ValidTo: '2016-06-03 23:59:59'
-      Signature: dbb57cdba61b53b01c104cf3d4e6d31a0b127402fa3a5213dd686a48a858b7581868cb93fe789e249ef175deca865e2387ba579d8088691b5475c836d8c9fcafcca373a0d43c5a07029da9915827d5ca8fb80c0c676ce33f8f028e00d7a197b7ae7b0f726a1eed35d30591fffdbb14bd78c01c1d47cc18de85424fc81bbbbb1733498a35712ed119db159f3939fae462bcf5e2bde54b32c1cbe38a40f6389d5d849459a9401c4c0edeec46fe8dde11e184efb79298c1aa8f0a776e32be63d49b072d7f24c88eded44e6345e5df49a5592094278f8605402082896432b788f3bf1ea2e3912bc3c4bdaf6d609ee52d38fb25b9245441277b5ab7d70b0bda6fbfee
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 22184f284c89a9c053cd2b78b4189eea
-      Version: 3
-      TBS:
-        MD5: 5b1207ffffc0eff3784003d17b3e71a9
-        SHA1: 564b29bd3d1ae704393bf72a6e3e6931d3d4184d
-        SHA256: 2b9c106aae9a1675874a797c8571eb9fcec0a503ca4ddff69603321350fe3e68
-        SHA384: eac8e04313e7d424d650203026e3011abf7f02f40fecd7ab1a139aa229fabe40ac62b1f262780c4b27758214b08f7e87
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 22184f284c89a9c053cd2b78b4189eea
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 8ec78cf864273fd81203678b61c41f04
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 1c0d53f4b9788aab37c192d5dab8ac40
-    SHA1: 6202e85a712c45daa25dc706388e10d05b42a467
-    SHA256: 677ec2df835069678876defc3ef5ff73f463ad39e8466d76632d06f6a29a494f
-  Company: Novell, Inc.
-  Copyright: (C) Copyright 2000-2013, Novell, Inc. All Rights Reserved.
-  CreationTimestamp: '2013-12-18 02:18:54'
-  Date: ''
-  Description: Novell Client Portability Layer
-  ExportedFunctions:
-  - DllGetClassObject
-  - XTCOM_Table
-  FileVersion: 3.1.11.0
-  Filename: ''
-  ImportedFunctions:
-  - RtlCopyUnicodeString
-  - RtlInitUnicodeString
-  - ExAllocatePoolWithTag
-  - ZwDeleteKey
-  - ZwEnumerateKey
-  - ZwEnumerateValueKey
-  - ZwOpenKey
-  - ZwQueryValueKey
-  - ZwSetValueKey
-  - memset
-  - _aulldvrm
-  - DbgPrintEx
-  - RtlUpcaseUnicodeString
-  - RtlFreeUnicodeString
-  - RtlAnsiStringToUnicodeString
-  - RtlOemStringToUnicodeString
-  - RtlFreeAnsiString
-  - RtlUnicodeStringToAnsiString
-  - RtlUnicodeStringToOemString
-  - DbgPrint
-  - RtlAppendUnicodeToString
-  - RtlCompareString
-  - RtlCompareUnicodeString
-  - RtlCopyString
-  - RtlEqualString
-  - RtlEqualUnicodeString
-  - RtlInitString
-  - RtlIntegerToUnicodeString
-  - RtlUnicodeStringToInteger
-  - KeGetCurrentThread
-  - KeLeaveCriticalRegion
-  - ExAcquireResourceSharedLite
-  - RtlAppendUnicodeStringToString
-  - ExAcquireResourceExclusiveLite
-  - KeInitializeMutex
-  - ExInitializeResourceLite
-  - KeSetEvent
-  - ExDeleteResourceLite
-  - ExIsResourceAcquiredSharedLite
-  - ExIsResourceAcquiredExclusiveLite
-  - ExReleaseResourceLite
-  - KeResetEvent
-  - KeWaitForMultipleObjects
-  - _allmul
-  - KeSetPriorityThread
-  - KeQuerySystemTime
-  - IoDeleteDevice
-  - IoCreateDevice
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - RtlCompareMemory
-  - memcpy
-  - memmove
-  - IoInitializeWorkItem
-  - IoAllocateWorkItem
-  - KeCancelTimer
-  - IoFreeWorkItem
-  - IoUninitializeWorkItem
-  - KeSetTimer
-  - KeDelayExecutionThread
-  - KeInitializeDpc
-  - KeInitializeTimer
-  - IoQueueWorkItem
-  - KeTickCount
-  - KeBugCheckEx
-  - ZwCreateKey
-  - ZwClose
-  - ExFreePoolWithTag
-  - KeWaitForSingleObject
-  - KeReleaseMutex
-  - KeEnterCriticalRegion
-  - KeInitializeEvent
-  - KfAcquireSpinLock
-  - KfReleaseSpinLock
-  - ExAcquireFastMutex
-  - ExReleaseFastMutex
-  - NicmCreateInstance
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  - nicm.sys
-  InternalName: ''
-  MD5: a87689b1067edacc48fddf90020dee23
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: NICM.SYS
-  PDBPath: ''
-  Product: Novell XTier
-  ProductVersion: 3.1.11
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 149b373eaaa6b9300573216ad5472a05
-    SHA1: 364c8ccdf1a4cdf3aa7b575a80f594852ada2198
-    SHA256: fc5c0859d1efbed8f3831036697d4e852ade24731e8e487550e3f618650d4efe
-  SHA1: 1ecb7b9658eb819a80b8ebdaa2e69f0d84162622
-  SHA256: 8b688dd055ead2c915a139598c8db7962b42cb6e744eaacfcb338c093fc1f4e7
-  Sections:
-    .text:
-      Entropy: 6.377674698612541
-      Virtual Size: '0x5f39'
-    .rdata:
-      Entropy: 4.997766404942963
-      Virtual Size: '0x47b'
-    .data:
-      Entropy: 3.2933421529227025
-      Virtual Size: '0x4a4'
-    .edata:
-      Entropy: 4.031879483268685
-      Virtual Size: '0x63'
-    INIT:
-      Entropy: 5.500633112750999
-      Virtual Size: '0x8a4'
-    .rsrc:
-      Entropy: 3.2836822710764215
-      Virtual Size: '0x360'
-    .reloc:
-      Entropy: 6.0982244391191385
-      Virtual Size: '0x606'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=Novell, Inc.
-      ValidFrom: '2013-03-05 00:00:00'
-      ValidTo: '2016-06-03 23:59:59'
-      Signature: dbb57cdba61b53b01c104cf3d4e6d31a0b127402fa3a5213dd686a48a858b7581868cb93fe789e249ef175deca865e2387ba579d8088691b5475c836d8c9fcafcca373a0d43c5a07029da9915827d5ca8fb80c0c676ce33f8f028e00d7a197b7ae7b0f726a1eed35d30591fffdbb14bd78c01c1d47cc18de85424fc81bbbbb1733498a35712ed119db159f3939fae462bcf5e2bde54b32c1cbe38a40f6389d5d849459a9401c4c0edeec46fe8dde11e184efb79298c1aa8f0a776e32be63d49b072d7f24c88eded44e6345e5df49a5592094278f8605402082896432b788f3bf1ea2e3912bc3c4bdaf6d609ee52d38fb25b9245441277b5ab7d70b0bda6fbfee
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 22184f284c89a9c053cd2b78b4189eea
-      Version: 3
-      TBS:
-        MD5: 5b1207ffffc0eff3784003d17b3e71a9
-        SHA1: 564b29bd3d1ae704393bf72a6e3e6931d3d4184d
-        SHA256: 2b9c106aae9a1675874a797c8571eb9fcec0a503ca4ddff69603321350fe3e68
-        SHA384: eac8e04313e7d424d650203026e3011abf7f02f40fecd7ab1a139aa229fabe40ac62b1f262780c4b27758214b08f7e87
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 22184f284c89a9c053cd2b78b4189eea
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 24c3d3be20e794c17844d030be03fd2f
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 3e6b489741cdcae17a01ede87b89d875
-    SHA1: 231651011a36b45626a9c2245496225221887af7
-    SHA256: 75822137b0934c2146c789d9f6e52da4de4a191698b68819d6d4b0845bbc34ed
-  Company: Novell, Inc.
-  Copyright: (C) Copyright 2000-2015, Novell, Inc. All Rights Reserved.
-  CreationTimestamp: '2015-06-26 06:08:10'
-  Date: ''
-  Description: Novell Client Portability Layer
-  ExportedFunctions:
-  - DllGetClassObject
-  - XTCOM_Table
-  FileVersion: 3.1.12.0
-  Filename: ''
-  ImportedFunctions:
-  - RtlCopyUnicodeString
-  - RtlInitUnicodeString
-  - ExAllocatePoolWithTag
-  - ZwDeleteKey
-  - ZwEnumerateKey
-  - ZwEnumerateValueKey
-  - ZwOpenKey
-  - ZwQueryValueKey
-  - ZwSetValueKey
-  - memset
-  - _aulldvrm
-  - DbgPrintEx
-  - RtlUpcaseUnicodeString
-  - RtlFreeUnicodeString
-  - RtlAnsiStringToUnicodeString
-  - RtlOemStringToUnicodeString
-  - RtlFreeAnsiString
-  - RtlUnicodeStringToAnsiString
-  - RtlUnicodeStringToOemString
-  - DbgPrint
-  - RtlAppendUnicodeToString
-  - RtlCompareString
-  - RtlCompareUnicodeString
-  - RtlCopyString
-  - RtlEqualString
-  - RtlEqualUnicodeString
-  - RtlInitString
-  - RtlIntegerToUnicodeString
-  - RtlUnicodeStringToInteger
-  - KeGetCurrentThread
-  - KeLeaveCriticalRegion
-  - ExAcquireResourceSharedLite
-  - RtlAppendUnicodeStringToString
-  - ExAcquireResourceExclusiveLite
-  - KeInitializeMutex
-  - ExInitializeResourceLite
-  - KeSetEvent
-  - ExDeleteResourceLite
-  - ExIsResourceAcquiredSharedLite
-  - ExIsResourceAcquiredExclusiveLite
-  - ExReleaseResourceLite
-  - KeResetEvent
-  - KeWaitForMultipleObjects
-  - _allmul
-  - KeSetPriorityThread
-  - KeQuerySystemTime
-  - IoDeleteDevice
-  - IoCreateDevice
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - RtlCompareMemory
-  - memcpy
-  - memmove
-  - IoInitializeWorkItem
-  - IoAllocateWorkItem
-  - KeCancelTimer
-  - IoFreeWorkItem
-  - IoUninitializeWorkItem
-  - KeSetTimer
-  - KeDelayExecutionThread
-  - KeInitializeDpc
-  - KeInitializeTimer
-  - IoQueueWorkItem
-  - KeTickCount
-  - KeBugCheckEx
-  - ZwCreateKey
-  - ZwClose
-  - ExFreePoolWithTag
-  - KeWaitForSingleObject
-  - KeReleaseMutex
-  - KeEnterCriticalRegion
-  - KeInitializeEvent
-  - KfAcquireSpinLock
-  - KfReleaseSpinLock
-  - ExAcquireFastMutex
-  - ExReleaseFastMutex
-  - NicmCreateInstance
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  - nicm.sys
-  InternalName: ''
-  MD5: f30db62d02a69c36ccb01ac9d41dc085
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: NICM.SYS
-  PDBPath: ''
-  Product: Novell XTier
-  ProductVersion: 3.1.12
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 149b373eaaa6b9300573216ad5472a05
-    SHA1: 364c8ccdf1a4cdf3aa7b575a80f594852ada2198
-    SHA256: fc5c0859d1efbed8f3831036697d4e852ade24731e8e487550e3f618650d4efe
-  SHA1: 59c4960851af9240dded4173c4f823727af19512
-  SHA256: 00b3ff11585c2527b9e1c140fd57cb70b18fd0b775ec87e9646603056622a1fd
-  Sections:
-    .text:
-      Entropy: 6.38607433158685
-      Virtual Size: '0x5e6f'
-    .rdata:
-      Entropy: 4.992323797255079
-      Virtual Size: '0x477'
-    .data:
-      Entropy: 3.319059838952553
-      Virtual Size: '0x4a4'
-    .edata:
-      Entropy: 4.031879483268685
-      Virtual Size: '0x63'
-    INIT:
-      Entropy: 5.498844850579171
-      Virtual Size: '0x8a4'
-    .rsrc:
-      Entropy: 3.2874866188516565
-      Virtual Size: '0x360'
-    .reloc:
-      Entropy: 6.121413979677538
-      Virtual Size: '0x604'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=Novell, Inc.
-      ValidFrom: '2013-03-05 00:00:00'
-      ValidTo: '2016-06-03 23:59:59'
-      Signature: dbb57cdba61b53b01c104cf3d4e6d31a0b127402fa3a5213dd686a48a858b7581868cb93fe789e249ef175deca865e2387ba579d8088691b5475c836d8c9fcafcca373a0d43c5a07029da9915827d5ca8fb80c0c676ce33f8f028e00d7a197b7ae7b0f726a1eed35d30591fffdbb14bd78c01c1d47cc18de85424fc81bbbbb1733498a35712ed119db159f3939fae462bcf5e2bde54b32c1cbe38a40f6389d5d849459a9401c4c0edeec46fe8dde11e184efb79298c1aa8f0a776e32be63d49b072d7f24c88eded44e6345e5df49a5592094278f8605402082896432b788f3bf1ea2e3912bc3c4bdaf6d609ee52d38fb25b9245441277b5ab7d70b0bda6fbfee
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 22184f284c89a9c053cd2b78b4189eea
-      Version: 3
-      TBS:
-        MD5: 5b1207ffffc0eff3784003d17b3e71a9
-        SHA1: 564b29bd3d1ae704393bf72a6e3e6931d3d4184d
-        SHA256: 2b9c106aae9a1675874a797c8571eb9fcec0a503ca4ddff69603321350fe3e68
-        SHA384: eac8e04313e7d424d650203026e3011abf7f02f40fecd7ab1a139aa229fabe40ac62b1f262780c4b27758214b08f7e87
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 22184f284c89a9c053cd2b78b4189eea
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 24c3d3be20e794c17844d030be03fd2f
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: d79f773ee0e6eb9aa7d9859747fde271
-    SHA1: 16077b3894a11e1b4df8e959a7e0795bc0c7505a
-    SHA256: 8fca5b647af3f792898efc1bdc008745643b417282cdee13d4edf93a4a8308a0
-  Company: Novell, Inc.
-  Copyright: (C) Copyright 2000-2008, Novell, Inc. All Rights Reserved.
-  CreationTimestamp: '2009-12-18 07:21:00'
-  Date: ''
-  Description: Novell Client Portability Layer
-  ExportedFunctions:
-  - DllGetClassObject
-  - XTCOM_Table
-  FileVersion: 3.1.6.0
-  Filename: ''
-  ImportedFunctions:
-  - RtlCopyUnicodeString
-  - RtlInitUnicodeString
-  - ExAllocatePoolWithTag
-  - ZwDeleteKey
-  - ZwEnumerateKey
-  - ZwEnumerateValueKey
-  - ZwOpenKey
-  - ZwQueryValueKey
-  - ZwSetValueKey
-  - DbgBreakPoint
-  - memset
-  - _aulldvrm
-  - DbgPrintEx
-  - RtlUpcaseUnicodeString
-  - RtlFreeUnicodeString
-  - RtlAnsiStringToUnicodeString
-  - RtlOemStringToUnicodeString
-  - RtlFreeAnsiString
-  - RtlUnicodeStringToAnsiString
-  - RtlUnicodeStringToOemString
-  - DbgPrint
-  - RtlAppendUnicodeToString
-  - RtlCompareString
-  - RtlCompareUnicodeString
-  - RtlCopyString
-  - RtlEqualString
-  - RtlEqualUnicodeString
-  - RtlInitString
-  - RtlIntegerToUnicodeString
-  - RtlUnicodeStringToInteger
-  - KeLeaveCriticalRegion
-  - KeGetCurrentThread
-  - ExAcquireResourceSharedLite
-  - RtlAppendUnicodeStringToString
-  - ExAcquireResourceExclusiveLite
-  - KeInitializeMutex
-  - ExInitializeResourceLite
-  - KeSetEvent
-  - ExDeleteResourceLite
-  - ExIsResourceAcquiredSharedLite
-  - ExIsResourceAcquiredExclusiveLite
-  - ExReleaseResourceLite
-  - KeResetEvent
-  - KeWaitForMultipleObjects
-  - _allmul
-  - KeSetPriorityThread
-  - KeQuerySystemTime
-  - IoDeleteDevice
-  - IoCreateDevice
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - RtlCompareMemory
-  - memcpy
-  - memmove
-  - IoInitializeWorkItem
-  - IoAllocateWorkItem
-  - KeCancelTimer
-  - IoFreeWorkItem
-  - IoUninitializeWorkItem
-  - KeSetTimer
-  - KeDelayExecutionThread
-  - KeInitializeDpc
-  - KeInitializeTimer
-  - IoQueueWorkItem
-  - KeTickCount
-  - KeBugCheckEx
-  - ZwCreateKey
-  - ZwClose
-  - ExFreePoolWithTag
-  - KeWaitForSingleObject
-  - KeReleaseMutex
-  - KeEnterCriticalRegion
-  - KeInitializeEvent
-  - KfAcquireSpinLock
-  - KfReleaseSpinLock
-  - ExAcquireFastMutex
-  - ExReleaseFastMutex
-  - NicmCreateInstance
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  - nicm.sys
-  InternalName: ''
-  MD5: 0cd0fe9d16b62415b116686a2f414f8c
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: NICM.SYS
-  PDBPath: ''
-  Product: Novell XTier
-  ProductVersion: 3.1.6
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 9a271840015f5068d0bd867da9c79669
-    SHA1: e758d2f4525ea5880a0cd08f8f0032d89b4bd4e7
-    SHA256: d5afe68d99aac43ff5850dd37b3184bed8f8f14e681b622515121d8000b4fbbb
-  SHA1: e606282505af817698206672db632332e8c3d3ff
-  SHA256: 1c2f1e2b0cc4da128feb73a6b9dd040df8495fefe861d69c9f44778c6ddb9b9b
-  Sections:
-    .text:
-      Entropy: 6.380228257440719
-      Virtual Size: '0x5f2d'
-    .rdata:
-      Entropy: 4.956205990239857
-      Virtual Size: '0x48b'
-    .data:
-      Entropy: 3.286914336177474
-      Virtual Size: '0x4a4'
-    .edata:
-      Entropy: 4.031879483268685
-      Virtual Size: '0x63'
-    INIT:
-      Entropy: 5.486682664178041
-      Virtual Size: '0x8b0'
-    .rsrc:
-      Entropy: 3.285837261243419
-      Virtual Size: '0x358'
-    .reloc:
-      Entropy: 6.153392798668095
-      Virtual Size: '0x600'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, OU=Novell Products Group, CN=Novell, Inc.
-      ValidFrom: '2007-04-04 00:00:00'
-      ValidTo: '2010-04-27 23:59:59'
-      Signature: 267f71f6ee43755fd6395f85c34bb15a72a6f2a959c2074627d294395fb1aaa4c7bbeff369d735628b233bde7e5c95a0f1837e5ad03704270834ce9c1b07649a256027930f44e064568666b06e7f9dc3cd299b38b0a6766301200ab58434a05a34a369ab99bbbf2aaa6b3603481e0393a80ea09e78a7cf55317a9590c49887f02e1fd948c3b1f6d203e91782ce423d0569f45e7f074205df5f92be6ccd9836641439af4390022242e0ca84aedb0d71c5a50f2dbd1ed30e5ac9c1bda67c694f94f2fe4aa83945ed32e426afe26f44dcb6dcc8186728f86f1a1bddc1ea7dd82b76578a42d1e63bf5f8f348fbcd509094858978e375d277394529df1dd5d78abab2
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 4808d93b14b8600dbfa18dab5d15310f
-      Version: 3
-      TBS:
-        MD5: adddb65a3a360b3c1a55cb33e426f32a
-        SHA1: 93d9b282265288a94ee4f1a01c5fb3a08badb7ac
-        SHA256: d98d63f26125a94eb767fdd2526f6c74bfb40cb4d117a1d87ca3ed0d99bd6f0b
-        SHA384: cf20d9d6343b52b05ebaeace8a75ad950089e2d55508571cf5b153583fdf2d7b11bc61b8f38bfa70f09b2e7ac63d9ef5
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 4808d93b14b8600dbfa18dab5d15310f
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  Imphash: 0e4f5481813eeec4e5dd96e36020135f
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 550070ba1cc4ceefec2641c34e562615
-    SHA1: b3adf811059eaac7549c2cce862b9db7b8d9cdbd
-    SHA256: f2cf5653792f32013c6bf8afb2217953708c7040e248ee7a48543e78097c4512
-  Company: Novell, Inc.
-  Copyright: (C) Copyright 2000-2012, Novell, Inc. All Rights Reserved.
-  CreationTimestamp: '2012-03-18 19:27:51'
-  Date: ''
-  Description: Novell Client Portability Layer
-  ExportedFunctions:
-  - DllGetClassObject
-  - XTCOM_Table
-  FileVersion: 3.1.10.0
-  Filename: ''
-  ImportedFunctions:
-  - RtlCopyUnicodeString
-  - RtlInitUnicodeString
-  - ExAllocatePoolWithTag
-  - ZwDeleteKey
-  - ZwEnumerateKey
-  - ZwEnumerateValueKey
-  - ZwOpenKey
-  - ZwQueryValueKey
-  - ZwSetValueKey
-  - memset
-  - _aulldvrm
-  - DbgPrintEx
-  - RtlUpcaseUnicodeString
-  - RtlFreeUnicodeString
-  - RtlAnsiStringToUnicodeString
-  - RtlOemStringToUnicodeString
-  - RtlFreeAnsiString
-  - RtlUnicodeStringToAnsiString
-  - RtlUnicodeStringToOemString
-  - DbgPrint
-  - RtlAppendUnicodeToString
-  - RtlCompareString
-  - RtlCompareUnicodeString
-  - RtlCopyString
-  - RtlEqualString
-  - RtlEqualUnicodeString
-  - RtlInitString
-  - RtlIntegerToUnicodeString
-  - RtlUnicodeStringToInteger
-  - KeGetCurrentThread
-  - KeLeaveCriticalRegion
-  - ExAcquireResourceSharedLite
-  - RtlAppendUnicodeStringToString
-  - ExAcquireResourceExclusiveLite
-  - KeInitializeMutex
-  - ExInitializeResourceLite
-  - KeSetEvent
-  - ExDeleteResourceLite
-  - ExIsResourceAcquiredSharedLite
-  - ExIsResourceAcquiredExclusiveLite
-  - ExReleaseResourceLite
-  - KeResetEvent
-  - KeWaitForMultipleObjects
-  - _allmul
-  - KeSetPriorityThread
-  - KeQuerySystemTime
-  - IoDeleteDevice
-  - IoCreateDevice
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - RtlCompareMemory
-  - memcpy
-  - memmove
-  - IoInitializeWorkItem
-  - IoAllocateWorkItem
-  - KeCancelTimer
-  - IoFreeWorkItem
-  - IoUninitializeWorkItem
-  - KeSetTimer
-  - KeDelayExecutionThread
-  - KeInitializeDpc
-  - KeInitializeTimer
-  - IoQueueWorkItem
-  - KeTickCount
-  - KeBugCheckEx
-  - ZwCreateKey
-  - ZwClose
-  - ExFreePoolWithTag
-  - KeWaitForSingleObject
-  - KeReleaseMutex
-  - KeEnterCriticalRegion
-  - KeInitializeEvent
-  - KfAcquireSpinLock
-  - KfReleaseSpinLock
-  - ExAcquireFastMutex
-  - ExReleaseFastMutex
-  - NicmCreateInstance
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  - nicm.sys
-  InternalName: ''
-  MD5: f544f9925cab71786e57241c10e08633
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: NICM.SYS
-  PDBPath: ''
-  Product: Novell XTier
-  ProductVersion: 3.1.10
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 149b373eaaa6b9300573216ad5472a05
-    SHA1: 364c8ccdf1a4cdf3aa7b575a80f594852ada2198
-    SHA256: fc5c0859d1efbed8f3831036697d4e852ade24731e8e487550e3f618650d4efe
-  SHA1: 40dba13a059679401fcaf7d4dbe80db03c9d265c
-  SHA256: 76276c87617b836dd6f31b73d2bb0e756d4b3d133bddfe169cb4225124ca6bfb
-  Sections:
-    .text:
-      Entropy: 6.377738293670074
-      Virtual Size: '0x5f2d'
-    .rdata:
-      Entropy: 4.981661559248988
-      Virtual Size: '0x474'
-    .data:
-      Entropy: 3.300874018242627
-      Virtual Size: '0x4a4'
-    .edata:
-      Entropy: 4.004052336782185
-      Virtual Size: '0x63'
-    INIT:
-      Entropy: 5.500070222833352
-      Virtual Size: '0x8a4'
-    .rsrc:
-      Entropy: 3.2809770259556617
-      Virtual Size: '0x360'
-    .reloc:
-      Entropy: 6.098446944342447
-      Virtual Size: '0x606'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, OU=Novell Products Group, CN=Novell, Inc.
-      ValidFrom: '2010-04-03 00:00:00'
-      ValidTo: '2013-04-26 23:59:59'
-      Signature: 2d2eec4636a0c1f359ef30a107e6c2301ad12c09ab9fdac02211aaef81323d1daee3a14a150bf9f4c7d0d788d5f486ea75e40abeb502a2267171be53030fe7614af7a2015eabd4c26e887ec9220beb3666fc68158d2b8dd659e3fe55245821c10e37ddeebac63eb1848512c64a543a13ba6735b156c6dc13395890e8003e03e7c2613e2c1de1dfadfe072cd7655e3b4166fe973233b4f81ecf810541382d67c92f29d76e220543a7179b606011b932cee250f99f260b29e79236cec10b67e0e0e48cb74593a7ce2e3cfafb6c58ac7ae5c10a591037c380b5f7516cac8f4ec695b020ca2445cb9bf97eb56c09d4a62618871b482ef97c5894349e10f62e2ee68b
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 41ec87c0295f2c734169b8a23c66ac9a
-      Version: 3
-      TBS:
-        MD5: b1504f143b89a6080710bafcededb833
-        SHA1: 5c2696893ebba1e81d918a4fadda143c25c77286
-        SHA256: ae1dc09d08e93ace95fe203adfbfadcd4c029529d3f99ab381c368064b58d9a0
-        SHA384: 18c6db711578cfcd4bce87c63d053e242c7c196efc892c2d4a8733cb75bb7dc3cac3f702e0e1d4b7fa2c590acb53fdee
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 41ec87c0295f2c734169b8a23c66ac9a
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  Imphash: 24c3d3be20e794c17844d030be03fd2f
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 18eec5455bfbebf459329a19b4ea57ba
-    SHA1: 5c95416bf48f3a90950900480ca4c8781405d5f1
-    SHA256: 00e341c11664a6330122830344bce02aab886143bcaf8f642ab8abc57d80f1e3
-  Company: Novell, Inc.
-  Copyright: (C) Copyright 2000-2015, Novell, Inc. All Rights Reserved.
-  CreationTimestamp: '2015-09-26 07:20:40'
-  Date: ''
-  Description: Novell Client Portability Layer
-  ExportedFunctions:
-  - DllGetClassObject
-  - XTCOM_Table
-  FileVersion: 3.1.12.0
-  Filename: ''
-  ImportedFunctions:
-  - RtlCopyUnicodeString
-  - RtlInitUnicodeString
-  - ExAllocatePoolWithTag
-  - ZwDeleteKey
-  - ZwEnumerateKey
-  - ZwEnumerateValueKey
-  - ZwOpenKey
-  - ZwQueryValueKey
-  - ZwSetValueKey
-  - memset
-  - _aulldvrm
-  - DbgPrintEx
-  - RtlUpcaseUnicodeString
-  - RtlFreeUnicodeString
-  - RtlAnsiStringToUnicodeString
-  - RtlOemStringToUnicodeString
-  - RtlFreeAnsiString
-  - RtlUnicodeStringToAnsiString
-  - RtlUnicodeStringToOemString
-  - DbgPrint
-  - RtlAppendUnicodeToString
-  - RtlCompareString
-  - RtlCompareUnicodeString
-  - RtlCopyString
-  - RtlEqualString
-  - RtlEqualUnicodeString
-  - RtlInitString
-  - RtlIntegerToUnicodeString
-  - RtlUnicodeStringToInteger
-  - KeGetCurrentThread
-  - KeLeaveCriticalRegion
-  - ExAcquireResourceSharedLite
-  - RtlAppendUnicodeStringToString
-  - ExAcquireResourceExclusiveLite
-  - KeInitializeMutex
-  - ExInitializeResourceLite
-  - KeSetEvent
-  - ExDeleteResourceLite
-  - ExIsResourceAcquiredSharedLite
-  - ExIsResourceAcquiredExclusiveLite
-  - ExReleaseResourceLite
-  - KeResetEvent
-  - KeWaitForMultipleObjects
-  - _allmul
-  - KeSetPriorityThread
-  - KeQuerySystemTime
-  - IoDeleteDevice
-  - IoCreateDevice
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - RtlCompareMemory
-  - memcpy
-  - memmove
-  - IoInitializeWorkItem
-  - IoAllocateWorkItem
-  - KeCancelTimer
-  - IoFreeWorkItem
-  - IoUninitializeWorkItem
-  - KeSetTimer
-  - KeDelayExecutionThread
-  - KeInitializeDpc
-  - KeInitializeTimer
-  - IoQueueWorkItem
-  - KeTickCount
-  - KeBugCheckEx
-  - ZwCreateKey
-  - ZwClose
-  - ExFreePoolWithTag
-  - KeWaitForSingleObject
-  - KeReleaseMutex
-  - KeEnterCriticalRegion
-  - KeInitializeEvent
-  - KfAcquireSpinLock
-  - KfReleaseSpinLock
-  - ExAcquireFastMutex
-  - ExReleaseFastMutex
-  - NicmCreateInstance
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  - nicm.sys
-  InternalName: ''
-  MD5: e4ff4edce076f21f5f8d082a62c9db8b
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: NICM.SYS
-  PDBPath: ''
-  Product: Novell XTier
-  ProductVersion: 3.1.12
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 149b373eaaa6b9300573216ad5472a05
-    SHA1: 364c8ccdf1a4cdf3aa7b575a80f594852ada2198
-    SHA256: fc5c0859d1efbed8f3831036697d4e852ade24731e8e487550e3f618650d4efe
-  SHA1: 7480c7f7346ce1f86a7429d9728235f03a11f227
-  SHA256: 94c226a530dd3cd8d911901f702f3dab8200d1d4fdc73fcb269f7001f4e66915
-  Sections:
-    .text:
-      Entropy: 6.38607433158685
-      Virtual Size: '0x5e6f'
-    .rdata:
-      Entropy: 4.962365925240589
-      Virtual Size: '0x471'
-    .data:
-      Entropy: 3.319059838952553
-      Virtual Size: '0x4a4'
-    .edata:
-      Entropy: 4.031879483268685
-      Virtual Size: '0x63'
-    INIT:
-      Entropy: 5.498844850579171
-      Virtual Size: '0x8a4'
-    .rsrc:
-      Entropy: 3.2874866188516565
-      Virtual Size: '0x360'
-    .reloc:
-      Entropy: 6.121413979677538
-      Virtual Size: '0x604'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=Novell, Inc.
-      ValidFrom: '2013-03-05 00:00:00'
-      ValidTo: '2016-06-03 23:59:59'
-      Signature: dbb57cdba61b53b01c104cf3d4e6d31a0b127402fa3a5213dd686a48a858b7581868cb93fe789e249ef175deca865e2387ba579d8088691b5475c836d8c9fcafcca373a0d43c5a07029da9915827d5ca8fb80c0c676ce33f8f028e00d7a197b7ae7b0f726a1eed35d30591fffdbb14bd78c01c1d47cc18de85424fc81bbbbb1733498a35712ed119db159f3939fae462bcf5e2bde54b32c1cbe38a40f6389d5d849459a9401c4c0edeec46fe8dde11e184efb79298c1aa8f0a776e32be63d49b072d7f24c88eded44e6345e5df49a5592094278f8605402082896432b788f3bf1ea2e3912bc3c4bdaf6d609ee52d38fb25b9245441277b5ab7d70b0bda6fbfee
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 22184f284c89a9c053cd2b78b4189eea
-      Version: 3
-      TBS:
-        MD5: 5b1207ffffc0eff3784003d17b3e71a9
-        SHA1: 564b29bd3d1ae704393bf72a6e3e6931d3d4184d
-        SHA256: 2b9c106aae9a1675874a797c8571eb9fcec0a503ca4ddff69603321350fe3e68
-        SHA384: eac8e04313e7d424d650203026e3011abf7f02f40fecd7ab1a139aa229fabe40ac62b1f262780c4b27758214b08f7e87
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 22184f284c89a9c053cd2b78b4189eea
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 24c3d3be20e794c17844d030be03fd2f
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 4acd0e96aa76c12056afd12ef9dc9921
-    SHA1: 961cf1db80588039ede3e8ee66cd2efe915f9212
-    SHA256: b40db5bb6a76ca9aed98366dc19f0c31c50b3f0ac96e0f615e4c52abb6bb0cde
-  Company: Novell, Inc.
-  Copyright: (C) Copyright 2000-2014, Novell, Inc. All Rights Reserved.
-  CreationTimestamp: '2014-08-26 13:53:03'
-  Date: ''
-  Description: Novell Client Portability Layer
-  ExportedFunctions:
-  - DllGetClassObject
-  - XTCOM_Table
-  FileVersion: 3.1.11.0
-  Filename: ''
-  ImportedFunctions:
-  - KeWaitForSingleObject
-  - ExAllocatePoolWithTag
-  - ZwCreateKey
-  - ExFreePoolWithTag
-  - ExReleaseFastMutex
-  - ExAcquireFastMutex
-  - RtlInitUnicodeString
-  - ZwSetValueKey
-  - ZwQueryValueKey
-  - ZwEnumerateValueKey
-  - ZwClose
-  - RtlAppendUnicodeStringToString
-  - RtlCopyUnicodeString
-  - ZwDeleteKey
-  - ZwEnumerateKey
-  - ZwOpenKey
-  - DbgPrintEx
-  - RtlUpcaseUnicodeString
-  - RtlAnsiStringToUnicodeString
-  - RtlUnicodeStringToAnsiString
-  - RtlUnicodeStringToOemString
-  - RtlFreeUnicodeString
-  - RtlOemStringToUnicodeString
-  - RtlFreeAnsiString
-  - DbgPrint
-  - KeReleaseSpinLock
-  - KeAcquireSpinLockRaiseToDpc
-  - RtlIntegerToUnicodeString
-  - RtlAppendUnicodeToString
-  - RtlInitString
-  - RtlEqualUnicodeString
-  - RtlCompareString
-  - RtlCopyString
-  - KeReleaseMutex
-  - RtlEqualString
-  - RtlUnicodeStringToInteger
-  - ExAcquireResourceExclusiveLite
-  - KeResetEvent
-  - KeInitializeMutex
-  - KeLeaveCriticalRegion
-  - KeSetEvent
-  - ExIsResourceAcquiredSharedLite
-  - ExIsResourceAcquiredExclusiveLite
-  - KeEnterCriticalRegion
-  - ExAcquireResourceSharedLite
-  - ExReleaseResourceLite
-  - ExDeleteResourceLite
-  - ExInitializeResourceLite
-  - KeWaitForMultipleObjects
-  - KeSetPriorityThread
-  - IoDeleteDevice
-  - IoCreateDevice
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - RtlCompareMemory
-  - IoUninitializeWorkItem
-  - IoFreeWorkItem
-  - KeInitializeDpc
-  - KeInitializeTimer
-  - KeDelayExecutionThread
-  - IoAllocateWorkItem
-  - KeSetTimer
-  - IoInitializeWorkItem
-  - IoQueueWorkItem
-  - KeCancelTimer
-  - KeBugCheckEx
-  - RtlCompareUnicodeString
-  - KeInitializeEvent
-  - NicmCreateInstance
-  Imports:
-  - ntoskrnl.exe
-  - nicm.sys
-  InternalName: ''
-  MD5: a926b64be7c27ccb96e687a3924de298
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: NICM.SYS
-  PDBPath: ''
-  Product: Novell XTier
-  ProductVersion: 3.1.11
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 69be7d6bc33a7ee9619315180123bd46
-    SHA1: 7ee6731a37901780d7908fc3fad4474835f832bf
-    SHA256: 14ccd7b6557e31d8e57079e70c05cb15da8336c7380554b9b40f44840989f524
-  SHA1: 9dbd255ee29be0e552f7f5f30d6ffb97e6cd0b0d
-  SHA256: 4c859b3d11d2ff0049b644a19f3a316a8ca1a4995aa9c39991a7bde8d4f426a4
-  Sections:
-    .text:
-      Entropy: 6.281334414628288
-      Virtual Size: '0x7bff'
-    .rdata:
-      Entropy: 4.674579980679391
-      Virtual Size: '0x7d4'
-    .data:
-      Entropy: 2.359742947837992
-      Virtual Size: '0x8c8'
-    .pdata:
-      Entropy: 4.365737042025572
-      Virtual Size: '0x5d0'
-    .edata:
-      Entropy: 3.9838503165801646
-      Virtual Size: '0x63'
-    INIT:
-      Entropy: 5.216062888403568
-      Virtual Size: '0x976'
-    .rsrc:
-      Entropy: 3.2826929736548087
-      Virtual Size: '0x360'
-    .reloc:
-      Entropy: 3.6567400216610486
-      Virtual Size: '0x160'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=Novell, Inc.
-      ValidFrom: '2013-03-05 00:00:00'
-      ValidTo: '2016-06-03 23:59:59'
-      Signature: dbb57cdba61b53b01c104cf3d4e6d31a0b127402fa3a5213dd686a48a858b7581868cb93fe789e249ef175deca865e2387ba579d8088691b5475c836d8c9fcafcca373a0d43c5a07029da9915827d5ca8fb80c0c676ce33f8f028e00d7a197b7ae7b0f726a1eed35d30591fffdbb14bd78c01c1d47cc18de85424fc81bbbbb1733498a35712ed119db159f3939fae462bcf5e2bde54b32c1cbe38a40f6389d5d849459a9401c4c0edeec46fe8dde11e184efb79298c1aa8f0a776e32be63d49b072d7f24c88eded44e6345e5df49a5592094278f8605402082896432b788f3bf1ea2e3912bc3c4bdaf6d609ee52d38fb25b9245441277b5ab7d70b0bda6fbfee
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 22184f284c89a9c053cd2b78b4189eea
-      Version: 3
-      TBS:
-        MD5: 5b1207ffffc0eff3784003d17b3e71a9
-        SHA1: 564b29bd3d1ae704393bf72a6e3e6931d3d4184d
-        SHA256: 2b9c106aae9a1675874a797c8571eb9fcec0a503ca4ddff69603321350fe3e68
-        SHA384: eac8e04313e7d424d650203026e3011abf7f02f40fecd7ab1a139aa229fabe40ac62b1f262780c4b27758214b08f7e87
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 22184f284c89a9c053cd2b78b4189eea
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 8ec78cf864273fd81203678b61c41f04
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: e10e33b01f0b4a6c8ff0717b07801600
-    SHA1: 9cb2ec59f9d2186643b7e2c52e0dc0c17646b04b
-    SHA256: 16e924aa8ced646c2ee99602b523f511ea386b78ed78a3d265a560fb64e88ee3
-  Company: Novell, Inc.
-  Copyright: (C) Copyright 2000-2012, Novell, Inc. All Rights Reserved.
-  CreationTimestamp: '2012-03-18 19:30:18'
-  Date: ''
-  Description: Novell Client Portability Layer
-  ExportedFunctions:
-  - DllGetClassObject
-  - XTCOM_Table
-  FileVersion: 3.1.10.0
-  Filename: ''
-  ImportedFunctions:
-  - KeWaitForSingleObject
-  - ExAllocatePoolWithTag
-  - ZwCreateKey
-  - ExFreePoolWithTag
-  - ExReleaseFastMutex
-  - ExAcquireFastMutex
-  - RtlInitUnicodeString
-  - ZwSetValueKey
-  - ZwQueryValueKey
-  - ZwEnumerateValueKey
-  - ZwClose
-  - RtlAppendUnicodeStringToString
-  - RtlCopyUnicodeString
-  - ZwDeleteKey
-  - ZwEnumerateKey
-  - ZwOpenKey
-  - DbgPrintEx
-  - RtlUpcaseUnicodeString
-  - RtlAnsiStringToUnicodeString
-  - RtlUnicodeStringToAnsiString
-  - RtlUnicodeStringToOemString
-  - RtlFreeUnicodeString
-  - RtlOemStringToUnicodeString
-  - RtlFreeAnsiString
-  - DbgPrint
-  - KeReleaseSpinLock
-  - KeAcquireSpinLockRaiseToDpc
-  - RtlIntegerToUnicodeString
-  - RtlAppendUnicodeToString
-  - RtlInitString
-  - RtlEqualUnicodeString
-  - RtlCompareString
-  - RtlCopyString
-  - KeReleaseMutex
-  - RtlEqualString
-  - RtlUnicodeStringToInteger
-  - ExAcquireResourceExclusiveLite
-  - KeResetEvent
-  - KeInitializeMutex
-  - KeLeaveCriticalRegion
-  - KeSetEvent
-  - ExIsResourceAcquiredSharedLite
-  - ExIsResourceAcquiredExclusiveLite
-  - KeEnterCriticalRegion
-  - ExAcquireResourceSharedLite
-  - ExReleaseResourceLite
-  - ExDeleteResourceLite
-  - ExInitializeResourceLite
-  - KeWaitForMultipleObjects
-  - KeSetPriorityThread
-  - IoDeleteDevice
-  - IoCreateDevice
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - RtlCompareMemory
-  - IoUninitializeWorkItem
-  - IoFreeWorkItem
-  - KeInitializeDpc
-  - KeInitializeTimer
-  - KeDelayExecutionThread
-  - IoAllocateWorkItem
-  - KeSetTimer
-  - IoInitializeWorkItem
-  - IoQueueWorkItem
-  - KeCancelTimer
-  - KeBugCheckEx
-  - RtlCompareUnicodeString
-  - KeInitializeEvent
-  - NicmCreateInstance
-  Imports:
-  - ntoskrnl.exe
-  - nicm.sys
-  InternalName: ''
-  MD5: 0eb3dfeffb49d32310d96f3aa3e8ca61
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: NICM.SYS
-  PDBPath: ''
-  Product: Novell XTier
-  ProductVersion: 3.1.10
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 69be7d6bc33a7ee9619315180123bd46
-    SHA1: 7ee6731a37901780d7908fc3fad4474835f832bf
-    SHA256: 14ccd7b6557e31d8e57079e70c05cb15da8336c7380554b9b40f44840989f524
-  SHA1: 36397c6879978223ba52acd97da99e8067ab7f05
-  SHA256: 1e9c236ed39507661ec32731033c4a9b9c97a6221def69200e03685c08e0bfa7
-  Sections:
-    .text:
-      Entropy: 6.282178701948502
-      Virtual Size: '0x7bef'
-    .rdata:
-      Entropy: 4.6688420404819855
-      Virtual Size: '0x7d4'
-    .data:
-      Entropy: 2.3749984963543618
-      Virtual Size: '0x8c8'
-    .pdata:
-      Entropy: 4.377248900011093
-      Virtual Size: '0x5d0'
-    .edata:
-      Entropy: 3.9636482963781448
-      Virtual Size: '0x63'
-    INIT:
-      Entropy: 5.215237124572024
-      Virtual Size: '0x976'
-    .rsrc:
-      Entropy: 3.2809770259556617
-      Virtual Size: '0x360'
-    .reloc:
-      Entropy: 3.6567400216610486
-      Virtual Size: '0x160'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, OU=Novell Products Group, CN=Novell, Inc.
-      ValidFrom: '2010-04-03 00:00:00'
-      ValidTo: '2013-04-26 23:59:59'
-      Signature: 2d2eec4636a0c1f359ef30a107e6c2301ad12c09ab9fdac02211aaef81323d1daee3a14a150bf9f4c7d0d788d5f486ea75e40abeb502a2267171be53030fe7614af7a2015eabd4c26e887ec9220beb3666fc68158d2b8dd659e3fe55245821c10e37ddeebac63eb1848512c64a543a13ba6735b156c6dc13395890e8003e03e7c2613e2c1de1dfadfe072cd7655e3b4166fe973233b4f81ecf810541382d67c92f29d76e220543a7179b606011b932cee250f99f260b29e79236cec10b67e0e0e48cb74593a7ce2e3cfafb6c58ac7ae5c10a591037c380b5f7516cac8f4ec695b020ca2445cb9bf97eb56c09d4a62618871b482ef97c5894349e10f62e2ee68b
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 41ec87c0295f2c734169b8a23c66ac9a
-      Version: 3
-      TBS:
-        MD5: b1504f143b89a6080710bafcededb833
-        SHA1: 5c2696893ebba1e81d918a4fadda143c25c77286
-        SHA256: ae1dc09d08e93ace95fe203adfbfadcd4c029529d3f99ab381c368064b58d9a0
-        SHA384: 18c6db711578cfcd4bce87c63d053e242c7c196efc892c2d4a8733cb75bb7dc3cac3f702e0e1d4b7fa2c590acb53fdee
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 41ec87c0295f2c734169b8a23c66ac9a
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  Imphash: 8ec78cf864273fd81203678b61c41f04
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 84acbd4402cbc982e115a6ed21b3364d
-    SHA1: ca3b0d9947aa3815ae10464b798de78ec76b5651
-    SHA256: 516e39dcf7480de4bb86727321c099605a34a54f1d5b3a4aa6dc4bcf260274c9
-  Company: Novell, Inc.
-  Copyright: (C) Copyright 2000-2014, Novell, Inc. All Rights Reserved.
-  CreationTimestamp: '2014-11-18 01:06:16'
-  Date: ''
-  Description: Novell Client Portability Layer
-  ExportedFunctions:
-  - DllGetClassObject
-  - XTCOM_Table
-  FileVersion: 3.1.11.0
-  Filename: ''
-  ImportedFunctions:
-  - KeWaitForSingleObject
-  - ExAllocatePoolWithTag
-  - ZwCreateKey
-  - ExFreePoolWithTag
-  - ExReleaseFastMutex
-  - ExAcquireFastMutex
-  - RtlInitUnicodeString
-  - ZwSetValueKey
-  - ZwQueryValueKey
-  - ZwEnumerateValueKey
-  - ZwClose
-  - RtlAppendUnicodeStringToString
-  - RtlCopyUnicodeString
-  - ZwDeleteKey
-  - ZwEnumerateKey
-  - ZwOpenKey
-  - DbgPrintEx
-  - RtlUpcaseUnicodeString
-  - RtlAnsiStringToUnicodeString
-  - RtlUnicodeStringToAnsiString
-  - RtlUnicodeStringToOemString
-  - RtlFreeUnicodeString
-  - RtlOemStringToUnicodeString
-  - RtlFreeAnsiString
-  - DbgPrint
-  - KeReleaseSpinLock
-  - KeAcquireSpinLockRaiseToDpc
-  - RtlIntegerToUnicodeString
-  - RtlAppendUnicodeToString
-  - RtlInitString
-  - RtlEqualUnicodeString
-  - RtlCompareString
-  - RtlCopyString
-  - KeReleaseMutex
-  - RtlEqualString
-  - RtlUnicodeStringToInteger
-  - ExAcquireResourceExclusiveLite
-  - KeResetEvent
-  - KeInitializeMutex
-  - KeLeaveCriticalRegion
-  - KeSetEvent
-  - ExIsResourceAcquiredSharedLite
-  - ExIsResourceAcquiredExclusiveLite
-  - KeEnterCriticalRegion
-  - ExAcquireResourceSharedLite
-  - ExReleaseResourceLite
-  - ExDeleteResourceLite
-  - ExInitializeResourceLite
-  - KeWaitForMultipleObjects
-  - KeSetPriorityThread
-  - IoDeleteDevice
-  - IoCreateDevice
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - RtlCompareMemory
-  - IoUninitializeWorkItem
-  - IoFreeWorkItem
-  - KeInitializeDpc
-  - KeInitializeTimer
-  - KeDelayExecutionThread
-  - IoAllocateWorkItem
-  - KeSetTimer
-  - IoInitializeWorkItem
-  - IoQueueWorkItem
-  - KeCancelTimer
-  - KeBugCheckEx
-  - RtlCompareUnicodeString
-  - KeInitializeEvent
-  - NicmCreateInstance
-  Imports:
-  - ntoskrnl.exe
-  - nicm.sys
-  InternalName: ''
-  MD5: 79bfbeb4e8cfdd0cb1d73612360bd811
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: NICM.SYS
-  PDBPath: ''
-  Product: Novell XTier
-  ProductVersion: 3.1.11
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 69be7d6bc33a7ee9619315180123bd46
-    SHA1: 7ee6731a37901780d7908fc3fad4474835f832bf
-    SHA256: 14ccd7b6557e31d8e57079e70c05cb15da8336c7380554b9b40f44840989f524
-  SHA1: 30e7258a5816a6db19cdda2b2603a8c3276f05c2
-  SHA256: a15325e9e6b8e4192291deb56c20c558dde3f96eb682c6e90952844edb984a00
-  Sections:
-    .text:
-      Entropy: 6.281334414628288
-      Virtual Size: '0x7bff'
-    .rdata:
-      Entropy: 4.694071484121772
-      Virtual Size: '0x7dc'
-    .data:
-      Entropy: 2.359742947837992
-      Virtual Size: '0x8c8'
-    .pdata:
-      Entropy: 4.362884798409598
-      Virtual Size: '0x5d0'
-    .edata:
-      Entropy: 3.9636482963781448
-      Virtual Size: '0x63'
-    INIT:
-      Entropy: 5.216062888403568
-      Virtual Size: '0x976'
-    .rsrc:
-      Entropy: 3.2826929736548087
-      Virtual Size: '0x360'
-    .reloc:
-      Entropy: 3.6567400216610486
-      Virtual Size: '0x160'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=Novell, Inc.
-      ValidFrom: '2013-03-05 00:00:00'
-      ValidTo: '2016-06-03 23:59:59'
-      Signature: dbb57cdba61b53b01c104cf3d4e6d31a0b127402fa3a5213dd686a48a858b7581868cb93fe789e249ef175deca865e2387ba579d8088691b5475c836d8c9fcafcca373a0d43c5a07029da9915827d5ca8fb80c0c676ce33f8f028e00d7a197b7ae7b0f726a1eed35d30591fffdbb14bd78c01c1d47cc18de85424fc81bbbbb1733498a35712ed119db159f3939fae462bcf5e2bde54b32c1cbe38a40f6389d5d849459a9401c4c0edeec46fe8dde11e184efb79298c1aa8f0a776e32be63d49b072d7f24c88eded44e6345e5df49a5592094278f8605402082896432b788f3bf1ea2e3912bc3c4bdaf6d609ee52d38fb25b9245441277b5ab7d70b0bda6fbfee
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 22184f284c89a9c053cd2b78b4189eea
-      Version: 3
-      TBS:
-        MD5: 5b1207ffffc0eff3784003d17b3e71a9
-        SHA1: 564b29bd3d1ae704393bf72a6e3e6931d3d4184d
-        SHA256: 2b9c106aae9a1675874a797c8571eb9fcec0a503ca4ddff69603321350fe3e68
-        SHA384: eac8e04313e7d424d650203026e3011abf7f02f40fecd7ab1a139aa229fabe40ac62b1f262780c4b27758214b08f7e87
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 22184f284c89a9c053cd2b78b4189eea
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 8ec78cf864273fd81203678b61c41f04
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: e50506bd02b4f5442507e136a72328c3
-    SHA1: d7a975782001f16be555f1d23ee9de91da5e04d8
-    SHA256: 11dcfa779763dd6e26344b32dd779bb49be470a7b9b43b5f03738c17fed06aa8
-  Company: Novell, Inc.
-  Copyright: (C) Copyright 2000-2015, Novell, Inc. All Rights Reserved.
-  CreationTimestamp: '2015-06-26 06:08:00'
-  Date: ''
-  Description: Novell Client Portability Layer
-  ExportedFunctions:
-  - DllGetClassObject
-  - XTCOM_Table
-  FileVersion: 3.1.12.0
-  Filename: ''
-  ImportedFunctions:
-  - KeWaitForSingleObject
-  - ExAllocatePoolWithTag
-  - ZwCreateKey
-  - ExFreePoolWithTag
-  - ExReleaseFastMutex
-  - ExAcquireFastMutex
-  - RtlInitUnicodeString
-  - ZwSetValueKey
-  - ZwQueryValueKey
-  - ZwEnumerateValueKey
-  - ZwClose
-  - RtlAppendUnicodeStringToString
-  - RtlCopyUnicodeString
-  - ZwDeleteKey
-  - ZwEnumerateKey
-  - ZwOpenKey
-  - DbgPrintEx
-  - RtlUpcaseUnicodeString
-  - RtlAnsiStringToUnicodeString
-  - RtlUnicodeStringToAnsiString
-  - RtlUnicodeStringToOemString
-  - RtlFreeUnicodeString
-  - RtlOemStringToUnicodeString
-  - RtlFreeAnsiString
-  - DbgPrint
-  - KeReleaseSpinLock
-  - KeAcquireSpinLockRaiseToDpc
-  - RtlIntegerToUnicodeString
-  - RtlAppendUnicodeToString
-  - RtlInitString
-  - RtlEqualUnicodeString
-  - RtlCompareString
-  - RtlCopyString
-  - KeReleaseMutex
-  - RtlEqualString
-  - RtlUnicodeStringToInteger
-  - ExAcquireResourceExclusiveLite
-  - KeResetEvent
-  - KeInitializeMutex
-  - KeLeaveCriticalRegion
-  - KeSetEvent
-  - ExIsResourceAcquiredSharedLite
-  - ExIsResourceAcquiredExclusiveLite
-  - KeEnterCriticalRegion
-  - ExAcquireResourceSharedLite
-  - ExReleaseResourceLite
-  - ExDeleteResourceLite
-  - ExInitializeResourceLite
-  - KeWaitForMultipleObjects
-  - KeSetPriorityThread
-  - IoDeleteDevice
-  - IoCreateDevice
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - RtlCompareMemory
-  - IoUninitializeWorkItem
-  - IoFreeWorkItem
-  - KeInitializeDpc
-  - KeInitializeTimer
-  - KeDelayExecutionThread
-  - IoAllocateWorkItem
-  - KeSetTimer
-  - IoInitializeWorkItem
-  - IoQueueWorkItem
-  - KeCancelTimer
-  - KeBugCheckEx
-  - RtlCompareUnicodeString
-  - KeInitializeEvent
-  - NicmCreateInstance
-  Imports:
-  - ntoskrnl.exe
-  - nicm.sys
-  InternalName: ''
-  MD5: 6a1ff4806c1a6e897208f48a1f5b062f
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: NICM.SYS
-  PDBPath: ''
-  Product: Novell XTier
-  ProductVersion: 3.1.12
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 69be7d6bc33a7ee9619315180123bd46
-    SHA1: 7ee6731a37901780d7908fc3fad4474835f832bf
-    SHA256: 14ccd7b6557e31d8e57079e70c05cb15da8336c7380554b9b40f44840989f524
-  SHA1: 97bc298a1d12a493bf14e6523e4ff48d64832954
-  SHA256: 3140005ce5cac03985f71c29732859c88017df9d41c3761aa7c57bbcb7ad2928
-  Sections:
-    .text:
-      Entropy: 6.2855065800689305
-      Virtual Size: '0x7b2f'
-    .rdata:
-      Entropy: 4.655480387952531
-      Virtual Size: '0x7bc'
-    .data:
-      Entropy: 2.3645507783558646
-      Virtual Size: '0x8c8'
-    .pdata:
-      Entropy: 4.3104861152515666
-      Virtual Size: '0x5dc'
-    .edata:
-      Entropy: 4.011677463066665
-      Virtual Size: '0x63'
-    INIT:
-      Entropy: 5.216888652235111
-      Virtual Size: '0x976'
-    .rsrc:
-      Entropy: 3.2874866188516565
-      Virtual Size: '0x360'
-    .reloc:
-      Entropy: 3.6567400216610486
-      Virtual Size: '0x160'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=Novell, Inc.
-      ValidFrom: '2013-03-05 00:00:00'
-      ValidTo: '2016-06-03 23:59:59'
-      Signature: dbb57cdba61b53b01c104cf3d4e6d31a0b127402fa3a5213dd686a48a858b7581868cb93fe789e249ef175deca865e2387ba579d8088691b5475c836d8c9fcafcca373a0d43c5a07029da9915827d5ca8fb80c0c676ce33f8f028e00d7a197b7ae7b0f726a1eed35d30591fffdbb14bd78c01c1d47cc18de85424fc81bbbbb1733498a35712ed119db159f3939fae462bcf5e2bde54b32c1cbe38a40f6389d5d849459a9401c4c0edeec46fe8dde11e184efb79298c1aa8f0a776e32be63d49b072d7f24c88eded44e6345e5df49a5592094278f8605402082896432b788f3bf1ea2e3912bc3c4bdaf6d609ee52d38fb25b9245441277b5ab7d70b0bda6fbfee
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 22184f284c89a9c053cd2b78b4189eea
-      Version: 3
-      TBS:
-        MD5: 5b1207ffffc0eff3784003d17b3e71a9
-        SHA1: 564b29bd3d1ae704393bf72a6e3e6931d3d4184d
-        SHA256: 2b9c106aae9a1675874a797c8571eb9fcec0a503ca4ddff69603321350fe3e68
-        SHA384: eac8e04313e7d424d650203026e3011abf7f02f40fecd7ab1a139aa229fabe40ac62b1f262780c4b27758214b08f7e87
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 22184f284c89a9c053cd2b78b4189eea
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 8ec78cf864273fd81203678b61c41f04
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 21bfc53f9d30070cd588f335582a1f62
-    SHA1: 59b835feb61bc84836702a4c885293547132f695
-    SHA256: e1a6c1e23108ede9167ffdf9ebc6af64a011bdafc57d25f84afab6c021ae7741
-  Company: Novell, Inc.
-  Copyright: (C) Copyright 2000-2013, Novell, Inc. All Rights Reserved.
-  CreationTimestamp: '2013-05-29 04:43:47'
-  Date: ''
-  Description: Novell Client Portability Layer
-  ExportedFunctions:
-  - DllGetClassObject
-  - XTCOM_Table
-  FileVersion: 3.1.11.0
-  Filename: ''
-  ImportedFunctions:
-  - RtlCopyUnicodeString
-  - RtlInitUnicodeString
-  - ExAllocatePoolWithTag
-  - ZwDeleteKey
-  - ZwEnumerateKey
-  - ZwEnumerateValueKey
-  - ZwOpenKey
-  - ZwQueryValueKey
-  - ZwSetValueKey
-  - memset
-  - _aulldvrm
-  - DbgPrintEx
-  - RtlUpcaseUnicodeString
-  - RtlFreeUnicodeString
-  - RtlAnsiStringToUnicodeString
-  - RtlOemStringToUnicodeString
-  - RtlFreeAnsiString
-  - RtlUnicodeStringToAnsiString
-  - RtlUnicodeStringToOemString
-  - DbgPrint
-  - RtlAppendUnicodeToString
-  - RtlCompareString
-  - RtlCompareUnicodeString
-  - RtlCopyString
-  - RtlEqualString
-  - RtlEqualUnicodeString
-  - RtlInitString
-  - RtlIntegerToUnicodeString
-  - RtlUnicodeStringToInteger
-  - KeGetCurrentThread
-  - KeLeaveCriticalRegion
-  - ExAcquireResourceSharedLite
-  - RtlAppendUnicodeStringToString
-  - ExAcquireResourceExclusiveLite
-  - KeInitializeMutex
-  - ExInitializeResourceLite
-  - KeSetEvent
-  - ExDeleteResourceLite
-  - ExIsResourceAcquiredSharedLite
-  - ExIsResourceAcquiredExclusiveLite
-  - ExReleaseResourceLite
-  - KeResetEvent
-  - KeWaitForMultipleObjects
-  - _allmul
-  - KeSetPriorityThread
-  - KeQuerySystemTime
-  - IoDeleteDevice
-  - IoCreateDevice
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - RtlCompareMemory
-  - memcpy
-  - memmove
-  - IoInitializeWorkItem
-  - IoAllocateWorkItem
-  - KeCancelTimer
-  - IoFreeWorkItem
-  - IoUninitializeWorkItem
-  - KeSetTimer
-  - KeDelayExecutionThread
-  - KeInitializeDpc
-  - KeInitializeTimer
-  - IoQueueWorkItem
-  - KeTickCount
-  - KeBugCheckEx
-  - ZwCreateKey
-  - ZwClose
-  - ExFreePoolWithTag
-  - KeWaitForSingleObject
-  - KeReleaseMutex
-  - KeEnterCriticalRegion
-  - KeInitializeEvent
-  - KfAcquireSpinLock
-  - KfReleaseSpinLock
-  - ExAcquireFastMutex
-  - ExReleaseFastMutex
-  - NicmCreateInstance
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  - nicm.sys
-  InternalName: ''
-  MD5: fadf9c1365981066c39489397840f848
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: NICM.SYS
-  PDBPath: ''
-  Product: Novell XTier
-  ProductVersion: 3.1.11
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 149b373eaaa6b9300573216ad5472a05
-    SHA1: 364c8ccdf1a4cdf3aa7b575a80f594852ada2198
-    SHA256: fc5c0859d1efbed8f3831036697d4e852ade24731e8e487550e3f618650d4efe
-  SHA1: 7ba4607763c6fef1b2562b72044a20ca2a0303e2
-  SHA256: 84739539aa6a9c9cb3c48c53f9399742883f17f24e081ebfa7bfaaf59f3ed451
-  Sections:
-    .text:
-      Entropy: 6.377674698612541
-      Virtual Size: '0x5f39'
-    .rdata:
-      Entropy: 4.993063430458135
-      Virtual Size: '0x47b'
-    .data:
-      Entropy: 3.2933421529227025
-      Virtual Size: '0x4a4'
-    .edata:
-      Entropy: 4.031879483268685
-      Virtual Size: '0x63'
-    INIT:
-      Entropy: 5.500633112750999
-      Virtual Size: '0x8a4'
-    .rsrc:
-      Entropy: 3.2836822710764215
-      Virtual Size: '0x360'
-    .reloc:
-      Entropy: 6.0982244391191385
-      Virtual Size: '0x606'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=Novell, Inc.
-      ValidFrom: '2013-03-05 00:00:00'
-      ValidTo: '2016-06-03 23:59:59'
-      Signature: dbb57cdba61b53b01c104cf3d4e6d31a0b127402fa3a5213dd686a48a858b7581868cb93fe789e249ef175deca865e2387ba579d8088691b5475c836d8c9fcafcca373a0d43c5a07029da9915827d5ca8fb80c0c676ce33f8f028e00d7a197b7ae7b0f726a1eed35d30591fffdbb14bd78c01c1d47cc18de85424fc81bbbbb1733498a35712ed119db159f3939fae462bcf5e2bde54b32c1cbe38a40f6389d5d849459a9401c4c0edeec46fe8dde11e184efb79298c1aa8f0a776e32be63d49b072d7f24c88eded44e6345e5df49a5592094278f8605402082896432b788f3bf1ea2e3912bc3c4bdaf6d609ee52d38fb25b9245441277b5ab7d70b0bda6fbfee
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 22184f284c89a9c053cd2b78b4189eea
-      Version: 3
-      TBS:
-        MD5: 5b1207ffffc0eff3784003d17b3e71a9
-        SHA1: 564b29bd3d1ae704393bf72a6e3e6931d3d4184d
-        SHA256: 2b9c106aae9a1675874a797c8571eb9fcec0a503ca4ddff69603321350fe3e68
-        SHA384: eac8e04313e7d424d650203026e3011abf7f02f40fecd7ab1a139aa229fabe40ac62b1f262780c4b27758214b08f7e87
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 22184f284c89a9c053cd2b78b4189eea
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 24c3d3be20e794c17844d030be03fd2f
-  LoadsDespiteHVCI: 'FALSE'
-MitreID: T1068
+    Command: sc.exe create nicm.sys binPath=C:\windows\temp \n \n \n  icm.sys type=kernel
+        && sc.exe start nicm.sys
+    Description: nicm.sys is a vulnerable driver. CVE-2013-3956.
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://github.com/jbaines-r7/dellicious
 - https://www.rapid7.com/blog/post/2021/12/13/driver-based-attacks-past-and-present/
-Tags:
-- nicm.sys
-Verified: 'TRUE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/e6056443537d4d2314dabca1b9168f1eaaf17a14eb41f6f5741b6b82b3119790.yara
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 8ab7a633b1d27ac3e7c25caea6609472
+        SHA1: 872091f5134150b9d0dee6a749bc1cd7a8145bd6
+        SHA256: 714d8791e37373f92f0242a6694cc232686caab69d7ae64b5ed31094cc352893
+    Company: Novell, Inc.
+    Copyright: "Copyright \xA9 1997-2007 Novell, Inc."
+    CreationTimestamp: '2007-08-09 13:33:01'
+    Date: ''
+    Description: Novell Client Portability Layer
+    ExportedFunctions:
+    - DllGetClassObject
+    - XTCOM_Table
+    FileVersion: 3.1.0.0
+    Filename: ''
+    ImportedFunctions:
+    - KeWaitForSingleObject
+    - ZwEnumerateKey
+    - ZwOpenKey
+    - ExAllocatePoolWithTag
+    - ZwCreateKey
+    - ExFreePoolWithTag
+    - ExReleaseFastMutex
+    - ExAcquireFastMutex
+    - RtlInitUnicodeString
+    - ZwSetValueKey
+    - ZwQueryValueKey
+    - ZwEnumerateValueKey
+    - ZwClose
+    - RtlAppendUnicodeStringToString
+    - RtlCopyUnicodeString
+    - ZwDeleteKey
+    - DbgBreakPoint
+    - DbgPrintEx
+    - DbgPrint
+    - RtlUpcaseUnicodeString
+    - RtlAnsiStringToUnicodeString
+    - RtlUnicodeStringToAnsiString
+    - RtlUnicodeStringToOemString
+    - RtlFreeUnicodeString
+    - RtlOemStringToUnicodeString
+    - RtlFreeAnsiString
+    - KeReleaseSpinLock
+    - KeAcquireSpinLockRaiseToDpc
+    - RtlIntegerToUnicodeString
+    - RtlAppendUnicodeToString
+    - RtlInitString
+    - RtlEqualUnicodeString
+    - RtlCompareString
+    - KeReleaseMutex
+    - RtlCompareUnicodeString
+    - RtlEqualString
+    - RtlUnicodeStringToInteger
+    - ExDeleteResourceLite
+    - ExInitializeResourceLite
+    - KeWaitForMultipleObjects
+    - ExAcquireResourceExclusiveLite
+    - KeResetEvent
+    - KeInitializeMutex
+    - KeLeaveCriticalRegion
+    - KeSetEvent
+    - ExIsResourceAcquiredSharedLite
+    - ExIsResourceAcquiredExclusiveLite
+    - KeEnterCriticalRegion
+    - ExAcquireResourceSharedLite
+    - ExReleaseResourceLite
+    - KeSetPriorityThread
+    - IoDeleteDevice
+    - IoCreateDevice
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - RtlCompareMemory
+    - IoUninitializeWorkItem
+    - IoFreeWorkItem
+    - KeInitializeDpc
+    - KeInitializeTimer
+    - KeDelayExecutionThread
+    - IoAllocateWorkItem
+    - KeSetTimer
+    - IoInitializeWorkItem
+    - IoQueueWorkItem
+    - KeCancelTimer
+    - KeBugCheckEx
+    - RtlCopyString
+    - KeInitializeEvent
+    - NicmCreateInstance
+    Imports:
+    - ntoskrnl.exe
+    - nicm.sys
+    InternalName: ''
+    MD5: f0470f82ba58bc4309f83a0f2aefa4d5
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: NICM.SYS
+    PDBPath: ''
+    Product: Novell XTier for Windows
+    ProductVersion: v3.1 (20060808)
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 7ccba2f5532d28974864bb49f2f7ecde
+        SHA1: d70b833fc592a8822e52af45961fb0eb6675311c
+        SHA256: 2c7265667f82af5943f1c9d0a07c904f2bc44c93380430659daaabd4527fa943
+    SHA1: 468cc011807704c04892ed209cf81d7896a12a0c
+    SHA256: 7a2cd1dc110d014165c001ce65578da0c0c8d7d41cc1fa44f974e8a82296fc25
+    Sections:
+        .text:
+            Entropy: 6.271115658266926
+            Virtual Size: '0x7b1f'
+        .rdata:
+            Entropy: 4.718199381290541
+            Virtual Size: '0x7c8'
+        .data:
+            Entropy: 2.3540808182213286
+            Virtual Size: '0x8c8'
+        .pdata:
+            Entropy: 4.31228440148608
+            Virtual Size: '0x5ac'
+        .edata:
+            Entropy: 4.031879483268685
+            Virtual Size: '0x63'
+        INIT:
+            Entropy: 5.176988201091535
+            Virtual Size: '0x96e'
+        .rsrc:
+            Entropy: 3.3027380404804765
+            Virtual Size: '0x350'
+        .reloc:
+            Entropy: 3.6567400216610486
+            Virtual Size: '0x160'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3
+                , Microsoft Software Validation v2, OU=Novell Products Group, CN=Novell,
+                Inc.
+            ValidFrom: '2007-04-04 00:00:00'
+            ValidTo: '2010-04-27 23:59:59'
+            Signature: 267f71f6ee43755fd6395f85c34bb15a72a6f2a959c2074627d294395fb1aaa4c7bbeff369d735628b233bde7e5c95a0f1837e5ad03704270834ce9c1b07649a256027930f44e064568666b06e7f9dc3cd299b38b0a6766301200ab58434a05a34a369ab99bbbf2aaa6b3603481e0393a80ea09e78a7cf55317a9590c49887f02e1fd948c3b1f6d203e91782ce423d0569f45e7f074205df5f92be6ccd9836641439af4390022242e0ca84aedb0d71c5a50f2dbd1ed30e5ac9c1bda67c694f94f2fe4aa83945ed32e426afe26f44dcb6dcc8186728f86f1a1bddc1ea7dd82b76578a42d1e63bf5f8f348fbcd509094858978e375d277394529df1dd5d78abab2
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 4808d93b14b8600dbfa18dab5d15310f
+            Version: 3
+            TBS:
+                MD5: adddb65a3a360b3c1a55cb33e426f32a
+                SHA1: 93d9b282265288a94ee4f1a01c5fb3a08badb7ac
+                SHA256: d98d63f26125a94eb767fdd2526f6c74bfb40cb4d117a1d87ca3ed0d99bd6f0b
+                SHA384: cf20d9d6343b52b05ebaeace8a75ad950089e2d55508571cf5b153583fdf2d7b11bc61b8f38bfa70f09b2e7ac63d9ef5
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 4808d93b14b8600dbfa18dab5d15310f
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    Imphash: f2dc136141066311fddef65f7f417c44
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 7697518920cf8fbf166debae5a206af1
+        SHA1: 1f88ab369211281a41f2b14032beec28dfa8fb9a
+        SHA256: aeaafcb5d6a7f0354915c615bd0cf0e024168d17bd87d4dfe0bd60099482b4a4
+    Company: Novell, Inc.
+    Copyright: (C) Copyright 2000-2015, Novell, Inc. All Rights Reserved.
+    CreationTimestamp: '2015-12-22 01:29:49'
+    Date: ''
+    Description: Novell Client Portability Layer
+    ExportedFunctions:
+    - DllGetClassObject
+    - XTCOM_Table
+    FileVersion: 3.1.12.0
+    Filename: ''
+    ImportedFunctions:
+    - KeWaitForSingleObject
+    - ExAllocatePoolWithTag
+    - ZwCreateKey
+    - ExFreePoolWithTag
+    - ExReleaseFastMutex
+    - ExAcquireFastMutex
+    - RtlInitUnicodeString
+    - ZwSetValueKey
+    - ZwQueryValueKey
+    - ZwEnumerateValueKey
+    - ZwClose
+    - RtlAppendUnicodeStringToString
+    - RtlCopyUnicodeString
+    - ZwDeleteKey
+    - ZwEnumerateKey
+    - ZwOpenKey
+    - DbgPrintEx
+    - RtlUpcaseUnicodeString
+    - RtlAnsiStringToUnicodeString
+    - RtlUnicodeStringToAnsiString
+    - RtlUnicodeStringToOemString
+    - RtlFreeUnicodeString
+    - RtlOemStringToUnicodeString
+    - RtlFreeAnsiString
+    - DbgPrint
+    - KeReleaseSpinLock
+    - KeAcquireSpinLockRaiseToDpc
+    - RtlIntegerToUnicodeString
+    - RtlAppendUnicodeToString
+    - RtlInitString
+    - RtlEqualUnicodeString
+    - RtlCompareString
+    - RtlCopyString
+    - KeReleaseMutex
+    - RtlEqualString
+    - RtlUnicodeStringToInteger
+    - ExAcquireResourceExclusiveLite
+    - KeResetEvent
+    - KeInitializeMutex
+    - KeLeaveCriticalRegion
+    - KeSetEvent
+    - ExIsResourceAcquiredSharedLite
+    - ExIsResourceAcquiredExclusiveLite
+    - KeEnterCriticalRegion
+    - ExAcquireResourceSharedLite
+    - ExReleaseResourceLite
+    - ExDeleteResourceLite
+    - ExInitializeResourceLite
+    - KeWaitForMultipleObjects
+    - KeSetPriorityThread
+    - IoDeleteDevice
+    - IoCreateDevice
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - RtlCompareMemory
+    - IoUninitializeWorkItem
+    - IoFreeWorkItem
+    - KeInitializeDpc
+    - KeInitializeTimer
+    - KeDelayExecutionThread
+    - IoAllocateWorkItem
+    - KeSetTimer
+    - IoInitializeWorkItem
+    - IoQueueWorkItem
+    - KeCancelTimer
+    - KeBugCheckEx
+    - RtlCompareUnicodeString
+    - KeInitializeEvent
+    - NicmCreateInstance
+    Imports:
+    - ntoskrnl.exe
+    - nicm.sys
+    InternalName: ''
+    MD5: afae2a21e36158f5cf4f76f896649c75
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: NICM.SYS
+    PDBPath: ''
+    Product: Novell XTier
+    ProductVersion: 3.1.12
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 69be7d6bc33a7ee9619315180123bd46
+        SHA1: 7ee6731a37901780d7908fc3fad4474835f832bf
+        SHA256: 14ccd7b6557e31d8e57079e70c05cb15da8336c7380554b9b40f44840989f524
+    SHA1: 341225961c15a969c62de38b4ec1938f65fda178
+    SHA256: 18f306b6edcfacd33b7b244eaecdd0986ef342f0d381158844d1f0ee1ac5c8d7
+    Sections:
+        .text:
+            Entropy: 6.2855065800689305
+            Virtual Size: '0x7b2f'
+        .rdata:
+            Entropy: 4.660382805116314
+            Virtual Size: '0x7c4'
+        .data:
+            Entropy: 2.3645507783558646
+            Virtual Size: '0x8c8'
+        .pdata:
+            Entropy: 4.358085264959065
+            Virtual Size: '0x5dc'
+        .edata:
+            Entropy: 4.011677463066665
+            Virtual Size: '0x63'
+        INIT:
+            Entropy: 5.216888652235111
+            Virtual Size: '0x976'
+        .rsrc:
+            Entropy: 3.2874866188516565
+            Virtual Size: '0x360'
+        .reloc:
+            Entropy: 3.6567400216610486
+            Virtual Size: '0x160'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3
+                , Microsoft Software Validation v2, CN=Novell, Inc.
+            ValidFrom: '2013-03-05 00:00:00'
+            ValidTo: '2016-06-03 23:59:59'
+            Signature: dbb57cdba61b53b01c104cf3d4e6d31a0b127402fa3a5213dd686a48a858b7581868cb93fe789e249ef175deca865e2387ba579d8088691b5475c836d8c9fcafcca373a0d43c5a07029da9915827d5ca8fb80c0c676ce33f8f028e00d7a197b7ae7b0f726a1eed35d30591fffdbb14bd78c01c1d47cc18de85424fc81bbbbb1733498a35712ed119db159f3939fae462bcf5e2bde54b32c1cbe38a40f6389d5d849459a9401c4c0edeec46fe8dde11e184efb79298c1aa8f0a776e32be63d49b072d7f24c88eded44e6345e5df49a5592094278f8605402082896432b788f3bf1ea2e3912bc3c4bdaf6d609ee52d38fb25b9245441277b5ab7d70b0bda6fbfee
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 22184f284c89a9c053cd2b78b4189eea
+            Version: 3
+            TBS:
+                MD5: 5b1207ffffc0eff3784003d17b3e71a9
+                SHA1: 564b29bd3d1ae704393bf72a6e3e6931d3d4184d
+                SHA256: 2b9c106aae9a1675874a797c8571eb9fcec0a503ca4ddff69603321350fe3e68
+                SHA384: eac8e04313e7d424d650203026e3011abf7f02f40fecd7ab1a139aa229fabe40ac62b1f262780c4b27758214b08f7e87
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 22184f284c89a9c053cd2b78b4189eea
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 8ec78cf864273fd81203678b61c41f04
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 3b9d5fd8e9bbb6a450a9d8e0e0d7e586
+        SHA1: b532f7e149057c438812c98d253786608b269f9c
+        SHA256: 1c4f56281d762bfaeb2168c13f3349611c8e3443602d2015540a742d6e79e6bc
+    Company: Novell, Inc.
+    Copyright: (C) Copyright 2000-2011, Novell, Inc. All Rights Reserved.
+    CreationTimestamp: '2011-09-29 19:29:13'
+    Date: ''
+    Description: Novell Client Portability Layer
+    ExportedFunctions:
+    - DllGetClassObject
+    - XTCOM_Table
+    FileVersion: 3.1.6.0
+    Filename: ''
+    ImportedFunctions:
+    - KeWaitForSingleObject
+    - ZwEnumerateKey
+    - ZwOpenKey
+    - ExAllocatePoolWithTag
+    - ZwCreateKey
+    - ExFreePoolWithTag
+    - ExReleaseFastMutex
+    - ExAcquireFastMutex
+    - RtlInitUnicodeString
+    - ZwSetValueKey
+    - ZwQueryValueKey
+    - ZwEnumerateValueKey
+    - ZwClose
+    - RtlAppendUnicodeStringToString
+    - RtlCopyUnicodeString
+    - ZwDeleteKey
+    - DbgBreakPoint
+    - DbgPrintEx
+    - DbgPrint
+    - RtlUpcaseUnicodeString
+    - RtlAnsiStringToUnicodeString
+    - RtlUnicodeStringToAnsiString
+    - RtlUnicodeStringToOemString
+    - RtlFreeUnicodeString
+    - RtlOemStringToUnicodeString
+    - RtlFreeAnsiString
+    - KeReleaseSpinLock
+    - KeAcquireSpinLockRaiseToDpc
+    - RtlIntegerToUnicodeString
+    - RtlAppendUnicodeToString
+    - RtlInitString
+    - RtlEqualUnicodeString
+    - RtlCompareString
+    - KeReleaseMutex
+    - RtlCompareUnicodeString
+    - RtlEqualString
+    - RtlUnicodeStringToInteger
+    - ExDeleteResourceLite
+    - ExInitializeResourceLite
+    - KeWaitForMultipleObjects
+    - ExAcquireResourceExclusiveLite
+    - KeResetEvent
+    - KeInitializeMutex
+    - KeLeaveCriticalRegion
+    - KeSetEvent
+    - ExIsResourceAcquiredSharedLite
+    - ExIsResourceAcquiredExclusiveLite
+    - KeEnterCriticalRegion
+    - ExAcquireResourceSharedLite
+    - ExReleaseResourceLite
+    - KeSetPriorityThread
+    - IoDeleteDevice
+    - IoCreateDevice
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - RtlCompareMemory
+    - IoUninitializeWorkItem
+    - IoFreeWorkItem
+    - KeInitializeDpc
+    - KeInitializeTimer
+    - KeDelayExecutionThread
+    - IoAllocateWorkItem
+    - KeSetTimer
+    - IoInitializeWorkItem
+    - IoQueueWorkItem
+    - KeCancelTimer
+    - KeBugCheckEx
+    - RtlCopyString
+    - KeInitializeEvent
+    - NicmCreateInstance
+    Imports:
+    - ntoskrnl.exe
+    - nicm.sys
+    InternalName: ''
+    MD5: f0fdfdf3303e2f7c141aa3a24d523af1
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: NICM.SYS
+    PDBPath: ''
+    Product: Novell XTier
+    ProductVersion: 3.1.6
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 7ccba2f5532d28974864bb49f2f7ecde
+        SHA1: d70b833fc592a8822e52af45961fb0eb6675311c
+        SHA256: 2c7265667f82af5943f1c9d0a07c904f2bc44c93380430659daaabd4527fa943
+    SHA1: 7d1ff4096a75f9fcc67c7c9c810d99874c096b6b
+    SHA256: ec1307356828426d60eab78ffb5fc48a06a389dea6e7cc13621f1fa82858a613
+    Sections:
+        .text:
+            Entropy: 6.2707978239378175
+            Virtual Size: '0x7b1f'
+        .rdata:
+            Entropy: 4.6917392818323265
+            Virtual Size: '0x7bc'
+        .data:
+            Entropy: 2.3540808182213286
+            Virtual Size: '0x8c8'
+        .pdata:
+            Entropy: 4.361174275174132
+            Virtual Size: '0x5ac'
+        .edata:
+            Entropy: 4.011677463066665
+            Virtual Size: '0x63'
+        INIT:
+            Entropy: 5.176988201091535
+            Virtual Size: '0x96e'
+        .rsrc:
+            Entropy: 3.2847696985415267
+            Virtual Size: '0x358'
+        .reloc:
+            Entropy: 3.6567400216610486
+            Virtual Size: '0x160'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        -   Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3
+                , Microsoft Software Validation v2, OU=Novell Products Group, CN=Novell,
+                Inc.
+            ValidFrom: '2010-04-03 00:00:00'
+            ValidTo: '2013-04-26 23:59:59'
+            Signature: 2d2eec4636a0c1f359ef30a107e6c2301ad12c09ab9fdac02211aaef81323d1daee3a14a150bf9f4c7d0d788d5f486ea75e40abeb502a2267171be53030fe7614af7a2015eabd4c26e887ec9220beb3666fc68158d2b8dd659e3fe55245821c10e37ddeebac63eb1848512c64a543a13ba6735b156c6dc13395890e8003e03e7c2613e2c1de1dfadfe072cd7655e3b4166fe973233b4f81ecf810541382d67c92f29d76e220543a7179b606011b932cee250f99f260b29e79236cec10b67e0e0e48cb74593a7ce2e3cfafb6c58ac7ae5c10a591037c380b5f7516cac8f4ec695b020ca2445cb9bf97eb56c09d4a62618871b482ef97c5894349e10f62e2ee68b
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 41ec87c0295f2c734169b8a23c66ac9a
+            Version: 3
+            TBS:
+                MD5: b1504f143b89a6080710bafcededb833
+                SHA1: 5c2696893ebba1e81d918a4fadda143c25c77286
+                SHA256: ae1dc09d08e93ace95fe203adfbfadcd4c029529d3f99ab381c368064b58d9a0
+                SHA384: 18c6db711578cfcd4bce87c63d053e242c7c196efc892c2d4a8733cb75bb7dc3cac3f702e0e1d4b7fa2c590acb53fdee
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 41ec87c0295f2c734169b8a23c66ac9a
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    Imphash: f2dc136141066311fddef65f7f417c44
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: cc800895376e2545965a860cd6087f2c
+        SHA1: 1db41ce46ac93d045f5e2d282018d142e19b796c
+        SHA256: bae01ea7b49bd090e198448c41293830a6e2c68821d65f69ec7dc98a16baef21
+    Company: Novell, Inc.
+    Copyright: (C) Copyright 2000-2008, Novell, Inc. All Rights Reserved.
+    CreationTimestamp: '2009-09-08 13:36:24'
+    Date: ''
+    Description: Novell Client Portability Layer
+    ExportedFunctions:
+    - DllGetClassObject
+    - XTCOM_Table
+    FileVersion: 3.1.6.0
+    Filename: ''
+    ImportedFunctions:
+    - KeWaitForSingleObject
+    - ZwEnumerateKey
+    - ZwOpenKey
+    - ExAllocatePoolWithTag
+    - ZwCreateKey
+    - ExFreePoolWithTag
+    - ExReleaseFastMutex
+    - ExAcquireFastMutex
+    - RtlInitUnicodeString
+    - ZwSetValueKey
+    - ZwQueryValueKey
+    - ZwEnumerateValueKey
+    - ZwClose
+    - RtlAppendUnicodeStringToString
+    - RtlCopyUnicodeString
+    - ZwDeleteKey
+    - DbgBreakPoint
+    - DbgPrintEx
+    - DbgPrint
+    - RtlUpcaseUnicodeString
+    - RtlAnsiStringToUnicodeString
+    - RtlUnicodeStringToAnsiString
+    - RtlUnicodeStringToOemString
+    - RtlFreeUnicodeString
+    - RtlOemStringToUnicodeString
+    - RtlFreeAnsiString
+    - KeReleaseSpinLock
+    - KeAcquireSpinLockRaiseToDpc
+    - RtlIntegerToUnicodeString
+    - RtlAppendUnicodeToString
+    - RtlInitString
+    - RtlEqualUnicodeString
+    - RtlCompareString
+    - KeReleaseMutex
+    - RtlCompareUnicodeString
+    - RtlEqualString
+    - RtlUnicodeStringToInteger
+    - ExDeleteResourceLite
+    - ExInitializeResourceLite
+    - KeWaitForMultipleObjects
+    - ExAcquireResourceExclusiveLite
+    - KeResetEvent
+    - KeInitializeMutex
+    - KeLeaveCriticalRegion
+    - KeSetEvent
+    - ExIsResourceAcquiredSharedLite
+    - ExIsResourceAcquiredExclusiveLite
+    - KeEnterCriticalRegion
+    - ExAcquireResourceSharedLite
+    - ExReleaseResourceLite
+    - KeSetPriorityThread
+    - IoDeleteDevice
+    - IoCreateDevice
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - RtlCompareMemory
+    - IoUninitializeWorkItem
+    - IoFreeWorkItem
+    - KeInitializeDpc
+    - KeInitializeTimer
+    - KeDelayExecutionThread
+    - IoAllocateWorkItem
+    - KeSetTimer
+    - IoInitializeWorkItem
+    - IoQueueWorkItem
+    - KeCancelTimer
+    - KeBugCheckEx
+    - RtlCopyString
+    - KeInitializeEvent
+    - NicmCreateInstance
+    Imports:
+    - ntoskrnl.exe
+    - nicm.sys
+    InternalName: ''
+    MD5: 18b4bbeae6b07d2e21729b8698bbd25a
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: NICM.SYS
+    PDBPath: ''
+    Product: Novell XTier
+    ProductVersion: 3.1.6
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 7ccba2f5532d28974864bb49f2f7ecde
+        SHA1: d70b833fc592a8822e52af45961fb0eb6675311c
+        SHA256: 2c7265667f82af5943f1c9d0a07c904f2bc44c93380430659daaabd4527fa943
+    SHA1: 4f077a95908b154ea12faa95de711cb44359c162
+    SHA256: 6b71b7f86e41540a82d7750a698e0386b74f52962b879cbb46f17935183cd2c7
+    Sections:
+        .text:
+            Entropy: 6.2707978239378175
+            Virtual Size: '0x7b1f'
+        .rdata:
+            Entropy: 4.6759014067495945
+            Virtual Size: '0x7b0'
+        .data:
+            Entropy: 2.3540808182213286
+            Virtual Size: '0x8c8'
+        .pdata:
+            Entropy: 4.350999244708875
+            Virtual Size: '0x5ac'
+        .edata:
+            Entropy: 4.031879483268685
+            Virtual Size: '0x63'
+        INIT:
+            Entropy: 5.176988201091535
+            Virtual Size: '0x96e'
+        .rsrc:
+            Entropy: 3.285837261243419
+            Virtual Size: '0x358'
+        .reloc:
+            Entropy: 3.6567400216610486
+            Virtual Size: '0x160'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3
+                , Microsoft Software Validation v2, OU=Novell Products Group, CN=Novell,
+                Inc.
+            ValidFrom: '2007-04-04 00:00:00'
+            ValidTo: '2010-04-27 23:59:59'
+            Signature: 267f71f6ee43755fd6395f85c34bb15a72a6f2a959c2074627d294395fb1aaa4c7bbeff369d735628b233bde7e5c95a0f1837e5ad03704270834ce9c1b07649a256027930f44e064568666b06e7f9dc3cd299b38b0a6766301200ab58434a05a34a369ab99bbbf2aaa6b3603481e0393a80ea09e78a7cf55317a9590c49887f02e1fd948c3b1f6d203e91782ce423d0569f45e7f074205df5f92be6ccd9836641439af4390022242e0ca84aedb0d71c5a50f2dbd1ed30e5ac9c1bda67c694f94f2fe4aa83945ed32e426afe26f44dcb6dcc8186728f86f1a1bddc1ea7dd82b76578a42d1e63bf5f8f348fbcd509094858978e375d277394529df1dd5d78abab2
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 4808d93b14b8600dbfa18dab5d15310f
+            Version: 3
+            TBS:
+                MD5: adddb65a3a360b3c1a55cb33e426f32a
+                SHA1: 93d9b282265288a94ee4f1a01c5fb3a08badb7ac
+                SHA256: d98d63f26125a94eb767fdd2526f6c74bfb40cb4d117a1d87ca3ed0d99bd6f0b
+                SHA384: cf20d9d6343b52b05ebaeace8a75ad950089e2d55508571cf5b153583fdf2d7b11bc61b8f38bfa70f09b2e7ac63d9ef5
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 4808d93b14b8600dbfa18dab5d15310f
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    Imphash: f2dc136141066311fddef65f7f417c44
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 03cdc4a6f210907018e5feed9e180b74
+        SHA1: 8332c7bb24562beafcdf743797ff2774ff81b7f1
+        SHA256: 4b5ef4b48a5b23818e84e415c70bd7058f665cb7cba379d05da689e1cbe1148e
+    Company: Novell, Inc.
+    Copyright: (C) Copyright 2000-2011, Novell, Inc. All Rights Reserved.
+    CreationTimestamp: '2011-07-17 21:24:37'
+    Date: ''
+    Description: Novell Client Portability Layer
+    ExportedFunctions:
+    - DllGetClassObject
+    - XTCOM_Table
+    FileVersion: 3.1.6.0
+    Filename: ''
+    ImportedFunctions:
+    - RtlCopyUnicodeString
+    - RtlInitUnicodeString
+    - ExAllocatePoolWithTag
+    - ZwDeleteKey
+    - ZwEnumerateKey
+    - ZwEnumerateValueKey
+    - ZwOpenKey
+    - ZwQueryValueKey
+    - ZwSetValueKey
+    - DbgBreakPoint
+    - memset
+    - _aulldvrm
+    - DbgPrintEx
+    - RtlUpcaseUnicodeString
+    - RtlFreeUnicodeString
+    - RtlAnsiStringToUnicodeString
+    - RtlOemStringToUnicodeString
+    - RtlFreeAnsiString
+    - RtlUnicodeStringToAnsiString
+    - RtlUnicodeStringToOemString
+    - DbgPrint
+    - RtlAppendUnicodeToString
+    - RtlCompareString
+    - RtlCompareUnicodeString
+    - RtlCopyString
+    - RtlEqualString
+    - RtlEqualUnicodeString
+    - RtlInitString
+    - RtlIntegerToUnicodeString
+    - RtlUnicodeStringToInteger
+    - KeLeaveCriticalRegion
+    - KeGetCurrentThread
+    - ExAcquireResourceSharedLite
+    - RtlAppendUnicodeStringToString
+    - ExAcquireResourceExclusiveLite
+    - KeInitializeMutex
+    - ExInitializeResourceLite
+    - KeSetEvent
+    - ExDeleteResourceLite
+    - ExIsResourceAcquiredSharedLite
+    - ExIsResourceAcquiredExclusiveLite
+    - ExReleaseResourceLite
+    - KeResetEvent
+    - KeWaitForMultipleObjects
+    - _allmul
+    - KeSetPriorityThread
+    - KeQuerySystemTime
+    - IoDeleteDevice
+    - IoCreateDevice
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - RtlCompareMemory
+    - memcpy
+    - memmove
+    - IoInitializeWorkItem
+    - IoAllocateWorkItem
+    - KeCancelTimer
+    - IoFreeWorkItem
+    - IoUninitializeWorkItem
+    - KeSetTimer
+    - KeDelayExecutionThread
+    - KeInitializeDpc
+    - KeInitializeTimer
+    - IoQueueWorkItem
+    - KeTickCount
+    - KeBugCheckEx
+    - ZwCreateKey
+    - ZwClose
+    - ExFreePoolWithTag
+    - KeWaitForSingleObject
+    - KeReleaseMutex
+    - KeEnterCriticalRegion
+    - KeInitializeEvent
+    - KfAcquireSpinLock
+    - KfReleaseSpinLock
+    - ExAcquireFastMutex
+    - ExReleaseFastMutex
+    - NicmCreateInstance
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    - nicm.sys
+    InternalName: ''
+    MD5: d43dcba796b40234267ad2862fa52600
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: NICM.SYS
+    PDBPath: ''
+    Product: Novell XTier
+    ProductVersion: 3.1.6
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 9a271840015f5068d0bd867da9c79669
+        SHA1: e758d2f4525ea5880a0cd08f8f0032d89b4bd4e7
+        SHA256: d5afe68d99aac43ff5850dd37b3184bed8f8f14e681b622515121d8000b4fbbb
+    SHA1: e8234c44f3b7e4c510ef868e8c080e00e2832b07
+    SHA256: 6c5aef14613b8471f5f4fdeb9f25b5907c2335a4bc18b3c2266fb1ffd8f1741d
+    Sections:
+        .text:
+            Entropy: 6.380228257440719
+            Virtual Size: '0x5f2d'
+        .rdata:
+            Entropy: 4.9468275818590755
+            Virtual Size: '0x484'
+        .data:
+            Entropy: 3.286914336177474
+            Virtual Size: '0x4a4'
+        .edata:
+            Entropy: 4.011677463066665
+            Virtual Size: '0x63'
+        INIT:
+            Entropy: 5.486682664178041
+            Virtual Size: '0x8b0'
+        .rsrc:
+            Entropy: 3.2847696985415267
+            Virtual Size: '0x358'
+        .reloc:
+            Entropy: 6.153392798668095
+            Virtual Size: '0x600'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        -   Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3
+                , Microsoft Software Validation v2, OU=Novell Products Group, CN=Novell,
+                Inc.
+            ValidFrom: '2010-04-03 00:00:00'
+            ValidTo: '2013-04-26 23:59:59'
+            Signature: 2d2eec4636a0c1f359ef30a107e6c2301ad12c09ab9fdac02211aaef81323d1daee3a14a150bf9f4c7d0d788d5f486ea75e40abeb502a2267171be53030fe7614af7a2015eabd4c26e887ec9220beb3666fc68158d2b8dd659e3fe55245821c10e37ddeebac63eb1848512c64a543a13ba6735b156c6dc13395890e8003e03e7c2613e2c1de1dfadfe072cd7655e3b4166fe973233b4f81ecf810541382d67c92f29d76e220543a7179b606011b932cee250f99f260b29e79236cec10b67e0e0e48cb74593a7ce2e3cfafb6c58ac7ae5c10a591037c380b5f7516cac8f4ec695b020ca2445cb9bf97eb56c09d4a62618871b482ef97c5894349e10f62e2ee68b
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 41ec87c0295f2c734169b8a23c66ac9a
+            Version: 3
+            TBS:
+                MD5: b1504f143b89a6080710bafcededb833
+                SHA1: 5c2696893ebba1e81d918a4fadda143c25c77286
+                SHA256: ae1dc09d08e93ace95fe203adfbfadcd4c029529d3f99ab381c368064b58d9a0
+                SHA384: 18c6db711578cfcd4bce87c63d053e242c7c196efc892c2d4a8733cb75bb7dc3cac3f702e0e1d4b7fa2c590acb53fdee
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 41ec87c0295f2c734169b8a23c66ac9a
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    Imphash: 0e4f5481813eeec4e5dd96e36020135f
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: f92697db36bdb2c33b58b765f9a1c4cc
+        SHA1: c7cee16eed16089b709b7af6c0cc8d7aacb0a5a5
+        SHA256: 75f1bea34e2bb1d26cf173eba44daeb9bbee8106d43b911a01f73f76be17a165
+    Company: Novell, Inc.
+    Copyright: (C) Copyright 2000-2013, Novell, Inc. All Rights Reserved.
+    CreationTimestamp: '2013-01-15 23:20:09'
+    Date: ''
+    Description: Novell Client Portability Layer
+    ExportedFunctions:
+    - DllGetClassObject
+    - XTCOM_Table
+    FileVersion: 3.1.11.0
+    Filename: ''
+    ImportedFunctions:
+    - RtlCopyUnicodeString
+    - RtlInitUnicodeString
+    - ExAllocatePoolWithTag
+    - ZwDeleteKey
+    - ZwEnumerateKey
+    - ZwEnumerateValueKey
+    - ZwOpenKey
+    - ZwQueryValueKey
+    - ZwSetValueKey
+    - memset
+    - _aulldvrm
+    - DbgPrintEx
+    - RtlUpcaseUnicodeString
+    - RtlFreeUnicodeString
+    - RtlAnsiStringToUnicodeString
+    - RtlOemStringToUnicodeString
+    - RtlFreeAnsiString
+    - RtlUnicodeStringToAnsiString
+    - RtlUnicodeStringToOemString
+    - DbgPrint
+    - RtlAppendUnicodeToString
+    - RtlCompareString
+    - RtlCompareUnicodeString
+    - RtlCopyString
+    - RtlEqualString
+    - RtlEqualUnicodeString
+    - RtlInitString
+    - RtlIntegerToUnicodeString
+    - RtlUnicodeStringToInteger
+    - KeGetCurrentThread
+    - KeLeaveCriticalRegion
+    - ExAcquireResourceSharedLite
+    - RtlAppendUnicodeStringToString
+    - ExAcquireResourceExclusiveLite
+    - KeInitializeMutex
+    - ExInitializeResourceLite
+    - KeSetEvent
+    - ExDeleteResourceLite
+    - ExIsResourceAcquiredSharedLite
+    - ExIsResourceAcquiredExclusiveLite
+    - ExReleaseResourceLite
+    - KeResetEvent
+    - KeWaitForMultipleObjects
+    - _allmul
+    - KeSetPriorityThread
+    - KeQuerySystemTime
+    - IoDeleteDevice
+    - IoCreateDevice
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - RtlCompareMemory
+    - memcpy
+    - memmove
+    - IoInitializeWorkItem
+    - IoAllocateWorkItem
+    - KeCancelTimer
+    - IoFreeWorkItem
+    - IoUninitializeWorkItem
+    - KeSetTimer
+    - KeDelayExecutionThread
+    - KeInitializeDpc
+    - KeInitializeTimer
+    - IoQueueWorkItem
+    - KeTickCount
+    - KeBugCheckEx
+    - ZwCreateKey
+    - ZwClose
+    - ExFreePoolWithTag
+    - KeWaitForSingleObject
+    - KeReleaseMutex
+    - KeEnterCriticalRegion
+    - KeInitializeEvent
+    - KfAcquireSpinLock
+    - KfReleaseSpinLock
+    - ExAcquireFastMutex
+    - ExReleaseFastMutex
+    - NicmCreateInstance
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    - nicm.sys
+    InternalName: ''
+    MD5: c9390a8f3ca511c1306a039ca5d80997
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: NICM.SYS
+    PDBPath: ''
+    Product: Novell XTier
+    ProductVersion: 3.1.11
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 149b373eaaa6b9300573216ad5472a05
+        SHA1: 364c8ccdf1a4cdf3aa7b575a80f594852ada2198
+        SHA256: fc5c0859d1efbed8f3831036697d4e852ade24731e8e487550e3f618650d4efe
+    SHA1: cd828ee0725f6185861fd0a9d3bd78f1d96e55bf
+    SHA256: e279e425d906ba77784fb5b2738913f5065a567d03abe4fd5571695d418c1c0f
+    Sections:
+        .text:
+            Entropy: 6.377738293670074
+            Virtual Size: '0x5f2d'
+        .rdata:
+            Entropy: 5.008103271033984
+            Virtual Size: '0x47d'
+        .data:
+            Entropy: 3.300874018242627
+            Virtual Size: '0x4a4'
+        .edata:
+            Entropy: 4.011677463066665
+            Virtual Size: '0x63'
+        INIT:
+            Entropy: 5.500070222833352
+            Virtual Size: '0x8a4'
+        .rsrc:
+            Entropy: 3.2836822710764215
+            Virtual Size: '0x360'
+        .reloc:
+            Entropy: 6.098446944342447
+            Virtual Size: '0x606'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        -   Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3
+                , Microsoft Software Validation v2, OU=Novell Products Group, CN=Novell,
+                Inc.
+            ValidFrom: '2010-04-03 00:00:00'
+            ValidTo: '2013-04-26 23:59:59'
+            Signature: 2d2eec4636a0c1f359ef30a107e6c2301ad12c09ab9fdac02211aaef81323d1daee3a14a150bf9f4c7d0d788d5f486ea75e40abeb502a2267171be53030fe7614af7a2015eabd4c26e887ec9220beb3666fc68158d2b8dd659e3fe55245821c10e37ddeebac63eb1848512c64a543a13ba6735b156c6dc13395890e8003e03e7c2613e2c1de1dfadfe072cd7655e3b4166fe973233b4f81ecf810541382d67c92f29d76e220543a7179b606011b932cee250f99f260b29e79236cec10b67e0e0e48cb74593a7ce2e3cfafb6c58ac7ae5c10a591037c380b5f7516cac8f4ec695b020ca2445cb9bf97eb56c09d4a62618871b482ef97c5894349e10f62e2ee68b
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 41ec87c0295f2c734169b8a23c66ac9a
+            Version: 3
+            TBS:
+                MD5: b1504f143b89a6080710bafcededb833
+                SHA1: 5c2696893ebba1e81d918a4fadda143c25c77286
+                SHA256: ae1dc09d08e93ace95fe203adfbfadcd4c029529d3f99ab381c368064b58d9a0
+                SHA384: 18c6db711578cfcd4bce87c63d053e242c7c196efc892c2d4a8733cb75bb7dc3cac3f702e0e1d4b7fa2c590acb53fdee
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 41ec87c0295f2c734169b8a23c66ac9a
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    Imphash: 24c3d3be20e794c17844d030be03fd2f
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 3190ab9249afb0e3915a6a96b42b79a3
+        SHA1: 2c3d046b089521c5cac415b28f55e498d3050622
+        SHA256: fe425d4ea7c8d8bc2e8f32969d058f06a02ab11a0e15e465b989e526be17ca84
+    Company: Novell, Inc.
+    Copyright: (C) Copyright 2000-2014, Novell, Inc. All Rights Reserved.
+    CreationTimestamp: '2014-08-26 13:53:15'
+    Date: ''
+    Description: Novell Client Portability Layer
+    ExportedFunctions:
+    - DllGetClassObject
+    - XTCOM_Table
+    FileVersion: 3.1.11.0
+    Filename: ''
+    ImportedFunctions:
+    - RtlCopyUnicodeString
+    - RtlInitUnicodeString
+    - ExAllocatePoolWithTag
+    - ZwDeleteKey
+    - ZwEnumerateKey
+    - ZwEnumerateValueKey
+    - ZwOpenKey
+    - ZwQueryValueKey
+    - ZwSetValueKey
+    - memset
+    - _aulldvrm
+    - DbgPrintEx
+    - RtlUpcaseUnicodeString
+    - RtlFreeUnicodeString
+    - RtlAnsiStringToUnicodeString
+    - RtlOemStringToUnicodeString
+    - RtlFreeAnsiString
+    - RtlUnicodeStringToAnsiString
+    - RtlUnicodeStringToOemString
+    - DbgPrint
+    - RtlAppendUnicodeToString
+    - RtlCompareString
+    - RtlCompareUnicodeString
+    - RtlCopyString
+    - RtlEqualString
+    - RtlEqualUnicodeString
+    - RtlInitString
+    - RtlIntegerToUnicodeString
+    - RtlUnicodeStringToInteger
+    - KeGetCurrentThread
+    - KeLeaveCriticalRegion
+    - ExAcquireResourceSharedLite
+    - RtlAppendUnicodeStringToString
+    - ExAcquireResourceExclusiveLite
+    - KeInitializeMutex
+    - ExInitializeResourceLite
+    - KeSetEvent
+    - ExDeleteResourceLite
+    - ExIsResourceAcquiredSharedLite
+    - ExIsResourceAcquiredExclusiveLite
+    - ExReleaseResourceLite
+    - KeResetEvent
+    - KeWaitForMultipleObjects
+    - _allmul
+    - KeSetPriorityThread
+    - KeQuerySystemTime
+    - IoDeleteDevice
+    - IoCreateDevice
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - RtlCompareMemory
+    - memcpy
+    - memmove
+    - IoInitializeWorkItem
+    - IoAllocateWorkItem
+    - KeCancelTimer
+    - IoFreeWorkItem
+    - IoUninitializeWorkItem
+    - KeSetTimer
+    - KeDelayExecutionThread
+    - KeInitializeDpc
+    - KeInitializeTimer
+    - IoQueueWorkItem
+    - KeTickCount
+    - KeBugCheckEx
+    - ZwCreateKey
+    - ZwClose
+    - ExFreePoolWithTag
+    - KeWaitForSingleObject
+    - KeReleaseMutex
+    - KeEnterCriticalRegion
+    - KeInitializeEvent
+    - KfAcquireSpinLock
+    - KfReleaseSpinLock
+    - ExAcquireFastMutex
+    - ExReleaseFastMutex
+    - NicmCreateInstance
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    - nicm.sys
+    InternalName: ''
+    MD5: f44f6ec546850ceb796a2cb528928a91
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: NICM.SYS
+    PDBPath: ''
+    Product: Novell XTier
+    ProductVersion: 3.1.11
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 149b373eaaa6b9300573216ad5472a05
+        SHA1: 364c8ccdf1a4cdf3aa7b575a80f594852ada2198
+        SHA256: fc5c0859d1efbed8f3831036697d4e852ade24731e8e487550e3f618650d4efe
+    SHA1: d1ba4c95697a25ec265a3908acbff269e29e760c
+    SHA256: e728b259113d772b4e96466ab8fe18980f37c36f187b286361c852bd88101717
+    Sections:
+        .text:
+            Entropy: 6.377674698612541
+            Virtual Size: '0x5f39'
+        .rdata:
+            Entropy: 4.992703297266737
+            Virtual Size: '0x475'
+        .data:
+            Entropy: 3.2933421529227025
+            Virtual Size: '0x4a4'
+        .edata:
+            Entropy: 4.004052336782185
+            Virtual Size: '0x63'
+        INIT:
+            Entropy: 5.500633112750999
+            Virtual Size: '0x8a4'
+        .rsrc:
+            Entropy: 3.2826929736548087
+            Virtual Size: '0x360'
+        .reloc:
+            Entropy: 6.0982244391191385
+            Virtual Size: '0x606'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3
+                , Microsoft Software Validation v2, CN=Novell, Inc.
+            ValidFrom: '2013-03-05 00:00:00'
+            ValidTo: '2016-06-03 23:59:59'
+            Signature: dbb57cdba61b53b01c104cf3d4e6d31a0b127402fa3a5213dd686a48a858b7581868cb93fe789e249ef175deca865e2387ba579d8088691b5475c836d8c9fcafcca373a0d43c5a07029da9915827d5ca8fb80c0c676ce33f8f028e00d7a197b7ae7b0f726a1eed35d30591fffdbb14bd78c01c1d47cc18de85424fc81bbbbb1733498a35712ed119db159f3939fae462bcf5e2bde54b32c1cbe38a40f6389d5d849459a9401c4c0edeec46fe8dde11e184efb79298c1aa8f0a776e32be63d49b072d7f24c88eded44e6345e5df49a5592094278f8605402082896432b788f3bf1ea2e3912bc3c4bdaf6d609ee52d38fb25b9245441277b5ab7d70b0bda6fbfee
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 22184f284c89a9c053cd2b78b4189eea
+            Version: 3
+            TBS:
+                MD5: 5b1207ffffc0eff3784003d17b3e71a9
+                SHA1: 564b29bd3d1ae704393bf72a6e3e6931d3d4184d
+                SHA256: 2b9c106aae9a1675874a797c8571eb9fcec0a503ca4ddff69603321350fe3e68
+                SHA384: eac8e04313e7d424d650203026e3011abf7f02f40fecd7ab1a139aa229fabe40ac62b1f262780c4b27758214b08f7e87
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 22184f284c89a9c053cd2b78b4189eea
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 24c3d3be20e794c17844d030be03fd2f
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 16ad7e2dcc5d51f8d844c5817a3ada77
+        SHA1: 2871eec82d1c7ce329579dee37f610f6994eed1a
+        SHA256: 1e556fc49ab6caeb5b835abf683ff04a39f0e467ea5607187c8b2fcf2ca77314
+    Company: Novell, Inc.
+    Copyright: (C) Copyright 2000-2015, Novell, Inc. All Rights Reserved.
+    CreationTimestamp: '2015-09-26 07:20:29'
+    Date: ''
+    Description: Novell Client Portability Layer
+    ExportedFunctions:
+    - DllGetClassObject
+    - XTCOM_Table
+    FileVersion: 3.1.12.0
+    Filename: ''
+    ImportedFunctions:
+    - KeWaitForSingleObject
+    - ExAllocatePoolWithTag
+    - ZwCreateKey
+    - ExFreePoolWithTag
+    - ExReleaseFastMutex
+    - ExAcquireFastMutex
+    - RtlInitUnicodeString
+    - ZwSetValueKey
+    - ZwQueryValueKey
+    - ZwEnumerateValueKey
+    - ZwClose
+    - RtlAppendUnicodeStringToString
+    - RtlCopyUnicodeString
+    - ZwDeleteKey
+    - ZwEnumerateKey
+    - ZwOpenKey
+    - DbgPrintEx
+    - RtlUpcaseUnicodeString
+    - RtlAnsiStringToUnicodeString
+    - RtlUnicodeStringToAnsiString
+    - RtlUnicodeStringToOemString
+    - RtlFreeUnicodeString
+    - RtlOemStringToUnicodeString
+    - RtlFreeAnsiString
+    - DbgPrint
+    - KeReleaseSpinLock
+    - KeAcquireSpinLockRaiseToDpc
+    - RtlIntegerToUnicodeString
+    - RtlAppendUnicodeToString
+    - RtlInitString
+    - RtlEqualUnicodeString
+    - RtlCompareString
+    - RtlCopyString
+    - KeReleaseMutex
+    - RtlEqualString
+    - RtlUnicodeStringToInteger
+    - ExAcquireResourceExclusiveLite
+    - KeResetEvent
+    - KeInitializeMutex
+    - KeLeaveCriticalRegion
+    - KeSetEvent
+    - ExIsResourceAcquiredSharedLite
+    - ExIsResourceAcquiredExclusiveLite
+    - KeEnterCriticalRegion
+    - ExAcquireResourceSharedLite
+    - ExReleaseResourceLite
+    - ExDeleteResourceLite
+    - ExInitializeResourceLite
+    - KeWaitForMultipleObjects
+    - KeSetPriorityThread
+    - IoDeleteDevice
+    - IoCreateDevice
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - RtlCompareMemory
+    - IoUninitializeWorkItem
+    - IoFreeWorkItem
+    - KeInitializeDpc
+    - KeInitializeTimer
+    - KeDelayExecutionThread
+    - IoAllocateWorkItem
+    - KeSetTimer
+    - IoInitializeWorkItem
+    - IoQueueWorkItem
+    - KeCancelTimer
+    - KeBugCheckEx
+    - RtlCompareUnicodeString
+    - KeInitializeEvent
+    - NicmCreateInstance
+    Imports:
+    - ntoskrnl.exe
+    - nicm.sys
+    InternalName: ''
+    MD5: 91755cc5c3ccf97313dc2bece813b4d9
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: NICM.SYS
+    PDBPath: ''
+    Product: Novell XTier
+    ProductVersion: 3.1.12
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 69be7d6bc33a7ee9619315180123bd46
+        SHA1: 7ee6731a37901780d7908fc3fad4474835f832bf
+        SHA256: 14ccd7b6557e31d8e57079e70c05cb15da8336c7380554b9b40f44840989f524
+    SHA1: 7626036baf98ddcb492a8ec34e58c022ebd70a80
+    SHA256: c08581e3e444849729c5b956d0d6030080553d0bc6e5ae7e9a348d45617b9746
+    Sections:
+        .text:
+            Entropy: 6.2855065800689305
+            Virtual Size: '0x7b2f'
+        .rdata:
+            Entropy: 4.629576071481795
+            Virtual Size: '0x7bc'
+        .data:
+            Entropy: 2.3645507783558646
+            Virtual Size: '0x8c8'
+        .pdata:
+            Entropy: 4.3104861152515666
+            Virtual Size: '0x5dc'
+        .edata:
+            Entropy: 4.011677463066665
+            Virtual Size: '0x63'
+        INIT:
+            Entropy: 5.216888652235111
+            Virtual Size: '0x976'
+        .rsrc:
+            Entropy: 3.2874866188516565
+            Virtual Size: '0x360'
+        .reloc:
+            Entropy: 3.6567400216610486
+            Virtual Size: '0x160'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3
+                , Microsoft Software Validation v2, CN=Novell, Inc.
+            ValidFrom: '2013-03-05 00:00:00'
+            ValidTo: '2016-06-03 23:59:59'
+            Signature: dbb57cdba61b53b01c104cf3d4e6d31a0b127402fa3a5213dd686a48a858b7581868cb93fe789e249ef175deca865e2387ba579d8088691b5475c836d8c9fcafcca373a0d43c5a07029da9915827d5ca8fb80c0c676ce33f8f028e00d7a197b7ae7b0f726a1eed35d30591fffdbb14bd78c01c1d47cc18de85424fc81bbbbb1733498a35712ed119db159f3939fae462bcf5e2bde54b32c1cbe38a40f6389d5d849459a9401c4c0edeec46fe8dde11e184efb79298c1aa8f0a776e32be63d49b072d7f24c88eded44e6345e5df49a5592094278f8605402082896432b788f3bf1ea2e3912bc3c4bdaf6d609ee52d38fb25b9245441277b5ab7d70b0bda6fbfee
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 22184f284c89a9c053cd2b78b4189eea
+            Version: 3
+            TBS:
+                MD5: 5b1207ffffc0eff3784003d17b3e71a9
+                SHA1: 564b29bd3d1ae704393bf72a6e3e6931d3d4184d
+                SHA256: 2b9c106aae9a1675874a797c8571eb9fcec0a503ca4ddff69603321350fe3e68
+                SHA384: eac8e04313e7d424d650203026e3011abf7f02f40fecd7ab1a139aa229fabe40ac62b1f262780c4b27758214b08f7e87
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 22184f284c89a9c053cd2b78b4189eea
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 8ec78cf864273fd81203678b61c41f04
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 1c0d53f4b9788aab37c192d5dab8ac40
+        SHA1: 6202e85a712c45daa25dc706388e10d05b42a467
+        SHA256: 677ec2df835069678876defc3ef5ff73f463ad39e8466d76632d06f6a29a494f
+    Company: Novell, Inc.
+    Copyright: (C) Copyright 2000-2013, Novell, Inc. All Rights Reserved.
+    CreationTimestamp: '2013-12-18 02:18:54'
+    Date: ''
+    Description: Novell Client Portability Layer
+    ExportedFunctions:
+    - DllGetClassObject
+    - XTCOM_Table
+    FileVersion: 3.1.11.0
+    Filename: ''
+    ImportedFunctions:
+    - RtlCopyUnicodeString
+    - RtlInitUnicodeString
+    - ExAllocatePoolWithTag
+    - ZwDeleteKey
+    - ZwEnumerateKey
+    - ZwEnumerateValueKey
+    - ZwOpenKey
+    - ZwQueryValueKey
+    - ZwSetValueKey
+    - memset
+    - _aulldvrm
+    - DbgPrintEx
+    - RtlUpcaseUnicodeString
+    - RtlFreeUnicodeString
+    - RtlAnsiStringToUnicodeString
+    - RtlOemStringToUnicodeString
+    - RtlFreeAnsiString
+    - RtlUnicodeStringToAnsiString
+    - RtlUnicodeStringToOemString
+    - DbgPrint
+    - RtlAppendUnicodeToString
+    - RtlCompareString
+    - RtlCompareUnicodeString
+    - RtlCopyString
+    - RtlEqualString
+    - RtlEqualUnicodeString
+    - RtlInitString
+    - RtlIntegerToUnicodeString
+    - RtlUnicodeStringToInteger
+    - KeGetCurrentThread
+    - KeLeaveCriticalRegion
+    - ExAcquireResourceSharedLite
+    - RtlAppendUnicodeStringToString
+    - ExAcquireResourceExclusiveLite
+    - KeInitializeMutex
+    - ExInitializeResourceLite
+    - KeSetEvent
+    - ExDeleteResourceLite
+    - ExIsResourceAcquiredSharedLite
+    - ExIsResourceAcquiredExclusiveLite
+    - ExReleaseResourceLite
+    - KeResetEvent
+    - KeWaitForMultipleObjects
+    - _allmul
+    - KeSetPriorityThread
+    - KeQuerySystemTime
+    - IoDeleteDevice
+    - IoCreateDevice
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - RtlCompareMemory
+    - memcpy
+    - memmove
+    - IoInitializeWorkItem
+    - IoAllocateWorkItem
+    - KeCancelTimer
+    - IoFreeWorkItem
+    - IoUninitializeWorkItem
+    - KeSetTimer
+    - KeDelayExecutionThread
+    - KeInitializeDpc
+    - KeInitializeTimer
+    - IoQueueWorkItem
+    - KeTickCount
+    - KeBugCheckEx
+    - ZwCreateKey
+    - ZwClose
+    - ExFreePoolWithTag
+    - KeWaitForSingleObject
+    - KeReleaseMutex
+    - KeEnterCriticalRegion
+    - KeInitializeEvent
+    - KfAcquireSpinLock
+    - KfReleaseSpinLock
+    - ExAcquireFastMutex
+    - ExReleaseFastMutex
+    - NicmCreateInstance
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    - nicm.sys
+    InternalName: ''
+    MD5: a87689b1067edacc48fddf90020dee23
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: NICM.SYS
+    PDBPath: ''
+    Product: Novell XTier
+    ProductVersion: 3.1.11
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 149b373eaaa6b9300573216ad5472a05
+        SHA1: 364c8ccdf1a4cdf3aa7b575a80f594852ada2198
+        SHA256: fc5c0859d1efbed8f3831036697d4e852ade24731e8e487550e3f618650d4efe
+    SHA1: 1ecb7b9658eb819a80b8ebdaa2e69f0d84162622
+    SHA256: 8b688dd055ead2c915a139598c8db7962b42cb6e744eaacfcb338c093fc1f4e7
+    Sections:
+        .text:
+            Entropy: 6.377674698612541
+            Virtual Size: '0x5f39'
+        .rdata:
+            Entropy: 4.997766404942963
+            Virtual Size: '0x47b'
+        .data:
+            Entropy: 3.2933421529227025
+            Virtual Size: '0x4a4'
+        .edata:
+            Entropy: 4.031879483268685
+            Virtual Size: '0x63'
+        INIT:
+            Entropy: 5.500633112750999
+            Virtual Size: '0x8a4'
+        .rsrc:
+            Entropy: 3.2836822710764215
+            Virtual Size: '0x360'
+        .reloc:
+            Entropy: 6.0982244391191385
+            Virtual Size: '0x606'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3
+                , Microsoft Software Validation v2, CN=Novell, Inc.
+            ValidFrom: '2013-03-05 00:00:00'
+            ValidTo: '2016-06-03 23:59:59'
+            Signature: dbb57cdba61b53b01c104cf3d4e6d31a0b127402fa3a5213dd686a48a858b7581868cb93fe789e249ef175deca865e2387ba579d8088691b5475c836d8c9fcafcca373a0d43c5a07029da9915827d5ca8fb80c0c676ce33f8f028e00d7a197b7ae7b0f726a1eed35d30591fffdbb14bd78c01c1d47cc18de85424fc81bbbbb1733498a35712ed119db159f3939fae462bcf5e2bde54b32c1cbe38a40f6389d5d849459a9401c4c0edeec46fe8dde11e184efb79298c1aa8f0a776e32be63d49b072d7f24c88eded44e6345e5df49a5592094278f8605402082896432b788f3bf1ea2e3912bc3c4bdaf6d609ee52d38fb25b9245441277b5ab7d70b0bda6fbfee
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 22184f284c89a9c053cd2b78b4189eea
+            Version: 3
+            TBS:
+                MD5: 5b1207ffffc0eff3784003d17b3e71a9
+                SHA1: 564b29bd3d1ae704393bf72a6e3e6931d3d4184d
+                SHA256: 2b9c106aae9a1675874a797c8571eb9fcec0a503ca4ddff69603321350fe3e68
+                SHA384: eac8e04313e7d424d650203026e3011abf7f02f40fecd7ab1a139aa229fabe40ac62b1f262780c4b27758214b08f7e87
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 22184f284c89a9c053cd2b78b4189eea
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 24c3d3be20e794c17844d030be03fd2f
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 3e6b489741cdcae17a01ede87b89d875
+        SHA1: 231651011a36b45626a9c2245496225221887af7
+        SHA256: 75822137b0934c2146c789d9f6e52da4de4a191698b68819d6d4b0845bbc34ed
+    Company: Novell, Inc.
+    Copyright: (C) Copyright 2000-2015, Novell, Inc. All Rights Reserved.
+    CreationTimestamp: '2015-06-26 06:08:10'
+    Date: ''
+    Description: Novell Client Portability Layer
+    ExportedFunctions:
+    - DllGetClassObject
+    - XTCOM_Table
+    FileVersion: 3.1.12.0
+    Filename: ''
+    ImportedFunctions:
+    - RtlCopyUnicodeString
+    - RtlInitUnicodeString
+    - ExAllocatePoolWithTag
+    - ZwDeleteKey
+    - ZwEnumerateKey
+    - ZwEnumerateValueKey
+    - ZwOpenKey
+    - ZwQueryValueKey
+    - ZwSetValueKey
+    - memset
+    - _aulldvrm
+    - DbgPrintEx
+    - RtlUpcaseUnicodeString
+    - RtlFreeUnicodeString
+    - RtlAnsiStringToUnicodeString
+    - RtlOemStringToUnicodeString
+    - RtlFreeAnsiString
+    - RtlUnicodeStringToAnsiString
+    - RtlUnicodeStringToOemString
+    - DbgPrint
+    - RtlAppendUnicodeToString
+    - RtlCompareString
+    - RtlCompareUnicodeString
+    - RtlCopyString
+    - RtlEqualString
+    - RtlEqualUnicodeString
+    - RtlInitString
+    - RtlIntegerToUnicodeString
+    - RtlUnicodeStringToInteger
+    - KeGetCurrentThread
+    - KeLeaveCriticalRegion
+    - ExAcquireResourceSharedLite
+    - RtlAppendUnicodeStringToString
+    - ExAcquireResourceExclusiveLite
+    - KeInitializeMutex
+    - ExInitializeResourceLite
+    - KeSetEvent
+    - ExDeleteResourceLite
+    - ExIsResourceAcquiredSharedLite
+    - ExIsResourceAcquiredExclusiveLite
+    - ExReleaseResourceLite
+    - KeResetEvent
+    - KeWaitForMultipleObjects
+    - _allmul
+    - KeSetPriorityThread
+    - KeQuerySystemTime
+    - IoDeleteDevice
+    - IoCreateDevice
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - RtlCompareMemory
+    - memcpy
+    - memmove
+    - IoInitializeWorkItem
+    - IoAllocateWorkItem
+    - KeCancelTimer
+    - IoFreeWorkItem
+    - IoUninitializeWorkItem
+    - KeSetTimer
+    - KeDelayExecutionThread
+    - KeInitializeDpc
+    - KeInitializeTimer
+    - IoQueueWorkItem
+    - KeTickCount
+    - KeBugCheckEx
+    - ZwCreateKey
+    - ZwClose
+    - ExFreePoolWithTag
+    - KeWaitForSingleObject
+    - KeReleaseMutex
+    - KeEnterCriticalRegion
+    - KeInitializeEvent
+    - KfAcquireSpinLock
+    - KfReleaseSpinLock
+    - ExAcquireFastMutex
+    - ExReleaseFastMutex
+    - NicmCreateInstance
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    - nicm.sys
+    InternalName: ''
+    MD5: f30db62d02a69c36ccb01ac9d41dc085
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: NICM.SYS
+    PDBPath: ''
+    Product: Novell XTier
+    ProductVersion: 3.1.12
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 149b373eaaa6b9300573216ad5472a05
+        SHA1: 364c8ccdf1a4cdf3aa7b575a80f594852ada2198
+        SHA256: fc5c0859d1efbed8f3831036697d4e852ade24731e8e487550e3f618650d4efe
+    SHA1: 59c4960851af9240dded4173c4f823727af19512
+    SHA256: 00b3ff11585c2527b9e1c140fd57cb70b18fd0b775ec87e9646603056622a1fd
+    Sections:
+        .text:
+            Entropy: 6.38607433158685
+            Virtual Size: '0x5e6f'
+        .rdata:
+            Entropy: 4.992323797255079
+            Virtual Size: '0x477'
+        .data:
+            Entropy: 3.319059838952553
+            Virtual Size: '0x4a4'
+        .edata:
+            Entropy: 4.031879483268685
+            Virtual Size: '0x63'
+        INIT:
+            Entropy: 5.498844850579171
+            Virtual Size: '0x8a4'
+        .rsrc:
+            Entropy: 3.2874866188516565
+            Virtual Size: '0x360'
+        .reloc:
+            Entropy: 6.121413979677538
+            Virtual Size: '0x604'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3
+                , Microsoft Software Validation v2, CN=Novell, Inc.
+            ValidFrom: '2013-03-05 00:00:00'
+            ValidTo: '2016-06-03 23:59:59'
+            Signature: dbb57cdba61b53b01c104cf3d4e6d31a0b127402fa3a5213dd686a48a858b7581868cb93fe789e249ef175deca865e2387ba579d8088691b5475c836d8c9fcafcca373a0d43c5a07029da9915827d5ca8fb80c0c676ce33f8f028e00d7a197b7ae7b0f726a1eed35d30591fffdbb14bd78c01c1d47cc18de85424fc81bbbbb1733498a35712ed119db159f3939fae462bcf5e2bde54b32c1cbe38a40f6389d5d849459a9401c4c0edeec46fe8dde11e184efb79298c1aa8f0a776e32be63d49b072d7f24c88eded44e6345e5df49a5592094278f8605402082896432b788f3bf1ea2e3912bc3c4bdaf6d609ee52d38fb25b9245441277b5ab7d70b0bda6fbfee
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 22184f284c89a9c053cd2b78b4189eea
+            Version: 3
+            TBS:
+                MD5: 5b1207ffffc0eff3784003d17b3e71a9
+                SHA1: 564b29bd3d1ae704393bf72a6e3e6931d3d4184d
+                SHA256: 2b9c106aae9a1675874a797c8571eb9fcec0a503ca4ddff69603321350fe3e68
+                SHA384: eac8e04313e7d424d650203026e3011abf7f02f40fecd7ab1a139aa229fabe40ac62b1f262780c4b27758214b08f7e87
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 22184f284c89a9c053cd2b78b4189eea
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 24c3d3be20e794c17844d030be03fd2f
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: d79f773ee0e6eb9aa7d9859747fde271
+        SHA1: 16077b3894a11e1b4df8e959a7e0795bc0c7505a
+        SHA256: 8fca5b647af3f792898efc1bdc008745643b417282cdee13d4edf93a4a8308a0
+    Company: Novell, Inc.
+    Copyright: (C) Copyright 2000-2008, Novell, Inc. All Rights Reserved.
+    CreationTimestamp: '2009-12-18 07:21:00'
+    Date: ''
+    Description: Novell Client Portability Layer
+    ExportedFunctions:
+    - DllGetClassObject
+    - XTCOM_Table
+    FileVersion: 3.1.6.0
+    Filename: ''
+    ImportedFunctions:
+    - RtlCopyUnicodeString
+    - RtlInitUnicodeString
+    - ExAllocatePoolWithTag
+    - ZwDeleteKey
+    - ZwEnumerateKey
+    - ZwEnumerateValueKey
+    - ZwOpenKey
+    - ZwQueryValueKey
+    - ZwSetValueKey
+    - DbgBreakPoint
+    - memset
+    - _aulldvrm
+    - DbgPrintEx
+    - RtlUpcaseUnicodeString
+    - RtlFreeUnicodeString
+    - RtlAnsiStringToUnicodeString
+    - RtlOemStringToUnicodeString
+    - RtlFreeAnsiString
+    - RtlUnicodeStringToAnsiString
+    - RtlUnicodeStringToOemString
+    - DbgPrint
+    - RtlAppendUnicodeToString
+    - RtlCompareString
+    - RtlCompareUnicodeString
+    - RtlCopyString
+    - RtlEqualString
+    - RtlEqualUnicodeString
+    - RtlInitString
+    - RtlIntegerToUnicodeString
+    - RtlUnicodeStringToInteger
+    - KeLeaveCriticalRegion
+    - KeGetCurrentThread
+    - ExAcquireResourceSharedLite
+    - RtlAppendUnicodeStringToString
+    - ExAcquireResourceExclusiveLite
+    - KeInitializeMutex
+    - ExInitializeResourceLite
+    - KeSetEvent
+    - ExDeleteResourceLite
+    - ExIsResourceAcquiredSharedLite
+    - ExIsResourceAcquiredExclusiveLite
+    - ExReleaseResourceLite
+    - KeResetEvent
+    - KeWaitForMultipleObjects
+    - _allmul
+    - KeSetPriorityThread
+    - KeQuerySystemTime
+    - IoDeleteDevice
+    - IoCreateDevice
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - RtlCompareMemory
+    - memcpy
+    - memmove
+    - IoInitializeWorkItem
+    - IoAllocateWorkItem
+    - KeCancelTimer
+    - IoFreeWorkItem
+    - IoUninitializeWorkItem
+    - KeSetTimer
+    - KeDelayExecutionThread
+    - KeInitializeDpc
+    - KeInitializeTimer
+    - IoQueueWorkItem
+    - KeTickCount
+    - KeBugCheckEx
+    - ZwCreateKey
+    - ZwClose
+    - ExFreePoolWithTag
+    - KeWaitForSingleObject
+    - KeReleaseMutex
+    - KeEnterCriticalRegion
+    - KeInitializeEvent
+    - KfAcquireSpinLock
+    - KfReleaseSpinLock
+    - ExAcquireFastMutex
+    - ExReleaseFastMutex
+    - NicmCreateInstance
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    - nicm.sys
+    InternalName: ''
+    MD5: 0cd0fe9d16b62415b116686a2f414f8c
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: NICM.SYS
+    PDBPath: ''
+    Product: Novell XTier
+    ProductVersion: 3.1.6
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 9a271840015f5068d0bd867da9c79669
+        SHA1: e758d2f4525ea5880a0cd08f8f0032d89b4bd4e7
+        SHA256: d5afe68d99aac43ff5850dd37b3184bed8f8f14e681b622515121d8000b4fbbb
+    SHA1: e606282505af817698206672db632332e8c3d3ff
+    SHA256: 1c2f1e2b0cc4da128feb73a6b9dd040df8495fefe861d69c9f44778c6ddb9b9b
+    Sections:
+        .text:
+            Entropy: 6.380228257440719
+            Virtual Size: '0x5f2d'
+        .rdata:
+            Entropy: 4.956205990239857
+            Virtual Size: '0x48b'
+        .data:
+            Entropy: 3.286914336177474
+            Virtual Size: '0x4a4'
+        .edata:
+            Entropy: 4.031879483268685
+            Virtual Size: '0x63'
+        INIT:
+            Entropy: 5.486682664178041
+            Virtual Size: '0x8b0'
+        .rsrc:
+            Entropy: 3.285837261243419
+            Virtual Size: '0x358'
+        .reloc:
+            Entropy: 6.153392798668095
+            Virtual Size: '0x600'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3
+                , Microsoft Software Validation v2, OU=Novell Products Group, CN=Novell,
+                Inc.
+            ValidFrom: '2007-04-04 00:00:00'
+            ValidTo: '2010-04-27 23:59:59'
+            Signature: 267f71f6ee43755fd6395f85c34bb15a72a6f2a959c2074627d294395fb1aaa4c7bbeff369d735628b233bde7e5c95a0f1837e5ad03704270834ce9c1b07649a256027930f44e064568666b06e7f9dc3cd299b38b0a6766301200ab58434a05a34a369ab99bbbf2aaa6b3603481e0393a80ea09e78a7cf55317a9590c49887f02e1fd948c3b1f6d203e91782ce423d0569f45e7f074205df5f92be6ccd9836641439af4390022242e0ca84aedb0d71c5a50f2dbd1ed30e5ac9c1bda67c694f94f2fe4aa83945ed32e426afe26f44dcb6dcc8186728f86f1a1bddc1ea7dd82b76578a42d1e63bf5f8f348fbcd509094858978e375d277394529df1dd5d78abab2
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 4808d93b14b8600dbfa18dab5d15310f
+            Version: 3
+            TBS:
+                MD5: adddb65a3a360b3c1a55cb33e426f32a
+                SHA1: 93d9b282265288a94ee4f1a01c5fb3a08badb7ac
+                SHA256: d98d63f26125a94eb767fdd2526f6c74bfb40cb4d117a1d87ca3ed0d99bd6f0b
+                SHA384: cf20d9d6343b52b05ebaeace8a75ad950089e2d55508571cf5b153583fdf2d7b11bc61b8f38bfa70f09b2e7ac63d9ef5
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 4808d93b14b8600dbfa18dab5d15310f
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    Imphash: 0e4f5481813eeec4e5dd96e36020135f
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 550070ba1cc4ceefec2641c34e562615
+        SHA1: b3adf811059eaac7549c2cce862b9db7b8d9cdbd
+        SHA256: f2cf5653792f32013c6bf8afb2217953708c7040e248ee7a48543e78097c4512
+    Company: Novell, Inc.
+    Copyright: (C) Copyright 2000-2012, Novell, Inc. All Rights Reserved.
+    CreationTimestamp: '2012-03-18 19:27:51'
+    Date: ''
+    Description: Novell Client Portability Layer
+    ExportedFunctions:
+    - DllGetClassObject
+    - XTCOM_Table
+    FileVersion: 3.1.10.0
+    Filename: ''
+    ImportedFunctions:
+    - RtlCopyUnicodeString
+    - RtlInitUnicodeString
+    - ExAllocatePoolWithTag
+    - ZwDeleteKey
+    - ZwEnumerateKey
+    - ZwEnumerateValueKey
+    - ZwOpenKey
+    - ZwQueryValueKey
+    - ZwSetValueKey
+    - memset
+    - _aulldvrm
+    - DbgPrintEx
+    - RtlUpcaseUnicodeString
+    - RtlFreeUnicodeString
+    - RtlAnsiStringToUnicodeString
+    - RtlOemStringToUnicodeString
+    - RtlFreeAnsiString
+    - RtlUnicodeStringToAnsiString
+    - RtlUnicodeStringToOemString
+    - DbgPrint
+    - RtlAppendUnicodeToString
+    - RtlCompareString
+    - RtlCompareUnicodeString
+    - RtlCopyString
+    - RtlEqualString
+    - RtlEqualUnicodeString
+    - RtlInitString
+    - RtlIntegerToUnicodeString
+    - RtlUnicodeStringToInteger
+    - KeGetCurrentThread
+    - KeLeaveCriticalRegion
+    - ExAcquireResourceSharedLite
+    - RtlAppendUnicodeStringToString
+    - ExAcquireResourceExclusiveLite
+    - KeInitializeMutex
+    - ExInitializeResourceLite
+    - KeSetEvent
+    - ExDeleteResourceLite
+    - ExIsResourceAcquiredSharedLite
+    - ExIsResourceAcquiredExclusiveLite
+    - ExReleaseResourceLite
+    - KeResetEvent
+    - KeWaitForMultipleObjects
+    - _allmul
+    - KeSetPriorityThread
+    - KeQuerySystemTime
+    - IoDeleteDevice
+    - IoCreateDevice
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - RtlCompareMemory
+    - memcpy
+    - memmove
+    - IoInitializeWorkItem
+    - IoAllocateWorkItem
+    - KeCancelTimer
+    - IoFreeWorkItem
+    - IoUninitializeWorkItem
+    - KeSetTimer
+    - KeDelayExecutionThread
+    - KeInitializeDpc
+    - KeInitializeTimer
+    - IoQueueWorkItem
+    - KeTickCount
+    - KeBugCheckEx
+    - ZwCreateKey
+    - ZwClose
+    - ExFreePoolWithTag
+    - KeWaitForSingleObject
+    - KeReleaseMutex
+    - KeEnterCriticalRegion
+    - KeInitializeEvent
+    - KfAcquireSpinLock
+    - KfReleaseSpinLock
+    - ExAcquireFastMutex
+    - ExReleaseFastMutex
+    - NicmCreateInstance
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    - nicm.sys
+    InternalName: ''
+    MD5: f544f9925cab71786e57241c10e08633
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: NICM.SYS
+    PDBPath: ''
+    Product: Novell XTier
+    ProductVersion: 3.1.10
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 149b373eaaa6b9300573216ad5472a05
+        SHA1: 364c8ccdf1a4cdf3aa7b575a80f594852ada2198
+        SHA256: fc5c0859d1efbed8f3831036697d4e852ade24731e8e487550e3f618650d4efe
+    SHA1: 40dba13a059679401fcaf7d4dbe80db03c9d265c
+    SHA256: 76276c87617b836dd6f31b73d2bb0e756d4b3d133bddfe169cb4225124ca6bfb
+    Sections:
+        .text:
+            Entropy: 6.377738293670074
+            Virtual Size: '0x5f2d'
+        .rdata:
+            Entropy: 4.981661559248988
+            Virtual Size: '0x474'
+        .data:
+            Entropy: 3.300874018242627
+            Virtual Size: '0x4a4'
+        .edata:
+            Entropy: 4.004052336782185
+            Virtual Size: '0x63'
+        INIT:
+            Entropy: 5.500070222833352
+            Virtual Size: '0x8a4'
+        .rsrc:
+            Entropy: 3.2809770259556617
+            Virtual Size: '0x360'
+        .reloc:
+            Entropy: 6.098446944342447
+            Virtual Size: '0x606'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        -   Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3
+                , Microsoft Software Validation v2, OU=Novell Products Group, CN=Novell,
+                Inc.
+            ValidFrom: '2010-04-03 00:00:00'
+            ValidTo: '2013-04-26 23:59:59'
+            Signature: 2d2eec4636a0c1f359ef30a107e6c2301ad12c09ab9fdac02211aaef81323d1daee3a14a150bf9f4c7d0d788d5f486ea75e40abeb502a2267171be53030fe7614af7a2015eabd4c26e887ec9220beb3666fc68158d2b8dd659e3fe55245821c10e37ddeebac63eb1848512c64a543a13ba6735b156c6dc13395890e8003e03e7c2613e2c1de1dfadfe072cd7655e3b4166fe973233b4f81ecf810541382d67c92f29d76e220543a7179b606011b932cee250f99f260b29e79236cec10b67e0e0e48cb74593a7ce2e3cfafb6c58ac7ae5c10a591037c380b5f7516cac8f4ec695b020ca2445cb9bf97eb56c09d4a62618871b482ef97c5894349e10f62e2ee68b
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 41ec87c0295f2c734169b8a23c66ac9a
+            Version: 3
+            TBS:
+                MD5: b1504f143b89a6080710bafcededb833
+                SHA1: 5c2696893ebba1e81d918a4fadda143c25c77286
+                SHA256: ae1dc09d08e93ace95fe203adfbfadcd4c029529d3f99ab381c368064b58d9a0
+                SHA384: 18c6db711578cfcd4bce87c63d053e242c7c196efc892c2d4a8733cb75bb7dc3cac3f702e0e1d4b7fa2c590acb53fdee
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 41ec87c0295f2c734169b8a23c66ac9a
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    Imphash: 24c3d3be20e794c17844d030be03fd2f
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 18eec5455bfbebf459329a19b4ea57ba
+        SHA1: 5c95416bf48f3a90950900480ca4c8781405d5f1
+        SHA256: 00e341c11664a6330122830344bce02aab886143bcaf8f642ab8abc57d80f1e3
+    Company: Novell, Inc.
+    Copyright: (C) Copyright 2000-2015, Novell, Inc. All Rights Reserved.
+    CreationTimestamp: '2015-09-26 07:20:40'
+    Date: ''
+    Description: Novell Client Portability Layer
+    ExportedFunctions:
+    - DllGetClassObject
+    - XTCOM_Table
+    FileVersion: 3.1.12.0
+    Filename: ''
+    ImportedFunctions:
+    - RtlCopyUnicodeString
+    - RtlInitUnicodeString
+    - ExAllocatePoolWithTag
+    - ZwDeleteKey
+    - ZwEnumerateKey
+    - ZwEnumerateValueKey
+    - ZwOpenKey
+    - ZwQueryValueKey
+    - ZwSetValueKey
+    - memset
+    - _aulldvrm
+    - DbgPrintEx
+    - RtlUpcaseUnicodeString
+    - RtlFreeUnicodeString
+    - RtlAnsiStringToUnicodeString
+    - RtlOemStringToUnicodeString
+    - RtlFreeAnsiString
+    - RtlUnicodeStringToAnsiString
+    - RtlUnicodeStringToOemString
+    - DbgPrint
+    - RtlAppendUnicodeToString
+    - RtlCompareString
+    - RtlCompareUnicodeString
+    - RtlCopyString
+    - RtlEqualString
+    - RtlEqualUnicodeString
+    - RtlInitString
+    - RtlIntegerToUnicodeString
+    - RtlUnicodeStringToInteger
+    - KeGetCurrentThread
+    - KeLeaveCriticalRegion
+    - ExAcquireResourceSharedLite
+    - RtlAppendUnicodeStringToString
+    - ExAcquireResourceExclusiveLite
+    - KeInitializeMutex
+    - ExInitializeResourceLite
+    - KeSetEvent
+    - ExDeleteResourceLite
+    - ExIsResourceAcquiredSharedLite
+    - ExIsResourceAcquiredExclusiveLite
+    - ExReleaseResourceLite
+    - KeResetEvent
+    - KeWaitForMultipleObjects
+    - _allmul
+    - KeSetPriorityThread
+    - KeQuerySystemTime
+    - IoDeleteDevice
+    - IoCreateDevice
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - RtlCompareMemory
+    - memcpy
+    - memmove
+    - IoInitializeWorkItem
+    - IoAllocateWorkItem
+    - KeCancelTimer
+    - IoFreeWorkItem
+    - IoUninitializeWorkItem
+    - KeSetTimer
+    - KeDelayExecutionThread
+    - KeInitializeDpc
+    - KeInitializeTimer
+    - IoQueueWorkItem
+    - KeTickCount
+    - KeBugCheckEx
+    - ZwCreateKey
+    - ZwClose
+    - ExFreePoolWithTag
+    - KeWaitForSingleObject
+    - KeReleaseMutex
+    - KeEnterCriticalRegion
+    - KeInitializeEvent
+    - KfAcquireSpinLock
+    - KfReleaseSpinLock
+    - ExAcquireFastMutex
+    - ExReleaseFastMutex
+    - NicmCreateInstance
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    - nicm.sys
+    InternalName: ''
+    MD5: e4ff4edce076f21f5f8d082a62c9db8b
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: NICM.SYS
+    PDBPath: ''
+    Product: Novell XTier
+    ProductVersion: 3.1.12
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 149b373eaaa6b9300573216ad5472a05
+        SHA1: 364c8ccdf1a4cdf3aa7b575a80f594852ada2198
+        SHA256: fc5c0859d1efbed8f3831036697d4e852ade24731e8e487550e3f618650d4efe
+    SHA1: 7480c7f7346ce1f86a7429d9728235f03a11f227
+    SHA256: 94c226a530dd3cd8d911901f702f3dab8200d1d4fdc73fcb269f7001f4e66915
+    Sections:
+        .text:
+            Entropy: 6.38607433158685
+            Virtual Size: '0x5e6f'
+        .rdata:
+            Entropy: 4.962365925240589
+            Virtual Size: '0x471'
+        .data:
+            Entropy: 3.319059838952553
+            Virtual Size: '0x4a4'
+        .edata:
+            Entropy: 4.031879483268685
+            Virtual Size: '0x63'
+        INIT:
+            Entropy: 5.498844850579171
+            Virtual Size: '0x8a4'
+        .rsrc:
+            Entropy: 3.2874866188516565
+            Virtual Size: '0x360'
+        .reloc:
+            Entropy: 6.121413979677538
+            Virtual Size: '0x604'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3
+                , Microsoft Software Validation v2, CN=Novell, Inc.
+            ValidFrom: '2013-03-05 00:00:00'
+            ValidTo: '2016-06-03 23:59:59'
+            Signature: dbb57cdba61b53b01c104cf3d4e6d31a0b127402fa3a5213dd686a48a858b7581868cb93fe789e249ef175deca865e2387ba579d8088691b5475c836d8c9fcafcca373a0d43c5a07029da9915827d5ca8fb80c0c676ce33f8f028e00d7a197b7ae7b0f726a1eed35d30591fffdbb14bd78c01c1d47cc18de85424fc81bbbbb1733498a35712ed119db159f3939fae462bcf5e2bde54b32c1cbe38a40f6389d5d849459a9401c4c0edeec46fe8dde11e184efb79298c1aa8f0a776e32be63d49b072d7f24c88eded44e6345e5df49a5592094278f8605402082896432b788f3bf1ea2e3912bc3c4bdaf6d609ee52d38fb25b9245441277b5ab7d70b0bda6fbfee
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 22184f284c89a9c053cd2b78b4189eea
+            Version: 3
+            TBS:
+                MD5: 5b1207ffffc0eff3784003d17b3e71a9
+                SHA1: 564b29bd3d1ae704393bf72a6e3e6931d3d4184d
+                SHA256: 2b9c106aae9a1675874a797c8571eb9fcec0a503ca4ddff69603321350fe3e68
+                SHA384: eac8e04313e7d424d650203026e3011abf7f02f40fecd7ab1a139aa229fabe40ac62b1f262780c4b27758214b08f7e87
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 22184f284c89a9c053cd2b78b4189eea
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 24c3d3be20e794c17844d030be03fd2f
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 4acd0e96aa76c12056afd12ef9dc9921
+        SHA1: 961cf1db80588039ede3e8ee66cd2efe915f9212
+        SHA256: b40db5bb6a76ca9aed98366dc19f0c31c50b3f0ac96e0f615e4c52abb6bb0cde
+    Company: Novell, Inc.
+    Copyright: (C) Copyright 2000-2014, Novell, Inc. All Rights Reserved.
+    CreationTimestamp: '2014-08-26 13:53:03'
+    Date: ''
+    Description: Novell Client Portability Layer
+    ExportedFunctions:
+    - DllGetClassObject
+    - XTCOM_Table
+    FileVersion: 3.1.11.0
+    Filename: ''
+    ImportedFunctions:
+    - KeWaitForSingleObject
+    - ExAllocatePoolWithTag
+    - ZwCreateKey
+    - ExFreePoolWithTag
+    - ExReleaseFastMutex
+    - ExAcquireFastMutex
+    - RtlInitUnicodeString
+    - ZwSetValueKey
+    - ZwQueryValueKey
+    - ZwEnumerateValueKey
+    - ZwClose
+    - RtlAppendUnicodeStringToString
+    - RtlCopyUnicodeString
+    - ZwDeleteKey
+    - ZwEnumerateKey
+    - ZwOpenKey
+    - DbgPrintEx
+    - RtlUpcaseUnicodeString
+    - RtlAnsiStringToUnicodeString
+    - RtlUnicodeStringToAnsiString
+    - RtlUnicodeStringToOemString
+    - RtlFreeUnicodeString
+    - RtlOemStringToUnicodeString
+    - RtlFreeAnsiString
+    - DbgPrint
+    - KeReleaseSpinLock
+    - KeAcquireSpinLockRaiseToDpc
+    - RtlIntegerToUnicodeString
+    - RtlAppendUnicodeToString
+    - RtlInitString
+    - RtlEqualUnicodeString
+    - RtlCompareString
+    - RtlCopyString
+    - KeReleaseMutex
+    - RtlEqualString
+    - RtlUnicodeStringToInteger
+    - ExAcquireResourceExclusiveLite
+    - KeResetEvent
+    - KeInitializeMutex
+    - KeLeaveCriticalRegion
+    - KeSetEvent
+    - ExIsResourceAcquiredSharedLite
+    - ExIsResourceAcquiredExclusiveLite
+    - KeEnterCriticalRegion
+    - ExAcquireResourceSharedLite
+    - ExReleaseResourceLite
+    - ExDeleteResourceLite
+    - ExInitializeResourceLite
+    - KeWaitForMultipleObjects
+    - KeSetPriorityThread
+    - IoDeleteDevice
+    - IoCreateDevice
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - RtlCompareMemory
+    - IoUninitializeWorkItem
+    - IoFreeWorkItem
+    - KeInitializeDpc
+    - KeInitializeTimer
+    - KeDelayExecutionThread
+    - IoAllocateWorkItem
+    - KeSetTimer
+    - IoInitializeWorkItem
+    - IoQueueWorkItem
+    - KeCancelTimer
+    - KeBugCheckEx
+    - RtlCompareUnicodeString
+    - KeInitializeEvent
+    - NicmCreateInstance
+    Imports:
+    - ntoskrnl.exe
+    - nicm.sys
+    InternalName: ''
+    MD5: a926b64be7c27ccb96e687a3924de298
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: NICM.SYS
+    PDBPath: ''
+    Product: Novell XTier
+    ProductVersion: 3.1.11
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 69be7d6bc33a7ee9619315180123bd46
+        SHA1: 7ee6731a37901780d7908fc3fad4474835f832bf
+        SHA256: 14ccd7b6557e31d8e57079e70c05cb15da8336c7380554b9b40f44840989f524
+    SHA1: 9dbd255ee29be0e552f7f5f30d6ffb97e6cd0b0d
+    SHA256: 4c859b3d11d2ff0049b644a19f3a316a8ca1a4995aa9c39991a7bde8d4f426a4
+    Sections:
+        .text:
+            Entropy: 6.281334414628288
+            Virtual Size: '0x7bff'
+        .rdata:
+            Entropy: 4.674579980679391
+            Virtual Size: '0x7d4'
+        .data:
+            Entropy: 2.359742947837992
+            Virtual Size: '0x8c8'
+        .pdata:
+            Entropy: 4.365737042025572
+            Virtual Size: '0x5d0'
+        .edata:
+            Entropy: 3.9838503165801646
+            Virtual Size: '0x63'
+        INIT:
+            Entropy: 5.216062888403568
+            Virtual Size: '0x976'
+        .rsrc:
+            Entropy: 3.2826929736548087
+            Virtual Size: '0x360'
+        .reloc:
+            Entropy: 3.6567400216610486
+            Virtual Size: '0x160'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3
+                , Microsoft Software Validation v2, CN=Novell, Inc.
+            ValidFrom: '2013-03-05 00:00:00'
+            ValidTo: '2016-06-03 23:59:59'
+            Signature: dbb57cdba61b53b01c104cf3d4e6d31a0b127402fa3a5213dd686a48a858b7581868cb93fe789e249ef175deca865e2387ba579d8088691b5475c836d8c9fcafcca373a0d43c5a07029da9915827d5ca8fb80c0c676ce33f8f028e00d7a197b7ae7b0f726a1eed35d30591fffdbb14bd78c01c1d47cc18de85424fc81bbbbb1733498a35712ed119db159f3939fae462bcf5e2bde54b32c1cbe38a40f6389d5d849459a9401c4c0edeec46fe8dde11e184efb79298c1aa8f0a776e32be63d49b072d7f24c88eded44e6345e5df49a5592094278f8605402082896432b788f3bf1ea2e3912bc3c4bdaf6d609ee52d38fb25b9245441277b5ab7d70b0bda6fbfee
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 22184f284c89a9c053cd2b78b4189eea
+            Version: 3
+            TBS:
+                MD5: 5b1207ffffc0eff3784003d17b3e71a9
+                SHA1: 564b29bd3d1ae704393bf72a6e3e6931d3d4184d
+                SHA256: 2b9c106aae9a1675874a797c8571eb9fcec0a503ca4ddff69603321350fe3e68
+                SHA384: eac8e04313e7d424d650203026e3011abf7f02f40fecd7ab1a139aa229fabe40ac62b1f262780c4b27758214b08f7e87
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 22184f284c89a9c053cd2b78b4189eea
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 8ec78cf864273fd81203678b61c41f04
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: e10e33b01f0b4a6c8ff0717b07801600
+        SHA1: 9cb2ec59f9d2186643b7e2c52e0dc0c17646b04b
+        SHA256: 16e924aa8ced646c2ee99602b523f511ea386b78ed78a3d265a560fb64e88ee3
+    Company: Novell, Inc.
+    Copyright: (C) Copyright 2000-2012, Novell, Inc. All Rights Reserved.
+    CreationTimestamp: '2012-03-18 19:30:18'
+    Date: ''
+    Description: Novell Client Portability Layer
+    ExportedFunctions:
+    - DllGetClassObject
+    - XTCOM_Table
+    FileVersion: 3.1.10.0
+    Filename: ''
+    ImportedFunctions:
+    - KeWaitForSingleObject
+    - ExAllocatePoolWithTag
+    - ZwCreateKey
+    - ExFreePoolWithTag
+    - ExReleaseFastMutex
+    - ExAcquireFastMutex
+    - RtlInitUnicodeString
+    - ZwSetValueKey
+    - ZwQueryValueKey
+    - ZwEnumerateValueKey
+    - ZwClose
+    - RtlAppendUnicodeStringToString
+    - RtlCopyUnicodeString
+    - ZwDeleteKey
+    - ZwEnumerateKey
+    - ZwOpenKey
+    - DbgPrintEx
+    - RtlUpcaseUnicodeString
+    - RtlAnsiStringToUnicodeString
+    - RtlUnicodeStringToAnsiString
+    - RtlUnicodeStringToOemString
+    - RtlFreeUnicodeString
+    - RtlOemStringToUnicodeString
+    - RtlFreeAnsiString
+    - DbgPrint
+    - KeReleaseSpinLock
+    - KeAcquireSpinLockRaiseToDpc
+    - RtlIntegerToUnicodeString
+    - RtlAppendUnicodeToString
+    - RtlInitString
+    - RtlEqualUnicodeString
+    - RtlCompareString
+    - RtlCopyString
+    - KeReleaseMutex
+    - RtlEqualString
+    - RtlUnicodeStringToInteger
+    - ExAcquireResourceExclusiveLite
+    - KeResetEvent
+    - KeInitializeMutex
+    - KeLeaveCriticalRegion
+    - KeSetEvent
+    - ExIsResourceAcquiredSharedLite
+    - ExIsResourceAcquiredExclusiveLite
+    - KeEnterCriticalRegion
+    - ExAcquireResourceSharedLite
+    - ExReleaseResourceLite
+    - ExDeleteResourceLite
+    - ExInitializeResourceLite
+    - KeWaitForMultipleObjects
+    - KeSetPriorityThread
+    - IoDeleteDevice
+    - IoCreateDevice
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - RtlCompareMemory
+    - IoUninitializeWorkItem
+    - IoFreeWorkItem
+    - KeInitializeDpc
+    - KeInitializeTimer
+    - KeDelayExecutionThread
+    - IoAllocateWorkItem
+    - KeSetTimer
+    - IoInitializeWorkItem
+    - IoQueueWorkItem
+    - KeCancelTimer
+    - KeBugCheckEx
+    - RtlCompareUnicodeString
+    - KeInitializeEvent
+    - NicmCreateInstance
+    Imports:
+    - ntoskrnl.exe
+    - nicm.sys
+    InternalName: ''
+    MD5: 0eb3dfeffb49d32310d96f3aa3e8ca61
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: NICM.SYS
+    PDBPath: ''
+    Product: Novell XTier
+    ProductVersion: 3.1.10
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 69be7d6bc33a7ee9619315180123bd46
+        SHA1: 7ee6731a37901780d7908fc3fad4474835f832bf
+        SHA256: 14ccd7b6557e31d8e57079e70c05cb15da8336c7380554b9b40f44840989f524
+    SHA1: 36397c6879978223ba52acd97da99e8067ab7f05
+    SHA256: 1e9c236ed39507661ec32731033c4a9b9c97a6221def69200e03685c08e0bfa7
+    Sections:
+        .text:
+            Entropy: 6.282178701948502
+            Virtual Size: '0x7bef'
+        .rdata:
+            Entropy: 4.6688420404819855
+            Virtual Size: '0x7d4'
+        .data:
+            Entropy: 2.3749984963543618
+            Virtual Size: '0x8c8'
+        .pdata:
+            Entropy: 4.377248900011093
+            Virtual Size: '0x5d0'
+        .edata:
+            Entropy: 3.9636482963781448
+            Virtual Size: '0x63'
+        INIT:
+            Entropy: 5.215237124572024
+            Virtual Size: '0x976'
+        .rsrc:
+            Entropy: 3.2809770259556617
+            Virtual Size: '0x360'
+        .reloc:
+            Entropy: 3.6567400216610486
+            Virtual Size: '0x160'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        -   Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3
+                , Microsoft Software Validation v2, OU=Novell Products Group, CN=Novell,
+                Inc.
+            ValidFrom: '2010-04-03 00:00:00'
+            ValidTo: '2013-04-26 23:59:59'
+            Signature: 2d2eec4636a0c1f359ef30a107e6c2301ad12c09ab9fdac02211aaef81323d1daee3a14a150bf9f4c7d0d788d5f486ea75e40abeb502a2267171be53030fe7614af7a2015eabd4c26e887ec9220beb3666fc68158d2b8dd659e3fe55245821c10e37ddeebac63eb1848512c64a543a13ba6735b156c6dc13395890e8003e03e7c2613e2c1de1dfadfe072cd7655e3b4166fe973233b4f81ecf810541382d67c92f29d76e220543a7179b606011b932cee250f99f260b29e79236cec10b67e0e0e48cb74593a7ce2e3cfafb6c58ac7ae5c10a591037c380b5f7516cac8f4ec695b020ca2445cb9bf97eb56c09d4a62618871b482ef97c5894349e10f62e2ee68b
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 41ec87c0295f2c734169b8a23c66ac9a
+            Version: 3
+            TBS:
+                MD5: b1504f143b89a6080710bafcededb833
+                SHA1: 5c2696893ebba1e81d918a4fadda143c25c77286
+                SHA256: ae1dc09d08e93ace95fe203adfbfadcd4c029529d3f99ab381c368064b58d9a0
+                SHA384: 18c6db711578cfcd4bce87c63d053e242c7c196efc892c2d4a8733cb75bb7dc3cac3f702e0e1d4b7fa2c590acb53fdee
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 41ec87c0295f2c734169b8a23c66ac9a
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    Imphash: 8ec78cf864273fd81203678b61c41f04
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 84acbd4402cbc982e115a6ed21b3364d
+        SHA1: ca3b0d9947aa3815ae10464b798de78ec76b5651
+        SHA256: 516e39dcf7480de4bb86727321c099605a34a54f1d5b3a4aa6dc4bcf260274c9
+    Company: Novell, Inc.
+    Copyright: (C) Copyright 2000-2014, Novell, Inc. All Rights Reserved.
+    CreationTimestamp: '2014-11-18 01:06:16'
+    Date: ''
+    Description: Novell Client Portability Layer
+    ExportedFunctions:
+    - DllGetClassObject
+    - XTCOM_Table
+    FileVersion: 3.1.11.0
+    Filename: ''
+    ImportedFunctions:
+    - KeWaitForSingleObject
+    - ExAllocatePoolWithTag
+    - ZwCreateKey
+    - ExFreePoolWithTag
+    - ExReleaseFastMutex
+    - ExAcquireFastMutex
+    - RtlInitUnicodeString
+    - ZwSetValueKey
+    - ZwQueryValueKey
+    - ZwEnumerateValueKey
+    - ZwClose
+    - RtlAppendUnicodeStringToString
+    - RtlCopyUnicodeString
+    - ZwDeleteKey
+    - ZwEnumerateKey
+    - ZwOpenKey
+    - DbgPrintEx
+    - RtlUpcaseUnicodeString
+    - RtlAnsiStringToUnicodeString
+    - RtlUnicodeStringToAnsiString
+    - RtlUnicodeStringToOemString
+    - RtlFreeUnicodeString
+    - RtlOemStringToUnicodeString
+    - RtlFreeAnsiString
+    - DbgPrint
+    - KeReleaseSpinLock
+    - KeAcquireSpinLockRaiseToDpc
+    - RtlIntegerToUnicodeString
+    - RtlAppendUnicodeToString
+    - RtlInitString
+    - RtlEqualUnicodeString
+    - RtlCompareString
+    - RtlCopyString
+    - KeReleaseMutex
+    - RtlEqualString
+    - RtlUnicodeStringToInteger
+    - ExAcquireResourceExclusiveLite
+    - KeResetEvent
+    - KeInitializeMutex
+    - KeLeaveCriticalRegion
+    - KeSetEvent
+    - ExIsResourceAcquiredSharedLite
+    - ExIsResourceAcquiredExclusiveLite
+    - KeEnterCriticalRegion
+    - ExAcquireResourceSharedLite
+    - ExReleaseResourceLite
+    - ExDeleteResourceLite
+    - ExInitializeResourceLite
+    - KeWaitForMultipleObjects
+    - KeSetPriorityThread
+    - IoDeleteDevice
+    - IoCreateDevice
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - RtlCompareMemory
+    - IoUninitializeWorkItem
+    - IoFreeWorkItem
+    - KeInitializeDpc
+    - KeInitializeTimer
+    - KeDelayExecutionThread
+    - IoAllocateWorkItem
+    - KeSetTimer
+    - IoInitializeWorkItem
+    - IoQueueWorkItem
+    - KeCancelTimer
+    - KeBugCheckEx
+    - RtlCompareUnicodeString
+    - KeInitializeEvent
+    - NicmCreateInstance
+    Imports:
+    - ntoskrnl.exe
+    - nicm.sys
+    InternalName: ''
+    MD5: 79bfbeb4e8cfdd0cb1d73612360bd811
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: NICM.SYS
+    PDBPath: ''
+    Product: Novell XTier
+    ProductVersion: 3.1.11
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 69be7d6bc33a7ee9619315180123bd46
+        SHA1: 7ee6731a37901780d7908fc3fad4474835f832bf
+        SHA256: 14ccd7b6557e31d8e57079e70c05cb15da8336c7380554b9b40f44840989f524
+    SHA1: 30e7258a5816a6db19cdda2b2603a8c3276f05c2
+    SHA256: a15325e9e6b8e4192291deb56c20c558dde3f96eb682c6e90952844edb984a00
+    Sections:
+        .text:
+            Entropy: 6.281334414628288
+            Virtual Size: '0x7bff'
+        .rdata:
+            Entropy: 4.694071484121772
+            Virtual Size: '0x7dc'
+        .data:
+            Entropy: 2.359742947837992
+            Virtual Size: '0x8c8'
+        .pdata:
+            Entropy: 4.362884798409598
+            Virtual Size: '0x5d0'
+        .edata:
+            Entropy: 3.9636482963781448
+            Virtual Size: '0x63'
+        INIT:
+            Entropy: 5.216062888403568
+            Virtual Size: '0x976'
+        .rsrc:
+            Entropy: 3.2826929736548087
+            Virtual Size: '0x360'
+        .reloc:
+            Entropy: 3.6567400216610486
+            Virtual Size: '0x160'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3
+                , Microsoft Software Validation v2, CN=Novell, Inc.
+            ValidFrom: '2013-03-05 00:00:00'
+            ValidTo: '2016-06-03 23:59:59'
+            Signature: dbb57cdba61b53b01c104cf3d4e6d31a0b127402fa3a5213dd686a48a858b7581868cb93fe789e249ef175deca865e2387ba579d8088691b5475c836d8c9fcafcca373a0d43c5a07029da9915827d5ca8fb80c0c676ce33f8f028e00d7a197b7ae7b0f726a1eed35d30591fffdbb14bd78c01c1d47cc18de85424fc81bbbbb1733498a35712ed119db159f3939fae462bcf5e2bde54b32c1cbe38a40f6389d5d849459a9401c4c0edeec46fe8dde11e184efb79298c1aa8f0a776e32be63d49b072d7f24c88eded44e6345e5df49a5592094278f8605402082896432b788f3bf1ea2e3912bc3c4bdaf6d609ee52d38fb25b9245441277b5ab7d70b0bda6fbfee
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 22184f284c89a9c053cd2b78b4189eea
+            Version: 3
+            TBS:
+                MD5: 5b1207ffffc0eff3784003d17b3e71a9
+                SHA1: 564b29bd3d1ae704393bf72a6e3e6931d3d4184d
+                SHA256: 2b9c106aae9a1675874a797c8571eb9fcec0a503ca4ddff69603321350fe3e68
+                SHA384: eac8e04313e7d424d650203026e3011abf7f02f40fecd7ab1a139aa229fabe40ac62b1f262780c4b27758214b08f7e87
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 22184f284c89a9c053cd2b78b4189eea
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 8ec78cf864273fd81203678b61c41f04
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: e50506bd02b4f5442507e136a72328c3
+        SHA1: d7a975782001f16be555f1d23ee9de91da5e04d8
+        SHA256: 11dcfa779763dd6e26344b32dd779bb49be470a7b9b43b5f03738c17fed06aa8
+    Company: Novell, Inc.
+    Copyright: (C) Copyright 2000-2015, Novell, Inc. All Rights Reserved.
+    CreationTimestamp: '2015-06-26 06:08:00'
+    Date: ''
+    Description: Novell Client Portability Layer
+    ExportedFunctions:
+    - DllGetClassObject
+    - XTCOM_Table
+    FileVersion: 3.1.12.0
+    Filename: ''
+    ImportedFunctions:
+    - KeWaitForSingleObject
+    - ExAllocatePoolWithTag
+    - ZwCreateKey
+    - ExFreePoolWithTag
+    - ExReleaseFastMutex
+    - ExAcquireFastMutex
+    - RtlInitUnicodeString
+    - ZwSetValueKey
+    - ZwQueryValueKey
+    - ZwEnumerateValueKey
+    - ZwClose
+    - RtlAppendUnicodeStringToString
+    - RtlCopyUnicodeString
+    - ZwDeleteKey
+    - ZwEnumerateKey
+    - ZwOpenKey
+    - DbgPrintEx
+    - RtlUpcaseUnicodeString
+    - RtlAnsiStringToUnicodeString
+    - RtlUnicodeStringToAnsiString
+    - RtlUnicodeStringToOemString
+    - RtlFreeUnicodeString
+    - RtlOemStringToUnicodeString
+    - RtlFreeAnsiString
+    - DbgPrint
+    - KeReleaseSpinLock
+    - KeAcquireSpinLockRaiseToDpc
+    - RtlIntegerToUnicodeString
+    - RtlAppendUnicodeToString
+    - RtlInitString
+    - RtlEqualUnicodeString
+    - RtlCompareString
+    - RtlCopyString
+    - KeReleaseMutex
+    - RtlEqualString
+    - RtlUnicodeStringToInteger
+    - ExAcquireResourceExclusiveLite
+    - KeResetEvent
+    - KeInitializeMutex
+    - KeLeaveCriticalRegion
+    - KeSetEvent
+    - ExIsResourceAcquiredSharedLite
+    - ExIsResourceAcquiredExclusiveLite
+    - KeEnterCriticalRegion
+    - ExAcquireResourceSharedLite
+    - ExReleaseResourceLite
+    - ExDeleteResourceLite
+    - ExInitializeResourceLite
+    - KeWaitForMultipleObjects
+    - KeSetPriorityThread
+    - IoDeleteDevice
+    - IoCreateDevice
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - RtlCompareMemory
+    - IoUninitializeWorkItem
+    - IoFreeWorkItem
+    - KeInitializeDpc
+    - KeInitializeTimer
+    - KeDelayExecutionThread
+    - IoAllocateWorkItem
+    - KeSetTimer
+    - IoInitializeWorkItem
+    - IoQueueWorkItem
+    - KeCancelTimer
+    - KeBugCheckEx
+    - RtlCompareUnicodeString
+    - KeInitializeEvent
+    - NicmCreateInstance
+    Imports:
+    - ntoskrnl.exe
+    - nicm.sys
+    InternalName: ''
+    MD5: 6a1ff4806c1a6e897208f48a1f5b062f
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: NICM.SYS
+    PDBPath: ''
+    Product: Novell XTier
+    ProductVersion: 3.1.12
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 69be7d6bc33a7ee9619315180123bd46
+        SHA1: 7ee6731a37901780d7908fc3fad4474835f832bf
+        SHA256: 14ccd7b6557e31d8e57079e70c05cb15da8336c7380554b9b40f44840989f524
+    SHA1: 97bc298a1d12a493bf14e6523e4ff48d64832954
+    SHA256: 3140005ce5cac03985f71c29732859c88017df9d41c3761aa7c57bbcb7ad2928
+    Sections:
+        .text:
+            Entropy: 6.2855065800689305
+            Virtual Size: '0x7b2f'
+        .rdata:
+            Entropy: 4.655480387952531
+            Virtual Size: '0x7bc'
+        .data:
+            Entropy: 2.3645507783558646
+            Virtual Size: '0x8c8'
+        .pdata:
+            Entropy: 4.3104861152515666
+            Virtual Size: '0x5dc'
+        .edata:
+            Entropy: 4.011677463066665
+            Virtual Size: '0x63'
+        INIT:
+            Entropy: 5.216888652235111
+            Virtual Size: '0x976'
+        .rsrc:
+            Entropy: 3.2874866188516565
+            Virtual Size: '0x360'
+        .reloc:
+            Entropy: 3.6567400216610486
+            Virtual Size: '0x160'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3
+                , Microsoft Software Validation v2, CN=Novell, Inc.
+            ValidFrom: '2013-03-05 00:00:00'
+            ValidTo: '2016-06-03 23:59:59'
+            Signature: dbb57cdba61b53b01c104cf3d4e6d31a0b127402fa3a5213dd686a48a858b7581868cb93fe789e249ef175deca865e2387ba579d8088691b5475c836d8c9fcafcca373a0d43c5a07029da9915827d5ca8fb80c0c676ce33f8f028e00d7a197b7ae7b0f726a1eed35d30591fffdbb14bd78c01c1d47cc18de85424fc81bbbbb1733498a35712ed119db159f3939fae462bcf5e2bde54b32c1cbe38a40f6389d5d849459a9401c4c0edeec46fe8dde11e184efb79298c1aa8f0a776e32be63d49b072d7f24c88eded44e6345e5df49a5592094278f8605402082896432b788f3bf1ea2e3912bc3c4bdaf6d609ee52d38fb25b9245441277b5ab7d70b0bda6fbfee
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 22184f284c89a9c053cd2b78b4189eea
+            Version: 3
+            TBS:
+                MD5: 5b1207ffffc0eff3784003d17b3e71a9
+                SHA1: 564b29bd3d1ae704393bf72a6e3e6931d3d4184d
+                SHA256: 2b9c106aae9a1675874a797c8571eb9fcec0a503ca4ddff69603321350fe3e68
+                SHA384: eac8e04313e7d424d650203026e3011abf7f02f40fecd7ab1a139aa229fabe40ac62b1f262780c4b27758214b08f7e87
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 22184f284c89a9c053cd2b78b4189eea
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 8ec78cf864273fd81203678b61c41f04
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 21bfc53f9d30070cd588f335582a1f62
+        SHA1: 59b835feb61bc84836702a4c885293547132f695
+        SHA256: e1a6c1e23108ede9167ffdf9ebc6af64a011bdafc57d25f84afab6c021ae7741
+    Company: Novell, Inc.
+    Copyright: (C) Copyright 2000-2013, Novell, Inc. All Rights Reserved.
+    CreationTimestamp: '2013-05-29 04:43:47'
+    Date: ''
+    Description: Novell Client Portability Layer
+    ExportedFunctions:
+    - DllGetClassObject
+    - XTCOM_Table
+    FileVersion: 3.1.11.0
+    Filename: ''
+    ImportedFunctions:
+    - RtlCopyUnicodeString
+    - RtlInitUnicodeString
+    - ExAllocatePoolWithTag
+    - ZwDeleteKey
+    - ZwEnumerateKey
+    - ZwEnumerateValueKey
+    - ZwOpenKey
+    - ZwQueryValueKey
+    - ZwSetValueKey
+    - memset
+    - _aulldvrm
+    - DbgPrintEx
+    - RtlUpcaseUnicodeString
+    - RtlFreeUnicodeString
+    - RtlAnsiStringToUnicodeString
+    - RtlOemStringToUnicodeString
+    - RtlFreeAnsiString
+    - RtlUnicodeStringToAnsiString
+    - RtlUnicodeStringToOemString
+    - DbgPrint
+    - RtlAppendUnicodeToString
+    - RtlCompareString
+    - RtlCompareUnicodeString
+    - RtlCopyString
+    - RtlEqualString
+    - RtlEqualUnicodeString
+    - RtlInitString
+    - RtlIntegerToUnicodeString
+    - RtlUnicodeStringToInteger
+    - KeGetCurrentThread
+    - KeLeaveCriticalRegion
+    - ExAcquireResourceSharedLite
+    - RtlAppendUnicodeStringToString
+    - ExAcquireResourceExclusiveLite
+    - KeInitializeMutex
+    - ExInitializeResourceLite
+    - KeSetEvent
+    - ExDeleteResourceLite
+    - ExIsResourceAcquiredSharedLite
+    - ExIsResourceAcquiredExclusiveLite
+    - ExReleaseResourceLite
+    - KeResetEvent
+    - KeWaitForMultipleObjects
+    - _allmul
+    - KeSetPriorityThread
+    - KeQuerySystemTime
+    - IoDeleteDevice
+    - IoCreateDevice
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - RtlCompareMemory
+    - memcpy
+    - memmove
+    - IoInitializeWorkItem
+    - IoAllocateWorkItem
+    - KeCancelTimer
+    - IoFreeWorkItem
+    - IoUninitializeWorkItem
+    - KeSetTimer
+    - KeDelayExecutionThread
+    - KeInitializeDpc
+    - KeInitializeTimer
+    - IoQueueWorkItem
+    - KeTickCount
+    - KeBugCheckEx
+    - ZwCreateKey
+    - ZwClose
+    - ExFreePoolWithTag
+    - KeWaitForSingleObject
+    - KeReleaseMutex
+    - KeEnterCriticalRegion
+    - KeInitializeEvent
+    - KfAcquireSpinLock
+    - KfReleaseSpinLock
+    - ExAcquireFastMutex
+    - ExReleaseFastMutex
+    - NicmCreateInstance
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    - nicm.sys
+    InternalName: ''
+    MD5: fadf9c1365981066c39489397840f848
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: NICM.SYS
+    PDBPath: ''
+    Product: Novell XTier
+    ProductVersion: 3.1.11
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 149b373eaaa6b9300573216ad5472a05
+        SHA1: 364c8ccdf1a4cdf3aa7b575a80f594852ada2198
+        SHA256: fc5c0859d1efbed8f3831036697d4e852ade24731e8e487550e3f618650d4efe
+    SHA1: 7ba4607763c6fef1b2562b72044a20ca2a0303e2
+    SHA256: 84739539aa6a9c9cb3c48c53f9399742883f17f24e081ebfa7bfaaf59f3ed451
+    Sections:
+        .text:
+            Entropy: 6.377674698612541
+            Virtual Size: '0x5f39'
+        .rdata:
+            Entropy: 4.993063430458135
+            Virtual Size: '0x47b'
+        .data:
+            Entropy: 3.2933421529227025
+            Virtual Size: '0x4a4'
+        .edata:
+            Entropy: 4.031879483268685
+            Virtual Size: '0x63'
+        INIT:
+            Entropy: 5.500633112750999
+            Virtual Size: '0x8a4'
+        .rsrc:
+            Entropy: 3.2836822710764215
+            Virtual Size: '0x360'
+        .reloc:
+            Entropy: 6.0982244391191385
+            Virtual Size: '0x606'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3
+                , Microsoft Software Validation v2, CN=Novell, Inc.
+            ValidFrom: '2013-03-05 00:00:00'
+            ValidTo: '2016-06-03 23:59:59'
+            Signature: dbb57cdba61b53b01c104cf3d4e6d31a0b127402fa3a5213dd686a48a858b7581868cb93fe789e249ef175deca865e2387ba579d8088691b5475c836d8c9fcafcca373a0d43c5a07029da9915827d5ca8fb80c0c676ce33f8f028e00d7a197b7ae7b0f726a1eed35d30591fffdbb14bd78c01c1d47cc18de85424fc81bbbbb1733498a35712ed119db159f3939fae462bcf5e2bde54b32c1cbe38a40f6389d5d849459a9401c4c0edeec46fe8dde11e184efb79298c1aa8f0a776e32be63d49b072d7f24c88eded44e6345e5df49a5592094278f8605402082896432b788f3bf1ea2e3912bc3c4bdaf6d609ee52d38fb25b9245441277b5ab7d70b0bda6fbfee
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 22184f284c89a9c053cd2b78b4189eea
+            Version: 3
+            TBS:
+                MD5: 5b1207ffffc0eff3784003d17b3e71a9
+                SHA1: 564b29bd3d1ae704393bf72a6e3e6931d3d4184d
+                SHA256: 2b9c106aae9a1675874a797c8571eb9fcec0a503ca4ddff69603321350fe3e68
+                SHA384: eac8e04313e7d424d650203026e3011abf7f02f40fecd7ab1a139aa229fabe40ac62b1f262780c4b27758214b08f7e87
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 22184f284c89a9c053cd2b78b4189eea
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 24c3d3be20e794c17844d030be03fd2f
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/8750b245-af35-4bc6-9af3-dc858f9db64f.yaml b/yaml/8750b245-af35-4bc6-9af3-dc858f9db64f.yaml
index bb55a9a12..3f41c64e9 100644
--- a/yaml/8750b245-af35-4bc6-9af3-dc858f9db64f.yaml
+++ b/yaml/8750b245-af35-4bc6-9af3-dc858f9db64f.yaml
@@ -1,242 +1,242 @@
-Acknowledgement:
-  Handle: ''
-  Person: "Martin Smol\xE1r, ESET"
+Id: 8750b245-af35-4bc6-9af3-dc858f9db64f
+Tags:
+- blacklotus_driver.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: malicious
-Commands:
-  Command: sc.exe create blacklotus_driver.sys binPath=C:\windows\temp\blacklotus_driver.sys
-    type=kernel && sc.exe start blacklotus_driver.sys
-  Description: The first in-the-wild UEFI bootkit bypassing UEFI Secure Boot on fully
-    updated UEFI systems is now a reality. Once the persistence is configured, the
-    BlackLotus bootkit is executed on every system start. The bootkits goal is to
-    deploy a kernel driver and a final user-mode component.
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-04-05'
-Detection: []
-Id: 8750b245-af35-4bc6-9af3-dc858f9db64f
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: f5742f4fb216979627236a799f614c43
-    SHA1: 5aba7fa2330d68a679c18cfa2c652ac8b3b4770d
-    SHA256: 83ac9bf01c2d2ab0f66782fade462864f42b86e53dc455e1441c2a16d0ec2847
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2022-10-10 13:11:06'
-  Date: ''
-  Description: ''
-  ExportedFunctions:
-  - restore
-  FileVersion: ''
-  Filename: 0x3440_blacklotus_v2_driver.sys
-  ImportedFunctions: ''
-  Imports: []
-  InternalName: ''
-  MD5: 4ad8fd9e83d7200bd7f8d0d4a9abfb11
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: ffdf660eb1ebf020a1d0a55a90712dfb
-    SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
-    SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
-  SHA1: 17fa047c1f979b180644906fe9265f21af5b0509
-  SHA256: 749b0e8c8c8b7dda8c2063c708047cfe95afa0a4d86886b31a12f3018396e67c
-  Sections:
-    .text:
-      Entropy: 6.261203394144865
-      Virtual Size: '0x3b3a'
-    .rdata:
-      Entropy: 4.233695689323557
-      Virtual Size: '0x718'
-    .data:
-      Entropy: 7.984550623960864
-      Virtual Size: '0xc5d0'
-    .pdata:
-      Entropy: 4.188923701028426
-      Virtual Size: '0x234'
-    .00cfg:
-      Entropy: 2.0728769534576146
-      Virtual Size: '0x30'
-    .edata:
-      Entropy: 2.8457622013064974
-      Virtual Size: '0x4f'
-    .reloc:
-      Entropy: 3.326879484051224
-      Virtual Size: '0x2c'
-  Signature: []
-  Signatures: {}
-  Imphash: ''
-  LoadsDespiteHVCI: 'TRUE'
-- Authentihash:
-    MD5: 188d812252f224a8ea618f8e9f1fdadb
-    SHA1: ede3868d6bb27bee5c0b9a71fef486e405d59816
-    SHA256: 265010deb10af80885726edc450867fa69acbde449b51d13bf891322ff5c1c2d
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2022-08-21 14:40:09'
-  Date: ''
-  Description: ''
-  ExportedFunctions:
-  - restore
-  FileVersion: ''
-  Filename: 0x3040_blacklotus_beta_driver.sys
-  ImportedFunctions: ''
-  Imports: []
-  InternalName: ''
-  MD5: a42249a046182aaaf3a7a7db98bfa69d
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: be07bc61b7ccf659c7b3dde871f25be9
-    SHA1: 393952208c038e8e3d3298276d21539496e34b13
-    SHA256: c361d85cea6b483b3c88e99d1a0139069e7b2e6a4382e3c14563027e6712db20
-  SHA1: 1f3799fed3cf43254fe30dcdfdb8dc02d82e662b
-  SHA256: f8236fc01d4efaa48f032e301be2ebba4036b2cd945982a29046eca03944d2ae
-  Sections:
-    .text:
-      Entropy: 6.207903166992804
-      Virtual Size: '0x2fda'
-    .rdata:
-      Entropy: 4.06302777043616
-      Virtual Size: '0x608'
-    .data:
-      Entropy: 7.977732267872434
-      Virtual Size: '0xa1a0'
-    .pdata:
-      Entropy: 4.076640402204788
-      Virtual Size: '0x1d4'
-    .00cfg:
-      Entropy: 2.072876953457614
-      Virtual Size: '0x30'
-    .edata:
-      Entropy: 3.69345697232837
-      Virtual Size: '0x4f'
-    .reloc:
-      Entropy: 3.2814249385966785
-      Virtual Size: '0x2c'
-  Signature: []
-  Signatures: {}
-  Imphash: ''
-  LoadsDespiteHVCI: 'TRUE'
-- Authentihash:
-    MD5: 188d812252f224a8ea618f8e9f1fdadb
-    SHA1: ede3868d6bb27bee5c0b9a71fef486e405d59816
-    SHA256: 265010deb10af80885726edc450867fa69acbde449b51d13bf891322ff5c1c2d
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2022-08-21 14:40:09'
-  Date: ''
-  Description: ''
-  ExportedFunctions:
-  - restore
-  FileVersion: ''
-  Filename: 0x3040_blacklotus_beta_driver.sys
-  ImportedFunctions: ''
-  Imports: []
-  InternalName: ''
-  MD5: a42249a046182aaaf3a7a7db98bfa69d
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: be07bc61b7ccf659c7b3dde871f25be9
-    SHA1: 393952208c038e8e3d3298276d21539496e34b13
-    SHA256: c361d85cea6b483b3c88e99d1a0139069e7b2e6a4382e3c14563027e6712db20
-  SHA1: 1f3799fed3cf43254fe30dcdfdb8dc02d82e662b
-  SHA256: f8236fc01d4efaa48f032e301be2ebba4036b2cd945982a29046eca03944d2ae
-  Sections:
-    .text:
-      Entropy: 6.207903166992804
-      Virtual Size: '0x2fda'
-    .rdata:
-      Entropy: 4.06302777043616
-      Virtual Size: '0x608'
-    .data:
-      Entropy: 7.977732267872434
-      Virtual Size: '0xa1a0'
-    .pdata:
-      Entropy: 4.076640402204788
-      Virtual Size: '0x1d4'
-    .00cfg:
-      Entropy: 2.072876953457614
-      Virtual Size: '0x30'
-    .edata:
-      Entropy: 3.69345697232837
-      Virtual Size: '0x4f'
-    .reloc:
-      Entropy: 3.2814249385966785
-      Virtual Size: '0x2c'
-  Signature: []
-  Signatures: {}
-  Imphash: ''
-  LoadsDespiteHVCI: 'TRUE'
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: blacklotus_beta_driver.sys
-  MachineType: ''
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: 4B882748FAF2C6C360884C6812DD5BCBCE75EBFF
-  Signature: []
-  LoadsDespiteHVCI: 'TRUE'
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: blacklotus_beta_driver_2.sys
-  MachineType: ''
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: 91F832F46E4C38ECC9335460D46F6F71352CFFED
-  Signature: []
-  LoadsDespiteHVCI: 'TRUE'
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: blacklotus_beta_driver_3.sys
-  MachineType: ''
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: 994DC79255AEB662A672A1814280DE73D405617A
-  Signature: []
-  LoadsDespiteHVCI: 'TRUE'
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: blacklotus_beta_driver_4.sys
-  MachineType: ''
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: FFF4F28287677CAABC60C8AB36786C370226588D
-  Signature: []
-  LoadsDespiteHVCI: 'TRUE'
 MitreID: T1068
+Category: malicious
+Commands:
+    Command: sc.exe create blacklotus_driver.sys binPath=C:\windows\temp\blacklotus_driver.sys
+        type=kernel && sc.exe start blacklotus_driver.sys
+    Description: The first in-the-wild UEFI bootkit bypassing UEFI Secure Boot on
+        fully updated UEFI systems is now a reality. Once the persistence is configured,
+        the BlackLotus bootkit is executed on every system start. The bootkits goal
+        is to deploy a kernel driver and a final user-mode component.
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://www.welivesecurity.com/2023/03/01/blacklotus-uefi-bootkit-myth-confirmed/
-Tags:
-- blacklotus_driver.sys
-Verified: 'TRUE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: "Martin Smol\xE1r, ESET"
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: f5742f4fb216979627236a799f614c43
+        SHA1: 5aba7fa2330d68a679c18cfa2c652ac8b3b4770d
+        SHA256: 83ac9bf01c2d2ab0f66782fade462864f42b86e53dc455e1441c2a16d0ec2847
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2022-10-10 13:11:06'
+    Date: ''
+    Description: ''
+    ExportedFunctions:
+    - restore
+    FileVersion: ''
+    Filename: 0x3440_blacklotus_v2_driver.sys
+    ImportedFunctions: ''
+    Imports: []
+    InternalName: ''
+    MD5: 4ad8fd9e83d7200bd7f8d0d4a9abfb11
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: ffdf660eb1ebf020a1d0a55a90712dfb
+        SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
+        SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
+    SHA1: 17fa047c1f979b180644906fe9265f21af5b0509
+    SHA256: 749b0e8c8c8b7dda8c2063c708047cfe95afa0a4d86886b31a12f3018396e67c
+    Sections:
+        .text:
+            Entropy: 6.261203394144865
+            Virtual Size: '0x3b3a'
+        .rdata:
+            Entropy: 4.233695689323557
+            Virtual Size: '0x718'
+        .data:
+            Entropy: 7.984550623960864
+            Virtual Size: '0xc5d0'
+        .pdata:
+            Entropy: 4.188923701028426
+            Virtual Size: '0x234'
+        .00cfg:
+            Entropy: 2.0728769534576146
+            Virtual Size: '0x30'
+        .edata:
+            Entropy: 2.8457622013064974
+            Virtual Size: '0x4f'
+        .reloc:
+            Entropy: 3.326879484051224
+            Virtual Size: '0x2c'
+    Signature: []
+    Signatures: {}
+    Imphash: ''
+    LoadsDespiteHVCI: 'TRUE'
+-   Authentihash:
+        MD5: 188d812252f224a8ea618f8e9f1fdadb
+        SHA1: ede3868d6bb27bee5c0b9a71fef486e405d59816
+        SHA256: 265010deb10af80885726edc450867fa69acbde449b51d13bf891322ff5c1c2d
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2022-08-21 14:40:09'
+    Date: ''
+    Description: ''
+    ExportedFunctions:
+    - restore
+    FileVersion: ''
+    Filename: 0x3040_blacklotus_beta_driver.sys
+    ImportedFunctions: ''
+    Imports: []
+    InternalName: ''
+    MD5: a42249a046182aaaf3a7a7db98bfa69d
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: be07bc61b7ccf659c7b3dde871f25be9
+        SHA1: 393952208c038e8e3d3298276d21539496e34b13
+        SHA256: c361d85cea6b483b3c88e99d1a0139069e7b2e6a4382e3c14563027e6712db20
+    SHA1: 1f3799fed3cf43254fe30dcdfdb8dc02d82e662b
+    SHA256: f8236fc01d4efaa48f032e301be2ebba4036b2cd945982a29046eca03944d2ae
+    Sections:
+        .text:
+            Entropy: 6.207903166992804
+            Virtual Size: '0x2fda'
+        .rdata:
+            Entropy: 4.06302777043616
+            Virtual Size: '0x608'
+        .data:
+            Entropy: 7.977732267872434
+            Virtual Size: '0xa1a0'
+        .pdata:
+            Entropy: 4.076640402204788
+            Virtual Size: '0x1d4'
+        .00cfg:
+            Entropy: 2.072876953457614
+            Virtual Size: '0x30'
+        .edata:
+            Entropy: 3.69345697232837
+            Virtual Size: '0x4f'
+        .reloc:
+            Entropy: 3.2814249385966785
+            Virtual Size: '0x2c'
+    Signature: []
+    Signatures: {}
+    Imphash: ''
+    LoadsDespiteHVCI: 'TRUE'
+-   Authentihash:
+        MD5: 188d812252f224a8ea618f8e9f1fdadb
+        SHA1: ede3868d6bb27bee5c0b9a71fef486e405d59816
+        SHA256: 265010deb10af80885726edc450867fa69acbde449b51d13bf891322ff5c1c2d
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2022-08-21 14:40:09'
+    Date: ''
+    Description: ''
+    ExportedFunctions:
+    - restore
+    FileVersion: ''
+    Filename: 0x3040_blacklotus_beta_driver.sys
+    ImportedFunctions: ''
+    Imports: []
+    InternalName: ''
+    MD5: a42249a046182aaaf3a7a7db98bfa69d
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: be07bc61b7ccf659c7b3dde871f25be9
+        SHA1: 393952208c038e8e3d3298276d21539496e34b13
+        SHA256: c361d85cea6b483b3c88e99d1a0139069e7b2e6a4382e3c14563027e6712db20
+    SHA1: 1f3799fed3cf43254fe30dcdfdb8dc02d82e662b
+    SHA256: f8236fc01d4efaa48f032e301be2ebba4036b2cd945982a29046eca03944d2ae
+    Sections:
+        .text:
+            Entropy: 6.207903166992804
+            Virtual Size: '0x2fda'
+        .rdata:
+            Entropy: 4.06302777043616
+            Virtual Size: '0x608'
+        .data:
+            Entropy: 7.977732267872434
+            Virtual Size: '0xa1a0'
+        .pdata:
+            Entropy: 4.076640402204788
+            Virtual Size: '0x1d4'
+        .00cfg:
+            Entropy: 2.072876953457614
+            Virtual Size: '0x30'
+        .edata:
+            Entropy: 3.69345697232837
+            Virtual Size: '0x4f'
+        .reloc:
+            Entropy: 3.2814249385966785
+            Virtual Size: '0x2c'
+    Signature: []
+    Signatures: {}
+    Imphash: ''
+    LoadsDespiteHVCI: 'TRUE'
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: blacklotus_beta_driver.sys
+    MachineType: ''
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: 4B882748FAF2C6C360884C6812DD5BCBCE75EBFF
+    Signature: []
+    LoadsDespiteHVCI: 'TRUE'
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: blacklotus_beta_driver_2.sys
+    MachineType: ''
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: 91F832F46E4C38ECC9335460D46F6F71352CFFED
+    Signature: []
+    LoadsDespiteHVCI: 'TRUE'
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: blacklotus_beta_driver_3.sys
+    MachineType: ''
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: 994DC79255AEB662A672A1814280DE73D405617A
+    Signature: []
+    LoadsDespiteHVCI: 'TRUE'
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: blacklotus_beta_driver_4.sys
+    MachineType: ''
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: FFF4F28287677CAABC60C8AB36786C370226588D
+    Signature: []
+    LoadsDespiteHVCI: 'TRUE'
diff --git a/yaml/87593c63-9e3e-4d09-aa47-94bca0783396.yaml b/yaml/87593c63-9e3e-4d09-aa47-94bca0783396.yaml
index 93fa4baf7..f8a08066c 100644
--- a/yaml/87593c63-9e3e-4d09-aa47-94bca0783396.yaml
+++ b/yaml/87593c63-9e3e-4d09-aa47-94bca0783396.yaml
@@ -1,207 +1,208 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 87593c63-9e3e-4d09-aa47-94bca0783396
+Tags:
+- reddriver.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: malicious
-Commands:
-  Command: sc.exe create reddriver.sys binPath=C:\windows\temp\reddriver.sys type=kernel
-    && sc.exe start reddriver.sys
-  Description: "Cisco Talos has identified multiple versions of an undocumented malicious\
-    \ driver named \u201CRedDriver,\u201D a driver-based browser hijacker that uses\
-    \ the Windows Filtering Platform (WFP) to intercept browser traffic. RedDriver\
-    \ has been active since at least 2021.\nRedDriver utilizes HookSignTool to forge\
-    \ its signature timestamp to bypass Windows driver-signing policies.\nCode from\
-    \ multiple open-source tools has been used in the development of RedDriver's infection\
-    \ chain, including HP-Socket and a custom implementation of ReflectiveLoader.\n\
-    The authors of RedDriver appear to be skilled in driver development and have deep\
-    \ knowledge of the Windows operating system.\nThis threat appears to target native\
-    \ Chinese speakers, as it searches for Chinese language browsers to hijack. Additionally,\
-    \ the authors are likely Chinese speakers themselves."
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-07-12'
-Detection: []
-Id: 87593c63-9e3e-4d09-aa47-94bca0783396
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 83a03ceabf6f3e51d5f5016cbea4759d
-    SHA1: e341a86e685c120f023bc2f313e220a6934f8767
-    SHA256: 7aa067d928404795b4eb9c169639f23997227504ca4eb7b5b21518e6155abd47
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2023-04-09 19:09:40'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - RtlCompareMemory
-  - ExAllocatePool
-  - ExFreePoolWithTag
-  - CmRegisterCallback
-  - PsCreateSystemThread
-  - ZwClose
-  - MmIsAddressValid
-  - PsSetCreateProcessNotifyRoutine
-  - PsSetCreateThreadNotifyRoutine
-  - PsSetLoadImageNotifyRoutine
-  - __C_specific_handler
-  - RtlInitUnicodeString
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - ObfDereferenceObject
-  - PsGetCurrentProcessId
-  - ZwOpenProcess
-  - PsLookupProcessByProcessId
-  - ZwWaitForSingleObject
-  - PsReferenceProcessFilePointer
-  - RtlCompareUnicodeStrings
-  - KeEnterCriticalRegion
-  - KeLeaveCriticalRegion
-  - KeWaitForSingleObject
-  - ExQueryDepthSList
-  - ExpInterlockedPopEntrySList
-  - ExpInterlockedPushEntrySList
-  - ExInitializeNPagedLookasideList
-  - ExInitializeResourceLite
-  - ExAcquireResourceSharedLite
-  - ExAcquireResourceExclusiveLite
-  - ExReleaseResourceLite
-  - PsTerminateSystemThread
-  - ObReferenceObjectByHandle
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - PsGetProcessWow64Process
-  - PsGetProcessImageFileName
-  - ZwCreateFile
-  - ZwQueryInformationFile
-  - ZwReadFile
-  - ExAllocatePoolWithTag
-  - MmGetSystemRoutineAddress
-  - IoGetCurrentProcess
-  - PsGetProcessId
-  - PsProcessType
-  - PsGetProcessPeb
-  - RtlInitAnsiString
-  - RtlAnsiStringToUnicodeString
-  - RtlFreeUnicodeString
-  - _vsnprintf
-  - _vsnwprintf
-  - RtlGetVersion
-  - KeInitializeEvent
-  - KeQueryTimeIncrement
-  - RtlRandomEx
-  - ZwSetInformationFile
-  - ZwWriteFile
-  - IoFileObjectType
-  - ZwTerminateProcess
-  - KeBugCheckEx
-  - RtlCopyUnicodeString
-  - _wcslwr
-  - wcsstr
-  - ExSystemTimeToLocalTime
-  - RtlTimeToTimeFields
-  - WdfVersionBindClass
-  - WdfVersionBind
-  - WdfVersionUnbind
-  - WdfVersionUnbindClass
-  Imports:
-  - ntoskrnl.exe
-  - WDFLDR.SYS
-  InternalName: ''
-  MD5: cd2c641788d5d125c316ed739c69bb59
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 3e8b77121573e70b98f26828a7ec2cc0
-    SHA1: 93e009f2ef2ebc8e6f91afb0407312e379d114c1
-    SHA256: 6c46fc6908d6505c93eae0f2e772f203724356a3d89ae8b31d9060ee718ea32f
-  SHA1: 86e6669dbbce8228e94b2a9f86efdf528f0714fd
-  SHA256: 82b0e1d7a27b67f0e6dc39dc41e880bdaef5d1f69fcec38e08da2ed78e805ef9
-  Sections:
-    .text:
-      Entropy: 6.244772828250603
-      Virtual Size: '0x5f44'
-    .rdata:
-      Entropy: 4.436338199019845
-      Virtual Size: '0xc08'
-    .data:
-      Entropy: 5.43290923140193
-      Virtual Size: '0x2c40'
-    .pdata:
-      Entropy: 4.386100622624198
-      Virtual Size: '0x4f8'
-    .gfids:
-      Entropy: 0.8112781244591328
-      Virtual Size: '0x4'
-    INIT:
-      Entropy: 5.167244656939951
-      Virtual Size: '0x96e'
-    .reloc:
-      Entropy: 3.2341837197791876
-      Virtual Size: '0x28'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=thawte, Inc., CN=thawte SHA256 Code Signing CA
-      ValidFrom: '2013-12-10 00:00:00'
-      ValidTo: '2023-12-09 23:59:59'
-      Signature: 243bf5d7a03613c743fef0098768d198316e12e43f1e1f967b6b4c1e879e8bc56ca3b10c7b5092d5819cb18f2c29b7eef99105b98e41f12cf6d0592d98e0b9ea8001474095b83d9d03bd79bb35b6ad9c4c27f6674510c9c5bc874e557bd287bbdddc30efc6d46ccc99356d1ce060d3cd688f29594b89960846c98efc754fc5dc09cc4e278b44cd07bcac04e0b533a5879ff4dd730c91ea12816fe375f01eb5936c4417d53e97c9bd072c56771f85dd46e8bfde2c8194a3f7e5b7a7c1379f75ca55774d5e3629ca85d84541725775c0795bfa3410066d642042b73ac81f1d4664025fc647bef0c43a2854daf61e4f9aa21943a46f49f8fc5e422028848b47206e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 71a0b73695ddb1afc23b2b9a18ee54cb
-      Version: 3
-      TBS:
-        MD5: 8314595952398203ab24badbbc927d39
-        SHA1: b07dcf73133408eee2786a208ce4b2543bf6c583
-        SHA256: c734685d985b8ea13db4fc1a6dcd26aa0dde78b4c3b651ea5d58e32e081b2a41
-        SHA384: 874ded773c743b4e18744d7978b41cfe2e55529c61d45a0e34b3950aaad56b6c7a3780880133bcd1df3b1f86d468d46d
-    - Subject: C=CN, L=, O=, OU=, CN=
-      ValidFrom: '2018-08-15 00:00:00'
-      ValidTo: '2019-08-15 23:59:59'
-      Signature: 3ebdf2009f802c1033d2a14df88ed84c6282db1e8d19d6324b21ffb8e69fbc0752d101bd22ab4fae6c8c45bb82b7ba0d9a7213d7a29a2f587bdf68c7ae3ab6f9ed7cc23e27d6f44a0a5311124381f6f9bdeec2e19c59fc7362d5d59f09951b8ffa03215e5679ae4bcffe45b7059426a96c2897107c07b2b3e6cbcbee46527908db76f7a1bf2af19c986eba31504c9c5c3cb34e81ba2a1eb55965a2d192820cac79f640a3e9672bb507dc3a561de5d94f9a0105a355f42bea235ea5349d7d2b104a71c56640e0170433fe1ef075d9f865f17be8989b590765917215c0f7b709e9820f7106dff8cec57d59ee2777cec96f8b1de8e3a93bc7e7b757d87c9888b9a2
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 0dbdf488aeaa9795e332a1ca2747af0d
-      Version: 3
-      TBS:
-        MD5: 5037c865c427f7d514ac954ef7e66ccf
-        SHA1: cfcc3ebb5c9003e88373beb66781dbdf9e1904d2
-        SHA256: cd684ad96d510b669c0767e4b845fb7a04fba27c1f3a0935b09a988d94938f6e
-        SHA384: 30bf56d04a2a54ae834ea9b111da02fe53c0c13ddd66f815aed8100bb887c6d5b299e518ba1f4abc0f2c3bb02029141b
-    - Subject: C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006
-        thawte, Inc. , For authorized use only, CN=thawte Primary Root CA
-      ValidFrom: '2011-02-22 19:31:57'
-      ValidTo: '2021-02-22 19:41:57'
-      Signature: 2dcc71b5e8ba94ff5ee64467007b6afc412c3ee70e41855ab12a932ba95b89f2f72b499c8003f297b8e760a80ed7fd5de545467594f4ed1c9de166228b61fb29f2c6a8bdf387c98f7f47e1c058b64a1aa2e7f718606969e083069e26c775c40c0d79da746b52b9fae8ea3359b9bb18dd291a14dfd36a37277a9da0dacffffc22c4faf009ff33e93e17ba1cc742cfce2743d30c0c5581303db96060ce02ece19ee81ddc852ce0a18d966d95ac17a4713ea16741b6281d2ce3b615e5b7e5a2f6256d86e320acf9f8314f8e629b9833376d6af735523e90feb03b5fc5b852a9e06ea0479a279e97aea24a9e531939ec357ec659de3ae0aaf533f06abda0821812dea18c4570ca2bd62e959145995a5c240049bd23b30ceca43df5b9e1d1b1825a38eea3fba1ab483a8c5dffa065223fd3d3fe4990db1446a3852e8a554b09ab38b2ab63a008d1fdad48e273d812bcc26ca516fad09ac05e38383a2b718e553aac42197a1f0d4220e7ab5d8c6880524ca1c0d488d02321fb901309007b4937afa9df486022abf4f6c2363bf8513c34bbc586e43ae19f4b90fe5461024b159c34176aa94b8d4cb69d2326c83af1d6b805cdda1d6240183a2f1b41cd3a993a0aa9d1d77eb8c4aff7b8c980105ed55df6ce7a9a02c50f6381efb564e9fc5bd8d2619a68c37cf9c78df91e87d5fa2cf816ae9dab068fc86dc741cda14e84e3dac26ebcfb
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611fb0a400000000001d
-      Version: 3
-      TBS:
-        MD5: a3f222107d4e1085e73b5b589c2f480b
-        SHA1: b94aa26cd77c48d91a53ac44506cbd255e1d362c
-        SHA256: a39ed0d6fd4eb1a6f7fed60f726e23eae668b7591bc004644625d22c701213fa
-        SHA384: 64b7643e4146016cbf83c911eb67e4601b6bb8d66f8ee8dcee67b815f91770d86ab23678b984430f22a963e5484881b7
-    Signer:
-    - SerialNumber: 0dbdf488aeaa9795e332a1ca2747af0d
-      Issuer: C=US, O=thawte, Inc., CN=thawte SHA256 Code Signing CA
-      Version: 1
-  Imphash: e3ee9131742bf9c9d43cb9a425e497dd
-  LoadsDespiteHVCI: 'TRUE'
 MitreID: T1068
+Category: malicious
+Commands:
+    Command: sc.exe create reddriver.sys binPath=C:\windows\temp\reddriver.sys type=kernel
+        && sc.exe start reddriver.sys
+    Description: "Cisco Talos has identified multiple versions of an undocumented\
+        \ malicious driver named \u201CRedDriver,\u201D a driver-based browser hijacker\
+        \ that uses the Windows Filtering Platform (WFP) to intercept browser traffic.\
+        \ RedDriver has been active since at least 2021.\nRedDriver utilizes HookSignTool\
+        \ to forge its signature timestamp to bypass Windows driver-signing policies.\n\
+        Code from multiple open-source tools has been used in the development of RedDriver's\
+        \ infection chain, including HP-Socket and a custom implementation of ReflectiveLoader.\n\
+        The authors of RedDriver appear to be skilled in driver development and have\
+        \ deep knowledge of the Windows operating system.\nThis threat appears to\
+        \ target native Chinese speakers, as it searches for Chinese language browsers\
+        \ to hijack. Additionally, the authors are likely Chinese speakers themselves."
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://blog.talosintelligence.com/undocumented-reddriver/
-Tags:
-- reddriver.sys
-Verified: 'TRUE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 83a03ceabf6f3e51d5f5016cbea4759d
+        SHA1: e341a86e685c120f023bc2f313e220a6934f8767
+        SHA256: 7aa067d928404795b4eb9c169639f23997227504ca4eb7b5b21518e6155abd47
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2023-04-09 19:09:40'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - RtlCompareMemory
+    - ExAllocatePool
+    - ExFreePoolWithTag
+    - CmRegisterCallback
+    - PsCreateSystemThread
+    - ZwClose
+    - MmIsAddressValid
+    - PsSetCreateProcessNotifyRoutine
+    - PsSetCreateThreadNotifyRoutine
+    - PsSetLoadImageNotifyRoutine
+    - __C_specific_handler
+    - RtlInitUnicodeString
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - ObfDereferenceObject
+    - PsGetCurrentProcessId
+    - ZwOpenProcess
+    - PsLookupProcessByProcessId
+    - ZwWaitForSingleObject
+    - PsReferenceProcessFilePointer
+    - RtlCompareUnicodeStrings
+    - KeEnterCriticalRegion
+    - KeLeaveCriticalRegion
+    - KeWaitForSingleObject
+    - ExQueryDepthSList
+    - ExpInterlockedPopEntrySList
+    - ExpInterlockedPushEntrySList
+    - ExInitializeNPagedLookasideList
+    - ExInitializeResourceLite
+    - ExAcquireResourceSharedLite
+    - ExAcquireResourceExclusiveLite
+    - ExReleaseResourceLite
+    - PsTerminateSystemThread
+    - ObReferenceObjectByHandle
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - PsGetProcessWow64Process
+    - PsGetProcessImageFileName
+    - ZwCreateFile
+    - ZwQueryInformationFile
+    - ZwReadFile
+    - ExAllocatePoolWithTag
+    - MmGetSystemRoutineAddress
+    - IoGetCurrentProcess
+    - PsGetProcessId
+    - PsProcessType
+    - PsGetProcessPeb
+    - RtlInitAnsiString
+    - RtlAnsiStringToUnicodeString
+    - RtlFreeUnicodeString
+    - _vsnprintf
+    - _vsnwprintf
+    - RtlGetVersion
+    - KeInitializeEvent
+    - KeQueryTimeIncrement
+    - RtlRandomEx
+    - ZwSetInformationFile
+    - ZwWriteFile
+    - IoFileObjectType
+    - ZwTerminateProcess
+    - KeBugCheckEx
+    - RtlCopyUnicodeString
+    - _wcslwr
+    - wcsstr
+    - ExSystemTimeToLocalTime
+    - RtlTimeToTimeFields
+    - WdfVersionBindClass
+    - WdfVersionBind
+    - WdfVersionUnbind
+    - WdfVersionUnbindClass
+    Imports:
+    - ntoskrnl.exe
+    - WDFLDR.SYS
+    InternalName: ''
+    MD5: cd2c641788d5d125c316ed739c69bb59
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 3e8b77121573e70b98f26828a7ec2cc0
+        SHA1: 93e009f2ef2ebc8e6f91afb0407312e379d114c1
+        SHA256: 6c46fc6908d6505c93eae0f2e772f203724356a3d89ae8b31d9060ee718ea32f
+    SHA1: 86e6669dbbce8228e94b2a9f86efdf528f0714fd
+    SHA256: 82b0e1d7a27b67f0e6dc39dc41e880bdaef5d1f69fcec38e08da2ed78e805ef9
+    Sections:
+        .text:
+            Entropy: 6.244772828250603
+            Virtual Size: '0x5f44'
+        .rdata:
+            Entropy: 4.436338199019845
+            Virtual Size: '0xc08'
+        .data:
+            Entropy: 5.43290923140193
+            Virtual Size: '0x2c40'
+        .pdata:
+            Entropy: 4.386100622624198
+            Virtual Size: '0x4f8'
+        .gfids:
+            Entropy: 0.8112781244591328
+            Virtual Size: '0x4'
+        INIT:
+            Entropy: 5.167244656939951
+            Virtual Size: '0x96e'
+        .reloc:
+            Entropy: 3.2341837197791876
+            Virtual Size: '0x28'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=thawte, Inc., CN=thawte SHA256 Code Signing CA
+            ValidFrom: '2013-12-10 00:00:00'
+            ValidTo: '2023-12-09 23:59:59'
+            Signature: 243bf5d7a03613c743fef0098768d198316e12e43f1e1f967b6b4c1e879e8bc56ca3b10c7b5092d5819cb18f2c29b7eef99105b98e41f12cf6d0592d98e0b9ea8001474095b83d9d03bd79bb35b6ad9c4c27f6674510c9c5bc874e557bd287bbdddc30efc6d46ccc99356d1ce060d3cd688f29594b89960846c98efc754fc5dc09cc4e278b44cd07bcac04e0b533a5879ff4dd730c91ea12816fe375f01eb5936c4417d53e97c9bd072c56771f85dd46e8bfde2c8194a3f7e5b7a7c1379f75ca55774d5e3629ca85d84541725775c0795bfa3410066d642042b73ac81f1d4664025fc647bef0c43a2854daf61e4f9aa21943a46f49f8fc5e422028848b47206e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 71a0b73695ddb1afc23b2b9a18ee54cb
+            Version: 3
+            TBS:
+                MD5: 8314595952398203ab24badbbc927d39
+                SHA1: b07dcf73133408eee2786a208ce4b2543bf6c583
+                SHA256: c734685d985b8ea13db4fc1a6dcd26aa0dde78b4c3b651ea5d58e32e081b2a41
+                SHA384: 874ded773c743b4e18744d7978b41cfe2e55529c61d45a0e34b3950aaad56b6c7a3780880133bcd1df3b1f86d468d46d
+        -   Subject: C=CN, L=, O=, OU=, CN=
+            ValidFrom: '2018-08-15 00:00:00'
+            ValidTo: '2019-08-15 23:59:59'
+            Signature: 3ebdf2009f802c1033d2a14df88ed84c6282db1e8d19d6324b21ffb8e69fbc0752d101bd22ab4fae6c8c45bb82b7ba0d9a7213d7a29a2f587bdf68c7ae3ab6f9ed7cc23e27d6f44a0a5311124381f6f9bdeec2e19c59fc7362d5d59f09951b8ffa03215e5679ae4bcffe45b7059426a96c2897107c07b2b3e6cbcbee46527908db76f7a1bf2af19c986eba31504c9c5c3cb34e81ba2a1eb55965a2d192820cac79f640a3e9672bb507dc3a561de5d94f9a0105a355f42bea235ea5349d7d2b104a71c56640e0170433fe1ef075d9f865f17be8989b590765917215c0f7b709e9820f7106dff8cec57d59ee2777cec96f8b1de8e3a93bc7e7b757d87c9888b9a2
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 0dbdf488aeaa9795e332a1ca2747af0d
+            Version: 3
+            TBS:
+                MD5: 5037c865c427f7d514ac954ef7e66ccf
+                SHA1: cfcc3ebb5c9003e88373beb66781dbdf9e1904d2
+                SHA256: cd684ad96d510b669c0767e4b845fb7a04fba27c1f3a0935b09a988d94938f6e
+                SHA384: 30bf56d04a2a54ae834ea9b111da02fe53c0c13ddd66f815aed8100bb887c6d5b299e518ba1f4abc0f2c3bb02029141b
+        -   Subject: C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c)
+                2006 thawte, Inc. , For authorized use only, CN=thawte Primary Root
+                CA
+            ValidFrom: '2011-02-22 19:31:57'
+            ValidTo: '2021-02-22 19:41:57'
+            Signature: 2dcc71b5e8ba94ff5ee64467007b6afc412c3ee70e41855ab12a932ba95b89f2f72b499c8003f297b8e760a80ed7fd5de545467594f4ed1c9de166228b61fb29f2c6a8bdf387c98f7f47e1c058b64a1aa2e7f718606969e083069e26c775c40c0d79da746b52b9fae8ea3359b9bb18dd291a14dfd36a37277a9da0dacffffc22c4faf009ff33e93e17ba1cc742cfce2743d30c0c5581303db96060ce02ece19ee81ddc852ce0a18d966d95ac17a4713ea16741b6281d2ce3b615e5b7e5a2f6256d86e320acf9f8314f8e629b9833376d6af735523e90feb03b5fc5b852a9e06ea0479a279e97aea24a9e531939ec357ec659de3ae0aaf533f06abda0821812dea18c4570ca2bd62e959145995a5c240049bd23b30ceca43df5b9e1d1b1825a38eea3fba1ab483a8c5dffa065223fd3d3fe4990db1446a3852e8a554b09ab38b2ab63a008d1fdad48e273d812bcc26ca516fad09ac05e38383a2b718e553aac42197a1f0d4220e7ab5d8c6880524ca1c0d488d02321fb901309007b4937afa9df486022abf4f6c2363bf8513c34bbc586e43ae19f4b90fe5461024b159c34176aa94b8d4cb69d2326c83af1d6b805cdda1d6240183a2f1b41cd3a993a0aa9d1d77eb8c4aff7b8c980105ed55df6ce7a9a02c50f6381efb564e9fc5bd8d2619a68c37cf9c78df91e87d5fa2cf816ae9dab068fc86dc741cda14e84e3dac26ebcfb
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611fb0a400000000001d
+            Version: 3
+            TBS:
+                MD5: a3f222107d4e1085e73b5b589c2f480b
+                SHA1: b94aa26cd77c48d91a53ac44506cbd255e1d362c
+                SHA256: a39ed0d6fd4eb1a6f7fed60f726e23eae668b7591bc004644625d22c701213fa
+                SHA384: 64b7643e4146016cbf83c911eb67e4601b6bb8d66f8ee8dcee67b815f91770d86ab23678b984430f22a963e5484881b7
+        Signer:
+        -   SerialNumber: 0dbdf488aeaa9795e332a1ca2747af0d
+            Issuer: C=US, O=thawte, Inc., CN=thawte SHA256 Code Signing CA
+            Version: 1
+    Imphash: e3ee9131742bf9c9d43cb9a425e497dd
+    LoadsDespiteHVCI: 'TRUE'
diff --git a/yaml/87752fb8-e9f6-4235-91e2-c4343677d817.yaml b/yaml/87752fb8-e9f6-4235-91e2-c4343677d817.yaml
index b091f0d6a..e23e38f72 100644
--- a/yaml/87752fb8-e9f6-4235-91e2-c4343677d817.yaml
+++ b/yaml/87752fb8-e9f6-4235-91e2-c4343677d817.yaml
@@ -1,22110 +1,22110 @@
-Acknowledgement:
-  Handle: hfiref0x
-  Person: hfiref0x
+Id: 87752fb8-e9f6-4235-91e2-c4343677d817
+Tags:
+- mimidrv.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: malicious
-Commands:
-  Command: sc.exe create mimidrv.sys binPath=C:\windows\temp\mimidrv.sys type=kernel
-    && sc.exe start mimidrv.sys
-  Description: Mimidrv is a signed Windows Driver Model WDM kernel mode software driver
-    meant to be used with the standard Mimikatz executable.
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-05-22'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/200f98655d1f46d2599c2c8605ebb7e335fee3883a32135ca1a81e09819bc64a.yara
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_mal_drivers_strict.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: 87752fb8-e9f6-4235-91e2-c4343677d817
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 45fc2828291ee88335899461a2e7d8b7
-    SHA1: 0e732d18a7d880f0505433a0da0e100da0e1c3a3
-    SHA256: 77586c3968ec72ad19fa7098c9da27b0677e45220812eaab197075f4175e8cc6
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2019 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2019-08-13 17:31:42'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.2.0.0
-  Filename: mimidrv.sys
-  ImportedFunctions:
-  - KeBugCheck
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsProcessType
-  - PsGetProcessImageFileName
-  - PsLookupProcessByProcessId
-  - PsReferencePrimaryToken
-  - ZwOpenProcessTokenEx
-  - IoGetCurrentProcess
-  - ZwSetInformationProcess
-  - ZwClose
-  - ZwDuplicateToken
-  - PsInitialSystemProcess
-  - _vsnwprintf
-  - ObfDereferenceObject
-  - ObOpenObjectByPointer
-  - PsGetProcessId
-  - PsDereferencePrimaryToken
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IoFreeMdl
-  - MmProbeAndLockPages
-  - MmUnlockPages
-  - IoAllocateMdl
-  - ZwUnloadKey
-  - IoEnumerateRegisteredFiltersList
-  - KeBugCheckEx
-  - MmGetSystemRoutineAddress
-  - IoDeleteDevice
-  - RtlInitUnicodeString
-  - NtBuildNumber
-  - RtlCompareMemory
-  - IoDeleteSymbolicLink
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwindEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltEnumerateFilters
-  - FltObjectDereference
-  - FltGetVolumeFromInstance
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: 29e03f4811b64969e48a99300978f58c
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.2.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: d45d2640e1584c776a1d10e5f695d7ad
-    SHA1: fef88c261764494d9a145b37b7739f3454786729
-    SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
-  SHA1: a8ddb7565b61bc021cd2543a137e00627f999dcc
-  SHA256: 200f98655d1f46d2599c2c8605ebb7e335fee3883a32135ca1a81e09819bc64a
-  Sections:
-    .text:
-      Entropy: 6.135433819899731
-      Virtual Size: '0x325c'
-    .rdata:
-      Entropy: 3.8369507353498324
-      Virtual Size: '0x1450'
-    .data:
-      Entropy: 2.2159905775744044
-      Virtual Size: '0x1934'
-    .pdata:
-      Entropy: 4.038755197475624
-      Virtual Size: '0x1b0'
-    PAGE:
-      Entropy: 6.068036657482388
-      Virtual Size: '0x28b'
-    INIT:
-      Entropy: 5.119968261124173
-      Virtual Size: '0x5e6'
-    .rsrc:
-      Entropy: 3.3547531988948798
-      Virtual Size: '0x430'
-    .reloc:
-      Entropy: 4.901711830072888
-      Virtual Size: '0x24c'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 059c6bd84285f4960e767f032b33f19b
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 9c7be6cc75cd27d1280f2a2b735546d1
-    SHA1: 9b733883aec5bd5c2bcc371c28f6c5176aca2eff
-    SHA256: 7e1d32e156037b09105c3640d06e5b34fbe0bb49c605697d13b5fc26776fae26
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2017 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2017-03-19 20:32:16'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.1.0.0
-  Filename: ''
-  ImportedFunctions:
-  - KeBugCheck
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsProcessType
-  - PsGetProcessImageFileName
-  - PsLookupProcessByProcessId
-  - PsReferencePrimaryToken
-  - ZwOpenProcessTokenEx
-  - IoGetCurrentProcess
-  - ZwSetInformationProcess
-  - ZwClose
-  - ZwDuplicateToken
-  - PsInitialSystemProcess
-  - _vsnwprintf
-  - ObfDereferenceObject
-  - ObOpenObjectByPointer
-  - PsGetProcessId
-  - PsDereferencePrimaryToken
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IoFreeMdl
-  - MmProbeAndLockPages
-  - MmUnlockPages
-  - IoAllocateMdl
-  - ZwUnloadKey
-  - IoEnumerateRegisteredFiltersList
-  - KeBugCheckEx
-  - MmGetSystemRoutineAddress
-  - IoDeleteDevice
-  - RtlInitUnicodeString
-  - NtBuildNumber
-  - RtlCompareMemory
-  - IoDeleteSymbolicLink
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwindEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltEnumerateFilters
-  - FltObjectDereference
-  - FltGetVolumeFromInstance
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: 1d51029dfbd616bf121b40a0d1efeb10
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.1.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: d45d2640e1584c776a1d10e5f695d7ad
-    SHA1: fef88c261764494d9a145b37b7739f3454786729
-    SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
-  SHA1: d3f6c3ea2ef7124403c0fb6e7e3a0558729b5285
-  SHA256: b8c71e1844e987cd6f9c2baf28d9520d4ccdd8593ce7051bb1b3c9bf1d97076a
-  Sections:
-    .text:
-      Entropy: 6.14362601153889
-      Virtual Size: '0x318c'
-    .rdata:
-      Entropy: 3.8575877670101746
-      Virtual Size: '0x1300'
-    .data:
-      Entropy: 2.3976266531821224
-      Virtual Size: '0x1144'
-    .pdata:
-      Entropy: 4.043975650731326
-      Virtual Size: '0x1b0'
-    PAGE:
-      Entropy: 6.070426661582891
-      Virtual Size: '0x28b'
-    INIT:
-      Entropy: 5.119968261124173
-      Virtual Size: '0x5e6'
-    .rsrc:
-      Entropy: 3.370803361398665
-      Virtual Size: '0x440'
-    .reloc:
-      Entropy: 4.657997051970539
-      Virtual Size: '0x1b6'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 059c6bd84285f4960e767f032b33f19b
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 48b50265ab9ca2af10d7bee2d69c4630
-    SHA1: f773bcfc7eae8a1c1b90c775f1fb63c7a64031c3
-    SHA256: 9a84ad211fc549d0f118b3211cb11fd3ab2ced86de9cd20173d03e1a47834133
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2019 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2019-08-13 17:31:13'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.2.0.0
-  Filename: ''
-  ImportedFunctions:
-  - NtBuildNumber
-  - IofCompleteRequest
-  - KeBugCheck
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsInitialSystemProcess
-  - ObfDereferenceObject
-  - PsLookupProcessByProcessId
-  - PsGetProcessImageFileName
-  - PsGetProcessId
-  - ZwClose
-  - ZwSetInformationProcess
-  - ZwDuplicateToken
-  - ObOpenObjectByPointer
-  - PsProcessType
-  - RtlInitUnicodeString
-  - PsReferencePrimaryToken
-  - IoGetCurrentProcess
-  - RtlCompareMemory
-  - ZwOpenProcessTokenEx
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - IoFreeMdl
-  - MmUnlockPages
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - memcpy
-  - KeServiceDescriptorTable
-  - IoEnumerateRegisteredFiltersList
-  - KeTickCount
-  - MmGetSystemRoutineAddress
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - memset
-  - PsDereferencePrimaryToken
-  - _vsnwprintf
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwind
-  - KeBugCheckEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltGetVolumeFromInstance
-  - FltObjectDereference
-  - FltEnumerateFilters
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: ba54a0dbe2685e66e21d41b4529b3528
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.2.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: c4873a245675b1071413f34af4d80050
-    SHA1: dd32c95fe9c3a8bcfa7623a732f2492214ff5881
-    SHA256: 2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
-  SHA1: 87e20486e804bfff393cc9ad9659858e130402a2
-  SHA256: 9e56e96df36237e65b3d7dbc490afdc826215158f6278cd579c576c4b455b392
-  Sections:
-    .text:
-      Entropy: 6.2035733322045745
-      Virtual Size: '0x23f4'
-    .rdata:
-      Entropy: 3.5651633607251183
-      Virtual Size: '0xed4'
-    .data:
-      Entropy: 2.8516013173925066
-      Virtual Size: '0x1264'
-    PAGE:
-      Entropy: 5.795549160299263
-      Virtual Size: '0x266'
-    INIT:
-      Entropy: 5.429489696991249
-      Virtual Size: '0x538'
-    .rsrc:
-      Entropy: 3.3528875272530887
-      Virtual Size: '0x430'
-    .reloc:
-      Entropy: 5.93822728458253
-      Virtual Size: '0x464'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 3b49942ec6cef1898e97f741b2b5df8a
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: b092aa28bfe8b2d550e3e3a735e7fa24
-    SHA1: 13030898df096d9882211379e018da940c2c8ac0
-    SHA256: b8d3914b796832a576ed0c977db439c8a5d6df5d0608088c39c786ff81bc2f11
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2019 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2019-05-03 17:51:55'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.2.0.0
-  Filename: ''
-  ImportedFunctions:
-  - KeBugCheck
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsProcessType
-  - PsGetProcessImageFileName
-  - PsLookupProcessByProcessId
-  - PsReferencePrimaryToken
-  - ZwOpenProcessTokenEx
-  - IoGetCurrentProcess
-  - ZwSetInformationProcess
-  - ZwClose
-  - ZwDuplicateToken
-  - PsInitialSystemProcess
-  - _vsnwprintf
-  - ObfDereferenceObject
-  - ObOpenObjectByPointer
-  - PsGetProcessId
-  - PsDereferencePrimaryToken
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IoFreeMdl
-  - MmProbeAndLockPages
-  - MmUnlockPages
-  - IoAllocateMdl
-  - ZwUnloadKey
-  - IoEnumerateRegisteredFiltersList
-  - KeBugCheckEx
-  - MmGetSystemRoutineAddress
-  - IoDeleteDevice
-  - RtlInitUnicodeString
-  - NtBuildNumber
-  - RtlCompareMemory
-  - IoDeleteSymbolicLink
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwindEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltEnumerateFilters
-  - FltObjectDereference
-  - FltGetVolumeFromInstance
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: 1325ec39e98225e487b40043faee8052
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.2.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: d45d2640e1584c776a1d10e5f695d7ad
-    SHA1: fef88c261764494d9a145b37b7739f3454786729
-    SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
-  SHA1: bf5515fcf120c2548355d607cfd57e9b3e0af6e9
-  SHA256: 26ef7b27d1afb685e0c136205a92d29b1091e3dcf6b7b39a4ec03fbbdb57cb55
-  Sections:
-    .text:
-      Entropy: 6.137402743772031
-      Virtual Size: '0x323c'
-    .rdata:
-      Entropy: 3.837223387948625
-      Virtual Size: '0x1460'
-    .data:
-      Entropy: 2.2583232763427667
-      Virtual Size: '0x17a4'
-    .pdata:
-      Entropy: 4.06852005250443
-      Virtual Size: '0x1b0'
-    PAGE:
-      Entropy: 6.079527011018308
-      Virtual Size: '0x28b'
-    INIT:
-      Entropy: 5.119968261124173
-      Virtual Size: '0x5e6'
-    .rsrc:
-      Entropy: 3.3547531988948798
-      Virtual Size: '0x430'
-    .reloc:
-      Entropy: 4.873734410850681
-      Virtual Size: '0x22e'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 059c6bd84285f4960e767f032b33f19b
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 50a2027559b8ba25b2b7d5700b608dab
-    SHA1: f4c5c47723286a51e8c830100c157963c57934ba
-    SHA256: 7b49579b74108e2418a6b401cd729e3fafe1c8ba1fe8434f73c8d0f1758b08d3
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2016 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2016-09-21 18:30:06'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.1.0.0
-  Filename: ''
-  ImportedFunctions:
-  - NtBuildNumber
-  - IofCompleteRequest
-  - KeBugCheck
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsInitialSystemProcess
-  - ObfDereferenceObject
-  - PsLookupProcessByProcessId
-  - PsGetProcessImageFileName
-  - PsGetProcessId
-  - ZwClose
-  - ZwSetInformationProcess
-  - ZwDuplicateToken
-  - ObOpenObjectByPointer
-  - PsProcessType
-  - RtlInitUnicodeString
-  - PsReferencePrimaryToken
-  - IoGetCurrentProcess
-  - RtlCompareMemory
-  - ZwOpenProcessTokenEx
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - IoFreeMdl
-  - MmUnlockPages
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - memcpy
-  - KeServiceDescriptorTable
-  - IoEnumerateRegisteredFiltersList
-  - KeTickCount
-  - MmGetSystemRoutineAddress
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - memset
-  - PsDereferencePrimaryToken
-  - _vsnwprintf
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwind
-  - KeBugCheckEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltGetVolumeFromInstance
-  - FltObjectDereference
-  - FltEnumerateFilters
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: c5ae6ca044bd03c3506c132b033be1dc
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.1.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: c4873a245675b1071413f34af4d80050
-    SHA1: dd32c95fe9c3a8bcfa7623a732f2492214ff5881
-    SHA256: 2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
-  SHA1: 928b5971a0f7525209d599e2ef15c31717047022
-  SHA256: af4f42197f5ce2d11993434725c81ecb6f54025110dedf56be8ffc0e775d9895
-  Sections:
-    .text:
-      Entropy: 6.192606376629303
-      Virtual Size: '0x235e'
-    .rdata:
-      Entropy: 3.5633717258613586
-      Virtual Size: '0xd74'
-    .data:
-      Entropy: 3.090718615812188
-      Virtual Size: '0xc38'
-    PAGE:
-      Entropy: 5.808211110642614
-      Virtual Size: '0x266'
-    INIT:
-      Entropy: 5.323943395070341
-      Virtual Size: '0x538'
-    .rsrc:
-      Entropy: 3.3682712956797647
-      Virtual Size: '0x440'
-    .reloc:
-      Entropy: 5.885744788394298
-      Virtual Size: '0x3c2'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 3b49942ec6cef1898e97f741b2b5df8a
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 8f1bac183519a07d73a86a3a747a8a9b
-    SHA1: 8410c9e980425a89793fbe2612d3716184af2cb7
-    SHA256: 71c0c98aa54dc88af8b094ceef88352052d592e0f40892825dedbf1abba16635
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2013 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2013-11-24 13:23:00'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.0.0.0
-  Filename: ''
-  ImportedFunctions:
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsProcessType
-  - PsGetProcessImageFileName
-  - PsLookupProcessByProcessId
-  - PsReferencePrimaryToken
-  - ZwOpenProcessTokenEx
-  - IoGetCurrentProcess
-  - ZwSetInformationProcess
-  - ZwClose
-  - ZwDuplicateToken
-  - PsInitialSystemProcess
-  - IofCompleteRequest
-  - ObfDereferenceObject
-  - ObOpenObjectByPointer
-  - PsGetProcessId
-  - PsDereferencePrimaryToken
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - ZwUnloadKey
-  - RtlInitUnicodeString
-  - MmGetSystemRoutineAddress
-  - IoEnumerateRegisteredFiltersList
-  - KeBugCheckEx
-  - KeBugCheck
-  - _vsnwprintf
-  - IoDeleteDevice
-  - NtBuildNumber
-  - RtlCompareMemory
-  - IoDeleteSymbolicLink
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwindEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltEnumerateFilters
-  - FltObjectDereference
-  - FltGetVolumeFromInstance
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: 24d3ea54f25e32832ac20335a1ce1062
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.0.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 63c6b4112622c2a9182cdd1d0d5235d7
-    SHA1: 3e48025a171d18c5839ab1e58b64dbc6483417d0
-    SHA256: ed34aa4b85d59a228c388a98cfa6395194fde9f005fc0bb1aa2ec852377d82f6
-  SHA1: 2a202830db58d5e942e4f6609228b14095ed2cab
-  SHA256: a906251667a103a484a6888dca3e9c8c81f513b8f037b98dfc11440802b0d640
-  Sections:
-    .text:
-      Entropy: 6.137460289143971
-      Virtual Size: '0x2e3c'
-    .rdata:
-      Entropy: 3.86471646671909
-      Virtual Size: '0xfcc'
-    .data:
-      Entropy: 2.468702019455969
-      Virtual Size: '0xc74'
-    .pdata:
-      Entropy: 4.023788139050789
-      Virtual Size: '0x1a4'
-    PAGE:
-      Entropy: 6.038047089814424
-      Virtual Size: '0x28b'
-    INIT:
-      Entropy: 5.100099905349228
-      Virtual Size: '0x584'
-    .rsrc:
-      Entropy: 3.3560762976789764
-      Virtual Size: '0x440'
-    .reloc:
-      Entropy: 4.490003473368671
-      Virtual Size: '0x13e'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Timestamping CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2028-01-28 12:00:00'
-      Signature: 4e5e56901e46b4d94931f3bb1739281bc216ddfd41dc0905049b6fb2a29ad6992e40990055b5ea3fa52076d38634d417cc553ac782eeefa8babcd8069f1550dfcd167b523a02d7191afdaff0785ce04bc518df3a241edaacb8a95804020730dbb0125efe31bef00448f4f070f83a5e5683cf3dfb0dbcf4c5ed979db9d4dba52784e3389b8ba735864420a43b6da46a0ba183fd28ebdaef28f6cc885dfb0a3b00abe021ebe22f356c0f8e344597eba2f79933357ecb9a8abb454de73f9fc2d98afa65b26ec77e65ffe892e12c31a2f7b02736488f266f3bee4d761f79c3e57f9635bc2d0ecc01b08e7fff518080a792d4b34446648c874f166307314b63b0dff3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee152d7
-      Version: 3
-      TBS:
-        MD5: e140543fe3256027cfa79fc3c19c1776
-        SHA1: c655f94eb1ecc93de319fc0c9a2dc6c5ec063728
-        SHA256: 3ca71e85908ff67368e4dc00253f5691b9e6d50c966e7784143d75fb92aa3448
-        SHA384: d9d366f9328f2b55ee19a32cc5fd5148b81d764282fe5dc196c872ae249caa51d2c212ef39f33945dfe0cda81925e326
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=SG, O=GMO GlobalSign Pte Ltd, CN=GlobalSign TSA for MS Authenticode
-        , G1
-      ValidFrom: '2013-08-23 00:00:00'
-      ValidTo: '2024-09-23 00:00:00'
-      Signature: 0231142e5857644185e8af12753c881cc35eec2ce9a13cf5baaa531db9d12963dc436786d439dadec6c9ffbe4585f4a4d7c151ea18ee40585ee67bcca241291338c8ea21169cce90a62efba6cad994df401df902182bbef65d4f9fff9a48dbc50509ca80cea0f9dc4bc323e6038fb4b4af5b71296191181a6b7af2fd0dd1cd7d5e98ebba705ee5f4ea43de353dc514818adb3e105ebb72faa1a093ab031cc1653c91138b045d2bc4b9161bcc55c50ce8abe743c9b28328a5531347ab3964b91cea3430b176009521f1d43da8fda00032d76e983ca69c3b0b83becbb8bb2a268c59b8b9aeaf26ace234a2dc210d810b3813f745a3e3dbc4aca16d1bb7e5615cd7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1121405c1f0ed258882be54d8686ba11ea45
-      Version: 3
-      TBS:
-        MD5: b95cbc184d388718612d5933f7b36770
-        SHA1: ff124c5d160710720108616ffee99bbe090ed363
-        SHA256: 13027620255363f07bbf85ae7d0dc06c07d8b0f4368b12f983ee3f4fce605733
-        SHA384: f42ed00f615f2822dcd3d33794477428afb52ddab932ebcde3586f92a27e18f9faba6b3334ca4e59e0cb24bdbf8395a6
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: a6c4a7369500900fc172f9557cff22cf
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 83781f2cad5e578a633bd6869b7ea8b3
-    SHA1: 611e32fcb95d91770078b4cc630a00396cb013bb
-    SHA256: e0fa3fa9488583353b39f12f857911b7115ecd82b70f6fb7be70633d72147649
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2019 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2019-04-08 16:54:18'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.2.0.0
-  Filename: ''
-  ImportedFunctions:
-  - KeBugCheck
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsProcessType
-  - PsGetProcessImageFileName
-  - PsLookupProcessByProcessId
-  - PsReferencePrimaryToken
-  - ZwOpenProcessTokenEx
-  - IoGetCurrentProcess
-  - ZwSetInformationProcess
-  - ZwClose
-  - ZwDuplicateToken
-  - PsInitialSystemProcess
-  - _vsnwprintf
-  - ObfDereferenceObject
-  - ObOpenObjectByPointer
-  - PsGetProcessId
-  - PsDereferencePrimaryToken
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IoFreeMdl
-  - MmProbeAndLockPages
-  - MmUnlockPages
-  - IoAllocateMdl
-  - ZwUnloadKey
-  - IoEnumerateRegisteredFiltersList
-  - KeBugCheckEx
-  - MmGetSystemRoutineAddress
-  - IoDeleteDevice
-  - RtlInitUnicodeString
-  - NtBuildNumber
-  - RtlCompareMemory
-  - IoDeleteSymbolicLink
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwindEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltEnumerateFilters
-  - FltObjectDereference
-  - FltGetVolumeFromInstance
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: c7b7f1edb9bbef174e6506885561d85d
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.2.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: d45d2640e1584c776a1d10e5f695d7ad
-    SHA1: fef88c261764494d9a145b37b7739f3454786729
-    SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
-  SHA1: c3aafe8f67c6738489377031cb5a1197e99b202d
-  SHA256: 4bd4715d2a7af627da11513e32fab925c872babebdb7ff5675a75815fbf95021
-  Sections:
-    .text:
-      Entropy: 6.137402743772031
-      Virtual Size: '0x323c'
-    .rdata:
-      Entropy: 3.836900594790529
-      Virtual Size: '0x1460'
-    .data:
-      Entropy: 2.2583232763427667
-      Virtual Size: '0x17a4'
-    .pdata:
-      Entropy: 4.06852005250443
-      Virtual Size: '0x1b0'
-    PAGE:
-      Entropy: 6.079527011018308
-      Virtual Size: '0x28b'
-    INIT:
-      Entropy: 5.119968261124173
-      Virtual Size: '0x5e6'
-    .rsrc:
-      Entropy: 3.3547531988948798
-      Virtual Size: '0x430'
-    .reloc:
-      Entropy: 4.873734410850681
-      Virtual Size: '0x22e'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 059c6bd84285f4960e767f032b33f19b
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 2d3446ae7ea69e3c1048b51089c71d8f
-    SHA1: 4a57ed5011ec329c5756a58946ce5280677f22be
-    SHA256: ebc3a28af05f5b0b456f6ea59ad613109bbb1e2a888d7e3808e331335a77f087
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2017 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2018-12-09 15:56:22'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.1.1.0
-  Filename: ''
-  ImportedFunctions:
-  - NtBuildNumber
-  - IofCompleteRequest
-  - KeBugCheck
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsInitialSystemProcess
-  - ObfDereferenceObject
-  - PsLookupProcessByProcessId
-  - PsGetProcessImageFileName
-  - PsGetProcessId
-  - ZwClose
-  - ZwSetInformationProcess
-  - ZwDuplicateToken
-  - ObOpenObjectByPointer
-  - PsProcessType
-  - RtlInitUnicodeString
-  - PsReferencePrimaryToken
-  - IoGetCurrentProcess
-  - RtlCompareMemory
-  - ZwOpenProcessTokenEx
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - IoFreeMdl
-  - MmUnlockPages
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - memcpy
-  - KeServiceDescriptorTable
-  - IoEnumerateRegisteredFiltersList
-  - KeTickCount
-  - MmGetSystemRoutineAddress
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - memset
-  - PsDereferencePrimaryToken
-  - _vsnwprintf
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwind
-  - KeBugCheckEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltGetVolumeFromInstance
-  - FltObjectDereference
-  - FltEnumerateFilters
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: 4cf14a96485a1270fed97bb8000e4f86
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.1.1.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: c4873a245675b1071413f34af4d80050
-    SHA1: dd32c95fe9c3a8bcfa7623a732f2492214ff5881
-    SHA256: 2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
-  SHA1: 8aa0e832e5ca2eb79dafabadbe9948a191008383
-  SHA256: 60ee78a2b070c830fabb54c6bde0d095dff8fad7f72aa719758b3c41c72c2aa9
-  Sections:
-    .text:
-      Entropy: 6.202381134757234
-      Virtual Size: '0x23be'
-    .rdata:
-      Entropy: 3.574396559576929
-      Virtual Size: '0xeb4'
-    .data:
-      Entropy: 2.918973466238896
-      Virtual Size: '0x112c'
-    PAGE:
-      Entropy: 5.809009522687684
-      Virtual Size: '0x266'
-    INIT:
-      Entropy: 5.438798437403421
-      Virtual Size: '0x538'
-    .rsrc:
-      Entropy: 3.3595554913841745
-      Virtual Size: '0x438'
-    .reloc:
-      Entropy: 5.942057100341831
-      Virtual Size: '0x446'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 3b49942ec6cef1898e97f741b2b5df8a
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 81d5b7724b6a1c5be4978397c8f963b1
-    SHA1: 77179256fcde70ccb24b5a5017f9299543d4f364
-    SHA256: fc26cebb27c76c6e3d22da679cff81477cab4fcabfb6f5a8a27f596ab51713ae
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2020 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2020-02-08 04:26:40'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.2.0.0
-  Filename: ''
-  ImportedFunctions:
-  - KeBugCheck
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsProcessType
-  - PsGetProcessImageFileName
-  - PsLookupProcessByProcessId
-  - PsReferencePrimaryToken
-  - ZwOpenProcessTokenEx
-  - IoGetCurrentProcess
-  - ZwSetInformationProcess
-  - ZwClose
-  - ZwDuplicateToken
-  - PsInitialSystemProcess
-  - _vsnwprintf
-  - ObfDereferenceObject
-  - ObOpenObjectByPointer
-  - PsGetProcessId
-  - PsDereferencePrimaryToken
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IoFreeMdl
-  - MmProbeAndLockPages
-  - MmUnlockPages
-  - IoAllocateMdl
-  - ZwUnloadKey
-  - IoEnumerateRegisteredFiltersList
-  - KeBugCheckEx
-  - MmGetSystemRoutineAddress
-  - IoDeleteDevice
-  - RtlInitUnicodeString
-  - NtBuildNumber
-  - RtlCompareMemory
-  - IoDeleteSymbolicLink
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwindEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltEnumerateFilters
-  - FltObjectDereference
-  - FltGetVolumeFromInstance
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: eb57f03b7603f0b235af62e8cd5be8c2
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.2.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: d45d2640e1584c776a1d10e5f695d7ad
-    SHA1: fef88c261764494d9a145b37b7739f3454786729
-    SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
-  SHA1: b5696e2183d9387776820ef3afa388200f08f5a6
-  SHA256: bc49cb96f3136c3e552bf29f808883abb9e651040415484c1736261b52756908
-  Sections:
-    .text:
-      Entropy: 6.135433819899731
-      Virtual Size: '0x325c'
-    .rdata:
-      Entropy: 3.835200100045632
-      Virtual Size: '0x1450'
-    .data:
-      Entropy: 2.2159905775744044
-      Virtual Size: '0x1934'
-    .pdata:
-      Entropy: 4.038755197475624
-      Virtual Size: '0x1b0'
-    PAGE:
-      Entropy: 6.068036657482388
-      Virtual Size: '0x28b'
-    INIT:
-      Entropy: 5.119968261124173
-      Virtual Size: '0x5e6'
-    .rsrc:
-      Entropy: 3.3478109419215607
-      Virtual Size: '0x430'
-    .reloc:
-      Entropy: 4.901711830072888
-      Virtual Size: '0x24c'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2026-04-13 10:00:00'
-      Signature: 1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 751e3ee9c5dc2f3e8f04e59dee5ed409
-      Version: 3
-      TBS:
-        MD5: a637f8f3c278575f41cda67c2063c050
-        SHA1: debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
-        SHA256: f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
-        SHA384: 8d32c5f71dc656c96a04609c17e9d8dc95c4f56d1a55165a265e244d34a3f7708e6c7d942376e4fbb3d2ac2f2609fd47
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 059c6bd84285f4960e767f032b33f19b
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: e5bce10af730d5869942ecd31c7f157f
-    SHA1: a1f710378ed3f8763641137b839f7570200c019d
-    SHA256: 7af0efdd72c68fdd105bb73be148ab7bf78a157cb1b241a85362a5bc5da91bd8
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2020 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2020-05-02 08:23:21'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.2.0.0
-  Filename: ''
-  ImportedFunctions:
-  - NtBuildNumber
-  - IofCompleteRequest
-  - KeBugCheck
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsInitialSystemProcess
-  - ObfDereferenceObject
-  - PsLookupProcessByProcessId
-  - PsGetProcessImageFileName
-  - PsGetProcessId
-  - ZwClose
-  - ZwSetInformationProcess
-  - ZwDuplicateToken
-  - ObOpenObjectByPointer
-  - PsProcessType
-  - RtlInitUnicodeString
-  - PsReferencePrimaryToken
-  - IoGetCurrentProcess
-  - RtlCompareMemory
-  - ZwOpenProcessTokenEx
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - IoFreeMdl
-  - MmUnlockPages
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - memcpy
-  - KeServiceDescriptorTable
-  - IoEnumerateRegisteredFiltersList
-  - KeTickCount
-  - MmGetSystemRoutineAddress
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - memset
-  - PsDereferencePrimaryToken
-  - _vsnwprintf
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwind
-  - KeBugCheckEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltGetVolumeFromInstance
-  - FltObjectDereference
-  - FltEnumerateFilters
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: 70a71fe86df717ac59dbf856d7ac5789
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.2.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: c4873a245675b1071413f34af4d80050
-    SHA1: dd32c95fe9c3a8bcfa7623a732f2492214ff5881
-    SHA256: 2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
-  SHA1: fe54a1acc5438883e5c1bba87b78bb7322e2c739
-  SHA256: f03f0fb3a26bb83e8f8fa426744cf06f2e6e29f5220663b1d64265952b8de1a1
-  Sections:
-    .text:
-      Entropy: 6.2035733322045745
-      Virtual Size: '0x23f4'
-    .rdata:
-      Entropy: 3.5722858334708065
-      Virtual Size: '0xed4'
-    .data:
-      Entropy: 2.8516013173925066
-      Virtual Size: '0x1264'
-    PAGE:
-      Entropy: 5.795549160299263
-      Virtual Size: '0x266'
-    INIT:
-      Entropy: 5.429489696991249
-      Virtual Size: '0x538'
-    .rsrc:
-      Entropy: 3.3459452702797696
-      Virtual Size: '0x430'
-    .reloc:
-      Entropy: 5.93822728458253
-      Virtual Size: '0x464'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2026-04-13 10:00:00'
-      Signature: 1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 751e3ee9c5dc2f3e8f04e59dee5ed409
-      Version: 3
-      TBS:
-        MD5: a637f8f3c278575f41cda67c2063c050
-        SHA1: debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
-        SHA256: f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
-        SHA384: 8d32c5f71dc656c96a04609c17e9d8dc95c4f56d1a55165a265e244d34a3f7708e6c7d942376e4fbb3d2ac2f2609fd47
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 3b49942ec6cef1898e97f741b2b5df8a
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 014d3ae3aca830bd77782f26492d1083
-    SHA1: 23ce72f43542a945b95acd9ac4a27dbbf7f59196
-    SHA256: 6416ea9d2a15899dbf4a98b70bdedb4cc6eaf748c14c554b26ae2fe57ef8aa2a
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2016 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2016-08-21 16:57:31'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.1.0.0
-  Filename: ''
-  ImportedFunctions:
-  - NtBuildNumber
-  - IofCompleteRequest
-  - KeBugCheck
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsInitialSystemProcess
-  - ObfDereferenceObject
-  - PsLookupProcessByProcessId
-  - PsGetProcessImageFileName
-  - PsGetProcessId
-  - ZwClose
-  - ZwSetInformationProcess
-  - ZwDuplicateToken
-  - ObOpenObjectByPointer
-  - PsProcessType
-  - RtlInitUnicodeString
-  - PsReferencePrimaryToken
-  - IoGetCurrentProcess
-  - RtlCompareMemory
-  - ZwOpenProcessTokenEx
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - IoFreeMdl
-  - MmUnlockPages
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - memcpy
-  - KeServiceDescriptorTable
-  - IoEnumerateRegisteredFiltersList
-  - KeTickCount
-  - MmGetSystemRoutineAddress
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - memset
-  - PsDereferencePrimaryToken
-  - _vsnwprintf
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwind
-  - KeBugCheckEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltGetVolumeFromInstance
-  - FltObjectDereference
-  - FltEnumerateFilters
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: 4198d3db44d7c4b3ba9072d258a4fc2d
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.1.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: c4873a245675b1071413f34af4d80050
-    SHA1: dd32c95fe9c3a8bcfa7623a732f2492214ff5881
-    SHA256: 2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
-  SHA1: e42bd2f585c00a1d6557df405246081f89542d15
-  SHA256: bcb774b6f6ff504d2db58096601bc5cb419c169bfbeaa3af852417e87d9b2aa0
-  Sections:
-    .text:
-      Entropy: 6.192606376629303
-      Virtual Size: '0x235e'
-    .rdata:
-      Entropy: 3.5621344367460375
-      Virtual Size: '0xd74'
-    .data:
-      Entropy: 3.090718615812188
-      Virtual Size: '0xc38'
-    PAGE:
-      Entropy: 5.808211110642614
-      Virtual Size: '0x266'
-    INIT:
-      Entropy: 5.323943395070341
-      Virtual Size: '0x538'
-    .rsrc:
-      Entropy: 3.3682712956797647
-      Virtual Size: '0x440'
-    .reloc:
-      Entropy: 5.885744788394298
-      Virtual Size: '0x3c2'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 3b49942ec6cef1898e97f741b2b5df8a
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 7d7c88f9aa5cddebfdf05583095e292a
-    SHA1: 63ec2554b377adb9a2c610f4f98afdbb9512e802
-    SHA256: 0820ae4ffc5258b49787423bd392cd29a6a77777b955dd210a41238b02f05c3e
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2017 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2018-08-16 16:45:45'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.1.1.0
-  Filename: ''
-  ImportedFunctions:
-  - NtBuildNumber
-  - IofCompleteRequest
-  - KeBugCheck
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsInitialSystemProcess
-  - ObfDereferenceObject
-  - PsLookupProcessByProcessId
-  - PsGetProcessImageFileName
-  - PsGetProcessId
-  - ZwClose
-  - ZwSetInformationProcess
-  - ZwDuplicateToken
-  - ObOpenObjectByPointer
-  - PsProcessType
-  - RtlInitUnicodeString
-  - PsReferencePrimaryToken
-  - IoGetCurrentProcess
-  - RtlCompareMemory
-  - ZwOpenProcessTokenEx
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - IoFreeMdl
-  - MmUnlockPages
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - memcpy
-  - KeServiceDescriptorTable
-  - IoEnumerateRegisteredFiltersList
-  - KeTickCount
-  - MmGetSystemRoutineAddress
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - memset
-  - PsDereferencePrimaryToken
-  - _vsnwprintf
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwind
-  - KeBugCheckEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltGetVolumeFromInstance
-  - FltObjectDereference
-  - FltEnumerateFilters
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: bdb305aa0806f8b38b7ce43c927fe919
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.1.1.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: c4873a245675b1071413f34af4d80050
-    SHA1: dd32c95fe9c3a8bcfa7623a732f2492214ff5881
-    SHA256: 2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
-  SHA1: 844d7bcd1a928d340255ff42971cca6244a459bf
-  SHA256: a85d3fd59bb492a290552e5124bfe3f9e26a3086d69d42ccc44737b5a66673ec
-  Sections:
-    .text:
-      Entropy: 6.202827671645787
-      Virtual Size: '0x23ae'
-    .rdata:
-      Entropy: 3.5425289037801475
-      Virtual Size: '0xe24'
-    .data:
-      Entropy: 2.9048205574982506
-      Virtual Size: '0xff4'
-    PAGE:
-      Entropy: 5.788042895055868
-      Virtual Size: '0x266'
-    INIT:
-      Entropy: 5.325440401058365
-      Virtual Size: '0x538'
-    .rsrc:
-      Entropy: 3.3588565214747637
-      Virtual Size: '0x438'
-    .reloc:
-      Entropy: 5.981826468919802
-      Virtual Size: '0x41e'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 3b49942ec6cef1898e97f741b2b5df8a
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 8051f1d130479b666ce25171f0368aa9
-    SHA1: acbcc2ee1f5150c4ff2918b7b8a38fff3df8328f
-    SHA256: 0cde416accd63c33ac9f4fd7bb6426c8bc3e6a18a335e9bbfea7cc767c30d3b6
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2014 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2014-01-11 07:24:30'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.0.0.0
-  Filename: ''
-  ImportedFunctions:
-  - KeBugCheck
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsInitialSystemProcess
-  - ObfDereferenceObject
-  - PsLookupProcessByProcessId
-  - PsGetProcessImageFileName
-  - PsGetProcessId
-  - ZwClose
-  - ZwSetInformationProcess
-  - ZwDuplicateToken
-  - ObOpenObjectByPointer
-  - IofCompleteRequest
-  - PsDereferencePrimaryToken
-  - PsReferencePrimaryToken
-  - IoGetCurrentProcess
-  - RtlCompareMemory
-  - ZwOpenProcessTokenEx
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - KeServiceDescriptorTable
-  - MmGetSystemRoutineAddress
-  - RtlInitUnicodeString
-  - IoEnumerateRegisteredFiltersList
-  - KeTickCount
-  - NtBuildNumber
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - memset
-  - PsProcessType
-  - _vsnwprintf
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwind
-  - KeBugCheckEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltGetVolumeFromInstance
-  - FltObjectDereference
-  - FltEnumerateFilters
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: e172a38ade3aa0a2bc1bf9604a54a3b5
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.0.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 9ef7d3e0d40381093233ad6158457c82
-    SHA1: de9692ae52b47eb6c3384d87c48ae5b8abec3472
-    SHA256: 38e33f9063e4b5374496e628a2d0cc0858d3b9ce65fd320d40928b79a0fef5e9
-  SHA1: c5bd9f2b3a51ba0da08d7c84bab1f2d03a95e405
-  SHA256: 94ba4bcbdb55d6faf9f33642d0072109510f5c57e8c963d1a3eb4f9111f30112
-  Sections:
-    .text:
-      Entropy: 6.20225407757641
-      Virtual Size: '0x1fe8'
-    .rdata:
-      Entropy: 3.526603515289412
-      Virtual Size: '0xbe4'
-    .data:
-      Entropy: 3.0756426415570397
-      Virtual Size: '0x984'
-    PAGE:
-      Entropy: 5.811183490770206
-      Virtual Size: '0x266'
-    INIT:
-      Entropy: 5.304412008980706
-      Virtual Size: '0x4d8'
-    .rsrc:
-      Entropy: 3.3510121662411767
-      Virtual Size: '0x440'
-    .reloc:
-      Entropy: 5.789908545604789
-      Virtual Size: '0x34a'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Timestamping CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2028-01-28 12:00:00'
-      Signature: 4e5e56901e46b4d94931f3bb1739281bc216ddfd41dc0905049b6fb2a29ad6992e40990055b5ea3fa52076d38634d417cc553ac782eeefa8babcd8069f1550dfcd167b523a02d7191afdaff0785ce04bc518df3a241edaacb8a95804020730dbb0125efe31bef00448f4f070f83a5e5683cf3dfb0dbcf4c5ed979db9d4dba52784e3389b8ba735864420a43b6da46a0ba183fd28ebdaef28f6cc885dfb0a3b00abe021ebe22f356c0f8e344597eba2f79933357ecb9a8abb454de73f9fc2d98afa65b26ec77e65ffe892e12c31a2f7b02736488f266f3bee4d761f79c3e57f9635bc2d0ecc01b08e7fff518080a792d4b34446648c874f166307314b63b0dff3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee152d7
-      Version: 3
-      TBS:
-        MD5: e140543fe3256027cfa79fc3c19c1776
-        SHA1: c655f94eb1ecc93de319fc0c9a2dc6c5ec063728
-        SHA256: 3ca71e85908ff67368e4dc00253f5691b9e6d50c966e7784143d75fb92aa3448
-        SHA384: d9d366f9328f2b55ee19a32cc5fd5148b81d764282fe5dc196c872ae249caa51d2c212ef39f33945dfe0cda81925e326
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=SG, O=GMO GlobalSign Pte Ltd, CN=GlobalSign TSA for MS Authenticode
-        , G1
-      ValidFrom: '2013-08-23 00:00:00'
-      ValidTo: '2024-09-23 00:00:00'
-      Signature: 0231142e5857644185e8af12753c881cc35eec2ce9a13cf5baaa531db9d12963dc436786d439dadec6c9ffbe4585f4a4d7c151ea18ee40585ee67bcca241291338c8ea21169cce90a62efba6cad994df401df902182bbef65d4f9fff9a48dbc50509ca80cea0f9dc4bc323e6038fb4b4af5b71296191181a6b7af2fd0dd1cd7d5e98ebba705ee5f4ea43de353dc514818adb3e105ebb72faa1a093ab031cc1653c91138b045d2bc4b9161bcc55c50ce8abe743c9b28328a5531347ab3964b91cea3430b176009521f1d43da8fda00032d76e983ca69c3b0b83becbb8bb2a268c59b8b9aeaf26ace234a2dc210d810b3813f745a3e3dbc4aca16d1bb7e5615cd7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1121405c1f0ed258882be54d8686ba11ea45
-      Version: 3
-      TBS:
-        MD5: b95cbc184d388718612d5933f7b36770
-        SHA1: ff124c5d160710720108616ffee99bbe090ed363
-        SHA256: 13027620255363f07bbf85ae7d0dc06c07d8b0f4368b12f983ee3f4fce605733
-        SHA384: f42ed00f615f2822dcd3d33794477428afb52ddab932ebcde3586f92a27e18f9faba6b3334ca4e59e0cb24bdbf8395a6
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 87fd2b54ed568e2294300e164b8c46f7
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: c25bd15b32ec15b42f3873f7af977d4a
-    SHA1: a49347cfcc27732b692e31052aaf07c0849748fa
-    SHA256: e37671575137d4e726efe2cfb730455bfcc5c08d553330dc68840ce8f7c63280
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2016 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2016-05-24 16:19:13'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.1.0.0
-  Filename: ''
-  ImportedFunctions:
-  - KeBugCheck
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsProcessType
-  - PsGetProcessImageFileName
-  - PsLookupProcessByProcessId
-  - PsReferencePrimaryToken
-  - ZwOpenProcessTokenEx
-  - IoGetCurrentProcess
-  - ZwSetInformationProcess
-  - ZwClose
-  - ZwDuplicateToken
-  - PsInitialSystemProcess
-  - _vsnwprintf
-  - ObfDereferenceObject
-  - ObOpenObjectByPointer
-  - PsGetProcessId
-  - PsDereferencePrimaryToken
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IoFreeMdl
-  - MmProbeAndLockPages
-  - MmUnlockPages
-  - IoAllocateMdl
-  - ZwUnloadKey
-  - IoEnumerateRegisteredFiltersList
-  - KeBugCheckEx
-  - MmGetSystemRoutineAddress
-  - IoDeleteDevice
-  - RtlInitUnicodeString
-  - NtBuildNumber
-  - RtlCompareMemory
-  - IoDeleteSymbolicLink
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwindEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltEnumerateFilters
-  - FltObjectDereference
-  - FltGetVolumeFromInstance
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: 4e4c068c06331130334f23957fca9e3c
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.1.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: d45d2640e1584c776a1d10e5f695d7ad
-    SHA1: fef88c261764494d9a145b37b7739f3454786729
-    SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
-  SHA1: 9e2ebc489c50b6bbae3b08473e007baa65ff208f
-  SHA256: 2da2b883e48e929f5365480d487590957d9e6582cc6da2c0b42699ba85e54fe2
-  Sections:
-    .text:
-      Entropy: 6.134700082776874
-      Virtual Size: '0x321c'
-    .rdata:
-      Entropy: 3.851705446457236
-      Virtual Size: '0x1248'
-    .data:
-      Entropy: 2.4290980855498043
-      Virtual Size: '0xfa4'
-    .pdata:
-      Entropy: 4.043102684753298
-      Virtual Size: '0x1bc'
-    PAGE:
-      Entropy: 6.0617823350375595
-      Virtual Size: '0x28b'
-    INIT:
-      Entropy: 5.115489588699519
-      Virtual Size: '0x5e6'
-    .rsrc:
-      Entropy: 3.3689651261045475
-      Virtual Size: '0x440'
-    .reloc:
-      Entropy: 4.630994027546385
-      Virtual Size: '0x18e'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 059c6bd84285f4960e767f032b33f19b
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 96f61230b60e338e222fdd60d55d3657
-    SHA1: 107bdd495d694b253776c4e9907a21d55847eda3
-    SHA256: 89ec70089d61eccb9021edc6f1b50a9ef99196467a011e1dc7d0325aa51b7dff
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2017 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2018-03-17 17:21:06'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.1.1.0
-  Filename: ''
-  ImportedFunctions:
-  - NtBuildNumber
-  - IofCompleteRequest
-  - KeBugCheck
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsInitialSystemProcess
-  - ObfDereferenceObject
-  - PsLookupProcessByProcessId
-  - PsGetProcessImageFileName
-  - PsGetProcessId
-  - ZwClose
-  - ZwSetInformationProcess
-  - ZwDuplicateToken
-  - ObOpenObjectByPointer
-  - PsProcessType
-  - RtlInitUnicodeString
-  - PsReferencePrimaryToken
-  - IoGetCurrentProcess
-  - RtlCompareMemory
-  - ZwOpenProcessTokenEx
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - IoFreeMdl
-  - MmUnlockPages
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - memcpy
-  - KeServiceDescriptorTable
-  - IoEnumerateRegisteredFiltersList
-  - KeTickCount
-  - MmGetSystemRoutineAddress
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - memset
-  - PsDereferencePrimaryToken
-  - _vsnwprintf
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwind
-  - KeBugCheckEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltGetVolumeFromInstance
-  - FltObjectDereference
-  - FltEnumerateFilters
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: 0d2ba47286f1c68e87622b3a16bf9d92
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.1.1.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: c4873a245675b1071413f34af4d80050
-    SHA1: dd32c95fe9c3a8bcfa7623a732f2492214ff5881
-    SHA256: 2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
-  SHA1: e5566684a9e0c1afadae80c3a8be6636f6cad7cf
-  SHA256: 21617210249d2a35016e8ca6bd7a1edda25a12702a2294d56010ee8148637f5a
-  Sections:
-    .text:
-      Entropy: 6.198093347366582
-      Virtual Size: '0x239e'
-    .rdata:
-      Entropy: 3.5498598119209426
-      Virtual Size: '0xe04'
-    .data:
-      Entropy: 2.8887582835017827
-      Virtual Size: '0xff8'
-    PAGE:
-      Entropy: 5.783313787388865
-      Virtual Size: '0x266'
-    INIT:
-      Entropy: 5.323943395070341
-      Virtual Size: '0x538'
-    .rsrc:
-      Entropy: 3.3804140325955863
-      Virtual Size: '0x440'
-    .reloc:
-      Entropy: 5.967349329602677
-      Virtual Size: '0x41e'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority,
-        CN=Certum Code Signing CA SHA2
-      ValidFrom: '2015-10-29 11:30:29'
-      ValidTo: '2027-06-09 11:30:29'
-      Signature: aae53f7654024c700e29a93996060f31b70bf1a68b52fb108f4f425b8cbd312301669de829a14dc350faf7f8450e1d82d7fcfea6320473fd71eccc880fa39208c5815802fd0b693bcdb83f493dd08d1c1314682e9b0d9aadb019e29ed27c3977886f23fd7b84fc446db5ba6b7092556c94b1d837fda9591db463b2dc13cd788e2535c19a8f37842ed445cce3f5cc8d73a8e33a6de7959470579150b66def73724f2f028760e2ea22a1ed3efdd18b668d2e726d4fc65d35ee93a898d2676ae9da19cd0283f974fc5f7a1804281edd22333b766c47055dd552fe0eba76f38310c76e305fa760c7fa7427319b2883ed218a1bf1235284ed95bcad3aa5a342019dbc
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 6b326a0f0328d37a1d530bfd23bd48e2
-      Version: 3
-      TBS:
-        MD5: e556c75dbca00e43684d23c11c032d4a
-        SHA1: 50925e36ffd52e5b4d32689e9007b14a3a417168
-        SHA256: f7b6eeb3a567223000a61f68c53b458193557c17e5d512d2825bcb13e5fc9be5
-        SHA384: 57f1cdd3afe0bd7859ab450dbdf6e21a55cf5ba0dda62b9b3c12f2d885d98413ce6817243f6bb83cd77276643369ecbf
-    - Subject: C=FR, O=Open Source Developer, ST=Ile de France, CN=Open Source Developer,
-        Benjamin Delpy, emailAddress=benjamin@gentilkiwi.com
-      ValidFrom: '2017-12-04 09:50:34'
-      ValidTo: '2018-12-04 09:50:34'
-      Signature: a671cf049079a759f4c1fa73dd7f3b3b84da6480a91a3c1a9d6d3bb1313d6714d14272b477c37a86b88a686344dcfd89c8af3a34deaaa5bab970adfa66c5ff206b22ef1954ccbf6b96fdf0f99e9066557fefbb5ddc55aa2a2891181d1a27b06acb79380b618344bd202361fb0399a7e6e6ccbcfa714265fa054e373261efaf6b74bc7e4c7994bcb832d61b3c573d2ec8c3926afb60d4b63428112dd6249c2a49cfded8fa33893fb2d452b135ad57be1ff7956825861e1fd53dfbc0cef82045fd699ebeb74230abfbac20467f087f6e7e2b19f0f961ea2f015c2e54e653507f9966193658afc237778e12001f05e1c6e0ec13d9574718593a2f2484cff950e019
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 1519af351702ab2d86968d0be928f529
-      Version: 3
-      TBS:
-        MD5: 7227ed4392de49333e052f8f17c41f69
-        SHA1: e019d8060f65cc923dab50ea282fb8895c1c75f9
-        SHA256: eee437f4170a21f7de0e590620ff2a9412f89af95e87589d0e5a1cca17f61825
-        SHA384: a5f32361dfa3828aebf139cb1017bba83111e1ce2c5dbd126751a1e7d8f19f3fb838926fc118e423fbe07187e84efc2b
-    - Subject: C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority,
-        CN=Certum Trusted Network CA
-      ValidFrom: '2011-04-15 20:15:34'
-      ValidTo: '2021-04-15 20:25:34'
-      Signature: 419f12160eedee2491fe5d5f10a097a8749e0dccf3115163122a5bb95dc7afac5aa25c0002cb728e0d9225b6522653be3c77a2c28c8089d84118571ab8d05057c328e7fad044804e7e8933286f3a47ef5e231ef27afe3a2a19dead6b1a2847786e9bbfeb7367589a2719d8eb5c3d085860629d5914cf9e76b3cfd962af7b72ac80f9e015ab9c7a5c4b1c7083db7094117bd22a4c7734dc36cccd46d40b198c09f6610ade481c9b3fff0b43d7f1018061abda70cfa78444acb31cce2630f5ca5f696735836ea3888c0fb8939bd65b0615e64b7db950ab09e07b2beb4c1a6bba1cca791bc59f81bde443f02de195d5a166076ce6e5456e060bdbf5bc4395b88aa50555e59668ac1d31db3804bc1c3db61975d1b5802a821e385c4676256c4d8b7483544375e77bb395bfee13609e0ecdfbcaf73a2a52a0a625497a17193ae8941f2c8204035ea9513cef526f7b43ceda2b81b47fda1a2c6265d1ec2837823014319d15bdffacc88b256e41bd1f23741be3fcf94be2eb46e68151530ec94a84788deca8b80f8d4c7fe0f6b0d2c538b24f82c410fe87b88ec6b6b0f87c12a7b4834dfc1e8b6a5bf9d564793ed1e37e1af6c81e59db4dca605c577ea25877ecfa05260032a7f6ff134e98d86f5b434cb336e425bcd93b9f38e00ee9be81e6c91f0f022f8d3a1288a88e1bb1e776913e18de361228fef766557c5bd464487452c32189
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 613bc791000000000034
-      Version: 3
-      TBS:
-        MD5: f5f0d604dd56b0446f98fb67e98a76f8
-        SHA1: c749c146cc00030ff36ecf9b698e6a377bc15605
-        SHA256: df5dacc623d44348fff0bc8ebe2cedc8ba212e33c6f10d7fd608f37f92a2c273
-        SHA384: c394dc13768746f008b4ffa082d6e8a2e55a83052d63e3c0a8f2fcfc30dcd51849afd21b0adf86bc50490629a89da09b
-    Signer:
-    - SerialNumber: 1519af351702ab2d86968d0be928f529
-      Issuer: C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority,
-        CN=Certum Code Signing CA SHA2
-      Version: 1
-  Imphash: 3b49942ec6cef1898e97f741b2b5df8a
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 3be821abb1d26f9f18cbec3ba98bd1b1
-    SHA1: 496ae577a52cdbf6f19fb10bfb8a42448d9f2279
-    SHA256: c24f503462a98f7a8bf0dbff0c8242e1f3d4e6cdf4327152f508717f0eafee4b
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2020 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2020-01-04 10:59:21'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.2.0.0
-  Filename: ''
-  ImportedFunctions:
-  - KeBugCheck
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsProcessType
-  - PsGetProcessImageFileName
-  - PsLookupProcessByProcessId
-  - PsReferencePrimaryToken
-  - ZwOpenProcessTokenEx
-  - IoGetCurrentProcess
-  - ZwSetInformationProcess
-  - ZwClose
-  - ZwDuplicateToken
-  - PsInitialSystemProcess
-  - _vsnwprintf
-  - ObfDereferenceObject
-  - ObOpenObjectByPointer
-  - PsGetProcessId
-  - PsDereferencePrimaryToken
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IoFreeMdl
-  - MmProbeAndLockPages
-  - MmUnlockPages
-  - IoAllocateMdl
-  - ZwUnloadKey
-  - IoEnumerateRegisteredFiltersList
-  - KeBugCheckEx
-  - MmGetSystemRoutineAddress
-  - IoDeleteDevice
-  - RtlInitUnicodeString
-  - NtBuildNumber
-  - RtlCompareMemory
-  - IoDeleteSymbolicLink
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwindEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltEnumerateFilters
-  - FltObjectDereference
-  - FltGetVolumeFromInstance
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: 58c37866cbc3d1338e4fc58ada924ffe
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.2.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: d45d2640e1584c776a1d10e5f695d7ad
-    SHA1: fef88c261764494d9a145b37b7739f3454786729
-    SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
-  SHA1: 6c7663de88a0fba1f63a984f926c6ef449059e38
-  SHA256: 7b846b0a717665e4d9fb313f25d1f6a5b782e495387aea45cf87ad3c049ac0db
-  Sections:
-    .text:
-      Entropy: 6.135433819899731
-      Virtual Size: '0x325c'
-    .rdata:
-      Entropy: 3.838761518780343
-      Virtual Size: '0x1450'
-    .data:
-      Entropy: 2.2159905775744044
-      Virtual Size: '0x1934'
-    .pdata:
-      Entropy: 4.038755197475624
-      Virtual Size: '0x1b0'
-    PAGE:
-      Entropy: 6.068036657482388
-      Virtual Size: '0x28b'
-    INIT:
-      Entropy: 5.119968261124173
-      Virtual Size: '0x5e6'
-    .rsrc:
-      Entropy: 3.3478109419215607
-      Virtual Size: '0x430'
-    .reloc:
-      Entropy: 4.901711830072888
-      Virtual Size: '0x24c'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2026-04-13 10:00:00'
-      Signature: 1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 751e3ee9c5dc2f3e8f04e59dee5ed409
-      Version: 3
-      TBS:
-        MD5: a637f8f3c278575f41cda67c2063c050
-        SHA1: debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
-        SHA256: f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
-        SHA384: 8d32c5f71dc656c96a04609c17e9d8dc95c4f56d1a55165a265e244d34a3f7708e6c7d942376e4fbb3d2ac2f2609fd47
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 059c6bd84285f4960e767f032b33f19b
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 11397e23887327ebc3488a5c8c248fd3
-    SHA1: e3451a9f2de7be02b5d46cb7049d21bb0ca9363e
-    SHA256: f2d3101ef507e6d9ae5475d8fd9b1ca6d2548fe0454c25389d6981f1b33f88f7
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2017 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2018-08-19 17:53:35'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.1.1.0
-  Filename: ''
-  ImportedFunctions:
-  - NtBuildNumber
-  - IofCompleteRequest
-  - KeBugCheck
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsInitialSystemProcess
-  - ObfDereferenceObject
-  - PsLookupProcessByProcessId
-  - PsGetProcessImageFileName
-  - PsGetProcessId
-  - ZwClose
-  - ZwSetInformationProcess
-  - ZwDuplicateToken
-  - ObOpenObjectByPointer
-  - PsProcessType
-  - RtlInitUnicodeString
-  - PsReferencePrimaryToken
-  - IoGetCurrentProcess
-  - RtlCompareMemory
-  - ZwOpenProcessTokenEx
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - IoFreeMdl
-  - MmUnlockPages
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - memcpy
-  - KeServiceDescriptorTable
-  - IoEnumerateRegisteredFiltersList
-  - KeTickCount
-  - MmGetSystemRoutineAddress
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - memset
-  - PsDereferencePrimaryToken
-  - _vsnwprintf
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwind
-  - KeBugCheckEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltGetVolumeFromInstance
-  - FltObjectDereference
-  - FltEnumerateFilters
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: aa98b95f5cbae8260122de06a215ee10
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.1.1.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: c4873a245675b1071413f34af4d80050
-    SHA1: dd32c95fe9c3a8bcfa7623a732f2492214ff5881
-    SHA256: 2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
-  SHA1: 1fdb2474908bdd2ee1e9bd3f224626f9361caab7
-  SHA256: d7aa8abdda8a68b8418e86bef50c19ef2f34bc66e7b139e43c2a99ab48c933be
-  Sections:
-    .text:
-      Entropy: 6.202827671645787
-      Virtual Size: '0x23ae'
-    .rdata:
-      Entropy: 3.5407518814113015
-      Virtual Size: '0xe24'
-    .data:
-      Entropy: 2.9048205574982506
-      Virtual Size: '0xff4'
-    PAGE:
-      Entropy: 5.788042895055868
-      Virtual Size: '0x266'
-    INIT:
-      Entropy: 5.325440401058365
-      Virtual Size: '0x538'
-    .rsrc:
-      Entropy: 3.3588565214747637
-      Virtual Size: '0x438'
-    .reloc:
-      Entropy: 5.981826468919802
-      Virtual Size: '0x41e'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 3b49942ec6cef1898e97f741b2b5df8a
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 5462bedeee0d01475f6b129a7e7a96d2
-    SHA1: 3557c20c63fe9f08995f6d76ab6ad80cb2e11da6
-    SHA256: 714ac82a4e2b971f19df9c5cdcc7d7df52ac44ce1bfad675e50122406bed04a2
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2020 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2020-03-08 06:32:35'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.2.0.0
-  Filename: ''
-  ImportedFunctions:
-  - KeBugCheck
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsProcessType
-  - PsGetProcessImageFileName
-  - PsLookupProcessByProcessId
-  - PsReferencePrimaryToken
-  - ZwOpenProcessTokenEx
-  - IoGetCurrentProcess
-  - ZwSetInformationProcess
-  - ZwClose
-  - ZwDuplicateToken
-  - PsInitialSystemProcess
-  - _vsnwprintf
-  - ObfDereferenceObject
-  - ObOpenObjectByPointer
-  - PsGetProcessId
-  - PsDereferencePrimaryToken
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IoFreeMdl
-  - MmProbeAndLockPages
-  - MmUnlockPages
-  - IoAllocateMdl
-  - ZwUnloadKey
-  - IoEnumerateRegisteredFiltersList
-  - KeBugCheckEx
-  - MmGetSystemRoutineAddress
-  - IoDeleteDevice
-  - RtlInitUnicodeString
-  - NtBuildNumber
-  - RtlCompareMemory
-  - IoDeleteSymbolicLink
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwindEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltEnumerateFilters
-  - FltObjectDereference
-  - FltGetVolumeFromInstance
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: e1a9aa4c14669b1fb1f67a7266f87e82
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.2.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: d45d2640e1584c776a1d10e5f695d7ad
-    SHA1: fef88c261764494d9a145b37b7739f3454786729
-    SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
-  SHA1: 98130128685c8640a8a8391cb4718e98dd8fe542
-  SHA256: c42c1e5c3c04163bf61c3b86b04a5ec7d302af7e254990cef359ac80474299da
-  Sections:
-    .text:
-      Entropy: 6.135433819899731
-      Virtual Size: '0x325c'
-    .rdata:
-      Entropy: 3.8373920399664727
-      Virtual Size: '0x1450'
-    .data:
-      Entropy: 2.2159905775744044
-      Virtual Size: '0x1934'
-    .pdata:
-      Entropy: 4.038755197475624
-      Virtual Size: '0x1b0'
-    PAGE:
-      Entropy: 6.068036657482388
-      Virtual Size: '0x28b'
-    INIT:
-      Entropy: 5.119968261124173
-      Virtual Size: '0x5e6'
-    .rsrc:
-      Entropy: 3.3478109419215607
-      Virtual Size: '0x430'
-    .reloc:
-      Entropy: 4.901711830072888
-      Virtual Size: '0x24c'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2026-04-13 10:00:00'
-      Signature: 1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 751e3ee9c5dc2f3e8f04e59dee5ed409
-      Version: 3
-      TBS:
-        MD5: a637f8f3c278575f41cda67c2063c050
-        SHA1: debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
-        SHA256: f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
-        SHA384: 8d32c5f71dc656c96a04609c17e9d8dc95c4f56d1a55165a265e244d34a3f7708e6c7d942376e4fbb3d2ac2f2609fd47
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 059c6bd84285f4960e767f032b33f19b
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 3eabdd91d711f5a696d02a9a64e1192d
-    SHA1: bc893a4040dc41d18853d4d1c5d90d01564f79ef
-    SHA256: 054c2b8c5e89a2bff72eb6e1169537cf8654b614d9aac1e1e3d8ea02343872fc
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2017 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2017-06-06 18:25:53'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.1.0.0
-  Filename: ''
-  ImportedFunctions:
-  - NtBuildNumber
-  - IofCompleteRequest
-  - KeBugCheck
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsInitialSystemProcess
-  - ObfDereferenceObject
-  - PsLookupProcessByProcessId
-  - PsGetProcessImageFileName
-  - PsGetProcessId
-  - ZwClose
-  - ZwSetInformationProcess
-  - ZwDuplicateToken
-  - ObOpenObjectByPointer
-  - PsProcessType
-  - RtlInitUnicodeString
-  - PsReferencePrimaryToken
-  - IoGetCurrentProcess
-  - RtlCompareMemory
-  - ZwOpenProcessTokenEx
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - IoFreeMdl
-  - MmUnlockPages
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - memcpy
-  - KeServiceDescriptorTable
-  - IoEnumerateRegisteredFiltersList
-  - KeTickCount
-  - MmGetSystemRoutineAddress
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - memset
-  - PsDereferencePrimaryToken
-  - _vsnwprintf
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwind
-  - KeBugCheckEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltGetVolumeFromInstance
-  - FltObjectDereference
-  - FltEnumerateFilters
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: 5076fba3d90e346fd17f78db0a4aa12c
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.1.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: c4873a245675b1071413f34af4d80050
-    SHA1: dd32c95fe9c3a8bcfa7623a732f2492214ff5881
-    SHA256: 2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
-  SHA1: 9086e670e3a4518c0bcdf0da131748d4085ef42b
-  SHA256: 6d68d8a71a11458ddf0cbb73c0f145bee46ef29ce03ad7ece6bd6aa9d31db9b7
-  Sections:
-    .text:
-      Entropy: 6.199736289697868
-      Virtual Size: '0x236e'
-    .rdata:
-      Entropy: 3.557902175699288
-      Virtual Size: '0xde4'
-    .data:
-      Entropy: 2.962098389788266
-      Virtual Size: '0xeb0'
-    PAGE:
-      Entropy: 5.795507089372613
-      Virtual Size: '0x266'
-    INIT:
-      Entropy: 5.324875365502854
-      Virtual Size: '0x538'
-    .rsrc:
-      Entropy: 3.3682712956797647
-      Virtual Size: '0x440'
-    .reloc:
-      Entropy: 5.952195564032691
-      Virtual Size: '0x3fe'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 3b49942ec6cef1898e97f741b2b5df8a
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 61a26b2fe61a0d6037fdcbb047f97496
-    SHA1: 2cbec330507fb9951a7b0442bf4fe7b9d4cefd88
-    SHA256: 36670821bb4a9d69bb6193e21b0da5c52975f001d3ed2dd7ee6307a2cff8317c
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2020 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2020-09-16 04:01:34'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.2.0.0
-  Filename: ''
-  ImportedFunctions:
-  - NtBuildNumber
-  - IofCompleteRequest
-  - KeBugCheck
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsInitialSystemProcess
-  - ObfDereferenceObject
-  - PsLookupProcessByProcessId
-  - PsGetProcessImageFileName
-  - PsGetProcessId
-  - ZwClose
-  - ZwSetInformationProcess
-  - ZwDuplicateToken
-  - ObOpenObjectByPointer
-  - PsProcessType
-  - RtlInitUnicodeString
-  - PsReferencePrimaryToken
-  - IoGetCurrentProcess
-  - RtlCompareMemory
-  - ZwOpenProcessTokenEx
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - IoFreeMdl
-  - MmUnlockPages
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - memcpy
-  - KeServiceDescriptorTable
-  - IoEnumerateRegisteredFiltersList
-  - KeTickCount
-  - MmGetSystemRoutineAddress
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - memset
-  - PsDereferencePrimaryToken
-  - _vsnwprintf
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwind
-  - KeBugCheckEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltGetVolumeFromInstance
-  - FltObjectDereference
-  - FltEnumerateFilters
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: 840a5edf2534dd23a082cf7b28cbfc4d
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.2.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: c4873a245675b1071413f34af4d80050
-    SHA1: dd32c95fe9c3a8bcfa7623a732f2492214ff5881
-    SHA256: 2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
-  SHA1: 8ad0919629731b9a8062f7d3d4a727b28f22e81a
-  SHA256: b0b80a11802b4a8ca69c818a03e76e7ef57c2e293de456439401e8e6073f8719
-  Sections:
-    .text:
-      Entropy: 6.2064317372812985
-      Virtual Size: '0x2404'
-    .rdata:
-      Entropy: 3.545194142432988
-      Virtual Size: '0xff4'
-    .data:
-      Entropy: 2.813191841547333
-      Virtual Size: '0x14dc'
-    PAGE:
-      Entropy: 5.804360087879422
-      Virtual Size: '0x266'
-    INIT:
-      Entropy: 5.4281677070245955
-      Virtual Size: '0x538'
-    .rsrc:
-      Entropy: 3.3459452702797696
-      Virtual Size: '0x430'
-    .reloc:
-      Entropy: 6.0011548156682
-      Virtual Size: '0x4a0'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2026-04-13 10:00:00'
-      Signature: 1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 751e3ee9c5dc2f3e8f04e59dee5ed409
-      Version: 3
-      TBS:
-        MD5: a637f8f3c278575f41cda67c2063c050
-        SHA1: debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
-        SHA256: f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
-        SHA384: 8d32c5f71dc656c96a04609c17e9d8dc95c4f56d1a55165a265e244d34a3f7708e6c7d942376e4fbb3d2ac2f2609fd47
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 3b49942ec6cef1898e97f741b2b5df8a
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 5d9f62bffce7ee809a2eaf9ca717dd02
-    SHA1: ba4f2cf927b7ff43e97f50691a494e11a0a469a9
-    SHA256: 2ac415873e0a8638f5154ac4c1713b6f0527119b59706df65a5b3ed73ece02a6
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2020 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2020-05-02 08:23:45'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.2.0.0
-  Filename: ''
-  ImportedFunctions:
-  - KeBugCheck
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsProcessType
-  - PsGetProcessImageFileName
-  - PsLookupProcessByProcessId
-  - PsReferencePrimaryToken
-  - ZwOpenProcessTokenEx
-  - IoGetCurrentProcess
-  - ZwSetInformationProcess
-  - ZwClose
-  - ZwDuplicateToken
-  - PsInitialSystemProcess
-  - _vsnwprintf
-  - ObfDereferenceObject
-  - ObOpenObjectByPointer
-  - PsGetProcessId
-  - PsDereferencePrimaryToken
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IoFreeMdl
-  - MmProbeAndLockPages
-  - MmUnlockPages
-  - IoAllocateMdl
-  - ZwUnloadKey
-  - IoEnumerateRegisteredFiltersList
-  - KeBugCheckEx
-  - MmGetSystemRoutineAddress
-  - IoDeleteDevice
-  - RtlInitUnicodeString
-  - NtBuildNumber
-  - RtlCompareMemory
-  - IoDeleteSymbolicLink
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwindEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltEnumerateFilters
-  - FltObjectDereference
-  - FltGetVolumeFromInstance
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: c1ab425977d467b64f437a6c5ad82b44
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.2.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: d45d2640e1584c776a1d10e5f695d7ad
-    SHA1: fef88c261764494d9a145b37b7739f3454786729
-    SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
-  SHA1: ab4399647ebd16c02728c702534a30eb0b7ccbe7
-  SHA256: 0f98492c92e35042b09032e3d9aedc357e4df94fc840217fa1091046f9248a06
-  Sections:
-    .text:
-      Entropy: 6.135433819899731
-      Virtual Size: '0x325c'
-    .rdata:
-      Entropy: 3.8363024152990204
-      Virtual Size: '0x1450'
-    .data:
-      Entropy: 2.2159905775744044
-      Virtual Size: '0x1934'
-    .pdata:
-      Entropy: 4.038755197475624
-      Virtual Size: '0x1b0'
-    PAGE:
-      Entropy: 6.068036657482388
-      Virtual Size: '0x28b'
-    INIT:
-      Entropy: 5.119968261124173
-      Virtual Size: '0x5e6'
-    .rsrc:
-      Entropy: 3.3478109419215607
-      Virtual Size: '0x430'
-    .reloc:
-      Entropy: 4.901711830072888
-      Virtual Size: '0x24c'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2026-04-13 10:00:00'
-      Signature: 1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 751e3ee9c5dc2f3e8f04e59dee5ed409
-      Version: 3
-      TBS:
-        MD5: a637f8f3c278575f41cda67c2063c050
-        SHA1: debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
-        SHA256: f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
-        SHA384: 8d32c5f71dc656c96a04609c17e9d8dc95c4f56d1a55165a265e244d34a3f7708e6c7d942376e4fbb3d2ac2f2609fd47
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 059c6bd84285f4960e767f032b33f19b
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 2e081681b4d0312dc306f9cb9014d8a7
-    SHA1: 4c5406a663664443c16374ab8e29bcd984a4ba47
-    SHA256: 8e1d02a67ad311f9e48d42813e6d208bda3e7e4da0d212d7b484a8454b41678c
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2017 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2017-12-18 17:16:07'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.1.1.0
-  Filename: ''
-  ImportedFunctions:
-  - NtBuildNumber
-  - IofCompleteRequest
-  - KeBugCheck
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsInitialSystemProcess
-  - ObfDereferenceObject
-  - PsLookupProcessByProcessId
-  - PsGetProcessImageFileName
-  - PsGetProcessId
-  - ZwClose
-  - ZwSetInformationProcess
-  - ZwDuplicateToken
-  - ObOpenObjectByPointer
-  - PsProcessType
-  - RtlInitUnicodeString
-  - PsReferencePrimaryToken
-  - IoGetCurrentProcess
-  - RtlCompareMemory
-  - ZwOpenProcessTokenEx
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - IoFreeMdl
-  - MmUnlockPages
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - memcpy
-  - KeServiceDescriptorTable
-  - IoEnumerateRegisteredFiltersList
-  - KeTickCount
-  - MmGetSystemRoutineAddress
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - memset
-  - PsDereferencePrimaryToken
-  - _vsnwprintf
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwind
-  - KeBugCheckEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltGetVolumeFromInstance
-  - FltObjectDereference
-  - FltEnumerateFilters
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: c4a517a02ba9f6eac5cf06e3629cc076
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.1.1.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: c4873a245675b1071413f34af4d80050
-    SHA1: dd32c95fe9c3a8bcfa7623a732f2492214ff5881
-    SHA256: 2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
-  SHA1: 40df7a55c200371853cc3fd3cc03b5ac932f5cd6
-  SHA256: ec96b15ce218f97ec1d8f07f13b052d274c4c8438f31daf246ccfaaee5e1bebd
-  Sections:
-    .text:
-      Entropy: 6.198093347366582
-      Virtual Size: '0x239e'
-    .rdata:
-      Entropy: 3.547638774205631
-      Virtual Size: '0xe04'
-    .data:
-      Entropy: 2.8887582835017827
-      Virtual Size: '0xff8'
-    PAGE:
-      Entropy: 5.783313787388865
-      Virtual Size: '0x266'
-    INIT:
-      Entropy: 5.323943395070341
-      Virtual Size: '0x538'
-    .rsrc:
-      Entropy: 3.3804140325955863
-      Virtual Size: '0x440'
-    .reloc:
-      Entropy: 5.967349329602677
-      Virtual Size: '0x41e'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 3b49942ec6cef1898e97f741b2b5df8a
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 8f336d1fbb353fd34fa196003f855db3
-    SHA1: 74ead5c8d4b3428f6348f09fcd29bf97701812be
-    SHA256: 77280614edf2e476a853c7881a4ff1402d67d4dd3e218af657f44fd4d4fbdbcb
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2019 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2019-07-20 14:57:32'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.2.0.0
-  Filename: ''
-  ImportedFunctions:
-  - KeBugCheck
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsProcessType
-  - PsGetProcessImageFileName
-  - PsLookupProcessByProcessId
-  - PsReferencePrimaryToken
-  - ZwOpenProcessTokenEx
-  - IoGetCurrentProcess
-  - ZwSetInformationProcess
-  - ZwClose
-  - ZwDuplicateToken
-  - PsInitialSystemProcess
-  - _vsnwprintf
-  - ObfDereferenceObject
-  - ObOpenObjectByPointer
-  - PsGetProcessId
-  - PsDereferencePrimaryToken
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IoFreeMdl
-  - MmProbeAndLockPages
-  - MmUnlockPages
-  - IoAllocateMdl
-  - ZwUnloadKey
-  - IoEnumerateRegisteredFiltersList
-  - KeBugCheckEx
-  - MmGetSystemRoutineAddress
-  - IoDeleteDevice
-  - RtlInitUnicodeString
-  - NtBuildNumber
-  - RtlCompareMemory
-  - IoDeleteSymbolicLink
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwindEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltEnumerateFilters
-  - FltObjectDereference
-  - FltGetVolumeFromInstance
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: d416494232c4197cb36a914df2e17677
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.2.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: d45d2640e1584c776a1d10e5f695d7ad
-    SHA1: fef88c261764494d9a145b37b7739f3454786729
-    SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
-  SHA1: c42178977bd7bbefe084da0129ed808cb7266204
-  SHA256: b0a27ac1a8173413de13860d2b2e34cb6bc4d1149f94b62d319042e11d8b004c
-  Sections:
-    .text:
-      Entropy: 6.135433819899731
-      Virtual Size: '0x325c'
-    .rdata:
-      Entropy: 3.836260299365183
-      Virtual Size: '0x1450'
-    .data:
-      Entropy: 2.2159905775744044
-      Virtual Size: '0x1934'
-    .pdata:
-      Entropy: 4.038755197475624
-      Virtual Size: '0x1b0'
-    PAGE:
-      Entropy: 6.068036657482388
-      Virtual Size: '0x28b'
-    INIT:
-      Entropy: 5.119968261124173
-      Virtual Size: '0x5e6'
-    .rsrc:
-      Entropy: 3.3547531988948798
-      Virtual Size: '0x430'
-    .reloc:
-      Entropy: 4.901711830072888
-      Virtual Size: '0x24c'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 059c6bd84285f4960e767f032b33f19b
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 428ace923d811b754b41a4108a862809
-    SHA1: 5610d6f3c2d45ca61b501d343fc8acf3ae4ce2a8
-    SHA256: 028011ae3cd1d972b7c46fc8261f583d1fe5dedcef02ee63ee532b3668bfdc25
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2019 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2019-04-08 16:53:54'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.2.0.0
-  Filename: ''
-  ImportedFunctions:
-  - NtBuildNumber
-  - IofCompleteRequest
-  - KeBugCheck
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsInitialSystemProcess
-  - ObfDereferenceObject
-  - PsLookupProcessByProcessId
-  - PsGetProcessImageFileName
-  - PsGetProcessId
-  - ZwClose
-  - ZwSetInformationProcess
-  - ZwDuplicateToken
-  - ObOpenObjectByPointer
-  - PsProcessType
-  - RtlInitUnicodeString
-  - PsReferencePrimaryToken
-  - IoGetCurrentProcess
-  - RtlCompareMemory
-  - ZwOpenProcessTokenEx
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - IoFreeMdl
-  - MmUnlockPages
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - memcpy
-  - KeServiceDescriptorTable
-  - IoEnumerateRegisteredFiltersList
-  - KeTickCount
-  - MmGetSystemRoutineAddress
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - memset
-  - PsDereferencePrimaryToken
-  - _vsnwprintf
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwind
-  - KeBugCheckEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltGetVolumeFromInstance
-  - FltObjectDereference
-  - FltEnumerateFilters
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: abc168fdca7169bf9dc40cec9761018d
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.2.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: c4873a245675b1071413f34af4d80050
-    SHA1: dd32c95fe9c3a8bcfa7623a732f2492214ff5881
-    SHA256: 2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
-  SHA1: 89165bbb761d6742ac2a6f5efbffc80c17990bd8
-  SHA256: f6157e033a12520c73dcedf8e49cd42d103e5874c34d6527bb9de25a5d26e5ad
-  Sections:
-    .text:
-      Entropy: 6.19967108907113
-      Virtual Size: '0x23e4'
-    .rdata:
-      Entropy: 3.5742068392215858
-      Virtual Size: '0xeb4'
-    .data:
-      Entropy: 2.918973466238896
-      Virtual Size: '0x112c'
-    PAGE:
-      Entropy: 5.809009522687684
-      Virtual Size: '0x266'
-    INIT:
-      Entropy: 5.438798437403421
-      Virtual Size: '0x538'
-    .rsrc:
-      Entropy: 3.3528875272530887
-      Virtual Size: '0x430'
-    .reloc:
-      Entropy: 5.942057100341831
-      Virtual Size: '0x446'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 3b49942ec6cef1898e97f741b2b5df8a
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 5ec7174b07ff641f2f8e9d3d05528c81
-    SHA1: c204693c32d015a5123b408390eb0cca0a4ea1ed
-    SHA256: 4d11419d2f1d6217481d12d3f3fcd13f693f7454f9fadcdeee72bdc0ce06c8e2
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2016 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2017-01-20 17:21:49'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.1.0.0
-  Filename: ''
-  ImportedFunctions:
-  - NtBuildNumber
-  - IofCompleteRequest
-  - KeBugCheck
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsInitialSystemProcess
-  - ObfDereferenceObject
-  - PsLookupProcessByProcessId
-  - PsGetProcessImageFileName
-  - PsGetProcessId
-  - ZwClose
-  - ZwSetInformationProcess
-  - ZwDuplicateToken
-  - ObOpenObjectByPointer
-  - PsProcessType
-  - RtlInitUnicodeString
-  - PsReferencePrimaryToken
-  - IoGetCurrentProcess
-  - RtlCompareMemory
-  - ZwOpenProcessTokenEx
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - IoFreeMdl
-  - MmUnlockPages
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - memcpy
-  - KeServiceDescriptorTable
-  - IoEnumerateRegisteredFiltersList
-  - KeTickCount
-  - MmGetSystemRoutineAddress
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - memset
-  - PsDereferencePrimaryToken
-  - _vsnwprintf
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwind
-  - KeBugCheckEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltGetVolumeFromInstance
-  - FltObjectDereference
-  - FltEnumerateFilters
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: 77cfd3943cc34d9f5279c330cd8940bc
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.1.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: c4873a245675b1071413f34af4d80050
-    SHA1: dd32c95fe9c3a8bcfa7623a732f2492214ff5881
-    SHA256: 2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
-  SHA1: 1048f641adf3988d882a159bf1332eeb6d6a7f09
-  SHA256: 4af8192870afe18c77381dfaf8478f8914fa32906812bb53073da284a49ae4c7
-  Sections:
-    .text:
-      Entropy: 6.189266621409851
-      Virtual Size: '0x235e'
-    .rdata:
-      Entropy: 3.5648732915299184
-      Virtual Size: '0xdc4'
-    .data:
-      Entropy: 2.9710357364934694
-      Virtual Size: '0xd68'
-    PAGE:
-      Entropy: 5.8055474754253495
-      Virtual Size: '0x266'
-    INIT:
-      Entropy: 5.325440401058366
-      Virtual Size: '0x538'
-    .rsrc:
-      Entropy: 3.3682712956797647
-      Virtual Size: '0x440'
-    .reloc:
-      Entropy: 5.910661392306955
-      Virtual Size: '0x3e0'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 3b49942ec6cef1898e97f741b2b5df8a
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: a100ac9683e98fca3ac42bf39b003cb0
-    SHA1: 6b202f5986e6a47b2f2ca5cba5c61f0c4be9cf8e
-    SHA256: 1e0133cfe93c0e1cdd995b8668134bafcd35976c8f02400112668d91da7eb34a
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2017 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2017-04-09 15:24:17'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.1.0.0
-  Filename: ''
-  ImportedFunctions:
-  - KeBugCheck
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsProcessType
-  - PsGetProcessImageFileName
-  - PsLookupProcessByProcessId
-  - PsReferencePrimaryToken
-  - ZwOpenProcessTokenEx
-  - IoGetCurrentProcess
-  - ZwSetInformationProcess
-  - ZwClose
-  - ZwDuplicateToken
-  - PsInitialSystemProcess
-  - _vsnwprintf
-  - ObfDereferenceObject
-  - ObOpenObjectByPointer
-  - PsGetProcessId
-  - PsDereferencePrimaryToken
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IoFreeMdl
-  - MmProbeAndLockPages
-  - MmUnlockPages
-  - IoAllocateMdl
-  - ZwUnloadKey
-  - IoEnumerateRegisteredFiltersList
-  - KeBugCheckEx
-  - MmGetSystemRoutineAddress
-  - IoDeleteDevice
-  - RtlInitUnicodeString
-  - NtBuildNumber
-  - RtlCompareMemory
-  - IoDeleteSymbolicLink
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwindEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltEnumerateFilters
-  - FltObjectDereference
-  - FltGetVolumeFromInstance
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: a37ed7663073319d02f2513575a22995
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.1.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: d45d2640e1584c776a1d10e5f695d7ad
-    SHA1: fef88c261764494d9a145b37b7739f3454786729
-    SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
-  SHA1: 005754dab657ddc6dae28eee313ca2cc6a0c375c
-  SHA256: a78c9871da09fab21aec9b88a4e880f81ecb1ed0fa941f31cc2f041067e8e972
-  Sections:
-    .text:
-      Entropy: 6.137944463935485
-      Virtual Size: '0x319c'
-    .rdata:
-      Entropy: 3.8505182893396532
-      Virtual Size: '0x1340'
-    .data:
-      Entropy: 2.3461427985512437
-      Virtual Size: '0x12e4'
-    .pdata:
-      Entropy: 4.010051195917961
-      Virtual Size: '0x1b0'
-    PAGE:
-      Entropy: 6.083244237405415
-      Virtual Size: '0x28b'
-    INIT:
-      Entropy: 5.119968261124173
-      Virtual Size: '0x5e6'
-    .rsrc:
-      Entropy: 3.370803361398665
-      Virtual Size: '0x440'
-    .reloc:
-      Entropy: 4.705915669612521
-      Virtual Size: '0x1d4'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 059c6bd84285f4960e767f032b33f19b
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 931256ebd447cf1d01ad99dddc6f0c5e
-    SHA1: 322c7020b513df1b694be2d7be3b6b3ac2251639
-    SHA256: 0867af893422b7191e77907de58faf787d4763cc7e9a2a3a91c72f1995a9c3f3
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2020 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2020-05-18 16:48:26'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.2.0.0
-  Filename: ''
-  ImportedFunctions:
-  - NtBuildNumber
-  - IofCompleteRequest
-  - KeBugCheck
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsInitialSystemProcess
-  - ObfDereferenceObject
-  - PsLookupProcessByProcessId
-  - PsGetProcessImageFileName
-  - PsGetProcessId
-  - ZwClose
-  - ZwSetInformationProcess
-  - ZwDuplicateToken
-  - ObOpenObjectByPointer
-  - PsProcessType
-  - RtlInitUnicodeString
-  - PsReferencePrimaryToken
-  - IoGetCurrentProcess
-  - RtlCompareMemory
-  - ZwOpenProcessTokenEx
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - IoFreeMdl
-  - MmUnlockPages
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - memcpy
-  - KeServiceDescriptorTable
-  - IoEnumerateRegisteredFiltersList
-  - KeTickCount
-  - MmGetSystemRoutineAddress
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - memset
-  - PsDereferencePrimaryToken
-  - _vsnwprintf
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwind
-  - KeBugCheckEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltGetVolumeFromInstance
-  - FltObjectDereference
-  - FltEnumerateFilters
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: d6a1dd7b2c06f058b408b3613c13d413
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.2.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: c4873a245675b1071413f34af4d80050
-    SHA1: dd32c95fe9c3a8bcfa7623a732f2492214ff5881
-    SHA256: 2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
-  SHA1: 09375f13521fc0cacf2cf0a28b2a9248f71498d7
-  SHA256: 2456a7921fa8ab7b9779e5665e6b42fccc019feb9e49a9a28a33ec0a4bb323c4
-  Sections:
-    .text:
-      Entropy: 6.2064317372812985
-      Virtual Size: '0x2404'
-    .rdata:
-      Entropy: 3.546922502761428
-      Virtual Size: '0xff4'
-    .data:
-      Entropy: 2.813191841547333
-      Virtual Size: '0x14dc'
-    PAGE:
-      Entropy: 5.804360087879422
-      Virtual Size: '0x266'
-    INIT:
-      Entropy: 5.4281677070245955
-      Virtual Size: '0x538'
-    .rsrc:
-      Entropy: 3.3459452702797696
-      Virtual Size: '0x430'
-    .reloc:
-      Entropy: 6.0011548156682
-      Virtual Size: '0x4a0'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2026-04-13 10:00:00'
-      Signature: 1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 751e3ee9c5dc2f3e8f04e59dee5ed409
-      Version: 3
-      TBS:
-        MD5: a637f8f3c278575f41cda67c2063c050
-        SHA1: debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
-        SHA256: f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
-        SHA384: 8d32c5f71dc656c96a04609c17e9d8dc95c4f56d1a55165a265e244d34a3f7708e6c7d942376e4fbb3d2ac2f2609fd47
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 3b49942ec6cef1898e97f741b2b5df8a
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 0b1ae7891dd66b54b045f4015e98cb23
-    SHA1: 1e4650f09fe5e378bcd186cc42dff679723c1534
-    SHA256: 63e9918f94a1ae5d71e8972f49bfbce13d8b1774b7237b022f182f03cc9ce715
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2020 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2020-09-16 19:07:11'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.2.0.0
-  Filename: ''
-  ImportedFunctions:
-  - NtBuildNumber
-  - IofCompleteRequest
-  - KeBugCheck
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsInitialSystemProcess
-  - ObfDereferenceObject
-  - PsLookupProcessByProcessId
-  - PsGetProcessImageFileName
-  - PsGetProcessId
-  - ZwClose
-  - ZwSetInformationProcess
-  - ZwDuplicateToken
-  - ObOpenObjectByPointer
-  - PsProcessType
-  - RtlInitUnicodeString
-  - PsReferencePrimaryToken
-  - IoGetCurrentProcess
-  - RtlCompareMemory
-  - ZwOpenProcessTokenEx
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - IoFreeMdl
-  - MmUnlockPages
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - memcpy
-  - KeServiceDescriptorTable
-  - IoEnumerateRegisteredFiltersList
-  - KeTickCount
-  - MmGetSystemRoutineAddress
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - memset
-  - PsDereferencePrimaryToken
-  - _vsnwprintf
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwind
-  - KeBugCheckEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltGetVolumeFromInstance
-  - FltObjectDereference
-  - FltEnumerateFilters
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: e37a08f516b8a7ca64163f5d9e68fe5a
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.2.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: c4873a245675b1071413f34af4d80050
-    SHA1: dd32c95fe9c3a8bcfa7623a732f2492214ff5881
-    SHA256: 2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
-  SHA1: e730eb971ecb493b69de2308b6412836303f733a
-  SHA256: 94c71954ac0b1fd9fa2bd5c506a16302100ba75d9f84f39ee9b333546c714601
-  Sections:
-    .text:
-      Entropy: 6.2064317372812985
-      Virtual Size: '0x2404'
-    .rdata:
-      Entropy: 3.544935150802994
-      Virtual Size: '0xff4'
-    .data:
-      Entropy: 2.813191841547333
-      Virtual Size: '0x14dc'
-    PAGE:
-      Entropy: 5.804360087879422
-      Virtual Size: '0x266'
-    INIT:
-      Entropy: 5.4281677070245955
-      Virtual Size: '0x538'
-    .rsrc:
-      Entropy: 3.3459452702797696
-      Virtual Size: '0x430'
-    .reloc:
-      Entropy: 6.0011548156682
-      Virtual Size: '0x4a0'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2026-04-13 10:00:00'
-      Signature: 1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 751e3ee9c5dc2f3e8f04e59dee5ed409
-      Version: 3
-      TBS:
-        MD5: a637f8f3c278575f41cda67c2063c050
-        SHA1: debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
-        SHA256: f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
-        SHA384: 8d32c5f71dc656c96a04609c17e9d8dc95c4f56d1a55165a265e244d34a3f7708e6c7d942376e4fbb3d2ac2f2609fd47
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 3b49942ec6cef1898e97f741b2b5df8a
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: c71dea7c26db633e2af7e3fc9ca4516c
-    SHA1: 1ffad2d690442310d981d7dd8b2f37e95597822e
-    SHA256: bf2ab728d27075bf2245ddc3257ad8df5179c8c4a449493ea995af9a979d6a2e
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2013 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2013-12-03 16:32:24'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.0.0.0
-  Filename: ''
-  ImportedFunctions:
-  - KeBugCheck
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsInitialSystemProcess
-  - ObfDereferenceObject
-  - PsLookupProcessByProcessId
-  - PsGetProcessImageFileName
-  - PsGetProcessId
-  - ZwClose
-  - ZwSetInformationProcess
-  - ZwDuplicateToken
-  - ObOpenObjectByPointer
-  - IofCompleteRequest
-  - PsDereferencePrimaryToken
-  - PsReferencePrimaryToken
-  - IoGetCurrentProcess
-  - RtlCompareMemory
-  - ZwOpenProcessTokenEx
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - KeServiceDescriptorTable
-  - MmGetSystemRoutineAddress
-  - RtlInitUnicodeString
-  - IoEnumerateRegisteredFiltersList
-  - KeTickCount
-  - NtBuildNumber
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - memset
-  - PsProcessType
-  - _vsnwprintf
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwind
-  - KeBugCheckEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltGetVolumeFromInstance
-  - FltObjectDereference
-  - FltEnumerateFilters
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: d5918d735a23f746f0e83f724c4f26e5
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.0.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 9ef7d3e0d40381093233ad6158457c82
-    SHA1: de9692ae52b47eb6c3384d87c48ae5b8abec3472
-    SHA256: 38e33f9063e4b5374496e628a2d0cc0858d3b9ce65fd320d40928b79a0fef5e9
-  SHA1: 607387cc90b93d58d6c9a432340261fde846b1d9
-  SHA256: 30e083cd7616b1b969a92fd18cf03097735596cce7fcf3254b2ca344e526acc2
-  Sections:
-    .text:
-      Entropy: 6.2023192982706234
-      Virtual Size: '0x1fec'
-    .rdata:
-      Entropy: 3.522726552178584
-      Virtual Size: '0xbe4'
-    .data:
-      Entropy: 3.0756426415570397
-      Virtual Size: '0x984'
-    PAGE:
-      Entropy: 5.811183490770206
-      Virtual Size: '0x266'
-    INIT:
-      Entropy: 5.304412008980706
-      Virtual Size: '0x4d8'
-    .rsrc:
-      Entropy: 3.354329850500769
-      Virtual Size: '0x440'
-    .reloc:
-      Entropy: 5.788661304677221
-      Virtual Size: '0x34a'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Timestamping CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2028-01-28 12:00:00'
-      Signature: 4e5e56901e46b4d94931f3bb1739281bc216ddfd41dc0905049b6fb2a29ad6992e40990055b5ea3fa52076d38634d417cc553ac782eeefa8babcd8069f1550dfcd167b523a02d7191afdaff0785ce04bc518df3a241edaacb8a95804020730dbb0125efe31bef00448f4f070f83a5e5683cf3dfb0dbcf4c5ed979db9d4dba52784e3389b8ba735864420a43b6da46a0ba183fd28ebdaef28f6cc885dfb0a3b00abe021ebe22f356c0f8e344597eba2f79933357ecb9a8abb454de73f9fc2d98afa65b26ec77e65ffe892e12c31a2f7b02736488f266f3bee4d761f79c3e57f9635bc2d0ecc01b08e7fff518080a792d4b34446648c874f166307314b63b0dff3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee152d7
-      Version: 3
-      TBS:
-        MD5: e140543fe3256027cfa79fc3c19c1776
-        SHA1: c655f94eb1ecc93de319fc0c9a2dc6c5ec063728
-        SHA256: 3ca71e85908ff67368e4dc00253f5691b9e6d50c966e7784143d75fb92aa3448
-        SHA384: d9d366f9328f2b55ee19a32cc5fd5148b81d764282fe5dc196c872ae249caa51d2c212ef39f33945dfe0cda81925e326
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=SG, O=GMO GlobalSign Pte Ltd, CN=GlobalSign TSA for MS Authenticode
-        , G1
-      ValidFrom: '2013-08-23 00:00:00'
-      ValidTo: '2024-09-23 00:00:00'
-      Signature: 0231142e5857644185e8af12753c881cc35eec2ce9a13cf5baaa531db9d12963dc436786d439dadec6c9ffbe4585f4a4d7c151ea18ee40585ee67bcca241291338c8ea21169cce90a62efba6cad994df401df902182bbef65d4f9fff9a48dbc50509ca80cea0f9dc4bc323e6038fb4b4af5b71296191181a6b7af2fd0dd1cd7d5e98ebba705ee5f4ea43de353dc514818adb3e105ebb72faa1a093ab031cc1653c91138b045d2bc4b9161bcc55c50ce8abe743c9b28328a5531347ab3964b91cea3430b176009521f1d43da8fda00032d76e983ca69c3b0b83becbb8bb2a268c59b8b9aeaf26ace234a2dc210d810b3813f745a3e3dbc4aca16d1bb7e5615cd7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1121405c1f0ed258882be54d8686ba11ea45
-      Version: 3
-      TBS:
-        MD5: b95cbc184d388718612d5933f7b36770
-        SHA1: ff124c5d160710720108616ffee99bbe090ed363
-        SHA256: 13027620255363f07bbf85ae7d0dc06c07d8b0f4368b12f983ee3f4fce605733
-        SHA384: f42ed00f615f2822dcd3d33794477428afb52ddab932ebcde3586f92a27e18f9faba6b3334ca4e59e0cb24bdbf8395a6
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 87fd2b54ed568e2294300e164b8c46f7
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: add099b0c47042a564bcd05951d11bb0
-    SHA1: 37cdbacc289a5750701dd418f39d933f29e3c5d6
-    SHA256: 91e64a75caa5015cb1d874372e4fdfefa506de680a962fdd97b83206bdf1e27e
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2016 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2016-10-05 12:44:38'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.1.0.0
-  Filename: ''
-  ImportedFunctions:
-  - NtBuildNumber
-  - IofCompleteRequest
-  - KeBugCheck
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsInitialSystemProcess
-  - ObfDereferenceObject
-  - PsLookupProcessByProcessId
-  - PsGetProcessImageFileName
-  - PsGetProcessId
-  - ZwClose
-  - ZwSetInformationProcess
-  - ZwDuplicateToken
-  - ObOpenObjectByPointer
-  - PsProcessType
-  - RtlInitUnicodeString
-  - PsReferencePrimaryToken
-  - IoGetCurrentProcess
-  - RtlCompareMemory
-  - ZwOpenProcessTokenEx
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - IoFreeMdl
-  - MmUnlockPages
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - memcpy
-  - KeServiceDescriptorTable
-  - IoEnumerateRegisteredFiltersList
-  - KeTickCount
-  - MmGetSystemRoutineAddress
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - memset
-  - PsDereferencePrimaryToken
-  - _vsnwprintf
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwind
-  - KeBugCheckEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltGetVolumeFromInstance
-  - FltObjectDereference
-  - FltEnumerateFilters
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: 32b67a6cd6dd998b9f563ed13d54a8bc
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.1.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: c4873a245675b1071413f34af4d80050
-    SHA1: dd32c95fe9c3a8bcfa7623a732f2492214ff5881
-    SHA256: 2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
-  SHA1: acb8e45ebd1252313ece94198df47edf9294e7d3
-  SHA256: 897f2bbe81fc3b1ae488114b93f3eb0133a85678d061c7a6f718507971f33736
-  Sections:
-    .text:
-      Entropy: 6.192606376629303
-      Virtual Size: '0x235e'
-    .rdata:
-      Entropy: 3.5619611126304327
-      Virtual Size: '0xd74'
-    .data:
-      Entropy: 3.090718615812188
-      Virtual Size: '0xc38'
-    PAGE:
-      Entropy: 5.808211110642614
-      Virtual Size: '0x266'
-    INIT:
-      Entropy: 5.323943395070341
-      Virtual Size: '0x538'
-    .rsrc:
-      Entropy: 3.3682712956797647
-      Virtual Size: '0x440'
-    .reloc:
-      Entropy: 5.885744788394298
-      Virtual Size: '0x3c2'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 3b49942ec6cef1898e97f741b2b5df8a
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 2e4dfda0e2f4d7987914bbfb65851dbc
-    SHA1: df5b27a1f2eacf4dc0f0c74cff377ffc4299fbcc
-    SHA256: 16b6a65d569ad3d0a1ff5aaf2374c28cebab4a289ffee42b79f7a48d5979b579
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2020 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2020-08-06 18:22:25'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.2.0.0
-  Filename: ''
-  ImportedFunctions:
-  - KeBugCheck
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsProcessType
-  - PsGetProcessImageFileName
-  - PsLookupProcessByProcessId
-  - PsReferencePrimaryToken
-  - ZwOpenProcessTokenEx
-  - IoGetCurrentProcess
-  - ZwSetInformationProcess
-  - ZwClose
-  - ZwDuplicateToken
-  - PsInitialSystemProcess
-  - _vsnwprintf
-  - ObfDereferenceObject
-  - ObOpenObjectByPointer
-  - PsGetProcessId
-  - PsDereferencePrimaryToken
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IoFreeMdl
-  - MmProbeAndLockPages
-  - MmUnlockPages
-  - IoAllocateMdl
-  - ZwUnloadKey
-  - IoEnumerateRegisteredFiltersList
-  - KeBugCheckEx
-  - MmGetSystemRoutineAddress
-  - IoDeleteDevice
-  - RtlInitUnicodeString
-  - NtBuildNumber
-  - RtlCompareMemory
-  - IoDeleteSymbolicLink
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwindEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltEnumerateFilters
-  - FltObjectDereference
-  - FltGetVolumeFromInstance
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: 19b15eeccab0752c6793f782ca665a45
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.2.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: d45d2640e1584c776a1d10e5f695d7ad
-    SHA1: fef88c261764494d9a145b37b7739f3454786729
-    SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
-  SHA1: ac18c7847c32957abe8155bcbe71c1f35753b527
-  SHA256: 569fe70bedd0df8585689b0e88ad8bd0544fdf88b9dbfc2076f4bdbcf89c28aa
-  Sections:
-    .text:
-      Entropy: 6.133976095876382
-      Virtual Size: '0x329c'
-    .rdata:
-      Entropy: 3.8367849020686293
-      Virtual Size: '0x1490'
-    .data:
-      Entropy: 2.1710929957450715
-      Virtual Size: '0x1c54'
-    .pdata:
-      Entropy: 3.9857737110778095
-      Virtual Size: '0x1b0'
-    PAGE:
-      Entropy: 6.058535435224619
-      Virtual Size: '0x28b'
-    INIT:
-      Entropy: 5.119968261124173
-      Virtual Size: '0x5e6'
-    .rsrc:
-      Entropy: 3.3478109419215607
-      Virtual Size: '0x430'
-    .reloc:
-      Entropy: 5.011052354824561
-      Virtual Size: '0x288'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2026-04-13 10:00:00'
-      Signature: 1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 751e3ee9c5dc2f3e8f04e59dee5ed409
-      Version: 3
-      TBS:
-        MD5: a637f8f3c278575f41cda67c2063c050
-        SHA1: debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
-        SHA256: f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
-        SHA384: 8d32c5f71dc656c96a04609c17e9d8dc95c4f56d1a55165a265e244d34a3f7708e6c7d942376e4fbb3d2ac2f2609fd47
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 059c6bd84285f4960e767f032b33f19b
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 243674ce6fa37a4276281283eddf4ff8
-    SHA1: f930d8984de2ce203b9bfd509cf8ae48a483245c
-    SHA256: 11dc70eb8864bc00b4b8e7c62a52c4602864e2ec717cc0606e1252b119c91085
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2019 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2019-04-14 17:18:06'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.2.0.0
-  Filename: ''
-  ImportedFunctions:
-  - KeBugCheck
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsProcessType
-  - PsGetProcessImageFileName
-  - PsLookupProcessByProcessId
-  - PsReferencePrimaryToken
-  - ZwOpenProcessTokenEx
-  - IoGetCurrentProcess
-  - ZwSetInformationProcess
-  - ZwClose
-  - ZwDuplicateToken
-  - PsInitialSystemProcess
-  - _vsnwprintf
-  - ObfDereferenceObject
-  - ObOpenObjectByPointer
-  - PsGetProcessId
-  - PsDereferencePrimaryToken
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IoFreeMdl
-  - MmProbeAndLockPages
-  - MmUnlockPages
-  - IoAllocateMdl
-  - ZwUnloadKey
-  - IoEnumerateRegisteredFiltersList
-  - KeBugCheckEx
-  - MmGetSystemRoutineAddress
-  - IoDeleteDevice
-  - RtlInitUnicodeString
-  - NtBuildNumber
-  - RtlCompareMemory
-  - IoDeleteSymbolicLink
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwindEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltEnumerateFilters
-  - FltObjectDereference
-  - FltGetVolumeFromInstance
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: 4e906fcb13e2793c98f47291fd69391b
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.2.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: d45d2640e1584c776a1d10e5f695d7ad
-    SHA1: fef88c261764494d9a145b37b7739f3454786729
-    SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
-  SHA1: 492e40b01a9a6cec593691db4838f20b3eaeacc5
-  SHA256: 07beac65e28ee124f1da354293a3d6ad7250ed1ce29b8342acfd22252548a5af
-  Sections:
-    .text:
-      Entropy: 6.137402743772031
-      Virtual Size: '0x323c'
-    .rdata:
-      Entropy: 3.8392933065158275
-      Virtual Size: '0x1460'
-    .data:
-      Entropy: 2.2583232763427667
-      Virtual Size: '0x17a4'
-    .pdata:
-      Entropy: 4.06852005250443
-      Virtual Size: '0x1b0'
-    PAGE:
-      Entropy: 6.079527011018308
-      Virtual Size: '0x28b'
-    INIT:
-      Entropy: 5.119968261124173
-      Virtual Size: '0x5e6'
-    .rsrc:
-      Entropy: 3.3547531988948798
-      Virtual Size: '0x430'
-    .reloc:
-      Entropy: 4.873734410850681
-      Virtual Size: '0x22e'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 059c6bd84285f4960e767f032b33f19b
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 846935ae07a68052a0bcc0f776d4c68f
-    SHA1: d40b1915ba1a63afcaeb9bef9e318d624939f971
-    SHA256: 1f43d0680cecea2db04d2f2eff7ff37a13beec280e62b76b9dbdc38d0e225fca
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2019 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2019-07-20 14:57:09'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.2.0.0
-  Filename: ''
-  ImportedFunctions:
-  - NtBuildNumber
-  - IofCompleteRequest
-  - KeBugCheck
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsInitialSystemProcess
-  - ObfDereferenceObject
-  - PsLookupProcessByProcessId
-  - PsGetProcessImageFileName
-  - PsGetProcessId
-  - ZwClose
-  - ZwSetInformationProcess
-  - ZwDuplicateToken
-  - ObOpenObjectByPointer
-  - PsProcessType
-  - RtlInitUnicodeString
-  - PsReferencePrimaryToken
-  - IoGetCurrentProcess
-  - RtlCompareMemory
-  - ZwOpenProcessTokenEx
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - IoFreeMdl
-  - MmUnlockPages
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - memcpy
-  - KeServiceDescriptorTable
-  - IoEnumerateRegisteredFiltersList
-  - KeTickCount
-  - MmGetSystemRoutineAddress
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - memset
-  - PsDereferencePrimaryToken
-  - _vsnwprintf
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwind
-  - KeBugCheckEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltGetVolumeFromInstance
-  - FltObjectDereference
-  - FltEnumerateFilters
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: bb5bda8889d8d27ef984dbd6ad82c946
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.2.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: c4873a245675b1071413f34af4d80050
-    SHA1: dd32c95fe9c3a8bcfa7623a732f2492214ff5881
-    SHA256: 2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
-  SHA1: 947c76c8c8ba969797f56afd1fa1d1c4a1e3ed25
-  SHA256: 406b844f4b5c82caf26056c67f9815ad8ecf1e6e5b07d446b456e5ff4a1476f9
-  Sections:
-    .text:
-      Entropy: 6.2035733322045745
-      Virtual Size: '0x23f4'
-    .rdata:
-      Entropy: 3.5749040890670303
-      Virtual Size: '0xed4'
-    .data:
-      Entropy: 2.8516013173925066
-      Virtual Size: '0x1264'
-    PAGE:
-      Entropy: 5.795549160299263
-      Virtual Size: '0x266'
-    INIT:
-      Entropy: 5.429489696991249
-      Virtual Size: '0x538'
-    .rsrc:
-      Entropy: 3.3528875272530887
-      Virtual Size: '0x430'
-    .reloc:
-      Entropy: 5.93822728458253
-      Virtual Size: '0x464'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 3b49942ec6cef1898e97f741b2b5df8a
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: fd56e10ef3039c2f905eeec90aa92e2f
-    SHA1: 7a59fe7acd7abc6dcf89dd3db31d37ea0da458dc
-    SHA256: 0895a8fa3ee38bb38cb9fcd0183cf9466c7577eab746b3540bd0b2f282246dc6
-  Company: ''
-  Copyright: Copyright (c) 2007 - 2015 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2015-08-25 03:30:50'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsProcessType
-  - PsGetProcessImageFileName
-  - PsLookupProcessByProcessId
-  - PsReferencePrimaryToken
-  - ZwOpenProcessTokenEx
-  - IoGetCurrentProcess
-  - ZwSetInformationProcess
-  - ZwClose
-  - ZwDuplicateToken
-  - PsInitialSystemProcess
-  - RtlCompareMemory
-  - ObfDereferenceObject
-  - IofCompleteRequest
-  - PsGetProcessId
-  - PsDereferencePrimaryToken
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IoFreeMdl
-  - MmProbeAndLockPages
-  - MmUnlockPages
-  - IoAllocateMdl
-  - ZwUnloadKey
-  - RtlInitUnicodeString
-  - MmGetSystemRoutineAddress
-  - PsSetCreateProcessNotifyRoutine
-  - IoEnumerateRegisteredFiltersList
-  - KeBugCheckEx
-  - KeBugCheck
-  - _vsnwprintf
-  - IoDeleteDevice
-  - NtBuildNumber
-  - ObOpenObjectByPointer
-  - IoDeleteSymbolicLink
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwindEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltEnumerateFilters
-  - FltObjectDereference
-  - FltGetVolumeFromInstance
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: 3b71eab204a5f7ed77811e41fed73105
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.0.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 94bfa9368ea43c71afa29bad9fc60535
-    SHA1: d8e5ebd3ca141f00753a138144cd1319d755858b
-    SHA256: 5c236619ead1fde5073ecb323d1c2701a7c522489118cee4ffb4ccf14efc355f
-  SHA1: 6ae26bde7ec27bd0fa971de6c7500eee34ee9b51
-  SHA256: 2faf95a3405578d0e613c8d88d534aa7233da0a6217ce8475890140ab8fb33c8
-  Sections:
-    .text:
-      Entropy: 6.1491487342367845
-      Virtual Size: '0x342c'
-    .rdata:
-      Entropy: 3.88525043172923
-      Virtual Size: '0x121c'
-    .data:
-      Entropy: 2.603720407225135
-      Virtual Size: '0xe7c'
-    .pdata:
-      Entropy: 4.029672285693752
-      Virtual Size: '0x1d4'
-    PAGE:
-      Entropy: 6.075319996890446
-      Virtual Size: '0x28b'
-    INIT:
-      Entropy: 5.107085003103007
-      Virtual Size: '0x610'
-    .rsrc:
-      Entropy: 3.0131387129044507
-      Virtual Size: '0x440'
-    .reloc:
-      Entropy: 4.483127055768285
-      Virtual Size: '0x172'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: caa08a0ba5f679b1e5bbae747cb9d626
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 7fe1115f2a03e8be8e8b37c19fc4f655
-    SHA1: 62afdbf554f7c383c2e5bd502ad119e3d207bee9
-    SHA256: d5f58cbce305cbd4397c1da5e1a51d78575c67616f6d9c7d764f87cda540fa62
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2020 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2020-08-09 14:44:41'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.2.0.0
-  Filename: ''
-  ImportedFunctions:
-  - NtBuildNumber
-  - IofCompleteRequest
-  - KeBugCheck
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsInitialSystemProcess
-  - ObfDereferenceObject
-  - PsLookupProcessByProcessId
-  - PsGetProcessImageFileName
-  - PsGetProcessId
-  - ZwClose
-  - ZwSetInformationProcess
-  - ZwDuplicateToken
-  - ObOpenObjectByPointer
-  - PsProcessType
-  - RtlInitUnicodeString
-  - PsReferencePrimaryToken
-  - IoGetCurrentProcess
-  - RtlCompareMemory
-  - ZwOpenProcessTokenEx
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - IoFreeMdl
-  - MmUnlockPages
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - memcpy
-  - KeServiceDescriptorTable
-  - IoEnumerateRegisteredFiltersList
-  - KeTickCount
-  - MmGetSystemRoutineAddress
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - memset
-  - PsDereferencePrimaryToken
-  - _vsnwprintf
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwind
-  - KeBugCheckEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltGetVolumeFromInstance
-  - FltObjectDereference
-  - FltEnumerateFilters
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: 01c2e4d8234258451083d6ce4e8910b7
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.2.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: c4873a245675b1071413f34af4d80050
-    SHA1: dd32c95fe9c3a8bcfa7623a732f2492214ff5881
-    SHA256: 2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
-  SHA1: 30a80f560f18609c1123636a8a1a1ef567fa67a7
-  SHA256: 10ad50fcb360dcab8539ea322aaf2270565dc835b7535790937348523d723d6b
-  Sections:
-    .text:
-      Entropy: 6.2064317372812985
-      Virtual Size: '0x2404'
-    .rdata:
-      Entropy: 3.546117070764226
-      Virtual Size: '0xff4'
-    .data:
-      Entropy: 2.813191841547333
-      Virtual Size: '0x14dc'
-    PAGE:
-      Entropy: 5.804360087879422
-      Virtual Size: '0x266'
-    INIT:
-      Entropy: 5.4281677070245955
-      Virtual Size: '0x538'
-    .rsrc:
-      Entropy: 3.3459452702797696
-      Virtual Size: '0x430'
-    .reloc:
-      Entropy: 6.0011548156682
-      Virtual Size: '0x4a0'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2026-04-13 10:00:00'
-      Signature: 1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 751e3ee9c5dc2f3e8f04e59dee5ed409
-      Version: 3
-      TBS:
-        MD5: a637f8f3c278575f41cda67c2063c050
-        SHA1: debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
-        SHA256: f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
-        SHA384: 8d32c5f71dc656c96a04609c17e9d8dc95c4f56d1a55165a265e244d34a3f7708e6c7d942376e4fbb3d2ac2f2609fd47
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 3b49942ec6cef1898e97f741b2b5df8a
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 0917b8ea0d9d70b92cd391196b7f6ef7
-    SHA1: 10f7ced8bc6e3d8726fbef18229b42880cf65bad
-    SHA256: c005f1bcb549d76ab86390217ad6b3a2226ec74fd6f4595c0fd28b73102b1b99
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2017 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2018-05-26 18:37:46'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.1.1.0
-  Filename: ''
-  ImportedFunctions:
-  - KeBugCheck
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsProcessType
-  - PsGetProcessImageFileName
-  - PsLookupProcessByProcessId
-  - PsReferencePrimaryToken
-  - ZwOpenProcessTokenEx
-  - IoGetCurrentProcess
-  - ZwSetInformationProcess
-  - ZwClose
-  - ZwDuplicateToken
-  - PsInitialSystemProcess
-  - _vsnwprintf
-  - ObfDereferenceObject
-  - ObOpenObjectByPointer
-  - PsGetProcessId
-  - PsDereferencePrimaryToken
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IoFreeMdl
-  - MmProbeAndLockPages
-  - MmUnlockPages
-  - IoAllocateMdl
-  - ZwUnloadKey
-  - IoEnumerateRegisteredFiltersList
-  - KeBugCheckEx
-  - MmGetSystemRoutineAddress
-  - IoDeleteDevice
-  - RtlInitUnicodeString
-  - NtBuildNumber
-  - RtlCompareMemory
-  - IoDeleteSymbolicLink
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwindEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltEnumerateFilters
-  - FltObjectDereference
-  - FltGetVolumeFromInstance
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: 72f53f55898548767e0276c472be41e8
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.1.1.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: d45d2640e1584c776a1d10e5f695d7ad
-    SHA1: fef88c261764494d9a145b37b7739f3454786729
-    SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
-  SHA1: 8416ee8fd88c3d069fbba90e959507c69a0ee3e9
-  SHA256: 8b30b2dc36d5e8f1ffc7281352923773fb821cdf66eb6516f82c697a524b599b
-  Sections:
-    .text:
-      Entropy: 6.1419629238500235
-      Virtual Size: '0x31fc'
-    .rdata:
-      Entropy: 3.8514128499124776
-      Virtual Size: '0x13d0'
-    .data:
-      Entropy: 2.2863945965626136
-      Virtual Size: '0x1614'
-    .pdata:
-      Entropy: 4.052479770333054
-      Virtual Size: '0x1b0'
-    PAGE:
-      Entropy: 6.093773811863592
-      Virtual Size: '0x28b'
-    INIT:
-      Entropy: 5.119968261124173
-      Virtual Size: '0x5e6'
-    .rsrc:
-      Entropy: 3.3614073432360265
-      Virtual Size: '0x438'
-    .reloc:
-      Entropy: 4.830405545722778
-      Virtual Size: '0x210'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 059c6bd84285f4960e767f032b33f19b
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 48a22b033380a73fd1f58d9704fd93fc
-    SHA1: 0e9efb3a9f4a93e1a2bb03d5814a9bbeb2257898
-    SHA256: 9b6d450b6e2b66e8356b9d8a354e8c3a96426b7f15adf2f2025dda13c01881a3
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2017 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2018-04-23 17:21:28'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.1.1.0
-  Filename: ''
-  ImportedFunctions:
-  - NtBuildNumber
-  - IofCompleteRequest
-  - KeBugCheck
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsInitialSystemProcess
-  - ObfDereferenceObject
-  - PsLookupProcessByProcessId
-  - PsGetProcessImageFileName
-  - PsGetProcessId
-  - ZwClose
-  - ZwSetInformationProcess
-  - ZwDuplicateToken
-  - ObOpenObjectByPointer
-  - PsProcessType
-  - RtlInitUnicodeString
-  - PsReferencePrimaryToken
-  - IoGetCurrentProcess
-  - RtlCompareMemory
-  - ZwOpenProcessTokenEx
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - IoFreeMdl
-  - MmUnlockPages
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - memcpy
-  - KeServiceDescriptorTable
-  - IoEnumerateRegisteredFiltersList
-  - KeTickCount
-  - MmGetSystemRoutineAddress
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - memset
-  - PsDereferencePrimaryToken
-  - _vsnwprintf
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwind
-  - KeBugCheckEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltGetVolumeFromInstance
-  - FltObjectDereference
-  - FltEnumerateFilters
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: 7d26985a5048bad57d9c223362f3d55c
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.1.1.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: c4873a245675b1071413f34af4d80050
-    SHA1: dd32c95fe9c3a8bcfa7623a732f2492214ff5881
-    SHA256: 2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
-  SHA1: 9f27987c32321f8da099efc1dc60a73f8f629d3a
-  SHA256: 7662187c236003308a7951c2f49c0768636c492f8935292d02f69e59b01d236d
-  Sections:
-    .text:
-      Entropy: 6.202511657588269
-      Virtual Size: '0x23ae'
-    .rdata:
-      Entropy: 3.53853709337898
-      Virtual Size: '0xe24'
-    .data:
-      Entropy: 2.9048205574982506
-      Virtual Size: '0xff4'
-    PAGE:
-      Entropy: 5.788042895055868
-      Virtual Size: '0x266'
-    INIT:
-      Entropy: 5.325440401058365
-      Virtual Size: '0x538'
-    .rsrc:
-      Entropy: 3.3804140325955863
-      Virtual Size: '0x440'
-    .reloc:
-      Entropy: 5.981826468919802
-      Virtual Size: '0x41e'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 3b49942ec6cef1898e97f741b2b5df8a
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 00a7bf199ea8ddcd3598e68f4d186f78
-    SHA1: 85d77e69eb9e42b44266746233e28d027e77345c
-    SHA256: 81237053f6eeaf659970e9e5e7abba00261ec2b850b1f5b195d0888f8ce66d6f
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2014 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2014-01-02 17:13:08'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.0.0.0
-  Filename: ''
-  ImportedFunctions:
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsProcessType
-  - PsGetProcessImageFileName
-  - PsLookupProcessByProcessId
-  - PsReferencePrimaryToken
-  - ZwOpenProcessTokenEx
-  - IoGetCurrentProcess
-  - ZwSetInformationProcess
-  - ZwClose
-  - ZwDuplicateToken
-  - PsInitialSystemProcess
-  - IofCompleteRequest
-  - ObfDereferenceObject
-  - ObOpenObjectByPointer
-  - PsGetProcessId
-  - PsDereferencePrimaryToken
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - ZwUnloadKey
-  - RtlInitUnicodeString
-  - MmGetSystemRoutineAddress
-  - IoEnumerateRegisteredFiltersList
-  - KeBugCheckEx
-  - KeBugCheck
-  - _vsnwprintf
-  - IoDeleteDevice
-  - NtBuildNumber
-  - RtlCompareMemory
-  - IoDeleteSymbolicLink
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwindEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltEnumerateFilters
-  - FltObjectDereference
-  - FltGetVolumeFromInstance
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: 4484f4007de2c3ee4581a2cff77ca3b4
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.0.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 63c6b4112622c2a9182cdd1d0d5235d7
-    SHA1: 3e48025a171d18c5839ab1e58b64dbc6483417d0
-    SHA256: ed34aa4b85d59a228c388a98cfa6395194fde9f005fc0bb1aa2ec852377d82f6
-  SHA1: 40372b4de2db020ce2659e1de806d4338fd7ebef
-  SHA256: bcca03ce1dd040e67eb71a7be0b75576316f0b6587b2058786fda8b6f0a5adfd
-  Sections:
-    .text:
-      Entropy: 6.137509891402374
-      Virtual Size: '0x2e3c'
-    .rdata:
-      Entropy: 3.8666471354954095
-      Virtual Size: '0xfcc'
-    .data:
-      Entropy: 2.468702019455969
-      Virtual Size: '0xc74'
-    .pdata:
-      Entropy: 4.028550043812694
-      Virtual Size: '0x1a4'
-    PAGE:
-      Entropy: 6.038047089814424
-      Virtual Size: '0x28b'
-    INIT:
-      Entropy: 5.100099905349228
-      Virtual Size: '0x584'
-    .rsrc:
-      Entropy: 3.3527586134193843
-      Virtual Size: '0x440'
-    .reloc:
-      Entropy: 4.490003473368671
-      Virtual Size: '0x13e'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Timestamping CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2028-01-28 12:00:00'
-      Signature: 4e5e56901e46b4d94931f3bb1739281bc216ddfd41dc0905049b6fb2a29ad6992e40990055b5ea3fa52076d38634d417cc553ac782eeefa8babcd8069f1550dfcd167b523a02d7191afdaff0785ce04bc518df3a241edaacb8a95804020730dbb0125efe31bef00448f4f070f83a5e5683cf3dfb0dbcf4c5ed979db9d4dba52784e3389b8ba735864420a43b6da46a0ba183fd28ebdaef28f6cc885dfb0a3b00abe021ebe22f356c0f8e344597eba2f79933357ecb9a8abb454de73f9fc2d98afa65b26ec77e65ffe892e12c31a2f7b02736488f266f3bee4d761f79c3e57f9635bc2d0ecc01b08e7fff518080a792d4b34446648c874f166307314b63b0dff3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee152d7
-      Version: 3
-      TBS:
-        MD5: e140543fe3256027cfa79fc3c19c1776
-        SHA1: c655f94eb1ecc93de319fc0c9a2dc6c5ec063728
-        SHA256: 3ca71e85908ff67368e4dc00253f5691b9e6d50c966e7784143d75fb92aa3448
-        SHA384: d9d366f9328f2b55ee19a32cc5fd5148b81d764282fe5dc196c872ae249caa51d2c212ef39f33945dfe0cda81925e326
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=SG, O=GMO GlobalSign Pte Ltd, CN=GlobalSign TSA for MS Authenticode
-        , G1
-      ValidFrom: '2013-08-23 00:00:00'
-      ValidTo: '2024-09-23 00:00:00'
-      Signature: 0231142e5857644185e8af12753c881cc35eec2ce9a13cf5baaa531db9d12963dc436786d439dadec6c9ffbe4585f4a4d7c151ea18ee40585ee67bcca241291338c8ea21169cce90a62efba6cad994df401df902182bbef65d4f9fff9a48dbc50509ca80cea0f9dc4bc323e6038fb4b4af5b71296191181a6b7af2fd0dd1cd7d5e98ebba705ee5f4ea43de353dc514818adb3e105ebb72faa1a093ab031cc1653c91138b045d2bc4b9161bcc55c50ce8abe743c9b28328a5531347ab3964b91cea3430b176009521f1d43da8fda00032d76e983ca69c3b0b83becbb8bb2a268c59b8b9aeaf26ace234a2dc210d810b3813f745a3e3dbc4aca16d1bb7e5615cd7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1121405c1f0ed258882be54d8686ba11ea45
-      Version: 3
-      TBS:
-        MD5: b95cbc184d388718612d5933f7b36770
-        SHA1: ff124c5d160710720108616ffee99bbe090ed363
-        SHA256: 13027620255363f07bbf85ae7d0dc06c07d8b0f4368b12f983ee3f4fce605733
-        SHA384: f42ed00f615f2822dcd3d33794477428afb52ddab932ebcde3586f92a27e18f9faba6b3334ca4e59e0cb24bdbf8395a6
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: a6c4a7369500900fc172f9557cff22cf
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: ae57b5e19b5c4a3f750425dc18f78452
-    SHA1: f59c9783573dccbfe1efbfb6c939aeecbcb2928b
-    SHA256: f2b0d70e2d55a5f69ddaac13460cfcd63746ac1c09f826772cca5b857dde240a
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2014 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2014-06-09 17:33:12'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.0.0.0
-  Filename: ''
-  ImportedFunctions:
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsProcessType
-  - PsGetProcessImageFileName
-  - PsLookupProcessByProcessId
-  - PsReferencePrimaryToken
-  - ZwOpenProcessTokenEx
-  - IoGetCurrentProcess
-  - ZwSetInformationProcess
-  - ZwClose
-  - ZwDuplicateToken
-  - PsInitialSystemProcess
-  - RtlCompareMemory
-  - ObfDereferenceObject
-  - IofCompleteRequest
-  - PsGetProcessId
-  - PsDereferencePrimaryToken
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IoFreeMdl
-  - MmProbeAndLockPages
-  - MmUnlockPages
-  - IoAllocateMdl
-  - ZwUnloadKey
-  - RtlInitUnicodeString
-  - MmGetSystemRoutineAddress
-  - IoEnumerateRegisteredFiltersList
-  - KeBugCheckEx
-  - KeBugCheck
-  - _vsnwprintf
-  - IoDeleteDevice
-  - NtBuildNumber
-  - ObOpenObjectByPointer
-  - IoDeleteSymbolicLink
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwindEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltEnumerateFilters
-  - FltObjectDereference
-  - FltGetVolumeFromInstance
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: 5eb2c576597dd21a6b44557c237cf896
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.0.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: d45d2640e1584c776a1d10e5f695d7ad
-    SHA1: fef88c261764494d9a145b37b7739f3454786729
-    SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
-  SHA1: 3533d0a54c7ccd83afd6be24f6582b30e4ca0aab
-  SHA256: 087270d57f1626f29ba9c25750ca19838a869b73a1f71af50bdf37d6ff776212
-  Sections:
-    .text:
-      Entropy: 6.150360472301313
-      Virtual Size: '0x30cc'
-    .rdata:
-      Entropy: 3.9091487744499416
-      Virtual Size: '0x1048'
-    .data:
-      Entropy: 2.4940165806266616
-      Virtual Size: '0xc74'
-    .pdata:
-      Entropy: 4.019695649249909
-      Virtual Size: '0x1bc'
-    PAGE:
-      Entropy: 6.037596647390289
-      Virtual Size: '0x28b'
-    INIT:
-      Entropy: 5.111217237674922
-      Virtual Size: '0x5e6'
-    .rsrc:
-      Entropy: 3.3527586134193843
-      Virtual Size: '0x440'
-    .reloc:
-      Entropy: 4.328299648937291
-      Virtual Size: '0x152'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: e97dc162f416bf06745bf9ffdf78a0ff
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: cbd8f153004048ba8bbf8782fb39be8b
-    SHA1: ef8533f6066e6d4088631e9e265918ea076da73f
-    SHA256: ae55720475ab1c67e39720954111b90e96a5ebf5d3b91277f4c225a228d8739a
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2017 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2018-03-17 17:21:22'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.1.1.0
-  Filename: ''
-  ImportedFunctions:
-  - KeBugCheck
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsProcessType
-  - PsGetProcessImageFileName
-  - PsLookupProcessByProcessId
-  - PsReferencePrimaryToken
-  - ZwOpenProcessTokenEx
-  - IoGetCurrentProcess
-  - ZwSetInformationProcess
-  - ZwClose
-  - ZwDuplicateToken
-  - PsInitialSystemProcess
-  - _vsnwprintf
-  - ObfDereferenceObject
-  - ObOpenObjectByPointer
-  - PsGetProcessId
-  - PsDereferencePrimaryToken
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IoFreeMdl
-  - MmProbeAndLockPages
-  - MmUnlockPages
-  - IoAllocateMdl
-  - ZwUnloadKey
-  - IoEnumerateRegisteredFiltersList
-  - KeBugCheckEx
-  - MmGetSystemRoutineAddress
-  - IoDeleteDevice
-  - RtlInitUnicodeString
-  - NtBuildNumber
-  - RtlCompareMemory
-  - IoDeleteSymbolicLink
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwindEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltEnumerateFilters
-  - FltObjectDereference
-  - FltGetVolumeFromInstance
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: c5fc3605194e033bdf3781ff2adaeb61
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.1.1.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: d45d2640e1584c776a1d10e5f695d7ad
-    SHA1: fef88c261764494d9a145b37b7739f3454786729
-    SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
-  SHA1: 23f562f8d5650b2fb92382d228013f2e36e35d6c
-  SHA256: 40556dd9b79b755cc0b48d3d024ceb15bd2c0e04960062ab2a85cd7d4d1b724a
-  Sections:
-    .text:
-      Entropy: 6.144037436753497
-      Virtual Size: '0x31dc'
-    .rdata:
-      Entropy: 3.842413918825288
-      Virtual Size: '0x1390'
-    .data:
-      Entropy: 2.313119440407077
-      Virtual Size: '0x1494'
-    .pdata:
-      Entropy: 3.990039715462728
-      Virtual Size: '0x1b0'
-    PAGE:
-      Entropy: 6.084557222001841
-      Virtual Size: '0x28b'
-    INIT:
-      Entropy: 5.119968261124173
-      Virtual Size: '0x5e6'
-    .rsrc:
-      Entropy: 3.382946098314487
-      Virtual Size: '0x440'
-    .reloc:
-      Entropy: 4.8001308386334935
-      Virtual Size: '0x1f2'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority,
-        CN=Certum Code Signing CA SHA2
-      ValidFrom: '2015-10-29 11:30:29'
-      ValidTo: '2027-06-09 11:30:29'
-      Signature: aae53f7654024c700e29a93996060f31b70bf1a68b52fb108f4f425b8cbd312301669de829a14dc350faf7f8450e1d82d7fcfea6320473fd71eccc880fa39208c5815802fd0b693bcdb83f493dd08d1c1314682e9b0d9aadb019e29ed27c3977886f23fd7b84fc446db5ba6b7092556c94b1d837fda9591db463b2dc13cd788e2535c19a8f37842ed445cce3f5cc8d73a8e33a6de7959470579150b66def73724f2f028760e2ea22a1ed3efdd18b668d2e726d4fc65d35ee93a898d2676ae9da19cd0283f974fc5f7a1804281edd22333b766c47055dd552fe0eba76f38310c76e305fa760c7fa7427319b2883ed218a1bf1235284ed95bcad3aa5a342019dbc
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 6b326a0f0328d37a1d530bfd23bd48e2
-      Version: 3
-      TBS:
-        MD5: e556c75dbca00e43684d23c11c032d4a
-        SHA1: 50925e36ffd52e5b4d32689e9007b14a3a417168
-        SHA256: f7b6eeb3a567223000a61f68c53b458193557c17e5d512d2825bcb13e5fc9be5
-        SHA384: 57f1cdd3afe0bd7859ab450dbdf6e21a55cf5ba0dda62b9b3c12f2d885d98413ce6817243f6bb83cd77276643369ecbf
-    - Subject: C=FR, O=Open Source Developer, ST=Ile de France, CN=Open Source Developer,
-        Benjamin Delpy, emailAddress=benjamin@gentilkiwi.com
-      ValidFrom: '2017-12-04 09:50:34'
-      ValidTo: '2018-12-04 09:50:34'
-      Signature: a671cf049079a759f4c1fa73dd7f3b3b84da6480a91a3c1a9d6d3bb1313d6714d14272b477c37a86b88a686344dcfd89c8af3a34deaaa5bab970adfa66c5ff206b22ef1954ccbf6b96fdf0f99e9066557fefbb5ddc55aa2a2891181d1a27b06acb79380b618344bd202361fb0399a7e6e6ccbcfa714265fa054e373261efaf6b74bc7e4c7994bcb832d61b3c573d2ec8c3926afb60d4b63428112dd6249c2a49cfded8fa33893fb2d452b135ad57be1ff7956825861e1fd53dfbc0cef82045fd699ebeb74230abfbac20467f087f6e7e2b19f0f961ea2f015c2e54e653507f9966193658afc237778e12001f05e1c6e0ec13d9574718593a2f2484cff950e019
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 1519af351702ab2d86968d0be928f529
-      Version: 3
-      TBS:
-        MD5: 7227ed4392de49333e052f8f17c41f69
-        SHA1: e019d8060f65cc923dab50ea282fb8895c1c75f9
-        SHA256: eee437f4170a21f7de0e590620ff2a9412f89af95e87589d0e5a1cca17f61825
-        SHA384: a5f32361dfa3828aebf139cb1017bba83111e1ce2c5dbd126751a1e7d8f19f3fb838926fc118e423fbe07187e84efc2b
-    - Subject: C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority,
-        CN=Certum Trusted Network CA
-      ValidFrom: '2011-04-15 20:15:34'
-      ValidTo: '2021-04-15 20:25:34'
-      Signature: 419f12160eedee2491fe5d5f10a097a8749e0dccf3115163122a5bb95dc7afac5aa25c0002cb728e0d9225b6522653be3c77a2c28c8089d84118571ab8d05057c328e7fad044804e7e8933286f3a47ef5e231ef27afe3a2a19dead6b1a2847786e9bbfeb7367589a2719d8eb5c3d085860629d5914cf9e76b3cfd962af7b72ac80f9e015ab9c7a5c4b1c7083db7094117bd22a4c7734dc36cccd46d40b198c09f6610ade481c9b3fff0b43d7f1018061abda70cfa78444acb31cce2630f5ca5f696735836ea3888c0fb8939bd65b0615e64b7db950ab09e07b2beb4c1a6bba1cca791bc59f81bde443f02de195d5a166076ce6e5456e060bdbf5bc4395b88aa50555e59668ac1d31db3804bc1c3db61975d1b5802a821e385c4676256c4d8b7483544375e77bb395bfee13609e0ecdfbcaf73a2a52a0a625497a17193ae8941f2c8204035ea9513cef526f7b43ceda2b81b47fda1a2c6265d1ec2837823014319d15bdffacc88b256e41bd1f23741be3fcf94be2eb46e68151530ec94a84788deca8b80f8d4c7fe0f6b0d2c538b24f82c410fe87b88ec6b6b0f87c12a7b4834dfc1e8b6a5bf9d564793ed1e37e1af6c81e59db4dca605c577ea25877ecfa05260032a7f6ff134e98d86f5b434cb336e425bcd93b9f38e00ee9be81e6c91f0f022f8d3a1288a88e1bb1e776913e18de361228fef766557c5bd464487452c32189
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 613bc791000000000034
-      Version: 3
-      TBS:
-        MD5: f5f0d604dd56b0446f98fb67e98a76f8
-        SHA1: c749c146cc00030ff36ecf9b698e6a377bc15605
-        SHA256: df5dacc623d44348fff0bc8ebe2cedc8ba212e33c6f10d7fd608f37f92a2c273
-        SHA384: c394dc13768746f008b4ffa082d6e8a2e55a83052d63e3c0a8f2fcfc30dcd51849afd21b0adf86bc50490629a89da09b
-    Signer:
-    - SerialNumber: 1519af351702ab2d86968d0be928f529
-      Issuer: C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority,
-        CN=Certum Code Signing CA SHA2
-      Version: 1
-  Imphash: 059c6bd84285f4960e767f032b33f19b
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: fd585505c4b2b1af4c34a2ce77d512e6
-    SHA1: f605c31d34752378a3fa7af3c9ea2a5d8f77abf8
-    SHA256: 6789e1a2e0d23528a91e49851bd95bceb6ffe9927f34b52a78ecc2b1d4bc13b8
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2017 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2017-03-17 20:17:55'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.1.0.0
-  Filename: ''
-  ImportedFunctions:
-  - NtBuildNumber
-  - IofCompleteRequest
-  - KeBugCheck
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsInitialSystemProcess
-  - ObfDereferenceObject
-  - PsLookupProcessByProcessId
-  - PsGetProcessImageFileName
-  - PsGetProcessId
-  - ZwClose
-  - ZwSetInformationProcess
-  - ZwDuplicateToken
-  - ObOpenObjectByPointer
-  - PsProcessType
-  - RtlInitUnicodeString
-  - PsReferencePrimaryToken
-  - IoGetCurrentProcess
-  - RtlCompareMemory
-  - ZwOpenProcessTokenEx
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - IoFreeMdl
-  - MmUnlockPages
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - memcpy
-  - KeServiceDescriptorTable
-  - IoEnumerateRegisteredFiltersList
-  - KeTickCount
-  - MmGetSystemRoutineAddress
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - memset
-  - PsDereferencePrimaryToken
-  - _vsnwprintf
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwind
-  - KeBugCheckEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltGetVolumeFromInstance
-  - FltObjectDereference
-  - FltEnumerateFilters
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: 154b45f072fe844676e6970612fd39c7
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.1.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: c4873a245675b1071413f34af4d80050
-    SHA1: dd32c95fe9c3a8bcfa7623a732f2492214ff5881
-    SHA256: 2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
-  SHA1: 161bae224cf184ed6c09c77fae866d42412c6d25
-  SHA256: 8684aec77b4c3cafc1a6594de7e95695fa698625d4206a6c4b201875f76a5b38
-  Sections:
-    .text:
-      Entropy: 6.189266621409851
-      Virtual Size: '0x235e'
-    .rdata:
-      Entropy: 3.5646360773808663
-      Virtual Size: '0xdc4'
-    .data:
-      Entropy: 2.9710357364934694
-      Virtual Size: '0xd68'
-    PAGE:
-      Entropy: 5.8055474754253495
-      Virtual Size: '0x266'
-    INIT:
-      Entropy: 5.325440401058366
-      Virtual Size: '0x538'
-    .rsrc:
-      Entropy: 3.3682712956797647
-      Virtual Size: '0x440'
-    .reloc:
-      Entropy: 5.910661392306955
-      Virtual Size: '0x3e0'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 3b49942ec6cef1898e97f741b2b5df8a
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: b6c12d1f29ddfb6ec890716547cf2d73
-    SHA1: a09ba29949130996281198fb44aef7a47ce105d7
-    SHA256: db7a15aa5b85845831dcdcebf837b22cf43fa572dd9cb0bb0d264af519b8d406
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2014 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2014-01-08 19:55:13'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.0.0.0
-  Filename: ''
-  ImportedFunctions:
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsProcessType
-  - PsGetProcessImageFileName
-  - PsLookupProcessByProcessId
-  - PsReferencePrimaryToken
-  - ZwOpenProcessTokenEx
-  - IoGetCurrentProcess
-  - ZwSetInformationProcess
-  - ZwClose
-  - ZwDuplicateToken
-  - PsInitialSystemProcess
-  - IofCompleteRequest
-  - ObfDereferenceObject
-  - ObOpenObjectByPointer
-  - PsGetProcessId
-  - PsDereferencePrimaryToken
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - ZwUnloadKey
-  - RtlInitUnicodeString
-  - MmGetSystemRoutineAddress
-  - IoEnumerateRegisteredFiltersList
-  - KeBugCheckEx
-  - KeBugCheck
-  - _vsnwprintf
-  - IoDeleteDevice
-  - NtBuildNumber
-  - RtlCompareMemory
-  - IoDeleteSymbolicLink
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwindEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltEnumerateFilters
-  - FltObjectDereference
-  - FltGetVolumeFromInstance
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: 17509f0a98dc5c5d52c3f9ac1428a21b
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.0.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 63c6b4112622c2a9182cdd1d0d5235d7
-    SHA1: 3e48025a171d18c5839ab1e58b64dbc6483417d0
-    SHA256: ed34aa4b85d59a228c388a98cfa6395194fde9f005fc0bb1aa2ec852377d82f6
-  SHA1: bbc8bd714c917bb1033f37e4808b4b002cd04166
-  SHA256: baf7fbc4743a81eb5e4511023692b2dfdc32ba670ba3e4ed8c09db7a19bd82d3
-  Sections:
-    .text:
-      Entropy: 6.137509891402374
-      Virtual Size: '0x2e3c'
-    .rdata:
-      Entropy: 3.8651251283660875
-      Virtual Size: '0xfcc'
-    .data:
-      Entropy: 2.468702019455969
-      Virtual Size: '0xc74'
-    .pdata:
-      Entropy: 4.028550043812694
-      Virtual Size: '0x1a4'
-    PAGE:
-      Entropy: 6.038047089814424
-      Virtual Size: '0x28b'
-    INIT:
-      Entropy: 5.100099905349228
-      Virtual Size: '0x584'
-    .rsrc:
-      Entropy: 3.3527586134193843
-      Virtual Size: '0x440'
-    .reloc:
-      Entropy: 4.490003473368671
-      Virtual Size: '0x13e'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Timestamping CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2028-01-28 12:00:00'
-      Signature: 4e5e56901e46b4d94931f3bb1739281bc216ddfd41dc0905049b6fb2a29ad6992e40990055b5ea3fa52076d38634d417cc553ac782eeefa8babcd8069f1550dfcd167b523a02d7191afdaff0785ce04bc518df3a241edaacb8a95804020730dbb0125efe31bef00448f4f070f83a5e5683cf3dfb0dbcf4c5ed979db9d4dba52784e3389b8ba735864420a43b6da46a0ba183fd28ebdaef28f6cc885dfb0a3b00abe021ebe22f356c0f8e344597eba2f79933357ecb9a8abb454de73f9fc2d98afa65b26ec77e65ffe892e12c31a2f7b02736488f266f3bee4d761f79c3e57f9635bc2d0ecc01b08e7fff518080a792d4b34446648c874f166307314b63b0dff3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee152d7
-      Version: 3
-      TBS:
-        MD5: e140543fe3256027cfa79fc3c19c1776
-        SHA1: c655f94eb1ecc93de319fc0c9a2dc6c5ec063728
-        SHA256: 3ca71e85908ff67368e4dc00253f5691b9e6d50c966e7784143d75fb92aa3448
-        SHA384: d9d366f9328f2b55ee19a32cc5fd5148b81d764282fe5dc196c872ae249caa51d2c212ef39f33945dfe0cda81925e326
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=SG, O=GMO GlobalSign Pte Ltd, CN=GlobalSign TSA for MS Authenticode
-        , G1
-      ValidFrom: '2013-08-23 00:00:00'
-      ValidTo: '2024-09-23 00:00:00'
-      Signature: 0231142e5857644185e8af12753c881cc35eec2ce9a13cf5baaa531db9d12963dc436786d439dadec6c9ffbe4585f4a4d7c151ea18ee40585ee67bcca241291338c8ea21169cce90a62efba6cad994df401df902182bbef65d4f9fff9a48dbc50509ca80cea0f9dc4bc323e6038fb4b4af5b71296191181a6b7af2fd0dd1cd7d5e98ebba705ee5f4ea43de353dc514818adb3e105ebb72faa1a093ab031cc1653c91138b045d2bc4b9161bcc55c50ce8abe743c9b28328a5531347ab3964b91cea3430b176009521f1d43da8fda00032d76e983ca69c3b0b83becbb8bb2a268c59b8b9aeaf26ace234a2dc210d810b3813f745a3e3dbc4aca16d1bb7e5615cd7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1121405c1f0ed258882be54d8686ba11ea45
-      Version: 3
-      TBS:
-        MD5: b95cbc184d388718612d5933f7b36770
-        SHA1: ff124c5d160710720108616ffee99bbe090ed363
-        SHA256: 13027620255363f07bbf85ae7d0dc06c07d8b0f4368b12f983ee3f4fce605733
-        SHA384: f42ed00f615f2822dcd3d33794477428afb52ddab932ebcde3586f92a27e18f9faba6b3334ca4e59e0cb24bdbf8395a6
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: a6c4a7369500900fc172f9557cff22cf
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 6eb9ad2adbe534c4bd984792bafd7d40
-    SHA1: 8e4ce688f1f6247b817e1c90c31e6496659f2551
-    SHA256: 8bec85d128eb0444f10fc89b95b2c6b84a8d0405cb0a6dbc30cff8ea4c0ca043
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2017 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2017-12-03 13:13:32'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.1.0.0
-  Filename: ''
-  ImportedFunctions:
-  - KeBugCheck
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsProcessType
-  - PsGetProcessImageFileName
-  - PsLookupProcessByProcessId
-  - PsReferencePrimaryToken
-  - ZwOpenProcessTokenEx
-  - IoGetCurrentProcess
-  - ZwSetInformationProcess
-  - ZwClose
-  - ZwDuplicateToken
-  - PsInitialSystemProcess
-  - _vsnwprintf
-  - ObfDereferenceObject
-  - ObOpenObjectByPointer
-  - PsGetProcessId
-  - PsDereferencePrimaryToken
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IoFreeMdl
-  - MmProbeAndLockPages
-  - MmUnlockPages
-  - IoAllocateMdl
-  - ZwUnloadKey
-  - IoEnumerateRegisteredFiltersList
-  - KeBugCheckEx
-  - MmGetSystemRoutineAddress
-  - IoDeleteDevice
-  - RtlInitUnicodeString
-  - NtBuildNumber
-  - RtlCompareMemory
-  - IoDeleteSymbolicLink
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwindEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltEnumerateFilters
-  - FltObjectDereference
-  - FltGetVolumeFromInstance
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: 754e21482baf18b8b0ed0f4be462ba03
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.1.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: d45d2640e1584c776a1d10e5f695d7ad
-    SHA1: fef88c261764494d9a145b37b7739f3454786729
-    SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
-  SHA1: f6728821eddd14a21a9536e0f138c6d71cbd9307
-  SHA256: 36c65aeb255c06898ffe32e301030e0b74c8bca6fe7be593584b8fdaacd4e475
-  Sections:
-    .text:
-      Entropy: 6.137944463935485
-      Virtual Size: '0x319c'
-    .rdata:
-      Entropy: 3.8514461681575236
-      Virtual Size: '0x1340'
-    .data:
-      Entropy: 2.3461427985512437
-      Virtual Size: '0x12e4'
-    .pdata:
-      Entropy: 4.010051195917961
-      Virtual Size: '0x1b0'
-    PAGE:
-      Entropy: 6.083244237405415
-      Virtual Size: '0x28b'
-    INIT:
-      Entropy: 5.119968261124173
-      Virtual Size: '0x5e6'
-    .rsrc:
-      Entropy: 3.370803361398665
-      Virtual Size: '0x440'
-    .reloc:
-      Entropy: 4.705915669612521
-      Virtual Size: '0x1d4'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 059c6bd84285f4960e767f032b33f19b
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: e6028245682168cc81b895bf28e87b4e
-    SHA1: 6f5f42d443ce64ed70c2c17fe3f07da91e1aab0b
-    SHA256: 6e521e54a1e5a03abaae405b58a84758058f3fac5e8cd8a370f232c7dc7bb164
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2020 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2021-05-18 09:07:29'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.2.0.0
-  Filename: ''
-  ImportedFunctions:
-  - KeBugCheck
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsProcessType
-  - PsGetProcessImageFileName
-  - PsLookupProcessByProcessId
-  - PsReferencePrimaryToken
-  - ZwOpenProcessTokenEx
-  - IoGetCurrentProcess
-  - ZwSetInformationProcess
-  - ZwClose
-  - ZwDuplicateToken
-  - PsInitialSystemProcess
-  - _vsnwprintf
-  - ObfDereferenceObject
-  - ObOpenObjectByPointer
-  - PsGetProcessId
-  - PsDereferencePrimaryToken
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IoFreeMdl
-  - MmProbeAndLockPages
-  - MmUnlockPages
-  - IoAllocateMdl
-  - ZwUnloadKey
-  - IoEnumerateRegisteredFiltersList
-  - KeBugCheckEx
-  - MmGetSystemRoutineAddress
-  - IoDeleteDevice
-  - RtlInitUnicodeString
-  - NtBuildNumber
-  - RtlCompareMemory
-  - IoDeleteSymbolicLink
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwindEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltEnumerateFilters
-  - FltObjectDereference
-  - FltGetVolumeFromInstance
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: 1cd5e231064e03c596e819b6ff48daf9
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.2.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: d45d2640e1584c776a1d10e5f695d7ad
-    SHA1: fef88c261764494d9a145b37b7739f3454786729
-    SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
-  SHA1: e514dfadbeb4d2305988c3281bf105d252dee3a7
-  SHA256: d37996abc8efb29f1ccbb4335ce9ba9158bec86cc4775f0177112e87e4e3be5c
-  Sections:
-    .text:
-      Entropy: 6.133976095876382
-      Virtual Size: '0x329c'
-    .rdata:
-      Entropy: 3.840595882815777
-      Virtual Size: '0x1490'
-    .data:
-      Entropy: 2.1710929957450715
-      Virtual Size: '0x1c54'
-    .pdata:
-      Entropy: 3.9857737110778095
-      Virtual Size: '0x1b0'
-    PAGE:
-      Entropy: 6.058535435224619
-      Virtual Size: '0x28b'
-    INIT:
-      Entropy: 5.119968261124173
-      Virtual Size: '0x5e6'
-    .rsrc:
-      Entropy: 3.3478109419215607
-      Virtual Size: '0x430'
-    .reloc:
-      Entropy: 5.011052354824561
-      Virtual Size: '0x288'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2026-04-13 10:00:00'
-      Signature: 1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 751e3ee9c5dc2f3e8f04e59dee5ed409
-      Version: 3
-      TBS:
-        MD5: a637f8f3c278575f41cda67c2063c050
-        SHA1: debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
-        SHA256: f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
-        SHA384: 8d32c5f71dc656c96a04609c17e9d8dc95c4f56d1a55165a265e244d34a3f7708e6c7d942376e4fbb3d2ac2f2609fd47
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 059c6bd84285f4960e767f032b33f19b
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: d89425acef6e1ac239ee8b3c937b87cb
-    SHA1: 010113b420a09a502afc93ddebb8f9dce796bb48
-    SHA256: a4d7e16649ce3c7ad9355e8d7418a4c234b3763e262f8ccfbda4bc64a402ed27
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2020 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2020-05-18 16:48:54'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.2.0.0
-  Filename: ''
-  ImportedFunctions:
-  - KeBugCheck
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsProcessType
-  - PsGetProcessImageFileName
-  - PsLookupProcessByProcessId
-  - PsReferencePrimaryToken
-  - ZwOpenProcessTokenEx
-  - IoGetCurrentProcess
-  - ZwSetInformationProcess
-  - ZwClose
-  - ZwDuplicateToken
-  - PsInitialSystemProcess
-  - _vsnwprintf
-  - ObfDereferenceObject
-  - ObOpenObjectByPointer
-  - PsGetProcessId
-  - PsDereferencePrimaryToken
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IoFreeMdl
-  - MmProbeAndLockPages
-  - MmUnlockPages
-  - IoAllocateMdl
-  - ZwUnloadKey
-  - IoEnumerateRegisteredFiltersList
-  - KeBugCheckEx
-  - MmGetSystemRoutineAddress
-  - IoDeleteDevice
-  - RtlInitUnicodeString
-  - NtBuildNumber
-  - RtlCompareMemory
-  - IoDeleteSymbolicLink
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwindEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltEnumerateFilters
-  - FltObjectDereference
-  - FltGetVolumeFromInstance
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: 28102acca39ad0199f262ba9958be3f4
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.2.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: d45d2640e1584c776a1d10e5f695d7ad
-    SHA1: fef88c261764494d9a145b37b7739f3454786729
-    SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
-  SHA1: beed6fb6a96996e9b016fa7f2cf7702a49c8f130
-  SHA256: aaf04d89fd15bc61265e545f8e1da80e20f59f90058ed343c62ee24358e3af9e
-  Sections:
-    .text:
-      Entropy: 6.133976095876382
-      Virtual Size: '0x329c'
-    .rdata:
-      Entropy: 3.837835783685005
-      Virtual Size: '0x1490'
-    .data:
-      Entropy: 2.1710929957450715
-      Virtual Size: '0x1c54'
-    .pdata:
-      Entropy: 3.9857737110778095
-      Virtual Size: '0x1b0'
-    PAGE:
-      Entropy: 6.058535435224619
-      Virtual Size: '0x28b'
-    INIT:
-      Entropy: 5.119968261124173
-      Virtual Size: '0x5e6'
-    .rsrc:
-      Entropy: 3.3478109419215607
-      Virtual Size: '0x430'
-    .reloc:
-      Entropy: 5.011052354824561
-      Virtual Size: '0x288'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2026-04-13 10:00:00'
-      Signature: 1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 751e3ee9c5dc2f3e8f04e59dee5ed409
-      Version: 3
-      TBS:
-        MD5: a637f8f3c278575f41cda67c2063c050
-        SHA1: debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
-        SHA256: f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
-        SHA384: 8d32c5f71dc656c96a04609c17e9d8dc95c4f56d1a55165a265e244d34a3f7708e6c7d942376e4fbb3d2ac2f2609fd47
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 059c6bd84285f4960e767f032b33f19b
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 0acd0b319d16a5f8ca04cb46f549bacf
-    SHA1: dd15f4ca159b4dffe6094af6b00174732c8c0463
-    SHA256: 5ffba52ea8bba7aeaf9fb32e1ba97b5bbd5c31739d594e722d9e89907dbb5cdd
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2019 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2019-05-12 17:34:58'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.2.0.0
-  Filename: ''
-  ImportedFunctions:
-  - KeBugCheck
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsProcessType
-  - PsGetProcessImageFileName
-  - PsLookupProcessByProcessId
-  - PsReferencePrimaryToken
-  - ZwOpenProcessTokenEx
-  - IoGetCurrentProcess
-  - ZwSetInformationProcess
-  - ZwClose
-  - ZwDuplicateToken
-  - PsInitialSystemProcess
-  - _vsnwprintf
-  - ObfDereferenceObject
-  - ObOpenObjectByPointer
-  - PsGetProcessId
-  - PsDereferencePrimaryToken
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IoFreeMdl
-  - MmProbeAndLockPages
-  - MmUnlockPages
-  - IoAllocateMdl
-  - ZwUnloadKey
-  - IoEnumerateRegisteredFiltersList
-  - KeBugCheckEx
-  - MmGetSystemRoutineAddress
-  - IoDeleteDevice
-  - RtlInitUnicodeString
-  - NtBuildNumber
-  - RtlCompareMemory
-  - IoDeleteSymbolicLink
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwindEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltEnumerateFilters
-  - FltObjectDereference
-  - FltGetVolumeFromInstance
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: 27384ec4c634701012a2962c30badad2
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.2.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: d45d2640e1584c776a1d10e5f695d7ad
-    SHA1: fef88c261764494d9a145b37b7739f3454786729
-    SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
-  SHA1: 7d453dccb25bf36c411c92e2744c24f9b801225d
-  SHA256: c4f041de66ec8cc5ab4a03bbc46f99e073157a4e915a9ab4069162de834ffc5c
-  Sections:
-    .text:
-      Entropy: 6.135433819899731
-      Virtual Size: '0x325c'
-    .rdata:
-      Entropy: 3.837956011076457
-      Virtual Size: '0x1450'
-    .data:
-      Entropy: 2.2159905775744044
-      Virtual Size: '0x1934'
-    .pdata:
-      Entropy: 4.038755197475624
-      Virtual Size: '0x1b0'
-    PAGE:
-      Entropy: 6.068036657482388
-      Virtual Size: '0x28b'
-    INIT:
-      Entropy: 5.119968261124173
-      Virtual Size: '0x5e6'
-    .rsrc:
-      Entropy: 3.3547531988948798
-      Virtual Size: '0x430'
-    .reloc:
-      Entropy: 4.901711830072888
-      Virtual Size: '0x24c'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 059c6bd84285f4960e767f032b33f19b
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: e044ca432fdc8ae1dafd1548ce4236f7
-    SHA1: a2db837199644df18a514e7d9f069bce18eebc9b
-    SHA256: 770552bfc6598f165443da94ac0c6aca00f95a6a9a8e89713f9980730d9ee9c2
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2014 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2014-01-05 17:23:52'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.0.0.0
-  Filename: ''
-  ImportedFunctions:
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsProcessType
-  - PsGetProcessImageFileName
-  - PsLookupProcessByProcessId
-  - PsReferencePrimaryToken
-  - ZwOpenProcessTokenEx
-  - IoGetCurrentProcess
-  - ZwSetInformationProcess
-  - ZwClose
-  - ZwDuplicateToken
-  - PsInitialSystemProcess
-  - IofCompleteRequest
-  - ObfDereferenceObject
-  - ObOpenObjectByPointer
-  - PsGetProcessId
-  - PsDereferencePrimaryToken
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - ZwUnloadKey
-  - RtlInitUnicodeString
-  - MmGetSystemRoutineAddress
-  - IoEnumerateRegisteredFiltersList
-  - KeBugCheckEx
-  - KeBugCheck
-  - _vsnwprintf
-  - IoDeleteDevice
-  - NtBuildNumber
-  - RtlCompareMemory
-  - IoDeleteSymbolicLink
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwindEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltEnumerateFilters
-  - FltObjectDereference
-  - FltGetVolumeFromInstance
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: cee36b5c6362993fa921435979bfbe4a
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.0.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 63c6b4112622c2a9182cdd1d0d5235d7
-    SHA1: 3e48025a171d18c5839ab1e58b64dbc6483417d0
-    SHA256: ed34aa4b85d59a228c388a98cfa6395194fde9f005fc0bb1aa2ec852377d82f6
-  SHA1: 78fd06c82d3ba765c38bad8f48d1821a06280e39
-  SHA256: b169a5f643524d59330fafe6e3e328e2179fc5116ee6fae5d39581467d53ac03
-  Sections:
-    .text:
-      Entropy: 6.137509891402374
-      Virtual Size: '0x2e3c'
-    .rdata:
-      Entropy: 3.863310172045034
-      Virtual Size: '0xfcc'
-    .data:
-      Entropy: 2.468702019455969
-      Virtual Size: '0xc74'
-    .pdata:
-      Entropy: 4.028550043812694
-      Virtual Size: '0x1a4'
-    PAGE:
-      Entropy: 6.038047089814424
-      Virtual Size: '0x28b'
-    INIT:
-      Entropy: 5.100099905349228
-      Virtual Size: '0x584'
-    .rsrc:
-      Entropy: 3.3527586134193843
-      Virtual Size: '0x440'
-    .reloc:
-      Entropy: 4.490003473368671
-      Virtual Size: '0x13e'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Timestamping CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2028-01-28 12:00:00'
-      Signature: 4e5e56901e46b4d94931f3bb1739281bc216ddfd41dc0905049b6fb2a29ad6992e40990055b5ea3fa52076d38634d417cc553ac782eeefa8babcd8069f1550dfcd167b523a02d7191afdaff0785ce04bc518df3a241edaacb8a95804020730dbb0125efe31bef00448f4f070f83a5e5683cf3dfb0dbcf4c5ed979db9d4dba52784e3389b8ba735864420a43b6da46a0ba183fd28ebdaef28f6cc885dfb0a3b00abe021ebe22f356c0f8e344597eba2f79933357ecb9a8abb454de73f9fc2d98afa65b26ec77e65ffe892e12c31a2f7b02736488f266f3bee4d761f79c3e57f9635bc2d0ecc01b08e7fff518080a792d4b34446648c874f166307314b63b0dff3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee152d7
-      Version: 3
-      TBS:
-        MD5: e140543fe3256027cfa79fc3c19c1776
-        SHA1: c655f94eb1ecc93de319fc0c9a2dc6c5ec063728
-        SHA256: 3ca71e85908ff67368e4dc00253f5691b9e6d50c966e7784143d75fb92aa3448
-        SHA384: d9d366f9328f2b55ee19a32cc5fd5148b81d764282fe5dc196c872ae249caa51d2c212ef39f33945dfe0cda81925e326
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=SG, O=GMO GlobalSign Pte Ltd, CN=GlobalSign TSA for MS Authenticode
-        , G1
-      ValidFrom: '2013-08-23 00:00:00'
-      ValidTo: '2024-09-23 00:00:00'
-      Signature: 0231142e5857644185e8af12753c881cc35eec2ce9a13cf5baaa531db9d12963dc436786d439dadec6c9ffbe4585f4a4d7c151ea18ee40585ee67bcca241291338c8ea21169cce90a62efba6cad994df401df902182bbef65d4f9fff9a48dbc50509ca80cea0f9dc4bc323e6038fb4b4af5b71296191181a6b7af2fd0dd1cd7d5e98ebba705ee5f4ea43de353dc514818adb3e105ebb72faa1a093ab031cc1653c91138b045d2bc4b9161bcc55c50ce8abe743c9b28328a5531347ab3964b91cea3430b176009521f1d43da8fda00032d76e983ca69c3b0b83becbb8bb2a268c59b8b9aeaf26ace234a2dc210d810b3813f745a3e3dbc4aca16d1bb7e5615cd7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1121405c1f0ed258882be54d8686ba11ea45
-      Version: 3
-      TBS:
-        MD5: b95cbc184d388718612d5933f7b36770
-        SHA1: ff124c5d160710720108616ffee99bbe090ed363
-        SHA256: 13027620255363f07bbf85ae7d0dc06c07d8b0f4368b12f983ee3f4fce605733
-        SHA384: f42ed00f615f2822dcd3d33794477428afb52ddab932ebcde3586f92a27e18f9faba6b3334ca4e59e0cb24bdbf8395a6
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: a6c4a7369500900fc172f9557cff22cf
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 41fe68e2598cbb23aa596f1bd4e7fed5
-    SHA1: cf9146f5b5bb803f5235a5748bdea5f979f1d348
-    SHA256: 931e4d6f7f04b122bc5bc6a61fb4e0186796623f4fc72d0c42ccfa886f1c5fb2
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2017 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2018-08-19 17:53:57'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.1.1.0
-  Filename: ''
-  ImportedFunctions:
-  - KeBugCheck
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsProcessType
-  - PsGetProcessImageFileName
-  - PsLookupProcessByProcessId
-  - PsReferencePrimaryToken
-  - ZwOpenProcessTokenEx
-  - IoGetCurrentProcess
-  - ZwSetInformationProcess
-  - ZwClose
-  - ZwDuplicateToken
-  - PsInitialSystemProcess
-  - _vsnwprintf
-  - ObfDereferenceObject
-  - ObOpenObjectByPointer
-  - PsGetProcessId
-  - PsDereferencePrimaryToken
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IoFreeMdl
-  - MmProbeAndLockPages
-  - MmUnlockPages
-  - IoAllocateMdl
-  - ZwUnloadKey
-  - IoEnumerateRegisteredFiltersList
-  - KeBugCheckEx
-  - MmGetSystemRoutineAddress
-  - IoDeleteDevice
-  - RtlInitUnicodeString
-  - NtBuildNumber
-  - RtlCompareMemory
-  - IoDeleteSymbolicLink
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwindEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltEnumerateFilters
-  - FltObjectDereference
-  - FltGetVolumeFromInstance
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: 26aedc10d4215ba997495d3a68355f4a
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.1.1.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: d45d2640e1584c776a1d10e5f695d7ad
-    SHA1: fef88c261764494d9a145b37b7739f3454786729
-    SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
-  SHA1: dac68b8ee002d5bb61be3d59908a61a26efb7c09
-  SHA256: 443c0ba980d4db9213b654a45248fd855855c1cc81d18812cae9d16729ff9a85
-  Sections:
-    .text:
-      Entropy: 6.1419629238500235
-      Virtual Size: '0x31fc'
-    .rdata:
-      Entropy: 3.845665795476307
-      Virtual Size: '0x13d0'
-    .data:
-      Entropy: 2.2863945965626136
-      Virtual Size: '0x1614'
-    .pdata:
-      Entropy: 4.052479770333054
-      Virtual Size: '0x1b0'
-    PAGE:
-      Entropy: 6.093773811863592
-      Virtual Size: '0x28b'
-    INIT:
-      Entropy: 5.119968261124173
-      Virtual Size: '0x5e6'
-    .rsrc:
-      Entropy: 3.3614073432360265
-      Virtual Size: '0x438'
-    .reloc:
-      Entropy: 4.830405545722778
-      Virtual Size: '0x210'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 059c6bd84285f4960e767f032b33f19b
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: ffd20b63526f607fef3166adc66b74c1
-    SHA1: 33bd7996a2f2a9b08ea6f584af08356ea03dbaee
-    SHA256: 2c44c0464e5b01540ba573be7555b3fcbdb65c9f1193f9c1d02b04c70090d4ac
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2017 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2017-02-26 18:35:22'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.1.0.0
-  Filename: ''
-  ImportedFunctions:
-  - NtBuildNumber
-  - IofCompleteRequest
-  - KeBugCheck
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsInitialSystemProcess
-  - ObfDereferenceObject
-  - PsLookupProcessByProcessId
-  - PsGetProcessImageFileName
-  - PsGetProcessId
-  - ZwClose
-  - ZwSetInformationProcess
-  - ZwDuplicateToken
-  - ObOpenObjectByPointer
-  - PsProcessType
-  - RtlInitUnicodeString
-  - PsReferencePrimaryToken
-  - IoGetCurrentProcess
-  - RtlCompareMemory
-  - ZwOpenProcessTokenEx
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - IoFreeMdl
-  - MmUnlockPages
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - memcpy
-  - KeServiceDescriptorTable
-  - IoEnumerateRegisteredFiltersList
-  - KeTickCount
-  - MmGetSystemRoutineAddress
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - memset
-  - PsDereferencePrimaryToken
-  - _vsnwprintf
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwind
-  - KeBugCheckEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltGetVolumeFromInstance
-  - FltObjectDereference
-  - FltEnumerateFilters
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: 80219fb6b5954c33e16bac5ecdac651b
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.1.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: c4873a245675b1071413f34af4d80050
-    SHA1: dd32c95fe9c3a8bcfa7623a732f2492214ff5881
-    SHA256: 2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
-  SHA1: 020580278d74d0fe741b0f786d8dca7554359997
-  SHA256: a42f4ae69b8755a957256b57eb3d319678eab81705f0ffea0d649ace7321108f
-  Sections:
-    .text:
-      Entropy: 6.189266621409851
-      Virtual Size: '0x235e'
-    .rdata:
-      Entropy: 3.571716952624961
-      Virtual Size: '0xdc4'
-    .data:
-      Entropy: 2.9710357364934694
-      Virtual Size: '0xd68'
-    PAGE:
-      Entropy: 5.8055474754253495
-      Virtual Size: '0x266'
-    INIT:
-      Entropy: 5.325440401058366
-      Virtual Size: '0x538'
-    .rsrc:
-      Entropy: 3.3682712956797647
-      Virtual Size: '0x440'
-    .reloc:
-      Entropy: 5.910661392306955
-      Virtual Size: '0x3e0'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 3b49942ec6cef1898e97f741b2b5df8a
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 4a8ee19d43bae91e26013c808044a28d
-    SHA1: 1aa1c735479fca1c1845c19497ef648c9200e450
-    SHA256: 67d4654d7e78e4d0761d8e200096935791d59acb2bf98106dafff449647c840f
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2016 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2017-01-20 17:22:03'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.1.0.0
-  Filename: ''
-  ImportedFunctions:
-  - KeBugCheck
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsProcessType
-  - PsGetProcessImageFileName
-  - PsLookupProcessByProcessId
-  - PsReferencePrimaryToken
-  - ZwOpenProcessTokenEx
-  - IoGetCurrentProcess
-  - ZwSetInformationProcess
-  - ZwClose
-  - ZwDuplicateToken
-  - PsInitialSystemProcess
-  - _vsnwprintf
-  - ObfDereferenceObject
-  - ObOpenObjectByPointer
-  - PsGetProcessId
-  - PsDereferencePrimaryToken
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IoFreeMdl
-  - MmProbeAndLockPages
-  - MmUnlockPages
-  - IoAllocateMdl
-  - ZwUnloadKey
-  - IoEnumerateRegisteredFiltersList
-  - KeBugCheckEx
-  - MmGetSystemRoutineAddress
-  - IoDeleteDevice
-  - RtlInitUnicodeString
-  - NtBuildNumber
-  - RtlCompareMemory
-  - IoDeleteSymbolicLink
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwindEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltEnumerateFilters
-  - FltObjectDereference
-  - FltGetVolumeFromInstance
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: 05dd59bd4f175304480affd8f1305c37
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.1.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: d45d2640e1584c776a1d10e5f695d7ad
-    SHA1: fef88c261764494d9a145b37b7739f3454786729
-    SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
-  SHA1: fcae2ea5990189f6f230b51e398e3000b71897f2
-  SHA256: 469713c76c7a887826611b8c7180209a8bb6250f91d0f1eb84ac4d450ef15870
-  Sections:
-    .text:
-      Entropy: 6.14362601153889
-      Virtual Size: '0x318c'
-    .rdata:
-      Entropy: 3.85450824328628
-      Virtual Size: '0x1300'
-    .data:
-      Entropy: 2.3976266531821224
-      Virtual Size: '0x1144'
-    .pdata:
-      Entropy: 4.043975650731326
-      Virtual Size: '0x1b0'
-    PAGE:
-      Entropy: 6.070426661582891
-      Virtual Size: '0x28b'
-    INIT:
-      Entropy: 5.119968261124173
-      Virtual Size: '0x5e6'
-    .rsrc:
-      Entropy: 3.370803361398665
-      Virtual Size: '0x440'
-    .reloc:
-      Entropy: 4.657997051970539
-      Virtual Size: '0x1b6'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 059c6bd84285f4960e767f032b33f19b
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: a15fbc087bc936c1456483743d1442a0
-    SHA1: c84b7bb35214a2eb2a7cdc722bcdc16b70a3bb72
-    SHA256: c9cba07502b8a10034ddf75b35f4d6f2a24862cde5bff300720f5df04d4cfe6b
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2017 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2017-02-26 18:35:38'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.1.0.0
-  Filename: ''
-  ImportedFunctions:
-  - KeBugCheck
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsProcessType
-  - PsGetProcessImageFileName
-  - PsLookupProcessByProcessId
-  - PsReferencePrimaryToken
-  - ZwOpenProcessTokenEx
-  - IoGetCurrentProcess
-  - ZwSetInformationProcess
-  - ZwClose
-  - ZwDuplicateToken
-  - PsInitialSystemProcess
-  - _vsnwprintf
-  - ObfDereferenceObject
-  - ObOpenObjectByPointer
-  - PsGetProcessId
-  - PsDereferencePrimaryToken
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IoFreeMdl
-  - MmProbeAndLockPages
-  - MmUnlockPages
-  - IoAllocateMdl
-  - ZwUnloadKey
-  - IoEnumerateRegisteredFiltersList
-  - KeBugCheckEx
-  - MmGetSystemRoutineAddress
-  - IoDeleteDevice
-  - RtlInitUnicodeString
-  - NtBuildNumber
-  - RtlCompareMemory
-  - IoDeleteSymbolicLink
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwindEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltEnumerateFilters
-  - FltObjectDereference
-  - FltGetVolumeFromInstance
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: cbd8d370462503508e44dba023bdf9bc
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.1.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: d45d2640e1584c776a1d10e5f695d7ad
-    SHA1: fef88c261764494d9a145b37b7739f3454786729
-    SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
-  SHA1: ff3e19cd461ddf67529a765cbec9cb81d84dc7da
-  SHA256: c4c9c84b211899ceb0d18a839afa497537a7c7c01ab481965a09788a9e16590c
-  Sections:
-    .text:
-      Entropy: 6.14362601153889
-      Virtual Size: '0x318c'
-    .rdata:
-      Entropy: 3.859805190746546
-      Virtual Size: '0x1300'
-    .data:
-      Entropy: 2.3976266531821224
-      Virtual Size: '0x1144'
-    .pdata:
-      Entropy: 4.043975650731326
-      Virtual Size: '0x1b0'
-    PAGE:
-      Entropy: 6.070426661582891
-      Virtual Size: '0x28b'
-    INIT:
-      Entropy: 5.119968261124173
-      Virtual Size: '0x5e6'
-    .rsrc:
-      Entropy: 3.370803361398665
-      Virtual Size: '0x440'
-    .reloc:
-      Entropy: 4.657997051970539
-      Virtual Size: '0x1b6'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 059c6bd84285f4960e767f032b33f19b
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 60526c634c51161cb26c25788cc1f754
-    SHA1: c3af9f1b621ec0ec684383fd51441009114a7c3d
-    SHA256: 68ea8d1bfabf37920686a0814c0bf47cbc4527543716fd94c0d3f23382e15081
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2020 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2020-08-05 02:32:20'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.2.0.0
-  Filename: ''
-  ImportedFunctions:
-  - NtBuildNumber
-  - IofCompleteRequest
-  - KeBugCheck
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsInitialSystemProcess
-  - ObfDereferenceObject
-  - PsLookupProcessByProcessId
-  - PsGetProcessImageFileName
-  - PsGetProcessId
-  - ZwClose
-  - ZwSetInformationProcess
-  - ZwDuplicateToken
-  - ObOpenObjectByPointer
-  - PsProcessType
-  - RtlInitUnicodeString
-  - PsReferencePrimaryToken
-  - IoGetCurrentProcess
-  - RtlCompareMemory
-  - ZwOpenProcessTokenEx
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - IoFreeMdl
-  - MmUnlockPages
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - memcpy
-  - KeServiceDescriptorTable
-  - IoEnumerateRegisteredFiltersList
-  - KeTickCount
-  - MmGetSystemRoutineAddress
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - memset
-  - PsDereferencePrimaryToken
-  - _vsnwprintf
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwind
-  - KeBugCheckEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltGetVolumeFromInstance
-  - FltObjectDereference
-  - FltEnumerateFilters
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: fb593b1f1f80d20fc7f4b818065c64b6
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.2.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: c4873a245675b1071413f34af4d80050
-    SHA1: dd32c95fe9c3a8bcfa7623a732f2492214ff5881
-    SHA256: 2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
-  SHA1: e0b263f2d9c08f27c6edf5a25aa67a65c88692b0
-  SHA256: ee7b8eb150df2788bb9d5fe468327899d9f60d6731c379fd75143730a83b1c55
-  Sections:
-    .text:
-      Entropy: 6.2064317372812985
-      Virtual Size: '0x2404'
-    .rdata:
-      Entropy: 3.5443270089738492
-      Virtual Size: '0xff4'
-    .data:
-      Entropy: 2.813191841547333
-      Virtual Size: '0x14dc'
-    PAGE:
-      Entropy: 5.804360087879422
-      Virtual Size: '0x266'
-    INIT:
-      Entropy: 5.4281677070245955
-      Virtual Size: '0x538'
-    .rsrc:
-      Entropy: 3.3459452702797696
-      Virtual Size: '0x430'
-    .reloc:
-      Entropy: 6.0011548156682
-      Virtual Size: '0x4a0'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2026-04-13 10:00:00'
-      Signature: 1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 751e3ee9c5dc2f3e8f04e59dee5ed409
-      Version: 3
-      TBS:
-        MD5: a637f8f3c278575f41cda67c2063c050
-        SHA1: debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
-        SHA256: f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
-        SHA384: 8d32c5f71dc656c96a04609c17e9d8dc95c4f56d1a55165a265e244d34a3f7708e6c7d942376e4fbb3d2ac2f2609fd47
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 3b49942ec6cef1898e97f741b2b5df8a
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 1158fc2285d1ac1be5703fe36ea874fe
-    SHA1: be6cc01ed5411c7f2e95ea007e2c09d28fb183c8
-    SHA256: 5e1c7bdb1fa71145a0704a5f00d894043a7754cb82d1d8213cb6a899bd767cab
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2016 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2016-10-24 18:25:06'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.1.0.0
-  Filename: ''
-  ImportedFunctions:
-  - NtBuildNumber
-  - IofCompleteRequest
-  - KeBugCheck
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsInitialSystemProcess
-  - ObfDereferenceObject
-  - PsLookupProcessByProcessId
-  - PsGetProcessImageFileName
-  - PsGetProcessId
-  - ZwClose
-  - ZwSetInformationProcess
-  - ZwDuplicateToken
-  - ObOpenObjectByPointer
-  - PsProcessType
-  - RtlInitUnicodeString
-  - PsReferencePrimaryToken
-  - IoGetCurrentProcess
-  - RtlCompareMemory
-  - ZwOpenProcessTokenEx
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - IoFreeMdl
-  - MmUnlockPages
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - memcpy
-  - KeServiceDescriptorTable
-  - IoEnumerateRegisteredFiltersList
-  - KeTickCount
-  - MmGetSystemRoutineAddress
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - memset
-  - PsDereferencePrimaryToken
-  - _vsnwprintf
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwind
-  - KeBugCheckEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltGetVolumeFromInstance
-  - FltObjectDereference
-  - FltEnumerateFilters
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: ae338d91d1b05a72559b7f6ed717362d
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.1.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: c4873a245675b1071413f34af4d80050
-    SHA1: dd32c95fe9c3a8bcfa7623a732f2492214ff5881
-    SHA256: 2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
-  SHA1: d6de8211dba7074d92b5830618176a3eb8eb6670
-  SHA256: ddf427ce55b36db522f638ba38e34cd7b96a04cb3c47849b91e7554bfd09a69a
-  Sections:
-    .text:
-      Entropy: 6.189266621409851
-      Virtual Size: '0x235e'
-    .rdata:
-      Entropy: 3.5602007762709036
-      Virtual Size: '0xdc4'
-    .data:
-      Entropy: 2.9710357364934694
-      Virtual Size: '0xd68'
-    PAGE:
-      Entropy: 5.8055474754253495
-      Virtual Size: '0x266'
-    INIT:
-      Entropy: 5.325440401058366
-      Virtual Size: '0x538'
-    .rsrc:
-      Entropy: 3.3682712956797647
-      Virtual Size: '0x440'
-    .reloc:
-      Entropy: 5.910661392306955
-      Virtual Size: '0x3e0'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 3b49942ec6cef1898e97f741b2b5df8a
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 06bd72b5eecfb76faa05351128fbefee
-    SHA1: 14b5b696377d733c602cde2f8d0fa1809e17fc63
-    SHA256: ba467c6edee7266721c220fbc84cb80c995d429052846865d869609602d6e48c
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2020 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2020-03-08 06:32:09'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.2.0.0
-  Filename: ''
-  ImportedFunctions:
-  - NtBuildNumber
-  - IofCompleteRequest
-  - KeBugCheck
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsInitialSystemProcess
-  - ObfDereferenceObject
-  - PsLookupProcessByProcessId
-  - PsGetProcessImageFileName
-  - PsGetProcessId
-  - ZwClose
-  - ZwSetInformationProcess
-  - ZwDuplicateToken
-  - ObOpenObjectByPointer
-  - PsProcessType
-  - RtlInitUnicodeString
-  - PsReferencePrimaryToken
-  - IoGetCurrentProcess
-  - RtlCompareMemory
-  - ZwOpenProcessTokenEx
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - IoFreeMdl
-  - MmUnlockPages
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - memcpy
-  - KeServiceDescriptorTable
-  - IoEnumerateRegisteredFiltersList
-  - KeTickCount
-  - MmGetSystemRoutineAddress
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - memset
-  - PsDereferencePrimaryToken
-  - _vsnwprintf
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwind
-  - KeBugCheckEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltGetVolumeFromInstance
-  - FltObjectDereference
-  - FltEnumerateFilters
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: f56db4eba3829c0918413b5c0b42f00f
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.2.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: c4873a245675b1071413f34af4d80050
-    SHA1: dd32c95fe9c3a8bcfa7623a732f2492214ff5881
-    SHA256: 2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
-  SHA1: 9c36600c2640007d3410dea8017573a113374873
-  SHA256: e8ec06b1fa780f577ff0e8c713e0fd9688a48e0329c8188320f9eb62dfc0667f
-  Sections:
-    .text:
-      Entropy: 6.2035733322045745
-      Virtual Size: '0x23f4'
-    .rdata:
-      Entropy: 3.5766626811632
-      Virtual Size: '0xed4'
-    .data:
-      Entropy: 2.8516013173925066
-      Virtual Size: '0x1264'
-    PAGE:
-      Entropy: 5.795549160299263
-      Virtual Size: '0x266'
-    INIT:
-      Entropy: 5.429489696991249
-      Virtual Size: '0x538'
-    .rsrc:
-      Entropy: 3.3459452702797696
-      Virtual Size: '0x430'
-    .reloc:
-      Entropy: 5.93822728458253
-      Virtual Size: '0x464'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2026-04-13 10:00:00'
-      Signature: 1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 751e3ee9c5dc2f3e8f04e59dee5ed409
-      Version: 3
-      TBS:
-        MD5: a637f8f3c278575f41cda67c2063c050
-        SHA1: debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
-        SHA256: f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
-        SHA384: 8d32c5f71dc656c96a04609c17e9d8dc95c4f56d1a55165a265e244d34a3f7708e6c7d942376e4fbb3d2ac2f2609fd47
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 3b49942ec6cef1898e97f741b2b5df8a
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 1c12d5a009e2fd6ee42e9673806349e7
-    SHA1: 45f1ec5d7153b72321d6a040026172a62618e9e7
-    SHA256: edf05640ad7caa10756cc4163e926de74157da1d81b4d245b602a36f4c8cb4d0
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2017 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2018-05-01 16:26:26'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.1.1.0
-  Filename: ''
-  ImportedFunctions:
-  - NtBuildNumber
-  - IofCompleteRequest
-  - KeBugCheck
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsInitialSystemProcess
-  - ObfDereferenceObject
-  - PsLookupProcessByProcessId
-  - PsGetProcessImageFileName
-  - PsGetProcessId
-  - ZwClose
-  - ZwSetInformationProcess
-  - ZwDuplicateToken
-  - ObOpenObjectByPointer
-  - PsProcessType
-  - RtlInitUnicodeString
-  - PsReferencePrimaryToken
-  - IoGetCurrentProcess
-  - RtlCompareMemory
-  - ZwOpenProcessTokenEx
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - IoFreeMdl
-  - MmUnlockPages
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - memcpy
-  - KeServiceDescriptorTable
-  - IoEnumerateRegisteredFiltersList
-  - KeTickCount
-  - MmGetSystemRoutineAddress
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - memset
-  - PsDereferencePrimaryToken
-  - _vsnwprintf
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwind
-  - KeBugCheckEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltGetVolumeFromInstance
-  - FltObjectDereference
-  - FltEnumerateFilters
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: e27b2486aa5c256b662812b465b6036c
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.1.1.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: c4873a245675b1071413f34af4d80050
-    SHA1: dd32c95fe9c3a8bcfa7623a732f2492214ff5881
-    SHA256: 2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
-  SHA1: 6451522b1fb428e549976d0742df5034f8124b17
-  SHA256: e8743094f002239a8a9d6d7852c7852e0bb63cd411b007bd8c194bcba159ef15
-  Sections:
-    .text:
-      Entropy: 6.202827671645787
-      Virtual Size: '0x23ae'
-    .rdata:
-      Entropy: 3.5418249564730657
-      Virtual Size: '0xe24'
-    .data:
-      Entropy: 2.9048205574982506
-      Virtual Size: '0xff4'
-    PAGE:
-      Entropy: 5.788042895055868
-      Virtual Size: '0x266'
-    INIT:
-      Entropy: 5.325440401058365
-      Virtual Size: '0x538'
-    .rsrc:
-      Entropy: 3.3804140325955863
-      Virtual Size: '0x440'
-    .reloc:
-      Entropy: 5.981826468919802
-      Virtual Size: '0x41e'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 3b49942ec6cef1898e97f741b2b5df8a
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 0e71a90d0095278a48893d4068a3f1f8
-    SHA1: f3019b52f343521d3e133106f692d467a5c86093
-    SHA256: d9c3857d2959a3eff45eefe43d8ed1c23bd6908ae8a9a7e2e4e402bbf3e6d3ec
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2016 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2017-01-20 17:22:03'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.1.0.0
-  Filename: ''
-  ImportedFunctions:
-  - KeBugCheck
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsProcessType
-  - PsGetProcessImageFileName
-  - PsLookupProcessByProcessId
-  - PsReferencePrimaryToken
-  - ZwOpenProcessTokenEx
-  - IoGetCurrentProcess
-  - ZwSetInformationProcess
-  - ZwClose
-  - ZwDuplicateToken
-  - PsInitialSystemProcess
-  - _vsnwprintf
-  - ObfDereferenceObject
-  - ObOpenObjectByPointer
-  - PsGetProcessId
-  - PsDereferencePrimaryToken
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IoFreeMdl
-  - MmProbeAndLockPages
-  - MmUnlockPages
-  - IoAllocateMdl
-  - ZwUnloadKey
-  - IoEnumerateRegisteredFiltersList
-  - KeBugCheckEx
-  - MmGetSystemRoutineAddress
-  - IoDeleteDevice
-  - RtlInitUnicodeString
-  - NtBuildNumber
-  - RtlCompareMemory
-  - IoDeleteSymbolicLink
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwindEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltEnumerateFilters
-  - FltObjectDereference
-  - FltGetVolumeFromInstance
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: 35e512f9bedc89dca5ce81f35820714c
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.1.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: d45d2640e1584c776a1d10e5f695d7ad
-    SHA1: fef88c261764494d9a145b37b7739f3454786729
-    SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
-  SHA1: e841c8494b715b27b33be6f800ca290628507aba
-  SHA256: 29348ebe12d872c5f40e316a0043f7e5babe583374487345a79bad0ba93fbdfe
-  Sections:
-    .text:
-      Entropy: 6.14362601153889
-      Virtual Size: '0x318c'
-    .rdata:
-      Entropy: 3.85450824328628
-      Virtual Size: '0x1300'
-    .data:
-      Entropy: 2.3976266531821224
-      Virtual Size: '0x1144'
-    .pdata:
-      Entropy: 4.043975650731326
-      Virtual Size: '0x1b0'
-    PAGE:
-      Entropy: 6.070426661582891
-      Virtual Size: '0x28b'
-    INIT:
-      Entropy: 5.119968261124173
-      Virtual Size: '0x5e6'
-    .rsrc:
-      Entropy: 3.370803361398665
-      Virtual Size: '0x440'
-    .reloc:
-      Entropy: 4.657997051970539
-      Virtual Size: '0x1b6'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 059c6bd84285f4960e767f032b33f19b
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 76e3258ee4cff03a0237ea6447ae1025
-    SHA1: 045af64ec7d1ac2b0114e165b678c4c812f56dd1
-    SHA256: 047e4158225af627382c412fa1f870479a238841341bc13e60312269feb14083
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2017 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2017-04-09 15:24:03'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.1.0.0
-  Filename: ''
-  ImportedFunctions:
-  - NtBuildNumber
-  - IofCompleteRequest
-  - KeBugCheck
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsInitialSystemProcess
-  - ObfDereferenceObject
-  - PsLookupProcessByProcessId
-  - PsGetProcessImageFileName
-  - PsGetProcessId
-  - ZwClose
-  - ZwSetInformationProcess
-  - ZwDuplicateToken
-  - ObOpenObjectByPointer
-  - PsProcessType
-  - RtlInitUnicodeString
-  - PsReferencePrimaryToken
-  - IoGetCurrentProcess
-  - RtlCompareMemory
-  - ZwOpenProcessTokenEx
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - IoFreeMdl
-  - MmUnlockPages
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - memcpy
-  - KeServiceDescriptorTable
-  - IoEnumerateRegisteredFiltersList
-  - KeTickCount
-  - MmGetSystemRoutineAddress
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - memset
-  - PsDereferencePrimaryToken
-  - _vsnwprintf
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwind
-  - KeBugCheckEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltGetVolumeFromInstance
-  - FltObjectDereference
-  - FltEnumerateFilters
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: d13c1b76b4a1ca3ff5ab63678b51df6d
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.1.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: c4873a245675b1071413f34af4d80050
-    SHA1: dd32c95fe9c3a8bcfa7623a732f2492214ff5881
-    SHA256: 2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
-  SHA1: 465abe9634c199a5f80f8a4f77ec3118c0d69652
-  SHA256: 618b15970671700188f4102e5d0638184e2723e8f57f7e917fa49792daebdadb
-  Sections:
-    .text:
-      Entropy: 6.199736289697868
-      Virtual Size: '0x236e'
-    .rdata:
-      Entropy: 3.557864405067224
-      Virtual Size: '0xde4'
-    .data:
-      Entropy: 2.962098389788266
-      Virtual Size: '0xeb0'
-    PAGE:
-      Entropy: 5.795507089372613
-      Virtual Size: '0x266'
-    INIT:
-      Entropy: 5.324875365502854
-      Virtual Size: '0x538'
-    .rsrc:
-      Entropy: 3.3682712956797647
-      Virtual Size: '0x440'
-    .reloc:
-      Entropy: 5.952195564032691
-      Virtual Size: '0x3fe'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 3b49942ec6cef1898e97f741b2b5df8a
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 21cc1cc1dba53e09f8dcef2d178b0993
-    SHA1: ce242aadea5cd44d19308693e1f44b30dad41a0f
-    SHA256: 13999eb266b759e879816fdab640d59ef9e35e2ea61575810979d9eb22fdfd4d
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2017 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2017-06-07 16:45:17'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.1.0.0
-  Filename: ''
-  ImportedFunctions:
-  - KeBugCheck
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsProcessType
-  - PsGetProcessImageFileName
-  - PsLookupProcessByProcessId
-  - PsReferencePrimaryToken
-  - ZwOpenProcessTokenEx
-  - IoGetCurrentProcess
-  - ZwSetInformationProcess
-  - ZwClose
-  - ZwDuplicateToken
-  - PsInitialSystemProcess
-  - _vsnwprintf
-  - ObfDereferenceObject
-  - ObOpenObjectByPointer
-  - PsGetProcessId
-  - PsDereferencePrimaryToken
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IoFreeMdl
-  - MmProbeAndLockPages
-  - MmUnlockPages
-  - IoAllocateMdl
-  - ZwUnloadKey
-  - IoEnumerateRegisteredFiltersList
-  - KeBugCheckEx
-  - MmGetSystemRoutineAddress
-  - IoDeleteDevice
-  - RtlInitUnicodeString
-  - NtBuildNumber
-  - RtlCompareMemory
-  - IoDeleteSymbolicLink
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwindEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltEnumerateFilters
-  - FltObjectDereference
-  - FltGetVolumeFromInstance
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: 65f800e1112864bf41eb815649f428d5
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.1.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: d45d2640e1584c776a1d10e5f695d7ad
-    SHA1: fef88c261764494d9a145b37b7739f3454786729
-    SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
-  SHA1: 2480549ec8564cd37519a419ab2380cf3e8bab9e
-  SHA256: 52f3905bbd97dcd2dbd22890e5e8413b9487088f1ee2fa828030a6a45b3975fd
-  Sections:
-    .text:
-      Entropy: 6.137944463935485
-      Virtual Size: '0x319c'
-    .rdata:
-      Entropy: 3.845382379835078
-      Virtual Size: '0x1340'
-    .data:
-      Entropy: 2.3461427985512437
-      Virtual Size: '0x12e4'
-    .pdata:
-      Entropy: 4.010051195917961
-      Virtual Size: '0x1b0'
-    PAGE:
-      Entropy: 6.083244237405415
-      Virtual Size: '0x28b'
-    INIT:
-      Entropy: 5.119968261124173
-      Virtual Size: '0x5e6'
-    .rsrc:
-      Entropy: 3.370803361398665
-      Virtual Size: '0x440'
-    .reloc:
-      Entropy: 4.705915669612521
-      Virtual Size: '0x1d4'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 059c6bd84285f4960e767f032b33f19b
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 6eedef4a3eab4a6990e8f65b144d8289
-    SHA1: 29e4237767f1a886f45d0eef5910f126ebb9d28e
-    SHA256: 058c84860fb9fefd4c5cec57b6ef9f43146a6509b6894f2a27fb5a2dd16d578b
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2019 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2019-05-12 17:00:04'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.2.0.0
-  Filename: ''
-  ImportedFunctions:
-  - NtBuildNumber
-  - IofCompleteRequest
-  - KeBugCheck
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsInitialSystemProcess
-  - ObfDereferenceObject
-  - PsLookupProcessByProcessId
-  - PsGetProcessImageFileName
-  - PsGetProcessId
-  - ZwClose
-  - ZwSetInformationProcess
-  - ZwDuplicateToken
-  - ObOpenObjectByPointer
-  - PsProcessType
-  - RtlInitUnicodeString
-  - PsReferencePrimaryToken
-  - IoGetCurrentProcess
-  - RtlCompareMemory
-  - ZwOpenProcessTokenEx
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - IoFreeMdl
-  - MmUnlockPages
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - memcpy
-  - KeServiceDescriptorTable
-  - IoEnumerateRegisteredFiltersList
-  - KeTickCount
-  - MmGetSystemRoutineAddress
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - memset
-  - PsDereferencePrimaryToken
-  - _vsnwprintf
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwind
-  - KeBugCheckEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltGetVolumeFromInstance
-  - FltObjectDereference
-  - FltEnumerateFilters
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: a5bcaa2fc87b42e2e5d62a2e5dfcbc80
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.2.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: c4873a245675b1071413f34af4d80050
-    SHA1: dd32c95fe9c3a8bcfa7623a732f2492214ff5881
-    SHA256: 2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
-  SHA1: 0a62c574603158d2d0c3be2a43c6bb0074ed297c
-  SHA256: 8b32fc8b15363915605c127ccbf5cbe71778f8dfbf821a25455496e969a01434
-  Sections:
-    .text:
-      Entropy: 6.2035733322045745
-      Virtual Size: '0x23f4'
-    .rdata:
-      Entropy: 3.5742279772060224
-      Virtual Size: '0xed4'
-    .data:
-      Entropy: 2.8516013173925066
-      Virtual Size: '0x1264'
-    PAGE:
-      Entropy: 5.795549160299263
-      Virtual Size: '0x266'
-    INIT:
-      Entropy: 5.429489696991249
-      Virtual Size: '0x538'
-    .rsrc:
-      Entropy: 3.3528875272530887
-      Virtual Size: '0x430'
-    .reloc:
-      Entropy: 5.93822728458253
-      Virtual Size: '0x464'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 3b49942ec6cef1898e97f741b2b5df8a
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 808907b8d815b6fb6f1f1c717451ad35
-    SHA1: 7cd0b806ae09e408565814f7efe885abb4d977f1
-    SHA256: 94f4bcc9b062406ee7468659c1710d3e0cb057c7b7194e15cd72845082138019
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2020 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2020-09-16 19:07:40'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.2.0.0
-  Filename: ''
-  ImportedFunctions:
-  - KeBugCheck
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsProcessType
-  - PsGetProcessImageFileName
-  - PsLookupProcessByProcessId
-  - PsReferencePrimaryToken
-  - ZwOpenProcessTokenEx
-  - IoGetCurrentProcess
-  - ZwSetInformationProcess
-  - ZwClose
-  - ZwDuplicateToken
-  - PsInitialSystemProcess
-  - _vsnwprintf
-  - ObfDereferenceObject
-  - ObOpenObjectByPointer
-  - PsGetProcessId
-  - PsDereferencePrimaryToken
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IoFreeMdl
-  - MmProbeAndLockPages
-  - MmUnlockPages
-  - IoAllocateMdl
-  - ZwUnloadKey
-  - IoEnumerateRegisteredFiltersList
-  - KeBugCheckEx
-  - MmGetSystemRoutineAddress
-  - IoDeleteDevice
-  - RtlInitUnicodeString
-  - NtBuildNumber
-  - RtlCompareMemory
-  - IoDeleteSymbolicLink
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwindEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltEnumerateFilters
-  - FltObjectDereference
-  - FltGetVolumeFromInstance
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: 528ce5ce19eb34f401ef024de7ddf222
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.2.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: d45d2640e1584c776a1d10e5f695d7ad
-    SHA1: fef88c261764494d9a145b37b7739f3454786729
-    SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
-  SHA1: 221717a48ee8e2d19470579c987674f661869e17
-  SHA256: 4d42678df3917c37f44a1506307f1677b9a689efcf350b1acce7e6f64b514905
-  Sections:
-    .text:
-      Entropy: 6.133976095876382
-      Virtual Size: '0x329c'
-    .rdata:
-      Entropy: 3.836661380089202
-      Virtual Size: '0x1490'
-    .data:
-      Entropy: 2.1710929957450715
-      Virtual Size: '0x1c54'
-    .pdata:
-      Entropy: 3.9857737110778095
-      Virtual Size: '0x1b0'
-    PAGE:
-      Entropy: 6.058535435224619
-      Virtual Size: '0x28b'
-    INIT:
-      Entropy: 5.119968261124173
-      Virtual Size: '0x5e6'
-    .rsrc:
-      Entropy: 3.3478109419215607
-      Virtual Size: '0x430'
-    .reloc:
-      Entropy: 5.011052354824561
-      Virtual Size: '0x288'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2026-04-13 10:00:00'
-      Signature: 1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 751e3ee9c5dc2f3e8f04e59dee5ed409
-      Version: 3
-      TBS:
-        MD5: a637f8f3c278575f41cda67c2063c050
-        SHA1: debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
-        SHA256: f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
-        SHA384: 8d32c5f71dc656c96a04609c17e9d8dc95c4f56d1a55165a265e244d34a3f7708e6c7d942376e4fbb3d2ac2f2609fd47
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 059c6bd84285f4960e767f032b33f19b
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: ac18951cc5192f08f3ba50187eef941e
-    SHA1: 092f12bf5a2d77c03411d7c377199ab47fe3f59b
-    SHA256: 30f9aca036adbcc15cace326e042ed3590f00045f66982afbf569d8fd9b6747b
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2017 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2017-03-12 05:47:38'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.1.0.0
-  Filename: ''
-  ImportedFunctions:
-  - KeBugCheck
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsProcessType
-  - PsGetProcessImageFileName
-  - PsLookupProcessByProcessId
-  - PsReferencePrimaryToken
-  - ZwOpenProcessTokenEx
-  - IoGetCurrentProcess
-  - ZwSetInformationProcess
-  - ZwClose
-  - ZwDuplicateToken
-  - PsInitialSystemProcess
-  - _vsnwprintf
-  - ObfDereferenceObject
-  - ObOpenObjectByPointer
-  - PsGetProcessId
-  - PsDereferencePrimaryToken
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IoFreeMdl
-  - MmProbeAndLockPages
-  - MmUnlockPages
-  - IoAllocateMdl
-  - ZwUnloadKey
-  - IoEnumerateRegisteredFiltersList
-  - KeBugCheckEx
-  - MmGetSystemRoutineAddress
-  - IoDeleteDevice
-  - RtlInitUnicodeString
-  - NtBuildNumber
-  - RtlCompareMemory
-  - IoDeleteSymbolicLink
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwindEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltEnumerateFilters
-  - FltObjectDereference
-  - FltGetVolumeFromInstance
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: 4a27a2bdc6fbe39eeec6455fb1e0ef20
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.1.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: d45d2640e1584c776a1d10e5f695d7ad
-    SHA1: fef88c261764494d9a145b37b7739f3454786729
-    SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
-  SHA1: fde0fff1c3e4c053148748504d4b9e0cc97f37ec
-  SHA256: c4fb31e3f24e40742a1b9855a2d67048fe64b26d8d2dbcec77d2d5deeded2bcc
-  Sections:
-    .text:
-      Entropy: 6.14362601153889
-      Virtual Size: '0x318c'
-    .rdata:
-      Entropy: 3.8608770903565426
-      Virtual Size: '0x1300'
-    .data:
-      Entropy: 2.3976266531821224
-      Virtual Size: '0x1144'
-    .pdata:
-      Entropy: 4.043975650731326
-      Virtual Size: '0x1b0'
-    PAGE:
-      Entropy: 6.070426661582891
-      Virtual Size: '0x28b'
-    INIT:
-      Entropy: 5.119968261124173
-      Virtual Size: '0x5e6'
-    .rsrc:
-      Entropy: 3.370803361398665
-      Virtual Size: '0x440'
-    .reloc:
-      Entropy: 4.657997051970539
-      Virtual Size: '0x1b6'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 059c6bd84285f4960e767f032b33f19b
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 7c814e64b0a2b3541d7c9bb9d99edfbc
-    SHA1: 83222199cc9661710e7d99fad9d690eb6b3fdbaf
-    SHA256: 4f5166322f578fb111b6f2af375052008a5263311890f85c3e4ebc9c0f85affa
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2019 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2019-05-12 17:00:34'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.2.0.0
-  Filename: ''
-  ImportedFunctions:
-  - KeBugCheck
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsProcessType
-  - PsGetProcessImageFileName
-  - PsLookupProcessByProcessId
-  - PsReferencePrimaryToken
-  - ZwOpenProcessTokenEx
-  - IoGetCurrentProcess
-  - ZwSetInformationProcess
-  - ZwClose
-  - ZwDuplicateToken
-  - PsInitialSystemProcess
-  - _vsnwprintf
-  - ObfDereferenceObject
-  - ObOpenObjectByPointer
-  - PsGetProcessId
-  - PsDereferencePrimaryToken
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IoFreeMdl
-  - MmProbeAndLockPages
-  - MmUnlockPages
-  - IoAllocateMdl
-  - ZwUnloadKey
-  - IoEnumerateRegisteredFiltersList
-  - KeBugCheckEx
-  - MmGetSystemRoutineAddress
-  - IoDeleteDevice
-  - RtlInitUnicodeString
-  - NtBuildNumber
-  - RtlCompareMemory
-  - IoDeleteSymbolicLink
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwindEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltEnumerateFilters
-  - FltObjectDereference
-  - FltGetVolumeFromInstance
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: 98d53f6b3bec0a3417a04fbb9e17fa06
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.2.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: d45d2640e1584c776a1d10e5f695d7ad
-    SHA1: fef88c261764494d9a145b37b7739f3454786729
-    SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
-  SHA1: a0cefb5b55f7a7a145b549613e26b6805515a1ad
-  SHA256: 31b66a57fae0cc28a6a236d72a35c8b6244f997e700f9464f9cbf800dbf8bee6
-  Sections:
-    .text:
-      Entropy: 6.135433819899731
-      Virtual Size: '0x325c'
-    .rdata:
-      Entropy: 3.8377641250668497
-      Virtual Size: '0x1450'
-    .data:
-      Entropy: 2.2159905775744044
-      Virtual Size: '0x1934'
-    .pdata:
-      Entropy: 4.038755197475624
-      Virtual Size: '0x1b0'
-    PAGE:
-      Entropy: 6.068036657482388
-      Virtual Size: '0x28b'
-    INIT:
-      Entropy: 5.119968261124173
-      Virtual Size: '0x5e6'
-    .rsrc:
-      Entropy: 3.3547531988948798
-      Virtual Size: '0x430'
-    .reloc:
-      Entropy: 4.901711830072888
-      Virtual Size: '0x24c'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 059c6bd84285f4960e767f032b33f19b
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: bab6f5a48952fb91e53fa1a59d8d8107
-    SHA1: cba35561689cf4923bfb3fc5c8f1cbd445ee90fb
-    SHA256: 869f22f072f71abc741cf9d3b9cbc9020a2611286670c6e6d67cd240629518f6
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2017 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2018-03-25 13:01:09'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.1.1.0
-  Filename: ''
-  ImportedFunctions:
-  - KeBugCheck
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsProcessType
-  - PsGetProcessImageFileName
-  - PsLookupProcessByProcessId
-  - PsReferencePrimaryToken
-  - ZwOpenProcessTokenEx
-  - IoGetCurrentProcess
-  - ZwSetInformationProcess
-  - ZwClose
-  - ZwDuplicateToken
-  - PsInitialSystemProcess
-  - _vsnwprintf
-  - ObfDereferenceObject
-  - ObOpenObjectByPointer
-  - PsGetProcessId
-  - PsDereferencePrimaryToken
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IoFreeMdl
-  - MmProbeAndLockPages
-  - MmUnlockPages
-  - IoAllocateMdl
-  - ZwUnloadKey
-  - IoEnumerateRegisteredFiltersList
-  - KeBugCheckEx
-  - MmGetSystemRoutineAddress
-  - IoDeleteDevice
-  - RtlInitUnicodeString
-  - NtBuildNumber
-  - RtlCompareMemory
-  - IoDeleteSymbolicLink
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwindEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltEnumerateFilters
-  - FltObjectDereference
-  - FltGetVolumeFromInstance
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: 8b75047199825c8e62fdcc1c915db8bd
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.1.1.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: d45d2640e1584c776a1d10e5f695d7ad
-    SHA1: fef88c261764494d9a145b37b7739f3454786729
-    SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
-  SHA1: 85076aa3bffb40339021286b73d72dd5a8e4396a
-  SHA256: d41e39215c2c1286e4cd3b1dc0948adefb161f22bc3a78756a027d41614ee4ff
-  Sections:
-    .text:
-      Entropy: 6.141543334678837
-      Virtual Size: '0x31fc'
-    .rdata:
-      Entropy: 3.850063382249019
-      Virtual Size: '0x13d0'
-    .data:
-      Entropy: 2.2863945965626136
-      Virtual Size: '0x1614'
-    .pdata:
-      Entropy: 4.052479770333054
-      Virtual Size: '0x1b0'
-    PAGE:
-      Entropy: 6.093773811863592
-      Virtual Size: '0x28b'
-    INIT:
-      Entropy: 5.119968261124173
-      Virtual Size: '0x5e6'
-    .rsrc:
-      Entropy: 3.382946098314487
-      Virtual Size: '0x440'
-    .reloc:
-      Entropy: 4.830405545722778
-      Virtual Size: '0x210'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 059c6bd84285f4960e767f032b33f19b
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 0991b6f38efda0c20966f68c2de98b53
-    SHA1: 4682423da48820f26f188ae5b4aa12c3fbd2c290
-    SHA256: 8c87d5f1261a367493fd2f240ace027bef5b178cff3dea22d45e8fa2b0f0541e
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2020 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2020-08-05 02:32:43'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.2.0.0
-  Filename: ''
-  ImportedFunctions:
-  - KeBugCheck
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsProcessType
-  - PsGetProcessImageFileName
-  - PsLookupProcessByProcessId
-  - PsReferencePrimaryToken
-  - ZwOpenProcessTokenEx
-  - IoGetCurrentProcess
-  - ZwSetInformationProcess
-  - ZwClose
-  - ZwDuplicateToken
-  - PsInitialSystemProcess
-  - _vsnwprintf
-  - ObfDereferenceObject
-  - ObOpenObjectByPointer
-  - PsGetProcessId
-  - PsDereferencePrimaryToken
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IoFreeMdl
-  - MmProbeAndLockPages
-  - MmUnlockPages
-  - IoAllocateMdl
-  - ZwUnloadKey
-  - IoEnumerateRegisteredFiltersList
-  - KeBugCheckEx
-  - MmGetSystemRoutineAddress
-  - IoDeleteDevice
-  - RtlInitUnicodeString
-  - NtBuildNumber
-  - RtlCompareMemory
-  - IoDeleteSymbolicLink
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwindEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltEnumerateFilters
-  - FltObjectDereference
-  - FltGetVolumeFromInstance
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: 93496a436c5546156a69deb255a9fed0
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.2.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: d45d2640e1584c776a1d10e5f695d7ad
-    SHA1: fef88c261764494d9a145b37b7739f3454786729
-    SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
-  SHA1: 0de86ec7d7f16a3680df89256548301eed970393
-  SHA256: 4136f1eb11cc463a858393ea733d5f1c220a3187537626f7f5d63eccf7c5a03f
-  Sections:
-    .text:
-      Entropy: 6.133976095876382
-      Virtual Size: '0x329c'
-    .rdata:
-      Entropy: 3.835106069448739
-      Virtual Size: '0x1490'
-    .data:
-      Entropy: 2.1710929957450715
-      Virtual Size: '0x1c54'
-    .pdata:
-      Entropy: 3.9857737110778095
-      Virtual Size: '0x1b0'
-    PAGE:
-      Entropy: 6.058535435224619
-      Virtual Size: '0x28b'
-    INIT:
-      Entropy: 5.119968261124173
-      Virtual Size: '0x5e6'
-    .rsrc:
-      Entropy: 3.3478109419215607
-      Virtual Size: '0x430'
-    .reloc:
-      Entropy: 5.011052354824561
-      Virtual Size: '0x288'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2026-04-13 10:00:00'
-      Signature: 1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 751e3ee9c5dc2f3e8f04e59dee5ed409
-      Version: 3
-      TBS:
-        MD5: a637f8f3c278575f41cda67c2063c050
-        SHA1: debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
-        SHA256: f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
-        SHA384: 8d32c5f71dc656c96a04609c17e9d8dc95c4f56d1a55165a265e244d34a3f7708e6c7d942376e4fbb3d2ac2f2609fd47
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 059c6bd84285f4960e767f032b33f19b
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 70915af229fae80af7cb1cd93122fd7c
-    SHA1: 28740c785f9634c582292650cb6ec8660424c0ba
-    SHA256: 002616bfe5bf3b13868d649d74ffe748317e3b0b33de8b9008683c906a0cae83
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2017 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2017-11-27 19:15:03'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.1.0.0
-  Filename: ''
-  ImportedFunctions:
-  - KeBugCheck
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsProcessType
-  - PsGetProcessImageFileName
-  - PsLookupProcessByProcessId
-  - PsReferencePrimaryToken
-  - ZwOpenProcessTokenEx
-  - IoGetCurrentProcess
-  - ZwSetInformationProcess
-  - ZwClose
-  - ZwDuplicateToken
-  - PsInitialSystemProcess
-  - _vsnwprintf
-  - ObfDereferenceObject
-  - ObOpenObjectByPointer
-  - PsGetProcessId
-  - PsDereferencePrimaryToken
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IoFreeMdl
-  - MmProbeAndLockPages
-  - MmUnlockPages
-  - IoAllocateMdl
-  - ZwUnloadKey
-  - IoEnumerateRegisteredFiltersList
-  - KeBugCheckEx
-  - MmGetSystemRoutineAddress
-  - IoDeleteDevice
-  - RtlInitUnicodeString
-  - NtBuildNumber
-  - RtlCompareMemory
-  - IoDeleteSymbolicLink
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwindEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltEnumerateFilters
-  - FltObjectDereference
-  - FltGetVolumeFromInstance
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: 5e9231e85cecfc6141e3644fda12a734
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.1.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: d45d2640e1584c776a1d10e5f695d7ad
-    SHA1: fef88c261764494d9a145b37b7739f3454786729
-    SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
-  SHA1: 599de57a5c05e27bb72c7b8a677e531d8e4bf8b5
-  SHA256: 64d4370843a07e25d4ceb68816015efcaeca9429bb5bb692a88e615b48c7da96
-  Sections:
-    .text:
-      Entropy: 6.137944463935485
-      Virtual Size: '0x319c'
-    .rdata:
-      Entropy: 3.848333826861409
-      Virtual Size: '0x1340'
-    .data:
-      Entropy: 2.3461427985512437
-      Virtual Size: '0x12e4'
-    .pdata:
-      Entropy: 4.010051195917961
-      Virtual Size: '0x1b0'
-    PAGE:
-      Entropy: 6.083244237405415
-      Virtual Size: '0x28b'
-    INIT:
-      Entropy: 5.119968261124173
-      Virtual Size: '0x5e6'
-    .rsrc:
-      Entropy: 3.370803361398665
-      Virtual Size: '0x440'
-    .reloc:
-      Entropy: 4.705915669612521
-      Virtual Size: '0x1d4'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 059c6bd84285f4960e767f032b33f19b
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: a776ebade70bf7e3d7c5e1db0ccddec9
-    SHA1: 6b01aeeb1d0318fbb286e244d2c84c34af67b530
-    SHA256: 4b5206b5928e03929cca1eda3f12e6df14b31f80e8c16c1bb29109c072053b90
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2014 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2014-06-14 14:54:15'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.0.0.0
-  Filename: ''
-  ImportedFunctions:
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsProcessType
-  - PsGetProcessImageFileName
-  - PsLookupProcessByProcessId
-  - PsReferencePrimaryToken
-  - ZwOpenProcessTokenEx
-  - IoGetCurrentProcess
-  - ZwSetInformationProcess
-  - ZwClose
-  - ZwDuplicateToken
-  - PsInitialSystemProcess
-  - RtlCompareMemory
-  - ObfDereferenceObject
-  - IofCompleteRequest
-  - PsGetProcessId
-  - PsDereferencePrimaryToken
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IoFreeMdl
-  - MmProbeAndLockPages
-  - MmUnlockPages
-  - IoAllocateMdl
-  - ZwUnloadKey
-  - RtlInitUnicodeString
-  - MmGetSystemRoutineAddress
-  - IoEnumerateRegisteredFiltersList
-  - KeBugCheckEx
-  - KeBugCheck
-  - _vsnwprintf
-  - IoDeleteDevice
-  - NtBuildNumber
-  - ObOpenObjectByPointer
-  - IoDeleteSymbolicLink
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwindEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltEnumerateFilters
-  - FltObjectDereference
-  - FltGetVolumeFromInstance
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: fe508caa54ffeb2285d9f00df547fe4a
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.0.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: d45d2640e1584c776a1d10e5f695d7ad
-    SHA1: fef88c261764494d9a145b37b7739f3454786729
-    SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
-  SHA1: af42afda54d150810a60baa7987f9f09d49d1317
-  SHA256: 4dc24fd07f8fb854e685bc540359c59f177de5b91231cc44d6231e33c9e932b1
-  Sections:
-    .text:
-      Entropy: 6.150360472301313
-      Virtual Size: '0x30cc'
-    .rdata:
-      Entropy: 3.906021640824361
-      Virtual Size: '0x1048'
-    .data:
-      Entropy: 2.4940165806266616
-      Virtual Size: '0xc74'
-    .pdata:
-      Entropy: 4.019695649249909
-      Virtual Size: '0x1bc'
-    PAGE:
-      Entropy: 6.037596647390289
-      Virtual Size: '0x28b'
-    INIT:
-      Entropy: 5.111217237674922
-      Virtual Size: '0x5e6'
-    .rsrc:
-      Entropy: 3.3527586134193843
-      Virtual Size: '0x440'
-    .reloc:
-      Entropy: 4.328299648937291
-      Virtual Size: '0x152'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: e97dc162f416bf06745bf9ffdf78a0ff
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: c3766cd40f4ef52f59f3e9c8848a6dbe
-    SHA1: 16cf0d8d085d3db18e202d657dfccd5022b389fb
-    SHA256: 612aa28d12aefd2af8565d4df6df9caa61b5fe8370fffb08933c03d558789e37
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2017 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2017-02-25 18:17:02'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.1.0.0
-  Filename: ''
-  ImportedFunctions:
-  - NtBuildNumber
-  - IofCompleteRequest
-  - KeBugCheck
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsInitialSystemProcess
-  - ObfDereferenceObject
-  - PsLookupProcessByProcessId
-  - PsGetProcessImageFileName
-  - PsGetProcessId
-  - ZwClose
-  - ZwSetInformationProcess
-  - ZwDuplicateToken
-  - ObOpenObjectByPointer
-  - PsProcessType
-  - RtlInitUnicodeString
-  - PsReferencePrimaryToken
-  - IoGetCurrentProcess
-  - RtlCompareMemory
-  - ZwOpenProcessTokenEx
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - IoFreeMdl
-  - MmUnlockPages
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - memcpy
-  - KeServiceDescriptorTable
-  - IoEnumerateRegisteredFiltersList
-  - KeTickCount
-  - MmGetSystemRoutineAddress
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - memset
-  - PsDereferencePrimaryToken
-  - _vsnwprintf
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwind
-  - KeBugCheckEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltGetVolumeFromInstance
-  - FltObjectDereference
-  - FltEnumerateFilters
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: e0cc9b415d884f85c45be145872892b8
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.1.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: c4873a245675b1071413f34af4d80050
-    SHA1: dd32c95fe9c3a8bcfa7623a732f2492214ff5881
-    SHA256: 2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
-  SHA1: 7638c048af5beae44352764390deea597cc3e7b1
-  SHA256: 26bea3b3ab2001d91202f289b7e41499d810474607db7a0893ceab74f5532f47
-  Sections:
-    .text:
-      Entropy: 6.189266621409851
-      Virtual Size: '0x235e'
-    .rdata:
-      Entropy: 3.5672719291381667
-      Virtual Size: '0xdc4'
-    .data:
-      Entropy: 2.9710357364934694
-      Virtual Size: '0xd68'
-    PAGE:
-      Entropy: 5.8055474754253495
-      Virtual Size: '0x266'
-    INIT:
-      Entropy: 5.325440401058366
-      Virtual Size: '0x538'
-    .rsrc:
-      Entropy: 3.3682712956797647
-      Virtual Size: '0x440'
-    .reloc:
-      Entropy: 5.910661392306955
-      Virtual Size: '0x3e0'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 3b49942ec6cef1898e97f741b2b5df8a
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: be49be6ceb35f15a49b39f72a43bfc54
-    SHA1: 895e108e141e238fdeeef2ef11addb4962c48986
-    SHA256: 35d552d7603a26ea7ed111bd865cddaf7aa342481c89af7b2697beb25b99e829
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2017 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2017-11-05 19:33:50'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.1.0.0
-  Filename: ''
-  ImportedFunctions:
-  - NtBuildNumber
-  - IofCompleteRequest
-  - KeBugCheck
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsInitialSystemProcess
-  - ObfDereferenceObject
-  - PsLookupProcessByProcessId
-  - PsGetProcessImageFileName
-  - PsGetProcessId
-  - ZwClose
-  - ZwSetInformationProcess
-  - ZwDuplicateToken
-  - ObOpenObjectByPointer
-  - PsProcessType
-  - RtlInitUnicodeString
-  - PsReferencePrimaryToken
-  - IoGetCurrentProcess
-  - RtlCompareMemory
-  - ZwOpenProcessTokenEx
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - IoFreeMdl
-  - MmUnlockPages
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - memcpy
-  - KeServiceDescriptorTable
-  - IoEnumerateRegisteredFiltersList
-  - KeTickCount
-  - MmGetSystemRoutineAddress
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - memset
-  - PsDereferencePrimaryToken
-  - _vsnwprintf
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwind
-  - KeBugCheckEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltGetVolumeFromInstance
-  - FltObjectDereference
-  - FltEnumerateFilters
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: 87dc81ebe85f20c1a7970e495a778e60
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.1.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: c4873a245675b1071413f34af4d80050
-    SHA1: dd32c95fe9c3a8bcfa7623a732f2492214ff5881
-    SHA256: 2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
-  SHA1: 07f78a47f447e4d8a72ad4bc6a26427b9577ec82
-  SHA256: 822982c568b6f44b610f8dc4ab5d94795c33ae08a6a608050941264975c1ecdb
-  Sections:
-    .text:
-      Entropy: 6.199736289697868
-      Virtual Size: '0x236e'
-    .rdata:
-      Entropy: 3.556959132303336
-      Virtual Size: '0xde4'
-    .data:
-      Entropy: 2.962098389788266
-      Virtual Size: '0xeb0'
-    PAGE:
-      Entropy: 5.795507089372613
-      Virtual Size: '0x266'
-    INIT:
-      Entropy: 5.324875365502854
-      Virtual Size: '0x538'
-    .rsrc:
-      Entropy: 3.3682712956797647
-      Virtual Size: '0x440'
-    .reloc:
-      Entropy: 5.952195564032691
-      Virtual Size: '0x3fe'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 3b49942ec6cef1898e97f741b2b5df8a
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: e370210d04ac9f5c57b8ca7f7eec6101
-    SHA1: 0c37f01c0ef527deafc03b2dcd6516494690ee99
-    SHA256: dc732dc22d0521fce33ed9c37359f702c985d2f35bc00209c3a4a076d6ff564d
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2020 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2020-08-09 14:45:11'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.2.0.0
-  Filename: ''
-  ImportedFunctions:
-  - KeBugCheck
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsProcessType
-  - PsGetProcessImageFileName
-  - PsLookupProcessByProcessId
-  - PsReferencePrimaryToken
-  - ZwOpenProcessTokenEx
-  - IoGetCurrentProcess
-  - ZwSetInformationProcess
-  - ZwClose
-  - ZwDuplicateToken
-  - PsInitialSystemProcess
-  - _vsnwprintf
-  - ObfDereferenceObject
-  - ObOpenObjectByPointer
-  - PsGetProcessId
-  - PsDereferencePrimaryToken
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IoFreeMdl
-  - MmProbeAndLockPages
-  - MmUnlockPages
-  - IoAllocateMdl
-  - ZwUnloadKey
-  - IoEnumerateRegisteredFiltersList
-  - KeBugCheckEx
-  - MmGetSystemRoutineAddress
-  - IoDeleteDevice
-  - RtlInitUnicodeString
-  - NtBuildNumber
-  - RtlCompareMemory
-  - IoDeleteSymbolicLink
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwindEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltEnumerateFilters
-  - FltObjectDereference
-  - FltGetVolumeFromInstance
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: 7108b0d4021af4c41de2c223319cd4c1
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.2.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: d45d2640e1584c776a1d10e5f695d7ad
-    SHA1: fef88c261764494d9a145b37b7739f3454786729
-    SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
-  SHA1: e6966e360038be3b9d8c9b2582eba4e263796084
-  SHA256: 3ca5d47d076e99c312578ef6499e1fa7b9db88551cfc0f138da11105aca7c5e1
-  Sections:
-    .text:
-      Entropy: 6.133976095876382
-      Virtual Size: '0x329c'
-    .rdata:
-      Entropy: 3.831656112715985
-      Virtual Size: '0x1490'
-    .data:
-      Entropy: 2.1710929957450715
-      Virtual Size: '0x1c54'
-    .pdata:
-      Entropy: 3.9857737110778095
-      Virtual Size: '0x1b0'
-    PAGE:
-      Entropy: 6.058535435224619
-      Virtual Size: '0x28b'
-    INIT:
-      Entropy: 5.119968261124173
-      Virtual Size: '0x5e6'
-    .rsrc:
-      Entropy: 3.3478109419215607
-      Virtual Size: '0x430'
-    .reloc:
-      Entropy: 5.011052354824561
-      Virtual Size: '0x288'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2026-04-13 10:00:00'
-      Signature: 1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 751e3ee9c5dc2f3e8f04e59dee5ed409
-      Version: 3
-      TBS:
-        MD5: a637f8f3c278575f41cda67c2063c050
-        SHA1: debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
-        SHA256: f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
-        SHA384: 8d32c5f71dc656c96a04609c17e9d8dc95c4f56d1a55165a265e244d34a3f7708e6c7d942376e4fbb3d2ac2f2609fd47
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 059c6bd84285f4960e767f032b33f19b
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: e6fba20c6bbb9db76f7670964c004540
-    SHA1: f6dba973bc3f6ae8abfd377bfa1ab7018895ebc0
-    SHA256: 0feb05a7cc11793d995c920779cffeae68afabc54ffa8d8c361e5ba44fa57c8e
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2020 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2020-01-02 11:21:29'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.2.0.0
-  Filename: ''
-  ImportedFunctions:
-  - KeBugCheck
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsProcessType
-  - PsGetProcessImageFileName
-  - PsLookupProcessByProcessId
-  - PsReferencePrimaryToken
-  - ZwOpenProcessTokenEx
-  - IoGetCurrentProcess
-  - ZwSetInformationProcess
-  - ZwClose
-  - ZwDuplicateToken
-  - PsInitialSystemProcess
-  - _vsnwprintf
-  - ObfDereferenceObject
-  - ObOpenObjectByPointer
-  - PsGetProcessId
-  - PsDereferencePrimaryToken
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IoFreeMdl
-  - MmProbeAndLockPages
-  - MmUnlockPages
-  - IoAllocateMdl
-  - ZwUnloadKey
-  - IoEnumerateRegisteredFiltersList
-  - KeBugCheckEx
-  - MmGetSystemRoutineAddress
-  - IoDeleteDevice
-  - RtlInitUnicodeString
-  - NtBuildNumber
-  - RtlCompareMemory
-  - IoDeleteSymbolicLink
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwindEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltEnumerateFilters
-  - FltObjectDereference
-  - FltGetVolumeFromInstance
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: 7ebe606acd81abf1f8cb0767c974164b
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.2.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: d45d2640e1584c776a1d10e5f695d7ad
-    SHA1: fef88c261764494d9a145b37b7739f3454786729
-    SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
-  SHA1: 0320534df24a37a245a0b09679a5adb27018fb5f
-  SHA256: 4c89c907b7525b39409af1ad11cc7d2400263601edafc41c935715ef5bd145de
-  Sections:
-    .text:
-      Entropy: 6.135433819899731
-      Virtual Size: '0x325c'
-    .rdata:
-      Entropy: 3.835199273350499
-      Virtual Size: '0x1450'
-    .data:
-      Entropy: 2.2159905775744044
-      Virtual Size: '0x1934'
-    .pdata:
-      Entropy: 4.038755197475624
-      Virtual Size: '0x1b0'
-    PAGE:
-      Entropy: 6.068036657482388
-      Virtual Size: '0x28b'
-    INIT:
-      Entropy: 5.119968261124173
-      Virtual Size: '0x5e6'
-    .rsrc:
-      Entropy: 3.3478109419215607
-      Virtual Size: '0x430'
-    .reloc:
-      Entropy: 4.901711830072888
-      Virtual Size: '0x24c'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2026-04-13 10:00:00'
-      Signature: 1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 751e3ee9c5dc2f3e8f04e59dee5ed409
-      Version: 3
-      TBS:
-        MD5: a637f8f3c278575f41cda67c2063c050
-        SHA1: debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
-        SHA256: f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
-        SHA384: 8d32c5f71dc656c96a04609c17e9d8dc95c4f56d1a55165a265e244d34a3f7708e6c7d942376e4fbb3d2ac2f2609fd47
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 059c6bd84285f4960e767f032b33f19b
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 066397731a2c61690aeb8041fcc6e792
-    SHA1: 0d53071f8707c8ef4455cd4b6d784467fd158b3a
-    SHA256: ccadd6f8b6705e756544646d99f97030f291fc68377ce06f71e8c55512941c47
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2017 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2017-08-13 09:27:35'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.1.0.0
-  Filename: ''
-  ImportedFunctions:
-  - NtBuildNumber
-  - IofCompleteRequest
-  - KeBugCheck
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsInitialSystemProcess
-  - ObfDereferenceObject
-  - PsLookupProcessByProcessId
-  - PsGetProcessImageFileName
-  - PsGetProcessId
-  - ZwClose
-  - ZwSetInformationProcess
-  - ZwDuplicateToken
-  - ObOpenObjectByPointer
-  - PsProcessType
-  - RtlInitUnicodeString
-  - PsReferencePrimaryToken
-  - IoGetCurrentProcess
-  - RtlCompareMemory
-  - ZwOpenProcessTokenEx
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - IoFreeMdl
-  - MmUnlockPages
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - memcpy
-  - KeServiceDescriptorTable
-  - IoEnumerateRegisteredFiltersList
-  - KeTickCount
-  - MmGetSystemRoutineAddress
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - memset
-  - PsDereferencePrimaryToken
-  - _vsnwprintf
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwind
-  - KeBugCheckEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltGetVolumeFromInstance
-  - FltObjectDereference
-  - FltEnumerateFilters
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: 0ca010a32a9b0aeae1e46d666b83b659
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.1.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: c4873a245675b1071413f34af4d80050
-    SHA1: dd32c95fe9c3a8bcfa7623a732f2492214ff5881
-    SHA256: 2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
-  SHA1: 062457182ab08594c631a3f897aeb03c6097eb77
-  SHA256: 0aab2deae90717a8876d46d257401d265cf90a5db4c57706e4003c19eee33550
-  Sections:
-    .text:
-      Entropy: 6.199736289697868
-      Virtual Size: '0x236e'
-    .rdata:
-      Entropy: 3.5573734538365653
-      Virtual Size: '0xde4'
-    .data:
-      Entropy: 2.962098389788266
-      Virtual Size: '0xeb0'
-    PAGE:
-      Entropy: 5.795507089372613
-      Virtual Size: '0x266'
-    INIT:
-      Entropy: 5.324875365502854
-      Virtual Size: '0x538'
-    .rsrc:
-      Entropy: 3.3682712956797647
-      Virtual Size: '0x440'
-    .reloc:
-      Entropy: 5.952195564032691
-      Virtual Size: '0x3fe'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 3b49942ec6cef1898e97f741b2b5df8a
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 0bc2e64f2748f9883c25104feb277794
-    SHA1: ea32f314d1bcf514daf0409aac33f8bd7699e9e8
-    SHA256: 34d57107b592c4d2c7d1c95eea1ab7400c09d23864c3870ca3656b5ae81859aa
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2017 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2017-11-05 19:34:06'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.1.0.0
-  Filename: ''
-  ImportedFunctions:
-  - KeBugCheck
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsProcessType
-  - PsGetProcessImageFileName
-  - PsLookupProcessByProcessId
-  - PsReferencePrimaryToken
-  - ZwOpenProcessTokenEx
-  - IoGetCurrentProcess
-  - ZwSetInformationProcess
-  - ZwClose
-  - ZwDuplicateToken
-  - PsInitialSystemProcess
-  - _vsnwprintf
-  - ObfDereferenceObject
-  - ObOpenObjectByPointer
-  - PsGetProcessId
-  - PsDereferencePrimaryToken
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IoFreeMdl
-  - MmProbeAndLockPages
-  - MmUnlockPages
-  - IoAllocateMdl
-  - ZwUnloadKey
-  - IoEnumerateRegisteredFiltersList
-  - KeBugCheckEx
-  - MmGetSystemRoutineAddress
-  - IoDeleteDevice
-  - RtlInitUnicodeString
-  - NtBuildNumber
-  - RtlCompareMemory
-  - IoDeleteSymbolicLink
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwindEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltEnumerateFilters
-  - FltObjectDereference
-  - FltGetVolumeFromInstance
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: d3af70287de8757cebc6f8d45bb21a20
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.1.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: d45d2640e1584c776a1d10e5f695d7ad
-    SHA1: fef88c261764494d9a145b37b7739f3454786729
-    SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
-  SHA1: 4c8349c6345c8d6101fb896ea0a74d0484c56df0
-  SHA256: c7bccc6f38403def4690e00a0b31eda05973d82be8953a3379e331658c51b231
-  Sections:
-    .text:
-      Entropy: 6.137944463935485
-      Virtual Size: '0x319c'
-    .rdata:
-      Entropy: 3.844898264057266
-      Virtual Size: '0x1340'
-    .data:
-      Entropy: 2.3461427985512437
-      Virtual Size: '0x12e4'
-    .pdata:
-      Entropy: 4.010051195917961
-      Virtual Size: '0x1b0'
-    PAGE:
-      Entropy: 6.083244237405415
-      Virtual Size: '0x28b'
-    INIT:
-      Entropy: 5.119968261124173
-      Virtual Size: '0x5e6'
-    .rsrc:
-      Entropy: 3.370803361398665
-      Virtual Size: '0x440'
-    .reloc:
-      Entropy: 4.705915669612521
-      Virtual Size: '0x1d4'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 059c6bd84285f4960e767f032b33f19b
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 55da2b486d123b91fbf405c051f24300
-    SHA1: eb0e27930fe33462702caee1db803738b1cf633e
-    SHA256: 9f35c5c9f95979f227b6d35f767dd94424285f8960c904188f0624d786ff793c
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2017 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2018-06-16 10:48:41'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.1.1.0
-  Filename: ''
-  ImportedFunctions:
-  - NtBuildNumber
-  - IofCompleteRequest
-  - KeBugCheck
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsInitialSystemProcess
-  - ObfDereferenceObject
-  - PsLookupProcessByProcessId
-  - PsGetProcessImageFileName
-  - PsGetProcessId
-  - ZwClose
-  - ZwSetInformationProcess
-  - ZwDuplicateToken
-  - ObOpenObjectByPointer
-  - PsProcessType
-  - RtlInitUnicodeString
-  - PsReferencePrimaryToken
-  - IoGetCurrentProcess
-  - RtlCompareMemory
-  - ZwOpenProcessTokenEx
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - IoFreeMdl
-  - MmUnlockPages
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - memcpy
-  - KeServiceDescriptorTable
-  - IoEnumerateRegisteredFiltersList
-  - KeTickCount
-  - MmGetSystemRoutineAddress
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - memset
-  - PsDereferencePrimaryToken
-  - _vsnwprintf
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwind
-  - KeBugCheckEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltGetVolumeFromInstance
-  - FltObjectDereference
-  - FltEnumerateFilters
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: a33089d4e50f7d2ea8b52ca95d26ebf3
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.1.1.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: c4873a245675b1071413f34af4d80050
-    SHA1: dd32c95fe9c3a8bcfa7623a732f2492214ff5881
-    SHA256: 2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
-  SHA1: 03506a2f87d1523e844fba22e7617ab2a218b4b7
-  SHA256: fefc070a5f6a9c0415e1c6f44512a33e8d163024174b30a61423d00d1e8f9bf2
-  Sections:
-    .text:
-      Entropy: 6.202827671645787
-      Virtual Size: '0x23ae'
-    .rdata:
-      Entropy: 3.5391363086034646
-      Virtual Size: '0xe24'
-    .data:
-      Entropy: 2.9048205574982506
-      Virtual Size: '0xff4'
-    PAGE:
-      Entropy: 5.788042895055868
-      Virtual Size: '0x266'
-    INIT:
-      Entropy: 5.325440401058365
-      Virtual Size: '0x538'
-    .rsrc:
-      Entropy: 3.3588565214747637
-      Virtual Size: '0x438'
-    .reloc:
-      Entropy: 5.981826468919802
-      Virtual Size: '0x41e'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority,
-        CN=Certum Code Signing CA SHA2
-      ValidFrom: '2015-10-29 11:30:29'
-      ValidTo: '2027-06-09 11:30:29'
-      Signature: aae53f7654024c700e29a93996060f31b70bf1a68b52fb108f4f425b8cbd312301669de829a14dc350faf7f8450e1d82d7fcfea6320473fd71eccc880fa39208c5815802fd0b693bcdb83f493dd08d1c1314682e9b0d9aadb019e29ed27c3977886f23fd7b84fc446db5ba6b7092556c94b1d837fda9591db463b2dc13cd788e2535c19a8f37842ed445cce3f5cc8d73a8e33a6de7959470579150b66def73724f2f028760e2ea22a1ed3efdd18b668d2e726d4fc65d35ee93a898d2676ae9da19cd0283f974fc5f7a1804281edd22333b766c47055dd552fe0eba76f38310c76e305fa760c7fa7427319b2883ed218a1bf1235284ed95bcad3aa5a342019dbc
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 6b326a0f0328d37a1d530bfd23bd48e2
-      Version: 3
-      TBS:
-        MD5: e556c75dbca00e43684d23c11c032d4a
-        SHA1: 50925e36ffd52e5b4d32689e9007b14a3a417168
-        SHA256: f7b6eeb3a567223000a61f68c53b458193557c17e5d512d2825bcb13e5fc9be5
-        SHA384: 57f1cdd3afe0bd7859ab450dbdf6e21a55cf5ba0dda62b9b3c12f2d885d98413ce6817243f6bb83cd77276643369ecbf
-    - Subject: C=FR, O=Open Source Developer, ST=Ile de France, CN=Open Source Developer,
-        Benjamin Delpy, emailAddress=benjamin@gentilkiwi.com
-      ValidFrom: '2017-12-04 09:50:34'
-      ValidTo: '2018-12-04 09:50:34'
-      Signature: a671cf049079a759f4c1fa73dd7f3b3b84da6480a91a3c1a9d6d3bb1313d6714d14272b477c37a86b88a686344dcfd89c8af3a34deaaa5bab970adfa66c5ff206b22ef1954ccbf6b96fdf0f99e9066557fefbb5ddc55aa2a2891181d1a27b06acb79380b618344bd202361fb0399a7e6e6ccbcfa714265fa054e373261efaf6b74bc7e4c7994bcb832d61b3c573d2ec8c3926afb60d4b63428112dd6249c2a49cfded8fa33893fb2d452b135ad57be1ff7956825861e1fd53dfbc0cef82045fd699ebeb74230abfbac20467f087f6e7e2b19f0f961ea2f015c2e54e653507f9966193658afc237778e12001f05e1c6e0ec13d9574718593a2f2484cff950e019
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 1519af351702ab2d86968d0be928f529
-      Version: 3
-      TBS:
-        MD5: 7227ed4392de49333e052f8f17c41f69
-        SHA1: e019d8060f65cc923dab50ea282fb8895c1c75f9
-        SHA256: eee437f4170a21f7de0e590620ff2a9412f89af95e87589d0e5a1cca17f61825
-        SHA384: a5f32361dfa3828aebf139cb1017bba83111e1ce2c5dbd126751a1e7d8f19f3fb838926fc118e423fbe07187e84efc2b
-    - Subject: C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority,
-        CN=Certum Trusted Network CA
-      ValidFrom: '2011-04-15 20:15:34'
-      ValidTo: '2021-04-15 20:25:34'
-      Signature: 419f12160eedee2491fe5d5f10a097a8749e0dccf3115163122a5bb95dc7afac5aa25c0002cb728e0d9225b6522653be3c77a2c28c8089d84118571ab8d05057c328e7fad044804e7e8933286f3a47ef5e231ef27afe3a2a19dead6b1a2847786e9bbfeb7367589a2719d8eb5c3d085860629d5914cf9e76b3cfd962af7b72ac80f9e015ab9c7a5c4b1c7083db7094117bd22a4c7734dc36cccd46d40b198c09f6610ade481c9b3fff0b43d7f1018061abda70cfa78444acb31cce2630f5ca5f696735836ea3888c0fb8939bd65b0615e64b7db950ab09e07b2beb4c1a6bba1cca791bc59f81bde443f02de195d5a166076ce6e5456e060bdbf5bc4395b88aa50555e59668ac1d31db3804bc1c3db61975d1b5802a821e385c4676256c4d8b7483544375e77bb395bfee13609e0ecdfbcaf73a2a52a0a625497a17193ae8941f2c8204035ea9513cef526f7b43ceda2b81b47fda1a2c6265d1ec2837823014319d15bdffacc88b256e41bd1f23741be3fcf94be2eb46e68151530ec94a84788deca8b80f8d4c7fe0f6b0d2c538b24f82c410fe87b88ec6b6b0f87c12a7b4834dfc1e8b6a5bf9d564793ed1e37e1af6c81e59db4dca605c577ea25877ecfa05260032a7f6ff134e98d86f5b434cb336e425bcd93b9f38e00ee9be81e6c91f0f022f8d3a1288a88e1bb1e776913e18de361228fef766557c5bd464487452c32189
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 613bc791000000000034
-      Version: 3
-      TBS:
-        MD5: f5f0d604dd56b0446f98fb67e98a76f8
-        SHA1: c749c146cc00030ff36ecf9b698e6a377bc15605
-        SHA256: df5dacc623d44348fff0bc8ebe2cedc8ba212e33c6f10d7fd608f37f92a2c273
-        SHA384: c394dc13768746f008b4ffa082d6e8a2e55a83052d63e3c0a8f2fcfc30dcd51849afd21b0adf86bc50490629a89da09b
-    Signer:
-    - SerialNumber: 1519af351702ab2d86968d0be928f529
-      Issuer: C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority,
-        CN=Certum Code Signing CA SHA2
-      Version: 1
-  Imphash: 3b49942ec6cef1898e97f741b2b5df8a
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 6590508f737bb147a0dfc35eb18dbd7a
-    SHA1: 565ec3863617cc2bcbe6b32d1c8af8bcaee898de
-    SHA256: 6b4ac66225600b3d5b89f6b0440ccdd0f59279fd0bbf4af82f1aab63df54b883
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2014 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2014-04-13 15:03:03'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.0.0.0
-  Filename: ''
-  ImportedFunctions:
-  - KeBugCheck
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsInitialSystemProcess
-  - ObfDereferenceObject
-  - PsLookupProcessByProcessId
-  - PsGetProcessImageFileName
-  - PsGetProcessId
-  - ZwClose
-  - ZwSetInformationProcess
-  - ZwDuplicateToken
-  - ObOpenObjectByPointer
-  - IofCompleteRequest
-  - PsDereferencePrimaryToken
-  - PsReferencePrimaryToken
-  - IoGetCurrentProcess
-  - RtlCompareMemory
-  - ZwOpenProcessTokenEx
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - KeServiceDescriptorTable
-  - MmGetSystemRoutineAddress
-  - RtlInitUnicodeString
-  - IoEnumerateRegisteredFiltersList
-  - KeTickCount
-  - NtBuildNumber
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - memset
-  - PsProcessType
-  - _vsnwprintf
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwind
-  - KeBugCheckEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltGetVolumeFromInstance
-  - FltObjectDereference
-  - FltEnumerateFilters
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: 48394dce30bb8da5ae089cb8f41b86dc
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.0.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 9ef7d3e0d40381093233ad6158457c82
-    SHA1: de9692ae52b47eb6c3384d87c48ae5b8abec3472
-    SHA256: 38e33f9063e4b5374496e628a2d0cc0858d3b9ce65fd320d40928b79a0fef5e9
-  SHA1: 867652e062eb6bd1b9fc29e74dea3edd611ef40c
-  SHA256: 0d676baac43d9e2d05b577d5e0c516fba250391ab0cb11232a4b17fd97a51e35
-  Sections:
-    .text:
-      Entropy: 6.20225407757641
-      Virtual Size: '0x1fe8'
-    .rdata:
-      Entropy: 3.5227452352693125
-      Virtual Size: '0xbe4'
-    .data:
-      Entropy: 3.0756426415570397
-      Virtual Size: '0x984'
-    PAGE:
-      Entropy: 5.811183490770206
-      Virtual Size: '0x266'
-    INIT:
-      Entropy: 5.304412008980706
-      Virtual Size: '0x4d8'
-    .rsrc:
-      Entropy: 3.3510121662411767
-      Virtual Size: '0x440'
-    .reloc:
-      Entropy: 5.789908545604789
-      Virtual Size: '0x34a'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 87fd2b54ed568e2294300e164b8c46f7
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: a35f399d3f1046e3f41d3baab6bffaa7
-    SHA1: b3e35a45ad181cb48c3fdb6e56c6e720e6c2451b
-    SHA256: 6fe18adf87e3330799361d49e811c7a35a497423833ad83573588b7878df286c
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2017 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2017-06-06 18:26:08'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.1.0.0
-  Filename: ''
-  ImportedFunctions:
-  - KeBugCheck
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsProcessType
-  - PsGetProcessImageFileName
-  - PsLookupProcessByProcessId
-  - PsReferencePrimaryToken
-  - ZwOpenProcessTokenEx
-  - IoGetCurrentProcess
-  - ZwSetInformationProcess
-  - ZwClose
-  - ZwDuplicateToken
-  - PsInitialSystemProcess
-  - _vsnwprintf
-  - ObfDereferenceObject
-  - ObOpenObjectByPointer
-  - PsGetProcessId
-  - PsDereferencePrimaryToken
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IoFreeMdl
-  - MmProbeAndLockPages
-  - MmUnlockPages
-  - IoAllocateMdl
-  - ZwUnloadKey
-  - IoEnumerateRegisteredFiltersList
-  - KeBugCheckEx
-  - MmGetSystemRoutineAddress
-  - IoDeleteDevice
-  - RtlInitUnicodeString
-  - NtBuildNumber
-  - RtlCompareMemory
-  - IoDeleteSymbolicLink
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwindEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltEnumerateFilters
-  - FltObjectDereference
-  - FltGetVolumeFromInstance
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: ccde8c94439f9fc9c42761e4b9a23d97
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.1.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: d45d2640e1584c776a1d10e5f695d7ad
-    SHA1: fef88c261764494d9a145b37b7739f3454786729
-    SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
-  SHA1: a56598e841ae694ac78c37bf4f8c09f9eaf3271f
-  SHA256: 62036cdf3663097534adf3252b921eed06b73c2562655eae36b126c7d3d83266
-  Sections:
-    .text:
-      Entropy: 6.137944463935485
-      Virtual Size: '0x319c'
-    .rdata:
-      Entropy: 3.846410257548868
-      Virtual Size: '0x1340'
-    .data:
-      Entropy: 2.3461427985512437
-      Virtual Size: '0x12e4'
-    .pdata:
-      Entropy: 4.010051195917961
-      Virtual Size: '0x1b0'
-    PAGE:
-      Entropy: 6.083244237405415
-      Virtual Size: '0x28b'
-    INIT:
-      Entropy: 5.119968261124173
-      Virtual Size: '0x5e6'
-    .rsrc:
-      Entropy: 3.370803361398665
-      Virtual Size: '0x440'
-    .reloc:
-      Entropy: 4.705915669612521
-      Virtual Size: '0x1d4'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 059c6bd84285f4960e767f032b33f19b
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: a5bc8be8fe3125725687ca6436b4570c
-    SHA1: 4f412f4b9b25e7c8f57f30850249847cec77b8a6
-    SHA256: 00231ea698565270bf9f542e70490b7a5c6740c2da6699ab548dca0a97ca3171
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2020 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2020-07-15 08:10:46'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.2.0.0
-  Filename: ''
-  ImportedFunctions:
-  - KeBugCheck
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsProcessType
-  - PsGetProcessImageFileName
-  - PsLookupProcessByProcessId
-  - PsReferencePrimaryToken
-  - ZwOpenProcessTokenEx
-  - IoGetCurrentProcess
-  - ZwSetInformationProcess
-  - ZwClose
-  - ZwDuplicateToken
-  - PsInitialSystemProcess
-  - _vsnwprintf
-  - ObfDereferenceObject
-  - ObOpenObjectByPointer
-  - PsGetProcessId
-  - PsDereferencePrimaryToken
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IoFreeMdl
-  - MmProbeAndLockPages
-  - MmUnlockPages
-  - IoAllocateMdl
-  - ZwUnloadKey
-  - IoEnumerateRegisteredFiltersList
-  - KeBugCheckEx
-  - MmGetSystemRoutineAddress
-  - IoDeleteDevice
-  - RtlInitUnicodeString
-  - NtBuildNumber
-  - RtlCompareMemory
-  - IoDeleteSymbolicLink
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwindEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltEnumerateFilters
-  - FltObjectDereference
-  - FltGetVolumeFromInstance
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: 7d86cdda7f49f91fdb69901a002b34e7
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.2.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: d45d2640e1584c776a1d10e5f695d7ad
-    SHA1: fef88c261764494d9a145b37b7739f3454786729
-    SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
-  SHA1: 34b677fba9dcab9a9016332b3332ce57f5796860
-  SHA256: 93aa3066ae831cdf81505e1bc5035227dc0e8f06ebbbb777832a17920c6a02fe
-  Sections:
-    .text:
-      Entropy: 6.133976095876382
-      Virtual Size: '0x329c'
-    .rdata:
-      Entropy: 3.834943155260995
-      Virtual Size: '0x1490'
-    .data:
-      Entropy: 2.1710929957450715
-      Virtual Size: '0x1c54'
-    .pdata:
-      Entropy: 3.9857737110778095
-      Virtual Size: '0x1b0'
-    PAGE:
-      Entropy: 6.058535435224619
-      Virtual Size: '0x28b'
-    INIT:
-      Entropy: 5.119968261124173
-      Virtual Size: '0x5e6'
-    .rsrc:
-      Entropy: 3.3478109419215607
-      Virtual Size: '0x430'
-    .reloc:
-      Entropy: 5.011052354824561
-      Virtual Size: '0x288'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2026-04-13 10:00:00'
-      Signature: 1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 751e3ee9c5dc2f3e8f04e59dee5ed409
-      Version: 3
-      TBS:
-        MD5: a637f8f3c278575f41cda67c2063c050
-        SHA1: debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
-        SHA256: f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
-        SHA384: 8d32c5f71dc656c96a04609c17e9d8dc95c4f56d1a55165a265e244d34a3f7708e6c7d942376e4fbb3d2ac2f2609fd47
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 059c6bd84285f4960e767f032b33f19b
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 92a71f6d2051c92d5851fb9bd3e4e614
-    SHA1: 2f481b03cd80eb7fccb9efd0f67e97e101e23761
-    SHA256: 6e3e09583b7bba35ef21419bdc711984e8541eb20a29406940727f73cbb5064a
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2017 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2017-08-13 09:27:50'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.1.0.0
-  Filename: ''
-  ImportedFunctions:
-  - KeBugCheck
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsProcessType
-  - PsGetProcessImageFileName
-  - PsLookupProcessByProcessId
-  - PsReferencePrimaryToken
-  - ZwOpenProcessTokenEx
-  - IoGetCurrentProcess
-  - ZwSetInformationProcess
-  - ZwClose
-  - ZwDuplicateToken
-  - PsInitialSystemProcess
-  - _vsnwprintf
-  - ObfDereferenceObject
-  - ObOpenObjectByPointer
-  - PsGetProcessId
-  - PsDereferencePrimaryToken
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IoFreeMdl
-  - MmProbeAndLockPages
-  - MmUnlockPages
-  - IoAllocateMdl
-  - ZwUnloadKey
-  - IoEnumerateRegisteredFiltersList
-  - KeBugCheckEx
-  - MmGetSystemRoutineAddress
-  - IoDeleteDevice
-  - RtlInitUnicodeString
-  - NtBuildNumber
-  - RtlCompareMemory
-  - IoDeleteSymbolicLink
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwindEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltEnumerateFilters
-  - FltObjectDereference
-  - FltGetVolumeFromInstance
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: 6b480fac7caca2f85be9a0cfe79aedfc
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.1.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: d45d2640e1584c776a1d10e5f695d7ad
-    SHA1: fef88c261764494d9a145b37b7739f3454786729
-    SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
-  SHA1: a249278a668d4df30af9f5d67ebb7d2cd160beaa
-  SHA256: a32dc2218fb1f538fba33701dfd9ca34267fda3181e82eb58b971ae8b78f0852
-  Sections:
-    .text:
-      Entropy: 6.137944463935485
-      Virtual Size: '0x319c'
-    .rdata:
-      Entropy: 3.8516903866776753
-      Virtual Size: '0x1340'
-    .data:
-      Entropy: 2.3461427985512437
-      Virtual Size: '0x12e4'
-    .pdata:
-      Entropy: 4.010051195917961
-      Virtual Size: '0x1b0'
-    PAGE:
-      Entropy: 6.083244237405415
-      Virtual Size: '0x28b'
-    INIT:
-      Entropy: 5.119968261124173
-      Virtual Size: '0x5e6'
-    .rsrc:
-      Entropy: 3.370803361398665
-      Virtual Size: '0x440'
-    .reloc:
-      Entropy: 4.705915669612521
-      Virtual Size: '0x1d4'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 059c6bd84285f4960e767f032b33f19b
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 1fddd0b405a4a733dd3b4b002c9c391a
-    SHA1: 4536bf012b14ef5bc17d70157877dd1b2834c997
-    SHA256: 4c068b3c86f5776e9a26680952de22e156ec9700d9c1810e5fd344c994d50419
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2020 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2020-09-16 19:34:03'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.2.0.0
-  Filename: ''
-  ImportedFunctions:
-  - NtBuildNumber
-  - IofCompleteRequest
-  - KeBugCheck
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsInitialSystemProcess
-  - ObfDereferenceObject
-  - PsLookupProcessByProcessId
-  - PsGetProcessImageFileName
-  - PsGetProcessId
-  - ZwClose
-  - ZwSetInformationProcess
-  - ZwDuplicateToken
-  - ObOpenObjectByPointer
-  - PsProcessType
-  - RtlInitUnicodeString
-  - PsReferencePrimaryToken
-  - IoGetCurrentProcess
-  - RtlCompareMemory
-  - ZwOpenProcessTokenEx
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - IoFreeMdl
-  - MmUnlockPages
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - memcpy
-  - KeServiceDescriptorTable
-  - IoEnumerateRegisteredFiltersList
-  - KeTickCount
-  - MmGetSystemRoutineAddress
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - memset
-  - PsDereferencePrimaryToken
-  - _vsnwprintf
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwind
-  - KeBugCheckEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltGetVolumeFromInstance
-  - FltObjectDereference
-  - FltEnumerateFilters
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: 27053e964667318e1b370150cbca9138
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.2.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: c4873a245675b1071413f34af4d80050
-    SHA1: dd32c95fe9c3a8bcfa7623a732f2492214ff5881
-    SHA256: 2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
-  SHA1: 02534b5b510d978bac823461a39f76b4f0ac5aa3
-  SHA256: 083f821d90e607ed93221e71d4742673e74f573d0755a96ad17d1403f65a2254
-  Sections:
-    .text:
-      Entropy: 6.2064317372812985
-      Virtual Size: '0x2404'
-    .rdata:
-      Entropy: 3.5462500241908277
-      Virtual Size: '0xff4'
-    .data:
-      Entropy: 2.813191841547333
-      Virtual Size: '0x14dc'
-    PAGE:
-      Entropy: 5.804360087879422
-      Virtual Size: '0x266'
-    INIT:
-      Entropy: 5.4281677070245955
-      Virtual Size: '0x538'
-    .rsrc:
-      Entropy: 3.3459452702797696
-      Virtual Size: '0x430'
-    .reloc:
-      Entropy: 6.0011548156682
-      Virtual Size: '0x4a0'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2026-04-13 10:00:00'
-      Signature: 1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 751e3ee9c5dc2f3e8f04e59dee5ed409
-      Version: 3
-      TBS:
-        MD5: a637f8f3c278575f41cda67c2063c050
-        SHA1: debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
-        SHA256: f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
-        SHA384: 8d32c5f71dc656c96a04609c17e9d8dc95c4f56d1a55165a265e244d34a3f7708e6c7d942376e4fbb3d2ac2f2609fd47
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 3b49942ec6cef1898e97f741b2b5df8a
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: e832e00fd6b6d562b40ab0c875a78680
-    SHA1: 4197f8d9fd8e733db82a03923ff72d839adec19a
-    SHA256: 2dd2620e1c844738429ba31e2545a8b2de1387117e4f24d6fe7fd4246b09ac39
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2017 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2018-02-04 18:08:19'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.1.1.0
-  Filename: ''
-  ImportedFunctions:
-  - NtBuildNumber
-  - IofCompleteRequest
-  - KeBugCheck
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsInitialSystemProcess
-  - ObfDereferenceObject
-  - PsLookupProcessByProcessId
-  - PsGetProcessImageFileName
-  - PsGetProcessId
-  - ZwClose
-  - ZwSetInformationProcess
-  - ZwDuplicateToken
-  - ObOpenObjectByPointer
-  - PsProcessType
-  - RtlInitUnicodeString
-  - PsReferencePrimaryToken
-  - IoGetCurrentProcess
-  - RtlCompareMemory
-  - ZwOpenProcessTokenEx
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - IoFreeMdl
-  - MmUnlockPages
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - memcpy
-  - KeServiceDescriptorTable
-  - IoEnumerateRegisteredFiltersList
-  - KeTickCount
-  - MmGetSystemRoutineAddress
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - memset
-  - PsDereferencePrimaryToken
-  - _vsnwprintf
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwind
-  - KeBugCheckEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltGetVolumeFromInstance
-  - FltObjectDereference
-  - FltEnumerateFilters
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: 78a122d926ccc371d60c861600c310f3
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.1.1.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: c4873a245675b1071413f34af4d80050
-    SHA1: dd32c95fe9c3a8bcfa7623a732f2492214ff5881
-    SHA256: 2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
-  SHA1: 10fb4ba6b2585ea02e7afb53ff34bf184eeb1a5d
-  SHA256: beef40f1b4ce0ff2ee5c264955e6b2a0de6fe4089307510378adc83fad77228b
-  Sections:
-    .text:
-      Entropy: 6.198093347366582
-      Virtual Size: '0x239e'
-    .rdata:
-      Entropy: 3.5470813576126146
-      Virtual Size: '0xe04'
-    .data:
-      Entropy: 2.8887582835017827
-      Virtual Size: '0xff8'
-    PAGE:
-      Entropy: 5.783313787388865
-      Virtual Size: '0x266'
-    INIT:
-      Entropy: 5.323943395070341
-      Virtual Size: '0x538'
-    .rsrc:
-      Entropy: 3.3804140325955863
-      Virtual Size: '0x440'
-    .reloc:
-      Entropy: 5.967349329602677
-      Virtual Size: '0x41e'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority,
-        CN=Certum Code Signing CA SHA2
-      ValidFrom: '2015-10-29 11:30:29'
-      ValidTo: '2027-06-09 11:30:29'
-      Signature: aae53f7654024c700e29a93996060f31b70bf1a68b52fb108f4f425b8cbd312301669de829a14dc350faf7f8450e1d82d7fcfea6320473fd71eccc880fa39208c5815802fd0b693bcdb83f493dd08d1c1314682e9b0d9aadb019e29ed27c3977886f23fd7b84fc446db5ba6b7092556c94b1d837fda9591db463b2dc13cd788e2535c19a8f37842ed445cce3f5cc8d73a8e33a6de7959470579150b66def73724f2f028760e2ea22a1ed3efdd18b668d2e726d4fc65d35ee93a898d2676ae9da19cd0283f974fc5f7a1804281edd22333b766c47055dd552fe0eba76f38310c76e305fa760c7fa7427319b2883ed218a1bf1235284ed95bcad3aa5a342019dbc
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 6b326a0f0328d37a1d530bfd23bd48e2
-      Version: 3
-      TBS:
-        MD5: e556c75dbca00e43684d23c11c032d4a
-        SHA1: 50925e36ffd52e5b4d32689e9007b14a3a417168
-        SHA256: f7b6eeb3a567223000a61f68c53b458193557c17e5d512d2825bcb13e5fc9be5
-        SHA384: 57f1cdd3afe0bd7859ab450dbdf6e21a55cf5ba0dda62b9b3c12f2d885d98413ce6817243f6bb83cd77276643369ecbf
-    - Subject: C=FR, O=Open Source Developer, ST=Ile de France, CN=Open Source Developer,
-        Benjamin Delpy, emailAddress=benjamin@gentilkiwi.com
-      ValidFrom: '2017-12-04 09:50:34'
-      ValidTo: '2018-12-04 09:50:34'
-      Signature: a671cf049079a759f4c1fa73dd7f3b3b84da6480a91a3c1a9d6d3bb1313d6714d14272b477c37a86b88a686344dcfd89c8af3a34deaaa5bab970adfa66c5ff206b22ef1954ccbf6b96fdf0f99e9066557fefbb5ddc55aa2a2891181d1a27b06acb79380b618344bd202361fb0399a7e6e6ccbcfa714265fa054e373261efaf6b74bc7e4c7994bcb832d61b3c573d2ec8c3926afb60d4b63428112dd6249c2a49cfded8fa33893fb2d452b135ad57be1ff7956825861e1fd53dfbc0cef82045fd699ebeb74230abfbac20467f087f6e7e2b19f0f961ea2f015c2e54e653507f9966193658afc237778e12001f05e1c6e0ec13d9574718593a2f2484cff950e019
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 1519af351702ab2d86968d0be928f529
-      Version: 3
-      TBS:
-        MD5: 7227ed4392de49333e052f8f17c41f69
-        SHA1: e019d8060f65cc923dab50ea282fb8895c1c75f9
-        SHA256: eee437f4170a21f7de0e590620ff2a9412f89af95e87589d0e5a1cca17f61825
-        SHA384: a5f32361dfa3828aebf139cb1017bba83111e1ce2c5dbd126751a1e7d8f19f3fb838926fc118e423fbe07187e84efc2b
-    - Subject: C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority,
-        CN=Certum Trusted Network CA
-      ValidFrom: '2011-04-15 20:15:34'
-      ValidTo: '2021-04-15 20:25:34'
-      Signature: 419f12160eedee2491fe5d5f10a097a8749e0dccf3115163122a5bb95dc7afac5aa25c0002cb728e0d9225b6522653be3c77a2c28c8089d84118571ab8d05057c328e7fad044804e7e8933286f3a47ef5e231ef27afe3a2a19dead6b1a2847786e9bbfeb7367589a2719d8eb5c3d085860629d5914cf9e76b3cfd962af7b72ac80f9e015ab9c7a5c4b1c7083db7094117bd22a4c7734dc36cccd46d40b198c09f6610ade481c9b3fff0b43d7f1018061abda70cfa78444acb31cce2630f5ca5f696735836ea3888c0fb8939bd65b0615e64b7db950ab09e07b2beb4c1a6bba1cca791bc59f81bde443f02de195d5a166076ce6e5456e060bdbf5bc4395b88aa50555e59668ac1d31db3804bc1c3db61975d1b5802a821e385c4676256c4d8b7483544375e77bb395bfee13609e0ecdfbcaf73a2a52a0a625497a17193ae8941f2c8204035ea9513cef526f7b43ceda2b81b47fda1a2c6265d1ec2837823014319d15bdffacc88b256e41bd1f23741be3fcf94be2eb46e68151530ec94a84788deca8b80f8d4c7fe0f6b0d2c538b24f82c410fe87b88ec6b6b0f87c12a7b4834dfc1e8b6a5bf9d564793ed1e37e1af6c81e59db4dca605c577ea25877ecfa05260032a7f6ff134e98d86f5b434cb336e425bcd93b9f38e00ee9be81e6c91f0f022f8d3a1288a88e1bb1e776913e18de361228fef766557c5bd464487452c32189
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 613bc791000000000034
-      Version: 3
-      TBS:
-        MD5: f5f0d604dd56b0446f98fb67e98a76f8
-        SHA1: c749c146cc00030ff36ecf9b698e6a377bc15605
-        SHA256: df5dacc623d44348fff0bc8ebe2cedc8ba212e33c6f10d7fd608f37f92a2c273
-        SHA384: c394dc13768746f008b4ffa082d6e8a2e55a83052d63e3c0a8f2fcfc30dcd51849afd21b0adf86bc50490629a89da09b
-    Signer:
-    - SerialNumber: 1519af351702ab2d86968d0be928f529
-      Issuer: C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority,
-        CN=Certum Code Signing CA SHA2
-      Version: 1
-  Imphash: 3b49942ec6cef1898e97f741b2b5df8a
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 051cd4423d407ea1d470e612cf83922b
-    SHA1: 45d28e95c72db9c42a8da1f59013c80abc22894b
-    SHA256: e6745f1ac0dc8014e359672c7d5d1c01588ab4a68ea96eea2dea811dcdcf5131
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2017 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2018-08-14 14:14:01'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.1.1.0
-  Filename: ''
-  ImportedFunctions:
-  - KeBugCheck
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsProcessType
-  - PsGetProcessImageFileName
-  - PsLookupProcessByProcessId
-  - PsReferencePrimaryToken
-  - ZwOpenProcessTokenEx
-  - IoGetCurrentProcess
-  - ZwSetInformationProcess
-  - ZwClose
-  - ZwDuplicateToken
-  - PsInitialSystemProcess
-  - _vsnwprintf
-  - ObfDereferenceObject
-  - ObOpenObjectByPointer
-  - PsGetProcessId
-  - PsDereferencePrimaryToken
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IoFreeMdl
-  - MmProbeAndLockPages
-  - MmUnlockPages
-  - IoAllocateMdl
-  - ZwUnloadKey
-  - IoEnumerateRegisteredFiltersList
-  - KeBugCheckEx
-  - MmGetSystemRoutineAddress
-  - IoDeleteDevice
-  - RtlInitUnicodeString
-  - NtBuildNumber
-  - RtlCompareMemory
-  - IoDeleteSymbolicLink
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwindEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltEnumerateFilters
-  - FltObjectDereference
-  - FltGetVolumeFromInstance
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: 30ca3cc19f001a8f12c619daa8c6b6e3
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.1.1.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: d45d2640e1584c776a1d10e5f695d7ad
-    SHA1: fef88c261764494d9a145b37b7739f3454786729
-    SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
-  SHA1: 2779c54ccd1c008cd80e88c2b454d76f4fa18c07
-  SHA256: 6964a5d85639baee288555797992861232e75817f93028b50b8c6d34aa38b05b
-  Sections:
-    .text:
-      Entropy: 6.1419629238500235
-      Virtual Size: '0x31fc'
-    .rdata:
-      Entropy: 3.850727433202846
-      Virtual Size: '0x13d0'
-    .data:
-      Entropy: 2.2863945965626136
-      Virtual Size: '0x1614'
-    .pdata:
-      Entropy: 4.052479770333054
-      Virtual Size: '0x1b0'
-    PAGE:
-      Entropy: 6.093773811863592
-      Virtual Size: '0x28b'
-    INIT:
-      Entropy: 5.119968261124173
-      Virtual Size: '0x5e6'
-    .rsrc:
-      Entropy: 3.3614073432360265
-      Virtual Size: '0x438'
-    .reloc:
-      Entropy: 4.830405545722778
-      Virtual Size: '0x210'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 059c6bd84285f4960e767f032b33f19b
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: cc7cfef4c49cdf23f42822de130703cd
-    SHA1: 3de0619f4784a19de28ee473917fc9939ef23bc8
-    SHA256: 40c740c6820ddc8f01013e7354278166c090cfe5e4027be1b187cf8cbd8a6b3f
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2017 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2017-07-31 20:46:20'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.1.0.0
-  Filename: ''
-  ImportedFunctions:
-  - KeBugCheck
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsProcessType
-  - PsGetProcessImageFileName
-  - PsLookupProcessByProcessId
-  - PsReferencePrimaryToken
-  - ZwOpenProcessTokenEx
-  - IoGetCurrentProcess
-  - ZwSetInformationProcess
-  - ZwClose
-  - ZwDuplicateToken
-  - PsInitialSystemProcess
-  - _vsnwprintf
-  - ObfDereferenceObject
-  - ObOpenObjectByPointer
-  - PsGetProcessId
-  - PsDereferencePrimaryToken
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IoFreeMdl
-  - MmProbeAndLockPages
-  - MmUnlockPages
-  - IoAllocateMdl
-  - ZwUnloadKey
-  - IoEnumerateRegisteredFiltersList
-  - KeBugCheckEx
-  - MmGetSystemRoutineAddress
-  - IoDeleteDevice
-  - RtlInitUnicodeString
-  - NtBuildNumber
-  - RtlCompareMemory
-  - IoDeleteSymbolicLink
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwindEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltEnumerateFilters
-  - FltObjectDereference
-  - FltGetVolumeFromInstance
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: 091a6bd4880048514c5dd3bede15eba5
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.1.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: d45d2640e1584c776a1d10e5f695d7ad
-    SHA1: fef88c261764494d9a145b37b7739f3454786729
-    SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
-  SHA1: c7f0423ac5569f13d2b195e02741ad7eed839c6d
-  SHA256: 673bbc7fa4154f7d99af333014e888599c27ead02710f7bc7199184b30b38653
-  Sections:
-    .text:
-      Entropy: 6.137944463935485
-      Virtual Size: '0x319c'
-    .rdata:
-      Entropy: 3.852931722371594
-      Virtual Size: '0x1340'
-    .data:
-      Entropy: 2.3461427985512437
-      Virtual Size: '0x12e4'
-    .pdata:
-      Entropy: 4.010051195917961
-      Virtual Size: '0x1b0'
-    PAGE:
-      Entropy: 6.083244237405415
-      Virtual Size: '0x28b'
-    INIT:
-      Entropy: 5.119968261124173
-      Virtual Size: '0x5e6'
-    .rsrc:
-      Entropy: 3.370803361398665
-      Virtual Size: '0x440'
-    .reloc:
-      Entropy: 4.705915669612521
-      Virtual Size: '0x1d4'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 059c6bd84285f4960e767f032b33f19b
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 28e750aac7e280f5a4f5e3c677e5a5a8
-    SHA1: 0527d6e65a5e589a604b9e12665ee15ce549a39b
-    SHA256: 3bafb4e11a3823b3455728e938c69103dd4ff414529d9579b38b5ee12f77bce0
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2017 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2017-12-03 13:13:16'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.1.0.0
-  Filename: ''
-  ImportedFunctions:
-  - NtBuildNumber
-  - IofCompleteRequest
-  - KeBugCheck
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsInitialSystemProcess
-  - ObfDereferenceObject
-  - PsLookupProcessByProcessId
-  - PsGetProcessImageFileName
-  - PsGetProcessId
-  - ZwClose
-  - ZwSetInformationProcess
-  - ZwDuplicateToken
-  - ObOpenObjectByPointer
-  - PsProcessType
-  - RtlInitUnicodeString
-  - PsReferencePrimaryToken
-  - IoGetCurrentProcess
-  - RtlCompareMemory
-  - ZwOpenProcessTokenEx
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - IoFreeMdl
-  - MmUnlockPages
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - memcpy
-  - KeServiceDescriptorTable
-  - IoEnumerateRegisteredFiltersList
-  - KeTickCount
-  - MmGetSystemRoutineAddress
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - memset
-  - PsDereferencePrimaryToken
-  - _vsnwprintf
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwind
-  - KeBugCheckEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltGetVolumeFromInstance
-  - FltObjectDereference
-  - FltEnumerateFilters
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: 06c7fcf3523235cf52b3eee083ec07b2
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.1.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: c4873a245675b1071413f34af4d80050
-    SHA1: dd32c95fe9c3a8bcfa7623a732f2492214ff5881
-    SHA256: 2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
-  SHA1: d1fb740210c1fa2a52f6748b0588ae77de590b9d
-  SHA256: 14b89298134696f2fd1b1df0961d36fa6354721ea92498a349dc421e79447925
-  Sections:
-    .text:
-      Entropy: 6.199736289697868
-      Virtual Size: '0x236e'
-    .rdata:
-      Entropy: 3.5585329340170353
-      Virtual Size: '0xde4'
-    .data:
-      Entropy: 2.962098389788266
-      Virtual Size: '0xeb0'
-    PAGE:
-      Entropy: 5.795507089372613
-      Virtual Size: '0x266'
-    INIT:
-      Entropy: 5.324875365502854
-      Virtual Size: '0x538'
-    .rsrc:
-      Entropy: 3.3682712956797647
-      Virtual Size: '0x440'
-    .reloc:
-      Entropy: 5.952195564032691
-      Virtual Size: '0x3fe'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 3b49942ec6cef1898e97f741b2b5df8a
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 6bf3939ede334f41e8e1ad4b1215f137
-    SHA1: 35740f851360b154d9fbc06de9fe2ec3ec3ab552
-    SHA256: d6d56ffa4dcec362148ce6b3806773403cf7ca61f991e17f7286ee975a706f78
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2017 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2018-01-26 17:39:54'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.1.1.0
-  Filename: ''
-  ImportedFunctions:
-  - KeBugCheck
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsProcessType
-  - PsGetProcessImageFileName
-  - PsLookupProcessByProcessId
-  - PsReferencePrimaryToken
-  - ZwOpenProcessTokenEx
-  - IoGetCurrentProcess
-  - ZwSetInformationProcess
-  - ZwClose
-  - ZwDuplicateToken
-  - PsInitialSystemProcess
-  - _vsnwprintf
-  - ObfDereferenceObject
-  - ObOpenObjectByPointer
-  - PsGetProcessId
-  - PsDereferencePrimaryToken
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IoFreeMdl
-  - MmProbeAndLockPages
-  - MmUnlockPages
-  - IoAllocateMdl
-  - ZwUnloadKey
-  - IoEnumerateRegisteredFiltersList
-  - KeBugCheckEx
-  - MmGetSystemRoutineAddress
-  - IoDeleteDevice
-  - RtlInitUnicodeString
-  - NtBuildNumber
-  - RtlCompareMemory
-  - IoDeleteSymbolicLink
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwindEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltEnumerateFilters
-  - FltObjectDereference
-  - FltGetVolumeFromInstance
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: 67daa04716803a15fc11c9e353d77c2f
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.1.1.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: d45d2640e1584c776a1d10e5f695d7ad
-    SHA1: fef88c261764494d9a145b37b7739f3454786729
-    SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
-  SHA1: a111dc6ae5575977feba71ee69b790e056846a02
-  SHA256: b2486f9359c94d7473ad8331b87a9c17ca9ba6e4109fd26ce92dff01969eaa09
-  Sections:
-    .text:
-      Entropy: 6.144037436753497
-      Virtual Size: '0x31dc'
-    .rdata:
-      Entropy: 3.842844016680653
-      Virtual Size: '0x1390'
-    .data:
-      Entropy: 2.313119440407077
-      Virtual Size: '0x1494'
-    .pdata:
-      Entropy: 3.990039715462728
-      Virtual Size: '0x1b0'
-    PAGE:
-      Entropy: 6.084557222001841
-      Virtual Size: '0x28b'
-    INIT:
-      Entropy: 5.119968261124173
-      Virtual Size: '0x5e6'
-    .rsrc:
-      Entropy: 3.382946098314487
-      Virtual Size: '0x440'
-    .reloc:
-      Entropy: 4.8001308386334935
-      Virtual Size: '0x1f2'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority,
-        CN=Certum Code Signing CA SHA2
-      ValidFrom: '2015-10-29 11:30:29'
-      ValidTo: '2027-06-09 11:30:29'
-      Signature: aae53f7654024c700e29a93996060f31b70bf1a68b52fb108f4f425b8cbd312301669de829a14dc350faf7f8450e1d82d7fcfea6320473fd71eccc880fa39208c5815802fd0b693bcdb83f493dd08d1c1314682e9b0d9aadb019e29ed27c3977886f23fd7b84fc446db5ba6b7092556c94b1d837fda9591db463b2dc13cd788e2535c19a8f37842ed445cce3f5cc8d73a8e33a6de7959470579150b66def73724f2f028760e2ea22a1ed3efdd18b668d2e726d4fc65d35ee93a898d2676ae9da19cd0283f974fc5f7a1804281edd22333b766c47055dd552fe0eba76f38310c76e305fa760c7fa7427319b2883ed218a1bf1235284ed95bcad3aa5a342019dbc
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 6b326a0f0328d37a1d530bfd23bd48e2
-      Version: 3
-      TBS:
-        MD5: e556c75dbca00e43684d23c11c032d4a
-        SHA1: 50925e36ffd52e5b4d32689e9007b14a3a417168
-        SHA256: f7b6eeb3a567223000a61f68c53b458193557c17e5d512d2825bcb13e5fc9be5
-        SHA384: 57f1cdd3afe0bd7859ab450dbdf6e21a55cf5ba0dda62b9b3c12f2d885d98413ce6817243f6bb83cd77276643369ecbf
-    - Subject: C=FR, O=Open Source Developer, ST=Ile de France, CN=Open Source Developer,
-        Benjamin Delpy, emailAddress=benjamin@gentilkiwi.com
-      ValidFrom: '2017-12-04 09:50:34'
-      ValidTo: '2018-12-04 09:50:34'
-      Signature: a671cf049079a759f4c1fa73dd7f3b3b84da6480a91a3c1a9d6d3bb1313d6714d14272b477c37a86b88a686344dcfd89c8af3a34deaaa5bab970adfa66c5ff206b22ef1954ccbf6b96fdf0f99e9066557fefbb5ddc55aa2a2891181d1a27b06acb79380b618344bd202361fb0399a7e6e6ccbcfa714265fa054e373261efaf6b74bc7e4c7994bcb832d61b3c573d2ec8c3926afb60d4b63428112dd6249c2a49cfded8fa33893fb2d452b135ad57be1ff7956825861e1fd53dfbc0cef82045fd699ebeb74230abfbac20467f087f6e7e2b19f0f961ea2f015c2e54e653507f9966193658afc237778e12001f05e1c6e0ec13d9574718593a2f2484cff950e019
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 1519af351702ab2d86968d0be928f529
-      Version: 3
-      TBS:
-        MD5: 7227ed4392de49333e052f8f17c41f69
-        SHA1: e019d8060f65cc923dab50ea282fb8895c1c75f9
-        SHA256: eee437f4170a21f7de0e590620ff2a9412f89af95e87589d0e5a1cca17f61825
-        SHA384: a5f32361dfa3828aebf139cb1017bba83111e1ce2c5dbd126751a1e7d8f19f3fb838926fc118e423fbe07187e84efc2b
-    - Subject: C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority,
-        CN=Certum Trusted Network CA
-      ValidFrom: '2011-04-15 20:15:34'
-      ValidTo: '2021-04-15 20:25:34'
-      Signature: 419f12160eedee2491fe5d5f10a097a8749e0dccf3115163122a5bb95dc7afac5aa25c0002cb728e0d9225b6522653be3c77a2c28c8089d84118571ab8d05057c328e7fad044804e7e8933286f3a47ef5e231ef27afe3a2a19dead6b1a2847786e9bbfeb7367589a2719d8eb5c3d085860629d5914cf9e76b3cfd962af7b72ac80f9e015ab9c7a5c4b1c7083db7094117bd22a4c7734dc36cccd46d40b198c09f6610ade481c9b3fff0b43d7f1018061abda70cfa78444acb31cce2630f5ca5f696735836ea3888c0fb8939bd65b0615e64b7db950ab09e07b2beb4c1a6bba1cca791bc59f81bde443f02de195d5a166076ce6e5456e060bdbf5bc4395b88aa50555e59668ac1d31db3804bc1c3db61975d1b5802a821e385c4676256c4d8b7483544375e77bb395bfee13609e0ecdfbcaf73a2a52a0a625497a17193ae8941f2c8204035ea9513cef526f7b43ceda2b81b47fda1a2c6265d1ec2837823014319d15bdffacc88b256e41bd1f23741be3fcf94be2eb46e68151530ec94a84788deca8b80f8d4c7fe0f6b0d2c538b24f82c410fe87b88ec6b6b0f87c12a7b4834dfc1e8b6a5bf9d564793ed1e37e1af6c81e59db4dca605c577ea25877ecfa05260032a7f6ff134e98d86f5b434cb336e425bcd93b9f38e00ee9be81e6c91f0f022f8d3a1288a88e1bb1e776913e18de361228fef766557c5bd464487452c32189
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 613bc791000000000034
-      Version: 3
-      TBS:
-        MD5: f5f0d604dd56b0446f98fb67e98a76f8
-        SHA1: c749c146cc00030ff36ecf9b698e6a377bc15605
-        SHA256: df5dacc623d44348fff0bc8ebe2cedc8ba212e33c6f10d7fd608f37f92a2c273
-        SHA384: c394dc13768746f008b4ffa082d6e8a2e55a83052d63e3c0a8f2fcfc30dcd51849afd21b0adf86bc50490629a89da09b
-    Signer:
-    - SerialNumber: 1519af351702ab2d86968d0be928f529
-      Issuer: C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority,
-        CN=Certum Code Signing CA SHA2
-      Version: 1
-  Imphash: 059c6bd84285f4960e767f032b33f19b
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 0acacf205b4c3e64dcb2134a14f504ca
-    SHA1: 3de88b7ca9dadb39f12e75ac050cd353f7e611d3
-    SHA256: 29b3f3f315179d30fbe75de7b59f09bc7452e6b538ff02b5252c3ee7b26eccab
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2015 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2015-09-06 11:01:44'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.0.0.0
-  Filename: ''
-  ImportedFunctions:
-  - KeBugCheck
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsInitialSystemProcess
-  - ObfDereferenceObject
-  - PsLookupProcessByProcessId
-  - PsGetProcessImageFileName
-  - PsGetProcessId
-  - ZwClose
-  - ZwSetInformationProcess
-  - ZwDuplicateToken
-  - ObOpenObjectByPointer
-  - PsProcessType
-  - PsDereferencePrimaryToken
-  - PsReferencePrimaryToken
-  - IofCompleteRequest
-  - RtlCompareMemory
-  - ZwOpenProcessTokenEx
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - IoFreeMdl
-  - MmUnlockPages
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - memcpy
-  - KeServiceDescriptorTable
-  - MmGetSystemRoutineAddress
-  - RtlInitUnicodeString
-  - PsSetCreateProcessNotifyRoutine
-  - IoEnumerateRegisteredFiltersList
-  - KeTickCount
-  - NtBuildNumber
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - memset
-  - IoGetCurrentProcess
-  - _vsnwprintf
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwind
-  - KeBugCheckEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltGetVolumeFromInstance
-  - FltObjectDereference
-  - FltEnumerateFilters
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: 40170485cca576adb5266cf5b0d3b0bd
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.0.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 8665c9d64e9ce611e8da04f59bef5a6b
-    SHA1: 68ce0ee056b5baefb1f65c7e665bb2867f59007d
-    SHA256: 2c3b58420079e8105ce61febc1234fb9f14a5596a25bc2da1bc2e94d89069cab
-  SHA1: 7277d965b9de91b4d8ea5eb8ae7fa3899eef63a2
-  SHA256: 2fd43a749b5040ebfafd7cdbd088e27ef44341d121f313515ebde460bf3aaa21
-  Sections:
-    .text:
-      Entropy: 6.202808580330778
-      Virtual Size: '0x250e'
-    .rdata:
-      Entropy: 3.556844019633443
-      Virtual Size: '0xda4'
-    .data:
-      Entropy: 3.090178215836175
-      Virtual Size: '0xb08'
-    PAGE:
-      Entropy: 5.780138321942911
-      Virtual Size: '0x266'
-    INIT:
-      Entropy: 5.303621700268906
-      Virtual Size: '0x55e'
-    .rsrc:
-      Entropy: 3.3553824672541936
-      Virtual Size: '0x440'
-    .reloc:
-      Entropy: 5.956839106739942
-      Virtual Size: '0x3d4'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 8e35c9460537092672b3c7c14bccc7e0
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: f8cad836d57e1f1cdf013bead93fde78
-    SHA1: 32ce5b32b7c9865d9031e2aaf1330f59d263a0b8
-    SHA256: fde2df81ad28f2306a2daf636041eb747a035d8f08709cdac2d53987d9edef4a
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2020 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2020-08-16 02:26:33'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.2.0.0
-  Filename: ''
-  ImportedFunctions:
-  - KeBugCheck
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsProcessType
-  - PsGetProcessImageFileName
-  - PsLookupProcessByProcessId
-  - PsReferencePrimaryToken
-  - ZwOpenProcessTokenEx
-  - IoGetCurrentProcess
-  - ZwSetInformationProcess
-  - ZwClose
-  - ZwDuplicateToken
-  - PsInitialSystemProcess
-  - _vsnwprintf
-  - ObfDereferenceObject
-  - ObOpenObjectByPointer
-  - PsGetProcessId
-  - PsDereferencePrimaryToken
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IoFreeMdl
-  - MmProbeAndLockPages
-  - MmUnlockPages
-  - IoAllocateMdl
-  - ZwUnloadKey
-  - IoEnumerateRegisteredFiltersList
-  - KeBugCheckEx
-  - MmGetSystemRoutineAddress
-  - IoDeleteDevice
-  - RtlInitUnicodeString
-  - NtBuildNumber
-  - RtlCompareMemory
-  - IoDeleteSymbolicLink
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwindEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltEnumerateFilters
-  - FltObjectDereference
-  - FltGetVolumeFromInstance
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: 24f0f2b4b3cdae11de1b81c537df41c7
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.2.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: d45d2640e1584c776a1d10e5f695d7ad
-    SHA1: fef88c261764494d9a145b37b7739f3454786729
-    SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
-  SHA1: fee00dde8080c278a4c4a6d85a5601edc85a1b3d
-  SHA256: 85b9d7344bf847349b5d58ebe4d44fd63679a36164505271593ef1076aa163b2
-  Sections:
-    .text:
-      Entropy: 6.133976095876382
-      Virtual Size: '0x329c'
-    .rdata:
-      Entropy: 3.8395429527142535
-      Virtual Size: '0x1490'
-    .data:
-      Entropy: 2.1710929957450715
-      Virtual Size: '0x1c54'
-    .pdata:
-      Entropy: 3.9857737110778095
-      Virtual Size: '0x1b0'
-    PAGE:
-      Entropy: 6.058535435224619
-      Virtual Size: '0x28b'
-    INIT:
-      Entropy: 5.119968261124173
-      Virtual Size: '0x5e6'
-    .rsrc:
-      Entropy: 3.3478109419215607
-      Virtual Size: '0x430'
-    .reloc:
-      Entropy: 5.011052354824561
-      Virtual Size: '0x288'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2026-04-13 10:00:00'
-      Signature: 1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 751e3ee9c5dc2f3e8f04e59dee5ed409
-      Version: 3
-      TBS:
-        MD5: a637f8f3c278575f41cda67c2063c050
-        SHA1: debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
-        SHA256: f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
-        SHA384: 8d32c5f71dc656c96a04609c17e9d8dc95c4f56d1a55165a265e244d34a3f7708e6c7d942376e4fbb3d2ac2f2609fd47
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 059c6bd84285f4960e767f032b33f19b
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 2170a8c0c0e234f2d3a3a05fe72b0ed5
-    SHA1: 7a4a242686ffee4294fba8a6a3aeeb80d28e0ba0
-    SHA256: 284bf9b08be5d4fd4b10fda6736cf490c66f9adace013c19be2e31cf74bfc5e9
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2020 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2020-02-26 23:42:24'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.2.0.0
-  Filename: ''
-  ImportedFunctions:
-  - KeBugCheck
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsProcessType
-  - PsGetProcessImageFileName
-  - PsLookupProcessByProcessId
-  - PsReferencePrimaryToken
-  - ZwOpenProcessTokenEx
-  - IoGetCurrentProcess
-  - ZwSetInformationProcess
-  - ZwClose
-  - ZwDuplicateToken
-  - PsInitialSystemProcess
-  - _vsnwprintf
-  - ObfDereferenceObject
-  - ObOpenObjectByPointer
-  - PsGetProcessId
-  - PsDereferencePrimaryToken
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IoFreeMdl
-  - MmProbeAndLockPages
-  - MmUnlockPages
-  - IoAllocateMdl
-  - ZwUnloadKey
-  - IoEnumerateRegisteredFiltersList
-  - KeBugCheckEx
-  - MmGetSystemRoutineAddress
-  - IoDeleteDevice
-  - RtlInitUnicodeString
-  - NtBuildNumber
-  - RtlCompareMemory
-  - IoDeleteSymbolicLink
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwindEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltEnumerateFilters
-  - FltObjectDereference
-  - FltGetVolumeFromInstance
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: 364605ad21b9275681cffef607fac273
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.2.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: d45d2640e1584c776a1d10e5f695d7ad
-    SHA1: fef88c261764494d9a145b37b7739f3454786729
-    SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
-  SHA1: 8cd9df52b20b8f792ac53f57763dc147d7782b1e
-  SHA256: 492113a223d6a3fc110059fe46a180d82bb8e002ef2cd76cbf0c1d1eb8243263
-  Sections:
-    .text:
-      Entropy: 6.135433819899731
-      Virtual Size: '0x325c'
-    .rdata:
-      Entropy: 3.8356314209207474
-      Virtual Size: '0x1450'
-    .data:
-      Entropy: 2.2159905775744044
-      Virtual Size: '0x1934'
-    .pdata:
-      Entropy: 4.038755197475624
-      Virtual Size: '0x1b0'
-    PAGE:
-      Entropy: 6.068036657482388
-      Virtual Size: '0x28b'
-    INIT:
-      Entropy: 5.119968261124173
-      Virtual Size: '0x5e6'
-    .rsrc:
-      Entropy: 3.3478109419215607
-      Virtual Size: '0x430'
-    .reloc:
-      Entropy: 4.901711830072888
-      Virtual Size: '0x24c'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2026-04-13 10:00:00'
-      Signature: 1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 751e3ee9c5dc2f3e8f04e59dee5ed409
-      Version: 3
-      TBS:
-        MD5: a637f8f3c278575f41cda67c2063c050
-        SHA1: debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
-        SHA256: f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
-        SHA384: 8d32c5f71dc656c96a04609c17e9d8dc95c4f56d1a55165a265e244d34a3f7708e6c7d942376e4fbb3d2ac2f2609fd47
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 059c6bd84285f4960e767f032b33f19b
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 6b4676f977a9d4af3cd0ef1263390490
-    SHA1: da759e5426126c44e008b183a21fe0676c136363
-    SHA256: c24d0fa3ec5fae870fb0a4e38943d396929d78165354bae56ae5730eb4d062e1
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2019 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2019-12-22 13:45:17'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.2.0.0
-  Filename: ''
-  ImportedFunctions:
-  - KeBugCheck
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsProcessType
-  - PsGetProcessImageFileName
-  - PsLookupProcessByProcessId
-  - PsReferencePrimaryToken
-  - ZwOpenProcessTokenEx
-  - IoGetCurrentProcess
-  - ZwSetInformationProcess
-  - ZwClose
-  - ZwDuplicateToken
-  - PsInitialSystemProcess
-  - _vsnwprintf
-  - ObfDereferenceObject
-  - ObOpenObjectByPointer
-  - PsGetProcessId
-  - PsDereferencePrimaryToken
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IoFreeMdl
-  - MmProbeAndLockPages
-  - MmUnlockPages
-  - IoAllocateMdl
-  - ZwUnloadKey
-  - IoEnumerateRegisteredFiltersList
-  - KeBugCheckEx
-  - MmGetSystemRoutineAddress
-  - IoDeleteDevice
-  - RtlInitUnicodeString
-  - NtBuildNumber
-  - RtlCompareMemory
-  - IoDeleteSymbolicLink
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwindEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltEnumerateFilters
-  - FltObjectDereference
-  - FltGetVolumeFromInstance
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: 32eb3d2bf2c5b3da2d2a1f20fffbac44
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.2.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: d45d2640e1584c776a1d10e5f695d7ad
-    SHA1: fef88c261764494d9a145b37b7739f3454786729
-    SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
-  SHA1: 36dca91fb4595de38418dffc3506dc78d7388c2c
-  SHA256: a7a665a695ec3c0f862a0d762ad55aff6ce6014359647e7c7f7e3c4dc3be81b7
-  Sections:
-    .text:
-      Entropy: 6.135433819899731
-      Virtual Size: '0x325c'
-    .rdata:
-      Entropy: 3.839044593352483
-      Virtual Size: '0x1450'
-    .data:
-      Entropy: 2.2159905775744044
-      Virtual Size: '0x1934'
-    .pdata:
-      Entropy: 4.038755197475624
-      Virtual Size: '0x1b0'
-    PAGE:
-      Entropy: 6.068036657482388
-      Virtual Size: '0x28b'
-    INIT:
-      Entropy: 5.119968261124173
-      Virtual Size: '0x5e6'
-    .rsrc:
-      Entropy: 3.3547531988948798
-      Virtual Size: '0x430'
-    .reloc:
-      Entropy: 4.901711830072888
-      Virtual Size: '0x24c'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 059c6bd84285f4960e767f032b33f19b
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 608f5e7c3a5fd1a742cc77fcf5366847
-    SHA1: 893a26e64c80c1ec234470eb5e2c34f495b528fb
-    SHA256: 2bff494de18fb32985901a06a931dab92eda052172cf7c942cdd6da944b7a4ba
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2020 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2020-08-04 05:59:36'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.2.0.0
-  Filename: ''
-  ImportedFunctions:
-  - NtBuildNumber
-  - IofCompleteRequest
-  - KeBugCheck
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsInitialSystemProcess
-  - ObfDereferenceObject
-  - PsLookupProcessByProcessId
-  - PsGetProcessImageFileName
-  - PsGetProcessId
-  - ZwClose
-  - ZwSetInformationProcess
-  - ZwDuplicateToken
-  - ObOpenObjectByPointer
-  - PsProcessType
-  - RtlInitUnicodeString
-  - PsReferencePrimaryToken
-  - IoGetCurrentProcess
-  - RtlCompareMemory
-  - ZwOpenProcessTokenEx
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - IoFreeMdl
-  - MmUnlockPages
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - memcpy
-  - KeServiceDescriptorTable
-  - IoEnumerateRegisteredFiltersList
-  - KeTickCount
-  - MmGetSystemRoutineAddress
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - memset
-  - PsDereferencePrimaryToken
-  - _vsnwprintf
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwind
-  - KeBugCheckEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltGetVolumeFromInstance
-  - FltObjectDereference
-  - FltEnumerateFilters
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: 629ee55e4b5a225d048fbcd5f0a1d18b
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.2.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: c4873a245675b1071413f34af4d80050
-    SHA1: dd32c95fe9c3a8bcfa7623a732f2492214ff5881
-    SHA256: 2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
-  SHA1: e2d98e0e178880f10434059096f936b2c06ed8f4
-  SHA256: cf9451c9ccc5509b9912965f79c2b95eb89d805b2a186d7521d3a262cf5a7a37
-  Sections:
-    .text:
-      Entropy: 6.2064317372812985
-      Virtual Size: '0x2404'
-    .rdata:
-      Entropy: 3.5435226599914578
-      Virtual Size: '0xff4'
-    .data:
-      Entropy: 2.813191841547333
-      Virtual Size: '0x14dc'
-    PAGE:
-      Entropy: 5.804360087879422
-      Virtual Size: '0x266'
-    INIT:
-      Entropy: 5.4281677070245955
-      Virtual Size: '0x538'
-    .rsrc:
-      Entropy: 3.3459452702797696
-      Virtual Size: '0x430'
-    .reloc:
-      Entropy: 6.0011548156682
-      Virtual Size: '0x4a0'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2026-04-13 10:00:00'
-      Signature: 1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 751e3ee9c5dc2f3e8f04e59dee5ed409
-      Version: 3
-      TBS:
-        MD5: a637f8f3c278575f41cda67c2063c050
-        SHA1: debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
-        SHA256: f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
-        SHA384: 8d32c5f71dc656c96a04609c17e9d8dc95c4f56d1a55165a265e244d34a3f7708e6c7d942376e4fbb3d2ac2f2609fd47
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 3b49942ec6cef1898e97f741b2b5df8a
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: ef956bee27a95cc5fa60a13641d02dcc
-    SHA1: 09c7e43a8ff9931b2705f74cf65cbfc593e3e235
-    SHA256: 374bb09b4d6a9f21a5e2320343068bd44848f396d9b25a6f4d80931e6d9505ce
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2017 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2017-03-25 18:33:31'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.1.0.0
-  Filename: ''
-  ImportedFunctions:
-  - KeBugCheck
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsProcessType
-  - PsGetProcessImageFileName
-  - PsLookupProcessByProcessId
-  - PsReferencePrimaryToken
-  - ZwOpenProcessTokenEx
-  - IoGetCurrentProcess
-  - ZwSetInformationProcess
-  - ZwClose
-  - ZwDuplicateToken
-  - PsInitialSystemProcess
-  - _vsnwprintf
-  - ObfDereferenceObject
-  - ObOpenObjectByPointer
-  - PsGetProcessId
-  - PsDereferencePrimaryToken
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IoFreeMdl
-  - MmProbeAndLockPages
-  - MmUnlockPages
-  - IoAllocateMdl
-  - ZwUnloadKey
-  - IoEnumerateRegisteredFiltersList
-  - KeBugCheckEx
-  - MmGetSystemRoutineAddress
-  - IoDeleteDevice
-  - RtlInitUnicodeString
-  - NtBuildNumber
-  - RtlCompareMemory
-  - IoDeleteSymbolicLink
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwindEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltEnumerateFilters
-  - FltObjectDereference
-  - FltGetVolumeFromInstance
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: 3164bd6c12dd0fe1bdf3b833d56323b9
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.1.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: d45d2640e1584c776a1d10e5f695d7ad
-    SHA1: fef88c261764494d9a145b37b7739f3454786729
-    SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
-  SHA1: 80e4808a7fe752cac444676dbbee174367fa2083
-  SHA256: 69866557566c59772f203c11f5fba30271448e231b65806a66e48f41e3804d7f
-  Sections:
-    .text:
-      Entropy: 6.14362601153889
-      Virtual Size: '0x318c'
-    .rdata:
-      Entropy: 3.858676364114319
-      Virtual Size: '0x1300'
-    .data:
-      Entropy: 2.3976266531821224
-      Virtual Size: '0x1144'
-    .pdata:
-      Entropy: 4.043975650731326
-      Virtual Size: '0x1b0'
-    PAGE:
-      Entropy: 6.070426661582891
-      Virtual Size: '0x28b'
-    INIT:
-      Entropy: 5.119968261124173
-      Virtual Size: '0x5e6'
-    .rsrc:
-      Entropy: 3.370803361398665
-      Virtual Size: '0x440'
-    .reloc:
-      Entropy: 4.657997051970539
-      Virtual Size: '0x1b6'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 059c6bd84285f4960e767f032b33f19b
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 97cbf45af32bfa08a7874548d987b92c
-    SHA1: 6f1edc71be093b53860e777e0fca7a6dd7525bb5
-    SHA256: ab5b4c34bc49b3ae9c6a7607d97b2bd63d9a1b3c669ef18c8865c8a50a3254a9
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2020 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2020-09-18 11:17:54'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.2.0.0
-  Filename: ''
-  ImportedFunctions:
-  - NtBuildNumber
-  - IofCompleteRequest
-  - KeBugCheck
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsInitialSystemProcess
-  - ObfDereferenceObject
-  - PsLookupProcessByProcessId
-  - PsGetProcessImageFileName
-  - PsGetProcessId
-  - ZwClose
-  - ZwSetInformationProcess
-  - ZwDuplicateToken
-  - ObOpenObjectByPointer
-  - PsProcessType
-  - RtlInitUnicodeString
-  - PsReferencePrimaryToken
-  - IoGetCurrentProcess
-  - RtlCompareMemory
-  - ZwOpenProcessTokenEx
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - IoFreeMdl
-  - MmUnlockPages
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - memcpy
-  - KeServiceDescriptorTable
-  - IoEnumerateRegisteredFiltersList
-  - KeTickCount
-  - MmGetSystemRoutineAddress
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - memset
-  - PsDereferencePrimaryToken
-  - _vsnwprintf
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwind
-  - KeBugCheckEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltGetVolumeFromInstance
-  - FltObjectDereference
-  - FltEnumerateFilters
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: f838f4eb36f1e7036238776c7a70f0b0
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.2.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: c4873a245675b1071413f34af4d80050
-    SHA1: dd32c95fe9c3a8bcfa7623a732f2492214ff5881
-    SHA256: 2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
-  SHA1: 115edd175c346fd3fbc9f113ee5ccd03b5511ee1
-  SHA256: d032001eab6cad4fbef19aab418650ded00152143bd14507e17d62748297c23f
-  Sections:
-    .text:
-      Entropy: 6.2064317372812985
-      Virtual Size: '0x2404'
-    .rdata:
-      Entropy: 3.5407041613462478
-      Virtual Size: '0xff4'
-    .data:
-      Entropy: 2.813191841547333
-      Virtual Size: '0x14dc'
-    PAGE:
-      Entropy: 5.804360087879422
-      Virtual Size: '0x266'
-    INIT:
-      Entropy: 5.4281677070245955
-      Virtual Size: '0x538'
-    .rsrc:
-      Entropy: 3.3459452702797696
-      Virtual Size: '0x430'
-    .reloc:
-      Entropy: 6.0011548156682
-      Virtual Size: '0x4a0'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2026-04-13 10:00:00'
-      Signature: 1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 751e3ee9c5dc2f3e8f04e59dee5ed409
-      Version: 3
-      TBS:
-        MD5: a637f8f3c278575f41cda67c2063c050
-        SHA1: debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
-        SHA256: f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
-        SHA384: 8d32c5f71dc656c96a04609c17e9d8dc95c4f56d1a55165a265e244d34a3f7708e6c7d942376e4fbb3d2ac2f2609fd47
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 3b49942ec6cef1898e97f741b2b5df8a
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 22c7aa94f5b698194b691dfae69e4a0d
-    SHA1: 34abd5d2a059bd18e74b8b25fdb518560628be49
-    SHA256: 14d8ec21cc6bad738a8eef146506d04c64282bce01d9659e7f4dcdbff95e4c34
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2017 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2017-03-19 20:32:00'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.1.0.0
-  Filename: ''
-  ImportedFunctions:
-  - NtBuildNumber
-  - IofCompleteRequest
-  - KeBugCheck
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsInitialSystemProcess
-  - ObfDereferenceObject
-  - PsLookupProcessByProcessId
-  - PsGetProcessImageFileName
-  - PsGetProcessId
-  - ZwClose
-  - ZwSetInformationProcess
-  - ZwDuplicateToken
-  - ObOpenObjectByPointer
-  - PsProcessType
-  - RtlInitUnicodeString
-  - PsReferencePrimaryToken
-  - IoGetCurrentProcess
-  - RtlCompareMemory
-  - ZwOpenProcessTokenEx
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - IoFreeMdl
-  - MmUnlockPages
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - memcpy
-  - KeServiceDescriptorTable
-  - IoEnumerateRegisteredFiltersList
-  - KeTickCount
-  - MmGetSystemRoutineAddress
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - memset
-  - PsDereferencePrimaryToken
-  - _vsnwprintf
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwind
-  - KeBugCheckEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltGetVolumeFromInstance
-  - FltObjectDereference
-  - FltEnumerateFilters
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: 10c2ea775c9e76e7774ab89e38f38287
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.1.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: c4873a245675b1071413f34af4d80050
-    SHA1: dd32c95fe9c3a8bcfa7623a732f2492214ff5881
-    SHA256: 2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
-  SHA1: 1ce17c54c6884b0319d5aabbe7f96221f4838514
-  SHA256: 51805bb537befaac8ce28f2221624cb4d9cefdc0260bc1afd5e0bc97bf1f9f93
-  Sections:
-    .text:
-      Entropy: 6.189266621409851
-      Virtual Size: '0x235e'
-    .rdata:
-      Entropy: 3.56656949987203
-      Virtual Size: '0xdc4'
-    .data:
-      Entropy: 2.9710357364934694
-      Virtual Size: '0xd68'
-    PAGE:
-      Entropy: 5.8055474754253495
-      Virtual Size: '0x266'
-    INIT:
-      Entropy: 5.325440401058366
-      Virtual Size: '0x538'
-    .rsrc:
-      Entropy: 3.3682712956797647
-      Virtual Size: '0x440'
-    .reloc:
-      Entropy: 5.910661392306955
-      Virtual Size: '0x3e0'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 3b49942ec6cef1898e97f741b2b5df8a
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 3ec892a5335b36ad3866d23ee0627262
-    SHA1: 440b83072e1a1dc94c422e8552ed4e62c2e333ea
-    SHA256: 2c5c067497a0490e9fe79d0e4f9f759af93138b1a0bea08a89af09e119390c7a
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2016 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2016-11-25 18:28:14'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.1.0.0
-  Filename: ''
-  ImportedFunctions:
-  - NtBuildNumber
-  - IofCompleteRequest
-  - KeBugCheck
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsInitialSystemProcess
-  - ObfDereferenceObject
-  - PsLookupProcessByProcessId
-  - PsGetProcessImageFileName
-  - PsGetProcessId
-  - ZwClose
-  - ZwSetInformationProcess
-  - ZwDuplicateToken
-  - ObOpenObjectByPointer
-  - PsProcessType
-  - RtlInitUnicodeString
-  - PsReferencePrimaryToken
-  - IoGetCurrentProcess
-  - RtlCompareMemory
-  - ZwOpenProcessTokenEx
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - IoFreeMdl
-  - MmUnlockPages
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - memcpy
-  - KeServiceDescriptorTable
-  - IoEnumerateRegisteredFiltersList
-  - KeTickCount
-  - MmGetSystemRoutineAddress
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - memset
-  - PsDereferencePrimaryToken
-  - _vsnwprintf
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwind
-  - KeBugCheckEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltGetVolumeFromInstance
-  - FltObjectDereference
-  - FltEnumerateFilters
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: ae548418b491cd3f31618eb9e5730973
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.1.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: c4873a245675b1071413f34af4d80050
-    SHA1: dd32c95fe9c3a8bcfa7623a732f2492214ff5881
-    SHA256: 2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
-  SHA1: 538bb45f30035f39d41bd13818fe0c0061182cfe
-  SHA256: 62764ddc2dce74f2620cd2efd97a2950f50c8ac5a1f2c1af00dc5912d52f6920
-  Sections:
-    .text:
-      Entropy: 6.189266621409851
-      Virtual Size: '0x235e'
-    .rdata:
-      Entropy: 3.5671211193298076
-      Virtual Size: '0xdc4'
-    .data:
-      Entropy: 2.9710357364934694
-      Virtual Size: '0xd68'
-    PAGE:
-      Entropy: 5.8055474754253495
-      Virtual Size: '0x266'
-    INIT:
-      Entropy: 5.325440401058366
-      Virtual Size: '0x538'
-    .rsrc:
-      Entropy: 3.3682712956797647
-      Virtual Size: '0x440'
-    .reloc:
-      Entropy: 5.910661392306955
-      Virtual Size: '0x3e0'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 3b49942ec6cef1898e97f741b2b5df8a
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: bcc845332169206f5b6d0113011f82df
-    SHA1: 299e80bcff6c1a362844dd77945c10693daa922c
-    SHA256: f424562623d0edf9b506a5f65b23427e7ec9a476570646d2a08ae9fa9fc57305
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2019 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2019-11-24 18:50:23'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.2.0.0
-  Filename: ''
-  ImportedFunctions:
-  - KeBugCheck
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsProcessType
-  - PsGetProcessImageFileName
-  - PsLookupProcessByProcessId
-  - PsReferencePrimaryToken
-  - ZwOpenProcessTokenEx
-  - IoGetCurrentProcess
-  - ZwSetInformationProcess
-  - ZwClose
-  - ZwDuplicateToken
-  - PsInitialSystemProcess
-  - _vsnwprintf
-  - ObfDereferenceObject
-  - ObOpenObjectByPointer
-  - PsGetProcessId
-  - PsDereferencePrimaryToken
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IoFreeMdl
-  - MmProbeAndLockPages
-  - MmUnlockPages
-  - IoAllocateMdl
-  - ZwUnloadKey
-  - IoEnumerateRegisteredFiltersList
-  - KeBugCheckEx
-  - MmGetSystemRoutineAddress
-  - IoDeleteDevice
-  - RtlInitUnicodeString
-  - NtBuildNumber
-  - RtlCompareMemory
-  - IoDeleteSymbolicLink
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwindEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltEnumerateFilters
-  - FltObjectDereference
-  - FltGetVolumeFromInstance
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: 57c18a8f5d1ba6d015e4d5bc698e3624
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.2.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: d45d2640e1584c776a1d10e5f695d7ad
-    SHA1: fef88c261764494d9a145b37b7739f3454786729
-    SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
-  SHA1: a5f1b56615bdaabf803219613f43671233f2001c
-  SHA256: 1d23ab46ad547e7eef409b40756aae9246fbdf545d13946f770643f19c715e80
-  Sections:
-    .text:
-      Entropy: 6.135433819899731
-      Virtual Size: '0x325c'
-    .rdata:
-      Entropy: 3.8309420593938377
-      Virtual Size: '0x1450'
-    .data:
-      Entropy: 2.2159905775744044
-      Virtual Size: '0x1934'
-    .pdata:
-      Entropy: 4.038755197475624
-      Virtual Size: '0x1b0'
-    PAGE:
-      Entropy: 6.068036657482388
-      Virtual Size: '0x28b'
-    INIT:
-      Entropy: 5.119968261124173
-      Virtual Size: '0x5e6'
-    .rsrc:
-      Entropy: 3.3547531988948798
-      Virtual Size: '0x430'
-    .reloc:
-      Entropy: 4.901711830072888
-      Virtual Size: '0x24c'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 059c6bd84285f4960e767f032b33f19b
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 358fa8b2f36fc6088128e4ea93927a5c
-    SHA1: a61d19d754681769a94c650f969bcdacfac29b51
-    SHA256: 6f18cb98188952eb08367adc1c6810e4b1c3902240fdcb15efa0ffb1b69a5f98
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2016 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2016-09-28 14:51:55'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.1.0.0
-  Filename: ''
-  ImportedFunctions:
-  - KeBugCheck
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsProcessType
-  - PsGetProcessImageFileName
-  - PsLookupProcessByProcessId
-  - PsReferencePrimaryToken
-  - ZwOpenProcessTokenEx
-  - IoGetCurrentProcess
-  - ZwSetInformationProcess
-  - ZwClose
-  - ZwDuplicateToken
-  - PsInitialSystemProcess
-  - _vsnwprintf
-  - ObfDereferenceObject
-  - ObOpenObjectByPointer
-  - PsGetProcessId
-  - PsDereferencePrimaryToken
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IoFreeMdl
-  - MmProbeAndLockPages
-  - MmUnlockPages
-  - IoAllocateMdl
-  - ZwUnloadKey
-  - IoEnumerateRegisteredFiltersList
-  - KeBugCheckEx
-  - MmGetSystemRoutineAddress
-  - IoDeleteDevice
-  - RtlInitUnicodeString
-  - NtBuildNumber
-  - RtlCompareMemory
-  - IoDeleteSymbolicLink
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwindEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltEnumerateFilters
-  - FltObjectDereference
-  - FltGetVolumeFromInstance
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: 93130909e562925597110a617f05e2a9
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.1.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: d45d2640e1584c776a1d10e5f695d7ad
-    SHA1: fef88c261764494d9a145b37b7739f3454786729
-    SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
-  SHA1: 77b4f0c0b06e3dc2474d5e250b772dacaac14dd0
-  SHA256: e4b2c0aa28aac5e197312a061b05363e2e0387338b28b23272b5b6659d29b1d8
-  Sections:
-    .text:
-      Entropy: 6.134700082776874
-      Virtual Size: '0x321c'
-    .rdata:
-      Entropy: 3.8531134715932613
-      Virtual Size: '0x1248'
-    .data:
-      Entropy: 2.4290980855498043
-      Virtual Size: '0xfa4'
-    .pdata:
-      Entropy: 4.043102684753298
-      Virtual Size: '0x1bc'
-    PAGE:
-      Entropy: 6.0617823350375595
-      Virtual Size: '0x28b'
-    INIT:
-      Entropy: 5.115489588699519
-      Virtual Size: '0x5e6'
-    .rsrc:
-      Entropy: 3.3689651261045475
-      Virtual Size: '0x440'
-    .reloc:
-      Entropy: 4.630994027546385
-      Virtual Size: '0x18e'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 059c6bd84285f4960e767f032b33f19b
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: ea0dc42a5b95318f40a1c36cf220dcca
-    SHA1: 98a99c5b17a9b1984b7487dd3de81e1d05bf8c5c
-    SHA256: 77d7a8efe05ab7041fa33280f271edca9fa46c074885de5d03f4cbf343e65f2d
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2017 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2018-02-03 15:33:13'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.1.1.0
-  Filename: ''
-  ImportedFunctions:
-  - KeBugCheck
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsProcessType
-  - PsGetProcessImageFileName
-  - PsLookupProcessByProcessId
-  - PsReferencePrimaryToken
-  - ZwOpenProcessTokenEx
-  - IoGetCurrentProcess
-  - ZwSetInformationProcess
-  - ZwClose
-  - ZwDuplicateToken
-  - PsInitialSystemProcess
-  - _vsnwprintf
-  - ObfDereferenceObject
-  - ObOpenObjectByPointer
-  - PsGetProcessId
-  - PsDereferencePrimaryToken
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IoFreeMdl
-  - MmProbeAndLockPages
-  - MmUnlockPages
-  - IoAllocateMdl
-  - ZwUnloadKey
-  - IoEnumerateRegisteredFiltersList
-  - KeBugCheckEx
-  - MmGetSystemRoutineAddress
-  - IoDeleteDevice
-  - RtlInitUnicodeString
-  - NtBuildNumber
-  - RtlCompareMemory
-  - IoDeleteSymbolicLink
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwindEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltEnumerateFilters
-  - FltObjectDereference
-  - FltGetVolumeFromInstance
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: 5129d8fd53d6a4aba81657ab2aa5d243
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.1.1.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: d45d2640e1584c776a1d10e5f695d7ad
-    SHA1: fef88c261764494d9a145b37b7739f3454786729
-    SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
-  SHA1: f2fe02e28cf418d935ec63168caf4dff6a9fbdfe
-  SHA256: 2ce4f8089b02017cbe86a5f25d6bc69dd8b6f5060c918a64a4123a5f3be1e878
-  Sections:
-    .text:
-      Entropy: 6.144037436753497
-      Virtual Size: '0x31dc'
-    .rdata:
-      Entropy: 3.841267354658989
-      Virtual Size: '0x1390'
-    .data:
-      Entropy: 2.313119440407077
-      Virtual Size: '0x1494'
-    .pdata:
-      Entropy: 3.990039715462728
-      Virtual Size: '0x1b0'
-    PAGE:
-      Entropy: 6.084557222001841
-      Virtual Size: '0x28b'
-    INIT:
-      Entropy: 5.119968261124173
-      Virtual Size: '0x5e6'
-    .rsrc:
-      Entropy: 3.382946098314487
-      Virtual Size: '0x440'
-    .reloc:
-      Entropy: 4.8001308386334935
-      Virtual Size: '0x1f2'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority,
-        CN=Certum Code Signing CA SHA2
-      ValidFrom: '2015-10-29 11:30:29'
-      ValidTo: '2027-06-09 11:30:29'
-      Signature: aae53f7654024c700e29a93996060f31b70bf1a68b52fb108f4f425b8cbd312301669de829a14dc350faf7f8450e1d82d7fcfea6320473fd71eccc880fa39208c5815802fd0b693bcdb83f493dd08d1c1314682e9b0d9aadb019e29ed27c3977886f23fd7b84fc446db5ba6b7092556c94b1d837fda9591db463b2dc13cd788e2535c19a8f37842ed445cce3f5cc8d73a8e33a6de7959470579150b66def73724f2f028760e2ea22a1ed3efdd18b668d2e726d4fc65d35ee93a898d2676ae9da19cd0283f974fc5f7a1804281edd22333b766c47055dd552fe0eba76f38310c76e305fa760c7fa7427319b2883ed218a1bf1235284ed95bcad3aa5a342019dbc
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 6b326a0f0328d37a1d530bfd23bd48e2
-      Version: 3
-      TBS:
-        MD5: e556c75dbca00e43684d23c11c032d4a
-        SHA1: 50925e36ffd52e5b4d32689e9007b14a3a417168
-        SHA256: f7b6eeb3a567223000a61f68c53b458193557c17e5d512d2825bcb13e5fc9be5
-        SHA384: 57f1cdd3afe0bd7859ab450dbdf6e21a55cf5ba0dda62b9b3c12f2d885d98413ce6817243f6bb83cd77276643369ecbf
-    - Subject: C=FR, O=Open Source Developer, ST=Ile de France, CN=Open Source Developer,
-        Benjamin Delpy, emailAddress=benjamin@gentilkiwi.com
-      ValidFrom: '2017-12-04 09:50:34'
-      ValidTo: '2018-12-04 09:50:34'
-      Signature: a671cf049079a759f4c1fa73dd7f3b3b84da6480a91a3c1a9d6d3bb1313d6714d14272b477c37a86b88a686344dcfd89c8af3a34deaaa5bab970adfa66c5ff206b22ef1954ccbf6b96fdf0f99e9066557fefbb5ddc55aa2a2891181d1a27b06acb79380b618344bd202361fb0399a7e6e6ccbcfa714265fa054e373261efaf6b74bc7e4c7994bcb832d61b3c573d2ec8c3926afb60d4b63428112dd6249c2a49cfded8fa33893fb2d452b135ad57be1ff7956825861e1fd53dfbc0cef82045fd699ebeb74230abfbac20467f087f6e7e2b19f0f961ea2f015c2e54e653507f9966193658afc237778e12001f05e1c6e0ec13d9574718593a2f2484cff950e019
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 1519af351702ab2d86968d0be928f529
-      Version: 3
-      TBS:
-        MD5: 7227ed4392de49333e052f8f17c41f69
-        SHA1: e019d8060f65cc923dab50ea282fb8895c1c75f9
-        SHA256: eee437f4170a21f7de0e590620ff2a9412f89af95e87589d0e5a1cca17f61825
-        SHA384: a5f32361dfa3828aebf139cb1017bba83111e1ce2c5dbd126751a1e7d8f19f3fb838926fc118e423fbe07187e84efc2b
-    - Subject: C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority,
-        CN=Certum Trusted Network CA
-      ValidFrom: '2011-04-15 20:15:34'
-      ValidTo: '2021-04-15 20:25:34'
-      Signature: 419f12160eedee2491fe5d5f10a097a8749e0dccf3115163122a5bb95dc7afac5aa25c0002cb728e0d9225b6522653be3c77a2c28c8089d84118571ab8d05057c328e7fad044804e7e8933286f3a47ef5e231ef27afe3a2a19dead6b1a2847786e9bbfeb7367589a2719d8eb5c3d085860629d5914cf9e76b3cfd962af7b72ac80f9e015ab9c7a5c4b1c7083db7094117bd22a4c7734dc36cccd46d40b198c09f6610ade481c9b3fff0b43d7f1018061abda70cfa78444acb31cce2630f5ca5f696735836ea3888c0fb8939bd65b0615e64b7db950ab09e07b2beb4c1a6bba1cca791bc59f81bde443f02de195d5a166076ce6e5456e060bdbf5bc4395b88aa50555e59668ac1d31db3804bc1c3db61975d1b5802a821e385c4676256c4d8b7483544375e77bb395bfee13609e0ecdfbcaf73a2a52a0a625497a17193ae8941f2c8204035ea9513cef526f7b43ceda2b81b47fda1a2c6265d1ec2837823014319d15bdffacc88b256e41bd1f23741be3fcf94be2eb46e68151530ec94a84788deca8b80f8d4c7fe0f6b0d2c538b24f82c410fe87b88ec6b6b0f87c12a7b4834dfc1e8b6a5bf9d564793ed1e37e1af6c81e59db4dca605c577ea25877ecfa05260032a7f6ff134e98d86f5b434cb336e425bcd93b9f38e00ee9be81e6c91f0f022f8d3a1288a88e1bb1e776913e18de361228fef766557c5bd464487452c32189
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 613bc791000000000034
-      Version: 3
-      TBS:
-        MD5: f5f0d604dd56b0446f98fb67e98a76f8
-        SHA1: c749c146cc00030ff36ecf9b698e6a377bc15605
-        SHA256: df5dacc623d44348fff0bc8ebe2cedc8ba212e33c6f10d7fd608f37f92a2c273
-        SHA384: c394dc13768746f008b4ffa082d6e8a2e55a83052d63e3c0a8f2fcfc30dcd51849afd21b0adf86bc50490629a89da09b
-    Signer:
-    - SerialNumber: 1519af351702ab2d86968d0be928f529
-      Issuer: C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority,
-        CN=Certum Code Signing CA SHA2
-      Version: 1
-  Imphash: 059c6bd84285f4960e767f032b33f19b
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: dd1e3e6088b3f03044d143909c284e2c
-    SHA1: c706be0cbbe21010f0de3d90e7757f7a0fc9a92d
-    SHA256: 3b8401cefd1dbfb754fe00b513784110836c8e938a40cc606903f46503af2943
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2017 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2017-06-18 10:46:24'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.1.0.0
-  Filename: ''
-  ImportedFunctions:
-  - KeBugCheck
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsProcessType
-  - PsGetProcessImageFileName
-  - PsLookupProcessByProcessId
-  - PsReferencePrimaryToken
-  - ZwOpenProcessTokenEx
-  - IoGetCurrentProcess
-  - ZwSetInformationProcess
-  - ZwClose
-  - ZwDuplicateToken
-  - PsInitialSystemProcess
-  - _vsnwprintf
-  - ObfDereferenceObject
-  - ObOpenObjectByPointer
-  - PsGetProcessId
-  - PsDereferencePrimaryToken
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IoFreeMdl
-  - MmProbeAndLockPages
-  - MmUnlockPages
-  - IoAllocateMdl
-  - ZwUnloadKey
-  - IoEnumerateRegisteredFiltersList
-  - KeBugCheckEx
-  - MmGetSystemRoutineAddress
-  - IoDeleteDevice
-  - RtlInitUnicodeString
-  - NtBuildNumber
-  - RtlCompareMemory
-  - IoDeleteSymbolicLink
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwindEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltEnumerateFilters
-  - FltObjectDereference
-  - FltGetVolumeFromInstance
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: bf445ac375977ecf551bc2a912c58e8a
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.1.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: d45d2640e1584c776a1d10e5f695d7ad
-    SHA1: fef88c261764494d9a145b37b7739f3454786729
-    SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
-  SHA1: eb76de59ebc5b2258cff0567577ff8c9d0042048
-  SHA256: b34e2d9f3d4ef59cf7af18e17133a6a06509373e69e33c8eecb2e30501d0d9e4
-  Sections:
-    .text:
-      Entropy: 6.137944463935485
-      Virtual Size: '0x319c'
-    .rdata:
-      Entropy: 3.8459107985078496
-      Virtual Size: '0x1340'
-    .data:
-      Entropy: 2.3461427985512437
-      Virtual Size: '0x12e4'
-    .pdata:
-      Entropy: 4.010051195917961
-      Virtual Size: '0x1b0'
-    PAGE:
-      Entropy: 6.083244237405415
-      Virtual Size: '0x28b'
-    INIT:
-      Entropy: 5.119968261124173
-      Virtual Size: '0x5e6'
-    .rsrc:
-      Entropy: 3.370803361398665
-      Virtual Size: '0x440'
-    .reloc:
-      Entropy: 4.705915669612521
-      Virtual Size: '0x1d4'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 059c6bd84285f4960e767f032b33f19b
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 43fde79c00376d6d6c120c05dc63cef4
-    SHA1: f916acb39e6e3233ff148d1a613b8b5e78b1ccfd
-    SHA256: 81e0111c823599201e7e7054557017c0ba148dcd6d9fe74052efdee051c42e13
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2017 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2018-12-09 15:56:45'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.1.1.0
-  Filename: ''
-  ImportedFunctions:
-  - KeBugCheck
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsProcessType
-  - PsGetProcessImageFileName
-  - PsLookupProcessByProcessId
-  - PsReferencePrimaryToken
-  - ZwOpenProcessTokenEx
-  - IoGetCurrentProcess
-  - ZwSetInformationProcess
-  - ZwClose
-  - ZwDuplicateToken
-  - PsInitialSystemProcess
-  - _vsnwprintf
-  - ObfDereferenceObject
-  - ObOpenObjectByPointer
-  - PsGetProcessId
-  - PsDereferencePrimaryToken
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IoFreeMdl
-  - MmProbeAndLockPages
-  - MmUnlockPages
-  - IoAllocateMdl
-  - ZwUnloadKey
-  - IoEnumerateRegisteredFiltersList
-  - KeBugCheckEx
-  - MmGetSystemRoutineAddress
-  - IoDeleteDevice
-  - RtlInitUnicodeString
-  - NtBuildNumber
-  - RtlCompareMemory
-  - IoDeleteSymbolicLink
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwindEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltEnumerateFilters
-  - FltObjectDereference
-  - FltGetVolumeFromInstance
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: 2b80be31fbb11d4c1ef6d6a80b2e0c16
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.1.1.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: d45d2640e1584c776a1d10e5f695d7ad
-    SHA1: fef88c261764494d9a145b37b7739f3454786729
-    SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
-  SHA1: 9b2ef5f7429d62342163e001c7c13fb866dbe1ef
-  SHA256: 008fa89822b7a1f91e5843169083202ea580f7b06eb6d5cae091ba844d035f25
-  Sections:
-    .text:
-      Entropy: 6.141753376459939
-      Virtual Size: '0x320c'
-    .rdata:
-      Entropy: 3.8350601777496722
-      Virtual Size: '0x1460'
-    .data:
-      Entropy: 2.2583232763427667
-      Virtual Size: '0x17a4'
-    .pdata:
-      Entropy: 4.06852005250443
-      Virtual Size: '0x1b0'
-    PAGE:
-      Entropy: 6.079527011018308
-      Virtual Size: '0x28b'
-    INIT:
-      Entropy: 5.119968261124173
-      Virtual Size: '0x5e6'
-    .rsrc:
-      Entropy: 3.3614073432360265
-      Virtual Size: '0x438'
-    .reloc:
-      Entropy: 4.873734410850681
-      Virtual Size: '0x22e'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 059c6bd84285f4960e767f032b33f19b
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 7ca4b02d08ac14414869c00e9065881c
-    SHA1: b6e43367b1208d623965c9d57d9347d08b1a6d1c
-    SHA256: 29d6155c68ff372a475d6fe5bde64caa68794bb4164f7e1aae7da5b744f6e6d2
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2020 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2020-07-15 08:10:20'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.2.0.0
-  Filename: ''
-  ImportedFunctions:
-  - NtBuildNumber
-  - IofCompleteRequest
-  - KeBugCheck
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsInitialSystemProcess
-  - ObfDereferenceObject
-  - PsLookupProcessByProcessId
-  - PsGetProcessImageFileName
-  - PsGetProcessId
-  - ZwClose
-  - ZwSetInformationProcess
-  - ZwDuplicateToken
-  - ObOpenObjectByPointer
-  - PsProcessType
-  - RtlInitUnicodeString
-  - PsReferencePrimaryToken
-  - IoGetCurrentProcess
-  - RtlCompareMemory
-  - ZwOpenProcessTokenEx
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - IoFreeMdl
-  - MmUnlockPages
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - memcpy
-  - KeServiceDescriptorTable
-  - IoEnumerateRegisteredFiltersList
-  - KeTickCount
-  - MmGetSystemRoutineAddress
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - memset
-  - PsDereferencePrimaryToken
-  - _vsnwprintf
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwind
-  - KeBugCheckEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltGetVolumeFromInstance
-  - FltObjectDereference
-  - FltEnumerateFilters
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: 7e92f98b809430622b04e88441b2eb04
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.2.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: c4873a245675b1071413f34af4d80050
-    SHA1: dd32c95fe9c3a8bcfa7623a732f2492214ff5881
-    SHA256: 2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
-  SHA1: 5fa527e679d25a15ecc913ce6a8d0218e2ff174b
-  SHA256: e99580e25f419b5ad90669e0c274cf63d30efa08065d064a863e655bdf77fb59
-  Sections:
-    .text:
-      Entropy: 6.2064317372812985
-      Virtual Size: '0x2404'
-    .rdata:
-      Entropy: 3.543316130754261
-      Virtual Size: '0xff4'
-    .data:
-      Entropy: 2.813191841547333
-      Virtual Size: '0x14dc'
-    PAGE:
-      Entropy: 5.804360087879422
-      Virtual Size: '0x266'
-    INIT:
-      Entropy: 5.4281677070245955
-      Virtual Size: '0x538'
-    .rsrc:
-      Entropy: 3.3459452702797696
-      Virtual Size: '0x430'
-    .reloc:
-      Entropy: 6.0011548156682
-      Virtual Size: '0x4a0'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2026-04-13 10:00:00'
-      Signature: 1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 751e3ee9c5dc2f3e8f04e59dee5ed409
-      Version: 3
-      TBS:
-        MD5: a637f8f3c278575f41cda67c2063c050
-        SHA1: debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
-        SHA256: f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
-        SHA384: 8d32c5f71dc656c96a04609c17e9d8dc95c4f56d1a55165a265e244d34a3f7708e6c7d942376e4fbb3d2ac2f2609fd47
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 3b49942ec6cef1898e97f741b2b5df8a
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: f6d285ab906467d91afefacb27e68348
-    SHA1: 808d44597b95b6471bf6f7b8b6e716c73405f5a0
-    SHA256: 3d73996901d2bfac9999a55723cb57ef5bde1e9a73070979df69f1f1fa8782c1
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2017 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2017-03-25 18:33:14'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.1.0.0
-  Filename: ''
-  ImportedFunctions:
-  - NtBuildNumber
-  - IofCompleteRequest
-  - KeBugCheck
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsInitialSystemProcess
-  - ObfDereferenceObject
-  - PsLookupProcessByProcessId
-  - PsGetProcessImageFileName
-  - PsGetProcessId
-  - ZwClose
-  - ZwSetInformationProcess
-  - ZwDuplicateToken
-  - ObOpenObjectByPointer
-  - PsProcessType
-  - RtlInitUnicodeString
-  - PsReferencePrimaryToken
-  - IoGetCurrentProcess
-  - RtlCompareMemory
-  - ZwOpenProcessTokenEx
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - IoFreeMdl
-  - MmUnlockPages
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - memcpy
-  - KeServiceDescriptorTable
-  - IoEnumerateRegisteredFiltersList
-  - KeTickCount
-  - MmGetSystemRoutineAddress
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - memset
-  - PsDereferencePrimaryToken
-  - _vsnwprintf
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwind
-  - KeBugCheckEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltGetVolumeFromInstance
-  - FltObjectDereference
-  - FltEnumerateFilters
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: f589d4bf547c140b6ec8a511ea47c658
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.1.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: c4873a245675b1071413f34af4d80050
-    SHA1: dd32c95fe9c3a8bcfa7623a732f2492214ff5881
-    SHA256: 2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
-  SHA1: 9481cd590c69544c197b4ee055056302978a7191
-  SHA256: 15cf366f7b3ee526db7ce2b5253ffebcbfaa4f33a82b459237c049f854a97c0c
-  Sections:
-    .text:
-      Entropy: 6.189266621409851
-      Virtual Size: '0x235e'
-    .rdata:
-      Entropy: 3.563546371946433
-      Virtual Size: '0xdc4'
-    .data:
-      Entropy: 2.9710357364934694
-      Virtual Size: '0xd68'
-    PAGE:
-      Entropy: 5.8055474754253495
-      Virtual Size: '0x266'
-    INIT:
-      Entropy: 5.325440401058366
-      Virtual Size: '0x538'
-    .rsrc:
-      Entropy: 3.3682712956797647
-      Virtual Size: '0x440'
-    .reloc:
-      Entropy: 5.910661392306955
-      Virtual Size: '0x3e0'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 3b49942ec6cef1898e97f741b2b5df8a
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: d9d7f6afd6bec170cc913b4f6b317379
-    SHA1: 1f5c7b6d0bd335dab1ee04d893aca4309f1b71ad
-    SHA256: cbf98b321670fd17462e7ceb8a0d002b9a1474f8015d94ea267a942a2e20c80b
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2014 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2014-12-13 11:40:20'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.0.0.0
-  Filename: ''
-  ImportedFunctions:
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsProcessType
-  - PsGetProcessImageFileName
-  - PsLookupProcessByProcessId
-  - PsReferencePrimaryToken
-  - ZwOpenProcessTokenEx
-  - IoGetCurrentProcess
-  - ZwSetInformationProcess
-  - ZwClose
-  - ZwDuplicateToken
-  - PsInitialSystemProcess
-  - RtlCompareMemory
-  - ObfDereferenceObject
-  - IofCompleteRequest
-  - PsGetProcessId
-  - PsDereferencePrimaryToken
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IoFreeMdl
-  - MmProbeAndLockPages
-  - MmUnlockPages
-  - IoAllocateMdl
-  - ZwUnloadKey
-  - RtlInitUnicodeString
-  - MmGetSystemRoutineAddress
-  - PsSetCreateProcessNotifyRoutine
-  - IoEnumerateRegisteredFiltersList
-  - KeBugCheckEx
-  - KeBugCheck
-  - _vsnwprintf
-  - IoDeleteDevice
-  - NtBuildNumber
-  - ObOpenObjectByPointer
-  - IoDeleteSymbolicLink
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwindEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltEnumerateFilters
-  - FltObjectDereference
-  - FltGetVolumeFromInstance
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: 32282e07db321e8d7849f2287bb6a14f
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.0.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 94bfa9368ea43c71afa29bad9fc60535
-    SHA1: d8e5ebd3ca141f00753a138144cd1319d755858b
-    SHA256: 5c236619ead1fde5073ecb323d1c2701a7c522489118cee4ffb4ccf14efc355f
-  SHA1: d4304bc75c2cb9917bb10a1dc630b75af194f7b2
-  SHA256: a74e8f94d2c140646a8bb12e3e322c49a97bd1b8a2e4327863d3623f43d65c66
-  Sections:
-    .text:
-      Entropy: 6.140929597698703
-      Virtual Size: '0x344c'
-    .rdata:
-      Entropy: 3.921159396248812
-      Virtual Size: '0x10dc'
-    .data:
-      Entropy: 2.4734656013956355
-      Virtual Size: '0xc9c'
-    .pdata:
-      Entropy: 4.054832898478182
-      Virtual Size: '0x1d4'
-    PAGE:
-      Entropy: 6.060112416967421
-      Virtual Size: '0x28b'
-    INIT:
-      Entropy: 5.107085003103007
-      Virtual Size: '0x610'
-    .rsrc:
-      Entropy: 3.3527586134193843
-      Virtual Size: '0x440'
-    .reloc:
-      Entropy: 4.349002794600718
-      Virtual Size: '0x154'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: caa08a0ba5f679b1e5bbae747cb9d626
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 209dfaed4036f7b848b78f023d1b193c
-    SHA1: 630bd29c4f47ade7994af8a00ad31de4a7fb6210
-    SHA256: 58ed3bafe401102ddf52c9c2e006408ef181ceaf85741a73328d8fe92195edca
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2017 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2018-12-02 17:53:53'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.1.1.0
-  Filename: ''
-  ImportedFunctions:
-  - KeBugCheck
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsProcessType
-  - PsGetProcessImageFileName
-  - PsLookupProcessByProcessId
-  - PsReferencePrimaryToken
-  - ZwOpenProcessTokenEx
-  - IoGetCurrentProcess
-  - ZwSetInformationProcess
-  - ZwClose
-  - ZwDuplicateToken
-  - PsInitialSystemProcess
-  - _vsnwprintf
-  - ObfDereferenceObject
-  - ObOpenObjectByPointer
-  - PsGetProcessId
-  - PsDereferencePrimaryToken
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IoFreeMdl
-  - MmProbeAndLockPages
-  - MmUnlockPages
-  - IoAllocateMdl
-  - ZwUnloadKey
-  - IoEnumerateRegisteredFiltersList
-  - KeBugCheckEx
-  - MmGetSystemRoutineAddress
-  - IoDeleteDevice
-  - RtlInitUnicodeString
-  - NtBuildNumber
-  - RtlCompareMemory
-  - IoDeleteSymbolicLink
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwindEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltEnumerateFilters
-  - FltObjectDereference
-  - FltGetVolumeFromInstance
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: df52f8a85eb64bc69039243d9680d8e4
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.1.1.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: d45d2640e1584c776a1d10e5f695d7ad
-    SHA1: fef88c261764494d9a145b37b7739f3454786729
-    SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
-  SHA1: 02a9314109e47c5ce52fa553ea57070bf0f8186a
-  SHA256: e858de280bd72d7538386a73e579580a6d5edba87b66b3671dc180229368be19
-  Sections:
-    .text:
-      Entropy: 6.141753376459939
-      Virtual Size: '0x320c'
-    .rdata:
-      Entropy: 3.835152799823403
-      Virtual Size: '0x1460'
-    .data:
-      Entropy: 2.2583232763427667
-      Virtual Size: '0x17a4'
-    .pdata:
-      Entropy: 4.06852005250443
-      Virtual Size: '0x1b0'
-    PAGE:
-      Entropy: 6.079527011018308
-      Virtual Size: '0x28b'
-    INIT:
-      Entropy: 5.119968261124173
-      Virtual Size: '0x5e6'
-    .rsrc:
-      Entropy: 3.3614073432360265
-      Virtual Size: '0x438'
-    .reloc:
-      Entropy: 4.873734410850681
-      Virtual Size: '0x22e'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 059c6bd84285f4960e767f032b33f19b
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: c0f04dc6d625e6743512755961683bd3
-    SHA1: 27e441dece8bb431f827e92c03debae91f2850fd
-    SHA256: 261969a99718fc68b576eb7b58dbdf7c7a781c8f4572b7a77a0be0eec4b32dc2
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2017 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2018-05-26 18:37:27'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.1.1.0
-  Filename: ''
-  ImportedFunctions:
-  - NtBuildNumber
-  - IofCompleteRequest
-  - KeBugCheck
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsInitialSystemProcess
-  - ObfDereferenceObject
-  - PsLookupProcessByProcessId
-  - PsGetProcessImageFileName
-  - PsGetProcessId
-  - ZwClose
-  - ZwSetInformationProcess
-  - ZwDuplicateToken
-  - ObOpenObjectByPointer
-  - PsProcessType
-  - RtlInitUnicodeString
-  - PsReferencePrimaryToken
-  - IoGetCurrentProcess
-  - RtlCompareMemory
-  - ZwOpenProcessTokenEx
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - IoFreeMdl
-  - MmUnlockPages
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - memcpy
-  - KeServiceDescriptorTable
-  - IoEnumerateRegisteredFiltersList
-  - KeTickCount
-  - MmGetSystemRoutineAddress
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - memset
-  - PsDereferencePrimaryToken
-  - _vsnwprintf
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwind
-  - KeBugCheckEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltGetVolumeFromInstance
-  - FltObjectDereference
-  - FltEnumerateFilters
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: 70fd7209ce5c013a1f9e699b5cc86cdc
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.1.1.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: c4873a245675b1071413f34af4d80050
-    SHA1: dd32c95fe9c3a8bcfa7623a732f2492214ff5881
-    SHA256: 2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
-  SHA1: 76568d987f8603339b8d1958f76de2b957811f66
-  SHA256: 82ac05fefaa8c7ee622d11d1a378f1d255b647ab2f3200fd323cc374818a83f2
-  Sections:
-    .text:
-      Entropy: 6.202827671645787
-      Virtual Size: '0x23ae'
-    .rdata:
-      Entropy: 3.5442332261068197
-      Virtual Size: '0xe24'
-    .data:
-      Entropy: 2.9048205574982506
-      Virtual Size: '0xff4'
-    PAGE:
-      Entropy: 5.788042895055868
-      Virtual Size: '0x266'
-    INIT:
-      Entropy: 5.325440401058365
-      Virtual Size: '0x538'
-    .rsrc:
-      Entropy: 3.3588565214747637
-      Virtual Size: '0x438'
-    .reloc:
-      Entropy: 5.981826468919802
-      Virtual Size: '0x41e'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 3b49942ec6cef1898e97f741b2b5df8a
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: b4fa93c4ea580d923c39e987b55f5137
-    SHA1: 43c02bccfbaada5408ac3facfc5768dacbdbd887
-    SHA256: 6094d55d6c7b4fd45cd06658600cef49007bcb73d6a0ab62f6eeabaa19bfd333
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2014 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2015-01-16 17:24:02'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.0.0.0
-  Filename: ''
-  ImportedFunctions:
-  - KeBugCheck
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsInitialSystemProcess
-  - ObfDereferenceObject
-  - PsLookupProcessByProcessId
-  - PsGetProcessImageFileName
-  - PsGetProcessId
-  - ZwClose
-  - ZwSetInformationProcess
-  - ZwDuplicateToken
-  - ObOpenObjectByPointer
-  - PsProcessType
-  - PsDereferencePrimaryToken
-  - PsReferencePrimaryToken
-  - IofCompleteRequest
-  - RtlCompareMemory
-  - ZwOpenProcessTokenEx
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - IoFreeMdl
-  - MmUnlockPages
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - memcpy
-  - KeServiceDescriptorTable
-  - MmGetSystemRoutineAddress
-  - RtlInitUnicodeString
-  - PsSetCreateProcessNotifyRoutine
-  - IoEnumerateRegisteredFiltersList
-  - KeTickCount
-  - NtBuildNumber
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - memset
-  - IoGetCurrentProcess
-  - _vsnwprintf
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwind
-  - KeBugCheckEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltGetVolumeFromInstance
-  - FltObjectDereference
-  - FltEnumerateFilters
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: bfbdea0589fb77c7a7095cf5cd6e8b7a
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.0.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 8665c9d64e9ce611e8da04f59bef5a6b
-    SHA1: 68ce0ee056b5baefb1f65c7e665bb2867f59007d
-    SHA256: 2c3b58420079e8105ce61febc1234fb9f14a5596a25bc2da1bc2e94d89069cab
-  SHA1: 5fef884a901e81ac173d63ade3f5c51694decf74
-  SHA256: 07759750fbb93c77b5c3957c642a9498fcff3946a5c69317db8d6be24098a4a0
-  Sections:
-    .text:
-      Entropy: 6.208724506217132
-      Virtual Size: '0x24fe'
-    .rdata:
-      Entropy: 3.5637699482191136
-      Virtual Size: '0xca4'
-    .data:
-      Entropy: 3.0632943566660935
-      Virtual Size: '0x998'
-    PAGE:
-      Entropy: 5.795775488454666
-      Virtual Size: '0x266'
-    INIT:
-      Entropy: 5.304269216190384
-      Virtual Size: '0x55e'
-    .rsrc:
-      Entropy: 3.3520647829946015
-      Virtual Size: '0x440'
-    .reloc:
-      Entropy: 5.8847883106789
-      Virtual Size: '0x3b6'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 8e35c9460537092672b3c7c14bccc7e0
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 3f0d45ddee622a7342861abfb2542280
-    SHA1: 0c238740114b4232ac438087456573a7bfb4bc76
-    SHA256: 16274f4d9293fff056268a2d53c1a2e27db26d6b643f24651b5f2a0c055b7f40
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2017 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2017-03-27 19:18:21'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.1.0.0
-  Filename: ''
-  ImportedFunctions:
-  - KeBugCheck
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsProcessType
-  - PsGetProcessImageFileName
-  - PsLookupProcessByProcessId
-  - PsReferencePrimaryToken
-  - ZwOpenProcessTokenEx
-  - IoGetCurrentProcess
-  - ZwSetInformationProcess
-  - ZwClose
-  - ZwDuplicateToken
-  - PsInitialSystemProcess
-  - _vsnwprintf
-  - ObfDereferenceObject
-  - ObOpenObjectByPointer
-  - PsGetProcessId
-  - PsDereferencePrimaryToken
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IoFreeMdl
-  - MmProbeAndLockPages
-  - MmUnlockPages
-  - IoAllocateMdl
-  - ZwUnloadKey
-  - IoEnumerateRegisteredFiltersList
-  - KeBugCheckEx
-  - MmGetSystemRoutineAddress
-  - IoDeleteDevice
-  - RtlInitUnicodeString
-  - NtBuildNumber
-  - RtlCompareMemory
-  - IoDeleteSymbolicLink
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwindEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltEnumerateFilters
-  - FltObjectDereference
-  - FltGetVolumeFromInstance
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: faae7f5f69fde12303dd1c0c816b72b7
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.1.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: d45d2640e1584c776a1d10e5f695d7ad
-    SHA1: fef88c261764494d9a145b37b7739f3454786729
-    SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
-  SHA1: fe237869b2b496deb52c0bc718ada47b36fc052e
-  SHA256: 1ef7afea0cf2ef246ade6606ef8b7195de9cd7a3cd7570bff90ba1e2422276f6
-  Sections:
-    .text:
-      Entropy: 6.14362601153889
-      Virtual Size: '0x318c'
-    .rdata:
-      Entropy: 3.859005493017084
-      Virtual Size: '0x1300'
-    .data:
-      Entropy: 2.3976266531821224
-      Virtual Size: '0x1144'
-    .pdata:
-      Entropy: 4.043975650731326
-      Virtual Size: '0x1b0'
-    PAGE:
-      Entropy: 6.070426661582891
-      Virtual Size: '0x28b'
-    INIT:
-      Entropy: 5.119968261124173
-      Virtual Size: '0x5e6'
-    .rsrc:
-      Entropy: 3.370803361398665
-      Virtual Size: '0x440'
-    .reloc:
-      Entropy: 4.657997051970539
-      Virtual Size: '0x1b6'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 059c6bd84285f4960e767f032b33f19b
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 8fff226cedcdde20b8bee539c1f8dc34
-    SHA1: 78276eb832e4ec854b8276a0933512971e60a84c
-    SHA256: 9fba340eece424f30bdf80126f2d72eba5165bc174ccfb5e240b281639f675e3
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2020 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2020-09-16 04:02:12'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.2.0.0
-  Filename: ''
-  ImportedFunctions:
-  - KeBugCheck
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsProcessType
-  - PsGetProcessImageFileName
-  - PsLookupProcessByProcessId
-  - PsReferencePrimaryToken
-  - ZwOpenProcessTokenEx
-  - IoGetCurrentProcess
-  - ZwSetInformationProcess
-  - ZwClose
-  - ZwDuplicateToken
-  - PsInitialSystemProcess
-  - _vsnwprintf
-  - ObfDereferenceObject
-  - ObOpenObjectByPointer
-  - PsGetProcessId
-  - PsDereferencePrimaryToken
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IoFreeMdl
-  - MmProbeAndLockPages
-  - MmUnlockPages
-  - IoAllocateMdl
-  - ZwUnloadKey
-  - IoEnumerateRegisteredFiltersList
-  - KeBugCheckEx
-  - MmGetSystemRoutineAddress
-  - IoDeleteDevice
-  - RtlInitUnicodeString
-  - NtBuildNumber
-  - RtlCompareMemory
-  - IoDeleteSymbolicLink
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwindEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltEnumerateFilters
-  - FltObjectDereference
-  - FltGetVolumeFromInstance
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: fe9004353b25640f6a879e57f07122d7
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.2.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: d45d2640e1584c776a1d10e5f695d7ad
-    SHA1: fef88c261764494d9a145b37b7739f3454786729
-    SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
-  SHA1: dcc852461895311b56e3ae774c8e90782a79c0b4
-  SHA256: 793b78e70b3ae3bb400c5a8bc4d2d89183f1d7fc70954aed43df7287248b6875
-  Sections:
-    .text:
-      Entropy: 6.133976095876382
-      Virtual Size: '0x329c'
-    .rdata:
-      Entropy: 3.8364654979927924
-      Virtual Size: '0x1490'
-    .data:
-      Entropy: 2.1710929957450715
-      Virtual Size: '0x1c54'
-    .pdata:
-      Entropy: 3.9857737110778095
-      Virtual Size: '0x1b0'
-    PAGE:
-      Entropy: 6.058535435224619
-      Virtual Size: '0x28b'
-    INIT:
-      Entropy: 5.119968261124173
-      Virtual Size: '0x5e6'
-    .rsrc:
-      Entropy: 3.3478109419215607
-      Virtual Size: '0x430'
-    .reloc:
-      Entropy: 5.011052354824561
-      Virtual Size: '0x288'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2026-04-13 10:00:00'
-      Signature: 1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 751e3ee9c5dc2f3e8f04e59dee5ed409
-      Version: 3
-      TBS:
-        MD5: a637f8f3c278575f41cda67c2063c050
-        SHA1: debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
-        SHA256: f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
-        SHA384: 8d32c5f71dc656c96a04609c17e9d8dc95c4f56d1a55165a265e244d34a3f7708e6c7d942376e4fbb3d2ac2f2609fd47
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 059c6bd84285f4960e767f032b33f19b
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: dada1d0f3489d58e3f1ed63bbb4c9e1e
-    SHA1: 02c27708bf2718ff01113cae968ca8f63cf192ba
-    SHA256: 3de9802a0a1f2da67908a69b4face53b2e62d8106d7c8e2f1d4acfd0a0694f26
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2014 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2015-07-14 17:15:53'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.0.0.0
-  Filename: ''
-  ImportedFunctions:
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsProcessType
-  - PsGetProcessImageFileName
-  - PsLookupProcessByProcessId
-  - PsReferencePrimaryToken
-  - ZwOpenProcessTokenEx
-  - IoGetCurrentProcess
-  - ZwSetInformationProcess
-  - ZwClose
-  - ZwDuplicateToken
-  - PsInitialSystemProcess
-  - RtlCompareMemory
-  - ObfDereferenceObject
-  - IofCompleteRequest
-  - PsGetProcessId
-  - PsDereferencePrimaryToken
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IoFreeMdl
-  - MmProbeAndLockPages
-  - MmUnlockPages
-  - IoAllocateMdl
-  - ZwUnloadKey
-  - RtlInitUnicodeString
-  - MmGetSystemRoutineAddress
-  - PsSetCreateProcessNotifyRoutine
-  - IoEnumerateRegisteredFiltersList
-  - KeBugCheckEx
-  - KeBugCheck
-  - _vsnwprintf
-  - IoDeleteDevice
-  - NtBuildNumber
-  - ObOpenObjectByPointer
-  - IoDeleteSymbolicLink
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwindEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltEnumerateFilters
-  - FltObjectDereference
-  - FltGetVolumeFromInstance
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: 89d294ef7fefcdf1a6ca0ab96a856f57
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.0.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 94bfa9368ea43c71afa29bad9fc60535
-    SHA1: d8e5ebd3ca141f00753a138144cd1319d755858b
-    SHA256: 5c236619ead1fde5073ecb323d1c2701a7c522489118cee4ffb4ccf14efc355f
-  SHA1: a63e9ecdebaf4ef9c9ec3362ff110b8859cc396d
-  SHA256: eab9b5b7e5fab1c2d7d44cd28f13ae8bb083d9362d2b930d43354a3dfd38e05a
-  Sections:
-    .text:
-      Entropy: 6.1491487342367845
-      Virtual Size: '0x342c'
-    .rdata:
-      Entropy: 3.8790536669723785
-      Virtual Size: '0x121c'
-    .data:
-      Entropy: 2.603720407225135
-      Virtual Size: '0xe7c'
-    .pdata:
-      Entropy: 4.029672285693752
-      Virtual Size: '0x1d4'
-    PAGE:
-      Entropy: 6.075319996890446
-      Virtual Size: '0x28b'
-    INIT:
-      Entropy: 5.107085003103007
-      Virtual Size: '0x610'
-    .rsrc:
-      Entropy: 3.3527586134193843
-      Virtual Size: '0x440'
-    .reloc:
-      Entropy: 4.483127055768285
-      Virtual Size: '0x172'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: caa08a0ba5f679b1e5bbae747cb9d626
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 8cf465a09311abaf3c1beec007c34af1
-    SHA1: b6a2ef75f88bd7552be4358ecb72eb7856503cb1
-    SHA256: 3afd07a7775c13bf147b3ea25fd8fde7cce51bab90753b5af44dc2945d64d699
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2020 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2020-02-29 03:13:08'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.2.0.0
-  Filename: ''
-  ImportedFunctions:
-  - NtBuildNumber
-  - IofCompleteRequest
-  - KeBugCheck
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsInitialSystemProcess
-  - ObfDereferenceObject
-  - PsLookupProcessByProcessId
-  - PsGetProcessImageFileName
-  - PsGetProcessId
-  - ZwClose
-  - ZwSetInformationProcess
-  - ZwDuplicateToken
-  - ObOpenObjectByPointer
-  - PsProcessType
-  - RtlInitUnicodeString
-  - PsReferencePrimaryToken
-  - IoGetCurrentProcess
-  - RtlCompareMemory
-  - ZwOpenProcessTokenEx
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - IoFreeMdl
-  - MmUnlockPages
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - memcpy
-  - KeServiceDescriptorTable
-  - IoEnumerateRegisteredFiltersList
-  - KeTickCount
-  - MmGetSystemRoutineAddress
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - memset
-  - PsDereferencePrimaryToken
-  - _vsnwprintf
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwind
-  - KeBugCheckEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltGetVolumeFromInstance
-  - FltObjectDereference
-  - FltEnumerateFilters
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: 49518f7375a5f995ebe9423d8f19cfe4
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.2.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: c4873a245675b1071413f34af4d80050
-    SHA1: dd32c95fe9c3a8bcfa7623a732f2492214ff5881
-    SHA256: 2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
-  SHA1: 46c9a474a1a62c25a05bc7661b75a80b471616e6
-  SHA256: a0931e16cf7b18d15579e36e0a69edad1717b07527b5407f2c105a2f554224b2
-  Sections:
-    .text:
-      Entropy: 6.2035733322045745
-      Virtual Size: '0x23f4'
-    .rdata:
-      Entropy: 3.5723021024796515
-      Virtual Size: '0xed4'
-    .data:
-      Entropy: 2.8516013173925066
-      Virtual Size: '0x1264'
-    PAGE:
-      Entropy: 5.795549160299263
-      Virtual Size: '0x266'
-    INIT:
-      Entropy: 5.429489696991249
-      Virtual Size: '0x538'
-    .rsrc:
-      Entropy: 3.3459452702797696
-      Virtual Size: '0x430'
-    .reloc:
-      Entropy: 5.93822728458253
-      Virtual Size: '0x464'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2026-04-13 10:00:00'
-      Signature: 1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 751e3ee9c5dc2f3e8f04e59dee5ed409
-      Version: 3
-      TBS:
-        MD5: a637f8f3c278575f41cda67c2063c050
-        SHA1: debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
-        SHA256: f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
-        SHA384: 8d32c5f71dc656c96a04609c17e9d8dc95c4f56d1a55165a265e244d34a3f7708e6c7d942376e4fbb3d2ac2f2609fd47
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 3b49942ec6cef1898e97f741b2b5df8a
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: fde047ef1927adb3392991521497424e
-    SHA1: 025a501e9c62f6e0382031f301e5e224bfc275d7
-    SHA256: d67899bbb43fec01b10b33105eb970d44aac5b81dd22cab8bf2d86302f6d08a8
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2019 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2019-11-24 18:50:02'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.2.0.0
-  Filename: ''
-  ImportedFunctions:
-  - NtBuildNumber
-  - IofCompleteRequest
-  - KeBugCheck
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsInitialSystemProcess
-  - ObfDereferenceObject
-  - PsLookupProcessByProcessId
-  - PsGetProcessImageFileName
-  - PsGetProcessId
-  - ZwClose
-  - ZwSetInformationProcess
-  - ZwDuplicateToken
-  - ObOpenObjectByPointer
-  - PsProcessType
-  - RtlInitUnicodeString
-  - PsReferencePrimaryToken
-  - IoGetCurrentProcess
-  - RtlCompareMemory
-  - ZwOpenProcessTokenEx
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - IoFreeMdl
-  - MmUnlockPages
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - memcpy
-  - KeServiceDescriptorTable
-  - IoEnumerateRegisteredFiltersList
-  - KeTickCount
-  - MmGetSystemRoutineAddress
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - memset
-  - PsDereferencePrimaryToken
-  - _vsnwprintf
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwind
-  - KeBugCheckEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltGetVolumeFromInstance
-  - FltObjectDereference
-  - FltEnumerateFilters
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: 990b949894b7dc82a8cf1131b063cb1a
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.2.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: c4873a245675b1071413f34af4d80050
-    SHA1: dd32c95fe9c3a8bcfa7623a732f2492214ff5881
-    SHA256: 2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
-  SHA1: 505546d82aab56889a923004654b9afdec54efe6
-  SHA256: 9a42fa1870472c38a56c0a70f62e57a3cdc0f5bc142f3a400d897b85d65800ac
-  Sections:
-    .text:
-      Entropy: 6.2035733322045745
-      Virtual Size: '0x23f4'
-    .rdata:
-      Entropy: 3.566391797561208
-      Virtual Size: '0xed4'
-    .data:
-      Entropy: 2.8516013173925066
-      Virtual Size: '0x1264'
-    PAGE:
-      Entropy: 5.795549160299263
-      Virtual Size: '0x266'
-    INIT:
-      Entropy: 5.429489696991249
-      Virtual Size: '0x538'
-    .rsrc:
-      Entropy: 3.3528875272530887
-      Virtual Size: '0x430'
-    .reloc:
-      Entropy: 5.93822728458253
-      Virtual Size: '0x464'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 3b49942ec6cef1898e97f741b2b5df8a
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: d0bac37efd60f078151553582c724c0e
-    SHA1: ce7cf79d71b6202d36eb44cd7941e00dfb72a86d
-    SHA256: 4ab6430b72807637cc173f174301d8411bc17ec2cb542e739d28f77eb9d47327
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2020 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2020-08-16 02:26:06'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.2.0.0
-  Filename: ''
-  ImportedFunctions:
-  - NtBuildNumber
-  - IofCompleteRequest
-  - KeBugCheck
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsInitialSystemProcess
-  - ObfDereferenceObject
-  - PsLookupProcessByProcessId
-  - PsGetProcessImageFileName
-  - PsGetProcessId
-  - ZwClose
-  - ZwSetInformationProcess
-  - ZwDuplicateToken
-  - ObOpenObjectByPointer
-  - PsProcessType
-  - RtlInitUnicodeString
-  - PsReferencePrimaryToken
-  - IoGetCurrentProcess
-  - RtlCompareMemory
-  - ZwOpenProcessTokenEx
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - IoFreeMdl
-  - MmUnlockPages
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - memcpy
-  - KeServiceDescriptorTable
-  - IoEnumerateRegisteredFiltersList
-  - KeTickCount
-  - MmGetSystemRoutineAddress
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - memset
-  - PsDereferencePrimaryToken
-  - _vsnwprintf
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwind
-  - KeBugCheckEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltGetVolumeFromInstance
-  - FltObjectDereference
-  - FltEnumerateFilters
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: 07056573d464b0f5284f7e3acedd4a3f
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.2.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: c4873a245675b1071413f34af4d80050
-    SHA1: dd32c95fe9c3a8bcfa7623a732f2492214ff5881
-    SHA256: 2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
-  SHA1: ed86bb62893e6ffcdfd2ecae2dea77fdf6bf9bde
-  SHA256: a1e6b431534258954db07039117b3159e889c6b9e757329bbd4126383c60c778
-  Sections:
-    .text:
-      Entropy: 6.2064317372812985
-      Virtual Size: '0x2404'
-    .rdata:
-      Entropy: 3.543469094654377
-      Virtual Size: '0xff4'
-    .data:
-      Entropy: 2.813191841547333
-      Virtual Size: '0x14dc'
-    PAGE:
-      Entropy: 5.804360087879422
-      Virtual Size: '0x266'
-    INIT:
-      Entropy: 5.4281677070245955
-      Virtual Size: '0x538'
-    .rsrc:
-      Entropy: 3.3459452702797696
-      Virtual Size: '0x430'
-    .reloc:
-      Entropy: 6.0011548156682
-      Virtual Size: '0x4a0'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2026-04-13 10:00:00'
-      Signature: 1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 751e3ee9c5dc2f3e8f04e59dee5ed409
-      Version: 3
-      TBS:
-        MD5: a637f8f3c278575f41cda67c2063c050
-        SHA1: debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
-        SHA256: f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
-        SHA384: 8d32c5f71dc656c96a04609c17e9d8dc95c4f56d1a55165a265e244d34a3f7708e6c7d942376e4fbb3d2ac2f2609fd47
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 3b49942ec6cef1898e97f741b2b5df8a
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 0c82643a7da80ce21702986433d1b038
-    SHA1: e5344ab55f09e819aa923c6cf9236f344106a103
-    SHA256: 938e65ff5760e44faf22a35242547c41a0d8d2b21a2f8a12f6b84d4055aad384
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2019 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2019-07-10 15:09:38'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.2.0.0
-  Filename: ''
-  ImportedFunctions:
-  - KeBugCheck
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsProcessType
-  - PsGetProcessImageFileName
-  - PsLookupProcessByProcessId
-  - PsReferencePrimaryToken
-  - ZwOpenProcessTokenEx
-  - IoGetCurrentProcess
-  - ZwSetInformationProcess
-  - ZwClose
-  - ZwDuplicateToken
-  - PsInitialSystemProcess
-  - _vsnwprintf
-  - ObfDereferenceObject
-  - ObOpenObjectByPointer
-  - PsGetProcessId
-  - PsDereferencePrimaryToken
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IoFreeMdl
-  - MmProbeAndLockPages
-  - MmUnlockPages
-  - IoAllocateMdl
-  - ZwUnloadKey
-  - IoEnumerateRegisteredFiltersList
-  - KeBugCheckEx
-  - MmGetSystemRoutineAddress
-  - IoDeleteDevice
-  - RtlInitUnicodeString
-  - NtBuildNumber
-  - RtlCompareMemory
-  - IoDeleteSymbolicLink
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwindEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltEnumerateFilters
-  - FltObjectDereference
-  - FltGetVolumeFromInstance
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: 29047f0b7790e524b09a06852d31a117
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.2.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: d45d2640e1584c776a1d10e5f695d7ad
-    SHA1: fef88c261764494d9a145b37b7739f3454786729
-    SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
-  SHA1: 948368fe309652e8d88088d23e1df39e9c2b6649
-  SHA256: 704c6ffe786bc83a73fbdcd2edd50f47c3b5053da7da6aa4c10324d389a31db4
-  Sections:
-    .text:
-      Entropy: 6.135433819899731
-      Virtual Size: '0x325c'
-    .rdata:
-      Entropy: 3.834751061856716
-      Virtual Size: '0x1450'
-    .data:
-      Entropy: 2.2159905775744044
-      Virtual Size: '0x1934'
-    .pdata:
-      Entropy: 4.038755197475624
-      Virtual Size: '0x1b0'
-    PAGE:
-      Entropy: 6.068036657482388
-      Virtual Size: '0x28b'
-    INIT:
-      Entropy: 5.119968261124173
-      Virtual Size: '0x5e6'
-    .rsrc:
-      Entropy: 3.3547531988948798
-      Virtual Size: '0x430'
-    .reloc:
-      Entropy: 4.901711830072888
-      Virtual Size: '0x24c'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 059c6bd84285f4960e767f032b33f19b
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 706136bd0d1f5813c9f2c0044cc9e0ed
-    SHA1: 68604430dd407047559417e6941b8429d9fe8bbd
-    SHA256: f902d78dada1658d688b1a8aac6ef48bdf968c859149f60f6c26e5b8af4656da
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2014 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2014-06-14 14:54:02'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.0.0.0
-  Filename: ''
-  ImportedFunctions:
-  - KeBugCheck
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsInitialSystemProcess
-  - ObfDereferenceObject
-  - PsLookupProcessByProcessId
-  - PsGetProcessImageFileName
-  - PsGetProcessId
-  - ZwClose
-  - ZwSetInformationProcess
-  - ZwDuplicateToken
-  - ObOpenObjectByPointer
-  - PsProcessType
-  - PsDereferencePrimaryToken
-  - PsReferencePrimaryToken
-  - IofCompleteRequest
-  - RtlCompareMemory
-  - ZwOpenProcessTokenEx
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - IoFreeMdl
-  - MmUnlockPages
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - memcpy
-  - KeServiceDescriptorTable
-  - MmGetSystemRoutineAddress
-  - RtlInitUnicodeString
-  - IoEnumerateRegisteredFiltersList
-  - KeTickCount
-  - NtBuildNumber
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - memset
-  - IoGetCurrentProcess
-  - _vsnwprintf
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwind
-  - KeBugCheckEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltGetVolumeFromInstance
-  - FltObjectDereference
-  - FltEnumerateFilters
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: 6b3c1511e12f4d27a4ea3b18020d7b84
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.0.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: c4873a245675b1071413f34af4d80050
-    SHA1: dd32c95fe9c3a8bcfa7623a732f2492214ff5881
-    SHA256: 2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
-  SHA1: 3489ed43bdd11ccbfc892baaeae8102ff7d22f25
-  SHA256: 627e13da6a45006fff4711b14754f9ccfac9a5854d275da798a22f3a68dd1eaa
-  Sections:
-    .text:
-      Entropy: 6.195574811483624
-      Virtual Size: '0x2258'
-    .rdata:
-      Entropy: 3.575304098566286
-      Virtual Size: '0xc34'
-    .data:
-      Entropy: 3.072428037253572
-      Virtual Size: '0x984'
-    PAGE:
-      Entropy: 5.80042492326293
-      Virtual Size: '0x266'
-    INIT:
-      Entropy: 5.310271971506795
-      Virtual Size: '0x538'
-    .rsrc:
-      Entropy: 3.3520647829946015
-      Virtual Size: '0x440'
-    .reloc:
-      Entropy: 5.848091578092837
-      Virtual Size: '0x380'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 3866dd9fe63de457bdbf893bf7050ddf
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 26999d09dc9619834397d4936398ff89
-    SHA1: 4b0a8cc2bc05bc1e87802a3306cf13b30f2e9be8
-    SHA256: cbc1543100df83a08f3ee9476cde83db616f610917cd4bf5ecaafad46b6f7e23
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2017 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2017-12-17 19:31:00'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.1.1.0
-  Filename: ''
-  ImportedFunctions:
-  - NtBuildNumber
-  - IofCompleteRequest
-  - KeBugCheck
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsInitialSystemProcess
-  - ObfDereferenceObject
-  - PsLookupProcessByProcessId
-  - PsGetProcessImageFileName
-  - PsGetProcessId
-  - ZwClose
-  - ZwSetInformationProcess
-  - ZwDuplicateToken
-  - ObOpenObjectByPointer
-  - PsProcessType
-  - RtlInitUnicodeString
-  - PsReferencePrimaryToken
-  - IoGetCurrentProcess
-  - RtlCompareMemory
-  - ZwOpenProcessTokenEx
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - IoFreeMdl
-  - MmUnlockPages
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - memcpy
-  - KeServiceDescriptorTable
-  - IoEnumerateRegisteredFiltersList
-  - KeTickCount
-  - MmGetSystemRoutineAddress
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - memset
-  - PsDereferencePrimaryToken
-  - _vsnwprintf
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwind
-  - KeBugCheckEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltGetVolumeFromInstance
-  - FltObjectDereference
-  - FltEnumerateFilters
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: c277c4386a78fae1b7e17eaecf4f472b
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.1.1.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: c4873a245675b1071413f34af4d80050
-    SHA1: dd32c95fe9c3a8bcfa7623a732f2492214ff5881
-    SHA256: 2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
-  SHA1: 1d373361d3129d11bc43f9b6dfa81d06e5ca8358
-  SHA256: c7cd14c71bcac5420872c3d825ff6d4be6a86f3d6a8a584f1a756541efff858e
-  Sections:
-    .text:
-      Entropy: 6.198093347366582
-      Virtual Size: '0x239e'
-    .rdata:
-      Entropy: 3.5476393963692816
-      Virtual Size: '0xe04'
-    .data:
-      Entropy: 2.8887582835017827
-      Virtual Size: '0xff8'
-    PAGE:
-      Entropy: 5.783313787388865
-      Virtual Size: '0x266'
-    INIT:
-      Entropy: 5.323943395070341
-      Virtual Size: '0x538'
-    .rsrc:
-      Entropy: 3.3804140325955863
-      Virtual Size: '0x440'
-    .reloc:
-      Entropy: 5.967349329602677
-      Virtual Size: '0x41e'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 3b49942ec6cef1898e97f741b2b5df8a
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 7ef5136814f34a3bc01b28b5a53c8900
-    SHA1: 582c52652f68b51b58c79a196746bc2a2f9010a8
-    SHA256: ea318c5300b57b35e07b4c16453a660cd5ce059cdb6578d3057e848e14d68eac
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2017 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2017-06-07 16:45:03'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.1.0.0
-  Filename: ''
-  ImportedFunctions:
-  - NtBuildNumber
-  - IofCompleteRequest
-  - KeBugCheck
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsInitialSystemProcess
-  - ObfDereferenceObject
-  - PsLookupProcessByProcessId
-  - PsGetProcessImageFileName
-  - PsGetProcessId
-  - ZwClose
-  - ZwSetInformationProcess
-  - ZwDuplicateToken
-  - ObOpenObjectByPointer
-  - PsProcessType
-  - RtlInitUnicodeString
-  - PsReferencePrimaryToken
-  - IoGetCurrentProcess
-  - RtlCompareMemory
-  - ZwOpenProcessTokenEx
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - IoFreeMdl
-  - MmUnlockPages
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - memcpy
-  - KeServiceDescriptorTable
-  - IoEnumerateRegisteredFiltersList
-  - KeTickCount
-  - MmGetSystemRoutineAddress
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - memset
-  - PsDereferencePrimaryToken
-  - _vsnwprintf
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwind
-  - KeBugCheckEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltGetVolumeFromInstance
-  - FltObjectDereference
-  - FltEnumerateFilters
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: 508faa4647f305a97ed7167abc4d1330
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.1.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: c4873a245675b1071413f34af4d80050
-    SHA1: dd32c95fe9c3a8bcfa7623a732f2492214ff5881
-    SHA256: 2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
-  SHA1: 1b526cbcba09b8d663e82004cf24ef44343030d3
-  SHA256: f3ec3f22639d45b3c865bb1ed7622db32e04e1dbc456298be02bf1f3875c3aac
-  Sections:
-    .text:
-      Entropy: 6.199736289697868
-      Virtual Size: '0x236e'
-    .rdata:
-      Entropy: 3.5632394063401622
-      Virtual Size: '0xde4'
-    .data:
-      Entropy: 2.962098389788266
-      Virtual Size: '0xeb0'
-    PAGE:
-      Entropy: 5.795507089372613
-      Virtual Size: '0x266'
-    INIT:
-      Entropy: 5.324875365502854
-      Virtual Size: '0x538'
-    .rsrc:
-      Entropy: 3.3682712956797647
-      Virtual Size: '0x440'
-    .reloc:
-      Entropy: 5.952195564032691
-      Virtual Size: '0x3fe'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 3b49942ec6cef1898e97f741b2b5df8a
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 545dfb2a0acc4d2f8bfa4bd3fffed89f
-    SHA1: 835d3533f744312aadc2c1c5bc818726077efeed
-    SHA256: 951edade4ad00b185929c14622e5efcac1069cadaf6bcc945e744c30f069c9b9
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2016 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2016-10-29 13:27:21'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.1.0.0
-  Filename: ''
-  ImportedFunctions:
-  - NtBuildNumber
-  - IofCompleteRequest
-  - KeBugCheck
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsInitialSystemProcess
-  - ObfDereferenceObject
-  - PsLookupProcessByProcessId
-  - PsGetProcessImageFileName
-  - PsGetProcessId
-  - ZwClose
-  - ZwSetInformationProcess
-  - ZwDuplicateToken
-  - ObOpenObjectByPointer
-  - PsProcessType
-  - RtlInitUnicodeString
-  - PsReferencePrimaryToken
-  - IoGetCurrentProcess
-  - RtlCompareMemory
-  - ZwOpenProcessTokenEx
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - IoFreeMdl
-  - MmUnlockPages
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - memcpy
-  - KeServiceDescriptorTable
-  - IoEnumerateRegisteredFiltersList
-  - KeTickCount
-  - MmGetSystemRoutineAddress
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - memset
-  - PsDereferencePrimaryToken
-  - _vsnwprintf
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwind
-  - KeBugCheckEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltGetVolumeFromInstance
-  - FltObjectDereference
-  - FltEnumerateFilters
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: 7fad9f2ef803496f482ce4728578a57a
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.1.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: c4873a245675b1071413f34af4d80050
-    SHA1: dd32c95fe9c3a8bcfa7623a732f2492214ff5881
-    SHA256: 2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
-  SHA1: 3bd1a88cc7dae701bc7085639e1c26ded3f8ccb3
-  SHA256: 0740359baef32cbb0b14a9d1bd3499ea2e770ff9b1c85898cfac8fd9aca4fa39
-  Sections:
-    .text:
-      Entropy: 6.189266621409851
-      Virtual Size: '0x235e'
-    .rdata:
-      Entropy: 3.5686730013234587
-      Virtual Size: '0xdc4'
-    .data:
-      Entropy: 2.9710357364934694
-      Virtual Size: '0xd68'
-    PAGE:
-      Entropy: 5.8055474754253495
-      Virtual Size: '0x266'
-    INIT:
-      Entropy: 5.325440401058366
-      Virtual Size: '0x538'
-    .rsrc:
-      Entropy: 3.3682712956797647
-      Virtual Size: '0x440'
-    .reloc:
-      Entropy: 5.910661392306955
-      Virtual Size: '0x3e0'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 3b49942ec6cef1898e97f741b2b5df8a
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 690e68213dcd459261fc9ec5ef405d71
-    SHA1: 737d5b068d136ff87b6ad9e81e104f9939202d1b
-    SHA256: 7fe1958f35b91da7819002c38642bb9408db3167bd311c637aaae6f9d45af3e4
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2014 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2015-01-22 14:15:53'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.0.0.0
-  Filename: ''
-  ImportedFunctions:
-  - KeBugCheck
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsInitialSystemProcess
-  - ObfDereferenceObject
-  - PsLookupProcessByProcessId
-  - PsGetProcessImageFileName
-  - PsGetProcessId
-  - ZwClose
-  - ZwSetInformationProcess
-  - ZwDuplicateToken
-  - ObOpenObjectByPointer
-  - PsProcessType
-  - PsDereferencePrimaryToken
-  - PsReferencePrimaryToken
-  - IofCompleteRequest
-  - RtlCompareMemory
-  - ZwOpenProcessTokenEx
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - IoFreeMdl
-  - MmUnlockPages
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - memcpy
-  - KeServiceDescriptorTable
-  - MmGetSystemRoutineAddress
-  - RtlInitUnicodeString
-  - PsSetCreateProcessNotifyRoutine
-  - IoEnumerateRegisteredFiltersList
-  - KeTickCount
-  - NtBuildNumber
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - memset
-  - IoGetCurrentProcess
-  - _vsnwprintf
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwind
-  - KeBugCheckEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltGetVolumeFromInstance
-  - FltObjectDereference
-  - FltEnumerateFilters
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: 311de109df18e485d4a626b5dbe19bc6
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.0.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 8665c9d64e9ce611e8da04f59bef5a6b
-    SHA1: 68ce0ee056b5baefb1f65c7e665bb2867f59007d
-    SHA256: 2c3b58420079e8105ce61febc1234fb9f14a5596a25bc2da1bc2e94d89069cab
-  SHA1: cf9baf57e16b73d7a4a99dd0c092870deba1a997
-  SHA256: dfc80e0d468a2c115a902aa332a97e3d279b1fc3d32083e8cf9a4aadf3f54ad1
-  Sections:
-    .text:
-      Entropy: 6.208724506217132
-      Virtual Size: '0x24fe'
-    .rdata:
-      Entropy: 3.5638224258922664
-      Virtual Size: '0xca4'
-    .data:
-      Entropy: 3.0632943566660935
-      Virtual Size: '0x998'
-    PAGE:
-      Entropy: 5.795775488454666
-      Virtual Size: '0x266'
-    INIT:
-      Entropy: 5.304269216190384
-      Virtual Size: '0x55e'
-    .rsrc:
-      Entropy: 3.3520647829946015
-      Virtual Size: '0x440'
-    .reloc:
-      Entropy: 5.8847883106789
-      Virtual Size: '0x3b6'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 8e35c9460537092672b3c7c14bccc7e0
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 7c44f7e093214123e7aee5d72b86f73d
-    SHA1: efa8dbf9a71113aac99ec9915236f4a4eb81711c
-    SHA256: 7adc0785210452664cb684b2c7687589090d31f2a3d0892e8e520145c0799110
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2016 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2016-08-21 16:57:45'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.1.0.0
-  Filename: ''
-  ImportedFunctions:
-  - KeBugCheck
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsProcessType
-  - PsGetProcessImageFileName
-  - PsLookupProcessByProcessId
-  - PsReferencePrimaryToken
-  - ZwOpenProcessTokenEx
-  - IoGetCurrentProcess
-  - ZwSetInformationProcess
-  - ZwClose
-  - ZwDuplicateToken
-  - PsInitialSystemProcess
-  - _vsnwprintf
-  - ObfDereferenceObject
-  - ObOpenObjectByPointer
-  - PsGetProcessId
-  - PsDereferencePrimaryToken
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IoFreeMdl
-  - MmProbeAndLockPages
-  - MmUnlockPages
-  - IoAllocateMdl
-  - ZwUnloadKey
-  - IoEnumerateRegisteredFiltersList
-  - KeBugCheckEx
-  - MmGetSystemRoutineAddress
-  - IoDeleteDevice
-  - RtlInitUnicodeString
-  - NtBuildNumber
-  - RtlCompareMemory
-  - IoDeleteSymbolicLink
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwindEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltEnumerateFilters
-  - FltObjectDereference
-  - FltGetVolumeFromInstance
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: 97264fd62d4907bdac917917a07b3b7a
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.1.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: d45d2640e1584c776a1d10e5f695d7ad
-    SHA1: fef88c261764494d9a145b37b7739f3454786729
-    SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
-  SHA1: 613a9df389ad612a5187632d679da11d60f6046a
-  SHA256: 0f7bfa10075bf5c193345866333d415509433dbfe5a7d45664b88d72216ff7c3
-  Sections:
-    .text:
-      Entropy: 6.134700082776874
-      Virtual Size: '0x321c'
-    .rdata:
-      Entropy: 3.8577998565544873
-      Virtual Size: '0x1248'
-    .data:
-      Entropy: 2.4290980855498043
-      Virtual Size: '0xfa4'
-    .pdata:
-      Entropy: 4.043102684753298
-      Virtual Size: '0x1bc'
-    PAGE:
-      Entropy: 6.0617823350375595
-      Virtual Size: '0x28b'
-    INIT:
-      Entropy: 5.115489588699519
-      Virtual Size: '0x5e6'
-    .rsrc:
-      Entropy: 3.3689651261045475
-      Virtual Size: '0x440'
-    .reloc:
-      Entropy: 4.630994027546385
-      Virtual Size: '0x18e'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows
-      ValidFrom: '2013-06-17 21:43:38'
-      ValidTo: '2014-09-17 21:43:38'
-      Signature: 78269c4b43268afbc7329a21653fdf5427c51d156bd9b2be4fc3ce06c9fe486ad28fa1a55698acc8617733a5d9b68b3f69ab82d8d60857a0cf330434703b2af43b3058eec891f89515a9acf8c29aebdcabc8671630a1d22fa51720ab95393c388e3fbed2d42eca2bce4f3ac03be5be68ecfe7f44a6d3871782abd7cc3f8c22300536bd24a13934474bc0cfc2f1479991b991f328cb5a80d06c1046a9249b8dd8747b3c87e54946f28c0bdf14c042566264fbf9475859b221d0434603ab5f655551437be8eb21192f143d173b042f139ce553888cf0534f9d2f090c1edbf10def827a274afeeba10c2b4725b0628a2722d5f209be4f9e3d2d8104a896df82072d
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 330000002418fc0b689e7399d0000000000024
-      Version: 3
-      TBS:
-        MD5: 28b23b39f3bbd936a26a5b86451be0ac
-        SHA1: 3b16f29295d5a7c323beb479c71d3d20c6b8acc2
-        SHA256: 4383c9a796dc607ddaae1849d8e5d2e7ea211aad2c599fe1e251285ec87dd150
-        SHA384: 4d8c4a1c7eb8555226b15d1b34fa9c92c2350204c694435143fa2f0edfdab81a12bfaf5eb76dd193ce1cb16c5b3530c0
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Production PCA 2011
-      ValidFrom: '2011-10-19 18:41:42'
-      ValidTo: '2026-10-19 18:51:42'
-      Signature: 14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: '61077656000000000008'
-      Version: 3
-      TBS:
-        MD5: 30a3f0b64324ed7f465e7fc618cb69e7
-        SHA1: 002de3561519b662c5e3f5faba1b92c403fb7c41
-        SHA256: 4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146
-        SHA384: 4f9a02c3eac5e83c38074d54c0bf270e03a1d668e0001c9812c509eb08a19075ee778a7630e65598e4608fc66e2d1c66
-    Signer:
-    - SerialNumber: 330000002418fc0b689e7399d0000000000024
-      Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Production PCA 2011
-      Version: 1
-  Imphash: 059c6bd84285f4960e767f032b33f19b
-  LoadsDespiteHVCI: 'TRUE'
-- Authentihash:
-    MD5: 10bed6cc6131bc023d0bd01dd7cc52ca
-    SHA1: afbef1bcc71fdb49b5d68d2b5d764feeb2a241cb
-    SHA256: e171be5cf5cc1f74ec346a1ab0dfaa38c16da6b4265eed710a3faabfc13b9d56
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2020 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2020-09-16 19:34:32'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.2.0.0
-  Filename: ''
-  ImportedFunctions:
-  - KeBugCheck
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsProcessType
-  - PsGetProcessImageFileName
-  - PsLookupProcessByProcessId
-  - PsReferencePrimaryToken
-  - ZwOpenProcessTokenEx
-  - IoGetCurrentProcess
-  - ZwSetInformationProcess
-  - ZwClose
-  - ZwDuplicateToken
-  - PsInitialSystemProcess
-  - _vsnwprintf
-  - ObfDereferenceObject
-  - ObOpenObjectByPointer
-  - PsGetProcessId
-  - PsDereferencePrimaryToken
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IoFreeMdl
-  - MmProbeAndLockPages
-  - MmUnlockPages
-  - IoAllocateMdl
-  - ZwUnloadKey
-  - IoEnumerateRegisteredFiltersList
-  - KeBugCheckEx
-  - MmGetSystemRoutineAddress
-  - IoDeleteDevice
-  - RtlInitUnicodeString
-  - NtBuildNumber
-  - RtlCompareMemory
-  - IoDeleteSymbolicLink
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwindEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltEnumerateFilters
-  - FltObjectDereference
-  - FltGetVolumeFromInstance
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: ba50bd645d7c81416bb26a9d39998296
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.2.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: d45d2640e1584c776a1d10e5f695d7ad
-    SHA1: fef88c261764494d9a145b37b7739f3454786729
-    SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
-  SHA1: 1768f9c780fe7cf66928cfceaef8ed7d985e18f5
-  SHA256: 12b0000698b79ea3c8178b9e87801cc34bad096a151a8779559519deafd4e3f0
-  Sections:
-    .text:
-      Entropy: 6.133976095876382
-      Virtual Size: '0x329c'
-    .rdata:
-      Entropy: 3.8382727344944665
-      Virtual Size: '0x1490'
-    .data:
-      Entropy: 2.1710929957450715
-      Virtual Size: '0x1c54'
-    .pdata:
-      Entropy: 3.9857737110778095
-      Virtual Size: '0x1b0'
-    PAGE:
-      Entropy: 6.058535435224619
-      Virtual Size: '0x28b'
-    INIT:
-      Entropy: 5.119968261124173
-      Virtual Size: '0x5e6'
-    .rsrc:
-      Entropy: 3.3478109419215607
-      Virtual Size: '0x430'
-    .reloc:
-      Entropy: 5.011052354824561
-      Virtual Size: '0x288'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2026-04-13 10:00:00'
-      Signature: 1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 751e3ee9c5dc2f3e8f04e59dee5ed409
-      Version: 3
-      TBS:
-        MD5: a637f8f3c278575f41cda67c2063c050
-        SHA1: debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
-        SHA256: f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
-        SHA384: 8d32c5f71dc656c96a04609c17e9d8dc95c4f56d1a55165a265e244d34a3f7708e6c7d942376e4fbb3d2ac2f2609fd47
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 059c6bd84285f4960e767f032b33f19b
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 79fbc7ad35a38f5f4ed01ebde1ce2790
-    SHA1: a503de77ec0f43661e570cc58214112abe7dbe31
-    SHA256: 09d6169da055725274a8c53c3139baff8ceef52346e5a910e735bb17f634f8bb
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2014 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2014-06-27 15:08:09'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.0.0.0
-  Filename: ''
-  ImportedFunctions:
-  - KeBugCheck
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsInitialSystemProcess
-  - ObfDereferenceObject
-  - PsLookupProcessByProcessId
-  - PsGetProcessImageFileName
-  - PsGetProcessId
-  - ZwClose
-  - ZwSetInformationProcess
-  - ZwDuplicateToken
-  - ObOpenObjectByPointer
-  - PsProcessType
-  - PsDereferencePrimaryToken
-  - PsReferencePrimaryToken
-  - IofCompleteRequest
-  - RtlCompareMemory
-  - ZwOpenProcessTokenEx
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - IoFreeMdl
-  - MmUnlockPages
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - memcpy
-  - KeServiceDescriptorTable
-  - MmGetSystemRoutineAddress
-  - RtlInitUnicodeString
-  - IoEnumerateRegisteredFiltersList
-  - KeTickCount
-  - NtBuildNumber
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - memset
-  - IoGetCurrentProcess
-  - _vsnwprintf
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwind
-  - KeBugCheckEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltGetVolumeFromInstance
-  - FltObjectDereference
-  - FltEnumerateFilters
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: c62209b8a5daf3f32ad876ad6cefda1b
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.0.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: c4873a245675b1071413f34af4d80050
-    SHA1: dd32c95fe9c3a8bcfa7623a732f2492214ff5881
-    SHA256: 2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
-  SHA1: e3a1e7ce9e9452966885371e4c7fb48a2efdef22
-  SHA256: 0f58e09651d48d2b1bcec7b9f7bb85a2d1a7b65f7a51db281fe0c4f058a48597
-  Sections:
-    .text:
-      Entropy: 6.195574811483624
-      Virtual Size: '0x2258'
-    .rdata:
-      Entropy: 3.5754296036332027
-      Virtual Size: '0xc34'
-    .data:
-      Entropy: 3.072428037253572
-      Virtual Size: '0x984'
-    PAGE:
-      Entropy: 5.80042492326293
-      Virtual Size: '0x266'
-    INIT:
-      Entropy: 5.310271971506795
-      Virtual Size: '0x538'
-    .rsrc:
-      Entropy: 3.3520647829946015
-      Virtual Size: '0x440'
-    .reloc:
-      Entropy: 5.848091578092837
-      Virtual Size: '0x380'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 3866dd9fe63de457bdbf893bf7050ddf
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 6135004699b7dabc0f715f178f7d72ff
-    SHA1: 3f0dcaca0faea3fc58d94e247453e409ff3a116d
-    SHA256: 7442192141d056cef53a570d072759a648393be52019f32e93ccb7aec5715feb
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2017 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2017-02-25 18:17:16'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.1.0.0
-  Filename: ''
-  ImportedFunctions:
-  - KeBugCheck
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsProcessType
-  - PsGetProcessImageFileName
-  - PsLookupProcessByProcessId
-  - PsReferencePrimaryToken
-  - ZwOpenProcessTokenEx
-  - IoGetCurrentProcess
-  - ZwSetInformationProcess
-  - ZwClose
-  - ZwDuplicateToken
-  - PsInitialSystemProcess
-  - _vsnwprintf
-  - ObfDereferenceObject
-  - ObOpenObjectByPointer
-  - PsGetProcessId
-  - PsDereferencePrimaryToken
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IoFreeMdl
-  - MmProbeAndLockPages
-  - MmUnlockPages
-  - IoAllocateMdl
-  - ZwUnloadKey
-  - IoEnumerateRegisteredFiltersList
-  - KeBugCheckEx
-  - MmGetSystemRoutineAddress
-  - IoDeleteDevice
-  - RtlInitUnicodeString
-  - NtBuildNumber
-  - RtlCompareMemory
-  - IoDeleteSymbolicLink
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwindEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltEnumerateFilters
-  - FltObjectDereference
-  - FltGetVolumeFromInstance
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: bbdbffebfc753b11897de2da7c9912a5
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.1.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: d45d2640e1584c776a1d10e5f695d7ad
-    SHA1: fef88c261764494d9a145b37b7739f3454786729
-    SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
-  SHA1: f11188c540eada726766e0b0b2f9dd3ae2679c61
-  SHA256: 5295080de37d4838e15dec4e3682545033d479d3d9ac28d74747c086559fb968
-  Sections:
-    .text:
-      Entropy: 6.14362601153889
-      Virtual Size: '0x318c'
-    .rdata:
-      Entropy: 3.858306398040601
-      Virtual Size: '0x1300'
-    .data:
-      Entropy: 2.3976266531821224
-      Virtual Size: '0x1144'
-    .pdata:
-      Entropy: 4.043975650731326
-      Virtual Size: '0x1b0'
-    PAGE:
-      Entropy: 6.070426661582891
-      Virtual Size: '0x28b'
-    INIT:
-      Entropy: 5.119968261124173
-      Virtual Size: '0x5e6'
-    .rsrc:
-      Entropy: 3.370803361398665
-      Virtual Size: '0x440'
-    .reloc:
-      Entropy: 4.657997051970539
-      Virtual Size: '0x1b6'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 059c6bd84285f4960e767f032b33f19b
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: ef7cfe93066557d08cb2999af137bed7
-    SHA1: 9ab8ec77be802ff1cea9c129338b291a48c50cbb
-    SHA256: 68191d76aaafb52bbec5240c3b371e7dd77ff442b4a3394b41cc402402b43717
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2020 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2020-02-29 03:13:31'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.2.0.0
-  Filename: ''
-  ImportedFunctions:
-  - KeBugCheck
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsProcessType
-  - PsGetProcessImageFileName
-  - PsLookupProcessByProcessId
-  - PsReferencePrimaryToken
-  - ZwOpenProcessTokenEx
-  - IoGetCurrentProcess
-  - ZwSetInformationProcess
-  - ZwClose
-  - ZwDuplicateToken
-  - PsInitialSystemProcess
-  - _vsnwprintf
-  - ObfDereferenceObject
-  - ObOpenObjectByPointer
-  - PsGetProcessId
-  - PsDereferencePrimaryToken
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IoFreeMdl
-  - MmProbeAndLockPages
-  - MmUnlockPages
-  - IoAllocateMdl
-  - ZwUnloadKey
-  - IoEnumerateRegisteredFiltersList
-  - KeBugCheckEx
-  - MmGetSystemRoutineAddress
-  - IoDeleteDevice
-  - RtlInitUnicodeString
-  - NtBuildNumber
-  - RtlCompareMemory
-  - IoDeleteSymbolicLink
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwindEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltEnumerateFilters
-  - FltObjectDereference
-  - FltGetVolumeFromInstance
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: c8541a9cef64589593e999968a0385b9
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.2.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: d45d2640e1584c776a1d10e5f695d7ad
-    SHA1: fef88c261764494d9a145b37b7739f3454786729
-    SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
-  SHA1: fe18c58fbd0a83d67920e037d522c176704d2ca3
-  SHA256: f9b01406864ab081aa77eef4ad15cb2dd2f830d1ef54f52622a59ff1aeb05ba5
-  Sections:
-    .text:
-      Entropy: 6.135433819899731
-      Virtual Size: '0x325c'
-    .rdata:
-      Entropy: 3.8405820282686713
-      Virtual Size: '0x1450'
-    .data:
-      Entropy: 2.2159905775744044
-      Virtual Size: '0x1934'
-    .pdata:
-      Entropy: 4.038755197475624
-      Virtual Size: '0x1b0'
-    PAGE:
-      Entropy: 6.068036657482388
-      Virtual Size: '0x28b'
-    INIT:
-      Entropy: 5.119968261124173
-      Virtual Size: '0x5e6'
-    .rsrc:
-      Entropy: 3.3478109419215607
-      Virtual Size: '0x430'
-    .reloc:
-      Entropy: 4.901711830072888
-      Virtual Size: '0x24c'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2026-04-13 10:00:00'
-      Signature: 1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 751e3ee9c5dc2f3e8f04e59dee5ed409
-      Version: 3
-      TBS:
-        MD5: a637f8f3c278575f41cda67c2063c050
-        SHA1: debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
-        SHA256: f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
-        SHA384: 8d32c5f71dc656c96a04609c17e9d8dc95c4f56d1a55165a265e244d34a3f7708e6c7d942376e4fbb3d2ac2f2609fd47
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 059c6bd84285f4960e767f032b33f19b
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 840e82da743d5e920ec6c58e886871b7
-    SHA1: 35821d20b94cc169da1bd4e325f349f46d13a6df
-    SHA256: 6c9f431814cd58365468ac63ba8b6693c3dd2a2b3ef37b23e5d80d75083b784d
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2017 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2018-02-04 18:08:35'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.1.1.0
-  Filename: ''
-  ImportedFunctions:
-  - KeBugCheck
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsProcessType
-  - PsGetProcessImageFileName
-  - PsLookupProcessByProcessId
-  - PsReferencePrimaryToken
-  - ZwOpenProcessTokenEx
-  - IoGetCurrentProcess
-  - ZwSetInformationProcess
-  - ZwClose
-  - ZwDuplicateToken
-  - PsInitialSystemProcess
-  - _vsnwprintf
-  - ObfDereferenceObject
-  - ObOpenObjectByPointer
-  - PsGetProcessId
-  - PsDereferencePrimaryToken
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IoFreeMdl
-  - MmProbeAndLockPages
-  - MmUnlockPages
-  - IoAllocateMdl
-  - ZwUnloadKey
-  - IoEnumerateRegisteredFiltersList
-  - KeBugCheckEx
-  - MmGetSystemRoutineAddress
-  - IoDeleteDevice
-  - RtlInitUnicodeString
-  - NtBuildNumber
-  - RtlCompareMemory
-  - IoDeleteSymbolicLink
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwindEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltEnumerateFilters
-  - FltObjectDereference
-  - FltGetVolumeFromInstance
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: 36f44643178c505ea0384e0fb241e904
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.1.1.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: d45d2640e1584c776a1d10e5f695d7ad
-    SHA1: fef88c261764494d9a145b37b7739f3454786729
-    SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
-  SHA1: 0fe2d22bd2e6b7874f4f2b6279e2ca05edd1222a
-  SHA256: 8206ce9c42582ac980ff5d64f8e3e310bc2baa42d1a206dd831c6ab397fbd8fe
-  Sections:
-    .text:
-      Entropy: 6.144037436753497
-      Virtual Size: '0x31dc'
-    .rdata:
-      Entropy: 3.843316204566198
-      Virtual Size: '0x1390'
-    .data:
-      Entropy: 2.313119440407077
-      Virtual Size: '0x1494'
-    .pdata:
-      Entropy: 3.990039715462728
-      Virtual Size: '0x1b0'
-    PAGE:
-      Entropy: 6.084557222001841
-      Virtual Size: '0x28b'
-    INIT:
-      Entropy: 5.119968261124173
-      Virtual Size: '0x5e6'
-    .rsrc:
-      Entropy: 3.382946098314487
-      Virtual Size: '0x440'
-    .reloc:
-      Entropy: 4.8001308386334935
-      Virtual Size: '0x1f2'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority,
-        CN=Certum Code Signing CA SHA2
-      ValidFrom: '2015-10-29 11:30:29'
-      ValidTo: '2027-06-09 11:30:29'
-      Signature: aae53f7654024c700e29a93996060f31b70bf1a68b52fb108f4f425b8cbd312301669de829a14dc350faf7f8450e1d82d7fcfea6320473fd71eccc880fa39208c5815802fd0b693bcdb83f493dd08d1c1314682e9b0d9aadb019e29ed27c3977886f23fd7b84fc446db5ba6b7092556c94b1d837fda9591db463b2dc13cd788e2535c19a8f37842ed445cce3f5cc8d73a8e33a6de7959470579150b66def73724f2f028760e2ea22a1ed3efdd18b668d2e726d4fc65d35ee93a898d2676ae9da19cd0283f974fc5f7a1804281edd22333b766c47055dd552fe0eba76f38310c76e305fa760c7fa7427319b2883ed218a1bf1235284ed95bcad3aa5a342019dbc
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 6b326a0f0328d37a1d530bfd23bd48e2
-      Version: 3
-      TBS:
-        MD5: e556c75dbca00e43684d23c11c032d4a
-        SHA1: 50925e36ffd52e5b4d32689e9007b14a3a417168
-        SHA256: f7b6eeb3a567223000a61f68c53b458193557c17e5d512d2825bcb13e5fc9be5
-        SHA384: 57f1cdd3afe0bd7859ab450dbdf6e21a55cf5ba0dda62b9b3c12f2d885d98413ce6817243f6bb83cd77276643369ecbf
-    - Subject: C=FR, O=Open Source Developer, ST=Ile de France, CN=Open Source Developer,
-        Benjamin Delpy, emailAddress=benjamin@gentilkiwi.com
-      ValidFrom: '2017-12-04 09:50:34'
-      ValidTo: '2018-12-04 09:50:34'
-      Signature: a671cf049079a759f4c1fa73dd7f3b3b84da6480a91a3c1a9d6d3bb1313d6714d14272b477c37a86b88a686344dcfd89c8af3a34deaaa5bab970adfa66c5ff206b22ef1954ccbf6b96fdf0f99e9066557fefbb5ddc55aa2a2891181d1a27b06acb79380b618344bd202361fb0399a7e6e6ccbcfa714265fa054e373261efaf6b74bc7e4c7994bcb832d61b3c573d2ec8c3926afb60d4b63428112dd6249c2a49cfded8fa33893fb2d452b135ad57be1ff7956825861e1fd53dfbc0cef82045fd699ebeb74230abfbac20467f087f6e7e2b19f0f961ea2f015c2e54e653507f9966193658afc237778e12001f05e1c6e0ec13d9574718593a2f2484cff950e019
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 1519af351702ab2d86968d0be928f529
-      Version: 3
-      TBS:
-        MD5: 7227ed4392de49333e052f8f17c41f69
-        SHA1: e019d8060f65cc923dab50ea282fb8895c1c75f9
-        SHA256: eee437f4170a21f7de0e590620ff2a9412f89af95e87589d0e5a1cca17f61825
-        SHA384: a5f32361dfa3828aebf139cb1017bba83111e1ce2c5dbd126751a1e7d8f19f3fb838926fc118e423fbe07187e84efc2b
-    - Subject: C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority,
-        CN=Certum Trusted Network CA
-      ValidFrom: '2011-04-15 20:15:34'
-      ValidTo: '2021-04-15 20:25:34'
-      Signature: 419f12160eedee2491fe5d5f10a097a8749e0dccf3115163122a5bb95dc7afac5aa25c0002cb728e0d9225b6522653be3c77a2c28c8089d84118571ab8d05057c328e7fad044804e7e8933286f3a47ef5e231ef27afe3a2a19dead6b1a2847786e9bbfeb7367589a2719d8eb5c3d085860629d5914cf9e76b3cfd962af7b72ac80f9e015ab9c7a5c4b1c7083db7094117bd22a4c7734dc36cccd46d40b198c09f6610ade481c9b3fff0b43d7f1018061abda70cfa78444acb31cce2630f5ca5f696735836ea3888c0fb8939bd65b0615e64b7db950ab09e07b2beb4c1a6bba1cca791bc59f81bde443f02de195d5a166076ce6e5456e060bdbf5bc4395b88aa50555e59668ac1d31db3804bc1c3db61975d1b5802a821e385c4676256c4d8b7483544375e77bb395bfee13609e0ecdfbcaf73a2a52a0a625497a17193ae8941f2c8204035ea9513cef526f7b43ceda2b81b47fda1a2c6265d1ec2837823014319d15bdffacc88b256e41bd1f23741be3fcf94be2eb46e68151530ec94a84788deca8b80f8d4c7fe0f6b0d2c538b24f82c410fe87b88ec6b6b0f87c12a7b4834dfc1e8b6a5bf9d564793ed1e37e1af6c81e59db4dca605c577ea25877ecfa05260032a7f6ff134e98d86f5b434cb336e425bcd93b9f38e00ee9be81e6c91f0f022f8d3a1288a88e1bb1e776913e18de361228fef766557c5bd464487452c32189
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 613bc791000000000034
-      Version: 3
-      TBS:
-        MD5: f5f0d604dd56b0446f98fb67e98a76f8
-        SHA1: c749c146cc00030ff36ecf9b698e6a377bc15605
-        SHA256: df5dacc623d44348fff0bc8ebe2cedc8ba212e33c6f10d7fd608f37f92a2c273
-        SHA384: c394dc13768746f008b4ffa082d6e8a2e55a83052d63e3c0a8f2fcfc30dcd51849afd21b0adf86bc50490629a89da09b
-    Signer:
-    - SerialNumber: 1519af351702ab2d86968d0be928f529
-      Issuer: C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority,
-        CN=Certum Code Signing CA SHA2
-      Version: 1
-  Imphash: 059c6bd84285f4960e767f032b33f19b
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 99d62e5e26044dacaaac903ab3a29ecc
-    SHA1: ff2357a79966d2dd53574098670b2e03e4969786
-    SHA256: 1425075f7a3f009f703ca8d5bbbfe2cfbc1a7de7f5e17d50708ba99dc0f668ff
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2016 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2016-10-05 12:44:52'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.1.0.0
-  Filename: ''
-  ImportedFunctions:
-  - KeBugCheck
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsProcessType
-  - PsGetProcessImageFileName
-  - PsLookupProcessByProcessId
-  - PsReferencePrimaryToken
-  - ZwOpenProcessTokenEx
-  - IoGetCurrentProcess
-  - ZwSetInformationProcess
-  - ZwClose
-  - ZwDuplicateToken
-  - PsInitialSystemProcess
-  - _vsnwprintf
-  - ObfDereferenceObject
-  - ObOpenObjectByPointer
-  - PsGetProcessId
-  - PsDereferencePrimaryToken
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IoFreeMdl
-  - MmProbeAndLockPages
-  - MmUnlockPages
-  - IoAllocateMdl
-  - ZwUnloadKey
-  - IoEnumerateRegisteredFiltersList
-  - KeBugCheckEx
-  - MmGetSystemRoutineAddress
-  - IoDeleteDevice
-  - RtlInitUnicodeString
-  - NtBuildNumber
-  - RtlCompareMemory
-  - IoDeleteSymbolicLink
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwindEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltEnumerateFilters
-  - FltObjectDereference
-  - FltGetVolumeFromInstance
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: aeb0801f22d71c7494e884d914446751
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.1.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: d45d2640e1584c776a1d10e5f695d7ad
-    SHA1: fef88c261764494d9a145b37b7739f3454786729
-    SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
-  SHA1: 3d2309f7c937bfcae86097d716a8ef66c1337a3c
-  SHA256: 818787057fc60ac8b957aa37d750aa4bace8e6a07d3d28b070022ee6dcd603ab
-  Sections:
-    .text:
-      Entropy: 6.134700082776874
-      Virtual Size: '0x321c'
-    .rdata:
-      Entropy: 3.8566788058686754
-      Virtual Size: '0x1248'
-    .data:
-      Entropy: 2.4290980855498043
-      Virtual Size: '0xfa4'
-    .pdata:
-      Entropy: 4.043102684753298
-      Virtual Size: '0x1bc'
-    PAGE:
-      Entropy: 6.0617823350375595
-      Virtual Size: '0x28b'
-    INIT:
-      Entropy: 5.115489588699519
-      Virtual Size: '0x5e6'
-    .rsrc:
-      Entropy: 3.3689651261045475
-      Virtual Size: '0x440'
-    .reloc:
-      Entropy: 4.630994027546385
-      Virtual Size: '0x18e'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 059c6bd84285f4960e767f032b33f19b
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: da5e0364a0da94a77183c42078b9cad3
-    SHA1: dcd9b05df79e212836be6563fa6870d9814a6d06
-    SHA256: 26908983e18b807894909d11d6d0fa2d8fbe7544b61184267851c2a839f3b306
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2015 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2015-10-08 16:32:53'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.0.0.0
-  Filename: ''
-  ImportedFunctions:
-  - KeBugCheck
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsInitialSystemProcess
-  - ObfDereferenceObject
-  - PsLookupProcessByProcessId
-  - PsGetProcessImageFileName
-  - PsGetProcessId
-  - ZwClose
-  - ZwSetInformationProcess
-  - ZwDuplicateToken
-  - ObOpenObjectByPointer
-  - PsProcessType
-  - PsDereferencePrimaryToken
-  - PsReferencePrimaryToken
-  - IofCompleteRequest
-  - RtlCompareMemory
-  - ZwOpenProcessTokenEx
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - IoFreeMdl
-  - MmUnlockPages
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - memcpy
-  - KeServiceDescriptorTable
-  - MmGetSystemRoutineAddress
-  - RtlInitUnicodeString
-  - PsSetCreateProcessNotifyRoutine
-  - IoEnumerateRegisteredFiltersList
-  - KeTickCount
-  - NtBuildNumber
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - memset
-  - IoGetCurrentProcess
-  - _vsnwprintf
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwind
-  - KeBugCheckEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltGetVolumeFromInstance
-  - FltObjectDereference
-  - FltEnumerateFilters
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: 968ddb06af90ef83c5f20fbdd4eee62e
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.0.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 8665c9d64e9ce611e8da04f59bef5a6b
-    SHA1: 68ce0ee056b5baefb1f65c7e665bb2867f59007d
-    SHA256: 2c3b58420079e8105ce61febc1234fb9f14a5596a25bc2da1bc2e94d89069cab
-  SHA1: da970a01cecff33a99c217a42297cec4d1fe66d6
-  SHA256: 28f5aa194a384680a08c0467e94a8fc40f8b0f3f2ac5deb42e0f51a80d27b553
-  Sections:
-    .text:
-      Entropy: 6.202808580330778
-      Virtual Size: '0x250e'
-    .rdata:
-      Entropy: 3.5600480296725334
-      Virtual Size: '0xda4'
-    .data:
-      Entropy: 3.090178215836175
-      Virtual Size: '0xb08'
-    PAGE:
-      Entropy: 5.780138321942911
-      Virtual Size: '0x266'
-    INIT:
-      Entropy: 5.303621700268906
-      Virtual Size: '0x55e'
-    .rsrc:
-      Entropy: 3.3553824672541936
-      Virtual Size: '0x440'
-    .reloc:
-      Entropy: 5.956839106739942
-      Virtual Size: '0x3d4'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 8e35c9460537092672b3c7c14bccc7e0
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: e387a7fa0974fb08a31a89b56971fc73
-    SHA1: 6402aa89aae254757c4875a2f26b21b84d8dbf19
-    SHA256: 9718a5e78f5015a7a9f66c33ae31a6df37535f33039380c6edc103e3a9dbc5ab
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2015 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2015-10-08 16:33:10'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.0.0.0
-  Filename: ''
-  ImportedFunctions:
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsProcessType
-  - PsGetProcessImageFileName
-  - PsLookupProcessByProcessId
-  - PsReferencePrimaryToken
-  - ZwOpenProcessTokenEx
-  - IoGetCurrentProcess
-  - ZwSetInformationProcess
-  - ZwClose
-  - ZwDuplicateToken
-  - PsInitialSystemProcess
-  - RtlCompareMemory
-  - ObfDereferenceObject
-  - IofCompleteRequest
-  - PsGetProcessId
-  - PsDereferencePrimaryToken
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IoFreeMdl
-  - MmProbeAndLockPages
-  - MmUnlockPages
-  - IoAllocateMdl
-  - ZwUnloadKey
-  - RtlInitUnicodeString
-  - MmGetSystemRoutineAddress
-  - PsSetCreateProcessNotifyRoutine
-  - IoEnumerateRegisteredFiltersList
-  - KeBugCheckEx
-  - KeBugCheck
-  - _vsnwprintf
-  - IoDeleteDevice
-  - NtBuildNumber
-  - ObOpenObjectByPointer
-  - IoDeleteSymbolicLink
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwindEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltEnumerateFilters
-  - FltObjectDereference
-  - FltGetVolumeFromInstance
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: f209cb0e468ca0b76d879859d5c8c54e
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.0.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 94bfa9368ea43c71afa29bad9fc60535
-    SHA1: d8e5ebd3ca141f00753a138144cd1319d755858b
-    SHA256: 5c236619ead1fde5073ecb323d1c2701a7c522489118cee4ffb4ccf14efc355f
-  SHA1: ba430f3c77e58a4dc1a9a9619457d1c45a19617f
-  SHA256: 7824931e55249a501074a258b4f65cd66157ee35672ba17d1c0209f5b0384a28
-  Sections:
-    .text:
-      Entropy: 6.1491487342367845
-      Virtual Size: '0x342c'
-    .rdata:
-      Entropy: 3.882619640221585
-      Virtual Size: '0x121c'
-    .data:
-      Entropy: 2.603720407225135
-      Virtual Size: '0xe7c'
-    .pdata:
-      Entropy: 4.029672285693752
-      Virtual Size: '0x1d4'
-    PAGE:
-      Entropy: 6.075319996890446
-      Virtual Size: '0x28b'
-    INIT:
-      Entropy: 5.107085003103007
-      Virtual Size: '0x610'
-    .rsrc:
-      Entropy: 3.3560762976789764
-      Virtual Size: '0x440'
-    .reloc:
-      Entropy: 4.483127055768285
-      Virtual Size: '0x172'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: caa08a0ba5f679b1e5bbae747cb9d626
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: c8a52f07d72bf397b5b4141120c35370
-    SHA1: 5514398b1ab545178f0e89f20a846d1845f00ccb
-    SHA256: 0713a541b70f58bbcd1807c69ae855e9ce041b807e34978df6c1e9357c53acef
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2020 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2020-09-18 11:18:22'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.2.0.0
-  Filename: ''
-  ImportedFunctions:
-  - KeBugCheck
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsProcessType
-  - PsGetProcessImageFileName
-  - PsLookupProcessByProcessId
-  - PsReferencePrimaryToken
-  - ZwOpenProcessTokenEx
-  - IoGetCurrentProcess
-  - ZwSetInformationProcess
-  - ZwClose
-  - ZwDuplicateToken
-  - PsInitialSystemProcess
-  - _vsnwprintf
-  - ObfDereferenceObject
-  - ObOpenObjectByPointer
-  - PsGetProcessId
-  - PsDereferencePrimaryToken
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IoFreeMdl
-  - MmProbeAndLockPages
-  - MmUnlockPages
-  - IoAllocateMdl
-  - ZwUnloadKey
-  - IoEnumerateRegisteredFiltersList
-  - KeBugCheckEx
-  - MmGetSystemRoutineAddress
-  - IoDeleteDevice
-  - RtlInitUnicodeString
-  - NtBuildNumber
-  - RtlCompareMemory
-  - IoDeleteSymbolicLink
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwindEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltEnumerateFilters
-  - FltObjectDereference
-  - FltGetVolumeFromInstance
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: 157a22689629ec876337f5f9409918d5
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.2.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: d45d2640e1584c776a1d10e5f695d7ad
-    SHA1: fef88c261764494d9a145b37b7739f3454786729
-    SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
-  SHA1: e38e1efd98cd8a3cdb327d386db8df79ea08dccc
-  SHA256: d43520128871c83b904f3136542ea46644ac81a62d51ae9d3c3a3f32405aad96
-  Sections:
-    .text:
-      Entropy: 6.133976095876382
-      Virtual Size: '0x329c'
-    .rdata:
-      Entropy: 3.83695828167843
-      Virtual Size: '0x1490'
-    .data:
-      Entropy: 2.1710929957450715
-      Virtual Size: '0x1c54'
-    .pdata:
-      Entropy: 3.9857737110778095
-      Virtual Size: '0x1b0'
-    PAGE:
-      Entropy: 6.058535435224619
-      Virtual Size: '0x28b'
-    INIT:
-      Entropy: 5.119968261124173
-      Virtual Size: '0x5e6'
-    .rsrc:
-      Entropy: 3.3478109419215607
-      Virtual Size: '0x430'
-    .reloc:
-      Entropy: 5.011052354824561
-      Virtual Size: '0x288'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2026-04-13 10:00:00'
-      Signature: 1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 751e3ee9c5dc2f3e8f04e59dee5ed409
-      Version: 3
-      TBS:
-        MD5: a637f8f3c278575f41cda67c2063c050
-        SHA1: debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
-        SHA256: f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
-        SHA384: 8d32c5f71dc656c96a04609c17e9d8dc95c4f56d1a55165a265e244d34a3f7708e6c7d942376e4fbb3d2ac2f2609fd47
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 059c6bd84285f4960e767f032b33f19b
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 61a1629865ee95256784f3d2dc588eee
-    SHA1: af9b01fd7d495f9003320b271bd2cd615b6aa990
-    SHA256: bdd173909efc3bb3c5d216ea0fd9ec5e935c2572ef48973eeb0917b733ff754c
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2017 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2017-03-19 08:07:51'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.1.0.0
-  Filename: ''
-  ImportedFunctions:
-  - KeBugCheck
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsProcessType
-  - PsGetProcessImageFileName
-  - PsLookupProcessByProcessId
-  - PsReferencePrimaryToken
-  - ZwOpenProcessTokenEx
-  - IoGetCurrentProcess
-  - ZwSetInformationProcess
-  - ZwClose
-  - ZwDuplicateToken
-  - PsInitialSystemProcess
-  - _vsnwprintf
-  - ObfDereferenceObject
-  - ObOpenObjectByPointer
-  - PsGetProcessId
-  - PsDereferencePrimaryToken
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IoFreeMdl
-  - MmProbeAndLockPages
-  - MmUnlockPages
-  - IoAllocateMdl
-  - ZwUnloadKey
-  - IoEnumerateRegisteredFiltersList
-  - KeBugCheckEx
-  - MmGetSystemRoutineAddress
-  - IoDeleteDevice
-  - RtlInitUnicodeString
-  - NtBuildNumber
-  - RtlCompareMemory
-  - IoDeleteSymbolicLink
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwindEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltEnumerateFilters
-  - FltObjectDereference
-  - FltGetVolumeFromInstance
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: 6e625ec04c20a9dbd48c7060efbf5e92
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.1.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: d45d2640e1584c776a1d10e5f695d7ad
-    SHA1: fef88c261764494d9a145b37b7739f3454786729
-    SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
-  SHA1: 07f282db28771838d0e75d6618f70d76acfe6082
-  SHA256: c8ae217860f793fce3ad0239d7b357dba562824dd7177c9d723ca4d4a7f99a12
-  Sections:
-    .text:
-      Entropy: 6.14362601153889
-      Virtual Size: '0x318c'
-    .rdata:
-      Entropy: 3.8581084256854474
-      Virtual Size: '0x1300'
-    .data:
-      Entropy: 2.3976266531821224
-      Virtual Size: '0x1144'
-    .pdata:
-      Entropy: 4.043975650731326
-      Virtual Size: '0x1b0'
-    PAGE:
-      Entropy: 6.070426661582891
-      Virtual Size: '0x28b'
-    INIT:
-      Entropy: 5.119968261124173
-      Virtual Size: '0x5e6'
-    .rsrc:
-      Entropy: 3.370803361398665
-      Virtual Size: '0x440'
-    .reloc:
-      Entropy: 4.657997051970539
-      Virtual Size: '0x1b6'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 059c6bd84285f4960e767f032b33f19b
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: a8b213ca94c0e3ec1a7f7adec23a28b5
-    SHA1: 9a5372857a976684be6662228f00cb778240cad5
-    SHA256: e1b3a3a67599aae12c073ba5ca0928c2c316d438c2b5462194c97687dda64903
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2020 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2020-08-04 06:00:00'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.2.0.0
-  Filename: ''
-  ImportedFunctions:
-  - KeBugCheck
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsProcessType
-  - PsGetProcessImageFileName
-  - PsLookupProcessByProcessId
-  - PsReferencePrimaryToken
-  - ZwOpenProcessTokenEx
-  - IoGetCurrentProcess
-  - ZwSetInformationProcess
-  - ZwClose
-  - ZwDuplicateToken
-  - PsInitialSystemProcess
-  - _vsnwprintf
-  - ObfDereferenceObject
-  - ObOpenObjectByPointer
-  - PsGetProcessId
-  - PsDereferencePrimaryToken
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IoFreeMdl
-  - MmProbeAndLockPages
-  - MmUnlockPages
-  - IoAllocateMdl
-  - ZwUnloadKey
-  - IoEnumerateRegisteredFiltersList
-  - KeBugCheckEx
-  - MmGetSystemRoutineAddress
-  - IoDeleteDevice
-  - RtlInitUnicodeString
-  - NtBuildNumber
-  - RtlCompareMemory
-  - IoDeleteSymbolicLink
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwindEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltEnumerateFilters
-  - FltObjectDereference
-  - FltGetVolumeFromInstance
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: d34b218c386bfe8b1f9c941e374418d7
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.2.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: d45d2640e1584c776a1d10e5f695d7ad
-    SHA1: fef88c261764494d9a145b37b7739f3454786729
-    SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
-  SHA1: 025c4e1a9c58bf10be99f6562476b7a0166c6b86
-  SHA256: 082a79311da64b6adc3655e79aa090a9262acaac3b917a363b9571f520a17f6a
-  Sections:
-    .text:
-      Entropy: 6.133976095876382
-      Virtual Size: '0x329c'
-    .rdata:
-      Entropy: 3.837149358882627
-      Virtual Size: '0x1490'
-    .data:
-      Entropy: 2.1710929957450715
-      Virtual Size: '0x1c54'
-    .pdata:
-      Entropy: 3.9857737110778095
-      Virtual Size: '0x1b0'
-    PAGE:
-      Entropy: 6.058535435224619
-      Virtual Size: '0x28b'
-    INIT:
-      Entropy: 5.119968261124173
-      Virtual Size: '0x5e6'
-    .rsrc:
-      Entropy: 3.3478109419215607
-      Virtual Size: '0x430'
-    .reloc:
-      Entropy: 5.011052354824561
-      Virtual Size: '0x288'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2026-04-13 10:00:00'
-      Signature: 1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 751e3ee9c5dc2f3e8f04e59dee5ed409
-      Version: 3
-      TBS:
-        MD5: a637f8f3c278575f41cda67c2063c050
-        SHA1: debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
-        SHA256: f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
-        SHA384: 8d32c5f71dc656c96a04609c17e9d8dc95c4f56d1a55165a265e244d34a3f7708e6c7d942376e4fbb3d2ac2f2609fd47
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 059c6bd84285f4960e767f032b33f19b
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 21f52d165d7ecec822ad4db476abc497
-    SHA1: a4ba5483cb66bb55d3523f03b4abf35e8641cdfb
-    SHA256: 0fe7b0aaeb4b93840492f7d299a5ac481feb74296afcda1da4214db40856f003
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2020 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2020-02-08 04:26:05'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.2.0.0
-  Filename: ''
-  ImportedFunctions:
-  - NtBuildNumber
-  - IofCompleteRequest
-  - KeBugCheck
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsInitialSystemProcess
-  - ObfDereferenceObject
-  - PsLookupProcessByProcessId
-  - PsGetProcessImageFileName
-  - PsGetProcessId
-  - ZwClose
-  - ZwSetInformationProcess
-  - ZwDuplicateToken
-  - ObOpenObjectByPointer
-  - PsProcessType
-  - RtlInitUnicodeString
-  - PsReferencePrimaryToken
-  - IoGetCurrentProcess
-  - RtlCompareMemory
-  - ZwOpenProcessTokenEx
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - IoFreeMdl
-  - MmUnlockPages
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - memcpy
-  - KeServiceDescriptorTable
-  - IoEnumerateRegisteredFiltersList
-  - KeTickCount
-  - MmGetSystemRoutineAddress
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - memset
-  - PsDereferencePrimaryToken
-  - _vsnwprintf
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwind
-  - KeBugCheckEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltGetVolumeFromInstance
-  - FltObjectDereference
-  - FltEnumerateFilters
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: 0308b6888e0f197db6704ca20203eee4
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.2.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: c4873a245675b1071413f34af4d80050
-    SHA1: dd32c95fe9c3a8bcfa7623a732f2492214ff5881
-    SHA256: 2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
-  SHA1: 39169c9b79502251ca2155c8f1cd7e63fd9a42e9
-  SHA256: ac5fb90e88d8870cd5569e661bea98cf6b001d83ab7c65a5196ea3743146939a
-  Sections:
-    .text:
-      Entropy: 6.2035733322045745
-      Virtual Size: '0x23f4'
-    .rdata:
-      Entropy: 3.571768381548083
-      Virtual Size: '0xed4'
-    .data:
-      Entropy: 2.8516013173925066
-      Virtual Size: '0x1264'
-    PAGE:
-      Entropy: 5.795549160299263
-      Virtual Size: '0x266'
-    INIT:
-      Entropy: 5.429489696991249
-      Virtual Size: '0x538'
-    .rsrc:
-      Entropy: 3.3459452702797696
-      Virtual Size: '0x430'
-    .reloc:
-      Entropy: 5.93822728458253
-      Virtual Size: '0x464'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2026-04-13 10:00:00'
-      Signature: 1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 751e3ee9c5dc2f3e8f04e59dee5ed409
-      Version: 3
-      TBS:
-        MD5: a637f8f3c278575f41cda67c2063c050
-        SHA1: debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
-        SHA256: f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
-        SHA384: 8d32c5f71dc656c96a04609c17e9d8dc95c4f56d1a55165a265e244d34a3f7708e6c7d942376e4fbb3d2ac2f2609fd47
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 3b49942ec6cef1898e97f741b2b5df8a
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 9be199eb75e20575da83510649a2cbc8
-    SHA1: 48dfc07c244e3fbf0f5b84ad4c03e103660fe6ee
-    SHA256: 29a04c696d544e36b5b5b054b3bfa8c7a5bc2aa261c48eded8f0265d82ec9157
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2020 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2020-08-06 18:22:01'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.2.0.0
-  Filename: ''
-  ImportedFunctions:
-  - NtBuildNumber
-  - IofCompleteRequest
-  - KeBugCheck
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsInitialSystemProcess
-  - ObfDereferenceObject
-  - PsLookupProcessByProcessId
-  - PsGetProcessImageFileName
-  - PsGetProcessId
-  - ZwClose
-  - ZwSetInformationProcess
-  - ZwDuplicateToken
-  - ObOpenObjectByPointer
-  - PsProcessType
-  - RtlInitUnicodeString
-  - PsReferencePrimaryToken
-  - IoGetCurrentProcess
-  - RtlCompareMemory
-  - ZwOpenProcessTokenEx
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - IoFreeMdl
-  - MmUnlockPages
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - memcpy
-  - KeServiceDescriptorTable
-  - IoEnumerateRegisteredFiltersList
-  - KeTickCount
-  - MmGetSystemRoutineAddress
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - memset
-  - PsDereferencePrimaryToken
-  - _vsnwprintf
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwind
-  - KeBugCheckEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltGetVolumeFromInstance
-  - FltObjectDereference
-  - FltEnumerateFilters
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: f7f31bccc9b7b2964ac85106831022b1
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.2.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: c4873a245675b1071413f34af4d80050
-    SHA1: dd32c95fe9c3a8bcfa7623a732f2492214ff5881
-    SHA256: 2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
-  SHA1: bb5b17cff0b9e15f1648b4136e95bd20d899aef5
-  SHA256: efa56907b9d0ec4430a5d581f490b6b9052b1e979da4dab6a110ab92e17d4576
-  Sections:
-    .text:
-      Entropy: 6.2064317372812985
-      Virtual Size: '0x2404'
-    .rdata:
-      Entropy: 3.5467917260659156
-      Virtual Size: '0xff4'
-    .data:
-      Entropy: 2.813191841547333
-      Virtual Size: '0x14dc'
-    PAGE:
-      Entropy: 5.804360087879422
-      Virtual Size: '0x266'
-    INIT:
-      Entropy: 5.4281677070245955
-      Virtual Size: '0x538'
-    .rsrc:
-      Entropy: 3.3459452702797696
-      Virtual Size: '0x430'
-    .reloc:
-      Entropy: 6.0011548156682
-      Virtual Size: '0x4a0'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2026-04-13 10:00:00'
-      Signature: 1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 751e3ee9c5dc2f3e8f04e59dee5ed409
-      Version: 3
-      TBS:
-        MD5: a637f8f3c278575f41cda67c2063c050
-        SHA1: debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
-        SHA256: f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
-        SHA384: 8d32c5f71dc656c96a04609c17e9d8dc95c4f56d1a55165a265e244d34a3f7708e6c7d942376e4fbb3d2ac2f2609fd47
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 3b49942ec6cef1898e97f741b2b5df8a
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 2fae440eea265327c767ca35b28dc3be
-    SHA1: 0835c5e8536d3abcf20f0af3baa24943d67a4326
-    SHA256: 6413aa70a5664953223205b6364d676fac0c0491d12ddaadc91b7f12fa53f77b
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2020 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2020-01-04 10:58:56'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.2.0.0
-  Filename: ''
-  ImportedFunctions:
-  - NtBuildNumber
-  - IofCompleteRequest
-  - KeBugCheck
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsInitialSystemProcess
-  - ObfDereferenceObject
-  - PsLookupProcessByProcessId
-  - PsGetProcessImageFileName
-  - PsGetProcessId
-  - ZwClose
-  - ZwSetInformationProcess
-  - ZwDuplicateToken
-  - ObOpenObjectByPointer
-  - PsProcessType
-  - RtlInitUnicodeString
-  - PsReferencePrimaryToken
-  - IoGetCurrentProcess
-  - RtlCompareMemory
-  - ZwOpenProcessTokenEx
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - IoFreeMdl
-  - MmUnlockPages
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - memcpy
-  - KeServiceDescriptorTable
-  - IoEnumerateRegisteredFiltersList
-  - KeTickCount
-  - MmGetSystemRoutineAddress
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - memset
-  - PsDereferencePrimaryToken
-  - _vsnwprintf
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwind
-  - KeBugCheckEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltGetVolumeFromInstance
-  - FltObjectDereference
-  - FltEnumerateFilters
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: b5dcc869a91efcc6e8ea0c3c07605d63
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.2.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: c4873a245675b1071413f34af4d80050
-    SHA1: dd32c95fe9c3a8bcfa7623a732f2492214ff5881
-    SHA256: 2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
-  SHA1: 98588b1d1b63747fa6ee406983bf50ad48a2208b
-  SHA256: 80e4c83cfa9d675a6746ab846fa5da76d79e87a9297e94e595a2d781e02673b3
-  Sections:
-    .text:
-      Entropy: 6.2035733322045745
-      Virtual Size: '0x23f4'
-    .rdata:
-      Entropy: 3.5746259663984965
-      Virtual Size: '0xed4'
-    .data:
-      Entropy: 2.8516013173925066
-      Virtual Size: '0x1264'
-    PAGE:
-      Entropy: 5.795549160299263
-      Virtual Size: '0x266'
-    INIT:
-      Entropy: 5.429489696991249
-      Virtual Size: '0x538'
-    .rsrc:
-      Entropy: 3.3459452702797696
-      Virtual Size: '0x430'
-    .reloc:
-      Entropy: 5.93822728458253
-      Virtual Size: '0x464'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2026-04-13 10:00:00'
-      Signature: 1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 751e3ee9c5dc2f3e8f04e59dee5ed409
-      Version: 3
-      TBS:
-        MD5: a637f8f3c278575f41cda67c2063c050
-        SHA1: debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
-        SHA256: f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
-        SHA384: 8d32c5f71dc656c96a04609c17e9d8dc95c4f56d1a55165a265e244d34a3f7708e6c7d942376e4fbb3d2ac2f2609fd47
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 3b49942ec6cef1898e97f741b2b5df8a
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 877f0b3e3854d66aa97efc41d0527fbf
-    SHA1: 769cc9a5a5a768503df511c80bb60bf04e3e8df8
-    SHA256: dca34739f3935caed2af248206452e7ba1fdf394c901e74729b5a96884dc6228
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2017 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2018-08-16 16:46:18'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.1.1.0
-  Filename: ''
-  ImportedFunctions:
-  - KeBugCheck
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsProcessType
-  - PsGetProcessImageFileName
-  - PsLookupProcessByProcessId
-  - PsReferencePrimaryToken
-  - ZwOpenProcessTokenEx
-  - IoGetCurrentProcess
-  - ZwSetInformationProcess
-  - ZwClose
-  - ZwDuplicateToken
-  - PsInitialSystemProcess
-  - _vsnwprintf
-  - ObfDereferenceObject
-  - ObOpenObjectByPointer
-  - PsGetProcessId
-  - PsDereferencePrimaryToken
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IoFreeMdl
-  - MmProbeAndLockPages
-  - MmUnlockPages
-  - IoAllocateMdl
-  - ZwUnloadKey
-  - IoEnumerateRegisteredFiltersList
-  - KeBugCheckEx
-  - MmGetSystemRoutineAddress
-  - IoDeleteDevice
-  - RtlInitUnicodeString
-  - NtBuildNumber
-  - RtlCompareMemory
-  - IoDeleteSymbolicLink
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwindEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltEnumerateFilters
-  - FltObjectDereference
-  - FltGetVolumeFromInstance
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: 68caf620ef8deaf06819cf8c80d3367b
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.1.1.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: d45d2640e1584c776a1d10e5f695d7ad
-    SHA1: fef88c261764494d9a145b37b7739f3454786729
-    SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
-  SHA1: 86f34eaea117f629297218a4d196b5729e72d7b9
-  SHA256: 02ebf848fa618eba27065db366b15ee6629d98f551d20612ac38b9f655f37715
-  Sections:
-    .text:
-      Entropy: 6.1419629238500235
-      Virtual Size: '0x31fc'
-    .rdata:
-      Entropy: 3.849487307928408
-      Virtual Size: '0x13d0'
-    .data:
-      Entropy: 2.2863945965626136
-      Virtual Size: '0x1614'
-    .pdata:
-      Entropy: 4.052479770333054
-      Virtual Size: '0x1b0'
-    PAGE:
-      Entropy: 6.093773811863592
-      Virtual Size: '0x28b'
-    INIT:
-      Entropy: 5.119968261124173
-      Virtual Size: '0x5e6'
-    .rsrc:
-      Entropy: 3.3614073432360265
-      Virtual Size: '0x438'
-    .reloc:
-      Entropy: 4.830405545722778
-      Virtual Size: '0x210'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 059c6bd84285f4960e767f032b33f19b
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 67eeaf7f745b43a4c207c49cd585dd8a
-    SHA1: 1e528afea49197c1d9e67aa6fa08e99b675162e4
-    SHA256: 5b5590995c6bcd39884dceda1e87e8516a3767bce00519ce140a46f1a77666ff
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2020 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2020-08-04 17:23:33'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.2.0.0
-  Filename: ''
-  ImportedFunctions:
-  - KeBugCheck
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsProcessType
-  - PsGetProcessImageFileName
-  - PsLookupProcessByProcessId
-  - PsReferencePrimaryToken
-  - ZwOpenProcessTokenEx
-  - IoGetCurrentProcess
-  - ZwSetInformationProcess
-  - ZwClose
-  - ZwDuplicateToken
-  - PsInitialSystemProcess
-  - _vsnwprintf
-  - ObfDereferenceObject
-  - ObOpenObjectByPointer
-  - PsGetProcessId
-  - PsDereferencePrimaryToken
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IoFreeMdl
-  - MmProbeAndLockPages
-  - MmUnlockPages
-  - IoAllocateMdl
-  - ZwUnloadKey
-  - IoEnumerateRegisteredFiltersList
-  - KeBugCheckEx
-  - MmGetSystemRoutineAddress
-  - IoDeleteDevice
-  - RtlInitUnicodeString
-  - NtBuildNumber
-  - RtlCompareMemory
-  - IoDeleteSymbolicLink
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwindEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltEnumerateFilters
-  - FltObjectDereference
-  - FltGetVolumeFromInstance
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: d075d56dfce6b9b13484152b1ef40f93
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.2.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: d45d2640e1584c776a1d10e5f695d7ad
-    SHA1: fef88c261764494d9a145b37b7739f3454786729
-    SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
-  SHA1: 50c6b3cafc35462009d02c10f2e79373936dd7bb
-  SHA256: 19dfacea1b9f19c0379f89b2424ceb028f2ce59b0db991ba83ae460027584987
-  Sections:
-    .text:
-      Entropy: 6.133976095876382
-      Virtual Size: '0x329c'
-    .rdata:
-      Entropy: 3.837237859626634
-      Virtual Size: '0x1490'
-    .data:
-      Entropy: 2.1710929957450715
-      Virtual Size: '0x1c54'
-    .pdata:
-      Entropy: 3.9857737110778095
-      Virtual Size: '0x1b0'
-    PAGE:
-      Entropy: 6.058535435224619
-      Virtual Size: '0x28b'
-    INIT:
-      Entropy: 5.119968261124173
-      Virtual Size: '0x5e6'
-    .rsrc:
-      Entropy: 3.3478109419215607
-      Virtual Size: '0x430'
-    .reloc:
-      Entropy: 5.011052354824561
-      Virtual Size: '0x288'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2026-04-13 10:00:00'
-      Signature: 1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 751e3ee9c5dc2f3e8f04e59dee5ed409
-      Version: 3
-      TBS:
-        MD5: a637f8f3c278575f41cda67c2063c050
-        SHA1: debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
-        SHA256: f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
-        SHA384: 8d32c5f71dc656c96a04609c17e9d8dc95c4f56d1a55165a265e244d34a3f7708e6c7d942376e4fbb3d2ac2f2609fd47
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 059c6bd84285f4960e767f032b33f19b
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 3d94608c59c92218809dd4fcb7ccb9c5
-    SHA1: 39488246d1782664bedc39c53cdc14d804af542f
-    SHA256: fa659944a59430edc6162b285d0fa7b6fbfd28b9057f7286eee127888431844e
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2020 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2021-06-22 14:01:04'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.2.0.0
-  Filename: ''
-  ImportedFunctions:
-  - KeBugCheck
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsProcessType
-  - PsGetProcessImageFileName
-  - PsLookupProcessByProcessId
-  - PsReferencePrimaryToken
-  - ZwOpenProcessTokenEx
-  - IoGetCurrentProcess
-  - ZwSetInformationProcess
-  - ZwClose
-  - ZwDuplicateToken
-  - PsInitialSystemProcess
-  - _vsnwprintf
-  - ObfDereferenceObject
-  - ObOpenObjectByPointer
-  - PsGetProcessId
-  - PsDereferencePrimaryToken
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IoFreeMdl
-  - MmProbeAndLockPages
-  - MmUnlockPages
-  - IoAllocateMdl
-  - ZwUnloadKey
-  - IoEnumerateRegisteredFiltersList
-  - KeBugCheckEx
-  - MmGetSystemRoutineAddress
-  - IoDeleteDevice
-  - RtlInitUnicodeString
-  - NtBuildNumber
-  - RtlCompareMemory
-  - IoDeleteSymbolicLink
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwindEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltEnumerateFilters
-  - FltObjectDereference
-  - FltGetVolumeFromInstance
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: e39152eadd76751b1d7485231b280948
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.2.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: d45d2640e1584c776a1d10e5f695d7ad
-    SHA1: fef88c261764494d9a145b37b7739f3454786729
-    SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
-  SHA1: 635a39ff5066e1ac7c1c5995d476d8c233966dda
-  SHA256: 4b97d63ebdeda6941bb8cef5e94741c6cca75237ca830561f2262034805f0919
-  Sections:
-    .text:
-      Entropy: 6.133976095876382
-      Virtual Size: '0x329c'
-    .rdata:
-      Entropy: 3.8370535650030457
-      Virtual Size: '0x1490'
-    .data:
-      Entropy: 2.1710929957450715
-      Virtual Size: '0x1c54'
-    .pdata:
-      Entropy: 3.9857737110778095
-      Virtual Size: '0x1b0'
-    PAGE:
-      Entropy: 6.058535435224619
-      Virtual Size: '0x28b'
-    INIT:
-      Entropy: 5.119968261124173
-      Virtual Size: '0x5e6'
-    .rsrc:
-      Entropy: 3.3478109419215607
-      Virtual Size: '0x430'
-    .reloc:
-      Entropy: 5.011052354824561
-      Virtual Size: '0x288'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2026-04-13 10:00:00'
-      Signature: 1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 751e3ee9c5dc2f3e8f04e59dee5ed409
-      Version: 3
-      TBS:
-        MD5: a637f8f3c278575f41cda67c2063c050
-        SHA1: debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
-        SHA256: f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
-        SHA384: 8d32c5f71dc656c96a04609c17e9d8dc95c4f56d1a55165a265e244d34a3f7708e6c7d942376e4fbb3d2ac2f2609fd47
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 059c6bd84285f4960e767f032b33f19b
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 822724c9a809efe8252bbe30dc35f876
-    SHA1: 59cccb4cf97b598b6b1ffd31e7021b5b7341e651
-    SHA256: 46aac78f7cd865d27189c8308841f12a5512e657be0dd6e8b178aac5223889fe
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2020 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2020-03-08 11:30:31'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.2.0.0
-  Filename: ''
-  ImportedFunctions:
-  - KeBugCheck
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsProcessType
-  - PsGetProcessImageFileName
-  - PsLookupProcessByProcessId
-  - PsReferencePrimaryToken
-  - ZwOpenProcessTokenEx
-  - IoGetCurrentProcess
-  - ZwSetInformationProcess
-  - ZwClose
-  - ZwDuplicateToken
-  - PsInitialSystemProcess
-  - _vsnwprintf
-  - ObfDereferenceObject
-  - ObOpenObjectByPointer
-  - PsGetProcessId
-  - PsDereferencePrimaryToken
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IoFreeMdl
-  - MmProbeAndLockPages
-  - MmUnlockPages
-  - IoAllocateMdl
-  - ZwUnloadKey
-  - IoEnumerateRegisteredFiltersList
-  - KeBugCheckEx
-  - MmGetSystemRoutineAddress
-  - IoDeleteDevice
-  - RtlInitUnicodeString
-  - NtBuildNumber
-  - RtlCompareMemory
-  - IoDeleteSymbolicLink
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwindEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltEnumerateFilters
-  - FltObjectDereference
-  - FltGetVolumeFromInstance
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: 2bb353891d65c9e267eb98a3a2b694c3
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.2.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: d45d2640e1584c776a1d10e5f695d7ad
-    SHA1: fef88c261764494d9a145b37b7739f3454786729
-    SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
-  SHA1: b2fb5036b29b12bcec04c3152b65b67ca14d61f2
-  SHA256: 95e5b5500e63c31c6561161a82f7f9373f99b5b1f54b018c4866df4f2a879167
-  Sections:
-    .text:
-      Entropy: 6.135433819899731
-      Virtual Size: '0x325c'
-    .rdata:
-      Entropy: 3.835892429826315
-      Virtual Size: '0x1450'
-    .data:
-      Entropy: 2.2159905775744044
-      Virtual Size: '0x1934'
-    .pdata:
-      Entropy: 4.038755197475624
-      Virtual Size: '0x1b0'
-    PAGE:
-      Entropy: 6.068036657482388
-      Virtual Size: '0x28b'
-    INIT:
-      Entropy: 5.119968261124173
-      Virtual Size: '0x5e6'
-    .rsrc:
-      Entropy: 3.3478109419215607
-      Virtual Size: '0x430'
-    .reloc:
-      Entropy: 4.901711830072888
-      Virtual Size: '0x24c'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2026-04-13 10:00:00'
-      Signature: 1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 751e3ee9c5dc2f3e8f04e59dee5ed409
-      Version: 3
-      TBS:
-        MD5: a637f8f3c278575f41cda67c2063c050
-        SHA1: debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
-        SHA256: f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
-        SHA384: 8d32c5f71dc656c96a04609c17e9d8dc95c4f56d1a55165a265e244d34a3f7708e6c7d942376e4fbb3d2ac2f2609fd47
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 059c6bd84285f4960e767f032b33f19b
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 4f83f4106a064454d042be3acdf51433
-    SHA1: 00389c07e9cc727910552e0e5d7a36b571587039
-    SHA256: 89e579ccbbd834bdd1d5b394843b6110813849000d9116489f14c146cbe66811
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2017 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2017-03-17 20:18:10'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.1.0.0
-  Filename: ''
-  ImportedFunctions:
-  - KeBugCheck
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsProcessType
-  - PsGetProcessImageFileName
-  - PsLookupProcessByProcessId
-  - PsReferencePrimaryToken
-  - ZwOpenProcessTokenEx
-  - IoGetCurrentProcess
-  - ZwSetInformationProcess
-  - ZwClose
-  - ZwDuplicateToken
-  - PsInitialSystemProcess
-  - _vsnwprintf
-  - ObfDereferenceObject
-  - ObOpenObjectByPointer
-  - PsGetProcessId
-  - PsDereferencePrimaryToken
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IoFreeMdl
-  - MmProbeAndLockPages
-  - MmUnlockPages
-  - IoAllocateMdl
-  - ZwUnloadKey
-  - IoEnumerateRegisteredFiltersList
-  - KeBugCheckEx
-  - MmGetSystemRoutineAddress
-  - IoDeleteDevice
-  - RtlInitUnicodeString
-  - NtBuildNumber
-  - RtlCompareMemory
-  - IoDeleteSymbolicLink
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwindEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltEnumerateFilters
-  - FltObjectDereference
-  - FltGetVolumeFromInstance
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: d70a80fc73dd43469934a7b1cc623c76
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.1.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: d45d2640e1584c776a1d10e5f695d7ad
-    SHA1: fef88c261764494d9a145b37b7739f3454786729
-    SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
-  SHA1: bb6ef5518df35d9508673d5011138add8c30fc27
-  SHA256: d50cb5f4b28c6c26f17b9d44211e515c3c0cc2c0c4bf24cd8f9ed073238053ad
-  Sections:
-    .text:
-      Entropy: 6.14362601153889
-      Virtual Size: '0x318c'
-    .rdata:
-      Entropy: 3.8596128120865294
-      Virtual Size: '0x1300'
-    .data:
-      Entropy: 2.3976266531821224
-      Virtual Size: '0x1144'
-    .pdata:
-      Entropy: 4.043975650731326
-      Virtual Size: '0x1b0'
-    PAGE:
-      Entropy: 6.070426661582891
-      Virtual Size: '0x28b'
-    INIT:
-      Entropy: 5.119968261124173
-      Virtual Size: '0x5e6'
-    .rsrc:
-      Entropy: 3.370803361398665
-      Virtual Size: '0x440'
-    .reloc:
-      Entropy: 4.657997051970539
-      Virtual Size: '0x1b6'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 059c6bd84285f4960e767f032b33f19b
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: d19da93a227f29c779c50c8a381b0fa6
-    SHA1: aae9989c7e466cfa4e1c33f8e7c5937554ba9aa0
-    SHA256: b29cf0840f2efe394091e07e6701c44916a9e3dafdef6952c1d28fbeb4649df3
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2020 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2021-05-18 09:06:19'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.2.0.0
-  Filename: ''
-  ImportedFunctions:
-  - NtBuildNumber
-  - IofCompleteRequest
-  - KeBugCheck
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsInitialSystemProcess
-  - ObfDereferenceObject
-  - PsLookupProcessByProcessId
-  - PsGetProcessImageFileName
-  - PsGetProcessId
-  - ZwClose
-  - ZwSetInformationProcess
-  - ZwDuplicateToken
-  - ObOpenObjectByPointer
-  - PsProcessType
-  - RtlInitUnicodeString
-  - PsReferencePrimaryToken
-  - IoGetCurrentProcess
-  - RtlCompareMemory
-  - ZwOpenProcessTokenEx
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - IoFreeMdl
-  - MmUnlockPages
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - memcpy
-  - KeServiceDescriptorTable
-  - IoEnumerateRegisteredFiltersList
-  - KeTickCount
-  - MmGetSystemRoutineAddress
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - memset
-  - PsDereferencePrimaryToken
-  - _vsnwprintf
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwind
-  - KeBugCheckEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltGetVolumeFromInstance
-  - FltObjectDereference
-  - FltEnumerateFilters
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: b52f51bbe6b49d0b475d943c29c4d4cb
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.2.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: c4873a245675b1071413f34af4d80050
-    SHA1: dd32c95fe9c3a8bcfa7623a732f2492214ff5881
-    SHA256: 2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
-  SHA1: 4f7989ad92b8c47c004d3731b7602ce0934d7a23
-  SHA256: ee525b90053bb30908b5d7bf4c5e9b8b9d6b7b5c9091a26fa25d30d3ad8ef5d0
-  Sections:
-    .text:
-      Entropy: 6.2064317372812985
-      Virtual Size: '0x2404'
-    .rdata:
-      Entropy: 3.541950216530622
-      Virtual Size: '0xff4'
-    .data:
-      Entropy: 2.813191841547333
-      Virtual Size: '0x14dc'
-    PAGE:
-      Entropy: 5.804360087879422
-      Virtual Size: '0x266'
-    INIT:
-      Entropy: 5.4281677070245955
-      Virtual Size: '0x538'
-    .rsrc:
-      Entropy: 3.3459452702797696
-      Virtual Size: '0x430'
-    .reloc:
-      Entropy: 6.0011548156682
-      Virtual Size: '0x4a0'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2026-04-13 10:00:00'
-      Signature: 1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 751e3ee9c5dc2f3e8f04e59dee5ed409
-      Version: 3
-      TBS:
-        MD5: a637f8f3c278575f41cda67c2063c050
-        SHA1: debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
-        SHA256: f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
-        SHA384: 8d32c5f71dc656c96a04609c17e9d8dc95c4f56d1a55165a265e244d34a3f7708e6c7d942376e4fbb3d2ac2f2609fd47
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 3b49942ec6cef1898e97f741b2b5df8a
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 139811484a728ff40094e2671eade0d5
-    SHA1: a4539444af2f2a478a88ddf57d88f46d7ea0100c
-    SHA256: fcad50a13dcf1eeefffe2c2f51a052fd13bfaeddb0bd1f3c2353c64284ea62e2
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2017 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2017-07-31 20:46:04'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.1.0.0
-  Filename: ''
-  ImportedFunctions:
-  - NtBuildNumber
-  - IofCompleteRequest
-  - KeBugCheck
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsInitialSystemProcess
-  - ObfDereferenceObject
-  - PsLookupProcessByProcessId
-  - PsGetProcessImageFileName
-  - PsGetProcessId
-  - ZwClose
-  - ZwSetInformationProcess
-  - ZwDuplicateToken
-  - ObOpenObjectByPointer
-  - PsProcessType
-  - RtlInitUnicodeString
-  - PsReferencePrimaryToken
-  - IoGetCurrentProcess
-  - RtlCompareMemory
-  - ZwOpenProcessTokenEx
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - IoFreeMdl
-  - MmUnlockPages
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - memcpy
-  - KeServiceDescriptorTable
-  - IoEnumerateRegisteredFiltersList
-  - KeTickCount
-  - MmGetSystemRoutineAddress
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - memset
-  - PsDereferencePrimaryToken
-  - _vsnwprintf
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwind
-  - KeBugCheckEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltGetVolumeFromInstance
-  - FltObjectDereference
-  - FltEnumerateFilters
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: 920df6e42cf91bbe19707f5a86e3c5c5
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.1.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: c4873a245675b1071413f34af4d80050
-    SHA1: dd32c95fe9c3a8bcfa7623a732f2492214ff5881
-    SHA256: 2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
-  SHA1: a2fe7de67b3f7d4b1def88ce4ba080f473c0fbc6
-  SHA256: 4999541c47abd4a7f2a002c180ae8d31c19804ce538b85870b8db53d3652862b
-  Sections:
-    .text:
-      Entropy: 6.199736289697868
-      Virtual Size: '0x236e'
-    .rdata:
-      Entropy: 3.556162829858078
-      Virtual Size: '0xde4'
-    .data:
-      Entropy: 2.962098389788266
-      Virtual Size: '0xeb0'
-    PAGE:
-      Entropy: 5.795507089372613
-      Virtual Size: '0x266'
-    INIT:
-      Entropy: 5.324875365502854
-      Virtual Size: '0x538'
-    .rsrc:
-      Entropy: 3.3682712956797647
-      Virtual Size: '0x440'
-    .reloc:
-      Entropy: 5.952195564032691
-      Virtual Size: '0x3fe'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 3b49942ec6cef1898e97f741b2b5df8a
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 8161ee04d917caa1c90ac5e9721b0e94
-    SHA1: 97f35c9c492b84f5e5819d63442af76522c83581
-    SHA256: d172d95afc72a8a4a6362175bd68b5f4405f166fff94464d845213af586fe8bd
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2016 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2016-10-29 13:27:37'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.1.0.0
-  Filename: ''
-  ImportedFunctions:
-  - KeBugCheck
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsProcessType
-  - PsGetProcessImageFileName
-  - PsLookupProcessByProcessId
-  - PsReferencePrimaryToken
-  - ZwOpenProcessTokenEx
-  - IoGetCurrentProcess
-  - ZwSetInformationProcess
-  - ZwClose
-  - ZwDuplicateToken
-  - PsInitialSystemProcess
-  - _vsnwprintf
-  - ObfDereferenceObject
-  - ObOpenObjectByPointer
-  - PsGetProcessId
-  - PsDereferencePrimaryToken
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IoFreeMdl
-  - MmProbeAndLockPages
-  - MmUnlockPages
-  - IoAllocateMdl
-  - ZwUnloadKey
-  - IoEnumerateRegisteredFiltersList
-  - KeBugCheckEx
-  - MmGetSystemRoutineAddress
-  - IoDeleteDevice
-  - RtlInitUnicodeString
-  - NtBuildNumber
-  - RtlCompareMemory
-  - IoDeleteSymbolicLink
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwindEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltEnumerateFilters
-  - FltObjectDereference
-  - FltGetVolumeFromInstance
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: db86dfd7aefbb5be6728a63461b0f5f3
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.1.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: d45d2640e1584c776a1d10e5f695d7ad
-    SHA1: fef88c261764494d9a145b37b7739f3454786729
-    SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
-  SHA1: de9469a5d01fb84afd41d176f363a66e410d46da
-  SHA256: 3b2cd65a4fbdd784a6466e5196bc614c17d1dbaed3fd991d242e3be3e9249da6
-  Sections:
-    .text:
-      Entropy: 6.14362601153889
-      Virtual Size: '0x318c'
-    .rdata:
-      Entropy: 3.856956676502729
-      Virtual Size: '0x1300'
-    .data:
-      Entropy: 2.3976266531821224
-      Virtual Size: '0x1144'
-    .pdata:
-      Entropy: 4.043975650731326
-      Virtual Size: '0x1b0'
-    PAGE:
-      Entropy: 6.070426661582891
-      Virtual Size: '0x28b'
-    INIT:
-      Entropy: 5.119968261124173
-      Virtual Size: '0x5e6'
-    .rsrc:
-      Entropy: 3.370803361398665
-      Virtual Size: '0x440'
-    .reloc:
-      Entropy: 4.657997051970539
-      Virtual Size: '0x1b6'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 059c6bd84285f4960e767f032b33f19b
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: f7d4bed422d5211ebf2a51e330f0910b
-    SHA1: 8c7217435c8c3ca65c2fc2a17788e40de9ecb248
-    SHA256: 07f962d8b90f359cf12faa55772d0ef05237ac2fbb2ff7d5cff700df93643e65
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2017 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2018-06-16 10:49:00'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.1.1.0
-  Filename: ''
-  ImportedFunctions:
-  - KeBugCheck
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsProcessType
-  - PsGetProcessImageFileName
-  - PsLookupProcessByProcessId
-  - PsReferencePrimaryToken
-  - ZwOpenProcessTokenEx
-  - IoGetCurrentProcess
-  - ZwSetInformationProcess
-  - ZwClose
-  - ZwDuplicateToken
-  - PsInitialSystemProcess
-  - _vsnwprintf
-  - ObfDereferenceObject
-  - ObOpenObjectByPointer
-  - PsGetProcessId
-  - PsDereferencePrimaryToken
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IoFreeMdl
-  - MmProbeAndLockPages
-  - MmUnlockPages
-  - IoAllocateMdl
-  - ZwUnloadKey
-  - IoEnumerateRegisteredFiltersList
-  - KeBugCheckEx
-  - MmGetSystemRoutineAddress
-  - IoDeleteDevice
-  - RtlInitUnicodeString
-  - NtBuildNumber
-  - RtlCompareMemory
-  - IoDeleteSymbolicLink
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwindEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltEnumerateFilters
-  - FltObjectDereference
-  - FltGetVolumeFromInstance
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: 5be61a24f50eb4c94d98b8a82ef58dcf
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.1.1.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: d45d2640e1584c776a1d10e5f695d7ad
-    SHA1: fef88c261764494d9a145b37b7739f3454786729
-    SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
-  SHA1: a5914161f8a885702427cf75443fb08d28d904f0
-  SHA256: aafa642ca3d906138150059eeddb6f6b4fe9ad90c6174386cfe13a13e8be47d9
-  Sections:
-    .text:
-      Entropy: 6.1419629238500235
-      Virtual Size: '0x31fc'
-    .rdata:
-      Entropy: 3.850555269068008
-      Virtual Size: '0x13d0'
-    .data:
-      Entropy: 2.2863945965626136
-      Virtual Size: '0x1614'
-    .pdata:
-      Entropy: 4.052479770333054
-      Virtual Size: '0x1b0'
-    PAGE:
-      Entropy: 6.093773811863592
-      Virtual Size: '0x28b'
-    INIT:
-      Entropy: 5.119968261124173
-      Virtual Size: '0x5e6'
-    .rsrc:
-      Entropy: 3.3614073432360265
-      Virtual Size: '0x438'
-    .reloc:
-      Entropy: 4.830405545722778
-      Virtual Size: '0x210'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority,
-        CN=Certum Code Signing CA SHA2
-      ValidFrom: '2015-10-29 11:30:29'
-      ValidTo: '2027-06-09 11:30:29'
-      Signature: aae53f7654024c700e29a93996060f31b70bf1a68b52fb108f4f425b8cbd312301669de829a14dc350faf7f8450e1d82d7fcfea6320473fd71eccc880fa39208c5815802fd0b693bcdb83f493dd08d1c1314682e9b0d9aadb019e29ed27c3977886f23fd7b84fc446db5ba6b7092556c94b1d837fda9591db463b2dc13cd788e2535c19a8f37842ed445cce3f5cc8d73a8e33a6de7959470579150b66def73724f2f028760e2ea22a1ed3efdd18b668d2e726d4fc65d35ee93a898d2676ae9da19cd0283f974fc5f7a1804281edd22333b766c47055dd552fe0eba76f38310c76e305fa760c7fa7427319b2883ed218a1bf1235284ed95bcad3aa5a342019dbc
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 6b326a0f0328d37a1d530bfd23bd48e2
-      Version: 3
-      TBS:
-        MD5: e556c75dbca00e43684d23c11c032d4a
-        SHA1: 50925e36ffd52e5b4d32689e9007b14a3a417168
-        SHA256: f7b6eeb3a567223000a61f68c53b458193557c17e5d512d2825bcb13e5fc9be5
-        SHA384: 57f1cdd3afe0bd7859ab450dbdf6e21a55cf5ba0dda62b9b3c12f2d885d98413ce6817243f6bb83cd77276643369ecbf
-    - Subject: C=FR, O=Open Source Developer, ST=Ile de France, CN=Open Source Developer,
-        Benjamin Delpy, emailAddress=benjamin@gentilkiwi.com
-      ValidFrom: '2017-12-04 09:50:34'
-      ValidTo: '2018-12-04 09:50:34'
-      Signature: a671cf049079a759f4c1fa73dd7f3b3b84da6480a91a3c1a9d6d3bb1313d6714d14272b477c37a86b88a686344dcfd89c8af3a34deaaa5bab970adfa66c5ff206b22ef1954ccbf6b96fdf0f99e9066557fefbb5ddc55aa2a2891181d1a27b06acb79380b618344bd202361fb0399a7e6e6ccbcfa714265fa054e373261efaf6b74bc7e4c7994bcb832d61b3c573d2ec8c3926afb60d4b63428112dd6249c2a49cfded8fa33893fb2d452b135ad57be1ff7956825861e1fd53dfbc0cef82045fd699ebeb74230abfbac20467f087f6e7e2b19f0f961ea2f015c2e54e653507f9966193658afc237778e12001f05e1c6e0ec13d9574718593a2f2484cff950e019
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 1519af351702ab2d86968d0be928f529
-      Version: 3
-      TBS:
-        MD5: 7227ed4392de49333e052f8f17c41f69
-        SHA1: e019d8060f65cc923dab50ea282fb8895c1c75f9
-        SHA256: eee437f4170a21f7de0e590620ff2a9412f89af95e87589d0e5a1cca17f61825
-        SHA384: a5f32361dfa3828aebf139cb1017bba83111e1ce2c5dbd126751a1e7d8f19f3fb838926fc118e423fbe07187e84efc2b
-    - Subject: C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority,
-        CN=Certum Trusted Network CA
-      ValidFrom: '2011-04-15 20:15:34'
-      ValidTo: '2021-04-15 20:25:34'
-      Signature: 419f12160eedee2491fe5d5f10a097a8749e0dccf3115163122a5bb95dc7afac5aa25c0002cb728e0d9225b6522653be3c77a2c28c8089d84118571ab8d05057c328e7fad044804e7e8933286f3a47ef5e231ef27afe3a2a19dead6b1a2847786e9bbfeb7367589a2719d8eb5c3d085860629d5914cf9e76b3cfd962af7b72ac80f9e015ab9c7a5c4b1c7083db7094117bd22a4c7734dc36cccd46d40b198c09f6610ade481c9b3fff0b43d7f1018061abda70cfa78444acb31cce2630f5ca5f696735836ea3888c0fb8939bd65b0615e64b7db950ab09e07b2beb4c1a6bba1cca791bc59f81bde443f02de195d5a166076ce6e5456e060bdbf5bc4395b88aa50555e59668ac1d31db3804bc1c3db61975d1b5802a821e385c4676256c4d8b7483544375e77bb395bfee13609e0ecdfbcaf73a2a52a0a625497a17193ae8941f2c8204035ea9513cef526f7b43ceda2b81b47fda1a2c6265d1ec2837823014319d15bdffacc88b256e41bd1f23741be3fcf94be2eb46e68151530ec94a84788deca8b80f8d4c7fe0f6b0d2c538b24f82c410fe87b88ec6b6b0f87c12a7b4834dfc1e8b6a5bf9d564793ed1e37e1af6c81e59db4dca605c577ea25877ecfa05260032a7f6ff134e98d86f5b434cb336e425bcd93b9f38e00ee9be81e6c91f0f022f8d3a1288a88e1bb1e776913e18de361228fef766557c5bd464487452c32189
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 613bc791000000000034
-      Version: 3
-      TBS:
-        MD5: f5f0d604dd56b0446f98fb67e98a76f8
-        SHA1: c749c146cc00030ff36ecf9b698e6a377bc15605
-        SHA256: df5dacc623d44348fff0bc8ebe2cedc8ba212e33c6f10d7fd608f37f92a2c273
-        SHA384: c394dc13768746f008b4ffa082d6e8a2e55a83052d63e3c0a8f2fcfc30dcd51849afd21b0adf86bc50490629a89da09b
-    Signer:
-    - SerialNumber: 1519af351702ab2d86968d0be928f529
-      Issuer: C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority,
-        CN=Certum Code Signing CA SHA2
-      Version: 1
-  Imphash: 059c6bd84285f4960e767f032b33f19b
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: ea59bf845819844f1e170473b1fcc657
-    SHA1: fee88f233e0d57a61531ccc8d39bf68ff4cc1ccf
-    SHA256: 683936955d7e3281573fcbaa149fc384a06dc4a12cd67ce601aba2f1a32b19c3
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2017 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2017-03-27 19:18:03'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.1.0.0
-  Filename: ''
-  ImportedFunctions:
-  - NtBuildNumber
-  - IofCompleteRequest
-  - KeBugCheck
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsInitialSystemProcess
-  - ObfDereferenceObject
-  - PsLookupProcessByProcessId
-  - PsGetProcessImageFileName
-  - PsGetProcessId
-  - ZwClose
-  - ZwSetInformationProcess
-  - ZwDuplicateToken
-  - ObOpenObjectByPointer
-  - PsProcessType
-  - RtlInitUnicodeString
-  - PsReferencePrimaryToken
-  - IoGetCurrentProcess
-  - RtlCompareMemory
-  - ZwOpenProcessTokenEx
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - IoFreeMdl
-  - MmUnlockPages
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - memcpy
-  - KeServiceDescriptorTable
-  - IoEnumerateRegisteredFiltersList
-  - KeTickCount
-  - MmGetSystemRoutineAddress
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - memset
-  - PsDereferencePrimaryToken
-  - _vsnwprintf
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwind
-  - KeBugCheckEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltGetVolumeFromInstance
-  - FltObjectDereference
-  - FltEnumerateFilters
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: 2730cc25ad385acc7213a1261b21c12d
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.1.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: c4873a245675b1071413f34af4d80050
-    SHA1: dd32c95fe9c3a8bcfa7623a732f2492214ff5881
-    SHA256: 2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
-  SHA1: 9648ad90ec683c63cc02a99111a002f9b00478d1
-  SHA256: 82b7fa34ad07dbf9afa63b2f6ed37973a1b4fe35dee90b3cf5c788c15c9f08f7
-  Sections:
-    .text:
-      Entropy: 6.189266621409851
-      Virtual Size: '0x235e'
-    .rdata:
-      Entropy: 3.5636140256812445
-      Virtual Size: '0xdc4'
-    .data:
-      Entropy: 2.9710357364934694
-      Virtual Size: '0xd68'
-    PAGE:
-      Entropy: 5.8055474754253495
-      Virtual Size: '0x266'
-    INIT:
-      Entropy: 5.325440401058366
-      Virtual Size: '0x538'
-    .rsrc:
-      Entropy: 3.3682712956797647
-      Virtual Size: '0x440'
-    .reloc:
-      Entropy: 5.910661392306955
-      Virtual Size: '0x3e0'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 3b49942ec6cef1898e97f741b2b5df8a
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: c5eb3885068942d541e5373728f92461
-    SHA1: 3ce1d1098eb5147ef224357eb9c40d1cdfd04ea8
-    SHA256: 01096e6d09cad1af557561f678e70434355a4d07a94ba97774957c16e87bab6a
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2017 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2017-03-12 05:47:24'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.1.0.0
-  Filename: ''
-  ImportedFunctions:
-  - NtBuildNumber
-  - IofCompleteRequest
-  - KeBugCheck
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsInitialSystemProcess
-  - ObfDereferenceObject
-  - PsLookupProcessByProcessId
-  - PsGetProcessImageFileName
-  - PsGetProcessId
-  - ZwClose
-  - ZwSetInformationProcess
-  - ZwDuplicateToken
-  - ObOpenObjectByPointer
-  - PsProcessType
-  - RtlInitUnicodeString
-  - PsReferencePrimaryToken
-  - IoGetCurrentProcess
-  - RtlCompareMemory
-  - ZwOpenProcessTokenEx
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - IoFreeMdl
-  - MmUnlockPages
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - memcpy
-  - KeServiceDescriptorTable
-  - IoEnumerateRegisteredFiltersList
-  - KeTickCount
-  - MmGetSystemRoutineAddress
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - memset
-  - PsDereferencePrimaryToken
-  - _vsnwprintf
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwind
-  - KeBugCheckEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltGetVolumeFromInstance
-  - FltObjectDereference
-  - FltEnumerateFilters
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: 44857ca402a15ab51dc5afe47abdfa44
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.1.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: c4873a245675b1071413f34af4d80050
-    SHA1: dd32c95fe9c3a8bcfa7623a732f2492214ff5881
-    SHA256: 2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
-  SHA1: c75e8fceed74a4024d38ca7002d42e1ecf982462
-  SHA256: 4bca0a401b364a5cc1581a184116c5bafa224e13782df13272bc1b748173d1be
-  Sections:
-    .text:
-      Entropy: 6.189266621409851
-      Virtual Size: '0x235e'
-    .rdata:
-      Entropy: 3.5648882661821992
-      Virtual Size: '0xdc4'
-    .data:
-      Entropy: 2.9710357364934694
-      Virtual Size: '0xd68'
-    PAGE:
-      Entropy: 5.8055474754253495
-      Virtual Size: '0x266'
-    INIT:
-      Entropy: 5.325440401058366
-      Virtual Size: '0x538'
-    .rsrc:
-      Entropy: 3.3682712956797647
-      Virtual Size: '0x440'
-    .reloc:
-      Entropy: 5.910661392306955
-      Virtual Size: '0x3e0'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 3b49942ec6cef1898e97f741b2b5df8a
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 9ee33a7eee222c3d253561ab621ed335
-    SHA1: 23f0282fa5e45febc717ea79e394d47a0328d4ee
-    SHA256: 234664ae69df63d55c1477f3adc33ffdb130fc939c55c16e73e3339a133bcfa3
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2016 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2016-10-24 18:25:21'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.1.0.0
-  Filename: ''
-  ImportedFunctions:
-  - KeBugCheck
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsProcessType
-  - PsGetProcessImageFileName
-  - PsLookupProcessByProcessId
-  - PsReferencePrimaryToken
-  - ZwOpenProcessTokenEx
-  - IoGetCurrentProcess
-  - ZwSetInformationProcess
-  - ZwClose
-  - ZwDuplicateToken
-  - PsInitialSystemProcess
-  - _vsnwprintf
-  - ObfDereferenceObject
-  - ObOpenObjectByPointer
-  - PsGetProcessId
-  - PsDereferencePrimaryToken
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IoFreeMdl
-  - MmProbeAndLockPages
-  - MmUnlockPages
-  - IoAllocateMdl
-  - ZwUnloadKey
-  - IoEnumerateRegisteredFiltersList
-  - KeBugCheckEx
-  - MmGetSystemRoutineAddress
-  - IoDeleteDevice
-  - RtlInitUnicodeString
-  - NtBuildNumber
-  - RtlCompareMemory
-  - IoDeleteSymbolicLink
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwindEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltEnumerateFilters
-  - FltObjectDereference
-  - FltGetVolumeFromInstance
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: 13a57a4ef721440c7c9208b51f7c05de
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.1.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: d45d2640e1584c776a1d10e5f695d7ad
-    SHA1: fef88c261764494d9a145b37b7739f3454786729
-    SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
-  SHA1: 6d09d826581baa1817be6fbd44426db9b05f1909
-  SHA256: 9dc7beb60a0a6e7238fc8589b6c2665331be1e807b4d2b3ddd1c258dbbd3e2f7
-  Sections:
-    .text:
-      Entropy: 6.14362601153889
-      Virtual Size: '0x318c'
-    .rdata:
-      Entropy: 3.8570303544347158
-      Virtual Size: '0x1300'
-    .data:
-      Entropy: 2.3976266531821224
-      Virtual Size: '0x1144'
-    .pdata:
-      Entropy: 4.043975650731326
-      Virtual Size: '0x1b0'
-    PAGE:
-      Entropy: 6.070426661582891
-      Virtual Size: '0x28b'
-    INIT:
-      Entropy: 5.119968261124173
-      Virtual Size: '0x5e6'
-    .rsrc:
-      Entropy: 3.370803361398665
-      Virtual Size: '0x440'
-    .reloc:
-      Entropy: 4.657997051970539
-      Virtual Size: '0x1b6'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 059c6bd84285f4960e767f032b33f19b
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: c5f0c9fee92943e29d4b2a8716381e20
-    SHA1: 2f1dc67f1c8b7335d6cfee17f3732527d732d7dd
-    SHA256: b9914ac1acbdc493d78c289bd185c301498c312602cabfcae8aa86cecb9fd14c
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2014 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2015-01-22 14:16:07'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.0.0.0
-  Filename: ''
-  ImportedFunctions:
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsProcessType
-  - PsGetProcessImageFileName
-  - PsLookupProcessByProcessId
-  - PsReferencePrimaryToken
-  - ZwOpenProcessTokenEx
-  - IoGetCurrentProcess
-  - ZwSetInformationProcess
-  - ZwClose
-  - ZwDuplicateToken
-  - PsInitialSystemProcess
-  - RtlCompareMemory
-  - ObfDereferenceObject
-  - IofCompleteRequest
-  - PsGetProcessId
-  - PsDereferencePrimaryToken
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IoFreeMdl
-  - MmProbeAndLockPages
-  - MmUnlockPages
-  - IoAllocateMdl
-  - ZwUnloadKey
-  - RtlInitUnicodeString
-  - MmGetSystemRoutineAddress
-  - PsSetCreateProcessNotifyRoutine
-  - IoEnumerateRegisteredFiltersList
-  - KeBugCheckEx
-  - KeBugCheck
-  - _vsnwprintf
-  - IoDeleteDevice
-  - NtBuildNumber
-  - ObOpenObjectByPointer
-  - IoDeleteSymbolicLink
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwindEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltEnumerateFilters
-  - FltObjectDereference
-  - FltGetVolumeFromInstance
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: 3359e1d4244a7d724949c63e89689ef8
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.0.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 94bfa9368ea43c71afa29bad9fc60535
-    SHA1: d8e5ebd3ca141f00753a138144cd1319d755858b
-    SHA256: 5c236619ead1fde5073ecb323d1c2701a7c522489118cee4ffb4ccf14efc355f
-  SHA1: 6972314b6d6b0109b9d0a951eb06041f531f589b
-  SHA256: 06ddf49ac8e06e6b83fccba1141c90ea01b65b7db592c54ffe8aa6d30a75c0b8
-  Sections:
-    .text:
-      Entropy: 6.14230397610419
-      Virtual Size: '0x344c'
-    .rdata:
-      Entropy: 3.9213930631604685
-      Virtual Size: '0x10dc'
-    .data:
-      Entropy: 2.4734656013956355
-      Virtual Size: '0xc9c'
-    .pdata:
-      Entropy: 4.05676968495297
-      Virtual Size: '0x1d4'
-    PAGE:
-      Entropy: 6.060112416967421
-      Virtual Size: '0x28b'
-    INIT:
-      Entropy: 5.107085003103007
-      Virtual Size: '0x610'
-    .rsrc:
-      Entropy: 3.341463935179513
-      Virtual Size: '0x440'
-    .reloc:
-      Entropy: 4.349002794600718
-      Virtual Size: '0x154'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: caa08a0ba5f679b1e5bbae747cb9d626
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 844d7fd5ec208cdb66f3cc238b32139f
-    SHA1: 0e7956ca48ab640cf72c4030f77c6e62bdf6eab4
-    SHA256: 3327d9e938d4ae29de110e219662ce04932935a7886e99feb508ffe77c9e00c2
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2020 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2020-08-04 17:23:09'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.2.0.0
-  Filename: ''
-  ImportedFunctions:
-  - NtBuildNumber
-  - IofCompleteRequest
-  - KeBugCheck
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsInitialSystemProcess
-  - ObfDereferenceObject
-  - PsLookupProcessByProcessId
-  - PsGetProcessImageFileName
-  - PsGetProcessId
-  - ZwClose
-  - ZwSetInformationProcess
-  - ZwDuplicateToken
-  - ObOpenObjectByPointer
-  - PsProcessType
-  - RtlInitUnicodeString
-  - PsReferencePrimaryToken
-  - IoGetCurrentProcess
-  - RtlCompareMemory
-  - ZwOpenProcessTokenEx
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - IoFreeMdl
-  - MmUnlockPages
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - memcpy
-  - KeServiceDescriptorTable
-  - IoEnumerateRegisteredFiltersList
-  - KeTickCount
-  - MmGetSystemRoutineAddress
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - memset
-  - PsDereferencePrimaryToken
-  - _vsnwprintf
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwind
-  - KeBugCheckEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltGetVolumeFromInstance
-  - FltObjectDereference
-  - FltEnumerateFilters
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: 1e0eb80347e723fa31fce2abb0301d44
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.2.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: c4873a245675b1071413f34af4d80050
-    SHA1: dd32c95fe9c3a8bcfa7623a732f2492214ff5881
-    SHA256: 2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
-  SHA1: 01cf1fe3937fb6585ffb468b116a3af8ddf9ef16
-  SHA256: 1a5c08d40a5e73b9fe63ea5761eaec8f41d916ca3da2acbc4e6e799b06af5524
-  Sections:
-    .text:
-      Entropy: 6.2064317372812985
-      Virtual Size: '0x2404'
-    .rdata:
-      Entropy: 3.545537533502987
-      Virtual Size: '0xff4'
-    .data:
-      Entropy: 2.813191841547333
-      Virtual Size: '0x14dc'
-    PAGE:
-      Entropy: 5.804360087879422
-      Virtual Size: '0x266'
-    INIT:
-      Entropy: 5.4281677070245955
-      Virtual Size: '0x538'
-    .rsrc:
-      Entropy: 3.3459452702797696
-      Virtual Size: '0x430'
-    .reloc:
-      Entropy: 6.0011548156682
-      Virtual Size: '0x4a0'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2026-04-13 10:00:00'
-      Signature: 1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 751e3ee9c5dc2f3e8f04e59dee5ed409
-      Version: 3
-      TBS:
-        MD5: a637f8f3c278575f41cda67c2063c050
-        SHA1: debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
-        SHA256: f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
-        SHA384: 8d32c5f71dc656c96a04609c17e9d8dc95c4f56d1a55165a265e244d34a3f7708e6c7d942376e4fbb3d2ac2f2609fd47
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 3b49942ec6cef1898e97f741b2b5df8a
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 486125bd8dbe6940040149ff7cde6796
-    SHA1: 47b3cbd97520c493ecaaf9cf93d08f31f3288b43
-    SHA256: 785723a3afe96876382524a9e90984f379c41521cd1f86a2172314ad58785e4f
-  Company: gentilkiwi (Benjamin DELPY)
-  Copyright: Copyright (c) 2007 - 2019 gentilkiwi (Benjamin DELPY)
-  CreationTimestamp: '2019-05-12 17:34:34'
-  Date: ''
-  Description: mimidrv for Windows (mimikatz)
-  ExportedFunctions: ''
-  FileVersion: 2.2.0.0
-  Filename: ''
-  ImportedFunctions:
-  - NtBuildNumber
-  - IofCompleteRequest
-  - KeBugCheck
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsInitialSystemProcess
-  - ObfDereferenceObject
-  - PsLookupProcessByProcessId
-  - PsGetProcessImageFileName
-  - PsGetProcessId
-  - ZwClose
-  - ZwSetInformationProcess
-  - ZwDuplicateToken
-  - ObOpenObjectByPointer
-  - PsProcessType
-  - RtlInitUnicodeString
-  - PsReferencePrimaryToken
-  - IoGetCurrentProcess
-  - RtlCompareMemory
-  - ZwOpenProcessTokenEx
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - IoFreeMdl
-  - MmUnlockPages
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - memcpy
-  - KeServiceDescriptorTable
-  - IoEnumerateRegisteredFiltersList
-  - KeTickCount
-  - MmGetSystemRoutineAddress
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - memset
-  - PsDereferencePrimaryToken
-  - _vsnwprintf
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwind
-  - KeBugCheckEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltGetVolumeFromInstance
-  - FltObjectDereference
-  - FltEnumerateFilters
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: mimidrv
-  MD5: 2c39f6172fbc967844cac12d7ab2fa55
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mimidrv.sys
-  PDBPath: ''
-  Product: mimidrv (mimikatz)
-  ProductVersion: 2.2.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: c4873a245675b1071413f34af4d80050
-    SHA1: dd32c95fe9c3a8bcfa7623a732f2492214ff5881
-    SHA256: 2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
-  SHA1: 3d27013557b5e68e7212a2f78dfe60c5a2a46327
-  SHA256: 41ad660820c41fc8b1860b13dc1fea8bc8cb2faceb36ed3e29d40d28079d2b1f
-  Sections:
-    .text:
-      Entropy: 6.2035733322045745
-      Virtual Size: '0x23f4'
-    .rdata:
-      Entropy: 3.5763739148983986
-      Virtual Size: '0xed4'
-    .data:
-      Entropy: 2.8516013173925066
-      Virtual Size: '0x1264'
-    PAGE:
-      Entropy: 5.795549160299263
-      Virtual Size: '0x266'
-    INIT:
-      Entropy: 5.429489696991249
-      Virtual Size: '0x538'
-    .rsrc:
-      Entropy: 3.3528875272530887
-      Virtual Size: '0x430'
-    .reloc:
-      Entropy: 5.93822728458253
-      Virtual Size: '0x464'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 3b49942ec6cef1898e97f741b2b5df8a
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 12c01d5a170fb10316ddfa8c9ad9ca9b
-    SHA1: 64ebdc45f21f854c1feb7e228e3c3ff4fcf3fcb9
-    SHA256: 577e381b5d36faf15cde84ed59c51e2dcb65d90140848111429e1c8cfb0553f5
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2017-06-18 10:46:24'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - KeBugCheck
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsProcessType
-  - PsGetProcessImageFileName
-  - PsLookupProcessByProcessId
-  - PsReferencePrimaryToken
-  - ZwOpenProcessTokenEx
-  - IoGetCurrentProcess
-  - ZwSetInformationProcess
-  - ZwClose
-  - ZwDuplicateToken
-  - PsInitialSystemProcess
-  - _vsnwprintf
-  - ObfDereferenceObject
-  - ObOpenObjectByPointer
-  - PsGetProcessId
-  - PsDereferencePrimaryToken
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IoFreeMdl
-  - MmProbeAndLockPages
-  - MmUnlockPages
-  - IoAllocateMdl
-  - ZwUnloadKey
-  - IoEnumerateRegisteredFiltersList
-  - KeBugCheckEx
-  - MmGetSystemRoutineAddress
-  - IoDeleteDevice
-  - RtlInitUnicodeString
-  - NtBuildNumber
-  - RtlCompareMemory
-  - IoDeleteSymbolicLink
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwindEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltEnumerateFilters
-  - FltObjectDereference
-  - FltGetVolumeFromInstance
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: ''
-  MD5: c159fb0f345a8771e56aab8e16927361
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: d45d2640e1584c776a1d10e5f695d7ad
-    SHA1: fef88c261764494d9a145b37b7739f3454786729
-    SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
-  SHA1: ac4ace1c21c5cb72c6edf6f2f0cc3513d7c942c3
-  SHA256: af7ca247bf229950fb48674b21712761ac650d33f13a4dca44f61c59f4c9ac46
-  Sections:
-    .text:
-      Entropy: 6.137944463935485
-      Virtual Size: '0x319c'
-    .rdata:
-      Entropy: 3.8459107985078496
-      Virtual Size: '0x1340'
-    .data:
-      Entropy: 2.3461427985512437
-      Virtual Size: '0x12e4'
-    .pdata:
-      Entropy: 4.010051195917961
-      Virtual Size: '0x1b0'
-    PAGE:
-      Entropy: 6.083244237405415
-      Virtual Size: '0x28b'
-    INIT:
-      Entropy: 5.119968261124173
-      Virtual Size: '0x5e6'
-    .rsrc:
-      Entropy: -0.0
-      Virtual Size: '0x10'
-    .reloc:
-      Entropy: 4.705915669612521
-      Virtual Size: '0x1d4'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 059c6bd84285f4960e767f032b33f19b
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 754edc1697f09e26fb3833d0381570d1
-    SHA1: b5464d2e71937e21f5658eaa0a3608ac57c29bc2
-    SHA256: c6f7acc48d15f334a757a416809eb596d291952cf730a281de4a4423e18dce76
-  Company: ''
-  Copyright: 'Copyright (c) 2007 - 2017 '
-  CreationTimestamp: '2017-12-19 16:17:57'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: 2.1.1.0
-  Filename: ''
-  ImportedFunctions:
-  - KeBugCheck
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - PsProcessType
-  - PsGetProcessImageFileName
-  - PsLookupProcessByProcessId
-  - PsReferencePrimaryToken
-  - ZwOpenProcessTokenEx
-  - IoGetCurrentProcess
-  - ZwSetInformationProcess
-  - ZwClose
-  - ZwDuplicateToken
-  - PsInitialSystemProcess
-  - _vsnwprintf
-  - ObfDereferenceObject
-  - ObOpenObjectByPointer
-  - PsGetProcessId
-  - PsDereferencePrimaryToken
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IoFreeMdl
-  - MmProbeAndLockPages
-  - MmUnlockPages
-  - IoAllocateMdl
-  - ZwUnloadKey
-  - IoEnumerateRegisteredFiltersList
-  - KeBugCheckEx
-  - MmGetSystemRoutineAddress
-  - IoDeleteDevice
-  - RtlInitUnicodeString
-  - NtBuildNumber
-  - RtlCompareMemory
-  - IoDeleteSymbolicLink
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - RtlUnwindEx
-  - FltGetFilterInformation
-  - FltEnumerateInstances
-  - FltEnumerateFilters
-  - FltObjectDereference
-  - FltGetVolumeFromInstance
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: ''
-  MD5: 6ececf26ff8b03ed7ffbddadec9a9dab
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: 2.1.1.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: d45d2640e1584c776a1d10e5f695d7ad
-    SHA1: fef88c261764494d9a145b37b7739f3454786729
-    SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
-  SHA1: 4e0f5576804dab14abb29a29edb9616a1dbe280a
-  SHA256: 773b4a1efb9932dd5116c93d06681990759343dfe13c0858d09245bc610d5894
-  Sections:
-    .text:
-      Entropy: 6.144037436753497
-      Virtual Size: '0x31dc'
-    .rdata:
-      Entropy: 3.7569448708202815
-      Virtual Size: '0x1390'
-    .data:
-      Entropy: 2.313119440407077
-      Virtual Size: '0x1494'
-    .pdata:
-      Entropy: 3.990039715462728
-      Virtual Size: '0x1b0'
-    PAGE:
-      Entropy: 6.084557222001841
-      Virtual Size: '0x28b'
-    INIT:
-      Entropy: 5.119968261124173
-      Virtual Size: '0x5e6'
-    .rsrc:
-      Entropy: 2.646358053130904
-      Virtual Size: '0x440'
-    .reloc:
-      Entropy: 4.8001308386334935
-      Virtual Size: '0x1f2'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=FR, CN=Benjamin Delpy
-      ValidFrom: '2011-06-28 09:46:16'
-      ValidTo: '2014-06-28 09:46:16'
-      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Version: 3
-      TBS:
-        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
-        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
-        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
-        SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 059c6bd84285f4960e767f032b33f19b
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: malicious
+Commands:
+    Command: sc.exe create mimidrv.sys binPath=C:\windows\temp\mimidrv.sys type=kernel
+        && sc.exe start mimidrv.sys
+    Description: Mimidrv is a signed Windows Driver Model WDM kernel mode software
+        driver meant to be used with the standard Mimikatz executable.
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://github.com/magicsword-io/LOLDrivers/issues/55#issuecomment-1537161951
 - https://github.com/hfiref0x/KDU
 - https://posts.specterops.io/mimidrv-in-depth-4d273d19e148
 - https://github.com/gentilkiwi/mimikatz
-Tags:
-- mimidrv.sys
-Verified: 'TRUE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/200f98655d1f46d2599c2c8605ebb7e335fee3883a32135ca1a81e09819bc64a.yara
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_mal_drivers_strict.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: hfiref0x
+    Person: hfiref0x
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 45fc2828291ee88335899461a2e7d8b7
+        SHA1: 0e732d18a7d880f0505433a0da0e100da0e1c3a3
+        SHA256: 77586c3968ec72ad19fa7098c9da27b0677e45220812eaab197075f4175e8cc6
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2019 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2019-08-13 17:31:42'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.2.0.0
+    Filename: mimidrv.sys
+    ImportedFunctions:
+    - KeBugCheck
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsProcessType
+    - PsGetProcessImageFileName
+    - PsLookupProcessByProcessId
+    - PsReferencePrimaryToken
+    - ZwOpenProcessTokenEx
+    - IoGetCurrentProcess
+    - ZwSetInformationProcess
+    - ZwClose
+    - ZwDuplicateToken
+    - PsInitialSystemProcess
+    - _vsnwprintf
+    - ObfDereferenceObject
+    - ObOpenObjectByPointer
+    - PsGetProcessId
+    - PsDereferencePrimaryToken
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - IoFreeMdl
+    - MmProbeAndLockPages
+    - MmUnlockPages
+    - IoAllocateMdl
+    - ZwUnloadKey
+    - IoEnumerateRegisteredFiltersList
+    - KeBugCheckEx
+    - MmGetSystemRoutineAddress
+    - IoDeleteDevice
+    - RtlInitUnicodeString
+    - NtBuildNumber
+    - RtlCompareMemory
+    - IoDeleteSymbolicLink
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwindEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltEnumerateFilters
+    - FltObjectDereference
+    - FltGetVolumeFromInstance
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: 29e03f4811b64969e48a99300978f58c
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.2.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: d45d2640e1584c776a1d10e5f695d7ad
+        SHA1: fef88c261764494d9a145b37b7739f3454786729
+        SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
+    SHA1: a8ddb7565b61bc021cd2543a137e00627f999dcc
+    SHA256: 200f98655d1f46d2599c2c8605ebb7e335fee3883a32135ca1a81e09819bc64a
+    Sections:
+        .text:
+            Entropy: 6.135433819899731
+            Virtual Size: '0x325c'
+        .rdata:
+            Entropy: 3.8369507353498324
+            Virtual Size: '0x1450'
+        .data:
+            Entropy: 2.2159905775744044
+            Virtual Size: '0x1934'
+        .pdata:
+            Entropy: 4.038755197475624
+            Virtual Size: '0x1b0'
+        PAGE:
+            Entropy: 6.068036657482388
+            Virtual Size: '0x28b'
+        INIT:
+            Entropy: 5.119968261124173
+            Virtual Size: '0x5e6'
+        .rsrc:
+            Entropy: 3.3547531988948798
+            Virtual Size: '0x430'
+        .reloc:
+            Entropy: 4.901711830072888
+            Virtual Size: '0x24c'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 059c6bd84285f4960e767f032b33f19b
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 9c7be6cc75cd27d1280f2a2b735546d1
+        SHA1: 9b733883aec5bd5c2bcc371c28f6c5176aca2eff
+        SHA256: 7e1d32e156037b09105c3640d06e5b34fbe0bb49c605697d13b5fc26776fae26
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2017 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2017-03-19 20:32:16'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.1.0.0
+    Filename: ''
+    ImportedFunctions:
+    - KeBugCheck
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsProcessType
+    - PsGetProcessImageFileName
+    - PsLookupProcessByProcessId
+    - PsReferencePrimaryToken
+    - ZwOpenProcessTokenEx
+    - IoGetCurrentProcess
+    - ZwSetInformationProcess
+    - ZwClose
+    - ZwDuplicateToken
+    - PsInitialSystemProcess
+    - _vsnwprintf
+    - ObfDereferenceObject
+    - ObOpenObjectByPointer
+    - PsGetProcessId
+    - PsDereferencePrimaryToken
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - IoFreeMdl
+    - MmProbeAndLockPages
+    - MmUnlockPages
+    - IoAllocateMdl
+    - ZwUnloadKey
+    - IoEnumerateRegisteredFiltersList
+    - KeBugCheckEx
+    - MmGetSystemRoutineAddress
+    - IoDeleteDevice
+    - RtlInitUnicodeString
+    - NtBuildNumber
+    - RtlCompareMemory
+    - IoDeleteSymbolicLink
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwindEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltEnumerateFilters
+    - FltObjectDereference
+    - FltGetVolumeFromInstance
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: 1d51029dfbd616bf121b40a0d1efeb10
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.1.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: d45d2640e1584c776a1d10e5f695d7ad
+        SHA1: fef88c261764494d9a145b37b7739f3454786729
+        SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
+    SHA1: d3f6c3ea2ef7124403c0fb6e7e3a0558729b5285
+    SHA256: b8c71e1844e987cd6f9c2baf28d9520d4ccdd8593ce7051bb1b3c9bf1d97076a
+    Sections:
+        .text:
+            Entropy: 6.14362601153889
+            Virtual Size: '0x318c'
+        .rdata:
+            Entropy: 3.8575877670101746
+            Virtual Size: '0x1300'
+        .data:
+            Entropy: 2.3976266531821224
+            Virtual Size: '0x1144'
+        .pdata:
+            Entropy: 4.043975650731326
+            Virtual Size: '0x1b0'
+        PAGE:
+            Entropy: 6.070426661582891
+            Virtual Size: '0x28b'
+        INIT:
+            Entropy: 5.119968261124173
+            Virtual Size: '0x5e6'
+        .rsrc:
+            Entropy: 3.370803361398665
+            Virtual Size: '0x440'
+        .reloc:
+            Entropy: 4.657997051970539
+            Virtual Size: '0x1b6'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 059c6bd84285f4960e767f032b33f19b
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 48b50265ab9ca2af10d7bee2d69c4630
+        SHA1: f773bcfc7eae8a1c1b90c775f1fb63c7a64031c3
+        SHA256: 9a84ad211fc549d0f118b3211cb11fd3ab2ced86de9cd20173d03e1a47834133
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2019 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2019-08-13 17:31:13'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.2.0.0
+    Filename: ''
+    ImportedFunctions:
+    - NtBuildNumber
+    - IofCompleteRequest
+    - KeBugCheck
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsInitialSystemProcess
+    - ObfDereferenceObject
+    - PsLookupProcessByProcessId
+    - PsGetProcessImageFileName
+    - PsGetProcessId
+    - ZwClose
+    - ZwSetInformationProcess
+    - ZwDuplicateToken
+    - ObOpenObjectByPointer
+    - PsProcessType
+    - RtlInitUnicodeString
+    - PsReferencePrimaryToken
+    - IoGetCurrentProcess
+    - RtlCompareMemory
+    - ZwOpenProcessTokenEx
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - IoFreeMdl
+    - MmUnlockPages
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - memcpy
+    - KeServiceDescriptorTable
+    - IoEnumerateRegisteredFiltersList
+    - KeTickCount
+    - MmGetSystemRoutineAddress
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - memset
+    - PsDereferencePrimaryToken
+    - _vsnwprintf
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwind
+    - KeBugCheckEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltGetVolumeFromInstance
+    - FltObjectDereference
+    - FltEnumerateFilters
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: ba54a0dbe2685e66e21d41b4529b3528
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.2.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: c4873a245675b1071413f34af4d80050
+        SHA1: dd32c95fe9c3a8bcfa7623a732f2492214ff5881
+        SHA256: 2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
+    SHA1: 87e20486e804bfff393cc9ad9659858e130402a2
+    SHA256: 9e56e96df36237e65b3d7dbc490afdc826215158f6278cd579c576c4b455b392
+    Sections:
+        .text:
+            Entropy: 6.2035733322045745
+            Virtual Size: '0x23f4'
+        .rdata:
+            Entropy: 3.5651633607251183
+            Virtual Size: '0xed4'
+        .data:
+            Entropy: 2.8516013173925066
+            Virtual Size: '0x1264'
+        PAGE:
+            Entropy: 5.795549160299263
+            Virtual Size: '0x266'
+        INIT:
+            Entropy: 5.429489696991249
+            Virtual Size: '0x538'
+        .rsrc:
+            Entropy: 3.3528875272530887
+            Virtual Size: '0x430'
+        .reloc:
+            Entropy: 5.93822728458253
+            Virtual Size: '0x464'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 3b49942ec6cef1898e97f741b2b5df8a
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: b092aa28bfe8b2d550e3e3a735e7fa24
+        SHA1: 13030898df096d9882211379e018da940c2c8ac0
+        SHA256: b8d3914b796832a576ed0c977db439c8a5d6df5d0608088c39c786ff81bc2f11
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2019 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2019-05-03 17:51:55'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.2.0.0
+    Filename: ''
+    ImportedFunctions:
+    - KeBugCheck
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsProcessType
+    - PsGetProcessImageFileName
+    - PsLookupProcessByProcessId
+    - PsReferencePrimaryToken
+    - ZwOpenProcessTokenEx
+    - IoGetCurrentProcess
+    - ZwSetInformationProcess
+    - ZwClose
+    - ZwDuplicateToken
+    - PsInitialSystemProcess
+    - _vsnwprintf
+    - ObfDereferenceObject
+    - ObOpenObjectByPointer
+    - PsGetProcessId
+    - PsDereferencePrimaryToken
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - IoFreeMdl
+    - MmProbeAndLockPages
+    - MmUnlockPages
+    - IoAllocateMdl
+    - ZwUnloadKey
+    - IoEnumerateRegisteredFiltersList
+    - KeBugCheckEx
+    - MmGetSystemRoutineAddress
+    - IoDeleteDevice
+    - RtlInitUnicodeString
+    - NtBuildNumber
+    - RtlCompareMemory
+    - IoDeleteSymbolicLink
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwindEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltEnumerateFilters
+    - FltObjectDereference
+    - FltGetVolumeFromInstance
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: 1325ec39e98225e487b40043faee8052
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.2.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: d45d2640e1584c776a1d10e5f695d7ad
+        SHA1: fef88c261764494d9a145b37b7739f3454786729
+        SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
+    SHA1: bf5515fcf120c2548355d607cfd57e9b3e0af6e9
+    SHA256: 26ef7b27d1afb685e0c136205a92d29b1091e3dcf6b7b39a4ec03fbbdb57cb55
+    Sections:
+        .text:
+            Entropy: 6.137402743772031
+            Virtual Size: '0x323c'
+        .rdata:
+            Entropy: 3.837223387948625
+            Virtual Size: '0x1460'
+        .data:
+            Entropy: 2.2583232763427667
+            Virtual Size: '0x17a4'
+        .pdata:
+            Entropy: 4.06852005250443
+            Virtual Size: '0x1b0'
+        PAGE:
+            Entropy: 6.079527011018308
+            Virtual Size: '0x28b'
+        INIT:
+            Entropy: 5.119968261124173
+            Virtual Size: '0x5e6'
+        .rsrc:
+            Entropy: 3.3547531988948798
+            Virtual Size: '0x430'
+        .reloc:
+            Entropy: 4.873734410850681
+            Virtual Size: '0x22e'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 059c6bd84285f4960e767f032b33f19b
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 50a2027559b8ba25b2b7d5700b608dab
+        SHA1: f4c5c47723286a51e8c830100c157963c57934ba
+        SHA256: 7b49579b74108e2418a6b401cd729e3fafe1c8ba1fe8434f73c8d0f1758b08d3
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2016 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2016-09-21 18:30:06'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.1.0.0
+    Filename: ''
+    ImportedFunctions:
+    - NtBuildNumber
+    - IofCompleteRequest
+    - KeBugCheck
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsInitialSystemProcess
+    - ObfDereferenceObject
+    - PsLookupProcessByProcessId
+    - PsGetProcessImageFileName
+    - PsGetProcessId
+    - ZwClose
+    - ZwSetInformationProcess
+    - ZwDuplicateToken
+    - ObOpenObjectByPointer
+    - PsProcessType
+    - RtlInitUnicodeString
+    - PsReferencePrimaryToken
+    - IoGetCurrentProcess
+    - RtlCompareMemory
+    - ZwOpenProcessTokenEx
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - IoFreeMdl
+    - MmUnlockPages
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - memcpy
+    - KeServiceDescriptorTable
+    - IoEnumerateRegisteredFiltersList
+    - KeTickCount
+    - MmGetSystemRoutineAddress
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - memset
+    - PsDereferencePrimaryToken
+    - _vsnwprintf
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwind
+    - KeBugCheckEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltGetVolumeFromInstance
+    - FltObjectDereference
+    - FltEnumerateFilters
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: c5ae6ca044bd03c3506c132b033be1dc
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.1.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: c4873a245675b1071413f34af4d80050
+        SHA1: dd32c95fe9c3a8bcfa7623a732f2492214ff5881
+        SHA256: 2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
+    SHA1: 928b5971a0f7525209d599e2ef15c31717047022
+    SHA256: af4f42197f5ce2d11993434725c81ecb6f54025110dedf56be8ffc0e775d9895
+    Sections:
+        .text:
+            Entropy: 6.192606376629303
+            Virtual Size: '0x235e'
+        .rdata:
+            Entropy: 3.5633717258613586
+            Virtual Size: '0xd74'
+        .data:
+            Entropy: 3.090718615812188
+            Virtual Size: '0xc38'
+        PAGE:
+            Entropy: 5.808211110642614
+            Virtual Size: '0x266'
+        INIT:
+            Entropy: 5.323943395070341
+            Virtual Size: '0x538'
+        .rsrc:
+            Entropy: 3.3682712956797647
+            Virtual Size: '0x440'
+        .reloc:
+            Entropy: 5.885744788394298
+            Virtual Size: '0x3c2'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 3b49942ec6cef1898e97f741b2b5df8a
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 8f1bac183519a07d73a86a3a747a8a9b
+        SHA1: 8410c9e980425a89793fbe2612d3716184af2cb7
+        SHA256: 71c0c98aa54dc88af8b094ceef88352052d592e0f40892825dedbf1abba16635
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2013 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2013-11-24 13:23:00'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.0.0.0
+    Filename: ''
+    ImportedFunctions:
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsProcessType
+    - PsGetProcessImageFileName
+    - PsLookupProcessByProcessId
+    - PsReferencePrimaryToken
+    - ZwOpenProcessTokenEx
+    - IoGetCurrentProcess
+    - ZwSetInformationProcess
+    - ZwClose
+    - ZwDuplicateToken
+    - PsInitialSystemProcess
+    - IofCompleteRequest
+    - ObfDereferenceObject
+    - ObOpenObjectByPointer
+    - PsGetProcessId
+    - PsDereferencePrimaryToken
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - ZwUnloadKey
+    - RtlInitUnicodeString
+    - MmGetSystemRoutineAddress
+    - IoEnumerateRegisteredFiltersList
+    - KeBugCheckEx
+    - KeBugCheck
+    - _vsnwprintf
+    - IoDeleteDevice
+    - NtBuildNumber
+    - RtlCompareMemory
+    - IoDeleteSymbolicLink
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwindEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltEnumerateFilters
+    - FltObjectDereference
+    - FltGetVolumeFromInstance
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: 24d3ea54f25e32832ac20335a1ce1062
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.0.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 63c6b4112622c2a9182cdd1d0d5235d7
+        SHA1: 3e48025a171d18c5839ab1e58b64dbc6483417d0
+        SHA256: ed34aa4b85d59a228c388a98cfa6395194fde9f005fc0bb1aa2ec852377d82f6
+    SHA1: 2a202830db58d5e942e4f6609228b14095ed2cab
+    SHA256: a906251667a103a484a6888dca3e9c8c81f513b8f037b98dfc11440802b0d640
+    Sections:
+        .text:
+            Entropy: 6.137460289143971
+            Virtual Size: '0x2e3c'
+        .rdata:
+            Entropy: 3.86471646671909
+            Virtual Size: '0xfcc'
+        .data:
+            Entropy: 2.468702019455969
+            Virtual Size: '0xc74'
+        .pdata:
+            Entropy: 4.023788139050789
+            Virtual Size: '0x1a4'
+        PAGE:
+            Entropy: 6.038047089814424
+            Virtual Size: '0x28b'
+        INIT:
+            Entropy: 5.100099905349228
+            Virtual Size: '0x584'
+        .rsrc:
+            Entropy: 3.3560762976789764
+            Virtual Size: '0x440'
+        .reloc:
+            Entropy: 4.490003473368671
+            Virtual Size: '0x13e'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Timestamping CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2028-01-28 12:00:00'
+            Signature: 4e5e56901e46b4d94931f3bb1739281bc216ddfd41dc0905049b6fb2a29ad6992e40990055b5ea3fa52076d38634d417cc553ac782eeefa8babcd8069f1550dfcd167b523a02d7191afdaff0785ce04bc518df3a241edaacb8a95804020730dbb0125efe31bef00448f4f070f83a5e5683cf3dfb0dbcf4c5ed979db9d4dba52784e3389b8ba735864420a43b6da46a0ba183fd28ebdaef28f6cc885dfb0a3b00abe021ebe22f356c0f8e344597eba2f79933357ecb9a8abb454de73f9fc2d98afa65b26ec77e65ffe892e12c31a2f7b02736488f266f3bee4d761f79c3e57f9635bc2d0ecc01b08e7fff518080a792d4b34446648c874f166307314b63b0dff3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee152d7
+            Version: 3
+            TBS:
+                MD5: e140543fe3256027cfa79fc3c19c1776
+                SHA1: c655f94eb1ecc93de319fc0c9a2dc6c5ec063728
+                SHA256: 3ca71e85908ff67368e4dc00253f5691b9e6d50c966e7784143d75fb92aa3448
+                SHA384: d9d366f9328f2b55ee19a32cc5fd5148b81d764282fe5dc196c872ae249caa51d2c212ef39f33945dfe0cda81925e326
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=SG, O=GMO GlobalSign Pte Ltd, CN=GlobalSign TSA for MS Authenticode
+                , G1
+            ValidFrom: '2013-08-23 00:00:00'
+            ValidTo: '2024-09-23 00:00:00'
+            Signature: 0231142e5857644185e8af12753c881cc35eec2ce9a13cf5baaa531db9d12963dc436786d439dadec6c9ffbe4585f4a4d7c151ea18ee40585ee67bcca241291338c8ea21169cce90a62efba6cad994df401df902182bbef65d4f9fff9a48dbc50509ca80cea0f9dc4bc323e6038fb4b4af5b71296191181a6b7af2fd0dd1cd7d5e98ebba705ee5f4ea43de353dc514818adb3e105ebb72faa1a093ab031cc1653c91138b045d2bc4b9161bcc55c50ce8abe743c9b28328a5531347ab3964b91cea3430b176009521f1d43da8fda00032d76e983ca69c3b0b83becbb8bb2a268c59b8b9aeaf26ace234a2dc210d810b3813f745a3e3dbc4aca16d1bb7e5615cd7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1121405c1f0ed258882be54d8686ba11ea45
+            Version: 3
+            TBS:
+                MD5: b95cbc184d388718612d5933f7b36770
+                SHA1: ff124c5d160710720108616ffee99bbe090ed363
+                SHA256: 13027620255363f07bbf85ae7d0dc06c07d8b0f4368b12f983ee3f4fce605733
+                SHA384: f42ed00f615f2822dcd3d33794477428afb52ddab932ebcde3586f92a27e18f9faba6b3334ca4e59e0cb24bdbf8395a6
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: a6c4a7369500900fc172f9557cff22cf
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 83781f2cad5e578a633bd6869b7ea8b3
+        SHA1: 611e32fcb95d91770078b4cc630a00396cb013bb
+        SHA256: e0fa3fa9488583353b39f12f857911b7115ecd82b70f6fb7be70633d72147649
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2019 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2019-04-08 16:54:18'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.2.0.0
+    Filename: ''
+    ImportedFunctions:
+    - KeBugCheck
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsProcessType
+    - PsGetProcessImageFileName
+    - PsLookupProcessByProcessId
+    - PsReferencePrimaryToken
+    - ZwOpenProcessTokenEx
+    - IoGetCurrentProcess
+    - ZwSetInformationProcess
+    - ZwClose
+    - ZwDuplicateToken
+    - PsInitialSystemProcess
+    - _vsnwprintf
+    - ObfDereferenceObject
+    - ObOpenObjectByPointer
+    - PsGetProcessId
+    - PsDereferencePrimaryToken
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - IoFreeMdl
+    - MmProbeAndLockPages
+    - MmUnlockPages
+    - IoAllocateMdl
+    - ZwUnloadKey
+    - IoEnumerateRegisteredFiltersList
+    - KeBugCheckEx
+    - MmGetSystemRoutineAddress
+    - IoDeleteDevice
+    - RtlInitUnicodeString
+    - NtBuildNumber
+    - RtlCompareMemory
+    - IoDeleteSymbolicLink
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwindEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltEnumerateFilters
+    - FltObjectDereference
+    - FltGetVolumeFromInstance
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: c7b7f1edb9bbef174e6506885561d85d
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.2.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: d45d2640e1584c776a1d10e5f695d7ad
+        SHA1: fef88c261764494d9a145b37b7739f3454786729
+        SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
+    SHA1: c3aafe8f67c6738489377031cb5a1197e99b202d
+    SHA256: 4bd4715d2a7af627da11513e32fab925c872babebdb7ff5675a75815fbf95021
+    Sections:
+        .text:
+            Entropy: 6.137402743772031
+            Virtual Size: '0x323c'
+        .rdata:
+            Entropy: 3.836900594790529
+            Virtual Size: '0x1460'
+        .data:
+            Entropy: 2.2583232763427667
+            Virtual Size: '0x17a4'
+        .pdata:
+            Entropy: 4.06852005250443
+            Virtual Size: '0x1b0'
+        PAGE:
+            Entropy: 6.079527011018308
+            Virtual Size: '0x28b'
+        INIT:
+            Entropy: 5.119968261124173
+            Virtual Size: '0x5e6'
+        .rsrc:
+            Entropy: 3.3547531988948798
+            Virtual Size: '0x430'
+        .reloc:
+            Entropy: 4.873734410850681
+            Virtual Size: '0x22e'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 059c6bd84285f4960e767f032b33f19b
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 2d3446ae7ea69e3c1048b51089c71d8f
+        SHA1: 4a57ed5011ec329c5756a58946ce5280677f22be
+        SHA256: ebc3a28af05f5b0b456f6ea59ad613109bbb1e2a888d7e3808e331335a77f087
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2017 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2018-12-09 15:56:22'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.1.1.0
+    Filename: ''
+    ImportedFunctions:
+    - NtBuildNumber
+    - IofCompleteRequest
+    - KeBugCheck
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsInitialSystemProcess
+    - ObfDereferenceObject
+    - PsLookupProcessByProcessId
+    - PsGetProcessImageFileName
+    - PsGetProcessId
+    - ZwClose
+    - ZwSetInformationProcess
+    - ZwDuplicateToken
+    - ObOpenObjectByPointer
+    - PsProcessType
+    - RtlInitUnicodeString
+    - PsReferencePrimaryToken
+    - IoGetCurrentProcess
+    - RtlCompareMemory
+    - ZwOpenProcessTokenEx
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - IoFreeMdl
+    - MmUnlockPages
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - memcpy
+    - KeServiceDescriptorTable
+    - IoEnumerateRegisteredFiltersList
+    - KeTickCount
+    - MmGetSystemRoutineAddress
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - memset
+    - PsDereferencePrimaryToken
+    - _vsnwprintf
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwind
+    - KeBugCheckEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltGetVolumeFromInstance
+    - FltObjectDereference
+    - FltEnumerateFilters
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: 4cf14a96485a1270fed97bb8000e4f86
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.1.1.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: c4873a245675b1071413f34af4d80050
+        SHA1: dd32c95fe9c3a8bcfa7623a732f2492214ff5881
+        SHA256: 2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
+    SHA1: 8aa0e832e5ca2eb79dafabadbe9948a191008383
+    SHA256: 60ee78a2b070c830fabb54c6bde0d095dff8fad7f72aa719758b3c41c72c2aa9
+    Sections:
+        .text:
+            Entropy: 6.202381134757234
+            Virtual Size: '0x23be'
+        .rdata:
+            Entropy: 3.574396559576929
+            Virtual Size: '0xeb4'
+        .data:
+            Entropy: 2.918973466238896
+            Virtual Size: '0x112c'
+        PAGE:
+            Entropy: 5.809009522687684
+            Virtual Size: '0x266'
+        INIT:
+            Entropy: 5.438798437403421
+            Virtual Size: '0x538'
+        .rsrc:
+            Entropy: 3.3595554913841745
+            Virtual Size: '0x438'
+        .reloc:
+            Entropy: 5.942057100341831
+            Virtual Size: '0x446'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 3b49942ec6cef1898e97f741b2b5df8a
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 81d5b7724b6a1c5be4978397c8f963b1
+        SHA1: 77179256fcde70ccb24b5a5017f9299543d4f364
+        SHA256: fc26cebb27c76c6e3d22da679cff81477cab4fcabfb6f5a8a27f596ab51713ae
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2020 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2020-02-08 04:26:40'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.2.0.0
+    Filename: ''
+    ImportedFunctions:
+    - KeBugCheck
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsProcessType
+    - PsGetProcessImageFileName
+    - PsLookupProcessByProcessId
+    - PsReferencePrimaryToken
+    - ZwOpenProcessTokenEx
+    - IoGetCurrentProcess
+    - ZwSetInformationProcess
+    - ZwClose
+    - ZwDuplicateToken
+    - PsInitialSystemProcess
+    - _vsnwprintf
+    - ObfDereferenceObject
+    - ObOpenObjectByPointer
+    - PsGetProcessId
+    - PsDereferencePrimaryToken
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - IoFreeMdl
+    - MmProbeAndLockPages
+    - MmUnlockPages
+    - IoAllocateMdl
+    - ZwUnloadKey
+    - IoEnumerateRegisteredFiltersList
+    - KeBugCheckEx
+    - MmGetSystemRoutineAddress
+    - IoDeleteDevice
+    - RtlInitUnicodeString
+    - NtBuildNumber
+    - RtlCompareMemory
+    - IoDeleteSymbolicLink
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwindEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltEnumerateFilters
+    - FltObjectDereference
+    - FltGetVolumeFromInstance
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: eb57f03b7603f0b235af62e8cd5be8c2
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.2.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: d45d2640e1584c776a1d10e5f695d7ad
+        SHA1: fef88c261764494d9a145b37b7739f3454786729
+        SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
+    SHA1: b5696e2183d9387776820ef3afa388200f08f5a6
+    SHA256: bc49cb96f3136c3e552bf29f808883abb9e651040415484c1736261b52756908
+    Sections:
+        .text:
+            Entropy: 6.135433819899731
+            Virtual Size: '0x325c'
+        .rdata:
+            Entropy: 3.835200100045632
+            Virtual Size: '0x1450'
+        .data:
+            Entropy: 2.2159905775744044
+            Virtual Size: '0x1934'
+        .pdata:
+            Entropy: 4.038755197475624
+            Virtual Size: '0x1b0'
+        PAGE:
+            Entropy: 6.068036657482388
+            Virtual Size: '0x28b'
+        INIT:
+            Entropy: 5.119968261124173
+            Virtual Size: '0x5e6'
+        .rsrc:
+            Entropy: 3.3478109419215607
+            Virtual Size: '0x430'
+        .reloc:
+            Entropy: 4.901711830072888
+            Virtual Size: '0x24c'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2026-04-13 10:00:00'
+            Signature: 1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 751e3ee9c5dc2f3e8f04e59dee5ed409
+            Version: 3
+            TBS:
+                MD5: a637f8f3c278575f41cda67c2063c050
+                SHA1: debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
+                SHA256: f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
+                SHA384: 8d32c5f71dc656c96a04609c17e9d8dc95c4f56d1a55165a265e244d34a3f7708e6c7d942376e4fbb3d2ac2f2609fd47
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 059c6bd84285f4960e767f032b33f19b
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: e5bce10af730d5869942ecd31c7f157f
+        SHA1: a1f710378ed3f8763641137b839f7570200c019d
+        SHA256: 7af0efdd72c68fdd105bb73be148ab7bf78a157cb1b241a85362a5bc5da91bd8
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2020 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2020-05-02 08:23:21'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.2.0.0
+    Filename: ''
+    ImportedFunctions:
+    - NtBuildNumber
+    - IofCompleteRequest
+    - KeBugCheck
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsInitialSystemProcess
+    - ObfDereferenceObject
+    - PsLookupProcessByProcessId
+    - PsGetProcessImageFileName
+    - PsGetProcessId
+    - ZwClose
+    - ZwSetInformationProcess
+    - ZwDuplicateToken
+    - ObOpenObjectByPointer
+    - PsProcessType
+    - RtlInitUnicodeString
+    - PsReferencePrimaryToken
+    - IoGetCurrentProcess
+    - RtlCompareMemory
+    - ZwOpenProcessTokenEx
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - IoFreeMdl
+    - MmUnlockPages
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - memcpy
+    - KeServiceDescriptorTable
+    - IoEnumerateRegisteredFiltersList
+    - KeTickCount
+    - MmGetSystemRoutineAddress
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - memset
+    - PsDereferencePrimaryToken
+    - _vsnwprintf
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwind
+    - KeBugCheckEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltGetVolumeFromInstance
+    - FltObjectDereference
+    - FltEnumerateFilters
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: 70a71fe86df717ac59dbf856d7ac5789
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.2.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: c4873a245675b1071413f34af4d80050
+        SHA1: dd32c95fe9c3a8bcfa7623a732f2492214ff5881
+        SHA256: 2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
+    SHA1: fe54a1acc5438883e5c1bba87b78bb7322e2c739
+    SHA256: f03f0fb3a26bb83e8f8fa426744cf06f2e6e29f5220663b1d64265952b8de1a1
+    Sections:
+        .text:
+            Entropy: 6.2035733322045745
+            Virtual Size: '0x23f4'
+        .rdata:
+            Entropy: 3.5722858334708065
+            Virtual Size: '0xed4'
+        .data:
+            Entropy: 2.8516013173925066
+            Virtual Size: '0x1264'
+        PAGE:
+            Entropy: 5.795549160299263
+            Virtual Size: '0x266'
+        INIT:
+            Entropy: 5.429489696991249
+            Virtual Size: '0x538'
+        .rsrc:
+            Entropy: 3.3459452702797696
+            Virtual Size: '0x430'
+        .reloc:
+            Entropy: 5.93822728458253
+            Virtual Size: '0x464'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2026-04-13 10:00:00'
+            Signature: 1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 751e3ee9c5dc2f3e8f04e59dee5ed409
+            Version: 3
+            TBS:
+                MD5: a637f8f3c278575f41cda67c2063c050
+                SHA1: debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
+                SHA256: f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
+                SHA384: 8d32c5f71dc656c96a04609c17e9d8dc95c4f56d1a55165a265e244d34a3f7708e6c7d942376e4fbb3d2ac2f2609fd47
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 3b49942ec6cef1898e97f741b2b5df8a
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 014d3ae3aca830bd77782f26492d1083
+        SHA1: 23ce72f43542a945b95acd9ac4a27dbbf7f59196
+        SHA256: 6416ea9d2a15899dbf4a98b70bdedb4cc6eaf748c14c554b26ae2fe57ef8aa2a
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2016 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2016-08-21 16:57:31'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.1.0.0
+    Filename: ''
+    ImportedFunctions:
+    - NtBuildNumber
+    - IofCompleteRequest
+    - KeBugCheck
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsInitialSystemProcess
+    - ObfDereferenceObject
+    - PsLookupProcessByProcessId
+    - PsGetProcessImageFileName
+    - PsGetProcessId
+    - ZwClose
+    - ZwSetInformationProcess
+    - ZwDuplicateToken
+    - ObOpenObjectByPointer
+    - PsProcessType
+    - RtlInitUnicodeString
+    - PsReferencePrimaryToken
+    - IoGetCurrentProcess
+    - RtlCompareMemory
+    - ZwOpenProcessTokenEx
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - IoFreeMdl
+    - MmUnlockPages
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - memcpy
+    - KeServiceDescriptorTable
+    - IoEnumerateRegisteredFiltersList
+    - KeTickCount
+    - MmGetSystemRoutineAddress
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - memset
+    - PsDereferencePrimaryToken
+    - _vsnwprintf
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwind
+    - KeBugCheckEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltGetVolumeFromInstance
+    - FltObjectDereference
+    - FltEnumerateFilters
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: 4198d3db44d7c4b3ba9072d258a4fc2d
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.1.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: c4873a245675b1071413f34af4d80050
+        SHA1: dd32c95fe9c3a8bcfa7623a732f2492214ff5881
+        SHA256: 2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
+    SHA1: e42bd2f585c00a1d6557df405246081f89542d15
+    SHA256: bcb774b6f6ff504d2db58096601bc5cb419c169bfbeaa3af852417e87d9b2aa0
+    Sections:
+        .text:
+            Entropy: 6.192606376629303
+            Virtual Size: '0x235e'
+        .rdata:
+            Entropy: 3.5621344367460375
+            Virtual Size: '0xd74'
+        .data:
+            Entropy: 3.090718615812188
+            Virtual Size: '0xc38'
+        PAGE:
+            Entropy: 5.808211110642614
+            Virtual Size: '0x266'
+        INIT:
+            Entropy: 5.323943395070341
+            Virtual Size: '0x538'
+        .rsrc:
+            Entropy: 3.3682712956797647
+            Virtual Size: '0x440'
+        .reloc:
+            Entropy: 5.885744788394298
+            Virtual Size: '0x3c2'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 3b49942ec6cef1898e97f741b2b5df8a
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 7d7c88f9aa5cddebfdf05583095e292a
+        SHA1: 63ec2554b377adb9a2c610f4f98afdbb9512e802
+        SHA256: 0820ae4ffc5258b49787423bd392cd29a6a77777b955dd210a41238b02f05c3e
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2017 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2018-08-16 16:45:45'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.1.1.0
+    Filename: ''
+    ImportedFunctions:
+    - NtBuildNumber
+    - IofCompleteRequest
+    - KeBugCheck
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsInitialSystemProcess
+    - ObfDereferenceObject
+    - PsLookupProcessByProcessId
+    - PsGetProcessImageFileName
+    - PsGetProcessId
+    - ZwClose
+    - ZwSetInformationProcess
+    - ZwDuplicateToken
+    - ObOpenObjectByPointer
+    - PsProcessType
+    - RtlInitUnicodeString
+    - PsReferencePrimaryToken
+    - IoGetCurrentProcess
+    - RtlCompareMemory
+    - ZwOpenProcessTokenEx
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - IoFreeMdl
+    - MmUnlockPages
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - memcpy
+    - KeServiceDescriptorTable
+    - IoEnumerateRegisteredFiltersList
+    - KeTickCount
+    - MmGetSystemRoutineAddress
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - memset
+    - PsDereferencePrimaryToken
+    - _vsnwprintf
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwind
+    - KeBugCheckEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltGetVolumeFromInstance
+    - FltObjectDereference
+    - FltEnumerateFilters
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: bdb305aa0806f8b38b7ce43c927fe919
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.1.1.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: c4873a245675b1071413f34af4d80050
+        SHA1: dd32c95fe9c3a8bcfa7623a732f2492214ff5881
+        SHA256: 2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
+    SHA1: 844d7bcd1a928d340255ff42971cca6244a459bf
+    SHA256: a85d3fd59bb492a290552e5124bfe3f9e26a3086d69d42ccc44737b5a66673ec
+    Sections:
+        .text:
+            Entropy: 6.202827671645787
+            Virtual Size: '0x23ae'
+        .rdata:
+            Entropy: 3.5425289037801475
+            Virtual Size: '0xe24'
+        .data:
+            Entropy: 2.9048205574982506
+            Virtual Size: '0xff4'
+        PAGE:
+            Entropy: 5.788042895055868
+            Virtual Size: '0x266'
+        INIT:
+            Entropy: 5.325440401058365
+            Virtual Size: '0x538'
+        .rsrc:
+            Entropy: 3.3588565214747637
+            Virtual Size: '0x438'
+        .reloc:
+            Entropy: 5.981826468919802
+            Virtual Size: '0x41e'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 3b49942ec6cef1898e97f741b2b5df8a
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 8051f1d130479b666ce25171f0368aa9
+        SHA1: acbcc2ee1f5150c4ff2918b7b8a38fff3df8328f
+        SHA256: 0cde416accd63c33ac9f4fd7bb6426c8bc3e6a18a335e9bbfea7cc767c30d3b6
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2014 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2014-01-11 07:24:30'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.0.0.0
+    Filename: ''
+    ImportedFunctions:
+    - KeBugCheck
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsInitialSystemProcess
+    - ObfDereferenceObject
+    - PsLookupProcessByProcessId
+    - PsGetProcessImageFileName
+    - PsGetProcessId
+    - ZwClose
+    - ZwSetInformationProcess
+    - ZwDuplicateToken
+    - ObOpenObjectByPointer
+    - IofCompleteRequest
+    - PsDereferencePrimaryToken
+    - PsReferencePrimaryToken
+    - IoGetCurrentProcess
+    - RtlCompareMemory
+    - ZwOpenProcessTokenEx
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - KeServiceDescriptorTable
+    - MmGetSystemRoutineAddress
+    - RtlInitUnicodeString
+    - IoEnumerateRegisteredFiltersList
+    - KeTickCount
+    - NtBuildNumber
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - memset
+    - PsProcessType
+    - _vsnwprintf
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwind
+    - KeBugCheckEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltGetVolumeFromInstance
+    - FltObjectDereference
+    - FltEnumerateFilters
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: e172a38ade3aa0a2bc1bf9604a54a3b5
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.0.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 9ef7d3e0d40381093233ad6158457c82
+        SHA1: de9692ae52b47eb6c3384d87c48ae5b8abec3472
+        SHA256: 38e33f9063e4b5374496e628a2d0cc0858d3b9ce65fd320d40928b79a0fef5e9
+    SHA1: c5bd9f2b3a51ba0da08d7c84bab1f2d03a95e405
+    SHA256: 94ba4bcbdb55d6faf9f33642d0072109510f5c57e8c963d1a3eb4f9111f30112
+    Sections:
+        .text:
+            Entropy: 6.20225407757641
+            Virtual Size: '0x1fe8'
+        .rdata:
+            Entropy: 3.526603515289412
+            Virtual Size: '0xbe4'
+        .data:
+            Entropy: 3.0756426415570397
+            Virtual Size: '0x984'
+        PAGE:
+            Entropy: 5.811183490770206
+            Virtual Size: '0x266'
+        INIT:
+            Entropy: 5.304412008980706
+            Virtual Size: '0x4d8'
+        .rsrc:
+            Entropy: 3.3510121662411767
+            Virtual Size: '0x440'
+        .reloc:
+            Entropy: 5.789908545604789
+            Virtual Size: '0x34a'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Timestamping CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2028-01-28 12:00:00'
+            Signature: 4e5e56901e46b4d94931f3bb1739281bc216ddfd41dc0905049b6fb2a29ad6992e40990055b5ea3fa52076d38634d417cc553ac782eeefa8babcd8069f1550dfcd167b523a02d7191afdaff0785ce04bc518df3a241edaacb8a95804020730dbb0125efe31bef00448f4f070f83a5e5683cf3dfb0dbcf4c5ed979db9d4dba52784e3389b8ba735864420a43b6da46a0ba183fd28ebdaef28f6cc885dfb0a3b00abe021ebe22f356c0f8e344597eba2f79933357ecb9a8abb454de73f9fc2d98afa65b26ec77e65ffe892e12c31a2f7b02736488f266f3bee4d761f79c3e57f9635bc2d0ecc01b08e7fff518080a792d4b34446648c874f166307314b63b0dff3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee152d7
+            Version: 3
+            TBS:
+                MD5: e140543fe3256027cfa79fc3c19c1776
+                SHA1: c655f94eb1ecc93de319fc0c9a2dc6c5ec063728
+                SHA256: 3ca71e85908ff67368e4dc00253f5691b9e6d50c966e7784143d75fb92aa3448
+                SHA384: d9d366f9328f2b55ee19a32cc5fd5148b81d764282fe5dc196c872ae249caa51d2c212ef39f33945dfe0cda81925e326
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=SG, O=GMO GlobalSign Pte Ltd, CN=GlobalSign TSA for MS Authenticode
+                , G1
+            ValidFrom: '2013-08-23 00:00:00'
+            ValidTo: '2024-09-23 00:00:00'
+            Signature: 0231142e5857644185e8af12753c881cc35eec2ce9a13cf5baaa531db9d12963dc436786d439dadec6c9ffbe4585f4a4d7c151ea18ee40585ee67bcca241291338c8ea21169cce90a62efba6cad994df401df902182bbef65d4f9fff9a48dbc50509ca80cea0f9dc4bc323e6038fb4b4af5b71296191181a6b7af2fd0dd1cd7d5e98ebba705ee5f4ea43de353dc514818adb3e105ebb72faa1a093ab031cc1653c91138b045d2bc4b9161bcc55c50ce8abe743c9b28328a5531347ab3964b91cea3430b176009521f1d43da8fda00032d76e983ca69c3b0b83becbb8bb2a268c59b8b9aeaf26ace234a2dc210d810b3813f745a3e3dbc4aca16d1bb7e5615cd7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1121405c1f0ed258882be54d8686ba11ea45
+            Version: 3
+            TBS:
+                MD5: b95cbc184d388718612d5933f7b36770
+                SHA1: ff124c5d160710720108616ffee99bbe090ed363
+                SHA256: 13027620255363f07bbf85ae7d0dc06c07d8b0f4368b12f983ee3f4fce605733
+                SHA384: f42ed00f615f2822dcd3d33794477428afb52ddab932ebcde3586f92a27e18f9faba6b3334ca4e59e0cb24bdbf8395a6
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 87fd2b54ed568e2294300e164b8c46f7
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: c25bd15b32ec15b42f3873f7af977d4a
+        SHA1: a49347cfcc27732b692e31052aaf07c0849748fa
+        SHA256: e37671575137d4e726efe2cfb730455bfcc5c08d553330dc68840ce8f7c63280
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2016 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2016-05-24 16:19:13'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.1.0.0
+    Filename: ''
+    ImportedFunctions:
+    - KeBugCheck
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsProcessType
+    - PsGetProcessImageFileName
+    - PsLookupProcessByProcessId
+    - PsReferencePrimaryToken
+    - ZwOpenProcessTokenEx
+    - IoGetCurrentProcess
+    - ZwSetInformationProcess
+    - ZwClose
+    - ZwDuplicateToken
+    - PsInitialSystemProcess
+    - _vsnwprintf
+    - ObfDereferenceObject
+    - ObOpenObjectByPointer
+    - PsGetProcessId
+    - PsDereferencePrimaryToken
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - IoFreeMdl
+    - MmProbeAndLockPages
+    - MmUnlockPages
+    - IoAllocateMdl
+    - ZwUnloadKey
+    - IoEnumerateRegisteredFiltersList
+    - KeBugCheckEx
+    - MmGetSystemRoutineAddress
+    - IoDeleteDevice
+    - RtlInitUnicodeString
+    - NtBuildNumber
+    - RtlCompareMemory
+    - IoDeleteSymbolicLink
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwindEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltEnumerateFilters
+    - FltObjectDereference
+    - FltGetVolumeFromInstance
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: 4e4c068c06331130334f23957fca9e3c
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.1.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: d45d2640e1584c776a1d10e5f695d7ad
+        SHA1: fef88c261764494d9a145b37b7739f3454786729
+        SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
+    SHA1: 9e2ebc489c50b6bbae3b08473e007baa65ff208f
+    SHA256: 2da2b883e48e929f5365480d487590957d9e6582cc6da2c0b42699ba85e54fe2
+    Sections:
+        .text:
+            Entropy: 6.134700082776874
+            Virtual Size: '0x321c'
+        .rdata:
+            Entropy: 3.851705446457236
+            Virtual Size: '0x1248'
+        .data:
+            Entropy: 2.4290980855498043
+            Virtual Size: '0xfa4'
+        .pdata:
+            Entropy: 4.043102684753298
+            Virtual Size: '0x1bc'
+        PAGE:
+            Entropy: 6.0617823350375595
+            Virtual Size: '0x28b'
+        INIT:
+            Entropy: 5.115489588699519
+            Virtual Size: '0x5e6'
+        .rsrc:
+            Entropy: 3.3689651261045475
+            Virtual Size: '0x440'
+        .reloc:
+            Entropy: 4.630994027546385
+            Virtual Size: '0x18e'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 059c6bd84285f4960e767f032b33f19b
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 96f61230b60e338e222fdd60d55d3657
+        SHA1: 107bdd495d694b253776c4e9907a21d55847eda3
+        SHA256: 89ec70089d61eccb9021edc6f1b50a9ef99196467a011e1dc7d0325aa51b7dff
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2017 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2018-03-17 17:21:06'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.1.1.0
+    Filename: ''
+    ImportedFunctions:
+    - NtBuildNumber
+    - IofCompleteRequest
+    - KeBugCheck
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsInitialSystemProcess
+    - ObfDereferenceObject
+    - PsLookupProcessByProcessId
+    - PsGetProcessImageFileName
+    - PsGetProcessId
+    - ZwClose
+    - ZwSetInformationProcess
+    - ZwDuplicateToken
+    - ObOpenObjectByPointer
+    - PsProcessType
+    - RtlInitUnicodeString
+    - PsReferencePrimaryToken
+    - IoGetCurrentProcess
+    - RtlCompareMemory
+    - ZwOpenProcessTokenEx
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - IoFreeMdl
+    - MmUnlockPages
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - memcpy
+    - KeServiceDescriptorTable
+    - IoEnumerateRegisteredFiltersList
+    - KeTickCount
+    - MmGetSystemRoutineAddress
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - memset
+    - PsDereferencePrimaryToken
+    - _vsnwprintf
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwind
+    - KeBugCheckEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltGetVolumeFromInstance
+    - FltObjectDereference
+    - FltEnumerateFilters
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: 0d2ba47286f1c68e87622b3a16bf9d92
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.1.1.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: c4873a245675b1071413f34af4d80050
+        SHA1: dd32c95fe9c3a8bcfa7623a732f2492214ff5881
+        SHA256: 2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
+    SHA1: e5566684a9e0c1afadae80c3a8be6636f6cad7cf
+    SHA256: 21617210249d2a35016e8ca6bd7a1edda25a12702a2294d56010ee8148637f5a
+    Sections:
+        .text:
+            Entropy: 6.198093347366582
+            Virtual Size: '0x239e'
+        .rdata:
+            Entropy: 3.5498598119209426
+            Virtual Size: '0xe04'
+        .data:
+            Entropy: 2.8887582835017827
+            Virtual Size: '0xff8'
+        PAGE:
+            Entropy: 5.783313787388865
+            Virtual Size: '0x266'
+        INIT:
+            Entropy: 5.323943395070341
+            Virtual Size: '0x538'
+        .rsrc:
+            Entropy: 3.3804140325955863
+            Virtual Size: '0x440'
+        .reloc:
+            Entropy: 5.967349329602677
+            Virtual Size: '0x41e'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority,
+                CN=Certum Code Signing CA SHA2
+            ValidFrom: '2015-10-29 11:30:29'
+            ValidTo: '2027-06-09 11:30:29'
+            Signature: aae53f7654024c700e29a93996060f31b70bf1a68b52fb108f4f425b8cbd312301669de829a14dc350faf7f8450e1d82d7fcfea6320473fd71eccc880fa39208c5815802fd0b693bcdb83f493dd08d1c1314682e9b0d9aadb019e29ed27c3977886f23fd7b84fc446db5ba6b7092556c94b1d837fda9591db463b2dc13cd788e2535c19a8f37842ed445cce3f5cc8d73a8e33a6de7959470579150b66def73724f2f028760e2ea22a1ed3efdd18b668d2e726d4fc65d35ee93a898d2676ae9da19cd0283f974fc5f7a1804281edd22333b766c47055dd552fe0eba76f38310c76e305fa760c7fa7427319b2883ed218a1bf1235284ed95bcad3aa5a342019dbc
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 6b326a0f0328d37a1d530bfd23bd48e2
+            Version: 3
+            TBS:
+                MD5: e556c75dbca00e43684d23c11c032d4a
+                SHA1: 50925e36ffd52e5b4d32689e9007b14a3a417168
+                SHA256: f7b6eeb3a567223000a61f68c53b458193557c17e5d512d2825bcb13e5fc9be5
+                SHA384: 57f1cdd3afe0bd7859ab450dbdf6e21a55cf5ba0dda62b9b3c12f2d885d98413ce6817243f6bb83cd77276643369ecbf
+        -   Subject: C=FR, O=Open Source Developer, ST=Ile de France, CN=Open Source
+                Developer, Benjamin Delpy, emailAddress=benjamin@gentilkiwi.com
+            ValidFrom: '2017-12-04 09:50:34'
+            ValidTo: '2018-12-04 09:50:34'
+            Signature: a671cf049079a759f4c1fa73dd7f3b3b84da6480a91a3c1a9d6d3bb1313d6714d14272b477c37a86b88a686344dcfd89c8af3a34deaaa5bab970adfa66c5ff206b22ef1954ccbf6b96fdf0f99e9066557fefbb5ddc55aa2a2891181d1a27b06acb79380b618344bd202361fb0399a7e6e6ccbcfa714265fa054e373261efaf6b74bc7e4c7994bcb832d61b3c573d2ec8c3926afb60d4b63428112dd6249c2a49cfded8fa33893fb2d452b135ad57be1ff7956825861e1fd53dfbc0cef82045fd699ebeb74230abfbac20467f087f6e7e2b19f0f961ea2f015c2e54e653507f9966193658afc237778e12001f05e1c6e0ec13d9574718593a2f2484cff950e019
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 1519af351702ab2d86968d0be928f529
+            Version: 3
+            TBS:
+                MD5: 7227ed4392de49333e052f8f17c41f69
+                SHA1: e019d8060f65cc923dab50ea282fb8895c1c75f9
+                SHA256: eee437f4170a21f7de0e590620ff2a9412f89af95e87589d0e5a1cca17f61825
+                SHA384: a5f32361dfa3828aebf139cb1017bba83111e1ce2c5dbd126751a1e7d8f19f3fb838926fc118e423fbe07187e84efc2b
+        -   Subject: C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority,
+                CN=Certum Trusted Network CA
+            ValidFrom: '2011-04-15 20:15:34'
+            ValidTo: '2021-04-15 20:25:34'
+            Signature: 419f12160eedee2491fe5d5f10a097a8749e0dccf3115163122a5bb95dc7afac5aa25c0002cb728e0d9225b6522653be3c77a2c28c8089d84118571ab8d05057c328e7fad044804e7e8933286f3a47ef5e231ef27afe3a2a19dead6b1a2847786e9bbfeb7367589a2719d8eb5c3d085860629d5914cf9e76b3cfd962af7b72ac80f9e015ab9c7a5c4b1c7083db7094117bd22a4c7734dc36cccd46d40b198c09f6610ade481c9b3fff0b43d7f1018061abda70cfa78444acb31cce2630f5ca5f696735836ea3888c0fb8939bd65b0615e64b7db950ab09e07b2beb4c1a6bba1cca791bc59f81bde443f02de195d5a166076ce6e5456e060bdbf5bc4395b88aa50555e59668ac1d31db3804bc1c3db61975d1b5802a821e385c4676256c4d8b7483544375e77bb395bfee13609e0ecdfbcaf73a2a52a0a625497a17193ae8941f2c8204035ea9513cef526f7b43ceda2b81b47fda1a2c6265d1ec2837823014319d15bdffacc88b256e41bd1f23741be3fcf94be2eb46e68151530ec94a84788deca8b80f8d4c7fe0f6b0d2c538b24f82c410fe87b88ec6b6b0f87c12a7b4834dfc1e8b6a5bf9d564793ed1e37e1af6c81e59db4dca605c577ea25877ecfa05260032a7f6ff134e98d86f5b434cb336e425bcd93b9f38e00ee9be81e6c91f0f022f8d3a1288a88e1bb1e776913e18de361228fef766557c5bd464487452c32189
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 613bc791000000000034
+            Version: 3
+            TBS:
+                MD5: f5f0d604dd56b0446f98fb67e98a76f8
+                SHA1: c749c146cc00030ff36ecf9b698e6a377bc15605
+                SHA256: df5dacc623d44348fff0bc8ebe2cedc8ba212e33c6f10d7fd608f37f92a2c273
+                SHA384: c394dc13768746f008b4ffa082d6e8a2e55a83052d63e3c0a8f2fcfc30dcd51849afd21b0adf86bc50490629a89da09b
+        Signer:
+        -   SerialNumber: 1519af351702ab2d86968d0be928f529
+            Issuer: C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority,
+                CN=Certum Code Signing CA SHA2
+            Version: 1
+    Imphash: 3b49942ec6cef1898e97f741b2b5df8a
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 3be821abb1d26f9f18cbec3ba98bd1b1
+        SHA1: 496ae577a52cdbf6f19fb10bfb8a42448d9f2279
+        SHA256: c24f503462a98f7a8bf0dbff0c8242e1f3d4e6cdf4327152f508717f0eafee4b
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2020 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2020-01-04 10:59:21'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.2.0.0
+    Filename: ''
+    ImportedFunctions:
+    - KeBugCheck
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsProcessType
+    - PsGetProcessImageFileName
+    - PsLookupProcessByProcessId
+    - PsReferencePrimaryToken
+    - ZwOpenProcessTokenEx
+    - IoGetCurrentProcess
+    - ZwSetInformationProcess
+    - ZwClose
+    - ZwDuplicateToken
+    - PsInitialSystemProcess
+    - _vsnwprintf
+    - ObfDereferenceObject
+    - ObOpenObjectByPointer
+    - PsGetProcessId
+    - PsDereferencePrimaryToken
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - IoFreeMdl
+    - MmProbeAndLockPages
+    - MmUnlockPages
+    - IoAllocateMdl
+    - ZwUnloadKey
+    - IoEnumerateRegisteredFiltersList
+    - KeBugCheckEx
+    - MmGetSystemRoutineAddress
+    - IoDeleteDevice
+    - RtlInitUnicodeString
+    - NtBuildNumber
+    - RtlCompareMemory
+    - IoDeleteSymbolicLink
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwindEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltEnumerateFilters
+    - FltObjectDereference
+    - FltGetVolumeFromInstance
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: 58c37866cbc3d1338e4fc58ada924ffe
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.2.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: d45d2640e1584c776a1d10e5f695d7ad
+        SHA1: fef88c261764494d9a145b37b7739f3454786729
+        SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
+    SHA1: 6c7663de88a0fba1f63a984f926c6ef449059e38
+    SHA256: 7b846b0a717665e4d9fb313f25d1f6a5b782e495387aea45cf87ad3c049ac0db
+    Sections:
+        .text:
+            Entropy: 6.135433819899731
+            Virtual Size: '0x325c'
+        .rdata:
+            Entropy: 3.838761518780343
+            Virtual Size: '0x1450'
+        .data:
+            Entropy: 2.2159905775744044
+            Virtual Size: '0x1934'
+        .pdata:
+            Entropy: 4.038755197475624
+            Virtual Size: '0x1b0'
+        PAGE:
+            Entropy: 6.068036657482388
+            Virtual Size: '0x28b'
+        INIT:
+            Entropy: 5.119968261124173
+            Virtual Size: '0x5e6'
+        .rsrc:
+            Entropy: 3.3478109419215607
+            Virtual Size: '0x430'
+        .reloc:
+            Entropy: 4.901711830072888
+            Virtual Size: '0x24c'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2026-04-13 10:00:00'
+            Signature: 1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 751e3ee9c5dc2f3e8f04e59dee5ed409
+            Version: 3
+            TBS:
+                MD5: a637f8f3c278575f41cda67c2063c050
+                SHA1: debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
+                SHA256: f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
+                SHA384: 8d32c5f71dc656c96a04609c17e9d8dc95c4f56d1a55165a265e244d34a3f7708e6c7d942376e4fbb3d2ac2f2609fd47
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 059c6bd84285f4960e767f032b33f19b
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 11397e23887327ebc3488a5c8c248fd3
+        SHA1: e3451a9f2de7be02b5d46cb7049d21bb0ca9363e
+        SHA256: f2d3101ef507e6d9ae5475d8fd9b1ca6d2548fe0454c25389d6981f1b33f88f7
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2017 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2018-08-19 17:53:35'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.1.1.0
+    Filename: ''
+    ImportedFunctions:
+    - NtBuildNumber
+    - IofCompleteRequest
+    - KeBugCheck
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsInitialSystemProcess
+    - ObfDereferenceObject
+    - PsLookupProcessByProcessId
+    - PsGetProcessImageFileName
+    - PsGetProcessId
+    - ZwClose
+    - ZwSetInformationProcess
+    - ZwDuplicateToken
+    - ObOpenObjectByPointer
+    - PsProcessType
+    - RtlInitUnicodeString
+    - PsReferencePrimaryToken
+    - IoGetCurrentProcess
+    - RtlCompareMemory
+    - ZwOpenProcessTokenEx
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - IoFreeMdl
+    - MmUnlockPages
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - memcpy
+    - KeServiceDescriptorTable
+    - IoEnumerateRegisteredFiltersList
+    - KeTickCount
+    - MmGetSystemRoutineAddress
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - memset
+    - PsDereferencePrimaryToken
+    - _vsnwprintf
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwind
+    - KeBugCheckEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltGetVolumeFromInstance
+    - FltObjectDereference
+    - FltEnumerateFilters
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: aa98b95f5cbae8260122de06a215ee10
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.1.1.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: c4873a245675b1071413f34af4d80050
+        SHA1: dd32c95fe9c3a8bcfa7623a732f2492214ff5881
+        SHA256: 2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
+    SHA1: 1fdb2474908bdd2ee1e9bd3f224626f9361caab7
+    SHA256: d7aa8abdda8a68b8418e86bef50c19ef2f34bc66e7b139e43c2a99ab48c933be
+    Sections:
+        .text:
+            Entropy: 6.202827671645787
+            Virtual Size: '0x23ae'
+        .rdata:
+            Entropy: 3.5407518814113015
+            Virtual Size: '0xe24'
+        .data:
+            Entropy: 2.9048205574982506
+            Virtual Size: '0xff4'
+        PAGE:
+            Entropy: 5.788042895055868
+            Virtual Size: '0x266'
+        INIT:
+            Entropy: 5.325440401058365
+            Virtual Size: '0x538'
+        .rsrc:
+            Entropy: 3.3588565214747637
+            Virtual Size: '0x438'
+        .reloc:
+            Entropy: 5.981826468919802
+            Virtual Size: '0x41e'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 3b49942ec6cef1898e97f741b2b5df8a
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 5462bedeee0d01475f6b129a7e7a96d2
+        SHA1: 3557c20c63fe9f08995f6d76ab6ad80cb2e11da6
+        SHA256: 714ac82a4e2b971f19df9c5cdcc7d7df52ac44ce1bfad675e50122406bed04a2
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2020 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2020-03-08 06:32:35'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.2.0.0
+    Filename: ''
+    ImportedFunctions:
+    - KeBugCheck
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsProcessType
+    - PsGetProcessImageFileName
+    - PsLookupProcessByProcessId
+    - PsReferencePrimaryToken
+    - ZwOpenProcessTokenEx
+    - IoGetCurrentProcess
+    - ZwSetInformationProcess
+    - ZwClose
+    - ZwDuplicateToken
+    - PsInitialSystemProcess
+    - _vsnwprintf
+    - ObfDereferenceObject
+    - ObOpenObjectByPointer
+    - PsGetProcessId
+    - PsDereferencePrimaryToken
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - IoFreeMdl
+    - MmProbeAndLockPages
+    - MmUnlockPages
+    - IoAllocateMdl
+    - ZwUnloadKey
+    - IoEnumerateRegisteredFiltersList
+    - KeBugCheckEx
+    - MmGetSystemRoutineAddress
+    - IoDeleteDevice
+    - RtlInitUnicodeString
+    - NtBuildNumber
+    - RtlCompareMemory
+    - IoDeleteSymbolicLink
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwindEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltEnumerateFilters
+    - FltObjectDereference
+    - FltGetVolumeFromInstance
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: e1a9aa4c14669b1fb1f67a7266f87e82
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.2.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: d45d2640e1584c776a1d10e5f695d7ad
+        SHA1: fef88c261764494d9a145b37b7739f3454786729
+        SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
+    SHA1: 98130128685c8640a8a8391cb4718e98dd8fe542
+    SHA256: c42c1e5c3c04163bf61c3b86b04a5ec7d302af7e254990cef359ac80474299da
+    Sections:
+        .text:
+            Entropy: 6.135433819899731
+            Virtual Size: '0x325c'
+        .rdata:
+            Entropy: 3.8373920399664727
+            Virtual Size: '0x1450'
+        .data:
+            Entropy: 2.2159905775744044
+            Virtual Size: '0x1934'
+        .pdata:
+            Entropy: 4.038755197475624
+            Virtual Size: '0x1b0'
+        PAGE:
+            Entropy: 6.068036657482388
+            Virtual Size: '0x28b'
+        INIT:
+            Entropy: 5.119968261124173
+            Virtual Size: '0x5e6'
+        .rsrc:
+            Entropy: 3.3478109419215607
+            Virtual Size: '0x430'
+        .reloc:
+            Entropy: 4.901711830072888
+            Virtual Size: '0x24c'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2026-04-13 10:00:00'
+            Signature: 1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 751e3ee9c5dc2f3e8f04e59dee5ed409
+            Version: 3
+            TBS:
+                MD5: a637f8f3c278575f41cda67c2063c050
+                SHA1: debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
+                SHA256: f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
+                SHA384: 8d32c5f71dc656c96a04609c17e9d8dc95c4f56d1a55165a265e244d34a3f7708e6c7d942376e4fbb3d2ac2f2609fd47
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 059c6bd84285f4960e767f032b33f19b
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 3eabdd91d711f5a696d02a9a64e1192d
+        SHA1: bc893a4040dc41d18853d4d1c5d90d01564f79ef
+        SHA256: 054c2b8c5e89a2bff72eb6e1169537cf8654b614d9aac1e1e3d8ea02343872fc
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2017 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2017-06-06 18:25:53'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.1.0.0
+    Filename: ''
+    ImportedFunctions:
+    - NtBuildNumber
+    - IofCompleteRequest
+    - KeBugCheck
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsInitialSystemProcess
+    - ObfDereferenceObject
+    - PsLookupProcessByProcessId
+    - PsGetProcessImageFileName
+    - PsGetProcessId
+    - ZwClose
+    - ZwSetInformationProcess
+    - ZwDuplicateToken
+    - ObOpenObjectByPointer
+    - PsProcessType
+    - RtlInitUnicodeString
+    - PsReferencePrimaryToken
+    - IoGetCurrentProcess
+    - RtlCompareMemory
+    - ZwOpenProcessTokenEx
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - IoFreeMdl
+    - MmUnlockPages
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - memcpy
+    - KeServiceDescriptorTable
+    - IoEnumerateRegisteredFiltersList
+    - KeTickCount
+    - MmGetSystemRoutineAddress
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - memset
+    - PsDereferencePrimaryToken
+    - _vsnwprintf
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwind
+    - KeBugCheckEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltGetVolumeFromInstance
+    - FltObjectDereference
+    - FltEnumerateFilters
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: 5076fba3d90e346fd17f78db0a4aa12c
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.1.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: c4873a245675b1071413f34af4d80050
+        SHA1: dd32c95fe9c3a8bcfa7623a732f2492214ff5881
+        SHA256: 2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
+    SHA1: 9086e670e3a4518c0bcdf0da131748d4085ef42b
+    SHA256: 6d68d8a71a11458ddf0cbb73c0f145bee46ef29ce03ad7ece6bd6aa9d31db9b7
+    Sections:
+        .text:
+            Entropy: 6.199736289697868
+            Virtual Size: '0x236e'
+        .rdata:
+            Entropy: 3.557902175699288
+            Virtual Size: '0xde4'
+        .data:
+            Entropy: 2.962098389788266
+            Virtual Size: '0xeb0'
+        PAGE:
+            Entropy: 5.795507089372613
+            Virtual Size: '0x266'
+        INIT:
+            Entropy: 5.324875365502854
+            Virtual Size: '0x538'
+        .rsrc:
+            Entropy: 3.3682712956797647
+            Virtual Size: '0x440'
+        .reloc:
+            Entropy: 5.952195564032691
+            Virtual Size: '0x3fe'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 3b49942ec6cef1898e97f741b2b5df8a
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 61a26b2fe61a0d6037fdcbb047f97496
+        SHA1: 2cbec330507fb9951a7b0442bf4fe7b9d4cefd88
+        SHA256: 36670821bb4a9d69bb6193e21b0da5c52975f001d3ed2dd7ee6307a2cff8317c
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2020 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2020-09-16 04:01:34'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.2.0.0
+    Filename: ''
+    ImportedFunctions:
+    - NtBuildNumber
+    - IofCompleteRequest
+    - KeBugCheck
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsInitialSystemProcess
+    - ObfDereferenceObject
+    - PsLookupProcessByProcessId
+    - PsGetProcessImageFileName
+    - PsGetProcessId
+    - ZwClose
+    - ZwSetInformationProcess
+    - ZwDuplicateToken
+    - ObOpenObjectByPointer
+    - PsProcessType
+    - RtlInitUnicodeString
+    - PsReferencePrimaryToken
+    - IoGetCurrentProcess
+    - RtlCompareMemory
+    - ZwOpenProcessTokenEx
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - IoFreeMdl
+    - MmUnlockPages
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - memcpy
+    - KeServiceDescriptorTable
+    - IoEnumerateRegisteredFiltersList
+    - KeTickCount
+    - MmGetSystemRoutineAddress
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - memset
+    - PsDereferencePrimaryToken
+    - _vsnwprintf
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwind
+    - KeBugCheckEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltGetVolumeFromInstance
+    - FltObjectDereference
+    - FltEnumerateFilters
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: 840a5edf2534dd23a082cf7b28cbfc4d
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.2.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: c4873a245675b1071413f34af4d80050
+        SHA1: dd32c95fe9c3a8bcfa7623a732f2492214ff5881
+        SHA256: 2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
+    SHA1: 8ad0919629731b9a8062f7d3d4a727b28f22e81a
+    SHA256: b0b80a11802b4a8ca69c818a03e76e7ef57c2e293de456439401e8e6073f8719
+    Sections:
+        .text:
+            Entropy: 6.2064317372812985
+            Virtual Size: '0x2404'
+        .rdata:
+            Entropy: 3.545194142432988
+            Virtual Size: '0xff4'
+        .data:
+            Entropy: 2.813191841547333
+            Virtual Size: '0x14dc'
+        PAGE:
+            Entropy: 5.804360087879422
+            Virtual Size: '0x266'
+        INIT:
+            Entropy: 5.4281677070245955
+            Virtual Size: '0x538'
+        .rsrc:
+            Entropy: 3.3459452702797696
+            Virtual Size: '0x430'
+        .reloc:
+            Entropy: 6.0011548156682
+            Virtual Size: '0x4a0'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2026-04-13 10:00:00'
+            Signature: 1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 751e3ee9c5dc2f3e8f04e59dee5ed409
+            Version: 3
+            TBS:
+                MD5: a637f8f3c278575f41cda67c2063c050
+                SHA1: debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
+                SHA256: f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
+                SHA384: 8d32c5f71dc656c96a04609c17e9d8dc95c4f56d1a55165a265e244d34a3f7708e6c7d942376e4fbb3d2ac2f2609fd47
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 3b49942ec6cef1898e97f741b2b5df8a
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 5d9f62bffce7ee809a2eaf9ca717dd02
+        SHA1: ba4f2cf927b7ff43e97f50691a494e11a0a469a9
+        SHA256: 2ac415873e0a8638f5154ac4c1713b6f0527119b59706df65a5b3ed73ece02a6
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2020 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2020-05-02 08:23:45'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.2.0.0
+    Filename: ''
+    ImportedFunctions:
+    - KeBugCheck
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsProcessType
+    - PsGetProcessImageFileName
+    - PsLookupProcessByProcessId
+    - PsReferencePrimaryToken
+    - ZwOpenProcessTokenEx
+    - IoGetCurrentProcess
+    - ZwSetInformationProcess
+    - ZwClose
+    - ZwDuplicateToken
+    - PsInitialSystemProcess
+    - _vsnwprintf
+    - ObfDereferenceObject
+    - ObOpenObjectByPointer
+    - PsGetProcessId
+    - PsDereferencePrimaryToken
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - IoFreeMdl
+    - MmProbeAndLockPages
+    - MmUnlockPages
+    - IoAllocateMdl
+    - ZwUnloadKey
+    - IoEnumerateRegisteredFiltersList
+    - KeBugCheckEx
+    - MmGetSystemRoutineAddress
+    - IoDeleteDevice
+    - RtlInitUnicodeString
+    - NtBuildNumber
+    - RtlCompareMemory
+    - IoDeleteSymbolicLink
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwindEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltEnumerateFilters
+    - FltObjectDereference
+    - FltGetVolumeFromInstance
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: c1ab425977d467b64f437a6c5ad82b44
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.2.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: d45d2640e1584c776a1d10e5f695d7ad
+        SHA1: fef88c261764494d9a145b37b7739f3454786729
+        SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
+    SHA1: ab4399647ebd16c02728c702534a30eb0b7ccbe7
+    SHA256: 0f98492c92e35042b09032e3d9aedc357e4df94fc840217fa1091046f9248a06
+    Sections:
+        .text:
+            Entropy: 6.135433819899731
+            Virtual Size: '0x325c'
+        .rdata:
+            Entropy: 3.8363024152990204
+            Virtual Size: '0x1450'
+        .data:
+            Entropy: 2.2159905775744044
+            Virtual Size: '0x1934'
+        .pdata:
+            Entropy: 4.038755197475624
+            Virtual Size: '0x1b0'
+        PAGE:
+            Entropy: 6.068036657482388
+            Virtual Size: '0x28b'
+        INIT:
+            Entropy: 5.119968261124173
+            Virtual Size: '0x5e6'
+        .rsrc:
+            Entropy: 3.3478109419215607
+            Virtual Size: '0x430'
+        .reloc:
+            Entropy: 4.901711830072888
+            Virtual Size: '0x24c'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2026-04-13 10:00:00'
+            Signature: 1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 751e3ee9c5dc2f3e8f04e59dee5ed409
+            Version: 3
+            TBS:
+                MD5: a637f8f3c278575f41cda67c2063c050
+                SHA1: debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
+                SHA256: f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
+                SHA384: 8d32c5f71dc656c96a04609c17e9d8dc95c4f56d1a55165a265e244d34a3f7708e6c7d942376e4fbb3d2ac2f2609fd47
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 059c6bd84285f4960e767f032b33f19b
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 2e081681b4d0312dc306f9cb9014d8a7
+        SHA1: 4c5406a663664443c16374ab8e29bcd984a4ba47
+        SHA256: 8e1d02a67ad311f9e48d42813e6d208bda3e7e4da0d212d7b484a8454b41678c
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2017 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2017-12-18 17:16:07'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.1.1.0
+    Filename: ''
+    ImportedFunctions:
+    - NtBuildNumber
+    - IofCompleteRequest
+    - KeBugCheck
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsInitialSystemProcess
+    - ObfDereferenceObject
+    - PsLookupProcessByProcessId
+    - PsGetProcessImageFileName
+    - PsGetProcessId
+    - ZwClose
+    - ZwSetInformationProcess
+    - ZwDuplicateToken
+    - ObOpenObjectByPointer
+    - PsProcessType
+    - RtlInitUnicodeString
+    - PsReferencePrimaryToken
+    - IoGetCurrentProcess
+    - RtlCompareMemory
+    - ZwOpenProcessTokenEx
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - IoFreeMdl
+    - MmUnlockPages
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - memcpy
+    - KeServiceDescriptorTable
+    - IoEnumerateRegisteredFiltersList
+    - KeTickCount
+    - MmGetSystemRoutineAddress
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - memset
+    - PsDereferencePrimaryToken
+    - _vsnwprintf
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwind
+    - KeBugCheckEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltGetVolumeFromInstance
+    - FltObjectDereference
+    - FltEnumerateFilters
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: c4a517a02ba9f6eac5cf06e3629cc076
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.1.1.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: c4873a245675b1071413f34af4d80050
+        SHA1: dd32c95fe9c3a8bcfa7623a732f2492214ff5881
+        SHA256: 2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
+    SHA1: 40df7a55c200371853cc3fd3cc03b5ac932f5cd6
+    SHA256: ec96b15ce218f97ec1d8f07f13b052d274c4c8438f31daf246ccfaaee5e1bebd
+    Sections:
+        .text:
+            Entropy: 6.198093347366582
+            Virtual Size: '0x239e'
+        .rdata:
+            Entropy: 3.547638774205631
+            Virtual Size: '0xe04'
+        .data:
+            Entropy: 2.8887582835017827
+            Virtual Size: '0xff8'
+        PAGE:
+            Entropy: 5.783313787388865
+            Virtual Size: '0x266'
+        INIT:
+            Entropy: 5.323943395070341
+            Virtual Size: '0x538'
+        .rsrc:
+            Entropy: 3.3804140325955863
+            Virtual Size: '0x440'
+        .reloc:
+            Entropy: 5.967349329602677
+            Virtual Size: '0x41e'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 3b49942ec6cef1898e97f741b2b5df8a
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 8f336d1fbb353fd34fa196003f855db3
+        SHA1: 74ead5c8d4b3428f6348f09fcd29bf97701812be
+        SHA256: 77280614edf2e476a853c7881a4ff1402d67d4dd3e218af657f44fd4d4fbdbcb
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2019 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2019-07-20 14:57:32'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.2.0.0
+    Filename: ''
+    ImportedFunctions:
+    - KeBugCheck
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsProcessType
+    - PsGetProcessImageFileName
+    - PsLookupProcessByProcessId
+    - PsReferencePrimaryToken
+    - ZwOpenProcessTokenEx
+    - IoGetCurrentProcess
+    - ZwSetInformationProcess
+    - ZwClose
+    - ZwDuplicateToken
+    - PsInitialSystemProcess
+    - _vsnwprintf
+    - ObfDereferenceObject
+    - ObOpenObjectByPointer
+    - PsGetProcessId
+    - PsDereferencePrimaryToken
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - IoFreeMdl
+    - MmProbeAndLockPages
+    - MmUnlockPages
+    - IoAllocateMdl
+    - ZwUnloadKey
+    - IoEnumerateRegisteredFiltersList
+    - KeBugCheckEx
+    - MmGetSystemRoutineAddress
+    - IoDeleteDevice
+    - RtlInitUnicodeString
+    - NtBuildNumber
+    - RtlCompareMemory
+    - IoDeleteSymbolicLink
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwindEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltEnumerateFilters
+    - FltObjectDereference
+    - FltGetVolumeFromInstance
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: d416494232c4197cb36a914df2e17677
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.2.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: d45d2640e1584c776a1d10e5f695d7ad
+        SHA1: fef88c261764494d9a145b37b7739f3454786729
+        SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
+    SHA1: c42178977bd7bbefe084da0129ed808cb7266204
+    SHA256: b0a27ac1a8173413de13860d2b2e34cb6bc4d1149f94b62d319042e11d8b004c
+    Sections:
+        .text:
+            Entropy: 6.135433819899731
+            Virtual Size: '0x325c'
+        .rdata:
+            Entropy: 3.836260299365183
+            Virtual Size: '0x1450'
+        .data:
+            Entropy: 2.2159905775744044
+            Virtual Size: '0x1934'
+        .pdata:
+            Entropy: 4.038755197475624
+            Virtual Size: '0x1b0'
+        PAGE:
+            Entropy: 6.068036657482388
+            Virtual Size: '0x28b'
+        INIT:
+            Entropy: 5.119968261124173
+            Virtual Size: '0x5e6'
+        .rsrc:
+            Entropy: 3.3547531988948798
+            Virtual Size: '0x430'
+        .reloc:
+            Entropy: 4.901711830072888
+            Virtual Size: '0x24c'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 059c6bd84285f4960e767f032b33f19b
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 428ace923d811b754b41a4108a862809
+        SHA1: 5610d6f3c2d45ca61b501d343fc8acf3ae4ce2a8
+        SHA256: 028011ae3cd1d972b7c46fc8261f583d1fe5dedcef02ee63ee532b3668bfdc25
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2019 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2019-04-08 16:53:54'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.2.0.0
+    Filename: ''
+    ImportedFunctions:
+    - NtBuildNumber
+    - IofCompleteRequest
+    - KeBugCheck
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsInitialSystemProcess
+    - ObfDereferenceObject
+    - PsLookupProcessByProcessId
+    - PsGetProcessImageFileName
+    - PsGetProcessId
+    - ZwClose
+    - ZwSetInformationProcess
+    - ZwDuplicateToken
+    - ObOpenObjectByPointer
+    - PsProcessType
+    - RtlInitUnicodeString
+    - PsReferencePrimaryToken
+    - IoGetCurrentProcess
+    - RtlCompareMemory
+    - ZwOpenProcessTokenEx
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - IoFreeMdl
+    - MmUnlockPages
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - memcpy
+    - KeServiceDescriptorTable
+    - IoEnumerateRegisteredFiltersList
+    - KeTickCount
+    - MmGetSystemRoutineAddress
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - memset
+    - PsDereferencePrimaryToken
+    - _vsnwprintf
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwind
+    - KeBugCheckEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltGetVolumeFromInstance
+    - FltObjectDereference
+    - FltEnumerateFilters
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: abc168fdca7169bf9dc40cec9761018d
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.2.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: c4873a245675b1071413f34af4d80050
+        SHA1: dd32c95fe9c3a8bcfa7623a732f2492214ff5881
+        SHA256: 2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
+    SHA1: 89165bbb761d6742ac2a6f5efbffc80c17990bd8
+    SHA256: f6157e033a12520c73dcedf8e49cd42d103e5874c34d6527bb9de25a5d26e5ad
+    Sections:
+        .text:
+            Entropy: 6.19967108907113
+            Virtual Size: '0x23e4'
+        .rdata:
+            Entropy: 3.5742068392215858
+            Virtual Size: '0xeb4'
+        .data:
+            Entropy: 2.918973466238896
+            Virtual Size: '0x112c'
+        PAGE:
+            Entropy: 5.809009522687684
+            Virtual Size: '0x266'
+        INIT:
+            Entropy: 5.438798437403421
+            Virtual Size: '0x538'
+        .rsrc:
+            Entropy: 3.3528875272530887
+            Virtual Size: '0x430'
+        .reloc:
+            Entropy: 5.942057100341831
+            Virtual Size: '0x446'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 3b49942ec6cef1898e97f741b2b5df8a
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 5ec7174b07ff641f2f8e9d3d05528c81
+        SHA1: c204693c32d015a5123b408390eb0cca0a4ea1ed
+        SHA256: 4d11419d2f1d6217481d12d3f3fcd13f693f7454f9fadcdeee72bdc0ce06c8e2
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2016 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2017-01-20 17:21:49'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.1.0.0
+    Filename: ''
+    ImportedFunctions:
+    - NtBuildNumber
+    - IofCompleteRequest
+    - KeBugCheck
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsInitialSystemProcess
+    - ObfDereferenceObject
+    - PsLookupProcessByProcessId
+    - PsGetProcessImageFileName
+    - PsGetProcessId
+    - ZwClose
+    - ZwSetInformationProcess
+    - ZwDuplicateToken
+    - ObOpenObjectByPointer
+    - PsProcessType
+    - RtlInitUnicodeString
+    - PsReferencePrimaryToken
+    - IoGetCurrentProcess
+    - RtlCompareMemory
+    - ZwOpenProcessTokenEx
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - IoFreeMdl
+    - MmUnlockPages
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - memcpy
+    - KeServiceDescriptorTable
+    - IoEnumerateRegisteredFiltersList
+    - KeTickCount
+    - MmGetSystemRoutineAddress
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - memset
+    - PsDereferencePrimaryToken
+    - _vsnwprintf
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwind
+    - KeBugCheckEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltGetVolumeFromInstance
+    - FltObjectDereference
+    - FltEnumerateFilters
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: 77cfd3943cc34d9f5279c330cd8940bc
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.1.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: c4873a245675b1071413f34af4d80050
+        SHA1: dd32c95fe9c3a8bcfa7623a732f2492214ff5881
+        SHA256: 2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
+    SHA1: 1048f641adf3988d882a159bf1332eeb6d6a7f09
+    SHA256: 4af8192870afe18c77381dfaf8478f8914fa32906812bb53073da284a49ae4c7
+    Sections:
+        .text:
+            Entropy: 6.189266621409851
+            Virtual Size: '0x235e'
+        .rdata:
+            Entropy: 3.5648732915299184
+            Virtual Size: '0xdc4'
+        .data:
+            Entropy: 2.9710357364934694
+            Virtual Size: '0xd68'
+        PAGE:
+            Entropy: 5.8055474754253495
+            Virtual Size: '0x266'
+        INIT:
+            Entropy: 5.325440401058366
+            Virtual Size: '0x538'
+        .rsrc:
+            Entropy: 3.3682712956797647
+            Virtual Size: '0x440'
+        .reloc:
+            Entropy: 5.910661392306955
+            Virtual Size: '0x3e0'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 3b49942ec6cef1898e97f741b2b5df8a
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: a100ac9683e98fca3ac42bf39b003cb0
+        SHA1: 6b202f5986e6a47b2f2ca5cba5c61f0c4be9cf8e
+        SHA256: 1e0133cfe93c0e1cdd995b8668134bafcd35976c8f02400112668d91da7eb34a
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2017 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2017-04-09 15:24:17'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.1.0.0
+    Filename: ''
+    ImportedFunctions:
+    - KeBugCheck
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsProcessType
+    - PsGetProcessImageFileName
+    - PsLookupProcessByProcessId
+    - PsReferencePrimaryToken
+    - ZwOpenProcessTokenEx
+    - IoGetCurrentProcess
+    - ZwSetInformationProcess
+    - ZwClose
+    - ZwDuplicateToken
+    - PsInitialSystemProcess
+    - _vsnwprintf
+    - ObfDereferenceObject
+    - ObOpenObjectByPointer
+    - PsGetProcessId
+    - PsDereferencePrimaryToken
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - IoFreeMdl
+    - MmProbeAndLockPages
+    - MmUnlockPages
+    - IoAllocateMdl
+    - ZwUnloadKey
+    - IoEnumerateRegisteredFiltersList
+    - KeBugCheckEx
+    - MmGetSystemRoutineAddress
+    - IoDeleteDevice
+    - RtlInitUnicodeString
+    - NtBuildNumber
+    - RtlCompareMemory
+    - IoDeleteSymbolicLink
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwindEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltEnumerateFilters
+    - FltObjectDereference
+    - FltGetVolumeFromInstance
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: a37ed7663073319d02f2513575a22995
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.1.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: d45d2640e1584c776a1d10e5f695d7ad
+        SHA1: fef88c261764494d9a145b37b7739f3454786729
+        SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
+    SHA1: 005754dab657ddc6dae28eee313ca2cc6a0c375c
+    SHA256: a78c9871da09fab21aec9b88a4e880f81ecb1ed0fa941f31cc2f041067e8e972
+    Sections:
+        .text:
+            Entropy: 6.137944463935485
+            Virtual Size: '0x319c'
+        .rdata:
+            Entropy: 3.8505182893396532
+            Virtual Size: '0x1340'
+        .data:
+            Entropy: 2.3461427985512437
+            Virtual Size: '0x12e4'
+        .pdata:
+            Entropy: 4.010051195917961
+            Virtual Size: '0x1b0'
+        PAGE:
+            Entropy: 6.083244237405415
+            Virtual Size: '0x28b'
+        INIT:
+            Entropy: 5.119968261124173
+            Virtual Size: '0x5e6'
+        .rsrc:
+            Entropy: 3.370803361398665
+            Virtual Size: '0x440'
+        .reloc:
+            Entropy: 4.705915669612521
+            Virtual Size: '0x1d4'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 059c6bd84285f4960e767f032b33f19b
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 931256ebd447cf1d01ad99dddc6f0c5e
+        SHA1: 322c7020b513df1b694be2d7be3b6b3ac2251639
+        SHA256: 0867af893422b7191e77907de58faf787d4763cc7e9a2a3a91c72f1995a9c3f3
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2020 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2020-05-18 16:48:26'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.2.0.0
+    Filename: ''
+    ImportedFunctions:
+    - NtBuildNumber
+    - IofCompleteRequest
+    - KeBugCheck
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsInitialSystemProcess
+    - ObfDereferenceObject
+    - PsLookupProcessByProcessId
+    - PsGetProcessImageFileName
+    - PsGetProcessId
+    - ZwClose
+    - ZwSetInformationProcess
+    - ZwDuplicateToken
+    - ObOpenObjectByPointer
+    - PsProcessType
+    - RtlInitUnicodeString
+    - PsReferencePrimaryToken
+    - IoGetCurrentProcess
+    - RtlCompareMemory
+    - ZwOpenProcessTokenEx
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - IoFreeMdl
+    - MmUnlockPages
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - memcpy
+    - KeServiceDescriptorTable
+    - IoEnumerateRegisteredFiltersList
+    - KeTickCount
+    - MmGetSystemRoutineAddress
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - memset
+    - PsDereferencePrimaryToken
+    - _vsnwprintf
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwind
+    - KeBugCheckEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltGetVolumeFromInstance
+    - FltObjectDereference
+    - FltEnumerateFilters
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: d6a1dd7b2c06f058b408b3613c13d413
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.2.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: c4873a245675b1071413f34af4d80050
+        SHA1: dd32c95fe9c3a8bcfa7623a732f2492214ff5881
+        SHA256: 2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
+    SHA1: 09375f13521fc0cacf2cf0a28b2a9248f71498d7
+    SHA256: 2456a7921fa8ab7b9779e5665e6b42fccc019feb9e49a9a28a33ec0a4bb323c4
+    Sections:
+        .text:
+            Entropy: 6.2064317372812985
+            Virtual Size: '0x2404'
+        .rdata:
+            Entropy: 3.546922502761428
+            Virtual Size: '0xff4'
+        .data:
+            Entropy: 2.813191841547333
+            Virtual Size: '0x14dc'
+        PAGE:
+            Entropy: 5.804360087879422
+            Virtual Size: '0x266'
+        INIT:
+            Entropy: 5.4281677070245955
+            Virtual Size: '0x538'
+        .rsrc:
+            Entropy: 3.3459452702797696
+            Virtual Size: '0x430'
+        .reloc:
+            Entropy: 6.0011548156682
+            Virtual Size: '0x4a0'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2026-04-13 10:00:00'
+            Signature: 1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 751e3ee9c5dc2f3e8f04e59dee5ed409
+            Version: 3
+            TBS:
+                MD5: a637f8f3c278575f41cda67c2063c050
+                SHA1: debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
+                SHA256: f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
+                SHA384: 8d32c5f71dc656c96a04609c17e9d8dc95c4f56d1a55165a265e244d34a3f7708e6c7d942376e4fbb3d2ac2f2609fd47
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 3b49942ec6cef1898e97f741b2b5df8a
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 0b1ae7891dd66b54b045f4015e98cb23
+        SHA1: 1e4650f09fe5e378bcd186cc42dff679723c1534
+        SHA256: 63e9918f94a1ae5d71e8972f49bfbce13d8b1774b7237b022f182f03cc9ce715
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2020 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2020-09-16 19:07:11'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.2.0.0
+    Filename: ''
+    ImportedFunctions:
+    - NtBuildNumber
+    - IofCompleteRequest
+    - KeBugCheck
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsInitialSystemProcess
+    - ObfDereferenceObject
+    - PsLookupProcessByProcessId
+    - PsGetProcessImageFileName
+    - PsGetProcessId
+    - ZwClose
+    - ZwSetInformationProcess
+    - ZwDuplicateToken
+    - ObOpenObjectByPointer
+    - PsProcessType
+    - RtlInitUnicodeString
+    - PsReferencePrimaryToken
+    - IoGetCurrentProcess
+    - RtlCompareMemory
+    - ZwOpenProcessTokenEx
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - IoFreeMdl
+    - MmUnlockPages
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - memcpy
+    - KeServiceDescriptorTable
+    - IoEnumerateRegisteredFiltersList
+    - KeTickCount
+    - MmGetSystemRoutineAddress
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - memset
+    - PsDereferencePrimaryToken
+    - _vsnwprintf
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwind
+    - KeBugCheckEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltGetVolumeFromInstance
+    - FltObjectDereference
+    - FltEnumerateFilters
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: e37a08f516b8a7ca64163f5d9e68fe5a
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.2.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: c4873a245675b1071413f34af4d80050
+        SHA1: dd32c95fe9c3a8bcfa7623a732f2492214ff5881
+        SHA256: 2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
+    SHA1: e730eb971ecb493b69de2308b6412836303f733a
+    SHA256: 94c71954ac0b1fd9fa2bd5c506a16302100ba75d9f84f39ee9b333546c714601
+    Sections:
+        .text:
+            Entropy: 6.2064317372812985
+            Virtual Size: '0x2404'
+        .rdata:
+            Entropy: 3.544935150802994
+            Virtual Size: '0xff4'
+        .data:
+            Entropy: 2.813191841547333
+            Virtual Size: '0x14dc'
+        PAGE:
+            Entropy: 5.804360087879422
+            Virtual Size: '0x266'
+        INIT:
+            Entropy: 5.4281677070245955
+            Virtual Size: '0x538'
+        .rsrc:
+            Entropy: 3.3459452702797696
+            Virtual Size: '0x430'
+        .reloc:
+            Entropy: 6.0011548156682
+            Virtual Size: '0x4a0'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2026-04-13 10:00:00'
+            Signature: 1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 751e3ee9c5dc2f3e8f04e59dee5ed409
+            Version: 3
+            TBS:
+                MD5: a637f8f3c278575f41cda67c2063c050
+                SHA1: debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
+                SHA256: f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
+                SHA384: 8d32c5f71dc656c96a04609c17e9d8dc95c4f56d1a55165a265e244d34a3f7708e6c7d942376e4fbb3d2ac2f2609fd47
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 3b49942ec6cef1898e97f741b2b5df8a
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: c71dea7c26db633e2af7e3fc9ca4516c
+        SHA1: 1ffad2d690442310d981d7dd8b2f37e95597822e
+        SHA256: bf2ab728d27075bf2245ddc3257ad8df5179c8c4a449493ea995af9a979d6a2e
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2013 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2013-12-03 16:32:24'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.0.0.0
+    Filename: ''
+    ImportedFunctions:
+    - KeBugCheck
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsInitialSystemProcess
+    - ObfDereferenceObject
+    - PsLookupProcessByProcessId
+    - PsGetProcessImageFileName
+    - PsGetProcessId
+    - ZwClose
+    - ZwSetInformationProcess
+    - ZwDuplicateToken
+    - ObOpenObjectByPointer
+    - IofCompleteRequest
+    - PsDereferencePrimaryToken
+    - PsReferencePrimaryToken
+    - IoGetCurrentProcess
+    - RtlCompareMemory
+    - ZwOpenProcessTokenEx
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - KeServiceDescriptorTable
+    - MmGetSystemRoutineAddress
+    - RtlInitUnicodeString
+    - IoEnumerateRegisteredFiltersList
+    - KeTickCount
+    - NtBuildNumber
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - memset
+    - PsProcessType
+    - _vsnwprintf
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwind
+    - KeBugCheckEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltGetVolumeFromInstance
+    - FltObjectDereference
+    - FltEnumerateFilters
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: d5918d735a23f746f0e83f724c4f26e5
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.0.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 9ef7d3e0d40381093233ad6158457c82
+        SHA1: de9692ae52b47eb6c3384d87c48ae5b8abec3472
+        SHA256: 38e33f9063e4b5374496e628a2d0cc0858d3b9ce65fd320d40928b79a0fef5e9
+    SHA1: 607387cc90b93d58d6c9a432340261fde846b1d9
+    SHA256: 30e083cd7616b1b969a92fd18cf03097735596cce7fcf3254b2ca344e526acc2
+    Sections:
+        .text:
+            Entropy: 6.2023192982706234
+            Virtual Size: '0x1fec'
+        .rdata:
+            Entropy: 3.522726552178584
+            Virtual Size: '0xbe4'
+        .data:
+            Entropy: 3.0756426415570397
+            Virtual Size: '0x984'
+        PAGE:
+            Entropy: 5.811183490770206
+            Virtual Size: '0x266'
+        INIT:
+            Entropy: 5.304412008980706
+            Virtual Size: '0x4d8'
+        .rsrc:
+            Entropy: 3.354329850500769
+            Virtual Size: '0x440'
+        .reloc:
+            Entropy: 5.788661304677221
+            Virtual Size: '0x34a'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Timestamping CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2028-01-28 12:00:00'
+            Signature: 4e5e56901e46b4d94931f3bb1739281bc216ddfd41dc0905049b6fb2a29ad6992e40990055b5ea3fa52076d38634d417cc553ac782eeefa8babcd8069f1550dfcd167b523a02d7191afdaff0785ce04bc518df3a241edaacb8a95804020730dbb0125efe31bef00448f4f070f83a5e5683cf3dfb0dbcf4c5ed979db9d4dba52784e3389b8ba735864420a43b6da46a0ba183fd28ebdaef28f6cc885dfb0a3b00abe021ebe22f356c0f8e344597eba2f79933357ecb9a8abb454de73f9fc2d98afa65b26ec77e65ffe892e12c31a2f7b02736488f266f3bee4d761f79c3e57f9635bc2d0ecc01b08e7fff518080a792d4b34446648c874f166307314b63b0dff3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee152d7
+            Version: 3
+            TBS:
+                MD5: e140543fe3256027cfa79fc3c19c1776
+                SHA1: c655f94eb1ecc93de319fc0c9a2dc6c5ec063728
+                SHA256: 3ca71e85908ff67368e4dc00253f5691b9e6d50c966e7784143d75fb92aa3448
+                SHA384: d9d366f9328f2b55ee19a32cc5fd5148b81d764282fe5dc196c872ae249caa51d2c212ef39f33945dfe0cda81925e326
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=SG, O=GMO GlobalSign Pte Ltd, CN=GlobalSign TSA for MS Authenticode
+                , G1
+            ValidFrom: '2013-08-23 00:00:00'
+            ValidTo: '2024-09-23 00:00:00'
+            Signature: 0231142e5857644185e8af12753c881cc35eec2ce9a13cf5baaa531db9d12963dc436786d439dadec6c9ffbe4585f4a4d7c151ea18ee40585ee67bcca241291338c8ea21169cce90a62efba6cad994df401df902182bbef65d4f9fff9a48dbc50509ca80cea0f9dc4bc323e6038fb4b4af5b71296191181a6b7af2fd0dd1cd7d5e98ebba705ee5f4ea43de353dc514818adb3e105ebb72faa1a093ab031cc1653c91138b045d2bc4b9161bcc55c50ce8abe743c9b28328a5531347ab3964b91cea3430b176009521f1d43da8fda00032d76e983ca69c3b0b83becbb8bb2a268c59b8b9aeaf26ace234a2dc210d810b3813f745a3e3dbc4aca16d1bb7e5615cd7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1121405c1f0ed258882be54d8686ba11ea45
+            Version: 3
+            TBS:
+                MD5: b95cbc184d388718612d5933f7b36770
+                SHA1: ff124c5d160710720108616ffee99bbe090ed363
+                SHA256: 13027620255363f07bbf85ae7d0dc06c07d8b0f4368b12f983ee3f4fce605733
+                SHA384: f42ed00f615f2822dcd3d33794477428afb52ddab932ebcde3586f92a27e18f9faba6b3334ca4e59e0cb24bdbf8395a6
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 87fd2b54ed568e2294300e164b8c46f7
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: add099b0c47042a564bcd05951d11bb0
+        SHA1: 37cdbacc289a5750701dd418f39d933f29e3c5d6
+        SHA256: 91e64a75caa5015cb1d874372e4fdfefa506de680a962fdd97b83206bdf1e27e
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2016 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2016-10-05 12:44:38'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.1.0.0
+    Filename: ''
+    ImportedFunctions:
+    - NtBuildNumber
+    - IofCompleteRequest
+    - KeBugCheck
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsInitialSystemProcess
+    - ObfDereferenceObject
+    - PsLookupProcessByProcessId
+    - PsGetProcessImageFileName
+    - PsGetProcessId
+    - ZwClose
+    - ZwSetInformationProcess
+    - ZwDuplicateToken
+    - ObOpenObjectByPointer
+    - PsProcessType
+    - RtlInitUnicodeString
+    - PsReferencePrimaryToken
+    - IoGetCurrentProcess
+    - RtlCompareMemory
+    - ZwOpenProcessTokenEx
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - IoFreeMdl
+    - MmUnlockPages
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - memcpy
+    - KeServiceDescriptorTable
+    - IoEnumerateRegisteredFiltersList
+    - KeTickCount
+    - MmGetSystemRoutineAddress
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - memset
+    - PsDereferencePrimaryToken
+    - _vsnwprintf
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwind
+    - KeBugCheckEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltGetVolumeFromInstance
+    - FltObjectDereference
+    - FltEnumerateFilters
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: 32b67a6cd6dd998b9f563ed13d54a8bc
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.1.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: c4873a245675b1071413f34af4d80050
+        SHA1: dd32c95fe9c3a8bcfa7623a732f2492214ff5881
+        SHA256: 2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
+    SHA1: acb8e45ebd1252313ece94198df47edf9294e7d3
+    SHA256: 897f2bbe81fc3b1ae488114b93f3eb0133a85678d061c7a6f718507971f33736
+    Sections:
+        .text:
+            Entropy: 6.192606376629303
+            Virtual Size: '0x235e'
+        .rdata:
+            Entropy: 3.5619611126304327
+            Virtual Size: '0xd74'
+        .data:
+            Entropy: 3.090718615812188
+            Virtual Size: '0xc38'
+        PAGE:
+            Entropy: 5.808211110642614
+            Virtual Size: '0x266'
+        INIT:
+            Entropy: 5.323943395070341
+            Virtual Size: '0x538'
+        .rsrc:
+            Entropy: 3.3682712956797647
+            Virtual Size: '0x440'
+        .reloc:
+            Entropy: 5.885744788394298
+            Virtual Size: '0x3c2'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 3b49942ec6cef1898e97f741b2b5df8a
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 2e4dfda0e2f4d7987914bbfb65851dbc
+        SHA1: df5b27a1f2eacf4dc0f0c74cff377ffc4299fbcc
+        SHA256: 16b6a65d569ad3d0a1ff5aaf2374c28cebab4a289ffee42b79f7a48d5979b579
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2020 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2020-08-06 18:22:25'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.2.0.0
+    Filename: ''
+    ImportedFunctions:
+    - KeBugCheck
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsProcessType
+    - PsGetProcessImageFileName
+    - PsLookupProcessByProcessId
+    - PsReferencePrimaryToken
+    - ZwOpenProcessTokenEx
+    - IoGetCurrentProcess
+    - ZwSetInformationProcess
+    - ZwClose
+    - ZwDuplicateToken
+    - PsInitialSystemProcess
+    - _vsnwprintf
+    - ObfDereferenceObject
+    - ObOpenObjectByPointer
+    - PsGetProcessId
+    - PsDereferencePrimaryToken
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - IoFreeMdl
+    - MmProbeAndLockPages
+    - MmUnlockPages
+    - IoAllocateMdl
+    - ZwUnloadKey
+    - IoEnumerateRegisteredFiltersList
+    - KeBugCheckEx
+    - MmGetSystemRoutineAddress
+    - IoDeleteDevice
+    - RtlInitUnicodeString
+    - NtBuildNumber
+    - RtlCompareMemory
+    - IoDeleteSymbolicLink
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwindEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltEnumerateFilters
+    - FltObjectDereference
+    - FltGetVolumeFromInstance
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: 19b15eeccab0752c6793f782ca665a45
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.2.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: d45d2640e1584c776a1d10e5f695d7ad
+        SHA1: fef88c261764494d9a145b37b7739f3454786729
+        SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
+    SHA1: ac18c7847c32957abe8155bcbe71c1f35753b527
+    SHA256: 569fe70bedd0df8585689b0e88ad8bd0544fdf88b9dbfc2076f4bdbcf89c28aa
+    Sections:
+        .text:
+            Entropy: 6.133976095876382
+            Virtual Size: '0x329c'
+        .rdata:
+            Entropy: 3.8367849020686293
+            Virtual Size: '0x1490'
+        .data:
+            Entropy: 2.1710929957450715
+            Virtual Size: '0x1c54'
+        .pdata:
+            Entropy: 3.9857737110778095
+            Virtual Size: '0x1b0'
+        PAGE:
+            Entropy: 6.058535435224619
+            Virtual Size: '0x28b'
+        INIT:
+            Entropy: 5.119968261124173
+            Virtual Size: '0x5e6'
+        .rsrc:
+            Entropy: 3.3478109419215607
+            Virtual Size: '0x430'
+        .reloc:
+            Entropy: 5.011052354824561
+            Virtual Size: '0x288'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2026-04-13 10:00:00'
+            Signature: 1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 751e3ee9c5dc2f3e8f04e59dee5ed409
+            Version: 3
+            TBS:
+                MD5: a637f8f3c278575f41cda67c2063c050
+                SHA1: debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
+                SHA256: f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
+                SHA384: 8d32c5f71dc656c96a04609c17e9d8dc95c4f56d1a55165a265e244d34a3f7708e6c7d942376e4fbb3d2ac2f2609fd47
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 059c6bd84285f4960e767f032b33f19b
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 243674ce6fa37a4276281283eddf4ff8
+        SHA1: f930d8984de2ce203b9bfd509cf8ae48a483245c
+        SHA256: 11dc70eb8864bc00b4b8e7c62a52c4602864e2ec717cc0606e1252b119c91085
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2019 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2019-04-14 17:18:06'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.2.0.0
+    Filename: ''
+    ImportedFunctions:
+    - KeBugCheck
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsProcessType
+    - PsGetProcessImageFileName
+    - PsLookupProcessByProcessId
+    - PsReferencePrimaryToken
+    - ZwOpenProcessTokenEx
+    - IoGetCurrentProcess
+    - ZwSetInformationProcess
+    - ZwClose
+    - ZwDuplicateToken
+    - PsInitialSystemProcess
+    - _vsnwprintf
+    - ObfDereferenceObject
+    - ObOpenObjectByPointer
+    - PsGetProcessId
+    - PsDereferencePrimaryToken
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - IoFreeMdl
+    - MmProbeAndLockPages
+    - MmUnlockPages
+    - IoAllocateMdl
+    - ZwUnloadKey
+    - IoEnumerateRegisteredFiltersList
+    - KeBugCheckEx
+    - MmGetSystemRoutineAddress
+    - IoDeleteDevice
+    - RtlInitUnicodeString
+    - NtBuildNumber
+    - RtlCompareMemory
+    - IoDeleteSymbolicLink
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwindEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltEnumerateFilters
+    - FltObjectDereference
+    - FltGetVolumeFromInstance
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: 4e906fcb13e2793c98f47291fd69391b
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.2.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: d45d2640e1584c776a1d10e5f695d7ad
+        SHA1: fef88c261764494d9a145b37b7739f3454786729
+        SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
+    SHA1: 492e40b01a9a6cec593691db4838f20b3eaeacc5
+    SHA256: 07beac65e28ee124f1da354293a3d6ad7250ed1ce29b8342acfd22252548a5af
+    Sections:
+        .text:
+            Entropy: 6.137402743772031
+            Virtual Size: '0x323c'
+        .rdata:
+            Entropy: 3.8392933065158275
+            Virtual Size: '0x1460'
+        .data:
+            Entropy: 2.2583232763427667
+            Virtual Size: '0x17a4'
+        .pdata:
+            Entropy: 4.06852005250443
+            Virtual Size: '0x1b0'
+        PAGE:
+            Entropy: 6.079527011018308
+            Virtual Size: '0x28b'
+        INIT:
+            Entropy: 5.119968261124173
+            Virtual Size: '0x5e6'
+        .rsrc:
+            Entropy: 3.3547531988948798
+            Virtual Size: '0x430'
+        .reloc:
+            Entropy: 4.873734410850681
+            Virtual Size: '0x22e'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 059c6bd84285f4960e767f032b33f19b
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 846935ae07a68052a0bcc0f776d4c68f
+        SHA1: d40b1915ba1a63afcaeb9bef9e318d624939f971
+        SHA256: 1f43d0680cecea2db04d2f2eff7ff37a13beec280e62b76b9dbdc38d0e225fca
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2019 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2019-07-20 14:57:09'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.2.0.0
+    Filename: ''
+    ImportedFunctions:
+    - NtBuildNumber
+    - IofCompleteRequest
+    - KeBugCheck
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsInitialSystemProcess
+    - ObfDereferenceObject
+    - PsLookupProcessByProcessId
+    - PsGetProcessImageFileName
+    - PsGetProcessId
+    - ZwClose
+    - ZwSetInformationProcess
+    - ZwDuplicateToken
+    - ObOpenObjectByPointer
+    - PsProcessType
+    - RtlInitUnicodeString
+    - PsReferencePrimaryToken
+    - IoGetCurrentProcess
+    - RtlCompareMemory
+    - ZwOpenProcessTokenEx
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - IoFreeMdl
+    - MmUnlockPages
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - memcpy
+    - KeServiceDescriptorTable
+    - IoEnumerateRegisteredFiltersList
+    - KeTickCount
+    - MmGetSystemRoutineAddress
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - memset
+    - PsDereferencePrimaryToken
+    - _vsnwprintf
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwind
+    - KeBugCheckEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltGetVolumeFromInstance
+    - FltObjectDereference
+    - FltEnumerateFilters
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: bb5bda8889d8d27ef984dbd6ad82c946
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.2.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: c4873a245675b1071413f34af4d80050
+        SHA1: dd32c95fe9c3a8bcfa7623a732f2492214ff5881
+        SHA256: 2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
+    SHA1: 947c76c8c8ba969797f56afd1fa1d1c4a1e3ed25
+    SHA256: 406b844f4b5c82caf26056c67f9815ad8ecf1e6e5b07d446b456e5ff4a1476f9
+    Sections:
+        .text:
+            Entropy: 6.2035733322045745
+            Virtual Size: '0x23f4'
+        .rdata:
+            Entropy: 3.5749040890670303
+            Virtual Size: '0xed4'
+        .data:
+            Entropy: 2.8516013173925066
+            Virtual Size: '0x1264'
+        PAGE:
+            Entropy: 5.795549160299263
+            Virtual Size: '0x266'
+        INIT:
+            Entropy: 5.429489696991249
+            Virtual Size: '0x538'
+        .rsrc:
+            Entropy: 3.3528875272530887
+            Virtual Size: '0x430'
+        .reloc:
+            Entropy: 5.93822728458253
+            Virtual Size: '0x464'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 3b49942ec6cef1898e97f741b2b5df8a
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: fd56e10ef3039c2f905eeec90aa92e2f
+        SHA1: 7a59fe7acd7abc6dcf89dd3db31d37ea0da458dc
+        SHA256: 0895a8fa3ee38bb38cb9fcd0183cf9466c7577eab746b3540bd0b2f282246dc6
+    Company: ''
+    Copyright: Copyright (c) 2007 - 2015 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2015-08-25 03:30:50'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsProcessType
+    - PsGetProcessImageFileName
+    - PsLookupProcessByProcessId
+    - PsReferencePrimaryToken
+    - ZwOpenProcessTokenEx
+    - IoGetCurrentProcess
+    - ZwSetInformationProcess
+    - ZwClose
+    - ZwDuplicateToken
+    - PsInitialSystemProcess
+    - RtlCompareMemory
+    - ObfDereferenceObject
+    - IofCompleteRequest
+    - PsGetProcessId
+    - PsDereferencePrimaryToken
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - IoFreeMdl
+    - MmProbeAndLockPages
+    - MmUnlockPages
+    - IoAllocateMdl
+    - ZwUnloadKey
+    - RtlInitUnicodeString
+    - MmGetSystemRoutineAddress
+    - PsSetCreateProcessNotifyRoutine
+    - IoEnumerateRegisteredFiltersList
+    - KeBugCheckEx
+    - KeBugCheck
+    - _vsnwprintf
+    - IoDeleteDevice
+    - NtBuildNumber
+    - ObOpenObjectByPointer
+    - IoDeleteSymbolicLink
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwindEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltEnumerateFilters
+    - FltObjectDereference
+    - FltGetVolumeFromInstance
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: 3b71eab204a5f7ed77811e41fed73105
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.0.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 94bfa9368ea43c71afa29bad9fc60535
+        SHA1: d8e5ebd3ca141f00753a138144cd1319d755858b
+        SHA256: 5c236619ead1fde5073ecb323d1c2701a7c522489118cee4ffb4ccf14efc355f
+    SHA1: 6ae26bde7ec27bd0fa971de6c7500eee34ee9b51
+    SHA256: 2faf95a3405578d0e613c8d88d534aa7233da0a6217ce8475890140ab8fb33c8
+    Sections:
+        .text:
+            Entropy: 6.1491487342367845
+            Virtual Size: '0x342c'
+        .rdata:
+            Entropy: 3.88525043172923
+            Virtual Size: '0x121c'
+        .data:
+            Entropy: 2.603720407225135
+            Virtual Size: '0xe7c'
+        .pdata:
+            Entropy: 4.029672285693752
+            Virtual Size: '0x1d4'
+        PAGE:
+            Entropy: 6.075319996890446
+            Virtual Size: '0x28b'
+        INIT:
+            Entropy: 5.107085003103007
+            Virtual Size: '0x610'
+        .rsrc:
+            Entropy: 3.0131387129044507
+            Virtual Size: '0x440'
+        .reloc:
+            Entropy: 4.483127055768285
+            Virtual Size: '0x172'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: caa08a0ba5f679b1e5bbae747cb9d626
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 7fe1115f2a03e8be8e8b37c19fc4f655
+        SHA1: 62afdbf554f7c383c2e5bd502ad119e3d207bee9
+        SHA256: d5f58cbce305cbd4397c1da5e1a51d78575c67616f6d9c7d764f87cda540fa62
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2020 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2020-08-09 14:44:41'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.2.0.0
+    Filename: ''
+    ImportedFunctions:
+    - NtBuildNumber
+    - IofCompleteRequest
+    - KeBugCheck
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsInitialSystemProcess
+    - ObfDereferenceObject
+    - PsLookupProcessByProcessId
+    - PsGetProcessImageFileName
+    - PsGetProcessId
+    - ZwClose
+    - ZwSetInformationProcess
+    - ZwDuplicateToken
+    - ObOpenObjectByPointer
+    - PsProcessType
+    - RtlInitUnicodeString
+    - PsReferencePrimaryToken
+    - IoGetCurrentProcess
+    - RtlCompareMemory
+    - ZwOpenProcessTokenEx
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - IoFreeMdl
+    - MmUnlockPages
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - memcpy
+    - KeServiceDescriptorTable
+    - IoEnumerateRegisteredFiltersList
+    - KeTickCount
+    - MmGetSystemRoutineAddress
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - memset
+    - PsDereferencePrimaryToken
+    - _vsnwprintf
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwind
+    - KeBugCheckEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltGetVolumeFromInstance
+    - FltObjectDereference
+    - FltEnumerateFilters
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: 01c2e4d8234258451083d6ce4e8910b7
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.2.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: c4873a245675b1071413f34af4d80050
+        SHA1: dd32c95fe9c3a8bcfa7623a732f2492214ff5881
+        SHA256: 2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
+    SHA1: 30a80f560f18609c1123636a8a1a1ef567fa67a7
+    SHA256: 10ad50fcb360dcab8539ea322aaf2270565dc835b7535790937348523d723d6b
+    Sections:
+        .text:
+            Entropy: 6.2064317372812985
+            Virtual Size: '0x2404'
+        .rdata:
+            Entropy: 3.546117070764226
+            Virtual Size: '0xff4'
+        .data:
+            Entropy: 2.813191841547333
+            Virtual Size: '0x14dc'
+        PAGE:
+            Entropy: 5.804360087879422
+            Virtual Size: '0x266'
+        INIT:
+            Entropy: 5.4281677070245955
+            Virtual Size: '0x538'
+        .rsrc:
+            Entropy: 3.3459452702797696
+            Virtual Size: '0x430'
+        .reloc:
+            Entropy: 6.0011548156682
+            Virtual Size: '0x4a0'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2026-04-13 10:00:00'
+            Signature: 1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 751e3ee9c5dc2f3e8f04e59dee5ed409
+            Version: 3
+            TBS:
+                MD5: a637f8f3c278575f41cda67c2063c050
+                SHA1: debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
+                SHA256: f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
+                SHA384: 8d32c5f71dc656c96a04609c17e9d8dc95c4f56d1a55165a265e244d34a3f7708e6c7d942376e4fbb3d2ac2f2609fd47
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 3b49942ec6cef1898e97f741b2b5df8a
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 0917b8ea0d9d70b92cd391196b7f6ef7
+        SHA1: 10f7ced8bc6e3d8726fbef18229b42880cf65bad
+        SHA256: c005f1bcb549d76ab86390217ad6b3a2226ec74fd6f4595c0fd28b73102b1b99
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2017 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2018-05-26 18:37:46'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.1.1.0
+    Filename: ''
+    ImportedFunctions:
+    - KeBugCheck
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsProcessType
+    - PsGetProcessImageFileName
+    - PsLookupProcessByProcessId
+    - PsReferencePrimaryToken
+    - ZwOpenProcessTokenEx
+    - IoGetCurrentProcess
+    - ZwSetInformationProcess
+    - ZwClose
+    - ZwDuplicateToken
+    - PsInitialSystemProcess
+    - _vsnwprintf
+    - ObfDereferenceObject
+    - ObOpenObjectByPointer
+    - PsGetProcessId
+    - PsDereferencePrimaryToken
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - IoFreeMdl
+    - MmProbeAndLockPages
+    - MmUnlockPages
+    - IoAllocateMdl
+    - ZwUnloadKey
+    - IoEnumerateRegisteredFiltersList
+    - KeBugCheckEx
+    - MmGetSystemRoutineAddress
+    - IoDeleteDevice
+    - RtlInitUnicodeString
+    - NtBuildNumber
+    - RtlCompareMemory
+    - IoDeleteSymbolicLink
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwindEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltEnumerateFilters
+    - FltObjectDereference
+    - FltGetVolumeFromInstance
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: 72f53f55898548767e0276c472be41e8
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.1.1.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: d45d2640e1584c776a1d10e5f695d7ad
+        SHA1: fef88c261764494d9a145b37b7739f3454786729
+        SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
+    SHA1: 8416ee8fd88c3d069fbba90e959507c69a0ee3e9
+    SHA256: 8b30b2dc36d5e8f1ffc7281352923773fb821cdf66eb6516f82c697a524b599b
+    Sections:
+        .text:
+            Entropy: 6.1419629238500235
+            Virtual Size: '0x31fc'
+        .rdata:
+            Entropy: 3.8514128499124776
+            Virtual Size: '0x13d0'
+        .data:
+            Entropy: 2.2863945965626136
+            Virtual Size: '0x1614'
+        .pdata:
+            Entropy: 4.052479770333054
+            Virtual Size: '0x1b0'
+        PAGE:
+            Entropy: 6.093773811863592
+            Virtual Size: '0x28b'
+        INIT:
+            Entropy: 5.119968261124173
+            Virtual Size: '0x5e6'
+        .rsrc:
+            Entropy: 3.3614073432360265
+            Virtual Size: '0x438'
+        .reloc:
+            Entropy: 4.830405545722778
+            Virtual Size: '0x210'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 059c6bd84285f4960e767f032b33f19b
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 48a22b033380a73fd1f58d9704fd93fc
+        SHA1: 0e9efb3a9f4a93e1a2bb03d5814a9bbeb2257898
+        SHA256: 9b6d450b6e2b66e8356b9d8a354e8c3a96426b7f15adf2f2025dda13c01881a3
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2017 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2018-04-23 17:21:28'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.1.1.0
+    Filename: ''
+    ImportedFunctions:
+    - NtBuildNumber
+    - IofCompleteRequest
+    - KeBugCheck
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsInitialSystemProcess
+    - ObfDereferenceObject
+    - PsLookupProcessByProcessId
+    - PsGetProcessImageFileName
+    - PsGetProcessId
+    - ZwClose
+    - ZwSetInformationProcess
+    - ZwDuplicateToken
+    - ObOpenObjectByPointer
+    - PsProcessType
+    - RtlInitUnicodeString
+    - PsReferencePrimaryToken
+    - IoGetCurrentProcess
+    - RtlCompareMemory
+    - ZwOpenProcessTokenEx
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - IoFreeMdl
+    - MmUnlockPages
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - memcpy
+    - KeServiceDescriptorTable
+    - IoEnumerateRegisteredFiltersList
+    - KeTickCount
+    - MmGetSystemRoutineAddress
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - memset
+    - PsDereferencePrimaryToken
+    - _vsnwprintf
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwind
+    - KeBugCheckEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltGetVolumeFromInstance
+    - FltObjectDereference
+    - FltEnumerateFilters
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: 7d26985a5048bad57d9c223362f3d55c
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.1.1.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: c4873a245675b1071413f34af4d80050
+        SHA1: dd32c95fe9c3a8bcfa7623a732f2492214ff5881
+        SHA256: 2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
+    SHA1: 9f27987c32321f8da099efc1dc60a73f8f629d3a
+    SHA256: 7662187c236003308a7951c2f49c0768636c492f8935292d02f69e59b01d236d
+    Sections:
+        .text:
+            Entropy: 6.202511657588269
+            Virtual Size: '0x23ae'
+        .rdata:
+            Entropy: 3.53853709337898
+            Virtual Size: '0xe24'
+        .data:
+            Entropy: 2.9048205574982506
+            Virtual Size: '0xff4'
+        PAGE:
+            Entropy: 5.788042895055868
+            Virtual Size: '0x266'
+        INIT:
+            Entropy: 5.325440401058365
+            Virtual Size: '0x538'
+        .rsrc:
+            Entropy: 3.3804140325955863
+            Virtual Size: '0x440'
+        .reloc:
+            Entropy: 5.981826468919802
+            Virtual Size: '0x41e'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 3b49942ec6cef1898e97f741b2b5df8a
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 00a7bf199ea8ddcd3598e68f4d186f78
+        SHA1: 85d77e69eb9e42b44266746233e28d027e77345c
+        SHA256: 81237053f6eeaf659970e9e5e7abba00261ec2b850b1f5b195d0888f8ce66d6f
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2014 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2014-01-02 17:13:08'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.0.0.0
+    Filename: ''
+    ImportedFunctions:
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsProcessType
+    - PsGetProcessImageFileName
+    - PsLookupProcessByProcessId
+    - PsReferencePrimaryToken
+    - ZwOpenProcessTokenEx
+    - IoGetCurrentProcess
+    - ZwSetInformationProcess
+    - ZwClose
+    - ZwDuplicateToken
+    - PsInitialSystemProcess
+    - IofCompleteRequest
+    - ObfDereferenceObject
+    - ObOpenObjectByPointer
+    - PsGetProcessId
+    - PsDereferencePrimaryToken
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - ZwUnloadKey
+    - RtlInitUnicodeString
+    - MmGetSystemRoutineAddress
+    - IoEnumerateRegisteredFiltersList
+    - KeBugCheckEx
+    - KeBugCheck
+    - _vsnwprintf
+    - IoDeleteDevice
+    - NtBuildNumber
+    - RtlCompareMemory
+    - IoDeleteSymbolicLink
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwindEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltEnumerateFilters
+    - FltObjectDereference
+    - FltGetVolumeFromInstance
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: 4484f4007de2c3ee4581a2cff77ca3b4
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.0.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 63c6b4112622c2a9182cdd1d0d5235d7
+        SHA1: 3e48025a171d18c5839ab1e58b64dbc6483417d0
+        SHA256: ed34aa4b85d59a228c388a98cfa6395194fde9f005fc0bb1aa2ec852377d82f6
+    SHA1: 40372b4de2db020ce2659e1de806d4338fd7ebef
+    SHA256: bcca03ce1dd040e67eb71a7be0b75576316f0b6587b2058786fda8b6f0a5adfd
+    Sections:
+        .text:
+            Entropy: 6.137509891402374
+            Virtual Size: '0x2e3c'
+        .rdata:
+            Entropy: 3.8666471354954095
+            Virtual Size: '0xfcc'
+        .data:
+            Entropy: 2.468702019455969
+            Virtual Size: '0xc74'
+        .pdata:
+            Entropy: 4.028550043812694
+            Virtual Size: '0x1a4'
+        PAGE:
+            Entropy: 6.038047089814424
+            Virtual Size: '0x28b'
+        INIT:
+            Entropy: 5.100099905349228
+            Virtual Size: '0x584'
+        .rsrc:
+            Entropy: 3.3527586134193843
+            Virtual Size: '0x440'
+        .reloc:
+            Entropy: 4.490003473368671
+            Virtual Size: '0x13e'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Timestamping CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2028-01-28 12:00:00'
+            Signature: 4e5e56901e46b4d94931f3bb1739281bc216ddfd41dc0905049b6fb2a29ad6992e40990055b5ea3fa52076d38634d417cc553ac782eeefa8babcd8069f1550dfcd167b523a02d7191afdaff0785ce04bc518df3a241edaacb8a95804020730dbb0125efe31bef00448f4f070f83a5e5683cf3dfb0dbcf4c5ed979db9d4dba52784e3389b8ba735864420a43b6da46a0ba183fd28ebdaef28f6cc885dfb0a3b00abe021ebe22f356c0f8e344597eba2f79933357ecb9a8abb454de73f9fc2d98afa65b26ec77e65ffe892e12c31a2f7b02736488f266f3bee4d761f79c3e57f9635bc2d0ecc01b08e7fff518080a792d4b34446648c874f166307314b63b0dff3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee152d7
+            Version: 3
+            TBS:
+                MD5: e140543fe3256027cfa79fc3c19c1776
+                SHA1: c655f94eb1ecc93de319fc0c9a2dc6c5ec063728
+                SHA256: 3ca71e85908ff67368e4dc00253f5691b9e6d50c966e7784143d75fb92aa3448
+                SHA384: d9d366f9328f2b55ee19a32cc5fd5148b81d764282fe5dc196c872ae249caa51d2c212ef39f33945dfe0cda81925e326
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=SG, O=GMO GlobalSign Pte Ltd, CN=GlobalSign TSA for MS Authenticode
+                , G1
+            ValidFrom: '2013-08-23 00:00:00'
+            ValidTo: '2024-09-23 00:00:00'
+            Signature: 0231142e5857644185e8af12753c881cc35eec2ce9a13cf5baaa531db9d12963dc436786d439dadec6c9ffbe4585f4a4d7c151ea18ee40585ee67bcca241291338c8ea21169cce90a62efba6cad994df401df902182bbef65d4f9fff9a48dbc50509ca80cea0f9dc4bc323e6038fb4b4af5b71296191181a6b7af2fd0dd1cd7d5e98ebba705ee5f4ea43de353dc514818adb3e105ebb72faa1a093ab031cc1653c91138b045d2bc4b9161bcc55c50ce8abe743c9b28328a5531347ab3964b91cea3430b176009521f1d43da8fda00032d76e983ca69c3b0b83becbb8bb2a268c59b8b9aeaf26ace234a2dc210d810b3813f745a3e3dbc4aca16d1bb7e5615cd7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1121405c1f0ed258882be54d8686ba11ea45
+            Version: 3
+            TBS:
+                MD5: b95cbc184d388718612d5933f7b36770
+                SHA1: ff124c5d160710720108616ffee99bbe090ed363
+                SHA256: 13027620255363f07bbf85ae7d0dc06c07d8b0f4368b12f983ee3f4fce605733
+                SHA384: f42ed00f615f2822dcd3d33794477428afb52ddab932ebcde3586f92a27e18f9faba6b3334ca4e59e0cb24bdbf8395a6
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: a6c4a7369500900fc172f9557cff22cf
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: ae57b5e19b5c4a3f750425dc18f78452
+        SHA1: f59c9783573dccbfe1efbfb6c939aeecbcb2928b
+        SHA256: f2b0d70e2d55a5f69ddaac13460cfcd63746ac1c09f826772cca5b857dde240a
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2014 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2014-06-09 17:33:12'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.0.0.0
+    Filename: ''
+    ImportedFunctions:
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsProcessType
+    - PsGetProcessImageFileName
+    - PsLookupProcessByProcessId
+    - PsReferencePrimaryToken
+    - ZwOpenProcessTokenEx
+    - IoGetCurrentProcess
+    - ZwSetInformationProcess
+    - ZwClose
+    - ZwDuplicateToken
+    - PsInitialSystemProcess
+    - RtlCompareMemory
+    - ObfDereferenceObject
+    - IofCompleteRequest
+    - PsGetProcessId
+    - PsDereferencePrimaryToken
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - IoFreeMdl
+    - MmProbeAndLockPages
+    - MmUnlockPages
+    - IoAllocateMdl
+    - ZwUnloadKey
+    - RtlInitUnicodeString
+    - MmGetSystemRoutineAddress
+    - IoEnumerateRegisteredFiltersList
+    - KeBugCheckEx
+    - KeBugCheck
+    - _vsnwprintf
+    - IoDeleteDevice
+    - NtBuildNumber
+    - ObOpenObjectByPointer
+    - IoDeleteSymbolicLink
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwindEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltEnumerateFilters
+    - FltObjectDereference
+    - FltGetVolumeFromInstance
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: 5eb2c576597dd21a6b44557c237cf896
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.0.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: d45d2640e1584c776a1d10e5f695d7ad
+        SHA1: fef88c261764494d9a145b37b7739f3454786729
+        SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
+    SHA1: 3533d0a54c7ccd83afd6be24f6582b30e4ca0aab
+    SHA256: 087270d57f1626f29ba9c25750ca19838a869b73a1f71af50bdf37d6ff776212
+    Sections:
+        .text:
+            Entropy: 6.150360472301313
+            Virtual Size: '0x30cc'
+        .rdata:
+            Entropy: 3.9091487744499416
+            Virtual Size: '0x1048'
+        .data:
+            Entropy: 2.4940165806266616
+            Virtual Size: '0xc74'
+        .pdata:
+            Entropy: 4.019695649249909
+            Virtual Size: '0x1bc'
+        PAGE:
+            Entropy: 6.037596647390289
+            Virtual Size: '0x28b'
+        INIT:
+            Entropy: 5.111217237674922
+            Virtual Size: '0x5e6'
+        .rsrc:
+            Entropy: 3.3527586134193843
+            Virtual Size: '0x440'
+        .reloc:
+            Entropy: 4.328299648937291
+            Virtual Size: '0x152'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: e97dc162f416bf06745bf9ffdf78a0ff
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: cbd8f153004048ba8bbf8782fb39be8b
+        SHA1: ef8533f6066e6d4088631e9e265918ea076da73f
+        SHA256: ae55720475ab1c67e39720954111b90e96a5ebf5d3b91277f4c225a228d8739a
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2017 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2018-03-17 17:21:22'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.1.1.0
+    Filename: ''
+    ImportedFunctions:
+    - KeBugCheck
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsProcessType
+    - PsGetProcessImageFileName
+    - PsLookupProcessByProcessId
+    - PsReferencePrimaryToken
+    - ZwOpenProcessTokenEx
+    - IoGetCurrentProcess
+    - ZwSetInformationProcess
+    - ZwClose
+    - ZwDuplicateToken
+    - PsInitialSystemProcess
+    - _vsnwprintf
+    - ObfDereferenceObject
+    - ObOpenObjectByPointer
+    - PsGetProcessId
+    - PsDereferencePrimaryToken
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - IoFreeMdl
+    - MmProbeAndLockPages
+    - MmUnlockPages
+    - IoAllocateMdl
+    - ZwUnloadKey
+    - IoEnumerateRegisteredFiltersList
+    - KeBugCheckEx
+    - MmGetSystemRoutineAddress
+    - IoDeleteDevice
+    - RtlInitUnicodeString
+    - NtBuildNumber
+    - RtlCompareMemory
+    - IoDeleteSymbolicLink
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwindEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltEnumerateFilters
+    - FltObjectDereference
+    - FltGetVolumeFromInstance
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: c5fc3605194e033bdf3781ff2adaeb61
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.1.1.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: d45d2640e1584c776a1d10e5f695d7ad
+        SHA1: fef88c261764494d9a145b37b7739f3454786729
+        SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
+    SHA1: 23f562f8d5650b2fb92382d228013f2e36e35d6c
+    SHA256: 40556dd9b79b755cc0b48d3d024ceb15bd2c0e04960062ab2a85cd7d4d1b724a
+    Sections:
+        .text:
+            Entropy: 6.144037436753497
+            Virtual Size: '0x31dc'
+        .rdata:
+            Entropy: 3.842413918825288
+            Virtual Size: '0x1390'
+        .data:
+            Entropy: 2.313119440407077
+            Virtual Size: '0x1494'
+        .pdata:
+            Entropy: 3.990039715462728
+            Virtual Size: '0x1b0'
+        PAGE:
+            Entropy: 6.084557222001841
+            Virtual Size: '0x28b'
+        INIT:
+            Entropy: 5.119968261124173
+            Virtual Size: '0x5e6'
+        .rsrc:
+            Entropy: 3.382946098314487
+            Virtual Size: '0x440'
+        .reloc:
+            Entropy: 4.8001308386334935
+            Virtual Size: '0x1f2'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority,
+                CN=Certum Code Signing CA SHA2
+            ValidFrom: '2015-10-29 11:30:29'
+            ValidTo: '2027-06-09 11:30:29'
+            Signature: aae53f7654024c700e29a93996060f31b70bf1a68b52fb108f4f425b8cbd312301669de829a14dc350faf7f8450e1d82d7fcfea6320473fd71eccc880fa39208c5815802fd0b693bcdb83f493dd08d1c1314682e9b0d9aadb019e29ed27c3977886f23fd7b84fc446db5ba6b7092556c94b1d837fda9591db463b2dc13cd788e2535c19a8f37842ed445cce3f5cc8d73a8e33a6de7959470579150b66def73724f2f028760e2ea22a1ed3efdd18b668d2e726d4fc65d35ee93a898d2676ae9da19cd0283f974fc5f7a1804281edd22333b766c47055dd552fe0eba76f38310c76e305fa760c7fa7427319b2883ed218a1bf1235284ed95bcad3aa5a342019dbc
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 6b326a0f0328d37a1d530bfd23bd48e2
+            Version: 3
+            TBS:
+                MD5: e556c75dbca00e43684d23c11c032d4a
+                SHA1: 50925e36ffd52e5b4d32689e9007b14a3a417168
+                SHA256: f7b6eeb3a567223000a61f68c53b458193557c17e5d512d2825bcb13e5fc9be5
+                SHA384: 57f1cdd3afe0bd7859ab450dbdf6e21a55cf5ba0dda62b9b3c12f2d885d98413ce6817243f6bb83cd77276643369ecbf
+        -   Subject: C=FR, O=Open Source Developer, ST=Ile de France, CN=Open Source
+                Developer, Benjamin Delpy, emailAddress=benjamin@gentilkiwi.com
+            ValidFrom: '2017-12-04 09:50:34'
+            ValidTo: '2018-12-04 09:50:34'
+            Signature: a671cf049079a759f4c1fa73dd7f3b3b84da6480a91a3c1a9d6d3bb1313d6714d14272b477c37a86b88a686344dcfd89c8af3a34deaaa5bab970adfa66c5ff206b22ef1954ccbf6b96fdf0f99e9066557fefbb5ddc55aa2a2891181d1a27b06acb79380b618344bd202361fb0399a7e6e6ccbcfa714265fa054e373261efaf6b74bc7e4c7994bcb832d61b3c573d2ec8c3926afb60d4b63428112dd6249c2a49cfded8fa33893fb2d452b135ad57be1ff7956825861e1fd53dfbc0cef82045fd699ebeb74230abfbac20467f087f6e7e2b19f0f961ea2f015c2e54e653507f9966193658afc237778e12001f05e1c6e0ec13d9574718593a2f2484cff950e019
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 1519af351702ab2d86968d0be928f529
+            Version: 3
+            TBS:
+                MD5: 7227ed4392de49333e052f8f17c41f69
+                SHA1: e019d8060f65cc923dab50ea282fb8895c1c75f9
+                SHA256: eee437f4170a21f7de0e590620ff2a9412f89af95e87589d0e5a1cca17f61825
+                SHA384: a5f32361dfa3828aebf139cb1017bba83111e1ce2c5dbd126751a1e7d8f19f3fb838926fc118e423fbe07187e84efc2b
+        -   Subject: C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority,
+                CN=Certum Trusted Network CA
+            ValidFrom: '2011-04-15 20:15:34'
+            ValidTo: '2021-04-15 20:25:34'
+            Signature: 419f12160eedee2491fe5d5f10a097a8749e0dccf3115163122a5bb95dc7afac5aa25c0002cb728e0d9225b6522653be3c77a2c28c8089d84118571ab8d05057c328e7fad044804e7e8933286f3a47ef5e231ef27afe3a2a19dead6b1a2847786e9bbfeb7367589a2719d8eb5c3d085860629d5914cf9e76b3cfd962af7b72ac80f9e015ab9c7a5c4b1c7083db7094117bd22a4c7734dc36cccd46d40b198c09f6610ade481c9b3fff0b43d7f1018061abda70cfa78444acb31cce2630f5ca5f696735836ea3888c0fb8939bd65b0615e64b7db950ab09e07b2beb4c1a6bba1cca791bc59f81bde443f02de195d5a166076ce6e5456e060bdbf5bc4395b88aa50555e59668ac1d31db3804bc1c3db61975d1b5802a821e385c4676256c4d8b7483544375e77bb395bfee13609e0ecdfbcaf73a2a52a0a625497a17193ae8941f2c8204035ea9513cef526f7b43ceda2b81b47fda1a2c6265d1ec2837823014319d15bdffacc88b256e41bd1f23741be3fcf94be2eb46e68151530ec94a84788deca8b80f8d4c7fe0f6b0d2c538b24f82c410fe87b88ec6b6b0f87c12a7b4834dfc1e8b6a5bf9d564793ed1e37e1af6c81e59db4dca605c577ea25877ecfa05260032a7f6ff134e98d86f5b434cb336e425bcd93b9f38e00ee9be81e6c91f0f022f8d3a1288a88e1bb1e776913e18de361228fef766557c5bd464487452c32189
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 613bc791000000000034
+            Version: 3
+            TBS:
+                MD5: f5f0d604dd56b0446f98fb67e98a76f8
+                SHA1: c749c146cc00030ff36ecf9b698e6a377bc15605
+                SHA256: df5dacc623d44348fff0bc8ebe2cedc8ba212e33c6f10d7fd608f37f92a2c273
+                SHA384: c394dc13768746f008b4ffa082d6e8a2e55a83052d63e3c0a8f2fcfc30dcd51849afd21b0adf86bc50490629a89da09b
+        Signer:
+        -   SerialNumber: 1519af351702ab2d86968d0be928f529
+            Issuer: C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority,
+                CN=Certum Code Signing CA SHA2
+            Version: 1
+    Imphash: 059c6bd84285f4960e767f032b33f19b
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: fd585505c4b2b1af4c34a2ce77d512e6
+        SHA1: f605c31d34752378a3fa7af3c9ea2a5d8f77abf8
+        SHA256: 6789e1a2e0d23528a91e49851bd95bceb6ffe9927f34b52a78ecc2b1d4bc13b8
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2017 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2017-03-17 20:17:55'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.1.0.0
+    Filename: ''
+    ImportedFunctions:
+    - NtBuildNumber
+    - IofCompleteRequest
+    - KeBugCheck
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsInitialSystemProcess
+    - ObfDereferenceObject
+    - PsLookupProcessByProcessId
+    - PsGetProcessImageFileName
+    - PsGetProcessId
+    - ZwClose
+    - ZwSetInformationProcess
+    - ZwDuplicateToken
+    - ObOpenObjectByPointer
+    - PsProcessType
+    - RtlInitUnicodeString
+    - PsReferencePrimaryToken
+    - IoGetCurrentProcess
+    - RtlCompareMemory
+    - ZwOpenProcessTokenEx
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - IoFreeMdl
+    - MmUnlockPages
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - memcpy
+    - KeServiceDescriptorTable
+    - IoEnumerateRegisteredFiltersList
+    - KeTickCount
+    - MmGetSystemRoutineAddress
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - memset
+    - PsDereferencePrimaryToken
+    - _vsnwprintf
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwind
+    - KeBugCheckEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltGetVolumeFromInstance
+    - FltObjectDereference
+    - FltEnumerateFilters
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: 154b45f072fe844676e6970612fd39c7
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.1.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: c4873a245675b1071413f34af4d80050
+        SHA1: dd32c95fe9c3a8bcfa7623a732f2492214ff5881
+        SHA256: 2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
+    SHA1: 161bae224cf184ed6c09c77fae866d42412c6d25
+    SHA256: 8684aec77b4c3cafc1a6594de7e95695fa698625d4206a6c4b201875f76a5b38
+    Sections:
+        .text:
+            Entropy: 6.189266621409851
+            Virtual Size: '0x235e'
+        .rdata:
+            Entropy: 3.5646360773808663
+            Virtual Size: '0xdc4'
+        .data:
+            Entropy: 2.9710357364934694
+            Virtual Size: '0xd68'
+        PAGE:
+            Entropy: 5.8055474754253495
+            Virtual Size: '0x266'
+        INIT:
+            Entropy: 5.325440401058366
+            Virtual Size: '0x538'
+        .rsrc:
+            Entropy: 3.3682712956797647
+            Virtual Size: '0x440'
+        .reloc:
+            Entropy: 5.910661392306955
+            Virtual Size: '0x3e0'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 3b49942ec6cef1898e97f741b2b5df8a
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: b6c12d1f29ddfb6ec890716547cf2d73
+        SHA1: a09ba29949130996281198fb44aef7a47ce105d7
+        SHA256: db7a15aa5b85845831dcdcebf837b22cf43fa572dd9cb0bb0d264af519b8d406
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2014 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2014-01-08 19:55:13'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.0.0.0
+    Filename: ''
+    ImportedFunctions:
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsProcessType
+    - PsGetProcessImageFileName
+    - PsLookupProcessByProcessId
+    - PsReferencePrimaryToken
+    - ZwOpenProcessTokenEx
+    - IoGetCurrentProcess
+    - ZwSetInformationProcess
+    - ZwClose
+    - ZwDuplicateToken
+    - PsInitialSystemProcess
+    - IofCompleteRequest
+    - ObfDereferenceObject
+    - ObOpenObjectByPointer
+    - PsGetProcessId
+    - PsDereferencePrimaryToken
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - ZwUnloadKey
+    - RtlInitUnicodeString
+    - MmGetSystemRoutineAddress
+    - IoEnumerateRegisteredFiltersList
+    - KeBugCheckEx
+    - KeBugCheck
+    - _vsnwprintf
+    - IoDeleteDevice
+    - NtBuildNumber
+    - RtlCompareMemory
+    - IoDeleteSymbolicLink
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwindEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltEnumerateFilters
+    - FltObjectDereference
+    - FltGetVolumeFromInstance
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: 17509f0a98dc5c5d52c3f9ac1428a21b
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.0.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 63c6b4112622c2a9182cdd1d0d5235d7
+        SHA1: 3e48025a171d18c5839ab1e58b64dbc6483417d0
+        SHA256: ed34aa4b85d59a228c388a98cfa6395194fde9f005fc0bb1aa2ec852377d82f6
+    SHA1: bbc8bd714c917bb1033f37e4808b4b002cd04166
+    SHA256: baf7fbc4743a81eb5e4511023692b2dfdc32ba670ba3e4ed8c09db7a19bd82d3
+    Sections:
+        .text:
+            Entropy: 6.137509891402374
+            Virtual Size: '0x2e3c'
+        .rdata:
+            Entropy: 3.8651251283660875
+            Virtual Size: '0xfcc'
+        .data:
+            Entropy: 2.468702019455969
+            Virtual Size: '0xc74'
+        .pdata:
+            Entropy: 4.028550043812694
+            Virtual Size: '0x1a4'
+        PAGE:
+            Entropy: 6.038047089814424
+            Virtual Size: '0x28b'
+        INIT:
+            Entropy: 5.100099905349228
+            Virtual Size: '0x584'
+        .rsrc:
+            Entropy: 3.3527586134193843
+            Virtual Size: '0x440'
+        .reloc:
+            Entropy: 4.490003473368671
+            Virtual Size: '0x13e'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Timestamping CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2028-01-28 12:00:00'
+            Signature: 4e5e56901e46b4d94931f3bb1739281bc216ddfd41dc0905049b6fb2a29ad6992e40990055b5ea3fa52076d38634d417cc553ac782eeefa8babcd8069f1550dfcd167b523a02d7191afdaff0785ce04bc518df3a241edaacb8a95804020730dbb0125efe31bef00448f4f070f83a5e5683cf3dfb0dbcf4c5ed979db9d4dba52784e3389b8ba735864420a43b6da46a0ba183fd28ebdaef28f6cc885dfb0a3b00abe021ebe22f356c0f8e344597eba2f79933357ecb9a8abb454de73f9fc2d98afa65b26ec77e65ffe892e12c31a2f7b02736488f266f3bee4d761f79c3e57f9635bc2d0ecc01b08e7fff518080a792d4b34446648c874f166307314b63b0dff3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee152d7
+            Version: 3
+            TBS:
+                MD5: e140543fe3256027cfa79fc3c19c1776
+                SHA1: c655f94eb1ecc93de319fc0c9a2dc6c5ec063728
+                SHA256: 3ca71e85908ff67368e4dc00253f5691b9e6d50c966e7784143d75fb92aa3448
+                SHA384: d9d366f9328f2b55ee19a32cc5fd5148b81d764282fe5dc196c872ae249caa51d2c212ef39f33945dfe0cda81925e326
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=SG, O=GMO GlobalSign Pte Ltd, CN=GlobalSign TSA for MS Authenticode
+                , G1
+            ValidFrom: '2013-08-23 00:00:00'
+            ValidTo: '2024-09-23 00:00:00'
+            Signature: 0231142e5857644185e8af12753c881cc35eec2ce9a13cf5baaa531db9d12963dc436786d439dadec6c9ffbe4585f4a4d7c151ea18ee40585ee67bcca241291338c8ea21169cce90a62efba6cad994df401df902182bbef65d4f9fff9a48dbc50509ca80cea0f9dc4bc323e6038fb4b4af5b71296191181a6b7af2fd0dd1cd7d5e98ebba705ee5f4ea43de353dc514818adb3e105ebb72faa1a093ab031cc1653c91138b045d2bc4b9161bcc55c50ce8abe743c9b28328a5531347ab3964b91cea3430b176009521f1d43da8fda00032d76e983ca69c3b0b83becbb8bb2a268c59b8b9aeaf26ace234a2dc210d810b3813f745a3e3dbc4aca16d1bb7e5615cd7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1121405c1f0ed258882be54d8686ba11ea45
+            Version: 3
+            TBS:
+                MD5: b95cbc184d388718612d5933f7b36770
+                SHA1: ff124c5d160710720108616ffee99bbe090ed363
+                SHA256: 13027620255363f07bbf85ae7d0dc06c07d8b0f4368b12f983ee3f4fce605733
+                SHA384: f42ed00f615f2822dcd3d33794477428afb52ddab932ebcde3586f92a27e18f9faba6b3334ca4e59e0cb24bdbf8395a6
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: a6c4a7369500900fc172f9557cff22cf
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 6eb9ad2adbe534c4bd984792bafd7d40
+        SHA1: 8e4ce688f1f6247b817e1c90c31e6496659f2551
+        SHA256: 8bec85d128eb0444f10fc89b95b2c6b84a8d0405cb0a6dbc30cff8ea4c0ca043
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2017 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2017-12-03 13:13:32'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.1.0.0
+    Filename: ''
+    ImportedFunctions:
+    - KeBugCheck
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsProcessType
+    - PsGetProcessImageFileName
+    - PsLookupProcessByProcessId
+    - PsReferencePrimaryToken
+    - ZwOpenProcessTokenEx
+    - IoGetCurrentProcess
+    - ZwSetInformationProcess
+    - ZwClose
+    - ZwDuplicateToken
+    - PsInitialSystemProcess
+    - _vsnwprintf
+    - ObfDereferenceObject
+    - ObOpenObjectByPointer
+    - PsGetProcessId
+    - PsDereferencePrimaryToken
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - IoFreeMdl
+    - MmProbeAndLockPages
+    - MmUnlockPages
+    - IoAllocateMdl
+    - ZwUnloadKey
+    - IoEnumerateRegisteredFiltersList
+    - KeBugCheckEx
+    - MmGetSystemRoutineAddress
+    - IoDeleteDevice
+    - RtlInitUnicodeString
+    - NtBuildNumber
+    - RtlCompareMemory
+    - IoDeleteSymbolicLink
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwindEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltEnumerateFilters
+    - FltObjectDereference
+    - FltGetVolumeFromInstance
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: 754e21482baf18b8b0ed0f4be462ba03
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.1.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: d45d2640e1584c776a1d10e5f695d7ad
+        SHA1: fef88c261764494d9a145b37b7739f3454786729
+        SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
+    SHA1: f6728821eddd14a21a9536e0f138c6d71cbd9307
+    SHA256: 36c65aeb255c06898ffe32e301030e0b74c8bca6fe7be593584b8fdaacd4e475
+    Sections:
+        .text:
+            Entropy: 6.137944463935485
+            Virtual Size: '0x319c'
+        .rdata:
+            Entropy: 3.8514461681575236
+            Virtual Size: '0x1340'
+        .data:
+            Entropy: 2.3461427985512437
+            Virtual Size: '0x12e4'
+        .pdata:
+            Entropy: 4.010051195917961
+            Virtual Size: '0x1b0'
+        PAGE:
+            Entropy: 6.083244237405415
+            Virtual Size: '0x28b'
+        INIT:
+            Entropy: 5.119968261124173
+            Virtual Size: '0x5e6'
+        .rsrc:
+            Entropy: 3.370803361398665
+            Virtual Size: '0x440'
+        .reloc:
+            Entropy: 4.705915669612521
+            Virtual Size: '0x1d4'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 059c6bd84285f4960e767f032b33f19b
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: e6028245682168cc81b895bf28e87b4e
+        SHA1: 6f5f42d443ce64ed70c2c17fe3f07da91e1aab0b
+        SHA256: 6e521e54a1e5a03abaae405b58a84758058f3fac5e8cd8a370f232c7dc7bb164
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2020 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2021-05-18 09:07:29'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.2.0.0
+    Filename: ''
+    ImportedFunctions:
+    - KeBugCheck
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsProcessType
+    - PsGetProcessImageFileName
+    - PsLookupProcessByProcessId
+    - PsReferencePrimaryToken
+    - ZwOpenProcessTokenEx
+    - IoGetCurrentProcess
+    - ZwSetInformationProcess
+    - ZwClose
+    - ZwDuplicateToken
+    - PsInitialSystemProcess
+    - _vsnwprintf
+    - ObfDereferenceObject
+    - ObOpenObjectByPointer
+    - PsGetProcessId
+    - PsDereferencePrimaryToken
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - IoFreeMdl
+    - MmProbeAndLockPages
+    - MmUnlockPages
+    - IoAllocateMdl
+    - ZwUnloadKey
+    - IoEnumerateRegisteredFiltersList
+    - KeBugCheckEx
+    - MmGetSystemRoutineAddress
+    - IoDeleteDevice
+    - RtlInitUnicodeString
+    - NtBuildNumber
+    - RtlCompareMemory
+    - IoDeleteSymbolicLink
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwindEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltEnumerateFilters
+    - FltObjectDereference
+    - FltGetVolumeFromInstance
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: 1cd5e231064e03c596e819b6ff48daf9
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.2.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: d45d2640e1584c776a1d10e5f695d7ad
+        SHA1: fef88c261764494d9a145b37b7739f3454786729
+        SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
+    SHA1: e514dfadbeb4d2305988c3281bf105d252dee3a7
+    SHA256: d37996abc8efb29f1ccbb4335ce9ba9158bec86cc4775f0177112e87e4e3be5c
+    Sections:
+        .text:
+            Entropy: 6.133976095876382
+            Virtual Size: '0x329c'
+        .rdata:
+            Entropy: 3.840595882815777
+            Virtual Size: '0x1490'
+        .data:
+            Entropy: 2.1710929957450715
+            Virtual Size: '0x1c54'
+        .pdata:
+            Entropy: 3.9857737110778095
+            Virtual Size: '0x1b0'
+        PAGE:
+            Entropy: 6.058535435224619
+            Virtual Size: '0x28b'
+        INIT:
+            Entropy: 5.119968261124173
+            Virtual Size: '0x5e6'
+        .rsrc:
+            Entropy: 3.3478109419215607
+            Virtual Size: '0x430'
+        .reloc:
+            Entropy: 5.011052354824561
+            Virtual Size: '0x288'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2026-04-13 10:00:00'
+            Signature: 1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 751e3ee9c5dc2f3e8f04e59dee5ed409
+            Version: 3
+            TBS:
+                MD5: a637f8f3c278575f41cda67c2063c050
+                SHA1: debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
+                SHA256: f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
+                SHA384: 8d32c5f71dc656c96a04609c17e9d8dc95c4f56d1a55165a265e244d34a3f7708e6c7d942376e4fbb3d2ac2f2609fd47
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 059c6bd84285f4960e767f032b33f19b
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: d89425acef6e1ac239ee8b3c937b87cb
+        SHA1: 010113b420a09a502afc93ddebb8f9dce796bb48
+        SHA256: a4d7e16649ce3c7ad9355e8d7418a4c234b3763e262f8ccfbda4bc64a402ed27
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2020 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2020-05-18 16:48:54'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.2.0.0
+    Filename: ''
+    ImportedFunctions:
+    - KeBugCheck
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsProcessType
+    - PsGetProcessImageFileName
+    - PsLookupProcessByProcessId
+    - PsReferencePrimaryToken
+    - ZwOpenProcessTokenEx
+    - IoGetCurrentProcess
+    - ZwSetInformationProcess
+    - ZwClose
+    - ZwDuplicateToken
+    - PsInitialSystemProcess
+    - _vsnwprintf
+    - ObfDereferenceObject
+    - ObOpenObjectByPointer
+    - PsGetProcessId
+    - PsDereferencePrimaryToken
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - IoFreeMdl
+    - MmProbeAndLockPages
+    - MmUnlockPages
+    - IoAllocateMdl
+    - ZwUnloadKey
+    - IoEnumerateRegisteredFiltersList
+    - KeBugCheckEx
+    - MmGetSystemRoutineAddress
+    - IoDeleteDevice
+    - RtlInitUnicodeString
+    - NtBuildNumber
+    - RtlCompareMemory
+    - IoDeleteSymbolicLink
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwindEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltEnumerateFilters
+    - FltObjectDereference
+    - FltGetVolumeFromInstance
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: 28102acca39ad0199f262ba9958be3f4
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.2.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: d45d2640e1584c776a1d10e5f695d7ad
+        SHA1: fef88c261764494d9a145b37b7739f3454786729
+        SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
+    SHA1: beed6fb6a96996e9b016fa7f2cf7702a49c8f130
+    SHA256: aaf04d89fd15bc61265e545f8e1da80e20f59f90058ed343c62ee24358e3af9e
+    Sections:
+        .text:
+            Entropy: 6.133976095876382
+            Virtual Size: '0x329c'
+        .rdata:
+            Entropy: 3.837835783685005
+            Virtual Size: '0x1490'
+        .data:
+            Entropy: 2.1710929957450715
+            Virtual Size: '0x1c54'
+        .pdata:
+            Entropy: 3.9857737110778095
+            Virtual Size: '0x1b0'
+        PAGE:
+            Entropy: 6.058535435224619
+            Virtual Size: '0x28b'
+        INIT:
+            Entropy: 5.119968261124173
+            Virtual Size: '0x5e6'
+        .rsrc:
+            Entropy: 3.3478109419215607
+            Virtual Size: '0x430'
+        .reloc:
+            Entropy: 5.011052354824561
+            Virtual Size: '0x288'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2026-04-13 10:00:00'
+            Signature: 1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 751e3ee9c5dc2f3e8f04e59dee5ed409
+            Version: 3
+            TBS:
+                MD5: a637f8f3c278575f41cda67c2063c050
+                SHA1: debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
+                SHA256: f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
+                SHA384: 8d32c5f71dc656c96a04609c17e9d8dc95c4f56d1a55165a265e244d34a3f7708e6c7d942376e4fbb3d2ac2f2609fd47
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 059c6bd84285f4960e767f032b33f19b
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 0acd0b319d16a5f8ca04cb46f549bacf
+        SHA1: dd15f4ca159b4dffe6094af6b00174732c8c0463
+        SHA256: 5ffba52ea8bba7aeaf9fb32e1ba97b5bbd5c31739d594e722d9e89907dbb5cdd
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2019 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2019-05-12 17:34:58'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.2.0.0
+    Filename: ''
+    ImportedFunctions:
+    - KeBugCheck
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsProcessType
+    - PsGetProcessImageFileName
+    - PsLookupProcessByProcessId
+    - PsReferencePrimaryToken
+    - ZwOpenProcessTokenEx
+    - IoGetCurrentProcess
+    - ZwSetInformationProcess
+    - ZwClose
+    - ZwDuplicateToken
+    - PsInitialSystemProcess
+    - _vsnwprintf
+    - ObfDereferenceObject
+    - ObOpenObjectByPointer
+    - PsGetProcessId
+    - PsDereferencePrimaryToken
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - IoFreeMdl
+    - MmProbeAndLockPages
+    - MmUnlockPages
+    - IoAllocateMdl
+    - ZwUnloadKey
+    - IoEnumerateRegisteredFiltersList
+    - KeBugCheckEx
+    - MmGetSystemRoutineAddress
+    - IoDeleteDevice
+    - RtlInitUnicodeString
+    - NtBuildNumber
+    - RtlCompareMemory
+    - IoDeleteSymbolicLink
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwindEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltEnumerateFilters
+    - FltObjectDereference
+    - FltGetVolumeFromInstance
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: 27384ec4c634701012a2962c30badad2
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.2.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: d45d2640e1584c776a1d10e5f695d7ad
+        SHA1: fef88c261764494d9a145b37b7739f3454786729
+        SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
+    SHA1: 7d453dccb25bf36c411c92e2744c24f9b801225d
+    SHA256: c4f041de66ec8cc5ab4a03bbc46f99e073157a4e915a9ab4069162de834ffc5c
+    Sections:
+        .text:
+            Entropy: 6.135433819899731
+            Virtual Size: '0x325c'
+        .rdata:
+            Entropy: 3.837956011076457
+            Virtual Size: '0x1450'
+        .data:
+            Entropy: 2.2159905775744044
+            Virtual Size: '0x1934'
+        .pdata:
+            Entropy: 4.038755197475624
+            Virtual Size: '0x1b0'
+        PAGE:
+            Entropy: 6.068036657482388
+            Virtual Size: '0x28b'
+        INIT:
+            Entropy: 5.119968261124173
+            Virtual Size: '0x5e6'
+        .rsrc:
+            Entropy: 3.3547531988948798
+            Virtual Size: '0x430'
+        .reloc:
+            Entropy: 4.901711830072888
+            Virtual Size: '0x24c'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 059c6bd84285f4960e767f032b33f19b
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: e044ca432fdc8ae1dafd1548ce4236f7
+        SHA1: a2db837199644df18a514e7d9f069bce18eebc9b
+        SHA256: 770552bfc6598f165443da94ac0c6aca00f95a6a9a8e89713f9980730d9ee9c2
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2014 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2014-01-05 17:23:52'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.0.0.0
+    Filename: ''
+    ImportedFunctions:
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsProcessType
+    - PsGetProcessImageFileName
+    - PsLookupProcessByProcessId
+    - PsReferencePrimaryToken
+    - ZwOpenProcessTokenEx
+    - IoGetCurrentProcess
+    - ZwSetInformationProcess
+    - ZwClose
+    - ZwDuplicateToken
+    - PsInitialSystemProcess
+    - IofCompleteRequest
+    - ObfDereferenceObject
+    - ObOpenObjectByPointer
+    - PsGetProcessId
+    - PsDereferencePrimaryToken
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - ZwUnloadKey
+    - RtlInitUnicodeString
+    - MmGetSystemRoutineAddress
+    - IoEnumerateRegisteredFiltersList
+    - KeBugCheckEx
+    - KeBugCheck
+    - _vsnwprintf
+    - IoDeleteDevice
+    - NtBuildNumber
+    - RtlCompareMemory
+    - IoDeleteSymbolicLink
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwindEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltEnumerateFilters
+    - FltObjectDereference
+    - FltGetVolumeFromInstance
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: cee36b5c6362993fa921435979bfbe4a
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.0.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 63c6b4112622c2a9182cdd1d0d5235d7
+        SHA1: 3e48025a171d18c5839ab1e58b64dbc6483417d0
+        SHA256: ed34aa4b85d59a228c388a98cfa6395194fde9f005fc0bb1aa2ec852377d82f6
+    SHA1: 78fd06c82d3ba765c38bad8f48d1821a06280e39
+    SHA256: b169a5f643524d59330fafe6e3e328e2179fc5116ee6fae5d39581467d53ac03
+    Sections:
+        .text:
+            Entropy: 6.137509891402374
+            Virtual Size: '0x2e3c'
+        .rdata:
+            Entropy: 3.863310172045034
+            Virtual Size: '0xfcc'
+        .data:
+            Entropy: 2.468702019455969
+            Virtual Size: '0xc74'
+        .pdata:
+            Entropy: 4.028550043812694
+            Virtual Size: '0x1a4'
+        PAGE:
+            Entropy: 6.038047089814424
+            Virtual Size: '0x28b'
+        INIT:
+            Entropy: 5.100099905349228
+            Virtual Size: '0x584'
+        .rsrc:
+            Entropy: 3.3527586134193843
+            Virtual Size: '0x440'
+        .reloc:
+            Entropy: 4.490003473368671
+            Virtual Size: '0x13e'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Timestamping CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2028-01-28 12:00:00'
+            Signature: 4e5e56901e46b4d94931f3bb1739281bc216ddfd41dc0905049b6fb2a29ad6992e40990055b5ea3fa52076d38634d417cc553ac782eeefa8babcd8069f1550dfcd167b523a02d7191afdaff0785ce04bc518df3a241edaacb8a95804020730dbb0125efe31bef00448f4f070f83a5e5683cf3dfb0dbcf4c5ed979db9d4dba52784e3389b8ba735864420a43b6da46a0ba183fd28ebdaef28f6cc885dfb0a3b00abe021ebe22f356c0f8e344597eba2f79933357ecb9a8abb454de73f9fc2d98afa65b26ec77e65ffe892e12c31a2f7b02736488f266f3bee4d761f79c3e57f9635bc2d0ecc01b08e7fff518080a792d4b34446648c874f166307314b63b0dff3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee152d7
+            Version: 3
+            TBS:
+                MD5: e140543fe3256027cfa79fc3c19c1776
+                SHA1: c655f94eb1ecc93de319fc0c9a2dc6c5ec063728
+                SHA256: 3ca71e85908ff67368e4dc00253f5691b9e6d50c966e7784143d75fb92aa3448
+                SHA384: d9d366f9328f2b55ee19a32cc5fd5148b81d764282fe5dc196c872ae249caa51d2c212ef39f33945dfe0cda81925e326
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=SG, O=GMO GlobalSign Pte Ltd, CN=GlobalSign TSA for MS Authenticode
+                , G1
+            ValidFrom: '2013-08-23 00:00:00'
+            ValidTo: '2024-09-23 00:00:00'
+            Signature: 0231142e5857644185e8af12753c881cc35eec2ce9a13cf5baaa531db9d12963dc436786d439dadec6c9ffbe4585f4a4d7c151ea18ee40585ee67bcca241291338c8ea21169cce90a62efba6cad994df401df902182bbef65d4f9fff9a48dbc50509ca80cea0f9dc4bc323e6038fb4b4af5b71296191181a6b7af2fd0dd1cd7d5e98ebba705ee5f4ea43de353dc514818adb3e105ebb72faa1a093ab031cc1653c91138b045d2bc4b9161bcc55c50ce8abe743c9b28328a5531347ab3964b91cea3430b176009521f1d43da8fda00032d76e983ca69c3b0b83becbb8bb2a268c59b8b9aeaf26ace234a2dc210d810b3813f745a3e3dbc4aca16d1bb7e5615cd7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1121405c1f0ed258882be54d8686ba11ea45
+            Version: 3
+            TBS:
+                MD5: b95cbc184d388718612d5933f7b36770
+                SHA1: ff124c5d160710720108616ffee99bbe090ed363
+                SHA256: 13027620255363f07bbf85ae7d0dc06c07d8b0f4368b12f983ee3f4fce605733
+                SHA384: f42ed00f615f2822dcd3d33794477428afb52ddab932ebcde3586f92a27e18f9faba6b3334ca4e59e0cb24bdbf8395a6
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: a6c4a7369500900fc172f9557cff22cf
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 41fe68e2598cbb23aa596f1bd4e7fed5
+        SHA1: cf9146f5b5bb803f5235a5748bdea5f979f1d348
+        SHA256: 931e4d6f7f04b122bc5bc6a61fb4e0186796623f4fc72d0c42ccfa886f1c5fb2
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2017 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2018-08-19 17:53:57'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.1.1.0
+    Filename: ''
+    ImportedFunctions:
+    - KeBugCheck
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsProcessType
+    - PsGetProcessImageFileName
+    - PsLookupProcessByProcessId
+    - PsReferencePrimaryToken
+    - ZwOpenProcessTokenEx
+    - IoGetCurrentProcess
+    - ZwSetInformationProcess
+    - ZwClose
+    - ZwDuplicateToken
+    - PsInitialSystemProcess
+    - _vsnwprintf
+    - ObfDereferenceObject
+    - ObOpenObjectByPointer
+    - PsGetProcessId
+    - PsDereferencePrimaryToken
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - IoFreeMdl
+    - MmProbeAndLockPages
+    - MmUnlockPages
+    - IoAllocateMdl
+    - ZwUnloadKey
+    - IoEnumerateRegisteredFiltersList
+    - KeBugCheckEx
+    - MmGetSystemRoutineAddress
+    - IoDeleteDevice
+    - RtlInitUnicodeString
+    - NtBuildNumber
+    - RtlCompareMemory
+    - IoDeleteSymbolicLink
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwindEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltEnumerateFilters
+    - FltObjectDereference
+    - FltGetVolumeFromInstance
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: 26aedc10d4215ba997495d3a68355f4a
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.1.1.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: d45d2640e1584c776a1d10e5f695d7ad
+        SHA1: fef88c261764494d9a145b37b7739f3454786729
+        SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
+    SHA1: dac68b8ee002d5bb61be3d59908a61a26efb7c09
+    SHA256: 443c0ba980d4db9213b654a45248fd855855c1cc81d18812cae9d16729ff9a85
+    Sections:
+        .text:
+            Entropy: 6.1419629238500235
+            Virtual Size: '0x31fc'
+        .rdata:
+            Entropy: 3.845665795476307
+            Virtual Size: '0x13d0'
+        .data:
+            Entropy: 2.2863945965626136
+            Virtual Size: '0x1614'
+        .pdata:
+            Entropy: 4.052479770333054
+            Virtual Size: '0x1b0'
+        PAGE:
+            Entropy: 6.093773811863592
+            Virtual Size: '0x28b'
+        INIT:
+            Entropy: 5.119968261124173
+            Virtual Size: '0x5e6'
+        .rsrc:
+            Entropy: 3.3614073432360265
+            Virtual Size: '0x438'
+        .reloc:
+            Entropy: 4.830405545722778
+            Virtual Size: '0x210'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 059c6bd84285f4960e767f032b33f19b
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: ffd20b63526f607fef3166adc66b74c1
+        SHA1: 33bd7996a2f2a9b08ea6f584af08356ea03dbaee
+        SHA256: 2c44c0464e5b01540ba573be7555b3fcbdb65c9f1193f9c1d02b04c70090d4ac
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2017 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2017-02-26 18:35:22'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.1.0.0
+    Filename: ''
+    ImportedFunctions:
+    - NtBuildNumber
+    - IofCompleteRequest
+    - KeBugCheck
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsInitialSystemProcess
+    - ObfDereferenceObject
+    - PsLookupProcessByProcessId
+    - PsGetProcessImageFileName
+    - PsGetProcessId
+    - ZwClose
+    - ZwSetInformationProcess
+    - ZwDuplicateToken
+    - ObOpenObjectByPointer
+    - PsProcessType
+    - RtlInitUnicodeString
+    - PsReferencePrimaryToken
+    - IoGetCurrentProcess
+    - RtlCompareMemory
+    - ZwOpenProcessTokenEx
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - IoFreeMdl
+    - MmUnlockPages
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - memcpy
+    - KeServiceDescriptorTable
+    - IoEnumerateRegisteredFiltersList
+    - KeTickCount
+    - MmGetSystemRoutineAddress
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - memset
+    - PsDereferencePrimaryToken
+    - _vsnwprintf
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwind
+    - KeBugCheckEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltGetVolumeFromInstance
+    - FltObjectDereference
+    - FltEnumerateFilters
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: 80219fb6b5954c33e16bac5ecdac651b
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.1.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: c4873a245675b1071413f34af4d80050
+        SHA1: dd32c95fe9c3a8bcfa7623a732f2492214ff5881
+        SHA256: 2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
+    SHA1: 020580278d74d0fe741b0f786d8dca7554359997
+    SHA256: a42f4ae69b8755a957256b57eb3d319678eab81705f0ffea0d649ace7321108f
+    Sections:
+        .text:
+            Entropy: 6.189266621409851
+            Virtual Size: '0x235e'
+        .rdata:
+            Entropy: 3.571716952624961
+            Virtual Size: '0xdc4'
+        .data:
+            Entropy: 2.9710357364934694
+            Virtual Size: '0xd68'
+        PAGE:
+            Entropy: 5.8055474754253495
+            Virtual Size: '0x266'
+        INIT:
+            Entropy: 5.325440401058366
+            Virtual Size: '0x538'
+        .rsrc:
+            Entropy: 3.3682712956797647
+            Virtual Size: '0x440'
+        .reloc:
+            Entropy: 5.910661392306955
+            Virtual Size: '0x3e0'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 3b49942ec6cef1898e97f741b2b5df8a
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 4a8ee19d43bae91e26013c808044a28d
+        SHA1: 1aa1c735479fca1c1845c19497ef648c9200e450
+        SHA256: 67d4654d7e78e4d0761d8e200096935791d59acb2bf98106dafff449647c840f
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2016 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2017-01-20 17:22:03'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.1.0.0
+    Filename: ''
+    ImportedFunctions:
+    - KeBugCheck
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsProcessType
+    - PsGetProcessImageFileName
+    - PsLookupProcessByProcessId
+    - PsReferencePrimaryToken
+    - ZwOpenProcessTokenEx
+    - IoGetCurrentProcess
+    - ZwSetInformationProcess
+    - ZwClose
+    - ZwDuplicateToken
+    - PsInitialSystemProcess
+    - _vsnwprintf
+    - ObfDereferenceObject
+    - ObOpenObjectByPointer
+    - PsGetProcessId
+    - PsDereferencePrimaryToken
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - IoFreeMdl
+    - MmProbeAndLockPages
+    - MmUnlockPages
+    - IoAllocateMdl
+    - ZwUnloadKey
+    - IoEnumerateRegisteredFiltersList
+    - KeBugCheckEx
+    - MmGetSystemRoutineAddress
+    - IoDeleteDevice
+    - RtlInitUnicodeString
+    - NtBuildNumber
+    - RtlCompareMemory
+    - IoDeleteSymbolicLink
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwindEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltEnumerateFilters
+    - FltObjectDereference
+    - FltGetVolumeFromInstance
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: 05dd59bd4f175304480affd8f1305c37
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.1.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: d45d2640e1584c776a1d10e5f695d7ad
+        SHA1: fef88c261764494d9a145b37b7739f3454786729
+        SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
+    SHA1: fcae2ea5990189f6f230b51e398e3000b71897f2
+    SHA256: 469713c76c7a887826611b8c7180209a8bb6250f91d0f1eb84ac4d450ef15870
+    Sections:
+        .text:
+            Entropy: 6.14362601153889
+            Virtual Size: '0x318c'
+        .rdata:
+            Entropy: 3.85450824328628
+            Virtual Size: '0x1300'
+        .data:
+            Entropy: 2.3976266531821224
+            Virtual Size: '0x1144'
+        .pdata:
+            Entropy: 4.043975650731326
+            Virtual Size: '0x1b0'
+        PAGE:
+            Entropy: 6.070426661582891
+            Virtual Size: '0x28b'
+        INIT:
+            Entropy: 5.119968261124173
+            Virtual Size: '0x5e6'
+        .rsrc:
+            Entropy: 3.370803361398665
+            Virtual Size: '0x440'
+        .reloc:
+            Entropy: 4.657997051970539
+            Virtual Size: '0x1b6'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 059c6bd84285f4960e767f032b33f19b
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: a15fbc087bc936c1456483743d1442a0
+        SHA1: c84b7bb35214a2eb2a7cdc722bcdc16b70a3bb72
+        SHA256: c9cba07502b8a10034ddf75b35f4d6f2a24862cde5bff300720f5df04d4cfe6b
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2017 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2017-02-26 18:35:38'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.1.0.0
+    Filename: ''
+    ImportedFunctions:
+    - KeBugCheck
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsProcessType
+    - PsGetProcessImageFileName
+    - PsLookupProcessByProcessId
+    - PsReferencePrimaryToken
+    - ZwOpenProcessTokenEx
+    - IoGetCurrentProcess
+    - ZwSetInformationProcess
+    - ZwClose
+    - ZwDuplicateToken
+    - PsInitialSystemProcess
+    - _vsnwprintf
+    - ObfDereferenceObject
+    - ObOpenObjectByPointer
+    - PsGetProcessId
+    - PsDereferencePrimaryToken
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - IoFreeMdl
+    - MmProbeAndLockPages
+    - MmUnlockPages
+    - IoAllocateMdl
+    - ZwUnloadKey
+    - IoEnumerateRegisteredFiltersList
+    - KeBugCheckEx
+    - MmGetSystemRoutineAddress
+    - IoDeleteDevice
+    - RtlInitUnicodeString
+    - NtBuildNumber
+    - RtlCompareMemory
+    - IoDeleteSymbolicLink
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwindEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltEnumerateFilters
+    - FltObjectDereference
+    - FltGetVolumeFromInstance
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: cbd8d370462503508e44dba023bdf9bc
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.1.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: d45d2640e1584c776a1d10e5f695d7ad
+        SHA1: fef88c261764494d9a145b37b7739f3454786729
+        SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
+    SHA1: ff3e19cd461ddf67529a765cbec9cb81d84dc7da
+    SHA256: c4c9c84b211899ceb0d18a839afa497537a7c7c01ab481965a09788a9e16590c
+    Sections:
+        .text:
+            Entropy: 6.14362601153889
+            Virtual Size: '0x318c'
+        .rdata:
+            Entropy: 3.859805190746546
+            Virtual Size: '0x1300'
+        .data:
+            Entropy: 2.3976266531821224
+            Virtual Size: '0x1144'
+        .pdata:
+            Entropy: 4.043975650731326
+            Virtual Size: '0x1b0'
+        PAGE:
+            Entropy: 6.070426661582891
+            Virtual Size: '0x28b'
+        INIT:
+            Entropy: 5.119968261124173
+            Virtual Size: '0x5e6'
+        .rsrc:
+            Entropy: 3.370803361398665
+            Virtual Size: '0x440'
+        .reloc:
+            Entropy: 4.657997051970539
+            Virtual Size: '0x1b6'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 059c6bd84285f4960e767f032b33f19b
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 60526c634c51161cb26c25788cc1f754
+        SHA1: c3af9f1b621ec0ec684383fd51441009114a7c3d
+        SHA256: 68ea8d1bfabf37920686a0814c0bf47cbc4527543716fd94c0d3f23382e15081
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2020 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2020-08-05 02:32:20'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.2.0.0
+    Filename: ''
+    ImportedFunctions:
+    - NtBuildNumber
+    - IofCompleteRequest
+    - KeBugCheck
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsInitialSystemProcess
+    - ObfDereferenceObject
+    - PsLookupProcessByProcessId
+    - PsGetProcessImageFileName
+    - PsGetProcessId
+    - ZwClose
+    - ZwSetInformationProcess
+    - ZwDuplicateToken
+    - ObOpenObjectByPointer
+    - PsProcessType
+    - RtlInitUnicodeString
+    - PsReferencePrimaryToken
+    - IoGetCurrentProcess
+    - RtlCompareMemory
+    - ZwOpenProcessTokenEx
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - IoFreeMdl
+    - MmUnlockPages
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - memcpy
+    - KeServiceDescriptorTable
+    - IoEnumerateRegisteredFiltersList
+    - KeTickCount
+    - MmGetSystemRoutineAddress
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - memset
+    - PsDereferencePrimaryToken
+    - _vsnwprintf
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwind
+    - KeBugCheckEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltGetVolumeFromInstance
+    - FltObjectDereference
+    - FltEnumerateFilters
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: fb593b1f1f80d20fc7f4b818065c64b6
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.2.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: c4873a245675b1071413f34af4d80050
+        SHA1: dd32c95fe9c3a8bcfa7623a732f2492214ff5881
+        SHA256: 2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
+    SHA1: e0b263f2d9c08f27c6edf5a25aa67a65c88692b0
+    SHA256: ee7b8eb150df2788bb9d5fe468327899d9f60d6731c379fd75143730a83b1c55
+    Sections:
+        .text:
+            Entropy: 6.2064317372812985
+            Virtual Size: '0x2404'
+        .rdata:
+            Entropy: 3.5443270089738492
+            Virtual Size: '0xff4'
+        .data:
+            Entropy: 2.813191841547333
+            Virtual Size: '0x14dc'
+        PAGE:
+            Entropy: 5.804360087879422
+            Virtual Size: '0x266'
+        INIT:
+            Entropy: 5.4281677070245955
+            Virtual Size: '0x538'
+        .rsrc:
+            Entropy: 3.3459452702797696
+            Virtual Size: '0x430'
+        .reloc:
+            Entropy: 6.0011548156682
+            Virtual Size: '0x4a0'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2026-04-13 10:00:00'
+            Signature: 1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 751e3ee9c5dc2f3e8f04e59dee5ed409
+            Version: 3
+            TBS:
+                MD5: a637f8f3c278575f41cda67c2063c050
+                SHA1: debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
+                SHA256: f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
+                SHA384: 8d32c5f71dc656c96a04609c17e9d8dc95c4f56d1a55165a265e244d34a3f7708e6c7d942376e4fbb3d2ac2f2609fd47
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 3b49942ec6cef1898e97f741b2b5df8a
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 1158fc2285d1ac1be5703fe36ea874fe
+        SHA1: be6cc01ed5411c7f2e95ea007e2c09d28fb183c8
+        SHA256: 5e1c7bdb1fa71145a0704a5f00d894043a7754cb82d1d8213cb6a899bd767cab
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2016 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2016-10-24 18:25:06'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.1.0.0
+    Filename: ''
+    ImportedFunctions:
+    - NtBuildNumber
+    - IofCompleteRequest
+    - KeBugCheck
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsInitialSystemProcess
+    - ObfDereferenceObject
+    - PsLookupProcessByProcessId
+    - PsGetProcessImageFileName
+    - PsGetProcessId
+    - ZwClose
+    - ZwSetInformationProcess
+    - ZwDuplicateToken
+    - ObOpenObjectByPointer
+    - PsProcessType
+    - RtlInitUnicodeString
+    - PsReferencePrimaryToken
+    - IoGetCurrentProcess
+    - RtlCompareMemory
+    - ZwOpenProcessTokenEx
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - IoFreeMdl
+    - MmUnlockPages
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - memcpy
+    - KeServiceDescriptorTable
+    - IoEnumerateRegisteredFiltersList
+    - KeTickCount
+    - MmGetSystemRoutineAddress
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - memset
+    - PsDereferencePrimaryToken
+    - _vsnwprintf
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwind
+    - KeBugCheckEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltGetVolumeFromInstance
+    - FltObjectDereference
+    - FltEnumerateFilters
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: ae338d91d1b05a72559b7f6ed717362d
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.1.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: c4873a245675b1071413f34af4d80050
+        SHA1: dd32c95fe9c3a8bcfa7623a732f2492214ff5881
+        SHA256: 2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
+    SHA1: d6de8211dba7074d92b5830618176a3eb8eb6670
+    SHA256: ddf427ce55b36db522f638ba38e34cd7b96a04cb3c47849b91e7554bfd09a69a
+    Sections:
+        .text:
+            Entropy: 6.189266621409851
+            Virtual Size: '0x235e'
+        .rdata:
+            Entropy: 3.5602007762709036
+            Virtual Size: '0xdc4'
+        .data:
+            Entropy: 2.9710357364934694
+            Virtual Size: '0xd68'
+        PAGE:
+            Entropy: 5.8055474754253495
+            Virtual Size: '0x266'
+        INIT:
+            Entropy: 5.325440401058366
+            Virtual Size: '0x538'
+        .rsrc:
+            Entropy: 3.3682712956797647
+            Virtual Size: '0x440'
+        .reloc:
+            Entropy: 5.910661392306955
+            Virtual Size: '0x3e0'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 3b49942ec6cef1898e97f741b2b5df8a
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 06bd72b5eecfb76faa05351128fbefee
+        SHA1: 14b5b696377d733c602cde2f8d0fa1809e17fc63
+        SHA256: ba467c6edee7266721c220fbc84cb80c995d429052846865d869609602d6e48c
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2020 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2020-03-08 06:32:09'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.2.0.0
+    Filename: ''
+    ImportedFunctions:
+    - NtBuildNumber
+    - IofCompleteRequest
+    - KeBugCheck
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsInitialSystemProcess
+    - ObfDereferenceObject
+    - PsLookupProcessByProcessId
+    - PsGetProcessImageFileName
+    - PsGetProcessId
+    - ZwClose
+    - ZwSetInformationProcess
+    - ZwDuplicateToken
+    - ObOpenObjectByPointer
+    - PsProcessType
+    - RtlInitUnicodeString
+    - PsReferencePrimaryToken
+    - IoGetCurrentProcess
+    - RtlCompareMemory
+    - ZwOpenProcessTokenEx
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - IoFreeMdl
+    - MmUnlockPages
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - memcpy
+    - KeServiceDescriptorTable
+    - IoEnumerateRegisteredFiltersList
+    - KeTickCount
+    - MmGetSystemRoutineAddress
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - memset
+    - PsDereferencePrimaryToken
+    - _vsnwprintf
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwind
+    - KeBugCheckEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltGetVolumeFromInstance
+    - FltObjectDereference
+    - FltEnumerateFilters
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: f56db4eba3829c0918413b5c0b42f00f
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.2.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: c4873a245675b1071413f34af4d80050
+        SHA1: dd32c95fe9c3a8bcfa7623a732f2492214ff5881
+        SHA256: 2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
+    SHA1: 9c36600c2640007d3410dea8017573a113374873
+    SHA256: e8ec06b1fa780f577ff0e8c713e0fd9688a48e0329c8188320f9eb62dfc0667f
+    Sections:
+        .text:
+            Entropy: 6.2035733322045745
+            Virtual Size: '0x23f4'
+        .rdata:
+            Entropy: 3.5766626811632
+            Virtual Size: '0xed4'
+        .data:
+            Entropy: 2.8516013173925066
+            Virtual Size: '0x1264'
+        PAGE:
+            Entropy: 5.795549160299263
+            Virtual Size: '0x266'
+        INIT:
+            Entropy: 5.429489696991249
+            Virtual Size: '0x538'
+        .rsrc:
+            Entropy: 3.3459452702797696
+            Virtual Size: '0x430'
+        .reloc:
+            Entropy: 5.93822728458253
+            Virtual Size: '0x464'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2026-04-13 10:00:00'
+            Signature: 1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 751e3ee9c5dc2f3e8f04e59dee5ed409
+            Version: 3
+            TBS:
+                MD5: a637f8f3c278575f41cda67c2063c050
+                SHA1: debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
+                SHA256: f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
+                SHA384: 8d32c5f71dc656c96a04609c17e9d8dc95c4f56d1a55165a265e244d34a3f7708e6c7d942376e4fbb3d2ac2f2609fd47
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 3b49942ec6cef1898e97f741b2b5df8a
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 1c12d5a009e2fd6ee42e9673806349e7
+        SHA1: 45f1ec5d7153b72321d6a040026172a62618e9e7
+        SHA256: edf05640ad7caa10756cc4163e926de74157da1d81b4d245b602a36f4c8cb4d0
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2017 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2018-05-01 16:26:26'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.1.1.0
+    Filename: ''
+    ImportedFunctions:
+    - NtBuildNumber
+    - IofCompleteRequest
+    - KeBugCheck
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsInitialSystemProcess
+    - ObfDereferenceObject
+    - PsLookupProcessByProcessId
+    - PsGetProcessImageFileName
+    - PsGetProcessId
+    - ZwClose
+    - ZwSetInformationProcess
+    - ZwDuplicateToken
+    - ObOpenObjectByPointer
+    - PsProcessType
+    - RtlInitUnicodeString
+    - PsReferencePrimaryToken
+    - IoGetCurrentProcess
+    - RtlCompareMemory
+    - ZwOpenProcessTokenEx
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - IoFreeMdl
+    - MmUnlockPages
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - memcpy
+    - KeServiceDescriptorTable
+    - IoEnumerateRegisteredFiltersList
+    - KeTickCount
+    - MmGetSystemRoutineAddress
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - memset
+    - PsDereferencePrimaryToken
+    - _vsnwprintf
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwind
+    - KeBugCheckEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltGetVolumeFromInstance
+    - FltObjectDereference
+    - FltEnumerateFilters
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: e27b2486aa5c256b662812b465b6036c
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.1.1.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: c4873a245675b1071413f34af4d80050
+        SHA1: dd32c95fe9c3a8bcfa7623a732f2492214ff5881
+        SHA256: 2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
+    SHA1: 6451522b1fb428e549976d0742df5034f8124b17
+    SHA256: e8743094f002239a8a9d6d7852c7852e0bb63cd411b007bd8c194bcba159ef15
+    Sections:
+        .text:
+            Entropy: 6.202827671645787
+            Virtual Size: '0x23ae'
+        .rdata:
+            Entropy: 3.5418249564730657
+            Virtual Size: '0xe24'
+        .data:
+            Entropy: 2.9048205574982506
+            Virtual Size: '0xff4'
+        PAGE:
+            Entropy: 5.788042895055868
+            Virtual Size: '0x266'
+        INIT:
+            Entropy: 5.325440401058365
+            Virtual Size: '0x538'
+        .rsrc:
+            Entropy: 3.3804140325955863
+            Virtual Size: '0x440'
+        .reloc:
+            Entropy: 5.981826468919802
+            Virtual Size: '0x41e'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 3b49942ec6cef1898e97f741b2b5df8a
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 0e71a90d0095278a48893d4068a3f1f8
+        SHA1: f3019b52f343521d3e133106f692d467a5c86093
+        SHA256: d9c3857d2959a3eff45eefe43d8ed1c23bd6908ae8a9a7e2e4e402bbf3e6d3ec
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2016 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2017-01-20 17:22:03'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.1.0.0
+    Filename: ''
+    ImportedFunctions:
+    - KeBugCheck
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsProcessType
+    - PsGetProcessImageFileName
+    - PsLookupProcessByProcessId
+    - PsReferencePrimaryToken
+    - ZwOpenProcessTokenEx
+    - IoGetCurrentProcess
+    - ZwSetInformationProcess
+    - ZwClose
+    - ZwDuplicateToken
+    - PsInitialSystemProcess
+    - _vsnwprintf
+    - ObfDereferenceObject
+    - ObOpenObjectByPointer
+    - PsGetProcessId
+    - PsDereferencePrimaryToken
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - IoFreeMdl
+    - MmProbeAndLockPages
+    - MmUnlockPages
+    - IoAllocateMdl
+    - ZwUnloadKey
+    - IoEnumerateRegisteredFiltersList
+    - KeBugCheckEx
+    - MmGetSystemRoutineAddress
+    - IoDeleteDevice
+    - RtlInitUnicodeString
+    - NtBuildNumber
+    - RtlCompareMemory
+    - IoDeleteSymbolicLink
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwindEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltEnumerateFilters
+    - FltObjectDereference
+    - FltGetVolumeFromInstance
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: 35e512f9bedc89dca5ce81f35820714c
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.1.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: d45d2640e1584c776a1d10e5f695d7ad
+        SHA1: fef88c261764494d9a145b37b7739f3454786729
+        SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
+    SHA1: e841c8494b715b27b33be6f800ca290628507aba
+    SHA256: 29348ebe12d872c5f40e316a0043f7e5babe583374487345a79bad0ba93fbdfe
+    Sections:
+        .text:
+            Entropy: 6.14362601153889
+            Virtual Size: '0x318c'
+        .rdata:
+            Entropy: 3.85450824328628
+            Virtual Size: '0x1300'
+        .data:
+            Entropy: 2.3976266531821224
+            Virtual Size: '0x1144'
+        .pdata:
+            Entropy: 4.043975650731326
+            Virtual Size: '0x1b0'
+        PAGE:
+            Entropy: 6.070426661582891
+            Virtual Size: '0x28b'
+        INIT:
+            Entropy: 5.119968261124173
+            Virtual Size: '0x5e6'
+        .rsrc:
+            Entropy: 3.370803361398665
+            Virtual Size: '0x440'
+        .reloc:
+            Entropy: 4.657997051970539
+            Virtual Size: '0x1b6'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 059c6bd84285f4960e767f032b33f19b
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 76e3258ee4cff03a0237ea6447ae1025
+        SHA1: 045af64ec7d1ac2b0114e165b678c4c812f56dd1
+        SHA256: 047e4158225af627382c412fa1f870479a238841341bc13e60312269feb14083
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2017 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2017-04-09 15:24:03'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.1.0.0
+    Filename: ''
+    ImportedFunctions:
+    - NtBuildNumber
+    - IofCompleteRequest
+    - KeBugCheck
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsInitialSystemProcess
+    - ObfDereferenceObject
+    - PsLookupProcessByProcessId
+    - PsGetProcessImageFileName
+    - PsGetProcessId
+    - ZwClose
+    - ZwSetInformationProcess
+    - ZwDuplicateToken
+    - ObOpenObjectByPointer
+    - PsProcessType
+    - RtlInitUnicodeString
+    - PsReferencePrimaryToken
+    - IoGetCurrentProcess
+    - RtlCompareMemory
+    - ZwOpenProcessTokenEx
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - IoFreeMdl
+    - MmUnlockPages
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - memcpy
+    - KeServiceDescriptorTable
+    - IoEnumerateRegisteredFiltersList
+    - KeTickCount
+    - MmGetSystemRoutineAddress
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - memset
+    - PsDereferencePrimaryToken
+    - _vsnwprintf
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwind
+    - KeBugCheckEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltGetVolumeFromInstance
+    - FltObjectDereference
+    - FltEnumerateFilters
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: d13c1b76b4a1ca3ff5ab63678b51df6d
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.1.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: c4873a245675b1071413f34af4d80050
+        SHA1: dd32c95fe9c3a8bcfa7623a732f2492214ff5881
+        SHA256: 2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
+    SHA1: 465abe9634c199a5f80f8a4f77ec3118c0d69652
+    SHA256: 618b15970671700188f4102e5d0638184e2723e8f57f7e917fa49792daebdadb
+    Sections:
+        .text:
+            Entropy: 6.199736289697868
+            Virtual Size: '0x236e'
+        .rdata:
+            Entropy: 3.557864405067224
+            Virtual Size: '0xde4'
+        .data:
+            Entropy: 2.962098389788266
+            Virtual Size: '0xeb0'
+        PAGE:
+            Entropy: 5.795507089372613
+            Virtual Size: '0x266'
+        INIT:
+            Entropy: 5.324875365502854
+            Virtual Size: '0x538'
+        .rsrc:
+            Entropy: 3.3682712956797647
+            Virtual Size: '0x440'
+        .reloc:
+            Entropy: 5.952195564032691
+            Virtual Size: '0x3fe'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 3b49942ec6cef1898e97f741b2b5df8a
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 21cc1cc1dba53e09f8dcef2d178b0993
+        SHA1: ce242aadea5cd44d19308693e1f44b30dad41a0f
+        SHA256: 13999eb266b759e879816fdab640d59ef9e35e2ea61575810979d9eb22fdfd4d
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2017 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2017-06-07 16:45:17'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.1.0.0
+    Filename: ''
+    ImportedFunctions:
+    - KeBugCheck
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsProcessType
+    - PsGetProcessImageFileName
+    - PsLookupProcessByProcessId
+    - PsReferencePrimaryToken
+    - ZwOpenProcessTokenEx
+    - IoGetCurrentProcess
+    - ZwSetInformationProcess
+    - ZwClose
+    - ZwDuplicateToken
+    - PsInitialSystemProcess
+    - _vsnwprintf
+    - ObfDereferenceObject
+    - ObOpenObjectByPointer
+    - PsGetProcessId
+    - PsDereferencePrimaryToken
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - IoFreeMdl
+    - MmProbeAndLockPages
+    - MmUnlockPages
+    - IoAllocateMdl
+    - ZwUnloadKey
+    - IoEnumerateRegisteredFiltersList
+    - KeBugCheckEx
+    - MmGetSystemRoutineAddress
+    - IoDeleteDevice
+    - RtlInitUnicodeString
+    - NtBuildNumber
+    - RtlCompareMemory
+    - IoDeleteSymbolicLink
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwindEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltEnumerateFilters
+    - FltObjectDereference
+    - FltGetVolumeFromInstance
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: 65f800e1112864bf41eb815649f428d5
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.1.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: d45d2640e1584c776a1d10e5f695d7ad
+        SHA1: fef88c261764494d9a145b37b7739f3454786729
+        SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
+    SHA1: 2480549ec8564cd37519a419ab2380cf3e8bab9e
+    SHA256: 52f3905bbd97dcd2dbd22890e5e8413b9487088f1ee2fa828030a6a45b3975fd
+    Sections:
+        .text:
+            Entropy: 6.137944463935485
+            Virtual Size: '0x319c'
+        .rdata:
+            Entropy: 3.845382379835078
+            Virtual Size: '0x1340'
+        .data:
+            Entropy: 2.3461427985512437
+            Virtual Size: '0x12e4'
+        .pdata:
+            Entropy: 4.010051195917961
+            Virtual Size: '0x1b0'
+        PAGE:
+            Entropy: 6.083244237405415
+            Virtual Size: '0x28b'
+        INIT:
+            Entropy: 5.119968261124173
+            Virtual Size: '0x5e6'
+        .rsrc:
+            Entropy: 3.370803361398665
+            Virtual Size: '0x440'
+        .reloc:
+            Entropy: 4.705915669612521
+            Virtual Size: '0x1d4'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 059c6bd84285f4960e767f032b33f19b
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 6eedef4a3eab4a6990e8f65b144d8289
+        SHA1: 29e4237767f1a886f45d0eef5910f126ebb9d28e
+        SHA256: 058c84860fb9fefd4c5cec57b6ef9f43146a6509b6894f2a27fb5a2dd16d578b
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2019 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2019-05-12 17:00:04'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.2.0.0
+    Filename: ''
+    ImportedFunctions:
+    - NtBuildNumber
+    - IofCompleteRequest
+    - KeBugCheck
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsInitialSystemProcess
+    - ObfDereferenceObject
+    - PsLookupProcessByProcessId
+    - PsGetProcessImageFileName
+    - PsGetProcessId
+    - ZwClose
+    - ZwSetInformationProcess
+    - ZwDuplicateToken
+    - ObOpenObjectByPointer
+    - PsProcessType
+    - RtlInitUnicodeString
+    - PsReferencePrimaryToken
+    - IoGetCurrentProcess
+    - RtlCompareMemory
+    - ZwOpenProcessTokenEx
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - IoFreeMdl
+    - MmUnlockPages
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - memcpy
+    - KeServiceDescriptorTable
+    - IoEnumerateRegisteredFiltersList
+    - KeTickCount
+    - MmGetSystemRoutineAddress
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - memset
+    - PsDereferencePrimaryToken
+    - _vsnwprintf
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwind
+    - KeBugCheckEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltGetVolumeFromInstance
+    - FltObjectDereference
+    - FltEnumerateFilters
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: a5bcaa2fc87b42e2e5d62a2e5dfcbc80
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.2.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: c4873a245675b1071413f34af4d80050
+        SHA1: dd32c95fe9c3a8bcfa7623a732f2492214ff5881
+        SHA256: 2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
+    SHA1: 0a62c574603158d2d0c3be2a43c6bb0074ed297c
+    SHA256: 8b32fc8b15363915605c127ccbf5cbe71778f8dfbf821a25455496e969a01434
+    Sections:
+        .text:
+            Entropy: 6.2035733322045745
+            Virtual Size: '0x23f4'
+        .rdata:
+            Entropy: 3.5742279772060224
+            Virtual Size: '0xed4'
+        .data:
+            Entropy: 2.8516013173925066
+            Virtual Size: '0x1264'
+        PAGE:
+            Entropy: 5.795549160299263
+            Virtual Size: '0x266'
+        INIT:
+            Entropy: 5.429489696991249
+            Virtual Size: '0x538'
+        .rsrc:
+            Entropy: 3.3528875272530887
+            Virtual Size: '0x430'
+        .reloc:
+            Entropy: 5.93822728458253
+            Virtual Size: '0x464'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 3b49942ec6cef1898e97f741b2b5df8a
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 808907b8d815b6fb6f1f1c717451ad35
+        SHA1: 7cd0b806ae09e408565814f7efe885abb4d977f1
+        SHA256: 94f4bcc9b062406ee7468659c1710d3e0cb057c7b7194e15cd72845082138019
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2020 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2020-09-16 19:07:40'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.2.0.0
+    Filename: ''
+    ImportedFunctions:
+    - KeBugCheck
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsProcessType
+    - PsGetProcessImageFileName
+    - PsLookupProcessByProcessId
+    - PsReferencePrimaryToken
+    - ZwOpenProcessTokenEx
+    - IoGetCurrentProcess
+    - ZwSetInformationProcess
+    - ZwClose
+    - ZwDuplicateToken
+    - PsInitialSystemProcess
+    - _vsnwprintf
+    - ObfDereferenceObject
+    - ObOpenObjectByPointer
+    - PsGetProcessId
+    - PsDereferencePrimaryToken
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - IoFreeMdl
+    - MmProbeAndLockPages
+    - MmUnlockPages
+    - IoAllocateMdl
+    - ZwUnloadKey
+    - IoEnumerateRegisteredFiltersList
+    - KeBugCheckEx
+    - MmGetSystemRoutineAddress
+    - IoDeleteDevice
+    - RtlInitUnicodeString
+    - NtBuildNumber
+    - RtlCompareMemory
+    - IoDeleteSymbolicLink
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwindEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltEnumerateFilters
+    - FltObjectDereference
+    - FltGetVolumeFromInstance
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: 528ce5ce19eb34f401ef024de7ddf222
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.2.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: d45d2640e1584c776a1d10e5f695d7ad
+        SHA1: fef88c261764494d9a145b37b7739f3454786729
+        SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
+    SHA1: 221717a48ee8e2d19470579c987674f661869e17
+    SHA256: 4d42678df3917c37f44a1506307f1677b9a689efcf350b1acce7e6f64b514905
+    Sections:
+        .text:
+            Entropy: 6.133976095876382
+            Virtual Size: '0x329c'
+        .rdata:
+            Entropy: 3.836661380089202
+            Virtual Size: '0x1490'
+        .data:
+            Entropy: 2.1710929957450715
+            Virtual Size: '0x1c54'
+        .pdata:
+            Entropy: 3.9857737110778095
+            Virtual Size: '0x1b0'
+        PAGE:
+            Entropy: 6.058535435224619
+            Virtual Size: '0x28b'
+        INIT:
+            Entropy: 5.119968261124173
+            Virtual Size: '0x5e6'
+        .rsrc:
+            Entropy: 3.3478109419215607
+            Virtual Size: '0x430'
+        .reloc:
+            Entropy: 5.011052354824561
+            Virtual Size: '0x288'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2026-04-13 10:00:00'
+            Signature: 1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 751e3ee9c5dc2f3e8f04e59dee5ed409
+            Version: 3
+            TBS:
+                MD5: a637f8f3c278575f41cda67c2063c050
+                SHA1: debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
+                SHA256: f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
+                SHA384: 8d32c5f71dc656c96a04609c17e9d8dc95c4f56d1a55165a265e244d34a3f7708e6c7d942376e4fbb3d2ac2f2609fd47
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 059c6bd84285f4960e767f032b33f19b
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: ac18951cc5192f08f3ba50187eef941e
+        SHA1: 092f12bf5a2d77c03411d7c377199ab47fe3f59b
+        SHA256: 30f9aca036adbcc15cace326e042ed3590f00045f66982afbf569d8fd9b6747b
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2017 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2017-03-12 05:47:38'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.1.0.0
+    Filename: ''
+    ImportedFunctions:
+    - KeBugCheck
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsProcessType
+    - PsGetProcessImageFileName
+    - PsLookupProcessByProcessId
+    - PsReferencePrimaryToken
+    - ZwOpenProcessTokenEx
+    - IoGetCurrentProcess
+    - ZwSetInformationProcess
+    - ZwClose
+    - ZwDuplicateToken
+    - PsInitialSystemProcess
+    - _vsnwprintf
+    - ObfDereferenceObject
+    - ObOpenObjectByPointer
+    - PsGetProcessId
+    - PsDereferencePrimaryToken
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - IoFreeMdl
+    - MmProbeAndLockPages
+    - MmUnlockPages
+    - IoAllocateMdl
+    - ZwUnloadKey
+    - IoEnumerateRegisteredFiltersList
+    - KeBugCheckEx
+    - MmGetSystemRoutineAddress
+    - IoDeleteDevice
+    - RtlInitUnicodeString
+    - NtBuildNumber
+    - RtlCompareMemory
+    - IoDeleteSymbolicLink
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwindEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltEnumerateFilters
+    - FltObjectDereference
+    - FltGetVolumeFromInstance
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: 4a27a2bdc6fbe39eeec6455fb1e0ef20
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.1.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: d45d2640e1584c776a1d10e5f695d7ad
+        SHA1: fef88c261764494d9a145b37b7739f3454786729
+        SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
+    SHA1: fde0fff1c3e4c053148748504d4b9e0cc97f37ec
+    SHA256: c4fb31e3f24e40742a1b9855a2d67048fe64b26d8d2dbcec77d2d5deeded2bcc
+    Sections:
+        .text:
+            Entropy: 6.14362601153889
+            Virtual Size: '0x318c'
+        .rdata:
+            Entropy: 3.8608770903565426
+            Virtual Size: '0x1300'
+        .data:
+            Entropy: 2.3976266531821224
+            Virtual Size: '0x1144'
+        .pdata:
+            Entropy: 4.043975650731326
+            Virtual Size: '0x1b0'
+        PAGE:
+            Entropy: 6.070426661582891
+            Virtual Size: '0x28b'
+        INIT:
+            Entropy: 5.119968261124173
+            Virtual Size: '0x5e6'
+        .rsrc:
+            Entropy: 3.370803361398665
+            Virtual Size: '0x440'
+        .reloc:
+            Entropy: 4.657997051970539
+            Virtual Size: '0x1b6'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 059c6bd84285f4960e767f032b33f19b
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 7c814e64b0a2b3541d7c9bb9d99edfbc
+        SHA1: 83222199cc9661710e7d99fad9d690eb6b3fdbaf
+        SHA256: 4f5166322f578fb111b6f2af375052008a5263311890f85c3e4ebc9c0f85affa
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2019 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2019-05-12 17:00:34'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.2.0.0
+    Filename: ''
+    ImportedFunctions:
+    - KeBugCheck
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsProcessType
+    - PsGetProcessImageFileName
+    - PsLookupProcessByProcessId
+    - PsReferencePrimaryToken
+    - ZwOpenProcessTokenEx
+    - IoGetCurrentProcess
+    - ZwSetInformationProcess
+    - ZwClose
+    - ZwDuplicateToken
+    - PsInitialSystemProcess
+    - _vsnwprintf
+    - ObfDereferenceObject
+    - ObOpenObjectByPointer
+    - PsGetProcessId
+    - PsDereferencePrimaryToken
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - IoFreeMdl
+    - MmProbeAndLockPages
+    - MmUnlockPages
+    - IoAllocateMdl
+    - ZwUnloadKey
+    - IoEnumerateRegisteredFiltersList
+    - KeBugCheckEx
+    - MmGetSystemRoutineAddress
+    - IoDeleteDevice
+    - RtlInitUnicodeString
+    - NtBuildNumber
+    - RtlCompareMemory
+    - IoDeleteSymbolicLink
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwindEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltEnumerateFilters
+    - FltObjectDereference
+    - FltGetVolumeFromInstance
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: 98d53f6b3bec0a3417a04fbb9e17fa06
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.2.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: d45d2640e1584c776a1d10e5f695d7ad
+        SHA1: fef88c261764494d9a145b37b7739f3454786729
+        SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
+    SHA1: a0cefb5b55f7a7a145b549613e26b6805515a1ad
+    SHA256: 31b66a57fae0cc28a6a236d72a35c8b6244f997e700f9464f9cbf800dbf8bee6
+    Sections:
+        .text:
+            Entropy: 6.135433819899731
+            Virtual Size: '0x325c'
+        .rdata:
+            Entropy: 3.8377641250668497
+            Virtual Size: '0x1450'
+        .data:
+            Entropy: 2.2159905775744044
+            Virtual Size: '0x1934'
+        .pdata:
+            Entropy: 4.038755197475624
+            Virtual Size: '0x1b0'
+        PAGE:
+            Entropy: 6.068036657482388
+            Virtual Size: '0x28b'
+        INIT:
+            Entropy: 5.119968261124173
+            Virtual Size: '0x5e6'
+        .rsrc:
+            Entropy: 3.3547531988948798
+            Virtual Size: '0x430'
+        .reloc:
+            Entropy: 4.901711830072888
+            Virtual Size: '0x24c'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 059c6bd84285f4960e767f032b33f19b
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: bab6f5a48952fb91e53fa1a59d8d8107
+        SHA1: cba35561689cf4923bfb3fc5c8f1cbd445ee90fb
+        SHA256: 869f22f072f71abc741cf9d3b9cbc9020a2611286670c6e6d67cd240629518f6
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2017 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2018-03-25 13:01:09'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.1.1.0
+    Filename: ''
+    ImportedFunctions:
+    - KeBugCheck
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsProcessType
+    - PsGetProcessImageFileName
+    - PsLookupProcessByProcessId
+    - PsReferencePrimaryToken
+    - ZwOpenProcessTokenEx
+    - IoGetCurrentProcess
+    - ZwSetInformationProcess
+    - ZwClose
+    - ZwDuplicateToken
+    - PsInitialSystemProcess
+    - _vsnwprintf
+    - ObfDereferenceObject
+    - ObOpenObjectByPointer
+    - PsGetProcessId
+    - PsDereferencePrimaryToken
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - IoFreeMdl
+    - MmProbeAndLockPages
+    - MmUnlockPages
+    - IoAllocateMdl
+    - ZwUnloadKey
+    - IoEnumerateRegisteredFiltersList
+    - KeBugCheckEx
+    - MmGetSystemRoutineAddress
+    - IoDeleteDevice
+    - RtlInitUnicodeString
+    - NtBuildNumber
+    - RtlCompareMemory
+    - IoDeleteSymbolicLink
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwindEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltEnumerateFilters
+    - FltObjectDereference
+    - FltGetVolumeFromInstance
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: 8b75047199825c8e62fdcc1c915db8bd
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.1.1.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: d45d2640e1584c776a1d10e5f695d7ad
+        SHA1: fef88c261764494d9a145b37b7739f3454786729
+        SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
+    SHA1: 85076aa3bffb40339021286b73d72dd5a8e4396a
+    SHA256: d41e39215c2c1286e4cd3b1dc0948adefb161f22bc3a78756a027d41614ee4ff
+    Sections:
+        .text:
+            Entropy: 6.141543334678837
+            Virtual Size: '0x31fc'
+        .rdata:
+            Entropy: 3.850063382249019
+            Virtual Size: '0x13d0'
+        .data:
+            Entropy: 2.2863945965626136
+            Virtual Size: '0x1614'
+        .pdata:
+            Entropy: 4.052479770333054
+            Virtual Size: '0x1b0'
+        PAGE:
+            Entropy: 6.093773811863592
+            Virtual Size: '0x28b'
+        INIT:
+            Entropy: 5.119968261124173
+            Virtual Size: '0x5e6'
+        .rsrc:
+            Entropy: 3.382946098314487
+            Virtual Size: '0x440'
+        .reloc:
+            Entropy: 4.830405545722778
+            Virtual Size: '0x210'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 059c6bd84285f4960e767f032b33f19b
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 0991b6f38efda0c20966f68c2de98b53
+        SHA1: 4682423da48820f26f188ae5b4aa12c3fbd2c290
+        SHA256: 8c87d5f1261a367493fd2f240ace027bef5b178cff3dea22d45e8fa2b0f0541e
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2020 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2020-08-05 02:32:43'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.2.0.0
+    Filename: ''
+    ImportedFunctions:
+    - KeBugCheck
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsProcessType
+    - PsGetProcessImageFileName
+    - PsLookupProcessByProcessId
+    - PsReferencePrimaryToken
+    - ZwOpenProcessTokenEx
+    - IoGetCurrentProcess
+    - ZwSetInformationProcess
+    - ZwClose
+    - ZwDuplicateToken
+    - PsInitialSystemProcess
+    - _vsnwprintf
+    - ObfDereferenceObject
+    - ObOpenObjectByPointer
+    - PsGetProcessId
+    - PsDereferencePrimaryToken
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - IoFreeMdl
+    - MmProbeAndLockPages
+    - MmUnlockPages
+    - IoAllocateMdl
+    - ZwUnloadKey
+    - IoEnumerateRegisteredFiltersList
+    - KeBugCheckEx
+    - MmGetSystemRoutineAddress
+    - IoDeleteDevice
+    - RtlInitUnicodeString
+    - NtBuildNumber
+    - RtlCompareMemory
+    - IoDeleteSymbolicLink
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwindEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltEnumerateFilters
+    - FltObjectDereference
+    - FltGetVolumeFromInstance
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: 93496a436c5546156a69deb255a9fed0
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.2.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: d45d2640e1584c776a1d10e5f695d7ad
+        SHA1: fef88c261764494d9a145b37b7739f3454786729
+        SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
+    SHA1: 0de86ec7d7f16a3680df89256548301eed970393
+    SHA256: 4136f1eb11cc463a858393ea733d5f1c220a3187537626f7f5d63eccf7c5a03f
+    Sections:
+        .text:
+            Entropy: 6.133976095876382
+            Virtual Size: '0x329c'
+        .rdata:
+            Entropy: 3.835106069448739
+            Virtual Size: '0x1490'
+        .data:
+            Entropy: 2.1710929957450715
+            Virtual Size: '0x1c54'
+        .pdata:
+            Entropy: 3.9857737110778095
+            Virtual Size: '0x1b0'
+        PAGE:
+            Entropy: 6.058535435224619
+            Virtual Size: '0x28b'
+        INIT:
+            Entropy: 5.119968261124173
+            Virtual Size: '0x5e6'
+        .rsrc:
+            Entropy: 3.3478109419215607
+            Virtual Size: '0x430'
+        .reloc:
+            Entropy: 5.011052354824561
+            Virtual Size: '0x288'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2026-04-13 10:00:00'
+            Signature: 1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 751e3ee9c5dc2f3e8f04e59dee5ed409
+            Version: 3
+            TBS:
+                MD5: a637f8f3c278575f41cda67c2063c050
+                SHA1: debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
+                SHA256: f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
+                SHA384: 8d32c5f71dc656c96a04609c17e9d8dc95c4f56d1a55165a265e244d34a3f7708e6c7d942376e4fbb3d2ac2f2609fd47
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 059c6bd84285f4960e767f032b33f19b
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 70915af229fae80af7cb1cd93122fd7c
+        SHA1: 28740c785f9634c582292650cb6ec8660424c0ba
+        SHA256: 002616bfe5bf3b13868d649d74ffe748317e3b0b33de8b9008683c906a0cae83
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2017 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2017-11-27 19:15:03'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.1.0.0
+    Filename: ''
+    ImportedFunctions:
+    - KeBugCheck
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsProcessType
+    - PsGetProcessImageFileName
+    - PsLookupProcessByProcessId
+    - PsReferencePrimaryToken
+    - ZwOpenProcessTokenEx
+    - IoGetCurrentProcess
+    - ZwSetInformationProcess
+    - ZwClose
+    - ZwDuplicateToken
+    - PsInitialSystemProcess
+    - _vsnwprintf
+    - ObfDereferenceObject
+    - ObOpenObjectByPointer
+    - PsGetProcessId
+    - PsDereferencePrimaryToken
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - IoFreeMdl
+    - MmProbeAndLockPages
+    - MmUnlockPages
+    - IoAllocateMdl
+    - ZwUnloadKey
+    - IoEnumerateRegisteredFiltersList
+    - KeBugCheckEx
+    - MmGetSystemRoutineAddress
+    - IoDeleteDevice
+    - RtlInitUnicodeString
+    - NtBuildNumber
+    - RtlCompareMemory
+    - IoDeleteSymbolicLink
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwindEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltEnumerateFilters
+    - FltObjectDereference
+    - FltGetVolumeFromInstance
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: 5e9231e85cecfc6141e3644fda12a734
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.1.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: d45d2640e1584c776a1d10e5f695d7ad
+        SHA1: fef88c261764494d9a145b37b7739f3454786729
+        SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
+    SHA1: 599de57a5c05e27bb72c7b8a677e531d8e4bf8b5
+    SHA256: 64d4370843a07e25d4ceb68816015efcaeca9429bb5bb692a88e615b48c7da96
+    Sections:
+        .text:
+            Entropy: 6.137944463935485
+            Virtual Size: '0x319c'
+        .rdata:
+            Entropy: 3.848333826861409
+            Virtual Size: '0x1340'
+        .data:
+            Entropy: 2.3461427985512437
+            Virtual Size: '0x12e4'
+        .pdata:
+            Entropy: 4.010051195917961
+            Virtual Size: '0x1b0'
+        PAGE:
+            Entropy: 6.083244237405415
+            Virtual Size: '0x28b'
+        INIT:
+            Entropy: 5.119968261124173
+            Virtual Size: '0x5e6'
+        .rsrc:
+            Entropy: 3.370803361398665
+            Virtual Size: '0x440'
+        .reloc:
+            Entropy: 4.705915669612521
+            Virtual Size: '0x1d4'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 059c6bd84285f4960e767f032b33f19b
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: a776ebade70bf7e3d7c5e1db0ccddec9
+        SHA1: 6b01aeeb1d0318fbb286e244d2c84c34af67b530
+        SHA256: 4b5206b5928e03929cca1eda3f12e6df14b31f80e8c16c1bb29109c072053b90
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2014 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2014-06-14 14:54:15'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.0.0.0
+    Filename: ''
+    ImportedFunctions:
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsProcessType
+    - PsGetProcessImageFileName
+    - PsLookupProcessByProcessId
+    - PsReferencePrimaryToken
+    - ZwOpenProcessTokenEx
+    - IoGetCurrentProcess
+    - ZwSetInformationProcess
+    - ZwClose
+    - ZwDuplicateToken
+    - PsInitialSystemProcess
+    - RtlCompareMemory
+    - ObfDereferenceObject
+    - IofCompleteRequest
+    - PsGetProcessId
+    - PsDereferencePrimaryToken
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - IoFreeMdl
+    - MmProbeAndLockPages
+    - MmUnlockPages
+    - IoAllocateMdl
+    - ZwUnloadKey
+    - RtlInitUnicodeString
+    - MmGetSystemRoutineAddress
+    - IoEnumerateRegisteredFiltersList
+    - KeBugCheckEx
+    - KeBugCheck
+    - _vsnwprintf
+    - IoDeleteDevice
+    - NtBuildNumber
+    - ObOpenObjectByPointer
+    - IoDeleteSymbolicLink
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwindEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltEnumerateFilters
+    - FltObjectDereference
+    - FltGetVolumeFromInstance
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: fe508caa54ffeb2285d9f00df547fe4a
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.0.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: d45d2640e1584c776a1d10e5f695d7ad
+        SHA1: fef88c261764494d9a145b37b7739f3454786729
+        SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
+    SHA1: af42afda54d150810a60baa7987f9f09d49d1317
+    SHA256: 4dc24fd07f8fb854e685bc540359c59f177de5b91231cc44d6231e33c9e932b1
+    Sections:
+        .text:
+            Entropy: 6.150360472301313
+            Virtual Size: '0x30cc'
+        .rdata:
+            Entropy: 3.906021640824361
+            Virtual Size: '0x1048'
+        .data:
+            Entropy: 2.4940165806266616
+            Virtual Size: '0xc74'
+        .pdata:
+            Entropy: 4.019695649249909
+            Virtual Size: '0x1bc'
+        PAGE:
+            Entropy: 6.037596647390289
+            Virtual Size: '0x28b'
+        INIT:
+            Entropy: 5.111217237674922
+            Virtual Size: '0x5e6'
+        .rsrc:
+            Entropy: 3.3527586134193843
+            Virtual Size: '0x440'
+        .reloc:
+            Entropy: 4.328299648937291
+            Virtual Size: '0x152'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: e97dc162f416bf06745bf9ffdf78a0ff
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: c3766cd40f4ef52f59f3e9c8848a6dbe
+        SHA1: 16cf0d8d085d3db18e202d657dfccd5022b389fb
+        SHA256: 612aa28d12aefd2af8565d4df6df9caa61b5fe8370fffb08933c03d558789e37
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2017 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2017-02-25 18:17:02'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.1.0.0
+    Filename: ''
+    ImportedFunctions:
+    - NtBuildNumber
+    - IofCompleteRequest
+    - KeBugCheck
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsInitialSystemProcess
+    - ObfDereferenceObject
+    - PsLookupProcessByProcessId
+    - PsGetProcessImageFileName
+    - PsGetProcessId
+    - ZwClose
+    - ZwSetInformationProcess
+    - ZwDuplicateToken
+    - ObOpenObjectByPointer
+    - PsProcessType
+    - RtlInitUnicodeString
+    - PsReferencePrimaryToken
+    - IoGetCurrentProcess
+    - RtlCompareMemory
+    - ZwOpenProcessTokenEx
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - IoFreeMdl
+    - MmUnlockPages
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - memcpy
+    - KeServiceDescriptorTable
+    - IoEnumerateRegisteredFiltersList
+    - KeTickCount
+    - MmGetSystemRoutineAddress
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - memset
+    - PsDereferencePrimaryToken
+    - _vsnwprintf
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwind
+    - KeBugCheckEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltGetVolumeFromInstance
+    - FltObjectDereference
+    - FltEnumerateFilters
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: e0cc9b415d884f85c45be145872892b8
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.1.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: c4873a245675b1071413f34af4d80050
+        SHA1: dd32c95fe9c3a8bcfa7623a732f2492214ff5881
+        SHA256: 2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
+    SHA1: 7638c048af5beae44352764390deea597cc3e7b1
+    SHA256: 26bea3b3ab2001d91202f289b7e41499d810474607db7a0893ceab74f5532f47
+    Sections:
+        .text:
+            Entropy: 6.189266621409851
+            Virtual Size: '0x235e'
+        .rdata:
+            Entropy: 3.5672719291381667
+            Virtual Size: '0xdc4'
+        .data:
+            Entropy: 2.9710357364934694
+            Virtual Size: '0xd68'
+        PAGE:
+            Entropy: 5.8055474754253495
+            Virtual Size: '0x266'
+        INIT:
+            Entropy: 5.325440401058366
+            Virtual Size: '0x538'
+        .rsrc:
+            Entropy: 3.3682712956797647
+            Virtual Size: '0x440'
+        .reloc:
+            Entropy: 5.910661392306955
+            Virtual Size: '0x3e0'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 3b49942ec6cef1898e97f741b2b5df8a
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: be49be6ceb35f15a49b39f72a43bfc54
+        SHA1: 895e108e141e238fdeeef2ef11addb4962c48986
+        SHA256: 35d552d7603a26ea7ed111bd865cddaf7aa342481c89af7b2697beb25b99e829
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2017 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2017-11-05 19:33:50'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.1.0.0
+    Filename: ''
+    ImportedFunctions:
+    - NtBuildNumber
+    - IofCompleteRequest
+    - KeBugCheck
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsInitialSystemProcess
+    - ObfDereferenceObject
+    - PsLookupProcessByProcessId
+    - PsGetProcessImageFileName
+    - PsGetProcessId
+    - ZwClose
+    - ZwSetInformationProcess
+    - ZwDuplicateToken
+    - ObOpenObjectByPointer
+    - PsProcessType
+    - RtlInitUnicodeString
+    - PsReferencePrimaryToken
+    - IoGetCurrentProcess
+    - RtlCompareMemory
+    - ZwOpenProcessTokenEx
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - IoFreeMdl
+    - MmUnlockPages
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - memcpy
+    - KeServiceDescriptorTable
+    - IoEnumerateRegisteredFiltersList
+    - KeTickCount
+    - MmGetSystemRoutineAddress
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - memset
+    - PsDereferencePrimaryToken
+    - _vsnwprintf
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwind
+    - KeBugCheckEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltGetVolumeFromInstance
+    - FltObjectDereference
+    - FltEnumerateFilters
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: 87dc81ebe85f20c1a7970e495a778e60
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.1.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: c4873a245675b1071413f34af4d80050
+        SHA1: dd32c95fe9c3a8bcfa7623a732f2492214ff5881
+        SHA256: 2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
+    SHA1: 07f78a47f447e4d8a72ad4bc6a26427b9577ec82
+    SHA256: 822982c568b6f44b610f8dc4ab5d94795c33ae08a6a608050941264975c1ecdb
+    Sections:
+        .text:
+            Entropy: 6.199736289697868
+            Virtual Size: '0x236e'
+        .rdata:
+            Entropy: 3.556959132303336
+            Virtual Size: '0xde4'
+        .data:
+            Entropy: 2.962098389788266
+            Virtual Size: '0xeb0'
+        PAGE:
+            Entropy: 5.795507089372613
+            Virtual Size: '0x266'
+        INIT:
+            Entropy: 5.324875365502854
+            Virtual Size: '0x538'
+        .rsrc:
+            Entropy: 3.3682712956797647
+            Virtual Size: '0x440'
+        .reloc:
+            Entropy: 5.952195564032691
+            Virtual Size: '0x3fe'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 3b49942ec6cef1898e97f741b2b5df8a
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: e370210d04ac9f5c57b8ca7f7eec6101
+        SHA1: 0c37f01c0ef527deafc03b2dcd6516494690ee99
+        SHA256: dc732dc22d0521fce33ed9c37359f702c985d2f35bc00209c3a4a076d6ff564d
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2020 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2020-08-09 14:45:11'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.2.0.0
+    Filename: ''
+    ImportedFunctions:
+    - KeBugCheck
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsProcessType
+    - PsGetProcessImageFileName
+    - PsLookupProcessByProcessId
+    - PsReferencePrimaryToken
+    - ZwOpenProcessTokenEx
+    - IoGetCurrentProcess
+    - ZwSetInformationProcess
+    - ZwClose
+    - ZwDuplicateToken
+    - PsInitialSystemProcess
+    - _vsnwprintf
+    - ObfDereferenceObject
+    - ObOpenObjectByPointer
+    - PsGetProcessId
+    - PsDereferencePrimaryToken
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - IoFreeMdl
+    - MmProbeAndLockPages
+    - MmUnlockPages
+    - IoAllocateMdl
+    - ZwUnloadKey
+    - IoEnumerateRegisteredFiltersList
+    - KeBugCheckEx
+    - MmGetSystemRoutineAddress
+    - IoDeleteDevice
+    - RtlInitUnicodeString
+    - NtBuildNumber
+    - RtlCompareMemory
+    - IoDeleteSymbolicLink
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwindEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltEnumerateFilters
+    - FltObjectDereference
+    - FltGetVolumeFromInstance
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: 7108b0d4021af4c41de2c223319cd4c1
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.2.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: d45d2640e1584c776a1d10e5f695d7ad
+        SHA1: fef88c261764494d9a145b37b7739f3454786729
+        SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
+    SHA1: e6966e360038be3b9d8c9b2582eba4e263796084
+    SHA256: 3ca5d47d076e99c312578ef6499e1fa7b9db88551cfc0f138da11105aca7c5e1
+    Sections:
+        .text:
+            Entropy: 6.133976095876382
+            Virtual Size: '0x329c'
+        .rdata:
+            Entropy: 3.831656112715985
+            Virtual Size: '0x1490'
+        .data:
+            Entropy: 2.1710929957450715
+            Virtual Size: '0x1c54'
+        .pdata:
+            Entropy: 3.9857737110778095
+            Virtual Size: '0x1b0'
+        PAGE:
+            Entropy: 6.058535435224619
+            Virtual Size: '0x28b'
+        INIT:
+            Entropy: 5.119968261124173
+            Virtual Size: '0x5e6'
+        .rsrc:
+            Entropy: 3.3478109419215607
+            Virtual Size: '0x430'
+        .reloc:
+            Entropy: 5.011052354824561
+            Virtual Size: '0x288'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2026-04-13 10:00:00'
+            Signature: 1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 751e3ee9c5dc2f3e8f04e59dee5ed409
+            Version: 3
+            TBS:
+                MD5: a637f8f3c278575f41cda67c2063c050
+                SHA1: debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
+                SHA256: f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
+                SHA384: 8d32c5f71dc656c96a04609c17e9d8dc95c4f56d1a55165a265e244d34a3f7708e6c7d942376e4fbb3d2ac2f2609fd47
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 059c6bd84285f4960e767f032b33f19b
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: e6fba20c6bbb9db76f7670964c004540
+        SHA1: f6dba973bc3f6ae8abfd377bfa1ab7018895ebc0
+        SHA256: 0feb05a7cc11793d995c920779cffeae68afabc54ffa8d8c361e5ba44fa57c8e
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2020 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2020-01-02 11:21:29'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.2.0.0
+    Filename: ''
+    ImportedFunctions:
+    - KeBugCheck
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsProcessType
+    - PsGetProcessImageFileName
+    - PsLookupProcessByProcessId
+    - PsReferencePrimaryToken
+    - ZwOpenProcessTokenEx
+    - IoGetCurrentProcess
+    - ZwSetInformationProcess
+    - ZwClose
+    - ZwDuplicateToken
+    - PsInitialSystemProcess
+    - _vsnwprintf
+    - ObfDereferenceObject
+    - ObOpenObjectByPointer
+    - PsGetProcessId
+    - PsDereferencePrimaryToken
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - IoFreeMdl
+    - MmProbeAndLockPages
+    - MmUnlockPages
+    - IoAllocateMdl
+    - ZwUnloadKey
+    - IoEnumerateRegisteredFiltersList
+    - KeBugCheckEx
+    - MmGetSystemRoutineAddress
+    - IoDeleteDevice
+    - RtlInitUnicodeString
+    - NtBuildNumber
+    - RtlCompareMemory
+    - IoDeleteSymbolicLink
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwindEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltEnumerateFilters
+    - FltObjectDereference
+    - FltGetVolumeFromInstance
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: 7ebe606acd81abf1f8cb0767c974164b
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.2.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: d45d2640e1584c776a1d10e5f695d7ad
+        SHA1: fef88c261764494d9a145b37b7739f3454786729
+        SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
+    SHA1: 0320534df24a37a245a0b09679a5adb27018fb5f
+    SHA256: 4c89c907b7525b39409af1ad11cc7d2400263601edafc41c935715ef5bd145de
+    Sections:
+        .text:
+            Entropy: 6.135433819899731
+            Virtual Size: '0x325c'
+        .rdata:
+            Entropy: 3.835199273350499
+            Virtual Size: '0x1450'
+        .data:
+            Entropy: 2.2159905775744044
+            Virtual Size: '0x1934'
+        .pdata:
+            Entropy: 4.038755197475624
+            Virtual Size: '0x1b0'
+        PAGE:
+            Entropy: 6.068036657482388
+            Virtual Size: '0x28b'
+        INIT:
+            Entropy: 5.119968261124173
+            Virtual Size: '0x5e6'
+        .rsrc:
+            Entropy: 3.3478109419215607
+            Virtual Size: '0x430'
+        .reloc:
+            Entropy: 4.901711830072888
+            Virtual Size: '0x24c'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2026-04-13 10:00:00'
+            Signature: 1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 751e3ee9c5dc2f3e8f04e59dee5ed409
+            Version: 3
+            TBS:
+                MD5: a637f8f3c278575f41cda67c2063c050
+                SHA1: debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
+                SHA256: f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
+                SHA384: 8d32c5f71dc656c96a04609c17e9d8dc95c4f56d1a55165a265e244d34a3f7708e6c7d942376e4fbb3d2ac2f2609fd47
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 059c6bd84285f4960e767f032b33f19b
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 066397731a2c61690aeb8041fcc6e792
+        SHA1: 0d53071f8707c8ef4455cd4b6d784467fd158b3a
+        SHA256: ccadd6f8b6705e756544646d99f97030f291fc68377ce06f71e8c55512941c47
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2017 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2017-08-13 09:27:35'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.1.0.0
+    Filename: ''
+    ImportedFunctions:
+    - NtBuildNumber
+    - IofCompleteRequest
+    - KeBugCheck
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsInitialSystemProcess
+    - ObfDereferenceObject
+    - PsLookupProcessByProcessId
+    - PsGetProcessImageFileName
+    - PsGetProcessId
+    - ZwClose
+    - ZwSetInformationProcess
+    - ZwDuplicateToken
+    - ObOpenObjectByPointer
+    - PsProcessType
+    - RtlInitUnicodeString
+    - PsReferencePrimaryToken
+    - IoGetCurrentProcess
+    - RtlCompareMemory
+    - ZwOpenProcessTokenEx
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - IoFreeMdl
+    - MmUnlockPages
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - memcpy
+    - KeServiceDescriptorTable
+    - IoEnumerateRegisteredFiltersList
+    - KeTickCount
+    - MmGetSystemRoutineAddress
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - memset
+    - PsDereferencePrimaryToken
+    - _vsnwprintf
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwind
+    - KeBugCheckEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltGetVolumeFromInstance
+    - FltObjectDereference
+    - FltEnumerateFilters
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: 0ca010a32a9b0aeae1e46d666b83b659
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.1.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: c4873a245675b1071413f34af4d80050
+        SHA1: dd32c95fe9c3a8bcfa7623a732f2492214ff5881
+        SHA256: 2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
+    SHA1: 062457182ab08594c631a3f897aeb03c6097eb77
+    SHA256: 0aab2deae90717a8876d46d257401d265cf90a5db4c57706e4003c19eee33550
+    Sections:
+        .text:
+            Entropy: 6.199736289697868
+            Virtual Size: '0x236e'
+        .rdata:
+            Entropy: 3.5573734538365653
+            Virtual Size: '0xde4'
+        .data:
+            Entropy: 2.962098389788266
+            Virtual Size: '0xeb0'
+        PAGE:
+            Entropy: 5.795507089372613
+            Virtual Size: '0x266'
+        INIT:
+            Entropy: 5.324875365502854
+            Virtual Size: '0x538'
+        .rsrc:
+            Entropy: 3.3682712956797647
+            Virtual Size: '0x440'
+        .reloc:
+            Entropy: 5.952195564032691
+            Virtual Size: '0x3fe'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 3b49942ec6cef1898e97f741b2b5df8a
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 0bc2e64f2748f9883c25104feb277794
+        SHA1: ea32f314d1bcf514daf0409aac33f8bd7699e9e8
+        SHA256: 34d57107b592c4d2c7d1c95eea1ab7400c09d23864c3870ca3656b5ae81859aa
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2017 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2017-11-05 19:34:06'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.1.0.0
+    Filename: ''
+    ImportedFunctions:
+    - KeBugCheck
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsProcessType
+    - PsGetProcessImageFileName
+    - PsLookupProcessByProcessId
+    - PsReferencePrimaryToken
+    - ZwOpenProcessTokenEx
+    - IoGetCurrentProcess
+    - ZwSetInformationProcess
+    - ZwClose
+    - ZwDuplicateToken
+    - PsInitialSystemProcess
+    - _vsnwprintf
+    - ObfDereferenceObject
+    - ObOpenObjectByPointer
+    - PsGetProcessId
+    - PsDereferencePrimaryToken
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - IoFreeMdl
+    - MmProbeAndLockPages
+    - MmUnlockPages
+    - IoAllocateMdl
+    - ZwUnloadKey
+    - IoEnumerateRegisteredFiltersList
+    - KeBugCheckEx
+    - MmGetSystemRoutineAddress
+    - IoDeleteDevice
+    - RtlInitUnicodeString
+    - NtBuildNumber
+    - RtlCompareMemory
+    - IoDeleteSymbolicLink
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwindEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltEnumerateFilters
+    - FltObjectDereference
+    - FltGetVolumeFromInstance
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: d3af70287de8757cebc6f8d45bb21a20
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.1.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: d45d2640e1584c776a1d10e5f695d7ad
+        SHA1: fef88c261764494d9a145b37b7739f3454786729
+        SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
+    SHA1: 4c8349c6345c8d6101fb896ea0a74d0484c56df0
+    SHA256: c7bccc6f38403def4690e00a0b31eda05973d82be8953a3379e331658c51b231
+    Sections:
+        .text:
+            Entropy: 6.137944463935485
+            Virtual Size: '0x319c'
+        .rdata:
+            Entropy: 3.844898264057266
+            Virtual Size: '0x1340'
+        .data:
+            Entropy: 2.3461427985512437
+            Virtual Size: '0x12e4'
+        .pdata:
+            Entropy: 4.010051195917961
+            Virtual Size: '0x1b0'
+        PAGE:
+            Entropy: 6.083244237405415
+            Virtual Size: '0x28b'
+        INIT:
+            Entropy: 5.119968261124173
+            Virtual Size: '0x5e6'
+        .rsrc:
+            Entropy: 3.370803361398665
+            Virtual Size: '0x440'
+        .reloc:
+            Entropy: 4.705915669612521
+            Virtual Size: '0x1d4'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 059c6bd84285f4960e767f032b33f19b
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 55da2b486d123b91fbf405c051f24300
+        SHA1: eb0e27930fe33462702caee1db803738b1cf633e
+        SHA256: 9f35c5c9f95979f227b6d35f767dd94424285f8960c904188f0624d786ff793c
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2017 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2018-06-16 10:48:41'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.1.1.0
+    Filename: ''
+    ImportedFunctions:
+    - NtBuildNumber
+    - IofCompleteRequest
+    - KeBugCheck
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsInitialSystemProcess
+    - ObfDereferenceObject
+    - PsLookupProcessByProcessId
+    - PsGetProcessImageFileName
+    - PsGetProcessId
+    - ZwClose
+    - ZwSetInformationProcess
+    - ZwDuplicateToken
+    - ObOpenObjectByPointer
+    - PsProcessType
+    - RtlInitUnicodeString
+    - PsReferencePrimaryToken
+    - IoGetCurrentProcess
+    - RtlCompareMemory
+    - ZwOpenProcessTokenEx
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - IoFreeMdl
+    - MmUnlockPages
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - memcpy
+    - KeServiceDescriptorTable
+    - IoEnumerateRegisteredFiltersList
+    - KeTickCount
+    - MmGetSystemRoutineAddress
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - memset
+    - PsDereferencePrimaryToken
+    - _vsnwprintf
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwind
+    - KeBugCheckEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltGetVolumeFromInstance
+    - FltObjectDereference
+    - FltEnumerateFilters
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: a33089d4e50f7d2ea8b52ca95d26ebf3
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.1.1.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: c4873a245675b1071413f34af4d80050
+        SHA1: dd32c95fe9c3a8bcfa7623a732f2492214ff5881
+        SHA256: 2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
+    SHA1: 03506a2f87d1523e844fba22e7617ab2a218b4b7
+    SHA256: fefc070a5f6a9c0415e1c6f44512a33e8d163024174b30a61423d00d1e8f9bf2
+    Sections:
+        .text:
+            Entropy: 6.202827671645787
+            Virtual Size: '0x23ae'
+        .rdata:
+            Entropy: 3.5391363086034646
+            Virtual Size: '0xe24'
+        .data:
+            Entropy: 2.9048205574982506
+            Virtual Size: '0xff4'
+        PAGE:
+            Entropy: 5.788042895055868
+            Virtual Size: '0x266'
+        INIT:
+            Entropy: 5.325440401058365
+            Virtual Size: '0x538'
+        .rsrc:
+            Entropy: 3.3588565214747637
+            Virtual Size: '0x438'
+        .reloc:
+            Entropy: 5.981826468919802
+            Virtual Size: '0x41e'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority,
+                CN=Certum Code Signing CA SHA2
+            ValidFrom: '2015-10-29 11:30:29'
+            ValidTo: '2027-06-09 11:30:29'
+            Signature: aae53f7654024c700e29a93996060f31b70bf1a68b52fb108f4f425b8cbd312301669de829a14dc350faf7f8450e1d82d7fcfea6320473fd71eccc880fa39208c5815802fd0b693bcdb83f493dd08d1c1314682e9b0d9aadb019e29ed27c3977886f23fd7b84fc446db5ba6b7092556c94b1d837fda9591db463b2dc13cd788e2535c19a8f37842ed445cce3f5cc8d73a8e33a6de7959470579150b66def73724f2f028760e2ea22a1ed3efdd18b668d2e726d4fc65d35ee93a898d2676ae9da19cd0283f974fc5f7a1804281edd22333b766c47055dd552fe0eba76f38310c76e305fa760c7fa7427319b2883ed218a1bf1235284ed95bcad3aa5a342019dbc
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 6b326a0f0328d37a1d530bfd23bd48e2
+            Version: 3
+            TBS:
+                MD5: e556c75dbca00e43684d23c11c032d4a
+                SHA1: 50925e36ffd52e5b4d32689e9007b14a3a417168
+                SHA256: f7b6eeb3a567223000a61f68c53b458193557c17e5d512d2825bcb13e5fc9be5
+                SHA384: 57f1cdd3afe0bd7859ab450dbdf6e21a55cf5ba0dda62b9b3c12f2d885d98413ce6817243f6bb83cd77276643369ecbf
+        -   Subject: C=FR, O=Open Source Developer, ST=Ile de France, CN=Open Source
+                Developer, Benjamin Delpy, emailAddress=benjamin@gentilkiwi.com
+            ValidFrom: '2017-12-04 09:50:34'
+            ValidTo: '2018-12-04 09:50:34'
+            Signature: a671cf049079a759f4c1fa73dd7f3b3b84da6480a91a3c1a9d6d3bb1313d6714d14272b477c37a86b88a686344dcfd89c8af3a34deaaa5bab970adfa66c5ff206b22ef1954ccbf6b96fdf0f99e9066557fefbb5ddc55aa2a2891181d1a27b06acb79380b618344bd202361fb0399a7e6e6ccbcfa714265fa054e373261efaf6b74bc7e4c7994bcb832d61b3c573d2ec8c3926afb60d4b63428112dd6249c2a49cfded8fa33893fb2d452b135ad57be1ff7956825861e1fd53dfbc0cef82045fd699ebeb74230abfbac20467f087f6e7e2b19f0f961ea2f015c2e54e653507f9966193658afc237778e12001f05e1c6e0ec13d9574718593a2f2484cff950e019
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 1519af351702ab2d86968d0be928f529
+            Version: 3
+            TBS:
+                MD5: 7227ed4392de49333e052f8f17c41f69
+                SHA1: e019d8060f65cc923dab50ea282fb8895c1c75f9
+                SHA256: eee437f4170a21f7de0e590620ff2a9412f89af95e87589d0e5a1cca17f61825
+                SHA384: a5f32361dfa3828aebf139cb1017bba83111e1ce2c5dbd126751a1e7d8f19f3fb838926fc118e423fbe07187e84efc2b
+        -   Subject: C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority,
+                CN=Certum Trusted Network CA
+            ValidFrom: '2011-04-15 20:15:34'
+            ValidTo: '2021-04-15 20:25:34'
+            Signature: 419f12160eedee2491fe5d5f10a097a8749e0dccf3115163122a5bb95dc7afac5aa25c0002cb728e0d9225b6522653be3c77a2c28c8089d84118571ab8d05057c328e7fad044804e7e8933286f3a47ef5e231ef27afe3a2a19dead6b1a2847786e9bbfeb7367589a2719d8eb5c3d085860629d5914cf9e76b3cfd962af7b72ac80f9e015ab9c7a5c4b1c7083db7094117bd22a4c7734dc36cccd46d40b198c09f6610ade481c9b3fff0b43d7f1018061abda70cfa78444acb31cce2630f5ca5f696735836ea3888c0fb8939bd65b0615e64b7db950ab09e07b2beb4c1a6bba1cca791bc59f81bde443f02de195d5a166076ce6e5456e060bdbf5bc4395b88aa50555e59668ac1d31db3804bc1c3db61975d1b5802a821e385c4676256c4d8b7483544375e77bb395bfee13609e0ecdfbcaf73a2a52a0a625497a17193ae8941f2c8204035ea9513cef526f7b43ceda2b81b47fda1a2c6265d1ec2837823014319d15bdffacc88b256e41bd1f23741be3fcf94be2eb46e68151530ec94a84788deca8b80f8d4c7fe0f6b0d2c538b24f82c410fe87b88ec6b6b0f87c12a7b4834dfc1e8b6a5bf9d564793ed1e37e1af6c81e59db4dca605c577ea25877ecfa05260032a7f6ff134e98d86f5b434cb336e425bcd93b9f38e00ee9be81e6c91f0f022f8d3a1288a88e1bb1e776913e18de361228fef766557c5bd464487452c32189
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 613bc791000000000034
+            Version: 3
+            TBS:
+                MD5: f5f0d604dd56b0446f98fb67e98a76f8
+                SHA1: c749c146cc00030ff36ecf9b698e6a377bc15605
+                SHA256: df5dacc623d44348fff0bc8ebe2cedc8ba212e33c6f10d7fd608f37f92a2c273
+                SHA384: c394dc13768746f008b4ffa082d6e8a2e55a83052d63e3c0a8f2fcfc30dcd51849afd21b0adf86bc50490629a89da09b
+        Signer:
+        -   SerialNumber: 1519af351702ab2d86968d0be928f529
+            Issuer: C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority,
+                CN=Certum Code Signing CA SHA2
+            Version: 1
+    Imphash: 3b49942ec6cef1898e97f741b2b5df8a
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 6590508f737bb147a0dfc35eb18dbd7a
+        SHA1: 565ec3863617cc2bcbe6b32d1c8af8bcaee898de
+        SHA256: 6b4ac66225600b3d5b89f6b0440ccdd0f59279fd0bbf4af82f1aab63df54b883
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2014 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2014-04-13 15:03:03'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.0.0.0
+    Filename: ''
+    ImportedFunctions:
+    - KeBugCheck
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsInitialSystemProcess
+    - ObfDereferenceObject
+    - PsLookupProcessByProcessId
+    - PsGetProcessImageFileName
+    - PsGetProcessId
+    - ZwClose
+    - ZwSetInformationProcess
+    - ZwDuplicateToken
+    - ObOpenObjectByPointer
+    - IofCompleteRequest
+    - PsDereferencePrimaryToken
+    - PsReferencePrimaryToken
+    - IoGetCurrentProcess
+    - RtlCompareMemory
+    - ZwOpenProcessTokenEx
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - KeServiceDescriptorTable
+    - MmGetSystemRoutineAddress
+    - RtlInitUnicodeString
+    - IoEnumerateRegisteredFiltersList
+    - KeTickCount
+    - NtBuildNumber
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - memset
+    - PsProcessType
+    - _vsnwprintf
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwind
+    - KeBugCheckEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltGetVolumeFromInstance
+    - FltObjectDereference
+    - FltEnumerateFilters
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: 48394dce30bb8da5ae089cb8f41b86dc
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.0.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 9ef7d3e0d40381093233ad6158457c82
+        SHA1: de9692ae52b47eb6c3384d87c48ae5b8abec3472
+        SHA256: 38e33f9063e4b5374496e628a2d0cc0858d3b9ce65fd320d40928b79a0fef5e9
+    SHA1: 867652e062eb6bd1b9fc29e74dea3edd611ef40c
+    SHA256: 0d676baac43d9e2d05b577d5e0c516fba250391ab0cb11232a4b17fd97a51e35
+    Sections:
+        .text:
+            Entropy: 6.20225407757641
+            Virtual Size: '0x1fe8'
+        .rdata:
+            Entropy: 3.5227452352693125
+            Virtual Size: '0xbe4'
+        .data:
+            Entropy: 3.0756426415570397
+            Virtual Size: '0x984'
+        PAGE:
+            Entropy: 5.811183490770206
+            Virtual Size: '0x266'
+        INIT:
+            Entropy: 5.304412008980706
+            Virtual Size: '0x4d8'
+        .rsrc:
+            Entropy: 3.3510121662411767
+            Virtual Size: '0x440'
+        .reloc:
+            Entropy: 5.789908545604789
+            Virtual Size: '0x34a'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 87fd2b54ed568e2294300e164b8c46f7
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: a35f399d3f1046e3f41d3baab6bffaa7
+        SHA1: b3e35a45ad181cb48c3fdb6e56c6e720e6c2451b
+        SHA256: 6fe18adf87e3330799361d49e811c7a35a497423833ad83573588b7878df286c
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2017 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2017-06-06 18:26:08'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.1.0.0
+    Filename: ''
+    ImportedFunctions:
+    - KeBugCheck
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsProcessType
+    - PsGetProcessImageFileName
+    - PsLookupProcessByProcessId
+    - PsReferencePrimaryToken
+    - ZwOpenProcessTokenEx
+    - IoGetCurrentProcess
+    - ZwSetInformationProcess
+    - ZwClose
+    - ZwDuplicateToken
+    - PsInitialSystemProcess
+    - _vsnwprintf
+    - ObfDereferenceObject
+    - ObOpenObjectByPointer
+    - PsGetProcessId
+    - PsDereferencePrimaryToken
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - IoFreeMdl
+    - MmProbeAndLockPages
+    - MmUnlockPages
+    - IoAllocateMdl
+    - ZwUnloadKey
+    - IoEnumerateRegisteredFiltersList
+    - KeBugCheckEx
+    - MmGetSystemRoutineAddress
+    - IoDeleteDevice
+    - RtlInitUnicodeString
+    - NtBuildNumber
+    - RtlCompareMemory
+    - IoDeleteSymbolicLink
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwindEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltEnumerateFilters
+    - FltObjectDereference
+    - FltGetVolumeFromInstance
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: ccde8c94439f9fc9c42761e4b9a23d97
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.1.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: d45d2640e1584c776a1d10e5f695d7ad
+        SHA1: fef88c261764494d9a145b37b7739f3454786729
+        SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
+    SHA1: a56598e841ae694ac78c37bf4f8c09f9eaf3271f
+    SHA256: 62036cdf3663097534adf3252b921eed06b73c2562655eae36b126c7d3d83266
+    Sections:
+        .text:
+            Entropy: 6.137944463935485
+            Virtual Size: '0x319c'
+        .rdata:
+            Entropy: 3.846410257548868
+            Virtual Size: '0x1340'
+        .data:
+            Entropy: 2.3461427985512437
+            Virtual Size: '0x12e4'
+        .pdata:
+            Entropy: 4.010051195917961
+            Virtual Size: '0x1b0'
+        PAGE:
+            Entropy: 6.083244237405415
+            Virtual Size: '0x28b'
+        INIT:
+            Entropy: 5.119968261124173
+            Virtual Size: '0x5e6'
+        .rsrc:
+            Entropy: 3.370803361398665
+            Virtual Size: '0x440'
+        .reloc:
+            Entropy: 4.705915669612521
+            Virtual Size: '0x1d4'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 059c6bd84285f4960e767f032b33f19b
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: a5bc8be8fe3125725687ca6436b4570c
+        SHA1: 4f412f4b9b25e7c8f57f30850249847cec77b8a6
+        SHA256: 00231ea698565270bf9f542e70490b7a5c6740c2da6699ab548dca0a97ca3171
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2020 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2020-07-15 08:10:46'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.2.0.0
+    Filename: ''
+    ImportedFunctions:
+    - KeBugCheck
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsProcessType
+    - PsGetProcessImageFileName
+    - PsLookupProcessByProcessId
+    - PsReferencePrimaryToken
+    - ZwOpenProcessTokenEx
+    - IoGetCurrentProcess
+    - ZwSetInformationProcess
+    - ZwClose
+    - ZwDuplicateToken
+    - PsInitialSystemProcess
+    - _vsnwprintf
+    - ObfDereferenceObject
+    - ObOpenObjectByPointer
+    - PsGetProcessId
+    - PsDereferencePrimaryToken
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - IoFreeMdl
+    - MmProbeAndLockPages
+    - MmUnlockPages
+    - IoAllocateMdl
+    - ZwUnloadKey
+    - IoEnumerateRegisteredFiltersList
+    - KeBugCheckEx
+    - MmGetSystemRoutineAddress
+    - IoDeleteDevice
+    - RtlInitUnicodeString
+    - NtBuildNumber
+    - RtlCompareMemory
+    - IoDeleteSymbolicLink
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwindEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltEnumerateFilters
+    - FltObjectDereference
+    - FltGetVolumeFromInstance
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: 7d86cdda7f49f91fdb69901a002b34e7
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.2.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: d45d2640e1584c776a1d10e5f695d7ad
+        SHA1: fef88c261764494d9a145b37b7739f3454786729
+        SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
+    SHA1: 34b677fba9dcab9a9016332b3332ce57f5796860
+    SHA256: 93aa3066ae831cdf81505e1bc5035227dc0e8f06ebbbb777832a17920c6a02fe
+    Sections:
+        .text:
+            Entropy: 6.133976095876382
+            Virtual Size: '0x329c'
+        .rdata:
+            Entropy: 3.834943155260995
+            Virtual Size: '0x1490'
+        .data:
+            Entropy: 2.1710929957450715
+            Virtual Size: '0x1c54'
+        .pdata:
+            Entropy: 3.9857737110778095
+            Virtual Size: '0x1b0'
+        PAGE:
+            Entropy: 6.058535435224619
+            Virtual Size: '0x28b'
+        INIT:
+            Entropy: 5.119968261124173
+            Virtual Size: '0x5e6'
+        .rsrc:
+            Entropy: 3.3478109419215607
+            Virtual Size: '0x430'
+        .reloc:
+            Entropy: 5.011052354824561
+            Virtual Size: '0x288'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2026-04-13 10:00:00'
+            Signature: 1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 751e3ee9c5dc2f3e8f04e59dee5ed409
+            Version: 3
+            TBS:
+                MD5: a637f8f3c278575f41cda67c2063c050
+                SHA1: debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
+                SHA256: f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
+                SHA384: 8d32c5f71dc656c96a04609c17e9d8dc95c4f56d1a55165a265e244d34a3f7708e6c7d942376e4fbb3d2ac2f2609fd47
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 059c6bd84285f4960e767f032b33f19b
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 92a71f6d2051c92d5851fb9bd3e4e614
+        SHA1: 2f481b03cd80eb7fccb9efd0f67e97e101e23761
+        SHA256: 6e3e09583b7bba35ef21419bdc711984e8541eb20a29406940727f73cbb5064a
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2017 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2017-08-13 09:27:50'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.1.0.0
+    Filename: ''
+    ImportedFunctions:
+    - KeBugCheck
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsProcessType
+    - PsGetProcessImageFileName
+    - PsLookupProcessByProcessId
+    - PsReferencePrimaryToken
+    - ZwOpenProcessTokenEx
+    - IoGetCurrentProcess
+    - ZwSetInformationProcess
+    - ZwClose
+    - ZwDuplicateToken
+    - PsInitialSystemProcess
+    - _vsnwprintf
+    - ObfDereferenceObject
+    - ObOpenObjectByPointer
+    - PsGetProcessId
+    - PsDereferencePrimaryToken
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - IoFreeMdl
+    - MmProbeAndLockPages
+    - MmUnlockPages
+    - IoAllocateMdl
+    - ZwUnloadKey
+    - IoEnumerateRegisteredFiltersList
+    - KeBugCheckEx
+    - MmGetSystemRoutineAddress
+    - IoDeleteDevice
+    - RtlInitUnicodeString
+    - NtBuildNumber
+    - RtlCompareMemory
+    - IoDeleteSymbolicLink
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwindEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltEnumerateFilters
+    - FltObjectDereference
+    - FltGetVolumeFromInstance
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: 6b480fac7caca2f85be9a0cfe79aedfc
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.1.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: d45d2640e1584c776a1d10e5f695d7ad
+        SHA1: fef88c261764494d9a145b37b7739f3454786729
+        SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
+    SHA1: a249278a668d4df30af9f5d67ebb7d2cd160beaa
+    SHA256: a32dc2218fb1f538fba33701dfd9ca34267fda3181e82eb58b971ae8b78f0852
+    Sections:
+        .text:
+            Entropy: 6.137944463935485
+            Virtual Size: '0x319c'
+        .rdata:
+            Entropy: 3.8516903866776753
+            Virtual Size: '0x1340'
+        .data:
+            Entropy: 2.3461427985512437
+            Virtual Size: '0x12e4'
+        .pdata:
+            Entropy: 4.010051195917961
+            Virtual Size: '0x1b0'
+        PAGE:
+            Entropy: 6.083244237405415
+            Virtual Size: '0x28b'
+        INIT:
+            Entropy: 5.119968261124173
+            Virtual Size: '0x5e6'
+        .rsrc:
+            Entropy: 3.370803361398665
+            Virtual Size: '0x440'
+        .reloc:
+            Entropy: 4.705915669612521
+            Virtual Size: '0x1d4'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 059c6bd84285f4960e767f032b33f19b
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 1fddd0b405a4a733dd3b4b002c9c391a
+        SHA1: 4536bf012b14ef5bc17d70157877dd1b2834c997
+        SHA256: 4c068b3c86f5776e9a26680952de22e156ec9700d9c1810e5fd344c994d50419
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2020 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2020-09-16 19:34:03'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.2.0.0
+    Filename: ''
+    ImportedFunctions:
+    - NtBuildNumber
+    - IofCompleteRequest
+    - KeBugCheck
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsInitialSystemProcess
+    - ObfDereferenceObject
+    - PsLookupProcessByProcessId
+    - PsGetProcessImageFileName
+    - PsGetProcessId
+    - ZwClose
+    - ZwSetInformationProcess
+    - ZwDuplicateToken
+    - ObOpenObjectByPointer
+    - PsProcessType
+    - RtlInitUnicodeString
+    - PsReferencePrimaryToken
+    - IoGetCurrentProcess
+    - RtlCompareMemory
+    - ZwOpenProcessTokenEx
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - IoFreeMdl
+    - MmUnlockPages
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - memcpy
+    - KeServiceDescriptorTable
+    - IoEnumerateRegisteredFiltersList
+    - KeTickCount
+    - MmGetSystemRoutineAddress
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - memset
+    - PsDereferencePrimaryToken
+    - _vsnwprintf
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwind
+    - KeBugCheckEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltGetVolumeFromInstance
+    - FltObjectDereference
+    - FltEnumerateFilters
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: 27053e964667318e1b370150cbca9138
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.2.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: c4873a245675b1071413f34af4d80050
+        SHA1: dd32c95fe9c3a8bcfa7623a732f2492214ff5881
+        SHA256: 2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
+    SHA1: 02534b5b510d978bac823461a39f76b4f0ac5aa3
+    SHA256: 083f821d90e607ed93221e71d4742673e74f573d0755a96ad17d1403f65a2254
+    Sections:
+        .text:
+            Entropy: 6.2064317372812985
+            Virtual Size: '0x2404'
+        .rdata:
+            Entropy: 3.5462500241908277
+            Virtual Size: '0xff4'
+        .data:
+            Entropy: 2.813191841547333
+            Virtual Size: '0x14dc'
+        PAGE:
+            Entropy: 5.804360087879422
+            Virtual Size: '0x266'
+        INIT:
+            Entropy: 5.4281677070245955
+            Virtual Size: '0x538'
+        .rsrc:
+            Entropy: 3.3459452702797696
+            Virtual Size: '0x430'
+        .reloc:
+            Entropy: 6.0011548156682
+            Virtual Size: '0x4a0'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2026-04-13 10:00:00'
+            Signature: 1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 751e3ee9c5dc2f3e8f04e59dee5ed409
+            Version: 3
+            TBS:
+                MD5: a637f8f3c278575f41cda67c2063c050
+                SHA1: debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
+                SHA256: f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
+                SHA384: 8d32c5f71dc656c96a04609c17e9d8dc95c4f56d1a55165a265e244d34a3f7708e6c7d942376e4fbb3d2ac2f2609fd47
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 3b49942ec6cef1898e97f741b2b5df8a
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: e832e00fd6b6d562b40ab0c875a78680
+        SHA1: 4197f8d9fd8e733db82a03923ff72d839adec19a
+        SHA256: 2dd2620e1c844738429ba31e2545a8b2de1387117e4f24d6fe7fd4246b09ac39
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2017 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2018-02-04 18:08:19'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.1.1.0
+    Filename: ''
+    ImportedFunctions:
+    - NtBuildNumber
+    - IofCompleteRequest
+    - KeBugCheck
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsInitialSystemProcess
+    - ObfDereferenceObject
+    - PsLookupProcessByProcessId
+    - PsGetProcessImageFileName
+    - PsGetProcessId
+    - ZwClose
+    - ZwSetInformationProcess
+    - ZwDuplicateToken
+    - ObOpenObjectByPointer
+    - PsProcessType
+    - RtlInitUnicodeString
+    - PsReferencePrimaryToken
+    - IoGetCurrentProcess
+    - RtlCompareMemory
+    - ZwOpenProcessTokenEx
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - IoFreeMdl
+    - MmUnlockPages
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - memcpy
+    - KeServiceDescriptorTable
+    - IoEnumerateRegisteredFiltersList
+    - KeTickCount
+    - MmGetSystemRoutineAddress
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - memset
+    - PsDereferencePrimaryToken
+    - _vsnwprintf
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwind
+    - KeBugCheckEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltGetVolumeFromInstance
+    - FltObjectDereference
+    - FltEnumerateFilters
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: 78a122d926ccc371d60c861600c310f3
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.1.1.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: c4873a245675b1071413f34af4d80050
+        SHA1: dd32c95fe9c3a8bcfa7623a732f2492214ff5881
+        SHA256: 2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
+    SHA1: 10fb4ba6b2585ea02e7afb53ff34bf184eeb1a5d
+    SHA256: beef40f1b4ce0ff2ee5c264955e6b2a0de6fe4089307510378adc83fad77228b
+    Sections:
+        .text:
+            Entropy: 6.198093347366582
+            Virtual Size: '0x239e'
+        .rdata:
+            Entropy: 3.5470813576126146
+            Virtual Size: '0xe04'
+        .data:
+            Entropy: 2.8887582835017827
+            Virtual Size: '0xff8'
+        PAGE:
+            Entropy: 5.783313787388865
+            Virtual Size: '0x266'
+        INIT:
+            Entropy: 5.323943395070341
+            Virtual Size: '0x538'
+        .rsrc:
+            Entropy: 3.3804140325955863
+            Virtual Size: '0x440'
+        .reloc:
+            Entropy: 5.967349329602677
+            Virtual Size: '0x41e'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority,
+                CN=Certum Code Signing CA SHA2
+            ValidFrom: '2015-10-29 11:30:29'
+            ValidTo: '2027-06-09 11:30:29'
+            Signature: aae53f7654024c700e29a93996060f31b70bf1a68b52fb108f4f425b8cbd312301669de829a14dc350faf7f8450e1d82d7fcfea6320473fd71eccc880fa39208c5815802fd0b693bcdb83f493dd08d1c1314682e9b0d9aadb019e29ed27c3977886f23fd7b84fc446db5ba6b7092556c94b1d837fda9591db463b2dc13cd788e2535c19a8f37842ed445cce3f5cc8d73a8e33a6de7959470579150b66def73724f2f028760e2ea22a1ed3efdd18b668d2e726d4fc65d35ee93a898d2676ae9da19cd0283f974fc5f7a1804281edd22333b766c47055dd552fe0eba76f38310c76e305fa760c7fa7427319b2883ed218a1bf1235284ed95bcad3aa5a342019dbc
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 6b326a0f0328d37a1d530bfd23bd48e2
+            Version: 3
+            TBS:
+                MD5: e556c75dbca00e43684d23c11c032d4a
+                SHA1: 50925e36ffd52e5b4d32689e9007b14a3a417168
+                SHA256: f7b6eeb3a567223000a61f68c53b458193557c17e5d512d2825bcb13e5fc9be5
+                SHA384: 57f1cdd3afe0bd7859ab450dbdf6e21a55cf5ba0dda62b9b3c12f2d885d98413ce6817243f6bb83cd77276643369ecbf
+        -   Subject: C=FR, O=Open Source Developer, ST=Ile de France, CN=Open Source
+                Developer, Benjamin Delpy, emailAddress=benjamin@gentilkiwi.com
+            ValidFrom: '2017-12-04 09:50:34'
+            ValidTo: '2018-12-04 09:50:34'
+            Signature: a671cf049079a759f4c1fa73dd7f3b3b84da6480a91a3c1a9d6d3bb1313d6714d14272b477c37a86b88a686344dcfd89c8af3a34deaaa5bab970adfa66c5ff206b22ef1954ccbf6b96fdf0f99e9066557fefbb5ddc55aa2a2891181d1a27b06acb79380b618344bd202361fb0399a7e6e6ccbcfa714265fa054e373261efaf6b74bc7e4c7994bcb832d61b3c573d2ec8c3926afb60d4b63428112dd6249c2a49cfded8fa33893fb2d452b135ad57be1ff7956825861e1fd53dfbc0cef82045fd699ebeb74230abfbac20467f087f6e7e2b19f0f961ea2f015c2e54e653507f9966193658afc237778e12001f05e1c6e0ec13d9574718593a2f2484cff950e019
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 1519af351702ab2d86968d0be928f529
+            Version: 3
+            TBS:
+                MD5: 7227ed4392de49333e052f8f17c41f69
+                SHA1: e019d8060f65cc923dab50ea282fb8895c1c75f9
+                SHA256: eee437f4170a21f7de0e590620ff2a9412f89af95e87589d0e5a1cca17f61825
+                SHA384: a5f32361dfa3828aebf139cb1017bba83111e1ce2c5dbd126751a1e7d8f19f3fb838926fc118e423fbe07187e84efc2b
+        -   Subject: C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority,
+                CN=Certum Trusted Network CA
+            ValidFrom: '2011-04-15 20:15:34'
+            ValidTo: '2021-04-15 20:25:34'
+            Signature: 419f12160eedee2491fe5d5f10a097a8749e0dccf3115163122a5bb95dc7afac5aa25c0002cb728e0d9225b6522653be3c77a2c28c8089d84118571ab8d05057c328e7fad044804e7e8933286f3a47ef5e231ef27afe3a2a19dead6b1a2847786e9bbfeb7367589a2719d8eb5c3d085860629d5914cf9e76b3cfd962af7b72ac80f9e015ab9c7a5c4b1c7083db7094117bd22a4c7734dc36cccd46d40b198c09f6610ade481c9b3fff0b43d7f1018061abda70cfa78444acb31cce2630f5ca5f696735836ea3888c0fb8939bd65b0615e64b7db950ab09e07b2beb4c1a6bba1cca791bc59f81bde443f02de195d5a166076ce6e5456e060bdbf5bc4395b88aa50555e59668ac1d31db3804bc1c3db61975d1b5802a821e385c4676256c4d8b7483544375e77bb395bfee13609e0ecdfbcaf73a2a52a0a625497a17193ae8941f2c8204035ea9513cef526f7b43ceda2b81b47fda1a2c6265d1ec2837823014319d15bdffacc88b256e41bd1f23741be3fcf94be2eb46e68151530ec94a84788deca8b80f8d4c7fe0f6b0d2c538b24f82c410fe87b88ec6b6b0f87c12a7b4834dfc1e8b6a5bf9d564793ed1e37e1af6c81e59db4dca605c577ea25877ecfa05260032a7f6ff134e98d86f5b434cb336e425bcd93b9f38e00ee9be81e6c91f0f022f8d3a1288a88e1bb1e776913e18de361228fef766557c5bd464487452c32189
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 613bc791000000000034
+            Version: 3
+            TBS:
+                MD5: f5f0d604dd56b0446f98fb67e98a76f8
+                SHA1: c749c146cc00030ff36ecf9b698e6a377bc15605
+                SHA256: df5dacc623d44348fff0bc8ebe2cedc8ba212e33c6f10d7fd608f37f92a2c273
+                SHA384: c394dc13768746f008b4ffa082d6e8a2e55a83052d63e3c0a8f2fcfc30dcd51849afd21b0adf86bc50490629a89da09b
+        Signer:
+        -   SerialNumber: 1519af351702ab2d86968d0be928f529
+            Issuer: C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority,
+                CN=Certum Code Signing CA SHA2
+            Version: 1
+    Imphash: 3b49942ec6cef1898e97f741b2b5df8a
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 051cd4423d407ea1d470e612cf83922b
+        SHA1: 45d28e95c72db9c42a8da1f59013c80abc22894b
+        SHA256: e6745f1ac0dc8014e359672c7d5d1c01588ab4a68ea96eea2dea811dcdcf5131
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2017 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2018-08-14 14:14:01'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.1.1.0
+    Filename: ''
+    ImportedFunctions:
+    - KeBugCheck
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsProcessType
+    - PsGetProcessImageFileName
+    - PsLookupProcessByProcessId
+    - PsReferencePrimaryToken
+    - ZwOpenProcessTokenEx
+    - IoGetCurrentProcess
+    - ZwSetInformationProcess
+    - ZwClose
+    - ZwDuplicateToken
+    - PsInitialSystemProcess
+    - _vsnwprintf
+    - ObfDereferenceObject
+    - ObOpenObjectByPointer
+    - PsGetProcessId
+    - PsDereferencePrimaryToken
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - IoFreeMdl
+    - MmProbeAndLockPages
+    - MmUnlockPages
+    - IoAllocateMdl
+    - ZwUnloadKey
+    - IoEnumerateRegisteredFiltersList
+    - KeBugCheckEx
+    - MmGetSystemRoutineAddress
+    - IoDeleteDevice
+    - RtlInitUnicodeString
+    - NtBuildNumber
+    - RtlCompareMemory
+    - IoDeleteSymbolicLink
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwindEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltEnumerateFilters
+    - FltObjectDereference
+    - FltGetVolumeFromInstance
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: 30ca3cc19f001a8f12c619daa8c6b6e3
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.1.1.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: d45d2640e1584c776a1d10e5f695d7ad
+        SHA1: fef88c261764494d9a145b37b7739f3454786729
+        SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
+    SHA1: 2779c54ccd1c008cd80e88c2b454d76f4fa18c07
+    SHA256: 6964a5d85639baee288555797992861232e75817f93028b50b8c6d34aa38b05b
+    Sections:
+        .text:
+            Entropy: 6.1419629238500235
+            Virtual Size: '0x31fc'
+        .rdata:
+            Entropy: 3.850727433202846
+            Virtual Size: '0x13d0'
+        .data:
+            Entropy: 2.2863945965626136
+            Virtual Size: '0x1614'
+        .pdata:
+            Entropy: 4.052479770333054
+            Virtual Size: '0x1b0'
+        PAGE:
+            Entropy: 6.093773811863592
+            Virtual Size: '0x28b'
+        INIT:
+            Entropy: 5.119968261124173
+            Virtual Size: '0x5e6'
+        .rsrc:
+            Entropy: 3.3614073432360265
+            Virtual Size: '0x438'
+        .reloc:
+            Entropy: 4.830405545722778
+            Virtual Size: '0x210'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 059c6bd84285f4960e767f032b33f19b
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: cc7cfef4c49cdf23f42822de130703cd
+        SHA1: 3de0619f4784a19de28ee473917fc9939ef23bc8
+        SHA256: 40c740c6820ddc8f01013e7354278166c090cfe5e4027be1b187cf8cbd8a6b3f
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2017 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2017-07-31 20:46:20'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.1.0.0
+    Filename: ''
+    ImportedFunctions:
+    - KeBugCheck
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsProcessType
+    - PsGetProcessImageFileName
+    - PsLookupProcessByProcessId
+    - PsReferencePrimaryToken
+    - ZwOpenProcessTokenEx
+    - IoGetCurrentProcess
+    - ZwSetInformationProcess
+    - ZwClose
+    - ZwDuplicateToken
+    - PsInitialSystemProcess
+    - _vsnwprintf
+    - ObfDereferenceObject
+    - ObOpenObjectByPointer
+    - PsGetProcessId
+    - PsDereferencePrimaryToken
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - IoFreeMdl
+    - MmProbeAndLockPages
+    - MmUnlockPages
+    - IoAllocateMdl
+    - ZwUnloadKey
+    - IoEnumerateRegisteredFiltersList
+    - KeBugCheckEx
+    - MmGetSystemRoutineAddress
+    - IoDeleteDevice
+    - RtlInitUnicodeString
+    - NtBuildNumber
+    - RtlCompareMemory
+    - IoDeleteSymbolicLink
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwindEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltEnumerateFilters
+    - FltObjectDereference
+    - FltGetVolumeFromInstance
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: 091a6bd4880048514c5dd3bede15eba5
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.1.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: d45d2640e1584c776a1d10e5f695d7ad
+        SHA1: fef88c261764494d9a145b37b7739f3454786729
+        SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
+    SHA1: c7f0423ac5569f13d2b195e02741ad7eed839c6d
+    SHA256: 673bbc7fa4154f7d99af333014e888599c27ead02710f7bc7199184b30b38653
+    Sections:
+        .text:
+            Entropy: 6.137944463935485
+            Virtual Size: '0x319c'
+        .rdata:
+            Entropy: 3.852931722371594
+            Virtual Size: '0x1340'
+        .data:
+            Entropy: 2.3461427985512437
+            Virtual Size: '0x12e4'
+        .pdata:
+            Entropy: 4.010051195917961
+            Virtual Size: '0x1b0'
+        PAGE:
+            Entropy: 6.083244237405415
+            Virtual Size: '0x28b'
+        INIT:
+            Entropy: 5.119968261124173
+            Virtual Size: '0x5e6'
+        .rsrc:
+            Entropy: 3.370803361398665
+            Virtual Size: '0x440'
+        .reloc:
+            Entropy: 4.705915669612521
+            Virtual Size: '0x1d4'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 059c6bd84285f4960e767f032b33f19b
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 28e750aac7e280f5a4f5e3c677e5a5a8
+        SHA1: 0527d6e65a5e589a604b9e12665ee15ce549a39b
+        SHA256: 3bafb4e11a3823b3455728e938c69103dd4ff414529d9579b38b5ee12f77bce0
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2017 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2017-12-03 13:13:16'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.1.0.0
+    Filename: ''
+    ImportedFunctions:
+    - NtBuildNumber
+    - IofCompleteRequest
+    - KeBugCheck
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsInitialSystemProcess
+    - ObfDereferenceObject
+    - PsLookupProcessByProcessId
+    - PsGetProcessImageFileName
+    - PsGetProcessId
+    - ZwClose
+    - ZwSetInformationProcess
+    - ZwDuplicateToken
+    - ObOpenObjectByPointer
+    - PsProcessType
+    - RtlInitUnicodeString
+    - PsReferencePrimaryToken
+    - IoGetCurrentProcess
+    - RtlCompareMemory
+    - ZwOpenProcessTokenEx
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - IoFreeMdl
+    - MmUnlockPages
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - memcpy
+    - KeServiceDescriptorTable
+    - IoEnumerateRegisteredFiltersList
+    - KeTickCount
+    - MmGetSystemRoutineAddress
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - memset
+    - PsDereferencePrimaryToken
+    - _vsnwprintf
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwind
+    - KeBugCheckEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltGetVolumeFromInstance
+    - FltObjectDereference
+    - FltEnumerateFilters
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: 06c7fcf3523235cf52b3eee083ec07b2
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.1.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: c4873a245675b1071413f34af4d80050
+        SHA1: dd32c95fe9c3a8bcfa7623a732f2492214ff5881
+        SHA256: 2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
+    SHA1: d1fb740210c1fa2a52f6748b0588ae77de590b9d
+    SHA256: 14b89298134696f2fd1b1df0961d36fa6354721ea92498a349dc421e79447925
+    Sections:
+        .text:
+            Entropy: 6.199736289697868
+            Virtual Size: '0x236e'
+        .rdata:
+            Entropy: 3.5585329340170353
+            Virtual Size: '0xde4'
+        .data:
+            Entropy: 2.962098389788266
+            Virtual Size: '0xeb0'
+        PAGE:
+            Entropy: 5.795507089372613
+            Virtual Size: '0x266'
+        INIT:
+            Entropy: 5.324875365502854
+            Virtual Size: '0x538'
+        .rsrc:
+            Entropy: 3.3682712956797647
+            Virtual Size: '0x440'
+        .reloc:
+            Entropy: 5.952195564032691
+            Virtual Size: '0x3fe'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 3b49942ec6cef1898e97f741b2b5df8a
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 6bf3939ede334f41e8e1ad4b1215f137
+        SHA1: 35740f851360b154d9fbc06de9fe2ec3ec3ab552
+        SHA256: d6d56ffa4dcec362148ce6b3806773403cf7ca61f991e17f7286ee975a706f78
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2017 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2018-01-26 17:39:54'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.1.1.0
+    Filename: ''
+    ImportedFunctions:
+    - KeBugCheck
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsProcessType
+    - PsGetProcessImageFileName
+    - PsLookupProcessByProcessId
+    - PsReferencePrimaryToken
+    - ZwOpenProcessTokenEx
+    - IoGetCurrentProcess
+    - ZwSetInformationProcess
+    - ZwClose
+    - ZwDuplicateToken
+    - PsInitialSystemProcess
+    - _vsnwprintf
+    - ObfDereferenceObject
+    - ObOpenObjectByPointer
+    - PsGetProcessId
+    - PsDereferencePrimaryToken
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - IoFreeMdl
+    - MmProbeAndLockPages
+    - MmUnlockPages
+    - IoAllocateMdl
+    - ZwUnloadKey
+    - IoEnumerateRegisteredFiltersList
+    - KeBugCheckEx
+    - MmGetSystemRoutineAddress
+    - IoDeleteDevice
+    - RtlInitUnicodeString
+    - NtBuildNumber
+    - RtlCompareMemory
+    - IoDeleteSymbolicLink
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwindEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltEnumerateFilters
+    - FltObjectDereference
+    - FltGetVolumeFromInstance
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: 67daa04716803a15fc11c9e353d77c2f
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.1.1.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: d45d2640e1584c776a1d10e5f695d7ad
+        SHA1: fef88c261764494d9a145b37b7739f3454786729
+        SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
+    SHA1: a111dc6ae5575977feba71ee69b790e056846a02
+    SHA256: b2486f9359c94d7473ad8331b87a9c17ca9ba6e4109fd26ce92dff01969eaa09
+    Sections:
+        .text:
+            Entropy: 6.144037436753497
+            Virtual Size: '0x31dc'
+        .rdata:
+            Entropy: 3.842844016680653
+            Virtual Size: '0x1390'
+        .data:
+            Entropy: 2.313119440407077
+            Virtual Size: '0x1494'
+        .pdata:
+            Entropy: 3.990039715462728
+            Virtual Size: '0x1b0'
+        PAGE:
+            Entropy: 6.084557222001841
+            Virtual Size: '0x28b'
+        INIT:
+            Entropy: 5.119968261124173
+            Virtual Size: '0x5e6'
+        .rsrc:
+            Entropy: 3.382946098314487
+            Virtual Size: '0x440'
+        .reloc:
+            Entropy: 4.8001308386334935
+            Virtual Size: '0x1f2'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority,
+                CN=Certum Code Signing CA SHA2
+            ValidFrom: '2015-10-29 11:30:29'
+            ValidTo: '2027-06-09 11:30:29'
+            Signature: aae53f7654024c700e29a93996060f31b70bf1a68b52fb108f4f425b8cbd312301669de829a14dc350faf7f8450e1d82d7fcfea6320473fd71eccc880fa39208c5815802fd0b693bcdb83f493dd08d1c1314682e9b0d9aadb019e29ed27c3977886f23fd7b84fc446db5ba6b7092556c94b1d837fda9591db463b2dc13cd788e2535c19a8f37842ed445cce3f5cc8d73a8e33a6de7959470579150b66def73724f2f028760e2ea22a1ed3efdd18b668d2e726d4fc65d35ee93a898d2676ae9da19cd0283f974fc5f7a1804281edd22333b766c47055dd552fe0eba76f38310c76e305fa760c7fa7427319b2883ed218a1bf1235284ed95bcad3aa5a342019dbc
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 6b326a0f0328d37a1d530bfd23bd48e2
+            Version: 3
+            TBS:
+                MD5: e556c75dbca00e43684d23c11c032d4a
+                SHA1: 50925e36ffd52e5b4d32689e9007b14a3a417168
+                SHA256: f7b6eeb3a567223000a61f68c53b458193557c17e5d512d2825bcb13e5fc9be5
+                SHA384: 57f1cdd3afe0bd7859ab450dbdf6e21a55cf5ba0dda62b9b3c12f2d885d98413ce6817243f6bb83cd77276643369ecbf
+        -   Subject: C=FR, O=Open Source Developer, ST=Ile de France, CN=Open Source
+                Developer, Benjamin Delpy, emailAddress=benjamin@gentilkiwi.com
+            ValidFrom: '2017-12-04 09:50:34'
+            ValidTo: '2018-12-04 09:50:34'
+            Signature: a671cf049079a759f4c1fa73dd7f3b3b84da6480a91a3c1a9d6d3bb1313d6714d14272b477c37a86b88a686344dcfd89c8af3a34deaaa5bab970adfa66c5ff206b22ef1954ccbf6b96fdf0f99e9066557fefbb5ddc55aa2a2891181d1a27b06acb79380b618344bd202361fb0399a7e6e6ccbcfa714265fa054e373261efaf6b74bc7e4c7994bcb832d61b3c573d2ec8c3926afb60d4b63428112dd6249c2a49cfded8fa33893fb2d452b135ad57be1ff7956825861e1fd53dfbc0cef82045fd699ebeb74230abfbac20467f087f6e7e2b19f0f961ea2f015c2e54e653507f9966193658afc237778e12001f05e1c6e0ec13d9574718593a2f2484cff950e019
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 1519af351702ab2d86968d0be928f529
+            Version: 3
+            TBS:
+                MD5: 7227ed4392de49333e052f8f17c41f69
+                SHA1: e019d8060f65cc923dab50ea282fb8895c1c75f9
+                SHA256: eee437f4170a21f7de0e590620ff2a9412f89af95e87589d0e5a1cca17f61825
+                SHA384: a5f32361dfa3828aebf139cb1017bba83111e1ce2c5dbd126751a1e7d8f19f3fb838926fc118e423fbe07187e84efc2b
+        -   Subject: C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority,
+                CN=Certum Trusted Network CA
+            ValidFrom: '2011-04-15 20:15:34'
+            ValidTo: '2021-04-15 20:25:34'
+            Signature: 419f12160eedee2491fe5d5f10a097a8749e0dccf3115163122a5bb95dc7afac5aa25c0002cb728e0d9225b6522653be3c77a2c28c8089d84118571ab8d05057c328e7fad044804e7e8933286f3a47ef5e231ef27afe3a2a19dead6b1a2847786e9bbfeb7367589a2719d8eb5c3d085860629d5914cf9e76b3cfd962af7b72ac80f9e015ab9c7a5c4b1c7083db7094117bd22a4c7734dc36cccd46d40b198c09f6610ade481c9b3fff0b43d7f1018061abda70cfa78444acb31cce2630f5ca5f696735836ea3888c0fb8939bd65b0615e64b7db950ab09e07b2beb4c1a6bba1cca791bc59f81bde443f02de195d5a166076ce6e5456e060bdbf5bc4395b88aa50555e59668ac1d31db3804bc1c3db61975d1b5802a821e385c4676256c4d8b7483544375e77bb395bfee13609e0ecdfbcaf73a2a52a0a625497a17193ae8941f2c8204035ea9513cef526f7b43ceda2b81b47fda1a2c6265d1ec2837823014319d15bdffacc88b256e41bd1f23741be3fcf94be2eb46e68151530ec94a84788deca8b80f8d4c7fe0f6b0d2c538b24f82c410fe87b88ec6b6b0f87c12a7b4834dfc1e8b6a5bf9d564793ed1e37e1af6c81e59db4dca605c577ea25877ecfa05260032a7f6ff134e98d86f5b434cb336e425bcd93b9f38e00ee9be81e6c91f0f022f8d3a1288a88e1bb1e776913e18de361228fef766557c5bd464487452c32189
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 613bc791000000000034
+            Version: 3
+            TBS:
+                MD5: f5f0d604dd56b0446f98fb67e98a76f8
+                SHA1: c749c146cc00030ff36ecf9b698e6a377bc15605
+                SHA256: df5dacc623d44348fff0bc8ebe2cedc8ba212e33c6f10d7fd608f37f92a2c273
+                SHA384: c394dc13768746f008b4ffa082d6e8a2e55a83052d63e3c0a8f2fcfc30dcd51849afd21b0adf86bc50490629a89da09b
+        Signer:
+        -   SerialNumber: 1519af351702ab2d86968d0be928f529
+            Issuer: C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority,
+                CN=Certum Code Signing CA SHA2
+            Version: 1
+    Imphash: 059c6bd84285f4960e767f032b33f19b
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 0acacf205b4c3e64dcb2134a14f504ca
+        SHA1: 3de88b7ca9dadb39f12e75ac050cd353f7e611d3
+        SHA256: 29b3f3f315179d30fbe75de7b59f09bc7452e6b538ff02b5252c3ee7b26eccab
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2015 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2015-09-06 11:01:44'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.0.0.0
+    Filename: ''
+    ImportedFunctions:
+    - KeBugCheck
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsInitialSystemProcess
+    - ObfDereferenceObject
+    - PsLookupProcessByProcessId
+    - PsGetProcessImageFileName
+    - PsGetProcessId
+    - ZwClose
+    - ZwSetInformationProcess
+    - ZwDuplicateToken
+    - ObOpenObjectByPointer
+    - PsProcessType
+    - PsDereferencePrimaryToken
+    - PsReferencePrimaryToken
+    - IofCompleteRequest
+    - RtlCompareMemory
+    - ZwOpenProcessTokenEx
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - IoFreeMdl
+    - MmUnlockPages
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - memcpy
+    - KeServiceDescriptorTable
+    - MmGetSystemRoutineAddress
+    - RtlInitUnicodeString
+    - PsSetCreateProcessNotifyRoutine
+    - IoEnumerateRegisteredFiltersList
+    - KeTickCount
+    - NtBuildNumber
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - memset
+    - IoGetCurrentProcess
+    - _vsnwprintf
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwind
+    - KeBugCheckEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltGetVolumeFromInstance
+    - FltObjectDereference
+    - FltEnumerateFilters
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: 40170485cca576adb5266cf5b0d3b0bd
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.0.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 8665c9d64e9ce611e8da04f59bef5a6b
+        SHA1: 68ce0ee056b5baefb1f65c7e665bb2867f59007d
+        SHA256: 2c3b58420079e8105ce61febc1234fb9f14a5596a25bc2da1bc2e94d89069cab
+    SHA1: 7277d965b9de91b4d8ea5eb8ae7fa3899eef63a2
+    SHA256: 2fd43a749b5040ebfafd7cdbd088e27ef44341d121f313515ebde460bf3aaa21
+    Sections:
+        .text:
+            Entropy: 6.202808580330778
+            Virtual Size: '0x250e'
+        .rdata:
+            Entropy: 3.556844019633443
+            Virtual Size: '0xda4'
+        .data:
+            Entropy: 3.090178215836175
+            Virtual Size: '0xb08'
+        PAGE:
+            Entropy: 5.780138321942911
+            Virtual Size: '0x266'
+        INIT:
+            Entropy: 5.303621700268906
+            Virtual Size: '0x55e'
+        .rsrc:
+            Entropy: 3.3553824672541936
+            Virtual Size: '0x440'
+        .reloc:
+            Entropy: 5.956839106739942
+            Virtual Size: '0x3d4'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 8e35c9460537092672b3c7c14bccc7e0
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: f8cad836d57e1f1cdf013bead93fde78
+        SHA1: 32ce5b32b7c9865d9031e2aaf1330f59d263a0b8
+        SHA256: fde2df81ad28f2306a2daf636041eb747a035d8f08709cdac2d53987d9edef4a
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2020 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2020-08-16 02:26:33'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.2.0.0
+    Filename: ''
+    ImportedFunctions:
+    - KeBugCheck
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsProcessType
+    - PsGetProcessImageFileName
+    - PsLookupProcessByProcessId
+    - PsReferencePrimaryToken
+    - ZwOpenProcessTokenEx
+    - IoGetCurrentProcess
+    - ZwSetInformationProcess
+    - ZwClose
+    - ZwDuplicateToken
+    - PsInitialSystemProcess
+    - _vsnwprintf
+    - ObfDereferenceObject
+    - ObOpenObjectByPointer
+    - PsGetProcessId
+    - PsDereferencePrimaryToken
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - IoFreeMdl
+    - MmProbeAndLockPages
+    - MmUnlockPages
+    - IoAllocateMdl
+    - ZwUnloadKey
+    - IoEnumerateRegisteredFiltersList
+    - KeBugCheckEx
+    - MmGetSystemRoutineAddress
+    - IoDeleteDevice
+    - RtlInitUnicodeString
+    - NtBuildNumber
+    - RtlCompareMemory
+    - IoDeleteSymbolicLink
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwindEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltEnumerateFilters
+    - FltObjectDereference
+    - FltGetVolumeFromInstance
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: 24f0f2b4b3cdae11de1b81c537df41c7
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.2.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: d45d2640e1584c776a1d10e5f695d7ad
+        SHA1: fef88c261764494d9a145b37b7739f3454786729
+        SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
+    SHA1: fee00dde8080c278a4c4a6d85a5601edc85a1b3d
+    SHA256: 85b9d7344bf847349b5d58ebe4d44fd63679a36164505271593ef1076aa163b2
+    Sections:
+        .text:
+            Entropy: 6.133976095876382
+            Virtual Size: '0x329c'
+        .rdata:
+            Entropy: 3.8395429527142535
+            Virtual Size: '0x1490'
+        .data:
+            Entropy: 2.1710929957450715
+            Virtual Size: '0x1c54'
+        .pdata:
+            Entropy: 3.9857737110778095
+            Virtual Size: '0x1b0'
+        PAGE:
+            Entropy: 6.058535435224619
+            Virtual Size: '0x28b'
+        INIT:
+            Entropy: 5.119968261124173
+            Virtual Size: '0x5e6'
+        .rsrc:
+            Entropy: 3.3478109419215607
+            Virtual Size: '0x430'
+        .reloc:
+            Entropy: 5.011052354824561
+            Virtual Size: '0x288'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2026-04-13 10:00:00'
+            Signature: 1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 751e3ee9c5dc2f3e8f04e59dee5ed409
+            Version: 3
+            TBS:
+                MD5: a637f8f3c278575f41cda67c2063c050
+                SHA1: debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
+                SHA256: f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
+                SHA384: 8d32c5f71dc656c96a04609c17e9d8dc95c4f56d1a55165a265e244d34a3f7708e6c7d942376e4fbb3d2ac2f2609fd47
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 059c6bd84285f4960e767f032b33f19b
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 2170a8c0c0e234f2d3a3a05fe72b0ed5
+        SHA1: 7a4a242686ffee4294fba8a6a3aeeb80d28e0ba0
+        SHA256: 284bf9b08be5d4fd4b10fda6736cf490c66f9adace013c19be2e31cf74bfc5e9
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2020 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2020-02-26 23:42:24'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.2.0.0
+    Filename: ''
+    ImportedFunctions:
+    - KeBugCheck
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsProcessType
+    - PsGetProcessImageFileName
+    - PsLookupProcessByProcessId
+    - PsReferencePrimaryToken
+    - ZwOpenProcessTokenEx
+    - IoGetCurrentProcess
+    - ZwSetInformationProcess
+    - ZwClose
+    - ZwDuplicateToken
+    - PsInitialSystemProcess
+    - _vsnwprintf
+    - ObfDereferenceObject
+    - ObOpenObjectByPointer
+    - PsGetProcessId
+    - PsDereferencePrimaryToken
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - IoFreeMdl
+    - MmProbeAndLockPages
+    - MmUnlockPages
+    - IoAllocateMdl
+    - ZwUnloadKey
+    - IoEnumerateRegisteredFiltersList
+    - KeBugCheckEx
+    - MmGetSystemRoutineAddress
+    - IoDeleteDevice
+    - RtlInitUnicodeString
+    - NtBuildNumber
+    - RtlCompareMemory
+    - IoDeleteSymbolicLink
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwindEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltEnumerateFilters
+    - FltObjectDereference
+    - FltGetVolumeFromInstance
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: 364605ad21b9275681cffef607fac273
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.2.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: d45d2640e1584c776a1d10e5f695d7ad
+        SHA1: fef88c261764494d9a145b37b7739f3454786729
+        SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
+    SHA1: 8cd9df52b20b8f792ac53f57763dc147d7782b1e
+    SHA256: 492113a223d6a3fc110059fe46a180d82bb8e002ef2cd76cbf0c1d1eb8243263
+    Sections:
+        .text:
+            Entropy: 6.135433819899731
+            Virtual Size: '0x325c'
+        .rdata:
+            Entropy: 3.8356314209207474
+            Virtual Size: '0x1450'
+        .data:
+            Entropy: 2.2159905775744044
+            Virtual Size: '0x1934'
+        .pdata:
+            Entropy: 4.038755197475624
+            Virtual Size: '0x1b0'
+        PAGE:
+            Entropy: 6.068036657482388
+            Virtual Size: '0x28b'
+        INIT:
+            Entropy: 5.119968261124173
+            Virtual Size: '0x5e6'
+        .rsrc:
+            Entropy: 3.3478109419215607
+            Virtual Size: '0x430'
+        .reloc:
+            Entropy: 4.901711830072888
+            Virtual Size: '0x24c'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2026-04-13 10:00:00'
+            Signature: 1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 751e3ee9c5dc2f3e8f04e59dee5ed409
+            Version: 3
+            TBS:
+                MD5: a637f8f3c278575f41cda67c2063c050
+                SHA1: debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
+                SHA256: f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
+                SHA384: 8d32c5f71dc656c96a04609c17e9d8dc95c4f56d1a55165a265e244d34a3f7708e6c7d942376e4fbb3d2ac2f2609fd47
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 059c6bd84285f4960e767f032b33f19b
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 6b4676f977a9d4af3cd0ef1263390490
+        SHA1: da759e5426126c44e008b183a21fe0676c136363
+        SHA256: c24d0fa3ec5fae870fb0a4e38943d396929d78165354bae56ae5730eb4d062e1
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2019 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2019-12-22 13:45:17'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.2.0.0
+    Filename: ''
+    ImportedFunctions:
+    - KeBugCheck
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsProcessType
+    - PsGetProcessImageFileName
+    - PsLookupProcessByProcessId
+    - PsReferencePrimaryToken
+    - ZwOpenProcessTokenEx
+    - IoGetCurrentProcess
+    - ZwSetInformationProcess
+    - ZwClose
+    - ZwDuplicateToken
+    - PsInitialSystemProcess
+    - _vsnwprintf
+    - ObfDereferenceObject
+    - ObOpenObjectByPointer
+    - PsGetProcessId
+    - PsDereferencePrimaryToken
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - IoFreeMdl
+    - MmProbeAndLockPages
+    - MmUnlockPages
+    - IoAllocateMdl
+    - ZwUnloadKey
+    - IoEnumerateRegisteredFiltersList
+    - KeBugCheckEx
+    - MmGetSystemRoutineAddress
+    - IoDeleteDevice
+    - RtlInitUnicodeString
+    - NtBuildNumber
+    - RtlCompareMemory
+    - IoDeleteSymbolicLink
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwindEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltEnumerateFilters
+    - FltObjectDereference
+    - FltGetVolumeFromInstance
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: 32eb3d2bf2c5b3da2d2a1f20fffbac44
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.2.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: d45d2640e1584c776a1d10e5f695d7ad
+        SHA1: fef88c261764494d9a145b37b7739f3454786729
+        SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
+    SHA1: 36dca91fb4595de38418dffc3506dc78d7388c2c
+    SHA256: a7a665a695ec3c0f862a0d762ad55aff6ce6014359647e7c7f7e3c4dc3be81b7
+    Sections:
+        .text:
+            Entropy: 6.135433819899731
+            Virtual Size: '0x325c'
+        .rdata:
+            Entropy: 3.839044593352483
+            Virtual Size: '0x1450'
+        .data:
+            Entropy: 2.2159905775744044
+            Virtual Size: '0x1934'
+        .pdata:
+            Entropy: 4.038755197475624
+            Virtual Size: '0x1b0'
+        PAGE:
+            Entropy: 6.068036657482388
+            Virtual Size: '0x28b'
+        INIT:
+            Entropy: 5.119968261124173
+            Virtual Size: '0x5e6'
+        .rsrc:
+            Entropy: 3.3547531988948798
+            Virtual Size: '0x430'
+        .reloc:
+            Entropy: 4.901711830072888
+            Virtual Size: '0x24c'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 059c6bd84285f4960e767f032b33f19b
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 608f5e7c3a5fd1a742cc77fcf5366847
+        SHA1: 893a26e64c80c1ec234470eb5e2c34f495b528fb
+        SHA256: 2bff494de18fb32985901a06a931dab92eda052172cf7c942cdd6da944b7a4ba
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2020 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2020-08-04 05:59:36'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.2.0.0
+    Filename: ''
+    ImportedFunctions:
+    - NtBuildNumber
+    - IofCompleteRequest
+    - KeBugCheck
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsInitialSystemProcess
+    - ObfDereferenceObject
+    - PsLookupProcessByProcessId
+    - PsGetProcessImageFileName
+    - PsGetProcessId
+    - ZwClose
+    - ZwSetInformationProcess
+    - ZwDuplicateToken
+    - ObOpenObjectByPointer
+    - PsProcessType
+    - RtlInitUnicodeString
+    - PsReferencePrimaryToken
+    - IoGetCurrentProcess
+    - RtlCompareMemory
+    - ZwOpenProcessTokenEx
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - IoFreeMdl
+    - MmUnlockPages
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - memcpy
+    - KeServiceDescriptorTable
+    - IoEnumerateRegisteredFiltersList
+    - KeTickCount
+    - MmGetSystemRoutineAddress
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - memset
+    - PsDereferencePrimaryToken
+    - _vsnwprintf
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwind
+    - KeBugCheckEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltGetVolumeFromInstance
+    - FltObjectDereference
+    - FltEnumerateFilters
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: 629ee55e4b5a225d048fbcd5f0a1d18b
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.2.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: c4873a245675b1071413f34af4d80050
+        SHA1: dd32c95fe9c3a8bcfa7623a732f2492214ff5881
+        SHA256: 2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
+    SHA1: e2d98e0e178880f10434059096f936b2c06ed8f4
+    SHA256: cf9451c9ccc5509b9912965f79c2b95eb89d805b2a186d7521d3a262cf5a7a37
+    Sections:
+        .text:
+            Entropy: 6.2064317372812985
+            Virtual Size: '0x2404'
+        .rdata:
+            Entropy: 3.5435226599914578
+            Virtual Size: '0xff4'
+        .data:
+            Entropy: 2.813191841547333
+            Virtual Size: '0x14dc'
+        PAGE:
+            Entropy: 5.804360087879422
+            Virtual Size: '0x266'
+        INIT:
+            Entropy: 5.4281677070245955
+            Virtual Size: '0x538'
+        .rsrc:
+            Entropy: 3.3459452702797696
+            Virtual Size: '0x430'
+        .reloc:
+            Entropy: 6.0011548156682
+            Virtual Size: '0x4a0'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2026-04-13 10:00:00'
+            Signature: 1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 751e3ee9c5dc2f3e8f04e59dee5ed409
+            Version: 3
+            TBS:
+                MD5: a637f8f3c278575f41cda67c2063c050
+                SHA1: debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
+                SHA256: f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
+                SHA384: 8d32c5f71dc656c96a04609c17e9d8dc95c4f56d1a55165a265e244d34a3f7708e6c7d942376e4fbb3d2ac2f2609fd47
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 3b49942ec6cef1898e97f741b2b5df8a
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: ef956bee27a95cc5fa60a13641d02dcc
+        SHA1: 09c7e43a8ff9931b2705f74cf65cbfc593e3e235
+        SHA256: 374bb09b4d6a9f21a5e2320343068bd44848f396d9b25a6f4d80931e6d9505ce
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2017 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2017-03-25 18:33:31'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.1.0.0
+    Filename: ''
+    ImportedFunctions:
+    - KeBugCheck
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsProcessType
+    - PsGetProcessImageFileName
+    - PsLookupProcessByProcessId
+    - PsReferencePrimaryToken
+    - ZwOpenProcessTokenEx
+    - IoGetCurrentProcess
+    - ZwSetInformationProcess
+    - ZwClose
+    - ZwDuplicateToken
+    - PsInitialSystemProcess
+    - _vsnwprintf
+    - ObfDereferenceObject
+    - ObOpenObjectByPointer
+    - PsGetProcessId
+    - PsDereferencePrimaryToken
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - IoFreeMdl
+    - MmProbeAndLockPages
+    - MmUnlockPages
+    - IoAllocateMdl
+    - ZwUnloadKey
+    - IoEnumerateRegisteredFiltersList
+    - KeBugCheckEx
+    - MmGetSystemRoutineAddress
+    - IoDeleteDevice
+    - RtlInitUnicodeString
+    - NtBuildNumber
+    - RtlCompareMemory
+    - IoDeleteSymbolicLink
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwindEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltEnumerateFilters
+    - FltObjectDereference
+    - FltGetVolumeFromInstance
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: 3164bd6c12dd0fe1bdf3b833d56323b9
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.1.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: d45d2640e1584c776a1d10e5f695d7ad
+        SHA1: fef88c261764494d9a145b37b7739f3454786729
+        SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
+    SHA1: 80e4808a7fe752cac444676dbbee174367fa2083
+    SHA256: 69866557566c59772f203c11f5fba30271448e231b65806a66e48f41e3804d7f
+    Sections:
+        .text:
+            Entropy: 6.14362601153889
+            Virtual Size: '0x318c'
+        .rdata:
+            Entropy: 3.858676364114319
+            Virtual Size: '0x1300'
+        .data:
+            Entropy: 2.3976266531821224
+            Virtual Size: '0x1144'
+        .pdata:
+            Entropy: 4.043975650731326
+            Virtual Size: '0x1b0'
+        PAGE:
+            Entropy: 6.070426661582891
+            Virtual Size: '0x28b'
+        INIT:
+            Entropy: 5.119968261124173
+            Virtual Size: '0x5e6'
+        .rsrc:
+            Entropy: 3.370803361398665
+            Virtual Size: '0x440'
+        .reloc:
+            Entropy: 4.657997051970539
+            Virtual Size: '0x1b6'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 059c6bd84285f4960e767f032b33f19b
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 97cbf45af32bfa08a7874548d987b92c
+        SHA1: 6f1edc71be093b53860e777e0fca7a6dd7525bb5
+        SHA256: ab5b4c34bc49b3ae9c6a7607d97b2bd63d9a1b3c669ef18c8865c8a50a3254a9
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2020 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2020-09-18 11:17:54'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.2.0.0
+    Filename: ''
+    ImportedFunctions:
+    - NtBuildNumber
+    - IofCompleteRequest
+    - KeBugCheck
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsInitialSystemProcess
+    - ObfDereferenceObject
+    - PsLookupProcessByProcessId
+    - PsGetProcessImageFileName
+    - PsGetProcessId
+    - ZwClose
+    - ZwSetInformationProcess
+    - ZwDuplicateToken
+    - ObOpenObjectByPointer
+    - PsProcessType
+    - RtlInitUnicodeString
+    - PsReferencePrimaryToken
+    - IoGetCurrentProcess
+    - RtlCompareMemory
+    - ZwOpenProcessTokenEx
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - IoFreeMdl
+    - MmUnlockPages
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - memcpy
+    - KeServiceDescriptorTable
+    - IoEnumerateRegisteredFiltersList
+    - KeTickCount
+    - MmGetSystemRoutineAddress
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - memset
+    - PsDereferencePrimaryToken
+    - _vsnwprintf
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwind
+    - KeBugCheckEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltGetVolumeFromInstance
+    - FltObjectDereference
+    - FltEnumerateFilters
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: f838f4eb36f1e7036238776c7a70f0b0
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.2.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: c4873a245675b1071413f34af4d80050
+        SHA1: dd32c95fe9c3a8bcfa7623a732f2492214ff5881
+        SHA256: 2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
+    SHA1: 115edd175c346fd3fbc9f113ee5ccd03b5511ee1
+    SHA256: d032001eab6cad4fbef19aab418650ded00152143bd14507e17d62748297c23f
+    Sections:
+        .text:
+            Entropy: 6.2064317372812985
+            Virtual Size: '0x2404'
+        .rdata:
+            Entropy: 3.5407041613462478
+            Virtual Size: '0xff4'
+        .data:
+            Entropy: 2.813191841547333
+            Virtual Size: '0x14dc'
+        PAGE:
+            Entropy: 5.804360087879422
+            Virtual Size: '0x266'
+        INIT:
+            Entropy: 5.4281677070245955
+            Virtual Size: '0x538'
+        .rsrc:
+            Entropy: 3.3459452702797696
+            Virtual Size: '0x430'
+        .reloc:
+            Entropy: 6.0011548156682
+            Virtual Size: '0x4a0'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2026-04-13 10:00:00'
+            Signature: 1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 751e3ee9c5dc2f3e8f04e59dee5ed409
+            Version: 3
+            TBS:
+                MD5: a637f8f3c278575f41cda67c2063c050
+                SHA1: debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
+                SHA256: f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
+                SHA384: 8d32c5f71dc656c96a04609c17e9d8dc95c4f56d1a55165a265e244d34a3f7708e6c7d942376e4fbb3d2ac2f2609fd47
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 3b49942ec6cef1898e97f741b2b5df8a
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 22c7aa94f5b698194b691dfae69e4a0d
+        SHA1: 34abd5d2a059bd18e74b8b25fdb518560628be49
+        SHA256: 14d8ec21cc6bad738a8eef146506d04c64282bce01d9659e7f4dcdbff95e4c34
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2017 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2017-03-19 20:32:00'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.1.0.0
+    Filename: ''
+    ImportedFunctions:
+    - NtBuildNumber
+    - IofCompleteRequest
+    - KeBugCheck
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsInitialSystemProcess
+    - ObfDereferenceObject
+    - PsLookupProcessByProcessId
+    - PsGetProcessImageFileName
+    - PsGetProcessId
+    - ZwClose
+    - ZwSetInformationProcess
+    - ZwDuplicateToken
+    - ObOpenObjectByPointer
+    - PsProcessType
+    - RtlInitUnicodeString
+    - PsReferencePrimaryToken
+    - IoGetCurrentProcess
+    - RtlCompareMemory
+    - ZwOpenProcessTokenEx
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - IoFreeMdl
+    - MmUnlockPages
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - memcpy
+    - KeServiceDescriptorTable
+    - IoEnumerateRegisteredFiltersList
+    - KeTickCount
+    - MmGetSystemRoutineAddress
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - memset
+    - PsDereferencePrimaryToken
+    - _vsnwprintf
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwind
+    - KeBugCheckEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltGetVolumeFromInstance
+    - FltObjectDereference
+    - FltEnumerateFilters
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: 10c2ea775c9e76e7774ab89e38f38287
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.1.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: c4873a245675b1071413f34af4d80050
+        SHA1: dd32c95fe9c3a8bcfa7623a732f2492214ff5881
+        SHA256: 2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
+    SHA1: 1ce17c54c6884b0319d5aabbe7f96221f4838514
+    SHA256: 51805bb537befaac8ce28f2221624cb4d9cefdc0260bc1afd5e0bc97bf1f9f93
+    Sections:
+        .text:
+            Entropy: 6.189266621409851
+            Virtual Size: '0x235e'
+        .rdata:
+            Entropy: 3.56656949987203
+            Virtual Size: '0xdc4'
+        .data:
+            Entropy: 2.9710357364934694
+            Virtual Size: '0xd68'
+        PAGE:
+            Entropy: 5.8055474754253495
+            Virtual Size: '0x266'
+        INIT:
+            Entropy: 5.325440401058366
+            Virtual Size: '0x538'
+        .rsrc:
+            Entropy: 3.3682712956797647
+            Virtual Size: '0x440'
+        .reloc:
+            Entropy: 5.910661392306955
+            Virtual Size: '0x3e0'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 3b49942ec6cef1898e97f741b2b5df8a
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 3ec892a5335b36ad3866d23ee0627262
+        SHA1: 440b83072e1a1dc94c422e8552ed4e62c2e333ea
+        SHA256: 2c5c067497a0490e9fe79d0e4f9f759af93138b1a0bea08a89af09e119390c7a
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2016 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2016-11-25 18:28:14'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.1.0.0
+    Filename: ''
+    ImportedFunctions:
+    - NtBuildNumber
+    - IofCompleteRequest
+    - KeBugCheck
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsInitialSystemProcess
+    - ObfDereferenceObject
+    - PsLookupProcessByProcessId
+    - PsGetProcessImageFileName
+    - PsGetProcessId
+    - ZwClose
+    - ZwSetInformationProcess
+    - ZwDuplicateToken
+    - ObOpenObjectByPointer
+    - PsProcessType
+    - RtlInitUnicodeString
+    - PsReferencePrimaryToken
+    - IoGetCurrentProcess
+    - RtlCompareMemory
+    - ZwOpenProcessTokenEx
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - IoFreeMdl
+    - MmUnlockPages
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - memcpy
+    - KeServiceDescriptorTable
+    - IoEnumerateRegisteredFiltersList
+    - KeTickCount
+    - MmGetSystemRoutineAddress
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - memset
+    - PsDereferencePrimaryToken
+    - _vsnwprintf
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwind
+    - KeBugCheckEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltGetVolumeFromInstance
+    - FltObjectDereference
+    - FltEnumerateFilters
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: ae548418b491cd3f31618eb9e5730973
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.1.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: c4873a245675b1071413f34af4d80050
+        SHA1: dd32c95fe9c3a8bcfa7623a732f2492214ff5881
+        SHA256: 2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
+    SHA1: 538bb45f30035f39d41bd13818fe0c0061182cfe
+    SHA256: 62764ddc2dce74f2620cd2efd97a2950f50c8ac5a1f2c1af00dc5912d52f6920
+    Sections:
+        .text:
+            Entropy: 6.189266621409851
+            Virtual Size: '0x235e'
+        .rdata:
+            Entropy: 3.5671211193298076
+            Virtual Size: '0xdc4'
+        .data:
+            Entropy: 2.9710357364934694
+            Virtual Size: '0xd68'
+        PAGE:
+            Entropy: 5.8055474754253495
+            Virtual Size: '0x266'
+        INIT:
+            Entropy: 5.325440401058366
+            Virtual Size: '0x538'
+        .rsrc:
+            Entropy: 3.3682712956797647
+            Virtual Size: '0x440'
+        .reloc:
+            Entropy: 5.910661392306955
+            Virtual Size: '0x3e0'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 3b49942ec6cef1898e97f741b2b5df8a
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: bcc845332169206f5b6d0113011f82df
+        SHA1: 299e80bcff6c1a362844dd77945c10693daa922c
+        SHA256: f424562623d0edf9b506a5f65b23427e7ec9a476570646d2a08ae9fa9fc57305
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2019 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2019-11-24 18:50:23'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.2.0.0
+    Filename: ''
+    ImportedFunctions:
+    - KeBugCheck
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsProcessType
+    - PsGetProcessImageFileName
+    - PsLookupProcessByProcessId
+    - PsReferencePrimaryToken
+    - ZwOpenProcessTokenEx
+    - IoGetCurrentProcess
+    - ZwSetInformationProcess
+    - ZwClose
+    - ZwDuplicateToken
+    - PsInitialSystemProcess
+    - _vsnwprintf
+    - ObfDereferenceObject
+    - ObOpenObjectByPointer
+    - PsGetProcessId
+    - PsDereferencePrimaryToken
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - IoFreeMdl
+    - MmProbeAndLockPages
+    - MmUnlockPages
+    - IoAllocateMdl
+    - ZwUnloadKey
+    - IoEnumerateRegisteredFiltersList
+    - KeBugCheckEx
+    - MmGetSystemRoutineAddress
+    - IoDeleteDevice
+    - RtlInitUnicodeString
+    - NtBuildNumber
+    - RtlCompareMemory
+    - IoDeleteSymbolicLink
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwindEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltEnumerateFilters
+    - FltObjectDereference
+    - FltGetVolumeFromInstance
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: 57c18a8f5d1ba6d015e4d5bc698e3624
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.2.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: d45d2640e1584c776a1d10e5f695d7ad
+        SHA1: fef88c261764494d9a145b37b7739f3454786729
+        SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
+    SHA1: a5f1b56615bdaabf803219613f43671233f2001c
+    SHA256: 1d23ab46ad547e7eef409b40756aae9246fbdf545d13946f770643f19c715e80
+    Sections:
+        .text:
+            Entropy: 6.135433819899731
+            Virtual Size: '0x325c'
+        .rdata:
+            Entropy: 3.8309420593938377
+            Virtual Size: '0x1450'
+        .data:
+            Entropy: 2.2159905775744044
+            Virtual Size: '0x1934'
+        .pdata:
+            Entropy: 4.038755197475624
+            Virtual Size: '0x1b0'
+        PAGE:
+            Entropy: 6.068036657482388
+            Virtual Size: '0x28b'
+        INIT:
+            Entropy: 5.119968261124173
+            Virtual Size: '0x5e6'
+        .rsrc:
+            Entropy: 3.3547531988948798
+            Virtual Size: '0x430'
+        .reloc:
+            Entropy: 4.901711830072888
+            Virtual Size: '0x24c'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 059c6bd84285f4960e767f032b33f19b
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 358fa8b2f36fc6088128e4ea93927a5c
+        SHA1: a61d19d754681769a94c650f969bcdacfac29b51
+        SHA256: 6f18cb98188952eb08367adc1c6810e4b1c3902240fdcb15efa0ffb1b69a5f98
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2016 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2016-09-28 14:51:55'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.1.0.0
+    Filename: ''
+    ImportedFunctions:
+    - KeBugCheck
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsProcessType
+    - PsGetProcessImageFileName
+    - PsLookupProcessByProcessId
+    - PsReferencePrimaryToken
+    - ZwOpenProcessTokenEx
+    - IoGetCurrentProcess
+    - ZwSetInformationProcess
+    - ZwClose
+    - ZwDuplicateToken
+    - PsInitialSystemProcess
+    - _vsnwprintf
+    - ObfDereferenceObject
+    - ObOpenObjectByPointer
+    - PsGetProcessId
+    - PsDereferencePrimaryToken
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - IoFreeMdl
+    - MmProbeAndLockPages
+    - MmUnlockPages
+    - IoAllocateMdl
+    - ZwUnloadKey
+    - IoEnumerateRegisteredFiltersList
+    - KeBugCheckEx
+    - MmGetSystemRoutineAddress
+    - IoDeleteDevice
+    - RtlInitUnicodeString
+    - NtBuildNumber
+    - RtlCompareMemory
+    - IoDeleteSymbolicLink
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwindEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltEnumerateFilters
+    - FltObjectDereference
+    - FltGetVolumeFromInstance
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: 93130909e562925597110a617f05e2a9
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.1.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: d45d2640e1584c776a1d10e5f695d7ad
+        SHA1: fef88c261764494d9a145b37b7739f3454786729
+        SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
+    SHA1: 77b4f0c0b06e3dc2474d5e250b772dacaac14dd0
+    SHA256: e4b2c0aa28aac5e197312a061b05363e2e0387338b28b23272b5b6659d29b1d8
+    Sections:
+        .text:
+            Entropy: 6.134700082776874
+            Virtual Size: '0x321c'
+        .rdata:
+            Entropy: 3.8531134715932613
+            Virtual Size: '0x1248'
+        .data:
+            Entropy: 2.4290980855498043
+            Virtual Size: '0xfa4'
+        .pdata:
+            Entropy: 4.043102684753298
+            Virtual Size: '0x1bc'
+        PAGE:
+            Entropy: 6.0617823350375595
+            Virtual Size: '0x28b'
+        INIT:
+            Entropy: 5.115489588699519
+            Virtual Size: '0x5e6'
+        .rsrc:
+            Entropy: 3.3689651261045475
+            Virtual Size: '0x440'
+        .reloc:
+            Entropy: 4.630994027546385
+            Virtual Size: '0x18e'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 059c6bd84285f4960e767f032b33f19b
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: ea0dc42a5b95318f40a1c36cf220dcca
+        SHA1: 98a99c5b17a9b1984b7487dd3de81e1d05bf8c5c
+        SHA256: 77d7a8efe05ab7041fa33280f271edca9fa46c074885de5d03f4cbf343e65f2d
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2017 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2018-02-03 15:33:13'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.1.1.0
+    Filename: ''
+    ImportedFunctions:
+    - KeBugCheck
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsProcessType
+    - PsGetProcessImageFileName
+    - PsLookupProcessByProcessId
+    - PsReferencePrimaryToken
+    - ZwOpenProcessTokenEx
+    - IoGetCurrentProcess
+    - ZwSetInformationProcess
+    - ZwClose
+    - ZwDuplicateToken
+    - PsInitialSystemProcess
+    - _vsnwprintf
+    - ObfDereferenceObject
+    - ObOpenObjectByPointer
+    - PsGetProcessId
+    - PsDereferencePrimaryToken
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - IoFreeMdl
+    - MmProbeAndLockPages
+    - MmUnlockPages
+    - IoAllocateMdl
+    - ZwUnloadKey
+    - IoEnumerateRegisteredFiltersList
+    - KeBugCheckEx
+    - MmGetSystemRoutineAddress
+    - IoDeleteDevice
+    - RtlInitUnicodeString
+    - NtBuildNumber
+    - RtlCompareMemory
+    - IoDeleteSymbolicLink
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwindEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltEnumerateFilters
+    - FltObjectDereference
+    - FltGetVolumeFromInstance
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: 5129d8fd53d6a4aba81657ab2aa5d243
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.1.1.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: d45d2640e1584c776a1d10e5f695d7ad
+        SHA1: fef88c261764494d9a145b37b7739f3454786729
+        SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
+    SHA1: f2fe02e28cf418d935ec63168caf4dff6a9fbdfe
+    SHA256: 2ce4f8089b02017cbe86a5f25d6bc69dd8b6f5060c918a64a4123a5f3be1e878
+    Sections:
+        .text:
+            Entropy: 6.144037436753497
+            Virtual Size: '0x31dc'
+        .rdata:
+            Entropy: 3.841267354658989
+            Virtual Size: '0x1390'
+        .data:
+            Entropy: 2.313119440407077
+            Virtual Size: '0x1494'
+        .pdata:
+            Entropy: 3.990039715462728
+            Virtual Size: '0x1b0'
+        PAGE:
+            Entropy: 6.084557222001841
+            Virtual Size: '0x28b'
+        INIT:
+            Entropy: 5.119968261124173
+            Virtual Size: '0x5e6'
+        .rsrc:
+            Entropy: 3.382946098314487
+            Virtual Size: '0x440'
+        .reloc:
+            Entropy: 4.8001308386334935
+            Virtual Size: '0x1f2'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority,
+                CN=Certum Code Signing CA SHA2
+            ValidFrom: '2015-10-29 11:30:29'
+            ValidTo: '2027-06-09 11:30:29'
+            Signature: aae53f7654024c700e29a93996060f31b70bf1a68b52fb108f4f425b8cbd312301669de829a14dc350faf7f8450e1d82d7fcfea6320473fd71eccc880fa39208c5815802fd0b693bcdb83f493dd08d1c1314682e9b0d9aadb019e29ed27c3977886f23fd7b84fc446db5ba6b7092556c94b1d837fda9591db463b2dc13cd788e2535c19a8f37842ed445cce3f5cc8d73a8e33a6de7959470579150b66def73724f2f028760e2ea22a1ed3efdd18b668d2e726d4fc65d35ee93a898d2676ae9da19cd0283f974fc5f7a1804281edd22333b766c47055dd552fe0eba76f38310c76e305fa760c7fa7427319b2883ed218a1bf1235284ed95bcad3aa5a342019dbc
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 6b326a0f0328d37a1d530bfd23bd48e2
+            Version: 3
+            TBS:
+                MD5: e556c75dbca00e43684d23c11c032d4a
+                SHA1: 50925e36ffd52e5b4d32689e9007b14a3a417168
+                SHA256: f7b6eeb3a567223000a61f68c53b458193557c17e5d512d2825bcb13e5fc9be5
+                SHA384: 57f1cdd3afe0bd7859ab450dbdf6e21a55cf5ba0dda62b9b3c12f2d885d98413ce6817243f6bb83cd77276643369ecbf
+        -   Subject: C=FR, O=Open Source Developer, ST=Ile de France, CN=Open Source
+                Developer, Benjamin Delpy, emailAddress=benjamin@gentilkiwi.com
+            ValidFrom: '2017-12-04 09:50:34'
+            ValidTo: '2018-12-04 09:50:34'
+            Signature: a671cf049079a759f4c1fa73dd7f3b3b84da6480a91a3c1a9d6d3bb1313d6714d14272b477c37a86b88a686344dcfd89c8af3a34deaaa5bab970adfa66c5ff206b22ef1954ccbf6b96fdf0f99e9066557fefbb5ddc55aa2a2891181d1a27b06acb79380b618344bd202361fb0399a7e6e6ccbcfa714265fa054e373261efaf6b74bc7e4c7994bcb832d61b3c573d2ec8c3926afb60d4b63428112dd6249c2a49cfded8fa33893fb2d452b135ad57be1ff7956825861e1fd53dfbc0cef82045fd699ebeb74230abfbac20467f087f6e7e2b19f0f961ea2f015c2e54e653507f9966193658afc237778e12001f05e1c6e0ec13d9574718593a2f2484cff950e019
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 1519af351702ab2d86968d0be928f529
+            Version: 3
+            TBS:
+                MD5: 7227ed4392de49333e052f8f17c41f69
+                SHA1: e019d8060f65cc923dab50ea282fb8895c1c75f9
+                SHA256: eee437f4170a21f7de0e590620ff2a9412f89af95e87589d0e5a1cca17f61825
+                SHA384: a5f32361dfa3828aebf139cb1017bba83111e1ce2c5dbd126751a1e7d8f19f3fb838926fc118e423fbe07187e84efc2b
+        -   Subject: C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority,
+                CN=Certum Trusted Network CA
+            ValidFrom: '2011-04-15 20:15:34'
+            ValidTo: '2021-04-15 20:25:34'
+            Signature: 419f12160eedee2491fe5d5f10a097a8749e0dccf3115163122a5bb95dc7afac5aa25c0002cb728e0d9225b6522653be3c77a2c28c8089d84118571ab8d05057c328e7fad044804e7e8933286f3a47ef5e231ef27afe3a2a19dead6b1a2847786e9bbfeb7367589a2719d8eb5c3d085860629d5914cf9e76b3cfd962af7b72ac80f9e015ab9c7a5c4b1c7083db7094117bd22a4c7734dc36cccd46d40b198c09f6610ade481c9b3fff0b43d7f1018061abda70cfa78444acb31cce2630f5ca5f696735836ea3888c0fb8939bd65b0615e64b7db950ab09e07b2beb4c1a6bba1cca791bc59f81bde443f02de195d5a166076ce6e5456e060bdbf5bc4395b88aa50555e59668ac1d31db3804bc1c3db61975d1b5802a821e385c4676256c4d8b7483544375e77bb395bfee13609e0ecdfbcaf73a2a52a0a625497a17193ae8941f2c8204035ea9513cef526f7b43ceda2b81b47fda1a2c6265d1ec2837823014319d15bdffacc88b256e41bd1f23741be3fcf94be2eb46e68151530ec94a84788deca8b80f8d4c7fe0f6b0d2c538b24f82c410fe87b88ec6b6b0f87c12a7b4834dfc1e8b6a5bf9d564793ed1e37e1af6c81e59db4dca605c577ea25877ecfa05260032a7f6ff134e98d86f5b434cb336e425bcd93b9f38e00ee9be81e6c91f0f022f8d3a1288a88e1bb1e776913e18de361228fef766557c5bd464487452c32189
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 613bc791000000000034
+            Version: 3
+            TBS:
+                MD5: f5f0d604dd56b0446f98fb67e98a76f8
+                SHA1: c749c146cc00030ff36ecf9b698e6a377bc15605
+                SHA256: df5dacc623d44348fff0bc8ebe2cedc8ba212e33c6f10d7fd608f37f92a2c273
+                SHA384: c394dc13768746f008b4ffa082d6e8a2e55a83052d63e3c0a8f2fcfc30dcd51849afd21b0adf86bc50490629a89da09b
+        Signer:
+        -   SerialNumber: 1519af351702ab2d86968d0be928f529
+            Issuer: C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority,
+                CN=Certum Code Signing CA SHA2
+            Version: 1
+    Imphash: 059c6bd84285f4960e767f032b33f19b
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: dd1e3e6088b3f03044d143909c284e2c
+        SHA1: c706be0cbbe21010f0de3d90e7757f7a0fc9a92d
+        SHA256: 3b8401cefd1dbfb754fe00b513784110836c8e938a40cc606903f46503af2943
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2017 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2017-06-18 10:46:24'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.1.0.0
+    Filename: ''
+    ImportedFunctions:
+    - KeBugCheck
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsProcessType
+    - PsGetProcessImageFileName
+    - PsLookupProcessByProcessId
+    - PsReferencePrimaryToken
+    - ZwOpenProcessTokenEx
+    - IoGetCurrentProcess
+    - ZwSetInformationProcess
+    - ZwClose
+    - ZwDuplicateToken
+    - PsInitialSystemProcess
+    - _vsnwprintf
+    - ObfDereferenceObject
+    - ObOpenObjectByPointer
+    - PsGetProcessId
+    - PsDereferencePrimaryToken
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - IoFreeMdl
+    - MmProbeAndLockPages
+    - MmUnlockPages
+    - IoAllocateMdl
+    - ZwUnloadKey
+    - IoEnumerateRegisteredFiltersList
+    - KeBugCheckEx
+    - MmGetSystemRoutineAddress
+    - IoDeleteDevice
+    - RtlInitUnicodeString
+    - NtBuildNumber
+    - RtlCompareMemory
+    - IoDeleteSymbolicLink
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwindEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltEnumerateFilters
+    - FltObjectDereference
+    - FltGetVolumeFromInstance
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: bf445ac375977ecf551bc2a912c58e8a
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.1.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: d45d2640e1584c776a1d10e5f695d7ad
+        SHA1: fef88c261764494d9a145b37b7739f3454786729
+        SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
+    SHA1: eb76de59ebc5b2258cff0567577ff8c9d0042048
+    SHA256: b34e2d9f3d4ef59cf7af18e17133a6a06509373e69e33c8eecb2e30501d0d9e4
+    Sections:
+        .text:
+            Entropy: 6.137944463935485
+            Virtual Size: '0x319c'
+        .rdata:
+            Entropy: 3.8459107985078496
+            Virtual Size: '0x1340'
+        .data:
+            Entropy: 2.3461427985512437
+            Virtual Size: '0x12e4'
+        .pdata:
+            Entropy: 4.010051195917961
+            Virtual Size: '0x1b0'
+        PAGE:
+            Entropy: 6.083244237405415
+            Virtual Size: '0x28b'
+        INIT:
+            Entropy: 5.119968261124173
+            Virtual Size: '0x5e6'
+        .rsrc:
+            Entropy: 3.370803361398665
+            Virtual Size: '0x440'
+        .reloc:
+            Entropy: 4.705915669612521
+            Virtual Size: '0x1d4'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 059c6bd84285f4960e767f032b33f19b
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 43fde79c00376d6d6c120c05dc63cef4
+        SHA1: f916acb39e6e3233ff148d1a613b8b5e78b1ccfd
+        SHA256: 81e0111c823599201e7e7054557017c0ba148dcd6d9fe74052efdee051c42e13
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2017 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2018-12-09 15:56:45'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.1.1.0
+    Filename: ''
+    ImportedFunctions:
+    - KeBugCheck
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsProcessType
+    - PsGetProcessImageFileName
+    - PsLookupProcessByProcessId
+    - PsReferencePrimaryToken
+    - ZwOpenProcessTokenEx
+    - IoGetCurrentProcess
+    - ZwSetInformationProcess
+    - ZwClose
+    - ZwDuplicateToken
+    - PsInitialSystemProcess
+    - _vsnwprintf
+    - ObfDereferenceObject
+    - ObOpenObjectByPointer
+    - PsGetProcessId
+    - PsDereferencePrimaryToken
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - IoFreeMdl
+    - MmProbeAndLockPages
+    - MmUnlockPages
+    - IoAllocateMdl
+    - ZwUnloadKey
+    - IoEnumerateRegisteredFiltersList
+    - KeBugCheckEx
+    - MmGetSystemRoutineAddress
+    - IoDeleteDevice
+    - RtlInitUnicodeString
+    - NtBuildNumber
+    - RtlCompareMemory
+    - IoDeleteSymbolicLink
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwindEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltEnumerateFilters
+    - FltObjectDereference
+    - FltGetVolumeFromInstance
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: 2b80be31fbb11d4c1ef6d6a80b2e0c16
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.1.1.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: d45d2640e1584c776a1d10e5f695d7ad
+        SHA1: fef88c261764494d9a145b37b7739f3454786729
+        SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
+    SHA1: 9b2ef5f7429d62342163e001c7c13fb866dbe1ef
+    SHA256: 008fa89822b7a1f91e5843169083202ea580f7b06eb6d5cae091ba844d035f25
+    Sections:
+        .text:
+            Entropy: 6.141753376459939
+            Virtual Size: '0x320c'
+        .rdata:
+            Entropy: 3.8350601777496722
+            Virtual Size: '0x1460'
+        .data:
+            Entropy: 2.2583232763427667
+            Virtual Size: '0x17a4'
+        .pdata:
+            Entropy: 4.06852005250443
+            Virtual Size: '0x1b0'
+        PAGE:
+            Entropy: 6.079527011018308
+            Virtual Size: '0x28b'
+        INIT:
+            Entropy: 5.119968261124173
+            Virtual Size: '0x5e6'
+        .rsrc:
+            Entropy: 3.3614073432360265
+            Virtual Size: '0x438'
+        .reloc:
+            Entropy: 4.873734410850681
+            Virtual Size: '0x22e'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 059c6bd84285f4960e767f032b33f19b
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 7ca4b02d08ac14414869c00e9065881c
+        SHA1: b6e43367b1208d623965c9d57d9347d08b1a6d1c
+        SHA256: 29d6155c68ff372a475d6fe5bde64caa68794bb4164f7e1aae7da5b744f6e6d2
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2020 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2020-07-15 08:10:20'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.2.0.0
+    Filename: ''
+    ImportedFunctions:
+    - NtBuildNumber
+    - IofCompleteRequest
+    - KeBugCheck
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsInitialSystemProcess
+    - ObfDereferenceObject
+    - PsLookupProcessByProcessId
+    - PsGetProcessImageFileName
+    - PsGetProcessId
+    - ZwClose
+    - ZwSetInformationProcess
+    - ZwDuplicateToken
+    - ObOpenObjectByPointer
+    - PsProcessType
+    - RtlInitUnicodeString
+    - PsReferencePrimaryToken
+    - IoGetCurrentProcess
+    - RtlCompareMemory
+    - ZwOpenProcessTokenEx
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - IoFreeMdl
+    - MmUnlockPages
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - memcpy
+    - KeServiceDescriptorTable
+    - IoEnumerateRegisteredFiltersList
+    - KeTickCount
+    - MmGetSystemRoutineAddress
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - memset
+    - PsDereferencePrimaryToken
+    - _vsnwprintf
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwind
+    - KeBugCheckEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltGetVolumeFromInstance
+    - FltObjectDereference
+    - FltEnumerateFilters
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: 7e92f98b809430622b04e88441b2eb04
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.2.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: c4873a245675b1071413f34af4d80050
+        SHA1: dd32c95fe9c3a8bcfa7623a732f2492214ff5881
+        SHA256: 2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
+    SHA1: 5fa527e679d25a15ecc913ce6a8d0218e2ff174b
+    SHA256: e99580e25f419b5ad90669e0c274cf63d30efa08065d064a863e655bdf77fb59
+    Sections:
+        .text:
+            Entropy: 6.2064317372812985
+            Virtual Size: '0x2404'
+        .rdata:
+            Entropy: 3.543316130754261
+            Virtual Size: '0xff4'
+        .data:
+            Entropy: 2.813191841547333
+            Virtual Size: '0x14dc'
+        PAGE:
+            Entropy: 5.804360087879422
+            Virtual Size: '0x266'
+        INIT:
+            Entropy: 5.4281677070245955
+            Virtual Size: '0x538'
+        .rsrc:
+            Entropy: 3.3459452702797696
+            Virtual Size: '0x430'
+        .reloc:
+            Entropy: 6.0011548156682
+            Virtual Size: '0x4a0'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2026-04-13 10:00:00'
+            Signature: 1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 751e3ee9c5dc2f3e8f04e59dee5ed409
+            Version: 3
+            TBS:
+                MD5: a637f8f3c278575f41cda67c2063c050
+                SHA1: debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
+                SHA256: f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
+                SHA384: 8d32c5f71dc656c96a04609c17e9d8dc95c4f56d1a55165a265e244d34a3f7708e6c7d942376e4fbb3d2ac2f2609fd47
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 3b49942ec6cef1898e97f741b2b5df8a
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: f6d285ab906467d91afefacb27e68348
+        SHA1: 808d44597b95b6471bf6f7b8b6e716c73405f5a0
+        SHA256: 3d73996901d2bfac9999a55723cb57ef5bde1e9a73070979df69f1f1fa8782c1
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2017 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2017-03-25 18:33:14'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.1.0.0
+    Filename: ''
+    ImportedFunctions:
+    - NtBuildNumber
+    - IofCompleteRequest
+    - KeBugCheck
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsInitialSystemProcess
+    - ObfDereferenceObject
+    - PsLookupProcessByProcessId
+    - PsGetProcessImageFileName
+    - PsGetProcessId
+    - ZwClose
+    - ZwSetInformationProcess
+    - ZwDuplicateToken
+    - ObOpenObjectByPointer
+    - PsProcessType
+    - RtlInitUnicodeString
+    - PsReferencePrimaryToken
+    - IoGetCurrentProcess
+    - RtlCompareMemory
+    - ZwOpenProcessTokenEx
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - IoFreeMdl
+    - MmUnlockPages
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - memcpy
+    - KeServiceDescriptorTable
+    - IoEnumerateRegisteredFiltersList
+    - KeTickCount
+    - MmGetSystemRoutineAddress
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - memset
+    - PsDereferencePrimaryToken
+    - _vsnwprintf
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwind
+    - KeBugCheckEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltGetVolumeFromInstance
+    - FltObjectDereference
+    - FltEnumerateFilters
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: f589d4bf547c140b6ec8a511ea47c658
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.1.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: c4873a245675b1071413f34af4d80050
+        SHA1: dd32c95fe9c3a8bcfa7623a732f2492214ff5881
+        SHA256: 2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
+    SHA1: 9481cd590c69544c197b4ee055056302978a7191
+    SHA256: 15cf366f7b3ee526db7ce2b5253ffebcbfaa4f33a82b459237c049f854a97c0c
+    Sections:
+        .text:
+            Entropy: 6.189266621409851
+            Virtual Size: '0x235e'
+        .rdata:
+            Entropy: 3.563546371946433
+            Virtual Size: '0xdc4'
+        .data:
+            Entropy: 2.9710357364934694
+            Virtual Size: '0xd68'
+        PAGE:
+            Entropy: 5.8055474754253495
+            Virtual Size: '0x266'
+        INIT:
+            Entropy: 5.325440401058366
+            Virtual Size: '0x538'
+        .rsrc:
+            Entropy: 3.3682712956797647
+            Virtual Size: '0x440'
+        .reloc:
+            Entropy: 5.910661392306955
+            Virtual Size: '0x3e0'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 3b49942ec6cef1898e97f741b2b5df8a
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: d9d7f6afd6bec170cc913b4f6b317379
+        SHA1: 1f5c7b6d0bd335dab1ee04d893aca4309f1b71ad
+        SHA256: cbf98b321670fd17462e7ceb8a0d002b9a1474f8015d94ea267a942a2e20c80b
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2014 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2014-12-13 11:40:20'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.0.0.0
+    Filename: ''
+    ImportedFunctions:
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsProcessType
+    - PsGetProcessImageFileName
+    - PsLookupProcessByProcessId
+    - PsReferencePrimaryToken
+    - ZwOpenProcessTokenEx
+    - IoGetCurrentProcess
+    - ZwSetInformationProcess
+    - ZwClose
+    - ZwDuplicateToken
+    - PsInitialSystemProcess
+    - RtlCompareMemory
+    - ObfDereferenceObject
+    - IofCompleteRequest
+    - PsGetProcessId
+    - PsDereferencePrimaryToken
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - IoFreeMdl
+    - MmProbeAndLockPages
+    - MmUnlockPages
+    - IoAllocateMdl
+    - ZwUnloadKey
+    - RtlInitUnicodeString
+    - MmGetSystemRoutineAddress
+    - PsSetCreateProcessNotifyRoutine
+    - IoEnumerateRegisteredFiltersList
+    - KeBugCheckEx
+    - KeBugCheck
+    - _vsnwprintf
+    - IoDeleteDevice
+    - NtBuildNumber
+    - ObOpenObjectByPointer
+    - IoDeleteSymbolicLink
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwindEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltEnumerateFilters
+    - FltObjectDereference
+    - FltGetVolumeFromInstance
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: 32282e07db321e8d7849f2287bb6a14f
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.0.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 94bfa9368ea43c71afa29bad9fc60535
+        SHA1: d8e5ebd3ca141f00753a138144cd1319d755858b
+        SHA256: 5c236619ead1fde5073ecb323d1c2701a7c522489118cee4ffb4ccf14efc355f
+    SHA1: d4304bc75c2cb9917bb10a1dc630b75af194f7b2
+    SHA256: a74e8f94d2c140646a8bb12e3e322c49a97bd1b8a2e4327863d3623f43d65c66
+    Sections:
+        .text:
+            Entropy: 6.140929597698703
+            Virtual Size: '0x344c'
+        .rdata:
+            Entropy: 3.921159396248812
+            Virtual Size: '0x10dc'
+        .data:
+            Entropy: 2.4734656013956355
+            Virtual Size: '0xc9c'
+        .pdata:
+            Entropy: 4.054832898478182
+            Virtual Size: '0x1d4'
+        PAGE:
+            Entropy: 6.060112416967421
+            Virtual Size: '0x28b'
+        INIT:
+            Entropy: 5.107085003103007
+            Virtual Size: '0x610'
+        .rsrc:
+            Entropy: 3.3527586134193843
+            Virtual Size: '0x440'
+        .reloc:
+            Entropy: 4.349002794600718
+            Virtual Size: '0x154'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: caa08a0ba5f679b1e5bbae747cb9d626
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 209dfaed4036f7b848b78f023d1b193c
+        SHA1: 630bd29c4f47ade7994af8a00ad31de4a7fb6210
+        SHA256: 58ed3bafe401102ddf52c9c2e006408ef181ceaf85741a73328d8fe92195edca
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2017 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2018-12-02 17:53:53'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.1.1.0
+    Filename: ''
+    ImportedFunctions:
+    - KeBugCheck
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsProcessType
+    - PsGetProcessImageFileName
+    - PsLookupProcessByProcessId
+    - PsReferencePrimaryToken
+    - ZwOpenProcessTokenEx
+    - IoGetCurrentProcess
+    - ZwSetInformationProcess
+    - ZwClose
+    - ZwDuplicateToken
+    - PsInitialSystemProcess
+    - _vsnwprintf
+    - ObfDereferenceObject
+    - ObOpenObjectByPointer
+    - PsGetProcessId
+    - PsDereferencePrimaryToken
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - IoFreeMdl
+    - MmProbeAndLockPages
+    - MmUnlockPages
+    - IoAllocateMdl
+    - ZwUnloadKey
+    - IoEnumerateRegisteredFiltersList
+    - KeBugCheckEx
+    - MmGetSystemRoutineAddress
+    - IoDeleteDevice
+    - RtlInitUnicodeString
+    - NtBuildNumber
+    - RtlCompareMemory
+    - IoDeleteSymbolicLink
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwindEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltEnumerateFilters
+    - FltObjectDereference
+    - FltGetVolumeFromInstance
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: df52f8a85eb64bc69039243d9680d8e4
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.1.1.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: d45d2640e1584c776a1d10e5f695d7ad
+        SHA1: fef88c261764494d9a145b37b7739f3454786729
+        SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
+    SHA1: 02a9314109e47c5ce52fa553ea57070bf0f8186a
+    SHA256: e858de280bd72d7538386a73e579580a6d5edba87b66b3671dc180229368be19
+    Sections:
+        .text:
+            Entropy: 6.141753376459939
+            Virtual Size: '0x320c'
+        .rdata:
+            Entropy: 3.835152799823403
+            Virtual Size: '0x1460'
+        .data:
+            Entropy: 2.2583232763427667
+            Virtual Size: '0x17a4'
+        .pdata:
+            Entropy: 4.06852005250443
+            Virtual Size: '0x1b0'
+        PAGE:
+            Entropy: 6.079527011018308
+            Virtual Size: '0x28b'
+        INIT:
+            Entropy: 5.119968261124173
+            Virtual Size: '0x5e6'
+        .rsrc:
+            Entropy: 3.3614073432360265
+            Virtual Size: '0x438'
+        .reloc:
+            Entropy: 4.873734410850681
+            Virtual Size: '0x22e'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 059c6bd84285f4960e767f032b33f19b
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: c0f04dc6d625e6743512755961683bd3
+        SHA1: 27e441dece8bb431f827e92c03debae91f2850fd
+        SHA256: 261969a99718fc68b576eb7b58dbdf7c7a781c8f4572b7a77a0be0eec4b32dc2
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2017 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2018-05-26 18:37:27'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.1.1.0
+    Filename: ''
+    ImportedFunctions:
+    - NtBuildNumber
+    - IofCompleteRequest
+    - KeBugCheck
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsInitialSystemProcess
+    - ObfDereferenceObject
+    - PsLookupProcessByProcessId
+    - PsGetProcessImageFileName
+    - PsGetProcessId
+    - ZwClose
+    - ZwSetInformationProcess
+    - ZwDuplicateToken
+    - ObOpenObjectByPointer
+    - PsProcessType
+    - RtlInitUnicodeString
+    - PsReferencePrimaryToken
+    - IoGetCurrentProcess
+    - RtlCompareMemory
+    - ZwOpenProcessTokenEx
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - IoFreeMdl
+    - MmUnlockPages
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - memcpy
+    - KeServiceDescriptorTable
+    - IoEnumerateRegisteredFiltersList
+    - KeTickCount
+    - MmGetSystemRoutineAddress
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - memset
+    - PsDereferencePrimaryToken
+    - _vsnwprintf
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwind
+    - KeBugCheckEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltGetVolumeFromInstance
+    - FltObjectDereference
+    - FltEnumerateFilters
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: 70fd7209ce5c013a1f9e699b5cc86cdc
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.1.1.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: c4873a245675b1071413f34af4d80050
+        SHA1: dd32c95fe9c3a8bcfa7623a732f2492214ff5881
+        SHA256: 2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
+    SHA1: 76568d987f8603339b8d1958f76de2b957811f66
+    SHA256: 82ac05fefaa8c7ee622d11d1a378f1d255b647ab2f3200fd323cc374818a83f2
+    Sections:
+        .text:
+            Entropy: 6.202827671645787
+            Virtual Size: '0x23ae'
+        .rdata:
+            Entropy: 3.5442332261068197
+            Virtual Size: '0xe24'
+        .data:
+            Entropy: 2.9048205574982506
+            Virtual Size: '0xff4'
+        PAGE:
+            Entropy: 5.788042895055868
+            Virtual Size: '0x266'
+        INIT:
+            Entropy: 5.325440401058365
+            Virtual Size: '0x538'
+        .rsrc:
+            Entropy: 3.3588565214747637
+            Virtual Size: '0x438'
+        .reloc:
+            Entropy: 5.981826468919802
+            Virtual Size: '0x41e'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 3b49942ec6cef1898e97f741b2b5df8a
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: b4fa93c4ea580d923c39e987b55f5137
+        SHA1: 43c02bccfbaada5408ac3facfc5768dacbdbd887
+        SHA256: 6094d55d6c7b4fd45cd06658600cef49007bcb73d6a0ab62f6eeabaa19bfd333
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2014 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2015-01-16 17:24:02'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.0.0.0
+    Filename: ''
+    ImportedFunctions:
+    - KeBugCheck
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsInitialSystemProcess
+    - ObfDereferenceObject
+    - PsLookupProcessByProcessId
+    - PsGetProcessImageFileName
+    - PsGetProcessId
+    - ZwClose
+    - ZwSetInformationProcess
+    - ZwDuplicateToken
+    - ObOpenObjectByPointer
+    - PsProcessType
+    - PsDereferencePrimaryToken
+    - PsReferencePrimaryToken
+    - IofCompleteRequest
+    - RtlCompareMemory
+    - ZwOpenProcessTokenEx
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - IoFreeMdl
+    - MmUnlockPages
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - memcpy
+    - KeServiceDescriptorTable
+    - MmGetSystemRoutineAddress
+    - RtlInitUnicodeString
+    - PsSetCreateProcessNotifyRoutine
+    - IoEnumerateRegisteredFiltersList
+    - KeTickCount
+    - NtBuildNumber
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - memset
+    - IoGetCurrentProcess
+    - _vsnwprintf
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwind
+    - KeBugCheckEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltGetVolumeFromInstance
+    - FltObjectDereference
+    - FltEnumerateFilters
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: bfbdea0589fb77c7a7095cf5cd6e8b7a
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.0.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 8665c9d64e9ce611e8da04f59bef5a6b
+        SHA1: 68ce0ee056b5baefb1f65c7e665bb2867f59007d
+        SHA256: 2c3b58420079e8105ce61febc1234fb9f14a5596a25bc2da1bc2e94d89069cab
+    SHA1: 5fef884a901e81ac173d63ade3f5c51694decf74
+    SHA256: 07759750fbb93c77b5c3957c642a9498fcff3946a5c69317db8d6be24098a4a0
+    Sections:
+        .text:
+            Entropy: 6.208724506217132
+            Virtual Size: '0x24fe'
+        .rdata:
+            Entropy: 3.5637699482191136
+            Virtual Size: '0xca4'
+        .data:
+            Entropy: 3.0632943566660935
+            Virtual Size: '0x998'
+        PAGE:
+            Entropy: 5.795775488454666
+            Virtual Size: '0x266'
+        INIT:
+            Entropy: 5.304269216190384
+            Virtual Size: '0x55e'
+        .rsrc:
+            Entropy: 3.3520647829946015
+            Virtual Size: '0x440'
+        .reloc:
+            Entropy: 5.8847883106789
+            Virtual Size: '0x3b6'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 8e35c9460537092672b3c7c14bccc7e0
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 3f0d45ddee622a7342861abfb2542280
+        SHA1: 0c238740114b4232ac438087456573a7bfb4bc76
+        SHA256: 16274f4d9293fff056268a2d53c1a2e27db26d6b643f24651b5f2a0c055b7f40
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2017 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2017-03-27 19:18:21'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.1.0.0
+    Filename: ''
+    ImportedFunctions:
+    - KeBugCheck
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsProcessType
+    - PsGetProcessImageFileName
+    - PsLookupProcessByProcessId
+    - PsReferencePrimaryToken
+    - ZwOpenProcessTokenEx
+    - IoGetCurrentProcess
+    - ZwSetInformationProcess
+    - ZwClose
+    - ZwDuplicateToken
+    - PsInitialSystemProcess
+    - _vsnwprintf
+    - ObfDereferenceObject
+    - ObOpenObjectByPointer
+    - PsGetProcessId
+    - PsDereferencePrimaryToken
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - IoFreeMdl
+    - MmProbeAndLockPages
+    - MmUnlockPages
+    - IoAllocateMdl
+    - ZwUnloadKey
+    - IoEnumerateRegisteredFiltersList
+    - KeBugCheckEx
+    - MmGetSystemRoutineAddress
+    - IoDeleteDevice
+    - RtlInitUnicodeString
+    - NtBuildNumber
+    - RtlCompareMemory
+    - IoDeleteSymbolicLink
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwindEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltEnumerateFilters
+    - FltObjectDereference
+    - FltGetVolumeFromInstance
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: faae7f5f69fde12303dd1c0c816b72b7
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.1.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: d45d2640e1584c776a1d10e5f695d7ad
+        SHA1: fef88c261764494d9a145b37b7739f3454786729
+        SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
+    SHA1: fe237869b2b496deb52c0bc718ada47b36fc052e
+    SHA256: 1ef7afea0cf2ef246ade6606ef8b7195de9cd7a3cd7570bff90ba1e2422276f6
+    Sections:
+        .text:
+            Entropy: 6.14362601153889
+            Virtual Size: '0x318c'
+        .rdata:
+            Entropy: 3.859005493017084
+            Virtual Size: '0x1300'
+        .data:
+            Entropy: 2.3976266531821224
+            Virtual Size: '0x1144'
+        .pdata:
+            Entropy: 4.043975650731326
+            Virtual Size: '0x1b0'
+        PAGE:
+            Entropy: 6.070426661582891
+            Virtual Size: '0x28b'
+        INIT:
+            Entropy: 5.119968261124173
+            Virtual Size: '0x5e6'
+        .rsrc:
+            Entropy: 3.370803361398665
+            Virtual Size: '0x440'
+        .reloc:
+            Entropy: 4.657997051970539
+            Virtual Size: '0x1b6'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 059c6bd84285f4960e767f032b33f19b
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 8fff226cedcdde20b8bee539c1f8dc34
+        SHA1: 78276eb832e4ec854b8276a0933512971e60a84c
+        SHA256: 9fba340eece424f30bdf80126f2d72eba5165bc174ccfb5e240b281639f675e3
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2020 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2020-09-16 04:02:12'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.2.0.0
+    Filename: ''
+    ImportedFunctions:
+    - KeBugCheck
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsProcessType
+    - PsGetProcessImageFileName
+    - PsLookupProcessByProcessId
+    - PsReferencePrimaryToken
+    - ZwOpenProcessTokenEx
+    - IoGetCurrentProcess
+    - ZwSetInformationProcess
+    - ZwClose
+    - ZwDuplicateToken
+    - PsInitialSystemProcess
+    - _vsnwprintf
+    - ObfDereferenceObject
+    - ObOpenObjectByPointer
+    - PsGetProcessId
+    - PsDereferencePrimaryToken
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - IoFreeMdl
+    - MmProbeAndLockPages
+    - MmUnlockPages
+    - IoAllocateMdl
+    - ZwUnloadKey
+    - IoEnumerateRegisteredFiltersList
+    - KeBugCheckEx
+    - MmGetSystemRoutineAddress
+    - IoDeleteDevice
+    - RtlInitUnicodeString
+    - NtBuildNumber
+    - RtlCompareMemory
+    - IoDeleteSymbolicLink
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwindEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltEnumerateFilters
+    - FltObjectDereference
+    - FltGetVolumeFromInstance
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: fe9004353b25640f6a879e57f07122d7
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.2.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: d45d2640e1584c776a1d10e5f695d7ad
+        SHA1: fef88c261764494d9a145b37b7739f3454786729
+        SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
+    SHA1: dcc852461895311b56e3ae774c8e90782a79c0b4
+    SHA256: 793b78e70b3ae3bb400c5a8bc4d2d89183f1d7fc70954aed43df7287248b6875
+    Sections:
+        .text:
+            Entropy: 6.133976095876382
+            Virtual Size: '0x329c'
+        .rdata:
+            Entropy: 3.8364654979927924
+            Virtual Size: '0x1490'
+        .data:
+            Entropy: 2.1710929957450715
+            Virtual Size: '0x1c54'
+        .pdata:
+            Entropy: 3.9857737110778095
+            Virtual Size: '0x1b0'
+        PAGE:
+            Entropy: 6.058535435224619
+            Virtual Size: '0x28b'
+        INIT:
+            Entropy: 5.119968261124173
+            Virtual Size: '0x5e6'
+        .rsrc:
+            Entropy: 3.3478109419215607
+            Virtual Size: '0x430'
+        .reloc:
+            Entropy: 5.011052354824561
+            Virtual Size: '0x288'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2026-04-13 10:00:00'
+            Signature: 1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 751e3ee9c5dc2f3e8f04e59dee5ed409
+            Version: 3
+            TBS:
+                MD5: a637f8f3c278575f41cda67c2063c050
+                SHA1: debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
+                SHA256: f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
+                SHA384: 8d32c5f71dc656c96a04609c17e9d8dc95c4f56d1a55165a265e244d34a3f7708e6c7d942376e4fbb3d2ac2f2609fd47
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 059c6bd84285f4960e767f032b33f19b
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: dada1d0f3489d58e3f1ed63bbb4c9e1e
+        SHA1: 02c27708bf2718ff01113cae968ca8f63cf192ba
+        SHA256: 3de9802a0a1f2da67908a69b4face53b2e62d8106d7c8e2f1d4acfd0a0694f26
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2014 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2015-07-14 17:15:53'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.0.0.0
+    Filename: ''
+    ImportedFunctions:
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsProcessType
+    - PsGetProcessImageFileName
+    - PsLookupProcessByProcessId
+    - PsReferencePrimaryToken
+    - ZwOpenProcessTokenEx
+    - IoGetCurrentProcess
+    - ZwSetInformationProcess
+    - ZwClose
+    - ZwDuplicateToken
+    - PsInitialSystemProcess
+    - RtlCompareMemory
+    - ObfDereferenceObject
+    - IofCompleteRequest
+    - PsGetProcessId
+    - PsDereferencePrimaryToken
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - IoFreeMdl
+    - MmProbeAndLockPages
+    - MmUnlockPages
+    - IoAllocateMdl
+    - ZwUnloadKey
+    - RtlInitUnicodeString
+    - MmGetSystemRoutineAddress
+    - PsSetCreateProcessNotifyRoutine
+    - IoEnumerateRegisteredFiltersList
+    - KeBugCheckEx
+    - KeBugCheck
+    - _vsnwprintf
+    - IoDeleteDevice
+    - NtBuildNumber
+    - ObOpenObjectByPointer
+    - IoDeleteSymbolicLink
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwindEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltEnumerateFilters
+    - FltObjectDereference
+    - FltGetVolumeFromInstance
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: 89d294ef7fefcdf1a6ca0ab96a856f57
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.0.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 94bfa9368ea43c71afa29bad9fc60535
+        SHA1: d8e5ebd3ca141f00753a138144cd1319d755858b
+        SHA256: 5c236619ead1fde5073ecb323d1c2701a7c522489118cee4ffb4ccf14efc355f
+    SHA1: a63e9ecdebaf4ef9c9ec3362ff110b8859cc396d
+    SHA256: eab9b5b7e5fab1c2d7d44cd28f13ae8bb083d9362d2b930d43354a3dfd38e05a
+    Sections:
+        .text:
+            Entropy: 6.1491487342367845
+            Virtual Size: '0x342c'
+        .rdata:
+            Entropy: 3.8790536669723785
+            Virtual Size: '0x121c'
+        .data:
+            Entropy: 2.603720407225135
+            Virtual Size: '0xe7c'
+        .pdata:
+            Entropy: 4.029672285693752
+            Virtual Size: '0x1d4'
+        PAGE:
+            Entropy: 6.075319996890446
+            Virtual Size: '0x28b'
+        INIT:
+            Entropy: 5.107085003103007
+            Virtual Size: '0x610'
+        .rsrc:
+            Entropy: 3.3527586134193843
+            Virtual Size: '0x440'
+        .reloc:
+            Entropy: 4.483127055768285
+            Virtual Size: '0x172'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: caa08a0ba5f679b1e5bbae747cb9d626
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 8cf465a09311abaf3c1beec007c34af1
+        SHA1: b6a2ef75f88bd7552be4358ecb72eb7856503cb1
+        SHA256: 3afd07a7775c13bf147b3ea25fd8fde7cce51bab90753b5af44dc2945d64d699
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2020 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2020-02-29 03:13:08'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.2.0.0
+    Filename: ''
+    ImportedFunctions:
+    - NtBuildNumber
+    - IofCompleteRequest
+    - KeBugCheck
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsInitialSystemProcess
+    - ObfDereferenceObject
+    - PsLookupProcessByProcessId
+    - PsGetProcessImageFileName
+    - PsGetProcessId
+    - ZwClose
+    - ZwSetInformationProcess
+    - ZwDuplicateToken
+    - ObOpenObjectByPointer
+    - PsProcessType
+    - RtlInitUnicodeString
+    - PsReferencePrimaryToken
+    - IoGetCurrentProcess
+    - RtlCompareMemory
+    - ZwOpenProcessTokenEx
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - IoFreeMdl
+    - MmUnlockPages
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - memcpy
+    - KeServiceDescriptorTable
+    - IoEnumerateRegisteredFiltersList
+    - KeTickCount
+    - MmGetSystemRoutineAddress
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - memset
+    - PsDereferencePrimaryToken
+    - _vsnwprintf
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwind
+    - KeBugCheckEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltGetVolumeFromInstance
+    - FltObjectDereference
+    - FltEnumerateFilters
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: 49518f7375a5f995ebe9423d8f19cfe4
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.2.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: c4873a245675b1071413f34af4d80050
+        SHA1: dd32c95fe9c3a8bcfa7623a732f2492214ff5881
+        SHA256: 2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
+    SHA1: 46c9a474a1a62c25a05bc7661b75a80b471616e6
+    SHA256: a0931e16cf7b18d15579e36e0a69edad1717b07527b5407f2c105a2f554224b2
+    Sections:
+        .text:
+            Entropy: 6.2035733322045745
+            Virtual Size: '0x23f4'
+        .rdata:
+            Entropy: 3.5723021024796515
+            Virtual Size: '0xed4'
+        .data:
+            Entropy: 2.8516013173925066
+            Virtual Size: '0x1264'
+        PAGE:
+            Entropy: 5.795549160299263
+            Virtual Size: '0x266'
+        INIT:
+            Entropy: 5.429489696991249
+            Virtual Size: '0x538'
+        .rsrc:
+            Entropy: 3.3459452702797696
+            Virtual Size: '0x430'
+        .reloc:
+            Entropy: 5.93822728458253
+            Virtual Size: '0x464'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2026-04-13 10:00:00'
+            Signature: 1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 751e3ee9c5dc2f3e8f04e59dee5ed409
+            Version: 3
+            TBS:
+                MD5: a637f8f3c278575f41cda67c2063c050
+                SHA1: debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
+                SHA256: f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
+                SHA384: 8d32c5f71dc656c96a04609c17e9d8dc95c4f56d1a55165a265e244d34a3f7708e6c7d942376e4fbb3d2ac2f2609fd47
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 3b49942ec6cef1898e97f741b2b5df8a
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: fde047ef1927adb3392991521497424e
+        SHA1: 025a501e9c62f6e0382031f301e5e224bfc275d7
+        SHA256: d67899bbb43fec01b10b33105eb970d44aac5b81dd22cab8bf2d86302f6d08a8
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2019 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2019-11-24 18:50:02'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.2.0.0
+    Filename: ''
+    ImportedFunctions:
+    - NtBuildNumber
+    - IofCompleteRequest
+    - KeBugCheck
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsInitialSystemProcess
+    - ObfDereferenceObject
+    - PsLookupProcessByProcessId
+    - PsGetProcessImageFileName
+    - PsGetProcessId
+    - ZwClose
+    - ZwSetInformationProcess
+    - ZwDuplicateToken
+    - ObOpenObjectByPointer
+    - PsProcessType
+    - RtlInitUnicodeString
+    - PsReferencePrimaryToken
+    - IoGetCurrentProcess
+    - RtlCompareMemory
+    - ZwOpenProcessTokenEx
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - IoFreeMdl
+    - MmUnlockPages
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - memcpy
+    - KeServiceDescriptorTable
+    - IoEnumerateRegisteredFiltersList
+    - KeTickCount
+    - MmGetSystemRoutineAddress
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - memset
+    - PsDereferencePrimaryToken
+    - _vsnwprintf
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwind
+    - KeBugCheckEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltGetVolumeFromInstance
+    - FltObjectDereference
+    - FltEnumerateFilters
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: 990b949894b7dc82a8cf1131b063cb1a
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.2.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: c4873a245675b1071413f34af4d80050
+        SHA1: dd32c95fe9c3a8bcfa7623a732f2492214ff5881
+        SHA256: 2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
+    SHA1: 505546d82aab56889a923004654b9afdec54efe6
+    SHA256: 9a42fa1870472c38a56c0a70f62e57a3cdc0f5bc142f3a400d897b85d65800ac
+    Sections:
+        .text:
+            Entropy: 6.2035733322045745
+            Virtual Size: '0x23f4'
+        .rdata:
+            Entropy: 3.566391797561208
+            Virtual Size: '0xed4'
+        .data:
+            Entropy: 2.8516013173925066
+            Virtual Size: '0x1264'
+        PAGE:
+            Entropy: 5.795549160299263
+            Virtual Size: '0x266'
+        INIT:
+            Entropy: 5.429489696991249
+            Virtual Size: '0x538'
+        .rsrc:
+            Entropy: 3.3528875272530887
+            Virtual Size: '0x430'
+        .reloc:
+            Entropy: 5.93822728458253
+            Virtual Size: '0x464'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 3b49942ec6cef1898e97f741b2b5df8a
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: d0bac37efd60f078151553582c724c0e
+        SHA1: ce7cf79d71b6202d36eb44cd7941e00dfb72a86d
+        SHA256: 4ab6430b72807637cc173f174301d8411bc17ec2cb542e739d28f77eb9d47327
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2020 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2020-08-16 02:26:06'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.2.0.0
+    Filename: ''
+    ImportedFunctions:
+    - NtBuildNumber
+    - IofCompleteRequest
+    - KeBugCheck
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsInitialSystemProcess
+    - ObfDereferenceObject
+    - PsLookupProcessByProcessId
+    - PsGetProcessImageFileName
+    - PsGetProcessId
+    - ZwClose
+    - ZwSetInformationProcess
+    - ZwDuplicateToken
+    - ObOpenObjectByPointer
+    - PsProcessType
+    - RtlInitUnicodeString
+    - PsReferencePrimaryToken
+    - IoGetCurrentProcess
+    - RtlCompareMemory
+    - ZwOpenProcessTokenEx
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - IoFreeMdl
+    - MmUnlockPages
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - memcpy
+    - KeServiceDescriptorTable
+    - IoEnumerateRegisteredFiltersList
+    - KeTickCount
+    - MmGetSystemRoutineAddress
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - memset
+    - PsDereferencePrimaryToken
+    - _vsnwprintf
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwind
+    - KeBugCheckEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltGetVolumeFromInstance
+    - FltObjectDereference
+    - FltEnumerateFilters
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: 07056573d464b0f5284f7e3acedd4a3f
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.2.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: c4873a245675b1071413f34af4d80050
+        SHA1: dd32c95fe9c3a8bcfa7623a732f2492214ff5881
+        SHA256: 2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
+    SHA1: ed86bb62893e6ffcdfd2ecae2dea77fdf6bf9bde
+    SHA256: a1e6b431534258954db07039117b3159e889c6b9e757329bbd4126383c60c778
+    Sections:
+        .text:
+            Entropy: 6.2064317372812985
+            Virtual Size: '0x2404'
+        .rdata:
+            Entropy: 3.543469094654377
+            Virtual Size: '0xff4'
+        .data:
+            Entropy: 2.813191841547333
+            Virtual Size: '0x14dc'
+        PAGE:
+            Entropy: 5.804360087879422
+            Virtual Size: '0x266'
+        INIT:
+            Entropy: 5.4281677070245955
+            Virtual Size: '0x538'
+        .rsrc:
+            Entropy: 3.3459452702797696
+            Virtual Size: '0x430'
+        .reloc:
+            Entropy: 6.0011548156682
+            Virtual Size: '0x4a0'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2026-04-13 10:00:00'
+            Signature: 1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 751e3ee9c5dc2f3e8f04e59dee5ed409
+            Version: 3
+            TBS:
+                MD5: a637f8f3c278575f41cda67c2063c050
+                SHA1: debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
+                SHA256: f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
+                SHA384: 8d32c5f71dc656c96a04609c17e9d8dc95c4f56d1a55165a265e244d34a3f7708e6c7d942376e4fbb3d2ac2f2609fd47
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 3b49942ec6cef1898e97f741b2b5df8a
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 0c82643a7da80ce21702986433d1b038
+        SHA1: e5344ab55f09e819aa923c6cf9236f344106a103
+        SHA256: 938e65ff5760e44faf22a35242547c41a0d8d2b21a2f8a12f6b84d4055aad384
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2019 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2019-07-10 15:09:38'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.2.0.0
+    Filename: ''
+    ImportedFunctions:
+    - KeBugCheck
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsProcessType
+    - PsGetProcessImageFileName
+    - PsLookupProcessByProcessId
+    - PsReferencePrimaryToken
+    - ZwOpenProcessTokenEx
+    - IoGetCurrentProcess
+    - ZwSetInformationProcess
+    - ZwClose
+    - ZwDuplicateToken
+    - PsInitialSystemProcess
+    - _vsnwprintf
+    - ObfDereferenceObject
+    - ObOpenObjectByPointer
+    - PsGetProcessId
+    - PsDereferencePrimaryToken
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - IoFreeMdl
+    - MmProbeAndLockPages
+    - MmUnlockPages
+    - IoAllocateMdl
+    - ZwUnloadKey
+    - IoEnumerateRegisteredFiltersList
+    - KeBugCheckEx
+    - MmGetSystemRoutineAddress
+    - IoDeleteDevice
+    - RtlInitUnicodeString
+    - NtBuildNumber
+    - RtlCompareMemory
+    - IoDeleteSymbolicLink
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwindEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltEnumerateFilters
+    - FltObjectDereference
+    - FltGetVolumeFromInstance
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: 29047f0b7790e524b09a06852d31a117
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.2.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: d45d2640e1584c776a1d10e5f695d7ad
+        SHA1: fef88c261764494d9a145b37b7739f3454786729
+        SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
+    SHA1: 948368fe309652e8d88088d23e1df39e9c2b6649
+    SHA256: 704c6ffe786bc83a73fbdcd2edd50f47c3b5053da7da6aa4c10324d389a31db4
+    Sections:
+        .text:
+            Entropy: 6.135433819899731
+            Virtual Size: '0x325c'
+        .rdata:
+            Entropy: 3.834751061856716
+            Virtual Size: '0x1450'
+        .data:
+            Entropy: 2.2159905775744044
+            Virtual Size: '0x1934'
+        .pdata:
+            Entropy: 4.038755197475624
+            Virtual Size: '0x1b0'
+        PAGE:
+            Entropy: 6.068036657482388
+            Virtual Size: '0x28b'
+        INIT:
+            Entropy: 5.119968261124173
+            Virtual Size: '0x5e6'
+        .rsrc:
+            Entropy: 3.3547531988948798
+            Virtual Size: '0x430'
+        .reloc:
+            Entropy: 4.901711830072888
+            Virtual Size: '0x24c'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 059c6bd84285f4960e767f032b33f19b
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 706136bd0d1f5813c9f2c0044cc9e0ed
+        SHA1: 68604430dd407047559417e6941b8429d9fe8bbd
+        SHA256: f902d78dada1658d688b1a8aac6ef48bdf968c859149f60f6c26e5b8af4656da
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2014 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2014-06-14 14:54:02'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.0.0.0
+    Filename: ''
+    ImportedFunctions:
+    - KeBugCheck
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsInitialSystemProcess
+    - ObfDereferenceObject
+    - PsLookupProcessByProcessId
+    - PsGetProcessImageFileName
+    - PsGetProcessId
+    - ZwClose
+    - ZwSetInformationProcess
+    - ZwDuplicateToken
+    - ObOpenObjectByPointer
+    - PsProcessType
+    - PsDereferencePrimaryToken
+    - PsReferencePrimaryToken
+    - IofCompleteRequest
+    - RtlCompareMemory
+    - ZwOpenProcessTokenEx
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - IoFreeMdl
+    - MmUnlockPages
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - memcpy
+    - KeServiceDescriptorTable
+    - MmGetSystemRoutineAddress
+    - RtlInitUnicodeString
+    - IoEnumerateRegisteredFiltersList
+    - KeTickCount
+    - NtBuildNumber
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - memset
+    - IoGetCurrentProcess
+    - _vsnwprintf
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwind
+    - KeBugCheckEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltGetVolumeFromInstance
+    - FltObjectDereference
+    - FltEnumerateFilters
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: 6b3c1511e12f4d27a4ea3b18020d7b84
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.0.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: c4873a245675b1071413f34af4d80050
+        SHA1: dd32c95fe9c3a8bcfa7623a732f2492214ff5881
+        SHA256: 2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
+    SHA1: 3489ed43bdd11ccbfc892baaeae8102ff7d22f25
+    SHA256: 627e13da6a45006fff4711b14754f9ccfac9a5854d275da798a22f3a68dd1eaa
+    Sections:
+        .text:
+            Entropy: 6.195574811483624
+            Virtual Size: '0x2258'
+        .rdata:
+            Entropy: 3.575304098566286
+            Virtual Size: '0xc34'
+        .data:
+            Entropy: 3.072428037253572
+            Virtual Size: '0x984'
+        PAGE:
+            Entropy: 5.80042492326293
+            Virtual Size: '0x266'
+        INIT:
+            Entropy: 5.310271971506795
+            Virtual Size: '0x538'
+        .rsrc:
+            Entropy: 3.3520647829946015
+            Virtual Size: '0x440'
+        .reloc:
+            Entropy: 5.848091578092837
+            Virtual Size: '0x380'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 3866dd9fe63de457bdbf893bf7050ddf
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 26999d09dc9619834397d4936398ff89
+        SHA1: 4b0a8cc2bc05bc1e87802a3306cf13b30f2e9be8
+        SHA256: cbc1543100df83a08f3ee9476cde83db616f610917cd4bf5ecaafad46b6f7e23
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2017 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2017-12-17 19:31:00'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.1.1.0
+    Filename: ''
+    ImportedFunctions:
+    - NtBuildNumber
+    - IofCompleteRequest
+    - KeBugCheck
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsInitialSystemProcess
+    - ObfDereferenceObject
+    - PsLookupProcessByProcessId
+    - PsGetProcessImageFileName
+    - PsGetProcessId
+    - ZwClose
+    - ZwSetInformationProcess
+    - ZwDuplicateToken
+    - ObOpenObjectByPointer
+    - PsProcessType
+    - RtlInitUnicodeString
+    - PsReferencePrimaryToken
+    - IoGetCurrentProcess
+    - RtlCompareMemory
+    - ZwOpenProcessTokenEx
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - IoFreeMdl
+    - MmUnlockPages
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - memcpy
+    - KeServiceDescriptorTable
+    - IoEnumerateRegisteredFiltersList
+    - KeTickCount
+    - MmGetSystemRoutineAddress
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - memset
+    - PsDereferencePrimaryToken
+    - _vsnwprintf
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwind
+    - KeBugCheckEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltGetVolumeFromInstance
+    - FltObjectDereference
+    - FltEnumerateFilters
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: c277c4386a78fae1b7e17eaecf4f472b
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.1.1.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: c4873a245675b1071413f34af4d80050
+        SHA1: dd32c95fe9c3a8bcfa7623a732f2492214ff5881
+        SHA256: 2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
+    SHA1: 1d373361d3129d11bc43f9b6dfa81d06e5ca8358
+    SHA256: c7cd14c71bcac5420872c3d825ff6d4be6a86f3d6a8a584f1a756541efff858e
+    Sections:
+        .text:
+            Entropy: 6.198093347366582
+            Virtual Size: '0x239e'
+        .rdata:
+            Entropy: 3.5476393963692816
+            Virtual Size: '0xe04'
+        .data:
+            Entropy: 2.8887582835017827
+            Virtual Size: '0xff8'
+        PAGE:
+            Entropy: 5.783313787388865
+            Virtual Size: '0x266'
+        INIT:
+            Entropy: 5.323943395070341
+            Virtual Size: '0x538'
+        .rsrc:
+            Entropy: 3.3804140325955863
+            Virtual Size: '0x440'
+        .reloc:
+            Entropy: 5.967349329602677
+            Virtual Size: '0x41e'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 3b49942ec6cef1898e97f741b2b5df8a
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 7ef5136814f34a3bc01b28b5a53c8900
+        SHA1: 582c52652f68b51b58c79a196746bc2a2f9010a8
+        SHA256: ea318c5300b57b35e07b4c16453a660cd5ce059cdb6578d3057e848e14d68eac
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2017 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2017-06-07 16:45:03'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.1.0.0
+    Filename: ''
+    ImportedFunctions:
+    - NtBuildNumber
+    - IofCompleteRequest
+    - KeBugCheck
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsInitialSystemProcess
+    - ObfDereferenceObject
+    - PsLookupProcessByProcessId
+    - PsGetProcessImageFileName
+    - PsGetProcessId
+    - ZwClose
+    - ZwSetInformationProcess
+    - ZwDuplicateToken
+    - ObOpenObjectByPointer
+    - PsProcessType
+    - RtlInitUnicodeString
+    - PsReferencePrimaryToken
+    - IoGetCurrentProcess
+    - RtlCompareMemory
+    - ZwOpenProcessTokenEx
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - IoFreeMdl
+    - MmUnlockPages
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - memcpy
+    - KeServiceDescriptorTable
+    - IoEnumerateRegisteredFiltersList
+    - KeTickCount
+    - MmGetSystemRoutineAddress
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - memset
+    - PsDereferencePrimaryToken
+    - _vsnwprintf
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwind
+    - KeBugCheckEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltGetVolumeFromInstance
+    - FltObjectDereference
+    - FltEnumerateFilters
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: 508faa4647f305a97ed7167abc4d1330
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.1.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: c4873a245675b1071413f34af4d80050
+        SHA1: dd32c95fe9c3a8bcfa7623a732f2492214ff5881
+        SHA256: 2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
+    SHA1: 1b526cbcba09b8d663e82004cf24ef44343030d3
+    SHA256: f3ec3f22639d45b3c865bb1ed7622db32e04e1dbc456298be02bf1f3875c3aac
+    Sections:
+        .text:
+            Entropy: 6.199736289697868
+            Virtual Size: '0x236e'
+        .rdata:
+            Entropy: 3.5632394063401622
+            Virtual Size: '0xde4'
+        .data:
+            Entropy: 2.962098389788266
+            Virtual Size: '0xeb0'
+        PAGE:
+            Entropy: 5.795507089372613
+            Virtual Size: '0x266'
+        INIT:
+            Entropy: 5.324875365502854
+            Virtual Size: '0x538'
+        .rsrc:
+            Entropy: 3.3682712956797647
+            Virtual Size: '0x440'
+        .reloc:
+            Entropy: 5.952195564032691
+            Virtual Size: '0x3fe'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 3b49942ec6cef1898e97f741b2b5df8a
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 545dfb2a0acc4d2f8bfa4bd3fffed89f
+        SHA1: 835d3533f744312aadc2c1c5bc818726077efeed
+        SHA256: 951edade4ad00b185929c14622e5efcac1069cadaf6bcc945e744c30f069c9b9
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2016 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2016-10-29 13:27:21'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.1.0.0
+    Filename: ''
+    ImportedFunctions:
+    - NtBuildNumber
+    - IofCompleteRequest
+    - KeBugCheck
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsInitialSystemProcess
+    - ObfDereferenceObject
+    - PsLookupProcessByProcessId
+    - PsGetProcessImageFileName
+    - PsGetProcessId
+    - ZwClose
+    - ZwSetInformationProcess
+    - ZwDuplicateToken
+    - ObOpenObjectByPointer
+    - PsProcessType
+    - RtlInitUnicodeString
+    - PsReferencePrimaryToken
+    - IoGetCurrentProcess
+    - RtlCompareMemory
+    - ZwOpenProcessTokenEx
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - IoFreeMdl
+    - MmUnlockPages
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - memcpy
+    - KeServiceDescriptorTable
+    - IoEnumerateRegisteredFiltersList
+    - KeTickCount
+    - MmGetSystemRoutineAddress
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - memset
+    - PsDereferencePrimaryToken
+    - _vsnwprintf
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwind
+    - KeBugCheckEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltGetVolumeFromInstance
+    - FltObjectDereference
+    - FltEnumerateFilters
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: 7fad9f2ef803496f482ce4728578a57a
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.1.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: c4873a245675b1071413f34af4d80050
+        SHA1: dd32c95fe9c3a8bcfa7623a732f2492214ff5881
+        SHA256: 2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
+    SHA1: 3bd1a88cc7dae701bc7085639e1c26ded3f8ccb3
+    SHA256: 0740359baef32cbb0b14a9d1bd3499ea2e770ff9b1c85898cfac8fd9aca4fa39
+    Sections:
+        .text:
+            Entropy: 6.189266621409851
+            Virtual Size: '0x235e'
+        .rdata:
+            Entropy: 3.5686730013234587
+            Virtual Size: '0xdc4'
+        .data:
+            Entropy: 2.9710357364934694
+            Virtual Size: '0xd68'
+        PAGE:
+            Entropy: 5.8055474754253495
+            Virtual Size: '0x266'
+        INIT:
+            Entropy: 5.325440401058366
+            Virtual Size: '0x538'
+        .rsrc:
+            Entropy: 3.3682712956797647
+            Virtual Size: '0x440'
+        .reloc:
+            Entropy: 5.910661392306955
+            Virtual Size: '0x3e0'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 3b49942ec6cef1898e97f741b2b5df8a
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 690e68213dcd459261fc9ec5ef405d71
+        SHA1: 737d5b068d136ff87b6ad9e81e104f9939202d1b
+        SHA256: 7fe1958f35b91da7819002c38642bb9408db3167bd311c637aaae6f9d45af3e4
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2014 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2015-01-22 14:15:53'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.0.0.0
+    Filename: ''
+    ImportedFunctions:
+    - KeBugCheck
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsInitialSystemProcess
+    - ObfDereferenceObject
+    - PsLookupProcessByProcessId
+    - PsGetProcessImageFileName
+    - PsGetProcessId
+    - ZwClose
+    - ZwSetInformationProcess
+    - ZwDuplicateToken
+    - ObOpenObjectByPointer
+    - PsProcessType
+    - PsDereferencePrimaryToken
+    - PsReferencePrimaryToken
+    - IofCompleteRequest
+    - RtlCompareMemory
+    - ZwOpenProcessTokenEx
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - IoFreeMdl
+    - MmUnlockPages
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - memcpy
+    - KeServiceDescriptorTable
+    - MmGetSystemRoutineAddress
+    - RtlInitUnicodeString
+    - PsSetCreateProcessNotifyRoutine
+    - IoEnumerateRegisteredFiltersList
+    - KeTickCount
+    - NtBuildNumber
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - memset
+    - IoGetCurrentProcess
+    - _vsnwprintf
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwind
+    - KeBugCheckEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltGetVolumeFromInstance
+    - FltObjectDereference
+    - FltEnumerateFilters
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: 311de109df18e485d4a626b5dbe19bc6
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.0.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 8665c9d64e9ce611e8da04f59bef5a6b
+        SHA1: 68ce0ee056b5baefb1f65c7e665bb2867f59007d
+        SHA256: 2c3b58420079e8105ce61febc1234fb9f14a5596a25bc2da1bc2e94d89069cab
+    SHA1: cf9baf57e16b73d7a4a99dd0c092870deba1a997
+    SHA256: dfc80e0d468a2c115a902aa332a97e3d279b1fc3d32083e8cf9a4aadf3f54ad1
+    Sections:
+        .text:
+            Entropy: 6.208724506217132
+            Virtual Size: '0x24fe'
+        .rdata:
+            Entropy: 3.5638224258922664
+            Virtual Size: '0xca4'
+        .data:
+            Entropy: 3.0632943566660935
+            Virtual Size: '0x998'
+        PAGE:
+            Entropy: 5.795775488454666
+            Virtual Size: '0x266'
+        INIT:
+            Entropy: 5.304269216190384
+            Virtual Size: '0x55e'
+        .rsrc:
+            Entropy: 3.3520647829946015
+            Virtual Size: '0x440'
+        .reloc:
+            Entropy: 5.8847883106789
+            Virtual Size: '0x3b6'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 8e35c9460537092672b3c7c14bccc7e0
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 7c44f7e093214123e7aee5d72b86f73d
+        SHA1: efa8dbf9a71113aac99ec9915236f4a4eb81711c
+        SHA256: 7adc0785210452664cb684b2c7687589090d31f2a3d0892e8e520145c0799110
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2016 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2016-08-21 16:57:45'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.1.0.0
+    Filename: ''
+    ImportedFunctions:
+    - KeBugCheck
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsProcessType
+    - PsGetProcessImageFileName
+    - PsLookupProcessByProcessId
+    - PsReferencePrimaryToken
+    - ZwOpenProcessTokenEx
+    - IoGetCurrentProcess
+    - ZwSetInformationProcess
+    - ZwClose
+    - ZwDuplicateToken
+    - PsInitialSystemProcess
+    - _vsnwprintf
+    - ObfDereferenceObject
+    - ObOpenObjectByPointer
+    - PsGetProcessId
+    - PsDereferencePrimaryToken
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - IoFreeMdl
+    - MmProbeAndLockPages
+    - MmUnlockPages
+    - IoAllocateMdl
+    - ZwUnloadKey
+    - IoEnumerateRegisteredFiltersList
+    - KeBugCheckEx
+    - MmGetSystemRoutineAddress
+    - IoDeleteDevice
+    - RtlInitUnicodeString
+    - NtBuildNumber
+    - RtlCompareMemory
+    - IoDeleteSymbolicLink
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwindEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltEnumerateFilters
+    - FltObjectDereference
+    - FltGetVolumeFromInstance
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: 97264fd62d4907bdac917917a07b3b7a
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.1.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: d45d2640e1584c776a1d10e5f695d7ad
+        SHA1: fef88c261764494d9a145b37b7739f3454786729
+        SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
+    SHA1: 613a9df389ad612a5187632d679da11d60f6046a
+    SHA256: 0f7bfa10075bf5c193345866333d415509433dbfe5a7d45664b88d72216ff7c3
+    Sections:
+        .text:
+            Entropy: 6.134700082776874
+            Virtual Size: '0x321c'
+        .rdata:
+            Entropy: 3.8577998565544873
+            Virtual Size: '0x1248'
+        .data:
+            Entropy: 2.4290980855498043
+            Virtual Size: '0xfa4'
+        .pdata:
+            Entropy: 4.043102684753298
+            Virtual Size: '0x1bc'
+        PAGE:
+            Entropy: 6.0617823350375595
+            Virtual Size: '0x28b'
+        INIT:
+            Entropy: 5.115489588699519
+            Virtual Size: '0x5e6'
+        .rsrc:
+            Entropy: 3.3689651261045475
+            Virtual Size: '0x440'
+        .reloc:
+            Entropy: 4.630994027546385
+            Virtual Size: '0x18e'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows
+            ValidFrom: '2013-06-17 21:43:38'
+            ValidTo: '2014-09-17 21:43:38'
+            Signature: 78269c4b43268afbc7329a21653fdf5427c51d156bd9b2be4fc3ce06c9fe486ad28fa1a55698acc8617733a5d9b68b3f69ab82d8d60857a0cf330434703b2af43b3058eec891f89515a9acf8c29aebdcabc8671630a1d22fa51720ab95393c388e3fbed2d42eca2bce4f3ac03be5be68ecfe7f44a6d3871782abd7cc3f8c22300536bd24a13934474bc0cfc2f1479991b991f328cb5a80d06c1046a9249b8dd8747b3c87e54946f28c0bdf14c042566264fbf9475859b221d0434603ab5f655551437be8eb21192f143d173b042f139ce553888cf0534f9d2f090c1edbf10def827a274afeeba10c2b4725b0628a2722d5f209be4f9e3d2d8104a896df82072d
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 330000002418fc0b689e7399d0000000000024
+            Version: 3
+            TBS:
+                MD5: 28b23b39f3bbd936a26a5b86451be0ac
+                SHA1: 3b16f29295d5a7c323beb479c71d3d20c6b8acc2
+                SHA256: 4383c9a796dc607ddaae1849d8e5d2e7ea211aad2c599fe1e251285ec87dd150
+                SHA384: 4d8c4a1c7eb8555226b15d1b34fa9c92c2350204c694435143fa2f0edfdab81a12bfaf5eb76dd193ce1cb16c5b3530c0
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Production PCA 2011
+            ValidFrom: '2011-10-19 18:41:42'
+            ValidTo: '2026-10-19 18:51:42'
+            Signature: 14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: '61077656000000000008'
+            Version: 3
+            TBS:
+                MD5: 30a3f0b64324ed7f465e7fc618cb69e7
+                SHA1: 002de3561519b662c5e3f5faba1b92c403fb7c41
+                SHA256: 4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146
+                SHA384: 4f9a02c3eac5e83c38074d54c0bf270e03a1d668e0001c9812c509eb08a19075ee778a7630e65598e4608fc66e2d1c66
+        Signer:
+        -   SerialNumber: 330000002418fc0b689e7399d0000000000024
+            Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Production PCA 2011
+            Version: 1
+    Imphash: 059c6bd84285f4960e767f032b33f19b
+    LoadsDespiteHVCI: 'TRUE'
+-   Authentihash:
+        MD5: 10bed6cc6131bc023d0bd01dd7cc52ca
+        SHA1: afbef1bcc71fdb49b5d68d2b5d764feeb2a241cb
+        SHA256: e171be5cf5cc1f74ec346a1ab0dfaa38c16da6b4265eed710a3faabfc13b9d56
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2020 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2020-09-16 19:34:32'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.2.0.0
+    Filename: ''
+    ImportedFunctions:
+    - KeBugCheck
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsProcessType
+    - PsGetProcessImageFileName
+    - PsLookupProcessByProcessId
+    - PsReferencePrimaryToken
+    - ZwOpenProcessTokenEx
+    - IoGetCurrentProcess
+    - ZwSetInformationProcess
+    - ZwClose
+    - ZwDuplicateToken
+    - PsInitialSystemProcess
+    - _vsnwprintf
+    - ObfDereferenceObject
+    - ObOpenObjectByPointer
+    - PsGetProcessId
+    - PsDereferencePrimaryToken
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - IoFreeMdl
+    - MmProbeAndLockPages
+    - MmUnlockPages
+    - IoAllocateMdl
+    - ZwUnloadKey
+    - IoEnumerateRegisteredFiltersList
+    - KeBugCheckEx
+    - MmGetSystemRoutineAddress
+    - IoDeleteDevice
+    - RtlInitUnicodeString
+    - NtBuildNumber
+    - RtlCompareMemory
+    - IoDeleteSymbolicLink
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwindEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltEnumerateFilters
+    - FltObjectDereference
+    - FltGetVolumeFromInstance
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: ba50bd645d7c81416bb26a9d39998296
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.2.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: d45d2640e1584c776a1d10e5f695d7ad
+        SHA1: fef88c261764494d9a145b37b7739f3454786729
+        SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
+    SHA1: 1768f9c780fe7cf66928cfceaef8ed7d985e18f5
+    SHA256: 12b0000698b79ea3c8178b9e87801cc34bad096a151a8779559519deafd4e3f0
+    Sections:
+        .text:
+            Entropy: 6.133976095876382
+            Virtual Size: '0x329c'
+        .rdata:
+            Entropy: 3.8382727344944665
+            Virtual Size: '0x1490'
+        .data:
+            Entropy: 2.1710929957450715
+            Virtual Size: '0x1c54'
+        .pdata:
+            Entropy: 3.9857737110778095
+            Virtual Size: '0x1b0'
+        PAGE:
+            Entropy: 6.058535435224619
+            Virtual Size: '0x28b'
+        INIT:
+            Entropy: 5.119968261124173
+            Virtual Size: '0x5e6'
+        .rsrc:
+            Entropy: 3.3478109419215607
+            Virtual Size: '0x430'
+        .reloc:
+            Entropy: 5.011052354824561
+            Virtual Size: '0x288'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2026-04-13 10:00:00'
+            Signature: 1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 751e3ee9c5dc2f3e8f04e59dee5ed409
+            Version: 3
+            TBS:
+                MD5: a637f8f3c278575f41cda67c2063c050
+                SHA1: debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
+                SHA256: f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
+                SHA384: 8d32c5f71dc656c96a04609c17e9d8dc95c4f56d1a55165a265e244d34a3f7708e6c7d942376e4fbb3d2ac2f2609fd47
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 059c6bd84285f4960e767f032b33f19b
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 79fbc7ad35a38f5f4ed01ebde1ce2790
+        SHA1: a503de77ec0f43661e570cc58214112abe7dbe31
+        SHA256: 09d6169da055725274a8c53c3139baff8ceef52346e5a910e735bb17f634f8bb
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2014 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2014-06-27 15:08:09'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.0.0.0
+    Filename: ''
+    ImportedFunctions:
+    - KeBugCheck
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsInitialSystemProcess
+    - ObfDereferenceObject
+    - PsLookupProcessByProcessId
+    - PsGetProcessImageFileName
+    - PsGetProcessId
+    - ZwClose
+    - ZwSetInformationProcess
+    - ZwDuplicateToken
+    - ObOpenObjectByPointer
+    - PsProcessType
+    - PsDereferencePrimaryToken
+    - PsReferencePrimaryToken
+    - IofCompleteRequest
+    - RtlCompareMemory
+    - ZwOpenProcessTokenEx
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - IoFreeMdl
+    - MmUnlockPages
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - memcpy
+    - KeServiceDescriptorTable
+    - MmGetSystemRoutineAddress
+    - RtlInitUnicodeString
+    - IoEnumerateRegisteredFiltersList
+    - KeTickCount
+    - NtBuildNumber
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - memset
+    - IoGetCurrentProcess
+    - _vsnwprintf
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwind
+    - KeBugCheckEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltGetVolumeFromInstance
+    - FltObjectDereference
+    - FltEnumerateFilters
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: c62209b8a5daf3f32ad876ad6cefda1b
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.0.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: c4873a245675b1071413f34af4d80050
+        SHA1: dd32c95fe9c3a8bcfa7623a732f2492214ff5881
+        SHA256: 2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
+    SHA1: e3a1e7ce9e9452966885371e4c7fb48a2efdef22
+    SHA256: 0f58e09651d48d2b1bcec7b9f7bb85a2d1a7b65f7a51db281fe0c4f058a48597
+    Sections:
+        .text:
+            Entropy: 6.195574811483624
+            Virtual Size: '0x2258'
+        .rdata:
+            Entropy: 3.5754296036332027
+            Virtual Size: '0xc34'
+        .data:
+            Entropy: 3.072428037253572
+            Virtual Size: '0x984'
+        PAGE:
+            Entropy: 5.80042492326293
+            Virtual Size: '0x266'
+        INIT:
+            Entropy: 5.310271971506795
+            Virtual Size: '0x538'
+        .rsrc:
+            Entropy: 3.3520647829946015
+            Virtual Size: '0x440'
+        .reloc:
+            Entropy: 5.848091578092837
+            Virtual Size: '0x380'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 3866dd9fe63de457bdbf893bf7050ddf
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 6135004699b7dabc0f715f178f7d72ff
+        SHA1: 3f0dcaca0faea3fc58d94e247453e409ff3a116d
+        SHA256: 7442192141d056cef53a570d072759a648393be52019f32e93ccb7aec5715feb
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2017 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2017-02-25 18:17:16'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.1.0.0
+    Filename: ''
+    ImportedFunctions:
+    - KeBugCheck
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsProcessType
+    - PsGetProcessImageFileName
+    - PsLookupProcessByProcessId
+    - PsReferencePrimaryToken
+    - ZwOpenProcessTokenEx
+    - IoGetCurrentProcess
+    - ZwSetInformationProcess
+    - ZwClose
+    - ZwDuplicateToken
+    - PsInitialSystemProcess
+    - _vsnwprintf
+    - ObfDereferenceObject
+    - ObOpenObjectByPointer
+    - PsGetProcessId
+    - PsDereferencePrimaryToken
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - IoFreeMdl
+    - MmProbeAndLockPages
+    - MmUnlockPages
+    - IoAllocateMdl
+    - ZwUnloadKey
+    - IoEnumerateRegisteredFiltersList
+    - KeBugCheckEx
+    - MmGetSystemRoutineAddress
+    - IoDeleteDevice
+    - RtlInitUnicodeString
+    - NtBuildNumber
+    - RtlCompareMemory
+    - IoDeleteSymbolicLink
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwindEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltEnumerateFilters
+    - FltObjectDereference
+    - FltGetVolumeFromInstance
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: bbdbffebfc753b11897de2da7c9912a5
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.1.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: d45d2640e1584c776a1d10e5f695d7ad
+        SHA1: fef88c261764494d9a145b37b7739f3454786729
+        SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
+    SHA1: f11188c540eada726766e0b0b2f9dd3ae2679c61
+    SHA256: 5295080de37d4838e15dec4e3682545033d479d3d9ac28d74747c086559fb968
+    Sections:
+        .text:
+            Entropy: 6.14362601153889
+            Virtual Size: '0x318c'
+        .rdata:
+            Entropy: 3.858306398040601
+            Virtual Size: '0x1300'
+        .data:
+            Entropy: 2.3976266531821224
+            Virtual Size: '0x1144'
+        .pdata:
+            Entropy: 4.043975650731326
+            Virtual Size: '0x1b0'
+        PAGE:
+            Entropy: 6.070426661582891
+            Virtual Size: '0x28b'
+        INIT:
+            Entropy: 5.119968261124173
+            Virtual Size: '0x5e6'
+        .rsrc:
+            Entropy: 3.370803361398665
+            Virtual Size: '0x440'
+        .reloc:
+            Entropy: 4.657997051970539
+            Virtual Size: '0x1b6'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 059c6bd84285f4960e767f032b33f19b
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: ef7cfe93066557d08cb2999af137bed7
+        SHA1: 9ab8ec77be802ff1cea9c129338b291a48c50cbb
+        SHA256: 68191d76aaafb52bbec5240c3b371e7dd77ff442b4a3394b41cc402402b43717
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2020 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2020-02-29 03:13:31'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.2.0.0
+    Filename: ''
+    ImportedFunctions:
+    - KeBugCheck
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsProcessType
+    - PsGetProcessImageFileName
+    - PsLookupProcessByProcessId
+    - PsReferencePrimaryToken
+    - ZwOpenProcessTokenEx
+    - IoGetCurrentProcess
+    - ZwSetInformationProcess
+    - ZwClose
+    - ZwDuplicateToken
+    - PsInitialSystemProcess
+    - _vsnwprintf
+    - ObfDereferenceObject
+    - ObOpenObjectByPointer
+    - PsGetProcessId
+    - PsDereferencePrimaryToken
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - IoFreeMdl
+    - MmProbeAndLockPages
+    - MmUnlockPages
+    - IoAllocateMdl
+    - ZwUnloadKey
+    - IoEnumerateRegisteredFiltersList
+    - KeBugCheckEx
+    - MmGetSystemRoutineAddress
+    - IoDeleteDevice
+    - RtlInitUnicodeString
+    - NtBuildNumber
+    - RtlCompareMemory
+    - IoDeleteSymbolicLink
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwindEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltEnumerateFilters
+    - FltObjectDereference
+    - FltGetVolumeFromInstance
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: c8541a9cef64589593e999968a0385b9
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.2.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: d45d2640e1584c776a1d10e5f695d7ad
+        SHA1: fef88c261764494d9a145b37b7739f3454786729
+        SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
+    SHA1: fe18c58fbd0a83d67920e037d522c176704d2ca3
+    SHA256: f9b01406864ab081aa77eef4ad15cb2dd2f830d1ef54f52622a59ff1aeb05ba5
+    Sections:
+        .text:
+            Entropy: 6.135433819899731
+            Virtual Size: '0x325c'
+        .rdata:
+            Entropy: 3.8405820282686713
+            Virtual Size: '0x1450'
+        .data:
+            Entropy: 2.2159905775744044
+            Virtual Size: '0x1934'
+        .pdata:
+            Entropy: 4.038755197475624
+            Virtual Size: '0x1b0'
+        PAGE:
+            Entropy: 6.068036657482388
+            Virtual Size: '0x28b'
+        INIT:
+            Entropy: 5.119968261124173
+            Virtual Size: '0x5e6'
+        .rsrc:
+            Entropy: 3.3478109419215607
+            Virtual Size: '0x430'
+        .reloc:
+            Entropy: 4.901711830072888
+            Virtual Size: '0x24c'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2026-04-13 10:00:00'
+            Signature: 1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 751e3ee9c5dc2f3e8f04e59dee5ed409
+            Version: 3
+            TBS:
+                MD5: a637f8f3c278575f41cda67c2063c050
+                SHA1: debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
+                SHA256: f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
+                SHA384: 8d32c5f71dc656c96a04609c17e9d8dc95c4f56d1a55165a265e244d34a3f7708e6c7d942376e4fbb3d2ac2f2609fd47
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 059c6bd84285f4960e767f032b33f19b
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 840e82da743d5e920ec6c58e886871b7
+        SHA1: 35821d20b94cc169da1bd4e325f349f46d13a6df
+        SHA256: 6c9f431814cd58365468ac63ba8b6693c3dd2a2b3ef37b23e5d80d75083b784d
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2017 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2018-02-04 18:08:35'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.1.1.0
+    Filename: ''
+    ImportedFunctions:
+    - KeBugCheck
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsProcessType
+    - PsGetProcessImageFileName
+    - PsLookupProcessByProcessId
+    - PsReferencePrimaryToken
+    - ZwOpenProcessTokenEx
+    - IoGetCurrentProcess
+    - ZwSetInformationProcess
+    - ZwClose
+    - ZwDuplicateToken
+    - PsInitialSystemProcess
+    - _vsnwprintf
+    - ObfDereferenceObject
+    - ObOpenObjectByPointer
+    - PsGetProcessId
+    - PsDereferencePrimaryToken
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - IoFreeMdl
+    - MmProbeAndLockPages
+    - MmUnlockPages
+    - IoAllocateMdl
+    - ZwUnloadKey
+    - IoEnumerateRegisteredFiltersList
+    - KeBugCheckEx
+    - MmGetSystemRoutineAddress
+    - IoDeleteDevice
+    - RtlInitUnicodeString
+    - NtBuildNumber
+    - RtlCompareMemory
+    - IoDeleteSymbolicLink
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwindEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltEnumerateFilters
+    - FltObjectDereference
+    - FltGetVolumeFromInstance
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: 36f44643178c505ea0384e0fb241e904
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.1.1.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: d45d2640e1584c776a1d10e5f695d7ad
+        SHA1: fef88c261764494d9a145b37b7739f3454786729
+        SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
+    SHA1: 0fe2d22bd2e6b7874f4f2b6279e2ca05edd1222a
+    SHA256: 8206ce9c42582ac980ff5d64f8e3e310bc2baa42d1a206dd831c6ab397fbd8fe
+    Sections:
+        .text:
+            Entropy: 6.144037436753497
+            Virtual Size: '0x31dc'
+        .rdata:
+            Entropy: 3.843316204566198
+            Virtual Size: '0x1390'
+        .data:
+            Entropy: 2.313119440407077
+            Virtual Size: '0x1494'
+        .pdata:
+            Entropy: 3.990039715462728
+            Virtual Size: '0x1b0'
+        PAGE:
+            Entropy: 6.084557222001841
+            Virtual Size: '0x28b'
+        INIT:
+            Entropy: 5.119968261124173
+            Virtual Size: '0x5e6'
+        .rsrc:
+            Entropy: 3.382946098314487
+            Virtual Size: '0x440'
+        .reloc:
+            Entropy: 4.8001308386334935
+            Virtual Size: '0x1f2'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority,
+                CN=Certum Code Signing CA SHA2
+            ValidFrom: '2015-10-29 11:30:29'
+            ValidTo: '2027-06-09 11:30:29'
+            Signature: aae53f7654024c700e29a93996060f31b70bf1a68b52fb108f4f425b8cbd312301669de829a14dc350faf7f8450e1d82d7fcfea6320473fd71eccc880fa39208c5815802fd0b693bcdb83f493dd08d1c1314682e9b0d9aadb019e29ed27c3977886f23fd7b84fc446db5ba6b7092556c94b1d837fda9591db463b2dc13cd788e2535c19a8f37842ed445cce3f5cc8d73a8e33a6de7959470579150b66def73724f2f028760e2ea22a1ed3efdd18b668d2e726d4fc65d35ee93a898d2676ae9da19cd0283f974fc5f7a1804281edd22333b766c47055dd552fe0eba76f38310c76e305fa760c7fa7427319b2883ed218a1bf1235284ed95bcad3aa5a342019dbc
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 6b326a0f0328d37a1d530bfd23bd48e2
+            Version: 3
+            TBS:
+                MD5: e556c75dbca00e43684d23c11c032d4a
+                SHA1: 50925e36ffd52e5b4d32689e9007b14a3a417168
+                SHA256: f7b6eeb3a567223000a61f68c53b458193557c17e5d512d2825bcb13e5fc9be5
+                SHA384: 57f1cdd3afe0bd7859ab450dbdf6e21a55cf5ba0dda62b9b3c12f2d885d98413ce6817243f6bb83cd77276643369ecbf
+        -   Subject: C=FR, O=Open Source Developer, ST=Ile de France, CN=Open Source
+                Developer, Benjamin Delpy, emailAddress=benjamin@gentilkiwi.com
+            ValidFrom: '2017-12-04 09:50:34'
+            ValidTo: '2018-12-04 09:50:34'
+            Signature: a671cf049079a759f4c1fa73dd7f3b3b84da6480a91a3c1a9d6d3bb1313d6714d14272b477c37a86b88a686344dcfd89c8af3a34deaaa5bab970adfa66c5ff206b22ef1954ccbf6b96fdf0f99e9066557fefbb5ddc55aa2a2891181d1a27b06acb79380b618344bd202361fb0399a7e6e6ccbcfa714265fa054e373261efaf6b74bc7e4c7994bcb832d61b3c573d2ec8c3926afb60d4b63428112dd6249c2a49cfded8fa33893fb2d452b135ad57be1ff7956825861e1fd53dfbc0cef82045fd699ebeb74230abfbac20467f087f6e7e2b19f0f961ea2f015c2e54e653507f9966193658afc237778e12001f05e1c6e0ec13d9574718593a2f2484cff950e019
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 1519af351702ab2d86968d0be928f529
+            Version: 3
+            TBS:
+                MD5: 7227ed4392de49333e052f8f17c41f69
+                SHA1: e019d8060f65cc923dab50ea282fb8895c1c75f9
+                SHA256: eee437f4170a21f7de0e590620ff2a9412f89af95e87589d0e5a1cca17f61825
+                SHA384: a5f32361dfa3828aebf139cb1017bba83111e1ce2c5dbd126751a1e7d8f19f3fb838926fc118e423fbe07187e84efc2b
+        -   Subject: C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority,
+                CN=Certum Trusted Network CA
+            ValidFrom: '2011-04-15 20:15:34'
+            ValidTo: '2021-04-15 20:25:34'
+            Signature: 419f12160eedee2491fe5d5f10a097a8749e0dccf3115163122a5bb95dc7afac5aa25c0002cb728e0d9225b6522653be3c77a2c28c8089d84118571ab8d05057c328e7fad044804e7e8933286f3a47ef5e231ef27afe3a2a19dead6b1a2847786e9bbfeb7367589a2719d8eb5c3d085860629d5914cf9e76b3cfd962af7b72ac80f9e015ab9c7a5c4b1c7083db7094117bd22a4c7734dc36cccd46d40b198c09f6610ade481c9b3fff0b43d7f1018061abda70cfa78444acb31cce2630f5ca5f696735836ea3888c0fb8939bd65b0615e64b7db950ab09e07b2beb4c1a6bba1cca791bc59f81bde443f02de195d5a166076ce6e5456e060bdbf5bc4395b88aa50555e59668ac1d31db3804bc1c3db61975d1b5802a821e385c4676256c4d8b7483544375e77bb395bfee13609e0ecdfbcaf73a2a52a0a625497a17193ae8941f2c8204035ea9513cef526f7b43ceda2b81b47fda1a2c6265d1ec2837823014319d15bdffacc88b256e41bd1f23741be3fcf94be2eb46e68151530ec94a84788deca8b80f8d4c7fe0f6b0d2c538b24f82c410fe87b88ec6b6b0f87c12a7b4834dfc1e8b6a5bf9d564793ed1e37e1af6c81e59db4dca605c577ea25877ecfa05260032a7f6ff134e98d86f5b434cb336e425bcd93b9f38e00ee9be81e6c91f0f022f8d3a1288a88e1bb1e776913e18de361228fef766557c5bd464487452c32189
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 613bc791000000000034
+            Version: 3
+            TBS:
+                MD5: f5f0d604dd56b0446f98fb67e98a76f8
+                SHA1: c749c146cc00030ff36ecf9b698e6a377bc15605
+                SHA256: df5dacc623d44348fff0bc8ebe2cedc8ba212e33c6f10d7fd608f37f92a2c273
+                SHA384: c394dc13768746f008b4ffa082d6e8a2e55a83052d63e3c0a8f2fcfc30dcd51849afd21b0adf86bc50490629a89da09b
+        Signer:
+        -   SerialNumber: 1519af351702ab2d86968d0be928f529
+            Issuer: C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority,
+                CN=Certum Code Signing CA SHA2
+            Version: 1
+    Imphash: 059c6bd84285f4960e767f032b33f19b
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 99d62e5e26044dacaaac903ab3a29ecc
+        SHA1: ff2357a79966d2dd53574098670b2e03e4969786
+        SHA256: 1425075f7a3f009f703ca8d5bbbfe2cfbc1a7de7f5e17d50708ba99dc0f668ff
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2016 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2016-10-05 12:44:52'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.1.0.0
+    Filename: ''
+    ImportedFunctions:
+    - KeBugCheck
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsProcessType
+    - PsGetProcessImageFileName
+    - PsLookupProcessByProcessId
+    - PsReferencePrimaryToken
+    - ZwOpenProcessTokenEx
+    - IoGetCurrentProcess
+    - ZwSetInformationProcess
+    - ZwClose
+    - ZwDuplicateToken
+    - PsInitialSystemProcess
+    - _vsnwprintf
+    - ObfDereferenceObject
+    - ObOpenObjectByPointer
+    - PsGetProcessId
+    - PsDereferencePrimaryToken
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - IoFreeMdl
+    - MmProbeAndLockPages
+    - MmUnlockPages
+    - IoAllocateMdl
+    - ZwUnloadKey
+    - IoEnumerateRegisteredFiltersList
+    - KeBugCheckEx
+    - MmGetSystemRoutineAddress
+    - IoDeleteDevice
+    - RtlInitUnicodeString
+    - NtBuildNumber
+    - RtlCompareMemory
+    - IoDeleteSymbolicLink
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwindEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltEnumerateFilters
+    - FltObjectDereference
+    - FltGetVolumeFromInstance
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: aeb0801f22d71c7494e884d914446751
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.1.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: d45d2640e1584c776a1d10e5f695d7ad
+        SHA1: fef88c261764494d9a145b37b7739f3454786729
+        SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
+    SHA1: 3d2309f7c937bfcae86097d716a8ef66c1337a3c
+    SHA256: 818787057fc60ac8b957aa37d750aa4bace8e6a07d3d28b070022ee6dcd603ab
+    Sections:
+        .text:
+            Entropy: 6.134700082776874
+            Virtual Size: '0x321c'
+        .rdata:
+            Entropy: 3.8566788058686754
+            Virtual Size: '0x1248'
+        .data:
+            Entropy: 2.4290980855498043
+            Virtual Size: '0xfa4'
+        .pdata:
+            Entropy: 4.043102684753298
+            Virtual Size: '0x1bc'
+        PAGE:
+            Entropy: 6.0617823350375595
+            Virtual Size: '0x28b'
+        INIT:
+            Entropy: 5.115489588699519
+            Virtual Size: '0x5e6'
+        .rsrc:
+            Entropy: 3.3689651261045475
+            Virtual Size: '0x440'
+        .reloc:
+            Entropy: 4.630994027546385
+            Virtual Size: '0x18e'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 059c6bd84285f4960e767f032b33f19b
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: da5e0364a0da94a77183c42078b9cad3
+        SHA1: dcd9b05df79e212836be6563fa6870d9814a6d06
+        SHA256: 26908983e18b807894909d11d6d0fa2d8fbe7544b61184267851c2a839f3b306
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2015 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2015-10-08 16:32:53'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.0.0.0
+    Filename: ''
+    ImportedFunctions:
+    - KeBugCheck
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsInitialSystemProcess
+    - ObfDereferenceObject
+    - PsLookupProcessByProcessId
+    - PsGetProcessImageFileName
+    - PsGetProcessId
+    - ZwClose
+    - ZwSetInformationProcess
+    - ZwDuplicateToken
+    - ObOpenObjectByPointer
+    - PsProcessType
+    - PsDereferencePrimaryToken
+    - PsReferencePrimaryToken
+    - IofCompleteRequest
+    - RtlCompareMemory
+    - ZwOpenProcessTokenEx
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - IoFreeMdl
+    - MmUnlockPages
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - memcpy
+    - KeServiceDescriptorTable
+    - MmGetSystemRoutineAddress
+    - RtlInitUnicodeString
+    - PsSetCreateProcessNotifyRoutine
+    - IoEnumerateRegisteredFiltersList
+    - KeTickCount
+    - NtBuildNumber
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - memset
+    - IoGetCurrentProcess
+    - _vsnwprintf
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwind
+    - KeBugCheckEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltGetVolumeFromInstance
+    - FltObjectDereference
+    - FltEnumerateFilters
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: 968ddb06af90ef83c5f20fbdd4eee62e
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.0.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 8665c9d64e9ce611e8da04f59bef5a6b
+        SHA1: 68ce0ee056b5baefb1f65c7e665bb2867f59007d
+        SHA256: 2c3b58420079e8105ce61febc1234fb9f14a5596a25bc2da1bc2e94d89069cab
+    SHA1: da970a01cecff33a99c217a42297cec4d1fe66d6
+    SHA256: 28f5aa194a384680a08c0467e94a8fc40f8b0f3f2ac5deb42e0f51a80d27b553
+    Sections:
+        .text:
+            Entropy: 6.202808580330778
+            Virtual Size: '0x250e'
+        .rdata:
+            Entropy: 3.5600480296725334
+            Virtual Size: '0xda4'
+        .data:
+            Entropy: 3.090178215836175
+            Virtual Size: '0xb08'
+        PAGE:
+            Entropy: 5.780138321942911
+            Virtual Size: '0x266'
+        INIT:
+            Entropy: 5.303621700268906
+            Virtual Size: '0x55e'
+        .rsrc:
+            Entropy: 3.3553824672541936
+            Virtual Size: '0x440'
+        .reloc:
+            Entropy: 5.956839106739942
+            Virtual Size: '0x3d4'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 8e35c9460537092672b3c7c14bccc7e0
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: e387a7fa0974fb08a31a89b56971fc73
+        SHA1: 6402aa89aae254757c4875a2f26b21b84d8dbf19
+        SHA256: 9718a5e78f5015a7a9f66c33ae31a6df37535f33039380c6edc103e3a9dbc5ab
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2015 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2015-10-08 16:33:10'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.0.0.0
+    Filename: ''
+    ImportedFunctions:
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsProcessType
+    - PsGetProcessImageFileName
+    - PsLookupProcessByProcessId
+    - PsReferencePrimaryToken
+    - ZwOpenProcessTokenEx
+    - IoGetCurrentProcess
+    - ZwSetInformationProcess
+    - ZwClose
+    - ZwDuplicateToken
+    - PsInitialSystemProcess
+    - RtlCompareMemory
+    - ObfDereferenceObject
+    - IofCompleteRequest
+    - PsGetProcessId
+    - PsDereferencePrimaryToken
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - IoFreeMdl
+    - MmProbeAndLockPages
+    - MmUnlockPages
+    - IoAllocateMdl
+    - ZwUnloadKey
+    - RtlInitUnicodeString
+    - MmGetSystemRoutineAddress
+    - PsSetCreateProcessNotifyRoutine
+    - IoEnumerateRegisteredFiltersList
+    - KeBugCheckEx
+    - KeBugCheck
+    - _vsnwprintf
+    - IoDeleteDevice
+    - NtBuildNumber
+    - ObOpenObjectByPointer
+    - IoDeleteSymbolicLink
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwindEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltEnumerateFilters
+    - FltObjectDereference
+    - FltGetVolumeFromInstance
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: f209cb0e468ca0b76d879859d5c8c54e
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.0.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 94bfa9368ea43c71afa29bad9fc60535
+        SHA1: d8e5ebd3ca141f00753a138144cd1319d755858b
+        SHA256: 5c236619ead1fde5073ecb323d1c2701a7c522489118cee4ffb4ccf14efc355f
+    SHA1: ba430f3c77e58a4dc1a9a9619457d1c45a19617f
+    SHA256: 7824931e55249a501074a258b4f65cd66157ee35672ba17d1c0209f5b0384a28
+    Sections:
+        .text:
+            Entropy: 6.1491487342367845
+            Virtual Size: '0x342c'
+        .rdata:
+            Entropy: 3.882619640221585
+            Virtual Size: '0x121c'
+        .data:
+            Entropy: 2.603720407225135
+            Virtual Size: '0xe7c'
+        .pdata:
+            Entropy: 4.029672285693752
+            Virtual Size: '0x1d4'
+        PAGE:
+            Entropy: 6.075319996890446
+            Virtual Size: '0x28b'
+        INIT:
+            Entropy: 5.107085003103007
+            Virtual Size: '0x610'
+        .rsrc:
+            Entropy: 3.3560762976789764
+            Virtual Size: '0x440'
+        .reloc:
+            Entropy: 4.483127055768285
+            Virtual Size: '0x172'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: caa08a0ba5f679b1e5bbae747cb9d626
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: c8a52f07d72bf397b5b4141120c35370
+        SHA1: 5514398b1ab545178f0e89f20a846d1845f00ccb
+        SHA256: 0713a541b70f58bbcd1807c69ae855e9ce041b807e34978df6c1e9357c53acef
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2020 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2020-09-18 11:18:22'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.2.0.0
+    Filename: ''
+    ImportedFunctions:
+    - KeBugCheck
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsProcessType
+    - PsGetProcessImageFileName
+    - PsLookupProcessByProcessId
+    - PsReferencePrimaryToken
+    - ZwOpenProcessTokenEx
+    - IoGetCurrentProcess
+    - ZwSetInformationProcess
+    - ZwClose
+    - ZwDuplicateToken
+    - PsInitialSystemProcess
+    - _vsnwprintf
+    - ObfDereferenceObject
+    - ObOpenObjectByPointer
+    - PsGetProcessId
+    - PsDereferencePrimaryToken
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - IoFreeMdl
+    - MmProbeAndLockPages
+    - MmUnlockPages
+    - IoAllocateMdl
+    - ZwUnloadKey
+    - IoEnumerateRegisteredFiltersList
+    - KeBugCheckEx
+    - MmGetSystemRoutineAddress
+    - IoDeleteDevice
+    - RtlInitUnicodeString
+    - NtBuildNumber
+    - RtlCompareMemory
+    - IoDeleteSymbolicLink
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwindEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltEnumerateFilters
+    - FltObjectDereference
+    - FltGetVolumeFromInstance
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: 157a22689629ec876337f5f9409918d5
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.2.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: d45d2640e1584c776a1d10e5f695d7ad
+        SHA1: fef88c261764494d9a145b37b7739f3454786729
+        SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
+    SHA1: e38e1efd98cd8a3cdb327d386db8df79ea08dccc
+    SHA256: d43520128871c83b904f3136542ea46644ac81a62d51ae9d3c3a3f32405aad96
+    Sections:
+        .text:
+            Entropy: 6.133976095876382
+            Virtual Size: '0x329c'
+        .rdata:
+            Entropy: 3.83695828167843
+            Virtual Size: '0x1490'
+        .data:
+            Entropy: 2.1710929957450715
+            Virtual Size: '0x1c54'
+        .pdata:
+            Entropy: 3.9857737110778095
+            Virtual Size: '0x1b0'
+        PAGE:
+            Entropy: 6.058535435224619
+            Virtual Size: '0x28b'
+        INIT:
+            Entropy: 5.119968261124173
+            Virtual Size: '0x5e6'
+        .rsrc:
+            Entropy: 3.3478109419215607
+            Virtual Size: '0x430'
+        .reloc:
+            Entropy: 5.011052354824561
+            Virtual Size: '0x288'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2026-04-13 10:00:00'
+            Signature: 1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 751e3ee9c5dc2f3e8f04e59dee5ed409
+            Version: 3
+            TBS:
+                MD5: a637f8f3c278575f41cda67c2063c050
+                SHA1: debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
+                SHA256: f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
+                SHA384: 8d32c5f71dc656c96a04609c17e9d8dc95c4f56d1a55165a265e244d34a3f7708e6c7d942376e4fbb3d2ac2f2609fd47
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 059c6bd84285f4960e767f032b33f19b
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 61a1629865ee95256784f3d2dc588eee
+        SHA1: af9b01fd7d495f9003320b271bd2cd615b6aa990
+        SHA256: bdd173909efc3bb3c5d216ea0fd9ec5e935c2572ef48973eeb0917b733ff754c
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2017 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2017-03-19 08:07:51'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.1.0.0
+    Filename: ''
+    ImportedFunctions:
+    - KeBugCheck
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsProcessType
+    - PsGetProcessImageFileName
+    - PsLookupProcessByProcessId
+    - PsReferencePrimaryToken
+    - ZwOpenProcessTokenEx
+    - IoGetCurrentProcess
+    - ZwSetInformationProcess
+    - ZwClose
+    - ZwDuplicateToken
+    - PsInitialSystemProcess
+    - _vsnwprintf
+    - ObfDereferenceObject
+    - ObOpenObjectByPointer
+    - PsGetProcessId
+    - PsDereferencePrimaryToken
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - IoFreeMdl
+    - MmProbeAndLockPages
+    - MmUnlockPages
+    - IoAllocateMdl
+    - ZwUnloadKey
+    - IoEnumerateRegisteredFiltersList
+    - KeBugCheckEx
+    - MmGetSystemRoutineAddress
+    - IoDeleteDevice
+    - RtlInitUnicodeString
+    - NtBuildNumber
+    - RtlCompareMemory
+    - IoDeleteSymbolicLink
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwindEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltEnumerateFilters
+    - FltObjectDereference
+    - FltGetVolumeFromInstance
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: 6e625ec04c20a9dbd48c7060efbf5e92
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.1.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: d45d2640e1584c776a1d10e5f695d7ad
+        SHA1: fef88c261764494d9a145b37b7739f3454786729
+        SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
+    SHA1: 07f282db28771838d0e75d6618f70d76acfe6082
+    SHA256: c8ae217860f793fce3ad0239d7b357dba562824dd7177c9d723ca4d4a7f99a12
+    Sections:
+        .text:
+            Entropy: 6.14362601153889
+            Virtual Size: '0x318c'
+        .rdata:
+            Entropy: 3.8581084256854474
+            Virtual Size: '0x1300'
+        .data:
+            Entropy: 2.3976266531821224
+            Virtual Size: '0x1144'
+        .pdata:
+            Entropy: 4.043975650731326
+            Virtual Size: '0x1b0'
+        PAGE:
+            Entropy: 6.070426661582891
+            Virtual Size: '0x28b'
+        INIT:
+            Entropy: 5.119968261124173
+            Virtual Size: '0x5e6'
+        .rsrc:
+            Entropy: 3.370803361398665
+            Virtual Size: '0x440'
+        .reloc:
+            Entropy: 4.657997051970539
+            Virtual Size: '0x1b6'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 059c6bd84285f4960e767f032b33f19b
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: a8b213ca94c0e3ec1a7f7adec23a28b5
+        SHA1: 9a5372857a976684be6662228f00cb778240cad5
+        SHA256: e1b3a3a67599aae12c073ba5ca0928c2c316d438c2b5462194c97687dda64903
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2020 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2020-08-04 06:00:00'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.2.0.0
+    Filename: ''
+    ImportedFunctions:
+    - KeBugCheck
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsProcessType
+    - PsGetProcessImageFileName
+    - PsLookupProcessByProcessId
+    - PsReferencePrimaryToken
+    - ZwOpenProcessTokenEx
+    - IoGetCurrentProcess
+    - ZwSetInformationProcess
+    - ZwClose
+    - ZwDuplicateToken
+    - PsInitialSystemProcess
+    - _vsnwprintf
+    - ObfDereferenceObject
+    - ObOpenObjectByPointer
+    - PsGetProcessId
+    - PsDereferencePrimaryToken
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - IoFreeMdl
+    - MmProbeAndLockPages
+    - MmUnlockPages
+    - IoAllocateMdl
+    - ZwUnloadKey
+    - IoEnumerateRegisteredFiltersList
+    - KeBugCheckEx
+    - MmGetSystemRoutineAddress
+    - IoDeleteDevice
+    - RtlInitUnicodeString
+    - NtBuildNumber
+    - RtlCompareMemory
+    - IoDeleteSymbolicLink
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwindEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltEnumerateFilters
+    - FltObjectDereference
+    - FltGetVolumeFromInstance
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: d34b218c386bfe8b1f9c941e374418d7
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.2.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: d45d2640e1584c776a1d10e5f695d7ad
+        SHA1: fef88c261764494d9a145b37b7739f3454786729
+        SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
+    SHA1: 025c4e1a9c58bf10be99f6562476b7a0166c6b86
+    SHA256: 082a79311da64b6adc3655e79aa090a9262acaac3b917a363b9571f520a17f6a
+    Sections:
+        .text:
+            Entropy: 6.133976095876382
+            Virtual Size: '0x329c'
+        .rdata:
+            Entropy: 3.837149358882627
+            Virtual Size: '0x1490'
+        .data:
+            Entropy: 2.1710929957450715
+            Virtual Size: '0x1c54'
+        .pdata:
+            Entropy: 3.9857737110778095
+            Virtual Size: '0x1b0'
+        PAGE:
+            Entropy: 6.058535435224619
+            Virtual Size: '0x28b'
+        INIT:
+            Entropy: 5.119968261124173
+            Virtual Size: '0x5e6'
+        .rsrc:
+            Entropy: 3.3478109419215607
+            Virtual Size: '0x430'
+        .reloc:
+            Entropy: 5.011052354824561
+            Virtual Size: '0x288'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2026-04-13 10:00:00'
+            Signature: 1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 751e3ee9c5dc2f3e8f04e59dee5ed409
+            Version: 3
+            TBS:
+                MD5: a637f8f3c278575f41cda67c2063c050
+                SHA1: debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
+                SHA256: f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
+                SHA384: 8d32c5f71dc656c96a04609c17e9d8dc95c4f56d1a55165a265e244d34a3f7708e6c7d942376e4fbb3d2ac2f2609fd47
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 059c6bd84285f4960e767f032b33f19b
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 21f52d165d7ecec822ad4db476abc497
+        SHA1: a4ba5483cb66bb55d3523f03b4abf35e8641cdfb
+        SHA256: 0fe7b0aaeb4b93840492f7d299a5ac481feb74296afcda1da4214db40856f003
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2020 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2020-02-08 04:26:05'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.2.0.0
+    Filename: ''
+    ImportedFunctions:
+    - NtBuildNumber
+    - IofCompleteRequest
+    - KeBugCheck
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsInitialSystemProcess
+    - ObfDereferenceObject
+    - PsLookupProcessByProcessId
+    - PsGetProcessImageFileName
+    - PsGetProcessId
+    - ZwClose
+    - ZwSetInformationProcess
+    - ZwDuplicateToken
+    - ObOpenObjectByPointer
+    - PsProcessType
+    - RtlInitUnicodeString
+    - PsReferencePrimaryToken
+    - IoGetCurrentProcess
+    - RtlCompareMemory
+    - ZwOpenProcessTokenEx
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - IoFreeMdl
+    - MmUnlockPages
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - memcpy
+    - KeServiceDescriptorTable
+    - IoEnumerateRegisteredFiltersList
+    - KeTickCount
+    - MmGetSystemRoutineAddress
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - memset
+    - PsDereferencePrimaryToken
+    - _vsnwprintf
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwind
+    - KeBugCheckEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltGetVolumeFromInstance
+    - FltObjectDereference
+    - FltEnumerateFilters
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: 0308b6888e0f197db6704ca20203eee4
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.2.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: c4873a245675b1071413f34af4d80050
+        SHA1: dd32c95fe9c3a8bcfa7623a732f2492214ff5881
+        SHA256: 2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
+    SHA1: 39169c9b79502251ca2155c8f1cd7e63fd9a42e9
+    SHA256: ac5fb90e88d8870cd5569e661bea98cf6b001d83ab7c65a5196ea3743146939a
+    Sections:
+        .text:
+            Entropy: 6.2035733322045745
+            Virtual Size: '0x23f4'
+        .rdata:
+            Entropy: 3.571768381548083
+            Virtual Size: '0xed4'
+        .data:
+            Entropy: 2.8516013173925066
+            Virtual Size: '0x1264'
+        PAGE:
+            Entropy: 5.795549160299263
+            Virtual Size: '0x266'
+        INIT:
+            Entropy: 5.429489696991249
+            Virtual Size: '0x538'
+        .rsrc:
+            Entropy: 3.3459452702797696
+            Virtual Size: '0x430'
+        .reloc:
+            Entropy: 5.93822728458253
+            Virtual Size: '0x464'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2026-04-13 10:00:00'
+            Signature: 1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 751e3ee9c5dc2f3e8f04e59dee5ed409
+            Version: 3
+            TBS:
+                MD5: a637f8f3c278575f41cda67c2063c050
+                SHA1: debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
+                SHA256: f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
+                SHA384: 8d32c5f71dc656c96a04609c17e9d8dc95c4f56d1a55165a265e244d34a3f7708e6c7d942376e4fbb3d2ac2f2609fd47
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 3b49942ec6cef1898e97f741b2b5df8a
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 9be199eb75e20575da83510649a2cbc8
+        SHA1: 48dfc07c244e3fbf0f5b84ad4c03e103660fe6ee
+        SHA256: 29a04c696d544e36b5b5b054b3bfa8c7a5bc2aa261c48eded8f0265d82ec9157
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2020 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2020-08-06 18:22:01'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.2.0.0
+    Filename: ''
+    ImportedFunctions:
+    - NtBuildNumber
+    - IofCompleteRequest
+    - KeBugCheck
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsInitialSystemProcess
+    - ObfDereferenceObject
+    - PsLookupProcessByProcessId
+    - PsGetProcessImageFileName
+    - PsGetProcessId
+    - ZwClose
+    - ZwSetInformationProcess
+    - ZwDuplicateToken
+    - ObOpenObjectByPointer
+    - PsProcessType
+    - RtlInitUnicodeString
+    - PsReferencePrimaryToken
+    - IoGetCurrentProcess
+    - RtlCompareMemory
+    - ZwOpenProcessTokenEx
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - IoFreeMdl
+    - MmUnlockPages
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - memcpy
+    - KeServiceDescriptorTable
+    - IoEnumerateRegisteredFiltersList
+    - KeTickCount
+    - MmGetSystemRoutineAddress
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - memset
+    - PsDereferencePrimaryToken
+    - _vsnwprintf
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwind
+    - KeBugCheckEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltGetVolumeFromInstance
+    - FltObjectDereference
+    - FltEnumerateFilters
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: f7f31bccc9b7b2964ac85106831022b1
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.2.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: c4873a245675b1071413f34af4d80050
+        SHA1: dd32c95fe9c3a8bcfa7623a732f2492214ff5881
+        SHA256: 2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
+    SHA1: bb5b17cff0b9e15f1648b4136e95bd20d899aef5
+    SHA256: efa56907b9d0ec4430a5d581f490b6b9052b1e979da4dab6a110ab92e17d4576
+    Sections:
+        .text:
+            Entropy: 6.2064317372812985
+            Virtual Size: '0x2404'
+        .rdata:
+            Entropy: 3.5467917260659156
+            Virtual Size: '0xff4'
+        .data:
+            Entropy: 2.813191841547333
+            Virtual Size: '0x14dc'
+        PAGE:
+            Entropy: 5.804360087879422
+            Virtual Size: '0x266'
+        INIT:
+            Entropy: 5.4281677070245955
+            Virtual Size: '0x538'
+        .rsrc:
+            Entropy: 3.3459452702797696
+            Virtual Size: '0x430'
+        .reloc:
+            Entropy: 6.0011548156682
+            Virtual Size: '0x4a0'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2026-04-13 10:00:00'
+            Signature: 1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 751e3ee9c5dc2f3e8f04e59dee5ed409
+            Version: 3
+            TBS:
+                MD5: a637f8f3c278575f41cda67c2063c050
+                SHA1: debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
+                SHA256: f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
+                SHA384: 8d32c5f71dc656c96a04609c17e9d8dc95c4f56d1a55165a265e244d34a3f7708e6c7d942376e4fbb3d2ac2f2609fd47
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 3b49942ec6cef1898e97f741b2b5df8a
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 2fae440eea265327c767ca35b28dc3be
+        SHA1: 0835c5e8536d3abcf20f0af3baa24943d67a4326
+        SHA256: 6413aa70a5664953223205b6364d676fac0c0491d12ddaadc91b7f12fa53f77b
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2020 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2020-01-04 10:58:56'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.2.0.0
+    Filename: ''
+    ImportedFunctions:
+    - NtBuildNumber
+    - IofCompleteRequest
+    - KeBugCheck
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsInitialSystemProcess
+    - ObfDereferenceObject
+    - PsLookupProcessByProcessId
+    - PsGetProcessImageFileName
+    - PsGetProcessId
+    - ZwClose
+    - ZwSetInformationProcess
+    - ZwDuplicateToken
+    - ObOpenObjectByPointer
+    - PsProcessType
+    - RtlInitUnicodeString
+    - PsReferencePrimaryToken
+    - IoGetCurrentProcess
+    - RtlCompareMemory
+    - ZwOpenProcessTokenEx
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - IoFreeMdl
+    - MmUnlockPages
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - memcpy
+    - KeServiceDescriptorTable
+    - IoEnumerateRegisteredFiltersList
+    - KeTickCount
+    - MmGetSystemRoutineAddress
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - memset
+    - PsDereferencePrimaryToken
+    - _vsnwprintf
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwind
+    - KeBugCheckEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltGetVolumeFromInstance
+    - FltObjectDereference
+    - FltEnumerateFilters
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: b5dcc869a91efcc6e8ea0c3c07605d63
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.2.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: c4873a245675b1071413f34af4d80050
+        SHA1: dd32c95fe9c3a8bcfa7623a732f2492214ff5881
+        SHA256: 2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
+    SHA1: 98588b1d1b63747fa6ee406983bf50ad48a2208b
+    SHA256: 80e4c83cfa9d675a6746ab846fa5da76d79e87a9297e94e595a2d781e02673b3
+    Sections:
+        .text:
+            Entropy: 6.2035733322045745
+            Virtual Size: '0x23f4'
+        .rdata:
+            Entropy: 3.5746259663984965
+            Virtual Size: '0xed4'
+        .data:
+            Entropy: 2.8516013173925066
+            Virtual Size: '0x1264'
+        PAGE:
+            Entropy: 5.795549160299263
+            Virtual Size: '0x266'
+        INIT:
+            Entropy: 5.429489696991249
+            Virtual Size: '0x538'
+        .rsrc:
+            Entropy: 3.3459452702797696
+            Virtual Size: '0x430'
+        .reloc:
+            Entropy: 5.93822728458253
+            Virtual Size: '0x464'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2026-04-13 10:00:00'
+            Signature: 1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 751e3ee9c5dc2f3e8f04e59dee5ed409
+            Version: 3
+            TBS:
+                MD5: a637f8f3c278575f41cda67c2063c050
+                SHA1: debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
+                SHA256: f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
+                SHA384: 8d32c5f71dc656c96a04609c17e9d8dc95c4f56d1a55165a265e244d34a3f7708e6c7d942376e4fbb3d2ac2f2609fd47
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 3b49942ec6cef1898e97f741b2b5df8a
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 877f0b3e3854d66aa97efc41d0527fbf
+        SHA1: 769cc9a5a5a768503df511c80bb60bf04e3e8df8
+        SHA256: dca34739f3935caed2af248206452e7ba1fdf394c901e74729b5a96884dc6228
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2017 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2018-08-16 16:46:18'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.1.1.0
+    Filename: ''
+    ImportedFunctions:
+    - KeBugCheck
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsProcessType
+    - PsGetProcessImageFileName
+    - PsLookupProcessByProcessId
+    - PsReferencePrimaryToken
+    - ZwOpenProcessTokenEx
+    - IoGetCurrentProcess
+    - ZwSetInformationProcess
+    - ZwClose
+    - ZwDuplicateToken
+    - PsInitialSystemProcess
+    - _vsnwprintf
+    - ObfDereferenceObject
+    - ObOpenObjectByPointer
+    - PsGetProcessId
+    - PsDereferencePrimaryToken
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - IoFreeMdl
+    - MmProbeAndLockPages
+    - MmUnlockPages
+    - IoAllocateMdl
+    - ZwUnloadKey
+    - IoEnumerateRegisteredFiltersList
+    - KeBugCheckEx
+    - MmGetSystemRoutineAddress
+    - IoDeleteDevice
+    - RtlInitUnicodeString
+    - NtBuildNumber
+    - RtlCompareMemory
+    - IoDeleteSymbolicLink
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwindEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltEnumerateFilters
+    - FltObjectDereference
+    - FltGetVolumeFromInstance
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: 68caf620ef8deaf06819cf8c80d3367b
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.1.1.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: d45d2640e1584c776a1d10e5f695d7ad
+        SHA1: fef88c261764494d9a145b37b7739f3454786729
+        SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
+    SHA1: 86f34eaea117f629297218a4d196b5729e72d7b9
+    SHA256: 02ebf848fa618eba27065db366b15ee6629d98f551d20612ac38b9f655f37715
+    Sections:
+        .text:
+            Entropy: 6.1419629238500235
+            Virtual Size: '0x31fc'
+        .rdata:
+            Entropy: 3.849487307928408
+            Virtual Size: '0x13d0'
+        .data:
+            Entropy: 2.2863945965626136
+            Virtual Size: '0x1614'
+        .pdata:
+            Entropy: 4.052479770333054
+            Virtual Size: '0x1b0'
+        PAGE:
+            Entropy: 6.093773811863592
+            Virtual Size: '0x28b'
+        INIT:
+            Entropy: 5.119968261124173
+            Virtual Size: '0x5e6'
+        .rsrc:
+            Entropy: 3.3614073432360265
+            Virtual Size: '0x438'
+        .reloc:
+            Entropy: 4.830405545722778
+            Virtual Size: '0x210'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 059c6bd84285f4960e767f032b33f19b
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 67eeaf7f745b43a4c207c49cd585dd8a
+        SHA1: 1e528afea49197c1d9e67aa6fa08e99b675162e4
+        SHA256: 5b5590995c6bcd39884dceda1e87e8516a3767bce00519ce140a46f1a77666ff
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2020 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2020-08-04 17:23:33'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.2.0.0
+    Filename: ''
+    ImportedFunctions:
+    - KeBugCheck
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsProcessType
+    - PsGetProcessImageFileName
+    - PsLookupProcessByProcessId
+    - PsReferencePrimaryToken
+    - ZwOpenProcessTokenEx
+    - IoGetCurrentProcess
+    - ZwSetInformationProcess
+    - ZwClose
+    - ZwDuplicateToken
+    - PsInitialSystemProcess
+    - _vsnwprintf
+    - ObfDereferenceObject
+    - ObOpenObjectByPointer
+    - PsGetProcessId
+    - PsDereferencePrimaryToken
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - IoFreeMdl
+    - MmProbeAndLockPages
+    - MmUnlockPages
+    - IoAllocateMdl
+    - ZwUnloadKey
+    - IoEnumerateRegisteredFiltersList
+    - KeBugCheckEx
+    - MmGetSystemRoutineAddress
+    - IoDeleteDevice
+    - RtlInitUnicodeString
+    - NtBuildNumber
+    - RtlCompareMemory
+    - IoDeleteSymbolicLink
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwindEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltEnumerateFilters
+    - FltObjectDereference
+    - FltGetVolumeFromInstance
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: d075d56dfce6b9b13484152b1ef40f93
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.2.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: d45d2640e1584c776a1d10e5f695d7ad
+        SHA1: fef88c261764494d9a145b37b7739f3454786729
+        SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
+    SHA1: 50c6b3cafc35462009d02c10f2e79373936dd7bb
+    SHA256: 19dfacea1b9f19c0379f89b2424ceb028f2ce59b0db991ba83ae460027584987
+    Sections:
+        .text:
+            Entropy: 6.133976095876382
+            Virtual Size: '0x329c'
+        .rdata:
+            Entropy: 3.837237859626634
+            Virtual Size: '0x1490'
+        .data:
+            Entropy: 2.1710929957450715
+            Virtual Size: '0x1c54'
+        .pdata:
+            Entropy: 3.9857737110778095
+            Virtual Size: '0x1b0'
+        PAGE:
+            Entropy: 6.058535435224619
+            Virtual Size: '0x28b'
+        INIT:
+            Entropy: 5.119968261124173
+            Virtual Size: '0x5e6'
+        .rsrc:
+            Entropy: 3.3478109419215607
+            Virtual Size: '0x430'
+        .reloc:
+            Entropy: 5.011052354824561
+            Virtual Size: '0x288'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2026-04-13 10:00:00'
+            Signature: 1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 751e3ee9c5dc2f3e8f04e59dee5ed409
+            Version: 3
+            TBS:
+                MD5: a637f8f3c278575f41cda67c2063c050
+                SHA1: debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
+                SHA256: f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
+                SHA384: 8d32c5f71dc656c96a04609c17e9d8dc95c4f56d1a55165a265e244d34a3f7708e6c7d942376e4fbb3d2ac2f2609fd47
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 059c6bd84285f4960e767f032b33f19b
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 3d94608c59c92218809dd4fcb7ccb9c5
+        SHA1: 39488246d1782664bedc39c53cdc14d804af542f
+        SHA256: fa659944a59430edc6162b285d0fa7b6fbfd28b9057f7286eee127888431844e
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2020 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2021-06-22 14:01:04'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.2.0.0
+    Filename: ''
+    ImportedFunctions:
+    - KeBugCheck
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsProcessType
+    - PsGetProcessImageFileName
+    - PsLookupProcessByProcessId
+    - PsReferencePrimaryToken
+    - ZwOpenProcessTokenEx
+    - IoGetCurrentProcess
+    - ZwSetInformationProcess
+    - ZwClose
+    - ZwDuplicateToken
+    - PsInitialSystemProcess
+    - _vsnwprintf
+    - ObfDereferenceObject
+    - ObOpenObjectByPointer
+    - PsGetProcessId
+    - PsDereferencePrimaryToken
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - IoFreeMdl
+    - MmProbeAndLockPages
+    - MmUnlockPages
+    - IoAllocateMdl
+    - ZwUnloadKey
+    - IoEnumerateRegisteredFiltersList
+    - KeBugCheckEx
+    - MmGetSystemRoutineAddress
+    - IoDeleteDevice
+    - RtlInitUnicodeString
+    - NtBuildNumber
+    - RtlCompareMemory
+    - IoDeleteSymbolicLink
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwindEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltEnumerateFilters
+    - FltObjectDereference
+    - FltGetVolumeFromInstance
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: e39152eadd76751b1d7485231b280948
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.2.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: d45d2640e1584c776a1d10e5f695d7ad
+        SHA1: fef88c261764494d9a145b37b7739f3454786729
+        SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
+    SHA1: 635a39ff5066e1ac7c1c5995d476d8c233966dda
+    SHA256: 4b97d63ebdeda6941bb8cef5e94741c6cca75237ca830561f2262034805f0919
+    Sections:
+        .text:
+            Entropy: 6.133976095876382
+            Virtual Size: '0x329c'
+        .rdata:
+            Entropy: 3.8370535650030457
+            Virtual Size: '0x1490'
+        .data:
+            Entropy: 2.1710929957450715
+            Virtual Size: '0x1c54'
+        .pdata:
+            Entropy: 3.9857737110778095
+            Virtual Size: '0x1b0'
+        PAGE:
+            Entropy: 6.058535435224619
+            Virtual Size: '0x28b'
+        INIT:
+            Entropy: 5.119968261124173
+            Virtual Size: '0x5e6'
+        .rsrc:
+            Entropy: 3.3478109419215607
+            Virtual Size: '0x430'
+        .reloc:
+            Entropy: 5.011052354824561
+            Virtual Size: '0x288'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2026-04-13 10:00:00'
+            Signature: 1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 751e3ee9c5dc2f3e8f04e59dee5ed409
+            Version: 3
+            TBS:
+                MD5: a637f8f3c278575f41cda67c2063c050
+                SHA1: debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
+                SHA256: f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
+                SHA384: 8d32c5f71dc656c96a04609c17e9d8dc95c4f56d1a55165a265e244d34a3f7708e6c7d942376e4fbb3d2ac2f2609fd47
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 059c6bd84285f4960e767f032b33f19b
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 822724c9a809efe8252bbe30dc35f876
+        SHA1: 59cccb4cf97b598b6b1ffd31e7021b5b7341e651
+        SHA256: 46aac78f7cd865d27189c8308841f12a5512e657be0dd6e8b178aac5223889fe
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2020 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2020-03-08 11:30:31'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.2.0.0
+    Filename: ''
+    ImportedFunctions:
+    - KeBugCheck
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsProcessType
+    - PsGetProcessImageFileName
+    - PsLookupProcessByProcessId
+    - PsReferencePrimaryToken
+    - ZwOpenProcessTokenEx
+    - IoGetCurrentProcess
+    - ZwSetInformationProcess
+    - ZwClose
+    - ZwDuplicateToken
+    - PsInitialSystemProcess
+    - _vsnwprintf
+    - ObfDereferenceObject
+    - ObOpenObjectByPointer
+    - PsGetProcessId
+    - PsDereferencePrimaryToken
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - IoFreeMdl
+    - MmProbeAndLockPages
+    - MmUnlockPages
+    - IoAllocateMdl
+    - ZwUnloadKey
+    - IoEnumerateRegisteredFiltersList
+    - KeBugCheckEx
+    - MmGetSystemRoutineAddress
+    - IoDeleteDevice
+    - RtlInitUnicodeString
+    - NtBuildNumber
+    - RtlCompareMemory
+    - IoDeleteSymbolicLink
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwindEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltEnumerateFilters
+    - FltObjectDereference
+    - FltGetVolumeFromInstance
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: 2bb353891d65c9e267eb98a3a2b694c3
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.2.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: d45d2640e1584c776a1d10e5f695d7ad
+        SHA1: fef88c261764494d9a145b37b7739f3454786729
+        SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
+    SHA1: b2fb5036b29b12bcec04c3152b65b67ca14d61f2
+    SHA256: 95e5b5500e63c31c6561161a82f7f9373f99b5b1f54b018c4866df4f2a879167
+    Sections:
+        .text:
+            Entropy: 6.135433819899731
+            Virtual Size: '0x325c'
+        .rdata:
+            Entropy: 3.835892429826315
+            Virtual Size: '0x1450'
+        .data:
+            Entropy: 2.2159905775744044
+            Virtual Size: '0x1934'
+        .pdata:
+            Entropy: 4.038755197475624
+            Virtual Size: '0x1b0'
+        PAGE:
+            Entropy: 6.068036657482388
+            Virtual Size: '0x28b'
+        INIT:
+            Entropy: 5.119968261124173
+            Virtual Size: '0x5e6'
+        .rsrc:
+            Entropy: 3.3478109419215607
+            Virtual Size: '0x430'
+        .reloc:
+            Entropy: 4.901711830072888
+            Virtual Size: '0x24c'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2026-04-13 10:00:00'
+            Signature: 1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 751e3ee9c5dc2f3e8f04e59dee5ed409
+            Version: 3
+            TBS:
+                MD5: a637f8f3c278575f41cda67c2063c050
+                SHA1: debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
+                SHA256: f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
+                SHA384: 8d32c5f71dc656c96a04609c17e9d8dc95c4f56d1a55165a265e244d34a3f7708e6c7d942376e4fbb3d2ac2f2609fd47
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 059c6bd84285f4960e767f032b33f19b
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 4f83f4106a064454d042be3acdf51433
+        SHA1: 00389c07e9cc727910552e0e5d7a36b571587039
+        SHA256: 89e579ccbbd834bdd1d5b394843b6110813849000d9116489f14c146cbe66811
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2017 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2017-03-17 20:18:10'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.1.0.0
+    Filename: ''
+    ImportedFunctions:
+    - KeBugCheck
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsProcessType
+    - PsGetProcessImageFileName
+    - PsLookupProcessByProcessId
+    - PsReferencePrimaryToken
+    - ZwOpenProcessTokenEx
+    - IoGetCurrentProcess
+    - ZwSetInformationProcess
+    - ZwClose
+    - ZwDuplicateToken
+    - PsInitialSystemProcess
+    - _vsnwprintf
+    - ObfDereferenceObject
+    - ObOpenObjectByPointer
+    - PsGetProcessId
+    - PsDereferencePrimaryToken
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - IoFreeMdl
+    - MmProbeAndLockPages
+    - MmUnlockPages
+    - IoAllocateMdl
+    - ZwUnloadKey
+    - IoEnumerateRegisteredFiltersList
+    - KeBugCheckEx
+    - MmGetSystemRoutineAddress
+    - IoDeleteDevice
+    - RtlInitUnicodeString
+    - NtBuildNumber
+    - RtlCompareMemory
+    - IoDeleteSymbolicLink
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwindEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltEnumerateFilters
+    - FltObjectDereference
+    - FltGetVolumeFromInstance
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: d70a80fc73dd43469934a7b1cc623c76
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.1.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: d45d2640e1584c776a1d10e5f695d7ad
+        SHA1: fef88c261764494d9a145b37b7739f3454786729
+        SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
+    SHA1: bb6ef5518df35d9508673d5011138add8c30fc27
+    SHA256: d50cb5f4b28c6c26f17b9d44211e515c3c0cc2c0c4bf24cd8f9ed073238053ad
+    Sections:
+        .text:
+            Entropy: 6.14362601153889
+            Virtual Size: '0x318c'
+        .rdata:
+            Entropy: 3.8596128120865294
+            Virtual Size: '0x1300'
+        .data:
+            Entropy: 2.3976266531821224
+            Virtual Size: '0x1144'
+        .pdata:
+            Entropy: 4.043975650731326
+            Virtual Size: '0x1b0'
+        PAGE:
+            Entropy: 6.070426661582891
+            Virtual Size: '0x28b'
+        INIT:
+            Entropy: 5.119968261124173
+            Virtual Size: '0x5e6'
+        .rsrc:
+            Entropy: 3.370803361398665
+            Virtual Size: '0x440'
+        .reloc:
+            Entropy: 4.657997051970539
+            Virtual Size: '0x1b6'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 059c6bd84285f4960e767f032b33f19b
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: d19da93a227f29c779c50c8a381b0fa6
+        SHA1: aae9989c7e466cfa4e1c33f8e7c5937554ba9aa0
+        SHA256: b29cf0840f2efe394091e07e6701c44916a9e3dafdef6952c1d28fbeb4649df3
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2020 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2021-05-18 09:06:19'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.2.0.0
+    Filename: ''
+    ImportedFunctions:
+    - NtBuildNumber
+    - IofCompleteRequest
+    - KeBugCheck
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsInitialSystemProcess
+    - ObfDereferenceObject
+    - PsLookupProcessByProcessId
+    - PsGetProcessImageFileName
+    - PsGetProcessId
+    - ZwClose
+    - ZwSetInformationProcess
+    - ZwDuplicateToken
+    - ObOpenObjectByPointer
+    - PsProcessType
+    - RtlInitUnicodeString
+    - PsReferencePrimaryToken
+    - IoGetCurrentProcess
+    - RtlCompareMemory
+    - ZwOpenProcessTokenEx
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - IoFreeMdl
+    - MmUnlockPages
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - memcpy
+    - KeServiceDescriptorTable
+    - IoEnumerateRegisteredFiltersList
+    - KeTickCount
+    - MmGetSystemRoutineAddress
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - memset
+    - PsDereferencePrimaryToken
+    - _vsnwprintf
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwind
+    - KeBugCheckEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltGetVolumeFromInstance
+    - FltObjectDereference
+    - FltEnumerateFilters
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: b52f51bbe6b49d0b475d943c29c4d4cb
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.2.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: c4873a245675b1071413f34af4d80050
+        SHA1: dd32c95fe9c3a8bcfa7623a732f2492214ff5881
+        SHA256: 2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
+    SHA1: 4f7989ad92b8c47c004d3731b7602ce0934d7a23
+    SHA256: ee525b90053bb30908b5d7bf4c5e9b8b9d6b7b5c9091a26fa25d30d3ad8ef5d0
+    Sections:
+        .text:
+            Entropy: 6.2064317372812985
+            Virtual Size: '0x2404'
+        .rdata:
+            Entropy: 3.541950216530622
+            Virtual Size: '0xff4'
+        .data:
+            Entropy: 2.813191841547333
+            Virtual Size: '0x14dc'
+        PAGE:
+            Entropy: 5.804360087879422
+            Virtual Size: '0x266'
+        INIT:
+            Entropy: 5.4281677070245955
+            Virtual Size: '0x538'
+        .rsrc:
+            Entropy: 3.3459452702797696
+            Virtual Size: '0x430'
+        .reloc:
+            Entropy: 6.0011548156682
+            Virtual Size: '0x4a0'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2026-04-13 10:00:00'
+            Signature: 1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 751e3ee9c5dc2f3e8f04e59dee5ed409
+            Version: 3
+            TBS:
+                MD5: a637f8f3c278575f41cda67c2063c050
+                SHA1: debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
+                SHA256: f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
+                SHA384: 8d32c5f71dc656c96a04609c17e9d8dc95c4f56d1a55165a265e244d34a3f7708e6c7d942376e4fbb3d2ac2f2609fd47
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 3b49942ec6cef1898e97f741b2b5df8a
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 139811484a728ff40094e2671eade0d5
+        SHA1: a4539444af2f2a478a88ddf57d88f46d7ea0100c
+        SHA256: fcad50a13dcf1eeefffe2c2f51a052fd13bfaeddb0bd1f3c2353c64284ea62e2
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2017 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2017-07-31 20:46:04'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.1.0.0
+    Filename: ''
+    ImportedFunctions:
+    - NtBuildNumber
+    - IofCompleteRequest
+    - KeBugCheck
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsInitialSystemProcess
+    - ObfDereferenceObject
+    - PsLookupProcessByProcessId
+    - PsGetProcessImageFileName
+    - PsGetProcessId
+    - ZwClose
+    - ZwSetInformationProcess
+    - ZwDuplicateToken
+    - ObOpenObjectByPointer
+    - PsProcessType
+    - RtlInitUnicodeString
+    - PsReferencePrimaryToken
+    - IoGetCurrentProcess
+    - RtlCompareMemory
+    - ZwOpenProcessTokenEx
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - IoFreeMdl
+    - MmUnlockPages
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - memcpy
+    - KeServiceDescriptorTable
+    - IoEnumerateRegisteredFiltersList
+    - KeTickCount
+    - MmGetSystemRoutineAddress
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - memset
+    - PsDereferencePrimaryToken
+    - _vsnwprintf
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwind
+    - KeBugCheckEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltGetVolumeFromInstance
+    - FltObjectDereference
+    - FltEnumerateFilters
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: 920df6e42cf91bbe19707f5a86e3c5c5
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.1.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: c4873a245675b1071413f34af4d80050
+        SHA1: dd32c95fe9c3a8bcfa7623a732f2492214ff5881
+        SHA256: 2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
+    SHA1: a2fe7de67b3f7d4b1def88ce4ba080f473c0fbc6
+    SHA256: 4999541c47abd4a7f2a002c180ae8d31c19804ce538b85870b8db53d3652862b
+    Sections:
+        .text:
+            Entropy: 6.199736289697868
+            Virtual Size: '0x236e'
+        .rdata:
+            Entropy: 3.556162829858078
+            Virtual Size: '0xde4'
+        .data:
+            Entropy: 2.962098389788266
+            Virtual Size: '0xeb0'
+        PAGE:
+            Entropy: 5.795507089372613
+            Virtual Size: '0x266'
+        INIT:
+            Entropy: 5.324875365502854
+            Virtual Size: '0x538'
+        .rsrc:
+            Entropy: 3.3682712956797647
+            Virtual Size: '0x440'
+        .reloc:
+            Entropy: 5.952195564032691
+            Virtual Size: '0x3fe'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 3b49942ec6cef1898e97f741b2b5df8a
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 8161ee04d917caa1c90ac5e9721b0e94
+        SHA1: 97f35c9c492b84f5e5819d63442af76522c83581
+        SHA256: d172d95afc72a8a4a6362175bd68b5f4405f166fff94464d845213af586fe8bd
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2016 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2016-10-29 13:27:37'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.1.0.0
+    Filename: ''
+    ImportedFunctions:
+    - KeBugCheck
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsProcessType
+    - PsGetProcessImageFileName
+    - PsLookupProcessByProcessId
+    - PsReferencePrimaryToken
+    - ZwOpenProcessTokenEx
+    - IoGetCurrentProcess
+    - ZwSetInformationProcess
+    - ZwClose
+    - ZwDuplicateToken
+    - PsInitialSystemProcess
+    - _vsnwprintf
+    - ObfDereferenceObject
+    - ObOpenObjectByPointer
+    - PsGetProcessId
+    - PsDereferencePrimaryToken
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - IoFreeMdl
+    - MmProbeAndLockPages
+    - MmUnlockPages
+    - IoAllocateMdl
+    - ZwUnloadKey
+    - IoEnumerateRegisteredFiltersList
+    - KeBugCheckEx
+    - MmGetSystemRoutineAddress
+    - IoDeleteDevice
+    - RtlInitUnicodeString
+    - NtBuildNumber
+    - RtlCompareMemory
+    - IoDeleteSymbolicLink
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwindEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltEnumerateFilters
+    - FltObjectDereference
+    - FltGetVolumeFromInstance
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: db86dfd7aefbb5be6728a63461b0f5f3
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.1.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: d45d2640e1584c776a1d10e5f695d7ad
+        SHA1: fef88c261764494d9a145b37b7739f3454786729
+        SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
+    SHA1: de9469a5d01fb84afd41d176f363a66e410d46da
+    SHA256: 3b2cd65a4fbdd784a6466e5196bc614c17d1dbaed3fd991d242e3be3e9249da6
+    Sections:
+        .text:
+            Entropy: 6.14362601153889
+            Virtual Size: '0x318c'
+        .rdata:
+            Entropy: 3.856956676502729
+            Virtual Size: '0x1300'
+        .data:
+            Entropy: 2.3976266531821224
+            Virtual Size: '0x1144'
+        .pdata:
+            Entropy: 4.043975650731326
+            Virtual Size: '0x1b0'
+        PAGE:
+            Entropy: 6.070426661582891
+            Virtual Size: '0x28b'
+        INIT:
+            Entropy: 5.119968261124173
+            Virtual Size: '0x5e6'
+        .rsrc:
+            Entropy: 3.370803361398665
+            Virtual Size: '0x440'
+        .reloc:
+            Entropy: 4.657997051970539
+            Virtual Size: '0x1b6'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 059c6bd84285f4960e767f032b33f19b
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: f7d4bed422d5211ebf2a51e330f0910b
+        SHA1: 8c7217435c8c3ca65c2fc2a17788e40de9ecb248
+        SHA256: 07f962d8b90f359cf12faa55772d0ef05237ac2fbb2ff7d5cff700df93643e65
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2017 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2018-06-16 10:49:00'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.1.1.0
+    Filename: ''
+    ImportedFunctions:
+    - KeBugCheck
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsProcessType
+    - PsGetProcessImageFileName
+    - PsLookupProcessByProcessId
+    - PsReferencePrimaryToken
+    - ZwOpenProcessTokenEx
+    - IoGetCurrentProcess
+    - ZwSetInformationProcess
+    - ZwClose
+    - ZwDuplicateToken
+    - PsInitialSystemProcess
+    - _vsnwprintf
+    - ObfDereferenceObject
+    - ObOpenObjectByPointer
+    - PsGetProcessId
+    - PsDereferencePrimaryToken
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - IoFreeMdl
+    - MmProbeAndLockPages
+    - MmUnlockPages
+    - IoAllocateMdl
+    - ZwUnloadKey
+    - IoEnumerateRegisteredFiltersList
+    - KeBugCheckEx
+    - MmGetSystemRoutineAddress
+    - IoDeleteDevice
+    - RtlInitUnicodeString
+    - NtBuildNumber
+    - RtlCompareMemory
+    - IoDeleteSymbolicLink
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwindEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltEnumerateFilters
+    - FltObjectDereference
+    - FltGetVolumeFromInstance
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: 5be61a24f50eb4c94d98b8a82ef58dcf
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.1.1.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: d45d2640e1584c776a1d10e5f695d7ad
+        SHA1: fef88c261764494d9a145b37b7739f3454786729
+        SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
+    SHA1: a5914161f8a885702427cf75443fb08d28d904f0
+    SHA256: aafa642ca3d906138150059eeddb6f6b4fe9ad90c6174386cfe13a13e8be47d9
+    Sections:
+        .text:
+            Entropy: 6.1419629238500235
+            Virtual Size: '0x31fc'
+        .rdata:
+            Entropy: 3.850555269068008
+            Virtual Size: '0x13d0'
+        .data:
+            Entropy: 2.2863945965626136
+            Virtual Size: '0x1614'
+        .pdata:
+            Entropy: 4.052479770333054
+            Virtual Size: '0x1b0'
+        PAGE:
+            Entropy: 6.093773811863592
+            Virtual Size: '0x28b'
+        INIT:
+            Entropy: 5.119968261124173
+            Virtual Size: '0x5e6'
+        .rsrc:
+            Entropy: 3.3614073432360265
+            Virtual Size: '0x438'
+        .reloc:
+            Entropy: 4.830405545722778
+            Virtual Size: '0x210'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority,
+                CN=Certum Code Signing CA SHA2
+            ValidFrom: '2015-10-29 11:30:29'
+            ValidTo: '2027-06-09 11:30:29'
+            Signature: aae53f7654024c700e29a93996060f31b70bf1a68b52fb108f4f425b8cbd312301669de829a14dc350faf7f8450e1d82d7fcfea6320473fd71eccc880fa39208c5815802fd0b693bcdb83f493dd08d1c1314682e9b0d9aadb019e29ed27c3977886f23fd7b84fc446db5ba6b7092556c94b1d837fda9591db463b2dc13cd788e2535c19a8f37842ed445cce3f5cc8d73a8e33a6de7959470579150b66def73724f2f028760e2ea22a1ed3efdd18b668d2e726d4fc65d35ee93a898d2676ae9da19cd0283f974fc5f7a1804281edd22333b766c47055dd552fe0eba76f38310c76e305fa760c7fa7427319b2883ed218a1bf1235284ed95bcad3aa5a342019dbc
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 6b326a0f0328d37a1d530bfd23bd48e2
+            Version: 3
+            TBS:
+                MD5: e556c75dbca00e43684d23c11c032d4a
+                SHA1: 50925e36ffd52e5b4d32689e9007b14a3a417168
+                SHA256: f7b6eeb3a567223000a61f68c53b458193557c17e5d512d2825bcb13e5fc9be5
+                SHA384: 57f1cdd3afe0bd7859ab450dbdf6e21a55cf5ba0dda62b9b3c12f2d885d98413ce6817243f6bb83cd77276643369ecbf
+        -   Subject: C=FR, O=Open Source Developer, ST=Ile de France, CN=Open Source
+                Developer, Benjamin Delpy, emailAddress=benjamin@gentilkiwi.com
+            ValidFrom: '2017-12-04 09:50:34'
+            ValidTo: '2018-12-04 09:50:34'
+            Signature: a671cf049079a759f4c1fa73dd7f3b3b84da6480a91a3c1a9d6d3bb1313d6714d14272b477c37a86b88a686344dcfd89c8af3a34deaaa5bab970adfa66c5ff206b22ef1954ccbf6b96fdf0f99e9066557fefbb5ddc55aa2a2891181d1a27b06acb79380b618344bd202361fb0399a7e6e6ccbcfa714265fa054e373261efaf6b74bc7e4c7994bcb832d61b3c573d2ec8c3926afb60d4b63428112dd6249c2a49cfded8fa33893fb2d452b135ad57be1ff7956825861e1fd53dfbc0cef82045fd699ebeb74230abfbac20467f087f6e7e2b19f0f961ea2f015c2e54e653507f9966193658afc237778e12001f05e1c6e0ec13d9574718593a2f2484cff950e019
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 1519af351702ab2d86968d0be928f529
+            Version: 3
+            TBS:
+                MD5: 7227ed4392de49333e052f8f17c41f69
+                SHA1: e019d8060f65cc923dab50ea282fb8895c1c75f9
+                SHA256: eee437f4170a21f7de0e590620ff2a9412f89af95e87589d0e5a1cca17f61825
+                SHA384: a5f32361dfa3828aebf139cb1017bba83111e1ce2c5dbd126751a1e7d8f19f3fb838926fc118e423fbe07187e84efc2b
+        -   Subject: C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority,
+                CN=Certum Trusted Network CA
+            ValidFrom: '2011-04-15 20:15:34'
+            ValidTo: '2021-04-15 20:25:34'
+            Signature: 419f12160eedee2491fe5d5f10a097a8749e0dccf3115163122a5bb95dc7afac5aa25c0002cb728e0d9225b6522653be3c77a2c28c8089d84118571ab8d05057c328e7fad044804e7e8933286f3a47ef5e231ef27afe3a2a19dead6b1a2847786e9bbfeb7367589a2719d8eb5c3d085860629d5914cf9e76b3cfd962af7b72ac80f9e015ab9c7a5c4b1c7083db7094117bd22a4c7734dc36cccd46d40b198c09f6610ade481c9b3fff0b43d7f1018061abda70cfa78444acb31cce2630f5ca5f696735836ea3888c0fb8939bd65b0615e64b7db950ab09e07b2beb4c1a6bba1cca791bc59f81bde443f02de195d5a166076ce6e5456e060bdbf5bc4395b88aa50555e59668ac1d31db3804bc1c3db61975d1b5802a821e385c4676256c4d8b7483544375e77bb395bfee13609e0ecdfbcaf73a2a52a0a625497a17193ae8941f2c8204035ea9513cef526f7b43ceda2b81b47fda1a2c6265d1ec2837823014319d15bdffacc88b256e41bd1f23741be3fcf94be2eb46e68151530ec94a84788deca8b80f8d4c7fe0f6b0d2c538b24f82c410fe87b88ec6b6b0f87c12a7b4834dfc1e8b6a5bf9d564793ed1e37e1af6c81e59db4dca605c577ea25877ecfa05260032a7f6ff134e98d86f5b434cb336e425bcd93b9f38e00ee9be81e6c91f0f022f8d3a1288a88e1bb1e776913e18de361228fef766557c5bd464487452c32189
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 613bc791000000000034
+            Version: 3
+            TBS:
+                MD5: f5f0d604dd56b0446f98fb67e98a76f8
+                SHA1: c749c146cc00030ff36ecf9b698e6a377bc15605
+                SHA256: df5dacc623d44348fff0bc8ebe2cedc8ba212e33c6f10d7fd608f37f92a2c273
+                SHA384: c394dc13768746f008b4ffa082d6e8a2e55a83052d63e3c0a8f2fcfc30dcd51849afd21b0adf86bc50490629a89da09b
+        Signer:
+        -   SerialNumber: 1519af351702ab2d86968d0be928f529
+            Issuer: C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority,
+                CN=Certum Code Signing CA SHA2
+            Version: 1
+    Imphash: 059c6bd84285f4960e767f032b33f19b
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: ea59bf845819844f1e170473b1fcc657
+        SHA1: fee88f233e0d57a61531ccc8d39bf68ff4cc1ccf
+        SHA256: 683936955d7e3281573fcbaa149fc384a06dc4a12cd67ce601aba2f1a32b19c3
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2017 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2017-03-27 19:18:03'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.1.0.0
+    Filename: ''
+    ImportedFunctions:
+    - NtBuildNumber
+    - IofCompleteRequest
+    - KeBugCheck
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsInitialSystemProcess
+    - ObfDereferenceObject
+    - PsLookupProcessByProcessId
+    - PsGetProcessImageFileName
+    - PsGetProcessId
+    - ZwClose
+    - ZwSetInformationProcess
+    - ZwDuplicateToken
+    - ObOpenObjectByPointer
+    - PsProcessType
+    - RtlInitUnicodeString
+    - PsReferencePrimaryToken
+    - IoGetCurrentProcess
+    - RtlCompareMemory
+    - ZwOpenProcessTokenEx
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - IoFreeMdl
+    - MmUnlockPages
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - memcpy
+    - KeServiceDescriptorTable
+    - IoEnumerateRegisteredFiltersList
+    - KeTickCount
+    - MmGetSystemRoutineAddress
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - memset
+    - PsDereferencePrimaryToken
+    - _vsnwprintf
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwind
+    - KeBugCheckEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltGetVolumeFromInstance
+    - FltObjectDereference
+    - FltEnumerateFilters
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: 2730cc25ad385acc7213a1261b21c12d
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.1.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: c4873a245675b1071413f34af4d80050
+        SHA1: dd32c95fe9c3a8bcfa7623a732f2492214ff5881
+        SHA256: 2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
+    SHA1: 9648ad90ec683c63cc02a99111a002f9b00478d1
+    SHA256: 82b7fa34ad07dbf9afa63b2f6ed37973a1b4fe35dee90b3cf5c788c15c9f08f7
+    Sections:
+        .text:
+            Entropy: 6.189266621409851
+            Virtual Size: '0x235e'
+        .rdata:
+            Entropy: 3.5636140256812445
+            Virtual Size: '0xdc4'
+        .data:
+            Entropy: 2.9710357364934694
+            Virtual Size: '0xd68'
+        PAGE:
+            Entropy: 5.8055474754253495
+            Virtual Size: '0x266'
+        INIT:
+            Entropy: 5.325440401058366
+            Virtual Size: '0x538'
+        .rsrc:
+            Entropy: 3.3682712956797647
+            Virtual Size: '0x440'
+        .reloc:
+            Entropy: 5.910661392306955
+            Virtual Size: '0x3e0'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 3b49942ec6cef1898e97f741b2b5df8a
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: c5eb3885068942d541e5373728f92461
+        SHA1: 3ce1d1098eb5147ef224357eb9c40d1cdfd04ea8
+        SHA256: 01096e6d09cad1af557561f678e70434355a4d07a94ba97774957c16e87bab6a
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2017 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2017-03-12 05:47:24'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.1.0.0
+    Filename: ''
+    ImportedFunctions:
+    - NtBuildNumber
+    - IofCompleteRequest
+    - KeBugCheck
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsInitialSystemProcess
+    - ObfDereferenceObject
+    - PsLookupProcessByProcessId
+    - PsGetProcessImageFileName
+    - PsGetProcessId
+    - ZwClose
+    - ZwSetInformationProcess
+    - ZwDuplicateToken
+    - ObOpenObjectByPointer
+    - PsProcessType
+    - RtlInitUnicodeString
+    - PsReferencePrimaryToken
+    - IoGetCurrentProcess
+    - RtlCompareMemory
+    - ZwOpenProcessTokenEx
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - IoFreeMdl
+    - MmUnlockPages
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - memcpy
+    - KeServiceDescriptorTable
+    - IoEnumerateRegisteredFiltersList
+    - KeTickCount
+    - MmGetSystemRoutineAddress
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - memset
+    - PsDereferencePrimaryToken
+    - _vsnwprintf
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwind
+    - KeBugCheckEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltGetVolumeFromInstance
+    - FltObjectDereference
+    - FltEnumerateFilters
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: 44857ca402a15ab51dc5afe47abdfa44
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.1.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: c4873a245675b1071413f34af4d80050
+        SHA1: dd32c95fe9c3a8bcfa7623a732f2492214ff5881
+        SHA256: 2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
+    SHA1: c75e8fceed74a4024d38ca7002d42e1ecf982462
+    SHA256: 4bca0a401b364a5cc1581a184116c5bafa224e13782df13272bc1b748173d1be
+    Sections:
+        .text:
+            Entropy: 6.189266621409851
+            Virtual Size: '0x235e'
+        .rdata:
+            Entropy: 3.5648882661821992
+            Virtual Size: '0xdc4'
+        .data:
+            Entropy: 2.9710357364934694
+            Virtual Size: '0xd68'
+        PAGE:
+            Entropy: 5.8055474754253495
+            Virtual Size: '0x266'
+        INIT:
+            Entropy: 5.325440401058366
+            Virtual Size: '0x538'
+        .rsrc:
+            Entropy: 3.3682712956797647
+            Virtual Size: '0x440'
+        .reloc:
+            Entropy: 5.910661392306955
+            Virtual Size: '0x3e0'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 3b49942ec6cef1898e97f741b2b5df8a
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 9ee33a7eee222c3d253561ab621ed335
+        SHA1: 23f0282fa5e45febc717ea79e394d47a0328d4ee
+        SHA256: 234664ae69df63d55c1477f3adc33ffdb130fc939c55c16e73e3339a133bcfa3
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2016 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2016-10-24 18:25:21'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.1.0.0
+    Filename: ''
+    ImportedFunctions:
+    - KeBugCheck
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsProcessType
+    - PsGetProcessImageFileName
+    - PsLookupProcessByProcessId
+    - PsReferencePrimaryToken
+    - ZwOpenProcessTokenEx
+    - IoGetCurrentProcess
+    - ZwSetInformationProcess
+    - ZwClose
+    - ZwDuplicateToken
+    - PsInitialSystemProcess
+    - _vsnwprintf
+    - ObfDereferenceObject
+    - ObOpenObjectByPointer
+    - PsGetProcessId
+    - PsDereferencePrimaryToken
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - IoFreeMdl
+    - MmProbeAndLockPages
+    - MmUnlockPages
+    - IoAllocateMdl
+    - ZwUnloadKey
+    - IoEnumerateRegisteredFiltersList
+    - KeBugCheckEx
+    - MmGetSystemRoutineAddress
+    - IoDeleteDevice
+    - RtlInitUnicodeString
+    - NtBuildNumber
+    - RtlCompareMemory
+    - IoDeleteSymbolicLink
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwindEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltEnumerateFilters
+    - FltObjectDereference
+    - FltGetVolumeFromInstance
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: 13a57a4ef721440c7c9208b51f7c05de
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.1.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: d45d2640e1584c776a1d10e5f695d7ad
+        SHA1: fef88c261764494d9a145b37b7739f3454786729
+        SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
+    SHA1: 6d09d826581baa1817be6fbd44426db9b05f1909
+    SHA256: 9dc7beb60a0a6e7238fc8589b6c2665331be1e807b4d2b3ddd1c258dbbd3e2f7
+    Sections:
+        .text:
+            Entropy: 6.14362601153889
+            Virtual Size: '0x318c'
+        .rdata:
+            Entropy: 3.8570303544347158
+            Virtual Size: '0x1300'
+        .data:
+            Entropy: 2.3976266531821224
+            Virtual Size: '0x1144'
+        .pdata:
+            Entropy: 4.043975650731326
+            Virtual Size: '0x1b0'
+        PAGE:
+            Entropy: 6.070426661582891
+            Virtual Size: '0x28b'
+        INIT:
+            Entropy: 5.119968261124173
+            Virtual Size: '0x5e6'
+        .rsrc:
+            Entropy: 3.370803361398665
+            Virtual Size: '0x440'
+        .reloc:
+            Entropy: 4.657997051970539
+            Virtual Size: '0x1b6'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 059c6bd84285f4960e767f032b33f19b
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: c5f0c9fee92943e29d4b2a8716381e20
+        SHA1: 2f1dc67f1c8b7335d6cfee17f3732527d732d7dd
+        SHA256: b9914ac1acbdc493d78c289bd185c301498c312602cabfcae8aa86cecb9fd14c
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2014 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2015-01-22 14:16:07'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.0.0.0
+    Filename: ''
+    ImportedFunctions:
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsProcessType
+    - PsGetProcessImageFileName
+    - PsLookupProcessByProcessId
+    - PsReferencePrimaryToken
+    - ZwOpenProcessTokenEx
+    - IoGetCurrentProcess
+    - ZwSetInformationProcess
+    - ZwClose
+    - ZwDuplicateToken
+    - PsInitialSystemProcess
+    - RtlCompareMemory
+    - ObfDereferenceObject
+    - IofCompleteRequest
+    - PsGetProcessId
+    - PsDereferencePrimaryToken
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - IoFreeMdl
+    - MmProbeAndLockPages
+    - MmUnlockPages
+    - IoAllocateMdl
+    - ZwUnloadKey
+    - RtlInitUnicodeString
+    - MmGetSystemRoutineAddress
+    - PsSetCreateProcessNotifyRoutine
+    - IoEnumerateRegisteredFiltersList
+    - KeBugCheckEx
+    - KeBugCheck
+    - _vsnwprintf
+    - IoDeleteDevice
+    - NtBuildNumber
+    - ObOpenObjectByPointer
+    - IoDeleteSymbolicLink
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwindEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltEnumerateFilters
+    - FltObjectDereference
+    - FltGetVolumeFromInstance
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: 3359e1d4244a7d724949c63e89689ef8
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.0.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 94bfa9368ea43c71afa29bad9fc60535
+        SHA1: d8e5ebd3ca141f00753a138144cd1319d755858b
+        SHA256: 5c236619ead1fde5073ecb323d1c2701a7c522489118cee4ffb4ccf14efc355f
+    SHA1: 6972314b6d6b0109b9d0a951eb06041f531f589b
+    SHA256: 06ddf49ac8e06e6b83fccba1141c90ea01b65b7db592c54ffe8aa6d30a75c0b8
+    Sections:
+        .text:
+            Entropy: 6.14230397610419
+            Virtual Size: '0x344c'
+        .rdata:
+            Entropy: 3.9213930631604685
+            Virtual Size: '0x10dc'
+        .data:
+            Entropy: 2.4734656013956355
+            Virtual Size: '0xc9c'
+        .pdata:
+            Entropy: 4.05676968495297
+            Virtual Size: '0x1d4'
+        PAGE:
+            Entropy: 6.060112416967421
+            Virtual Size: '0x28b'
+        INIT:
+            Entropy: 5.107085003103007
+            Virtual Size: '0x610'
+        .rsrc:
+            Entropy: 3.341463935179513
+            Virtual Size: '0x440'
+        .reloc:
+            Entropy: 4.349002794600718
+            Virtual Size: '0x154'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: caa08a0ba5f679b1e5bbae747cb9d626
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 844d7fd5ec208cdb66f3cc238b32139f
+        SHA1: 0e7956ca48ab640cf72c4030f77c6e62bdf6eab4
+        SHA256: 3327d9e938d4ae29de110e219662ce04932935a7886e99feb508ffe77c9e00c2
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2020 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2020-08-04 17:23:09'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.2.0.0
+    Filename: ''
+    ImportedFunctions:
+    - NtBuildNumber
+    - IofCompleteRequest
+    - KeBugCheck
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsInitialSystemProcess
+    - ObfDereferenceObject
+    - PsLookupProcessByProcessId
+    - PsGetProcessImageFileName
+    - PsGetProcessId
+    - ZwClose
+    - ZwSetInformationProcess
+    - ZwDuplicateToken
+    - ObOpenObjectByPointer
+    - PsProcessType
+    - RtlInitUnicodeString
+    - PsReferencePrimaryToken
+    - IoGetCurrentProcess
+    - RtlCompareMemory
+    - ZwOpenProcessTokenEx
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - IoFreeMdl
+    - MmUnlockPages
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - memcpy
+    - KeServiceDescriptorTable
+    - IoEnumerateRegisteredFiltersList
+    - KeTickCount
+    - MmGetSystemRoutineAddress
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - memset
+    - PsDereferencePrimaryToken
+    - _vsnwprintf
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwind
+    - KeBugCheckEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltGetVolumeFromInstance
+    - FltObjectDereference
+    - FltEnumerateFilters
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: 1e0eb80347e723fa31fce2abb0301d44
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.2.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: c4873a245675b1071413f34af4d80050
+        SHA1: dd32c95fe9c3a8bcfa7623a732f2492214ff5881
+        SHA256: 2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
+    SHA1: 01cf1fe3937fb6585ffb468b116a3af8ddf9ef16
+    SHA256: 1a5c08d40a5e73b9fe63ea5761eaec8f41d916ca3da2acbc4e6e799b06af5524
+    Sections:
+        .text:
+            Entropy: 6.2064317372812985
+            Virtual Size: '0x2404'
+        .rdata:
+            Entropy: 3.545537533502987
+            Virtual Size: '0xff4'
+        .data:
+            Entropy: 2.813191841547333
+            Virtual Size: '0x14dc'
+        PAGE:
+            Entropy: 5.804360087879422
+            Virtual Size: '0x266'
+        INIT:
+            Entropy: 5.4281677070245955
+            Virtual Size: '0x538'
+        .rsrc:
+            Entropy: 3.3459452702797696
+            Virtual Size: '0x430'
+        .reloc:
+            Entropy: 6.0011548156682
+            Virtual Size: '0x4a0'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2026-04-13 10:00:00'
+            Signature: 1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 751e3ee9c5dc2f3e8f04e59dee5ed409
+            Version: 3
+            TBS:
+                MD5: a637f8f3c278575f41cda67c2063c050
+                SHA1: debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
+                SHA256: f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
+                SHA384: 8d32c5f71dc656c96a04609c17e9d8dc95c4f56d1a55165a265e244d34a3f7708e6c7d942376e4fbb3d2ac2f2609fd47
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 3b49942ec6cef1898e97f741b2b5df8a
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 486125bd8dbe6940040149ff7cde6796
+        SHA1: 47b3cbd97520c493ecaaf9cf93d08f31f3288b43
+        SHA256: 785723a3afe96876382524a9e90984f379c41521cd1f86a2172314ad58785e4f
+    Company: gentilkiwi (Benjamin DELPY)
+    Copyright: Copyright (c) 2007 - 2019 gentilkiwi (Benjamin DELPY)
+    CreationTimestamp: '2019-05-12 17:34:34'
+    Date: ''
+    Description: mimidrv for Windows (mimikatz)
+    ExportedFunctions: ''
+    FileVersion: 2.2.0.0
+    Filename: ''
+    ImportedFunctions:
+    - NtBuildNumber
+    - IofCompleteRequest
+    - KeBugCheck
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsInitialSystemProcess
+    - ObfDereferenceObject
+    - PsLookupProcessByProcessId
+    - PsGetProcessImageFileName
+    - PsGetProcessId
+    - ZwClose
+    - ZwSetInformationProcess
+    - ZwDuplicateToken
+    - ObOpenObjectByPointer
+    - PsProcessType
+    - RtlInitUnicodeString
+    - PsReferencePrimaryToken
+    - IoGetCurrentProcess
+    - RtlCompareMemory
+    - ZwOpenProcessTokenEx
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - IoFreeMdl
+    - MmUnlockPages
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - memcpy
+    - KeServiceDescriptorTable
+    - IoEnumerateRegisteredFiltersList
+    - KeTickCount
+    - MmGetSystemRoutineAddress
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - memset
+    - PsDereferencePrimaryToken
+    - _vsnwprintf
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwind
+    - KeBugCheckEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltGetVolumeFromInstance
+    - FltObjectDereference
+    - FltEnumerateFilters
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: mimidrv
+    MD5: 2c39f6172fbc967844cac12d7ab2fa55
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mimidrv.sys
+    PDBPath: ''
+    Product: mimidrv (mimikatz)
+    ProductVersion: 2.2.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: c4873a245675b1071413f34af4d80050
+        SHA1: dd32c95fe9c3a8bcfa7623a732f2492214ff5881
+        SHA256: 2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
+    SHA1: 3d27013557b5e68e7212a2f78dfe60c5a2a46327
+    SHA256: 41ad660820c41fc8b1860b13dc1fea8bc8cb2faceb36ed3e29d40d28079d2b1f
+    Sections:
+        .text:
+            Entropy: 6.2035733322045745
+            Virtual Size: '0x23f4'
+        .rdata:
+            Entropy: 3.5763739148983986
+            Virtual Size: '0xed4'
+        .data:
+            Entropy: 2.8516013173925066
+            Virtual Size: '0x1264'
+        PAGE:
+            Entropy: 5.795549160299263
+            Virtual Size: '0x266'
+        INIT:
+            Entropy: 5.429489696991249
+            Virtual Size: '0x538'
+        .rsrc:
+            Entropy: 3.3528875272530887
+            Virtual Size: '0x430'
+        .reloc:
+            Entropy: 5.93822728458253
+            Virtual Size: '0x464'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 3b49942ec6cef1898e97f741b2b5df8a
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 12c01d5a170fb10316ddfa8c9ad9ca9b
+        SHA1: 64ebdc45f21f854c1feb7e228e3c3ff4fcf3fcb9
+        SHA256: 577e381b5d36faf15cde84ed59c51e2dcb65d90140848111429e1c8cfb0553f5
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2017-06-18 10:46:24'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - KeBugCheck
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsProcessType
+    - PsGetProcessImageFileName
+    - PsLookupProcessByProcessId
+    - PsReferencePrimaryToken
+    - ZwOpenProcessTokenEx
+    - IoGetCurrentProcess
+    - ZwSetInformationProcess
+    - ZwClose
+    - ZwDuplicateToken
+    - PsInitialSystemProcess
+    - _vsnwprintf
+    - ObfDereferenceObject
+    - ObOpenObjectByPointer
+    - PsGetProcessId
+    - PsDereferencePrimaryToken
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - IoFreeMdl
+    - MmProbeAndLockPages
+    - MmUnlockPages
+    - IoAllocateMdl
+    - ZwUnloadKey
+    - IoEnumerateRegisteredFiltersList
+    - KeBugCheckEx
+    - MmGetSystemRoutineAddress
+    - IoDeleteDevice
+    - RtlInitUnicodeString
+    - NtBuildNumber
+    - RtlCompareMemory
+    - IoDeleteSymbolicLink
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwindEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltEnumerateFilters
+    - FltObjectDereference
+    - FltGetVolumeFromInstance
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: ''
+    MD5: c159fb0f345a8771e56aab8e16927361
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: d45d2640e1584c776a1d10e5f695d7ad
+        SHA1: fef88c261764494d9a145b37b7739f3454786729
+        SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
+    SHA1: ac4ace1c21c5cb72c6edf6f2f0cc3513d7c942c3
+    SHA256: af7ca247bf229950fb48674b21712761ac650d33f13a4dca44f61c59f4c9ac46
+    Sections:
+        .text:
+            Entropy: 6.137944463935485
+            Virtual Size: '0x319c'
+        .rdata:
+            Entropy: 3.8459107985078496
+            Virtual Size: '0x1340'
+        .data:
+            Entropy: 2.3461427985512437
+            Virtual Size: '0x12e4'
+        .pdata:
+            Entropy: 4.010051195917961
+            Virtual Size: '0x1b0'
+        PAGE:
+            Entropy: 6.083244237405415
+            Virtual Size: '0x28b'
+        INIT:
+            Entropy: 5.119968261124173
+            Virtual Size: '0x5e6'
+        .rsrc:
+            Entropy: -0.0
+            Virtual Size: '0x10'
+        .reloc:
+            Entropy: 4.705915669612521
+            Virtual Size: '0x1d4'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 059c6bd84285f4960e767f032b33f19b
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 754edc1697f09e26fb3833d0381570d1
+        SHA1: b5464d2e71937e21f5658eaa0a3608ac57c29bc2
+        SHA256: c6f7acc48d15f334a757a416809eb596d291952cf730a281de4a4423e18dce76
+    Company: ''
+    Copyright: 'Copyright (c) 2007 - 2017 '
+    CreationTimestamp: '2017-12-19 16:17:57'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: 2.1.1.0
+    Filename: ''
+    ImportedFunctions:
+    - KeBugCheck
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - PsProcessType
+    - PsGetProcessImageFileName
+    - PsLookupProcessByProcessId
+    - PsReferencePrimaryToken
+    - ZwOpenProcessTokenEx
+    - IoGetCurrentProcess
+    - ZwSetInformationProcess
+    - ZwClose
+    - ZwDuplicateToken
+    - PsInitialSystemProcess
+    - _vsnwprintf
+    - ObfDereferenceObject
+    - ObOpenObjectByPointer
+    - PsGetProcessId
+    - PsDereferencePrimaryToken
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - IoFreeMdl
+    - MmProbeAndLockPages
+    - MmUnlockPages
+    - IoAllocateMdl
+    - ZwUnloadKey
+    - IoEnumerateRegisteredFiltersList
+    - KeBugCheckEx
+    - MmGetSystemRoutineAddress
+    - IoDeleteDevice
+    - RtlInitUnicodeString
+    - NtBuildNumber
+    - RtlCompareMemory
+    - IoDeleteSymbolicLink
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - RtlUnwindEx
+    - FltGetFilterInformation
+    - FltEnumerateInstances
+    - FltEnumerateFilters
+    - FltObjectDereference
+    - FltGetVolumeFromInstance
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: ''
+    MD5: 6ececf26ff8b03ed7ffbddadec9a9dab
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: 2.1.1.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: d45d2640e1584c776a1d10e5f695d7ad
+        SHA1: fef88c261764494d9a145b37b7739f3454786729
+        SHA256: 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
+    SHA1: 4e0f5576804dab14abb29a29edb9616a1dbe280a
+    SHA256: 773b4a1efb9932dd5116c93d06681990759343dfe13c0858d09245bc610d5894
+    Sections:
+        .text:
+            Entropy: 6.144037436753497
+            Virtual Size: '0x31dc'
+        .rdata:
+            Entropy: 3.7569448708202815
+            Virtual Size: '0x1390'
+        .data:
+            Entropy: 2.313119440407077
+            Virtual Size: '0x1494'
+        .pdata:
+            Entropy: 3.990039715462728
+            Virtual Size: '0x1b0'
+        PAGE:
+            Entropy: 6.084557222001841
+            Virtual Size: '0x28b'
+        INIT:
+            Entropy: 5.119968261124173
+            Virtual Size: '0x5e6'
+        .rsrc:
+            Entropy: 2.646358053130904
+            Virtual Size: '0x440'
+        .reloc:
+            Entropy: 4.8001308386334935
+            Virtual Size: '0x1f2'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=FR, CN=Benjamin Delpy
+            ValidFrom: '2011-06-28 09:46:16'
+            ValidTo: '2014-06-28 09:46:16'
+            Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Version: 3
+            TBS:
+                MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+                SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+                SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+                SHA384: 4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 059c6bd84285f4960e767f032b33f19b
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/892292f9-b87c-40a5-80e5-8c9b02914e8b.yaml b/yaml/892292f9-b87c-40a5-80e5-8c9b02914e8b.yaml
index 69dbe9a95..e76b91bc1 100644
--- a/yaml/892292f9-b87c-40a5-80e5-8c9b02914e8b.yaml
+++ b/yaml/892292f9-b87c-40a5-80e5-8c9b02914e8b.yaml
@@ -1,235 +1,235 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 892292f9-b87c-40a5-80e5-8c9b02914e8b
+Tags:
+- wantd.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: malicious
-Commands:
-  Command: sc.exe create wantd.sys binPath=C:\windows\temp\wantd.sys type=kernel &&
-    sc.exe start wantd.sys
-  Description: Driver used in the Daxin malware campaign.
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-02-28'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/06a0ec9a316eb89cb041b1907918e3ad3b03842ec65f004f6fa74d57955573a4.yara
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_mal_drivers_strict.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: 892292f9-b87c-40a5-80e5-8c9b02914e8b
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 1ed42c05e43c14ab16d16fbe8eaed870
-    SHA1: 68cb54489a0556594a28f5f1410cc64d74a1c182
-    SHA256: a47b9af109988e8e033886638edc84964968eecd0d24483eafaad6a6d68005ea
-  Company: Microsoft Corporation
-  Copyright: Microsoft Corporation. All rights reserved.
-  CreationTimestamp: '2013-11-27 16:59:02'
-  Date: ''
-  Description: WAN Transport Driver
-  ExportedFunctions: ''
-  FileVersion: 6.1.7600.1172
-  Filename: wantd.sys
-  ImportedFunctions:
-  - wcsncmp
-  - IoAllocateMdl
-  - _stricmp
-  - sprintf
-  - RtlLengthRequiredSid
-  - _strnicmp
-  - ExAllocatePoolWithTag
-  - vsprintf
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - RtlAnsiStringToUnicodeString
-  - NtWriteFile
-  - RtlCreateAcl
-  - PsLookupProcessByProcessId
-  - NtQuerySystemInformation
-  - _wcsnicmp
-  - ZwReadFile
-  - RtlSetDaclSecurityDescriptor
-  - KeInitializeApc
-  - IoDeleteDevice
-  - NtFsControlFile
-  - KeInsertQueueApc
-  - MmGetSystemRoutineAddress
-  - IoCreateFile
-  - atoi
-  - _snprintf
-  - ZwQuerySystemInformation
-  - KeReleaseSpinLock
-  - RtlAddAccessAllowedAce
-  - RtlImageDirectoryEntryToData
-  - KeDetachProcess
-  - ZwOpenFile
-  - ZwCreateFile
-  - PsCreateSystemThread
-  - ZwQueryValueKey
-  - PsTerminateSystemThread
-  - ZwFreeVirtualMemory
-  - KeQueryTimeIncrement
-  - ObReferenceObjectByHandle
-  - KeWaitForSingleObject
-  - KeAttachProcess
-  - PsGetVersion
-  - PsThreadType
-  - RtlCompareUnicodeString
-  - ZwOpenProcess
-  - ZwQueryInformationProcess
-  - IoCreateSymbolicLink
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - ZwTerminateProcess
-  - ZwQueryInformationFile
-  - KeWaitForMultipleObjects
-  - ZwWriteFile
-  - NtReadFile
-  - PsLookupThreadByThreadId
-  - RtlLengthSid
-  - RtlCreateSecurityDescriptor
-  - ZwAllocateVirtualMemory
-  - ZwOpenKey
-  - KeAcquireSpinLockRaiseToDpc
-  - RtlUnicodeStringToInteger
-  - MmIsAddressValid
-  - ZwDeviceIoControlFile
-  - IofCompleteRequest
-  - ZwClose
-  - MmMapLockedPagesSpecifyCache
-  - KeDelayExecutionThread
-  - MmUserProbeAddress
-  - MmBuildMdlForNonPagedPool
-  - memchr
-  - ZwWaitForSingleObject
-  - RtlInitUnicodeString
-  - NdisAllocateMemoryWithTag
-  - NdisAllocateNetBufferAndNetBufferList
-  - NdisMSendNetBufferListsComplete
-  - NdisReturnNetBufferLists
-  - NdisAllocateNetBufferListPool
-  - NdisFreeMemory
-  - NdisMIndicateStatus
-  - NdisFreeMdl
-  - NdisFreeNetBufferListPool
-  - NdisFreeNetBufferList
-  - NdisSendNetBufferLists
-  Imports:
-  - ntoskrnl.exe
-  - NDIS.SYS
-  InternalName: wantd.sys
-  MD5: b0770094c3c64250167b55e4db850c04
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: wantd.sys
-  Product: Microsoft Windows Operating System
-  ProductVersion: 6.1.7600.1172
-  Publisher: Anhua Xinda (Beijing) Technology Co., Ltd.
-  RichPEHeaderHash:
-    MD5: 8cdd468850a9084b109fb26005e28d1f
-    SHA1: abee83f631fc7792dc07a572a003c103903f305e
-    SHA256: aa49c3910540c2edd0e4a9154e5741d5cc65662a1364616e057ca3fc74243755
-  SHA1: 6abbc3003c7aa69ce79cbbcd2e3210b07f21d202
-  SHA256: 06a0ec9a316eb89cb041b1907918e3ad3b03842ec65f004f6fa74d57955573a4
-  Sections:
-    .text:
-      Entropy: 6.377221041391935
-      Virtual Size: '0xd88c'
-    .rdata:
-      Entropy: 4.702371843577182
-      Virtual Size: '0x84c'
-    .data:
-      Entropy: 1.0571423331776753
-      Virtual Size: '0x12590'
-    .pdata:
-      Entropy: 4.5393227380510455
-      Virtual Size: '0x8c4'
-    INIT:
-      Entropy: 5.793042716031905
-      Virtual Size: '0xd8c'
-    .rsrc:
-      Entropy: 3.262685485179719
-      Virtual Size: '0x3b0'
-  Signature: A required certificate is not within its validity period when verifying
-    against the current system clock or the timestamp in the signed file.
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=CN, ST=Beijing, L=Beijing, O=Anhua Xinda (Beijing) Technology Co.,
-        Ltd., OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=Anhua Xinda
-        (Beijing) Technology Co., Ltd.
-      ValidFrom: '2011-06-28 00:00:00'
-      ValidTo: '2014-06-27 23:59:59'
-      Signature: 75446640570a5790bb9af0f472df1738c47e362aedd568599f66a121e1c27b51008ca2e0d72ed727e61ee0c76a578dc56de22c5ee58136db144fc68aca0fd0196d70716bd8c9d19b5fdd8a147d749367a953604b24502efdd039577033df13b8d20a8cc7ca4829a303c11e7f6bf3c370d98b64b875ca3745546285bb70c204467968b1c4a416b0636c590dff6f7a3091ed00351c626e32e859bdd58d363940a5ed33d121e423d2ba1b8ad85c5c1296e23d627e0aafe9268945bce9567c38719621eecdde83a74139fb3e0920a32e558fd64c0149cfec10f4b82fdcc8cdaed4011977c2169035b71edc68fabaf43d59f989ee5d97ec94eaa05ef2a62bfc480fa9
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 387c9476e28320264594846317d46540
-      Version: 3
-      TBS:
-        MD5: ce372214eabe9d311e4a156fe2044327
-        SHA1: 7f7eb1a547c9b0b2e41b0f44515dfd20c16edceb
-        SHA256: 03d59cc81c6960a93ab4b02e5521aa9fb349e8d7df9dfdf675201e48c23b5a34
-        SHA384: 4b8829bc6980e82affeb7ad29efb59fc3ca9b02d015e6c0f385b9f2cf275609cd45936659f41fce579c073e34c2ca308
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 387c9476e28320264594846317d46540
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: c32d9a9af7f702814e1368c689877f3a
-  LoadsDespiteHVCI: 'TRUE'
 MitreID: T1068
+Category: malicious
+Commands:
+    Command: sc.exe create wantd.sys binPath=C:\windows\temp\wantd.sys type=kernel
+        && sc.exe start wantd.sys
+    Description: Driver used in the Daxin malware campaign.
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://gist.github.com/MHaggis/9ab3bb795a6018d70fb11fa7c31f8f48
 - https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/daxin-backdoor-espionage
 - ''
-Tags:
-- wantd.sys
-Verified: 'TRUE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/06a0ec9a316eb89cb041b1907918e3ad3b03842ec65f004f6fa74d57955573a4.yara
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_mal_drivers_strict.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 1ed42c05e43c14ab16d16fbe8eaed870
+        SHA1: 68cb54489a0556594a28f5f1410cc64d74a1c182
+        SHA256: a47b9af109988e8e033886638edc84964968eecd0d24483eafaad6a6d68005ea
+    Company: Microsoft Corporation
+    Copyright: Microsoft Corporation. All rights reserved.
+    CreationTimestamp: '2013-11-27 16:59:02'
+    Date: ''
+    Description: WAN Transport Driver
+    ExportedFunctions: ''
+    FileVersion: 6.1.7600.1172
+    Filename: wantd.sys
+    ImportedFunctions:
+    - wcsncmp
+    - IoAllocateMdl
+    - _stricmp
+    - sprintf
+    - RtlLengthRequiredSid
+    - _strnicmp
+    - ExAllocatePoolWithTag
+    - vsprintf
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - RtlAnsiStringToUnicodeString
+    - NtWriteFile
+    - RtlCreateAcl
+    - PsLookupProcessByProcessId
+    - NtQuerySystemInformation
+    - _wcsnicmp
+    - ZwReadFile
+    - RtlSetDaclSecurityDescriptor
+    - KeInitializeApc
+    - IoDeleteDevice
+    - NtFsControlFile
+    - KeInsertQueueApc
+    - MmGetSystemRoutineAddress
+    - IoCreateFile
+    - atoi
+    - _snprintf
+    - ZwQuerySystemInformation
+    - KeReleaseSpinLock
+    - RtlAddAccessAllowedAce
+    - RtlImageDirectoryEntryToData
+    - KeDetachProcess
+    - ZwOpenFile
+    - ZwCreateFile
+    - PsCreateSystemThread
+    - ZwQueryValueKey
+    - PsTerminateSystemThread
+    - ZwFreeVirtualMemory
+    - KeQueryTimeIncrement
+    - ObReferenceObjectByHandle
+    - KeWaitForSingleObject
+    - KeAttachProcess
+    - PsGetVersion
+    - PsThreadType
+    - RtlCompareUnicodeString
+    - ZwOpenProcess
+    - ZwQueryInformationProcess
+    - IoCreateSymbolicLink
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - ZwTerminateProcess
+    - ZwQueryInformationFile
+    - KeWaitForMultipleObjects
+    - ZwWriteFile
+    - NtReadFile
+    - PsLookupThreadByThreadId
+    - RtlLengthSid
+    - RtlCreateSecurityDescriptor
+    - ZwAllocateVirtualMemory
+    - ZwOpenKey
+    - KeAcquireSpinLockRaiseToDpc
+    - RtlUnicodeStringToInteger
+    - MmIsAddressValid
+    - ZwDeviceIoControlFile
+    - IofCompleteRequest
+    - ZwClose
+    - MmMapLockedPagesSpecifyCache
+    - KeDelayExecutionThread
+    - MmUserProbeAddress
+    - MmBuildMdlForNonPagedPool
+    - memchr
+    - ZwWaitForSingleObject
+    - RtlInitUnicodeString
+    - NdisAllocateMemoryWithTag
+    - NdisAllocateNetBufferAndNetBufferList
+    - NdisMSendNetBufferListsComplete
+    - NdisReturnNetBufferLists
+    - NdisAllocateNetBufferListPool
+    - NdisFreeMemory
+    - NdisMIndicateStatus
+    - NdisFreeMdl
+    - NdisFreeNetBufferListPool
+    - NdisFreeNetBufferList
+    - NdisSendNetBufferLists
+    Imports:
+    - ntoskrnl.exe
+    - NDIS.SYS
+    InternalName: wantd.sys
+    MD5: b0770094c3c64250167b55e4db850c04
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: wantd.sys
+    Product: Microsoft Windows Operating System
+    ProductVersion: 6.1.7600.1172
+    Publisher: Anhua Xinda (Beijing) Technology Co., Ltd.
+    RichPEHeaderHash:
+        MD5: 8cdd468850a9084b109fb26005e28d1f
+        SHA1: abee83f631fc7792dc07a572a003c103903f305e
+        SHA256: aa49c3910540c2edd0e4a9154e5741d5cc65662a1364616e057ca3fc74243755
+    SHA1: 6abbc3003c7aa69ce79cbbcd2e3210b07f21d202
+    SHA256: 06a0ec9a316eb89cb041b1907918e3ad3b03842ec65f004f6fa74d57955573a4
+    Sections:
+        .text:
+            Entropy: 6.377221041391935
+            Virtual Size: '0xd88c'
+        .rdata:
+            Entropy: 4.702371843577182
+            Virtual Size: '0x84c'
+        .data:
+            Entropy: 1.0571423331776753
+            Virtual Size: '0x12590'
+        .pdata:
+            Entropy: 4.5393227380510455
+            Virtual Size: '0x8c4'
+        INIT:
+            Entropy: 5.793042716031905
+            Virtual Size: '0xd8c'
+        .rsrc:
+            Entropy: 3.262685485179719
+            Virtual Size: '0x3b0'
+    Signature: A required certificate is not within its validity period when verifying
+        against the current system clock or the timestamp in the signed file.
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=CN, ST=Beijing, L=Beijing, O=Anhua Xinda (Beijing) Technology
+                Co., Ltd., OU=Digital ID Class 3 , Microsoft Software Validation v2,
+                CN=Anhua Xinda (Beijing) Technology Co., Ltd.
+            ValidFrom: '2011-06-28 00:00:00'
+            ValidTo: '2014-06-27 23:59:59'
+            Signature: 75446640570a5790bb9af0f472df1738c47e362aedd568599f66a121e1c27b51008ca2e0d72ed727e61ee0c76a578dc56de22c5ee58136db144fc68aca0fd0196d70716bd8c9d19b5fdd8a147d749367a953604b24502efdd039577033df13b8d20a8cc7ca4829a303c11e7f6bf3c370d98b64b875ca3745546285bb70c204467968b1c4a416b0636c590dff6f7a3091ed00351c626e32e859bdd58d363940a5ed33d121e423d2ba1b8ad85c5c1296e23d627e0aafe9268945bce9567c38719621eecdde83a74139fb3e0920a32e558fd64c0149cfec10f4b82fdcc8cdaed4011977c2169035b71edc68fabaf43d59f989ee5d97ec94eaa05ef2a62bfc480fa9
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 387c9476e28320264594846317d46540
+            Version: 3
+            TBS:
+                MD5: ce372214eabe9d311e4a156fe2044327
+                SHA1: 7f7eb1a547c9b0b2e41b0f44515dfd20c16edceb
+                SHA256: 03d59cc81c6960a93ab4b02e5521aa9fb349e8d7df9dfdf675201e48c23b5a34
+                SHA384: 4b8829bc6980e82affeb7ad29efb59fc3ca9b02d015e6c0f385b9f2cf275609cd45936659f41fce579c073e34c2ca308
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 387c9476e28320264594846317d46540
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: c32d9a9af7f702814e1368c689877f3a
+    LoadsDespiteHVCI: 'TRUE'
diff --git a/yaml/8a162702-b043-4108-bb6c-1488751a4a32.yaml b/yaml/8a162702-b043-4108-bb6c-1488751a4a32.yaml
index 7701849d0..c51b3ab99 100644
--- a/yaml/8a162702-b043-4108-bb6c-1488751a4a32.yaml
+++ b/yaml/8a162702-b043-4108-bb6c-1488751a4a32.yaml
@@ -1,179 +1,180 @@
-Acknowledgement:
-  Handle: BushidoToken
-  Person: BushidoToken
+Id: 8a162702-b043-4108-bb6c-1488751a4a32
+Tags:
+- dkrTK.sys
+Verified: 'TRUE'
 Author: Will BushidoToken
-Category: malicious
-Commands:
-  Command: sc.exe create dkrTK.sys binPath=C:\windows\temp\dkrTK.sys type=kernel &&
-    sc.exe start dkrTK.sys
-  Description: "The User Agent tjr.exe, which is protected via a virtual machine,\
-    \ drops the kernel driver to the user temporary directory C:\\%User%\\AppData\\\
-    Local\\Temp\\Ktgn.sys. It then installs the dropped driver with the name ktgn\
-    \ and the start value = System (to start when the system restarts). From our analysis\
-    \ of what occurs when a user interfaces with this driver, we observed that it\
-    \ only uses one of the exposed Device Input and Output Control (IOCTL) code \u2014\
-    \ Kill Process, which is used to kill security agent processes installed on the\
-    \ system."
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-05-22'
-Detection: []
-Id: 8a162702-b043-4108-bb6c-1488751a4a32
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 233c2815720d7aa90838780dc482ddb9
-    SHA1: 6271a84b349debb9a1bf7a5a164e91ef6cb9f869
-    SHA256: 24395b622d4fd48864a50978ffd2b82fdded5189741a6deea9293cc075cd0c6b
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2022-06-02 04:09:08'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: dkrTK.sys
-  ImportedFunctions:
-  - rand
-  - srand
-  - RtlInitUnicodeString
-  - RtlGetVersion
-  - KeDelayExecutionThread
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - ExSystemTimeToLocalTime
-  - MmGetSystemRoutineAddress
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoGetCurrentProcess
-  - ObReferenceObjectByHandleWithTag
-  - ObfDereferenceObject
-  - ObfDereferenceObjectWithTag
-  - MmIsAddressValid
-  - PsGetProcessExitStatus
-  - PsIsThreadTerminating
-  - PsLookupProcessByProcessId
-  - PsLookupThreadByThreadId
-  - PsGetThreadProcess
-  - PsIsSystemThread
-  - ObOpenObjectByPointerWithTag
-  - KeBugCheckEx
-  - ExAllocatePool
-  - NtQuerySystemInformation
-  - ExFreePoolWithTag
-  - IoAllocateMdl
-  - MmProbeAndLockPages
-  - MmMapLockedPagesSpecifyCache
-  - MmUnlockPages
-  - IoFreeMdl
-  - KeQueryActiveProcessors
-  - KeSetSystemAffinityThread
-  - KeRevertToUserAffinityThread
-  - DbgPrint
-  - KeQueryPerformanceCounter
-  Imports:
-  - ntoskrnl.exe
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: a837302307dace2a00d07202b661bce2
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: ffdf660eb1ebf020a1d0a55a90712dfb
-    SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
-    SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
-  SHA1: 91568d7a82cc7677f6b13f11bea5c40cf12d281b
-  SHA256: 52d5c35325ce701516f8b04380c9fbdb78ec6bcc13b444f758fdb03d545b0677
-  Sections:
-    .text:
-      Entropy: 0.0
-      Virtual Size: '0x16a8'
-    .rdata:
-      Entropy: 0.0
-      Virtual Size: '0x5b0'
-    .data:
-      Entropy: 0.0
-      Virtual Size: '0x110'
-    .pdata:
-      Entropy: 0.0
-      Virtual Size: '0x15c'
-    INIT:
-      Entropy: 0.0
-      Virtual Size: '0x3ee'
-    .YUC:
-      Entropy: 0.0
-      Virtual Size: '0x1394a0'
-    .(~z:
-      Entropy: 2.1490473203220253
-      Virtual Size: '0x200'
-    .A<b:
-      Entropy: 7.650439716839931
-      Virtual Size: '0x2536b0'
-    .reloc:
-      Entropy: 3.915623139317465
-      Virtual Size: '0xd8'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=CN, ST=Shandong, L=Zaozhuang, O=Bopsoft, CN=Bopsoft
-      ValidFrom: '2018-03-02 00:00:00'
-      ValidTo: '2018-11-28 23:59:59'
-      Signature: 261c8eec3489c246498e8f65d4f68bd4f1e569760f9653601c877ad5f755bdd0ff729e81ced79aa051ea3ad404a74ba13cfeba87cc44b1960463280c5e44162713038f4d63e5737afe06427b934e403eb31fe76ae672575dc7fc72dd9fb199680d9fc4a8dcb31662b45423e6e738418066d9e14968a0d3e85c3c8e820692d6bcc203e675079a773681d8ddb91b81a808c2f1be43fba6343d82403ea067bbc6a3fe28a67de9a82707dfbbd8e1e06e977676242b32467bd02351843eefe183b603c04af960d6777e2958b7d88d6512190b3af858188be9e9bc3cd1e2fe92adbec1bca5885ab6d021a048f258b55a0ff5b7d55d94db1694840771f54b63862a9cd2
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 38de06b8be15187f107e04f8b1138977
-      Version: 3
-      TBS:
-        MD5: 1e71dd41570c4bb591861555853106a3
-        SHA1: 1cb57dd770235af6c117b995e9c52909a0e44684
-        SHA256: 4ebff6116837c32889b3bcbabd82137e69a7d30ea1458d8e8e9a1861379761f3
-        SHA384: 738b7cc310cd6dd8166ed2317a8bc065a3fe0245b8b0ff73a781f0902c3a6c29f5e133f2f43e040f49aec974a618063c
-    - Subject: C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 56fe535ce1c79ebca7ed7e536d6a144b518c405e805faaa4e82fef38c804c9ca3ecfdf3a584eb0d4b663c52957fa02059a454d68db2a1bd4343d9f00c35acb9549a56ee1b0c5fc414d414a6fd377c8d7388de419de18f31f1565836d450c53f90a9a2ea55dbf6f32811892196a5500ad631c52067e55d92968ae4a7c189a79886b2323d827382a298776cafbc7b662231fed7a564cdd9c325bf53d0c4618953b2a2368836441d9006d0f1924156872bdc571676eac4cdb90eb51a51a6207d0be6a00473c722fec4f613e7385ce5a0ab7bac01c1375e3223928dd6d1d09469d4fbae8408191c6a4ce94721b01cf2a6e15679589ae7db7b7cdf90a3d75b66b3c25
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47974d7873a5bcab0d2fb370192fce5e
-      Version: 3
-      TBS:
-        MD5: e3a93dc2a8a8a668fdbb286bfe9afab5
-        SHA1: 95795d2aa2a554a423bc8c6e5b0a016d14887d35
-        SHA256: d8844186775bddbccaf3dc017064df7d760fd4b85c5d07561a3efd7da950f89e
-        SHA384: 78d972495720b43a6470b18ae1226bcca20707628087717a9364c14ca053ba264e6d149718b103542d9942200138a69d
-    - Subject: C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006
-        thawte, Inc. , For authorized use only, CN=thawte Primary Root CA
-      ValidFrom: '2011-02-22 19:31:57'
-      ValidTo: '2021-02-22 19:41:57'
-      Signature: 2dcc71b5e8ba94ff5ee64467007b6afc412c3ee70e41855ab12a932ba95b89f2f72b499c8003f297b8e760a80ed7fd5de545467594f4ed1c9de166228b61fb29f2c6a8bdf387c98f7f47e1c058b64a1aa2e7f718606969e083069e26c775c40c0d79da746b52b9fae8ea3359b9bb18dd291a14dfd36a37277a9da0dacffffc22c4faf009ff33e93e17ba1cc742cfce2743d30c0c5581303db96060ce02ece19ee81ddc852ce0a18d966d95ac17a4713ea16741b6281d2ce3b615e5b7e5a2f6256d86e320acf9f8314f8e629b9833376d6af735523e90feb03b5fc5b852a9e06ea0479a279e97aea24a9e531939ec357ec659de3ae0aaf533f06abda0821812dea18c4570ca2bd62e959145995a5c240049bd23b30ceca43df5b9e1d1b1825a38eea3fba1ab483a8c5dffa065223fd3d3fe4990db1446a3852e8a554b09ab38b2ab63a008d1fdad48e273d812bcc26ca516fad09ac05e38383a2b718e553aac42197a1f0d4220e7ab5d8c6880524ca1c0d488d02321fb901309007b4937afa9df486022abf4f6c2363bf8513c34bbc586e43ae19f4b90fe5461024b159c34176aa94b8d4cb69d2326c83af1d6b805cdda1d6240183a2f1b41cd3a993a0aa9d1d77eb8c4aff7b8c980105ed55df6ce7a9a02c50f6381efb564e9fc5bd8d2619a68c37cf9c78df91e87d5fa2cf816ae9dab068fc86dc741cda14e84e3dac26ebcfb
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611fb0a400000000001d
-      Version: 3
-      TBS:
-        MD5: a3f222107d4e1085e73b5b589c2f480b
-        SHA1: b94aa26cd77c48d91a53ac44506cbd255e1d362c
-        SHA256: a39ed0d6fd4eb1a6f7fed60f726e23eae668b7591bc004644625d22c701213fa
-        SHA384: 64b7643e4146016cbf83c911eb67e4601b6bb8d66f8ee8dcee67b815f91770d86ab23678b984430f22a963e5484881b7
-    Signer:
-    - SerialNumber: 38de06b8be15187f107e04f8b1138977
-      Issuer: C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2
-      Version: 1
-  Imphash: 26ceec6572c630bdad60c984e51b7da4
-  LoadsDespiteHVCI: 'TRUE'
 MitreID: T1068
+Category: malicious
+Commands:
+    Command: sc.exe create dkrTK.sys binPath=C:\windows\temp\dkrTK.sys type=kernel
+        && sc.exe start dkrTK.sys
+    Description: "The User Agent tjr.exe, which is protected via a virtual machine,\
+        \ drops the kernel driver to the user temporary directory C:\\%User%\\AppData\\\
+        Local\\Temp\\Ktgn.sys. It then installs the dropped driver with the name ktgn\
+        \ and the start value = System (to start when the system restarts). From our\
+        \ analysis of what occurs when a user interfaces with this driver, we observed\
+        \ that it only uses one of the exposed Device Input and Output Control (IOCTL)\
+        \ code \u2014 Kill Process, which is used to kill security agent processes\
+        \ installed on the system."
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://www.trendmicro.com/content/dam/trendmicro/global/en/research/23/e/blackcat-ransomware-deploys-new-signed-kernel-driver/indicators-blackcat-ransomware-deploys-new-signed-kernel-driver.txt
 - https://www.trendmicro.com/en_us/research/23/e/blackcat-ransomware-deploys-new-signed-kernel-driver.html
-Tags:
-- dkrTK.sys
-Verified: 'TRUE'
+Detection: []
+Acknowledgement:
+    Handle: BushidoToken
+    Person: BushidoToken
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 233c2815720d7aa90838780dc482ddb9
+        SHA1: 6271a84b349debb9a1bf7a5a164e91ef6cb9f869
+        SHA256: 24395b622d4fd48864a50978ffd2b82fdded5189741a6deea9293cc075cd0c6b
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2022-06-02 04:09:08'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: dkrTK.sys
+    ImportedFunctions:
+    - rand
+    - srand
+    - RtlInitUnicodeString
+    - RtlGetVersion
+    - KeDelayExecutionThread
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - ExSystemTimeToLocalTime
+    - MmGetSystemRoutineAddress
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoGetCurrentProcess
+    - ObReferenceObjectByHandleWithTag
+    - ObfDereferenceObject
+    - ObfDereferenceObjectWithTag
+    - MmIsAddressValid
+    - PsGetProcessExitStatus
+    - PsIsThreadTerminating
+    - PsLookupProcessByProcessId
+    - PsLookupThreadByThreadId
+    - PsGetThreadProcess
+    - PsIsSystemThread
+    - ObOpenObjectByPointerWithTag
+    - KeBugCheckEx
+    - ExAllocatePool
+    - NtQuerySystemInformation
+    - ExFreePoolWithTag
+    - IoAllocateMdl
+    - MmProbeAndLockPages
+    - MmMapLockedPagesSpecifyCache
+    - MmUnlockPages
+    - IoFreeMdl
+    - KeQueryActiveProcessors
+    - KeSetSystemAffinityThread
+    - KeRevertToUserAffinityThread
+    - DbgPrint
+    - KeQueryPerformanceCounter
+    Imports:
+    - ntoskrnl.exe
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: a837302307dace2a00d07202b661bce2
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: ffdf660eb1ebf020a1d0a55a90712dfb
+        SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
+        SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
+    SHA1: 91568d7a82cc7677f6b13f11bea5c40cf12d281b
+    SHA256: 52d5c35325ce701516f8b04380c9fbdb78ec6bcc13b444f758fdb03d545b0677
+    Sections:
+        .text:
+            Entropy: 0.0
+            Virtual Size: '0x16a8'
+        .rdata:
+            Entropy: 0.0
+            Virtual Size: '0x5b0'
+        .data:
+            Entropy: 0.0
+            Virtual Size: '0x110'
+        .pdata:
+            Entropy: 0.0
+            Virtual Size: '0x15c'
+        INIT:
+            Entropy: 0.0
+            Virtual Size: '0x3ee'
+        .YUC:
+            Entropy: 0.0
+            Virtual Size: '0x1394a0'
+        .(~z:
+            Entropy: 2.1490473203220253
+            Virtual Size: '0x200'
+        .A<b:
+            Entropy: 7.650439716839931
+            Virtual Size: '0x2536b0'
+        .reloc:
+            Entropy: 3.915623139317465
+            Virtual Size: '0xd8'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=CN, ST=Shandong, L=Zaozhuang, O=Bopsoft, CN=Bopsoft
+            ValidFrom: '2018-03-02 00:00:00'
+            ValidTo: '2018-11-28 23:59:59'
+            Signature: 261c8eec3489c246498e8f65d4f68bd4f1e569760f9653601c877ad5f755bdd0ff729e81ced79aa051ea3ad404a74ba13cfeba87cc44b1960463280c5e44162713038f4d63e5737afe06427b934e403eb31fe76ae672575dc7fc72dd9fb199680d9fc4a8dcb31662b45423e6e738418066d9e14968a0d3e85c3c8e820692d6bcc203e675079a773681d8ddb91b81a808c2f1be43fba6343d82403ea067bbc6a3fe28a67de9a82707dfbbd8e1e06e977676242b32467bd02351843eefe183b603c04af960d6777e2958b7d88d6512190b3af858188be9e9bc3cd1e2fe92adbec1bca5885ab6d021a048f258b55a0ff5b7d55d94db1694840771f54b63862a9cd2
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 38de06b8be15187f107e04f8b1138977
+            Version: 3
+            TBS:
+                MD5: 1e71dd41570c4bb591861555853106a3
+                SHA1: 1cb57dd770235af6c117b995e9c52909a0e44684
+                SHA256: 4ebff6116837c32889b3bcbabd82137e69a7d30ea1458d8e8e9a1861379761f3
+                SHA384: 738b7cc310cd6dd8166ed2317a8bc065a3fe0245b8b0ff73a781f0902c3a6c29f5e133f2f43e040f49aec974a618063c
+        -   Subject: C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 56fe535ce1c79ebca7ed7e536d6a144b518c405e805faaa4e82fef38c804c9ca3ecfdf3a584eb0d4b663c52957fa02059a454d68db2a1bd4343d9f00c35acb9549a56ee1b0c5fc414d414a6fd377c8d7388de419de18f31f1565836d450c53f90a9a2ea55dbf6f32811892196a5500ad631c52067e55d92968ae4a7c189a79886b2323d827382a298776cafbc7b662231fed7a564cdd9c325bf53d0c4618953b2a2368836441d9006d0f1924156872bdc571676eac4cdb90eb51a51a6207d0be6a00473c722fec4f613e7385ce5a0ab7bac01c1375e3223928dd6d1d09469d4fbae8408191c6a4ce94721b01cf2a6e15679589ae7db7b7cdf90a3d75b66b3c25
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47974d7873a5bcab0d2fb370192fce5e
+            Version: 3
+            TBS:
+                MD5: e3a93dc2a8a8a668fdbb286bfe9afab5
+                SHA1: 95795d2aa2a554a423bc8c6e5b0a016d14887d35
+                SHA256: d8844186775bddbccaf3dc017064df7d760fd4b85c5d07561a3efd7da950f89e
+                SHA384: 78d972495720b43a6470b18ae1226bcca20707628087717a9364c14ca053ba264e6d149718b103542d9942200138a69d
+        -   Subject: C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c)
+                2006 thawte, Inc. , For authorized use only, CN=thawte Primary Root
+                CA
+            ValidFrom: '2011-02-22 19:31:57'
+            ValidTo: '2021-02-22 19:41:57'
+            Signature: 2dcc71b5e8ba94ff5ee64467007b6afc412c3ee70e41855ab12a932ba95b89f2f72b499c8003f297b8e760a80ed7fd5de545467594f4ed1c9de166228b61fb29f2c6a8bdf387c98f7f47e1c058b64a1aa2e7f718606969e083069e26c775c40c0d79da746b52b9fae8ea3359b9bb18dd291a14dfd36a37277a9da0dacffffc22c4faf009ff33e93e17ba1cc742cfce2743d30c0c5581303db96060ce02ece19ee81ddc852ce0a18d966d95ac17a4713ea16741b6281d2ce3b615e5b7e5a2f6256d86e320acf9f8314f8e629b9833376d6af735523e90feb03b5fc5b852a9e06ea0479a279e97aea24a9e531939ec357ec659de3ae0aaf533f06abda0821812dea18c4570ca2bd62e959145995a5c240049bd23b30ceca43df5b9e1d1b1825a38eea3fba1ab483a8c5dffa065223fd3d3fe4990db1446a3852e8a554b09ab38b2ab63a008d1fdad48e273d812bcc26ca516fad09ac05e38383a2b718e553aac42197a1f0d4220e7ab5d8c6880524ca1c0d488d02321fb901309007b4937afa9df486022abf4f6c2363bf8513c34bbc586e43ae19f4b90fe5461024b159c34176aa94b8d4cb69d2326c83af1d6b805cdda1d6240183a2f1b41cd3a993a0aa9d1d77eb8c4aff7b8c980105ed55df6ce7a9a02c50f6381efb564e9fc5bd8d2619a68c37cf9c78df91e87d5fa2cf816ae9dab068fc86dc741cda14e84e3dac26ebcfb
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611fb0a400000000001d
+            Version: 3
+            TBS:
+                MD5: a3f222107d4e1085e73b5b589c2f480b
+                SHA1: b94aa26cd77c48d91a53ac44506cbd255e1d362c
+                SHA256: a39ed0d6fd4eb1a6f7fed60f726e23eae668b7591bc004644625d22c701213fa
+                SHA384: 64b7643e4146016cbf83c911eb67e4601b6bb8d66f8ee8dcee67b815f91770d86ab23678b984430f22a963e5484881b7
+        Signer:
+        -   SerialNumber: 38de06b8be15187f107e04f8b1138977
+            Issuer: C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2
+            Version: 1
+    Imphash: 26ceec6572c630bdad60c984e51b7da4
+    LoadsDespiteHVCI: 'TRUE'
diff --git a/yaml/8c2df58f-1e02-4911-ad40-3fa4ed1f4333.yaml b/yaml/8c2df58f-1e02-4911-ad40-3fa4ed1f4333.yaml
index 839e305f4..d6b8af4e8 100644
--- a/yaml/8c2df58f-1e02-4911-ad40-3fa4ed1f4333.yaml
+++ b/yaml/8c2df58f-1e02-4911-ad40-3fa4ed1f4333.yaml
@@ -1,224 +1,225 @@
 Id: 8c2df58f-1e02-4911-ad40-3fa4ed1f4333
+Tags:
+- ef0e1725aaf0c6c972593f860531a2ea.sys
+Verified: 'TRUE'
 Author: Alice Climent-Pommeret
 Created: '2023-07-31'
 MitreID: T1014
 Category: malicious
-Verified: 'TRUE'
 Commands:
-  Command: sc.exe create ef0e1725aaf0c6c972593f860531a2ea.sys binPath=C:\windows\temp\ef0e1725aaf0c6c972593f860531a2ea.sys
-    type=kernel && sc.exe start ef0e1725aaf0c6c972593f860531a2ea.sys
-  Description: "Cisco Talos has identified multiple versions of an undocumented malicious\
-    \ driver named \u201CRedDriver,\u201D a driver-based browser hijacker that uses\
-    \ the Windows Filtering Platform (WFP) to intercept browser traffic. RedDriver\
-    \ has been active since at least 2021. RedDriver utilizes HookSignTool to forge\
-    \ its signature timestamp to bypass Windows driver-signing policies. Code from\
-    \ multiple open-source tools has been used in the development of RedDriver's infection\
-    \ chain, including HP-Socket and a custom implementation of ReflectiveLoader.\
-    \ The authors of RedDriver appear to be skilled in driver development and have\
-    \ deep knowledge of the Windows operating system. This threat appears to target\
-    \ native Chinese speakers, as it searches for Chinese language browsers to hijack.\
-    \ Additionally, the authors are likely Chinese speakers themselves."
-  Usecase: ''
-  Privileges: kernel
-  OperatingSystem: Windows 10
+    Command: sc.exe create ef0e1725aaf0c6c972593f860531a2ea.sys binPath=C:\windows\temp\ef0e1725aaf0c6c972593f860531a2ea.sys
+        type=kernel && sc.exe start ef0e1725aaf0c6c972593f860531a2ea.sys
+    Description: "Cisco Talos has identified multiple versions of an undocumented\
+        \ malicious driver named \u201CRedDriver,\u201D a driver-based browser hijacker\
+        \ that uses the Windows Filtering Platform (WFP) to intercept browser traffic.\
+        \ RedDriver has been active since at least 2021. RedDriver utilizes HookSignTool\
+        \ to forge its signature timestamp to bypass Windows driver-signing policies.\
+        \ Code from multiple open-source tools has been used in the development of\
+        \ RedDriver's infection chain, including HP-Socket and a custom implementation\
+        \ of ReflectiveLoader. The authors of RedDriver appear to be skilled in driver\
+        \ development and have deep knowledge of the Windows operating system. This\
+        \ threat appears to target native Chinese speakers, as it searches for Chinese\
+        \ language browsers to hijack. Additionally, the authors are likely Chinese\
+        \ speakers themselves."
+    Usecase: ''
+    Privileges: kernel
+    OperatingSystem: Windows 10
 Resources:
 - https://blog.talosintelligence.com/undocumented-reddriver/
-Acknowledgement:
-  Person: ''
-  Handle: ''
 Detection: []
+Acknowledgement:
+    Person: ''
+    Handle: ''
 KnownVulnerableSamples:
-- Filename: ''
-  MD5: ef0e1725aaf0c6c972593f860531a2ea
-  SHA1: 6abc7979ba044f31884517827afb7b4bdaa0dcc1
-  SHA256: f0474e76cfd36e37e32cfe5c0a9e05ddee17dd5014d7aa8817ea3634a3540a3f
-  Signature: ''
-  Date: ''
-  Publisher: ''
-  Company: ''
-  Description: ''
-  Product: ''
-  ProductVersion: ''
-  FileVersion: ''
-  MachineType: AMD64
-  OriginalFilename: ''
-  Authentihash:
-    MD5: b2529d804593b6e7ced9f1d0ae2534a4
-    SHA1: 859eabbf126c0f1c7895b45ec5629029a24ec059
-    SHA256: 3fb37ecca8742677bd94ef6f6fb195b4baac701525c2140773a6475fa3aa633c
-  RichPEHeaderHash:
-    MD5: 50a091a32968ef3300f66b6b27458a45
-    SHA1: 8d89bf1282a5af58cb3566accb77398fed0a2634
-    SHA256: eb0f5406bd177f3dc8a2adcf37a88cc3881e703f32fa67ff8f9c6cf67b9558d3
-  Sections:
-    .text:
-      Entropy: 6.215195579496279
-      Virtual Size: '0xb98e'
-    .rdata:
-      Entropy: 5.123765459491577
-      Virtual Size: '0xb8c'
-    .data:
-      Entropy: 7.879353247925244
-      Virtual Size: '0xc7c90'
-    .pdata:
-      Entropy: 4.576491148346972
-      Virtual Size: '0x510'
-    PAGE:
-      Entropy: 6.3192231164772075
-      Virtual Size: '0x9b5'
-    INIT:
-      Entropy: 5.343230388706494
-      Virtual Size: '0xa96'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2023-06-23 19:41:15'
-  InternalName: ''
-  Copyright: ''
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IoRegisterDriverReinitialization
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeSetEvent
-  - KeInitializeEvent
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - ZwClose
-  - IofCompleteRequest
-  - ObReferenceObjectByHandle
-  - KeWaitForSingleObject
-  - PsThreadType
-  - IoIsWdmVersionAvailable
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - ZwReadFile
-  - IoCreateFile
-  - ZwSetInformationFile
-  - ZwCreateFile
-  - ZwQueryDirectoryFile
-  - ZwDeleteFile
-  - ZwOpenFile
-  - RtlImageNtHeader
-  - ZwQueryInformationFile
-  - ZwWriteFile
-  - ZwSetValueKey
-  - ZwQueryValueKey
-  - _vsnprintf
-  - ZwFlushKey
-  - ZwDeleteKey
-  - ZwOpenKey
-  - _stricmp
-  - ZwCreateKey
-  - PsSetLoadImageNotifyRoutine
-  - PsGetProcessImageFileName
-  - PsLookupProcessByProcessId
-  - MmGetSystemRoutineAddress
-  - RtlGetVersion
-  - FsRtlIsNameInExpression
-  - wcsrchr
-  - PsRemoveLoadImageNotifyRoutine
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - KeUnstackDetachProcess
-  - ObOpenObjectByPointer
-  - KeStackAttachProcess
-  - ZwAllocateVirtualMemory
-  - KeClearEvent
-  - _wcsnicmp
-  - ObCreateObject
-  - IoFileObjectType
-  - IoDriverObjectType
-  - MmMapLockedPagesSpecifyCache
-  - IoGetCurrentProcess
-  - _vsnwprintf
-  - KeQueryTimeIncrement
-  - IoGetDeviceAttachmentBaseRef
-  - IoFreeIrp
-  - IoAllocateIrp
-  - RtlCompareUnicodeString
-  - CmRegisterCallback
-  - PsGetCurrentProcessId
-  - RtlCopyUnicodeString
-  - CmCallbackGetKeyObjectID
-  - ZwEnumerateKey
-  - strstr
-  - KeDelayExecutionThread
-  - ExSystemTimeToLocalTime
-  - RtlTimeToTimeFields
-  - RtlMultiByteToUnicodeN
-  - IoBuildDeviceIoControlRequest
-  - IoGetRelatedDeviceObject
-  - IoFreeMdl
-  - IoCancelIrp
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - IofCallDriver
-  - ZwMapViewOfSection
-  - ExGetPreviousMode
-  - ZwQuerySystemInformation
-  - ZwUnmapViewOfSection
-  - ZwCreateSection
-  - ExFreePool
-  - KeBugCheckEx
-  - __C_specific_handler
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=CN, ST=Beijing, L=Beijing, O=Beijing JoinHope Image Technology Ltd.,
-        CN=Beijing JoinHope Image Technology Ltd.
-      ValidFrom: '2014-05-16 00:00:00'
-      ValidTo: '2015-05-16 23:59:59'
-      Signature: e896f8811ed9938fcbdc8c37f8c029045bb36722791c608d7d59f1d50b9e8923777b3ce973553c8164d7445f038c3720516d74f2f95fd734cd1349c1e6cf17f1c9042f069fb94350f7cd8f36f676fd175742d32adbc5d143423e3bc38bea71f9d021110303529d578ba7aab16d53c61642cf1f7e16964718a083182429d4347a09ea0047d9e53bad112ca5a5a14a180539ceb64000a677709bb70e9e3aea68158977072e7f130f1f99b08c2593b4003523f3f6cd441a7e4d8e88f3a2b871e6a03627dd3dadd97487df1dc5b93119ec65b60d1e4e0248a1978ee7480c08b8b8e54d890e7941aa852cf65d731cf0a6cf66584a0d0fba70d6697ee22a8d859919f4
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0a005d2e2bcd4137168217d8c727747c
-      Version: 3
-      TBS:
-        MD5: 4d213d99215f488050faaa39765656d1
-        SHA1: 0308508b5a3fcd330bbf28931f8e1a9c93c3ee69
-        SHA256: ea947432de238a25fdb7892e436f4ef44f30ab16ae9e1eb914860f4808b25ef2
-        SHA384: 430e932514f35ed55f31f050f33bcc0b9244fd83c6d1d28ee240306e54292e93b5894ef4eb9c09bf84cdc8068c6a7230
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 0a005d2e2bcd4137168217d8c727747c
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: be0dd8b8e045356d600ee55a64d9d197
-  LoadsDespiteHVCI: 'TRUE'
-Tags:
-- ef0e1725aaf0c6c972593f860531a2ea.sys
+-   Filename: ''
+    MD5: ef0e1725aaf0c6c972593f860531a2ea
+    SHA1: 6abc7979ba044f31884517827afb7b4bdaa0dcc1
+    SHA256: f0474e76cfd36e37e32cfe5c0a9e05ddee17dd5014d7aa8817ea3634a3540a3f
+    Signature: ''
+    Date: ''
+    Publisher: ''
+    Company: ''
+    Description: ''
+    Product: ''
+    ProductVersion: ''
+    FileVersion: ''
+    MachineType: AMD64
+    OriginalFilename: ''
+    Authentihash:
+        MD5: b2529d804593b6e7ced9f1d0ae2534a4
+        SHA1: 859eabbf126c0f1c7895b45ec5629029a24ec059
+        SHA256: 3fb37ecca8742677bd94ef6f6fb195b4baac701525c2140773a6475fa3aa633c
+    RichPEHeaderHash:
+        MD5: 50a091a32968ef3300f66b6b27458a45
+        SHA1: 8d89bf1282a5af58cb3566accb77398fed0a2634
+        SHA256: eb0f5406bd177f3dc8a2adcf37a88cc3881e703f32fa67ff8f9c6cf67b9558d3
+    Sections:
+        .text:
+            Entropy: 6.215195579496279
+            Virtual Size: '0xb98e'
+        .rdata:
+            Entropy: 5.123765459491577
+            Virtual Size: '0xb8c'
+        .data:
+            Entropy: 7.879353247925244
+            Virtual Size: '0xc7c90'
+        .pdata:
+            Entropy: 4.576491148346972
+            Virtual Size: '0x510'
+        PAGE:
+            Entropy: 6.3192231164772075
+            Virtual Size: '0x9b5'
+        INIT:
+            Entropy: 5.343230388706494
+            Virtual Size: '0xa96'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2023-06-23 19:41:15'
+    InternalName: ''
+    Copyright: ''
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - IoRegisterDriverReinitialization
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeSetEvent
+    - KeInitializeEvent
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - ZwClose
+    - IofCompleteRequest
+    - ObReferenceObjectByHandle
+    - KeWaitForSingleObject
+    - PsThreadType
+    - IoIsWdmVersionAvailable
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - ZwReadFile
+    - IoCreateFile
+    - ZwSetInformationFile
+    - ZwCreateFile
+    - ZwQueryDirectoryFile
+    - ZwDeleteFile
+    - ZwOpenFile
+    - RtlImageNtHeader
+    - ZwQueryInformationFile
+    - ZwWriteFile
+    - ZwSetValueKey
+    - ZwQueryValueKey
+    - _vsnprintf
+    - ZwFlushKey
+    - ZwDeleteKey
+    - ZwOpenKey
+    - _stricmp
+    - ZwCreateKey
+    - PsSetLoadImageNotifyRoutine
+    - PsGetProcessImageFileName
+    - PsLookupProcessByProcessId
+    - MmGetSystemRoutineAddress
+    - RtlGetVersion
+    - FsRtlIsNameInExpression
+    - wcsrchr
+    - PsRemoveLoadImageNotifyRoutine
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - KeUnstackDetachProcess
+    - ObOpenObjectByPointer
+    - KeStackAttachProcess
+    - ZwAllocateVirtualMemory
+    - KeClearEvent
+    - _wcsnicmp
+    - ObCreateObject
+    - IoFileObjectType
+    - IoDriverObjectType
+    - MmMapLockedPagesSpecifyCache
+    - IoGetCurrentProcess
+    - _vsnwprintf
+    - KeQueryTimeIncrement
+    - IoGetDeviceAttachmentBaseRef
+    - IoFreeIrp
+    - IoAllocateIrp
+    - RtlCompareUnicodeString
+    - CmRegisterCallback
+    - PsGetCurrentProcessId
+    - RtlCopyUnicodeString
+    - CmCallbackGetKeyObjectID
+    - ZwEnumerateKey
+    - strstr
+    - KeDelayExecutionThread
+    - ExSystemTimeToLocalTime
+    - RtlTimeToTimeFields
+    - RtlMultiByteToUnicodeN
+    - IoBuildDeviceIoControlRequest
+    - IoGetRelatedDeviceObject
+    - IoFreeMdl
+    - IoCancelIrp
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - IofCallDriver
+    - ZwMapViewOfSection
+    - ExGetPreviousMode
+    - ZwQuerySystemInformation
+    - ZwUnmapViewOfSection
+    - ZwCreateSection
+    - ExFreePool
+    - KeBugCheckEx
+    - __C_specific_handler
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=CN, ST=Beijing, L=Beijing, O=Beijing JoinHope Image Technology
+                Ltd., CN=Beijing JoinHope Image Technology Ltd.
+            ValidFrom: '2014-05-16 00:00:00'
+            ValidTo: '2015-05-16 23:59:59'
+            Signature: e896f8811ed9938fcbdc8c37f8c029045bb36722791c608d7d59f1d50b9e8923777b3ce973553c8164d7445f038c3720516d74f2f95fd734cd1349c1e6cf17f1c9042f069fb94350f7cd8f36f676fd175742d32adbc5d143423e3bc38bea71f9d021110303529d578ba7aab16d53c61642cf1f7e16964718a083182429d4347a09ea0047d9e53bad112ca5a5a14a180539ceb64000a677709bb70e9e3aea68158977072e7f130f1f99b08c2593b4003523f3f6cd441a7e4d8e88f3a2b871e6a03627dd3dadd97487df1dc5b93119ec65b60d1e4e0248a1978ee7480c08b8b8e54d890e7941aa852cf65d731cf0a6cf66584a0d0fba70d6697ee22a8d859919f4
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0a005d2e2bcd4137168217d8c727747c
+            Version: 3
+            TBS:
+                MD5: 4d213d99215f488050faaa39765656d1
+                SHA1: 0308508b5a3fcd330bbf28931f8e1a9c93c3ee69
+                SHA256: ea947432de238a25fdb7892e436f4ef44f30ab16ae9e1eb914860f4808b25ef2
+                SHA384: 430e932514f35ed55f31f050f33bcc0b9244fd83c6d1d28ee240306e54292e93b5894ef4eb9c09bf84cdc8068c6a7230
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 0a005d2e2bcd4137168217d8c727747c
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: be0dd8b8e045356d600ee55a64d9d197
+    LoadsDespiteHVCI: 'TRUE'
diff --git a/yaml/8c2fa9d1-b2b1-4ba1-bad9-60c44c2c20eb.yaml b/yaml/8c2fa9d1-b2b1-4ba1-bad9-60c44c2c20eb.yaml
index c935a6960..60a1cebfa 100644
--- a/yaml/8c2fa9d1-b2b1-4ba1-bad9-60c44c2c20eb.yaml
+++ b/yaml/8c2fa9d1-b2b1-4ba1-bad9-60c44c2c20eb.yaml
@@ -1,35 +1,35 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 8c2fa9d1-b2b1-4ba1-bad9-60c44c2c20eb
+Tags:
+- t8.sys
+Verified: 'FALSE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create t8.sys binPath=C:\windows\temp\t8.sys type=kernel && sc.exe
-    start t8.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection: []
-Id: 8c2fa9d1-b2b1-4ba1-bad9-60c44c2c20eb
-KnownVulnerableSamples:
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: t8.sys
-  MachineType: ''
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA256: 258359a7fa3d975620c9810dab3a6493972876a024135feaf3ac8482179b2e79
-  Signature: []
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create t8.sys binPath=C:\windows\temp\t8.sys type=kernel && sc.exe
+        start t8.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules
-Tags:
-- t8.sys
-Verified: 'FALSE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: t8.sys
+    MachineType: ''
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA256: 258359a7fa3d975620c9810dab3a6493972876a024135feaf3ac8482179b2e79
+    Signature: []
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/8d14d798-338f-471e-bacb-6d9371c0f529.yaml b/yaml/8d14d798-338f-471e-bacb-6d9371c0f529.yaml
index 48c7ec533..ef39a41d7 100644
--- a/yaml/8d14d798-338f-471e-bacb-6d9371c0f529.yaml
+++ b/yaml/8d14d798-338f-471e-bacb-6d9371c0f529.yaml
@@ -1,74 +1,74 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 8d14d798-338f-471e-bacb-6d9371c0f529
+Tags:
+- dbutil.sys
+Verified: 'FALSE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create dbutil.sys binPath=C:\windows\temp\dbutil.sys type=kernel
-    && sc.exe start dbutil.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection: []
-Id: 8d14d798-338f-471e-bacb-6d9371c0f529
-KnownVulnerableSamples:
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: dbutil.sys
-  MachineType: ''
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: 485c0b9710a196c7177b99ee95e5ddb35b26ddd1
-  Signature: []
-  LoadsDespiteHVCI: 'FALSE'
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: dbutil.sys
-  MachineType: ''
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: 50e2bc41f0186fdce970b80e2a2cb296353af586
-  Signature: []
-  LoadsDespiteHVCI: 'FALSE'
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: dbutil.sys
-  MachineType: ''
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: e3c1dd569aa4758552566b0213ee4d1fe6382c4b
-  Signature: []
-  LoadsDespiteHVCI: 'FALSE'
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: dbutil.sys
-  MachineType: ''
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: e09b5e80805b8fe853ea27d8773e31bff262e3f7
-  Signature: []
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create dbutil.sys binPath=C:\windows\temp\dbutil.sys type=kernel
+        && sc.exe start dbutil.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules
-Tags:
-- dbutil.sys
-Verified: 'FALSE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: dbutil.sys
+    MachineType: ''
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: 485c0b9710a196c7177b99ee95e5ddb35b26ddd1
+    Signature: []
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: dbutil.sys
+    MachineType: ''
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: 50e2bc41f0186fdce970b80e2a2cb296353af586
+    Signature: []
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: dbutil.sys
+    MachineType: ''
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: e3c1dd569aa4758552566b0213ee4d1fe6382c4b
+    Signature: []
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: dbutil.sys
+    MachineType: ''
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: e09b5e80805b8fe853ea27d8773e31bff262e3f7
+    Signature: []
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/8d3f27bd-c3fd-48d0-913a-e2caa6fbd025.yaml b/yaml/8d3f27bd-c3fd-48d0-913a-e2caa6fbd025.yaml
index 68cb23ce4..0c8680e61 100644
--- a/yaml/8d3f27bd-c3fd-48d0-913a-e2caa6fbd025.yaml
+++ b/yaml/8d3f27bd-c3fd-48d0-913a-e2caa6fbd025.yaml
@@ -1,2399 +1,2422 @@
 Id: 8d3f27bd-c3fd-48d0-913a-e2caa6fbd025
+Tags:
+- rtkio.sys
+- rtkio64.sys
+- rtkiow8x64.sys
+- rtkiow10x64.sys
+Verified: 'TRUE'
 Author: Michael Haag, Nasreddine Bencherchali
 Created: '2023-01-09'
 MitreID: T1068
 Category: vulnerable driver
-Verified: 'TRUE'
 Commands:
-  Command: sc.exe create rtkio64.sys binPath=C:\windows\temp\rtkio64.sys type=kernel
-    && sc.exe start rtkio64.sys
-  Description: ''
-  Usecase: Elevate privileges
-  Privileges: kernel
-  OperatingSystem: Windows 10
+    Command: sc.exe create rtkio64.sys binPath=C:\windows\temp\rtkio64.sys type=kernel
+        && sc.exe start rtkio64.sys
+    Description: ''
+    Usecase: Elevate privileges
+    Privileges: kernel
+    OperatingSystem: Windows 10
 Resources:
 - Internal Research
 - https://github.com/eclypsium/Screwed-Drivers/blob/master/DRIVERS.md
 - https://github.com/elastic/protections-artifacts/search?q=rtkio
-Acknowledgement:
-  Person: ''
-  Handle: ''
 Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/074ae477c8c7ae76c6f2b0bf77ac17935a8e8ee51b52155d2821d93ab30f3761.yara
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/916c535957a3b8cbf3336b63b2260ea4055163a9e6b214f2a7005d6d36a4a677.yara
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/ab8f2217e59319b88080e052782e559a706fa4fb7b8b708f709ff3617124da89.yara
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/caa85c44eb511377ea7426ff10df00a701c07ffb384eef8287636a4bca0b53ab.yara
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/074ae477c8c7ae76c6f2b0bf77ac17935a8e8ee51b52155d2821d93ab30f3761.yara
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/916c535957a3b8cbf3336b63b2260ea4055163a9e6b214f2a7005d6d36a4a677.yara
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/ab8f2217e59319b88080e052782e559a706fa4fb7b8b708f709ff3617124da89.yara
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/caa85c44eb511377ea7426ff10df00a701c07ffb384eef8287636a4bca0b53ab.yara
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Person: ''
+    Handle: ''
 KnownVulnerableSamples:
-- Filename: rtkio64.sys
-  MD5: 7aa34cd9ea5649c24a814e292b270b6f
-  SHA1: b21cba198d721737aabd882ada6c91295a5975ed
-  SHA256: 074ae477c8c7ae76c6f2b0bf77ac17935a8e8ee51b52155d2821d93ab30f3761
-  Authentihash:
-    MD5: dbcdc8d0f902e064773b158644ee717d
-    SHA1: 7593d46a73ec00e00aef3e9d0031c2b21b74ecfb
-    SHA256: 64d060216cf55210f595609487b708d5e70e0706a8de0827369bf58898205f34
-  Description: Realtek IO Driver
-  Company: 'Realtek                                            '
-  InternalName: 'rtkio64.sys '
-  OriginalFilename: 'rtkio64.sys '
-  FileVersion: '1.006.0118.2017 built by: WinDDK'
-  Product: 'Realtek IO Driver                      '
-  ProductVersion: 1.006.0118.2017
-  Copyright: 'Copyright (C) 2017 Realtek Semiconductor Corporation. All Right Reserved.            '
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - MmMapIoSpace
-  - MmUnmapLockedPages
-  - ExUnregisterCallback
-  - ExAllocatePoolWithTag
-  - IoWMIRegistrationControl
-  - KeQueryActiveProcessors
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - IoWMIWriteEvent
-  - IoRegisterShutdownNotification
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - MmGetSystemRoutineAddress
-  - MmBuildMdlForNonPagedPool
-  - MmUnmapIoSpace
-  - MmMapLockedPagesSpecifyCache
-  - ZwQueryValueKey
-  - IofCompleteRequest
-  - ExRegisterCallback
-  - RtlCompareMemory
-  - IoCreateSymbolicLink
-  - KeSetSystemAffinityThread
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - ExCreateCallback
-  - IoAllocateMdl
-  - ZwOpenKey
-  - KeBugCheckEx
-  - IoFreeMdl
-  - _vsnprintf
-  - __C_specific_handler
-  - KeStallExecutionProcessor
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: ??=Private Organization, ??=TW, serialNumber=22671299, ??=No. 2, Innovation
-        Road II, Hsinchu Science Park, postalCode=300, C=TW, ST=Taiwan, L=Hsinchu,
-        O=Realtek Semiconductor Corp., CN=Realtek Semiconductor Corp.
-      ValidFrom: '2016-06-13 00:00:00'
-      ValidTo: '2019-01-24 12:00:00'
-      Signature: 9616a10e728762896fad0b74d574eb1775ae3bd1b12dc07441d668ec373ffb2ed5590d43f821b8d440c8e11338272d0cd1bc0ea5c05a428538c0ba1195e800c51e81db998174bdbe25be284a2c367d3578cf801524bd9f18b9098f4ee79f45a0e9af74894b828523f0b2c1c6837bc572da3be7f769e8df8749f26fd05087cc4b09fedac11c037e3690441286f8c52c09f18c7c179138f4844a8d99d8f9e7dec178ead089e12a05469c046a3c85b43d038811f02c6803128bf9bc1b757a2bb72d3ad61f670d3ae856ade0165f9dff89c36592b5295ead0718458c19c2f21781cd1ef0685049ebddd88806cd17e6eab078e2f0a505845ee5d9fca6904260ef8a1a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0320be3eb866526927f999b97b04346e
-      Version: 3
-      TBS:
-        MD5: 31dfd57553ffa3502588782224f0f952
-        SHA1: 5ab8ec4ea22baa159082487c27072381e061852a
-        SHA256: 89fe69abb220b5f1f93e80dcbb348b390f24e6805a7abf98823e410e282774cb
-        SHA384: ae20a14adc332445cbdec78ff89392dd9000fc95559eac38330516d00cf9bd845079946c6d3dc2655021ddda7de132a5
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA
-      ValidFrom: '2012-04-18 12:00:00'
-      ValidTo: '2027-04-18 12:00:00'
-      Signature: 9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0dd0e3374ac95bdbfa6b434b2a48ec06
-      Version: 3
-      TBS:
-        MD5: f92649915476229b093c211c2b18e6c4
-        SHA1: 2d54c16a8f8b69ccdea48d0603c132f547a5cf75
-        SHA256: 2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
-        SHA384: 511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 0320be3eb866526927f999b97b04346e
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: e72f43662286233059952c5d9a57822d
-    SHA1: 0ae75bd86b5ed4da0dee197283f9d8b832a3311a
-    SHA256: 35603db30b731cf20bc04d18789310d7c8acd10db9fc3b50e0c666862570ef24
-  Sections:
-    .text:
-      Entropy: 6.3866541913319255
-      Virtual Size: '0x418b'
-    .rdata:
-      Entropy: 5.162127331086041
-      Virtual Size: '0x42c'
-    .data:
-      Entropy: 0.3584113039007212
-      Virtual Size: '0x200'
-    .pdata:
-      Entropy: 4.072524997204114
-      Virtual Size: '0x210'
-    PAGE:
-      Entropy: 6.0669578130256525
-      Virtual Size: '0x544'
-    INIT:
-      Entropy: 5.930060809840686
-      Virtual Size: '0x9c4'
-    .rsrc:
-      Entropy: 3.2696830834769197
-      Virtual Size: '0x478'
-    .reloc:
-      Entropy: 1.584962500721156
-      Virtual Size: '0xc'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2017-01-18 01:48:25'
-  Imphash: 8ee2435c62b02fe0372cde028be489cb
-  LoadsDespiteHVCI: 'TRUE'
-- Filename: rtkio.sys
-  MD5: ffd0c87d9bf894af26823fbde94c71b6
-  SHA1: eacfc73f5f45f229867ee8b2eb1f9649b5dd422e
-  SHA256: 916c535957a3b8cbf3336b63b2260ea4055163a9e6b214f2a7005d6d36a4a677
-  Authentihash:
-    MD5: d543d754cbb1d404d62b6c574a1aa3cd
-    SHA1: daca8d39b72bbe8a5b6d5fa35bbb4ecef198a359
-    SHA256: e657e54c341d37881837dbaf553e10bbe31ff2d6ccf9ca939ca5433ec464a73b
-  Description: Realtek IODriver
-  Company: Windows (R) Codename Longhorn DDK provider
-  InternalName: rtkio.sys
-  OriginalFilename: rtkio.sys
-  FileVersion: '6.0.6000.16386 built by: WinDDK'
-  Product: Windows (R) Codename Longhorn DDK driver
-  ProductVersion: 6.0.6000.16386
-  Copyright: "\xA9 Microsoft Corporation. All rights reserved."
-  MachineType: I386
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - KeSetSystemAffinityThread
-  - KeQueryActiveProcessors
-  - ExAllocatePool
-  - DbgPrint
-  - MmMapLockedPagesSpecifyCache
-  - MmUnmapLockedPages
-  - IoAllocateMdl
-  - MmMapIoSpace
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeTickCount
-  - IoFreeMdl
-  - MmUnmapIoSpace
-  - ExFreePoolWithTag
-  - RtlInitUnicodeString
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - MmBuildMdlForNonPagedPool
-  - IofCompleteRequest
-  - RtlUnwind
-  - KeBugCheckEx
-  - WRITE_PORT_ULONG
-  - READ_PORT_USHORT
-  - READ_PORT_ULONG
-  - READ_PORT_UCHAR
-  - KeStallExecutionProcessor
-  - WRITE_PORT_UCHAR
-  - WRITE_PORT_USHORT
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G3
-      ValidFrom: '2012-05-01 00:00:00'
-      ValidTo: '2012-12-31 23:59:59'
-      Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
-      Version: 3
-      TBS:
-        MD5: e6d820afb23af20a65cf0b03247ea05e
-        SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
-        SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
-        SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=TW, ST=Taiwan, L=Hsinchu, O=Realtek Semiconductor Corp, OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=RTCN, CN=Realtek Semiconductor
-        Corp
-      ValidFrom: '2010-07-21 00:00:00'
-      ValidTo: '2013-06-11 23:59:59'
-      Signature: 6944295349cb2f0345a03f4b1be1351f4c361e68dd81dca590ebe4ac5f6e558fbb8b4d658e95ec5fddb5b31fdd4f98c0ca087af7c9b5bda8bf5eb3df56bc645e9402861e569a0f925220fada5ee8000893ace40b2b8b4cf598b2725ecfad20e4bcca8e10246474e8b7df6364ad38a7e2c125930afb624fc0a1431c87e2cb04c63ee62ebe12973baa5fc658ad644787d9802fa7eb5f892acd43155fbfa36e825842ad1799fc4543fc8a3fc0f7e110812faf9cc5846e93ddce7c5cb1670bdf62c648ce43c197d3d6825ca73f6e06eb51c725ee2339c6dbda33588a9970c3fdefe315152dc5a73ff855aba8129a1abc3c2654455deddca9b328bbff973266f5cd91
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 2c80892e0115b0b77aa3594b9a733953
-      Version: 3
-      TBS:
-        MD5: 4a941c830f7e9f9ce03c356b8c0fd25d
-        SHA1: f1ecad59308eb35e10b7085b6523e82d1f513957
-        SHA256: 70f36413a87faa734af7ba107f105430be009bb7a01948b30bbf0060f8c2d4d3
-        SHA384: 4b214d1474e9242b3e2b01919e6d0d802aaac64e3f40218454a2310a1a5662fbaa92240c822e42599469c33fe1d8f237
-    Signer:
-    - SerialNumber: 2c80892e0115b0b77aa3594b9a733953
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 2160d1cbf66ccfed8d319c9f995a765c
-    SHA1: 4ce22449b8e40b5e12393145cd6d23395a9e0ab4
-    SHA256: 735b68b5200bb9398147dd562bd90e6e63c1c77c6012be8f076b7382bb93e03d
-  Sections:
-    .text:
-      Entropy: 5.971538930127549
-      Virtual Size: '0x76e'
-    .rdata:
-      Entropy: 3.776130126635075
-      Virtual Size: '0x164'
-    .data:
-      Entropy: 2.9182958340544896
-      Virtual Size: '0xc'
-    PAGE:
-      Entropy: 6.248080040341218
-      Virtual Size: '0x663'
-    INIT:
-      Entropy: 5.78711526279093
-      Virtual Size: '0x49e'
-    .rsrc:
-      Entropy: 3.4176949428372736
-      Virtual Size: '0x408'
-    .reloc:
-      Entropy: 5.056661630034299
-      Virtual Size: '0x134'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2010-07-02 06:59:01'
-  Imphash: 6ce93eab57a73915ecd5c202a339f6ce
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: rtkiow10x64.sys
-  MD5: 96a8b535b5e14b582ca5679a3e2a5946
-  SHA1: f6b3577ea4b1a5641ae3421151a26268434c3db8
-  SHA256: ab8f2217e59319b88080e052782e559a706fa4fb7b8b708f709ff3617124da89
-  Authentihash:
-    MD5: 02f3eb42f514eb2652d6097e36874a1c
-    SHA1: 3c5cc137458500a4a7a0be5860a02a00df92e2d8
-    SHA256: 8944a3f50f38d92d17b8cfe2e08201a79ea30f38812d18f28036e59789d3f58c
-  Description: Realtek IO Driver
-  Company: 'Realtek                                            '
-  InternalName: 'rtkiow10x64.sys '
-  OriginalFilename: 'rtkiow10x64.sys '
-  FileVersion: 1.009.0709.2020
-  Product: 'Realtek IO Driver                      '
-  ProductVersion: 1.009.0709.2020
-  Copyright: 'Copyright (C) 2020 Realtek Semiconductor Corporation. All Right Reserved.            '
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - KfRaiseIrql
-  - MmUnmapIoSpace
-  - MmMapIoSpaceEx
-  - RtlInitUnicodeString
-  - MmGetSystemRoutineAddress
-  - KeSetSystemAffinityThreadEx
-  - KeQueryActiveProcessors
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - ExCreateCallback
-  - ExRegisterCallback
-  - ExUnregisterCallback
-  - MmBuildMdlForNonPagedPool
-  - MmMapLockedPagesSpecifyCache
-  - KeLowerIrql
-  - IoAllocateMdl
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - IoFreeMdl
-  - IoRegisterShutdownNotification
-  - IoUnregisterShutdownNotification
-  - IoWMIRegistrationControl
-  - ObfDereferenceObject
-  - ZwClose
-  - ZwOpenKey
-  - ZwQueryValueKey
-  - __C_specific_handler
-  - ZwCreateKey
-  - MmUnmapLockedPages
-  - _vsnprintf
-  - ZwSetSecurityObject
-  - IoDeviceObjectType
-  - IoCreateDevice
-  - ObOpenObjectByPointer
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - RtlGetSaclSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - _snwprintf
-  - RtlLengthSecurityDescriptor
-  - SeExports
-  - RtlCreateSecurityDescriptor
-  - _wcsnicmp
-  - wcschr
-  - RtlAbsoluteToSelfRelativeSD
-  - RtlAddAccessAllowedAce
-  - RtlLengthSid
-  - IoIsWdmVersionAvailable
-  - RtlSetDaclSecurityDescriptor
-  - ZwSetValueKey
-  - RtlFreeUnicodeString
-  - KeStallExecutionProcessor
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: ??=TW, ??=Private Organization, serialNumber=22671299, C=TW, L=HSINCHU,
-        O=Realtek Semiconductor Corp., CN=Realtek Semiconductor Corp.
-      ValidFrom: '2020-01-09 00:00:00'
-      ValidTo: '2020-09-15 12:00:00'
-      Signature: 622ab6660f0bb6b692dbbfe701f462a2f59e43a039ed1bf699a2e55c1871b0d24036819d02f456b8b5903628c5cf7094cd138332eed3e985232c30c7b3bb7c0640f06bb230d5c1eccd4e13d2377c168df20895c77a8c87b44c6200f6f06bc3bc40b285efa3f855f75c7ff3518dfb299c638b5d560fb94d3e97eea3a29a7524a0c1192311571fd06905346264c6d6c8336e08cb34d9ee7440677b92aa061981364db6bb67b4d3479041e85c7b4e31e009f3d315b75c6c50d8cefe6b63475ac598505235fe9c5f69bee61d70940d47ac10a760e3eac26e268f21508b5e567e6d92c5b1ba9b1de5ebc9da9ac472d6ca33dae12b01fca6113e6e8082bd00a3a33840
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 04df4d56733ae38d598ea004dd2d9c51
-      Version: 3
-      TBS:
-        MD5: d969341c77d84b74180d7c0bbd1758f7
-        SHA1: 13ff0fcb6faef6cc0d764891fd83ff75b222a2b0
-        SHA256: 8cc799dc0170de639334d3a3112d2d2b8629fdc98844cb4d6d6c6dc0776bb8fe
-        SHA384: 511153edeab984723234ccf6cece5240e80bfb0f0108edfb3408db6c3457f8a909098b81c048dcf4027392345315df7d
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA
-      ValidFrom: '2012-04-18 12:00:00'
-      ValidTo: '2027-04-18 12:00:00'
-      Signature: 9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0dd0e3374ac95bdbfa6b434b2a48ec06
-      Version: 3
-      TBS:
-        MD5: f92649915476229b093c211c2b18e6c4
-        SHA1: 2d54c16a8f8b69ccdea48d0603c132f547a5cf75
-        SHA256: 2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
-        SHA384: 511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 04df4d56733ae38d598ea004dd2d9c51
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: cd1e23f2655cfcbe9a7cc179aa127afe
-    SHA1: 686481f672f39383cdea14b1d7976b97eb3020ed
-    SHA256: 6a7198e2cf3b0e2d52587a6995559794e6191593e34509a4faa8fe9282c11959
-  Sections:
-    .text:
-      Entropy: 6.4238147271439425
-      Virtual Size: '0x3f3b'
-    .rdata:
-      Entropy: 4.651736190470738
-      Virtual Size: '0xee4'
-    .data:
-      Entropy: 1.588342766840537
-      Virtual Size: '0x308'
-    .pdata:
-      Entropy: 4.335125322152539
-      Virtual Size: '0x3d8'
-    PAGE:
-      Entropy: 6.261507946344208
-      Virtual Size: '0x2224'
-    INIT:
-      Entropy: 5.737973890262537
-      Virtual Size: '0xa72'
-    .rsrc:
-      Entropy: 3.2675840591592133
-      Virtual Size: '0x468'
-    .reloc:
-      Entropy: 3.3766291673878226
-      Virtual Size: '0x30'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2020-07-09 03:28:24'
-  Imphash: 317f02ddc9809d608a9bf63ce24e9550
-  LoadsDespiteHVCI: 'TRUE'
-- Filename: rtkio.sys
-  MD5: 664ad9cf500916c94fc2c0020660ac4e
-  SHA1: 444f96d8943aec21d26f665203f3fb80b9a2a260
-  SHA256: caa85c44eb511377ea7426ff10df00a701c07ffb384eef8287636a4bca0b53ab
-  Authentihash:
-    MD5: 2131039a2273befb71bfd7aedf9196b1
-    SHA1: df5d3b52f987c4b48c6d164d8266e57c86a4a2d7
-    SHA256: 1044ea40d459fe4c619a44afe53e6ff5a9cc5a37cf568d974ae23ed62da58759
-  Description: Realtek IODriver
-  Company: Windows (R) Codename Longhorn DDK provider
-  InternalName: rtkio.sys
-  OriginalFilename: rtkio.sys
-  FileVersion: '6.0.6000.16386 built by: WinDDK'
-  Product: Windows (R) Codename Longhorn DDK driver
-  ProductVersion: 6.0.6000.16386
-  Copyright: "\xA9 Microsoft Corporation. All rights reserved."
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - KeSetSystemAffinityThread
-  - IoCreateDevice
-  - DbgPrint
-  - IoAllocateMdl
-  - MmUnmapLockedPages
-  - KeQueryActiveProcessors
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - MmUnmapIoSpace
-  - MmBuildMdlForNonPagedPool
-  - IoFreeMdl
-  - MmMapLockedPagesSpecifyCache
-  - ExAllocatePool
-  - MmMapIoSpace
-  - KeBugCheckEx
-  - RtlInitUnicodeString
-  - IofCompleteRequest
-  - __C_specific_handler
-  - KeStallExecutionProcessor
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G3
-      ValidFrom: '2012-05-01 00:00:00'
-      ValidTo: '2012-12-31 23:59:59'
-      Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
-      Version: 3
-      TBS:
-        MD5: e6d820afb23af20a65cf0b03247ea05e
-        SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
-        SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
-        SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=TW, ST=Taiwan, L=Hsinchu, O=Realtek Semiconductor Corp, OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=RTCN, CN=Realtek Semiconductor
-        Corp
-      ValidFrom: '2010-07-21 00:00:00'
-      ValidTo: '2013-06-11 23:59:59'
-      Signature: 6944295349cb2f0345a03f4b1be1351f4c361e68dd81dca590ebe4ac5f6e558fbb8b4d658e95ec5fddb5b31fdd4f98c0ca087af7c9b5bda8bf5eb3df56bc645e9402861e569a0f925220fada5ee8000893ace40b2b8b4cf598b2725ecfad20e4bcca8e10246474e8b7df6364ad38a7e2c125930afb624fc0a1431c87e2cb04c63ee62ebe12973baa5fc658ad644787d9802fa7eb5f892acd43155fbfa36e825842ad1799fc4543fc8a3fc0f7e110812faf9cc5846e93ddce7c5cb1670bdf62c648ce43c197d3d6825ca73f6e06eb51c725ee2339c6dbda33588a9970c3fdefe315152dc5a73ff855aba8129a1abc3c2654455deddca9b328bbff973266f5cd91
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 2c80892e0115b0b77aa3594b9a733953
-      Version: 3
-      TBS:
-        MD5: 4a941c830f7e9f9ce03c356b8c0fd25d
-        SHA1: f1ecad59308eb35e10b7085b6523e82d1f513957
-        SHA256: 70f36413a87faa734af7ba107f105430be009bb7a01948b30bbf0060f8c2d4d3
-        SHA384: 4b214d1474e9242b3e2b01919e6d0d802aaac64e3f40218454a2310a1a5662fbaa92240c822e42599469c33fe1d8f237
-    Signer:
-    - SerialNumber: 2c80892e0115b0b77aa3594b9a733953
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: bd1dd5570fe2c037343b4f4084962d71
-    SHA1: 3891a393e16bed6774cc30c7ea8b6667cf16aa6c
-    SHA256: a60d5740ca5bfdc862675af6101ac41ad07410dd20ca065fa39a053d5507ebe2
-  Sections:
-    .text:
-      Entropy: 5.8539194414209925
-      Virtual Size: '0x518'
-    .rdata:
-      Entropy: 4.132643471964034
-      Virtual Size: '0x1cc'
-    .data:
-      Entropy: 0.5035334969292564
-      Virtual Size: '0x118'
-    .pdata:
-      Entropy: 3.365873090848691
-      Virtual Size: '0x90'
-    PAGE:
-      Entropy: 6.266906557489865
-      Virtual Size: '0x78e'
-    INIT:
-      Entropy: 5.352491123942965
-      Virtual Size: '0x4ec'
-    .rsrc:
-      Entropy: 3.411543280486889
-      Virtual Size: '0x408'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2010-07-02 06:59:21'
-  Imphash: d6c920c10d4d0f92f0ac14c3fefed233
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: rtkio64.sys
-  MD5: 70dcd07d38017b43f710061f37cb4a91
-  SHA1: 99201c9555e5faf6e8d82da793b148311f8aa4b8
-  SHA256: 7133a461aeb03b4d69d43f3d26cd1a9e3ee01694e97a0645a3d8aa1a44c39129
-  Signature:
-  - Realtek Semiconductor Corp.
-  - DigiCert EV Code Signing CA
-  - DigiCert
-  Date: ''
-  Publisher: ''
-  Company: 'Realtek                                            '
-  Description: Realtek IO Driver
-  Product: 'Realtek IO Driver                      '
-  ProductVersion: 1.008.0823.2017
-  FileVersion: '1.008.0823.2017 built by: WinDDK'
-  MachineType: AMD64
-  OriginalFilename: 'rtkio64.sys '
-  Authentihash:
-    MD5: dbe68427fd1f2194715b4d146dedeae7
-    SHA1: 118ebc5c7ac859d17c14ceeaa8ab973d694fdd7b
-    SHA256: e46bb410c3bb95a1f3d61ced157c679bfac7dc997534e46b83b234a6fc5cbb14
-  InternalName: 'rtkio64.sys '
-  Copyright: 'Copyright (C) 2017 Realtek Semiconductor Corporation. All Right Reserved.            '
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - MmMapIoSpace
-  - MmUnmapLockedPages
-  - ExUnregisterCallback
-  - ExAllocatePoolWithTag
-  - IoWMIRegistrationControl
-  - KeQueryActiveProcessors
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - IoWMIWriteEvent
-  - IoRegisterShutdownNotification
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - MmGetSystemRoutineAddress
-  - MmBuildMdlForNonPagedPool
-  - IoFreeMdl
-  - MmUnmapIoSpace
-  - ZwQueryValueKey
-  - IoUnregisterShutdownNotification
-  - ZwClose
-  - IofCompleteRequest
-  - ExRegisterCallback
-  - RtlCompareMemory
-  - IoCreateSymbolicLink
-  - KeSetSystemAffinityThread
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - ExCreateCallback
-  - IoAllocateMdl
-  - ZwOpenKey
-  - KeBugCheckEx
-  - MmMapLockedPagesSpecifyCache
-  - _vsnprintf
-  - __C_specific_handler
-  - KeStallExecutionProcessor
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: ??=Private Organization, ??=TW, serialNumber=22671299, ??=No. 2, Innovation
-        Road II, Hsinchu Science Park, postalCode=300, C=TW, ST=Taiwan, L=Hsinchu,
-        O=Realtek Semiconductor Corp., CN=Realtek Semiconductor Corp.
-      ValidFrom: '2016-06-13 00:00:00'
-      ValidTo: '2019-01-24 12:00:00'
-      Signature: 9616a10e728762896fad0b74d574eb1775ae3bd1b12dc07441d668ec373ffb2ed5590d43f821b8d440c8e11338272d0cd1bc0ea5c05a428538c0ba1195e800c51e81db998174bdbe25be284a2c367d3578cf801524bd9f18b9098f4ee79f45a0e9af74894b828523f0b2c1c6837bc572da3be7f769e8df8749f26fd05087cc4b09fedac11c037e3690441286f8c52c09f18c7c179138f4844a8d99d8f9e7dec178ead089e12a05469c046a3c85b43d038811f02c6803128bf9bc1b757a2bb72d3ad61f670d3ae856ade0165f9dff89c36592b5295ead0718458c19c2f21781cd1ef0685049ebddd88806cd17e6eab078e2f0a505845ee5d9fca6904260ef8a1a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0320be3eb866526927f999b97b04346e
-      Version: 3
-      TBS:
-        MD5: 31dfd57553ffa3502588782224f0f952
-        SHA1: 5ab8ec4ea22baa159082487c27072381e061852a
-        SHA256: 89fe69abb220b5f1f93e80dcbb348b390f24e6805a7abf98823e410e282774cb
-        SHA384: ae20a14adc332445cbdec78ff89392dd9000fc95559eac38330516d00cf9bd845079946c6d3dc2655021ddda7de132a5
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA
-      ValidFrom: '2012-04-18 12:00:00'
-      ValidTo: '2027-04-18 12:00:00'
-      Signature: 9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0dd0e3374ac95bdbfa6b434b2a48ec06
-      Version: 3
-      TBS:
-        MD5: f92649915476229b093c211c2b18e6c4
-        SHA1: 2d54c16a8f8b69ccdea48d0603c132f547a5cf75
-        SHA256: 2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
-        SHA384: 511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 0320be3eb866526927f999b97b04346e
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 030f0bb483a8f32d1e6b45934f06af6e
-    SHA1: 305ae35080f66d76e80426e8ffd0b2a7473cce49
-    SHA256: 8a53766046063ac93a2c854907cdbdcd226ddf188b42d675b6b45a942277b7a6
-  Sections:
-    .text:
-      Entropy: 6.401182749152008
-      Virtual Size: '0x406b'
-    .rdata:
-      Entropy: 5.0686244640973666
-      Virtual Size: '0x434'
-    .data:
-      Entropy: 0.3584113039007212
-      Virtual Size: '0x200'
-    .pdata:
-      Entropy: 4.102565255057326
-      Virtual Size: '0x210'
-    PAGE:
-      Entropy: 6.0511014961184415
-      Virtual Size: '0x554'
-    INIT:
-      Entropy: 5.91859167635869
-      Virtual Size: '0xa02'
-    .rsrc:
-      Entropy: 3.287156021498284
-      Virtual Size: '0x478'
-    .reloc:
-      Entropy: 1.584962500721156
-      Virtual Size: '0xc'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2017-08-23 09:43:11'
-  Imphash: f046e37fa7914491dc25a6f7718da341
-  LoadsDespiteHVCI: 'TRUE'
-- Filename: rtkio.sys
-  MD5: daf800da15b33bf1a84ee7afc59f0656
-  SHA1: 166759fd511613414d3213942fe2575b926a6226
-  SHA256: 478917514be37b32d5ccf76e4009f6f952f39f5553953544f1b0688befd95e82
-  Signature:
-  - Realtek Semiconductor Corp.
-  - DigiCert EV Code Signing CA
-  - DigiCert
-  Date: ''
-  Publisher: ''
-  Company: Windows (R) Codename Longhorn DDK provider
-  Description: Realtek IODriver
-  Product: Windows (R) Codename Longhorn DDK driver
-  ProductVersion: 6.0.6000.16386
-  FileVersion: '6.0.6000.16386 built by: WinDDK'
-  MachineType: I386
-  OriginalFilename: rtkio.sys
-  Authentihash:
-    MD5: d543d754cbb1d404d62b6c574a1aa3cd
-    SHA1: daca8d39b72bbe8a5b6d5fa35bbb4ecef198a359
-    SHA256: e657e54c341d37881837dbaf553e10bbe31ff2d6ccf9ca939ca5433ec464a73b
-  InternalName: rtkio.sys
-  Copyright: "\xA9 Microsoft Corporation. All rights reserved."
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - KeSetSystemAffinityThread
-  - KeQueryActiveProcessors
-  - ExAllocatePool
-  - DbgPrint
-  - MmMapLockedPagesSpecifyCache
-  - MmUnmapLockedPages
-  - IoAllocateMdl
-  - MmMapIoSpace
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeTickCount
-  - IoFreeMdl
-  - MmUnmapIoSpace
-  - ExFreePoolWithTag
-  - RtlInitUnicodeString
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - MmBuildMdlForNonPagedPool
-  - IofCompleteRequest
-  - RtlUnwind
-  - KeBugCheckEx
-  - WRITE_PORT_ULONG
-  - READ_PORT_USHORT
-  - READ_PORT_ULONG
-  - READ_PORT_UCHAR
-  - KeStallExecutionProcessor
-  - WRITE_PORT_UCHAR
-  - WRITE_PORT_USHORT
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: ??=Private Organization, ??=TW, serialNumber=22671299, ??=No. 2, Innovation
-        Road II, Hsinchu Science Park, postalCode=300, C=TW, ST=Taiwan, L=Hsinchu,
-        O=Realtek Semiconductor Corp., CN=Realtek Semiconductor Corp.
-      ValidFrom: '2016-06-13 00:00:00'
-      ValidTo: '2019-01-24 12:00:00'
-      Signature: 9616a10e728762896fad0b74d574eb1775ae3bd1b12dc07441d668ec373ffb2ed5590d43f821b8d440c8e11338272d0cd1bc0ea5c05a428538c0ba1195e800c51e81db998174bdbe25be284a2c367d3578cf801524bd9f18b9098f4ee79f45a0e9af74894b828523f0b2c1c6837bc572da3be7f769e8df8749f26fd05087cc4b09fedac11c037e3690441286f8c52c09f18c7c179138f4844a8d99d8f9e7dec178ead089e12a05469c046a3c85b43d038811f02c6803128bf9bc1b757a2bb72d3ad61f670d3ae856ade0165f9dff89c36592b5295ead0718458c19c2f21781cd1ef0685049ebddd88806cd17e6eab078e2f0a505845ee5d9fca6904260ef8a1a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0320be3eb866526927f999b97b04346e
-      Version: 3
-      TBS:
-        MD5: 31dfd57553ffa3502588782224f0f952
-        SHA1: 5ab8ec4ea22baa159082487c27072381e061852a
-        SHA256: 89fe69abb220b5f1f93e80dcbb348b390f24e6805a7abf98823e410e282774cb
-        SHA384: ae20a14adc332445cbdec78ff89392dd9000fc95559eac38330516d00cf9bd845079946c6d3dc2655021ddda7de132a5
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA
-      ValidFrom: '2012-04-18 12:00:00'
-      ValidTo: '2027-04-18 12:00:00'
-      Signature: 9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0dd0e3374ac95bdbfa6b434b2a48ec06
-      Version: 3
-      TBS:
-        MD5: f92649915476229b093c211c2b18e6c4
-        SHA1: 2d54c16a8f8b69ccdea48d0603c132f547a5cf75
-        SHA256: 2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
-        SHA384: 511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 0320be3eb866526927f999b97b04346e
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 2160d1cbf66ccfed8d319c9f995a765c
-    SHA1: 4ce22449b8e40b5e12393145cd6d23395a9e0ab4
-    SHA256: 735b68b5200bb9398147dd562bd90e6e63c1c77c6012be8f076b7382bb93e03d
-  Sections:
-    .text:
-      Entropy: 5.971538930127549
-      Virtual Size: '0x76e'
-    .rdata:
-      Entropy: 3.776130126635075
-      Virtual Size: '0x164'
-    .data:
-      Entropy: 2.9182958340544896
-      Virtual Size: '0xc'
-    PAGE:
-      Entropy: 6.248080040341218
-      Virtual Size: '0x663'
-    INIT:
-      Entropy: 5.78711526279093
-      Virtual Size: '0x49e'
-    .rsrc:
-      Entropy: 3.4176949428372736
-      Virtual Size: '0x408'
-    .reloc:
-      Entropy: 5.056661630034299
-      Virtual Size: '0x134'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2010-07-02 06:59:01'
-  Imphash: 6ce93eab57a73915ecd5c202a339f6ce
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: rtkiow10x64.sys
-  MD5: b5ada7fd226d20ec6634fc24768f9e22
-  SHA1: 947db58d6f36a8df9fa2a1057f3a7f653ccbc42e
-  SHA256: 32e1a8513eee746d17eb5402fb9d8ff9507fb6e1238e7ff06f7a5c50ff3df993
-  Signature:
-  - Realtek Semiconductor Corp.
-  - DigiCert EV Code Signing CA
-  - DigiCert
-  Date: ''
-  Publisher: ''
-  Company: 'Realtek                                            '
-  Description: Realtek IO Driver
-  Product: 'Realtek IO Driver                      '
-  ProductVersion: 1.008.0823.2017
-  FileVersion: 1.008.0823.2017
-  MachineType: AMD64
-  OriginalFilename: 'rtkiow10x64.sys '
-  Authentihash:
-    MD5: 4d01000bdb93d60aa1ff5700b4b0a9a2
-    SHA1: 5e85fc1f7ef1c3c2745c842739c0ab596f87f9f9
-    SHA256: bc65d8ade2e72475a585307311e3058b3dbc4a7d2be6740c2c53a5902e698e7f
-  InternalName: 'rtkiow10x64.sys '
-  Copyright: 'Copyright (C) 2017 Realtek Semiconductor Corporation. All Right Reserved.            '
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - KfRaiseIrql
-  - MmUnmapIoSpace
-  - MmMapIoSpaceEx
-  - RtlInitUnicodeString
-  - MmGetSystemRoutineAddress
-  - RtlCompareMemory
-  - KeSetSystemAffinityThreadEx
-  - KeQueryActiveProcessors
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - ExCreateCallback
-  - ExRegisterCallback
-  - ExUnregisterCallback
-  - MmBuildMdlForNonPagedPool
-  - MmMapLockedPagesSpecifyCache
-  - KeLowerIrql
-  - IoAllocateMdl
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - IoFreeMdl
-  - IoRegisterShutdownNotification
-  - IoUnregisterShutdownNotification
-  - IoWMIRegistrationControl
-  - ObfDereferenceObject
-  - ZwClose
-  - ZwOpenKey
-  - ZwQueryValueKey
-  - __C_specific_handler
-  - MmUnmapLockedPages
-  - _vsnprintf
-  - KeStallExecutionProcessor
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: ??=Private Organization, ??=TW, serialNumber=22671299, ??=No. 2, Innovation
-        Road II, Hsinchu Science Park, postalCode=300, C=TW, ST=Taiwan, L=Hsinchu,
-        O=Realtek Semiconductor Corp., CN=Realtek Semiconductor Corp.
-      ValidFrom: '2016-06-13 00:00:00'
-      ValidTo: '2019-01-24 12:00:00'
-      Signature: 9616a10e728762896fad0b74d574eb1775ae3bd1b12dc07441d668ec373ffb2ed5590d43f821b8d440c8e11338272d0cd1bc0ea5c05a428538c0ba1195e800c51e81db998174bdbe25be284a2c367d3578cf801524bd9f18b9098f4ee79f45a0e9af74894b828523f0b2c1c6837bc572da3be7f769e8df8749f26fd05087cc4b09fedac11c037e3690441286f8c52c09f18c7c179138f4844a8d99d8f9e7dec178ead089e12a05469c046a3c85b43d038811f02c6803128bf9bc1b757a2bb72d3ad61f670d3ae856ade0165f9dff89c36592b5295ead0718458c19c2f21781cd1ef0685049ebddd88806cd17e6eab078e2f0a505845ee5d9fca6904260ef8a1a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0320be3eb866526927f999b97b04346e
-      Version: 3
-      TBS:
-        MD5: 31dfd57553ffa3502588782224f0f952
-        SHA1: 5ab8ec4ea22baa159082487c27072381e061852a
-        SHA256: 89fe69abb220b5f1f93e80dcbb348b390f24e6805a7abf98823e410e282774cb
-        SHA384: ae20a14adc332445cbdec78ff89392dd9000fc95559eac38330516d00cf9bd845079946c6d3dc2655021ddda7de132a5
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA
-      ValidFrom: '2012-04-18 12:00:00'
-      ValidTo: '2027-04-18 12:00:00'
-      Signature: 9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0dd0e3374ac95bdbfa6b434b2a48ec06
-      Version: 3
-      TBS:
-        MD5: f92649915476229b093c211c2b18e6c4
-        SHA1: 2d54c16a8f8b69ccdea48d0603c132f547a5cf75
-        SHA256: 2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
-        SHA384: 511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 0320be3eb866526927f999b97b04346e
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 091d90a19b2eb0f04728c2211da595e4
-    SHA1: 06c1d5565ad8932bd6e71d81d9572ac6aab98437
-    SHA256: fcf8792839ba33da61aca308fedee78dcbd7cd149c7c25e26b398e15f94ed2e0
-  Sections:
-    .text:
-      Entropy: 6.359976474577312
-      Virtual Size: '0x423b'
-    .rdata:
-      Entropy: 4.670288041740874
-      Virtual Size: '0x8d4'
-    .data:
-      Entropy: 0.6159876284867231
-      Virtual Size: '0x100'
-    .pdata:
-      Entropy: 4.17047064233649
-      Virtual Size: '0x294'
-    PAGE:
-      Entropy: 6.034336660746691
-      Virtual Size: '0x6b4'
-    INIT:
-      Entropy: 5.773312907064967
-      Virtual Size: '0x720'
-    .rsrc:
-      Entropy: 3.2718105942586173
-      Virtual Size: '0x468'
-    .reloc:
-      Entropy: 3.0976094754943175
-      Virtual Size: '0x24'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2017-08-23 09:44:32'
-  Imphash: 6faad89adbfc9d5448bb1bd12e7714cd
-  LoadsDespiteHVCI: 'TRUE'
-- Filename: rtkiow8x64.sys
-  MD5: b8b6686324f7aa77f570bc019ec214e6
-  SHA1: 6a3d3b9ab3d201cd6b0316a7f9c3fb4d34d0f403
-  SHA256: 082c39fe2e3217004206535e271ebd45c11eb072efde4cc9885b25ba5c39f91d
-  Signature:
-  - Realtek Semiconductor Corp.
-  - DigiCert EV Code Signing CA
-  - DigiCert
-  Date: ''
-  Publisher: ''
-  Company: 'Realtek                                            '
-  Description: Realtek IO Driver
-  Product: 'Realtek IO Driver                      '
-  ProductVersion: 1.008.0823.2017
-  FileVersion: 1.008.0823.2017
-  MachineType: AMD64
-  OriginalFilename: 'rtkiow8x64.sys '
-  Authentihash:
-    MD5: d2914b13c253d24728fade34df3d91df
-    SHA1: fa7fbb04748088557085ef3060b5fdb65a7b6b10
-    SHA256: ed68f30f8246730c2b57495ed1db1480350d879b01d070999d35f38630865f5c
-  InternalName: 'rtkiow8x64.sys '
-  Copyright: 'Copyright (C) 2017 Realtek Semiconductor Corporation. All Right Reserved.            '
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - KfRaiseIrql
-  - MmMapIoSpace
-  - MmUnmapIoSpace
-  - RtlInitUnicodeString
-  - MmGetSystemRoutineAddress
-  - RtlCompareMemory
-  - KeSetSystemAffinityThreadEx
-  - KeQueryActiveProcessors
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - ExCreateCallback
-  - ExRegisterCallback
-  - ExUnregisterCallback
-  - MmBuildMdlForNonPagedPool
-  - MmMapLockedPagesSpecifyCache
-  - KeLowerIrql
-  - IoAllocateMdl
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - IoFreeMdl
-  - IoRegisterShutdownNotification
-  - IoUnregisterShutdownNotification
-  - IoWMIRegistrationControl
-  - ObfDereferenceObject
-  - ZwClose
-  - ZwOpenKey
-  - ZwQueryValueKey
-  - __C_specific_handler
-  - MmUnmapLockedPages
-  - _vsnprintf
-  - KeStallExecutionProcessor
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: ??=Private Organization, ??=TW, serialNumber=22671299, ??=No. 2, Innovation
-        Road II, Hsinchu Science Park, postalCode=300, C=TW, ST=Taiwan, L=Hsinchu,
-        O=Realtek Semiconductor Corp., CN=Realtek Semiconductor Corp.
-      ValidFrom: '2016-06-13 00:00:00'
-      ValidTo: '2019-01-24 12:00:00'
-      Signature: 9616a10e728762896fad0b74d574eb1775ae3bd1b12dc07441d668ec373ffb2ed5590d43f821b8d440c8e11338272d0cd1bc0ea5c05a428538c0ba1195e800c51e81db998174bdbe25be284a2c367d3578cf801524bd9f18b9098f4ee79f45a0e9af74894b828523f0b2c1c6837bc572da3be7f769e8df8749f26fd05087cc4b09fedac11c037e3690441286f8c52c09f18c7c179138f4844a8d99d8f9e7dec178ead089e12a05469c046a3c85b43d038811f02c6803128bf9bc1b757a2bb72d3ad61f670d3ae856ade0165f9dff89c36592b5295ead0718458c19c2f21781cd1ef0685049ebddd88806cd17e6eab078e2f0a505845ee5d9fca6904260ef8a1a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0320be3eb866526927f999b97b04346e
-      Version: 3
-      TBS:
-        MD5: 31dfd57553ffa3502588782224f0f952
-        SHA1: 5ab8ec4ea22baa159082487c27072381e061852a
-        SHA256: 89fe69abb220b5f1f93e80dcbb348b390f24e6805a7abf98823e410e282774cb
-        SHA384: ae20a14adc332445cbdec78ff89392dd9000fc95559eac38330516d00cf9bd845079946c6d3dc2655021ddda7de132a5
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA
-      ValidFrom: '2012-04-18 12:00:00'
-      ValidTo: '2027-04-18 12:00:00'
-      Signature: 9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0dd0e3374ac95bdbfa6b434b2a48ec06
-      Version: 3
-      TBS:
-        MD5: f92649915476229b093c211c2b18e6c4
-        SHA1: 2d54c16a8f8b69ccdea48d0603c132f547a5cf75
-        SHA256: 2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
-        SHA384: 511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 0320be3eb866526927f999b97b04346e
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 091d90a19b2eb0f04728c2211da595e4
-    SHA1: 06c1d5565ad8932bd6e71d81d9572ac6aab98437
-    SHA256: fcf8792839ba33da61aca308fedee78dcbd7cd149c7c25e26b398e15f94ed2e0
-  Sections:
-    .text:
-      Entropy: 6.358698963973129
-      Virtual Size: '0x423b'
-    .rdata:
-      Entropy: 4.640039413530853
-      Virtual Size: '0x8d4'
-    .data:
-      Entropy: 0.6689229664132017
-      Virtual Size: '0xe8'
-    .pdata:
-      Entropy: 4.141052054569165
-      Virtual Size: '0x294'
-    PAGE:
-      Entropy: 6.028041090380566
-      Virtual Size: '0x6b4'
-    INIT:
-      Entropy: 5.777636360920832
-      Virtual Size: '0x71e'
-    .rsrc:
-      Entropy: 3.2824181682640794
-      Virtual Size: '0x460'
-    .reloc:
-      Entropy: 3.0976094754943175
-      Virtual Size: '0x24'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2017-08-23 09:43:48'
-  Imphash: 8122311437457ccae22578e301c6a17d
-  LoadsDespiteHVCI: 'TRUE'
-- Authentihash:
-    MD5: 323c438f0a5a5e25ab49d996f968e876
-    SHA1: f9399f08551048d8c72269d26ad1ac09a463d87f
-    SHA256: aff3f4d25b85b6b3147d2b7f586edc3e9aa2ec25c37d5dc7ad809d99677497ea
-  Company: 'Realtek                                            '
-  Copyright: 'Copyright (C) 2015 Realtek Semiconductor Corporation. All Right Reserved.            '
-  CreationTimestamp: '2015-01-16 00:07:46'
-  Date: ''
-  Description: Realtek IODriver
-  ExportedFunctions: ''
-  FileVersion: '1.002.0116.2015 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - MmUnmapLockedPages
-  - KeQueryActiveProcessors
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - MmBuildMdlForNonPagedPool
-  - IoFreeMdl
-  - MmMapIoSpace
-  - ExAllocatePool
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - KeSetSystemAffinityThread
-  - IoCreateDevice
-  - DbgPrint
-  - IoAllocateMdl
-  - KeBugCheckEx
-  - MmMapLockedPagesSpecifyCache
-  - MmUnmapIoSpace
-  - __C_specific_handler
-  - KeStallExecutionProcessor
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: 'rtkio64.sys '
-  MD5: f23b2adcfab58e33872e5c2d0041ad88
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: 'rtkio64.sys '
-  PDBPath: ''
-  Product: 'Realtek IODriver                      '
-  ProductVersion: 1.002.0116.2015
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 828915d5ff115e52f37d95524c7a0117
-    SHA1: d3e9194abe3eaa7d627d62300106a204dfc6cc83
-    SHA256: 5ae1c86d91a78101645578bd556754625a3038ea1ca39386a720dcf8b3fcb154
-  SHA1: db006fa522142a197686c01116a6cf60e0001ef7
-  SHA256: 8ef59605ebb2cb259f19aba1a8c122629c224c58e603f270eaa72f516277620c
-  Sections:
-    .text:
-      Entropy: 6.15757668245519
-      Virtual Size: '0x9a8'
-    .rdata:
-      Entropy: 4.461315550778224
-      Virtual Size: '0x23c'
-    .data:
-      Entropy: 0.5035334969292564
-      Virtual Size: '0x118'
-    .pdata:
-      Entropy: 3.651730578389947
-      Virtual Size: '0xe4'
-    PAGE:
-      Entropy: 6.199729957821721
-      Virtual Size: '0x8fe'
-    INIT:
-      Entropy: 5.413882222771933
-      Virtual Size: '0x50c'
-    .rsrc:
-      Entropy: 3.25708255411683
-      Virtual Size: '0x478'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=TW, ST=Taiwan, L=Hsinchu, O=Realtek Semiconductor Corp, OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, CN=Realtek Semiconductor Corp
-      ValidFrom: '2013-05-13 00:00:00'
-      ValidTo: '2016-07-11 23:59:59'
-      Signature: 24ed74a85f767e2c2c2ef5f2fd0ba023afa3fe639aaf5f3fe273e4d1cc003b3c623e426edfe5531a7f841d70e97871a2f67bb5773aec00416a9633b1f07f848bfb0420905523bc72a8df5bff55d9d4ab7ad3ba692121f28ad5f185ccac2ee76e66cfe02f98b71a643a02e1d5b9e3e97cbbcd294581e5c69441e18dc99a8b4322168c6416872f9603c6ac5e1418e9d058147bb64e64a8337c40a8935c1799d5a7107065acccbad04839744b53067caf020d84de26593aec44331d795e7722775efbe7dd9ba84bedf98c05cd30c58d85c651d8c19b45a299ebb13ecdc3ca876e907dabdd5f0b9e0dbe4c36f39fa206ddcc7cfaf7aed24bfa54fcfa37f1a5bb0ff9
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 13222a5dccf716df5af9c87084412dd9
-      Version: 3
-      TBS:
-        MD5: 505d3f5a216851c77d04130ee52b62d3
-        SHA1: 5a2febebb76e946077a8a12e86ca1fdae047c93e
-        SHA256: f496fa88d26071183b7cf6d90e16f9b1a19402f0c5d7bbecaf86a152925b9d3b
-        SHA384: 0d7164733ff545f216de67cfe0f95b15df5ba4d2ae37041dc253d24a7c62e4da4a222f536ad06d263f103973202d6d99
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 13222a5dccf716df5af9c87084412dd9
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 6f2d756d22c285a46206de3bfde6c79d
-  LoadsDespiteHVCI: 'TRUE'
-- Authentihash:
-    MD5: b63a971807801d7c8873059cd5eef56f
-    SHA1: 7e75c5237b2536a8ffb04bc9db85b421f560ee80
-    SHA256: 4ecb25cb7a127729a0124d1c0e0ba7dd0c24a02f48f40f6af174b15581b6925c
-  Company: 'Realtek                                            '
-  Copyright: 'Copyright (C) 2012 Realtek Semiconductor Corporation. All Right Reserved.            '
-  CreationTimestamp: '2012-07-25 08:19:43'
-  Date: ''
-  Description: Realtek IODriver
-  ExportedFunctions: ''
-  FileVersion: '1.001.0725.2012 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - MmUnmapIoSpace
-  - MmBuildMdlForNonPagedPool
-  - IoFreeMdl
-  - MmMapLockedPagesSpecifyCache
-  - KeQueryActiveProcessors
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - KeSetSystemAffinityThread
-  - IoCreateDevice
-  - DbgPrint
-  - IoAllocateMdl
-  - KeBugCheckEx
-  - ExAllocatePool
-  - MmUnmapLockedPages
-  - __C_specific_handler
-  - KeStallExecutionProcessor
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: 'rtkio64.sys '
-  MD5: dd050e79c515e4a6d1ae36cac5545025
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: 'rtkio64.sys '
-  PDBPath: ''
-  Product: 'Realtek IODriver                      '
-  ProductVersion: 1.001.0725.2012
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 828915d5ff115e52f37d95524c7a0117
-    SHA1: d3e9194abe3eaa7d627d62300106a204dfc6cc83
-    SHA256: 5ae1c86d91a78101645578bd556754625a3038ea1ca39386a720dcf8b3fcb154
-  SHA1: c0100f8a8697a240604b3ea88848dd94947c7fd3
-  SHA256: a6f7897cd08fe9de5e902bb204ff87215584a008f458357d019a50d6139ca4af
-  Sections:
-    .text:
-      Entropy: 5.923664619701371
-      Virtual Size: '0x548'
-    .rdata:
-      Entropy: 4.279574069269288
-      Virtual Size: '0x1ec'
-    .data:
-      Entropy: 0.5035334969292564
-      Virtual Size: '0x118'
-    .pdata:
-      Entropy: 3.4238240815263694
-      Virtual Size: '0x9c'
-    PAGE:
-      Entropy: 6.2455841977264095
-      Virtual Size: '0x77e'
-    INIT:
-      Entropy: 5.41262022426708
-      Virtual Size: '0x50c'
-    .rsrc:
-      Entropy: 3.2769996059599005
-      Virtual Size: '0x478'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G3
-      ValidFrom: '2012-05-01 00:00:00'
-      ValidTo: '2012-12-31 23:59:59'
-      Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
-      Version: 3
-      TBS:
-        MD5: e6d820afb23af20a65cf0b03247ea05e
-        SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
-        SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
-        SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=TW, ST=Taiwan, L=Hsinchu, O=Realtek Semiconductor Corp, OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=RTCN, CN=Realtek Semiconductor
-        Corp
-      ValidFrom: '2010-07-21 00:00:00'
-      ValidTo: '2013-06-11 23:59:59'
-      Signature: 6944295349cb2f0345a03f4b1be1351f4c361e68dd81dca590ebe4ac5f6e558fbb8b4d658e95ec5fddb5b31fdd4f98c0ca087af7c9b5bda8bf5eb3df56bc645e9402861e569a0f925220fada5ee8000893ace40b2b8b4cf598b2725ecfad20e4bcca8e10246474e8b7df6364ad38a7e2c125930afb624fc0a1431c87e2cb04c63ee62ebe12973baa5fc658ad644787d9802fa7eb5f892acd43155fbfa36e825842ad1799fc4543fc8a3fc0f7e110812faf9cc5846e93ddce7c5cb1670bdf62c648ce43c197d3d6825ca73f6e06eb51c725ee2339c6dbda33588a9970c3fdefe315152dc5a73ff855aba8129a1abc3c2654455deddca9b328bbff973266f5cd91
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 2c80892e0115b0b77aa3594b9a733953
-      Version: 3
-      TBS:
-        MD5: 4a941c830f7e9f9ce03c356b8c0fd25d
-        SHA1: f1ecad59308eb35e10b7085b6523e82d1f513957
-        SHA256: 70f36413a87faa734af7ba107f105430be009bb7a01948b30bbf0060f8c2d4d3
-        SHA384: 4b214d1474e9242b3e2b01919e6d0d802aaac64e3f40218454a2310a1a5662fbaa92240c822e42599469c33fe1d8f237
-    Signer:
-    - SerialNumber: 2c80892e0115b0b77aa3594b9a733953
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  Imphash: 11bfcbdb0787ef461d442f973c392cf6
-  LoadsDespiteHVCI: 'TRUE'
-- Authentihash:
-    MD5: b21ab759cfaa77178c30c8b43678707d
-    SHA1: e66b3b650761b1272b22d46ab41649b8a5c26603
-    SHA256: 902b754dd302a994074ea8d3e619d2f9000e6c6997e428f19f41533f7c5e192c
-  Company: 'Realtek                                            '
-  Copyright: 'Copyright (C) 2020 Realtek Semiconductor Corporation. All Right Reserved.            '
-  CreationTimestamp: '2020-07-09 03:29:01'
-  Date: ''
-  Description: Realtek IO Driver
-  ExportedFunctions: ''
-  FileVersion: '1.009.0709.2020 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - MmMapIoSpace
-  - MmUnmapLockedPages
-  - ExUnregisterCallback
-  - ExAllocatePoolWithTag
-  - IoWMIRegistrationControl
-  - KeQueryActiveProcessors
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - IoWMIWriteEvent
-  - IoRegisterShutdownNotification
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - MmGetSystemRoutineAddress
-  - MmBuildMdlForNonPagedPool
-  - IoFreeMdl
-  - MmUnmapIoSpace
-  - ZwQueryValueKey
-  - IoUnregisterShutdownNotification
-  - ZwClose
-  - IofCompleteRequest
-  - ExRegisterCallback
-  - RtlCompareMemory
-  - IoCreateSymbolicLink
-  - KeSetSystemAffinityThread
-  - ObfDereferenceObject
-  - ExCreateCallback
-  - IoAllocateMdl
-  - ZwOpenKey
-  - KeBugCheckEx
-  - MmMapLockedPagesSpecifyCache
-  - _vsnprintf
-  - IoCreateDevice
-  - ObOpenObjectByPointer
-  - ZwSetSecurityObject
-  - IoDeviceObjectType
-  - _snwprintf
-  - RtlLengthSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - RtlCreateSecurityDescriptor
-  - RtlSetDaclSecurityDescriptor
-  - RtlAbsoluteToSelfRelativeSD
-  - IoIsWdmVersionAvailable
-  - SeExports
-  - wcschr
-  - _wcsnicmp
-  - RtlLengthSid
-  - RtlAddAccessAllowedAce
-  - RtlGetSaclSecurityDescriptor
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - ZwCreateKey
-  - ZwSetValueKey
-  - RtlFreeUnicodeString
-  - __C_specific_handler
-  - KeStallExecutionProcessor
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: 'rtkio64.sys '
-  MD5: 96e10a2904fff9491762a4fb549ad580
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: 'rtkio64.sys '
-  PDBPath: ''
-  Product: 'Realtek IO Driver                      '
-  ProductVersion: 1.009.0709.2020
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 63f7901aa6e4d4f06db211ef42799ba5
-    SHA1: 5ed34cf05d72edfd47b1ec27267dce438d3ff4d9
-    SHA256: 3c01d91c9c375b050e6b479d0d01e63d0272f29fd2877a5a55606d2138ddbd04
-  SHA1: 02a8b74899591da7b7f49c0450328d39b939d7e4
-  SHA256: 4ed2d2c1b00e87b926fb58b4ea43d2db35e5912975f4400aa7bd9f8c239d08b7
-  Sections:
-    .text:
-      Entropy: 6.391922406819365
-      Virtual Size: '0x421b'
-    .rdata:
-      Entropy: 4.80434432651598
-      Virtual Size: '0x92c'
-    .data:
-      Entropy: 1.1536465847317705
-      Virtual Size: '0x400'
-    .pdata:
-      Entropy: 4.320185002692596
-      Virtual Size: '0x3a8'
-    PAGE:
-      Entropy: 6.260538908004026
-      Virtual Size: '0x1f94'
-    INIT:
-      Entropy: 5.842745769901463
-      Virtual Size: '0xc80'
-    .rsrc:
-      Entropy: 3.281854652191381
-      Virtual Size: '0x478'
-    .reloc:
-      Entropy: 1.2089679887091815
-      Virtual Size: '0x6c'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: ??=TW, ??=Private Organization, serialNumber=22671299, C=TW, L=HSINCHU,
-        O=Realtek Semiconductor Corp., CN=Realtek Semiconductor Corp.
-      ValidFrom: '2020-01-09 00:00:00'
-      ValidTo: '2020-09-15 12:00:00'
-      Signature: 622ab6660f0bb6b692dbbfe701f462a2f59e43a039ed1bf699a2e55c1871b0d24036819d02f456b8b5903628c5cf7094cd138332eed3e985232c30c7b3bb7c0640f06bb230d5c1eccd4e13d2377c168df20895c77a8c87b44c6200f6f06bc3bc40b285efa3f855f75c7ff3518dfb299c638b5d560fb94d3e97eea3a29a7524a0c1192311571fd06905346264c6d6c8336e08cb34d9ee7440677b92aa061981364db6bb67b4d3479041e85c7b4e31e009f3d315b75c6c50d8cefe6b63475ac598505235fe9c5f69bee61d70940d47ac10a760e3eac26e268f21508b5e567e6d92c5b1ba9b1de5ebc9da9ac472d6ca33dae12b01fca6113e6e8082bd00a3a33840
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 04df4d56733ae38d598ea004dd2d9c51
-      Version: 3
-      TBS:
-        MD5: d969341c77d84b74180d7c0bbd1758f7
-        SHA1: 13ff0fcb6faef6cc0d764891fd83ff75b222a2b0
-        SHA256: 8cc799dc0170de639334d3a3112d2d2b8629fdc98844cb4d6d6c6dc0776bb8fe
-        SHA384: 511153edeab984723234ccf6cece5240e80bfb0f0108edfb3408db6c3457f8a909098b81c048dcf4027392345315df7d
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA
-      ValidFrom: '2012-04-18 12:00:00'
-      ValidTo: '2027-04-18 12:00:00'
-      Signature: 9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0dd0e3374ac95bdbfa6b434b2a48ec06
-      Version: 3
-      TBS:
-        MD5: f92649915476229b093c211c2b18e6c4
-        SHA1: 2d54c16a8f8b69ccdea48d0603c132f547a5cf75
-        SHA256: 2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
-        SHA384: 511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 04df4d56733ae38d598ea004dd2d9c51
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA
-      Version: 1
-  Imphash: 4343c9c0b78ee21e895f10d929c240d4
-  LoadsDespiteHVCI: 'TRUE'
-- Authentihash:
-    MD5: d5757762e2ab3f34b0fa097b9abd3b90
-    SHA1: bdcbf070f68d8eecc47d7efbd9f377e8e652d026
-    SHA256: f3308899fc0ebdd04a4dacc386873c25dabe32a8f34607fb335148d2dab667d8
-  Company: 'Realtek                                            '
-  Copyright: 'Copyright (C) 2016 Realtek Semiconductor Corporation. All Right Reserved.            '
-  CreationTimestamp: '2016-08-25 03:11:29'
-  Date: ''
-  Description: Realtek IO Driver
-  ExportedFunctions: ''
-  FileVersion: '1.005.0825.2016 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - MmMapIoSpace
-  - MmUnmapLockedPages
-  - ExUnregisterCallback
-  - ExAllocatePoolWithTag
-  - IoWMIRegistrationControl
-  - KeQueryActiveProcessors
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - IoWMIWriteEvent
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - MmGetSystemRoutineAddress
-  - MmBuildMdlForNonPagedPool
-  - MmUnmapIoSpace
-  - MmMapLockedPagesSpecifyCache
-  - IofCompleteRequest
-  - ExRegisterCallback
-  - RtlCompareMemory
-  - IoCreateSymbolicLink
-  - KeSetSystemAffinityThread
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - ExCreateCallback
-  - IoAllocateMdl
-  - KeBugCheckEx
-  - IoFreeMdl
-  - _vsnprintf
-  - __C_specific_handler
-  - KeStallExecutionProcessor
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: 'rtkio64.sys '
-  MD5: 4e67277648c63b79563360dac22b5492
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: 'rtkio64.sys '
-  PDBPath: ''
-  Product: 'Realtek IO Driver                      '
-  ProductVersion: 1.005.0825.2016
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 9006d42eb57a81b9dadafec544fe5df2
-    SHA1: 2db94ffb76983a9a003b9ebb613d620999cd821f
-    SHA256: 58356006b491c680c6a690a93507344e34d757844d1b22b331f7b4a6eaaa0e2a
-  SHA1: 064847af77afca8a879a9bf34cb87b64b5e69165
-  SHA256: 3e1f592533625bf794e0184485a4407782018718ae797103f9e968ff6f0973a1
-  Sections:
-    .text:
-      Entropy: 6.466427287455347
-      Virtual Size: '0x34da'
-    .rdata:
-      Entropy: 5.060876333287481
-      Virtual Size: '0x3b8'
-    .data:
-      Entropy: 0.40172339231772025
-      Virtual Size: '0x1c0'
-    .pdata:
-      Entropy: 4.008151233389848
-      Virtual Size: '0x1e0'
-    PAGE:
-      Entropy: 6.051257697095618
-      Virtual Size: '0x554'
-    INIT:
-      Entropy: 5.919795403572851
-      Virtual Size: '0x94c'
-    .rsrc:
-      Entropy: 3.2913123916924825
-      Virtual Size: '0x478'
-    .reloc:
-      Entropy: 1.584962500721156
-      Virtual Size: '0xc'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: ??=Private Organization, ??=TW, serialNumber=22671299, ??=No. 2, Innovation
-        Road II, Hsinchu Science Park, postalCode=300, C=TW, ST=Taiwan, L=Hsinchu,
-        O=Realtek Semiconductor Corp., CN=Realtek Semiconductor Corp.
-      ValidFrom: '2016-06-16 00:00:00'
-      ValidTo: '2017-09-05 12:00:00'
-      Signature: ae5485b82bba5f5c5ee1c0e8e65b4d5f93fb294c16884ab6dd4a3abeb7ea20465a454deae2249adb71e25d01a063c46a1cdcf61c6d12f7f4d74fc6785ef7512e0be878f0b9842f6d940c6c42bb62cf4069ed91d4067ab6bcc74a85aa48aa2a97a30acfb4ffdfb9f7f82e624910eda3ce62bcf6e2663f701284c0bf3f6d42cda004887fd61d88ef7aa613a256040ef40cbb107f2b38d46f1b078c0bf4aee7597bcbed8c7e3a240908f11428182cb158a6e125ba22953c75753b720d91abf039326fe3e2c79237cc973d74f10b1bf5dbdb13fde60af6124a2dce9cb2f66516f0798dbd739ebe336db585c6d1b0691f85d71c460f3ce8ef7f21753f3b863d418ade
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03da4c26c76e1255dc8279aa9a751acc
-      Version: 3
-      TBS:
-        MD5: 7198bc17fb72482ba5b7ec573b8b0d52
-        SHA1: 975a554601a6887eab2a45b39df25fc298a5244d
-        SHA256: c25244fbc7a090b7fad21bac21419cc6c9766034fcca1b74222fa8dd8d99c8ae
-        SHA384: 5987193a6feaf5e88d974a1b5f40859d3fc97d18bd382de6ac15d89c8fca492da88115993e26b2eec27c46e962058fcb
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA
-      ValidFrom: '2012-04-18 12:00:00'
-      ValidTo: '2027-04-18 12:00:00'
-      Signature: 9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0dd0e3374ac95bdbfa6b434b2a48ec06
-      Version: 3
-      TBS:
-        MD5: f92649915476229b093c211c2b18e6c4
-        SHA1: 2d54c16a8f8b69ccdea48d0603c132f547a5cf75
-        SHA256: 2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
-        SHA384: 511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 03da4c26c76e1255dc8279aa9a751acc
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA
-      Version: 1
-  Imphash: 085a78615099ffefa2df0a31da3058d8
-  LoadsDespiteHVCI: 'TRUE'
-- Authentihash:
-    MD5: 9335f6098f8706ebb83466fbd449bc0f
-    SHA1: 533e7f159d3adb334067257f80073e33accaa483
-    SHA256: ed617d4c50288921a6a760de19db1633bd8172421109dcf68082c67db085ddb1
-  Company: 'Realtek                                            '
-  Copyright: 'Copyright (C) 2016 Realtek Semiconductor Corporation. All Right Reserved.            '
-  CreationTimestamp: '2016-01-04 22:48:28'
-  Date: ''
-  Description: Realtek IO Driver
-  ExportedFunctions: ''
-  FileVersion: '1.004.0105.2016 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - MmUnmapLockedPages
-  - ExAllocatePoolWithTag
-  - KeQueryActiveProcessors
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - MmBuildMdlForNonPagedPool
-  - MmMapIoSpace
-  - MmMapLockedPagesSpecifyCache
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - KeSetSystemAffinityThread
-  - IoCreateDevice
-  - IoAllocateMdl
-  - KeBugCheckEx
-  - IoFreeMdl
-  - MmUnmapIoSpace
-  - __C_specific_handler
-  - KeStallExecutionProcessor
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: 'rtkio64.sys '
-  MD5: 7dd538bcaa98d6c063ead8606066333f
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: 'rtkio64.sys '
-  PDBPath: ''
-  Product: 'Realtek IO Driver                      '
-  ProductVersion: 1.004.0105.2016
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: ad2ff1abb61c2353de692b4809ddaab0
-    SHA1: 3812c9219e7bb3b2528b873af9aa9eee44cb4d52
-    SHA256: eec6ec55dda13c9655d1e9dd79fc25004c2203ce4784ca877979d693d69f51ee
-  SHA1: 2eddb10eecef740ec2f9158fa39410ec32262fc3
-  SHA256: db711ec3f4c96b60e4ed674d60c20ff7212d80e34b7aa171ad626eaa8399e8c7
-  Sections:
-    .text:
-      Entropy: 6.316117636025196
-      Virtual Size: '0x12c0'
-    .rdata:
-      Entropy: 4.5445281371973945
-      Virtual Size: '0x228'
-    .data:
-      Entropy: 0.5035334969292564
-      Virtual Size: '0x118'
-    .pdata:
-      Entropy: 3.5974706785237442
-      Virtual Size: '0xe4'
-    PAGE:
-      Entropy: 4.846922682767448
-      Virtual Size: '0xc4'
-    INIT:
-      Entropy: 5.322902325690655
-      Virtual Size: '0x44e'
-    .rsrc:
-      Entropy: 3.2501296267000415
-      Virtual Size: '0x478'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=TW, ST=Taiwan, L=Hsinchu, O=Realtek Semiconductor Corp, OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, CN=Realtek Semiconductor Corp
-      ValidFrom: '2013-05-13 00:00:00'
-      ValidTo: '2016-07-11 23:59:59'
-      Signature: 24ed74a85f767e2c2c2ef5f2fd0ba023afa3fe639aaf5f3fe273e4d1cc003b3c623e426edfe5531a7f841d70e97871a2f67bb5773aec00416a9633b1f07f848bfb0420905523bc72a8df5bff55d9d4ab7ad3ba692121f28ad5f185ccac2ee76e66cfe02f98b71a643a02e1d5b9e3e97cbbcd294581e5c69441e18dc99a8b4322168c6416872f9603c6ac5e1418e9d058147bb64e64a8337c40a8935c1799d5a7107065acccbad04839744b53067caf020d84de26593aec44331d795e7722775efbe7dd9ba84bedf98c05cd30c58d85c651d8c19b45a299ebb13ecdc3ca876e907dabdd5f0b9e0dbe4c36f39fa206ddcc7cfaf7aed24bfa54fcfa37f1a5bb0ff9
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 13222a5dccf716df5af9c87084412dd9
-      Version: 3
-      TBS:
-        MD5: 505d3f5a216851c77d04130ee52b62d3
-        SHA1: 5a2febebb76e946077a8a12e86ca1fdae047c93e
-        SHA256: f496fa88d26071183b7cf6d90e16f9b1a19402f0c5d7bbecaf86a152925b9d3b
-        SHA384: 0d7164733ff545f216de67cfe0f95b15df5ba4d2ae37041dc253d24a7c62e4da4a222f536ad06d263f103973202d6d99
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 13222a5dccf716df5af9c87084412dd9
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: abdaca21ab5c831000b0aa4b8f357716
-  LoadsDespiteHVCI: 'TRUE'
-- Authentihash:
-    MD5: e13260e98e8c2ff45d504114da8117e8
-    SHA1: 16b17721cf655f2442bf3865a9329f96e1e15295
-    SHA256: c6389dca278be297b95846badc2b6859b488f123dbdc5d7bfc6f4393eeb7e678
-  Company: 'Realtek                                            '
-  Copyright: 'Copyright (C) 2016 Realtek Semiconductor Corporation. All Right Reserved.            '
-  CreationTimestamp: '2016-08-25 03:11:29'
-  Date: ''
-  Description: Realtek IO Driver
-  ExportedFunctions: ''
-  FileVersion: '1.005.0825.2016 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - MmMapIoSpace
-  - MmUnmapLockedPages
-  - ExUnregisterCallback
-  - ExAllocatePoolWithTag
-  - IoWMIRegistrationControl
-  - KeQueryActiveProcessors
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - IoWMIWriteEvent
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - MmGetSystemRoutineAddress
-  - MmBuildMdlForNonPagedPool
-  - MmUnmapIoSpace
-  - MmMapLockedPagesSpecifyCache
-  - IofCompleteRequest
-  - ExRegisterCallback
-  - RtlCompareMemory
-  - IoCreateSymbolicLink
-  - KeSetSystemAffinityThread
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - ExCreateCallback
-  - IoAllocateMdl
-  - KeBugCheckEx
-  - IoFreeMdl
-  - _vsnprintf
-  - __C_specific_handler
-  - KeStallExecutionProcessor
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: 'rtkio64.sys '
-  MD5: 34edf3464c3f5605c1ca3a071f12e28c
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: 'rtkio64.sys '
-  PDBPath: ''
-  Product: 'Realtek IO Driver                      '
-  ProductVersion: 1.005.0825.2016
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 9006d42eb57a81b9dadafec544fe5df2
-    SHA1: 2db94ffb76983a9a003b9ebb613d620999cd821f
-    SHA256: 58356006b491c680c6a690a93507344e34d757844d1b22b331f7b4a6eaaa0e2a
-  SHA1: 164c899638bc83099c0379ea76485194564c956c
-  SHA256: 442c18aeb09556bb779b21185c4f7e152b892410429c123c86fc209a802bff3c
-  Sections:
-    .text:
-      Entropy: 6.466427287455347
-      Virtual Size: '0x34da'
-    .rdata:
-      Entropy: 5.060876333287481
-      Virtual Size: '0x3b8'
-    .data:
-      Entropy: 0.40172339231772025
-      Virtual Size: '0x1c0'
-    .pdata:
-      Entropy: 4.008151233389848
-      Virtual Size: '0x1e0'
-    PAGE:
-      Entropy: 6.051257697095618
-      Virtual Size: '0x554'
-    INIT:
-      Entropy: 5.919795403572851
-      Virtual Size: '0x94c'
-    .rsrc:
-      Entropy: 3.2913123916924825
-      Virtual Size: '0x478'
-    .reloc:
-      Entropy: 1.584962500721156
-      Virtual Size: '0xc'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: ??=Private Organization, ??=TW, serialNumber=22671299, ??=No. 2, Innovation
-        Road II, Hsinchu Science Park, postalCode=300, C=TW, ST=Taiwan, L=Hsinchu,
-        O=Realtek Semiconductor Corp., CN=Realtek Semiconductor Corp.
-      ValidFrom: '2016-06-13 00:00:00'
-      ValidTo: '2019-01-24 12:00:00'
-      Signature: 9616a10e728762896fad0b74d574eb1775ae3bd1b12dc07441d668ec373ffb2ed5590d43f821b8d440c8e11338272d0cd1bc0ea5c05a428538c0ba1195e800c51e81db998174bdbe25be284a2c367d3578cf801524bd9f18b9098f4ee79f45a0e9af74894b828523f0b2c1c6837bc572da3be7f769e8df8749f26fd05087cc4b09fedac11c037e3690441286f8c52c09f18c7c179138f4844a8d99d8f9e7dec178ead089e12a05469c046a3c85b43d038811f02c6803128bf9bc1b757a2bb72d3ad61f670d3ae856ade0165f9dff89c36592b5295ead0718458c19c2f21781cd1ef0685049ebddd88806cd17e6eab078e2f0a505845ee5d9fca6904260ef8a1a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0320be3eb866526927f999b97b04346e
-      Version: 3
-      TBS:
-        MD5: 31dfd57553ffa3502588782224f0f952
-        SHA1: 5ab8ec4ea22baa159082487c27072381e061852a
-        SHA256: 89fe69abb220b5f1f93e80dcbb348b390f24e6805a7abf98823e410e282774cb
-        SHA384: ae20a14adc332445cbdec78ff89392dd9000fc95559eac38330516d00cf9bd845079946c6d3dc2655021ddda7de132a5
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA
-      ValidFrom: '2012-04-18 12:00:00'
-      ValidTo: '2027-04-18 12:00:00'
-      Signature: 9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0dd0e3374ac95bdbfa6b434b2a48ec06
-      Version: 3
-      TBS:
-        MD5: f92649915476229b093c211c2b18e6c4
-        SHA1: 2d54c16a8f8b69ccdea48d0603c132f547a5cf75
-        SHA256: 2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
-        SHA384: 511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 0320be3eb866526927f999b97b04346e
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA
-      Version: 1
-  Imphash: 085a78615099ffefa2df0a31da3058d8
-  LoadsDespiteHVCI: 'TRUE'
-Tags:
-- rtkio.sys
-- rtkio64.sys
-- rtkiow8x64.sys
-- rtkiow10x64.sys
+-   Filename: rtkio64.sys
+    MD5: 7aa34cd9ea5649c24a814e292b270b6f
+    SHA1: b21cba198d721737aabd882ada6c91295a5975ed
+    SHA256: 074ae477c8c7ae76c6f2b0bf77ac17935a8e8ee51b52155d2821d93ab30f3761
+    Authentihash:
+        MD5: dbcdc8d0f902e064773b158644ee717d
+        SHA1: 7593d46a73ec00e00aef3e9d0031c2b21b74ecfb
+        SHA256: 64d060216cf55210f595609487b708d5e70e0706a8de0827369bf58898205f34
+    Description: Realtek IO Driver
+    Company: 'Realtek                                            '
+    InternalName: 'rtkio64.sys '
+    OriginalFilename: 'rtkio64.sys '
+    FileVersion: '1.006.0118.2017 built by: WinDDK'
+    Product: 'Realtek IO Driver                      '
+    ProductVersion: 1.006.0118.2017
+    Copyright: 'Copyright (C) 2017 Realtek Semiconductor Corporation. All Right Reserved.            '
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - MmMapIoSpace
+    - MmUnmapLockedPages
+    - ExUnregisterCallback
+    - ExAllocatePoolWithTag
+    - IoWMIRegistrationControl
+    - KeQueryActiveProcessors
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - IoWMIWriteEvent
+    - IoRegisterShutdownNotification
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - MmGetSystemRoutineAddress
+    - MmBuildMdlForNonPagedPool
+    - MmUnmapIoSpace
+    - MmMapLockedPagesSpecifyCache
+    - ZwQueryValueKey
+    - IofCompleteRequest
+    - ExRegisterCallback
+    - RtlCompareMemory
+    - IoCreateSymbolicLink
+    - KeSetSystemAffinityThread
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - ExCreateCallback
+    - IoAllocateMdl
+    - ZwOpenKey
+    - KeBugCheckEx
+    - IoFreeMdl
+    - _vsnprintf
+    - __C_specific_handler
+    - KeStallExecutionProcessor
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: ??=Private Organization, ??=TW, serialNumber=22671299, ??=No.
+                2, Innovation Road II, Hsinchu Science Park, postalCode=300, C=TW,
+                ST=Taiwan, L=Hsinchu, O=Realtek Semiconductor Corp., CN=Realtek Semiconductor
+                Corp.
+            ValidFrom: '2016-06-13 00:00:00'
+            ValidTo: '2019-01-24 12:00:00'
+            Signature: 9616a10e728762896fad0b74d574eb1775ae3bd1b12dc07441d668ec373ffb2ed5590d43f821b8d440c8e11338272d0cd1bc0ea5c05a428538c0ba1195e800c51e81db998174bdbe25be284a2c367d3578cf801524bd9f18b9098f4ee79f45a0e9af74894b828523f0b2c1c6837bc572da3be7f769e8df8749f26fd05087cc4b09fedac11c037e3690441286f8c52c09f18c7c179138f4844a8d99d8f9e7dec178ead089e12a05469c046a3c85b43d038811f02c6803128bf9bc1b757a2bb72d3ad61f670d3ae856ade0165f9dff89c36592b5295ead0718458c19c2f21781cd1ef0685049ebddd88806cd17e6eab078e2f0a505845ee5d9fca6904260ef8a1a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0320be3eb866526927f999b97b04346e
+            Version: 3
+            TBS:
+                MD5: 31dfd57553ffa3502588782224f0f952
+                SHA1: 5ab8ec4ea22baa159082487c27072381e061852a
+                SHA256: 89fe69abb220b5f1f93e80dcbb348b390f24e6805a7abf98823e410e282774cb
+                SHA384: ae20a14adc332445cbdec78ff89392dd9000fc95559eac38330516d00cf9bd845079946c6d3dc2655021ddda7de132a5
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA
+            ValidFrom: '2012-04-18 12:00:00'
+            ValidTo: '2027-04-18 12:00:00'
+            Signature: 9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0dd0e3374ac95bdbfa6b434b2a48ec06
+            Version: 3
+            TBS:
+                MD5: f92649915476229b093c211c2b18e6c4
+                SHA1: 2d54c16a8f8b69ccdea48d0603c132f547a5cf75
+                SHA256: 2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
+                SHA384: 511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 0320be3eb866526927f999b97b04346e
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: e72f43662286233059952c5d9a57822d
+        SHA1: 0ae75bd86b5ed4da0dee197283f9d8b832a3311a
+        SHA256: 35603db30b731cf20bc04d18789310d7c8acd10db9fc3b50e0c666862570ef24
+    Sections:
+        .text:
+            Entropy: 6.3866541913319255
+            Virtual Size: '0x418b'
+        .rdata:
+            Entropy: 5.162127331086041
+            Virtual Size: '0x42c'
+        .data:
+            Entropy: 0.3584113039007212
+            Virtual Size: '0x200'
+        .pdata:
+            Entropy: 4.072524997204114
+            Virtual Size: '0x210'
+        PAGE:
+            Entropy: 6.0669578130256525
+            Virtual Size: '0x544'
+        INIT:
+            Entropy: 5.930060809840686
+            Virtual Size: '0x9c4'
+        .rsrc:
+            Entropy: 3.2696830834769197
+            Virtual Size: '0x478'
+        .reloc:
+            Entropy: 1.584962500721156
+            Virtual Size: '0xc'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2017-01-18 01:48:25'
+    Imphash: 8ee2435c62b02fe0372cde028be489cb
+    LoadsDespiteHVCI: 'TRUE'
+-   Filename: rtkio.sys
+    MD5: ffd0c87d9bf894af26823fbde94c71b6
+    SHA1: eacfc73f5f45f229867ee8b2eb1f9649b5dd422e
+    SHA256: 916c535957a3b8cbf3336b63b2260ea4055163a9e6b214f2a7005d6d36a4a677
+    Authentihash:
+        MD5: d543d754cbb1d404d62b6c574a1aa3cd
+        SHA1: daca8d39b72bbe8a5b6d5fa35bbb4ecef198a359
+        SHA256: e657e54c341d37881837dbaf553e10bbe31ff2d6ccf9ca939ca5433ec464a73b
+    Description: Realtek IODriver
+    Company: Windows (R) Codename Longhorn DDK provider
+    InternalName: rtkio.sys
+    OriginalFilename: rtkio.sys
+    FileVersion: '6.0.6000.16386 built by: WinDDK'
+    Product: Windows (R) Codename Longhorn DDK driver
+    ProductVersion: 6.0.6000.16386
+    Copyright: "\xA9 Microsoft Corporation. All rights reserved."
+    MachineType: I386
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - KeSetSystemAffinityThread
+    - KeQueryActiveProcessors
+    - ExAllocatePool
+    - DbgPrint
+    - MmMapLockedPagesSpecifyCache
+    - MmUnmapLockedPages
+    - IoAllocateMdl
+    - MmMapIoSpace
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeTickCount
+    - IoFreeMdl
+    - MmUnmapIoSpace
+    - ExFreePoolWithTag
+    - RtlInitUnicodeString
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - MmBuildMdlForNonPagedPool
+    - IofCompleteRequest
+    - RtlUnwind
+    - KeBugCheckEx
+    - WRITE_PORT_ULONG
+    - READ_PORT_USHORT
+    - READ_PORT_ULONG
+    - READ_PORT_UCHAR
+    - KeStallExecutionProcessor
+    - WRITE_PORT_UCHAR
+    - WRITE_PORT_USHORT
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G3
+            ValidFrom: '2012-05-01 00:00:00'
+            ValidTo: '2012-12-31 23:59:59'
+            Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
+            Version: 3
+            TBS:
+                MD5: e6d820afb23af20a65cf0b03247ea05e
+                SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
+                SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
+                SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=TW, ST=Taiwan, L=Hsinchu, O=Realtek Semiconductor Corp, OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, OU=RTCN, CN=Realtek
+                Semiconductor Corp
+            ValidFrom: '2010-07-21 00:00:00'
+            ValidTo: '2013-06-11 23:59:59'
+            Signature: 6944295349cb2f0345a03f4b1be1351f4c361e68dd81dca590ebe4ac5f6e558fbb8b4d658e95ec5fddb5b31fdd4f98c0ca087af7c9b5bda8bf5eb3df56bc645e9402861e569a0f925220fada5ee8000893ace40b2b8b4cf598b2725ecfad20e4bcca8e10246474e8b7df6364ad38a7e2c125930afb624fc0a1431c87e2cb04c63ee62ebe12973baa5fc658ad644787d9802fa7eb5f892acd43155fbfa36e825842ad1799fc4543fc8a3fc0f7e110812faf9cc5846e93ddce7c5cb1670bdf62c648ce43c197d3d6825ca73f6e06eb51c725ee2339c6dbda33588a9970c3fdefe315152dc5a73ff855aba8129a1abc3c2654455deddca9b328bbff973266f5cd91
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 2c80892e0115b0b77aa3594b9a733953
+            Version: 3
+            TBS:
+                MD5: 4a941c830f7e9f9ce03c356b8c0fd25d
+                SHA1: f1ecad59308eb35e10b7085b6523e82d1f513957
+                SHA256: 70f36413a87faa734af7ba107f105430be009bb7a01948b30bbf0060f8c2d4d3
+                SHA384: 4b214d1474e9242b3e2b01919e6d0d802aaac64e3f40218454a2310a1a5662fbaa92240c822e42599469c33fe1d8f237
+        Signer:
+        -   SerialNumber: 2c80892e0115b0b77aa3594b9a733953
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 2160d1cbf66ccfed8d319c9f995a765c
+        SHA1: 4ce22449b8e40b5e12393145cd6d23395a9e0ab4
+        SHA256: 735b68b5200bb9398147dd562bd90e6e63c1c77c6012be8f076b7382bb93e03d
+    Sections:
+        .text:
+            Entropy: 5.971538930127549
+            Virtual Size: '0x76e'
+        .rdata:
+            Entropy: 3.776130126635075
+            Virtual Size: '0x164'
+        .data:
+            Entropy: 2.9182958340544896
+            Virtual Size: '0xc'
+        PAGE:
+            Entropy: 6.248080040341218
+            Virtual Size: '0x663'
+        INIT:
+            Entropy: 5.78711526279093
+            Virtual Size: '0x49e'
+        .rsrc:
+            Entropy: 3.4176949428372736
+            Virtual Size: '0x408'
+        .reloc:
+            Entropy: 5.056661630034299
+            Virtual Size: '0x134'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2010-07-02 06:59:01'
+    Imphash: 6ce93eab57a73915ecd5c202a339f6ce
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: rtkiow10x64.sys
+    MD5: 96a8b535b5e14b582ca5679a3e2a5946
+    SHA1: f6b3577ea4b1a5641ae3421151a26268434c3db8
+    SHA256: ab8f2217e59319b88080e052782e559a706fa4fb7b8b708f709ff3617124da89
+    Authentihash:
+        MD5: 02f3eb42f514eb2652d6097e36874a1c
+        SHA1: 3c5cc137458500a4a7a0be5860a02a00df92e2d8
+        SHA256: 8944a3f50f38d92d17b8cfe2e08201a79ea30f38812d18f28036e59789d3f58c
+    Description: Realtek IO Driver
+    Company: 'Realtek                                            '
+    InternalName: 'rtkiow10x64.sys '
+    OriginalFilename: 'rtkiow10x64.sys '
+    FileVersion: 1.009.0709.2020
+    Product: 'Realtek IO Driver                      '
+    ProductVersion: 1.009.0709.2020
+    Copyright: 'Copyright (C) 2020 Realtek Semiconductor Corporation. All Right Reserved.            '
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - KfRaiseIrql
+    - MmUnmapIoSpace
+    - MmMapIoSpaceEx
+    - RtlInitUnicodeString
+    - MmGetSystemRoutineAddress
+    - KeSetSystemAffinityThreadEx
+    - KeQueryActiveProcessors
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - ExCreateCallback
+    - ExRegisterCallback
+    - ExUnregisterCallback
+    - MmBuildMdlForNonPagedPool
+    - MmMapLockedPagesSpecifyCache
+    - KeLowerIrql
+    - IoAllocateMdl
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - IoFreeMdl
+    - IoRegisterShutdownNotification
+    - IoUnregisterShutdownNotification
+    - IoWMIRegistrationControl
+    - ObfDereferenceObject
+    - ZwClose
+    - ZwOpenKey
+    - ZwQueryValueKey
+    - __C_specific_handler
+    - ZwCreateKey
+    - MmUnmapLockedPages
+    - _vsnprintf
+    - ZwSetSecurityObject
+    - IoDeviceObjectType
+    - IoCreateDevice
+    - ObOpenObjectByPointer
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - RtlGetSaclSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - _snwprintf
+    - RtlLengthSecurityDescriptor
+    - SeExports
+    - RtlCreateSecurityDescriptor
+    - _wcsnicmp
+    - wcschr
+    - RtlAbsoluteToSelfRelativeSD
+    - RtlAddAccessAllowedAce
+    - RtlLengthSid
+    - IoIsWdmVersionAvailable
+    - RtlSetDaclSecurityDescriptor
+    - ZwSetValueKey
+    - RtlFreeUnicodeString
+    - KeStallExecutionProcessor
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: ??=TW, ??=Private Organization, serialNumber=22671299, C=TW,
+                L=HSINCHU, O=Realtek Semiconductor Corp., CN=Realtek Semiconductor
+                Corp.
+            ValidFrom: '2020-01-09 00:00:00'
+            ValidTo: '2020-09-15 12:00:00'
+            Signature: 622ab6660f0bb6b692dbbfe701f462a2f59e43a039ed1bf699a2e55c1871b0d24036819d02f456b8b5903628c5cf7094cd138332eed3e985232c30c7b3bb7c0640f06bb230d5c1eccd4e13d2377c168df20895c77a8c87b44c6200f6f06bc3bc40b285efa3f855f75c7ff3518dfb299c638b5d560fb94d3e97eea3a29a7524a0c1192311571fd06905346264c6d6c8336e08cb34d9ee7440677b92aa061981364db6bb67b4d3479041e85c7b4e31e009f3d315b75c6c50d8cefe6b63475ac598505235fe9c5f69bee61d70940d47ac10a760e3eac26e268f21508b5e567e6d92c5b1ba9b1de5ebc9da9ac472d6ca33dae12b01fca6113e6e8082bd00a3a33840
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 04df4d56733ae38d598ea004dd2d9c51
+            Version: 3
+            TBS:
+                MD5: d969341c77d84b74180d7c0bbd1758f7
+                SHA1: 13ff0fcb6faef6cc0d764891fd83ff75b222a2b0
+                SHA256: 8cc799dc0170de639334d3a3112d2d2b8629fdc98844cb4d6d6c6dc0776bb8fe
+                SHA384: 511153edeab984723234ccf6cece5240e80bfb0f0108edfb3408db6c3457f8a909098b81c048dcf4027392345315df7d
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA
+            ValidFrom: '2012-04-18 12:00:00'
+            ValidTo: '2027-04-18 12:00:00'
+            Signature: 9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0dd0e3374ac95bdbfa6b434b2a48ec06
+            Version: 3
+            TBS:
+                MD5: f92649915476229b093c211c2b18e6c4
+                SHA1: 2d54c16a8f8b69ccdea48d0603c132f547a5cf75
+                SHA256: 2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
+                SHA384: 511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 04df4d56733ae38d598ea004dd2d9c51
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: cd1e23f2655cfcbe9a7cc179aa127afe
+        SHA1: 686481f672f39383cdea14b1d7976b97eb3020ed
+        SHA256: 6a7198e2cf3b0e2d52587a6995559794e6191593e34509a4faa8fe9282c11959
+    Sections:
+        .text:
+            Entropy: 6.4238147271439425
+            Virtual Size: '0x3f3b'
+        .rdata:
+            Entropy: 4.651736190470738
+            Virtual Size: '0xee4'
+        .data:
+            Entropy: 1.588342766840537
+            Virtual Size: '0x308'
+        .pdata:
+            Entropy: 4.335125322152539
+            Virtual Size: '0x3d8'
+        PAGE:
+            Entropy: 6.261507946344208
+            Virtual Size: '0x2224'
+        INIT:
+            Entropy: 5.737973890262537
+            Virtual Size: '0xa72'
+        .rsrc:
+            Entropy: 3.2675840591592133
+            Virtual Size: '0x468'
+        .reloc:
+            Entropy: 3.3766291673878226
+            Virtual Size: '0x30'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2020-07-09 03:28:24'
+    Imphash: 317f02ddc9809d608a9bf63ce24e9550
+    LoadsDespiteHVCI: 'TRUE'
+-   Filename: rtkio.sys
+    MD5: 664ad9cf500916c94fc2c0020660ac4e
+    SHA1: 444f96d8943aec21d26f665203f3fb80b9a2a260
+    SHA256: caa85c44eb511377ea7426ff10df00a701c07ffb384eef8287636a4bca0b53ab
+    Authentihash:
+        MD5: 2131039a2273befb71bfd7aedf9196b1
+        SHA1: df5d3b52f987c4b48c6d164d8266e57c86a4a2d7
+        SHA256: 1044ea40d459fe4c619a44afe53e6ff5a9cc5a37cf568d974ae23ed62da58759
+    Description: Realtek IODriver
+    Company: Windows (R) Codename Longhorn DDK provider
+    InternalName: rtkio.sys
+    OriginalFilename: rtkio.sys
+    FileVersion: '6.0.6000.16386 built by: WinDDK'
+    Product: Windows (R) Codename Longhorn DDK driver
+    ProductVersion: 6.0.6000.16386
+    Copyright: "\xA9 Microsoft Corporation. All rights reserved."
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - KeSetSystemAffinityThread
+    - IoCreateDevice
+    - DbgPrint
+    - IoAllocateMdl
+    - MmUnmapLockedPages
+    - KeQueryActiveProcessors
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - MmUnmapIoSpace
+    - MmBuildMdlForNonPagedPool
+    - IoFreeMdl
+    - MmMapLockedPagesSpecifyCache
+    - ExAllocatePool
+    - MmMapIoSpace
+    - KeBugCheckEx
+    - RtlInitUnicodeString
+    - IofCompleteRequest
+    - __C_specific_handler
+    - KeStallExecutionProcessor
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G3
+            ValidFrom: '2012-05-01 00:00:00'
+            ValidTo: '2012-12-31 23:59:59'
+            Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
+            Version: 3
+            TBS:
+                MD5: e6d820afb23af20a65cf0b03247ea05e
+                SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
+                SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
+                SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=TW, ST=Taiwan, L=Hsinchu, O=Realtek Semiconductor Corp, OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, OU=RTCN, CN=Realtek
+                Semiconductor Corp
+            ValidFrom: '2010-07-21 00:00:00'
+            ValidTo: '2013-06-11 23:59:59'
+            Signature: 6944295349cb2f0345a03f4b1be1351f4c361e68dd81dca590ebe4ac5f6e558fbb8b4d658e95ec5fddb5b31fdd4f98c0ca087af7c9b5bda8bf5eb3df56bc645e9402861e569a0f925220fada5ee8000893ace40b2b8b4cf598b2725ecfad20e4bcca8e10246474e8b7df6364ad38a7e2c125930afb624fc0a1431c87e2cb04c63ee62ebe12973baa5fc658ad644787d9802fa7eb5f892acd43155fbfa36e825842ad1799fc4543fc8a3fc0f7e110812faf9cc5846e93ddce7c5cb1670bdf62c648ce43c197d3d6825ca73f6e06eb51c725ee2339c6dbda33588a9970c3fdefe315152dc5a73ff855aba8129a1abc3c2654455deddca9b328bbff973266f5cd91
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 2c80892e0115b0b77aa3594b9a733953
+            Version: 3
+            TBS:
+                MD5: 4a941c830f7e9f9ce03c356b8c0fd25d
+                SHA1: f1ecad59308eb35e10b7085b6523e82d1f513957
+                SHA256: 70f36413a87faa734af7ba107f105430be009bb7a01948b30bbf0060f8c2d4d3
+                SHA384: 4b214d1474e9242b3e2b01919e6d0d802aaac64e3f40218454a2310a1a5662fbaa92240c822e42599469c33fe1d8f237
+        Signer:
+        -   SerialNumber: 2c80892e0115b0b77aa3594b9a733953
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: bd1dd5570fe2c037343b4f4084962d71
+        SHA1: 3891a393e16bed6774cc30c7ea8b6667cf16aa6c
+        SHA256: a60d5740ca5bfdc862675af6101ac41ad07410dd20ca065fa39a053d5507ebe2
+    Sections:
+        .text:
+            Entropy: 5.8539194414209925
+            Virtual Size: '0x518'
+        .rdata:
+            Entropy: 4.132643471964034
+            Virtual Size: '0x1cc'
+        .data:
+            Entropy: 0.5035334969292564
+            Virtual Size: '0x118'
+        .pdata:
+            Entropy: 3.365873090848691
+            Virtual Size: '0x90'
+        PAGE:
+            Entropy: 6.266906557489865
+            Virtual Size: '0x78e'
+        INIT:
+            Entropy: 5.352491123942965
+            Virtual Size: '0x4ec'
+        .rsrc:
+            Entropy: 3.411543280486889
+            Virtual Size: '0x408'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2010-07-02 06:59:21'
+    Imphash: d6c920c10d4d0f92f0ac14c3fefed233
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: rtkio64.sys
+    MD5: 70dcd07d38017b43f710061f37cb4a91
+    SHA1: 99201c9555e5faf6e8d82da793b148311f8aa4b8
+    SHA256: 7133a461aeb03b4d69d43f3d26cd1a9e3ee01694e97a0645a3d8aa1a44c39129
+    Signature:
+    - Realtek Semiconductor Corp.
+    - DigiCert EV Code Signing CA
+    - DigiCert
+    Date: ''
+    Publisher: ''
+    Company: 'Realtek                                            '
+    Description: Realtek IO Driver
+    Product: 'Realtek IO Driver                      '
+    ProductVersion: 1.008.0823.2017
+    FileVersion: '1.008.0823.2017 built by: WinDDK'
+    MachineType: AMD64
+    OriginalFilename: 'rtkio64.sys '
+    Authentihash:
+        MD5: dbe68427fd1f2194715b4d146dedeae7
+        SHA1: 118ebc5c7ac859d17c14ceeaa8ab973d694fdd7b
+        SHA256: e46bb410c3bb95a1f3d61ced157c679bfac7dc997534e46b83b234a6fc5cbb14
+    InternalName: 'rtkio64.sys '
+    Copyright: 'Copyright (C) 2017 Realtek Semiconductor Corporation. All Right Reserved.            '
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - MmMapIoSpace
+    - MmUnmapLockedPages
+    - ExUnregisterCallback
+    - ExAllocatePoolWithTag
+    - IoWMIRegistrationControl
+    - KeQueryActiveProcessors
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - IoWMIWriteEvent
+    - IoRegisterShutdownNotification
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - MmGetSystemRoutineAddress
+    - MmBuildMdlForNonPagedPool
+    - IoFreeMdl
+    - MmUnmapIoSpace
+    - ZwQueryValueKey
+    - IoUnregisterShutdownNotification
+    - ZwClose
+    - IofCompleteRequest
+    - ExRegisterCallback
+    - RtlCompareMemory
+    - IoCreateSymbolicLink
+    - KeSetSystemAffinityThread
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - ExCreateCallback
+    - IoAllocateMdl
+    - ZwOpenKey
+    - KeBugCheckEx
+    - MmMapLockedPagesSpecifyCache
+    - _vsnprintf
+    - __C_specific_handler
+    - KeStallExecutionProcessor
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: ??=Private Organization, ??=TW, serialNumber=22671299, ??=No.
+                2, Innovation Road II, Hsinchu Science Park, postalCode=300, C=TW,
+                ST=Taiwan, L=Hsinchu, O=Realtek Semiconductor Corp., CN=Realtek Semiconductor
+                Corp.
+            ValidFrom: '2016-06-13 00:00:00'
+            ValidTo: '2019-01-24 12:00:00'
+            Signature: 9616a10e728762896fad0b74d574eb1775ae3bd1b12dc07441d668ec373ffb2ed5590d43f821b8d440c8e11338272d0cd1bc0ea5c05a428538c0ba1195e800c51e81db998174bdbe25be284a2c367d3578cf801524bd9f18b9098f4ee79f45a0e9af74894b828523f0b2c1c6837bc572da3be7f769e8df8749f26fd05087cc4b09fedac11c037e3690441286f8c52c09f18c7c179138f4844a8d99d8f9e7dec178ead089e12a05469c046a3c85b43d038811f02c6803128bf9bc1b757a2bb72d3ad61f670d3ae856ade0165f9dff89c36592b5295ead0718458c19c2f21781cd1ef0685049ebddd88806cd17e6eab078e2f0a505845ee5d9fca6904260ef8a1a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0320be3eb866526927f999b97b04346e
+            Version: 3
+            TBS:
+                MD5: 31dfd57553ffa3502588782224f0f952
+                SHA1: 5ab8ec4ea22baa159082487c27072381e061852a
+                SHA256: 89fe69abb220b5f1f93e80dcbb348b390f24e6805a7abf98823e410e282774cb
+                SHA384: ae20a14adc332445cbdec78ff89392dd9000fc95559eac38330516d00cf9bd845079946c6d3dc2655021ddda7de132a5
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA
+            ValidFrom: '2012-04-18 12:00:00'
+            ValidTo: '2027-04-18 12:00:00'
+            Signature: 9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0dd0e3374ac95bdbfa6b434b2a48ec06
+            Version: 3
+            TBS:
+                MD5: f92649915476229b093c211c2b18e6c4
+                SHA1: 2d54c16a8f8b69ccdea48d0603c132f547a5cf75
+                SHA256: 2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
+                SHA384: 511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 0320be3eb866526927f999b97b04346e
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 030f0bb483a8f32d1e6b45934f06af6e
+        SHA1: 305ae35080f66d76e80426e8ffd0b2a7473cce49
+        SHA256: 8a53766046063ac93a2c854907cdbdcd226ddf188b42d675b6b45a942277b7a6
+    Sections:
+        .text:
+            Entropy: 6.401182749152008
+            Virtual Size: '0x406b'
+        .rdata:
+            Entropy: 5.0686244640973666
+            Virtual Size: '0x434'
+        .data:
+            Entropy: 0.3584113039007212
+            Virtual Size: '0x200'
+        .pdata:
+            Entropy: 4.102565255057326
+            Virtual Size: '0x210'
+        PAGE:
+            Entropy: 6.0511014961184415
+            Virtual Size: '0x554'
+        INIT:
+            Entropy: 5.91859167635869
+            Virtual Size: '0xa02'
+        .rsrc:
+            Entropy: 3.287156021498284
+            Virtual Size: '0x478'
+        .reloc:
+            Entropy: 1.584962500721156
+            Virtual Size: '0xc'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2017-08-23 09:43:11'
+    Imphash: f046e37fa7914491dc25a6f7718da341
+    LoadsDespiteHVCI: 'TRUE'
+-   Filename: rtkio.sys
+    MD5: daf800da15b33bf1a84ee7afc59f0656
+    SHA1: 166759fd511613414d3213942fe2575b926a6226
+    SHA256: 478917514be37b32d5ccf76e4009f6f952f39f5553953544f1b0688befd95e82
+    Signature:
+    - Realtek Semiconductor Corp.
+    - DigiCert EV Code Signing CA
+    - DigiCert
+    Date: ''
+    Publisher: ''
+    Company: Windows (R) Codename Longhorn DDK provider
+    Description: Realtek IODriver
+    Product: Windows (R) Codename Longhorn DDK driver
+    ProductVersion: 6.0.6000.16386
+    FileVersion: '6.0.6000.16386 built by: WinDDK'
+    MachineType: I386
+    OriginalFilename: rtkio.sys
+    Authentihash:
+        MD5: d543d754cbb1d404d62b6c574a1aa3cd
+        SHA1: daca8d39b72bbe8a5b6d5fa35bbb4ecef198a359
+        SHA256: e657e54c341d37881837dbaf553e10bbe31ff2d6ccf9ca939ca5433ec464a73b
+    InternalName: rtkio.sys
+    Copyright: "\xA9 Microsoft Corporation. All rights reserved."
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - KeSetSystemAffinityThread
+    - KeQueryActiveProcessors
+    - ExAllocatePool
+    - DbgPrint
+    - MmMapLockedPagesSpecifyCache
+    - MmUnmapLockedPages
+    - IoAllocateMdl
+    - MmMapIoSpace
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeTickCount
+    - IoFreeMdl
+    - MmUnmapIoSpace
+    - ExFreePoolWithTag
+    - RtlInitUnicodeString
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - MmBuildMdlForNonPagedPool
+    - IofCompleteRequest
+    - RtlUnwind
+    - KeBugCheckEx
+    - WRITE_PORT_ULONG
+    - READ_PORT_USHORT
+    - READ_PORT_ULONG
+    - READ_PORT_UCHAR
+    - KeStallExecutionProcessor
+    - WRITE_PORT_UCHAR
+    - WRITE_PORT_USHORT
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: ??=Private Organization, ??=TW, serialNumber=22671299, ??=No.
+                2, Innovation Road II, Hsinchu Science Park, postalCode=300, C=TW,
+                ST=Taiwan, L=Hsinchu, O=Realtek Semiconductor Corp., CN=Realtek Semiconductor
+                Corp.
+            ValidFrom: '2016-06-13 00:00:00'
+            ValidTo: '2019-01-24 12:00:00'
+            Signature: 9616a10e728762896fad0b74d574eb1775ae3bd1b12dc07441d668ec373ffb2ed5590d43f821b8d440c8e11338272d0cd1bc0ea5c05a428538c0ba1195e800c51e81db998174bdbe25be284a2c367d3578cf801524bd9f18b9098f4ee79f45a0e9af74894b828523f0b2c1c6837bc572da3be7f769e8df8749f26fd05087cc4b09fedac11c037e3690441286f8c52c09f18c7c179138f4844a8d99d8f9e7dec178ead089e12a05469c046a3c85b43d038811f02c6803128bf9bc1b757a2bb72d3ad61f670d3ae856ade0165f9dff89c36592b5295ead0718458c19c2f21781cd1ef0685049ebddd88806cd17e6eab078e2f0a505845ee5d9fca6904260ef8a1a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0320be3eb866526927f999b97b04346e
+            Version: 3
+            TBS:
+                MD5: 31dfd57553ffa3502588782224f0f952
+                SHA1: 5ab8ec4ea22baa159082487c27072381e061852a
+                SHA256: 89fe69abb220b5f1f93e80dcbb348b390f24e6805a7abf98823e410e282774cb
+                SHA384: ae20a14adc332445cbdec78ff89392dd9000fc95559eac38330516d00cf9bd845079946c6d3dc2655021ddda7de132a5
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA
+            ValidFrom: '2012-04-18 12:00:00'
+            ValidTo: '2027-04-18 12:00:00'
+            Signature: 9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0dd0e3374ac95bdbfa6b434b2a48ec06
+            Version: 3
+            TBS:
+                MD5: f92649915476229b093c211c2b18e6c4
+                SHA1: 2d54c16a8f8b69ccdea48d0603c132f547a5cf75
+                SHA256: 2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
+                SHA384: 511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 0320be3eb866526927f999b97b04346e
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 2160d1cbf66ccfed8d319c9f995a765c
+        SHA1: 4ce22449b8e40b5e12393145cd6d23395a9e0ab4
+        SHA256: 735b68b5200bb9398147dd562bd90e6e63c1c77c6012be8f076b7382bb93e03d
+    Sections:
+        .text:
+            Entropy: 5.971538930127549
+            Virtual Size: '0x76e'
+        .rdata:
+            Entropy: 3.776130126635075
+            Virtual Size: '0x164'
+        .data:
+            Entropy: 2.9182958340544896
+            Virtual Size: '0xc'
+        PAGE:
+            Entropy: 6.248080040341218
+            Virtual Size: '0x663'
+        INIT:
+            Entropy: 5.78711526279093
+            Virtual Size: '0x49e'
+        .rsrc:
+            Entropy: 3.4176949428372736
+            Virtual Size: '0x408'
+        .reloc:
+            Entropy: 5.056661630034299
+            Virtual Size: '0x134'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2010-07-02 06:59:01'
+    Imphash: 6ce93eab57a73915ecd5c202a339f6ce
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: rtkiow10x64.sys
+    MD5: b5ada7fd226d20ec6634fc24768f9e22
+    SHA1: 947db58d6f36a8df9fa2a1057f3a7f653ccbc42e
+    SHA256: 32e1a8513eee746d17eb5402fb9d8ff9507fb6e1238e7ff06f7a5c50ff3df993
+    Signature:
+    - Realtek Semiconductor Corp.
+    - DigiCert EV Code Signing CA
+    - DigiCert
+    Date: ''
+    Publisher: ''
+    Company: 'Realtek                                            '
+    Description: Realtek IO Driver
+    Product: 'Realtek IO Driver                      '
+    ProductVersion: 1.008.0823.2017
+    FileVersion: 1.008.0823.2017
+    MachineType: AMD64
+    OriginalFilename: 'rtkiow10x64.sys '
+    Authentihash:
+        MD5: 4d01000bdb93d60aa1ff5700b4b0a9a2
+        SHA1: 5e85fc1f7ef1c3c2745c842739c0ab596f87f9f9
+        SHA256: bc65d8ade2e72475a585307311e3058b3dbc4a7d2be6740c2c53a5902e698e7f
+    InternalName: 'rtkiow10x64.sys '
+    Copyright: 'Copyright (C) 2017 Realtek Semiconductor Corporation. All Right Reserved.            '
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - KfRaiseIrql
+    - MmUnmapIoSpace
+    - MmMapIoSpaceEx
+    - RtlInitUnicodeString
+    - MmGetSystemRoutineAddress
+    - RtlCompareMemory
+    - KeSetSystemAffinityThreadEx
+    - KeQueryActiveProcessors
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - ExCreateCallback
+    - ExRegisterCallback
+    - ExUnregisterCallback
+    - MmBuildMdlForNonPagedPool
+    - MmMapLockedPagesSpecifyCache
+    - KeLowerIrql
+    - IoAllocateMdl
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - IoFreeMdl
+    - IoRegisterShutdownNotification
+    - IoUnregisterShutdownNotification
+    - IoWMIRegistrationControl
+    - ObfDereferenceObject
+    - ZwClose
+    - ZwOpenKey
+    - ZwQueryValueKey
+    - __C_specific_handler
+    - MmUnmapLockedPages
+    - _vsnprintf
+    - KeStallExecutionProcessor
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: ??=Private Organization, ??=TW, serialNumber=22671299, ??=No.
+                2, Innovation Road II, Hsinchu Science Park, postalCode=300, C=TW,
+                ST=Taiwan, L=Hsinchu, O=Realtek Semiconductor Corp., CN=Realtek Semiconductor
+                Corp.
+            ValidFrom: '2016-06-13 00:00:00'
+            ValidTo: '2019-01-24 12:00:00'
+            Signature: 9616a10e728762896fad0b74d574eb1775ae3bd1b12dc07441d668ec373ffb2ed5590d43f821b8d440c8e11338272d0cd1bc0ea5c05a428538c0ba1195e800c51e81db998174bdbe25be284a2c367d3578cf801524bd9f18b9098f4ee79f45a0e9af74894b828523f0b2c1c6837bc572da3be7f769e8df8749f26fd05087cc4b09fedac11c037e3690441286f8c52c09f18c7c179138f4844a8d99d8f9e7dec178ead089e12a05469c046a3c85b43d038811f02c6803128bf9bc1b757a2bb72d3ad61f670d3ae856ade0165f9dff89c36592b5295ead0718458c19c2f21781cd1ef0685049ebddd88806cd17e6eab078e2f0a505845ee5d9fca6904260ef8a1a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0320be3eb866526927f999b97b04346e
+            Version: 3
+            TBS:
+                MD5: 31dfd57553ffa3502588782224f0f952
+                SHA1: 5ab8ec4ea22baa159082487c27072381e061852a
+                SHA256: 89fe69abb220b5f1f93e80dcbb348b390f24e6805a7abf98823e410e282774cb
+                SHA384: ae20a14adc332445cbdec78ff89392dd9000fc95559eac38330516d00cf9bd845079946c6d3dc2655021ddda7de132a5
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA
+            ValidFrom: '2012-04-18 12:00:00'
+            ValidTo: '2027-04-18 12:00:00'
+            Signature: 9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0dd0e3374ac95bdbfa6b434b2a48ec06
+            Version: 3
+            TBS:
+                MD5: f92649915476229b093c211c2b18e6c4
+                SHA1: 2d54c16a8f8b69ccdea48d0603c132f547a5cf75
+                SHA256: 2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
+                SHA384: 511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 0320be3eb866526927f999b97b04346e
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 091d90a19b2eb0f04728c2211da595e4
+        SHA1: 06c1d5565ad8932bd6e71d81d9572ac6aab98437
+        SHA256: fcf8792839ba33da61aca308fedee78dcbd7cd149c7c25e26b398e15f94ed2e0
+    Sections:
+        .text:
+            Entropy: 6.359976474577312
+            Virtual Size: '0x423b'
+        .rdata:
+            Entropy: 4.670288041740874
+            Virtual Size: '0x8d4'
+        .data:
+            Entropy: 0.6159876284867231
+            Virtual Size: '0x100'
+        .pdata:
+            Entropy: 4.17047064233649
+            Virtual Size: '0x294'
+        PAGE:
+            Entropy: 6.034336660746691
+            Virtual Size: '0x6b4'
+        INIT:
+            Entropy: 5.773312907064967
+            Virtual Size: '0x720'
+        .rsrc:
+            Entropy: 3.2718105942586173
+            Virtual Size: '0x468'
+        .reloc:
+            Entropy: 3.0976094754943175
+            Virtual Size: '0x24'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2017-08-23 09:44:32'
+    Imphash: 6faad89adbfc9d5448bb1bd12e7714cd
+    LoadsDespiteHVCI: 'TRUE'
+-   Filename: rtkiow8x64.sys
+    MD5: b8b6686324f7aa77f570bc019ec214e6
+    SHA1: 6a3d3b9ab3d201cd6b0316a7f9c3fb4d34d0f403
+    SHA256: 082c39fe2e3217004206535e271ebd45c11eb072efde4cc9885b25ba5c39f91d
+    Signature:
+    - Realtek Semiconductor Corp.
+    - DigiCert EV Code Signing CA
+    - DigiCert
+    Date: ''
+    Publisher: ''
+    Company: 'Realtek                                            '
+    Description: Realtek IO Driver
+    Product: 'Realtek IO Driver                      '
+    ProductVersion: 1.008.0823.2017
+    FileVersion: 1.008.0823.2017
+    MachineType: AMD64
+    OriginalFilename: 'rtkiow8x64.sys '
+    Authentihash:
+        MD5: d2914b13c253d24728fade34df3d91df
+        SHA1: fa7fbb04748088557085ef3060b5fdb65a7b6b10
+        SHA256: ed68f30f8246730c2b57495ed1db1480350d879b01d070999d35f38630865f5c
+    InternalName: 'rtkiow8x64.sys '
+    Copyright: 'Copyright (C) 2017 Realtek Semiconductor Corporation. All Right Reserved.            '
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - KfRaiseIrql
+    - MmMapIoSpace
+    - MmUnmapIoSpace
+    - RtlInitUnicodeString
+    - MmGetSystemRoutineAddress
+    - RtlCompareMemory
+    - KeSetSystemAffinityThreadEx
+    - KeQueryActiveProcessors
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - ExCreateCallback
+    - ExRegisterCallback
+    - ExUnregisterCallback
+    - MmBuildMdlForNonPagedPool
+    - MmMapLockedPagesSpecifyCache
+    - KeLowerIrql
+    - IoAllocateMdl
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - IoFreeMdl
+    - IoRegisterShutdownNotification
+    - IoUnregisterShutdownNotification
+    - IoWMIRegistrationControl
+    - ObfDereferenceObject
+    - ZwClose
+    - ZwOpenKey
+    - ZwQueryValueKey
+    - __C_specific_handler
+    - MmUnmapLockedPages
+    - _vsnprintf
+    - KeStallExecutionProcessor
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: ??=Private Organization, ??=TW, serialNumber=22671299, ??=No.
+                2, Innovation Road II, Hsinchu Science Park, postalCode=300, C=TW,
+                ST=Taiwan, L=Hsinchu, O=Realtek Semiconductor Corp., CN=Realtek Semiconductor
+                Corp.
+            ValidFrom: '2016-06-13 00:00:00'
+            ValidTo: '2019-01-24 12:00:00'
+            Signature: 9616a10e728762896fad0b74d574eb1775ae3bd1b12dc07441d668ec373ffb2ed5590d43f821b8d440c8e11338272d0cd1bc0ea5c05a428538c0ba1195e800c51e81db998174bdbe25be284a2c367d3578cf801524bd9f18b9098f4ee79f45a0e9af74894b828523f0b2c1c6837bc572da3be7f769e8df8749f26fd05087cc4b09fedac11c037e3690441286f8c52c09f18c7c179138f4844a8d99d8f9e7dec178ead089e12a05469c046a3c85b43d038811f02c6803128bf9bc1b757a2bb72d3ad61f670d3ae856ade0165f9dff89c36592b5295ead0718458c19c2f21781cd1ef0685049ebddd88806cd17e6eab078e2f0a505845ee5d9fca6904260ef8a1a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0320be3eb866526927f999b97b04346e
+            Version: 3
+            TBS:
+                MD5: 31dfd57553ffa3502588782224f0f952
+                SHA1: 5ab8ec4ea22baa159082487c27072381e061852a
+                SHA256: 89fe69abb220b5f1f93e80dcbb348b390f24e6805a7abf98823e410e282774cb
+                SHA384: ae20a14adc332445cbdec78ff89392dd9000fc95559eac38330516d00cf9bd845079946c6d3dc2655021ddda7de132a5
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA
+            ValidFrom: '2012-04-18 12:00:00'
+            ValidTo: '2027-04-18 12:00:00'
+            Signature: 9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0dd0e3374ac95bdbfa6b434b2a48ec06
+            Version: 3
+            TBS:
+                MD5: f92649915476229b093c211c2b18e6c4
+                SHA1: 2d54c16a8f8b69ccdea48d0603c132f547a5cf75
+                SHA256: 2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
+                SHA384: 511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 0320be3eb866526927f999b97b04346e
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 091d90a19b2eb0f04728c2211da595e4
+        SHA1: 06c1d5565ad8932bd6e71d81d9572ac6aab98437
+        SHA256: fcf8792839ba33da61aca308fedee78dcbd7cd149c7c25e26b398e15f94ed2e0
+    Sections:
+        .text:
+            Entropy: 6.358698963973129
+            Virtual Size: '0x423b'
+        .rdata:
+            Entropy: 4.640039413530853
+            Virtual Size: '0x8d4'
+        .data:
+            Entropy: 0.6689229664132017
+            Virtual Size: '0xe8'
+        .pdata:
+            Entropy: 4.141052054569165
+            Virtual Size: '0x294'
+        PAGE:
+            Entropy: 6.028041090380566
+            Virtual Size: '0x6b4'
+        INIT:
+            Entropy: 5.777636360920832
+            Virtual Size: '0x71e'
+        .rsrc:
+            Entropy: 3.2824181682640794
+            Virtual Size: '0x460'
+        .reloc:
+            Entropy: 3.0976094754943175
+            Virtual Size: '0x24'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2017-08-23 09:43:48'
+    Imphash: 8122311437457ccae22578e301c6a17d
+    LoadsDespiteHVCI: 'TRUE'
+-   Authentihash:
+        MD5: 323c438f0a5a5e25ab49d996f968e876
+        SHA1: f9399f08551048d8c72269d26ad1ac09a463d87f
+        SHA256: aff3f4d25b85b6b3147d2b7f586edc3e9aa2ec25c37d5dc7ad809d99677497ea
+    Company: 'Realtek                                            '
+    Copyright: 'Copyright (C) 2015 Realtek Semiconductor Corporation. All Right Reserved.            '
+    CreationTimestamp: '2015-01-16 00:07:46'
+    Date: ''
+    Description: Realtek IODriver
+    ExportedFunctions: ''
+    FileVersion: '1.002.0116.2015 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - MmUnmapLockedPages
+    - KeQueryActiveProcessors
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - MmBuildMdlForNonPagedPool
+    - IoFreeMdl
+    - MmMapIoSpace
+    - ExAllocatePool
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - KeSetSystemAffinityThread
+    - IoCreateDevice
+    - DbgPrint
+    - IoAllocateMdl
+    - KeBugCheckEx
+    - MmMapLockedPagesSpecifyCache
+    - MmUnmapIoSpace
+    - __C_specific_handler
+    - KeStallExecutionProcessor
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: 'rtkio64.sys '
+    MD5: f23b2adcfab58e33872e5c2d0041ad88
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: 'rtkio64.sys '
+    PDBPath: ''
+    Product: 'Realtek IODriver                      '
+    ProductVersion: 1.002.0116.2015
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 828915d5ff115e52f37d95524c7a0117
+        SHA1: d3e9194abe3eaa7d627d62300106a204dfc6cc83
+        SHA256: 5ae1c86d91a78101645578bd556754625a3038ea1ca39386a720dcf8b3fcb154
+    SHA1: db006fa522142a197686c01116a6cf60e0001ef7
+    SHA256: 8ef59605ebb2cb259f19aba1a8c122629c224c58e603f270eaa72f516277620c
+    Sections:
+        .text:
+            Entropy: 6.15757668245519
+            Virtual Size: '0x9a8'
+        .rdata:
+            Entropy: 4.461315550778224
+            Virtual Size: '0x23c'
+        .data:
+            Entropy: 0.5035334969292564
+            Virtual Size: '0x118'
+        .pdata:
+            Entropy: 3.651730578389947
+            Virtual Size: '0xe4'
+        PAGE:
+            Entropy: 6.199729957821721
+            Virtual Size: '0x8fe'
+        INIT:
+            Entropy: 5.413882222771933
+            Virtual Size: '0x50c'
+        .rsrc:
+            Entropy: 3.25708255411683
+            Virtual Size: '0x478'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=TW, ST=Taiwan, L=Hsinchu, O=Realtek Semiconductor Corp, OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, CN=Realtek Semiconductor
+                Corp
+            ValidFrom: '2013-05-13 00:00:00'
+            ValidTo: '2016-07-11 23:59:59'
+            Signature: 24ed74a85f767e2c2c2ef5f2fd0ba023afa3fe639aaf5f3fe273e4d1cc003b3c623e426edfe5531a7f841d70e97871a2f67bb5773aec00416a9633b1f07f848bfb0420905523bc72a8df5bff55d9d4ab7ad3ba692121f28ad5f185ccac2ee76e66cfe02f98b71a643a02e1d5b9e3e97cbbcd294581e5c69441e18dc99a8b4322168c6416872f9603c6ac5e1418e9d058147bb64e64a8337c40a8935c1799d5a7107065acccbad04839744b53067caf020d84de26593aec44331d795e7722775efbe7dd9ba84bedf98c05cd30c58d85c651d8c19b45a299ebb13ecdc3ca876e907dabdd5f0b9e0dbe4c36f39fa206ddcc7cfaf7aed24bfa54fcfa37f1a5bb0ff9
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 13222a5dccf716df5af9c87084412dd9
+            Version: 3
+            TBS:
+                MD5: 505d3f5a216851c77d04130ee52b62d3
+                SHA1: 5a2febebb76e946077a8a12e86ca1fdae047c93e
+                SHA256: f496fa88d26071183b7cf6d90e16f9b1a19402f0c5d7bbecaf86a152925b9d3b
+                SHA384: 0d7164733ff545f216de67cfe0f95b15df5ba4d2ae37041dc253d24a7c62e4da4a222f536ad06d263f103973202d6d99
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 13222a5dccf716df5af9c87084412dd9
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 6f2d756d22c285a46206de3bfde6c79d
+    LoadsDespiteHVCI: 'TRUE'
+-   Authentihash:
+        MD5: b63a971807801d7c8873059cd5eef56f
+        SHA1: 7e75c5237b2536a8ffb04bc9db85b421f560ee80
+        SHA256: 4ecb25cb7a127729a0124d1c0e0ba7dd0c24a02f48f40f6af174b15581b6925c
+    Company: 'Realtek                                            '
+    Copyright: 'Copyright (C) 2012 Realtek Semiconductor Corporation. All Right Reserved.            '
+    CreationTimestamp: '2012-07-25 08:19:43'
+    Date: ''
+    Description: Realtek IODriver
+    ExportedFunctions: ''
+    FileVersion: '1.001.0725.2012 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - MmUnmapIoSpace
+    - MmBuildMdlForNonPagedPool
+    - IoFreeMdl
+    - MmMapLockedPagesSpecifyCache
+    - KeQueryActiveProcessors
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - KeSetSystemAffinityThread
+    - IoCreateDevice
+    - DbgPrint
+    - IoAllocateMdl
+    - KeBugCheckEx
+    - ExAllocatePool
+    - MmUnmapLockedPages
+    - __C_specific_handler
+    - KeStallExecutionProcessor
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: 'rtkio64.sys '
+    MD5: dd050e79c515e4a6d1ae36cac5545025
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: 'rtkio64.sys '
+    PDBPath: ''
+    Product: 'Realtek IODriver                      '
+    ProductVersion: 1.001.0725.2012
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 828915d5ff115e52f37d95524c7a0117
+        SHA1: d3e9194abe3eaa7d627d62300106a204dfc6cc83
+        SHA256: 5ae1c86d91a78101645578bd556754625a3038ea1ca39386a720dcf8b3fcb154
+    SHA1: c0100f8a8697a240604b3ea88848dd94947c7fd3
+    SHA256: a6f7897cd08fe9de5e902bb204ff87215584a008f458357d019a50d6139ca4af
+    Sections:
+        .text:
+            Entropy: 5.923664619701371
+            Virtual Size: '0x548'
+        .rdata:
+            Entropy: 4.279574069269288
+            Virtual Size: '0x1ec'
+        .data:
+            Entropy: 0.5035334969292564
+            Virtual Size: '0x118'
+        .pdata:
+            Entropy: 3.4238240815263694
+            Virtual Size: '0x9c'
+        PAGE:
+            Entropy: 6.2455841977264095
+            Virtual Size: '0x77e'
+        INIT:
+            Entropy: 5.41262022426708
+            Virtual Size: '0x50c'
+        .rsrc:
+            Entropy: 3.2769996059599005
+            Virtual Size: '0x478'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G3
+            ValidFrom: '2012-05-01 00:00:00'
+            ValidTo: '2012-12-31 23:59:59'
+            Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
+            Version: 3
+            TBS:
+                MD5: e6d820afb23af20a65cf0b03247ea05e
+                SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
+                SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
+                SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=TW, ST=Taiwan, L=Hsinchu, O=Realtek Semiconductor Corp, OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, OU=RTCN, CN=Realtek
+                Semiconductor Corp
+            ValidFrom: '2010-07-21 00:00:00'
+            ValidTo: '2013-06-11 23:59:59'
+            Signature: 6944295349cb2f0345a03f4b1be1351f4c361e68dd81dca590ebe4ac5f6e558fbb8b4d658e95ec5fddb5b31fdd4f98c0ca087af7c9b5bda8bf5eb3df56bc645e9402861e569a0f925220fada5ee8000893ace40b2b8b4cf598b2725ecfad20e4bcca8e10246474e8b7df6364ad38a7e2c125930afb624fc0a1431c87e2cb04c63ee62ebe12973baa5fc658ad644787d9802fa7eb5f892acd43155fbfa36e825842ad1799fc4543fc8a3fc0f7e110812faf9cc5846e93ddce7c5cb1670bdf62c648ce43c197d3d6825ca73f6e06eb51c725ee2339c6dbda33588a9970c3fdefe315152dc5a73ff855aba8129a1abc3c2654455deddca9b328bbff973266f5cd91
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 2c80892e0115b0b77aa3594b9a733953
+            Version: 3
+            TBS:
+                MD5: 4a941c830f7e9f9ce03c356b8c0fd25d
+                SHA1: f1ecad59308eb35e10b7085b6523e82d1f513957
+                SHA256: 70f36413a87faa734af7ba107f105430be009bb7a01948b30bbf0060f8c2d4d3
+                SHA384: 4b214d1474e9242b3e2b01919e6d0d802aaac64e3f40218454a2310a1a5662fbaa92240c822e42599469c33fe1d8f237
+        Signer:
+        -   SerialNumber: 2c80892e0115b0b77aa3594b9a733953
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    Imphash: 11bfcbdb0787ef461d442f973c392cf6
+    LoadsDespiteHVCI: 'TRUE'
+-   Authentihash:
+        MD5: b21ab759cfaa77178c30c8b43678707d
+        SHA1: e66b3b650761b1272b22d46ab41649b8a5c26603
+        SHA256: 902b754dd302a994074ea8d3e619d2f9000e6c6997e428f19f41533f7c5e192c
+    Company: 'Realtek                                            '
+    Copyright: 'Copyright (C) 2020 Realtek Semiconductor Corporation. All Right Reserved.            '
+    CreationTimestamp: '2020-07-09 03:29:01'
+    Date: ''
+    Description: Realtek IO Driver
+    ExportedFunctions: ''
+    FileVersion: '1.009.0709.2020 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - MmMapIoSpace
+    - MmUnmapLockedPages
+    - ExUnregisterCallback
+    - ExAllocatePoolWithTag
+    - IoWMIRegistrationControl
+    - KeQueryActiveProcessors
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - IoWMIWriteEvent
+    - IoRegisterShutdownNotification
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - MmGetSystemRoutineAddress
+    - MmBuildMdlForNonPagedPool
+    - IoFreeMdl
+    - MmUnmapIoSpace
+    - ZwQueryValueKey
+    - IoUnregisterShutdownNotification
+    - ZwClose
+    - IofCompleteRequest
+    - ExRegisterCallback
+    - RtlCompareMemory
+    - IoCreateSymbolicLink
+    - KeSetSystemAffinityThread
+    - ObfDereferenceObject
+    - ExCreateCallback
+    - IoAllocateMdl
+    - ZwOpenKey
+    - KeBugCheckEx
+    - MmMapLockedPagesSpecifyCache
+    - _vsnprintf
+    - IoCreateDevice
+    - ObOpenObjectByPointer
+    - ZwSetSecurityObject
+    - IoDeviceObjectType
+    - _snwprintf
+    - RtlLengthSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - RtlCreateSecurityDescriptor
+    - RtlSetDaclSecurityDescriptor
+    - RtlAbsoluteToSelfRelativeSD
+    - IoIsWdmVersionAvailable
+    - SeExports
+    - wcschr
+    - _wcsnicmp
+    - RtlLengthSid
+    - RtlAddAccessAllowedAce
+    - RtlGetSaclSecurityDescriptor
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - ZwCreateKey
+    - ZwSetValueKey
+    - RtlFreeUnicodeString
+    - __C_specific_handler
+    - KeStallExecutionProcessor
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: 'rtkio64.sys '
+    MD5: 96e10a2904fff9491762a4fb549ad580
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: 'rtkio64.sys '
+    PDBPath: ''
+    Product: 'Realtek IO Driver                      '
+    ProductVersion: 1.009.0709.2020
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 63f7901aa6e4d4f06db211ef42799ba5
+        SHA1: 5ed34cf05d72edfd47b1ec27267dce438d3ff4d9
+        SHA256: 3c01d91c9c375b050e6b479d0d01e63d0272f29fd2877a5a55606d2138ddbd04
+    SHA1: 02a8b74899591da7b7f49c0450328d39b939d7e4
+    SHA256: 4ed2d2c1b00e87b926fb58b4ea43d2db35e5912975f4400aa7bd9f8c239d08b7
+    Sections:
+        .text:
+            Entropy: 6.391922406819365
+            Virtual Size: '0x421b'
+        .rdata:
+            Entropy: 4.80434432651598
+            Virtual Size: '0x92c'
+        .data:
+            Entropy: 1.1536465847317705
+            Virtual Size: '0x400'
+        .pdata:
+            Entropy: 4.320185002692596
+            Virtual Size: '0x3a8'
+        PAGE:
+            Entropy: 6.260538908004026
+            Virtual Size: '0x1f94'
+        INIT:
+            Entropy: 5.842745769901463
+            Virtual Size: '0xc80'
+        .rsrc:
+            Entropy: 3.281854652191381
+            Virtual Size: '0x478'
+        .reloc:
+            Entropy: 1.2089679887091815
+            Virtual Size: '0x6c'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: ??=TW, ??=Private Organization, serialNumber=22671299, C=TW,
+                L=HSINCHU, O=Realtek Semiconductor Corp., CN=Realtek Semiconductor
+                Corp.
+            ValidFrom: '2020-01-09 00:00:00'
+            ValidTo: '2020-09-15 12:00:00'
+            Signature: 622ab6660f0bb6b692dbbfe701f462a2f59e43a039ed1bf699a2e55c1871b0d24036819d02f456b8b5903628c5cf7094cd138332eed3e985232c30c7b3bb7c0640f06bb230d5c1eccd4e13d2377c168df20895c77a8c87b44c6200f6f06bc3bc40b285efa3f855f75c7ff3518dfb299c638b5d560fb94d3e97eea3a29a7524a0c1192311571fd06905346264c6d6c8336e08cb34d9ee7440677b92aa061981364db6bb67b4d3479041e85c7b4e31e009f3d315b75c6c50d8cefe6b63475ac598505235fe9c5f69bee61d70940d47ac10a760e3eac26e268f21508b5e567e6d92c5b1ba9b1de5ebc9da9ac472d6ca33dae12b01fca6113e6e8082bd00a3a33840
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 04df4d56733ae38d598ea004dd2d9c51
+            Version: 3
+            TBS:
+                MD5: d969341c77d84b74180d7c0bbd1758f7
+                SHA1: 13ff0fcb6faef6cc0d764891fd83ff75b222a2b0
+                SHA256: 8cc799dc0170de639334d3a3112d2d2b8629fdc98844cb4d6d6c6dc0776bb8fe
+                SHA384: 511153edeab984723234ccf6cece5240e80bfb0f0108edfb3408db6c3457f8a909098b81c048dcf4027392345315df7d
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA
+            ValidFrom: '2012-04-18 12:00:00'
+            ValidTo: '2027-04-18 12:00:00'
+            Signature: 9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0dd0e3374ac95bdbfa6b434b2a48ec06
+            Version: 3
+            TBS:
+                MD5: f92649915476229b093c211c2b18e6c4
+                SHA1: 2d54c16a8f8b69ccdea48d0603c132f547a5cf75
+                SHA256: 2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
+                SHA384: 511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 04df4d56733ae38d598ea004dd2d9c51
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA
+            Version: 1
+    Imphash: 4343c9c0b78ee21e895f10d929c240d4
+    LoadsDespiteHVCI: 'TRUE'
+-   Authentihash:
+        MD5: d5757762e2ab3f34b0fa097b9abd3b90
+        SHA1: bdcbf070f68d8eecc47d7efbd9f377e8e652d026
+        SHA256: f3308899fc0ebdd04a4dacc386873c25dabe32a8f34607fb335148d2dab667d8
+    Company: 'Realtek                                            '
+    Copyright: 'Copyright (C) 2016 Realtek Semiconductor Corporation. All Right Reserved.            '
+    CreationTimestamp: '2016-08-25 03:11:29'
+    Date: ''
+    Description: Realtek IO Driver
+    ExportedFunctions: ''
+    FileVersion: '1.005.0825.2016 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - MmMapIoSpace
+    - MmUnmapLockedPages
+    - ExUnregisterCallback
+    - ExAllocatePoolWithTag
+    - IoWMIRegistrationControl
+    - KeQueryActiveProcessors
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - IoWMIWriteEvent
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - MmGetSystemRoutineAddress
+    - MmBuildMdlForNonPagedPool
+    - MmUnmapIoSpace
+    - MmMapLockedPagesSpecifyCache
+    - IofCompleteRequest
+    - ExRegisterCallback
+    - RtlCompareMemory
+    - IoCreateSymbolicLink
+    - KeSetSystemAffinityThread
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - ExCreateCallback
+    - IoAllocateMdl
+    - KeBugCheckEx
+    - IoFreeMdl
+    - _vsnprintf
+    - __C_specific_handler
+    - KeStallExecutionProcessor
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: 'rtkio64.sys '
+    MD5: 4e67277648c63b79563360dac22b5492
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: 'rtkio64.sys '
+    PDBPath: ''
+    Product: 'Realtek IO Driver                      '
+    ProductVersion: 1.005.0825.2016
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 9006d42eb57a81b9dadafec544fe5df2
+        SHA1: 2db94ffb76983a9a003b9ebb613d620999cd821f
+        SHA256: 58356006b491c680c6a690a93507344e34d757844d1b22b331f7b4a6eaaa0e2a
+    SHA1: 064847af77afca8a879a9bf34cb87b64b5e69165
+    SHA256: 3e1f592533625bf794e0184485a4407782018718ae797103f9e968ff6f0973a1
+    Sections:
+        .text:
+            Entropy: 6.466427287455347
+            Virtual Size: '0x34da'
+        .rdata:
+            Entropy: 5.060876333287481
+            Virtual Size: '0x3b8'
+        .data:
+            Entropy: 0.40172339231772025
+            Virtual Size: '0x1c0'
+        .pdata:
+            Entropy: 4.008151233389848
+            Virtual Size: '0x1e0'
+        PAGE:
+            Entropy: 6.051257697095618
+            Virtual Size: '0x554'
+        INIT:
+            Entropy: 5.919795403572851
+            Virtual Size: '0x94c'
+        .rsrc:
+            Entropy: 3.2913123916924825
+            Virtual Size: '0x478'
+        .reloc:
+            Entropy: 1.584962500721156
+            Virtual Size: '0xc'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: ??=Private Organization, ??=TW, serialNumber=22671299, ??=No.
+                2, Innovation Road II, Hsinchu Science Park, postalCode=300, C=TW,
+                ST=Taiwan, L=Hsinchu, O=Realtek Semiconductor Corp., CN=Realtek Semiconductor
+                Corp.
+            ValidFrom: '2016-06-16 00:00:00'
+            ValidTo: '2017-09-05 12:00:00'
+            Signature: ae5485b82bba5f5c5ee1c0e8e65b4d5f93fb294c16884ab6dd4a3abeb7ea20465a454deae2249adb71e25d01a063c46a1cdcf61c6d12f7f4d74fc6785ef7512e0be878f0b9842f6d940c6c42bb62cf4069ed91d4067ab6bcc74a85aa48aa2a97a30acfb4ffdfb9f7f82e624910eda3ce62bcf6e2663f701284c0bf3f6d42cda004887fd61d88ef7aa613a256040ef40cbb107f2b38d46f1b078c0bf4aee7597bcbed8c7e3a240908f11428182cb158a6e125ba22953c75753b720d91abf039326fe3e2c79237cc973d74f10b1bf5dbdb13fde60af6124a2dce9cb2f66516f0798dbd739ebe336db585c6d1b0691f85d71c460f3ce8ef7f21753f3b863d418ade
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03da4c26c76e1255dc8279aa9a751acc
+            Version: 3
+            TBS:
+                MD5: 7198bc17fb72482ba5b7ec573b8b0d52
+                SHA1: 975a554601a6887eab2a45b39df25fc298a5244d
+                SHA256: c25244fbc7a090b7fad21bac21419cc6c9766034fcca1b74222fa8dd8d99c8ae
+                SHA384: 5987193a6feaf5e88d974a1b5f40859d3fc97d18bd382de6ac15d89c8fca492da88115993e26b2eec27c46e962058fcb
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA
+            ValidFrom: '2012-04-18 12:00:00'
+            ValidTo: '2027-04-18 12:00:00'
+            Signature: 9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0dd0e3374ac95bdbfa6b434b2a48ec06
+            Version: 3
+            TBS:
+                MD5: f92649915476229b093c211c2b18e6c4
+                SHA1: 2d54c16a8f8b69ccdea48d0603c132f547a5cf75
+                SHA256: 2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
+                SHA384: 511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 03da4c26c76e1255dc8279aa9a751acc
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA
+            Version: 1
+    Imphash: 085a78615099ffefa2df0a31da3058d8
+    LoadsDespiteHVCI: 'TRUE'
+-   Authentihash:
+        MD5: 9335f6098f8706ebb83466fbd449bc0f
+        SHA1: 533e7f159d3adb334067257f80073e33accaa483
+        SHA256: ed617d4c50288921a6a760de19db1633bd8172421109dcf68082c67db085ddb1
+    Company: 'Realtek                                            '
+    Copyright: 'Copyright (C) 2016 Realtek Semiconductor Corporation. All Right Reserved.            '
+    CreationTimestamp: '2016-01-04 22:48:28'
+    Date: ''
+    Description: Realtek IO Driver
+    ExportedFunctions: ''
+    FileVersion: '1.004.0105.2016 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - MmUnmapLockedPages
+    - ExAllocatePoolWithTag
+    - KeQueryActiveProcessors
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - MmBuildMdlForNonPagedPool
+    - MmMapIoSpace
+    - MmMapLockedPagesSpecifyCache
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - KeSetSystemAffinityThread
+    - IoCreateDevice
+    - IoAllocateMdl
+    - KeBugCheckEx
+    - IoFreeMdl
+    - MmUnmapIoSpace
+    - __C_specific_handler
+    - KeStallExecutionProcessor
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: 'rtkio64.sys '
+    MD5: 7dd538bcaa98d6c063ead8606066333f
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: 'rtkio64.sys '
+    PDBPath: ''
+    Product: 'Realtek IO Driver                      '
+    ProductVersion: 1.004.0105.2016
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: ad2ff1abb61c2353de692b4809ddaab0
+        SHA1: 3812c9219e7bb3b2528b873af9aa9eee44cb4d52
+        SHA256: eec6ec55dda13c9655d1e9dd79fc25004c2203ce4784ca877979d693d69f51ee
+    SHA1: 2eddb10eecef740ec2f9158fa39410ec32262fc3
+    SHA256: db711ec3f4c96b60e4ed674d60c20ff7212d80e34b7aa171ad626eaa8399e8c7
+    Sections:
+        .text:
+            Entropy: 6.316117636025196
+            Virtual Size: '0x12c0'
+        .rdata:
+            Entropy: 4.5445281371973945
+            Virtual Size: '0x228'
+        .data:
+            Entropy: 0.5035334969292564
+            Virtual Size: '0x118'
+        .pdata:
+            Entropy: 3.5974706785237442
+            Virtual Size: '0xe4'
+        PAGE:
+            Entropy: 4.846922682767448
+            Virtual Size: '0xc4'
+        INIT:
+            Entropy: 5.322902325690655
+            Virtual Size: '0x44e'
+        .rsrc:
+            Entropy: 3.2501296267000415
+            Virtual Size: '0x478'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=TW, ST=Taiwan, L=Hsinchu, O=Realtek Semiconductor Corp, OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, CN=Realtek Semiconductor
+                Corp
+            ValidFrom: '2013-05-13 00:00:00'
+            ValidTo: '2016-07-11 23:59:59'
+            Signature: 24ed74a85f767e2c2c2ef5f2fd0ba023afa3fe639aaf5f3fe273e4d1cc003b3c623e426edfe5531a7f841d70e97871a2f67bb5773aec00416a9633b1f07f848bfb0420905523bc72a8df5bff55d9d4ab7ad3ba692121f28ad5f185ccac2ee76e66cfe02f98b71a643a02e1d5b9e3e97cbbcd294581e5c69441e18dc99a8b4322168c6416872f9603c6ac5e1418e9d058147bb64e64a8337c40a8935c1799d5a7107065acccbad04839744b53067caf020d84de26593aec44331d795e7722775efbe7dd9ba84bedf98c05cd30c58d85c651d8c19b45a299ebb13ecdc3ca876e907dabdd5f0b9e0dbe4c36f39fa206ddcc7cfaf7aed24bfa54fcfa37f1a5bb0ff9
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 13222a5dccf716df5af9c87084412dd9
+            Version: 3
+            TBS:
+                MD5: 505d3f5a216851c77d04130ee52b62d3
+                SHA1: 5a2febebb76e946077a8a12e86ca1fdae047c93e
+                SHA256: f496fa88d26071183b7cf6d90e16f9b1a19402f0c5d7bbecaf86a152925b9d3b
+                SHA384: 0d7164733ff545f216de67cfe0f95b15df5ba4d2ae37041dc253d24a7c62e4da4a222f536ad06d263f103973202d6d99
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 13222a5dccf716df5af9c87084412dd9
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: abdaca21ab5c831000b0aa4b8f357716
+    LoadsDespiteHVCI: 'TRUE'
+-   Authentihash:
+        MD5: e13260e98e8c2ff45d504114da8117e8
+        SHA1: 16b17721cf655f2442bf3865a9329f96e1e15295
+        SHA256: c6389dca278be297b95846badc2b6859b488f123dbdc5d7bfc6f4393eeb7e678
+    Company: 'Realtek                                            '
+    Copyright: 'Copyright (C) 2016 Realtek Semiconductor Corporation. All Right Reserved.            '
+    CreationTimestamp: '2016-08-25 03:11:29'
+    Date: ''
+    Description: Realtek IO Driver
+    ExportedFunctions: ''
+    FileVersion: '1.005.0825.2016 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - MmMapIoSpace
+    - MmUnmapLockedPages
+    - ExUnregisterCallback
+    - ExAllocatePoolWithTag
+    - IoWMIRegistrationControl
+    - KeQueryActiveProcessors
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - IoWMIWriteEvent
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - MmGetSystemRoutineAddress
+    - MmBuildMdlForNonPagedPool
+    - MmUnmapIoSpace
+    - MmMapLockedPagesSpecifyCache
+    - IofCompleteRequest
+    - ExRegisterCallback
+    - RtlCompareMemory
+    - IoCreateSymbolicLink
+    - KeSetSystemAffinityThread
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - ExCreateCallback
+    - IoAllocateMdl
+    - KeBugCheckEx
+    - IoFreeMdl
+    - _vsnprintf
+    - __C_specific_handler
+    - KeStallExecutionProcessor
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: 'rtkio64.sys '
+    MD5: 34edf3464c3f5605c1ca3a071f12e28c
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: 'rtkio64.sys '
+    PDBPath: ''
+    Product: 'Realtek IO Driver                      '
+    ProductVersion: 1.005.0825.2016
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 9006d42eb57a81b9dadafec544fe5df2
+        SHA1: 2db94ffb76983a9a003b9ebb613d620999cd821f
+        SHA256: 58356006b491c680c6a690a93507344e34d757844d1b22b331f7b4a6eaaa0e2a
+    SHA1: 164c899638bc83099c0379ea76485194564c956c
+    SHA256: 442c18aeb09556bb779b21185c4f7e152b892410429c123c86fc209a802bff3c
+    Sections:
+        .text:
+            Entropy: 6.466427287455347
+            Virtual Size: '0x34da'
+        .rdata:
+            Entropy: 5.060876333287481
+            Virtual Size: '0x3b8'
+        .data:
+            Entropy: 0.40172339231772025
+            Virtual Size: '0x1c0'
+        .pdata:
+            Entropy: 4.008151233389848
+            Virtual Size: '0x1e0'
+        PAGE:
+            Entropy: 6.051257697095618
+            Virtual Size: '0x554'
+        INIT:
+            Entropy: 5.919795403572851
+            Virtual Size: '0x94c'
+        .rsrc:
+            Entropy: 3.2913123916924825
+            Virtual Size: '0x478'
+        .reloc:
+            Entropy: 1.584962500721156
+            Virtual Size: '0xc'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: ??=Private Organization, ??=TW, serialNumber=22671299, ??=No.
+                2, Innovation Road II, Hsinchu Science Park, postalCode=300, C=TW,
+                ST=Taiwan, L=Hsinchu, O=Realtek Semiconductor Corp., CN=Realtek Semiconductor
+                Corp.
+            ValidFrom: '2016-06-13 00:00:00'
+            ValidTo: '2019-01-24 12:00:00'
+            Signature: 9616a10e728762896fad0b74d574eb1775ae3bd1b12dc07441d668ec373ffb2ed5590d43f821b8d440c8e11338272d0cd1bc0ea5c05a428538c0ba1195e800c51e81db998174bdbe25be284a2c367d3578cf801524bd9f18b9098f4ee79f45a0e9af74894b828523f0b2c1c6837bc572da3be7f769e8df8749f26fd05087cc4b09fedac11c037e3690441286f8c52c09f18c7c179138f4844a8d99d8f9e7dec178ead089e12a05469c046a3c85b43d038811f02c6803128bf9bc1b757a2bb72d3ad61f670d3ae856ade0165f9dff89c36592b5295ead0718458c19c2f21781cd1ef0685049ebddd88806cd17e6eab078e2f0a505845ee5d9fca6904260ef8a1a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0320be3eb866526927f999b97b04346e
+            Version: 3
+            TBS:
+                MD5: 31dfd57553ffa3502588782224f0f952
+                SHA1: 5ab8ec4ea22baa159082487c27072381e061852a
+                SHA256: 89fe69abb220b5f1f93e80dcbb348b390f24e6805a7abf98823e410e282774cb
+                SHA384: ae20a14adc332445cbdec78ff89392dd9000fc95559eac38330516d00cf9bd845079946c6d3dc2655021ddda7de132a5
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA
+            ValidFrom: '2012-04-18 12:00:00'
+            ValidTo: '2027-04-18 12:00:00'
+            Signature: 9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0dd0e3374ac95bdbfa6b434b2a48ec06
+            Version: 3
+            TBS:
+                MD5: f92649915476229b093c211c2b18e6c4
+                SHA1: 2d54c16a8f8b69ccdea48d0603c132f547a5cf75
+                SHA256: 2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
+                SHA384: 511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 0320be3eb866526927f999b97b04346e
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA
+            Version: 1
+    Imphash: 085a78615099ffefa2df0a31da3058d8
+    LoadsDespiteHVCI: 'TRUE'
diff --git a/yaml/8d97bb7f-e009-4dc7-ab9d-fde293e679dc.yaml b/yaml/8d97bb7f-e009-4dc7-ab9d-fde293e679dc.yaml
index 360561510..26cd13e44 100644
--- a/yaml/8d97bb7f-e009-4dc7-ab9d-fde293e679dc.yaml
+++ b/yaml/8d97bb7f-e009-4dc7-ab9d-fde293e679dc.yaml
@@ -1,626 +1,630 @@
 Id: 8d97bb7f-e009-4dc7-ab9d-fde293e679dc
+Tags:
+- AsUpIO.sys
+- AsUpIO64.sys
+Verified: 'TRUE'
 Author: Michael Haag, Nasreddine Bencherchali
 Created: '2023-05-06'
 MitreID: T1068
 Category: vulnerable driver
-Verified: 'TRUE'
 Commands:
-  Command: sc.exe create AsUpIO.sys binPath=C:\windows\temp\AsUpIO.sys type=kernel
-    && sc.exe start AsUpIO.sys
-  Description: ''
-  Usecase: Elevate privileges
-  Privileges: kernel
-  OperatingSystem: Windows 10
+    Command: sc.exe create AsUpIO.sys binPath=C:\windows\temp\AsUpIO.sys type=kernel
+        && sc.exe start AsUpIO.sys
+    Description: ''
+    Usecase: Elevate privileges
+    Privileges: kernel
+    OperatingSystem: Windows 10
 Resources:
 - Internal Research
 - https://github.com/namazso/physmem_drivers
 - https://github.com/eclypsium/Screwed-Drivers/blob/master/DRIVERS.m
-Acknowledgement:
-  Person: ''
-  Handle: ''
 Detection: []
+Acknowledgement:
+    Person: ''
+    Handle: ''
 KnownVulnerableSamples:
-- Filename: AsUpIO.sys
-  MD5: 9ba7c30177d2897bb3f7b3dc2f95ae0a
-  SHA1: 7115929de6fc6b9f09142a878d1a1bf358af5f24
-  SHA256: 8f23313adb35782adb0ba97fefbfbb8bbc5fc40ae272e07f6d4629a5305a3fa2
-  Authentihash:
-    MD5: a0bb761aa5957303141a7186d0ae717b
-    SHA1: 44638264cb1804ae17757f1336c19613de2f6e20
-    SHA256: d12acedc9a2702a18499b77dc8ae9e6b2d1eb557eb08c8a14b2ab3a984edec01
-  Description: ''
-  Company: ''
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  Product: ''
-  ProductVersion: ''
-  Copyright: ''
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - RtlCopyUnicodeString
-  - DbgPrint
-  - KeDelayExecutionThread
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - MmAllocateContiguousMemory
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - MmGetSystemRoutineAddress
-  - ObReferenceObjectByHandle
-  - ZwClose
-  - ZwOpenSection
-  - ZwMapViewOfSection
-  - ZwUnmapViewOfSection
-  - MmGetPhysicalAddress
-  - RtlCompareUnicodeString
-  - ZwOpenFile
-  - ZwQueryInformationFile
-  - ZwReadFile
-  - __C_specific_handler
-  - IoIs32bitProcess
-  - RtlInitUnicodeString
-  - HalTranslateBusAddress
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2031-11-10 00:00:00'
-      Signature: 1c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 02ac5c266a0b409b8f0b79f2ae462577
-      Version: 3
-      TBS:
-        MD5: a511f54640c3753a9243c9377bcd39cb
-        SHA1: e35ef08d884f0a0ade2f75e96301ce6230f213a8
-        SHA256: 64a6db64ed2570d76acbc8c25fdee1539be8c3e9494b75b6d7d3faf344703dad
-        SHA384: 6e5541ae9113bc5935faaac2e2433b565fdaf40cd9ce97af7273f883811b0d8e1ca760218bff3816ab612f85870962cb
-    - Subject: ??=TW, ??=Private Organization, serialNumber=23638777, C=TW, L=Taipei
-        City, O=ASUSTeK Computer Inc., CN=ASUSTeK Computer Inc.
-      ValidFrom: '2019-04-01 00:00:00'
-      ValidTo: '2022-01-11 12:00:00'
-      Signature: 646eaa59a80117077ed7d80227a6c3be77f3d9acdc0927d1299369e5636dbb773b61e91390d181178f88e5b92c7cc0c1b851541ee781380f7ac0425fea8a292a9cf93c7f851701db11dd13c8c0e97fd254839b81fdfd7e0a9a520c43186f4c834daa920b8a8e7ddd0048a55a5b7034675394a914b91258751c59b6d9d60ce1d17565fbdcd99311bcbe7e386807ecc186248ddbbb4bae2e4192a0509d661cd307c28a79c6b914854728463b7b39515869858c4975e0fbdd74188afa81c729682705f73bf80e839897b1d61d8deeabb53744e938b4b918fced39ca7dff3076c7f2dca4ddda8621a81fc493480456966901e29041821b116294bc98b445ebb05c33
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 0c64962e4467edcc1579646b7337ec8c
-      Version: 3
-      TBS:
-        MD5: 69796942ecdfadbd806bdea1460a5115
-        SHA1: 0ce9329828324db04bd0a7b101b4fbfedb3be8b2
-        SHA256: efd9b83b154c3e805e1bf7fdfd6a7f7bfdcf2ff3e191d1c33bdc427b6c82039b
-        SHA384: e27d21dc30c40e7b675120062e69c438e9f448ceed7b0434dedd129848c6a8edf05ec07ac25f5ec300be0da46a4c6eab
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA (SHA2)
-      ValidFrom: '2012-04-18 12:00:00'
-      ValidTo: '2027-04-18 12:00:00'
-      Signature: 19334a0c813337dbad36c9e4c93abbb51b2e7aa2e2f44342179ebf4ea14de1b1dbe981dd9f01f2e488d5e9fe09fd21c1ec5d80d2f0d6c143c2fe772bdbf9d79133ce6cd5b2193be62ed6c9934f88408ecde1f57ef10fc6595672e8eb6a41bd1cd546d57c49ca663815c1bfe091707787dcc98d31c90c29a233ed8de287cd898d3f1bffd5e01a978b7cda6dfba8c6b23a666b7b01b3cdd8a634ec1201ab9558a5c45357a860e6e70212a0b92364a24dbb7c81256421becfee42184397bba53706af4dff26a54d614bec4641b865ceb8799e08960b818c8a3b8fc7998ca32a6e986d5e61c696b78ab9612d93b8eb0e0443d7f5fea6f062d4996aa5c1c1f0649480
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 03f1b4e15f3a82f1149678b3d7d8475c
-      Version: 3
-      TBS:
-        MD5: 83f5de89f641d0fbf60248e10a7b9534
-        SHA1: 382a73a059a08698d6eb98c87e1b36fc750933a4
-        SHA256: eec58131dc11cd7f512501b15fdbc6074c603b68ca91f7162d5a042054edb0cf
-        SHA384: 4a25018683cabfb8ec2cad136334f37f33c89aa8540326322991d997c8adfb7faf06ab602ebd46630fe75fe3d2edc6b1
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 0c64962e4467edcc1579646b7337ec8c
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA (SHA2)
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 197a4bf6958157f8a9b4993a42e3ddbb
-    SHA1: 38e9c7848860529c6b4ea4d8a630a6126e0f7311
-    SHA256: 8fff1929e4b40fd49865f412393d3e4090a9a64a1d354b0d2ca764441f088702
-  Sections:
-    .text:
-      Entropy: 6.525966760154915
-      Virtual Size: '0x2492'
-    .rdata:
-      Entropy: 5.458968650154447
-      Virtual Size: '0x85c'
-    .data:
-      Entropy: 2.591917186688699
-      Virtual Size: '0x20'
-    .pdata:
-      Entropy: 3.8671455641223487
-      Virtual Size: '0x174'
-    INIT:
-      Entropy: 5.053976986986072
-      Virtual Size: '0x3c6'
-    .reloc:
-      Entropy: 2.9464393446710155
-      Virtual Size: '0x14'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2019-05-13 06:36:36'
-  Imphash: e0813a780309a0af84b605d95bd194e4
-  LoadsDespiteHVCI: 'TRUE'
-- Filename: AsUpIO.sys
-  MD5: f8dce1eb0f9fcaf07f68fe290aa629e4
-  SHA1: d697a3f4993e7cb15efdeda3b1a798ae25a2d0e9
-  SHA256: bdcacee3695583a0ca38b9a786b9f7334bf2a9a3387e4069c8e6ca378b2791d0
-  Authentihash:
-    MD5: 62c8f650e44fbd061ce3bc90a011758c
-    SHA1: d5f525a3f525aa2dc3459781c249896468e576ed
-    SHA256: a7c6f397f1fb230627bb537e1cf59283be04d17d050a384661e00aba6877b145
-  Description: ''
-  Company: ''
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  Product: ''
-  ProductVersion: ''
-  Copyright: ''
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - DbgPrint
-  - KeDelayExecutionThread
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - MmGetSystemRoutineAddress
-  - MmAllocateContiguousMemory
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - RtlCopyUnicodeString
-  - ObReferenceObjectByHandle
-  - ZwClose
-  - ZwOpenSection
-  - ZwMapViewOfSection
-  - ZwUnmapViewOfSection
-  - MmGetPhysicalAddress
-  - RtlCompareUnicodeString
-  - ZwOpenFile
-  - ZwQueryInformationFile
-  - ZwReadFile
-  - __C_specific_handler
-  - KeBugCheckEx
-  - IoIs32bitProcess
-  - RtlInitUnicodeString
-  - HalTranslateBusAddress
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: ??=TW, ??=Private Organization, serialNumber=23638777, C=TW, L=Taipei
-        City, O=ASUSTeK Computer Inc., CN=ASUSTeK Computer Inc.
-      ValidFrom: '2019-04-01 00:00:00'
-      ValidTo: '2022-01-11 12:00:00'
-      Signature: 646eaa59a80117077ed7d80227a6c3be77f3d9acdc0927d1299369e5636dbb773b61e91390d181178f88e5b92c7cc0c1b851541ee781380f7ac0425fea8a292a9cf93c7f851701db11dd13c8c0e97fd254839b81fdfd7e0a9a520c43186f4c834daa920b8a8e7ddd0048a55a5b7034675394a914b91258751c59b6d9d60ce1d17565fbdcd99311bcbe7e386807ecc186248ddbbb4bae2e4192a0509d661cd307c28a79c6b914854728463b7b39515869858c4975e0fbdd74188afa81c729682705f73bf80e839897b1d61d8deeabb53744e938b4b918fced39ca7dff3076c7f2dca4ddda8621a81fc493480456966901e29041821b116294bc98b445ebb05c33
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 0c64962e4467edcc1579646b7337ec8c
-      Version: 3
-      TBS:
-        MD5: 69796942ecdfadbd806bdea1460a5115
-        SHA1: 0ce9329828324db04bd0a7b101b4fbfedb3be8b2
-        SHA256: efd9b83b154c3e805e1bf7fdfd6a7f7bfdcf2ff3e191d1c33bdc427b6c82039b
-        SHA384: e27d21dc30c40e7b675120062e69c438e9f448ceed7b0434dedd129848c6a8edf05ec07ac25f5ec300be0da46a4c6eab
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA (SHA2)
-      ValidFrom: '2012-04-18 12:00:00'
-      ValidTo: '2027-04-18 12:00:00'
-      Signature: 19334a0c813337dbad36c9e4c93abbb51b2e7aa2e2f44342179ebf4ea14de1b1dbe981dd9f01f2e488d5e9fe09fd21c1ec5d80d2f0d6c143c2fe772bdbf9d79133ce6cd5b2193be62ed6c9934f88408ecde1f57ef10fc6595672e8eb6a41bd1cd546d57c49ca663815c1bfe091707787dcc98d31c90c29a233ed8de287cd898d3f1bffd5e01a978b7cda6dfba8c6b23a666b7b01b3cdd8a634ec1201ab9558a5c45357a860e6e70212a0b92364a24dbb7c81256421becfee42184397bba53706af4dff26a54d614bec4641b865ceb8799e08960b818c8a3b8fc7998ca32a6e986d5e61c696b78ab9612d93b8eb0e0443d7f5fea6f062d4996aa5c1c1f0649480
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 03f1b4e15f3a82f1149678b3d7d8475c
-      Version: 3
-      TBS:
-        MD5: 83f5de89f641d0fbf60248e10a7b9534
-        SHA1: 382a73a059a08698d6eb98c87e1b36fc750933a4
-        SHA256: eec58131dc11cd7f512501b15fdbc6074c603b68ca91f7162d5a042054edb0cf
-        SHA384: 4a25018683cabfb8ec2cad136334f37f33c89aa8540326322991d997c8adfb7faf06ab602ebd46630fe75fe3d2edc6b1
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 0c64962e4467edcc1579646b7337ec8c
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA (SHA2)
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 31e0ff9c51c8aa63f38f2bd91313d82c
-    SHA1: 79eecaf7752385a09bd53980d40a043146442401
-    SHA256: a92828358de94f442874b3394840c9f6b8d329d9c61ebf2596af3e16b39d1f2a
-  Sections:
-    .text:
-      Entropy: 6.520630971842666
-      Virtual Size: '0x24d2'
-    .rdata:
-      Entropy: 5.500481689831827
-      Virtual Size: '0x86c'
-    .data:
-      Entropy: 2.591917186688699
-      Virtual Size: '0x20'
-    .pdata:
-      Entropy: 3.935216054206713
-      Virtual Size: '0x180'
-    INIT:
-      Entropy: 5.215305445325754
-      Virtual Size: '0x416'
-    .reloc:
-      Entropy: 3.0464393446710156
-      Virtual Size: '0x14'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2019-06-13 00:15:00'
-  Imphash: 51780bba04121d6be13f69de08721445
-  LoadsDespiteHVCI: 'TRUE'
-- Authentihash:
-    MD5: 3e6db96f242c0c3115075add7d7847a0
-    SHA1: c5da546e0af6119f033a5d4ed79e7f5d90c004ff
-    SHA256: 70870e20f563899e4f05be2d0049cb495552b409ca7f4729a335bcbfffc3f47c
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2011-10-20 01:35:13'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: AsUpIO.sys
-  ImportedFunctions:
-  - ZwClose
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ZwMapViewOfSection
-  - MmGetPhysicalAddress
-  - MmAllocateContiguousMemory
-  - ZwUnmapViewOfSection
-  - IoIs32bitProcess
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - IofCompleteRequest
-  - KeDelayExecutionThread
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: 6d4159694e1754f262e326b52a3b305a
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ASUSTeK Computer Inc.
-  RichPEHeaderHash:
-    MD5: 058831031bc182e09fd9501e62a8c8ce
-    SHA1: 23c55978de25c037af392054d26cc72818ee3a60
-    SHA256: 7890a60d1090102ce6bb8cacac02b827a9edbbdf8ec13c022a9170b0ee036c43
-  SHA1: d5fd9fe10405c4f90235e583526164cd0902ed86
-  SHA256: b9a4e40a5d80fedd1037eaed958f9f9efed41eb01ada73d51b5dcd86e27e0cbf
-  Sections:
-    .text:
-      Entropy: 6.059938493523471
-      Virtual Size: '0xe9c'
-    .rdata:
-      Entropy: 4.411239902936905
-      Virtual Size: '0x198'
-    .data:
-      Entropy: 0.0
-      Virtual Size: '0xc'
-    .pdata:
-      Entropy: 3.3572264762803816
-      Virtual Size: '0x90'
-    INIT:
-      Entropy: 4.554674727952949
-      Virtual Size: '0x24a'
-  Signature:
-  - ASUSTeK Computer Inc.
-  - VeriSign Class 3 Code Signing 2009-2 CA
-  - VeriSign Class 3 Public Primary CA
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=TW, ST=Taiwan, L=Taipei / Peitou, O=ASUSTeK Computer Inc., OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=Quality Testing Department,
-        CN=ASUSTeK Computer Inc.
-      ValidFrom: '2009-08-03 00:00:00'
-      ValidTo: '2012-08-03 23:59:59'
-      Signature: bdc1dedf888c617c55af86763028f36094aeaadb7ebe82208e02d910305a252b4156a62a7f17366536fde06c13ff2bd8891e303a1e8c5c3cdb5fb257627367e3b6446b76c8080f61feac4424c5ef89467a79dc55fcb929805b727a10b39493038f97535686250f46e169bc85a02fb1f8a2626235a540e058084d1b17dbb7c426e76a8d3c2b3e2c0c4f33b9d6cc8d7a3590f8f61358ea5380ee0af3df7197dc4a615bcef1bcd119dba007d955d1acd14b42ab89d3539047d13d3e767de04ab5aa289fa0a698a582e84a5a65a1c9fabed2f75576629e8ad1826b68f2fca2baa751745f5ec968ed91cdf9761244a80b8c0d957900297ac3523c7a20c64e35be1b0a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 12d5c9e2949d48abaccd3514f0fb22ad
-      Version: 3
-      TBS:
-        MD5: a8e2727ca2cb8705c02aaef015feb372
-        SHA1: 94a0711ecebe96729e048ae1c7de9c4ba5c25ec4
-        SHA256: dd670882ef38bfeecfb2865ad06f52e36b07f99fbf5937b2ede58178d2221961
-        SHA384: 508037c851d72d2bf8f35ba25436903a510d02d58f923b6d2c694a9a27f4a82b0b0953ee7b3c68078faafe3886a64aa4
-    Signer:
-    - SerialNumber: 12d5c9e2949d48abaccd3514f0fb22ad
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  Imphash: 9d5a58052468c8e07ff3d5bd730e5d00
-  LoadsDespiteHVCI: 'TRUE'
-- Authentihash:
-    MD5: 1e97ead4c5049f8fefe2b72edd5fa90e
-    SHA1: 2a95f882dd9bafcc57f144a2708a7ec67dd7844c
-    SHA256: 7f75d91844b0c162eeb24d14bcf63b7f230e111daa7b0a26eaa489eeb22d9057
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2010-08-02 20:47:59'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: AsUpIO64.sys
-  ImportedFunctions:
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ZwClose
-  - MmGetPhysicalAddress
-  - MmAllocateContiguousMemory
-  - ZwUnmapViewOfSection
-  - IoIs32bitProcess
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - IofCompleteRequest
-  - KeDelayExecutionThread
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: 1392b92179b07b672720763d9b1028a5
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 058831031bc182e09fd9501e62a8c8ce
-    SHA1: 23c55978de25c037af392054d26cc72818ee3a60
-    SHA256: 7890a60d1090102ce6bb8cacac02b827a9edbbdf8ec13c022a9170b0ee036c43
-  SHA1: 8b6aa5b2bff44766ef7afbe095966a71bc4183fa
-  SHA256: b4d47ea790920a4531e3df5a4b4b0721b7fea6b49a35679f0652f1e590422602
-  Sections:
-    .text:
-      Entropy: 6.128485959548185
-      Virtual Size: '0x10fc'
-    .rdata:
-      Entropy: 4.469326855336564
-      Virtual Size: '0x1a0'
-    .data:
-      Entropy: 0.0
-      Virtual Size: '0xc'
-    .pdata:
-      Entropy: 3.3216749799000778
-      Virtual Size: '0x90'
-    INIT:
-      Entropy: 4.5288929688981066
-      Virtual Size: '0x24a'
-  Signature:
-  - ASUSTeK Computer Inc.
-  - VeriSign Class 3 Code Signing 2009-2 CA
-  - VeriSign Class 3 Public Primary CA
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=TW, ST=Taiwan, L=Taipei / Peitou, O=ASUSTeK Computer Inc., OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=Quality Testing Department,
-        CN=ASUSTeK Computer Inc.
-      ValidFrom: '2009-08-03 00:00:00'
-      ValidTo: '2012-08-03 23:59:59'
-      Signature: bdc1dedf888c617c55af86763028f36094aeaadb7ebe82208e02d910305a252b4156a62a7f17366536fde06c13ff2bd8891e303a1e8c5c3cdb5fb257627367e3b6446b76c8080f61feac4424c5ef89467a79dc55fcb929805b727a10b39493038f97535686250f46e169bc85a02fb1f8a2626235a540e058084d1b17dbb7c426e76a8d3c2b3e2c0c4f33b9d6cc8d7a3590f8f61358ea5380ee0af3df7197dc4a615bcef1bcd119dba007d955d1acd14b42ab89d3539047d13d3e767de04ab5aa289fa0a698a582e84a5a65a1c9fabed2f75576629e8ad1826b68f2fca2baa751745f5ec968ed91cdf9761244a80b8c0d957900297ac3523c7a20c64e35be1b0a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 12d5c9e2949d48abaccd3514f0fb22ad
-      Version: 3
-      TBS:
-        MD5: a8e2727ca2cb8705c02aaef015feb372
-        SHA1: 94a0711ecebe96729e048ae1c7de9c4ba5c25ec4
-        SHA256: dd670882ef38bfeecfb2865ad06f52e36b07f99fbf5937b2ede58178d2221961
-        SHA384: 508037c851d72d2bf8f35ba25436903a510d02d58f923b6d2c694a9a27f4a82b0b0953ee7b3c68078faafe3886a64aa4
-    Signer:
-    - SerialNumber: 12d5c9e2949d48abaccd3514f0fb22ad
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  Imphash: b4b90c1b054ebe273bff4b2fd6927990
-  LoadsDespiteHVCI: 'FALSE'
-Tags:
-- AsUpIO.sys
-- AsUpIO64.sys
\ No newline at end of file
+-   Filename: AsUpIO.sys
+    MD5: 9ba7c30177d2897bb3f7b3dc2f95ae0a
+    SHA1: 7115929de6fc6b9f09142a878d1a1bf358af5f24
+    SHA256: 8f23313adb35782adb0ba97fefbfbb8bbc5fc40ae272e07f6d4629a5305a3fa2
+    Authentihash:
+        MD5: a0bb761aa5957303141a7186d0ae717b
+        SHA1: 44638264cb1804ae17757f1336c19613de2f6e20
+        SHA256: d12acedc9a2702a18499b77dc8ae9e6b2d1eb557eb08c8a14b2ab3a984edec01
+    Description: ''
+    Company: ''
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    Product: ''
+    ProductVersion: ''
+    Copyright: ''
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - RtlCopyUnicodeString
+    - DbgPrint
+    - KeDelayExecutionThread
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - MmAllocateContiguousMemory
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - MmGetSystemRoutineAddress
+    - ObReferenceObjectByHandle
+    - ZwClose
+    - ZwOpenSection
+    - ZwMapViewOfSection
+    - ZwUnmapViewOfSection
+    - MmGetPhysicalAddress
+    - RtlCompareUnicodeString
+    - ZwOpenFile
+    - ZwQueryInformationFile
+    - ZwReadFile
+    - __C_specific_handler
+    - IoIs32bitProcess
+    - RtlInitUnicodeString
+    - HalTranslateBusAddress
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2031-11-10 00:00:00'
+            Signature: 1c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 02ac5c266a0b409b8f0b79f2ae462577
+            Version: 3
+            TBS:
+                MD5: a511f54640c3753a9243c9377bcd39cb
+                SHA1: e35ef08d884f0a0ade2f75e96301ce6230f213a8
+                SHA256: 64a6db64ed2570d76acbc8c25fdee1539be8c3e9494b75b6d7d3faf344703dad
+                SHA384: 6e5541ae9113bc5935faaac2e2433b565fdaf40cd9ce97af7273f883811b0d8e1ca760218bff3816ab612f85870962cb
+        -   Subject: ??=TW, ??=Private Organization, serialNumber=23638777, C=TW,
+                L=Taipei City, O=ASUSTeK Computer Inc., CN=ASUSTeK Computer Inc.
+            ValidFrom: '2019-04-01 00:00:00'
+            ValidTo: '2022-01-11 12:00:00'
+            Signature: 646eaa59a80117077ed7d80227a6c3be77f3d9acdc0927d1299369e5636dbb773b61e91390d181178f88e5b92c7cc0c1b851541ee781380f7ac0425fea8a292a9cf93c7f851701db11dd13c8c0e97fd254839b81fdfd7e0a9a520c43186f4c834daa920b8a8e7ddd0048a55a5b7034675394a914b91258751c59b6d9d60ce1d17565fbdcd99311bcbe7e386807ecc186248ddbbb4bae2e4192a0509d661cd307c28a79c6b914854728463b7b39515869858c4975e0fbdd74188afa81c729682705f73bf80e839897b1d61d8deeabb53744e938b4b918fced39ca7dff3076c7f2dca4ddda8621a81fc493480456966901e29041821b116294bc98b445ebb05c33
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 0c64962e4467edcc1579646b7337ec8c
+            Version: 3
+            TBS:
+                MD5: 69796942ecdfadbd806bdea1460a5115
+                SHA1: 0ce9329828324db04bd0a7b101b4fbfedb3be8b2
+                SHA256: efd9b83b154c3e805e1bf7fdfd6a7f7bfdcf2ff3e191d1c33bdc427b6c82039b
+                SHA384: e27d21dc30c40e7b675120062e69c438e9f448ceed7b0434dedd129848c6a8edf05ec07ac25f5ec300be0da46a4c6eab
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA (SHA2)
+            ValidFrom: '2012-04-18 12:00:00'
+            ValidTo: '2027-04-18 12:00:00'
+            Signature: 19334a0c813337dbad36c9e4c93abbb51b2e7aa2e2f44342179ebf4ea14de1b1dbe981dd9f01f2e488d5e9fe09fd21c1ec5d80d2f0d6c143c2fe772bdbf9d79133ce6cd5b2193be62ed6c9934f88408ecde1f57ef10fc6595672e8eb6a41bd1cd546d57c49ca663815c1bfe091707787dcc98d31c90c29a233ed8de287cd898d3f1bffd5e01a978b7cda6dfba8c6b23a666b7b01b3cdd8a634ec1201ab9558a5c45357a860e6e70212a0b92364a24dbb7c81256421becfee42184397bba53706af4dff26a54d614bec4641b865ceb8799e08960b818c8a3b8fc7998ca32a6e986d5e61c696b78ab9612d93b8eb0e0443d7f5fea6f062d4996aa5c1c1f0649480
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 03f1b4e15f3a82f1149678b3d7d8475c
+            Version: 3
+            TBS:
+                MD5: 83f5de89f641d0fbf60248e10a7b9534
+                SHA1: 382a73a059a08698d6eb98c87e1b36fc750933a4
+                SHA256: eec58131dc11cd7f512501b15fdbc6074c603b68ca91f7162d5a042054edb0cf
+                SHA384: 4a25018683cabfb8ec2cad136334f37f33c89aa8540326322991d997c8adfb7faf06ab602ebd46630fe75fe3d2edc6b1
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 0c64962e4467edcc1579646b7337ec8c
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA (SHA2)
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 197a4bf6958157f8a9b4993a42e3ddbb
+        SHA1: 38e9c7848860529c6b4ea4d8a630a6126e0f7311
+        SHA256: 8fff1929e4b40fd49865f412393d3e4090a9a64a1d354b0d2ca764441f088702
+    Sections:
+        .text:
+            Entropy: 6.525966760154915
+            Virtual Size: '0x2492'
+        .rdata:
+            Entropy: 5.458968650154447
+            Virtual Size: '0x85c'
+        .data:
+            Entropy: 2.591917186688699
+            Virtual Size: '0x20'
+        .pdata:
+            Entropy: 3.8671455641223487
+            Virtual Size: '0x174'
+        INIT:
+            Entropy: 5.053976986986072
+            Virtual Size: '0x3c6'
+        .reloc:
+            Entropy: 2.9464393446710155
+            Virtual Size: '0x14'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2019-05-13 06:36:36'
+    Imphash: e0813a780309a0af84b605d95bd194e4
+    LoadsDespiteHVCI: 'TRUE'
+-   Filename: AsUpIO.sys
+    MD5: f8dce1eb0f9fcaf07f68fe290aa629e4
+    SHA1: d697a3f4993e7cb15efdeda3b1a798ae25a2d0e9
+    SHA256: bdcacee3695583a0ca38b9a786b9f7334bf2a9a3387e4069c8e6ca378b2791d0
+    Authentihash:
+        MD5: 62c8f650e44fbd061ce3bc90a011758c
+        SHA1: d5f525a3f525aa2dc3459781c249896468e576ed
+        SHA256: a7c6f397f1fb230627bb537e1cf59283be04d17d050a384661e00aba6877b145
+    Description: ''
+    Company: ''
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    Product: ''
+    ProductVersion: ''
+    Copyright: ''
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - DbgPrint
+    - KeDelayExecutionThread
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - MmGetSystemRoutineAddress
+    - MmAllocateContiguousMemory
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - RtlCopyUnicodeString
+    - ObReferenceObjectByHandle
+    - ZwClose
+    - ZwOpenSection
+    - ZwMapViewOfSection
+    - ZwUnmapViewOfSection
+    - MmGetPhysicalAddress
+    - RtlCompareUnicodeString
+    - ZwOpenFile
+    - ZwQueryInformationFile
+    - ZwReadFile
+    - __C_specific_handler
+    - KeBugCheckEx
+    - IoIs32bitProcess
+    - RtlInitUnicodeString
+    - HalTranslateBusAddress
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: ??=TW, ??=Private Organization, serialNumber=23638777, C=TW,
+                L=Taipei City, O=ASUSTeK Computer Inc., CN=ASUSTeK Computer Inc.
+            ValidFrom: '2019-04-01 00:00:00'
+            ValidTo: '2022-01-11 12:00:00'
+            Signature: 646eaa59a80117077ed7d80227a6c3be77f3d9acdc0927d1299369e5636dbb773b61e91390d181178f88e5b92c7cc0c1b851541ee781380f7ac0425fea8a292a9cf93c7f851701db11dd13c8c0e97fd254839b81fdfd7e0a9a520c43186f4c834daa920b8a8e7ddd0048a55a5b7034675394a914b91258751c59b6d9d60ce1d17565fbdcd99311bcbe7e386807ecc186248ddbbb4bae2e4192a0509d661cd307c28a79c6b914854728463b7b39515869858c4975e0fbdd74188afa81c729682705f73bf80e839897b1d61d8deeabb53744e938b4b918fced39ca7dff3076c7f2dca4ddda8621a81fc493480456966901e29041821b116294bc98b445ebb05c33
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 0c64962e4467edcc1579646b7337ec8c
+            Version: 3
+            TBS:
+                MD5: 69796942ecdfadbd806bdea1460a5115
+                SHA1: 0ce9329828324db04bd0a7b101b4fbfedb3be8b2
+                SHA256: efd9b83b154c3e805e1bf7fdfd6a7f7bfdcf2ff3e191d1c33bdc427b6c82039b
+                SHA384: e27d21dc30c40e7b675120062e69c438e9f448ceed7b0434dedd129848c6a8edf05ec07ac25f5ec300be0da46a4c6eab
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA (SHA2)
+            ValidFrom: '2012-04-18 12:00:00'
+            ValidTo: '2027-04-18 12:00:00'
+            Signature: 19334a0c813337dbad36c9e4c93abbb51b2e7aa2e2f44342179ebf4ea14de1b1dbe981dd9f01f2e488d5e9fe09fd21c1ec5d80d2f0d6c143c2fe772bdbf9d79133ce6cd5b2193be62ed6c9934f88408ecde1f57ef10fc6595672e8eb6a41bd1cd546d57c49ca663815c1bfe091707787dcc98d31c90c29a233ed8de287cd898d3f1bffd5e01a978b7cda6dfba8c6b23a666b7b01b3cdd8a634ec1201ab9558a5c45357a860e6e70212a0b92364a24dbb7c81256421becfee42184397bba53706af4dff26a54d614bec4641b865ceb8799e08960b818c8a3b8fc7998ca32a6e986d5e61c696b78ab9612d93b8eb0e0443d7f5fea6f062d4996aa5c1c1f0649480
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 03f1b4e15f3a82f1149678b3d7d8475c
+            Version: 3
+            TBS:
+                MD5: 83f5de89f641d0fbf60248e10a7b9534
+                SHA1: 382a73a059a08698d6eb98c87e1b36fc750933a4
+                SHA256: eec58131dc11cd7f512501b15fdbc6074c603b68ca91f7162d5a042054edb0cf
+                SHA384: 4a25018683cabfb8ec2cad136334f37f33c89aa8540326322991d997c8adfb7faf06ab602ebd46630fe75fe3d2edc6b1
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 0c64962e4467edcc1579646b7337ec8c
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA (SHA2)
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 31e0ff9c51c8aa63f38f2bd91313d82c
+        SHA1: 79eecaf7752385a09bd53980d40a043146442401
+        SHA256: a92828358de94f442874b3394840c9f6b8d329d9c61ebf2596af3e16b39d1f2a
+    Sections:
+        .text:
+            Entropy: 6.520630971842666
+            Virtual Size: '0x24d2'
+        .rdata:
+            Entropy: 5.500481689831827
+            Virtual Size: '0x86c'
+        .data:
+            Entropy: 2.591917186688699
+            Virtual Size: '0x20'
+        .pdata:
+            Entropy: 3.935216054206713
+            Virtual Size: '0x180'
+        INIT:
+            Entropy: 5.215305445325754
+            Virtual Size: '0x416'
+        .reloc:
+            Entropy: 3.0464393446710156
+            Virtual Size: '0x14'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2019-06-13 00:15:00'
+    Imphash: 51780bba04121d6be13f69de08721445
+    LoadsDespiteHVCI: 'TRUE'
+-   Authentihash:
+        MD5: 3e6db96f242c0c3115075add7d7847a0
+        SHA1: c5da546e0af6119f033a5d4ed79e7f5d90c004ff
+        SHA256: 70870e20f563899e4f05be2d0049cb495552b409ca7f4729a335bcbfffc3f47c
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2011-10-20 01:35:13'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: AsUpIO.sys
+    ImportedFunctions:
+    - ZwClose
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - ZwMapViewOfSection
+    - MmGetPhysicalAddress
+    - MmAllocateContiguousMemory
+    - ZwUnmapViewOfSection
+    - IoIs32bitProcess
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - IofCompleteRequest
+    - KeDelayExecutionThread
+    - HalTranslateBusAddress
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: 6d4159694e1754f262e326b52a3b305a
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ASUSTeK Computer Inc.
+    RichPEHeaderHash:
+        MD5: 058831031bc182e09fd9501e62a8c8ce
+        SHA1: 23c55978de25c037af392054d26cc72818ee3a60
+        SHA256: 7890a60d1090102ce6bb8cacac02b827a9edbbdf8ec13c022a9170b0ee036c43
+    SHA1: d5fd9fe10405c4f90235e583526164cd0902ed86
+    SHA256: b9a4e40a5d80fedd1037eaed958f9f9efed41eb01ada73d51b5dcd86e27e0cbf
+    Sections:
+        .text:
+            Entropy: 6.059938493523471
+            Virtual Size: '0xe9c'
+        .rdata:
+            Entropy: 4.411239902936905
+            Virtual Size: '0x198'
+        .data:
+            Entropy: 0.0
+            Virtual Size: '0xc'
+        .pdata:
+            Entropy: 3.3572264762803816
+            Virtual Size: '0x90'
+        INIT:
+            Entropy: 4.554674727952949
+            Virtual Size: '0x24a'
+    Signature:
+    - ASUSTeK Computer Inc.
+    - VeriSign Class 3 Code Signing 2009-2 CA
+    - VeriSign Class 3 Public Primary CA
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=TW, ST=Taiwan, L=Taipei / Peitou, O=ASUSTeK Computer Inc.,
+                OU=Digital ID Class 3 , Microsoft Software Validation v2, OU=Quality
+                Testing Department, CN=ASUSTeK Computer Inc.
+            ValidFrom: '2009-08-03 00:00:00'
+            ValidTo: '2012-08-03 23:59:59'
+            Signature: bdc1dedf888c617c55af86763028f36094aeaadb7ebe82208e02d910305a252b4156a62a7f17366536fde06c13ff2bd8891e303a1e8c5c3cdb5fb257627367e3b6446b76c8080f61feac4424c5ef89467a79dc55fcb929805b727a10b39493038f97535686250f46e169bc85a02fb1f8a2626235a540e058084d1b17dbb7c426e76a8d3c2b3e2c0c4f33b9d6cc8d7a3590f8f61358ea5380ee0af3df7197dc4a615bcef1bcd119dba007d955d1acd14b42ab89d3539047d13d3e767de04ab5aa289fa0a698a582e84a5a65a1c9fabed2f75576629e8ad1826b68f2fca2baa751745f5ec968ed91cdf9761244a80b8c0d957900297ac3523c7a20c64e35be1b0a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 12d5c9e2949d48abaccd3514f0fb22ad
+            Version: 3
+            TBS:
+                MD5: a8e2727ca2cb8705c02aaef015feb372
+                SHA1: 94a0711ecebe96729e048ae1c7de9c4ba5c25ec4
+                SHA256: dd670882ef38bfeecfb2865ad06f52e36b07f99fbf5937b2ede58178d2221961
+                SHA384: 508037c851d72d2bf8f35ba25436903a510d02d58f923b6d2c694a9a27f4a82b0b0953ee7b3c68078faafe3886a64aa4
+        Signer:
+        -   SerialNumber: 12d5c9e2949d48abaccd3514f0fb22ad
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    Imphash: 9d5a58052468c8e07ff3d5bd730e5d00
+    LoadsDespiteHVCI: 'TRUE'
+-   Authentihash:
+        MD5: 1e97ead4c5049f8fefe2b72edd5fa90e
+        SHA1: 2a95f882dd9bafcc57f144a2708a7ec67dd7844c
+        SHA256: 7f75d91844b0c162eeb24d14bcf63b7f230e111daa7b0a26eaa489eeb22d9057
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2010-08-02 20:47:59'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: AsUpIO64.sys
+    ImportedFunctions:
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - ZwClose
+    - MmGetPhysicalAddress
+    - MmAllocateContiguousMemory
+    - ZwUnmapViewOfSection
+    - IoIs32bitProcess
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - IofCompleteRequest
+    - KeDelayExecutionThread
+    - HalTranslateBusAddress
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: 1392b92179b07b672720763d9b1028a5
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 058831031bc182e09fd9501e62a8c8ce
+        SHA1: 23c55978de25c037af392054d26cc72818ee3a60
+        SHA256: 7890a60d1090102ce6bb8cacac02b827a9edbbdf8ec13c022a9170b0ee036c43
+    SHA1: 8b6aa5b2bff44766ef7afbe095966a71bc4183fa
+    SHA256: b4d47ea790920a4531e3df5a4b4b0721b7fea6b49a35679f0652f1e590422602
+    Sections:
+        .text:
+            Entropy: 6.128485959548185
+            Virtual Size: '0x10fc'
+        .rdata:
+            Entropy: 4.469326855336564
+            Virtual Size: '0x1a0'
+        .data:
+            Entropy: 0.0
+            Virtual Size: '0xc'
+        .pdata:
+            Entropy: 3.3216749799000778
+            Virtual Size: '0x90'
+        INIT:
+            Entropy: 4.5288929688981066
+            Virtual Size: '0x24a'
+    Signature:
+    - ASUSTeK Computer Inc.
+    - VeriSign Class 3 Code Signing 2009-2 CA
+    - VeriSign Class 3 Public Primary CA
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=TW, ST=Taiwan, L=Taipei / Peitou, O=ASUSTeK Computer Inc.,
+                OU=Digital ID Class 3 , Microsoft Software Validation v2, OU=Quality
+                Testing Department, CN=ASUSTeK Computer Inc.
+            ValidFrom: '2009-08-03 00:00:00'
+            ValidTo: '2012-08-03 23:59:59'
+            Signature: bdc1dedf888c617c55af86763028f36094aeaadb7ebe82208e02d910305a252b4156a62a7f17366536fde06c13ff2bd8891e303a1e8c5c3cdb5fb257627367e3b6446b76c8080f61feac4424c5ef89467a79dc55fcb929805b727a10b39493038f97535686250f46e169bc85a02fb1f8a2626235a540e058084d1b17dbb7c426e76a8d3c2b3e2c0c4f33b9d6cc8d7a3590f8f61358ea5380ee0af3df7197dc4a615bcef1bcd119dba007d955d1acd14b42ab89d3539047d13d3e767de04ab5aa289fa0a698a582e84a5a65a1c9fabed2f75576629e8ad1826b68f2fca2baa751745f5ec968ed91cdf9761244a80b8c0d957900297ac3523c7a20c64e35be1b0a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 12d5c9e2949d48abaccd3514f0fb22ad
+            Version: 3
+            TBS:
+                MD5: a8e2727ca2cb8705c02aaef015feb372
+                SHA1: 94a0711ecebe96729e048ae1c7de9c4ba5c25ec4
+                SHA256: dd670882ef38bfeecfb2865ad06f52e36b07f99fbf5937b2ede58178d2221961
+                SHA384: 508037c851d72d2bf8f35ba25436903a510d02d58f923b6d2c694a9a27f4a82b0b0953ee7b3c68078faafe3886a64aa4
+        Signer:
+        -   SerialNumber: 12d5c9e2949d48abaccd3514f0fb22ad
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    Imphash: b4b90c1b054ebe273bff4b2fd6927990
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/8ecc8439-0554-40d0-9130-c02941deadbe.yaml b/yaml/8ecc8439-0554-40d0-9130-c02941deadbe.yaml
index 0ddc74eee..12022d35d 100644
--- a/yaml/8ecc8439-0554-40d0-9130-c02941deadbe.yaml
+++ b/yaml/8ecc8439-0554-40d0-9130-c02941deadbe.yaml
@@ -1,741 +1,744 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 8ecc8439-0554-40d0-9130-c02941deadbe
+Tags:
+- rtport.sys
+Verified: 'TRUE'
 Author: Takahiro Haruyama
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create rtportsys binPath= C:\windows\temp\rtportsys.sys type=kernel
-    && sc.exe start rtportsys
-  Description: The Carbon Black Threat Analysis Unit (TAU) discovered 34 unique vulnerable
-    drivers (237 file hashes) accepting firmware access. Six allow kernel memory access.
-    All give full control of the devices to non-admin users. By exploiting the vulnerable
-    drivers, an attacker without the system privilege may erase/alter firmware, and/or
-    elevate privileges. As of the time of writing in October 2023, the filenames of
-    the vulnerable drivers have not been made public until now.
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-11-02'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: 8ecc8439-0554-40d0-9130-c02941deadbe
-KnownVulnerableSamples:
-- Company: Windows (R) 2003 DDK 3790 provider
-  Date: ''
-  Description: Generic Port I/O for Win32
-  FileVersion: 5.0.2195.1711
-  Filename: ''
-  MD5: 41ce6b172542a9a227e34a45881e1d2a
-  MachineType: I386
-  OriginalFilename: rtport.sys
-  Product: Windows (R) 2003 DDK 3790 provider
-  ProductVersion: 5.0.2195.1711
-  Publisher: ''
-  SHA1: dd2b90c9796237036ac7136a172d96274dea14c8
-  SHA256: 3c0a36990f7eef89b2d5f454b6452b6df1304609903f31f475502e4050241dd8
-  Signature: ''
-  Imphash: 87842ffa59724bda8389394bcaeb5d73
-  Authentihash:
-    MD5: cb185e6027fd0f1bf0e00657aea623a8
-    SHA1: f61d01c700cdd2ad50ae7fd5b1f017a216efb46d
-    SHA256: 31add0358eb679d7c10ac1622403a85891bf764154280a589e71ccd297fc7a16
-  RichPEHeaderHash:
-    MD5: a93b122801093616058ea4fb3bf99573
-    SHA1: f263bee2a167bc0377231b850db3301b1cd022c6
-    SHA256: 77b21b1ef7ae058833c017d1d662b39c455fa6e93f372476bb8fd80ced199c4a
-  Sections:
-    .text:
-      Entropy: 5.81057548117791
-      Virtual Size: '0xc5a'
-    .rdata:
-      Entropy: 4.310767375468368
-      Virtual Size: '0xd5'
-    .data:
-      Entropy: 0.9833557549816874
-      Virtual Size: '0x18'
-    INIT:
-      Entropy: 5.24695617711003
-      Virtual Size: '0x2ea'
-    .rsrc:
-      Entropy: 3.4164766974482492
-      Virtual Size: '0x450'
-    .reloc:
-      Entropy: 4.33595482765136
-      Virtual Size: '0xea'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2005-08-01 03:36:49'
-  InternalName: rtport.sys
-  Copyright: Copyright (C) Microsoft Corp. 2005
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - READ_REGISTER_USHORT
-  - READ_REGISTER_UCHAR
-  - WRITE_REGISTER_ULONG
-  - WRITE_REGISTER_USHORT
-  - READ_REGISTER_ULONG
-  - IoDeleteSymbolicLink
-  - KeTickCount
-  - KeBugCheckEx
-  - MmMapIoSpace
-  - MmUnmapIoSpace
-  - IofCompleteRequest
-  - RtlInitUnicodeString
-  - IoCreateDevice
-  - memset
-  - IoCreateSymbolicLink
-  - WRITE_REGISTER_UCHAR
-  - IoDeleteDevice
-  - WRITE_PORT_UCHAR
-  - WRITE_PORT_USHORT
-  - WRITE_PORT_ULONG
-  - HalGetBusDataByOffset
-  - READ_PORT_UCHAR
-  - READ_PORT_USHORT
-  - READ_PORT_ULONG
-  - HalSetBusDataByOffset
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2008-12-03 23:59:59'
-      Signature: 877870da4e5201205be079c98230c4fdb91996bd9100c3bdcdcdc6f40ed8fff94dc033623011c5f5741bd492de5f9c2013b17c45be50cd83e7801783a72793671346fbcab8984103cc9b515b058b7fa86ff31b501b242ef2698d6c22f7bbca1695ed0c74c06877d9eb996287c17390f889747a23aba3987b97b1f78f29714d2e751b4841daf0b50d2054d677a097826369fd09cf8af075bb099bd9f91155269a6132be7a02b07b86bea2c38b222c78d13576bc92735cf9b9e64c150a23cce4d2d4342e4940153c0f607a24c6a566ef96cf70eb3ee7f40d7edcd17ca3767169c19c4f47303521b1a2af1a623c2bd98eaa2a077bd818b35c7be29da56ffe3c89ad
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0de92bf0d4d82988183205095e9a7688
-      Version: 3
-      TBS:
-        MD5: 45c204b8a20f6abb0188d2d38a3fb0c9
-        SHA1: cdf3a3c5c2eda4c29621f30fd3154f9f8c765739
-        SHA256: e32839dddc0f4ed2474efaf37f59d46db400c700fd19533cb0895a111124bc77
-        SHA384: ee9c75832cb252218b3201619852209df490d2ef7a5f7a28afdb37f1c1dd56f4604898838e558f615b1c798d4a488223
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=TW, ST=Taiwan, L=Hsinchu, O=Realtek Semiconductor Corp, OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=RTCN, CN=Realtek Semiconductor
-        Corp
-      ValidFrom: '2006-05-20 00:00:00'
-      ValidTo: '2007-06-12 23:59:59'
-      Signature: bc3a69c57e45345a7cd678527d54cd8e4503514aa700e44bd47c4103dd810c1ed274eae1e2b7fec81837c7dd08bb2dd97994ecb77f03c7b839a395483a5f4b84b84435d836a5ec1f8fbc122d1049c4fd6d50957709611bd2c73606a116198aa5c3e1dd99369c2600113325dd16cc20d4b69b0ec465a11114888001a2375b115d6f4beb214875a52cee652f1dc4673cb69fa8721d07984a8befbe3873bcb7ec38cc30e18fc10e4b17843e5480ec6bd10805628efb6b17b9490c0b138aa9b3310829f8cc8c655be98e052c9e48c710362207eede03981c3fb91c63c02a1ae8ff5470ea3d5e278627fc000f935164bda45f7b8cba77eb5bc8fcb1d8fe10a404fea2
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 042f5c7333af1e4a87e231eccedb269e
-      Version: 3
-      TBS:
-        MD5: a8a4ba9fa58f073453b57664f7ebfc31
-        SHA1: 0fc0164d109c25e0dcdd95495085900e2fcd0f95
-        SHA256: 401d7f2783fa2d98821b6e47f1fb7aac1422cfa1c7621234b812a3c1e4b2d45d
-        SHA384: d89eaa06d7de2a3f6cb2292697070067e58dfca68fc2592738240e688505ace0e4b4331775babcf69b36d1a8a81a805d
-    Signer:
-    - SerialNumber: 042f5c7333af1e4a87e231eccedb269e
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: Windows (R) 2000 DDK provider
-  Date: ''
-  Description: Generic Port I/O
-  FileVersion: 5.00.2195.1620
-  Filename: ''
-  MD5: 782f165b1d2db23f78e82fee0127cc14
-  MachineType: I386
-  OriginalFilename: rtport.sys
-  Product: Windows (R) 2000 DDK driver
-  ProductVersion: 5.00.2195.1620
-  Publisher: ''
-  SHA1: 717669a1e2380cb61cc4e34618e118cc9cabbcd0
-  SHA256: 6f806a9de79ac2886613c20758546f7e9597db5a20744f7dd82d310b7d6457d0
-  Signature: ''
-  Imphash: 8b41eacbfbe5f5348579e27d30767e74
-  Authentihash:
-    MD5: 382653c2b7d28bcbdd8c7860c88a9feb
-    SHA1: 8013b3c978824417017d0e74b0c4bd412e49f330
-    SHA256: 7ffa770cebf9f3774388a3a26854bea5e63b498bc9be8b6e36faee0e3b8ccfa3
-  RichPEHeaderHash:
-    MD5: 72e6be525c0e5cfe3d35b914a5297b20
-    SHA1: 2ffd414097e1c5d7ff411de4282156dcc56debfb
-    SHA256: e751caf2de0700ea8773c18415cabbb9d1b29fe3766752813adea89d69d1cc75
-  Sections:
-    .text:
-      Entropy: 6.138937737987914
-      Virtual Size: '0x55b'
-    .rdata:
-      Entropy: 2.339209208802996
-      Virtual Size: '0xa4'
-    .data:
-      Entropy: -0.0
-      Virtual Size: '0x1'
-    INIT:
-      Entropy: 4.911897101597002
-      Virtual Size: '0x1be'
-    .rsrc:
-      Entropy: 3.4101388576278246
-      Virtual Size: '0x3b0'
-    .reloc:
-      Entropy: 3.686715655862542
-      Virtual Size: '0x62'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2002-04-22 10:54:09'
-  InternalName: rtport.sys
-  Copyright: Copyright (C) Microsoft Corp. 1981-1999
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - MmUnmapIoSpace
-  - IofCompleteRequest
-  - IoDeleteDevice
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - READ_PORT_UCHAR
-  - READ_PORT_USHORT
-  - HalSetBusData
-  - WRITE_PORT_ULONG
-  - WRITE_PORT_UCHAR
-  - HalGetBusData
-  - READ_PORT_ULONG
-  - WRITE_PORT_USHORT
-  Signatures: {}
-  LoadsDespiteHVCI: 'FALSE'
-- Company: Windows (R) 2003 DDK 3790 provider
-  Date: ''
-  Description: Generic Port I/O for Win64
-  FileVersion: 5.0.2195.1711
-  Filename: ''
-  MD5: 4ca0dba9e224473d664c25e411f5a3bd
-  MachineType: AMD64
-  OriginalFilename: rtport.sys
-  Product: Windows (R) 2003 DDK 3790 provider
-  ProductVersion: 5.0.2195.1711
-  Publisher: ''
-  SHA1: c22dc62e10378191840285814838fe9ed1af55d7
-  SHA256: 71423a66165782efb4db7be6ce48ddb463d9f65fd0f266d333a6558791d158e5
-  Signature: ''
-  Imphash: 0f3ddbe229201f6fa9a3dbbaf842a556
-  Authentihash:
-    MD5: 7712f7c4cc208b66d3cbc726b490b167
-    SHA1: c613b7797a6c1f31271f8f5dced8515d8e4f5732
-    SHA256: 489c02d8102fc401010793d7388b59dc944a2e77cf4179424015cd863701b19b
-  RichPEHeaderHash:
-    MD5: acf8ea66ce39d933aaa355fab4e53b92
-    SHA1: ffbe48da20152db08e7ee2c56005994d4ebb7c16
-    SHA256: 63f29b4cdfe8b5a4579f99f31fcdb035f104e7cc491c0330354b751d216fe338
-  Sections:
-    .text:
-      Entropy: 5.296431755002034
-      Virtual Size: '0xf56'
-    .rdata:
-      Entropy: 3.940422250794907
-      Virtual Size: '0x110'
-    .data:
-      Entropy: 0.0
-      Virtual Size: '0x10'
-    .pdata:
-      Entropy: 3.0907173430310837
-      Virtual Size: '0x54'
-    INIT:
-      Entropy: 4.27593242579279
-      Virtual Size: '0x1a2'
-    .rsrc:
-      Entropy: 3.419986029858509
-      Virtual Size: '0x450'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2005-08-01 03:36:00'
-  InternalName: rtport.sys
-  Copyright: Copyright (C) Microsoft Corp. 2005
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoCreateDevice
-  - RtlInitUnicodeString
-  - IofCompleteRequest
-  - RtlZeroMemory
-  - MmMapIoSpace
-  - IoDeleteSymbolicLink
-  - IoCreateSymbolicLink
-  - MmUnmapIoSpace
-  - IoDeleteDevice
-  - HalGetBusDataByOffset
-  - HalSetBusDataByOffset
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2008-12-03 23:59:59'
-      Signature: 877870da4e5201205be079c98230c4fdb91996bd9100c3bdcdcdc6f40ed8fff94dc033623011c5f5741bd492de5f9c2013b17c45be50cd83e7801783a72793671346fbcab8984103cc9b515b058b7fa86ff31b501b242ef2698d6c22f7bbca1695ed0c74c06877d9eb996287c17390f889747a23aba3987b97b1f78f29714d2e751b4841daf0b50d2054d677a097826369fd09cf8af075bb099bd9f91155269a6132be7a02b07b86bea2c38b222c78d13576bc92735cf9b9e64c150a23cce4d2d4342e4940153c0f607a24c6a566ef96cf70eb3ee7f40d7edcd17ca3767169c19c4f47303521b1a2af1a623c2bd98eaa2a077bd818b35c7be29da56ffe3c89ad
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0de92bf0d4d82988183205095e9a7688
-      Version: 3
-      TBS:
-        MD5: 45c204b8a20f6abb0188d2d38a3fb0c9
-        SHA1: cdf3a3c5c2eda4c29621f30fd3154f9f8c765739
-        SHA256: e32839dddc0f4ed2474efaf37f59d46db400c700fd19533cb0895a111124bc77
-        SHA384: ee9c75832cb252218b3201619852209df490d2ef7a5f7a28afdb37f1c1dd56f4604898838e558f615b1c798d4a488223
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=TW, ST=Taiwan, L=Hsinchu, O=Realtek Semiconductor Corp, OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=RTCN, CN=Realtek Semiconductor
-        Corp
-      ValidFrom: '2006-05-20 00:00:00'
-      ValidTo: '2007-06-12 23:59:59'
-      Signature: bc3a69c57e45345a7cd678527d54cd8e4503514aa700e44bd47c4103dd810c1ed274eae1e2b7fec81837c7dd08bb2dd97994ecb77f03c7b839a395483a5f4b84b84435d836a5ec1f8fbc122d1049c4fd6d50957709611bd2c73606a116198aa5c3e1dd99369c2600113325dd16cc20d4b69b0ec465a11114888001a2375b115d6f4beb214875a52cee652f1dc4673cb69fa8721d07984a8befbe3873bcb7ec38cc30e18fc10e4b17843e5480ec6bd10805628efb6b17b9490c0b138aa9b3310829f8cc8c655be98e052c9e48c710362207eede03981c3fb91c63c02a1ae8ff5470ea3d5e278627fc000f935164bda45f7b8cba77eb5bc8fcb1d8fe10a404fea2
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 042f5c7333af1e4a87e231eccedb269e
-      Version: 3
-      TBS:
-        MD5: a8a4ba9fa58f073453b57664f7ebfc31
-        SHA1: 0fc0164d109c25e0dcdd95495085900e2fcd0f95
-        SHA256: 401d7f2783fa2d98821b6e47f1fb7aac1422cfa1c7621234b812a3c1e4b2d45d
-        SHA384: d89eaa06d7de2a3f6cb2292697070067e58dfca68fc2592738240e688505ace0e4b4331775babcf69b36d1a8a81a805d
-    Signer:
-    - SerialNumber: 042f5c7333af1e4a87e231eccedb269e
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: Windows (R) 2003 DDK 3790 provider
-  Date: ''
-  Description: Generic Port I/O for Win64
-  FileVersion: 5.0.2195.1711
-  Filename: ''
-  MD5: 49832b4f726cdff825257bee33ad8451
-  MachineType: AMD64
-  OriginalFilename: rtport.sys
-  Product: Windows (R) 2003 DDK 3790 provider
-  ProductVersion: 5.0.2195.1711
-  Publisher: ''
-  SHA1: 1bd4ae9a406bf010e34cdd38e823f732972b18e3
-  SHA256: 8fe429c46fedbab8f06e5396056adabbb84a31efef7f9523eb745fc60144db65
-  Signature: ''
-  Imphash: 0f3ddbe229201f6fa9a3dbbaf842a556
-  Authentihash:
-    MD5: 7712f7c4cc208b66d3cbc726b490b167
-    SHA1: c613b7797a6c1f31271f8f5dced8515d8e4f5732
-    SHA256: 489c02d8102fc401010793d7388b59dc944a2e77cf4179424015cd863701b19b
-  RichPEHeaderHash:
-    MD5: acf8ea66ce39d933aaa355fab4e53b92
-    SHA1: ffbe48da20152db08e7ee2c56005994d4ebb7c16
-    SHA256: 63f29b4cdfe8b5a4579f99f31fcdb035f104e7cc491c0330354b751d216fe338
-  Sections:
-    .text:
-      Entropy: 5.296431755002034
-      Virtual Size: '0xf56'
-    .rdata:
-      Entropy: 3.940422250794907
-      Virtual Size: '0x110'
-    .data:
-      Entropy: 0.0
-      Virtual Size: '0x10'
-    .pdata:
-      Entropy: 3.0907173430310837
-      Virtual Size: '0x54'
-    INIT:
-      Entropy: 4.27593242579279
-      Virtual Size: '0x1a2'
-    .rsrc:
-      Entropy: 3.419986029858509
-      Virtual Size: '0x450'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2005-08-01 03:36:00'
-  InternalName: rtport.sys
-  Copyright: Copyright (C) Microsoft Corp. 2005
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoCreateDevice
-  - RtlInitUnicodeString
-  - IofCompleteRequest
-  - RtlZeroMemory
-  - MmMapIoSpace
-  - IoDeleteSymbolicLink
-  - IoCreateSymbolicLink
-  - MmUnmapIoSpace
-  - IoDeleteDevice
-  - HalGetBusDataByOffset
-  - HalSetBusDataByOffset
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-  LoadsDespiteHVCI: 'FALSE'
-- Company: Windows (R) 2000 DDK provider
-  Date: ''
-  Description: Generic Port I/O
-  FileVersion: 5.00.2195.1
-  Filename: ''
-  MD5: ab81264493c218a0e875a0d50104ac9f
-  MachineType: I386
-  OriginalFilename: rtport.sys
-  Product: Windows (R) 2000 DDK driver
-  ProductVersion: 5.00.2195.1
-  Publisher: ''
-  SHA1: f70989f8b17971f13d45ee537e4ce98e93acbbaf
-  SHA256: a29093d4d708185ba8be35709113fb42e402bbfbf2960d3e00fd7c759ef0b94e
-  Signature: ''
-  Imphash: 8d2a933d039e8b8134ef41236d5ea843
-  Authentihash:
-    MD5: 8f415388decb57f3221dd69cf468687a
-    SHA1: 87551544a5055b76b1fb2bb6fa45945df52e2cc6
-    SHA256: 362f4af90611ac14fc58a8a32b1e35f1b98a14fcec9a9a75a1eddf8cc16f66c6
-  RichPEHeaderHash:
-    MD5: c556eabb01acc563d3072cd12969940b
-    SHA1: 4cd47adc61202eb2ce67fbeceaa44d7b214fb761
-    SHA256: b504d7ea2fc4141ba8a6c1bebbf2087260ee56052ec6ff451ea655bd319b5cb4
-  Sections:
-    .text:
-      Entropy: 6.127973258441329
-      Virtual Size: '0x547'
-    .rdata:
-      Entropy: 2.4380962642117003
-      Virtual Size: '0xa4'
-    .data:
-      Entropy: -0.0
-      Virtual Size: '0x1'
-    INIT:
-      Entropy: 4.911897101597002
-      Virtual Size: '0x1be'
-    .rsrc:
-      Entropy: 3.387028874338483
-      Virtual Size: '0x3a0'
-    .reloc:
-      Entropy: 3.708569833924545
-      Virtual Size: '0x62'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2000-05-26 01:03:37'
-  InternalName: rtport.sys
-  Copyright: Copyright (C) Microsoft Corp. 1981-1999
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - MmUnmapIoSpace
-  - IofCompleteRequest
-  - IoDeleteDevice
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - READ_PORT_UCHAR
-  - READ_PORT_USHORT
-  - HalSetBusData
-  - WRITE_PORT_UCHAR
-  - WRITE_PORT_USHORT
-  - HalGetBusData
-  - READ_PORT_ULONG
-  - WRITE_PORT_ULONG
-  Signatures: {}
-  LoadsDespiteHVCI: 'FALSE'
-- Company: Windows (R) 2000 DDK provider
-  Date: ''
-  Description: Generic Port I/O
-  FileVersion: 5.00.2195.1
-  Filename: ''
-  MD5: bc71da7c055e3172226090ba5d8e2248
-  MachineType: I386
-  OriginalFilename: rtport.sys
-  Product: Windows (R) 2000 DDK driver
-  ProductVersion: 5.00.2195.1
-  Publisher: ''
-  SHA1: bfff0073c936b9a7e2ad6848deb6f9bf03205488
-  SHA256: c490d6c0844f59fdb4aa850a06e283fbf5e5b6ac20ff42ead03d549d8ae1c01b
-  Signature: ''
-  Imphash: 8d2a933d039e8b8134ef41236d5ea843
-  Authentihash:
-    MD5: 7e8bd7f1d0c46c78c21f8f2a0f7b4092
-    SHA1: 3ddcb2f0e68d279e60bfa51082d44d21d28c91b6
-    SHA256: fdd0aa05751b31f04b409f4d1ac8619a8c2a41869d1b8bcaa51457e712f11f0b
-  RichPEHeaderHash:
-    MD5: c556eabb01acc563d3072cd12969940b
-    SHA1: 4cd47adc61202eb2ce67fbeceaa44d7b214fb761
-    SHA256: b504d7ea2fc4141ba8a6c1bebbf2087260ee56052ec6ff451ea655bd319b5cb4
-  Sections:
-    .text:
-      Entropy: 6.127973258441329
-      Virtual Size: '0x547'
-    .rdata:
-      Entropy: 2.4380962642117003
-      Virtual Size: '0xa4'
-    .data:
-      Entropy: -0.0
-      Virtual Size: '0x1'
-    INIT:
-      Entropy: 4.911897101597002
-      Virtual Size: '0x1be'
-    .rsrc:
-      Entropy: 3.387028874338483
-      Virtual Size: '0x3a0'
-    .reloc:
-      Entropy: 3.708569833924545
-      Virtual Size: '0x62'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2000-05-26 01:03:37'
-  InternalName: rtport.sys
-  Copyright: Copyright (C) Microsoft Corp. 1981-1999
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - MmUnmapIoSpace
-  - IofCompleteRequest
-  - IoDeleteDevice
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - READ_PORT_UCHAR
-  - READ_PORT_USHORT
-  - HalSetBusData
-  - WRITE_PORT_UCHAR
-  - WRITE_PORT_USHORT
-  - HalGetBusData
-  - READ_PORT_ULONG
-  - WRITE_PORT_ULONG
-  Signatures: {}
-  LoadsDespiteHVCI: 'FALSE'
-- Company: Windows (R) 2000 DDK provider
-  Date: ''
-  Description: Generic Port I/O
-  FileVersion: 5.00.2195.1
-  Filename: ''
-  MD5: 843e39865b29bb3df825bd273f195a98
-  MachineType: I386
-  OriginalFilename: rtport.sys
-  Product: Windows (R) 2000 DDK driver
-  ProductVersion: 5.00.2195.1
-  Publisher: ''
-  SHA1: 3fd5cd30085450a509eaa6367af26f6c4b9741b6
-  SHA256: e3dbafce5ad2bf17446d0f853aeedf58cc25aa1080ab97e22375a1022d6acb16
-  Signature: ''
-  Imphash: 8d2a933d039e8b8134ef41236d5ea843
-  Authentihash:
-    MD5: deb8d3302a88ed7c4e7a2c75e4909bae
-    SHA1: e861de1aa3a4943d54dce1700d412db416b63066
-    SHA256: aad42128cbf258f4ccadcc5f4085910abd1c221fb7530af7fcaf6ab5ce8a5d15
-  RichPEHeaderHash:
-    MD5: c556eabb01acc563d3072cd12969940b
-    SHA1: 4cd47adc61202eb2ce67fbeceaa44d7b214fb761
-    SHA256: b504d7ea2fc4141ba8a6c1bebbf2087260ee56052ec6ff451ea655bd319b5cb4
-  Sections:
-    .text:
-      Entropy: 6.127973258441329
-      Virtual Size: '0x547'
-    .rdata:
-      Entropy: 2.4380962642117003
-      Virtual Size: '0xa4'
-    .data:
-      Entropy: -0.0
-      Virtual Size: '0x1'
-    INIT:
-      Entropy: 4.911897101597002
-      Virtual Size: '0x1be'
-    .rsrc:
-      Entropy: 3.387028874338483
-      Virtual Size: '0x3a0'
-    .reloc:
-      Entropy: 3.708569833924545
-      Virtual Size: '0x62'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2000-05-26 01:03:37'
-  InternalName: rtport.sys
-  Copyright: Copyright (C) Microsoft Corp. 1981-1999
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - MmUnmapIoSpace
-  - IofCompleteRequest
-  - IoDeleteDevice
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - READ_PORT_UCHAR
-  - READ_PORT_USHORT
-  - HalSetBusData
-  - WRITE_PORT_UCHAR
-  - WRITE_PORT_USHORT
-  - HalGetBusData
-  - READ_PORT_ULONG
-  - WRITE_PORT_ULONG
-  Signatures: {}
-  LoadsDespiteHVCI: 'FALSE'
-- Company: REALTEK Semiconductor Corp.
-  Date: ''
-  Description: REALTEK Port I/O
-  FileVersion: 1.0.01.0000
-  Filename: ''
-  MD5: 3c9f9c1b802f66cf03cbe82dec2bd454
-  MachineType: I386
-  OriginalFilename: RTPORT.SYS
-  Product: REALTEK Port I/O
-  ProductVersion: 1.0.01.0000
-  Publisher: ''
-  SHA1: 8b037d7a7cb612eabd8e20a9ce93afd92a6db2c2
-  SHA256: ff322cd0cc30976f9dbdb7a3681529aeab0de7b7f5c5763362b02c15da9657a1
-  Signature: ''
-  Imphash: 8b41eacbfbe5f5348579e27d30767e74
-  Authentihash:
-    MD5: f154c4ae8f1bb052fb78dcadb9874380
-    SHA1: b11dbcb6b7622051cc00352f973048e27e068f77
-    SHA256: b0c5425b6d3eb3f3a1b0c3f8ed81f9c3d9a7602874bea56784027f7fa9f77827
-  RichPEHeaderHash:
-    MD5: c556eabb01acc563d3072cd12969940b
-    SHA1: 4cd47adc61202eb2ce67fbeceaa44d7b214fb761
-    SHA256: b504d7ea2fc4141ba8a6c1bebbf2087260ee56052ec6ff451ea655bd319b5cb4
-  Sections:
-    .text:
-      Entropy: 6.119116084439144
-      Virtual Size: '0x553'
-    .rdata:
-      Entropy: 2.4380962642117003
-      Virtual Size: '0xa4'
-    .data:
-      Entropy: -0.0
-      Virtual Size: '0x1'
-    INIT:
-      Entropy: 4.911897101597002
-      Virtual Size: '0x1be'
-    .rsrc:
-      Entropy: 3.328665252524552
-      Virtual Size: '0x3a0'
-    .reloc:
-      Entropy: 3.732353824331908
-      Virtual Size: '0x64'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2001-03-08 18:15:23'
-  InternalName: RTPORT.SYS
-  Copyright: Copyright (c) 1999-2001 REALTEK Semiconductor Corp.
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - MmUnmapIoSpace
-  - IofCompleteRequest
-  - IoDeleteDevice
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - READ_PORT_UCHAR
-  - READ_PORT_USHORT
-  - HalSetBusData
-  - WRITE_PORT_ULONG
-  - WRITE_PORT_UCHAR
-  - HalGetBusData
-  - READ_PORT_ULONG
-  - WRITE_PORT_USHORT
-  Signatures: {}
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create rtportsys binPath= C:\windows\temp\rtportsys.sys type=kernel
+        && sc.exe start rtportsys
+    Description: The Carbon Black Threat Analysis Unit (TAU) discovered 34 unique
+        vulnerable drivers (237 file hashes) accepting firmware access. Six allow
+        kernel memory access. All give full control of the devices to non-admin users.
+        By exploiting the vulnerable drivers, an attacker without the system privilege
+        may erase/alter firmware, and/or elevate privileges. As of the time of writing
+        in October 2023, the filenames of the vulnerable drivers have not been made
+        public until now.
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://blogs.vmware.com/security/2023/10/hunting-vulnerable-kernel-drivers.html
-Tags:
-- rtport.sys
-Verified: 'TRUE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Company: Windows (R) 2003 DDK 3790 provider
+    Date: ''
+    Description: Generic Port I/O for Win32
+    FileVersion: 5.0.2195.1711
+    Filename: ''
+    MD5: 41ce6b172542a9a227e34a45881e1d2a
+    MachineType: I386
+    OriginalFilename: rtport.sys
+    Product: Windows (R) 2003 DDK 3790 provider
+    ProductVersion: 5.0.2195.1711
+    Publisher: ''
+    SHA1: dd2b90c9796237036ac7136a172d96274dea14c8
+    SHA256: 3c0a36990f7eef89b2d5f454b6452b6df1304609903f31f475502e4050241dd8
+    Signature: ''
+    Imphash: 87842ffa59724bda8389394bcaeb5d73
+    Authentihash:
+        MD5: cb185e6027fd0f1bf0e00657aea623a8
+        SHA1: f61d01c700cdd2ad50ae7fd5b1f017a216efb46d
+        SHA256: 31add0358eb679d7c10ac1622403a85891bf764154280a589e71ccd297fc7a16
+    RichPEHeaderHash:
+        MD5: a93b122801093616058ea4fb3bf99573
+        SHA1: f263bee2a167bc0377231b850db3301b1cd022c6
+        SHA256: 77b21b1ef7ae058833c017d1d662b39c455fa6e93f372476bb8fd80ced199c4a
+    Sections:
+        .text:
+            Entropy: 5.81057548117791
+            Virtual Size: '0xc5a'
+        .rdata:
+            Entropy: 4.310767375468368
+            Virtual Size: '0xd5'
+        .data:
+            Entropy: 0.9833557549816874
+            Virtual Size: '0x18'
+        INIT:
+            Entropy: 5.24695617711003
+            Virtual Size: '0x2ea'
+        .rsrc:
+            Entropy: 3.4164766974482492
+            Virtual Size: '0x450'
+        .reloc:
+            Entropy: 4.33595482765136
+            Virtual Size: '0xea'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2005-08-01 03:36:49'
+    InternalName: rtport.sys
+    Copyright: Copyright (C) Microsoft Corp. 2005
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - READ_REGISTER_USHORT
+    - READ_REGISTER_UCHAR
+    - WRITE_REGISTER_ULONG
+    - WRITE_REGISTER_USHORT
+    - READ_REGISTER_ULONG
+    - IoDeleteSymbolicLink
+    - KeTickCount
+    - KeBugCheckEx
+    - MmMapIoSpace
+    - MmUnmapIoSpace
+    - IofCompleteRequest
+    - RtlInitUnicodeString
+    - IoCreateDevice
+    - memset
+    - IoCreateSymbolicLink
+    - WRITE_REGISTER_UCHAR
+    - IoDeleteDevice
+    - WRITE_PORT_UCHAR
+    - WRITE_PORT_USHORT
+    - WRITE_PORT_ULONG
+    - HalGetBusDataByOffset
+    - READ_PORT_UCHAR
+    - READ_PORT_USHORT
+    - READ_PORT_ULONG
+    - HalSetBusDataByOffset
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2008-12-03 23:59:59'
+            Signature: 877870da4e5201205be079c98230c4fdb91996bd9100c3bdcdcdc6f40ed8fff94dc033623011c5f5741bd492de5f9c2013b17c45be50cd83e7801783a72793671346fbcab8984103cc9b515b058b7fa86ff31b501b242ef2698d6c22f7bbca1695ed0c74c06877d9eb996287c17390f889747a23aba3987b97b1f78f29714d2e751b4841daf0b50d2054d677a097826369fd09cf8af075bb099bd9f91155269a6132be7a02b07b86bea2c38b222c78d13576bc92735cf9b9e64c150a23cce4d2d4342e4940153c0f607a24c6a566ef96cf70eb3ee7f40d7edcd17ca3767169c19c4f47303521b1a2af1a623c2bd98eaa2a077bd818b35c7be29da56ffe3c89ad
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0de92bf0d4d82988183205095e9a7688
+            Version: 3
+            TBS:
+                MD5: 45c204b8a20f6abb0188d2d38a3fb0c9
+                SHA1: cdf3a3c5c2eda4c29621f30fd3154f9f8c765739
+                SHA256: e32839dddc0f4ed2474efaf37f59d46db400c700fd19533cb0895a111124bc77
+                SHA384: ee9c75832cb252218b3201619852209df490d2ef7a5f7a28afdb37f1c1dd56f4604898838e558f615b1c798d4a488223
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=TW, ST=Taiwan, L=Hsinchu, O=Realtek Semiconductor Corp, OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, OU=RTCN, CN=Realtek
+                Semiconductor Corp
+            ValidFrom: '2006-05-20 00:00:00'
+            ValidTo: '2007-06-12 23:59:59'
+            Signature: bc3a69c57e45345a7cd678527d54cd8e4503514aa700e44bd47c4103dd810c1ed274eae1e2b7fec81837c7dd08bb2dd97994ecb77f03c7b839a395483a5f4b84b84435d836a5ec1f8fbc122d1049c4fd6d50957709611bd2c73606a116198aa5c3e1dd99369c2600113325dd16cc20d4b69b0ec465a11114888001a2375b115d6f4beb214875a52cee652f1dc4673cb69fa8721d07984a8befbe3873bcb7ec38cc30e18fc10e4b17843e5480ec6bd10805628efb6b17b9490c0b138aa9b3310829f8cc8c655be98e052c9e48c710362207eede03981c3fb91c63c02a1ae8ff5470ea3d5e278627fc000f935164bda45f7b8cba77eb5bc8fcb1d8fe10a404fea2
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 042f5c7333af1e4a87e231eccedb269e
+            Version: 3
+            TBS:
+                MD5: a8a4ba9fa58f073453b57664f7ebfc31
+                SHA1: 0fc0164d109c25e0dcdd95495085900e2fcd0f95
+                SHA256: 401d7f2783fa2d98821b6e47f1fb7aac1422cfa1c7621234b812a3c1e4b2d45d
+                SHA384: d89eaa06d7de2a3f6cb2292697070067e58dfca68fc2592738240e688505ace0e4b4331775babcf69b36d1a8a81a805d
+        Signer:
+        -   SerialNumber: 042f5c7333af1e4a87e231eccedb269e
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: Windows (R) 2000 DDK provider
+    Date: ''
+    Description: Generic Port I/O
+    FileVersion: 5.00.2195.1620
+    Filename: ''
+    MD5: 782f165b1d2db23f78e82fee0127cc14
+    MachineType: I386
+    OriginalFilename: rtport.sys
+    Product: Windows (R) 2000 DDK driver
+    ProductVersion: 5.00.2195.1620
+    Publisher: ''
+    SHA1: 717669a1e2380cb61cc4e34618e118cc9cabbcd0
+    SHA256: 6f806a9de79ac2886613c20758546f7e9597db5a20744f7dd82d310b7d6457d0
+    Signature: ''
+    Imphash: 8b41eacbfbe5f5348579e27d30767e74
+    Authentihash:
+        MD5: 382653c2b7d28bcbdd8c7860c88a9feb
+        SHA1: 8013b3c978824417017d0e74b0c4bd412e49f330
+        SHA256: 7ffa770cebf9f3774388a3a26854bea5e63b498bc9be8b6e36faee0e3b8ccfa3
+    RichPEHeaderHash:
+        MD5: 72e6be525c0e5cfe3d35b914a5297b20
+        SHA1: 2ffd414097e1c5d7ff411de4282156dcc56debfb
+        SHA256: e751caf2de0700ea8773c18415cabbb9d1b29fe3766752813adea89d69d1cc75
+    Sections:
+        .text:
+            Entropy: 6.138937737987914
+            Virtual Size: '0x55b'
+        .rdata:
+            Entropy: 2.339209208802996
+            Virtual Size: '0xa4'
+        .data:
+            Entropy: -0.0
+            Virtual Size: '0x1'
+        INIT:
+            Entropy: 4.911897101597002
+            Virtual Size: '0x1be'
+        .rsrc:
+            Entropy: 3.4101388576278246
+            Virtual Size: '0x3b0'
+        .reloc:
+            Entropy: 3.686715655862542
+            Virtual Size: '0x62'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2002-04-22 10:54:09'
+    InternalName: rtport.sys
+    Copyright: Copyright (C) Microsoft Corp. 1981-1999
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - MmUnmapIoSpace
+    - IofCompleteRequest
+    - IoDeleteDevice
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - READ_PORT_UCHAR
+    - READ_PORT_USHORT
+    - HalSetBusData
+    - WRITE_PORT_ULONG
+    - WRITE_PORT_UCHAR
+    - HalGetBusData
+    - READ_PORT_ULONG
+    - WRITE_PORT_USHORT
+    Signatures: {}
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: Windows (R) 2003 DDK 3790 provider
+    Date: ''
+    Description: Generic Port I/O for Win64
+    FileVersion: 5.0.2195.1711
+    Filename: ''
+    MD5: 4ca0dba9e224473d664c25e411f5a3bd
+    MachineType: AMD64
+    OriginalFilename: rtport.sys
+    Product: Windows (R) 2003 DDK 3790 provider
+    ProductVersion: 5.0.2195.1711
+    Publisher: ''
+    SHA1: c22dc62e10378191840285814838fe9ed1af55d7
+    SHA256: 71423a66165782efb4db7be6ce48ddb463d9f65fd0f266d333a6558791d158e5
+    Signature: ''
+    Imphash: 0f3ddbe229201f6fa9a3dbbaf842a556
+    Authentihash:
+        MD5: 7712f7c4cc208b66d3cbc726b490b167
+        SHA1: c613b7797a6c1f31271f8f5dced8515d8e4f5732
+        SHA256: 489c02d8102fc401010793d7388b59dc944a2e77cf4179424015cd863701b19b
+    RichPEHeaderHash:
+        MD5: acf8ea66ce39d933aaa355fab4e53b92
+        SHA1: ffbe48da20152db08e7ee2c56005994d4ebb7c16
+        SHA256: 63f29b4cdfe8b5a4579f99f31fcdb035f104e7cc491c0330354b751d216fe338
+    Sections:
+        .text:
+            Entropy: 5.296431755002034
+            Virtual Size: '0xf56'
+        .rdata:
+            Entropy: 3.940422250794907
+            Virtual Size: '0x110'
+        .data:
+            Entropy: 0.0
+            Virtual Size: '0x10'
+        .pdata:
+            Entropy: 3.0907173430310837
+            Virtual Size: '0x54'
+        INIT:
+            Entropy: 4.27593242579279
+            Virtual Size: '0x1a2'
+        .rsrc:
+            Entropy: 3.419986029858509
+            Virtual Size: '0x450'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2005-08-01 03:36:00'
+    InternalName: rtport.sys
+    Copyright: Copyright (C) Microsoft Corp. 2005
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoCreateDevice
+    - RtlInitUnicodeString
+    - IofCompleteRequest
+    - RtlZeroMemory
+    - MmMapIoSpace
+    - IoDeleteSymbolicLink
+    - IoCreateSymbolicLink
+    - MmUnmapIoSpace
+    - IoDeleteDevice
+    - HalGetBusDataByOffset
+    - HalSetBusDataByOffset
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2008-12-03 23:59:59'
+            Signature: 877870da4e5201205be079c98230c4fdb91996bd9100c3bdcdcdc6f40ed8fff94dc033623011c5f5741bd492de5f9c2013b17c45be50cd83e7801783a72793671346fbcab8984103cc9b515b058b7fa86ff31b501b242ef2698d6c22f7bbca1695ed0c74c06877d9eb996287c17390f889747a23aba3987b97b1f78f29714d2e751b4841daf0b50d2054d677a097826369fd09cf8af075bb099bd9f91155269a6132be7a02b07b86bea2c38b222c78d13576bc92735cf9b9e64c150a23cce4d2d4342e4940153c0f607a24c6a566ef96cf70eb3ee7f40d7edcd17ca3767169c19c4f47303521b1a2af1a623c2bd98eaa2a077bd818b35c7be29da56ffe3c89ad
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0de92bf0d4d82988183205095e9a7688
+            Version: 3
+            TBS:
+                MD5: 45c204b8a20f6abb0188d2d38a3fb0c9
+                SHA1: cdf3a3c5c2eda4c29621f30fd3154f9f8c765739
+                SHA256: e32839dddc0f4ed2474efaf37f59d46db400c700fd19533cb0895a111124bc77
+                SHA384: ee9c75832cb252218b3201619852209df490d2ef7a5f7a28afdb37f1c1dd56f4604898838e558f615b1c798d4a488223
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=TW, ST=Taiwan, L=Hsinchu, O=Realtek Semiconductor Corp, OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, OU=RTCN, CN=Realtek
+                Semiconductor Corp
+            ValidFrom: '2006-05-20 00:00:00'
+            ValidTo: '2007-06-12 23:59:59'
+            Signature: bc3a69c57e45345a7cd678527d54cd8e4503514aa700e44bd47c4103dd810c1ed274eae1e2b7fec81837c7dd08bb2dd97994ecb77f03c7b839a395483a5f4b84b84435d836a5ec1f8fbc122d1049c4fd6d50957709611bd2c73606a116198aa5c3e1dd99369c2600113325dd16cc20d4b69b0ec465a11114888001a2375b115d6f4beb214875a52cee652f1dc4673cb69fa8721d07984a8befbe3873bcb7ec38cc30e18fc10e4b17843e5480ec6bd10805628efb6b17b9490c0b138aa9b3310829f8cc8c655be98e052c9e48c710362207eede03981c3fb91c63c02a1ae8ff5470ea3d5e278627fc000f935164bda45f7b8cba77eb5bc8fcb1d8fe10a404fea2
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 042f5c7333af1e4a87e231eccedb269e
+            Version: 3
+            TBS:
+                MD5: a8a4ba9fa58f073453b57664f7ebfc31
+                SHA1: 0fc0164d109c25e0dcdd95495085900e2fcd0f95
+                SHA256: 401d7f2783fa2d98821b6e47f1fb7aac1422cfa1c7621234b812a3c1e4b2d45d
+                SHA384: d89eaa06d7de2a3f6cb2292697070067e58dfca68fc2592738240e688505ace0e4b4331775babcf69b36d1a8a81a805d
+        Signer:
+        -   SerialNumber: 042f5c7333af1e4a87e231eccedb269e
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: Windows (R) 2003 DDK 3790 provider
+    Date: ''
+    Description: Generic Port I/O for Win64
+    FileVersion: 5.0.2195.1711
+    Filename: ''
+    MD5: 49832b4f726cdff825257bee33ad8451
+    MachineType: AMD64
+    OriginalFilename: rtport.sys
+    Product: Windows (R) 2003 DDK 3790 provider
+    ProductVersion: 5.0.2195.1711
+    Publisher: ''
+    SHA1: 1bd4ae9a406bf010e34cdd38e823f732972b18e3
+    SHA256: 8fe429c46fedbab8f06e5396056adabbb84a31efef7f9523eb745fc60144db65
+    Signature: ''
+    Imphash: 0f3ddbe229201f6fa9a3dbbaf842a556
+    Authentihash:
+        MD5: 7712f7c4cc208b66d3cbc726b490b167
+        SHA1: c613b7797a6c1f31271f8f5dced8515d8e4f5732
+        SHA256: 489c02d8102fc401010793d7388b59dc944a2e77cf4179424015cd863701b19b
+    RichPEHeaderHash:
+        MD5: acf8ea66ce39d933aaa355fab4e53b92
+        SHA1: ffbe48da20152db08e7ee2c56005994d4ebb7c16
+        SHA256: 63f29b4cdfe8b5a4579f99f31fcdb035f104e7cc491c0330354b751d216fe338
+    Sections:
+        .text:
+            Entropy: 5.296431755002034
+            Virtual Size: '0xf56'
+        .rdata:
+            Entropy: 3.940422250794907
+            Virtual Size: '0x110'
+        .data:
+            Entropy: 0.0
+            Virtual Size: '0x10'
+        .pdata:
+            Entropy: 3.0907173430310837
+            Virtual Size: '0x54'
+        INIT:
+            Entropy: 4.27593242579279
+            Virtual Size: '0x1a2'
+        .rsrc:
+            Entropy: 3.419986029858509
+            Virtual Size: '0x450'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2005-08-01 03:36:00'
+    InternalName: rtport.sys
+    Copyright: Copyright (C) Microsoft Corp. 2005
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoCreateDevice
+    - RtlInitUnicodeString
+    - IofCompleteRequest
+    - RtlZeroMemory
+    - MmMapIoSpace
+    - IoDeleteSymbolicLink
+    - IoCreateSymbolicLink
+    - MmUnmapIoSpace
+    - IoDeleteDevice
+    - HalGetBusDataByOffset
+    - HalSetBusDataByOffset
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: Windows (R) 2000 DDK provider
+    Date: ''
+    Description: Generic Port I/O
+    FileVersion: 5.00.2195.1
+    Filename: ''
+    MD5: ab81264493c218a0e875a0d50104ac9f
+    MachineType: I386
+    OriginalFilename: rtport.sys
+    Product: Windows (R) 2000 DDK driver
+    ProductVersion: 5.00.2195.1
+    Publisher: ''
+    SHA1: f70989f8b17971f13d45ee537e4ce98e93acbbaf
+    SHA256: a29093d4d708185ba8be35709113fb42e402bbfbf2960d3e00fd7c759ef0b94e
+    Signature: ''
+    Imphash: 8d2a933d039e8b8134ef41236d5ea843
+    Authentihash:
+        MD5: 8f415388decb57f3221dd69cf468687a
+        SHA1: 87551544a5055b76b1fb2bb6fa45945df52e2cc6
+        SHA256: 362f4af90611ac14fc58a8a32b1e35f1b98a14fcec9a9a75a1eddf8cc16f66c6
+    RichPEHeaderHash:
+        MD5: c556eabb01acc563d3072cd12969940b
+        SHA1: 4cd47adc61202eb2ce67fbeceaa44d7b214fb761
+        SHA256: b504d7ea2fc4141ba8a6c1bebbf2087260ee56052ec6ff451ea655bd319b5cb4
+    Sections:
+        .text:
+            Entropy: 6.127973258441329
+            Virtual Size: '0x547'
+        .rdata:
+            Entropy: 2.4380962642117003
+            Virtual Size: '0xa4'
+        .data:
+            Entropy: -0.0
+            Virtual Size: '0x1'
+        INIT:
+            Entropy: 4.911897101597002
+            Virtual Size: '0x1be'
+        .rsrc:
+            Entropy: 3.387028874338483
+            Virtual Size: '0x3a0'
+        .reloc:
+            Entropy: 3.708569833924545
+            Virtual Size: '0x62'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2000-05-26 01:03:37'
+    InternalName: rtport.sys
+    Copyright: Copyright (C) Microsoft Corp. 1981-1999
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - MmUnmapIoSpace
+    - IofCompleteRequest
+    - IoDeleteDevice
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - READ_PORT_UCHAR
+    - READ_PORT_USHORT
+    - HalSetBusData
+    - WRITE_PORT_UCHAR
+    - WRITE_PORT_USHORT
+    - HalGetBusData
+    - READ_PORT_ULONG
+    - WRITE_PORT_ULONG
+    Signatures: {}
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: Windows (R) 2000 DDK provider
+    Date: ''
+    Description: Generic Port I/O
+    FileVersion: 5.00.2195.1
+    Filename: ''
+    MD5: bc71da7c055e3172226090ba5d8e2248
+    MachineType: I386
+    OriginalFilename: rtport.sys
+    Product: Windows (R) 2000 DDK driver
+    ProductVersion: 5.00.2195.1
+    Publisher: ''
+    SHA1: bfff0073c936b9a7e2ad6848deb6f9bf03205488
+    SHA256: c490d6c0844f59fdb4aa850a06e283fbf5e5b6ac20ff42ead03d549d8ae1c01b
+    Signature: ''
+    Imphash: 8d2a933d039e8b8134ef41236d5ea843
+    Authentihash:
+        MD5: 7e8bd7f1d0c46c78c21f8f2a0f7b4092
+        SHA1: 3ddcb2f0e68d279e60bfa51082d44d21d28c91b6
+        SHA256: fdd0aa05751b31f04b409f4d1ac8619a8c2a41869d1b8bcaa51457e712f11f0b
+    RichPEHeaderHash:
+        MD5: c556eabb01acc563d3072cd12969940b
+        SHA1: 4cd47adc61202eb2ce67fbeceaa44d7b214fb761
+        SHA256: b504d7ea2fc4141ba8a6c1bebbf2087260ee56052ec6ff451ea655bd319b5cb4
+    Sections:
+        .text:
+            Entropy: 6.127973258441329
+            Virtual Size: '0x547'
+        .rdata:
+            Entropy: 2.4380962642117003
+            Virtual Size: '0xa4'
+        .data:
+            Entropy: -0.0
+            Virtual Size: '0x1'
+        INIT:
+            Entropy: 4.911897101597002
+            Virtual Size: '0x1be'
+        .rsrc:
+            Entropy: 3.387028874338483
+            Virtual Size: '0x3a0'
+        .reloc:
+            Entropy: 3.708569833924545
+            Virtual Size: '0x62'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2000-05-26 01:03:37'
+    InternalName: rtport.sys
+    Copyright: Copyright (C) Microsoft Corp. 1981-1999
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - MmUnmapIoSpace
+    - IofCompleteRequest
+    - IoDeleteDevice
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - READ_PORT_UCHAR
+    - READ_PORT_USHORT
+    - HalSetBusData
+    - WRITE_PORT_UCHAR
+    - WRITE_PORT_USHORT
+    - HalGetBusData
+    - READ_PORT_ULONG
+    - WRITE_PORT_ULONG
+    Signatures: {}
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: Windows (R) 2000 DDK provider
+    Date: ''
+    Description: Generic Port I/O
+    FileVersion: 5.00.2195.1
+    Filename: ''
+    MD5: 843e39865b29bb3df825bd273f195a98
+    MachineType: I386
+    OriginalFilename: rtport.sys
+    Product: Windows (R) 2000 DDK driver
+    ProductVersion: 5.00.2195.1
+    Publisher: ''
+    SHA1: 3fd5cd30085450a509eaa6367af26f6c4b9741b6
+    SHA256: e3dbafce5ad2bf17446d0f853aeedf58cc25aa1080ab97e22375a1022d6acb16
+    Signature: ''
+    Imphash: 8d2a933d039e8b8134ef41236d5ea843
+    Authentihash:
+        MD5: deb8d3302a88ed7c4e7a2c75e4909bae
+        SHA1: e861de1aa3a4943d54dce1700d412db416b63066
+        SHA256: aad42128cbf258f4ccadcc5f4085910abd1c221fb7530af7fcaf6ab5ce8a5d15
+    RichPEHeaderHash:
+        MD5: c556eabb01acc563d3072cd12969940b
+        SHA1: 4cd47adc61202eb2ce67fbeceaa44d7b214fb761
+        SHA256: b504d7ea2fc4141ba8a6c1bebbf2087260ee56052ec6ff451ea655bd319b5cb4
+    Sections:
+        .text:
+            Entropy: 6.127973258441329
+            Virtual Size: '0x547'
+        .rdata:
+            Entropy: 2.4380962642117003
+            Virtual Size: '0xa4'
+        .data:
+            Entropy: -0.0
+            Virtual Size: '0x1'
+        INIT:
+            Entropy: 4.911897101597002
+            Virtual Size: '0x1be'
+        .rsrc:
+            Entropy: 3.387028874338483
+            Virtual Size: '0x3a0'
+        .reloc:
+            Entropy: 3.708569833924545
+            Virtual Size: '0x62'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2000-05-26 01:03:37'
+    InternalName: rtport.sys
+    Copyright: Copyright (C) Microsoft Corp. 1981-1999
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - MmUnmapIoSpace
+    - IofCompleteRequest
+    - IoDeleteDevice
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - READ_PORT_UCHAR
+    - READ_PORT_USHORT
+    - HalSetBusData
+    - WRITE_PORT_UCHAR
+    - WRITE_PORT_USHORT
+    - HalGetBusData
+    - READ_PORT_ULONG
+    - WRITE_PORT_ULONG
+    Signatures: {}
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: REALTEK Semiconductor Corp.
+    Date: ''
+    Description: REALTEK Port I/O
+    FileVersion: 1.0.01.0000
+    Filename: ''
+    MD5: 3c9f9c1b802f66cf03cbe82dec2bd454
+    MachineType: I386
+    OriginalFilename: RTPORT.SYS
+    Product: REALTEK Port I/O
+    ProductVersion: 1.0.01.0000
+    Publisher: ''
+    SHA1: 8b037d7a7cb612eabd8e20a9ce93afd92a6db2c2
+    SHA256: ff322cd0cc30976f9dbdb7a3681529aeab0de7b7f5c5763362b02c15da9657a1
+    Signature: ''
+    Imphash: 8b41eacbfbe5f5348579e27d30767e74
+    Authentihash:
+        MD5: f154c4ae8f1bb052fb78dcadb9874380
+        SHA1: b11dbcb6b7622051cc00352f973048e27e068f77
+        SHA256: b0c5425b6d3eb3f3a1b0c3f8ed81f9c3d9a7602874bea56784027f7fa9f77827
+    RichPEHeaderHash:
+        MD5: c556eabb01acc563d3072cd12969940b
+        SHA1: 4cd47adc61202eb2ce67fbeceaa44d7b214fb761
+        SHA256: b504d7ea2fc4141ba8a6c1bebbf2087260ee56052ec6ff451ea655bd319b5cb4
+    Sections:
+        .text:
+            Entropy: 6.119116084439144
+            Virtual Size: '0x553'
+        .rdata:
+            Entropy: 2.4380962642117003
+            Virtual Size: '0xa4'
+        .data:
+            Entropy: -0.0
+            Virtual Size: '0x1'
+        INIT:
+            Entropy: 4.911897101597002
+            Virtual Size: '0x1be'
+        .rsrc:
+            Entropy: 3.328665252524552
+            Virtual Size: '0x3a0'
+        .reloc:
+            Entropy: 3.732353824331908
+            Virtual Size: '0x64'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2001-03-08 18:15:23'
+    InternalName: RTPORT.SYS
+    Copyright: Copyright (c) 1999-2001 REALTEK Semiconductor Corp.
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - MmUnmapIoSpace
+    - IofCompleteRequest
+    - IoDeleteDevice
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - READ_PORT_UCHAR
+    - READ_PORT_USHORT
+    - HalSetBusData
+    - WRITE_PORT_ULONG
+    - WRITE_PORT_UCHAR
+    - HalGetBusData
+    - READ_PORT_ULONG
+    - WRITE_PORT_USHORT
+    Signatures: {}
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/8ff4ab50-05b7-4bfa-b994-1920c4ed4978.yaml b/yaml/8ff4ab50-05b7-4bfa-b994-1920c4ed4978.yaml
index 15416bc19..860ca51d5 100644
--- a/yaml/8ff4ab50-05b7-4bfa-b994-1920c4ed4978.yaml
+++ b/yaml/8ff4ab50-05b7-4bfa-b994-1920c4ed4978.yaml
@@ -1,257 +1,259 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 8ff4ab50-05b7-4bfa-b994-1920c4ed4978
+Tags:
+- ncpl.sys
+Verified: 'TRUE'
 Author: Michael Haag
+Created: '2023-01-09'
+MitreID: T1068
 CVE:
 - CVE-2013-3956
 Category: vulnerable driver
 Commands:
-  Command: sc.exe create ncpl.sys binPath=C:\windows\temp \n \n \n  cpl.sys type=kernel
-    && sc.exe start ncpl.sys
-  Description: ncpl.sys is a vulnerable driver. CVE-2013-3956.
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
-Created: '2023-01-09'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/6c7120e40fc850e4715058b233f5ad4527d1084a909114fd6a36b7b7573c4a44.yara
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: 8ff4ab50-05b7-4bfa-b994-1920c4ed4978
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: f3387f3cdaec9306dcc5205eebaf3faf
-    SHA1: eecf71aa5767c90ead5f86f5438951f4c764b655
-    SHA256: 7b68763c39b45534854ec382434fd5a9640942c1f7393857af642ee327d4c570
-  Company: Novell, Inc.
-  Copyright: (C) Copyright 2000-2013, Novell, Inc. All Rights Reserved.
-  CreationTimestamp: '2013-01-15 23:20:00'
-  Date: ''
-  Description: Novell Client Portability Layer
-  ExportedFunctions:
-  - DllGetClassObject
-  - XTCOM_Table
-  FileVersion: 3.1.11.0
-  Filename: ncpl.sys
-  ImportedFunctions:
-  - KeWaitForSingleObject
-  - ExAllocatePoolWithTag
-  - ZwCreateKey
-  - ExFreePoolWithTag
-  - ExReleaseFastMutex
-  - ExAcquireFastMutex
-  - RtlInitUnicodeString
-  - ZwSetValueKey
-  - ZwQueryValueKey
-  - ZwEnumerateValueKey
-  - ZwClose
-  - RtlAppendUnicodeStringToString
-  - RtlCopyUnicodeString
-  - ZwDeleteKey
-  - ZwEnumerateKey
-  - ZwOpenKey
-  - DbgPrintEx
-  - RtlUpcaseUnicodeString
-  - RtlAnsiStringToUnicodeString
-  - RtlUnicodeStringToAnsiString
-  - RtlUnicodeStringToOemString
-  - RtlFreeUnicodeString
-  - RtlOemStringToUnicodeString
-  - RtlFreeAnsiString
-  - DbgPrint
-  - KeReleaseSpinLock
-  - KeAcquireSpinLockRaiseToDpc
-  - RtlIntegerToUnicodeString
-  - RtlAppendUnicodeToString
-  - RtlInitString
-  - RtlEqualUnicodeString
-  - RtlCompareString
-  - RtlCopyString
-  - KeReleaseMutex
-  - RtlEqualString
-  - RtlUnicodeStringToInteger
-  - ExAcquireResourceExclusiveLite
-  - KeResetEvent
-  - KeInitializeMutex
-  - KeLeaveCriticalRegion
-  - KeSetEvent
-  - ExIsResourceAcquiredSharedLite
-  - ExIsResourceAcquiredExclusiveLite
-  - KeEnterCriticalRegion
-  - ExAcquireResourceSharedLite
-  - ExReleaseResourceLite
-  - ExDeleteResourceLite
-  - ExInitializeResourceLite
-  - KeWaitForMultipleObjects
-  - KeSetPriorityThread
-  - IoDeleteDevice
-  - IoCreateDevice
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - RtlCompareMemory
-  - IoUninitializeWorkItem
-  - IoFreeWorkItem
-  - KeInitializeDpc
-  - KeInitializeTimer
-  - KeDelayExecutionThread
-  - IoAllocateWorkItem
-  - KeSetTimer
-  - IoInitializeWorkItem
-  - IoQueueWorkItem
-  - KeCancelTimer
-  - KeBugCheckEx
-  - RtlCompareUnicodeString
-  - KeInitializeEvent
-  - NicmCreateInstance
-  Imports:
-  - ntoskrnl.exe
-  - nicm.sys
-  InternalName: ''
-  MD5: a26e600652c33dd054731b4693bf5b01
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: NICM.SYS
-  Product: Novell XTier
-  ProductVersion: 3.1.11
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 69be7d6bc33a7ee9619315180123bd46
-    SHA1: 7ee6731a37901780d7908fc3fad4474835f832bf
-    SHA256: 14ccd7b6557e31d8e57079e70c05cb15da8336c7380554b9b40f44840989f524
-  SHA1: bbc1e5fd826961d93b76abd161314cb3592c4436
-  SHA256: 6c7120e40fc850e4715058b233f5ad4527d1084a909114fd6a36b7b7573c4a44
-  Sections:
-    .text:
-      Entropy: 6.282178701948502
-      Virtual Size: '0x7bef'
-    .rdata:
-      Entropy: 4.695628681469371
-      Virtual Size: '0x7dc'
-    .data:
-      Entropy: 2.3749984963543618
-      Virtual Size: '0x8c8'
-    .pdata:
-      Entropy: 4.376596538087973
-      Virtual Size: '0x5d0'
-    .edata:
-      Entropy: 3.9914754428646444
-      Virtual Size: '0x63'
-    INIT:
-      Entropy: 5.215237124572024
-      Virtual Size: '0x976'
-    .rsrc:
-      Entropy: 3.2836822710764215
-      Virtual Size: '0x360'
-    .reloc:
-      Entropy: 3.6567400216610486
-      Virtual Size: '0x160'
-  Signature:
-  - Novell, Inc.
-  - VeriSign Class 3 Code Signing 2009-2 CA
-  - VeriSign Class 3 Public Primary CA
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, OU=Novell Products Group, CN=Novell, Inc.
-      ValidFrom: '2010-04-03 00:00:00'
-      ValidTo: '2013-04-26 23:59:59'
-      Signature: 2d2eec4636a0c1f359ef30a107e6c2301ad12c09ab9fdac02211aaef81323d1daee3a14a150bf9f4c7d0d788d5f486ea75e40abeb502a2267171be53030fe7614af7a2015eabd4c26e887ec9220beb3666fc68158d2b8dd659e3fe55245821c10e37ddeebac63eb1848512c64a543a13ba6735b156c6dc13395890e8003e03e7c2613e2c1de1dfadfe072cd7655e3b4166fe973233b4f81ecf810541382d67c92f29d76e220543a7179b606011b932cee250f99f260b29e79236cec10b67e0e0e48cb74593a7ce2e3cfafb6c58ac7ae5c10a591037c380b5f7516cac8f4ec695b020ca2445cb9bf97eb56c09d4a62618871b482ef97c5894349e10f62e2ee68b
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 41ec87c0295f2c734169b8a23c66ac9a
-      Version: 3
-      TBS:
-        MD5: b1504f143b89a6080710bafcededb833
-        SHA1: 5c2696893ebba1e81d918a4fadda143c25c77286
-        SHA256: ae1dc09d08e93ace95fe203adfbfadcd4c029529d3f99ab381c368064b58d9a0
-        SHA384: 18c6db711578cfcd4bce87c63d053e242c7c196efc892c2d4a8733cb75bb7dc3cac3f702e0e1d4b7fa2c590acb53fdee
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 41ec87c0295f2c734169b8a23c66ac9a
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  Imphash: 8ec78cf864273fd81203678b61c41f04
-  LoadsDespiteHVCI: 'FALSE'
-MitreID: T1068
+    Command: sc.exe create ncpl.sys binPath=C:\windows\temp \n \n \n  cpl.sys type=kernel
+        && sc.exe start ncpl.sys
+    Description: ncpl.sys is a vulnerable driver. CVE-2013-3956.
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://github.com/jbaines-r7/dellicious
 - https://www.rapid7.com/blog/post/2021/12/13/driver-based-attacks-past-and-present/
-Tags:
-- ncpl.sys
-Verified: 'TRUE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/6c7120e40fc850e4715058b233f5ad4527d1084a909114fd6a36b7b7573c4a44.yara
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: f3387f3cdaec9306dcc5205eebaf3faf
+        SHA1: eecf71aa5767c90ead5f86f5438951f4c764b655
+        SHA256: 7b68763c39b45534854ec382434fd5a9640942c1f7393857af642ee327d4c570
+    Company: Novell, Inc.
+    Copyright: (C) Copyright 2000-2013, Novell, Inc. All Rights Reserved.
+    CreationTimestamp: '2013-01-15 23:20:00'
+    Date: ''
+    Description: Novell Client Portability Layer
+    ExportedFunctions:
+    - DllGetClassObject
+    - XTCOM_Table
+    FileVersion: 3.1.11.0
+    Filename: ncpl.sys
+    ImportedFunctions:
+    - KeWaitForSingleObject
+    - ExAllocatePoolWithTag
+    - ZwCreateKey
+    - ExFreePoolWithTag
+    - ExReleaseFastMutex
+    - ExAcquireFastMutex
+    - RtlInitUnicodeString
+    - ZwSetValueKey
+    - ZwQueryValueKey
+    - ZwEnumerateValueKey
+    - ZwClose
+    - RtlAppendUnicodeStringToString
+    - RtlCopyUnicodeString
+    - ZwDeleteKey
+    - ZwEnumerateKey
+    - ZwOpenKey
+    - DbgPrintEx
+    - RtlUpcaseUnicodeString
+    - RtlAnsiStringToUnicodeString
+    - RtlUnicodeStringToAnsiString
+    - RtlUnicodeStringToOemString
+    - RtlFreeUnicodeString
+    - RtlOemStringToUnicodeString
+    - RtlFreeAnsiString
+    - DbgPrint
+    - KeReleaseSpinLock
+    - KeAcquireSpinLockRaiseToDpc
+    - RtlIntegerToUnicodeString
+    - RtlAppendUnicodeToString
+    - RtlInitString
+    - RtlEqualUnicodeString
+    - RtlCompareString
+    - RtlCopyString
+    - KeReleaseMutex
+    - RtlEqualString
+    - RtlUnicodeStringToInteger
+    - ExAcquireResourceExclusiveLite
+    - KeResetEvent
+    - KeInitializeMutex
+    - KeLeaveCriticalRegion
+    - KeSetEvent
+    - ExIsResourceAcquiredSharedLite
+    - ExIsResourceAcquiredExclusiveLite
+    - KeEnterCriticalRegion
+    - ExAcquireResourceSharedLite
+    - ExReleaseResourceLite
+    - ExDeleteResourceLite
+    - ExInitializeResourceLite
+    - KeWaitForMultipleObjects
+    - KeSetPriorityThread
+    - IoDeleteDevice
+    - IoCreateDevice
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - RtlCompareMemory
+    - IoUninitializeWorkItem
+    - IoFreeWorkItem
+    - KeInitializeDpc
+    - KeInitializeTimer
+    - KeDelayExecutionThread
+    - IoAllocateWorkItem
+    - KeSetTimer
+    - IoInitializeWorkItem
+    - IoQueueWorkItem
+    - KeCancelTimer
+    - KeBugCheckEx
+    - RtlCompareUnicodeString
+    - KeInitializeEvent
+    - NicmCreateInstance
+    Imports:
+    - ntoskrnl.exe
+    - nicm.sys
+    InternalName: ''
+    MD5: a26e600652c33dd054731b4693bf5b01
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: NICM.SYS
+    Product: Novell XTier
+    ProductVersion: 3.1.11
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 69be7d6bc33a7ee9619315180123bd46
+        SHA1: 7ee6731a37901780d7908fc3fad4474835f832bf
+        SHA256: 14ccd7b6557e31d8e57079e70c05cb15da8336c7380554b9b40f44840989f524
+    SHA1: bbc1e5fd826961d93b76abd161314cb3592c4436
+    SHA256: 6c7120e40fc850e4715058b233f5ad4527d1084a909114fd6a36b7b7573c4a44
+    Sections:
+        .text:
+            Entropy: 6.282178701948502
+            Virtual Size: '0x7bef'
+        .rdata:
+            Entropy: 4.695628681469371
+            Virtual Size: '0x7dc'
+        .data:
+            Entropy: 2.3749984963543618
+            Virtual Size: '0x8c8'
+        .pdata:
+            Entropy: 4.376596538087973
+            Virtual Size: '0x5d0'
+        .edata:
+            Entropy: 3.9914754428646444
+            Virtual Size: '0x63'
+        INIT:
+            Entropy: 5.215237124572024
+            Virtual Size: '0x976'
+        .rsrc:
+            Entropy: 3.2836822710764215
+            Virtual Size: '0x360'
+        .reloc:
+            Entropy: 3.6567400216610486
+            Virtual Size: '0x160'
+    Signature:
+    - Novell, Inc.
+    - VeriSign Class 3 Code Signing 2009-2 CA
+    - VeriSign Class 3 Public Primary CA
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        -   Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3
+                , Microsoft Software Validation v2, OU=Novell Products Group, CN=Novell,
+                Inc.
+            ValidFrom: '2010-04-03 00:00:00'
+            ValidTo: '2013-04-26 23:59:59'
+            Signature: 2d2eec4636a0c1f359ef30a107e6c2301ad12c09ab9fdac02211aaef81323d1daee3a14a150bf9f4c7d0d788d5f486ea75e40abeb502a2267171be53030fe7614af7a2015eabd4c26e887ec9220beb3666fc68158d2b8dd659e3fe55245821c10e37ddeebac63eb1848512c64a543a13ba6735b156c6dc13395890e8003e03e7c2613e2c1de1dfadfe072cd7655e3b4166fe973233b4f81ecf810541382d67c92f29d76e220543a7179b606011b932cee250f99f260b29e79236cec10b67e0e0e48cb74593a7ce2e3cfafb6c58ac7ae5c10a591037c380b5f7516cac8f4ec695b020ca2445cb9bf97eb56c09d4a62618871b482ef97c5894349e10f62e2ee68b
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 41ec87c0295f2c734169b8a23c66ac9a
+            Version: 3
+            TBS:
+                MD5: b1504f143b89a6080710bafcededb833
+                SHA1: 5c2696893ebba1e81d918a4fadda143c25c77286
+                SHA256: ae1dc09d08e93ace95fe203adfbfadcd4c029529d3f99ab381c368064b58d9a0
+                SHA384: 18c6db711578cfcd4bce87c63d053e242c7c196efc892c2d4a8733cb75bb7dc3cac3f702e0e1d4b7fa2c590acb53fdee
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 41ec87c0295f2c734169b8a23c66ac9a
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    Imphash: 8ec78cf864273fd81203678b61c41f04
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/902249eb-87cb-4c01-8da7-17675d743cd7.yaml b/yaml/902249eb-87cb-4c01-8da7-17675d743cd7.yaml
index bcd2b406c..0f125f528 100644
--- a/yaml/902249eb-87cb-4c01-8da7-17675d743cd7.yaml
+++ b/yaml/902249eb-87cb-4c01-8da7-17675d743cd7.yaml
@@ -1,167 +1,168 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 902249eb-87cb-4c01-8da7-17675d743cd7
+Tags:
+- WinFlash64.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create WinFlash64.sys binPath=C:\windows\temp\WinFlash64.sys type=kernel
-    && sc.exe start WinFlash64.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection: []
-Id: 902249eb-87cb-4c01-8da7-17675d743cd7
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 9fd32632e404f7d009ffe1ed34364539
-    SHA1: da21f5889f8374c3961856d681adec3d663d2964
-    SHA256: f2b51fbeead17f5ee34d5b4a3a83c848fb76f8f0e80769212e137a7aa539a3bc
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2007-01-04 19:39:31'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: WinFlash64.sys
-  ImportedFunctions:
-  - IoDeleteDevice
-  - RtlFreeUnicodeString
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - RtlAnsiStringToUnicodeString
-  - RtlInitString
-  - IofCompleteRequest
-  - MmMapLockedPages
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - KeBugCheckEx
-  Imports:
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: a4fda97f452b8f8705695a729f5969f7
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: f611e8b47daf79029d2e777e3071d939
-    SHA1: 2dc185768c738521fb43db6d6b100bb04d43177f
-    SHA256: 66f092383abb8b873a957d01b5079e4f2b52a63770dcf68fff59410500f5974f
-  SHA1: 8183a341ba6c3ce1948bf9be49ab5320e0ee324d
-  SHA256: 677c0b1add3990fad51f492553d3533115c50a242a919437ccb145943011d2bf
-  Sections:
-    .text:
-      Entropy: 6.132176234707054
-      Virtual Size: '0xa2a'
-    .rdata:
-      Entropy: 4.239377609592193
-      Virtual Size: '0x17c'
-    .data:
-      Entropy: 0.4917211838342579
-      Virtual Size: '0x120'
-    .pdata:
-      Entropy: 3.2669361989419348
-      Virtual Size: '0x78'
-    INIT:
-      Entropy: 4.880215733396522
-      Virtual Size: '0x262'
-  Signature:
-  - Phoenix Technology Ltd.
-  - VeriSign Class 3 Code Signing 2004 CA
-  - VeriSign Class 3 Public Primary CA
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2008-12-03 23:59:59'
-      Signature: 877870da4e5201205be079c98230c4fdb91996bd9100c3bdcdcdc6f40ed8fff94dc033623011c5f5741bd492de5f9c2013b17c45be50cd83e7801783a72793671346fbcab8984103cc9b515b058b7fa86ff31b501b242ef2698d6c22f7bbca1695ed0c74c06877d9eb996287c17390f889747a23aba3987b97b1f78f29714d2e751b4841daf0b50d2054d677a097826369fd09cf8af075bb099bd9f91155269a6132be7a02b07b86bea2c38b222c78d13576bc92735cf9b9e64c150a23cce4d2d4342e4940153c0f607a24c6a566ef96cf70eb3ee7f40d7edcd17ca3767169c19c4f47303521b1a2af1a623c2bd98eaa2a077bd818b35c7be29da56ffe3c89ad
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0de92bf0d4d82988183205095e9a7688
-      Version: 3
-      TBS:
-        MD5: 45c204b8a20f6abb0188d2d38a3fb0c9
-        SHA1: cdf3a3c5c2eda4c29621f30fd3154f9f8c765739
-        SHA256: e32839dddc0f4ed2474efaf37f59d46db400c700fd19533cb0895a111124bc77
-        SHA384: ee9c75832cb252218b3201619852209df490d2ef7a5f7a28afdb37f1c1dd56f4604898838e558f615b1c798d4a488223
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=US, ST=California, L=Milpitas, O=Phoenix Technology Ltd., OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=CSS Core Features Development,
-        CN=Phoenix Technology Ltd.
-      ValidFrom: '2006-10-17 00:00:00'
-      ValidTo: '2007-10-17 23:59:59'
-      Signature: 66da102458b1f7a00e4d83c2b5fc3f96e6c55489b52830af684ef682ba836adeaf11984c59a876a882bf9bf2de527d34872a457e01a02c8bb8c630e41e364b96980b7e774228d49597ba47674b21c4da7d9cccd87bb5af940b761a9b70c64d2d4455d764a0004a9e55cecb4cde90e49481fced746ec91fe2b63f0176df8b7400928964cb53088a06e779021ae79280e58c9d0a7ac19ad0b9ab042e223ea97c13830cc55dcad096dab50f11126be42fe8142814e943a0b408659ff0f155449719c2afbf4c911fd78cba7f91d4ca280b1959a40fc8e7785d58b7a71e5357c946e5ddf20ea489e58877cf26a28691eccdcf20b4a40f353dbaa91e703db89aa7470b
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 2ca9ca93cd9b19a96ddad68aff3a668d
-      Version: 3
-      TBS:
-        MD5: 47b0f73f8cc709595616e0d6ae88c5db
-        SHA1: 83d27f045fa24c61544842dd4a9ac8759fa6900a
-        SHA256: 47a75a2e532e11a257ac26424155874c7254eadf8c3aa2882ebdf1c26c592db7
-        SHA384: 47b81b4771455e9cd188c0b7354dd8b1db838d9efa8f9019b1e8c74768c2d421118e6997bb6d025d7bcbe80851caaa2e
-    Signer:
-    - SerialNumber: 2ca9ca93cd9b19a96ddad68aff3a668d
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  Imphash: 7a4a0df0bde1f8da6547a580d5bee7c3
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create WinFlash64.sys binPath=C:\windows\temp\WinFlash64.sys type=kernel
+        && sc.exe start WinFlash64.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://github.com/eclypsium/Screwed-Drivers/blob/master/DRIVERS.md
-Tags:
-- WinFlash64.sys
-Verified: 'TRUE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 9fd32632e404f7d009ffe1ed34364539
+        SHA1: da21f5889f8374c3961856d681adec3d663d2964
+        SHA256: f2b51fbeead17f5ee34d5b4a3a83c848fb76f8f0e80769212e137a7aa539a3bc
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2007-01-04 19:39:31'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: WinFlash64.sys
+    ImportedFunctions:
+    - IoDeleteDevice
+    - RtlFreeUnicodeString
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - RtlAnsiStringToUnicodeString
+    - RtlInitString
+    - IofCompleteRequest
+    - MmMapLockedPages
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - KeBugCheckEx
+    Imports:
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: a4fda97f452b8f8705695a729f5969f7
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: f611e8b47daf79029d2e777e3071d939
+        SHA1: 2dc185768c738521fb43db6d6b100bb04d43177f
+        SHA256: 66f092383abb8b873a957d01b5079e4f2b52a63770dcf68fff59410500f5974f
+    SHA1: 8183a341ba6c3ce1948bf9be49ab5320e0ee324d
+    SHA256: 677c0b1add3990fad51f492553d3533115c50a242a919437ccb145943011d2bf
+    Sections:
+        .text:
+            Entropy: 6.132176234707054
+            Virtual Size: '0xa2a'
+        .rdata:
+            Entropy: 4.239377609592193
+            Virtual Size: '0x17c'
+        .data:
+            Entropy: 0.4917211838342579
+            Virtual Size: '0x120'
+        .pdata:
+            Entropy: 3.2669361989419348
+            Virtual Size: '0x78'
+        INIT:
+            Entropy: 4.880215733396522
+            Virtual Size: '0x262'
+    Signature:
+    - Phoenix Technology Ltd.
+    - VeriSign Class 3 Code Signing 2004 CA
+    - VeriSign Class 3 Public Primary CA
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2008-12-03 23:59:59'
+            Signature: 877870da4e5201205be079c98230c4fdb91996bd9100c3bdcdcdc6f40ed8fff94dc033623011c5f5741bd492de5f9c2013b17c45be50cd83e7801783a72793671346fbcab8984103cc9b515b058b7fa86ff31b501b242ef2698d6c22f7bbca1695ed0c74c06877d9eb996287c17390f889747a23aba3987b97b1f78f29714d2e751b4841daf0b50d2054d677a097826369fd09cf8af075bb099bd9f91155269a6132be7a02b07b86bea2c38b222c78d13576bc92735cf9b9e64c150a23cce4d2d4342e4940153c0f607a24c6a566ef96cf70eb3ee7f40d7edcd17ca3767169c19c4f47303521b1a2af1a623c2bd98eaa2a077bd818b35c7be29da56ffe3c89ad
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0de92bf0d4d82988183205095e9a7688
+            Version: 3
+            TBS:
+                MD5: 45c204b8a20f6abb0188d2d38a3fb0c9
+                SHA1: cdf3a3c5c2eda4c29621f30fd3154f9f8c765739
+                SHA256: e32839dddc0f4ed2474efaf37f59d46db400c700fd19533cb0895a111124bc77
+                SHA384: ee9c75832cb252218b3201619852209df490d2ef7a5f7a28afdb37f1c1dd56f4604898838e558f615b1c798d4a488223
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=US, ST=California, L=Milpitas, O=Phoenix Technology Ltd., OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, OU=CSS Core Features
+                Development, CN=Phoenix Technology Ltd.
+            ValidFrom: '2006-10-17 00:00:00'
+            ValidTo: '2007-10-17 23:59:59'
+            Signature: 66da102458b1f7a00e4d83c2b5fc3f96e6c55489b52830af684ef682ba836adeaf11984c59a876a882bf9bf2de527d34872a457e01a02c8bb8c630e41e364b96980b7e774228d49597ba47674b21c4da7d9cccd87bb5af940b761a9b70c64d2d4455d764a0004a9e55cecb4cde90e49481fced746ec91fe2b63f0176df8b7400928964cb53088a06e779021ae79280e58c9d0a7ac19ad0b9ab042e223ea97c13830cc55dcad096dab50f11126be42fe8142814e943a0b408659ff0f155449719c2afbf4c911fd78cba7f91d4ca280b1959a40fc8e7785d58b7a71e5357c946e5ddf20ea489e58877cf26a28691eccdcf20b4a40f353dbaa91e703db89aa7470b
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 2ca9ca93cd9b19a96ddad68aff3a668d
+            Version: 3
+            TBS:
+                MD5: 47b0f73f8cc709595616e0d6ae88c5db
+                SHA1: 83d27f045fa24c61544842dd4a9ac8759fa6900a
+                SHA256: 47a75a2e532e11a257ac26424155874c7254eadf8c3aa2882ebdf1c26c592db7
+                SHA384: 47b81b4771455e9cd188c0b7354dd8b1db838d9efa8f9019b1e8c74768c2d421118e6997bb6d025d7bcbe80851caaa2e
+        Signer:
+        -   SerialNumber: 2ca9ca93cd9b19a96ddad68aff3a668d
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    Imphash: 7a4a0df0bde1f8da6547a580d5bee7c3
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/9074a02a-b1ca-4bfb-8918-5b88e91c04a2.yaml b/yaml/9074a02a-b1ca-4bfb-8918-5b88e91c04a2.yaml
index 9e61fe4e5..fb2ad2661 100644
--- a/yaml/9074a02a-b1ca-4bfb-8918-5b88e91c04a2.yaml
+++ b/yaml/9074a02a-b1ca-4bfb-8918-5b88e91c04a2.yaml
@@ -1,1162 +1,1168 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 9074a02a-b1ca-4bfb-8918-5b88e91c04a2
+Tags:
+- superbmc.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create superbmc.sys binPath=C:\windows\temp\superbmc.sys type=kernel
-    && sc.exe start superbmc.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/f8430bdc6fd01f42217d66d87a3ef6f66cb2700ebb39c4f25c8b851858cc4b35.yara
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: 9074a02a-b1ca-4bfb-8918-5b88e91c04a2
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 70f41d3749f4608b64902dd2c1f1e14f
-    SHA1: c6609cad7208669e4c34f71f682af1a6bcddc11f
-    SHA256: 9c4ffe4815b5755d2609be21ba53c9157e8f71137f06fe35044406b968b80320
-  Company: Super Micro Computer, Inc.
-  Copyright: Copyright(c) 1993-2015 Super Micro Computer, Inc.
-  CreationTimestamp: '2015-04-09 00:40:14'
-  Date: ''
-  Description: superbmc
-  ExportedFunctions: ''
-  FileVersion: 2.0.0.0
-  Filename: superbmc.sys
-  ImportedFunctions:
-  - KeClearEvent
-  - IoCreateNotificationEvent
-  - IoRegisterShutdownNotification
-  - PsCreateSystemThread
-  - IoDeleteDevice
-  - IoCreateSymbolicLink
-  - KeInitializeDpc
-  - KeInitializeTimer
-  - KeInitializeSemaphore
-  - IoCreateDevice
-  - RtlAppendUnicodeToString
-  - ExAllocatePool
-  - RtlInitUnicodeString
-  - IoDeleteSymbolicLink
-  - ZwClose
-  - IoUnregisterShutdownNotification
-  - ObfDereferenceObject
-  - KeWaitForSingleObject
-  - IoAllocateErrorLogEntry
-  - ObReferenceObjectByHandle
-  - IofCompleteRequest
-  - ExInterlockedInsertTailList
-  - ZwUnmapViewOfSection
-  - KeResetEvent
-  - ExInterlockedRemoveHeadList
-  - PsTerminateSystemThread
-  - KeSetPriorityThread
-  - KeSetTimer
-  - KeCancelTimer
-  - KeDelayExecutionThread
-  - ExSetTimerResolution
-  - KeInitializeEvent
-  - KeSetEvent
-  - ZwMapViewOfSection
-  - ZwOpenSection
-  - KeBugCheckEx
-  - KeReleaseSemaphore
-  - ExFreePoolWithTag
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: superbmc
-  MD5: 3473faea65fba5d4fbe54c0898a3c044
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: superbmc.sys
-  Product: superbmc
-  ProductVersion: 2.0.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 4533edb4231f85470030cc48560fbf4e
-    SHA1: e50a65319cc8732a226b49c93308ed1f489931a0
-    SHA256: 4cbbd228329863067dc13b6666c97aefdf8729557144c4bce8d2e98fb21a19f6
-  SHA1: 910cb12aa49e9f35ecc4907e8304adf0dcca8cf1
-  SHA256: f8430bdc6fd01f42217d66d87a3ef6f66cb2700ebb39c4f25c8b851858cc4b35
-  Sections:
-    .text:
-      Entropy: 5.487182157930351
-      Virtual Size: '0x4819'
-    .rdata:
-      Entropy: 3.39401265864358
-      Virtual Size: '0x394'
-    .data:
-      Entropy: 3.1829276280491086
-      Virtual Size: '0x464'
-    .pdata:
-      Entropy: 4.156262780436007
-      Virtual Size: '0x33c'
-    INIT:
-      Entropy: 5.018419400835308
-      Virtual Size: '0x57e'
-    .rsrc:
-      Entropy: 3.2202435205340207
-      Virtual Size: '0x3a0'
-    .reloc:
-      Entropy: 1.2775827704053433
-      Virtual Size: '0x60'
-  Signature:
-  - Super Micro Computer, Inc.
-  - VeriSign Class 3 Code Signing 2010 CA
-  - VeriSign
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=US, ST=California, L=San Jose, O=Super Micro Computer, Inc., OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=Software, CN=Super Micro
-        Computer, Inc.
-      ValidFrom: '2012-09-14 00:00:00'
-      ValidTo: '2015-11-13 23:59:59'
-      Signature: 47334026faeeba8c5d59d4971b4bfccff0fdf0a606adfb714c7ece1a3ddc350f198097d2ba6079ca9eabe64f03f7375b78366baa8ac1e9295c31d03b9fca004b8fb5f70d9c98b7905f4b151edc16ca82731498451fcc28f31665c1850d887f0ece1ef0fad9ffd0dd7b1515fa1e121e2575e6a31f25010f0306df2b81ddf291c9f17b3d582c0af97d219c007ec03b1a38a8794ab447b5cdb8637a8f6704124f9776eda3af121ab980a2525f0f09accea3213c6fa4d606d7e48580db97aee01a048ad3420d205b99b0023b59a4f8df1b3013e4e8bc496b73cd950e297202bd09a6c77011deecb43cbffb7038344e025dad84099324518c5a2deb3c6728b4346603
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3676642ba91b1d0bdf1d3ad0a6efaf4b
-      Version: 3
-      TBS:
-        MD5: bfcec1bbe031a317daa44e460285dd9a
-        SHA1: d13da09d7cbd0317a33467adf2b9f7a409b2f625
-        SHA256: e516875ff4800faea06f2ffa8041eb78e5842ebd01a390a7a2093b6bd02c8db8
-        SHA384: cbe90df0e08462d6b1b7d4b8ac012c0f70c6cbef2b538ede17dd32e0b0f615a604f43c1934fdc21200e63b19076dae8c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 3676642ba91b1d0bdf1d3ad0a6efaf4b
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 1a0d0d460994cfde55ee908d62330ee0
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 32ada4dc4fa6cc134e45f36dc5d43a8b
-    SHA1: cdc476003a1310aa02271260cc9eb7ba07ff60cb
-    SHA256: 2645298d84585fa987450aa11687b73739cbbc26abaa8125099cae5889beb211
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2012-12-12 20:06:10'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - ZwClose
-  - ExFreePoolWithTag
-  - IofCompleteRequest
-  - KeResetEvent
-  - IoRegisterShutdownNotification
-  - KeInitializeSemaphore
-  - IoCreateNotificationEvent
-  - ObReferenceObjectByHandle
-  - KeWaitForSingleObject
-  - KeSetPriorityThread
-  - KeSetTimer
-  - RtlInitUnicodeString
-  - KeReleaseSemaphore
-  - IoDeleteDevice
-  - ExInterlockedRemoveHeadList
-  - KeSetEvent
-  - IoCreateSymbolicLink
-  - IoDeleteSymbolicLink
-  - ObfDereferenceObject
-  - KeInitializeEvent
-  - IoCreateDevice
-  - KeInitializeDpc
-  - KeCancelTimer
-  - IoAllocateErrorLogEntry
-  - KeInitializeTimer
-  - KeDelayExecutionThread
-  - PsCreateSystemThread
-  - ZwUnmapViewOfSection
-  - KeClearEvent
-  - ExAllocatePool
-  - ExInterlockedInsertTailList
-  - IoUnregisterShutdownNotification
-  - ZwMapViewOfSection
-  - ZwOpenSection
-  - KeBugCheckEx
-  - RtlAppendUnicodeToString
-  - PsTerminateSystemThread
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: 2927eac51c46944ab69ba81462fb9045
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 57d1203fb061b395c1b37c87a778cc34
-    SHA1: 0e9514575e15cf80a0efc5b7b1de1cd9ac81f92d
-    SHA256: 00bd2c4b4405933b0b31ca8f749011434e0426e32912b13c7dd1ea4da2a562b5
-  SHA1: 97f668aa01ebbbf2f5f93419d146e6608d203efd
-  SHA256: c9c60f560440ff16ad3c767ff5b7658d5bda61ea1166efe9b7f450447557136e
-  Sections:
-    .text:
-      Entropy: 6.316071250903913
-      Virtual Size: '0x2c0e'
-    .rdata:
-      Entropy: 4.658523155942707
-      Virtual Size: '0x388'
-    .data:
-      Entropy: 2.433081741758809
-      Virtual Size: '0x3e4'
-    .pdata:
-      Entropy: 3.902297721960736
-      Virtual Size: '0x144'
-    INIT:
-      Entropy: 5.007429340188308
-      Virtual Size: '0x58e'
-    .rsrc:
-      Entropy: 4.69027365899858
-      Virtual Size: '0x470'
-    .reloc:
-      Entropy: 1.2072398645622462
-      Virtual Size: '0x60'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-10-18 14:38:35'
-      ValidTo: '2022-05-20 14:38:35'
-      Signature: aa3e3f03412f35137f8c3f125c10cfee67557956600f01520f23877a412847e5d36672bb02cfc90c242941c2da2e99e02391efb133473cc2083a069573a21b0ebc3fb7e259f169bef0d3e1188f732de8a39c214040f3cd3ab7018ddc4d94b47a1005507f1b61c582158ae42c4ded3411eb5b6a8959c7def72c84c0b3bd3a98e145288a2195803fc90797f0ff42c11e4284e7b2c7e0a26a99d4f1d4c6fe57c0b93ae7f627700da9e07b4a1395c2c9b9ab6907d94dcc6647424a74a7a76db3a735e87e4baacebdbc939f7dc640a5fcaa1fa8d5d1f07e7fd2e34c56fd4064f0474c510430eaea942f24cae908c5785ba162c91d48879719fa4da578edec04790e36
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 023a64
-      Version: 3
-      TBS:
-        MD5: 1c4eabb6695c77091994554285e367d1
-        SHA1: 01ee4a5386a24a8b6805c4dfcbc5816c38583ce2
-        SHA256: e2ccfe68a71dc3bd439a8ba3934461748dacd7a9aaaa5358bed91a4e654829ad
-        SHA384: 23b294260204c6450aa7a05f438dea1c0974056755bbfc6e69760106e64a934b50b356d1ea2bdedf7562876cf8671c32
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2022-05-19 23:59:59'
-      Signature: 6300328d171f28dc0479c9271984b83668a7751918b24f49ac5d612b8632d00d4dbab57c5eb6d237e8ed5b882cd22961be1f50294a22f91786bd87215bd13c4dbf64c0ba2e9ba610a1f1c48453b08d58f28eaf1219771fadf7bebe812d8e827e70f83996336559a84f7f8b22c9187e5e64e2b9306d06b4b7118c66ba2c2644b98adcb18791b5dcbf14a1dc83a360af295e668a2b0ded9dd03905b9b86f1eb9ba71cc68deb2793a03d688e11d29b334e721d8a30f2b721a42b59e45fadfa72b9dd7f2cd1dc856122f8d9d4dce32c9266164d09a78e52f126a4a440224d85785327fcd598c6b733300a55eabc3f022c0cb08c3e0f7b8b80414ec4aef39f9cfca25
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 7e1fdf7299e8d245a15d0ba8e5b159ba
-      Version: 3
-      TBS:
-        MD5: e451247dadf3cdbd75735f81335ede9a
-        SHA1: 6488fdef17121c59aba8e4d9ee03fed253995625
-        SHA256: 0428cd5afa2e236b4e6d5b767f16d696c3232ad4dae5d5d31800d084937879c3
-        SHA384: 763791c9569bbd8d6c83b1af674b9cac806fca862283d7a0bda0f033de9c9ede9f1ea163251749f9faa7f3ba01662831
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=US, ST=California, L=San Jose, O=Super Micro Computer, Inc., OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=Software, CN=Super Micro
-        Computer, Inc.
-      ValidFrom: '2012-09-14 00:00:00'
-      ValidTo: '2015-11-13 23:59:59'
-      Signature: 47334026faeeba8c5d59d4971b4bfccff0fdf0a606adfb714c7ece1a3ddc350f198097d2ba6079ca9eabe64f03f7375b78366baa8ac1e9295c31d03b9fca004b8fb5f70d9c98b7905f4b151edc16ca82731498451fcc28f31665c1850d887f0ece1ef0fad9ffd0dd7b1515fa1e121e2575e6a31f25010f0306df2b81ddf291c9f17b3d582c0af97d219c007ec03b1a38a8794ab447b5cdb8637a8f6704124f9776eda3af121ab980a2525f0f09accea3213c6fa4d606d7e48580db97aee01a048ad3420d205b99b0023b59a4f8df1b3013e4e8bc496b73cd950e297202bd09a6c77011deecb43cbffb7038344e025dad84099324518c5a2deb3c6728b4346603
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3676642ba91b1d0bdf1d3ad0a6efaf4b
-      Version: 3
-      TBS:
-        MD5: bfcec1bbe031a317daa44e460285dd9a
-        SHA1: d13da09d7cbd0317a33467adf2b9f7a409b2f625
-        SHA256: e516875ff4800faea06f2ffa8041eb78e5842ebd01a390a7a2093b6bd02c8db8
-        SHA384: cbe90df0e08462d6b1b7d4b8ac012c0f70c6cbef2b538ede17dd32e0b0f615a604f43c1934fdc21200e63b19076dae8c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 3676642ba91b1d0bdf1d3ad0a6efaf4b
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 82b2288ac7f842e42de15c5bc96f1772
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: b52b3e1cdc7a143d15e710dde8366772
-    SHA1: af3908c5dcb18e82a749ad06b82d2aec3c2542af
-    SHA256: 85c5e66f38152d17d5b580126b3348579263bbc8fd22e5417c0090fd75a330ac
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2013-10-11 00:46:02'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - IoCreateNotificationEvent
-  - ObReferenceObjectByHandle
-  - KeWaitForSingleObject
-  - KeSetPriorityThread
-  - KeSetTimer
-  - RtlInitUnicodeString
-  - KeReleaseSemaphore
-  - IoDeleteDevice
-  - ExInterlockedRemoveHeadList
-  - KeSetEvent
-  - IoCreateSymbolicLink
-  - RtlAppendUnicodeToString
-  - ObfDereferenceObject
-  - KeInitializeEvent
-  - IoCreateDevice
-  - KeInitializeDpc
-  - KeCancelTimer
-  - KeInitializeSemaphore
-  - KeInitializeTimer
-  - KeDelayExecutionThread
-  - PsCreateSystemThread
-  - ZwUnmapViewOfSection
-  - KeClearEvent
-  - ExAllocatePool
-  - ExInterlockedInsertTailList
-  - IoUnregisterShutdownNotification
-  - PsTerminateSystemThread
-  - IoDeleteSymbolicLink
-  - ZwClose
-  - ExFreePoolWithTag
-  - IofCompleteRequest
-  - KeResetEvent
-  - ZwMapViewOfSection
-  - ZwOpenSection
-  - KeBugCheckEx
-  - IoAllocateErrorLogEntry
-  - IoRegisterShutdownNotification
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: aad4fb47cb39a9ab4159662a29e1ee88
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 57d1203fb061b395c1b37c87a778cc34
-    SHA1: 0e9514575e15cf80a0efc5b7b1de1cd9ac81f92d
-    SHA256: 00bd2c4b4405933b0b31ca8f749011434e0426e32912b13c7dd1ea4da2a562b5
-  SHA1: 0d9c77aca860a43cca87a0c00f69e2ab07ab0b67
-  SHA256: 1deae340bf619319adce00701de887f7434deab4d5547a1742aeedb5634d23c6
-  Sections:
-    .text:
-      Entropy: 6.318058729831537
-      Virtual Size: '0x2c2e'
-    .rdata:
-      Entropy: 4.6544751209575255
-      Virtual Size: '0x388'
-    .data:
-      Entropy: 2.4372400845801705
-      Virtual Size: '0x3e4'
-    .pdata:
-      Entropy: 3.8801950693103353
-      Virtual Size: '0x144'
-    INIT:
-      Entropy: 5.016944282347721
-      Virtual Size: '0x58e'
-    .rsrc:
-      Entropy: 4.69027365899858
-      Virtual Size: '0x470'
-    .reloc:
-      Entropy: 1.2072398645622462
-      Virtual Size: '0x60'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=US, ST=California, L=San Jose, O=Super Micro Computer, Inc., OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=Software, CN=Super Micro
-        Computer, Inc.
-      ValidFrom: '2012-09-14 00:00:00'
-      ValidTo: '2015-11-13 23:59:59'
-      Signature: 47334026faeeba8c5d59d4971b4bfccff0fdf0a606adfb714c7ece1a3ddc350f198097d2ba6079ca9eabe64f03f7375b78366baa8ac1e9295c31d03b9fca004b8fb5f70d9c98b7905f4b151edc16ca82731498451fcc28f31665c1850d887f0ece1ef0fad9ffd0dd7b1515fa1e121e2575e6a31f25010f0306df2b81ddf291c9f17b3d582c0af97d219c007ec03b1a38a8794ab447b5cdb8637a8f6704124f9776eda3af121ab980a2525f0f09accea3213c6fa4d606d7e48580db97aee01a048ad3420d205b99b0023b59a4f8df1b3013e4e8bc496b73cd950e297202bd09a6c77011deecb43cbffb7038344e025dad84099324518c5a2deb3c6728b4346603
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3676642ba91b1d0bdf1d3ad0a6efaf4b
-      Version: 3
-      TBS:
-        MD5: bfcec1bbe031a317daa44e460285dd9a
-        SHA1: d13da09d7cbd0317a33467adf2b9f7a409b2f625
-        SHA256: e516875ff4800faea06f2ffa8041eb78e5842ebd01a390a7a2093b6bd02c8db8
-        SHA384: cbe90df0e08462d6b1b7d4b8ac012c0f70c6cbef2b538ede17dd32e0b0f615a604f43c1934fdc21200e63b19076dae8c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 3676642ba91b1d0bdf1d3ad0a6efaf4b
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: d57ef6278dcd7049063e8fb6ade9effc
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: b7b17ac0e2e7735c037a7cd45235d74c
-    SHA1: b73248a34fbab95c9d4a1cf944cdc69b3f5e4995
-    SHA256: 22afee6f0ec783d59ef4f5d6c189b78fa26302f0ed09670b7bbc9bae26bdb0e5
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2008-05-15 19:55:26'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - ZwClose
-  - ExFreePoolWithTag
-  - IofCompleteRequest
-  - KeResetEvent
-  - IoRegisterShutdownNotification
-  - KeInitializeSemaphore
-  - IoCreateNotificationEvent
-  - ObReferenceObjectByHandle
-  - KeWaitForSingleObject
-  - KeSetPriorityThread
-  - KeSetTimer
-  - RtlInitUnicodeString
-  - KeReleaseSemaphore
-  - IoDeleteDevice
-  - ExInterlockedRemoveHeadList
-  - KeSetEvent
-  - IoCreateSymbolicLink
-  - IoDeleteSymbolicLink
-  - ObfDereferenceObject
-  - KeInitializeEvent
-  - IoCreateDevice
-  - KeInitializeDpc
-  - KeCancelTimer
-  - IoAllocateErrorLogEntry
-  - KeInitializeTimer
-  - KeDelayExecutionThread
-  - PsCreateSystemThread
-  - ZwUnmapViewOfSection
-  - KeClearEvent
-  - ExAllocatePool
-  - ExInterlockedInsertTailList
-  - IoUnregisterShutdownNotification
-  - ZwMapViewOfSection
-  - ZwOpenSection
-  - KeBugCheckEx
-  - RtlAppendUnicodeToString
-  - PsTerminateSystemThread
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: 7f258c0161e9edca8e7f85ac0dd68e46
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 57d1203fb061b395c1b37c87a778cc34
-    SHA1: 0e9514575e15cf80a0efc5b7b1de1cd9ac81f92d
-    SHA256: 00bd2c4b4405933b0b31ca8f749011434e0426e32912b13c7dd1ea4da2a562b5
-  SHA1: f544f25104fe997ec873f5cec64c7aa722263fb4
-  SHA256: 326b53365f8486c78608139cac84619eff90be361f7ade9db70f9867dd94dcc9
-  Sections:
-    .text:
-      Entropy: 6.316071250903913
-      Virtual Size: '0x2c0e'
-    .rdata:
-      Entropy: 4.544700132685404
-      Virtual Size: '0x368'
-    .data:
-      Entropy: 2.433081741758809
-      Virtual Size: '0x3e4'
-    .pdata:
-      Entropy: 3.9027988807554146
-      Virtual Size: '0x144'
-    INIT:
-      Entropy: 5.007429340188308
-      Virtual Size: '0x58e'
-    .rsrc:
-      Entropy: 4.69027365899858
-      Virtual Size: '0x470'
-    .reloc:
-      Entropy: 1.2072398645622462
-      Virtual Size: '0x60'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=US, ST=CA , L=San Jose, O=Super Micro Computer, Inc., OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=Software, CN=Super Micro
-        Computer, Inc.
-      ValidFrom: '2006-11-15 00:00:00'
-      ValidTo: '2009-11-14 23:59:59'
-      Signature: 1da119d7411327fb22c335ae53a6e4c2704ee5bf58988116068207e4e0cdf94a52563e996f26e2fae4dccbd3af869c5d0c2e4ebd6a209da54351896094c8cf533d5e1b87d89169131bc1a75387e5c33c1c8263b41ca7ac737f6ff16219498240adb45cf98b5c98721eb825d3e5576da4aaaaae727c6678866a897b3cca6001fcdb7d4c5c94415689054e9a61a07c2f36c693a44792e205427a734f314eeb5ba2ceef795825c71608e5a8eaa6698a54cbbbe52a8e059994025c7445af46cd95f735a0f47f8e1195762a35dd83d83a89c1c8b16ce7e13d15813f70114b3ab06098242936ad44a79b87bc19997f47fdb98906856a986cdaf0f0230efbcf5087a0c9
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 71cf23fe52cfee3143d2febd6c5e4ac3
-      Version: 3
-      TBS:
-        MD5: 6fc92ffdf0d2d8c091642d7945a06567
-        SHA1: 2abfc7355234a18f5a4cc5a6187255cdbf7a4aef
-        SHA256: 585d6196e1730095df3dc57f94e8f7d95db97acf08ad8b55feaba987de350b9a
-        SHA384: 4498f386abf77c39abe69cf0bb54b1846226d347420e8eb2e10cdd11794cab714ead69a18545cc51b14a07739acfbebf
-    Signer:
-    - SerialNumber: 71cf23fe52cfee3143d2febd6c5e4ac3
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  Imphash: 82b2288ac7f842e42de15c5bc96f1772
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 8a322bb64f9e21b12006f36e1a285ee0
-    SHA1: 93018a3b82781979dd4759dadf5a4ec91da86722
-    SHA256: 8cef918675dfaeb50cacd36b9c06871fd05e9ffea7addf98a396fae131abe30a
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2014-05-29 02:37:08'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - ZwUnmapViewOfSection
-  - KeClearEvent
-  - IoCreateNotificationEvent
-  - RtlInitUnicodeString
-  - KeSetTimer
-  - KeWaitForSingleObject
-  - KeCancelTimer
-  - KeDelayExecutionThread
-  - KeInitializeEvent
-  - KeInitializeSemaphore
-  - KeSetEvent
-  - ExFreePoolWithTag
-  - ExAllocatePool
-  - IoDeleteSymbolicLink
-  - RtlAppendUnicodeToString
-  - ZwClose
-  - IoUnregisterShutdownNotification
-  - ObfDereferenceObject
-  - KeResetEvent
-  - memset
-  - IoDeleteDevice
-  - ExfInterlockedRemoveHeadList
-  - PsTerminateSystemThread
-  - KeSetPriorityThread
-  - KeGetCurrentThread
-  - IoRegisterShutdownNotification
-  - PsCreateSystemThread
-  - IoCreateSymbolicLink
-  - KeInitializeDpc
-  - KeInitializeTimer
-  - IoCreateDevice
-  - IoAllocateErrorLogEntry
-  - memcpy
-  - ZwMapViewOfSection
-  - ZwOpenSection
-  - KeTickCount
-  - KeBugCheckEx
-  - ExfInterlockedInsertTailList
-  - KeReleaseSemaphore
-  - ObReferenceObjectByHandle
-  - IofCompleteRequest
-  - READ_PORT_UCHAR
-  - HalTranslateBusAddress
-  - WRITE_PORT_UCHAR
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: a7d3ebfb3843ee28d9ca18b496bd0eb2
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 6428a275bb8192c408ba688a29e2ed66
-    SHA1: 8ce684bf9022773d7d2239ab2514c89fa24592f5
-    SHA256: a569b20e2ca6ebc206e38ebec96f35f53627050818c1b4392ef6d06fef14244c
-  SHA1: 62fdb0b43c56530a6a0ba434037d131f236d1266
-  SHA256: a6f8aa3de5b4aea58eddd45807d722c864d4bc4a38ad573174af864e21f0d526
-  Sections:
-    .text:
-      Entropy: 6.3734265948595015
-      Virtual Size: '0x218a'
-    .rdata:
-      Entropy: 4.535433369726426
-      Virtual Size: '0x14e'
-    .data:
-      Entropy: 3.3171407310519254
-      Virtual Size: '0x280'
-    INIT:
-      Entropy: 5.49492687346738
-      Virtual Size: '0x540'
-    .rsrc:
-      Entropy: 4.689484401118087
-      Virtual Size: '0x470'
-    .reloc:
-      Entropy: 5.473713072817854
-      Virtual Size: '0x20a'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=US, ST=California, L=San Jose, O=Super Micro Computer, Inc., OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=Software, CN=Super Micro
-        Computer, Inc.
-      ValidFrom: '2012-09-14 00:00:00'
-      ValidTo: '2015-11-13 23:59:59'
-      Signature: 47334026faeeba8c5d59d4971b4bfccff0fdf0a606adfb714c7ece1a3ddc350f198097d2ba6079ca9eabe64f03f7375b78366baa8ac1e9295c31d03b9fca004b8fb5f70d9c98b7905f4b151edc16ca82731498451fcc28f31665c1850d887f0ece1ef0fad9ffd0dd7b1515fa1e121e2575e6a31f25010f0306df2b81ddf291c9f17b3d582c0af97d219c007ec03b1a38a8794ab447b5cdb8637a8f6704124f9776eda3af121ab980a2525f0f09accea3213c6fa4d606d7e48580db97aee01a048ad3420d205b99b0023b59a4f8df1b3013e4e8bc496b73cd950e297202bd09a6c77011deecb43cbffb7038344e025dad84099324518c5a2deb3c6728b4346603
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3676642ba91b1d0bdf1d3ad0a6efaf4b
-      Version: 3
-      TBS:
-        MD5: bfcec1bbe031a317daa44e460285dd9a
-        SHA1: d13da09d7cbd0317a33467adf2b9f7a409b2f625
-        SHA256: e516875ff4800faea06f2ffa8041eb78e5842ebd01a390a7a2093b6bd02c8db8
-        SHA384: cbe90df0e08462d6b1b7d4b8ac012c0f70c6cbef2b538ede17dd32e0b0f615a604f43c1934fdc21200e63b19076dae8c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 3676642ba91b1d0bdf1d3ad0a6efaf4b
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 587191d77c08023e6e95463153e45463
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 80632eec54e223eadc6f1cccfabb2453
-    SHA1: 989bddc6b7076947277ab6eb7f002ab6731aaeae
-    SHA256: 5147b0f2ca9d0bde1f9fceb382c05f7fa9c333709d7bf081d6c00a4132d914af
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2015-03-05 01:19:45'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - ZwClose
-  - ExFreePoolWithTag
-  - IofCompleteRequest
-  - KeResetEvent
-  - IoRegisterShutdownNotification
-  - KeInitializeSemaphore
-  - IoCreateNotificationEvent
-  - ObReferenceObjectByHandle
-  - KeWaitForSingleObject
-  - KeSetPriorityThread
-  - KeSetTimer
-  - RtlInitUnicodeString
-  - KeReleaseSemaphore
-  - IoDeleteDevice
-  - ExInterlockedRemoveHeadList
-  - KeSetEvent
-  - IoCreateSymbolicLink
-  - IoDeleteSymbolicLink
-  - ObfDereferenceObject
-  - KeInitializeEvent
-  - IoCreateDevice
-  - KeInitializeDpc
-  - KeCancelTimer
-  - IoAllocateErrorLogEntry
-  - KeInitializeTimer
-  - KeDelayExecutionThread
-  - PsCreateSystemThread
-  - ZwUnmapViewOfSection
-  - KeClearEvent
-  - ExAllocatePool
-  - ExInterlockedInsertTailList
-  - IoUnregisterShutdownNotification
-  - ZwMapViewOfSection
-  - ZwOpenSection
-  - KeBugCheckEx
-  - RtlAppendUnicodeToString
-  - PsTerminateSystemThread
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: 7e3a6f880486a4782b896e6dbd9cc26f
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 57d1203fb061b395c1b37c87a778cc34
-    SHA1: 0e9514575e15cf80a0efc5b7b1de1cd9ac81f92d
-    SHA256: 00bd2c4b4405933b0b31ca8f749011434e0426e32912b13c7dd1ea4da2a562b5
-  SHA1: 1d5d2c5853619c25518ba0c55fd7477050e708fb
-  SHA256: 1d804efc9a1a012e1f68288c0a2833b13d00eecd4a6e93258ba100aa07e3406f
-  Sections:
-    .text:
-      Entropy: 6.316071250903913
-      Virtual Size: '0x2c0e'
-    .rdata:
-      Entropy: 4.651185602086586
-      Virtual Size: '0x388'
-    .data:
-      Entropy: 2.433081741758809
-      Virtual Size: '0x3e4'
-    .pdata:
-      Entropy: 3.902297721960736
-      Virtual Size: '0x144'
-    INIT:
-      Entropy: 5.007429340188308
-      Virtual Size: '0x58e'
-    .rsrc:
-      Entropy: 4.69027365899858
-      Virtual Size: '0x470'
-    .reloc:
-      Entropy: 1.2072398645622462
-      Virtual Size: '0x60'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=US, ST=California, L=San Jose, O=Super Micro Computer, Inc., OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=Software, CN=Super Micro
-        Computer, Inc.
-      ValidFrom: '2012-09-14 00:00:00'
-      ValidTo: '2015-11-13 23:59:59'
-      Signature: 47334026faeeba8c5d59d4971b4bfccff0fdf0a606adfb714c7ece1a3ddc350f198097d2ba6079ca9eabe64f03f7375b78366baa8ac1e9295c31d03b9fca004b8fb5f70d9c98b7905f4b151edc16ca82731498451fcc28f31665c1850d887f0ece1ef0fad9ffd0dd7b1515fa1e121e2575e6a31f25010f0306df2b81ddf291c9f17b3d582c0af97d219c007ec03b1a38a8794ab447b5cdb8637a8f6704124f9776eda3af121ab980a2525f0f09accea3213c6fa4d606d7e48580db97aee01a048ad3420d205b99b0023b59a4f8df1b3013e4e8bc496b73cd950e297202bd09a6c77011deecb43cbffb7038344e025dad84099324518c5a2deb3c6728b4346603
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3676642ba91b1d0bdf1d3ad0a6efaf4b
-      Version: 3
-      TBS:
-        MD5: bfcec1bbe031a317daa44e460285dd9a
-        SHA1: d13da09d7cbd0317a33467adf2b9f7a409b2f625
-        SHA256: e516875ff4800faea06f2ffa8041eb78e5842ebd01a390a7a2093b6bd02c8db8
-        SHA384: cbe90df0e08462d6b1b7d4b8ac012c0f70c6cbef2b538ede17dd32e0b0f615a604f43c1934fdc21200e63b19076dae8c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 3676642ba91b1d0bdf1d3ad0a6efaf4b
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 82b2288ac7f842e42de15c5bc96f1772
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create superbmc.sys binPath=C:\windows\temp\superbmc.sys type=kernel
+        && sc.exe start superbmc.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://github.com/eclypsium/Screwed-Drivers/blob/master/DRIVERS.md
-Tags:
-- superbmc.sys
-Verified: 'TRUE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/f8430bdc6fd01f42217d66d87a3ef6f66cb2700ebb39c4f25c8b851858cc4b35.yara
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 70f41d3749f4608b64902dd2c1f1e14f
+        SHA1: c6609cad7208669e4c34f71f682af1a6bcddc11f
+        SHA256: 9c4ffe4815b5755d2609be21ba53c9157e8f71137f06fe35044406b968b80320
+    Company: Super Micro Computer, Inc.
+    Copyright: Copyright(c) 1993-2015 Super Micro Computer, Inc.
+    CreationTimestamp: '2015-04-09 00:40:14'
+    Date: ''
+    Description: superbmc
+    ExportedFunctions: ''
+    FileVersion: 2.0.0.0
+    Filename: superbmc.sys
+    ImportedFunctions:
+    - KeClearEvent
+    - IoCreateNotificationEvent
+    - IoRegisterShutdownNotification
+    - PsCreateSystemThread
+    - IoDeleteDevice
+    - IoCreateSymbolicLink
+    - KeInitializeDpc
+    - KeInitializeTimer
+    - KeInitializeSemaphore
+    - IoCreateDevice
+    - RtlAppendUnicodeToString
+    - ExAllocatePool
+    - RtlInitUnicodeString
+    - IoDeleteSymbolicLink
+    - ZwClose
+    - IoUnregisterShutdownNotification
+    - ObfDereferenceObject
+    - KeWaitForSingleObject
+    - IoAllocateErrorLogEntry
+    - ObReferenceObjectByHandle
+    - IofCompleteRequest
+    - ExInterlockedInsertTailList
+    - ZwUnmapViewOfSection
+    - KeResetEvent
+    - ExInterlockedRemoveHeadList
+    - PsTerminateSystemThread
+    - KeSetPriorityThread
+    - KeSetTimer
+    - KeCancelTimer
+    - KeDelayExecutionThread
+    - ExSetTimerResolution
+    - KeInitializeEvent
+    - KeSetEvent
+    - ZwMapViewOfSection
+    - ZwOpenSection
+    - KeBugCheckEx
+    - KeReleaseSemaphore
+    - ExFreePoolWithTag
+    - HalTranslateBusAddress
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: superbmc
+    MD5: 3473faea65fba5d4fbe54c0898a3c044
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: superbmc.sys
+    Product: superbmc
+    ProductVersion: 2.0.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 4533edb4231f85470030cc48560fbf4e
+        SHA1: e50a65319cc8732a226b49c93308ed1f489931a0
+        SHA256: 4cbbd228329863067dc13b6666c97aefdf8729557144c4bce8d2e98fb21a19f6
+    SHA1: 910cb12aa49e9f35ecc4907e8304adf0dcca8cf1
+    SHA256: f8430bdc6fd01f42217d66d87a3ef6f66cb2700ebb39c4f25c8b851858cc4b35
+    Sections:
+        .text:
+            Entropy: 5.487182157930351
+            Virtual Size: '0x4819'
+        .rdata:
+            Entropy: 3.39401265864358
+            Virtual Size: '0x394'
+        .data:
+            Entropy: 3.1829276280491086
+            Virtual Size: '0x464'
+        .pdata:
+            Entropy: 4.156262780436007
+            Virtual Size: '0x33c'
+        INIT:
+            Entropy: 5.018419400835308
+            Virtual Size: '0x57e'
+        .rsrc:
+            Entropy: 3.2202435205340207
+            Virtual Size: '0x3a0'
+        .reloc:
+            Entropy: 1.2775827704053433
+            Virtual Size: '0x60'
+    Signature:
+    - Super Micro Computer, Inc.
+    - VeriSign Class 3 Code Signing 2010 CA
+    - VeriSign
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=US, ST=California, L=San Jose, O=Super Micro Computer, Inc.,
+                OU=Digital ID Class 3 , Microsoft Software Validation v2, OU=Software,
+                CN=Super Micro Computer, Inc.
+            ValidFrom: '2012-09-14 00:00:00'
+            ValidTo: '2015-11-13 23:59:59'
+            Signature: 47334026faeeba8c5d59d4971b4bfccff0fdf0a606adfb714c7ece1a3ddc350f198097d2ba6079ca9eabe64f03f7375b78366baa8ac1e9295c31d03b9fca004b8fb5f70d9c98b7905f4b151edc16ca82731498451fcc28f31665c1850d887f0ece1ef0fad9ffd0dd7b1515fa1e121e2575e6a31f25010f0306df2b81ddf291c9f17b3d582c0af97d219c007ec03b1a38a8794ab447b5cdb8637a8f6704124f9776eda3af121ab980a2525f0f09accea3213c6fa4d606d7e48580db97aee01a048ad3420d205b99b0023b59a4f8df1b3013e4e8bc496b73cd950e297202bd09a6c77011deecb43cbffb7038344e025dad84099324518c5a2deb3c6728b4346603
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3676642ba91b1d0bdf1d3ad0a6efaf4b
+            Version: 3
+            TBS:
+                MD5: bfcec1bbe031a317daa44e460285dd9a
+                SHA1: d13da09d7cbd0317a33467adf2b9f7a409b2f625
+                SHA256: e516875ff4800faea06f2ffa8041eb78e5842ebd01a390a7a2093b6bd02c8db8
+                SHA384: cbe90df0e08462d6b1b7d4b8ac012c0f70c6cbef2b538ede17dd32e0b0f615a604f43c1934fdc21200e63b19076dae8c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 3676642ba91b1d0bdf1d3ad0a6efaf4b
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 1a0d0d460994cfde55ee908d62330ee0
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 32ada4dc4fa6cc134e45f36dc5d43a8b
+        SHA1: cdc476003a1310aa02271260cc9eb7ba07ff60cb
+        SHA256: 2645298d84585fa987450aa11687b73739cbbc26abaa8125099cae5889beb211
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2012-12-12 20:06:10'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - ZwClose
+    - ExFreePoolWithTag
+    - IofCompleteRequest
+    - KeResetEvent
+    - IoRegisterShutdownNotification
+    - KeInitializeSemaphore
+    - IoCreateNotificationEvent
+    - ObReferenceObjectByHandle
+    - KeWaitForSingleObject
+    - KeSetPriorityThread
+    - KeSetTimer
+    - RtlInitUnicodeString
+    - KeReleaseSemaphore
+    - IoDeleteDevice
+    - ExInterlockedRemoveHeadList
+    - KeSetEvent
+    - IoCreateSymbolicLink
+    - IoDeleteSymbolicLink
+    - ObfDereferenceObject
+    - KeInitializeEvent
+    - IoCreateDevice
+    - KeInitializeDpc
+    - KeCancelTimer
+    - IoAllocateErrorLogEntry
+    - KeInitializeTimer
+    - KeDelayExecutionThread
+    - PsCreateSystemThread
+    - ZwUnmapViewOfSection
+    - KeClearEvent
+    - ExAllocatePool
+    - ExInterlockedInsertTailList
+    - IoUnregisterShutdownNotification
+    - ZwMapViewOfSection
+    - ZwOpenSection
+    - KeBugCheckEx
+    - RtlAppendUnicodeToString
+    - PsTerminateSystemThread
+    - HalTranslateBusAddress
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: 2927eac51c46944ab69ba81462fb9045
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 57d1203fb061b395c1b37c87a778cc34
+        SHA1: 0e9514575e15cf80a0efc5b7b1de1cd9ac81f92d
+        SHA256: 00bd2c4b4405933b0b31ca8f749011434e0426e32912b13c7dd1ea4da2a562b5
+    SHA1: 97f668aa01ebbbf2f5f93419d146e6608d203efd
+    SHA256: c9c60f560440ff16ad3c767ff5b7658d5bda61ea1166efe9b7f450447557136e
+    Sections:
+        .text:
+            Entropy: 6.316071250903913
+            Virtual Size: '0x2c0e'
+        .rdata:
+            Entropy: 4.658523155942707
+            Virtual Size: '0x388'
+        .data:
+            Entropy: 2.433081741758809
+            Virtual Size: '0x3e4'
+        .pdata:
+            Entropy: 3.902297721960736
+            Virtual Size: '0x144'
+        INIT:
+            Entropy: 5.007429340188308
+            Virtual Size: '0x58e'
+        .rsrc:
+            Entropy: 4.69027365899858
+            Virtual Size: '0x470'
+        .reloc:
+            Entropy: 1.2072398645622462
+            Virtual Size: '0x60'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-10-18 14:38:35'
+            ValidTo: '2022-05-20 14:38:35'
+            Signature: aa3e3f03412f35137f8c3f125c10cfee67557956600f01520f23877a412847e5d36672bb02cfc90c242941c2da2e99e02391efb133473cc2083a069573a21b0ebc3fb7e259f169bef0d3e1188f732de8a39c214040f3cd3ab7018ddc4d94b47a1005507f1b61c582158ae42c4ded3411eb5b6a8959c7def72c84c0b3bd3a98e145288a2195803fc90797f0ff42c11e4284e7b2c7e0a26a99d4f1d4c6fe57c0b93ae7f627700da9e07b4a1395c2c9b9ab6907d94dcc6647424a74a7a76db3a735e87e4baacebdbc939f7dc640a5fcaa1fa8d5d1f07e7fd2e34c56fd4064f0474c510430eaea942f24cae908c5785ba162c91d48879719fa4da578edec04790e36
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 023a64
+            Version: 3
+            TBS:
+                MD5: 1c4eabb6695c77091994554285e367d1
+                SHA1: 01ee4a5386a24a8b6805c4dfcbc5816c38583ce2
+                SHA256: e2ccfe68a71dc3bd439a8ba3934461748dacd7a9aaaa5358bed91a4e654829ad
+                SHA384: 23b294260204c6450aa7a05f438dea1c0974056755bbfc6e69760106e64a934b50b356d1ea2bdedf7562876cf8671c32
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2022-05-19 23:59:59'
+            Signature: 6300328d171f28dc0479c9271984b83668a7751918b24f49ac5d612b8632d00d4dbab57c5eb6d237e8ed5b882cd22961be1f50294a22f91786bd87215bd13c4dbf64c0ba2e9ba610a1f1c48453b08d58f28eaf1219771fadf7bebe812d8e827e70f83996336559a84f7f8b22c9187e5e64e2b9306d06b4b7118c66ba2c2644b98adcb18791b5dcbf14a1dc83a360af295e668a2b0ded9dd03905b9b86f1eb9ba71cc68deb2793a03d688e11d29b334e721d8a30f2b721a42b59e45fadfa72b9dd7f2cd1dc856122f8d9d4dce32c9266164d09a78e52f126a4a440224d85785327fcd598c6b733300a55eabc3f022c0cb08c3e0f7b8b80414ec4aef39f9cfca25
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 7e1fdf7299e8d245a15d0ba8e5b159ba
+            Version: 3
+            TBS:
+                MD5: e451247dadf3cdbd75735f81335ede9a
+                SHA1: 6488fdef17121c59aba8e4d9ee03fed253995625
+                SHA256: 0428cd5afa2e236b4e6d5b767f16d696c3232ad4dae5d5d31800d084937879c3
+                SHA384: 763791c9569bbd8d6c83b1af674b9cac806fca862283d7a0bda0f033de9c9ede9f1ea163251749f9faa7f3ba01662831
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=US, ST=California, L=San Jose, O=Super Micro Computer, Inc.,
+                OU=Digital ID Class 3 , Microsoft Software Validation v2, OU=Software,
+                CN=Super Micro Computer, Inc.
+            ValidFrom: '2012-09-14 00:00:00'
+            ValidTo: '2015-11-13 23:59:59'
+            Signature: 47334026faeeba8c5d59d4971b4bfccff0fdf0a606adfb714c7ece1a3ddc350f198097d2ba6079ca9eabe64f03f7375b78366baa8ac1e9295c31d03b9fca004b8fb5f70d9c98b7905f4b151edc16ca82731498451fcc28f31665c1850d887f0ece1ef0fad9ffd0dd7b1515fa1e121e2575e6a31f25010f0306df2b81ddf291c9f17b3d582c0af97d219c007ec03b1a38a8794ab447b5cdb8637a8f6704124f9776eda3af121ab980a2525f0f09accea3213c6fa4d606d7e48580db97aee01a048ad3420d205b99b0023b59a4f8df1b3013e4e8bc496b73cd950e297202bd09a6c77011deecb43cbffb7038344e025dad84099324518c5a2deb3c6728b4346603
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3676642ba91b1d0bdf1d3ad0a6efaf4b
+            Version: 3
+            TBS:
+                MD5: bfcec1bbe031a317daa44e460285dd9a
+                SHA1: d13da09d7cbd0317a33467adf2b9f7a409b2f625
+                SHA256: e516875ff4800faea06f2ffa8041eb78e5842ebd01a390a7a2093b6bd02c8db8
+                SHA384: cbe90df0e08462d6b1b7d4b8ac012c0f70c6cbef2b538ede17dd32e0b0f615a604f43c1934fdc21200e63b19076dae8c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 3676642ba91b1d0bdf1d3ad0a6efaf4b
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 82b2288ac7f842e42de15c5bc96f1772
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: b52b3e1cdc7a143d15e710dde8366772
+        SHA1: af3908c5dcb18e82a749ad06b82d2aec3c2542af
+        SHA256: 85c5e66f38152d17d5b580126b3348579263bbc8fd22e5417c0090fd75a330ac
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2013-10-11 00:46:02'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - IoCreateNotificationEvent
+    - ObReferenceObjectByHandle
+    - KeWaitForSingleObject
+    - KeSetPriorityThread
+    - KeSetTimer
+    - RtlInitUnicodeString
+    - KeReleaseSemaphore
+    - IoDeleteDevice
+    - ExInterlockedRemoveHeadList
+    - KeSetEvent
+    - IoCreateSymbolicLink
+    - RtlAppendUnicodeToString
+    - ObfDereferenceObject
+    - KeInitializeEvent
+    - IoCreateDevice
+    - KeInitializeDpc
+    - KeCancelTimer
+    - KeInitializeSemaphore
+    - KeInitializeTimer
+    - KeDelayExecutionThread
+    - PsCreateSystemThread
+    - ZwUnmapViewOfSection
+    - KeClearEvent
+    - ExAllocatePool
+    - ExInterlockedInsertTailList
+    - IoUnregisterShutdownNotification
+    - PsTerminateSystemThread
+    - IoDeleteSymbolicLink
+    - ZwClose
+    - ExFreePoolWithTag
+    - IofCompleteRequest
+    - KeResetEvent
+    - ZwMapViewOfSection
+    - ZwOpenSection
+    - KeBugCheckEx
+    - IoAllocateErrorLogEntry
+    - IoRegisterShutdownNotification
+    - HalTranslateBusAddress
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: aad4fb47cb39a9ab4159662a29e1ee88
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 57d1203fb061b395c1b37c87a778cc34
+        SHA1: 0e9514575e15cf80a0efc5b7b1de1cd9ac81f92d
+        SHA256: 00bd2c4b4405933b0b31ca8f749011434e0426e32912b13c7dd1ea4da2a562b5
+    SHA1: 0d9c77aca860a43cca87a0c00f69e2ab07ab0b67
+    SHA256: 1deae340bf619319adce00701de887f7434deab4d5547a1742aeedb5634d23c6
+    Sections:
+        .text:
+            Entropy: 6.318058729831537
+            Virtual Size: '0x2c2e'
+        .rdata:
+            Entropy: 4.6544751209575255
+            Virtual Size: '0x388'
+        .data:
+            Entropy: 2.4372400845801705
+            Virtual Size: '0x3e4'
+        .pdata:
+            Entropy: 3.8801950693103353
+            Virtual Size: '0x144'
+        INIT:
+            Entropy: 5.016944282347721
+            Virtual Size: '0x58e'
+        .rsrc:
+            Entropy: 4.69027365899858
+            Virtual Size: '0x470'
+        .reloc:
+            Entropy: 1.2072398645622462
+            Virtual Size: '0x60'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=US, ST=California, L=San Jose, O=Super Micro Computer, Inc.,
+                OU=Digital ID Class 3 , Microsoft Software Validation v2, OU=Software,
+                CN=Super Micro Computer, Inc.
+            ValidFrom: '2012-09-14 00:00:00'
+            ValidTo: '2015-11-13 23:59:59'
+            Signature: 47334026faeeba8c5d59d4971b4bfccff0fdf0a606adfb714c7ece1a3ddc350f198097d2ba6079ca9eabe64f03f7375b78366baa8ac1e9295c31d03b9fca004b8fb5f70d9c98b7905f4b151edc16ca82731498451fcc28f31665c1850d887f0ece1ef0fad9ffd0dd7b1515fa1e121e2575e6a31f25010f0306df2b81ddf291c9f17b3d582c0af97d219c007ec03b1a38a8794ab447b5cdb8637a8f6704124f9776eda3af121ab980a2525f0f09accea3213c6fa4d606d7e48580db97aee01a048ad3420d205b99b0023b59a4f8df1b3013e4e8bc496b73cd950e297202bd09a6c77011deecb43cbffb7038344e025dad84099324518c5a2deb3c6728b4346603
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3676642ba91b1d0bdf1d3ad0a6efaf4b
+            Version: 3
+            TBS:
+                MD5: bfcec1bbe031a317daa44e460285dd9a
+                SHA1: d13da09d7cbd0317a33467adf2b9f7a409b2f625
+                SHA256: e516875ff4800faea06f2ffa8041eb78e5842ebd01a390a7a2093b6bd02c8db8
+                SHA384: cbe90df0e08462d6b1b7d4b8ac012c0f70c6cbef2b538ede17dd32e0b0f615a604f43c1934fdc21200e63b19076dae8c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 3676642ba91b1d0bdf1d3ad0a6efaf4b
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: d57ef6278dcd7049063e8fb6ade9effc
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: b7b17ac0e2e7735c037a7cd45235d74c
+        SHA1: b73248a34fbab95c9d4a1cf944cdc69b3f5e4995
+        SHA256: 22afee6f0ec783d59ef4f5d6c189b78fa26302f0ed09670b7bbc9bae26bdb0e5
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2008-05-15 19:55:26'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - ZwClose
+    - ExFreePoolWithTag
+    - IofCompleteRequest
+    - KeResetEvent
+    - IoRegisterShutdownNotification
+    - KeInitializeSemaphore
+    - IoCreateNotificationEvent
+    - ObReferenceObjectByHandle
+    - KeWaitForSingleObject
+    - KeSetPriorityThread
+    - KeSetTimer
+    - RtlInitUnicodeString
+    - KeReleaseSemaphore
+    - IoDeleteDevice
+    - ExInterlockedRemoveHeadList
+    - KeSetEvent
+    - IoCreateSymbolicLink
+    - IoDeleteSymbolicLink
+    - ObfDereferenceObject
+    - KeInitializeEvent
+    - IoCreateDevice
+    - KeInitializeDpc
+    - KeCancelTimer
+    - IoAllocateErrorLogEntry
+    - KeInitializeTimer
+    - KeDelayExecutionThread
+    - PsCreateSystemThread
+    - ZwUnmapViewOfSection
+    - KeClearEvent
+    - ExAllocatePool
+    - ExInterlockedInsertTailList
+    - IoUnregisterShutdownNotification
+    - ZwMapViewOfSection
+    - ZwOpenSection
+    - KeBugCheckEx
+    - RtlAppendUnicodeToString
+    - PsTerminateSystemThread
+    - HalTranslateBusAddress
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: 7f258c0161e9edca8e7f85ac0dd68e46
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 57d1203fb061b395c1b37c87a778cc34
+        SHA1: 0e9514575e15cf80a0efc5b7b1de1cd9ac81f92d
+        SHA256: 00bd2c4b4405933b0b31ca8f749011434e0426e32912b13c7dd1ea4da2a562b5
+    SHA1: f544f25104fe997ec873f5cec64c7aa722263fb4
+    SHA256: 326b53365f8486c78608139cac84619eff90be361f7ade9db70f9867dd94dcc9
+    Sections:
+        .text:
+            Entropy: 6.316071250903913
+            Virtual Size: '0x2c0e'
+        .rdata:
+            Entropy: 4.544700132685404
+            Virtual Size: '0x368'
+        .data:
+            Entropy: 2.433081741758809
+            Virtual Size: '0x3e4'
+        .pdata:
+            Entropy: 3.9027988807554146
+            Virtual Size: '0x144'
+        INIT:
+            Entropy: 5.007429340188308
+            Virtual Size: '0x58e'
+        .rsrc:
+            Entropy: 4.69027365899858
+            Virtual Size: '0x470'
+        .reloc:
+            Entropy: 1.2072398645622462
+            Virtual Size: '0x60'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=US, ST=CA , L=San Jose, O=Super Micro Computer, Inc., OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, OU=Software, CN=Super
+                Micro Computer, Inc.
+            ValidFrom: '2006-11-15 00:00:00'
+            ValidTo: '2009-11-14 23:59:59'
+            Signature: 1da119d7411327fb22c335ae53a6e4c2704ee5bf58988116068207e4e0cdf94a52563e996f26e2fae4dccbd3af869c5d0c2e4ebd6a209da54351896094c8cf533d5e1b87d89169131bc1a75387e5c33c1c8263b41ca7ac737f6ff16219498240adb45cf98b5c98721eb825d3e5576da4aaaaae727c6678866a897b3cca6001fcdb7d4c5c94415689054e9a61a07c2f36c693a44792e205427a734f314eeb5ba2ceef795825c71608e5a8eaa6698a54cbbbe52a8e059994025c7445af46cd95f735a0f47f8e1195762a35dd83d83a89c1c8b16ce7e13d15813f70114b3ab06098242936ad44a79b87bc19997f47fdb98906856a986cdaf0f0230efbcf5087a0c9
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 71cf23fe52cfee3143d2febd6c5e4ac3
+            Version: 3
+            TBS:
+                MD5: 6fc92ffdf0d2d8c091642d7945a06567
+                SHA1: 2abfc7355234a18f5a4cc5a6187255cdbf7a4aef
+                SHA256: 585d6196e1730095df3dc57f94e8f7d95db97acf08ad8b55feaba987de350b9a
+                SHA384: 4498f386abf77c39abe69cf0bb54b1846226d347420e8eb2e10cdd11794cab714ead69a18545cc51b14a07739acfbebf
+        Signer:
+        -   SerialNumber: 71cf23fe52cfee3143d2febd6c5e4ac3
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    Imphash: 82b2288ac7f842e42de15c5bc96f1772
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 8a322bb64f9e21b12006f36e1a285ee0
+        SHA1: 93018a3b82781979dd4759dadf5a4ec91da86722
+        SHA256: 8cef918675dfaeb50cacd36b9c06871fd05e9ffea7addf98a396fae131abe30a
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2014-05-29 02:37:08'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - ZwUnmapViewOfSection
+    - KeClearEvent
+    - IoCreateNotificationEvent
+    - RtlInitUnicodeString
+    - KeSetTimer
+    - KeWaitForSingleObject
+    - KeCancelTimer
+    - KeDelayExecutionThread
+    - KeInitializeEvent
+    - KeInitializeSemaphore
+    - KeSetEvent
+    - ExFreePoolWithTag
+    - ExAllocatePool
+    - IoDeleteSymbolicLink
+    - RtlAppendUnicodeToString
+    - ZwClose
+    - IoUnregisterShutdownNotification
+    - ObfDereferenceObject
+    - KeResetEvent
+    - memset
+    - IoDeleteDevice
+    - ExfInterlockedRemoveHeadList
+    - PsTerminateSystemThread
+    - KeSetPriorityThread
+    - KeGetCurrentThread
+    - IoRegisterShutdownNotification
+    - PsCreateSystemThread
+    - IoCreateSymbolicLink
+    - KeInitializeDpc
+    - KeInitializeTimer
+    - IoCreateDevice
+    - IoAllocateErrorLogEntry
+    - memcpy
+    - ZwMapViewOfSection
+    - ZwOpenSection
+    - KeTickCount
+    - KeBugCheckEx
+    - ExfInterlockedInsertTailList
+    - KeReleaseSemaphore
+    - ObReferenceObjectByHandle
+    - IofCompleteRequest
+    - READ_PORT_UCHAR
+    - HalTranslateBusAddress
+    - WRITE_PORT_UCHAR
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: a7d3ebfb3843ee28d9ca18b496bd0eb2
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 6428a275bb8192c408ba688a29e2ed66
+        SHA1: 8ce684bf9022773d7d2239ab2514c89fa24592f5
+        SHA256: a569b20e2ca6ebc206e38ebec96f35f53627050818c1b4392ef6d06fef14244c
+    SHA1: 62fdb0b43c56530a6a0ba434037d131f236d1266
+    SHA256: a6f8aa3de5b4aea58eddd45807d722c864d4bc4a38ad573174af864e21f0d526
+    Sections:
+        .text:
+            Entropy: 6.3734265948595015
+            Virtual Size: '0x218a'
+        .rdata:
+            Entropy: 4.535433369726426
+            Virtual Size: '0x14e'
+        .data:
+            Entropy: 3.3171407310519254
+            Virtual Size: '0x280'
+        INIT:
+            Entropy: 5.49492687346738
+            Virtual Size: '0x540'
+        .rsrc:
+            Entropy: 4.689484401118087
+            Virtual Size: '0x470'
+        .reloc:
+            Entropy: 5.473713072817854
+            Virtual Size: '0x20a'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=US, ST=California, L=San Jose, O=Super Micro Computer, Inc.,
+                OU=Digital ID Class 3 , Microsoft Software Validation v2, OU=Software,
+                CN=Super Micro Computer, Inc.
+            ValidFrom: '2012-09-14 00:00:00'
+            ValidTo: '2015-11-13 23:59:59'
+            Signature: 47334026faeeba8c5d59d4971b4bfccff0fdf0a606adfb714c7ece1a3ddc350f198097d2ba6079ca9eabe64f03f7375b78366baa8ac1e9295c31d03b9fca004b8fb5f70d9c98b7905f4b151edc16ca82731498451fcc28f31665c1850d887f0ece1ef0fad9ffd0dd7b1515fa1e121e2575e6a31f25010f0306df2b81ddf291c9f17b3d582c0af97d219c007ec03b1a38a8794ab447b5cdb8637a8f6704124f9776eda3af121ab980a2525f0f09accea3213c6fa4d606d7e48580db97aee01a048ad3420d205b99b0023b59a4f8df1b3013e4e8bc496b73cd950e297202bd09a6c77011deecb43cbffb7038344e025dad84099324518c5a2deb3c6728b4346603
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3676642ba91b1d0bdf1d3ad0a6efaf4b
+            Version: 3
+            TBS:
+                MD5: bfcec1bbe031a317daa44e460285dd9a
+                SHA1: d13da09d7cbd0317a33467adf2b9f7a409b2f625
+                SHA256: e516875ff4800faea06f2ffa8041eb78e5842ebd01a390a7a2093b6bd02c8db8
+                SHA384: cbe90df0e08462d6b1b7d4b8ac012c0f70c6cbef2b538ede17dd32e0b0f615a604f43c1934fdc21200e63b19076dae8c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 3676642ba91b1d0bdf1d3ad0a6efaf4b
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 587191d77c08023e6e95463153e45463
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 80632eec54e223eadc6f1cccfabb2453
+        SHA1: 989bddc6b7076947277ab6eb7f002ab6731aaeae
+        SHA256: 5147b0f2ca9d0bde1f9fceb382c05f7fa9c333709d7bf081d6c00a4132d914af
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2015-03-05 01:19:45'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - ZwClose
+    - ExFreePoolWithTag
+    - IofCompleteRequest
+    - KeResetEvent
+    - IoRegisterShutdownNotification
+    - KeInitializeSemaphore
+    - IoCreateNotificationEvent
+    - ObReferenceObjectByHandle
+    - KeWaitForSingleObject
+    - KeSetPriorityThread
+    - KeSetTimer
+    - RtlInitUnicodeString
+    - KeReleaseSemaphore
+    - IoDeleteDevice
+    - ExInterlockedRemoveHeadList
+    - KeSetEvent
+    - IoCreateSymbolicLink
+    - IoDeleteSymbolicLink
+    - ObfDereferenceObject
+    - KeInitializeEvent
+    - IoCreateDevice
+    - KeInitializeDpc
+    - KeCancelTimer
+    - IoAllocateErrorLogEntry
+    - KeInitializeTimer
+    - KeDelayExecutionThread
+    - PsCreateSystemThread
+    - ZwUnmapViewOfSection
+    - KeClearEvent
+    - ExAllocatePool
+    - ExInterlockedInsertTailList
+    - IoUnregisterShutdownNotification
+    - ZwMapViewOfSection
+    - ZwOpenSection
+    - KeBugCheckEx
+    - RtlAppendUnicodeToString
+    - PsTerminateSystemThread
+    - HalTranslateBusAddress
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: 7e3a6f880486a4782b896e6dbd9cc26f
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 57d1203fb061b395c1b37c87a778cc34
+        SHA1: 0e9514575e15cf80a0efc5b7b1de1cd9ac81f92d
+        SHA256: 00bd2c4b4405933b0b31ca8f749011434e0426e32912b13c7dd1ea4da2a562b5
+    SHA1: 1d5d2c5853619c25518ba0c55fd7477050e708fb
+    SHA256: 1d804efc9a1a012e1f68288c0a2833b13d00eecd4a6e93258ba100aa07e3406f
+    Sections:
+        .text:
+            Entropy: 6.316071250903913
+            Virtual Size: '0x2c0e'
+        .rdata:
+            Entropy: 4.651185602086586
+            Virtual Size: '0x388'
+        .data:
+            Entropy: 2.433081741758809
+            Virtual Size: '0x3e4'
+        .pdata:
+            Entropy: 3.902297721960736
+            Virtual Size: '0x144'
+        INIT:
+            Entropy: 5.007429340188308
+            Virtual Size: '0x58e'
+        .rsrc:
+            Entropy: 4.69027365899858
+            Virtual Size: '0x470'
+        .reloc:
+            Entropy: 1.2072398645622462
+            Virtual Size: '0x60'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=US, ST=California, L=San Jose, O=Super Micro Computer, Inc.,
+                OU=Digital ID Class 3 , Microsoft Software Validation v2, OU=Software,
+                CN=Super Micro Computer, Inc.
+            ValidFrom: '2012-09-14 00:00:00'
+            ValidTo: '2015-11-13 23:59:59'
+            Signature: 47334026faeeba8c5d59d4971b4bfccff0fdf0a606adfb714c7ece1a3ddc350f198097d2ba6079ca9eabe64f03f7375b78366baa8ac1e9295c31d03b9fca004b8fb5f70d9c98b7905f4b151edc16ca82731498451fcc28f31665c1850d887f0ece1ef0fad9ffd0dd7b1515fa1e121e2575e6a31f25010f0306df2b81ddf291c9f17b3d582c0af97d219c007ec03b1a38a8794ab447b5cdb8637a8f6704124f9776eda3af121ab980a2525f0f09accea3213c6fa4d606d7e48580db97aee01a048ad3420d205b99b0023b59a4f8df1b3013e4e8bc496b73cd950e297202bd09a6c77011deecb43cbffb7038344e025dad84099324518c5a2deb3c6728b4346603
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3676642ba91b1d0bdf1d3ad0a6efaf4b
+            Version: 3
+            TBS:
+                MD5: bfcec1bbe031a317daa44e460285dd9a
+                SHA1: d13da09d7cbd0317a33467adf2b9f7a409b2f625
+                SHA256: e516875ff4800faea06f2ffa8041eb78e5842ebd01a390a7a2093b6bd02c8db8
+                SHA384: cbe90df0e08462d6b1b7d4b8ac012c0f70c6cbef2b538ede17dd32e0b0f615a604f43c1934fdc21200e63b19076dae8c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 3676642ba91b1d0bdf1d3ad0a6efaf4b
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 82b2288ac7f842e42de15c5bc96f1772
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/90afa27c-0f67-46a6-b4a9-809f55157c71.yaml b/yaml/90afa27c-0f67-46a6-b4a9-809f55157c71.yaml
index 05de6a478..821fcac05 100644
--- a/yaml/90afa27c-0f67-46a6-b4a9-809f55157c71.yaml
+++ b/yaml/90afa27c-0f67-46a6-b4a9-809f55157c71.yaml
@@ -1,852 +1,858 @@
 Id: 90afa27c-0f67-46a6-b4a9-809f55157c71
+Tags:
+- nscm.sys
+Verified: 'TRUE'
 Author: Nasreddine Bencherchali
 Created: '2023-05-06'
 MitreID: T1068
 Category: vulnerable driver
-Verified: 'TRUE'
 Commands:
-  Command: sc.exe create nscm.sys binPath=C:\windows\temp\nscm.sys type=kernel &&
-    sc.exe start nscm.sys
-  Description: ''
-  Usecase: Elevate privileges
-  Privileges: kernel
-  OperatingSystem: Windows 10
+    Command: sc.exe create nscm.sys binPath=C:\windows\temp\nscm.sys type=kernel &&
+        sc.exe start nscm.sys
+    Description: ''
+    Usecase: Elevate privileges
+    Privileges: kernel
+    OperatingSystem: Windows 10
 Resources:
 - Internal Research
-Acknowledgement:
-  Person: ''
-  Handle: ''
 Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Person: ''
+    Handle: ''
 KnownVulnerableSamples:
-- Filename: nscm.sys
-  MD5: ba2c0fa201c74621cddd8638497b3c70
-  SHA1: 8f540936f2484d020e270e41529624407b7e107e
-  SHA256: 28999af32b55ddb7dcfc26376a244aa2fe297233ce7abe4919a1aef2f7e2cee7
-  Authentihash:
-    MD5: 3a5b83215c9ea17f8d3ad3812c30a340
-    SHA1: 533e0690528ff3f0d59edeed9dd53b4f37c0a110
-    SHA256: 1622ac0c618a86be17e0f97daa061f9aaa0e721dc0fd30d76bbc5c958e9a9d92
-  Description: Novell XTier Session Manager
-  Company: Novell, Inc.
-  InternalName: ''
-  OriginalFilename: nscm.sys
-  FileVersion: 3.1.6.0
-  Product: Novell XTier
-  ProductVersion: 3.1.6
-  Copyright: (C) Copyright 2000-2008, Novell, Inc. All Rights Reserved.
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - nicm.sys
-  ExportedFunctions:
-  - DllGetClassObject
-  - XTCOM_Table
-  ImportedFunctions:
-  - IoCreateDevice
-  - SeUnregisterLogonSessionTerminatedRoutine
-  - KeInitializeMutex
-  - IoDeleteDevice
-  - SeRegisterLogonSessionTerminatedRoutine
-  - ZwOpenProcessTokenEx
-  - KeReleaseMutex
-  - ZwClose
-  - SeMarkLogonSessionForTerminationNotification
-  - ZwQueryInformationToken
-  - ZwOpenThreadTokenEx
-  - KeBugCheckEx
-  - KeWaitForSingleObject
-  - IoGetCurrentProcess
-  - DbgPrint
-  - NicmCreateInstance
-  - NicmDeregisterClassFactory
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, OU=Novell Products Group, CN=Novell, Inc.
-      ValidFrom: '2007-04-04 00:00:00'
-      ValidTo: '2010-04-27 23:59:59'
-      Signature: 267f71f6ee43755fd6395f85c34bb15a72a6f2a959c2074627d294395fb1aaa4c7bbeff369d735628b233bde7e5c95a0f1837e5ad03704270834ce9c1b07649a256027930f44e064568666b06e7f9dc3cd299b38b0a6766301200ab58434a05a34a369ab99bbbf2aaa6b3603481e0393a80ea09e78a7cf55317a9590c49887f02e1fd948c3b1f6d203e91782ce423d0569f45e7f074205df5f92be6ccd9836641439af4390022242e0ca84aedb0d71c5a50f2dbd1ed30e5ac9c1bda67c694f94f2fe4aa83945ed32e426afe26f44dcb6dcc8186728f86f1a1bddc1ea7dd82b76578a42d1e63bf5f8f348fbcd509094858978e375d277394529df1dd5d78abab2
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 4808d93b14b8600dbfa18dab5d15310f
-      Version: 3
-      TBS:
-        MD5: adddb65a3a360b3c1a55cb33e426f32a
-        SHA1: 93d9b282265288a94ee4f1a01c5fb3a08badb7ac
-        SHA256: d98d63f26125a94eb767fdd2526f6c74bfb40cb4d117a1d87ca3ed0d99bd6f0b
-        SHA384: cf20d9d6343b52b05ebaeace8a75ad950089e2d55508571cf5b153583fdf2d7b11bc61b8f38bfa70f09b2e7ac63d9ef5
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 4808d93b14b8600dbfa18dab5d15310f
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 4a07178c85358a7450e421019955ccee
-    SHA1: 0e0b4edfb21b1a41b2f00f341bc1c6de6a650546
-    SHA256: dd7717af9d41e7c2d7c773f3e063d396ad8676b3d940732451acc1fc28ec9989
-  Sections:
-    .text:
-      Entropy: 5.981323117886685
-      Virtual Size: '0x4a25'
-    .rdata:
-      Entropy: 5.681127753509768
-      Virtual Size: '0x480'
-    .data:
-      Entropy: 0.8264834692004682
-      Virtual Size: '0x548'
-    .pdata:
-      Entropy: 4.218145333940637
-      Virtual Size: '0x3c0'
-    .edata:
-      Entropy: 3.983850316580165
-      Virtual Size: '0x63'
-    INIT:
-      Entropy: 5.26537545088398
-      Virtual Size: '0x360'
-    .rsrc:
-      Entropy: 3.289150653685818
-      Virtual Size: '0x350'
-    .reloc:
-      Entropy: 1.2454265871243133
-      Virtual Size: '0x3c'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2009-03-27 11:56:49'
-  Imphash: 7d004bbe0f546a91c93562d324307fa7
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: nscm.sys
-  MD5: 4c76554d9a72653c6156ca0024d21a8e
-  SHA1: 6d3c760251d6e6ea7ff4f4fcac14876fac829cf9
-  SHA256: 2e665962c827ce0adbd29fe6bcf09bbb1d7a7022075d162ff9b65d0af9794ac0
-  Authentihash:
-    MD5: b546d6b223a9e1a42f8359dbf9d9737c
-    SHA1: 41f6704252efa14de0d72eeaf7475886ba7f3bdc
-    SHA256: 92ca1aec3afc90b44861c2e0be084a3db38d22d52f35e1697643d6477151392f
-  Description: Novell XTier Session Manager
-  Company: Novell, Inc.
-  InternalName: ''
-  OriginalFilename: nscm.sys
-  FileVersion: 3.1.11.0
-  Product: Novell XTier
-  ProductVersion: 3.1.11
-  Copyright: (C) Copyright 2000-2013, Novell, Inc. All Rights Reserved.
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - nicm.sys
-  ExportedFunctions:
-  - DllGetClassObject
-  - XTCOM_Table
-  ImportedFunctions:
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - KeInitializeMutex
-  - IoQueueWorkItemEx
-  - IoDeleteDevice
-  - IoFreeWorkItem
-  - RtlEqualUnicodeString
-  - ZwOpenProcessTokenEx
-  - IoAllocateWorkItem
-  - ZwClose
-  - ZwOpenProcess
-  - DbgPrint
-  - PsGetCurrentProcessId
-  - IoCreateDevice
-  - ZwQueryInformationToken
-  - PsSetCreateProcessNotifyRoutine
-  - SeRegisterLogonSessionTerminatedRoutine
-  - SeUnregisterLogonSessionTerminatedRoutine
-  - ZwOpenThreadTokenEx
-  - IoGetCurrentProcess
-  - SeMarkLogonSessionForTerminationNotification
-  - KeBugCheckEx
-  - KeWaitForSingleObject
-  - ZwQueryInformationProcess
-  - KeReleaseMutex
-  - NicmCreateInstance
-  - NicmDeregisterClassFactory
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Publisher
-      ValidFrom: '2022-01-27 19:31:19'
-      ValidTo: '2023-01-26 19:31:19'
-      Signature: 941777115fcaf24c60c4a8c891758c491887aa5e9f0902a704191e75dd6f99be3d14a24aa35b1f2a1c1c42dde08da3fa75a73edbf7b5ae0fe94b3716e43b838ff30149e19c51b8b87cc53377ae08bfc0f54c7fafa398db43e839de108493510bc34d0fe998a44fcd0a11b0dc0c7315421dac79ab09ca47f847f9fa88e15d57a564f7b074664409c0ce01c697b2dcfd31676fc908fbc6bb928f82170f0b5a54f52f4327797278b78188b87e37b192b493d00eaf661e30f12b9e67fbd1df9cc5843e6a1c68b45d4f62423450cdc990fab2367d7f57719cb8272f59d4f300284a36d88adfc976cb08c6b0da33d5e988be0e1a3cef2a9669b5227a5b8d027f804908
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 330000036ce57eeb5d1cc2be1700000000036c
-      Version: 3
-      TBS:
-        MD5: 7ece739fdaa27d96b67f587db04186a7
-        SHA1: b8701efa0ab12b8fea2293c9cff8772ecca084d0
-        SHA256: c1392bdcbb0b50215fca8c78f25c2d857e515dce06c87ce86527c88c91d5d7e4
-        SHA384: 8d292e8db16824f3ac9d668816c4cf521a9eb251069694c92932683afcaa4e53d5fa3a1f58356749e655299ed83fe191
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Production PCA 2011
-      ValidFrom: '2011-10-19 18:41:42'
-      ValidTo: '2026-10-19 18:51:42'
-      Signature: 14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: '61077656000000000008'
-      Version: 3
-      TBS:
-        MD5: 30a3f0b64324ed7f465e7fc618cb69e7
-        SHA1: 002de3561519b662c5e3f5faba1b92c403fb7c41
-        SHA256: 4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146
-        SHA384: 4f9a02c3eac5e83c38074d54c0bf270e03a1d668e0001c9812c509eb08a19075ee778a7630e65598e4608fc66e2d1c66
-    Signer:
-    - SerialNumber: 330000036ce57eeb5d1cc2be1700000000036c
-      Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Production PCA 2011
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 0d646b28e804b652211b8f3e0feac906
-    SHA1: 1169ececb349b1d1a50626a2565e85cc6e9049ea
-    SHA256: 097828b6f5705aca00605777868f774f37fd5ecf705e958c6dbdb860c4934be4
-  Sections:
-    .text:
-      Entropy: 5.9944111351941185
-      Virtual Size: '0x5736'
-    .rdata:
-      Entropy: 5.542492779395016
-      Virtual Size: '0x570'
-    .data:
-      Entropy: 1.445115035315444
-      Virtual Size: '0x5a8'
-    .pdata:
-      Entropy: 4.268472946152158
-      Virtual Size: '0x42c'
-    .edata:
-      Entropy: 3.9636482963781448
-      Virtual Size: '0x63'
-    INIT:
-      Entropy: 5.429528792402954
-      Virtual Size: '0x4b6'
-    .rsrc:
-      Entropy: 6.472426446171854
-      Virtual Size: '0x14a24'
-    .reloc:
-      Entropy: 5.039009418592025
-      Virtual Size: '0x48'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2013-01-15 23:24:57'
-  Imphash: 8b7e7c20da6ca9ac4bdb3927fe2b266a
-  LoadsDespiteHVCI: 'TRUE'
-- Filename: nscm.sys
-  MD5: 5f4a232d92480a1bebbe025ef64dc760
-  SHA1: 0cb14c1049c0e81c8655ab7ee7d698c11758ea06
-  SHA256: 5351c81b4ec5a0d79c39d24bac7600d10eac30c13546fde43d23636b3f421e7c
-  Authentihash:
-    MD5: 5d62cae57be434a4d56924574498c4f2
-    SHA1: 1a99d3141d75a3ef1998944b2d107089ce3ef6e4
-    SHA256: a363deaf1790e9c0610e07a7203749aab8b60f5ededc944abc0ef3010f5e2105
-  Description: XTier Security Context Manager
-  Company: Micro Focus
-  InternalName: ''
-  OriginalFilename: nscm.sys
-  FileVersion: 3.1.12.0
-  Product: Micro Focus XTier
-  ProductVersion: 3.1.12
-  Copyright: (C) Copyright 2000-2017, Micro Focus. All Rights Reserved.
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - nicm.sys
-  ExportedFunctions:
-  - DllGetClassObject
-  - XTCOM_Table
-  ImportedFunctions:
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - KeInitializeMutex
-  - PsLookupProcessByProcessId
-  - IoDeleteDevice
-  - RtlEqualUnicodeString
-  - ZwOpenProcessTokenEx
-  - _vsnwprintf
-  - ZwClose
-  - ZwOpenProcess
-  - ZwQueryInformationProcess
-  - DbgPrint
-  - IoCreateDevice
-  - ZwQueryInformationToken
-  - RtlDeleteRegistryValue
-  - PsSetCreateProcessNotifyRoutine
-  - SeRegisterLogonSessionTerminatedRoutine
-  - SeUnregisterLogonSessionTerminatedRoutine
-  - ZwOpenThreadTokenEx
-  - IoGetCurrentProcess
-  - SeMarkLogonSessionForTerminationNotification
-  - PsGetCurrentProcessId
-  - KeBugCheckEx
-  - KeWaitForSingleObject
-  - ObfDereferenceObject
-  - KeReleaseMutex
-  - NicmCreateInstance
-  - NicmDeregisterClassFactory
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Hardware Compatibility Publisher
-      ValidFrom: '2021-09-09 19:15:59'
-      ValidTo: '2022-09-01 19:15:59'
-      Signature: 1757782e797188079911866d54bd474a2432707984658c549a407e7fb4e5efa2ba72367a02b382d2116d4c4538836ddcd4616fcd231229df1ae5d0da6b3abe499ee5d8b47a7919940f6bbcbe2575018dca65eef4913e3d38410f2cd6cca3082d9ba2c061173cd828635665f76e8f0f685e03da24290b9d2cae7039da974de7b7e85798ba64cbe9ba34e0308c3bd6b4d68e9723fde74274fd3806fe799d04d6a3835f82d4fefc52088ccda4b4c817116f2f5a99445a3e952d78bc27753e65e97c6271c71ac7c9e3439b847e8984ab06a5904d150223f9ca92bbda86c02663c3f4964da5e106619b6eaff2768143cce9e5a8b0b2cba90e82cd87866d9fd6499c6cfbc96529a18b5653d12b54a6c928693a4e3d197ffbfcce7ed71a909b18d09b4345b24bc25eb8dfa1821a9cd0971ffc7d38a26580e2f118c4ac55bf926d0666b72ad7ba6ec20f0b54d694bc3b8a0dbddda27bd64194da085319841d1ebc9dc067ef72ea064a475bea865828b13077bc8e14e2f7544b90f0045f3cd84bcc0d5a80645a6fb65528e4f768ec775bdb0225399f3c81c0b667714676d0949f9ffaddc8549dc45e5ce4345c4ea7dc0aff4ac510f5527ad94a2181edc4b73bcfde813a83d81ca897854c98712346001a12e5d3bf9a45c807f9b3c7d3e0bb99c035ea54ee39e2c9af4147dbea7aabec85b47192b945e083ddf6061afb901e83b11135d24e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 330000004de597a775e3157f7b00000000004d
-      Version: 3
-      TBS:
-        MD5: 9f0782e89bd41cdd96ec55357457478a
-        SHA1: 35c2180572baad19019acca1334e6c653699c389
-        SHA256: 50814710213afec410f26e573d25267a2e21d3d15f158be8a43a666c9cc6fa08
-        SHA384: 8d48f066b0284071d64bbc556e018824a8388ccd142a56c7b7b04ef6d27cade07da57ac82d8067e18ad64d35af11e2a7
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2014
-      ValidFrom: '2014-10-15 20:31:27'
-      ValidTo: '2029-10-15 20:41:27'
-      Signature: 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 330000000d690d5d7893d076df00000000000d
-      Version: 3
-      TBS:
-        MD5: 83f69422963f11c3c340b81712eef319
-        SHA1: 0c5e5f24590b53bc291e28583acb78e5adc95601
-        SHA256: d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
-        SHA384: 260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63
-    Signer:
-    - SerialNumber: 330000004de597a775e3157f7b00000000004d
-      Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2014
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 827395be6a60ed22c16a6eeea1843d8a
-    SHA1: 61171f78fedd9cc13cfa2fad18219d2aaf9ab83f
-    SHA256: d9b5607af39de0f2fc8d411d18fc86f6a1394c2b512b8876caef597f9c56dcad
-  Sections:
-    .text:
-      Entropy: 6.0164645838764494
-      Virtual Size: '0x5a66'
-    .rdata:
-      Entropy: 5.545815315316552
-      Virtual Size: '0x590'
-    .data:
-      Entropy: 1.445115035315444
-      Virtual Size: '0x5a8'
-    .pdata:
-      Entropy: 4.277709228070346
-      Virtual Size: '0x450'
-    .edata:
-      Entropy: 3.956023170093665
-      Virtual Size: '0x63'
-    INIT:
-      Entropy: 5.349379600291399
-      Virtual Size: '0x4e0'
-    .rsrc:
-      Entropy: 3.2835150258002495
-      Virtual Size: '0x360'
-    .reloc:
-      Entropy: 1.2355823247516717
-      Virtual Size: '0x48'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2022-03-03 03:52:58'
-  Imphash: 01aa65221a48929f0a34a27c4e3011b1
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: nscm.sys
-  MD5: f56f30ac68c35dd4680054cdfd8f3f00
-  SHA1: fce3a95b222c810c56e7ed5a3d7fb059eb693682
-  SHA256: 8e88cb80328c3dbaa2752591692e74a2fae7e146d7d8aabc9b9ac9a6fe561e6c
-  Authentihash:
-    MD5: 3050ced748b80cc81892435fd0868bfc
-    SHA1: 579e23f2b6ce2221ba435abc20801e98ab91a360
-    SHA256: 34f36a59ecf6174eeac15994e54c41fe1e3e3b1eee8ed4c399ec8c63212373d7
-  Description: Novell XTier Session Manager
-  Company: Novell, Inc.
-  InternalName: ''
-  OriginalFilename: nscm.sys
-  FileVersion: 3.1.6.0
-  Product: Novell XTier
-  ProductVersion: 3.1.6
-  Copyright: (C) Copyright 2000-2011, Novell, Inc. All Rights Reserved.
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - nicm.sys
-  ExportedFunctions:
-  - DllGetClassObject
-  - XTCOM_Table
-  ImportedFunctions:
-  - IoCreateDevice
-  - SeUnregisterLogonSessionTerminatedRoutine
-  - KeInitializeMutex
-  - IoDeleteDevice
-  - SeRegisterLogonSessionTerminatedRoutine
-  - SeMarkLogonSessionForTerminationNotification
-  - KeReleaseMutex
-  - ZwOpenThreadTokenEx
-  - ZwOpenProcessTokenEx
-  - IoGetCurrentProcess
-  - ZwClose
-  - KeBugCheckEx
-  - KeWaitForSingleObject
-  - ZwQueryInformationToken
-  - DbgPrint
-  - NicmCreateInstance
-  - NicmDeregisterClassFactory
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, OU=Novell Products Group, CN=Novell, Inc.
-      ValidFrom: '2010-04-03 00:00:00'
-      ValidTo: '2013-04-26 23:59:59'
-      Signature: 2d2eec4636a0c1f359ef30a107e6c2301ad12c09ab9fdac02211aaef81323d1daee3a14a150bf9f4c7d0d788d5f486ea75e40abeb502a2267171be53030fe7614af7a2015eabd4c26e887ec9220beb3666fc68158d2b8dd659e3fe55245821c10e37ddeebac63eb1848512c64a543a13ba6735b156c6dc13395890e8003e03e7c2613e2c1de1dfadfe072cd7655e3b4166fe973233b4f81ecf810541382d67c92f29d76e220543a7179b606011b932cee250f99f260b29e79236cec10b67e0e0e48cb74593a7ce2e3cfafb6c58ac7ae5c10a591037c380b5f7516cac8f4ec695b020ca2445cb9bf97eb56c09d4a62618871b482ef97c5894349e10f62e2ee68b
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 41ec87c0295f2c734169b8a23c66ac9a
-      Version: 3
-      TBS:
-        MD5: b1504f143b89a6080710bafcededb833
-        SHA1: 5c2696893ebba1e81d918a4fadda143c25c77286
-        SHA256: ae1dc09d08e93ace95fe203adfbfadcd4c029529d3f99ab381c368064b58d9a0
-        SHA384: 18c6db711578cfcd4bce87c63d053e242c7c196efc892c2d4a8733cb75bb7dc3cac3f702e0e1d4b7fa2c590acb53fdee
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 41ec87c0295f2c734169b8a23c66ac9a
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 4a07178c85358a7450e421019955ccee
-    SHA1: 0e0b4edfb21b1a41b2f00f341bc1c6de6a650546
-    SHA256: dd7717af9d41e7c2d7c773f3e063d396ad8676b3d940732451acc1fc28ec9989
-  Sections:
-    .text:
-      Entropy: 5.98589698052852
-      Virtual Size: '0x4c15'
-    .rdata:
-      Entropy: 5.645994240527473
-      Virtual Size: '0x4b8'
-    .data:
-      Entropy: 0.8264834692004682
-      Virtual Size: '0x568'
-    .pdata:
-      Entropy: 4.238276468304064
-      Virtual Size: '0x3d8'
-    .edata:
-      Entropy: 3.956023170093665
-      Virtual Size: '0x63'
-    INIT:
-      Entropy: 5.259964214601351
-      Virtual Size: '0x360'
-    .rsrc:
-      Entropy: 3.287931080812757
-      Virtual Size: '0x350'
-    .reloc:
-      Entropy: 1.2454265871243133
-      Virtual Size: '0x3c'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2011-04-01 19:18:14'
-  Imphash: b8d0a36d2b14d79dfa08fb2e121f0920
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: nscm.sys
-  MD5: a1547e8b2ca0516d0d9191a55b8536c0
-  SHA1: 7cd4aea9c1f82111bf7f9d4934be95e9bb6f8ae0
-  SHA256: ce23c2dae4cca4771ea50ec737093dfafac06c64db0f924a1ccbbf687e33f5a2
-  Authentihash:
-    MD5: 7e245f8b1d1bddfd217d1cd060b91657
-    SHA1: 8c89db8dd4d7947cb5eb13c7a12907564576cb91
-    SHA256: 00dfeab446afecac7b44b0b1680d5ca7d421eda243e16db8c08706bb593a8391
-  Description: Novell XTier Session Manager
-  Company: Novell, Inc.
-  InternalName: ''
-  OriginalFilename: nscm.sys
-  FileVersion: 3.1.6.0
-  Product: Novell XTier
-  ProductVersion: 3.1.6
-  Copyright: (C) Copyright 2000-2008, Novell, Inc. All Rights Reserved.
-  MachineType: I386
-  Imports:
-  - ntoskrnl.exe
-  - nicm.sys
-  ExportedFunctions:
-  - DllGetClassObject
-  - XTCOM_Table
-  ImportedFunctions:
-  - IoDeleteDevice
-  - SeUnregisterLogonSessionTerminatedRoutine
-  - SeRegisterLogonSessionTerminatedRoutine
-  - KeInitializeMutex
-  - IoCreateDevice
-  - ZwClose
-  - KeWaitForSingleObject
-  - ZwOpenProcessTokenEx
-  - ZwOpenThreadTokenEx
-  - IoGetCurrentProcess
-  - SeMarkLogonSessionForTerminationNotification
-  - KeTickCount
-  - DbgPrint
-  - ZwQueryInformationToken
-  - KeReleaseMutex
-  - NicmCreateInstance
-  - NicmDeregisterClassFactory
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, OU=Novell Products Group, CN=Novell, Inc.
-      ValidFrom: '2007-04-04 00:00:00'
-      ValidTo: '2010-04-27 23:59:59'
-      Signature: 267f71f6ee43755fd6395f85c34bb15a72a6f2a959c2074627d294395fb1aaa4c7bbeff369d735628b233bde7e5c95a0f1837e5ad03704270834ce9c1b07649a256027930f44e064568666b06e7f9dc3cd299b38b0a6766301200ab58434a05a34a369ab99bbbf2aaa6b3603481e0393a80ea09e78a7cf55317a9590c49887f02e1fd948c3b1f6d203e91782ce423d0569f45e7f074205df5f92be6ccd9836641439af4390022242e0ca84aedb0d71c5a50f2dbd1ed30e5ac9c1bda67c694f94f2fe4aa83945ed32e426afe26f44dcb6dcc8186728f86f1a1bddc1ea7dd82b76578a42d1e63bf5f8f348fbcd509094858978e375d277394529df1dd5d78abab2
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 4808d93b14b8600dbfa18dab5d15310f
-      Version: 3
-      TBS:
-        MD5: adddb65a3a360b3c1a55cb33e426f32a
-        SHA1: 93d9b282265288a94ee4f1a01c5fb3a08badb7ac
-        SHA256: d98d63f26125a94eb767fdd2526f6c74bfb40cb4d117a1d87ca3ed0d99bd6f0b
-        SHA384: cf20d9d6343b52b05ebaeace8a75ad950089e2d55508571cf5b153583fdf2d7b11bc61b8f38bfa70f09b2e7ac63d9ef5
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 4808d93b14b8600dbfa18dab5d15310f
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: e92edbb3d49ed0e7c3de680c901221a8
-    SHA1: 17f6d8284edd12372405ea1e0edb59249d6d2a02
-    SHA256: 94fef4d39e3ffb29a749b7b8511c7ce76b9f824cb724eeef2529476a7b9af465
-  Sections:
-    .text:
-      Entropy: 6.133436661587974
-      Virtual Size: '0x337b'
-    .rdata:
-      Entropy: 5.95443123338063
-      Virtual Size: '0x2cc'
-    .data:
-      Entropy: 0.6992933847552781
-      Virtual Size: '0x294'
-    .edata:
-      Entropy: 3.88787733918592
-      Virtual Size: '0x63'
-    INIT:
-      Entropy: 5.407607088870612
-      Virtual Size: '0x2d6'
-    .rsrc:
-      Entropy: 3.289150653685818
-      Virtual Size: '0x350'
-    .reloc:
-      Entropy: 6.220983522762253
-      Virtual Size: '0x4f2'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2009-03-27 11:52:17'
-  Imphash: 65181bc89a1c2b5854548236269846c1
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: nscm.sys
-  MD5: bd5d4d07ae09e9f418d6b4ac6d9f2ed5
-  SHA1: d61acd857242185a56e101642d15b9b5f0558c26
-  SHA256: fb81b5f8bf69637dbdf050181499088a67d24577587bc520de94b5ee8996240f
-  Authentihash:
-    MD5: 32265ccdfe3d7f66269cbee0d5555e5b
-    SHA1: 72e5f5f6f266410d827fef10dc82c7ec8541e036
-    SHA256: 253ed7f5c7115e957dfdb1f5c6c51592b491a70b27787903c8fd848e45b9cf22
-  Description: Novell XTier Session Manager
-  Company: Novell, Inc.
-  InternalName: ''
-  OriginalFilename: nscm.sys
-  FileVersion: 3.1.11.0
-  Product: Novell XTier
-  ProductVersion: 3.1.11
-  Copyright: (C) Copyright 2000-2013, Novell, Inc. All Rights Reserved.
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - nicm.sys
-  ExportedFunctions:
-  - DllGetClassObject
-  - XTCOM_Table
-  ImportedFunctions:
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - KeInitializeMutex
-  - IoQueueWorkItemEx
-  - IoDeleteDevice
-  - IoFreeWorkItem
-  - RtlEqualUnicodeString
-  - ZwOpenProcessTokenEx
-  - IoAllocateWorkItem
-  - ZwClose
-  - ZwOpenProcess
-  - DbgPrint
-  - PsGetCurrentProcessId
-  - IoCreateDevice
-  - ZwQueryInformationToken
-  - PsSetCreateProcessNotifyRoutine
-  - SeRegisterLogonSessionTerminatedRoutine
-  - SeUnregisterLogonSessionTerminatedRoutine
-  - ZwOpenThreadTokenEx
-  - IoGetCurrentProcess
-  - SeMarkLogonSessionForTerminationNotification
-  - KeBugCheckEx
-  - KeWaitForSingleObject
-  - ZwQueryInformationProcess
-  - KeReleaseMutex
-  - NicmCreateInstance
-  - NicmDeregisterClassFactory
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Corporation
-      ValidFrom: '2021-09-02 18:32:59'
-      ValidTo: '2022-09-01 18:32:59'
-      Signature: 164937b92c644c4061d4db4097b062bc812c0167605f5a99f847593186d029ab18e888522d744cc45d41dce29d47d2bf91c72992f35c1a5f03ed8c984b89a109430147e54bae0ddff0f523dfc03d5796a2636fc9a24ed66453809a33d134d1a7c9e83b974953893845a84fb668eb3afa179e82a01d7a51a03492911cb591ba118ab8b230e65920c7d2b2f90bd9ae7fc3762f2e4c88162a9f8c186f3163a3c1bef8e0b7d8d04a19673eb677518f01bf0cbaaf29e15c1695d15d134cbd20131ede87f2b5a3c3226abbbab3fec5caa38b7944b8bd31e1f538012f90edc4262ead76d2055b4bd458f8e3e39dffa7260bd9a6bebb62c86ef4f58dd177761d263d9fdc626aed8eca756ab441885ab4a8417a0e1fc63860d32badda0e9a3359b18cd3eb138f33e87582346bbd80c2b966e765751c386b8e59d3a02892da1fd02a8ec9312bbead188e81385e96b4fbced3fcf5545cda9fed8faa494efef4bb4b42e318478c377123e3b8dbacbcb7fd8019dc87946a33b91a0ed6160e02f2078d847ecc5e32ac0a5b003e4d58b41eb591a9f4b1da895b139ea125c1243233922b3dec46eba91425f752ba3261fe762feda2553add6bc5d67ac3c6eb63279f74fc02e2dfcde245b806df392111c7b20564ef7650fa17135b848cbe6c925d724d907732e6e0380e05f0aa11361be21401124fe9c6f1cf2e22c6d979bd3c49e61032a8d51269
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 33000002528b33aaf895f339db000000000252
-      Version: 3
-      TBS:
-        MD5: 92b6022918bc02eb361b8a02fb1da57d
-        SHA1: 8ceb945fac0f6d623d464e21740ae6eb60351652
-        SHA256: c1446860a1cd9db490d3ea85e9df05df44af8d44e2bb803a2a2018f3b6c41bcb
-        SHA384: 322ed1a62a9f2ed7c7f601e99a8db15371e3ba1039a73c81801165ea987679023bc36f8c357f74354dce65532b71be3c
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Code Signing PCA 2011
-      ValidFrom: '2011-07-08 20:59:09'
-      ValidTo: '2026-07-08 21:09:09'
-      Signature: 67f286a598e054791a2ed3d87467229b0b9611e163929942967dd2790c90c1655f2e2c3ef8c372d16d83febe3fe80aca3bbf47a9a3f369db63bf2235a5975d6584907d8b465055d80c927cd21a4b1cf33c428b52d0b0fd6be33e072e299be63d1ba5d4b51d779439e2e964c9443d787a23f3137da69074838df4cb2602462ac28a10bba4a9050c9bed68fa682e95a02a3f2a6b5849631f09696e5a9896e483f4c08ff3462bdefc3bd0bd35ef6e25aee5af27edd0ddf30eaf992897984d0e3d0bf20889d61fc33218e2f0c52dce5b9eb449390ac60ac2c6adaee5b2d9db1588514558383271271a7fb1f427f8de2c3a206998b25989686e6fa7b774c3400506a6012a283e823f134d660bc0b34df5e18f7f1c6f157d45a776e5402a65a3c35d526286c31d63369786dfdaf3f8f216a19a27e1cda597d0ee5d6341e35b079c873e067706d106b1751f14be6161b5f0dcc61b04bedf41c70e28eede652fec97f6a15c96d800d6a146bd59f397a5094b481099801fd00029c5b19ba53f45771e35c6d2a2a29f7a7a22fa48951fabfb472380f59ef8bf6bb74b97e2eb75781aecea379979184bffd6b3236875e6affafc8beb0b80ea693baffc30ed044c8edfdf756d63913dd19d564e4fbf805722a1781132217aef410ab13ffba8cca45dc1a1889b5771564e4845c042c99b765b0a80486bfd799fc1bd6d6d6ac95273130d7a50cd
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 610e90d2000000000003
-      Version: 3
-      TBS:
-        MD5: b4ec95434f1d45b8055077cf90540a5f
-        SHA1: 71f74db41d045d6eaf81a849bbb3e21544edcff4
-        SHA256: f6f717a43ad9abddc8cefdde1c505462535e7d1307e630f9544a2d14fe8bf26e
-        SHA384: 25cbac323e740588a1ea3ca39ea907647440884ad75fc4bd99be6c82202aba42e95049fa7b66884977e60b819b21a2a5
-    Signer:
-    - SerialNumber: 33000002528b33aaf895f339db000000000252
-      Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Code Signing PCA 2011
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 0d646b28e804b652211b8f3e0feac906
-    SHA1: 1169ececb349b1d1a50626a2565e85cc6e9049ea
-    SHA256: 097828b6f5705aca00605777868f774f37fd5ecf705e958c6dbdb860c4934be4
-  Sections:
-    .text:
-      Entropy: 5.9944111351941185
-      Virtual Size: '0x5736'
-    .rdata:
-      Entropy: 5.542492779395016
-      Virtual Size: '0x570'
-    .data:
-      Entropy: 1.445115035315444
-      Virtual Size: '0x5a8'
-    .pdata:
-      Entropy: 4.268472946152158
-      Virtual Size: '0x42c'
-    .edata:
-      Entropy: 3.9636482963781448
-      Virtual Size: '0x63'
-    INIT:
-      Entropy: 5.324738401510091
-      Virtual Size: '0x4b6'
-    .rsrc:
-      Entropy: 3.275995301680775
-      Virtual Size: '0x358'
-    .reloc:
-      Entropy: 1.2355823247516717
-      Virtual Size: '0x48'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2013-01-15 23:24:57'
-  Imphash: 8b7e7c20da6ca9ac4bdb3927fe2b266a
-  LoadsDespiteHVCI: 'TRUE'
-Tags:
-- nscm.sys
+-   Filename: nscm.sys
+    MD5: ba2c0fa201c74621cddd8638497b3c70
+    SHA1: 8f540936f2484d020e270e41529624407b7e107e
+    SHA256: 28999af32b55ddb7dcfc26376a244aa2fe297233ce7abe4919a1aef2f7e2cee7
+    Authentihash:
+        MD5: 3a5b83215c9ea17f8d3ad3812c30a340
+        SHA1: 533e0690528ff3f0d59edeed9dd53b4f37c0a110
+        SHA256: 1622ac0c618a86be17e0f97daa061f9aaa0e721dc0fd30d76bbc5c958e9a9d92
+    Description: Novell XTier Session Manager
+    Company: Novell, Inc.
+    InternalName: ''
+    OriginalFilename: nscm.sys
+    FileVersion: 3.1.6.0
+    Product: Novell XTier
+    ProductVersion: 3.1.6
+    Copyright: (C) Copyright 2000-2008, Novell, Inc. All Rights Reserved.
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - nicm.sys
+    ExportedFunctions:
+    - DllGetClassObject
+    - XTCOM_Table
+    ImportedFunctions:
+    - IoCreateDevice
+    - SeUnregisterLogonSessionTerminatedRoutine
+    - KeInitializeMutex
+    - IoDeleteDevice
+    - SeRegisterLogonSessionTerminatedRoutine
+    - ZwOpenProcessTokenEx
+    - KeReleaseMutex
+    - ZwClose
+    - SeMarkLogonSessionForTerminationNotification
+    - ZwQueryInformationToken
+    - ZwOpenThreadTokenEx
+    - KeBugCheckEx
+    - KeWaitForSingleObject
+    - IoGetCurrentProcess
+    - DbgPrint
+    - NicmCreateInstance
+    - NicmDeregisterClassFactory
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3
+                , Microsoft Software Validation v2, OU=Novell Products Group, CN=Novell,
+                Inc.
+            ValidFrom: '2007-04-04 00:00:00'
+            ValidTo: '2010-04-27 23:59:59'
+            Signature: 267f71f6ee43755fd6395f85c34bb15a72a6f2a959c2074627d294395fb1aaa4c7bbeff369d735628b233bde7e5c95a0f1837e5ad03704270834ce9c1b07649a256027930f44e064568666b06e7f9dc3cd299b38b0a6766301200ab58434a05a34a369ab99bbbf2aaa6b3603481e0393a80ea09e78a7cf55317a9590c49887f02e1fd948c3b1f6d203e91782ce423d0569f45e7f074205df5f92be6ccd9836641439af4390022242e0ca84aedb0d71c5a50f2dbd1ed30e5ac9c1bda67c694f94f2fe4aa83945ed32e426afe26f44dcb6dcc8186728f86f1a1bddc1ea7dd82b76578a42d1e63bf5f8f348fbcd509094858978e375d277394529df1dd5d78abab2
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 4808d93b14b8600dbfa18dab5d15310f
+            Version: 3
+            TBS:
+                MD5: adddb65a3a360b3c1a55cb33e426f32a
+                SHA1: 93d9b282265288a94ee4f1a01c5fb3a08badb7ac
+                SHA256: d98d63f26125a94eb767fdd2526f6c74bfb40cb4d117a1d87ca3ed0d99bd6f0b
+                SHA384: cf20d9d6343b52b05ebaeace8a75ad950089e2d55508571cf5b153583fdf2d7b11bc61b8f38bfa70f09b2e7ac63d9ef5
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 4808d93b14b8600dbfa18dab5d15310f
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 4a07178c85358a7450e421019955ccee
+        SHA1: 0e0b4edfb21b1a41b2f00f341bc1c6de6a650546
+        SHA256: dd7717af9d41e7c2d7c773f3e063d396ad8676b3d940732451acc1fc28ec9989
+    Sections:
+        .text:
+            Entropy: 5.981323117886685
+            Virtual Size: '0x4a25'
+        .rdata:
+            Entropy: 5.681127753509768
+            Virtual Size: '0x480'
+        .data:
+            Entropy: 0.8264834692004682
+            Virtual Size: '0x548'
+        .pdata:
+            Entropy: 4.218145333940637
+            Virtual Size: '0x3c0'
+        .edata:
+            Entropy: 3.983850316580165
+            Virtual Size: '0x63'
+        INIT:
+            Entropy: 5.26537545088398
+            Virtual Size: '0x360'
+        .rsrc:
+            Entropy: 3.289150653685818
+            Virtual Size: '0x350'
+        .reloc:
+            Entropy: 1.2454265871243133
+            Virtual Size: '0x3c'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2009-03-27 11:56:49'
+    Imphash: 7d004bbe0f546a91c93562d324307fa7
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: nscm.sys
+    MD5: 4c76554d9a72653c6156ca0024d21a8e
+    SHA1: 6d3c760251d6e6ea7ff4f4fcac14876fac829cf9
+    SHA256: 2e665962c827ce0adbd29fe6bcf09bbb1d7a7022075d162ff9b65d0af9794ac0
+    Authentihash:
+        MD5: b546d6b223a9e1a42f8359dbf9d9737c
+        SHA1: 41f6704252efa14de0d72eeaf7475886ba7f3bdc
+        SHA256: 92ca1aec3afc90b44861c2e0be084a3db38d22d52f35e1697643d6477151392f
+    Description: Novell XTier Session Manager
+    Company: Novell, Inc.
+    InternalName: ''
+    OriginalFilename: nscm.sys
+    FileVersion: 3.1.11.0
+    Product: Novell XTier
+    ProductVersion: 3.1.11
+    Copyright: (C) Copyright 2000-2013, Novell, Inc. All Rights Reserved.
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - nicm.sys
+    ExportedFunctions:
+    - DllGetClassObject
+    - XTCOM_Table
+    ImportedFunctions:
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - KeInitializeMutex
+    - IoQueueWorkItemEx
+    - IoDeleteDevice
+    - IoFreeWorkItem
+    - RtlEqualUnicodeString
+    - ZwOpenProcessTokenEx
+    - IoAllocateWorkItem
+    - ZwClose
+    - ZwOpenProcess
+    - DbgPrint
+    - PsGetCurrentProcessId
+    - IoCreateDevice
+    - ZwQueryInformationToken
+    - PsSetCreateProcessNotifyRoutine
+    - SeRegisterLogonSessionTerminatedRoutine
+    - SeUnregisterLogonSessionTerminatedRoutine
+    - ZwOpenThreadTokenEx
+    - IoGetCurrentProcess
+    - SeMarkLogonSessionForTerminationNotification
+    - KeBugCheckEx
+    - KeWaitForSingleObject
+    - ZwQueryInformationProcess
+    - KeReleaseMutex
+    - NicmCreateInstance
+    - NicmDeregisterClassFactory
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Publisher
+            ValidFrom: '2022-01-27 19:31:19'
+            ValidTo: '2023-01-26 19:31:19'
+            Signature: 941777115fcaf24c60c4a8c891758c491887aa5e9f0902a704191e75dd6f99be3d14a24aa35b1f2a1c1c42dde08da3fa75a73edbf7b5ae0fe94b3716e43b838ff30149e19c51b8b87cc53377ae08bfc0f54c7fafa398db43e839de108493510bc34d0fe998a44fcd0a11b0dc0c7315421dac79ab09ca47f847f9fa88e15d57a564f7b074664409c0ce01c697b2dcfd31676fc908fbc6bb928f82170f0b5a54f52f4327797278b78188b87e37b192b493d00eaf661e30f12b9e67fbd1df9cc5843e6a1c68b45d4f62423450cdc990fab2367d7f57719cb8272f59d4f300284a36d88adfc976cb08c6b0da33d5e988be0e1a3cef2a9669b5227a5b8d027f804908
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 330000036ce57eeb5d1cc2be1700000000036c
+            Version: 3
+            TBS:
+                MD5: 7ece739fdaa27d96b67f587db04186a7
+                SHA1: b8701efa0ab12b8fea2293c9cff8772ecca084d0
+                SHA256: c1392bdcbb0b50215fca8c78f25c2d857e515dce06c87ce86527c88c91d5d7e4
+                SHA384: 8d292e8db16824f3ac9d668816c4cf521a9eb251069694c92932683afcaa4e53d5fa3a1f58356749e655299ed83fe191
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Production PCA 2011
+            ValidFrom: '2011-10-19 18:41:42'
+            ValidTo: '2026-10-19 18:51:42'
+            Signature: 14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: '61077656000000000008'
+            Version: 3
+            TBS:
+                MD5: 30a3f0b64324ed7f465e7fc618cb69e7
+                SHA1: 002de3561519b662c5e3f5faba1b92c403fb7c41
+                SHA256: 4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146
+                SHA384: 4f9a02c3eac5e83c38074d54c0bf270e03a1d668e0001c9812c509eb08a19075ee778a7630e65598e4608fc66e2d1c66
+        Signer:
+        -   SerialNumber: 330000036ce57eeb5d1cc2be1700000000036c
+            Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Production PCA 2011
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 0d646b28e804b652211b8f3e0feac906
+        SHA1: 1169ececb349b1d1a50626a2565e85cc6e9049ea
+        SHA256: 097828b6f5705aca00605777868f774f37fd5ecf705e958c6dbdb860c4934be4
+    Sections:
+        .text:
+            Entropy: 5.9944111351941185
+            Virtual Size: '0x5736'
+        .rdata:
+            Entropy: 5.542492779395016
+            Virtual Size: '0x570'
+        .data:
+            Entropy: 1.445115035315444
+            Virtual Size: '0x5a8'
+        .pdata:
+            Entropy: 4.268472946152158
+            Virtual Size: '0x42c'
+        .edata:
+            Entropy: 3.9636482963781448
+            Virtual Size: '0x63'
+        INIT:
+            Entropy: 5.429528792402954
+            Virtual Size: '0x4b6'
+        .rsrc:
+            Entropy: 6.472426446171854
+            Virtual Size: '0x14a24'
+        .reloc:
+            Entropy: 5.039009418592025
+            Virtual Size: '0x48'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2013-01-15 23:24:57'
+    Imphash: 8b7e7c20da6ca9ac4bdb3927fe2b266a
+    LoadsDespiteHVCI: 'TRUE'
+-   Filename: nscm.sys
+    MD5: 5f4a232d92480a1bebbe025ef64dc760
+    SHA1: 0cb14c1049c0e81c8655ab7ee7d698c11758ea06
+    SHA256: 5351c81b4ec5a0d79c39d24bac7600d10eac30c13546fde43d23636b3f421e7c
+    Authentihash:
+        MD5: 5d62cae57be434a4d56924574498c4f2
+        SHA1: 1a99d3141d75a3ef1998944b2d107089ce3ef6e4
+        SHA256: a363deaf1790e9c0610e07a7203749aab8b60f5ededc944abc0ef3010f5e2105
+    Description: XTier Security Context Manager
+    Company: Micro Focus
+    InternalName: ''
+    OriginalFilename: nscm.sys
+    FileVersion: 3.1.12.0
+    Product: Micro Focus XTier
+    ProductVersion: 3.1.12
+    Copyright: (C) Copyright 2000-2017, Micro Focus. All Rights Reserved.
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - nicm.sys
+    ExportedFunctions:
+    - DllGetClassObject
+    - XTCOM_Table
+    ImportedFunctions:
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - KeInitializeMutex
+    - PsLookupProcessByProcessId
+    - IoDeleteDevice
+    - RtlEqualUnicodeString
+    - ZwOpenProcessTokenEx
+    - _vsnwprintf
+    - ZwClose
+    - ZwOpenProcess
+    - ZwQueryInformationProcess
+    - DbgPrint
+    - IoCreateDevice
+    - ZwQueryInformationToken
+    - RtlDeleteRegistryValue
+    - PsSetCreateProcessNotifyRoutine
+    - SeRegisterLogonSessionTerminatedRoutine
+    - SeUnregisterLogonSessionTerminatedRoutine
+    - ZwOpenThreadTokenEx
+    - IoGetCurrentProcess
+    - SeMarkLogonSessionForTerminationNotification
+    - PsGetCurrentProcessId
+    - KeBugCheckEx
+    - KeWaitForSingleObject
+    - ObfDereferenceObject
+    - KeReleaseMutex
+    - NicmCreateInstance
+    - NicmDeregisterClassFactory
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Hardware Compatibility Publisher
+            ValidFrom: '2021-09-09 19:15:59'
+            ValidTo: '2022-09-01 19:15:59'
+            Signature: 1757782e797188079911866d54bd474a2432707984658c549a407e7fb4e5efa2ba72367a02b382d2116d4c4538836ddcd4616fcd231229df1ae5d0da6b3abe499ee5d8b47a7919940f6bbcbe2575018dca65eef4913e3d38410f2cd6cca3082d9ba2c061173cd828635665f76e8f0f685e03da24290b9d2cae7039da974de7b7e85798ba64cbe9ba34e0308c3bd6b4d68e9723fde74274fd3806fe799d04d6a3835f82d4fefc52088ccda4b4c817116f2f5a99445a3e952d78bc27753e65e97c6271c71ac7c9e3439b847e8984ab06a5904d150223f9ca92bbda86c02663c3f4964da5e106619b6eaff2768143cce9e5a8b0b2cba90e82cd87866d9fd6499c6cfbc96529a18b5653d12b54a6c928693a4e3d197ffbfcce7ed71a909b18d09b4345b24bc25eb8dfa1821a9cd0971ffc7d38a26580e2f118c4ac55bf926d0666b72ad7ba6ec20f0b54d694bc3b8a0dbddda27bd64194da085319841d1ebc9dc067ef72ea064a475bea865828b13077bc8e14e2f7544b90f0045f3cd84bcc0d5a80645a6fb65528e4f768ec775bdb0225399f3c81c0b667714676d0949f9ffaddc8549dc45e5ce4345c4ea7dc0aff4ac510f5527ad94a2181edc4b73bcfde813a83d81ca897854c98712346001a12e5d3bf9a45c807f9b3c7d3e0bb99c035ea54ee39e2c9af4147dbea7aabec85b47192b945e083ddf6061afb901e83b11135d24e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 330000004de597a775e3157f7b00000000004d
+            Version: 3
+            TBS:
+                MD5: 9f0782e89bd41cdd96ec55357457478a
+                SHA1: 35c2180572baad19019acca1334e6c653699c389
+                SHA256: 50814710213afec410f26e573d25267a2e21d3d15f158be8a43a666c9cc6fa08
+                SHA384: 8d48f066b0284071d64bbc556e018824a8388ccd142a56c7b7b04ef6d27cade07da57ac82d8067e18ad64d35af11e2a7
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2014
+            ValidFrom: '2014-10-15 20:31:27'
+            ValidTo: '2029-10-15 20:41:27'
+            Signature: 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 330000000d690d5d7893d076df00000000000d
+            Version: 3
+            TBS:
+                MD5: 83f69422963f11c3c340b81712eef319
+                SHA1: 0c5e5f24590b53bc291e28583acb78e5adc95601
+                SHA256: d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
+                SHA384: 260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63
+        Signer:
+        -   SerialNumber: 330000004de597a775e3157f7b00000000004d
+            Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2014
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 827395be6a60ed22c16a6eeea1843d8a
+        SHA1: 61171f78fedd9cc13cfa2fad18219d2aaf9ab83f
+        SHA256: d9b5607af39de0f2fc8d411d18fc86f6a1394c2b512b8876caef597f9c56dcad
+    Sections:
+        .text:
+            Entropy: 6.0164645838764494
+            Virtual Size: '0x5a66'
+        .rdata:
+            Entropy: 5.545815315316552
+            Virtual Size: '0x590'
+        .data:
+            Entropy: 1.445115035315444
+            Virtual Size: '0x5a8'
+        .pdata:
+            Entropy: 4.277709228070346
+            Virtual Size: '0x450'
+        .edata:
+            Entropy: 3.956023170093665
+            Virtual Size: '0x63'
+        INIT:
+            Entropy: 5.349379600291399
+            Virtual Size: '0x4e0'
+        .rsrc:
+            Entropy: 3.2835150258002495
+            Virtual Size: '0x360'
+        .reloc:
+            Entropy: 1.2355823247516717
+            Virtual Size: '0x48'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2022-03-03 03:52:58'
+    Imphash: 01aa65221a48929f0a34a27c4e3011b1
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: nscm.sys
+    MD5: f56f30ac68c35dd4680054cdfd8f3f00
+    SHA1: fce3a95b222c810c56e7ed5a3d7fb059eb693682
+    SHA256: 8e88cb80328c3dbaa2752591692e74a2fae7e146d7d8aabc9b9ac9a6fe561e6c
+    Authentihash:
+        MD5: 3050ced748b80cc81892435fd0868bfc
+        SHA1: 579e23f2b6ce2221ba435abc20801e98ab91a360
+        SHA256: 34f36a59ecf6174eeac15994e54c41fe1e3e3b1eee8ed4c399ec8c63212373d7
+    Description: Novell XTier Session Manager
+    Company: Novell, Inc.
+    InternalName: ''
+    OriginalFilename: nscm.sys
+    FileVersion: 3.1.6.0
+    Product: Novell XTier
+    ProductVersion: 3.1.6
+    Copyright: (C) Copyright 2000-2011, Novell, Inc. All Rights Reserved.
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - nicm.sys
+    ExportedFunctions:
+    - DllGetClassObject
+    - XTCOM_Table
+    ImportedFunctions:
+    - IoCreateDevice
+    - SeUnregisterLogonSessionTerminatedRoutine
+    - KeInitializeMutex
+    - IoDeleteDevice
+    - SeRegisterLogonSessionTerminatedRoutine
+    - SeMarkLogonSessionForTerminationNotification
+    - KeReleaseMutex
+    - ZwOpenThreadTokenEx
+    - ZwOpenProcessTokenEx
+    - IoGetCurrentProcess
+    - ZwClose
+    - KeBugCheckEx
+    - KeWaitForSingleObject
+    - ZwQueryInformationToken
+    - DbgPrint
+    - NicmCreateInstance
+    - NicmDeregisterClassFactory
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        -   Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3
+                , Microsoft Software Validation v2, OU=Novell Products Group, CN=Novell,
+                Inc.
+            ValidFrom: '2010-04-03 00:00:00'
+            ValidTo: '2013-04-26 23:59:59'
+            Signature: 2d2eec4636a0c1f359ef30a107e6c2301ad12c09ab9fdac02211aaef81323d1daee3a14a150bf9f4c7d0d788d5f486ea75e40abeb502a2267171be53030fe7614af7a2015eabd4c26e887ec9220beb3666fc68158d2b8dd659e3fe55245821c10e37ddeebac63eb1848512c64a543a13ba6735b156c6dc13395890e8003e03e7c2613e2c1de1dfadfe072cd7655e3b4166fe973233b4f81ecf810541382d67c92f29d76e220543a7179b606011b932cee250f99f260b29e79236cec10b67e0e0e48cb74593a7ce2e3cfafb6c58ac7ae5c10a591037c380b5f7516cac8f4ec695b020ca2445cb9bf97eb56c09d4a62618871b482ef97c5894349e10f62e2ee68b
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 41ec87c0295f2c734169b8a23c66ac9a
+            Version: 3
+            TBS:
+                MD5: b1504f143b89a6080710bafcededb833
+                SHA1: 5c2696893ebba1e81d918a4fadda143c25c77286
+                SHA256: ae1dc09d08e93ace95fe203adfbfadcd4c029529d3f99ab381c368064b58d9a0
+                SHA384: 18c6db711578cfcd4bce87c63d053e242c7c196efc892c2d4a8733cb75bb7dc3cac3f702e0e1d4b7fa2c590acb53fdee
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 41ec87c0295f2c734169b8a23c66ac9a
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 4a07178c85358a7450e421019955ccee
+        SHA1: 0e0b4edfb21b1a41b2f00f341bc1c6de6a650546
+        SHA256: dd7717af9d41e7c2d7c773f3e063d396ad8676b3d940732451acc1fc28ec9989
+    Sections:
+        .text:
+            Entropy: 5.98589698052852
+            Virtual Size: '0x4c15'
+        .rdata:
+            Entropy: 5.645994240527473
+            Virtual Size: '0x4b8'
+        .data:
+            Entropy: 0.8264834692004682
+            Virtual Size: '0x568'
+        .pdata:
+            Entropy: 4.238276468304064
+            Virtual Size: '0x3d8'
+        .edata:
+            Entropy: 3.956023170093665
+            Virtual Size: '0x63'
+        INIT:
+            Entropy: 5.259964214601351
+            Virtual Size: '0x360'
+        .rsrc:
+            Entropy: 3.287931080812757
+            Virtual Size: '0x350'
+        .reloc:
+            Entropy: 1.2454265871243133
+            Virtual Size: '0x3c'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2011-04-01 19:18:14'
+    Imphash: b8d0a36d2b14d79dfa08fb2e121f0920
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: nscm.sys
+    MD5: a1547e8b2ca0516d0d9191a55b8536c0
+    SHA1: 7cd4aea9c1f82111bf7f9d4934be95e9bb6f8ae0
+    SHA256: ce23c2dae4cca4771ea50ec737093dfafac06c64db0f924a1ccbbf687e33f5a2
+    Authentihash:
+        MD5: 7e245f8b1d1bddfd217d1cd060b91657
+        SHA1: 8c89db8dd4d7947cb5eb13c7a12907564576cb91
+        SHA256: 00dfeab446afecac7b44b0b1680d5ca7d421eda243e16db8c08706bb593a8391
+    Description: Novell XTier Session Manager
+    Company: Novell, Inc.
+    InternalName: ''
+    OriginalFilename: nscm.sys
+    FileVersion: 3.1.6.0
+    Product: Novell XTier
+    ProductVersion: 3.1.6
+    Copyright: (C) Copyright 2000-2008, Novell, Inc. All Rights Reserved.
+    MachineType: I386
+    Imports:
+    - ntoskrnl.exe
+    - nicm.sys
+    ExportedFunctions:
+    - DllGetClassObject
+    - XTCOM_Table
+    ImportedFunctions:
+    - IoDeleteDevice
+    - SeUnregisterLogonSessionTerminatedRoutine
+    - SeRegisterLogonSessionTerminatedRoutine
+    - KeInitializeMutex
+    - IoCreateDevice
+    - ZwClose
+    - KeWaitForSingleObject
+    - ZwOpenProcessTokenEx
+    - ZwOpenThreadTokenEx
+    - IoGetCurrentProcess
+    - SeMarkLogonSessionForTerminationNotification
+    - KeTickCount
+    - DbgPrint
+    - ZwQueryInformationToken
+    - KeReleaseMutex
+    - NicmCreateInstance
+    - NicmDeregisterClassFactory
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3
+                , Microsoft Software Validation v2, OU=Novell Products Group, CN=Novell,
+                Inc.
+            ValidFrom: '2007-04-04 00:00:00'
+            ValidTo: '2010-04-27 23:59:59'
+            Signature: 267f71f6ee43755fd6395f85c34bb15a72a6f2a959c2074627d294395fb1aaa4c7bbeff369d735628b233bde7e5c95a0f1837e5ad03704270834ce9c1b07649a256027930f44e064568666b06e7f9dc3cd299b38b0a6766301200ab58434a05a34a369ab99bbbf2aaa6b3603481e0393a80ea09e78a7cf55317a9590c49887f02e1fd948c3b1f6d203e91782ce423d0569f45e7f074205df5f92be6ccd9836641439af4390022242e0ca84aedb0d71c5a50f2dbd1ed30e5ac9c1bda67c694f94f2fe4aa83945ed32e426afe26f44dcb6dcc8186728f86f1a1bddc1ea7dd82b76578a42d1e63bf5f8f348fbcd509094858978e375d277394529df1dd5d78abab2
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 4808d93b14b8600dbfa18dab5d15310f
+            Version: 3
+            TBS:
+                MD5: adddb65a3a360b3c1a55cb33e426f32a
+                SHA1: 93d9b282265288a94ee4f1a01c5fb3a08badb7ac
+                SHA256: d98d63f26125a94eb767fdd2526f6c74bfb40cb4d117a1d87ca3ed0d99bd6f0b
+                SHA384: cf20d9d6343b52b05ebaeace8a75ad950089e2d55508571cf5b153583fdf2d7b11bc61b8f38bfa70f09b2e7ac63d9ef5
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 4808d93b14b8600dbfa18dab5d15310f
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: e92edbb3d49ed0e7c3de680c901221a8
+        SHA1: 17f6d8284edd12372405ea1e0edb59249d6d2a02
+        SHA256: 94fef4d39e3ffb29a749b7b8511c7ce76b9f824cb724eeef2529476a7b9af465
+    Sections:
+        .text:
+            Entropy: 6.133436661587974
+            Virtual Size: '0x337b'
+        .rdata:
+            Entropy: 5.95443123338063
+            Virtual Size: '0x2cc'
+        .data:
+            Entropy: 0.6992933847552781
+            Virtual Size: '0x294'
+        .edata:
+            Entropy: 3.88787733918592
+            Virtual Size: '0x63'
+        INIT:
+            Entropy: 5.407607088870612
+            Virtual Size: '0x2d6'
+        .rsrc:
+            Entropy: 3.289150653685818
+            Virtual Size: '0x350'
+        .reloc:
+            Entropy: 6.220983522762253
+            Virtual Size: '0x4f2'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2009-03-27 11:52:17'
+    Imphash: 65181bc89a1c2b5854548236269846c1
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: nscm.sys
+    MD5: bd5d4d07ae09e9f418d6b4ac6d9f2ed5
+    SHA1: d61acd857242185a56e101642d15b9b5f0558c26
+    SHA256: fb81b5f8bf69637dbdf050181499088a67d24577587bc520de94b5ee8996240f
+    Authentihash:
+        MD5: 32265ccdfe3d7f66269cbee0d5555e5b
+        SHA1: 72e5f5f6f266410d827fef10dc82c7ec8541e036
+        SHA256: 253ed7f5c7115e957dfdb1f5c6c51592b491a70b27787903c8fd848e45b9cf22
+    Description: Novell XTier Session Manager
+    Company: Novell, Inc.
+    InternalName: ''
+    OriginalFilename: nscm.sys
+    FileVersion: 3.1.11.0
+    Product: Novell XTier
+    ProductVersion: 3.1.11
+    Copyright: (C) Copyright 2000-2013, Novell, Inc. All Rights Reserved.
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - nicm.sys
+    ExportedFunctions:
+    - DllGetClassObject
+    - XTCOM_Table
+    ImportedFunctions:
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - KeInitializeMutex
+    - IoQueueWorkItemEx
+    - IoDeleteDevice
+    - IoFreeWorkItem
+    - RtlEqualUnicodeString
+    - ZwOpenProcessTokenEx
+    - IoAllocateWorkItem
+    - ZwClose
+    - ZwOpenProcess
+    - DbgPrint
+    - PsGetCurrentProcessId
+    - IoCreateDevice
+    - ZwQueryInformationToken
+    - PsSetCreateProcessNotifyRoutine
+    - SeRegisterLogonSessionTerminatedRoutine
+    - SeUnregisterLogonSessionTerminatedRoutine
+    - ZwOpenThreadTokenEx
+    - IoGetCurrentProcess
+    - SeMarkLogonSessionForTerminationNotification
+    - KeBugCheckEx
+    - KeWaitForSingleObject
+    - ZwQueryInformationProcess
+    - KeReleaseMutex
+    - NicmCreateInstance
+    - NicmDeregisterClassFactory
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Corporation
+            ValidFrom: '2021-09-02 18:32:59'
+            ValidTo: '2022-09-01 18:32:59'
+            Signature: 164937b92c644c4061d4db4097b062bc812c0167605f5a99f847593186d029ab18e888522d744cc45d41dce29d47d2bf91c72992f35c1a5f03ed8c984b89a109430147e54bae0ddff0f523dfc03d5796a2636fc9a24ed66453809a33d134d1a7c9e83b974953893845a84fb668eb3afa179e82a01d7a51a03492911cb591ba118ab8b230e65920c7d2b2f90bd9ae7fc3762f2e4c88162a9f8c186f3163a3c1bef8e0b7d8d04a19673eb677518f01bf0cbaaf29e15c1695d15d134cbd20131ede87f2b5a3c3226abbbab3fec5caa38b7944b8bd31e1f538012f90edc4262ead76d2055b4bd458f8e3e39dffa7260bd9a6bebb62c86ef4f58dd177761d263d9fdc626aed8eca756ab441885ab4a8417a0e1fc63860d32badda0e9a3359b18cd3eb138f33e87582346bbd80c2b966e765751c386b8e59d3a02892da1fd02a8ec9312bbead188e81385e96b4fbced3fcf5545cda9fed8faa494efef4bb4b42e318478c377123e3b8dbacbcb7fd8019dc87946a33b91a0ed6160e02f2078d847ecc5e32ac0a5b003e4d58b41eb591a9f4b1da895b139ea125c1243233922b3dec46eba91425f752ba3261fe762feda2553add6bc5d67ac3c6eb63279f74fc02e2dfcde245b806df392111c7b20564ef7650fa17135b848cbe6c925d724d907732e6e0380e05f0aa11361be21401124fe9c6f1cf2e22c6d979bd3c49e61032a8d51269
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 33000002528b33aaf895f339db000000000252
+            Version: 3
+            TBS:
+                MD5: 92b6022918bc02eb361b8a02fb1da57d
+                SHA1: 8ceb945fac0f6d623d464e21740ae6eb60351652
+                SHA256: c1446860a1cd9db490d3ea85e9df05df44af8d44e2bb803a2a2018f3b6c41bcb
+                SHA384: 322ed1a62a9f2ed7c7f601e99a8db15371e3ba1039a73c81801165ea987679023bc36f8c357f74354dce65532b71be3c
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Code Signing PCA 2011
+            ValidFrom: '2011-07-08 20:59:09'
+            ValidTo: '2026-07-08 21:09:09'
+            Signature: 67f286a598e054791a2ed3d87467229b0b9611e163929942967dd2790c90c1655f2e2c3ef8c372d16d83febe3fe80aca3bbf47a9a3f369db63bf2235a5975d6584907d8b465055d80c927cd21a4b1cf33c428b52d0b0fd6be33e072e299be63d1ba5d4b51d779439e2e964c9443d787a23f3137da69074838df4cb2602462ac28a10bba4a9050c9bed68fa682e95a02a3f2a6b5849631f09696e5a9896e483f4c08ff3462bdefc3bd0bd35ef6e25aee5af27edd0ddf30eaf992897984d0e3d0bf20889d61fc33218e2f0c52dce5b9eb449390ac60ac2c6adaee5b2d9db1588514558383271271a7fb1f427f8de2c3a206998b25989686e6fa7b774c3400506a6012a283e823f134d660bc0b34df5e18f7f1c6f157d45a776e5402a65a3c35d526286c31d63369786dfdaf3f8f216a19a27e1cda597d0ee5d6341e35b079c873e067706d106b1751f14be6161b5f0dcc61b04bedf41c70e28eede652fec97f6a15c96d800d6a146bd59f397a5094b481099801fd00029c5b19ba53f45771e35c6d2a2a29f7a7a22fa48951fabfb472380f59ef8bf6bb74b97e2eb75781aecea379979184bffd6b3236875e6affafc8beb0b80ea693baffc30ed044c8edfdf756d63913dd19d564e4fbf805722a1781132217aef410ab13ffba8cca45dc1a1889b5771564e4845c042c99b765b0a80486bfd799fc1bd6d6d6ac95273130d7a50cd
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 610e90d2000000000003
+            Version: 3
+            TBS:
+                MD5: b4ec95434f1d45b8055077cf90540a5f
+                SHA1: 71f74db41d045d6eaf81a849bbb3e21544edcff4
+                SHA256: f6f717a43ad9abddc8cefdde1c505462535e7d1307e630f9544a2d14fe8bf26e
+                SHA384: 25cbac323e740588a1ea3ca39ea907647440884ad75fc4bd99be6c82202aba42e95049fa7b66884977e60b819b21a2a5
+        Signer:
+        -   SerialNumber: 33000002528b33aaf895f339db000000000252
+            Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Code Signing PCA 2011
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 0d646b28e804b652211b8f3e0feac906
+        SHA1: 1169ececb349b1d1a50626a2565e85cc6e9049ea
+        SHA256: 097828b6f5705aca00605777868f774f37fd5ecf705e958c6dbdb860c4934be4
+    Sections:
+        .text:
+            Entropy: 5.9944111351941185
+            Virtual Size: '0x5736'
+        .rdata:
+            Entropy: 5.542492779395016
+            Virtual Size: '0x570'
+        .data:
+            Entropy: 1.445115035315444
+            Virtual Size: '0x5a8'
+        .pdata:
+            Entropy: 4.268472946152158
+            Virtual Size: '0x42c'
+        .edata:
+            Entropy: 3.9636482963781448
+            Virtual Size: '0x63'
+        INIT:
+            Entropy: 5.324738401510091
+            Virtual Size: '0x4b6'
+        .rsrc:
+            Entropy: 3.275995301680775
+            Virtual Size: '0x358'
+        .reloc:
+            Entropy: 1.2355823247516717
+            Virtual Size: '0x48'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2013-01-15 23:24:57'
+    Imphash: 8b7e7c20da6ca9ac4bdb3927fe2b266a
+    LoadsDespiteHVCI: 'TRUE'
diff --git a/yaml/90e8600a-9b5c-4153-bb06-1d8fbe0ef232.yaml b/yaml/90e8600a-9b5c-4153-bb06-1d8fbe0ef232.yaml
index 3878b4ebb..5f7b28593 100644
--- a/yaml/90e8600a-9b5c-4153-bb06-1d8fbe0ef232.yaml
+++ b/yaml/90e8600a-9b5c-4153-bb06-1d8fbe0ef232.yaml
@@ -1,35 +1,35 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 90e8600a-9b5c-4153-bb06-1d8fbe0ef232
+Tags:
+- nstr.sys
+Verified: 'FALSE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create nstr.sys binPath=C:\windows\temp \n \n \n  str.sys type=kernel
-    && sc.exe start nstr.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection: []
-Id: 90e8600a-9b5c-4153-bb06-1d8fbe0ef232
-KnownVulnerableSamples:
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: nstr.sys
-  MachineType: ''
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA256: 455bc98ba32adab8b47d2d89bdbadca4910f91c182ab2fc3211ba07d3784537b
-  Signature: []
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create nstr.sys binPath=C:\windows\temp \n \n \n  str.sys type=kernel
+        && sc.exe start nstr.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules
-Tags:
-- nstr.sys
-Verified: 'FALSE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: nstr.sys
+    MachineType: ''
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA256: 455bc98ba32adab8b47d2d89bdbadca4910f91c182ab2fc3211ba07d3784537b
+    Signature: []
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/90ecbbf7-b02f-424d-8b7d-56cc9e3b5873.yaml b/yaml/90ecbbf7-b02f-424d-8b7d-56cc9e3b5873.yaml
index f9cf5dde6..66ca00348 100644
--- a/yaml/90ecbbf7-b02f-424d-8b7d-56cc9e3b5873.yaml
+++ b/yaml/90ecbbf7-b02f-424d-8b7d-56cc9e3b5873.yaml
@@ -1,339 +1,340 @@
 Id: 90ecbbf7-b02f-424d-8b7d-56cc9e3b5873
+Tags:
+- eneio64.sys
+Verified: 'TRUE'
 Author: Nasreddine Bencherchali
 Created: '2023-05-06'
 MitreID: T1068
 Category: vulnerable driver
-Verified: 'TRUE'
 Commands:
-  Command: sc.exe create eneio64.sys binPath=C:\windows\temp\eneio64.sys type=kernel
-    && sc.exe start eneio64.sys
-  Description: ''
-  Usecase: Elevate privileges
-  Privileges: kernel
-  OperatingSystem: Windows 10
+    Command: sc.exe create eneio64.sys binPath=C:\windows\temp\eneio64.sys type=kernel
+        && sc.exe start eneio64.sys
+    Description: ''
+    Usecase: Elevate privileges
+    Privileges: kernel
+    OperatingSystem: Windows 10
 Resources:
 - Internal Research
-Acknowledgement:
-  Person: ''
-  Handle: ''
 Detection: []
+Acknowledgement:
+    Person: ''
+    Handle: ''
 KnownVulnerableSamples:
-- Filename: eneio64.sys
-  MD5: 66066d9852bc65988fb4777f0ff3fbb4
-  SHA1: 24343ec4dfec11796a8800a3059b630e8be89070
-  SHA256: 38c18db050b0b2b07f657c03db1c9595febae0319c746c3eede677e21cd238b0
-  Authentihash:
-    MD5: 2a99d8330fe122a45ba45dcf897c1bf9
-    SHA1: b4afe8a5554e68bf22994725cf096b77430a9cf1
-    SHA256: b45d78a6780f125143dbd198ac2439be78424e7ae37a4234541ecb327dc190c1
-  Description: ''
-  Company: ''
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  Product: ''
-  ProductVersion: ''
-  Copyright: ''
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ObReferenceObjectByHandle
-  - DbgPrint
-  - ZwClose
-  - ZwOpenSection
-  - ZwMapViewOfSection
-  - ZwUnmapViewOfSection
-  - KeBugCheckEx
-  - ObfDereferenceObject
-  - RtlInitUnicodeString
-  - HalTranslateBusAddress
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=TW, ST=Taiwan, L=Taipei / Peitou, O=ASUSTeK Computer Inc., OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=Quality Testing Department,
-        CN=ASUSTeK Computer Inc.
-      ValidFrom: '2012-07-31 00:00:00'
-      ValidTo: '2015-08-03 23:59:59'
-      Signature: 03cd161c1960e13d0b06441f08fdfc9df8319f8d87a83ecc865bc20767841d4087e40dc9d770bdc5c0fe6ccb9cf3e08bee7364451b03fb3130356761cae54417e8a282ed7cd33b0becd72e8799b616a2766976a7172a1cc299e8321ebeb479f592e03f425da4b2ea6a0cd0b5cc32b9bdeec80aa3ef0a62d6e16b72765301d53ef883ab9210a4b868ff2e2724e37804feb5277d3e26da8ba9d0b6ef61769d1c0f62a78757779d7134a63320b1a692584f12162d3fa20ec6e1b038b1a8d7afc2fad7b692759c6a000159714271f40d608fed3c08213b757fa75baf4674380f5aea46b7125f17532c636876c1f3e0d4b0350822f2a640001fda794b969e2cc681c2
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 7d08d9bc130726de26ee4ef28e133084
-      Version: 3
-      TBS:
-        MD5: 72cafb0a175f0481177fa2c9803283c7
-        SHA1: b603167b958c5fcd7094552891ddc4e2ea4c149f
-        SHA256: a36a0024075771a4b30eab8f1288817059fe1a01003d0c1d92f647df17f3b688
-        SHA384: 33c28dc6857ce5d20a2e9ba8a47f6bc80a9a98fba518fd732963bedbbb408848b89b3d8438d413f8b933ee761ffa1653
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 7d08d9bc130726de26ee4ef28e133084
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: d4dc300278495702ce61361ddb5544ee
-    SHA1: d17f20ef396f0e8807de2c1aaf7f30792c903584
-    SHA256: 8d46fa18bb13863d69951387c5b43ebf905f7155d45b08c4f8c6884373b627f4
-  Sections:
-    .text:
-      Entropy: 5.704520791179325
-      Virtual Size: '0x133c'
-    .rdata:
-      Entropy: 3.30603816225351
-      Virtual Size: '0x224'
-    .data:
-      Entropy: 0.5159719988134768
-      Virtual Size: '0x110'
-    .pdata:
-      Entropy: 3.4671595175830263
-      Virtual Size: '0xb4'
-    INIT:
-      Entropy: 5.1810888243389535
-      Virtual Size: '0x2aa'
-    .reloc:
-      Entropy: 1.584962500721156
-      Virtual Size: '0xc'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2014-09-10 00:36:29'
-  Imphash: b3204707f6e489cd5a2484881eaf78ca
-  LoadsDespiteHVCI: 'TRUE'
-- Filename: EneIo64.sys
-  MD5: 86fd54c56dcafe2de918c36f8dfda67e
-  SHA1: 0b01c4c1f18d72eb622be2553114f32edfe7b7aa
-  SHA256: 9ee33ffd80611a13779df6286c1e04d3c151f1e2f65e3d664a08997fcd098ef3
-  Authentihash:
-    MD5: 6055cbe0b4c535baa8c15473fc97e61a
-    SHA1: ce280412dd778cafbe6dbb05b8cab42e98d3ae56
-    SHA256: 795e5774aefd74200d552bf7ede17491c254fa7a73e2a00eb0e1462f18211ff5
-  Description: ''
-  Company: ''
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  Product: ''
-  ProductVersion: ''
-  Copyright: ''
-  MachineType: AMD64
-  Imports:
-  - cng.sys
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - BCryptCloseAlgorithmProvider
-  - BCryptGetProperty
-  - BCryptDecrypt
-  - BCryptImportKey
-  - BCryptDestroyKey
-  - BCryptSetProperty
-  - BCryptOpenAlgorithmProvider
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - wcsstr
-  - ObfDereferenceObject
-  - ZwClose
-  - ZwOpenSection
-  - ZwMapViewOfSection
-  - ZwUnmapViewOfSection
-  - PsSetLoadImageNotifyRoutine
-  - PsRemoveLoadImageNotifyRoutine
-  - PsGetCurrentProcessId
-  - RtlTimeToSecondsSince1970
-  - __C_specific_handler
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - RtlInitUnicodeString
-  - KeBugCheckEx
-  - ObReferenceObjectByHandle
-  - HalTranslateBusAddress
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Trusted Root
-        G4
-      ValidFrom: '2022-06-09 00:00:00'
-      ValidTo: '2031-11-09 23:59:59'
-      Signature: 9a1602a501ef81fb0db458b278ada82319d97337da609e51d7cbf82f40b9a31f7c404e333e903ce789017585e8627b1d56e071bade5ec637bc795c62004df8497a514d0632f3c5d2002a2720ea892e1539e02c3ef8757c2c824161350f23d0ed3595d288952943cbe0a658107c538e9f45c9203714c0ed19ba7e7739d25496c7a611df3433f67552424b1c9d8d96d5956c471214245f2641fa1a46bddeb0e5914703ac1808cbcbdb66897f2b9c65bfbe374ebe2df39d4ac3cccc475ec89595add1cbbb2a0620f93f72ea36eb4572927a297b14033cfb4dd648717a10118a0874cd6c1b045cd28a950376515053d62ef74a46c3ae102c714cb087b62737446044
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.12
-      IsCertificateAuthority: true
-      SerialNumber: 01240afb1e380b8a16f14b719df4d3c0
-      Version: 3
-      TBS:
-        MD5: a780e8237c69d6012c9a0ce5576fbab0
-        SHA1: 613115803ff02f51d735686030790041e4207ecd
-        SHA256: 2a73e196c22294f2670b352ff3e37cb6c586d5754c67f2557c10dc49295e32dd
-        SHA384: 71f67d14277b8318635b771249919e29fa673b9f3b7b41ad50b83f38a0a128860d0a49f0fb212bec5bbacaf538749d57
-    - Subject: C=US, O=DigiCert, Inc., CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping
-        CA
-      ValidFrom: '2022-03-23 00:00:00'
-      ValidTo: '2037-03-22 23:59:59'
-      Signature: 7d598ec093b66f98a94422017e66d6d82142e1b0182e104d13cf3053cebf18fbc7505de24b29fb708a0daa2969fc69c1cf1d07e93e60c8d80be55c5bd76d87fa842025343167cdb612966fc4504c621d0c0882a816bda956cf15738d012225ce95693f4777fb727414d7ffab4f8a2c7aab85cd435fed60b6aa4f91669e2c9ee08aace5fd8cbc6426876c92bd9d7cd0700a7cefa8bc754fba5af7a910b25de9ff285489f0d58a717665daccf072a323fac0278244ae99271bab241e26c1b7de2aebf69eb1799981a35686ab0a45c9dfc48da0e798fbfba69d72afc4c7c1c16a71d9c6138009c4b69fcd878724bb4fa349b9776691f1729ce94b0252a7377e9353ac3b1d08490f94cd397addff256399272c3d3f6ba7f166c341cd4fb6409b212140d0b71324cddc1d783ae49eade5347192d7266be43873aba6014fbd3f3b78ad4cadfbc4957bed0a5f33398741787a38e99ce1dd23fd1d28d3c7f9e8f1985ffb2bd87ef2469d752c1e272c26db6f157b1e198b36b893d4e6f2179959ca70f037bf9800df20164f27fb606716a166badd55c03a2986b098a02bed9541b73ad5159831b462090f0abd81d913febfa4d1f357d9bc04fa82de32df0489f000cd5dc2f9d0237f000be4760226d9f0657642a6298709472be67f1aa4850ffc9896f655542b1f80fac0f20e2be5d6fba92f44154ae7130e1ddb37381aa12bf6edd67cfc
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 073637b724547cd847acfd28662a5e5b
-      Version: 3
-      TBS:
-        MD5: e4b8ad9932ff9205f580cf8fb2afbb86
-        SHA1: 5301f7044d78bf94dd2b6e4871083a17fdba1dcc
-        SHA256: c3d01499a5d1d2f71e0f44e78fbfa4b8aadb43dd4f226401e0c1d7a6d53357fa
-        SHA384: 84b5f399da5a4f4387269adfd951ef7d2197c29552ed2d2e449060664c3825d6bdb2acc3e563d999e54652f7384f445e
-    - Subject: C=US, O=DigiCert, Inc., CN=DigiCert Trusted G4 Code Signing RSA4096
-        SHA384 2021 CA1
-      ValidFrom: '2021-04-29 00:00:00'
-      ValidTo: '2036-04-28 23:59:59'
-      Signature: 3a23443d8d0876ee8fbc3a99d356e0021aa5f84834f32cb6e67466f79472b100caaf6c302713129e90449f4bfd9ea37c26d537bc3a5d486d95d53f49f427bb16814550fd9cbdb685e0767e3771cb22f75aaa90cff5936ae3eb20d1d55079889a8a8ac1b6bda148187edcd8801a111918cd61998156f6c9e376e7c4e41b5f43f83e94ff76393d9ed499cf4add28eb5f26a1955848d51afed7273ffd90d17686dd1cb0605cf30da8eee089a1bd39e1384eda6ebb369dfbe521535ac3cae96af1a23edb43b833c84f38149299f5ddce546dd95d02141f40337c03e295b2c221757352cb46d8c4341ca2a54b8dcd6f76372c853f1ace26e918be9007b0437f9588208270f0cccaeffd29355c1f893855f7378a8b09a1cb0be9311aff2e195c3971e1be9ca70a06d62667b792e64e5fde7aac49cf2ea47492addb3ca49c861fe3c1561b2b23ff8fb5ea887b706be6a0bafd3a3f45a6c4e81691528b41c048844b964dab4440e38df01528ceedf11856072a2f10c40c08643c338fae288c3ccb8f880b0dbf3bf4ce1e7b8eefb5ebcbb7f07713e6e7283fac12aea52f226c41f9825c1566cc6c0ecac586c3f626330c074ba0d307026a6a4030484b34a85120bbad1b8508e2590d6dca05502bea4a1c9ea5fda0a71f0674e7f2d65290fdaf854821f9573bb49c03ed8645f4b4616ebf68e2266086eac8afa9fe941de7631b3a8656784e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.12
-      IsCertificateAuthority: true
-      SerialNumber: 08ad40b260d29c4c9f5ecda9bd93aed9
-      Version: 3
-      TBS:
-        MD5: 5d8003a64dfa5a4d88365da1566038cb
-        SHA1: 79465b56bc7ad55a37bdf633943da8bfc84db228
-        SHA256: 84bdc82e2f2a7f7aaa782667dac556ffcb2b33240c1f9c0a00a3264526a98332
-        SHA384: 65b1d4076a89ae273f57e6eeedecb3eae129b4168f76fa7671914cdf461d542255c59d9b85b916ae0ca6fc0fcf7a8e64
-    - Subject: C=US, O=DigiCert, Inc., CN=DigiCert Timestamp 2022 , 2
-      ValidFrom: '2022-03-29 00:00:00'
-      ValidTo: '2033-03-14 23:59:59'
-      Signature: 0d2d2374a6d1f5f8ea4b993f01e4f60ce4af169dd9b38c9782299c436f012dab38b57011bf84198b3f5de5864fbe933ade2a395a394ed88459a5bc1b98aae86cefd1486919385bcf89391d7070d94edf23226cd5dff659cba1c2ea4c76caa1dca12b96b89b55a91a6b7dd1f502094f82d6a57388c49880dfee4995b7b3ccc5a7ee0ee1ef1e388a9fef11c9314a58b6df387ccbfa5cf7e453bf6e0a7c7ed7de98d52965890fa29cc065f4012265c7ea5e74a65b3592507cf417a687644f3e46891663206bcbf27bd035e34a7048a9b6e71d60bd04221525700672a9443b694711d3eee9c7a03e4f10b93036e4f3aa6909a88b7e64a2659411fb6e32f1f5bb38adcdc09311d532784a4b372a4cf35cdcb685c0bb70305578d698fe546d7f71a9481a78dd46772e1b7ac0338af84a288c12a873cf2df9d323f29e19e00d9428a0ebdb1a51a095828e286ba4ce9d76dea973aa486a5943ae5feaf80f06429ddf066896fe2aa0745b6366de6b2cb878aa4d706df02cf107157e35b4e6b50ca299a5d7156b350e85d6e02ccce00c24b87c520b1e997cefc8c8c58c5869afab3de1cfcc7d15ae14bf8a71dfca97b1d847ea1c85e0454e121c142958cc6fd37fcbbec10e4a6f209caed973325908e72d92a11a11fe3298a65d2b97e08bd39ccc6db50dae47633847175b6f13da6a106e1f49b7445bb4080a875a59047611a1a77702131c
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 0a7a4a889ec99942900663384d86979d
-      Version: 3
-      TBS:
-        MD5: d49300b4e758e36a3832679763a83c58
-        SHA1: ec3075370fcea680e09497d44a4b246012f24160
-        SHA256: fa5e895ff2603de9e15939a00299836f73e5778058f22194f696d19e79a8b010
-        SHA384: 13ab2eedcd7e712f635ca1da3dc30cd8d8e22cedcf5a2c4994181509dddbf76867d07925b9a514d123bc1d5cab41fe9f
-    - Subject: ??=Private Organization, ??=TW, serialNumber=16505809, C=TW, L=HSINCHU
-        CITY, O=ENE TECHNOLOGY INC., CN=ENE TECHNOLOGY INC.
-      ValidFrom: '2021-07-06 00:00:00'
-      ValidTo: '2024-08-29 23:59:59'
-      Signature: 1c799045dbfc1da5f1dfdadef58c38978109600b513226a29abbc20ec9b30e03e9a0c7679f1b7d388009015a1edc77a4bbd817838d7b17c62493514bf6c095ff9d6d1ae40f761678be2b04ced07db70e5f6a58be33016c1de06f7bf2008b1040c2f8677a62667b4b110e5fe57816934686086bdf2941c980fc79945950338e2e9dbe37e24e8cb745f6f54a0f6b26feca8b6894545afd98da94e45ab6574b16043ad7458e750834b853a57c0ece0114268a0a099f9178ef3939b8871218f6376f0b870a49e29d0c83bae3fcf4444e04b7eda9453813e65de04312e0e6311616bc9b9d90f4bc784b9a5fc1a4ede394a5c742564ba9ed93f0a517bc4888e08a0a37cb74e40c86de9cc01de3dcd5dd30d6f76773f933812fa246c439380cf61a4d31d390da3c6b067b7b8628f9059a1160cc72c47d1bf593cde1ddfabcea0ddec96bc2953e0354765744be490ec3223488075bbbabb4a800016b076e26319da7901e01083c46dd90fc51aa08d7038600801043b46db5d5e992a7bb8682f7cf4b2598740159e69e83e8c47f9998316abc1c02385ed99c16bb9dbd11789023c7c16ffe832fa802142b8c4c34856a60062802e24a230cd118c1926be1dcc155cd06dd75f6eabd6be9be0eeddf3efe9bd342d2cc4687d4e9527120e4843ddd295647d8a2a0c88327dac8df1a0ccd94eaef279629eecedf87a23c60cd2355deabb77b8b06
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 0d6403ef47571a33435fc827ccefc858
-      Version: 3
-      TBS:
-        MD5: 03c022b5bd95b982d374487f2e446818
-        SHA1: 9bb3db6bee31ae0eeea7d58eb4dbef14528602ec
-        SHA256: b307d4f6d8ab941cd7f5877bfe76ce1f79f0a8d4cfbf7bab3bb5c93aeaaf67dc
-        SHA384: 20fc12de256659cf0d07c11080c23255aafa46c1ed3e3fd078b25bb7fbc500d1d9c702d6b8e5252911c5764d9251ecad
-    Signer:
-    - SerialNumber: 0d6403ef47571a33435fc827ccefc858
-      Issuer: C=US, O=DigiCert, Inc., CN=DigiCert Trusted G4 Code Signing RSA4096
-        SHA384 2021 CA1
-      Version: 1
-  RichPEHeaderHash:
-    MD5: d0ffa2aaf0d3bc149c94629fd26d9a1a
-    SHA1: 9d3eb6a840044e7e6f4dd9602d13be9e727d0104
-    SHA256: 893f6ad3e6f34030f6416c00feb4f816d84461e62e441908bab4a6fdb39b0761
-  Sections:
-    .text:
-      Entropy: 6.190870515576075
-      Virtual Size: '0x14b2'
-    .rdata:
-      Entropy: 5.431524952006945
-      Virtual Size: '0x7c4'
-    .data:
-      Entropy: 2.591917186688699
-      Virtual Size: '0x20'
-    .pdata:
-      Entropy: 3.775198059023202
-      Virtual Size: '0x180'
-    INIT:
-      Entropy: 5.1721688922538265
-      Virtual Size: '0x484'
-    .reloc:
-      Entropy: 2.684183719779189
-      Virtual Size: '0x14'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2020-05-08 00:07:19'
-  Imphash: baa420e9d4e3baf0d65d4fc2bf497708
-  LoadsDespiteHVCI: 'TRUE'
-Tags:
-- eneio64.sys
+-   Filename: eneio64.sys
+    MD5: 66066d9852bc65988fb4777f0ff3fbb4
+    SHA1: 24343ec4dfec11796a8800a3059b630e8be89070
+    SHA256: 38c18db050b0b2b07f657c03db1c9595febae0319c746c3eede677e21cd238b0
+    Authentihash:
+        MD5: 2a99d8330fe122a45ba45dcf897c1bf9
+        SHA1: b4afe8a5554e68bf22994725cf096b77430a9cf1
+        SHA256: b45d78a6780f125143dbd198ac2439be78424e7ae37a4234541ecb327dc190c1
+    Description: ''
+    Company: ''
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    Product: ''
+    ProductVersion: ''
+    Copyright: ''
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - ObReferenceObjectByHandle
+    - DbgPrint
+    - ZwClose
+    - ZwOpenSection
+    - ZwMapViewOfSection
+    - ZwUnmapViewOfSection
+    - KeBugCheckEx
+    - ObfDereferenceObject
+    - RtlInitUnicodeString
+    - HalTranslateBusAddress
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=TW, ST=Taiwan, L=Taipei / Peitou, O=ASUSTeK Computer Inc.,
+                OU=Digital ID Class 3 , Microsoft Software Validation v2, OU=Quality
+                Testing Department, CN=ASUSTeK Computer Inc.
+            ValidFrom: '2012-07-31 00:00:00'
+            ValidTo: '2015-08-03 23:59:59'
+            Signature: 03cd161c1960e13d0b06441f08fdfc9df8319f8d87a83ecc865bc20767841d4087e40dc9d770bdc5c0fe6ccb9cf3e08bee7364451b03fb3130356761cae54417e8a282ed7cd33b0becd72e8799b616a2766976a7172a1cc299e8321ebeb479f592e03f425da4b2ea6a0cd0b5cc32b9bdeec80aa3ef0a62d6e16b72765301d53ef883ab9210a4b868ff2e2724e37804feb5277d3e26da8ba9d0b6ef61769d1c0f62a78757779d7134a63320b1a692584f12162d3fa20ec6e1b038b1a8d7afc2fad7b692759c6a000159714271f40d608fed3c08213b757fa75baf4674380f5aea46b7125f17532c636876c1f3e0d4b0350822f2a640001fda794b969e2cc681c2
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 7d08d9bc130726de26ee4ef28e133084
+            Version: 3
+            TBS:
+                MD5: 72cafb0a175f0481177fa2c9803283c7
+                SHA1: b603167b958c5fcd7094552891ddc4e2ea4c149f
+                SHA256: a36a0024075771a4b30eab8f1288817059fe1a01003d0c1d92f647df17f3b688
+                SHA384: 33c28dc6857ce5d20a2e9ba8a47f6bc80a9a98fba518fd732963bedbbb408848b89b3d8438d413f8b933ee761ffa1653
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 7d08d9bc130726de26ee4ef28e133084
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: d4dc300278495702ce61361ddb5544ee
+        SHA1: d17f20ef396f0e8807de2c1aaf7f30792c903584
+        SHA256: 8d46fa18bb13863d69951387c5b43ebf905f7155d45b08c4f8c6884373b627f4
+    Sections:
+        .text:
+            Entropy: 5.704520791179325
+            Virtual Size: '0x133c'
+        .rdata:
+            Entropy: 3.30603816225351
+            Virtual Size: '0x224'
+        .data:
+            Entropy: 0.5159719988134768
+            Virtual Size: '0x110'
+        .pdata:
+            Entropy: 3.4671595175830263
+            Virtual Size: '0xb4'
+        INIT:
+            Entropy: 5.1810888243389535
+            Virtual Size: '0x2aa'
+        .reloc:
+            Entropy: 1.584962500721156
+            Virtual Size: '0xc'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2014-09-10 00:36:29'
+    Imphash: b3204707f6e489cd5a2484881eaf78ca
+    LoadsDespiteHVCI: 'TRUE'
+-   Filename: EneIo64.sys
+    MD5: 86fd54c56dcafe2de918c36f8dfda67e
+    SHA1: 0b01c4c1f18d72eb622be2553114f32edfe7b7aa
+    SHA256: 9ee33ffd80611a13779df6286c1e04d3c151f1e2f65e3d664a08997fcd098ef3
+    Authentihash:
+        MD5: 6055cbe0b4c535baa8c15473fc97e61a
+        SHA1: ce280412dd778cafbe6dbb05b8cab42e98d3ae56
+        SHA256: 795e5774aefd74200d552bf7ede17491c254fa7a73e2a00eb0e1462f18211ff5
+    Description: ''
+    Company: ''
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    Product: ''
+    ProductVersion: ''
+    Copyright: ''
+    MachineType: AMD64
+    Imports:
+    - cng.sys
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - BCryptCloseAlgorithmProvider
+    - BCryptGetProperty
+    - BCryptDecrypt
+    - BCryptImportKey
+    - BCryptDestroyKey
+    - BCryptSetProperty
+    - BCryptOpenAlgorithmProvider
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - wcsstr
+    - ObfDereferenceObject
+    - ZwClose
+    - ZwOpenSection
+    - ZwMapViewOfSection
+    - ZwUnmapViewOfSection
+    - PsSetLoadImageNotifyRoutine
+    - PsRemoveLoadImageNotifyRoutine
+    - PsGetCurrentProcessId
+    - RtlTimeToSecondsSince1970
+    - __C_specific_handler
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - RtlInitUnicodeString
+    - KeBugCheckEx
+    - ObReferenceObjectByHandle
+    - HalTranslateBusAddress
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Trusted
+                Root G4
+            ValidFrom: '2022-06-09 00:00:00'
+            ValidTo: '2031-11-09 23:59:59'
+            Signature: 9a1602a501ef81fb0db458b278ada82319d97337da609e51d7cbf82f40b9a31f7c404e333e903ce789017585e8627b1d56e071bade5ec637bc795c62004df8497a514d0632f3c5d2002a2720ea892e1539e02c3ef8757c2c824161350f23d0ed3595d288952943cbe0a658107c538e9f45c9203714c0ed19ba7e7739d25496c7a611df3433f67552424b1c9d8d96d5956c471214245f2641fa1a46bddeb0e5914703ac1808cbcbdb66897f2b9c65bfbe374ebe2df39d4ac3cccc475ec89595add1cbbb2a0620f93f72ea36eb4572927a297b14033cfb4dd648717a10118a0874cd6c1b045cd28a950376515053d62ef74a46c3ae102c714cb087b62737446044
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.12
+            IsCertificateAuthority: true
+            SerialNumber: 01240afb1e380b8a16f14b719df4d3c0
+            Version: 3
+            TBS:
+                MD5: a780e8237c69d6012c9a0ce5576fbab0
+                SHA1: 613115803ff02f51d735686030790041e4207ecd
+                SHA256: 2a73e196c22294f2670b352ff3e37cb6c586d5754c67f2557c10dc49295e32dd
+                SHA384: 71f67d14277b8318635b771249919e29fa673b9f3b7b41ad50b83f38a0a128860d0a49f0fb212bec5bbacaf538749d57
+        -   Subject: C=US, O=DigiCert, Inc., CN=DigiCert Trusted G4 RSA4096 SHA256
+                TimeStamping CA
+            ValidFrom: '2022-03-23 00:00:00'
+            ValidTo: '2037-03-22 23:59:59'
+            Signature: 7d598ec093b66f98a94422017e66d6d82142e1b0182e104d13cf3053cebf18fbc7505de24b29fb708a0daa2969fc69c1cf1d07e93e60c8d80be55c5bd76d87fa842025343167cdb612966fc4504c621d0c0882a816bda956cf15738d012225ce95693f4777fb727414d7ffab4f8a2c7aab85cd435fed60b6aa4f91669e2c9ee08aace5fd8cbc6426876c92bd9d7cd0700a7cefa8bc754fba5af7a910b25de9ff285489f0d58a717665daccf072a323fac0278244ae99271bab241e26c1b7de2aebf69eb1799981a35686ab0a45c9dfc48da0e798fbfba69d72afc4c7c1c16a71d9c6138009c4b69fcd878724bb4fa349b9776691f1729ce94b0252a7377e9353ac3b1d08490f94cd397addff256399272c3d3f6ba7f166c341cd4fb6409b212140d0b71324cddc1d783ae49eade5347192d7266be43873aba6014fbd3f3b78ad4cadfbc4957bed0a5f33398741787a38e99ce1dd23fd1d28d3c7f9e8f1985ffb2bd87ef2469d752c1e272c26db6f157b1e198b36b893d4e6f2179959ca70f037bf9800df20164f27fb606716a166badd55c03a2986b098a02bed9541b73ad5159831b462090f0abd81d913febfa4d1f357d9bc04fa82de32df0489f000cd5dc2f9d0237f000be4760226d9f0657642a6298709472be67f1aa4850ffc9896f655542b1f80fac0f20e2be5d6fba92f44154ae7130e1ddb37381aa12bf6edd67cfc
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 073637b724547cd847acfd28662a5e5b
+            Version: 3
+            TBS:
+                MD5: e4b8ad9932ff9205f580cf8fb2afbb86
+                SHA1: 5301f7044d78bf94dd2b6e4871083a17fdba1dcc
+                SHA256: c3d01499a5d1d2f71e0f44e78fbfa4b8aadb43dd4f226401e0c1d7a6d53357fa
+                SHA384: 84b5f399da5a4f4387269adfd951ef7d2197c29552ed2d2e449060664c3825d6bdb2acc3e563d999e54652f7384f445e
+        -   Subject: C=US, O=DigiCert, Inc., CN=DigiCert Trusted G4 Code Signing RSA4096
+                SHA384 2021 CA1
+            ValidFrom: '2021-04-29 00:00:00'
+            ValidTo: '2036-04-28 23:59:59'
+            Signature: 3a23443d8d0876ee8fbc3a99d356e0021aa5f84834f32cb6e67466f79472b100caaf6c302713129e90449f4bfd9ea37c26d537bc3a5d486d95d53f49f427bb16814550fd9cbdb685e0767e3771cb22f75aaa90cff5936ae3eb20d1d55079889a8a8ac1b6bda148187edcd8801a111918cd61998156f6c9e376e7c4e41b5f43f83e94ff76393d9ed499cf4add28eb5f26a1955848d51afed7273ffd90d17686dd1cb0605cf30da8eee089a1bd39e1384eda6ebb369dfbe521535ac3cae96af1a23edb43b833c84f38149299f5ddce546dd95d02141f40337c03e295b2c221757352cb46d8c4341ca2a54b8dcd6f76372c853f1ace26e918be9007b0437f9588208270f0cccaeffd29355c1f893855f7378a8b09a1cb0be9311aff2e195c3971e1be9ca70a06d62667b792e64e5fde7aac49cf2ea47492addb3ca49c861fe3c1561b2b23ff8fb5ea887b706be6a0bafd3a3f45a6c4e81691528b41c048844b964dab4440e38df01528ceedf11856072a2f10c40c08643c338fae288c3ccb8f880b0dbf3bf4ce1e7b8eefb5ebcbb7f07713e6e7283fac12aea52f226c41f9825c1566cc6c0ecac586c3f626330c074ba0d307026a6a4030484b34a85120bbad1b8508e2590d6dca05502bea4a1c9ea5fda0a71f0674e7f2d65290fdaf854821f9573bb49c03ed8645f4b4616ebf68e2266086eac8afa9fe941de7631b3a8656784e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.12
+            IsCertificateAuthority: true
+            SerialNumber: 08ad40b260d29c4c9f5ecda9bd93aed9
+            Version: 3
+            TBS:
+                MD5: 5d8003a64dfa5a4d88365da1566038cb
+                SHA1: 79465b56bc7ad55a37bdf633943da8bfc84db228
+                SHA256: 84bdc82e2f2a7f7aaa782667dac556ffcb2b33240c1f9c0a00a3264526a98332
+                SHA384: 65b1d4076a89ae273f57e6eeedecb3eae129b4168f76fa7671914cdf461d542255c59d9b85b916ae0ca6fc0fcf7a8e64
+        -   Subject: C=US, O=DigiCert, Inc., CN=DigiCert Timestamp 2022 , 2
+            ValidFrom: '2022-03-29 00:00:00'
+            ValidTo: '2033-03-14 23:59:59'
+            Signature: 0d2d2374a6d1f5f8ea4b993f01e4f60ce4af169dd9b38c9782299c436f012dab38b57011bf84198b3f5de5864fbe933ade2a395a394ed88459a5bc1b98aae86cefd1486919385bcf89391d7070d94edf23226cd5dff659cba1c2ea4c76caa1dca12b96b89b55a91a6b7dd1f502094f82d6a57388c49880dfee4995b7b3ccc5a7ee0ee1ef1e388a9fef11c9314a58b6df387ccbfa5cf7e453bf6e0a7c7ed7de98d52965890fa29cc065f4012265c7ea5e74a65b3592507cf417a687644f3e46891663206bcbf27bd035e34a7048a9b6e71d60bd04221525700672a9443b694711d3eee9c7a03e4f10b93036e4f3aa6909a88b7e64a2659411fb6e32f1f5bb38adcdc09311d532784a4b372a4cf35cdcb685c0bb70305578d698fe546d7f71a9481a78dd46772e1b7ac0338af84a288c12a873cf2df9d323f29e19e00d9428a0ebdb1a51a095828e286ba4ce9d76dea973aa486a5943ae5feaf80f06429ddf066896fe2aa0745b6366de6b2cb878aa4d706df02cf107157e35b4e6b50ca299a5d7156b350e85d6e02ccce00c24b87c520b1e997cefc8c8c58c5869afab3de1cfcc7d15ae14bf8a71dfca97b1d847ea1c85e0454e121c142958cc6fd37fcbbec10e4a6f209caed973325908e72d92a11a11fe3298a65d2b97e08bd39ccc6db50dae47633847175b6f13da6a106e1f49b7445bb4080a875a59047611a1a77702131c
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 0a7a4a889ec99942900663384d86979d
+            Version: 3
+            TBS:
+                MD5: d49300b4e758e36a3832679763a83c58
+                SHA1: ec3075370fcea680e09497d44a4b246012f24160
+                SHA256: fa5e895ff2603de9e15939a00299836f73e5778058f22194f696d19e79a8b010
+                SHA384: 13ab2eedcd7e712f635ca1da3dc30cd8d8e22cedcf5a2c4994181509dddbf76867d07925b9a514d123bc1d5cab41fe9f
+        -   Subject: ??=Private Organization, ??=TW, serialNumber=16505809, C=TW,
+                L=HSINCHU CITY, O=ENE TECHNOLOGY INC., CN=ENE TECHNOLOGY INC.
+            ValidFrom: '2021-07-06 00:00:00'
+            ValidTo: '2024-08-29 23:59:59'
+            Signature: 1c799045dbfc1da5f1dfdadef58c38978109600b513226a29abbc20ec9b30e03e9a0c7679f1b7d388009015a1edc77a4bbd817838d7b17c62493514bf6c095ff9d6d1ae40f761678be2b04ced07db70e5f6a58be33016c1de06f7bf2008b1040c2f8677a62667b4b110e5fe57816934686086bdf2941c980fc79945950338e2e9dbe37e24e8cb745f6f54a0f6b26feca8b6894545afd98da94e45ab6574b16043ad7458e750834b853a57c0ece0114268a0a099f9178ef3939b8871218f6376f0b870a49e29d0c83bae3fcf4444e04b7eda9453813e65de04312e0e6311616bc9b9d90f4bc784b9a5fc1a4ede394a5c742564ba9ed93f0a517bc4888e08a0a37cb74e40c86de9cc01de3dcd5dd30d6f76773f933812fa246c439380cf61a4d31d390da3c6b067b7b8628f9059a1160cc72c47d1bf593cde1ddfabcea0ddec96bc2953e0354765744be490ec3223488075bbbabb4a800016b076e26319da7901e01083c46dd90fc51aa08d7038600801043b46db5d5e992a7bb8682f7cf4b2598740159e69e83e8c47f9998316abc1c02385ed99c16bb9dbd11789023c7c16ffe832fa802142b8c4c34856a60062802e24a230cd118c1926be1dcc155cd06dd75f6eabd6be9be0eeddf3efe9bd342d2cc4687d4e9527120e4843ddd295647d8a2a0c88327dac8df1a0ccd94eaef279629eecedf87a23c60cd2355deabb77b8b06
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 0d6403ef47571a33435fc827ccefc858
+            Version: 3
+            TBS:
+                MD5: 03c022b5bd95b982d374487f2e446818
+                SHA1: 9bb3db6bee31ae0eeea7d58eb4dbef14528602ec
+                SHA256: b307d4f6d8ab941cd7f5877bfe76ce1f79f0a8d4cfbf7bab3bb5c93aeaaf67dc
+                SHA384: 20fc12de256659cf0d07c11080c23255aafa46c1ed3e3fd078b25bb7fbc500d1d9c702d6b8e5252911c5764d9251ecad
+        Signer:
+        -   SerialNumber: 0d6403ef47571a33435fc827ccefc858
+            Issuer: C=US, O=DigiCert, Inc., CN=DigiCert Trusted G4 Code Signing RSA4096
+                SHA384 2021 CA1
+            Version: 1
+    RichPEHeaderHash:
+        MD5: d0ffa2aaf0d3bc149c94629fd26d9a1a
+        SHA1: 9d3eb6a840044e7e6f4dd9602d13be9e727d0104
+        SHA256: 893f6ad3e6f34030f6416c00feb4f816d84461e62e441908bab4a6fdb39b0761
+    Sections:
+        .text:
+            Entropy: 6.190870515576075
+            Virtual Size: '0x14b2'
+        .rdata:
+            Entropy: 5.431524952006945
+            Virtual Size: '0x7c4'
+        .data:
+            Entropy: 2.591917186688699
+            Virtual Size: '0x20'
+        .pdata:
+            Entropy: 3.775198059023202
+            Virtual Size: '0x180'
+        INIT:
+            Entropy: 5.1721688922538265
+            Virtual Size: '0x484'
+        .reloc:
+            Entropy: 2.684183719779189
+            Virtual Size: '0x14'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2020-05-08 00:07:19'
+    Imphash: baa420e9d4e3baf0d65d4fc2bf497708
+    LoadsDespiteHVCI: 'TRUE'
diff --git a/yaml/91ff1575-9ff2-46fd-8bfe-0bb3e3457b7f.yaml b/yaml/91ff1575-9ff2-46fd-8bfe-0bb3e3457b7f.yaml
index 62ffb3fdf..7f1dfbdb4 100644
--- a/yaml/91ff1575-9ff2-46fd-8bfe-0bb3e3457b7f.yaml
+++ b/yaml/91ff1575-9ff2-46fd-8bfe-0bb3e3457b7f.yaml
@@ -1,494 +1,496 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 91ff1575-9ff2-46fd-8bfe-0bb3e3457b7f
+Tags:
+- inpoutx64.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create inpoutx64.sys binPath=C:\windows\temp\inpoutx64.sys type=kernel
-    && sc.exe start inpoutx64.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/2d83ccb1ad9839c9f5b3f10b1f856177df1594c66cbbc7661677d4b462ebf44d.yara
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/f581decc2888ef27ee1ea85ea23bbb5fb2fe6a554266ff5a1476acd1d29d53af.yara
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/f8965fdce668692c3785afa3559159f9a18287bc0d53abb21902895a8ecf221b.yara
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: 91ff1575-9ff2-46fd-8bfe-0bb3e3457b7f
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: c21e45ae33d6b1f864a276a13ba3aaeb
-    SHA1: 94b9b91a2acc786b54e8dbc11b759b05bc15fc3f
-    SHA256: 9f70169f9541c8f5b13d3ec1f3514cc4f2607d572ffb4c7e5a98be0856852dd8
-  Company: Highresolution Enterprises [www.highrez.co.uk]
-  Copyright: Copyright (c) 2008 Highresolution Enterprises. Portions Copyright (c)
-    Logix4u
-  CreationTimestamp: '2016-01-27 06:33:44'
-  Date: ''
-  Description: Kernel level port access driver
-  ExportedFunctions: ''
-  FileVersion: '1.2 x64 built by: WinDDK'
-  Filename: inpoutx64.sys
-  ImportedFunctions:
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - ZwUnmapViewOfSection
-  - ZwClose
-  - IofCompleteRequest
-  - ZwMapViewOfSection
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - ZwOpenSection
-  - KeBugCheckEx
-  - ObReferenceObjectByHandle
-  - IoDeleteSymbolicLink
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: inpoutx64.sys
-  MD5: 4d487f77be4471900d6ccbc47242cc25
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: inpoutx64.sys
-  Product: inpoutx64 Driver Version 1.2
-  ProductVersion: 1.2 x64
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 3c96e0741ae47291a272a41e4b9e80e5
-    SHA1: 6168bdc4289ffbe75eb6423de53622518c00c42e
-    SHA256: abd3637076b6be89cc761b324909f926cea53a0a2caebb9b9aec8d86a5515910
-  SHA1: cc0e0440adc058615e31e8a52372abadf658e6b1
-  SHA256: 2d83ccb1ad9839c9f5b3f10b1f856177df1594c66cbbc7661677d4b462ebf44d
-  Sections:
-    .text:
-      Entropy: 5.943192274109432
-      Virtual Size: '0xa2e'
-    .rdata:
-      Entropy: 4.525980022369495
-      Virtual Size: '0x174'
-    .data:
-      Entropy: 0.5159719988134768
-      Virtual Size: '0x110'
-    .pdata:
-      Entropy: 3.165076186548889
-      Virtual Size: '0x6c'
-    INIT:
-      Entropy: 5.043077605667908
-      Virtual Size: '0x25e'
-    .rsrc:
-      Entropy: 3.375001080130226
-      Virtual Size: '0x448'
-  Signature:
-  - RISINTECH INC.
-  - VeriSign Class 3 Code Signing 2010 CA
-  - VeriSign
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=TW, ST=Taiwan, L=Taoyuan, O=RISINTECH INC., CN=RISINTECH INC.
-      ValidFrom: '2014-08-18 00:00:00'
-      ValidTo: '2016-09-16 23:59:59'
-      Signature: 6a61ffd5f53a7447d463fc322233c8e9acc481ddd0b6572729c3e6968ecd5a27f5eddc35572c842f2cba648295c49480e90fe888b910491b25a35a70f477a011ec32434e21a3b4b7c6a430d0ef5d701fc1c6e3e7e40ba18eb6c4daeb54fc93fb074c79f09fc363e70ea74e0f6be6473af423c1d1e38ae26367fbc9fa4d3cefcc8edb1b83fa230e2a41c90236315486abbdd2b9ca62d59e3669444d4ad6ce3fd68a430d7a70544720c880d31e59a12fd66352cd15fa30808db554c407423c92ea6a20e7bb75a01b3f4691df49da583f679126c60b4bb154296ff09fefe146b907c4f7fe4ecca86944ad3acf06638fcc029c443ab009878fb6129776e0694e78bd
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 08aa09e04443e946331fd1cfe085f12d
-      Version: 3
-      TBS:
-        MD5: c28667139d7b72ed16209f3b8c47a0a2
-        SHA1: 40a51c3a559434b7f40a5da53934df63dcba6013
-        SHA256: f1cba92d3ac93328befa314f2d38eabdf6a1baabdf90d8858149de6a0b87f108
-        SHA384: 0beac0fd90c8f01bc7b43823e884cc60e440c999ac30d1f23379cc2821902a00bb1c86b3491ec231ab1e64f798d8b35b
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 08aa09e04443e946331fd1cfe085f12d
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: c05e71aad32edcbe71ae0ef1621f8693
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: c21e45ae33d6b1f864a276a13ba3aaeb
-    SHA1: 94b9b91a2acc786b54e8dbc11b759b05bc15fc3f
-    SHA256: 9f70169f9541c8f5b13d3ec1f3514cc4f2607d572ffb4c7e5a98be0856852dd8
-  Company: Highresolution Enterprises [www.highrez.co.uk]
-  Copyright: Copyright (c) 2008 Highresolution Enterprises. Portions Copyright (c)
-    Logix4u
-  CreationTimestamp: '2016-01-27 06:33:44'
-  Date: ''
-  Description: Kernel level port access driver
-  ExportedFunctions: ''
-  FileVersion: '1.2 x64 built by: WinDDK'
-  Filename: inpoutx64.sys
-  ImportedFunctions:
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - ZwUnmapViewOfSection
-  - ZwClose
-  - IofCompleteRequest
-  - ZwMapViewOfSection
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - ZwOpenSection
-  - KeBugCheckEx
-  - ObReferenceObjectByHandle
-  - IoDeleteSymbolicLink
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: inpoutx64.sys
-  MD5: 5ca1922ed5ee2b533b5f3dd9be20fd9a
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: inpoutx64.sys
-  Product: inpoutx64 Driver Version 1.2
-  ProductVersion: 1.2 x64
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 3c96e0741ae47291a272a41e4b9e80e5
-    SHA1: 6168bdc4289ffbe75eb6423de53622518c00c42e
-    SHA256: abd3637076b6be89cc761b324909f926cea53a0a2caebb9b9aec8d86a5515910
-  SHA1: 5520ac25d81550a255dc16a0bb89d4b275f6f809
-  SHA256: f581decc2888ef27ee1ea85ea23bbb5fb2fe6a554266ff5a1476acd1d29d53af
-  Sections:
-    .text:
-      Entropy: 5.943192274109432
-      Virtual Size: '0xa2e'
-    .rdata:
-      Entropy: 4.525980022369495
-      Virtual Size: '0x174'
-    .data:
-      Entropy: 0.5159719988134768
-      Virtual Size: '0x110'
-    .pdata:
-      Entropy: 3.165076186548889
-      Virtual Size: '0x6c'
-    INIT:
-      Entropy: 5.043077605667908
-      Virtual Size: '0x25e'
-    .rsrc:
-      Entropy: 3.375001080130226
-      Virtual Size: '0x448'
-  Signature:
-  - RISINTECH INC.
-  - VeriSign Class 3 Code Signing 2010 CA
-  - VeriSign
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=TW, ST=Taiwan, L=Taoyuan, O=RISINTECH INC., CN=RISINTECH INC.
-      ValidFrom: '2014-08-18 00:00:00'
-      ValidTo: '2016-09-16 23:59:59'
-      Signature: 6a61ffd5f53a7447d463fc322233c8e9acc481ddd0b6572729c3e6968ecd5a27f5eddc35572c842f2cba648295c49480e90fe888b910491b25a35a70f477a011ec32434e21a3b4b7c6a430d0ef5d701fc1c6e3e7e40ba18eb6c4daeb54fc93fb074c79f09fc363e70ea74e0f6be6473af423c1d1e38ae26367fbc9fa4d3cefcc8edb1b83fa230e2a41c90236315486abbdd2b9ca62d59e3669444d4ad6ce3fd68a430d7a70544720c880d31e59a12fd66352cd15fa30808db554c407423c92ea6a20e7bb75a01b3f4691df49da583f679126c60b4bb154296ff09fefe146b907c4f7fe4ecca86944ad3acf06638fcc029c443ab009878fb6129776e0694e78bd
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 08aa09e04443e946331fd1cfe085f12d
-      Version: 3
-      TBS:
-        MD5: c28667139d7b72ed16209f3b8c47a0a2
-        SHA1: 40a51c3a559434b7f40a5da53934df63dcba6013
-        SHA256: f1cba92d3ac93328befa314f2d38eabdf6a1baabdf90d8858149de6a0b87f108
-        SHA384: 0beac0fd90c8f01bc7b43823e884cc60e440c999ac30d1f23379cc2821902a00bb1c86b3491ec231ab1e64f798d8b35b
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 08aa09e04443e946331fd1cfe085f12d
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: c05e71aad32edcbe71ae0ef1621f8693
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: ad4eff45cdb0b12af3990945afff9a8f
-    SHA1: 8e1f51761f21148f68ac925cc5f9e9c78f3d5ec4
-    SHA256: d61ce5874adb89b4e992df8df879b568d9c4136df568718a768cd807d789a726
-  Company: Highresolution Enterprises [www.highrez.co.uk]
-  Copyright: Copyright (c) 2008 Highresolution Enterprises. Portions Copyright (c)
-    Logix4u
-  CreationTimestamp: '2008-10-17 17:01:16'
-  Date: ''
-  Description: Kernel level port access driver
-  ExportedFunctions: ''
-  FileVersion: '1.2 x64 built by: WinDDK'
-  Filename: inpoutx64.sys
-  ImportedFunctions:
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - ZwClose
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - IoDeleteDevice
-  - ZwUnmapViewOfSection
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeBugCheckEx
-  - ZwOpenSection
-  - IofCompleteRequest
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: inpoutx64.sys
-  MD5: 9321a61a25c7961d9f36852ecaa86f55
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: inpoutx64.sys
-  Product: inpoutx64 Driver Version 1.2
-  ProductVersion: 1.2 x64
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 1b19b7c8c29ee1a90f9c2b13eb7d131b
-    SHA1: 7adbedde877708b811bc96acc23a31532d6f4f83
-    SHA256: 25afa73a325285db7c250742fbb2de5dc0ce869553c6dc16149ae0c66372c42b
-  SHA1: 6afc6b04cf73dd461e4a4956365f25c1f1162387
-  SHA256: f8965fdce668692c3785afa3559159f9a18287bc0d53abb21902895a8ecf221b
-  Sections:
-    .text:
-      Entropy: 5.89661455260416
-      Virtual Size: '0xaa4'
-    .rdata:
-      Entropy: 4.467747737177358
-      Virtual Size: '0x17c'
-    .data:
-      Entropy: 0.5159719988134768
-      Virtual Size: '0x110'
-    .pdata:
-      Entropy: 3.106290594309254
-      Virtual Size: '0x60'
-    INIT:
-      Entropy: 4.840483025983054
-      Virtual Size: '0x246'
-    .rsrc:
-      Entropy: 3.375001080130226
-      Virtual Size: '0x448'
-  Signature:
-  - Red Fox UK Limited
-  - VeriSign Class 3 Code Signing 2004 CA
-  - VeriSign Class 3 Public Primary CA
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=GB, ST=London, L=London, O=Red Fox UK Limited, OU=Digital ID Class
-        3 , Microsoft Software Validation v2, OU=Development, CN=Red Fox UK Limited
-      ValidFrom: '2008-10-09 00:00:00'
-      ValidTo: '2009-10-09 23:59:59'
-      Signature: bd4734f0a0a645fcf8cd628a4f2753ec55afe90ba7866f0643a1258c751d29e4e9ba97907778c9628bae1540f78f459a7b8a8e5dc233f214ef0763f1d45625f34fc6cf4a91ce42a8e5bf46e368145d6853a384b40f1f1c6f8a26b91c43214d7b3027141e149bfa308f500c5ad2e9c252d9fb298abd6b7bc79ed8a4458588ec67fbaa20d5dec8dcc29576ad8206b73dc75963d6f8bb48eeb825f6eecdc785b16cafb933bf4de8f0b7d608fc3d68cf7f65b672c58fd7a40928917c42488aea98b0939a03d52a86edd8ea6419b52e2e9682e3682b6dcaaefa7c01f2db8f1ef8863b064cab07faf45b8a47f72e6b45785baee08886f7d0a965ed3368565be63321d9
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 620cbcba5648e27b80aef5226ee67fce
-      Version: 3
-      TBS:
-        MD5: 829bad243d9bc5a00c1e79d729074543
-        SHA1: d3c7c1b9a74057a2ca88fc8c08ea615c2443e474
-        SHA256: 5e426e3820c03eebe44dc5b2e21dc0c0a58b3e810396f571b5aa6d358012fb2b
-        SHA384: 9cccb08402fd8db1f2dfd8649ff887b75723b2e45bf2650490f683e75bb4e1246c899f6aa7d1a4dded666270eb2a9699
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 620cbcba5648e27b80aef5226ee67fce
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  Imphash: 98dc1b41bda471f7eabdce8a5d16c09d
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create inpoutx64.sys binPath=C:\windows\temp\inpoutx64.sys type=kernel
+        && sc.exe start inpoutx64.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://github.com/namazso/physmem_drivers
-Tags:
-- inpoutx64.sys
-Verified: 'TRUE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/2d83ccb1ad9839c9f5b3f10b1f856177df1594c66cbbc7661677d4b462ebf44d.yara
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/f581decc2888ef27ee1ea85ea23bbb5fb2fe6a554266ff5a1476acd1d29d53af.yara
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/f8965fdce668692c3785afa3559159f9a18287bc0d53abb21902895a8ecf221b.yara
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: c21e45ae33d6b1f864a276a13ba3aaeb
+        SHA1: 94b9b91a2acc786b54e8dbc11b759b05bc15fc3f
+        SHA256: 9f70169f9541c8f5b13d3ec1f3514cc4f2607d572ffb4c7e5a98be0856852dd8
+    Company: Highresolution Enterprises [www.highrez.co.uk]
+    Copyright: Copyright (c) 2008 Highresolution Enterprises. Portions Copyright (c)
+        Logix4u
+    CreationTimestamp: '2016-01-27 06:33:44'
+    Date: ''
+    Description: Kernel level port access driver
+    ExportedFunctions: ''
+    FileVersion: '1.2 x64 built by: WinDDK'
+    Filename: inpoutx64.sys
+    ImportedFunctions:
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - ZwUnmapViewOfSection
+    - ZwClose
+    - IofCompleteRequest
+    - ZwMapViewOfSection
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - ZwOpenSection
+    - KeBugCheckEx
+    - ObReferenceObjectByHandle
+    - IoDeleteSymbolicLink
+    - HalTranslateBusAddress
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: inpoutx64.sys
+    MD5: 4d487f77be4471900d6ccbc47242cc25
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: inpoutx64.sys
+    Product: inpoutx64 Driver Version 1.2
+    ProductVersion: 1.2 x64
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 3c96e0741ae47291a272a41e4b9e80e5
+        SHA1: 6168bdc4289ffbe75eb6423de53622518c00c42e
+        SHA256: abd3637076b6be89cc761b324909f926cea53a0a2caebb9b9aec8d86a5515910
+    SHA1: cc0e0440adc058615e31e8a52372abadf658e6b1
+    SHA256: 2d83ccb1ad9839c9f5b3f10b1f856177df1594c66cbbc7661677d4b462ebf44d
+    Sections:
+        .text:
+            Entropy: 5.943192274109432
+            Virtual Size: '0xa2e'
+        .rdata:
+            Entropy: 4.525980022369495
+            Virtual Size: '0x174'
+        .data:
+            Entropy: 0.5159719988134768
+            Virtual Size: '0x110'
+        .pdata:
+            Entropy: 3.165076186548889
+            Virtual Size: '0x6c'
+        INIT:
+            Entropy: 5.043077605667908
+            Virtual Size: '0x25e'
+        .rsrc:
+            Entropy: 3.375001080130226
+            Virtual Size: '0x448'
+    Signature:
+    - RISINTECH INC.
+    - VeriSign Class 3 Code Signing 2010 CA
+    - VeriSign
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=TW, ST=Taiwan, L=Taoyuan, O=RISINTECH INC., CN=RISINTECH INC.
+            ValidFrom: '2014-08-18 00:00:00'
+            ValidTo: '2016-09-16 23:59:59'
+            Signature: 6a61ffd5f53a7447d463fc322233c8e9acc481ddd0b6572729c3e6968ecd5a27f5eddc35572c842f2cba648295c49480e90fe888b910491b25a35a70f477a011ec32434e21a3b4b7c6a430d0ef5d701fc1c6e3e7e40ba18eb6c4daeb54fc93fb074c79f09fc363e70ea74e0f6be6473af423c1d1e38ae26367fbc9fa4d3cefcc8edb1b83fa230e2a41c90236315486abbdd2b9ca62d59e3669444d4ad6ce3fd68a430d7a70544720c880d31e59a12fd66352cd15fa30808db554c407423c92ea6a20e7bb75a01b3f4691df49da583f679126c60b4bb154296ff09fefe146b907c4f7fe4ecca86944ad3acf06638fcc029c443ab009878fb6129776e0694e78bd
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 08aa09e04443e946331fd1cfe085f12d
+            Version: 3
+            TBS:
+                MD5: c28667139d7b72ed16209f3b8c47a0a2
+                SHA1: 40a51c3a559434b7f40a5da53934df63dcba6013
+                SHA256: f1cba92d3ac93328befa314f2d38eabdf6a1baabdf90d8858149de6a0b87f108
+                SHA384: 0beac0fd90c8f01bc7b43823e884cc60e440c999ac30d1f23379cc2821902a00bb1c86b3491ec231ab1e64f798d8b35b
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 08aa09e04443e946331fd1cfe085f12d
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: c05e71aad32edcbe71ae0ef1621f8693
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: c21e45ae33d6b1f864a276a13ba3aaeb
+        SHA1: 94b9b91a2acc786b54e8dbc11b759b05bc15fc3f
+        SHA256: 9f70169f9541c8f5b13d3ec1f3514cc4f2607d572ffb4c7e5a98be0856852dd8
+    Company: Highresolution Enterprises [www.highrez.co.uk]
+    Copyright: Copyright (c) 2008 Highresolution Enterprises. Portions Copyright (c)
+        Logix4u
+    CreationTimestamp: '2016-01-27 06:33:44'
+    Date: ''
+    Description: Kernel level port access driver
+    ExportedFunctions: ''
+    FileVersion: '1.2 x64 built by: WinDDK'
+    Filename: inpoutx64.sys
+    ImportedFunctions:
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - ZwUnmapViewOfSection
+    - ZwClose
+    - IofCompleteRequest
+    - ZwMapViewOfSection
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - ZwOpenSection
+    - KeBugCheckEx
+    - ObReferenceObjectByHandle
+    - IoDeleteSymbolicLink
+    - HalTranslateBusAddress
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: inpoutx64.sys
+    MD5: 5ca1922ed5ee2b533b5f3dd9be20fd9a
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: inpoutx64.sys
+    Product: inpoutx64 Driver Version 1.2
+    ProductVersion: 1.2 x64
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 3c96e0741ae47291a272a41e4b9e80e5
+        SHA1: 6168bdc4289ffbe75eb6423de53622518c00c42e
+        SHA256: abd3637076b6be89cc761b324909f926cea53a0a2caebb9b9aec8d86a5515910
+    SHA1: 5520ac25d81550a255dc16a0bb89d4b275f6f809
+    SHA256: f581decc2888ef27ee1ea85ea23bbb5fb2fe6a554266ff5a1476acd1d29d53af
+    Sections:
+        .text:
+            Entropy: 5.943192274109432
+            Virtual Size: '0xa2e'
+        .rdata:
+            Entropy: 4.525980022369495
+            Virtual Size: '0x174'
+        .data:
+            Entropy: 0.5159719988134768
+            Virtual Size: '0x110'
+        .pdata:
+            Entropy: 3.165076186548889
+            Virtual Size: '0x6c'
+        INIT:
+            Entropy: 5.043077605667908
+            Virtual Size: '0x25e'
+        .rsrc:
+            Entropy: 3.375001080130226
+            Virtual Size: '0x448'
+    Signature:
+    - RISINTECH INC.
+    - VeriSign Class 3 Code Signing 2010 CA
+    - VeriSign
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=TW, ST=Taiwan, L=Taoyuan, O=RISINTECH INC., CN=RISINTECH INC.
+            ValidFrom: '2014-08-18 00:00:00'
+            ValidTo: '2016-09-16 23:59:59'
+            Signature: 6a61ffd5f53a7447d463fc322233c8e9acc481ddd0b6572729c3e6968ecd5a27f5eddc35572c842f2cba648295c49480e90fe888b910491b25a35a70f477a011ec32434e21a3b4b7c6a430d0ef5d701fc1c6e3e7e40ba18eb6c4daeb54fc93fb074c79f09fc363e70ea74e0f6be6473af423c1d1e38ae26367fbc9fa4d3cefcc8edb1b83fa230e2a41c90236315486abbdd2b9ca62d59e3669444d4ad6ce3fd68a430d7a70544720c880d31e59a12fd66352cd15fa30808db554c407423c92ea6a20e7bb75a01b3f4691df49da583f679126c60b4bb154296ff09fefe146b907c4f7fe4ecca86944ad3acf06638fcc029c443ab009878fb6129776e0694e78bd
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 08aa09e04443e946331fd1cfe085f12d
+            Version: 3
+            TBS:
+                MD5: c28667139d7b72ed16209f3b8c47a0a2
+                SHA1: 40a51c3a559434b7f40a5da53934df63dcba6013
+                SHA256: f1cba92d3ac93328befa314f2d38eabdf6a1baabdf90d8858149de6a0b87f108
+                SHA384: 0beac0fd90c8f01bc7b43823e884cc60e440c999ac30d1f23379cc2821902a00bb1c86b3491ec231ab1e64f798d8b35b
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 08aa09e04443e946331fd1cfe085f12d
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: c05e71aad32edcbe71ae0ef1621f8693
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: ad4eff45cdb0b12af3990945afff9a8f
+        SHA1: 8e1f51761f21148f68ac925cc5f9e9c78f3d5ec4
+        SHA256: d61ce5874adb89b4e992df8df879b568d9c4136df568718a768cd807d789a726
+    Company: Highresolution Enterprises [www.highrez.co.uk]
+    Copyright: Copyright (c) 2008 Highresolution Enterprises. Portions Copyright (c)
+        Logix4u
+    CreationTimestamp: '2008-10-17 17:01:16'
+    Date: ''
+    Description: Kernel level port access driver
+    ExportedFunctions: ''
+    FileVersion: '1.2 x64 built by: WinDDK'
+    Filename: inpoutx64.sys
+    ImportedFunctions:
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - ZwClose
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - IoDeleteDevice
+    - ZwUnmapViewOfSection
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeBugCheckEx
+    - ZwOpenSection
+    - IofCompleteRequest
+    - HalTranslateBusAddress
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: inpoutx64.sys
+    MD5: 9321a61a25c7961d9f36852ecaa86f55
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: inpoutx64.sys
+    Product: inpoutx64 Driver Version 1.2
+    ProductVersion: 1.2 x64
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 1b19b7c8c29ee1a90f9c2b13eb7d131b
+        SHA1: 7adbedde877708b811bc96acc23a31532d6f4f83
+        SHA256: 25afa73a325285db7c250742fbb2de5dc0ce869553c6dc16149ae0c66372c42b
+    SHA1: 6afc6b04cf73dd461e4a4956365f25c1f1162387
+    SHA256: f8965fdce668692c3785afa3559159f9a18287bc0d53abb21902895a8ecf221b
+    Sections:
+        .text:
+            Entropy: 5.89661455260416
+            Virtual Size: '0xaa4'
+        .rdata:
+            Entropy: 4.467747737177358
+            Virtual Size: '0x17c'
+        .data:
+            Entropy: 0.5159719988134768
+            Virtual Size: '0x110'
+        .pdata:
+            Entropy: 3.106290594309254
+            Virtual Size: '0x60'
+        INIT:
+            Entropy: 4.840483025983054
+            Virtual Size: '0x246'
+        .rsrc:
+            Entropy: 3.375001080130226
+            Virtual Size: '0x448'
+    Signature:
+    - Red Fox UK Limited
+    - VeriSign Class 3 Code Signing 2004 CA
+    - VeriSign Class 3 Public Primary CA
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=GB, ST=London, L=London, O=Red Fox UK Limited, OU=Digital ID
+                Class 3 , Microsoft Software Validation v2, OU=Development, CN=Red
+                Fox UK Limited
+            ValidFrom: '2008-10-09 00:00:00'
+            ValidTo: '2009-10-09 23:59:59'
+            Signature: bd4734f0a0a645fcf8cd628a4f2753ec55afe90ba7866f0643a1258c751d29e4e9ba97907778c9628bae1540f78f459a7b8a8e5dc233f214ef0763f1d45625f34fc6cf4a91ce42a8e5bf46e368145d6853a384b40f1f1c6f8a26b91c43214d7b3027141e149bfa308f500c5ad2e9c252d9fb298abd6b7bc79ed8a4458588ec67fbaa20d5dec8dcc29576ad8206b73dc75963d6f8bb48eeb825f6eecdc785b16cafb933bf4de8f0b7d608fc3d68cf7f65b672c58fd7a40928917c42488aea98b0939a03d52a86edd8ea6419b52e2e9682e3682b6dcaaefa7c01f2db8f1ef8863b064cab07faf45b8a47f72e6b45785baee08886f7d0a965ed3368565be63321d9
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 620cbcba5648e27b80aef5226ee67fce
+            Version: 3
+            TBS:
+                MD5: 829bad243d9bc5a00c1e79d729074543
+                SHA1: d3c7c1b9a74057a2ca88fc8c08ea615c2443e474
+                SHA256: 5e426e3820c03eebe44dc5b2e21dc0c0a58b3e810396f571b5aa6d358012fb2b
+                SHA384: 9cccb08402fd8db1f2dfd8649ff887b75723b2e45bf2650490f683e75bb4e1246c899f6aa7d1a4dded666270eb2a9699
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 620cbcba5648e27b80aef5226ee67fce
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    Imphash: 98dc1b41bda471f7eabdce8a5d16c09d
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/920e3326-e5dc-446a-9993-6ec05266e0e0.yaml b/yaml/920e3326-e5dc-446a-9993-6ec05266e0e0.yaml
index 05489bfa0..be9457516 100644
--- a/yaml/920e3326-e5dc-446a-9993-6ec05266e0e0.yaml
+++ b/yaml/920e3326-e5dc-446a-9993-6ec05266e0e0.yaml
@@ -1,100 +1,100 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 920e3326-e5dc-446a-9993-6ec05266e0e0
+Tags:
+- ASIO32.sys
+Verified: 'FALSE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create ASIO32.sys binPath=C:\windows\temp\ASIO32.sys type=kernel
-    && sc.exe start ASIO32.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection: []
-Id: 920e3326-e5dc-446a-9993-6ec05266e0e0
-KnownVulnerableSamples:
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: ASIO32.sys
-  MachineType: ''
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: d569d4bab86e70efbcdfdac9d822139d6f477b7c
-  Signature: []
-  LoadsDespiteHVCI: 'FALSE'
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: ASIO32.sys
-  MachineType: ''
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: 80fa962bdfb76dfcb9e5d13efc38bb3d392f2e77
-  Signature: []
-  LoadsDespiteHVCI: 'FALSE'
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: ASIO32.sys
-  MachineType: ''
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: 5a7dd0da0aee0bdedc14c1b7831b9ce9178a0346
-  Signature: []
-  LoadsDespiteHVCI: 'FALSE'
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: ASIO32.sys
-  MachineType: ''
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: 1acc7a486b52c5ee6619dbdc3b4210b5f48b936f
-  Signature: []
-  LoadsDespiteHVCI: 'FALSE'
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: ASIO32.sys
-  MachineType: ''
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: 55ab7e27412eca433d76513edc7e6e03bcdd7eda
-  Signature: []
-  LoadsDespiteHVCI: 'FALSE'
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: ASIO32.sys
-  MachineType: ''
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: 1e7c241b9a9ea79061b50fb19b3d141dee175c27
-  Signature: []
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create ASIO32.sys binPath=C:\windows\temp\ASIO32.sys type=kernel
+        && sc.exe start ASIO32.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules
-Tags:
-- ASIO32.sys
-Verified: 'FALSE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: ASIO32.sys
+    MachineType: ''
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: d569d4bab86e70efbcdfdac9d822139d6f477b7c
+    Signature: []
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: ASIO32.sys
+    MachineType: ''
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: 80fa962bdfb76dfcb9e5d13efc38bb3d392f2e77
+    Signature: []
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: ASIO32.sys
+    MachineType: ''
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: 5a7dd0da0aee0bdedc14c1b7831b9ce9178a0346
+    Signature: []
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: ASIO32.sys
+    MachineType: ''
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: 1acc7a486b52c5ee6619dbdc3b4210b5f48b936f
+    Signature: []
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: ASIO32.sys
+    MachineType: ''
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: 55ab7e27412eca433d76513edc7e6e03bcdd7eda
+    Signature: []
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: ASIO32.sys
+    MachineType: ''
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: 1e7c241b9a9ea79061b50fb19b3d141dee175c27
+    Signature: []
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/933f5671-e995-4976-8392-52d34dcd4e05.yaml b/yaml/933f5671-e995-4976-8392-52d34dcd4e05.yaml
index 8368aebdd..79d32abdd 100644
--- a/yaml/933f5671-e995-4976-8392-52d34dcd4e05.yaml
+++ b/yaml/933f5671-e995-4976-8392-52d34dcd4e05.yaml
@@ -1,2897 +1,2908 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 933f5671-e995-4976-8392-52d34dcd4e05
+Tags:
+- TdkLib64.sys
+Verified: 'TRUE'
 Author: Takahiro Haruyama
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create TdkLib64sys binPath= C:\windows\temp\TdkLib64sys.sys type=kernel
-    && sc.exe start TdkLib64sys
-  Description: The Carbon Black Threat Analysis Unit (TAU) discovered 34 unique vulnerable
-    drivers (237 file hashes) accepting firmware access. Six allow kernel memory access.
-    All give full control of the devices to non-admin users. By exploiting the vulnerable
-    drivers, an attacker without the system privilege may erase/alter firmware, and/or
-    elevate privileges. As of the time of writing in October 2023, the filenames of
-    the vulnerable drivers have not been made public until now.
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-11-02'
-Detection: []
-Id: 933f5671-e995-4976-8392-52d34dcd4e05
-KnownVulnerableSamples:
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: ''
-  MD5: 7314c2bc19c6608d511ef36e17a12c98
-  MachineType: AMD64
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: c00ad2a252b53cf2d0dc74b53d1af987982e1ad1
-  SHA256: 2695390a8a7448390fe383beb1eee06d582202683f0273d6e72ef39a8cf709e1
-  Signature: ''
-  Imphash: 8e89024d2c0ef0451c12b956a2b55b91
-  Authentihash:
-    MD5: 17fe30c93301824a424f2d61c442692b
-    SHA1: 4a6afd367eaea9dadcf0eb27d8c074d56d5cdd26
-    SHA256: bcf811040c7552a2c93409a6cd2d63f8abbae121acca012e0b7f4fdc0b6a6b8b
-  RichPEHeaderHash:
-    MD5: 8f43a88419886c03fe023e6e8bb424ec
-    SHA1: 7ca56dcd8c21d29497c64b97c2c2846e6486f2e0
-    SHA256: f7a34264dabf38ed51b3d3503cece6cb253df2c04b124f919fcadfce53b4e15d
-  Sections:
-    .text:
-      Entropy: 6.314187537396625
-      Virtual Size: '0x1866'
-    .rdata:
-      Entropy: 4.2312816252942325
-      Virtual Size: '0x238'
-    .data:
-      Entropy: 0.39234506256522045
-      Virtual Size: '0x178'
-    .pdata:
-      Entropy: 3.55456901993206
-      Virtual Size: '0x9c'
-    INIT:
-      Entropy: 5.137238819476553
-      Virtual Size: '0x4ac'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2013-02-26 00:40:56'
-  InternalName: ''
-  Copyright: ''
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - ExAllocatePoolWithTag
-  - IoBuildDeviceIoControlRequest
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - RtlAnsiStringToUnicodeString
-  - MmMapLockedPages
-  - _wcsnicmp
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeInitializeEvent
-  - RtlInitString
-  - RtlFreeUnicodeString
-  - ObQueryNameString
-  - IoDriverObjectType
-  - ExAllocatePool
-  - ExInterlockedInsertTailList
-  - IofCompleteRequest
-  - KeWaitForSingleObject
-  - IoCreateSymbolicLink
-  - ObReferenceObjectByName
-  - IoCreateDevice
-  - IofCallDriver
-  - MmFreeContiguousMemorySpecifyCache
-  - IoBuildSynchronousFsdRequest
-  - KeReleaseSpinLock
-  - MmUnmapIoSpace
-  - MmGetPhysicalAddress
-  - MmMapIoSpace
-  - RtlCompareMemory
-  - MmAllocateContiguousMemorySpecifyCache
-  - KeAcquireSpinLockRaiseToDpc
-  - KeBugCheckEx
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=US, ST=California, L=Milpitas, O=Phoenix Technologies Ltd., OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=CSS Core Features Development,
-        CN=Phoenix Technologies Ltd.
-      ValidFrom: '2012-02-10 00:00:00'
-      ValidTo: '2015-01-20 23:59:59'
-      Signature: 03f3af2715275ae4aea73cc3387ada6f28c483162f0ab9360ce1df19ac11646bf9da729498ff91a84d2932723519f46e49e65e586c62461c324767efaf4bec49fc76efb838154a60c4a41691313048ae814797fa92dc01c4956208a431cfd83d5a4a05494f215efd7cfbc95590ca849d9297bae4147314da22a069570652e026432cf6a7f2184a312d34fc2e45576eafeb0cd41d7236eb91e7650b193a44573244e659b34a6e144d65be79be419a3e43e9a98e45296a75e0d12a86bbac1d9213e032895831ac4e6c62391b25762af8a57c7a49e97007f4e50a6ed121d264ae2fc47c940f30f862116f984a631bcd274fb99b9bdbe258db35c3e9cc55c13f214f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 46e79b91ebefa4d3229b32650e85d0fb
-      Version: 3
-      TBS:
-        MD5: 1d13dffe16459c7c342c031c57a7b495
-        SHA1: 4bb8ae412d1b92f9d2bc840a07822859dafa8ec2
-        SHA256: 2883db9a3e15244ed3e95244eb4cbdcd8240e81684975a5b8a241fa183a0fea7
-        SHA384: 3bf18f6b4af1c8acc05c0e039768caedd2bb966b07f841965a86b3493c1b6c791dacbd0bc0c29aac4325018d108a717b
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 46e79b91ebefa4d3229b32650e85d0fb
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: ''
-  MD5: 251e1ce4e8e9b9418830ed3dc8edd5e3
-  MachineType: AMD64
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: 64d0447cbb0d6a45010b94eb9d5b0b90296edcbf
-  SHA256: 31e2e5c3290989e8624820cf5af886fd778ee8187fed593f33a6178f65103f37
-  Signature: ''
-  Imphash: ca07de87d444c1d2d10e16e9dcc2dc19
-  Authentihash:
-    MD5: 30b8c9b7e0cfc6d8cae8171887635007
-    SHA1: 28fcbce6c60bc9f0e815dd339f1c08fa4cc80dd7
-    SHA256: 9ff4ef4bc143cb8df2ae2f800d5124b117456b2e04d4c33db766b7e8e21ea048
-  RichPEHeaderHash:
-    MD5: 3c8c51e1eb7199bab0758c589bcfb301
-    SHA1: 2387e8750ceb0d1e37ca2845989a8983ce655714
-    SHA256: f121b3b9af4b659fbdc303a12a03ba74c2959eff5a6ee58b43fa29a87ffed9ef
-  Sections:
-    .text:
-      Entropy: 6.26714133499097
-      Virtual Size: '0x1956'
-    .rdata:
-      Entropy: 4.164220940594536
-      Virtual Size: '0x264'
-    .data:
-      Entropy: 0.39234506256522045
-      Virtual Size: '0x178'
-    .pdata:
-      Entropy: 3.5969790202257848
-      Virtual Size: '0xb4'
-    INIT:
-      Entropy: 5.150733446279817
-      Virtual Size: '0x48a'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2017-07-21 05:02:14'
-  InternalName: ''
-  Copyright: ''
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - ExAllocatePoolWithTag
-  - IoBuildDeviceIoControlRequest
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - RtlAnsiStringToUnicodeString
-  - MmMapLockedPages
-  - _wcsnicmp
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeInitializeEvent
-  - RtlInitString
-  - RtlFreeUnicodeString
-  - ObQueryNameString
-  - IoDriverObjectType
-  - ExAllocatePool
-  - ExInterlockedInsertTailList
-  - IofCompleteRequest
-  - KeWaitForSingleObject
-  - IoCreateSymbolicLink
-  - ObReferenceObjectByName
-  - IoCreateDevice
-  - IofCallDriver
-  - MmFreeContiguousMemorySpecifyCache
-  - IoBuildSynchronousFsdRequest
-  - MmUnmapIoSpace
-  - MmGetPhysicalAddress
-  - MmMapIoSpace
-  - RtlCompareMemory
-  - MmAllocateContiguousMemorySpecifyCache
-  - KeBugCheckEx
-  - __C_specific_handler
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=US, ST=California, L=Campbell, O=Phoenix Technologies Ltd., CN=Phoenix
-        Technologies Ltd.
-      ValidFrom: '2015-01-07 00:00:00'
-      ValidTo: '2018-02-05 23:59:59'
-      Signature: d5f6b528948bb2bcc237002b1e5c892eeff9b293f7623bebbd811a1ea79fcafafc79cb936b4ad2b9e472f2102d0f49ef135883d7467fa3341bde8e67073a05a4ff28c658b263f37402f81663d37270b3763c93750d868519acd37806b3858eeae68eea4bbba1b7f35097ec51356fb8528ae75e170cff984b4c0a1f1c24fe2db55ac3e9a32cfa5c6ee207dcb001e1bcaeae1e4cd4771b3cf3ed0471c1d36f1be6003ad67a2682d607d2ac7bc64baa66b1ff0d99c5b62a258df9feb09ffc7f77ea2dfa187beeb1ce077d111a7e5614a218796885a8328113e91620091feb6c5b906db8e09344e3d9ad5571737076a6d5a506775f71dc6e712d0acabe342f5d1a3b
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 398dac5aceed96bd2722943deb287519
-      Version: 3
-      TBS:
-        MD5: 6be1b0e46d009e1aca49365bf2d882a5
-        SHA1: b8c19cce8c4b08d110c3a60b152752b081fac4f8
-        SHA256: 1b444d28fb526dac9de47b8d5cd9a9379b540bc426fa93d284d3bd8099681853
-        SHA384: 4d4e0dbf395dd65f6932bd2438b0ecafb7504758692ef15b500af2d2a280e7da0f512536ea7432d9ed143aa30a255ab0
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 398dac5aceed96bd2722943deb287519
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: ''
-  MD5: dc9be271f403e2278071d6ece408ff28
-  MachineType: AMD64
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: 42f6bfcf558ef6da9254ed263a89abf4e909b5d5
-  SHA256: 38e6d7c2787b6289629c72b1ec87655392267044b4e4b830c0232243657ee8f9
-  Signature: ''
-  Imphash: c0f234205c50cc713673353c9653eea1
-  Authentihash:
-    MD5: 9b955306140aa5e1a96b98d4da9808af
-    SHA1: 1a5d50a3ad402e1e8f84b488e11876a79603bd3c
-    SHA256: 34f26fbfb72329cbb7f25d2b40cb0f553e1a80373972bcdad62c3c6284d5b2b1
-  RichPEHeaderHash:
-    MD5: 25af09332fac379f7e0cc3e44f5ee2eb
-    SHA1: c466b153ee4a7f6e3ff475b143a2f6fceb4cb671
-    SHA256: 1fd199f99fc5a48efc818862e04d5ee7e6040afa402c188f6d13c8a00e075ccf
-  Sections:
-    .text:
-      Entropy: 6.216920679033498
-      Virtual Size: '0x1646'
-    .rdata:
-      Entropy: 3.785676432274506
-      Virtual Size: '0x554'
-    .data:
-      Entropy: 1.0016266655996542
-      Virtual Size: '0x70'
-    .pdata:
-      Entropy: 3.582377041805425
-      Virtual Size: '0xc0'
-    INIT:
-      Entropy: 5.1282156081728365
-      Virtual Size: '0x476'
-    .reloc:
-      Entropy: 2.5638651219508537
-      Virtual Size: '0x14'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2018-10-15 06:03:36'
-  InternalName: ''
-  Copyright: ''
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - RtlCompareMemory
-  - KeInitializeEvent
-  - KeWaitForSingleObject
-  - MmMapLockedPagesSpecifyCache
-  - MmMapIoSpace
-  - MmUnmapIoSpace
-  - MmAllocateContiguousMemorySpecifyCache
-  - MmFreeContiguousMemorySpecifyCache
-  - IoBuildSynchronousFsdRequest
-  - IofCallDriver
-  - IofCompleteRequest
-  - MmGetPhysicalAddress
-  - __C_specific_handler
-  - _wcsnicmp
-  - RtlInitString
-  - RtlInitUnicodeString
-  - RtlAnsiStringToUnicodeString
-  - RtlFreeUnicodeString
-  - KeInitializeSpinLock
-  - ExAllocatePool
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - ExInterlockedInsertTailList
-  - IoBuildDeviceIoControlRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ObReferenceObjectByName
-  - ObQueryNameString
-  - IoDriverObjectType
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 Extended Validation Code Signing CA , G2
-      ValidFrom: '2014-03-04 00:00:00'
-      ValidTo: '2024-03-03 23:59:59'
-      Signature: 3f5b19f3fa13d575382a5aee9f5aa04ca91dc5cc94eede15fef5106ea41ba56483541858c40b28a185c34e74e5ff897cfed5ed3cba719f5602268f162a88feb0a32722ce4be2388e00a63a865f9de53ea8de644941744121fd07c88417da1d653082cb264f39d60427a481b14b49c3238b7e02321827b7ab0bf31872b6a4ee67066f38a6588de0f17e5da460c6a8e5505fe0e8bae28f9958b6b5a0a876f1a2f11c8841727e52979b0a36998d50f701eb3ce7f0226ae5358c63368a1ab1d967665f971aefa8209df02fba6cced9948500f158f17dc97c22b5075d02c6e60bbfab9393ff27188e33367e5734f1c3af04c184f156b3e8878336f8d30a31dc6e2c6d
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 191a32cb759c97b8cfac118dd5127f49
-      Version: 3
-      TBS:
-        MD5: 788b61bd26da89253179e3de2cdb527f
-        SHA1: 7d06f16e7bf21bce4f71c2cb7a3e74351451bf69
-        SHA256: b3c925b4048c3f7c444d248a2b101186b57cba39596eb5dce0e17a4ee4b32f19
-        SHA384: 2955e28cb7ec0ea9730b499a0f189f9621eceb02591a9486b583f12bb845885a30d6a871826318a167cc5f06b274e58c
-    - Subject: ??=US, ??=Delaware, ??=Campbell, ??=Private Organization, serialNumber=2106032,
-        C=US, ST=California, L=Campbell, O=Phoenix Technologies Ltd., CN=Phoenix Technologies
-        Ltd.
-      ValidFrom: '2018-03-09 00:00:00'
-      ValidTo: '2021-03-08 23:59:59'
-      Signature: 3bcdb9c165b3148a5fe97e79c78478ea9c723aeb006aea07153b60bf9989582ecc691d64dc320226d6713610b188ae5046dd2d9c8a921bc778c13f6e5483e2543456004c9beb0d89872c993db902579433690b6abdb27259063c5a04ad2659dd7081b5f57d0202bf9c3407787005eec2470328b43f2ca2814482c4bcbcc742090493fc6198d4eae9c8957f132a7c33104fce83e96e23a60046149b99bba10b3e17a1faf3edc2fbacdf2e9969667a3bb353511a8fbcc1461d491b42f1f1ef87bd2fac6d087e585551ae4925adb80d9e899e6be9e4b5131c12cf4b94fd390854671f7b0b4aeaef452c608ae7f80c5853beaa4ae9569b240d4c4e0489502500569c
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 411882032859087bea5fdd62c591749a
-      Version: 3
-      TBS:
-        MD5: 01e3c1335693d085eb16e91794ae8bc9
-        SHA1: 74c6122a0fe3aece8641010636bba0386886d560
-        SHA256: 2a12b6e798b6d54f362772299d947e96ca207b7eff907128637288c91eeff5ae
-        SHA384: 1ec4aa55a8ca4cb8ed1d4bcdace16f0e5ddf0300fff39251f933da55cd8a67e967ed907b3dc9db732df4070a56a51e07
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    Signer:
-    - SerialNumber: 411882032859087bea5fdd62c591749a
-      Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 Extended Validation Code Signing CA , G2
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: ''
-  MD5: 67b5b8607234bf63ce1e6a52b4a05f87
-  MachineType: AMD64
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: c40ff3ebf6b5579108165be63250634823db32ec
-  SHA256: 39f137083e6c0200543e1f8d3c074f857d141bdb8c8f09338d48520537b881aa
-  Signature: ''
-  Imphash: c314c92b5c25c6f4323e3efaf8bde47a
-  Authentihash:
-    MD5: 170f46d50f022ad74eda4920a382ad7f
-    SHA1: 8a156e7fed2b688235377e5febf83fe5ea028622
-    SHA256: 5c3ac6f22b3f1614ad0c01c180421f7588460accba5065562bf735d24bd3c674
-  RichPEHeaderHash:
-    MD5: bb8d67432230dce7ef11d870c022c480
-    SHA1: 83e709fde888662a077707203763bafe861a6d97
-    SHA256: dc6dd9b2a9c544641f89800edd094d239c96e27f51938edb4a648804e362da07
-  Sections:
-    .text:
-      Entropy: 6.302108109098436
-      Virtual Size: '0x18c6'
-    .rdata:
-      Entropy: 3.8585240433380035
-      Virtual Size: '0x59c'
-    .data:
-      Entropy: 7.274350554405162
-      Virtual Size: '0x290'
-    .pdata:
-      Entropy: 3.622170128314206
-      Virtual Size: '0xf0'
-    INIT:
-      Entropy: 5.160676316276597
-      Virtual Size: '0x45c'
-    .reloc:
-      Entropy: 2.7588718484453603
-      Virtual Size: '0x14'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2020-05-27 04:42:38'
-  InternalName: ''
-  Copyright: ''
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - RtlCompareMemory
-  - KeInitializeEvent
-  - KeWaitForSingleObject
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - MmMapIoSpace
-  - MmUnmapIoSpace
-  - MmAllocateContiguousMemorySpecifyCache
-  - MmFreeContiguousMemorySpecifyCache
-  - IoBuildSynchronousFsdRequest
-  - IofCallDriver
-  - IofCompleteRequest
-  - MmGetPhysicalAddress
-  - __C_specific_handler
-  - _wcsnicmp
-  - RtlInitString
-  - RtlInitUnicodeString
-  - RtlAnsiStringToUnicodeString
-  - RtlFreeUnicodeString
-  - KeInitializeSpinLock
-  - ExInterlockedInsertTailList
-  - MmMapLockedPagesSpecifyCache
-  - IoBuildDeviceIoControlRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ObReferenceObjectByName
-  - ObQueryNameString
-  - IoDriverObjectType
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 Extended Validation Code Signing CA , G2
-      ValidFrom: '2014-03-04 00:00:00'
-      ValidTo: '2024-03-03 23:59:59'
-      Signature: 3f5b19f3fa13d575382a5aee9f5aa04ca91dc5cc94eede15fef5106ea41ba56483541858c40b28a185c34e74e5ff897cfed5ed3cba719f5602268f162a88feb0a32722ce4be2388e00a63a865f9de53ea8de644941744121fd07c88417da1d653082cb264f39d60427a481b14b49c3238b7e02321827b7ab0bf31872b6a4ee67066f38a6588de0f17e5da460c6a8e5505fe0e8bae28f9958b6b5a0a876f1a2f11c8841727e52979b0a36998d50f701eb3ce7f0226ae5358c63368a1ab1d967665f971aefa8209df02fba6cced9948500f158f17dc97c22b5075d02c6e60bbfab9393ff27188e33367e5734f1c3af04c184f156b3e8878336f8d30a31dc6e2c6d
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 191a32cb759c97b8cfac118dd5127f49
-      Version: 3
-      TBS:
-        MD5: 788b61bd26da89253179e3de2cdb527f
-        SHA1: 7d06f16e7bf21bce4f71c2cb7a3e74351451bf69
-        SHA256: b3c925b4048c3f7c444d248a2b101186b57cba39596eb5dce0e17a4ee4b32f19
-        SHA384: 2955e28cb7ec0ea9730b499a0f189f9621eceb02591a9486b583f12bb845885a30d6a871826318a167cc5f06b274e58c
-    - Subject: ??=US, ??=Delaware, ??=Campbell, ??=Private Organization, serialNumber=2106032,
-        C=US, ST=California, L=Campbell, O=Phoenix Technologies Ltd., CN=Phoenix Technologies
-        Ltd.
-      ValidFrom: '2018-03-09 00:00:00'
-      ValidTo: '2021-03-08 23:59:59'
-      Signature: 3bcdb9c165b3148a5fe97e79c78478ea9c723aeb006aea07153b60bf9989582ecc691d64dc320226d6713610b188ae5046dd2d9c8a921bc778c13f6e5483e2543456004c9beb0d89872c993db902579433690b6abdb27259063c5a04ad2659dd7081b5f57d0202bf9c3407787005eec2470328b43f2ca2814482c4bcbcc742090493fc6198d4eae9c8957f132a7c33104fce83e96e23a60046149b99bba10b3e17a1faf3edc2fbacdf2e9969667a3bb353511a8fbcc1461d491b42f1f1ef87bd2fac6d087e585551ae4925adb80d9e899e6be9e4b5131c12cf4b94fd390854671f7b0b4aeaef452c608ae7f80c5853beaa4ae9569b240d4c4e0489502500569c
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 411882032859087bea5fdd62c591749a
-      Version: 3
-      TBS:
-        MD5: 01e3c1335693d085eb16e91794ae8bc9
-        SHA1: 74c6122a0fe3aece8641010636bba0386886d560
-        SHA256: 2a12b6e798b6d54f362772299d947e96ca207b7eff907128637288c91eeff5ae
-        SHA384: 1ec4aa55a8ca4cb8ed1d4bcdace16f0e5ddf0300fff39251f933da55cd8a67e967ed907b3dc9db732df4070a56a51e07
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    Signer:
-    - SerialNumber: 411882032859087bea5fdd62c591749a
-      Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 Extended Validation Code Signing CA , G2
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: ''
-  MD5: 278761b706276f9b49e1e2fd21b9cb07
-  MachineType: AMD64
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: 1a40773dc430d7cb102710812b8c61fc51dfb79b
-  SHA256: 4c807bacfcf5c30686e26812ec8d5581a824b82fee7434260c27c33eee2dfbe2
-  Signature: ''
-  Imphash: 08ab07a2bc35aea02cd6d1efbb954cb3
-  Authentihash:
-    MD5: f6bbe66fb5bb6f2267ff6a4f539c1750
-    SHA1: 6bd9a4ceb35bdf8cf449d85b9c1424dec1482638
-    SHA256: 8866f6e762dd7dea58c9e9486da53d716f3ae61048a8a10f8033b60fb5028914
-  RichPEHeaderHash:
-    MD5: 47afc8a42199c7b0e213ec7bad562ce0
-    SHA1: 3217e5687b42d4bf1492aabbaa815542c442c65a
-    SHA256: 3036df2e8a70d607b5b1406c6fc1598f1adc560ae779b5dfb13d873e748794b0
-  Sections:
-    .text:
-      Entropy: 6.27156267705071
-      Virtual Size: '0x1616'
-    .rdata:
-      Entropy: 3.920535734118554
-      Virtual Size: '0x558'
-    .data:
-      Entropy: 1.0016266655996542
-      Virtual Size: '0x70'
-    .pdata:
-      Entropy: 3.6754740871125398
-      Virtual Size: '0xf0'
-    .gfids:
-      Entropy: 0.8112781244591328
-      Virtual Size: '0x4'
-    INIT:
-      Entropy: 5.107312631252296
-      Virtual Size: '0x456'
-    .reloc:
-      Entropy: 2.7500000000000004
-      Virtual Size: '0x18'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2017-03-02 18:26:04'
-  InternalName: ''
-  Copyright: ''
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - RtlCompareMemory
-  - KeInitializeEvent
-  - KeWaitForSingleObject
-  - MmMapLockedPagesSpecifyCache
-  - MmMapIoSpace
-  - MmUnmapIoSpace
-  - MmAllocateContiguousMemorySpecifyCache
-  - MmFreeContiguousMemorySpecifyCache
-  - IoBuildSynchronousFsdRequest
-  - IofCallDriver
-  - IofCompleteRequest
-  - MmGetPhysicalAddress
-  - _wcsnicmp
-  - RtlInitString
-  - RtlInitUnicodeString
-  - RtlAnsiStringToUnicodeString
-  - RtlFreeUnicodeString
-  - KeInitializeSpinLock
-  - ExAllocatePool
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - ExInterlockedInsertTailList
-  - IoBuildDeviceIoControlRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ObReferenceObjectByName
-  - ObQueryNameString
-  - IoDriverObjectType
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=US, ST=California, L=Campbell, O=Phoenix Technologies Ltd., CN=Phoenix
-        Technologies Ltd.
-      ValidFrom: '2015-01-07 00:00:00'
-      ValidTo: '2018-02-05 23:59:59'
-      Signature: d5f6b528948bb2bcc237002b1e5c892eeff9b293f7623bebbd811a1ea79fcafafc79cb936b4ad2b9e472f2102d0f49ef135883d7467fa3341bde8e67073a05a4ff28c658b263f37402f81663d37270b3763c93750d868519acd37806b3858eeae68eea4bbba1b7f35097ec51356fb8528ae75e170cff984b4c0a1f1c24fe2db55ac3e9a32cfa5c6ee207dcb001e1bcaeae1e4cd4771b3cf3ed0471c1d36f1be6003ad67a2682d607d2ac7bc64baa66b1ff0d99c5b62a258df9feb09ffc7f77ea2dfa187beeb1ce077d111a7e5614a218796885a8328113e91620091feb6c5b906db8e09344e3d9ad5571737076a6d5a506775f71dc6e712d0acabe342f5d1a3b
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 398dac5aceed96bd2722943deb287519
-      Version: 3
-      TBS:
-        MD5: 6be1b0e46d009e1aca49365bf2d882a5
-        SHA1: b8c19cce8c4b08d110c3a60b152752b081fac4f8
-        SHA256: 1b444d28fb526dac9de47b8d5cd9a9379b540bc426fa93d284d3bd8099681853
-        SHA384: 4d4e0dbf395dd65f6932bd2438b0ecafb7504758692ef15b500af2d2a280e7da0f512536ea7432d9ed143aa30a255ab0
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 398dac5aceed96bd2722943deb287519
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: ''
-  MD5: 2a8662e91a51d8e04a94fa580c7d3828
-  MachineType: AMD64
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: b62c5bae9c6541620379115a7ba0036ecfa19537
-  SHA256: 506f56996fbcd34ff8a27e6948a2e2e21e6dbf42dab6e3a6438402000b969fd1
-  Signature: ''
-  Imphash: 304c4fcf70cfc8299a3b6eed8e7bbb31
-  Authentihash:
-    MD5: 284bf44bdeda4a63582117174153f763
-    SHA1: f682aeabaf6797e57d971eb3cca5fd16f7b75ac0
-    SHA256: 5dc477cc45e4c1421296373adef9f5795fb9f5035f1400c72bb37678ad7f8954
-  RichPEHeaderHash:
-    MD5: 0327cc0517e0e9e56e4df1dacde75bf9
-    SHA1: 9db1868fc10605233cc1884fe998c8d22f955a3e
-    SHA256: 96fcbbe4e69ad34caa02d8782a75a118481861950a0c08b454a8dc33263f051a
-  Sections:
-    .text:
-      Entropy: 6.316270781738273
-      Virtual Size: '0x1836'
-    .rdata:
-      Entropy: 4.306195224448444
-      Virtual Size: '0x228'
-    .data:
-      Entropy: 0.39234506256522045
-      Virtual Size: '0x178'
-    .pdata:
-      Entropy: 3.5124548894856105
-      Virtual Size: '0x9c'
-    INIT:
-      Entropy: 5.141506839882625
-      Virtual Size: '0x46a'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2013-07-11 20:37:28'
-  InternalName: ''
-  Copyright: ''
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - ExAllocatePoolWithTag
-  - IoBuildDeviceIoControlRequest
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - RtlAnsiStringToUnicodeString
-  - MmMapLockedPages
-  - _wcsnicmp
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeInitializeEvent
-  - RtlInitString
-  - RtlFreeUnicodeString
-  - ObQueryNameString
-  - IoDriverObjectType
-  - ExAllocatePool
-  - ExInterlockedInsertTailList
-  - IofCompleteRequest
-  - KeWaitForSingleObject
-  - IoCreateSymbolicLink
-  - ObReferenceObjectByName
-  - IoCreateDevice
-  - IofCallDriver
-  - MmFreeContiguousMemorySpecifyCache
-  - IoBuildSynchronousFsdRequest
-  - MmUnmapIoSpace
-  - MmGetPhysicalAddress
-  - MmMapIoSpace
-  - RtlCompareMemory
-  - MmAllocateContiguousMemorySpecifyCache
-  - KeBugCheckEx
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=US, ST=California, L=Milpitas, O=Phoenix Technologies Ltd., OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=CSS Core Features Development,
-        CN=Phoenix Technologies Ltd.
-      ValidFrom: '2012-02-10 00:00:00'
-      ValidTo: '2015-01-20 23:59:59'
-      Signature: 03f3af2715275ae4aea73cc3387ada6f28c483162f0ab9360ce1df19ac11646bf9da729498ff91a84d2932723519f46e49e65e586c62461c324767efaf4bec49fc76efb838154a60c4a41691313048ae814797fa92dc01c4956208a431cfd83d5a4a05494f215efd7cfbc95590ca849d9297bae4147314da22a069570652e026432cf6a7f2184a312d34fc2e45576eafeb0cd41d7236eb91e7650b193a44573244e659b34a6e144d65be79be419a3e43e9a98e45296a75e0d12a86bbac1d9213e032895831ac4e6c62391b25762af8a57c7a49e97007f4e50a6ed121d264ae2fc47c940f30f862116f984a631bcd274fb99b9bdbe258db35c3e9cc55c13f214f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 46e79b91ebefa4d3229b32650e85d0fb
-      Version: 3
-      TBS:
-        MD5: 1d13dffe16459c7c342c031c57a7b495
-        SHA1: 4bb8ae412d1b92f9d2bc840a07822859dafa8ec2
-        SHA256: 2883db9a3e15244ed3e95244eb4cbdcd8240e81684975a5b8a241fa183a0fea7
-        SHA384: 3bf18f6b4af1c8acc05c0e039768caedd2bb966b07f841965a86b3493c1b6c791dacbd0bc0c29aac4325018d108a717b
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 46e79b91ebefa4d3229b32650e85d0fb
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: ''
-  MD5: d6c2e061b21c32c585aca5f38335c21c
-  MachineType: AMD64
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: c32e6cddc7731408c747fd47af3d62861719fd7b
-  SHA256: 5be106b92424b12865338b3f541b3c244dce9693fe15f763316f0c6d6fc073ee
-  Signature: ''
-  Imphash: c314c92b5c25c6f4323e3efaf8bde47a
-  Authentihash:
-    MD5: 4e3e460d4cebf0c109477be5ce7f933c
-    SHA1: ef3256203e0f93ee9d8802a135641decf9fbe2b0
-    SHA256: eb91e05733244a23f741a299e5e4a57836685a8f45366e690bc30b4befc02b14
-  RichPEHeaderHash:
-    MD5: 7dccb668b18d4ec94e70c61adaaa5c5d
-    SHA1: d1e9f09023dc9f3c7def0484190ce457e1b1c02b
-    SHA256: c66ae3ec17228270aa20ecb5af691fbd80ff012b527866cd38575f77a67cb02b
-  Sections:
-    .text:
-      Entropy: 6.302108109098436
-      Virtual Size: '0x18c6'
-    .rdata:
-      Entropy: 3.849325589974584
-      Virtual Size: '0x59c'
-    .data:
-      Entropy: 7.274350554405162
-      Virtual Size: '0x290'
-    .pdata:
-      Entropy: 3.622170128314206
-      Virtual Size: '0xf0'
-    INIT:
-      Entropy: 5.160676316276597
-      Virtual Size: '0x45c'
-    .reloc:
-      Entropy: 2.7588718484453603
-      Virtual Size: '0x14'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2022-02-14 23:48:36'
-  InternalName: ''
-  Copyright: ''
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - RtlCompareMemory
-  - KeInitializeEvent
-  - KeWaitForSingleObject
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - MmMapIoSpace
-  - MmUnmapIoSpace
-  - MmAllocateContiguousMemorySpecifyCache
-  - MmFreeContiguousMemorySpecifyCache
-  - IoBuildSynchronousFsdRequest
-  - IofCallDriver
-  - IofCompleteRequest
-  - MmGetPhysicalAddress
-  - __C_specific_handler
-  - _wcsnicmp
-  - RtlInitString
-  - RtlInitUnicodeString
-  - RtlAnsiStringToUnicodeString
-  - RtlFreeUnicodeString
-  - KeInitializeSpinLock
-  - ExInterlockedInsertTailList
-  - MmMapLockedPagesSpecifyCache
-  - IoBuildDeviceIoControlRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ObReferenceObjectByName
-  - ObQueryNameString
-  - IoDriverObjectType
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert, Inc., CN=DigiCert Timestamp 2021
-      ValidFrom: '2021-01-01 00:00:00'
-      ValidTo: '2031-01-06 00:00:00'
-      Signature: 481cdcb5e99a23bce71ae7200e8e6746fd427251740a2347a3ab92d225c47059be14a0e52781a54d1415190779f0d104c386d93bbdfe4402664ded69a40ff6b870cf62e8f5514a7879367a27b7f3e7529f93a7ed439e7be7b4dd412289fb87a246034efcf4feb76477635f2352698382fa1a53ed90cc8da117730df4f36539704bf39cd67a7bda0cbc3d32d01bcbf561fc75080076bc810ef8c0e15ccfc41172e71b6449d8229a751542f52d323881daf460a2bab452fb5ce06124254fb2dfc929a8734351dabd63d61f5b9bf72e1b4f131df74a0d717e97b7f43f84ebc1e3a349a1facea7bf56cfba597661895f7ea7b48e6778f93698e1cb28da5b87a68a2f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 0d424ae0be3a88ff604021ce1400f0dd
-      Version: 3
-      TBS:
-        MD5: c0189c338449a42fe8358c2c1fbecc60
-        SHA1: b8ac0ee6875594b80ad86a6df6dd1fa3048c187c
-        SHA256: a43de6baf968a942da017b70769fdb65b3cfb1bbca1f9174da26a7d8aae78ec5
-        SHA384: 76d3a316a5a106050298418cce3beea16100524723d9e3220b0de51bfb6f1c35a5d4c7cd10b358fef7bf94c3e3562150
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Assured
-        ID Timestamping CA
-      ValidFrom: '2016-01-07 12:00:00'
-      ValidTo: '2031-01-07 12:00:00'
-      Signature: 719512e951875669cdefddda7caa637ab378cf06374084ef4b84bfcacf0302fdc5a7c30e20422caf77f32b1f0c215a2ab705341d6aae99f827a266bf09aa60df76a43a930ff8b2d1d87c1962e85e82251ec4ba1c7b2c21e2d65b2c1435430468b2db7502e072c798d63c64e51f4810185f8938614d62462487638c91522caf2989e5781fd60b14a580d7124770b375d59385937eb69267fb536189a8f56b96c0f458690d7cc801b1b92875b7996385228c61ca79947e59fc8c0fe36fb50126b66ca5ee875121e458609bba0c2d2b6da2c47ebbc4252b4702087c49ae13b6e17c424228c61856cf4134b6665db6747bf55633222f2236b24ba24a95d8f5a68e52
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 0aa125d6d6321b7e41e405da3697c215
-      Version: 3
-      TBS:
-        MD5: 8d26184fc613f89aba1cefb30fce1b53
-        SHA1: 63a7e376bad5ec2e419d514a403bcf46c8d31d95
-        SHA256: 56b5f0d9db578e3f142921daa387902722a76700375c7e1c4ae0ba004bacaa0c
-        SHA384: d8c9691fe9dbe182f07b49b07fbb4f589fa7b38b5c4d21f265d3a2e818f4b1bfb39e03faab2ec05bb10333a99914fb8a
-    - Subject: ??=US, ??=Delaware, ??=Private Organization, serialNumber=3966158,
-        C=US, ST=Oregon, L=Beaverton, O=Phoenix Technologies Inc, CN=Phoenix Technologies
-        Inc
-      ValidFrom: '2021-02-18 00:00:00'
-      ValidTo: '2024-04-09 23:59:59'
-      Signature: 6e6816a7a16a5cddeb3e3ae55f7006571e82f0c6de89312a3c25079848bce77ded4339b83eb59e320c67fa5893f6490b39281a49e88d3217c6811d8f1754700660f46b10958431fd6ec9c5c13f9ee1c8709ac8544a160c04dfa2e399aaf66f1f90f6e1f802a2682edfd6070da89d6a3d588667fdb66769a0e032cfedd4980d87fa6643449d6e886c91f7c6ac3abae3d4b58c92959f13e46622d86cfd105a86f3f30e3c7cd00983d368b466d10e5401eb6b5a2f6eaab248573691bbd990f50766c02af12842e128dcbc2eca1c373063d9b3e55c13291099360db6cb89360d2d19ebf16c79488c80471ad6153ec1411a5d2fcea3c5d3f773f2247bc3ff55902eb9
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 01bee7b15e85c862c8f6bb0509d7272a
-      Version: 3
-      TBS:
-        MD5: 803395cf9897c5a2f1dd15a172082631
-        SHA1: e814fd62616c96b050d5c803d3a37cf201c60d83
-        SHA256: 640d5d1d4c108ea59c06bc589de7749c31222f9c218cf6aa8c41638c8158a458
-        SHA384: 8303b0686b352326040753d8f397192127a0b3d921a67d08a5d273375439cb8f9b050779088021c1426067a475268c75
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA (SHA2)
-      ValidFrom: '2012-04-18 12:00:00'
-      ValidTo: '2027-04-18 12:00:00'
-      Signature: 19334a0c813337dbad36c9e4c93abbb51b2e7aa2e2f44342179ebf4ea14de1b1dbe981dd9f01f2e488d5e9fe09fd21c1ec5d80d2f0d6c143c2fe772bdbf9d79133ce6cd5b2193be62ed6c9934f88408ecde1f57ef10fc6595672e8eb6a41bd1cd546d57c49ca663815c1bfe091707787dcc98d31c90c29a233ed8de287cd898d3f1bffd5e01a978b7cda6dfba8c6b23a666b7b01b3cdd8a634ec1201ab9558a5c45357a860e6e70212a0b92364a24dbb7c81256421becfee42184397bba53706af4dff26a54d614bec4641b865ceb8799e08960b818c8a3b8fc7998ca32a6e986d5e61c696b78ab9612d93b8eb0e0443d7f5fea6f062d4996aa5c1c1f0649480
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 03f1b4e15f3a82f1149678b3d7d8475c
-      Version: 3
-      TBS:
-        MD5: 83f5de89f641d0fbf60248e10a7b9534
-        SHA1: 382a73a059a08698d6eb98c87e1b36fc750933a4
-        SHA256: eec58131dc11cd7f512501b15fdbc6074c603b68ca91f7162d5a042054edb0cf
-        SHA384: 4a25018683cabfb8ec2cad136334f37f33c89aa8540326322991d997c8adfb7faf06ab602ebd46630fe75fe3d2edc6b1
-    Signer:
-    - SerialNumber: 01bee7b15e85c862c8f6bb0509d7272a
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA (SHA2)
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: ''
-  MD5: 9bcb97a1697a70f59405786759af63b8
-  MachineType: AMD64
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: 91d026cd98de124d281fd6a8e7c54ddf6b913804
-  SHA256: 5fbfd7c4ea3db1197ad38d5a945acf6f2f42cb350380cf8ae276bc80b0dedb77
-  Signature: ''
-  Imphash: c0f234205c50cc713673353c9653eea1
-  Authentihash:
-    MD5: e3ccc0b4d5052cc744915a42c534df83
-    SHA1: 1767ade8ac3e931082b02f04b5d2e004e6f9c10b
-    SHA256: cd57abaf2f20ea5b3f56db1193cb3772aa09bb2be3c4fa8001e7cf72ae1f078c
-  RichPEHeaderHash:
-    MD5: 0b8f8f54508aae1d079ad775204e1c2d
-    SHA1: 9fe6c55e84c338b43d4eb42cde82d07f678bca21
-    SHA256: d7b83d2ada2f0f63415dda054619882dd98d8cea0878af6d1e7b9fa951866846
-  Sections:
-    .text:
-      Entropy: 6.228981723725189
-      Virtual Size: '0x1616'
-    .rdata:
-      Entropy: 3.7885851334964684
-      Virtual Size: '0x514'
-    .data:
-      Entropy: 1.0016266655996542
-      Virtual Size: '0x70'
-    .pdata:
-      Entropy: 3.5453801509316722
-      Virtual Size: '0xc0'
-    INIT:
-      Entropy: 5.142074139745574
-      Virtual Size: '0x476'
-    .reloc:
-      Entropy: 2.314979820516481
-      Virtual Size: '0x14'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2018-02-04 22:55:39'
-  InternalName: ''
-  Copyright: ''
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - RtlCompareMemory
-  - KeInitializeEvent
-  - KeWaitForSingleObject
-  - MmMapLockedPagesSpecifyCache
-  - MmMapIoSpace
-  - MmUnmapIoSpace
-  - MmAllocateContiguousMemorySpecifyCache
-  - MmFreeContiguousMemorySpecifyCache
-  - IoBuildSynchronousFsdRequest
-  - IofCallDriver
-  - IofCompleteRequest
-  - MmGetPhysicalAddress
-  - __C_specific_handler
-  - _wcsnicmp
-  - RtlInitString
-  - RtlInitUnicodeString
-  - RtlAnsiStringToUnicodeString
-  - RtlFreeUnicodeString
-  - KeInitializeSpinLock
-  - ExAllocatePool
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - ExInterlockedInsertTailList
-  - IoBuildDeviceIoControlRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ObReferenceObjectByName
-  - ObQueryNameString
-  - IoDriverObjectType
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 Extended Validation Code Signing CA , G2
-      ValidFrom: '2014-03-04 00:00:00'
-      ValidTo: '2024-03-03 23:59:59'
-      Signature: 3f5b19f3fa13d575382a5aee9f5aa04ca91dc5cc94eede15fef5106ea41ba56483541858c40b28a185c34e74e5ff897cfed5ed3cba719f5602268f162a88feb0a32722ce4be2388e00a63a865f9de53ea8de644941744121fd07c88417da1d653082cb264f39d60427a481b14b49c3238b7e02321827b7ab0bf31872b6a4ee67066f38a6588de0f17e5da460c6a8e5505fe0e8bae28f9958b6b5a0a876f1a2f11c8841727e52979b0a36998d50f701eb3ce7f0226ae5358c63368a1ab1d967665f971aefa8209df02fba6cced9948500f158f17dc97c22b5075d02c6e60bbfab9393ff27188e33367e5734f1c3af04c184f156b3e8878336f8d30a31dc6e2c6d
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 191a32cb759c97b8cfac118dd5127f49
-      Version: 3
-      TBS:
-        MD5: 788b61bd26da89253179e3de2cdb527f
-        SHA1: 7d06f16e7bf21bce4f71c2cb7a3e74351451bf69
-        SHA256: b3c925b4048c3f7c444d248a2b101186b57cba39596eb5dce0e17a4ee4b32f19
-        SHA384: 2955e28cb7ec0ea9730b499a0f189f9621eceb02591a9486b583f12bb845885a30d6a871826318a167cc5f06b274e58c
-    - Subject: ??=US, ??=Delaware, ??=Campbell, ??=Private Organization, serialNumber=2106032,
-        C=US, ST=California, L=Campbell, O=Phoenix Technologies Ltd., CN=Phoenix Technologies
-        Ltd.
-      ValidFrom: '2018-03-09 00:00:00'
-      ValidTo: '2021-03-08 23:59:59'
-      Signature: 3bcdb9c165b3148a5fe97e79c78478ea9c723aeb006aea07153b60bf9989582ecc691d64dc320226d6713610b188ae5046dd2d9c8a921bc778c13f6e5483e2543456004c9beb0d89872c993db902579433690b6abdb27259063c5a04ad2659dd7081b5f57d0202bf9c3407787005eec2470328b43f2ca2814482c4bcbcc742090493fc6198d4eae9c8957f132a7c33104fce83e96e23a60046149b99bba10b3e17a1faf3edc2fbacdf2e9969667a3bb353511a8fbcc1461d491b42f1f1ef87bd2fac6d087e585551ae4925adb80d9e899e6be9e4b5131c12cf4b94fd390854671f7b0b4aeaef452c608ae7f80c5853beaa4ae9569b240d4c4e0489502500569c
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 411882032859087bea5fdd62c591749a
-      Version: 3
-      TBS:
-        MD5: 01e3c1335693d085eb16e91794ae8bc9
-        SHA1: 74c6122a0fe3aece8641010636bba0386886d560
-        SHA256: 2a12b6e798b6d54f362772299d947e96ca207b7eff907128637288c91eeff5ae
-        SHA384: 1ec4aa55a8ca4cb8ed1d4bcdace16f0e5ddf0300fff39251f933da55cd8a67e967ed907b3dc9db732df4070a56a51e07
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    Signer:
-    - SerialNumber: 411882032859087bea5fdd62c591749a
-      Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 Extended Validation Code Signing CA , G2
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: ''
-  MD5: 555446a3ca8d9237403471d4744e39f4
-  MachineType: AMD64
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: e83fc2331ae1ea792b6cff7e970f607fee7346be
-  SHA256: 7277130afa0b1506998d7bc58567b0d83f52a27175f4c7c4a7186347095fceed
-  Signature: ''
-  Imphash: c314c92b5c25c6f4323e3efaf8bde47a
-  Authentihash:
-    MD5: 170f46d50f022ad74eda4920a382ad7f
-    SHA1: 8a156e7fed2b688235377e5febf83fe5ea028622
-    SHA256: 5c3ac6f22b3f1614ad0c01c180421f7588460accba5065562bf735d24bd3c674
-  RichPEHeaderHash:
-    MD5: bb8d67432230dce7ef11d870c022c480
-    SHA1: 83e709fde888662a077707203763bafe861a6d97
-    SHA256: dc6dd9b2a9c544641f89800edd094d239c96e27f51938edb4a648804e362da07
-  Sections:
-    .text:
-      Entropy: 6.302108109098436
-      Virtual Size: '0x18c6'
-    .rdata:
-      Entropy: 3.8585240433380035
-      Virtual Size: '0x59c'
-    .data:
-      Entropy: 7.274350554405162
-      Virtual Size: '0x290'
-    .pdata:
-      Entropy: 3.622170128314206
-      Virtual Size: '0xf0'
-    INIT:
-      Entropy: 5.160676316276597
-      Virtual Size: '0x45c'
-    .reloc:
-      Entropy: 2.7588718484453603
-      Virtual Size: '0x14'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2020-05-27 04:42:38'
-  InternalName: ''
-  Copyright: ''
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - RtlCompareMemory
-  - KeInitializeEvent
-  - KeWaitForSingleObject
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - MmMapIoSpace
-  - MmUnmapIoSpace
-  - MmAllocateContiguousMemorySpecifyCache
-  - MmFreeContiguousMemorySpecifyCache
-  - IoBuildSynchronousFsdRequest
-  - IofCallDriver
-  - IofCompleteRequest
-  - MmGetPhysicalAddress
-  - __C_specific_handler
-  - _wcsnicmp
-  - RtlInitString
-  - RtlInitUnicodeString
-  - RtlAnsiStringToUnicodeString
-  - RtlFreeUnicodeString
-  - KeInitializeSpinLock
-  - ExInterlockedInsertTailList
-  - MmMapLockedPagesSpecifyCache
-  - IoBuildDeviceIoControlRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ObReferenceObjectByName
-  - ObQueryNameString
-  - IoDriverObjectType
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert, Inc., CN=DigiCert Timestamp 2021
-      ValidFrom: '2021-01-01 00:00:00'
-      ValidTo: '2031-01-06 00:00:00'
-      Signature: 481cdcb5e99a23bce71ae7200e8e6746fd427251740a2347a3ab92d225c47059be14a0e52781a54d1415190779f0d104c386d93bbdfe4402664ded69a40ff6b870cf62e8f5514a7879367a27b7f3e7529f93a7ed439e7be7b4dd412289fb87a246034efcf4feb76477635f2352698382fa1a53ed90cc8da117730df4f36539704bf39cd67a7bda0cbc3d32d01bcbf561fc75080076bc810ef8c0e15ccfc41172e71b6449d8229a751542f52d323881daf460a2bab452fb5ce06124254fb2dfc929a8734351dabd63d61f5b9bf72e1b4f131df74a0d717e97b7f43f84ebc1e3a349a1facea7bf56cfba597661895f7ea7b48e6778f93698e1cb28da5b87a68a2f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 0d424ae0be3a88ff604021ce1400f0dd
-      Version: 3
-      TBS:
-        MD5: c0189c338449a42fe8358c2c1fbecc60
-        SHA1: b8ac0ee6875594b80ad86a6df6dd1fa3048c187c
-        SHA256: a43de6baf968a942da017b70769fdb65b3cfb1bbca1f9174da26a7d8aae78ec5
-        SHA384: 76d3a316a5a106050298418cce3beea16100524723d9e3220b0de51bfb6f1c35a5d4c7cd10b358fef7bf94c3e3562150
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Assured
-        ID Timestamping CA
-      ValidFrom: '2016-01-07 12:00:00'
-      ValidTo: '2031-01-07 12:00:00'
-      Signature: 719512e951875669cdefddda7caa637ab378cf06374084ef4b84bfcacf0302fdc5a7c30e20422caf77f32b1f0c215a2ab705341d6aae99f827a266bf09aa60df76a43a930ff8b2d1d87c1962e85e82251ec4ba1c7b2c21e2d65b2c1435430468b2db7502e072c798d63c64e51f4810185f8938614d62462487638c91522caf2989e5781fd60b14a580d7124770b375d59385937eb69267fb536189a8f56b96c0f458690d7cc801b1b92875b7996385228c61ca79947e59fc8c0fe36fb50126b66ca5ee875121e458609bba0c2d2b6da2c47ebbc4252b4702087c49ae13b6e17c424228c61856cf4134b6665db6747bf55633222f2236b24ba24a95d8f5a68e52
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 0aa125d6d6321b7e41e405da3697c215
-      Version: 3
-      TBS:
-        MD5: 8d26184fc613f89aba1cefb30fce1b53
-        SHA1: 63a7e376bad5ec2e419d514a403bcf46c8d31d95
-        SHA256: 56b5f0d9db578e3f142921daa387902722a76700375c7e1c4ae0ba004bacaa0c
-        SHA384: d8c9691fe9dbe182f07b49b07fbb4f589fa7b38b5c4d21f265d3a2e818f4b1bfb39e03faab2ec05bb10333a99914fb8a
-    - Subject: ??=US, ??=Delaware, ??=Private Organization, serialNumber=3966158,
-        C=US, ST=Oregon, L=Beaverton, O=Phoenix Technologies Inc, CN=Phoenix Technologies
-        Inc
-      ValidFrom: '2021-02-18 00:00:00'
-      ValidTo: '2024-04-09 23:59:59'
-      Signature: 6e6816a7a16a5cddeb3e3ae55f7006571e82f0c6de89312a3c25079848bce77ded4339b83eb59e320c67fa5893f6490b39281a49e88d3217c6811d8f1754700660f46b10958431fd6ec9c5c13f9ee1c8709ac8544a160c04dfa2e399aaf66f1f90f6e1f802a2682edfd6070da89d6a3d588667fdb66769a0e032cfedd4980d87fa6643449d6e886c91f7c6ac3abae3d4b58c92959f13e46622d86cfd105a86f3f30e3c7cd00983d368b466d10e5401eb6b5a2f6eaab248573691bbd990f50766c02af12842e128dcbc2eca1c373063d9b3e55c13291099360db6cb89360d2d19ebf16c79488c80471ad6153ec1411a5d2fcea3c5d3f773f2247bc3ff55902eb9
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 01bee7b15e85c862c8f6bb0509d7272a
-      Version: 3
-      TBS:
-        MD5: 803395cf9897c5a2f1dd15a172082631
-        SHA1: e814fd62616c96b050d5c803d3a37cf201c60d83
-        SHA256: 640d5d1d4c108ea59c06bc589de7749c31222f9c218cf6aa8c41638c8158a458
-        SHA384: 8303b0686b352326040753d8f397192127a0b3d921a67d08a5d273375439cb8f9b050779088021c1426067a475268c75
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA (SHA2)
-      ValidFrom: '2012-04-18 12:00:00'
-      ValidTo: '2027-04-18 12:00:00'
-      Signature: 19334a0c813337dbad36c9e4c93abbb51b2e7aa2e2f44342179ebf4ea14de1b1dbe981dd9f01f2e488d5e9fe09fd21c1ec5d80d2f0d6c143c2fe772bdbf9d79133ce6cd5b2193be62ed6c9934f88408ecde1f57ef10fc6595672e8eb6a41bd1cd546d57c49ca663815c1bfe091707787dcc98d31c90c29a233ed8de287cd898d3f1bffd5e01a978b7cda6dfba8c6b23a666b7b01b3cdd8a634ec1201ab9558a5c45357a860e6e70212a0b92364a24dbb7c81256421becfee42184397bba53706af4dff26a54d614bec4641b865ceb8799e08960b818c8a3b8fc7998ca32a6e986d5e61c696b78ab9612d93b8eb0e0443d7f5fea6f062d4996aa5c1c1f0649480
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 03f1b4e15f3a82f1149678b3d7d8475c
-      Version: 3
-      TBS:
-        MD5: 83f5de89f641d0fbf60248e10a7b9534
-        SHA1: 382a73a059a08698d6eb98c87e1b36fc750933a4
-        SHA256: eec58131dc11cd7f512501b15fdbc6074c603b68ca91f7162d5a042054edb0cf
-        SHA384: 4a25018683cabfb8ec2cad136334f37f33c89aa8540326322991d997c8adfb7faf06ab602ebd46630fe75fe3d2edc6b1
-    Signer:
-    - SerialNumber: 01bee7b15e85c862c8f6bb0509d7272a
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA (SHA2)
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: ''
-  MD5: c6b5a3ae07b165a6e5fff7e31ff91016
-  MachineType: AMD64
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: 488b20ed53c2060c41b9a0cac1efb39a888df7c5
-  SHA256: 797c1f883d90d25e7fd553624bb16bfd5db24c2658aa0c3c51c715d5833c10fd
-  Signature: ''
-  Imphash: a8633e68c2ad9f3dc83775d8d5b21c5b
-  Authentihash:
-    MD5: 19bf6b589e3b194cd7691c3c58172a4a
-    SHA1: 3fa52b5e77df976680a052ebca540e05a7235a9b
-    SHA256: cf370bf2ef3fb6fd5e9722bad8af5347b74ce7252d291e2958b365aad1b0bb76
-  RichPEHeaderHash:
-    MD5: 46fc4f451181e0accfcfac07fcb9018d
-    SHA1: 9136c078dc7696be409ec7b8b661cb2b929fa7a9
-    SHA256: 21dac327fcbac4816c65a669be86db51b6e775350b4a797486638ef087e361ad
-  Sections:
-    .text:
-      Entropy: 6.269686653360882
-      Virtual Size: '0x1606'
-    .rdata:
-      Entropy: 4.339524445068483
-      Virtual Size: '0x214'
-    .data:
-      Entropy: 0.39234506256522045
-      Virtual Size: '0x178'
-    .pdata:
-      Entropy: 3.4659992417993104
-      Virtual Size: '0x9c'
-    INIT:
-      Entropy: 5.142000901499599
-      Virtual Size: '0x44e'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2011-10-28 02:56:32'
-  InternalName: ''
-  Copyright: ''
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - ExAllocatePoolWithTag
-  - IoBuildDeviceIoControlRequest
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - RtlAnsiStringToUnicodeString
-  - MmMapLockedPages
-  - _wcsnicmp
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeInitializeEvent
-  - RtlInitString
-  - RtlFreeUnicodeString
-  - ObQueryNameString
-  - IoDriverObjectType
-  - ExAllocatePool
-  - ExInterlockedInsertTailList
-  - IofCompleteRequest
-  - KeWaitForSingleObject
-  - IoCreateSymbolicLink
-  - ObReferenceObjectByName
-  - IoCreateDevice
-  - IofCallDriver
-  - MmFreeContiguousMemorySpecifyCache
-  - IoBuildSynchronousFsdRequest
-  - MmUnmapIoSpace
-  - MmGetPhysicalAddress
-  - MmMapIoSpace
-  - MmAllocateContiguousMemorySpecifyCache
-  - KeBugCheckEx
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=US, ST=California, L=Milpitas, O=Phoenix Technologies Ltd., OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=CSS Core Features Development,
-        CN=Phoenix Technologies Ltd.
-      ValidFrom: '2010-12-09 00:00:00'
-      ValidTo: '2012-01-06 23:59:59'
-      Signature: d4978bbb364651dc83e62b321fa2ca25540dabe3e1b54f1436eddac8bfd79360766825945595670942f45b92cbfd7a1d145d3f1c115bcb383bd063853f0f62afef858df8f85dada1a77d7021120a07afbda4e65def622a6ad0681e87cdcfb0e2545489a92c510127c66089080031ccee1e1620872ba8c669a8038e6044b3f5905344c91689016e3647862ee276f0c7b9bb647ca97d394988fc550f81f1b82246fced50242e1de7b84eb0a16c086fcea61434208a1639dc18ce2ec930d2d1f27b0d2839f44289b4c5fc5844c30c827a313255d1f8ed6b1c3ca45d3382900f043c1161844217b38de2bc3092e75eda9a07f90c00b7c571d66d234243a0830b0cef
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 6e4d187717fb6daf7655d91ce7b6a028
-      Version: 3
-      TBS:
-        MD5: 33260b771ca7e0759c3e4bb889f8d731
-        SHA1: 9595cfebdab1dfc33088f2941454284d0c4740ba
-        SHA256: b22147b2ccbf6a8dea4f20ca4babca1083e86bc879d9a7b072eaff82512ed2b7
-        SHA384: 90c7673bd8adf1edc3d3f7fcbe8b2e4e2f4675a9374a1f434f2004cc07e7bcd571f7a7a03f0b59aab48250a760e25b43
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 6e4d187717fb6daf7655d91ce7b6a028
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: ''
-  MD5: 2b653950483196f0d175ba6bc35f1125
-  MachineType: AMD64
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: bfd8568f19d4273a1288726342d7620cc9070ae5
-  SHA256: 89bc3cb4522f9b0bf467a93a4123ef623c28244e25a9c34d4aae11f705d187e7
-  Signature: ''
-  Imphash: 304c4fcf70cfc8299a3b6eed8e7bbb31
-  Authentihash:
-    MD5: 284bf44bdeda4a63582117174153f763
-    SHA1: f682aeabaf6797e57d971eb3cca5fd16f7b75ac0
-    SHA256: 5dc477cc45e4c1421296373adef9f5795fb9f5035f1400c72bb37678ad7f8954
-  RichPEHeaderHash:
-    MD5: 0327cc0517e0e9e56e4df1dacde75bf9
-    SHA1: 9db1868fc10605233cc1884fe998c8d22f955a3e
-    SHA256: 96fcbbe4e69ad34caa02d8782a75a118481861950a0c08b454a8dc33263f051a
-  Sections:
-    .text:
-      Entropy: 6.316270781738273
-      Virtual Size: '0x1836'
-    .rdata:
-      Entropy: 4.306195224448444
-      Virtual Size: '0x228'
-    .data:
-      Entropy: 0.39234506256522045
-      Virtual Size: '0x178'
-    .pdata:
-      Entropy: 3.5124548894856105
-      Virtual Size: '0x9c'
-    INIT:
-      Entropy: 5.141506839882625
-      Virtual Size: '0x46a'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2013-07-11 20:37:28'
-  InternalName: ''
-  Copyright: ''
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - ExAllocatePoolWithTag
-  - IoBuildDeviceIoControlRequest
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - RtlAnsiStringToUnicodeString
-  - MmMapLockedPages
-  - _wcsnicmp
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeInitializeEvent
-  - RtlInitString
-  - RtlFreeUnicodeString
-  - ObQueryNameString
-  - IoDriverObjectType
-  - ExAllocatePool
-  - ExInterlockedInsertTailList
-  - IofCompleteRequest
-  - KeWaitForSingleObject
-  - IoCreateSymbolicLink
-  - ObReferenceObjectByName
-  - IoCreateDevice
-  - IofCallDriver
-  - MmFreeContiguousMemorySpecifyCache
-  - IoBuildSynchronousFsdRequest
-  - MmUnmapIoSpace
-  - MmGetPhysicalAddress
-  - MmMapIoSpace
-  - RtlCompareMemory
-  - MmAllocateContiguousMemorySpecifyCache
-  - KeBugCheckEx
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=US, ST=California, L=Milpitas, O=Phoenix Technologies Ltd., OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=CSS Core Features Development,
-        CN=Phoenix Technologies Ltd.
-      ValidFrom: '2012-02-10 00:00:00'
-      ValidTo: '2015-01-20 23:59:59'
-      Signature: 03f3af2715275ae4aea73cc3387ada6f28c483162f0ab9360ce1df19ac11646bf9da729498ff91a84d2932723519f46e49e65e586c62461c324767efaf4bec49fc76efb838154a60c4a41691313048ae814797fa92dc01c4956208a431cfd83d5a4a05494f215efd7cfbc95590ca849d9297bae4147314da22a069570652e026432cf6a7f2184a312d34fc2e45576eafeb0cd41d7236eb91e7650b193a44573244e659b34a6e144d65be79be419a3e43e9a98e45296a75e0d12a86bbac1d9213e032895831ac4e6c62391b25762af8a57c7a49e97007f4e50a6ed121d264ae2fc47c940f30f862116f984a631bcd274fb99b9bdbe258db35c3e9cc55c13f214f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 46e79b91ebefa4d3229b32650e85d0fb
-      Version: 3
-      TBS:
-        MD5: 1d13dffe16459c7c342c031c57a7b495
-        SHA1: 4bb8ae412d1b92f9d2bc840a07822859dafa8ec2
-        SHA256: 2883db9a3e15244ed3e95244eb4cbdcd8240e81684975a5b8a241fa183a0fea7
-        SHA384: 3bf18f6b4af1c8acc05c0e039768caedd2bb966b07f841965a86b3493c1b6c791dacbd0bc0c29aac4325018d108a717b
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 46e79b91ebefa4d3229b32650e85d0fb
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: ''
-  MD5: d7cf689e6c63d37bc071499f687300dd
-  MachineType: AMD64
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: 8e2511ae90643584ceb0d98f0f780cd6b7290604
-  SHA256: aa0c52cebd64a0115c0e7faf4316a52208f738f66a54b4871bd4162eb83dc41a
-  Signature: ''
-  Imphash: 91387ac37086b9b519f945b58095f38d
-  Authentihash:
-    MD5: 7c35196443517038c52393f2641e80a9
-    SHA1: 389f098c0af203ddcc3c9a5905e79387c835a0fc
-    SHA256: 4d7d06d2f6af50ff5810c8d6a818cb59da635a56c0fdae5d0ed3d0aee4bedf3e
-  RichPEHeaderHash:
-    MD5: a3995f5379828bbd07301f6f744c7e04
-    SHA1: 11a5806e4cf8da0ed8aba24acb3dc04df9367972
-    SHA256: 9fbd6e58d40956794676541eab361fe3fc2348ff1d808a2e3ebe3db50c37d3e7
-  Sections:
-    .text:
-      Entropy: 6.267349357347297
-      Virtual Size: '0x1976'
-    .rdata:
-      Entropy: 4.245080334130701
-      Virtual Size: '0x284'
-    .data:
-      Entropy: 5.700445124759481
-      Virtual Size: '0x398'
-    .pdata:
-      Entropy: 3.612396807153206
-      Virtual Size: '0xcc'
-    INIT:
-      Entropy: 5.1736517365164225
-      Virtual Size: '0x47c'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2020-05-27 04:05:18'
-  InternalName: ''
-  Copyright: ''
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - ExAllocatePoolWithTag
-  - IoBuildDeviceIoControlRequest
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - RtlAnsiStringToUnicodeString
-  - _wcsnicmp
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeInitializeEvent
-  - RtlInitString
-  - RtlFreeUnicodeString
-  - ObQueryNameString
-  - IoDriverObjectType
-  - MmMapLockedPagesSpecifyCache
-  - ExInterlockedInsertTailList
-  - IofCompleteRequest
-  - KeWaitForSingleObject
-  - IoCreateSymbolicLink
-  - ObReferenceObjectByName
-  - IoCreateDevice
-  - IofCallDriver
-  - MmFreeContiguousMemorySpecifyCache
-  - IoBuildSynchronousFsdRequest
-  - MmUnmapIoSpace
-  - MmGetPhysicalAddress
-  - MmMapIoSpace
-  - RtlCompareMemory
-  - MmAllocateContiguousMemorySpecifyCache
-  - KeBugCheckEx
-  - __C_specific_handler
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: C=TW, L=Taipei City, O=Phoenix Technologies Ltd. Taiwan Branch, CN=Phoenix
-        Technologies Ltd. Taiwan Branch
-      ValidFrom: '2019-06-11 00:00:00'
-      ValidTo: '2020-08-13 12:00:00'
-      Signature: 0fdb719fd4101b12648d7754ae4074119a59a5c7a3f4372b7cced21ded4a99b263363188fb9b80d228f8bc10fd354a68123c59ef9b3caf88f4f0c6939357d1d123aed95fa04badf7c744415cd60152a492d65e6443b3539347055620454b834e6ac8a6e14f334b056370a37f79f57f6aa6b22a1918a5f0c83d42af0fc81619044813762a636f5cf1a2e37f8f0ba7b6cb42bb8e7db5370e5de8a720f52ac4163f57b80dea5364150cd5145ca987ebc7355e706304cabd34a1695dcb72c9f70a7f35e994f04d04a002e559737a811949b6cd1d1cf010c49e22a66173056a80058c6f161f38143dfa3d1a9d70e22b7ced0622cea882d643f513a612811111cd0784
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 02b9c124a43676b1118a1e28ad4619ed
-      Version: 3
-      TBS:
-        MD5: 0c2f48573796560c2239ce8c8f2d8782
-        SHA1: 20cbb64d699961a3ba37001ddf2c2de9fa8db3f9
-        SHA256: 66adb2f6e000cd924c063b8d7d7cc3e8d2a77fa03eff5612c44261ed05d23f10
-        SHA384: ac62a44dfe937684f465becfb32e4ed021e8de66c4e885f0862d0e61836bb5adb07d0b38a16b46cc3115a5473a432a8a
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
-      Version: 3
-      TBS:
-        MD5: 829995f702421dea833a24fb2c7f4442
-        SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
-        SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
-        SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
-    Signer:
-    - SerialNumber: 02b9c124a43676b1118a1e28ad4619ed
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: ''
-  MD5: fdf975524d4cdb4f127d79aac571ae9e
-  MachineType: AMD64
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: 5a69d921926ef0abf03757edf22c0d8d30c15d4b
-  SHA256: bef87650c29faf421e7ad666bf47d7a78a45f291b438c8d1c4b6a66e5b54c6fc
-  Signature: ''
-  Imphash: a8633e68c2ad9f3dc83775d8d5b21c5b
-  Authentihash:
-    MD5: 19bf6b589e3b194cd7691c3c58172a4a
-    SHA1: 3fa52b5e77df976680a052ebca540e05a7235a9b
-    SHA256: cf370bf2ef3fb6fd5e9722bad8af5347b74ce7252d291e2958b365aad1b0bb76
-  RichPEHeaderHash:
-    MD5: 46fc4f451181e0accfcfac07fcb9018d
-    SHA1: 9136c078dc7696be409ec7b8b661cb2b929fa7a9
-    SHA256: 21dac327fcbac4816c65a669be86db51b6e775350b4a797486638ef087e361ad
-  Sections:
-    .text:
-      Entropy: 6.269686653360882
-      Virtual Size: '0x1606'
-    .rdata:
-      Entropy: 4.339524445068483
-      Virtual Size: '0x214'
-    .data:
-      Entropy: 0.39234506256522045
-      Virtual Size: '0x178'
-    .pdata:
-      Entropy: 3.4659992417993104
-      Virtual Size: '0x9c'
-    INIT:
-      Entropy: 5.142000901499599
-      Virtual Size: '0x44e'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2011-10-28 02:56:32'
-  InternalName: ''
-  Copyright: ''
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - ExAllocatePoolWithTag
-  - IoBuildDeviceIoControlRequest
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - RtlAnsiStringToUnicodeString
-  - MmMapLockedPages
-  - _wcsnicmp
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeInitializeEvent
-  - RtlInitString
-  - RtlFreeUnicodeString
-  - ObQueryNameString
-  - IoDriverObjectType
-  - ExAllocatePool
-  - ExInterlockedInsertTailList
-  - IofCompleteRequest
-  - KeWaitForSingleObject
-  - IoCreateSymbolicLink
-  - ObReferenceObjectByName
-  - IoCreateDevice
-  - IofCallDriver
-  - MmFreeContiguousMemorySpecifyCache
-  - IoBuildSynchronousFsdRequest
-  - MmUnmapIoSpace
-  - MmGetPhysicalAddress
-  - MmMapIoSpace
-  - MmAllocateContiguousMemorySpecifyCache
-  - KeBugCheckEx
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=US, ST=California, L=Milpitas, O=Phoenix Technologies Ltd., OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=CSS Core Features Development,
-        CN=Phoenix Technologies Ltd.
-      ValidFrom: '2010-12-09 00:00:00'
-      ValidTo: '2012-01-06 23:59:59'
-      Signature: d4978bbb364651dc83e62b321fa2ca25540dabe3e1b54f1436eddac8bfd79360766825945595670942f45b92cbfd7a1d145d3f1c115bcb383bd063853f0f62afef858df8f85dada1a77d7021120a07afbda4e65def622a6ad0681e87cdcfb0e2545489a92c510127c66089080031ccee1e1620872ba8c669a8038e6044b3f5905344c91689016e3647862ee276f0c7b9bb647ca97d394988fc550f81f1b82246fced50242e1de7b84eb0a16c086fcea61434208a1639dc18ce2ec930d2d1f27b0d2839f44289b4c5fc5844c30c827a313255d1f8ed6b1c3ca45d3382900f043c1161844217b38de2bc3092e75eda9a07f90c00b7c571d66d234243a0830b0cef
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 6e4d187717fb6daf7655d91ce7b6a028
-      Version: 3
-      TBS:
-        MD5: 33260b771ca7e0759c3e4bb889f8d731
-        SHA1: 9595cfebdab1dfc33088f2941454284d0c4740ba
-        SHA256: b22147b2ccbf6a8dea4f20ca4babca1083e86bc879d9a7b072eaff82512ed2b7
-        SHA384: 90c7673bd8adf1edc3d3f7fcbe8b2e4e2f4675a9374a1f434f2004cc07e7bcd571f7a7a03f0b59aab48250a760e25b43
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 6e4d187717fb6daf7655d91ce7b6a028
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: ''
-  MD5: 0a4e6bd5cc2e9172e461408be47c3149
-  MachineType: AMD64
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: 6b25acbcb41a593aca6314885572fc22d16582a2
-  SHA256: bfc121e93fcbf9bd42736cfe7675ae2cc805be9a58f1a0d8cc3aa5b42e49a13f
-  Signature: ''
-  Imphash: a8633e68c2ad9f3dc83775d8d5b21c5b
-  Authentihash:
-    MD5: 19bf6b589e3b194cd7691c3c58172a4a
-    SHA1: 3fa52b5e77df976680a052ebca540e05a7235a9b
-    SHA256: cf370bf2ef3fb6fd5e9722bad8af5347b74ce7252d291e2958b365aad1b0bb76
-  RichPEHeaderHash:
-    MD5: 46fc4f451181e0accfcfac07fcb9018d
-    SHA1: 9136c078dc7696be409ec7b8b661cb2b929fa7a9
-    SHA256: 21dac327fcbac4816c65a669be86db51b6e775350b4a797486638ef087e361ad
-  Sections:
-    .text:
-      Entropy: 6.269686653360882
-      Virtual Size: '0x1606'
-    .rdata:
-      Entropy: 4.339524445068483
-      Virtual Size: '0x214'
-    .data:
-      Entropy: 0.39234506256522045
-      Virtual Size: '0x178'
-    .pdata:
-      Entropy: 3.4659992417993104
-      Virtual Size: '0x9c'
-    INIT:
-      Entropy: 5.142000901499599
-      Virtual Size: '0x44e'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2011-10-28 02:56:32'
-  InternalName: ''
-  Copyright: ''
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - ExAllocatePoolWithTag
-  - IoBuildDeviceIoControlRequest
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - RtlAnsiStringToUnicodeString
-  - MmMapLockedPages
-  - _wcsnicmp
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeInitializeEvent
-  - RtlInitString
-  - RtlFreeUnicodeString
-  - ObQueryNameString
-  - IoDriverObjectType
-  - ExAllocatePool
-  - ExInterlockedInsertTailList
-  - IofCompleteRequest
-  - KeWaitForSingleObject
-  - IoCreateSymbolicLink
-  - ObReferenceObjectByName
-  - IoCreateDevice
-  - IofCallDriver
-  - MmFreeContiguousMemorySpecifyCache
-  - IoBuildSynchronousFsdRequest
-  - MmUnmapIoSpace
-  - MmGetPhysicalAddress
-  - MmMapIoSpace
-  - MmAllocateContiguousMemorySpecifyCache
-  - KeBugCheckEx
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=US, ST=California, L=Milpitas, O=Phoenix Technologies Ltd., OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=CSS Core Features Development,
-        CN=Phoenix Technologies Ltd.
-      ValidFrom: '2010-12-09 00:00:00'
-      ValidTo: '2012-01-06 23:59:59'
-      Signature: d4978bbb364651dc83e62b321fa2ca25540dabe3e1b54f1436eddac8bfd79360766825945595670942f45b92cbfd7a1d145d3f1c115bcb383bd063853f0f62afef858df8f85dada1a77d7021120a07afbda4e65def622a6ad0681e87cdcfb0e2545489a92c510127c66089080031ccee1e1620872ba8c669a8038e6044b3f5905344c91689016e3647862ee276f0c7b9bb647ca97d394988fc550f81f1b82246fced50242e1de7b84eb0a16c086fcea61434208a1639dc18ce2ec930d2d1f27b0d2839f44289b4c5fc5844c30c827a313255d1f8ed6b1c3ca45d3382900f043c1161844217b38de2bc3092e75eda9a07f90c00b7c571d66d234243a0830b0cef
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 6e4d187717fb6daf7655d91ce7b6a028
-      Version: 3
-      TBS:
-        MD5: 33260b771ca7e0759c3e4bb889f8d731
-        SHA1: 9595cfebdab1dfc33088f2941454284d0c4740ba
-        SHA256: b22147b2ccbf6a8dea4f20ca4babca1083e86bc879d9a7b072eaff82512ed2b7
-        SHA384: 90c7673bd8adf1edc3d3f7fcbe8b2e4e2f4675a9374a1f434f2004cc07e7bcd571f7a7a03f0b59aab48250a760e25b43
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 6e4d187717fb6daf7655d91ce7b6a028
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: ''
-  MD5: fcc5de75c1837b631ed77ea4638704b9
-  MachineType: AMD64
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: b6543d006cb2579fb768205c479524e432c04204
-  SHA256: cbd4f66ae09797fcd1dc943261a526710acc8dd4b24e6f67ed4a1fce8b0ae31c
-  Signature: ''
-  Imphash: 7687d0eba49315582228ef660f61b471
-  Authentihash:
-    MD5: 4c277e101b7ef1bcb6b8ed92e76c2c2e
-    SHA1: 36ce0ddb64a49ac05cfd7133861089d34f0bd433
-    SHA256: 1c0a63e8a6a335f2498794f44cf5629453075f31db314eaecbd964cf615de3f7
-  RichPEHeaderHash:
-    MD5: 5636b0d86c9e9eca6e8e12a87eb5c341
-    SHA1: e745189acfc09af0b8ee9bd54328fb12c25fc17e
-    SHA256: a16a0aaf9eaef7527f49e86b41681810ab5bb8b587975de47db11351f4f3837a
-  Sections:
-    .text:
-      Entropy: 6.313783983895569
-      Virtual Size: '0x1946'
-    .rdata:
-      Entropy: 4.2604023777992275
-      Virtual Size: '0xc6c'
-    .data:
-      Entropy: 5.339219327254338
-      Virtual Size: '0x4b0'
-    .pdata:
-      Entropy: 4.099178014054889
-      Virtual Size: '0x264'
-    PAGE:
-      Entropy: 6.234693254033346
-      Virtual Size: '0x1c4b'
-    INIT:
-      Entropy: 5.1937663974710295
-      Virtual Size: '0x742'
-    .reloc:
-      Entropy: 3.5796532634600933
-      Virtual Size: '0x30'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2023-06-07 00:29:32'
-  InternalName: ''
-  Copyright: ''
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - RtlCompareMemory
-  - KeInitializeEvent
-  - KeWaitForSingleObject
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - MmMapIoSpace
-  - MmUnmapIoSpace
-  - MmAllocateContiguousMemorySpecifyCache
-  - MmFreeContiguousMemorySpecifyCache
-  - IoBuildSynchronousFsdRequest
-  - IofCallDriver
-  - IofCompleteRequest
-  - MmGetPhysicalAddress
-  - __C_specific_handler
-  - _wcsnicmp
-  - RtlInitString
-  - RtlInitUnicodeString
-  - RtlAnsiStringToUnicodeString
-  - RtlFreeUnicodeString
-  - KeInitializeSpinLock
-  - ExInterlockedInsertTailList
-  - MmMapLockedPagesSpecifyCache
-  - IoBuildDeviceIoControlRequest
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ObReferenceObjectByName
-  - ObQueryNameString
-  - IoDriverObjectType
-  - MmGetSystemRoutineAddress
-  - ZwQueryValueKey
-  - ZwClose
-  - ZwSetSecurityObject
-  - IoDeviceObjectType
-  - IoCreateDevice
-  - ObOpenObjectByPointer
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - RtlGetSaclSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - _snwprintf
-  - RtlLengthSecurityDescriptor
-  - SeExports
-  - RtlCreateSecurityDescriptor
-  - wcschr
-  - RtlAbsoluteToSelfRelativeSD
-  - RtlAddAccessAllowedAce
-  - RtlLengthSid
-  - IoIsWdmVersionAvailable
-  - RtlSetDaclSecurityDescriptor
-  - ZwOpenKey
-  - ZwSetValueKey
-  - ZwCreateKey
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Trusted Root
-        G4
-      ValidFrom: '2022-08-01 00:00:00'
-      ValidTo: '2031-11-09 23:59:59'
-      Signature: 70a0bf435c55e7385fa0a3741b3db616d7f7bf5707bd9aaca1872cec855ea91abb22f8871a695422eda488776dbd1a14f4134a7a2f2db738eff4ff80b9f8a1f7f272de24bc5203c84ed02adefa2d56cff9f4f7ac307a9a8bb25ed4cfd143449b4321eb9672a148b499cb9d4fa7060313772744d4e77fe859a8f0bf2f0ba6e9f2343cecf703c787a8d24c401935466a6954b0b8a1568eeca4d53de8b1dcfd1cd8f4775a5c548c6fefa1503dfc760968849f6fcadb208d35601c0203cb20b0ac58a00e4063c59822c1b259f5556bcf27ab6c76ce6f232df47e716a236b22ff12b8542d277ed83ad9f0b68796fd5bd15cac18c34d9f73b701a99f57aa5e28e2b994
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.12
-      IsCertificateAuthority: true
-      SerialNumber: 0e9b188ef9d02de7efdb50e20840185a
-      Version: 3
-      TBS:
-        MD5: 21a266bd49f2778b24d13d95641ea6ac
-        SHA1: 21319f341fdf06bf6a104427afa8b7823b1ea7f3
-        SHA256: e933dc68ee65abd1f9b1aa6738eff60a6895d3d8cc4accf0c69069aa3decd757
-        SHA384: 11533efd6b326a4e065a936de300fe0586a479f93d569d2403bd62c7ad35f1b2199daee3adb510f429c4fc97b4b024e3
-    - Subject: C=US, O=DigiCert, Inc., CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping
-        CA
-      ValidFrom: '2022-03-23 00:00:00'
-      ValidTo: '2037-03-22 23:59:59'
-      Signature: 7d598ec093b66f98a94422017e66d6d82142e1b0182e104d13cf3053cebf18fbc7505de24b29fb708a0daa2969fc69c1cf1d07e93e60c8d80be55c5bd76d87fa842025343167cdb612966fc4504c621d0c0882a816bda956cf15738d012225ce95693f4777fb727414d7ffab4f8a2c7aab85cd435fed60b6aa4f91669e2c9ee08aace5fd8cbc6426876c92bd9d7cd0700a7cefa8bc754fba5af7a910b25de9ff285489f0d58a717665daccf072a323fac0278244ae99271bab241e26c1b7de2aebf69eb1799981a35686ab0a45c9dfc48da0e798fbfba69d72afc4c7c1c16a71d9c6138009c4b69fcd878724bb4fa349b9776691f1729ce94b0252a7377e9353ac3b1d08490f94cd397addff256399272c3d3f6ba7f166c341cd4fb6409b212140d0b71324cddc1d783ae49eade5347192d7266be43873aba6014fbd3f3b78ad4cadfbc4957bed0a5f33398741787a38e99ce1dd23fd1d28d3c7f9e8f1985ffb2bd87ef2469d752c1e272c26db6f157b1e198b36b893d4e6f2179959ca70f037bf9800df20164f27fb606716a166badd55c03a2986b098a02bed9541b73ad5159831b462090f0abd81d913febfa4d1f357d9bc04fa82de32df0489f000cd5dc2f9d0237f000be4760226d9f0657642a6298709472be67f1aa4850ffc9896f655542b1f80fac0f20e2be5d6fba92f44154ae7130e1ddb37381aa12bf6edd67cfc
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 073637b724547cd847acfd28662a5e5b
-      Version: 3
-      TBS:
-        MD5: e4b8ad9932ff9205f580cf8fb2afbb86
-        SHA1: 5301f7044d78bf94dd2b6e4871083a17fdba1dcc
-        SHA256: c3d01499a5d1d2f71e0f44e78fbfa4b8aadb43dd4f226401e0c1d7a6d53357fa
-        SHA384: 84b5f399da5a4f4387269adfd951ef7d2197c29552ed2d2e449060664c3825d6bdb2acc3e563d999e54652f7384f445e
-    - Subject: C=US, O=DigiCert, Inc., CN=DigiCert Trusted G4 Code Signing RSA4096
-        SHA384 2021 CA1
-      ValidFrom: '2021-04-29 00:00:00'
-      ValidTo: '2036-04-28 23:59:59'
-      Signature: 3a23443d8d0876ee8fbc3a99d356e0021aa5f84834f32cb6e67466f79472b100caaf6c302713129e90449f4bfd9ea37c26d537bc3a5d486d95d53f49f427bb16814550fd9cbdb685e0767e3771cb22f75aaa90cff5936ae3eb20d1d55079889a8a8ac1b6bda148187edcd8801a111918cd61998156f6c9e376e7c4e41b5f43f83e94ff76393d9ed499cf4add28eb5f26a1955848d51afed7273ffd90d17686dd1cb0605cf30da8eee089a1bd39e1384eda6ebb369dfbe521535ac3cae96af1a23edb43b833c84f38149299f5ddce546dd95d02141f40337c03e295b2c221757352cb46d8c4341ca2a54b8dcd6f76372c853f1ace26e918be9007b0437f9588208270f0cccaeffd29355c1f893855f7378a8b09a1cb0be9311aff2e195c3971e1be9ca70a06d62667b792e64e5fde7aac49cf2ea47492addb3ca49c861fe3c1561b2b23ff8fb5ea887b706be6a0bafd3a3f45a6c4e81691528b41c048844b964dab4440e38df01528ceedf11856072a2f10c40c08643c338fae288c3ccb8f880b0dbf3bf4ce1e7b8eefb5ebcbb7f07713e6e7283fac12aea52f226c41f9825c1566cc6c0ecac586c3f626330c074ba0d307026a6a4030484b34a85120bbad1b8508e2590d6dca05502bea4a1c9ea5fda0a71f0674e7f2d65290fdaf854821f9573bb49c03ed8645f4b4616ebf68e2266086eac8afa9fe941de7631b3a8656784e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.12
-      IsCertificateAuthority: true
-      SerialNumber: 08ad40b260d29c4c9f5ecda9bd93aed9
-      Version: 3
-      TBS:
-        MD5: 5d8003a64dfa5a4d88365da1566038cb
-        SHA1: 79465b56bc7ad55a37bdf633943da8bfc84db228
-        SHA256: 84bdc82e2f2a7f7aaa782667dac556ffcb2b33240c1f9c0a00a3264526a98332
-        SHA384: 65b1d4076a89ae273f57e6eeedecb3eae129b4168f76fa7671914cdf461d542255c59d9b85b916ae0ca6fc0fcf7a8e64
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp 2022 , 2
-      ValidFrom: '2022-09-21 00:00:00'
-      ValidTo: '2033-11-21 23:59:59'
-      Signature: 55aa2a1af346f378573730fc75e34fd68523f1fcf995399b25e6f7728a98c377d464fc15fb36c249512c7888635509463900fc69d4ca9b29fba33fc0c9009b131db09889dc78f2cd7c85cd539daf62e26166a3142a45874a98422b50fc1bb59e083009fae42dd7098979f909e688ce7d1bb86aa29bc1536009e8a3b89dd7ad1f1cb8ec9841f0f60e80fbe4ffdf9d10a7eb00ba5f4a8f1a3a52b4eabf0949153536599a0f54d2b21b7f7e5e09ad76548a746dcad205672b76ebff98b226953819884414e50a59a26be7223e4421d23f1cc09bed7c48b2d8920c914f3c6694af5d0253eb9ee29ee4d31f8601649c00c2e95a74750d3de17988bf1c0197c9192380d7365a5f9616b1630cc646403bce5d35d4593e439a18aec3c9cbc3fb9b135f6ab5c7e0f305c359df27622bde41c953b9ff341067f62632987bfe5c42948194829dac0a8bc64b154ad3989045603380e023def803a4f64547e5ceb8034247e841367177adfda2e897744e2eda1e1d8c5ac81e9ad5c2f0c622a84f9bbdd81c9a51c42f9af65fa72797ba962e8557c060e778567f6aefc2959a4b1102c8829cc91a057cba71b54e7a996cf4e89ed45a98c89fbf8dbb185c43f5d02ae8e262ee7804dbbdd1fb5b0aa8707ef0978478e308035d472c63a825389701d23f3adae5e5f6e69bdc7e2cccff174c4d00a2d8d6010eb88beee6e07255892c271961f677018c
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 0c4d69724b94fa3c2a4a3d2907803d5a
-      Version: 3
-      TBS:
-        MD5: 812cb8ca0c79b318780ec5128ad13c1d
-        SHA1: 3f8047d078307123301e50a25e9afb0dc4b6843d
-        SHA256: 0c0b121e6f807bc22d4e0f4945634c22eca7e4d5ca58a1526a40e918a35c1d79
-        SHA384: 86aab81948499b3c90833253a853e7b3fd82ccf7b65b35806831ab60814bfc6ad8848c990df262a1c89b6fc4267dad81
-    - Subject: ??=US, ??=Delaware, ??=Private Organization, serialNumber=3966158,
-        C=US, ST=Oregon, L=Beaverton, O=Phoenix Technologies Inc, CN=Phoenix Technologies
-        Inc
-      ValidFrom: '2023-06-07 00:00:00'
-      ValidTo: '2026-06-07 23:59:59'
-      Signature: 3963c30d14f5cc4ce4fb93e2f898cdf176ab313ce9aca03e7d629c647d175b958b2fd32f73319ac681758971877fe292d4c341e30bf9753e59d1ddfc0869960f4cd434b71c6890e4bcccd4ca7ccbb891998098f2d5477570fd03628d9548871ef646b97d1d6cad300529cbf4d5f58a4775ba05f2a9ab3de24bcaf5e086fd8fd07beec8c66eb4ca8da40771eff72213aae5956fa948ab1b69afd1bfeb3f65d8739b850aad6f59cd98f943098fc7f1e26872e350de66e31b8afff4935ee0a110759f3bfaf7d23270ba494db346ae5f105081bd63d17927364a9f967b1626fadc49ba766be4334b07f4887f88425c01bcd8def6d3d9d4cf5f46b10ef08d0c411ee0c5f914d981b2c4376db2bc5decad51c647927be9d41743b9424fca649331b347936e073408db66a9999585481fb19e4e730eb93115c1e3e54a9b1540c16e5cf83ad827edf19daad2e70ce44d0b6b7ca8178220dbffb1262ca94bb8a8c313b1ce468dc6ff7ee3b2f689a8048a1cfefa5f499b69f267eb423f9139e4bcc04a7b0b62bff860191ca2889fecdc99dd739098b415719e1cff9d0d96fb0eb0804fda582a75099e7338ed3005284c3dc300056e92d131178abbcf2122119557ede45cd886721ab7e3ecfff2c2ce88723aab320b55a384ebc8b43354e267feaad3aa1d113001ca690a896d32f5ee31dc11a5e6b0e42c8bb687b5bc977c873685b5638d65
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 07c461a16c8db0bf6ff708efe0d831fb
-      Version: 3
-      TBS:
-        MD5: 7a500bc3aef709f56643b9c69914efad
-        SHA1: 90ba9862a246c8674e6e0953d193e3a89b182b9d
-        SHA256: d0044160d9866df99af7b58f08c94006d0abfbbc25e2d129238727d5f92457c5
-        SHA384: 9e39d52a27f94e871db92008ff86d60bba523ad03d3afa07b125c0cafccfe9a25e6b62f92b1df955044774679df68f57
-    Signer:
-    - SerialNumber: 07c461a16c8db0bf6ff708efe0d831fb
-      Issuer: C=US, O=DigiCert, Inc., CN=DigiCert Trusted G4 Code Signing RSA4096
-        SHA384 2021 CA1
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: ''
-  MD5: 97580157f65612f765f39af594b86697
-  MachineType: AMD64
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: 190c20e130a9156442eebcf913746c69b9485eec
-  SHA256: dd0bd7b8fae8e8835ba09118a02a06a51e111fccbe16916414844aab91cfeed4
-  Signature: ''
-  Imphash: c0f234205c50cc713673353c9653eea1
-  Authentihash:
-    MD5: ec95d1e5166c31748a5a89e873806e01
-    SHA1: d2660a9ec25cbdc57aea05cf0db52dc002387243
-    SHA256: e3a74ac9d23efaa857333a4d8a40ed0026f28575475deeb6eb301fcc0db34efc
-  RichPEHeaderHash:
-    MD5: a67a4612f6326f9410a7d7786fa23fb8
-    SHA1: 5e0e187dd346546b6760a72fba112290192d5268
-    SHA256: d084779e076a8cf4c9571af4aa4d8e90a05e8961cfdbca160b0f7650b89201ce
-  Sections:
-    .text:
-      Entropy: 6.233769413631696
-      Virtual Size: '0x16d6'
-    .rdata:
-      Entropy: 3.795906601575476
-      Virtual Size: '0x560'
-    .data:
-      Entropy: 1.0016266655996542
-      Virtual Size: '0x70'
-    .pdata:
-      Entropy: 3.6388631234896605
-      Virtual Size: '0xf0'
-    .gfids:
-      Entropy: 0.8112781244591328
-      Virtual Size: '0x4'
-    INIT:
-      Entropy: 5.1223780436654796
-      Virtual Size: '0x476'
-    .reloc:
-      Entropy: 2.4940954395801547
-      Virtual Size: '0x18'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2017-08-21 05:25:03'
-  InternalName: ''
-  Copyright: ''
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - RtlCompareMemory
-  - KeInitializeEvent
-  - KeWaitForSingleObject
-  - MmMapLockedPagesSpecifyCache
-  - MmMapIoSpace
-  - MmUnmapIoSpace
-  - MmAllocateContiguousMemorySpecifyCache
-  - MmFreeContiguousMemorySpecifyCache
-  - IoBuildSynchronousFsdRequest
-  - IofCallDriver
-  - IofCompleteRequest
-  - MmGetPhysicalAddress
-  - __C_specific_handler
-  - _wcsnicmp
-  - RtlInitString
-  - RtlInitUnicodeString
-  - RtlAnsiStringToUnicodeString
-  - RtlFreeUnicodeString
-  - KeInitializeSpinLock
-  - ExAllocatePool
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - ExInterlockedInsertTailList
-  - IoBuildDeviceIoControlRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ObReferenceObjectByName
-  - ObQueryNameString
-  - IoDriverObjectType
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=US, ST=California, L=Campbell, O=Phoenix Technologies Ltd., CN=Phoenix
-        Technologies Ltd.
-      ValidFrom: '2015-01-07 00:00:00'
-      ValidTo: '2018-02-05 23:59:59'
-      Signature: d5f6b528948bb2bcc237002b1e5c892eeff9b293f7623bebbd811a1ea79fcafafc79cb936b4ad2b9e472f2102d0f49ef135883d7467fa3341bde8e67073a05a4ff28c658b263f37402f81663d37270b3763c93750d868519acd37806b3858eeae68eea4bbba1b7f35097ec51356fb8528ae75e170cff984b4c0a1f1c24fe2db55ac3e9a32cfa5c6ee207dcb001e1bcaeae1e4cd4771b3cf3ed0471c1d36f1be6003ad67a2682d607d2ac7bc64baa66b1ff0d99c5b62a258df9feb09ffc7f77ea2dfa187beeb1ce077d111a7e5614a218796885a8328113e91620091feb6c5b906db8e09344e3d9ad5571737076a6d5a506775f71dc6e712d0acabe342f5d1a3b
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 398dac5aceed96bd2722943deb287519
-      Version: 3
-      TBS:
-        MD5: 6be1b0e46d009e1aca49365bf2d882a5
-        SHA1: b8c19cce8c4b08d110c3a60b152752b081fac4f8
-        SHA256: 1b444d28fb526dac9de47b8d5cd9a9379b540bc426fa93d284d3bd8099681853
-        SHA384: 4d4e0dbf395dd65f6932bd2438b0ecafb7504758692ef15b500af2d2a280e7da0f512536ea7432d9ed143aa30a255ab0
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 398dac5aceed96bd2722943deb287519
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: ''
-  MD5: 4124de3cb72f5dfd7288389862b03f2a
-  MachineType: AMD64
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: 0cac0dbaa7adb7bba6e92c7cd2d514be7e86a914
-  SHA256: e34afe0a8c5459d13e7a11f20d62c7762b2a55613aaf6dbeb887e014b5f19295
-  Signature: ''
-  Imphash: 304c4fcf70cfc8299a3b6eed8e7bbb31
-  Authentihash:
-    MD5: f5bdaccb8d5ea6fdd229f2829ade9810
-    SHA1: a191e684c3d55db3a913953370662517e5c78557
-    SHA256: e2decc56788d257ce7f6b1915c90ea5a54fb5232f2bf9f311958de495a4eb308
-  RichPEHeaderHash:
-    MD5: 0327cc0517e0e9e56e4df1dacde75bf9
-    SHA1: 9db1868fc10605233cc1884fe998c8d22f955a3e
-    SHA256: 96fcbbe4e69ad34caa02d8782a75a118481861950a0c08b454a8dc33263f051a
-  Sections:
-    .text:
-      Entropy: 6.275841877690812
-      Virtual Size: '0x16e6'
-    .rdata:
-      Entropy: 4.290029733666166
-      Virtual Size: '0x224'
-    .data:
-      Entropy: 0.39234506256522045
-      Virtual Size: '0x178'
-    .pdata:
-      Entropy: 3.528417870227104
-      Virtual Size: '0x9c'
-    INIT:
-      Entropy: 5.141506839882625
-      Virtual Size: '0x46a'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2012-05-24 01:24:16'
-  InternalName: ''
-  Copyright: ''
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - ExAllocatePoolWithTag
-  - IoBuildDeviceIoControlRequest
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - RtlAnsiStringToUnicodeString
-  - MmMapLockedPages
-  - _wcsnicmp
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeInitializeEvent
-  - RtlInitString
-  - RtlFreeUnicodeString
-  - ObQueryNameString
-  - IoDriverObjectType
-  - ExAllocatePool
-  - ExInterlockedInsertTailList
-  - IofCompleteRequest
-  - KeWaitForSingleObject
-  - IoCreateSymbolicLink
-  - ObReferenceObjectByName
-  - IoCreateDevice
-  - IofCallDriver
-  - MmFreeContiguousMemorySpecifyCache
-  - IoBuildSynchronousFsdRequest
-  - MmUnmapIoSpace
-  - MmGetPhysicalAddress
-  - MmMapIoSpace
-  - RtlCompareMemory
-  - MmAllocateContiguousMemorySpecifyCache
-  - KeBugCheckEx
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G3
-      ValidFrom: '2012-05-01 00:00:00'
-      ValidTo: '2012-12-31 23:59:59'
-      Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
-      Version: 3
-      TBS:
-        MD5: e6d820afb23af20a65cf0b03247ea05e
-        SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
-        SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
-        SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=US, ST=California, L=Milpitas, O=Phoenix Technologies Ltd., OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=CSS Core Features Development,
-        CN=Phoenix Technologies Ltd.
-      ValidFrom: '2012-02-10 00:00:00'
-      ValidTo: '2015-01-20 23:59:59'
-      Signature: 03f3af2715275ae4aea73cc3387ada6f28c483162f0ab9360ce1df19ac11646bf9da729498ff91a84d2932723519f46e49e65e586c62461c324767efaf4bec49fc76efb838154a60c4a41691313048ae814797fa92dc01c4956208a431cfd83d5a4a05494f215efd7cfbc95590ca849d9297bae4147314da22a069570652e026432cf6a7f2184a312d34fc2e45576eafeb0cd41d7236eb91e7650b193a44573244e659b34a6e144d65be79be419a3e43e9a98e45296a75e0d12a86bbac1d9213e032895831ac4e6c62391b25762af8a57c7a49e97007f4e50a6ed121d264ae2fc47c940f30f862116f984a631bcd274fb99b9bdbe258db35c3e9cc55c13f214f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 46e79b91ebefa4d3229b32650e85d0fb
-      Version: 3
-      TBS:
-        MD5: 1d13dffe16459c7c342c031c57a7b495
-        SHA1: 4bb8ae412d1b92f9d2bc840a07822859dafa8ec2
-        SHA256: 2883db9a3e15244ed3e95244eb4cbdcd8240e81684975a5b8a241fa183a0fea7
-        SHA384: 3bf18f6b4af1c8acc05c0e039768caedd2bb966b07f841965a86b3493c1b6c791dacbd0bc0c29aac4325018d108a717b
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 46e79b91ebefa4d3229b32650e85d0fb
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create TdkLib64sys binPath= C:\windows\temp\TdkLib64sys.sys type=kernel
+        && sc.exe start TdkLib64sys
+    Description: The Carbon Black Threat Analysis Unit (TAU) discovered 34 unique
+        vulnerable drivers (237 file hashes) accepting firmware access. Six allow
+        kernel memory access. All give full control of the devices to non-admin users.
+        By exploiting the vulnerable drivers, an attacker without the system privilege
+        may erase/alter firmware, and/or elevate privileges. As of the time of writing
+        in October 2023, the filenames of the vulnerable drivers have not been made
+        public until now.
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://blogs.vmware.com/security/2023/10/hunting-vulnerable-kernel-drivers.html
-Tags:
-- TdkLib64.sys
-Verified: 'TRUE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: ''
+    MD5: 7314c2bc19c6608d511ef36e17a12c98
+    MachineType: AMD64
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: c00ad2a252b53cf2d0dc74b53d1af987982e1ad1
+    SHA256: 2695390a8a7448390fe383beb1eee06d582202683f0273d6e72ef39a8cf709e1
+    Signature: ''
+    Imphash: 8e89024d2c0ef0451c12b956a2b55b91
+    Authentihash:
+        MD5: 17fe30c93301824a424f2d61c442692b
+        SHA1: 4a6afd367eaea9dadcf0eb27d8c074d56d5cdd26
+        SHA256: bcf811040c7552a2c93409a6cd2d63f8abbae121acca012e0b7f4fdc0b6a6b8b
+    RichPEHeaderHash:
+        MD5: 8f43a88419886c03fe023e6e8bb424ec
+        SHA1: 7ca56dcd8c21d29497c64b97c2c2846e6486f2e0
+        SHA256: f7a34264dabf38ed51b3d3503cece6cb253df2c04b124f919fcadfce53b4e15d
+    Sections:
+        .text:
+            Entropy: 6.314187537396625
+            Virtual Size: '0x1866'
+        .rdata:
+            Entropy: 4.2312816252942325
+            Virtual Size: '0x238'
+        .data:
+            Entropy: 0.39234506256522045
+            Virtual Size: '0x178'
+        .pdata:
+            Entropy: 3.55456901993206
+            Virtual Size: '0x9c'
+        INIT:
+            Entropy: 5.137238819476553
+            Virtual Size: '0x4ac'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2013-02-26 00:40:56'
+    InternalName: ''
+    Copyright: ''
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - ExAllocatePoolWithTag
+    - IoBuildDeviceIoControlRequest
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - RtlAnsiStringToUnicodeString
+    - MmMapLockedPages
+    - _wcsnicmp
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeInitializeEvent
+    - RtlInitString
+    - RtlFreeUnicodeString
+    - ObQueryNameString
+    - IoDriverObjectType
+    - ExAllocatePool
+    - ExInterlockedInsertTailList
+    - IofCompleteRequest
+    - KeWaitForSingleObject
+    - IoCreateSymbolicLink
+    - ObReferenceObjectByName
+    - IoCreateDevice
+    - IofCallDriver
+    - MmFreeContiguousMemorySpecifyCache
+    - IoBuildSynchronousFsdRequest
+    - KeReleaseSpinLock
+    - MmUnmapIoSpace
+    - MmGetPhysicalAddress
+    - MmMapIoSpace
+    - RtlCompareMemory
+    - MmAllocateContiguousMemorySpecifyCache
+    - KeAcquireSpinLockRaiseToDpc
+    - KeBugCheckEx
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=US, ST=California, L=Milpitas, O=Phoenix Technologies Ltd.,
+                OU=Digital ID Class 3 , Microsoft Software Validation v2, OU=CSS Core
+                Features Development, CN=Phoenix Technologies Ltd.
+            ValidFrom: '2012-02-10 00:00:00'
+            ValidTo: '2015-01-20 23:59:59'
+            Signature: 03f3af2715275ae4aea73cc3387ada6f28c483162f0ab9360ce1df19ac11646bf9da729498ff91a84d2932723519f46e49e65e586c62461c324767efaf4bec49fc76efb838154a60c4a41691313048ae814797fa92dc01c4956208a431cfd83d5a4a05494f215efd7cfbc95590ca849d9297bae4147314da22a069570652e026432cf6a7f2184a312d34fc2e45576eafeb0cd41d7236eb91e7650b193a44573244e659b34a6e144d65be79be419a3e43e9a98e45296a75e0d12a86bbac1d9213e032895831ac4e6c62391b25762af8a57c7a49e97007f4e50a6ed121d264ae2fc47c940f30f862116f984a631bcd274fb99b9bdbe258db35c3e9cc55c13f214f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 46e79b91ebefa4d3229b32650e85d0fb
+            Version: 3
+            TBS:
+                MD5: 1d13dffe16459c7c342c031c57a7b495
+                SHA1: 4bb8ae412d1b92f9d2bc840a07822859dafa8ec2
+                SHA256: 2883db9a3e15244ed3e95244eb4cbdcd8240e81684975a5b8a241fa183a0fea7
+                SHA384: 3bf18f6b4af1c8acc05c0e039768caedd2bb966b07f841965a86b3493c1b6c791dacbd0bc0c29aac4325018d108a717b
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 46e79b91ebefa4d3229b32650e85d0fb
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: ''
+    MD5: 251e1ce4e8e9b9418830ed3dc8edd5e3
+    MachineType: AMD64
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: 64d0447cbb0d6a45010b94eb9d5b0b90296edcbf
+    SHA256: 31e2e5c3290989e8624820cf5af886fd778ee8187fed593f33a6178f65103f37
+    Signature: ''
+    Imphash: ca07de87d444c1d2d10e16e9dcc2dc19
+    Authentihash:
+        MD5: 30b8c9b7e0cfc6d8cae8171887635007
+        SHA1: 28fcbce6c60bc9f0e815dd339f1c08fa4cc80dd7
+        SHA256: 9ff4ef4bc143cb8df2ae2f800d5124b117456b2e04d4c33db766b7e8e21ea048
+    RichPEHeaderHash:
+        MD5: 3c8c51e1eb7199bab0758c589bcfb301
+        SHA1: 2387e8750ceb0d1e37ca2845989a8983ce655714
+        SHA256: f121b3b9af4b659fbdc303a12a03ba74c2959eff5a6ee58b43fa29a87ffed9ef
+    Sections:
+        .text:
+            Entropy: 6.26714133499097
+            Virtual Size: '0x1956'
+        .rdata:
+            Entropy: 4.164220940594536
+            Virtual Size: '0x264'
+        .data:
+            Entropy: 0.39234506256522045
+            Virtual Size: '0x178'
+        .pdata:
+            Entropy: 3.5969790202257848
+            Virtual Size: '0xb4'
+        INIT:
+            Entropy: 5.150733446279817
+            Virtual Size: '0x48a'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2017-07-21 05:02:14'
+    InternalName: ''
+    Copyright: ''
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - ExAllocatePoolWithTag
+    - IoBuildDeviceIoControlRequest
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - RtlAnsiStringToUnicodeString
+    - MmMapLockedPages
+    - _wcsnicmp
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeInitializeEvent
+    - RtlInitString
+    - RtlFreeUnicodeString
+    - ObQueryNameString
+    - IoDriverObjectType
+    - ExAllocatePool
+    - ExInterlockedInsertTailList
+    - IofCompleteRequest
+    - KeWaitForSingleObject
+    - IoCreateSymbolicLink
+    - ObReferenceObjectByName
+    - IoCreateDevice
+    - IofCallDriver
+    - MmFreeContiguousMemorySpecifyCache
+    - IoBuildSynchronousFsdRequest
+    - MmUnmapIoSpace
+    - MmGetPhysicalAddress
+    - MmMapIoSpace
+    - RtlCompareMemory
+    - MmAllocateContiguousMemorySpecifyCache
+    - KeBugCheckEx
+    - __C_specific_handler
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=US, ST=California, L=Campbell, O=Phoenix Technologies Ltd.,
+                CN=Phoenix Technologies Ltd.
+            ValidFrom: '2015-01-07 00:00:00'
+            ValidTo: '2018-02-05 23:59:59'
+            Signature: d5f6b528948bb2bcc237002b1e5c892eeff9b293f7623bebbd811a1ea79fcafafc79cb936b4ad2b9e472f2102d0f49ef135883d7467fa3341bde8e67073a05a4ff28c658b263f37402f81663d37270b3763c93750d868519acd37806b3858eeae68eea4bbba1b7f35097ec51356fb8528ae75e170cff984b4c0a1f1c24fe2db55ac3e9a32cfa5c6ee207dcb001e1bcaeae1e4cd4771b3cf3ed0471c1d36f1be6003ad67a2682d607d2ac7bc64baa66b1ff0d99c5b62a258df9feb09ffc7f77ea2dfa187beeb1ce077d111a7e5614a218796885a8328113e91620091feb6c5b906db8e09344e3d9ad5571737076a6d5a506775f71dc6e712d0acabe342f5d1a3b
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 398dac5aceed96bd2722943deb287519
+            Version: 3
+            TBS:
+                MD5: 6be1b0e46d009e1aca49365bf2d882a5
+                SHA1: b8c19cce8c4b08d110c3a60b152752b081fac4f8
+                SHA256: 1b444d28fb526dac9de47b8d5cd9a9379b540bc426fa93d284d3bd8099681853
+                SHA384: 4d4e0dbf395dd65f6932bd2438b0ecafb7504758692ef15b500af2d2a280e7da0f512536ea7432d9ed143aa30a255ab0
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 398dac5aceed96bd2722943deb287519
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: ''
+    MD5: dc9be271f403e2278071d6ece408ff28
+    MachineType: AMD64
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: 42f6bfcf558ef6da9254ed263a89abf4e909b5d5
+    SHA256: 38e6d7c2787b6289629c72b1ec87655392267044b4e4b830c0232243657ee8f9
+    Signature: ''
+    Imphash: c0f234205c50cc713673353c9653eea1
+    Authentihash:
+        MD5: 9b955306140aa5e1a96b98d4da9808af
+        SHA1: 1a5d50a3ad402e1e8f84b488e11876a79603bd3c
+        SHA256: 34f26fbfb72329cbb7f25d2b40cb0f553e1a80373972bcdad62c3c6284d5b2b1
+    RichPEHeaderHash:
+        MD5: 25af09332fac379f7e0cc3e44f5ee2eb
+        SHA1: c466b153ee4a7f6e3ff475b143a2f6fceb4cb671
+        SHA256: 1fd199f99fc5a48efc818862e04d5ee7e6040afa402c188f6d13c8a00e075ccf
+    Sections:
+        .text:
+            Entropy: 6.216920679033498
+            Virtual Size: '0x1646'
+        .rdata:
+            Entropy: 3.785676432274506
+            Virtual Size: '0x554'
+        .data:
+            Entropy: 1.0016266655996542
+            Virtual Size: '0x70'
+        .pdata:
+            Entropy: 3.582377041805425
+            Virtual Size: '0xc0'
+        INIT:
+            Entropy: 5.1282156081728365
+            Virtual Size: '0x476'
+        .reloc:
+            Entropy: 2.5638651219508537
+            Virtual Size: '0x14'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2018-10-15 06:03:36'
+    InternalName: ''
+    Copyright: ''
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - RtlCompareMemory
+    - KeInitializeEvent
+    - KeWaitForSingleObject
+    - MmMapLockedPagesSpecifyCache
+    - MmMapIoSpace
+    - MmUnmapIoSpace
+    - MmAllocateContiguousMemorySpecifyCache
+    - MmFreeContiguousMemorySpecifyCache
+    - IoBuildSynchronousFsdRequest
+    - IofCallDriver
+    - IofCompleteRequest
+    - MmGetPhysicalAddress
+    - __C_specific_handler
+    - _wcsnicmp
+    - RtlInitString
+    - RtlInitUnicodeString
+    - RtlAnsiStringToUnicodeString
+    - RtlFreeUnicodeString
+    - KeInitializeSpinLock
+    - ExAllocatePool
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - ExInterlockedInsertTailList
+    - IoBuildDeviceIoControlRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - ObReferenceObjectByName
+    - ObQueryNameString
+    - IoDriverObjectType
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 Extended Validation Code Signing CA , G2
+            ValidFrom: '2014-03-04 00:00:00'
+            ValidTo: '2024-03-03 23:59:59'
+            Signature: 3f5b19f3fa13d575382a5aee9f5aa04ca91dc5cc94eede15fef5106ea41ba56483541858c40b28a185c34e74e5ff897cfed5ed3cba719f5602268f162a88feb0a32722ce4be2388e00a63a865f9de53ea8de644941744121fd07c88417da1d653082cb264f39d60427a481b14b49c3238b7e02321827b7ab0bf31872b6a4ee67066f38a6588de0f17e5da460c6a8e5505fe0e8bae28f9958b6b5a0a876f1a2f11c8841727e52979b0a36998d50f701eb3ce7f0226ae5358c63368a1ab1d967665f971aefa8209df02fba6cced9948500f158f17dc97c22b5075d02c6e60bbfab9393ff27188e33367e5734f1c3af04c184f156b3e8878336f8d30a31dc6e2c6d
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 191a32cb759c97b8cfac118dd5127f49
+            Version: 3
+            TBS:
+                MD5: 788b61bd26da89253179e3de2cdb527f
+                SHA1: 7d06f16e7bf21bce4f71c2cb7a3e74351451bf69
+                SHA256: b3c925b4048c3f7c444d248a2b101186b57cba39596eb5dce0e17a4ee4b32f19
+                SHA384: 2955e28cb7ec0ea9730b499a0f189f9621eceb02591a9486b583f12bb845885a30d6a871826318a167cc5f06b274e58c
+        -   Subject: ??=US, ??=Delaware, ??=Campbell, ??=Private Organization, serialNumber=2106032,
+                C=US, ST=California, L=Campbell, O=Phoenix Technologies Ltd., CN=Phoenix
+                Technologies Ltd.
+            ValidFrom: '2018-03-09 00:00:00'
+            ValidTo: '2021-03-08 23:59:59'
+            Signature: 3bcdb9c165b3148a5fe97e79c78478ea9c723aeb006aea07153b60bf9989582ecc691d64dc320226d6713610b188ae5046dd2d9c8a921bc778c13f6e5483e2543456004c9beb0d89872c993db902579433690b6abdb27259063c5a04ad2659dd7081b5f57d0202bf9c3407787005eec2470328b43f2ca2814482c4bcbcc742090493fc6198d4eae9c8957f132a7c33104fce83e96e23a60046149b99bba10b3e17a1faf3edc2fbacdf2e9969667a3bb353511a8fbcc1461d491b42f1f1ef87bd2fac6d087e585551ae4925adb80d9e899e6be9e4b5131c12cf4b94fd390854671f7b0b4aeaef452c608ae7f80c5853beaa4ae9569b240d4c4e0489502500569c
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 411882032859087bea5fdd62c591749a
+            Version: 3
+            TBS:
+                MD5: 01e3c1335693d085eb16e91794ae8bc9
+                SHA1: 74c6122a0fe3aece8641010636bba0386886d560
+                SHA256: 2a12b6e798b6d54f362772299d947e96ca207b7eff907128637288c91eeff5ae
+                SHA384: 1ec4aa55a8ca4cb8ed1d4bcdace16f0e5ddf0300fff39251f933da55cd8a67e967ed907b3dc9db732df4070a56a51e07
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        Signer:
+        -   SerialNumber: 411882032859087bea5fdd62c591749a
+            Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 Extended Validation Code Signing CA , G2
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: ''
+    MD5: 67b5b8607234bf63ce1e6a52b4a05f87
+    MachineType: AMD64
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: c40ff3ebf6b5579108165be63250634823db32ec
+    SHA256: 39f137083e6c0200543e1f8d3c074f857d141bdb8c8f09338d48520537b881aa
+    Signature: ''
+    Imphash: c314c92b5c25c6f4323e3efaf8bde47a
+    Authentihash:
+        MD5: 170f46d50f022ad74eda4920a382ad7f
+        SHA1: 8a156e7fed2b688235377e5febf83fe5ea028622
+        SHA256: 5c3ac6f22b3f1614ad0c01c180421f7588460accba5065562bf735d24bd3c674
+    RichPEHeaderHash:
+        MD5: bb8d67432230dce7ef11d870c022c480
+        SHA1: 83e709fde888662a077707203763bafe861a6d97
+        SHA256: dc6dd9b2a9c544641f89800edd094d239c96e27f51938edb4a648804e362da07
+    Sections:
+        .text:
+            Entropy: 6.302108109098436
+            Virtual Size: '0x18c6'
+        .rdata:
+            Entropy: 3.8585240433380035
+            Virtual Size: '0x59c'
+        .data:
+            Entropy: 7.274350554405162
+            Virtual Size: '0x290'
+        .pdata:
+            Entropy: 3.622170128314206
+            Virtual Size: '0xf0'
+        INIT:
+            Entropy: 5.160676316276597
+            Virtual Size: '0x45c'
+        .reloc:
+            Entropy: 2.7588718484453603
+            Virtual Size: '0x14'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2020-05-27 04:42:38'
+    InternalName: ''
+    Copyright: ''
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - RtlCompareMemory
+    - KeInitializeEvent
+    - KeWaitForSingleObject
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - MmMapIoSpace
+    - MmUnmapIoSpace
+    - MmAllocateContiguousMemorySpecifyCache
+    - MmFreeContiguousMemorySpecifyCache
+    - IoBuildSynchronousFsdRequest
+    - IofCallDriver
+    - IofCompleteRequest
+    - MmGetPhysicalAddress
+    - __C_specific_handler
+    - _wcsnicmp
+    - RtlInitString
+    - RtlInitUnicodeString
+    - RtlAnsiStringToUnicodeString
+    - RtlFreeUnicodeString
+    - KeInitializeSpinLock
+    - ExInterlockedInsertTailList
+    - MmMapLockedPagesSpecifyCache
+    - IoBuildDeviceIoControlRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - ObReferenceObjectByName
+    - ObQueryNameString
+    - IoDriverObjectType
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 Extended Validation Code Signing CA , G2
+            ValidFrom: '2014-03-04 00:00:00'
+            ValidTo: '2024-03-03 23:59:59'
+            Signature: 3f5b19f3fa13d575382a5aee9f5aa04ca91dc5cc94eede15fef5106ea41ba56483541858c40b28a185c34e74e5ff897cfed5ed3cba719f5602268f162a88feb0a32722ce4be2388e00a63a865f9de53ea8de644941744121fd07c88417da1d653082cb264f39d60427a481b14b49c3238b7e02321827b7ab0bf31872b6a4ee67066f38a6588de0f17e5da460c6a8e5505fe0e8bae28f9958b6b5a0a876f1a2f11c8841727e52979b0a36998d50f701eb3ce7f0226ae5358c63368a1ab1d967665f971aefa8209df02fba6cced9948500f158f17dc97c22b5075d02c6e60bbfab9393ff27188e33367e5734f1c3af04c184f156b3e8878336f8d30a31dc6e2c6d
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 191a32cb759c97b8cfac118dd5127f49
+            Version: 3
+            TBS:
+                MD5: 788b61bd26da89253179e3de2cdb527f
+                SHA1: 7d06f16e7bf21bce4f71c2cb7a3e74351451bf69
+                SHA256: b3c925b4048c3f7c444d248a2b101186b57cba39596eb5dce0e17a4ee4b32f19
+                SHA384: 2955e28cb7ec0ea9730b499a0f189f9621eceb02591a9486b583f12bb845885a30d6a871826318a167cc5f06b274e58c
+        -   Subject: ??=US, ??=Delaware, ??=Campbell, ??=Private Organization, serialNumber=2106032,
+                C=US, ST=California, L=Campbell, O=Phoenix Technologies Ltd., CN=Phoenix
+                Technologies Ltd.
+            ValidFrom: '2018-03-09 00:00:00'
+            ValidTo: '2021-03-08 23:59:59'
+            Signature: 3bcdb9c165b3148a5fe97e79c78478ea9c723aeb006aea07153b60bf9989582ecc691d64dc320226d6713610b188ae5046dd2d9c8a921bc778c13f6e5483e2543456004c9beb0d89872c993db902579433690b6abdb27259063c5a04ad2659dd7081b5f57d0202bf9c3407787005eec2470328b43f2ca2814482c4bcbcc742090493fc6198d4eae9c8957f132a7c33104fce83e96e23a60046149b99bba10b3e17a1faf3edc2fbacdf2e9969667a3bb353511a8fbcc1461d491b42f1f1ef87bd2fac6d087e585551ae4925adb80d9e899e6be9e4b5131c12cf4b94fd390854671f7b0b4aeaef452c608ae7f80c5853beaa4ae9569b240d4c4e0489502500569c
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 411882032859087bea5fdd62c591749a
+            Version: 3
+            TBS:
+                MD5: 01e3c1335693d085eb16e91794ae8bc9
+                SHA1: 74c6122a0fe3aece8641010636bba0386886d560
+                SHA256: 2a12b6e798b6d54f362772299d947e96ca207b7eff907128637288c91eeff5ae
+                SHA384: 1ec4aa55a8ca4cb8ed1d4bcdace16f0e5ddf0300fff39251f933da55cd8a67e967ed907b3dc9db732df4070a56a51e07
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        Signer:
+        -   SerialNumber: 411882032859087bea5fdd62c591749a
+            Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 Extended Validation Code Signing CA , G2
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: ''
+    MD5: 278761b706276f9b49e1e2fd21b9cb07
+    MachineType: AMD64
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: 1a40773dc430d7cb102710812b8c61fc51dfb79b
+    SHA256: 4c807bacfcf5c30686e26812ec8d5581a824b82fee7434260c27c33eee2dfbe2
+    Signature: ''
+    Imphash: 08ab07a2bc35aea02cd6d1efbb954cb3
+    Authentihash:
+        MD5: f6bbe66fb5bb6f2267ff6a4f539c1750
+        SHA1: 6bd9a4ceb35bdf8cf449d85b9c1424dec1482638
+        SHA256: 8866f6e762dd7dea58c9e9486da53d716f3ae61048a8a10f8033b60fb5028914
+    RichPEHeaderHash:
+        MD5: 47afc8a42199c7b0e213ec7bad562ce0
+        SHA1: 3217e5687b42d4bf1492aabbaa815542c442c65a
+        SHA256: 3036df2e8a70d607b5b1406c6fc1598f1adc560ae779b5dfb13d873e748794b0
+    Sections:
+        .text:
+            Entropy: 6.27156267705071
+            Virtual Size: '0x1616'
+        .rdata:
+            Entropy: 3.920535734118554
+            Virtual Size: '0x558'
+        .data:
+            Entropy: 1.0016266655996542
+            Virtual Size: '0x70'
+        .pdata:
+            Entropy: 3.6754740871125398
+            Virtual Size: '0xf0'
+        .gfids:
+            Entropy: 0.8112781244591328
+            Virtual Size: '0x4'
+        INIT:
+            Entropy: 5.107312631252296
+            Virtual Size: '0x456'
+        .reloc:
+            Entropy: 2.7500000000000004
+            Virtual Size: '0x18'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2017-03-02 18:26:04'
+    InternalName: ''
+    Copyright: ''
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - RtlCompareMemory
+    - KeInitializeEvent
+    - KeWaitForSingleObject
+    - MmMapLockedPagesSpecifyCache
+    - MmMapIoSpace
+    - MmUnmapIoSpace
+    - MmAllocateContiguousMemorySpecifyCache
+    - MmFreeContiguousMemorySpecifyCache
+    - IoBuildSynchronousFsdRequest
+    - IofCallDriver
+    - IofCompleteRequest
+    - MmGetPhysicalAddress
+    - _wcsnicmp
+    - RtlInitString
+    - RtlInitUnicodeString
+    - RtlAnsiStringToUnicodeString
+    - RtlFreeUnicodeString
+    - KeInitializeSpinLock
+    - ExAllocatePool
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - ExInterlockedInsertTailList
+    - IoBuildDeviceIoControlRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - ObReferenceObjectByName
+    - ObQueryNameString
+    - IoDriverObjectType
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=US, ST=California, L=Campbell, O=Phoenix Technologies Ltd.,
+                CN=Phoenix Technologies Ltd.
+            ValidFrom: '2015-01-07 00:00:00'
+            ValidTo: '2018-02-05 23:59:59'
+            Signature: d5f6b528948bb2bcc237002b1e5c892eeff9b293f7623bebbd811a1ea79fcafafc79cb936b4ad2b9e472f2102d0f49ef135883d7467fa3341bde8e67073a05a4ff28c658b263f37402f81663d37270b3763c93750d868519acd37806b3858eeae68eea4bbba1b7f35097ec51356fb8528ae75e170cff984b4c0a1f1c24fe2db55ac3e9a32cfa5c6ee207dcb001e1bcaeae1e4cd4771b3cf3ed0471c1d36f1be6003ad67a2682d607d2ac7bc64baa66b1ff0d99c5b62a258df9feb09ffc7f77ea2dfa187beeb1ce077d111a7e5614a218796885a8328113e91620091feb6c5b906db8e09344e3d9ad5571737076a6d5a506775f71dc6e712d0acabe342f5d1a3b
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 398dac5aceed96bd2722943deb287519
+            Version: 3
+            TBS:
+                MD5: 6be1b0e46d009e1aca49365bf2d882a5
+                SHA1: b8c19cce8c4b08d110c3a60b152752b081fac4f8
+                SHA256: 1b444d28fb526dac9de47b8d5cd9a9379b540bc426fa93d284d3bd8099681853
+                SHA384: 4d4e0dbf395dd65f6932bd2438b0ecafb7504758692ef15b500af2d2a280e7da0f512536ea7432d9ed143aa30a255ab0
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 398dac5aceed96bd2722943deb287519
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: ''
+    MD5: 2a8662e91a51d8e04a94fa580c7d3828
+    MachineType: AMD64
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: b62c5bae9c6541620379115a7ba0036ecfa19537
+    SHA256: 506f56996fbcd34ff8a27e6948a2e2e21e6dbf42dab6e3a6438402000b969fd1
+    Signature: ''
+    Imphash: 304c4fcf70cfc8299a3b6eed8e7bbb31
+    Authentihash:
+        MD5: 284bf44bdeda4a63582117174153f763
+        SHA1: f682aeabaf6797e57d971eb3cca5fd16f7b75ac0
+        SHA256: 5dc477cc45e4c1421296373adef9f5795fb9f5035f1400c72bb37678ad7f8954
+    RichPEHeaderHash:
+        MD5: 0327cc0517e0e9e56e4df1dacde75bf9
+        SHA1: 9db1868fc10605233cc1884fe998c8d22f955a3e
+        SHA256: 96fcbbe4e69ad34caa02d8782a75a118481861950a0c08b454a8dc33263f051a
+    Sections:
+        .text:
+            Entropy: 6.316270781738273
+            Virtual Size: '0x1836'
+        .rdata:
+            Entropy: 4.306195224448444
+            Virtual Size: '0x228'
+        .data:
+            Entropy: 0.39234506256522045
+            Virtual Size: '0x178'
+        .pdata:
+            Entropy: 3.5124548894856105
+            Virtual Size: '0x9c'
+        INIT:
+            Entropy: 5.141506839882625
+            Virtual Size: '0x46a'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2013-07-11 20:37:28'
+    InternalName: ''
+    Copyright: ''
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - ExAllocatePoolWithTag
+    - IoBuildDeviceIoControlRequest
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - RtlAnsiStringToUnicodeString
+    - MmMapLockedPages
+    - _wcsnicmp
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeInitializeEvent
+    - RtlInitString
+    - RtlFreeUnicodeString
+    - ObQueryNameString
+    - IoDriverObjectType
+    - ExAllocatePool
+    - ExInterlockedInsertTailList
+    - IofCompleteRequest
+    - KeWaitForSingleObject
+    - IoCreateSymbolicLink
+    - ObReferenceObjectByName
+    - IoCreateDevice
+    - IofCallDriver
+    - MmFreeContiguousMemorySpecifyCache
+    - IoBuildSynchronousFsdRequest
+    - MmUnmapIoSpace
+    - MmGetPhysicalAddress
+    - MmMapIoSpace
+    - RtlCompareMemory
+    - MmAllocateContiguousMemorySpecifyCache
+    - KeBugCheckEx
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=US, ST=California, L=Milpitas, O=Phoenix Technologies Ltd.,
+                OU=Digital ID Class 3 , Microsoft Software Validation v2, OU=CSS Core
+                Features Development, CN=Phoenix Technologies Ltd.
+            ValidFrom: '2012-02-10 00:00:00'
+            ValidTo: '2015-01-20 23:59:59'
+            Signature: 03f3af2715275ae4aea73cc3387ada6f28c483162f0ab9360ce1df19ac11646bf9da729498ff91a84d2932723519f46e49e65e586c62461c324767efaf4bec49fc76efb838154a60c4a41691313048ae814797fa92dc01c4956208a431cfd83d5a4a05494f215efd7cfbc95590ca849d9297bae4147314da22a069570652e026432cf6a7f2184a312d34fc2e45576eafeb0cd41d7236eb91e7650b193a44573244e659b34a6e144d65be79be419a3e43e9a98e45296a75e0d12a86bbac1d9213e032895831ac4e6c62391b25762af8a57c7a49e97007f4e50a6ed121d264ae2fc47c940f30f862116f984a631bcd274fb99b9bdbe258db35c3e9cc55c13f214f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 46e79b91ebefa4d3229b32650e85d0fb
+            Version: 3
+            TBS:
+                MD5: 1d13dffe16459c7c342c031c57a7b495
+                SHA1: 4bb8ae412d1b92f9d2bc840a07822859dafa8ec2
+                SHA256: 2883db9a3e15244ed3e95244eb4cbdcd8240e81684975a5b8a241fa183a0fea7
+                SHA384: 3bf18f6b4af1c8acc05c0e039768caedd2bb966b07f841965a86b3493c1b6c791dacbd0bc0c29aac4325018d108a717b
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 46e79b91ebefa4d3229b32650e85d0fb
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: ''
+    MD5: d6c2e061b21c32c585aca5f38335c21c
+    MachineType: AMD64
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: c32e6cddc7731408c747fd47af3d62861719fd7b
+    SHA256: 5be106b92424b12865338b3f541b3c244dce9693fe15f763316f0c6d6fc073ee
+    Signature: ''
+    Imphash: c314c92b5c25c6f4323e3efaf8bde47a
+    Authentihash:
+        MD5: 4e3e460d4cebf0c109477be5ce7f933c
+        SHA1: ef3256203e0f93ee9d8802a135641decf9fbe2b0
+        SHA256: eb91e05733244a23f741a299e5e4a57836685a8f45366e690bc30b4befc02b14
+    RichPEHeaderHash:
+        MD5: 7dccb668b18d4ec94e70c61adaaa5c5d
+        SHA1: d1e9f09023dc9f3c7def0484190ce457e1b1c02b
+        SHA256: c66ae3ec17228270aa20ecb5af691fbd80ff012b527866cd38575f77a67cb02b
+    Sections:
+        .text:
+            Entropy: 6.302108109098436
+            Virtual Size: '0x18c6'
+        .rdata:
+            Entropy: 3.849325589974584
+            Virtual Size: '0x59c'
+        .data:
+            Entropy: 7.274350554405162
+            Virtual Size: '0x290'
+        .pdata:
+            Entropy: 3.622170128314206
+            Virtual Size: '0xf0'
+        INIT:
+            Entropy: 5.160676316276597
+            Virtual Size: '0x45c'
+        .reloc:
+            Entropy: 2.7588718484453603
+            Virtual Size: '0x14'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2022-02-14 23:48:36'
+    InternalName: ''
+    Copyright: ''
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - RtlCompareMemory
+    - KeInitializeEvent
+    - KeWaitForSingleObject
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - MmMapIoSpace
+    - MmUnmapIoSpace
+    - MmAllocateContiguousMemorySpecifyCache
+    - MmFreeContiguousMemorySpecifyCache
+    - IoBuildSynchronousFsdRequest
+    - IofCallDriver
+    - IofCompleteRequest
+    - MmGetPhysicalAddress
+    - __C_specific_handler
+    - _wcsnicmp
+    - RtlInitString
+    - RtlInitUnicodeString
+    - RtlAnsiStringToUnicodeString
+    - RtlFreeUnicodeString
+    - KeInitializeSpinLock
+    - ExInterlockedInsertTailList
+    - MmMapLockedPagesSpecifyCache
+    - IoBuildDeviceIoControlRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - ObReferenceObjectByName
+    - ObQueryNameString
+    - IoDriverObjectType
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert, Inc., CN=DigiCert Timestamp 2021
+            ValidFrom: '2021-01-01 00:00:00'
+            ValidTo: '2031-01-06 00:00:00'
+            Signature: 481cdcb5e99a23bce71ae7200e8e6746fd427251740a2347a3ab92d225c47059be14a0e52781a54d1415190779f0d104c386d93bbdfe4402664ded69a40ff6b870cf62e8f5514a7879367a27b7f3e7529f93a7ed439e7be7b4dd412289fb87a246034efcf4feb76477635f2352698382fa1a53ed90cc8da117730df4f36539704bf39cd67a7bda0cbc3d32d01bcbf561fc75080076bc810ef8c0e15ccfc41172e71b6449d8229a751542f52d323881daf460a2bab452fb5ce06124254fb2dfc929a8734351dabd63d61f5b9bf72e1b4f131df74a0d717e97b7f43f84ebc1e3a349a1facea7bf56cfba597661895f7ea7b48e6778f93698e1cb28da5b87a68a2f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 0d424ae0be3a88ff604021ce1400f0dd
+            Version: 3
+            TBS:
+                MD5: c0189c338449a42fe8358c2c1fbecc60
+                SHA1: b8ac0ee6875594b80ad86a6df6dd1fa3048c187c
+                SHA256: a43de6baf968a942da017b70769fdb65b3cfb1bbca1f9174da26a7d8aae78ec5
+                SHA384: 76d3a316a5a106050298418cce3beea16100524723d9e3220b0de51bfb6f1c35a5d4c7cd10b358fef7bf94c3e3562150
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Assured
+                ID Timestamping CA
+            ValidFrom: '2016-01-07 12:00:00'
+            ValidTo: '2031-01-07 12:00:00'
+            Signature: 719512e951875669cdefddda7caa637ab378cf06374084ef4b84bfcacf0302fdc5a7c30e20422caf77f32b1f0c215a2ab705341d6aae99f827a266bf09aa60df76a43a930ff8b2d1d87c1962e85e82251ec4ba1c7b2c21e2d65b2c1435430468b2db7502e072c798d63c64e51f4810185f8938614d62462487638c91522caf2989e5781fd60b14a580d7124770b375d59385937eb69267fb536189a8f56b96c0f458690d7cc801b1b92875b7996385228c61ca79947e59fc8c0fe36fb50126b66ca5ee875121e458609bba0c2d2b6da2c47ebbc4252b4702087c49ae13b6e17c424228c61856cf4134b6665db6747bf55633222f2236b24ba24a95d8f5a68e52
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 0aa125d6d6321b7e41e405da3697c215
+            Version: 3
+            TBS:
+                MD5: 8d26184fc613f89aba1cefb30fce1b53
+                SHA1: 63a7e376bad5ec2e419d514a403bcf46c8d31d95
+                SHA256: 56b5f0d9db578e3f142921daa387902722a76700375c7e1c4ae0ba004bacaa0c
+                SHA384: d8c9691fe9dbe182f07b49b07fbb4f589fa7b38b5c4d21f265d3a2e818f4b1bfb39e03faab2ec05bb10333a99914fb8a
+        -   Subject: ??=US, ??=Delaware, ??=Private Organization, serialNumber=3966158,
+                C=US, ST=Oregon, L=Beaverton, O=Phoenix Technologies Inc, CN=Phoenix
+                Technologies Inc
+            ValidFrom: '2021-02-18 00:00:00'
+            ValidTo: '2024-04-09 23:59:59'
+            Signature: 6e6816a7a16a5cddeb3e3ae55f7006571e82f0c6de89312a3c25079848bce77ded4339b83eb59e320c67fa5893f6490b39281a49e88d3217c6811d8f1754700660f46b10958431fd6ec9c5c13f9ee1c8709ac8544a160c04dfa2e399aaf66f1f90f6e1f802a2682edfd6070da89d6a3d588667fdb66769a0e032cfedd4980d87fa6643449d6e886c91f7c6ac3abae3d4b58c92959f13e46622d86cfd105a86f3f30e3c7cd00983d368b466d10e5401eb6b5a2f6eaab248573691bbd990f50766c02af12842e128dcbc2eca1c373063d9b3e55c13291099360db6cb89360d2d19ebf16c79488c80471ad6153ec1411a5d2fcea3c5d3f773f2247bc3ff55902eb9
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 01bee7b15e85c862c8f6bb0509d7272a
+            Version: 3
+            TBS:
+                MD5: 803395cf9897c5a2f1dd15a172082631
+                SHA1: e814fd62616c96b050d5c803d3a37cf201c60d83
+                SHA256: 640d5d1d4c108ea59c06bc589de7749c31222f9c218cf6aa8c41638c8158a458
+                SHA384: 8303b0686b352326040753d8f397192127a0b3d921a67d08a5d273375439cb8f9b050779088021c1426067a475268c75
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA (SHA2)
+            ValidFrom: '2012-04-18 12:00:00'
+            ValidTo: '2027-04-18 12:00:00'
+            Signature: 19334a0c813337dbad36c9e4c93abbb51b2e7aa2e2f44342179ebf4ea14de1b1dbe981dd9f01f2e488d5e9fe09fd21c1ec5d80d2f0d6c143c2fe772bdbf9d79133ce6cd5b2193be62ed6c9934f88408ecde1f57ef10fc6595672e8eb6a41bd1cd546d57c49ca663815c1bfe091707787dcc98d31c90c29a233ed8de287cd898d3f1bffd5e01a978b7cda6dfba8c6b23a666b7b01b3cdd8a634ec1201ab9558a5c45357a860e6e70212a0b92364a24dbb7c81256421becfee42184397bba53706af4dff26a54d614bec4641b865ceb8799e08960b818c8a3b8fc7998ca32a6e986d5e61c696b78ab9612d93b8eb0e0443d7f5fea6f062d4996aa5c1c1f0649480
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 03f1b4e15f3a82f1149678b3d7d8475c
+            Version: 3
+            TBS:
+                MD5: 83f5de89f641d0fbf60248e10a7b9534
+                SHA1: 382a73a059a08698d6eb98c87e1b36fc750933a4
+                SHA256: eec58131dc11cd7f512501b15fdbc6074c603b68ca91f7162d5a042054edb0cf
+                SHA384: 4a25018683cabfb8ec2cad136334f37f33c89aa8540326322991d997c8adfb7faf06ab602ebd46630fe75fe3d2edc6b1
+        Signer:
+        -   SerialNumber: 01bee7b15e85c862c8f6bb0509d7272a
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA (SHA2)
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: ''
+    MD5: 9bcb97a1697a70f59405786759af63b8
+    MachineType: AMD64
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: 91d026cd98de124d281fd6a8e7c54ddf6b913804
+    SHA256: 5fbfd7c4ea3db1197ad38d5a945acf6f2f42cb350380cf8ae276bc80b0dedb77
+    Signature: ''
+    Imphash: c0f234205c50cc713673353c9653eea1
+    Authentihash:
+        MD5: e3ccc0b4d5052cc744915a42c534df83
+        SHA1: 1767ade8ac3e931082b02f04b5d2e004e6f9c10b
+        SHA256: cd57abaf2f20ea5b3f56db1193cb3772aa09bb2be3c4fa8001e7cf72ae1f078c
+    RichPEHeaderHash:
+        MD5: 0b8f8f54508aae1d079ad775204e1c2d
+        SHA1: 9fe6c55e84c338b43d4eb42cde82d07f678bca21
+        SHA256: d7b83d2ada2f0f63415dda054619882dd98d8cea0878af6d1e7b9fa951866846
+    Sections:
+        .text:
+            Entropy: 6.228981723725189
+            Virtual Size: '0x1616'
+        .rdata:
+            Entropy: 3.7885851334964684
+            Virtual Size: '0x514'
+        .data:
+            Entropy: 1.0016266655996542
+            Virtual Size: '0x70'
+        .pdata:
+            Entropy: 3.5453801509316722
+            Virtual Size: '0xc0'
+        INIT:
+            Entropy: 5.142074139745574
+            Virtual Size: '0x476'
+        .reloc:
+            Entropy: 2.314979820516481
+            Virtual Size: '0x14'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2018-02-04 22:55:39'
+    InternalName: ''
+    Copyright: ''
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - RtlCompareMemory
+    - KeInitializeEvent
+    - KeWaitForSingleObject
+    - MmMapLockedPagesSpecifyCache
+    - MmMapIoSpace
+    - MmUnmapIoSpace
+    - MmAllocateContiguousMemorySpecifyCache
+    - MmFreeContiguousMemorySpecifyCache
+    - IoBuildSynchronousFsdRequest
+    - IofCallDriver
+    - IofCompleteRequest
+    - MmGetPhysicalAddress
+    - __C_specific_handler
+    - _wcsnicmp
+    - RtlInitString
+    - RtlInitUnicodeString
+    - RtlAnsiStringToUnicodeString
+    - RtlFreeUnicodeString
+    - KeInitializeSpinLock
+    - ExAllocatePool
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - ExInterlockedInsertTailList
+    - IoBuildDeviceIoControlRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - ObReferenceObjectByName
+    - ObQueryNameString
+    - IoDriverObjectType
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 Extended Validation Code Signing CA , G2
+            ValidFrom: '2014-03-04 00:00:00'
+            ValidTo: '2024-03-03 23:59:59'
+            Signature: 3f5b19f3fa13d575382a5aee9f5aa04ca91dc5cc94eede15fef5106ea41ba56483541858c40b28a185c34e74e5ff897cfed5ed3cba719f5602268f162a88feb0a32722ce4be2388e00a63a865f9de53ea8de644941744121fd07c88417da1d653082cb264f39d60427a481b14b49c3238b7e02321827b7ab0bf31872b6a4ee67066f38a6588de0f17e5da460c6a8e5505fe0e8bae28f9958b6b5a0a876f1a2f11c8841727e52979b0a36998d50f701eb3ce7f0226ae5358c63368a1ab1d967665f971aefa8209df02fba6cced9948500f158f17dc97c22b5075d02c6e60bbfab9393ff27188e33367e5734f1c3af04c184f156b3e8878336f8d30a31dc6e2c6d
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 191a32cb759c97b8cfac118dd5127f49
+            Version: 3
+            TBS:
+                MD5: 788b61bd26da89253179e3de2cdb527f
+                SHA1: 7d06f16e7bf21bce4f71c2cb7a3e74351451bf69
+                SHA256: b3c925b4048c3f7c444d248a2b101186b57cba39596eb5dce0e17a4ee4b32f19
+                SHA384: 2955e28cb7ec0ea9730b499a0f189f9621eceb02591a9486b583f12bb845885a30d6a871826318a167cc5f06b274e58c
+        -   Subject: ??=US, ??=Delaware, ??=Campbell, ??=Private Organization, serialNumber=2106032,
+                C=US, ST=California, L=Campbell, O=Phoenix Technologies Ltd., CN=Phoenix
+                Technologies Ltd.
+            ValidFrom: '2018-03-09 00:00:00'
+            ValidTo: '2021-03-08 23:59:59'
+            Signature: 3bcdb9c165b3148a5fe97e79c78478ea9c723aeb006aea07153b60bf9989582ecc691d64dc320226d6713610b188ae5046dd2d9c8a921bc778c13f6e5483e2543456004c9beb0d89872c993db902579433690b6abdb27259063c5a04ad2659dd7081b5f57d0202bf9c3407787005eec2470328b43f2ca2814482c4bcbcc742090493fc6198d4eae9c8957f132a7c33104fce83e96e23a60046149b99bba10b3e17a1faf3edc2fbacdf2e9969667a3bb353511a8fbcc1461d491b42f1f1ef87bd2fac6d087e585551ae4925adb80d9e899e6be9e4b5131c12cf4b94fd390854671f7b0b4aeaef452c608ae7f80c5853beaa4ae9569b240d4c4e0489502500569c
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 411882032859087bea5fdd62c591749a
+            Version: 3
+            TBS:
+                MD5: 01e3c1335693d085eb16e91794ae8bc9
+                SHA1: 74c6122a0fe3aece8641010636bba0386886d560
+                SHA256: 2a12b6e798b6d54f362772299d947e96ca207b7eff907128637288c91eeff5ae
+                SHA384: 1ec4aa55a8ca4cb8ed1d4bcdace16f0e5ddf0300fff39251f933da55cd8a67e967ed907b3dc9db732df4070a56a51e07
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        Signer:
+        -   SerialNumber: 411882032859087bea5fdd62c591749a
+            Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 Extended Validation Code Signing CA , G2
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: ''
+    MD5: 555446a3ca8d9237403471d4744e39f4
+    MachineType: AMD64
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: e83fc2331ae1ea792b6cff7e970f607fee7346be
+    SHA256: 7277130afa0b1506998d7bc58567b0d83f52a27175f4c7c4a7186347095fceed
+    Signature: ''
+    Imphash: c314c92b5c25c6f4323e3efaf8bde47a
+    Authentihash:
+        MD5: 170f46d50f022ad74eda4920a382ad7f
+        SHA1: 8a156e7fed2b688235377e5febf83fe5ea028622
+        SHA256: 5c3ac6f22b3f1614ad0c01c180421f7588460accba5065562bf735d24bd3c674
+    RichPEHeaderHash:
+        MD5: bb8d67432230dce7ef11d870c022c480
+        SHA1: 83e709fde888662a077707203763bafe861a6d97
+        SHA256: dc6dd9b2a9c544641f89800edd094d239c96e27f51938edb4a648804e362da07
+    Sections:
+        .text:
+            Entropy: 6.302108109098436
+            Virtual Size: '0x18c6'
+        .rdata:
+            Entropy: 3.8585240433380035
+            Virtual Size: '0x59c'
+        .data:
+            Entropy: 7.274350554405162
+            Virtual Size: '0x290'
+        .pdata:
+            Entropy: 3.622170128314206
+            Virtual Size: '0xf0'
+        INIT:
+            Entropy: 5.160676316276597
+            Virtual Size: '0x45c'
+        .reloc:
+            Entropy: 2.7588718484453603
+            Virtual Size: '0x14'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2020-05-27 04:42:38'
+    InternalName: ''
+    Copyright: ''
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - RtlCompareMemory
+    - KeInitializeEvent
+    - KeWaitForSingleObject
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - MmMapIoSpace
+    - MmUnmapIoSpace
+    - MmAllocateContiguousMemorySpecifyCache
+    - MmFreeContiguousMemorySpecifyCache
+    - IoBuildSynchronousFsdRequest
+    - IofCallDriver
+    - IofCompleteRequest
+    - MmGetPhysicalAddress
+    - __C_specific_handler
+    - _wcsnicmp
+    - RtlInitString
+    - RtlInitUnicodeString
+    - RtlAnsiStringToUnicodeString
+    - RtlFreeUnicodeString
+    - KeInitializeSpinLock
+    - ExInterlockedInsertTailList
+    - MmMapLockedPagesSpecifyCache
+    - IoBuildDeviceIoControlRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - ObReferenceObjectByName
+    - ObQueryNameString
+    - IoDriverObjectType
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert, Inc., CN=DigiCert Timestamp 2021
+            ValidFrom: '2021-01-01 00:00:00'
+            ValidTo: '2031-01-06 00:00:00'
+            Signature: 481cdcb5e99a23bce71ae7200e8e6746fd427251740a2347a3ab92d225c47059be14a0e52781a54d1415190779f0d104c386d93bbdfe4402664ded69a40ff6b870cf62e8f5514a7879367a27b7f3e7529f93a7ed439e7be7b4dd412289fb87a246034efcf4feb76477635f2352698382fa1a53ed90cc8da117730df4f36539704bf39cd67a7bda0cbc3d32d01bcbf561fc75080076bc810ef8c0e15ccfc41172e71b6449d8229a751542f52d323881daf460a2bab452fb5ce06124254fb2dfc929a8734351dabd63d61f5b9bf72e1b4f131df74a0d717e97b7f43f84ebc1e3a349a1facea7bf56cfba597661895f7ea7b48e6778f93698e1cb28da5b87a68a2f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 0d424ae0be3a88ff604021ce1400f0dd
+            Version: 3
+            TBS:
+                MD5: c0189c338449a42fe8358c2c1fbecc60
+                SHA1: b8ac0ee6875594b80ad86a6df6dd1fa3048c187c
+                SHA256: a43de6baf968a942da017b70769fdb65b3cfb1bbca1f9174da26a7d8aae78ec5
+                SHA384: 76d3a316a5a106050298418cce3beea16100524723d9e3220b0de51bfb6f1c35a5d4c7cd10b358fef7bf94c3e3562150
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Assured
+                ID Timestamping CA
+            ValidFrom: '2016-01-07 12:00:00'
+            ValidTo: '2031-01-07 12:00:00'
+            Signature: 719512e951875669cdefddda7caa637ab378cf06374084ef4b84bfcacf0302fdc5a7c30e20422caf77f32b1f0c215a2ab705341d6aae99f827a266bf09aa60df76a43a930ff8b2d1d87c1962e85e82251ec4ba1c7b2c21e2d65b2c1435430468b2db7502e072c798d63c64e51f4810185f8938614d62462487638c91522caf2989e5781fd60b14a580d7124770b375d59385937eb69267fb536189a8f56b96c0f458690d7cc801b1b92875b7996385228c61ca79947e59fc8c0fe36fb50126b66ca5ee875121e458609bba0c2d2b6da2c47ebbc4252b4702087c49ae13b6e17c424228c61856cf4134b6665db6747bf55633222f2236b24ba24a95d8f5a68e52
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 0aa125d6d6321b7e41e405da3697c215
+            Version: 3
+            TBS:
+                MD5: 8d26184fc613f89aba1cefb30fce1b53
+                SHA1: 63a7e376bad5ec2e419d514a403bcf46c8d31d95
+                SHA256: 56b5f0d9db578e3f142921daa387902722a76700375c7e1c4ae0ba004bacaa0c
+                SHA384: d8c9691fe9dbe182f07b49b07fbb4f589fa7b38b5c4d21f265d3a2e818f4b1bfb39e03faab2ec05bb10333a99914fb8a
+        -   Subject: ??=US, ??=Delaware, ??=Private Organization, serialNumber=3966158,
+                C=US, ST=Oregon, L=Beaverton, O=Phoenix Technologies Inc, CN=Phoenix
+                Technologies Inc
+            ValidFrom: '2021-02-18 00:00:00'
+            ValidTo: '2024-04-09 23:59:59'
+            Signature: 6e6816a7a16a5cddeb3e3ae55f7006571e82f0c6de89312a3c25079848bce77ded4339b83eb59e320c67fa5893f6490b39281a49e88d3217c6811d8f1754700660f46b10958431fd6ec9c5c13f9ee1c8709ac8544a160c04dfa2e399aaf66f1f90f6e1f802a2682edfd6070da89d6a3d588667fdb66769a0e032cfedd4980d87fa6643449d6e886c91f7c6ac3abae3d4b58c92959f13e46622d86cfd105a86f3f30e3c7cd00983d368b466d10e5401eb6b5a2f6eaab248573691bbd990f50766c02af12842e128dcbc2eca1c373063d9b3e55c13291099360db6cb89360d2d19ebf16c79488c80471ad6153ec1411a5d2fcea3c5d3f773f2247bc3ff55902eb9
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 01bee7b15e85c862c8f6bb0509d7272a
+            Version: 3
+            TBS:
+                MD5: 803395cf9897c5a2f1dd15a172082631
+                SHA1: e814fd62616c96b050d5c803d3a37cf201c60d83
+                SHA256: 640d5d1d4c108ea59c06bc589de7749c31222f9c218cf6aa8c41638c8158a458
+                SHA384: 8303b0686b352326040753d8f397192127a0b3d921a67d08a5d273375439cb8f9b050779088021c1426067a475268c75
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA (SHA2)
+            ValidFrom: '2012-04-18 12:00:00'
+            ValidTo: '2027-04-18 12:00:00'
+            Signature: 19334a0c813337dbad36c9e4c93abbb51b2e7aa2e2f44342179ebf4ea14de1b1dbe981dd9f01f2e488d5e9fe09fd21c1ec5d80d2f0d6c143c2fe772bdbf9d79133ce6cd5b2193be62ed6c9934f88408ecde1f57ef10fc6595672e8eb6a41bd1cd546d57c49ca663815c1bfe091707787dcc98d31c90c29a233ed8de287cd898d3f1bffd5e01a978b7cda6dfba8c6b23a666b7b01b3cdd8a634ec1201ab9558a5c45357a860e6e70212a0b92364a24dbb7c81256421becfee42184397bba53706af4dff26a54d614bec4641b865ceb8799e08960b818c8a3b8fc7998ca32a6e986d5e61c696b78ab9612d93b8eb0e0443d7f5fea6f062d4996aa5c1c1f0649480
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 03f1b4e15f3a82f1149678b3d7d8475c
+            Version: 3
+            TBS:
+                MD5: 83f5de89f641d0fbf60248e10a7b9534
+                SHA1: 382a73a059a08698d6eb98c87e1b36fc750933a4
+                SHA256: eec58131dc11cd7f512501b15fdbc6074c603b68ca91f7162d5a042054edb0cf
+                SHA384: 4a25018683cabfb8ec2cad136334f37f33c89aa8540326322991d997c8adfb7faf06ab602ebd46630fe75fe3d2edc6b1
+        Signer:
+        -   SerialNumber: 01bee7b15e85c862c8f6bb0509d7272a
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA (SHA2)
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: ''
+    MD5: c6b5a3ae07b165a6e5fff7e31ff91016
+    MachineType: AMD64
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: 488b20ed53c2060c41b9a0cac1efb39a888df7c5
+    SHA256: 797c1f883d90d25e7fd553624bb16bfd5db24c2658aa0c3c51c715d5833c10fd
+    Signature: ''
+    Imphash: a8633e68c2ad9f3dc83775d8d5b21c5b
+    Authentihash:
+        MD5: 19bf6b589e3b194cd7691c3c58172a4a
+        SHA1: 3fa52b5e77df976680a052ebca540e05a7235a9b
+        SHA256: cf370bf2ef3fb6fd5e9722bad8af5347b74ce7252d291e2958b365aad1b0bb76
+    RichPEHeaderHash:
+        MD5: 46fc4f451181e0accfcfac07fcb9018d
+        SHA1: 9136c078dc7696be409ec7b8b661cb2b929fa7a9
+        SHA256: 21dac327fcbac4816c65a669be86db51b6e775350b4a797486638ef087e361ad
+    Sections:
+        .text:
+            Entropy: 6.269686653360882
+            Virtual Size: '0x1606'
+        .rdata:
+            Entropy: 4.339524445068483
+            Virtual Size: '0x214'
+        .data:
+            Entropy: 0.39234506256522045
+            Virtual Size: '0x178'
+        .pdata:
+            Entropy: 3.4659992417993104
+            Virtual Size: '0x9c'
+        INIT:
+            Entropy: 5.142000901499599
+            Virtual Size: '0x44e'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2011-10-28 02:56:32'
+    InternalName: ''
+    Copyright: ''
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - ExAllocatePoolWithTag
+    - IoBuildDeviceIoControlRequest
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - RtlAnsiStringToUnicodeString
+    - MmMapLockedPages
+    - _wcsnicmp
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeInitializeEvent
+    - RtlInitString
+    - RtlFreeUnicodeString
+    - ObQueryNameString
+    - IoDriverObjectType
+    - ExAllocatePool
+    - ExInterlockedInsertTailList
+    - IofCompleteRequest
+    - KeWaitForSingleObject
+    - IoCreateSymbolicLink
+    - ObReferenceObjectByName
+    - IoCreateDevice
+    - IofCallDriver
+    - MmFreeContiguousMemorySpecifyCache
+    - IoBuildSynchronousFsdRequest
+    - MmUnmapIoSpace
+    - MmGetPhysicalAddress
+    - MmMapIoSpace
+    - MmAllocateContiguousMemorySpecifyCache
+    - KeBugCheckEx
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=US, ST=California, L=Milpitas, O=Phoenix Technologies Ltd.,
+                OU=Digital ID Class 3 , Microsoft Software Validation v2, OU=CSS Core
+                Features Development, CN=Phoenix Technologies Ltd.
+            ValidFrom: '2010-12-09 00:00:00'
+            ValidTo: '2012-01-06 23:59:59'
+            Signature: d4978bbb364651dc83e62b321fa2ca25540dabe3e1b54f1436eddac8bfd79360766825945595670942f45b92cbfd7a1d145d3f1c115bcb383bd063853f0f62afef858df8f85dada1a77d7021120a07afbda4e65def622a6ad0681e87cdcfb0e2545489a92c510127c66089080031ccee1e1620872ba8c669a8038e6044b3f5905344c91689016e3647862ee276f0c7b9bb647ca97d394988fc550f81f1b82246fced50242e1de7b84eb0a16c086fcea61434208a1639dc18ce2ec930d2d1f27b0d2839f44289b4c5fc5844c30c827a313255d1f8ed6b1c3ca45d3382900f043c1161844217b38de2bc3092e75eda9a07f90c00b7c571d66d234243a0830b0cef
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 6e4d187717fb6daf7655d91ce7b6a028
+            Version: 3
+            TBS:
+                MD5: 33260b771ca7e0759c3e4bb889f8d731
+                SHA1: 9595cfebdab1dfc33088f2941454284d0c4740ba
+                SHA256: b22147b2ccbf6a8dea4f20ca4babca1083e86bc879d9a7b072eaff82512ed2b7
+                SHA384: 90c7673bd8adf1edc3d3f7fcbe8b2e4e2f4675a9374a1f434f2004cc07e7bcd571f7a7a03f0b59aab48250a760e25b43
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 6e4d187717fb6daf7655d91ce7b6a028
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: ''
+    MD5: 2b653950483196f0d175ba6bc35f1125
+    MachineType: AMD64
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: bfd8568f19d4273a1288726342d7620cc9070ae5
+    SHA256: 89bc3cb4522f9b0bf467a93a4123ef623c28244e25a9c34d4aae11f705d187e7
+    Signature: ''
+    Imphash: 304c4fcf70cfc8299a3b6eed8e7bbb31
+    Authentihash:
+        MD5: 284bf44bdeda4a63582117174153f763
+        SHA1: f682aeabaf6797e57d971eb3cca5fd16f7b75ac0
+        SHA256: 5dc477cc45e4c1421296373adef9f5795fb9f5035f1400c72bb37678ad7f8954
+    RichPEHeaderHash:
+        MD5: 0327cc0517e0e9e56e4df1dacde75bf9
+        SHA1: 9db1868fc10605233cc1884fe998c8d22f955a3e
+        SHA256: 96fcbbe4e69ad34caa02d8782a75a118481861950a0c08b454a8dc33263f051a
+    Sections:
+        .text:
+            Entropy: 6.316270781738273
+            Virtual Size: '0x1836'
+        .rdata:
+            Entropy: 4.306195224448444
+            Virtual Size: '0x228'
+        .data:
+            Entropy: 0.39234506256522045
+            Virtual Size: '0x178'
+        .pdata:
+            Entropy: 3.5124548894856105
+            Virtual Size: '0x9c'
+        INIT:
+            Entropy: 5.141506839882625
+            Virtual Size: '0x46a'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2013-07-11 20:37:28'
+    InternalName: ''
+    Copyright: ''
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - ExAllocatePoolWithTag
+    - IoBuildDeviceIoControlRequest
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - RtlAnsiStringToUnicodeString
+    - MmMapLockedPages
+    - _wcsnicmp
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeInitializeEvent
+    - RtlInitString
+    - RtlFreeUnicodeString
+    - ObQueryNameString
+    - IoDriverObjectType
+    - ExAllocatePool
+    - ExInterlockedInsertTailList
+    - IofCompleteRequest
+    - KeWaitForSingleObject
+    - IoCreateSymbolicLink
+    - ObReferenceObjectByName
+    - IoCreateDevice
+    - IofCallDriver
+    - MmFreeContiguousMemorySpecifyCache
+    - IoBuildSynchronousFsdRequest
+    - MmUnmapIoSpace
+    - MmGetPhysicalAddress
+    - MmMapIoSpace
+    - RtlCompareMemory
+    - MmAllocateContiguousMemorySpecifyCache
+    - KeBugCheckEx
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=US, ST=California, L=Milpitas, O=Phoenix Technologies Ltd.,
+                OU=Digital ID Class 3 , Microsoft Software Validation v2, OU=CSS Core
+                Features Development, CN=Phoenix Technologies Ltd.
+            ValidFrom: '2012-02-10 00:00:00'
+            ValidTo: '2015-01-20 23:59:59'
+            Signature: 03f3af2715275ae4aea73cc3387ada6f28c483162f0ab9360ce1df19ac11646bf9da729498ff91a84d2932723519f46e49e65e586c62461c324767efaf4bec49fc76efb838154a60c4a41691313048ae814797fa92dc01c4956208a431cfd83d5a4a05494f215efd7cfbc95590ca849d9297bae4147314da22a069570652e026432cf6a7f2184a312d34fc2e45576eafeb0cd41d7236eb91e7650b193a44573244e659b34a6e144d65be79be419a3e43e9a98e45296a75e0d12a86bbac1d9213e032895831ac4e6c62391b25762af8a57c7a49e97007f4e50a6ed121d264ae2fc47c940f30f862116f984a631bcd274fb99b9bdbe258db35c3e9cc55c13f214f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 46e79b91ebefa4d3229b32650e85d0fb
+            Version: 3
+            TBS:
+                MD5: 1d13dffe16459c7c342c031c57a7b495
+                SHA1: 4bb8ae412d1b92f9d2bc840a07822859dafa8ec2
+                SHA256: 2883db9a3e15244ed3e95244eb4cbdcd8240e81684975a5b8a241fa183a0fea7
+                SHA384: 3bf18f6b4af1c8acc05c0e039768caedd2bb966b07f841965a86b3493c1b6c791dacbd0bc0c29aac4325018d108a717b
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 46e79b91ebefa4d3229b32650e85d0fb
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: ''
+    MD5: d7cf689e6c63d37bc071499f687300dd
+    MachineType: AMD64
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: 8e2511ae90643584ceb0d98f0f780cd6b7290604
+    SHA256: aa0c52cebd64a0115c0e7faf4316a52208f738f66a54b4871bd4162eb83dc41a
+    Signature: ''
+    Imphash: 91387ac37086b9b519f945b58095f38d
+    Authentihash:
+        MD5: 7c35196443517038c52393f2641e80a9
+        SHA1: 389f098c0af203ddcc3c9a5905e79387c835a0fc
+        SHA256: 4d7d06d2f6af50ff5810c8d6a818cb59da635a56c0fdae5d0ed3d0aee4bedf3e
+    RichPEHeaderHash:
+        MD5: a3995f5379828bbd07301f6f744c7e04
+        SHA1: 11a5806e4cf8da0ed8aba24acb3dc04df9367972
+        SHA256: 9fbd6e58d40956794676541eab361fe3fc2348ff1d808a2e3ebe3db50c37d3e7
+    Sections:
+        .text:
+            Entropy: 6.267349357347297
+            Virtual Size: '0x1976'
+        .rdata:
+            Entropy: 4.245080334130701
+            Virtual Size: '0x284'
+        .data:
+            Entropy: 5.700445124759481
+            Virtual Size: '0x398'
+        .pdata:
+            Entropy: 3.612396807153206
+            Virtual Size: '0xcc'
+        INIT:
+            Entropy: 5.1736517365164225
+            Virtual Size: '0x47c'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2020-05-27 04:05:18'
+    InternalName: ''
+    Copyright: ''
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - ExAllocatePoolWithTag
+    - IoBuildDeviceIoControlRequest
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - RtlAnsiStringToUnicodeString
+    - _wcsnicmp
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeInitializeEvent
+    - RtlInitString
+    - RtlFreeUnicodeString
+    - ObQueryNameString
+    - IoDriverObjectType
+    - MmMapLockedPagesSpecifyCache
+    - ExInterlockedInsertTailList
+    - IofCompleteRequest
+    - KeWaitForSingleObject
+    - IoCreateSymbolicLink
+    - ObReferenceObjectByName
+    - IoCreateDevice
+    - IofCallDriver
+    - MmFreeContiguousMemorySpecifyCache
+    - IoBuildSynchronousFsdRequest
+    - MmUnmapIoSpace
+    - MmGetPhysicalAddress
+    - MmMapIoSpace
+    - RtlCompareMemory
+    - MmAllocateContiguousMemorySpecifyCache
+    - KeBugCheckEx
+    - __C_specific_handler
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: C=TW, L=Taipei City, O=Phoenix Technologies Ltd. Taiwan Branch,
+                CN=Phoenix Technologies Ltd. Taiwan Branch
+            ValidFrom: '2019-06-11 00:00:00'
+            ValidTo: '2020-08-13 12:00:00'
+            Signature: 0fdb719fd4101b12648d7754ae4074119a59a5c7a3f4372b7cced21ded4a99b263363188fb9b80d228f8bc10fd354a68123c59ef9b3caf88f4f0c6939357d1d123aed95fa04badf7c744415cd60152a492d65e6443b3539347055620454b834e6ac8a6e14f334b056370a37f79f57f6aa6b22a1918a5f0c83d42af0fc81619044813762a636f5cf1a2e37f8f0ba7b6cb42bb8e7db5370e5de8a720f52ac4163f57b80dea5364150cd5145ca987ebc7355e706304cabd34a1695dcb72c9f70a7f35e994f04d04a002e559737a811949b6cd1d1cf010c49e22a66173056a80058c6f161f38143dfa3d1a9d70e22b7ced0622cea882d643f513a612811111cd0784
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 02b9c124a43676b1118a1e28ad4619ed
+            Version: 3
+            TBS:
+                MD5: 0c2f48573796560c2239ce8c8f2d8782
+                SHA1: 20cbb64d699961a3ba37001ddf2c2de9fa8db3f9
+                SHA256: 66adb2f6e000cd924c063b8d7d7cc3e8d2a77fa03eff5612c44261ed05d23f10
+                SHA384: ac62a44dfe937684f465becfb32e4ed021e8de66c4e885f0862d0e61836bb5adb07d0b38a16b46cc3115a5473a432a8a
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
+            Version: 3
+            TBS:
+                MD5: 829995f702421dea833a24fb2c7f4442
+                SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
+                SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
+                SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
+        Signer:
+        -   SerialNumber: 02b9c124a43676b1118a1e28ad4619ed
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: ''
+    MD5: fdf975524d4cdb4f127d79aac571ae9e
+    MachineType: AMD64
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: 5a69d921926ef0abf03757edf22c0d8d30c15d4b
+    SHA256: bef87650c29faf421e7ad666bf47d7a78a45f291b438c8d1c4b6a66e5b54c6fc
+    Signature: ''
+    Imphash: a8633e68c2ad9f3dc83775d8d5b21c5b
+    Authentihash:
+        MD5: 19bf6b589e3b194cd7691c3c58172a4a
+        SHA1: 3fa52b5e77df976680a052ebca540e05a7235a9b
+        SHA256: cf370bf2ef3fb6fd5e9722bad8af5347b74ce7252d291e2958b365aad1b0bb76
+    RichPEHeaderHash:
+        MD5: 46fc4f451181e0accfcfac07fcb9018d
+        SHA1: 9136c078dc7696be409ec7b8b661cb2b929fa7a9
+        SHA256: 21dac327fcbac4816c65a669be86db51b6e775350b4a797486638ef087e361ad
+    Sections:
+        .text:
+            Entropy: 6.269686653360882
+            Virtual Size: '0x1606'
+        .rdata:
+            Entropy: 4.339524445068483
+            Virtual Size: '0x214'
+        .data:
+            Entropy: 0.39234506256522045
+            Virtual Size: '0x178'
+        .pdata:
+            Entropy: 3.4659992417993104
+            Virtual Size: '0x9c'
+        INIT:
+            Entropy: 5.142000901499599
+            Virtual Size: '0x44e'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2011-10-28 02:56:32'
+    InternalName: ''
+    Copyright: ''
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - ExAllocatePoolWithTag
+    - IoBuildDeviceIoControlRequest
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - RtlAnsiStringToUnicodeString
+    - MmMapLockedPages
+    - _wcsnicmp
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeInitializeEvent
+    - RtlInitString
+    - RtlFreeUnicodeString
+    - ObQueryNameString
+    - IoDriverObjectType
+    - ExAllocatePool
+    - ExInterlockedInsertTailList
+    - IofCompleteRequest
+    - KeWaitForSingleObject
+    - IoCreateSymbolicLink
+    - ObReferenceObjectByName
+    - IoCreateDevice
+    - IofCallDriver
+    - MmFreeContiguousMemorySpecifyCache
+    - IoBuildSynchronousFsdRequest
+    - MmUnmapIoSpace
+    - MmGetPhysicalAddress
+    - MmMapIoSpace
+    - MmAllocateContiguousMemorySpecifyCache
+    - KeBugCheckEx
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=US, ST=California, L=Milpitas, O=Phoenix Technologies Ltd.,
+                OU=Digital ID Class 3 , Microsoft Software Validation v2, OU=CSS Core
+                Features Development, CN=Phoenix Technologies Ltd.
+            ValidFrom: '2010-12-09 00:00:00'
+            ValidTo: '2012-01-06 23:59:59'
+            Signature: d4978bbb364651dc83e62b321fa2ca25540dabe3e1b54f1436eddac8bfd79360766825945595670942f45b92cbfd7a1d145d3f1c115bcb383bd063853f0f62afef858df8f85dada1a77d7021120a07afbda4e65def622a6ad0681e87cdcfb0e2545489a92c510127c66089080031ccee1e1620872ba8c669a8038e6044b3f5905344c91689016e3647862ee276f0c7b9bb647ca97d394988fc550f81f1b82246fced50242e1de7b84eb0a16c086fcea61434208a1639dc18ce2ec930d2d1f27b0d2839f44289b4c5fc5844c30c827a313255d1f8ed6b1c3ca45d3382900f043c1161844217b38de2bc3092e75eda9a07f90c00b7c571d66d234243a0830b0cef
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 6e4d187717fb6daf7655d91ce7b6a028
+            Version: 3
+            TBS:
+                MD5: 33260b771ca7e0759c3e4bb889f8d731
+                SHA1: 9595cfebdab1dfc33088f2941454284d0c4740ba
+                SHA256: b22147b2ccbf6a8dea4f20ca4babca1083e86bc879d9a7b072eaff82512ed2b7
+                SHA384: 90c7673bd8adf1edc3d3f7fcbe8b2e4e2f4675a9374a1f434f2004cc07e7bcd571f7a7a03f0b59aab48250a760e25b43
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 6e4d187717fb6daf7655d91ce7b6a028
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: ''
+    MD5: 0a4e6bd5cc2e9172e461408be47c3149
+    MachineType: AMD64
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: 6b25acbcb41a593aca6314885572fc22d16582a2
+    SHA256: bfc121e93fcbf9bd42736cfe7675ae2cc805be9a58f1a0d8cc3aa5b42e49a13f
+    Signature: ''
+    Imphash: a8633e68c2ad9f3dc83775d8d5b21c5b
+    Authentihash:
+        MD5: 19bf6b589e3b194cd7691c3c58172a4a
+        SHA1: 3fa52b5e77df976680a052ebca540e05a7235a9b
+        SHA256: cf370bf2ef3fb6fd5e9722bad8af5347b74ce7252d291e2958b365aad1b0bb76
+    RichPEHeaderHash:
+        MD5: 46fc4f451181e0accfcfac07fcb9018d
+        SHA1: 9136c078dc7696be409ec7b8b661cb2b929fa7a9
+        SHA256: 21dac327fcbac4816c65a669be86db51b6e775350b4a797486638ef087e361ad
+    Sections:
+        .text:
+            Entropy: 6.269686653360882
+            Virtual Size: '0x1606'
+        .rdata:
+            Entropy: 4.339524445068483
+            Virtual Size: '0x214'
+        .data:
+            Entropy: 0.39234506256522045
+            Virtual Size: '0x178'
+        .pdata:
+            Entropy: 3.4659992417993104
+            Virtual Size: '0x9c'
+        INIT:
+            Entropy: 5.142000901499599
+            Virtual Size: '0x44e'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2011-10-28 02:56:32'
+    InternalName: ''
+    Copyright: ''
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - ExAllocatePoolWithTag
+    - IoBuildDeviceIoControlRequest
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - RtlAnsiStringToUnicodeString
+    - MmMapLockedPages
+    - _wcsnicmp
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeInitializeEvent
+    - RtlInitString
+    - RtlFreeUnicodeString
+    - ObQueryNameString
+    - IoDriverObjectType
+    - ExAllocatePool
+    - ExInterlockedInsertTailList
+    - IofCompleteRequest
+    - KeWaitForSingleObject
+    - IoCreateSymbolicLink
+    - ObReferenceObjectByName
+    - IoCreateDevice
+    - IofCallDriver
+    - MmFreeContiguousMemorySpecifyCache
+    - IoBuildSynchronousFsdRequest
+    - MmUnmapIoSpace
+    - MmGetPhysicalAddress
+    - MmMapIoSpace
+    - MmAllocateContiguousMemorySpecifyCache
+    - KeBugCheckEx
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=US, ST=California, L=Milpitas, O=Phoenix Technologies Ltd.,
+                OU=Digital ID Class 3 , Microsoft Software Validation v2, OU=CSS Core
+                Features Development, CN=Phoenix Technologies Ltd.
+            ValidFrom: '2010-12-09 00:00:00'
+            ValidTo: '2012-01-06 23:59:59'
+            Signature: d4978bbb364651dc83e62b321fa2ca25540dabe3e1b54f1436eddac8bfd79360766825945595670942f45b92cbfd7a1d145d3f1c115bcb383bd063853f0f62afef858df8f85dada1a77d7021120a07afbda4e65def622a6ad0681e87cdcfb0e2545489a92c510127c66089080031ccee1e1620872ba8c669a8038e6044b3f5905344c91689016e3647862ee276f0c7b9bb647ca97d394988fc550f81f1b82246fced50242e1de7b84eb0a16c086fcea61434208a1639dc18ce2ec930d2d1f27b0d2839f44289b4c5fc5844c30c827a313255d1f8ed6b1c3ca45d3382900f043c1161844217b38de2bc3092e75eda9a07f90c00b7c571d66d234243a0830b0cef
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 6e4d187717fb6daf7655d91ce7b6a028
+            Version: 3
+            TBS:
+                MD5: 33260b771ca7e0759c3e4bb889f8d731
+                SHA1: 9595cfebdab1dfc33088f2941454284d0c4740ba
+                SHA256: b22147b2ccbf6a8dea4f20ca4babca1083e86bc879d9a7b072eaff82512ed2b7
+                SHA384: 90c7673bd8adf1edc3d3f7fcbe8b2e4e2f4675a9374a1f434f2004cc07e7bcd571f7a7a03f0b59aab48250a760e25b43
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 6e4d187717fb6daf7655d91ce7b6a028
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: ''
+    MD5: fcc5de75c1837b631ed77ea4638704b9
+    MachineType: AMD64
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: b6543d006cb2579fb768205c479524e432c04204
+    SHA256: cbd4f66ae09797fcd1dc943261a526710acc8dd4b24e6f67ed4a1fce8b0ae31c
+    Signature: ''
+    Imphash: 7687d0eba49315582228ef660f61b471
+    Authentihash:
+        MD5: 4c277e101b7ef1bcb6b8ed92e76c2c2e
+        SHA1: 36ce0ddb64a49ac05cfd7133861089d34f0bd433
+        SHA256: 1c0a63e8a6a335f2498794f44cf5629453075f31db314eaecbd964cf615de3f7
+    RichPEHeaderHash:
+        MD5: 5636b0d86c9e9eca6e8e12a87eb5c341
+        SHA1: e745189acfc09af0b8ee9bd54328fb12c25fc17e
+        SHA256: a16a0aaf9eaef7527f49e86b41681810ab5bb8b587975de47db11351f4f3837a
+    Sections:
+        .text:
+            Entropy: 6.313783983895569
+            Virtual Size: '0x1946'
+        .rdata:
+            Entropy: 4.2604023777992275
+            Virtual Size: '0xc6c'
+        .data:
+            Entropy: 5.339219327254338
+            Virtual Size: '0x4b0'
+        .pdata:
+            Entropy: 4.099178014054889
+            Virtual Size: '0x264'
+        PAGE:
+            Entropy: 6.234693254033346
+            Virtual Size: '0x1c4b'
+        INIT:
+            Entropy: 5.1937663974710295
+            Virtual Size: '0x742'
+        .reloc:
+            Entropy: 3.5796532634600933
+            Virtual Size: '0x30'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2023-06-07 00:29:32'
+    InternalName: ''
+    Copyright: ''
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - RtlCompareMemory
+    - KeInitializeEvent
+    - KeWaitForSingleObject
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - MmMapIoSpace
+    - MmUnmapIoSpace
+    - MmAllocateContiguousMemorySpecifyCache
+    - MmFreeContiguousMemorySpecifyCache
+    - IoBuildSynchronousFsdRequest
+    - IofCallDriver
+    - IofCompleteRequest
+    - MmGetPhysicalAddress
+    - __C_specific_handler
+    - _wcsnicmp
+    - RtlInitString
+    - RtlInitUnicodeString
+    - RtlAnsiStringToUnicodeString
+    - RtlFreeUnicodeString
+    - KeInitializeSpinLock
+    - ExInterlockedInsertTailList
+    - MmMapLockedPagesSpecifyCache
+    - IoBuildDeviceIoControlRequest
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - ObReferenceObjectByName
+    - ObQueryNameString
+    - IoDriverObjectType
+    - MmGetSystemRoutineAddress
+    - ZwQueryValueKey
+    - ZwClose
+    - ZwSetSecurityObject
+    - IoDeviceObjectType
+    - IoCreateDevice
+    - ObOpenObjectByPointer
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - RtlGetSaclSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - _snwprintf
+    - RtlLengthSecurityDescriptor
+    - SeExports
+    - RtlCreateSecurityDescriptor
+    - wcschr
+    - RtlAbsoluteToSelfRelativeSD
+    - RtlAddAccessAllowedAce
+    - RtlLengthSid
+    - IoIsWdmVersionAvailable
+    - RtlSetDaclSecurityDescriptor
+    - ZwOpenKey
+    - ZwSetValueKey
+    - ZwCreateKey
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Trusted
+                Root G4
+            ValidFrom: '2022-08-01 00:00:00'
+            ValidTo: '2031-11-09 23:59:59'
+            Signature: 70a0bf435c55e7385fa0a3741b3db616d7f7bf5707bd9aaca1872cec855ea91abb22f8871a695422eda488776dbd1a14f4134a7a2f2db738eff4ff80b9f8a1f7f272de24bc5203c84ed02adefa2d56cff9f4f7ac307a9a8bb25ed4cfd143449b4321eb9672a148b499cb9d4fa7060313772744d4e77fe859a8f0bf2f0ba6e9f2343cecf703c787a8d24c401935466a6954b0b8a1568eeca4d53de8b1dcfd1cd8f4775a5c548c6fefa1503dfc760968849f6fcadb208d35601c0203cb20b0ac58a00e4063c59822c1b259f5556bcf27ab6c76ce6f232df47e716a236b22ff12b8542d277ed83ad9f0b68796fd5bd15cac18c34d9f73b701a99f57aa5e28e2b994
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.12
+            IsCertificateAuthority: true
+            SerialNumber: 0e9b188ef9d02de7efdb50e20840185a
+            Version: 3
+            TBS:
+                MD5: 21a266bd49f2778b24d13d95641ea6ac
+                SHA1: 21319f341fdf06bf6a104427afa8b7823b1ea7f3
+                SHA256: e933dc68ee65abd1f9b1aa6738eff60a6895d3d8cc4accf0c69069aa3decd757
+                SHA384: 11533efd6b326a4e065a936de300fe0586a479f93d569d2403bd62c7ad35f1b2199daee3adb510f429c4fc97b4b024e3
+        -   Subject: C=US, O=DigiCert, Inc., CN=DigiCert Trusted G4 RSA4096 SHA256
+                TimeStamping CA
+            ValidFrom: '2022-03-23 00:00:00'
+            ValidTo: '2037-03-22 23:59:59'
+            Signature: 7d598ec093b66f98a94422017e66d6d82142e1b0182e104d13cf3053cebf18fbc7505de24b29fb708a0daa2969fc69c1cf1d07e93e60c8d80be55c5bd76d87fa842025343167cdb612966fc4504c621d0c0882a816bda956cf15738d012225ce95693f4777fb727414d7ffab4f8a2c7aab85cd435fed60b6aa4f91669e2c9ee08aace5fd8cbc6426876c92bd9d7cd0700a7cefa8bc754fba5af7a910b25de9ff285489f0d58a717665daccf072a323fac0278244ae99271bab241e26c1b7de2aebf69eb1799981a35686ab0a45c9dfc48da0e798fbfba69d72afc4c7c1c16a71d9c6138009c4b69fcd878724bb4fa349b9776691f1729ce94b0252a7377e9353ac3b1d08490f94cd397addff256399272c3d3f6ba7f166c341cd4fb6409b212140d0b71324cddc1d783ae49eade5347192d7266be43873aba6014fbd3f3b78ad4cadfbc4957bed0a5f33398741787a38e99ce1dd23fd1d28d3c7f9e8f1985ffb2bd87ef2469d752c1e272c26db6f157b1e198b36b893d4e6f2179959ca70f037bf9800df20164f27fb606716a166badd55c03a2986b098a02bed9541b73ad5159831b462090f0abd81d913febfa4d1f357d9bc04fa82de32df0489f000cd5dc2f9d0237f000be4760226d9f0657642a6298709472be67f1aa4850ffc9896f655542b1f80fac0f20e2be5d6fba92f44154ae7130e1ddb37381aa12bf6edd67cfc
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 073637b724547cd847acfd28662a5e5b
+            Version: 3
+            TBS:
+                MD5: e4b8ad9932ff9205f580cf8fb2afbb86
+                SHA1: 5301f7044d78bf94dd2b6e4871083a17fdba1dcc
+                SHA256: c3d01499a5d1d2f71e0f44e78fbfa4b8aadb43dd4f226401e0c1d7a6d53357fa
+                SHA384: 84b5f399da5a4f4387269adfd951ef7d2197c29552ed2d2e449060664c3825d6bdb2acc3e563d999e54652f7384f445e
+        -   Subject: C=US, O=DigiCert, Inc., CN=DigiCert Trusted G4 Code Signing RSA4096
+                SHA384 2021 CA1
+            ValidFrom: '2021-04-29 00:00:00'
+            ValidTo: '2036-04-28 23:59:59'
+            Signature: 3a23443d8d0876ee8fbc3a99d356e0021aa5f84834f32cb6e67466f79472b100caaf6c302713129e90449f4bfd9ea37c26d537bc3a5d486d95d53f49f427bb16814550fd9cbdb685e0767e3771cb22f75aaa90cff5936ae3eb20d1d55079889a8a8ac1b6bda148187edcd8801a111918cd61998156f6c9e376e7c4e41b5f43f83e94ff76393d9ed499cf4add28eb5f26a1955848d51afed7273ffd90d17686dd1cb0605cf30da8eee089a1bd39e1384eda6ebb369dfbe521535ac3cae96af1a23edb43b833c84f38149299f5ddce546dd95d02141f40337c03e295b2c221757352cb46d8c4341ca2a54b8dcd6f76372c853f1ace26e918be9007b0437f9588208270f0cccaeffd29355c1f893855f7378a8b09a1cb0be9311aff2e195c3971e1be9ca70a06d62667b792e64e5fde7aac49cf2ea47492addb3ca49c861fe3c1561b2b23ff8fb5ea887b706be6a0bafd3a3f45a6c4e81691528b41c048844b964dab4440e38df01528ceedf11856072a2f10c40c08643c338fae288c3ccb8f880b0dbf3bf4ce1e7b8eefb5ebcbb7f07713e6e7283fac12aea52f226c41f9825c1566cc6c0ecac586c3f626330c074ba0d307026a6a4030484b34a85120bbad1b8508e2590d6dca05502bea4a1c9ea5fda0a71f0674e7f2d65290fdaf854821f9573bb49c03ed8645f4b4616ebf68e2266086eac8afa9fe941de7631b3a8656784e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.12
+            IsCertificateAuthority: true
+            SerialNumber: 08ad40b260d29c4c9f5ecda9bd93aed9
+            Version: 3
+            TBS:
+                MD5: 5d8003a64dfa5a4d88365da1566038cb
+                SHA1: 79465b56bc7ad55a37bdf633943da8bfc84db228
+                SHA256: 84bdc82e2f2a7f7aaa782667dac556ffcb2b33240c1f9c0a00a3264526a98332
+                SHA384: 65b1d4076a89ae273f57e6eeedecb3eae129b4168f76fa7671914cdf461d542255c59d9b85b916ae0ca6fc0fcf7a8e64
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp 2022 , 2
+            ValidFrom: '2022-09-21 00:00:00'
+            ValidTo: '2033-11-21 23:59:59'
+            Signature: 55aa2a1af346f378573730fc75e34fd68523f1fcf995399b25e6f7728a98c377d464fc15fb36c249512c7888635509463900fc69d4ca9b29fba33fc0c9009b131db09889dc78f2cd7c85cd539daf62e26166a3142a45874a98422b50fc1bb59e083009fae42dd7098979f909e688ce7d1bb86aa29bc1536009e8a3b89dd7ad1f1cb8ec9841f0f60e80fbe4ffdf9d10a7eb00ba5f4a8f1a3a52b4eabf0949153536599a0f54d2b21b7f7e5e09ad76548a746dcad205672b76ebff98b226953819884414e50a59a26be7223e4421d23f1cc09bed7c48b2d8920c914f3c6694af5d0253eb9ee29ee4d31f8601649c00c2e95a74750d3de17988bf1c0197c9192380d7365a5f9616b1630cc646403bce5d35d4593e439a18aec3c9cbc3fb9b135f6ab5c7e0f305c359df27622bde41c953b9ff341067f62632987bfe5c42948194829dac0a8bc64b154ad3989045603380e023def803a4f64547e5ceb8034247e841367177adfda2e897744e2eda1e1d8c5ac81e9ad5c2f0c622a84f9bbdd81c9a51c42f9af65fa72797ba962e8557c060e778567f6aefc2959a4b1102c8829cc91a057cba71b54e7a996cf4e89ed45a98c89fbf8dbb185c43f5d02ae8e262ee7804dbbdd1fb5b0aa8707ef0978478e308035d472c63a825389701d23f3adae5e5f6e69bdc7e2cccff174c4d00a2d8d6010eb88beee6e07255892c271961f677018c
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 0c4d69724b94fa3c2a4a3d2907803d5a
+            Version: 3
+            TBS:
+                MD5: 812cb8ca0c79b318780ec5128ad13c1d
+                SHA1: 3f8047d078307123301e50a25e9afb0dc4b6843d
+                SHA256: 0c0b121e6f807bc22d4e0f4945634c22eca7e4d5ca58a1526a40e918a35c1d79
+                SHA384: 86aab81948499b3c90833253a853e7b3fd82ccf7b65b35806831ab60814bfc6ad8848c990df262a1c89b6fc4267dad81
+        -   Subject: ??=US, ??=Delaware, ??=Private Organization, serialNumber=3966158,
+                C=US, ST=Oregon, L=Beaverton, O=Phoenix Technologies Inc, CN=Phoenix
+                Technologies Inc
+            ValidFrom: '2023-06-07 00:00:00'
+            ValidTo: '2026-06-07 23:59:59'
+            Signature: 3963c30d14f5cc4ce4fb93e2f898cdf176ab313ce9aca03e7d629c647d175b958b2fd32f73319ac681758971877fe292d4c341e30bf9753e59d1ddfc0869960f4cd434b71c6890e4bcccd4ca7ccbb891998098f2d5477570fd03628d9548871ef646b97d1d6cad300529cbf4d5f58a4775ba05f2a9ab3de24bcaf5e086fd8fd07beec8c66eb4ca8da40771eff72213aae5956fa948ab1b69afd1bfeb3f65d8739b850aad6f59cd98f943098fc7f1e26872e350de66e31b8afff4935ee0a110759f3bfaf7d23270ba494db346ae5f105081bd63d17927364a9f967b1626fadc49ba766be4334b07f4887f88425c01bcd8def6d3d9d4cf5f46b10ef08d0c411ee0c5f914d981b2c4376db2bc5decad51c647927be9d41743b9424fca649331b347936e073408db66a9999585481fb19e4e730eb93115c1e3e54a9b1540c16e5cf83ad827edf19daad2e70ce44d0b6b7ca8178220dbffb1262ca94bb8a8c313b1ce468dc6ff7ee3b2f689a8048a1cfefa5f499b69f267eb423f9139e4bcc04a7b0b62bff860191ca2889fecdc99dd739098b415719e1cff9d0d96fb0eb0804fda582a75099e7338ed3005284c3dc300056e92d131178abbcf2122119557ede45cd886721ab7e3ecfff2c2ce88723aab320b55a384ebc8b43354e267feaad3aa1d113001ca690a896d32f5ee31dc11a5e6b0e42c8bb687b5bc977c873685b5638d65
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 07c461a16c8db0bf6ff708efe0d831fb
+            Version: 3
+            TBS:
+                MD5: 7a500bc3aef709f56643b9c69914efad
+                SHA1: 90ba9862a246c8674e6e0953d193e3a89b182b9d
+                SHA256: d0044160d9866df99af7b58f08c94006d0abfbbc25e2d129238727d5f92457c5
+                SHA384: 9e39d52a27f94e871db92008ff86d60bba523ad03d3afa07b125c0cafccfe9a25e6b62f92b1df955044774679df68f57
+        Signer:
+        -   SerialNumber: 07c461a16c8db0bf6ff708efe0d831fb
+            Issuer: C=US, O=DigiCert, Inc., CN=DigiCert Trusted G4 Code Signing RSA4096
+                SHA384 2021 CA1
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: ''
+    MD5: 97580157f65612f765f39af594b86697
+    MachineType: AMD64
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: 190c20e130a9156442eebcf913746c69b9485eec
+    SHA256: dd0bd7b8fae8e8835ba09118a02a06a51e111fccbe16916414844aab91cfeed4
+    Signature: ''
+    Imphash: c0f234205c50cc713673353c9653eea1
+    Authentihash:
+        MD5: ec95d1e5166c31748a5a89e873806e01
+        SHA1: d2660a9ec25cbdc57aea05cf0db52dc002387243
+        SHA256: e3a74ac9d23efaa857333a4d8a40ed0026f28575475deeb6eb301fcc0db34efc
+    RichPEHeaderHash:
+        MD5: a67a4612f6326f9410a7d7786fa23fb8
+        SHA1: 5e0e187dd346546b6760a72fba112290192d5268
+        SHA256: d084779e076a8cf4c9571af4aa4d8e90a05e8961cfdbca160b0f7650b89201ce
+    Sections:
+        .text:
+            Entropy: 6.233769413631696
+            Virtual Size: '0x16d6'
+        .rdata:
+            Entropy: 3.795906601575476
+            Virtual Size: '0x560'
+        .data:
+            Entropy: 1.0016266655996542
+            Virtual Size: '0x70'
+        .pdata:
+            Entropy: 3.6388631234896605
+            Virtual Size: '0xf0'
+        .gfids:
+            Entropy: 0.8112781244591328
+            Virtual Size: '0x4'
+        INIT:
+            Entropy: 5.1223780436654796
+            Virtual Size: '0x476'
+        .reloc:
+            Entropy: 2.4940954395801547
+            Virtual Size: '0x18'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2017-08-21 05:25:03'
+    InternalName: ''
+    Copyright: ''
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - RtlCompareMemory
+    - KeInitializeEvent
+    - KeWaitForSingleObject
+    - MmMapLockedPagesSpecifyCache
+    - MmMapIoSpace
+    - MmUnmapIoSpace
+    - MmAllocateContiguousMemorySpecifyCache
+    - MmFreeContiguousMemorySpecifyCache
+    - IoBuildSynchronousFsdRequest
+    - IofCallDriver
+    - IofCompleteRequest
+    - MmGetPhysicalAddress
+    - __C_specific_handler
+    - _wcsnicmp
+    - RtlInitString
+    - RtlInitUnicodeString
+    - RtlAnsiStringToUnicodeString
+    - RtlFreeUnicodeString
+    - KeInitializeSpinLock
+    - ExAllocatePool
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - ExInterlockedInsertTailList
+    - IoBuildDeviceIoControlRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - ObReferenceObjectByName
+    - ObQueryNameString
+    - IoDriverObjectType
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=US, ST=California, L=Campbell, O=Phoenix Technologies Ltd.,
+                CN=Phoenix Technologies Ltd.
+            ValidFrom: '2015-01-07 00:00:00'
+            ValidTo: '2018-02-05 23:59:59'
+            Signature: d5f6b528948bb2bcc237002b1e5c892eeff9b293f7623bebbd811a1ea79fcafafc79cb936b4ad2b9e472f2102d0f49ef135883d7467fa3341bde8e67073a05a4ff28c658b263f37402f81663d37270b3763c93750d868519acd37806b3858eeae68eea4bbba1b7f35097ec51356fb8528ae75e170cff984b4c0a1f1c24fe2db55ac3e9a32cfa5c6ee207dcb001e1bcaeae1e4cd4771b3cf3ed0471c1d36f1be6003ad67a2682d607d2ac7bc64baa66b1ff0d99c5b62a258df9feb09ffc7f77ea2dfa187beeb1ce077d111a7e5614a218796885a8328113e91620091feb6c5b906db8e09344e3d9ad5571737076a6d5a506775f71dc6e712d0acabe342f5d1a3b
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 398dac5aceed96bd2722943deb287519
+            Version: 3
+            TBS:
+                MD5: 6be1b0e46d009e1aca49365bf2d882a5
+                SHA1: b8c19cce8c4b08d110c3a60b152752b081fac4f8
+                SHA256: 1b444d28fb526dac9de47b8d5cd9a9379b540bc426fa93d284d3bd8099681853
+                SHA384: 4d4e0dbf395dd65f6932bd2438b0ecafb7504758692ef15b500af2d2a280e7da0f512536ea7432d9ed143aa30a255ab0
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 398dac5aceed96bd2722943deb287519
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: ''
+    MD5: 4124de3cb72f5dfd7288389862b03f2a
+    MachineType: AMD64
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: 0cac0dbaa7adb7bba6e92c7cd2d514be7e86a914
+    SHA256: e34afe0a8c5459d13e7a11f20d62c7762b2a55613aaf6dbeb887e014b5f19295
+    Signature: ''
+    Imphash: 304c4fcf70cfc8299a3b6eed8e7bbb31
+    Authentihash:
+        MD5: f5bdaccb8d5ea6fdd229f2829ade9810
+        SHA1: a191e684c3d55db3a913953370662517e5c78557
+        SHA256: e2decc56788d257ce7f6b1915c90ea5a54fb5232f2bf9f311958de495a4eb308
+    RichPEHeaderHash:
+        MD5: 0327cc0517e0e9e56e4df1dacde75bf9
+        SHA1: 9db1868fc10605233cc1884fe998c8d22f955a3e
+        SHA256: 96fcbbe4e69ad34caa02d8782a75a118481861950a0c08b454a8dc33263f051a
+    Sections:
+        .text:
+            Entropy: 6.275841877690812
+            Virtual Size: '0x16e6'
+        .rdata:
+            Entropy: 4.290029733666166
+            Virtual Size: '0x224'
+        .data:
+            Entropy: 0.39234506256522045
+            Virtual Size: '0x178'
+        .pdata:
+            Entropy: 3.528417870227104
+            Virtual Size: '0x9c'
+        INIT:
+            Entropy: 5.141506839882625
+            Virtual Size: '0x46a'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2012-05-24 01:24:16'
+    InternalName: ''
+    Copyright: ''
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - ExAllocatePoolWithTag
+    - IoBuildDeviceIoControlRequest
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - RtlAnsiStringToUnicodeString
+    - MmMapLockedPages
+    - _wcsnicmp
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeInitializeEvent
+    - RtlInitString
+    - RtlFreeUnicodeString
+    - ObQueryNameString
+    - IoDriverObjectType
+    - ExAllocatePool
+    - ExInterlockedInsertTailList
+    - IofCompleteRequest
+    - KeWaitForSingleObject
+    - IoCreateSymbolicLink
+    - ObReferenceObjectByName
+    - IoCreateDevice
+    - IofCallDriver
+    - MmFreeContiguousMemorySpecifyCache
+    - IoBuildSynchronousFsdRequest
+    - MmUnmapIoSpace
+    - MmGetPhysicalAddress
+    - MmMapIoSpace
+    - RtlCompareMemory
+    - MmAllocateContiguousMemorySpecifyCache
+    - KeBugCheckEx
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G3
+            ValidFrom: '2012-05-01 00:00:00'
+            ValidTo: '2012-12-31 23:59:59'
+            Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
+            Version: 3
+            TBS:
+                MD5: e6d820afb23af20a65cf0b03247ea05e
+                SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
+                SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
+                SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=US, ST=California, L=Milpitas, O=Phoenix Technologies Ltd.,
+                OU=Digital ID Class 3 , Microsoft Software Validation v2, OU=CSS Core
+                Features Development, CN=Phoenix Technologies Ltd.
+            ValidFrom: '2012-02-10 00:00:00'
+            ValidTo: '2015-01-20 23:59:59'
+            Signature: 03f3af2715275ae4aea73cc3387ada6f28c483162f0ab9360ce1df19ac11646bf9da729498ff91a84d2932723519f46e49e65e586c62461c324767efaf4bec49fc76efb838154a60c4a41691313048ae814797fa92dc01c4956208a431cfd83d5a4a05494f215efd7cfbc95590ca849d9297bae4147314da22a069570652e026432cf6a7f2184a312d34fc2e45576eafeb0cd41d7236eb91e7650b193a44573244e659b34a6e144d65be79be419a3e43e9a98e45296a75e0d12a86bbac1d9213e032895831ac4e6c62391b25762af8a57c7a49e97007f4e50a6ed121d264ae2fc47c940f30f862116f984a631bcd274fb99b9bdbe258db35c3e9cc55c13f214f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 46e79b91ebefa4d3229b32650e85d0fb
+            Version: 3
+            TBS:
+                MD5: 1d13dffe16459c7c342c031c57a7b495
+                SHA1: 4bb8ae412d1b92f9d2bc840a07822859dafa8ec2
+                SHA256: 2883db9a3e15244ed3e95244eb4cbdcd8240e81684975a5b8a241fa183a0fea7
+                SHA384: 3bf18f6b4af1c8acc05c0e039768caedd2bb966b07f841965a86b3493c1b6c791dacbd0bc0c29aac4325018d108a717b
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 46e79b91ebefa4d3229b32650e85d0fb
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/93740202-930c-4ab4-8603-8ec9532c5415.yaml b/yaml/93740202-930c-4ab4-8603-8ec9532c5415.yaml
index 98ec9c2ba..80f60a2a1 100644
--- a/yaml/93740202-930c-4ab4-8603-8ec9532c5415.yaml
+++ b/yaml/93740202-930c-4ab4-8603-8ec9532c5415.yaml
@@ -1,527 +1,527 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
-Author: Guus Verbeek
-Category: malicious
-Commands:
-  Command: sc.exe create WinTapix.sys binPath=C:\windows\temp\WinTapix.sys type=kernel
-    && sc.exe start WinTapix.sys
-  Description: Wintapix.sys is partially protected by VMProtect, a software protection
-    tool that uses virtualization to protect software applications from reverse engineering
-    and unauthorized usage. It transforms the original executable file into a virtualized
-    code executed in a protected environment, making it difficult to analyze and tamper
-    with.
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
-Created: '2023-06-05'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_mal_drivers_strict.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
 Id: 93740202-930c-4ab4-8603-8ec9532c5415
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: bb6790230efd9de2ee1a5be037f3c32e
-    SHA1: 8d29b561a12cc9e04c93f0915cebc13c400bd749
-    SHA256: d0d8dcc01aba3ac08084ad40df3c64e7dfdd26ad403b08e610b96e2fcaf8a713
-  Company: Microsoft Corporation
-  Copyright: "\xA9 Microsoft Corporation. All rights reserved."
-  CreationTimestamp: '2020-05-04 11:58:49'
-  Date: ''
-  Description: Windows Kernel Executive Module
-  ExportedFunctions: ''
-  FileVersion: 6.3.9600.16384 (winblue_rtm.130821-1623)
-  Filename: WinTapix.sys
-  ImportedFunctions:
-  - RtlCompareUnicodeString
-  - KeDelayExecutionThread
-  - ExAllocatePool
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - PsCreateSystemThread
-  - ObfDereferenceObject
-  - ZwClose
-  - MmIsAddressValid
-  - ZwTerminateProcess
-  - ZwOpenProcess
-  - RtlConvertSidToUnicodeString
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - PsReferencePrimaryToken
-  - PsLookupProcessByProcessId
-  - ObOpenObjectByPointer
-  - ZwAllocateVirtualMemory
-  - RtlInitUnicodeString
-  - ZwQueryInformationToken
-  - ZwQueryInformationProcess
-  - ZwQuerySystemInformation
-  - ZwCreateFile
-  - ZwQueryInformationFile
-  - ZwReadFile
-  - ZwWriteFile
-  - ZwCreateKey
-  - ZwOpenKey
-  - ZwSetValueKey
-  - ZwNotifyChangeKey
-  - ZwCreateEvent
-  - ZwDeleteFile
-  - ZwSetEvent
-  - InitSafeBootMode
-  - strcmp
-  - ZwUnloadKey
-  - NtBuildNumber
-  - ZwWaitForSingleObject
-  - wcscmp
-  - KeStallExecutionProcessor
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: WinTapix.sys
-  MD5: 3dd829fb27353622eff34be1eabb8f18
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: WinTapix.sys
-  Product: "Microsoft\xAE Windows\xAE Operating System"
-  ProductVersion: 6.3.9600.16384
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: ffdf660eb1ebf020a1d0a55a90712dfb
-    SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
-    SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
-  SHA1: 22c9da04847c26188226c3a345e2126ef00aa19e
-  SHA256: 8578bff36e3b02cc71495b647db88c67c3c5ca710b5a2bd539148550595d0330
-  Sections:
-    .text:
-      Entropy: 5.415990855405883
-      Virtual Size: '0x36ae'
-    .rdata:
-      Entropy: 4.7730299789674255
-      Virtual Size: '0x624'
-    .data:
-      Entropy: 7.944395824560618
-      Virtual Size: '0x17a2c'
-    .pdata:
-      Entropy: 7.523108775969153
-      Virtual Size: '0x264'
-    INIT:
-      Entropy: 4.94756554972232
-      Virtual Size: '0x4de'
-    .MDATA0:
-      Entropy: 6.800941934395751
-      Virtual Size: '0x10325c'
-    .reloc:
-      Entropy: 3.825685187409231
-      Virtual Size: '0xc4'
-    .rsrc:
-      Entropy: 3.4364895350293736
-      Virtual Size: '0x40c'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: CN=WoSign Time Stamping Services CA, O=WoSign CA Limited, OU=Certification
-        Authority of WoSign, C=CN
-      ValidFrom: '2014-12-14 09:01:37'
-      ValidTo: '2029-12-14 09:01:37'
-      Signature: 7c69fb4e8cf9f535f51d5a636104435ee582ef1e82cc961a8a52e49cb3db1a4403f5a007160906d5769cc55d76ae79e81b998be52ccb8127f6d722bf28dce2ee0b8be80a63e437f25d2e7f7d863a3eb71b40476b7cbbbb42a6f7b39f89969aa79ff28a9adc94c47589b70cb926688a8a9293306b10c28f4523aae903140fe5e46f898c567247000fd4d948b30cae3547baf9282c24de00c4ecdd528fb772cc906d0974617923927dc562535776e9e7ff2aec547a9a47b3e83aba1ac75966faac526e194c97a8a8077ec45a55a3a904d633ef6b3c6c8ffdb0329dbaea0431eeb9421a9d9b8fbe42df10724ce74b4c80cf633ccc755eed131a7f45d0a6f7dc3910
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 191d1219374065650af30022cf4619f5
-      Version: 3
-      TBS:
-        MD5: 5c037797b52b0dacf4eaf3f7dca4982a
-        SHA1: d1d8fe6c1dded9e1309b3d4a7bb062e542701669
-        SHA256: 5c98c23aba5a9d7b3f522cdcd6f6c6c2274d5a98dea818f202dda8a47eeb220f
-        SHA384: 1e7d8f8068fe94389a8a431aea1000598d009e69a01b102f831b60a5c3778e11336a6eb2d5fbd56057190d74916d5d53
-    - Subject: C=CN, ST=Beijing, L=Beijing, O=Beijing JoinHope Image Technology Ltd.,
-        CN=Beijing JoinHope Image Technology Ltd.
-      ValidFrom: '2014-05-16 00:00:00'
-      ValidTo: '2015-05-16 23:59:59'
-      Signature: e896f8811ed9938fcbdc8c37f8c029045bb36722791c608d7d59f1d50b9e8923777b3ce973553c8164d7445f038c3720516d74f2f95fd734cd1349c1e6cf17f1c9042f069fb94350f7cd8f36f676fd175742d32adbc5d143423e3bc38bea71f9d021110303529d578ba7aab16d53c61642cf1f7e16964718a083182429d4347a09ea0047d9e53bad112ca5a5a14a180539ceb64000a677709bb70e9e3aea68158977072e7f130f1f99b08c2593b4003523f3f6cd441a7e4d8e88f3a2b871e6a03627dd3dadd97487df1dc5b93119ec65b60d1e4e0248a1978ee7480c08b8b8e54d890e7941aa852cf65d731cf0a6cf66584a0d0fba70d6697ee22a8d859919f4
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0a005d2e2bcd4137168217d8c727747c
-      Version: 3
-      TBS:
-        MD5: 4d213d99215f488050faaa39765656d1
-        SHA1: 0308508b5a3fcd330bbf28931f8e1a9c93c3ee69
-        SHA256: ea947432de238a25fdb7892e436f4ef44f30ab16ae9e1eb914860f4808b25ef2
-        SHA384: 430e932514f35ed55f31f050f33bcc0b9244fd83c6d1d28ee240306e54292e93b5894ef4eb9c09bf84cdc8068c6a7230
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 0a005d2e2bcd4137168217d8c727747c
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 65ccc2c578a984c31880b6c5e65257d3
-  LoadsDespiteHVCI: 'TRUE'
-- Authentihash:
-    MD5: b39131751dda6e639ad70e2480d5fcd9
-    SHA1: cf1390d2e70d6ee560d3030b891d90f5fc897f8f
-    SHA256: 6ca42465bf4101ff63117c171cb31204dd29c45ba4ea7c31fd950f17e19b5d03
-  Company: Microsoft Corporation
-  Copyright: "\xA9 Microsoft Corporation. All rights reserved."
-  CreationTimestamp: '2020-05-03 08:29:44'
-  Date: ''
-  Description: Windows Kernel Executive Module
-  ExportedFunctions: ''
-  FileVersion: 6.3.9600.16384 (winblue_rtm.130821-1623)
-  Filename: WinTapix.sys
-  ImportedFunctions:
-  - RtlCompareUnicodeString
-  - KeDelayExecutionThread
-  - ExAllocatePool
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - PsCreateSystemThread
-  - ObfDereferenceObject
-  - ZwClose
-  - MmIsAddressValid
-  - ZwTerminateProcess
-  - ZwOpenProcess
-  - RtlConvertSidToUnicodeString
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - PsReferencePrimaryToken
-  - PsLookupProcessByProcessId
-  - ObOpenObjectByPointer
-  - ZwAllocateVirtualMemory
-  - RtlInitUnicodeString
-  - ZwQueryInformationToken
-  - ZwQueryInformationProcess
-  - ZwQuerySystemInformation
-  - ZwCreateFile
-  - ZwQueryInformationFile
-  - ZwReadFile
-  - ZwWriteFile
-  - ZwCreateKey
-  - ZwOpenKey
-  - ZwSetValueKey
-  - ZwNotifyChangeKey
-  - ZwCreateEvent
-  - ZwDeleteFile
-  - ZwSetEvent
-  - InitSafeBootMode
-  - strcmp
-  - ZwUnloadKey
-  - NtBuildNumber
-  - ZwWaitForSingleObject
-  - wcscmp
-  - KeStallExecutionProcessor
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: WinTapix.sys
-  MD5: a90236e4962620949b720f647a91f101
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: WinTapix.sys
-  Product: "Microsoft\xAE Windows\xAE Operating System"
-  ProductVersion: 6.3.9600.16384
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: ffdf660eb1ebf020a1d0a55a90712dfb
-    SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
-    SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
-  SHA1: 7f7d144cc80129d0db3159ea5d4294c34b79b20a
-  SHA256: 1485c0ed3e875cbdfc6786a5bd26d18ea9d31727deb8df290a1c00c780419a4e
-  Sections:
-    .text:
-      Entropy: 5.411119420135706
-      Virtual Size: '0x36ae'
-    .rdata:
-      Entropy: 4.724884299353354
-      Virtual Size: '0x624'
-    .data:
-      Entropy: 7.919516870655586
-      Virtual Size: '0x1342c'
-    .pdata:
-      Entropy: 7.459663544835626
-      Virtual Size: '0x264'
-    INIT:
-      Entropy: 4.945791139849542
-      Virtual Size: '0x4de'
-    .MDATA0:
-      Entropy: 6.792112138384607
-      Virtual Size: '0x10712c'
-    .reloc:
-      Entropy: 4.001838764133032
-      Virtual Size: '0xc4'
-    .rsrc:
-      Entropy: 3.4364895350293736
-      Virtual Size: '0x40c'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: CN=WoSign Time Stamping Services CA, O=WoSign CA Limited, OU=Certification
-        Authority of WoSign, C=CN
-      ValidFrom: '2014-12-14 09:01:37'
-      ValidTo: '2029-12-14 09:01:37'
-      Signature: 7c69fb4e8cf9f535f51d5a636104435ee582ef1e82cc961a8a52e49cb3db1a4403f5a007160906d5769cc55d76ae79e81b998be52ccb8127f6d722bf28dce2ee0b8be80a63e437f25d2e7f7d863a3eb71b40476b7cbbbb42a6f7b39f89969aa79ff28a9adc94c47589b70cb926688a8a9293306b10c28f4523aae903140fe5e46f898c567247000fd4d948b30cae3547baf9282c24de00c4ecdd528fb772cc906d0974617923927dc562535776e9e7ff2aec547a9a47b3e83aba1ac75966faac526e194c97a8a8077ec45a55a3a904d633ef6b3c6c8ffdb0329dbaea0431eeb9421a9d9b8fbe42df10724ce74b4c80cf633ccc755eed131a7f45d0a6f7dc3910
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 191d1219374065650af30022cf4619f5
-      Version: 3
-      TBS:
-        MD5: 5c037797b52b0dacf4eaf3f7dca4982a
-        SHA1: d1d8fe6c1dded9e1309b3d4a7bb062e542701669
-        SHA256: 5c98c23aba5a9d7b3f522cdcd6f6c6c2274d5a98dea818f202dda8a47eeb220f
-        SHA384: 1e7d8f8068fe94389a8a431aea1000598d009e69a01b102f831b60a5c3778e11336a6eb2d5fbd56057190d74916d5d53
-    - Subject: C=CN, ST=Beijing, L=Beijing, O=Beijing JoinHope Image Technology Ltd.,
-        CN=Beijing JoinHope Image Technology Ltd.
-      ValidFrom: '2014-05-16 00:00:00'
-      ValidTo: '2015-05-16 23:59:59'
-      Signature: e896f8811ed9938fcbdc8c37f8c029045bb36722791c608d7d59f1d50b9e8923777b3ce973553c8164d7445f038c3720516d74f2f95fd734cd1349c1e6cf17f1c9042f069fb94350f7cd8f36f676fd175742d32adbc5d143423e3bc38bea71f9d021110303529d578ba7aab16d53c61642cf1f7e16964718a083182429d4347a09ea0047d9e53bad112ca5a5a14a180539ceb64000a677709bb70e9e3aea68158977072e7f130f1f99b08c2593b4003523f3f6cd441a7e4d8e88f3a2b871e6a03627dd3dadd97487df1dc5b93119ec65b60d1e4e0248a1978ee7480c08b8b8e54d890e7941aa852cf65d731cf0a6cf66584a0d0fba70d6697ee22a8d859919f4
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0a005d2e2bcd4137168217d8c727747c
-      Version: 3
-      TBS:
-        MD5: 4d213d99215f488050faaa39765656d1
-        SHA1: 0308508b5a3fcd330bbf28931f8e1a9c93c3ee69
-        SHA256: ea947432de238a25fdb7892e436f4ef44f30ab16ae9e1eb914860f4808b25ef2
-        SHA384: 430e932514f35ed55f31f050f33bcc0b9244fd83c6d1d28ee240306e54292e93b5894ef4eb9c09bf84cdc8068c6a7230
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 0a005d2e2bcd4137168217d8c727747c
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 65ccc2c578a984c31880b6c5e65257d3
-  LoadsDespiteHVCI: 'TRUE'
-- Authentihash:
-    MD5: 5858899869ed5c70f3af5287d4f4299c
-    SHA1: b52e5da0ba19dc71148c4d4499f688ff4d86ed59
-    SHA256: 9ac6d632f61d9abe287616ade35f555cd8cf5b91adda382c5ced0cbae468b0e7
-  Company: Microsoft Corporation
-  Copyright: "\xA9 Microsoft Corporation. All rights reserved."
-  CreationTimestamp: '2021-06-28 23:28:49'
-  Date: ''
-  Description: Server Network driver
-  ExportedFunctions: ''
-  FileVersion: 10.0.18362.693 (WinBuild.160101.0800)
-  Filename: WinTapix.sys
-  ImportedFunctions:
-  - ExFreePoolWithTag
-  - ZwQuerySystemInformation
-  - RtlFreeAnsiString
-  - KeInitializeMutex
-  - KeReleaseMutex
-  - KeWaitForSingleObject
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - RtlInitUnicodeString
-  - RtlFreeUnicodeString
-  - ObReferenceObjectByHandle
-  - ZwClose
-  - ZwCreateEvent
-  - ZwWaitForSingleObject
-  - ObOpenObjectByPointer
-  - ZwCreateKey
-  - ZwOpenKey
-  - ZwDeleteKey
-  - ZwQueryValueKey
-  - ZwSetValueKey
-  - KeDelayExecutionThread
-  - ExAllocatePool
-  - ZwEnumerateKey
-  - ZwEnumerateValueKey
-  - ZwQueryKey
-  - InitSafeBootMode
-  - strcmp
-  - ZwUnloadKey
-  - NtBuildNumber
-  - tolower
-  - strlen
-  - wcslen
-  - RtlInitAnsiString
-  - RtlAnsiStringToUnicodeString
-  - RtlUnicodeStringToAnsiString
-  Imports:
-  - ntoskrnl.exe
-  InternalName: SRVNET2.SYS
-  MD5: 4dd6250eb2d368f500949952eb013964
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: SRVNET2.SYS
-  Product: "Microsoft\xAE Windows\xAE Operating System"
-  ProductVersion: 10.0.18362.693
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 30b6cef006f64eb9f65066c48e5968a7
-    SHA1: 6cc09a78e32fe00891c45ea5083dc0d720b1960b
-    SHA256: 1bc7925380d6f1cdc950c23e606238376b26afca782faba789ee6ac30bde7ac0
-  SHA1: 6802e2d2d4e6ee38aa513dafd6840e864310513b
-  SHA256: f6c316e2385f2694d47e936b0ac4bc9b55e279d530dd5e805f0d963cb47c3c0d
-  Sections:
-    .text:
-      Entropy: 5.619117393799512
-      Virtual Size: '0xa542'
-    .rdata:
-      Entropy: 3.73679947614093
-      Virtual Size: '0x70c'
-    .data:
-      Entropy: 7.9965258450632275
-      Virtual Size: '0x73918'
-    .pdata:
-      Entropy: 4.533159114843445
-      Virtual Size: '0xa8c'
-    INIT:
-      Entropy: 4.910848389822466
-      Virtual Size: '0x3f4'
-    .reloc:
-      Entropy: 2.9387218755408675
-      Virtual Size: '0x18'
-    .rsrc:
-      Entropy: 3.45088426885429
-      Virtual Size: '0x3e8'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: CN=WoSign Time Stamping Services CA, O=WoSign CA Limited, OU=Certification
-        Authority of WoSign, C=CN
-      ValidFrom: '2013-12-23 11:06:25'
-      ValidTo: '2043-12-23 11:06:25'
-      Signature: 0efb93559e7f0f10c57ebe41a785ad85e36f7adee089c4f9219af4c9e83a4676830f607601a37d5d6f98d73acc0378c2609ded1866d59927746d78f86e9874a5be3a8836d3613237dbf7325548ee39bfe0f38c46752c9b894e902005ec735ee2723ddc61cb901e6357f8e663a452a375b99bca6f996b5652758d37d47ec6c8d78dd5d73c6c545af894e6d54b45e5330e10c6200cea6e782741ff0517693d88d0a6a177d5af4e53f8447efaf5df48e0db052f68c84f7c88d8f944986c140dbfa14ee8fa01dbbebefdb9bced8751a2560ea8021ef9abee24f7e6fbc94aefe9b5242af8d4ef38b4cfb9d8a3e09a57442f047db91bd04443f6e321d47227973877bd
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 6e9b297c7f929e056a311fabffcd96c5
-      Version: 3
-      TBS:
-        MD5: f1587fcabfcc45e870238853daf0aa43
-        SHA1: 3076e8e83fc858bb8547145202fc4790573e3287
-        SHA256: a45a86473b8344cc6690997658f54ad8bbad3f33c26c823f5517359b0b72c103
-        SHA384: b136829c9ba16789b068169c1cc1cdcaec4ffb3355700267e9984a8e57dbdafc118b2ab44691b24f568c9f58f52c2bad
-    - Subject: C=CN, ST=guangdong, L=zhuhai, O=Zhuhai liancheng Technology Co., Ltd.,
-        OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=Zhuhai liancheng
-        Technology Co., Ltd.
-      ValidFrom: '2013-02-04 00:00:00'
-      ValidTo: '2014-02-04 23:59:59'
-      Signature: 6eb0af9de955b9bd1bda967942685c5b630bf60dd0be149178bce893c7c32039076006dd75f9655b497470e44e7954cd89fe4ee04a580992f0ee9268e8129afcf0b58519158d6864e56caa6e78d66b0278a86083b751cf8a030ba0139969509259e5d1ea91dc593e1d093fb5e4ebabe1a38359d920acb85f9c02f6939096522b010158d086bc5ff52bbe2be1ab364ca496ed5a3ac72531274daf4e808d483686118d6132d2b98018074a0e989eed4f43fe28298363e05e9c3cace4a954525ac021e0b10445e09a3528eff35b525e7cca44332744aa81b41dd4244ec54da168b2f1026a23ca9b9929199f037689956b69c21ca77e6605483439670dcf9baf2991
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 627dfdf73a1455de5143a270799e6b7b
-      Version: 3
-      TBS:
-        MD5: b91ec3270e80aa93214c42d1eed66d36
-        SHA1: c27a40cbc754d2bb1f7b872a5a9fd385ff1c2b2f
-        SHA256: 7b4a9879162ce64e75cca2bcc675be06dacb6c9eeae4df6c929080b4db819cd4
-        SHA384: 394fa6e52375f53d18f79f1abb7b26b02bbb000784279547bd81d16c18fabe1b8156b64ad1c356e85e1829fa2ab3f870
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 627dfdf73a1455de5143a270799e6b7b
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 8d070a93a45ed8ba6dba6bfbe0d084e7
-  LoadsDespiteHVCI: 'TRUE'
-MitreID: T1068
-Resources:
-- https://www.fortinet.com/blog/threat-research/wintapix-kernal-driver-middle-east-countries
 Tags:
 - WinTapix.sys
 - SRVNET2.SYS
 Verified: 'TRUE'
+Author: Guus Verbeek
+Created: '2023-06-05'
+MitreID: T1068
+Category: malicious
+Commands:
+    Command: sc.exe create WinTapix.sys binPath=C:\windows\temp\WinTapix.sys type=kernel
+        && sc.exe start WinTapix.sys
+    Description: Wintapix.sys is partially protected by VMProtect, a software protection
+        tool that uses virtualization to protect software applications from reverse
+        engineering and unauthorized usage. It transforms the original executable
+        file into a virtualized code executed in a protected environment, making it
+        difficult to analyze and tamper with.
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
+Resources:
+- https://www.fortinet.com/blog/threat-research/wintapix-kernal-driver-middle-east-countries
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_mal_drivers_strict.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: bb6790230efd9de2ee1a5be037f3c32e
+        SHA1: 8d29b561a12cc9e04c93f0915cebc13c400bd749
+        SHA256: d0d8dcc01aba3ac08084ad40df3c64e7dfdd26ad403b08e610b96e2fcaf8a713
+    Company: Microsoft Corporation
+    Copyright: "\xA9 Microsoft Corporation. All rights reserved."
+    CreationTimestamp: '2020-05-04 11:58:49'
+    Date: ''
+    Description: Windows Kernel Executive Module
+    ExportedFunctions: ''
+    FileVersion: 6.3.9600.16384 (winblue_rtm.130821-1623)
+    Filename: WinTapix.sys
+    ImportedFunctions:
+    - RtlCompareUnicodeString
+    - KeDelayExecutionThread
+    - ExAllocatePool
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - PsCreateSystemThread
+    - ObfDereferenceObject
+    - ZwClose
+    - MmIsAddressValid
+    - ZwTerminateProcess
+    - ZwOpenProcess
+    - RtlConvertSidToUnicodeString
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - PsReferencePrimaryToken
+    - PsLookupProcessByProcessId
+    - ObOpenObjectByPointer
+    - ZwAllocateVirtualMemory
+    - RtlInitUnicodeString
+    - ZwQueryInformationToken
+    - ZwQueryInformationProcess
+    - ZwQuerySystemInformation
+    - ZwCreateFile
+    - ZwQueryInformationFile
+    - ZwReadFile
+    - ZwWriteFile
+    - ZwCreateKey
+    - ZwOpenKey
+    - ZwSetValueKey
+    - ZwNotifyChangeKey
+    - ZwCreateEvent
+    - ZwDeleteFile
+    - ZwSetEvent
+    - InitSafeBootMode
+    - strcmp
+    - ZwUnloadKey
+    - NtBuildNumber
+    - ZwWaitForSingleObject
+    - wcscmp
+    - KeStallExecutionProcessor
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: WinTapix.sys
+    MD5: 3dd829fb27353622eff34be1eabb8f18
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: WinTapix.sys
+    Product: "Microsoft\xAE Windows\xAE Operating System"
+    ProductVersion: 6.3.9600.16384
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: ffdf660eb1ebf020a1d0a55a90712dfb
+        SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
+        SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
+    SHA1: 22c9da04847c26188226c3a345e2126ef00aa19e
+    SHA256: 8578bff36e3b02cc71495b647db88c67c3c5ca710b5a2bd539148550595d0330
+    Sections:
+        .text:
+            Entropy: 5.415990855405883
+            Virtual Size: '0x36ae'
+        .rdata:
+            Entropy: 4.7730299789674255
+            Virtual Size: '0x624'
+        .data:
+            Entropy: 7.944395824560618
+            Virtual Size: '0x17a2c'
+        .pdata:
+            Entropy: 7.523108775969153
+            Virtual Size: '0x264'
+        INIT:
+            Entropy: 4.94756554972232
+            Virtual Size: '0x4de'
+        .MDATA0:
+            Entropy: 6.800941934395751
+            Virtual Size: '0x10325c'
+        .reloc:
+            Entropy: 3.825685187409231
+            Virtual Size: '0xc4'
+        .rsrc:
+            Entropy: 3.4364895350293736
+            Virtual Size: '0x40c'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: CN=WoSign Time Stamping Services CA, O=WoSign CA Limited, OU=Certification
+                Authority of WoSign, C=CN
+            ValidFrom: '2014-12-14 09:01:37'
+            ValidTo: '2029-12-14 09:01:37'
+            Signature: 7c69fb4e8cf9f535f51d5a636104435ee582ef1e82cc961a8a52e49cb3db1a4403f5a007160906d5769cc55d76ae79e81b998be52ccb8127f6d722bf28dce2ee0b8be80a63e437f25d2e7f7d863a3eb71b40476b7cbbbb42a6f7b39f89969aa79ff28a9adc94c47589b70cb926688a8a9293306b10c28f4523aae903140fe5e46f898c567247000fd4d948b30cae3547baf9282c24de00c4ecdd528fb772cc906d0974617923927dc562535776e9e7ff2aec547a9a47b3e83aba1ac75966faac526e194c97a8a8077ec45a55a3a904d633ef6b3c6c8ffdb0329dbaea0431eeb9421a9d9b8fbe42df10724ce74b4c80cf633ccc755eed131a7f45d0a6f7dc3910
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 191d1219374065650af30022cf4619f5
+            Version: 3
+            TBS:
+                MD5: 5c037797b52b0dacf4eaf3f7dca4982a
+                SHA1: d1d8fe6c1dded9e1309b3d4a7bb062e542701669
+                SHA256: 5c98c23aba5a9d7b3f522cdcd6f6c6c2274d5a98dea818f202dda8a47eeb220f
+                SHA384: 1e7d8f8068fe94389a8a431aea1000598d009e69a01b102f831b60a5c3778e11336a6eb2d5fbd56057190d74916d5d53
+        -   Subject: C=CN, ST=Beijing, L=Beijing, O=Beijing JoinHope Image Technology
+                Ltd., CN=Beijing JoinHope Image Technology Ltd.
+            ValidFrom: '2014-05-16 00:00:00'
+            ValidTo: '2015-05-16 23:59:59'
+            Signature: e896f8811ed9938fcbdc8c37f8c029045bb36722791c608d7d59f1d50b9e8923777b3ce973553c8164d7445f038c3720516d74f2f95fd734cd1349c1e6cf17f1c9042f069fb94350f7cd8f36f676fd175742d32adbc5d143423e3bc38bea71f9d021110303529d578ba7aab16d53c61642cf1f7e16964718a083182429d4347a09ea0047d9e53bad112ca5a5a14a180539ceb64000a677709bb70e9e3aea68158977072e7f130f1f99b08c2593b4003523f3f6cd441a7e4d8e88f3a2b871e6a03627dd3dadd97487df1dc5b93119ec65b60d1e4e0248a1978ee7480c08b8b8e54d890e7941aa852cf65d731cf0a6cf66584a0d0fba70d6697ee22a8d859919f4
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0a005d2e2bcd4137168217d8c727747c
+            Version: 3
+            TBS:
+                MD5: 4d213d99215f488050faaa39765656d1
+                SHA1: 0308508b5a3fcd330bbf28931f8e1a9c93c3ee69
+                SHA256: ea947432de238a25fdb7892e436f4ef44f30ab16ae9e1eb914860f4808b25ef2
+                SHA384: 430e932514f35ed55f31f050f33bcc0b9244fd83c6d1d28ee240306e54292e93b5894ef4eb9c09bf84cdc8068c6a7230
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 0a005d2e2bcd4137168217d8c727747c
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 65ccc2c578a984c31880b6c5e65257d3
+    LoadsDespiteHVCI: 'TRUE'
+-   Authentihash:
+        MD5: b39131751dda6e639ad70e2480d5fcd9
+        SHA1: cf1390d2e70d6ee560d3030b891d90f5fc897f8f
+        SHA256: 6ca42465bf4101ff63117c171cb31204dd29c45ba4ea7c31fd950f17e19b5d03
+    Company: Microsoft Corporation
+    Copyright: "\xA9 Microsoft Corporation. All rights reserved."
+    CreationTimestamp: '2020-05-03 08:29:44'
+    Date: ''
+    Description: Windows Kernel Executive Module
+    ExportedFunctions: ''
+    FileVersion: 6.3.9600.16384 (winblue_rtm.130821-1623)
+    Filename: WinTapix.sys
+    ImportedFunctions:
+    - RtlCompareUnicodeString
+    - KeDelayExecutionThread
+    - ExAllocatePool
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - PsCreateSystemThread
+    - ObfDereferenceObject
+    - ZwClose
+    - MmIsAddressValid
+    - ZwTerminateProcess
+    - ZwOpenProcess
+    - RtlConvertSidToUnicodeString
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - PsReferencePrimaryToken
+    - PsLookupProcessByProcessId
+    - ObOpenObjectByPointer
+    - ZwAllocateVirtualMemory
+    - RtlInitUnicodeString
+    - ZwQueryInformationToken
+    - ZwQueryInformationProcess
+    - ZwQuerySystemInformation
+    - ZwCreateFile
+    - ZwQueryInformationFile
+    - ZwReadFile
+    - ZwWriteFile
+    - ZwCreateKey
+    - ZwOpenKey
+    - ZwSetValueKey
+    - ZwNotifyChangeKey
+    - ZwCreateEvent
+    - ZwDeleteFile
+    - ZwSetEvent
+    - InitSafeBootMode
+    - strcmp
+    - ZwUnloadKey
+    - NtBuildNumber
+    - ZwWaitForSingleObject
+    - wcscmp
+    - KeStallExecutionProcessor
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: WinTapix.sys
+    MD5: a90236e4962620949b720f647a91f101
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: WinTapix.sys
+    Product: "Microsoft\xAE Windows\xAE Operating System"
+    ProductVersion: 6.3.9600.16384
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: ffdf660eb1ebf020a1d0a55a90712dfb
+        SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
+        SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
+    SHA1: 7f7d144cc80129d0db3159ea5d4294c34b79b20a
+    SHA256: 1485c0ed3e875cbdfc6786a5bd26d18ea9d31727deb8df290a1c00c780419a4e
+    Sections:
+        .text:
+            Entropy: 5.411119420135706
+            Virtual Size: '0x36ae'
+        .rdata:
+            Entropy: 4.724884299353354
+            Virtual Size: '0x624'
+        .data:
+            Entropy: 7.919516870655586
+            Virtual Size: '0x1342c'
+        .pdata:
+            Entropy: 7.459663544835626
+            Virtual Size: '0x264'
+        INIT:
+            Entropy: 4.945791139849542
+            Virtual Size: '0x4de'
+        .MDATA0:
+            Entropy: 6.792112138384607
+            Virtual Size: '0x10712c'
+        .reloc:
+            Entropy: 4.001838764133032
+            Virtual Size: '0xc4'
+        .rsrc:
+            Entropy: 3.4364895350293736
+            Virtual Size: '0x40c'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: CN=WoSign Time Stamping Services CA, O=WoSign CA Limited, OU=Certification
+                Authority of WoSign, C=CN
+            ValidFrom: '2014-12-14 09:01:37'
+            ValidTo: '2029-12-14 09:01:37'
+            Signature: 7c69fb4e8cf9f535f51d5a636104435ee582ef1e82cc961a8a52e49cb3db1a4403f5a007160906d5769cc55d76ae79e81b998be52ccb8127f6d722bf28dce2ee0b8be80a63e437f25d2e7f7d863a3eb71b40476b7cbbbb42a6f7b39f89969aa79ff28a9adc94c47589b70cb926688a8a9293306b10c28f4523aae903140fe5e46f898c567247000fd4d948b30cae3547baf9282c24de00c4ecdd528fb772cc906d0974617923927dc562535776e9e7ff2aec547a9a47b3e83aba1ac75966faac526e194c97a8a8077ec45a55a3a904d633ef6b3c6c8ffdb0329dbaea0431eeb9421a9d9b8fbe42df10724ce74b4c80cf633ccc755eed131a7f45d0a6f7dc3910
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 191d1219374065650af30022cf4619f5
+            Version: 3
+            TBS:
+                MD5: 5c037797b52b0dacf4eaf3f7dca4982a
+                SHA1: d1d8fe6c1dded9e1309b3d4a7bb062e542701669
+                SHA256: 5c98c23aba5a9d7b3f522cdcd6f6c6c2274d5a98dea818f202dda8a47eeb220f
+                SHA384: 1e7d8f8068fe94389a8a431aea1000598d009e69a01b102f831b60a5c3778e11336a6eb2d5fbd56057190d74916d5d53
+        -   Subject: C=CN, ST=Beijing, L=Beijing, O=Beijing JoinHope Image Technology
+                Ltd., CN=Beijing JoinHope Image Technology Ltd.
+            ValidFrom: '2014-05-16 00:00:00'
+            ValidTo: '2015-05-16 23:59:59'
+            Signature: e896f8811ed9938fcbdc8c37f8c029045bb36722791c608d7d59f1d50b9e8923777b3ce973553c8164d7445f038c3720516d74f2f95fd734cd1349c1e6cf17f1c9042f069fb94350f7cd8f36f676fd175742d32adbc5d143423e3bc38bea71f9d021110303529d578ba7aab16d53c61642cf1f7e16964718a083182429d4347a09ea0047d9e53bad112ca5a5a14a180539ceb64000a677709bb70e9e3aea68158977072e7f130f1f99b08c2593b4003523f3f6cd441a7e4d8e88f3a2b871e6a03627dd3dadd97487df1dc5b93119ec65b60d1e4e0248a1978ee7480c08b8b8e54d890e7941aa852cf65d731cf0a6cf66584a0d0fba70d6697ee22a8d859919f4
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0a005d2e2bcd4137168217d8c727747c
+            Version: 3
+            TBS:
+                MD5: 4d213d99215f488050faaa39765656d1
+                SHA1: 0308508b5a3fcd330bbf28931f8e1a9c93c3ee69
+                SHA256: ea947432de238a25fdb7892e436f4ef44f30ab16ae9e1eb914860f4808b25ef2
+                SHA384: 430e932514f35ed55f31f050f33bcc0b9244fd83c6d1d28ee240306e54292e93b5894ef4eb9c09bf84cdc8068c6a7230
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 0a005d2e2bcd4137168217d8c727747c
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 65ccc2c578a984c31880b6c5e65257d3
+    LoadsDespiteHVCI: 'TRUE'
+-   Authentihash:
+        MD5: 5858899869ed5c70f3af5287d4f4299c
+        SHA1: b52e5da0ba19dc71148c4d4499f688ff4d86ed59
+        SHA256: 9ac6d632f61d9abe287616ade35f555cd8cf5b91adda382c5ced0cbae468b0e7
+    Company: Microsoft Corporation
+    Copyright: "\xA9 Microsoft Corporation. All rights reserved."
+    CreationTimestamp: '2021-06-28 23:28:49'
+    Date: ''
+    Description: Server Network driver
+    ExportedFunctions: ''
+    FileVersion: 10.0.18362.693 (WinBuild.160101.0800)
+    Filename: WinTapix.sys
+    ImportedFunctions:
+    - ExFreePoolWithTag
+    - ZwQuerySystemInformation
+    - RtlFreeAnsiString
+    - KeInitializeMutex
+    - KeReleaseMutex
+    - KeWaitForSingleObject
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - RtlInitUnicodeString
+    - RtlFreeUnicodeString
+    - ObReferenceObjectByHandle
+    - ZwClose
+    - ZwCreateEvent
+    - ZwWaitForSingleObject
+    - ObOpenObjectByPointer
+    - ZwCreateKey
+    - ZwOpenKey
+    - ZwDeleteKey
+    - ZwQueryValueKey
+    - ZwSetValueKey
+    - KeDelayExecutionThread
+    - ExAllocatePool
+    - ZwEnumerateKey
+    - ZwEnumerateValueKey
+    - ZwQueryKey
+    - InitSafeBootMode
+    - strcmp
+    - ZwUnloadKey
+    - NtBuildNumber
+    - tolower
+    - strlen
+    - wcslen
+    - RtlInitAnsiString
+    - RtlAnsiStringToUnicodeString
+    - RtlUnicodeStringToAnsiString
+    Imports:
+    - ntoskrnl.exe
+    InternalName: SRVNET2.SYS
+    MD5: 4dd6250eb2d368f500949952eb013964
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: SRVNET2.SYS
+    Product: "Microsoft\xAE Windows\xAE Operating System"
+    ProductVersion: 10.0.18362.693
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 30b6cef006f64eb9f65066c48e5968a7
+        SHA1: 6cc09a78e32fe00891c45ea5083dc0d720b1960b
+        SHA256: 1bc7925380d6f1cdc950c23e606238376b26afca782faba789ee6ac30bde7ac0
+    SHA1: 6802e2d2d4e6ee38aa513dafd6840e864310513b
+    SHA256: f6c316e2385f2694d47e936b0ac4bc9b55e279d530dd5e805f0d963cb47c3c0d
+    Sections:
+        .text:
+            Entropy: 5.619117393799512
+            Virtual Size: '0xa542'
+        .rdata:
+            Entropy: 3.73679947614093
+            Virtual Size: '0x70c'
+        .data:
+            Entropy: 7.9965258450632275
+            Virtual Size: '0x73918'
+        .pdata:
+            Entropy: 4.533159114843445
+            Virtual Size: '0xa8c'
+        INIT:
+            Entropy: 4.910848389822466
+            Virtual Size: '0x3f4'
+        .reloc:
+            Entropy: 2.9387218755408675
+            Virtual Size: '0x18'
+        .rsrc:
+            Entropy: 3.45088426885429
+            Virtual Size: '0x3e8'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: CN=WoSign Time Stamping Services CA, O=WoSign CA Limited, OU=Certification
+                Authority of WoSign, C=CN
+            ValidFrom: '2013-12-23 11:06:25'
+            ValidTo: '2043-12-23 11:06:25'
+            Signature: 0efb93559e7f0f10c57ebe41a785ad85e36f7adee089c4f9219af4c9e83a4676830f607601a37d5d6f98d73acc0378c2609ded1866d59927746d78f86e9874a5be3a8836d3613237dbf7325548ee39bfe0f38c46752c9b894e902005ec735ee2723ddc61cb901e6357f8e663a452a375b99bca6f996b5652758d37d47ec6c8d78dd5d73c6c545af894e6d54b45e5330e10c6200cea6e782741ff0517693d88d0a6a177d5af4e53f8447efaf5df48e0db052f68c84f7c88d8f944986c140dbfa14ee8fa01dbbebefdb9bced8751a2560ea8021ef9abee24f7e6fbc94aefe9b5242af8d4ef38b4cfb9d8a3e09a57442f047db91bd04443f6e321d47227973877bd
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 6e9b297c7f929e056a311fabffcd96c5
+            Version: 3
+            TBS:
+                MD5: f1587fcabfcc45e870238853daf0aa43
+                SHA1: 3076e8e83fc858bb8547145202fc4790573e3287
+                SHA256: a45a86473b8344cc6690997658f54ad8bbad3f33c26c823f5517359b0b72c103
+                SHA384: b136829c9ba16789b068169c1cc1cdcaec4ffb3355700267e9984a8e57dbdafc118b2ab44691b24f568c9f58f52c2bad
+        -   Subject: C=CN, ST=guangdong, L=zhuhai, O=Zhuhai liancheng Technology Co.,
+                Ltd., OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=Zhuhai
+                liancheng Technology Co., Ltd.
+            ValidFrom: '2013-02-04 00:00:00'
+            ValidTo: '2014-02-04 23:59:59'
+            Signature: 6eb0af9de955b9bd1bda967942685c5b630bf60dd0be149178bce893c7c32039076006dd75f9655b497470e44e7954cd89fe4ee04a580992f0ee9268e8129afcf0b58519158d6864e56caa6e78d66b0278a86083b751cf8a030ba0139969509259e5d1ea91dc593e1d093fb5e4ebabe1a38359d920acb85f9c02f6939096522b010158d086bc5ff52bbe2be1ab364ca496ed5a3ac72531274daf4e808d483686118d6132d2b98018074a0e989eed4f43fe28298363e05e9c3cace4a954525ac021e0b10445e09a3528eff35b525e7cca44332744aa81b41dd4244ec54da168b2f1026a23ca9b9929199f037689956b69c21ca77e6605483439670dcf9baf2991
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 627dfdf73a1455de5143a270799e6b7b
+            Version: 3
+            TBS:
+                MD5: b91ec3270e80aa93214c42d1eed66d36
+                SHA1: c27a40cbc754d2bb1f7b872a5a9fd385ff1c2b2f
+                SHA256: 7b4a9879162ce64e75cca2bcc675be06dacb6c9eeae4df6c929080b4db819cd4
+                SHA384: 394fa6e52375f53d18f79f1abb7b26b02bbb000784279547bd81d16c18fabe1b8156b64ad1c356e85e1829fa2ab3f870
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 627dfdf73a1455de5143a270799e6b7b
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 8d070a93a45ed8ba6dba6bfbe0d084e7
+    LoadsDespiteHVCI: 'TRUE'
diff --git a/yaml/93c84c08-4683-493d-abf7-22dc2d1cb567.yaml b/yaml/93c84c08-4683-493d-abf7-22dc2d1cb567.yaml
index 3c8baf19f..2bb6183c8 100644
--- a/yaml/93c84c08-4683-493d-abf7-22dc2d1cb567.yaml
+++ b/yaml/93c84c08-4683-493d-abf7-22dc2d1cb567.yaml
@@ -1,184 +1,185 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 93c84c08-4683-493d-abf7-22dc2d1cb567
+Tags:
+- PanIOx64.sys
+Verified: 'FALSE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create PanIOx64.sys binPath=C:\windows\temp\PanIOx64.sys type=kernel
-    && sc.exe start PanIOx64.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/6b830ea0db6546a044c9900d3f335e7820c2a80e147b0751641899d1a5aa8f74.yara
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: 93c84c08-4683-493d-abf7-22dc2d1cb567
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 7bd56fcd55d1fd188e5200b7db5cd7be
-    SHA1: 519926b0b385e27141d88c5576aa9f86d8d3bb0d
-    SHA256: 13aa698c09a31d642d3e2a9dd03be2363b11b4024689fb6c97234719446dbbd7
-  Company: Pan Yazilim Bilisim Teknolojileri Tic. Ltd. Sti.
-  Copyright: Copyright (c) 2012-2014 Pan Yazilim Bilisim Teknolojileri Tic. Ltd. Sti.
-  CreationTimestamp: '2014-04-17 03:14:26'
-  Date: ''
-  Description: Temperature and system information driver
-  ExportedFunctions: ''
-  FileVersion: 1.0.0.0
-  Filename: PanIOx64.sys
-  ImportedFunctions:
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - IoDeleteDevice
-  - IoCreateDevice
-  - KeBugCheckEx
-  - RtlInitUnicodeString
-  - IoCreateSymbolicLink
-  - IoDeleteSymbolicLink
-  - __C_specific_handler
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: PanIOx64.sys
-  MD5: 0d6fef14f8e1ce5753424bd22c46b1ce
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: PanIOx64.sys
-  Product: PanIO Library
-  ProductVersion: 1.0.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 41ddd08b440611823bc5d8cb732c563d
-    SHA1: 8acdfc9ac988c6250e2a031640f6e169b5fddb73
-    SHA256: 189683b4db2e68d2f0b3f91f1141907b3887f23991867a68a22389d40ad3634e
-  SHA1: 814200191551faec65b21f5f6819b46c8fc227a3
-  SHA256: 6b830ea0db6546a044c9900d3f335e7820c2a80e147b0751641899d1a5aa8f74
-  Sections:
-    .text:
-      Entropy: 5.953593109948523
-      Virtual Size: '0x6bc'
-    .rdata:
-      Entropy: 4.084486961544062
-      Virtual Size: '0x184'
-    .data:
-      Entropy: 0.5096713223407059
-      Virtual Size: '0x114'
-    .pdata:
-      Entropy: 3.2519912045851185
-      Virtual Size: '0x6c'
-    INIT:
-      Entropy: 5.046663153942613
-      Virtual Size: '0x242'
-    .rsrc:
-      Entropy: 3.305144322260994
-      Virtual Size: '0x448'
-  Signature:
-  - PAN YAZILIM BILISIM TEKNOLOJILERI TICARET LTD. STI.
-  - GlobalSign CodeSigning CA - G2
-  - GlobalSign
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Timestamping CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2028-01-28 12:00:00'
-      Signature: 4e5e56901e46b4d94931f3bb1739281bc216ddfd41dc0905049b6fb2a29ad6992e40990055b5ea3fa52076d38634d417cc553ac782eeefa8babcd8069f1550dfcd167b523a02d7191afdaff0785ce04bc518df3a241edaacb8a95804020730dbb0125efe31bef00448f4f070f83a5e5683cf3dfb0dbcf4c5ed979db9d4dba52784e3389b8ba735864420a43b6da46a0ba183fd28ebdaef28f6cc885dfb0a3b00abe021ebe22f356c0f8e344597eba2f79933357ecb9a8abb454de73f9fc2d98afa65b26ec77e65ffe892e12c31a2f7b02736488f266f3bee4d761f79c3e57f9635bc2d0ecc01b08e7fff518080a792d4b34446648c874f166307314b63b0dff3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee152d7
-      Version: 3
-      TBS:
-        MD5: e140543fe3256027cfa79fc3c19c1776
-        SHA1: c655f94eb1ecc93de319fc0c9a2dc6c5ec063728
-        SHA256: 3ca71e85908ff67368e4dc00253f5691b9e6d50c966e7784143d75fb92aa3448
-        SHA384: d9d366f9328f2b55ee19a32cc5fd5148b81d764282fe5dc196c872ae249caa51d2c212ef39f33945dfe0cda81925e326
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=SG, O=GMO GlobalSign Pte Ltd, CN=GlobalSign TSA for MS Authenticode
-        , G1
-      ValidFrom: '2013-08-23 00:00:00'
-      ValidTo: '2024-09-23 00:00:00'
-      Signature: 0231142e5857644185e8af12753c881cc35eec2ce9a13cf5baaa531db9d12963dc436786d439dadec6c9ffbe4585f4a4d7c151ea18ee40585ee67bcca241291338c8ea21169cce90a62efba6cad994df401df902182bbef65d4f9fff9a48dbc50509ca80cea0f9dc4bc323e6038fb4b4af5b71296191181a6b7af2fd0dd1cd7d5e98ebba705ee5f4ea43de353dc514818adb3e105ebb72faa1a093ab031cc1653c91138b045d2bc4b9161bcc55c50ce8abe743c9b28328a5531347ab3964b91cea3430b176009521f1d43da8fda00032d76e983ca69c3b0b83becbb8bb2a268c59b8b9aeaf26ace234a2dc210d810b3813f745a3e3dbc4aca16d1bb7e5615cd7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1121405c1f0ed258882be54d8686ba11ea45
-      Version: 3
-      TBS:
-        MD5: b95cbc184d388718612d5933f7b36770
-        SHA1: ff124c5d160710720108616ffee99bbe090ed363
-        SHA256: 13027620255363f07bbf85ae7d0dc06c07d8b0f4368b12f983ee3f4fce605733
-        SHA384: f42ed00f615f2822dcd3d33794477428afb52ddab932ebcde3586f92a27e18f9faba6b3334ca4e59e0cb24bdbf8395a6
-    - Subject: C=TR, ST=ISTANBUL, O=PAN YAZILIM BILISIM TEKNOLOJILERI TICARET LTD.
-        STI., CN=PAN YAZILIM BILISIM TEKNOLOJILERI TICARET LTD. STI.
-      ValidFrom: '2014-04-15 15:12:40'
-      ValidTo: '2015-04-15 10:41:35'
-      Signature: 80c106b241d9ce3836aa7f9cace1ff4019c000e7010613722cb52e25e706045117d0fc96252e9dcea3fbc685222c39fca608d772e3f15cb43d550686265d301bbdc1e45ce75db149dff45be1adb71ee24385407afac778ede4e047359e64e06d29b5bdab18517dd5751cd255bd05600be47f4774be0c97666d5afe6aa64ee53ee9083e0587fd5a2b3767733fd5c1eb58364c4e8823db789da3d0157eb468805f3a0032103e65265ee45cd7181abfb3583d8d3b20d4f6f0a010c0bf01a2d82df1c3a22220e712d83b067aec59990117b623cda1a344a7584fb74145df822b2a709b3ca47a45fd4822d3bcd1691b18ddbb64b7daa42dd63664d796fbf2fc7474ba
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1121506480253469e07e54ee8612041fbb92
-      Version: 3
-      TBS:
-        MD5: f56d9ee0c69c7569e5c15b486bca6e2e
-        SHA1: 819ca6276ed76625e86bb6def0d45f61d37c8975
-        SHA256: b3b13c549110379d1141116de140cad748fb8345208cd31eb2443850a529b53b
-        SHA384: 2f15812fb4c9bba4d8ae7916fa4ffc9ad0a69724d77dc564c89b1e5df3e98b8797b63fcafe68eef9acf1d8817e9988cf
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 1121506480253469e07e54ee8612041fbb92
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: d6f977640d4810a784d152e4d3c63a6b
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create PanIOx64.sys binPath=C:\windows\temp\PanIOx64.sys type=kernel
+        && sc.exe start PanIOx64.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules
-Tags:
-- PanIOx64.sys
-Verified: 'FALSE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/6b830ea0db6546a044c9900d3f335e7820c2a80e147b0751641899d1a5aa8f74.yara
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 7bd56fcd55d1fd188e5200b7db5cd7be
+        SHA1: 519926b0b385e27141d88c5576aa9f86d8d3bb0d
+        SHA256: 13aa698c09a31d642d3e2a9dd03be2363b11b4024689fb6c97234719446dbbd7
+    Company: Pan Yazilim Bilisim Teknolojileri Tic. Ltd. Sti.
+    Copyright: Copyright (c) 2012-2014 Pan Yazilim Bilisim Teknolojileri Tic. Ltd.
+        Sti.
+    CreationTimestamp: '2014-04-17 03:14:26'
+    Date: ''
+    Description: Temperature and system information driver
+    ExportedFunctions: ''
+    FileVersion: 1.0.0.0
+    Filename: PanIOx64.sys
+    ImportedFunctions:
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - IoDeleteDevice
+    - IoCreateDevice
+    - KeBugCheckEx
+    - RtlInitUnicodeString
+    - IoCreateSymbolicLink
+    - IoDeleteSymbolicLink
+    - __C_specific_handler
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: PanIOx64.sys
+    MD5: 0d6fef14f8e1ce5753424bd22c46b1ce
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: PanIOx64.sys
+    Product: PanIO Library
+    ProductVersion: 1.0.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 41ddd08b440611823bc5d8cb732c563d
+        SHA1: 8acdfc9ac988c6250e2a031640f6e169b5fddb73
+        SHA256: 189683b4db2e68d2f0b3f91f1141907b3887f23991867a68a22389d40ad3634e
+    SHA1: 814200191551faec65b21f5f6819b46c8fc227a3
+    SHA256: 6b830ea0db6546a044c9900d3f335e7820c2a80e147b0751641899d1a5aa8f74
+    Sections:
+        .text:
+            Entropy: 5.953593109948523
+            Virtual Size: '0x6bc'
+        .rdata:
+            Entropy: 4.084486961544062
+            Virtual Size: '0x184'
+        .data:
+            Entropy: 0.5096713223407059
+            Virtual Size: '0x114'
+        .pdata:
+            Entropy: 3.2519912045851185
+            Virtual Size: '0x6c'
+        INIT:
+            Entropy: 5.046663153942613
+            Virtual Size: '0x242'
+        .rsrc:
+            Entropy: 3.305144322260994
+            Virtual Size: '0x448'
+    Signature:
+    - PAN YAZILIM BILISIM TEKNOLOJILERI TICARET LTD. STI.
+    - GlobalSign CodeSigning CA - G2
+    - GlobalSign
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Timestamping CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2028-01-28 12:00:00'
+            Signature: 4e5e56901e46b4d94931f3bb1739281bc216ddfd41dc0905049b6fb2a29ad6992e40990055b5ea3fa52076d38634d417cc553ac782eeefa8babcd8069f1550dfcd167b523a02d7191afdaff0785ce04bc518df3a241edaacb8a95804020730dbb0125efe31bef00448f4f070f83a5e5683cf3dfb0dbcf4c5ed979db9d4dba52784e3389b8ba735864420a43b6da46a0ba183fd28ebdaef28f6cc885dfb0a3b00abe021ebe22f356c0f8e344597eba2f79933357ecb9a8abb454de73f9fc2d98afa65b26ec77e65ffe892e12c31a2f7b02736488f266f3bee4d761f79c3e57f9635bc2d0ecc01b08e7fff518080a792d4b34446648c874f166307314b63b0dff3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee152d7
+            Version: 3
+            TBS:
+                MD5: e140543fe3256027cfa79fc3c19c1776
+                SHA1: c655f94eb1ecc93de319fc0c9a2dc6c5ec063728
+                SHA256: 3ca71e85908ff67368e4dc00253f5691b9e6d50c966e7784143d75fb92aa3448
+                SHA384: d9d366f9328f2b55ee19a32cc5fd5148b81d764282fe5dc196c872ae249caa51d2c212ef39f33945dfe0cda81925e326
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=SG, O=GMO GlobalSign Pte Ltd, CN=GlobalSign TSA for MS Authenticode
+                , G1
+            ValidFrom: '2013-08-23 00:00:00'
+            ValidTo: '2024-09-23 00:00:00'
+            Signature: 0231142e5857644185e8af12753c881cc35eec2ce9a13cf5baaa531db9d12963dc436786d439dadec6c9ffbe4585f4a4d7c151ea18ee40585ee67bcca241291338c8ea21169cce90a62efba6cad994df401df902182bbef65d4f9fff9a48dbc50509ca80cea0f9dc4bc323e6038fb4b4af5b71296191181a6b7af2fd0dd1cd7d5e98ebba705ee5f4ea43de353dc514818adb3e105ebb72faa1a093ab031cc1653c91138b045d2bc4b9161bcc55c50ce8abe743c9b28328a5531347ab3964b91cea3430b176009521f1d43da8fda00032d76e983ca69c3b0b83becbb8bb2a268c59b8b9aeaf26ace234a2dc210d810b3813f745a3e3dbc4aca16d1bb7e5615cd7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1121405c1f0ed258882be54d8686ba11ea45
+            Version: 3
+            TBS:
+                MD5: b95cbc184d388718612d5933f7b36770
+                SHA1: ff124c5d160710720108616ffee99bbe090ed363
+                SHA256: 13027620255363f07bbf85ae7d0dc06c07d8b0f4368b12f983ee3f4fce605733
+                SHA384: f42ed00f615f2822dcd3d33794477428afb52ddab932ebcde3586f92a27e18f9faba6b3334ca4e59e0cb24bdbf8395a6
+        -   Subject: C=TR, ST=ISTANBUL, O=PAN YAZILIM BILISIM TEKNOLOJILERI TICARET
+                LTD. STI., CN=PAN YAZILIM BILISIM TEKNOLOJILERI TICARET LTD. STI.
+            ValidFrom: '2014-04-15 15:12:40'
+            ValidTo: '2015-04-15 10:41:35'
+            Signature: 80c106b241d9ce3836aa7f9cace1ff4019c000e7010613722cb52e25e706045117d0fc96252e9dcea3fbc685222c39fca608d772e3f15cb43d550686265d301bbdc1e45ce75db149dff45be1adb71ee24385407afac778ede4e047359e64e06d29b5bdab18517dd5751cd255bd05600be47f4774be0c97666d5afe6aa64ee53ee9083e0587fd5a2b3767733fd5c1eb58364c4e8823db789da3d0157eb468805f3a0032103e65265ee45cd7181abfb3583d8d3b20d4f6f0a010c0bf01a2d82df1c3a22220e712d83b067aec59990117b623cda1a344a7584fb74145df822b2a709b3ca47a45fd4822d3bcd1691b18ddbb64b7daa42dd63664d796fbf2fc7474ba
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1121506480253469e07e54ee8612041fbb92
+            Version: 3
+            TBS:
+                MD5: f56d9ee0c69c7569e5c15b486bca6e2e
+                SHA1: 819ca6276ed76625e86bb6def0d45f61d37c8975
+                SHA256: b3b13c549110379d1141116de140cad748fb8345208cd31eb2443850a529b53b
+                SHA384: 2f15812fb4c9bba4d8ae7916fa4ffc9ad0a69724d77dc564c89b1e5df3e98b8797b63fcafe68eef9acf1d8817e9988cf
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 1121506480253469e07e54ee8612041fbb92
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: d6f977640d4810a784d152e4d3c63a6b
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/942f58d2-1300-4957-98a0-5f8d601bf55b.yaml b/yaml/942f58d2-1300-4957-98a0-5f8d601bf55b.yaml
index c9102f851..724ff58b0 100644
--- a/yaml/942f58d2-1300-4957-98a0-5f8d601bf55b.yaml
+++ b/yaml/942f58d2-1300-4957-98a0-5f8d601bf55b.yaml
@@ -1,218 +1,221 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 942f58d2-1300-4957-98a0-5f8d601bf55b
+Tags:
+- sepdrv3_1.sys
+Verified: 'TRUE'
 Author: Takahiro Haruyama
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create sepdrv3_1sys binPath= C:\windows\temp\sepdrv3_1sys.sys type=kernel
-    && sc.exe start sepdrv3_1sys
-  Description: The Carbon Black Threat Analysis Unit (TAU) discovered 34 unique vulnerable
-    drivers (237 file hashes) accepting firmware access. Six allow kernel memory access.
-    All give full control of the devices to non-admin users. By exploiting the vulnerable
-    drivers, an attacker without the system privilege may erase/alter firmware, and/or
-    elevate privileges. As of the time of writing in October 2023, the filenames of
-    the vulnerable drivers have not been made public until now.
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-11-02'
-Detection: []
-Id: 942f58d2-1300-4957-98a0-5f8d601bf55b
-KnownVulnerableSamples:
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: ''
-  MD5: 29b1ddc69e89b160cc3722e5e0738fd8
-  MachineType: AMD64
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: c60cf6dea446e4a52c6b1cfc2a76e9aadd954dab
-  SHA256: b2bc7514201727d773c09a1cfcfae793fcdbad98024251ccb510df0c269b04e6
-  Signature: ''
-  Imphash: ee9cc2f584c2f06fbff67d484adcf426
-  Authentihash:
-    MD5: bf5f82976c0c5c48cb5631bf6eda8e6c
-    SHA1: 9d28ee1a0348c8fd0f90580fcd81a6338e372eac
-    SHA256: abb507455dd1e23e91753f17d6d7a8a5d6572e288f25eb75e4cbdd2e60adae88
-  RichPEHeaderHash:
-    MD5: 239140411c59e5ec01ebed2b1897723f
-    SHA1: 1ae9ec22ef54915ddf3f28aa92adcbf0ffcfb6e6
-    SHA256: dff73a2897cfc734bf171b53ff21ee3e77ce0d3325eee1d533b16e049c1a9cbd
-  Sections:
-    .text:
-      Entropy: 6.418461981346894
-      Virtual Size: '0x948a'
-    .rdata:
-      Entropy: 4.833437418278425
-      Virtual Size: '0x59c'
-    .data:
-      Entropy: 1.320369447065211
-      Virtual Size: '0xa38'
-    .pdata:
-      Entropy: 4.319157064398192
-      Virtual Size: '0x4d4'
-    INIT:
-      Entropy: 5.134714201387117
-      Virtual Size: '0x704'
-    .reloc:
-      Entropy: 3.1323478019588586
-      Virtual Size: '0x11c'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2010-12-09 20:32:49'
-  InternalName: ''
-  Copyright: ''
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - KeRemoveQueueDpc
-  - RtlAnsiStringToUnicodeString
-  - KeGetCurrentProcessorNumberEx
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeInitializeEvent
-  - RtlInitString
-  - KeFlushQueuedDpcs
-  - KeQueryActiveProcessorCountEx
-  - RtlAppendUnicodeStringToString
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - PsGetCurrentThreadId
-  - PsGetCurrentProcessId
-  - RtlCopyUnicodeString
-  - IoCreateDevice
-  - DbgPrint
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - ZwQueryInformationProcess
-  - ExAllocatePoolWithTag
-  - KeClearEvent
-  - KeSetImportanceDpc
-  - KeSetTargetProcessorDpcEx
-  - KeGetProcessorNumberFromIndex
-  - KeSetEvent
-  - KeInitializeDpc
-  - KeInsertQueueDpc
-  - KeWaitForSingleObject
-  - KeResetEvent
-  - KeSetPriorityThread
-  - ZwCreateFile
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - _vsnprintf
-  - ZwClose
-  - ZwWriteFile
-  - VerSetConditionMask
-  - RtlVerifyVersionInfo
-  - HalDispatchTable
-  - KeInitializeTimer
-  - KeSetTimerEx
-  - KeCancelTimer
-  - MmGetPhysicalAddress
-  - PsSetLoadImageNotifyRoutine
-  - PsSetCreateProcessNotifyRoutine
-  - PsRemoveLoadImageNotifyRoutine
-  - KeBugCheckEx
-  - ExFreePoolWithTag
-  - IoDeleteSymbolicLink
-  - __C_specific_handler
-  - KeQueryPerformanceCounter
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Intel Corporation, CN=Intel External Basic Policy CA
-      ValidFrom: '2006-02-16 18:01:30'
-      ValidTo: '2016-02-19 18:01:30'
-      Signature: 131038ada454a5489545b02d3772c09f9ed8ef8f0bfb9096d2b6177951cab3df067ebdb4e9083f84a00c939fb31ca86c8acf2deef99012f0f83a26d773810e9fc4319259d4282541f555f1ca3d993dda64c8d21864223209092d1de331fafdd347d764a8f95dea8227e24fd2612124611d54263e145964b098d5f3a7c3aead50
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 05b0ff
-      Version: 3
-      TBS:
-        MD5: f532f9999c3f7a078f0f973c726a2a04
-        SHA1: f56832bc9412c372f9a8744591258f8bb11af2d8
-        SHA256: 4c75ce4be51027c4e1f7422775c3ae79d5195ffc0ff7f379123a603ccb702c60
-        SHA384: 084772ceb63ae50ebd8125ba9eba0c9b38d0e94a806f58513f71f1d5489f52489b0dfbb8c67603a425a603451b3b1719
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=Equifax, OU=Equifax Secure Certificate Authority
-      ValidFrom: '2006-05-23 17:01:15'
-      ValidTo: '2016-05-23 17:11:15'
-      Signature: 87a40f6b55916248ff54811ccf5db6c5a514aa671df485f6860d38b31c8d22ce7c867946fb71e16114d0ed4e46a48bca64654094f92ad7870ca9b7bedcc40bbd09c106eb9530841b9d8de7bc70c6f86539c4e5c4e65c8fcda130baef065e555290edd8587f15142ecc21a593dab8508d805e6e22a70fde8093add71d24b02aa2f4f20b98750131cc69bc359b3d13662f21bde54ec3639cc8518d59f5b600937ef10c35b0f4180dbfa7bdb2aae16b9f3ce6bb41b5d904e7c8a63abf8a5bdcaa9a3cd2c8dfcb1774163d78470b4c108e406616a0f300ede034998af0f9460ff27fbf202c972616d59e81da94a6dc61c8f18e092d4e32d03df682267d91d7a6c67bc1311d210ed4a342c1b4dfc0446b4f2aeebb29d62787b0a450ae1a9ab5f996f4ccabe52b3df166e2d5e1c3f0c687b659536638026e6194df1563aa415052f9bb64dc95e05b6c2aacfed6e603c21ff65557fe7e813fcb5a0bc1029cac84e47cd3f4c25a17c312706009ec82e5eccdd0b2106d69868c8da60e0416c57164ebd95bb8b08cfc32427e60846f655b7244272b846181f461d50fd51dbc05a27a5f937f26d1c8b3afa0190723e43e225d32d14a0fcee7b72a5c7b6e1c57126864e8337e8c501340a487b0d3a69b1eacbd3d7812bc52af09e0bab0508e5c81f98383af1482f50a6d035721bb9ac32e66fb04215b0a120fc1c907d63cecabf9a52f90883a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610bdc8f00000000001a
-      Version: 3
-      TBS:
-        MD5: 6e11ed171e9a07e607b8ca65bf0e8858
-        SHA1: 6d329a72420f76868584957854cdc45172e9f902
-        SHA256: 75efb8656a18ba5dacc596757bfb0fa11f0d3d81fd5f8cf9bb8975ced87e7b1b
-        SHA384: c41060ed797c77588692c0b3e36e19cca2d48c354863437f3df76009e25c916e8d2c7e17b297fbc59da085e98d070093
-    - Subject: O=Intel Corporation, CN=Intel(R) Software Products
-      ValidFrom: '2009-02-17 16:45:58'
-      ValidTo: '2012-02-17 16:45:58'
-      Signature: 953c5743cfa5e9f3843434b86050f0027fe0dfda57a913d32351fccc86a39c97ee49e7a4494fe635b0f2758dc2f6fb3f56896ba9357fc95bbec618e04b63be2d63a83ccabe41cab741325227b2400a63630e7fb0cb2104d84fea910cca3d71d2911524ea911057c5e6a6569d4111fc48beebb1dc56be4ba16eb4f0e9fdb27ae047d5dec92826e641733631c7f27877e5b1c67e341ab8e5489f61f6c69aa2d9a60f51568581d5fe0aece485eba1de6e0659eac6ebaab8f2333d1532e3ba3ed148631d26afb5ad1bf6ec0b19c6488ae3bdd89a80a87f759d1940f844676943dc77c9e08c75fd3d856f3946cd7877d5258896347731f5accc6093d5b3ac1c6df484
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 1123134f000000003467
-      Version: 3
-      TBS:
-        MD5: 9812d51dd7191df33ae0d79e41cf1029
-        SHA1: fb7d38a917d7e96f2b1644b3f6190bb81c4ff95d
-        SHA256: 9ed95f0593fe84359bb039001cc711363351d94b77f91478549394e047d34041
-        SHA384: 96e69170aa75f30bee0fea80b6119faec6880219ce1e5bbf5194cab5d373225542681651840b07ba057056f3112a8666
-    - Subject: C=US, O=Intel Corporation, CN=Intel External Basic Issuing CA 3B
-      ValidFrom: '2006-03-22 22:22:47'
-      ValidTo: '2012-03-22 22:32:47'
-      Signature: 408965872fa4f6d505c5643c9a508c9ed2387b7f8d065ea8bbe51a3925ba513ad95906ac91abaa0f3001ba220c5de4177d4ccb4d90ebe0ba49c59cad72d7b51d3212ce97e16e22713e1405a4f34dda456dbb3ac5fea2dd0a98f8a82a76772f52b9a9c412deda7aa2bec0699cddd30d2a162b66e147cff679d35d0b58f57339409d3b20a143137b653a56a62a18db88957714a8a00957ac3d94b1f61d86ed57b88ab11fcfdd79564b36e802471996a010737133d7b19207a6e0436c1beb74bd8aa7f71ed8b2a27a7e66ce4b2af38f36f70987847f213948bf9fdd5c7db8cb100f26fc2d508305742dc4b1079c51013eb452485f643e6ca36afc7852a15d3c4c82
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 612ca5fe000000000006
-      Version: 3
-      TBS:
-        MD5: d57bb4703bfadc967106de63a7eac3ab
-        SHA1: fbf834ee955bff2780dc7208e9bdffd3998864f8
-        SHA256: 616b1fe817378e8d8939abd5a998ecd3bee921ffb7189081357d2f2c688c76c3
-        SHA384: 6ab99b201bd5eaaa6c90aa7bd06e9f6de107bd494ef973bfd01ce31fd4abea81c347640ebdd206acad483bd9c5fe5562
-    Signer:
-    - SerialNumber: 1123134f000000003467
-      Issuer: C=US, O=Intel Corporation, CN=Intel External Basic Issuing CA 3B
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create sepdrv3_1sys binPath= C:\windows\temp\sepdrv3_1sys.sys
+        type=kernel && sc.exe start sepdrv3_1sys
+    Description: The Carbon Black Threat Analysis Unit (TAU) discovered 34 unique
+        vulnerable drivers (237 file hashes) accepting firmware access. Six allow
+        kernel memory access. All give full control of the devices to non-admin users.
+        By exploiting the vulnerable drivers, an attacker without the system privilege
+        may erase/alter firmware, and/or elevate privileges. As of the time of writing
+        in October 2023, the filenames of the vulnerable drivers have not been made
+        public until now.
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://blogs.vmware.com/security/2023/10/hunting-vulnerable-kernel-drivers.html
-Tags:
-- sepdrv3_1.sys
-Verified: 'TRUE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: ''
+    MD5: 29b1ddc69e89b160cc3722e5e0738fd8
+    MachineType: AMD64
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: c60cf6dea446e4a52c6b1cfc2a76e9aadd954dab
+    SHA256: b2bc7514201727d773c09a1cfcfae793fcdbad98024251ccb510df0c269b04e6
+    Signature: ''
+    Imphash: ee9cc2f584c2f06fbff67d484adcf426
+    Authentihash:
+        MD5: bf5f82976c0c5c48cb5631bf6eda8e6c
+        SHA1: 9d28ee1a0348c8fd0f90580fcd81a6338e372eac
+        SHA256: abb507455dd1e23e91753f17d6d7a8a5d6572e288f25eb75e4cbdd2e60adae88
+    RichPEHeaderHash:
+        MD5: 239140411c59e5ec01ebed2b1897723f
+        SHA1: 1ae9ec22ef54915ddf3f28aa92adcbf0ffcfb6e6
+        SHA256: dff73a2897cfc734bf171b53ff21ee3e77ce0d3325eee1d533b16e049c1a9cbd
+    Sections:
+        .text:
+            Entropy: 6.418461981346894
+            Virtual Size: '0x948a'
+        .rdata:
+            Entropy: 4.833437418278425
+            Virtual Size: '0x59c'
+        .data:
+            Entropy: 1.320369447065211
+            Virtual Size: '0xa38'
+        .pdata:
+            Entropy: 4.319157064398192
+            Virtual Size: '0x4d4'
+        INIT:
+            Entropy: 5.134714201387117
+            Virtual Size: '0x704'
+        .reloc:
+            Entropy: 3.1323478019588586
+            Virtual Size: '0x11c'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2010-12-09 20:32:49'
+    InternalName: ''
+    Copyright: ''
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - KeRemoveQueueDpc
+    - RtlAnsiStringToUnicodeString
+    - KeGetCurrentProcessorNumberEx
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeInitializeEvent
+    - RtlInitString
+    - KeFlushQueuedDpcs
+    - KeQueryActiveProcessorCountEx
+    - RtlAppendUnicodeStringToString
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - PsGetCurrentThreadId
+    - PsGetCurrentProcessId
+    - RtlCopyUnicodeString
+    - IoCreateDevice
+    - DbgPrint
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - ZwQueryInformationProcess
+    - ExAllocatePoolWithTag
+    - KeClearEvent
+    - KeSetImportanceDpc
+    - KeSetTargetProcessorDpcEx
+    - KeGetProcessorNumberFromIndex
+    - KeSetEvent
+    - KeInitializeDpc
+    - KeInsertQueueDpc
+    - KeWaitForSingleObject
+    - KeResetEvent
+    - KeSetPriorityThread
+    - ZwCreateFile
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - _vsnprintf
+    - ZwClose
+    - ZwWriteFile
+    - VerSetConditionMask
+    - RtlVerifyVersionInfo
+    - HalDispatchTable
+    - KeInitializeTimer
+    - KeSetTimerEx
+    - KeCancelTimer
+    - MmGetPhysicalAddress
+    - PsSetLoadImageNotifyRoutine
+    - PsSetCreateProcessNotifyRoutine
+    - PsRemoveLoadImageNotifyRoutine
+    - KeBugCheckEx
+    - ExFreePoolWithTag
+    - IoDeleteSymbolicLink
+    - __C_specific_handler
+    - KeQueryPerformanceCounter
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Intel Corporation, CN=Intel External Basic Policy CA
+            ValidFrom: '2006-02-16 18:01:30'
+            ValidTo: '2016-02-19 18:01:30'
+            Signature: 131038ada454a5489545b02d3772c09f9ed8ef8f0bfb9096d2b6177951cab3df067ebdb4e9083f84a00c939fb31ca86c8acf2deef99012f0f83a26d773810e9fc4319259d4282541f555f1ca3d993dda64c8d21864223209092d1de331fafdd347d764a8f95dea8227e24fd2612124611d54263e145964b098d5f3a7c3aead50
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 05b0ff
+            Version: 3
+            TBS:
+                MD5: f532f9999c3f7a078f0f973c726a2a04
+                SHA1: f56832bc9412c372f9a8744591258f8bb11af2d8
+                SHA256: 4c75ce4be51027c4e1f7422775c3ae79d5195ffc0ff7f379123a603ccb702c60
+                SHA384: 084772ceb63ae50ebd8125ba9eba0c9b38d0e94a806f58513f71f1d5489f52489b0dfbb8c67603a425a603451b3b1719
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=Equifax, OU=Equifax Secure Certificate Authority
+            ValidFrom: '2006-05-23 17:01:15'
+            ValidTo: '2016-05-23 17:11:15'
+            Signature: 87a40f6b55916248ff54811ccf5db6c5a514aa671df485f6860d38b31c8d22ce7c867946fb71e16114d0ed4e46a48bca64654094f92ad7870ca9b7bedcc40bbd09c106eb9530841b9d8de7bc70c6f86539c4e5c4e65c8fcda130baef065e555290edd8587f15142ecc21a593dab8508d805e6e22a70fde8093add71d24b02aa2f4f20b98750131cc69bc359b3d13662f21bde54ec3639cc8518d59f5b600937ef10c35b0f4180dbfa7bdb2aae16b9f3ce6bb41b5d904e7c8a63abf8a5bdcaa9a3cd2c8dfcb1774163d78470b4c108e406616a0f300ede034998af0f9460ff27fbf202c972616d59e81da94a6dc61c8f18e092d4e32d03df682267d91d7a6c67bc1311d210ed4a342c1b4dfc0446b4f2aeebb29d62787b0a450ae1a9ab5f996f4ccabe52b3df166e2d5e1c3f0c687b659536638026e6194df1563aa415052f9bb64dc95e05b6c2aacfed6e603c21ff65557fe7e813fcb5a0bc1029cac84e47cd3f4c25a17c312706009ec82e5eccdd0b2106d69868c8da60e0416c57164ebd95bb8b08cfc32427e60846f655b7244272b846181f461d50fd51dbc05a27a5f937f26d1c8b3afa0190723e43e225d32d14a0fcee7b72a5c7b6e1c57126864e8337e8c501340a487b0d3a69b1eacbd3d7812bc52af09e0bab0508e5c81f98383af1482f50a6d035721bb9ac32e66fb04215b0a120fc1c907d63cecabf9a52f90883a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610bdc8f00000000001a
+            Version: 3
+            TBS:
+                MD5: 6e11ed171e9a07e607b8ca65bf0e8858
+                SHA1: 6d329a72420f76868584957854cdc45172e9f902
+                SHA256: 75efb8656a18ba5dacc596757bfb0fa11f0d3d81fd5f8cf9bb8975ced87e7b1b
+                SHA384: c41060ed797c77588692c0b3e36e19cca2d48c354863437f3df76009e25c916e8d2c7e17b297fbc59da085e98d070093
+        -   Subject: O=Intel Corporation, CN=Intel(R) Software Products
+            ValidFrom: '2009-02-17 16:45:58'
+            ValidTo: '2012-02-17 16:45:58'
+            Signature: 953c5743cfa5e9f3843434b86050f0027fe0dfda57a913d32351fccc86a39c97ee49e7a4494fe635b0f2758dc2f6fb3f56896ba9357fc95bbec618e04b63be2d63a83ccabe41cab741325227b2400a63630e7fb0cb2104d84fea910cca3d71d2911524ea911057c5e6a6569d4111fc48beebb1dc56be4ba16eb4f0e9fdb27ae047d5dec92826e641733631c7f27877e5b1c67e341ab8e5489f61f6c69aa2d9a60f51568581d5fe0aece485eba1de6e0659eac6ebaab8f2333d1532e3ba3ed148631d26afb5ad1bf6ec0b19c6488ae3bdd89a80a87f759d1940f844676943dc77c9e08c75fd3d856f3946cd7877d5258896347731f5accc6093d5b3ac1c6df484
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 1123134f000000003467
+            Version: 3
+            TBS:
+                MD5: 9812d51dd7191df33ae0d79e41cf1029
+                SHA1: fb7d38a917d7e96f2b1644b3f6190bb81c4ff95d
+                SHA256: 9ed95f0593fe84359bb039001cc711363351d94b77f91478549394e047d34041
+                SHA384: 96e69170aa75f30bee0fea80b6119faec6880219ce1e5bbf5194cab5d373225542681651840b07ba057056f3112a8666
+        -   Subject: C=US, O=Intel Corporation, CN=Intel External Basic Issuing CA
+                3B
+            ValidFrom: '2006-03-22 22:22:47'
+            ValidTo: '2012-03-22 22:32:47'
+            Signature: 408965872fa4f6d505c5643c9a508c9ed2387b7f8d065ea8bbe51a3925ba513ad95906ac91abaa0f3001ba220c5de4177d4ccb4d90ebe0ba49c59cad72d7b51d3212ce97e16e22713e1405a4f34dda456dbb3ac5fea2dd0a98f8a82a76772f52b9a9c412deda7aa2bec0699cddd30d2a162b66e147cff679d35d0b58f57339409d3b20a143137b653a56a62a18db88957714a8a00957ac3d94b1f61d86ed57b88ab11fcfdd79564b36e802471996a010737133d7b19207a6e0436c1beb74bd8aa7f71ed8b2a27a7e66ce4b2af38f36f70987847f213948bf9fdd5c7db8cb100f26fc2d508305742dc4b1079c51013eb452485f643e6ca36afc7852a15d3c4c82
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 612ca5fe000000000006
+            Version: 3
+            TBS:
+                MD5: d57bb4703bfadc967106de63a7eac3ab
+                SHA1: fbf834ee955bff2780dc7208e9bdffd3998864f8
+                SHA256: 616b1fe817378e8d8939abd5a998ecd3bee921ffb7189081357d2f2c688c76c3
+                SHA384: 6ab99b201bd5eaaa6c90aa7bd06e9f6de107bd494ef973bfd01ce31fd4abea81c347640ebdd206acad483bd9c5fe5562
+        Signer:
+        -   SerialNumber: 1123134f000000003467
+            Issuer: C=US, O=Intel Corporation, CN=Intel External Basic Issuing CA
+                3B
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/9454a752-233e-4ba2-b585-8da242bf8f31.yaml b/yaml/9454a752-233e-4ba2-b585-8da242bf8f31.yaml
index c4f7732d5..b39ca6c40 100644
--- a/yaml/9454a752-233e-4ba2-b585-8da242bf8f31.yaml
+++ b/yaml/9454a752-233e-4ba2-b585-8da242bf8f31.yaml
@@ -1,2808 +1,2808 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 9454a752-233e-4ba2-b585-8da242bf8f31
+Tags:
+- Netfilter.sys
+Verified: 'TRUE'
 Author: Michael Haag
+Created: '2023-07-22'
+MitreID: T1068
 CVE:
 - ''
 Category: vulnerable drivers
 Commands:
-  Command: ''
-  Description: Confirmed vulnerable driver from Microsoft Block List
-  OperatingSystem: Windows
-  Privileges: kernel
-  Usecase: Elevate privileges
-Created: '2023-07-22'
-Detection:
-- type: ''
-  value: ''
-Id: 9454a752-233e-4ba2-b585-8da242bf8f31
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: d28a2c907981a32d7855fbf5e8e61c48
-    SHA1: 05ac1c64ca16ab0517fe85d4499d08199e63df26
-    SHA256: b430d3a0bdb837a5d6625d3b1cef07abd1953f969869ff6cf7ba398ae605431a
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2021-05-09 05:38:33'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - FwpsAcquireClassifyHandle0
-  - FwpsReleaseClassifyHandle0
-  - FwpmFilterDeleteById0
-  - FwpsAcquireWritableLayerDataPointer0
-  - FwpsApplyModifiedLayerData0
-  - FwpmFilterAdd0
-  - FwpmCalloutAdd0
-  - FwpmSubLayerDeleteByKey0
-  - FwpmSubLayerAdd0
-  - FwpmTransactionAbort0
-  - FwpmTransactionCommit0
-  - FwpmTransactionBegin0
-  - FwpmEngineClose0
-  - FwpmEngineOpen0
-  - FwpsCalloutUnregisterById0
-  - FwpsCompleteClassify0
-  - FwpsCalloutRegister1
-  - IofCallDriver
-  - IoCreateFile
-  - IoFreeIrp
-  - IoGetRelatedDeviceObject
-  - ObReferenceObjectByHandle
-  - ObfDereferenceObject
-  - ZwQueryInformationFile
-  - ZwSetInformationFile
-  - ZwReadFile
-  - ZwWriteFile
-  - ZwClose
-  - IoFileObjectType
-  - KeEnterCriticalRegion
-  - KeLeaveCriticalRegion
-  - PsTerminateSystemThread
-  - KeSetBasePriorityThread
-  - sprintf
-  - CmUnRegisterCallback
-  - CmRegisterCallbackEx
-  - CmCallbackGetKeyObjectID
-  - MmIsAddressValid
-  - strlen
-  - strncmp
-  - strncpy
-  - wcscat
-  - wcslen
-  - wcsncmp
-  - RtlInitAnsiString
-  - strcat
-  - strcmp
-  - strncat
-  - ExAllocatePoolWithTag
-  - ExAcquireSpinLockExclusive
-  - ExReleaseSpinLockExclusive
-  - wcscpy
-  - RtlAnsiStringToUnicodeString
-  - RtlFreeUnicodeString
-  - RtlCreateSecurityDescriptor
-  - RtlSetDaclSecurityDescriptor
-  - KeResetEvent
-  - KeInitializeTimerEx
-  - KeSetTimerEx
-  - PsCreateSystemThread
-  - ZwCreateKey
-  - ZwOpenKey
-  - ZwFlushKey
-  - ZwQueryValueKey
-  - ZwSetValueKey
-  - NtQueryInformationToken
-  - RtlLengthSid
-  - RtlConvertSidToUnicodeString
-  - RtlCreateAcl
-  - RtlAddAccessAllowedAce
-  - RtlSetOwnerSecurityDescriptor
-  - PsLookupProcessByProcessId
-  - ObOpenObjectByPointer
-  - ZwOpenProcessTokenEx
-  - ZwSetSecurityObject
-  - PsGetProcessImageFileName
-  - _allmul
-  - PsProcessType
-  - SeExports
-  - strchr
-  - strncpy_s
-  - MmProbeAndLockPages
-  - MmUnlockPages
-  - IoAllocateMdl
-  - IoFreeMdl
-  - IoReuseIrp
-  - IoAllocateIrp
-  - RtlUnwind
-  - KeWaitForSingleObject
-  - KeSetEvent
-  - KeInitializeEvent
-  - KeGetCurrentThread
-  - IoDeleteSymbolicLink
-  - KeBugCheckEx
-  - ExFreePoolWithTag
-  - RtlInitUnicodeString
-  - RtlCopyUnicodeString
-  - strcpy
-  - memset
-  - memcpy
-  - strstr
-  - WskDeregister
-  - WskReleaseProviderNPI
-  - WskCaptureProviderNPI
-  - WskRegister
-  - KeGetCurrentIrql
-  - WdfVersionBind
-  - WdfVersionBindClass
-  - WdfVersionUnbindClass
-  - WdfVersionUnbind
-  Imports:
-  - fwpkclnt.sys
-  - ntoskrnl.exe
-  - NETIO.SYS
-  - HAL.dll
-  - WDFLDR.SYS
-  InternalName: ''
-  MD5: 1e9f5515bff6f29d06694be4cd95a21c
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: f0b684c190bdbac4aa311a7355122963
-    SHA1: b7866474ab0a322b84086fccf1948d5a8b7f03a0
-    SHA256: 33c5dfb8ba99a1d23f6a99cb34c04977b2455fa6c59e79dbad4d910516357bae
-  SHA1: 919b22b086fb2718648e61274e7ae9535efa9a99
-  SHA256: 22da5a055b7b17c69def9f5af54e257c751507e7b6b9a835fcf6245ab90ae750
-  Sections:
-    .text:
-      Entropy: 6.340576773907242
-      Virtual Size: '0x5de8'
-    .rdata:
-      Entropy: 4.626365451667356
-      Virtual Size: '0x5fc'
-    .data:
-      Entropy: 0.6890836305716007
-      Virtual Size: '0x9428'
-    INIT:
-      Entropy: 5.674405086792681
-      Virtual Size: '0xb48'
-    .reloc:
-      Entropy: 6.678125183974352
-      Virtual Size: '0x694'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Hardware Compatibility Publisher
-      ValidFrom: '2020-12-15 22:15:33'
-      ValidTo: '2021-12-02 22:15:33'
-      Signature: 0d2d53cd15a8feddcb17e2df1bf7dc1aef21e98c6cd220f58b593824849c134a0f1add59ce42ef80ddf47860273013604d9568ec5894a797bd4e571432a9aaf10ab04dd1c038b26ab7c5ca3a9c88d009267fab56254525546a0a055fb37b9cd8029c7d501809fc8b11482c7a4347b3ad29f35427c9570e87117db52cc94864259274b9e2e758f918a3af1fdb9f9d40ffa3ae2e2ae012fb97a436258642a2a4223dc6690db88103a6e5220646bd8afb3d12eb894ac28b527396a1965408487f6ab878b3c474b8c960842861ae8e799a3d2a8d6f918f50f8e26bb1ed6ced47be36e447574e8568582964ff31cd288b9c7f8d7e6a46d6c3d92f5c101fe1522a720c
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 33000000b5213fca1e4aa03de40000000000b5
-      Version: 3
-      TBS:
-        MD5: a0dd89c33c4973bf6758331e200fb6de
-        SHA1: 65ff7fa429c0f08f8a8bf30509e8ca2919d9edb5
-        SHA256: 29a7b646af062aee3bf37d1ba190211365116db7d7aa4cb87ba268843262ae47
-        SHA384: a7ac729302762483ea304ff2660a2ce2f5fa67cbbfc3f6df32a8feafa3852812c9bb8f7050140079aad1dec8119ee88e
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2012
-      ValidFrom: '2012-04-18 23:48:38'
-      ValidTo: '2027-04-18 23:58:38'
-      Signature: 5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 610baac1000000000009
-      Version: 3
-      TBS:
-        MD5: a569061297e8e824767dbc3184a69bea
-        SHA1: adbb26a587a8f44b4fccaecb306f980d1c55a150
-        SHA256: cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46
-        SHA384: e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba
-    Signer:
-    - SerialNumber: 33000000b5213fca1e4aa03de40000000000b5
-      Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2012
-      Version: 1
-  Imphash: b5403fb8687d7afd40fd8cf3b4dfe29b
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 5064073c3f84f1569377081c4ad33867
-    SHA1: aca8e53483b40a06dfdee81bb364b1622f9156fe
-    SHA256: 3d31118a2e92377ecb632bd722132c04af4e65e24ff87743796c75eb07cfcd71
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2021-05-15 06:44:55'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - FwpsAcquireClassifyHandle0
-  - FwpsReleaseClassifyHandle0
-  - FwpmFilterDeleteById0
-  - FwpsAcquireWritableLayerDataPointer0
-  - FwpsApplyModifiedLayerData0
-  - FwpmFilterAdd0
-  - FwpmCalloutAdd0
-  - FwpmSubLayerDeleteByKey0
-  - FwpmSubLayerAdd0
-  - FwpmTransactionAbort0
-  - FwpmTransactionCommit0
-  - FwpmTransactionBegin0
-  - FwpmEngineClose0
-  - FwpmEngineOpen0
-  - FwpsCalloutUnregisterById0
-  - FwpsCompleteClassify0
-  - FwpsCalloutRegister1
-  - IofCallDriver
-  - IoCreateFile
-  - IoFreeIrp
-  - IoGetRelatedDeviceObject
-  - ObReferenceObjectByHandle
-  - ObfDereferenceObject
-  - ZwQueryInformationFile
-  - ZwSetInformationFile
-  - ZwReadFile
-  - ZwWriteFile
-  - ZwClose
-  - IoFileObjectType
-  - KeEnterCriticalRegion
-  - KeLeaveCriticalRegion
-  - PsTerminateSystemThread
-  - KeSetBasePriorityThread
-  - sprintf
-  - CmUnRegisterCallback
-  - CmRegisterCallbackEx
-  - CmCallbackGetKeyObjectID
-  - MmIsAddressValid
-  - strlen
-  - strncmp
-  - strncpy
-  - wcscat
-  - wcslen
-  - wcsncmp
-  - RtlInitAnsiString
-  - strcat
-  - strcmp
-  - strncat
-  - ExAllocatePoolWithTag
-  - ExAcquireSpinLockExclusive
-  - ExReleaseSpinLockExclusive
-  - wcscpy
-  - RtlAnsiStringToUnicodeString
-  - RtlFreeUnicodeString
-  - RtlCreateSecurityDescriptor
-  - RtlSetDaclSecurityDescriptor
-  - KeResetEvent
-  - KeInitializeTimerEx
-  - KeSetTimerEx
-  - PsCreateSystemThread
-  - ZwCreateKey
-  - ZwOpenKey
-  - ZwFlushKey
-  - ZwQueryValueKey
-  - ZwSetValueKey
-  - NtQueryInformationToken
-  - RtlLengthSid
-  - RtlConvertSidToUnicodeString
-  - RtlCreateAcl
-  - RtlAddAccessAllowedAce
-  - RtlSetOwnerSecurityDescriptor
-  - PsLookupProcessByProcessId
-  - ObOpenObjectByPointer
-  - ZwOpenProcessTokenEx
-  - ZwSetSecurityObject
-  - PsGetProcessImageFileName
-  - _allmul
-  - PsProcessType
-  - SeExports
-  - strchr
-  - strncpy_s
-  - MmProbeAndLockPages
-  - MmUnlockPages
-  - IoAllocateMdl
-  - IoFreeMdl
-  - IoReuseIrp
-  - IoAllocateIrp
-  - RtlUnwind
-  - KeWaitForSingleObject
-  - KeSetEvent
-  - KeInitializeEvent
-  - KeGetCurrentThread
-  - IoDeleteSymbolicLink
-  - KeBugCheckEx
-  - ExFreePoolWithTag
-  - RtlInitUnicodeString
-  - RtlCopyUnicodeString
-  - strcpy
-  - memset
-  - memcpy
-  - strstr
-  - WskDeregister
-  - WskReleaseProviderNPI
-  - WskCaptureProviderNPI
-  - WskRegister
-  - KeGetCurrentIrql
-  - WdfVersionBind
-  - WdfVersionBindClass
-  - WdfVersionUnbindClass
-  - WdfVersionUnbind
-  Imports:
-  - fwpkclnt.sys
-  - ntoskrnl.exe
-  - NETIO.SYS
-  - HAL.dll
-  - WDFLDR.SYS
-  InternalName: ''
-  MD5: 4fbf95520d372ed081a16e1ccfb3c154
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: f0b684c190bdbac4aa311a7355122963
-    SHA1: b7866474ab0a322b84086fccf1948d5a8b7f03a0
-    SHA256: 33c5dfb8ba99a1d23f6a99cb34c04977b2455fa6c59e79dbad4d910516357bae
-  SHA1: 45f68dd09d129264abed173fcdd5c56e1147a977
-  SHA256: 23115b5b1d5511d59cdad75f863d65893304dc098848dcb149b69492f51b31f6
-  Sections:
-    .text:
-      Entropy: 6.340579412340497
-      Virtual Size: '0x5de8'
-    .rdata:
-      Entropy: 4.565535020821956
-      Virtual Size: '0x5f4'
-    .data:
-      Entropy: 0.6890836305716007
-      Virtual Size: '0x9428'
-    INIT:
-      Entropy: 5.674405086792681
-      Virtual Size: '0xb48'
-    .reloc:
-      Entropy: 6.678416291453968
-      Virtual Size: '0x694'
-  Signature: ''
-  Signatures: {}
-  Imphash: b5403fb8687d7afd40fd8cf3b4dfe29b
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 13e6bd0963191685d86aa909a5769b3f
-    SHA1: 3c20bb896fd16b5c698185fb176e820a448997b3
-    SHA256: cc383ad11e9d06047a1558ed343f389492da3ac2b84b71462aee502a2fa616c8
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2021-05-14 20:22:09'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - RtlInitUnicodeString
-  - IoDeleteSymbolicLink
-  - RtlCopyUnicodeString
-  - WdfVersionUnbindClass
-  - WdfVersionBindClass
-  - WdfVersionBind
-  - WdfVersionUnbind
-  Imports:
-  - ntoskrnl.exe
-  - WDFLDR.SYS
-  InternalName: ''
-  MD5: 46e5dfe28aeccc39ea893975d54e3d3b
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 6f68a8d35e578addef21fc78e0db33a2
-    SHA1: a033bd7a041b2df1f345fca32d98a86c0e4a56b6
-    SHA256: aaf6113599fa8837e1427737348e2c76b05a63fe85b5fbc5de8661d5e1f03cbe
-  SHA1: 0df5e8599b332a7927bd0a9d87ad9d6b5ad332fe
-  SHA256: f3efcf47681d9f96afcbc843a241c21a643b173c48270446f6fe634991a57847
-  Sections:
-    .text:
-      Entropy: 5.817981688831222
-      Virtual Size: '0x9ac'
-    .rdata:
-      Entropy: 3.8039387703024032
-      Virtual Size: '0x544'
-    .data:
-      Entropy: 0.6106954451479871
-      Virtual Size: '0xf58'
-    .pdata:
-      Entropy: 3.4419769857312277
-      Virtual Size: '0xb4'
-    INIT:
-      Entropy: 4.918280561548722
-      Virtual Size: '0x19e'
-    .reloc:
-      Entropy: 3.0841837197791877
-      Virtual Size: '0x28'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Hardware Compatibility Publisher
-      ValidFrom: '2020-12-15 22:15:33'
-      ValidTo: '2021-12-02 22:15:33'
-      Signature: 0d2d53cd15a8feddcb17e2df1bf7dc1aef21e98c6cd220f58b593824849c134a0f1add59ce42ef80ddf47860273013604d9568ec5894a797bd4e571432a9aaf10ab04dd1c038b26ab7c5ca3a9c88d009267fab56254525546a0a055fb37b9cd8029c7d501809fc8b11482c7a4347b3ad29f35427c9570e87117db52cc94864259274b9e2e758f918a3af1fdb9f9d40ffa3ae2e2ae012fb97a436258642a2a4223dc6690db88103a6e5220646bd8afb3d12eb894ac28b527396a1965408487f6ab878b3c474b8c960842861ae8e799a3d2a8d6f918f50f8e26bb1ed6ced47be36e447574e8568582964ff31cd288b9c7f8d7e6a46d6c3d92f5c101fe1522a720c
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 33000000b5213fca1e4aa03de40000000000b5
-      Version: 3
-      TBS:
-        MD5: a0dd89c33c4973bf6758331e200fb6de
-        SHA1: 65ff7fa429c0f08f8a8bf30509e8ca2919d9edb5
-        SHA256: 29a7b646af062aee3bf37d1ba190211365116db7d7aa4cb87ba268843262ae47
-        SHA384: a7ac729302762483ea304ff2660a2ce2f5fa67cbbfc3f6df32a8feafa3852812c9bb8f7050140079aad1dec8119ee88e
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2012
-      ValidFrom: '2012-04-18 23:48:38'
-      ValidTo: '2027-04-18 23:58:38'
-      Signature: 5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 610baac1000000000009
-      Version: 3
-      TBS:
-        MD5: a569061297e8e824767dbc3184a69bea
-        SHA1: adbb26a587a8f44b4fccaecb306f980d1c55a150
-        SHA256: cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46
-        SHA384: e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba
-    Signer:
-    - SerialNumber: 33000000b5213fca1e4aa03de40000000000b5
-      Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2012
-      Version: 1
-  Imphash: 650fb6bf48d8b35397597d970226ca12
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 8c667904b9db9e69a637c55ae50decbd
-    SHA1: bc2f3850c7b858340d7ed27b90e63b036881fd6c
-    SHA256: f08ebddc11aefcb46082c239f8d97ceea247d846e22c4bcdd72af75c1cbc6b0b
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2021-05-15 06:46:21'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - FwpsAcquireClassifyHandle0
-  - FwpsReleaseClassifyHandle0
-  - FwpmFilterDeleteById0
-  - FwpsAcquireWritableLayerDataPointer0
-  - FwpsApplyModifiedLayerData0
-  - FwpmFilterAdd0
-  - FwpmCalloutAdd0
-  - FwpmSubLayerDeleteByKey0
-  - FwpmSubLayerAdd0
-  - FwpmTransactionAbort0
-  - FwpmTransactionCommit0
-  - FwpmTransactionBegin0
-  - FwpmEngineClose0
-  - FwpmEngineOpen0
-  - FwpsCalloutUnregisterById0
-  - FwpsCompleteClassify0
-  - FwpsCalloutRegister1
-  - IofCallDriver
-  - IoCreateFile
-  - IoFreeIrp
-  - IoGetRelatedDeviceObject
-  - ObReferenceObjectByHandle
-  - ObfDereferenceObject
-  - ZwQueryInformationFile
-  - ZwSetInformationFile
-  - ZwReadFile
-  - ZwWriteFile
-  - ZwClose
-  - IoFileObjectType
-  - KeEnterCriticalRegion
-  - KeLeaveCriticalRegion
-  - PsTerminateSystemThread
-  - KeSetBasePriorityThread
-  - sprintf
-  - CmUnRegisterCallback
-  - CmRegisterCallbackEx
-  - CmCallbackGetKeyObjectID
-  - MmIsAddressValid
-  - strlen
-  - strncmp
-  - strncpy
-  - wcscat
-  - wcslen
-  - wcsncmp
-  - RtlInitAnsiString
-  - strcat
-  - strcmp
-  - strncat
-  - ExAllocatePoolWithTag
-  - ExAcquireSpinLockExclusive
-  - ExReleaseSpinLockExclusive
-  - wcscpy
-  - RtlAnsiStringToUnicodeString
-  - RtlFreeUnicodeString
-  - RtlCreateSecurityDescriptor
-  - RtlSetDaclSecurityDescriptor
-  - KeResetEvent
-  - KeInitializeTimerEx
-  - KeSetTimerEx
-  - PsCreateSystemThread
-  - ZwCreateKey
-  - ZwOpenKey
-  - ZwFlushKey
-  - ZwQueryValueKey
-  - ZwSetValueKey
-  - NtQueryInformationToken
-  - RtlLengthSid
-  - RtlConvertSidToUnicodeString
-  - RtlCreateAcl
-  - RtlAddAccessAllowedAce
-  - RtlSetOwnerSecurityDescriptor
-  - PsLookupProcessByProcessId
-  - ObOpenObjectByPointer
-  - ZwOpenProcessTokenEx
-  - ZwSetSecurityObject
-  - PsGetProcessImageFileName
-  - _allmul
-  - PsProcessType
-  - SeExports
-  - strchr
-  - strncpy_s
-  - MmProbeAndLockPages
-  - MmUnlockPages
-  - IoAllocateMdl
-  - IoFreeMdl
-  - IoReuseIrp
-  - IoAllocateIrp
-  - RtlUnwind
-  - KeWaitForSingleObject
-  - KeSetEvent
-  - KeInitializeEvent
-  - KeGetCurrentThread
-  - IoDeleteSymbolicLink
-  - KeBugCheckEx
-  - ExFreePoolWithTag
-  - RtlInitUnicodeString
-  - RtlCopyUnicodeString
-  - strcpy
-  - memset
-  - memcpy
-  - strstr
-  - WskDeregister
-  - WskReleaseProviderNPI
-  - WskCaptureProviderNPI
-  - WskRegister
-  - KeGetCurrentIrql
-  - WdfVersionBind
-  - WdfVersionBindClass
-  - WdfVersionUnbindClass
-  - WdfVersionUnbind
-  Imports:
-  - fwpkclnt.sys
-  - ntoskrnl.exe
-  - NETIO.SYS
-  - HAL.dll
-  - WDFLDR.SYS
-  InternalName: ''
-  MD5: a01abca106a37eb4e7f96b1c4be38712
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: f0b684c190bdbac4aa311a7355122963
-    SHA1: b7866474ab0a322b84086fccf1948d5a8b7f03a0
-    SHA256: 33c5dfb8ba99a1d23f6a99cb34c04977b2455fa6c59e79dbad4d910516357bae
-  SHA1: 0f45c274b86bdcffba8d09a3cdfce974b10e3bfe
-  SHA256: cfe2dd2cf1eb8b79d3b4ae980cda6fd933979d47c837fda77256a24a41316468
-  Sections:
-    .text:
-      Entropy: 6.340579412340497
-      Virtual Size: '0x5de8'
-    .rdata:
-      Entropy: 4.572425708982675
-      Virtual Size: '0x5f4'
-    .data:
-      Entropy: 0.6890357570368669
-      Virtual Size: '0x9428'
-    INIT:
-      Entropy: 5.674405086792681
-      Virtual Size: '0xb48'
-    .reloc:
-      Entropy: 6.678416291453968
-      Virtual Size: '0x694'
-  Signature: ''
-  Signatures: {}
-  Imphash: b5403fb8687d7afd40fd8cf3b4dfe29b
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 086a664c2a188f4a1db40a1684597517
-    SHA1: 8241c9a5755a740811c8e8d2739b33146acd3e6d
-    SHA256: c56536f99207915e5a1f7d4f014ab942bd820e64ff7f371ad0462ef26ed27242
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2021-05-15 06:46:38'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - FwpmFilterAdd0
-  - FwpmFilterDeleteById0
-  - FwpsAcquireClassifyHandle0
-  - FwpmCalloutAdd0
-  - FwpsCompleteClassify0
-  - FwpsAcquireWritableLayerDataPointer0
-  - FwpsApplyModifiedLayerData0
-  - FwpmSubLayerDeleteByKey0
-  - FwpmSubLayerAdd0
-  - FwpmTransactionAbort0
-  - FwpmTransactionCommit0
-  - FwpmTransactionBegin0
-  - FwpmEngineClose0
-  - FwpmEngineOpen0
-  - FwpsCalloutUnregisterById0
-  - FwpsReleaseClassifyHandle0
-  - FwpsCalloutRegister1
-  - IoCreateFile
-  - IoFreeIrp
-  - IoGetRelatedDeviceObject
-  - ObReferenceObjectByHandle
-  - ObfDereferenceObject
-  - ZwQueryInformationFile
-  - ZwSetInformationFile
-  - ZwReadFile
-  - ZwWriteFile
-  - ZwClose
-  - IoFileObjectType
-  - KeEnterCriticalRegion
-  - KeLeaveCriticalRegion
-  - PsTerminateSystemThread
-  - KeSetBasePriorityThread
-  - sprintf
-  - CmUnRegisterCallback
-  - CmRegisterCallbackEx
-  - CmCallbackGetKeyObjectID
-  - MmIsAddressValid
-  - strlen
-  - strncmp
-  - strncpy
-  - wcscat
-  - wcslen
-  - wcsncmp
-  - RtlInitAnsiString
-  - strcat
-  - strcmp
-  - strncat
-  - IoAllocateIrp
-  - ExAcquireSpinLockExclusive
-  - ExReleaseSpinLockExclusive
-  - wcscpy
-  - RtlAnsiStringToUnicodeString
-  - RtlFreeUnicodeString
-  - RtlCreateSecurityDescriptor
-  - RtlSetDaclSecurityDescriptor
-  - KeResetEvent
-  - KeInitializeTimerEx
-  - KeSetTimerEx
-  - PsCreateSystemThread
-  - ZwCreateKey
-  - ZwOpenKey
-  - ZwFlushKey
-  - ZwQueryValueKey
-  - ZwSetValueKey
-  - NtQueryInformationToken
-  - RtlLengthSid
-  - RtlConvertSidToUnicodeString
-  - RtlCreateAcl
-  - RtlAddAccessAllowedAce
-  - RtlSetOwnerSecurityDescriptor
-  - PsLookupProcessByProcessId
-  - ObOpenObjectByPointer
-  - ZwOpenProcessTokenEx
-  - ZwSetSecurityObject
-  - PsGetProcessImageFileName
-  - PsProcessType
-  - SeExports
-  - strchr
-  - strncpy_s
-  - MmProbeAndLockPages
-  - MmUnlockPages
-  - IoAllocateMdl
-  - IoFreeMdl
-  - IoReuseIrp
-  - __C_specific_handler
-  - IofCallDriver
-  - ExAllocatePoolWithTag
-  - KeWaitForSingleObject
-  - KeSetEvent
-  - KeInitializeEvent
-  - IoDeleteSymbolicLink
-  - KeBugCheckEx
-  - RtlCopyUnicodeString
-  - ExFreePoolWithTag
-  - RtlInitUnicodeString
-  - strcpy
-  - strstr
-  - WskCaptureProviderNPI
-  - WskReleaseProviderNPI
-  - WskDeregister
-  - WskRegister
-  - WdfVersionBind
-  - WdfVersionBindClass
-  - WdfVersionUnbindClass
-  - WdfVersionUnbind
-  Imports:
-  - fwpkclnt.sys
-  - ntoskrnl.exe
-  - NETIO.SYS
-  - WDFLDR.SYS
-  InternalName: ''
-  MD5: 530f12f8058199964d0b41f1856185ec
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 85bc198af7e82d3ad73505bc7086be84
-    SHA1: e652b262f08c568106765e202ea0142129765004
-    SHA256: 4130707eedc8cb72f6c5703feee7b8bfbdbe7dc34630d6dc33a0f92da20bdb66
-  SHA1: 8b04023990d18dcd5cc4c5538b332b017f3962fc
-  SHA256: bbc58fd69ce5fed6691dd8d2084e9b728add808ffd5ea8b42ac284b686f77d9a
-  Sections:
-    .text:
-      Entropy: 6.3151171440822305
-      Virtual Size: '0x6722'
-    .rdata:
-      Entropy: 4.565306374693255
-      Virtual Size: '0xefc'
-    .data:
-      Entropy: 0.6671192572015003
-      Virtual Size: '0xbb18'
-    .pdata:
-      Entropy: 4.417141719623935
-      Virtual Size: '0x630'
-    INIT:
-      Entropy: 5.171869742524338
-      Virtual Size: '0xcb8'
-    .reloc:
-      Entropy: 3.6204816846131127
-      Virtual Size: '0x28'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Hardware Compatibility Publisher
-      ValidFrom: '2020-12-15 22:15:33'
-      ValidTo: '2021-12-02 22:15:33'
-      Signature: 0d2d53cd15a8feddcb17e2df1bf7dc1aef21e98c6cd220f58b593824849c134a0f1add59ce42ef80ddf47860273013604d9568ec5894a797bd4e571432a9aaf10ab04dd1c038b26ab7c5ca3a9c88d009267fab56254525546a0a055fb37b9cd8029c7d501809fc8b11482c7a4347b3ad29f35427c9570e87117db52cc94864259274b9e2e758f918a3af1fdb9f9d40ffa3ae2e2ae012fb97a436258642a2a4223dc6690db88103a6e5220646bd8afb3d12eb894ac28b527396a1965408487f6ab878b3c474b8c960842861ae8e799a3d2a8d6f918f50f8e26bb1ed6ced47be36e447574e8568582964ff31cd288b9c7f8d7e6a46d6c3d92f5c101fe1522a720c
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 33000000b5213fca1e4aa03de40000000000b5
-      Version: 3
-      TBS:
-        MD5: a0dd89c33c4973bf6758331e200fb6de
-        SHA1: 65ff7fa429c0f08f8a8bf30509e8ca2919d9edb5
-        SHA256: 29a7b646af062aee3bf37d1ba190211365116db7d7aa4cb87ba268843262ae47
-        SHA384: a7ac729302762483ea304ff2660a2ce2f5fa67cbbfc3f6df32a8feafa3852812c9bb8f7050140079aad1dec8119ee88e
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2012
-      ValidFrom: '2012-04-18 23:48:38'
-      ValidTo: '2027-04-18 23:58:38'
-      Signature: 5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 610baac1000000000009
-      Version: 3
-      TBS:
-        MD5: a569061297e8e824767dbc3184a69bea
-        SHA1: adbb26a587a8f44b4fccaecb306f980d1c55a150
-        SHA256: cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46
-        SHA384: e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba
-    Signer:
-    - SerialNumber: 33000000b5213fca1e4aa03de40000000000b5
-      Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2012
-      Version: 1
-  Imphash: d252001e327cf09463aba69fb4de2125
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 086a664c2a188f4a1db40a1684597517
-    SHA1: 8241c9a5755a740811c8e8d2739b33146acd3e6d
-    SHA256: c56536f99207915e5a1f7d4f014ab942bd820e64ff7f371ad0462ef26ed27242
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2021-05-15 06:46:38'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - FwpmFilterAdd0
-  - FwpmFilterDeleteById0
-  - FwpsAcquireClassifyHandle0
-  - FwpmCalloutAdd0
-  - FwpsCompleteClassify0
-  - FwpsAcquireWritableLayerDataPointer0
-  - FwpsApplyModifiedLayerData0
-  - FwpmSubLayerDeleteByKey0
-  - FwpmSubLayerAdd0
-  - FwpmTransactionAbort0
-  - FwpmTransactionCommit0
-  - FwpmTransactionBegin0
-  - FwpmEngineClose0
-  - FwpmEngineOpen0
-  - FwpsCalloutUnregisterById0
-  - FwpsReleaseClassifyHandle0
-  - FwpsCalloutRegister1
-  - IoCreateFile
-  - IoFreeIrp
-  - IoGetRelatedDeviceObject
-  - ObReferenceObjectByHandle
-  - ObfDereferenceObject
-  - ZwQueryInformationFile
-  - ZwSetInformationFile
-  - ZwReadFile
-  - ZwWriteFile
-  - ZwClose
-  - IoFileObjectType
-  - KeEnterCriticalRegion
-  - KeLeaveCriticalRegion
-  - PsTerminateSystemThread
-  - KeSetBasePriorityThread
-  - sprintf
-  - CmUnRegisterCallback
-  - CmRegisterCallbackEx
-  - CmCallbackGetKeyObjectID
-  - MmIsAddressValid
-  - strlen
-  - strncmp
-  - strncpy
-  - wcscat
-  - wcslen
-  - wcsncmp
-  - RtlInitAnsiString
-  - strcat
-  - strcmp
-  - strncat
-  - IoAllocateIrp
-  - ExAcquireSpinLockExclusive
-  - ExReleaseSpinLockExclusive
-  - wcscpy
-  - RtlAnsiStringToUnicodeString
-  - RtlFreeUnicodeString
-  - RtlCreateSecurityDescriptor
-  - RtlSetDaclSecurityDescriptor
-  - KeResetEvent
-  - KeInitializeTimerEx
-  - KeSetTimerEx
-  - PsCreateSystemThread
-  - ZwCreateKey
-  - ZwOpenKey
-  - ZwFlushKey
-  - ZwQueryValueKey
-  - ZwSetValueKey
-  - NtQueryInformationToken
-  - RtlLengthSid
-  - RtlConvertSidToUnicodeString
-  - RtlCreateAcl
-  - RtlAddAccessAllowedAce
-  - RtlSetOwnerSecurityDescriptor
-  - PsLookupProcessByProcessId
-  - ObOpenObjectByPointer
-  - ZwOpenProcessTokenEx
-  - ZwSetSecurityObject
-  - PsGetProcessImageFileName
-  - PsProcessType
-  - SeExports
-  - strchr
-  - strncpy_s
-  - MmProbeAndLockPages
-  - MmUnlockPages
-  - IoAllocateMdl
-  - IoFreeMdl
-  - IoReuseIrp
-  - __C_specific_handler
-  - IofCallDriver
-  - ExAllocatePoolWithTag
-  - KeWaitForSingleObject
-  - KeSetEvent
-  - KeInitializeEvent
-  - IoDeleteSymbolicLink
-  - KeBugCheckEx
-  - RtlCopyUnicodeString
-  - ExFreePoolWithTag
-  - RtlInitUnicodeString
-  - strcpy
-  - strstr
-  - WskCaptureProviderNPI
-  - WskReleaseProviderNPI
-  - WskDeregister
-  - WskRegister
-  - WdfVersionBind
-  - WdfVersionBindClass
-  - WdfVersionUnbindClass
-  - WdfVersionUnbind
-  Imports:
-  - fwpkclnt.sys
-  - ntoskrnl.exe
-  - NETIO.SYS
-  - WDFLDR.SYS
-  InternalName: ''
-  MD5: 3ce1153adde6ca1fa17679d9f00b4de0
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 85bc198af7e82d3ad73505bc7086be84
-    SHA1: e652b262f08c568106765e202ea0142129765004
-    SHA256: 4130707eedc8cb72f6c5703feee7b8bfbdbe7dc34630d6dc33a0f92da20bdb66
-  SHA1: 56086ede8efe41322b829aaec81df6ef317809e7
-  SHA256: 16e68d2fa75a4e04872be42e2b54c041e43ab3409096741690520417e3368aa6
-  Sections:
-    .text:
-      Entropy: 6.3151171440822305
-      Virtual Size: '0x6722'
-    .rdata:
-      Entropy: 4.565306374693255
-      Virtual Size: '0xefc'
-    .data:
-      Entropy: 0.6671192572015003
-      Virtual Size: '0xbb18'
-    .pdata:
-      Entropy: 4.417141719623935
-      Virtual Size: '0x630'
-    INIT:
-      Entropy: 5.171869742524338
-      Virtual Size: '0xcb8'
-    .reloc:
-      Entropy: 3.6204816846131127
-      Virtual Size: '0x28'
-  Signature: ''
-  Signatures: {}
-  Imphash: d252001e327cf09463aba69fb4de2125
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 952d13ef24460cf6d9f7ce78005bc918
-    SHA1: 3debe170b5a113407f9e86ee6ed9ae00c3d82c9f
-    SHA256: 221dfbc74bbb255b0879360ccc71a74b756b2e0f16e9386b38a9ce9d4e2e34f9
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2021-05-15 01:06:29'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - FwpmTransactionCommit0
-  - FwpmTransactionAbort0
-  - FwpmSubLayerAdd0
-  - FwpmSubLayerDeleteByKey0
-  - FwpmCalloutAdd0
-  - FwpmTransactionBegin0
-  - FwpmFilterDeleteById0
-  - FwpmEngineClose0
-  - FwpmEngineOpen0
-  - FwpsCalloutUnregisterById0
-  - FwpmFilterAdd0
-  - FwpsCalloutRegister1
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - KeSetEvent
-  - KeEnterCriticalRegion
-  - KeLeaveCriticalRegion
-  - PsTerminateSystemThread
-  - KeSetBasePriorityThread
-  - KeInitializeTimerEx
-  - KeSetTimerEx
-  - PsCreateSystemThread
-  - ZwCreateKey
-  - ZwFlushKey
-  - ZwSetValueKey
-  - MmIsAddressValid
-  - KeWaitForSingleObject
-  - KeBugCheckEx
-  - RtlCopyUnicodeString
-  - KeInitializeEvent
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - ZwClose
-  - WdfVersionBind
-  - WdfVersionBindClass
-  - WdfVersionUnbindClass
-  - WdfVersionUnbind
-  Imports:
-  - fwpkclnt.sys
-  - ntoskrnl.exe
-  - WDFLDR.SYS
-  InternalName: ''
-  MD5: 2ff65eaca2ace4d13d0c7db521120e51
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 4515084119c0d55b8843fcbe64611276
-    SHA1: 78482066a1bb564c20bb2361adb896a05dbaaec9
-    SHA256: e78ad40b7b64192da4009a3335caba162323bb5f86e38532eed33957951248b0
-  SHA1: a9c16b188132cdf9e9d02ddda7727a241dc43ce2
-  SHA256: 04a269dd0a03e32e5b2a1c8ab0768791962e040d080d44dc44dab01dd7954f2b
-  Sections:
-    .text:
-      Entropy: 6.004652069757254
-      Virtual Size: '0x16ea'
-    .rdata:
-      Entropy: 4.089109208356412
-      Virtual Size: '0x754'
-    .data:
-      Entropy: 0.6753101114175523
-      Virtual Size: '0x36d8'
-    .pdata:
-      Entropy: 3.8774173817774784
-      Virtual Size: '0x1bc'
-    INIT:
-      Entropy: 5.066163615261483
-      Virtual Size: '0x530'
-    .reloc:
-      Entropy: 3.047012012247794
-      Virtual Size: '0x28'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Hardware Compatibility Publisher
-      ValidFrom: '2020-12-15 22:15:33'
-      ValidTo: '2021-12-02 22:15:33'
-      Signature: 0d2d53cd15a8feddcb17e2df1bf7dc1aef21e98c6cd220f58b593824849c134a0f1add59ce42ef80ddf47860273013604d9568ec5894a797bd4e571432a9aaf10ab04dd1c038b26ab7c5ca3a9c88d009267fab56254525546a0a055fb37b9cd8029c7d501809fc8b11482c7a4347b3ad29f35427c9570e87117db52cc94864259274b9e2e758f918a3af1fdb9f9d40ffa3ae2e2ae012fb97a436258642a2a4223dc6690db88103a6e5220646bd8afb3d12eb894ac28b527396a1965408487f6ab878b3c474b8c960842861ae8e799a3d2a8d6f918f50f8e26bb1ed6ced47be36e447574e8568582964ff31cd288b9c7f8d7e6a46d6c3d92f5c101fe1522a720c
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 33000000b5213fca1e4aa03de40000000000b5
-      Version: 3
-      TBS:
-        MD5: a0dd89c33c4973bf6758331e200fb6de
-        SHA1: 65ff7fa429c0f08f8a8bf30509e8ca2919d9edb5
-        SHA256: 29a7b646af062aee3bf37d1ba190211365116db7d7aa4cb87ba268843262ae47
-        SHA384: a7ac729302762483ea304ff2660a2ce2f5fa67cbbfc3f6df32a8feafa3852812c9bb8f7050140079aad1dec8119ee88e
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2012
-      ValidFrom: '2012-04-18 23:48:38'
-      ValidTo: '2027-04-18 23:58:38'
-      Signature: 5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 610baac1000000000009
-      Version: 3
-      TBS:
-        MD5: a569061297e8e824767dbc3184a69bea
-        SHA1: adbb26a587a8f44b4fccaecb306f980d1c55a150
-        SHA256: cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46
-        SHA384: e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba
-    Signer:
-    - SerialNumber: 33000000b5213fca1e4aa03de40000000000b5
-      Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2012
-      Version: 1
-  Imphash: 40758fe0a03b654da35a5f035d0343c5
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 8ed8507c953e60b61f022350417236fa
-    SHA1: 2c27abbbbcf10dfb75ad79557e30ace5ed314df8
-    SHA256: 7f1772bdf7dd81cb00d30159d19d4eb9160b54d7609b36f781d08ca3afbd29a7
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2021-03-27 02:41:44'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - FwpmFilterAdd0
-  - FwpmFilterDeleteById0
-  - FwpsAcquireClassifyHandle0
-  - FwpmCalloutAdd0
-  - FwpsCompleteClassify0
-  - FwpsAcquireWritableLayerDataPointer0
-  - FwpsApplyModifiedLayerData0
-  - FwpmSubLayerDeleteByKey0
-  - FwpmSubLayerAdd0
-  - FwpmTransactionAbort0
-  - FwpmTransactionCommit0
-  - FwpmTransactionBegin0
-  - FwpmEngineClose0
-  - FwpmEngineOpen0
-  - FwpsCalloutUnregisterById0
-  - FwpsReleaseClassifyHandle0
-  - FwpsCalloutRegister1
-  - KeInitializeEvent
-  - KeWaitForSingleObject
-  - IoAllocateIrp
-  - IofCallDriver
-  - IoCreateFile
-  - IoFreeIrp
-  - IoGetRelatedDeviceObject
-  - ObReferenceObjectByHandle
-  - ObfDereferenceObject
-  - ZwQueryInformationFile
-  - ZwSetInformationFile
-  - ZwReadFile
-  - ZwWriteFile
-  - ZwClose
-  - IoFileObjectType
-  - strchr
-  - strncat
-  - strncpy_s
-  - strstr
-  - KeResetEvent
-  - MmProbeAndLockPages
-  - MmUnlockPages
-  - IoAllocateMdl
-  - IoFreeMdl
-  - IoReuseIrp
-  - __C_specific_handler
-  - MmIsAddressValid
-  - sprintf
-  - KeEnterCriticalRegion
-  - KeLeaveCriticalRegion
-  - PsTerminateSystemThread
-  - KeSetBasePriorityThread
-  - CmUnRegisterCallback
-  - CmRegisterCallbackEx
-  - CmCallbackGetKeyObjectID
-  - strncmp
-  - strncpy
-  - wcsncmp
-  - ExAcquireSpinLockExclusive
-  - ExReleaseSpinLockExclusive
-  - RtlCreateSecurityDescriptor
-  - RtlSetDaclSecurityDescriptor
-  - KeInitializeTimerEx
-  - KeSetTimerEx
-  - PsCreateSystemThread
-  - ZwCreateKey
-  - ZwOpenKey
-  - ZwFlushKey
-  - ZwQueryValueKey
-  - ZwSetValueKey
-  - NtQueryInformationToken
-  - RtlLengthSid
-  - RtlConvertSidToUnicodeString
-  - RtlCreateAcl
-  - RtlAddAccessAllowedAce
-  - RtlSetOwnerSecurityDescriptor
-  - PsLookupProcessByProcessId
-  - ObOpenObjectByPointer
-  - ZwOpenProcessTokenEx
-  - ZwSetSecurityObject
-  - PsGetProcessImageFileName
-  - PsProcessType
-  - SeExports
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - KeSetEvent
-  - RtlFreeUnicodeString
-  - KeBugCheckEx
-  - RtlCopyUnicodeString
-  - RtlAnsiStringToUnicodeString
-  - RtlInitUnicodeString
-  - RtlInitAnsiString
-  - WskCaptureProviderNPI
-  - WskReleaseProviderNPI
-  - WskDeregister
-  - WskRegister
-  - WdfVersionBind
-  - WdfVersionBindClass
-  - WdfVersionUnbindClass
-  - WdfVersionUnbind
-  Imports:
-  - fwpkclnt.sys
-  - ntoskrnl.exe
-  - NETIO.SYS
-  - WDFLDR.SYS
-  InternalName: ''
-  MD5: e3fb0f73f17f1fe04ae8fa9448d2f92b
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: b324bb3bfe051a8ce6eaa984b648d37e
-    SHA1: 5ca6f0de15e83eadef9ab16f19d18b89fbc171fb
-    SHA256: c6eea0ec611fb1f51ab52e0625649f40428c2bcb8865f0b89ca9f1900f6c53f2
-  SHA1: 4656f21f4093a72864b12ad6783a640ec9d4adff
-  SHA256: 40c45c9b1c764777096b59f99ae524cbd25b88c805187e615c3ed6840f3d4c15
-  Sections:
-    .text:
-      Entropy: 6.346151239727315
-      Virtual Size: '0x6958'
-    .rdata:
-      Entropy: 4.682011637139368
-      Virtual Size: '0x11bc'
-    .data:
-      Entropy: 1.4664164031598028
-      Virtual Size: '0x9468'
-    .pdata:
-      Entropy: 4.418309034702974
-      Virtual Size: '0x60c'
-    INIT:
-      Entropy: 5.255249066470295
-      Virtual Size: '0xc3a'
-    .reloc:
-      Entropy: 3.7366309574076895
-      Virtual Size: '0x3c'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Hardware Compatibility Publisher
-      ValidFrom: '2020-12-15 22:15:33'
-      ValidTo: '2021-12-02 22:15:33'
-      Signature: 0d2d53cd15a8feddcb17e2df1bf7dc1aef21e98c6cd220f58b593824849c134a0f1add59ce42ef80ddf47860273013604d9568ec5894a797bd4e571432a9aaf10ab04dd1c038b26ab7c5ca3a9c88d009267fab56254525546a0a055fb37b9cd8029c7d501809fc8b11482c7a4347b3ad29f35427c9570e87117db52cc94864259274b9e2e758f918a3af1fdb9f9d40ffa3ae2e2ae012fb97a436258642a2a4223dc6690db88103a6e5220646bd8afb3d12eb894ac28b527396a1965408487f6ab878b3c474b8c960842861ae8e799a3d2a8d6f918f50f8e26bb1ed6ced47be36e447574e8568582964ff31cd288b9c7f8d7e6a46d6c3d92f5c101fe1522a720c
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 33000000b5213fca1e4aa03de40000000000b5
-      Version: 3
-      TBS:
-        MD5: a0dd89c33c4973bf6758331e200fb6de
-        SHA1: 65ff7fa429c0f08f8a8bf30509e8ca2919d9edb5
-        SHA256: 29a7b646af062aee3bf37d1ba190211365116db7d7aa4cb87ba268843262ae47
-        SHA384: a7ac729302762483ea304ff2660a2ce2f5fa67cbbfc3f6df32a8feafa3852812c9bb8f7050140079aad1dec8119ee88e
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2012
-      ValidFrom: '2012-04-18 23:48:38'
-      ValidTo: '2027-04-18 23:58:38'
-      Signature: 5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 610baac1000000000009
-      Version: 3
-      TBS:
-        MD5: a569061297e8e824767dbc3184a69bea
-        SHA1: adbb26a587a8f44b4fccaecb306f980d1c55a150
-        SHA256: cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46
-        SHA384: e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba
-    Signer:
-    - SerialNumber: 33000000b5213fca1e4aa03de40000000000b5
-      Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2012
-      Version: 1
-  Imphash: e938b727f5a033818337f7ba0584500f
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 1f5f357f730b5852b34876b01fb1d44e
-    SHA1: 4b8c0445075f09aeef542ab1c86e5de6b06e91a3
-    SHA256: 0988d366572a57b3015d875b60704517d05115580678e8f2e126f771eda28f7b
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2021-04-18 08:09:04'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - FwpmFilterAdd0
-  - FwpmFilterDeleteById0
-  - FwpsAcquireClassifyHandle0
-  - FwpmCalloutAdd0
-  - FwpsCompleteClassify0
-  - FwpsAcquireWritableLayerDataPointer0
-  - FwpsApplyModifiedLayerData0
-  - FwpmSubLayerDeleteByKey0
-  - FwpmSubLayerAdd0
-  - FwpmTransactionAbort0
-  - FwpmTransactionCommit0
-  - FwpmTransactionBegin0
-  - FwpmEngineClose0
-  - FwpmEngineOpen0
-  - FwpsCalloutUnregisterById0
-  - FwpsReleaseClassifyHandle0
-  - FwpsCalloutRegister1
-  - IoCreateFile
-  - IoFreeIrp
-  - IoGetRelatedDeviceObject
-  - ObReferenceObjectByHandle
-  - ObfDereferenceObject
-  - ZwQueryInformationFile
-  - ZwSetInformationFile
-  - ZwReadFile
-  - ZwWriteFile
-  - ZwClose
-  - IoFileObjectType
-  - KeEnterCriticalRegion
-  - KeLeaveCriticalRegion
-  - PsTerminateSystemThread
-  - KeSetBasePriorityThread
-  - sprintf
-  - CmUnRegisterCallback
-  - CmRegisterCallbackEx
-  - CmCallbackGetKeyObjectID
-  - MmIsAddressValid
-  - strlen
-  - strncmp
-  - strncpy
-  - wcscat
-  - wcslen
-  - wcsncmp
-  - RtlInitAnsiString
-  - strcat
-  - strcmp
-  - strncat
-  - IoAllocateIrp
-  - ExAcquireSpinLockExclusive
-  - ExReleaseSpinLockExclusive
-  - wcscpy
-  - RtlAnsiStringToUnicodeString
-  - RtlFreeUnicodeString
-  - RtlCreateSecurityDescriptor
-  - RtlSetDaclSecurityDescriptor
-  - KeResetEvent
-  - KeInitializeTimerEx
-  - KeSetTimerEx
-  - PsCreateSystemThread
-  - ZwCreateKey
-  - ZwOpenKey
-  - ZwFlushKey
-  - ZwQueryValueKey
-  - ZwSetValueKey
-  - NtQueryInformationToken
-  - RtlLengthSid
-  - RtlConvertSidToUnicodeString
-  - RtlCreateAcl
-  - RtlAddAccessAllowedAce
-  - RtlSetOwnerSecurityDescriptor
-  - PsLookupProcessByProcessId
-  - ObOpenObjectByPointer
-  - ZwOpenProcessTokenEx
-  - ZwSetSecurityObject
-  - PsGetProcessImageFileName
-  - PsProcessType
-  - SeExports
-  - strchr
-  - strncpy_s
-  - MmProbeAndLockPages
-  - MmUnlockPages
-  - IoAllocateMdl
-  - IoFreeMdl
-  - IoReuseIrp
-  - __C_specific_handler
-  - IofCallDriver
-  - ExAllocatePoolWithTag
-  - KeWaitForSingleObject
-  - KeSetEvent
-  - KeInitializeEvent
-  - IoDeleteSymbolicLink
-  - KeBugCheckEx
-  - RtlCopyUnicodeString
-  - ExFreePoolWithTag
-  - RtlInitUnicodeString
-  - strcpy
-  - strstr
-  - WskCaptureProviderNPI
-  - WskReleaseProviderNPI
-  - WskDeregister
-  - WskRegister
-  - WdfVersionBind
-  - WdfVersionBindClass
-  - WdfVersionUnbindClass
-  - WdfVersionUnbind
-  Imports:
-  - fwpkclnt.sys
-  - ntoskrnl.exe
-  - NETIO.SYS
-  - WDFLDR.SYS
-  InternalName: ''
-  MD5: a57e4e3a3fa46bbdbc9d803283af3479
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 85bc198af7e82d3ad73505bc7086be84
-    SHA1: e652b262f08c568106765e202ea0142129765004
-    SHA256: 4130707eedc8cb72f6c5703feee7b8bfbdbe7dc34630d6dc33a0f92da20bdb66
-  SHA1: 4ede7f018c317ddc6a5f8f935f917621668cb1ec
-  SHA256: f83c357106a7d1d055b5cb75c8414aa3219354deb16ae9ee7efe8ee4c8c670ca
-  Sections:
-    .text:
-      Entropy: 6.3151171440822305
-      Virtual Size: '0x6722'
-    .rdata:
-      Entropy: 4.597541961463757
-      Virtual Size: '0xf14'
-    .data:
-      Entropy: 0.6671192572015003
-      Virtual Size: '0xbb18'
-    .pdata:
-      Entropy: 4.427523715328472
-      Virtual Size: '0x630'
-    INIT:
-      Entropy: 5.171869742524338
-      Virtual Size: '0xcb8'
-    .reloc:
-      Entropy: 3.6204816846131127
-      Virtual Size: '0x28'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Hardware Compatibility Publisher
-      ValidFrom: '2020-12-15 22:15:33'
-      ValidTo: '2021-12-02 22:15:33'
-      Signature: 0d2d53cd15a8feddcb17e2df1bf7dc1aef21e98c6cd220f58b593824849c134a0f1add59ce42ef80ddf47860273013604d9568ec5894a797bd4e571432a9aaf10ab04dd1c038b26ab7c5ca3a9c88d009267fab56254525546a0a055fb37b9cd8029c7d501809fc8b11482c7a4347b3ad29f35427c9570e87117db52cc94864259274b9e2e758f918a3af1fdb9f9d40ffa3ae2e2ae012fb97a436258642a2a4223dc6690db88103a6e5220646bd8afb3d12eb894ac28b527396a1965408487f6ab878b3c474b8c960842861ae8e799a3d2a8d6f918f50f8e26bb1ed6ced47be36e447574e8568582964ff31cd288b9c7f8d7e6a46d6c3d92f5c101fe1522a720c
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 33000000b5213fca1e4aa03de40000000000b5
-      Version: 3
-      TBS:
-        MD5: a0dd89c33c4973bf6758331e200fb6de
-        SHA1: 65ff7fa429c0f08f8a8bf30509e8ca2919d9edb5
-        SHA256: 29a7b646af062aee3bf37d1ba190211365116db7d7aa4cb87ba268843262ae47
-        SHA384: a7ac729302762483ea304ff2660a2ce2f5fa67cbbfc3f6df32a8feafa3852812c9bb8f7050140079aad1dec8119ee88e
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2012
-      ValidFrom: '2012-04-18 23:48:38'
-      ValidTo: '2027-04-18 23:58:38'
-      Signature: 5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 610baac1000000000009
-      Version: 3
-      TBS:
-        MD5: a569061297e8e824767dbc3184a69bea
-        SHA1: adbb26a587a8f44b4fccaecb306f980d1c55a150
-        SHA256: cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46
-        SHA384: e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba
-    Signer:
-    - SerialNumber: 33000000b5213fca1e4aa03de40000000000b5
-      Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2012
-      Version: 1
-  Imphash: d252001e327cf09463aba69fb4de2125
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: ace17016bb2aba11a9f8f73b2fc98642
-    SHA1: e014c6bebfda944ce3a58ab9fe055d4f9367d49c
-    SHA256: 651ffa0c7aff7b4a7695dddd209dc3e7f68156e29a14d3fcc17aef4f2a205dcc
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2021-03-17 07:13:37'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - FwpsAcquireClassifyHandle0
-  - FwpsReleaseClassifyHandle0
-  - FwpmFilterDeleteById0
-  - FwpsAcquireWritableLayerDataPointer0
-  - FwpsApplyModifiedLayerData0
-  - FwpmFilterAdd0
-  - FwpmCalloutAdd0
-  - FwpmSubLayerDeleteByKey0
-  - FwpmSubLayerAdd0
-  - FwpmTransactionAbort0
-  - FwpmTransactionCommit0
-  - FwpmTransactionBegin0
-  - FwpmEngineClose0
-  - FwpmEngineOpen0
-  - FwpsCalloutUnregisterById0
-  - FwpsCompleteClassify0
-  - FwpsCalloutRegister1
-  - KeGetCurrentThread
-  - KeInitializeEvent
-  - KeWaitForSingleObject
-  - IoAllocateIrp
-  - IofCallDriver
-  - IoCreateFile
-  - IoFreeIrp
-  - IoGetRelatedDeviceObject
-  - ObReferenceObjectByHandle
-  - ObfDereferenceObject
-  - ZwQueryInformationFile
-  - ZwSetInformationFile
-  - ZwReadFile
-  - ZwWriteFile
-  - ZwClose
-  - IoFileObjectType
-  - strchr
-  - strncat
-  - strncpy_s
-  - strstr
-  - KeResetEvent
-  - MmProbeAndLockPages
-  - MmUnlockPages
-  - IoAllocateMdl
-  - IoFreeMdl
-  - IoReuseIrp
-  - IoDeleteSymbolicLink
-  - sprintf
-  - KeEnterCriticalRegion
-  - KeLeaveCriticalRegion
-  - PsTerminateSystemThread
-  - KeSetBasePriorityThread
-  - CmUnRegisterCallback
-  - CmRegisterCallbackEx
-  - CmCallbackGetKeyObjectID
-  - strncmp
-  - strncpy
-  - wcsncmp
-  - ExAcquireSpinLockExclusive
-  - ExReleaseSpinLockExclusive
-  - RtlCreateSecurityDescriptor
-  - RtlSetDaclSecurityDescriptor
-  - KeInitializeTimerEx
-  - KeSetTimerEx
-  - PsCreateSystemThread
-  - ZwCreateKey
-  - ZwOpenKey
-  - ZwFlushKey
-  - ZwQueryValueKey
-  - ZwSetValueKey
-  - NtQueryInformationToken
-  - RtlLengthSid
-  - RtlConvertSidToUnicodeString
-  - RtlCreateAcl
-  - RtlAddAccessAllowedAce
-  - RtlSetOwnerSecurityDescriptor
-  - PsLookupProcessByProcessId
-  - ObOpenObjectByPointer
-  - ZwOpenProcessTokenEx
-  - ZwSetSecurityObject
-  - PsGetProcessImageFileName
-  - _allmul
-  - PsProcessType
-  - SeExports
-  - memcpy
-  - RtlUnwind
-  - memset
-  - MmIsAddressValid
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - KeSetEvent
-  - KeBugCheckEx
-  - RtlFreeUnicodeString
-  - RtlCopyUnicodeString
-  - RtlAnsiStringToUnicodeString
-  - RtlInitUnicodeString
-  - RtlInitAnsiString
-  - WskDeregister
-  - WskReleaseProviderNPI
-  - WskCaptureProviderNPI
-  - WskRegister
-  - KeGetCurrentIrql
-  - WdfVersionBind
-  - WdfVersionBindClass
-  - WdfVersionUnbindClass
-  - WdfVersionUnbind
-  Imports:
-  - fwpkclnt.sys
-  - ntoskrnl.exe
-  - NETIO.SYS
-  - HAL.dll
-  - WDFLDR.SYS
-  InternalName: ''
-  MD5: 9c46269615ae06f912463ddc28319157
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 3b4691d934a09c9e9405216d4916ad8a
-    SHA1: beadde6d5d5b7e6a188598980e4ce7540b8e90ca
-    SHA256: 186f36b59d5535ba21343e53d01b70400138d19e0eebdb55a755ecd612ad08b7
-  SHA1: 6d6f71e858ce0fad35f4dc6e7ddb72dd0574a497
-  SHA256: 24ea733bae1b8722841fb4c6cead93c4c4f0b1248ca9a21601b1ce6b95b06864
-  Sections:
-    .text:
-      Entropy: 6.599025143052685
-      Virtual Size: '0x55ae'
-    .rdata:
-      Entropy: 4.489014367618685
-      Virtual Size: '0x8dc'
-    .data:
-      Entropy: 1.2232140216567502
-      Virtual Size: '0x6d38'
-    INIT:
-      Entropy: 5.5462767634898
-      Virtual Size: '0xae6'
-    .reloc:
-      Entropy: 6.625671581169282
-      Virtual Size: '0x5c0'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Hardware Compatibility Publisher
-      ValidFrom: '2020-12-15 22:15:33'
-      ValidTo: '2021-12-02 22:15:33'
-      Signature: 0d2d53cd15a8feddcb17e2df1bf7dc1aef21e98c6cd220f58b593824849c134a0f1add59ce42ef80ddf47860273013604d9568ec5894a797bd4e571432a9aaf10ab04dd1c038b26ab7c5ca3a9c88d009267fab56254525546a0a055fb37b9cd8029c7d501809fc8b11482c7a4347b3ad29f35427c9570e87117db52cc94864259274b9e2e758f918a3af1fdb9f9d40ffa3ae2e2ae012fb97a436258642a2a4223dc6690db88103a6e5220646bd8afb3d12eb894ac28b527396a1965408487f6ab878b3c474b8c960842861ae8e799a3d2a8d6f918f50f8e26bb1ed6ced47be36e447574e8568582964ff31cd288b9c7f8d7e6a46d6c3d92f5c101fe1522a720c
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 33000000b5213fca1e4aa03de40000000000b5
-      Version: 3
-      TBS:
-        MD5: a0dd89c33c4973bf6758331e200fb6de
-        SHA1: 65ff7fa429c0f08f8a8bf30509e8ca2919d9edb5
-        SHA256: 29a7b646af062aee3bf37d1ba190211365116db7d7aa4cb87ba268843262ae47
-        SHA384: a7ac729302762483ea304ff2660a2ce2f5fa67cbbfc3f6df32a8feafa3852812c9bb8f7050140079aad1dec8119ee88e
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2012
-      ValidFrom: '2012-04-18 23:48:38'
-      ValidTo: '2027-04-18 23:58:38'
-      Signature: 5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 610baac1000000000009
-      Version: 3
-      TBS:
-        MD5: a569061297e8e824767dbc3184a69bea
-        SHA1: adbb26a587a8f44b4fccaecb306f980d1c55a150
-        SHA256: cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46
-        SHA384: e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba
-    Signer:
-    - SerialNumber: 33000000b5213fca1e4aa03de40000000000b5
-      Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2012
-      Version: 1
-  Imphash: 9321f9c47129fbc728ead2710e22f1a5
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 8c667904b9db9e69a637c55ae50decbd
-    SHA1: bc2f3850c7b858340d7ed27b90e63b036881fd6c
-    SHA256: f08ebddc11aefcb46082c239f8d97ceea247d846e22c4bcdd72af75c1cbc6b0b
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2021-05-15 06:46:21'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - FwpsAcquireClassifyHandle0
-  - FwpsReleaseClassifyHandle0
-  - FwpmFilterDeleteById0
-  - FwpsAcquireWritableLayerDataPointer0
-  - FwpsApplyModifiedLayerData0
-  - FwpmFilterAdd0
-  - FwpmCalloutAdd0
-  - FwpmSubLayerDeleteByKey0
-  - FwpmSubLayerAdd0
-  - FwpmTransactionAbort0
-  - FwpmTransactionCommit0
-  - FwpmTransactionBegin0
-  - FwpmEngineClose0
-  - FwpmEngineOpen0
-  - FwpsCalloutUnregisterById0
-  - FwpsCompleteClassify0
-  - FwpsCalloutRegister1
-  - IofCallDriver
-  - IoCreateFile
-  - IoFreeIrp
-  - IoGetRelatedDeviceObject
-  - ObReferenceObjectByHandle
-  - ObfDereferenceObject
-  - ZwQueryInformationFile
-  - ZwSetInformationFile
-  - ZwReadFile
-  - ZwWriteFile
-  - ZwClose
-  - IoFileObjectType
-  - KeEnterCriticalRegion
-  - KeLeaveCriticalRegion
-  - PsTerminateSystemThread
-  - KeSetBasePriorityThread
-  - sprintf
-  - CmUnRegisterCallback
-  - CmRegisterCallbackEx
-  - CmCallbackGetKeyObjectID
-  - MmIsAddressValid
-  - strlen
-  - strncmp
-  - strncpy
-  - wcscat
-  - wcslen
-  - wcsncmp
-  - RtlInitAnsiString
-  - strcat
-  - strcmp
-  - strncat
-  - ExAllocatePoolWithTag
-  - ExAcquireSpinLockExclusive
-  - ExReleaseSpinLockExclusive
-  - wcscpy
-  - RtlAnsiStringToUnicodeString
-  - RtlFreeUnicodeString
-  - RtlCreateSecurityDescriptor
-  - RtlSetDaclSecurityDescriptor
-  - KeResetEvent
-  - KeInitializeTimerEx
-  - KeSetTimerEx
-  - PsCreateSystemThread
-  - ZwCreateKey
-  - ZwOpenKey
-  - ZwFlushKey
-  - ZwQueryValueKey
-  - ZwSetValueKey
-  - NtQueryInformationToken
-  - RtlLengthSid
-  - RtlConvertSidToUnicodeString
-  - RtlCreateAcl
-  - RtlAddAccessAllowedAce
-  - RtlSetOwnerSecurityDescriptor
-  - PsLookupProcessByProcessId
-  - ObOpenObjectByPointer
-  - ZwOpenProcessTokenEx
-  - ZwSetSecurityObject
-  - PsGetProcessImageFileName
-  - _allmul
-  - PsProcessType
-  - SeExports
-  - strchr
-  - strncpy_s
-  - MmProbeAndLockPages
-  - MmUnlockPages
-  - IoAllocateMdl
-  - IoFreeMdl
-  - IoReuseIrp
-  - IoAllocateIrp
-  - RtlUnwind
-  - KeWaitForSingleObject
-  - KeSetEvent
-  - KeInitializeEvent
-  - KeGetCurrentThread
-  - IoDeleteSymbolicLink
-  - KeBugCheckEx
-  - ExFreePoolWithTag
-  - RtlInitUnicodeString
-  - RtlCopyUnicodeString
-  - strcpy
-  - memset
-  - memcpy
-  - strstr
-  - WskDeregister
-  - WskReleaseProviderNPI
-  - WskCaptureProviderNPI
-  - WskRegister
-  - KeGetCurrentIrql
-  - WdfVersionBind
-  - WdfVersionBindClass
-  - WdfVersionUnbindClass
-  - WdfVersionUnbind
-  Imports:
-  - fwpkclnt.sys
-  - ntoskrnl.exe
-  - NETIO.SYS
-  - HAL.dll
-  - WDFLDR.SYS
-  InternalName: ''
-  MD5: 0e2d4679f68796e9dd0d663137cb9e12
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: f0b684c190bdbac4aa311a7355122963
-    SHA1: b7866474ab0a322b84086fccf1948d5a8b7f03a0
-    SHA256: 33c5dfb8ba99a1d23f6a99cb34c04977b2455fa6c59e79dbad4d910516357bae
-  SHA1: 7cb3ea53660dbc1b4fe12e0c03c7bfea0a3c92a2
-  SHA256: 8249e9c0ac0840a36d9a5b9ff3e217198a2f533159acd4bf3d9b0132cc079870
-  Sections:
-    .text:
-      Entropy: 6.340579412340497
-      Virtual Size: '0x5de8'
-    .rdata:
-      Entropy: 4.572425708982675
-      Virtual Size: '0x5f4'
-    .data:
-      Entropy: 0.6890357570368669
-      Virtual Size: '0x9428'
-    INIT:
-      Entropy: 5.674405086792681
-      Virtual Size: '0xb48'
-    .reloc:
-      Entropy: 6.678416291453968
-      Virtual Size: '0x694'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Hardware Compatibility Publisher
-      ValidFrom: '2020-12-15 22:15:33'
-      ValidTo: '2021-12-02 22:15:33'
-      Signature: 0d2d53cd15a8feddcb17e2df1bf7dc1aef21e98c6cd220f58b593824849c134a0f1add59ce42ef80ddf47860273013604d9568ec5894a797bd4e571432a9aaf10ab04dd1c038b26ab7c5ca3a9c88d009267fab56254525546a0a055fb37b9cd8029c7d501809fc8b11482c7a4347b3ad29f35427c9570e87117db52cc94864259274b9e2e758f918a3af1fdb9f9d40ffa3ae2e2ae012fb97a436258642a2a4223dc6690db88103a6e5220646bd8afb3d12eb894ac28b527396a1965408487f6ab878b3c474b8c960842861ae8e799a3d2a8d6f918f50f8e26bb1ed6ced47be36e447574e8568582964ff31cd288b9c7f8d7e6a46d6c3d92f5c101fe1522a720c
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 33000000b5213fca1e4aa03de40000000000b5
-      Version: 3
-      TBS:
-        MD5: a0dd89c33c4973bf6758331e200fb6de
-        SHA1: 65ff7fa429c0f08f8a8bf30509e8ca2919d9edb5
-        SHA256: 29a7b646af062aee3bf37d1ba190211365116db7d7aa4cb87ba268843262ae47
-        SHA384: a7ac729302762483ea304ff2660a2ce2f5fa67cbbfc3f6df32a8feafa3852812c9bb8f7050140079aad1dec8119ee88e
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2012
-      ValidFrom: '2012-04-18 23:48:38'
-      ValidTo: '2027-04-18 23:58:38'
-      Signature: 5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 610baac1000000000009
-      Version: 3
-      TBS:
-        MD5: a569061297e8e824767dbc3184a69bea
-        SHA1: adbb26a587a8f44b4fccaecb306f980d1c55a150
-        SHA256: cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46
-        SHA384: e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba
-    Signer:
-    - SerialNumber: 33000000b5213fca1e4aa03de40000000000b5
-      Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2012
-      Version: 1
-  Imphash: b5403fb8687d7afd40fd8cf3b4dfe29b
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 038cbc948ff5ba06ac0b54ca31401fe4
-    SHA1: 83660d245fe618ecafe4900ac1e2ad0292c2da2a
-    SHA256: 72b99147839bcfb062d29014ec09fe20a8f261748b5925b00171ef3cb849a4c1
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2019-11-03 23:10:09'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - MmUnmapLockedPages
-  - KeClearEvent
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - IoRegisterPlugPlayNotification
-  - KeReadStateEvent
-  - MmMapLockedPages
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeSetEvent
-  - KeInitializeEvent
-  - KeReleaseSpinLock
-  - IoDetachDevice
-  - MmBuildMdlForNonPagedPool
-  - IoFreeMdl
-  - IoCancelIrp
-  - KeDelayExecutionThread
-  - ObQueryNameString
-  - IoDriverObjectType
-  - wcsstr
-  - MmMapLockedPagesSpecifyCache
-  - ExInterlockedInsertHeadList
-  - ExAllocatePool
-  - ExInterlockedInsertTailList
-  - PoStartNextPowerIrp
-  - IoUnregisterPlugPlayNotification
-  - IofCompleteRequest
-  - ObReferenceObjectByHandle
-  - IoAttachDeviceToDeviceStack
-  - PoCallDriver
-  - ExInterlockedRemoveHeadList
-  - IoCreateSymbolicLink
-  - ObfDereferenceObject
-  - ObReferenceObjectByName
-  - IoCreateDevice
-  - DbgPrint
-  - IoAllocateMdl
-  - IofCallDriver
-  - KeAcquireSpinLockRaiseToDpc
-  - KeBugCheckEx
-  - __C_specific_handler
-  Imports:
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: f783cf9084f1cefa87e9e5a302d4d18a
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: a53e7b4810b8e8a6646827967165e841
-    SHA1: 6e089a0ffce20d92395e42c69b619bf59c140999
-    SHA256: 6d1066a1530eeb73686043235fe52052b0934d77e8e9ee471b0c67bfa61172c5
-  SHA1: c1e63efa1447b68a870962334c61cedd04db379b
-  SHA256: 93d99a5fbfc888c0a40a18946933121ae110229dcf206b4d17116a57e7cf4dc9
-  Sections:
-    .text:
-      Entropy: 6.286294718424334
-      Virtual Size: '0x1c97'
-    .rdata:
-      Entropy: 4.142075435632616
-      Virtual Size: '0x33c'
-    .data:
-      Entropy: 0.4316511568077503
-      Virtual Size: '0x150'
-    .pdata:
-      Entropy: 3.6825504342841513
-      Virtual Size: '0xd8'
-    INIT:
-      Entropy: 5.082788661818898
-      Virtual Size: '0x594'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: ??=CN, ??=Shanghai, ??=Private Organization, serialNumber=9131010707118381X9,
-        C=CN, ST=Shanghai, L=Shanghai, O=, CN=
-      ValidFrom: '2019-08-27 00:00:00'
-      ValidTo: '2022-08-19 12:00:00'
-      Signature: 3a72522da9ea787347ffe4ac96c364ffda35372ea83b3427ca0bb30d1478767ed738daaf84648998b3557ff959565e4000ffadb512d64361834b9ad550365a25a69f95ef9e7a4a38294ae14e9edd1724230f84b35deb1cedb5dc3f53d80ddfe9488df913ce93bf1a3989c325424bc35b601a0e85af646c3d764688e1922ba094b4c0e1de92186f4a0d0c1cad81673f9fca92b58e180101d9215fae80d2d42fe02c20fb1602a1cb72ec472d1d4725f1de0f76849cbd02cb7397920c623dbdebe4ea5d94b273ca1180cc5f29b45cc7c064a1bb7fa22f2d8e8e43d85c5e716481cb7beea87bb70eb5672220cec0ba61f08cbffb48114e48c11b1cdc3a13de5d221a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 09b92d7a420083c94eaf18145cfaedd1
-      Version: 3
-      TBS:
-        MD5: 62acdecc22447b159a7e2efb0350bd63
-        SHA1: ddd0bd1dded2c9189fc5b8563f8210deb83c590b
-        SHA256: ae3a19b6b64e739d5d2abb0e1471874b7d8b6b1e3f1e38ed483166a664355a4e
-        SHA384: 9af686e9341ce78dc60186100fa406916c8b90ea25a604401ffe99f3e2c4bfcf20e9106e1cfc05414972a2e069dae5e0
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA
-      ValidFrom: '2012-04-18 12:00:00'
-      ValidTo: '2027-04-18 12:00:00'
-      Signature: 9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0dd0e3374ac95bdbfa6b434b2a48ec06
-      Version: 3
-      TBS:
-        MD5: f92649915476229b093c211c2b18e6c4
-        SHA1: 2d54c16a8f8b69ccdea48d0603c132f547a5cf75
-        SHA256: 2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
-        SHA384: 511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace
-    Signer:
-    - SerialNumber: 09b92d7a420083c94eaf18145cfaedd1
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA
-      Version: 1
-  Imphash: b679ac08daf4b4ce8a58d85a8e0904ac
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 9c6ee2cfa1e9a7cf7a847c6d4b20f10e
-    SHA1: faa870b0cb15c9ac2b9bba5d0470bd501ccd4326
-    SHA256: 5c206b569b7059b7c32eb5fc36922cb435c2b16c8d96de1038c8bd298ed498fe
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2021-05-15 06:17:21'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - FwpmFilterAdd0
-  - FwpmFilterDeleteById0
-  - FwpsAcquireClassifyHandle0
-  - FwpmCalloutAdd0
-  - FwpsCompleteClassify0
-  - FwpsAcquireWritableLayerDataPointer0
-  - FwpsApplyModifiedLayerData0
-  - FwpmSubLayerDeleteByKey0
-  - FwpmSubLayerAdd0
-  - FwpmTransactionAbort0
-  - FwpmTransactionCommit0
-  - FwpmTransactionBegin0
-  - FwpmEngineClose0
-  - FwpmEngineOpen0
-  - FwpsCalloutUnregisterById0
-  - FwpsReleaseClassifyHandle0
-  - FwpsCalloutRegister1
-  - IoCreateFile
-  - IoFreeIrp
-  - IoGetRelatedDeviceObject
-  - ObReferenceObjectByHandle
-  - ObfDereferenceObject
-  - ZwQueryInformationFile
-  - ZwSetInformationFile
-  - ZwReadFile
-  - ZwWriteFile
-  - ZwClose
-  - IoFileObjectType
-  - KeEnterCriticalRegion
-  - KeLeaveCriticalRegion
-  - PsTerminateSystemThread
-  - KeSetBasePriorityThread
-  - sprintf
-  - CmUnRegisterCallback
-  - CmRegisterCallbackEx
-  - CmCallbackGetKeyObjectID
-  - MmIsAddressValid
-  - strlen
-  - strncmp
-  - strncpy
-  - wcscat
-  - wcslen
-  - wcsncmp
-  - RtlInitAnsiString
-  - strcat
-  - strcmp
-  - strncat
-  - IoAllocateIrp
-  - ExAcquireSpinLockExclusive
-  - ExReleaseSpinLockExclusive
-  - wcscpy
-  - RtlAnsiStringToUnicodeString
-  - RtlFreeUnicodeString
-  - RtlCreateSecurityDescriptor
-  - RtlSetDaclSecurityDescriptor
-  - KeResetEvent
-  - KeInitializeTimerEx
-  - KeSetTimerEx
-  - PsCreateSystemThread
-  - ZwCreateKey
-  - ZwOpenKey
-  - ZwFlushKey
-  - ZwQueryValueKey
-  - ZwSetValueKey
-  - NtQueryInformationToken
-  - RtlLengthSid
-  - RtlConvertSidToUnicodeString
-  - RtlCreateAcl
-  - RtlAddAccessAllowedAce
-  - RtlSetOwnerSecurityDescriptor
-  - PsLookupProcessByProcessId
-  - ObOpenObjectByPointer
-  - ZwOpenProcessTokenEx
-  - ZwSetSecurityObject
-  - PsGetProcessImageFileName
-  - PsProcessType
-  - SeExports
-  - strchr
-  - strncpy_s
-  - MmProbeAndLockPages
-  - MmUnlockPages
-  - IoAllocateMdl
-  - IoFreeMdl
-  - IoReuseIrp
-  - __C_specific_handler
-  - IofCallDriver
-  - ExAllocatePoolWithTag
-  - KeWaitForSingleObject
-  - KeSetEvent
-  - KeInitializeEvent
-  - IoDeleteSymbolicLink
-  - KeBugCheckEx
-  - RtlCopyUnicodeString
-  - ExFreePoolWithTag
-  - RtlInitUnicodeString
-  - strcpy
-  - strstr
-  - WskCaptureProviderNPI
-  - WskReleaseProviderNPI
-  - WskDeregister
-  - WskRegister
-  - WdfVersionBind
-  - WdfVersionBindClass
-  - WdfVersionUnbindClass
-  - WdfVersionUnbind
-  Imports:
-  - fwpkclnt.sys
-  - ntoskrnl.exe
-  - NETIO.SYS
-  - WDFLDR.SYS
-  InternalName: ''
-  MD5: 1814c4b16c8c3e746a185daaa5099ebc
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 85bc198af7e82d3ad73505bc7086be84
-    SHA1: e652b262f08c568106765e202ea0142129765004
-    SHA256: 4130707eedc8cb72f6c5703feee7b8bfbdbe7dc34630d6dc33a0f92da20bdb66
-  SHA1: 9065b63f7d1b7eac160c10d6f30a097613c29f12
-  SHA256: 0123c7f12dd7530d55aee49949ff1fee911c9689bd04591684aa641882589785
-  Sections:
-    .text:
-      Entropy: 6.3151171440822305
-      Virtual Size: '0x6722'
-    .rdata:
-      Entropy: 4.567171752554631
-      Virtual Size: '0xefc'
-    .data:
-      Entropy: 0.6671648510441038
-      Virtual Size: '0xbb18'
-    .pdata:
-      Entropy: 4.417141719623935
-      Virtual Size: '0x630'
-    INIT:
-      Entropy: 5.171869742524338
-      Virtual Size: '0xcb8'
-    .reloc:
-      Entropy: 3.6204816846131127
-      Virtual Size: '0x28'
-  Signature: ''
-  Signatures: {}
-  Imphash: d252001e327cf09463aba69fb4de2125
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 9c6ee2cfa1e9a7cf7a847c6d4b20f10e
-    SHA1: faa870b0cb15c9ac2b9bba5d0470bd501ccd4326
-    SHA256: 5c206b569b7059b7c32eb5fc36922cb435c2b16c8d96de1038c8bd298ed498fe
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2021-05-15 06:17:21'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - FwpmFilterAdd0
-  - FwpmFilterDeleteById0
-  - FwpsAcquireClassifyHandle0
-  - FwpmCalloutAdd0
-  - FwpsCompleteClassify0
-  - FwpsAcquireWritableLayerDataPointer0
-  - FwpsApplyModifiedLayerData0
-  - FwpmSubLayerDeleteByKey0
-  - FwpmSubLayerAdd0
-  - FwpmTransactionAbort0
-  - FwpmTransactionCommit0
-  - FwpmTransactionBegin0
-  - FwpmEngineClose0
-  - FwpmEngineOpen0
-  - FwpsCalloutUnregisterById0
-  - FwpsReleaseClassifyHandle0
-  - FwpsCalloutRegister1
-  - IoCreateFile
-  - IoFreeIrp
-  - IoGetRelatedDeviceObject
-  - ObReferenceObjectByHandle
-  - ObfDereferenceObject
-  - ZwQueryInformationFile
-  - ZwSetInformationFile
-  - ZwReadFile
-  - ZwWriteFile
-  - ZwClose
-  - IoFileObjectType
-  - KeEnterCriticalRegion
-  - KeLeaveCriticalRegion
-  - PsTerminateSystemThread
-  - KeSetBasePriorityThread
-  - sprintf
-  - CmUnRegisterCallback
-  - CmRegisterCallbackEx
-  - CmCallbackGetKeyObjectID
-  - MmIsAddressValid
-  - strlen
-  - strncmp
-  - strncpy
-  - wcscat
-  - wcslen
-  - wcsncmp
-  - RtlInitAnsiString
-  - strcat
-  - strcmp
-  - strncat
-  - IoAllocateIrp
-  - ExAcquireSpinLockExclusive
-  - ExReleaseSpinLockExclusive
-  - wcscpy
-  - RtlAnsiStringToUnicodeString
-  - RtlFreeUnicodeString
-  - RtlCreateSecurityDescriptor
-  - RtlSetDaclSecurityDescriptor
-  - KeResetEvent
-  - KeInitializeTimerEx
-  - KeSetTimerEx
-  - PsCreateSystemThread
-  - ZwCreateKey
-  - ZwOpenKey
-  - ZwFlushKey
-  - ZwQueryValueKey
-  - ZwSetValueKey
-  - NtQueryInformationToken
-  - RtlLengthSid
-  - RtlConvertSidToUnicodeString
-  - RtlCreateAcl
-  - RtlAddAccessAllowedAce
-  - RtlSetOwnerSecurityDescriptor
-  - PsLookupProcessByProcessId
-  - ObOpenObjectByPointer
-  - ZwOpenProcessTokenEx
-  - ZwSetSecurityObject
-  - PsGetProcessImageFileName
-  - PsProcessType
-  - SeExports
-  - strchr
-  - strncpy_s
-  - MmProbeAndLockPages
-  - MmUnlockPages
-  - IoAllocateMdl
-  - IoFreeMdl
-  - IoReuseIrp
-  - __C_specific_handler
-  - IofCallDriver
-  - ExAllocatePoolWithTag
-  - KeWaitForSingleObject
-  - KeSetEvent
-  - KeInitializeEvent
-  - IoDeleteSymbolicLink
-  - KeBugCheckEx
-  - RtlCopyUnicodeString
-  - ExFreePoolWithTag
-  - RtlInitUnicodeString
-  - strcpy
-  - strstr
-  - WskCaptureProviderNPI
-  - WskReleaseProviderNPI
-  - WskDeregister
-  - WskRegister
-  - WdfVersionBind
-  - WdfVersionBindClass
-  - WdfVersionUnbindClass
-  - WdfVersionUnbind
-  Imports:
-  - fwpkclnt.sys
-  - ntoskrnl.exe
-  - NETIO.SYS
-  - WDFLDR.SYS
-  InternalName: ''
-  MD5: 0bd3b9f55a2d3a13f506d9d8b970e0de
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 85bc198af7e82d3ad73505bc7086be84
-    SHA1: e652b262f08c568106765e202ea0142129765004
-    SHA256: 4130707eedc8cb72f6c5703feee7b8bfbdbe7dc34630d6dc33a0f92da20bdb66
-  SHA1: f023177aca17f6dc90fdd9588240cb16c70a9fe2
-  SHA256: 63d61549030fcf46ff1dc138122580b4364f0fe99e6b068bc6a3d6903656aff0
-  Sections:
-    .text:
-      Entropy: 6.3151171440822305
-      Virtual Size: '0x6722'
-    .rdata:
-      Entropy: 4.567171752554631
-      Virtual Size: '0xefc'
-    .data:
-      Entropy: 0.6671648510441038
-      Virtual Size: '0xbb18'
-    .pdata:
-      Entropy: 4.417141719623935
-      Virtual Size: '0x630'
-    INIT:
-      Entropy: 5.171869742524338
-      Virtual Size: '0xcb8'
-    .reloc:
-      Entropy: 3.6204816846131127
-      Virtual Size: '0x28'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Hardware Compatibility Publisher
-      ValidFrom: '2020-12-15 22:15:33'
-      ValidTo: '2021-12-02 22:15:33'
-      Signature: 0d2d53cd15a8feddcb17e2df1bf7dc1aef21e98c6cd220f58b593824849c134a0f1add59ce42ef80ddf47860273013604d9568ec5894a797bd4e571432a9aaf10ab04dd1c038b26ab7c5ca3a9c88d009267fab56254525546a0a055fb37b9cd8029c7d501809fc8b11482c7a4347b3ad29f35427c9570e87117db52cc94864259274b9e2e758f918a3af1fdb9f9d40ffa3ae2e2ae012fb97a436258642a2a4223dc6690db88103a6e5220646bd8afb3d12eb894ac28b527396a1965408487f6ab878b3c474b8c960842861ae8e799a3d2a8d6f918f50f8e26bb1ed6ced47be36e447574e8568582964ff31cd288b9c7f8d7e6a46d6c3d92f5c101fe1522a720c
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 33000000b5213fca1e4aa03de40000000000b5
-      Version: 3
-      TBS:
-        MD5: a0dd89c33c4973bf6758331e200fb6de
-        SHA1: 65ff7fa429c0f08f8a8bf30509e8ca2919d9edb5
-        SHA256: 29a7b646af062aee3bf37d1ba190211365116db7d7aa4cb87ba268843262ae47
-        SHA384: a7ac729302762483ea304ff2660a2ce2f5fa67cbbfc3f6df32a8feafa3852812c9bb8f7050140079aad1dec8119ee88e
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2012
-      ValidFrom: '2012-04-18 23:48:38'
-      ValidTo: '2027-04-18 23:58:38'
-      Signature: 5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 610baac1000000000009
-      Version: 3
-      TBS:
-        MD5: a569061297e8e824767dbc3184a69bea
-        SHA1: adbb26a587a8f44b4fccaecb306f980d1c55a150
-        SHA256: cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46
-        SHA384: e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba
-    Signer:
-    - SerialNumber: 33000000b5213fca1e4aa03de40000000000b5
-      Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2012
-      Version: 1
-  Imphash: d252001e327cf09463aba69fb4de2125
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: e03a070a426b0c2de53ea23bfc76086b
-    SHA1: 202d5a05e546740037f9a4dc2b21f71680c39d3b
-    SHA256: 0391107305d76eb9ddf1a5b3b3c50da361e8ab35b573dbd19bf9383436b9303e
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2021-04-09 00:29:46'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - FwpsAcquireClassifyHandle0
-  - FwpsReleaseClassifyHandle0
-  - FwpmFilterDeleteById0
-  - FwpsAcquireWritableLayerDataPointer0
-  - FwpsApplyModifiedLayerData0
-  - FwpmFilterAdd0
-  - FwpmCalloutAdd0
-  - FwpmSubLayerDeleteByKey0
-  - FwpmSubLayerAdd0
-  - FwpmTransactionAbort0
-  - FwpmTransactionCommit0
-  - FwpmTransactionBegin0
-  - FwpmEngineClose0
-  - FwpmEngineOpen0
-  - FwpsCalloutUnregisterById0
-  - FwpsCompleteClassify0
-  - FwpsCalloutRegister1
-  - memcpy
-  - KeGetCurrentThread
-  - KeInitializeEvent
-  - KeWaitForSingleObject
-  - IoAllocateIrp
-  - IofCallDriver
-  - IoCreateFile
-  - IoFreeIrp
-  - IoGetRelatedDeviceObject
-  - ObReferenceObjectByHandle
-  - ObfDereferenceObject
-  - ZwQueryInformationFile
-  - ZwSetInformationFile
-  - ZwReadFile
-  - ZwWriteFile
-  - ZwClose
-  - IoFileObjectType
-  - strchr
-  - strncat
-  - strncpy_s
-  - KeResetEvent
-  - MmProbeAndLockPages
-  - MmUnlockPages
-  - IoAllocateMdl
-  - IoFreeMdl
-  - IoReuseIrp
-  - memset
-  - sprintf
-  - KeEnterCriticalRegion
-  - KeLeaveCriticalRegion
-  - PsTerminateSystemThread
-  - KeSetBasePriorityThread
-  - CmUnRegisterCallback
-  - CmRegisterCallbackEx
-  - CmCallbackGetKeyObjectID
-  - strncmp
-  - strncpy
-  - wcsncmp
-  - ExAcquireSpinLockExclusive
-  - ExReleaseSpinLockExclusive
-  - RtlCreateSecurityDescriptor
-  - RtlSetDaclSecurityDescriptor
-  - KeInitializeTimerEx
-  - KeSetTimerEx
-  - PsCreateSystemThread
-  - ZwCreateKey
-  - ZwOpenKey
-  - ZwFlushKey
-  - ZwQueryValueKey
-  - ZwSetValueKey
-  - NtQueryInformationToken
-  - RtlLengthSid
-  - RtlConvertSidToUnicodeString
-  - RtlCreateAcl
-  - RtlAddAccessAllowedAce
-  - RtlSetOwnerSecurityDescriptor
-  - PsLookupProcessByProcessId
-  - ObOpenObjectByPointer
-  - ZwOpenProcessTokenEx
-  - ZwSetSecurityObject
-  - PsGetProcessImageFileName
-  - _allmul
-  - PsProcessType
-  - SeExports
-  - IoDeleteSymbolicLink
-  - RtlUnwind
-  - MmIsAddressValid
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - KeSetEvent
-  - RtlFreeUnicodeString
-  - KeBugCheckEx
-  - RtlAnsiStringToUnicodeString
-  - RtlCopyUnicodeString
-  - RtlInitUnicodeString
-  - RtlInitAnsiString
-  - strstr
-  - WskDeregister
-  - WskReleaseProviderNPI
-  - WskCaptureProviderNPI
-  - WskRegister
-  - KeGetCurrentIrql
-  - WdfVersionBind
-  - WdfVersionBindClass
-  - WdfVersionUnbindClass
-  - WdfVersionUnbind
-  Imports:
-  - fwpkclnt.sys
-  - ntoskrnl.exe
-  - NETIO.SYS
-  - HAL.dll
-  - WDFLDR.SYS
-  InternalName: ''
-  MD5: a07f5f368deb3569ec3129fa55da4041
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 48c184eea90f0f9d8a01e83867866680
-    SHA1: fadd2ab2dd0e54dd2328f37e313b3a7f50f58391
-    SHA256: a918abac8859e89b8f2d620f60f54921e2f156a401cfe171a609326331f60635
-  SHA1: a10ce0c717bfe0163eda2459964ad637d634de27
-  SHA256: 16b6be03495a4f4cf394194566bb02061fba2256cc04dcbde5aa6a17e41b7650
-  Sections:
-    .text:
-      Entropy: 6.564030296364231
-      Virtual Size: '0x5b62'
-    .rdata:
-      Entropy: 4.44659940311796
-      Virtual Size: '0x8c4'
-    .data:
-      Entropy: 1.2415415090465123
-      Virtual Size: '0x6f40'
-    INIT:
-      Entropy: 5.541103554795583
-      Virtual Size: '0xae6'
-    .reloc:
-      Entropy: 6.652737807428317
-      Virtual Size: '0x5e4'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Hardware Compatibility Publisher
-      ValidFrom: '2020-12-15 22:15:33'
-      ValidTo: '2021-12-02 22:15:33'
-      Signature: 0d2d53cd15a8feddcb17e2df1bf7dc1aef21e98c6cd220f58b593824849c134a0f1add59ce42ef80ddf47860273013604d9568ec5894a797bd4e571432a9aaf10ab04dd1c038b26ab7c5ca3a9c88d009267fab56254525546a0a055fb37b9cd8029c7d501809fc8b11482c7a4347b3ad29f35427c9570e87117db52cc94864259274b9e2e758f918a3af1fdb9f9d40ffa3ae2e2ae012fb97a436258642a2a4223dc6690db88103a6e5220646bd8afb3d12eb894ac28b527396a1965408487f6ab878b3c474b8c960842861ae8e799a3d2a8d6f918f50f8e26bb1ed6ced47be36e447574e8568582964ff31cd288b9c7f8d7e6a46d6c3d92f5c101fe1522a720c
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 33000000b5213fca1e4aa03de40000000000b5
-      Version: 3
-      TBS:
-        MD5: a0dd89c33c4973bf6758331e200fb6de
-        SHA1: 65ff7fa429c0f08f8a8bf30509e8ca2919d9edb5
-        SHA256: 29a7b646af062aee3bf37d1ba190211365116db7d7aa4cb87ba268843262ae47
-        SHA384: a7ac729302762483ea304ff2660a2ce2f5fa67cbbfc3f6df32a8feafa3852812c9bb8f7050140079aad1dec8119ee88e
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2012
-      ValidFrom: '2012-04-18 23:48:38'
-      ValidTo: '2027-04-18 23:58:38'
-      Signature: 5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 610baac1000000000009
-      Version: 3
-      TBS:
-        MD5: a569061297e8e824767dbc3184a69bea
-        SHA1: adbb26a587a8f44b4fccaecb306f980d1c55a150
-        SHA256: cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46
-        SHA384: e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba
-    Signer:
-    - SerialNumber: 33000000b5213fca1e4aa03de40000000000b5
-      Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2012
-      Version: 1
-  Imphash: 518e77c070ae21af7c558962cd1854a3
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 5064073c3f84f1569377081c4ad33867
-    SHA1: aca8e53483b40a06dfdee81bb364b1622f9156fe
-    SHA256: 3d31118a2e92377ecb632bd722132c04af4e65e24ff87743796c75eb07cfcd71
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2021-05-15 06:44:55'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - FwpsAcquireClassifyHandle0
-  - FwpsReleaseClassifyHandle0
-  - FwpmFilterDeleteById0
-  - FwpsAcquireWritableLayerDataPointer0
-  - FwpsApplyModifiedLayerData0
-  - FwpmFilterAdd0
-  - FwpmCalloutAdd0
-  - FwpmSubLayerDeleteByKey0
-  - FwpmSubLayerAdd0
-  - FwpmTransactionAbort0
-  - FwpmTransactionCommit0
-  - FwpmTransactionBegin0
-  - FwpmEngineClose0
-  - FwpmEngineOpen0
-  - FwpsCalloutUnregisterById0
-  - FwpsCompleteClassify0
-  - FwpsCalloutRegister1
-  - IofCallDriver
-  - IoCreateFile
-  - IoFreeIrp
-  - IoGetRelatedDeviceObject
-  - ObReferenceObjectByHandle
-  - ObfDereferenceObject
-  - ZwQueryInformationFile
-  - ZwSetInformationFile
-  - ZwReadFile
-  - ZwWriteFile
-  - ZwClose
-  - IoFileObjectType
-  - KeEnterCriticalRegion
-  - KeLeaveCriticalRegion
-  - PsTerminateSystemThread
-  - KeSetBasePriorityThread
-  - sprintf
-  - CmUnRegisterCallback
-  - CmRegisterCallbackEx
-  - CmCallbackGetKeyObjectID
-  - MmIsAddressValid
-  - strlen
-  - strncmp
-  - strncpy
-  - wcscat
-  - wcslen
-  - wcsncmp
-  - RtlInitAnsiString
-  - strcat
-  - strcmp
-  - strncat
-  - ExAllocatePoolWithTag
-  - ExAcquireSpinLockExclusive
-  - ExReleaseSpinLockExclusive
-  - wcscpy
-  - RtlAnsiStringToUnicodeString
-  - RtlFreeUnicodeString
-  - RtlCreateSecurityDescriptor
-  - RtlSetDaclSecurityDescriptor
-  - KeResetEvent
-  - KeInitializeTimerEx
-  - KeSetTimerEx
-  - PsCreateSystemThread
-  - ZwCreateKey
-  - ZwOpenKey
-  - ZwFlushKey
-  - ZwQueryValueKey
-  - ZwSetValueKey
-  - NtQueryInformationToken
-  - RtlLengthSid
-  - RtlConvertSidToUnicodeString
-  - RtlCreateAcl
-  - RtlAddAccessAllowedAce
-  - RtlSetOwnerSecurityDescriptor
-  - PsLookupProcessByProcessId
-  - ObOpenObjectByPointer
-  - ZwOpenProcessTokenEx
-  - ZwSetSecurityObject
-  - PsGetProcessImageFileName
-  - _allmul
-  - PsProcessType
-  - SeExports
-  - strchr
-  - strncpy_s
-  - MmProbeAndLockPages
-  - MmUnlockPages
-  - IoAllocateMdl
-  - IoFreeMdl
-  - IoReuseIrp
-  - IoAllocateIrp
-  - RtlUnwind
-  - KeWaitForSingleObject
-  - KeSetEvent
-  - KeInitializeEvent
-  - KeGetCurrentThread
-  - IoDeleteSymbolicLink
-  - KeBugCheckEx
-  - ExFreePoolWithTag
-  - RtlInitUnicodeString
-  - RtlCopyUnicodeString
-  - strcpy
-  - memset
-  - memcpy
-  - strstr
-  - WskDeregister
-  - WskReleaseProviderNPI
-  - WskCaptureProviderNPI
-  - WskRegister
-  - KeGetCurrentIrql
-  - WdfVersionBind
-  - WdfVersionBindClass
-  - WdfVersionUnbindClass
-  - WdfVersionUnbind
-  Imports:
-  - fwpkclnt.sys
-  - ntoskrnl.exe
-  - NETIO.SYS
-  - HAL.dll
-  - WDFLDR.SYS
-  InternalName: ''
-  MD5: cb34374f1b5fb771076872c6b14b7501
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: f0b684c190bdbac4aa311a7355122963
-    SHA1: b7866474ab0a322b84086fccf1948d5a8b7f03a0
-    SHA256: 33c5dfb8ba99a1d23f6a99cb34c04977b2455fa6c59e79dbad4d910516357bae
-  SHA1: 118f688c30a2f6c2d1feb955f53ce4acf3086b3b
-  SHA256: e0afb8b937a5907fbe55a1d1cc7574e9304007ef33fa80ff3896e997a1beaf37
-  Sections:
-    .text:
-      Entropy: 6.340579412340497
-      Virtual Size: '0x5de8'
-    .rdata:
-      Entropy: 4.565535020821956
-      Virtual Size: '0x5f4'
-    .data:
-      Entropy: 0.6890836305716007
-      Virtual Size: '0x9428'
-    INIT:
-      Entropy: 5.674405086792681
-      Virtual Size: '0xb48'
-    .reloc:
-      Entropy: 6.678416291453968
-      Virtual Size: '0x694'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Hardware Compatibility Publisher
-      ValidFrom: '2020-12-15 22:15:33'
-      ValidTo: '2021-12-02 22:15:33'
-      Signature: 0d2d53cd15a8feddcb17e2df1bf7dc1aef21e98c6cd220f58b593824849c134a0f1add59ce42ef80ddf47860273013604d9568ec5894a797bd4e571432a9aaf10ab04dd1c038b26ab7c5ca3a9c88d009267fab56254525546a0a055fb37b9cd8029c7d501809fc8b11482c7a4347b3ad29f35427c9570e87117db52cc94864259274b9e2e758f918a3af1fdb9f9d40ffa3ae2e2ae012fb97a436258642a2a4223dc6690db88103a6e5220646bd8afb3d12eb894ac28b527396a1965408487f6ab878b3c474b8c960842861ae8e799a3d2a8d6f918f50f8e26bb1ed6ced47be36e447574e8568582964ff31cd288b9c7f8d7e6a46d6c3d92f5c101fe1522a720c
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 33000000b5213fca1e4aa03de40000000000b5
-      Version: 3
-      TBS:
-        MD5: a0dd89c33c4973bf6758331e200fb6de
-        SHA1: 65ff7fa429c0f08f8a8bf30509e8ca2919d9edb5
-        SHA256: 29a7b646af062aee3bf37d1ba190211365116db7d7aa4cb87ba268843262ae47
-        SHA384: a7ac729302762483ea304ff2660a2ce2f5fa67cbbfc3f6df32a8feafa3852812c9bb8f7050140079aad1dec8119ee88e
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2012
-      ValidFrom: '2012-04-18 23:48:38'
-      ValidTo: '2027-04-18 23:58:38'
-      Signature: 5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 610baac1000000000009
-      Version: 3
-      TBS:
-        MD5: a569061297e8e824767dbc3184a69bea
-        SHA1: adbb26a587a8f44b4fccaecb306f980d1c55a150
-        SHA256: cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46
-        SHA384: e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba
-    Signer:
-    - SerialNumber: 33000000b5213fca1e4aa03de40000000000b5
-      Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2012
-      Version: 1
-  Imphash: b5403fb8687d7afd40fd8cf3b4dfe29b
-  LoadsDespiteHVCI: 'FALSE'
-MitreID: T1068
+    Command: ''
+    Description: Confirmed vulnerable driver from Microsoft Block List
+    OperatingSystem: Windows
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://gist.github.com/mgraeber-rc/1bde6a2a83237f17b463d051d32e802c
-Tags:
-- Netfilter.sys
-Verified: 'TRUE'
+Detection:
+-   type: ''
+    value: ''
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: d28a2c907981a32d7855fbf5e8e61c48
+        SHA1: 05ac1c64ca16ab0517fe85d4499d08199e63df26
+        SHA256: b430d3a0bdb837a5d6625d3b1cef07abd1953f969869ff6cf7ba398ae605431a
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2021-05-09 05:38:33'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - FwpsAcquireClassifyHandle0
+    - FwpsReleaseClassifyHandle0
+    - FwpmFilterDeleteById0
+    - FwpsAcquireWritableLayerDataPointer0
+    - FwpsApplyModifiedLayerData0
+    - FwpmFilterAdd0
+    - FwpmCalloutAdd0
+    - FwpmSubLayerDeleteByKey0
+    - FwpmSubLayerAdd0
+    - FwpmTransactionAbort0
+    - FwpmTransactionCommit0
+    - FwpmTransactionBegin0
+    - FwpmEngineClose0
+    - FwpmEngineOpen0
+    - FwpsCalloutUnregisterById0
+    - FwpsCompleteClassify0
+    - FwpsCalloutRegister1
+    - IofCallDriver
+    - IoCreateFile
+    - IoFreeIrp
+    - IoGetRelatedDeviceObject
+    - ObReferenceObjectByHandle
+    - ObfDereferenceObject
+    - ZwQueryInformationFile
+    - ZwSetInformationFile
+    - ZwReadFile
+    - ZwWriteFile
+    - ZwClose
+    - IoFileObjectType
+    - KeEnterCriticalRegion
+    - KeLeaveCriticalRegion
+    - PsTerminateSystemThread
+    - KeSetBasePriorityThread
+    - sprintf
+    - CmUnRegisterCallback
+    - CmRegisterCallbackEx
+    - CmCallbackGetKeyObjectID
+    - MmIsAddressValid
+    - strlen
+    - strncmp
+    - strncpy
+    - wcscat
+    - wcslen
+    - wcsncmp
+    - RtlInitAnsiString
+    - strcat
+    - strcmp
+    - strncat
+    - ExAllocatePoolWithTag
+    - ExAcquireSpinLockExclusive
+    - ExReleaseSpinLockExclusive
+    - wcscpy
+    - RtlAnsiStringToUnicodeString
+    - RtlFreeUnicodeString
+    - RtlCreateSecurityDescriptor
+    - RtlSetDaclSecurityDescriptor
+    - KeResetEvent
+    - KeInitializeTimerEx
+    - KeSetTimerEx
+    - PsCreateSystemThread
+    - ZwCreateKey
+    - ZwOpenKey
+    - ZwFlushKey
+    - ZwQueryValueKey
+    - ZwSetValueKey
+    - NtQueryInformationToken
+    - RtlLengthSid
+    - RtlConvertSidToUnicodeString
+    - RtlCreateAcl
+    - RtlAddAccessAllowedAce
+    - RtlSetOwnerSecurityDescriptor
+    - PsLookupProcessByProcessId
+    - ObOpenObjectByPointer
+    - ZwOpenProcessTokenEx
+    - ZwSetSecurityObject
+    - PsGetProcessImageFileName
+    - _allmul
+    - PsProcessType
+    - SeExports
+    - strchr
+    - strncpy_s
+    - MmProbeAndLockPages
+    - MmUnlockPages
+    - IoAllocateMdl
+    - IoFreeMdl
+    - IoReuseIrp
+    - IoAllocateIrp
+    - RtlUnwind
+    - KeWaitForSingleObject
+    - KeSetEvent
+    - KeInitializeEvent
+    - KeGetCurrentThread
+    - IoDeleteSymbolicLink
+    - KeBugCheckEx
+    - ExFreePoolWithTag
+    - RtlInitUnicodeString
+    - RtlCopyUnicodeString
+    - strcpy
+    - memset
+    - memcpy
+    - strstr
+    - WskDeregister
+    - WskReleaseProviderNPI
+    - WskCaptureProviderNPI
+    - WskRegister
+    - KeGetCurrentIrql
+    - WdfVersionBind
+    - WdfVersionBindClass
+    - WdfVersionUnbindClass
+    - WdfVersionUnbind
+    Imports:
+    - fwpkclnt.sys
+    - ntoskrnl.exe
+    - NETIO.SYS
+    - HAL.dll
+    - WDFLDR.SYS
+    InternalName: ''
+    MD5: 1e9f5515bff6f29d06694be4cd95a21c
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: f0b684c190bdbac4aa311a7355122963
+        SHA1: b7866474ab0a322b84086fccf1948d5a8b7f03a0
+        SHA256: 33c5dfb8ba99a1d23f6a99cb34c04977b2455fa6c59e79dbad4d910516357bae
+    SHA1: 919b22b086fb2718648e61274e7ae9535efa9a99
+    SHA256: 22da5a055b7b17c69def9f5af54e257c751507e7b6b9a835fcf6245ab90ae750
+    Sections:
+        .text:
+            Entropy: 6.340576773907242
+            Virtual Size: '0x5de8'
+        .rdata:
+            Entropy: 4.626365451667356
+            Virtual Size: '0x5fc'
+        .data:
+            Entropy: 0.6890836305716007
+            Virtual Size: '0x9428'
+        INIT:
+            Entropy: 5.674405086792681
+            Virtual Size: '0xb48'
+        .reloc:
+            Entropy: 6.678125183974352
+            Virtual Size: '0x694'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Hardware Compatibility Publisher
+            ValidFrom: '2020-12-15 22:15:33'
+            ValidTo: '2021-12-02 22:15:33'
+            Signature: 0d2d53cd15a8feddcb17e2df1bf7dc1aef21e98c6cd220f58b593824849c134a0f1add59ce42ef80ddf47860273013604d9568ec5894a797bd4e571432a9aaf10ab04dd1c038b26ab7c5ca3a9c88d009267fab56254525546a0a055fb37b9cd8029c7d501809fc8b11482c7a4347b3ad29f35427c9570e87117db52cc94864259274b9e2e758f918a3af1fdb9f9d40ffa3ae2e2ae012fb97a436258642a2a4223dc6690db88103a6e5220646bd8afb3d12eb894ac28b527396a1965408487f6ab878b3c474b8c960842861ae8e799a3d2a8d6f918f50f8e26bb1ed6ced47be36e447574e8568582964ff31cd288b9c7f8d7e6a46d6c3d92f5c101fe1522a720c
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 33000000b5213fca1e4aa03de40000000000b5
+            Version: 3
+            TBS:
+                MD5: a0dd89c33c4973bf6758331e200fb6de
+                SHA1: 65ff7fa429c0f08f8a8bf30509e8ca2919d9edb5
+                SHA256: 29a7b646af062aee3bf37d1ba190211365116db7d7aa4cb87ba268843262ae47
+                SHA384: a7ac729302762483ea304ff2660a2ce2f5fa67cbbfc3f6df32a8feafa3852812c9bb8f7050140079aad1dec8119ee88e
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2012
+            ValidFrom: '2012-04-18 23:48:38'
+            ValidTo: '2027-04-18 23:58:38'
+            Signature: 5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 610baac1000000000009
+            Version: 3
+            TBS:
+                MD5: a569061297e8e824767dbc3184a69bea
+                SHA1: adbb26a587a8f44b4fccaecb306f980d1c55a150
+                SHA256: cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46
+                SHA384: e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba
+        Signer:
+        -   SerialNumber: 33000000b5213fca1e4aa03de40000000000b5
+            Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2012
+            Version: 1
+    Imphash: b5403fb8687d7afd40fd8cf3b4dfe29b
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 5064073c3f84f1569377081c4ad33867
+        SHA1: aca8e53483b40a06dfdee81bb364b1622f9156fe
+        SHA256: 3d31118a2e92377ecb632bd722132c04af4e65e24ff87743796c75eb07cfcd71
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2021-05-15 06:44:55'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - FwpsAcquireClassifyHandle0
+    - FwpsReleaseClassifyHandle0
+    - FwpmFilterDeleteById0
+    - FwpsAcquireWritableLayerDataPointer0
+    - FwpsApplyModifiedLayerData0
+    - FwpmFilterAdd0
+    - FwpmCalloutAdd0
+    - FwpmSubLayerDeleteByKey0
+    - FwpmSubLayerAdd0
+    - FwpmTransactionAbort0
+    - FwpmTransactionCommit0
+    - FwpmTransactionBegin0
+    - FwpmEngineClose0
+    - FwpmEngineOpen0
+    - FwpsCalloutUnregisterById0
+    - FwpsCompleteClassify0
+    - FwpsCalloutRegister1
+    - IofCallDriver
+    - IoCreateFile
+    - IoFreeIrp
+    - IoGetRelatedDeviceObject
+    - ObReferenceObjectByHandle
+    - ObfDereferenceObject
+    - ZwQueryInformationFile
+    - ZwSetInformationFile
+    - ZwReadFile
+    - ZwWriteFile
+    - ZwClose
+    - IoFileObjectType
+    - KeEnterCriticalRegion
+    - KeLeaveCriticalRegion
+    - PsTerminateSystemThread
+    - KeSetBasePriorityThread
+    - sprintf
+    - CmUnRegisterCallback
+    - CmRegisterCallbackEx
+    - CmCallbackGetKeyObjectID
+    - MmIsAddressValid
+    - strlen
+    - strncmp
+    - strncpy
+    - wcscat
+    - wcslen
+    - wcsncmp
+    - RtlInitAnsiString
+    - strcat
+    - strcmp
+    - strncat
+    - ExAllocatePoolWithTag
+    - ExAcquireSpinLockExclusive
+    - ExReleaseSpinLockExclusive
+    - wcscpy
+    - RtlAnsiStringToUnicodeString
+    - RtlFreeUnicodeString
+    - RtlCreateSecurityDescriptor
+    - RtlSetDaclSecurityDescriptor
+    - KeResetEvent
+    - KeInitializeTimerEx
+    - KeSetTimerEx
+    - PsCreateSystemThread
+    - ZwCreateKey
+    - ZwOpenKey
+    - ZwFlushKey
+    - ZwQueryValueKey
+    - ZwSetValueKey
+    - NtQueryInformationToken
+    - RtlLengthSid
+    - RtlConvertSidToUnicodeString
+    - RtlCreateAcl
+    - RtlAddAccessAllowedAce
+    - RtlSetOwnerSecurityDescriptor
+    - PsLookupProcessByProcessId
+    - ObOpenObjectByPointer
+    - ZwOpenProcessTokenEx
+    - ZwSetSecurityObject
+    - PsGetProcessImageFileName
+    - _allmul
+    - PsProcessType
+    - SeExports
+    - strchr
+    - strncpy_s
+    - MmProbeAndLockPages
+    - MmUnlockPages
+    - IoAllocateMdl
+    - IoFreeMdl
+    - IoReuseIrp
+    - IoAllocateIrp
+    - RtlUnwind
+    - KeWaitForSingleObject
+    - KeSetEvent
+    - KeInitializeEvent
+    - KeGetCurrentThread
+    - IoDeleteSymbolicLink
+    - KeBugCheckEx
+    - ExFreePoolWithTag
+    - RtlInitUnicodeString
+    - RtlCopyUnicodeString
+    - strcpy
+    - memset
+    - memcpy
+    - strstr
+    - WskDeregister
+    - WskReleaseProviderNPI
+    - WskCaptureProviderNPI
+    - WskRegister
+    - KeGetCurrentIrql
+    - WdfVersionBind
+    - WdfVersionBindClass
+    - WdfVersionUnbindClass
+    - WdfVersionUnbind
+    Imports:
+    - fwpkclnt.sys
+    - ntoskrnl.exe
+    - NETIO.SYS
+    - HAL.dll
+    - WDFLDR.SYS
+    InternalName: ''
+    MD5: 4fbf95520d372ed081a16e1ccfb3c154
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: f0b684c190bdbac4aa311a7355122963
+        SHA1: b7866474ab0a322b84086fccf1948d5a8b7f03a0
+        SHA256: 33c5dfb8ba99a1d23f6a99cb34c04977b2455fa6c59e79dbad4d910516357bae
+    SHA1: 45f68dd09d129264abed173fcdd5c56e1147a977
+    SHA256: 23115b5b1d5511d59cdad75f863d65893304dc098848dcb149b69492f51b31f6
+    Sections:
+        .text:
+            Entropy: 6.340579412340497
+            Virtual Size: '0x5de8'
+        .rdata:
+            Entropy: 4.565535020821956
+            Virtual Size: '0x5f4'
+        .data:
+            Entropy: 0.6890836305716007
+            Virtual Size: '0x9428'
+        INIT:
+            Entropy: 5.674405086792681
+            Virtual Size: '0xb48'
+        .reloc:
+            Entropy: 6.678416291453968
+            Virtual Size: '0x694'
+    Signature: ''
+    Signatures: {}
+    Imphash: b5403fb8687d7afd40fd8cf3b4dfe29b
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 13e6bd0963191685d86aa909a5769b3f
+        SHA1: 3c20bb896fd16b5c698185fb176e820a448997b3
+        SHA256: cc383ad11e9d06047a1558ed343f389492da3ac2b84b71462aee502a2fa616c8
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2021-05-14 20:22:09'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - RtlInitUnicodeString
+    - IoDeleteSymbolicLink
+    - RtlCopyUnicodeString
+    - WdfVersionUnbindClass
+    - WdfVersionBindClass
+    - WdfVersionBind
+    - WdfVersionUnbind
+    Imports:
+    - ntoskrnl.exe
+    - WDFLDR.SYS
+    InternalName: ''
+    MD5: 46e5dfe28aeccc39ea893975d54e3d3b
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 6f68a8d35e578addef21fc78e0db33a2
+        SHA1: a033bd7a041b2df1f345fca32d98a86c0e4a56b6
+        SHA256: aaf6113599fa8837e1427737348e2c76b05a63fe85b5fbc5de8661d5e1f03cbe
+    SHA1: 0df5e8599b332a7927bd0a9d87ad9d6b5ad332fe
+    SHA256: f3efcf47681d9f96afcbc843a241c21a643b173c48270446f6fe634991a57847
+    Sections:
+        .text:
+            Entropy: 5.817981688831222
+            Virtual Size: '0x9ac'
+        .rdata:
+            Entropy: 3.8039387703024032
+            Virtual Size: '0x544'
+        .data:
+            Entropy: 0.6106954451479871
+            Virtual Size: '0xf58'
+        .pdata:
+            Entropy: 3.4419769857312277
+            Virtual Size: '0xb4'
+        INIT:
+            Entropy: 4.918280561548722
+            Virtual Size: '0x19e'
+        .reloc:
+            Entropy: 3.0841837197791877
+            Virtual Size: '0x28'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Hardware Compatibility Publisher
+            ValidFrom: '2020-12-15 22:15:33'
+            ValidTo: '2021-12-02 22:15:33'
+            Signature: 0d2d53cd15a8feddcb17e2df1bf7dc1aef21e98c6cd220f58b593824849c134a0f1add59ce42ef80ddf47860273013604d9568ec5894a797bd4e571432a9aaf10ab04dd1c038b26ab7c5ca3a9c88d009267fab56254525546a0a055fb37b9cd8029c7d501809fc8b11482c7a4347b3ad29f35427c9570e87117db52cc94864259274b9e2e758f918a3af1fdb9f9d40ffa3ae2e2ae012fb97a436258642a2a4223dc6690db88103a6e5220646bd8afb3d12eb894ac28b527396a1965408487f6ab878b3c474b8c960842861ae8e799a3d2a8d6f918f50f8e26bb1ed6ced47be36e447574e8568582964ff31cd288b9c7f8d7e6a46d6c3d92f5c101fe1522a720c
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 33000000b5213fca1e4aa03de40000000000b5
+            Version: 3
+            TBS:
+                MD5: a0dd89c33c4973bf6758331e200fb6de
+                SHA1: 65ff7fa429c0f08f8a8bf30509e8ca2919d9edb5
+                SHA256: 29a7b646af062aee3bf37d1ba190211365116db7d7aa4cb87ba268843262ae47
+                SHA384: a7ac729302762483ea304ff2660a2ce2f5fa67cbbfc3f6df32a8feafa3852812c9bb8f7050140079aad1dec8119ee88e
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2012
+            ValidFrom: '2012-04-18 23:48:38'
+            ValidTo: '2027-04-18 23:58:38'
+            Signature: 5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 610baac1000000000009
+            Version: 3
+            TBS:
+                MD5: a569061297e8e824767dbc3184a69bea
+                SHA1: adbb26a587a8f44b4fccaecb306f980d1c55a150
+                SHA256: cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46
+                SHA384: e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba
+        Signer:
+        -   SerialNumber: 33000000b5213fca1e4aa03de40000000000b5
+            Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2012
+            Version: 1
+    Imphash: 650fb6bf48d8b35397597d970226ca12
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 8c667904b9db9e69a637c55ae50decbd
+        SHA1: bc2f3850c7b858340d7ed27b90e63b036881fd6c
+        SHA256: f08ebddc11aefcb46082c239f8d97ceea247d846e22c4bcdd72af75c1cbc6b0b
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2021-05-15 06:46:21'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - FwpsAcquireClassifyHandle0
+    - FwpsReleaseClassifyHandle0
+    - FwpmFilterDeleteById0
+    - FwpsAcquireWritableLayerDataPointer0
+    - FwpsApplyModifiedLayerData0
+    - FwpmFilterAdd0
+    - FwpmCalloutAdd0
+    - FwpmSubLayerDeleteByKey0
+    - FwpmSubLayerAdd0
+    - FwpmTransactionAbort0
+    - FwpmTransactionCommit0
+    - FwpmTransactionBegin0
+    - FwpmEngineClose0
+    - FwpmEngineOpen0
+    - FwpsCalloutUnregisterById0
+    - FwpsCompleteClassify0
+    - FwpsCalloutRegister1
+    - IofCallDriver
+    - IoCreateFile
+    - IoFreeIrp
+    - IoGetRelatedDeviceObject
+    - ObReferenceObjectByHandle
+    - ObfDereferenceObject
+    - ZwQueryInformationFile
+    - ZwSetInformationFile
+    - ZwReadFile
+    - ZwWriteFile
+    - ZwClose
+    - IoFileObjectType
+    - KeEnterCriticalRegion
+    - KeLeaveCriticalRegion
+    - PsTerminateSystemThread
+    - KeSetBasePriorityThread
+    - sprintf
+    - CmUnRegisterCallback
+    - CmRegisterCallbackEx
+    - CmCallbackGetKeyObjectID
+    - MmIsAddressValid
+    - strlen
+    - strncmp
+    - strncpy
+    - wcscat
+    - wcslen
+    - wcsncmp
+    - RtlInitAnsiString
+    - strcat
+    - strcmp
+    - strncat
+    - ExAllocatePoolWithTag
+    - ExAcquireSpinLockExclusive
+    - ExReleaseSpinLockExclusive
+    - wcscpy
+    - RtlAnsiStringToUnicodeString
+    - RtlFreeUnicodeString
+    - RtlCreateSecurityDescriptor
+    - RtlSetDaclSecurityDescriptor
+    - KeResetEvent
+    - KeInitializeTimerEx
+    - KeSetTimerEx
+    - PsCreateSystemThread
+    - ZwCreateKey
+    - ZwOpenKey
+    - ZwFlushKey
+    - ZwQueryValueKey
+    - ZwSetValueKey
+    - NtQueryInformationToken
+    - RtlLengthSid
+    - RtlConvertSidToUnicodeString
+    - RtlCreateAcl
+    - RtlAddAccessAllowedAce
+    - RtlSetOwnerSecurityDescriptor
+    - PsLookupProcessByProcessId
+    - ObOpenObjectByPointer
+    - ZwOpenProcessTokenEx
+    - ZwSetSecurityObject
+    - PsGetProcessImageFileName
+    - _allmul
+    - PsProcessType
+    - SeExports
+    - strchr
+    - strncpy_s
+    - MmProbeAndLockPages
+    - MmUnlockPages
+    - IoAllocateMdl
+    - IoFreeMdl
+    - IoReuseIrp
+    - IoAllocateIrp
+    - RtlUnwind
+    - KeWaitForSingleObject
+    - KeSetEvent
+    - KeInitializeEvent
+    - KeGetCurrentThread
+    - IoDeleteSymbolicLink
+    - KeBugCheckEx
+    - ExFreePoolWithTag
+    - RtlInitUnicodeString
+    - RtlCopyUnicodeString
+    - strcpy
+    - memset
+    - memcpy
+    - strstr
+    - WskDeregister
+    - WskReleaseProviderNPI
+    - WskCaptureProviderNPI
+    - WskRegister
+    - KeGetCurrentIrql
+    - WdfVersionBind
+    - WdfVersionBindClass
+    - WdfVersionUnbindClass
+    - WdfVersionUnbind
+    Imports:
+    - fwpkclnt.sys
+    - ntoskrnl.exe
+    - NETIO.SYS
+    - HAL.dll
+    - WDFLDR.SYS
+    InternalName: ''
+    MD5: a01abca106a37eb4e7f96b1c4be38712
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: f0b684c190bdbac4aa311a7355122963
+        SHA1: b7866474ab0a322b84086fccf1948d5a8b7f03a0
+        SHA256: 33c5dfb8ba99a1d23f6a99cb34c04977b2455fa6c59e79dbad4d910516357bae
+    SHA1: 0f45c274b86bdcffba8d09a3cdfce974b10e3bfe
+    SHA256: cfe2dd2cf1eb8b79d3b4ae980cda6fd933979d47c837fda77256a24a41316468
+    Sections:
+        .text:
+            Entropy: 6.340579412340497
+            Virtual Size: '0x5de8'
+        .rdata:
+            Entropy: 4.572425708982675
+            Virtual Size: '0x5f4'
+        .data:
+            Entropy: 0.6890357570368669
+            Virtual Size: '0x9428'
+        INIT:
+            Entropy: 5.674405086792681
+            Virtual Size: '0xb48'
+        .reloc:
+            Entropy: 6.678416291453968
+            Virtual Size: '0x694'
+    Signature: ''
+    Signatures: {}
+    Imphash: b5403fb8687d7afd40fd8cf3b4dfe29b
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 086a664c2a188f4a1db40a1684597517
+        SHA1: 8241c9a5755a740811c8e8d2739b33146acd3e6d
+        SHA256: c56536f99207915e5a1f7d4f014ab942bd820e64ff7f371ad0462ef26ed27242
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2021-05-15 06:46:38'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - FwpmFilterAdd0
+    - FwpmFilterDeleteById0
+    - FwpsAcquireClassifyHandle0
+    - FwpmCalloutAdd0
+    - FwpsCompleteClassify0
+    - FwpsAcquireWritableLayerDataPointer0
+    - FwpsApplyModifiedLayerData0
+    - FwpmSubLayerDeleteByKey0
+    - FwpmSubLayerAdd0
+    - FwpmTransactionAbort0
+    - FwpmTransactionCommit0
+    - FwpmTransactionBegin0
+    - FwpmEngineClose0
+    - FwpmEngineOpen0
+    - FwpsCalloutUnregisterById0
+    - FwpsReleaseClassifyHandle0
+    - FwpsCalloutRegister1
+    - IoCreateFile
+    - IoFreeIrp
+    - IoGetRelatedDeviceObject
+    - ObReferenceObjectByHandle
+    - ObfDereferenceObject
+    - ZwQueryInformationFile
+    - ZwSetInformationFile
+    - ZwReadFile
+    - ZwWriteFile
+    - ZwClose
+    - IoFileObjectType
+    - KeEnterCriticalRegion
+    - KeLeaveCriticalRegion
+    - PsTerminateSystemThread
+    - KeSetBasePriorityThread
+    - sprintf
+    - CmUnRegisterCallback
+    - CmRegisterCallbackEx
+    - CmCallbackGetKeyObjectID
+    - MmIsAddressValid
+    - strlen
+    - strncmp
+    - strncpy
+    - wcscat
+    - wcslen
+    - wcsncmp
+    - RtlInitAnsiString
+    - strcat
+    - strcmp
+    - strncat
+    - IoAllocateIrp
+    - ExAcquireSpinLockExclusive
+    - ExReleaseSpinLockExclusive
+    - wcscpy
+    - RtlAnsiStringToUnicodeString
+    - RtlFreeUnicodeString
+    - RtlCreateSecurityDescriptor
+    - RtlSetDaclSecurityDescriptor
+    - KeResetEvent
+    - KeInitializeTimerEx
+    - KeSetTimerEx
+    - PsCreateSystemThread
+    - ZwCreateKey
+    - ZwOpenKey
+    - ZwFlushKey
+    - ZwQueryValueKey
+    - ZwSetValueKey
+    - NtQueryInformationToken
+    - RtlLengthSid
+    - RtlConvertSidToUnicodeString
+    - RtlCreateAcl
+    - RtlAddAccessAllowedAce
+    - RtlSetOwnerSecurityDescriptor
+    - PsLookupProcessByProcessId
+    - ObOpenObjectByPointer
+    - ZwOpenProcessTokenEx
+    - ZwSetSecurityObject
+    - PsGetProcessImageFileName
+    - PsProcessType
+    - SeExports
+    - strchr
+    - strncpy_s
+    - MmProbeAndLockPages
+    - MmUnlockPages
+    - IoAllocateMdl
+    - IoFreeMdl
+    - IoReuseIrp
+    - __C_specific_handler
+    - IofCallDriver
+    - ExAllocatePoolWithTag
+    - KeWaitForSingleObject
+    - KeSetEvent
+    - KeInitializeEvent
+    - IoDeleteSymbolicLink
+    - KeBugCheckEx
+    - RtlCopyUnicodeString
+    - ExFreePoolWithTag
+    - RtlInitUnicodeString
+    - strcpy
+    - strstr
+    - WskCaptureProviderNPI
+    - WskReleaseProviderNPI
+    - WskDeregister
+    - WskRegister
+    - WdfVersionBind
+    - WdfVersionBindClass
+    - WdfVersionUnbindClass
+    - WdfVersionUnbind
+    Imports:
+    - fwpkclnt.sys
+    - ntoskrnl.exe
+    - NETIO.SYS
+    - WDFLDR.SYS
+    InternalName: ''
+    MD5: 530f12f8058199964d0b41f1856185ec
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 85bc198af7e82d3ad73505bc7086be84
+        SHA1: e652b262f08c568106765e202ea0142129765004
+        SHA256: 4130707eedc8cb72f6c5703feee7b8bfbdbe7dc34630d6dc33a0f92da20bdb66
+    SHA1: 8b04023990d18dcd5cc4c5538b332b017f3962fc
+    SHA256: bbc58fd69ce5fed6691dd8d2084e9b728add808ffd5ea8b42ac284b686f77d9a
+    Sections:
+        .text:
+            Entropy: 6.3151171440822305
+            Virtual Size: '0x6722'
+        .rdata:
+            Entropy: 4.565306374693255
+            Virtual Size: '0xefc'
+        .data:
+            Entropy: 0.6671192572015003
+            Virtual Size: '0xbb18'
+        .pdata:
+            Entropy: 4.417141719623935
+            Virtual Size: '0x630'
+        INIT:
+            Entropy: 5.171869742524338
+            Virtual Size: '0xcb8'
+        .reloc:
+            Entropy: 3.6204816846131127
+            Virtual Size: '0x28'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Hardware Compatibility Publisher
+            ValidFrom: '2020-12-15 22:15:33'
+            ValidTo: '2021-12-02 22:15:33'
+            Signature: 0d2d53cd15a8feddcb17e2df1bf7dc1aef21e98c6cd220f58b593824849c134a0f1add59ce42ef80ddf47860273013604d9568ec5894a797bd4e571432a9aaf10ab04dd1c038b26ab7c5ca3a9c88d009267fab56254525546a0a055fb37b9cd8029c7d501809fc8b11482c7a4347b3ad29f35427c9570e87117db52cc94864259274b9e2e758f918a3af1fdb9f9d40ffa3ae2e2ae012fb97a436258642a2a4223dc6690db88103a6e5220646bd8afb3d12eb894ac28b527396a1965408487f6ab878b3c474b8c960842861ae8e799a3d2a8d6f918f50f8e26bb1ed6ced47be36e447574e8568582964ff31cd288b9c7f8d7e6a46d6c3d92f5c101fe1522a720c
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 33000000b5213fca1e4aa03de40000000000b5
+            Version: 3
+            TBS:
+                MD5: a0dd89c33c4973bf6758331e200fb6de
+                SHA1: 65ff7fa429c0f08f8a8bf30509e8ca2919d9edb5
+                SHA256: 29a7b646af062aee3bf37d1ba190211365116db7d7aa4cb87ba268843262ae47
+                SHA384: a7ac729302762483ea304ff2660a2ce2f5fa67cbbfc3f6df32a8feafa3852812c9bb8f7050140079aad1dec8119ee88e
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2012
+            ValidFrom: '2012-04-18 23:48:38'
+            ValidTo: '2027-04-18 23:58:38'
+            Signature: 5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 610baac1000000000009
+            Version: 3
+            TBS:
+                MD5: a569061297e8e824767dbc3184a69bea
+                SHA1: adbb26a587a8f44b4fccaecb306f980d1c55a150
+                SHA256: cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46
+                SHA384: e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba
+        Signer:
+        -   SerialNumber: 33000000b5213fca1e4aa03de40000000000b5
+            Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2012
+            Version: 1
+    Imphash: d252001e327cf09463aba69fb4de2125
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 086a664c2a188f4a1db40a1684597517
+        SHA1: 8241c9a5755a740811c8e8d2739b33146acd3e6d
+        SHA256: c56536f99207915e5a1f7d4f014ab942bd820e64ff7f371ad0462ef26ed27242
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2021-05-15 06:46:38'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - FwpmFilterAdd0
+    - FwpmFilterDeleteById0
+    - FwpsAcquireClassifyHandle0
+    - FwpmCalloutAdd0
+    - FwpsCompleteClassify0
+    - FwpsAcquireWritableLayerDataPointer0
+    - FwpsApplyModifiedLayerData0
+    - FwpmSubLayerDeleteByKey0
+    - FwpmSubLayerAdd0
+    - FwpmTransactionAbort0
+    - FwpmTransactionCommit0
+    - FwpmTransactionBegin0
+    - FwpmEngineClose0
+    - FwpmEngineOpen0
+    - FwpsCalloutUnregisterById0
+    - FwpsReleaseClassifyHandle0
+    - FwpsCalloutRegister1
+    - IoCreateFile
+    - IoFreeIrp
+    - IoGetRelatedDeviceObject
+    - ObReferenceObjectByHandle
+    - ObfDereferenceObject
+    - ZwQueryInformationFile
+    - ZwSetInformationFile
+    - ZwReadFile
+    - ZwWriteFile
+    - ZwClose
+    - IoFileObjectType
+    - KeEnterCriticalRegion
+    - KeLeaveCriticalRegion
+    - PsTerminateSystemThread
+    - KeSetBasePriorityThread
+    - sprintf
+    - CmUnRegisterCallback
+    - CmRegisterCallbackEx
+    - CmCallbackGetKeyObjectID
+    - MmIsAddressValid
+    - strlen
+    - strncmp
+    - strncpy
+    - wcscat
+    - wcslen
+    - wcsncmp
+    - RtlInitAnsiString
+    - strcat
+    - strcmp
+    - strncat
+    - IoAllocateIrp
+    - ExAcquireSpinLockExclusive
+    - ExReleaseSpinLockExclusive
+    - wcscpy
+    - RtlAnsiStringToUnicodeString
+    - RtlFreeUnicodeString
+    - RtlCreateSecurityDescriptor
+    - RtlSetDaclSecurityDescriptor
+    - KeResetEvent
+    - KeInitializeTimerEx
+    - KeSetTimerEx
+    - PsCreateSystemThread
+    - ZwCreateKey
+    - ZwOpenKey
+    - ZwFlushKey
+    - ZwQueryValueKey
+    - ZwSetValueKey
+    - NtQueryInformationToken
+    - RtlLengthSid
+    - RtlConvertSidToUnicodeString
+    - RtlCreateAcl
+    - RtlAddAccessAllowedAce
+    - RtlSetOwnerSecurityDescriptor
+    - PsLookupProcessByProcessId
+    - ObOpenObjectByPointer
+    - ZwOpenProcessTokenEx
+    - ZwSetSecurityObject
+    - PsGetProcessImageFileName
+    - PsProcessType
+    - SeExports
+    - strchr
+    - strncpy_s
+    - MmProbeAndLockPages
+    - MmUnlockPages
+    - IoAllocateMdl
+    - IoFreeMdl
+    - IoReuseIrp
+    - __C_specific_handler
+    - IofCallDriver
+    - ExAllocatePoolWithTag
+    - KeWaitForSingleObject
+    - KeSetEvent
+    - KeInitializeEvent
+    - IoDeleteSymbolicLink
+    - KeBugCheckEx
+    - RtlCopyUnicodeString
+    - ExFreePoolWithTag
+    - RtlInitUnicodeString
+    - strcpy
+    - strstr
+    - WskCaptureProviderNPI
+    - WskReleaseProviderNPI
+    - WskDeregister
+    - WskRegister
+    - WdfVersionBind
+    - WdfVersionBindClass
+    - WdfVersionUnbindClass
+    - WdfVersionUnbind
+    Imports:
+    - fwpkclnt.sys
+    - ntoskrnl.exe
+    - NETIO.SYS
+    - WDFLDR.SYS
+    InternalName: ''
+    MD5: 3ce1153adde6ca1fa17679d9f00b4de0
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 85bc198af7e82d3ad73505bc7086be84
+        SHA1: e652b262f08c568106765e202ea0142129765004
+        SHA256: 4130707eedc8cb72f6c5703feee7b8bfbdbe7dc34630d6dc33a0f92da20bdb66
+    SHA1: 56086ede8efe41322b829aaec81df6ef317809e7
+    SHA256: 16e68d2fa75a4e04872be42e2b54c041e43ab3409096741690520417e3368aa6
+    Sections:
+        .text:
+            Entropy: 6.3151171440822305
+            Virtual Size: '0x6722'
+        .rdata:
+            Entropy: 4.565306374693255
+            Virtual Size: '0xefc'
+        .data:
+            Entropy: 0.6671192572015003
+            Virtual Size: '0xbb18'
+        .pdata:
+            Entropy: 4.417141719623935
+            Virtual Size: '0x630'
+        INIT:
+            Entropy: 5.171869742524338
+            Virtual Size: '0xcb8'
+        .reloc:
+            Entropy: 3.6204816846131127
+            Virtual Size: '0x28'
+    Signature: ''
+    Signatures: {}
+    Imphash: d252001e327cf09463aba69fb4de2125
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 952d13ef24460cf6d9f7ce78005bc918
+        SHA1: 3debe170b5a113407f9e86ee6ed9ae00c3d82c9f
+        SHA256: 221dfbc74bbb255b0879360ccc71a74b756b2e0f16e9386b38a9ce9d4e2e34f9
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2021-05-15 01:06:29'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - FwpmTransactionCommit0
+    - FwpmTransactionAbort0
+    - FwpmSubLayerAdd0
+    - FwpmSubLayerDeleteByKey0
+    - FwpmCalloutAdd0
+    - FwpmTransactionBegin0
+    - FwpmFilterDeleteById0
+    - FwpmEngineClose0
+    - FwpmEngineOpen0
+    - FwpsCalloutUnregisterById0
+    - FwpmFilterAdd0
+    - FwpsCalloutRegister1
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - KeSetEvent
+    - KeEnterCriticalRegion
+    - KeLeaveCriticalRegion
+    - PsTerminateSystemThread
+    - KeSetBasePriorityThread
+    - KeInitializeTimerEx
+    - KeSetTimerEx
+    - PsCreateSystemThread
+    - ZwCreateKey
+    - ZwFlushKey
+    - ZwSetValueKey
+    - MmIsAddressValid
+    - KeWaitForSingleObject
+    - KeBugCheckEx
+    - RtlCopyUnicodeString
+    - KeInitializeEvent
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - ZwClose
+    - WdfVersionBind
+    - WdfVersionBindClass
+    - WdfVersionUnbindClass
+    - WdfVersionUnbind
+    Imports:
+    - fwpkclnt.sys
+    - ntoskrnl.exe
+    - WDFLDR.SYS
+    InternalName: ''
+    MD5: 2ff65eaca2ace4d13d0c7db521120e51
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 4515084119c0d55b8843fcbe64611276
+        SHA1: 78482066a1bb564c20bb2361adb896a05dbaaec9
+        SHA256: e78ad40b7b64192da4009a3335caba162323bb5f86e38532eed33957951248b0
+    SHA1: a9c16b188132cdf9e9d02ddda7727a241dc43ce2
+    SHA256: 04a269dd0a03e32e5b2a1c8ab0768791962e040d080d44dc44dab01dd7954f2b
+    Sections:
+        .text:
+            Entropy: 6.004652069757254
+            Virtual Size: '0x16ea'
+        .rdata:
+            Entropy: 4.089109208356412
+            Virtual Size: '0x754'
+        .data:
+            Entropy: 0.6753101114175523
+            Virtual Size: '0x36d8'
+        .pdata:
+            Entropy: 3.8774173817774784
+            Virtual Size: '0x1bc'
+        INIT:
+            Entropy: 5.066163615261483
+            Virtual Size: '0x530'
+        .reloc:
+            Entropy: 3.047012012247794
+            Virtual Size: '0x28'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Hardware Compatibility Publisher
+            ValidFrom: '2020-12-15 22:15:33'
+            ValidTo: '2021-12-02 22:15:33'
+            Signature: 0d2d53cd15a8feddcb17e2df1bf7dc1aef21e98c6cd220f58b593824849c134a0f1add59ce42ef80ddf47860273013604d9568ec5894a797bd4e571432a9aaf10ab04dd1c038b26ab7c5ca3a9c88d009267fab56254525546a0a055fb37b9cd8029c7d501809fc8b11482c7a4347b3ad29f35427c9570e87117db52cc94864259274b9e2e758f918a3af1fdb9f9d40ffa3ae2e2ae012fb97a436258642a2a4223dc6690db88103a6e5220646bd8afb3d12eb894ac28b527396a1965408487f6ab878b3c474b8c960842861ae8e799a3d2a8d6f918f50f8e26bb1ed6ced47be36e447574e8568582964ff31cd288b9c7f8d7e6a46d6c3d92f5c101fe1522a720c
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 33000000b5213fca1e4aa03de40000000000b5
+            Version: 3
+            TBS:
+                MD5: a0dd89c33c4973bf6758331e200fb6de
+                SHA1: 65ff7fa429c0f08f8a8bf30509e8ca2919d9edb5
+                SHA256: 29a7b646af062aee3bf37d1ba190211365116db7d7aa4cb87ba268843262ae47
+                SHA384: a7ac729302762483ea304ff2660a2ce2f5fa67cbbfc3f6df32a8feafa3852812c9bb8f7050140079aad1dec8119ee88e
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2012
+            ValidFrom: '2012-04-18 23:48:38'
+            ValidTo: '2027-04-18 23:58:38'
+            Signature: 5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 610baac1000000000009
+            Version: 3
+            TBS:
+                MD5: a569061297e8e824767dbc3184a69bea
+                SHA1: adbb26a587a8f44b4fccaecb306f980d1c55a150
+                SHA256: cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46
+                SHA384: e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba
+        Signer:
+        -   SerialNumber: 33000000b5213fca1e4aa03de40000000000b5
+            Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2012
+            Version: 1
+    Imphash: 40758fe0a03b654da35a5f035d0343c5
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 8ed8507c953e60b61f022350417236fa
+        SHA1: 2c27abbbbcf10dfb75ad79557e30ace5ed314df8
+        SHA256: 7f1772bdf7dd81cb00d30159d19d4eb9160b54d7609b36f781d08ca3afbd29a7
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2021-03-27 02:41:44'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - FwpmFilterAdd0
+    - FwpmFilterDeleteById0
+    - FwpsAcquireClassifyHandle0
+    - FwpmCalloutAdd0
+    - FwpsCompleteClassify0
+    - FwpsAcquireWritableLayerDataPointer0
+    - FwpsApplyModifiedLayerData0
+    - FwpmSubLayerDeleteByKey0
+    - FwpmSubLayerAdd0
+    - FwpmTransactionAbort0
+    - FwpmTransactionCommit0
+    - FwpmTransactionBegin0
+    - FwpmEngineClose0
+    - FwpmEngineOpen0
+    - FwpsCalloutUnregisterById0
+    - FwpsReleaseClassifyHandle0
+    - FwpsCalloutRegister1
+    - KeInitializeEvent
+    - KeWaitForSingleObject
+    - IoAllocateIrp
+    - IofCallDriver
+    - IoCreateFile
+    - IoFreeIrp
+    - IoGetRelatedDeviceObject
+    - ObReferenceObjectByHandle
+    - ObfDereferenceObject
+    - ZwQueryInformationFile
+    - ZwSetInformationFile
+    - ZwReadFile
+    - ZwWriteFile
+    - ZwClose
+    - IoFileObjectType
+    - strchr
+    - strncat
+    - strncpy_s
+    - strstr
+    - KeResetEvent
+    - MmProbeAndLockPages
+    - MmUnlockPages
+    - IoAllocateMdl
+    - IoFreeMdl
+    - IoReuseIrp
+    - __C_specific_handler
+    - MmIsAddressValid
+    - sprintf
+    - KeEnterCriticalRegion
+    - KeLeaveCriticalRegion
+    - PsTerminateSystemThread
+    - KeSetBasePriorityThread
+    - CmUnRegisterCallback
+    - CmRegisterCallbackEx
+    - CmCallbackGetKeyObjectID
+    - strncmp
+    - strncpy
+    - wcsncmp
+    - ExAcquireSpinLockExclusive
+    - ExReleaseSpinLockExclusive
+    - RtlCreateSecurityDescriptor
+    - RtlSetDaclSecurityDescriptor
+    - KeInitializeTimerEx
+    - KeSetTimerEx
+    - PsCreateSystemThread
+    - ZwCreateKey
+    - ZwOpenKey
+    - ZwFlushKey
+    - ZwQueryValueKey
+    - ZwSetValueKey
+    - NtQueryInformationToken
+    - RtlLengthSid
+    - RtlConvertSidToUnicodeString
+    - RtlCreateAcl
+    - RtlAddAccessAllowedAce
+    - RtlSetOwnerSecurityDescriptor
+    - PsLookupProcessByProcessId
+    - ObOpenObjectByPointer
+    - ZwOpenProcessTokenEx
+    - ZwSetSecurityObject
+    - PsGetProcessImageFileName
+    - PsProcessType
+    - SeExports
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - KeSetEvent
+    - RtlFreeUnicodeString
+    - KeBugCheckEx
+    - RtlCopyUnicodeString
+    - RtlAnsiStringToUnicodeString
+    - RtlInitUnicodeString
+    - RtlInitAnsiString
+    - WskCaptureProviderNPI
+    - WskReleaseProviderNPI
+    - WskDeregister
+    - WskRegister
+    - WdfVersionBind
+    - WdfVersionBindClass
+    - WdfVersionUnbindClass
+    - WdfVersionUnbind
+    Imports:
+    - fwpkclnt.sys
+    - ntoskrnl.exe
+    - NETIO.SYS
+    - WDFLDR.SYS
+    InternalName: ''
+    MD5: e3fb0f73f17f1fe04ae8fa9448d2f92b
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: b324bb3bfe051a8ce6eaa984b648d37e
+        SHA1: 5ca6f0de15e83eadef9ab16f19d18b89fbc171fb
+        SHA256: c6eea0ec611fb1f51ab52e0625649f40428c2bcb8865f0b89ca9f1900f6c53f2
+    SHA1: 4656f21f4093a72864b12ad6783a640ec9d4adff
+    SHA256: 40c45c9b1c764777096b59f99ae524cbd25b88c805187e615c3ed6840f3d4c15
+    Sections:
+        .text:
+            Entropy: 6.346151239727315
+            Virtual Size: '0x6958'
+        .rdata:
+            Entropy: 4.682011637139368
+            Virtual Size: '0x11bc'
+        .data:
+            Entropy: 1.4664164031598028
+            Virtual Size: '0x9468'
+        .pdata:
+            Entropy: 4.418309034702974
+            Virtual Size: '0x60c'
+        INIT:
+            Entropy: 5.255249066470295
+            Virtual Size: '0xc3a'
+        .reloc:
+            Entropy: 3.7366309574076895
+            Virtual Size: '0x3c'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Hardware Compatibility Publisher
+            ValidFrom: '2020-12-15 22:15:33'
+            ValidTo: '2021-12-02 22:15:33'
+            Signature: 0d2d53cd15a8feddcb17e2df1bf7dc1aef21e98c6cd220f58b593824849c134a0f1add59ce42ef80ddf47860273013604d9568ec5894a797bd4e571432a9aaf10ab04dd1c038b26ab7c5ca3a9c88d009267fab56254525546a0a055fb37b9cd8029c7d501809fc8b11482c7a4347b3ad29f35427c9570e87117db52cc94864259274b9e2e758f918a3af1fdb9f9d40ffa3ae2e2ae012fb97a436258642a2a4223dc6690db88103a6e5220646bd8afb3d12eb894ac28b527396a1965408487f6ab878b3c474b8c960842861ae8e799a3d2a8d6f918f50f8e26bb1ed6ced47be36e447574e8568582964ff31cd288b9c7f8d7e6a46d6c3d92f5c101fe1522a720c
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 33000000b5213fca1e4aa03de40000000000b5
+            Version: 3
+            TBS:
+                MD5: a0dd89c33c4973bf6758331e200fb6de
+                SHA1: 65ff7fa429c0f08f8a8bf30509e8ca2919d9edb5
+                SHA256: 29a7b646af062aee3bf37d1ba190211365116db7d7aa4cb87ba268843262ae47
+                SHA384: a7ac729302762483ea304ff2660a2ce2f5fa67cbbfc3f6df32a8feafa3852812c9bb8f7050140079aad1dec8119ee88e
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2012
+            ValidFrom: '2012-04-18 23:48:38'
+            ValidTo: '2027-04-18 23:58:38'
+            Signature: 5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 610baac1000000000009
+            Version: 3
+            TBS:
+                MD5: a569061297e8e824767dbc3184a69bea
+                SHA1: adbb26a587a8f44b4fccaecb306f980d1c55a150
+                SHA256: cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46
+                SHA384: e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba
+        Signer:
+        -   SerialNumber: 33000000b5213fca1e4aa03de40000000000b5
+            Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2012
+            Version: 1
+    Imphash: e938b727f5a033818337f7ba0584500f
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 1f5f357f730b5852b34876b01fb1d44e
+        SHA1: 4b8c0445075f09aeef542ab1c86e5de6b06e91a3
+        SHA256: 0988d366572a57b3015d875b60704517d05115580678e8f2e126f771eda28f7b
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2021-04-18 08:09:04'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - FwpmFilterAdd0
+    - FwpmFilterDeleteById0
+    - FwpsAcquireClassifyHandle0
+    - FwpmCalloutAdd0
+    - FwpsCompleteClassify0
+    - FwpsAcquireWritableLayerDataPointer0
+    - FwpsApplyModifiedLayerData0
+    - FwpmSubLayerDeleteByKey0
+    - FwpmSubLayerAdd0
+    - FwpmTransactionAbort0
+    - FwpmTransactionCommit0
+    - FwpmTransactionBegin0
+    - FwpmEngineClose0
+    - FwpmEngineOpen0
+    - FwpsCalloutUnregisterById0
+    - FwpsReleaseClassifyHandle0
+    - FwpsCalloutRegister1
+    - IoCreateFile
+    - IoFreeIrp
+    - IoGetRelatedDeviceObject
+    - ObReferenceObjectByHandle
+    - ObfDereferenceObject
+    - ZwQueryInformationFile
+    - ZwSetInformationFile
+    - ZwReadFile
+    - ZwWriteFile
+    - ZwClose
+    - IoFileObjectType
+    - KeEnterCriticalRegion
+    - KeLeaveCriticalRegion
+    - PsTerminateSystemThread
+    - KeSetBasePriorityThread
+    - sprintf
+    - CmUnRegisterCallback
+    - CmRegisterCallbackEx
+    - CmCallbackGetKeyObjectID
+    - MmIsAddressValid
+    - strlen
+    - strncmp
+    - strncpy
+    - wcscat
+    - wcslen
+    - wcsncmp
+    - RtlInitAnsiString
+    - strcat
+    - strcmp
+    - strncat
+    - IoAllocateIrp
+    - ExAcquireSpinLockExclusive
+    - ExReleaseSpinLockExclusive
+    - wcscpy
+    - RtlAnsiStringToUnicodeString
+    - RtlFreeUnicodeString
+    - RtlCreateSecurityDescriptor
+    - RtlSetDaclSecurityDescriptor
+    - KeResetEvent
+    - KeInitializeTimerEx
+    - KeSetTimerEx
+    - PsCreateSystemThread
+    - ZwCreateKey
+    - ZwOpenKey
+    - ZwFlushKey
+    - ZwQueryValueKey
+    - ZwSetValueKey
+    - NtQueryInformationToken
+    - RtlLengthSid
+    - RtlConvertSidToUnicodeString
+    - RtlCreateAcl
+    - RtlAddAccessAllowedAce
+    - RtlSetOwnerSecurityDescriptor
+    - PsLookupProcessByProcessId
+    - ObOpenObjectByPointer
+    - ZwOpenProcessTokenEx
+    - ZwSetSecurityObject
+    - PsGetProcessImageFileName
+    - PsProcessType
+    - SeExports
+    - strchr
+    - strncpy_s
+    - MmProbeAndLockPages
+    - MmUnlockPages
+    - IoAllocateMdl
+    - IoFreeMdl
+    - IoReuseIrp
+    - __C_specific_handler
+    - IofCallDriver
+    - ExAllocatePoolWithTag
+    - KeWaitForSingleObject
+    - KeSetEvent
+    - KeInitializeEvent
+    - IoDeleteSymbolicLink
+    - KeBugCheckEx
+    - RtlCopyUnicodeString
+    - ExFreePoolWithTag
+    - RtlInitUnicodeString
+    - strcpy
+    - strstr
+    - WskCaptureProviderNPI
+    - WskReleaseProviderNPI
+    - WskDeregister
+    - WskRegister
+    - WdfVersionBind
+    - WdfVersionBindClass
+    - WdfVersionUnbindClass
+    - WdfVersionUnbind
+    Imports:
+    - fwpkclnt.sys
+    - ntoskrnl.exe
+    - NETIO.SYS
+    - WDFLDR.SYS
+    InternalName: ''
+    MD5: a57e4e3a3fa46bbdbc9d803283af3479
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 85bc198af7e82d3ad73505bc7086be84
+        SHA1: e652b262f08c568106765e202ea0142129765004
+        SHA256: 4130707eedc8cb72f6c5703feee7b8bfbdbe7dc34630d6dc33a0f92da20bdb66
+    SHA1: 4ede7f018c317ddc6a5f8f935f917621668cb1ec
+    SHA256: f83c357106a7d1d055b5cb75c8414aa3219354deb16ae9ee7efe8ee4c8c670ca
+    Sections:
+        .text:
+            Entropy: 6.3151171440822305
+            Virtual Size: '0x6722'
+        .rdata:
+            Entropy: 4.597541961463757
+            Virtual Size: '0xf14'
+        .data:
+            Entropy: 0.6671192572015003
+            Virtual Size: '0xbb18'
+        .pdata:
+            Entropy: 4.427523715328472
+            Virtual Size: '0x630'
+        INIT:
+            Entropy: 5.171869742524338
+            Virtual Size: '0xcb8'
+        .reloc:
+            Entropy: 3.6204816846131127
+            Virtual Size: '0x28'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Hardware Compatibility Publisher
+            ValidFrom: '2020-12-15 22:15:33'
+            ValidTo: '2021-12-02 22:15:33'
+            Signature: 0d2d53cd15a8feddcb17e2df1bf7dc1aef21e98c6cd220f58b593824849c134a0f1add59ce42ef80ddf47860273013604d9568ec5894a797bd4e571432a9aaf10ab04dd1c038b26ab7c5ca3a9c88d009267fab56254525546a0a055fb37b9cd8029c7d501809fc8b11482c7a4347b3ad29f35427c9570e87117db52cc94864259274b9e2e758f918a3af1fdb9f9d40ffa3ae2e2ae012fb97a436258642a2a4223dc6690db88103a6e5220646bd8afb3d12eb894ac28b527396a1965408487f6ab878b3c474b8c960842861ae8e799a3d2a8d6f918f50f8e26bb1ed6ced47be36e447574e8568582964ff31cd288b9c7f8d7e6a46d6c3d92f5c101fe1522a720c
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 33000000b5213fca1e4aa03de40000000000b5
+            Version: 3
+            TBS:
+                MD5: a0dd89c33c4973bf6758331e200fb6de
+                SHA1: 65ff7fa429c0f08f8a8bf30509e8ca2919d9edb5
+                SHA256: 29a7b646af062aee3bf37d1ba190211365116db7d7aa4cb87ba268843262ae47
+                SHA384: a7ac729302762483ea304ff2660a2ce2f5fa67cbbfc3f6df32a8feafa3852812c9bb8f7050140079aad1dec8119ee88e
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2012
+            ValidFrom: '2012-04-18 23:48:38'
+            ValidTo: '2027-04-18 23:58:38'
+            Signature: 5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 610baac1000000000009
+            Version: 3
+            TBS:
+                MD5: a569061297e8e824767dbc3184a69bea
+                SHA1: adbb26a587a8f44b4fccaecb306f980d1c55a150
+                SHA256: cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46
+                SHA384: e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba
+        Signer:
+        -   SerialNumber: 33000000b5213fca1e4aa03de40000000000b5
+            Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2012
+            Version: 1
+    Imphash: d252001e327cf09463aba69fb4de2125
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: ace17016bb2aba11a9f8f73b2fc98642
+        SHA1: e014c6bebfda944ce3a58ab9fe055d4f9367d49c
+        SHA256: 651ffa0c7aff7b4a7695dddd209dc3e7f68156e29a14d3fcc17aef4f2a205dcc
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2021-03-17 07:13:37'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - FwpsAcquireClassifyHandle0
+    - FwpsReleaseClassifyHandle0
+    - FwpmFilterDeleteById0
+    - FwpsAcquireWritableLayerDataPointer0
+    - FwpsApplyModifiedLayerData0
+    - FwpmFilterAdd0
+    - FwpmCalloutAdd0
+    - FwpmSubLayerDeleteByKey0
+    - FwpmSubLayerAdd0
+    - FwpmTransactionAbort0
+    - FwpmTransactionCommit0
+    - FwpmTransactionBegin0
+    - FwpmEngineClose0
+    - FwpmEngineOpen0
+    - FwpsCalloutUnregisterById0
+    - FwpsCompleteClassify0
+    - FwpsCalloutRegister1
+    - KeGetCurrentThread
+    - KeInitializeEvent
+    - KeWaitForSingleObject
+    - IoAllocateIrp
+    - IofCallDriver
+    - IoCreateFile
+    - IoFreeIrp
+    - IoGetRelatedDeviceObject
+    - ObReferenceObjectByHandle
+    - ObfDereferenceObject
+    - ZwQueryInformationFile
+    - ZwSetInformationFile
+    - ZwReadFile
+    - ZwWriteFile
+    - ZwClose
+    - IoFileObjectType
+    - strchr
+    - strncat
+    - strncpy_s
+    - strstr
+    - KeResetEvent
+    - MmProbeAndLockPages
+    - MmUnlockPages
+    - IoAllocateMdl
+    - IoFreeMdl
+    - IoReuseIrp
+    - IoDeleteSymbolicLink
+    - sprintf
+    - KeEnterCriticalRegion
+    - KeLeaveCriticalRegion
+    - PsTerminateSystemThread
+    - KeSetBasePriorityThread
+    - CmUnRegisterCallback
+    - CmRegisterCallbackEx
+    - CmCallbackGetKeyObjectID
+    - strncmp
+    - strncpy
+    - wcsncmp
+    - ExAcquireSpinLockExclusive
+    - ExReleaseSpinLockExclusive
+    - RtlCreateSecurityDescriptor
+    - RtlSetDaclSecurityDescriptor
+    - KeInitializeTimerEx
+    - KeSetTimerEx
+    - PsCreateSystemThread
+    - ZwCreateKey
+    - ZwOpenKey
+    - ZwFlushKey
+    - ZwQueryValueKey
+    - ZwSetValueKey
+    - NtQueryInformationToken
+    - RtlLengthSid
+    - RtlConvertSidToUnicodeString
+    - RtlCreateAcl
+    - RtlAddAccessAllowedAce
+    - RtlSetOwnerSecurityDescriptor
+    - PsLookupProcessByProcessId
+    - ObOpenObjectByPointer
+    - ZwOpenProcessTokenEx
+    - ZwSetSecurityObject
+    - PsGetProcessImageFileName
+    - _allmul
+    - PsProcessType
+    - SeExports
+    - memcpy
+    - RtlUnwind
+    - memset
+    - MmIsAddressValid
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - KeSetEvent
+    - KeBugCheckEx
+    - RtlFreeUnicodeString
+    - RtlCopyUnicodeString
+    - RtlAnsiStringToUnicodeString
+    - RtlInitUnicodeString
+    - RtlInitAnsiString
+    - WskDeregister
+    - WskReleaseProviderNPI
+    - WskCaptureProviderNPI
+    - WskRegister
+    - KeGetCurrentIrql
+    - WdfVersionBind
+    - WdfVersionBindClass
+    - WdfVersionUnbindClass
+    - WdfVersionUnbind
+    Imports:
+    - fwpkclnt.sys
+    - ntoskrnl.exe
+    - NETIO.SYS
+    - HAL.dll
+    - WDFLDR.SYS
+    InternalName: ''
+    MD5: 9c46269615ae06f912463ddc28319157
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 3b4691d934a09c9e9405216d4916ad8a
+        SHA1: beadde6d5d5b7e6a188598980e4ce7540b8e90ca
+        SHA256: 186f36b59d5535ba21343e53d01b70400138d19e0eebdb55a755ecd612ad08b7
+    SHA1: 6d6f71e858ce0fad35f4dc6e7ddb72dd0574a497
+    SHA256: 24ea733bae1b8722841fb4c6cead93c4c4f0b1248ca9a21601b1ce6b95b06864
+    Sections:
+        .text:
+            Entropy: 6.599025143052685
+            Virtual Size: '0x55ae'
+        .rdata:
+            Entropy: 4.489014367618685
+            Virtual Size: '0x8dc'
+        .data:
+            Entropy: 1.2232140216567502
+            Virtual Size: '0x6d38'
+        INIT:
+            Entropy: 5.5462767634898
+            Virtual Size: '0xae6'
+        .reloc:
+            Entropy: 6.625671581169282
+            Virtual Size: '0x5c0'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Hardware Compatibility Publisher
+            ValidFrom: '2020-12-15 22:15:33'
+            ValidTo: '2021-12-02 22:15:33'
+            Signature: 0d2d53cd15a8feddcb17e2df1bf7dc1aef21e98c6cd220f58b593824849c134a0f1add59ce42ef80ddf47860273013604d9568ec5894a797bd4e571432a9aaf10ab04dd1c038b26ab7c5ca3a9c88d009267fab56254525546a0a055fb37b9cd8029c7d501809fc8b11482c7a4347b3ad29f35427c9570e87117db52cc94864259274b9e2e758f918a3af1fdb9f9d40ffa3ae2e2ae012fb97a436258642a2a4223dc6690db88103a6e5220646bd8afb3d12eb894ac28b527396a1965408487f6ab878b3c474b8c960842861ae8e799a3d2a8d6f918f50f8e26bb1ed6ced47be36e447574e8568582964ff31cd288b9c7f8d7e6a46d6c3d92f5c101fe1522a720c
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 33000000b5213fca1e4aa03de40000000000b5
+            Version: 3
+            TBS:
+                MD5: a0dd89c33c4973bf6758331e200fb6de
+                SHA1: 65ff7fa429c0f08f8a8bf30509e8ca2919d9edb5
+                SHA256: 29a7b646af062aee3bf37d1ba190211365116db7d7aa4cb87ba268843262ae47
+                SHA384: a7ac729302762483ea304ff2660a2ce2f5fa67cbbfc3f6df32a8feafa3852812c9bb8f7050140079aad1dec8119ee88e
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2012
+            ValidFrom: '2012-04-18 23:48:38'
+            ValidTo: '2027-04-18 23:58:38'
+            Signature: 5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 610baac1000000000009
+            Version: 3
+            TBS:
+                MD5: a569061297e8e824767dbc3184a69bea
+                SHA1: adbb26a587a8f44b4fccaecb306f980d1c55a150
+                SHA256: cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46
+                SHA384: e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba
+        Signer:
+        -   SerialNumber: 33000000b5213fca1e4aa03de40000000000b5
+            Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2012
+            Version: 1
+    Imphash: 9321f9c47129fbc728ead2710e22f1a5
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 8c667904b9db9e69a637c55ae50decbd
+        SHA1: bc2f3850c7b858340d7ed27b90e63b036881fd6c
+        SHA256: f08ebddc11aefcb46082c239f8d97ceea247d846e22c4bcdd72af75c1cbc6b0b
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2021-05-15 06:46:21'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - FwpsAcquireClassifyHandle0
+    - FwpsReleaseClassifyHandle0
+    - FwpmFilterDeleteById0
+    - FwpsAcquireWritableLayerDataPointer0
+    - FwpsApplyModifiedLayerData0
+    - FwpmFilterAdd0
+    - FwpmCalloutAdd0
+    - FwpmSubLayerDeleteByKey0
+    - FwpmSubLayerAdd0
+    - FwpmTransactionAbort0
+    - FwpmTransactionCommit0
+    - FwpmTransactionBegin0
+    - FwpmEngineClose0
+    - FwpmEngineOpen0
+    - FwpsCalloutUnregisterById0
+    - FwpsCompleteClassify0
+    - FwpsCalloutRegister1
+    - IofCallDriver
+    - IoCreateFile
+    - IoFreeIrp
+    - IoGetRelatedDeviceObject
+    - ObReferenceObjectByHandle
+    - ObfDereferenceObject
+    - ZwQueryInformationFile
+    - ZwSetInformationFile
+    - ZwReadFile
+    - ZwWriteFile
+    - ZwClose
+    - IoFileObjectType
+    - KeEnterCriticalRegion
+    - KeLeaveCriticalRegion
+    - PsTerminateSystemThread
+    - KeSetBasePriorityThread
+    - sprintf
+    - CmUnRegisterCallback
+    - CmRegisterCallbackEx
+    - CmCallbackGetKeyObjectID
+    - MmIsAddressValid
+    - strlen
+    - strncmp
+    - strncpy
+    - wcscat
+    - wcslen
+    - wcsncmp
+    - RtlInitAnsiString
+    - strcat
+    - strcmp
+    - strncat
+    - ExAllocatePoolWithTag
+    - ExAcquireSpinLockExclusive
+    - ExReleaseSpinLockExclusive
+    - wcscpy
+    - RtlAnsiStringToUnicodeString
+    - RtlFreeUnicodeString
+    - RtlCreateSecurityDescriptor
+    - RtlSetDaclSecurityDescriptor
+    - KeResetEvent
+    - KeInitializeTimerEx
+    - KeSetTimerEx
+    - PsCreateSystemThread
+    - ZwCreateKey
+    - ZwOpenKey
+    - ZwFlushKey
+    - ZwQueryValueKey
+    - ZwSetValueKey
+    - NtQueryInformationToken
+    - RtlLengthSid
+    - RtlConvertSidToUnicodeString
+    - RtlCreateAcl
+    - RtlAddAccessAllowedAce
+    - RtlSetOwnerSecurityDescriptor
+    - PsLookupProcessByProcessId
+    - ObOpenObjectByPointer
+    - ZwOpenProcessTokenEx
+    - ZwSetSecurityObject
+    - PsGetProcessImageFileName
+    - _allmul
+    - PsProcessType
+    - SeExports
+    - strchr
+    - strncpy_s
+    - MmProbeAndLockPages
+    - MmUnlockPages
+    - IoAllocateMdl
+    - IoFreeMdl
+    - IoReuseIrp
+    - IoAllocateIrp
+    - RtlUnwind
+    - KeWaitForSingleObject
+    - KeSetEvent
+    - KeInitializeEvent
+    - KeGetCurrentThread
+    - IoDeleteSymbolicLink
+    - KeBugCheckEx
+    - ExFreePoolWithTag
+    - RtlInitUnicodeString
+    - RtlCopyUnicodeString
+    - strcpy
+    - memset
+    - memcpy
+    - strstr
+    - WskDeregister
+    - WskReleaseProviderNPI
+    - WskCaptureProviderNPI
+    - WskRegister
+    - KeGetCurrentIrql
+    - WdfVersionBind
+    - WdfVersionBindClass
+    - WdfVersionUnbindClass
+    - WdfVersionUnbind
+    Imports:
+    - fwpkclnt.sys
+    - ntoskrnl.exe
+    - NETIO.SYS
+    - HAL.dll
+    - WDFLDR.SYS
+    InternalName: ''
+    MD5: 0e2d4679f68796e9dd0d663137cb9e12
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: f0b684c190bdbac4aa311a7355122963
+        SHA1: b7866474ab0a322b84086fccf1948d5a8b7f03a0
+        SHA256: 33c5dfb8ba99a1d23f6a99cb34c04977b2455fa6c59e79dbad4d910516357bae
+    SHA1: 7cb3ea53660dbc1b4fe12e0c03c7bfea0a3c92a2
+    SHA256: 8249e9c0ac0840a36d9a5b9ff3e217198a2f533159acd4bf3d9b0132cc079870
+    Sections:
+        .text:
+            Entropy: 6.340579412340497
+            Virtual Size: '0x5de8'
+        .rdata:
+            Entropy: 4.572425708982675
+            Virtual Size: '0x5f4'
+        .data:
+            Entropy: 0.6890357570368669
+            Virtual Size: '0x9428'
+        INIT:
+            Entropy: 5.674405086792681
+            Virtual Size: '0xb48'
+        .reloc:
+            Entropy: 6.678416291453968
+            Virtual Size: '0x694'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Hardware Compatibility Publisher
+            ValidFrom: '2020-12-15 22:15:33'
+            ValidTo: '2021-12-02 22:15:33'
+            Signature: 0d2d53cd15a8feddcb17e2df1bf7dc1aef21e98c6cd220f58b593824849c134a0f1add59ce42ef80ddf47860273013604d9568ec5894a797bd4e571432a9aaf10ab04dd1c038b26ab7c5ca3a9c88d009267fab56254525546a0a055fb37b9cd8029c7d501809fc8b11482c7a4347b3ad29f35427c9570e87117db52cc94864259274b9e2e758f918a3af1fdb9f9d40ffa3ae2e2ae012fb97a436258642a2a4223dc6690db88103a6e5220646bd8afb3d12eb894ac28b527396a1965408487f6ab878b3c474b8c960842861ae8e799a3d2a8d6f918f50f8e26bb1ed6ced47be36e447574e8568582964ff31cd288b9c7f8d7e6a46d6c3d92f5c101fe1522a720c
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 33000000b5213fca1e4aa03de40000000000b5
+            Version: 3
+            TBS:
+                MD5: a0dd89c33c4973bf6758331e200fb6de
+                SHA1: 65ff7fa429c0f08f8a8bf30509e8ca2919d9edb5
+                SHA256: 29a7b646af062aee3bf37d1ba190211365116db7d7aa4cb87ba268843262ae47
+                SHA384: a7ac729302762483ea304ff2660a2ce2f5fa67cbbfc3f6df32a8feafa3852812c9bb8f7050140079aad1dec8119ee88e
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2012
+            ValidFrom: '2012-04-18 23:48:38'
+            ValidTo: '2027-04-18 23:58:38'
+            Signature: 5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 610baac1000000000009
+            Version: 3
+            TBS:
+                MD5: a569061297e8e824767dbc3184a69bea
+                SHA1: adbb26a587a8f44b4fccaecb306f980d1c55a150
+                SHA256: cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46
+                SHA384: e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba
+        Signer:
+        -   SerialNumber: 33000000b5213fca1e4aa03de40000000000b5
+            Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2012
+            Version: 1
+    Imphash: b5403fb8687d7afd40fd8cf3b4dfe29b
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 038cbc948ff5ba06ac0b54ca31401fe4
+        SHA1: 83660d245fe618ecafe4900ac1e2ad0292c2da2a
+        SHA256: 72b99147839bcfb062d29014ec09fe20a8f261748b5925b00171ef3cb849a4c1
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2019-11-03 23:10:09'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - MmUnmapLockedPages
+    - KeClearEvent
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - IoRegisterPlugPlayNotification
+    - KeReadStateEvent
+    - MmMapLockedPages
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeSetEvent
+    - KeInitializeEvent
+    - KeReleaseSpinLock
+    - IoDetachDevice
+    - MmBuildMdlForNonPagedPool
+    - IoFreeMdl
+    - IoCancelIrp
+    - KeDelayExecutionThread
+    - ObQueryNameString
+    - IoDriverObjectType
+    - wcsstr
+    - MmMapLockedPagesSpecifyCache
+    - ExInterlockedInsertHeadList
+    - ExAllocatePool
+    - ExInterlockedInsertTailList
+    - PoStartNextPowerIrp
+    - IoUnregisterPlugPlayNotification
+    - IofCompleteRequest
+    - ObReferenceObjectByHandle
+    - IoAttachDeviceToDeviceStack
+    - PoCallDriver
+    - ExInterlockedRemoveHeadList
+    - IoCreateSymbolicLink
+    - ObfDereferenceObject
+    - ObReferenceObjectByName
+    - IoCreateDevice
+    - DbgPrint
+    - IoAllocateMdl
+    - IofCallDriver
+    - KeAcquireSpinLockRaiseToDpc
+    - KeBugCheckEx
+    - __C_specific_handler
+    Imports:
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: f783cf9084f1cefa87e9e5a302d4d18a
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: a53e7b4810b8e8a6646827967165e841
+        SHA1: 6e089a0ffce20d92395e42c69b619bf59c140999
+        SHA256: 6d1066a1530eeb73686043235fe52052b0934d77e8e9ee471b0c67bfa61172c5
+    SHA1: c1e63efa1447b68a870962334c61cedd04db379b
+    SHA256: 93d99a5fbfc888c0a40a18946933121ae110229dcf206b4d17116a57e7cf4dc9
+    Sections:
+        .text:
+            Entropy: 6.286294718424334
+            Virtual Size: '0x1c97'
+        .rdata:
+            Entropy: 4.142075435632616
+            Virtual Size: '0x33c'
+        .data:
+            Entropy: 0.4316511568077503
+            Virtual Size: '0x150'
+        .pdata:
+            Entropy: 3.6825504342841513
+            Virtual Size: '0xd8'
+        INIT:
+            Entropy: 5.082788661818898
+            Virtual Size: '0x594'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: ??=CN, ??=Shanghai, ??=Private Organization, serialNumber=9131010707118381X9,
+                C=CN, ST=Shanghai, L=Shanghai, O=, CN=
+            ValidFrom: '2019-08-27 00:00:00'
+            ValidTo: '2022-08-19 12:00:00'
+            Signature: 3a72522da9ea787347ffe4ac96c364ffda35372ea83b3427ca0bb30d1478767ed738daaf84648998b3557ff959565e4000ffadb512d64361834b9ad550365a25a69f95ef9e7a4a38294ae14e9edd1724230f84b35deb1cedb5dc3f53d80ddfe9488df913ce93bf1a3989c325424bc35b601a0e85af646c3d764688e1922ba094b4c0e1de92186f4a0d0c1cad81673f9fca92b58e180101d9215fae80d2d42fe02c20fb1602a1cb72ec472d1d4725f1de0f76849cbd02cb7397920c623dbdebe4ea5d94b273ca1180cc5f29b45cc7c064a1bb7fa22f2d8e8e43d85c5e716481cb7beea87bb70eb5672220cec0ba61f08cbffb48114e48c11b1cdc3a13de5d221a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 09b92d7a420083c94eaf18145cfaedd1
+            Version: 3
+            TBS:
+                MD5: 62acdecc22447b159a7e2efb0350bd63
+                SHA1: ddd0bd1dded2c9189fc5b8563f8210deb83c590b
+                SHA256: ae3a19b6b64e739d5d2abb0e1471874b7d8b6b1e3f1e38ed483166a664355a4e
+                SHA384: 9af686e9341ce78dc60186100fa406916c8b90ea25a604401ffe99f3e2c4bfcf20e9106e1cfc05414972a2e069dae5e0
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA
+            ValidFrom: '2012-04-18 12:00:00'
+            ValidTo: '2027-04-18 12:00:00'
+            Signature: 9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0dd0e3374ac95bdbfa6b434b2a48ec06
+            Version: 3
+            TBS:
+                MD5: f92649915476229b093c211c2b18e6c4
+                SHA1: 2d54c16a8f8b69ccdea48d0603c132f547a5cf75
+                SHA256: 2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
+                SHA384: 511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace
+        Signer:
+        -   SerialNumber: 09b92d7a420083c94eaf18145cfaedd1
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA
+            Version: 1
+    Imphash: b679ac08daf4b4ce8a58d85a8e0904ac
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 9c6ee2cfa1e9a7cf7a847c6d4b20f10e
+        SHA1: faa870b0cb15c9ac2b9bba5d0470bd501ccd4326
+        SHA256: 5c206b569b7059b7c32eb5fc36922cb435c2b16c8d96de1038c8bd298ed498fe
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2021-05-15 06:17:21'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - FwpmFilterAdd0
+    - FwpmFilterDeleteById0
+    - FwpsAcquireClassifyHandle0
+    - FwpmCalloutAdd0
+    - FwpsCompleteClassify0
+    - FwpsAcquireWritableLayerDataPointer0
+    - FwpsApplyModifiedLayerData0
+    - FwpmSubLayerDeleteByKey0
+    - FwpmSubLayerAdd0
+    - FwpmTransactionAbort0
+    - FwpmTransactionCommit0
+    - FwpmTransactionBegin0
+    - FwpmEngineClose0
+    - FwpmEngineOpen0
+    - FwpsCalloutUnregisterById0
+    - FwpsReleaseClassifyHandle0
+    - FwpsCalloutRegister1
+    - IoCreateFile
+    - IoFreeIrp
+    - IoGetRelatedDeviceObject
+    - ObReferenceObjectByHandle
+    - ObfDereferenceObject
+    - ZwQueryInformationFile
+    - ZwSetInformationFile
+    - ZwReadFile
+    - ZwWriteFile
+    - ZwClose
+    - IoFileObjectType
+    - KeEnterCriticalRegion
+    - KeLeaveCriticalRegion
+    - PsTerminateSystemThread
+    - KeSetBasePriorityThread
+    - sprintf
+    - CmUnRegisterCallback
+    - CmRegisterCallbackEx
+    - CmCallbackGetKeyObjectID
+    - MmIsAddressValid
+    - strlen
+    - strncmp
+    - strncpy
+    - wcscat
+    - wcslen
+    - wcsncmp
+    - RtlInitAnsiString
+    - strcat
+    - strcmp
+    - strncat
+    - IoAllocateIrp
+    - ExAcquireSpinLockExclusive
+    - ExReleaseSpinLockExclusive
+    - wcscpy
+    - RtlAnsiStringToUnicodeString
+    - RtlFreeUnicodeString
+    - RtlCreateSecurityDescriptor
+    - RtlSetDaclSecurityDescriptor
+    - KeResetEvent
+    - KeInitializeTimerEx
+    - KeSetTimerEx
+    - PsCreateSystemThread
+    - ZwCreateKey
+    - ZwOpenKey
+    - ZwFlushKey
+    - ZwQueryValueKey
+    - ZwSetValueKey
+    - NtQueryInformationToken
+    - RtlLengthSid
+    - RtlConvertSidToUnicodeString
+    - RtlCreateAcl
+    - RtlAddAccessAllowedAce
+    - RtlSetOwnerSecurityDescriptor
+    - PsLookupProcessByProcessId
+    - ObOpenObjectByPointer
+    - ZwOpenProcessTokenEx
+    - ZwSetSecurityObject
+    - PsGetProcessImageFileName
+    - PsProcessType
+    - SeExports
+    - strchr
+    - strncpy_s
+    - MmProbeAndLockPages
+    - MmUnlockPages
+    - IoAllocateMdl
+    - IoFreeMdl
+    - IoReuseIrp
+    - __C_specific_handler
+    - IofCallDriver
+    - ExAllocatePoolWithTag
+    - KeWaitForSingleObject
+    - KeSetEvent
+    - KeInitializeEvent
+    - IoDeleteSymbolicLink
+    - KeBugCheckEx
+    - RtlCopyUnicodeString
+    - ExFreePoolWithTag
+    - RtlInitUnicodeString
+    - strcpy
+    - strstr
+    - WskCaptureProviderNPI
+    - WskReleaseProviderNPI
+    - WskDeregister
+    - WskRegister
+    - WdfVersionBind
+    - WdfVersionBindClass
+    - WdfVersionUnbindClass
+    - WdfVersionUnbind
+    Imports:
+    - fwpkclnt.sys
+    - ntoskrnl.exe
+    - NETIO.SYS
+    - WDFLDR.SYS
+    InternalName: ''
+    MD5: 1814c4b16c8c3e746a185daaa5099ebc
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 85bc198af7e82d3ad73505bc7086be84
+        SHA1: e652b262f08c568106765e202ea0142129765004
+        SHA256: 4130707eedc8cb72f6c5703feee7b8bfbdbe7dc34630d6dc33a0f92da20bdb66
+    SHA1: 9065b63f7d1b7eac160c10d6f30a097613c29f12
+    SHA256: 0123c7f12dd7530d55aee49949ff1fee911c9689bd04591684aa641882589785
+    Sections:
+        .text:
+            Entropy: 6.3151171440822305
+            Virtual Size: '0x6722'
+        .rdata:
+            Entropy: 4.567171752554631
+            Virtual Size: '0xefc'
+        .data:
+            Entropy: 0.6671648510441038
+            Virtual Size: '0xbb18'
+        .pdata:
+            Entropy: 4.417141719623935
+            Virtual Size: '0x630'
+        INIT:
+            Entropy: 5.171869742524338
+            Virtual Size: '0xcb8'
+        .reloc:
+            Entropy: 3.6204816846131127
+            Virtual Size: '0x28'
+    Signature: ''
+    Signatures: {}
+    Imphash: d252001e327cf09463aba69fb4de2125
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 9c6ee2cfa1e9a7cf7a847c6d4b20f10e
+        SHA1: faa870b0cb15c9ac2b9bba5d0470bd501ccd4326
+        SHA256: 5c206b569b7059b7c32eb5fc36922cb435c2b16c8d96de1038c8bd298ed498fe
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2021-05-15 06:17:21'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - FwpmFilterAdd0
+    - FwpmFilterDeleteById0
+    - FwpsAcquireClassifyHandle0
+    - FwpmCalloutAdd0
+    - FwpsCompleteClassify0
+    - FwpsAcquireWritableLayerDataPointer0
+    - FwpsApplyModifiedLayerData0
+    - FwpmSubLayerDeleteByKey0
+    - FwpmSubLayerAdd0
+    - FwpmTransactionAbort0
+    - FwpmTransactionCommit0
+    - FwpmTransactionBegin0
+    - FwpmEngineClose0
+    - FwpmEngineOpen0
+    - FwpsCalloutUnregisterById0
+    - FwpsReleaseClassifyHandle0
+    - FwpsCalloutRegister1
+    - IoCreateFile
+    - IoFreeIrp
+    - IoGetRelatedDeviceObject
+    - ObReferenceObjectByHandle
+    - ObfDereferenceObject
+    - ZwQueryInformationFile
+    - ZwSetInformationFile
+    - ZwReadFile
+    - ZwWriteFile
+    - ZwClose
+    - IoFileObjectType
+    - KeEnterCriticalRegion
+    - KeLeaveCriticalRegion
+    - PsTerminateSystemThread
+    - KeSetBasePriorityThread
+    - sprintf
+    - CmUnRegisterCallback
+    - CmRegisterCallbackEx
+    - CmCallbackGetKeyObjectID
+    - MmIsAddressValid
+    - strlen
+    - strncmp
+    - strncpy
+    - wcscat
+    - wcslen
+    - wcsncmp
+    - RtlInitAnsiString
+    - strcat
+    - strcmp
+    - strncat
+    - IoAllocateIrp
+    - ExAcquireSpinLockExclusive
+    - ExReleaseSpinLockExclusive
+    - wcscpy
+    - RtlAnsiStringToUnicodeString
+    - RtlFreeUnicodeString
+    - RtlCreateSecurityDescriptor
+    - RtlSetDaclSecurityDescriptor
+    - KeResetEvent
+    - KeInitializeTimerEx
+    - KeSetTimerEx
+    - PsCreateSystemThread
+    - ZwCreateKey
+    - ZwOpenKey
+    - ZwFlushKey
+    - ZwQueryValueKey
+    - ZwSetValueKey
+    - NtQueryInformationToken
+    - RtlLengthSid
+    - RtlConvertSidToUnicodeString
+    - RtlCreateAcl
+    - RtlAddAccessAllowedAce
+    - RtlSetOwnerSecurityDescriptor
+    - PsLookupProcessByProcessId
+    - ObOpenObjectByPointer
+    - ZwOpenProcessTokenEx
+    - ZwSetSecurityObject
+    - PsGetProcessImageFileName
+    - PsProcessType
+    - SeExports
+    - strchr
+    - strncpy_s
+    - MmProbeAndLockPages
+    - MmUnlockPages
+    - IoAllocateMdl
+    - IoFreeMdl
+    - IoReuseIrp
+    - __C_specific_handler
+    - IofCallDriver
+    - ExAllocatePoolWithTag
+    - KeWaitForSingleObject
+    - KeSetEvent
+    - KeInitializeEvent
+    - IoDeleteSymbolicLink
+    - KeBugCheckEx
+    - RtlCopyUnicodeString
+    - ExFreePoolWithTag
+    - RtlInitUnicodeString
+    - strcpy
+    - strstr
+    - WskCaptureProviderNPI
+    - WskReleaseProviderNPI
+    - WskDeregister
+    - WskRegister
+    - WdfVersionBind
+    - WdfVersionBindClass
+    - WdfVersionUnbindClass
+    - WdfVersionUnbind
+    Imports:
+    - fwpkclnt.sys
+    - ntoskrnl.exe
+    - NETIO.SYS
+    - WDFLDR.SYS
+    InternalName: ''
+    MD5: 0bd3b9f55a2d3a13f506d9d8b970e0de
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 85bc198af7e82d3ad73505bc7086be84
+        SHA1: e652b262f08c568106765e202ea0142129765004
+        SHA256: 4130707eedc8cb72f6c5703feee7b8bfbdbe7dc34630d6dc33a0f92da20bdb66
+    SHA1: f023177aca17f6dc90fdd9588240cb16c70a9fe2
+    SHA256: 63d61549030fcf46ff1dc138122580b4364f0fe99e6b068bc6a3d6903656aff0
+    Sections:
+        .text:
+            Entropy: 6.3151171440822305
+            Virtual Size: '0x6722'
+        .rdata:
+            Entropy: 4.567171752554631
+            Virtual Size: '0xefc'
+        .data:
+            Entropy: 0.6671648510441038
+            Virtual Size: '0xbb18'
+        .pdata:
+            Entropy: 4.417141719623935
+            Virtual Size: '0x630'
+        INIT:
+            Entropy: 5.171869742524338
+            Virtual Size: '0xcb8'
+        .reloc:
+            Entropy: 3.6204816846131127
+            Virtual Size: '0x28'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Hardware Compatibility Publisher
+            ValidFrom: '2020-12-15 22:15:33'
+            ValidTo: '2021-12-02 22:15:33'
+            Signature: 0d2d53cd15a8feddcb17e2df1bf7dc1aef21e98c6cd220f58b593824849c134a0f1add59ce42ef80ddf47860273013604d9568ec5894a797bd4e571432a9aaf10ab04dd1c038b26ab7c5ca3a9c88d009267fab56254525546a0a055fb37b9cd8029c7d501809fc8b11482c7a4347b3ad29f35427c9570e87117db52cc94864259274b9e2e758f918a3af1fdb9f9d40ffa3ae2e2ae012fb97a436258642a2a4223dc6690db88103a6e5220646bd8afb3d12eb894ac28b527396a1965408487f6ab878b3c474b8c960842861ae8e799a3d2a8d6f918f50f8e26bb1ed6ced47be36e447574e8568582964ff31cd288b9c7f8d7e6a46d6c3d92f5c101fe1522a720c
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 33000000b5213fca1e4aa03de40000000000b5
+            Version: 3
+            TBS:
+                MD5: a0dd89c33c4973bf6758331e200fb6de
+                SHA1: 65ff7fa429c0f08f8a8bf30509e8ca2919d9edb5
+                SHA256: 29a7b646af062aee3bf37d1ba190211365116db7d7aa4cb87ba268843262ae47
+                SHA384: a7ac729302762483ea304ff2660a2ce2f5fa67cbbfc3f6df32a8feafa3852812c9bb8f7050140079aad1dec8119ee88e
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2012
+            ValidFrom: '2012-04-18 23:48:38'
+            ValidTo: '2027-04-18 23:58:38'
+            Signature: 5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 610baac1000000000009
+            Version: 3
+            TBS:
+                MD5: a569061297e8e824767dbc3184a69bea
+                SHA1: adbb26a587a8f44b4fccaecb306f980d1c55a150
+                SHA256: cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46
+                SHA384: e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba
+        Signer:
+        -   SerialNumber: 33000000b5213fca1e4aa03de40000000000b5
+            Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2012
+            Version: 1
+    Imphash: d252001e327cf09463aba69fb4de2125
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: e03a070a426b0c2de53ea23bfc76086b
+        SHA1: 202d5a05e546740037f9a4dc2b21f71680c39d3b
+        SHA256: 0391107305d76eb9ddf1a5b3b3c50da361e8ab35b573dbd19bf9383436b9303e
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2021-04-09 00:29:46'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - FwpsAcquireClassifyHandle0
+    - FwpsReleaseClassifyHandle0
+    - FwpmFilterDeleteById0
+    - FwpsAcquireWritableLayerDataPointer0
+    - FwpsApplyModifiedLayerData0
+    - FwpmFilterAdd0
+    - FwpmCalloutAdd0
+    - FwpmSubLayerDeleteByKey0
+    - FwpmSubLayerAdd0
+    - FwpmTransactionAbort0
+    - FwpmTransactionCommit0
+    - FwpmTransactionBegin0
+    - FwpmEngineClose0
+    - FwpmEngineOpen0
+    - FwpsCalloutUnregisterById0
+    - FwpsCompleteClassify0
+    - FwpsCalloutRegister1
+    - memcpy
+    - KeGetCurrentThread
+    - KeInitializeEvent
+    - KeWaitForSingleObject
+    - IoAllocateIrp
+    - IofCallDriver
+    - IoCreateFile
+    - IoFreeIrp
+    - IoGetRelatedDeviceObject
+    - ObReferenceObjectByHandle
+    - ObfDereferenceObject
+    - ZwQueryInformationFile
+    - ZwSetInformationFile
+    - ZwReadFile
+    - ZwWriteFile
+    - ZwClose
+    - IoFileObjectType
+    - strchr
+    - strncat
+    - strncpy_s
+    - KeResetEvent
+    - MmProbeAndLockPages
+    - MmUnlockPages
+    - IoAllocateMdl
+    - IoFreeMdl
+    - IoReuseIrp
+    - memset
+    - sprintf
+    - KeEnterCriticalRegion
+    - KeLeaveCriticalRegion
+    - PsTerminateSystemThread
+    - KeSetBasePriorityThread
+    - CmUnRegisterCallback
+    - CmRegisterCallbackEx
+    - CmCallbackGetKeyObjectID
+    - strncmp
+    - strncpy
+    - wcsncmp
+    - ExAcquireSpinLockExclusive
+    - ExReleaseSpinLockExclusive
+    - RtlCreateSecurityDescriptor
+    - RtlSetDaclSecurityDescriptor
+    - KeInitializeTimerEx
+    - KeSetTimerEx
+    - PsCreateSystemThread
+    - ZwCreateKey
+    - ZwOpenKey
+    - ZwFlushKey
+    - ZwQueryValueKey
+    - ZwSetValueKey
+    - NtQueryInformationToken
+    - RtlLengthSid
+    - RtlConvertSidToUnicodeString
+    - RtlCreateAcl
+    - RtlAddAccessAllowedAce
+    - RtlSetOwnerSecurityDescriptor
+    - PsLookupProcessByProcessId
+    - ObOpenObjectByPointer
+    - ZwOpenProcessTokenEx
+    - ZwSetSecurityObject
+    - PsGetProcessImageFileName
+    - _allmul
+    - PsProcessType
+    - SeExports
+    - IoDeleteSymbolicLink
+    - RtlUnwind
+    - MmIsAddressValid
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - KeSetEvent
+    - RtlFreeUnicodeString
+    - KeBugCheckEx
+    - RtlAnsiStringToUnicodeString
+    - RtlCopyUnicodeString
+    - RtlInitUnicodeString
+    - RtlInitAnsiString
+    - strstr
+    - WskDeregister
+    - WskReleaseProviderNPI
+    - WskCaptureProviderNPI
+    - WskRegister
+    - KeGetCurrentIrql
+    - WdfVersionBind
+    - WdfVersionBindClass
+    - WdfVersionUnbindClass
+    - WdfVersionUnbind
+    Imports:
+    - fwpkclnt.sys
+    - ntoskrnl.exe
+    - NETIO.SYS
+    - HAL.dll
+    - WDFLDR.SYS
+    InternalName: ''
+    MD5: a07f5f368deb3569ec3129fa55da4041
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 48c184eea90f0f9d8a01e83867866680
+        SHA1: fadd2ab2dd0e54dd2328f37e313b3a7f50f58391
+        SHA256: a918abac8859e89b8f2d620f60f54921e2f156a401cfe171a609326331f60635
+    SHA1: a10ce0c717bfe0163eda2459964ad637d634de27
+    SHA256: 16b6be03495a4f4cf394194566bb02061fba2256cc04dcbde5aa6a17e41b7650
+    Sections:
+        .text:
+            Entropy: 6.564030296364231
+            Virtual Size: '0x5b62'
+        .rdata:
+            Entropy: 4.44659940311796
+            Virtual Size: '0x8c4'
+        .data:
+            Entropy: 1.2415415090465123
+            Virtual Size: '0x6f40'
+        INIT:
+            Entropy: 5.541103554795583
+            Virtual Size: '0xae6'
+        .reloc:
+            Entropy: 6.652737807428317
+            Virtual Size: '0x5e4'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Hardware Compatibility Publisher
+            ValidFrom: '2020-12-15 22:15:33'
+            ValidTo: '2021-12-02 22:15:33'
+            Signature: 0d2d53cd15a8feddcb17e2df1bf7dc1aef21e98c6cd220f58b593824849c134a0f1add59ce42ef80ddf47860273013604d9568ec5894a797bd4e571432a9aaf10ab04dd1c038b26ab7c5ca3a9c88d009267fab56254525546a0a055fb37b9cd8029c7d501809fc8b11482c7a4347b3ad29f35427c9570e87117db52cc94864259274b9e2e758f918a3af1fdb9f9d40ffa3ae2e2ae012fb97a436258642a2a4223dc6690db88103a6e5220646bd8afb3d12eb894ac28b527396a1965408487f6ab878b3c474b8c960842861ae8e799a3d2a8d6f918f50f8e26bb1ed6ced47be36e447574e8568582964ff31cd288b9c7f8d7e6a46d6c3d92f5c101fe1522a720c
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 33000000b5213fca1e4aa03de40000000000b5
+            Version: 3
+            TBS:
+                MD5: a0dd89c33c4973bf6758331e200fb6de
+                SHA1: 65ff7fa429c0f08f8a8bf30509e8ca2919d9edb5
+                SHA256: 29a7b646af062aee3bf37d1ba190211365116db7d7aa4cb87ba268843262ae47
+                SHA384: a7ac729302762483ea304ff2660a2ce2f5fa67cbbfc3f6df32a8feafa3852812c9bb8f7050140079aad1dec8119ee88e
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2012
+            ValidFrom: '2012-04-18 23:48:38'
+            ValidTo: '2027-04-18 23:58:38'
+            Signature: 5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 610baac1000000000009
+            Version: 3
+            TBS:
+                MD5: a569061297e8e824767dbc3184a69bea
+                SHA1: adbb26a587a8f44b4fccaecb306f980d1c55a150
+                SHA256: cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46
+                SHA384: e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba
+        Signer:
+        -   SerialNumber: 33000000b5213fca1e4aa03de40000000000b5
+            Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2012
+            Version: 1
+    Imphash: 518e77c070ae21af7c558962cd1854a3
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 5064073c3f84f1569377081c4ad33867
+        SHA1: aca8e53483b40a06dfdee81bb364b1622f9156fe
+        SHA256: 3d31118a2e92377ecb632bd722132c04af4e65e24ff87743796c75eb07cfcd71
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2021-05-15 06:44:55'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - FwpsAcquireClassifyHandle0
+    - FwpsReleaseClassifyHandle0
+    - FwpmFilterDeleteById0
+    - FwpsAcquireWritableLayerDataPointer0
+    - FwpsApplyModifiedLayerData0
+    - FwpmFilterAdd0
+    - FwpmCalloutAdd0
+    - FwpmSubLayerDeleteByKey0
+    - FwpmSubLayerAdd0
+    - FwpmTransactionAbort0
+    - FwpmTransactionCommit0
+    - FwpmTransactionBegin0
+    - FwpmEngineClose0
+    - FwpmEngineOpen0
+    - FwpsCalloutUnregisterById0
+    - FwpsCompleteClassify0
+    - FwpsCalloutRegister1
+    - IofCallDriver
+    - IoCreateFile
+    - IoFreeIrp
+    - IoGetRelatedDeviceObject
+    - ObReferenceObjectByHandle
+    - ObfDereferenceObject
+    - ZwQueryInformationFile
+    - ZwSetInformationFile
+    - ZwReadFile
+    - ZwWriteFile
+    - ZwClose
+    - IoFileObjectType
+    - KeEnterCriticalRegion
+    - KeLeaveCriticalRegion
+    - PsTerminateSystemThread
+    - KeSetBasePriorityThread
+    - sprintf
+    - CmUnRegisterCallback
+    - CmRegisterCallbackEx
+    - CmCallbackGetKeyObjectID
+    - MmIsAddressValid
+    - strlen
+    - strncmp
+    - strncpy
+    - wcscat
+    - wcslen
+    - wcsncmp
+    - RtlInitAnsiString
+    - strcat
+    - strcmp
+    - strncat
+    - ExAllocatePoolWithTag
+    - ExAcquireSpinLockExclusive
+    - ExReleaseSpinLockExclusive
+    - wcscpy
+    - RtlAnsiStringToUnicodeString
+    - RtlFreeUnicodeString
+    - RtlCreateSecurityDescriptor
+    - RtlSetDaclSecurityDescriptor
+    - KeResetEvent
+    - KeInitializeTimerEx
+    - KeSetTimerEx
+    - PsCreateSystemThread
+    - ZwCreateKey
+    - ZwOpenKey
+    - ZwFlushKey
+    - ZwQueryValueKey
+    - ZwSetValueKey
+    - NtQueryInformationToken
+    - RtlLengthSid
+    - RtlConvertSidToUnicodeString
+    - RtlCreateAcl
+    - RtlAddAccessAllowedAce
+    - RtlSetOwnerSecurityDescriptor
+    - PsLookupProcessByProcessId
+    - ObOpenObjectByPointer
+    - ZwOpenProcessTokenEx
+    - ZwSetSecurityObject
+    - PsGetProcessImageFileName
+    - _allmul
+    - PsProcessType
+    - SeExports
+    - strchr
+    - strncpy_s
+    - MmProbeAndLockPages
+    - MmUnlockPages
+    - IoAllocateMdl
+    - IoFreeMdl
+    - IoReuseIrp
+    - IoAllocateIrp
+    - RtlUnwind
+    - KeWaitForSingleObject
+    - KeSetEvent
+    - KeInitializeEvent
+    - KeGetCurrentThread
+    - IoDeleteSymbolicLink
+    - KeBugCheckEx
+    - ExFreePoolWithTag
+    - RtlInitUnicodeString
+    - RtlCopyUnicodeString
+    - strcpy
+    - memset
+    - memcpy
+    - strstr
+    - WskDeregister
+    - WskReleaseProviderNPI
+    - WskCaptureProviderNPI
+    - WskRegister
+    - KeGetCurrentIrql
+    - WdfVersionBind
+    - WdfVersionBindClass
+    - WdfVersionUnbindClass
+    - WdfVersionUnbind
+    Imports:
+    - fwpkclnt.sys
+    - ntoskrnl.exe
+    - NETIO.SYS
+    - HAL.dll
+    - WDFLDR.SYS
+    InternalName: ''
+    MD5: cb34374f1b5fb771076872c6b14b7501
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: f0b684c190bdbac4aa311a7355122963
+        SHA1: b7866474ab0a322b84086fccf1948d5a8b7f03a0
+        SHA256: 33c5dfb8ba99a1d23f6a99cb34c04977b2455fa6c59e79dbad4d910516357bae
+    SHA1: 118f688c30a2f6c2d1feb955f53ce4acf3086b3b
+    SHA256: e0afb8b937a5907fbe55a1d1cc7574e9304007ef33fa80ff3896e997a1beaf37
+    Sections:
+        .text:
+            Entropy: 6.340579412340497
+            Virtual Size: '0x5de8'
+        .rdata:
+            Entropy: 4.565535020821956
+            Virtual Size: '0x5f4'
+        .data:
+            Entropy: 0.6890836305716007
+            Virtual Size: '0x9428'
+        INIT:
+            Entropy: 5.674405086792681
+            Virtual Size: '0xb48'
+        .reloc:
+            Entropy: 6.678416291453968
+            Virtual Size: '0x694'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Hardware Compatibility Publisher
+            ValidFrom: '2020-12-15 22:15:33'
+            ValidTo: '2021-12-02 22:15:33'
+            Signature: 0d2d53cd15a8feddcb17e2df1bf7dc1aef21e98c6cd220f58b593824849c134a0f1add59ce42ef80ddf47860273013604d9568ec5894a797bd4e571432a9aaf10ab04dd1c038b26ab7c5ca3a9c88d009267fab56254525546a0a055fb37b9cd8029c7d501809fc8b11482c7a4347b3ad29f35427c9570e87117db52cc94864259274b9e2e758f918a3af1fdb9f9d40ffa3ae2e2ae012fb97a436258642a2a4223dc6690db88103a6e5220646bd8afb3d12eb894ac28b527396a1965408487f6ab878b3c474b8c960842861ae8e799a3d2a8d6f918f50f8e26bb1ed6ced47be36e447574e8568582964ff31cd288b9c7f8d7e6a46d6c3d92f5c101fe1522a720c
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 33000000b5213fca1e4aa03de40000000000b5
+            Version: 3
+            TBS:
+                MD5: a0dd89c33c4973bf6758331e200fb6de
+                SHA1: 65ff7fa429c0f08f8a8bf30509e8ca2919d9edb5
+                SHA256: 29a7b646af062aee3bf37d1ba190211365116db7d7aa4cb87ba268843262ae47
+                SHA384: a7ac729302762483ea304ff2660a2ce2f5fa67cbbfc3f6df32a8feafa3852812c9bb8f7050140079aad1dec8119ee88e
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2012
+            ValidFrom: '2012-04-18 23:48:38'
+            ValidTo: '2027-04-18 23:58:38'
+            Signature: 5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 610baac1000000000009
+            Version: 3
+            TBS:
+                MD5: a569061297e8e824767dbc3184a69bea
+                SHA1: adbb26a587a8f44b4fccaecb306f980d1c55a150
+                SHA256: cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46
+                SHA384: e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba
+        Signer:
+        -   SerialNumber: 33000000b5213fca1e4aa03de40000000000b5
+            Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2012
+            Version: 1
+    Imphash: b5403fb8687d7afd40fd8cf3b4dfe29b
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/94eb0694-29ba-4f8e-b763-86c6371db6cc.yaml b/yaml/94eb0694-29ba-4f8e-b763-86c6371db6cc.yaml
index ef49d4488..e07bd2498 100644
--- a/yaml/94eb0694-29ba-4f8e-b763-86c6371db6cc.yaml
+++ b/yaml/94eb0694-29ba-4f8e-b763-86c6371db6cc.yaml
@@ -1,281 +1,281 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 94eb0694-29ba-4f8e-b763-86c6371db6cc
+Tags:
+- winio64.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create winio64.sys binPath=C:\windows\temp\winio64.sys type=kernel
-    && sc.exe start winio64.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection: []
-Id: 94eb0694-29ba-4f8e-b763-86c6371db6cc
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 241252e4ebe7b4fdf6fd5a34ece5b127
-    SHA1: eaba3ed3a83a8ef75db88c1f0def5160c3835a8c
-    SHA256: cb5ebba562c33ef2ed93558913792726c8c2e5898531923589122ae31db64ebb
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2014-05-19 09:29:34'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: winio64.sys
-  ImportedFunctions:
-  - ObfDereferenceObject
-  - ZwClose
-  - ZwOpenSection
-  - ObReferenceObjectByHandle
-  - ZwUnmapViewOfSection
-  - KeBugCheckEx
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - RtlCopyUnicodeString
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - IofCompleteRequest
-  - ZwMapViewOfSection
-  - RtlInitUnicodeString
-  - HalTranslateBusAddress
-  - WdfVersionUnbind
-  - WdfVersionBind
-  - WdfVersionBindClass
-  - WdfVersionUnbindClass
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  - WDFLDR.SYS
-  InternalName: ''
-  MD5: 97221e16e7a99a00592ca278c49ffbfc
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 01fa87d3ec80d5af5f5d299a66795493
-    SHA1: 5957eeee532c4f376ed95fb03784c5051dd8c097
-    SHA256: 39f1dcdc4eeab157c00e38de7f5f1aff3b162318d5c9e33e8f63becae1850eb2
-  SHA1: 943593e880b4d340f2548548e6e673ef6f61eed3
-  SHA256: e1980c6592e6d2d92c1a65acad8f1071b6a404097bb6fcce494f3c8ac31385cf
-  Sections:
-    .text:
-      Entropy: 6.0566282345703675
-      Virtual Size: '0xdbe'
-    .rdata:
-      Entropy: 3.918940983915505
-      Virtual Size: '0x2b4'
-    .data:
-      Entropy: 0.632570099181397
-      Virtual Size: '0x1028'
-    .pdata:
-      Entropy: 3.595150149062291
-      Virtual Size: '0xc0'
-    INIT:
-      Entropy: 4.92328698169394
-      Virtual Size: '0x326'
-    .reloc:
-      Entropy: 1.4575187496394217
-      Virtual Size: '0x30'
-  Signature:
-  - Exacq Technologies, Inc.
-  - StartCom Class 3 Primary Intermediate Object CA
-  - StartCom Certification Authority
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom
-        Certification Authority
-      ValidFrom: '2011-04-15 20:13:19'
-      ValidTo: '2021-04-15 20:23:19'
-      Signature: 375933ca5e487d489a5be42fdbdb59a8c61f77c0a58747e86508c6672688d95c58e2c631ac0c32b96f7cc58748db2c0a23484d0dcf1116ef60577ed5326e22de373cc7dc16f3c9ce2939fb37daf5e4e741d8a2f82db3498a601f64ef9c1364b3469a82cc650f18550776c9e9337790a644daefa64d551038316f3a58ed31486190c04615b4c0a64e5493c00db524e55017c6d62392226992e0abab297508255399959f50b65b6753aaa2ba905a6ea3e35b5c830e54426dbdb917a8205284b51a4fb24d68d2c28ff8f9ae837c24a6e6c17f9a932f2e550df87bc1be336fab0cd934585c9c40ce284a015529655d5bfd525a54591171470b3eff2c9ae931d9046a33871d2f880fc99aab14a8c20b4f8589ac25490dff54395513d6b84d6bf44aad1833bc8e0052b476c2eccd8beb60d57880844a0eb93d4d560d1b17176f60fcdbd867cd3d4082b55c567f8d274cc76d5da410b57c410c39912f41d2c6310686eb405087d8131e852f10448b7a0361693b29fedfcdd3e07d19ba3b84e34e9ad78c7cd73d9dd7fd50108f06683bd8be3bbbaa284552eadde83a334caf38c715e3e97cee83eb2a1cbdd8fdf5394e7c5f25b39349ca88e56152f0dd14f8394ead47182aefcc6b29493fd7a48e7abd6f6bee675db7b167a60055014532b842fe96fc06b9cecfcff9fb6eab728718451afce3846a414f36714c77eea3191ab87d098c01
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 6139bb9c000000000033
-      Version: 3
-      TBS:
-        MD5: 5b3304180221a8328ce477b1fd93898f
-        SHA1: 9b7f1e1653a52d801387f1e51d17fabb8d435d0c
-        SHA256: 67070bcf2ee304cedd252a1dd8a7222c1be50fd2d5eabef9446cb633e133d264
-        SHA384: be36b1ba9a006afb9eb53263634cb8ca38dd6ca7f95ec56f943324f3a26f9c34c2dff1a3a5c72c88513e23e1f20c8824
-    - Subject: C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom
-        Class 3 Primary Intermediate Object CA
-      ValidFrom: '2007-10-24 22:03:55'
-      ValidTo: '2017-10-24 22:03:55'
-      Signature: b8eba5382cab9038cfbe906919952f964e48103545b043712eb90e670f618458ed651ae0d8515c96c4df69cafb62bf35ea4a6923f2f67f60db652925e8ba5ef9485920745c9998fa7ed74eaf43963b88880e81f1d0a6a9af1df5e73e045be8927b624a531d3b7aaf94a20502da0fada1a732166a1d5d88f1ddc5da7e91b00a53124ddbefcdea9f48dfbfb27c0192f9816379a06f0e97d99044a550b8874b5cd89ca27aad4b91f31174e6a82342d4265ca83d85a035ec5308ddb62d1c21c8484ac4c83ab06e2f43e6df64097586fe0e68d26354a066e49eefdb5c74a0a8dc40e97b67d63b3ed286d31621d1e13252a3e6c2e1637e74431abeec29ae56e11811fa650b37340eb44799f86fb4994ed235b04764b5fee9afb69a23c282c838b6d4a42e3421ce03ef4c3841502f0dad40c82827e9eb7c2bd1704e2c8818c87c3f24505dcb5354679fd7a109980b0b8b2169ba72a6127bb05a0e697cc706ba2c7a950f079463235657a5382a63c4206a9e84438fdad8d03fd07d9592132916c0d868cae5fe7598b6f410e17c309eb990292035e31c56b30afd86717cfbbc0b2e8c94e35469c4784d1e0af80f33b9e256d789841c9cdf6fc50b8f998351066b441d6f30bcbef93a190bccfae6bc223f3d5475b80a647f7f65bba29049c3f227f7bbb97eb7688782cd43ec6cacab29c7d040e2bb3a0218315077ae33b1a9a8c62d4570ff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: '26'
-      Version: 3
-      TBS:
-        MD5: 40b719dc6e7a16f1672333943daca04b
-        SHA1: fbb05f9486d50f8f35013e531f1504e9f62cb3df
-        SHA256: 4997f6bbc707da19c7897e17a916d35dfbd8112bb671ac5d2d9397c690b7ba5c
-        SHA384: f73bf1c578a221661f96516389fd512e150551bab68487c981a2dfbb172419e2d2e5b00f52b50a251b9ff5dcb0be83df
-    - Subject: ??=Hdgwyqp6jNS97z8P, C=US, ST=Indiana, L=Fishers, O=Exacq Technologies,
-        Inc., CN=Exacq Technologies, Inc., emailAddress=info@exacq.com
-      ValidFrom: '2014-07-24 18:00:20'
-      ValidTo: '2017-07-24 09:00:56'
-      Signature: b4fea6e9fcf641e617b115ceca7bf10bbdcce8ed5a6644fe006af7a42a7e67ce269bef720dc937e258a7df51c342f9b00a5202ee5d651f76a3d1a7729cacb3db6a811d17df6042f447a26544de87b59d9d241a7446af330bd89fae3f9a07f8ea86ae276fb5f0c325ac0b7ba62c7e58a551e319daf55bfb4a1cde484b9519fb07f7f4801afe43ed99b6275cc66d36c23d0b1aebf05bebd79a1f16f7084c5bc1b2d935e6868ed0e1ca7100a6ef14af0194439e0e33de20ab71e5fe453c632c6686dbc5ecb969619e8519fd5f79da2ddf35936daa73c0c6216661e290de4d6473b3a1a964917567692568e8365de7ed1e4801749a004b915e58755de83a0e23f2e3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0f69
-      Version: 3
-      TBS:
-        MD5: f5497dbe7af27561736a3ba6935044e8
-        SHA1: 50728ba20d7ee0726bb8aa4a9d9659f7c938830f
-        SHA256: e468a80174391ca98a6720033afaec1f31468ac2aeee5938ff0350977ec443fe
-        SHA384: 5b5ae06ffc6250a52e3085bc0c8da4f74d722ff772535cb5f14588218b3dcad60f5b09c79afb2e189b4f60a11e286f63
-    Signer:
-    - SerialNumber: 0f69
-      Issuer: C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom
-        Class 3 Primary Intermediate Object CA
-      Version: 1
-  Imphash: 9e15ce38f071c916bea830247f1241bb
-  LoadsDespiteHVCI: 'TRUE'
-- Authentihash:
-    MD5: 198111fd73515aa7fe4387612f027f0f
-    SHA1: 651b953cb03928e41424ad59f21d4978d6f4952e
-    SHA256: ebbaa44277a3ec6e20ad3f6aef5399fdc398306eb4c13aa96e45c9a281820a12
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2018-03-19 21:59:12'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: winio64.sys
-  ImportedFunctions:
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - ZwUnmapViewOfSection
-  - ZwClose
-  - IofCompleteRequest
-  - ObReferenceObjectByHandle
-  - ZwMapViewOfSection
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - RtlAssert
-  - ZwOpenSection
-  - DbgPrint
-  - KeBugCheckEx
-  - IoCreateSymbolicLink
-  - IoDeleteSymbolicLink
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: 11fb599312cb1cf43ca5e879ed6fb71e
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 2b745d90a102a42256774e350aac3080
-    SHA1: 45768de16e9654a5b21dcc916b5115ef81950791
-    SHA256: 59089a80084d2dd2efbc48ed53ce8eb6198155fe8552e36c1355c732691963a3
-  SHA1: b4d014b5edd6e19ce0e8395a64faedf49688ecb5
-  SHA256: 9fc29480407e5179aa8ea41682409b4ea33f1a42026277613d6484e5419de374
-  Sections:
-    .text:
-      Entropy: 6.155249930767524
-      Virtual Size: '0x103c'
-    .rdata:
-      Entropy: 3.9170994221049087
-      Virtual Size: '0x144'
-    .data:
-      Entropy: 0.5159719988134768
-      Virtual Size: '0x110'
-    .pdata:
-      Entropy: 3.1235136228187446
-      Virtual Size: '0x54'
-    INIT:
-      Entropy: 5.023217119758618
-      Virtual Size: '0x2a6'
-  Signature:
-  - Microsoft Windows Hardware Compatibility Publisher
-  - Microsoft Windows Third Party Component CA 2014
-  - Microsoft Root Certificate Authority 2010
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Hardware Compatibility Publisher
-      ValidFrom: '2017-10-05 17:44:16'
-      ValidTo: '2018-10-05 17:44:16'
-      Signature: 5d029dd2c0ca0f997555ec89434d33899bd9a1ed711df775386647a579200c20df265adea863cc62d7e52425677abd190bf3717a12cd237961cdb74793930af7d63c57e4b868dbe09b8f03604a5a2e2b7fda4f9210aca193758f848d353f68f5913887c6e286a88519db9258401e939a2b541ea2b970460afa999f9fd26ba5b7c109d1088a3c2d42873691ff2ccb482289205190d0349c1f5b559f5f84e2bfa45e0152111d2c54ccd7d6212c50b5de6f0add83776bc70b319a108076fde4973d281e0f020f33dd8f7d57501216c6499d40dd8ac64566a564fee1abf5d3667d3b9bc9c904dfba7c0ca42b0d8267b16e8fe257f11c45f2fbe2d9bba0f688d12c4ffb563b68fc1e8be829f600829c49fdac4f757ea24e774d000ef3caa359f1a34ef54c77a3c0c11fc3a5849efd089b301356ff4c88a811abfdadeac18a64f61ea2d79146c18c0d3f066abc0b0fa9e803a8a3e99a960be0c4b40a7a36a7d2880ff89a17f7db91181f67dd134ae7751ac0bcdf047c262834fe3ad8ca28e2f74c3ad7f370b6f184fb58001f1b12c1aa214117f3b253162d2a29a5096d6620324c63c5e32a3cf7384664a09a978dbbebe0b6e34d1aaa1b959e620b0e37750322453dcd172537bd90717c9c9508ad1f3b9281091562c62a2a3004b89d35ee7cb6ea1927b32ffac4bdeaa1b596c5a136e0dd4498fbd3c3a6f17c4ee2668ab03229a4a013
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 330000001f9800c911029569be00000000001f
-      Version: 3
-      TBS:
-        MD5: adc809facabcdfc353d4e5d9f8956845
-        SHA1: ec1181c8eafabeee4ba13edd8f260a880474b665
-        SHA256: cca1b4b3969e9dc0065cfa36ee48648341771a5af94db2d51320d6352c16c85b
-        SHA384: a2dfd2d0ad5b27d66da28e972c313ebc2395004638dc6344fafd26d79735359f7562d273b7dbacf6ab294a913a20cd0b
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2014
-      ValidFrom: '2014-10-15 20:31:27'
-      ValidTo: '2029-10-15 20:41:27'
-      Signature: 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 330000000d690d5d7893d076df00000000000d
-      Version: 3
-      TBS:
-        MD5: 83f69422963f11c3c340b81712eef319
-        SHA1: 0c5e5f24590b53bc291e28583acb78e5adc95601
-        SHA256: d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
-        SHA384: 260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63
-    Signer:
-    - SerialNumber: 330000001f9800c911029569be00000000001f
-      Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2014
-      Version: 1
-  Imphash: 85f86c7c8ce81a78e84efa545d7edc65
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create winio64.sys binPath=C:\windows\temp\winio64.sys type=kernel
+        && sc.exe start winio64.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://github.com/elastic/protections-artifacts/search?q=VulnDriver
-Tags:
-- winio64.sys
-Verified: 'TRUE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 241252e4ebe7b4fdf6fd5a34ece5b127
+        SHA1: eaba3ed3a83a8ef75db88c1f0def5160c3835a8c
+        SHA256: cb5ebba562c33ef2ed93558913792726c8c2e5898531923589122ae31db64ebb
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2014-05-19 09:29:34'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: winio64.sys
+    ImportedFunctions:
+    - ObfDereferenceObject
+    - ZwClose
+    - ZwOpenSection
+    - ObReferenceObjectByHandle
+    - ZwUnmapViewOfSection
+    - KeBugCheckEx
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - RtlCopyUnicodeString
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - IofCompleteRequest
+    - ZwMapViewOfSection
+    - RtlInitUnicodeString
+    - HalTranslateBusAddress
+    - WdfVersionUnbind
+    - WdfVersionBind
+    - WdfVersionBindClass
+    - WdfVersionUnbindClass
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    - WDFLDR.SYS
+    InternalName: ''
+    MD5: 97221e16e7a99a00592ca278c49ffbfc
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 01fa87d3ec80d5af5f5d299a66795493
+        SHA1: 5957eeee532c4f376ed95fb03784c5051dd8c097
+        SHA256: 39f1dcdc4eeab157c00e38de7f5f1aff3b162318d5c9e33e8f63becae1850eb2
+    SHA1: 943593e880b4d340f2548548e6e673ef6f61eed3
+    SHA256: e1980c6592e6d2d92c1a65acad8f1071b6a404097bb6fcce494f3c8ac31385cf
+    Sections:
+        .text:
+            Entropy: 6.0566282345703675
+            Virtual Size: '0xdbe'
+        .rdata:
+            Entropy: 3.918940983915505
+            Virtual Size: '0x2b4'
+        .data:
+            Entropy: 0.632570099181397
+            Virtual Size: '0x1028'
+        .pdata:
+            Entropy: 3.595150149062291
+            Virtual Size: '0xc0'
+        INIT:
+            Entropy: 4.92328698169394
+            Virtual Size: '0x326'
+        .reloc:
+            Entropy: 1.4575187496394217
+            Virtual Size: '0x30'
+    Signature:
+    - Exacq Technologies, Inc.
+    - StartCom Class 3 Primary Intermediate Object CA
+    - StartCom Certification Authority
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing,
+                CN=StartCom Certification Authority
+            ValidFrom: '2011-04-15 20:13:19'
+            ValidTo: '2021-04-15 20:23:19'
+            Signature: 375933ca5e487d489a5be42fdbdb59a8c61f77c0a58747e86508c6672688d95c58e2c631ac0c32b96f7cc58748db2c0a23484d0dcf1116ef60577ed5326e22de373cc7dc16f3c9ce2939fb37daf5e4e741d8a2f82db3498a601f64ef9c1364b3469a82cc650f18550776c9e9337790a644daefa64d551038316f3a58ed31486190c04615b4c0a64e5493c00db524e55017c6d62392226992e0abab297508255399959f50b65b6753aaa2ba905a6ea3e35b5c830e54426dbdb917a8205284b51a4fb24d68d2c28ff8f9ae837c24a6e6c17f9a932f2e550df87bc1be336fab0cd934585c9c40ce284a015529655d5bfd525a54591171470b3eff2c9ae931d9046a33871d2f880fc99aab14a8c20b4f8589ac25490dff54395513d6b84d6bf44aad1833bc8e0052b476c2eccd8beb60d57880844a0eb93d4d560d1b17176f60fcdbd867cd3d4082b55c567f8d274cc76d5da410b57c410c39912f41d2c6310686eb405087d8131e852f10448b7a0361693b29fedfcdd3e07d19ba3b84e34e9ad78c7cd73d9dd7fd50108f06683bd8be3bbbaa284552eadde83a334caf38c715e3e97cee83eb2a1cbdd8fdf5394e7c5f25b39349ca88e56152f0dd14f8394ead47182aefcc6b29493fd7a48e7abd6f6bee675db7b167a60055014532b842fe96fc06b9cecfcff9fb6eab728718451afce3846a414f36714c77eea3191ab87d098c01
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 6139bb9c000000000033
+            Version: 3
+            TBS:
+                MD5: 5b3304180221a8328ce477b1fd93898f
+                SHA1: 9b7f1e1653a52d801387f1e51d17fabb8d435d0c
+                SHA256: 67070bcf2ee304cedd252a1dd8a7222c1be50fd2d5eabef9446cb633e133d264
+                SHA384: be36b1ba9a006afb9eb53263634cb8ca38dd6ca7f95ec56f943324f3a26f9c34c2dff1a3a5c72c88513e23e1f20c8824
+        -   Subject: C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing,
+                CN=StartCom Class 3 Primary Intermediate Object CA
+            ValidFrom: '2007-10-24 22:03:55'
+            ValidTo: '2017-10-24 22:03:55'
+            Signature: b8eba5382cab9038cfbe906919952f964e48103545b043712eb90e670f618458ed651ae0d8515c96c4df69cafb62bf35ea4a6923f2f67f60db652925e8ba5ef9485920745c9998fa7ed74eaf43963b88880e81f1d0a6a9af1df5e73e045be8927b624a531d3b7aaf94a20502da0fada1a732166a1d5d88f1ddc5da7e91b00a53124ddbefcdea9f48dfbfb27c0192f9816379a06f0e97d99044a550b8874b5cd89ca27aad4b91f31174e6a82342d4265ca83d85a035ec5308ddb62d1c21c8484ac4c83ab06e2f43e6df64097586fe0e68d26354a066e49eefdb5c74a0a8dc40e97b67d63b3ed286d31621d1e13252a3e6c2e1637e74431abeec29ae56e11811fa650b37340eb44799f86fb4994ed235b04764b5fee9afb69a23c282c838b6d4a42e3421ce03ef4c3841502f0dad40c82827e9eb7c2bd1704e2c8818c87c3f24505dcb5354679fd7a109980b0b8b2169ba72a6127bb05a0e697cc706ba2c7a950f079463235657a5382a63c4206a9e84438fdad8d03fd07d9592132916c0d868cae5fe7598b6f410e17c309eb990292035e31c56b30afd86717cfbbc0b2e8c94e35469c4784d1e0af80f33b9e256d789841c9cdf6fc50b8f998351066b441d6f30bcbef93a190bccfae6bc223f3d5475b80a647f7f65bba29049c3f227f7bbb97eb7688782cd43ec6cacab29c7d040e2bb3a0218315077ae33b1a9a8c62d4570ff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: '26'
+            Version: 3
+            TBS:
+                MD5: 40b719dc6e7a16f1672333943daca04b
+                SHA1: fbb05f9486d50f8f35013e531f1504e9f62cb3df
+                SHA256: 4997f6bbc707da19c7897e17a916d35dfbd8112bb671ac5d2d9397c690b7ba5c
+                SHA384: f73bf1c578a221661f96516389fd512e150551bab68487c981a2dfbb172419e2d2e5b00f52b50a251b9ff5dcb0be83df
+        -   Subject: ??=Hdgwyqp6jNS97z8P, C=US, ST=Indiana, L=Fishers, O=Exacq Technologies,
+                Inc., CN=Exacq Technologies, Inc., emailAddress=info@exacq.com
+            ValidFrom: '2014-07-24 18:00:20'
+            ValidTo: '2017-07-24 09:00:56'
+            Signature: b4fea6e9fcf641e617b115ceca7bf10bbdcce8ed5a6644fe006af7a42a7e67ce269bef720dc937e258a7df51c342f9b00a5202ee5d651f76a3d1a7729cacb3db6a811d17df6042f447a26544de87b59d9d241a7446af330bd89fae3f9a07f8ea86ae276fb5f0c325ac0b7ba62c7e58a551e319daf55bfb4a1cde484b9519fb07f7f4801afe43ed99b6275cc66d36c23d0b1aebf05bebd79a1f16f7084c5bc1b2d935e6868ed0e1ca7100a6ef14af0194439e0e33de20ab71e5fe453c632c6686dbc5ecb969619e8519fd5f79da2ddf35936daa73c0c6216661e290de4d6473b3a1a964917567692568e8365de7ed1e4801749a004b915e58755de83a0e23f2e3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0f69
+            Version: 3
+            TBS:
+                MD5: f5497dbe7af27561736a3ba6935044e8
+                SHA1: 50728ba20d7ee0726bb8aa4a9d9659f7c938830f
+                SHA256: e468a80174391ca98a6720033afaec1f31468ac2aeee5938ff0350977ec443fe
+                SHA384: 5b5ae06ffc6250a52e3085bc0c8da4f74d722ff772535cb5f14588218b3dcad60f5b09c79afb2e189b4f60a11e286f63
+        Signer:
+        -   SerialNumber: 0f69
+            Issuer: C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing,
+                CN=StartCom Class 3 Primary Intermediate Object CA
+            Version: 1
+    Imphash: 9e15ce38f071c916bea830247f1241bb
+    LoadsDespiteHVCI: 'TRUE'
+-   Authentihash:
+        MD5: 198111fd73515aa7fe4387612f027f0f
+        SHA1: 651b953cb03928e41424ad59f21d4978d6f4952e
+        SHA256: ebbaa44277a3ec6e20ad3f6aef5399fdc398306eb4c13aa96e45c9a281820a12
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2018-03-19 21:59:12'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: winio64.sys
+    ImportedFunctions:
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - ZwUnmapViewOfSection
+    - ZwClose
+    - IofCompleteRequest
+    - ObReferenceObjectByHandle
+    - ZwMapViewOfSection
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - RtlAssert
+    - ZwOpenSection
+    - DbgPrint
+    - KeBugCheckEx
+    - IoCreateSymbolicLink
+    - IoDeleteSymbolicLink
+    - HalTranslateBusAddress
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: 11fb599312cb1cf43ca5e879ed6fb71e
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 2b745d90a102a42256774e350aac3080
+        SHA1: 45768de16e9654a5b21dcc916b5115ef81950791
+        SHA256: 59089a80084d2dd2efbc48ed53ce8eb6198155fe8552e36c1355c732691963a3
+    SHA1: b4d014b5edd6e19ce0e8395a64faedf49688ecb5
+    SHA256: 9fc29480407e5179aa8ea41682409b4ea33f1a42026277613d6484e5419de374
+    Sections:
+        .text:
+            Entropy: 6.155249930767524
+            Virtual Size: '0x103c'
+        .rdata:
+            Entropy: 3.9170994221049087
+            Virtual Size: '0x144'
+        .data:
+            Entropy: 0.5159719988134768
+            Virtual Size: '0x110'
+        .pdata:
+            Entropy: 3.1235136228187446
+            Virtual Size: '0x54'
+        INIT:
+            Entropy: 5.023217119758618
+            Virtual Size: '0x2a6'
+    Signature:
+    - Microsoft Windows Hardware Compatibility Publisher
+    - Microsoft Windows Third Party Component CA 2014
+    - Microsoft Root Certificate Authority 2010
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Hardware Compatibility Publisher
+            ValidFrom: '2017-10-05 17:44:16'
+            ValidTo: '2018-10-05 17:44:16'
+            Signature: 5d029dd2c0ca0f997555ec89434d33899bd9a1ed711df775386647a579200c20df265adea863cc62d7e52425677abd190bf3717a12cd237961cdb74793930af7d63c57e4b868dbe09b8f03604a5a2e2b7fda4f9210aca193758f848d353f68f5913887c6e286a88519db9258401e939a2b541ea2b970460afa999f9fd26ba5b7c109d1088a3c2d42873691ff2ccb482289205190d0349c1f5b559f5f84e2bfa45e0152111d2c54ccd7d6212c50b5de6f0add83776bc70b319a108076fde4973d281e0f020f33dd8f7d57501216c6499d40dd8ac64566a564fee1abf5d3667d3b9bc9c904dfba7c0ca42b0d8267b16e8fe257f11c45f2fbe2d9bba0f688d12c4ffb563b68fc1e8be829f600829c49fdac4f757ea24e774d000ef3caa359f1a34ef54c77a3c0c11fc3a5849efd089b301356ff4c88a811abfdadeac18a64f61ea2d79146c18c0d3f066abc0b0fa9e803a8a3e99a960be0c4b40a7a36a7d2880ff89a17f7db91181f67dd134ae7751ac0bcdf047c262834fe3ad8ca28e2f74c3ad7f370b6f184fb58001f1b12c1aa214117f3b253162d2a29a5096d6620324c63c5e32a3cf7384664a09a978dbbebe0b6e34d1aaa1b959e620b0e37750322453dcd172537bd90717c9c9508ad1f3b9281091562c62a2a3004b89d35ee7cb6ea1927b32ffac4bdeaa1b596c5a136e0dd4498fbd3c3a6f17c4ee2668ab03229a4a013
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 330000001f9800c911029569be00000000001f
+            Version: 3
+            TBS:
+                MD5: adc809facabcdfc353d4e5d9f8956845
+                SHA1: ec1181c8eafabeee4ba13edd8f260a880474b665
+                SHA256: cca1b4b3969e9dc0065cfa36ee48648341771a5af94db2d51320d6352c16c85b
+                SHA384: a2dfd2d0ad5b27d66da28e972c313ebc2395004638dc6344fafd26d79735359f7562d273b7dbacf6ab294a913a20cd0b
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2014
+            ValidFrom: '2014-10-15 20:31:27'
+            ValidTo: '2029-10-15 20:41:27'
+            Signature: 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 330000000d690d5d7893d076df00000000000d
+            Version: 3
+            TBS:
+                MD5: 83f69422963f11c3c340b81712eef319
+                SHA1: 0c5e5f24590b53bc291e28583acb78e5adc95601
+                SHA256: d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
+                SHA384: 260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63
+        Signer:
+        -   SerialNumber: 330000001f9800c911029569be00000000001f
+            Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2014
+            Version: 1
+    Imphash: 85f86c7c8ce81a78e84efa545d7edc65
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/9543c507-9b10-4de8-89b9-42a4f24c99ec.yaml b/yaml/9543c507-9b10-4de8-89b9-42a4f24c99ec.yaml
index ca21a44e3..481261316 100644
--- a/yaml/9543c507-9b10-4de8-89b9-42a4f24c99ec.yaml
+++ b/yaml/9543c507-9b10-4de8-89b9-42a4f24c99ec.yaml
@@ -1,969 +1,970 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 9543c507-9b10-4de8-89b9-42a4f24c99ec
+Tags:
+- FPCIE2COM.sys
+Verified: 'TRUE'
 Author: Takahiro Haruyama
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create FPCIE2COMsys binPath= C:\windows\temp\FPCIE2COMsys.sys type=kernel
-    && sc.exe start FPCIE2COMsys
-  Description: The Carbon Black Threat Analysis Unit (TAU) discovered 34 unique vulnerable
-    drivers (237 file hashes) accepting firmware access. Six allow kernel memory access.
-    All give full control of the devices to non-admin users. By exploiting the vulnerable
-    drivers, an attacker without the system privilege may erase/alter firmware, and/or
-    elevate privileges. As of the time of writing in October 2023, the filenames of
-    the vulnerable drivers have not been made public until now.
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-11-02'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: 9543c507-9b10-4de8-89b9-42a4f24c99ec
-KnownVulnerableSamples:
-- Company: Fintek Corp.
-  Date: ''
-  Description: Fintek Pcie2Uart Adapter
-  FileVersion: 1, 0, 0, 0
-  Filename: ''
-  MD5: c552dae8eaadd708a38704e8d62cf64d
-  MachineType: I386
-  OriginalFilename: FPCIE2COM.sys
-  Product: Fintek Corp. Fintek Pcie2Uart
-  ProductVersion: 1, 0, 0, 0
-  Publisher: ''
-  SHA1: 59b0b8e3478f3d21213a8afda84181c4ed0a79a7
-  SHA256: 17942865680bd3d6e6633c90cc4bd692ae0951a8589dbe103c1e293b3067344d
-  Signature: ''
-  Imphash: 3ca448454c33a5c72ad5e774de47930a
-  Authentihash:
-    MD5: 3145cb38dd53aca44d7e050667782858
-    SHA1: 532b0d04fe8f2302932988a4161f7fb327d46e46
-    SHA256: 65cf1a886b3e3ec8070bde31cb8e254cd623de1e8c7dd71248b84e6de77a08e6
-  RichPEHeaderHash:
-    MD5: 560c4546e7cd8f033e7a83b8263b0b78
-    SHA1: 268cae1f912917f8f8c247af338a1975395eef9f
-    SHA256: 6a61fd1183e0e57a3475b5b0ee2187c789b2fc3faa2ca60a022aac44f744395e
-  Sections:
-    .text:
-      Entropy: 6.194550115167728
-      Virtual Size: '0x388d'
-    .rdata:
-      Entropy: 4.949802156051865
-      Virtual Size: '0x1c8'
-    .data:
-      Entropy: 3.2192145041934057
-      Virtual Size: '0x238'
-    PAGE:
-      Entropy: 6.0803456106377975
-      Virtual Size: '0x174c'
-    INIT:
-      Entropy: 5.411740050770134
-      Virtual Size: '0x6ce'
-    .rsrc:
-      Entropy: 5.793269376326418
-      Virtual Size: '0x808'
-    .reloc:
-      Entropy: 5.998696043406143
-      Virtual Size: '0x3fc'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2015-12-10 18:49:33'
-  InternalName: ''
-  Copyright: Copyright @ Fintek Corp. 2002-2013
-  Imports:
-  - NTOSKRNL.EXE
-  - HAL.DLL
-  - WMILIB.SYS
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - ExAllocatePoolWithTag
-  - IoInitializeRemoveLockEx
-  - IoCreateDevice
-  - RtlInitUnicodeString
-  - _snwprintf
-  - InterlockedIncrement
-  - MmUnmapIoSpace
-  - WRITE_REGISTER_BUFFER_UCHAR
-  - MmMapIoSpace
-  - READ_REGISTER_BUFFER_ULONG
-  - RtlCopyUnicodeString
-  - IoAttachDeviceToDeviceStack
-  - KeSetEvent
-  - PoSetPowerState
-  - IoCreateSymbolicLink
-  - IoDeleteSymbolicLink
-  - ZwQueryValueKey
-  - ExAllocatePool
-  - memcpy
-  - ZwSetValueKey
-  - RtlAppendUnicodeToString
-  - ExFreePoolWithTag
-  - ZwClose
-  - ZwOpenKey
-  - IoIsWdmVersionAvailable
-  - swprintf
-  - atoi
-  - IoOpenDeviceRegistryKey
-  - IoDetachDevice
-  - IoDeleteDevice
-  - KeWaitForSingleObject
-  - IofCallDriver
-  - KeInitializeEvent
-  - ObfReferenceObject
-  - IoReleaseRemoveLockAndWaitEx
-  - IoReleaseRemoveLockEx
-  - IoAcquireRemoveLockEx
-  - RtlFreeUnicodeString
-  - ExFreePool
-  - memset
-  - IoFreeIrp
-  - ObfDereferenceObject
-  - IoAllocateIrp
-  - IoGetAttachedDeviceReference
-  - InterlockedDecrement
-  - IoBuildSynchronousFsdRequest
-  - PoCallDriver
-  - PoStartNextPowerIrp
-  - PoRequestPowerIrp
-  - ExQueueWorkItem
-  - IoWMIRegistrationControl
-  - KeTickCount
-  - KeBugCheckEx
-  - IofCompleteRequest
-  - KfAcquireSpinLock
-  - KfReleaseSpinLock
-  - KeGetCurrentIrql
-  - WRITE_PORT_ULONG
-  - READ_PORT_ULONG
-  - READ_PORT_UCHAR
-  - WRITE_PORT_UCHAR
-  - WmiCompleteRequest
-  - WmiSystemControl
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 Extended Validation Code Signing CA , G2
-      ValidFrom: '2014-03-04 00:00:00'
-      ValidTo: '2024-03-03 23:59:59'
-      Signature: 3f5b19f3fa13d575382a5aee9f5aa04ca91dc5cc94eede15fef5106ea41ba56483541858c40b28a185c34e74e5ff897cfed5ed3cba719f5602268f162a88feb0a32722ce4be2388e00a63a865f9de53ea8de644941744121fd07c88417da1d653082cb264f39d60427a481b14b49c3238b7e02321827b7ab0bf31872b6a4ee67066f38a6588de0f17e5da460c6a8e5505fe0e8bae28f9958b6b5a0a876f1a2f11c8841727e52979b0a36998d50f701eb3ce7f0226ae5358c63368a1ab1d967665f971aefa8209df02fba6cced9948500f158f17dc97c22b5075d02c6e60bbfab9393ff27188e33367e5734f1c3af04c184f156b3e8878336f8d30a31dc6e2c6d
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 191a32cb759c97b8cfac118dd5127f49
-      Version: 3
-      TBS:
-        MD5: 788b61bd26da89253179e3de2cdb527f
-        SHA1: 7d06f16e7bf21bce4f71c2cb7a3e74351451bf69
-        SHA256: b3c925b4048c3f7c444d248a2b101186b57cba39596eb5dce0e17a4ee4b32f19
-        SHA384: 2955e28cb7ec0ea9730b499a0f189f9621eceb02591a9486b583f12bb845885a30d6a871826318a167cc5f06b274e58c
-    - Subject: ??=TW, ??=Private Organization, serialNumber=80333472, C=TW, ST=Hsinchu,
-        L=Chupei City, O=Feature Integration Technology Inc, CN=Feature Integration
-        Technology Inc
-      ValidFrom: '2015-05-14 00:00:00'
-      ValidTo: '2017-05-13 23:59:59'
-      Signature: 297893e8612cdccf2bc5ff2cb810dc2a868aa1675d1598bb6a27f22010570e39e89167285c8dbba0abfeaa41a4329e1f21e62ef9a15bc94954e259e0292d9315670097fe51d0778cb97dbb990e7bcb9cfd894bf7e4289e8ec8f3fe1882d2cd1a8261a494537202c3c53e82cc96c3eddc00e2e611c21a9ad7564c13c72eef27d3b479b031a64d8afc84a3bdb76d85fa40f6bdf3f307733bcfee0e9d23e423a97162317cdff0f47e1a083c3d145ad574c54ef4e701d7e868da22b2e16149dc53a9451ce9cd46dc5e0a7b036d04fd73f601406b722fde98fe4f2acfadc670feb885f7e57d0d9e376cd967deb3998b966a57f79f5c49a68920c52ed74368379c1ad2
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 1b0403aaa7d4b40ea3c691a11217f378
-      Version: 3
-      TBS:
-        MD5: b0d42f7686780a7cbd4e531dd96d18fb
-        SHA1: e0d0c6dd0804554232caee87297decab44169257
-        SHA256: 804da934d7c2508775d1c74452b0305f76af5bc4139ca251af3ce55b4be41651
-        SHA384: e761d349002b37019e26ae9dbae64e1c055fe833e57984491987ec0b1e64dc79abaf150cbf1db76a41c192b1c98f46e4
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    Signer:
-    - SerialNumber: 1b0403aaa7d4b40ea3c691a11217f378
-      Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 Extended Validation Code Signing CA , G2
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: Fintek Corp.
-  Date: ''
-  Description: Fintek Pcie2Uart Adapter
-  FileVersion: 1, 0, 0, 0
-  Filename: ''
-  MD5: ecccbf1e7c727f923c9d709707800e6c
-  MachineType: AMD64
-  OriginalFilename: FPCIE2COM.sys
-  Product: Fintek Corp. Fintek Pcie2Uart
-  ProductVersion: 1, 0, 0, 0
-  Publisher: ''
-  SHA1: cfcecf6207d16aeb0af29aac8a4a2f104483018e
-  SHA256: 32bd0edb9daa60175b1dc054f30e28e8dbfa293a32e6c86bfd06bc046eaa2f9e
-  Signature: ''
-  Imphash: 8d616e68080def2200312de80392efa7
-  Authentihash:
-    MD5: f31b7135682f2657dbe7dfffd065ff53
-    SHA1: bcb3a8484cf837a1874c5eca94d05fa4c295d9ee
-    SHA256: 4ea2a3a6edb3c772f9d358a720f9106260ef22d339bd3c7895e7b5cda03e424d
-  RichPEHeaderHash:
-    MD5: 0131d804ea86a1a0f91c701b4b77854f
-    SHA1: fa3de710100580bd027b4778c2788eb34b078ac5
-    SHA256: 584d6891aaca937da93db4d3125bbb436fbfc5364afae8e399711736429183ce
-  Sections:
-    .text:
-      Entropy: 6.079455671694147
-      Virtual Size: '0x4621'
-    .rdata:
-      Entropy: 4.707304057250705
-      Virtual Size: '0x4c4'
-    .data:
-      Entropy: 1.9479545968141223
-      Virtual Size: '0x464'
-    .pdata:
-      Entropy: 4.154780308135963
-      Virtual Size: '0x2e8'
-    PAGE:
-      Entropy: 5.997687300254138
-      Virtual Size: '0x1ca8'
-    INIT:
-      Entropy: 4.925204557389073
-      Virtual Size: '0x6a2'
-    .rsrc:
-      Entropy: 5.796000589033034
-      Virtual Size: '0x808'
-    .reloc:
-      Entropy: 3.4303212434984744
-      Virtual Size: '0xd6'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2015-12-10 18:49:25'
-  InternalName: ''
-  Copyright: Copyright @ Fintek Corp. 2002-2013
-  Imports:
-  - ntoskrnl.exe
-  - WMILIB.SYS
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoDeleteDevice
-  - KeSetEvent
-  - swprintf
-  - RtlAppendUnicodeToString
-  - KeInitializeEvent
-  - atoi
-  - ZwSetValueKey
-  - KeReleaseSpinLock
-  - IoDetachDevice
-  - MmUnmapIoSpace
-  - PoSetPowerState
-  - RtlFreeUnicodeString
-  - ZwQueryValueKey
-  - ExAllocatePool
-  - ExFreePool
-  - MmMapIoSpace
-  - ZwClose
-  - IofCompleteRequest
-  - KeWaitForSingleObject
-  - IoAttachDeviceToDeviceStack
-  - IoIsWdmVersionAvailable
-  - IoCreateSymbolicLink
-  - RtlInitUnicodeString
-  - IoInitializeRemoveLockEx
-  - IoOpenDeviceRegistryKey
-  - IoCreateDevice
-  - IofCallDriver
-  - ZwOpenKey
-  - KeAcquireSpinLockRaiseToDpc
-  - IoAcquireRemoveLockEx
-  - IoReleaseRemoveLockEx
-  - IoReleaseRemoveLockAndWaitEx
-  - ObfReferenceObject
-  - _snwprintf
-  - IoBuildSynchronousFsdRequest
-  - IoFreeIrp
-  - IoGetAttachedDeviceReference
-  - IoAllocateIrp
-  - ObfDereferenceObject
-  - ExQueueWorkItem
-  - PoRequestPowerIrp
-  - PoStartNextPowerIrp
-  - PoCallDriver
-  - IoWMIRegistrationControl
-  - KeBugCheckEx
-  - ExFreePoolWithTag
-  - IoDeleteSymbolicLink
-  - RtlCopyUnicodeString
-  - ExAllocatePoolWithTag
-  - WmiSystemControl
-  - WmiCompleteRequest
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 Extended Validation Code Signing CA , G2
-      ValidFrom: '2014-03-04 00:00:00'
-      ValidTo: '2024-03-03 23:59:59'
-      Signature: 3f5b19f3fa13d575382a5aee9f5aa04ca91dc5cc94eede15fef5106ea41ba56483541858c40b28a185c34e74e5ff897cfed5ed3cba719f5602268f162a88feb0a32722ce4be2388e00a63a865f9de53ea8de644941744121fd07c88417da1d653082cb264f39d60427a481b14b49c3238b7e02321827b7ab0bf31872b6a4ee67066f38a6588de0f17e5da460c6a8e5505fe0e8bae28f9958b6b5a0a876f1a2f11c8841727e52979b0a36998d50f701eb3ce7f0226ae5358c63368a1ab1d967665f971aefa8209df02fba6cced9948500f158f17dc97c22b5075d02c6e60bbfab9393ff27188e33367e5734f1c3af04c184f156b3e8878336f8d30a31dc6e2c6d
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 191a32cb759c97b8cfac118dd5127f49
-      Version: 3
-      TBS:
-        MD5: 788b61bd26da89253179e3de2cdb527f
-        SHA1: 7d06f16e7bf21bce4f71c2cb7a3e74351451bf69
-        SHA256: b3c925b4048c3f7c444d248a2b101186b57cba39596eb5dce0e17a4ee4b32f19
-        SHA384: 2955e28cb7ec0ea9730b499a0f189f9621eceb02591a9486b583f12bb845885a30d6a871826318a167cc5f06b274e58c
-    - Subject: ??=TW, ??=Private Organization, serialNumber=80333472, C=TW, ST=Hsinchu,
-        L=Chupei City, O=Feature Integration Technology Inc, CN=Feature Integration
-        Technology Inc
-      ValidFrom: '2015-05-14 00:00:00'
-      ValidTo: '2017-05-13 23:59:59'
-      Signature: 297893e8612cdccf2bc5ff2cb810dc2a868aa1675d1598bb6a27f22010570e39e89167285c8dbba0abfeaa41a4329e1f21e62ef9a15bc94954e259e0292d9315670097fe51d0778cb97dbb990e7bcb9cfd894bf7e4289e8ec8f3fe1882d2cd1a8261a494537202c3c53e82cc96c3eddc00e2e611c21a9ad7564c13c72eef27d3b479b031a64d8afc84a3bdb76d85fa40f6bdf3f307733bcfee0e9d23e423a97162317cdff0f47e1a083c3d145ad574c54ef4e701d7e868da22b2e16149dc53a9451ce9cd46dc5e0a7b036d04fd73f601406b722fde98fe4f2acfadc670feb885f7e57d0d9e376cd967deb3998b966a57f79f5c49a68920c52ed74368379c1ad2
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 1b0403aaa7d4b40ea3c691a11217f378
-      Version: 3
-      TBS:
-        MD5: b0d42f7686780a7cbd4e531dd96d18fb
-        SHA1: e0d0c6dd0804554232caee87297decab44169257
-        SHA256: 804da934d7c2508775d1c74452b0305f76af5bc4139ca251af3ce55b4be41651
-        SHA384: e761d349002b37019e26ae9dbae64e1c055fe833e57984491987ec0b1e64dc79abaf150cbf1db76a41c192b1c98f46e4
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    Signer:
-    - SerialNumber: 1b0403aaa7d4b40ea3c691a11217f378
-      Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 Extended Validation Code Signing CA , G2
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: Feature Integration Technology Inc.
-  Date: ''
-  Description: FINTEK PCIECOM Adapter
-  FileVersion: 22,12,5,0
-  Filename: ''
-  MD5: cafbf85b902f189ba35f3d7823aad195
-  MachineType: I386
-  OriginalFilename: FPCIE2COM.sys
-  Product: 'FINTEK PCIECOM '
-  ProductVersion: 22,12,5,0
-  Publisher: ''
-  SHA1: f70eb454c0e9ea67a18c625faf7a666665801035
-  SHA256: 81fbc9d02ef9e05602ea9c0804d423043d0ea5a06393c7ece3be03459f76a41d
-  Signature: ''
-  Imphash: 799c9c020c6fcfd11a4172bc861f74af
-  Authentihash:
-    MD5: 6c193ad2e2b576f5c410cc4cf75475c0
-    SHA1: 772d1324df82b2fcf33a86d96d1267854695c962
-    SHA256: 1970400679c3ae7000f1ba3e0f12c2d5443df7fbb8947cabe45c7ae977806efb
-  RichPEHeaderHash:
-    MD5: 4d2a279f87a57838bb49ad62fe981940
-    SHA1: a744f529856b0ea75953f2f6228b94cf46d9f0d9
-    SHA256: e603397d41c6d4244e3f05ab451c41f8cdb8e8bf891874d7ac9a52a60be8c25d
-  Sections:
-    .text:
-      Entropy: 6.204197473497571
-      Virtual Size: '0x3ecb'
-    .rdata:
-      Entropy: 4.364891658422532
-      Virtual Size: '0x508'
-    .data:
-      Entropy: 2.74269782750115
-      Virtual Size: '0x1ec'
-    PAGE:
-      Entropy: 6.1616664882521865
-      Virtual Size: '0x266c'
-    INIT:
-      Entropy: 5.520089305549897
-      Virtual Size: '0x6ee'
-    .rsrc:
-      Entropy: 5.949694402837037
-      Virtual Size: '0x790'
-    .reloc:
-      Entropy: 6.3808996505064695
-      Virtual Size: '0x420'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2022-12-05 01:30:27'
-  InternalName: ''
-  Copyright: Copyright (C) 2022 Feature Integration Technology Inc.
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  - WMILIB.SYS
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - ExFreePoolWithTag
-  - MmMapIoSpace
-  - MmUnmapIoSpace
-  - IoAttachDeviceToDeviceStack
-  - IofCallDriver
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoIsWdmVersionAvailable
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - IoDetachDevice
-  - IoInitializeRemoveLockEx
-  - IoOpenDeviceRegistryKey
-  - PoSetPowerState
-  - ZwClose
-  - ZwCreateKey
-  - ZwOpenKey
-  - ZwQueryValueKey
-  - ZwSetValueKey
-  - swprintf
-  - ExFreePool
-  - atoi
-  - memcpy
-  - IoAcquireRemoveLockEx
-  - IoReleaseRemoveLockEx
-  - IoReleaseRemoveLockAndWaitEx
-  - IoGetDeviceProperty
-  - ObfReferenceObject
-  - ZwCreateFile
-  - ZwReadFile
-  - memset
-  - KeDelayExecutionThread
-  - IoAllocateIrp
-  - IoBuildSynchronousFsdRequest
-  - IoFreeIrp
-  - IoGetAttachedDeviceReference
-  - ObfDereferenceObject
-  - _allmul
-  - ExQueueWorkItem
-  - PoRequestPowerIrp
-  - PoCallDriver
-  - PoStartNextPowerIrp
-  - IoWMIRegistrationControl
-  - ExAllocatePoolWithTag
-  - ExAllocatePool
-  - KeWaitForSingleObject
-  - KeSetEvent
-  - KeInitializeEvent
-  - WRITE_REGISTER_BUFFER_UCHAR
-  - READ_REGISTER_BUFFER_ULONG
-  - RtlFreeUnicodeString
-  - RtlAppendUnicodeToString
-  - RtlCopyUnicodeString
-  - _snwprintf
-  - RtlInitUnicodeString
-  - KfAcquireSpinLock
-  - READ_PORT_ULONG
-  - KeStallExecutionProcessor
-  - KeGetCurrentIrql
-  - KfReleaseSpinLock
-  - READ_PORT_UCHAR
-  - WRITE_PORT_ULONG
-  - WRITE_PORT_UCHAR
-  - WmiCompleteRequest
-  - WmiSystemControl
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: ??=TW, ??=Private Organization, serialNumber=80333472, C=TW, L=Zhubei
-        City, O=Feature Integration Technology Inc., CN=Feature Integration Technology
-        Inc.
-      ValidFrom: '2020-05-18 00:00:00'
-      ValidTo: '2023-07-07 12:00:00'
-      Signature: 99ee78ec6e1fe71d32ee9a363441763f18bd1d43f94602e40e5fcd88db4081320c546941635210dd77ab1cc463e78155fbf6e46e18c9e835830a711d4deda38cf42a149d011bbbc065cf48bf511d759bfddd6424c3305706b688448f3cbc94ed432b92d6f0af70c9d8cbb9c3805fef1e409b3994bf7d11b9e0d2890fb8b9aa10e58a7cf5777851122293f5f4514797ba2d4416fe058ece0a42d2eadf871a57406e89990f237beb06a99989320b8898992ae21b50c8c71d535013636e66a22268613c32d8ca64fcf610f4e35f59b5e5935243f6eaf1503b38bc54194b244828a55ad3b5d23fc0912c568e81d166b5fee1e8823614c2fc14ae080da6ae347b33bb
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 03829816b04a1318528ff1c4cc820cbe
-      Version: 3
-      TBS:
-        MD5: 52811f961a802901aa7ba924b71f9ca8
-        SHA1: 36cfa3cd654e77c4c2dff091b4761a49bc852087
-        SHA256: 857e282813a570fead4ebce75d19f74ef2437ddc73253e9361a99cdb78b8d06a
-        SHA384: af17ec816c8fed617099707c53f28891cd0cd1794f070261d5bf76fcc32c61f82a4a4bc69cab170829f082712e035d21
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA (SHA2)
-      ValidFrom: '2012-04-18 12:00:00'
-      ValidTo: '2027-04-18 12:00:00'
-      Signature: 19334a0c813337dbad36c9e4c93abbb51b2e7aa2e2f44342179ebf4ea14de1b1dbe981dd9f01f2e488d5e9fe09fd21c1ec5d80d2f0d6c143c2fe772bdbf9d79133ce6cd5b2193be62ed6c9934f88408ecde1f57ef10fc6595672e8eb6a41bd1cd546d57c49ca663815c1bfe091707787dcc98d31c90c29a233ed8de287cd898d3f1bffd5e01a978b7cda6dfba8c6b23a666b7b01b3cdd8a634ec1201ab9558a5c45357a860e6e70212a0b92364a24dbb7c81256421becfee42184397bba53706af4dff26a54d614bec4641b865ceb8799e08960b818c8a3b8fc7998ca32a6e986d5e61c696b78ab9612d93b8eb0e0443d7f5fea6f062d4996aa5c1c1f0649480
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 03f1b4e15f3a82f1149678b3d7d8475c
-      Version: 3
-      TBS:
-        MD5: 83f5de89f641d0fbf60248e10a7b9534
-        SHA1: 382a73a059a08698d6eb98c87e1b36fc750933a4
-        SHA256: eec58131dc11cd7f512501b15fdbc6074c603b68ca91f7162d5a042054edb0cf
-        SHA384: 4a25018683cabfb8ec2cad136334f37f33c89aa8540326322991d997c8adfb7faf06ab602ebd46630fe75fe3d2edc6b1
-    Signer:
-    - SerialNumber: 03829816b04a1318528ff1c4cc820cbe
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA (SHA2)
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: Fintek Corp.
-  Date: ''
-  Description: Fintek Pcie2Uart Adapter
-  FileVersion: 1, 0, 0, 0
-  Filename: ''
-  MD5: 9fdcd543574a712a80d62da8bfd8331c
-  MachineType: I386
-  OriginalFilename: FPCIE2COM.sys
-  Product: Fintek Corp. Fintek Pcie2Uart
-  ProductVersion: 1, 0, 0, 0
-  Publisher: ''
-  SHA1: a0c7c913d7b5724a46581b6e00dd72c26c37794d
-  SHA256: b1920889466cd5054e3ab6433a618e76c6671c3e806af8b3084c77c0e7648cbe
-  Signature: ''
-  Imphash: ecf8495ba751a7e38d6be4c5c80f2bef
-  Authentihash:
-    MD5: fb1ece9e1203b6e2edd8a86e6c26f912
-    SHA1: b86c9e4c3d4f1e6be76f0a35351416854dd3f180
-    SHA256: 3f36bc2327a34da59c59e3fd4cb920a26f2db1c6a5f8eb17b00dc6e2a4ff71dc
-  RichPEHeaderHash:
-    MD5: 01a6cd8ec98b1707ae77683d666fc4eb
-    SHA1: 487f1824788f902cf5cf0bca4df1ecdfca9d582a
-    SHA256: b9ae362e9dd61922ababdaadcd28fad80b4a2056db587765b288e4540481aad4
-  Sections:
-    .text:
-      Entropy: 6.194411471241169
-      Virtual Size: '0x388d'
-    .rdata:
-      Entropy: 4.9515326941403
-      Virtual Size: '0x1c9'
-    .data:
-      Entropy: 3.2192145041934057
-      Virtual Size: '0x238'
-    PAGE:
-      Entropy: 6.082627566879683
-      Virtual Size: '0x174c'
-    INIT:
-      Entropy: 5.4251827355770565
-      Virtual Size: '0x6ce'
-    .rsrc:
-      Entropy: 5.793269376326418
-      Virtual Size: '0x808'
-    .reloc:
-      Entropy: 5.998696043406143
-      Virtual Size: '0x3fc'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2015-12-10 18:49:12'
-  InternalName: ''
-  Copyright: Copyright @ Fintek Corp. 2002-2013
-  Imports:
-  - ntoskrnl.exe
-  - HAL.DLL
-  - WMILIB.SYS
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - RtlInitUnicodeString
-  - _snwprintf
-  - InterlockedIncrement
-  - MmUnmapIoSpace
-  - WRITE_REGISTER_BUFFER_UCHAR
-  - MmMapIoSpace
-  - READ_REGISTER_BUFFER_ULONG
-  - IoCreateDevice
-  - IoInitializeRemoveLockEx
-  - KeSetEvent
-  - ExAllocatePoolWithTag
-  - RtlCopyUnicodeString
-  - ExFreePool
-  - ZwQueryValueKey
-  - ExAllocatePool
-  - memcpy
-  - ZwSetValueKey
-  - RtlAppendUnicodeToString
-  - ExFreePoolWithTag
-  - ZwClose
-  - ZwOpenKey
-  - IoAttachDeviceToDeviceStack
-  - swprintf
-  - atoi
-  - IoOpenDeviceRegistryKey
-  - PoSetPowerState
-  - IoCreateSymbolicLink
-  - KeWaitForSingleObject
-  - IofCallDriver
-  - KeInitializeEvent
-  - ObfReferenceObject
-  - IoReleaseRemoveLockAndWaitEx
-  - IoReleaseRemoveLockEx
-  - IoAcquireRemoveLockEx
-  - IoDeleteSymbolicLink
-  - IoDetachDevice
-  - memset
-  - IoFreeIrp
-  - ObfDereferenceObject
-  - IoAllocateIrp
-  - IoGetAttachedDeviceReference
-  - InterlockedDecrement
-  - IoBuildSynchronousFsdRequest
-  - PoCallDriver
-  - PoStartNextPowerIrp
-  - PoRequestPowerIrp
-  - ExQueueWorkItem
-  - IoWMIRegistrationControl
-  - KeTickCount
-  - KeBugCheckEx
-  - IoDeleteDevice
-  - RtlFreeUnicodeString
-  - IoIsWdmVersionAvailable
-  - IofCompleteRequest
-  - KfReleaseSpinLock
-  - READ_PORT_UCHAR
-  - KeGetCurrentIrql
-  - KfAcquireSpinLock
-  - WRITE_PORT_UCHAR
-  - READ_PORT_ULONG
-  - WRITE_PORT_ULONG
-  - WmiSystemControl
-  - WmiCompleteRequest
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 Extended Validation Code Signing CA , G2
-      ValidFrom: '2014-03-04 00:00:00'
-      ValidTo: '2024-03-03 23:59:59'
-      Signature: 3f5b19f3fa13d575382a5aee9f5aa04ca91dc5cc94eede15fef5106ea41ba56483541858c40b28a185c34e74e5ff897cfed5ed3cba719f5602268f162a88feb0a32722ce4be2388e00a63a865f9de53ea8de644941744121fd07c88417da1d653082cb264f39d60427a481b14b49c3238b7e02321827b7ab0bf31872b6a4ee67066f38a6588de0f17e5da460c6a8e5505fe0e8bae28f9958b6b5a0a876f1a2f11c8841727e52979b0a36998d50f701eb3ce7f0226ae5358c63368a1ab1d967665f971aefa8209df02fba6cced9948500f158f17dc97c22b5075d02c6e60bbfab9393ff27188e33367e5734f1c3af04c184f156b3e8878336f8d30a31dc6e2c6d
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 191a32cb759c97b8cfac118dd5127f49
-      Version: 3
-      TBS:
-        MD5: 788b61bd26da89253179e3de2cdb527f
-        SHA1: 7d06f16e7bf21bce4f71c2cb7a3e74351451bf69
-        SHA256: b3c925b4048c3f7c444d248a2b101186b57cba39596eb5dce0e17a4ee4b32f19
-        SHA384: 2955e28cb7ec0ea9730b499a0f189f9621eceb02591a9486b583f12bb845885a30d6a871826318a167cc5f06b274e58c
-    - Subject: ??=TW, ??=Private Organization, serialNumber=80333472, C=TW, ST=Hsinchu,
-        L=Chupei City, O=Feature Integration Technology Inc, CN=Feature Integration
-        Technology Inc
-      ValidFrom: '2015-05-14 00:00:00'
-      ValidTo: '2017-05-13 23:59:59'
-      Signature: 297893e8612cdccf2bc5ff2cb810dc2a868aa1675d1598bb6a27f22010570e39e89167285c8dbba0abfeaa41a4329e1f21e62ef9a15bc94954e259e0292d9315670097fe51d0778cb97dbb990e7bcb9cfd894bf7e4289e8ec8f3fe1882d2cd1a8261a494537202c3c53e82cc96c3eddc00e2e611c21a9ad7564c13c72eef27d3b479b031a64d8afc84a3bdb76d85fa40f6bdf3f307733bcfee0e9d23e423a97162317cdff0f47e1a083c3d145ad574c54ef4e701d7e868da22b2e16149dc53a9451ce9cd46dc5e0a7b036d04fd73f601406b722fde98fe4f2acfadc670feb885f7e57d0d9e376cd967deb3998b966a57f79f5c49a68920c52ed74368379c1ad2
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 1b0403aaa7d4b40ea3c691a11217f378
-      Version: 3
-      TBS:
-        MD5: b0d42f7686780a7cbd4e531dd96d18fb
-        SHA1: e0d0c6dd0804554232caee87297decab44169257
-        SHA256: 804da934d7c2508775d1c74452b0305f76af5bc4139ca251af3ce55b4be41651
-        SHA384: e761d349002b37019e26ae9dbae64e1c055fe833e57984491987ec0b1e64dc79abaf150cbf1db76a41c192b1c98f46e4
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    Signer:
-    - SerialNumber: 1b0403aaa7d4b40ea3c691a11217f378
-      Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 Extended Validation Code Signing CA , G2
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: Feature Integration Technology Inc.
-  Date: ''
-  Description: FINTEK PCIECOM Adapter
-  FileVersion: 22,12,5,0
-  Filename: ''
-  MD5: 05369fa594a033e48b7921018b3263fb
-  MachineType: AMD64
-  OriginalFilename: FPCIE2COM.sys
-  Product: 'FINTEK PCIECOM '
-  ProductVersion: 22,12,5,0
-  Publisher: ''
-  SHA1: 340ce5d8859f923222bea5917f40c4259cce1bbc
-  SHA256: ebf0e56a1941e3a6583aab4a735f1b04d4750228c18666925945ed9d7c9007e1
-  Signature: ''
-  Imphash: c91146dfe120f6e8fbed2150d9e020ca
-  Authentihash:
-    MD5: 34d9b3d02be97274e320bc946b0084cb
-    SHA1: 833a2dd7ac07ea34332173a2ca402d062af3a7b1
-    SHA256: 52478f3ddd3d0b9eb098e66049d132cc5c7e05720bfc78b6550ce5a40306d993
-  RichPEHeaderHash:
-    MD5: c8768793371ae4f9181875f108ee5fa2
-    SHA1: ebb852ab695113b1d914e8378b34e3a80a43f2c4
-    SHA256: 99ba56cb0b2be4c616466a63268242d16f30843d141becd8f0880b6865f14dab
-  Sections:
-    .text:
-      Entropy: 6.189965072283548
-      Virtual Size: '0x4cc1'
-    .rdata:
-      Entropy: 4.48017109840031
-      Virtual Size: '0xa28'
-    .data:
-      Entropy: 2.3499275679722134
-      Virtual Size: '0x330'
-    .pdata:
-      Entropy: 4.041740299789936
-      Virtual Size: '0x2c4'
-    PAGE:
-      Entropy: 6.1847773888411215
-      Virtual Size: '0x2c28'
-    INIT:
-      Entropy: 5.118835844237064
-      Virtual Size: '0x74e'
-    .rsrc:
-      Entropy: 5.949569622403056
-      Virtual Size: '0x790'
-    .reloc:
-      Entropy: 4.431474633150634
-      Virtual Size: '0xa4'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2022-12-05 01:30:48'
-  InternalName: ''
-  Copyright: Copyright (C) 2022 Feature Integration Technology Inc.
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  - WMILIB.SYS
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - KeSetEvent
-  - KeWaitForSingleObject
-  - KeAcquireSpinLockRaiseToDpc
-  - KeReleaseSpinLock
-  - ExAllocatePool
-  - ExAllocatePoolWithTag
-  - ExFreePool
-  - ExFreePoolWithTag
-  - MmMapIoSpace
-  - MmUnmapIoSpace
-  - IoAttachDeviceToDeviceStack
-  - IofCallDriver
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoIsWdmVersionAvailable
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - IoDetachDevice
-  - IoInitializeRemoveLockEx
-  - IoOpenDeviceRegistryKey
-  - PoSetPowerState
-  - ZwClose
-  - ZwCreateKey
-  - KeInitializeEvent
-  - ZwQueryValueKey
-  - ZwSetValueKey
-  - swprintf
-  - _snwprintf
-  - atoi
-  - KeGetCurrentIrql
-  - IoAcquireRemoveLockEx
-  - IoReleaseRemoveLockEx
-  - IoReleaseRemoveLockAndWaitEx
-  - IoGetDeviceProperty
-  - ObfReferenceObject
-  - ZwCreateFile
-  - ZwReadFile
-  - KeDelayExecutionThread
-  - IoAllocateIrp
-  - IoBuildSynchronousFsdRequest
-  - IoFreeIrp
-  - IoGetAttachedDeviceReference
-  - ObfDereferenceObject
-  - ExQueueWorkItem
-  - PoRequestPowerIrp
-  - PoCallDriver
-  - PoStartNextPowerIrp
-  - IoWMIRegistrationControl
-  - RtlFreeUnicodeString
-  - RtlAppendUnicodeToString
-  - RtlCopyUnicodeString
-  - ZwOpenKey
-  - RtlInitUnicodeString
-  - KeStallExecutionProcessor
-  - WmiSystemControl
-  - WmiCompleteRequest
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: ??=TW, ??=Private Organization, serialNumber=80333472, C=TW, L=Zhubei
-        City, O=Feature Integration Technology Inc., CN=Feature Integration Technology
-        Inc.
-      ValidFrom: '2020-05-18 00:00:00'
-      ValidTo: '2023-07-07 12:00:00'
-      Signature: 99ee78ec6e1fe71d32ee9a363441763f18bd1d43f94602e40e5fcd88db4081320c546941635210dd77ab1cc463e78155fbf6e46e18c9e835830a711d4deda38cf42a149d011bbbc065cf48bf511d759bfddd6424c3305706b688448f3cbc94ed432b92d6f0af70c9d8cbb9c3805fef1e409b3994bf7d11b9e0d2890fb8b9aa10e58a7cf5777851122293f5f4514797ba2d4416fe058ece0a42d2eadf871a57406e89990f237beb06a99989320b8898992ae21b50c8c71d535013636e66a22268613c32d8ca64fcf610f4e35f59b5e5935243f6eaf1503b38bc54194b244828a55ad3b5d23fc0912c568e81d166b5fee1e8823614c2fc14ae080da6ae347b33bb
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 03829816b04a1318528ff1c4cc820cbe
-      Version: 3
-      TBS:
-        MD5: 52811f961a802901aa7ba924b71f9ca8
-        SHA1: 36cfa3cd654e77c4c2dff091b4761a49bc852087
-        SHA256: 857e282813a570fead4ebce75d19f74ef2437ddc73253e9361a99cdb78b8d06a
-        SHA384: af17ec816c8fed617099707c53f28891cd0cd1794f070261d5bf76fcc32c61f82a4a4bc69cab170829f082712e035d21
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA (SHA2)
-      ValidFrom: '2012-04-18 12:00:00'
-      ValidTo: '2027-04-18 12:00:00'
-      Signature: 19334a0c813337dbad36c9e4c93abbb51b2e7aa2e2f44342179ebf4ea14de1b1dbe981dd9f01f2e488d5e9fe09fd21c1ec5d80d2f0d6c143c2fe772bdbf9d79133ce6cd5b2193be62ed6c9934f88408ecde1f57ef10fc6595672e8eb6a41bd1cd546d57c49ca663815c1bfe091707787dcc98d31c90c29a233ed8de287cd898d3f1bffd5e01a978b7cda6dfba8c6b23a666b7b01b3cdd8a634ec1201ab9558a5c45357a860e6e70212a0b92364a24dbb7c81256421becfee42184397bba53706af4dff26a54d614bec4641b865ceb8799e08960b818c8a3b8fc7998ca32a6e986d5e61c696b78ab9612d93b8eb0e0443d7f5fea6f062d4996aa5c1c1f0649480
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 03f1b4e15f3a82f1149678b3d7d8475c
-      Version: 3
-      TBS:
-        MD5: 83f5de89f641d0fbf60248e10a7b9534
-        SHA1: 382a73a059a08698d6eb98c87e1b36fc750933a4
-        SHA256: eec58131dc11cd7f512501b15fdbc6074c603b68ca91f7162d5a042054edb0cf
-        SHA384: 4a25018683cabfb8ec2cad136334f37f33c89aa8540326322991d997c8adfb7faf06ab602ebd46630fe75fe3d2edc6b1
-    Signer:
-    - SerialNumber: 03829816b04a1318528ff1c4cc820cbe
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA (SHA2)
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create FPCIE2COMsys binPath= C:\windows\temp\FPCIE2COMsys.sys
+        type=kernel && sc.exe start FPCIE2COMsys
+    Description: The Carbon Black Threat Analysis Unit (TAU) discovered 34 unique
+        vulnerable drivers (237 file hashes) accepting firmware access. Six allow
+        kernel memory access. All give full control of the devices to non-admin users.
+        By exploiting the vulnerable drivers, an attacker without the system privilege
+        may erase/alter firmware, and/or elevate privileges. As of the time of writing
+        in October 2023, the filenames of the vulnerable drivers have not been made
+        public until now.
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://blogs.vmware.com/security/2023/10/hunting-vulnerable-kernel-drivers.html
-Tags:
-- FPCIE2COM.sys
-Verified: 'TRUE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Company: Fintek Corp.
+    Date: ''
+    Description: Fintek Pcie2Uart Adapter
+    FileVersion: 1, 0, 0, 0
+    Filename: ''
+    MD5: c552dae8eaadd708a38704e8d62cf64d
+    MachineType: I386
+    OriginalFilename: FPCIE2COM.sys
+    Product: Fintek Corp. Fintek Pcie2Uart
+    ProductVersion: 1, 0, 0, 0
+    Publisher: ''
+    SHA1: 59b0b8e3478f3d21213a8afda84181c4ed0a79a7
+    SHA256: 17942865680bd3d6e6633c90cc4bd692ae0951a8589dbe103c1e293b3067344d
+    Signature: ''
+    Imphash: 3ca448454c33a5c72ad5e774de47930a
+    Authentihash:
+        MD5: 3145cb38dd53aca44d7e050667782858
+        SHA1: 532b0d04fe8f2302932988a4161f7fb327d46e46
+        SHA256: 65cf1a886b3e3ec8070bde31cb8e254cd623de1e8c7dd71248b84e6de77a08e6
+    RichPEHeaderHash:
+        MD5: 560c4546e7cd8f033e7a83b8263b0b78
+        SHA1: 268cae1f912917f8f8c247af338a1975395eef9f
+        SHA256: 6a61fd1183e0e57a3475b5b0ee2187c789b2fc3faa2ca60a022aac44f744395e
+    Sections:
+        .text:
+            Entropy: 6.194550115167728
+            Virtual Size: '0x388d'
+        .rdata:
+            Entropy: 4.949802156051865
+            Virtual Size: '0x1c8'
+        .data:
+            Entropy: 3.2192145041934057
+            Virtual Size: '0x238'
+        PAGE:
+            Entropy: 6.0803456106377975
+            Virtual Size: '0x174c'
+        INIT:
+            Entropy: 5.411740050770134
+            Virtual Size: '0x6ce'
+        .rsrc:
+            Entropy: 5.793269376326418
+            Virtual Size: '0x808'
+        .reloc:
+            Entropy: 5.998696043406143
+            Virtual Size: '0x3fc'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2015-12-10 18:49:33'
+    InternalName: ''
+    Copyright: Copyright @ Fintek Corp. 2002-2013
+    Imports:
+    - NTOSKRNL.EXE
+    - HAL.DLL
+    - WMILIB.SYS
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - ExAllocatePoolWithTag
+    - IoInitializeRemoveLockEx
+    - IoCreateDevice
+    - RtlInitUnicodeString
+    - _snwprintf
+    - InterlockedIncrement
+    - MmUnmapIoSpace
+    - WRITE_REGISTER_BUFFER_UCHAR
+    - MmMapIoSpace
+    - READ_REGISTER_BUFFER_ULONG
+    - RtlCopyUnicodeString
+    - IoAttachDeviceToDeviceStack
+    - KeSetEvent
+    - PoSetPowerState
+    - IoCreateSymbolicLink
+    - IoDeleteSymbolicLink
+    - ZwQueryValueKey
+    - ExAllocatePool
+    - memcpy
+    - ZwSetValueKey
+    - RtlAppendUnicodeToString
+    - ExFreePoolWithTag
+    - ZwClose
+    - ZwOpenKey
+    - IoIsWdmVersionAvailable
+    - swprintf
+    - atoi
+    - IoOpenDeviceRegistryKey
+    - IoDetachDevice
+    - IoDeleteDevice
+    - KeWaitForSingleObject
+    - IofCallDriver
+    - KeInitializeEvent
+    - ObfReferenceObject
+    - IoReleaseRemoveLockAndWaitEx
+    - IoReleaseRemoveLockEx
+    - IoAcquireRemoveLockEx
+    - RtlFreeUnicodeString
+    - ExFreePool
+    - memset
+    - IoFreeIrp
+    - ObfDereferenceObject
+    - IoAllocateIrp
+    - IoGetAttachedDeviceReference
+    - InterlockedDecrement
+    - IoBuildSynchronousFsdRequest
+    - PoCallDriver
+    - PoStartNextPowerIrp
+    - PoRequestPowerIrp
+    - ExQueueWorkItem
+    - IoWMIRegistrationControl
+    - KeTickCount
+    - KeBugCheckEx
+    - IofCompleteRequest
+    - KfAcquireSpinLock
+    - KfReleaseSpinLock
+    - KeGetCurrentIrql
+    - WRITE_PORT_ULONG
+    - READ_PORT_ULONG
+    - READ_PORT_UCHAR
+    - WRITE_PORT_UCHAR
+    - WmiCompleteRequest
+    - WmiSystemControl
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 Extended Validation Code Signing CA , G2
+            ValidFrom: '2014-03-04 00:00:00'
+            ValidTo: '2024-03-03 23:59:59'
+            Signature: 3f5b19f3fa13d575382a5aee9f5aa04ca91dc5cc94eede15fef5106ea41ba56483541858c40b28a185c34e74e5ff897cfed5ed3cba719f5602268f162a88feb0a32722ce4be2388e00a63a865f9de53ea8de644941744121fd07c88417da1d653082cb264f39d60427a481b14b49c3238b7e02321827b7ab0bf31872b6a4ee67066f38a6588de0f17e5da460c6a8e5505fe0e8bae28f9958b6b5a0a876f1a2f11c8841727e52979b0a36998d50f701eb3ce7f0226ae5358c63368a1ab1d967665f971aefa8209df02fba6cced9948500f158f17dc97c22b5075d02c6e60bbfab9393ff27188e33367e5734f1c3af04c184f156b3e8878336f8d30a31dc6e2c6d
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 191a32cb759c97b8cfac118dd5127f49
+            Version: 3
+            TBS:
+                MD5: 788b61bd26da89253179e3de2cdb527f
+                SHA1: 7d06f16e7bf21bce4f71c2cb7a3e74351451bf69
+                SHA256: b3c925b4048c3f7c444d248a2b101186b57cba39596eb5dce0e17a4ee4b32f19
+                SHA384: 2955e28cb7ec0ea9730b499a0f189f9621eceb02591a9486b583f12bb845885a30d6a871826318a167cc5f06b274e58c
+        -   Subject: ??=TW, ??=Private Organization, serialNumber=80333472, C=TW,
+                ST=Hsinchu, L=Chupei City, O=Feature Integration Technology Inc, CN=Feature
+                Integration Technology Inc
+            ValidFrom: '2015-05-14 00:00:00'
+            ValidTo: '2017-05-13 23:59:59'
+            Signature: 297893e8612cdccf2bc5ff2cb810dc2a868aa1675d1598bb6a27f22010570e39e89167285c8dbba0abfeaa41a4329e1f21e62ef9a15bc94954e259e0292d9315670097fe51d0778cb97dbb990e7bcb9cfd894bf7e4289e8ec8f3fe1882d2cd1a8261a494537202c3c53e82cc96c3eddc00e2e611c21a9ad7564c13c72eef27d3b479b031a64d8afc84a3bdb76d85fa40f6bdf3f307733bcfee0e9d23e423a97162317cdff0f47e1a083c3d145ad574c54ef4e701d7e868da22b2e16149dc53a9451ce9cd46dc5e0a7b036d04fd73f601406b722fde98fe4f2acfadc670feb885f7e57d0d9e376cd967deb3998b966a57f79f5c49a68920c52ed74368379c1ad2
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 1b0403aaa7d4b40ea3c691a11217f378
+            Version: 3
+            TBS:
+                MD5: b0d42f7686780a7cbd4e531dd96d18fb
+                SHA1: e0d0c6dd0804554232caee87297decab44169257
+                SHA256: 804da934d7c2508775d1c74452b0305f76af5bc4139ca251af3ce55b4be41651
+                SHA384: e761d349002b37019e26ae9dbae64e1c055fe833e57984491987ec0b1e64dc79abaf150cbf1db76a41c192b1c98f46e4
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        Signer:
+        -   SerialNumber: 1b0403aaa7d4b40ea3c691a11217f378
+            Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 Extended Validation Code Signing CA , G2
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: Fintek Corp.
+    Date: ''
+    Description: Fintek Pcie2Uart Adapter
+    FileVersion: 1, 0, 0, 0
+    Filename: ''
+    MD5: ecccbf1e7c727f923c9d709707800e6c
+    MachineType: AMD64
+    OriginalFilename: FPCIE2COM.sys
+    Product: Fintek Corp. Fintek Pcie2Uart
+    ProductVersion: 1, 0, 0, 0
+    Publisher: ''
+    SHA1: cfcecf6207d16aeb0af29aac8a4a2f104483018e
+    SHA256: 32bd0edb9daa60175b1dc054f30e28e8dbfa293a32e6c86bfd06bc046eaa2f9e
+    Signature: ''
+    Imphash: 8d616e68080def2200312de80392efa7
+    Authentihash:
+        MD5: f31b7135682f2657dbe7dfffd065ff53
+        SHA1: bcb3a8484cf837a1874c5eca94d05fa4c295d9ee
+        SHA256: 4ea2a3a6edb3c772f9d358a720f9106260ef22d339bd3c7895e7b5cda03e424d
+    RichPEHeaderHash:
+        MD5: 0131d804ea86a1a0f91c701b4b77854f
+        SHA1: fa3de710100580bd027b4778c2788eb34b078ac5
+        SHA256: 584d6891aaca937da93db4d3125bbb436fbfc5364afae8e399711736429183ce
+    Sections:
+        .text:
+            Entropy: 6.079455671694147
+            Virtual Size: '0x4621'
+        .rdata:
+            Entropy: 4.707304057250705
+            Virtual Size: '0x4c4'
+        .data:
+            Entropy: 1.9479545968141223
+            Virtual Size: '0x464'
+        .pdata:
+            Entropy: 4.154780308135963
+            Virtual Size: '0x2e8'
+        PAGE:
+            Entropy: 5.997687300254138
+            Virtual Size: '0x1ca8'
+        INIT:
+            Entropy: 4.925204557389073
+            Virtual Size: '0x6a2'
+        .rsrc:
+            Entropy: 5.796000589033034
+            Virtual Size: '0x808'
+        .reloc:
+            Entropy: 3.4303212434984744
+            Virtual Size: '0xd6'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2015-12-10 18:49:25'
+    InternalName: ''
+    Copyright: Copyright @ Fintek Corp. 2002-2013
+    Imports:
+    - ntoskrnl.exe
+    - WMILIB.SYS
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoDeleteDevice
+    - KeSetEvent
+    - swprintf
+    - RtlAppendUnicodeToString
+    - KeInitializeEvent
+    - atoi
+    - ZwSetValueKey
+    - KeReleaseSpinLock
+    - IoDetachDevice
+    - MmUnmapIoSpace
+    - PoSetPowerState
+    - RtlFreeUnicodeString
+    - ZwQueryValueKey
+    - ExAllocatePool
+    - ExFreePool
+    - MmMapIoSpace
+    - ZwClose
+    - IofCompleteRequest
+    - KeWaitForSingleObject
+    - IoAttachDeviceToDeviceStack
+    - IoIsWdmVersionAvailable
+    - IoCreateSymbolicLink
+    - RtlInitUnicodeString
+    - IoInitializeRemoveLockEx
+    - IoOpenDeviceRegistryKey
+    - IoCreateDevice
+    - IofCallDriver
+    - ZwOpenKey
+    - KeAcquireSpinLockRaiseToDpc
+    - IoAcquireRemoveLockEx
+    - IoReleaseRemoveLockEx
+    - IoReleaseRemoveLockAndWaitEx
+    - ObfReferenceObject
+    - _snwprintf
+    - IoBuildSynchronousFsdRequest
+    - IoFreeIrp
+    - IoGetAttachedDeviceReference
+    - IoAllocateIrp
+    - ObfDereferenceObject
+    - ExQueueWorkItem
+    - PoRequestPowerIrp
+    - PoStartNextPowerIrp
+    - PoCallDriver
+    - IoWMIRegistrationControl
+    - KeBugCheckEx
+    - ExFreePoolWithTag
+    - IoDeleteSymbolicLink
+    - RtlCopyUnicodeString
+    - ExAllocatePoolWithTag
+    - WmiSystemControl
+    - WmiCompleteRequest
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 Extended Validation Code Signing CA , G2
+            ValidFrom: '2014-03-04 00:00:00'
+            ValidTo: '2024-03-03 23:59:59'
+            Signature: 3f5b19f3fa13d575382a5aee9f5aa04ca91dc5cc94eede15fef5106ea41ba56483541858c40b28a185c34e74e5ff897cfed5ed3cba719f5602268f162a88feb0a32722ce4be2388e00a63a865f9de53ea8de644941744121fd07c88417da1d653082cb264f39d60427a481b14b49c3238b7e02321827b7ab0bf31872b6a4ee67066f38a6588de0f17e5da460c6a8e5505fe0e8bae28f9958b6b5a0a876f1a2f11c8841727e52979b0a36998d50f701eb3ce7f0226ae5358c63368a1ab1d967665f971aefa8209df02fba6cced9948500f158f17dc97c22b5075d02c6e60bbfab9393ff27188e33367e5734f1c3af04c184f156b3e8878336f8d30a31dc6e2c6d
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 191a32cb759c97b8cfac118dd5127f49
+            Version: 3
+            TBS:
+                MD5: 788b61bd26da89253179e3de2cdb527f
+                SHA1: 7d06f16e7bf21bce4f71c2cb7a3e74351451bf69
+                SHA256: b3c925b4048c3f7c444d248a2b101186b57cba39596eb5dce0e17a4ee4b32f19
+                SHA384: 2955e28cb7ec0ea9730b499a0f189f9621eceb02591a9486b583f12bb845885a30d6a871826318a167cc5f06b274e58c
+        -   Subject: ??=TW, ??=Private Organization, serialNumber=80333472, C=TW,
+                ST=Hsinchu, L=Chupei City, O=Feature Integration Technology Inc, CN=Feature
+                Integration Technology Inc
+            ValidFrom: '2015-05-14 00:00:00'
+            ValidTo: '2017-05-13 23:59:59'
+            Signature: 297893e8612cdccf2bc5ff2cb810dc2a868aa1675d1598bb6a27f22010570e39e89167285c8dbba0abfeaa41a4329e1f21e62ef9a15bc94954e259e0292d9315670097fe51d0778cb97dbb990e7bcb9cfd894bf7e4289e8ec8f3fe1882d2cd1a8261a494537202c3c53e82cc96c3eddc00e2e611c21a9ad7564c13c72eef27d3b479b031a64d8afc84a3bdb76d85fa40f6bdf3f307733bcfee0e9d23e423a97162317cdff0f47e1a083c3d145ad574c54ef4e701d7e868da22b2e16149dc53a9451ce9cd46dc5e0a7b036d04fd73f601406b722fde98fe4f2acfadc670feb885f7e57d0d9e376cd967deb3998b966a57f79f5c49a68920c52ed74368379c1ad2
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 1b0403aaa7d4b40ea3c691a11217f378
+            Version: 3
+            TBS:
+                MD5: b0d42f7686780a7cbd4e531dd96d18fb
+                SHA1: e0d0c6dd0804554232caee87297decab44169257
+                SHA256: 804da934d7c2508775d1c74452b0305f76af5bc4139ca251af3ce55b4be41651
+                SHA384: e761d349002b37019e26ae9dbae64e1c055fe833e57984491987ec0b1e64dc79abaf150cbf1db76a41c192b1c98f46e4
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        Signer:
+        -   SerialNumber: 1b0403aaa7d4b40ea3c691a11217f378
+            Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 Extended Validation Code Signing CA , G2
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: Feature Integration Technology Inc.
+    Date: ''
+    Description: FINTEK PCIECOM Adapter
+    FileVersion: 22,12,5,0
+    Filename: ''
+    MD5: cafbf85b902f189ba35f3d7823aad195
+    MachineType: I386
+    OriginalFilename: FPCIE2COM.sys
+    Product: 'FINTEK PCIECOM '
+    ProductVersion: 22,12,5,0
+    Publisher: ''
+    SHA1: f70eb454c0e9ea67a18c625faf7a666665801035
+    SHA256: 81fbc9d02ef9e05602ea9c0804d423043d0ea5a06393c7ece3be03459f76a41d
+    Signature: ''
+    Imphash: 799c9c020c6fcfd11a4172bc861f74af
+    Authentihash:
+        MD5: 6c193ad2e2b576f5c410cc4cf75475c0
+        SHA1: 772d1324df82b2fcf33a86d96d1267854695c962
+        SHA256: 1970400679c3ae7000f1ba3e0f12c2d5443df7fbb8947cabe45c7ae977806efb
+    RichPEHeaderHash:
+        MD5: 4d2a279f87a57838bb49ad62fe981940
+        SHA1: a744f529856b0ea75953f2f6228b94cf46d9f0d9
+        SHA256: e603397d41c6d4244e3f05ab451c41f8cdb8e8bf891874d7ac9a52a60be8c25d
+    Sections:
+        .text:
+            Entropy: 6.204197473497571
+            Virtual Size: '0x3ecb'
+        .rdata:
+            Entropy: 4.364891658422532
+            Virtual Size: '0x508'
+        .data:
+            Entropy: 2.74269782750115
+            Virtual Size: '0x1ec'
+        PAGE:
+            Entropy: 6.1616664882521865
+            Virtual Size: '0x266c'
+        INIT:
+            Entropy: 5.520089305549897
+            Virtual Size: '0x6ee'
+        .rsrc:
+            Entropy: 5.949694402837037
+            Virtual Size: '0x790'
+        .reloc:
+            Entropy: 6.3808996505064695
+            Virtual Size: '0x420'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2022-12-05 01:30:27'
+    InternalName: ''
+    Copyright: Copyright (C) 2022 Feature Integration Technology Inc.
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    - WMILIB.SYS
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - ExFreePoolWithTag
+    - MmMapIoSpace
+    - MmUnmapIoSpace
+    - IoAttachDeviceToDeviceStack
+    - IofCallDriver
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoIsWdmVersionAvailable
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - IoDetachDevice
+    - IoInitializeRemoveLockEx
+    - IoOpenDeviceRegistryKey
+    - PoSetPowerState
+    - ZwClose
+    - ZwCreateKey
+    - ZwOpenKey
+    - ZwQueryValueKey
+    - ZwSetValueKey
+    - swprintf
+    - ExFreePool
+    - atoi
+    - memcpy
+    - IoAcquireRemoveLockEx
+    - IoReleaseRemoveLockEx
+    - IoReleaseRemoveLockAndWaitEx
+    - IoGetDeviceProperty
+    - ObfReferenceObject
+    - ZwCreateFile
+    - ZwReadFile
+    - memset
+    - KeDelayExecutionThread
+    - IoAllocateIrp
+    - IoBuildSynchronousFsdRequest
+    - IoFreeIrp
+    - IoGetAttachedDeviceReference
+    - ObfDereferenceObject
+    - _allmul
+    - ExQueueWorkItem
+    - PoRequestPowerIrp
+    - PoCallDriver
+    - PoStartNextPowerIrp
+    - IoWMIRegistrationControl
+    - ExAllocatePoolWithTag
+    - ExAllocatePool
+    - KeWaitForSingleObject
+    - KeSetEvent
+    - KeInitializeEvent
+    - WRITE_REGISTER_BUFFER_UCHAR
+    - READ_REGISTER_BUFFER_ULONG
+    - RtlFreeUnicodeString
+    - RtlAppendUnicodeToString
+    - RtlCopyUnicodeString
+    - _snwprintf
+    - RtlInitUnicodeString
+    - KfAcquireSpinLock
+    - READ_PORT_ULONG
+    - KeStallExecutionProcessor
+    - KeGetCurrentIrql
+    - KfReleaseSpinLock
+    - READ_PORT_UCHAR
+    - WRITE_PORT_ULONG
+    - WRITE_PORT_UCHAR
+    - WmiCompleteRequest
+    - WmiSystemControl
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: ??=TW, ??=Private Organization, serialNumber=80333472, C=TW,
+                L=Zhubei City, O=Feature Integration Technology Inc., CN=Feature Integration
+                Technology Inc.
+            ValidFrom: '2020-05-18 00:00:00'
+            ValidTo: '2023-07-07 12:00:00'
+            Signature: 99ee78ec6e1fe71d32ee9a363441763f18bd1d43f94602e40e5fcd88db4081320c546941635210dd77ab1cc463e78155fbf6e46e18c9e835830a711d4deda38cf42a149d011bbbc065cf48bf511d759bfddd6424c3305706b688448f3cbc94ed432b92d6f0af70c9d8cbb9c3805fef1e409b3994bf7d11b9e0d2890fb8b9aa10e58a7cf5777851122293f5f4514797ba2d4416fe058ece0a42d2eadf871a57406e89990f237beb06a99989320b8898992ae21b50c8c71d535013636e66a22268613c32d8ca64fcf610f4e35f59b5e5935243f6eaf1503b38bc54194b244828a55ad3b5d23fc0912c568e81d166b5fee1e8823614c2fc14ae080da6ae347b33bb
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 03829816b04a1318528ff1c4cc820cbe
+            Version: 3
+            TBS:
+                MD5: 52811f961a802901aa7ba924b71f9ca8
+                SHA1: 36cfa3cd654e77c4c2dff091b4761a49bc852087
+                SHA256: 857e282813a570fead4ebce75d19f74ef2437ddc73253e9361a99cdb78b8d06a
+                SHA384: af17ec816c8fed617099707c53f28891cd0cd1794f070261d5bf76fcc32c61f82a4a4bc69cab170829f082712e035d21
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA (SHA2)
+            ValidFrom: '2012-04-18 12:00:00'
+            ValidTo: '2027-04-18 12:00:00'
+            Signature: 19334a0c813337dbad36c9e4c93abbb51b2e7aa2e2f44342179ebf4ea14de1b1dbe981dd9f01f2e488d5e9fe09fd21c1ec5d80d2f0d6c143c2fe772bdbf9d79133ce6cd5b2193be62ed6c9934f88408ecde1f57ef10fc6595672e8eb6a41bd1cd546d57c49ca663815c1bfe091707787dcc98d31c90c29a233ed8de287cd898d3f1bffd5e01a978b7cda6dfba8c6b23a666b7b01b3cdd8a634ec1201ab9558a5c45357a860e6e70212a0b92364a24dbb7c81256421becfee42184397bba53706af4dff26a54d614bec4641b865ceb8799e08960b818c8a3b8fc7998ca32a6e986d5e61c696b78ab9612d93b8eb0e0443d7f5fea6f062d4996aa5c1c1f0649480
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 03f1b4e15f3a82f1149678b3d7d8475c
+            Version: 3
+            TBS:
+                MD5: 83f5de89f641d0fbf60248e10a7b9534
+                SHA1: 382a73a059a08698d6eb98c87e1b36fc750933a4
+                SHA256: eec58131dc11cd7f512501b15fdbc6074c603b68ca91f7162d5a042054edb0cf
+                SHA384: 4a25018683cabfb8ec2cad136334f37f33c89aa8540326322991d997c8adfb7faf06ab602ebd46630fe75fe3d2edc6b1
+        Signer:
+        -   SerialNumber: 03829816b04a1318528ff1c4cc820cbe
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA (SHA2)
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: Fintek Corp.
+    Date: ''
+    Description: Fintek Pcie2Uart Adapter
+    FileVersion: 1, 0, 0, 0
+    Filename: ''
+    MD5: 9fdcd543574a712a80d62da8bfd8331c
+    MachineType: I386
+    OriginalFilename: FPCIE2COM.sys
+    Product: Fintek Corp. Fintek Pcie2Uart
+    ProductVersion: 1, 0, 0, 0
+    Publisher: ''
+    SHA1: a0c7c913d7b5724a46581b6e00dd72c26c37794d
+    SHA256: b1920889466cd5054e3ab6433a618e76c6671c3e806af8b3084c77c0e7648cbe
+    Signature: ''
+    Imphash: ecf8495ba751a7e38d6be4c5c80f2bef
+    Authentihash:
+        MD5: fb1ece9e1203b6e2edd8a86e6c26f912
+        SHA1: b86c9e4c3d4f1e6be76f0a35351416854dd3f180
+        SHA256: 3f36bc2327a34da59c59e3fd4cb920a26f2db1c6a5f8eb17b00dc6e2a4ff71dc
+    RichPEHeaderHash:
+        MD5: 01a6cd8ec98b1707ae77683d666fc4eb
+        SHA1: 487f1824788f902cf5cf0bca4df1ecdfca9d582a
+        SHA256: b9ae362e9dd61922ababdaadcd28fad80b4a2056db587765b288e4540481aad4
+    Sections:
+        .text:
+            Entropy: 6.194411471241169
+            Virtual Size: '0x388d'
+        .rdata:
+            Entropy: 4.9515326941403
+            Virtual Size: '0x1c9'
+        .data:
+            Entropy: 3.2192145041934057
+            Virtual Size: '0x238'
+        PAGE:
+            Entropy: 6.082627566879683
+            Virtual Size: '0x174c'
+        INIT:
+            Entropy: 5.4251827355770565
+            Virtual Size: '0x6ce'
+        .rsrc:
+            Entropy: 5.793269376326418
+            Virtual Size: '0x808'
+        .reloc:
+            Entropy: 5.998696043406143
+            Virtual Size: '0x3fc'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2015-12-10 18:49:12'
+    InternalName: ''
+    Copyright: Copyright @ Fintek Corp. 2002-2013
+    Imports:
+    - ntoskrnl.exe
+    - HAL.DLL
+    - WMILIB.SYS
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - RtlInitUnicodeString
+    - _snwprintf
+    - InterlockedIncrement
+    - MmUnmapIoSpace
+    - WRITE_REGISTER_BUFFER_UCHAR
+    - MmMapIoSpace
+    - READ_REGISTER_BUFFER_ULONG
+    - IoCreateDevice
+    - IoInitializeRemoveLockEx
+    - KeSetEvent
+    - ExAllocatePoolWithTag
+    - RtlCopyUnicodeString
+    - ExFreePool
+    - ZwQueryValueKey
+    - ExAllocatePool
+    - memcpy
+    - ZwSetValueKey
+    - RtlAppendUnicodeToString
+    - ExFreePoolWithTag
+    - ZwClose
+    - ZwOpenKey
+    - IoAttachDeviceToDeviceStack
+    - swprintf
+    - atoi
+    - IoOpenDeviceRegistryKey
+    - PoSetPowerState
+    - IoCreateSymbolicLink
+    - KeWaitForSingleObject
+    - IofCallDriver
+    - KeInitializeEvent
+    - ObfReferenceObject
+    - IoReleaseRemoveLockAndWaitEx
+    - IoReleaseRemoveLockEx
+    - IoAcquireRemoveLockEx
+    - IoDeleteSymbolicLink
+    - IoDetachDevice
+    - memset
+    - IoFreeIrp
+    - ObfDereferenceObject
+    - IoAllocateIrp
+    - IoGetAttachedDeviceReference
+    - InterlockedDecrement
+    - IoBuildSynchronousFsdRequest
+    - PoCallDriver
+    - PoStartNextPowerIrp
+    - PoRequestPowerIrp
+    - ExQueueWorkItem
+    - IoWMIRegistrationControl
+    - KeTickCount
+    - KeBugCheckEx
+    - IoDeleteDevice
+    - RtlFreeUnicodeString
+    - IoIsWdmVersionAvailable
+    - IofCompleteRequest
+    - KfReleaseSpinLock
+    - READ_PORT_UCHAR
+    - KeGetCurrentIrql
+    - KfAcquireSpinLock
+    - WRITE_PORT_UCHAR
+    - READ_PORT_ULONG
+    - WRITE_PORT_ULONG
+    - WmiSystemControl
+    - WmiCompleteRequest
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 Extended Validation Code Signing CA , G2
+            ValidFrom: '2014-03-04 00:00:00'
+            ValidTo: '2024-03-03 23:59:59'
+            Signature: 3f5b19f3fa13d575382a5aee9f5aa04ca91dc5cc94eede15fef5106ea41ba56483541858c40b28a185c34e74e5ff897cfed5ed3cba719f5602268f162a88feb0a32722ce4be2388e00a63a865f9de53ea8de644941744121fd07c88417da1d653082cb264f39d60427a481b14b49c3238b7e02321827b7ab0bf31872b6a4ee67066f38a6588de0f17e5da460c6a8e5505fe0e8bae28f9958b6b5a0a876f1a2f11c8841727e52979b0a36998d50f701eb3ce7f0226ae5358c63368a1ab1d967665f971aefa8209df02fba6cced9948500f158f17dc97c22b5075d02c6e60bbfab9393ff27188e33367e5734f1c3af04c184f156b3e8878336f8d30a31dc6e2c6d
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 191a32cb759c97b8cfac118dd5127f49
+            Version: 3
+            TBS:
+                MD5: 788b61bd26da89253179e3de2cdb527f
+                SHA1: 7d06f16e7bf21bce4f71c2cb7a3e74351451bf69
+                SHA256: b3c925b4048c3f7c444d248a2b101186b57cba39596eb5dce0e17a4ee4b32f19
+                SHA384: 2955e28cb7ec0ea9730b499a0f189f9621eceb02591a9486b583f12bb845885a30d6a871826318a167cc5f06b274e58c
+        -   Subject: ??=TW, ??=Private Organization, serialNumber=80333472, C=TW,
+                ST=Hsinchu, L=Chupei City, O=Feature Integration Technology Inc, CN=Feature
+                Integration Technology Inc
+            ValidFrom: '2015-05-14 00:00:00'
+            ValidTo: '2017-05-13 23:59:59'
+            Signature: 297893e8612cdccf2bc5ff2cb810dc2a868aa1675d1598bb6a27f22010570e39e89167285c8dbba0abfeaa41a4329e1f21e62ef9a15bc94954e259e0292d9315670097fe51d0778cb97dbb990e7bcb9cfd894bf7e4289e8ec8f3fe1882d2cd1a8261a494537202c3c53e82cc96c3eddc00e2e611c21a9ad7564c13c72eef27d3b479b031a64d8afc84a3bdb76d85fa40f6bdf3f307733bcfee0e9d23e423a97162317cdff0f47e1a083c3d145ad574c54ef4e701d7e868da22b2e16149dc53a9451ce9cd46dc5e0a7b036d04fd73f601406b722fde98fe4f2acfadc670feb885f7e57d0d9e376cd967deb3998b966a57f79f5c49a68920c52ed74368379c1ad2
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 1b0403aaa7d4b40ea3c691a11217f378
+            Version: 3
+            TBS:
+                MD5: b0d42f7686780a7cbd4e531dd96d18fb
+                SHA1: e0d0c6dd0804554232caee87297decab44169257
+                SHA256: 804da934d7c2508775d1c74452b0305f76af5bc4139ca251af3ce55b4be41651
+                SHA384: e761d349002b37019e26ae9dbae64e1c055fe833e57984491987ec0b1e64dc79abaf150cbf1db76a41c192b1c98f46e4
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        Signer:
+        -   SerialNumber: 1b0403aaa7d4b40ea3c691a11217f378
+            Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 Extended Validation Code Signing CA , G2
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: Feature Integration Technology Inc.
+    Date: ''
+    Description: FINTEK PCIECOM Adapter
+    FileVersion: 22,12,5,0
+    Filename: ''
+    MD5: 05369fa594a033e48b7921018b3263fb
+    MachineType: AMD64
+    OriginalFilename: FPCIE2COM.sys
+    Product: 'FINTEK PCIECOM '
+    ProductVersion: 22,12,5,0
+    Publisher: ''
+    SHA1: 340ce5d8859f923222bea5917f40c4259cce1bbc
+    SHA256: ebf0e56a1941e3a6583aab4a735f1b04d4750228c18666925945ed9d7c9007e1
+    Signature: ''
+    Imphash: c91146dfe120f6e8fbed2150d9e020ca
+    Authentihash:
+        MD5: 34d9b3d02be97274e320bc946b0084cb
+        SHA1: 833a2dd7ac07ea34332173a2ca402d062af3a7b1
+        SHA256: 52478f3ddd3d0b9eb098e66049d132cc5c7e05720bfc78b6550ce5a40306d993
+    RichPEHeaderHash:
+        MD5: c8768793371ae4f9181875f108ee5fa2
+        SHA1: ebb852ab695113b1d914e8378b34e3a80a43f2c4
+        SHA256: 99ba56cb0b2be4c616466a63268242d16f30843d141becd8f0880b6865f14dab
+    Sections:
+        .text:
+            Entropy: 6.189965072283548
+            Virtual Size: '0x4cc1'
+        .rdata:
+            Entropy: 4.48017109840031
+            Virtual Size: '0xa28'
+        .data:
+            Entropy: 2.3499275679722134
+            Virtual Size: '0x330'
+        .pdata:
+            Entropy: 4.041740299789936
+            Virtual Size: '0x2c4'
+        PAGE:
+            Entropy: 6.1847773888411215
+            Virtual Size: '0x2c28'
+        INIT:
+            Entropy: 5.118835844237064
+            Virtual Size: '0x74e'
+        .rsrc:
+            Entropy: 5.949569622403056
+            Virtual Size: '0x790'
+        .reloc:
+            Entropy: 4.431474633150634
+            Virtual Size: '0xa4'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2022-12-05 01:30:48'
+    InternalName: ''
+    Copyright: Copyright (C) 2022 Feature Integration Technology Inc.
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    - WMILIB.SYS
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - KeSetEvent
+    - KeWaitForSingleObject
+    - KeAcquireSpinLockRaiseToDpc
+    - KeReleaseSpinLock
+    - ExAllocatePool
+    - ExAllocatePoolWithTag
+    - ExFreePool
+    - ExFreePoolWithTag
+    - MmMapIoSpace
+    - MmUnmapIoSpace
+    - IoAttachDeviceToDeviceStack
+    - IofCallDriver
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoIsWdmVersionAvailable
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - IoDetachDevice
+    - IoInitializeRemoveLockEx
+    - IoOpenDeviceRegistryKey
+    - PoSetPowerState
+    - ZwClose
+    - ZwCreateKey
+    - KeInitializeEvent
+    - ZwQueryValueKey
+    - ZwSetValueKey
+    - swprintf
+    - _snwprintf
+    - atoi
+    - KeGetCurrentIrql
+    - IoAcquireRemoveLockEx
+    - IoReleaseRemoveLockEx
+    - IoReleaseRemoveLockAndWaitEx
+    - IoGetDeviceProperty
+    - ObfReferenceObject
+    - ZwCreateFile
+    - ZwReadFile
+    - KeDelayExecutionThread
+    - IoAllocateIrp
+    - IoBuildSynchronousFsdRequest
+    - IoFreeIrp
+    - IoGetAttachedDeviceReference
+    - ObfDereferenceObject
+    - ExQueueWorkItem
+    - PoRequestPowerIrp
+    - PoCallDriver
+    - PoStartNextPowerIrp
+    - IoWMIRegistrationControl
+    - RtlFreeUnicodeString
+    - RtlAppendUnicodeToString
+    - RtlCopyUnicodeString
+    - ZwOpenKey
+    - RtlInitUnicodeString
+    - KeStallExecutionProcessor
+    - WmiSystemControl
+    - WmiCompleteRequest
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: ??=TW, ??=Private Organization, serialNumber=80333472, C=TW,
+                L=Zhubei City, O=Feature Integration Technology Inc., CN=Feature Integration
+                Technology Inc.
+            ValidFrom: '2020-05-18 00:00:00'
+            ValidTo: '2023-07-07 12:00:00'
+            Signature: 99ee78ec6e1fe71d32ee9a363441763f18bd1d43f94602e40e5fcd88db4081320c546941635210dd77ab1cc463e78155fbf6e46e18c9e835830a711d4deda38cf42a149d011bbbc065cf48bf511d759bfddd6424c3305706b688448f3cbc94ed432b92d6f0af70c9d8cbb9c3805fef1e409b3994bf7d11b9e0d2890fb8b9aa10e58a7cf5777851122293f5f4514797ba2d4416fe058ece0a42d2eadf871a57406e89990f237beb06a99989320b8898992ae21b50c8c71d535013636e66a22268613c32d8ca64fcf610f4e35f59b5e5935243f6eaf1503b38bc54194b244828a55ad3b5d23fc0912c568e81d166b5fee1e8823614c2fc14ae080da6ae347b33bb
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 03829816b04a1318528ff1c4cc820cbe
+            Version: 3
+            TBS:
+                MD5: 52811f961a802901aa7ba924b71f9ca8
+                SHA1: 36cfa3cd654e77c4c2dff091b4761a49bc852087
+                SHA256: 857e282813a570fead4ebce75d19f74ef2437ddc73253e9361a99cdb78b8d06a
+                SHA384: af17ec816c8fed617099707c53f28891cd0cd1794f070261d5bf76fcc32c61f82a4a4bc69cab170829f082712e035d21
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA (SHA2)
+            ValidFrom: '2012-04-18 12:00:00'
+            ValidTo: '2027-04-18 12:00:00'
+            Signature: 19334a0c813337dbad36c9e4c93abbb51b2e7aa2e2f44342179ebf4ea14de1b1dbe981dd9f01f2e488d5e9fe09fd21c1ec5d80d2f0d6c143c2fe772bdbf9d79133ce6cd5b2193be62ed6c9934f88408ecde1f57ef10fc6595672e8eb6a41bd1cd546d57c49ca663815c1bfe091707787dcc98d31c90c29a233ed8de287cd898d3f1bffd5e01a978b7cda6dfba8c6b23a666b7b01b3cdd8a634ec1201ab9558a5c45357a860e6e70212a0b92364a24dbb7c81256421becfee42184397bba53706af4dff26a54d614bec4641b865ceb8799e08960b818c8a3b8fc7998ca32a6e986d5e61c696b78ab9612d93b8eb0e0443d7f5fea6f062d4996aa5c1c1f0649480
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 03f1b4e15f3a82f1149678b3d7d8475c
+            Version: 3
+            TBS:
+                MD5: 83f5de89f641d0fbf60248e10a7b9534
+                SHA1: 382a73a059a08698d6eb98c87e1b36fc750933a4
+                SHA256: eec58131dc11cd7f512501b15fdbc6074c603b68ca91f7162d5a042054edb0cf
+                SHA384: 4a25018683cabfb8ec2cad136334f37f33c89aa8540326322991d997c8adfb7faf06ab602ebd46630fe75fe3d2edc6b1
+        Signer:
+        -   SerialNumber: 03829816b04a1318528ff1c4cc820cbe
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA (SHA2)
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/96c8fe71-3acc-41bc-9402-ebd69a961d74.yaml b/yaml/96c8fe71-3acc-41bc-9402-ebd69a961d74.yaml
index 430092370..ea6f69076 100644
--- a/yaml/96c8fe71-3acc-41bc-9402-ebd69a961d74.yaml
+++ b/yaml/96c8fe71-3acc-41bc-9402-ebd69a961d74.yaml
@@ -1,177 +1,178 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 96c8fe71-3acc-41bc-9402-ebd69a961d74
+Tags:
+- phydmaccx64.sys
+Verified: 'TRUE'
 Author: Michael Haag
+Created: '2023-07-22'
+MitreID: T1068
 CVE:
 - ''
 Category: vulnerable drivers
 Commands:
-  Command: ''
-  Description: Confirmed vulnerable driver from Microsoft Block List
-  OperatingSystem: Windows
-  Privileges: kernel
-  Usecase: Elevate privileges
-Created: '2023-07-22'
-Detection:
-- type: ''
-  value: ''
-Id: 96c8fe71-3acc-41bc-9402-ebd69a961d74
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 3b4459e6c42722801310a634fefe6f24
-    SHA1: 200abd07303234fc114360d9dabc38da1f1f2a22
-    SHA256: 743302af4224d5f44489290c01391c03b928126d726b72e7602fe5760e6d9519
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2010-02-03 21:52:49'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - IoDeleteDevice
-  - IoCreateDevice
-  - KeBugCheckEx
-  - RtlInitUnicodeString
-  - IoCreateSymbolicLink
-  - IoDeleteSymbolicLink
-  - __C_specific_handler
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: 4c2a43fb610d0f51a9531ebe8420c20a
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: fd3ff6f19d8f48f4ebb41ec41760ff6b
-    SHA1: 171275b21878d14f213c4526ffac615b6803155c
-    SHA256: 085baff27391704e8c8747b9328b8bf76dc63310daedd45cf5421fb0a775791d
-  SHA1: 177b541412a45646177b2352fa2d9e89e0eefe5a
-  SHA256: f7b3112b9745b766c8359d25e315975d3159935a8ddb3e3035d21ed124a9013f
-  Sections:
-    .text:
-      Entropy: 6.017378987027818
-      Virtual Size: '0x7a6'
-    .rdata:
-      Entropy: 4.321668109596258
-      Virtual Size: '0x1b0'
-    .data:
-      Entropy: 0.5096713223407059
-      Virtual Size: '0x114'
-    .pdata:
-      Entropy: 3.2521492196851236
-      Virtual Size: '0x78'
-    INIT:
-      Entropy: 5.031588684181026
-      Virtual Size: '0x242'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
-        Primary Object Publishing CA
-      ValidFrom: '1999-01-28 13:00:00'
-      ValidTo: '2017-01-27 12:00:00'
-      Signature: b578a6a27c04b77fc97f7d6abc71fa293060c2f4621efe7f431e9b6ee2b21f730b85765b7df54e49062fd4fab79140efed6f8d8e138354c52a023d0aa4dc990b7abd772fcc40c18ff3c48c4e72ba107ce6ff642bc7ce6ca7fcd79a7c8e468d01834d423bdb9c3f9f326157d717b0b33666f0b3fd446f8137b1944ea7562589f58ad66d116262795c42900218d39c23fc08e86445b92d7e805b4eafc38a299283781f914134af85c5fd07994e2c5cfec7fd17bb2525314d72b5b5294b489a376f13c7114e4a451e7e2f319cabe852afd6679734885f0e276a6652d15ac7ac302c2038dd2bff3aebce104582a27b1ba12073569b2a93e60451066c1bdc2f899493
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 040000000001239e0facb3
-      Version: 3
-      TBS:
-        MD5: 5ccf05e4dec10d9d6fe15d8778325272
-        SHA1: 79f0a648bd7f1184f86bff43ae47c9ecc3ed3cec
-        SHA256: 33ea31b892ba274a4aefe545de45c42c218b6dff78146655cdea892545c2cccc
-        SHA384: 1350ebc11fd20f5f141bc545786506e6a154be054da7a6e603cb276a6d60a24f2a4016ecc2f5cabd1088e1905f60aabf
-    - Subject: OU=Timestamping CA, O=GlobalSign, CN=GlobalSign Timestamping CA
-      ValidFrom: '2009-03-18 11:00:00'
-      ValidTo: '2028-01-28 12:00:00'
-      Signature: 5df6cb2b0d0140849f857a43706ae0c5e7aa0600d76713c9089131654f14a8a905dc389e6aa0300abd8dc78028ee4245ca94f3de5845a9803204f5595c6a70003927944df5b44634e81c5331b2b35416e9cc42abd5d959301cfb462725b88723b1e8758824831ec876377b01494548a4ede25dd27c9ca2dc2dba105a126265abae00c710343bcb72bd14240cdcc37627b4a7fee15829f20e169f91391d89a6e60f1c878ce258ac927e243eaaec14e73a33348bc63bac83ab0f14627aba1a2d4d4b1bc530f00b92797d3c78e0f8e6d215965999392b3061e8b8f8c0a1e9221411787dc4dc89bec0bb94e172aeebb540404fef171e585ed0a88996ac9228e9babf
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012019c19066
-      Version: 3
-      TBS:
-        MD5: 42023b9487cafe46c1b6a49c369a362e
-        SHA1: 7c7b524d269334b9f073c32e888e09544c6acd98
-        SHA256: b7126567833f3daa4085ff41e73112daad3d1e3808a942c1936520e2d6c46c78
-        SHA384: 0ee4f63d6f157ec4f6990c3ebb411ccd76cb1e2123c7f692459e43f96c0da2dbf60a2bce6afeacc60621d3055028baea
-    - Subject: C=BE, O=GlobalSign NV, CN=GlobalSign Time Stamping Authority
-      ValidFrom: '2009-12-21 09:32:56'
-      ValidTo: '2020-12-22 09:32:56'
-      Signature: bc89ecfee63655935c79d4117a86808f17b693b26d9b91a1561811c655eaf608edad9b9ef52b81c8bbdd607b1b47991e6d403e1d80c213d58e04052fdbe7ae529e688472a1e54a603cf89bd52f46d8c3b2b79353ac9b6c432424d1f1fce9562e3411581843eaefff34746ca0c06c7fad031969881e9560cabbbd0cbb76efc724b081c63831cf36ad0c38b89020849b2e8f28b99ff6ca9427cdac396157e0e3955a9c769230f5dea6973d721c2a6032a8334d8635338a5cf3a4fdf7062ce16b4b30f5cbd34362f841b9de7d20cb058c8e2cf65f35fd338d42896508362ca389f45a858bb0b97bdb6ccba1f8d20e1bbb977cd12779be9d7c3be6a75634d8c991a9
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 01000000000125b0b4cc01
-      Version: 3
-      TBS:
-        MD5: e3369c8e5aec0504b3a50455f615d9f9
-        SHA1: 13c244a894b40ecd18aaf97c362f20385bd005a7
-        SHA256: 26da721a670c72836926032fee6920118bfb9bff89cc8d0ce30d9452c33f2532
-        SHA384: 1524902f0e25addc6d74039d439366d2b06199e215004fd8e145369f50ea94a021ce6312e8a62b35470da0309ccb975c
-    - Subject: C=CN, O=Suzhou Ind. Park ShiSuanKeJi Co., Ltd., CN=Suzhou Ind. Park
-        ShiSuanKeJi Co., Ltd., emailAddress=support@winmount.com
-      ValidFrom: '2009-07-06 03:56:35'
-      ValidTo: '2010-07-06 03:56:35'
-      Signature: 85c9779e6b59736985b385e0e41542c8ad4d0549dde97d7fe57f28b7c94d9213ee3a5b930cda11d5ec31ad7af91301be188686cbea8509d053c737650684c16a46cd6ea0ee4ab8145b4a8b290a83abb754e43282f154a581c2c97d4ae4efc0f74e61197a74c6ff9edf4a73eda9f2bb8823db91718bdd114e195f07cdb5e2d20adb72e878920c26bad4a9cb400f0b5c2d1dbba924d0430a0bdb80a83d95961beff2c242a2f3da9838971caeb92395892174f7579bee52fb234887a3871c117751187c2fa334171aaf7a14e1dcd05aa8930e37f82c0aac6c514881f4ba1dc6c4aca3f2e59ef3a4de8744df815ee34333185aa3225675e20d60d7ae838f51937132
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 010000000001224e6689d6
-      Version: 3
-      TBS:
-        MD5: ca2389fcfbf20e5e06a93095a11e2969
-        SHA1: 560b2b09d374366d82385c34f5af32f90a36e4ff
-        SHA256: 8145484fe1f9827a0473717e15ff7ebe86c39d6e1659f294dacedf863c149ee0
-        SHA384: bd262827636c18b70299e8e96ccc2e61284352309d9c7da197ba51914c52adb3248d784f411fac6d884750f9d8f02a06
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      ValidFrom: '2004-01-22 10:00:00'
-      ValidTo: '2017-01-27 10:00:00'
-      Signature: 1e6af36df48ea922fe7008652ea15dab3330dd6c78fa4beaadc58dec107a6ac55897396b92f391e20ca7281cd15d768e8b077c136fadc43643b3c1bc3159cf1838d8a33bceffca6758bfe0f1ac613ea23b1ebc025b41ac446bf526f3ed5ea865f6ca65a63fcaf577eba5862a582956f8be161040e9d2fc572c636137662539202e0703a036032594bd7ceb7ed3a3c2c57616753092b9ff7641352168d10e5e5c8ec30360e68040fcc05da2546e6e9267a7811287a2a32bdbb74dffe4d5c7e505e6d5f1aefccd661821f33e47c9e59542612c9d2680b20fa83d0ec9a778df6e748c2c46f672e93c646b2855c44b6433cb78541338f0d57106d43e0d0a350ee0b3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 040000000001239e0faf24
-      Version: 3
-      TBS:
-        MD5: 7dd2351a85d3665eeb6720a21f4f7dee
-        SHA1: 77838c4d7f36958a581841d28f481d61ce0696ed
-        SHA256: 846725f4b0193468c1079d6127e9e6e420fc6ed66019ed02d732ba644decad57
-        SHA384: aaa45fe704bc66bb1842a2123c6e45e016dfbc7ba2ce07d7d2ee0b5d488a39c68bc6db582cb45d51f5fa52e60be8efd6
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 010000000001224e6689d6
-      Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      Version: 1
-  Imphash: d6f977640d4810a784d152e4d3c63a6b
-  LoadsDespiteHVCI: 'FALSE'
-MitreID: T1068
+    Command: ''
+    Description: Confirmed vulnerable driver from Microsoft Block List
+    OperatingSystem: Windows
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://gist.github.com/mgraeber-rc/1bde6a2a83237f17b463d051d32e802c
-Tags:
-- phydmaccx64.sys
-Verified: 'TRUE'
+Detection:
+-   type: ''
+    value: ''
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 3b4459e6c42722801310a634fefe6f24
+        SHA1: 200abd07303234fc114360d9dabc38da1f1f2a22
+        SHA256: 743302af4224d5f44489290c01391c03b928126d726b72e7602fe5760e6d9519
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2010-02-03 21:52:49'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - IoDeleteDevice
+    - IoCreateDevice
+    - KeBugCheckEx
+    - RtlInitUnicodeString
+    - IoCreateSymbolicLink
+    - IoDeleteSymbolicLink
+    - __C_specific_handler
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: 4c2a43fb610d0f51a9531ebe8420c20a
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: fd3ff6f19d8f48f4ebb41ec41760ff6b
+        SHA1: 171275b21878d14f213c4526ffac615b6803155c
+        SHA256: 085baff27391704e8c8747b9328b8bf76dc63310daedd45cf5421fb0a775791d
+    SHA1: 177b541412a45646177b2352fa2d9e89e0eefe5a
+    SHA256: f7b3112b9745b766c8359d25e315975d3159935a8ddb3e3035d21ed124a9013f
+    Sections:
+        .text:
+            Entropy: 6.017378987027818
+            Virtual Size: '0x7a6'
+        .rdata:
+            Entropy: 4.321668109596258
+            Virtual Size: '0x1b0'
+        .data:
+            Entropy: 0.5096713223407059
+            Virtual Size: '0x114'
+        .pdata:
+            Entropy: 3.2521492196851236
+            Virtual Size: '0x78'
+        INIT:
+            Entropy: 5.031588684181026
+            Virtual Size: '0x242'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
+                Primary Object Publishing CA
+            ValidFrom: '1999-01-28 13:00:00'
+            ValidTo: '2017-01-27 12:00:00'
+            Signature: b578a6a27c04b77fc97f7d6abc71fa293060c2f4621efe7f431e9b6ee2b21f730b85765b7df54e49062fd4fab79140efed6f8d8e138354c52a023d0aa4dc990b7abd772fcc40c18ff3c48c4e72ba107ce6ff642bc7ce6ca7fcd79a7c8e468d01834d423bdb9c3f9f326157d717b0b33666f0b3fd446f8137b1944ea7562589f58ad66d116262795c42900218d39c23fc08e86445b92d7e805b4eafc38a299283781f914134af85c5fd07994e2c5cfec7fd17bb2525314d72b5b5294b489a376f13c7114e4a451e7e2f319cabe852afd6679734885f0e276a6652d15ac7ac302c2038dd2bff3aebce104582a27b1ba12073569b2a93e60451066c1bdc2f899493
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 040000000001239e0facb3
+            Version: 3
+            TBS:
+                MD5: 5ccf05e4dec10d9d6fe15d8778325272
+                SHA1: 79f0a648bd7f1184f86bff43ae47c9ecc3ed3cec
+                SHA256: 33ea31b892ba274a4aefe545de45c42c218b6dff78146655cdea892545c2cccc
+                SHA384: 1350ebc11fd20f5f141bc545786506e6a154be054da7a6e603cb276a6d60a24f2a4016ecc2f5cabd1088e1905f60aabf
+        -   Subject: OU=Timestamping CA, O=GlobalSign, CN=GlobalSign Timestamping
+                CA
+            ValidFrom: '2009-03-18 11:00:00'
+            ValidTo: '2028-01-28 12:00:00'
+            Signature: 5df6cb2b0d0140849f857a43706ae0c5e7aa0600d76713c9089131654f14a8a905dc389e6aa0300abd8dc78028ee4245ca94f3de5845a9803204f5595c6a70003927944df5b44634e81c5331b2b35416e9cc42abd5d959301cfb462725b88723b1e8758824831ec876377b01494548a4ede25dd27c9ca2dc2dba105a126265abae00c710343bcb72bd14240cdcc37627b4a7fee15829f20e169f91391d89a6e60f1c878ce258ac927e243eaaec14e73a33348bc63bac83ab0f14627aba1a2d4d4b1bc530f00b92797d3c78e0f8e6d215965999392b3061e8b8f8c0a1e9221411787dc4dc89bec0bb94e172aeebb540404fef171e585ed0a88996ac9228e9babf
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012019c19066
+            Version: 3
+            TBS:
+                MD5: 42023b9487cafe46c1b6a49c369a362e
+                SHA1: 7c7b524d269334b9f073c32e888e09544c6acd98
+                SHA256: b7126567833f3daa4085ff41e73112daad3d1e3808a942c1936520e2d6c46c78
+                SHA384: 0ee4f63d6f157ec4f6990c3ebb411ccd76cb1e2123c7f692459e43f96c0da2dbf60a2bce6afeacc60621d3055028baea
+        -   Subject: C=BE, O=GlobalSign NV, CN=GlobalSign Time Stamping Authority
+            ValidFrom: '2009-12-21 09:32:56'
+            ValidTo: '2020-12-22 09:32:56'
+            Signature: bc89ecfee63655935c79d4117a86808f17b693b26d9b91a1561811c655eaf608edad9b9ef52b81c8bbdd607b1b47991e6d403e1d80c213d58e04052fdbe7ae529e688472a1e54a603cf89bd52f46d8c3b2b79353ac9b6c432424d1f1fce9562e3411581843eaefff34746ca0c06c7fad031969881e9560cabbbd0cbb76efc724b081c63831cf36ad0c38b89020849b2e8f28b99ff6ca9427cdac396157e0e3955a9c769230f5dea6973d721c2a6032a8334d8635338a5cf3a4fdf7062ce16b4b30f5cbd34362f841b9de7d20cb058c8e2cf65f35fd338d42896508362ca389f45a858bb0b97bdb6ccba1f8d20e1bbb977cd12779be9d7c3be6a75634d8c991a9
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 01000000000125b0b4cc01
+            Version: 3
+            TBS:
+                MD5: e3369c8e5aec0504b3a50455f615d9f9
+                SHA1: 13c244a894b40ecd18aaf97c362f20385bd005a7
+                SHA256: 26da721a670c72836926032fee6920118bfb9bff89cc8d0ce30d9452c33f2532
+                SHA384: 1524902f0e25addc6d74039d439366d2b06199e215004fd8e145369f50ea94a021ce6312e8a62b35470da0309ccb975c
+        -   Subject: C=CN, O=Suzhou Ind. Park ShiSuanKeJi Co., Ltd., CN=Suzhou Ind.
+                Park ShiSuanKeJi Co., Ltd., emailAddress=support@winmount.com
+            ValidFrom: '2009-07-06 03:56:35'
+            ValidTo: '2010-07-06 03:56:35'
+            Signature: 85c9779e6b59736985b385e0e41542c8ad4d0549dde97d7fe57f28b7c94d9213ee3a5b930cda11d5ec31ad7af91301be188686cbea8509d053c737650684c16a46cd6ea0ee4ab8145b4a8b290a83abb754e43282f154a581c2c97d4ae4efc0f74e61197a74c6ff9edf4a73eda9f2bb8823db91718bdd114e195f07cdb5e2d20adb72e878920c26bad4a9cb400f0b5c2d1dbba924d0430a0bdb80a83d95961beff2c242a2f3da9838971caeb92395892174f7579bee52fb234887a3871c117751187c2fa334171aaf7a14e1dcd05aa8930e37f82c0aac6c514881f4ba1dc6c4aca3f2e59ef3a4de8744df815ee34333185aa3225675e20d60d7ae838f51937132
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 010000000001224e6689d6
+            Version: 3
+            TBS:
+                MD5: ca2389fcfbf20e5e06a93095a11e2969
+                SHA1: 560b2b09d374366d82385c34f5af32f90a36e4ff
+                SHA256: 8145484fe1f9827a0473717e15ff7ebe86c39d6e1659f294dacedf863c149ee0
+                SHA384: bd262827636c18b70299e8e96ccc2e61284352309d9c7da197ba51914c52adb3248d784f411fac6d884750f9d8f02a06
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            ValidFrom: '2004-01-22 10:00:00'
+            ValidTo: '2017-01-27 10:00:00'
+            Signature: 1e6af36df48ea922fe7008652ea15dab3330dd6c78fa4beaadc58dec107a6ac55897396b92f391e20ca7281cd15d768e8b077c136fadc43643b3c1bc3159cf1838d8a33bceffca6758bfe0f1ac613ea23b1ebc025b41ac446bf526f3ed5ea865f6ca65a63fcaf577eba5862a582956f8be161040e9d2fc572c636137662539202e0703a036032594bd7ceb7ed3a3c2c57616753092b9ff7641352168d10e5e5c8ec30360e68040fcc05da2546e6e9267a7811287a2a32bdbb74dffe4d5c7e505e6d5f1aefccd661821f33e47c9e59542612c9d2680b20fa83d0ec9a778df6e748c2c46f672e93c646b2855c44b6433cb78541338f0d57106d43e0d0a350ee0b3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 040000000001239e0faf24
+            Version: 3
+            TBS:
+                MD5: 7dd2351a85d3665eeb6720a21f4f7dee
+                SHA1: 77838c4d7f36958a581841d28f481d61ce0696ed
+                SHA256: 846725f4b0193468c1079d6127e9e6e420fc6ed66019ed02d732ba644decad57
+                SHA384: aaa45fe704bc66bb1842a2123c6e45e016dfbc7ba2ce07d7d2ee0b5d488a39c68bc6db582cb45d51f5fa52e60be8efd6
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 010000000001224e6689d6
+            Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            Version: 1
+    Imphash: d6f977640d4810a784d152e4d3c63a6b
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/9713603a-53bf-4907-a304-b422db741fc6.yaml b/yaml/9713603a-53bf-4907-a304-b422db741fc6.yaml
index 8d41b1a43..6a77f3934 100644
--- a/yaml/9713603a-53bf-4907-a304-b422db741fc6.yaml
+++ b/yaml/9713603a-53bf-4907-a304-b422db741fc6.yaml
@@ -1,207 +1,208 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 9713603a-53bf-4907-a304-b422db741fc6
+Tags:
+- typelibdE.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: malicious
-Commands:
-  Command: sc.exe create typelibdE.sys binPath=C:\windows\temp\typelibdE.sys type=kernel
-    && sc.exe start typelibdE.sys
-  Description: "Cisco Talos has identified multiple versions of an undocumented malicious\
-    \ driver named \u201CRedDriver,\u201D a driver-based browser hijacker that uses\
-    \ the Windows Filtering Platform (WFP) to intercept browser traffic. RedDriver\
-    \ has been active since at least 2021.\nRedDriver utilizes HookSignTool to forge\
-    \ its signature timestamp to bypass Windows driver-signing policies.\nCode from\
-    \ multiple open-source tools has been used in the development of RedDriver's infection\
-    \ chain, including HP-Socket and a custom implementation of ReflectiveLoader.\n\
-    The authors of RedDriver appear to be skilled in driver development and have deep\
-    \ knowledge of the Windows operating system.\nThis threat appears to target native\
-    \ Chinese speakers, as it searches for Chinese language browsers to hijack. Additionally,\
-    \ the authors are likely Chinese speakers themselves."
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-07-12'
-Detection: []
-Id: 9713603a-53bf-4907-a304-b422db741fc6
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 0a1afc7458bc0043c28e2a3d3c55218f
-    SHA1: 174f3d13b28fd23e4f5113822ec18cffe7977c44
-    SHA256: 81f4258c5aee1bfe424880fbc61a1928a816014c502f010be03becbb42e648fb
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2023-04-10 19:59:25'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - RtlCompareMemory
-  - ExAllocatePool
-  - ExFreePoolWithTag
-  - CmRegisterCallback
-  - PsCreateSystemThread
-  - ZwClose
-  - MmIsAddressValid
-  - PsSetCreateProcessNotifyRoutine
-  - PsSetCreateThreadNotifyRoutine
-  - PsSetLoadImageNotifyRoutine
-  - __C_specific_handler
-  - RtlInitUnicodeString
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - ObfDereferenceObject
-  - PsGetCurrentProcessId
-  - ZwOpenProcess
-  - PsLookupProcessByProcessId
-  - ZwWaitForSingleObject
-  - PsReferenceProcessFilePointer
-  - RtlCompareUnicodeStrings
-  - KeEnterCriticalRegion
-  - KeLeaveCriticalRegion
-  - KeWaitForSingleObject
-  - ExQueryDepthSList
-  - ExpInterlockedPopEntrySList
-  - ExpInterlockedPushEntrySList
-  - ExInitializeNPagedLookasideList
-  - ExInitializeResourceLite
-  - ExAcquireResourceSharedLite
-  - ExAcquireResourceExclusiveLite
-  - ExReleaseResourceLite
-  - PsTerminateSystemThread
-  - ObReferenceObjectByHandle
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - PsGetProcessWow64Process
-  - PsGetProcessImageFileName
-  - ZwCreateFile
-  - ZwQueryInformationFile
-  - ZwReadFile
-  - ExAllocatePoolWithTag
-  - MmGetSystemRoutineAddress
-  - IoGetCurrentProcess
-  - PsGetProcessId
-  - PsProcessType
-  - PsGetProcessPeb
-  - RtlInitAnsiString
-  - RtlAnsiStringToUnicodeString
-  - RtlFreeUnicodeString
-  - _vsnprintf
-  - _vsnwprintf
-  - RtlGetVersion
-  - KeInitializeEvent
-  - KeQueryTimeIncrement
-  - RtlRandomEx
-  - ZwSetInformationFile
-  - ZwWriteFile
-  - IoFileObjectType
-  - ZwTerminateProcess
-  - KeBugCheckEx
-  - RtlCopyUnicodeString
-  - _wcslwr
-  - wcsstr
-  - ExSystemTimeToLocalTime
-  - RtlTimeToTimeFields
-  - WdfVersionBindClass
-  - WdfVersionBind
-  - WdfVersionUnbind
-  - WdfVersionUnbindClass
-  Imports:
-  - ntoskrnl.exe
-  - WDFLDR.SYS
-  InternalName: ''
-  MD5: 2406ea37152d2154be3fef6d69ada2c6
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 3e8b77121573e70b98f26828a7ec2cc0
-    SHA1: 93e009f2ef2ebc8e6f91afb0407312e379d114c1
-    SHA256: 6c46fc6908d6505c93eae0f2e772f203724356a3d89ae8b31d9060ee718ea32f
-  SHA1: b6eb40ea52b47f03edb8f45e2e431b5f666df8c5
-  SHA256: 4f02aed3750bc6a924c75e774404f259f721d8f4081ed68aa01cf73ca5430f85
-  Sections:
-    .text:
-      Entropy: 6.244772828250603
-      Virtual Size: '0x5f44'
-    .rdata:
-      Entropy: 4.44550851705184
-      Virtual Size: '0xc08'
-    .data:
-      Entropy: 5.43290923140193
-      Virtual Size: '0x2c40'
-    .pdata:
-      Entropy: 4.386100622624198
-      Virtual Size: '0x4f8'
-    .gfids:
-      Entropy: 0.8112781244591328
-      Virtual Size: '0x4'
-    INIT:
-      Entropy: 5.167244656939951
-      Virtual Size: '0x96e'
-    .reloc:
-      Entropy: 3.2341837197791876
-      Virtual Size: '0x28'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=thawte, Inc., CN=thawte SHA256 Code Signing CA
-      ValidFrom: '2013-12-10 00:00:00'
-      ValidTo: '2023-12-09 23:59:59'
-      Signature: 243bf5d7a03613c743fef0098768d198316e12e43f1e1f967b6b4c1e879e8bc56ca3b10c7b5092d5819cb18f2c29b7eef99105b98e41f12cf6d0592d98e0b9ea8001474095b83d9d03bd79bb35b6ad9c4c27f6674510c9c5bc874e557bd287bbdddc30efc6d46ccc99356d1ce060d3cd688f29594b89960846c98efc754fc5dc09cc4e278b44cd07bcac04e0b533a5879ff4dd730c91ea12816fe375f01eb5936c4417d53e97c9bd072c56771f85dd46e8bfde2c8194a3f7e5b7a7c1379f75ca55774d5e3629ca85d84541725775c0795bfa3410066d642042b73ac81f1d4664025fc647bef0c43a2854daf61e4f9aa21943a46f49f8fc5e422028848b47206e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 71a0b73695ddb1afc23b2b9a18ee54cb
-      Version: 3
-      TBS:
-        MD5: 8314595952398203ab24badbbc927d39
-        SHA1: b07dcf73133408eee2786a208ce4b2543bf6c583
-        SHA256: c734685d985b8ea13db4fc1a6dcd26aa0dde78b4c3b651ea5d58e32e081b2a41
-        SHA384: 874ded773c743b4e18744d7978b41cfe2e55529c61d45a0e34b3950aaad56b6c7a3780880133bcd1df3b1f86d468d46d
-    - Subject: C=CN, L=, O=, OU=, CN=
-      ValidFrom: '2018-08-15 00:00:00'
-      ValidTo: '2019-08-15 23:59:59'
-      Signature: 3ebdf2009f802c1033d2a14df88ed84c6282db1e8d19d6324b21ffb8e69fbc0752d101bd22ab4fae6c8c45bb82b7ba0d9a7213d7a29a2f587bdf68c7ae3ab6f9ed7cc23e27d6f44a0a5311124381f6f9bdeec2e19c59fc7362d5d59f09951b8ffa03215e5679ae4bcffe45b7059426a96c2897107c07b2b3e6cbcbee46527908db76f7a1bf2af19c986eba31504c9c5c3cb34e81ba2a1eb55965a2d192820cac79f640a3e9672bb507dc3a561de5d94f9a0105a355f42bea235ea5349d7d2b104a71c56640e0170433fe1ef075d9f865f17be8989b590765917215c0f7b709e9820f7106dff8cec57d59ee2777cec96f8b1de8e3a93bc7e7b757d87c9888b9a2
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 0dbdf488aeaa9795e332a1ca2747af0d
-      Version: 3
-      TBS:
-        MD5: 5037c865c427f7d514ac954ef7e66ccf
-        SHA1: cfcc3ebb5c9003e88373beb66781dbdf9e1904d2
-        SHA256: cd684ad96d510b669c0767e4b845fb7a04fba27c1f3a0935b09a988d94938f6e
-        SHA384: 30bf56d04a2a54ae834ea9b111da02fe53c0c13ddd66f815aed8100bb887c6d5b299e518ba1f4abc0f2c3bb02029141b
-    - Subject: C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006
-        thawte, Inc. , For authorized use only, CN=thawte Primary Root CA
-      ValidFrom: '2011-02-22 19:31:57'
-      ValidTo: '2021-02-22 19:41:57'
-      Signature: 2dcc71b5e8ba94ff5ee64467007b6afc412c3ee70e41855ab12a932ba95b89f2f72b499c8003f297b8e760a80ed7fd5de545467594f4ed1c9de166228b61fb29f2c6a8bdf387c98f7f47e1c058b64a1aa2e7f718606969e083069e26c775c40c0d79da746b52b9fae8ea3359b9bb18dd291a14dfd36a37277a9da0dacffffc22c4faf009ff33e93e17ba1cc742cfce2743d30c0c5581303db96060ce02ece19ee81ddc852ce0a18d966d95ac17a4713ea16741b6281d2ce3b615e5b7e5a2f6256d86e320acf9f8314f8e629b9833376d6af735523e90feb03b5fc5b852a9e06ea0479a279e97aea24a9e531939ec357ec659de3ae0aaf533f06abda0821812dea18c4570ca2bd62e959145995a5c240049bd23b30ceca43df5b9e1d1b1825a38eea3fba1ab483a8c5dffa065223fd3d3fe4990db1446a3852e8a554b09ab38b2ab63a008d1fdad48e273d812bcc26ca516fad09ac05e38383a2b718e553aac42197a1f0d4220e7ab5d8c6880524ca1c0d488d02321fb901309007b4937afa9df486022abf4f6c2363bf8513c34bbc586e43ae19f4b90fe5461024b159c34176aa94b8d4cb69d2326c83af1d6b805cdda1d6240183a2f1b41cd3a993a0aa9d1d77eb8c4aff7b8c980105ed55df6ce7a9a02c50f6381efb564e9fc5bd8d2619a68c37cf9c78df91e87d5fa2cf816ae9dab068fc86dc741cda14e84e3dac26ebcfb
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611fb0a400000000001d
-      Version: 3
-      TBS:
-        MD5: a3f222107d4e1085e73b5b589c2f480b
-        SHA1: b94aa26cd77c48d91a53ac44506cbd255e1d362c
-        SHA256: a39ed0d6fd4eb1a6f7fed60f726e23eae668b7591bc004644625d22c701213fa
-        SHA384: 64b7643e4146016cbf83c911eb67e4601b6bb8d66f8ee8dcee67b815f91770d86ab23678b984430f22a963e5484881b7
-    Signer:
-    - SerialNumber: 0dbdf488aeaa9795e332a1ca2747af0d
-      Issuer: C=US, O=thawte, Inc., CN=thawte SHA256 Code Signing CA
-      Version: 1
-  Imphash: e3ee9131742bf9c9d43cb9a425e497dd
-  LoadsDespiteHVCI: 'TRUE'
 MitreID: T1068
+Category: malicious
+Commands:
+    Command: sc.exe create typelibdE.sys binPath=C:\windows\temp\typelibdE.sys type=kernel
+        && sc.exe start typelibdE.sys
+    Description: "Cisco Talos has identified multiple versions of an undocumented\
+        \ malicious driver named \u201CRedDriver,\u201D a driver-based browser hijacker\
+        \ that uses the Windows Filtering Platform (WFP) to intercept browser traffic.\
+        \ RedDriver has been active since at least 2021.\nRedDriver utilizes HookSignTool\
+        \ to forge its signature timestamp to bypass Windows driver-signing policies.\n\
+        Code from multiple open-source tools has been used in the development of RedDriver's\
+        \ infection chain, including HP-Socket and a custom implementation of ReflectiveLoader.\n\
+        The authors of RedDriver appear to be skilled in driver development and have\
+        \ deep knowledge of the Windows operating system.\nThis threat appears to\
+        \ target native Chinese speakers, as it searches for Chinese language browsers\
+        \ to hijack. Additionally, the authors are likely Chinese speakers themselves."
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://blog.talosintelligence.com/undocumented-reddriver/
-Tags:
-- typelibdE.sys
-Verified: 'TRUE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 0a1afc7458bc0043c28e2a3d3c55218f
+        SHA1: 174f3d13b28fd23e4f5113822ec18cffe7977c44
+        SHA256: 81f4258c5aee1bfe424880fbc61a1928a816014c502f010be03becbb42e648fb
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2023-04-10 19:59:25'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - RtlCompareMemory
+    - ExAllocatePool
+    - ExFreePoolWithTag
+    - CmRegisterCallback
+    - PsCreateSystemThread
+    - ZwClose
+    - MmIsAddressValid
+    - PsSetCreateProcessNotifyRoutine
+    - PsSetCreateThreadNotifyRoutine
+    - PsSetLoadImageNotifyRoutine
+    - __C_specific_handler
+    - RtlInitUnicodeString
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - ObfDereferenceObject
+    - PsGetCurrentProcessId
+    - ZwOpenProcess
+    - PsLookupProcessByProcessId
+    - ZwWaitForSingleObject
+    - PsReferenceProcessFilePointer
+    - RtlCompareUnicodeStrings
+    - KeEnterCriticalRegion
+    - KeLeaveCriticalRegion
+    - KeWaitForSingleObject
+    - ExQueryDepthSList
+    - ExpInterlockedPopEntrySList
+    - ExpInterlockedPushEntrySList
+    - ExInitializeNPagedLookasideList
+    - ExInitializeResourceLite
+    - ExAcquireResourceSharedLite
+    - ExAcquireResourceExclusiveLite
+    - ExReleaseResourceLite
+    - PsTerminateSystemThread
+    - ObReferenceObjectByHandle
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - PsGetProcessWow64Process
+    - PsGetProcessImageFileName
+    - ZwCreateFile
+    - ZwQueryInformationFile
+    - ZwReadFile
+    - ExAllocatePoolWithTag
+    - MmGetSystemRoutineAddress
+    - IoGetCurrentProcess
+    - PsGetProcessId
+    - PsProcessType
+    - PsGetProcessPeb
+    - RtlInitAnsiString
+    - RtlAnsiStringToUnicodeString
+    - RtlFreeUnicodeString
+    - _vsnprintf
+    - _vsnwprintf
+    - RtlGetVersion
+    - KeInitializeEvent
+    - KeQueryTimeIncrement
+    - RtlRandomEx
+    - ZwSetInformationFile
+    - ZwWriteFile
+    - IoFileObjectType
+    - ZwTerminateProcess
+    - KeBugCheckEx
+    - RtlCopyUnicodeString
+    - _wcslwr
+    - wcsstr
+    - ExSystemTimeToLocalTime
+    - RtlTimeToTimeFields
+    - WdfVersionBindClass
+    - WdfVersionBind
+    - WdfVersionUnbind
+    - WdfVersionUnbindClass
+    Imports:
+    - ntoskrnl.exe
+    - WDFLDR.SYS
+    InternalName: ''
+    MD5: 2406ea37152d2154be3fef6d69ada2c6
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 3e8b77121573e70b98f26828a7ec2cc0
+        SHA1: 93e009f2ef2ebc8e6f91afb0407312e379d114c1
+        SHA256: 6c46fc6908d6505c93eae0f2e772f203724356a3d89ae8b31d9060ee718ea32f
+    SHA1: b6eb40ea52b47f03edb8f45e2e431b5f666df8c5
+    SHA256: 4f02aed3750bc6a924c75e774404f259f721d8f4081ed68aa01cf73ca5430f85
+    Sections:
+        .text:
+            Entropy: 6.244772828250603
+            Virtual Size: '0x5f44'
+        .rdata:
+            Entropy: 4.44550851705184
+            Virtual Size: '0xc08'
+        .data:
+            Entropy: 5.43290923140193
+            Virtual Size: '0x2c40'
+        .pdata:
+            Entropy: 4.386100622624198
+            Virtual Size: '0x4f8'
+        .gfids:
+            Entropy: 0.8112781244591328
+            Virtual Size: '0x4'
+        INIT:
+            Entropy: 5.167244656939951
+            Virtual Size: '0x96e'
+        .reloc:
+            Entropy: 3.2341837197791876
+            Virtual Size: '0x28'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=thawte, Inc., CN=thawte SHA256 Code Signing CA
+            ValidFrom: '2013-12-10 00:00:00'
+            ValidTo: '2023-12-09 23:59:59'
+            Signature: 243bf5d7a03613c743fef0098768d198316e12e43f1e1f967b6b4c1e879e8bc56ca3b10c7b5092d5819cb18f2c29b7eef99105b98e41f12cf6d0592d98e0b9ea8001474095b83d9d03bd79bb35b6ad9c4c27f6674510c9c5bc874e557bd287bbdddc30efc6d46ccc99356d1ce060d3cd688f29594b89960846c98efc754fc5dc09cc4e278b44cd07bcac04e0b533a5879ff4dd730c91ea12816fe375f01eb5936c4417d53e97c9bd072c56771f85dd46e8bfde2c8194a3f7e5b7a7c1379f75ca55774d5e3629ca85d84541725775c0795bfa3410066d642042b73ac81f1d4664025fc647bef0c43a2854daf61e4f9aa21943a46f49f8fc5e422028848b47206e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 71a0b73695ddb1afc23b2b9a18ee54cb
+            Version: 3
+            TBS:
+                MD5: 8314595952398203ab24badbbc927d39
+                SHA1: b07dcf73133408eee2786a208ce4b2543bf6c583
+                SHA256: c734685d985b8ea13db4fc1a6dcd26aa0dde78b4c3b651ea5d58e32e081b2a41
+                SHA384: 874ded773c743b4e18744d7978b41cfe2e55529c61d45a0e34b3950aaad56b6c7a3780880133bcd1df3b1f86d468d46d
+        -   Subject: C=CN, L=, O=, OU=, CN=
+            ValidFrom: '2018-08-15 00:00:00'
+            ValidTo: '2019-08-15 23:59:59'
+            Signature: 3ebdf2009f802c1033d2a14df88ed84c6282db1e8d19d6324b21ffb8e69fbc0752d101bd22ab4fae6c8c45bb82b7ba0d9a7213d7a29a2f587bdf68c7ae3ab6f9ed7cc23e27d6f44a0a5311124381f6f9bdeec2e19c59fc7362d5d59f09951b8ffa03215e5679ae4bcffe45b7059426a96c2897107c07b2b3e6cbcbee46527908db76f7a1bf2af19c986eba31504c9c5c3cb34e81ba2a1eb55965a2d192820cac79f640a3e9672bb507dc3a561de5d94f9a0105a355f42bea235ea5349d7d2b104a71c56640e0170433fe1ef075d9f865f17be8989b590765917215c0f7b709e9820f7106dff8cec57d59ee2777cec96f8b1de8e3a93bc7e7b757d87c9888b9a2
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 0dbdf488aeaa9795e332a1ca2747af0d
+            Version: 3
+            TBS:
+                MD5: 5037c865c427f7d514ac954ef7e66ccf
+                SHA1: cfcc3ebb5c9003e88373beb66781dbdf9e1904d2
+                SHA256: cd684ad96d510b669c0767e4b845fb7a04fba27c1f3a0935b09a988d94938f6e
+                SHA384: 30bf56d04a2a54ae834ea9b111da02fe53c0c13ddd66f815aed8100bb887c6d5b299e518ba1f4abc0f2c3bb02029141b
+        -   Subject: C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c)
+                2006 thawte, Inc. , For authorized use only, CN=thawte Primary Root
+                CA
+            ValidFrom: '2011-02-22 19:31:57'
+            ValidTo: '2021-02-22 19:41:57'
+            Signature: 2dcc71b5e8ba94ff5ee64467007b6afc412c3ee70e41855ab12a932ba95b89f2f72b499c8003f297b8e760a80ed7fd5de545467594f4ed1c9de166228b61fb29f2c6a8bdf387c98f7f47e1c058b64a1aa2e7f718606969e083069e26c775c40c0d79da746b52b9fae8ea3359b9bb18dd291a14dfd36a37277a9da0dacffffc22c4faf009ff33e93e17ba1cc742cfce2743d30c0c5581303db96060ce02ece19ee81ddc852ce0a18d966d95ac17a4713ea16741b6281d2ce3b615e5b7e5a2f6256d86e320acf9f8314f8e629b9833376d6af735523e90feb03b5fc5b852a9e06ea0479a279e97aea24a9e531939ec357ec659de3ae0aaf533f06abda0821812dea18c4570ca2bd62e959145995a5c240049bd23b30ceca43df5b9e1d1b1825a38eea3fba1ab483a8c5dffa065223fd3d3fe4990db1446a3852e8a554b09ab38b2ab63a008d1fdad48e273d812bcc26ca516fad09ac05e38383a2b718e553aac42197a1f0d4220e7ab5d8c6880524ca1c0d488d02321fb901309007b4937afa9df486022abf4f6c2363bf8513c34bbc586e43ae19f4b90fe5461024b159c34176aa94b8d4cb69d2326c83af1d6b805cdda1d6240183a2f1b41cd3a993a0aa9d1d77eb8c4aff7b8c980105ed55df6ce7a9a02c50f6381efb564e9fc5bd8d2619a68c37cf9c78df91e87d5fa2cf816ae9dab068fc86dc741cda14e84e3dac26ebcfb
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611fb0a400000000001d
+            Version: 3
+            TBS:
+                MD5: a3f222107d4e1085e73b5b589c2f480b
+                SHA1: b94aa26cd77c48d91a53ac44506cbd255e1d362c
+                SHA256: a39ed0d6fd4eb1a6f7fed60f726e23eae668b7591bc004644625d22c701213fa
+                SHA384: 64b7643e4146016cbf83c911eb67e4601b6bb8d66f8ee8dcee67b815f91770d86ab23678b984430f22a963e5484881b7
+        Signer:
+        -   SerialNumber: 0dbdf488aeaa9795e332a1ca2747af0d
+            Issuer: C=US, O=thawte, Inc., CN=thawte SHA256 Code Signing CA
+            Version: 1
+    Imphash: e3ee9131742bf9c9d43cb9a425e497dd
+    LoadsDespiteHVCI: 'TRUE'
diff --git a/yaml/9748d5c8-62dd-474b-a336-0aadb49e5ff9.yaml b/yaml/9748d5c8-62dd-474b-a336-0aadb49e5ff9.yaml
index b076e0dad..20e6f1f28 100644
--- a/yaml/9748d5c8-62dd-474b-a336-0aadb49e5ff9.yaml
+++ b/yaml/9748d5c8-62dd-474b-a336-0aadb49e5ff9.yaml
@@ -1,169 +1,169 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 9748d5c8-62dd-474b-a336-0aadb49e5ff9
+Tags:
+- daxin_blank3.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: malicious
-Commands:
-  Command: sc.exe create daxin_blank3.sys binPath=C:\windows\temp\daxin_blank3.sys     type=kernel
-    && sc.exe start daxin_blank3.sys
-  Description: Driver used in the Daxin malware campaign.
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-02-28'
-Detection: []
-Id: 9748d5c8-62dd-474b-a336-0aadb49e5ff9
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 800a604e6039d6dc93d68d116c38b640
-    SHA1: 75670f26e2df371741e8832012e06fdcd179b64c
-    SHA256: afb9e6b70f707149e7243e41ffafbdda463da9a890c56091c454df60608efa0f
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2009-11-17 17:54:13'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: daxin_blank3.sys
-  ImportedFunctions:
-  - MmMapLockedPagesSpecifyCache
-  - ZwClose
-  - IofCompleteRequest
-  - KeResetEvent
-  - InterlockedIncrement
-  - KeSetEvent
-  - InterlockedDecrement
-  - RtlUnicodeStringToInteger
-  - RtlInitUnicodeString
-  - KeInitializeEvent
-  - wcsncmp
-  - wcscat
-  - wcslen
-  - wcscpy
-  - MmBuildMdlForNonPagedPool
-  - IoAllocateMdl
-  - strlen
-  - RtlCompareUnicodeString
-  - IoFreeMdl
-  - MmProbeAndLockPages
-  - MmUnlockPages
-  - MmUnmapLockedPages
-  - RtlFreeUnicodeString
-  - ZwWriteFile
-  - ZwCreateFile
-  - RtlAnsiStringToUnicodeString
-  - strcat
-  - ZwReadFile
-  - ZwQueryInformationFile
-  - strncmp
-  - _wcsnicmp
-  - strcmp
-  - _stricmp
-  - MmGetSystemRoutineAddress
-  - ZwQueryValueKey
-  - ZwOpenKey
-  - IoCreateFile
-  - KeWaitForMultipleObjects
-  - strcpy
-  - RtlUnwind
-  - vsprintf
-  - KeWaitForSingleObject
-  - KeDelayExecutionThread
-  - PsTerminateSystemThread
-  - PsCreateSystemThread
-  - ObReferenceObjectByHandle
-  - ExFreePool
-  - KeInitializeSpinLock
-  - KeTickCount
-  - memset
-  - memcpy
-  - MmMapLockedPages
-  - ExAllocatePoolWithTag
-  - KfAcquireSpinLock
-  - KfReleaseSpinLock
-  - PsGetVersion
-  - ZwTerminateProcess
-  - ZwOpenProcess
-  - RtlSetDaclSecurityDescriptor
-  - RtlAddAccessAllowedAce
-  - RtlCreateAcl
-  - RtlLengthSid
-  - RtlCreateSecurityDescriptor
-  - ZwWaitForSingleObject
-  - NtFsControlFile
-  - NtWriteFile
-  - NtReadFile
-  - RtlLengthRequiredSid
-  - RtlImageDirectoryEntryToData
-  - ZwQueryInformationProcess
-  - ZwQuerySystemInformation
-  - PsLookupProcessByProcessId
-  - KeAttachProcess
-  - KeDetachProcess
-  - PsLookupThreadByThreadId
-  - KeInitializeApc
-  - KeInsertQueueApc
-  - ZwOpenFile
-  - ZwDeviceIoControlFile
-  - PsThreadType
-  - NtQuerySystemInformation
-  - NdisAllocateMemory
-  - NdisAllocatePacket
-  - NdisCopyFromPacketToPacket
-  - NdisFreePacket
-  - NdisAllocateBuffer
-  - NdisDeregisterProtocol
-  - NdisRegisterProtocol
-  - NdisAllocateBufferPool
-  - NdisAllocatePacketPool
-  - NdisFreeBufferPool
-  - NdisFreePacketPool
-  - NdisFreeMemory
-  Imports:
-  - NTOSKRNL.EXE
-  - HAL.DLL
-  - ntoskrnl.exe
-  - NDIS.SYS
-  InternalName: ''
-  MD5: bd5b0514f3b40f139d8079138d01b5f6
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: n/a
-  RichPEHeaderHash:
-    MD5: 9857565d974281ef92bdf9265b2054e4
-    SHA1: c85f13237ee6920b3ec2550afbae60d7cc4315c6
-    SHA256: 9ebbf9b07f0b4454c9ff06e0ef41e51af3f1789ec72c54ca41f259a2d5b9f831
-  SHA1: 73bac306292b4e9107147db94d0d836fdb071e33
-  SHA256: 7a7e8df7173387aec593e4fe2b45520ea3156c5f810d2bb1b2784efd1c922376
-  Sections:
-    .text:
-      Entropy: 6.006793186078718
-      Virtual Size: '0x8e62'
-    .rdata:
-      Entropy: 4.1976517920402046
-      Virtual Size: '0x1a0'
-    .data:
-      Entropy: 2.482385006958768
-      Virtual Size: '0xc1cc0'
-    INIT:
-      Entropy: 5.446351025397411
-      Virtual Size: '0x954'
-    .reloc:
-      Entropy: 3.6320572578287265
-      Virtual Size: '0xe20'
-  Signature: Unsigned
-  Signatures: {}
-  Imphash: 6c8d5c79a850eecc2fb0291cebda618d
-  LoadsDespiteHVCI: 'TRUE'
 MitreID: T1068
+Category: malicious
+Commands:
+    Command: sc.exe create daxin_blank3.sys binPath=C:\windows\temp\daxin_blank3.sys     type=kernel
+        && sc.exe start daxin_blank3.sys
+    Description: Driver used in the Daxin malware campaign.
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://gist.github.com/MHaggis/9ab3bb795a6018d70fb11fa7c31f8f48
 - https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/daxin-backdoor-espionage
 - ''
-Tags:
-- daxin_blank3.sys
-Verified: 'TRUE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 800a604e6039d6dc93d68d116c38b640
+        SHA1: 75670f26e2df371741e8832012e06fdcd179b64c
+        SHA256: afb9e6b70f707149e7243e41ffafbdda463da9a890c56091c454df60608efa0f
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2009-11-17 17:54:13'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: daxin_blank3.sys
+    ImportedFunctions:
+    - MmMapLockedPagesSpecifyCache
+    - ZwClose
+    - IofCompleteRequest
+    - KeResetEvent
+    - InterlockedIncrement
+    - KeSetEvent
+    - InterlockedDecrement
+    - RtlUnicodeStringToInteger
+    - RtlInitUnicodeString
+    - KeInitializeEvent
+    - wcsncmp
+    - wcscat
+    - wcslen
+    - wcscpy
+    - MmBuildMdlForNonPagedPool
+    - IoAllocateMdl
+    - strlen
+    - RtlCompareUnicodeString
+    - IoFreeMdl
+    - MmProbeAndLockPages
+    - MmUnlockPages
+    - MmUnmapLockedPages
+    - RtlFreeUnicodeString
+    - ZwWriteFile
+    - ZwCreateFile
+    - RtlAnsiStringToUnicodeString
+    - strcat
+    - ZwReadFile
+    - ZwQueryInformationFile
+    - strncmp
+    - _wcsnicmp
+    - strcmp
+    - _stricmp
+    - MmGetSystemRoutineAddress
+    - ZwQueryValueKey
+    - ZwOpenKey
+    - IoCreateFile
+    - KeWaitForMultipleObjects
+    - strcpy
+    - RtlUnwind
+    - vsprintf
+    - KeWaitForSingleObject
+    - KeDelayExecutionThread
+    - PsTerminateSystemThread
+    - PsCreateSystemThread
+    - ObReferenceObjectByHandle
+    - ExFreePool
+    - KeInitializeSpinLock
+    - KeTickCount
+    - memset
+    - memcpy
+    - MmMapLockedPages
+    - ExAllocatePoolWithTag
+    - KfAcquireSpinLock
+    - KfReleaseSpinLock
+    - PsGetVersion
+    - ZwTerminateProcess
+    - ZwOpenProcess
+    - RtlSetDaclSecurityDescriptor
+    - RtlAddAccessAllowedAce
+    - RtlCreateAcl
+    - RtlLengthSid
+    - RtlCreateSecurityDescriptor
+    - ZwWaitForSingleObject
+    - NtFsControlFile
+    - NtWriteFile
+    - NtReadFile
+    - RtlLengthRequiredSid
+    - RtlImageDirectoryEntryToData
+    - ZwQueryInformationProcess
+    - ZwQuerySystemInformation
+    - PsLookupProcessByProcessId
+    - KeAttachProcess
+    - KeDetachProcess
+    - PsLookupThreadByThreadId
+    - KeInitializeApc
+    - KeInsertQueueApc
+    - ZwOpenFile
+    - ZwDeviceIoControlFile
+    - PsThreadType
+    - NtQuerySystemInformation
+    - NdisAllocateMemory
+    - NdisAllocatePacket
+    - NdisCopyFromPacketToPacket
+    - NdisFreePacket
+    - NdisAllocateBuffer
+    - NdisDeregisterProtocol
+    - NdisRegisterProtocol
+    - NdisAllocateBufferPool
+    - NdisAllocatePacketPool
+    - NdisFreeBufferPool
+    - NdisFreePacketPool
+    - NdisFreeMemory
+    Imports:
+    - NTOSKRNL.EXE
+    - HAL.DLL
+    - ntoskrnl.exe
+    - NDIS.SYS
+    InternalName: ''
+    MD5: bd5b0514f3b40f139d8079138d01b5f6
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: n/a
+    RichPEHeaderHash:
+        MD5: 9857565d974281ef92bdf9265b2054e4
+        SHA1: c85f13237ee6920b3ec2550afbae60d7cc4315c6
+        SHA256: 9ebbf9b07f0b4454c9ff06e0ef41e51af3f1789ec72c54ca41f259a2d5b9f831
+    SHA1: 73bac306292b4e9107147db94d0d836fdb071e33
+    SHA256: 7a7e8df7173387aec593e4fe2b45520ea3156c5f810d2bb1b2784efd1c922376
+    Sections:
+        .text:
+            Entropy: 6.006793186078718
+            Virtual Size: '0x8e62'
+        .rdata:
+            Entropy: 4.1976517920402046
+            Virtual Size: '0x1a0'
+        .data:
+            Entropy: 2.482385006958768
+            Virtual Size: '0xc1cc0'
+        INIT:
+            Entropy: 5.446351025397411
+            Virtual Size: '0x954'
+        .reloc:
+            Entropy: 3.6320572578287265
+            Virtual Size: '0xe20'
+    Signature: Unsigned
+    Signatures: {}
+    Imphash: 6c8d5c79a850eecc2fb0291cebda618d
+    LoadsDespiteHVCI: 'TRUE'
diff --git a/yaml/974de971-1f78-47b9-8049-6c34f294acd5.yaml b/yaml/974de971-1f78-47b9-8049-6c34f294acd5.yaml
index 10d1eaaef..9b5761950 100644
--- a/yaml/974de971-1f78-47b9-8049-6c34f294acd5.yaml
+++ b/yaml/974de971-1f78-47b9-8049-6c34f294acd5.yaml
@@ -1,35 +1,35 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 974de971-1f78-47b9-8049-6c34f294acd5
+Tags:
+- bwrsh.sys
+Verified: 'FALSE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create bwrsh.sys binPath=C:\windows\temp\bwrsh.sys type=kernel &&
-    sc.exe start bwrsh.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection: []
-Id: 974de971-1f78-47b9-8049-6c34f294acd5
-KnownVulnerableSamples:
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: bwrsh.sys
-  MachineType: ''
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA256: 37dde6bd8a7a36111c3ac57e0ac20bbb93ce3374d0852bcacc9a2c8c8c30079e
-  Signature: []
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create bwrsh.sys binPath=C:\windows\temp\bwrsh.sys type=kernel
+        && sc.exe start bwrsh.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules
-Tags:
-- bwrsh.sys
-Verified: 'FALSE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: bwrsh.sys
+    MachineType: ''
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA256: 37dde6bd8a7a36111c3ac57e0ac20bbb93ce3374d0852bcacc9a2c8c8c30079e
+    Signature: []
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/97ed6c7b-be4c-4f60-9157-c788a555ca9f.yaml b/yaml/97ed6c7b-be4c-4f60-9157-c788a555ca9f.yaml
index 688e91f14..2599d2f24 100644
--- a/yaml/97ed6c7b-be4c-4f60-9157-c788a555ca9f.yaml
+++ b/yaml/97ed6c7b-be4c-4f60-9157-c788a555ca9f.yaml
@@ -1,194 +1,195 @@
 Id: 97ed6c7b-be4c-4f60-9157-c788a555ca9f
+Tags:
+- iscflashx64.sys
+Verified: 'TRUE'
 Author: Takahiro Haruyama
 Created: '2023-10-12'
 MitreID: T1542
 Category: vulnerable driver
-Verified: 'TRUE'
 Commands:
-  Command: sc.exe create iscflashx64.sys binPath=C:\windows\temp\iscflashx64.sys type=kernel
-    && sc.exe start iscflashx64.sys
-  Description: CVE-2021-33834
-  Usecase: firmware erasing/modification
-  Privileges: kernel
-  OperatingSystem: Windows 11
+    Command: sc.exe create iscflashx64.sys binPath=C:\windows\temp\iscflashx64.sys
+        type=kernel && sc.exe start iscflashx64.sys
+    Description: CVE-2021-33834
+    Usecase: firmware erasing/modification
+    Privileges: kernel
+    OperatingSystem: Windows 11
 Resources:
 - ''
-Acknowledgement:
-  Person: ''
-  Handle: ''
 Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Person: ''
+    Handle: ''
 KnownVulnerableSamples:
-- Filename: ''
-  MD5: 1f8a9619ab644728ce4cf86f3ad879ea
-  SHA1: 46be4e6cd8117ac13531bff30edcf564f39bcc52
-  SHA256: ce0a4430d090ba2f1b46abeaae0cb5fd176ac39a236888fa363bf6f9fd6036d9
-  Signature: ''
-  Date: ''
-  Publisher: ''
-  Company: Insyde Software
-  Description: iscflashx64.sys
-  Product: Insyde Flash Utility 64 bit Driver
-  ProductVersion: 5, 2, 1, 1
-  FileVersion: 5, 2, 1, 1
-  MachineType: AMD64
-  OriginalFilename: iscflashx64.sys
-  Imphash: 31a3c2c72c9a565dc4ba75ef26677569
-  Authentihash:
-    MD5: 89fd5d30f33a1c6c052f9561fae3c6c8
-    SHA1: cc6e7cf720925c3c3206b5089eac0521fac338d0
-    SHA256: 68105d0f74ab436d36a741095d9ac08b8316e926727d59f3fe874395b291615c
-  RichPEHeaderHash:
-    MD5: 3a58b995b412f2da523684e6020016e2
-    SHA1: 0a47041d91ef860f1ae51288847e2d5dfba241a6
-    SHA256: 820ffc66f9ac7817ebf2df3102df2a1d202e3e54ff38dedd766fd1b5b8717be6
-  Sections:
-    .text:
-      Entropy: 6.03892428401328
-      Virtual Size: '0x21c6'
-    init:
-      Entropy: 6.098854011144051
-      Virtual Size: '0x9f9'
-    page:
-      Entropy: 6.22401160507768
-      Virtual Size: '0x80e7'
-    .rdata:
-      Entropy: 4.952595204182577
-      Virtual Size: '0x970'
-    .data:
-      Entropy: 0.378703493487675
-      Virtual Size: '0x399c'
-    .pdata:
-      Entropy: 4.396910354129109
-      Virtual Size: '0x570'
-    INIT:
-      Entropy: 5.122839794345092
-      Virtual Size: '0x362'
-    .rsrc:
-      Entropy: 3.350240716548938
-      Virtual Size: '0x3c0'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2015-01-04 23:43:38'
-  InternalName: InsydeFlash
-  Copyright: Copyright (c) 2015 Insyde Software Corp. All Rights Reserved.
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - _vsnprintf
-  - IofCompleteRequest
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - MmFreeContiguousMemorySpecifyCache
-  - MmGetPhysicalAddress
-  - MmAllocateContiguousMemorySpecifyCache
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - ExFreePoolWithTag
-  - RtlCompareMemory
-  - ExAllocatePoolWithTag
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - MmMapLockedPagesSpecifyCache
-  - RtlQueryRegistryValues
-  - ZwCreateFile
-  - ZwClose
-  - ZwWriteFile
-  - RtlTimeToTimeFields
-  - ExSystemTimeToLocalTime
-  - KeBugCheckEx
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=TW, ST=Taiwan, L=Taipei, O=Insyde Software Corp., OU=Digital ID Class
-        3 , Microsoft Software Validation v2, CN=Insyde Software Corp.
-      ValidFrom: '2012-12-28 00:00:00'
-      ValidTo: '2016-01-27 23:59:59'
-      Signature: 19cf4cfe8a901a2d50614d496664fcdaaa80098ec50cec3e3f56a3d08a399d96d13046789c8281a1a9bf1054c79351f73e091664da593dcd39ec4ad7077513b01270666042cb743d4cd2387b61067384d5ed20ee0773e7e61fc1a8a750c3882c6e64ad0f8819b91c19c50708510467ee34ac845fb0a68259e90c7dbef65dcc4b75c72fde8d954ef37d53bba6f00a40e1c85deeb81531772b07232f8e8fe791eac42ab152b5e970c008f14bdec7a7e1ac114bae73ae1ba4f3a525a169f37de670a9447f65653426abb77c6a8b7f91c2d5428a63059129ba94818d3f6cceac0e0790ddb23d56f598e0a9083fc8b92a3b100c0dc1729290ba44fb1538ac4cedf926
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0355af7ef9418e476d877eecd9f9e9e2
-      Version: 3
-      TBS:
-        MD5: 768c1a47836a7536fbc50e7be60e65ff
-        SHA1: 569a77bd8a095070b13b75bc81cd0422f746daa3
-        SHA256: d5289c20d1f89ac5000b691627764379d369c68ab7d53425baa8e83f09b5b369
-        SHA384: 92eb214d60e1c7342eb7b4863dd634d364d80494b4090301e872fba4d2efbec2a799d49f0ac9590f8c61e0fb3b905af3
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 0355af7ef9418e476d877eecd9f9e9e2
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-Tags:
-- iscflashx64.sys
+-   Filename: ''
+    MD5: 1f8a9619ab644728ce4cf86f3ad879ea
+    SHA1: 46be4e6cd8117ac13531bff30edcf564f39bcc52
+    SHA256: ce0a4430d090ba2f1b46abeaae0cb5fd176ac39a236888fa363bf6f9fd6036d9
+    Signature: ''
+    Date: ''
+    Publisher: ''
+    Company: Insyde Software
+    Description: iscflashx64.sys
+    Product: Insyde Flash Utility 64 bit Driver
+    ProductVersion: 5, 2, 1, 1
+    FileVersion: 5, 2, 1, 1
+    MachineType: AMD64
+    OriginalFilename: iscflashx64.sys
+    Imphash: 31a3c2c72c9a565dc4ba75ef26677569
+    Authentihash:
+        MD5: 89fd5d30f33a1c6c052f9561fae3c6c8
+        SHA1: cc6e7cf720925c3c3206b5089eac0521fac338d0
+        SHA256: 68105d0f74ab436d36a741095d9ac08b8316e926727d59f3fe874395b291615c
+    RichPEHeaderHash:
+        MD5: 3a58b995b412f2da523684e6020016e2
+        SHA1: 0a47041d91ef860f1ae51288847e2d5dfba241a6
+        SHA256: 820ffc66f9ac7817ebf2df3102df2a1d202e3e54ff38dedd766fd1b5b8717be6
+    Sections:
+        .text:
+            Entropy: 6.03892428401328
+            Virtual Size: '0x21c6'
+        init:
+            Entropy: 6.098854011144051
+            Virtual Size: '0x9f9'
+        page:
+            Entropy: 6.22401160507768
+            Virtual Size: '0x80e7'
+        .rdata:
+            Entropy: 4.952595204182577
+            Virtual Size: '0x970'
+        .data:
+            Entropy: 0.378703493487675
+            Virtual Size: '0x399c'
+        .pdata:
+            Entropy: 4.396910354129109
+            Virtual Size: '0x570'
+        INIT:
+            Entropy: 5.122839794345092
+            Virtual Size: '0x362'
+        .rsrc:
+            Entropy: 3.350240716548938
+            Virtual Size: '0x3c0'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2015-01-04 23:43:38'
+    InternalName: InsydeFlash
+    Copyright: Copyright (c) 2015 Insyde Software Corp. All Rights Reserved.
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - _vsnprintf
+    - IofCompleteRequest
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - MmFreeContiguousMemorySpecifyCache
+    - MmGetPhysicalAddress
+    - MmAllocateContiguousMemorySpecifyCache
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - ExFreePoolWithTag
+    - RtlCompareMemory
+    - ExAllocatePoolWithTag
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - MmMapLockedPagesSpecifyCache
+    - RtlQueryRegistryValues
+    - ZwCreateFile
+    - ZwClose
+    - ZwWriteFile
+    - RtlTimeToTimeFields
+    - ExSystemTimeToLocalTime
+    - KeBugCheckEx
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=TW, ST=Taiwan, L=Taipei, O=Insyde Software Corp., OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, CN=Insyde Software
+                Corp.
+            ValidFrom: '2012-12-28 00:00:00'
+            ValidTo: '2016-01-27 23:59:59'
+            Signature: 19cf4cfe8a901a2d50614d496664fcdaaa80098ec50cec3e3f56a3d08a399d96d13046789c8281a1a9bf1054c79351f73e091664da593dcd39ec4ad7077513b01270666042cb743d4cd2387b61067384d5ed20ee0773e7e61fc1a8a750c3882c6e64ad0f8819b91c19c50708510467ee34ac845fb0a68259e90c7dbef65dcc4b75c72fde8d954ef37d53bba6f00a40e1c85deeb81531772b07232f8e8fe791eac42ab152b5e970c008f14bdec7a7e1ac114bae73ae1ba4f3a525a169f37de670a9447f65653426abb77c6a8b7f91c2d5428a63059129ba94818d3f6cceac0e0790ddb23d56f598e0a9083fc8b92a3b100c0dc1729290ba44fb1538ac4cedf926
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0355af7ef9418e476d877eecd9f9e9e2
+            Version: 3
+            TBS:
+                MD5: 768c1a47836a7536fbc50e7be60e65ff
+                SHA1: 569a77bd8a095070b13b75bc81cd0422f746daa3
+                SHA256: d5289c20d1f89ac5000b691627764379d369c68ab7d53425baa8e83f09b5b369
+                SHA384: 92eb214d60e1c7342eb7b4863dd634d364d80494b4090301e872fba4d2efbec2a799d49f0ac9590f8c61e0fb3b905af3
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 0355af7ef9418e476d877eecd9f9e9e2
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/97fa88f6-3819-4d56-a82c-52a492a9e2b5.yaml b/yaml/97fa88f6-3819-4d56-a82c-52a492a9e2b5.yaml
index 50e73ef53..4a61085a3 100644
--- a/yaml/97fa88f6-3819-4d56-a82c-52a492a9e2b5.yaml
+++ b/yaml/97fa88f6-3819-4d56-a82c-52a492a9e2b5.yaml
@@ -1,652 +1,654 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 97fa88f6-3819-4d56-a82c-52a492a9e2b5
+Tags:
+- inpout32.sys
+Verified: 'TRUE'
 Author: Michael Haag
+Created: '2023-07-22'
+MitreID: T1068
 CVE:
 - ''
 Category: vulnerable drivers
 Commands:
-  Command: ''
-  Description: Confirmed vulnerable driver from Microsoft Block List
-  OperatingSystem: Windows
-  Privileges: kernel
-  Usecase: Elevate privileges
-Created: '2023-07-22'
-Detection:
-- type: ''
-  value: ''
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: 97fa88f6-3819-4d56-a82c-52a492a9e2b5
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 47d24f345c0fe7c419b415206861c673
-    SHA1: cf14350816192ca4824a32237dfcffc641b4e979
-    SHA256: 4530235508b99dffe4e912cc9cac7bdc237e79f5a331f601c43ba909d7a3af4a
-  Company: Highresolution Enterprises [www.highrez.co.uk]
-  Copyright: Copyright (c) 2008 Highresolution Enterprises. Portions Copyright (c)
-    Logix4u
-  CreationTimestamp: '2008-10-17 17:02:20'
-  Date: ''
-  Description: Kernel level port access driver
-  ExportedFunctions: ''
-  FileVersion: '1.2 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - ZwUnmapViewOfSection
-  - IoCreateSymbolicLink
-  - ZwOpenSection
-  - KeTickCount
-  - KeBugCheckEx
-  - ObReferenceObjectByHandle
-  - ZwMapViewOfSection
-  - ZwClose
-  - RtlInitUnicodeString
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - IoCreateDevice
-  - IofCompleteRequest
-  - READ_PORT_USHORT
-  - WRITE_PORT_UCHAR
-  - READ_PORT_UCHAR
-  - READ_PORT_ULONG
-  - WRITE_PORT_ULONG
-  - HalTranslateBusAddress
-  - WRITE_PORT_USHORT
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: inpout32.sys
-  MD5: f08ebaf4493e99f4f095a4f7696287d4
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: inpout32.sys
-  PDBPath: ''
-  Product: inpout32 Driver Version 1.2
-  ProductVersion: '1.2'
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 019e4fa7c3cc2f6c5e56a5b400bf7a7a
-    SHA1: 230e18dd1f7367d833ff423e154133eab74497e9
-    SHA256: f0cd8d047ca6cf1123cb583676244f069b3eba403eff269850b660d79c5a5855
-  SHA1: b85078ef651f74919bf971cbdd87bcdc498dbee5
-  SHA256: cfab93885e5129a86d13fd380d010cc8c204429973b776ab1b472d84a767930f
-  Sections:
-    .text:
-      Entropy: 6.095861469171585
-      Virtual Size: '0x55a'
-    .rdata:
-      Entropy: 4.693087492764082
-      Virtual Size: '0xdc'
-    .data:
-      Entropy: 2.5
-      Virtual Size: '0x8'
-    INIT:
-      Entropy: 5.344132714289563
-      Virtual Size: '0x288'
-    .rsrc:
-      Entropy: 3.349101665082088
-      Virtual Size: '0x438'
-    .reloc:
-      Entropy: 3.8739764667009666
-      Virtual Size: '0x8c'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=GB, ST=London, L=London, O=Red Fox UK Limited, OU=Digital ID Class
-        3 , Microsoft Software Validation v2, OU=Development, CN=Red Fox UK Limited
-      ValidFrom: '2008-10-09 00:00:00'
-      ValidTo: '2009-10-09 23:59:59'
-      Signature: bd4734f0a0a645fcf8cd628a4f2753ec55afe90ba7866f0643a1258c751d29e4e9ba97907778c9628bae1540f78f459a7b8a8e5dc233f214ef0763f1d45625f34fc6cf4a91ce42a8e5bf46e368145d6853a384b40f1f1c6f8a26b91c43214d7b3027141e149bfa308f500c5ad2e9c252d9fb298abd6b7bc79ed8a4458588ec67fbaa20d5dec8dcc29576ad8206b73dc75963d6f8bb48eeb825f6eecdc785b16cafb933bf4de8f0b7d608fc3d68cf7f65b672c58fd7a40928917c42488aea98b0939a03d52a86edd8ea6419b52e2e9682e3682b6dcaaefa7c01f2db8f1ef8863b064cab07faf45b8a47f72e6b45785baee08886f7d0a965ed3368565be63321d9
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 620cbcba5648e27b80aef5226ee67fce
-      Version: 3
-      TBS:
-        MD5: 829bad243d9bc5a00c1e79d729074543
-        SHA1: d3c7c1b9a74057a2ca88fc8c08ea615c2443e474
-        SHA256: 5e426e3820c03eebe44dc5b2e21dc0c0a58b3e810396f571b5aa6d358012fb2b
-        SHA384: 9cccb08402fd8db1f2dfd8649ff887b75723b2e45bf2650490f683e75bb4e1246c899f6aa7d1a4dded666270eb2a9699
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 620cbcba5648e27b80aef5226ee67fce
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  Imphash: d612d61779252088a1f49b157237cecd
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 52dfeb18cfe3ae58c1d32fda1451a9b5
-    SHA1: a4dce60eadcc112bdaa9562a92ede168d981bdd7
-    SHA256: e288439705d9be2c1f74cf8a44c3853ac3708e52c592b23398877006fadf6ccc
-  Company: Highresolution Enterprises [www.highrez.co.uk]
-  Copyright: Copyright (c) 2008 Highresolution Enterprises. Portions Copyright (c)
-    Logix4u
-  CreationTimestamp: '2016-01-27 06:33:10'
-  Date: ''
-  Description: Kernel level port access driver
-  ExportedFunctions: ''
-  FileVersion: '1.2 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - ZwUnmapViewOfSection
-  - memcpy
-  - IoCreateSymbolicLink
-  - ZwOpenSection
-  - KeTickCount
-  - KeBugCheckEx
-  - ObReferenceObjectByHandle
-  - ZwMapViewOfSection
-  - ZwClose
-  - RtlInitUnicodeString
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - IoCreateDevice
-  - IofCompleteRequest
-  - READ_PORT_USHORT
-  - WRITE_PORT_UCHAR
-  - READ_PORT_UCHAR
-  - READ_PORT_ULONG
-  - WRITE_PORT_ULONG
-  - HalTranslateBusAddress
-  - WRITE_PORT_USHORT
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: inpout32.sys
-  MD5: 892ba05649cfdc690bb66325c85d9c5c
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: inpout32.sys
-  PDBPath: ''
-  Product: inpout32 Driver Version 1.2
-  ProductVersion: '1.2'
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 82b51be4db1ebb8f0503b9d1d4d80eab
-    SHA1: f2685b529f56fa725fe6820cb6f1a9520b332a1a
-    SHA256: 8f2cf5a4a26e0cafb74c91dbb06c0efcfd12ceb5d95d3825848f335e6ff4db72
-  SHA1: 062cec364b033d343c46ee64282b632687229790
-  SHA256: b8ded5e10dfc997482ba4377c60e7902e6f755674be51b0e181ae465529fb2f2
-  Sections:
-    .text:
-      Entropy: 6.104195195474332
-      Virtual Size: '0x524'
-    .rdata:
-      Entropy: 4.809377553728081
-      Virtual Size: '0xeb'
-    .data:
-      Entropy: 3.0
-      Virtual Size: '0x8'
-    INIT:
-      Entropy: 5.382949218313684
-      Virtual Size: '0x29a'
-    .rsrc:
-      Entropy: 3.349101665082088
-      Virtual Size: '0x438'
-    .reloc:
-      Entropy: 3.9163455609991296
-      Virtual Size: '0x8e'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=TW, ST=Taiwan, L=Taoyuan, O=RISINTECH INC., CN=RISINTECH INC.
-      ValidFrom: '2014-08-18 00:00:00'
-      ValidTo: '2016-09-16 23:59:59'
-      Signature: 6a61ffd5f53a7447d463fc322233c8e9acc481ddd0b6572729c3e6968ecd5a27f5eddc35572c842f2cba648295c49480e90fe888b910491b25a35a70f477a011ec32434e21a3b4b7c6a430d0ef5d701fc1c6e3e7e40ba18eb6c4daeb54fc93fb074c79f09fc363e70ea74e0f6be6473af423c1d1e38ae26367fbc9fa4d3cefcc8edb1b83fa230e2a41c90236315486abbdd2b9ca62d59e3669444d4ad6ce3fd68a430d7a70544720c880d31e59a12fd66352cd15fa30808db554c407423c92ea6a20e7bb75a01b3f4691df49da583f679126c60b4bb154296ff09fefe146b907c4f7fe4ecca86944ad3acf06638fcc029c443ab009878fb6129776e0694e78bd
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 08aa09e04443e946331fd1cfe085f12d
-      Version: 3
-      TBS:
-        MD5: c28667139d7b72ed16209f3b8c47a0a2
-        SHA1: 40a51c3a559434b7f40a5da53934df63dcba6013
-        SHA256: f1cba92d3ac93328befa314f2d38eabdf6a1baabdf90d8858149de6a0b87f108
-        SHA384: 0beac0fd90c8f01bc7b43823e884cc60e440c999ac30d1f23379cc2821902a00bb1c86b3491ec231ab1e64f798d8b35b
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 08aa09e04443e946331fd1cfe085f12d
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: b04821c5dd5dd8ebda962bff9f7eb928
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: a311f09079bd606da0a0070785014609
-    SHA1: e7b4946a35adcd07e8e0bdc61058b1611063ca74
-    SHA256: fb2e8e98a58329e86a1ee310fe9dfce7056f4a0ede380eee8768c51b5870c433
-  Company: Highresolution Enterprises [www.highrez.co.uk]
-  Copyright: Copyright (c) 2008 Highresolution Enterprises. Portions Copyright (c)
-    Logix4u
-  CreationTimestamp: '2016-01-27 06:33:35'
-  Date: ''
-  Description: Kernel level port access driver
-  ExportedFunctions: ''
-  FileVersion: '1.2 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - ZwUnmapViewOfSection
-  - memcpy
-  - IoCreateSymbolicLink
-  - ZwOpenSection
-  - KeTickCount
-  - KeBugCheckEx
-  - ObReferenceObjectByHandle
-  - ZwMapViewOfSection
-  - ZwClose
-  - RtlInitUnicodeString
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - IoCreateDevice
-  - IofCompleteRequest
-  - READ_PORT_USHORT
-  - WRITE_PORT_UCHAR
-  - READ_PORT_UCHAR
-  - READ_PORT_ULONG
-  - WRITE_PORT_ULONG
-  - HalTranslateBusAddress
-  - WRITE_PORT_USHORT
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: inpout32.sys
-  MD5: 381144bb812e0244ea8923814fda2949
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: inpout32.sys
-  PDBPath: ''
-  Product: inpout32 Driver Version 1.2
-  ProductVersion: '1.2'
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 1fb7c30d5f5765a9cee30930550c813b
-    SHA1: 4470c9c5144a2b9a2d7b595847a9187cef8d61b8
-    SHA256: 49c82aa01e4575c23f747e1b49f5eebc005f909b01bb2694bf2f5160a40d7dd5
-  SHA1: b500e9753f4788dea109256b39fe5bfab92b850e
-  SHA256: 945ee05244316ff2f877718cf0625d4eb34e6ec472f403f958f2a700f9092507
-  Sections:
-    .text:
-      Entropy: 6.08390623458455
-      Virtual Size: '0x524'
-    .rdata:
-      Entropy: 4.829933713190829
-      Virtual Size: '0xec'
-    .data:
-      Entropy: 3.0
-      Virtual Size: '0x8'
-    INIT:
-      Entropy: 5.350403815743012
-      Virtual Size: '0x29a'
-    .rsrc:
-      Entropy: 3.346096931287795
-      Virtual Size: '0x438'
-    .reloc:
-      Entropy: 3.387694613865666
-      Virtual Size: '0xac'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=TW, ST=Taiwan, L=Taoyuan, O=RISINTECH INC., CN=RISINTECH INC.
-      ValidFrom: '2014-08-18 00:00:00'
-      ValidTo: '2016-09-16 23:59:59'
-      Signature: 6a61ffd5f53a7447d463fc322233c8e9acc481ddd0b6572729c3e6968ecd5a27f5eddc35572c842f2cba648295c49480e90fe888b910491b25a35a70f477a011ec32434e21a3b4b7c6a430d0ef5d701fc1c6e3e7e40ba18eb6c4daeb54fc93fb074c79f09fc363e70ea74e0f6be6473af423c1d1e38ae26367fbc9fa4d3cefcc8edb1b83fa230e2a41c90236315486abbdd2b9ca62d59e3669444d4ad6ce3fd68a430d7a70544720c880d31e59a12fd66352cd15fa30808db554c407423c92ea6a20e7bb75a01b3f4691df49da583f679126c60b4bb154296ff09fefe146b907c4f7fe4ecca86944ad3acf06638fcc029c443ab009878fb6129776e0694e78bd
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 08aa09e04443e946331fd1cfe085f12d
-      Version: 3
-      TBS:
-        MD5: c28667139d7b72ed16209f3b8c47a0a2
-        SHA1: 40a51c3a559434b7f40a5da53934df63dcba6013
-        SHA256: f1cba92d3ac93328befa314f2d38eabdf6a1baabdf90d8858149de6a0b87f108
-        SHA384: 0beac0fd90c8f01bc7b43823e884cc60e440c999ac30d1f23379cc2821902a00bb1c86b3491ec231ab1e64f798d8b35b
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 08aa09e04443e946331fd1cfe085f12d
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: b04821c5dd5dd8ebda962bff9f7eb928
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: a311f09079bd606da0a0070785014609
-    SHA1: e7b4946a35adcd07e8e0bdc61058b1611063ca74
-    SHA256: fb2e8e98a58329e86a1ee310fe9dfce7056f4a0ede380eee8768c51b5870c433
-  Company: Highresolution Enterprises [www.highrez.co.uk]
-  Copyright: Copyright (c) 2008 Highresolution Enterprises. Portions Copyright (c)
-    Logix4u
-  CreationTimestamp: '2016-01-27 06:33:35'
-  Date: ''
-  Description: Kernel level port access driver
-  ExportedFunctions: ''
-  FileVersion: '1.2 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - ZwUnmapViewOfSection
-  - memcpy
-  - IoCreateSymbolicLink
-  - ZwOpenSection
-  - KeTickCount
-  - KeBugCheckEx
-  - ObReferenceObjectByHandle
-  - ZwMapViewOfSection
-  - ZwClose
-  - RtlInitUnicodeString
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - IoCreateDevice
-  - IofCompleteRequest
-  - READ_PORT_USHORT
-  - WRITE_PORT_UCHAR
-  - READ_PORT_UCHAR
-  - READ_PORT_ULONG
-  - WRITE_PORT_ULONG
-  - HalTranslateBusAddress
-  - WRITE_PORT_USHORT
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: inpout32.sys
-  MD5: d045c3499d42c257be2163b3f1f785fa
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: inpout32.sys
-  PDBPath: ''
-  Product: inpout32 Driver Version 1.2
-  ProductVersion: '1.2'
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 1fb7c30d5f5765a9cee30930550c813b
-    SHA1: 4470c9c5144a2b9a2d7b595847a9187cef8d61b8
-    SHA256: 49c82aa01e4575c23f747e1b49f5eebc005f909b01bb2694bf2f5160a40d7dd5
-  SHA1: b68e54bf68f1aae7d2c6ac790c0331b4f87019f7
-  SHA256: 7db320e49139f636c8b6d12b6c78b666a62599e9d59587ba87c6b89b0a34b18d
-  Sections:
-    .text:
-      Entropy: 6.08390623458455
-      Virtual Size: '0x524'
-    .rdata:
-      Entropy: 4.829933713190829
-      Virtual Size: '0xec'
-    .data:
-      Entropy: 3.0
-      Virtual Size: '0x8'
-    INIT:
-      Entropy: 5.350403815743012
-      Virtual Size: '0x29a'
-    .rsrc:
-      Entropy: 3.346096931287795
-      Virtual Size: '0x438'
-    .reloc:
-      Entropy: 3.387694613865666
-      Virtual Size: '0xac'
-  Signature: ''
-  Signatures: {}
-  Imphash: b04821c5dd5dd8ebda962bff9f7eb928
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 52dfeb18cfe3ae58c1d32fda1451a9b5
-    SHA1: a4dce60eadcc112bdaa9562a92ede168d981bdd7
-    SHA256: e288439705d9be2c1f74cf8a44c3853ac3708e52c592b23398877006fadf6ccc
-  Company: Highresolution Enterprises [www.highrez.co.uk]
-  Copyright: Copyright (c) 2008 Highresolution Enterprises. Portions Copyright (c)
-    Logix4u
-  CreationTimestamp: '2016-01-27 06:33:10'
-  Date: ''
-  Description: Kernel level port access driver
-  ExportedFunctions: ''
-  FileVersion: '1.2 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - ZwUnmapViewOfSection
-  - memcpy
-  - IoCreateSymbolicLink
-  - ZwOpenSection
-  - KeTickCount
-  - KeBugCheckEx
-  - ObReferenceObjectByHandle
-  - ZwMapViewOfSection
-  - ZwClose
-  - RtlInitUnicodeString
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - IoCreateDevice
-  - IofCompleteRequest
-  - READ_PORT_USHORT
-  - WRITE_PORT_UCHAR
-  - READ_PORT_UCHAR
-  - READ_PORT_ULONG
-  - WRITE_PORT_ULONG
-  - HalTranslateBusAddress
-  - WRITE_PORT_USHORT
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: inpout32.sys
-  MD5: b2aba4fa678c272ece36f928e5b81dd9
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: inpout32.sys
-  PDBPath: ''
-  Product: inpout32 Driver Version 1.2
-  ProductVersion: '1.2'
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 82b51be4db1ebb8f0503b9d1d4d80eab
-    SHA1: f2685b529f56fa725fe6820cb6f1a9520b332a1a
-    SHA256: 8f2cf5a4a26e0cafb74c91dbb06c0efcfd12ceb5d95d3825848f335e6ff4db72
-  SHA1: dd0eb190ea088a869c378e495ffc9bf22c6bcbfb
-  SHA256: 16360ead229b13deb47bc2bef40f282474c9f18c213c636cdfb8cc2495168251
-  Sections:
-    .text:
-      Entropy: 6.104195195474332
-      Virtual Size: '0x524'
-    .rdata:
-      Entropy: 4.809377553728081
-      Virtual Size: '0xeb'
-    .data:
-      Entropy: 3.0
-      Virtual Size: '0x8'
-    INIT:
-      Entropy: 5.382949218313684
-      Virtual Size: '0x29a'
-    .rsrc:
-      Entropy: 3.349101665082088
-      Virtual Size: '0x438'
-    .reloc:
-      Entropy: 3.9163455609991296
-      Virtual Size: '0x8e'
-  Signature: ''
-  Signatures: {}
-  Imphash: b04821c5dd5dd8ebda962bff9f7eb928
-  LoadsDespiteHVCI: 'FALSE'
-MitreID: T1068
+    Command: ''
+    Description: Confirmed vulnerable driver from Microsoft Block List
+    OperatingSystem: Windows
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://gist.github.com/mgraeber-rc/1bde6a2a83237f17b463d051d32e802c
-Tags:
-- inpout32.sys
-Verified: 'TRUE'
+Detection:
+-   type: ''
+    value: ''
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 47d24f345c0fe7c419b415206861c673
+        SHA1: cf14350816192ca4824a32237dfcffc641b4e979
+        SHA256: 4530235508b99dffe4e912cc9cac7bdc237e79f5a331f601c43ba909d7a3af4a
+    Company: Highresolution Enterprises [www.highrez.co.uk]
+    Copyright: Copyright (c) 2008 Highresolution Enterprises. Portions Copyright (c)
+        Logix4u
+    CreationTimestamp: '2008-10-17 17:02:20'
+    Date: ''
+    Description: Kernel level port access driver
+    ExportedFunctions: ''
+    FileVersion: '1.2 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - ZwUnmapViewOfSection
+    - IoCreateSymbolicLink
+    - ZwOpenSection
+    - KeTickCount
+    - KeBugCheckEx
+    - ObReferenceObjectByHandle
+    - ZwMapViewOfSection
+    - ZwClose
+    - RtlInitUnicodeString
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - IoCreateDevice
+    - IofCompleteRequest
+    - READ_PORT_USHORT
+    - WRITE_PORT_UCHAR
+    - READ_PORT_UCHAR
+    - READ_PORT_ULONG
+    - WRITE_PORT_ULONG
+    - HalTranslateBusAddress
+    - WRITE_PORT_USHORT
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: inpout32.sys
+    MD5: f08ebaf4493e99f4f095a4f7696287d4
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: inpout32.sys
+    PDBPath: ''
+    Product: inpout32 Driver Version 1.2
+    ProductVersion: '1.2'
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 019e4fa7c3cc2f6c5e56a5b400bf7a7a
+        SHA1: 230e18dd1f7367d833ff423e154133eab74497e9
+        SHA256: f0cd8d047ca6cf1123cb583676244f069b3eba403eff269850b660d79c5a5855
+    SHA1: b85078ef651f74919bf971cbdd87bcdc498dbee5
+    SHA256: cfab93885e5129a86d13fd380d010cc8c204429973b776ab1b472d84a767930f
+    Sections:
+        .text:
+            Entropy: 6.095861469171585
+            Virtual Size: '0x55a'
+        .rdata:
+            Entropy: 4.693087492764082
+            Virtual Size: '0xdc'
+        .data:
+            Entropy: 2.5
+            Virtual Size: '0x8'
+        INIT:
+            Entropy: 5.344132714289563
+            Virtual Size: '0x288'
+        .rsrc:
+            Entropy: 3.349101665082088
+            Virtual Size: '0x438'
+        .reloc:
+            Entropy: 3.8739764667009666
+            Virtual Size: '0x8c'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=GB, ST=London, L=London, O=Red Fox UK Limited, OU=Digital ID
+                Class 3 , Microsoft Software Validation v2, OU=Development, CN=Red
+                Fox UK Limited
+            ValidFrom: '2008-10-09 00:00:00'
+            ValidTo: '2009-10-09 23:59:59'
+            Signature: bd4734f0a0a645fcf8cd628a4f2753ec55afe90ba7866f0643a1258c751d29e4e9ba97907778c9628bae1540f78f459a7b8a8e5dc233f214ef0763f1d45625f34fc6cf4a91ce42a8e5bf46e368145d6853a384b40f1f1c6f8a26b91c43214d7b3027141e149bfa308f500c5ad2e9c252d9fb298abd6b7bc79ed8a4458588ec67fbaa20d5dec8dcc29576ad8206b73dc75963d6f8bb48eeb825f6eecdc785b16cafb933bf4de8f0b7d608fc3d68cf7f65b672c58fd7a40928917c42488aea98b0939a03d52a86edd8ea6419b52e2e9682e3682b6dcaaefa7c01f2db8f1ef8863b064cab07faf45b8a47f72e6b45785baee08886f7d0a965ed3368565be63321d9
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 620cbcba5648e27b80aef5226ee67fce
+            Version: 3
+            TBS:
+                MD5: 829bad243d9bc5a00c1e79d729074543
+                SHA1: d3c7c1b9a74057a2ca88fc8c08ea615c2443e474
+                SHA256: 5e426e3820c03eebe44dc5b2e21dc0c0a58b3e810396f571b5aa6d358012fb2b
+                SHA384: 9cccb08402fd8db1f2dfd8649ff887b75723b2e45bf2650490f683e75bb4e1246c899f6aa7d1a4dded666270eb2a9699
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 620cbcba5648e27b80aef5226ee67fce
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    Imphash: d612d61779252088a1f49b157237cecd
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 52dfeb18cfe3ae58c1d32fda1451a9b5
+        SHA1: a4dce60eadcc112bdaa9562a92ede168d981bdd7
+        SHA256: e288439705d9be2c1f74cf8a44c3853ac3708e52c592b23398877006fadf6ccc
+    Company: Highresolution Enterprises [www.highrez.co.uk]
+    Copyright: Copyright (c) 2008 Highresolution Enterprises. Portions Copyright (c)
+        Logix4u
+    CreationTimestamp: '2016-01-27 06:33:10'
+    Date: ''
+    Description: Kernel level port access driver
+    ExportedFunctions: ''
+    FileVersion: '1.2 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - ZwUnmapViewOfSection
+    - memcpy
+    - IoCreateSymbolicLink
+    - ZwOpenSection
+    - KeTickCount
+    - KeBugCheckEx
+    - ObReferenceObjectByHandle
+    - ZwMapViewOfSection
+    - ZwClose
+    - RtlInitUnicodeString
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - IoCreateDevice
+    - IofCompleteRequest
+    - READ_PORT_USHORT
+    - WRITE_PORT_UCHAR
+    - READ_PORT_UCHAR
+    - READ_PORT_ULONG
+    - WRITE_PORT_ULONG
+    - HalTranslateBusAddress
+    - WRITE_PORT_USHORT
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: inpout32.sys
+    MD5: 892ba05649cfdc690bb66325c85d9c5c
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: inpout32.sys
+    PDBPath: ''
+    Product: inpout32 Driver Version 1.2
+    ProductVersion: '1.2'
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 82b51be4db1ebb8f0503b9d1d4d80eab
+        SHA1: f2685b529f56fa725fe6820cb6f1a9520b332a1a
+        SHA256: 8f2cf5a4a26e0cafb74c91dbb06c0efcfd12ceb5d95d3825848f335e6ff4db72
+    SHA1: 062cec364b033d343c46ee64282b632687229790
+    SHA256: b8ded5e10dfc997482ba4377c60e7902e6f755674be51b0e181ae465529fb2f2
+    Sections:
+        .text:
+            Entropy: 6.104195195474332
+            Virtual Size: '0x524'
+        .rdata:
+            Entropy: 4.809377553728081
+            Virtual Size: '0xeb'
+        .data:
+            Entropy: 3.0
+            Virtual Size: '0x8'
+        INIT:
+            Entropy: 5.382949218313684
+            Virtual Size: '0x29a'
+        .rsrc:
+            Entropy: 3.349101665082088
+            Virtual Size: '0x438'
+        .reloc:
+            Entropy: 3.9163455609991296
+            Virtual Size: '0x8e'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=TW, ST=Taiwan, L=Taoyuan, O=RISINTECH INC., CN=RISINTECH INC.
+            ValidFrom: '2014-08-18 00:00:00'
+            ValidTo: '2016-09-16 23:59:59'
+            Signature: 6a61ffd5f53a7447d463fc322233c8e9acc481ddd0b6572729c3e6968ecd5a27f5eddc35572c842f2cba648295c49480e90fe888b910491b25a35a70f477a011ec32434e21a3b4b7c6a430d0ef5d701fc1c6e3e7e40ba18eb6c4daeb54fc93fb074c79f09fc363e70ea74e0f6be6473af423c1d1e38ae26367fbc9fa4d3cefcc8edb1b83fa230e2a41c90236315486abbdd2b9ca62d59e3669444d4ad6ce3fd68a430d7a70544720c880d31e59a12fd66352cd15fa30808db554c407423c92ea6a20e7bb75a01b3f4691df49da583f679126c60b4bb154296ff09fefe146b907c4f7fe4ecca86944ad3acf06638fcc029c443ab009878fb6129776e0694e78bd
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 08aa09e04443e946331fd1cfe085f12d
+            Version: 3
+            TBS:
+                MD5: c28667139d7b72ed16209f3b8c47a0a2
+                SHA1: 40a51c3a559434b7f40a5da53934df63dcba6013
+                SHA256: f1cba92d3ac93328befa314f2d38eabdf6a1baabdf90d8858149de6a0b87f108
+                SHA384: 0beac0fd90c8f01bc7b43823e884cc60e440c999ac30d1f23379cc2821902a00bb1c86b3491ec231ab1e64f798d8b35b
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 08aa09e04443e946331fd1cfe085f12d
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: b04821c5dd5dd8ebda962bff9f7eb928
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: a311f09079bd606da0a0070785014609
+        SHA1: e7b4946a35adcd07e8e0bdc61058b1611063ca74
+        SHA256: fb2e8e98a58329e86a1ee310fe9dfce7056f4a0ede380eee8768c51b5870c433
+    Company: Highresolution Enterprises [www.highrez.co.uk]
+    Copyright: Copyright (c) 2008 Highresolution Enterprises. Portions Copyright (c)
+        Logix4u
+    CreationTimestamp: '2016-01-27 06:33:35'
+    Date: ''
+    Description: Kernel level port access driver
+    ExportedFunctions: ''
+    FileVersion: '1.2 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - ZwUnmapViewOfSection
+    - memcpy
+    - IoCreateSymbolicLink
+    - ZwOpenSection
+    - KeTickCount
+    - KeBugCheckEx
+    - ObReferenceObjectByHandle
+    - ZwMapViewOfSection
+    - ZwClose
+    - RtlInitUnicodeString
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - IoCreateDevice
+    - IofCompleteRequest
+    - READ_PORT_USHORT
+    - WRITE_PORT_UCHAR
+    - READ_PORT_UCHAR
+    - READ_PORT_ULONG
+    - WRITE_PORT_ULONG
+    - HalTranslateBusAddress
+    - WRITE_PORT_USHORT
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: inpout32.sys
+    MD5: 381144bb812e0244ea8923814fda2949
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: inpout32.sys
+    PDBPath: ''
+    Product: inpout32 Driver Version 1.2
+    ProductVersion: '1.2'
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 1fb7c30d5f5765a9cee30930550c813b
+        SHA1: 4470c9c5144a2b9a2d7b595847a9187cef8d61b8
+        SHA256: 49c82aa01e4575c23f747e1b49f5eebc005f909b01bb2694bf2f5160a40d7dd5
+    SHA1: b500e9753f4788dea109256b39fe5bfab92b850e
+    SHA256: 945ee05244316ff2f877718cf0625d4eb34e6ec472f403f958f2a700f9092507
+    Sections:
+        .text:
+            Entropy: 6.08390623458455
+            Virtual Size: '0x524'
+        .rdata:
+            Entropy: 4.829933713190829
+            Virtual Size: '0xec'
+        .data:
+            Entropy: 3.0
+            Virtual Size: '0x8'
+        INIT:
+            Entropy: 5.350403815743012
+            Virtual Size: '0x29a'
+        .rsrc:
+            Entropy: 3.346096931287795
+            Virtual Size: '0x438'
+        .reloc:
+            Entropy: 3.387694613865666
+            Virtual Size: '0xac'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=TW, ST=Taiwan, L=Taoyuan, O=RISINTECH INC., CN=RISINTECH INC.
+            ValidFrom: '2014-08-18 00:00:00'
+            ValidTo: '2016-09-16 23:59:59'
+            Signature: 6a61ffd5f53a7447d463fc322233c8e9acc481ddd0b6572729c3e6968ecd5a27f5eddc35572c842f2cba648295c49480e90fe888b910491b25a35a70f477a011ec32434e21a3b4b7c6a430d0ef5d701fc1c6e3e7e40ba18eb6c4daeb54fc93fb074c79f09fc363e70ea74e0f6be6473af423c1d1e38ae26367fbc9fa4d3cefcc8edb1b83fa230e2a41c90236315486abbdd2b9ca62d59e3669444d4ad6ce3fd68a430d7a70544720c880d31e59a12fd66352cd15fa30808db554c407423c92ea6a20e7bb75a01b3f4691df49da583f679126c60b4bb154296ff09fefe146b907c4f7fe4ecca86944ad3acf06638fcc029c443ab009878fb6129776e0694e78bd
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 08aa09e04443e946331fd1cfe085f12d
+            Version: 3
+            TBS:
+                MD5: c28667139d7b72ed16209f3b8c47a0a2
+                SHA1: 40a51c3a559434b7f40a5da53934df63dcba6013
+                SHA256: f1cba92d3ac93328befa314f2d38eabdf6a1baabdf90d8858149de6a0b87f108
+                SHA384: 0beac0fd90c8f01bc7b43823e884cc60e440c999ac30d1f23379cc2821902a00bb1c86b3491ec231ab1e64f798d8b35b
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 08aa09e04443e946331fd1cfe085f12d
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: b04821c5dd5dd8ebda962bff9f7eb928
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: a311f09079bd606da0a0070785014609
+        SHA1: e7b4946a35adcd07e8e0bdc61058b1611063ca74
+        SHA256: fb2e8e98a58329e86a1ee310fe9dfce7056f4a0ede380eee8768c51b5870c433
+    Company: Highresolution Enterprises [www.highrez.co.uk]
+    Copyright: Copyright (c) 2008 Highresolution Enterprises. Portions Copyright (c)
+        Logix4u
+    CreationTimestamp: '2016-01-27 06:33:35'
+    Date: ''
+    Description: Kernel level port access driver
+    ExportedFunctions: ''
+    FileVersion: '1.2 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - ZwUnmapViewOfSection
+    - memcpy
+    - IoCreateSymbolicLink
+    - ZwOpenSection
+    - KeTickCount
+    - KeBugCheckEx
+    - ObReferenceObjectByHandle
+    - ZwMapViewOfSection
+    - ZwClose
+    - RtlInitUnicodeString
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - IoCreateDevice
+    - IofCompleteRequest
+    - READ_PORT_USHORT
+    - WRITE_PORT_UCHAR
+    - READ_PORT_UCHAR
+    - READ_PORT_ULONG
+    - WRITE_PORT_ULONG
+    - HalTranslateBusAddress
+    - WRITE_PORT_USHORT
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: inpout32.sys
+    MD5: d045c3499d42c257be2163b3f1f785fa
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: inpout32.sys
+    PDBPath: ''
+    Product: inpout32 Driver Version 1.2
+    ProductVersion: '1.2'
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 1fb7c30d5f5765a9cee30930550c813b
+        SHA1: 4470c9c5144a2b9a2d7b595847a9187cef8d61b8
+        SHA256: 49c82aa01e4575c23f747e1b49f5eebc005f909b01bb2694bf2f5160a40d7dd5
+    SHA1: b68e54bf68f1aae7d2c6ac790c0331b4f87019f7
+    SHA256: 7db320e49139f636c8b6d12b6c78b666a62599e9d59587ba87c6b89b0a34b18d
+    Sections:
+        .text:
+            Entropy: 6.08390623458455
+            Virtual Size: '0x524'
+        .rdata:
+            Entropy: 4.829933713190829
+            Virtual Size: '0xec'
+        .data:
+            Entropy: 3.0
+            Virtual Size: '0x8'
+        INIT:
+            Entropy: 5.350403815743012
+            Virtual Size: '0x29a'
+        .rsrc:
+            Entropy: 3.346096931287795
+            Virtual Size: '0x438'
+        .reloc:
+            Entropy: 3.387694613865666
+            Virtual Size: '0xac'
+    Signature: ''
+    Signatures: {}
+    Imphash: b04821c5dd5dd8ebda962bff9f7eb928
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 52dfeb18cfe3ae58c1d32fda1451a9b5
+        SHA1: a4dce60eadcc112bdaa9562a92ede168d981bdd7
+        SHA256: e288439705d9be2c1f74cf8a44c3853ac3708e52c592b23398877006fadf6ccc
+    Company: Highresolution Enterprises [www.highrez.co.uk]
+    Copyright: Copyright (c) 2008 Highresolution Enterprises. Portions Copyright (c)
+        Logix4u
+    CreationTimestamp: '2016-01-27 06:33:10'
+    Date: ''
+    Description: Kernel level port access driver
+    ExportedFunctions: ''
+    FileVersion: '1.2 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - ZwUnmapViewOfSection
+    - memcpy
+    - IoCreateSymbolicLink
+    - ZwOpenSection
+    - KeTickCount
+    - KeBugCheckEx
+    - ObReferenceObjectByHandle
+    - ZwMapViewOfSection
+    - ZwClose
+    - RtlInitUnicodeString
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - IoCreateDevice
+    - IofCompleteRequest
+    - READ_PORT_USHORT
+    - WRITE_PORT_UCHAR
+    - READ_PORT_UCHAR
+    - READ_PORT_ULONG
+    - WRITE_PORT_ULONG
+    - HalTranslateBusAddress
+    - WRITE_PORT_USHORT
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: inpout32.sys
+    MD5: b2aba4fa678c272ece36f928e5b81dd9
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: inpout32.sys
+    PDBPath: ''
+    Product: inpout32 Driver Version 1.2
+    ProductVersion: '1.2'
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 82b51be4db1ebb8f0503b9d1d4d80eab
+        SHA1: f2685b529f56fa725fe6820cb6f1a9520b332a1a
+        SHA256: 8f2cf5a4a26e0cafb74c91dbb06c0efcfd12ceb5d95d3825848f335e6ff4db72
+    SHA1: dd0eb190ea088a869c378e495ffc9bf22c6bcbfb
+    SHA256: 16360ead229b13deb47bc2bef40f282474c9f18c213c636cdfb8cc2495168251
+    Sections:
+        .text:
+            Entropy: 6.104195195474332
+            Virtual Size: '0x524'
+        .rdata:
+            Entropy: 4.809377553728081
+            Virtual Size: '0xeb'
+        .data:
+            Entropy: 3.0
+            Virtual Size: '0x8'
+        INIT:
+            Entropy: 5.382949218313684
+            Virtual Size: '0x29a'
+        .rsrc:
+            Entropy: 3.349101665082088
+            Virtual Size: '0x438'
+        .reloc:
+            Entropy: 3.9163455609991296
+            Virtual Size: '0x8e'
+    Signature: ''
+    Signatures: {}
+    Imphash: b04821c5dd5dd8ebda962bff9f7eb928
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/9889da50-3908-4499-a729-187295a60a0e.yaml b/yaml/9889da50-3908-4499-a729-187295a60a0e.yaml
index 85e3137a3..c840f48d5 100644
--- a/yaml/9889da50-3908-4499-a729-187295a60a0e.yaml
+++ b/yaml/9889da50-3908-4499-a729-187295a60a0e.yaml
@@ -1,317 +1,318 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 9889da50-3908-4499-a729-187295a60a0e
+Tags:
+- asrdrv104.sys
+Verified: 'FALSE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create asrdrv104.sys binPath=C:\windows\temp\asrdrv104.sys type=kernel
-    && sc.exe start asrdrv104.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/6ed35f310c96920a271c59a097b382da07856e40179c2a4239f8daa04eef38e7.yara
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: 9889da50-3908-4499-a729-187295a60a0e
-KnownVulnerableSamples:
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: asrdrv104.sys
-  MachineType: ''
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: 6c1bb3a72ebfb5359b9e22ca44d0a1ff825a68f2
-  Signature: []
-  LoadsDespiteHVCI: 'FALSE'
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: asrdrv104.sys
-  MachineType: ''
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: e039c9dd21494dbd073b4823fc3a17fbb951ec6c
-  Signature: []
-  LoadsDespiteHVCI: 'FALSE'
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: asrdrv104.sys
-  MachineType: ''
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: 7eec3a1edf3b021883a4b5da450db63f7c0afeeb
-  Signature: []
-  LoadsDespiteHVCI: 'FALSE'
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: asrdrv104.sys
-  MachineType: ''
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: e5021a98e55d514e2376aa573d143631e5ee1c13
-  Signature: []
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 6b214126743cbf8efdfae0a4fb7d78eb
-    SHA1: efc91a1317eb086196fa1a2f94fbf96258b5ec2e
-    SHA256: 5b08d996938a0ab9a3b7a65e3049482dff819028102d41f7c5924af467b0a3e4
-  Company: ASRock Incorporation
-  Copyright: Copyright (C) 2012 ASRock Incorporation
-  CreationTimestamp: '2017-03-24 22:06:29'
-  Date: ''
-  Description: ASRock IO Driver
-  ExportedFunctions: ''
-  FileVersion: '1.00.00.0000 built by: WinDDK'
-  Filename: asrdrv104.sys
-  ImportedFunctions:
-  - memset
-  - MmGetPhysicalAddress
-  - MmAllocateContiguousMemorySpecifyCache
-  - MmFreeContiguousMemorySpecifyCache
-  - IoFreeIrp
-  - IoFreeMdl
-  - MmUnlockPages
-  - IofCallDriver
-  - IoBuildAsynchronousFsdRequest
-  - RtlQueryRegistryValues
-  - IoCreateSymbolicLink
-  - KeTickCount
-  - KeBugCheckEx
-  - RtlCompareMemory
-  - MmMapIoSpace
-  - MmUnmapIoSpace
-  - memcpy
-  - MmGetSystemRoutineAddress
-  - ZwClose
-  - ZwSetSecurityObject
-  - ObOpenObjectByPointer
-  - IoDeviceObjectType
-  - IoCreateDevice
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetSaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - _snwprintf
-  - RtlLengthSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - SeExports
-  - IoIsWdmVersionAvailable
-  - _wcsnicmp
-  - RtlAddAccessAllowedAce
-  - RtlLengthSid
-  - wcschr
-  - RtlAbsoluteToSelfRelativeSD
-  - RtlSetDaclSecurityDescriptor
-  - RtlCreateSecurityDescriptor
-  - ZwOpenKey
-  - ZwCreateKey
-  - ZwQueryValueKey
-  - ZwSetValueKey
-  - RtlFreeUnicodeString
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - RtlInitUnicodeString
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - IofCompleteRequest
-  - KeStallExecutionProcessor
-  - BCryptGenerateSymmetricKey
-  - BCryptCloseAlgorithmProvider
-  - BCryptOpenAlgorithmProvider
-  - BCryptDestroyKey
-  - BCryptDecrypt
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  - cng.sys
-  InternalName: AsrDrv.sys
-  MD5: de1cc5c266140bff9d964fab87a29421
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: AsrDrv.sys
-  Product: ASRock IO Driver
-  ProductVersion: 1.00.00.0000
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 6a040ce6cb149645c2ee94feff2864a5
-    SHA1: 50b80eb17b5728b9a40887c3b998bf565dd77920
-    SHA256: 6dba5e5edc047abf8b9eac9ca2dc7dec808e6b1656406542a8d3c150a6447940
-  SHA1: 729a8675665c61824f22f06c7b954be4d14b52c4
-  SHA256: 6ed35f310c96920a271c59a097b382da07856e40179c2a4239f8daa04eef38e7
-  Sections:
-    .text:
-      Entropy: 6.364656828511862
-      Virtual Size: '0x18a7'
-    .rdata:
-      Entropy: 3.9722804080346172
-      Virtual Size: '0x3eb'
-    .data:
-      Entropy: 2.2015449012732216
-      Virtual Size: '0x198'
-    PAGE:
-      Entropy: 6.258332879320928
-      Virtual Size: '0x13e2'
-    INIT:
-      Entropy: 5.577901310875993
-      Virtual Size: '0x7d0'
-    .rsrc:
-      Entropy: 3.288790736965791
-      Virtual Size: '0x3a0'
-    .reloc:
-      Entropy: 5.0897276785189
-      Virtual Size: '0x2b0'
-  Signature: []
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=TW, ST=TAIWAN, L=Taipei, O=ASROCK Incorporation, OU=Digital ID Class
-        3 , Microsoft Software Validation v2, CN=ASROCK Incorporation
-      ValidFrom: '2014-03-07 00:00:00'
-      ValidTo: '2017-05-05 23:59:59'
-      Signature: 1a2d36e51fc7012c4b1548f12a0b4dbef774c3662171e0e1779f412648292619a8d74f8603af4fff5516d4859e7a26de9f0f688b2714b64ff296e56165afb0781c9a9dd23220d939c15cc218fe29d63d9ccd12f74127268c027d4041d392cad853e9da0a6d9379ac46efa8fe2099da7c49374b6c416139038143a94cc56334fad15ccbba2a821a22591d2c5b1449999e40af21e4f8280485d02056d904740e5c73a36e30c43376e7dbc8d0ccb7520e4bffc6501d0c0674a684398281b23d7dcb4386721fdece5817c74509fe6cc86751cd28e255dd47de330646d6bfe863fc50c773b90078f0332c3a02539c9e82b5e793c288063f91ed5f2036eb6cd4eae9e0
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03ffdaa3aac322387d7eb98acf9524bf
-      Version: 3
-      TBS:
-        MD5: 987b0fb90b05c0b59ba66fb1527c27e3
-        SHA1: 1b5d5279beed01b2355731588b1a26da29218b55
-        SHA256: b3cd9f313e55fce2d39d25dbe303777e5db9d0c01448dcd9ac70c2355bb5b4ea
-        SHA384: 4bb9546cdd73e2bff4224e021b54318e708c822a1a773a9e7246a46054aba1dd14c1651e8f01f5661b4ff4a3241c32ff
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 03ffdaa3aac322387d7eb98acf9524bf
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 7c8c655791b5c853e45aa174e5cc1333
-  LoadsDespiteHVCI: 'FALSE'
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: asrdrv104.sys
-  MachineType: ''
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: 2b4d0dead4c1a7cc95543748b3565cfa802e5256
-  Signature: []
-  LoadsDespiteHVCI: 'FALSE'
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: asrdrv104.sys
-  MachineType: ''
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: 4a7d66874a0472a47087fabaa033a85d47413379
-  Signature: []
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create asrdrv104.sys binPath=C:\windows\temp\asrdrv104.sys type=kernel
+        && sc.exe start asrdrv104.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules
-Tags:
-- asrdrv104.sys
-Verified: 'FALSE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/6ed35f310c96920a271c59a097b382da07856e40179c2a4239f8daa04eef38e7.yara
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: asrdrv104.sys
+    MachineType: ''
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: 6c1bb3a72ebfb5359b9e22ca44d0a1ff825a68f2
+    Signature: []
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: asrdrv104.sys
+    MachineType: ''
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: e039c9dd21494dbd073b4823fc3a17fbb951ec6c
+    Signature: []
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: asrdrv104.sys
+    MachineType: ''
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: 7eec3a1edf3b021883a4b5da450db63f7c0afeeb
+    Signature: []
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: asrdrv104.sys
+    MachineType: ''
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: e5021a98e55d514e2376aa573d143631e5ee1c13
+    Signature: []
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 6b214126743cbf8efdfae0a4fb7d78eb
+        SHA1: efc91a1317eb086196fa1a2f94fbf96258b5ec2e
+        SHA256: 5b08d996938a0ab9a3b7a65e3049482dff819028102d41f7c5924af467b0a3e4
+    Company: ASRock Incorporation
+    Copyright: Copyright (C) 2012 ASRock Incorporation
+    CreationTimestamp: '2017-03-24 22:06:29'
+    Date: ''
+    Description: ASRock IO Driver
+    ExportedFunctions: ''
+    FileVersion: '1.00.00.0000 built by: WinDDK'
+    Filename: asrdrv104.sys
+    ImportedFunctions:
+    - memset
+    - MmGetPhysicalAddress
+    - MmAllocateContiguousMemorySpecifyCache
+    - MmFreeContiguousMemorySpecifyCache
+    - IoFreeIrp
+    - IoFreeMdl
+    - MmUnlockPages
+    - IofCallDriver
+    - IoBuildAsynchronousFsdRequest
+    - RtlQueryRegistryValues
+    - IoCreateSymbolicLink
+    - KeTickCount
+    - KeBugCheckEx
+    - RtlCompareMemory
+    - MmMapIoSpace
+    - MmUnmapIoSpace
+    - memcpy
+    - MmGetSystemRoutineAddress
+    - ZwClose
+    - ZwSetSecurityObject
+    - ObOpenObjectByPointer
+    - IoDeviceObjectType
+    - IoCreateDevice
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetSaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - _snwprintf
+    - RtlLengthSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - SeExports
+    - IoIsWdmVersionAvailable
+    - _wcsnicmp
+    - RtlAddAccessAllowedAce
+    - RtlLengthSid
+    - wcschr
+    - RtlAbsoluteToSelfRelativeSD
+    - RtlSetDaclSecurityDescriptor
+    - RtlCreateSecurityDescriptor
+    - ZwOpenKey
+    - ZwCreateKey
+    - ZwQueryValueKey
+    - ZwSetValueKey
+    - RtlFreeUnicodeString
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - RtlInitUnicodeString
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - IofCompleteRequest
+    - KeStallExecutionProcessor
+    - BCryptGenerateSymmetricKey
+    - BCryptCloseAlgorithmProvider
+    - BCryptOpenAlgorithmProvider
+    - BCryptDestroyKey
+    - BCryptDecrypt
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    - cng.sys
+    InternalName: AsrDrv.sys
+    MD5: de1cc5c266140bff9d964fab87a29421
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: AsrDrv.sys
+    Product: ASRock IO Driver
+    ProductVersion: 1.00.00.0000
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 6a040ce6cb149645c2ee94feff2864a5
+        SHA1: 50b80eb17b5728b9a40887c3b998bf565dd77920
+        SHA256: 6dba5e5edc047abf8b9eac9ca2dc7dec808e6b1656406542a8d3c150a6447940
+    SHA1: 729a8675665c61824f22f06c7b954be4d14b52c4
+    SHA256: 6ed35f310c96920a271c59a097b382da07856e40179c2a4239f8daa04eef38e7
+    Sections:
+        .text:
+            Entropy: 6.364656828511862
+            Virtual Size: '0x18a7'
+        .rdata:
+            Entropy: 3.9722804080346172
+            Virtual Size: '0x3eb'
+        .data:
+            Entropy: 2.2015449012732216
+            Virtual Size: '0x198'
+        PAGE:
+            Entropy: 6.258332879320928
+            Virtual Size: '0x13e2'
+        INIT:
+            Entropy: 5.577901310875993
+            Virtual Size: '0x7d0'
+        .rsrc:
+            Entropy: 3.288790736965791
+            Virtual Size: '0x3a0'
+        .reloc:
+            Entropy: 5.0897276785189
+            Virtual Size: '0x2b0'
+    Signature: []
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=TW, ST=TAIWAN, L=Taipei, O=ASROCK Incorporation, OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, CN=ASROCK Incorporation
+            ValidFrom: '2014-03-07 00:00:00'
+            ValidTo: '2017-05-05 23:59:59'
+            Signature: 1a2d36e51fc7012c4b1548f12a0b4dbef774c3662171e0e1779f412648292619a8d74f8603af4fff5516d4859e7a26de9f0f688b2714b64ff296e56165afb0781c9a9dd23220d939c15cc218fe29d63d9ccd12f74127268c027d4041d392cad853e9da0a6d9379ac46efa8fe2099da7c49374b6c416139038143a94cc56334fad15ccbba2a821a22591d2c5b1449999e40af21e4f8280485d02056d904740e5c73a36e30c43376e7dbc8d0ccb7520e4bffc6501d0c0674a684398281b23d7dcb4386721fdece5817c74509fe6cc86751cd28e255dd47de330646d6bfe863fc50c773b90078f0332c3a02539c9e82b5e793c288063f91ed5f2036eb6cd4eae9e0
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03ffdaa3aac322387d7eb98acf9524bf
+            Version: 3
+            TBS:
+                MD5: 987b0fb90b05c0b59ba66fb1527c27e3
+                SHA1: 1b5d5279beed01b2355731588b1a26da29218b55
+                SHA256: b3cd9f313e55fce2d39d25dbe303777e5db9d0c01448dcd9ac70c2355bb5b4ea
+                SHA384: 4bb9546cdd73e2bff4224e021b54318e708c822a1a773a9e7246a46054aba1dd14c1651e8f01f5661b4ff4a3241c32ff
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 03ffdaa3aac322387d7eb98acf9524bf
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 7c8c655791b5c853e45aa174e5cc1333
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: asrdrv104.sys
+    MachineType: ''
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: 2b4d0dead4c1a7cc95543748b3565cfa802e5256
+    Signature: []
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: asrdrv104.sys
+    MachineType: ''
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: 4a7d66874a0472a47087fabaa033a85d47413379
+    Signature: []
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/99668140-a8f6-48f8-86d1-cf3bf693600c.yaml b/yaml/99668140-a8f6-48f8-86d1-cf3bf693600c.yaml
index 29a67f7b5..8afeec8c7 100644
--- a/yaml/99668140-a8f6-48f8-86d1-cf3bf693600c.yaml
+++ b/yaml/99668140-a8f6-48f8-86d1-cf3bf693600c.yaml
@@ -1,302 +1,302 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 99668140-a8f6-48f8-86d1-cf3bf693600c
+Tags:
+- ProtectS.sys
+Verified: 'TRUE'
 Author: Michael Haag
+Created: '2023-01-09'
+MitreID: T1068
 Category: vulnerable driver
 Commands:
-  Command: sc.exe create ProtectS.sys binPath=C:\windows\temp\ProtectS.sys type=kernel
-    && sc.exe start ProtectS.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
-Created: '2023-01-09'
+    Command: sc.exe create ProtectS.sys binPath=C:\windows\temp\ProtectS.sys type=kernel
+        && sc.exe start ProtectS.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
+Resources:
+- https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules
 Detection: []
-Id: 99668140-a8f6-48f8-86d1-cf3bf693600c
+Acknowledgement:
+    Handle: ''
+    Person: ''
 KnownVulnerableSamples:
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: ProtectS.sys
-  MachineType: ''
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA256: 9d58f640c7295952b71bdcb456cae37213baccdcd3032c1e3aeb54e79081f395
-  Signature: []
-  LoadsDespiteHVCI: 'FALSE'
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: ProtectS.sys
-  MachineType: ''
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA256: 4a9093e8dbcb867e1b97a0a67ce99a8511900658f5201c34ffb8035881f2dbbe
-  Signature: []
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: d490f971f9503765a947997d7c54a4c7
-    SHA1: 67650bc9cdf0716bc7b5664723c38fc5327ec662
-    SHA256: 4a9093e8dbcb867e1b97a0a67ce99a8511900658f5201c34ffb8035881f2dbbe
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2018-12-23 19:03:09'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - RtlFreeAnsiString
-  - RtlFreeAnsiString
-  - FltCloseClientPort
-  - FltCloseClientPort
-  - FltCloseClientPort
-  - FltCloseClientPort
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: ''
-  MD5: 3db2afc15e7cc78bd11f4c726060db5c
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 18623b4d88442645503926b328abb317
-    SHA1: 1e18f1576c30891e0fc129a5a5d3ed62f92a47cc
-    SHA256: 57ee8839c76bdd17ee60e0df2c3c4ee98bb5ce9fd3923fc2db10e708168514ca
-  SHA1: 5a7bcb1864d1e8ecde0b58d21b98518ca4b2f1f2
-  SHA256: c7079033659ac9459b3b7ab2510805832db2e2a70fe9beb1a6e13c1f51890d88
-  Sections:
-    .text:
-      Entropy: 7.954665405440423
-      Virtual Size: '0xd000'
-    .sedata:
-      Entropy: 7.68195090334756
-      Virtual Size: '0x108000'
-    .idata:
-      Entropy: 1.5285230640331269
-      Virtual Size: '0x1000'
-    .reloc:
-      Entropy: 3.7182355926860398
-      Virtual Size: '0x1000'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Timestamping CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2028-01-28 12:00:00'
-      Signature: 4e5e56901e46b4d94931f3bb1739281bc216ddfd41dc0905049b6fb2a29ad6992e40990055b5ea3fa52076d38634d417cc553ac782eeefa8babcd8069f1550dfcd167b523a02d7191afdaff0785ce04bc518df3a241edaacb8a95804020730dbb0125efe31bef00448f4f070f83a5e5683cf3dfb0dbcf4c5ed979db9d4dba52784e3389b8ba735864420a43b6da46a0ba183fd28ebdaef28f6cc885dfb0a3b00abe021ebe22f356c0f8e344597eba2f79933357ecb9a8abb454de73f9fc2d98afa65b26ec77e65ffe892e12c31a2f7b02736488f266f3bee4d761f79c3e57f9635bc2d0ecc01b08e7fff518080a792d4b34446648c874f166307314b63b0dff3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee152d7
-      Version: 3
-      TBS:
-        MD5: e140543fe3256027cfa79fc3c19c1776
-        SHA1: c655f94eb1ecc93de319fc0c9a2dc6c5ec063728
-        SHA256: 3ca71e85908ff67368e4dc00253f5691b9e6d50c966e7784143d75fb92aa3448
-        SHA384: d9d366f9328f2b55ee19a32cc5fd5148b81d764282fe5dc196c872ae249caa51d2c212ef39f33945dfe0cda81925e326
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G3
-      ValidFrom: '2016-03-16 00:00:00'
-      ValidTo: '2024-03-16 00:00:00'
-      Signature: 3b41bbc84f561182b719e3d96dc185ae9e690ec84326234b8d44c8e87d5f070e5341d563444a890bb874ac7db578792f8426e2d7f7bad1ae2dfd69cffa7c64dc24162a4adac097a9bbd5dd88e7a1929a0aa5f6f7bace85d6e4e3d455deeddc3e211f1bc87788cffc65fb05b48f12a630d30d66982f6c2e6f85187c8ff5f6fbb1ab10e183270885b07321ba5d2cba8330b73984dd5db67fd28bb455534c42a2bc4a6c78395b631ca37827bfbe34836b6d7b1e60fbc29b0d88ac8c72546bdc3b88ba81525e689783b8ce7fa3cdf9ea2f2676facd0b06ac4344497bf64c9442b2abcfd542d51942696e618664c7b37d078bdbe5767b6e5f65a91690a2cee4ae6492
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47c30ffefc22bb280f96fea75251
-      Version: 3
-      TBS:
-        MD5: 729cf4baceff4ef7aa199ad4f4ebed3d
-        SHA1: f478f0e790d5c8ec6056a3ab2567404a991d2837
-        SHA256: c3c88c2a500cb5a97abca837193a5bd382f6eb3aeb0008edbce65ea2a3dbfd5c
-        SHA384: e62bbb1ba1ad3df59f2c7265df5576af6b5d4a7473b74985a9d956975fdfc517ffbdd2172b0e3ea36befcb6a9026c872
-    - Subject: C=SG, O=GMO GlobalSign Pte Ltd, CN=GlobalSign TSA for MS Authenticode
-        , G2
-      ValidFrom: '2016-05-24 00:00:00'
-      ValidTo: '2027-06-24 00:00:00'
-      Signature: 8fa91a916d04a637200e8396de23d36b6e1f6edd643d682122b5f84736698ee1a545c724a222b72909cc545aaec6bccd638eb33d5048e5b4ccaecd928d9e288b134a11aabda3efd3b236fcb4a172bf6d9763798c44bc702f7ef3bcdd8253ab1af6ebfa1c97bcb6379ca41c30bcabbc2d4736df922003e871c658f675059a34f00b595a824434aa80e42f84f6475d96c9b6caca9db7a6bae450d3d437b8ba200ed0d3922a5bc459bba16ddb3cce449dc1382aade38dbdcd09771a10be670a02366488b9b31b26eee79e60c446a8bc61336ccf4eb99cb96af09f37feb53d4f9ad34dffde208e4e97a6fd9f09bc4dca1876c9b04d8550f280d21d06f5580407b118
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1121d699a764973ef1f8427ee919cc534114
-      Version: 3
-      TBS:
-        MD5: acb5170547d76873f1e4ff18ed5de2eb
-        SHA1: bd6e261e75b807381bada7287de04d259258a5fa
-        SHA256: 4783380498acf592286ef2dea0fcc5bdea3f54d5e374d3e3497df9d5f662cfb6
-        SHA384: 4f428f115cf3d008248f15f32007fc7c54bd454e1b48b765776b4c87c23ab8818d8fbcbb3646d35eca012b025260a3b8
-    - Subject: C=CN, ST=, L=, O=, CN=
-      ValidFrom: '2017-12-08 05:01:50'
-      ValidTo: '2021-01-01 08:01:33'
-      Signature: 0ffa0e6fd50ae2d624724fcd237a21b0b7c6e198cfe7236ea203a1ea53ed23c306e8b6e23704583b50986a34b0cd0cb26d7a06fe5ca90f4f45320f2d59a2f88d1fe793c9baf7d328fd60317d21ae9242e85710a5c2184a7f93b82abbb8a8eb705722e17c0ce0eda8f2cdd44da7ba54ecf400584636802e7ec786354386807768df2a49f88330eb86e89b8db3894ccebc7db0ddbc48165f8b802469e9a5c0c95395b631328cf867519024b1d5229768f2b2b070e5529eb2186a694fa134c9494d82dc028c2428c6b72ba9289830e0222b27952d4abb3c639de8ecb47f5b37bc53df7c781e83850dcbb0a9c4c1d8ce917fac942af20e8bd4a58537a3b5a71ea679
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 388c116793e1e1d856228d71
-      Version: 3
-      TBS:
-        MD5: 75180555124339ca60ebf14f4557be81
-        SHA1: 77633d11569cd564679dc30224d0ae48e1edccae
-        SHA256: 61dba159677df60bad1a8fcc134eb94160b690c25ec944d49cf02359d8c757c7
-        SHA384: cec93517c684da5a56d69a31cd126b5f83cb8e23462ba393ba4fee53949fc4948202a1c672ad29a43e5110da4531c0d9
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2011-04-15 19:55:08'
-      ValidTo: '2021-04-15 20:05:08'
-      Signature: 5ff8d065746a81c6a6ca5b03b6914ae84bbdef2ba142f0efb4a5adcd3389ec0b9585ac62501108aa58d25aa08310e5a6337af25af2c5fe787cf09c83df190ad97396002dd62ccde914d41d9de83f3c1a76f7904efb01350a6c9313a0c356eb67a0e4d17a96dec267f190f80a7bf5321b94ec5f751f8d1b34da6c58a7cb2d279e2226b7c9aa30cc0777b836e38201b5393ccc8dd9a75f7f23b3877fdb5798918bd7ce2520e39d644fdd87f72b68490318e0a5df7c5f68644d36838d4781f2e9e0a869abfa7b163c05a449ea8830190a6c73055178dfd41ddd3ad47f2de44e54be83431e7a7433b4a4ebd77073bc2a02988966eef6bc8f749378e329025a5a43e258ce7ccf9acad236893be25fda26054ec8d4e72c910e1797c5beee8b13112323294ffa83d050f6bafad53db3173df4ff034aa325dce67561d1fa35086bd62744d068b78d45e0eb852cc8a15d614474160e5958aed2b5eea5bcd6d7076ab62978fd976767dd8d4f17944fd2ed0caf972437c3a29c81da6be143b6577b4cecbf791319e79fe844e94781b75e701e91f83dd17b27f50b7056434805dda92fab86101d0b12e31ad04c6e75ded645b30b748887935c564a41029af7aeb799d8b67f88fa11f2457cf4d71b91c01cf1a0fbd4080a411a142acef4eb34486e66879ed54b7a397fbb0e3d3861cf735706e412066bd96b5308cd7018c22d4f974691bca9f0
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 6129152700000000002a
-      Version: 3
-      TBS:
-        MD5: 0bb058d116f02817737920f112d9fd3b
-        SHA1: fd116235171a4feafedee586b7a59185fb5fd7e6
-        SHA256: f970426cc46d2ae0fc5f899fa19dbe76e05f07e525654c60c3c9399492c291f4
-        SHA384: c0df876be008c26ca407fe904e6f5e7ccded17f9c16830ce9f8022309c9e64c97f494810f152811ae43e223b82ad7cc6
-    Signer:
-    - SerialNumber: 388c116793e1e1d856228d71
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G3
-      Version: 1
-  Imphash: 8b6c1a09e11200591663b880a94a8d18
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: d490f971f9503765a947997d7c54a4c7
-    SHA1: 67650bc9cdf0716bc7b5664723c38fc5327ec662
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: ProtectS.sys
+    MachineType: ''
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA256: 9d58f640c7295952b71bdcb456cae37213baccdcd3032c1e3aeb54e79081f395
+    Signature: []
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: ProtectS.sys
+    MachineType: ''
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
     SHA256: 4a9093e8dbcb867e1b97a0a67ce99a8511900658f5201c34ffb8035881f2dbbe
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2018-12-23 19:03:09'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - RtlFreeAnsiString
-  - RtlFreeAnsiString
-  - FltCloseClientPort
-  - FltCloseClientPort
-  - FltCloseClientPort
-  - FltCloseClientPort
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: ''
-  MD5: 986f083e5fd01eea4ec3b2575a110a95
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 18623b4d88442645503926b328abb317
-    SHA1: 1e18f1576c30891e0fc129a5a5d3ed62f92a47cc
-    SHA256: 57ee8839c76bdd17ee60e0df2c3c4ee98bb5ce9fd3923fc2db10e708168514ca
-  SHA1: ebced350ea447df8e10ebb080e3a3e5b32aca348
-  SHA256: 082d4d4d4ba1bda5e1599bd24e930ae9f000e7d12b00f7021cca90a4600ea470
-  Sections:
-    .text:
-      Entropy: 7.954665405440423
-      Virtual Size: '0xd000'
-    .sedata:
-      Entropy: 7.68195090334756
-      Virtual Size: '0x108000'
-    .idata:
-      Entropy: 1.5285230640331269
-      Virtual Size: '0x1000'
-    .reloc:
-      Entropy: 3.7182355926860398
-      Virtual Size: '0x1000'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Timestamping CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2028-01-28 12:00:00'
-      Signature: 4e5e56901e46b4d94931f3bb1739281bc216ddfd41dc0905049b6fb2a29ad6992e40990055b5ea3fa52076d38634d417cc553ac782eeefa8babcd8069f1550dfcd167b523a02d7191afdaff0785ce04bc518df3a241edaacb8a95804020730dbb0125efe31bef00448f4f070f83a5e5683cf3dfb0dbcf4c5ed979db9d4dba52784e3389b8ba735864420a43b6da46a0ba183fd28ebdaef28f6cc885dfb0a3b00abe021ebe22f356c0f8e344597eba2f79933357ecb9a8abb454de73f9fc2d98afa65b26ec77e65ffe892e12c31a2f7b02736488f266f3bee4d761f79c3e57f9635bc2d0ecc01b08e7fff518080a792d4b34446648c874f166307314b63b0dff3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee152d7
-      Version: 3
-      TBS:
-        MD5: e140543fe3256027cfa79fc3c19c1776
-        SHA1: c655f94eb1ecc93de319fc0c9a2dc6c5ec063728
-        SHA256: 3ca71e85908ff67368e4dc00253f5691b9e6d50c966e7784143d75fb92aa3448
-        SHA384: d9d366f9328f2b55ee19a32cc5fd5148b81d764282fe5dc196c872ae249caa51d2c212ef39f33945dfe0cda81925e326
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G3
-      ValidFrom: '2016-03-16 00:00:00'
-      ValidTo: '2024-03-16 00:00:00'
-      Signature: 3b41bbc84f561182b719e3d96dc185ae9e690ec84326234b8d44c8e87d5f070e5341d563444a890bb874ac7db578792f8426e2d7f7bad1ae2dfd69cffa7c64dc24162a4adac097a9bbd5dd88e7a1929a0aa5f6f7bace85d6e4e3d455deeddc3e211f1bc87788cffc65fb05b48f12a630d30d66982f6c2e6f85187c8ff5f6fbb1ab10e183270885b07321ba5d2cba8330b73984dd5db67fd28bb455534c42a2bc4a6c78395b631ca37827bfbe34836b6d7b1e60fbc29b0d88ac8c72546bdc3b88ba81525e689783b8ce7fa3cdf9ea2f2676facd0b06ac4344497bf64c9442b2abcfd542d51942696e618664c7b37d078bdbe5767b6e5f65a91690a2cee4ae6492
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47c30ffefc22bb280f96fea75251
-      Version: 3
-      TBS:
-        MD5: 729cf4baceff4ef7aa199ad4f4ebed3d
-        SHA1: f478f0e790d5c8ec6056a3ab2567404a991d2837
-        SHA256: c3c88c2a500cb5a97abca837193a5bd382f6eb3aeb0008edbce65ea2a3dbfd5c
-        SHA384: e62bbb1ba1ad3df59f2c7265df5576af6b5d4a7473b74985a9d956975fdfc517ffbdd2172b0e3ea36befcb6a9026c872
-    - Subject: C=SG, O=GMO GlobalSign Pte Ltd, CN=GlobalSign TSA for MS Authenticode
-        , G2
-      ValidFrom: '2016-05-24 00:00:00'
-      ValidTo: '2027-06-24 00:00:00'
-      Signature: 8fa91a916d04a637200e8396de23d36b6e1f6edd643d682122b5f84736698ee1a545c724a222b72909cc545aaec6bccd638eb33d5048e5b4ccaecd928d9e288b134a11aabda3efd3b236fcb4a172bf6d9763798c44bc702f7ef3bcdd8253ab1af6ebfa1c97bcb6379ca41c30bcabbc2d4736df922003e871c658f675059a34f00b595a824434aa80e42f84f6475d96c9b6caca9db7a6bae450d3d437b8ba200ed0d3922a5bc459bba16ddb3cce449dc1382aade38dbdcd09771a10be670a02366488b9b31b26eee79e60c446a8bc61336ccf4eb99cb96af09f37feb53d4f9ad34dffde208e4e97a6fd9f09bc4dca1876c9b04d8550f280d21d06f5580407b118
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1121d699a764973ef1f8427ee919cc534114
-      Version: 3
-      TBS:
-        MD5: acb5170547d76873f1e4ff18ed5de2eb
-        SHA1: bd6e261e75b807381bada7287de04d259258a5fa
-        SHA256: 4783380498acf592286ef2dea0fcc5bdea3f54d5e374d3e3497df9d5f662cfb6
-        SHA384: 4f428f115cf3d008248f15f32007fc7c54bd454e1b48b765776b4c87c23ab8818d8fbcbb3646d35eca012b025260a3b8
-    - Subject: C=CN, ST=, L=, O=, CN=
-      ValidFrom: '2019-03-25 08:28:21'
-      ValidTo: '2021-01-01 08:01:33'
-      Signature: 1bb1fdbb9443a09ed9116cefc42898629cc241933acd0732b579933b8658315d82b85c4e67f0f17bd8d0f0b01842e8d16ba5be8b1d6151e979df5509c2723be19dbf7678c670656aa3c59ec6649877610352f3f1940c5f015dc83bddccbd394929e14f8df29619c0c9a3a10280b520237150882c0bcaff759b1be9b80d44a6e9beb47e3f179f5b506099dc90097b484cd793a27b145e9dfa969fa1d6a62194d3674951db43a19ef821d15c2fdd0c11ad01a08892bb2b049dbe568ae5d48b32740b59d9c3513be87e533ab1fa99aa03b68911431b605fd7cc3bfe2af1cc15856dd5ce1ccb8c5e1000c14314153f6967157f69bc867f5436ee81061655e61dde0d
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 6260caa0dfd6e5dd9d99e2ac
-      Version: 3
-      TBS:
-        MD5: fa7f67540996b008a11a94e03d6d24cb
-        SHA1: 321a7da448b3b0accf8ad08a1ff68e40d7f0f38a
-        SHA256: 56f735f32eb7c2522d538c5021e5a9662188c06f4a73e5abdee2ed692d5cd1d6
-        SHA384: b7eed2633ded0b5f40f747c088a900e4d057f61a895848e1bdbdf3fc0ec849ba8b2592ed2f91d6122f34cd2c6727c137
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2011-04-15 19:55:08'
-      ValidTo: '2021-04-15 20:05:08'
-      Signature: 5ff8d065746a81c6a6ca5b03b6914ae84bbdef2ba142f0efb4a5adcd3389ec0b9585ac62501108aa58d25aa08310e5a6337af25af2c5fe787cf09c83df190ad97396002dd62ccde914d41d9de83f3c1a76f7904efb01350a6c9313a0c356eb67a0e4d17a96dec267f190f80a7bf5321b94ec5f751f8d1b34da6c58a7cb2d279e2226b7c9aa30cc0777b836e38201b5393ccc8dd9a75f7f23b3877fdb5798918bd7ce2520e39d644fdd87f72b68490318e0a5df7c5f68644d36838d4781f2e9e0a869abfa7b163c05a449ea8830190a6c73055178dfd41ddd3ad47f2de44e54be83431e7a7433b4a4ebd77073bc2a02988966eef6bc8f749378e329025a5a43e258ce7ccf9acad236893be25fda26054ec8d4e72c910e1797c5beee8b13112323294ffa83d050f6bafad53db3173df4ff034aa325dce67561d1fa35086bd62744d068b78d45e0eb852cc8a15d614474160e5958aed2b5eea5bcd6d7076ab62978fd976767dd8d4f17944fd2ed0caf972437c3a29c81da6be143b6577b4cecbf791319e79fe844e94781b75e701e91f83dd17b27f50b7056434805dda92fab86101d0b12e31ad04c6e75ded645b30b748887935c564a41029af7aeb799d8b67f88fa11f2457cf4d71b91c01cf1a0fbd4080a411a142acef4eb34486e66879ed54b7a397fbb0e3d3861cf735706e412066bd96b5308cd7018c22d4f974691bca9f0
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 6129152700000000002a
-      Version: 3
-      TBS:
-        MD5: 0bb058d116f02817737920f112d9fd3b
-        SHA1: fd116235171a4feafedee586b7a59185fb5fd7e6
-        SHA256: f970426cc46d2ae0fc5f899fa19dbe76e05f07e525654c60c3c9399492c291f4
-        SHA384: c0df876be008c26ca407fe904e6f5e7ccded17f9c16830ce9f8022309c9e64c97f494810f152811ae43e223b82ad7cc6
-    Signer:
-    - SerialNumber: 6260caa0dfd6e5dd9d99e2ac
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G3
-      Version: 1
-  Imphash: 8b6c1a09e11200591663b880a94a8d18
-  LoadsDespiteHVCI: 'FALSE'
-MitreID: T1068
-Resources:
-- https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules
-Tags:
-- ProtectS.sys
-Verified: 'TRUE'
+    Signature: []
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: d490f971f9503765a947997d7c54a4c7
+        SHA1: 67650bc9cdf0716bc7b5664723c38fc5327ec662
+        SHA256: 4a9093e8dbcb867e1b97a0a67ce99a8511900658f5201c34ffb8035881f2dbbe
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2018-12-23 19:03:09'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - RtlFreeAnsiString
+    - RtlFreeAnsiString
+    - FltCloseClientPort
+    - FltCloseClientPort
+    - FltCloseClientPort
+    - FltCloseClientPort
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: ''
+    MD5: 3db2afc15e7cc78bd11f4c726060db5c
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 18623b4d88442645503926b328abb317
+        SHA1: 1e18f1576c30891e0fc129a5a5d3ed62f92a47cc
+        SHA256: 57ee8839c76bdd17ee60e0df2c3c4ee98bb5ce9fd3923fc2db10e708168514ca
+    SHA1: 5a7bcb1864d1e8ecde0b58d21b98518ca4b2f1f2
+    SHA256: c7079033659ac9459b3b7ab2510805832db2e2a70fe9beb1a6e13c1f51890d88
+    Sections:
+        .text:
+            Entropy: 7.954665405440423
+            Virtual Size: '0xd000'
+        .sedata:
+            Entropy: 7.68195090334756
+            Virtual Size: '0x108000'
+        .idata:
+            Entropy: 1.5285230640331269
+            Virtual Size: '0x1000'
+        .reloc:
+            Entropy: 3.7182355926860398
+            Virtual Size: '0x1000'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Timestamping CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2028-01-28 12:00:00'
+            Signature: 4e5e56901e46b4d94931f3bb1739281bc216ddfd41dc0905049b6fb2a29ad6992e40990055b5ea3fa52076d38634d417cc553ac782eeefa8babcd8069f1550dfcd167b523a02d7191afdaff0785ce04bc518df3a241edaacb8a95804020730dbb0125efe31bef00448f4f070f83a5e5683cf3dfb0dbcf4c5ed979db9d4dba52784e3389b8ba735864420a43b6da46a0ba183fd28ebdaef28f6cc885dfb0a3b00abe021ebe22f356c0f8e344597eba2f79933357ecb9a8abb454de73f9fc2d98afa65b26ec77e65ffe892e12c31a2f7b02736488f266f3bee4d761f79c3e57f9635bc2d0ecc01b08e7fff518080a792d4b34446648c874f166307314b63b0dff3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee152d7
+            Version: 3
+            TBS:
+                MD5: e140543fe3256027cfa79fc3c19c1776
+                SHA1: c655f94eb1ecc93de319fc0c9a2dc6c5ec063728
+                SHA256: 3ca71e85908ff67368e4dc00253f5691b9e6d50c966e7784143d75fb92aa3448
+                SHA384: d9d366f9328f2b55ee19a32cc5fd5148b81d764282fe5dc196c872ae249caa51d2c212ef39f33945dfe0cda81925e326
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G3
+            ValidFrom: '2016-03-16 00:00:00'
+            ValidTo: '2024-03-16 00:00:00'
+            Signature: 3b41bbc84f561182b719e3d96dc185ae9e690ec84326234b8d44c8e87d5f070e5341d563444a890bb874ac7db578792f8426e2d7f7bad1ae2dfd69cffa7c64dc24162a4adac097a9bbd5dd88e7a1929a0aa5f6f7bace85d6e4e3d455deeddc3e211f1bc87788cffc65fb05b48f12a630d30d66982f6c2e6f85187c8ff5f6fbb1ab10e183270885b07321ba5d2cba8330b73984dd5db67fd28bb455534c42a2bc4a6c78395b631ca37827bfbe34836b6d7b1e60fbc29b0d88ac8c72546bdc3b88ba81525e689783b8ce7fa3cdf9ea2f2676facd0b06ac4344497bf64c9442b2abcfd542d51942696e618664c7b37d078bdbe5767b6e5f65a91690a2cee4ae6492
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47c30ffefc22bb280f96fea75251
+            Version: 3
+            TBS:
+                MD5: 729cf4baceff4ef7aa199ad4f4ebed3d
+                SHA1: f478f0e790d5c8ec6056a3ab2567404a991d2837
+                SHA256: c3c88c2a500cb5a97abca837193a5bd382f6eb3aeb0008edbce65ea2a3dbfd5c
+                SHA384: e62bbb1ba1ad3df59f2c7265df5576af6b5d4a7473b74985a9d956975fdfc517ffbdd2172b0e3ea36befcb6a9026c872
+        -   Subject: C=SG, O=GMO GlobalSign Pte Ltd, CN=GlobalSign TSA for MS Authenticode
+                , G2
+            ValidFrom: '2016-05-24 00:00:00'
+            ValidTo: '2027-06-24 00:00:00'
+            Signature: 8fa91a916d04a637200e8396de23d36b6e1f6edd643d682122b5f84736698ee1a545c724a222b72909cc545aaec6bccd638eb33d5048e5b4ccaecd928d9e288b134a11aabda3efd3b236fcb4a172bf6d9763798c44bc702f7ef3bcdd8253ab1af6ebfa1c97bcb6379ca41c30bcabbc2d4736df922003e871c658f675059a34f00b595a824434aa80e42f84f6475d96c9b6caca9db7a6bae450d3d437b8ba200ed0d3922a5bc459bba16ddb3cce449dc1382aade38dbdcd09771a10be670a02366488b9b31b26eee79e60c446a8bc61336ccf4eb99cb96af09f37feb53d4f9ad34dffde208e4e97a6fd9f09bc4dca1876c9b04d8550f280d21d06f5580407b118
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1121d699a764973ef1f8427ee919cc534114
+            Version: 3
+            TBS:
+                MD5: acb5170547d76873f1e4ff18ed5de2eb
+                SHA1: bd6e261e75b807381bada7287de04d259258a5fa
+                SHA256: 4783380498acf592286ef2dea0fcc5bdea3f54d5e374d3e3497df9d5f662cfb6
+                SHA384: 4f428f115cf3d008248f15f32007fc7c54bd454e1b48b765776b4c87c23ab8818d8fbcbb3646d35eca012b025260a3b8
+        -   Subject: C=CN, ST=, L=, O=, CN=
+            ValidFrom: '2017-12-08 05:01:50'
+            ValidTo: '2021-01-01 08:01:33'
+            Signature: 0ffa0e6fd50ae2d624724fcd237a21b0b7c6e198cfe7236ea203a1ea53ed23c306e8b6e23704583b50986a34b0cd0cb26d7a06fe5ca90f4f45320f2d59a2f88d1fe793c9baf7d328fd60317d21ae9242e85710a5c2184a7f93b82abbb8a8eb705722e17c0ce0eda8f2cdd44da7ba54ecf400584636802e7ec786354386807768df2a49f88330eb86e89b8db3894ccebc7db0ddbc48165f8b802469e9a5c0c95395b631328cf867519024b1d5229768f2b2b070e5529eb2186a694fa134c9494d82dc028c2428c6b72ba9289830e0222b27952d4abb3c639de8ecb47f5b37bc53df7c781e83850dcbb0a9c4c1d8ce917fac942af20e8bd4a58537a3b5a71ea679
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 388c116793e1e1d856228d71
+            Version: 3
+            TBS:
+                MD5: 75180555124339ca60ebf14f4557be81
+                SHA1: 77633d11569cd564679dc30224d0ae48e1edccae
+                SHA256: 61dba159677df60bad1a8fcc134eb94160b690c25ec944d49cf02359d8c757c7
+                SHA384: cec93517c684da5a56d69a31cd126b5f83cb8e23462ba393ba4fee53949fc4948202a1c672ad29a43e5110da4531c0d9
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2011-04-15 19:55:08'
+            ValidTo: '2021-04-15 20:05:08'
+            Signature: 5ff8d065746a81c6a6ca5b03b6914ae84bbdef2ba142f0efb4a5adcd3389ec0b9585ac62501108aa58d25aa08310e5a6337af25af2c5fe787cf09c83df190ad97396002dd62ccde914d41d9de83f3c1a76f7904efb01350a6c9313a0c356eb67a0e4d17a96dec267f190f80a7bf5321b94ec5f751f8d1b34da6c58a7cb2d279e2226b7c9aa30cc0777b836e38201b5393ccc8dd9a75f7f23b3877fdb5798918bd7ce2520e39d644fdd87f72b68490318e0a5df7c5f68644d36838d4781f2e9e0a869abfa7b163c05a449ea8830190a6c73055178dfd41ddd3ad47f2de44e54be83431e7a7433b4a4ebd77073bc2a02988966eef6bc8f749378e329025a5a43e258ce7ccf9acad236893be25fda26054ec8d4e72c910e1797c5beee8b13112323294ffa83d050f6bafad53db3173df4ff034aa325dce67561d1fa35086bd62744d068b78d45e0eb852cc8a15d614474160e5958aed2b5eea5bcd6d7076ab62978fd976767dd8d4f17944fd2ed0caf972437c3a29c81da6be143b6577b4cecbf791319e79fe844e94781b75e701e91f83dd17b27f50b7056434805dda92fab86101d0b12e31ad04c6e75ded645b30b748887935c564a41029af7aeb799d8b67f88fa11f2457cf4d71b91c01cf1a0fbd4080a411a142acef4eb34486e66879ed54b7a397fbb0e3d3861cf735706e412066bd96b5308cd7018c22d4f974691bca9f0
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 6129152700000000002a
+            Version: 3
+            TBS:
+                MD5: 0bb058d116f02817737920f112d9fd3b
+                SHA1: fd116235171a4feafedee586b7a59185fb5fd7e6
+                SHA256: f970426cc46d2ae0fc5f899fa19dbe76e05f07e525654c60c3c9399492c291f4
+                SHA384: c0df876be008c26ca407fe904e6f5e7ccded17f9c16830ce9f8022309c9e64c97f494810f152811ae43e223b82ad7cc6
+        Signer:
+        -   SerialNumber: 388c116793e1e1d856228d71
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G3
+            Version: 1
+    Imphash: 8b6c1a09e11200591663b880a94a8d18
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: d490f971f9503765a947997d7c54a4c7
+        SHA1: 67650bc9cdf0716bc7b5664723c38fc5327ec662
+        SHA256: 4a9093e8dbcb867e1b97a0a67ce99a8511900658f5201c34ffb8035881f2dbbe
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2018-12-23 19:03:09'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - RtlFreeAnsiString
+    - RtlFreeAnsiString
+    - FltCloseClientPort
+    - FltCloseClientPort
+    - FltCloseClientPort
+    - FltCloseClientPort
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: ''
+    MD5: 986f083e5fd01eea4ec3b2575a110a95
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 18623b4d88442645503926b328abb317
+        SHA1: 1e18f1576c30891e0fc129a5a5d3ed62f92a47cc
+        SHA256: 57ee8839c76bdd17ee60e0df2c3c4ee98bb5ce9fd3923fc2db10e708168514ca
+    SHA1: ebced350ea447df8e10ebb080e3a3e5b32aca348
+    SHA256: 082d4d4d4ba1bda5e1599bd24e930ae9f000e7d12b00f7021cca90a4600ea470
+    Sections:
+        .text:
+            Entropy: 7.954665405440423
+            Virtual Size: '0xd000'
+        .sedata:
+            Entropy: 7.68195090334756
+            Virtual Size: '0x108000'
+        .idata:
+            Entropy: 1.5285230640331269
+            Virtual Size: '0x1000'
+        .reloc:
+            Entropy: 3.7182355926860398
+            Virtual Size: '0x1000'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Timestamping CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2028-01-28 12:00:00'
+            Signature: 4e5e56901e46b4d94931f3bb1739281bc216ddfd41dc0905049b6fb2a29ad6992e40990055b5ea3fa52076d38634d417cc553ac782eeefa8babcd8069f1550dfcd167b523a02d7191afdaff0785ce04bc518df3a241edaacb8a95804020730dbb0125efe31bef00448f4f070f83a5e5683cf3dfb0dbcf4c5ed979db9d4dba52784e3389b8ba735864420a43b6da46a0ba183fd28ebdaef28f6cc885dfb0a3b00abe021ebe22f356c0f8e344597eba2f79933357ecb9a8abb454de73f9fc2d98afa65b26ec77e65ffe892e12c31a2f7b02736488f266f3bee4d761f79c3e57f9635bc2d0ecc01b08e7fff518080a792d4b34446648c874f166307314b63b0dff3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee152d7
+            Version: 3
+            TBS:
+                MD5: e140543fe3256027cfa79fc3c19c1776
+                SHA1: c655f94eb1ecc93de319fc0c9a2dc6c5ec063728
+                SHA256: 3ca71e85908ff67368e4dc00253f5691b9e6d50c966e7784143d75fb92aa3448
+                SHA384: d9d366f9328f2b55ee19a32cc5fd5148b81d764282fe5dc196c872ae249caa51d2c212ef39f33945dfe0cda81925e326
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G3
+            ValidFrom: '2016-03-16 00:00:00'
+            ValidTo: '2024-03-16 00:00:00'
+            Signature: 3b41bbc84f561182b719e3d96dc185ae9e690ec84326234b8d44c8e87d5f070e5341d563444a890bb874ac7db578792f8426e2d7f7bad1ae2dfd69cffa7c64dc24162a4adac097a9bbd5dd88e7a1929a0aa5f6f7bace85d6e4e3d455deeddc3e211f1bc87788cffc65fb05b48f12a630d30d66982f6c2e6f85187c8ff5f6fbb1ab10e183270885b07321ba5d2cba8330b73984dd5db67fd28bb455534c42a2bc4a6c78395b631ca37827bfbe34836b6d7b1e60fbc29b0d88ac8c72546bdc3b88ba81525e689783b8ce7fa3cdf9ea2f2676facd0b06ac4344497bf64c9442b2abcfd542d51942696e618664c7b37d078bdbe5767b6e5f65a91690a2cee4ae6492
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47c30ffefc22bb280f96fea75251
+            Version: 3
+            TBS:
+                MD5: 729cf4baceff4ef7aa199ad4f4ebed3d
+                SHA1: f478f0e790d5c8ec6056a3ab2567404a991d2837
+                SHA256: c3c88c2a500cb5a97abca837193a5bd382f6eb3aeb0008edbce65ea2a3dbfd5c
+                SHA384: e62bbb1ba1ad3df59f2c7265df5576af6b5d4a7473b74985a9d956975fdfc517ffbdd2172b0e3ea36befcb6a9026c872
+        -   Subject: C=SG, O=GMO GlobalSign Pte Ltd, CN=GlobalSign TSA for MS Authenticode
+                , G2
+            ValidFrom: '2016-05-24 00:00:00'
+            ValidTo: '2027-06-24 00:00:00'
+            Signature: 8fa91a916d04a637200e8396de23d36b6e1f6edd643d682122b5f84736698ee1a545c724a222b72909cc545aaec6bccd638eb33d5048e5b4ccaecd928d9e288b134a11aabda3efd3b236fcb4a172bf6d9763798c44bc702f7ef3bcdd8253ab1af6ebfa1c97bcb6379ca41c30bcabbc2d4736df922003e871c658f675059a34f00b595a824434aa80e42f84f6475d96c9b6caca9db7a6bae450d3d437b8ba200ed0d3922a5bc459bba16ddb3cce449dc1382aade38dbdcd09771a10be670a02366488b9b31b26eee79e60c446a8bc61336ccf4eb99cb96af09f37feb53d4f9ad34dffde208e4e97a6fd9f09bc4dca1876c9b04d8550f280d21d06f5580407b118
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1121d699a764973ef1f8427ee919cc534114
+            Version: 3
+            TBS:
+                MD5: acb5170547d76873f1e4ff18ed5de2eb
+                SHA1: bd6e261e75b807381bada7287de04d259258a5fa
+                SHA256: 4783380498acf592286ef2dea0fcc5bdea3f54d5e374d3e3497df9d5f662cfb6
+                SHA384: 4f428f115cf3d008248f15f32007fc7c54bd454e1b48b765776b4c87c23ab8818d8fbcbb3646d35eca012b025260a3b8
+        -   Subject: C=CN, ST=, L=, O=, CN=
+            ValidFrom: '2019-03-25 08:28:21'
+            ValidTo: '2021-01-01 08:01:33'
+            Signature: 1bb1fdbb9443a09ed9116cefc42898629cc241933acd0732b579933b8658315d82b85c4e67f0f17bd8d0f0b01842e8d16ba5be8b1d6151e979df5509c2723be19dbf7678c670656aa3c59ec6649877610352f3f1940c5f015dc83bddccbd394929e14f8df29619c0c9a3a10280b520237150882c0bcaff759b1be9b80d44a6e9beb47e3f179f5b506099dc90097b484cd793a27b145e9dfa969fa1d6a62194d3674951db43a19ef821d15c2fdd0c11ad01a08892bb2b049dbe568ae5d48b32740b59d9c3513be87e533ab1fa99aa03b68911431b605fd7cc3bfe2af1cc15856dd5ce1ccb8c5e1000c14314153f6967157f69bc867f5436ee81061655e61dde0d
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 6260caa0dfd6e5dd9d99e2ac
+            Version: 3
+            TBS:
+                MD5: fa7f67540996b008a11a94e03d6d24cb
+                SHA1: 321a7da448b3b0accf8ad08a1ff68e40d7f0f38a
+                SHA256: 56f735f32eb7c2522d538c5021e5a9662188c06f4a73e5abdee2ed692d5cd1d6
+                SHA384: b7eed2633ded0b5f40f747c088a900e4d057f61a895848e1bdbdf3fc0ec849ba8b2592ed2f91d6122f34cd2c6727c137
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2011-04-15 19:55:08'
+            ValidTo: '2021-04-15 20:05:08'
+            Signature: 5ff8d065746a81c6a6ca5b03b6914ae84bbdef2ba142f0efb4a5adcd3389ec0b9585ac62501108aa58d25aa08310e5a6337af25af2c5fe787cf09c83df190ad97396002dd62ccde914d41d9de83f3c1a76f7904efb01350a6c9313a0c356eb67a0e4d17a96dec267f190f80a7bf5321b94ec5f751f8d1b34da6c58a7cb2d279e2226b7c9aa30cc0777b836e38201b5393ccc8dd9a75f7f23b3877fdb5798918bd7ce2520e39d644fdd87f72b68490318e0a5df7c5f68644d36838d4781f2e9e0a869abfa7b163c05a449ea8830190a6c73055178dfd41ddd3ad47f2de44e54be83431e7a7433b4a4ebd77073bc2a02988966eef6bc8f749378e329025a5a43e258ce7ccf9acad236893be25fda26054ec8d4e72c910e1797c5beee8b13112323294ffa83d050f6bafad53db3173df4ff034aa325dce67561d1fa35086bd62744d068b78d45e0eb852cc8a15d614474160e5958aed2b5eea5bcd6d7076ab62978fd976767dd8d4f17944fd2ed0caf972437c3a29c81da6be143b6577b4cecbf791319e79fe844e94781b75e701e91f83dd17b27f50b7056434805dda92fab86101d0b12e31ad04c6e75ded645b30b748887935c564a41029af7aeb799d8b67f88fa11f2457cf4d71b91c01cf1a0fbd4080a411a142acef4eb34486e66879ed54b7a397fbb0e3d3861cf735706e412066bd96b5308cd7018c22d4f974691bca9f0
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 6129152700000000002a
+            Version: 3
+            TBS:
+                MD5: 0bb058d116f02817737920f112d9fd3b
+                SHA1: fd116235171a4feafedee586b7a59185fb5fd7e6
+                SHA256: f970426cc46d2ae0fc5f899fa19dbe76e05f07e525654c60c3c9399492c291f4
+                SHA384: c0df876be008c26ca407fe904e6f5e7ccded17f9c16830ce9f8022309c9e64c97f494810f152811ae43e223b82ad7cc6
+        Signer:
+        -   SerialNumber: 6260caa0dfd6e5dd9d99e2ac
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G3
+            Version: 1
+    Imphash: 8b6c1a09e11200591663b880a94a8d18
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/998ed67c-9c20-46ef-a6ba-abc606b540b9.yaml b/yaml/998ed67c-9c20-46ef-a6ba-abc606b540b9.yaml
index 1592b7949..3d6e29f03 100644
--- a/yaml/998ed67c-9c20-46ef-a6ba-abc606b540b9.yaml
+++ b/yaml/998ed67c-9c20-46ef-a6ba-abc606b540b9.yaml
@@ -1,226 +1,228 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 998ed67c-9c20-46ef-a6ba-abc606b540b9
+Tags:
+- 'rtkiow8x64.sys '
+Verified: 'TRUE'
 Author: Michael Haag
+Created: '2023-07-22'
+MitreID: T1068
 CVE:
 - ''
 Category: vulnerable drivers
 Commands:
-  Command: ''
-  Description: Confirmed vulnerable driver from Microsoft Block List
-  OperatingSystem: Windows
-  Privileges: kernel
-  Usecase: Elevate privileges
-Created: '2023-07-22'
-Detection:
-- type: ''
-  value: ''
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: 998ed67c-9c20-46ef-a6ba-abc606b540b9
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 20a4f355e1fcd46af497d46edcd2c092
-    SHA1: 99afa3bb2fc89de858bc705495ec51f0571bc767
-    SHA256: 516f0bbbc1b47ec2d83cc51be104920899193e2784a45b835fe68f864af1733b
-  Company: 'Realtek                                            '
-  Copyright: 'Copyright (C) 2020 Realtek Semiconductor Corporation. All Right Reserved.            '
-  CreationTimestamp: '2020-07-09 03:28:49'
-  Date: ''
-  Description: Realtek IO Driver
-  ExportedFunctions: ''
-  FileVersion: 1.009.0709.2020
-  Filename: ''
-  ImportedFunctions:
-  - KfRaiseIrql
-  - MmMapIoSpace
-  - MmUnmapIoSpace
-  - RtlInitUnicodeString
-  - MmGetSystemRoutineAddress
-  - KeSetSystemAffinityThreadEx
-  - KeQueryActiveProcessors
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - ExCreateCallback
-  - ExRegisterCallback
-  - ExUnregisterCallback
-  - MmBuildMdlForNonPagedPool
-  - MmMapLockedPagesSpecifyCache
-  - KeLowerIrql
-  - IoAllocateMdl
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - IoFreeMdl
-  - IoRegisterShutdownNotification
-  - IoUnregisterShutdownNotification
-  - IoWMIRegistrationControl
-  - ObfDereferenceObject
-  - ZwClose
-  - ZwOpenKey
-  - ZwQueryValueKey
-  - __C_specific_handler
-  - ZwCreateKey
-  - MmUnmapLockedPages
-  - _vsnprintf
-  - ZwSetSecurityObject
-  - IoDeviceObjectType
-  - IoCreateDevice
-  - ObOpenObjectByPointer
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - RtlGetSaclSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - _snwprintf
-  - RtlLengthSecurityDescriptor
-  - SeExports
-  - RtlCreateSecurityDescriptor
-  - _wcsnicmp
-  - wcschr
-  - RtlAbsoluteToSelfRelativeSD
-  - RtlAddAccessAllowedAce
-  - RtlLengthSid
-  - IoIsWdmVersionAvailable
-  - RtlSetDaclSecurityDescriptor
-  - ZwSetValueKey
-  - RtlFreeUnicodeString
-  - KeStallExecutionProcessor
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: 'rtkiow8x64.sys '
-  MD5: 480f2ca1679056019dbc8abece3fa3cb
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: 'rtkiow8x64.sys '
-  PDBPath: ''
-  Product: 'Realtek IO Driver                      '
-  ProductVersion: 1.009.0709.2020
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: cd1e23f2655cfcbe9a7cc179aa127afe
-    SHA1: 686481f672f39383cdea14b1d7976b97eb3020ed
-    SHA256: 6a7198e2cf3b0e2d52587a6995559794e6191593e34509a4faa8fe9282c11959
-  SHA1: 98ceed786f79288becc08c3b82c57e8d4bfa1bca
-  SHA256: b205835b818d8a50903cf76936fcf8160060762725bd74a523320cfbd091c038
-  Sections:
-    .text:
-      Entropy: 6.433483257397633
-      Virtual Size: '0x3efb'
-    .rdata:
-      Entropy: 4.642480851109656
-      Virtual Size: '0xee4'
-    .data:
-      Entropy: 1.588342766840537
-      Virtual Size: '0x308'
-    .pdata:
-      Entropy: 4.344595288855516
-      Virtual Size: '0x3d8'
-    PAGE:
-      Entropy: 6.260859399047818
-      Virtual Size: '0x2224'
-    INIT:
-      Entropy: 5.728643410948343
-      Virtual Size: '0xa70'
-    .rsrc:
-      Entropy: 3.2842207767219675
-      Virtual Size: '0x460'
-    .reloc:
-      Entropy: 3.3766291673878226
-      Virtual Size: '0x30'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: ??=TW, ??=Private Organization, serialNumber=22671299, C=TW, L=HSINCHU,
-        O=Realtek Semiconductor Corp., CN=Realtek Semiconductor Corp.
-      ValidFrom: '2020-01-09 00:00:00'
-      ValidTo: '2020-09-15 12:00:00'
-      Signature: 622ab6660f0bb6b692dbbfe701f462a2f59e43a039ed1bf699a2e55c1871b0d24036819d02f456b8b5903628c5cf7094cd138332eed3e985232c30c7b3bb7c0640f06bb230d5c1eccd4e13d2377c168df20895c77a8c87b44c6200f6f06bc3bc40b285efa3f855f75c7ff3518dfb299c638b5d560fb94d3e97eea3a29a7524a0c1192311571fd06905346264c6d6c8336e08cb34d9ee7440677b92aa061981364db6bb67b4d3479041e85c7b4e31e009f3d315b75c6c50d8cefe6b63475ac598505235fe9c5f69bee61d70940d47ac10a760e3eac26e268f21508b5e567e6d92c5b1ba9b1de5ebc9da9ac472d6ca33dae12b01fca6113e6e8082bd00a3a33840
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 04df4d56733ae38d598ea004dd2d9c51
-      Version: 3
-      TBS:
-        MD5: d969341c77d84b74180d7c0bbd1758f7
-        SHA1: 13ff0fcb6faef6cc0d764891fd83ff75b222a2b0
-        SHA256: 8cc799dc0170de639334d3a3112d2d2b8629fdc98844cb4d6d6c6dc0776bb8fe
-        SHA384: 511153edeab984723234ccf6cece5240e80bfb0f0108edfb3408db6c3457f8a909098b81c048dcf4027392345315df7d
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA
-      ValidFrom: '2012-04-18 12:00:00'
-      ValidTo: '2027-04-18 12:00:00'
-      Signature: 9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0dd0e3374ac95bdbfa6b434b2a48ec06
-      Version: 3
-      TBS:
-        MD5: f92649915476229b093c211c2b18e6c4
-        SHA1: 2d54c16a8f8b69ccdea48d0603c132f547a5cf75
-        SHA256: 2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
-        SHA384: 511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 04df4d56733ae38d598ea004dd2d9c51
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA
-      Version: 1
-  Imphash: cb6cd53c7b292ea3b6a0c8c94176bbce
-  LoadsDespiteHVCI: 'TRUE'
-MitreID: T1068
+    Command: ''
+    Description: Confirmed vulnerable driver from Microsoft Block List
+    OperatingSystem: Windows
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://gist.github.com/mgraeber-rc/1bde6a2a83237f17b463d051d32e802c
-Tags:
-- 'rtkiow8x64.sys '
-Verified: 'TRUE'
+Detection:
+-   type: ''
+    value: ''
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 20a4f355e1fcd46af497d46edcd2c092
+        SHA1: 99afa3bb2fc89de858bc705495ec51f0571bc767
+        SHA256: 516f0bbbc1b47ec2d83cc51be104920899193e2784a45b835fe68f864af1733b
+    Company: 'Realtek                                            '
+    Copyright: 'Copyright (C) 2020 Realtek Semiconductor Corporation. All Right Reserved.            '
+    CreationTimestamp: '2020-07-09 03:28:49'
+    Date: ''
+    Description: Realtek IO Driver
+    ExportedFunctions: ''
+    FileVersion: 1.009.0709.2020
+    Filename: ''
+    ImportedFunctions:
+    - KfRaiseIrql
+    - MmMapIoSpace
+    - MmUnmapIoSpace
+    - RtlInitUnicodeString
+    - MmGetSystemRoutineAddress
+    - KeSetSystemAffinityThreadEx
+    - KeQueryActiveProcessors
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - ExCreateCallback
+    - ExRegisterCallback
+    - ExUnregisterCallback
+    - MmBuildMdlForNonPagedPool
+    - MmMapLockedPagesSpecifyCache
+    - KeLowerIrql
+    - IoAllocateMdl
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - IoFreeMdl
+    - IoRegisterShutdownNotification
+    - IoUnregisterShutdownNotification
+    - IoWMIRegistrationControl
+    - ObfDereferenceObject
+    - ZwClose
+    - ZwOpenKey
+    - ZwQueryValueKey
+    - __C_specific_handler
+    - ZwCreateKey
+    - MmUnmapLockedPages
+    - _vsnprintf
+    - ZwSetSecurityObject
+    - IoDeviceObjectType
+    - IoCreateDevice
+    - ObOpenObjectByPointer
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - RtlGetSaclSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - _snwprintf
+    - RtlLengthSecurityDescriptor
+    - SeExports
+    - RtlCreateSecurityDescriptor
+    - _wcsnicmp
+    - wcschr
+    - RtlAbsoluteToSelfRelativeSD
+    - RtlAddAccessAllowedAce
+    - RtlLengthSid
+    - IoIsWdmVersionAvailable
+    - RtlSetDaclSecurityDescriptor
+    - ZwSetValueKey
+    - RtlFreeUnicodeString
+    - KeStallExecutionProcessor
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: 'rtkiow8x64.sys '
+    MD5: 480f2ca1679056019dbc8abece3fa3cb
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: 'rtkiow8x64.sys '
+    PDBPath: ''
+    Product: 'Realtek IO Driver                      '
+    ProductVersion: 1.009.0709.2020
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: cd1e23f2655cfcbe9a7cc179aa127afe
+        SHA1: 686481f672f39383cdea14b1d7976b97eb3020ed
+        SHA256: 6a7198e2cf3b0e2d52587a6995559794e6191593e34509a4faa8fe9282c11959
+    SHA1: 98ceed786f79288becc08c3b82c57e8d4bfa1bca
+    SHA256: b205835b818d8a50903cf76936fcf8160060762725bd74a523320cfbd091c038
+    Sections:
+        .text:
+            Entropy: 6.433483257397633
+            Virtual Size: '0x3efb'
+        .rdata:
+            Entropy: 4.642480851109656
+            Virtual Size: '0xee4'
+        .data:
+            Entropy: 1.588342766840537
+            Virtual Size: '0x308'
+        .pdata:
+            Entropy: 4.344595288855516
+            Virtual Size: '0x3d8'
+        PAGE:
+            Entropy: 6.260859399047818
+            Virtual Size: '0x2224'
+        INIT:
+            Entropy: 5.728643410948343
+            Virtual Size: '0xa70'
+        .rsrc:
+            Entropy: 3.2842207767219675
+            Virtual Size: '0x460'
+        .reloc:
+            Entropy: 3.3766291673878226
+            Virtual Size: '0x30'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: ??=TW, ??=Private Organization, serialNumber=22671299, C=TW,
+                L=HSINCHU, O=Realtek Semiconductor Corp., CN=Realtek Semiconductor
+                Corp.
+            ValidFrom: '2020-01-09 00:00:00'
+            ValidTo: '2020-09-15 12:00:00'
+            Signature: 622ab6660f0bb6b692dbbfe701f462a2f59e43a039ed1bf699a2e55c1871b0d24036819d02f456b8b5903628c5cf7094cd138332eed3e985232c30c7b3bb7c0640f06bb230d5c1eccd4e13d2377c168df20895c77a8c87b44c6200f6f06bc3bc40b285efa3f855f75c7ff3518dfb299c638b5d560fb94d3e97eea3a29a7524a0c1192311571fd06905346264c6d6c8336e08cb34d9ee7440677b92aa061981364db6bb67b4d3479041e85c7b4e31e009f3d315b75c6c50d8cefe6b63475ac598505235fe9c5f69bee61d70940d47ac10a760e3eac26e268f21508b5e567e6d92c5b1ba9b1de5ebc9da9ac472d6ca33dae12b01fca6113e6e8082bd00a3a33840
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 04df4d56733ae38d598ea004dd2d9c51
+            Version: 3
+            TBS:
+                MD5: d969341c77d84b74180d7c0bbd1758f7
+                SHA1: 13ff0fcb6faef6cc0d764891fd83ff75b222a2b0
+                SHA256: 8cc799dc0170de639334d3a3112d2d2b8629fdc98844cb4d6d6c6dc0776bb8fe
+                SHA384: 511153edeab984723234ccf6cece5240e80bfb0f0108edfb3408db6c3457f8a909098b81c048dcf4027392345315df7d
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA
+            ValidFrom: '2012-04-18 12:00:00'
+            ValidTo: '2027-04-18 12:00:00'
+            Signature: 9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0dd0e3374ac95bdbfa6b434b2a48ec06
+            Version: 3
+            TBS:
+                MD5: f92649915476229b093c211c2b18e6c4
+                SHA1: 2d54c16a8f8b69ccdea48d0603c132f547a5cf75
+                SHA256: 2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
+                SHA384: 511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 04df4d56733ae38d598ea004dd2d9c51
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA
+            Version: 1
+    Imphash: cb6cd53c7b292ea3b6a0c8c94176bbce
+    LoadsDespiteHVCI: 'TRUE'
diff --git a/yaml/9a4fb66e-9084-4b21-9d76-a7afbe330606.yaml b/yaml/9a4fb66e-9084-4b21-9d76-a7afbe330606.yaml
index eb6c180f6..a52bad4df 100644
--- a/yaml/9a4fb66e-9084-4b21-9d76-a7afbe330606.yaml
+++ b/yaml/9a4fb66e-9084-4b21-9d76-a7afbe330606.yaml
@@ -1,277 +1,277 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 9a4fb66e-9084-4b21-9d76-a7afbe330606
+Tags:
+- AMDPowerProfiler.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create AMDPowerProfiler.sys binPath=C:\windows\temp\AMDPowerProfiler.sys     type=kernel
-    && sc.exe start AMDPowerProfiler.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/0af5ccb3d33a9ba92071c9637be6254030d61998733a5eb3583e865e17844e05.yara
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: 9a4fb66e-9084-4b21-9d76-a7afbe330606
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 7ed9c787e267b2606441010b65767771
-    SHA1: 07a5aac8abb0a85822bf792607b9e90914b454dc
-    SHA256: e1d3963c55c7ffa96d16e47ec4bbb4e171f828650ce853eb0b83c90ae9c6265a
-  Company: Advanced Micro Devices, Inc.
-  Copyright: "\xA9 2021 AMD Inc. All rights reserved."
-  CreationTimestamp: '2021-07-26 10:06:46'
-  Date: ''
-  Description: AMD Power Profiling Driver
-  ExportedFunctions: ''
-  FileVersion: 6.1.0.0
-  Filename: AMDPowerProfiler.sys
-  ImportedFunctions:
-  - PcoreRemoveAllConfigurations
-  - PcoreIsLoaded
-  - PcoreAddConfiguration
-  - PcoreUnregister
-  - PcoreVersion
-  - PcoreRegister
-  - PcoreGetResourceCount
-  - KeGetProcessorNumberFromIndex
-  - KeInitializeDpc
-  - KeSetTargetProcessorDpcEx
-  - MmMapIoSpace
-  - MmUnmapIoSpace
-  - KeQueryActiveGroupCount
-  - KeSetEvent
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - KeInitializeEvent
-  - KeWaitForSingleObject
-  - KeQueryActiveProcessorCountEx
-  - ExSystemTimeToLocalTime
-  - KeGetCurrentProcessorNumberEx
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - RtlGetVersion
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - MmUnlockPages
-  - PsRemoveLoadImageNotifyRoutine
-  - ZwOpenSection
-  - ZwUnmapViewOfSection
-  - MmProbeAndLockPages
-  - PsSetLoadImageNotifyRoutine
-  - ObfDereferenceObject
-  - IoAllocateMdl
-  - PsRemoveCreateThreadNotifyRoutine
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - IoFreeMdl
-  - MmIsAddressValid
-  - PsSetCreateThreadNotifyRoutine
-  - PsSetCreateProcessNotifyRoutine
-  - ZwClose
-  - IoSizeofWorkItem
-  - ZwQueryVolumeInformationFile
-  - IoQueryFileDosDeviceName
-  - IoInitializeWorkItem
-  - IoQueueWorkItemEx
-  - ObfReferenceObject
-  - IoUninitializeWorkItem
-  - ZwOpenFile
-  - IoIs32bitProcess
-  - MmGetSystemRoutineAddress
-  - ZwSetSecurityObject
-  - IoDeviceObjectType
-  - IoCreateDevice
-  - ObOpenObjectByPointer
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - RtlGetSaclSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - _snwprintf
-  - RtlLengthSecurityDescriptor
-  - SeExports
-  - RtlCreateSecurityDescriptor
-  - _wcsnicmp
-  - wcschr
-  - RtlAbsoluteToSelfRelativeSD
-  - RtlAddAccessAllowedAce
-  - RtlLengthSid
-  - IoIsWdmVersionAvailable
-  - RtlSetDaclSecurityDescriptor
-  - ZwOpenKey
-  - ZwSetValueKey
-  - ZwQueryValueKey
-  - ZwCreateKey
-  - RtlFreeUnicodeString
-  - KeBugCheckEx
-  - KeInsertQueueDpc
-  - KeSetImportanceDpc
-  - DbgPrint
-  - MmMapLockedPagesSpecifyCache
-  - RtlIsNtDdiVersionAvailable
-  - ZwCreateFile
-  - ZwWriteFile
-  - __C_specific_handler
-  - strcmp
-  - KeQueryPerformanceCounter
-  - HalAllocateHardwareCounters
-  - HalFreeHardwareCounters
-  Imports:
-  - AMDPCore.SYS
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: AMDPowerProfiler.sys
-  MD5: e4266262a77fffdea2584283f6c4f51d
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: AMDPowerProfiler.sys
-  Product: AMD uProf
-  ProductVersion: 3.4.493.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: f738aebbde053d70ac80a3e913b2205a
-    SHA1: 5a6f2f340be31f31d82d22202b4489fc1fb03893
-    SHA256: 878dda98771551824d963e08ecadef9233c5854b143d5c1d9d42c05620c8cd73
-  SHA1: b480c54391a2a2f917a44f91a5e9e4590648b332
-  SHA256: 0af5ccb3d33a9ba92071c9637be6254030d61998733a5eb3583e865e17844e05
-  Sections:
-    .text:
-      Entropy: 6.425434279923185
-      Virtual Size: '0x9f01'
-    .rdata:
-      Entropy: 4.825713970701754
-      Virtual Size: '0x16fc'
-    .data:
-      Entropy: 2.108172298358785
-      Virtual Size: '0x2d54'
-    .pdata:
-      Entropy: 4.753427592244756
-      Virtual Size: '0xb4c'
-    .gfids:
-      Entropy: 0.8112781244591328
-      Virtual Size: '0x4'
-    PAGE:
-      Entropy: 6.292249475182866
-      Virtual Size: '0x1ae4'
-    INIT:
-      Entropy: 5.299563826983875
-      Virtual Size: '0xc02'
-    .rsrc:
-      Entropy: 3.32176383105506
-      Virtual Size: '0x420'
-    .reloc:
-      Entropy: 3.3672076092970715
-      Virtual Size: '0x2c'
-  Signature:
-  - Advanced Micro Devices Inc.
-  - Sectigo RSA Code Signing CA
-  - USERTrust RSA Certification Authority
-  - Sectigo (AAA)
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert, Inc., CN=DigiCert Timestamp 2021
-      ValidFrom: '2021-01-01 00:00:00'
-      ValidTo: '2031-01-06 00:00:00'
-      Signature: 481cdcb5e99a23bce71ae7200e8e6746fd427251740a2347a3ab92d225c47059be14a0e52781a54d1415190779f0d104c386d93bbdfe4402664ded69a40ff6b870cf62e8f5514a7879367a27b7f3e7529f93a7ed439e7be7b4dd412289fb87a246034efcf4feb76477635f2352698382fa1a53ed90cc8da117730df4f36539704bf39cd67a7bda0cbc3d32d01bcbf561fc75080076bc810ef8c0e15ccfc41172e71b6449d8229a751542f52d323881daf460a2bab452fb5ce06124254fb2dfc929a8734351dabd63d61f5b9bf72e1b4f131df74a0d717e97b7f43f84ebc1e3a349a1facea7bf56cfba597661895f7ea7b48e6778f93698e1cb28da5b87a68a2f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 0d424ae0be3a88ff604021ce1400f0dd
-      Version: 3
-      TBS:
-        MD5: c0189c338449a42fe8358c2c1fbecc60
-        SHA1: b8ac0ee6875594b80ad86a6df6dd1fa3048c187c
-        SHA256: a43de6baf968a942da017b70769fdb65b3cfb1bbca1f9174da26a7d8aae78ec5
-        SHA384: 76d3a316a5a106050298418cce3beea16100524723d9e3220b0de51bfb6f1c35a5d4c7cd10b358fef7bf94c3e3562150
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Assured
-        ID Timestamping CA
-      ValidFrom: '2016-01-07 12:00:00'
-      ValidTo: '2031-01-07 12:00:00'
-      Signature: 719512e951875669cdefddda7caa637ab378cf06374084ef4b84bfcacf0302fdc5a7c30e20422caf77f32b1f0c215a2ab705341d6aae99f827a266bf09aa60df76a43a930ff8b2d1d87c1962e85e82251ec4ba1c7b2c21e2d65b2c1435430468b2db7502e072c798d63c64e51f4810185f8938614d62462487638c91522caf2989e5781fd60b14a580d7124770b375d59385937eb69267fb536189a8f56b96c0f458690d7cc801b1b92875b7996385228c61ca79947e59fc8c0fe36fb50126b66ca5ee875121e458609bba0c2d2b6da2c47ebbc4252b4702087c49ae13b6e17c424228c61856cf4134b6665db6747bf55633222f2236b24ba24a95d8f5a68e52
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 0aa125d6d6321b7e41e405da3697c215
-      Version: 3
-      TBS:
-        MD5: 8d26184fc613f89aba1cefb30fce1b53
-        SHA1: 63a7e376bad5ec2e419d514a403bcf46c8d31d95
-        SHA256: 56b5f0d9db578e3f142921daa387902722a76700375c7e1c4ae0ba004bacaa0c
-        SHA384: d8c9691fe9dbe182f07b49b07fbb4f589fa7b38b5c4d21f265d3a2e818f4b1bfb39e03faab2ec05bb10333a99914fb8a
-    - Subject: C=US, ST=California, L=Santa Clara, O=Advanced Micro Devices Inc.,
-        CN=Advanced Micro Devices Inc.
-      ValidFrom: '2021-05-11 00:00:00'
-      ValidTo: '2024-05-10 23:59:59'
-      Signature: 8444e268ff381c9148985f408e5cc1453a560c9dd94d2a6cfa01dd7f2adc8af633053d2c79027db4f185f477b0d5db8b362b37dbd0d258823831ace7058baf3feb80a9eb2de9dd886bcf390fae9b586fc833e63db5c6a07019f35a9fce6899502852737b32d25ea7832c3786df0642d21622e56c0b0171e96f9520d07f73950376ff555bcf9c8a55bf4f86c088b58e2cb625a0ef4680ed7281f09a40c7be9f69cba77a6967030e39b2cfa46692698ced9e5347dd7056b476545c3442f934cb2c30cb986afabd29a9a9e2eb28c5bd6ee47dabf5ef587f850ea49b124eb868aac68de949616d08f875192b93388549c7327a3ef085e287d5a743810c151b250c64
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 535091e6cab13af393b51ead0825f627
-      Version: 3
-      TBS:
-        MD5: f2f60243e26dcdf4729d28b1beb55f01
-        SHA1: a23ac91136dd79d77b93b12c813e0c6669ed9f4d
-        SHA256: 192ee517f8ae928808632422a6461613d65ee324fa58d2f099a27a3d0da9ca6b
-        SHA384: beb93a1ff1715564a418ecb07cee42465dbf9c76cc703e7088bdafb2099b003afa0c335bcd15d318dcb2bf8519c199da
-    - Subject: C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust
-        RSA Certification Authority
-      ValidFrom: '2019-03-12 00:00:00'
-      ValidTo: '2028-12-31 23:59:59'
-      Signature: 188751dc74213d9c8ae027b733d02eccecf0e6cb5e11de226f9b758e9e72fee4d6feaa1f9c962def034a7eaef48d6f723c433bc03febb8df5caaa9c6aef2fcd8eea37b43f686367c14e0cdf4f73ffedeb8b48af09196fefd43647efdccd201a17d7df81919c9422b13bf588bbaa4a266047688914e0c8914cea24dc932b3bae8141abc71f15bf0410b98000a220310e50cb1f9cd923719ed3bf1e43ab6f945132675afbbaaef3f7b773bd2c402913d1900d3175c39db3f7b180d45cd9385962f5ddf59164f3f51bdd545183fed4a8ee80661742316b50d50732744477f105d892a6b853114c4e8a96a4c80bc6a78cfb87f8e7672990c9dfed7910816a1a35f95
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.12
-      IsCertificateAuthority: true
-      SerialNumber: 3972443af922b751d7d36c10dd313595
-      Version: 3
-      TBS:
-        MD5: 3f5b269ded03667a7bad47c1885062b0
-        SHA1: 0f01247aaf8b46e3617880e0f5f5dfac696ed7a3
-        SHA256: 593e2d49a74023555526aef9b7422b19e5b8b167391b6dee5ed292b1ca23a74c
-        SHA384: 13baa039635f1c5292a8c2f36aae7e1d25c025202e9092f5b0f53f5f752dfa9c71b3d1b8d9a6358fcee6ec75622fabf9
-    - Subject: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo
-        RSA Code Signing CA
-      ValidFrom: '2018-11-02 00:00:00'
-      ValidTo: '2030-12-31 23:59:59'
-      Signature: 4d6350ed47344a61a4dbde6a2a8c9bf100001e1d627b3ad732c2f6b3e063b3fb6100889a1b6d1007044fbeb8ea897822eb0f46ecf3465e40468912f40b775a9c2a413afcd6f4ebe7f7159533c3a18328b7de2fe494f78533832d4a4048bf9ac24f4ab18f24f4b38137d3b764b0a6236a596852425fff04ebe174657908f5a993de6b71409996ba78f1b9c8e2c30816b1ab635ac815806d745e4a757ea5b8c36cb5cfdf4a79875cc7404d6335f630d3cfb50a0e0b047fa04baebba3a5d08400933e535d34a50035696cbe9f2025100d19fb509061be398f7a8e4df69f0e1efe075112668326194895ce4ac9c17ff33a059bf96fdf887fc0239ed21e437a4531c19c4da9f059b25919e86a8d290402777c4b4bcd70be3ab2555a783ebcbb6f0310257715348af936cc4392e4ba4ff1629328255729fb5119c7a125406a8457c6b29db1bc1c0ada7c677e7d2ee9284c187ec47b3141719a4b29ec0b3d5750d2caddfd9e0551e54478dd01deb175980d5424fdf04ee3e2f883bd72bacb3d3aeef05e1792686dc861f9a6f12a0a0ba5b9f49eee983205859eebf98329d3c62c7dbd3a772e8b3742a06a82ed3b4aaa9410a4e10df817c5b65a79331892e3b575f8a1e98e0a251ee41ef19f5a8723ff9fa4519efb398011cddbb5c4a7a8806fe553d4e0e3a2c2d25b1afa32262d6a57701c3ca4582ea3f35b4b07dc3259f387a71a6d58
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.12
-      IsCertificateAuthority: true
-      SerialNumber: 1da248306f9b2618d082e0967d33d36a
-      Version: 3
-      TBS:
-        MD5: c1eabfb5994258ad955adb7c2df165e6
-        SHA1: fa33b3c00cebc469b269220d9eab26926c9b8ad8
-        SHA256: 70dffac37eb787b2198816982c7d44f541d2e39a7dac069d37b367dc9f354b32
-        SHA384: 20adc5b59cb532e215f01ba09a9c745898c206555613512fea7c295ccfd17ced4fe2c5bc3274ca8a270fc68799b8343c
-    Signer:
-    - SerialNumber: 535091e6cab13af393b51ead0825f627
-      Issuer: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo
-        RSA Code Signing CA
-      Version: 1
-  Imphash: 1422b8d354b95d9cd880c8726df45dfc
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create AMDPowerProfiler.sys binPath=C:\windows\temp\AMDPowerProfiler.sys     type=kernel
+        && sc.exe start AMDPowerProfiler.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://github.com/elastic/protections-artifacts/search?q=VulnDriver
-Tags:
-- AMDPowerProfiler.sys
-Verified: 'TRUE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/0af5ccb3d33a9ba92071c9637be6254030d61998733a5eb3583e865e17844e05.yara
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 7ed9c787e267b2606441010b65767771
+        SHA1: 07a5aac8abb0a85822bf792607b9e90914b454dc
+        SHA256: e1d3963c55c7ffa96d16e47ec4bbb4e171f828650ce853eb0b83c90ae9c6265a
+    Company: Advanced Micro Devices, Inc.
+    Copyright: "\xA9 2021 AMD Inc. All rights reserved."
+    CreationTimestamp: '2021-07-26 10:06:46'
+    Date: ''
+    Description: AMD Power Profiling Driver
+    ExportedFunctions: ''
+    FileVersion: 6.1.0.0
+    Filename: AMDPowerProfiler.sys
+    ImportedFunctions:
+    - PcoreRemoveAllConfigurations
+    - PcoreIsLoaded
+    - PcoreAddConfiguration
+    - PcoreUnregister
+    - PcoreVersion
+    - PcoreRegister
+    - PcoreGetResourceCount
+    - KeGetProcessorNumberFromIndex
+    - KeInitializeDpc
+    - KeSetTargetProcessorDpcEx
+    - MmMapIoSpace
+    - MmUnmapIoSpace
+    - KeQueryActiveGroupCount
+    - KeSetEvent
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - KeInitializeEvent
+    - KeWaitForSingleObject
+    - KeQueryActiveProcessorCountEx
+    - ExSystemTimeToLocalTime
+    - KeGetCurrentProcessorNumberEx
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - RtlGetVersion
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - MmUnlockPages
+    - PsRemoveLoadImageNotifyRoutine
+    - ZwOpenSection
+    - ZwUnmapViewOfSection
+    - MmProbeAndLockPages
+    - PsSetLoadImageNotifyRoutine
+    - ObfDereferenceObject
+    - IoAllocateMdl
+    - PsRemoveCreateThreadNotifyRoutine
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - IoFreeMdl
+    - MmIsAddressValid
+    - PsSetCreateThreadNotifyRoutine
+    - PsSetCreateProcessNotifyRoutine
+    - ZwClose
+    - IoSizeofWorkItem
+    - ZwQueryVolumeInformationFile
+    - IoQueryFileDosDeviceName
+    - IoInitializeWorkItem
+    - IoQueueWorkItemEx
+    - ObfReferenceObject
+    - IoUninitializeWorkItem
+    - ZwOpenFile
+    - IoIs32bitProcess
+    - MmGetSystemRoutineAddress
+    - ZwSetSecurityObject
+    - IoDeviceObjectType
+    - IoCreateDevice
+    - ObOpenObjectByPointer
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - RtlGetSaclSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - _snwprintf
+    - RtlLengthSecurityDescriptor
+    - SeExports
+    - RtlCreateSecurityDescriptor
+    - _wcsnicmp
+    - wcschr
+    - RtlAbsoluteToSelfRelativeSD
+    - RtlAddAccessAllowedAce
+    - RtlLengthSid
+    - IoIsWdmVersionAvailable
+    - RtlSetDaclSecurityDescriptor
+    - ZwOpenKey
+    - ZwSetValueKey
+    - ZwQueryValueKey
+    - ZwCreateKey
+    - RtlFreeUnicodeString
+    - KeBugCheckEx
+    - KeInsertQueueDpc
+    - KeSetImportanceDpc
+    - DbgPrint
+    - MmMapLockedPagesSpecifyCache
+    - RtlIsNtDdiVersionAvailable
+    - ZwCreateFile
+    - ZwWriteFile
+    - __C_specific_handler
+    - strcmp
+    - KeQueryPerformanceCounter
+    - HalAllocateHardwareCounters
+    - HalFreeHardwareCounters
+    Imports:
+    - AMDPCore.SYS
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: AMDPowerProfiler.sys
+    MD5: e4266262a77fffdea2584283f6c4f51d
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: AMDPowerProfiler.sys
+    Product: AMD uProf
+    ProductVersion: 3.4.493.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: f738aebbde053d70ac80a3e913b2205a
+        SHA1: 5a6f2f340be31f31d82d22202b4489fc1fb03893
+        SHA256: 878dda98771551824d963e08ecadef9233c5854b143d5c1d9d42c05620c8cd73
+    SHA1: b480c54391a2a2f917a44f91a5e9e4590648b332
+    SHA256: 0af5ccb3d33a9ba92071c9637be6254030d61998733a5eb3583e865e17844e05
+    Sections:
+        .text:
+            Entropy: 6.425434279923185
+            Virtual Size: '0x9f01'
+        .rdata:
+            Entropy: 4.825713970701754
+            Virtual Size: '0x16fc'
+        .data:
+            Entropy: 2.108172298358785
+            Virtual Size: '0x2d54'
+        .pdata:
+            Entropy: 4.753427592244756
+            Virtual Size: '0xb4c'
+        .gfids:
+            Entropy: 0.8112781244591328
+            Virtual Size: '0x4'
+        PAGE:
+            Entropy: 6.292249475182866
+            Virtual Size: '0x1ae4'
+        INIT:
+            Entropy: 5.299563826983875
+            Virtual Size: '0xc02'
+        .rsrc:
+            Entropy: 3.32176383105506
+            Virtual Size: '0x420'
+        .reloc:
+            Entropy: 3.3672076092970715
+            Virtual Size: '0x2c'
+    Signature:
+    - Advanced Micro Devices Inc.
+    - Sectigo RSA Code Signing CA
+    - USERTrust RSA Certification Authority
+    - Sectigo (AAA)
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert, Inc., CN=DigiCert Timestamp 2021
+            ValidFrom: '2021-01-01 00:00:00'
+            ValidTo: '2031-01-06 00:00:00'
+            Signature: 481cdcb5e99a23bce71ae7200e8e6746fd427251740a2347a3ab92d225c47059be14a0e52781a54d1415190779f0d104c386d93bbdfe4402664ded69a40ff6b870cf62e8f5514a7879367a27b7f3e7529f93a7ed439e7be7b4dd412289fb87a246034efcf4feb76477635f2352698382fa1a53ed90cc8da117730df4f36539704bf39cd67a7bda0cbc3d32d01bcbf561fc75080076bc810ef8c0e15ccfc41172e71b6449d8229a751542f52d323881daf460a2bab452fb5ce06124254fb2dfc929a8734351dabd63d61f5b9bf72e1b4f131df74a0d717e97b7f43f84ebc1e3a349a1facea7bf56cfba597661895f7ea7b48e6778f93698e1cb28da5b87a68a2f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 0d424ae0be3a88ff604021ce1400f0dd
+            Version: 3
+            TBS:
+                MD5: c0189c338449a42fe8358c2c1fbecc60
+                SHA1: b8ac0ee6875594b80ad86a6df6dd1fa3048c187c
+                SHA256: a43de6baf968a942da017b70769fdb65b3cfb1bbca1f9174da26a7d8aae78ec5
+                SHA384: 76d3a316a5a106050298418cce3beea16100524723d9e3220b0de51bfb6f1c35a5d4c7cd10b358fef7bf94c3e3562150
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Assured
+                ID Timestamping CA
+            ValidFrom: '2016-01-07 12:00:00'
+            ValidTo: '2031-01-07 12:00:00'
+            Signature: 719512e951875669cdefddda7caa637ab378cf06374084ef4b84bfcacf0302fdc5a7c30e20422caf77f32b1f0c215a2ab705341d6aae99f827a266bf09aa60df76a43a930ff8b2d1d87c1962e85e82251ec4ba1c7b2c21e2d65b2c1435430468b2db7502e072c798d63c64e51f4810185f8938614d62462487638c91522caf2989e5781fd60b14a580d7124770b375d59385937eb69267fb536189a8f56b96c0f458690d7cc801b1b92875b7996385228c61ca79947e59fc8c0fe36fb50126b66ca5ee875121e458609bba0c2d2b6da2c47ebbc4252b4702087c49ae13b6e17c424228c61856cf4134b6665db6747bf55633222f2236b24ba24a95d8f5a68e52
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 0aa125d6d6321b7e41e405da3697c215
+            Version: 3
+            TBS:
+                MD5: 8d26184fc613f89aba1cefb30fce1b53
+                SHA1: 63a7e376bad5ec2e419d514a403bcf46c8d31d95
+                SHA256: 56b5f0d9db578e3f142921daa387902722a76700375c7e1c4ae0ba004bacaa0c
+                SHA384: d8c9691fe9dbe182f07b49b07fbb4f589fa7b38b5c4d21f265d3a2e818f4b1bfb39e03faab2ec05bb10333a99914fb8a
+        -   Subject: C=US, ST=California, L=Santa Clara, O=Advanced Micro Devices
+                Inc., CN=Advanced Micro Devices Inc.
+            ValidFrom: '2021-05-11 00:00:00'
+            ValidTo: '2024-05-10 23:59:59'
+            Signature: 8444e268ff381c9148985f408e5cc1453a560c9dd94d2a6cfa01dd7f2adc8af633053d2c79027db4f185f477b0d5db8b362b37dbd0d258823831ace7058baf3feb80a9eb2de9dd886bcf390fae9b586fc833e63db5c6a07019f35a9fce6899502852737b32d25ea7832c3786df0642d21622e56c0b0171e96f9520d07f73950376ff555bcf9c8a55bf4f86c088b58e2cb625a0ef4680ed7281f09a40c7be9f69cba77a6967030e39b2cfa46692698ced9e5347dd7056b476545c3442f934cb2c30cb986afabd29a9a9e2eb28c5bd6ee47dabf5ef587f850ea49b124eb868aac68de949616d08f875192b93388549c7327a3ef085e287d5a743810c151b250c64
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 535091e6cab13af393b51ead0825f627
+            Version: 3
+            TBS:
+                MD5: f2f60243e26dcdf4729d28b1beb55f01
+                SHA1: a23ac91136dd79d77b93b12c813e0c6669ed9f4d
+                SHA256: 192ee517f8ae928808632422a6461613d65ee324fa58d2f099a27a3d0da9ca6b
+                SHA384: beb93a1ff1715564a418ecb07cee42465dbf9c76cc703e7088bdafb2099b003afa0c335bcd15d318dcb2bf8519c199da
+        -   Subject: C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network,
+                CN=USERTrust RSA Certification Authority
+            ValidFrom: '2019-03-12 00:00:00'
+            ValidTo: '2028-12-31 23:59:59'
+            Signature: 188751dc74213d9c8ae027b733d02eccecf0e6cb5e11de226f9b758e9e72fee4d6feaa1f9c962def034a7eaef48d6f723c433bc03febb8df5caaa9c6aef2fcd8eea37b43f686367c14e0cdf4f73ffedeb8b48af09196fefd43647efdccd201a17d7df81919c9422b13bf588bbaa4a266047688914e0c8914cea24dc932b3bae8141abc71f15bf0410b98000a220310e50cb1f9cd923719ed3bf1e43ab6f945132675afbbaaef3f7b773bd2c402913d1900d3175c39db3f7b180d45cd9385962f5ddf59164f3f51bdd545183fed4a8ee80661742316b50d50732744477f105d892a6b853114c4e8a96a4c80bc6a78cfb87f8e7672990c9dfed7910816a1a35f95
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.12
+            IsCertificateAuthority: true
+            SerialNumber: 3972443af922b751d7d36c10dd313595
+            Version: 3
+            TBS:
+                MD5: 3f5b269ded03667a7bad47c1885062b0
+                SHA1: 0f01247aaf8b46e3617880e0f5f5dfac696ed7a3
+                SHA256: 593e2d49a74023555526aef9b7422b19e5b8b167391b6dee5ed292b1ca23a74c
+                SHA384: 13baa039635f1c5292a8c2f36aae7e1d25c025202e9092f5b0f53f5f752dfa9c71b3d1b8d9a6358fcee6ec75622fabf9
+        -   Subject: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo
+                RSA Code Signing CA
+            ValidFrom: '2018-11-02 00:00:00'
+            ValidTo: '2030-12-31 23:59:59'
+            Signature: 4d6350ed47344a61a4dbde6a2a8c9bf100001e1d627b3ad732c2f6b3e063b3fb6100889a1b6d1007044fbeb8ea897822eb0f46ecf3465e40468912f40b775a9c2a413afcd6f4ebe7f7159533c3a18328b7de2fe494f78533832d4a4048bf9ac24f4ab18f24f4b38137d3b764b0a6236a596852425fff04ebe174657908f5a993de6b71409996ba78f1b9c8e2c30816b1ab635ac815806d745e4a757ea5b8c36cb5cfdf4a79875cc7404d6335f630d3cfb50a0e0b047fa04baebba3a5d08400933e535d34a50035696cbe9f2025100d19fb509061be398f7a8e4df69f0e1efe075112668326194895ce4ac9c17ff33a059bf96fdf887fc0239ed21e437a4531c19c4da9f059b25919e86a8d290402777c4b4bcd70be3ab2555a783ebcbb6f0310257715348af936cc4392e4ba4ff1629328255729fb5119c7a125406a8457c6b29db1bc1c0ada7c677e7d2ee9284c187ec47b3141719a4b29ec0b3d5750d2caddfd9e0551e54478dd01deb175980d5424fdf04ee3e2f883bd72bacb3d3aeef05e1792686dc861f9a6f12a0a0ba5b9f49eee983205859eebf98329d3c62c7dbd3a772e8b3742a06a82ed3b4aaa9410a4e10df817c5b65a79331892e3b575f8a1e98e0a251ee41ef19f5a8723ff9fa4519efb398011cddbb5c4a7a8806fe553d4e0e3a2c2d25b1afa32262d6a57701c3ca4582ea3f35b4b07dc3259f387a71a6d58
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.12
+            IsCertificateAuthority: true
+            SerialNumber: 1da248306f9b2618d082e0967d33d36a
+            Version: 3
+            TBS:
+                MD5: c1eabfb5994258ad955adb7c2df165e6
+                SHA1: fa33b3c00cebc469b269220d9eab26926c9b8ad8
+                SHA256: 70dffac37eb787b2198816982c7d44f541d2e39a7dac069d37b367dc9f354b32
+                SHA384: 20adc5b59cb532e215f01ba09a9c745898c206555613512fea7c295ccfd17ced4fe2c5bc3274ca8a270fc68799b8343c
+        Signer:
+        -   SerialNumber: 535091e6cab13af393b51ead0825f627
+            Issuer: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo
+                RSA Code Signing CA
+            Version: 1
+    Imphash: 1422b8d354b95d9cd880c8726df45dfc
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/9b65dba4-81a0-48cc-8ff0-a4f353881062.yaml b/yaml/9b65dba4-81a0-48cc-8ff0-a4f353881062.yaml
index 4be014948..48e81f0b5 100644
--- a/yaml/9b65dba4-81a0-48cc-8ff0-a4f353881062.yaml
+++ b/yaml/9b65dba4-81a0-48cc-8ff0-a4f353881062.yaml
@@ -1,127 +1,127 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 9b65dba4-81a0-48cc-8ff0-a4f353881062
+Tags:
+- EneIo64.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create EneIo64.sys binPath=C:\windows\temp\EneIo64.sys type=kernel
-    && sc.exe start EneIo64.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection: []
-Id: 9b65dba4-81a0-48cc-8ff0-a4f353881062
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 198111fd73515aa7fe4387612f027f0f
-    SHA1: 651b953cb03928e41424ad59f21d4978d6f4952e
-    SHA256: ebbaa44277a3ec6e20ad3f6aef5399fdc398306eb4c13aa96e45c9a281820a12
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2018-03-19 21:59:12'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: EneIo64.sys
-  ImportedFunctions:
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - ZwUnmapViewOfSection
-  - ZwClose
-  - IofCompleteRequest
-  - ObReferenceObjectByHandle
-  - ZwMapViewOfSection
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - RtlAssert
-  - ZwOpenSection
-  - DbgPrint
-  - KeBugCheckEx
-  - IoCreateSymbolicLink
-  - IoDeleteSymbolicLink
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: 11fb599312cb1cf43ca5e879ed6fb71e
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 2b745d90a102a42256774e350aac3080
-    SHA1: 45768de16e9654a5b21dcc916b5115ef81950791
-    SHA256: 59089a80084d2dd2efbc48ed53ce8eb6198155fe8552e36c1355c732691963a3
-  SHA1: b4d014b5edd6e19ce0e8395a64faedf49688ecb5
-  SHA256: 9fc29480407e5179aa8ea41682409b4ea33f1a42026277613d6484e5419de374
-  Sections:
-    .text:
-      Entropy: 6.155249930767524
-      Virtual Size: '0x103c'
-    .rdata:
-      Entropy: 3.9170994221049087
-      Virtual Size: '0x144'
-    .data:
-      Entropy: 0.5159719988134768
-      Virtual Size: '0x110'
-    .pdata:
-      Entropy: 3.1235136228187446
-      Virtual Size: '0x54'
-    INIT:
-      Entropy: 5.023217119758618
-      Virtual Size: '0x2a6'
-  Signature:
-  - Microsoft Windows Hardware Compatibility Publisher
-  - Microsoft Windows Third Party Component CA 2014
-  - Microsoft Root Certificate Authority 2010
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Hardware Compatibility Publisher
-      ValidFrom: '2017-10-05 17:44:16'
-      ValidTo: '2018-10-05 17:44:16'
-      Signature: 5d029dd2c0ca0f997555ec89434d33899bd9a1ed711df775386647a579200c20df265adea863cc62d7e52425677abd190bf3717a12cd237961cdb74793930af7d63c57e4b868dbe09b8f03604a5a2e2b7fda4f9210aca193758f848d353f68f5913887c6e286a88519db9258401e939a2b541ea2b970460afa999f9fd26ba5b7c109d1088a3c2d42873691ff2ccb482289205190d0349c1f5b559f5f84e2bfa45e0152111d2c54ccd7d6212c50b5de6f0add83776bc70b319a108076fde4973d281e0f020f33dd8f7d57501216c6499d40dd8ac64566a564fee1abf5d3667d3b9bc9c904dfba7c0ca42b0d8267b16e8fe257f11c45f2fbe2d9bba0f688d12c4ffb563b68fc1e8be829f600829c49fdac4f757ea24e774d000ef3caa359f1a34ef54c77a3c0c11fc3a5849efd089b301356ff4c88a811abfdadeac18a64f61ea2d79146c18c0d3f066abc0b0fa9e803a8a3e99a960be0c4b40a7a36a7d2880ff89a17f7db91181f67dd134ae7751ac0bcdf047c262834fe3ad8ca28e2f74c3ad7f370b6f184fb58001f1b12c1aa214117f3b253162d2a29a5096d6620324c63c5e32a3cf7384664a09a978dbbebe0b6e34d1aaa1b959e620b0e37750322453dcd172537bd90717c9c9508ad1f3b9281091562c62a2a3004b89d35ee7cb6ea1927b32ffac4bdeaa1b596c5a136e0dd4498fbd3c3a6f17c4ee2668ab03229a4a013
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 330000001f9800c911029569be00000000001f
-      Version: 3
-      TBS:
-        MD5: adc809facabcdfc353d4e5d9f8956845
-        SHA1: ec1181c8eafabeee4ba13edd8f260a880474b665
-        SHA256: cca1b4b3969e9dc0065cfa36ee48648341771a5af94db2d51320d6352c16c85b
-        SHA384: a2dfd2d0ad5b27d66da28e972c313ebc2395004638dc6344fafd26d79735359f7562d273b7dbacf6ab294a913a20cd0b
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2014
-      ValidFrom: '2014-10-15 20:31:27'
-      ValidTo: '2029-10-15 20:41:27'
-      Signature: 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 330000000d690d5d7893d076df00000000000d
-      Version: 3
-      TBS:
-        MD5: 83f69422963f11c3c340b81712eef319
-        SHA1: 0c5e5f24590b53bc291e28583acb78e5adc95601
-        SHA256: d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
-        SHA384: 260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63
-    Signer:
-    - SerialNumber: 330000001f9800c911029569be00000000001f
-      Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2014
-      Version: 1
-  Imphash: 85f86c7c8ce81a78e84efa545d7edc65
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create EneIo64.sys binPath=C:\windows\temp\EneIo64.sys type=kernel
+        && sc.exe start EneIo64.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://gist.github.com/k4nfr3/af970e7facb09195e56f2112e1c9549c
-Tags:
-- EneIo64.sys
-Verified: 'TRUE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 198111fd73515aa7fe4387612f027f0f
+        SHA1: 651b953cb03928e41424ad59f21d4978d6f4952e
+        SHA256: ebbaa44277a3ec6e20ad3f6aef5399fdc398306eb4c13aa96e45c9a281820a12
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2018-03-19 21:59:12'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: EneIo64.sys
+    ImportedFunctions:
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - ZwUnmapViewOfSection
+    - ZwClose
+    - IofCompleteRequest
+    - ObReferenceObjectByHandle
+    - ZwMapViewOfSection
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - RtlAssert
+    - ZwOpenSection
+    - DbgPrint
+    - KeBugCheckEx
+    - IoCreateSymbolicLink
+    - IoDeleteSymbolicLink
+    - HalTranslateBusAddress
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: 11fb599312cb1cf43ca5e879ed6fb71e
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 2b745d90a102a42256774e350aac3080
+        SHA1: 45768de16e9654a5b21dcc916b5115ef81950791
+        SHA256: 59089a80084d2dd2efbc48ed53ce8eb6198155fe8552e36c1355c732691963a3
+    SHA1: b4d014b5edd6e19ce0e8395a64faedf49688ecb5
+    SHA256: 9fc29480407e5179aa8ea41682409b4ea33f1a42026277613d6484e5419de374
+    Sections:
+        .text:
+            Entropy: 6.155249930767524
+            Virtual Size: '0x103c'
+        .rdata:
+            Entropy: 3.9170994221049087
+            Virtual Size: '0x144'
+        .data:
+            Entropy: 0.5159719988134768
+            Virtual Size: '0x110'
+        .pdata:
+            Entropy: 3.1235136228187446
+            Virtual Size: '0x54'
+        INIT:
+            Entropy: 5.023217119758618
+            Virtual Size: '0x2a6'
+    Signature:
+    - Microsoft Windows Hardware Compatibility Publisher
+    - Microsoft Windows Third Party Component CA 2014
+    - Microsoft Root Certificate Authority 2010
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Hardware Compatibility Publisher
+            ValidFrom: '2017-10-05 17:44:16'
+            ValidTo: '2018-10-05 17:44:16'
+            Signature: 5d029dd2c0ca0f997555ec89434d33899bd9a1ed711df775386647a579200c20df265adea863cc62d7e52425677abd190bf3717a12cd237961cdb74793930af7d63c57e4b868dbe09b8f03604a5a2e2b7fda4f9210aca193758f848d353f68f5913887c6e286a88519db9258401e939a2b541ea2b970460afa999f9fd26ba5b7c109d1088a3c2d42873691ff2ccb482289205190d0349c1f5b559f5f84e2bfa45e0152111d2c54ccd7d6212c50b5de6f0add83776bc70b319a108076fde4973d281e0f020f33dd8f7d57501216c6499d40dd8ac64566a564fee1abf5d3667d3b9bc9c904dfba7c0ca42b0d8267b16e8fe257f11c45f2fbe2d9bba0f688d12c4ffb563b68fc1e8be829f600829c49fdac4f757ea24e774d000ef3caa359f1a34ef54c77a3c0c11fc3a5849efd089b301356ff4c88a811abfdadeac18a64f61ea2d79146c18c0d3f066abc0b0fa9e803a8a3e99a960be0c4b40a7a36a7d2880ff89a17f7db91181f67dd134ae7751ac0bcdf047c262834fe3ad8ca28e2f74c3ad7f370b6f184fb58001f1b12c1aa214117f3b253162d2a29a5096d6620324c63c5e32a3cf7384664a09a978dbbebe0b6e34d1aaa1b959e620b0e37750322453dcd172537bd90717c9c9508ad1f3b9281091562c62a2a3004b89d35ee7cb6ea1927b32ffac4bdeaa1b596c5a136e0dd4498fbd3c3a6f17c4ee2668ab03229a4a013
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 330000001f9800c911029569be00000000001f
+            Version: 3
+            TBS:
+                MD5: adc809facabcdfc353d4e5d9f8956845
+                SHA1: ec1181c8eafabeee4ba13edd8f260a880474b665
+                SHA256: cca1b4b3969e9dc0065cfa36ee48648341771a5af94db2d51320d6352c16c85b
+                SHA384: a2dfd2d0ad5b27d66da28e972c313ebc2395004638dc6344fafd26d79735359f7562d273b7dbacf6ab294a913a20cd0b
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2014
+            ValidFrom: '2014-10-15 20:31:27'
+            ValidTo: '2029-10-15 20:41:27'
+            Signature: 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 330000000d690d5d7893d076df00000000000d
+            Version: 3
+            TBS:
+                MD5: 83f69422963f11c3c340b81712eef319
+                SHA1: 0c5e5f24590b53bc291e28583acb78e5adc95601
+                SHA256: d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
+                SHA384: 260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63
+        Signer:
+        -   SerialNumber: 330000001f9800c911029569be00000000001f
+            Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2014
+            Version: 1
+    Imphash: 85f86c7c8ce81a78e84efa545d7edc65
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/9bf033e4-7295-4b63-8772-638b76851741.yaml b/yaml/9bf033e4-7295-4b63-8772-638b76851741.yaml
index e3e882e99..20e0689cf 100644
--- a/yaml/9bf033e4-7295-4b63-8772-638b76851741.yaml
+++ b/yaml/9bf033e4-7295-4b63-8772-638b76851741.yaml
@@ -1,8033 +1,8075 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 9bf033e4-7295-4b63-8772-638b76851741
+Tags:
+- ComputerZ.Sys
+Verified: 'TRUE'
 Author: Takahiro Haruyama
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create ComputerZSys binPath= C:\windows\temp\ComputerZSys.sys type=kernel
-    && sc.exe start ComputerZSys
-  Description: The Carbon Black Threat Analysis Unit (TAU) discovered 34 unique vulnerable
-    drivers (237 file hashes) accepting firmware access. Six allow kernel memory access.
-    All give full control of the devices to non-admin users. By exploiting the vulnerable
-    drivers, an attacker without the system privilege may erase/alter firmware, and/or
-    elevate privileges. As of the time of writing in October 2023, the filenames of
-    the vulnerable drivers have not been made public until now.
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-11-02'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: 9bf033e4-7295-4b63-8772-638b76851741
-KnownVulnerableSamples:
-- Company: 360.cn
-  Date: ''
-  Description: Ludashi System Driver
-  FileVersion: 1.6.14.1023
-  Filename: ''
-  MD5: 1f01257d9730f805b2a1d69099ef891d
-  MachineType: I386
-  OriginalFilename: ComputerZ.Sys
-  Product: "\u9C81\u5927\u5E08"
-  ProductVersion: 1.6.14.1023
-  Publisher: ''
-  SHA1: f10ec1b88c3a383c2a0c03362d31960836e3fb5f
-  SHA256: 00d9781d0823ab49505ef9c877aa6fa674e19ecc8b02c39ee2728f298bc92b03
-  Signature: ''
-  Imphash: f9b9487f25a2c1e08c02f391387c5323
-  Authentihash:
-    MD5: a8a3d4946e4a02ac7127d878704da757
-    SHA1: eae3b3c7e6b4e1dcb6ed1b2378a633fb2ff72fb4
-    SHA256: 06c40abdf980ea22c8c4c50d9599db95d586354a8177e2cd670124e46a22a1f1
-  RichPEHeaderHash:
-    MD5: 7fc550aec15fd6621ba15e6f0c8d0b43
-    SHA1: 231a47a21f97fb57cdca08ba5a88d86f15920c2e
-    SHA256: 2d878af22eeafbfa7f8d8a40ca040a55f5c294ef7d7e93e7505d1fb2691880d2
-  Sections:
-    .text:
-      Entropy: 6.327844483094998
-      Virtual Size: '0x2fe0'
-    .rdata:
-      Entropy: 4.052887877624582
-      Virtual Size: '0x194'
-    .data:
-      Entropy: 0.6831361601556649
-      Virtual Size: '0x94'
-    INIT:
-      Entropy: 5.471916387889967
-      Virtual Size: '0x448'
-    .rsrc:
-      Entropy: 3.5576816257450643
-      Virtual Size: '0x480'
-    .reloc:
-      Entropy: 5.706460178916482
-      Virtual Size: '0x23e'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2014-11-13 19:34:11'
-  InternalName: ComputerZ.Sys
-  Copyright: "\u7248\u6743\u6240\u6709 (C) 2010-2014 www.ludashi.com"
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - IoGetDeviceProperty
-  - RtlCompareUnicodeString
-  - ObfDereferenceObject
-  - IoGetDeviceAttachmentBaseRef
-  - PsGetVersion
-  - MmIsAddressValid
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - RtlAnsiStringToUnicodeString
-  - RtlInitAnsiString
-  - KeWaitForSingleObject
-  - IofCallDriver
-  - IoBuildDeviceIoControlRequest
-  - KeInitializeEvent
-  - MmUnmapIoSpace
-  - READ_REGISTER_BUFFER_UCHAR
-  - MmMapIoSpace
-  - READ_REGISTER_BUFFER_ULONG
-  - WRITE_REGISTER_ULONG
-  - WRITE_REGISTER_UCHAR
-  - KeSetTimer
-  - KeInitializeTimerEx
-  - _allmul
-  - SeReleaseSubjectContext
-  - SeTokenIsAdmin
-  - SeCaptureSubjectContext
-  - KeTickCount
-  - KeBugCheckEx
-  - RtlUnwind
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO
-        Time Stamping Signer
-      ValidFrom: '2010-05-10 00:00:00'
-      ValidTo: '2015-05-10 23:59:59'
-      Signature: c8fb63f80b75752c3af1f213a72db6a31a9cad0107d3348e77e0c26eae025d484fa4d221b636fd2a35437c6bdf80870b15f0763200b4ceb567a42f2f201b9c549e833f1f5f149562820f2241221f70b3f3f742de6c51cd4bf821ac9b3b8cb1e5e6288fce2a8af9aa524d8c5b77ba4d5a58dbbb6a04cc521e9de228370ebbe70e91c7f8dbf18198ebcd37b30eab65d362ec3aa576eb13a83593c92e0a01ecc0e8cc3d7eb6ebe2c1ecd3149282668750dcfd5097acb34a767306c486113ab35f4304526feab3d074364ccaf11b7984377063ad74b9aa0ef398b08608ebdbe01f8c10f239649bae4f0a2c928a4f18b591e58d1a935f1faef1a6f02e97d0d2f62b3c
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 478a8efb59e1d83f0ce142d2a28707be
-      Version: 3
-      TBS:
-        MD5: f13ede9179075999ef7f856ec31e364b
-        SHA1: 2f09867166e6107e17808317f5c8d4ee157f45bc
-        SHA256: 089a2c4c6ac7432020acdb65c33bf39130da6f37c002ba79128bd4c94e4fa101
-        SHA384: 67be6d358f4ecd0726163603a404db9d78c340951d43fd608482cd89a2de7f9566f0ce45f8222f420003157cb266b939
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=CN, ST=Beijing, L=Beijing, O=Qihoo 360 Software (Beijing) Company
-        Limited, OU=Digital ID Class 3 , Microsoft Software Validation v2, OU=Tech.
-        Dev. Dept., CN=Qihoo 360 Software (Beijing) Company Limited
-      ValidFrom: '2013-03-11 00:00:00'
-      ValidTo: '2016-03-10 23:59:59'
-      Signature: b1e984808fbc7d3658d18d137c68f1277611af3e98408e495fd55de202bc04f7dc44ae362658e6b5f9dd97b5b383b94723bae937b8fb9e75bb92317a85bcee1989c90c318216da71629f3147ae647502e71e360d16b7cf7006927282265eb0014300650595d1cccc07ed28d9df246055981cec3485bc3173aef9b76912a6cbb2766fa5363e1fc0a91d4679db92e1e1b8dc84e1a14de55324d522670f9e574714b2959ea7a89db456e3debd34d35bbe6403389421ac76615e4ce194990b325132fa62279f31e86fb7043627343fef7118672d5f1ce4666a594d746bb3c69bf123f27c6cb24079fc490a382286d4e85fc118ca9a4612dda448b84a25bcd0fa2cf1
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 51bd5d8e45b82a0210f17fe4c5233468
-      Version: 3
-      TBS:
-        MD5: ad73c81b3174cc055d9718b2145a3d1f
-        SHA1: 0cb9e92828857976774a9fe96c016cdc67a25e6d
-        SHA256: 2c5d88401dfeec2ebf814e09d0d0faec9d109a503d427da4a7f3e0dec5ae0b6c
-        SHA384: 48c38329eb7f200be0d48acddabdb93c354dd1b8b3c3ce955a23638a4e2e32dd7d0f3a4f227a2b6382adc95e746cc411
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 51bd5d8e45b82a0210f17fe4c5233468
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: ludashi.com
-  Date: ''
-  Description: Ludashi System Driver
-  FileVersion: 1.6.16.1015
-  Filename: ''
-  MD5: 5b6c21e8366220f7511e6904ffeeced9
-  MachineType: I386
-  OriginalFilename: ComputerZ.Sys
-  Product: "\u9C81\u5927\u5E08"
-  ProductVersion: 1.6.16.1015
-  Publisher: ''
-  SHA1: c32dfdb0ee859de618484f3ab7a43ee1d9a25d1c
-  SHA256: 03680068ec41bbe725e1ed2042b63b82391f792e8e21e45dc114618641611d5d
-  Signature: ''
-  Imphash: a53b095a8d7366075d445892070cde51
-  Authentihash:
-    MD5: e0a6c9b07aeb96edf04da906f206e11d
-    SHA1: cae3a4dc81504e2892510a6ff90bff711092514b
-    SHA256: df813922fcebbcaae99314cc207ec95111a6599ec7fb2d723f6bb1052c493c8a
-  RichPEHeaderHash:
-    MD5: 36d79e4bc2a15ca68d83887d15f8f3b0
-    SHA1: 8ae8df369a94635efe2cd11c5a54829a352887c5
-    SHA256: c7e19135c0e8c6b70db667044a45444ec135e550845f32f0b49fa08cfe0a9e7e
-  Sections:
-    .text:
-      Entropy: 6.308900702775621
-      Virtual Size: '0x3970'
-    .rdata:
-      Entropy: 4.058483972608683
-      Virtual Size: '0x1a4'
-    .data:
-      Entropy: 0.5154246727248383
-      Virtual Size: '0xd0'
-    INIT:
-      Entropy: 5.455393527320866
-      Virtual Size: '0x4b4'
-    .rsrc:
-      Entropy: 3.5699609259177874
-      Virtual Size: '0x488'
-    .reloc:
-      Entropy: 5.807110906252108
-      Virtual Size: '0x2e2'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2016-06-21 05:51:17'
-  InternalName: ComputerZ.Sys
-  Copyright: "\u7248\u6743\u6240\u6709 (C) 2010-2016 www.ludashi.com"
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IofCompleteRequest
-  - RtlGetVersion
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - IoGetDeviceProperty
-  - RtlCompareUnicodeString
-  - ObfDereferenceObject
-  - IoGetDeviceAttachmentBaseRef
-  - PsGetVersion
-  - MmIsAddressValid
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - RtlAnsiStringToUnicodeString
-  - RtlInitAnsiString
-  - KeWaitForSingleObject
-  - RtlInitUnicodeString
-  - IoBuildDeviceIoControlRequest
-  - KeInitializeEvent
-  - MmUnmapIoSpace
-  - READ_REGISTER_BUFFER_UCHAR
-  - MmMapIoSpace
-  - READ_REGISTER_BUFFER_ULONG
-  - WRITE_REGISTER_ULONG
-  - WRITE_REGISTER_UCHAR
-  - KeSetTimer
-  - KeInitializeTimerEx
-  - _allmul
-  - SeReleaseSubjectContext
-  - SeTokenIsAdmin
-  - SeCaptureSubjectContext
-  - KeTickCount
-  - KeBugCheckEx
-  - RtlUnwind
-  - IoDeleteSymbolicLink
-  - IofCallDriver
-  - IoDeleteDevice
-  - HalGetBusDataByOffset
-  - HalSetBusDataByOffset
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=CN, ST=Beijing, L=Beijing, O=Qihoo 360 Software (Beijing) Company
-        Limited, OU=Tech. Dev. Dept., CN=Qihoo 360 Software (Beijing) Company Limited
-      ValidFrom: '2016-01-06 00:00:00'
-      ValidTo: '2019-03-28 23:59:59'
-      Signature: 14deff13d888b68e8fe51fe761e94a08cc7e9223861f3cf61f51f8629fc2011ae3a3b5af2efaea5120a92b16a2e3da99181ce1a741fb2cfb8dcd78c869ad25911476c9e2bcb28159a9161851e3e46c2828ca7f89bd36b454e49ef28a6d87563bced3277710e9147ec817efd71301e868158e2c9d7a6310f112134054629047fe8637cf4fe1c21a0ad29b388f0031a1e13e4f9b06dc81351d8de4bf8fc9adf748105315d0f67c9c4e391f42abdb51877347685bc072e3bb649899bb8b4697f6d48269a53576fa82f3e0a9552c03b645c07f832ddf3545877ac64f8610d861d54e3ec1c09f3586f1b78564a618e3c761409ac9c84d0a9c8cbaba46d7b11cba1dfb
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 26279f0f2f11970dccf63eba88f2d4c4
-      Version: 3
-      TBS:
-        MD5: fbebdc165d8f4616444075e0a48855e6
-        SHA1: f6bf44f1acae05fc1638190459485da95f4ed1ec
-        SHA256: 6917dc56b04b2bd7a75f0987ee27c832dc62298b698b585a4c2c07eb890b6528
-        SHA384: c857fb61de8d13e1ac649fbaa4d69acd293d8542cd380411db8bbe2fdc3b9d98c607d0d267081fac285dd33e9141f329
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 26279f0f2f11970dccf63eba88f2d4c4
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: "\u9C81\u5927\u5E08"
-  Date: ''
-  Description: Ludashi System Driver
-  FileVersion: 1.3.10.831
-  Filename: ''
-  MD5: 4429f85e2415742c7cf8c9f54905c4b9
-  MachineType: AMD64
-  OriginalFilename: ComputerZ.Sys
-  Product: Ludashi System Driver
-  ProductVersion: 1.3.10.831
-  Publisher: ''
-  SHA1: ddd36f96f5a509855f55eed9eb4cba9758d6339a
-  SHA256: 07d0090c76155318e78a676e2f8af1500c20aaa1e84f047c674d5f990f5a09c8
-  Signature: ''
-  Imphash: 223a76f59831e1a59980b603f81c271d
-  Authentihash:
-    MD5: e3bed503df0bb23e0c81b317278b62ee
-    SHA1: 0dc3a20a5b85e67735b6356da876a8dbe44a5b18
-    SHA256: e160fc9d1990bc1e7ffa556d6ada19db0d2c5c7aeb23a491704b37854a666480
-  RichPEHeaderHash:
-    MD5: f7bc3e823b56dda64b7a8789aa87612d
-    SHA1: 97b834dc6972d075c125b943de783fe4e8c7a503
-    SHA256: fef8ed434cfdce3a7a1e00bf4fa8a056dd28b93390c64443255f6d69d48ccfc6
-  Sections:
-    .text:
-      Entropy: 5.897491141813393
-      Virtual Size: '0x11b4'
-    .rdata:
-      Entropy: 4.455030251248843
-      Virtual Size: '0x310'
-    .data:
-      Entropy: 0.5159719988134768
-      Virtual Size: '0x110'
-    .pdata:
-      Entropy: 3.743559962617485
-      Virtual Size: '0x138'
-    INIT:
-      Entropy: 4.924487246749098
-      Virtual Size: '0x322'
-    .rsrc:
-      Entropy: 3.451496132005
-      Virtual Size: '0x3e8'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2010-09-01 02:09:04'
-  InternalName: ComputerZ.Sys
-  Copyright: Copyright (C) 2008-2010 www.ludashi.com
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - __C_specific_handler
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - RtlFreeUnicodeString
-  - ObfDereferenceObject
-  - MmIsAddressValid
-  - IoGetDeviceObjectPointer
-  - RtlAnsiStringToUnicodeString
-  - RtlInitAnsiString
-  - PsGetVersion
-  - KeWaitForSingleObject
-  - IofCallDriver
-  - IoBuildDeviceIoControlRequest
-  - KeInitializeEvent
-  - KeBugCheckEx
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=CN, ST=Sichuan, L=Chengdu, O=Chengdu Qiying Technology Co.,Ltd.,
-        OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=Chengdu Qiying
-        Technology Co.,Ltd.
-      ValidFrom: '2010-03-31 00:00:00'
-      ValidTo: '2011-03-31 23:59:59'
-      Signature: 1faadccc76ce27891191f3b98a4feaac1220aa61f9a07540f1de38346f466d20bb5ecda07db57aaffc5b472a5d47f928fb717b5d407aff12311fe9cac2daa7fca057a85d34058cf2c02ae2c5168e7f99c7d065b9cd2ac1beda4c9d7fdf0caf7030b821b71bae2a0d17ccbc829b469407cddec7a1fbf93d8c0364b79231b978b227ea09dc6be8d83da1b430c6a1945254bdc987341ac9bccc93c74eb006e9960a38e74815a549617678b00857098adbac42783d88babc75de8e1569fe05b4c74a79e2e423e296b4f1585db891a257dd4b82167cbc8efcd6ae322c0d778036a8fd4b549e736ba03dff6c3a8835b9279fab3639b610554c87bfa6630d8b7a07e6c3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 61359ac44514d781769fd643666b4572
-      Version: 3
-      TBS:
-        MD5: 416fc5d0038211bf34811efeff6d562f
-        SHA1: e0acbd39e2fa410a22c96e2a3eaea4342a626f40
-        SHA256: 843e587edb9c53b2fbbf84cd90b217af016da1330905b25c16bb059a26b5726e
-        SHA384: 1a1167bbac2b00e60c10a4c1dc1d0f5105c42582b1a39e05a1d60710d97a24c6ff76fe73700f0fb0e1e03f27aebb7697
-    Signer:
-    - SerialNumber: 61359ac44514d781769fd643666b4572
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: 360.cn
-  Date: ''
-  Description: Ludashi System Driver
-  FileVersion: 1.6.14.1022
-  Filename: ''
-  MD5: 006d9d615cdcc105f642ab599b66f94e
-  MachineType: AMD64
-  OriginalFilename: ComputerZ.Sys
-  Product: "\u9C81\u5927\u5E08"
-  ProductVersion: 1.6.14.1021
-  Publisher: ''
-  SHA1: ea58d72db03df85b04d1412a9b90d88ba68ab43d
-  SHA256: 0fc3bc6e81b04dcaa349f59f04d6c85c55a2fea5db8fa0ba53d3096a040ce5a7
-  Signature: ''
-  Imphash: fffbca93e6322995552b841c7d65b033
-  Authentihash:
-    MD5: 717682508e2f11589885b9d155679c04
-    SHA1: 10bc411d5414c73e2f19cd654ea23349ecc55878
-    SHA256: 58d81ddb4104c37284b15fca0d90b4388e430a34d93823df1a3514962dbcddb5
-  RichPEHeaderHash:
-    MD5: 7f4fe28fbea8250d1d89c107bf8aa820
-    SHA1: 2c88a39230384654a89546d9eae4394786648eeb
-    SHA256: ac21ab9c51c4a7d30efd0f08fc44428e2d46890849b3413fc8c4a4239c468130
-  Sections:
-    .text:
-      Entropy: 6.318474008501602
-      Virtual Size: '0x2fae'
-    .rdata:
-      Entropy: 4.6177232151719565
-      Virtual Size: '0x33c'
-    .data:
-      Entropy: 0.3888300330017545
-      Virtual Size: '0x17c'
-    .pdata:
-      Entropy: 4.038325406004775
-      Virtual Size: '0x1c8'
-    INIT:
-      Entropy: 5.1042520300899135
-      Virtual Size: '0x470'
-    .rsrc:
-      Entropy: 3.556864166617942
-      Virtual Size: '0x480'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2014-04-17 21:58:34'
-  InternalName: ComputerZ.Sys
-  Copyright: "\u7248\u6743\u6240\u6709 (C) 2010-2014 www.ludashi.com"
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IoGetDeviceAttachmentBaseRef
-  - PsGetVersion
-  - RtlCompareUnicodeString
-  - ObfDereferenceObject
-  - IoGetDeviceProperty
-  - RtlAnsiStringToUnicodeString
-  - RtlInitAnsiString
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - MmIsAddressValid
-  - IoBuildDeviceIoControlRequest
-  - KeInitializeEvent
-  - KeWaitForSingleObject
-  - IofCallDriver
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - SeTokenIsAdmin
-  - SeReleaseSubjectContext
-  - SeCaptureSubjectContext
-  - KeSetTimer
-  - KeInitializeTimerEx
-  - KeBugCheckEx
-  - __C_specific_handler
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO
-        Time Stamping Signer
-      ValidFrom: '2010-05-10 00:00:00'
-      ValidTo: '2015-05-10 23:59:59'
-      Signature: c8fb63f80b75752c3af1f213a72db6a31a9cad0107d3348e77e0c26eae025d484fa4d221b636fd2a35437c6bdf80870b15f0763200b4ceb567a42f2f201b9c549e833f1f5f149562820f2241221f70b3f3f742de6c51cd4bf821ac9b3b8cb1e5e6288fce2a8af9aa524d8c5b77ba4d5a58dbbb6a04cc521e9de228370ebbe70e91c7f8dbf18198ebcd37b30eab65d362ec3aa576eb13a83593c92e0a01ecc0e8cc3d7eb6ebe2c1ecd3149282668750dcfd5097acb34a767306c486113ab35f4304526feab3d074364ccaf11b7984377063ad74b9aa0ef398b08608ebdbe01f8c10f239649bae4f0a2c928a4f18b591e58d1a935f1faef1a6f02e97d0d2f62b3c
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 478a8efb59e1d83f0ce142d2a28707be
-      Version: 3
-      TBS:
-        MD5: f13ede9179075999ef7f856ec31e364b
-        SHA1: 2f09867166e6107e17808317f5c8d4ee157f45bc
-        SHA256: 089a2c4c6ac7432020acdb65c33bf39130da6f37c002ba79128bd4c94e4fa101
-        SHA384: 67be6d358f4ecd0726163603a404db9d78c340951d43fd608482cd89a2de7f9566f0ce45f8222f420003157cb266b939
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=CN, ST=Beijing, L=Beijing, O=Qihoo 360 Software (Beijing) Company
-        Limited, OU=Digital ID Class 3 , Microsoft Software Validation v2, OU=Tech.
-        Dev. Dept., CN=Qihoo 360 Software (Beijing) Company Limited
-      ValidFrom: '2013-03-11 00:00:00'
-      ValidTo: '2016-03-10 23:59:59'
-      Signature: b1e984808fbc7d3658d18d137c68f1277611af3e98408e495fd55de202bc04f7dc44ae362658e6b5f9dd97b5b383b94723bae937b8fb9e75bb92317a85bcee1989c90c318216da71629f3147ae647502e71e360d16b7cf7006927282265eb0014300650595d1cccc07ed28d9df246055981cec3485bc3173aef9b76912a6cbb2766fa5363e1fc0a91d4679db92e1e1b8dc84e1a14de55324d522670f9e574714b2959ea7a89db456e3debd34d35bbe6403389421ac76615e4ce194990b325132fa62279f31e86fb7043627343fef7118672d5f1ce4666a594d746bb3c69bf123f27c6cb24079fc490a382286d4e85fc118ca9a4612dda448b84a25bcd0fa2cf1
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 51bd5d8e45b82a0210f17fe4c5233468
-      Version: 3
-      TBS:
-        MD5: ad73c81b3174cc055d9718b2145a3d1f
-        SHA1: 0cb9e92828857976774a9fe96c016cdc67a25e6d
-        SHA256: 2c5d88401dfeec2ebf814e09d0d0faec9d109a503d427da4a7f3e0dec5ae0b6c
-        SHA384: 48c38329eb7f200be0d48acddabdb93c354dd1b8b3c3ce955a23638a4e2e32dd7d0f3a4f227a2b6382adc95e746cc411
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 51bd5d8e45b82a0210f17fe4c5233468
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: ludashi.com
-  Date: ''
-  Description: Ludashi System Driver
-  FileVersion: 1.6.15.1045
-  Filename: ''
-  MD5: dab9142dc12480bb39f25c9911df6c6c
-  MachineType: AMD64
-  OriginalFilename: ComputerZ.Sys
-  Product: "\u9C81\u5927\u5E08"
-  ProductVersion: 1.6.15.1045
-  Publisher: ''
-  SHA1: 1f26424eaf046dbf800ae2ac52d9bb38494d061a
-  SHA256: 13ae3081393f8100cc491ebb88ba58f0491b3550787cf3fd25a73aa7ca0290d9
-  Signature: ''
-  Imphash: fbfa302bf7eb5d615d0968541ee49ce4
-  Authentihash:
-    MD5: 98a39fd9543c26e95548235dbed6f6ee
-    SHA1: 55a83548224d9dc156e1ba4b4bd1400cad060009
-    SHA256: aac9c11490da2ad5316469aa91943b42d019b51ff6f1d9d9767260abd075bb8f
-  RichPEHeaderHash:
-    MD5: 931e927cdf1c24d5817bff89dab85a64
-    SHA1: 4cd801fca152bbe24f5f38fd11ceb6376bcef450
-    SHA256: 7122c2c491e45b9bc338bcc38386cc39217d647ee94adc68881890034b241fb2
-  Sections:
-    .text:
-      Entropy: 6.323647044082133
-      Virtual Size: '0x36fe'
-    .rdata:
-      Entropy: 4.706224571856012
-      Virtual Size: '0x3b4'
-    .data:
-      Entropy: 0.34051109993725664
-      Virtual Size: '0x1bc'
-    .pdata:
-      Entropy: 4.140010388960332
-      Virtual Size: '0x1e0'
-    INIT:
-      Entropy: 5.131166362174372
-      Virtual Size: '0x4e8'
-    .rsrc:
-      Entropy: 3.574245952532775
-      Virtual Size: '0x488'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2015-09-05 21:28:20'
-  InternalName: ComputerZ.Sys
-  Copyright: "\u7248\u6743\u6240\u6709 (C) 2010-2015 www.ludashi.com"
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - RtlGetVersion
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IoGetDeviceAttachmentBaseRef
-  - PsGetVersion
-  - RtlCompareUnicodeString
-  - ObfDereferenceObject
-  - IoGetDeviceProperty
-  - RtlAnsiStringToUnicodeString
-  - RtlInitAnsiString
-  - RtlFreeUnicodeString
-  - IoDeleteDevice
-  - MmIsAddressValid
-  - IoBuildDeviceIoControlRequest
-  - KeInitializeEvent
-  - KeWaitForSingleObject
-  - IofCallDriver
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - SeTokenIsAdmin
-  - SeReleaseSubjectContext
-  - SeCaptureSubjectContext
-  - KeSetTimer
-  - KeInitializeTimerEx
-  - KeBugCheckEx
-  - RtlInitUnicodeString
-  - IoGetDeviceObjectPointer
-  - IoDeleteSymbolicLink
-  - __C_specific_handler
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO
-        Time Stamping Signer
-      ValidFrom: '2015-05-05 00:00:00'
-      ValidTo: '2015-12-31 23:59:59'
-      Signature: 0dbbad60111bb5f00dcce6483a7a3e0e33dc1cb9ead620fea34dd0cc764ee818d879dfd34f9a4264238a29728a3a6c66a63c3a17a8704565c673c3d0ce8954fbac690f58b019cb869f7eb97eeb5192bf9bddebd165f0257b887cdebda5c8b51451bcc081308a85387be679fe67559387fe4fe88d0eedf37292b5c289806dd159e31d0deab138ee039d0019a5ab219b79c3ccc23e687ebdc94d694db46451fbb22874e25389ce9dfaade2dbceab7b7e064474fd0aa3c9b7a730cd49d29264f122a6b828457479e9a7ce3b33f98350947d68c01d49c760787a3c6426d5befa0a6de41ee109538fa9c523acc79d614221f02c1671493b10af2c6f1ae631f114fd6c
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 009feac811b0f16247a5fc20d80523ace6
-      Version: 3
-      TBS:
-        MD5: b6aa9cf28bcfc9f07ec1069fb425ab61
-        SHA1: ca7a166fcd53878ba5a38d4cac37c63513cfc1fa
-        SHA256: 711394fc49f8948a831f687d42ced6b18514f57786ecc6cdbc3c3eb72e568a40
-        SHA384: ca01f9c9ed4e1ddff7126b7bbf618bc8132429886ca563f86655429e928739c621b9fdea6e04a623712cbb998c5c7d77
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=CN, ST=Beijing, L=Beijing, O=Qihoo 360 Software (Beijing) Company
-        Limited, OU=Digital ID Class 3 , Microsoft Software Validation v2, OU=Tech.
-        Dev. Dept., CN=Qihoo 360 Software (Beijing) Company Limited
-      ValidFrom: '2013-03-11 00:00:00'
-      ValidTo: '2016-03-10 23:59:59'
-      Signature: b1e984808fbc7d3658d18d137c68f1277611af3e98408e495fd55de202bc04f7dc44ae362658e6b5f9dd97b5b383b94723bae937b8fb9e75bb92317a85bcee1989c90c318216da71629f3147ae647502e71e360d16b7cf7006927282265eb0014300650595d1cccc07ed28d9df246055981cec3485bc3173aef9b76912a6cbb2766fa5363e1fc0a91d4679db92e1e1b8dc84e1a14de55324d522670f9e574714b2959ea7a89db456e3debd34d35bbe6403389421ac76615e4ce194990b325132fa62279f31e86fb7043627343fef7118672d5f1ce4666a594d746bb3c69bf123f27c6cb24079fc490a382286d4e85fc118ca9a4612dda448b84a25bcd0fa2cf1
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 51bd5d8e45b82a0210f17fe4c5233468
-      Version: 3
-      TBS:
-        MD5: ad73c81b3174cc055d9718b2145a3d1f
-        SHA1: 0cb9e92828857976774a9fe96c016cdc67a25e6d
-        SHA256: 2c5d88401dfeec2ebf814e09d0d0faec9d109a503d427da4a7f3e0dec5ae0b6c
-        SHA384: 48c38329eb7f200be0d48acddabdb93c354dd1b8b3c3ce955a23638a4e2e32dd7d0f3a4f227a2b6382adc95e746cc411
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 51bd5d8e45b82a0210f17fe4c5233468
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: 360.cn
-  Date: ''
-  Description: Ludashi System Driver
-  FileVersion: 1.6.14.1021
-  Filename: ''
-  MD5: 0cd2504a2e0a8ad81d9a3a6a1fad7306
-  MachineType: I386
-  OriginalFilename: ComputerZ.Sys
-  Product: "\u9C81\u5927\u5E08"
-  ProductVersion: 1.6.14.1021
-  Publisher: ''
-  SHA1: 441f87633ee6fbea5dee1268d1b9b936a596464d
-  SHA256: 182bbdb9ecd3932e0f0c986b779c2b2b3997a7ca9375caa2ec59b4b08f4e9714
-  Signature: ''
-  Imphash: f9b9487f25a2c1e08c02f391387c5323
-  Authentihash:
-    MD5: e7a9db31f57baffaa58807394be333df
-    SHA1: 9fe5d0b19514ee8c335e63b2fbce6a0564b8e5cc
-    SHA256: e1a34446a3d8b2875a505b109a1c78177f9fa887472699ec9db5147b1074e42f
-  RichPEHeaderHash:
-    MD5: 7fc550aec15fd6621ba15e6f0c8d0b43
-    SHA1: 231a47a21f97fb57cdca08ba5a88d86f15920c2e
-    SHA256: 2d878af22eeafbfa7f8d8a40ca040a55f5c294ef7d7e93e7505d1fb2691880d2
-  Sections:
-    .text:
-      Entropy: 6.341617339803296
-      Virtual Size: '0x2c20'
-    .rdata:
-      Entropy: 4.038228210908961
-      Virtual Size: '0x194'
-    .data:
-      Entropy: 0.9395563653739029
-      Virtual Size: '0x64'
-    INIT:
-      Entropy: 5.471916387889967
-      Virtual Size: '0x448'
-    .rsrc:
-      Entropy: 3.553806284211462
-      Virtual Size: '0x480'
-    .reloc:
-      Entropy: 5.46903370349161
-      Virtual Size: '0x206'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2014-02-24 19:36:48'
-  InternalName: ComputerZ.Sys
-  Copyright: "\u7248\u6743\u6240\u6709 (C) 2010-2014 www.ludashi.com"
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - IoGetDeviceProperty
-  - RtlCompareUnicodeString
-  - ObfDereferenceObject
-  - IoGetDeviceAttachmentBaseRef
-  - PsGetVersion
-  - MmIsAddressValid
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - RtlAnsiStringToUnicodeString
-  - RtlInitAnsiString
-  - KeWaitForSingleObject
-  - IofCallDriver
-  - IoBuildDeviceIoControlRequest
-  - KeInitializeEvent
-  - MmUnmapIoSpace
-  - READ_REGISTER_BUFFER_UCHAR
-  - MmMapIoSpace
-  - READ_REGISTER_BUFFER_ULONG
-  - WRITE_REGISTER_ULONG
-  - WRITE_REGISTER_UCHAR
-  - KeSetTimer
-  - KeInitializeTimerEx
-  - _allmul
-  - SeReleaseSubjectContext
-  - SeTokenIsAdmin
-  - SeCaptureSubjectContext
-  - KeTickCount
-  - KeBugCheckEx
-  - RtlUnwind
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO
-        Time Stamping Signer
-      ValidFrom: '2010-05-10 00:00:00'
-      ValidTo: '2015-05-10 23:59:59'
-      Signature: c8fb63f80b75752c3af1f213a72db6a31a9cad0107d3348e77e0c26eae025d484fa4d221b636fd2a35437c6bdf80870b15f0763200b4ceb567a42f2f201b9c549e833f1f5f149562820f2241221f70b3f3f742de6c51cd4bf821ac9b3b8cb1e5e6288fce2a8af9aa524d8c5b77ba4d5a58dbbb6a04cc521e9de228370ebbe70e91c7f8dbf18198ebcd37b30eab65d362ec3aa576eb13a83593c92e0a01ecc0e8cc3d7eb6ebe2c1ecd3149282668750dcfd5097acb34a767306c486113ab35f4304526feab3d074364ccaf11b7984377063ad74b9aa0ef398b08608ebdbe01f8c10f239649bae4f0a2c928a4f18b591e58d1a935f1faef1a6f02e97d0d2f62b3c
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 478a8efb59e1d83f0ce142d2a28707be
-      Version: 3
-      TBS:
-        MD5: f13ede9179075999ef7f856ec31e364b
-        SHA1: 2f09867166e6107e17808317f5c8d4ee157f45bc
-        SHA256: 089a2c4c6ac7432020acdb65c33bf39130da6f37c002ba79128bd4c94e4fa101
-        SHA384: 67be6d358f4ecd0726163603a404db9d78c340951d43fd608482cd89a2de7f9566f0ce45f8222f420003157cb266b939
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=CN, ST=Beijing, L=Beijing, O=Qihoo 360 Software (Beijing) Company
-        Limited, OU=Digital ID Class 3 , Microsoft Software Validation v2, OU=Tech.
-        Dev. Dept., CN=Qihoo 360 Software (Beijing) Company Limited
-      ValidFrom: '2013-03-11 00:00:00'
-      ValidTo: '2016-03-10 23:59:59'
-      Signature: b1e984808fbc7d3658d18d137c68f1277611af3e98408e495fd55de202bc04f7dc44ae362658e6b5f9dd97b5b383b94723bae937b8fb9e75bb92317a85bcee1989c90c318216da71629f3147ae647502e71e360d16b7cf7006927282265eb0014300650595d1cccc07ed28d9df246055981cec3485bc3173aef9b76912a6cbb2766fa5363e1fc0a91d4679db92e1e1b8dc84e1a14de55324d522670f9e574714b2959ea7a89db456e3debd34d35bbe6403389421ac76615e4ce194990b325132fa62279f31e86fb7043627343fef7118672d5f1ce4666a594d746bb3c69bf123f27c6cb24079fc490a382286d4e85fc118ca9a4612dda448b84a25bcd0fa2cf1
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 51bd5d8e45b82a0210f17fe4c5233468
-      Version: 3
-      TBS:
-        MD5: ad73c81b3174cc055d9718b2145a3d1f
-        SHA1: 0cb9e92828857976774a9fe96c016cdc67a25e6d
-        SHA256: 2c5d88401dfeec2ebf814e09d0d0faec9d109a503d427da4a7f3e0dec5ae0b6c
-        SHA384: 48c38329eb7f200be0d48acddabdb93c354dd1b8b3c3ce955a23638a4e2e32dd7d0f3a4f227a2b6382adc95e746cc411
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 51bd5d8e45b82a0210f17fe4c5233468
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: 360.cn
-  Date: ''
-  Description: Ludashi System Driver
-  FileVersion: 1.6.12.302
-  Filename: ''
-  MD5: f7745b42882dec947f6629ab9b7c39b7
-  MachineType: AMD64
-  OriginalFilename: ComputerZ.Sys
-  Product: "360\u786C\u4EF6\u5927\u5E08"
-  ProductVersion: 1.6.12.302
-  Publisher: ''
-  SHA1: 2bb68b195f66f53f90f17b364928929d5b2883b5
-  SHA256: 26ecd3cea139218120a9f168c8c0c3b856e0dd8fb2205c2a4bcb398f5f35d8dd
-  Signature: ''
-  Imphash: fffbca93e6322995552b841c7d65b033
-  Authentihash:
-    MD5: 462a9cd6018292c641c537c08b5a2602
-    SHA1: ed9ed937052bc96ec57886d5bbc3edaaf7145451
-    SHA256: 9acd27f9b7b3075e5d5273ae285de33844aafe0477782ecd4ae573ed282f863a
-  RichPEHeaderHash:
-    MD5: a7cda6f0c911980e37ebc92229feb730
-    SHA1: 91587d822874bdf4b4d2ec960f01d9614af4ff27
-    SHA256: 645a47a93bb7711e822de9e1857874ccbcd24620e48565e30cbd354f631fca61
-  Sections:
-    .text:
-      Entropy: 6.320258380228078
-      Virtual Size: '0x28be'
-    .rdata:
-      Entropy: 4.549947297419023
-      Virtual Size: '0x324'
-    .data:
-      Entropy: 0.41099431917639
-      Virtual Size: '0x164'
-    .pdata:
-      Entropy: 4.014024074963754
-      Virtual Size: '0x198'
-    INIT:
-      Entropy: 5.1021846748561135
-      Virtual Size: '0x470'
-    .rsrc:
-      Entropy: 3.507951771882346
-      Virtual Size: '0x3b0'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2012-03-02 00:49:07'
-  InternalName: ComputerZ.Sys
-  Copyright: "\u7248\u6743\u6240\u6709 (C) 2010-2012 360.cn"
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IoGetDeviceAttachmentBaseRef
-  - PsGetVersion
-  - RtlCompareUnicodeString
-  - ObfDereferenceObject
-  - IoGetDeviceProperty
-  - RtlAnsiStringToUnicodeString
-  - RtlInitAnsiString
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - MmIsAddressValid
-  - IoBuildDeviceIoControlRequest
-  - KeInitializeEvent
-  - KeWaitForSingleObject
-  - IofCallDriver
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - SeTokenIsAdmin
-  - SeReleaseSubjectContext
-  - SeCaptureSubjectContext
-  - KeSetTimer
-  - KeInitializeTimerEx
-  - KeBugCheckEx
-  - __C_specific_handler
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=CN, ST=Beijing, L=Beijing, O=360.cn, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=360.cn
-      ValidFrom: '2010-03-16 00:00:00'
-      ValidTo: '2013-03-15 23:59:59'
-      Signature: 1d035b2e51207ee0aaa7a8618092198204b6614406a8f9057f4160de8e165777f5c7d7f1f3ba768043881dbabc4a1ffa7d3044d7f5ef0f2658173fce2a1735ba9034873c94c7865ec78160b9b00815e253a60a2eeea8b8f68cc144d47419046c97fdbf690ac7755e84230dfa0e8f4f1aaccf8f6589d9ad9f160988f4c8cc5a73c4241c74ea6770042ed7496fd6b7aa7ae64c3741aa3a1f004c75d2a9f25e0d1ac53e9dd13d2067c963a9eb089517a9d4b5a805f1d9c72c61efea0b898eaf9fb2c6e23e785c00e0b6f53e91ba0f343060ee50bdb7e41c17b25cc389e12022d1388b6af77d3031eb65febf236b795b500a49e1fe6ad9139ad09ababb9fcea00f3b
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 74f2958d31d03eb042f9081555305277
-      Version: 3
-      TBS:
-        MD5: 4f5c7d4f95e9d6a9749876f33ae138c4
-        SHA1: 3666bdaf7b0d6a9019d5111e2ffd0bf06587dd58
-        SHA256: f5b44adb5d25d0e309ae2f5db3f1e2428ef0b7332f8afcc2086786485aa7c162
-        SHA384: ae0b037429f9c36e2925d6be76b2535f8a66c6d81b07252c63ce74af493bb31d5d52c276de95cdc4c71ba56bdf7148e4
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 74f2958d31d03eb042f9081555305277
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: 360.cn
-  Date: ''
-  Description: Ludashi System Driver
-  FileVersion: 1.6.12.1018
-  Filename: ''
-  MD5: ca7b41ce335051bf9dd7fa4a55581296
-  MachineType: AMD64
-  OriginalFilename: ComputerZ.Sys
-  Product: "360\u786C\u4EF6\u5927\u5E08"
-  ProductVersion: 1.6.12.1018
-  Publisher: ''
-  SHA1: ddec18909571a9d5992f93636628756b7aa9b9a2
-  SHA256: 31ffc8218a52c3276bece1e5bac7fcb638dca0bc95c2d385511958abdbe4e4a5
-  Signature: ''
-  Imphash: fffbca93e6322995552b841c7d65b033
-  Authentihash:
-    MD5: b791f732161b03fc3fbddbdea0ec3f52
-    SHA1: cef9b850a6967a79f5db4e6cb721af2762a90a88
-    SHA256: 4d16e1f28bae42b72cad2b1511ec59968d0659a6913cce8056b4572c20303822
-  RichPEHeaderHash:
-    MD5: a7cda6f0c911980e37ebc92229feb730
-    SHA1: 91587d822874bdf4b4d2ec960f01d9614af4ff27
-    SHA256: 645a47a93bb7711e822de9e1857874ccbcd24620e48565e30cbd354f631fca61
-  Sections:
-    .text:
-      Entropy: 6.324703317375317
-      Virtual Size: '0x295e'
-    .rdata:
-      Entropy: 4.584690789245981
-      Virtual Size: '0x324'
-    .data:
-      Entropy: 0.41099431917639
-      Virtual Size: '0x164'
-    .pdata:
-      Entropy: 4.01447436542752
-      Virtual Size: '0x198'
-    INIT:
-      Entropy: 5.1021846748561135
-      Virtual Size: '0x470'
-    .rsrc:
-      Entropy: 3.5298436640182693
-      Virtual Size: '0x3b0'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2012-11-07 03:16:36'
-  InternalName: ComputerZ.Sys
-  Copyright: "\u7248\u6743\u6240\u6709 (C) 2010-2012 360.cn"
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IoGetDeviceAttachmentBaseRef
-  - PsGetVersion
-  - RtlCompareUnicodeString
-  - ObfDereferenceObject
-  - IoGetDeviceProperty
-  - RtlAnsiStringToUnicodeString
-  - RtlInitAnsiString
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - MmIsAddressValid
-  - IoBuildDeviceIoControlRequest
-  - KeInitializeEvent
-  - KeWaitForSingleObject
-  - IofCallDriver
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - SeTokenIsAdmin
-  - SeReleaseSubjectContext
-  - SeCaptureSubjectContext
-  - KeSetTimer
-  - KeInitializeTimerEx
-  - KeBugCheckEx
-  - __C_specific_handler
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G3
-      ValidFrom: '2012-05-01 00:00:00'
-      ValidTo: '2012-12-31 23:59:59'
-      Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
-      Version: 3
-      TBS:
-        MD5: e6d820afb23af20a65cf0b03247ea05e
-        SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
-        SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
-        SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=CN, ST=Beijing, L=Beijing, O=360.cn, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=360.cn
-      ValidFrom: '2010-03-16 00:00:00'
-      ValidTo: '2013-03-15 23:59:59'
-      Signature: 1d035b2e51207ee0aaa7a8618092198204b6614406a8f9057f4160de8e165777f5c7d7f1f3ba768043881dbabc4a1ffa7d3044d7f5ef0f2658173fce2a1735ba9034873c94c7865ec78160b9b00815e253a60a2eeea8b8f68cc144d47419046c97fdbf690ac7755e84230dfa0e8f4f1aaccf8f6589d9ad9f160988f4c8cc5a73c4241c74ea6770042ed7496fd6b7aa7ae64c3741aa3a1f004c75d2a9f25e0d1ac53e9dd13d2067c963a9eb089517a9d4b5a805f1d9c72c61efea0b898eaf9fb2c6e23e785c00e0b6f53e91ba0f343060ee50bdb7e41c17b25cc389e12022d1388b6af77d3031eb65febf236b795b500a49e1fe6ad9139ad09ababb9fcea00f3b
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 74f2958d31d03eb042f9081555305277
-      Version: 3
-      TBS:
-        MD5: 4f5c7d4f95e9d6a9749876f33ae138c4
-        SHA1: 3666bdaf7b0d6a9019d5111e2ffd0bf06587dd58
-        SHA256: f5b44adb5d25d0e309ae2f5db3f1e2428ef0b7332f8afcc2086786485aa7c162
-        SHA384: ae0b037429f9c36e2925d6be76b2535f8a66c6d81b07252c63ce74af493bb31d5d52c276de95cdc4c71ba56bdf7148e4
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 74f2958d31d03eb042f9081555305277
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: 360.cn
-  Date: ''
-  Description: Ludashi System Driver
-  FileVersion: 1.6.11.1129
-  Filename: ''
-  MD5: 159f89d9870e208abd8b912c3d1d3ae9
-  MachineType: AMD64
-  OriginalFilename: ComputerZ.Sys
-  Product: "360\u786C\u4EF6\u5927\u5E08"
-  ProductVersion: 1.6.11.1129
-  Publisher: ''
-  SHA1: 5cfec6aa4842e5bafff23937f5efca71f21cf7ca
-  SHA256: 348dc502ac57d7362c7f222e656c52e630c90bef92217a3bd20e49193b5a69f1
-  Signature: ''
-  Imphash: fffbca93e6322995552b841c7d65b033
-  Authentihash:
-    MD5: 2f2350f631202a79acea24c65290c114
-    SHA1: bcd6c1d912830061824d423ffa8d07421433215a
-    SHA256: 11e76c3f091b3771d881e82f7171e72228bd43877aeea9008d7de4bda184aec2
-  RichPEHeaderHash:
-    MD5: c6a84fd8b9ad9825f80dad9cd0c9e192
-    SHA1: 2955d54729fcdec5454796a4decd2ce2fd49f167
-    SHA256: d409b635f972a6ced87c5ac14d62792a70f26f226099fc41075fbcea4daf6f29
-  Sections:
-    .text:
-      Entropy: 6.337114871973153
-      Virtual Size: '0x287e'
-    .rdata:
-      Entropy: 4.651420212037889
-      Virtual Size: '0x30c'
-    .data:
-      Entropy: 0.41099431917639
-      Virtual Size: '0x164'
-    .pdata:
-      Entropy: 3.9492163220317558
-      Virtual Size: '0x180'
-    INIT:
-      Entropy: 5.095554796299162
-      Virtual Size: '0x470'
-    .rsrc:
-      Entropy: 3.52687041352958
-      Virtual Size: '0x3b0'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2011-11-30 03:27:11'
-  InternalName: ComputerZ.Sys
-  Copyright: "\u7248\u6743\u6240\u6709 (C) 2010-2011 360.cn"
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IoGetDeviceAttachmentBaseRef
-  - PsGetVersion
-  - RtlCompareUnicodeString
-  - ObfDereferenceObject
-  - IoGetDeviceProperty
-  - RtlAnsiStringToUnicodeString
-  - RtlInitAnsiString
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - MmIsAddressValid
-  - IoBuildDeviceIoControlRequest
-  - KeInitializeEvent
-  - KeWaitForSingleObject
-  - IofCallDriver
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - SeTokenIsAdmin
-  - SeReleaseSubjectContext
-  - SeCaptureSubjectContext
-  - KeSetTimer
-  - KeInitializeTimerEx
-  - KeBugCheckEx
-  - __C_specific_handler
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=CN, ST=Beijing, L=Beijing, O=360.cn, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=360.cn
-      ValidFrom: '2010-03-16 00:00:00'
-      ValidTo: '2013-03-15 23:59:59'
-      Signature: 1d035b2e51207ee0aaa7a8618092198204b6614406a8f9057f4160de8e165777f5c7d7f1f3ba768043881dbabc4a1ffa7d3044d7f5ef0f2658173fce2a1735ba9034873c94c7865ec78160b9b00815e253a60a2eeea8b8f68cc144d47419046c97fdbf690ac7755e84230dfa0e8f4f1aaccf8f6589d9ad9f160988f4c8cc5a73c4241c74ea6770042ed7496fd6b7aa7ae64c3741aa3a1f004c75d2a9f25e0d1ac53e9dd13d2067c963a9eb089517a9d4b5a805f1d9c72c61efea0b898eaf9fb2c6e23e785c00e0b6f53e91ba0f343060ee50bdb7e41c17b25cc389e12022d1388b6af77d3031eb65febf236b795b500a49e1fe6ad9139ad09ababb9fcea00f3b
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 74f2958d31d03eb042f9081555305277
-      Version: 3
-      TBS:
-        MD5: 4f5c7d4f95e9d6a9749876f33ae138c4
-        SHA1: 3666bdaf7b0d6a9019d5111e2ffd0bf06587dd58
-        SHA256: f5b44adb5d25d0e309ae2f5db3f1e2428ef0b7332f8afcc2086786485aa7c162
-        SHA384: ae0b037429f9c36e2925d6be76b2535f8a66c6d81b07252c63ce74af493bb31d5d52c276de95cdc4c71ba56bdf7148e4
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 74f2958d31d03eb042f9081555305277
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: ludashi.com
-  Date: ''
-  Description: Ludashi System Driver
-  FileVersion: 1.1020.1030.1217
-  Filename: ''
-  MD5: 6ba221afb17342a3c81245a4958516a2
-  MachineType: AMD64
-  OriginalFilename: ComputerZ.Sys
-  Product: "\u9C81\u5927\u5E08"
-  ProductVersion: 1.1020.1030.1217
-  Publisher: ''
-  SHA1: 7c996d9ef7e47a3b197ff69798333dc29a04cc8a
-  SHA256: 37d999df20c1a0b8ffaef9484c213a97b9987ed308b4ba07316a6013fbd31c60
-  Signature: ''
-  Imphash: 1427c5f0f4fb100e26a3911f8209504b
-  Authentihash:
-    MD5: 245ccd9242dcc0ff7a8defc7a496bfd2
-    SHA1: 66b24de401ff03030585a778bb4665338e87494c
-    SHA256: 1f4647364210b9ec997483f9a707a733c4e1b59263c1046301dee90890273f34
-  RichPEHeaderHash:
-    MD5: 290fe3bdce284c8212f3064b32eb31d7
-    SHA1: 5d4ee43b584947ef637a702c4550d47a239c8d62
-    SHA256: 8523b6eb7567114055ba82faa7f1d7801cd00b6f8c6e87dee48fdceae32b7efe
-  Sections:
-    .text:
-      Entropy: 6.356689564177742
-      Virtual Size: '0x3fae'
-    .rdata:
-      Entropy: 4.67241303817361
-      Virtual Size: '0x424'
-    .data:
-      Entropy: 0.31187978478105094
-      Virtual Size: '0x1ec'
-    .pdata:
-      Entropy: 4.157923480569919
-      Virtual Size: '0x234'
-    INIT:
-      Entropy: 5.132395977062985
-      Virtual Size: '0x4b0'
-    .rsrc:
-      Entropy: 3.5345136989811943
-      Virtual Size: '0x3e0'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2020-12-17 03:08:51'
-  InternalName: ComputerZ.Sys
-  Copyright: "\u7248\u6743\u6240\u6709 (C) 2010-2020 www.ludashi.com"
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - _wcsicmp
-  - IoGetDeviceAttachmentBaseRef
-  - PsGetVersion
-  - ObfDereferenceObject
-  - IoGetDeviceProperty
-  - RtlAnsiStringToUnicodeString
-  - RtlInitAnsiString
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - RtlGetVersion
-  - IoBuildDeviceIoControlRequest
-  - KeInitializeEvent
-  - KeWaitForSingleObject
-  - IofCallDriver
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - SeTokenIsAdmin
-  - SeReleaseSubjectContext
-  - KeDelayExecutionThread
-  - SeCaptureSubjectContext
-  - KeBugCheckEx
-  - IoDeleteDevice
-  - RtlInitUnicodeString
-  - MmIsAddressValid
-  - IoDeleteSymbolicLink
-  - __C_specific_handler
-  - HalGetBusDataByOffset
-  - HalSetBusDataByOffset
-  - KeStallExecutionProcessor
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root
-        CA
-      ValidFrom: '2011-04-15 19:41:37'
-      ValidTo: '2021-04-15 19:51:37'
-      Signature: 5cf5b22d02ceed01b53512d813f7aa4014c7a15ca08a55ed7e55ea6ac457176fd04722423658efc5ac61c5f62c52ce6ae6c80d85dab334420ea40225182672b92a4ea57e4b16f2a0e40c449ce24d9af474f0f927a6699031c244654348c74869d0fc8409f286140ac22996857f11eb8713176ed3ec6bff1d578ab17b1ea5a07ce9a27a68e5fac6b161d67263fa379163835599f81d614f0c6fa3f7bcb1152acc8d85e31417ef7e49443fb022c0f0acbe2fdbe10c86b0f4585c5a10a94bcdf3448a4652083e0a6210e9459504b78b8d4b074f500db7bbe7fb8ca27878c6c53b7663b2cfe521845a66fce04c79834ecfa8ee700586587cc29cd73ca3ad3c7e76625c87d0ed7cd5c55b1421f4be75a275d2e9e15ad020307841624d6b5e6e1b1710244ad8588775d015d762bbfd185665842561977faad49df4f35d6da031c2e19e02ac3e90c3327ee832903416d08b14cf95accee58c54a265b8bfed186a57073ed3e79a4a2f081a041c49871a8ae61b08a365d81c31c50d9cbab368ddf45076160675fec403e7d13edfdc862e10027e661296534e7af3365879b12042d8963f35be3f8ef2999743f5e40ce13c68728c8d49d75a52b573fb7a35943a61b08482c04885c19732d39b725fa0d2348f7ef0467cf28c7294c707b0d7b5b230b81965f09c8327b0a0abd0a2727e050fb3aeddb95b9b42bcc32663456b86f11d4643edc8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611cb28a000000000026
-      Version: 3
-      TBS:
-        MD5: 983a0c315a50542362f2bd6a5d71c8d0
-        SHA1: 8047f476001f5cb16a661d2a3fd0c3576168f5e2
-        SHA256: 5f6a519ed2e35cd0fa1cdfc90f4387162c36287bbf9e4d6648251d99542a9e83
-        SHA384: 5f014b60511ddab3247ef0b3c03fe82c622237ba76015e2911d1adc50dc632d56ebd1ee532f3c2b6cbfe68d80a2c91dc
-    - Subject: C=CN, ST=, L=, O=, CN=
-      ValidFrom: '2020-09-22 00:00:00'
-      ValidTo: '2021-11-03 12:00:00'
-      Signature: 13db2c81c633c1bcbd24583f4cad5f4bd0232e41c522e305508be512b31dfbd3044c237481ea96acab73c7546abe77305354ac011394026846c10cb34e86a768e44d8b5926558ec8cf18819016b9385e80097f0c6ec6475812391baf984d0f1989ac661dde4c29576e53b512e14541d5ae061282063d2c78a93203a58ccbd1890ebaf9021e37f9f445ca35eaecede3a9cb7eda7298521e98a9700128085b6ed12a1580a0aa1e9154c2b7987dd98bbecae3878cd5b81dcb859c1373058dc0aa5cde4cfd1ab33a65d380eb29848de8ce003c5e013d694ad5bc4a5eaa88b16dd590d059a4efe8dc4e65073e1a91ae76cdcecf24070a4a674985bafc7bf6dd976040
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03fd3e81a23e67968baf999b7a1b3bbc
-      Version: 3
-      TBS:
-        MD5: f59257898e29705841730d2e5f7360e2
-        SHA1: 366a61045b4c61e4f763413993da98b2d1122d89
-        SHA256: e3079aa603102d9040e6f1d637b95d13e7c94cec366637a99abd629711cc681c
-        SHA384: 1876b057e7b177bca4d184d0e9ee2510c706e8e6b85d1e5aea268823d0bf1d59637c0eb343d913a147643ef2298854d0
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code
-        Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 7b721d64ff88c83ac1b7e9e7a9c487bbdb9492d7905933fa2b87dea85b80253f138f9b831b7c43c4e68cdf393ec315ecb0da3b21257b24c1725db84791811346fa9c3f6a5138deb425cbf0abdfc528015479104624d1380f26a161904dbabd28e63ff1c4aa9bf6da35534fc9f23dd36cdc23edaaa04d6709f33a803d3cfb364c90e776a4ddf23abf56352fa24c65e8e0d4dad1c7c8916a2d234f373b199418d4d59c103cd5b11c19ff8fc86b9b9ef8ae9c999678d1cd9c51155b4226725a8d0a4a239240e886de22c2933ad49b68a6df297f06b93c0ebd9fc4869c82474271328609997209794b9d7169f541ff7f397764f1848dbe8b1eb27d68a3a590b10cff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0fa8490615d700a0be2176fdc5ec6dbd
-      Version: 3
-      TBS:
-        MD5: a9a31555bbc92b6033975c5428fb3679
-        SHA1: 47f4b9898631773231b32844ec0d49990ac4eb1e
-        SHA256: c826846e4b1d73edb7561ab1b41c949354e237a91e82fe1be5b7e2e1701f52d1
-        SHA384: 86f49574f368a561914a52d7ae043ec6784ef8c718960700f834e123594605d25d39f1ad45f1eb5052c9567f3edd0e16
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 03fd3e81a23e67968baf999b7a1b3bbc
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code
-        Signing CA,1
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: "\u9C81\u5927\u5E08"
-  Date: ''
-  Description: Ludashi System Driver
-  FileVersion: 1.3.10.802
-  Filename: ''
-  MD5: f3f5c518bc3715492cb0b7c59e94c357
-  MachineType: I386
-  OriginalFilename: ComputerZ.Sys
-  Product: Ludashi System Driver
-  ProductVersion: 1.3.10.802
-  Publisher: ''
-  SHA1: 8278db134d3b505c735306393fdf104d014fb3bf
-  SHA256: 386745d23a841e1c768b5bdf052e0c79bb47245f9713ee64e2a63f330697f0c8
-  Signature: ''
-  Imphash: b142d772a67c40535c8d8fabb6861748
-  Authentihash:
-    MD5: 66b4187e1b01819b2eecffaf79b0d5ce
-    SHA1: 9411830260a6fe79dcbe1854ea5338f0da2b9d42
-    SHA256: 8cc23f39380a590d822d9c064a064c274554d814b651ae4b2f0560d8b016f105
-  RichPEHeaderHash:
-    MD5: 45205f6fbd955e6f411225db2c836af9
-    SHA1: 123f4b488a573fbe556339280d0485feb65fc9a1
-    SHA256: a59884d16bd282a5d177da9ed228fe715c89a3682deeced17bd47246b0ad7e6a
-  Sections:
-    .text:
-      Entropy: 6.30554447906216
-      Virtual Size: '0xc2c'
-    .rdata:
-      Entropy: 4.109499016606657
-      Virtual Size: '0x164'
-    .data:
-      Entropy: 2.5
-      Virtual Size: '0x8'
-    INIT:
-      Entropy: 5.373220833511577
-      Virtual Size: '0x30e'
-    .rsrc:
-      Entropy: 3.45360307263041
-      Virtual Size: '0x3e8'
-    .reloc:
-      Entropy: 4.016862360862906
-      Virtual Size: '0xda'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2010-08-02 02:58:39'
-  InternalName: ComputerZ.Sys
-  Copyright: Copyright (C) 2008-2010 www.ludashi.com
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - _except_handler3
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - READ_REGISTER_BUFFER_ULONG
-  - WRITE_REGISTER_ULONG
-  - WRITE_REGISTER_UCHAR
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - ObfDereferenceObject
-  - MmIsAddressValid
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - RtlAnsiStringToUnicodeString
-  - RtlInitAnsiString
-  - PsGetVersion
-  - KeWaitForSingleObject
-  - IofCallDriver
-  - IoBuildDeviceIoControlRequest
-  - KeInitializeEvent
-  - KeTickCount
-  - KeBugCheckEx
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=CN, ST=Sichuan, L=Chengdu, O=Chengdu Qiying Technology Co.,Ltd.,
-        OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=Chengdu Qiying
-        Technology Co.,Ltd.
-      ValidFrom: '2010-03-31 00:00:00'
-      ValidTo: '2011-03-31 23:59:59'
-      Signature: 1faadccc76ce27891191f3b98a4feaac1220aa61f9a07540f1de38346f466d20bb5ecda07db57aaffc5b472a5d47f928fb717b5d407aff12311fe9cac2daa7fca057a85d34058cf2c02ae2c5168e7f99c7d065b9cd2ac1beda4c9d7fdf0caf7030b821b71bae2a0d17ccbc829b469407cddec7a1fbf93d8c0364b79231b978b227ea09dc6be8d83da1b430c6a1945254bdc987341ac9bccc93c74eb006e9960a38e74815a549617678b00857098adbac42783d88babc75de8e1569fe05b4c74a79e2e423e296b4f1585db891a257dd4b82167cbc8efcd6ae322c0d778036a8fd4b549e736ba03dff6c3a8835b9279fab3639b610554c87bfa6630d8b7a07e6c3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 61359ac44514d781769fd643666b4572
-      Version: 3
-      TBS:
-        MD5: 416fc5d0038211bf34811efeff6d562f
-        SHA1: e0acbd39e2fa410a22c96e2a3eaea4342a626f40
-        SHA256: 843e587edb9c53b2fbbf84cd90b217af016da1330905b25c16bb059a26b5726e
-        SHA384: 1a1167bbac2b00e60c10a4c1dc1d0f5105c42582b1a39e05a1d60710d97a24c6ff76fe73700f0fb0e1e03f27aebb7697
-    Signer:
-    - SerialNumber: 61359ac44514d781769fd643666b4572
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: 360.cn
-  Date: ''
-  Description: Ludashi System Driver
-  FileVersion: 1.6.11.415
-  Filename: ''
-  MD5: ee3b74cdfed959782dff84153e3d5a6e
-  MachineType: I386
-  OriginalFilename: ComputerZ.Sys
-  Product: "360\u786C\u4EF6\u5927\u5E08"
-  ProductVersion: 1.6.11.415
-  Publisher: ''
-  SHA1: 53a194e1a30ed9b2d3acd87c2752cfa6645eea76
-  SHA256: 39134750f909987f6ebb46cf37519bb80707be0ca2017f3735018bac795a3f8d
-  Signature: ''
-  Imphash: f9b9487f25a2c1e08c02f391387c5323
-  Authentihash:
-    MD5: ff44341db8793b06163bd7443d7a2fb7
-    SHA1: 5f4f4071df9b391fd8f93d6124f802fa8b4b61d8
-    SHA256: c2898d715a1806b6cb574bff1dcd4bb2fd026ac624a2fbe71b7f17a64d0a9451
-  RichPEHeaderHash:
-    MD5: 2b333a796628f5a6167204d8386db243
-    SHA1: 42eee62246749bc7f1c13620a762c056e9d0a754
-    SHA256: 78a5ad5e597ace30219e94d7082fb7d502c98948841e6885741e72d94d058d3b
-  Sections:
-    .text:
-      Entropy: 6.332419090076251
-      Virtual Size: '0x25fc'
-    .rdata:
-      Entropy: 4.042106979727347
-      Virtual Size: '0x194'
-    .data:
-      Entropy: 0.9185644431995964
-      Virtual Size: '0x40'
-    INIT:
-      Entropy: 5.440242429774388
-      Virtual Size: '0x448'
-    .rsrc:
-      Entropy: 3.5165348803600867
-      Virtual Size: '0x3b0'
-    .reloc:
-      Entropy: 5.262723438442423
-      Virtual Size: '0x1d2'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2011-04-15 03:21:16'
-  InternalName: ComputerZ.Sys
-  Copyright: "\u7248\u6743\u6240\u6709 (C) 2010-2011 360.cn"
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - IoGetDeviceProperty
-  - RtlCompareUnicodeString
-  - ObfDereferenceObject
-  - IoGetDeviceAttachmentBaseRef
-  - PsGetVersion
-  - MmIsAddressValid
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - RtlAnsiStringToUnicodeString
-  - RtlInitAnsiString
-  - KeWaitForSingleObject
-  - IofCallDriver
-  - IoBuildDeviceIoControlRequest
-  - KeInitializeEvent
-  - MmUnmapIoSpace
-  - READ_REGISTER_BUFFER_UCHAR
-  - MmMapIoSpace
-  - READ_REGISTER_BUFFER_ULONG
-  - WRITE_REGISTER_ULONG
-  - WRITE_REGISTER_UCHAR
-  - KeSetTimer
-  - KeInitializeTimerEx
-  - _allmul
-  - SeReleaseSubjectContext
-  - SeTokenIsAdmin
-  - SeCaptureSubjectContext
-  - KeTickCount
-  - KeBugCheckEx
-  - RtlUnwind
-  Signatures: {}
-  LoadsDespiteHVCI: 'FALSE'
-- Company: 360.cn
-  Date: ''
-  Description: Ludashi System Driver
-  FileVersion: 1.6.11.415
-  Filename: ''
-  MD5: 7d87a9c54e49943bf18574c6f02788ee
-  MachineType: I386
-  OriginalFilename: ComputerZ.Sys
-  Product: "360\u786C\u4EF6\u5927\u5E08"
-  ProductVersion: 1.6.11.415
-  Publisher: ''
-  SHA1: 92befb8b3d17bd3f510d09d464ec0131f8a43b8f
-  SHA256: 3e758221506628b116e88c14e71be99940894663013df3cf1a9e0b6fb18852b9
-  Signature: ''
-  Imphash: f9b9487f25a2c1e08c02f391387c5323
-  Authentihash:
-    MD5: ff44341db8793b06163bd7443d7a2fb7
-    SHA1: 5f4f4071df9b391fd8f93d6124f802fa8b4b61d8
-    SHA256: c2898d715a1806b6cb574bff1dcd4bb2fd026ac624a2fbe71b7f17a64d0a9451
-  RichPEHeaderHash:
-    MD5: 2b333a796628f5a6167204d8386db243
-    SHA1: 42eee62246749bc7f1c13620a762c056e9d0a754
-    SHA256: 78a5ad5e597ace30219e94d7082fb7d502c98948841e6885741e72d94d058d3b
-  Sections:
-    .text:
-      Entropy: 6.332419090076251
-      Virtual Size: '0x25fc'
-    .rdata:
-      Entropy: 4.042106979727347
-      Virtual Size: '0x194'
-    .data:
-      Entropy: 0.9185644431995964
-      Virtual Size: '0x40'
-    INIT:
-      Entropy: 5.440242429774388
-      Virtual Size: '0x448'
-    .rsrc:
-      Entropy: 3.5165348803600867
-      Virtual Size: '0x3b0'
-    .reloc:
-      Entropy: 5.262723438442423
-      Virtual Size: '0x1d2'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2011-04-15 03:21:16'
-  InternalName: ComputerZ.Sys
-  Copyright: "\u7248\u6743\u6240\u6709 (C) 2010-2011 360.cn"
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - IoGetDeviceProperty
-  - RtlCompareUnicodeString
-  - ObfDereferenceObject
-  - IoGetDeviceAttachmentBaseRef
-  - PsGetVersion
-  - MmIsAddressValid
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - RtlAnsiStringToUnicodeString
-  - RtlInitAnsiString
-  - KeWaitForSingleObject
-  - IofCallDriver
-  - IoBuildDeviceIoControlRequest
-  - KeInitializeEvent
-  - MmUnmapIoSpace
-  - READ_REGISTER_BUFFER_UCHAR
-  - MmMapIoSpace
-  - READ_REGISTER_BUFFER_ULONG
-  - WRITE_REGISTER_ULONG
-  - WRITE_REGISTER_UCHAR
-  - KeSetTimer
-  - KeInitializeTimerEx
-  - _allmul
-  - SeReleaseSubjectContext
-  - SeTokenIsAdmin
-  - SeCaptureSubjectContext
-  - KeTickCount
-  - KeBugCheckEx
-  - RtlUnwind
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=CN, ST=Sichuan, L=Chengdu, O=Chengdu Qiying Technology Co.,Ltd.,
-        OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=Chengdu Qiying
-        Technology Co.,Ltd.
-      ValidFrom: '2011-03-24 00:00:00'
-      ValidTo: '2012-04-21 23:59:59'
-      Signature: cd066ca62f5db4c9ca07274bc3f10d7e1e9a9beb90957073cfd2fd65e8bfd419db87e5fcf772c2b099bdff5de2412caa65069a5502a69ecaf6ad4659e901a8837c2bfd3bd81ea1305378c81d53cc4384010bf48d51c86f43586f22e546e41df4f5dc7f5cb73a24f7da0661c38eca09982e8fe91275f412aacec0842ce28efeb295c88ad1c74fcdbd744ec90640da8620ba02e7a2ab4857c8fccaf7de1268e513b8bbac9407f0a9fa59194d70659e46111ab4cd5f1fce1b97c663ceea671c055659e1d24cbe3f4cfb366ecc89f350f1a54eb1fcd3f5dbfc0efef9cb4b0e71996a94aaa92380859fa92371593420e258d0a14d09dc9bfd6c4b528c83d439b44abf
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 4eb872f0c388229ae038b56303fcfdd5
-      Version: 3
-      TBS:
-        MD5: 08ba4b408576a45f9ae47b3bb6bee468
-        SHA1: 8701103a3c6f007be112d5f0d1cdfe32f73d1c02
-        SHA256: 8ba1e1472491da70d5de5d5b6e754d3217893f3abea2877e228c0bfccf07e8b2
-        SHA384: d63bb928f6a887680169cb72c13b8a402c574766848035406c9fb119643f7f7a04852ccdfbddf0ff673d7189e4aa09f4
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 4eb872f0c388229ae038b56303fcfdd5
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: ludashi.com
-  Date: ''
-  Description: Ludashi System Driver
-  FileVersion: 1.1020.1030.1217
-  Filename: ''
-  MD5: 8a973be665923e9708974e72228f9805
-  MachineType: I386
-  OriginalFilename: ComputerZ.Sys
-  Product: "\u9C81\u5927\u5E08"
-  ProductVersion: 1.1020.1030.1217
-  Publisher: ''
-  SHA1: 34b2986f1ff5146f7145433f1ef5dfe6210131d0
-  SHA256: 3f3684a37b2645fa6827943d9812ffc2d83e89e962935b29874bec7c3714a06f
-  Signature: ''
-  Imphash: 050d389675730da0d9d75367659cd53b
-  Authentihash:
-    MD5: 98e90e61976ed80c2d4db4e949ccb4dd
-    SHA1: c8b1dcdb8c29435c60b5c1e7ebaa399637c880a7
-    SHA256: e4f90ded38e11860497b9d0290bcf93a6bcb48e836b334010894a2de865b148c
-  RichPEHeaderHash:
-    MD5: d1a79229c378e2371e92e26510f9d7dc
-    SHA1: 59d47b012da8415f780a06d0204294a48affa1ab
-    SHA256: cc6c4013bb762de8a20b4e2f725a9388fab9c386c3e86a5e30c1cc4429c6a525
-  Sections:
-    .text:
-      Entropy: 6.304794231575882
-      Virtual Size: '0x3bac'
-    .rdata:
-      Entropy: 4.036978756000567
-      Virtual Size: '0x1b4'
-    .data:
-      Entropy: 0.5154246727248383
-      Virtual Size: '0xd0'
-    INIT:
-      Entropy: 5.472409663915438
-      Virtual Size: '0x492'
-    .rsrc:
-      Entropy: 3.530874948502931
-      Virtual Size: '0x3e0'
-    .reloc:
-      Entropy: 5.920309756075584
-      Virtual Size: '0x2d8'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2020-12-17 03:08:52'
-  InternalName: ComputerZ.Sys
-  Copyright: "\u7248\u6743\u6240\u6709 (C) 2010-2020 www.ludashi.com"
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - RtlGetVersion
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - IoGetDeviceProperty
-  - _wcsicmp
-  - ObfDereferenceObject
-  - IoGetDeviceAttachmentBaseRef
-  - PsGetVersion
-  - memset
-  - MmIsAddressValid
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - RtlAnsiStringToUnicodeString
-  - RtlInitAnsiString
-  - KeWaitForSingleObject
-  - IofCallDriver
-  - IofCompleteRequest
-  - KeInitializeEvent
-  - MmUnmapIoSpace
-  - READ_REGISTER_BUFFER_UCHAR
-  - MmMapIoSpace
-  - READ_REGISTER_BUFFER_ULONG
-  - WRITE_REGISTER_ULONG
-  - WRITE_REGISTER_UCHAR
-  - KeDelayExecutionThread
-  - _allmul
-  - SeReleaseSubjectContext
-  - SeTokenIsAdmin
-  - SeCaptureSubjectContext
-  - KeTickCount
-  - KeBugCheckEx
-  - RtlUnwind
-  - RtlInitUnicodeString
-  - IoDeleteSymbolicLink
-  - IoBuildDeviceIoControlRequest
-  - IoDeleteDevice
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  - KeStallExecutionProcessor
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root
-        CA
-      ValidFrom: '2011-04-15 19:41:37'
-      ValidTo: '2021-04-15 19:51:37'
-      Signature: 5cf5b22d02ceed01b53512d813f7aa4014c7a15ca08a55ed7e55ea6ac457176fd04722423658efc5ac61c5f62c52ce6ae6c80d85dab334420ea40225182672b92a4ea57e4b16f2a0e40c449ce24d9af474f0f927a6699031c244654348c74869d0fc8409f286140ac22996857f11eb8713176ed3ec6bff1d578ab17b1ea5a07ce9a27a68e5fac6b161d67263fa379163835599f81d614f0c6fa3f7bcb1152acc8d85e31417ef7e49443fb022c0f0acbe2fdbe10c86b0f4585c5a10a94bcdf3448a4652083e0a6210e9459504b78b8d4b074f500db7bbe7fb8ca27878c6c53b7663b2cfe521845a66fce04c79834ecfa8ee700586587cc29cd73ca3ad3c7e76625c87d0ed7cd5c55b1421f4be75a275d2e9e15ad020307841624d6b5e6e1b1710244ad8588775d015d762bbfd185665842561977faad49df4f35d6da031c2e19e02ac3e90c3327ee832903416d08b14cf95accee58c54a265b8bfed186a57073ed3e79a4a2f081a041c49871a8ae61b08a365d81c31c50d9cbab368ddf45076160675fec403e7d13edfdc862e10027e661296534e7af3365879b12042d8963f35be3f8ef2999743f5e40ce13c68728c8d49d75a52b573fb7a35943a61b08482c04885c19732d39b725fa0d2348f7ef0467cf28c7294c707b0d7b5b230b81965f09c8327b0a0abd0a2727e050fb3aeddb95b9b42bcc32663456b86f11d4643edc8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611cb28a000000000026
-      Version: 3
-      TBS:
-        MD5: 983a0c315a50542362f2bd6a5d71c8d0
-        SHA1: 8047f476001f5cb16a661d2a3fd0c3576168f5e2
-        SHA256: 5f6a519ed2e35cd0fa1cdfc90f4387162c36287bbf9e4d6648251d99542a9e83
-        SHA384: 5f014b60511ddab3247ef0b3c03fe82c622237ba76015e2911d1adc50dc632d56ebd1ee532f3c2b6cbfe68d80a2c91dc
-    - Subject: C=CN, ST=, L=, O=, CN=
-      ValidFrom: '2020-09-22 00:00:00'
-      ValidTo: '2021-11-03 12:00:00'
-      Signature: 13db2c81c633c1bcbd24583f4cad5f4bd0232e41c522e305508be512b31dfbd3044c237481ea96acab73c7546abe77305354ac011394026846c10cb34e86a768e44d8b5926558ec8cf18819016b9385e80097f0c6ec6475812391baf984d0f1989ac661dde4c29576e53b512e14541d5ae061282063d2c78a93203a58ccbd1890ebaf9021e37f9f445ca35eaecede3a9cb7eda7298521e98a9700128085b6ed12a1580a0aa1e9154c2b7987dd98bbecae3878cd5b81dcb859c1373058dc0aa5cde4cfd1ab33a65d380eb29848de8ce003c5e013d694ad5bc4a5eaa88b16dd590d059a4efe8dc4e65073e1a91ae76cdcecf24070a4a674985bafc7bf6dd976040
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03fd3e81a23e67968baf999b7a1b3bbc
-      Version: 3
-      TBS:
-        MD5: f59257898e29705841730d2e5f7360e2
-        SHA1: 366a61045b4c61e4f763413993da98b2d1122d89
-        SHA256: e3079aa603102d9040e6f1d637b95d13e7c94cec366637a99abd629711cc681c
-        SHA384: 1876b057e7b177bca4d184d0e9ee2510c706e8e6b85d1e5aea268823d0bf1d59637c0eb343d913a147643ef2298854d0
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code
-        Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 7b721d64ff88c83ac1b7e9e7a9c487bbdb9492d7905933fa2b87dea85b80253f138f9b831b7c43c4e68cdf393ec315ecb0da3b21257b24c1725db84791811346fa9c3f6a5138deb425cbf0abdfc528015479104624d1380f26a161904dbabd28e63ff1c4aa9bf6da35534fc9f23dd36cdc23edaaa04d6709f33a803d3cfb364c90e776a4ddf23abf56352fa24c65e8e0d4dad1c7c8916a2d234f373b199418d4d59c103cd5b11c19ff8fc86b9b9ef8ae9c999678d1cd9c51155b4226725a8d0a4a239240e886de22c2933ad49b68a6df297f06b93c0ebd9fc4869c82474271328609997209794b9d7169f541ff7f397764f1848dbe8b1eb27d68a3a590b10cff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0fa8490615d700a0be2176fdc5ec6dbd
-      Version: 3
-      TBS:
-        MD5: a9a31555bbc92b6033975c5428fb3679
-        SHA1: 47f4b9898631773231b32844ec0d49990ac4eb1e
-        SHA256: c826846e4b1d73edb7561ab1b41c949354e237a91e82fe1be5b7e2e1701f52d1
-        SHA384: 86f49574f368a561914a52d7ae043ec6784ef8c718960700f834e123594605d25d39f1ad45f1eb5052c9567f3edd0e16
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 03fd3e81a23e67968baf999b7a1b3bbc
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code
-        Signing CA,1
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: 360.cn
-  Date: ''
-  Description: Ludashi System Driver
-  FileVersion: 1.6.14.1022
-  Filename: ''
-  MD5: 0d123be07e2dfd2b2ade49ad2a905a5b
-  MachineType: I386
-  OriginalFilename: ComputerZ.Sys
-  Product: "\u9C81\u5927\u5E08"
-  ProductVersion: 1.6.14.1021
-  Publisher: ''
-  SHA1: c74f6293be68533995e4b95469e6dddedd1c3905
-  SHA256: 40eef1f52c7b81750cee2b74b5d2f4155d4e58bdde5e18ea612ab09ed0864554
-  Signature: ''
-  Imphash: f9b9487f25a2c1e08c02f391387c5323
-  Authentihash:
-    MD5: 91540db08dc5242983241c8cd8979178
-    SHA1: 8db33a31ff39917a4dbd0ed5a2b785cf751ec862
-    SHA256: 811f82960814c21949534fc1808e341a5b22caf52a094e5e427dac3aa6c7aa73
-  RichPEHeaderHash:
-    MD5: 7fc550aec15fd6621ba15e6f0c8d0b43
-    SHA1: 231a47a21f97fb57cdca08ba5a88d86f15920c2e
-    SHA256: 2d878af22eeafbfa7f8d8a40ca040a55f5c294ef7d7e93e7505d1fb2691880d2
-  Sections:
-    .text:
-      Entropy: 6.341617339803296
-      Virtual Size: '0x2c20'
-    .rdata:
-      Entropy: 4.045541622895057
-      Virtual Size: '0x194'
-    .data:
-      Entropy: 0.9395563653739029
-      Virtual Size: '0x64'
-    INIT:
-      Entropy: 5.471916387889967
-      Virtual Size: '0x448'
-    .rsrc:
-      Entropy: 3.552352662648348
-      Virtual Size: '0x480'
-    .reloc:
-      Entropy: 5.46903370349161
-      Virtual Size: '0x206'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2014-04-17 21:58:31'
-  InternalName: ComputerZ.Sys
-  Copyright: "\u7248\u6743\u6240\u6709 (C) 2010-2014 www.ludashi.com"
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - IoGetDeviceProperty
-  - RtlCompareUnicodeString
-  - ObfDereferenceObject
-  - IoGetDeviceAttachmentBaseRef
-  - PsGetVersion
-  - MmIsAddressValid
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - RtlAnsiStringToUnicodeString
-  - RtlInitAnsiString
-  - KeWaitForSingleObject
-  - IofCallDriver
-  - IoBuildDeviceIoControlRequest
-  - KeInitializeEvent
-  - MmUnmapIoSpace
-  - READ_REGISTER_BUFFER_UCHAR
-  - MmMapIoSpace
-  - READ_REGISTER_BUFFER_ULONG
-  - WRITE_REGISTER_ULONG
-  - WRITE_REGISTER_UCHAR
-  - KeSetTimer
-  - KeInitializeTimerEx
-  - _allmul
-  - SeReleaseSubjectContext
-  - SeTokenIsAdmin
-  - SeCaptureSubjectContext
-  - KeTickCount
-  - KeBugCheckEx
-  - RtlUnwind
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO
-        Time Stamping Signer
-      ValidFrom: '2010-05-10 00:00:00'
-      ValidTo: '2015-05-10 23:59:59'
-      Signature: c8fb63f80b75752c3af1f213a72db6a31a9cad0107d3348e77e0c26eae025d484fa4d221b636fd2a35437c6bdf80870b15f0763200b4ceb567a42f2f201b9c549e833f1f5f149562820f2241221f70b3f3f742de6c51cd4bf821ac9b3b8cb1e5e6288fce2a8af9aa524d8c5b77ba4d5a58dbbb6a04cc521e9de228370ebbe70e91c7f8dbf18198ebcd37b30eab65d362ec3aa576eb13a83593c92e0a01ecc0e8cc3d7eb6ebe2c1ecd3149282668750dcfd5097acb34a767306c486113ab35f4304526feab3d074364ccaf11b7984377063ad74b9aa0ef398b08608ebdbe01f8c10f239649bae4f0a2c928a4f18b591e58d1a935f1faef1a6f02e97d0d2f62b3c
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 478a8efb59e1d83f0ce142d2a28707be
-      Version: 3
-      TBS:
-        MD5: f13ede9179075999ef7f856ec31e364b
-        SHA1: 2f09867166e6107e17808317f5c8d4ee157f45bc
-        SHA256: 089a2c4c6ac7432020acdb65c33bf39130da6f37c002ba79128bd4c94e4fa101
-        SHA384: 67be6d358f4ecd0726163603a404db9d78c340951d43fd608482cd89a2de7f9566f0ce45f8222f420003157cb266b939
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=CN, ST=Beijing, L=Beijing, O=Qihoo 360 Software (Beijing) Company
-        Limited, OU=Digital ID Class 3 , Microsoft Software Validation v2, OU=Tech.
-        Dev. Dept., CN=Qihoo 360 Software (Beijing) Company Limited
-      ValidFrom: '2013-03-11 00:00:00'
-      ValidTo: '2016-03-10 23:59:59'
-      Signature: b1e984808fbc7d3658d18d137c68f1277611af3e98408e495fd55de202bc04f7dc44ae362658e6b5f9dd97b5b383b94723bae937b8fb9e75bb92317a85bcee1989c90c318216da71629f3147ae647502e71e360d16b7cf7006927282265eb0014300650595d1cccc07ed28d9df246055981cec3485bc3173aef9b76912a6cbb2766fa5363e1fc0a91d4679db92e1e1b8dc84e1a14de55324d522670f9e574714b2959ea7a89db456e3debd34d35bbe6403389421ac76615e4ce194990b325132fa62279f31e86fb7043627343fef7118672d5f1ce4666a594d746bb3c69bf123f27c6cb24079fc490a382286d4e85fc118ca9a4612dda448b84a25bcd0fa2cf1
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 51bd5d8e45b82a0210f17fe4c5233468
-      Version: 3
-      TBS:
-        MD5: ad73c81b3174cc055d9718b2145a3d1f
-        SHA1: 0cb9e92828857976774a9fe96c016cdc67a25e6d
-        SHA256: 2c5d88401dfeec2ebf814e09d0d0faec9d109a503d427da4a7f3e0dec5ae0b6c
-        SHA384: 48c38329eb7f200be0d48acddabdb93c354dd1b8b3c3ce955a23638a4e2e32dd7d0f3a4f227a2b6382adc95e746cc411
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 51bd5d8e45b82a0210f17fe4c5233468
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: ludashi.com
-  Date: ''
-  Description: Ludashi System Driver
-  FileVersion: 1.6.16.1005
-  Filename: ''
-  MD5: 2751c7fd7f09479fa2b15168695adebc
-  MachineType: I386
-  OriginalFilename: ComputerZ.Sys
-  Product: "\u9C81\u5927\u5E08"
-  ProductVersion: 1.6.16.1005
-  Publisher: ''
-  SHA1: 229716e61f74db821d5065bac533469efb54867b
-  SHA256: 423f052690b6b523502931151dfcc63530e3bd9d79680f9b5ac033b23b5c6f18
-  Signature: ''
-  Imphash: a53b095a8d7366075d445892070cde51
-  Authentihash:
-    MD5: 9e942fef50fc9b5d806b205e5f58fd52
-    SHA1: dc05788d55803c417369bf42491f78bad6fdb139
-    SHA256: 10576dad4928b01c21ecd2ed9914abba8bf4edae964d5d9d3c0d64ec7657f3d3
-  RichPEHeaderHash:
-    MD5: 36d79e4bc2a15ca68d83887d15f8f3b0
-    SHA1: 8ae8df369a94635efe2cd11c5a54829a352887c5
-    SHA256: c7e19135c0e8c6b70db667044a45444ec135e550845f32f0b49fa08cfe0a9e7e
-  Sections:
-    .text:
-      Entropy: 6.308380539521111
-      Virtual Size: '0x3480'
-    .rdata:
-      Entropy: 4.079851535781263
-      Virtual Size: '0x1a4'
-    .data:
-      Entropy: 0.6683247346784849
-      Virtual Size: '0x98'
-    INIT:
-      Entropy: 5.453732397752759
-      Virtual Size: '0x4b4'
-    .rsrc:
-      Entropy: 3.5694600740980404
-      Virtual Size: '0x488'
-    .reloc:
-      Entropy: 5.771234247296874
-      Virtual Size: '0x286'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2016-04-18 20:27:25'
-  InternalName: ComputerZ.Sys
-  Copyright: "\u7248\u6743\u6240\u6709 (C) 2010-2016 www.ludashi.com"
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IofCompleteRequest
-  - RtlGetVersion
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - IoGetDeviceProperty
-  - RtlCompareUnicodeString
-  - ObfDereferenceObject
-  - IoGetDeviceAttachmentBaseRef
-  - PsGetVersion
-  - MmIsAddressValid
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - RtlAnsiStringToUnicodeString
-  - RtlInitAnsiString
-  - KeWaitForSingleObject
-  - RtlInitUnicodeString
-  - IoBuildDeviceIoControlRequest
-  - KeInitializeEvent
-  - MmUnmapIoSpace
-  - READ_REGISTER_BUFFER_UCHAR
-  - MmMapIoSpace
-  - READ_REGISTER_BUFFER_ULONG
-  - WRITE_REGISTER_ULONG
-  - WRITE_REGISTER_UCHAR
-  - KeSetTimer
-  - KeInitializeTimerEx
-  - _allmul
-  - SeReleaseSubjectContext
-  - SeTokenIsAdmin
-  - SeCaptureSubjectContext
-  - KeTickCount
-  - KeBugCheckEx
-  - RtlUnwind
-  - IoDeleteSymbolicLink
-  - IofCallDriver
-  - IoDeleteDevice
-  - HalGetBusDataByOffset
-  - HalSetBusDataByOffset
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=CN, ST=Beijing, L=Beijing, O=Qihoo 360 Software (Beijing) Company
-        Limited, OU=Tech. Dev. Dept., CN=Qihoo 360 Software (Beijing) Company Limited
-      ValidFrom: '2016-01-06 00:00:00'
-      ValidTo: '2019-03-28 23:59:59'
-      Signature: 14deff13d888b68e8fe51fe761e94a08cc7e9223861f3cf61f51f8629fc2011ae3a3b5af2efaea5120a92b16a2e3da99181ce1a741fb2cfb8dcd78c869ad25911476c9e2bcb28159a9161851e3e46c2828ca7f89bd36b454e49ef28a6d87563bced3277710e9147ec817efd71301e868158e2c9d7a6310f112134054629047fe8637cf4fe1c21a0ad29b388f0031a1e13e4f9b06dc81351d8de4bf8fc9adf748105315d0f67c9c4e391f42abdb51877347685bc072e3bb649899bb8b4697f6d48269a53576fa82f3e0a9552c03b645c07f832ddf3545877ac64f8610d861d54e3ec1c09f3586f1b78564a618e3c761409ac9c84d0a9c8cbaba46d7b11cba1dfb
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 26279f0f2f11970dccf63eba88f2d4c4
-      Version: 3
-      TBS:
-        MD5: fbebdc165d8f4616444075e0a48855e6
-        SHA1: f6bf44f1acae05fc1638190459485da95f4ed1ec
-        SHA256: 6917dc56b04b2bd7a75f0987ee27c832dc62298b698b585a4c2c07eb890b6528
-        SHA384: c857fb61de8d13e1ac649fbaa4d69acd293d8542cd380411db8bbe2fdc3b9d98c607d0d267081fac285dd33e9141f329
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 26279f0f2f11970dccf63eba88f2d4c4
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: ludashi.com
-  Date: ''
-  Description: Ludashi System Driver
-  FileVersion: 1.6.16.1000
-  Filename: ''
-  MD5: 15dd3ef7df34f9b464e9b38c2deb0793
-  MachineType: I386
-  OriginalFilename: ComputerZ.Sys
-  Product: "\u9C81\u5927\u5E08"
-  ProductVersion: 1.6.16.1000
-  Publisher: ''
-  SHA1: 88811e1a542f33431b9f8b74cb8bf27209b27f17
-  SHA256: 468b087a0901d7bd971ab564b03ded48c508840b1f9e5d233a7916d1da6d9bd5
-  Signature: ''
-  Imphash: 60e068470635cf20cc19b7f8e8cbfc5f
-  Authentihash:
-    MD5: a816b0ae3be265e0c94cb5c327d8b8b0
-    SHA1: 21f2c89ddef3f65f13275052865ae1fc07d0d938
-    SHA256: 448048bafeb3796bfce954dd78e1b90f5849d9b3459c51750f210da8bafb8753
-  RichPEHeaderHash:
-    MD5: 36d79e4bc2a15ca68d83887d15f8f3b0
-    SHA1: 8ae8df369a94635efe2cd11c5a54829a352887c5
-    SHA256: c7e19135c0e8c6b70db667044a45444ec135e550845f32f0b49fa08cfe0a9e7e
-  Sections:
-    .text:
-      Entropy: 6.347659623346448
-      Virtual Size: '0x3370'
-    .rdata:
-      Entropy: 4.08913757037624
-      Virtual Size: '0x1a4'
-    .data:
-      Entropy: 0.6683247346784849
-      Virtual Size: '0x98'
-    INIT:
-      Entropy: 5.454359380727977
-      Virtual Size: '0x4b4'
-    .rsrc:
-      Entropy: 3.56231919573584
-      Virtual Size: '0x488'
-    .reloc:
-      Entropy: 5.745697158903053
-      Virtual Size: '0x27e'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2016-02-26 01:48:30'
-  InternalName: ComputerZ.Sys
-  Copyright: "\u7248\u6743\u6240\u6709 (C) 2010-2016 www.ludashi.com"
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - RtlGetVersion
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - IoGetDeviceProperty
-  - RtlCompareUnicodeString
-  - ObfDereferenceObject
-  - IoGetDeviceAttachmentBaseRef
-  - PsGetVersion
-  - MmIsAddressValid
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - RtlAnsiStringToUnicodeString
-  - RtlInitAnsiString
-  - KeWaitForSingleObject
-  - RtlInitUnicodeString
-  - IoBuildDeviceIoControlRequest
-  - KeInitializeEvent
-  - MmUnmapIoSpace
-  - READ_REGISTER_BUFFER_UCHAR
-  - MmMapIoSpace
-  - READ_REGISTER_BUFFER_ULONG
-  - WRITE_REGISTER_ULONG
-  - WRITE_REGISTER_UCHAR
-  - KeSetTimer
-  - KeInitializeTimerEx
-  - _allmul
-  - SeReleaseSubjectContext
-  - SeTokenIsAdmin
-  - SeCaptureSubjectContext
-  - KeTickCount
-  - KeBugCheckEx
-  - RtlUnwind
-  - IoDeleteSymbolicLink
-  - IofCallDriver
-  - IoDeleteDevice
-  - HalGetBusDataByOffset
-  - HalSetBusDataByOffset
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=CN, ST=Beijing, L=Beijing, O=Qihoo 360 Software (Beijing) Company
-        Limited, OU=Tech. Dev. Dept., CN=Qihoo 360 Software (Beijing) Company Limited
-      ValidFrom: '2016-01-06 00:00:00'
-      ValidTo: '2019-03-28 23:59:59'
-      Signature: 14deff13d888b68e8fe51fe761e94a08cc7e9223861f3cf61f51f8629fc2011ae3a3b5af2efaea5120a92b16a2e3da99181ce1a741fb2cfb8dcd78c869ad25911476c9e2bcb28159a9161851e3e46c2828ca7f89bd36b454e49ef28a6d87563bced3277710e9147ec817efd71301e868158e2c9d7a6310f112134054629047fe8637cf4fe1c21a0ad29b388f0031a1e13e4f9b06dc81351d8de4bf8fc9adf748105315d0f67c9c4e391f42abdb51877347685bc072e3bb649899bb8b4697f6d48269a53576fa82f3e0a9552c03b645c07f832ddf3545877ac64f8610d861d54e3ec1c09f3586f1b78564a618e3c761409ac9c84d0a9c8cbaba46d7b11cba1dfb
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 26279f0f2f11970dccf63eba88f2d4c4
-      Version: 3
-      TBS:
-        MD5: fbebdc165d8f4616444075e0a48855e6
-        SHA1: f6bf44f1acae05fc1638190459485da95f4ed1ec
-        SHA256: 6917dc56b04b2bd7a75f0987ee27c832dc62298b698b585a4c2c07eb890b6528
-        SHA384: c857fb61de8d13e1ac649fbaa4d69acd293d8542cd380411db8bbe2fdc3b9d98c607d0d267081fac285dd33e9141f329
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 26279f0f2f11970dccf63eba88f2d4c4
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: 360.cn
-  Date: ''
-  Description: Ludashi System Driver
-  FileVersion: 1.6.11.1008
-  Filename: ''
-  MD5: 0fbf893691a376b168d8cdf427b89945
-  MachineType: AMD64
-  OriginalFilename: ComputerZ.Sys
-  Product: "360\u786C\u4EF6\u5927\u5E08"
-  ProductVersion: 1.6.11.1008
-  Publisher: ''
-  SHA1: 98600e919b8579d89e232a253d7277355b652750
-  SHA256: 47c490cc83a17ff36a1a92e08d63e76edffba49c9577865315a6c9be6ba80a7d
-  Signature: ''
-  Imphash: fffbca93e6322995552b841c7d65b033
-  Authentihash:
-    MD5: 8289ff20bf4f317bec672811f31b301a
-    SHA1: ae373bd5efa1d240b8a0a9c02dd9aa28313e39e5
-    SHA256: da99d80082f3492080cd036d121d6d017b9e8d09edcd59e099b1755aa7e9be16
-  RichPEHeaderHash:
-    MD5: c6a84fd8b9ad9825f80dad9cd0c9e192
-    SHA1: 2955d54729fcdec5454796a4decd2ce2fd49f167
-    SHA256: d409b635f972a6ced87c5ac14d62792a70f26f226099fc41075fbcea4daf6f29
-  Sections:
-    .text:
-      Entropy: 6.337985452252188
-      Virtual Size: '0x283e'
-    .rdata:
-      Entropy: 4.64724214111085
-      Virtual Size: '0x308'
-    .data:
-      Entropy: 0.41099431917639
-      Virtual Size: '0x164'
-    .pdata:
-      Entropy: 3.820847865098973
-      Virtual Size: '0x180'
-    INIT:
-      Entropy: 5.095356237769951
-      Virtual Size: '0x470'
-    .rsrc:
-      Entropy: 3.527424727145746
-      Virtual Size: '0x3b0'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2011-10-07 22:15:32'
-  InternalName: ComputerZ.Sys
-  Copyright: "\u7248\u6743\u6240\u6709 (C) 2010-2011 360.cn"
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IoGetDeviceAttachmentBaseRef
-  - PsGetVersion
-  - RtlCompareUnicodeString
-  - ObfDereferenceObject
-  - IoGetDeviceProperty
-  - RtlAnsiStringToUnicodeString
-  - RtlInitAnsiString
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - MmIsAddressValid
-  - IoBuildDeviceIoControlRequest
-  - KeInitializeEvent
-  - KeWaitForSingleObject
-  - IofCallDriver
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - SeTokenIsAdmin
-  - SeReleaseSubjectContext
-  - SeCaptureSubjectContext
-  - KeSetTimer
-  - KeInitializeTimerEx
-  - KeBugCheckEx
-  - __C_specific_handler
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=CN, ST=Sichuan, L=Chengdu, O=Chengdu Qiying Technology Co.,Ltd.,
-        OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=Chengdu Qiying
-        Technology Co.,Ltd.
-      ValidFrom: '2011-03-24 00:00:00'
-      ValidTo: '2012-04-21 23:59:59'
-      Signature: cd066ca62f5db4c9ca07274bc3f10d7e1e9a9beb90957073cfd2fd65e8bfd419db87e5fcf772c2b099bdff5de2412caa65069a5502a69ecaf6ad4659e901a8837c2bfd3bd81ea1305378c81d53cc4384010bf48d51c86f43586f22e546e41df4f5dc7f5cb73a24f7da0661c38eca09982e8fe91275f412aacec0842ce28efeb295c88ad1c74fcdbd744ec90640da8620ba02e7a2ab4857c8fccaf7de1268e513b8bbac9407f0a9fa59194d70659e46111ab4cd5f1fce1b97c663ceea671c055659e1d24cbe3f4cfb366ecc89f350f1a54eb1fcd3f5dbfc0efef9cb4b0e71996a94aaa92380859fa92371593420e258d0a14d09dc9bfd6c4b528c83d439b44abf
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 4eb872f0c388229ae038b56303fcfdd5
-      Version: 3
-      TBS:
-        MD5: 08ba4b408576a45f9ae47b3bb6bee468
-        SHA1: 8701103a3c6f007be112d5f0d1cdfe32f73d1c02
-        SHA256: 8ba1e1472491da70d5de5d5b6e754d3217893f3abea2877e228c0bfccf07e8b2
-        SHA384: d63bb928f6a887680169cb72c13b8a402c574766848035406c9fb119643f7f7a04852ccdfbddf0ff673d7189e4aa09f4
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 4eb872f0c388229ae038b56303fcfdd5
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: "\u9C81\u5927\u5E08"
-  Date: ''
-  Description: Ludashi System Driver
-  FileVersion: 1.3.10.802
-  Filename: ''
-  MD5: 4f963d716a60737e5b59299f00daf285
-  MachineType: AMD64
-  OriginalFilename: ComputerZ.Sys
-  Product: Ludashi System Driver
-  ProductVersion: 1.3.10.802
-  Publisher: ''
-  SHA1: 879b32fcf78044cbc74b57717ab3ae18e77bc2fb
-  SHA256: 5aee1bae73d056960b3a2d2e24ea07c44358dc7bc3f8ac58cc015cccc8f8d89c
-  Signature: ''
-  Imphash: 223a76f59831e1a59980b603f81c271d
-  Authentihash:
-    MD5: 774176c8bcad0347dc02365e2992cb35
-    SHA1: 2691b12459cd8daecd942385ca64d8313ea78332
-    SHA256: fb3176deae54472750747167287284c3cda5e14248ee10844305f322adcb81cd
-  RichPEHeaderHash:
-    MD5: f7bc3e823b56dda64b7a8789aa87612d
-    SHA1: 97b834dc6972d075c125b943de783fe4e8c7a503
-    SHA256: fef8ed434cfdce3a7a1e00bf4fa8a056dd28b93390c64443255f6d69d48ccfc6
-  Sections:
-    .text:
-      Entropy: 5.84076554645177
-      Virtual Size: '0xf44'
-    .rdata:
-      Entropy: 4.463998880670284
-      Virtual Size: '0x2ac'
-    .data:
-      Entropy: 0.5159719988134768
-      Virtual Size: '0x110'
-    .pdata:
-      Entropy: 3.6135610041122836
-      Virtual Size: '0xfc'
-    INIT:
-      Entropy: 4.947977722302833
-      Virtual Size: '0x322'
-    .rsrc:
-      Entropy: 3.454357960132574
-      Virtual Size: '0x3e8'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2010-08-02 02:58:46'
-  InternalName: ComputerZ.Sys
-  Copyright: Copyright (C) 2008-2010 www.ludashi.com
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - __C_specific_handler
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - RtlFreeUnicodeString
-  - ObfDereferenceObject
-  - MmIsAddressValid
-  - IoGetDeviceObjectPointer
-  - RtlAnsiStringToUnicodeString
-  - RtlInitAnsiString
-  - PsGetVersion
-  - KeWaitForSingleObject
-  - IofCallDriver
-  - IoBuildDeviceIoControlRequest
-  - KeInitializeEvent
-  - KeBugCheckEx
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=CN, ST=Sichuan, L=Chengdu, O=Chengdu Qiying Technology Co.,Ltd.,
-        OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=Chengdu Qiying
-        Technology Co.,Ltd.
-      ValidFrom: '2010-03-31 00:00:00'
-      ValidTo: '2011-03-31 23:59:59'
-      Signature: 1faadccc76ce27891191f3b98a4feaac1220aa61f9a07540f1de38346f466d20bb5ecda07db57aaffc5b472a5d47f928fb717b5d407aff12311fe9cac2daa7fca057a85d34058cf2c02ae2c5168e7f99c7d065b9cd2ac1beda4c9d7fdf0caf7030b821b71bae2a0d17ccbc829b469407cddec7a1fbf93d8c0364b79231b978b227ea09dc6be8d83da1b430c6a1945254bdc987341ac9bccc93c74eb006e9960a38e74815a549617678b00857098adbac42783d88babc75de8e1569fe05b4c74a79e2e423e296b4f1585db891a257dd4b82167cbc8efcd6ae322c0d778036a8fd4b549e736ba03dff6c3a8835b9279fab3639b610554c87bfa6630d8b7a07e6c3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 61359ac44514d781769fd643666b4572
-      Version: 3
-      TBS:
-        MD5: 416fc5d0038211bf34811efeff6d562f
-        SHA1: e0acbd39e2fa410a22c96e2a3eaea4342a626f40
-        SHA256: 843e587edb9c53b2fbbf84cd90b217af016da1330905b25c16bb059a26b5726e
-        SHA384: 1a1167bbac2b00e60c10a4c1dc1d0f5105c42582b1a39e05a1d60710d97a24c6ff76fe73700f0fb0e1e03f27aebb7697
-    Signer:
-    - SerialNumber: 61359ac44514d781769fd643666b4572
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: "\u9C81\u5927\u5E08"
-  Date: ''
-  Description: Ludashi System Driver
-  FileVersion: 1.3.10.1110
-  Filename: ''
-  MD5: 931d4f01b5a88027ef86437f1b862000
-  MachineType: AMD64
-  OriginalFilename: ComputerZ.Sys
-  Product: Ludashi System Driver
-  ProductVersion: 1.3.10.1110
-  Publisher: ''
-  SHA1: a14d96b65d3968181d57b57ee60c533cb621b707
-  SHA256: 5c80dc051c4b0c62b9284211f71e5567c0c0187e466591eacb93e7dc10e4b9ab
-  Signature: ''
-  Imphash: 27db67ffa112f866f1d34c32226e09cf
-  Authentihash:
-    MD5: 3b253d28bd35fc413cf6f32fcf2b991d
-    SHA1: d45c92707664f70a1f537833187dd42cb381470d
-    SHA256: 28bac5dbcdd887f35f8fef454d5df1f53c18a90c51d8222636f487a0f351f725
-  RichPEHeaderHash:
-    MD5: 712c9acf9249f9b6194f890ef2c4677e
-    SHA1: 4db43c2a0f66a029cd8f5df58124ac8f43b4437b
-    SHA256: 617aebfb52124be4fe9394332dc751e1c916480a1fa87489bcf116bdc9d97d92
-  Sections:
-    .text:
-      Entropy: 6.229518311277104
-      Virtual Size: '0x13f4'
-    .rdata:
-      Entropy: 4.406492937093676
-      Virtual Size: '0x1fc'
-    .data:
-      Entropy: 0.5159719988134768
-      Virtual Size: '0x110'
-    .pdata:
-      Entropy: 3.435198680954687
-      Virtual Size: '0x9c'
-    INIT:
-      Entropy: 4.975886532684368
-      Virtual Size: '0x31a'
-    .rsrc:
-      Entropy: 3.448470909792412
-      Virtual Size: '0x3e8'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2010-11-10 01:33:17'
-  InternalName: ComputerZ.Sys
-  Copyright: Copyright (C) 2008-2010 www.ludashi.com
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - IoBuildDeviceIoControlRequest
-  - RtlAnsiStringToUnicodeString
-  - KeInitializeEvent
-  - RtlInitAnsiString
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - KeWaitForSingleObject
-  - PsGetVersion
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - IofCallDriver
-  - KeBugCheckEx
-  - __C_specific_handler
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=CN, ST=Sichuan, L=Chengdu, O=Chengdu Qiying Technology Co.,Ltd.,
-        OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=Chengdu Qiying
-        Technology Co.,Ltd.
-      ValidFrom: '2010-03-31 00:00:00'
-      ValidTo: '2011-03-31 23:59:59'
-      Signature: 1faadccc76ce27891191f3b98a4feaac1220aa61f9a07540f1de38346f466d20bb5ecda07db57aaffc5b472a5d47f928fb717b5d407aff12311fe9cac2daa7fca057a85d34058cf2c02ae2c5168e7f99c7d065b9cd2ac1beda4c9d7fdf0caf7030b821b71bae2a0d17ccbc829b469407cddec7a1fbf93d8c0364b79231b978b227ea09dc6be8d83da1b430c6a1945254bdc987341ac9bccc93c74eb006e9960a38e74815a549617678b00857098adbac42783d88babc75de8e1569fe05b4c74a79e2e423e296b4f1585db891a257dd4b82167cbc8efcd6ae322c0d778036a8fd4b549e736ba03dff6c3a8835b9279fab3639b610554c87bfa6630d8b7a07e6c3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 61359ac44514d781769fd643666b4572
-      Version: 3
-      TBS:
-        MD5: 416fc5d0038211bf34811efeff6d562f
-        SHA1: e0acbd39e2fa410a22c96e2a3eaea4342a626f40
-        SHA256: 843e587edb9c53b2fbbf84cd90b217af016da1330905b25c16bb059a26b5726e
-        SHA384: 1a1167bbac2b00e60c10a4c1dc1d0f5105c42582b1a39e05a1d60710d97a24c6ff76fe73700f0fb0e1e03f27aebb7697
-    Signer:
-    - SerialNumber: 61359ac44514d781769fd643666b4572
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: ludashi.com
-  Date: ''
-  Description: Ludashi System Driver
-  FileVersion: 1.6.15.1045
-  Filename: ''
-  MD5: 35493772986f610753be29121cd68234
-  MachineType: I386
-  OriginalFilename: ComputerZ.Sys
-  Product: "\u9C81\u5927\u5E08"
-  ProductVersion: 1.6.15.1045
-  Publisher: ''
-  SHA1: b2b01c728e0e8ef7b2e9040d6db9828bd4a5b48d
-  SHA256: 5c9e257c9740561b5744812e1343815e7972c362c8993d972b96a56e18c712f3
-  Signature: ''
-  Imphash: a53b095a8d7366075d445892070cde51
-  Authentihash:
-    MD5: 55f05d6f7d05be2f6570b52ee06507e1
-    SHA1: 9a861ad1b13314a3637e16b286911d54db02a4bc
-    SHA256: bcf3c0762d6600506ff3b2f13ac6d978041b0b50131b3a564a558611dd3b96df
-  RichPEHeaderHash:
-    MD5: 36d79e4bc2a15ca68d83887d15f8f3b0
-    SHA1: 8ae8df369a94635efe2cd11c5a54829a352887c5
-    SHA256: c7e19135c0e8c6b70db667044a45444ec135e550845f32f0b49fa08cfe0a9e7e
-  Sections:
-    .text:
-      Entropy: 6.3753294877462245
-      Virtual Size: '0x3190'
-    .rdata:
-      Entropy: 4.088208142934422
-      Virtual Size: '0x1a4'
-    .data:
-      Entropy: 0.6406837316805838
-      Virtual Size: '0xa0'
-    INIT:
-      Entropy: 5.453105414777541
-      Virtual Size: '0x4b4'
-    .rsrc:
-      Entropy: 3.57239965128271
-      Virtual Size: '0x488'
-    .reloc:
-      Entropy: 5.767403415227798
-      Virtual Size: '0x282'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2015-09-05 21:28:18'
-  InternalName: ComputerZ.Sys
-  Copyright: "\u7248\u6743\u6240\u6709 (C) 2010-2015 www.ludashi.com"
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IofCompleteRequest
-  - RtlGetVersion
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - IoGetDeviceProperty
-  - RtlCompareUnicodeString
-  - ObfDereferenceObject
-  - IoGetDeviceAttachmentBaseRef
-  - PsGetVersion
-  - MmIsAddressValid
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - RtlAnsiStringToUnicodeString
-  - RtlInitAnsiString
-  - KeWaitForSingleObject
-  - RtlInitUnicodeString
-  - IoBuildDeviceIoControlRequest
-  - KeInitializeEvent
-  - MmUnmapIoSpace
-  - READ_REGISTER_BUFFER_UCHAR
-  - MmMapIoSpace
-  - READ_REGISTER_BUFFER_ULONG
-  - WRITE_REGISTER_ULONG
-  - WRITE_REGISTER_UCHAR
-  - KeSetTimer
-  - KeInitializeTimerEx
-  - _allmul
-  - SeReleaseSubjectContext
-  - SeTokenIsAdmin
-  - SeCaptureSubjectContext
-  - KeTickCount
-  - KeBugCheckEx
-  - RtlUnwind
-  - IoDeleteSymbolicLink
-  - IofCallDriver
-  - IoDeleteDevice
-  - HalGetBusDataByOffset
-  - HalSetBusDataByOffset
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO
-        Time Stamping Signer
-      ValidFrom: '2015-05-05 00:00:00'
-      ValidTo: '2015-12-31 23:59:59'
-      Signature: 0dbbad60111bb5f00dcce6483a7a3e0e33dc1cb9ead620fea34dd0cc764ee818d879dfd34f9a4264238a29728a3a6c66a63c3a17a8704565c673c3d0ce8954fbac690f58b019cb869f7eb97eeb5192bf9bddebd165f0257b887cdebda5c8b51451bcc081308a85387be679fe67559387fe4fe88d0eedf37292b5c289806dd159e31d0deab138ee039d0019a5ab219b79c3ccc23e687ebdc94d694db46451fbb22874e25389ce9dfaade2dbceab7b7e064474fd0aa3c9b7a730cd49d29264f122a6b828457479e9a7ce3b33f98350947d68c01d49c760787a3c6426d5befa0a6de41ee109538fa9c523acc79d614221f02c1671493b10af2c6f1ae631f114fd6c
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 009feac811b0f16247a5fc20d80523ace6
-      Version: 3
-      TBS:
-        MD5: b6aa9cf28bcfc9f07ec1069fb425ab61
-        SHA1: ca7a166fcd53878ba5a38d4cac37c63513cfc1fa
-        SHA256: 711394fc49f8948a831f687d42ced6b18514f57786ecc6cdbc3c3eb72e568a40
-        SHA384: ca01f9c9ed4e1ddff7126b7bbf618bc8132429886ca563f86655429e928739c621b9fdea6e04a623712cbb998c5c7d77
-    - Subject: ??=HK, ??=Private Organization, serialNumber=1848744, C=HK, ST=Hong
-        Kong, L=Hong Kong, O=QIHU 360 SOFTWARE CO. LIMITED, CN=QIHU 360 SOFTWARE CO.
-        LIMITED
-      ValidFrom: '2013-05-21 00:00:00'
-      ValidTo: '2016-05-20 23:59:59'
-      Signature: 587d78ec02924b2d33f7c5cc7040ac737c6fca831ea1f059e6a03b75fa436dee4b7ff5ac1c23878cf3427830d11a3ea28eb7e01e07866f5208f06e3f53b7804792c79d3d6ae28d86bf5389667f6bc26499ab3f426cf4ab0f25ba10e46ef47e398eeb7346bdf4c94dda781f9b8dd207d68694c24cccf6784993196d868768e64c839aaf875032fab8bc00e0e35d791b7c9d00527038d7913aba02ea1a4dca9b6058ce8189cb22bb35937213f6ce8737c2b58f621a0821e05b7d072cd7fc1907fac18804aac193183c922eba0364cc4b228c9e47ad2a593d08b7ba21e7357d957586d69497799e365d2371efa162e7ad188ac0cc3139abba389d2478b5579f0c8a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 541fda68b5e95006f2fec51bea326365
-      Version: 3
-      TBS:
-        MD5: f741ec6836bb74e2370476618157c432
-        SHA1: a392f40f4b3dc57727804cbeef660bbf9e2fbb69
-        SHA256: faf712aafed949a99bad324e153686c3e94f25ed38ecadbee3e7650f23bea634
-        SHA384: d2935b45e517522578d0a44e3654896b3dd991aef0091a60a1d22d3c695b07b4d8e9c0b36bab3b44c1fe1c12cf225f91
-    - Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 Extended Validation Code Signing CA
-      ValidFrom: '2012-06-07 00:00:00'
-      ValidTo: '2022-06-06 23:59:59'
-      Signature: 6af31dbc5f4dde03f949491dad3d761c96ba1b43e6f48602427578c70cc2e59dc4344f0ea9e94ab4be418487eaf487b44cdb10493bf7df1590ba84f8b747eb5b6550f3a34a7110167b1ce1f5d6edbf50566ff899b3a951b646aec697e0e79b0c153ebb287b31a300f32e8b8748128982ef095f490c909ec8f696a37b9a7513c847f03e3f6f0b50296c2b784c30fce4600c1340d63875a9077964fdca3ce4ef48930be00a48ff076b3b0283d166d5b9e198f40e9f69c42e552e01967d7e840c80767536cbfd4661f469cc1a9d642bba046ee91152da1299a15ab083c4bc4780a6274d007a36033cbe619863cb9f05ee8085eedd9592f7ee50d463dc8fa42479bf
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 6c59efa9e100e10ee306ba8fe0292559
-      Version: 3
-      TBS:
-        MD5: cc806ac6ce6822cccc165d63c1b8fa37
-        SHA1: 261a24e7b2648867017e7e852258ef87ab84c5f1
-        SHA256: a8b0af15f217006b33f9beafe49e22f7263776bdb82c268c97c4441a6c7357e6
-        SHA384: ce7e869a43aa2e17b7e4c0d78cabbca7b40d22c86e132153234d39b00ae426ceeef56c6ee8312f5ffda5c3f629a5dee1
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    Signer:
-    - SerialNumber: 541fda68b5e95006f2fec51bea326365
-      Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 Extended Validation Code Signing CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: "Z\u6B66\u5668"
-  Date: ''
-  Description: Zwuqi System Driver
-  FileVersion: 1.1.9.416
-  Filename: ''
-  MD5: eaec88a63db9cf9cee53471263afe6fb
-  MachineType: AMD64
-  OriginalFilename: ComputerZ.Sys
-  Product: Zwuqi System Driver
-  ProductVersion: 1.1.9.416
-  Publisher: ''
-  SHA1: 5eed0ce6487d0b8d0a6989044c4fcab1bd845d9e
-  SHA256: 61e7f9a91ef25529d85b22c39e830078b96f40b94d00756595dded9d1a8f6629
-  Signature: ''
-  Imphash: d16f507665603095c26147a7adcb93b8
-  Authentihash:
-    MD5: 282fdadf7dd256c658f7524fcd42012b
-    SHA1: 46aa43b01c9150dbeb70d0647aef3b0970326b2a
-    SHA256: 0c66ca63774f8aa697fe172233283af90db88902204524294a4df212f9f0b949
-  RichPEHeaderHash:
-    MD5: 37c0371cbfd84cadf02fdb7eea7d972a
-    SHA1: d652c969b605877c575b0189fec14256731c61b3
-    SHA256: 55b54ffc4c79a0d6c26ce73a58795acbf93d397ddc75094f41e91bfdf40280da
-  Sections:
-    .text:
-      Entropy: 6.081255741764561
-      Virtual Size: '0x984'
-    .rdata:
-      Entropy: 4.2613174917675005
-      Virtual Size: '0x164'
-    .data:
-      Entropy: 0.5159719988134768
-      Virtual Size: '0x110'
-    .pdata:
-      Entropy: 3.2892420155694175
-      Virtual Size: '0x6c'
-    INIT:
-      Entropy: 4.8288898798498465
-      Virtual Size: '0x1c2'
-    .rsrc:
-      Entropy: 3.4310871150702678
-      Virtual Size: '0x3d0'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2009-04-15 21:38:10'
-  InternalName: ComputerZ.Sys
-  Copyright: Copyright (C) 2008-2009 www.zwuqi.com
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeBugCheckEx
-  - __C_specific_handler
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=CN, ST=Sichuan, L=Chengdu, O=Chengdu Ceshi Technology Co., Ltd.,
-        OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=Chengdu Ceshi
-        Technology Co., Ltd.
-      ValidFrom: '2009-04-15 00:00:00'
-      ValidTo: '2010-04-15 23:59:59'
-      Signature: 549eec17f9cd3716a7cc614eea198f2b8d9edba364f12ab4125f12eb4cac123dcce01a74d1ce495e315634056aed2da25796b5d76d087c574f1c167b2173ae89fd2f4422570d34fe9d190cd180540b3740315368b662331b6bd21801d6ea7799fad9e98ae700043fc390c7d80d5380ec9c8be85c61af32f9e68b3b8a7bddcf92838656239378c10dbeb53d4a24717aa5bb88fa27029fdfea789cb9aaa2c4085caaf6e31f1c9b346c9fd6d88202494e10966a806c4b56127c41da7a57704cff33b4b104ce07efcbf2e72abee09654b2fc9b862439bb6dac6551acda2c8b0a8ad6b40f33912eb2964be9668a08c6b8121b2b96f619e5b6bbaf1d033d3fb80403b6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 2b7f0f1afe0f348edec71b75a47165b8
-      Version: 3
-      TBS:
-        MD5: 051f7966823abbbf31c49631ca95b4c5
-        SHA1: 3b53e6177f766345accfa2ec3124a18e0a025e17
-        SHA256: b4e6bd3ca86f6af669589e3f15b86387655214e7d7312835ffd23a6618cee060
-        SHA384: f86eada997b14af71058b08a8d7a3699cd2bb7e59a88faa104694fddd0ccd31ac01ad6fa633b19b69b730b2bc360af46
-    Signer:
-    - SerialNumber: 2b7f0f1afe0f348edec71b75a47165b8
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: ComputerZ
-  Date: ''
-  Description: ComputerZ System Driver
-  FileVersion: 1.0.8.818
-  Filename: ''
-  MD5: cb0c5d3639fcd810cde94b7b990aa51c
-  MachineType: I386
-  OriginalFilename: ComputerZ.Sys
-  Product: ComputerZ System Driver
-  ProductVersion: 1.0.8.818
-  Publisher: ''
-  SHA1: db3debacd5f6152abd7a457d7910a0ec4457c0d7
-  SHA256: 61f3b1c026d203ce94fab514e3d15090222c0eedc2a768cc2d073ec658671874
-  Signature: ''
-  Imphash: 60a2fba979aaa0d0ccd09c12ca3d9e57
-  Authentihash:
-    MD5: c31945f05d392cb9eea988f1c427b5a9
-    SHA1: 992b8f204b5ddb6bf0f51e34a7c423336b5fb7c2
-    SHA256: b6d91487921478891e5570663f23a473b1b0490f8cf75bdeb7ab00111999fb9b
-  RichPEHeaderHash:
-    MD5: 1b6b377b885ae86349219451aa7d1734
-    SHA1: 727d7fe6ee981ebc907fee06c37bcf5868fc8dc7
-    SHA256: bb5c1372b0803537056313e822cb7aa36cc7fcd5b49a1bbaa5dbb7c6fda38443
-  Sections:
-    .text:
-      Entropy: 6.2108948201384235
-      Virtual Size: '0x654'
-    .rdata:
-      Entropy: 3.9015650939248654
-      Virtual Size: '0x114'
-    .data:
-      Entropy: 2.0
-      Virtual Size: '0x4'
-    INIT:
-      Entropy: 4.577125493627475
-      Virtual Size: '0x116'
-    .rsrc:
-      Entropy: 3.3322017946055316
-      Virtual Size: '0x3f0'
-    .reloc:
-      Entropy: 3.6028735908357534
-      Virtual Size: '0x5a'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2008-09-25 04:04:43'
-  InternalName: ComputerZ.Sys
-  Copyright: Copyright (C) 2008 ComputerZ
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - _except_handler3
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  Signatures: {}
-  LoadsDespiteHVCI: 'FALSE'
-- Company: ludashi.com
-  Date: ''
-  Description: Ludashi System Driver
-  FileVersion: 1.1019.1025.918
-  Filename: ''
-  MD5: e432956d19714c65723f9c407ffea0c5
-  MachineType: I386
-  OriginalFilename: ComputerZ.Sys
-  Product: "\u9C81\u5927\u5E08"
-  ProductVersion: 1.1019.1025.918
-  Publisher: ''
-  SHA1: 1a53902327bac3ab323ee63ed215234b735c64da
-  SHA256: 64dddd5ac53fe2c9de2b317c09034d1bccaf21d6c03ccfde3518e5aa3623dd66
-  Signature: ''
-  Imphash: 27365d8741d23e179699f1f11a619c7d
-  Authentihash:
-    MD5: 4ba59b6b5b50688e0a7f0a418cdd9fb5
-    SHA1: 928670cee224e0f69b1d827e7f278e00c254c130
-    SHA256: de8a750317ff44704c0b03c374f5cbc37c9ef5c067a33628aa7c51a5b11db383
-  RichPEHeaderHash:
-    MD5: bc82137e092e13c598bc6289ea8cddf7
-    SHA1: d571a93f6f1fdf8cc3386910a784a5061290076f
-    SHA256: c05cd83a1fe32cf6831617580aefb0083698b5d82ee84bb2be3d868c94b01335
-  Sections:
-    .text:
-      Entropy: 6.288107277208351
-      Virtual Size: '0x392c'
-    .rdata:
-      Entropy: 3.8231896263497824
-      Virtual Size: '0x184'
-    .data:
-      Entropy: 0.5154246727248383
-      Virtual Size: '0xd0'
-    INIT:
-      Entropy: 5.486604320601577
-      Virtual Size: '0x472'
-    .rsrc:
-      Entropy: 3.603298090643343
-      Virtual Size: '0x498'
-    .reloc:
-      Entropy: 5.853799317958882
-      Virtual Size: '0x2d0'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2020-02-25 23:36:00'
-  InternalName: ComputerZ.Sys
-  Copyright: "\u7248\u6743\u6240\u6709 (C) 2010-2019 www.ludashi.com"
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IofCompleteRequest
-  - RtlGetVersion
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - IoGetDeviceProperty
-  - _wcsicmp
-  - ObfDereferenceObject
-  - IoGetDeviceAttachmentBaseRef
-  - PsGetVersion
-  - memset
-  - MmIsAddressValid
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - RtlAnsiStringToUnicodeString
-  - RtlInitAnsiString
-  - KeWaitForSingleObject
-  - RtlInitUnicodeString
-  - IoBuildDeviceIoControlRequest
-  - KeInitializeEvent
-  - MmUnmapIoSpace
-  - READ_REGISTER_BUFFER_UCHAR
-  - MmMapIoSpace
-  - READ_REGISTER_BUFFER_ULONG
-  - WRITE_REGISTER_ULONG
-  - WRITE_REGISTER_UCHAR
-  - KeDelayExecutionThread
-  - _allmul
-  - SeReleaseSubjectContext
-  - SeTokenIsAdmin
-  - SeCaptureSubjectContext
-  - KeTickCount
-  - KeBugCheckEx
-  - RtlUnwind
-  - IoDeleteSymbolicLink
-  - IofCallDriver
-  - IoDeleteDevice
-  - HalGetBusDataByOffset
-  - HalSetBusDataByOffset
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Timestamping CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2028-01-28 12:00:00'
-      Signature: 4e5e56901e46b4d94931f3bb1739281bc216ddfd41dc0905049b6fb2a29ad6992e40990055b5ea3fa52076d38634d417cc553ac782eeefa8babcd8069f1550dfcd167b523a02d7191afdaff0785ce04bc518df3a241edaacb8a95804020730dbb0125efe31bef00448f4f070f83a5e5683cf3dfb0dbcf4c5ed979db9d4dba52784e3389b8ba735864420a43b6da46a0ba183fd28ebdaef28f6cc885dfb0a3b00abe021ebe22f356c0f8e344597eba2f79933357ecb9a8abb454de73f9fc2d98afa65b26ec77e65ffe892e12c31a2f7b02736488f266f3bee4d761f79c3e57f9635bc2d0ecc01b08e7fff518080a792d4b34446648c874f166307314b63b0dff3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee152d7
-      Version: 3
-      TBS:
-        MD5: e140543fe3256027cfa79fc3c19c1776
-        SHA1: c655f94eb1ecc93de319fc0c9a2dc6c5ec063728
-        SHA256: 3ca71e85908ff67368e4dc00253f5691b9e6d50c966e7784143d75fb92aa3448
-        SHA384: d9d366f9328f2b55ee19a32cc5fd5148b81d764282fe5dc196c872ae249caa51d2c212ef39f33945dfe0cda81925e326
-    - Subject: C=SG, O=GMO GlobalSign Pte Ltd, CN=GlobalSign TSA for MS Authenticode
-        , G2
-      ValidFrom: '2016-05-24 00:00:00'
-      ValidTo: '2027-06-24 00:00:00'
-      Signature: 8fa91a916d04a637200e8396de23d36b6e1f6edd643d682122b5f84736698ee1a545c724a222b72909cc545aaec6bccd638eb33d5048e5b4ccaecd928d9e288b134a11aabda3efd3b236fcb4a172bf6d9763798c44bc702f7ef3bcdd8253ab1af6ebfa1c97bcb6379ca41c30bcabbc2d4736df922003e871c658f675059a34f00b595a824434aa80e42f84f6475d96c9b6caca9db7a6bae450d3d437b8ba200ed0d3922a5bc459bba16ddb3cce449dc1382aade38dbdcd09771a10be670a02366488b9b31b26eee79e60c446a8bc61336ccf4eb99cb96af09f37feb53d4f9ad34dffde208e4e97a6fd9f09bc4dca1876c9b04d8550f280d21d06f5580407b118
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1121d699a764973ef1f8427ee919cc534114
-      Version: 3
-      TBS:
-        MD5: acb5170547d76873f1e4ff18ed5de2eb
-        SHA1: bd6e261e75b807381bada7287de04d259258a5fa
-        SHA256: 4783380498acf592286ef2dea0fcc5bdea3f54d5e374d3e3497df9d5f662cfb6
-        SHA384: 4f428f115cf3d008248f15f32007fc7c54bd454e1b48b765776b4c87c23ab8818d8fbcbb3646d35eca012b025260a3b8
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root
-        CA
-      ValidFrom: '2011-04-15 19:41:37'
-      ValidTo: '2021-04-15 19:51:37'
-      Signature: 5cf5b22d02ceed01b53512d813f7aa4014c7a15ca08a55ed7e55ea6ac457176fd04722423658efc5ac61c5f62c52ce6ae6c80d85dab334420ea40225182672b92a4ea57e4b16f2a0e40c449ce24d9af474f0f927a6699031c244654348c74869d0fc8409f286140ac22996857f11eb8713176ed3ec6bff1d578ab17b1ea5a07ce9a27a68e5fac6b161d67263fa379163835599f81d614f0c6fa3f7bcb1152acc8d85e31417ef7e49443fb022c0f0acbe2fdbe10c86b0f4585c5a10a94bcdf3448a4652083e0a6210e9459504b78b8d4b074f500db7bbe7fb8ca27878c6c53b7663b2cfe521845a66fce04c79834ecfa8ee700586587cc29cd73ca3ad3c7e76625c87d0ed7cd5c55b1421f4be75a275d2e9e15ad020307841624d6b5e6e1b1710244ad8588775d015d762bbfd185665842561977faad49df4f35d6da031c2e19e02ac3e90c3327ee832903416d08b14cf95accee58c54a265b8bfed186a57073ed3e79a4a2f081a041c49871a8ae61b08a365d81c31c50d9cbab368ddf45076160675fec403e7d13edfdc862e10027e661296534e7af3365879b12042d8963f35be3f8ef2999743f5e40ce13c68728c8d49d75a52b573fb7a35943a61b08482c04885c19732d39b725fa0d2348f7ef0467cf28c7294c707b0d7b5b230b81965f09c8327b0a0abd0a2727e050fb3aeddb95b9b42bcc32663456b86f11d4643edc8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611cb28a000000000026
-      Version: 3
-      TBS:
-        MD5: 983a0c315a50542362f2bd6a5d71c8d0
-        SHA1: 8047f476001f5cb16a661d2a3fd0c3576168f5e2
-        SHA256: 5f6a519ed2e35cd0fa1cdfc90f4387162c36287bbf9e4d6648251d99542a9e83
-        SHA384: 5f014b60511ddab3247ef0b3c03fe82c622237ba76015e2911d1adc50dc632d56ebd1ee532f3c2b6cbfe68d80a2c91dc
-    - Subject: C=CN, ST=Sichuan, L=Chengdu, O=Chengdu Qilu Technology Co. Ltd., CN=Chengdu
-        Qilu Technology Co. Ltd.
-      ValidFrom: '2019-10-30 00:00:00'
-      ValidTo: '2020-11-03 12:00:00'
-      Signature: 80ee76d13f2fab06a2e811245b28f1703b9646b2f61b12f0a3228986b95263b331e554864a4586e25bb25b8a0440c95894533db4c8e94baf5f85a5eb4fbd3ec5522110006304e43bb09fb9ebb5e82cfd2ec889a21a5f490378cf36274a66a150f2ac58e92d86b711e271aef2eaf38ffe5fcfa1c7b8554caa9b640ed1c55cd69649bd86e74691f34132571e42067fa061d7a7b4e9f0579515902f32eb9dfcc5b1bf3de043361aa55e91776173893d666e9d6b0973f8273bc229c68dff1edbac5b9c6a648092a0ad2cc4bbd1efcc5f56bd0c9b7c50f3573eae1c684832596ce5cc67323d3d8ceb1c296bfc873140660edec06d8c627d124aef4d02fbdaef263091
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0a3a9f12d727bbf01199e74e0a5c7d8a
-      Version: 3
-      TBS:
-        MD5: 4e1dd44417986e6b087613679af48015
-        SHA1: 78273dbcf8cf746b5bdeccc6931246ea716adaea
-        SHA256: b437120e22b1250fec3ae5f55b0b431a2e4ac527c551cfba59cc58793ce29897
-        SHA384: d77f55a27f83c72814b7cd7c0ee7b3a29428c15c5fc8e3d478d7f0abdd37be30cdbe618845a7c358a4a43e75ceac5750
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code
-        Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 7b721d64ff88c83ac1b7e9e7a9c487bbdb9492d7905933fa2b87dea85b80253f138f9b831b7c43c4e68cdf393ec315ecb0da3b21257b24c1725db84791811346fa9c3f6a5138deb425cbf0abdfc528015479104624d1380f26a161904dbabd28e63ff1c4aa9bf6da35534fc9f23dd36cdc23edaaa04d6709f33a803d3cfb364c90e776a4ddf23abf56352fa24c65e8e0d4dad1c7c8916a2d234f373b199418d4d59c103cd5b11c19ff8fc86b9b9ef8ae9c999678d1cd9c51155b4226725a8d0a4a239240e886de22c2933ad49b68a6df297f06b93c0ebd9fc4869c82474271328609997209794b9d7169f541ff7f397764f1848dbe8b1eb27d68a3a590b10cff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0fa8490615d700a0be2176fdc5ec6dbd
-      Version: 3
-      TBS:
-        MD5: a9a31555bbc92b6033975c5428fb3679
-        SHA1: 47f4b9898631773231b32844ec0d49990ac4eb1e
-        SHA256: c826846e4b1d73edb7561ab1b41c949354e237a91e82fe1be5b7e2e1701f52d1
-        SHA384: 86f49574f368a561914a52d7ae043ec6784ef8c718960700f834e123594605d25d39f1ad45f1eb5052c9567f3edd0e16
-    Signer:
-    - SerialNumber: 0a3a9f12d727bbf01199e74e0a5c7d8a
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code
-        Signing CA,1
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: ludashi.com
-  Date: ''
-  Description: Ludashi System Driver
-  FileVersion: 1.6.16.1015
-  Filename: ''
-  MD5: 5fade7137c14a94b323f3b7886fba2a9
-  MachineType: AMD64
-  OriginalFilename: ComputerZ.Sys
-  Product: "\u9C81\u5927\u5E08"
-  ProductVersion: 1.6.16.1015
-  Publisher: ''
-  SHA1: 0b77242d4e920f2fcb2b506502cfe3985381defc
-  SHA256: 66f851b309bada6d3e4b211baa23b534165b29ba16b5cbf5e8f44eaeb3ca86ea
-  Signature: ''
-  Imphash: fbfa302bf7eb5d615d0968541ee49ce4
-  Authentihash:
-    MD5: 0e7572ee69004b9c65c842eae1175b48
-    SHA1: f646f70354ed77ed8e896e254a8985ec00d3dc53
-    SHA256: 0a1d5ba96cde7e8485077763e34738bf9c2734c81440ecab82ff63606a50dfb2
-  RichPEHeaderHash:
-    MD5: 931e927cdf1c24d5817bff89dab85a64
-    SHA1: 4cd801fca152bbe24f5f38fd11ceb6376bcef450
-    SHA256: 7122c2c491e45b9bc338bcc38386cc39217d647ee94adc68881890034b241fb2
-  Sections:
-    .text:
-      Entropy: 6.329269583331132
-      Virtual Size: '0x3c9e'
-    .rdata:
-      Entropy: 4.689036911549702
-      Virtual Size: '0x3f4'
-    .data:
-      Entropy: 0.31187978478105094
-      Virtual Size: '0x1ec'
-    .pdata:
-      Entropy: 4.137755082902252
-      Virtual Size: '0x21c'
-    INIT:
-      Entropy: 5.133308046836707
-      Virtual Size: '0x4e8'
-    .rsrc:
-      Entropy: 3.5718072271678527
-      Virtual Size: '0x488'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2016-06-21 05:51:19'
-  InternalName: ComputerZ.Sys
-  Copyright: "\u7248\u6743\u6240\u6709 (C) 2010-2016 www.ludashi.com"
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - RtlGetVersion
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IoGetDeviceAttachmentBaseRef
-  - PsGetVersion
-  - RtlCompareUnicodeString
-  - ObfDereferenceObject
-  - IoGetDeviceProperty
-  - RtlAnsiStringToUnicodeString
-  - RtlInitAnsiString
-  - RtlFreeUnicodeString
-  - IoDeleteDevice
-  - MmIsAddressValid
-  - IoBuildDeviceIoControlRequest
-  - KeInitializeEvent
-  - KeWaitForSingleObject
-  - IofCallDriver
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - SeTokenIsAdmin
-  - SeReleaseSubjectContext
-  - SeCaptureSubjectContext
-  - KeSetTimer
-  - KeInitializeTimerEx
-  - KeBugCheckEx
-  - RtlInitUnicodeString
-  - IoGetDeviceObjectPointer
-  - IoDeleteSymbolicLink
-  - __C_specific_handler
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=CN, ST=Beijing, L=Beijing, O=Qihoo 360 Software (Beijing) Company
-        Limited, OU=Tech. Dev. Dept., CN=Qihoo 360 Software (Beijing) Company Limited
-      ValidFrom: '2016-01-06 00:00:00'
-      ValidTo: '2019-03-28 23:59:59'
-      Signature: 14deff13d888b68e8fe51fe761e94a08cc7e9223861f3cf61f51f8629fc2011ae3a3b5af2efaea5120a92b16a2e3da99181ce1a741fb2cfb8dcd78c869ad25911476c9e2bcb28159a9161851e3e46c2828ca7f89bd36b454e49ef28a6d87563bced3277710e9147ec817efd71301e868158e2c9d7a6310f112134054629047fe8637cf4fe1c21a0ad29b388f0031a1e13e4f9b06dc81351d8de4bf8fc9adf748105315d0f67c9c4e391f42abdb51877347685bc072e3bb649899bb8b4697f6d48269a53576fa82f3e0a9552c03b645c07f832ddf3545877ac64f8610d861d54e3ec1c09f3586f1b78564a618e3c761409ac9c84d0a9c8cbaba46d7b11cba1dfb
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 26279f0f2f11970dccf63eba88f2d4c4
-      Version: 3
-      TBS:
-        MD5: fbebdc165d8f4616444075e0a48855e6
-        SHA1: f6bf44f1acae05fc1638190459485da95f4ed1ec
-        SHA256: 6917dc56b04b2bd7a75f0987ee27c832dc62298b698b585a4c2c07eb890b6528
-        SHA384: c857fb61de8d13e1ac649fbaa4d69acd293d8542cd380411db8bbe2fdc3b9d98c607d0d267081fac285dd33e9141f329
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 26279f0f2f11970dccf63eba88f2d4c4
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: 360.cn
-  Date: ''
-  Description: Ludashi System Driver
-  FileVersion: 1.6.13.1019
-  Filename: ''
-  MD5: 4ecfb46fcdce95623f994bd29bbe59cb
-  MachineType: I386
-  OriginalFilename: ComputerZ.Sys
-  Product: "\u9C81\u5927\u5E08"
-  ProductVersion: 1.6.13.1019
-  Publisher: ''
-  SHA1: d452fc8541ed5e97a6cbc93d08892c82991cdaad
-  SHA256: 6d2cc7e1d95bb752d79613d0ea287ea48a63fb643dcb88c12b516055da56a11d
-  Signature: ''
-  Imphash: f9b9487f25a2c1e08c02f391387c5323
-  Authentihash:
-    MD5: 1bc96d2e740a8a9ed500f96ec8ec0b80
-    SHA1: 6270f0d0907d7ef842cd65e5e3be8c0f66f8ebb3
-    SHA256: db58973c75b7cb94ffb31ad46fddf2f16f19075a99a69a7de20f8c0e42d96ba0
-  RichPEHeaderHash:
-    MD5: 7fc550aec15fd6621ba15e6f0c8d0b43
-    SHA1: 231a47a21f97fb57cdca08ba5a88d86f15920c2e
-    SHA256: 2d878af22eeafbfa7f8d8a40ca040a55f5c294ef7d7e93e7505d1fb2691880d2
-  Sections:
-    .text:
-      Entropy: 6.359568361619904
-      Virtual Size: '0x28f0'
-    .rdata:
-      Entropy: 4.068952790980209
-      Virtual Size: '0x194'
-    .data:
-      Entropy: 1.1225846798245738
-      Virtual Size: '0x50'
-    INIT:
-      Entropy: 5.472605153859094
-      Virtual Size: '0x448'
-    .rsrc:
-      Entropy: 3.56314212405709
-      Virtual Size: '0x480'
-    .reloc:
-      Entropy: 5.338836916876603
-      Virtual Size: '0x1d8'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2013-07-22 01:47:23'
-  InternalName: ComputerZ.Sys
-  Copyright: "\u7248\u6743\u6240\u6709 (C) 2010-2013 www.ludashi.com"
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - IoGetDeviceProperty
-  - RtlCompareUnicodeString
-  - ObfDereferenceObject
-  - IoGetDeviceAttachmentBaseRef
-  - PsGetVersion
-  - MmIsAddressValid
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - RtlAnsiStringToUnicodeString
-  - RtlInitAnsiString
-  - KeWaitForSingleObject
-  - IofCallDriver
-  - IoBuildDeviceIoControlRequest
-  - KeInitializeEvent
-  - MmUnmapIoSpace
-  - READ_REGISTER_BUFFER_UCHAR
-  - MmMapIoSpace
-  - READ_REGISTER_BUFFER_ULONG
-  - WRITE_REGISTER_ULONG
-  - WRITE_REGISTER_UCHAR
-  - KeSetTimer
-  - KeInitializeTimerEx
-  - _allmul
-  - SeReleaseSubjectContext
-  - SeTokenIsAdmin
-  - SeCaptureSubjectContext
-  - KeTickCount
-  - KeBugCheckEx
-  - RtlUnwind
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO
-        Time Stamping Signer
-      ValidFrom: '2010-05-10 00:00:00'
-      ValidTo: '2015-05-10 23:59:59'
-      Signature: c8fb63f80b75752c3af1f213a72db6a31a9cad0107d3348e77e0c26eae025d484fa4d221b636fd2a35437c6bdf80870b15f0763200b4ceb567a42f2f201b9c549e833f1f5f149562820f2241221f70b3f3f742de6c51cd4bf821ac9b3b8cb1e5e6288fce2a8af9aa524d8c5b77ba4d5a58dbbb6a04cc521e9de228370ebbe70e91c7f8dbf18198ebcd37b30eab65d362ec3aa576eb13a83593c92e0a01ecc0e8cc3d7eb6ebe2c1ecd3149282668750dcfd5097acb34a767306c486113ab35f4304526feab3d074364ccaf11b7984377063ad74b9aa0ef398b08608ebdbe01f8c10f239649bae4f0a2c928a4f18b591e58d1a935f1faef1a6f02e97d0d2f62b3c
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 478a8efb59e1d83f0ce142d2a28707be
-      Version: 3
-      TBS:
-        MD5: f13ede9179075999ef7f856ec31e364b
-        SHA1: 2f09867166e6107e17808317f5c8d4ee157f45bc
-        SHA256: 089a2c4c6ac7432020acdb65c33bf39130da6f37c002ba79128bd4c94e4fa101
-        SHA384: 67be6d358f4ecd0726163603a404db9d78c340951d43fd608482cd89a2de7f9566f0ce45f8222f420003157cb266b939
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=CN, ST=Beijing, L=Beijing, O=Qihoo 360 Software (Beijing) Company
-        Limited, OU=Digital ID Class 3 , Microsoft Software Validation v2, OU=Tech.
-        Dev. Dept., CN=Qihoo 360 Software (Beijing) Company Limited
-      ValidFrom: '2013-03-11 00:00:00'
-      ValidTo: '2016-03-10 23:59:59'
-      Signature: b1e984808fbc7d3658d18d137c68f1277611af3e98408e495fd55de202bc04f7dc44ae362658e6b5f9dd97b5b383b94723bae937b8fb9e75bb92317a85bcee1989c90c318216da71629f3147ae647502e71e360d16b7cf7006927282265eb0014300650595d1cccc07ed28d9df246055981cec3485bc3173aef9b76912a6cbb2766fa5363e1fc0a91d4679db92e1e1b8dc84e1a14de55324d522670f9e574714b2959ea7a89db456e3debd34d35bbe6403389421ac76615e4ce194990b325132fa62279f31e86fb7043627343fef7118672d5f1ce4666a594d746bb3c69bf123f27c6cb24079fc490a382286d4e85fc118ca9a4612dda448b84a25bcd0fa2cf1
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 51bd5d8e45b82a0210f17fe4c5233468
-      Version: 3
-      TBS:
-        MD5: ad73c81b3174cc055d9718b2145a3d1f
-        SHA1: 0cb9e92828857976774a9fe96c016cdc67a25e6d
-        SHA256: 2c5d88401dfeec2ebf814e09d0d0faec9d109a503d427da4a7f3e0dec5ae0b6c
-        SHA384: 48c38329eb7f200be0d48acddabdb93c354dd1b8b3c3ce955a23638a4e2e32dd7d0f3a4f227a2b6382adc95e746cc411
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 51bd5d8e45b82a0210f17fe4c5233468
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: ludashi.com
-  Date: ''
-  Description: Ludashi System Driver
-  FileVersion: 1.6.15.1045
-  Filename: ''
-  MD5: 94d45bb36b13f4e936badb382fc133fe
-  MachineType: I386
-  OriginalFilename: ComputerZ.Sys
-  Product: "\u9C81\u5927\u5E08"
-  ProductVersion: 1.6.15.1045
-  Publisher: ''
-  SHA1: 850d7df29256b4f537eddafe95cfea59fb118fe2
-  SHA256: 71c0ce3d33352ba6a0fb26e274d0fa87dc756d2473e104e0f5a7d57fab8a5713
-  Signature: ''
-  Imphash: a53b095a8d7366075d445892070cde51
-  Authentihash:
-    MD5: 55f05d6f7d05be2f6570b52ee06507e1
-    SHA1: 9a861ad1b13314a3637e16b286911d54db02a4bc
-    SHA256: bcf3c0762d6600506ff3b2f13ac6d978041b0b50131b3a564a558611dd3b96df
-  RichPEHeaderHash:
-    MD5: 36d79e4bc2a15ca68d83887d15f8f3b0
-    SHA1: 8ae8df369a94635efe2cd11c5a54829a352887c5
-    SHA256: c7e19135c0e8c6b70db667044a45444ec135e550845f32f0b49fa08cfe0a9e7e
-  Sections:
-    .text:
-      Entropy: 6.3753294877462245
-      Virtual Size: '0x3190'
-    .rdata:
-      Entropy: 4.088208142934422
-      Virtual Size: '0x1a4'
-    .data:
-      Entropy: 0.6406837316805838
-      Virtual Size: '0xa0'
-    INIT:
-      Entropy: 5.453105414777541
-      Virtual Size: '0x4b4'
-    .rsrc:
-      Entropy: 3.57239965128271
-      Virtual Size: '0x488'
-    .reloc:
-      Entropy: 5.767403415227798
-      Virtual Size: '0x282'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2015-09-05 21:28:18'
-  InternalName: ComputerZ.Sys
-  Copyright: "\u7248\u6743\u6240\u6709 (C) 2010-2015 www.ludashi.com"
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IofCompleteRequest
-  - RtlGetVersion
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - IoGetDeviceProperty
-  - RtlCompareUnicodeString
-  - ObfDereferenceObject
-  - IoGetDeviceAttachmentBaseRef
-  - PsGetVersion
-  - MmIsAddressValid
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - RtlAnsiStringToUnicodeString
-  - RtlInitAnsiString
-  - KeWaitForSingleObject
-  - RtlInitUnicodeString
-  - IoBuildDeviceIoControlRequest
-  - KeInitializeEvent
-  - MmUnmapIoSpace
-  - READ_REGISTER_BUFFER_UCHAR
-  - MmMapIoSpace
-  - READ_REGISTER_BUFFER_ULONG
-  - WRITE_REGISTER_ULONG
-  - WRITE_REGISTER_UCHAR
-  - KeSetTimer
-  - KeInitializeTimerEx
-  - _allmul
-  - SeReleaseSubjectContext
-  - SeTokenIsAdmin
-  - SeCaptureSubjectContext
-  - KeTickCount
-  - KeBugCheckEx
-  - RtlUnwind
-  - IoDeleteSymbolicLink
-  - IofCallDriver
-  - IoDeleteDevice
-  - HalGetBusDataByOffset
-  - HalSetBusDataByOffset
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO
-        Time Stamping Signer
-      ValidFrom: '2015-05-05 00:00:00'
-      ValidTo: '2015-12-31 23:59:59'
-      Signature: 0dbbad60111bb5f00dcce6483a7a3e0e33dc1cb9ead620fea34dd0cc764ee818d879dfd34f9a4264238a29728a3a6c66a63c3a17a8704565c673c3d0ce8954fbac690f58b019cb869f7eb97eeb5192bf9bddebd165f0257b887cdebda5c8b51451bcc081308a85387be679fe67559387fe4fe88d0eedf37292b5c289806dd159e31d0deab138ee039d0019a5ab219b79c3ccc23e687ebdc94d694db46451fbb22874e25389ce9dfaade2dbceab7b7e064474fd0aa3c9b7a730cd49d29264f122a6b828457479e9a7ce3b33f98350947d68c01d49c760787a3c6426d5befa0a6de41ee109538fa9c523acc79d614221f02c1671493b10af2c6f1ae631f114fd6c
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 009feac811b0f16247a5fc20d80523ace6
-      Version: 3
-      TBS:
-        MD5: b6aa9cf28bcfc9f07ec1069fb425ab61
-        SHA1: ca7a166fcd53878ba5a38d4cac37c63513cfc1fa
-        SHA256: 711394fc49f8948a831f687d42ced6b18514f57786ecc6cdbc3c3eb72e568a40
-        SHA384: ca01f9c9ed4e1ddff7126b7bbf618bc8132429886ca563f86655429e928739c621b9fdea6e04a623712cbb998c5c7d77
-    - Subject: ??=HK, ??=Private Organization, serialNumber=1848744, C=HK, ST=Hong
-        Kong, L=Hong Kong, O=QIHU 360 SOFTWARE CO. LIMITED, CN=QIHU 360 SOFTWARE CO.
-        LIMITED
-      ValidFrom: '2013-05-21 00:00:00'
-      ValidTo: '2016-05-20 23:59:59'
-      Signature: 587d78ec02924b2d33f7c5cc7040ac737c6fca831ea1f059e6a03b75fa436dee4b7ff5ac1c23878cf3427830d11a3ea28eb7e01e07866f5208f06e3f53b7804792c79d3d6ae28d86bf5389667f6bc26499ab3f426cf4ab0f25ba10e46ef47e398eeb7346bdf4c94dda781f9b8dd207d68694c24cccf6784993196d868768e64c839aaf875032fab8bc00e0e35d791b7c9d00527038d7913aba02ea1a4dca9b6058ce8189cb22bb35937213f6ce8737c2b58f621a0821e05b7d072cd7fc1907fac18804aac193183c922eba0364cc4b228c9e47ad2a593d08b7ba21e7357d957586d69497799e365d2371efa162e7ad188ac0cc3139abba389d2478b5579f0c8a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 541fda68b5e95006f2fec51bea326365
-      Version: 3
-      TBS:
-        MD5: f741ec6836bb74e2370476618157c432
-        SHA1: a392f40f4b3dc57727804cbeef660bbf9e2fbb69
-        SHA256: faf712aafed949a99bad324e153686c3e94f25ed38ecadbee3e7650f23bea634
-        SHA384: d2935b45e517522578d0a44e3654896b3dd991aef0091a60a1d22d3c695b07b4d8e9c0b36bab3b44c1fe1c12cf225f91
-    - Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 Extended Validation Code Signing CA
-      ValidFrom: '2012-06-07 00:00:00'
-      ValidTo: '2022-06-06 23:59:59'
-      Signature: 6af31dbc5f4dde03f949491dad3d761c96ba1b43e6f48602427578c70cc2e59dc4344f0ea9e94ab4be418487eaf487b44cdb10493bf7df1590ba84f8b747eb5b6550f3a34a7110167b1ce1f5d6edbf50566ff899b3a951b646aec697e0e79b0c153ebb287b31a300f32e8b8748128982ef095f490c909ec8f696a37b9a7513c847f03e3f6f0b50296c2b784c30fce4600c1340d63875a9077964fdca3ce4ef48930be00a48ff076b3b0283d166d5b9e198f40e9f69c42e552e01967d7e840c80767536cbfd4661f469cc1a9d642bba046ee91152da1299a15ab083c4bc4780a6274d007a36033cbe619863cb9f05ee8085eedd9592f7ee50d463dc8fa42479bf
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 6c59efa9e100e10ee306ba8fe0292559
-      Version: 3
-      TBS:
-        MD5: cc806ac6ce6822cccc165d63c1b8fa37
-        SHA1: 261a24e7b2648867017e7e852258ef87ab84c5f1
-        SHA256: a8b0af15f217006b33f9beafe49e22f7263776bdb82c268c97c4441a6c7357e6
-        SHA384: ce7e869a43aa2e17b7e4c0d78cabbca7b40d22c86e132153234d39b00ae426ceeef56c6ee8312f5ffda5c3f629a5dee1
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    Signer:
-    - SerialNumber: 541fda68b5e95006f2fec51bea326365
-      Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 Extended Validation Code Signing CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: ludashi.com
-  Date: ''
-  Description: Ludashi System Driver
-  FileVersion: 1.1019.1025.918
-  Filename: ''
-  MD5: dbde0572d702d0a05c0d509d5624a4d7
-  MachineType: AMD64
-  OriginalFilename: ComputerZ.Sys
-  Product: "\u9C81\u5927\u5E08"
-  ProductVersion: 1.1019.1025.918
-  Publisher: ''
-  SHA1: 0e030cf5e5996f0778452567e144f75936dc278f
-  SHA256: 7553c76b006bd2c75af4e4ee00a02279d3f1f5d691e7dbdc955eac46fd3614c3
-  Signature: ''
-  Imphash: 45acfe4a83f61d872fb904a1f08ef991
-  Authentihash:
-    MD5: cc904107340f6a24999ea4e8c3717933
-    SHA1: 3f4b83ed3a3029d901279b2dd3b122f3837f9791
-    SHA256: 00b3ac33836f15ea53e81746ffa7c2888dc3c98492b59a97ba5a0a64166900d0
-  RichPEHeaderHash:
-    MD5: 369b42cc2a67af6af9086da6ffff224a
-    SHA1: faa1e445e08c48afd368888eee7dafc4f4b8e756
-    SHA256: 0fbf35185d37556f33a210f8b1588995dda49566ec6acea4f087d01af61d6be8
-  Sections:
-    .text:
-      Entropy: 6.340612666300623
-      Virtual Size: '0x3c9e'
-    .rdata:
-      Entropy: 4.6479305755089175
-      Virtual Size: '0x3ec'
-    .data:
-      Entropy: 0.31187978478105094
-      Virtual Size: '0x1ec'
-    .pdata:
-      Entropy: 4.126649534842723
-      Virtual Size: '0x210'
-    INIT:
-      Entropy: 5.157425678373815
-      Virtual Size: '0x48c'
-    .rsrc:
-      Entropy: 3.6051192721485097
-      Virtual Size: '0x498'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2020-02-25 23:35:59'
-  InternalName: ComputerZ.Sys
-  Copyright: "\u7248\u6743\u6240\u6709 (C) 2010-2019 www.ludashi.com"
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - RtlGetVersion
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - _wcsicmp
-  - IoGetDeviceAttachmentBaseRef
-  - PsGetVersion
-  - ObfDereferenceObject
-  - IoGetDeviceProperty
-  - RtlAnsiStringToUnicodeString
-  - RtlInitAnsiString
-  - RtlFreeUnicodeString
-  - IoDeleteDevice
-  - MmIsAddressValid
-  - IoBuildDeviceIoControlRequest
-  - KeInitializeEvent
-  - KeWaitForSingleObject
-  - IofCallDriver
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - SeTokenIsAdmin
-  - SeReleaseSubjectContext
-  - KeDelayExecutionThread
-  - SeCaptureSubjectContext
-  - KeBugCheckEx
-  - RtlInitUnicodeString
-  - IoGetDeviceObjectPointer
-  - IoDeleteSymbolicLink
-  - __C_specific_handler
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Timestamping CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2028-01-28 12:00:00'
-      Signature: 4e5e56901e46b4d94931f3bb1739281bc216ddfd41dc0905049b6fb2a29ad6992e40990055b5ea3fa52076d38634d417cc553ac782eeefa8babcd8069f1550dfcd167b523a02d7191afdaff0785ce04bc518df3a241edaacb8a95804020730dbb0125efe31bef00448f4f070f83a5e5683cf3dfb0dbcf4c5ed979db9d4dba52784e3389b8ba735864420a43b6da46a0ba183fd28ebdaef28f6cc885dfb0a3b00abe021ebe22f356c0f8e344597eba2f79933357ecb9a8abb454de73f9fc2d98afa65b26ec77e65ffe892e12c31a2f7b02736488f266f3bee4d761f79c3e57f9635bc2d0ecc01b08e7fff518080a792d4b34446648c874f166307314b63b0dff3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee152d7
-      Version: 3
-      TBS:
-        MD5: e140543fe3256027cfa79fc3c19c1776
-        SHA1: c655f94eb1ecc93de319fc0c9a2dc6c5ec063728
-        SHA256: 3ca71e85908ff67368e4dc00253f5691b9e6d50c966e7784143d75fb92aa3448
-        SHA384: d9d366f9328f2b55ee19a32cc5fd5148b81d764282fe5dc196c872ae249caa51d2c212ef39f33945dfe0cda81925e326
-    - Subject: C=SG, O=GMO GlobalSign Pte Ltd, CN=GlobalSign TSA for MS Authenticode
-        , G2
-      ValidFrom: '2016-05-24 00:00:00'
-      ValidTo: '2027-06-24 00:00:00'
-      Signature: 8fa91a916d04a637200e8396de23d36b6e1f6edd643d682122b5f84736698ee1a545c724a222b72909cc545aaec6bccd638eb33d5048e5b4ccaecd928d9e288b134a11aabda3efd3b236fcb4a172bf6d9763798c44bc702f7ef3bcdd8253ab1af6ebfa1c97bcb6379ca41c30bcabbc2d4736df922003e871c658f675059a34f00b595a824434aa80e42f84f6475d96c9b6caca9db7a6bae450d3d437b8ba200ed0d3922a5bc459bba16ddb3cce449dc1382aade38dbdcd09771a10be670a02366488b9b31b26eee79e60c446a8bc61336ccf4eb99cb96af09f37feb53d4f9ad34dffde208e4e97a6fd9f09bc4dca1876c9b04d8550f280d21d06f5580407b118
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1121d699a764973ef1f8427ee919cc534114
-      Version: 3
-      TBS:
-        MD5: acb5170547d76873f1e4ff18ed5de2eb
-        SHA1: bd6e261e75b807381bada7287de04d259258a5fa
-        SHA256: 4783380498acf592286ef2dea0fcc5bdea3f54d5e374d3e3497df9d5f662cfb6
-        SHA384: 4f428f115cf3d008248f15f32007fc7c54bd454e1b48b765776b4c87c23ab8818d8fbcbb3646d35eca012b025260a3b8
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root
-        CA
-      ValidFrom: '2011-04-15 19:41:37'
-      ValidTo: '2021-04-15 19:51:37'
-      Signature: 5cf5b22d02ceed01b53512d813f7aa4014c7a15ca08a55ed7e55ea6ac457176fd04722423658efc5ac61c5f62c52ce6ae6c80d85dab334420ea40225182672b92a4ea57e4b16f2a0e40c449ce24d9af474f0f927a6699031c244654348c74869d0fc8409f286140ac22996857f11eb8713176ed3ec6bff1d578ab17b1ea5a07ce9a27a68e5fac6b161d67263fa379163835599f81d614f0c6fa3f7bcb1152acc8d85e31417ef7e49443fb022c0f0acbe2fdbe10c86b0f4585c5a10a94bcdf3448a4652083e0a6210e9459504b78b8d4b074f500db7bbe7fb8ca27878c6c53b7663b2cfe521845a66fce04c79834ecfa8ee700586587cc29cd73ca3ad3c7e76625c87d0ed7cd5c55b1421f4be75a275d2e9e15ad020307841624d6b5e6e1b1710244ad8588775d015d762bbfd185665842561977faad49df4f35d6da031c2e19e02ac3e90c3327ee832903416d08b14cf95accee58c54a265b8bfed186a57073ed3e79a4a2f081a041c49871a8ae61b08a365d81c31c50d9cbab368ddf45076160675fec403e7d13edfdc862e10027e661296534e7af3365879b12042d8963f35be3f8ef2999743f5e40ce13c68728c8d49d75a52b573fb7a35943a61b08482c04885c19732d39b725fa0d2348f7ef0467cf28c7294c707b0d7b5b230b81965f09c8327b0a0abd0a2727e050fb3aeddb95b9b42bcc32663456b86f11d4643edc8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611cb28a000000000026
-      Version: 3
-      TBS:
-        MD5: 983a0c315a50542362f2bd6a5d71c8d0
-        SHA1: 8047f476001f5cb16a661d2a3fd0c3576168f5e2
-        SHA256: 5f6a519ed2e35cd0fa1cdfc90f4387162c36287bbf9e4d6648251d99542a9e83
-        SHA384: 5f014b60511ddab3247ef0b3c03fe82c622237ba76015e2911d1adc50dc632d56ebd1ee532f3c2b6cbfe68d80a2c91dc
-    - Subject: C=CN, ST=Sichuan, L=Chengdu, O=Chengdu Qilu Technology Co. Ltd., CN=Chengdu
-        Qilu Technology Co. Ltd.
-      ValidFrom: '2019-10-30 00:00:00'
-      ValidTo: '2020-11-03 12:00:00'
-      Signature: 80ee76d13f2fab06a2e811245b28f1703b9646b2f61b12f0a3228986b95263b331e554864a4586e25bb25b8a0440c95894533db4c8e94baf5f85a5eb4fbd3ec5522110006304e43bb09fb9ebb5e82cfd2ec889a21a5f490378cf36274a66a150f2ac58e92d86b711e271aef2eaf38ffe5fcfa1c7b8554caa9b640ed1c55cd69649bd86e74691f34132571e42067fa061d7a7b4e9f0579515902f32eb9dfcc5b1bf3de043361aa55e91776173893d666e9d6b0973f8273bc229c68dff1edbac5b9c6a648092a0ad2cc4bbd1efcc5f56bd0c9b7c50f3573eae1c684832596ce5cc67323d3d8ceb1c296bfc873140660edec06d8c627d124aef4d02fbdaef263091
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0a3a9f12d727bbf01199e74e0a5c7d8a
-      Version: 3
-      TBS:
-        MD5: 4e1dd44417986e6b087613679af48015
-        SHA1: 78273dbcf8cf746b5bdeccc6931246ea716adaea
-        SHA256: b437120e22b1250fec3ae5f55b0b431a2e4ac527c551cfba59cc58793ce29897
-        SHA384: d77f55a27f83c72814b7cd7c0ee7b3a29428c15c5fc8e3d478d7f0abdd37be30cdbe618845a7c358a4a43e75ceac5750
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code
-        Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 7b721d64ff88c83ac1b7e9e7a9c487bbdb9492d7905933fa2b87dea85b80253f138f9b831b7c43c4e68cdf393ec315ecb0da3b21257b24c1725db84791811346fa9c3f6a5138deb425cbf0abdfc528015479104624d1380f26a161904dbabd28e63ff1c4aa9bf6da35534fc9f23dd36cdc23edaaa04d6709f33a803d3cfb364c90e776a4ddf23abf56352fa24c65e8e0d4dad1c7c8916a2d234f373b199418d4d59c103cd5b11c19ff8fc86b9b9ef8ae9c999678d1cd9c51155b4226725a8d0a4a239240e886de22c2933ad49b68a6df297f06b93c0ebd9fc4869c82474271328609997209794b9d7169f541ff7f397764f1848dbe8b1eb27d68a3a590b10cff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0fa8490615d700a0be2176fdc5ec6dbd
-      Version: 3
-      TBS:
-        MD5: a9a31555bbc92b6033975c5428fb3679
-        SHA1: 47f4b9898631773231b32844ec0d49990ac4eb1e
-        SHA256: c826846e4b1d73edb7561ab1b41c949354e237a91e82fe1be5b7e2e1701f52d1
-        SHA384: 86f49574f368a561914a52d7ae043ec6784ef8c718960700f834e123594605d25d39f1ad45f1eb5052c9567f3edd0e16
-    Signer:
-    - SerialNumber: 0a3a9f12d727bbf01199e74e0a5c7d8a
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code
-        Signing CA,1
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: 360.cn
-  Date: ''
-  Description: Ludashi System Driver
-  FileVersion: 1.6.14.1024
-  Filename: ''
-  MD5: e0528f756bbb2ab83c60f9fd6f541e42
-  MachineType: AMD64
-  OriginalFilename: ComputerZ.Sys
-  Product: "\u9C81\u5927\u5E08"
-  ProductVersion: 1.6.14.1024
-  Publisher: ''
-  SHA1: c4b6e2351a72311a6e8f71186b218951a27fb97f
-  SHA256: 767ef5c831f92d92f2bfc3e6ea7fd76d11999eeea24cb464fd62e73132ed564b
-  Signature: ''
-  Imphash: 8605f70bcc472025c2e78082388ed00b
-  Authentihash:
-    MD5: a7035f3985620574571ad276844d7970
-    SHA1: 45e94d477a543e200db0d33e9dc4dfd8e93eb585
-    SHA256: df1fa63048807a9372a9b29baa712ef3c448ae28fc2c7da559714e40b1321a4d
-  RichPEHeaderHash:
-    MD5: 826de2c3aea31053da9da897889f3348
-    SHA1: a1633512b0e89a25159b9307359ddf6e5f2f7bed
-    SHA256: 9ddf0cd70876bc913f0f2cd63a8089e05955a0285f0b909b89d6fe840c7d580d
-  Sections:
-    .text:
-      Entropy: 6.30553749810269
-      Virtual Size: '0x34be'
-    .rdata:
-      Entropy: 4.675721408522755
-      Virtual Size: '0x3b4'
-    .data:
-      Entropy: 0.3458408061738237
-      Virtual Size: '0x1b4'
-    .pdata:
-      Entropy: 4.075026803040252
-      Virtual Size: '0x1e0'
-    INIT:
-      Entropy: 5.142209393966882
-      Virtual Size: '0x4d0'
-    .rsrc:
-      Entropy: 3.542055847545116
-      Virtual Size: '0x480'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2014-12-08 03:37:06'
-  InternalName: ComputerZ.Sys
-  Copyright: "\u7248\u6743\u6240\u6709 (C) 2010-2014 www.ludashi.com"
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IoGetDeviceAttachmentBaseRef
-  - PsGetVersion
-  - RtlCompareUnicodeString
-  - ObfDereferenceObject
-  - IoGetDeviceProperty
-  - RtlAnsiStringToUnicodeString
-  - RtlInitAnsiString
-  - RtlFreeUnicodeString
-  - IoDeleteDevice
-  - MmIsAddressValid
-  - IoBuildDeviceIoControlRequest
-  - KeInitializeEvent
-  - KeWaitForSingleObject
-  - IofCallDriver
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - SeTokenIsAdmin
-  - SeReleaseSubjectContext
-  - SeCaptureSubjectContext
-  - KeSetTimer
-  - KeInitializeTimerEx
-  - KeBugCheckEx
-  - RtlInitUnicodeString
-  - IoGetDeviceObjectPointer
-  - IoDeleteSymbolicLink
-  - __C_specific_handler
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO
-        Time Stamping Signer
-      ValidFrom: '2010-05-10 00:00:00'
-      ValidTo: '2015-05-10 23:59:59'
-      Signature: c8fb63f80b75752c3af1f213a72db6a31a9cad0107d3348e77e0c26eae025d484fa4d221b636fd2a35437c6bdf80870b15f0763200b4ceb567a42f2f201b9c549e833f1f5f149562820f2241221f70b3f3f742de6c51cd4bf821ac9b3b8cb1e5e6288fce2a8af9aa524d8c5b77ba4d5a58dbbb6a04cc521e9de228370ebbe70e91c7f8dbf18198ebcd37b30eab65d362ec3aa576eb13a83593c92e0a01ecc0e8cc3d7eb6ebe2c1ecd3149282668750dcfd5097acb34a767306c486113ab35f4304526feab3d074364ccaf11b7984377063ad74b9aa0ef398b08608ebdbe01f8c10f239649bae4f0a2c928a4f18b591e58d1a935f1faef1a6f02e97d0d2f62b3c
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 478a8efb59e1d83f0ce142d2a28707be
-      Version: 3
-      TBS:
-        MD5: f13ede9179075999ef7f856ec31e364b
-        SHA1: 2f09867166e6107e17808317f5c8d4ee157f45bc
-        SHA256: 089a2c4c6ac7432020acdb65c33bf39130da6f37c002ba79128bd4c94e4fa101
-        SHA384: 67be6d358f4ecd0726163603a404db9d78c340951d43fd608482cd89a2de7f9566f0ce45f8222f420003157cb266b939
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=CN, ST=Beijing, L=Beijing, O=Qihoo 360 Software (Beijing) Company
-        Limited, OU=Digital ID Class 3 , Microsoft Software Validation v2, OU=Tech.
-        Dev. Dept., CN=Qihoo 360 Software (Beijing) Company Limited
-      ValidFrom: '2013-03-11 00:00:00'
-      ValidTo: '2016-03-10 23:59:59'
-      Signature: b1e984808fbc7d3658d18d137c68f1277611af3e98408e495fd55de202bc04f7dc44ae362658e6b5f9dd97b5b383b94723bae937b8fb9e75bb92317a85bcee1989c90c318216da71629f3147ae647502e71e360d16b7cf7006927282265eb0014300650595d1cccc07ed28d9df246055981cec3485bc3173aef9b76912a6cbb2766fa5363e1fc0a91d4679db92e1e1b8dc84e1a14de55324d522670f9e574714b2959ea7a89db456e3debd34d35bbe6403389421ac76615e4ce194990b325132fa62279f31e86fb7043627343fef7118672d5f1ce4666a594d746bb3c69bf123f27c6cb24079fc490a382286d4e85fc118ca9a4612dda448b84a25bcd0fa2cf1
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 51bd5d8e45b82a0210f17fe4c5233468
-      Version: 3
-      TBS:
-        MD5: ad73c81b3174cc055d9718b2145a3d1f
-        SHA1: 0cb9e92828857976774a9fe96c016cdc67a25e6d
-        SHA256: 2c5d88401dfeec2ebf814e09d0d0faec9d109a503d427da4a7f3e0dec5ae0b6c
-        SHA384: 48c38329eb7f200be0d48acddabdb93c354dd1b8b3c3ce955a23638a4e2e32dd7d0f3a4f227a2b6382adc95e746cc411
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 51bd5d8e45b82a0210f17fe4c5233468
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: 360.cn
-  Date: ''
-  Description: Ludashi System Driver
-  FileVersion: 1.6.13.1019
-  Filename: ''
-  MD5: d76b56b79b1c95e8dcd7ee88cb0d25ab
-  MachineType: AMD64
-  OriginalFilename: ComputerZ.Sys
-  Product: "\u9C81\u5927\u5E08"
-  ProductVersion: 1.6.13.1019
-  Publisher: ''
-  SHA1: 97941faf575e43e59fe8ee167de457c2cf75c9eb
-  SHA256: 8047859a7a886bcf4e666494bd03a6be9ce18e20dc72df0e5b418d180efef250
-  Signature: ''
-  Imphash: fffbca93e6322995552b841c7d65b033
-  Authentihash:
-    MD5: 50a21ac6e74c060dd86734ecab8979c2
-    SHA1: 2e1ffe5098066ba2e3a62e000081eceb21b70b69
-    SHA256: 665512fdf31d81504e6540e94d8f1b39f3e56932054a9b83aa4a45360e1c5477
-  RichPEHeaderHash:
-    MD5: 7f4fe28fbea8250d1d89c107bf8aa820
-    SHA1: 2c88a39230384654a89546d9eae4394786648eeb
-    SHA256: ac21ab9c51c4a7d30efd0f08fc44428e2d46890849b3413fc8c4a4239c468130
-  Sections:
-    .text:
-      Entropy: 6.341986627844097
-      Virtual Size: '0x2b5e'
-    .rdata:
-      Entropy: 4.614804254541534
-      Virtual Size: '0x32c'
-    .data:
-      Entropy: 0.41099431917639
-      Virtual Size: '0x164'
-    .pdata:
-      Entropy: 3.99339070054653
-      Virtual Size: '0x1a4'
-    INIT:
-      Entropy: 5.1042520300899135
-      Virtual Size: '0x470'
-    .rsrc:
-      Entropy: 3.567653628026684
-      Virtual Size: '0x480'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2013-07-22 01:47:25'
-  InternalName: ComputerZ.Sys
-  Copyright: "\u7248\u6743\u6240\u6709 (C) 2010-2013 www.ludashi.com"
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IoGetDeviceAttachmentBaseRef
-  - PsGetVersion
-  - RtlCompareUnicodeString
-  - ObfDereferenceObject
-  - IoGetDeviceProperty
-  - RtlAnsiStringToUnicodeString
-  - RtlInitAnsiString
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - MmIsAddressValid
-  - IoBuildDeviceIoControlRequest
-  - KeInitializeEvent
-  - KeWaitForSingleObject
-  - IofCallDriver
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - SeTokenIsAdmin
-  - SeReleaseSubjectContext
-  - SeCaptureSubjectContext
-  - KeSetTimer
-  - KeInitializeTimerEx
-  - KeBugCheckEx
-  - __C_specific_handler
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO
-        Time Stamping Signer
-      ValidFrom: '2010-05-10 00:00:00'
-      ValidTo: '2015-05-10 23:59:59'
-      Signature: c8fb63f80b75752c3af1f213a72db6a31a9cad0107d3348e77e0c26eae025d484fa4d221b636fd2a35437c6bdf80870b15f0763200b4ceb567a42f2f201b9c549e833f1f5f149562820f2241221f70b3f3f742de6c51cd4bf821ac9b3b8cb1e5e6288fce2a8af9aa524d8c5b77ba4d5a58dbbb6a04cc521e9de228370ebbe70e91c7f8dbf18198ebcd37b30eab65d362ec3aa576eb13a83593c92e0a01ecc0e8cc3d7eb6ebe2c1ecd3149282668750dcfd5097acb34a767306c486113ab35f4304526feab3d074364ccaf11b7984377063ad74b9aa0ef398b08608ebdbe01f8c10f239649bae4f0a2c928a4f18b591e58d1a935f1faef1a6f02e97d0d2f62b3c
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 478a8efb59e1d83f0ce142d2a28707be
-      Version: 3
-      TBS:
-        MD5: f13ede9179075999ef7f856ec31e364b
-        SHA1: 2f09867166e6107e17808317f5c8d4ee157f45bc
-        SHA256: 089a2c4c6ac7432020acdb65c33bf39130da6f37c002ba79128bd4c94e4fa101
-        SHA384: 67be6d358f4ecd0726163603a404db9d78c340951d43fd608482cd89a2de7f9566f0ce45f8222f420003157cb266b939
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=CN, ST=Beijing, L=Beijing, O=Qihoo 360 Software (Beijing) Company
-        Limited, OU=Digital ID Class 3 , Microsoft Software Validation v2, OU=Tech.
-        Dev. Dept., CN=Qihoo 360 Software (Beijing) Company Limited
-      ValidFrom: '2013-03-11 00:00:00'
-      ValidTo: '2016-03-10 23:59:59'
-      Signature: b1e984808fbc7d3658d18d137c68f1277611af3e98408e495fd55de202bc04f7dc44ae362658e6b5f9dd97b5b383b94723bae937b8fb9e75bb92317a85bcee1989c90c318216da71629f3147ae647502e71e360d16b7cf7006927282265eb0014300650595d1cccc07ed28d9df246055981cec3485bc3173aef9b76912a6cbb2766fa5363e1fc0a91d4679db92e1e1b8dc84e1a14de55324d522670f9e574714b2959ea7a89db456e3debd34d35bbe6403389421ac76615e4ce194990b325132fa62279f31e86fb7043627343fef7118672d5f1ce4666a594d746bb3c69bf123f27c6cb24079fc490a382286d4e85fc118ca9a4612dda448b84a25bcd0fa2cf1
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 51bd5d8e45b82a0210f17fe4c5233468
-      Version: 3
-      TBS:
-        MD5: ad73c81b3174cc055d9718b2145a3d1f
-        SHA1: 0cb9e92828857976774a9fe96c016cdc67a25e6d
-        SHA256: 2c5d88401dfeec2ebf814e09d0d0faec9d109a503d427da4a7f3e0dec5ae0b6c
-        SHA384: 48c38329eb7f200be0d48acddabdb93c354dd1b8b3c3ce955a23638a4e2e32dd7d0f3a4f227a2b6382adc95e746cc411
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 51bd5d8e45b82a0210f17fe4c5233468
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: ludashi.com
-  Date: ''
-  Description: Ludashi System Driver
-  FileVersion: 1.6.15.1045
-  Filename: ''
-  MD5: a71020c6d6d42c5000e9993425247e06
-  MachineType: AMD64
-  OriginalFilename: ComputerZ.Sys
-  Product: "\u9C81\u5927\u5E08"
-  ProductVersion: 1.6.15.1045
-  Publisher: ''
-  SHA1: ec0c3c61a293a90f36db5f8ed91cbf33c2b14a19
-  SHA256: 8781589c77df2330a0085866a455d3ef64e4771eb574a211849784fdfa765040
-  Signature: ''
-  Imphash: fbfa302bf7eb5d615d0968541ee49ce4
-  Authentihash:
-    MD5: 98a39fd9543c26e95548235dbed6f6ee
-    SHA1: 55a83548224d9dc156e1ba4b4bd1400cad060009
-    SHA256: aac9c11490da2ad5316469aa91943b42d019b51ff6f1d9d9767260abd075bb8f
-  RichPEHeaderHash:
-    MD5: 931e927cdf1c24d5817bff89dab85a64
-    SHA1: 4cd801fca152bbe24f5f38fd11ceb6376bcef450
-    SHA256: 7122c2c491e45b9bc338bcc38386cc39217d647ee94adc68881890034b241fb2
-  Sections:
-    .text:
-      Entropy: 6.323647044082133
-      Virtual Size: '0x36fe'
-    .rdata:
-      Entropy: 4.706224571856012
-      Virtual Size: '0x3b4'
-    .data:
-      Entropy: 0.34051109993725664
-      Virtual Size: '0x1bc'
-    .pdata:
-      Entropy: 4.140010388960332
-      Virtual Size: '0x1e0'
-    INIT:
-      Entropy: 5.131166362174372
-      Virtual Size: '0x4e8'
-    .rsrc:
-      Entropy: 3.574245952532775
-      Virtual Size: '0x488'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2015-09-05 21:28:20'
-  InternalName: ComputerZ.Sys
-  Copyright: "\u7248\u6743\u6240\u6709 (C) 2010-2015 www.ludashi.com"
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - RtlGetVersion
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IoGetDeviceAttachmentBaseRef
-  - PsGetVersion
-  - RtlCompareUnicodeString
-  - ObfDereferenceObject
-  - IoGetDeviceProperty
-  - RtlAnsiStringToUnicodeString
-  - RtlInitAnsiString
-  - RtlFreeUnicodeString
-  - IoDeleteDevice
-  - MmIsAddressValid
-  - IoBuildDeviceIoControlRequest
-  - KeInitializeEvent
-  - KeWaitForSingleObject
-  - IofCallDriver
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - SeTokenIsAdmin
-  - SeReleaseSubjectContext
-  - SeCaptureSubjectContext
-  - KeSetTimer
-  - KeInitializeTimerEx
-  - KeBugCheckEx
-  - RtlInitUnicodeString
-  - IoGetDeviceObjectPointer
-  - IoDeleteSymbolicLink
-  - __C_specific_handler
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO
-        Time Stamping Signer
-      ValidFrom: '2015-05-05 00:00:00'
-      ValidTo: '2015-12-31 23:59:59'
-      Signature: 0dbbad60111bb5f00dcce6483a7a3e0e33dc1cb9ead620fea34dd0cc764ee818d879dfd34f9a4264238a29728a3a6c66a63c3a17a8704565c673c3d0ce8954fbac690f58b019cb869f7eb97eeb5192bf9bddebd165f0257b887cdebda5c8b51451bcc081308a85387be679fe67559387fe4fe88d0eedf37292b5c289806dd159e31d0deab138ee039d0019a5ab219b79c3ccc23e687ebdc94d694db46451fbb22874e25389ce9dfaade2dbceab7b7e064474fd0aa3c9b7a730cd49d29264f122a6b828457479e9a7ce3b33f98350947d68c01d49c760787a3c6426d5befa0a6de41ee109538fa9c523acc79d614221f02c1671493b10af2c6f1ae631f114fd6c
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 009feac811b0f16247a5fc20d80523ace6
-      Version: 3
-      TBS:
-        MD5: b6aa9cf28bcfc9f07ec1069fb425ab61
-        SHA1: ca7a166fcd53878ba5a38d4cac37c63513cfc1fa
-        SHA256: 711394fc49f8948a831f687d42ced6b18514f57786ecc6cdbc3c3eb72e568a40
-        SHA384: ca01f9c9ed4e1ddff7126b7bbf618bc8132429886ca563f86655429e928739c621b9fdea6e04a623712cbb998c5c7d77
-    - Subject: ??=HK, ??=Private Organization, serialNumber=1848744, C=HK, ST=Hong
-        Kong, L=Hong Kong, O=QIHU 360 SOFTWARE CO. LIMITED, CN=QIHU 360 SOFTWARE CO.
-        LIMITED
-      ValidFrom: '2013-05-21 00:00:00'
-      ValidTo: '2016-05-20 23:59:59'
-      Signature: 587d78ec02924b2d33f7c5cc7040ac737c6fca831ea1f059e6a03b75fa436dee4b7ff5ac1c23878cf3427830d11a3ea28eb7e01e07866f5208f06e3f53b7804792c79d3d6ae28d86bf5389667f6bc26499ab3f426cf4ab0f25ba10e46ef47e398eeb7346bdf4c94dda781f9b8dd207d68694c24cccf6784993196d868768e64c839aaf875032fab8bc00e0e35d791b7c9d00527038d7913aba02ea1a4dca9b6058ce8189cb22bb35937213f6ce8737c2b58f621a0821e05b7d072cd7fc1907fac18804aac193183c922eba0364cc4b228c9e47ad2a593d08b7ba21e7357d957586d69497799e365d2371efa162e7ad188ac0cc3139abba389d2478b5579f0c8a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 541fda68b5e95006f2fec51bea326365
-      Version: 3
-      TBS:
-        MD5: f741ec6836bb74e2370476618157c432
-        SHA1: a392f40f4b3dc57727804cbeef660bbf9e2fbb69
-        SHA256: faf712aafed949a99bad324e153686c3e94f25ed38ecadbee3e7650f23bea634
-        SHA384: d2935b45e517522578d0a44e3654896b3dd991aef0091a60a1d22d3c695b07b4d8e9c0b36bab3b44c1fe1c12cf225f91
-    - Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 Extended Validation Code Signing CA
-      ValidFrom: '2012-06-07 00:00:00'
-      ValidTo: '2022-06-06 23:59:59'
-      Signature: 6af31dbc5f4dde03f949491dad3d761c96ba1b43e6f48602427578c70cc2e59dc4344f0ea9e94ab4be418487eaf487b44cdb10493bf7df1590ba84f8b747eb5b6550f3a34a7110167b1ce1f5d6edbf50566ff899b3a951b646aec697e0e79b0c153ebb287b31a300f32e8b8748128982ef095f490c909ec8f696a37b9a7513c847f03e3f6f0b50296c2b784c30fce4600c1340d63875a9077964fdca3ce4ef48930be00a48ff076b3b0283d166d5b9e198f40e9f69c42e552e01967d7e840c80767536cbfd4661f469cc1a9d642bba046ee91152da1299a15ab083c4bc4780a6274d007a36033cbe619863cb9f05ee8085eedd9592f7ee50d463dc8fa42479bf
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 6c59efa9e100e10ee306ba8fe0292559
-      Version: 3
-      TBS:
-        MD5: cc806ac6ce6822cccc165d63c1b8fa37
-        SHA1: 261a24e7b2648867017e7e852258ef87ab84c5f1
-        SHA256: a8b0af15f217006b33f9beafe49e22f7263776bdb82c268c97c4441a6c7357e6
-        SHA384: ce7e869a43aa2e17b7e4c0d78cabbca7b40d22c86e132153234d39b00ae426ceeef56c6ee8312f5ffda5c3f629a5dee1
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    Signer:
-    - SerialNumber: 541fda68b5e95006f2fec51bea326365
-      Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 Extended Validation Code Signing CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: "\u9C81\u5927\u5E08"
-  Date: ''
-  Description: Ludashi System Driver
-  FileVersion: 1.3.10.831
-  Filename: ''
-  MD5: 7c983b4e66c4697ad3ce7efc9166b505
-  MachineType: I386
-  OriginalFilename: ComputerZ.Sys
-  Product: Ludashi System Driver
-  ProductVersion: 1.3.10.831
-  Publisher: ''
-  SHA1: c9522cf7f6d6637aaff096b4b16b0d81f6ee1c37
-  SHA256: 898e07cf276ec2090b3e7ca7c192cc0fa10d6f13d989ef1cb5826ca9ce25b289
-  Signature: ''
-  Imphash: b142d772a67c40535c8d8fabb6861748
-  Authentihash:
-    MD5: 0409d64beac16333feb5bf09a356c1d7
-    SHA1: d9482598bd5adb287f06a8ff3d755060e9dab4fc
-    SHA256: aea066ef46a44a082e437c0fd68671ad77ee626f5864a0c2060e8fb970493635
-  RichPEHeaderHash:
-    MD5: 45205f6fbd955e6f411225db2c836af9
-    SHA1: 123f4b488a573fbe556339280d0485feb65fc9a1
-    SHA256: a59884d16bd282a5d177da9ed228fe715c89a3682deeced17bd47246b0ad7e6a
-  Sections:
-    .text:
-      Entropy: 6.335177184348483
-      Virtual Size: '0xd70'
-    .rdata:
-      Entropy: 4.100383532062172
-      Virtual Size: '0x164'
-    .data:
-      Entropy: 2.5
-      Virtual Size: '0x8'
-    INIT:
-      Entropy: 5.3767437075552635
-      Virtual Size: '0x30e'
-    .rsrc:
-      Entropy: 3.453089760048433
-      Virtual Size: '0x3e8'
-    .reloc:
-      Entropy: 4.119974163480037
-      Virtual Size: '0xde'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2010-09-01 02:09:24'
-  InternalName: ComputerZ.Sys
-  Copyright: Copyright (C) 2008-2010 www.ludashi.com
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - _except_handler3
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - READ_REGISTER_BUFFER_ULONG
-  - WRITE_REGISTER_ULONG
-  - WRITE_REGISTER_UCHAR
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - ObfDereferenceObject
-  - MmIsAddressValid
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - RtlAnsiStringToUnicodeString
-  - RtlInitAnsiString
-  - PsGetVersion
-  - KeWaitForSingleObject
-  - IofCallDriver
-  - IoBuildDeviceIoControlRequest
-  - KeInitializeEvent
-  - KeTickCount
-  - KeBugCheckEx
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=CN, ST=Sichuan, L=Chengdu, O=Chengdu Qiying Technology Co.,Ltd.,
-        OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=Chengdu Qiying
-        Technology Co.,Ltd.
-      ValidFrom: '2010-03-31 00:00:00'
-      ValidTo: '2011-03-31 23:59:59'
-      Signature: 1faadccc76ce27891191f3b98a4feaac1220aa61f9a07540f1de38346f466d20bb5ecda07db57aaffc5b472a5d47f928fb717b5d407aff12311fe9cac2daa7fca057a85d34058cf2c02ae2c5168e7f99c7d065b9cd2ac1beda4c9d7fdf0caf7030b821b71bae2a0d17ccbc829b469407cddec7a1fbf93d8c0364b79231b978b227ea09dc6be8d83da1b430c6a1945254bdc987341ac9bccc93c74eb006e9960a38e74815a549617678b00857098adbac42783d88babc75de8e1569fe05b4c74a79e2e423e296b4f1585db891a257dd4b82167cbc8efcd6ae322c0d778036a8fd4b549e736ba03dff6c3a8835b9279fab3639b610554c87bfa6630d8b7a07e6c3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 61359ac44514d781769fd643666b4572
-      Version: 3
-      TBS:
-        MD5: 416fc5d0038211bf34811efeff6d562f
-        SHA1: e0acbd39e2fa410a22c96e2a3eaea4342a626f40
-        SHA256: 843e587edb9c53b2fbbf84cd90b217af016da1330905b25c16bb059a26b5726e
-        SHA384: 1a1167bbac2b00e60c10a4c1dc1d0f5105c42582b1a39e05a1d60710d97a24c6ff76fe73700f0fb0e1e03f27aebb7697
-    Signer:
-    - SerialNumber: 61359ac44514d781769fd643666b4572
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: 360.cn
-  Date: ''
-  Description: Ludashi System Driver
-  FileVersion: 1.6.12.1018
-  Filename: ''
-  MD5: 2c47725db0c5eb5c2ecc32ff208bceb6
-  MachineType: I386
-  OriginalFilename: ComputerZ.Sys
-  Product: "360\u786C\u4EF6\u5927\u5E08"
-  ProductVersion: 1.6.12.1018
-  Publisher: ''
-  SHA1: 55777e18eb95b6c9c3e6df903f0ac36056fa83da
-  SHA256: 8d3347c93dff62eecdde22ccc6ba3ce8c0446874738488527ea76d0645341409
-  Signature: ''
-  Imphash: f9b9487f25a2c1e08c02f391387c5323
-  Authentihash:
-    MD5: 354edd67437778970468a5bdd16186f7
-    SHA1: 9122dd6d5a86c5324768bd68b02770a39d591e8e
-    SHA256: 665b45ff2a2054ffdb3ea55031802c1d7fd3db843ecbcf74b227e0200b37cd56
-  RichPEHeaderHash:
-    MD5: 9c097c5f0dbfddee14b43b091fd5d78d
-    SHA1: 67b637975685265ef26bda5b8bae555ba81a7f0c
-    SHA256: 95b228876243446bbf5a24243dccd159e39c09cd4001f7d385c5234f79be7b53
-  Sections:
-    .text:
-      Entropy: 6.3509986625630095
-      Virtual Size: '0x2710'
-    .rdata:
-      Entropy: 4.048623584523366
-      Virtual Size: '0x194'
-    .data:
-      Entropy: 1.1225846798245738
-      Virtual Size: '0x50'
-    INIT:
-      Entropy: 5.474429971377343
-      Virtual Size: '0x448'
-    .rsrc:
-      Entropy: 3.5283745729717517
-      Virtual Size: '0x3b0'
-    .reloc:
-      Entropy: 5.265565775816046
-      Virtual Size: '0x1d8'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2012-11-07 03:16:34'
-  InternalName: ComputerZ.Sys
-  Copyright: "\u7248\u6743\u6240\u6709 (C) 2010-2012 360.cn"
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - IoGetDeviceProperty
-  - RtlCompareUnicodeString
-  - ObfDereferenceObject
-  - IoGetDeviceAttachmentBaseRef
-  - PsGetVersion
-  - MmIsAddressValid
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - RtlAnsiStringToUnicodeString
-  - RtlInitAnsiString
-  - KeWaitForSingleObject
-  - IofCallDriver
-  - IoBuildDeviceIoControlRequest
-  - KeInitializeEvent
-  - MmUnmapIoSpace
-  - READ_REGISTER_BUFFER_UCHAR
-  - MmMapIoSpace
-  - READ_REGISTER_BUFFER_ULONG
-  - WRITE_REGISTER_ULONG
-  - WRITE_REGISTER_UCHAR
-  - KeSetTimer
-  - KeInitializeTimerEx
-  - _allmul
-  - SeReleaseSubjectContext
-  - SeTokenIsAdmin
-  - SeCaptureSubjectContext
-  - KeTickCount
-  - KeBugCheckEx
-  - RtlUnwind
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G3
-      ValidFrom: '2012-05-01 00:00:00'
-      ValidTo: '2012-12-31 23:59:59'
-      Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
-      Version: 3
-      TBS:
-        MD5: e6d820afb23af20a65cf0b03247ea05e
-        SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
-        SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
-        SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=CN, ST=Beijing, L=Beijing, O=360.cn, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=360.cn
-      ValidFrom: '2010-03-16 00:00:00'
-      ValidTo: '2013-03-15 23:59:59'
-      Signature: 1d035b2e51207ee0aaa7a8618092198204b6614406a8f9057f4160de8e165777f5c7d7f1f3ba768043881dbabc4a1ffa7d3044d7f5ef0f2658173fce2a1735ba9034873c94c7865ec78160b9b00815e253a60a2eeea8b8f68cc144d47419046c97fdbf690ac7755e84230dfa0e8f4f1aaccf8f6589d9ad9f160988f4c8cc5a73c4241c74ea6770042ed7496fd6b7aa7ae64c3741aa3a1f004c75d2a9f25e0d1ac53e9dd13d2067c963a9eb089517a9d4b5a805f1d9c72c61efea0b898eaf9fb2c6e23e785c00e0b6f53e91ba0f343060ee50bdb7e41c17b25cc389e12022d1388b6af77d3031eb65febf236b795b500a49e1fe6ad9139ad09ababb9fcea00f3b
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 74f2958d31d03eb042f9081555305277
-      Version: 3
-      TBS:
-        MD5: 4f5c7d4f95e9d6a9749876f33ae138c4
-        SHA1: 3666bdaf7b0d6a9019d5111e2ffd0bf06587dd58
-        SHA256: f5b44adb5d25d0e309ae2f5db3f1e2428ef0b7332f8afcc2086786485aa7c162
-        SHA384: ae0b037429f9c36e2925d6be76b2535f8a66c6d81b07252c63ce74af493bb31d5d52c276de95cdc4c71ba56bdf7148e4
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    Signer:
-    - SerialNumber: 74f2958d31d03eb042f9081555305277
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: 360.cn
-  Date: ''
-  Description: Ludashi System Driver
-  FileVersion: 1.6.11.415
-  Filename: ''
-  MD5: 44499d3cab387aa78a4a6eca2ac181fb
-  MachineType: AMD64
-  OriginalFilename: ComputerZ.Sys
-  Product: "360\u786C\u4EF6\u5927\u5E08"
-  ProductVersion: 1.6.11.415
-  Publisher: ''
-  SHA1: db3ce886a47027c09bb668c7049362ab86c82ceb
-  SHA256: a34e45e5bbec861e937aefb3cbb7c8818f72df2082029e43264c2b361424cbb1
-  Signature: ''
-  Imphash: fffbca93e6322995552b841c7d65b033
-  Authentihash:
-    MD5: 2ed9b1d5cc2f688a6b836c4be1a64981
-    SHA1: 970b6f1cc81ce6cb7fb2e2f5d9f3b159dce86c10
-    SHA256: 19f89530b8caf720c91c82977132bb1fb2afe695b426b51a1ae1b35570805f32
-  RichPEHeaderHash:
-    MD5: c6a84fd8b9ad9825f80dad9cd0c9e192
-    SHA1: 2955d54729fcdec5454796a4decd2ce2fd49f167
-    SHA256: d409b635f972a6ced87c5ac14d62792a70f26f226099fc41075fbcea4daf6f29
-  Sections:
-    .text:
-      Entropy: 6.333816389043476
-      Virtual Size: '0x280e'
-    .rdata:
-      Entropy: 4.645005881454265
-      Virtual Size: '0x308'
-    .data:
-      Entropy: 0.41099431917639
-      Virtual Size: '0x164'
-    .pdata:
-      Entropy: 3.898904923251171
-      Virtual Size: '0x180'
-    INIT:
-      Entropy: 5.095356237769951
-      Virtual Size: '0x470'
-    .rsrc:
-      Entropy: 3.5180039714066043
-      Virtual Size: '0x3b0'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2011-04-15 03:21:45'
-  InternalName: ComputerZ.Sys
-  Copyright: "\u7248\u6743\u6240\u6709 (C) 2010-2011 360.cn"
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IoGetDeviceAttachmentBaseRef
-  - PsGetVersion
-  - RtlCompareUnicodeString
-  - ObfDereferenceObject
-  - IoGetDeviceProperty
-  - RtlAnsiStringToUnicodeString
-  - RtlInitAnsiString
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - MmIsAddressValid
-  - IoBuildDeviceIoControlRequest
-  - KeInitializeEvent
-  - KeWaitForSingleObject
-  - IofCallDriver
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - SeTokenIsAdmin
-  - SeReleaseSubjectContext
-  - SeCaptureSubjectContext
-  - KeSetTimer
-  - KeInitializeTimerEx
-  - KeBugCheckEx
-  - __C_specific_handler
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=CN, ST=Sichuan, L=Chengdu, O=Chengdu Qiying Technology Co.,Ltd.,
-        OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=Chengdu Qiying
-        Technology Co.,Ltd.
-      ValidFrom: '2011-03-24 00:00:00'
-      ValidTo: '2012-04-21 23:59:59'
-      Signature: cd066ca62f5db4c9ca07274bc3f10d7e1e9a9beb90957073cfd2fd65e8bfd419db87e5fcf772c2b099bdff5de2412caa65069a5502a69ecaf6ad4659e901a8837c2bfd3bd81ea1305378c81d53cc4384010bf48d51c86f43586f22e546e41df4f5dc7f5cb73a24f7da0661c38eca09982e8fe91275f412aacec0842ce28efeb295c88ad1c74fcdbd744ec90640da8620ba02e7a2ab4857c8fccaf7de1268e513b8bbac9407f0a9fa59194d70659e46111ab4cd5f1fce1b97c663ceea671c055659e1d24cbe3f4cfb366ecc89f350f1a54eb1fcd3f5dbfc0efef9cb4b0e71996a94aaa92380859fa92371593420e258d0a14d09dc9bfd6c4b528c83d439b44abf
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 4eb872f0c388229ae038b56303fcfdd5
-      Version: 3
-      TBS:
-        MD5: 08ba4b408576a45f9ae47b3bb6bee468
-        SHA1: 8701103a3c6f007be112d5f0d1cdfe32f73d1c02
-        SHA256: 8ba1e1472491da70d5de5d5b6e754d3217893f3abea2877e228c0bfccf07e8b2
-        SHA384: d63bb928f6a887680169cb72c13b8a402c574766848035406c9fb119643f7f7a04852ccdfbddf0ff673d7189e4aa09f4
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 4eb872f0c388229ae038b56303fcfdd5
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: 360.cn
-  Date: ''
-  Description: Ludashi System Driver
-  FileVersion: 1.6.11.1008
-  Filename: ''
-  MD5: 637f2708da54e792c27f1141d5bb09cd
-  MachineType: I386
-  OriginalFilename: ComputerZ.Sys
-  Product: "360\u786C\u4EF6\u5927\u5E08"
-  ProductVersion: 1.6.11.1008
-  Publisher: ''
-  SHA1: dc393d30453daa1f853f47797e48c142ac77a37b
-  SHA256: a97b404aae301048e0600693457c3320d33f395e9312938831bc5a0e808f2e67
-  Signature: ''
-  Imphash: f9b9487f25a2c1e08c02f391387c5323
-  Authentihash:
-    MD5: 0a03c413e989714fc0d43f4174cb29c7
-    SHA1: 6777ce9e28ffe884bec45588db510295995c3eb7
-    SHA256: 87279855c17e3924ebfa07f51c1312d0e107f990f4ae174807ac4814da6179ac
-  RichPEHeaderHash:
-    MD5: 2b333a796628f5a6167204d8386db243
-    SHA1: 42eee62246749bc7f1c13620a762c056e9d0a754
-    SHA256: 78a5ad5e597ace30219e94d7082fb7d502c98948841e6885741e72d94d058d3b
-  Sections:
-    .text:
-      Entropy: 6.33722266411958
-      Virtual Size: '0x25ec'
-    .rdata:
-      Entropy: 4.055089931454665
-      Virtual Size: '0x194'
-    .data:
-      Entropy: 0.9185644431995964
-      Virtual Size: '0x40'
-    INIT:
-      Entropy: 5.440242429774388
-      Virtual Size: '0x448'
-    .rsrc:
-      Entropy: 3.5259556360992286
-      Virtual Size: '0x3b0'
-    .reloc:
-      Entropy: 5.274136623805015
-      Virtual Size: '0x1d2'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2011-10-07 22:15:21'
-  InternalName: ComputerZ.Sys
-  Copyright: "\u7248\u6743\u6240\u6709 (C) 2010-2011 360.cn"
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - IoGetDeviceProperty
-  - RtlCompareUnicodeString
-  - ObfDereferenceObject
-  - IoGetDeviceAttachmentBaseRef
-  - PsGetVersion
-  - MmIsAddressValid
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - RtlAnsiStringToUnicodeString
-  - RtlInitAnsiString
-  - KeWaitForSingleObject
-  - IofCallDriver
-  - IoBuildDeviceIoControlRequest
-  - KeInitializeEvent
-  - MmUnmapIoSpace
-  - READ_REGISTER_BUFFER_UCHAR
-  - MmMapIoSpace
-  - READ_REGISTER_BUFFER_ULONG
-  - WRITE_REGISTER_ULONG
-  - WRITE_REGISTER_UCHAR
-  - KeSetTimer
-  - KeInitializeTimerEx
-  - _allmul
-  - SeReleaseSubjectContext
-  - SeTokenIsAdmin
-  - SeCaptureSubjectContext
-  - KeTickCount
-  - KeBugCheckEx
-  - RtlUnwind
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=CN, ST=Sichuan, L=Chengdu, O=Chengdu Qiying Technology Co.,Ltd.,
-        OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=Chengdu Qiying
-        Technology Co.,Ltd.
-      ValidFrom: '2011-03-24 00:00:00'
-      ValidTo: '2012-04-21 23:59:59'
-      Signature: cd066ca62f5db4c9ca07274bc3f10d7e1e9a9beb90957073cfd2fd65e8bfd419db87e5fcf772c2b099bdff5de2412caa65069a5502a69ecaf6ad4659e901a8837c2bfd3bd81ea1305378c81d53cc4384010bf48d51c86f43586f22e546e41df4f5dc7f5cb73a24f7da0661c38eca09982e8fe91275f412aacec0842ce28efeb295c88ad1c74fcdbd744ec90640da8620ba02e7a2ab4857c8fccaf7de1268e513b8bbac9407f0a9fa59194d70659e46111ab4cd5f1fce1b97c663ceea671c055659e1d24cbe3f4cfb366ecc89f350f1a54eb1fcd3f5dbfc0efef9cb4b0e71996a94aaa92380859fa92371593420e258d0a14d09dc9bfd6c4b528c83d439b44abf
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 4eb872f0c388229ae038b56303fcfdd5
-      Version: 3
-      TBS:
-        MD5: 08ba4b408576a45f9ae47b3bb6bee468
-        SHA1: 8701103a3c6f007be112d5f0d1cdfe32f73d1c02
-        SHA256: 8ba1e1472491da70d5de5d5b6e754d3217893f3abea2877e228c0bfccf07e8b2
-        SHA384: d63bb928f6a887680169cb72c13b8a402c574766848035406c9fb119643f7f7a04852ccdfbddf0ff673d7189e4aa09f4
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 4eb872f0c388229ae038b56303fcfdd5
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: 360.cn
-  Date: ''
-  Description: Ludashi System Driver
-  FileVersion: 1.6.14.1021
-  Filename: ''
-  MD5: 3f29f651a3c4ff5ce16d61deccf46618
-  MachineType: AMD64
-  OriginalFilename: ComputerZ.Sys
-  Product: "\u9C81\u5927\u5E08"
-  ProductVersion: 1.6.14.1021
-  Publisher: ''
-  SHA1: cb0bc86d437ab78c1fbefdaf1af965522ebdd65d
-  SHA256: bc453d428fc224960fa8cbbaf90c86ce9b4c8c30916ad56e525ab19b6516424e
-  Signature: ''
-  Imphash: fffbca93e6322995552b841c7d65b033
-  Authentihash:
-    MD5: 8537ac04b83bb2ce5905e04cbbabe409
-    SHA1: d5c80e72827bea03340b9f23c46c8a00fe9d20f8
-    SHA256: a4c9fdd68c1f70df223d50d849fb83d11b1abc2256b8916e195f32360bb647ad
-  RichPEHeaderHash:
-    MD5: 7f4fe28fbea8250d1d89c107bf8aa820
-    SHA1: 2c88a39230384654a89546d9eae4394786648eeb
-    SHA256: ac21ab9c51c4a7d30efd0f08fc44428e2d46890849b3413fc8c4a4239c468130
-  Sections:
-    .text:
-      Entropy: 6.318474008501602
-      Virtual Size: '0x2fae'
-    .rdata:
-      Entropy: 4.600644395447569
-      Virtual Size: '0x33c'
-    .data:
-      Entropy: 0.3888300330017545
-      Virtual Size: '0x17c'
-    .pdata:
-      Entropy: 4.038325406004775
-      Virtual Size: '0x1c8'
-    INIT:
-      Entropy: 5.1042520300899135
-      Virtual Size: '0x470'
-    .rsrc:
-      Entropy: 3.558317788181056
-      Virtual Size: '0x480'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2014-02-24 19:36:50'
-  InternalName: ComputerZ.Sys
-  Copyright: "\u7248\u6743\u6240\u6709 (C) 2010-2014 www.ludashi.com"
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IoGetDeviceAttachmentBaseRef
-  - PsGetVersion
-  - RtlCompareUnicodeString
-  - ObfDereferenceObject
-  - IoGetDeviceProperty
-  - RtlAnsiStringToUnicodeString
-  - RtlInitAnsiString
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - MmIsAddressValid
-  - IoBuildDeviceIoControlRequest
-  - KeInitializeEvent
-  - KeWaitForSingleObject
-  - IofCallDriver
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - SeTokenIsAdmin
-  - SeReleaseSubjectContext
-  - SeCaptureSubjectContext
-  - KeSetTimer
-  - KeInitializeTimerEx
-  - KeBugCheckEx
-  - __C_specific_handler
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO
-        Time Stamping Signer
-      ValidFrom: '2010-05-10 00:00:00'
-      ValidTo: '2015-05-10 23:59:59'
-      Signature: c8fb63f80b75752c3af1f213a72db6a31a9cad0107d3348e77e0c26eae025d484fa4d221b636fd2a35437c6bdf80870b15f0763200b4ceb567a42f2f201b9c549e833f1f5f149562820f2241221f70b3f3f742de6c51cd4bf821ac9b3b8cb1e5e6288fce2a8af9aa524d8c5b77ba4d5a58dbbb6a04cc521e9de228370ebbe70e91c7f8dbf18198ebcd37b30eab65d362ec3aa576eb13a83593c92e0a01ecc0e8cc3d7eb6ebe2c1ecd3149282668750dcfd5097acb34a767306c486113ab35f4304526feab3d074364ccaf11b7984377063ad74b9aa0ef398b08608ebdbe01f8c10f239649bae4f0a2c928a4f18b591e58d1a935f1faef1a6f02e97d0d2f62b3c
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 478a8efb59e1d83f0ce142d2a28707be
-      Version: 3
-      TBS:
-        MD5: f13ede9179075999ef7f856ec31e364b
-        SHA1: 2f09867166e6107e17808317f5c8d4ee157f45bc
-        SHA256: 089a2c4c6ac7432020acdb65c33bf39130da6f37c002ba79128bd4c94e4fa101
-        SHA384: 67be6d358f4ecd0726163603a404db9d78c340951d43fd608482cd89a2de7f9566f0ce45f8222f420003157cb266b939
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=CN, ST=Beijing, L=Beijing, O=Qihoo 360 Software (Beijing) Company
-        Limited, OU=Digital ID Class 3 , Microsoft Software Validation v2, OU=Tech.
-        Dev. Dept., CN=Qihoo 360 Software (Beijing) Company Limited
-      ValidFrom: '2013-03-11 00:00:00'
-      ValidTo: '2016-03-10 23:59:59'
-      Signature: b1e984808fbc7d3658d18d137c68f1277611af3e98408e495fd55de202bc04f7dc44ae362658e6b5f9dd97b5b383b94723bae937b8fb9e75bb92317a85bcee1989c90c318216da71629f3147ae647502e71e360d16b7cf7006927282265eb0014300650595d1cccc07ed28d9df246055981cec3485bc3173aef9b76912a6cbb2766fa5363e1fc0a91d4679db92e1e1b8dc84e1a14de55324d522670f9e574714b2959ea7a89db456e3debd34d35bbe6403389421ac76615e4ce194990b325132fa62279f31e86fb7043627343fef7118672d5f1ce4666a594d746bb3c69bf123f27c6cb24079fc490a382286d4e85fc118ca9a4612dda448b84a25bcd0fa2cf1
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 51bd5d8e45b82a0210f17fe4c5233468
-      Version: 3
-      TBS:
-        MD5: ad73c81b3174cc055d9718b2145a3d1f
-        SHA1: 0cb9e92828857976774a9fe96c016cdc67a25e6d
-        SHA256: 2c5d88401dfeec2ebf814e09d0d0faec9d109a503d427da4a7f3e0dec5ae0b6c
-        SHA384: 48c38329eb7f200be0d48acddabdb93c354dd1b8b3c3ce955a23638a4e2e32dd7d0f3a4f227a2b6382adc95e746cc411
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 51bd5d8e45b82a0210f17fe4c5233468
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: 360.cn
-  Date: ''
-  Description: Ludashi System Driver
-  FileVersion: 1.6.11.1129
-  Filename: ''
-  MD5: 639252292bb40b3f10f8a6842aee3cd4
-  MachineType: I386
-  OriginalFilename: ComputerZ.Sys
-  Product: "360\u786C\u4EF6\u5927\u5E08"
-  ProductVersion: 1.6.11.1129
-  Publisher: ''
-  SHA1: 283c7dc5b029dbc41027df16716ec12761a53df8
-  SHA256: c186967cc4f2a0cb853c9796d3ea416d233e48e735f02b1bb013967964e89778
-  Signature: ''
-  Imphash: f9b9487f25a2c1e08c02f391387c5323
-  Authentihash:
-    MD5: f178294b652c780d5966a83b20fc39fe
-    SHA1: a039b1b3f9bc2f71a37fb0270076d17f03e9a73a
-    SHA256: a787df19468ba5fce5de825983251507867c6d3ff72d93e19466f2201013bab9
-  RichPEHeaderHash:
-    MD5: 2b333a796628f5a6167204d8386db243
-    SHA1: 42eee62246749bc7f1c13620a762c056e9d0a754
-    SHA256: 78a5ad5e597ace30219e94d7082fb7d502c98948841e6885741e72d94d058d3b
-  Sections:
-    .text:
-      Entropy: 6.335180585490983
-      Virtual Size: '0x261c'
-    .rdata:
-      Entropy: 4.035903421740524
-      Virtual Size: '0x194'
-    .data:
-      Entropy: 0.9185644431995964
-      Virtual Size: '0x40'
-    INIT:
-      Entropy: 5.440242429774388
-      Virtual Size: '0x448'
-    .rsrc:
-      Entropy: 3.5254013224830625
-      Virtual Size: '0x3b0'
-    .reloc:
-      Entropy: 5.2921858814119345
-      Virtual Size: '0x1d4'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2011-11-30 03:27:03'
-  InternalName: ComputerZ.Sys
-  Copyright: "\u7248\u6743\u6240\u6709 (C) 2010-2011 360.cn"
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - IoGetDeviceProperty
-  - RtlCompareUnicodeString
-  - ObfDereferenceObject
-  - IoGetDeviceAttachmentBaseRef
-  - PsGetVersion
-  - MmIsAddressValid
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - RtlAnsiStringToUnicodeString
-  - RtlInitAnsiString
-  - KeWaitForSingleObject
-  - IofCallDriver
-  - IoBuildDeviceIoControlRequest
-  - KeInitializeEvent
-  - MmUnmapIoSpace
-  - READ_REGISTER_BUFFER_UCHAR
-  - MmMapIoSpace
-  - READ_REGISTER_BUFFER_ULONG
-  - WRITE_REGISTER_ULONG
-  - WRITE_REGISTER_UCHAR
-  - KeSetTimer
-  - KeInitializeTimerEx
-  - _allmul
-  - SeReleaseSubjectContext
-  - SeTokenIsAdmin
-  - SeCaptureSubjectContext
-  - KeTickCount
-  - KeBugCheckEx
-  - RtlUnwind
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=CN, ST=Beijing, L=Beijing, O=360.cn, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=360.cn
-      ValidFrom: '2010-03-16 00:00:00'
-      ValidTo: '2013-03-15 23:59:59'
-      Signature: 1d035b2e51207ee0aaa7a8618092198204b6614406a8f9057f4160de8e165777f5c7d7f1f3ba768043881dbabc4a1ffa7d3044d7f5ef0f2658173fce2a1735ba9034873c94c7865ec78160b9b00815e253a60a2eeea8b8f68cc144d47419046c97fdbf690ac7755e84230dfa0e8f4f1aaccf8f6589d9ad9f160988f4c8cc5a73c4241c74ea6770042ed7496fd6b7aa7ae64c3741aa3a1f004c75d2a9f25e0d1ac53e9dd13d2067c963a9eb089517a9d4b5a805f1d9c72c61efea0b898eaf9fb2c6e23e785c00e0b6f53e91ba0f343060ee50bdb7e41c17b25cc389e12022d1388b6af77d3031eb65febf236b795b500a49e1fe6ad9139ad09ababb9fcea00f3b
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 74f2958d31d03eb042f9081555305277
-      Version: 3
-      TBS:
-        MD5: 4f5c7d4f95e9d6a9749876f33ae138c4
-        SHA1: 3666bdaf7b0d6a9019d5111e2ffd0bf06587dd58
-        SHA256: f5b44adb5d25d0e309ae2f5db3f1e2428ef0b7332f8afcc2086786485aa7c162
-        SHA384: ae0b037429f9c36e2925d6be76b2535f8a66c6d81b07252c63ce74af493bb31d5d52c276de95cdc4c71ba56bdf7148e4
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 74f2958d31d03eb042f9081555305277
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: "\u9C81\u5927\u5E08"
-  Date: ''
-  Description: Ludashi System Driver
-  FileVersion: 1.3.9.1105
-  Filename: ''
-  MD5: fc90bcc43daa48882be359a17b71abf7
-  MachineType: I386
-  OriginalFilename: ComputerZ.Sys
-  Product: Ludashi System Driver
-  ProductVersion: 1.3.9.1105
-  Publisher: ''
-  SHA1: fd87b70f94674b02d62bb01ae6e62d75c618f5c8
-  SHA256: c586befc3fd561fcbf1cf706214ae2adaa43ce9ba760efd548d581f60deafc65
-  Signature: ''
-  Imphash: aa01c534155ce919d797860feb531eae
-  Authentihash:
-    MD5: feae6741229e64efb2889fcd6d6bc131
-    SHA1: ff8da3c092493ef21ee39716a235017983c4613a
-    SHA256: 91e5f702691772cd1291ffbd2b645f06fda3b7b2c31c04ca28a3f4d728875cc6
-  RichPEHeaderHash:
-    MD5: cae87838f37604d4b8f003c0d590e5bb
-    SHA1: d4b28c31e80907f6bd84fe8e4314d668c210445e
-    SHA256: 4e1ad16067127d28cb204ff3ff60dca828193d4db6e512c22680378e86e17b85
-  Sections:
-    .text:
-      Entropy: 6.352607635573136
-      Virtual Size: '0xe2e'
-    .rdata:
-      Entropy: 3.7784703382082094
-      Virtual Size: '0x174'
-    .data:
-      Entropy: 3.0
-      Virtual Size: '0x8'
-    INIT:
-      Entropy: 5.294788001273783
-      Virtual Size: '0x2d4'
-    .rsrc:
-      Entropy: 3.4637488906864458
-      Virtual Size: '0x3e8'
-    .reloc:
-      Entropy: 4.279777518236358
-      Virtual Size: '0xde'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2009-11-04 23:10:36'
-  InternalName: ComputerZ.Sys
-  Copyright: Copyright (C) 2008-2009 www.ludashi.com
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - READ_REGISTER_BUFFER_ULONG
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - ObfDereferenceObject
-  - MmIsAddressValid
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - RtlAnsiStringToUnicodeString
-  - RtlInitAnsiString
-  - PsGetVersion
-  - memset
-  - KeWaitForSingleObject
-  - IofCallDriver
-  - IoBuildDeviceIoControlRequest
-  - KeInitializeEvent
-  - KeTickCount
-  - KeBugCheckEx
-  - RtlUnwind
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=CN, ST=Sichuan, L=Chengdu, O=Chengdu Ceshi Technology Co., Ltd.,
-        OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=Chengdu Ceshi
-        Technology Co., Ltd.
-      ValidFrom: '2009-04-15 00:00:00'
-      ValidTo: '2010-04-15 23:59:59'
-      Signature: 549eec17f9cd3716a7cc614eea198f2b8d9edba364f12ab4125f12eb4cac123dcce01a74d1ce495e315634056aed2da25796b5d76d087c574f1c167b2173ae89fd2f4422570d34fe9d190cd180540b3740315368b662331b6bd21801d6ea7799fad9e98ae700043fc390c7d80d5380ec9c8be85c61af32f9e68b3b8a7bddcf92838656239378c10dbeb53d4a24717aa5bb88fa27029fdfea789cb9aaa2c4085caaf6e31f1c9b346c9fd6d88202494e10966a806c4b56127c41da7a57704cff33b4b104ce07efcbf2e72abee09654b2fc9b862439bb6dac6551acda2c8b0a8ad6b40f33912eb2964be9668a08c6b8121b2b96f619e5b6bbaf1d033d3fb80403b6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 2b7f0f1afe0f348edec71b75a47165b8
-      Version: 3
-      TBS:
-        MD5: 051f7966823abbbf31c49631ca95b4c5
-        SHA1: 3b53e6177f766345accfa2ec3124a18e0a025e17
-        SHA256: b4e6bd3ca86f6af669589e3f15b86387655214e7d7312835ffd23a6618cee060
-        SHA384: f86eada997b14af71058b08a8d7a3699cd2bb7e59a88faa104694fddd0ccd31ac01ad6fa633b19b69b730b2bc360af46
-    Signer:
-    - SerialNumber: 2b7f0f1afe0f348edec71b75a47165b8
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: ludashi.com
-  Date: ''
-  Description: Ludashi System Driver
-  FileVersion: 1.6.15.1040
-  Filename: ''
-  MD5: b3f132ce34207b7be899f4978276b66d
-  MachineType: AMD64
-  OriginalFilename: ComputerZ.Sys
-  Product: "\u9C81\u5927\u5E08"
-  ProductVersion: 1.6.15.1040
-  Publisher: ''
-  SHA1: 64ab599d34c26f53afe076a84c54db7ba1a53def
-  SHA256: c6a5663f20e5cee2c92dee43a0f2868fb0af299f842410f4473dcde7abcb6413
-  Signature: ''
-  Imphash: 8605f70bcc472025c2e78082388ed00b
-  Authentihash:
-    MD5: 7d373fafa023e5b902445344dd3d77a7
-    SHA1: cd7bada894ae8d5f33743aae9dbd8bfe9a2a174c
-    SHA256: 72805e13777a39b440ef381720c0491e6091f9cb6c7b387be33ca5491fcfbfbd
-  RichPEHeaderHash:
-    MD5: 826de2c3aea31053da9da897889f3348
-    SHA1: a1633512b0e89a25159b9307359ddf6e5f2f7bed
-    SHA256: 9ddf0cd70876bc913f0f2cd63a8089e05955a0285f0b909b89d6fe840c7d580d
-  Sections:
-    .text:
-      Entropy: 6.310750560250082
-      Virtual Size: '0x35ce'
-    .rdata:
-      Entropy: 4.686623509854251
-      Virtual Size: '0x39c'
-    .data:
-      Entropy: 0.3458408061738237
-      Virtual Size: '0x1b4'
-    .pdata:
-      Entropy: 4.151701495382954
-      Virtual Size: '0x1e0'
-    INIT:
-      Entropy: 5.142822127329028
-      Virtual Size: '0x4d0'
-    .rsrc:
-      Entropy: 3.5686810464191256
-      Virtual Size: '0x488'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2015-08-23 22:29:24'
-  InternalName: ComputerZ.Sys
-  Copyright: "\u7248\u6743\u6240\u6709 (C) 2010-2015 www.ludashi.com"
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IoGetDeviceAttachmentBaseRef
-  - PsGetVersion
-  - RtlCompareUnicodeString
-  - ObfDereferenceObject
-  - IoGetDeviceProperty
-  - RtlAnsiStringToUnicodeString
-  - RtlInitAnsiString
-  - RtlFreeUnicodeString
-  - IoDeleteDevice
-  - MmIsAddressValid
-  - IoBuildDeviceIoControlRequest
-  - KeInitializeEvent
-  - KeWaitForSingleObject
-  - IofCallDriver
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - SeTokenIsAdmin
-  - SeReleaseSubjectContext
-  - SeCaptureSubjectContext
-  - KeSetTimer
-  - KeInitializeTimerEx
-  - KeBugCheckEx
-  - RtlInitUnicodeString
-  - IoGetDeviceObjectPointer
-  - IoDeleteSymbolicLink
-  - __C_specific_handler
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO
-        Time Stamping Signer
-      ValidFrom: '2015-05-05 00:00:00'
-      ValidTo: '2015-12-31 23:59:59'
-      Signature: 0dbbad60111bb5f00dcce6483a7a3e0e33dc1cb9ead620fea34dd0cc764ee818d879dfd34f9a4264238a29728a3a6c66a63c3a17a8704565c673c3d0ce8954fbac690f58b019cb869f7eb97eeb5192bf9bddebd165f0257b887cdebda5c8b51451bcc081308a85387be679fe67559387fe4fe88d0eedf37292b5c289806dd159e31d0deab138ee039d0019a5ab219b79c3ccc23e687ebdc94d694db46451fbb22874e25389ce9dfaade2dbceab7b7e064474fd0aa3c9b7a730cd49d29264f122a6b828457479e9a7ce3b33f98350947d68c01d49c760787a3c6426d5befa0a6de41ee109538fa9c523acc79d614221f02c1671493b10af2c6f1ae631f114fd6c
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 009feac811b0f16247a5fc20d80523ace6
-      Version: 3
-      TBS:
-        MD5: b6aa9cf28bcfc9f07ec1069fb425ab61
-        SHA1: ca7a166fcd53878ba5a38d4cac37c63513cfc1fa
-        SHA256: 711394fc49f8948a831f687d42ced6b18514f57786ecc6cdbc3c3eb72e568a40
-        SHA384: ca01f9c9ed4e1ddff7126b7bbf618bc8132429886ca563f86655429e928739c621b9fdea6e04a623712cbb998c5c7d77
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=CN, ST=Beijing, L=Beijing, O=Qihoo 360 Software (Beijing) Company
-        Limited, OU=Digital ID Class 3 , Microsoft Software Validation v2, OU=Tech.
-        Dev. Dept., CN=Qihoo 360 Software (Beijing) Company Limited
-      ValidFrom: '2013-03-11 00:00:00'
-      ValidTo: '2016-03-10 23:59:59'
-      Signature: b1e984808fbc7d3658d18d137c68f1277611af3e98408e495fd55de202bc04f7dc44ae362658e6b5f9dd97b5b383b94723bae937b8fb9e75bb92317a85bcee1989c90c318216da71629f3147ae647502e71e360d16b7cf7006927282265eb0014300650595d1cccc07ed28d9df246055981cec3485bc3173aef9b76912a6cbb2766fa5363e1fc0a91d4679db92e1e1b8dc84e1a14de55324d522670f9e574714b2959ea7a89db456e3debd34d35bbe6403389421ac76615e4ce194990b325132fa62279f31e86fb7043627343fef7118672d5f1ce4666a594d746bb3c69bf123f27c6cb24079fc490a382286d4e85fc118ca9a4612dda448b84a25bcd0fa2cf1
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 51bd5d8e45b82a0210f17fe4c5233468
-      Version: 3
-      TBS:
-        MD5: ad73c81b3174cc055d9718b2145a3d1f
-        SHA1: 0cb9e92828857976774a9fe96c016cdc67a25e6d
-        SHA256: 2c5d88401dfeec2ebf814e09d0d0faec9d109a503d427da4a7f3e0dec5ae0b6c
-        SHA384: 48c38329eb7f200be0d48acddabdb93c354dd1b8b3c3ce955a23638a4e2e32dd7d0f3a4f227a2b6382adc95e746cc411
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 51bd5d8e45b82a0210f17fe4c5233468
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: "\u9C81\u5927\u5E08"
-  Date: ''
-  Description: Ludashi System Driver
-  FileVersion: 1.3.10.1110
-  Filename: ''
-  MD5: ce952204558ea66ec1a9632dcbdde8bd
-  MachineType: I386
-  OriginalFilename: ComputerZ.Sys
-  Product: Ludashi System Driver
-  ProductVersion: 1.3.10.1110
-  Publisher: ''
-  SHA1: c01caaa74439af49ca81cb5b200a167e7d32343c
-  SHA256: d474ea066d416ded9ed8501c285ca6b1c26a1d1c813c8f6bd5523eeb66c5d01e
-  Signature: ''
-  Imphash: acdf419d1d03923be256205b9c33eec8
-  Authentihash:
-    MD5: 0c383d55d6fa8e2617b6576fc6c26f83
-    SHA1: bbf5d261f70a96bfed808c1525c91ca82680c4fa
-    SHA256: 0bfed811a8ae3fa634372f74f0d70de1e0183612e91f56ae034486571b55b88b
-  RichPEHeaderHash:
-    MD5: 19962c683a9e4a8752954532c9445e48
-    SHA1: 7adf0d8b3f45c5eb88ec426db75afc14f37c8126
-    SHA256: 6dbfa0e86b36df26a770b0989b94ec7e5c3708697e0ff505b24e0714efec53ee
-  Sections:
-    .text:
-      Entropy: 6.3467107013847945
-      Virtual Size: '0x11be'
-    .rdata:
-      Entropy: 4.061093791616953
-      Virtual Size: '0x184'
-    .data:
-      Entropy: 3.0
-      Virtual Size: '0x8'
-    INIT:
-      Entropy: 5.341650162403427
-      Virtual Size: '0x30c'
-    .rsrc:
-      Entropy: 3.450819425338008
-      Virtual Size: '0x3e8'
-    .reloc:
-      Entropy: 4.180737038875145
-      Virtual Size: '0xf8'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2010-11-23 03:33:00'
-  InternalName: ComputerZ.Sys
-  Copyright: Copyright (C) 2008-2010 www.ludashi.com
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - READ_REGISTER_BUFFER_ULONG
-  - WRITE_REGISTER_ULONG
-  - WRITE_REGISTER_UCHAR
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - ObfDereferenceObject
-  - MmIsAddressValid
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - RtlAnsiStringToUnicodeString
-  - RtlInitAnsiString
-  - PsGetVersion
-  - memset
-  - KeWaitForSingleObject
-  - IofCallDriver
-  - IoBuildDeviceIoControlRequest
-  - KeInitializeEvent
-  - KeTickCount
-  - KeBugCheckEx
-  - RtlUnwind
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=CN, ST=Sichuan, L=Chengdu, O=Chengdu Qiying Technology Co.,Ltd.,
-        OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=Chengdu Qiying
-        Technology Co.,Ltd.
-      ValidFrom: '2010-03-31 00:00:00'
-      ValidTo: '2011-03-31 23:59:59'
-      Signature: 1faadccc76ce27891191f3b98a4feaac1220aa61f9a07540f1de38346f466d20bb5ecda07db57aaffc5b472a5d47f928fb717b5d407aff12311fe9cac2daa7fca057a85d34058cf2c02ae2c5168e7f99c7d065b9cd2ac1beda4c9d7fdf0caf7030b821b71bae2a0d17ccbc829b469407cddec7a1fbf93d8c0364b79231b978b227ea09dc6be8d83da1b430c6a1945254bdc987341ac9bccc93c74eb006e9960a38e74815a549617678b00857098adbac42783d88babc75de8e1569fe05b4c74a79e2e423e296b4f1585db891a257dd4b82167cbc8efcd6ae322c0d778036a8fd4b549e736ba03dff6c3a8835b9279fab3639b610554c87bfa6630d8b7a07e6c3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 61359ac44514d781769fd643666b4572
-      Version: 3
-      TBS:
-        MD5: 416fc5d0038211bf34811efeff6d562f
-        SHA1: e0acbd39e2fa410a22c96e2a3eaea4342a626f40
-        SHA256: 843e587edb9c53b2fbbf84cd90b217af016da1330905b25c16bb059a26b5726e
-        SHA384: 1a1167bbac2b00e60c10a4c1dc1d0f5105c42582b1a39e05a1d60710d97a24c6ff76fe73700f0fb0e1e03f27aebb7697
-    Signer:
-    - SerialNumber: 61359ac44514d781769fd643666b4572
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: "\u9C81\u5927\u5E08"
-  Date: ''
-  Description: Ludashi System Driver
-  FileVersion: 1.3.10.1110
-  Filename: ''
-  MD5: bdfe1f0346c066971e1f3d96f7fdaa2c
-  MachineType: I386
-  OriginalFilename: ComputerZ.Sys
-  Product: Ludashi System Driver
-  ProductVersion: 1.3.10.1110
-  Publisher: ''
-  SHA1: d06d119579156b1ec732c50f0f64358762eb631a
-  SHA256: d6801e845d380c809d0da8c7a5d3cd2faa382875ae72f5f7af667a34df25fbf7
-  Signature: ''
-  Imphash: acdf419d1d03923be256205b9c33eec8
-  Authentihash:
-    MD5: 7e3a7e0aa2a05e6977102c6eabd8fef4
-    SHA1: 73f7e600c871a9ff1ad6854a0f4c183233c34e6a
-    SHA256: b4341b5814bf1b0291739f00c359f9dc1e3b8a66dede099086f9760f7f4e0885
-  RichPEHeaderHash:
-    MD5: 19962c683a9e4a8752954532c9445e48
-    SHA1: 7adf0d8b3f45c5eb88ec426db75afc14f37c8126
-    SHA256: 6dbfa0e86b36df26a770b0989b94ec7e5c3708697e0ff505b24e0714efec53ee
-  Sections:
-    .text:
-      Entropy: 6.364745855647945
-      Virtual Size: '0x11ee'
-    .rdata:
-      Entropy: 4.089644233624162
-      Virtual Size: '0x184'
-    .data:
-      Entropy: 3.0
-      Virtual Size: '0x8'
-    INIT:
-      Entropy: 5.341650162403427
-      Virtual Size: '0x30c'
-    .rsrc:
-      Entropy: 3.450819425338008
-      Virtual Size: '0x3e8'
-    .reloc:
-      Entropy: 4.2069468941720505
-      Virtual Size: '0xf8'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2010-11-10 01:33:15'
-  InternalName: ComputerZ.Sys
-  Copyright: Copyright (C) 2008-2010 www.ludashi.com
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - READ_REGISTER_BUFFER_ULONG
-  - WRITE_REGISTER_ULONG
-  - WRITE_REGISTER_UCHAR
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - ObfDereferenceObject
-  - MmIsAddressValid
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - RtlAnsiStringToUnicodeString
-  - RtlInitAnsiString
-  - PsGetVersion
-  - memset
-  - KeWaitForSingleObject
-  - IofCallDriver
-  - IoBuildDeviceIoControlRequest
-  - KeInitializeEvent
-  - KeTickCount
-  - KeBugCheckEx
-  - RtlUnwind
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=CN, ST=Sichuan, L=Chengdu, O=Chengdu Qiying Technology Co.,Ltd.,
-        OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=Chengdu Qiying
-        Technology Co.,Ltd.
-      ValidFrom: '2010-03-31 00:00:00'
-      ValidTo: '2011-03-31 23:59:59'
-      Signature: 1faadccc76ce27891191f3b98a4feaac1220aa61f9a07540f1de38346f466d20bb5ecda07db57aaffc5b472a5d47f928fb717b5d407aff12311fe9cac2daa7fca057a85d34058cf2c02ae2c5168e7f99c7d065b9cd2ac1beda4c9d7fdf0caf7030b821b71bae2a0d17ccbc829b469407cddec7a1fbf93d8c0364b79231b978b227ea09dc6be8d83da1b430c6a1945254bdc987341ac9bccc93c74eb006e9960a38e74815a549617678b00857098adbac42783d88babc75de8e1569fe05b4c74a79e2e423e296b4f1585db891a257dd4b82167cbc8efcd6ae322c0d778036a8fd4b549e736ba03dff6c3a8835b9279fab3639b610554c87bfa6630d8b7a07e6c3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 61359ac44514d781769fd643666b4572
-      Version: 3
-      TBS:
-        MD5: 416fc5d0038211bf34811efeff6d562f
-        SHA1: e0acbd39e2fa410a22c96e2a3eaea4342a626f40
-        SHA256: 843e587edb9c53b2fbbf84cd90b217af016da1330905b25c16bb059a26b5726e
-        SHA384: 1a1167bbac2b00e60c10a4c1dc1d0f5105c42582b1a39e05a1d60710d97a24c6ff76fe73700f0fb0e1e03f27aebb7697
-    Signer:
-    - SerialNumber: 61359ac44514d781769fd643666b4572
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: 360.cn
-  Date: ''
-  Description: Ludashi System Driver
-  FileVersion: 1.6.14.1024
-  Filename: ''
-  MD5: 0e2fc7e7f85c980eb698b9e468c20366
-  MachineType: I386
-  OriginalFilename: ComputerZ.Sys
-  Product: "\u9C81\u5927\u5E08"
-  ProductVersion: 1.6.14.1024
-  Publisher: ''
-  SHA1: 8e64c32bcfd70361956674f45964a8b0c8aa6388
-  SHA256: d9a73df5ac5c68ef5b37a67e5e649332da0f649c3bb6828f70b65c0a2e7d3a23
-  Signature: ''
-  Imphash: 6e7cd05c0da9f82449a8b3795418ee00
-  Authentihash:
-    MD5: 8b71320c51bc83ac75e151f50945e118
-    SHA1: 560de162671236fd597968e7dddb41fc6a8c4f58
-    SHA256: a9b98a8234d3e560feef5ec88f35960f631d111351d7085c011e055dfec7d3ce
-  RichPEHeaderHash:
-    MD5: d1a79229c378e2371e92e26510f9d7dc
-    SHA1: 59d47b012da8415f780a06d0204294a48affa1ab
-    SHA256: cc6c4013bb762de8a20b4e2f725a9388fab9c386c3e86a5e30c1cc4429c6a525
-  Sections:
-    .text:
-      Entropy: 6.333106844428541
-      Virtual Size: '0x2f10'
-    .rdata:
-      Entropy: 4.036294101880538
-      Virtual Size: '0x1a4'
-    .data:
-      Entropy: 0.6683247346784849
-      Virtual Size: '0x98'
-    INIT:
-      Entropy: 5.463535624918923
-      Virtual Size: '0x4a0'
-    .rsrc:
-      Entropy: 3.5356852207889973
-      Virtual Size: '0x480'
-    .reloc:
-      Entropy: 5.769235644091667
-      Virtual Size: '0x266'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2014-12-08 03:37:05'
-  InternalName: ComputerZ.Sys
-  Copyright: "\u7248\u6743\u6240\u6709 (C) 2010-2014 www.ludashi.com"
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - IoGetDeviceProperty
-  - RtlCompareUnicodeString
-  - ObfDereferenceObject
-  - IoGetDeviceAttachmentBaseRef
-  - PsGetVersion
-  - MmIsAddressValid
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - RtlAnsiStringToUnicodeString
-  - RtlInitAnsiString
-  - KeWaitForSingleObject
-  - IofCallDriver
-  - RtlInitUnicodeString
-  - KeInitializeEvent
-  - MmUnmapIoSpace
-  - READ_REGISTER_BUFFER_UCHAR
-  - MmMapIoSpace
-  - READ_REGISTER_BUFFER_ULONG
-  - WRITE_REGISTER_ULONG
-  - WRITE_REGISTER_UCHAR
-  - KeSetTimer
-  - KeInitializeTimerEx
-  - _allmul
-  - SeReleaseSubjectContext
-  - SeTokenIsAdmin
-  - SeCaptureSubjectContext
-  - KeTickCount
-  - KeBugCheckEx
-  - RtlUnwind
-  - IoDeleteSymbolicLink
-  - IoBuildDeviceIoControlRequest
-  - IoDeleteDevice
-  - HalGetBusDataByOffset
-  - HalSetBusDataByOffset
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO
-        Time Stamping Signer
-      ValidFrom: '2010-05-10 00:00:00'
-      ValidTo: '2015-05-10 23:59:59'
-      Signature: c8fb63f80b75752c3af1f213a72db6a31a9cad0107d3348e77e0c26eae025d484fa4d221b636fd2a35437c6bdf80870b15f0763200b4ceb567a42f2f201b9c549e833f1f5f149562820f2241221f70b3f3f742de6c51cd4bf821ac9b3b8cb1e5e6288fce2a8af9aa524d8c5b77ba4d5a58dbbb6a04cc521e9de228370ebbe70e91c7f8dbf18198ebcd37b30eab65d362ec3aa576eb13a83593c92e0a01ecc0e8cc3d7eb6ebe2c1ecd3149282668750dcfd5097acb34a767306c486113ab35f4304526feab3d074364ccaf11b7984377063ad74b9aa0ef398b08608ebdbe01f8c10f239649bae4f0a2c928a4f18b591e58d1a935f1faef1a6f02e97d0d2f62b3c
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 478a8efb59e1d83f0ce142d2a28707be
-      Version: 3
-      TBS:
-        MD5: f13ede9179075999ef7f856ec31e364b
-        SHA1: 2f09867166e6107e17808317f5c8d4ee157f45bc
-        SHA256: 089a2c4c6ac7432020acdb65c33bf39130da6f37c002ba79128bd4c94e4fa101
-        SHA384: 67be6d358f4ecd0726163603a404db9d78c340951d43fd608482cd89a2de7f9566f0ce45f8222f420003157cb266b939
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=CN, ST=Beijing, L=Beijing, O=Qihoo 360 Software (Beijing) Company
-        Limited, OU=Digital ID Class 3 , Microsoft Software Validation v2, OU=Tech.
-        Dev. Dept., CN=Qihoo 360 Software (Beijing) Company Limited
-      ValidFrom: '2013-03-11 00:00:00'
-      ValidTo: '2016-03-10 23:59:59'
-      Signature: b1e984808fbc7d3658d18d137c68f1277611af3e98408e495fd55de202bc04f7dc44ae362658e6b5f9dd97b5b383b94723bae937b8fb9e75bb92317a85bcee1989c90c318216da71629f3147ae647502e71e360d16b7cf7006927282265eb0014300650595d1cccc07ed28d9df246055981cec3485bc3173aef9b76912a6cbb2766fa5363e1fc0a91d4679db92e1e1b8dc84e1a14de55324d522670f9e574714b2959ea7a89db456e3debd34d35bbe6403389421ac76615e4ce194990b325132fa62279f31e86fb7043627343fef7118672d5f1ce4666a594d746bb3c69bf123f27c6cb24079fc490a382286d4e85fc118ca9a4612dda448b84a25bcd0fa2cf1
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 51bd5d8e45b82a0210f17fe4c5233468
-      Version: 3
-      TBS:
-        MD5: ad73c81b3174cc055d9718b2145a3d1f
-        SHA1: 0cb9e92828857976774a9fe96c016cdc67a25e6d
-        SHA256: 2c5d88401dfeec2ebf814e09d0d0faec9d109a503d427da4a7f3e0dec5ae0b6c
-        SHA384: 48c38329eb7f200be0d48acddabdb93c354dd1b8b3c3ce955a23638a4e2e32dd7d0f3a4f227a2b6382adc95e746cc411
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 51bd5d8e45b82a0210f17fe4c5233468
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: "\u9C81\u5927\u5E08"
-  Date: ''
-  Description: Ludashi System Driver
-  FileVersion: 1.3.9.1105
-  Filename: ''
-  MD5: 88aada8325a3659736b3a7201c825664
-  MachineType: AMD64
-  OriginalFilename: ComputerZ.Sys
-  Product: Ludashi System Driver
-  ProductVersion: 1.3.9.1105
-  Publisher: ''
-  SHA1: 8ab7e9ba3c26bcd5d6d0646c6d2b2693e22aac1c
-  SHA256: dda2a604bb94a274e23f0005f0aa330d45ca1ea25111746fb46fa5ef6d155b1d
-  Signature: ''
-  Imphash: 27db67ffa112f866f1d34c32226e09cf
-  Authentihash:
-    MD5: a25d690f609d1b0e5dd2da02616e0a2b
-    SHA1: 0c668a995df9692dec2d59ef26753f29acd5e297
-    SHA256: 6b2f669c6fb1e839ba146b416021ddfb7bf4785558113e11ac2c8a0e3399f338
-  RichPEHeaderHash:
-    MD5: 7b1c99c236873465ebf3f83c0b906e75
-    SHA1: 4857d06778ad9056d809af1172ea476881ed3799
-    SHA256: a55fa087c5e3bf1ee84222bc5dfa802c66154991b986544a7be7590292868c09
-  Sections:
-    .text:
-      Entropy: 6.202454741665463
-      Virtual Size: '0xf64'
-    .rdata:
-      Entropy: 4.238026200350393
-      Virtual Size: '0x1d4'
-    .data:
-      Entropy: 0.5159719988134768
-      Virtual Size: '0x110'
-    .pdata:
-      Entropy: 3.419443099002428
-      Virtual Size: '0x84'
-    INIT:
-      Entropy: 4.995083190050232
-      Virtual Size: '0x31a'
-    .rsrc:
-      Entropy: 3.4645037781886088
-      Virtual Size: '0x3e8'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2009-11-04 23:13:28'
-  InternalName: ComputerZ.Sys
-  Copyright: Copyright (C) 2008-2009 www.ludashi.com
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - IoBuildDeviceIoControlRequest
-  - RtlAnsiStringToUnicodeString
-  - KeInitializeEvent
-  - RtlInitAnsiString
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - KeWaitForSingleObject
-  - PsGetVersion
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - IofCallDriver
-  - KeBugCheckEx
-  - __C_specific_handler
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=CN, ST=Sichuan, L=Chengdu, O=Chengdu Ceshi Technology Co., Ltd.,
-        OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=Chengdu Ceshi
-        Technology Co., Ltd.
-      ValidFrom: '2009-04-15 00:00:00'
-      ValidTo: '2010-04-15 23:59:59'
-      Signature: 549eec17f9cd3716a7cc614eea198f2b8d9edba364f12ab4125f12eb4cac123dcce01a74d1ce495e315634056aed2da25796b5d76d087c574f1c167b2173ae89fd2f4422570d34fe9d190cd180540b3740315368b662331b6bd21801d6ea7799fad9e98ae700043fc390c7d80d5380ec9c8be85c61af32f9e68b3b8a7bddcf92838656239378c10dbeb53d4a24717aa5bb88fa27029fdfea789cb9aaa2c4085caaf6e31f1c9b346c9fd6d88202494e10966a806c4b56127c41da7a57704cff33b4b104ce07efcbf2e72abee09654b2fc9b862439bb6dac6551acda2c8b0a8ad6b40f33912eb2964be9668a08c6b8121b2b96f619e5b6bbaf1d033d3fb80403b6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 2b7f0f1afe0f348edec71b75a47165b8
-      Version: 3
-      TBS:
-        MD5: 051f7966823abbbf31c49631ca95b4c5
-        SHA1: 3b53e6177f766345accfa2ec3124a18e0a025e17
-        SHA256: b4e6bd3ca86f6af669589e3f15b86387655214e7d7312835ffd23a6618cee060
-        SHA384: f86eada997b14af71058b08a8d7a3699cd2bb7e59a88faa104694fddd0ccd31ac01ad6fa633b19b69b730b2bc360af46
-    Signer:
-    - SerialNumber: 2b7f0f1afe0f348edec71b75a47165b8
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: 360.cn
-  Date: ''
-  Description: Ludashi System Driver
-  FileVersion: 1.6.12.302
-  Filename: ''
-  MD5: 6e1faeee0ebfcb384208772410fe1e86
-  MachineType: I386
-  OriginalFilename: ComputerZ.Sys
-  Product: "360\u786C\u4EF6\u5927\u5E08"
-  ProductVersion: 1.6.12.302
-  Publisher: ''
-  SHA1: a55b709cec2288384b12eafa8be4930e7c075ec9
-  SHA256: dee384604d2d0018473941acbefe553711ded7344a4932daeffb876fe2fa0233
-  Signature: ''
-  Imphash: f9b9487f25a2c1e08c02f391387c5323
-  Authentihash:
-    MD5: 229ae045b7af8ec1e5e1352c9064f6b0
-    SHA1: d336748cf32abb5b1ff6ee2a7ffc8435e77a232f
-    SHA256: 7436cb59411572a6194bfffad9f9e5194107da417457d4e20a6ef1d58491e3c9
-  RichPEHeaderHash:
-    MD5: 9c097c5f0dbfddee14b43b091fd5d78d
-    SHA1: 67b637975685265ef26bda5b8bae555ba81a7f0c
-    SHA256: 95b228876243446bbf5a24243dccd159e39c09cd4001f7d385c5234f79be7b53
-  Sections:
-    .text:
-      Entropy: 6.3440095192973835
-      Virtual Size: '0x2680'
-    .rdata:
-      Entropy: 4.065343603093077
-      Virtual Size: '0x194'
-    .data:
-      Entropy: 1.1225846798245738
-      Virtual Size: '0x50'
-    INIT:
-      Entropy: 5.474429971377343
-      Virtual Size: '0x448'
-    .rsrc:
-      Entropy: 3.5064826808358283
-      Virtual Size: '0x3b0'
-    .reloc:
-      Entropy: 5.288228242708726
-      Virtual Size: '0x1d8'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2012-03-02 00:49:05'
-  InternalName: ComputerZ.Sys
-  Copyright: "\u7248\u6743\u6240\u6709 (C) 2010-2012 360.cn"
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - IoGetDeviceProperty
-  - RtlCompareUnicodeString
-  - ObfDereferenceObject
-  - IoGetDeviceAttachmentBaseRef
-  - PsGetVersion
-  - MmIsAddressValid
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - RtlAnsiStringToUnicodeString
-  - RtlInitAnsiString
-  - KeWaitForSingleObject
-  - IofCallDriver
-  - IoBuildDeviceIoControlRequest
-  - KeInitializeEvent
-  - MmUnmapIoSpace
-  - READ_REGISTER_BUFFER_UCHAR
-  - MmMapIoSpace
-  - READ_REGISTER_BUFFER_ULONG
-  - WRITE_REGISTER_ULONG
-  - WRITE_REGISTER_UCHAR
-  - KeSetTimer
-  - KeInitializeTimerEx
-  - _allmul
-  - SeReleaseSubjectContext
-  - SeTokenIsAdmin
-  - SeCaptureSubjectContext
-  - KeTickCount
-  - KeBugCheckEx
-  - RtlUnwind
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=CN, ST=Beijing, L=Beijing, O=360.cn, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=360.cn
-      ValidFrom: '2010-03-16 00:00:00'
-      ValidTo: '2013-03-15 23:59:59'
-      Signature: 1d035b2e51207ee0aaa7a8618092198204b6614406a8f9057f4160de8e165777f5c7d7f1f3ba768043881dbabc4a1ffa7d3044d7f5ef0f2658173fce2a1735ba9034873c94c7865ec78160b9b00815e253a60a2eeea8b8f68cc144d47419046c97fdbf690ac7755e84230dfa0e8f4f1aaccf8f6589d9ad9f160988f4c8cc5a73c4241c74ea6770042ed7496fd6b7aa7ae64c3741aa3a1f004c75d2a9f25e0d1ac53e9dd13d2067c963a9eb089517a9d4b5a805f1d9c72c61efea0b898eaf9fb2c6e23e785c00e0b6f53e91ba0f343060ee50bdb7e41c17b25cc389e12022d1388b6af77d3031eb65febf236b795b500a49e1fe6ad9139ad09ababb9fcea00f3b
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 74f2958d31d03eb042f9081555305277
-      Version: 3
-      TBS:
-        MD5: 4f5c7d4f95e9d6a9749876f33ae138c4
-        SHA1: 3666bdaf7b0d6a9019d5111e2ffd0bf06587dd58
-        SHA256: f5b44adb5d25d0e309ae2f5db3f1e2428ef0b7332f8afcc2086786485aa7c162
-        SHA384: ae0b037429f9c36e2925d6be76b2535f8a66c6d81b07252c63ce74af493bb31d5d52c276de95cdc4c71ba56bdf7148e4
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 74f2958d31d03eb042f9081555305277
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: "\u9C81\u5927\u5E08"
-  Date: ''
-  Description: Ludashi System Driver
-  FileVersion: 1.3.10.1110
-  Filename: ''
-  MD5: 65ad6a7c43f8d566afd5676f9447b6c1
-  MachineType: AMD64
-  OriginalFilename: ComputerZ.Sys
-  Product: Ludashi System Driver
-  ProductVersion: 1.3.10.1110
-  Publisher: ''
-  SHA1: 24aafe3c727c6a3bd1942db78327ada8fcb8c084
-  SHA256: e502c2736825ea0380dd42effaa48105a201d4146e79de00713b8d3aaa98cd65
-  Signature: ''
-  Imphash: 27db67ffa112f866f1d34c32226e09cf
-  Authentihash:
-    MD5: 1d350d0940bb74230d092af7a3869c5e
-    SHA1: 3e8ead037c4e891f9fa2905be2f803c34daaca6d
-    SHA256: f025ad896e6048a329aecb506503a79bc4d2717350f2c0bb7aec8fa52d31ba93
-  RichPEHeaderHash:
-    MD5: 712c9acf9249f9b6194f890ef2c4677e
-    SHA1: 4db43c2a0f66a029cd8f5df58124ac8f43b4437b
-    SHA256: 617aebfb52124be4fe9394332dc751e1c916480a1fa87489bcf116bdc9d97d92
-  Sections:
-    .text:
-      Entropy: 6.226350839208789
-      Virtual Size: '0x13a4'
-    .rdata:
-      Entropy: 4.469573099091931
-      Virtual Size: '0x210'
-    .data:
-      Entropy: 0.5159719988134768
-      Virtual Size: '0x110'
-    .pdata:
-      Entropy: 3.506157334789634
-      Virtual Size: '0x9c'
-    INIT:
-      Entropy: 4.9733676409967105
-      Virtual Size: '0x31a'
-    .rsrc:
-      Entropy: 3.448470909792412
-      Virtual Size: '0x3e8'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2010-11-23 03:32:57'
-  InternalName: ComputerZ.Sys
-  Copyright: Copyright (C) 2008-2010 www.ludashi.com
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - IoBuildDeviceIoControlRequest
-  - RtlAnsiStringToUnicodeString
-  - KeInitializeEvent
-  - RtlInitAnsiString
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - KeWaitForSingleObject
-  - PsGetVersion
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - IofCallDriver
-  - KeBugCheckEx
-  - __C_specific_handler
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=CN, ST=Sichuan, L=Chengdu, O=Chengdu Qiying Technology Co.,Ltd.,
-        OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=Chengdu Qiying
-        Technology Co.,Ltd.
-      ValidFrom: '2010-03-31 00:00:00'
-      ValidTo: '2011-03-31 23:59:59'
-      Signature: 1faadccc76ce27891191f3b98a4feaac1220aa61f9a07540f1de38346f466d20bb5ecda07db57aaffc5b472a5d47f928fb717b5d407aff12311fe9cac2daa7fca057a85d34058cf2c02ae2c5168e7f99c7d065b9cd2ac1beda4c9d7fdf0caf7030b821b71bae2a0d17ccbc829b469407cddec7a1fbf93d8c0364b79231b978b227ea09dc6be8d83da1b430c6a1945254bdc987341ac9bccc93c74eb006e9960a38e74815a549617678b00857098adbac42783d88babc75de8e1569fe05b4c74a79e2e423e296b4f1585db891a257dd4b82167cbc8efcd6ae322c0d778036a8fd4b549e736ba03dff6c3a8835b9279fab3639b610554c87bfa6630d8b7a07e6c3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 61359ac44514d781769fd643666b4572
-      Version: 3
-      TBS:
-        MD5: 416fc5d0038211bf34811efeff6d562f
-        SHA1: e0acbd39e2fa410a22c96e2a3eaea4342a626f40
-        SHA256: 843e587edb9c53b2fbbf84cd90b217af016da1330905b25c16bb059a26b5726e
-        SHA384: 1a1167bbac2b00e60c10a4c1dc1d0f5105c42582b1a39e05a1d60710d97a24c6ff76fe73700f0fb0e1e03f27aebb7697
-    Signer:
-    - SerialNumber: 61359ac44514d781769fd643666b4572
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: ludashi.com
-  Date: ''
-  Description: Ludashi System Driver
-  FileVersion: 1.6.15.1045
-  Filename: ''
-  MD5: 7671bbf15b7a8c8f59a0c42a1765136a
-  MachineType: I386
-  OriginalFilename: ComputerZ.Sys
-  Product: "\u9C81\u5927\u5E08"
-  ProductVersion: 1.6.15.1045
-  Publisher: ''
-  SHA1: 9f5453c36aa03760d935e062ac9e1f548d14e894
-  SHA256: e642d82c5cde2bc40a204736b5b8d6578e8e2b893877ae0508cfa3371fc254dc
-  Signature: ''
-  Imphash: a53b095a8d7366075d445892070cde51
-  Authentihash:
-    MD5: 55f05d6f7d05be2f6570b52ee06507e1
-    SHA1: 9a861ad1b13314a3637e16b286911d54db02a4bc
-    SHA256: bcf3c0762d6600506ff3b2f13ac6d978041b0b50131b3a564a558611dd3b96df
-  RichPEHeaderHash:
-    MD5: 36d79e4bc2a15ca68d83887d15f8f3b0
-    SHA1: 8ae8df369a94635efe2cd11c5a54829a352887c5
-    SHA256: c7e19135c0e8c6b70db667044a45444ec135e550845f32f0b49fa08cfe0a9e7e
-  Sections:
-    .text:
-      Entropy: 6.3753294877462245
-      Virtual Size: '0x3190'
-    .rdata:
-      Entropy: 4.088208142934422
-      Virtual Size: '0x1a4'
-    .data:
-      Entropy: 0.6406837316805838
-      Virtual Size: '0xa0'
-    INIT:
-      Entropy: 5.453105414777541
-      Virtual Size: '0x4b4'
-    .rsrc:
-      Entropy: 3.57239965128271
-      Virtual Size: '0x488'
-    .reloc:
-      Entropy: 5.767403415227798
-      Virtual Size: '0x282'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2015-09-05 21:28:18'
-  InternalName: ComputerZ.Sys
-  Copyright: "\u7248\u6743\u6240\u6709 (C) 2010-2015 www.ludashi.com"
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IofCompleteRequest
-  - RtlGetVersion
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - IoGetDeviceProperty
-  - RtlCompareUnicodeString
-  - ObfDereferenceObject
-  - IoGetDeviceAttachmentBaseRef
-  - PsGetVersion
-  - MmIsAddressValid
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - RtlAnsiStringToUnicodeString
-  - RtlInitAnsiString
-  - KeWaitForSingleObject
-  - RtlInitUnicodeString
-  - IoBuildDeviceIoControlRequest
-  - KeInitializeEvent
-  - MmUnmapIoSpace
-  - READ_REGISTER_BUFFER_UCHAR
-  - MmMapIoSpace
-  - READ_REGISTER_BUFFER_ULONG
-  - WRITE_REGISTER_ULONG
-  - WRITE_REGISTER_UCHAR
-  - KeSetTimer
-  - KeInitializeTimerEx
-  - _allmul
-  - SeReleaseSubjectContext
-  - SeTokenIsAdmin
-  - SeCaptureSubjectContext
-  - KeTickCount
-  - KeBugCheckEx
-  - RtlUnwind
-  - IoDeleteSymbolicLink
-  - IofCallDriver
-  - IoDeleteDevice
-  - HalGetBusDataByOffset
-  - HalSetBusDataByOffset
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO
-        Time Stamping Signer
-      ValidFrom: '2015-05-05 00:00:00'
-      ValidTo: '2015-12-31 23:59:59'
-      Signature: 0dbbad60111bb5f00dcce6483a7a3e0e33dc1cb9ead620fea34dd0cc764ee818d879dfd34f9a4264238a29728a3a6c66a63c3a17a8704565c673c3d0ce8954fbac690f58b019cb869f7eb97eeb5192bf9bddebd165f0257b887cdebda5c8b51451bcc081308a85387be679fe67559387fe4fe88d0eedf37292b5c289806dd159e31d0deab138ee039d0019a5ab219b79c3ccc23e687ebdc94d694db46451fbb22874e25389ce9dfaade2dbceab7b7e064474fd0aa3c9b7a730cd49d29264f122a6b828457479e9a7ce3b33f98350947d68c01d49c760787a3c6426d5befa0a6de41ee109538fa9c523acc79d614221f02c1671493b10af2c6f1ae631f114fd6c
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 009feac811b0f16247a5fc20d80523ace6
-      Version: 3
-      TBS:
-        MD5: b6aa9cf28bcfc9f07ec1069fb425ab61
-        SHA1: ca7a166fcd53878ba5a38d4cac37c63513cfc1fa
-        SHA256: 711394fc49f8948a831f687d42ced6b18514f57786ecc6cdbc3c3eb72e568a40
-        SHA384: ca01f9c9ed4e1ddff7126b7bbf618bc8132429886ca563f86655429e928739c621b9fdea6e04a623712cbb998c5c7d77
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=CN, ST=Beijing, L=Beijing, O=Qihoo 360 Software (Beijing) Company
-        Limited, OU=Digital ID Class 3 , Microsoft Software Validation v2, OU=Tech.
-        Dev. Dept., CN=Qihoo 360 Software (Beijing) Company Limited
-      ValidFrom: '2013-03-11 00:00:00'
-      ValidTo: '2016-03-10 23:59:59'
-      Signature: b1e984808fbc7d3658d18d137c68f1277611af3e98408e495fd55de202bc04f7dc44ae362658e6b5f9dd97b5b383b94723bae937b8fb9e75bb92317a85bcee1989c90c318216da71629f3147ae647502e71e360d16b7cf7006927282265eb0014300650595d1cccc07ed28d9df246055981cec3485bc3173aef9b76912a6cbb2766fa5363e1fc0a91d4679db92e1e1b8dc84e1a14de55324d522670f9e574714b2959ea7a89db456e3debd34d35bbe6403389421ac76615e4ce194990b325132fa62279f31e86fb7043627343fef7118672d5f1ce4666a594d746bb3c69bf123f27c6cb24079fc490a382286d4e85fc118ca9a4612dda448b84a25bcd0fa2cf1
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 51bd5d8e45b82a0210f17fe4c5233468
-      Version: 3
-      TBS:
-        MD5: ad73c81b3174cc055d9718b2145a3d1f
-        SHA1: 0cb9e92828857976774a9fe96c016cdc67a25e6d
-        SHA256: 2c5d88401dfeec2ebf814e09d0d0faec9d109a503d427da4a7f3e0dec5ae0b6c
-        SHA384: 48c38329eb7f200be0d48acddabdb93c354dd1b8b3c3ce955a23638a4e2e32dd7d0f3a4f227a2b6382adc95e746cc411
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 51bd5d8e45b82a0210f17fe4c5233468
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: ludashi.com
-  Date: ''
-  Description: Ludashi System Driver
-  FileVersion: 1.6.15.1045
-  Filename: ''
-  MD5: aa2ef08d48b66bd814280976614468a7
-  MachineType: AMD64
-  OriginalFilename: ComputerZ.Sys
-  Product: "\u9C81\u5927\u5E08"
-  ProductVersion: 1.6.15.1045
-  Publisher: ''
-  SHA1: 59aead65b240a163ad47b2d1cf33cdb330608317
-  SHA256: ed3448152bcacf20d7c33e9194c89d5304dee3fba16034dd0cc03a3374e63c91
-  Signature: ''
-  Imphash: fbfa302bf7eb5d615d0968541ee49ce4
-  Authentihash:
-    MD5: 98a39fd9543c26e95548235dbed6f6ee
-    SHA1: 55a83548224d9dc156e1ba4b4bd1400cad060009
-    SHA256: aac9c11490da2ad5316469aa91943b42d019b51ff6f1d9d9767260abd075bb8f
-  RichPEHeaderHash:
-    MD5: 931e927cdf1c24d5817bff89dab85a64
-    SHA1: 4cd801fca152bbe24f5f38fd11ceb6376bcef450
-    SHA256: 7122c2c491e45b9bc338bcc38386cc39217d647ee94adc68881890034b241fb2
-  Sections:
-    .text:
-      Entropy: 6.323647044082133
-      Virtual Size: '0x36fe'
-    .rdata:
-      Entropy: 4.706224571856012
-      Virtual Size: '0x3b4'
-    .data:
-      Entropy: 0.34051109993725664
-      Virtual Size: '0x1bc'
-    .pdata:
-      Entropy: 4.140010388960332
-      Virtual Size: '0x1e0'
-    INIT:
-      Entropy: 5.131166362174372
-      Virtual Size: '0x4e8'
-    .rsrc:
-      Entropy: 3.574245952532775
-      Virtual Size: '0x488'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2015-09-05 21:28:20'
-  InternalName: ComputerZ.Sys
-  Copyright: "\u7248\u6743\u6240\u6709 (C) 2010-2015 www.ludashi.com"
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - RtlGetVersion
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IoGetDeviceAttachmentBaseRef
-  - PsGetVersion
-  - RtlCompareUnicodeString
-  - ObfDereferenceObject
-  - IoGetDeviceProperty
-  - RtlAnsiStringToUnicodeString
-  - RtlInitAnsiString
-  - RtlFreeUnicodeString
-  - IoDeleteDevice
-  - MmIsAddressValid
-  - IoBuildDeviceIoControlRequest
-  - KeInitializeEvent
-  - KeWaitForSingleObject
-  - IofCallDriver
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - SeTokenIsAdmin
-  - SeReleaseSubjectContext
-  - SeCaptureSubjectContext
-  - KeSetTimer
-  - KeInitializeTimerEx
-  - KeBugCheckEx
-  - RtlInitUnicodeString
-  - IoGetDeviceObjectPointer
-  - IoDeleteSymbolicLink
-  - __C_specific_handler
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO
-        Time Stamping Signer
-      ValidFrom: '2015-05-05 00:00:00'
-      ValidTo: '2015-12-31 23:59:59'
-      Signature: 0dbbad60111bb5f00dcce6483a7a3e0e33dc1cb9ead620fea34dd0cc764ee818d879dfd34f9a4264238a29728a3a6c66a63c3a17a8704565c673c3d0ce8954fbac690f58b019cb869f7eb97eeb5192bf9bddebd165f0257b887cdebda5c8b51451bcc081308a85387be679fe67559387fe4fe88d0eedf37292b5c289806dd159e31d0deab138ee039d0019a5ab219b79c3ccc23e687ebdc94d694db46451fbb22874e25389ce9dfaade2dbceab7b7e064474fd0aa3c9b7a730cd49d29264f122a6b828457479e9a7ce3b33f98350947d68c01d49c760787a3c6426d5befa0a6de41ee109538fa9c523acc79d614221f02c1671493b10af2c6f1ae631f114fd6c
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 009feac811b0f16247a5fc20d80523ace6
-      Version: 3
-      TBS:
-        MD5: b6aa9cf28bcfc9f07ec1069fb425ab61
-        SHA1: ca7a166fcd53878ba5a38d4cac37c63513cfc1fa
-        SHA256: 711394fc49f8948a831f687d42ced6b18514f57786ecc6cdbc3c3eb72e568a40
-        SHA384: ca01f9c9ed4e1ddff7126b7bbf618bc8132429886ca563f86655429e928739c621b9fdea6e04a623712cbb998c5c7d77
-    - Subject: ??=HK, ??=Private Organization, serialNumber=1848744, C=HK, ST=Hong
-        Kong, L=Hong Kong, O=QIHU 360 SOFTWARE CO. LIMITED, CN=QIHU 360 SOFTWARE CO.
-        LIMITED
-      ValidFrom: '2013-05-21 00:00:00'
-      ValidTo: '2016-05-20 23:59:59'
-      Signature: 587d78ec02924b2d33f7c5cc7040ac737c6fca831ea1f059e6a03b75fa436dee4b7ff5ac1c23878cf3427830d11a3ea28eb7e01e07866f5208f06e3f53b7804792c79d3d6ae28d86bf5389667f6bc26499ab3f426cf4ab0f25ba10e46ef47e398eeb7346bdf4c94dda781f9b8dd207d68694c24cccf6784993196d868768e64c839aaf875032fab8bc00e0e35d791b7c9d00527038d7913aba02ea1a4dca9b6058ce8189cb22bb35937213f6ce8737c2b58f621a0821e05b7d072cd7fc1907fac18804aac193183c922eba0364cc4b228c9e47ad2a593d08b7ba21e7357d957586d69497799e365d2371efa162e7ad188ac0cc3139abba389d2478b5579f0c8a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 541fda68b5e95006f2fec51bea326365
-      Version: 3
-      TBS:
-        MD5: f741ec6836bb74e2370476618157c432
-        SHA1: a392f40f4b3dc57727804cbeef660bbf9e2fbb69
-        SHA256: faf712aafed949a99bad324e153686c3e94f25ed38ecadbee3e7650f23bea634
-        SHA384: d2935b45e517522578d0a44e3654896b3dd991aef0091a60a1d22d3c695b07b4d8e9c0b36bab3b44c1fe1c12cf225f91
-    - Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 Extended Validation Code Signing CA
-      ValidFrom: '2012-06-07 00:00:00'
-      ValidTo: '2022-06-06 23:59:59'
-      Signature: 6af31dbc5f4dde03f949491dad3d761c96ba1b43e6f48602427578c70cc2e59dc4344f0ea9e94ab4be418487eaf487b44cdb10493bf7df1590ba84f8b747eb5b6550f3a34a7110167b1ce1f5d6edbf50566ff899b3a951b646aec697e0e79b0c153ebb287b31a300f32e8b8748128982ef095f490c909ec8f696a37b9a7513c847f03e3f6f0b50296c2b784c30fce4600c1340d63875a9077964fdca3ce4ef48930be00a48ff076b3b0283d166d5b9e198f40e9f69c42e552e01967d7e840c80767536cbfd4661f469cc1a9d642bba046ee91152da1299a15ab083c4bc4780a6274d007a36033cbe619863cb9f05ee8085eedd9592f7ee50d463dc8fa42479bf
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 6c59efa9e100e10ee306ba8fe0292559
-      Version: 3
-      TBS:
-        MD5: cc806ac6ce6822cccc165d63c1b8fa37
-        SHA1: 261a24e7b2648867017e7e852258ef87ab84c5f1
-        SHA256: a8b0af15f217006b33f9beafe49e22f7263776bdb82c268c97c4441a6c7357e6
-        SHA384: ce7e869a43aa2e17b7e4c0d78cabbca7b40d22c86e132153234d39b00ae426ceeef56c6ee8312f5ffda5c3f629a5dee1
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    Signer:
-    - SerialNumber: 541fda68b5e95006f2fec51bea326365
-      Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 Extended Validation Code Signing CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: ludashi.com
-  Date: ''
-  Description: Ludashi System Driver
-  FileVersion: 1.6.15.1040
-  Filename: ''
-  MD5: 2399e6f7f868d05623be03a616b4811e
-  MachineType: I386
-  OriginalFilename: ComputerZ.Sys
-  Product: "\u9C81\u5927\u5E08"
-  ProductVersion: 1.6.15.1040
-  Publisher: ''
-  SHA1: 3b1f1e96fc8a7eb93b14b1213f797f164a313cee
-  SHA256: f14da8aa5c8eea8df63cf935481d673fdf3847f5701c310abf4023f9d80ad57d
-  Signature: ''
-  Imphash: 6e7cd05c0da9f82449a8b3795418ee00
-  Authentihash:
-    MD5: 7f772e4bc503225174de47d826f34529
-    SHA1: 769f3d19d1d1fad58ef06c23e7958b03222a2166
-    SHA256: bbb894950dc19c804c44a7dce8fe9a7267311e992421faffa8912f8b8b4dc09e
-  RichPEHeaderHash:
-    MD5: d1a79229c378e2371e92e26510f9d7dc
-    SHA1: 59d47b012da8415f780a06d0204294a48affa1ab
-    SHA256: cc6c4013bb762de8a20b4e2f725a9388fab9c386c3e86a5e30c1cc4429c6a525
-  Sections:
-    .text:
-      Entropy: 6.35776976846777
-      Virtual Size: '0x3030'
-    .rdata:
-      Entropy: 4.051905757372494
-      Virtual Size: '0x1a4'
-    .data:
-      Entropy: 0.6683247346784849
-      Virtual Size: '0x98'
-    INIT:
-      Entropy: 5.458003678104233
-      Virtual Size: '0x4a0'
-    .rsrc:
-      Entropy: 3.5668347451690603
-      Virtual Size: '0x488'
-    .reloc:
-      Entropy: 5.752765178414186
-      Virtual Size: '0x276'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2015-08-23 22:29:22'
-  InternalName: ComputerZ.Sys
-  Copyright: "\u7248\u6743\u6240\u6709 (C) 2010-2015 www.ludashi.com"
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - IoGetDeviceProperty
-  - RtlCompareUnicodeString
-  - ObfDereferenceObject
-  - IoGetDeviceAttachmentBaseRef
-  - PsGetVersion
-  - MmIsAddressValid
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - RtlAnsiStringToUnicodeString
-  - RtlInitAnsiString
-  - KeWaitForSingleObject
-  - IofCallDriver
-  - RtlInitUnicodeString
-  - KeInitializeEvent
-  - MmUnmapIoSpace
-  - READ_REGISTER_BUFFER_UCHAR
-  - MmMapIoSpace
-  - READ_REGISTER_BUFFER_ULONG
-  - WRITE_REGISTER_ULONG
-  - WRITE_REGISTER_UCHAR
-  - KeSetTimer
-  - KeInitializeTimerEx
-  - _allmul
-  - SeReleaseSubjectContext
-  - SeTokenIsAdmin
-  - SeCaptureSubjectContext
-  - KeTickCount
-  - KeBugCheckEx
-  - RtlUnwind
-  - IoDeleteSymbolicLink
-  - IoBuildDeviceIoControlRequest
-  - IoDeleteDevice
-  - HalGetBusDataByOffset
-  - HalSetBusDataByOffset
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO
-        Time Stamping Signer
-      ValidFrom: '2015-05-05 00:00:00'
-      ValidTo: '2015-12-31 23:59:59'
-      Signature: 0dbbad60111bb5f00dcce6483a7a3e0e33dc1cb9ead620fea34dd0cc764ee818d879dfd34f9a4264238a29728a3a6c66a63c3a17a8704565c673c3d0ce8954fbac690f58b019cb869f7eb97eeb5192bf9bddebd165f0257b887cdebda5c8b51451bcc081308a85387be679fe67559387fe4fe88d0eedf37292b5c289806dd159e31d0deab138ee039d0019a5ab219b79c3ccc23e687ebdc94d694db46451fbb22874e25389ce9dfaade2dbceab7b7e064474fd0aa3c9b7a730cd49d29264f122a6b828457479e9a7ce3b33f98350947d68c01d49c760787a3c6426d5befa0a6de41ee109538fa9c523acc79d614221f02c1671493b10af2c6f1ae631f114fd6c
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 009feac811b0f16247a5fc20d80523ace6
-      Version: 3
-      TBS:
-        MD5: b6aa9cf28bcfc9f07ec1069fb425ab61
-        SHA1: ca7a166fcd53878ba5a38d4cac37c63513cfc1fa
-        SHA256: 711394fc49f8948a831f687d42ced6b18514f57786ecc6cdbc3c3eb72e568a40
-        SHA384: ca01f9c9ed4e1ddff7126b7bbf618bc8132429886ca563f86655429e928739c621b9fdea6e04a623712cbb998c5c7d77
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=CN, ST=Beijing, L=Beijing, O=Qihoo 360 Software (Beijing) Company
-        Limited, OU=Digital ID Class 3 , Microsoft Software Validation v2, OU=Tech.
-        Dev. Dept., CN=Qihoo 360 Software (Beijing) Company Limited
-      ValidFrom: '2013-03-11 00:00:00'
-      ValidTo: '2016-03-10 23:59:59'
-      Signature: b1e984808fbc7d3658d18d137c68f1277611af3e98408e495fd55de202bc04f7dc44ae362658e6b5f9dd97b5b383b94723bae937b8fb9e75bb92317a85bcee1989c90c318216da71629f3147ae647502e71e360d16b7cf7006927282265eb0014300650595d1cccc07ed28d9df246055981cec3485bc3173aef9b76912a6cbb2766fa5363e1fc0a91d4679db92e1e1b8dc84e1a14de55324d522670f9e574714b2959ea7a89db456e3debd34d35bbe6403389421ac76615e4ce194990b325132fa62279f31e86fb7043627343fef7118672d5f1ce4666a594d746bb3c69bf123f27c6cb24079fc490a382286d4e85fc118ca9a4612dda448b84a25bcd0fa2cf1
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 51bd5d8e45b82a0210f17fe4c5233468
-      Version: 3
-      TBS:
-        MD5: ad73c81b3174cc055d9718b2145a3d1f
-        SHA1: 0cb9e92828857976774a9fe96c016cdc67a25e6d
-        SHA256: 2c5d88401dfeec2ebf814e09d0d0faec9d109a503d427da4a7f3e0dec5ae0b6c
-        SHA384: 48c38329eb7f200be0d48acddabdb93c354dd1b8b3c3ce955a23638a4e2e32dd7d0f3a4f227a2b6382adc95e746cc411
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 51bd5d8e45b82a0210f17fe4c5233468
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: ludashi.com
-  Date: ''
-  Description: Ludashi System Driver
-  FileVersion: 1.6.16.1000
-  Filename: ''
-  MD5: 88d2143ae62878dada3aa0a6d8f7cea8
-  MachineType: AMD64
-  OriginalFilename: ComputerZ.Sys
-  Product: "\u9C81\u5927\u5E08"
-  ProductVersion: 1.6.16.1000
-  Publisher: ''
-  SHA1: 195b91a1a43de8bfb52a4869fbf53d7a226a6559
-  SHA256: f93e0d776481c4ded177d5e4aebb27f30f0d47dcb4a1448aee8b66099ac686e1
-  Signature: ''
-  Imphash: fbfa302bf7eb5d615d0968541ee49ce4
-  Authentihash:
-    MD5: 319150f8644a8a012bc781ef949912f4
-    SHA1: 04513e47cd38886aaa7d7f044e95d6f96b481779
-    SHA256: 3eea0723a9007f5a85382cd2e92d9f9cc94bb9e2f7fbb6d99a7c70c8527caa5a
-  RichPEHeaderHash:
-    MD5: 931e927cdf1c24d5817bff89dab85a64
-    SHA1: 4cd801fca152bbe24f5f38fd11ceb6376bcef450
-    SHA256: 7122c2c491e45b9bc338bcc38386cc39217d647ee94adc68881890034b241fb2
-  Sections:
-    .text:
-      Entropy: 6.336289155647874
-      Virtual Size: '0x36ee'
-    .rdata:
-      Entropy: 4.6891440937887054
-      Virtual Size: '0x3a4'
-    .data:
-      Entropy: 0.3458408061738237
-      Virtual Size: '0x1b4'
-    .pdata:
-      Entropy: 4.149526841065974
-      Virtual Size: '0x1e0'
-    INIT:
-      Entropy: 5.1298643613195445
-      Virtual Size: '0x4e8'
-    .rsrc:
-      Entropy: 3.5641654969859053
-      Virtual Size: '0x488'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2016-02-26 01:48:33'
-  InternalName: ComputerZ.Sys
-  Copyright: "\u7248\u6743\u6240\u6709 (C) 2010-2016 www.ludashi.com"
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - RtlGetVersion
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IoGetDeviceAttachmentBaseRef
-  - PsGetVersion
-  - RtlCompareUnicodeString
-  - ObfDereferenceObject
-  - IoGetDeviceProperty
-  - RtlAnsiStringToUnicodeString
-  - RtlInitAnsiString
-  - RtlFreeUnicodeString
-  - IoDeleteDevice
-  - MmIsAddressValid
-  - IoBuildDeviceIoControlRequest
-  - KeInitializeEvent
-  - KeWaitForSingleObject
-  - IofCallDriver
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - SeTokenIsAdmin
-  - SeReleaseSubjectContext
-  - SeCaptureSubjectContext
-  - KeSetTimer
-  - KeInitializeTimerEx
-  - KeBugCheckEx
-  - RtlInitUnicodeString
-  - IoGetDeviceObjectPointer
-  - IoDeleteSymbolicLink
-  - __C_specific_handler
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=CN, ST=Beijing, L=Beijing, O=Qihoo 360 Software (Beijing) Company
-        Limited, OU=Tech. Dev. Dept., CN=Qihoo 360 Software (Beijing) Company Limited
-      ValidFrom: '2016-01-06 00:00:00'
-      ValidTo: '2019-03-28 23:59:59'
-      Signature: 14deff13d888b68e8fe51fe761e94a08cc7e9223861f3cf61f51f8629fc2011ae3a3b5af2efaea5120a92b16a2e3da99181ce1a741fb2cfb8dcd78c869ad25911476c9e2bcb28159a9161851e3e46c2828ca7f89bd36b454e49ef28a6d87563bced3277710e9147ec817efd71301e868158e2c9d7a6310f112134054629047fe8637cf4fe1c21a0ad29b388f0031a1e13e4f9b06dc81351d8de4bf8fc9adf748105315d0f67c9c4e391f42abdb51877347685bc072e3bb649899bb8b4697f6d48269a53576fa82f3e0a9552c03b645c07f832ddf3545877ac64f8610d861d54e3ec1c09f3586f1b78564a618e3c761409ac9c84d0a9c8cbaba46d7b11cba1dfb
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 26279f0f2f11970dccf63eba88f2d4c4
-      Version: 3
-      TBS:
-        MD5: fbebdc165d8f4616444075e0a48855e6
-        SHA1: f6bf44f1acae05fc1638190459485da95f4ed1ec
-        SHA256: 6917dc56b04b2bd7a75f0987ee27c832dc62298b698b585a4c2c07eb890b6528
-        SHA384: c857fb61de8d13e1ac649fbaa4d69acd293d8542cd380411db8bbe2fdc3b9d98c607d0d267081fac285dd33e9141f329
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 26279f0f2f11970dccf63eba88f2d4c4
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: ludashi.com
-  Date: ''
-  Description: Ludashi System Driver
-  FileVersion: 1.6.16.1005
-  Filename: ''
-  MD5: 0ac31915ec9a6b7d4d4bba8fe6d60ff7
-  MachineType: AMD64
-  OriginalFilename: ComputerZ.Sys
-  Product: "\u9C81\u5927\u5E08"
-  ProductVersion: 1.6.16.1005
-  Publisher: ''
-  SHA1: 5c88d9fcc491c7f1078c224e1d6c9f5bda8f3d8a
-  SHA256: fa77a472e95c4d0a2271e5d7253a85af25c07719df26941b39082cfc0733071a
-  Signature: ''
-  Imphash: fbfa302bf7eb5d615d0968541ee49ce4
-  Authentihash:
-    MD5: 8ab57a309eded5eb8ccfc7fd6712ee47
-    SHA1: fe0db53751edd272612f58bd8afc8ee844f65937
-    SHA256: 694385b46b72e65604afd251fba3c8febb42225343d38feecec3f424ce45f2c3
-  RichPEHeaderHash:
-    MD5: 931e927cdf1c24d5817bff89dab85a64
-    SHA1: 4cd801fca152bbe24f5f38fd11ceb6376bcef450
-    SHA256: 7122c2c491e45b9bc338bcc38386cc39217d647ee94adc68881890034b241fb2
-  Sections:
-    .text:
-      Entropy: 6.329458453101564
-      Virtual Size: '0x36ae'
-    .rdata:
-      Entropy: 4.666070935125919
-      Virtual Size: '0x3c4'
-    .data:
-      Entropy: 0.3458408061738237
-      Virtual Size: '0x1b4'
-    .pdata:
-      Entropy: 4.0276869939886195
-      Virtual Size: '0x1e0'
-    INIT:
-      Entropy: 5.134900403524605
-      Virtual Size: '0x4e8'
-    .rsrc:
-      Entropy: 3.571306375348106
-      Virtual Size: '0x488'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2016-04-18 20:27:28'
-  InternalName: ComputerZ.Sys
-  Copyright: "\u7248\u6743\u6240\u6709 (C) 2010-2016 www.ludashi.com"
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - RtlGetVersion
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IoGetDeviceAttachmentBaseRef
-  - PsGetVersion
-  - RtlCompareUnicodeString
-  - ObfDereferenceObject
-  - IoGetDeviceProperty
-  - RtlAnsiStringToUnicodeString
-  - RtlInitAnsiString
-  - RtlFreeUnicodeString
-  - IoDeleteDevice
-  - MmIsAddressValid
-  - IoBuildDeviceIoControlRequest
-  - KeInitializeEvent
-  - KeWaitForSingleObject
-  - IofCallDriver
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - SeTokenIsAdmin
-  - SeReleaseSubjectContext
-  - SeCaptureSubjectContext
-  - KeSetTimer
-  - KeInitializeTimerEx
-  - KeBugCheckEx
-  - RtlInitUnicodeString
-  - IoGetDeviceObjectPointer
-  - IoDeleteSymbolicLink
-  - __C_specific_handler
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=CN, ST=Beijing, L=Beijing, O=Qihoo 360 Software (Beijing) Company
-        Limited, OU=Tech. Dev. Dept., CN=Qihoo 360 Software (Beijing) Company Limited
-      ValidFrom: '2016-01-06 00:00:00'
-      ValidTo: '2019-03-28 23:59:59'
-      Signature: 14deff13d888b68e8fe51fe761e94a08cc7e9223861f3cf61f51f8629fc2011ae3a3b5af2efaea5120a92b16a2e3da99181ce1a741fb2cfb8dcd78c869ad25911476c9e2bcb28159a9161851e3e46c2828ca7f89bd36b454e49ef28a6d87563bced3277710e9147ec817efd71301e868158e2c9d7a6310f112134054629047fe8637cf4fe1c21a0ad29b388f0031a1e13e4f9b06dc81351d8de4bf8fc9adf748105315d0f67c9c4e391f42abdb51877347685bc072e3bb649899bb8b4697f6d48269a53576fa82f3e0a9552c03b645c07f832ddf3545877ac64f8610d861d54e3ec1c09f3586f1b78564a618e3c761409ac9c84d0a9c8cbaba46d7b11cba1dfb
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 26279f0f2f11970dccf63eba88f2d4c4
-      Version: 3
-      TBS:
-        MD5: fbebdc165d8f4616444075e0a48855e6
-        SHA1: f6bf44f1acae05fc1638190459485da95f4ed1ec
-        SHA256: 6917dc56b04b2bd7a75f0987ee27c832dc62298b698b585a4c2c07eb890b6528
-        SHA384: c857fb61de8d13e1ac649fbaa4d69acd293d8542cd380411db8bbe2fdc3b9d98c607d0d267081fac285dd33e9141f329
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 26279f0f2f11970dccf63eba88f2d4c4
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create ComputerZSys binPath= C:\windows\temp\ComputerZSys.sys
+        type=kernel && sc.exe start ComputerZSys
+    Description: The Carbon Black Threat Analysis Unit (TAU) discovered 34 unique
+        vulnerable drivers (237 file hashes) accepting firmware access. Six allow
+        kernel memory access. All give full control of the devices to non-admin users.
+        By exploiting the vulnerable drivers, an attacker without the system privilege
+        may erase/alter firmware, and/or elevate privileges. As of the time of writing
+        in October 2023, the filenames of the vulnerable drivers have not been made
+        public until now.
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://blogs.vmware.com/security/2023/10/hunting-vulnerable-kernel-drivers.html
-Tags:
-- ComputerZ.Sys
-Verified: 'TRUE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Company: 360.cn
+    Date: ''
+    Description: Ludashi System Driver
+    FileVersion: 1.6.14.1023
+    Filename: ''
+    MD5: 1f01257d9730f805b2a1d69099ef891d
+    MachineType: I386
+    OriginalFilename: ComputerZ.Sys
+    Product: "\u9C81\u5927\u5E08"
+    ProductVersion: 1.6.14.1023
+    Publisher: ''
+    SHA1: f10ec1b88c3a383c2a0c03362d31960836e3fb5f
+    SHA256: 00d9781d0823ab49505ef9c877aa6fa674e19ecc8b02c39ee2728f298bc92b03
+    Signature: ''
+    Imphash: f9b9487f25a2c1e08c02f391387c5323
+    Authentihash:
+        MD5: a8a3d4946e4a02ac7127d878704da757
+        SHA1: eae3b3c7e6b4e1dcb6ed1b2378a633fb2ff72fb4
+        SHA256: 06c40abdf980ea22c8c4c50d9599db95d586354a8177e2cd670124e46a22a1f1
+    RichPEHeaderHash:
+        MD5: 7fc550aec15fd6621ba15e6f0c8d0b43
+        SHA1: 231a47a21f97fb57cdca08ba5a88d86f15920c2e
+        SHA256: 2d878af22eeafbfa7f8d8a40ca040a55f5c294ef7d7e93e7505d1fb2691880d2
+    Sections:
+        .text:
+            Entropy: 6.327844483094998
+            Virtual Size: '0x2fe0'
+        .rdata:
+            Entropy: 4.052887877624582
+            Virtual Size: '0x194'
+        .data:
+            Entropy: 0.6831361601556649
+            Virtual Size: '0x94'
+        INIT:
+            Entropy: 5.471916387889967
+            Virtual Size: '0x448'
+        .rsrc:
+            Entropy: 3.5576816257450643
+            Virtual Size: '0x480'
+        .reloc:
+            Entropy: 5.706460178916482
+            Virtual Size: '0x23e'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2014-11-13 19:34:11'
+    InternalName: ComputerZ.Sys
+    Copyright: "\u7248\u6743\u6240\u6709 (C) 2010-2014 www.ludashi.com"
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - IoGetDeviceProperty
+    - RtlCompareUnicodeString
+    - ObfDereferenceObject
+    - IoGetDeviceAttachmentBaseRef
+    - PsGetVersion
+    - MmIsAddressValid
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - RtlAnsiStringToUnicodeString
+    - RtlInitAnsiString
+    - KeWaitForSingleObject
+    - IofCallDriver
+    - IoBuildDeviceIoControlRequest
+    - KeInitializeEvent
+    - MmUnmapIoSpace
+    - READ_REGISTER_BUFFER_UCHAR
+    - MmMapIoSpace
+    - READ_REGISTER_BUFFER_ULONG
+    - WRITE_REGISTER_ULONG
+    - WRITE_REGISTER_UCHAR
+    - KeSetTimer
+    - KeInitializeTimerEx
+    - _allmul
+    - SeReleaseSubjectContext
+    - SeTokenIsAdmin
+    - SeCaptureSubjectContext
+    - KeTickCount
+    - KeBugCheckEx
+    - RtlUnwind
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited,
+                CN=COMODO Time Stamping Signer
+            ValidFrom: '2010-05-10 00:00:00'
+            ValidTo: '2015-05-10 23:59:59'
+            Signature: c8fb63f80b75752c3af1f213a72db6a31a9cad0107d3348e77e0c26eae025d484fa4d221b636fd2a35437c6bdf80870b15f0763200b4ceb567a42f2f201b9c549e833f1f5f149562820f2241221f70b3f3f742de6c51cd4bf821ac9b3b8cb1e5e6288fce2a8af9aa524d8c5b77ba4d5a58dbbb6a04cc521e9de228370ebbe70e91c7f8dbf18198ebcd37b30eab65d362ec3aa576eb13a83593c92e0a01ecc0e8cc3d7eb6ebe2c1ecd3149282668750dcfd5097acb34a767306c486113ab35f4304526feab3d074364ccaf11b7984377063ad74b9aa0ef398b08608ebdbe01f8c10f239649bae4f0a2c928a4f18b591e58d1a935f1faef1a6f02e97d0d2f62b3c
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 478a8efb59e1d83f0ce142d2a28707be
+            Version: 3
+            TBS:
+                MD5: f13ede9179075999ef7f856ec31e364b
+                SHA1: 2f09867166e6107e17808317f5c8d4ee157f45bc
+                SHA256: 089a2c4c6ac7432020acdb65c33bf39130da6f37c002ba79128bd4c94e4fa101
+                SHA384: 67be6d358f4ecd0726163603a404db9d78c340951d43fd608482cd89a2de7f9566f0ce45f8222f420003157cb266b939
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=CN, ST=Beijing, L=Beijing, O=Qihoo 360 Software (Beijing) Company
+                Limited, OU=Digital ID Class 3 , Microsoft Software Validation v2,
+                OU=Tech. Dev. Dept., CN=Qihoo 360 Software (Beijing) Company Limited
+            ValidFrom: '2013-03-11 00:00:00'
+            ValidTo: '2016-03-10 23:59:59'
+            Signature: b1e984808fbc7d3658d18d137c68f1277611af3e98408e495fd55de202bc04f7dc44ae362658e6b5f9dd97b5b383b94723bae937b8fb9e75bb92317a85bcee1989c90c318216da71629f3147ae647502e71e360d16b7cf7006927282265eb0014300650595d1cccc07ed28d9df246055981cec3485bc3173aef9b76912a6cbb2766fa5363e1fc0a91d4679db92e1e1b8dc84e1a14de55324d522670f9e574714b2959ea7a89db456e3debd34d35bbe6403389421ac76615e4ce194990b325132fa62279f31e86fb7043627343fef7118672d5f1ce4666a594d746bb3c69bf123f27c6cb24079fc490a382286d4e85fc118ca9a4612dda448b84a25bcd0fa2cf1
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 51bd5d8e45b82a0210f17fe4c5233468
+            Version: 3
+            TBS:
+                MD5: ad73c81b3174cc055d9718b2145a3d1f
+                SHA1: 0cb9e92828857976774a9fe96c016cdc67a25e6d
+                SHA256: 2c5d88401dfeec2ebf814e09d0d0faec9d109a503d427da4a7f3e0dec5ae0b6c
+                SHA384: 48c38329eb7f200be0d48acddabdb93c354dd1b8b3c3ce955a23638a4e2e32dd7d0f3a4f227a2b6382adc95e746cc411
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 51bd5d8e45b82a0210f17fe4c5233468
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: ludashi.com
+    Date: ''
+    Description: Ludashi System Driver
+    FileVersion: 1.6.16.1015
+    Filename: ''
+    MD5: 5b6c21e8366220f7511e6904ffeeced9
+    MachineType: I386
+    OriginalFilename: ComputerZ.Sys
+    Product: "\u9C81\u5927\u5E08"
+    ProductVersion: 1.6.16.1015
+    Publisher: ''
+    SHA1: c32dfdb0ee859de618484f3ab7a43ee1d9a25d1c
+    SHA256: 03680068ec41bbe725e1ed2042b63b82391f792e8e21e45dc114618641611d5d
+    Signature: ''
+    Imphash: a53b095a8d7366075d445892070cde51
+    Authentihash:
+        MD5: e0a6c9b07aeb96edf04da906f206e11d
+        SHA1: cae3a4dc81504e2892510a6ff90bff711092514b
+        SHA256: df813922fcebbcaae99314cc207ec95111a6599ec7fb2d723f6bb1052c493c8a
+    RichPEHeaderHash:
+        MD5: 36d79e4bc2a15ca68d83887d15f8f3b0
+        SHA1: 8ae8df369a94635efe2cd11c5a54829a352887c5
+        SHA256: c7e19135c0e8c6b70db667044a45444ec135e550845f32f0b49fa08cfe0a9e7e
+    Sections:
+        .text:
+            Entropy: 6.308900702775621
+            Virtual Size: '0x3970'
+        .rdata:
+            Entropy: 4.058483972608683
+            Virtual Size: '0x1a4'
+        .data:
+            Entropy: 0.5154246727248383
+            Virtual Size: '0xd0'
+        INIT:
+            Entropy: 5.455393527320866
+            Virtual Size: '0x4b4'
+        .rsrc:
+            Entropy: 3.5699609259177874
+            Virtual Size: '0x488'
+        .reloc:
+            Entropy: 5.807110906252108
+            Virtual Size: '0x2e2'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2016-06-21 05:51:17'
+    InternalName: ComputerZ.Sys
+    Copyright: "\u7248\u6743\u6240\u6709 (C) 2010-2016 www.ludashi.com"
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IofCompleteRequest
+    - RtlGetVersion
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - IoGetDeviceProperty
+    - RtlCompareUnicodeString
+    - ObfDereferenceObject
+    - IoGetDeviceAttachmentBaseRef
+    - PsGetVersion
+    - MmIsAddressValid
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - RtlAnsiStringToUnicodeString
+    - RtlInitAnsiString
+    - KeWaitForSingleObject
+    - RtlInitUnicodeString
+    - IoBuildDeviceIoControlRequest
+    - KeInitializeEvent
+    - MmUnmapIoSpace
+    - READ_REGISTER_BUFFER_UCHAR
+    - MmMapIoSpace
+    - READ_REGISTER_BUFFER_ULONG
+    - WRITE_REGISTER_ULONG
+    - WRITE_REGISTER_UCHAR
+    - KeSetTimer
+    - KeInitializeTimerEx
+    - _allmul
+    - SeReleaseSubjectContext
+    - SeTokenIsAdmin
+    - SeCaptureSubjectContext
+    - KeTickCount
+    - KeBugCheckEx
+    - RtlUnwind
+    - IoDeleteSymbolicLink
+    - IofCallDriver
+    - IoDeleteDevice
+    - HalGetBusDataByOffset
+    - HalSetBusDataByOffset
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=CN, ST=Beijing, L=Beijing, O=Qihoo 360 Software (Beijing) Company
+                Limited, OU=Tech. Dev. Dept., CN=Qihoo 360 Software (Beijing) Company
+                Limited
+            ValidFrom: '2016-01-06 00:00:00'
+            ValidTo: '2019-03-28 23:59:59'
+            Signature: 14deff13d888b68e8fe51fe761e94a08cc7e9223861f3cf61f51f8629fc2011ae3a3b5af2efaea5120a92b16a2e3da99181ce1a741fb2cfb8dcd78c869ad25911476c9e2bcb28159a9161851e3e46c2828ca7f89bd36b454e49ef28a6d87563bced3277710e9147ec817efd71301e868158e2c9d7a6310f112134054629047fe8637cf4fe1c21a0ad29b388f0031a1e13e4f9b06dc81351d8de4bf8fc9adf748105315d0f67c9c4e391f42abdb51877347685bc072e3bb649899bb8b4697f6d48269a53576fa82f3e0a9552c03b645c07f832ddf3545877ac64f8610d861d54e3ec1c09f3586f1b78564a618e3c761409ac9c84d0a9c8cbaba46d7b11cba1dfb
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 26279f0f2f11970dccf63eba88f2d4c4
+            Version: 3
+            TBS:
+                MD5: fbebdc165d8f4616444075e0a48855e6
+                SHA1: f6bf44f1acae05fc1638190459485da95f4ed1ec
+                SHA256: 6917dc56b04b2bd7a75f0987ee27c832dc62298b698b585a4c2c07eb890b6528
+                SHA384: c857fb61de8d13e1ac649fbaa4d69acd293d8542cd380411db8bbe2fdc3b9d98c607d0d267081fac285dd33e9141f329
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 26279f0f2f11970dccf63eba88f2d4c4
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: "\u9C81\u5927\u5E08"
+    Date: ''
+    Description: Ludashi System Driver
+    FileVersion: 1.3.10.831
+    Filename: ''
+    MD5: 4429f85e2415742c7cf8c9f54905c4b9
+    MachineType: AMD64
+    OriginalFilename: ComputerZ.Sys
+    Product: Ludashi System Driver
+    ProductVersion: 1.3.10.831
+    Publisher: ''
+    SHA1: ddd36f96f5a509855f55eed9eb4cba9758d6339a
+    SHA256: 07d0090c76155318e78a676e2f8af1500c20aaa1e84f047c674d5f990f5a09c8
+    Signature: ''
+    Imphash: 223a76f59831e1a59980b603f81c271d
+    Authentihash:
+        MD5: e3bed503df0bb23e0c81b317278b62ee
+        SHA1: 0dc3a20a5b85e67735b6356da876a8dbe44a5b18
+        SHA256: e160fc9d1990bc1e7ffa556d6ada19db0d2c5c7aeb23a491704b37854a666480
+    RichPEHeaderHash:
+        MD5: f7bc3e823b56dda64b7a8789aa87612d
+        SHA1: 97b834dc6972d075c125b943de783fe4e8c7a503
+        SHA256: fef8ed434cfdce3a7a1e00bf4fa8a056dd28b93390c64443255f6d69d48ccfc6
+    Sections:
+        .text:
+            Entropy: 5.897491141813393
+            Virtual Size: '0x11b4'
+        .rdata:
+            Entropy: 4.455030251248843
+            Virtual Size: '0x310'
+        .data:
+            Entropy: 0.5159719988134768
+            Virtual Size: '0x110'
+        .pdata:
+            Entropy: 3.743559962617485
+            Virtual Size: '0x138'
+        INIT:
+            Entropy: 4.924487246749098
+            Virtual Size: '0x322'
+        .rsrc:
+            Entropy: 3.451496132005
+            Virtual Size: '0x3e8'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2010-09-01 02:09:04'
+    InternalName: ComputerZ.Sys
+    Copyright: Copyright (C) 2008-2010 www.ludashi.com
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - __C_specific_handler
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - RtlFreeUnicodeString
+    - ObfDereferenceObject
+    - MmIsAddressValid
+    - IoGetDeviceObjectPointer
+    - RtlAnsiStringToUnicodeString
+    - RtlInitAnsiString
+    - PsGetVersion
+    - KeWaitForSingleObject
+    - IofCallDriver
+    - IoBuildDeviceIoControlRequest
+    - KeInitializeEvent
+    - KeBugCheckEx
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=CN, ST=Sichuan, L=Chengdu, O=Chengdu Qiying Technology Co.,Ltd.,
+                OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=Chengdu
+                Qiying Technology Co.,Ltd.
+            ValidFrom: '2010-03-31 00:00:00'
+            ValidTo: '2011-03-31 23:59:59'
+            Signature: 1faadccc76ce27891191f3b98a4feaac1220aa61f9a07540f1de38346f466d20bb5ecda07db57aaffc5b472a5d47f928fb717b5d407aff12311fe9cac2daa7fca057a85d34058cf2c02ae2c5168e7f99c7d065b9cd2ac1beda4c9d7fdf0caf7030b821b71bae2a0d17ccbc829b469407cddec7a1fbf93d8c0364b79231b978b227ea09dc6be8d83da1b430c6a1945254bdc987341ac9bccc93c74eb006e9960a38e74815a549617678b00857098adbac42783d88babc75de8e1569fe05b4c74a79e2e423e296b4f1585db891a257dd4b82167cbc8efcd6ae322c0d778036a8fd4b549e736ba03dff6c3a8835b9279fab3639b610554c87bfa6630d8b7a07e6c3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 61359ac44514d781769fd643666b4572
+            Version: 3
+            TBS:
+                MD5: 416fc5d0038211bf34811efeff6d562f
+                SHA1: e0acbd39e2fa410a22c96e2a3eaea4342a626f40
+                SHA256: 843e587edb9c53b2fbbf84cd90b217af016da1330905b25c16bb059a26b5726e
+                SHA384: 1a1167bbac2b00e60c10a4c1dc1d0f5105c42582b1a39e05a1d60710d97a24c6ff76fe73700f0fb0e1e03f27aebb7697
+        Signer:
+        -   SerialNumber: 61359ac44514d781769fd643666b4572
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: 360.cn
+    Date: ''
+    Description: Ludashi System Driver
+    FileVersion: 1.6.14.1022
+    Filename: ''
+    MD5: 006d9d615cdcc105f642ab599b66f94e
+    MachineType: AMD64
+    OriginalFilename: ComputerZ.Sys
+    Product: "\u9C81\u5927\u5E08"
+    ProductVersion: 1.6.14.1021
+    Publisher: ''
+    SHA1: ea58d72db03df85b04d1412a9b90d88ba68ab43d
+    SHA256: 0fc3bc6e81b04dcaa349f59f04d6c85c55a2fea5db8fa0ba53d3096a040ce5a7
+    Signature: ''
+    Imphash: fffbca93e6322995552b841c7d65b033
+    Authentihash:
+        MD5: 717682508e2f11589885b9d155679c04
+        SHA1: 10bc411d5414c73e2f19cd654ea23349ecc55878
+        SHA256: 58d81ddb4104c37284b15fca0d90b4388e430a34d93823df1a3514962dbcddb5
+    RichPEHeaderHash:
+        MD5: 7f4fe28fbea8250d1d89c107bf8aa820
+        SHA1: 2c88a39230384654a89546d9eae4394786648eeb
+        SHA256: ac21ab9c51c4a7d30efd0f08fc44428e2d46890849b3413fc8c4a4239c468130
+    Sections:
+        .text:
+            Entropy: 6.318474008501602
+            Virtual Size: '0x2fae'
+        .rdata:
+            Entropy: 4.6177232151719565
+            Virtual Size: '0x33c'
+        .data:
+            Entropy: 0.3888300330017545
+            Virtual Size: '0x17c'
+        .pdata:
+            Entropy: 4.038325406004775
+            Virtual Size: '0x1c8'
+        INIT:
+            Entropy: 5.1042520300899135
+            Virtual Size: '0x470'
+        .rsrc:
+            Entropy: 3.556864166617942
+            Virtual Size: '0x480'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2014-04-17 21:58:34'
+    InternalName: ComputerZ.Sys
+    Copyright: "\u7248\u6743\u6240\u6709 (C) 2010-2014 www.ludashi.com"
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - IoGetDeviceAttachmentBaseRef
+    - PsGetVersion
+    - RtlCompareUnicodeString
+    - ObfDereferenceObject
+    - IoGetDeviceProperty
+    - RtlAnsiStringToUnicodeString
+    - RtlInitAnsiString
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - MmIsAddressValid
+    - IoBuildDeviceIoControlRequest
+    - KeInitializeEvent
+    - KeWaitForSingleObject
+    - IofCallDriver
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - SeTokenIsAdmin
+    - SeReleaseSubjectContext
+    - SeCaptureSubjectContext
+    - KeSetTimer
+    - KeInitializeTimerEx
+    - KeBugCheckEx
+    - __C_specific_handler
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited,
+                CN=COMODO Time Stamping Signer
+            ValidFrom: '2010-05-10 00:00:00'
+            ValidTo: '2015-05-10 23:59:59'
+            Signature: c8fb63f80b75752c3af1f213a72db6a31a9cad0107d3348e77e0c26eae025d484fa4d221b636fd2a35437c6bdf80870b15f0763200b4ceb567a42f2f201b9c549e833f1f5f149562820f2241221f70b3f3f742de6c51cd4bf821ac9b3b8cb1e5e6288fce2a8af9aa524d8c5b77ba4d5a58dbbb6a04cc521e9de228370ebbe70e91c7f8dbf18198ebcd37b30eab65d362ec3aa576eb13a83593c92e0a01ecc0e8cc3d7eb6ebe2c1ecd3149282668750dcfd5097acb34a767306c486113ab35f4304526feab3d074364ccaf11b7984377063ad74b9aa0ef398b08608ebdbe01f8c10f239649bae4f0a2c928a4f18b591e58d1a935f1faef1a6f02e97d0d2f62b3c
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 478a8efb59e1d83f0ce142d2a28707be
+            Version: 3
+            TBS:
+                MD5: f13ede9179075999ef7f856ec31e364b
+                SHA1: 2f09867166e6107e17808317f5c8d4ee157f45bc
+                SHA256: 089a2c4c6ac7432020acdb65c33bf39130da6f37c002ba79128bd4c94e4fa101
+                SHA384: 67be6d358f4ecd0726163603a404db9d78c340951d43fd608482cd89a2de7f9566f0ce45f8222f420003157cb266b939
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=CN, ST=Beijing, L=Beijing, O=Qihoo 360 Software (Beijing) Company
+                Limited, OU=Digital ID Class 3 , Microsoft Software Validation v2,
+                OU=Tech. Dev. Dept., CN=Qihoo 360 Software (Beijing) Company Limited
+            ValidFrom: '2013-03-11 00:00:00'
+            ValidTo: '2016-03-10 23:59:59'
+            Signature: b1e984808fbc7d3658d18d137c68f1277611af3e98408e495fd55de202bc04f7dc44ae362658e6b5f9dd97b5b383b94723bae937b8fb9e75bb92317a85bcee1989c90c318216da71629f3147ae647502e71e360d16b7cf7006927282265eb0014300650595d1cccc07ed28d9df246055981cec3485bc3173aef9b76912a6cbb2766fa5363e1fc0a91d4679db92e1e1b8dc84e1a14de55324d522670f9e574714b2959ea7a89db456e3debd34d35bbe6403389421ac76615e4ce194990b325132fa62279f31e86fb7043627343fef7118672d5f1ce4666a594d746bb3c69bf123f27c6cb24079fc490a382286d4e85fc118ca9a4612dda448b84a25bcd0fa2cf1
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 51bd5d8e45b82a0210f17fe4c5233468
+            Version: 3
+            TBS:
+                MD5: ad73c81b3174cc055d9718b2145a3d1f
+                SHA1: 0cb9e92828857976774a9fe96c016cdc67a25e6d
+                SHA256: 2c5d88401dfeec2ebf814e09d0d0faec9d109a503d427da4a7f3e0dec5ae0b6c
+                SHA384: 48c38329eb7f200be0d48acddabdb93c354dd1b8b3c3ce955a23638a4e2e32dd7d0f3a4f227a2b6382adc95e746cc411
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 51bd5d8e45b82a0210f17fe4c5233468
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: ludashi.com
+    Date: ''
+    Description: Ludashi System Driver
+    FileVersion: 1.6.15.1045
+    Filename: ''
+    MD5: dab9142dc12480bb39f25c9911df6c6c
+    MachineType: AMD64
+    OriginalFilename: ComputerZ.Sys
+    Product: "\u9C81\u5927\u5E08"
+    ProductVersion: 1.6.15.1045
+    Publisher: ''
+    SHA1: 1f26424eaf046dbf800ae2ac52d9bb38494d061a
+    SHA256: 13ae3081393f8100cc491ebb88ba58f0491b3550787cf3fd25a73aa7ca0290d9
+    Signature: ''
+    Imphash: fbfa302bf7eb5d615d0968541ee49ce4
+    Authentihash:
+        MD5: 98a39fd9543c26e95548235dbed6f6ee
+        SHA1: 55a83548224d9dc156e1ba4b4bd1400cad060009
+        SHA256: aac9c11490da2ad5316469aa91943b42d019b51ff6f1d9d9767260abd075bb8f
+    RichPEHeaderHash:
+        MD5: 931e927cdf1c24d5817bff89dab85a64
+        SHA1: 4cd801fca152bbe24f5f38fd11ceb6376bcef450
+        SHA256: 7122c2c491e45b9bc338bcc38386cc39217d647ee94adc68881890034b241fb2
+    Sections:
+        .text:
+            Entropy: 6.323647044082133
+            Virtual Size: '0x36fe'
+        .rdata:
+            Entropy: 4.706224571856012
+            Virtual Size: '0x3b4'
+        .data:
+            Entropy: 0.34051109993725664
+            Virtual Size: '0x1bc'
+        .pdata:
+            Entropy: 4.140010388960332
+            Virtual Size: '0x1e0'
+        INIT:
+            Entropy: 5.131166362174372
+            Virtual Size: '0x4e8'
+        .rsrc:
+            Entropy: 3.574245952532775
+            Virtual Size: '0x488'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2015-09-05 21:28:20'
+    InternalName: ComputerZ.Sys
+    Copyright: "\u7248\u6743\u6240\u6709 (C) 2010-2015 www.ludashi.com"
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - RtlGetVersion
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - IoGetDeviceAttachmentBaseRef
+    - PsGetVersion
+    - RtlCompareUnicodeString
+    - ObfDereferenceObject
+    - IoGetDeviceProperty
+    - RtlAnsiStringToUnicodeString
+    - RtlInitAnsiString
+    - RtlFreeUnicodeString
+    - IoDeleteDevice
+    - MmIsAddressValid
+    - IoBuildDeviceIoControlRequest
+    - KeInitializeEvent
+    - KeWaitForSingleObject
+    - IofCallDriver
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - SeTokenIsAdmin
+    - SeReleaseSubjectContext
+    - SeCaptureSubjectContext
+    - KeSetTimer
+    - KeInitializeTimerEx
+    - KeBugCheckEx
+    - RtlInitUnicodeString
+    - IoGetDeviceObjectPointer
+    - IoDeleteSymbolicLink
+    - __C_specific_handler
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited,
+                CN=COMODO Time Stamping Signer
+            ValidFrom: '2015-05-05 00:00:00'
+            ValidTo: '2015-12-31 23:59:59'
+            Signature: 0dbbad60111bb5f00dcce6483a7a3e0e33dc1cb9ead620fea34dd0cc764ee818d879dfd34f9a4264238a29728a3a6c66a63c3a17a8704565c673c3d0ce8954fbac690f58b019cb869f7eb97eeb5192bf9bddebd165f0257b887cdebda5c8b51451bcc081308a85387be679fe67559387fe4fe88d0eedf37292b5c289806dd159e31d0deab138ee039d0019a5ab219b79c3ccc23e687ebdc94d694db46451fbb22874e25389ce9dfaade2dbceab7b7e064474fd0aa3c9b7a730cd49d29264f122a6b828457479e9a7ce3b33f98350947d68c01d49c760787a3c6426d5befa0a6de41ee109538fa9c523acc79d614221f02c1671493b10af2c6f1ae631f114fd6c
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 009feac811b0f16247a5fc20d80523ace6
+            Version: 3
+            TBS:
+                MD5: b6aa9cf28bcfc9f07ec1069fb425ab61
+                SHA1: ca7a166fcd53878ba5a38d4cac37c63513cfc1fa
+                SHA256: 711394fc49f8948a831f687d42ced6b18514f57786ecc6cdbc3c3eb72e568a40
+                SHA384: ca01f9c9ed4e1ddff7126b7bbf618bc8132429886ca563f86655429e928739c621b9fdea6e04a623712cbb998c5c7d77
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=CN, ST=Beijing, L=Beijing, O=Qihoo 360 Software (Beijing) Company
+                Limited, OU=Digital ID Class 3 , Microsoft Software Validation v2,
+                OU=Tech. Dev. Dept., CN=Qihoo 360 Software (Beijing) Company Limited
+            ValidFrom: '2013-03-11 00:00:00'
+            ValidTo: '2016-03-10 23:59:59'
+            Signature: b1e984808fbc7d3658d18d137c68f1277611af3e98408e495fd55de202bc04f7dc44ae362658e6b5f9dd97b5b383b94723bae937b8fb9e75bb92317a85bcee1989c90c318216da71629f3147ae647502e71e360d16b7cf7006927282265eb0014300650595d1cccc07ed28d9df246055981cec3485bc3173aef9b76912a6cbb2766fa5363e1fc0a91d4679db92e1e1b8dc84e1a14de55324d522670f9e574714b2959ea7a89db456e3debd34d35bbe6403389421ac76615e4ce194990b325132fa62279f31e86fb7043627343fef7118672d5f1ce4666a594d746bb3c69bf123f27c6cb24079fc490a382286d4e85fc118ca9a4612dda448b84a25bcd0fa2cf1
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 51bd5d8e45b82a0210f17fe4c5233468
+            Version: 3
+            TBS:
+                MD5: ad73c81b3174cc055d9718b2145a3d1f
+                SHA1: 0cb9e92828857976774a9fe96c016cdc67a25e6d
+                SHA256: 2c5d88401dfeec2ebf814e09d0d0faec9d109a503d427da4a7f3e0dec5ae0b6c
+                SHA384: 48c38329eb7f200be0d48acddabdb93c354dd1b8b3c3ce955a23638a4e2e32dd7d0f3a4f227a2b6382adc95e746cc411
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 51bd5d8e45b82a0210f17fe4c5233468
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: 360.cn
+    Date: ''
+    Description: Ludashi System Driver
+    FileVersion: 1.6.14.1021
+    Filename: ''
+    MD5: 0cd2504a2e0a8ad81d9a3a6a1fad7306
+    MachineType: I386
+    OriginalFilename: ComputerZ.Sys
+    Product: "\u9C81\u5927\u5E08"
+    ProductVersion: 1.6.14.1021
+    Publisher: ''
+    SHA1: 441f87633ee6fbea5dee1268d1b9b936a596464d
+    SHA256: 182bbdb9ecd3932e0f0c986b779c2b2b3997a7ca9375caa2ec59b4b08f4e9714
+    Signature: ''
+    Imphash: f9b9487f25a2c1e08c02f391387c5323
+    Authentihash:
+        MD5: e7a9db31f57baffaa58807394be333df
+        SHA1: 9fe5d0b19514ee8c335e63b2fbce6a0564b8e5cc
+        SHA256: e1a34446a3d8b2875a505b109a1c78177f9fa887472699ec9db5147b1074e42f
+    RichPEHeaderHash:
+        MD5: 7fc550aec15fd6621ba15e6f0c8d0b43
+        SHA1: 231a47a21f97fb57cdca08ba5a88d86f15920c2e
+        SHA256: 2d878af22eeafbfa7f8d8a40ca040a55f5c294ef7d7e93e7505d1fb2691880d2
+    Sections:
+        .text:
+            Entropy: 6.341617339803296
+            Virtual Size: '0x2c20'
+        .rdata:
+            Entropy: 4.038228210908961
+            Virtual Size: '0x194'
+        .data:
+            Entropy: 0.9395563653739029
+            Virtual Size: '0x64'
+        INIT:
+            Entropy: 5.471916387889967
+            Virtual Size: '0x448'
+        .rsrc:
+            Entropy: 3.553806284211462
+            Virtual Size: '0x480'
+        .reloc:
+            Entropy: 5.46903370349161
+            Virtual Size: '0x206'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2014-02-24 19:36:48'
+    InternalName: ComputerZ.Sys
+    Copyright: "\u7248\u6743\u6240\u6709 (C) 2010-2014 www.ludashi.com"
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - IoGetDeviceProperty
+    - RtlCompareUnicodeString
+    - ObfDereferenceObject
+    - IoGetDeviceAttachmentBaseRef
+    - PsGetVersion
+    - MmIsAddressValid
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - RtlAnsiStringToUnicodeString
+    - RtlInitAnsiString
+    - KeWaitForSingleObject
+    - IofCallDriver
+    - IoBuildDeviceIoControlRequest
+    - KeInitializeEvent
+    - MmUnmapIoSpace
+    - READ_REGISTER_BUFFER_UCHAR
+    - MmMapIoSpace
+    - READ_REGISTER_BUFFER_ULONG
+    - WRITE_REGISTER_ULONG
+    - WRITE_REGISTER_UCHAR
+    - KeSetTimer
+    - KeInitializeTimerEx
+    - _allmul
+    - SeReleaseSubjectContext
+    - SeTokenIsAdmin
+    - SeCaptureSubjectContext
+    - KeTickCount
+    - KeBugCheckEx
+    - RtlUnwind
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited,
+                CN=COMODO Time Stamping Signer
+            ValidFrom: '2010-05-10 00:00:00'
+            ValidTo: '2015-05-10 23:59:59'
+            Signature: c8fb63f80b75752c3af1f213a72db6a31a9cad0107d3348e77e0c26eae025d484fa4d221b636fd2a35437c6bdf80870b15f0763200b4ceb567a42f2f201b9c549e833f1f5f149562820f2241221f70b3f3f742de6c51cd4bf821ac9b3b8cb1e5e6288fce2a8af9aa524d8c5b77ba4d5a58dbbb6a04cc521e9de228370ebbe70e91c7f8dbf18198ebcd37b30eab65d362ec3aa576eb13a83593c92e0a01ecc0e8cc3d7eb6ebe2c1ecd3149282668750dcfd5097acb34a767306c486113ab35f4304526feab3d074364ccaf11b7984377063ad74b9aa0ef398b08608ebdbe01f8c10f239649bae4f0a2c928a4f18b591e58d1a935f1faef1a6f02e97d0d2f62b3c
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 478a8efb59e1d83f0ce142d2a28707be
+            Version: 3
+            TBS:
+                MD5: f13ede9179075999ef7f856ec31e364b
+                SHA1: 2f09867166e6107e17808317f5c8d4ee157f45bc
+                SHA256: 089a2c4c6ac7432020acdb65c33bf39130da6f37c002ba79128bd4c94e4fa101
+                SHA384: 67be6d358f4ecd0726163603a404db9d78c340951d43fd608482cd89a2de7f9566f0ce45f8222f420003157cb266b939
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=CN, ST=Beijing, L=Beijing, O=Qihoo 360 Software (Beijing) Company
+                Limited, OU=Digital ID Class 3 , Microsoft Software Validation v2,
+                OU=Tech. Dev. Dept., CN=Qihoo 360 Software (Beijing) Company Limited
+            ValidFrom: '2013-03-11 00:00:00'
+            ValidTo: '2016-03-10 23:59:59'
+            Signature: b1e984808fbc7d3658d18d137c68f1277611af3e98408e495fd55de202bc04f7dc44ae362658e6b5f9dd97b5b383b94723bae937b8fb9e75bb92317a85bcee1989c90c318216da71629f3147ae647502e71e360d16b7cf7006927282265eb0014300650595d1cccc07ed28d9df246055981cec3485bc3173aef9b76912a6cbb2766fa5363e1fc0a91d4679db92e1e1b8dc84e1a14de55324d522670f9e574714b2959ea7a89db456e3debd34d35bbe6403389421ac76615e4ce194990b325132fa62279f31e86fb7043627343fef7118672d5f1ce4666a594d746bb3c69bf123f27c6cb24079fc490a382286d4e85fc118ca9a4612dda448b84a25bcd0fa2cf1
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 51bd5d8e45b82a0210f17fe4c5233468
+            Version: 3
+            TBS:
+                MD5: ad73c81b3174cc055d9718b2145a3d1f
+                SHA1: 0cb9e92828857976774a9fe96c016cdc67a25e6d
+                SHA256: 2c5d88401dfeec2ebf814e09d0d0faec9d109a503d427da4a7f3e0dec5ae0b6c
+                SHA384: 48c38329eb7f200be0d48acddabdb93c354dd1b8b3c3ce955a23638a4e2e32dd7d0f3a4f227a2b6382adc95e746cc411
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 51bd5d8e45b82a0210f17fe4c5233468
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: 360.cn
+    Date: ''
+    Description: Ludashi System Driver
+    FileVersion: 1.6.12.302
+    Filename: ''
+    MD5: f7745b42882dec947f6629ab9b7c39b7
+    MachineType: AMD64
+    OriginalFilename: ComputerZ.Sys
+    Product: "360\u786C\u4EF6\u5927\u5E08"
+    ProductVersion: 1.6.12.302
+    Publisher: ''
+    SHA1: 2bb68b195f66f53f90f17b364928929d5b2883b5
+    SHA256: 26ecd3cea139218120a9f168c8c0c3b856e0dd8fb2205c2a4bcb398f5f35d8dd
+    Signature: ''
+    Imphash: fffbca93e6322995552b841c7d65b033
+    Authentihash:
+        MD5: 462a9cd6018292c641c537c08b5a2602
+        SHA1: ed9ed937052bc96ec57886d5bbc3edaaf7145451
+        SHA256: 9acd27f9b7b3075e5d5273ae285de33844aafe0477782ecd4ae573ed282f863a
+    RichPEHeaderHash:
+        MD5: a7cda6f0c911980e37ebc92229feb730
+        SHA1: 91587d822874bdf4b4d2ec960f01d9614af4ff27
+        SHA256: 645a47a93bb7711e822de9e1857874ccbcd24620e48565e30cbd354f631fca61
+    Sections:
+        .text:
+            Entropy: 6.320258380228078
+            Virtual Size: '0x28be'
+        .rdata:
+            Entropy: 4.549947297419023
+            Virtual Size: '0x324'
+        .data:
+            Entropy: 0.41099431917639
+            Virtual Size: '0x164'
+        .pdata:
+            Entropy: 4.014024074963754
+            Virtual Size: '0x198'
+        INIT:
+            Entropy: 5.1021846748561135
+            Virtual Size: '0x470'
+        .rsrc:
+            Entropy: 3.507951771882346
+            Virtual Size: '0x3b0'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2012-03-02 00:49:07'
+    InternalName: ComputerZ.Sys
+    Copyright: "\u7248\u6743\u6240\u6709 (C) 2010-2012 360.cn"
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - IoGetDeviceAttachmentBaseRef
+    - PsGetVersion
+    - RtlCompareUnicodeString
+    - ObfDereferenceObject
+    - IoGetDeviceProperty
+    - RtlAnsiStringToUnicodeString
+    - RtlInitAnsiString
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - MmIsAddressValid
+    - IoBuildDeviceIoControlRequest
+    - KeInitializeEvent
+    - KeWaitForSingleObject
+    - IofCallDriver
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - SeTokenIsAdmin
+    - SeReleaseSubjectContext
+    - SeCaptureSubjectContext
+    - KeSetTimer
+    - KeInitializeTimerEx
+    - KeBugCheckEx
+    - __C_specific_handler
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=CN, ST=Beijing, L=Beijing, O=360.cn, OU=Digital ID Class 3
+                , Microsoft Software Validation v2, CN=360.cn
+            ValidFrom: '2010-03-16 00:00:00'
+            ValidTo: '2013-03-15 23:59:59'
+            Signature: 1d035b2e51207ee0aaa7a8618092198204b6614406a8f9057f4160de8e165777f5c7d7f1f3ba768043881dbabc4a1ffa7d3044d7f5ef0f2658173fce2a1735ba9034873c94c7865ec78160b9b00815e253a60a2eeea8b8f68cc144d47419046c97fdbf690ac7755e84230dfa0e8f4f1aaccf8f6589d9ad9f160988f4c8cc5a73c4241c74ea6770042ed7496fd6b7aa7ae64c3741aa3a1f004c75d2a9f25e0d1ac53e9dd13d2067c963a9eb089517a9d4b5a805f1d9c72c61efea0b898eaf9fb2c6e23e785c00e0b6f53e91ba0f343060ee50bdb7e41c17b25cc389e12022d1388b6af77d3031eb65febf236b795b500a49e1fe6ad9139ad09ababb9fcea00f3b
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 74f2958d31d03eb042f9081555305277
+            Version: 3
+            TBS:
+                MD5: 4f5c7d4f95e9d6a9749876f33ae138c4
+                SHA1: 3666bdaf7b0d6a9019d5111e2ffd0bf06587dd58
+                SHA256: f5b44adb5d25d0e309ae2f5db3f1e2428ef0b7332f8afcc2086786485aa7c162
+                SHA384: ae0b037429f9c36e2925d6be76b2535f8a66c6d81b07252c63ce74af493bb31d5d52c276de95cdc4c71ba56bdf7148e4
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 74f2958d31d03eb042f9081555305277
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: 360.cn
+    Date: ''
+    Description: Ludashi System Driver
+    FileVersion: 1.6.12.1018
+    Filename: ''
+    MD5: ca7b41ce335051bf9dd7fa4a55581296
+    MachineType: AMD64
+    OriginalFilename: ComputerZ.Sys
+    Product: "360\u786C\u4EF6\u5927\u5E08"
+    ProductVersion: 1.6.12.1018
+    Publisher: ''
+    SHA1: ddec18909571a9d5992f93636628756b7aa9b9a2
+    SHA256: 31ffc8218a52c3276bece1e5bac7fcb638dca0bc95c2d385511958abdbe4e4a5
+    Signature: ''
+    Imphash: fffbca93e6322995552b841c7d65b033
+    Authentihash:
+        MD5: b791f732161b03fc3fbddbdea0ec3f52
+        SHA1: cef9b850a6967a79f5db4e6cb721af2762a90a88
+        SHA256: 4d16e1f28bae42b72cad2b1511ec59968d0659a6913cce8056b4572c20303822
+    RichPEHeaderHash:
+        MD5: a7cda6f0c911980e37ebc92229feb730
+        SHA1: 91587d822874bdf4b4d2ec960f01d9614af4ff27
+        SHA256: 645a47a93bb7711e822de9e1857874ccbcd24620e48565e30cbd354f631fca61
+    Sections:
+        .text:
+            Entropy: 6.324703317375317
+            Virtual Size: '0x295e'
+        .rdata:
+            Entropy: 4.584690789245981
+            Virtual Size: '0x324'
+        .data:
+            Entropy: 0.41099431917639
+            Virtual Size: '0x164'
+        .pdata:
+            Entropy: 4.01447436542752
+            Virtual Size: '0x198'
+        INIT:
+            Entropy: 5.1021846748561135
+            Virtual Size: '0x470'
+        .rsrc:
+            Entropy: 3.5298436640182693
+            Virtual Size: '0x3b0'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2012-11-07 03:16:36'
+    InternalName: ComputerZ.Sys
+    Copyright: "\u7248\u6743\u6240\u6709 (C) 2010-2012 360.cn"
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - IoGetDeviceAttachmentBaseRef
+    - PsGetVersion
+    - RtlCompareUnicodeString
+    - ObfDereferenceObject
+    - IoGetDeviceProperty
+    - RtlAnsiStringToUnicodeString
+    - RtlInitAnsiString
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - MmIsAddressValid
+    - IoBuildDeviceIoControlRequest
+    - KeInitializeEvent
+    - KeWaitForSingleObject
+    - IofCallDriver
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - SeTokenIsAdmin
+    - SeReleaseSubjectContext
+    - SeCaptureSubjectContext
+    - KeSetTimer
+    - KeInitializeTimerEx
+    - KeBugCheckEx
+    - __C_specific_handler
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G3
+            ValidFrom: '2012-05-01 00:00:00'
+            ValidTo: '2012-12-31 23:59:59'
+            Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
+            Version: 3
+            TBS:
+                MD5: e6d820afb23af20a65cf0b03247ea05e
+                SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
+                SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
+                SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=CN, ST=Beijing, L=Beijing, O=360.cn, OU=Digital ID Class 3
+                , Microsoft Software Validation v2, CN=360.cn
+            ValidFrom: '2010-03-16 00:00:00'
+            ValidTo: '2013-03-15 23:59:59'
+            Signature: 1d035b2e51207ee0aaa7a8618092198204b6614406a8f9057f4160de8e165777f5c7d7f1f3ba768043881dbabc4a1ffa7d3044d7f5ef0f2658173fce2a1735ba9034873c94c7865ec78160b9b00815e253a60a2eeea8b8f68cc144d47419046c97fdbf690ac7755e84230dfa0e8f4f1aaccf8f6589d9ad9f160988f4c8cc5a73c4241c74ea6770042ed7496fd6b7aa7ae64c3741aa3a1f004c75d2a9f25e0d1ac53e9dd13d2067c963a9eb089517a9d4b5a805f1d9c72c61efea0b898eaf9fb2c6e23e785c00e0b6f53e91ba0f343060ee50bdb7e41c17b25cc389e12022d1388b6af77d3031eb65febf236b795b500a49e1fe6ad9139ad09ababb9fcea00f3b
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 74f2958d31d03eb042f9081555305277
+            Version: 3
+            TBS:
+                MD5: 4f5c7d4f95e9d6a9749876f33ae138c4
+                SHA1: 3666bdaf7b0d6a9019d5111e2ffd0bf06587dd58
+                SHA256: f5b44adb5d25d0e309ae2f5db3f1e2428ef0b7332f8afcc2086786485aa7c162
+                SHA384: ae0b037429f9c36e2925d6be76b2535f8a66c6d81b07252c63ce74af493bb31d5d52c276de95cdc4c71ba56bdf7148e4
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 74f2958d31d03eb042f9081555305277
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: 360.cn
+    Date: ''
+    Description: Ludashi System Driver
+    FileVersion: 1.6.11.1129
+    Filename: ''
+    MD5: 159f89d9870e208abd8b912c3d1d3ae9
+    MachineType: AMD64
+    OriginalFilename: ComputerZ.Sys
+    Product: "360\u786C\u4EF6\u5927\u5E08"
+    ProductVersion: 1.6.11.1129
+    Publisher: ''
+    SHA1: 5cfec6aa4842e5bafff23937f5efca71f21cf7ca
+    SHA256: 348dc502ac57d7362c7f222e656c52e630c90bef92217a3bd20e49193b5a69f1
+    Signature: ''
+    Imphash: fffbca93e6322995552b841c7d65b033
+    Authentihash:
+        MD5: 2f2350f631202a79acea24c65290c114
+        SHA1: bcd6c1d912830061824d423ffa8d07421433215a
+        SHA256: 11e76c3f091b3771d881e82f7171e72228bd43877aeea9008d7de4bda184aec2
+    RichPEHeaderHash:
+        MD5: c6a84fd8b9ad9825f80dad9cd0c9e192
+        SHA1: 2955d54729fcdec5454796a4decd2ce2fd49f167
+        SHA256: d409b635f972a6ced87c5ac14d62792a70f26f226099fc41075fbcea4daf6f29
+    Sections:
+        .text:
+            Entropy: 6.337114871973153
+            Virtual Size: '0x287e'
+        .rdata:
+            Entropy: 4.651420212037889
+            Virtual Size: '0x30c'
+        .data:
+            Entropy: 0.41099431917639
+            Virtual Size: '0x164'
+        .pdata:
+            Entropy: 3.9492163220317558
+            Virtual Size: '0x180'
+        INIT:
+            Entropy: 5.095554796299162
+            Virtual Size: '0x470'
+        .rsrc:
+            Entropy: 3.52687041352958
+            Virtual Size: '0x3b0'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2011-11-30 03:27:11'
+    InternalName: ComputerZ.Sys
+    Copyright: "\u7248\u6743\u6240\u6709 (C) 2010-2011 360.cn"
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - IoGetDeviceAttachmentBaseRef
+    - PsGetVersion
+    - RtlCompareUnicodeString
+    - ObfDereferenceObject
+    - IoGetDeviceProperty
+    - RtlAnsiStringToUnicodeString
+    - RtlInitAnsiString
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - MmIsAddressValid
+    - IoBuildDeviceIoControlRequest
+    - KeInitializeEvent
+    - KeWaitForSingleObject
+    - IofCallDriver
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - SeTokenIsAdmin
+    - SeReleaseSubjectContext
+    - SeCaptureSubjectContext
+    - KeSetTimer
+    - KeInitializeTimerEx
+    - KeBugCheckEx
+    - __C_specific_handler
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=CN, ST=Beijing, L=Beijing, O=360.cn, OU=Digital ID Class 3
+                , Microsoft Software Validation v2, CN=360.cn
+            ValidFrom: '2010-03-16 00:00:00'
+            ValidTo: '2013-03-15 23:59:59'
+            Signature: 1d035b2e51207ee0aaa7a8618092198204b6614406a8f9057f4160de8e165777f5c7d7f1f3ba768043881dbabc4a1ffa7d3044d7f5ef0f2658173fce2a1735ba9034873c94c7865ec78160b9b00815e253a60a2eeea8b8f68cc144d47419046c97fdbf690ac7755e84230dfa0e8f4f1aaccf8f6589d9ad9f160988f4c8cc5a73c4241c74ea6770042ed7496fd6b7aa7ae64c3741aa3a1f004c75d2a9f25e0d1ac53e9dd13d2067c963a9eb089517a9d4b5a805f1d9c72c61efea0b898eaf9fb2c6e23e785c00e0b6f53e91ba0f343060ee50bdb7e41c17b25cc389e12022d1388b6af77d3031eb65febf236b795b500a49e1fe6ad9139ad09ababb9fcea00f3b
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 74f2958d31d03eb042f9081555305277
+            Version: 3
+            TBS:
+                MD5: 4f5c7d4f95e9d6a9749876f33ae138c4
+                SHA1: 3666bdaf7b0d6a9019d5111e2ffd0bf06587dd58
+                SHA256: f5b44adb5d25d0e309ae2f5db3f1e2428ef0b7332f8afcc2086786485aa7c162
+                SHA384: ae0b037429f9c36e2925d6be76b2535f8a66c6d81b07252c63ce74af493bb31d5d52c276de95cdc4c71ba56bdf7148e4
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 74f2958d31d03eb042f9081555305277
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: ludashi.com
+    Date: ''
+    Description: Ludashi System Driver
+    FileVersion: 1.1020.1030.1217
+    Filename: ''
+    MD5: 6ba221afb17342a3c81245a4958516a2
+    MachineType: AMD64
+    OriginalFilename: ComputerZ.Sys
+    Product: "\u9C81\u5927\u5E08"
+    ProductVersion: 1.1020.1030.1217
+    Publisher: ''
+    SHA1: 7c996d9ef7e47a3b197ff69798333dc29a04cc8a
+    SHA256: 37d999df20c1a0b8ffaef9484c213a97b9987ed308b4ba07316a6013fbd31c60
+    Signature: ''
+    Imphash: 1427c5f0f4fb100e26a3911f8209504b
+    Authentihash:
+        MD5: 245ccd9242dcc0ff7a8defc7a496bfd2
+        SHA1: 66b24de401ff03030585a778bb4665338e87494c
+        SHA256: 1f4647364210b9ec997483f9a707a733c4e1b59263c1046301dee90890273f34
+    RichPEHeaderHash:
+        MD5: 290fe3bdce284c8212f3064b32eb31d7
+        SHA1: 5d4ee43b584947ef637a702c4550d47a239c8d62
+        SHA256: 8523b6eb7567114055ba82faa7f1d7801cd00b6f8c6e87dee48fdceae32b7efe
+    Sections:
+        .text:
+            Entropy: 6.356689564177742
+            Virtual Size: '0x3fae'
+        .rdata:
+            Entropy: 4.67241303817361
+            Virtual Size: '0x424'
+        .data:
+            Entropy: 0.31187978478105094
+            Virtual Size: '0x1ec'
+        .pdata:
+            Entropy: 4.157923480569919
+            Virtual Size: '0x234'
+        INIT:
+            Entropy: 5.132395977062985
+            Virtual Size: '0x4b0'
+        .rsrc:
+            Entropy: 3.5345136989811943
+            Virtual Size: '0x3e0'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2020-12-17 03:08:51'
+    InternalName: ComputerZ.Sys
+    Copyright: "\u7248\u6743\u6240\u6709 (C) 2010-2020 www.ludashi.com"
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - _wcsicmp
+    - IoGetDeviceAttachmentBaseRef
+    - PsGetVersion
+    - ObfDereferenceObject
+    - IoGetDeviceProperty
+    - RtlAnsiStringToUnicodeString
+    - RtlInitAnsiString
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - RtlGetVersion
+    - IoBuildDeviceIoControlRequest
+    - KeInitializeEvent
+    - KeWaitForSingleObject
+    - IofCallDriver
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - SeTokenIsAdmin
+    - SeReleaseSubjectContext
+    - KeDelayExecutionThread
+    - SeCaptureSubjectContext
+    - KeBugCheckEx
+    - IoDeleteDevice
+    - RtlInitUnicodeString
+    - MmIsAddressValid
+    - IoDeleteSymbolicLink
+    - __C_specific_handler
+    - HalGetBusDataByOffset
+    - HalSetBusDataByOffset
+    - KeStallExecutionProcessor
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID Root CA
+            ValidFrom: '2011-04-15 19:41:37'
+            ValidTo: '2021-04-15 19:51:37'
+            Signature: 5cf5b22d02ceed01b53512d813f7aa4014c7a15ca08a55ed7e55ea6ac457176fd04722423658efc5ac61c5f62c52ce6ae6c80d85dab334420ea40225182672b92a4ea57e4b16f2a0e40c449ce24d9af474f0f927a6699031c244654348c74869d0fc8409f286140ac22996857f11eb8713176ed3ec6bff1d578ab17b1ea5a07ce9a27a68e5fac6b161d67263fa379163835599f81d614f0c6fa3f7bcb1152acc8d85e31417ef7e49443fb022c0f0acbe2fdbe10c86b0f4585c5a10a94bcdf3448a4652083e0a6210e9459504b78b8d4b074f500db7bbe7fb8ca27878c6c53b7663b2cfe521845a66fce04c79834ecfa8ee700586587cc29cd73ca3ad3c7e76625c87d0ed7cd5c55b1421f4be75a275d2e9e15ad020307841624d6b5e6e1b1710244ad8588775d015d762bbfd185665842561977faad49df4f35d6da031c2e19e02ac3e90c3327ee832903416d08b14cf95accee58c54a265b8bfed186a57073ed3e79a4a2f081a041c49871a8ae61b08a365d81c31c50d9cbab368ddf45076160675fec403e7d13edfdc862e10027e661296534e7af3365879b12042d8963f35be3f8ef2999743f5e40ce13c68728c8d49d75a52b573fb7a35943a61b08482c04885c19732d39b725fa0d2348f7ef0467cf28c7294c707b0d7b5b230b81965f09c8327b0a0abd0a2727e050fb3aeddb95b9b42bcc32663456b86f11d4643edc8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611cb28a000000000026
+            Version: 3
+            TBS:
+                MD5: 983a0c315a50542362f2bd6a5d71c8d0
+                SHA1: 8047f476001f5cb16a661d2a3fd0c3576168f5e2
+                SHA256: 5f6a519ed2e35cd0fa1cdfc90f4387162c36287bbf9e4d6648251d99542a9e83
+                SHA384: 5f014b60511ddab3247ef0b3c03fe82c622237ba76015e2911d1adc50dc632d56ebd1ee532f3c2b6cbfe68d80a2c91dc
+        -   Subject: C=CN, ST=, L=, O=, CN=
+            ValidFrom: '2020-09-22 00:00:00'
+            ValidTo: '2021-11-03 12:00:00'
+            Signature: 13db2c81c633c1bcbd24583f4cad5f4bd0232e41c522e305508be512b31dfbd3044c237481ea96acab73c7546abe77305354ac011394026846c10cb34e86a768e44d8b5926558ec8cf18819016b9385e80097f0c6ec6475812391baf984d0f1989ac661dde4c29576e53b512e14541d5ae061282063d2c78a93203a58ccbd1890ebaf9021e37f9f445ca35eaecede3a9cb7eda7298521e98a9700128085b6ed12a1580a0aa1e9154c2b7987dd98bbecae3878cd5b81dcb859c1373058dc0aa5cde4cfd1ab33a65d380eb29848de8ce003c5e013d694ad5bc4a5eaa88b16dd590d059a4efe8dc4e65073e1a91ae76cdcecf24070a4a674985bafc7bf6dd976040
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03fd3e81a23e67968baf999b7a1b3bbc
+            Version: 3
+            TBS:
+                MD5: f59257898e29705841730d2e5f7360e2
+                SHA1: 366a61045b4c61e4f763413993da98b2d1122d89
+                SHA256: e3079aa603102d9040e6f1d637b95d13e7c94cec366637a99abd629711cc681c
+                SHA384: 1876b057e7b177bca4d184d0e9ee2510c706e8e6b85d1e5aea268823d0bf1d59637c0eb343d913a147643ef2298854d0
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 7b721d64ff88c83ac1b7e9e7a9c487bbdb9492d7905933fa2b87dea85b80253f138f9b831b7c43c4e68cdf393ec315ecb0da3b21257b24c1725db84791811346fa9c3f6a5138deb425cbf0abdfc528015479104624d1380f26a161904dbabd28e63ff1c4aa9bf6da35534fc9f23dd36cdc23edaaa04d6709f33a803d3cfb364c90e776a4ddf23abf56352fa24c65e8e0d4dad1c7c8916a2d234f373b199418d4d59c103cd5b11c19ff8fc86b9b9ef8ae9c999678d1cd9c51155b4226725a8d0a4a239240e886de22c2933ad49b68a6df297f06b93c0ebd9fc4869c82474271328609997209794b9d7169f541ff7f397764f1848dbe8b1eb27d68a3a590b10cff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0fa8490615d700a0be2176fdc5ec6dbd
+            Version: 3
+            TBS:
+                MD5: a9a31555bbc92b6033975c5428fb3679
+                SHA1: 47f4b9898631773231b32844ec0d49990ac4eb1e
+                SHA256: c826846e4b1d73edb7561ab1b41c949354e237a91e82fe1be5b7e2e1701f52d1
+                SHA384: 86f49574f368a561914a52d7ae043ec6784ef8c718960700f834e123594605d25d39f1ad45f1eb5052c9567f3edd0e16
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 03fd3e81a23e67968baf999b7a1b3bbc
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID Code Signing CA,1
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: "\u9C81\u5927\u5E08"
+    Date: ''
+    Description: Ludashi System Driver
+    FileVersion: 1.3.10.802
+    Filename: ''
+    MD5: f3f5c518bc3715492cb0b7c59e94c357
+    MachineType: I386
+    OriginalFilename: ComputerZ.Sys
+    Product: Ludashi System Driver
+    ProductVersion: 1.3.10.802
+    Publisher: ''
+    SHA1: 8278db134d3b505c735306393fdf104d014fb3bf
+    SHA256: 386745d23a841e1c768b5bdf052e0c79bb47245f9713ee64e2a63f330697f0c8
+    Signature: ''
+    Imphash: b142d772a67c40535c8d8fabb6861748
+    Authentihash:
+        MD5: 66b4187e1b01819b2eecffaf79b0d5ce
+        SHA1: 9411830260a6fe79dcbe1854ea5338f0da2b9d42
+        SHA256: 8cc23f39380a590d822d9c064a064c274554d814b651ae4b2f0560d8b016f105
+    RichPEHeaderHash:
+        MD5: 45205f6fbd955e6f411225db2c836af9
+        SHA1: 123f4b488a573fbe556339280d0485feb65fc9a1
+        SHA256: a59884d16bd282a5d177da9ed228fe715c89a3682deeced17bd47246b0ad7e6a
+    Sections:
+        .text:
+            Entropy: 6.30554447906216
+            Virtual Size: '0xc2c'
+        .rdata:
+            Entropy: 4.109499016606657
+            Virtual Size: '0x164'
+        .data:
+            Entropy: 2.5
+            Virtual Size: '0x8'
+        INIT:
+            Entropy: 5.373220833511577
+            Virtual Size: '0x30e'
+        .rsrc:
+            Entropy: 3.45360307263041
+            Virtual Size: '0x3e8'
+        .reloc:
+            Entropy: 4.016862360862906
+            Virtual Size: '0xda'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2010-08-02 02:58:39'
+    InternalName: ComputerZ.Sys
+    Copyright: Copyright (C) 2008-2010 www.ludashi.com
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - _except_handler3
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - READ_REGISTER_BUFFER_ULONG
+    - WRITE_REGISTER_ULONG
+    - WRITE_REGISTER_UCHAR
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - ObfDereferenceObject
+    - MmIsAddressValid
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - RtlAnsiStringToUnicodeString
+    - RtlInitAnsiString
+    - PsGetVersion
+    - KeWaitForSingleObject
+    - IofCallDriver
+    - IoBuildDeviceIoControlRequest
+    - KeInitializeEvent
+    - KeTickCount
+    - KeBugCheckEx
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=CN, ST=Sichuan, L=Chengdu, O=Chengdu Qiying Technology Co.,Ltd.,
+                OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=Chengdu
+                Qiying Technology Co.,Ltd.
+            ValidFrom: '2010-03-31 00:00:00'
+            ValidTo: '2011-03-31 23:59:59'
+            Signature: 1faadccc76ce27891191f3b98a4feaac1220aa61f9a07540f1de38346f466d20bb5ecda07db57aaffc5b472a5d47f928fb717b5d407aff12311fe9cac2daa7fca057a85d34058cf2c02ae2c5168e7f99c7d065b9cd2ac1beda4c9d7fdf0caf7030b821b71bae2a0d17ccbc829b469407cddec7a1fbf93d8c0364b79231b978b227ea09dc6be8d83da1b430c6a1945254bdc987341ac9bccc93c74eb006e9960a38e74815a549617678b00857098adbac42783d88babc75de8e1569fe05b4c74a79e2e423e296b4f1585db891a257dd4b82167cbc8efcd6ae322c0d778036a8fd4b549e736ba03dff6c3a8835b9279fab3639b610554c87bfa6630d8b7a07e6c3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 61359ac44514d781769fd643666b4572
+            Version: 3
+            TBS:
+                MD5: 416fc5d0038211bf34811efeff6d562f
+                SHA1: e0acbd39e2fa410a22c96e2a3eaea4342a626f40
+                SHA256: 843e587edb9c53b2fbbf84cd90b217af016da1330905b25c16bb059a26b5726e
+                SHA384: 1a1167bbac2b00e60c10a4c1dc1d0f5105c42582b1a39e05a1d60710d97a24c6ff76fe73700f0fb0e1e03f27aebb7697
+        Signer:
+        -   SerialNumber: 61359ac44514d781769fd643666b4572
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: 360.cn
+    Date: ''
+    Description: Ludashi System Driver
+    FileVersion: 1.6.11.415
+    Filename: ''
+    MD5: ee3b74cdfed959782dff84153e3d5a6e
+    MachineType: I386
+    OriginalFilename: ComputerZ.Sys
+    Product: "360\u786C\u4EF6\u5927\u5E08"
+    ProductVersion: 1.6.11.415
+    Publisher: ''
+    SHA1: 53a194e1a30ed9b2d3acd87c2752cfa6645eea76
+    SHA256: 39134750f909987f6ebb46cf37519bb80707be0ca2017f3735018bac795a3f8d
+    Signature: ''
+    Imphash: f9b9487f25a2c1e08c02f391387c5323
+    Authentihash:
+        MD5: ff44341db8793b06163bd7443d7a2fb7
+        SHA1: 5f4f4071df9b391fd8f93d6124f802fa8b4b61d8
+        SHA256: c2898d715a1806b6cb574bff1dcd4bb2fd026ac624a2fbe71b7f17a64d0a9451
+    RichPEHeaderHash:
+        MD5: 2b333a796628f5a6167204d8386db243
+        SHA1: 42eee62246749bc7f1c13620a762c056e9d0a754
+        SHA256: 78a5ad5e597ace30219e94d7082fb7d502c98948841e6885741e72d94d058d3b
+    Sections:
+        .text:
+            Entropy: 6.332419090076251
+            Virtual Size: '0x25fc'
+        .rdata:
+            Entropy: 4.042106979727347
+            Virtual Size: '0x194'
+        .data:
+            Entropy: 0.9185644431995964
+            Virtual Size: '0x40'
+        INIT:
+            Entropy: 5.440242429774388
+            Virtual Size: '0x448'
+        .rsrc:
+            Entropy: 3.5165348803600867
+            Virtual Size: '0x3b0'
+        .reloc:
+            Entropy: 5.262723438442423
+            Virtual Size: '0x1d2'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2011-04-15 03:21:16'
+    InternalName: ComputerZ.Sys
+    Copyright: "\u7248\u6743\u6240\u6709 (C) 2010-2011 360.cn"
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - IoGetDeviceProperty
+    - RtlCompareUnicodeString
+    - ObfDereferenceObject
+    - IoGetDeviceAttachmentBaseRef
+    - PsGetVersion
+    - MmIsAddressValid
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - RtlAnsiStringToUnicodeString
+    - RtlInitAnsiString
+    - KeWaitForSingleObject
+    - IofCallDriver
+    - IoBuildDeviceIoControlRequest
+    - KeInitializeEvent
+    - MmUnmapIoSpace
+    - READ_REGISTER_BUFFER_UCHAR
+    - MmMapIoSpace
+    - READ_REGISTER_BUFFER_ULONG
+    - WRITE_REGISTER_ULONG
+    - WRITE_REGISTER_UCHAR
+    - KeSetTimer
+    - KeInitializeTimerEx
+    - _allmul
+    - SeReleaseSubjectContext
+    - SeTokenIsAdmin
+    - SeCaptureSubjectContext
+    - KeTickCount
+    - KeBugCheckEx
+    - RtlUnwind
+    Signatures: {}
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: 360.cn
+    Date: ''
+    Description: Ludashi System Driver
+    FileVersion: 1.6.11.415
+    Filename: ''
+    MD5: 7d87a9c54e49943bf18574c6f02788ee
+    MachineType: I386
+    OriginalFilename: ComputerZ.Sys
+    Product: "360\u786C\u4EF6\u5927\u5E08"
+    ProductVersion: 1.6.11.415
+    Publisher: ''
+    SHA1: 92befb8b3d17bd3f510d09d464ec0131f8a43b8f
+    SHA256: 3e758221506628b116e88c14e71be99940894663013df3cf1a9e0b6fb18852b9
+    Signature: ''
+    Imphash: f9b9487f25a2c1e08c02f391387c5323
+    Authentihash:
+        MD5: ff44341db8793b06163bd7443d7a2fb7
+        SHA1: 5f4f4071df9b391fd8f93d6124f802fa8b4b61d8
+        SHA256: c2898d715a1806b6cb574bff1dcd4bb2fd026ac624a2fbe71b7f17a64d0a9451
+    RichPEHeaderHash:
+        MD5: 2b333a796628f5a6167204d8386db243
+        SHA1: 42eee62246749bc7f1c13620a762c056e9d0a754
+        SHA256: 78a5ad5e597ace30219e94d7082fb7d502c98948841e6885741e72d94d058d3b
+    Sections:
+        .text:
+            Entropy: 6.332419090076251
+            Virtual Size: '0x25fc'
+        .rdata:
+            Entropy: 4.042106979727347
+            Virtual Size: '0x194'
+        .data:
+            Entropy: 0.9185644431995964
+            Virtual Size: '0x40'
+        INIT:
+            Entropy: 5.440242429774388
+            Virtual Size: '0x448'
+        .rsrc:
+            Entropy: 3.5165348803600867
+            Virtual Size: '0x3b0'
+        .reloc:
+            Entropy: 5.262723438442423
+            Virtual Size: '0x1d2'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2011-04-15 03:21:16'
+    InternalName: ComputerZ.Sys
+    Copyright: "\u7248\u6743\u6240\u6709 (C) 2010-2011 360.cn"
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - IoGetDeviceProperty
+    - RtlCompareUnicodeString
+    - ObfDereferenceObject
+    - IoGetDeviceAttachmentBaseRef
+    - PsGetVersion
+    - MmIsAddressValid
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - RtlAnsiStringToUnicodeString
+    - RtlInitAnsiString
+    - KeWaitForSingleObject
+    - IofCallDriver
+    - IoBuildDeviceIoControlRequest
+    - KeInitializeEvent
+    - MmUnmapIoSpace
+    - READ_REGISTER_BUFFER_UCHAR
+    - MmMapIoSpace
+    - READ_REGISTER_BUFFER_ULONG
+    - WRITE_REGISTER_ULONG
+    - WRITE_REGISTER_UCHAR
+    - KeSetTimer
+    - KeInitializeTimerEx
+    - _allmul
+    - SeReleaseSubjectContext
+    - SeTokenIsAdmin
+    - SeCaptureSubjectContext
+    - KeTickCount
+    - KeBugCheckEx
+    - RtlUnwind
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=CN, ST=Sichuan, L=Chengdu, O=Chengdu Qiying Technology Co.,Ltd.,
+                OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=Chengdu
+                Qiying Technology Co.,Ltd.
+            ValidFrom: '2011-03-24 00:00:00'
+            ValidTo: '2012-04-21 23:59:59'
+            Signature: cd066ca62f5db4c9ca07274bc3f10d7e1e9a9beb90957073cfd2fd65e8bfd419db87e5fcf772c2b099bdff5de2412caa65069a5502a69ecaf6ad4659e901a8837c2bfd3bd81ea1305378c81d53cc4384010bf48d51c86f43586f22e546e41df4f5dc7f5cb73a24f7da0661c38eca09982e8fe91275f412aacec0842ce28efeb295c88ad1c74fcdbd744ec90640da8620ba02e7a2ab4857c8fccaf7de1268e513b8bbac9407f0a9fa59194d70659e46111ab4cd5f1fce1b97c663ceea671c055659e1d24cbe3f4cfb366ecc89f350f1a54eb1fcd3f5dbfc0efef9cb4b0e71996a94aaa92380859fa92371593420e258d0a14d09dc9bfd6c4b528c83d439b44abf
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 4eb872f0c388229ae038b56303fcfdd5
+            Version: 3
+            TBS:
+                MD5: 08ba4b408576a45f9ae47b3bb6bee468
+                SHA1: 8701103a3c6f007be112d5f0d1cdfe32f73d1c02
+                SHA256: 8ba1e1472491da70d5de5d5b6e754d3217893f3abea2877e228c0bfccf07e8b2
+                SHA384: d63bb928f6a887680169cb72c13b8a402c574766848035406c9fb119643f7f7a04852ccdfbddf0ff673d7189e4aa09f4
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 4eb872f0c388229ae038b56303fcfdd5
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: ludashi.com
+    Date: ''
+    Description: Ludashi System Driver
+    FileVersion: 1.1020.1030.1217
+    Filename: ''
+    MD5: 8a973be665923e9708974e72228f9805
+    MachineType: I386
+    OriginalFilename: ComputerZ.Sys
+    Product: "\u9C81\u5927\u5E08"
+    ProductVersion: 1.1020.1030.1217
+    Publisher: ''
+    SHA1: 34b2986f1ff5146f7145433f1ef5dfe6210131d0
+    SHA256: 3f3684a37b2645fa6827943d9812ffc2d83e89e962935b29874bec7c3714a06f
+    Signature: ''
+    Imphash: 050d389675730da0d9d75367659cd53b
+    Authentihash:
+        MD5: 98e90e61976ed80c2d4db4e949ccb4dd
+        SHA1: c8b1dcdb8c29435c60b5c1e7ebaa399637c880a7
+        SHA256: e4f90ded38e11860497b9d0290bcf93a6bcb48e836b334010894a2de865b148c
+    RichPEHeaderHash:
+        MD5: d1a79229c378e2371e92e26510f9d7dc
+        SHA1: 59d47b012da8415f780a06d0204294a48affa1ab
+        SHA256: cc6c4013bb762de8a20b4e2f725a9388fab9c386c3e86a5e30c1cc4429c6a525
+    Sections:
+        .text:
+            Entropy: 6.304794231575882
+            Virtual Size: '0x3bac'
+        .rdata:
+            Entropy: 4.036978756000567
+            Virtual Size: '0x1b4'
+        .data:
+            Entropy: 0.5154246727248383
+            Virtual Size: '0xd0'
+        INIT:
+            Entropy: 5.472409663915438
+            Virtual Size: '0x492'
+        .rsrc:
+            Entropy: 3.530874948502931
+            Virtual Size: '0x3e0'
+        .reloc:
+            Entropy: 5.920309756075584
+            Virtual Size: '0x2d8'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2020-12-17 03:08:52'
+    InternalName: ComputerZ.Sys
+    Copyright: "\u7248\u6743\u6240\u6709 (C) 2010-2020 www.ludashi.com"
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - RtlGetVersion
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - IoGetDeviceProperty
+    - _wcsicmp
+    - ObfDereferenceObject
+    - IoGetDeviceAttachmentBaseRef
+    - PsGetVersion
+    - memset
+    - MmIsAddressValid
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - RtlAnsiStringToUnicodeString
+    - RtlInitAnsiString
+    - KeWaitForSingleObject
+    - IofCallDriver
+    - IofCompleteRequest
+    - KeInitializeEvent
+    - MmUnmapIoSpace
+    - READ_REGISTER_BUFFER_UCHAR
+    - MmMapIoSpace
+    - READ_REGISTER_BUFFER_ULONG
+    - WRITE_REGISTER_ULONG
+    - WRITE_REGISTER_UCHAR
+    - KeDelayExecutionThread
+    - _allmul
+    - SeReleaseSubjectContext
+    - SeTokenIsAdmin
+    - SeCaptureSubjectContext
+    - KeTickCount
+    - KeBugCheckEx
+    - RtlUnwind
+    - RtlInitUnicodeString
+    - IoDeleteSymbolicLink
+    - IoBuildDeviceIoControlRequest
+    - IoDeleteDevice
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    - KeStallExecutionProcessor
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID Root CA
+            ValidFrom: '2011-04-15 19:41:37'
+            ValidTo: '2021-04-15 19:51:37'
+            Signature: 5cf5b22d02ceed01b53512d813f7aa4014c7a15ca08a55ed7e55ea6ac457176fd04722423658efc5ac61c5f62c52ce6ae6c80d85dab334420ea40225182672b92a4ea57e4b16f2a0e40c449ce24d9af474f0f927a6699031c244654348c74869d0fc8409f286140ac22996857f11eb8713176ed3ec6bff1d578ab17b1ea5a07ce9a27a68e5fac6b161d67263fa379163835599f81d614f0c6fa3f7bcb1152acc8d85e31417ef7e49443fb022c0f0acbe2fdbe10c86b0f4585c5a10a94bcdf3448a4652083e0a6210e9459504b78b8d4b074f500db7bbe7fb8ca27878c6c53b7663b2cfe521845a66fce04c79834ecfa8ee700586587cc29cd73ca3ad3c7e76625c87d0ed7cd5c55b1421f4be75a275d2e9e15ad020307841624d6b5e6e1b1710244ad8588775d015d762bbfd185665842561977faad49df4f35d6da031c2e19e02ac3e90c3327ee832903416d08b14cf95accee58c54a265b8bfed186a57073ed3e79a4a2f081a041c49871a8ae61b08a365d81c31c50d9cbab368ddf45076160675fec403e7d13edfdc862e10027e661296534e7af3365879b12042d8963f35be3f8ef2999743f5e40ce13c68728c8d49d75a52b573fb7a35943a61b08482c04885c19732d39b725fa0d2348f7ef0467cf28c7294c707b0d7b5b230b81965f09c8327b0a0abd0a2727e050fb3aeddb95b9b42bcc32663456b86f11d4643edc8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611cb28a000000000026
+            Version: 3
+            TBS:
+                MD5: 983a0c315a50542362f2bd6a5d71c8d0
+                SHA1: 8047f476001f5cb16a661d2a3fd0c3576168f5e2
+                SHA256: 5f6a519ed2e35cd0fa1cdfc90f4387162c36287bbf9e4d6648251d99542a9e83
+                SHA384: 5f014b60511ddab3247ef0b3c03fe82c622237ba76015e2911d1adc50dc632d56ebd1ee532f3c2b6cbfe68d80a2c91dc
+        -   Subject: C=CN, ST=, L=, O=, CN=
+            ValidFrom: '2020-09-22 00:00:00'
+            ValidTo: '2021-11-03 12:00:00'
+            Signature: 13db2c81c633c1bcbd24583f4cad5f4bd0232e41c522e305508be512b31dfbd3044c237481ea96acab73c7546abe77305354ac011394026846c10cb34e86a768e44d8b5926558ec8cf18819016b9385e80097f0c6ec6475812391baf984d0f1989ac661dde4c29576e53b512e14541d5ae061282063d2c78a93203a58ccbd1890ebaf9021e37f9f445ca35eaecede3a9cb7eda7298521e98a9700128085b6ed12a1580a0aa1e9154c2b7987dd98bbecae3878cd5b81dcb859c1373058dc0aa5cde4cfd1ab33a65d380eb29848de8ce003c5e013d694ad5bc4a5eaa88b16dd590d059a4efe8dc4e65073e1a91ae76cdcecf24070a4a674985bafc7bf6dd976040
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03fd3e81a23e67968baf999b7a1b3bbc
+            Version: 3
+            TBS:
+                MD5: f59257898e29705841730d2e5f7360e2
+                SHA1: 366a61045b4c61e4f763413993da98b2d1122d89
+                SHA256: e3079aa603102d9040e6f1d637b95d13e7c94cec366637a99abd629711cc681c
+                SHA384: 1876b057e7b177bca4d184d0e9ee2510c706e8e6b85d1e5aea268823d0bf1d59637c0eb343d913a147643ef2298854d0
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 7b721d64ff88c83ac1b7e9e7a9c487bbdb9492d7905933fa2b87dea85b80253f138f9b831b7c43c4e68cdf393ec315ecb0da3b21257b24c1725db84791811346fa9c3f6a5138deb425cbf0abdfc528015479104624d1380f26a161904dbabd28e63ff1c4aa9bf6da35534fc9f23dd36cdc23edaaa04d6709f33a803d3cfb364c90e776a4ddf23abf56352fa24c65e8e0d4dad1c7c8916a2d234f373b199418d4d59c103cd5b11c19ff8fc86b9b9ef8ae9c999678d1cd9c51155b4226725a8d0a4a239240e886de22c2933ad49b68a6df297f06b93c0ebd9fc4869c82474271328609997209794b9d7169f541ff7f397764f1848dbe8b1eb27d68a3a590b10cff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0fa8490615d700a0be2176fdc5ec6dbd
+            Version: 3
+            TBS:
+                MD5: a9a31555bbc92b6033975c5428fb3679
+                SHA1: 47f4b9898631773231b32844ec0d49990ac4eb1e
+                SHA256: c826846e4b1d73edb7561ab1b41c949354e237a91e82fe1be5b7e2e1701f52d1
+                SHA384: 86f49574f368a561914a52d7ae043ec6784ef8c718960700f834e123594605d25d39f1ad45f1eb5052c9567f3edd0e16
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 03fd3e81a23e67968baf999b7a1b3bbc
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID Code Signing CA,1
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: 360.cn
+    Date: ''
+    Description: Ludashi System Driver
+    FileVersion: 1.6.14.1022
+    Filename: ''
+    MD5: 0d123be07e2dfd2b2ade49ad2a905a5b
+    MachineType: I386
+    OriginalFilename: ComputerZ.Sys
+    Product: "\u9C81\u5927\u5E08"
+    ProductVersion: 1.6.14.1021
+    Publisher: ''
+    SHA1: c74f6293be68533995e4b95469e6dddedd1c3905
+    SHA256: 40eef1f52c7b81750cee2b74b5d2f4155d4e58bdde5e18ea612ab09ed0864554
+    Signature: ''
+    Imphash: f9b9487f25a2c1e08c02f391387c5323
+    Authentihash:
+        MD5: 91540db08dc5242983241c8cd8979178
+        SHA1: 8db33a31ff39917a4dbd0ed5a2b785cf751ec862
+        SHA256: 811f82960814c21949534fc1808e341a5b22caf52a094e5e427dac3aa6c7aa73
+    RichPEHeaderHash:
+        MD5: 7fc550aec15fd6621ba15e6f0c8d0b43
+        SHA1: 231a47a21f97fb57cdca08ba5a88d86f15920c2e
+        SHA256: 2d878af22eeafbfa7f8d8a40ca040a55f5c294ef7d7e93e7505d1fb2691880d2
+    Sections:
+        .text:
+            Entropy: 6.341617339803296
+            Virtual Size: '0x2c20'
+        .rdata:
+            Entropy: 4.045541622895057
+            Virtual Size: '0x194'
+        .data:
+            Entropy: 0.9395563653739029
+            Virtual Size: '0x64'
+        INIT:
+            Entropy: 5.471916387889967
+            Virtual Size: '0x448'
+        .rsrc:
+            Entropy: 3.552352662648348
+            Virtual Size: '0x480'
+        .reloc:
+            Entropy: 5.46903370349161
+            Virtual Size: '0x206'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2014-04-17 21:58:31'
+    InternalName: ComputerZ.Sys
+    Copyright: "\u7248\u6743\u6240\u6709 (C) 2010-2014 www.ludashi.com"
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - IoGetDeviceProperty
+    - RtlCompareUnicodeString
+    - ObfDereferenceObject
+    - IoGetDeviceAttachmentBaseRef
+    - PsGetVersion
+    - MmIsAddressValid
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - RtlAnsiStringToUnicodeString
+    - RtlInitAnsiString
+    - KeWaitForSingleObject
+    - IofCallDriver
+    - IoBuildDeviceIoControlRequest
+    - KeInitializeEvent
+    - MmUnmapIoSpace
+    - READ_REGISTER_BUFFER_UCHAR
+    - MmMapIoSpace
+    - READ_REGISTER_BUFFER_ULONG
+    - WRITE_REGISTER_ULONG
+    - WRITE_REGISTER_UCHAR
+    - KeSetTimer
+    - KeInitializeTimerEx
+    - _allmul
+    - SeReleaseSubjectContext
+    - SeTokenIsAdmin
+    - SeCaptureSubjectContext
+    - KeTickCount
+    - KeBugCheckEx
+    - RtlUnwind
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited,
+                CN=COMODO Time Stamping Signer
+            ValidFrom: '2010-05-10 00:00:00'
+            ValidTo: '2015-05-10 23:59:59'
+            Signature: c8fb63f80b75752c3af1f213a72db6a31a9cad0107d3348e77e0c26eae025d484fa4d221b636fd2a35437c6bdf80870b15f0763200b4ceb567a42f2f201b9c549e833f1f5f149562820f2241221f70b3f3f742de6c51cd4bf821ac9b3b8cb1e5e6288fce2a8af9aa524d8c5b77ba4d5a58dbbb6a04cc521e9de228370ebbe70e91c7f8dbf18198ebcd37b30eab65d362ec3aa576eb13a83593c92e0a01ecc0e8cc3d7eb6ebe2c1ecd3149282668750dcfd5097acb34a767306c486113ab35f4304526feab3d074364ccaf11b7984377063ad74b9aa0ef398b08608ebdbe01f8c10f239649bae4f0a2c928a4f18b591e58d1a935f1faef1a6f02e97d0d2f62b3c
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 478a8efb59e1d83f0ce142d2a28707be
+            Version: 3
+            TBS:
+                MD5: f13ede9179075999ef7f856ec31e364b
+                SHA1: 2f09867166e6107e17808317f5c8d4ee157f45bc
+                SHA256: 089a2c4c6ac7432020acdb65c33bf39130da6f37c002ba79128bd4c94e4fa101
+                SHA384: 67be6d358f4ecd0726163603a404db9d78c340951d43fd608482cd89a2de7f9566f0ce45f8222f420003157cb266b939
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=CN, ST=Beijing, L=Beijing, O=Qihoo 360 Software (Beijing) Company
+                Limited, OU=Digital ID Class 3 , Microsoft Software Validation v2,
+                OU=Tech. Dev. Dept., CN=Qihoo 360 Software (Beijing) Company Limited
+            ValidFrom: '2013-03-11 00:00:00'
+            ValidTo: '2016-03-10 23:59:59'
+            Signature: b1e984808fbc7d3658d18d137c68f1277611af3e98408e495fd55de202bc04f7dc44ae362658e6b5f9dd97b5b383b94723bae937b8fb9e75bb92317a85bcee1989c90c318216da71629f3147ae647502e71e360d16b7cf7006927282265eb0014300650595d1cccc07ed28d9df246055981cec3485bc3173aef9b76912a6cbb2766fa5363e1fc0a91d4679db92e1e1b8dc84e1a14de55324d522670f9e574714b2959ea7a89db456e3debd34d35bbe6403389421ac76615e4ce194990b325132fa62279f31e86fb7043627343fef7118672d5f1ce4666a594d746bb3c69bf123f27c6cb24079fc490a382286d4e85fc118ca9a4612dda448b84a25bcd0fa2cf1
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 51bd5d8e45b82a0210f17fe4c5233468
+            Version: 3
+            TBS:
+                MD5: ad73c81b3174cc055d9718b2145a3d1f
+                SHA1: 0cb9e92828857976774a9fe96c016cdc67a25e6d
+                SHA256: 2c5d88401dfeec2ebf814e09d0d0faec9d109a503d427da4a7f3e0dec5ae0b6c
+                SHA384: 48c38329eb7f200be0d48acddabdb93c354dd1b8b3c3ce955a23638a4e2e32dd7d0f3a4f227a2b6382adc95e746cc411
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 51bd5d8e45b82a0210f17fe4c5233468
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: ludashi.com
+    Date: ''
+    Description: Ludashi System Driver
+    FileVersion: 1.6.16.1005
+    Filename: ''
+    MD5: 2751c7fd7f09479fa2b15168695adebc
+    MachineType: I386
+    OriginalFilename: ComputerZ.Sys
+    Product: "\u9C81\u5927\u5E08"
+    ProductVersion: 1.6.16.1005
+    Publisher: ''
+    SHA1: 229716e61f74db821d5065bac533469efb54867b
+    SHA256: 423f052690b6b523502931151dfcc63530e3bd9d79680f9b5ac033b23b5c6f18
+    Signature: ''
+    Imphash: a53b095a8d7366075d445892070cde51
+    Authentihash:
+        MD5: 9e942fef50fc9b5d806b205e5f58fd52
+        SHA1: dc05788d55803c417369bf42491f78bad6fdb139
+        SHA256: 10576dad4928b01c21ecd2ed9914abba8bf4edae964d5d9d3c0d64ec7657f3d3
+    RichPEHeaderHash:
+        MD5: 36d79e4bc2a15ca68d83887d15f8f3b0
+        SHA1: 8ae8df369a94635efe2cd11c5a54829a352887c5
+        SHA256: c7e19135c0e8c6b70db667044a45444ec135e550845f32f0b49fa08cfe0a9e7e
+    Sections:
+        .text:
+            Entropy: 6.308380539521111
+            Virtual Size: '0x3480'
+        .rdata:
+            Entropy: 4.079851535781263
+            Virtual Size: '0x1a4'
+        .data:
+            Entropy: 0.6683247346784849
+            Virtual Size: '0x98'
+        INIT:
+            Entropy: 5.453732397752759
+            Virtual Size: '0x4b4'
+        .rsrc:
+            Entropy: 3.5694600740980404
+            Virtual Size: '0x488'
+        .reloc:
+            Entropy: 5.771234247296874
+            Virtual Size: '0x286'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2016-04-18 20:27:25'
+    InternalName: ComputerZ.Sys
+    Copyright: "\u7248\u6743\u6240\u6709 (C) 2010-2016 www.ludashi.com"
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IofCompleteRequest
+    - RtlGetVersion
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - IoGetDeviceProperty
+    - RtlCompareUnicodeString
+    - ObfDereferenceObject
+    - IoGetDeviceAttachmentBaseRef
+    - PsGetVersion
+    - MmIsAddressValid
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - RtlAnsiStringToUnicodeString
+    - RtlInitAnsiString
+    - KeWaitForSingleObject
+    - RtlInitUnicodeString
+    - IoBuildDeviceIoControlRequest
+    - KeInitializeEvent
+    - MmUnmapIoSpace
+    - READ_REGISTER_BUFFER_UCHAR
+    - MmMapIoSpace
+    - READ_REGISTER_BUFFER_ULONG
+    - WRITE_REGISTER_ULONG
+    - WRITE_REGISTER_UCHAR
+    - KeSetTimer
+    - KeInitializeTimerEx
+    - _allmul
+    - SeReleaseSubjectContext
+    - SeTokenIsAdmin
+    - SeCaptureSubjectContext
+    - KeTickCount
+    - KeBugCheckEx
+    - RtlUnwind
+    - IoDeleteSymbolicLink
+    - IofCallDriver
+    - IoDeleteDevice
+    - HalGetBusDataByOffset
+    - HalSetBusDataByOffset
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=CN, ST=Beijing, L=Beijing, O=Qihoo 360 Software (Beijing) Company
+                Limited, OU=Tech. Dev. Dept., CN=Qihoo 360 Software (Beijing) Company
+                Limited
+            ValidFrom: '2016-01-06 00:00:00'
+            ValidTo: '2019-03-28 23:59:59'
+            Signature: 14deff13d888b68e8fe51fe761e94a08cc7e9223861f3cf61f51f8629fc2011ae3a3b5af2efaea5120a92b16a2e3da99181ce1a741fb2cfb8dcd78c869ad25911476c9e2bcb28159a9161851e3e46c2828ca7f89bd36b454e49ef28a6d87563bced3277710e9147ec817efd71301e868158e2c9d7a6310f112134054629047fe8637cf4fe1c21a0ad29b388f0031a1e13e4f9b06dc81351d8de4bf8fc9adf748105315d0f67c9c4e391f42abdb51877347685bc072e3bb649899bb8b4697f6d48269a53576fa82f3e0a9552c03b645c07f832ddf3545877ac64f8610d861d54e3ec1c09f3586f1b78564a618e3c761409ac9c84d0a9c8cbaba46d7b11cba1dfb
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 26279f0f2f11970dccf63eba88f2d4c4
+            Version: 3
+            TBS:
+                MD5: fbebdc165d8f4616444075e0a48855e6
+                SHA1: f6bf44f1acae05fc1638190459485da95f4ed1ec
+                SHA256: 6917dc56b04b2bd7a75f0987ee27c832dc62298b698b585a4c2c07eb890b6528
+                SHA384: c857fb61de8d13e1ac649fbaa4d69acd293d8542cd380411db8bbe2fdc3b9d98c607d0d267081fac285dd33e9141f329
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 26279f0f2f11970dccf63eba88f2d4c4
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: ludashi.com
+    Date: ''
+    Description: Ludashi System Driver
+    FileVersion: 1.6.16.1000
+    Filename: ''
+    MD5: 15dd3ef7df34f9b464e9b38c2deb0793
+    MachineType: I386
+    OriginalFilename: ComputerZ.Sys
+    Product: "\u9C81\u5927\u5E08"
+    ProductVersion: 1.6.16.1000
+    Publisher: ''
+    SHA1: 88811e1a542f33431b9f8b74cb8bf27209b27f17
+    SHA256: 468b087a0901d7bd971ab564b03ded48c508840b1f9e5d233a7916d1da6d9bd5
+    Signature: ''
+    Imphash: 60e068470635cf20cc19b7f8e8cbfc5f
+    Authentihash:
+        MD5: a816b0ae3be265e0c94cb5c327d8b8b0
+        SHA1: 21f2c89ddef3f65f13275052865ae1fc07d0d938
+        SHA256: 448048bafeb3796bfce954dd78e1b90f5849d9b3459c51750f210da8bafb8753
+    RichPEHeaderHash:
+        MD5: 36d79e4bc2a15ca68d83887d15f8f3b0
+        SHA1: 8ae8df369a94635efe2cd11c5a54829a352887c5
+        SHA256: c7e19135c0e8c6b70db667044a45444ec135e550845f32f0b49fa08cfe0a9e7e
+    Sections:
+        .text:
+            Entropy: 6.347659623346448
+            Virtual Size: '0x3370'
+        .rdata:
+            Entropy: 4.08913757037624
+            Virtual Size: '0x1a4'
+        .data:
+            Entropy: 0.6683247346784849
+            Virtual Size: '0x98'
+        INIT:
+            Entropy: 5.454359380727977
+            Virtual Size: '0x4b4'
+        .rsrc:
+            Entropy: 3.56231919573584
+            Virtual Size: '0x488'
+        .reloc:
+            Entropy: 5.745697158903053
+            Virtual Size: '0x27e'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2016-02-26 01:48:30'
+    InternalName: ComputerZ.Sys
+    Copyright: "\u7248\u6743\u6240\u6709 (C) 2010-2016 www.ludashi.com"
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - RtlGetVersion
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - IoGetDeviceProperty
+    - RtlCompareUnicodeString
+    - ObfDereferenceObject
+    - IoGetDeviceAttachmentBaseRef
+    - PsGetVersion
+    - MmIsAddressValid
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - RtlAnsiStringToUnicodeString
+    - RtlInitAnsiString
+    - KeWaitForSingleObject
+    - RtlInitUnicodeString
+    - IoBuildDeviceIoControlRequest
+    - KeInitializeEvent
+    - MmUnmapIoSpace
+    - READ_REGISTER_BUFFER_UCHAR
+    - MmMapIoSpace
+    - READ_REGISTER_BUFFER_ULONG
+    - WRITE_REGISTER_ULONG
+    - WRITE_REGISTER_UCHAR
+    - KeSetTimer
+    - KeInitializeTimerEx
+    - _allmul
+    - SeReleaseSubjectContext
+    - SeTokenIsAdmin
+    - SeCaptureSubjectContext
+    - KeTickCount
+    - KeBugCheckEx
+    - RtlUnwind
+    - IoDeleteSymbolicLink
+    - IofCallDriver
+    - IoDeleteDevice
+    - HalGetBusDataByOffset
+    - HalSetBusDataByOffset
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=CN, ST=Beijing, L=Beijing, O=Qihoo 360 Software (Beijing) Company
+                Limited, OU=Tech. Dev. Dept., CN=Qihoo 360 Software (Beijing) Company
+                Limited
+            ValidFrom: '2016-01-06 00:00:00'
+            ValidTo: '2019-03-28 23:59:59'
+            Signature: 14deff13d888b68e8fe51fe761e94a08cc7e9223861f3cf61f51f8629fc2011ae3a3b5af2efaea5120a92b16a2e3da99181ce1a741fb2cfb8dcd78c869ad25911476c9e2bcb28159a9161851e3e46c2828ca7f89bd36b454e49ef28a6d87563bced3277710e9147ec817efd71301e868158e2c9d7a6310f112134054629047fe8637cf4fe1c21a0ad29b388f0031a1e13e4f9b06dc81351d8de4bf8fc9adf748105315d0f67c9c4e391f42abdb51877347685bc072e3bb649899bb8b4697f6d48269a53576fa82f3e0a9552c03b645c07f832ddf3545877ac64f8610d861d54e3ec1c09f3586f1b78564a618e3c761409ac9c84d0a9c8cbaba46d7b11cba1dfb
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 26279f0f2f11970dccf63eba88f2d4c4
+            Version: 3
+            TBS:
+                MD5: fbebdc165d8f4616444075e0a48855e6
+                SHA1: f6bf44f1acae05fc1638190459485da95f4ed1ec
+                SHA256: 6917dc56b04b2bd7a75f0987ee27c832dc62298b698b585a4c2c07eb890b6528
+                SHA384: c857fb61de8d13e1ac649fbaa4d69acd293d8542cd380411db8bbe2fdc3b9d98c607d0d267081fac285dd33e9141f329
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 26279f0f2f11970dccf63eba88f2d4c4
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: 360.cn
+    Date: ''
+    Description: Ludashi System Driver
+    FileVersion: 1.6.11.1008
+    Filename: ''
+    MD5: 0fbf893691a376b168d8cdf427b89945
+    MachineType: AMD64
+    OriginalFilename: ComputerZ.Sys
+    Product: "360\u786C\u4EF6\u5927\u5E08"
+    ProductVersion: 1.6.11.1008
+    Publisher: ''
+    SHA1: 98600e919b8579d89e232a253d7277355b652750
+    SHA256: 47c490cc83a17ff36a1a92e08d63e76edffba49c9577865315a6c9be6ba80a7d
+    Signature: ''
+    Imphash: fffbca93e6322995552b841c7d65b033
+    Authentihash:
+        MD5: 8289ff20bf4f317bec672811f31b301a
+        SHA1: ae373bd5efa1d240b8a0a9c02dd9aa28313e39e5
+        SHA256: da99d80082f3492080cd036d121d6d017b9e8d09edcd59e099b1755aa7e9be16
+    RichPEHeaderHash:
+        MD5: c6a84fd8b9ad9825f80dad9cd0c9e192
+        SHA1: 2955d54729fcdec5454796a4decd2ce2fd49f167
+        SHA256: d409b635f972a6ced87c5ac14d62792a70f26f226099fc41075fbcea4daf6f29
+    Sections:
+        .text:
+            Entropy: 6.337985452252188
+            Virtual Size: '0x283e'
+        .rdata:
+            Entropy: 4.64724214111085
+            Virtual Size: '0x308'
+        .data:
+            Entropy: 0.41099431917639
+            Virtual Size: '0x164'
+        .pdata:
+            Entropy: 3.820847865098973
+            Virtual Size: '0x180'
+        INIT:
+            Entropy: 5.095356237769951
+            Virtual Size: '0x470'
+        .rsrc:
+            Entropy: 3.527424727145746
+            Virtual Size: '0x3b0'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2011-10-07 22:15:32'
+    InternalName: ComputerZ.Sys
+    Copyright: "\u7248\u6743\u6240\u6709 (C) 2010-2011 360.cn"
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - IoGetDeviceAttachmentBaseRef
+    - PsGetVersion
+    - RtlCompareUnicodeString
+    - ObfDereferenceObject
+    - IoGetDeviceProperty
+    - RtlAnsiStringToUnicodeString
+    - RtlInitAnsiString
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - MmIsAddressValid
+    - IoBuildDeviceIoControlRequest
+    - KeInitializeEvent
+    - KeWaitForSingleObject
+    - IofCallDriver
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - SeTokenIsAdmin
+    - SeReleaseSubjectContext
+    - SeCaptureSubjectContext
+    - KeSetTimer
+    - KeInitializeTimerEx
+    - KeBugCheckEx
+    - __C_specific_handler
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=CN, ST=Sichuan, L=Chengdu, O=Chengdu Qiying Technology Co.,Ltd.,
+                OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=Chengdu
+                Qiying Technology Co.,Ltd.
+            ValidFrom: '2011-03-24 00:00:00'
+            ValidTo: '2012-04-21 23:59:59'
+            Signature: cd066ca62f5db4c9ca07274bc3f10d7e1e9a9beb90957073cfd2fd65e8bfd419db87e5fcf772c2b099bdff5de2412caa65069a5502a69ecaf6ad4659e901a8837c2bfd3bd81ea1305378c81d53cc4384010bf48d51c86f43586f22e546e41df4f5dc7f5cb73a24f7da0661c38eca09982e8fe91275f412aacec0842ce28efeb295c88ad1c74fcdbd744ec90640da8620ba02e7a2ab4857c8fccaf7de1268e513b8bbac9407f0a9fa59194d70659e46111ab4cd5f1fce1b97c663ceea671c055659e1d24cbe3f4cfb366ecc89f350f1a54eb1fcd3f5dbfc0efef9cb4b0e71996a94aaa92380859fa92371593420e258d0a14d09dc9bfd6c4b528c83d439b44abf
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 4eb872f0c388229ae038b56303fcfdd5
+            Version: 3
+            TBS:
+                MD5: 08ba4b408576a45f9ae47b3bb6bee468
+                SHA1: 8701103a3c6f007be112d5f0d1cdfe32f73d1c02
+                SHA256: 8ba1e1472491da70d5de5d5b6e754d3217893f3abea2877e228c0bfccf07e8b2
+                SHA384: d63bb928f6a887680169cb72c13b8a402c574766848035406c9fb119643f7f7a04852ccdfbddf0ff673d7189e4aa09f4
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 4eb872f0c388229ae038b56303fcfdd5
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: "\u9C81\u5927\u5E08"
+    Date: ''
+    Description: Ludashi System Driver
+    FileVersion: 1.3.10.802
+    Filename: ''
+    MD5: 4f963d716a60737e5b59299f00daf285
+    MachineType: AMD64
+    OriginalFilename: ComputerZ.Sys
+    Product: Ludashi System Driver
+    ProductVersion: 1.3.10.802
+    Publisher: ''
+    SHA1: 879b32fcf78044cbc74b57717ab3ae18e77bc2fb
+    SHA256: 5aee1bae73d056960b3a2d2e24ea07c44358dc7bc3f8ac58cc015cccc8f8d89c
+    Signature: ''
+    Imphash: 223a76f59831e1a59980b603f81c271d
+    Authentihash:
+        MD5: 774176c8bcad0347dc02365e2992cb35
+        SHA1: 2691b12459cd8daecd942385ca64d8313ea78332
+        SHA256: fb3176deae54472750747167287284c3cda5e14248ee10844305f322adcb81cd
+    RichPEHeaderHash:
+        MD5: f7bc3e823b56dda64b7a8789aa87612d
+        SHA1: 97b834dc6972d075c125b943de783fe4e8c7a503
+        SHA256: fef8ed434cfdce3a7a1e00bf4fa8a056dd28b93390c64443255f6d69d48ccfc6
+    Sections:
+        .text:
+            Entropy: 5.84076554645177
+            Virtual Size: '0xf44'
+        .rdata:
+            Entropy: 4.463998880670284
+            Virtual Size: '0x2ac'
+        .data:
+            Entropy: 0.5159719988134768
+            Virtual Size: '0x110'
+        .pdata:
+            Entropy: 3.6135610041122836
+            Virtual Size: '0xfc'
+        INIT:
+            Entropy: 4.947977722302833
+            Virtual Size: '0x322'
+        .rsrc:
+            Entropy: 3.454357960132574
+            Virtual Size: '0x3e8'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2010-08-02 02:58:46'
+    InternalName: ComputerZ.Sys
+    Copyright: Copyright (C) 2008-2010 www.ludashi.com
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - __C_specific_handler
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - RtlFreeUnicodeString
+    - ObfDereferenceObject
+    - MmIsAddressValid
+    - IoGetDeviceObjectPointer
+    - RtlAnsiStringToUnicodeString
+    - RtlInitAnsiString
+    - PsGetVersion
+    - KeWaitForSingleObject
+    - IofCallDriver
+    - IoBuildDeviceIoControlRequest
+    - KeInitializeEvent
+    - KeBugCheckEx
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=CN, ST=Sichuan, L=Chengdu, O=Chengdu Qiying Technology Co.,Ltd.,
+                OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=Chengdu
+                Qiying Technology Co.,Ltd.
+            ValidFrom: '2010-03-31 00:00:00'
+            ValidTo: '2011-03-31 23:59:59'
+            Signature: 1faadccc76ce27891191f3b98a4feaac1220aa61f9a07540f1de38346f466d20bb5ecda07db57aaffc5b472a5d47f928fb717b5d407aff12311fe9cac2daa7fca057a85d34058cf2c02ae2c5168e7f99c7d065b9cd2ac1beda4c9d7fdf0caf7030b821b71bae2a0d17ccbc829b469407cddec7a1fbf93d8c0364b79231b978b227ea09dc6be8d83da1b430c6a1945254bdc987341ac9bccc93c74eb006e9960a38e74815a549617678b00857098adbac42783d88babc75de8e1569fe05b4c74a79e2e423e296b4f1585db891a257dd4b82167cbc8efcd6ae322c0d778036a8fd4b549e736ba03dff6c3a8835b9279fab3639b610554c87bfa6630d8b7a07e6c3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 61359ac44514d781769fd643666b4572
+            Version: 3
+            TBS:
+                MD5: 416fc5d0038211bf34811efeff6d562f
+                SHA1: e0acbd39e2fa410a22c96e2a3eaea4342a626f40
+                SHA256: 843e587edb9c53b2fbbf84cd90b217af016da1330905b25c16bb059a26b5726e
+                SHA384: 1a1167bbac2b00e60c10a4c1dc1d0f5105c42582b1a39e05a1d60710d97a24c6ff76fe73700f0fb0e1e03f27aebb7697
+        Signer:
+        -   SerialNumber: 61359ac44514d781769fd643666b4572
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: "\u9C81\u5927\u5E08"
+    Date: ''
+    Description: Ludashi System Driver
+    FileVersion: 1.3.10.1110
+    Filename: ''
+    MD5: 931d4f01b5a88027ef86437f1b862000
+    MachineType: AMD64
+    OriginalFilename: ComputerZ.Sys
+    Product: Ludashi System Driver
+    ProductVersion: 1.3.10.1110
+    Publisher: ''
+    SHA1: a14d96b65d3968181d57b57ee60c533cb621b707
+    SHA256: 5c80dc051c4b0c62b9284211f71e5567c0c0187e466591eacb93e7dc10e4b9ab
+    Signature: ''
+    Imphash: 27db67ffa112f866f1d34c32226e09cf
+    Authentihash:
+        MD5: 3b253d28bd35fc413cf6f32fcf2b991d
+        SHA1: d45c92707664f70a1f537833187dd42cb381470d
+        SHA256: 28bac5dbcdd887f35f8fef454d5df1f53c18a90c51d8222636f487a0f351f725
+    RichPEHeaderHash:
+        MD5: 712c9acf9249f9b6194f890ef2c4677e
+        SHA1: 4db43c2a0f66a029cd8f5df58124ac8f43b4437b
+        SHA256: 617aebfb52124be4fe9394332dc751e1c916480a1fa87489bcf116bdc9d97d92
+    Sections:
+        .text:
+            Entropy: 6.229518311277104
+            Virtual Size: '0x13f4'
+        .rdata:
+            Entropy: 4.406492937093676
+            Virtual Size: '0x1fc'
+        .data:
+            Entropy: 0.5159719988134768
+            Virtual Size: '0x110'
+        .pdata:
+            Entropy: 3.435198680954687
+            Virtual Size: '0x9c'
+        INIT:
+            Entropy: 4.975886532684368
+            Virtual Size: '0x31a'
+        .rsrc:
+            Entropy: 3.448470909792412
+            Virtual Size: '0x3e8'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2010-11-10 01:33:17'
+    InternalName: ComputerZ.Sys
+    Copyright: Copyright (C) 2008-2010 www.ludashi.com
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - IoBuildDeviceIoControlRequest
+    - RtlAnsiStringToUnicodeString
+    - KeInitializeEvent
+    - RtlInitAnsiString
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - KeWaitForSingleObject
+    - PsGetVersion
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - IofCallDriver
+    - KeBugCheckEx
+    - __C_specific_handler
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=CN, ST=Sichuan, L=Chengdu, O=Chengdu Qiying Technology Co.,Ltd.,
+                OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=Chengdu
+                Qiying Technology Co.,Ltd.
+            ValidFrom: '2010-03-31 00:00:00'
+            ValidTo: '2011-03-31 23:59:59'
+            Signature: 1faadccc76ce27891191f3b98a4feaac1220aa61f9a07540f1de38346f466d20bb5ecda07db57aaffc5b472a5d47f928fb717b5d407aff12311fe9cac2daa7fca057a85d34058cf2c02ae2c5168e7f99c7d065b9cd2ac1beda4c9d7fdf0caf7030b821b71bae2a0d17ccbc829b469407cddec7a1fbf93d8c0364b79231b978b227ea09dc6be8d83da1b430c6a1945254bdc987341ac9bccc93c74eb006e9960a38e74815a549617678b00857098adbac42783d88babc75de8e1569fe05b4c74a79e2e423e296b4f1585db891a257dd4b82167cbc8efcd6ae322c0d778036a8fd4b549e736ba03dff6c3a8835b9279fab3639b610554c87bfa6630d8b7a07e6c3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 61359ac44514d781769fd643666b4572
+            Version: 3
+            TBS:
+                MD5: 416fc5d0038211bf34811efeff6d562f
+                SHA1: e0acbd39e2fa410a22c96e2a3eaea4342a626f40
+                SHA256: 843e587edb9c53b2fbbf84cd90b217af016da1330905b25c16bb059a26b5726e
+                SHA384: 1a1167bbac2b00e60c10a4c1dc1d0f5105c42582b1a39e05a1d60710d97a24c6ff76fe73700f0fb0e1e03f27aebb7697
+        Signer:
+        -   SerialNumber: 61359ac44514d781769fd643666b4572
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: ludashi.com
+    Date: ''
+    Description: Ludashi System Driver
+    FileVersion: 1.6.15.1045
+    Filename: ''
+    MD5: 35493772986f610753be29121cd68234
+    MachineType: I386
+    OriginalFilename: ComputerZ.Sys
+    Product: "\u9C81\u5927\u5E08"
+    ProductVersion: 1.6.15.1045
+    Publisher: ''
+    SHA1: b2b01c728e0e8ef7b2e9040d6db9828bd4a5b48d
+    SHA256: 5c9e257c9740561b5744812e1343815e7972c362c8993d972b96a56e18c712f3
+    Signature: ''
+    Imphash: a53b095a8d7366075d445892070cde51
+    Authentihash:
+        MD5: 55f05d6f7d05be2f6570b52ee06507e1
+        SHA1: 9a861ad1b13314a3637e16b286911d54db02a4bc
+        SHA256: bcf3c0762d6600506ff3b2f13ac6d978041b0b50131b3a564a558611dd3b96df
+    RichPEHeaderHash:
+        MD5: 36d79e4bc2a15ca68d83887d15f8f3b0
+        SHA1: 8ae8df369a94635efe2cd11c5a54829a352887c5
+        SHA256: c7e19135c0e8c6b70db667044a45444ec135e550845f32f0b49fa08cfe0a9e7e
+    Sections:
+        .text:
+            Entropy: 6.3753294877462245
+            Virtual Size: '0x3190'
+        .rdata:
+            Entropy: 4.088208142934422
+            Virtual Size: '0x1a4'
+        .data:
+            Entropy: 0.6406837316805838
+            Virtual Size: '0xa0'
+        INIT:
+            Entropy: 5.453105414777541
+            Virtual Size: '0x4b4'
+        .rsrc:
+            Entropy: 3.57239965128271
+            Virtual Size: '0x488'
+        .reloc:
+            Entropy: 5.767403415227798
+            Virtual Size: '0x282'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2015-09-05 21:28:18'
+    InternalName: ComputerZ.Sys
+    Copyright: "\u7248\u6743\u6240\u6709 (C) 2010-2015 www.ludashi.com"
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IofCompleteRequest
+    - RtlGetVersion
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - IoGetDeviceProperty
+    - RtlCompareUnicodeString
+    - ObfDereferenceObject
+    - IoGetDeviceAttachmentBaseRef
+    - PsGetVersion
+    - MmIsAddressValid
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - RtlAnsiStringToUnicodeString
+    - RtlInitAnsiString
+    - KeWaitForSingleObject
+    - RtlInitUnicodeString
+    - IoBuildDeviceIoControlRequest
+    - KeInitializeEvent
+    - MmUnmapIoSpace
+    - READ_REGISTER_BUFFER_UCHAR
+    - MmMapIoSpace
+    - READ_REGISTER_BUFFER_ULONG
+    - WRITE_REGISTER_ULONG
+    - WRITE_REGISTER_UCHAR
+    - KeSetTimer
+    - KeInitializeTimerEx
+    - _allmul
+    - SeReleaseSubjectContext
+    - SeTokenIsAdmin
+    - SeCaptureSubjectContext
+    - KeTickCount
+    - KeBugCheckEx
+    - RtlUnwind
+    - IoDeleteSymbolicLink
+    - IofCallDriver
+    - IoDeleteDevice
+    - HalGetBusDataByOffset
+    - HalSetBusDataByOffset
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited,
+                CN=COMODO Time Stamping Signer
+            ValidFrom: '2015-05-05 00:00:00'
+            ValidTo: '2015-12-31 23:59:59'
+            Signature: 0dbbad60111bb5f00dcce6483a7a3e0e33dc1cb9ead620fea34dd0cc764ee818d879dfd34f9a4264238a29728a3a6c66a63c3a17a8704565c673c3d0ce8954fbac690f58b019cb869f7eb97eeb5192bf9bddebd165f0257b887cdebda5c8b51451bcc081308a85387be679fe67559387fe4fe88d0eedf37292b5c289806dd159e31d0deab138ee039d0019a5ab219b79c3ccc23e687ebdc94d694db46451fbb22874e25389ce9dfaade2dbceab7b7e064474fd0aa3c9b7a730cd49d29264f122a6b828457479e9a7ce3b33f98350947d68c01d49c760787a3c6426d5befa0a6de41ee109538fa9c523acc79d614221f02c1671493b10af2c6f1ae631f114fd6c
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 009feac811b0f16247a5fc20d80523ace6
+            Version: 3
+            TBS:
+                MD5: b6aa9cf28bcfc9f07ec1069fb425ab61
+                SHA1: ca7a166fcd53878ba5a38d4cac37c63513cfc1fa
+                SHA256: 711394fc49f8948a831f687d42ced6b18514f57786ecc6cdbc3c3eb72e568a40
+                SHA384: ca01f9c9ed4e1ddff7126b7bbf618bc8132429886ca563f86655429e928739c621b9fdea6e04a623712cbb998c5c7d77
+        -   Subject: ??=HK, ??=Private Organization, serialNumber=1848744, C=HK, ST=Hong
+                Kong, L=Hong Kong, O=QIHU 360 SOFTWARE CO. LIMITED, CN=QIHU 360 SOFTWARE
+                CO. LIMITED
+            ValidFrom: '2013-05-21 00:00:00'
+            ValidTo: '2016-05-20 23:59:59'
+            Signature: 587d78ec02924b2d33f7c5cc7040ac737c6fca831ea1f059e6a03b75fa436dee4b7ff5ac1c23878cf3427830d11a3ea28eb7e01e07866f5208f06e3f53b7804792c79d3d6ae28d86bf5389667f6bc26499ab3f426cf4ab0f25ba10e46ef47e398eeb7346bdf4c94dda781f9b8dd207d68694c24cccf6784993196d868768e64c839aaf875032fab8bc00e0e35d791b7c9d00527038d7913aba02ea1a4dca9b6058ce8189cb22bb35937213f6ce8737c2b58f621a0821e05b7d072cd7fc1907fac18804aac193183c922eba0364cc4b228c9e47ad2a593d08b7ba21e7357d957586d69497799e365d2371efa162e7ad188ac0cc3139abba389d2478b5579f0c8a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 541fda68b5e95006f2fec51bea326365
+            Version: 3
+            TBS:
+                MD5: f741ec6836bb74e2370476618157c432
+                SHA1: a392f40f4b3dc57727804cbeef660bbf9e2fbb69
+                SHA256: faf712aafed949a99bad324e153686c3e94f25ed38ecadbee3e7650f23bea634
+                SHA384: d2935b45e517522578d0a44e3654896b3dd991aef0091a60a1d22d3c695b07b4d8e9c0b36bab3b44c1fe1c12cf225f91
+        -   Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 Extended Validation Code Signing CA
+            ValidFrom: '2012-06-07 00:00:00'
+            ValidTo: '2022-06-06 23:59:59'
+            Signature: 6af31dbc5f4dde03f949491dad3d761c96ba1b43e6f48602427578c70cc2e59dc4344f0ea9e94ab4be418487eaf487b44cdb10493bf7df1590ba84f8b747eb5b6550f3a34a7110167b1ce1f5d6edbf50566ff899b3a951b646aec697e0e79b0c153ebb287b31a300f32e8b8748128982ef095f490c909ec8f696a37b9a7513c847f03e3f6f0b50296c2b784c30fce4600c1340d63875a9077964fdca3ce4ef48930be00a48ff076b3b0283d166d5b9e198f40e9f69c42e552e01967d7e840c80767536cbfd4661f469cc1a9d642bba046ee91152da1299a15ab083c4bc4780a6274d007a36033cbe619863cb9f05ee8085eedd9592f7ee50d463dc8fa42479bf
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 6c59efa9e100e10ee306ba8fe0292559
+            Version: 3
+            TBS:
+                MD5: cc806ac6ce6822cccc165d63c1b8fa37
+                SHA1: 261a24e7b2648867017e7e852258ef87ab84c5f1
+                SHA256: a8b0af15f217006b33f9beafe49e22f7263776bdb82c268c97c4441a6c7357e6
+                SHA384: ce7e869a43aa2e17b7e4c0d78cabbca7b40d22c86e132153234d39b00ae426ceeef56c6ee8312f5ffda5c3f629a5dee1
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        Signer:
+        -   SerialNumber: 541fda68b5e95006f2fec51bea326365
+            Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 Extended Validation Code Signing CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: "Z\u6B66\u5668"
+    Date: ''
+    Description: Zwuqi System Driver
+    FileVersion: 1.1.9.416
+    Filename: ''
+    MD5: eaec88a63db9cf9cee53471263afe6fb
+    MachineType: AMD64
+    OriginalFilename: ComputerZ.Sys
+    Product: Zwuqi System Driver
+    ProductVersion: 1.1.9.416
+    Publisher: ''
+    SHA1: 5eed0ce6487d0b8d0a6989044c4fcab1bd845d9e
+    SHA256: 61e7f9a91ef25529d85b22c39e830078b96f40b94d00756595dded9d1a8f6629
+    Signature: ''
+    Imphash: d16f507665603095c26147a7adcb93b8
+    Authentihash:
+        MD5: 282fdadf7dd256c658f7524fcd42012b
+        SHA1: 46aa43b01c9150dbeb70d0647aef3b0970326b2a
+        SHA256: 0c66ca63774f8aa697fe172233283af90db88902204524294a4df212f9f0b949
+    RichPEHeaderHash:
+        MD5: 37c0371cbfd84cadf02fdb7eea7d972a
+        SHA1: d652c969b605877c575b0189fec14256731c61b3
+        SHA256: 55b54ffc4c79a0d6c26ce73a58795acbf93d397ddc75094f41e91bfdf40280da
+    Sections:
+        .text:
+            Entropy: 6.081255741764561
+            Virtual Size: '0x984'
+        .rdata:
+            Entropy: 4.2613174917675005
+            Virtual Size: '0x164'
+        .data:
+            Entropy: 0.5159719988134768
+            Virtual Size: '0x110'
+        .pdata:
+            Entropy: 3.2892420155694175
+            Virtual Size: '0x6c'
+        INIT:
+            Entropy: 4.8288898798498465
+            Virtual Size: '0x1c2'
+        .rsrc:
+            Entropy: 3.4310871150702678
+            Virtual Size: '0x3d0'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2009-04-15 21:38:10'
+    InternalName: ComputerZ.Sys
+    Copyright: Copyright (C) 2008-2009 www.zwuqi.com
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeBugCheckEx
+    - __C_specific_handler
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=CN, ST=Sichuan, L=Chengdu, O=Chengdu Ceshi Technology Co.,
+                Ltd., OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=Chengdu
+                Ceshi Technology Co., Ltd.
+            ValidFrom: '2009-04-15 00:00:00'
+            ValidTo: '2010-04-15 23:59:59'
+            Signature: 549eec17f9cd3716a7cc614eea198f2b8d9edba364f12ab4125f12eb4cac123dcce01a74d1ce495e315634056aed2da25796b5d76d087c574f1c167b2173ae89fd2f4422570d34fe9d190cd180540b3740315368b662331b6bd21801d6ea7799fad9e98ae700043fc390c7d80d5380ec9c8be85c61af32f9e68b3b8a7bddcf92838656239378c10dbeb53d4a24717aa5bb88fa27029fdfea789cb9aaa2c4085caaf6e31f1c9b346c9fd6d88202494e10966a806c4b56127c41da7a57704cff33b4b104ce07efcbf2e72abee09654b2fc9b862439bb6dac6551acda2c8b0a8ad6b40f33912eb2964be9668a08c6b8121b2b96f619e5b6bbaf1d033d3fb80403b6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 2b7f0f1afe0f348edec71b75a47165b8
+            Version: 3
+            TBS:
+                MD5: 051f7966823abbbf31c49631ca95b4c5
+                SHA1: 3b53e6177f766345accfa2ec3124a18e0a025e17
+                SHA256: b4e6bd3ca86f6af669589e3f15b86387655214e7d7312835ffd23a6618cee060
+                SHA384: f86eada997b14af71058b08a8d7a3699cd2bb7e59a88faa104694fddd0ccd31ac01ad6fa633b19b69b730b2bc360af46
+        Signer:
+        -   SerialNumber: 2b7f0f1afe0f348edec71b75a47165b8
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: ComputerZ
+    Date: ''
+    Description: ComputerZ System Driver
+    FileVersion: 1.0.8.818
+    Filename: ''
+    MD5: cb0c5d3639fcd810cde94b7b990aa51c
+    MachineType: I386
+    OriginalFilename: ComputerZ.Sys
+    Product: ComputerZ System Driver
+    ProductVersion: 1.0.8.818
+    Publisher: ''
+    SHA1: db3debacd5f6152abd7a457d7910a0ec4457c0d7
+    SHA256: 61f3b1c026d203ce94fab514e3d15090222c0eedc2a768cc2d073ec658671874
+    Signature: ''
+    Imphash: 60a2fba979aaa0d0ccd09c12ca3d9e57
+    Authentihash:
+        MD5: c31945f05d392cb9eea988f1c427b5a9
+        SHA1: 992b8f204b5ddb6bf0f51e34a7c423336b5fb7c2
+        SHA256: b6d91487921478891e5570663f23a473b1b0490f8cf75bdeb7ab00111999fb9b
+    RichPEHeaderHash:
+        MD5: 1b6b377b885ae86349219451aa7d1734
+        SHA1: 727d7fe6ee981ebc907fee06c37bcf5868fc8dc7
+        SHA256: bb5c1372b0803537056313e822cb7aa36cc7fcd5b49a1bbaa5dbb7c6fda38443
+    Sections:
+        .text:
+            Entropy: 6.2108948201384235
+            Virtual Size: '0x654'
+        .rdata:
+            Entropy: 3.9015650939248654
+            Virtual Size: '0x114'
+        .data:
+            Entropy: 2.0
+            Virtual Size: '0x4'
+        INIT:
+            Entropy: 4.577125493627475
+            Virtual Size: '0x116'
+        .rsrc:
+            Entropy: 3.3322017946055316
+            Virtual Size: '0x3f0'
+        .reloc:
+            Entropy: 3.6028735908357534
+            Virtual Size: '0x5a'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2008-09-25 04:04:43'
+    InternalName: ComputerZ.Sys
+    Copyright: Copyright (C) 2008 ComputerZ
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - _except_handler3
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    Signatures: {}
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: ludashi.com
+    Date: ''
+    Description: Ludashi System Driver
+    FileVersion: 1.1019.1025.918
+    Filename: ''
+    MD5: e432956d19714c65723f9c407ffea0c5
+    MachineType: I386
+    OriginalFilename: ComputerZ.Sys
+    Product: "\u9C81\u5927\u5E08"
+    ProductVersion: 1.1019.1025.918
+    Publisher: ''
+    SHA1: 1a53902327bac3ab323ee63ed215234b735c64da
+    SHA256: 64dddd5ac53fe2c9de2b317c09034d1bccaf21d6c03ccfde3518e5aa3623dd66
+    Signature: ''
+    Imphash: 27365d8741d23e179699f1f11a619c7d
+    Authentihash:
+        MD5: 4ba59b6b5b50688e0a7f0a418cdd9fb5
+        SHA1: 928670cee224e0f69b1d827e7f278e00c254c130
+        SHA256: de8a750317ff44704c0b03c374f5cbc37c9ef5c067a33628aa7c51a5b11db383
+    RichPEHeaderHash:
+        MD5: bc82137e092e13c598bc6289ea8cddf7
+        SHA1: d571a93f6f1fdf8cc3386910a784a5061290076f
+        SHA256: c05cd83a1fe32cf6831617580aefb0083698b5d82ee84bb2be3d868c94b01335
+    Sections:
+        .text:
+            Entropy: 6.288107277208351
+            Virtual Size: '0x392c'
+        .rdata:
+            Entropy: 3.8231896263497824
+            Virtual Size: '0x184'
+        .data:
+            Entropy: 0.5154246727248383
+            Virtual Size: '0xd0'
+        INIT:
+            Entropy: 5.486604320601577
+            Virtual Size: '0x472'
+        .rsrc:
+            Entropy: 3.603298090643343
+            Virtual Size: '0x498'
+        .reloc:
+            Entropy: 5.853799317958882
+            Virtual Size: '0x2d0'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2020-02-25 23:36:00'
+    InternalName: ComputerZ.Sys
+    Copyright: "\u7248\u6743\u6240\u6709 (C) 2010-2019 www.ludashi.com"
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IofCompleteRequest
+    - RtlGetVersion
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - IoGetDeviceProperty
+    - _wcsicmp
+    - ObfDereferenceObject
+    - IoGetDeviceAttachmentBaseRef
+    - PsGetVersion
+    - memset
+    - MmIsAddressValid
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - RtlAnsiStringToUnicodeString
+    - RtlInitAnsiString
+    - KeWaitForSingleObject
+    - RtlInitUnicodeString
+    - IoBuildDeviceIoControlRequest
+    - KeInitializeEvent
+    - MmUnmapIoSpace
+    - READ_REGISTER_BUFFER_UCHAR
+    - MmMapIoSpace
+    - READ_REGISTER_BUFFER_ULONG
+    - WRITE_REGISTER_ULONG
+    - WRITE_REGISTER_UCHAR
+    - KeDelayExecutionThread
+    - _allmul
+    - SeReleaseSubjectContext
+    - SeTokenIsAdmin
+    - SeCaptureSubjectContext
+    - KeTickCount
+    - KeBugCheckEx
+    - RtlUnwind
+    - IoDeleteSymbolicLink
+    - IofCallDriver
+    - IoDeleteDevice
+    - HalGetBusDataByOffset
+    - HalSetBusDataByOffset
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Timestamping CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2028-01-28 12:00:00'
+            Signature: 4e5e56901e46b4d94931f3bb1739281bc216ddfd41dc0905049b6fb2a29ad6992e40990055b5ea3fa52076d38634d417cc553ac782eeefa8babcd8069f1550dfcd167b523a02d7191afdaff0785ce04bc518df3a241edaacb8a95804020730dbb0125efe31bef00448f4f070f83a5e5683cf3dfb0dbcf4c5ed979db9d4dba52784e3389b8ba735864420a43b6da46a0ba183fd28ebdaef28f6cc885dfb0a3b00abe021ebe22f356c0f8e344597eba2f79933357ecb9a8abb454de73f9fc2d98afa65b26ec77e65ffe892e12c31a2f7b02736488f266f3bee4d761f79c3e57f9635bc2d0ecc01b08e7fff518080a792d4b34446648c874f166307314b63b0dff3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee152d7
+            Version: 3
+            TBS:
+                MD5: e140543fe3256027cfa79fc3c19c1776
+                SHA1: c655f94eb1ecc93de319fc0c9a2dc6c5ec063728
+                SHA256: 3ca71e85908ff67368e4dc00253f5691b9e6d50c966e7784143d75fb92aa3448
+                SHA384: d9d366f9328f2b55ee19a32cc5fd5148b81d764282fe5dc196c872ae249caa51d2c212ef39f33945dfe0cda81925e326
+        -   Subject: C=SG, O=GMO GlobalSign Pte Ltd, CN=GlobalSign TSA for MS Authenticode
+                , G2
+            ValidFrom: '2016-05-24 00:00:00'
+            ValidTo: '2027-06-24 00:00:00'
+            Signature: 8fa91a916d04a637200e8396de23d36b6e1f6edd643d682122b5f84736698ee1a545c724a222b72909cc545aaec6bccd638eb33d5048e5b4ccaecd928d9e288b134a11aabda3efd3b236fcb4a172bf6d9763798c44bc702f7ef3bcdd8253ab1af6ebfa1c97bcb6379ca41c30bcabbc2d4736df922003e871c658f675059a34f00b595a824434aa80e42f84f6475d96c9b6caca9db7a6bae450d3d437b8ba200ed0d3922a5bc459bba16ddb3cce449dc1382aade38dbdcd09771a10be670a02366488b9b31b26eee79e60c446a8bc61336ccf4eb99cb96af09f37feb53d4f9ad34dffde208e4e97a6fd9f09bc4dca1876c9b04d8550f280d21d06f5580407b118
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1121d699a764973ef1f8427ee919cc534114
+            Version: 3
+            TBS:
+                MD5: acb5170547d76873f1e4ff18ed5de2eb
+                SHA1: bd6e261e75b807381bada7287de04d259258a5fa
+                SHA256: 4783380498acf592286ef2dea0fcc5bdea3f54d5e374d3e3497df9d5f662cfb6
+                SHA384: 4f428f115cf3d008248f15f32007fc7c54bd454e1b48b765776b4c87c23ab8818d8fbcbb3646d35eca012b025260a3b8
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID Root CA
+            ValidFrom: '2011-04-15 19:41:37'
+            ValidTo: '2021-04-15 19:51:37'
+            Signature: 5cf5b22d02ceed01b53512d813f7aa4014c7a15ca08a55ed7e55ea6ac457176fd04722423658efc5ac61c5f62c52ce6ae6c80d85dab334420ea40225182672b92a4ea57e4b16f2a0e40c449ce24d9af474f0f927a6699031c244654348c74869d0fc8409f286140ac22996857f11eb8713176ed3ec6bff1d578ab17b1ea5a07ce9a27a68e5fac6b161d67263fa379163835599f81d614f0c6fa3f7bcb1152acc8d85e31417ef7e49443fb022c0f0acbe2fdbe10c86b0f4585c5a10a94bcdf3448a4652083e0a6210e9459504b78b8d4b074f500db7bbe7fb8ca27878c6c53b7663b2cfe521845a66fce04c79834ecfa8ee700586587cc29cd73ca3ad3c7e76625c87d0ed7cd5c55b1421f4be75a275d2e9e15ad020307841624d6b5e6e1b1710244ad8588775d015d762bbfd185665842561977faad49df4f35d6da031c2e19e02ac3e90c3327ee832903416d08b14cf95accee58c54a265b8bfed186a57073ed3e79a4a2f081a041c49871a8ae61b08a365d81c31c50d9cbab368ddf45076160675fec403e7d13edfdc862e10027e661296534e7af3365879b12042d8963f35be3f8ef2999743f5e40ce13c68728c8d49d75a52b573fb7a35943a61b08482c04885c19732d39b725fa0d2348f7ef0467cf28c7294c707b0d7b5b230b81965f09c8327b0a0abd0a2727e050fb3aeddb95b9b42bcc32663456b86f11d4643edc8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611cb28a000000000026
+            Version: 3
+            TBS:
+                MD5: 983a0c315a50542362f2bd6a5d71c8d0
+                SHA1: 8047f476001f5cb16a661d2a3fd0c3576168f5e2
+                SHA256: 5f6a519ed2e35cd0fa1cdfc90f4387162c36287bbf9e4d6648251d99542a9e83
+                SHA384: 5f014b60511ddab3247ef0b3c03fe82c622237ba76015e2911d1adc50dc632d56ebd1ee532f3c2b6cbfe68d80a2c91dc
+        -   Subject: C=CN, ST=Sichuan, L=Chengdu, O=Chengdu Qilu Technology Co. Ltd.,
+                CN=Chengdu Qilu Technology Co. Ltd.
+            ValidFrom: '2019-10-30 00:00:00'
+            ValidTo: '2020-11-03 12:00:00'
+            Signature: 80ee76d13f2fab06a2e811245b28f1703b9646b2f61b12f0a3228986b95263b331e554864a4586e25bb25b8a0440c95894533db4c8e94baf5f85a5eb4fbd3ec5522110006304e43bb09fb9ebb5e82cfd2ec889a21a5f490378cf36274a66a150f2ac58e92d86b711e271aef2eaf38ffe5fcfa1c7b8554caa9b640ed1c55cd69649bd86e74691f34132571e42067fa061d7a7b4e9f0579515902f32eb9dfcc5b1bf3de043361aa55e91776173893d666e9d6b0973f8273bc229c68dff1edbac5b9c6a648092a0ad2cc4bbd1efcc5f56bd0c9b7c50f3573eae1c684832596ce5cc67323d3d8ceb1c296bfc873140660edec06d8c627d124aef4d02fbdaef263091
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0a3a9f12d727bbf01199e74e0a5c7d8a
+            Version: 3
+            TBS:
+                MD5: 4e1dd44417986e6b087613679af48015
+                SHA1: 78273dbcf8cf746b5bdeccc6931246ea716adaea
+                SHA256: b437120e22b1250fec3ae5f55b0b431a2e4ac527c551cfba59cc58793ce29897
+                SHA384: d77f55a27f83c72814b7cd7c0ee7b3a29428c15c5fc8e3d478d7f0abdd37be30cdbe618845a7c358a4a43e75ceac5750
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 7b721d64ff88c83ac1b7e9e7a9c487bbdb9492d7905933fa2b87dea85b80253f138f9b831b7c43c4e68cdf393ec315ecb0da3b21257b24c1725db84791811346fa9c3f6a5138deb425cbf0abdfc528015479104624d1380f26a161904dbabd28e63ff1c4aa9bf6da35534fc9f23dd36cdc23edaaa04d6709f33a803d3cfb364c90e776a4ddf23abf56352fa24c65e8e0d4dad1c7c8916a2d234f373b199418d4d59c103cd5b11c19ff8fc86b9b9ef8ae9c999678d1cd9c51155b4226725a8d0a4a239240e886de22c2933ad49b68a6df297f06b93c0ebd9fc4869c82474271328609997209794b9d7169f541ff7f397764f1848dbe8b1eb27d68a3a590b10cff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0fa8490615d700a0be2176fdc5ec6dbd
+            Version: 3
+            TBS:
+                MD5: a9a31555bbc92b6033975c5428fb3679
+                SHA1: 47f4b9898631773231b32844ec0d49990ac4eb1e
+                SHA256: c826846e4b1d73edb7561ab1b41c949354e237a91e82fe1be5b7e2e1701f52d1
+                SHA384: 86f49574f368a561914a52d7ae043ec6784ef8c718960700f834e123594605d25d39f1ad45f1eb5052c9567f3edd0e16
+        Signer:
+        -   SerialNumber: 0a3a9f12d727bbf01199e74e0a5c7d8a
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID Code Signing CA,1
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: ludashi.com
+    Date: ''
+    Description: Ludashi System Driver
+    FileVersion: 1.6.16.1015
+    Filename: ''
+    MD5: 5fade7137c14a94b323f3b7886fba2a9
+    MachineType: AMD64
+    OriginalFilename: ComputerZ.Sys
+    Product: "\u9C81\u5927\u5E08"
+    ProductVersion: 1.6.16.1015
+    Publisher: ''
+    SHA1: 0b77242d4e920f2fcb2b506502cfe3985381defc
+    SHA256: 66f851b309bada6d3e4b211baa23b534165b29ba16b5cbf5e8f44eaeb3ca86ea
+    Signature: ''
+    Imphash: fbfa302bf7eb5d615d0968541ee49ce4
+    Authentihash:
+        MD5: 0e7572ee69004b9c65c842eae1175b48
+        SHA1: f646f70354ed77ed8e896e254a8985ec00d3dc53
+        SHA256: 0a1d5ba96cde7e8485077763e34738bf9c2734c81440ecab82ff63606a50dfb2
+    RichPEHeaderHash:
+        MD5: 931e927cdf1c24d5817bff89dab85a64
+        SHA1: 4cd801fca152bbe24f5f38fd11ceb6376bcef450
+        SHA256: 7122c2c491e45b9bc338bcc38386cc39217d647ee94adc68881890034b241fb2
+    Sections:
+        .text:
+            Entropy: 6.329269583331132
+            Virtual Size: '0x3c9e'
+        .rdata:
+            Entropy: 4.689036911549702
+            Virtual Size: '0x3f4'
+        .data:
+            Entropy: 0.31187978478105094
+            Virtual Size: '0x1ec'
+        .pdata:
+            Entropy: 4.137755082902252
+            Virtual Size: '0x21c'
+        INIT:
+            Entropy: 5.133308046836707
+            Virtual Size: '0x4e8'
+        .rsrc:
+            Entropy: 3.5718072271678527
+            Virtual Size: '0x488'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2016-06-21 05:51:19'
+    InternalName: ComputerZ.Sys
+    Copyright: "\u7248\u6743\u6240\u6709 (C) 2010-2016 www.ludashi.com"
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - RtlGetVersion
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - IoGetDeviceAttachmentBaseRef
+    - PsGetVersion
+    - RtlCompareUnicodeString
+    - ObfDereferenceObject
+    - IoGetDeviceProperty
+    - RtlAnsiStringToUnicodeString
+    - RtlInitAnsiString
+    - RtlFreeUnicodeString
+    - IoDeleteDevice
+    - MmIsAddressValid
+    - IoBuildDeviceIoControlRequest
+    - KeInitializeEvent
+    - KeWaitForSingleObject
+    - IofCallDriver
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - SeTokenIsAdmin
+    - SeReleaseSubjectContext
+    - SeCaptureSubjectContext
+    - KeSetTimer
+    - KeInitializeTimerEx
+    - KeBugCheckEx
+    - RtlInitUnicodeString
+    - IoGetDeviceObjectPointer
+    - IoDeleteSymbolicLink
+    - __C_specific_handler
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=CN, ST=Beijing, L=Beijing, O=Qihoo 360 Software (Beijing) Company
+                Limited, OU=Tech. Dev. Dept., CN=Qihoo 360 Software (Beijing) Company
+                Limited
+            ValidFrom: '2016-01-06 00:00:00'
+            ValidTo: '2019-03-28 23:59:59'
+            Signature: 14deff13d888b68e8fe51fe761e94a08cc7e9223861f3cf61f51f8629fc2011ae3a3b5af2efaea5120a92b16a2e3da99181ce1a741fb2cfb8dcd78c869ad25911476c9e2bcb28159a9161851e3e46c2828ca7f89bd36b454e49ef28a6d87563bced3277710e9147ec817efd71301e868158e2c9d7a6310f112134054629047fe8637cf4fe1c21a0ad29b388f0031a1e13e4f9b06dc81351d8de4bf8fc9adf748105315d0f67c9c4e391f42abdb51877347685bc072e3bb649899bb8b4697f6d48269a53576fa82f3e0a9552c03b645c07f832ddf3545877ac64f8610d861d54e3ec1c09f3586f1b78564a618e3c761409ac9c84d0a9c8cbaba46d7b11cba1dfb
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 26279f0f2f11970dccf63eba88f2d4c4
+            Version: 3
+            TBS:
+                MD5: fbebdc165d8f4616444075e0a48855e6
+                SHA1: f6bf44f1acae05fc1638190459485da95f4ed1ec
+                SHA256: 6917dc56b04b2bd7a75f0987ee27c832dc62298b698b585a4c2c07eb890b6528
+                SHA384: c857fb61de8d13e1ac649fbaa4d69acd293d8542cd380411db8bbe2fdc3b9d98c607d0d267081fac285dd33e9141f329
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 26279f0f2f11970dccf63eba88f2d4c4
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: 360.cn
+    Date: ''
+    Description: Ludashi System Driver
+    FileVersion: 1.6.13.1019
+    Filename: ''
+    MD5: 4ecfb46fcdce95623f994bd29bbe59cb
+    MachineType: I386
+    OriginalFilename: ComputerZ.Sys
+    Product: "\u9C81\u5927\u5E08"
+    ProductVersion: 1.6.13.1019
+    Publisher: ''
+    SHA1: d452fc8541ed5e97a6cbc93d08892c82991cdaad
+    SHA256: 6d2cc7e1d95bb752d79613d0ea287ea48a63fb643dcb88c12b516055da56a11d
+    Signature: ''
+    Imphash: f9b9487f25a2c1e08c02f391387c5323
+    Authentihash:
+        MD5: 1bc96d2e740a8a9ed500f96ec8ec0b80
+        SHA1: 6270f0d0907d7ef842cd65e5e3be8c0f66f8ebb3
+        SHA256: db58973c75b7cb94ffb31ad46fddf2f16f19075a99a69a7de20f8c0e42d96ba0
+    RichPEHeaderHash:
+        MD5: 7fc550aec15fd6621ba15e6f0c8d0b43
+        SHA1: 231a47a21f97fb57cdca08ba5a88d86f15920c2e
+        SHA256: 2d878af22eeafbfa7f8d8a40ca040a55f5c294ef7d7e93e7505d1fb2691880d2
+    Sections:
+        .text:
+            Entropy: 6.359568361619904
+            Virtual Size: '0x28f0'
+        .rdata:
+            Entropy: 4.068952790980209
+            Virtual Size: '0x194'
+        .data:
+            Entropy: 1.1225846798245738
+            Virtual Size: '0x50'
+        INIT:
+            Entropy: 5.472605153859094
+            Virtual Size: '0x448'
+        .rsrc:
+            Entropy: 3.56314212405709
+            Virtual Size: '0x480'
+        .reloc:
+            Entropy: 5.338836916876603
+            Virtual Size: '0x1d8'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2013-07-22 01:47:23'
+    InternalName: ComputerZ.Sys
+    Copyright: "\u7248\u6743\u6240\u6709 (C) 2010-2013 www.ludashi.com"
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - IoGetDeviceProperty
+    - RtlCompareUnicodeString
+    - ObfDereferenceObject
+    - IoGetDeviceAttachmentBaseRef
+    - PsGetVersion
+    - MmIsAddressValid
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - RtlAnsiStringToUnicodeString
+    - RtlInitAnsiString
+    - KeWaitForSingleObject
+    - IofCallDriver
+    - IoBuildDeviceIoControlRequest
+    - KeInitializeEvent
+    - MmUnmapIoSpace
+    - READ_REGISTER_BUFFER_UCHAR
+    - MmMapIoSpace
+    - READ_REGISTER_BUFFER_ULONG
+    - WRITE_REGISTER_ULONG
+    - WRITE_REGISTER_UCHAR
+    - KeSetTimer
+    - KeInitializeTimerEx
+    - _allmul
+    - SeReleaseSubjectContext
+    - SeTokenIsAdmin
+    - SeCaptureSubjectContext
+    - KeTickCount
+    - KeBugCheckEx
+    - RtlUnwind
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited,
+                CN=COMODO Time Stamping Signer
+            ValidFrom: '2010-05-10 00:00:00'
+            ValidTo: '2015-05-10 23:59:59'
+            Signature: c8fb63f80b75752c3af1f213a72db6a31a9cad0107d3348e77e0c26eae025d484fa4d221b636fd2a35437c6bdf80870b15f0763200b4ceb567a42f2f201b9c549e833f1f5f149562820f2241221f70b3f3f742de6c51cd4bf821ac9b3b8cb1e5e6288fce2a8af9aa524d8c5b77ba4d5a58dbbb6a04cc521e9de228370ebbe70e91c7f8dbf18198ebcd37b30eab65d362ec3aa576eb13a83593c92e0a01ecc0e8cc3d7eb6ebe2c1ecd3149282668750dcfd5097acb34a767306c486113ab35f4304526feab3d074364ccaf11b7984377063ad74b9aa0ef398b08608ebdbe01f8c10f239649bae4f0a2c928a4f18b591e58d1a935f1faef1a6f02e97d0d2f62b3c
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 478a8efb59e1d83f0ce142d2a28707be
+            Version: 3
+            TBS:
+                MD5: f13ede9179075999ef7f856ec31e364b
+                SHA1: 2f09867166e6107e17808317f5c8d4ee157f45bc
+                SHA256: 089a2c4c6ac7432020acdb65c33bf39130da6f37c002ba79128bd4c94e4fa101
+                SHA384: 67be6d358f4ecd0726163603a404db9d78c340951d43fd608482cd89a2de7f9566f0ce45f8222f420003157cb266b939
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=CN, ST=Beijing, L=Beijing, O=Qihoo 360 Software (Beijing) Company
+                Limited, OU=Digital ID Class 3 , Microsoft Software Validation v2,
+                OU=Tech. Dev. Dept., CN=Qihoo 360 Software (Beijing) Company Limited
+            ValidFrom: '2013-03-11 00:00:00'
+            ValidTo: '2016-03-10 23:59:59'
+            Signature: b1e984808fbc7d3658d18d137c68f1277611af3e98408e495fd55de202bc04f7dc44ae362658e6b5f9dd97b5b383b94723bae937b8fb9e75bb92317a85bcee1989c90c318216da71629f3147ae647502e71e360d16b7cf7006927282265eb0014300650595d1cccc07ed28d9df246055981cec3485bc3173aef9b76912a6cbb2766fa5363e1fc0a91d4679db92e1e1b8dc84e1a14de55324d522670f9e574714b2959ea7a89db456e3debd34d35bbe6403389421ac76615e4ce194990b325132fa62279f31e86fb7043627343fef7118672d5f1ce4666a594d746bb3c69bf123f27c6cb24079fc490a382286d4e85fc118ca9a4612dda448b84a25bcd0fa2cf1
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 51bd5d8e45b82a0210f17fe4c5233468
+            Version: 3
+            TBS:
+                MD5: ad73c81b3174cc055d9718b2145a3d1f
+                SHA1: 0cb9e92828857976774a9fe96c016cdc67a25e6d
+                SHA256: 2c5d88401dfeec2ebf814e09d0d0faec9d109a503d427da4a7f3e0dec5ae0b6c
+                SHA384: 48c38329eb7f200be0d48acddabdb93c354dd1b8b3c3ce955a23638a4e2e32dd7d0f3a4f227a2b6382adc95e746cc411
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 51bd5d8e45b82a0210f17fe4c5233468
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: ludashi.com
+    Date: ''
+    Description: Ludashi System Driver
+    FileVersion: 1.6.15.1045
+    Filename: ''
+    MD5: 94d45bb36b13f4e936badb382fc133fe
+    MachineType: I386
+    OriginalFilename: ComputerZ.Sys
+    Product: "\u9C81\u5927\u5E08"
+    ProductVersion: 1.6.15.1045
+    Publisher: ''
+    SHA1: 850d7df29256b4f537eddafe95cfea59fb118fe2
+    SHA256: 71c0ce3d33352ba6a0fb26e274d0fa87dc756d2473e104e0f5a7d57fab8a5713
+    Signature: ''
+    Imphash: a53b095a8d7366075d445892070cde51
+    Authentihash:
+        MD5: 55f05d6f7d05be2f6570b52ee06507e1
+        SHA1: 9a861ad1b13314a3637e16b286911d54db02a4bc
+        SHA256: bcf3c0762d6600506ff3b2f13ac6d978041b0b50131b3a564a558611dd3b96df
+    RichPEHeaderHash:
+        MD5: 36d79e4bc2a15ca68d83887d15f8f3b0
+        SHA1: 8ae8df369a94635efe2cd11c5a54829a352887c5
+        SHA256: c7e19135c0e8c6b70db667044a45444ec135e550845f32f0b49fa08cfe0a9e7e
+    Sections:
+        .text:
+            Entropy: 6.3753294877462245
+            Virtual Size: '0x3190'
+        .rdata:
+            Entropy: 4.088208142934422
+            Virtual Size: '0x1a4'
+        .data:
+            Entropy: 0.6406837316805838
+            Virtual Size: '0xa0'
+        INIT:
+            Entropy: 5.453105414777541
+            Virtual Size: '0x4b4'
+        .rsrc:
+            Entropy: 3.57239965128271
+            Virtual Size: '0x488'
+        .reloc:
+            Entropy: 5.767403415227798
+            Virtual Size: '0x282'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2015-09-05 21:28:18'
+    InternalName: ComputerZ.Sys
+    Copyright: "\u7248\u6743\u6240\u6709 (C) 2010-2015 www.ludashi.com"
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IofCompleteRequest
+    - RtlGetVersion
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - IoGetDeviceProperty
+    - RtlCompareUnicodeString
+    - ObfDereferenceObject
+    - IoGetDeviceAttachmentBaseRef
+    - PsGetVersion
+    - MmIsAddressValid
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - RtlAnsiStringToUnicodeString
+    - RtlInitAnsiString
+    - KeWaitForSingleObject
+    - RtlInitUnicodeString
+    - IoBuildDeviceIoControlRequest
+    - KeInitializeEvent
+    - MmUnmapIoSpace
+    - READ_REGISTER_BUFFER_UCHAR
+    - MmMapIoSpace
+    - READ_REGISTER_BUFFER_ULONG
+    - WRITE_REGISTER_ULONG
+    - WRITE_REGISTER_UCHAR
+    - KeSetTimer
+    - KeInitializeTimerEx
+    - _allmul
+    - SeReleaseSubjectContext
+    - SeTokenIsAdmin
+    - SeCaptureSubjectContext
+    - KeTickCount
+    - KeBugCheckEx
+    - RtlUnwind
+    - IoDeleteSymbolicLink
+    - IofCallDriver
+    - IoDeleteDevice
+    - HalGetBusDataByOffset
+    - HalSetBusDataByOffset
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited,
+                CN=COMODO Time Stamping Signer
+            ValidFrom: '2015-05-05 00:00:00'
+            ValidTo: '2015-12-31 23:59:59'
+            Signature: 0dbbad60111bb5f00dcce6483a7a3e0e33dc1cb9ead620fea34dd0cc764ee818d879dfd34f9a4264238a29728a3a6c66a63c3a17a8704565c673c3d0ce8954fbac690f58b019cb869f7eb97eeb5192bf9bddebd165f0257b887cdebda5c8b51451bcc081308a85387be679fe67559387fe4fe88d0eedf37292b5c289806dd159e31d0deab138ee039d0019a5ab219b79c3ccc23e687ebdc94d694db46451fbb22874e25389ce9dfaade2dbceab7b7e064474fd0aa3c9b7a730cd49d29264f122a6b828457479e9a7ce3b33f98350947d68c01d49c760787a3c6426d5befa0a6de41ee109538fa9c523acc79d614221f02c1671493b10af2c6f1ae631f114fd6c
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 009feac811b0f16247a5fc20d80523ace6
+            Version: 3
+            TBS:
+                MD5: b6aa9cf28bcfc9f07ec1069fb425ab61
+                SHA1: ca7a166fcd53878ba5a38d4cac37c63513cfc1fa
+                SHA256: 711394fc49f8948a831f687d42ced6b18514f57786ecc6cdbc3c3eb72e568a40
+                SHA384: ca01f9c9ed4e1ddff7126b7bbf618bc8132429886ca563f86655429e928739c621b9fdea6e04a623712cbb998c5c7d77
+        -   Subject: ??=HK, ??=Private Organization, serialNumber=1848744, C=HK, ST=Hong
+                Kong, L=Hong Kong, O=QIHU 360 SOFTWARE CO. LIMITED, CN=QIHU 360 SOFTWARE
+                CO. LIMITED
+            ValidFrom: '2013-05-21 00:00:00'
+            ValidTo: '2016-05-20 23:59:59'
+            Signature: 587d78ec02924b2d33f7c5cc7040ac737c6fca831ea1f059e6a03b75fa436dee4b7ff5ac1c23878cf3427830d11a3ea28eb7e01e07866f5208f06e3f53b7804792c79d3d6ae28d86bf5389667f6bc26499ab3f426cf4ab0f25ba10e46ef47e398eeb7346bdf4c94dda781f9b8dd207d68694c24cccf6784993196d868768e64c839aaf875032fab8bc00e0e35d791b7c9d00527038d7913aba02ea1a4dca9b6058ce8189cb22bb35937213f6ce8737c2b58f621a0821e05b7d072cd7fc1907fac18804aac193183c922eba0364cc4b228c9e47ad2a593d08b7ba21e7357d957586d69497799e365d2371efa162e7ad188ac0cc3139abba389d2478b5579f0c8a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 541fda68b5e95006f2fec51bea326365
+            Version: 3
+            TBS:
+                MD5: f741ec6836bb74e2370476618157c432
+                SHA1: a392f40f4b3dc57727804cbeef660bbf9e2fbb69
+                SHA256: faf712aafed949a99bad324e153686c3e94f25ed38ecadbee3e7650f23bea634
+                SHA384: d2935b45e517522578d0a44e3654896b3dd991aef0091a60a1d22d3c695b07b4d8e9c0b36bab3b44c1fe1c12cf225f91
+        -   Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 Extended Validation Code Signing CA
+            ValidFrom: '2012-06-07 00:00:00'
+            ValidTo: '2022-06-06 23:59:59'
+            Signature: 6af31dbc5f4dde03f949491dad3d761c96ba1b43e6f48602427578c70cc2e59dc4344f0ea9e94ab4be418487eaf487b44cdb10493bf7df1590ba84f8b747eb5b6550f3a34a7110167b1ce1f5d6edbf50566ff899b3a951b646aec697e0e79b0c153ebb287b31a300f32e8b8748128982ef095f490c909ec8f696a37b9a7513c847f03e3f6f0b50296c2b784c30fce4600c1340d63875a9077964fdca3ce4ef48930be00a48ff076b3b0283d166d5b9e198f40e9f69c42e552e01967d7e840c80767536cbfd4661f469cc1a9d642bba046ee91152da1299a15ab083c4bc4780a6274d007a36033cbe619863cb9f05ee8085eedd9592f7ee50d463dc8fa42479bf
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 6c59efa9e100e10ee306ba8fe0292559
+            Version: 3
+            TBS:
+                MD5: cc806ac6ce6822cccc165d63c1b8fa37
+                SHA1: 261a24e7b2648867017e7e852258ef87ab84c5f1
+                SHA256: a8b0af15f217006b33f9beafe49e22f7263776bdb82c268c97c4441a6c7357e6
+                SHA384: ce7e869a43aa2e17b7e4c0d78cabbca7b40d22c86e132153234d39b00ae426ceeef56c6ee8312f5ffda5c3f629a5dee1
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        Signer:
+        -   SerialNumber: 541fda68b5e95006f2fec51bea326365
+            Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 Extended Validation Code Signing CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: ludashi.com
+    Date: ''
+    Description: Ludashi System Driver
+    FileVersion: 1.1019.1025.918
+    Filename: ''
+    MD5: dbde0572d702d0a05c0d509d5624a4d7
+    MachineType: AMD64
+    OriginalFilename: ComputerZ.Sys
+    Product: "\u9C81\u5927\u5E08"
+    ProductVersion: 1.1019.1025.918
+    Publisher: ''
+    SHA1: 0e030cf5e5996f0778452567e144f75936dc278f
+    SHA256: 7553c76b006bd2c75af4e4ee00a02279d3f1f5d691e7dbdc955eac46fd3614c3
+    Signature: ''
+    Imphash: 45acfe4a83f61d872fb904a1f08ef991
+    Authentihash:
+        MD5: cc904107340f6a24999ea4e8c3717933
+        SHA1: 3f4b83ed3a3029d901279b2dd3b122f3837f9791
+        SHA256: 00b3ac33836f15ea53e81746ffa7c2888dc3c98492b59a97ba5a0a64166900d0
+    RichPEHeaderHash:
+        MD5: 369b42cc2a67af6af9086da6ffff224a
+        SHA1: faa1e445e08c48afd368888eee7dafc4f4b8e756
+        SHA256: 0fbf35185d37556f33a210f8b1588995dda49566ec6acea4f087d01af61d6be8
+    Sections:
+        .text:
+            Entropy: 6.340612666300623
+            Virtual Size: '0x3c9e'
+        .rdata:
+            Entropy: 4.6479305755089175
+            Virtual Size: '0x3ec'
+        .data:
+            Entropy: 0.31187978478105094
+            Virtual Size: '0x1ec'
+        .pdata:
+            Entropy: 4.126649534842723
+            Virtual Size: '0x210'
+        INIT:
+            Entropy: 5.157425678373815
+            Virtual Size: '0x48c'
+        .rsrc:
+            Entropy: 3.6051192721485097
+            Virtual Size: '0x498'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2020-02-25 23:35:59'
+    InternalName: ComputerZ.Sys
+    Copyright: "\u7248\u6743\u6240\u6709 (C) 2010-2019 www.ludashi.com"
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - RtlGetVersion
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - _wcsicmp
+    - IoGetDeviceAttachmentBaseRef
+    - PsGetVersion
+    - ObfDereferenceObject
+    - IoGetDeviceProperty
+    - RtlAnsiStringToUnicodeString
+    - RtlInitAnsiString
+    - RtlFreeUnicodeString
+    - IoDeleteDevice
+    - MmIsAddressValid
+    - IoBuildDeviceIoControlRequest
+    - KeInitializeEvent
+    - KeWaitForSingleObject
+    - IofCallDriver
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - SeTokenIsAdmin
+    - SeReleaseSubjectContext
+    - KeDelayExecutionThread
+    - SeCaptureSubjectContext
+    - KeBugCheckEx
+    - RtlInitUnicodeString
+    - IoGetDeviceObjectPointer
+    - IoDeleteSymbolicLink
+    - __C_specific_handler
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Timestamping CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2028-01-28 12:00:00'
+            Signature: 4e5e56901e46b4d94931f3bb1739281bc216ddfd41dc0905049b6fb2a29ad6992e40990055b5ea3fa52076d38634d417cc553ac782eeefa8babcd8069f1550dfcd167b523a02d7191afdaff0785ce04bc518df3a241edaacb8a95804020730dbb0125efe31bef00448f4f070f83a5e5683cf3dfb0dbcf4c5ed979db9d4dba52784e3389b8ba735864420a43b6da46a0ba183fd28ebdaef28f6cc885dfb0a3b00abe021ebe22f356c0f8e344597eba2f79933357ecb9a8abb454de73f9fc2d98afa65b26ec77e65ffe892e12c31a2f7b02736488f266f3bee4d761f79c3e57f9635bc2d0ecc01b08e7fff518080a792d4b34446648c874f166307314b63b0dff3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee152d7
+            Version: 3
+            TBS:
+                MD5: e140543fe3256027cfa79fc3c19c1776
+                SHA1: c655f94eb1ecc93de319fc0c9a2dc6c5ec063728
+                SHA256: 3ca71e85908ff67368e4dc00253f5691b9e6d50c966e7784143d75fb92aa3448
+                SHA384: d9d366f9328f2b55ee19a32cc5fd5148b81d764282fe5dc196c872ae249caa51d2c212ef39f33945dfe0cda81925e326
+        -   Subject: C=SG, O=GMO GlobalSign Pte Ltd, CN=GlobalSign TSA for MS Authenticode
+                , G2
+            ValidFrom: '2016-05-24 00:00:00'
+            ValidTo: '2027-06-24 00:00:00'
+            Signature: 8fa91a916d04a637200e8396de23d36b6e1f6edd643d682122b5f84736698ee1a545c724a222b72909cc545aaec6bccd638eb33d5048e5b4ccaecd928d9e288b134a11aabda3efd3b236fcb4a172bf6d9763798c44bc702f7ef3bcdd8253ab1af6ebfa1c97bcb6379ca41c30bcabbc2d4736df922003e871c658f675059a34f00b595a824434aa80e42f84f6475d96c9b6caca9db7a6bae450d3d437b8ba200ed0d3922a5bc459bba16ddb3cce449dc1382aade38dbdcd09771a10be670a02366488b9b31b26eee79e60c446a8bc61336ccf4eb99cb96af09f37feb53d4f9ad34dffde208e4e97a6fd9f09bc4dca1876c9b04d8550f280d21d06f5580407b118
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1121d699a764973ef1f8427ee919cc534114
+            Version: 3
+            TBS:
+                MD5: acb5170547d76873f1e4ff18ed5de2eb
+                SHA1: bd6e261e75b807381bada7287de04d259258a5fa
+                SHA256: 4783380498acf592286ef2dea0fcc5bdea3f54d5e374d3e3497df9d5f662cfb6
+                SHA384: 4f428f115cf3d008248f15f32007fc7c54bd454e1b48b765776b4c87c23ab8818d8fbcbb3646d35eca012b025260a3b8
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID Root CA
+            ValidFrom: '2011-04-15 19:41:37'
+            ValidTo: '2021-04-15 19:51:37'
+            Signature: 5cf5b22d02ceed01b53512d813f7aa4014c7a15ca08a55ed7e55ea6ac457176fd04722423658efc5ac61c5f62c52ce6ae6c80d85dab334420ea40225182672b92a4ea57e4b16f2a0e40c449ce24d9af474f0f927a6699031c244654348c74869d0fc8409f286140ac22996857f11eb8713176ed3ec6bff1d578ab17b1ea5a07ce9a27a68e5fac6b161d67263fa379163835599f81d614f0c6fa3f7bcb1152acc8d85e31417ef7e49443fb022c0f0acbe2fdbe10c86b0f4585c5a10a94bcdf3448a4652083e0a6210e9459504b78b8d4b074f500db7bbe7fb8ca27878c6c53b7663b2cfe521845a66fce04c79834ecfa8ee700586587cc29cd73ca3ad3c7e76625c87d0ed7cd5c55b1421f4be75a275d2e9e15ad020307841624d6b5e6e1b1710244ad8588775d015d762bbfd185665842561977faad49df4f35d6da031c2e19e02ac3e90c3327ee832903416d08b14cf95accee58c54a265b8bfed186a57073ed3e79a4a2f081a041c49871a8ae61b08a365d81c31c50d9cbab368ddf45076160675fec403e7d13edfdc862e10027e661296534e7af3365879b12042d8963f35be3f8ef2999743f5e40ce13c68728c8d49d75a52b573fb7a35943a61b08482c04885c19732d39b725fa0d2348f7ef0467cf28c7294c707b0d7b5b230b81965f09c8327b0a0abd0a2727e050fb3aeddb95b9b42bcc32663456b86f11d4643edc8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611cb28a000000000026
+            Version: 3
+            TBS:
+                MD5: 983a0c315a50542362f2bd6a5d71c8d0
+                SHA1: 8047f476001f5cb16a661d2a3fd0c3576168f5e2
+                SHA256: 5f6a519ed2e35cd0fa1cdfc90f4387162c36287bbf9e4d6648251d99542a9e83
+                SHA384: 5f014b60511ddab3247ef0b3c03fe82c622237ba76015e2911d1adc50dc632d56ebd1ee532f3c2b6cbfe68d80a2c91dc
+        -   Subject: C=CN, ST=Sichuan, L=Chengdu, O=Chengdu Qilu Technology Co. Ltd.,
+                CN=Chengdu Qilu Technology Co. Ltd.
+            ValidFrom: '2019-10-30 00:00:00'
+            ValidTo: '2020-11-03 12:00:00'
+            Signature: 80ee76d13f2fab06a2e811245b28f1703b9646b2f61b12f0a3228986b95263b331e554864a4586e25bb25b8a0440c95894533db4c8e94baf5f85a5eb4fbd3ec5522110006304e43bb09fb9ebb5e82cfd2ec889a21a5f490378cf36274a66a150f2ac58e92d86b711e271aef2eaf38ffe5fcfa1c7b8554caa9b640ed1c55cd69649bd86e74691f34132571e42067fa061d7a7b4e9f0579515902f32eb9dfcc5b1bf3de043361aa55e91776173893d666e9d6b0973f8273bc229c68dff1edbac5b9c6a648092a0ad2cc4bbd1efcc5f56bd0c9b7c50f3573eae1c684832596ce5cc67323d3d8ceb1c296bfc873140660edec06d8c627d124aef4d02fbdaef263091
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0a3a9f12d727bbf01199e74e0a5c7d8a
+            Version: 3
+            TBS:
+                MD5: 4e1dd44417986e6b087613679af48015
+                SHA1: 78273dbcf8cf746b5bdeccc6931246ea716adaea
+                SHA256: b437120e22b1250fec3ae5f55b0b431a2e4ac527c551cfba59cc58793ce29897
+                SHA384: d77f55a27f83c72814b7cd7c0ee7b3a29428c15c5fc8e3d478d7f0abdd37be30cdbe618845a7c358a4a43e75ceac5750
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 7b721d64ff88c83ac1b7e9e7a9c487bbdb9492d7905933fa2b87dea85b80253f138f9b831b7c43c4e68cdf393ec315ecb0da3b21257b24c1725db84791811346fa9c3f6a5138deb425cbf0abdfc528015479104624d1380f26a161904dbabd28e63ff1c4aa9bf6da35534fc9f23dd36cdc23edaaa04d6709f33a803d3cfb364c90e776a4ddf23abf56352fa24c65e8e0d4dad1c7c8916a2d234f373b199418d4d59c103cd5b11c19ff8fc86b9b9ef8ae9c999678d1cd9c51155b4226725a8d0a4a239240e886de22c2933ad49b68a6df297f06b93c0ebd9fc4869c82474271328609997209794b9d7169f541ff7f397764f1848dbe8b1eb27d68a3a590b10cff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0fa8490615d700a0be2176fdc5ec6dbd
+            Version: 3
+            TBS:
+                MD5: a9a31555bbc92b6033975c5428fb3679
+                SHA1: 47f4b9898631773231b32844ec0d49990ac4eb1e
+                SHA256: c826846e4b1d73edb7561ab1b41c949354e237a91e82fe1be5b7e2e1701f52d1
+                SHA384: 86f49574f368a561914a52d7ae043ec6784ef8c718960700f834e123594605d25d39f1ad45f1eb5052c9567f3edd0e16
+        Signer:
+        -   SerialNumber: 0a3a9f12d727bbf01199e74e0a5c7d8a
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID Code Signing CA,1
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: 360.cn
+    Date: ''
+    Description: Ludashi System Driver
+    FileVersion: 1.6.14.1024
+    Filename: ''
+    MD5: e0528f756bbb2ab83c60f9fd6f541e42
+    MachineType: AMD64
+    OriginalFilename: ComputerZ.Sys
+    Product: "\u9C81\u5927\u5E08"
+    ProductVersion: 1.6.14.1024
+    Publisher: ''
+    SHA1: c4b6e2351a72311a6e8f71186b218951a27fb97f
+    SHA256: 767ef5c831f92d92f2bfc3e6ea7fd76d11999eeea24cb464fd62e73132ed564b
+    Signature: ''
+    Imphash: 8605f70bcc472025c2e78082388ed00b
+    Authentihash:
+        MD5: a7035f3985620574571ad276844d7970
+        SHA1: 45e94d477a543e200db0d33e9dc4dfd8e93eb585
+        SHA256: df1fa63048807a9372a9b29baa712ef3c448ae28fc2c7da559714e40b1321a4d
+    RichPEHeaderHash:
+        MD5: 826de2c3aea31053da9da897889f3348
+        SHA1: a1633512b0e89a25159b9307359ddf6e5f2f7bed
+        SHA256: 9ddf0cd70876bc913f0f2cd63a8089e05955a0285f0b909b89d6fe840c7d580d
+    Sections:
+        .text:
+            Entropy: 6.30553749810269
+            Virtual Size: '0x34be'
+        .rdata:
+            Entropy: 4.675721408522755
+            Virtual Size: '0x3b4'
+        .data:
+            Entropy: 0.3458408061738237
+            Virtual Size: '0x1b4'
+        .pdata:
+            Entropy: 4.075026803040252
+            Virtual Size: '0x1e0'
+        INIT:
+            Entropy: 5.142209393966882
+            Virtual Size: '0x4d0'
+        .rsrc:
+            Entropy: 3.542055847545116
+            Virtual Size: '0x480'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2014-12-08 03:37:06'
+    InternalName: ComputerZ.Sys
+    Copyright: "\u7248\u6743\u6240\u6709 (C) 2010-2014 www.ludashi.com"
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - IoGetDeviceAttachmentBaseRef
+    - PsGetVersion
+    - RtlCompareUnicodeString
+    - ObfDereferenceObject
+    - IoGetDeviceProperty
+    - RtlAnsiStringToUnicodeString
+    - RtlInitAnsiString
+    - RtlFreeUnicodeString
+    - IoDeleteDevice
+    - MmIsAddressValid
+    - IoBuildDeviceIoControlRequest
+    - KeInitializeEvent
+    - KeWaitForSingleObject
+    - IofCallDriver
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - SeTokenIsAdmin
+    - SeReleaseSubjectContext
+    - SeCaptureSubjectContext
+    - KeSetTimer
+    - KeInitializeTimerEx
+    - KeBugCheckEx
+    - RtlInitUnicodeString
+    - IoGetDeviceObjectPointer
+    - IoDeleteSymbolicLink
+    - __C_specific_handler
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited,
+                CN=COMODO Time Stamping Signer
+            ValidFrom: '2010-05-10 00:00:00'
+            ValidTo: '2015-05-10 23:59:59'
+            Signature: c8fb63f80b75752c3af1f213a72db6a31a9cad0107d3348e77e0c26eae025d484fa4d221b636fd2a35437c6bdf80870b15f0763200b4ceb567a42f2f201b9c549e833f1f5f149562820f2241221f70b3f3f742de6c51cd4bf821ac9b3b8cb1e5e6288fce2a8af9aa524d8c5b77ba4d5a58dbbb6a04cc521e9de228370ebbe70e91c7f8dbf18198ebcd37b30eab65d362ec3aa576eb13a83593c92e0a01ecc0e8cc3d7eb6ebe2c1ecd3149282668750dcfd5097acb34a767306c486113ab35f4304526feab3d074364ccaf11b7984377063ad74b9aa0ef398b08608ebdbe01f8c10f239649bae4f0a2c928a4f18b591e58d1a935f1faef1a6f02e97d0d2f62b3c
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 478a8efb59e1d83f0ce142d2a28707be
+            Version: 3
+            TBS:
+                MD5: f13ede9179075999ef7f856ec31e364b
+                SHA1: 2f09867166e6107e17808317f5c8d4ee157f45bc
+                SHA256: 089a2c4c6ac7432020acdb65c33bf39130da6f37c002ba79128bd4c94e4fa101
+                SHA384: 67be6d358f4ecd0726163603a404db9d78c340951d43fd608482cd89a2de7f9566f0ce45f8222f420003157cb266b939
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=CN, ST=Beijing, L=Beijing, O=Qihoo 360 Software (Beijing) Company
+                Limited, OU=Digital ID Class 3 , Microsoft Software Validation v2,
+                OU=Tech. Dev. Dept., CN=Qihoo 360 Software (Beijing) Company Limited
+            ValidFrom: '2013-03-11 00:00:00'
+            ValidTo: '2016-03-10 23:59:59'
+            Signature: b1e984808fbc7d3658d18d137c68f1277611af3e98408e495fd55de202bc04f7dc44ae362658e6b5f9dd97b5b383b94723bae937b8fb9e75bb92317a85bcee1989c90c318216da71629f3147ae647502e71e360d16b7cf7006927282265eb0014300650595d1cccc07ed28d9df246055981cec3485bc3173aef9b76912a6cbb2766fa5363e1fc0a91d4679db92e1e1b8dc84e1a14de55324d522670f9e574714b2959ea7a89db456e3debd34d35bbe6403389421ac76615e4ce194990b325132fa62279f31e86fb7043627343fef7118672d5f1ce4666a594d746bb3c69bf123f27c6cb24079fc490a382286d4e85fc118ca9a4612dda448b84a25bcd0fa2cf1
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 51bd5d8e45b82a0210f17fe4c5233468
+            Version: 3
+            TBS:
+                MD5: ad73c81b3174cc055d9718b2145a3d1f
+                SHA1: 0cb9e92828857976774a9fe96c016cdc67a25e6d
+                SHA256: 2c5d88401dfeec2ebf814e09d0d0faec9d109a503d427da4a7f3e0dec5ae0b6c
+                SHA384: 48c38329eb7f200be0d48acddabdb93c354dd1b8b3c3ce955a23638a4e2e32dd7d0f3a4f227a2b6382adc95e746cc411
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 51bd5d8e45b82a0210f17fe4c5233468
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: 360.cn
+    Date: ''
+    Description: Ludashi System Driver
+    FileVersion: 1.6.13.1019
+    Filename: ''
+    MD5: d76b56b79b1c95e8dcd7ee88cb0d25ab
+    MachineType: AMD64
+    OriginalFilename: ComputerZ.Sys
+    Product: "\u9C81\u5927\u5E08"
+    ProductVersion: 1.6.13.1019
+    Publisher: ''
+    SHA1: 97941faf575e43e59fe8ee167de457c2cf75c9eb
+    SHA256: 8047859a7a886bcf4e666494bd03a6be9ce18e20dc72df0e5b418d180efef250
+    Signature: ''
+    Imphash: fffbca93e6322995552b841c7d65b033
+    Authentihash:
+        MD5: 50a21ac6e74c060dd86734ecab8979c2
+        SHA1: 2e1ffe5098066ba2e3a62e000081eceb21b70b69
+        SHA256: 665512fdf31d81504e6540e94d8f1b39f3e56932054a9b83aa4a45360e1c5477
+    RichPEHeaderHash:
+        MD5: 7f4fe28fbea8250d1d89c107bf8aa820
+        SHA1: 2c88a39230384654a89546d9eae4394786648eeb
+        SHA256: ac21ab9c51c4a7d30efd0f08fc44428e2d46890849b3413fc8c4a4239c468130
+    Sections:
+        .text:
+            Entropy: 6.341986627844097
+            Virtual Size: '0x2b5e'
+        .rdata:
+            Entropy: 4.614804254541534
+            Virtual Size: '0x32c'
+        .data:
+            Entropy: 0.41099431917639
+            Virtual Size: '0x164'
+        .pdata:
+            Entropy: 3.99339070054653
+            Virtual Size: '0x1a4'
+        INIT:
+            Entropy: 5.1042520300899135
+            Virtual Size: '0x470'
+        .rsrc:
+            Entropy: 3.567653628026684
+            Virtual Size: '0x480'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2013-07-22 01:47:25'
+    InternalName: ComputerZ.Sys
+    Copyright: "\u7248\u6743\u6240\u6709 (C) 2010-2013 www.ludashi.com"
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - IoGetDeviceAttachmentBaseRef
+    - PsGetVersion
+    - RtlCompareUnicodeString
+    - ObfDereferenceObject
+    - IoGetDeviceProperty
+    - RtlAnsiStringToUnicodeString
+    - RtlInitAnsiString
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - MmIsAddressValid
+    - IoBuildDeviceIoControlRequest
+    - KeInitializeEvent
+    - KeWaitForSingleObject
+    - IofCallDriver
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - SeTokenIsAdmin
+    - SeReleaseSubjectContext
+    - SeCaptureSubjectContext
+    - KeSetTimer
+    - KeInitializeTimerEx
+    - KeBugCheckEx
+    - __C_specific_handler
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited,
+                CN=COMODO Time Stamping Signer
+            ValidFrom: '2010-05-10 00:00:00'
+            ValidTo: '2015-05-10 23:59:59'
+            Signature: c8fb63f80b75752c3af1f213a72db6a31a9cad0107d3348e77e0c26eae025d484fa4d221b636fd2a35437c6bdf80870b15f0763200b4ceb567a42f2f201b9c549e833f1f5f149562820f2241221f70b3f3f742de6c51cd4bf821ac9b3b8cb1e5e6288fce2a8af9aa524d8c5b77ba4d5a58dbbb6a04cc521e9de228370ebbe70e91c7f8dbf18198ebcd37b30eab65d362ec3aa576eb13a83593c92e0a01ecc0e8cc3d7eb6ebe2c1ecd3149282668750dcfd5097acb34a767306c486113ab35f4304526feab3d074364ccaf11b7984377063ad74b9aa0ef398b08608ebdbe01f8c10f239649bae4f0a2c928a4f18b591e58d1a935f1faef1a6f02e97d0d2f62b3c
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 478a8efb59e1d83f0ce142d2a28707be
+            Version: 3
+            TBS:
+                MD5: f13ede9179075999ef7f856ec31e364b
+                SHA1: 2f09867166e6107e17808317f5c8d4ee157f45bc
+                SHA256: 089a2c4c6ac7432020acdb65c33bf39130da6f37c002ba79128bd4c94e4fa101
+                SHA384: 67be6d358f4ecd0726163603a404db9d78c340951d43fd608482cd89a2de7f9566f0ce45f8222f420003157cb266b939
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=CN, ST=Beijing, L=Beijing, O=Qihoo 360 Software (Beijing) Company
+                Limited, OU=Digital ID Class 3 , Microsoft Software Validation v2,
+                OU=Tech. Dev. Dept., CN=Qihoo 360 Software (Beijing) Company Limited
+            ValidFrom: '2013-03-11 00:00:00'
+            ValidTo: '2016-03-10 23:59:59'
+            Signature: b1e984808fbc7d3658d18d137c68f1277611af3e98408e495fd55de202bc04f7dc44ae362658e6b5f9dd97b5b383b94723bae937b8fb9e75bb92317a85bcee1989c90c318216da71629f3147ae647502e71e360d16b7cf7006927282265eb0014300650595d1cccc07ed28d9df246055981cec3485bc3173aef9b76912a6cbb2766fa5363e1fc0a91d4679db92e1e1b8dc84e1a14de55324d522670f9e574714b2959ea7a89db456e3debd34d35bbe6403389421ac76615e4ce194990b325132fa62279f31e86fb7043627343fef7118672d5f1ce4666a594d746bb3c69bf123f27c6cb24079fc490a382286d4e85fc118ca9a4612dda448b84a25bcd0fa2cf1
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 51bd5d8e45b82a0210f17fe4c5233468
+            Version: 3
+            TBS:
+                MD5: ad73c81b3174cc055d9718b2145a3d1f
+                SHA1: 0cb9e92828857976774a9fe96c016cdc67a25e6d
+                SHA256: 2c5d88401dfeec2ebf814e09d0d0faec9d109a503d427da4a7f3e0dec5ae0b6c
+                SHA384: 48c38329eb7f200be0d48acddabdb93c354dd1b8b3c3ce955a23638a4e2e32dd7d0f3a4f227a2b6382adc95e746cc411
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 51bd5d8e45b82a0210f17fe4c5233468
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: ludashi.com
+    Date: ''
+    Description: Ludashi System Driver
+    FileVersion: 1.6.15.1045
+    Filename: ''
+    MD5: a71020c6d6d42c5000e9993425247e06
+    MachineType: AMD64
+    OriginalFilename: ComputerZ.Sys
+    Product: "\u9C81\u5927\u5E08"
+    ProductVersion: 1.6.15.1045
+    Publisher: ''
+    SHA1: ec0c3c61a293a90f36db5f8ed91cbf33c2b14a19
+    SHA256: 8781589c77df2330a0085866a455d3ef64e4771eb574a211849784fdfa765040
+    Signature: ''
+    Imphash: fbfa302bf7eb5d615d0968541ee49ce4
+    Authentihash:
+        MD5: 98a39fd9543c26e95548235dbed6f6ee
+        SHA1: 55a83548224d9dc156e1ba4b4bd1400cad060009
+        SHA256: aac9c11490da2ad5316469aa91943b42d019b51ff6f1d9d9767260abd075bb8f
+    RichPEHeaderHash:
+        MD5: 931e927cdf1c24d5817bff89dab85a64
+        SHA1: 4cd801fca152bbe24f5f38fd11ceb6376bcef450
+        SHA256: 7122c2c491e45b9bc338bcc38386cc39217d647ee94adc68881890034b241fb2
+    Sections:
+        .text:
+            Entropy: 6.323647044082133
+            Virtual Size: '0x36fe'
+        .rdata:
+            Entropy: 4.706224571856012
+            Virtual Size: '0x3b4'
+        .data:
+            Entropy: 0.34051109993725664
+            Virtual Size: '0x1bc'
+        .pdata:
+            Entropy: 4.140010388960332
+            Virtual Size: '0x1e0'
+        INIT:
+            Entropy: 5.131166362174372
+            Virtual Size: '0x4e8'
+        .rsrc:
+            Entropy: 3.574245952532775
+            Virtual Size: '0x488'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2015-09-05 21:28:20'
+    InternalName: ComputerZ.Sys
+    Copyright: "\u7248\u6743\u6240\u6709 (C) 2010-2015 www.ludashi.com"
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - RtlGetVersion
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - IoGetDeviceAttachmentBaseRef
+    - PsGetVersion
+    - RtlCompareUnicodeString
+    - ObfDereferenceObject
+    - IoGetDeviceProperty
+    - RtlAnsiStringToUnicodeString
+    - RtlInitAnsiString
+    - RtlFreeUnicodeString
+    - IoDeleteDevice
+    - MmIsAddressValid
+    - IoBuildDeviceIoControlRequest
+    - KeInitializeEvent
+    - KeWaitForSingleObject
+    - IofCallDriver
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - SeTokenIsAdmin
+    - SeReleaseSubjectContext
+    - SeCaptureSubjectContext
+    - KeSetTimer
+    - KeInitializeTimerEx
+    - KeBugCheckEx
+    - RtlInitUnicodeString
+    - IoGetDeviceObjectPointer
+    - IoDeleteSymbolicLink
+    - __C_specific_handler
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited,
+                CN=COMODO Time Stamping Signer
+            ValidFrom: '2015-05-05 00:00:00'
+            ValidTo: '2015-12-31 23:59:59'
+            Signature: 0dbbad60111bb5f00dcce6483a7a3e0e33dc1cb9ead620fea34dd0cc764ee818d879dfd34f9a4264238a29728a3a6c66a63c3a17a8704565c673c3d0ce8954fbac690f58b019cb869f7eb97eeb5192bf9bddebd165f0257b887cdebda5c8b51451bcc081308a85387be679fe67559387fe4fe88d0eedf37292b5c289806dd159e31d0deab138ee039d0019a5ab219b79c3ccc23e687ebdc94d694db46451fbb22874e25389ce9dfaade2dbceab7b7e064474fd0aa3c9b7a730cd49d29264f122a6b828457479e9a7ce3b33f98350947d68c01d49c760787a3c6426d5befa0a6de41ee109538fa9c523acc79d614221f02c1671493b10af2c6f1ae631f114fd6c
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 009feac811b0f16247a5fc20d80523ace6
+            Version: 3
+            TBS:
+                MD5: b6aa9cf28bcfc9f07ec1069fb425ab61
+                SHA1: ca7a166fcd53878ba5a38d4cac37c63513cfc1fa
+                SHA256: 711394fc49f8948a831f687d42ced6b18514f57786ecc6cdbc3c3eb72e568a40
+                SHA384: ca01f9c9ed4e1ddff7126b7bbf618bc8132429886ca563f86655429e928739c621b9fdea6e04a623712cbb998c5c7d77
+        -   Subject: ??=HK, ??=Private Organization, serialNumber=1848744, C=HK, ST=Hong
+                Kong, L=Hong Kong, O=QIHU 360 SOFTWARE CO. LIMITED, CN=QIHU 360 SOFTWARE
+                CO. LIMITED
+            ValidFrom: '2013-05-21 00:00:00'
+            ValidTo: '2016-05-20 23:59:59'
+            Signature: 587d78ec02924b2d33f7c5cc7040ac737c6fca831ea1f059e6a03b75fa436dee4b7ff5ac1c23878cf3427830d11a3ea28eb7e01e07866f5208f06e3f53b7804792c79d3d6ae28d86bf5389667f6bc26499ab3f426cf4ab0f25ba10e46ef47e398eeb7346bdf4c94dda781f9b8dd207d68694c24cccf6784993196d868768e64c839aaf875032fab8bc00e0e35d791b7c9d00527038d7913aba02ea1a4dca9b6058ce8189cb22bb35937213f6ce8737c2b58f621a0821e05b7d072cd7fc1907fac18804aac193183c922eba0364cc4b228c9e47ad2a593d08b7ba21e7357d957586d69497799e365d2371efa162e7ad188ac0cc3139abba389d2478b5579f0c8a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 541fda68b5e95006f2fec51bea326365
+            Version: 3
+            TBS:
+                MD5: f741ec6836bb74e2370476618157c432
+                SHA1: a392f40f4b3dc57727804cbeef660bbf9e2fbb69
+                SHA256: faf712aafed949a99bad324e153686c3e94f25ed38ecadbee3e7650f23bea634
+                SHA384: d2935b45e517522578d0a44e3654896b3dd991aef0091a60a1d22d3c695b07b4d8e9c0b36bab3b44c1fe1c12cf225f91
+        -   Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 Extended Validation Code Signing CA
+            ValidFrom: '2012-06-07 00:00:00'
+            ValidTo: '2022-06-06 23:59:59'
+            Signature: 6af31dbc5f4dde03f949491dad3d761c96ba1b43e6f48602427578c70cc2e59dc4344f0ea9e94ab4be418487eaf487b44cdb10493bf7df1590ba84f8b747eb5b6550f3a34a7110167b1ce1f5d6edbf50566ff899b3a951b646aec697e0e79b0c153ebb287b31a300f32e8b8748128982ef095f490c909ec8f696a37b9a7513c847f03e3f6f0b50296c2b784c30fce4600c1340d63875a9077964fdca3ce4ef48930be00a48ff076b3b0283d166d5b9e198f40e9f69c42e552e01967d7e840c80767536cbfd4661f469cc1a9d642bba046ee91152da1299a15ab083c4bc4780a6274d007a36033cbe619863cb9f05ee8085eedd9592f7ee50d463dc8fa42479bf
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 6c59efa9e100e10ee306ba8fe0292559
+            Version: 3
+            TBS:
+                MD5: cc806ac6ce6822cccc165d63c1b8fa37
+                SHA1: 261a24e7b2648867017e7e852258ef87ab84c5f1
+                SHA256: a8b0af15f217006b33f9beafe49e22f7263776bdb82c268c97c4441a6c7357e6
+                SHA384: ce7e869a43aa2e17b7e4c0d78cabbca7b40d22c86e132153234d39b00ae426ceeef56c6ee8312f5ffda5c3f629a5dee1
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        Signer:
+        -   SerialNumber: 541fda68b5e95006f2fec51bea326365
+            Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 Extended Validation Code Signing CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: "\u9C81\u5927\u5E08"
+    Date: ''
+    Description: Ludashi System Driver
+    FileVersion: 1.3.10.831
+    Filename: ''
+    MD5: 7c983b4e66c4697ad3ce7efc9166b505
+    MachineType: I386
+    OriginalFilename: ComputerZ.Sys
+    Product: Ludashi System Driver
+    ProductVersion: 1.3.10.831
+    Publisher: ''
+    SHA1: c9522cf7f6d6637aaff096b4b16b0d81f6ee1c37
+    SHA256: 898e07cf276ec2090b3e7ca7c192cc0fa10d6f13d989ef1cb5826ca9ce25b289
+    Signature: ''
+    Imphash: b142d772a67c40535c8d8fabb6861748
+    Authentihash:
+        MD5: 0409d64beac16333feb5bf09a356c1d7
+        SHA1: d9482598bd5adb287f06a8ff3d755060e9dab4fc
+        SHA256: aea066ef46a44a082e437c0fd68671ad77ee626f5864a0c2060e8fb970493635
+    RichPEHeaderHash:
+        MD5: 45205f6fbd955e6f411225db2c836af9
+        SHA1: 123f4b488a573fbe556339280d0485feb65fc9a1
+        SHA256: a59884d16bd282a5d177da9ed228fe715c89a3682deeced17bd47246b0ad7e6a
+    Sections:
+        .text:
+            Entropy: 6.335177184348483
+            Virtual Size: '0xd70'
+        .rdata:
+            Entropy: 4.100383532062172
+            Virtual Size: '0x164'
+        .data:
+            Entropy: 2.5
+            Virtual Size: '0x8'
+        INIT:
+            Entropy: 5.3767437075552635
+            Virtual Size: '0x30e'
+        .rsrc:
+            Entropy: 3.453089760048433
+            Virtual Size: '0x3e8'
+        .reloc:
+            Entropy: 4.119974163480037
+            Virtual Size: '0xde'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2010-09-01 02:09:24'
+    InternalName: ComputerZ.Sys
+    Copyright: Copyright (C) 2008-2010 www.ludashi.com
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - _except_handler3
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - READ_REGISTER_BUFFER_ULONG
+    - WRITE_REGISTER_ULONG
+    - WRITE_REGISTER_UCHAR
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - ObfDereferenceObject
+    - MmIsAddressValid
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - RtlAnsiStringToUnicodeString
+    - RtlInitAnsiString
+    - PsGetVersion
+    - KeWaitForSingleObject
+    - IofCallDriver
+    - IoBuildDeviceIoControlRequest
+    - KeInitializeEvent
+    - KeTickCount
+    - KeBugCheckEx
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=CN, ST=Sichuan, L=Chengdu, O=Chengdu Qiying Technology Co.,Ltd.,
+                OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=Chengdu
+                Qiying Technology Co.,Ltd.
+            ValidFrom: '2010-03-31 00:00:00'
+            ValidTo: '2011-03-31 23:59:59'
+            Signature: 1faadccc76ce27891191f3b98a4feaac1220aa61f9a07540f1de38346f466d20bb5ecda07db57aaffc5b472a5d47f928fb717b5d407aff12311fe9cac2daa7fca057a85d34058cf2c02ae2c5168e7f99c7d065b9cd2ac1beda4c9d7fdf0caf7030b821b71bae2a0d17ccbc829b469407cddec7a1fbf93d8c0364b79231b978b227ea09dc6be8d83da1b430c6a1945254bdc987341ac9bccc93c74eb006e9960a38e74815a549617678b00857098adbac42783d88babc75de8e1569fe05b4c74a79e2e423e296b4f1585db891a257dd4b82167cbc8efcd6ae322c0d778036a8fd4b549e736ba03dff6c3a8835b9279fab3639b610554c87bfa6630d8b7a07e6c3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 61359ac44514d781769fd643666b4572
+            Version: 3
+            TBS:
+                MD5: 416fc5d0038211bf34811efeff6d562f
+                SHA1: e0acbd39e2fa410a22c96e2a3eaea4342a626f40
+                SHA256: 843e587edb9c53b2fbbf84cd90b217af016da1330905b25c16bb059a26b5726e
+                SHA384: 1a1167bbac2b00e60c10a4c1dc1d0f5105c42582b1a39e05a1d60710d97a24c6ff76fe73700f0fb0e1e03f27aebb7697
+        Signer:
+        -   SerialNumber: 61359ac44514d781769fd643666b4572
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: 360.cn
+    Date: ''
+    Description: Ludashi System Driver
+    FileVersion: 1.6.12.1018
+    Filename: ''
+    MD5: 2c47725db0c5eb5c2ecc32ff208bceb6
+    MachineType: I386
+    OriginalFilename: ComputerZ.Sys
+    Product: "360\u786C\u4EF6\u5927\u5E08"
+    ProductVersion: 1.6.12.1018
+    Publisher: ''
+    SHA1: 55777e18eb95b6c9c3e6df903f0ac36056fa83da
+    SHA256: 8d3347c93dff62eecdde22ccc6ba3ce8c0446874738488527ea76d0645341409
+    Signature: ''
+    Imphash: f9b9487f25a2c1e08c02f391387c5323
+    Authentihash:
+        MD5: 354edd67437778970468a5bdd16186f7
+        SHA1: 9122dd6d5a86c5324768bd68b02770a39d591e8e
+        SHA256: 665b45ff2a2054ffdb3ea55031802c1d7fd3db843ecbcf74b227e0200b37cd56
+    RichPEHeaderHash:
+        MD5: 9c097c5f0dbfddee14b43b091fd5d78d
+        SHA1: 67b637975685265ef26bda5b8bae555ba81a7f0c
+        SHA256: 95b228876243446bbf5a24243dccd159e39c09cd4001f7d385c5234f79be7b53
+    Sections:
+        .text:
+            Entropy: 6.3509986625630095
+            Virtual Size: '0x2710'
+        .rdata:
+            Entropy: 4.048623584523366
+            Virtual Size: '0x194'
+        .data:
+            Entropy: 1.1225846798245738
+            Virtual Size: '0x50'
+        INIT:
+            Entropy: 5.474429971377343
+            Virtual Size: '0x448'
+        .rsrc:
+            Entropy: 3.5283745729717517
+            Virtual Size: '0x3b0'
+        .reloc:
+            Entropy: 5.265565775816046
+            Virtual Size: '0x1d8'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2012-11-07 03:16:34'
+    InternalName: ComputerZ.Sys
+    Copyright: "\u7248\u6743\u6240\u6709 (C) 2010-2012 360.cn"
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - IoGetDeviceProperty
+    - RtlCompareUnicodeString
+    - ObfDereferenceObject
+    - IoGetDeviceAttachmentBaseRef
+    - PsGetVersion
+    - MmIsAddressValid
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - RtlAnsiStringToUnicodeString
+    - RtlInitAnsiString
+    - KeWaitForSingleObject
+    - IofCallDriver
+    - IoBuildDeviceIoControlRequest
+    - KeInitializeEvent
+    - MmUnmapIoSpace
+    - READ_REGISTER_BUFFER_UCHAR
+    - MmMapIoSpace
+    - READ_REGISTER_BUFFER_ULONG
+    - WRITE_REGISTER_ULONG
+    - WRITE_REGISTER_UCHAR
+    - KeSetTimer
+    - KeInitializeTimerEx
+    - _allmul
+    - SeReleaseSubjectContext
+    - SeTokenIsAdmin
+    - SeCaptureSubjectContext
+    - KeTickCount
+    - KeBugCheckEx
+    - RtlUnwind
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G3
+            ValidFrom: '2012-05-01 00:00:00'
+            ValidTo: '2012-12-31 23:59:59'
+            Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
+            Version: 3
+            TBS:
+                MD5: e6d820afb23af20a65cf0b03247ea05e
+                SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
+                SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
+                SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=CN, ST=Beijing, L=Beijing, O=360.cn, OU=Digital ID Class 3
+                , Microsoft Software Validation v2, CN=360.cn
+            ValidFrom: '2010-03-16 00:00:00'
+            ValidTo: '2013-03-15 23:59:59'
+            Signature: 1d035b2e51207ee0aaa7a8618092198204b6614406a8f9057f4160de8e165777f5c7d7f1f3ba768043881dbabc4a1ffa7d3044d7f5ef0f2658173fce2a1735ba9034873c94c7865ec78160b9b00815e253a60a2eeea8b8f68cc144d47419046c97fdbf690ac7755e84230dfa0e8f4f1aaccf8f6589d9ad9f160988f4c8cc5a73c4241c74ea6770042ed7496fd6b7aa7ae64c3741aa3a1f004c75d2a9f25e0d1ac53e9dd13d2067c963a9eb089517a9d4b5a805f1d9c72c61efea0b898eaf9fb2c6e23e785c00e0b6f53e91ba0f343060ee50bdb7e41c17b25cc389e12022d1388b6af77d3031eb65febf236b795b500a49e1fe6ad9139ad09ababb9fcea00f3b
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 74f2958d31d03eb042f9081555305277
+            Version: 3
+            TBS:
+                MD5: 4f5c7d4f95e9d6a9749876f33ae138c4
+                SHA1: 3666bdaf7b0d6a9019d5111e2ffd0bf06587dd58
+                SHA256: f5b44adb5d25d0e309ae2f5db3f1e2428ef0b7332f8afcc2086786485aa7c162
+                SHA384: ae0b037429f9c36e2925d6be76b2535f8a66c6d81b07252c63ce74af493bb31d5d52c276de95cdc4c71ba56bdf7148e4
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        Signer:
+        -   SerialNumber: 74f2958d31d03eb042f9081555305277
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: 360.cn
+    Date: ''
+    Description: Ludashi System Driver
+    FileVersion: 1.6.11.415
+    Filename: ''
+    MD5: 44499d3cab387aa78a4a6eca2ac181fb
+    MachineType: AMD64
+    OriginalFilename: ComputerZ.Sys
+    Product: "360\u786C\u4EF6\u5927\u5E08"
+    ProductVersion: 1.6.11.415
+    Publisher: ''
+    SHA1: db3ce886a47027c09bb668c7049362ab86c82ceb
+    SHA256: a34e45e5bbec861e937aefb3cbb7c8818f72df2082029e43264c2b361424cbb1
+    Signature: ''
+    Imphash: fffbca93e6322995552b841c7d65b033
+    Authentihash:
+        MD5: 2ed9b1d5cc2f688a6b836c4be1a64981
+        SHA1: 970b6f1cc81ce6cb7fb2e2f5d9f3b159dce86c10
+        SHA256: 19f89530b8caf720c91c82977132bb1fb2afe695b426b51a1ae1b35570805f32
+    RichPEHeaderHash:
+        MD5: c6a84fd8b9ad9825f80dad9cd0c9e192
+        SHA1: 2955d54729fcdec5454796a4decd2ce2fd49f167
+        SHA256: d409b635f972a6ced87c5ac14d62792a70f26f226099fc41075fbcea4daf6f29
+    Sections:
+        .text:
+            Entropy: 6.333816389043476
+            Virtual Size: '0x280e'
+        .rdata:
+            Entropy: 4.645005881454265
+            Virtual Size: '0x308'
+        .data:
+            Entropy: 0.41099431917639
+            Virtual Size: '0x164'
+        .pdata:
+            Entropy: 3.898904923251171
+            Virtual Size: '0x180'
+        INIT:
+            Entropy: 5.095356237769951
+            Virtual Size: '0x470'
+        .rsrc:
+            Entropy: 3.5180039714066043
+            Virtual Size: '0x3b0'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2011-04-15 03:21:45'
+    InternalName: ComputerZ.Sys
+    Copyright: "\u7248\u6743\u6240\u6709 (C) 2010-2011 360.cn"
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - IoGetDeviceAttachmentBaseRef
+    - PsGetVersion
+    - RtlCompareUnicodeString
+    - ObfDereferenceObject
+    - IoGetDeviceProperty
+    - RtlAnsiStringToUnicodeString
+    - RtlInitAnsiString
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - MmIsAddressValid
+    - IoBuildDeviceIoControlRequest
+    - KeInitializeEvent
+    - KeWaitForSingleObject
+    - IofCallDriver
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - SeTokenIsAdmin
+    - SeReleaseSubjectContext
+    - SeCaptureSubjectContext
+    - KeSetTimer
+    - KeInitializeTimerEx
+    - KeBugCheckEx
+    - __C_specific_handler
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=CN, ST=Sichuan, L=Chengdu, O=Chengdu Qiying Technology Co.,Ltd.,
+                OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=Chengdu
+                Qiying Technology Co.,Ltd.
+            ValidFrom: '2011-03-24 00:00:00'
+            ValidTo: '2012-04-21 23:59:59'
+            Signature: cd066ca62f5db4c9ca07274bc3f10d7e1e9a9beb90957073cfd2fd65e8bfd419db87e5fcf772c2b099bdff5de2412caa65069a5502a69ecaf6ad4659e901a8837c2bfd3bd81ea1305378c81d53cc4384010bf48d51c86f43586f22e546e41df4f5dc7f5cb73a24f7da0661c38eca09982e8fe91275f412aacec0842ce28efeb295c88ad1c74fcdbd744ec90640da8620ba02e7a2ab4857c8fccaf7de1268e513b8bbac9407f0a9fa59194d70659e46111ab4cd5f1fce1b97c663ceea671c055659e1d24cbe3f4cfb366ecc89f350f1a54eb1fcd3f5dbfc0efef9cb4b0e71996a94aaa92380859fa92371593420e258d0a14d09dc9bfd6c4b528c83d439b44abf
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 4eb872f0c388229ae038b56303fcfdd5
+            Version: 3
+            TBS:
+                MD5: 08ba4b408576a45f9ae47b3bb6bee468
+                SHA1: 8701103a3c6f007be112d5f0d1cdfe32f73d1c02
+                SHA256: 8ba1e1472491da70d5de5d5b6e754d3217893f3abea2877e228c0bfccf07e8b2
+                SHA384: d63bb928f6a887680169cb72c13b8a402c574766848035406c9fb119643f7f7a04852ccdfbddf0ff673d7189e4aa09f4
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 4eb872f0c388229ae038b56303fcfdd5
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: 360.cn
+    Date: ''
+    Description: Ludashi System Driver
+    FileVersion: 1.6.11.1008
+    Filename: ''
+    MD5: 637f2708da54e792c27f1141d5bb09cd
+    MachineType: I386
+    OriginalFilename: ComputerZ.Sys
+    Product: "360\u786C\u4EF6\u5927\u5E08"
+    ProductVersion: 1.6.11.1008
+    Publisher: ''
+    SHA1: dc393d30453daa1f853f47797e48c142ac77a37b
+    SHA256: a97b404aae301048e0600693457c3320d33f395e9312938831bc5a0e808f2e67
+    Signature: ''
+    Imphash: f9b9487f25a2c1e08c02f391387c5323
+    Authentihash:
+        MD5: 0a03c413e989714fc0d43f4174cb29c7
+        SHA1: 6777ce9e28ffe884bec45588db510295995c3eb7
+        SHA256: 87279855c17e3924ebfa07f51c1312d0e107f990f4ae174807ac4814da6179ac
+    RichPEHeaderHash:
+        MD5: 2b333a796628f5a6167204d8386db243
+        SHA1: 42eee62246749bc7f1c13620a762c056e9d0a754
+        SHA256: 78a5ad5e597ace30219e94d7082fb7d502c98948841e6885741e72d94d058d3b
+    Sections:
+        .text:
+            Entropy: 6.33722266411958
+            Virtual Size: '0x25ec'
+        .rdata:
+            Entropy: 4.055089931454665
+            Virtual Size: '0x194'
+        .data:
+            Entropy: 0.9185644431995964
+            Virtual Size: '0x40'
+        INIT:
+            Entropy: 5.440242429774388
+            Virtual Size: '0x448'
+        .rsrc:
+            Entropy: 3.5259556360992286
+            Virtual Size: '0x3b0'
+        .reloc:
+            Entropy: 5.274136623805015
+            Virtual Size: '0x1d2'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2011-10-07 22:15:21'
+    InternalName: ComputerZ.Sys
+    Copyright: "\u7248\u6743\u6240\u6709 (C) 2010-2011 360.cn"
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - IoGetDeviceProperty
+    - RtlCompareUnicodeString
+    - ObfDereferenceObject
+    - IoGetDeviceAttachmentBaseRef
+    - PsGetVersion
+    - MmIsAddressValid
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - RtlAnsiStringToUnicodeString
+    - RtlInitAnsiString
+    - KeWaitForSingleObject
+    - IofCallDriver
+    - IoBuildDeviceIoControlRequest
+    - KeInitializeEvent
+    - MmUnmapIoSpace
+    - READ_REGISTER_BUFFER_UCHAR
+    - MmMapIoSpace
+    - READ_REGISTER_BUFFER_ULONG
+    - WRITE_REGISTER_ULONG
+    - WRITE_REGISTER_UCHAR
+    - KeSetTimer
+    - KeInitializeTimerEx
+    - _allmul
+    - SeReleaseSubjectContext
+    - SeTokenIsAdmin
+    - SeCaptureSubjectContext
+    - KeTickCount
+    - KeBugCheckEx
+    - RtlUnwind
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=CN, ST=Sichuan, L=Chengdu, O=Chengdu Qiying Technology Co.,Ltd.,
+                OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=Chengdu
+                Qiying Technology Co.,Ltd.
+            ValidFrom: '2011-03-24 00:00:00'
+            ValidTo: '2012-04-21 23:59:59'
+            Signature: cd066ca62f5db4c9ca07274bc3f10d7e1e9a9beb90957073cfd2fd65e8bfd419db87e5fcf772c2b099bdff5de2412caa65069a5502a69ecaf6ad4659e901a8837c2bfd3bd81ea1305378c81d53cc4384010bf48d51c86f43586f22e546e41df4f5dc7f5cb73a24f7da0661c38eca09982e8fe91275f412aacec0842ce28efeb295c88ad1c74fcdbd744ec90640da8620ba02e7a2ab4857c8fccaf7de1268e513b8bbac9407f0a9fa59194d70659e46111ab4cd5f1fce1b97c663ceea671c055659e1d24cbe3f4cfb366ecc89f350f1a54eb1fcd3f5dbfc0efef9cb4b0e71996a94aaa92380859fa92371593420e258d0a14d09dc9bfd6c4b528c83d439b44abf
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 4eb872f0c388229ae038b56303fcfdd5
+            Version: 3
+            TBS:
+                MD5: 08ba4b408576a45f9ae47b3bb6bee468
+                SHA1: 8701103a3c6f007be112d5f0d1cdfe32f73d1c02
+                SHA256: 8ba1e1472491da70d5de5d5b6e754d3217893f3abea2877e228c0bfccf07e8b2
+                SHA384: d63bb928f6a887680169cb72c13b8a402c574766848035406c9fb119643f7f7a04852ccdfbddf0ff673d7189e4aa09f4
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 4eb872f0c388229ae038b56303fcfdd5
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: 360.cn
+    Date: ''
+    Description: Ludashi System Driver
+    FileVersion: 1.6.14.1021
+    Filename: ''
+    MD5: 3f29f651a3c4ff5ce16d61deccf46618
+    MachineType: AMD64
+    OriginalFilename: ComputerZ.Sys
+    Product: "\u9C81\u5927\u5E08"
+    ProductVersion: 1.6.14.1021
+    Publisher: ''
+    SHA1: cb0bc86d437ab78c1fbefdaf1af965522ebdd65d
+    SHA256: bc453d428fc224960fa8cbbaf90c86ce9b4c8c30916ad56e525ab19b6516424e
+    Signature: ''
+    Imphash: fffbca93e6322995552b841c7d65b033
+    Authentihash:
+        MD5: 8537ac04b83bb2ce5905e04cbbabe409
+        SHA1: d5c80e72827bea03340b9f23c46c8a00fe9d20f8
+        SHA256: a4c9fdd68c1f70df223d50d849fb83d11b1abc2256b8916e195f32360bb647ad
+    RichPEHeaderHash:
+        MD5: 7f4fe28fbea8250d1d89c107bf8aa820
+        SHA1: 2c88a39230384654a89546d9eae4394786648eeb
+        SHA256: ac21ab9c51c4a7d30efd0f08fc44428e2d46890849b3413fc8c4a4239c468130
+    Sections:
+        .text:
+            Entropy: 6.318474008501602
+            Virtual Size: '0x2fae'
+        .rdata:
+            Entropy: 4.600644395447569
+            Virtual Size: '0x33c'
+        .data:
+            Entropy: 0.3888300330017545
+            Virtual Size: '0x17c'
+        .pdata:
+            Entropy: 4.038325406004775
+            Virtual Size: '0x1c8'
+        INIT:
+            Entropy: 5.1042520300899135
+            Virtual Size: '0x470'
+        .rsrc:
+            Entropy: 3.558317788181056
+            Virtual Size: '0x480'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2014-02-24 19:36:50'
+    InternalName: ComputerZ.Sys
+    Copyright: "\u7248\u6743\u6240\u6709 (C) 2010-2014 www.ludashi.com"
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - IoGetDeviceAttachmentBaseRef
+    - PsGetVersion
+    - RtlCompareUnicodeString
+    - ObfDereferenceObject
+    - IoGetDeviceProperty
+    - RtlAnsiStringToUnicodeString
+    - RtlInitAnsiString
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - MmIsAddressValid
+    - IoBuildDeviceIoControlRequest
+    - KeInitializeEvent
+    - KeWaitForSingleObject
+    - IofCallDriver
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - SeTokenIsAdmin
+    - SeReleaseSubjectContext
+    - SeCaptureSubjectContext
+    - KeSetTimer
+    - KeInitializeTimerEx
+    - KeBugCheckEx
+    - __C_specific_handler
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited,
+                CN=COMODO Time Stamping Signer
+            ValidFrom: '2010-05-10 00:00:00'
+            ValidTo: '2015-05-10 23:59:59'
+            Signature: c8fb63f80b75752c3af1f213a72db6a31a9cad0107d3348e77e0c26eae025d484fa4d221b636fd2a35437c6bdf80870b15f0763200b4ceb567a42f2f201b9c549e833f1f5f149562820f2241221f70b3f3f742de6c51cd4bf821ac9b3b8cb1e5e6288fce2a8af9aa524d8c5b77ba4d5a58dbbb6a04cc521e9de228370ebbe70e91c7f8dbf18198ebcd37b30eab65d362ec3aa576eb13a83593c92e0a01ecc0e8cc3d7eb6ebe2c1ecd3149282668750dcfd5097acb34a767306c486113ab35f4304526feab3d074364ccaf11b7984377063ad74b9aa0ef398b08608ebdbe01f8c10f239649bae4f0a2c928a4f18b591e58d1a935f1faef1a6f02e97d0d2f62b3c
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 478a8efb59e1d83f0ce142d2a28707be
+            Version: 3
+            TBS:
+                MD5: f13ede9179075999ef7f856ec31e364b
+                SHA1: 2f09867166e6107e17808317f5c8d4ee157f45bc
+                SHA256: 089a2c4c6ac7432020acdb65c33bf39130da6f37c002ba79128bd4c94e4fa101
+                SHA384: 67be6d358f4ecd0726163603a404db9d78c340951d43fd608482cd89a2de7f9566f0ce45f8222f420003157cb266b939
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=CN, ST=Beijing, L=Beijing, O=Qihoo 360 Software (Beijing) Company
+                Limited, OU=Digital ID Class 3 , Microsoft Software Validation v2,
+                OU=Tech. Dev. Dept., CN=Qihoo 360 Software (Beijing) Company Limited
+            ValidFrom: '2013-03-11 00:00:00'
+            ValidTo: '2016-03-10 23:59:59'
+            Signature: b1e984808fbc7d3658d18d137c68f1277611af3e98408e495fd55de202bc04f7dc44ae362658e6b5f9dd97b5b383b94723bae937b8fb9e75bb92317a85bcee1989c90c318216da71629f3147ae647502e71e360d16b7cf7006927282265eb0014300650595d1cccc07ed28d9df246055981cec3485bc3173aef9b76912a6cbb2766fa5363e1fc0a91d4679db92e1e1b8dc84e1a14de55324d522670f9e574714b2959ea7a89db456e3debd34d35bbe6403389421ac76615e4ce194990b325132fa62279f31e86fb7043627343fef7118672d5f1ce4666a594d746bb3c69bf123f27c6cb24079fc490a382286d4e85fc118ca9a4612dda448b84a25bcd0fa2cf1
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 51bd5d8e45b82a0210f17fe4c5233468
+            Version: 3
+            TBS:
+                MD5: ad73c81b3174cc055d9718b2145a3d1f
+                SHA1: 0cb9e92828857976774a9fe96c016cdc67a25e6d
+                SHA256: 2c5d88401dfeec2ebf814e09d0d0faec9d109a503d427da4a7f3e0dec5ae0b6c
+                SHA384: 48c38329eb7f200be0d48acddabdb93c354dd1b8b3c3ce955a23638a4e2e32dd7d0f3a4f227a2b6382adc95e746cc411
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 51bd5d8e45b82a0210f17fe4c5233468
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: 360.cn
+    Date: ''
+    Description: Ludashi System Driver
+    FileVersion: 1.6.11.1129
+    Filename: ''
+    MD5: 639252292bb40b3f10f8a6842aee3cd4
+    MachineType: I386
+    OriginalFilename: ComputerZ.Sys
+    Product: "360\u786C\u4EF6\u5927\u5E08"
+    ProductVersion: 1.6.11.1129
+    Publisher: ''
+    SHA1: 283c7dc5b029dbc41027df16716ec12761a53df8
+    SHA256: c186967cc4f2a0cb853c9796d3ea416d233e48e735f02b1bb013967964e89778
+    Signature: ''
+    Imphash: f9b9487f25a2c1e08c02f391387c5323
+    Authentihash:
+        MD5: f178294b652c780d5966a83b20fc39fe
+        SHA1: a039b1b3f9bc2f71a37fb0270076d17f03e9a73a
+        SHA256: a787df19468ba5fce5de825983251507867c6d3ff72d93e19466f2201013bab9
+    RichPEHeaderHash:
+        MD5: 2b333a796628f5a6167204d8386db243
+        SHA1: 42eee62246749bc7f1c13620a762c056e9d0a754
+        SHA256: 78a5ad5e597ace30219e94d7082fb7d502c98948841e6885741e72d94d058d3b
+    Sections:
+        .text:
+            Entropy: 6.335180585490983
+            Virtual Size: '0x261c'
+        .rdata:
+            Entropy: 4.035903421740524
+            Virtual Size: '0x194'
+        .data:
+            Entropy: 0.9185644431995964
+            Virtual Size: '0x40'
+        INIT:
+            Entropy: 5.440242429774388
+            Virtual Size: '0x448'
+        .rsrc:
+            Entropy: 3.5254013224830625
+            Virtual Size: '0x3b0'
+        .reloc:
+            Entropy: 5.2921858814119345
+            Virtual Size: '0x1d4'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2011-11-30 03:27:03'
+    InternalName: ComputerZ.Sys
+    Copyright: "\u7248\u6743\u6240\u6709 (C) 2010-2011 360.cn"
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - IoGetDeviceProperty
+    - RtlCompareUnicodeString
+    - ObfDereferenceObject
+    - IoGetDeviceAttachmentBaseRef
+    - PsGetVersion
+    - MmIsAddressValid
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - RtlAnsiStringToUnicodeString
+    - RtlInitAnsiString
+    - KeWaitForSingleObject
+    - IofCallDriver
+    - IoBuildDeviceIoControlRequest
+    - KeInitializeEvent
+    - MmUnmapIoSpace
+    - READ_REGISTER_BUFFER_UCHAR
+    - MmMapIoSpace
+    - READ_REGISTER_BUFFER_ULONG
+    - WRITE_REGISTER_ULONG
+    - WRITE_REGISTER_UCHAR
+    - KeSetTimer
+    - KeInitializeTimerEx
+    - _allmul
+    - SeReleaseSubjectContext
+    - SeTokenIsAdmin
+    - SeCaptureSubjectContext
+    - KeTickCount
+    - KeBugCheckEx
+    - RtlUnwind
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=CN, ST=Beijing, L=Beijing, O=360.cn, OU=Digital ID Class 3
+                , Microsoft Software Validation v2, CN=360.cn
+            ValidFrom: '2010-03-16 00:00:00'
+            ValidTo: '2013-03-15 23:59:59'
+            Signature: 1d035b2e51207ee0aaa7a8618092198204b6614406a8f9057f4160de8e165777f5c7d7f1f3ba768043881dbabc4a1ffa7d3044d7f5ef0f2658173fce2a1735ba9034873c94c7865ec78160b9b00815e253a60a2eeea8b8f68cc144d47419046c97fdbf690ac7755e84230dfa0e8f4f1aaccf8f6589d9ad9f160988f4c8cc5a73c4241c74ea6770042ed7496fd6b7aa7ae64c3741aa3a1f004c75d2a9f25e0d1ac53e9dd13d2067c963a9eb089517a9d4b5a805f1d9c72c61efea0b898eaf9fb2c6e23e785c00e0b6f53e91ba0f343060ee50bdb7e41c17b25cc389e12022d1388b6af77d3031eb65febf236b795b500a49e1fe6ad9139ad09ababb9fcea00f3b
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 74f2958d31d03eb042f9081555305277
+            Version: 3
+            TBS:
+                MD5: 4f5c7d4f95e9d6a9749876f33ae138c4
+                SHA1: 3666bdaf7b0d6a9019d5111e2ffd0bf06587dd58
+                SHA256: f5b44adb5d25d0e309ae2f5db3f1e2428ef0b7332f8afcc2086786485aa7c162
+                SHA384: ae0b037429f9c36e2925d6be76b2535f8a66c6d81b07252c63ce74af493bb31d5d52c276de95cdc4c71ba56bdf7148e4
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 74f2958d31d03eb042f9081555305277
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: "\u9C81\u5927\u5E08"
+    Date: ''
+    Description: Ludashi System Driver
+    FileVersion: 1.3.9.1105
+    Filename: ''
+    MD5: fc90bcc43daa48882be359a17b71abf7
+    MachineType: I386
+    OriginalFilename: ComputerZ.Sys
+    Product: Ludashi System Driver
+    ProductVersion: 1.3.9.1105
+    Publisher: ''
+    SHA1: fd87b70f94674b02d62bb01ae6e62d75c618f5c8
+    SHA256: c586befc3fd561fcbf1cf706214ae2adaa43ce9ba760efd548d581f60deafc65
+    Signature: ''
+    Imphash: aa01c534155ce919d797860feb531eae
+    Authentihash:
+        MD5: feae6741229e64efb2889fcd6d6bc131
+        SHA1: ff8da3c092493ef21ee39716a235017983c4613a
+        SHA256: 91e5f702691772cd1291ffbd2b645f06fda3b7b2c31c04ca28a3f4d728875cc6
+    RichPEHeaderHash:
+        MD5: cae87838f37604d4b8f003c0d590e5bb
+        SHA1: d4b28c31e80907f6bd84fe8e4314d668c210445e
+        SHA256: 4e1ad16067127d28cb204ff3ff60dca828193d4db6e512c22680378e86e17b85
+    Sections:
+        .text:
+            Entropy: 6.352607635573136
+            Virtual Size: '0xe2e'
+        .rdata:
+            Entropy: 3.7784703382082094
+            Virtual Size: '0x174'
+        .data:
+            Entropy: 3.0
+            Virtual Size: '0x8'
+        INIT:
+            Entropy: 5.294788001273783
+            Virtual Size: '0x2d4'
+        .rsrc:
+            Entropy: 3.4637488906864458
+            Virtual Size: '0x3e8'
+        .reloc:
+            Entropy: 4.279777518236358
+            Virtual Size: '0xde'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2009-11-04 23:10:36'
+    InternalName: ComputerZ.Sys
+    Copyright: Copyright (C) 2008-2009 www.ludashi.com
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - READ_REGISTER_BUFFER_ULONG
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - ObfDereferenceObject
+    - MmIsAddressValid
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - RtlAnsiStringToUnicodeString
+    - RtlInitAnsiString
+    - PsGetVersion
+    - memset
+    - KeWaitForSingleObject
+    - IofCallDriver
+    - IoBuildDeviceIoControlRequest
+    - KeInitializeEvent
+    - KeTickCount
+    - KeBugCheckEx
+    - RtlUnwind
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=CN, ST=Sichuan, L=Chengdu, O=Chengdu Ceshi Technology Co.,
+                Ltd., OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=Chengdu
+                Ceshi Technology Co., Ltd.
+            ValidFrom: '2009-04-15 00:00:00'
+            ValidTo: '2010-04-15 23:59:59'
+            Signature: 549eec17f9cd3716a7cc614eea198f2b8d9edba364f12ab4125f12eb4cac123dcce01a74d1ce495e315634056aed2da25796b5d76d087c574f1c167b2173ae89fd2f4422570d34fe9d190cd180540b3740315368b662331b6bd21801d6ea7799fad9e98ae700043fc390c7d80d5380ec9c8be85c61af32f9e68b3b8a7bddcf92838656239378c10dbeb53d4a24717aa5bb88fa27029fdfea789cb9aaa2c4085caaf6e31f1c9b346c9fd6d88202494e10966a806c4b56127c41da7a57704cff33b4b104ce07efcbf2e72abee09654b2fc9b862439bb6dac6551acda2c8b0a8ad6b40f33912eb2964be9668a08c6b8121b2b96f619e5b6bbaf1d033d3fb80403b6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 2b7f0f1afe0f348edec71b75a47165b8
+            Version: 3
+            TBS:
+                MD5: 051f7966823abbbf31c49631ca95b4c5
+                SHA1: 3b53e6177f766345accfa2ec3124a18e0a025e17
+                SHA256: b4e6bd3ca86f6af669589e3f15b86387655214e7d7312835ffd23a6618cee060
+                SHA384: f86eada997b14af71058b08a8d7a3699cd2bb7e59a88faa104694fddd0ccd31ac01ad6fa633b19b69b730b2bc360af46
+        Signer:
+        -   SerialNumber: 2b7f0f1afe0f348edec71b75a47165b8
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: ludashi.com
+    Date: ''
+    Description: Ludashi System Driver
+    FileVersion: 1.6.15.1040
+    Filename: ''
+    MD5: b3f132ce34207b7be899f4978276b66d
+    MachineType: AMD64
+    OriginalFilename: ComputerZ.Sys
+    Product: "\u9C81\u5927\u5E08"
+    ProductVersion: 1.6.15.1040
+    Publisher: ''
+    SHA1: 64ab599d34c26f53afe076a84c54db7ba1a53def
+    SHA256: c6a5663f20e5cee2c92dee43a0f2868fb0af299f842410f4473dcde7abcb6413
+    Signature: ''
+    Imphash: 8605f70bcc472025c2e78082388ed00b
+    Authentihash:
+        MD5: 7d373fafa023e5b902445344dd3d77a7
+        SHA1: cd7bada894ae8d5f33743aae9dbd8bfe9a2a174c
+        SHA256: 72805e13777a39b440ef381720c0491e6091f9cb6c7b387be33ca5491fcfbfbd
+    RichPEHeaderHash:
+        MD5: 826de2c3aea31053da9da897889f3348
+        SHA1: a1633512b0e89a25159b9307359ddf6e5f2f7bed
+        SHA256: 9ddf0cd70876bc913f0f2cd63a8089e05955a0285f0b909b89d6fe840c7d580d
+    Sections:
+        .text:
+            Entropy: 6.310750560250082
+            Virtual Size: '0x35ce'
+        .rdata:
+            Entropy: 4.686623509854251
+            Virtual Size: '0x39c'
+        .data:
+            Entropy: 0.3458408061738237
+            Virtual Size: '0x1b4'
+        .pdata:
+            Entropy: 4.151701495382954
+            Virtual Size: '0x1e0'
+        INIT:
+            Entropy: 5.142822127329028
+            Virtual Size: '0x4d0'
+        .rsrc:
+            Entropy: 3.5686810464191256
+            Virtual Size: '0x488'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2015-08-23 22:29:24'
+    InternalName: ComputerZ.Sys
+    Copyright: "\u7248\u6743\u6240\u6709 (C) 2010-2015 www.ludashi.com"
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - IoGetDeviceAttachmentBaseRef
+    - PsGetVersion
+    - RtlCompareUnicodeString
+    - ObfDereferenceObject
+    - IoGetDeviceProperty
+    - RtlAnsiStringToUnicodeString
+    - RtlInitAnsiString
+    - RtlFreeUnicodeString
+    - IoDeleteDevice
+    - MmIsAddressValid
+    - IoBuildDeviceIoControlRequest
+    - KeInitializeEvent
+    - KeWaitForSingleObject
+    - IofCallDriver
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - SeTokenIsAdmin
+    - SeReleaseSubjectContext
+    - SeCaptureSubjectContext
+    - KeSetTimer
+    - KeInitializeTimerEx
+    - KeBugCheckEx
+    - RtlInitUnicodeString
+    - IoGetDeviceObjectPointer
+    - IoDeleteSymbolicLink
+    - __C_specific_handler
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited,
+                CN=COMODO Time Stamping Signer
+            ValidFrom: '2015-05-05 00:00:00'
+            ValidTo: '2015-12-31 23:59:59'
+            Signature: 0dbbad60111bb5f00dcce6483a7a3e0e33dc1cb9ead620fea34dd0cc764ee818d879dfd34f9a4264238a29728a3a6c66a63c3a17a8704565c673c3d0ce8954fbac690f58b019cb869f7eb97eeb5192bf9bddebd165f0257b887cdebda5c8b51451bcc081308a85387be679fe67559387fe4fe88d0eedf37292b5c289806dd159e31d0deab138ee039d0019a5ab219b79c3ccc23e687ebdc94d694db46451fbb22874e25389ce9dfaade2dbceab7b7e064474fd0aa3c9b7a730cd49d29264f122a6b828457479e9a7ce3b33f98350947d68c01d49c760787a3c6426d5befa0a6de41ee109538fa9c523acc79d614221f02c1671493b10af2c6f1ae631f114fd6c
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 009feac811b0f16247a5fc20d80523ace6
+            Version: 3
+            TBS:
+                MD5: b6aa9cf28bcfc9f07ec1069fb425ab61
+                SHA1: ca7a166fcd53878ba5a38d4cac37c63513cfc1fa
+                SHA256: 711394fc49f8948a831f687d42ced6b18514f57786ecc6cdbc3c3eb72e568a40
+                SHA384: ca01f9c9ed4e1ddff7126b7bbf618bc8132429886ca563f86655429e928739c621b9fdea6e04a623712cbb998c5c7d77
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=CN, ST=Beijing, L=Beijing, O=Qihoo 360 Software (Beijing) Company
+                Limited, OU=Digital ID Class 3 , Microsoft Software Validation v2,
+                OU=Tech. Dev. Dept., CN=Qihoo 360 Software (Beijing) Company Limited
+            ValidFrom: '2013-03-11 00:00:00'
+            ValidTo: '2016-03-10 23:59:59'
+            Signature: b1e984808fbc7d3658d18d137c68f1277611af3e98408e495fd55de202bc04f7dc44ae362658e6b5f9dd97b5b383b94723bae937b8fb9e75bb92317a85bcee1989c90c318216da71629f3147ae647502e71e360d16b7cf7006927282265eb0014300650595d1cccc07ed28d9df246055981cec3485bc3173aef9b76912a6cbb2766fa5363e1fc0a91d4679db92e1e1b8dc84e1a14de55324d522670f9e574714b2959ea7a89db456e3debd34d35bbe6403389421ac76615e4ce194990b325132fa62279f31e86fb7043627343fef7118672d5f1ce4666a594d746bb3c69bf123f27c6cb24079fc490a382286d4e85fc118ca9a4612dda448b84a25bcd0fa2cf1
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 51bd5d8e45b82a0210f17fe4c5233468
+            Version: 3
+            TBS:
+                MD5: ad73c81b3174cc055d9718b2145a3d1f
+                SHA1: 0cb9e92828857976774a9fe96c016cdc67a25e6d
+                SHA256: 2c5d88401dfeec2ebf814e09d0d0faec9d109a503d427da4a7f3e0dec5ae0b6c
+                SHA384: 48c38329eb7f200be0d48acddabdb93c354dd1b8b3c3ce955a23638a4e2e32dd7d0f3a4f227a2b6382adc95e746cc411
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 51bd5d8e45b82a0210f17fe4c5233468
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: "\u9C81\u5927\u5E08"
+    Date: ''
+    Description: Ludashi System Driver
+    FileVersion: 1.3.10.1110
+    Filename: ''
+    MD5: ce952204558ea66ec1a9632dcbdde8bd
+    MachineType: I386
+    OriginalFilename: ComputerZ.Sys
+    Product: Ludashi System Driver
+    ProductVersion: 1.3.10.1110
+    Publisher: ''
+    SHA1: c01caaa74439af49ca81cb5b200a167e7d32343c
+    SHA256: d474ea066d416ded9ed8501c285ca6b1c26a1d1c813c8f6bd5523eeb66c5d01e
+    Signature: ''
+    Imphash: acdf419d1d03923be256205b9c33eec8
+    Authentihash:
+        MD5: 0c383d55d6fa8e2617b6576fc6c26f83
+        SHA1: bbf5d261f70a96bfed808c1525c91ca82680c4fa
+        SHA256: 0bfed811a8ae3fa634372f74f0d70de1e0183612e91f56ae034486571b55b88b
+    RichPEHeaderHash:
+        MD5: 19962c683a9e4a8752954532c9445e48
+        SHA1: 7adf0d8b3f45c5eb88ec426db75afc14f37c8126
+        SHA256: 6dbfa0e86b36df26a770b0989b94ec7e5c3708697e0ff505b24e0714efec53ee
+    Sections:
+        .text:
+            Entropy: 6.3467107013847945
+            Virtual Size: '0x11be'
+        .rdata:
+            Entropy: 4.061093791616953
+            Virtual Size: '0x184'
+        .data:
+            Entropy: 3.0
+            Virtual Size: '0x8'
+        INIT:
+            Entropy: 5.341650162403427
+            Virtual Size: '0x30c'
+        .rsrc:
+            Entropy: 3.450819425338008
+            Virtual Size: '0x3e8'
+        .reloc:
+            Entropy: 4.180737038875145
+            Virtual Size: '0xf8'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2010-11-23 03:33:00'
+    InternalName: ComputerZ.Sys
+    Copyright: Copyright (C) 2008-2010 www.ludashi.com
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - READ_REGISTER_BUFFER_ULONG
+    - WRITE_REGISTER_ULONG
+    - WRITE_REGISTER_UCHAR
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - ObfDereferenceObject
+    - MmIsAddressValid
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - RtlAnsiStringToUnicodeString
+    - RtlInitAnsiString
+    - PsGetVersion
+    - memset
+    - KeWaitForSingleObject
+    - IofCallDriver
+    - IoBuildDeviceIoControlRequest
+    - KeInitializeEvent
+    - KeTickCount
+    - KeBugCheckEx
+    - RtlUnwind
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=CN, ST=Sichuan, L=Chengdu, O=Chengdu Qiying Technology Co.,Ltd.,
+                OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=Chengdu
+                Qiying Technology Co.,Ltd.
+            ValidFrom: '2010-03-31 00:00:00'
+            ValidTo: '2011-03-31 23:59:59'
+            Signature: 1faadccc76ce27891191f3b98a4feaac1220aa61f9a07540f1de38346f466d20bb5ecda07db57aaffc5b472a5d47f928fb717b5d407aff12311fe9cac2daa7fca057a85d34058cf2c02ae2c5168e7f99c7d065b9cd2ac1beda4c9d7fdf0caf7030b821b71bae2a0d17ccbc829b469407cddec7a1fbf93d8c0364b79231b978b227ea09dc6be8d83da1b430c6a1945254bdc987341ac9bccc93c74eb006e9960a38e74815a549617678b00857098adbac42783d88babc75de8e1569fe05b4c74a79e2e423e296b4f1585db891a257dd4b82167cbc8efcd6ae322c0d778036a8fd4b549e736ba03dff6c3a8835b9279fab3639b610554c87bfa6630d8b7a07e6c3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 61359ac44514d781769fd643666b4572
+            Version: 3
+            TBS:
+                MD5: 416fc5d0038211bf34811efeff6d562f
+                SHA1: e0acbd39e2fa410a22c96e2a3eaea4342a626f40
+                SHA256: 843e587edb9c53b2fbbf84cd90b217af016da1330905b25c16bb059a26b5726e
+                SHA384: 1a1167bbac2b00e60c10a4c1dc1d0f5105c42582b1a39e05a1d60710d97a24c6ff76fe73700f0fb0e1e03f27aebb7697
+        Signer:
+        -   SerialNumber: 61359ac44514d781769fd643666b4572
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: "\u9C81\u5927\u5E08"
+    Date: ''
+    Description: Ludashi System Driver
+    FileVersion: 1.3.10.1110
+    Filename: ''
+    MD5: bdfe1f0346c066971e1f3d96f7fdaa2c
+    MachineType: I386
+    OriginalFilename: ComputerZ.Sys
+    Product: Ludashi System Driver
+    ProductVersion: 1.3.10.1110
+    Publisher: ''
+    SHA1: d06d119579156b1ec732c50f0f64358762eb631a
+    SHA256: d6801e845d380c809d0da8c7a5d3cd2faa382875ae72f5f7af667a34df25fbf7
+    Signature: ''
+    Imphash: acdf419d1d03923be256205b9c33eec8
+    Authentihash:
+        MD5: 7e3a7e0aa2a05e6977102c6eabd8fef4
+        SHA1: 73f7e600c871a9ff1ad6854a0f4c183233c34e6a
+        SHA256: b4341b5814bf1b0291739f00c359f9dc1e3b8a66dede099086f9760f7f4e0885
+    RichPEHeaderHash:
+        MD5: 19962c683a9e4a8752954532c9445e48
+        SHA1: 7adf0d8b3f45c5eb88ec426db75afc14f37c8126
+        SHA256: 6dbfa0e86b36df26a770b0989b94ec7e5c3708697e0ff505b24e0714efec53ee
+    Sections:
+        .text:
+            Entropy: 6.364745855647945
+            Virtual Size: '0x11ee'
+        .rdata:
+            Entropy: 4.089644233624162
+            Virtual Size: '0x184'
+        .data:
+            Entropy: 3.0
+            Virtual Size: '0x8'
+        INIT:
+            Entropy: 5.341650162403427
+            Virtual Size: '0x30c'
+        .rsrc:
+            Entropy: 3.450819425338008
+            Virtual Size: '0x3e8'
+        .reloc:
+            Entropy: 4.2069468941720505
+            Virtual Size: '0xf8'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2010-11-10 01:33:15'
+    InternalName: ComputerZ.Sys
+    Copyright: Copyright (C) 2008-2010 www.ludashi.com
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - READ_REGISTER_BUFFER_ULONG
+    - WRITE_REGISTER_ULONG
+    - WRITE_REGISTER_UCHAR
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - ObfDereferenceObject
+    - MmIsAddressValid
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - RtlAnsiStringToUnicodeString
+    - RtlInitAnsiString
+    - PsGetVersion
+    - memset
+    - KeWaitForSingleObject
+    - IofCallDriver
+    - IoBuildDeviceIoControlRequest
+    - KeInitializeEvent
+    - KeTickCount
+    - KeBugCheckEx
+    - RtlUnwind
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=CN, ST=Sichuan, L=Chengdu, O=Chengdu Qiying Technology Co.,Ltd.,
+                OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=Chengdu
+                Qiying Technology Co.,Ltd.
+            ValidFrom: '2010-03-31 00:00:00'
+            ValidTo: '2011-03-31 23:59:59'
+            Signature: 1faadccc76ce27891191f3b98a4feaac1220aa61f9a07540f1de38346f466d20bb5ecda07db57aaffc5b472a5d47f928fb717b5d407aff12311fe9cac2daa7fca057a85d34058cf2c02ae2c5168e7f99c7d065b9cd2ac1beda4c9d7fdf0caf7030b821b71bae2a0d17ccbc829b469407cddec7a1fbf93d8c0364b79231b978b227ea09dc6be8d83da1b430c6a1945254bdc987341ac9bccc93c74eb006e9960a38e74815a549617678b00857098adbac42783d88babc75de8e1569fe05b4c74a79e2e423e296b4f1585db891a257dd4b82167cbc8efcd6ae322c0d778036a8fd4b549e736ba03dff6c3a8835b9279fab3639b610554c87bfa6630d8b7a07e6c3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 61359ac44514d781769fd643666b4572
+            Version: 3
+            TBS:
+                MD5: 416fc5d0038211bf34811efeff6d562f
+                SHA1: e0acbd39e2fa410a22c96e2a3eaea4342a626f40
+                SHA256: 843e587edb9c53b2fbbf84cd90b217af016da1330905b25c16bb059a26b5726e
+                SHA384: 1a1167bbac2b00e60c10a4c1dc1d0f5105c42582b1a39e05a1d60710d97a24c6ff76fe73700f0fb0e1e03f27aebb7697
+        Signer:
+        -   SerialNumber: 61359ac44514d781769fd643666b4572
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: 360.cn
+    Date: ''
+    Description: Ludashi System Driver
+    FileVersion: 1.6.14.1024
+    Filename: ''
+    MD5: 0e2fc7e7f85c980eb698b9e468c20366
+    MachineType: I386
+    OriginalFilename: ComputerZ.Sys
+    Product: "\u9C81\u5927\u5E08"
+    ProductVersion: 1.6.14.1024
+    Publisher: ''
+    SHA1: 8e64c32bcfd70361956674f45964a8b0c8aa6388
+    SHA256: d9a73df5ac5c68ef5b37a67e5e649332da0f649c3bb6828f70b65c0a2e7d3a23
+    Signature: ''
+    Imphash: 6e7cd05c0da9f82449a8b3795418ee00
+    Authentihash:
+        MD5: 8b71320c51bc83ac75e151f50945e118
+        SHA1: 560de162671236fd597968e7dddb41fc6a8c4f58
+        SHA256: a9b98a8234d3e560feef5ec88f35960f631d111351d7085c011e055dfec7d3ce
+    RichPEHeaderHash:
+        MD5: d1a79229c378e2371e92e26510f9d7dc
+        SHA1: 59d47b012da8415f780a06d0204294a48affa1ab
+        SHA256: cc6c4013bb762de8a20b4e2f725a9388fab9c386c3e86a5e30c1cc4429c6a525
+    Sections:
+        .text:
+            Entropy: 6.333106844428541
+            Virtual Size: '0x2f10'
+        .rdata:
+            Entropy: 4.036294101880538
+            Virtual Size: '0x1a4'
+        .data:
+            Entropy: 0.6683247346784849
+            Virtual Size: '0x98'
+        INIT:
+            Entropy: 5.463535624918923
+            Virtual Size: '0x4a0'
+        .rsrc:
+            Entropy: 3.5356852207889973
+            Virtual Size: '0x480'
+        .reloc:
+            Entropy: 5.769235644091667
+            Virtual Size: '0x266'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2014-12-08 03:37:05'
+    InternalName: ComputerZ.Sys
+    Copyright: "\u7248\u6743\u6240\u6709 (C) 2010-2014 www.ludashi.com"
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - IoGetDeviceProperty
+    - RtlCompareUnicodeString
+    - ObfDereferenceObject
+    - IoGetDeviceAttachmentBaseRef
+    - PsGetVersion
+    - MmIsAddressValid
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - RtlAnsiStringToUnicodeString
+    - RtlInitAnsiString
+    - KeWaitForSingleObject
+    - IofCallDriver
+    - RtlInitUnicodeString
+    - KeInitializeEvent
+    - MmUnmapIoSpace
+    - READ_REGISTER_BUFFER_UCHAR
+    - MmMapIoSpace
+    - READ_REGISTER_BUFFER_ULONG
+    - WRITE_REGISTER_ULONG
+    - WRITE_REGISTER_UCHAR
+    - KeSetTimer
+    - KeInitializeTimerEx
+    - _allmul
+    - SeReleaseSubjectContext
+    - SeTokenIsAdmin
+    - SeCaptureSubjectContext
+    - KeTickCount
+    - KeBugCheckEx
+    - RtlUnwind
+    - IoDeleteSymbolicLink
+    - IoBuildDeviceIoControlRequest
+    - IoDeleteDevice
+    - HalGetBusDataByOffset
+    - HalSetBusDataByOffset
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited,
+                CN=COMODO Time Stamping Signer
+            ValidFrom: '2010-05-10 00:00:00'
+            ValidTo: '2015-05-10 23:59:59'
+            Signature: c8fb63f80b75752c3af1f213a72db6a31a9cad0107d3348e77e0c26eae025d484fa4d221b636fd2a35437c6bdf80870b15f0763200b4ceb567a42f2f201b9c549e833f1f5f149562820f2241221f70b3f3f742de6c51cd4bf821ac9b3b8cb1e5e6288fce2a8af9aa524d8c5b77ba4d5a58dbbb6a04cc521e9de228370ebbe70e91c7f8dbf18198ebcd37b30eab65d362ec3aa576eb13a83593c92e0a01ecc0e8cc3d7eb6ebe2c1ecd3149282668750dcfd5097acb34a767306c486113ab35f4304526feab3d074364ccaf11b7984377063ad74b9aa0ef398b08608ebdbe01f8c10f239649bae4f0a2c928a4f18b591e58d1a935f1faef1a6f02e97d0d2f62b3c
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 478a8efb59e1d83f0ce142d2a28707be
+            Version: 3
+            TBS:
+                MD5: f13ede9179075999ef7f856ec31e364b
+                SHA1: 2f09867166e6107e17808317f5c8d4ee157f45bc
+                SHA256: 089a2c4c6ac7432020acdb65c33bf39130da6f37c002ba79128bd4c94e4fa101
+                SHA384: 67be6d358f4ecd0726163603a404db9d78c340951d43fd608482cd89a2de7f9566f0ce45f8222f420003157cb266b939
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=CN, ST=Beijing, L=Beijing, O=Qihoo 360 Software (Beijing) Company
+                Limited, OU=Digital ID Class 3 , Microsoft Software Validation v2,
+                OU=Tech. Dev. Dept., CN=Qihoo 360 Software (Beijing) Company Limited
+            ValidFrom: '2013-03-11 00:00:00'
+            ValidTo: '2016-03-10 23:59:59'
+            Signature: b1e984808fbc7d3658d18d137c68f1277611af3e98408e495fd55de202bc04f7dc44ae362658e6b5f9dd97b5b383b94723bae937b8fb9e75bb92317a85bcee1989c90c318216da71629f3147ae647502e71e360d16b7cf7006927282265eb0014300650595d1cccc07ed28d9df246055981cec3485bc3173aef9b76912a6cbb2766fa5363e1fc0a91d4679db92e1e1b8dc84e1a14de55324d522670f9e574714b2959ea7a89db456e3debd34d35bbe6403389421ac76615e4ce194990b325132fa62279f31e86fb7043627343fef7118672d5f1ce4666a594d746bb3c69bf123f27c6cb24079fc490a382286d4e85fc118ca9a4612dda448b84a25bcd0fa2cf1
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 51bd5d8e45b82a0210f17fe4c5233468
+            Version: 3
+            TBS:
+                MD5: ad73c81b3174cc055d9718b2145a3d1f
+                SHA1: 0cb9e92828857976774a9fe96c016cdc67a25e6d
+                SHA256: 2c5d88401dfeec2ebf814e09d0d0faec9d109a503d427da4a7f3e0dec5ae0b6c
+                SHA384: 48c38329eb7f200be0d48acddabdb93c354dd1b8b3c3ce955a23638a4e2e32dd7d0f3a4f227a2b6382adc95e746cc411
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 51bd5d8e45b82a0210f17fe4c5233468
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: "\u9C81\u5927\u5E08"
+    Date: ''
+    Description: Ludashi System Driver
+    FileVersion: 1.3.9.1105
+    Filename: ''
+    MD5: 88aada8325a3659736b3a7201c825664
+    MachineType: AMD64
+    OriginalFilename: ComputerZ.Sys
+    Product: Ludashi System Driver
+    ProductVersion: 1.3.9.1105
+    Publisher: ''
+    SHA1: 8ab7e9ba3c26bcd5d6d0646c6d2b2693e22aac1c
+    SHA256: dda2a604bb94a274e23f0005f0aa330d45ca1ea25111746fb46fa5ef6d155b1d
+    Signature: ''
+    Imphash: 27db67ffa112f866f1d34c32226e09cf
+    Authentihash:
+        MD5: a25d690f609d1b0e5dd2da02616e0a2b
+        SHA1: 0c668a995df9692dec2d59ef26753f29acd5e297
+        SHA256: 6b2f669c6fb1e839ba146b416021ddfb7bf4785558113e11ac2c8a0e3399f338
+    RichPEHeaderHash:
+        MD5: 7b1c99c236873465ebf3f83c0b906e75
+        SHA1: 4857d06778ad9056d809af1172ea476881ed3799
+        SHA256: a55fa087c5e3bf1ee84222bc5dfa802c66154991b986544a7be7590292868c09
+    Sections:
+        .text:
+            Entropy: 6.202454741665463
+            Virtual Size: '0xf64'
+        .rdata:
+            Entropy: 4.238026200350393
+            Virtual Size: '0x1d4'
+        .data:
+            Entropy: 0.5159719988134768
+            Virtual Size: '0x110'
+        .pdata:
+            Entropy: 3.419443099002428
+            Virtual Size: '0x84'
+        INIT:
+            Entropy: 4.995083190050232
+            Virtual Size: '0x31a'
+        .rsrc:
+            Entropy: 3.4645037781886088
+            Virtual Size: '0x3e8'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2009-11-04 23:13:28'
+    InternalName: ComputerZ.Sys
+    Copyright: Copyright (C) 2008-2009 www.ludashi.com
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - IoBuildDeviceIoControlRequest
+    - RtlAnsiStringToUnicodeString
+    - KeInitializeEvent
+    - RtlInitAnsiString
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - KeWaitForSingleObject
+    - PsGetVersion
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - IofCallDriver
+    - KeBugCheckEx
+    - __C_specific_handler
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=CN, ST=Sichuan, L=Chengdu, O=Chengdu Ceshi Technology Co.,
+                Ltd., OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=Chengdu
+                Ceshi Technology Co., Ltd.
+            ValidFrom: '2009-04-15 00:00:00'
+            ValidTo: '2010-04-15 23:59:59'
+            Signature: 549eec17f9cd3716a7cc614eea198f2b8d9edba364f12ab4125f12eb4cac123dcce01a74d1ce495e315634056aed2da25796b5d76d087c574f1c167b2173ae89fd2f4422570d34fe9d190cd180540b3740315368b662331b6bd21801d6ea7799fad9e98ae700043fc390c7d80d5380ec9c8be85c61af32f9e68b3b8a7bddcf92838656239378c10dbeb53d4a24717aa5bb88fa27029fdfea789cb9aaa2c4085caaf6e31f1c9b346c9fd6d88202494e10966a806c4b56127c41da7a57704cff33b4b104ce07efcbf2e72abee09654b2fc9b862439bb6dac6551acda2c8b0a8ad6b40f33912eb2964be9668a08c6b8121b2b96f619e5b6bbaf1d033d3fb80403b6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 2b7f0f1afe0f348edec71b75a47165b8
+            Version: 3
+            TBS:
+                MD5: 051f7966823abbbf31c49631ca95b4c5
+                SHA1: 3b53e6177f766345accfa2ec3124a18e0a025e17
+                SHA256: b4e6bd3ca86f6af669589e3f15b86387655214e7d7312835ffd23a6618cee060
+                SHA384: f86eada997b14af71058b08a8d7a3699cd2bb7e59a88faa104694fddd0ccd31ac01ad6fa633b19b69b730b2bc360af46
+        Signer:
+        -   SerialNumber: 2b7f0f1afe0f348edec71b75a47165b8
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: 360.cn
+    Date: ''
+    Description: Ludashi System Driver
+    FileVersion: 1.6.12.302
+    Filename: ''
+    MD5: 6e1faeee0ebfcb384208772410fe1e86
+    MachineType: I386
+    OriginalFilename: ComputerZ.Sys
+    Product: "360\u786C\u4EF6\u5927\u5E08"
+    ProductVersion: 1.6.12.302
+    Publisher: ''
+    SHA1: a55b709cec2288384b12eafa8be4930e7c075ec9
+    SHA256: dee384604d2d0018473941acbefe553711ded7344a4932daeffb876fe2fa0233
+    Signature: ''
+    Imphash: f9b9487f25a2c1e08c02f391387c5323
+    Authentihash:
+        MD5: 229ae045b7af8ec1e5e1352c9064f6b0
+        SHA1: d336748cf32abb5b1ff6ee2a7ffc8435e77a232f
+        SHA256: 7436cb59411572a6194bfffad9f9e5194107da417457d4e20a6ef1d58491e3c9
+    RichPEHeaderHash:
+        MD5: 9c097c5f0dbfddee14b43b091fd5d78d
+        SHA1: 67b637975685265ef26bda5b8bae555ba81a7f0c
+        SHA256: 95b228876243446bbf5a24243dccd159e39c09cd4001f7d385c5234f79be7b53
+    Sections:
+        .text:
+            Entropy: 6.3440095192973835
+            Virtual Size: '0x2680'
+        .rdata:
+            Entropy: 4.065343603093077
+            Virtual Size: '0x194'
+        .data:
+            Entropy: 1.1225846798245738
+            Virtual Size: '0x50'
+        INIT:
+            Entropy: 5.474429971377343
+            Virtual Size: '0x448'
+        .rsrc:
+            Entropy: 3.5064826808358283
+            Virtual Size: '0x3b0'
+        .reloc:
+            Entropy: 5.288228242708726
+            Virtual Size: '0x1d8'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2012-03-02 00:49:05'
+    InternalName: ComputerZ.Sys
+    Copyright: "\u7248\u6743\u6240\u6709 (C) 2010-2012 360.cn"
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - IoGetDeviceProperty
+    - RtlCompareUnicodeString
+    - ObfDereferenceObject
+    - IoGetDeviceAttachmentBaseRef
+    - PsGetVersion
+    - MmIsAddressValid
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - RtlAnsiStringToUnicodeString
+    - RtlInitAnsiString
+    - KeWaitForSingleObject
+    - IofCallDriver
+    - IoBuildDeviceIoControlRequest
+    - KeInitializeEvent
+    - MmUnmapIoSpace
+    - READ_REGISTER_BUFFER_UCHAR
+    - MmMapIoSpace
+    - READ_REGISTER_BUFFER_ULONG
+    - WRITE_REGISTER_ULONG
+    - WRITE_REGISTER_UCHAR
+    - KeSetTimer
+    - KeInitializeTimerEx
+    - _allmul
+    - SeReleaseSubjectContext
+    - SeTokenIsAdmin
+    - SeCaptureSubjectContext
+    - KeTickCount
+    - KeBugCheckEx
+    - RtlUnwind
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=CN, ST=Beijing, L=Beijing, O=360.cn, OU=Digital ID Class 3
+                , Microsoft Software Validation v2, CN=360.cn
+            ValidFrom: '2010-03-16 00:00:00'
+            ValidTo: '2013-03-15 23:59:59'
+            Signature: 1d035b2e51207ee0aaa7a8618092198204b6614406a8f9057f4160de8e165777f5c7d7f1f3ba768043881dbabc4a1ffa7d3044d7f5ef0f2658173fce2a1735ba9034873c94c7865ec78160b9b00815e253a60a2eeea8b8f68cc144d47419046c97fdbf690ac7755e84230dfa0e8f4f1aaccf8f6589d9ad9f160988f4c8cc5a73c4241c74ea6770042ed7496fd6b7aa7ae64c3741aa3a1f004c75d2a9f25e0d1ac53e9dd13d2067c963a9eb089517a9d4b5a805f1d9c72c61efea0b898eaf9fb2c6e23e785c00e0b6f53e91ba0f343060ee50bdb7e41c17b25cc389e12022d1388b6af77d3031eb65febf236b795b500a49e1fe6ad9139ad09ababb9fcea00f3b
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 74f2958d31d03eb042f9081555305277
+            Version: 3
+            TBS:
+                MD5: 4f5c7d4f95e9d6a9749876f33ae138c4
+                SHA1: 3666bdaf7b0d6a9019d5111e2ffd0bf06587dd58
+                SHA256: f5b44adb5d25d0e309ae2f5db3f1e2428ef0b7332f8afcc2086786485aa7c162
+                SHA384: ae0b037429f9c36e2925d6be76b2535f8a66c6d81b07252c63ce74af493bb31d5d52c276de95cdc4c71ba56bdf7148e4
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 74f2958d31d03eb042f9081555305277
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: "\u9C81\u5927\u5E08"
+    Date: ''
+    Description: Ludashi System Driver
+    FileVersion: 1.3.10.1110
+    Filename: ''
+    MD5: 65ad6a7c43f8d566afd5676f9447b6c1
+    MachineType: AMD64
+    OriginalFilename: ComputerZ.Sys
+    Product: Ludashi System Driver
+    ProductVersion: 1.3.10.1110
+    Publisher: ''
+    SHA1: 24aafe3c727c6a3bd1942db78327ada8fcb8c084
+    SHA256: e502c2736825ea0380dd42effaa48105a201d4146e79de00713b8d3aaa98cd65
+    Signature: ''
+    Imphash: 27db67ffa112f866f1d34c32226e09cf
+    Authentihash:
+        MD5: 1d350d0940bb74230d092af7a3869c5e
+        SHA1: 3e8ead037c4e891f9fa2905be2f803c34daaca6d
+        SHA256: f025ad896e6048a329aecb506503a79bc4d2717350f2c0bb7aec8fa52d31ba93
+    RichPEHeaderHash:
+        MD5: 712c9acf9249f9b6194f890ef2c4677e
+        SHA1: 4db43c2a0f66a029cd8f5df58124ac8f43b4437b
+        SHA256: 617aebfb52124be4fe9394332dc751e1c916480a1fa87489bcf116bdc9d97d92
+    Sections:
+        .text:
+            Entropy: 6.226350839208789
+            Virtual Size: '0x13a4'
+        .rdata:
+            Entropy: 4.469573099091931
+            Virtual Size: '0x210'
+        .data:
+            Entropy: 0.5159719988134768
+            Virtual Size: '0x110'
+        .pdata:
+            Entropy: 3.506157334789634
+            Virtual Size: '0x9c'
+        INIT:
+            Entropy: 4.9733676409967105
+            Virtual Size: '0x31a'
+        .rsrc:
+            Entropy: 3.448470909792412
+            Virtual Size: '0x3e8'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2010-11-23 03:32:57'
+    InternalName: ComputerZ.Sys
+    Copyright: Copyright (C) 2008-2010 www.ludashi.com
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - IoBuildDeviceIoControlRequest
+    - RtlAnsiStringToUnicodeString
+    - KeInitializeEvent
+    - RtlInitAnsiString
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - KeWaitForSingleObject
+    - PsGetVersion
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - IofCallDriver
+    - KeBugCheckEx
+    - __C_specific_handler
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=CN, ST=Sichuan, L=Chengdu, O=Chengdu Qiying Technology Co.,Ltd.,
+                OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=Chengdu
+                Qiying Technology Co.,Ltd.
+            ValidFrom: '2010-03-31 00:00:00'
+            ValidTo: '2011-03-31 23:59:59'
+            Signature: 1faadccc76ce27891191f3b98a4feaac1220aa61f9a07540f1de38346f466d20bb5ecda07db57aaffc5b472a5d47f928fb717b5d407aff12311fe9cac2daa7fca057a85d34058cf2c02ae2c5168e7f99c7d065b9cd2ac1beda4c9d7fdf0caf7030b821b71bae2a0d17ccbc829b469407cddec7a1fbf93d8c0364b79231b978b227ea09dc6be8d83da1b430c6a1945254bdc987341ac9bccc93c74eb006e9960a38e74815a549617678b00857098adbac42783d88babc75de8e1569fe05b4c74a79e2e423e296b4f1585db891a257dd4b82167cbc8efcd6ae322c0d778036a8fd4b549e736ba03dff6c3a8835b9279fab3639b610554c87bfa6630d8b7a07e6c3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 61359ac44514d781769fd643666b4572
+            Version: 3
+            TBS:
+                MD5: 416fc5d0038211bf34811efeff6d562f
+                SHA1: e0acbd39e2fa410a22c96e2a3eaea4342a626f40
+                SHA256: 843e587edb9c53b2fbbf84cd90b217af016da1330905b25c16bb059a26b5726e
+                SHA384: 1a1167bbac2b00e60c10a4c1dc1d0f5105c42582b1a39e05a1d60710d97a24c6ff76fe73700f0fb0e1e03f27aebb7697
+        Signer:
+        -   SerialNumber: 61359ac44514d781769fd643666b4572
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: ludashi.com
+    Date: ''
+    Description: Ludashi System Driver
+    FileVersion: 1.6.15.1045
+    Filename: ''
+    MD5: 7671bbf15b7a8c8f59a0c42a1765136a
+    MachineType: I386
+    OriginalFilename: ComputerZ.Sys
+    Product: "\u9C81\u5927\u5E08"
+    ProductVersion: 1.6.15.1045
+    Publisher: ''
+    SHA1: 9f5453c36aa03760d935e062ac9e1f548d14e894
+    SHA256: e642d82c5cde2bc40a204736b5b8d6578e8e2b893877ae0508cfa3371fc254dc
+    Signature: ''
+    Imphash: a53b095a8d7366075d445892070cde51
+    Authentihash:
+        MD5: 55f05d6f7d05be2f6570b52ee06507e1
+        SHA1: 9a861ad1b13314a3637e16b286911d54db02a4bc
+        SHA256: bcf3c0762d6600506ff3b2f13ac6d978041b0b50131b3a564a558611dd3b96df
+    RichPEHeaderHash:
+        MD5: 36d79e4bc2a15ca68d83887d15f8f3b0
+        SHA1: 8ae8df369a94635efe2cd11c5a54829a352887c5
+        SHA256: c7e19135c0e8c6b70db667044a45444ec135e550845f32f0b49fa08cfe0a9e7e
+    Sections:
+        .text:
+            Entropy: 6.3753294877462245
+            Virtual Size: '0x3190'
+        .rdata:
+            Entropy: 4.088208142934422
+            Virtual Size: '0x1a4'
+        .data:
+            Entropy: 0.6406837316805838
+            Virtual Size: '0xa0'
+        INIT:
+            Entropy: 5.453105414777541
+            Virtual Size: '0x4b4'
+        .rsrc:
+            Entropy: 3.57239965128271
+            Virtual Size: '0x488'
+        .reloc:
+            Entropy: 5.767403415227798
+            Virtual Size: '0x282'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2015-09-05 21:28:18'
+    InternalName: ComputerZ.Sys
+    Copyright: "\u7248\u6743\u6240\u6709 (C) 2010-2015 www.ludashi.com"
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IofCompleteRequest
+    - RtlGetVersion
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - IoGetDeviceProperty
+    - RtlCompareUnicodeString
+    - ObfDereferenceObject
+    - IoGetDeviceAttachmentBaseRef
+    - PsGetVersion
+    - MmIsAddressValid
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - RtlAnsiStringToUnicodeString
+    - RtlInitAnsiString
+    - KeWaitForSingleObject
+    - RtlInitUnicodeString
+    - IoBuildDeviceIoControlRequest
+    - KeInitializeEvent
+    - MmUnmapIoSpace
+    - READ_REGISTER_BUFFER_UCHAR
+    - MmMapIoSpace
+    - READ_REGISTER_BUFFER_ULONG
+    - WRITE_REGISTER_ULONG
+    - WRITE_REGISTER_UCHAR
+    - KeSetTimer
+    - KeInitializeTimerEx
+    - _allmul
+    - SeReleaseSubjectContext
+    - SeTokenIsAdmin
+    - SeCaptureSubjectContext
+    - KeTickCount
+    - KeBugCheckEx
+    - RtlUnwind
+    - IoDeleteSymbolicLink
+    - IofCallDriver
+    - IoDeleteDevice
+    - HalGetBusDataByOffset
+    - HalSetBusDataByOffset
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited,
+                CN=COMODO Time Stamping Signer
+            ValidFrom: '2015-05-05 00:00:00'
+            ValidTo: '2015-12-31 23:59:59'
+            Signature: 0dbbad60111bb5f00dcce6483a7a3e0e33dc1cb9ead620fea34dd0cc764ee818d879dfd34f9a4264238a29728a3a6c66a63c3a17a8704565c673c3d0ce8954fbac690f58b019cb869f7eb97eeb5192bf9bddebd165f0257b887cdebda5c8b51451bcc081308a85387be679fe67559387fe4fe88d0eedf37292b5c289806dd159e31d0deab138ee039d0019a5ab219b79c3ccc23e687ebdc94d694db46451fbb22874e25389ce9dfaade2dbceab7b7e064474fd0aa3c9b7a730cd49d29264f122a6b828457479e9a7ce3b33f98350947d68c01d49c760787a3c6426d5befa0a6de41ee109538fa9c523acc79d614221f02c1671493b10af2c6f1ae631f114fd6c
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 009feac811b0f16247a5fc20d80523ace6
+            Version: 3
+            TBS:
+                MD5: b6aa9cf28bcfc9f07ec1069fb425ab61
+                SHA1: ca7a166fcd53878ba5a38d4cac37c63513cfc1fa
+                SHA256: 711394fc49f8948a831f687d42ced6b18514f57786ecc6cdbc3c3eb72e568a40
+                SHA384: ca01f9c9ed4e1ddff7126b7bbf618bc8132429886ca563f86655429e928739c621b9fdea6e04a623712cbb998c5c7d77
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=CN, ST=Beijing, L=Beijing, O=Qihoo 360 Software (Beijing) Company
+                Limited, OU=Digital ID Class 3 , Microsoft Software Validation v2,
+                OU=Tech. Dev. Dept., CN=Qihoo 360 Software (Beijing) Company Limited
+            ValidFrom: '2013-03-11 00:00:00'
+            ValidTo: '2016-03-10 23:59:59'
+            Signature: b1e984808fbc7d3658d18d137c68f1277611af3e98408e495fd55de202bc04f7dc44ae362658e6b5f9dd97b5b383b94723bae937b8fb9e75bb92317a85bcee1989c90c318216da71629f3147ae647502e71e360d16b7cf7006927282265eb0014300650595d1cccc07ed28d9df246055981cec3485bc3173aef9b76912a6cbb2766fa5363e1fc0a91d4679db92e1e1b8dc84e1a14de55324d522670f9e574714b2959ea7a89db456e3debd34d35bbe6403389421ac76615e4ce194990b325132fa62279f31e86fb7043627343fef7118672d5f1ce4666a594d746bb3c69bf123f27c6cb24079fc490a382286d4e85fc118ca9a4612dda448b84a25bcd0fa2cf1
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 51bd5d8e45b82a0210f17fe4c5233468
+            Version: 3
+            TBS:
+                MD5: ad73c81b3174cc055d9718b2145a3d1f
+                SHA1: 0cb9e92828857976774a9fe96c016cdc67a25e6d
+                SHA256: 2c5d88401dfeec2ebf814e09d0d0faec9d109a503d427da4a7f3e0dec5ae0b6c
+                SHA384: 48c38329eb7f200be0d48acddabdb93c354dd1b8b3c3ce955a23638a4e2e32dd7d0f3a4f227a2b6382adc95e746cc411
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 51bd5d8e45b82a0210f17fe4c5233468
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: ludashi.com
+    Date: ''
+    Description: Ludashi System Driver
+    FileVersion: 1.6.15.1045
+    Filename: ''
+    MD5: aa2ef08d48b66bd814280976614468a7
+    MachineType: AMD64
+    OriginalFilename: ComputerZ.Sys
+    Product: "\u9C81\u5927\u5E08"
+    ProductVersion: 1.6.15.1045
+    Publisher: ''
+    SHA1: 59aead65b240a163ad47b2d1cf33cdb330608317
+    SHA256: ed3448152bcacf20d7c33e9194c89d5304dee3fba16034dd0cc03a3374e63c91
+    Signature: ''
+    Imphash: fbfa302bf7eb5d615d0968541ee49ce4
+    Authentihash:
+        MD5: 98a39fd9543c26e95548235dbed6f6ee
+        SHA1: 55a83548224d9dc156e1ba4b4bd1400cad060009
+        SHA256: aac9c11490da2ad5316469aa91943b42d019b51ff6f1d9d9767260abd075bb8f
+    RichPEHeaderHash:
+        MD5: 931e927cdf1c24d5817bff89dab85a64
+        SHA1: 4cd801fca152bbe24f5f38fd11ceb6376bcef450
+        SHA256: 7122c2c491e45b9bc338bcc38386cc39217d647ee94adc68881890034b241fb2
+    Sections:
+        .text:
+            Entropy: 6.323647044082133
+            Virtual Size: '0x36fe'
+        .rdata:
+            Entropy: 4.706224571856012
+            Virtual Size: '0x3b4'
+        .data:
+            Entropy: 0.34051109993725664
+            Virtual Size: '0x1bc'
+        .pdata:
+            Entropy: 4.140010388960332
+            Virtual Size: '0x1e0'
+        INIT:
+            Entropy: 5.131166362174372
+            Virtual Size: '0x4e8'
+        .rsrc:
+            Entropy: 3.574245952532775
+            Virtual Size: '0x488'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2015-09-05 21:28:20'
+    InternalName: ComputerZ.Sys
+    Copyright: "\u7248\u6743\u6240\u6709 (C) 2010-2015 www.ludashi.com"
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - RtlGetVersion
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - IoGetDeviceAttachmentBaseRef
+    - PsGetVersion
+    - RtlCompareUnicodeString
+    - ObfDereferenceObject
+    - IoGetDeviceProperty
+    - RtlAnsiStringToUnicodeString
+    - RtlInitAnsiString
+    - RtlFreeUnicodeString
+    - IoDeleteDevice
+    - MmIsAddressValid
+    - IoBuildDeviceIoControlRequest
+    - KeInitializeEvent
+    - KeWaitForSingleObject
+    - IofCallDriver
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - SeTokenIsAdmin
+    - SeReleaseSubjectContext
+    - SeCaptureSubjectContext
+    - KeSetTimer
+    - KeInitializeTimerEx
+    - KeBugCheckEx
+    - RtlInitUnicodeString
+    - IoGetDeviceObjectPointer
+    - IoDeleteSymbolicLink
+    - __C_specific_handler
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited,
+                CN=COMODO Time Stamping Signer
+            ValidFrom: '2015-05-05 00:00:00'
+            ValidTo: '2015-12-31 23:59:59'
+            Signature: 0dbbad60111bb5f00dcce6483a7a3e0e33dc1cb9ead620fea34dd0cc764ee818d879dfd34f9a4264238a29728a3a6c66a63c3a17a8704565c673c3d0ce8954fbac690f58b019cb869f7eb97eeb5192bf9bddebd165f0257b887cdebda5c8b51451bcc081308a85387be679fe67559387fe4fe88d0eedf37292b5c289806dd159e31d0deab138ee039d0019a5ab219b79c3ccc23e687ebdc94d694db46451fbb22874e25389ce9dfaade2dbceab7b7e064474fd0aa3c9b7a730cd49d29264f122a6b828457479e9a7ce3b33f98350947d68c01d49c760787a3c6426d5befa0a6de41ee109538fa9c523acc79d614221f02c1671493b10af2c6f1ae631f114fd6c
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 009feac811b0f16247a5fc20d80523ace6
+            Version: 3
+            TBS:
+                MD5: b6aa9cf28bcfc9f07ec1069fb425ab61
+                SHA1: ca7a166fcd53878ba5a38d4cac37c63513cfc1fa
+                SHA256: 711394fc49f8948a831f687d42ced6b18514f57786ecc6cdbc3c3eb72e568a40
+                SHA384: ca01f9c9ed4e1ddff7126b7bbf618bc8132429886ca563f86655429e928739c621b9fdea6e04a623712cbb998c5c7d77
+        -   Subject: ??=HK, ??=Private Organization, serialNumber=1848744, C=HK, ST=Hong
+                Kong, L=Hong Kong, O=QIHU 360 SOFTWARE CO. LIMITED, CN=QIHU 360 SOFTWARE
+                CO. LIMITED
+            ValidFrom: '2013-05-21 00:00:00'
+            ValidTo: '2016-05-20 23:59:59'
+            Signature: 587d78ec02924b2d33f7c5cc7040ac737c6fca831ea1f059e6a03b75fa436dee4b7ff5ac1c23878cf3427830d11a3ea28eb7e01e07866f5208f06e3f53b7804792c79d3d6ae28d86bf5389667f6bc26499ab3f426cf4ab0f25ba10e46ef47e398eeb7346bdf4c94dda781f9b8dd207d68694c24cccf6784993196d868768e64c839aaf875032fab8bc00e0e35d791b7c9d00527038d7913aba02ea1a4dca9b6058ce8189cb22bb35937213f6ce8737c2b58f621a0821e05b7d072cd7fc1907fac18804aac193183c922eba0364cc4b228c9e47ad2a593d08b7ba21e7357d957586d69497799e365d2371efa162e7ad188ac0cc3139abba389d2478b5579f0c8a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 541fda68b5e95006f2fec51bea326365
+            Version: 3
+            TBS:
+                MD5: f741ec6836bb74e2370476618157c432
+                SHA1: a392f40f4b3dc57727804cbeef660bbf9e2fbb69
+                SHA256: faf712aafed949a99bad324e153686c3e94f25ed38ecadbee3e7650f23bea634
+                SHA384: d2935b45e517522578d0a44e3654896b3dd991aef0091a60a1d22d3c695b07b4d8e9c0b36bab3b44c1fe1c12cf225f91
+        -   Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 Extended Validation Code Signing CA
+            ValidFrom: '2012-06-07 00:00:00'
+            ValidTo: '2022-06-06 23:59:59'
+            Signature: 6af31dbc5f4dde03f949491dad3d761c96ba1b43e6f48602427578c70cc2e59dc4344f0ea9e94ab4be418487eaf487b44cdb10493bf7df1590ba84f8b747eb5b6550f3a34a7110167b1ce1f5d6edbf50566ff899b3a951b646aec697e0e79b0c153ebb287b31a300f32e8b8748128982ef095f490c909ec8f696a37b9a7513c847f03e3f6f0b50296c2b784c30fce4600c1340d63875a9077964fdca3ce4ef48930be00a48ff076b3b0283d166d5b9e198f40e9f69c42e552e01967d7e840c80767536cbfd4661f469cc1a9d642bba046ee91152da1299a15ab083c4bc4780a6274d007a36033cbe619863cb9f05ee8085eedd9592f7ee50d463dc8fa42479bf
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 6c59efa9e100e10ee306ba8fe0292559
+            Version: 3
+            TBS:
+                MD5: cc806ac6ce6822cccc165d63c1b8fa37
+                SHA1: 261a24e7b2648867017e7e852258ef87ab84c5f1
+                SHA256: a8b0af15f217006b33f9beafe49e22f7263776bdb82c268c97c4441a6c7357e6
+                SHA384: ce7e869a43aa2e17b7e4c0d78cabbca7b40d22c86e132153234d39b00ae426ceeef56c6ee8312f5ffda5c3f629a5dee1
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        Signer:
+        -   SerialNumber: 541fda68b5e95006f2fec51bea326365
+            Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 Extended Validation Code Signing CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: ludashi.com
+    Date: ''
+    Description: Ludashi System Driver
+    FileVersion: 1.6.15.1040
+    Filename: ''
+    MD5: 2399e6f7f868d05623be03a616b4811e
+    MachineType: I386
+    OriginalFilename: ComputerZ.Sys
+    Product: "\u9C81\u5927\u5E08"
+    ProductVersion: 1.6.15.1040
+    Publisher: ''
+    SHA1: 3b1f1e96fc8a7eb93b14b1213f797f164a313cee
+    SHA256: f14da8aa5c8eea8df63cf935481d673fdf3847f5701c310abf4023f9d80ad57d
+    Signature: ''
+    Imphash: 6e7cd05c0da9f82449a8b3795418ee00
+    Authentihash:
+        MD5: 7f772e4bc503225174de47d826f34529
+        SHA1: 769f3d19d1d1fad58ef06c23e7958b03222a2166
+        SHA256: bbb894950dc19c804c44a7dce8fe9a7267311e992421faffa8912f8b8b4dc09e
+    RichPEHeaderHash:
+        MD5: d1a79229c378e2371e92e26510f9d7dc
+        SHA1: 59d47b012da8415f780a06d0204294a48affa1ab
+        SHA256: cc6c4013bb762de8a20b4e2f725a9388fab9c386c3e86a5e30c1cc4429c6a525
+    Sections:
+        .text:
+            Entropy: 6.35776976846777
+            Virtual Size: '0x3030'
+        .rdata:
+            Entropy: 4.051905757372494
+            Virtual Size: '0x1a4'
+        .data:
+            Entropy: 0.6683247346784849
+            Virtual Size: '0x98'
+        INIT:
+            Entropy: 5.458003678104233
+            Virtual Size: '0x4a0'
+        .rsrc:
+            Entropy: 3.5668347451690603
+            Virtual Size: '0x488'
+        .reloc:
+            Entropy: 5.752765178414186
+            Virtual Size: '0x276'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2015-08-23 22:29:22'
+    InternalName: ComputerZ.Sys
+    Copyright: "\u7248\u6743\u6240\u6709 (C) 2010-2015 www.ludashi.com"
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - IoGetDeviceProperty
+    - RtlCompareUnicodeString
+    - ObfDereferenceObject
+    - IoGetDeviceAttachmentBaseRef
+    - PsGetVersion
+    - MmIsAddressValid
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - RtlAnsiStringToUnicodeString
+    - RtlInitAnsiString
+    - KeWaitForSingleObject
+    - IofCallDriver
+    - RtlInitUnicodeString
+    - KeInitializeEvent
+    - MmUnmapIoSpace
+    - READ_REGISTER_BUFFER_UCHAR
+    - MmMapIoSpace
+    - READ_REGISTER_BUFFER_ULONG
+    - WRITE_REGISTER_ULONG
+    - WRITE_REGISTER_UCHAR
+    - KeSetTimer
+    - KeInitializeTimerEx
+    - _allmul
+    - SeReleaseSubjectContext
+    - SeTokenIsAdmin
+    - SeCaptureSubjectContext
+    - KeTickCount
+    - KeBugCheckEx
+    - RtlUnwind
+    - IoDeleteSymbolicLink
+    - IoBuildDeviceIoControlRequest
+    - IoDeleteDevice
+    - HalGetBusDataByOffset
+    - HalSetBusDataByOffset
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited,
+                CN=COMODO Time Stamping Signer
+            ValidFrom: '2015-05-05 00:00:00'
+            ValidTo: '2015-12-31 23:59:59'
+            Signature: 0dbbad60111bb5f00dcce6483a7a3e0e33dc1cb9ead620fea34dd0cc764ee818d879dfd34f9a4264238a29728a3a6c66a63c3a17a8704565c673c3d0ce8954fbac690f58b019cb869f7eb97eeb5192bf9bddebd165f0257b887cdebda5c8b51451bcc081308a85387be679fe67559387fe4fe88d0eedf37292b5c289806dd159e31d0deab138ee039d0019a5ab219b79c3ccc23e687ebdc94d694db46451fbb22874e25389ce9dfaade2dbceab7b7e064474fd0aa3c9b7a730cd49d29264f122a6b828457479e9a7ce3b33f98350947d68c01d49c760787a3c6426d5befa0a6de41ee109538fa9c523acc79d614221f02c1671493b10af2c6f1ae631f114fd6c
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 009feac811b0f16247a5fc20d80523ace6
+            Version: 3
+            TBS:
+                MD5: b6aa9cf28bcfc9f07ec1069fb425ab61
+                SHA1: ca7a166fcd53878ba5a38d4cac37c63513cfc1fa
+                SHA256: 711394fc49f8948a831f687d42ced6b18514f57786ecc6cdbc3c3eb72e568a40
+                SHA384: ca01f9c9ed4e1ddff7126b7bbf618bc8132429886ca563f86655429e928739c621b9fdea6e04a623712cbb998c5c7d77
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=CN, ST=Beijing, L=Beijing, O=Qihoo 360 Software (Beijing) Company
+                Limited, OU=Digital ID Class 3 , Microsoft Software Validation v2,
+                OU=Tech. Dev. Dept., CN=Qihoo 360 Software (Beijing) Company Limited
+            ValidFrom: '2013-03-11 00:00:00'
+            ValidTo: '2016-03-10 23:59:59'
+            Signature: b1e984808fbc7d3658d18d137c68f1277611af3e98408e495fd55de202bc04f7dc44ae362658e6b5f9dd97b5b383b94723bae937b8fb9e75bb92317a85bcee1989c90c318216da71629f3147ae647502e71e360d16b7cf7006927282265eb0014300650595d1cccc07ed28d9df246055981cec3485bc3173aef9b76912a6cbb2766fa5363e1fc0a91d4679db92e1e1b8dc84e1a14de55324d522670f9e574714b2959ea7a89db456e3debd34d35bbe6403389421ac76615e4ce194990b325132fa62279f31e86fb7043627343fef7118672d5f1ce4666a594d746bb3c69bf123f27c6cb24079fc490a382286d4e85fc118ca9a4612dda448b84a25bcd0fa2cf1
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 51bd5d8e45b82a0210f17fe4c5233468
+            Version: 3
+            TBS:
+                MD5: ad73c81b3174cc055d9718b2145a3d1f
+                SHA1: 0cb9e92828857976774a9fe96c016cdc67a25e6d
+                SHA256: 2c5d88401dfeec2ebf814e09d0d0faec9d109a503d427da4a7f3e0dec5ae0b6c
+                SHA384: 48c38329eb7f200be0d48acddabdb93c354dd1b8b3c3ce955a23638a4e2e32dd7d0f3a4f227a2b6382adc95e746cc411
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 51bd5d8e45b82a0210f17fe4c5233468
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: ludashi.com
+    Date: ''
+    Description: Ludashi System Driver
+    FileVersion: 1.6.16.1000
+    Filename: ''
+    MD5: 88d2143ae62878dada3aa0a6d8f7cea8
+    MachineType: AMD64
+    OriginalFilename: ComputerZ.Sys
+    Product: "\u9C81\u5927\u5E08"
+    ProductVersion: 1.6.16.1000
+    Publisher: ''
+    SHA1: 195b91a1a43de8bfb52a4869fbf53d7a226a6559
+    SHA256: f93e0d776481c4ded177d5e4aebb27f30f0d47dcb4a1448aee8b66099ac686e1
+    Signature: ''
+    Imphash: fbfa302bf7eb5d615d0968541ee49ce4
+    Authentihash:
+        MD5: 319150f8644a8a012bc781ef949912f4
+        SHA1: 04513e47cd38886aaa7d7f044e95d6f96b481779
+        SHA256: 3eea0723a9007f5a85382cd2e92d9f9cc94bb9e2f7fbb6d99a7c70c8527caa5a
+    RichPEHeaderHash:
+        MD5: 931e927cdf1c24d5817bff89dab85a64
+        SHA1: 4cd801fca152bbe24f5f38fd11ceb6376bcef450
+        SHA256: 7122c2c491e45b9bc338bcc38386cc39217d647ee94adc68881890034b241fb2
+    Sections:
+        .text:
+            Entropy: 6.336289155647874
+            Virtual Size: '0x36ee'
+        .rdata:
+            Entropy: 4.6891440937887054
+            Virtual Size: '0x3a4'
+        .data:
+            Entropy: 0.3458408061738237
+            Virtual Size: '0x1b4'
+        .pdata:
+            Entropy: 4.149526841065974
+            Virtual Size: '0x1e0'
+        INIT:
+            Entropy: 5.1298643613195445
+            Virtual Size: '0x4e8'
+        .rsrc:
+            Entropy: 3.5641654969859053
+            Virtual Size: '0x488'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2016-02-26 01:48:33'
+    InternalName: ComputerZ.Sys
+    Copyright: "\u7248\u6743\u6240\u6709 (C) 2010-2016 www.ludashi.com"
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - RtlGetVersion
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - IoGetDeviceAttachmentBaseRef
+    - PsGetVersion
+    - RtlCompareUnicodeString
+    - ObfDereferenceObject
+    - IoGetDeviceProperty
+    - RtlAnsiStringToUnicodeString
+    - RtlInitAnsiString
+    - RtlFreeUnicodeString
+    - IoDeleteDevice
+    - MmIsAddressValid
+    - IoBuildDeviceIoControlRequest
+    - KeInitializeEvent
+    - KeWaitForSingleObject
+    - IofCallDriver
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - SeTokenIsAdmin
+    - SeReleaseSubjectContext
+    - SeCaptureSubjectContext
+    - KeSetTimer
+    - KeInitializeTimerEx
+    - KeBugCheckEx
+    - RtlInitUnicodeString
+    - IoGetDeviceObjectPointer
+    - IoDeleteSymbolicLink
+    - __C_specific_handler
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=CN, ST=Beijing, L=Beijing, O=Qihoo 360 Software (Beijing) Company
+                Limited, OU=Tech. Dev. Dept., CN=Qihoo 360 Software (Beijing) Company
+                Limited
+            ValidFrom: '2016-01-06 00:00:00'
+            ValidTo: '2019-03-28 23:59:59'
+            Signature: 14deff13d888b68e8fe51fe761e94a08cc7e9223861f3cf61f51f8629fc2011ae3a3b5af2efaea5120a92b16a2e3da99181ce1a741fb2cfb8dcd78c869ad25911476c9e2bcb28159a9161851e3e46c2828ca7f89bd36b454e49ef28a6d87563bced3277710e9147ec817efd71301e868158e2c9d7a6310f112134054629047fe8637cf4fe1c21a0ad29b388f0031a1e13e4f9b06dc81351d8de4bf8fc9adf748105315d0f67c9c4e391f42abdb51877347685bc072e3bb649899bb8b4697f6d48269a53576fa82f3e0a9552c03b645c07f832ddf3545877ac64f8610d861d54e3ec1c09f3586f1b78564a618e3c761409ac9c84d0a9c8cbaba46d7b11cba1dfb
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 26279f0f2f11970dccf63eba88f2d4c4
+            Version: 3
+            TBS:
+                MD5: fbebdc165d8f4616444075e0a48855e6
+                SHA1: f6bf44f1acae05fc1638190459485da95f4ed1ec
+                SHA256: 6917dc56b04b2bd7a75f0987ee27c832dc62298b698b585a4c2c07eb890b6528
+                SHA384: c857fb61de8d13e1ac649fbaa4d69acd293d8542cd380411db8bbe2fdc3b9d98c607d0d267081fac285dd33e9141f329
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 26279f0f2f11970dccf63eba88f2d4c4
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: ludashi.com
+    Date: ''
+    Description: Ludashi System Driver
+    FileVersion: 1.6.16.1005
+    Filename: ''
+    MD5: 0ac31915ec9a6b7d4d4bba8fe6d60ff7
+    MachineType: AMD64
+    OriginalFilename: ComputerZ.Sys
+    Product: "\u9C81\u5927\u5E08"
+    ProductVersion: 1.6.16.1005
+    Publisher: ''
+    SHA1: 5c88d9fcc491c7f1078c224e1d6c9f5bda8f3d8a
+    SHA256: fa77a472e95c4d0a2271e5d7253a85af25c07719df26941b39082cfc0733071a
+    Signature: ''
+    Imphash: fbfa302bf7eb5d615d0968541ee49ce4
+    Authentihash:
+        MD5: 8ab57a309eded5eb8ccfc7fd6712ee47
+        SHA1: fe0db53751edd272612f58bd8afc8ee844f65937
+        SHA256: 694385b46b72e65604afd251fba3c8febb42225343d38feecec3f424ce45f2c3
+    RichPEHeaderHash:
+        MD5: 931e927cdf1c24d5817bff89dab85a64
+        SHA1: 4cd801fca152bbe24f5f38fd11ceb6376bcef450
+        SHA256: 7122c2c491e45b9bc338bcc38386cc39217d647ee94adc68881890034b241fb2
+    Sections:
+        .text:
+            Entropy: 6.329458453101564
+            Virtual Size: '0x36ae'
+        .rdata:
+            Entropy: 4.666070935125919
+            Virtual Size: '0x3c4'
+        .data:
+            Entropy: 0.3458408061738237
+            Virtual Size: '0x1b4'
+        .pdata:
+            Entropy: 4.0276869939886195
+            Virtual Size: '0x1e0'
+        INIT:
+            Entropy: 5.134900403524605
+            Virtual Size: '0x4e8'
+        .rsrc:
+            Entropy: 3.571306375348106
+            Virtual Size: '0x488'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2016-04-18 20:27:28'
+    InternalName: ComputerZ.Sys
+    Copyright: "\u7248\u6743\u6240\u6709 (C) 2010-2016 www.ludashi.com"
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - RtlGetVersion
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - IoGetDeviceAttachmentBaseRef
+    - PsGetVersion
+    - RtlCompareUnicodeString
+    - ObfDereferenceObject
+    - IoGetDeviceProperty
+    - RtlAnsiStringToUnicodeString
+    - RtlInitAnsiString
+    - RtlFreeUnicodeString
+    - IoDeleteDevice
+    - MmIsAddressValid
+    - IoBuildDeviceIoControlRequest
+    - KeInitializeEvent
+    - KeWaitForSingleObject
+    - IofCallDriver
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - SeTokenIsAdmin
+    - SeReleaseSubjectContext
+    - SeCaptureSubjectContext
+    - KeSetTimer
+    - KeInitializeTimerEx
+    - KeBugCheckEx
+    - RtlInitUnicodeString
+    - IoGetDeviceObjectPointer
+    - IoDeleteSymbolicLink
+    - __C_specific_handler
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=CN, ST=Beijing, L=Beijing, O=Qihoo 360 Software (Beijing) Company
+                Limited, OU=Tech. Dev. Dept., CN=Qihoo 360 Software (Beijing) Company
+                Limited
+            ValidFrom: '2016-01-06 00:00:00'
+            ValidTo: '2019-03-28 23:59:59'
+            Signature: 14deff13d888b68e8fe51fe761e94a08cc7e9223861f3cf61f51f8629fc2011ae3a3b5af2efaea5120a92b16a2e3da99181ce1a741fb2cfb8dcd78c869ad25911476c9e2bcb28159a9161851e3e46c2828ca7f89bd36b454e49ef28a6d87563bced3277710e9147ec817efd71301e868158e2c9d7a6310f112134054629047fe8637cf4fe1c21a0ad29b388f0031a1e13e4f9b06dc81351d8de4bf8fc9adf748105315d0f67c9c4e391f42abdb51877347685bc072e3bb649899bb8b4697f6d48269a53576fa82f3e0a9552c03b645c07f832ddf3545877ac64f8610d861d54e3ec1c09f3586f1b78564a618e3c761409ac9c84d0a9c8cbaba46d7b11cba1dfb
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 26279f0f2f11970dccf63eba88f2d4c4
+            Version: 3
+            TBS:
+                MD5: fbebdc165d8f4616444075e0a48855e6
+                SHA1: f6bf44f1acae05fc1638190459485da95f4ed1ec
+                SHA256: 6917dc56b04b2bd7a75f0987ee27c832dc62298b698b585a4c2c07eb890b6528
+                SHA384: c857fb61de8d13e1ac649fbaa4d69acd293d8542cd380411db8bbe2fdc3b9d98c607d0d267081fac285dd33e9141f329
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 26279f0f2f11970dccf63eba88f2d4c4
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/9c3c6e89-3916-498f-81e5-da057ab3ed42.yaml b/yaml/9c3c6e89-3916-498f-81e5-da057ab3ed42.yaml
index ebd3fe1e6..1f5e14a5d 100644
--- a/yaml/9c3c6e89-3916-498f-81e5-da057ab3ed42.yaml
+++ b/yaml/9c3c6e89-3916-498f-81e5-da057ab3ed42.yaml
@@ -1,3888 +1,3890 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 9c3c6e89-3916-498f-81e5-da057ab3ed42
+Tags:
+- windbg.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: malicious
-Commands:
-  Command: sc.exe create windbg.sys binPath=C:\windows\temp\windbg.sys type=kernel
-    && sc.exe start windbg.sys
-  Description: Kernel driver seen in a recent CopperStealer campaign.
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-04-22'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/e1cb86386757b947b39086cc8639da988f6e8018ca9995dd669bdc03c8d39d7d.yara
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/fa9abb3e7e06f857be191a1e049dd37642ec41fb2520c105df2227fcac3de5d5.yara
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/06c5ebd0371342d18bc81a96f5e5ce28de64101e3c2fd0161d0b54d8368d2f1f.yara
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_mal_drivers_strict.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: 9c3c6e89-3916-498f-81e5-da057ab3ed42
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 265462dbda175886e0c02257f2385753
-    SHA1: 0e45b675fec76249e64f8a2d4bd5483886b91169
-    SHA256: 37a1a3fa4dc148924c1bfb60c88ffef082ee58cd0ee804d2de0f1d22c1e7802c
-  Company: Microsoft Corporation
-  Copyright: '? Microsoft Corporation. All rights reserved.'
-  CreationTimestamp: '2023-03-30 04:24:09'
-  Date: ''
-  Description: Windows GUI symbolic debugger
-  ExportedFunctions: ''
-  FileVersion: 10.0.19041.685 (WinBuild.160101.0800)
-  Filename: windbg.sys
-  ImportedFunctions:
-  - IoDeleteDevice
-  - IoDetachDevice
-  - memcpy
-  - memset
-  - ZwClose
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - ObOpenObjectByPointer
-  - PsProcessType
-  - PsLookupProcessByProcessId
-  - MmGetSystemRoutineAddress
-  - RtlInitUnicodeString
-  - IofCallDriver
-  - PsGetCurrentProcessId
-  - IoGetLowerDeviceObject
-  - ObfDereferenceObject
-  - IoGetAttachedDeviceReference
-  - IoUnregisterShutdownNotification
-  - KeDelayExecutionThread
-  - IoAttachDeviceToDeviceStackSafe
-  - IoCreateDevice
-  - IoEnumerateDeviceObjectList
-  - IoRegisterShutdownNotification
-  - IoUnregisterFsRegistrationChange
-  - IoRegisterFsRegistrationChange
-  - _vsnwprintf
-  - PsGetVersion
-  - ZwAllocateVirtualMemory
-  - MmUnmapLockedPages
-  - IoFreeMdl
-  - MmMapLockedPages
-  - MmBuildMdlForNonPagedPool
-  - MmCreateMdl
-  - ZwReadFile
-  - ZwQueryInformationFile
-  - IoCreateFile
-  - _wcsicmp
-  - _wcsnicmp
-  - RtlEqualUnicodeString
-  - ZwWriteFile
-  - ZwFlushKey
-  - ZwSetValueKey
-  - ZwQueryValueKey
-  - RtlRandom
-  - KeQuerySystemTime
-  - ZwDeleteKey
-  - ZwOpenKey
-  - ZwEnumerateKey
-  - IoFreeIrp
-  - KeSetEvent
-  - KeWaitForSingleObject
-  - KeGetCurrentThread
-  - KeInitializeEvent
-  - IoAllocateIrp
-  - IoGetRelatedDeviceObject
-  - ObReferenceObjectByHandle
-  - IoFileObjectType
-  - ObQueryNameString
-  - RtlCopyUnicodeString
-  - MmIsAddressValid
-  - PsGetProcessPeb
-  - RtlCreateUnicodeString
-  - ZwDeleteValueKey
-  - ZwCreateKey
-  - RtlFreeUnicodeString
-  - ZwDeleteFile
-  - PsRemoveLoadImageNotifyRoutine
-  - CmUnRegisterCallback
-  - PsSetLoadImageNotifyRoutine
-  - CmRegisterCallback
-  - ObReferenceObjectByName
-  - ZwFreeVirtualMemory
-  - ZwWaitForSingleObject
-  - KeUnstackDetachProcess
-  - KeStackAttachProcess
-  - ZwDuplicateObject
-  - PsGetProcessSessionId
-  - _strnicmp
-  - RtlSubAuthoritySid
-  - RtlSubAuthorityCountSid
-  - ZwQueryInformationToken
-  - ZwOpenProcessTokenEx
-  - PsTerminateSystemThread
-  - PsThreadType
-  - PsCreateSystemThread
-  - KeTickCount
-  - KeBugCheckEx
-  - _vsnprintf
-  - strncmp
-  - strchr
-  - strncpy
-  - strstr
-  - ExAllocatePool
-  - _stricmp
-  - rand
-  - ZwCreateFile
-  - IoBuildDeviceIoControlRequest
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - _allshl
-  - RtlUnwind
-  Imports:
-  - ntoskrnl.exe
-  InternalName: windbg.sys
-  MD5: 88bea56ae9257b40063785cf47546024
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: windbg.sys
-  Product: Microsoft? Windows? Operating System
-  ProductVersion: 10.0.19041.685
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: e1c6e942db6887e4c9e630b5bb75c313
-    SHA1: e703cd9718363d923287424967d01ca57fc8a842
-    SHA256: 8afa5d95d504001486a7641c204a06b483d2cf4f3b4ed072606cc05759996d9d
-  SHA1: b5a8e2104d76dbb04cd9ffe86784113585822375
-  SHA256: e1cb86386757b947b39086cc8639da988f6e8018ca9995dd669bdc03c8d39d7d
-  Sections:
-    .text:
-      Entropy: 6.560143155001299
-      Virtual Size: '0xcf52'
-    .rdata:
-      Entropy: 7.956474654695534
-      Virtual Size: '0xdc5e4'
-    .data:
-      Entropy: 2.3758735106170197
-      Virtual Size: '0x2420'
-    INIT:
-      Entropy: 5.700732148931988
-      Virtual Size: '0xa1a'
-    .rsrc:
-      Entropy: 3.337476767732356
-      Virtual Size: '0x400'
-    .reloc:
-      Entropy: 3.4327474207821553
-      Virtual Size: '0x144e'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: ??=CN, ??=, ??=, ??=Private Organization, serialNumber=91420100MA4KN92W72,
-        C=CN, ST=, L=, O=Wuhan Jiajia Yiyong Technology Co., Ltd., CN=Wuhan Jiajia
-        Yiyong Technology Co., Ltd.
-      ValidFrom: '2020-11-17 00:00:00'
-      ValidTo: '2023-11-12 23:59:59'
-      Signature: 9451eb3eee03a01f0c66d87dc537eb17f37bc157ec9037c05a55ee4a3d0c207c67b981841c2b642084bca0a3c65f8e8eb5413f3e897b267aad91044c4098319a1f703fa995afdc53896d20245af8c2829e80081d36135ac1acb414bf966fd0af157b3fc2dac8f616f2b794a76b0fb7b300db0c579f093e31dd739b43f09fb7a73c6c914d8453032ea14950246e80abfc7fbaff2597ab68b6f03d30d97edbee25c0e2786040a1770e26661867920f3b01132c4ac5dc9ef97ae59e7baad68fe1b2b12acc7ed54697e9d4025ced62ac9dca82104ac7dd8219b331fcbed72aab33b95fed0ef6a1f9831c8b68457be6b080ae3c9ae15df500a53b7b2a198ee71abd1b
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 012eab44fa8853d913e7107c89406432
-      Version: 3
-      TBS:
-        MD5: 5d40693a8cfc4fd21f0c610ed3ee8477
-        SHA1: 4dffeb59ea4c32c7b87c9fe44d55f5e622444824
-        SHA256: d7380ff1b3d400fdf8cf2d8ab18ac65a071ae51c83cce017fa236fb530c4af74
-        SHA384: 9feb1b57516ca5131bb53e05cfc2c1d1df028761ede93e58f42026a9781507a72e28bb2aca693c72f29da7f0421f45bc
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA
-      ValidFrom: '2012-04-18 12:00:00'
-      ValidTo: '2027-04-18 12:00:00'
-      Signature: 9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0dd0e3374ac95bdbfa6b434b2a48ec06
-      Version: 3
-      TBS:
-        MD5: f92649915476229b093c211c2b18e6c4
-        SHA1: 2d54c16a8f8b69ccdea48d0603c132f547a5cf75
-        SHA256: 2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
-        SHA384: 511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace
-    Signer:
-    - SerialNumber: 012eab44fa8853d913e7107c89406432
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA
-      Version: 1
-  Imphash: f8e4844312e81dbdb4e8e95e2ad2c127
-  LoadsDespiteHVCI: 'TRUE'
-- Authentihash:
-    MD5: dbc72430b48b0ca636a84b9e5ed0d534
-    SHA1: 58ca196bfd54c6166aae0f8000fa8a1a66a0073e
-    SHA256: 45b969ae1b381716a29cd509622470b5b20b70c7efe4c9b7c0568faa298605ff
-  Company: Microsoft Corporation
-  Copyright: '? Microsoft Corporation. All rights reserved.'
-  CreationTimestamp: '2023-03-30 04:24:09'
-  Date: ''
-  Description: Windows GUI symbolic debugger
-  ExportedFunctions: ''
-  FileVersion: 10.0.19041.685 (WinBuild.160101.0800)
-  Filename: windbg.sys
-  ImportedFunctions:
-  - IoDeleteDevice
-  - IoDetachDevice
-  - memcpy
-  - memset
-  - ZwClose
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - ObOpenObjectByPointer
-  - PsProcessType
-  - PsLookupProcessByProcessId
-  - MmGetSystemRoutineAddress
-  - RtlInitUnicodeString
-  - IofCallDriver
-  - PsGetCurrentProcessId
-  - IoGetLowerDeviceObject
-  - ObfDereferenceObject
-  - IoGetAttachedDeviceReference
-  - IoUnregisterShutdownNotification
-  - KeDelayExecutionThread
-  - IoAttachDeviceToDeviceStackSafe
-  - IoCreateDevice
-  - IoEnumerateDeviceObjectList
-  - IoRegisterShutdownNotification
-  - IoUnregisterFsRegistrationChange
-  - IoRegisterFsRegistrationChange
-  - _vsnwprintf
-  - PsGetVersion
-  - ZwAllocateVirtualMemory
-  - MmUnmapLockedPages
-  - IoFreeMdl
-  - MmMapLockedPages
-  - MmBuildMdlForNonPagedPool
-  - MmCreateMdl
-  - ZwReadFile
-  - ZwQueryInformationFile
-  - IoCreateFile
-  - _wcsicmp
-  - _wcsnicmp
-  - RtlEqualUnicodeString
-  - ZwWriteFile
-  - ZwFlushKey
-  - ZwSetValueKey
-  - ZwQueryValueKey
-  - RtlRandom
-  - KeQuerySystemTime
-  - ZwDeleteKey
-  - ZwOpenKey
-  - ZwEnumerateKey
-  - IoFreeIrp
-  - KeSetEvent
-  - KeWaitForSingleObject
-  - KeGetCurrentThread
-  - KeInitializeEvent
-  - IoAllocateIrp
-  - IoGetRelatedDeviceObject
-  - ObReferenceObjectByHandle
-  - IoFileObjectType
-  - ObQueryNameString
-  - RtlCopyUnicodeString
-  - MmIsAddressValid
-  - PsGetProcessPeb
-  - RtlCreateUnicodeString
-  - ZwDeleteValueKey
-  - ZwCreateKey
-  - RtlFreeUnicodeString
-  - ZwDeleteFile
-  - PsRemoveLoadImageNotifyRoutine
-  - CmUnRegisterCallback
-  - PsSetLoadImageNotifyRoutine
-  - CmRegisterCallback
-  - ObReferenceObjectByName
-  - ZwFreeVirtualMemory
-  - ZwWaitForSingleObject
-  - KeUnstackDetachProcess
-  - KeStackAttachProcess
-  - ZwDuplicateObject
-  - PsGetProcessSessionId
-  - _strnicmp
-  - RtlSubAuthoritySid
-  - RtlSubAuthorityCountSid
-  - ZwQueryInformationToken
-  - ZwOpenProcessTokenEx
-  - PsTerminateSystemThread
-  - PsThreadType
-  - PsCreateSystemThread
-  - KeTickCount
-  - KeBugCheckEx
-  - _vsnprintf
-  - strncmp
-  - strchr
-  - strncpy
-  - strstr
-  - ExAllocatePool
-  - _stricmp
-  - rand
-  - ZwCreateFile
-  - IoBuildDeviceIoControlRequest
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - _allshl
-  - RtlUnwind
-  Imports:
-  - ntoskrnl.exe
-  InternalName: windbg.sys
-  MD5: b6b530dd25c5eb66499968ec82e8791e
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: windbg.sys
-  Product: Microsoft? Windows? Operating System
-  ProductVersion: 10.0.19041.685
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: e1c6e942db6887e4c9e630b5bb75c313
-    SHA1: e703cd9718363d923287424967d01ca57fc8a842
-    SHA256: 8afa5d95d504001486a7641c204a06b483d2cf4f3b4ed072606cc05759996d9d
-  SHA1: 9c1c9032aa1e33461f35dbf79b6f2d061bfc6774
-  SHA256: fa9abb3e7e06f857be191a1e049dd37642ec41fb2520c105df2227fcac3de5d5
-  Sections:
-    .text:
-      Entropy: 6.560245241511933
-      Virtual Size: '0xcf52'
-    .rdata:
-      Entropy: 7.956474654695534
-      Virtual Size: '0xdc5e4'
-    .data:
-      Entropy: 2.3758735106170197
-      Virtual Size: '0x2420'
-    INIT:
-      Entropy: 5.700732148931988
-      Virtual Size: '0xa1a'
-    .rsrc:
-      Entropy: 3.337476767732356
-      Virtual Size: '0x400'
-    .reloc:
-      Entropy: 3.4327474207821553
-      Virtual Size: '0x144e'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Hardware Compatibility Publisher
-      ValidFrom: '2023-01-12 19:14:51'
-      ValidTo: '2023-12-15 19:14:51'
-      Signature: 04d1261b735b38b551b427cf9a295d4eb18edd92de14079aa33a10511ee6d262938b29ae208f96be64a80e2967fb8d7aa5750613901a9da6a82935398175482096430c9acecb55ee2c5468d119f467378c18251a8fe01e9d7b79bce903ccb7afb227e2d0abee00bd9fd6bbbbd67c014888dc46f3efa912d4576f7ca9980957609cd21fbd51815cb11bee95fa780498d905e866bc1a604e407ee0d97a105bcc8e600200b19b9c3a56cb3918047f21ba9ee2228b46b8e5c8b456ba65e6f0c40d28294b654761660e9d14948866c3f0f65f028e47641059d3f195812e871362128bcefb901d5aeace862e3d683b291d65c138138ea1335fe3552f4c46a7f7b0c6e5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 33000000f3158ea57d1c559f290000000000f3
-      Version: 3
-      TBS:
-        MD5: 8d4476692bcda36ed89244b94bd705f0
-        SHA1: ce72176d5cad611366e13a9a997ad7ecc7eb815f
-        SHA256: dd1db9c0e7e50040ac6c586c1b6fd479cef240c064473373f75fbeb3e04ff972
-        SHA384: 6f8e6245a2f817203781cc38a9463e5ac7a7db499aede35d3321b4848fc1389dd29831cdfc26984a691d5875c4eebf1a
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2012
-      ValidFrom: '2012-04-18 23:48:38'
-      ValidTo: '2027-04-18 23:58:38'
-      Signature: 5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 610baac1000000000009
-      Version: 3
-      TBS:
-        MD5: a569061297e8e824767dbc3184a69bea
-        SHA1: adbb26a587a8f44b4fccaecb306f980d1c55a150
-        SHA256: cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46
-        SHA384: e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba
-    Signer:
-    - SerialNumber: 33000000f3158ea57d1c559f290000000000f3
-      Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2012
-      Version: 1
-  Imphash: f8e4844312e81dbdb4e8e95e2ad2c127
-  LoadsDespiteHVCI: 'TRUE'
-- Authentihash:
-    MD5: 98a3ab2b723de48256701b417ff87a65
-    SHA1: ff80d6663a92ff454526e88847cbb4d9bd00e21e
-    SHA256: 79278979d9300670d1084493bbc03ae374efc5ab02850941e85753885fa88e47
-  Company: Microsoft Corporation
-  Copyright: '? Microsoft Corporation. All rights reserved.'
-  CreationTimestamp: '2023-03-30 04:23:58'
-  Date: ''
-  Description: Windows GUI symbolic debugger
-  ExportedFunctions: ''
-  FileVersion: 10.0.19041.685 (WinBuild.160101.0800)
-  Filename: windbg.sys
-  ImportedFunctions:
-  - ExAllocatePoolWithTag
-  - PsProcessType
-  - IoGetLowerDeviceObject
-  - ExFreePoolWithTag
-  - IoRegisterShutdownNotification
-  - IoAttachDeviceToDeviceStackSafe
-  - PsLookupProcessByProcessId
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - MmGetSystemRoutineAddress
-  - IoDetachDevice
-  - KeDelayExecutionThread
-  - IoUnregisterShutdownNotification
-  - ZwClose
-  - IoGetAttachedDeviceReference
-  - PsGetCurrentProcessId
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - IoEnumerateDeviceObjectList
-  - IoUnregisterFsRegistrationChange
-  - ObOpenObjectByPointer
-  - IoRegisterFsRegistrationChange
-  - IofCallDriver
-  - MmUnmapLockedPages
-  - _wcsicmp
-  - PsGetProcessPeb
-  - ZwCreateKey
-  - RtlCreateUnicodeString
-  - MmMapLockedPages
-  - PsSetLoadImageNotifyRoutine
-  - _wcsnicmp
-  - ZwReadFile
-  - IoGetRelatedDeviceObject
-  - KeSetEvent
-  - IoCreateFile
-  - KeInitializeEvent
-  - ZwDeleteValueKey
-  - ZwSetValueKey
-  - RtlEqualUnicodeString
-  - MmBuildMdlForNonPagedPool
-  - IoFreeMdl
-  - RtlFreeUnicodeString
-  - ObQueryNameString
-  - IoFileObjectType
-  - ZwQueryValueKey
-  - _vsnwprintf
-  - RtlRandom
-  - ObReferenceObjectByHandle
-  - KeWaitForSingleObject
-  - PsRemoveLoadImageNotifyRoutine
-  - ZwFlushKey
-  - MmCreateMdl
-  - IoFreeIrp
-  - ZwDeleteFile
-  - PsGetVersion
-  - IoAllocateIrp
-  - CmRegisterCallback
-  - RtlCopyUnicodeString
-  - MmIsAddressValid
-  - CmUnRegisterCallback
-  - ZwQueryInformationFile
-  - ZwWriteFile
-  - ZwDeleteKey
-  - ZwEnumerateKey
-  - ZwAllocateVirtualMemory
-  - ZwOpenKey
-  - KeUnstackDetachProcess
-  - ZwWaitForSingleObject
-  - ZwFreeVirtualMemory
-  - PsGetProcessSessionId
-  - ZwDuplicateObject
-  - ObReferenceObjectByName
-  - KeStackAttachProcess
-  - RtlSubAuthoritySid
-  - _strnicmp
-  - ZwOpenProcessTokenEx
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - PsThreadType
-  - RtlSubAuthorityCountSid
-  - ZwQueryInformationToken
-  - KeBugCheckEx
-  - strncmp
-  - strstr
-  - strchr
-  - strncpy
-  - _vsnprintf
-  - rand
-  - _stricmp
-  - ExAllocatePool
-  - IoBuildDeviceIoControlRequest
-  - ZwCreateFile
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - __C_specific_handler
-  Imports:
-  - ntoskrnl.exe
-  InternalName: windbg.sys
-  MD5: 40b968ecdbe9e967d92c5da51c390eee
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: windbg.sys
-  Product: Microsoft? Windows? Operating System
-  ProductVersion: 10.0.19041.685
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 0b8725117e665d5272218cb41038327d
-    SHA1: a6dde20a0c8ba6cfe531ce1a57035b8d7b3d900a
-    SHA256: b54213d1248761579f5f569ab7e32402dd88a12622377d381f7eb55d4f4eb053
-  SHA1: b8b123a413b7bccfa8433deba4f88669c969b543
-  SHA256: 06c5ebd0371342d18bc81a96f5e5ce28de64101e3c2fd0161d0b54d8368d2f1f
-  Sections:
-    .text:
-      Entropy: 6.316212989532183
-      Virtual Size: '0xf332'
-    .rdata:
-      Entropy: 7.924187513971753
-      Virtual Size: '0x1100cc'
-    .data:
-      Entropy: 1.4059711626373768
-      Virtual Size: '0x2608'
-    .pdata:
-      Entropy: 4.843716813714921
-      Virtual Size: '0x6d8'
-    INIT:
-      Entropy: 5.256170796244334
-      Virtual Size: '0xb70'
-    .rsrc:
-      Entropy: 3.333432129597516
-      Virtual Size: '0x400'
-    .reloc:
-      Entropy: 1.3463891478457575
-      Virtual Size: '0x174'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Hardware Compatibility Publisher
-      ValidFrom: '2023-01-12 19:14:52'
-      ValidTo: '2023-12-15 19:14:52'
-      Signature: 5548d9042f4a8d4776b5fccbacda2e58d5161fb7932287aa5da1c9afaca15c230908ed96adeb0f6a86dc3972a85de00fb4d4db0a52394116887998fd673f57a0520fa1e39806b348e555cfe5a419c501a0fbfbdb79e88d37656735fa6cd56d5c465fe3871f5157e357d73956d4586bd50508522be7e24d2357d7ab53e3ae46d2d168e52d0d15761eaab962c36ee0791cabd33869f11f9512772261cda6249f16f85772116cc0585975600e5fe949e1a2bb85820ddf901b9e48ee805aacd1c826a1304916e2180de5d3ecc2fc0375d3a877ab8a058dda7e05aa91727523e579d17ce0dce414612d9b638b1ff5ad74d654c5b7e638a3cca372c5f51db638794ed6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 33000000f5e8773b206b1ccd610000000000f5
-      Version: 3
-      TBS:
-        MD5: bf6aed18e4c3fd6ac87330096df18117
-        SHA1: f96be504b875f1e63bf51eacc6768e4fdecddcc6
-        SHA256: 76c137a4dd29ebb1cb6a5d319d17e7049ad6d524f9de5d47c24c14b16a4f0720
-        SHA384: f1d9ab8315a45f1b96431b009f4b5c12cb4d05428d5b003a4100d4b31124799e8d70dbf72a47787657c42e198bbdff33
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2012
-      ValidFrom: '2012-04-18 23:48:38'
-      ValidTo: '2027-04-18 23:58:38'
-      Signature: 5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 610baac1000000000009
-      Version: 3
-      TBS:
-        MD5: a569061297e8e824767dbc3184a69bea
-        SHA1: adbb26a587a8f44b4fccaecb306f980d1c55a150
-        SHA256: cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46
-        SHA384: e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba
-    Signer:
-    - SerialNumber: 33000000f5e8773b206b1ccd610000000000f5
-      Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2012
-      Version: 1
-  Imphash: 3db9de43d5d530c10d0cd2d43c7a0771
-  LoadsDespiteHVCI: 'TRUE'
-- Authentihash:
-    MD5: 3a2404b8c4c87facf5316e4ff16bd603
-    SHA1: ff3d240cf0faeafb37f176b71151dd83b2177a0e
-    SHA256: e307ebe2d43cc8e290e5ade032a6e38bc6961439f92d6e99b954bf1368a975ef
-  Company: Microsoft Corporation
-  Copyright: '? Microsoft Corporation. All rights reserved.'
-  CreationTimestamp: '2023-03-07 08:50:35'
-  Date: ''
-  Description: Windows GUI symbolic debugger
-  ExportedFunctions: ''
-  FileVersion: 10.0.19041.685 (WinBuild.160101.0800)
-  Filename: windbg.sys
-  ImportedFunctions:
-  - ExAllocatePoolWithTag
-  - PsProcessType
-  - IoGetLowerDeviceObject
-  - ExFreePoolWithTag
-  - IoRegisterShutdownNotification
-  - IoAttachDeviceToDeviceStackSafe
-  - PsLookupProcessByProcessId
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - MmGetSystemRoutineAddress
-  - IoDetachDevice
-  - KeDelayExecutionThread
-  - IoUnregisterShutdownNotification
-  - ZwClose
-  - IoGetAttachedDeviceReference
-  - PsGetCurrentProcessId
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - IoEnumerateDeviceObjectList
-  - IoUnregisterFsRegistrationChange
-  - ObOpenObjectByPointer
-  - IoRegisterFsRegistrationChange
-  - IofCallDriver
-  - MmUnmapLockedPages
-  - _wcsicmp
-  - PsGetProcessPeb
-  - ZwCreateKey
-  - RtlCreateUnicodeString
-  - MmMapLockedPages
-  - PsSetLoadImageNotifyRoutine
-  - _wcsnicmp
-  - ZwReadFile
-  - IoCreateFile
-  - ZwDeleteValueKey
-  - ZwSetValueKey
-  - RtlEqualUnicodeString
-  - MmBuildMdlForNonPagedPool
-  - IoFreeMdl
-  - RtlFreeUnicodeString
-  - ObQueryNameString
-  - ZwQueryValueKey
-  - _vsnwprintf
-  - RtlRandom
-  - PsRemoveLoadImageNotifyRoutine
-  - ZwFlushKey
-  - MmCreateMdl
-  - ZwDeleteFile
-  - PsGetVersion
-  - CmRegisterCallback
-  - RtlCopyUnicodeString
-  - MmIsAddressValid
-  - CmUnRegisterCallback
-  - ZwQueryInformationFile
-  - ZwWriteFile
-  - ZwDeleteKey
-  - ZwEnumerateKey
-  - ZwAllocateVirtualMemory
-  - ZwOpenKey
-  - KeUnstackDetachProcess
-  - ZwWaitForSingleObject
-  - ZwFreeVirtualMemory
-  - PsGetProcessSessionId
-  - ZwDuplicateObject
-  - ObReferenceObjectByName
-  - KeStackAttachProcess
-  - RtlSubAuthoritySid
-  - _strnicmp
-  - KeSetEvent
-  - KeInitializeEvent
-  - ZwOpenProcessTokenEx
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - ObReferenceObjectByHandle
-  - KeWaitForSingleObject
-  - PsThreadType
-  - RtlSubAuthorityCountSid
-  - ZwQueryInformationToken
-  - KeBugCheckEx
-  - strncmp
-  - strstr
-  - strchr
-  - strncpy
-  - _vsnprintf
-  - rand
-  - _stricmp
-  - ExAllocatePool
-  - IoBuildDeviceIoControlRequest
-  - IoGetRelatedDeviceObject
-  - ZwCreateFile
-  - IoFreeIrp
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - __C_specific_handler
-  Imports:
-  - ntoskrnl.exe
-  InternalName: windbg.sys
-  MD5: 40f35792e7565aa047796758a3ce1b77
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: windbg.sys
-  Product: Microsoft? Windows? Operating System
-  ProductVersion: 10.0.19041.685
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 57462998048f7ee977ca73cacd0a8a2a
-    SHA1: f1a4626b2b16389bf879d451c63ff53bca825d23
-    SHA256: 9e96e39a30076c985ce6aa3547b8279c8f471122a0b25bebde5a189d9795d427
-  SHA1: 6df35a0c2f6d7d39d24277137ea840078dafb812
-  SHA256: 139f8412a7c6fdc43dcfbbcdba256ee55654eb36a40f338249d5162a1f69b988
-  Sections:
-    .text:
-      Entropy: 6.329047072816416
-      Virtual Size: '0xee62'
-    .rdata:
-      Entropy: 7.874863723842617
-      Virtual Size: '0x116164'
-    .data:
-      Entropy: 1.4228529560727312
-      Virtual Size: '0x2608'
-    .pdata:
-      Entropy: 4.838191412178099
-      Virtual Size: '0x6b4'
-    INIT:
-      Entropy: 5.354478421940713
-      Virtual Size: '0xb3c'
-    .rsrc:
-      Entropy: 3.337476767732356
-      Virtual Size: '0x400'
-    .reloc:
-      Entropy: 1.3463891478457575
-      Virtual Size: '0x174'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=CN, ST=Guangdong, L=Shenzhen, O=Shenzhen Luyoudashi Technology Co.,
-        Ltd., OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=Shenzhen
-        Luyoudashi Technology Co., Ltd.
-      ValidFrom: '2014-05-06 00:00:00'
-      ValidTo: '2015-05-06 23:59:59'
-      Signature: 14a41c7ad5dc6309c5b0390f4dbdec058fab41138c90e8a92e5316495d46210a64a3573a304cb2d791c50f3815a2b7ed11057018158311d061080686a2bd6a0a3c9097161b98e46ab15267b3bbdbd76d43d1bc9a239a24e98a6673e1b1c6ca83230ce3862e0d422f113bb3b5fb2b9254346f40c810f6e0bbc7f137f22d0d272a150eac91baf8513472d277290dfc55c7d2b22003c0fccad9a29fbceeba1586efae4bd98de245bda466f7eca00673d4418f90609b9a6c5cbf1a25a3373f2744a3974cd0ba89f9d1b23a02058dd151c0fda03ffca6a40a6d91c7678b675996b5c0c63f491428684be2367b5a60048f3543b5ddf6ba5270bbe376f5e2b62b14fe6a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 5f9e06262d2eed425c886a4709350426
-      Version: 3
-      TBS:
-        MD5: e01323d4e9f20b9c042abdd9585d2d81
-        SHA1: d1fab71f563191354037fe0bb8bf73718c721e45
-        SHA256: 9db6a214ff40e20a9785ef23e93d98de1c0f3b018703c86e6c7cd0d4ade37a14
-        SHA384: 9977259d83cbe7a02e23c446aa606f37b48ab088e375bb4f09a356fdd3abfc114eb2d22305c3d9daeaa47be4fef9f16b
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    - Subject: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo
-        RSA Time Stamping CA
-      ValidFrom: '2019-05-02 00:00:00'
-      ValidTo: '2038-01-18 23:59:59'
-      Signature: 6d5481a5335d16e1b553819175df037a320b2d258411b2b0db2a7d2a05f5bc3b27f45aa0b9495990296c61cbb550dbe27df99f00ef40c3add3e2e456f95841cff142e5107dffb0741f8fc65c09f9335eeaa01c26585cf3b4110fd5d5c3e2bcd55878bf4876e144676d8fb043100f8de4f93862bf1301c585a34cc5ccb2533095a4d6f4965608b8cd5c7f0196be72526a3b42377c1678399393949bb1dcb26d416d67cdc96f903d7f4572c11b23d6c2558466e4b3c56606f6f3d64b5eada32b428a2192fea86f5a2570628173635ea0bbd8dcd74ad33daf830638121d24872de4fc02d63e7704bc0436b5e777cb9c2e8d2318b9a3c2471df05dd6a1735705689aa7c937651dbeeabcd842834305a58ba609ffd1a194a64eaa3d09f5056cb7d2645ad82a22c24b9df1395e4cde483d9b34969a095f8efdf7b15291ce3f89f61ca1b5a9751f71bf5b435d653d50816eabf0d0d3fcb2b31fb6999626f43c798b5c64cccdee279ae5a0c00c7287c16e4d5ad31eeaf044e6326f1ceb174e94c37865203b0f41aa1fe9a1419dfeb1b8a0652a34e0dea8f93ce6c130bbc0a0632cfc5c1600a8d0c47fea119d1e06c6a66d325db438092b4907aafdec30daf1a72fcfb7fdfad0a384d9279efb016677b95610e1206ec6aeb1f9b6bac8355d33768ef17c200c2a77aeb5a20286ba29eeb45a00b18cabe3f90ac9545dd4b96a749ebd48ae98
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.12
-      IsCertificateAuthority: true
-      SerialNumber: 300f6facdd6698747ca94636a7782db9
-      Version: 3
-      TBS:
-        MD5: 63499ed59a1293b786649470e4ce0bd7
-        SHA1: 7309d8eaa65da1f3da7030c08f00a3b0a20fa908
-        SHA256: 8c8d2046b29e792e71b28705fe67c435208a336dde074a75452d98e72c734937
-        SHA384: 5dbc5eae13908fee4c4e5216f87e3e87208fff0d1052f5fa9f0856a429d6a6c422c625f2318f2f29aea26ece09c1e811
-    - Subject: 'C=GB, ST=Manchester, O=Sectigo Limited, CN=Sectigo RSA Time Stamping
-        Signer #3'
-      ValidFrom: '2022-05-11 00:00:00'
-      ValidTo: '2033-08-10 23:59:59'
-      Signature: 73daed6872cbc2b940a131bbb403a32d147b24e7b45b157da8e9fdadd1920d7c3d36a069d9f39a30daac69d67457243f7e0f3cd9f5c379256c26e88d6893cef17789397fa80405da34c314ea9f0854abffc47e966c2bd394ebb46ce0454d2cb2f73b3b5ab5c1fbd789756d987272f6f70728f3d3b2d0eb19be152c78efcd45a000e4f80476bb57c590be775490749e0b4f4dc4aa138f97af01352bcb9b1178e9f2f989043c4ee3821262ebb4440c7541c20f34b8889dc822f1136adb182f6e78adc405b4e884089307f97d83fe689834e477e5b1ce8c946cdb036d2805477e9b2ef064fbdba40331107c1afb3c1980d10b70b9555f47be3964ceb7da235432e346b232d8d22986c9155d8095af02fbb4d12e9d387c35e00f1ced1b47489c226a5582d9f2ba086503e5f129f3488a09014ca679f2a2b61a9994eb9728e1be7d1ba17ced5680a6f4223390e48453fc2afac0a797a8eab58d7acee4e04ba133ab0b76a0d56916b78e66bf5ffa1fc4a87fa7a14814910d82fcbd4d99edc9e66c36fe774399b8692d7c612feda3b049fe5bbe692491ff93fc5769924bd9053f6d8672d3a2d0c064d23a42c11a03fbd0ed9a21b83fafa6b25154d54cc5ca1f128d57c639ed5cffec9f2676ad646667e8aa30e0d2adb77db16a41276e038aa374e08a09826ebfe3f6b7bc9e0b29186881a19c3f6e16594b1409099ae6aebf6015dd86f5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.12
-      IsCertificateAuthority: false
-      SerialNumber: 0090397f9ad24a3a13f2bd915f0838a943
-      Version: 3
-      TBS:
-        MD5: 26ec2c9bfcb06fdf8a6d95f2c616fd72
-        SHA1: 635466f1432046f6fd338624c068872ab6488b12
-        SHA256: 2219bd6adf84dc8f6f04833974d150f75f5ce79cbf85788a6f7efaa4a5205839
-        SHA384: 62d3259a3af5706e5bd6ca3f7ca35c0978253facbf7bee54f61d6afdd548e39e435fb55f952dbf8ed2bd6ee0c6b69660
-    Signer:
-    - SerialNumber: 5f9e06262d2eed425c886a4709350426
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 63fd1582ac2edee50f7ec7eedde38ee8
-  LoadsDespiteHVCI: 'TRUE'
-- Authentihash:
-    MD5: dab51577c44fda1574532847f4deb56c
-    SHA1: c7cb92f60ffe07d1c9bfa43ea1213f8c8f766022
-    SHA256: 6ee267fc3d0ac2662a9cfdb0ed5a2354ee09ef4c218303f20350177cae125cf7
-  Company: Microsoft Corporation
-  Copyright: '? Microsoft Corporation. All rights reserved.'
-  CreationTimestamp: '2023-03-30 04:24:09'
-  Date: ''
-  Description: Windows GUI symbolic debugger
-  ExportedFunctions: ''
-  FileVersion: 10.0.19041.685 (WinBuild.160101.0800)
-  Filename: windbg.sys
-  ImportedFunctions:
-  - IoDeleteDevice
-  - IoDetachDevice
-  - memcpy
-  - memset
-  - ZwClose
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - ObOpenObjectByPointer
-  - PsProcessType
-  - PsLookupProcessByProcessId
-  - MmGetSystemRoutineAddress
-  - RtlInitUnicodeString
-  - IofCallDriver
-  - PsGetCurrentProcessId
-  - IoGetLowerDeviceObject
-  - ObfDereferenceObject
-  - IoGetAttachedDeviceReference
-  - IoUnregisterShutdownNotification
-  - KeDelayExecutionThread
-  - IoAttachDeviceToDeviceStackSafe
-  - IoCreateDevice
-  - IoEnumerateDeviceObjectList
-  - IoRegisterShutdownNotification
-  - IoUnregisterFsRegistrationChange
-  - IoRegisterFsRegistrationChange
-  - _vsnwprintf
-  - PsGetVersion
-  - ZwAllocateVirtualMemory
-  - MmUnmapLockedPages
-  - IoFreeMdl
-  - MmMapLockedPages
-  - MmBuildMdlForNonPagedPool
-  - MmCreateMdl
-  - ZwReadFile
-  - ZwQueryInformationFile
-  - IoCreateFile
-  - _wcsicmp
-  - _wcsnicmp
-  - RtlEqualUnicodeString
-  - ZwWriteFile
-  - ZwFlushKey
-  - ZwSetValueKey
-  - ZwQueryValueKey
-  - RtlRandom
-  - KeQuerySystemTime
-  - ZwDeleteKey
-  - ZwOpenKey
-  - ZwEnumerateKey
-  - IoFreeIrp
-  - KeSetEvent
-  - KeWaitForSingleObject
-  - KeGetCurrentThread
-  - KeInitializeEvent
-  - IoAllocateIrp
-  - IoGetRelatedDeviceObject
-  - ObReferenceObjectByHandle
-  - IoFileObjectType
-  - ObQueryNameString
-  - RtlCopyUnicodeString
-  - MmIsAddressValid
-  - PsGetProcessPeb
-  - RtlCreateUnicodeString
-  - ZwDeleteValueKey
-  - ZwCreateKey
-  - RtlFreeUnicodeString
-  - ZwDeleteFile
-  - PsRemoveLoadImageNotifyRoutine
-  - CmUnRegisterCallback
-  - PsSetLoadImageNotifyRoutine
-  - CmRegisterCallback
-  - ObReferenceObjectByName
-  - ZwFreeVirtualMemory
-  - ZwWaitForSingleObject
-  - KeUnstackDetachProcess
-  - KeStackAttachProcess
-  - ZwDuplicateObject
-  - PsGetProcessSessionId
-  - _strnicmp
-  - RtlSubAuthoritySid
-  - RtlSubAuthorityCountSid
-  - ZwQueryInformationToken
-  - ZwOpenProcessTokenEx
-  - PsTerminateSystemThread
-  - PsThreadType
-  - PsCreateSystemThread
-  - KeTickCount
-  - KeBugCheckEx
-  - _vsnprintf
-  - strncmp
-  - strchr
-  - strncpy
-  - strstr
-  - ExAllocatePool
-  - _stricmp
-  - rand
-  - ZwCreateFile
-  - IoBuildDeviceIoControlRequest
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - _allshl
-  - RtlUnwind
-  Imports:
-  - ntoskrnl.exe
-  InternalName: windbg.sys
-  MD5: 093a2a635c3a27aac50efd6463f4efa1
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: windbg.sys
-  Product: Microsoft? Windows? Operating System
-  ProductVersion: 10.0.19041.685
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: e1c6e942db6887e4c9e630b5bb75c313
-    SHA1: e703cd9718363d923287424967d01ca57fc8a842
-    SHA256: 8afa5d95d504001486a7641c204a06b483d2cf4f3b4ed072606cc05759996d9d
-  SHA1: b34a012887ddab761b2298f882858fa1ff4d99f1
-  SHA256: 5b932eab6c67f62f097a3249477ac46d80ddccdc52654f8674060b4ddf638e5d
-  Sections:
-    .text:
-      Entropy: 6.5601743726896915
-      Virtual Size: '0xcf52'
-    .rdata:
-      Entropy: 7.956474654695534
-      Virtual Size: '0xdc5e4'
-    .data:
-      Entropy: 2.3758735106170197
-      Virtual Size: '0x2420'
-    INIT:
-      Entropy: 5.700732148931988
-      Virtual Size: '0xa1a'
-    .rsrc:
-      Entropy: 3.337476767732356
-      Virtual Size: '0x400'
-    .reloc:
-      Entropy: 3.4327474207821553
-      Virtual Size: '0x144e'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: ??=CN, ??=, ??=, ??=Private Organization, serialNumber=91420100MA4KN92W72,
-        C=CN, ST=, L=, O=Wuhan Jiajia Yiyong Technology Co., Ltd., CN=Wuhan Jiajia
-        Yiyong Technology Co., Ltd.
-      ValidFrom: '2020-11-17 00:00:00'
-      ValidTo: '2023-11-12 23:59:59'
-      Signature: 9451eb3eee03a01f0c66d87dc537eb17f37bc157ec9037c05a55ee4a3d0c207c67b981841c2b642084bca0a3c65f8e8eb5413f3e897b267aad91044c4098319a1f703fa995afdc53896d20245af8c2829e80081d36135ac1acb414bf966fd0af157b3fc2dac8f616f2b794a76b0fb7b300db0c579f093e31dd739b43f09fb7a73c6c914d8453032ea14950246e80abfc7fbaff2597ab68b6f03d30d97edbee25c0e2786040a1770e26661867920f3b01132c4ac5dc9ef97ae59e7baad68fe1b2b12acc7ed54697e9d4025ced62ac9dca82104ac7dd8219b331fcbed72aab33b95fed0ef6a1f9831c8b68457be6b080ae3c9ae15df500a53b7b2a198ee71abd1b
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 012eab44fa8853d913e7107c89406432
-      Version: 3
-      TBS:
-        MD5: 5d40693a8cfc4fd21f0c610ed3ee8477
-        SHA1: 4dffeb59ea4c32c7b87c9fe44d55f5e622444824
-        SHA256: d7380ff1b3d400fdf8cf2d8ab18ac65a071ae51c83cce017fa236fb530c4af74
-        SHA384: 9feb1b57516ca5131bb53e05cfc2c1d1df028761ede93e58f42026a9781507a72e28bb2aca693c72f29da7f0421f45bc
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA
-      ValidFrom: '2012-04-18 12:00:00'
-      ValidTo: '2027-04-18 12:00:00'
-      Signature: 9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0dd0e3374ac95bdbfa6b434b2a48ec06
-      Version: 3
-      TBS:
-        MD5: f92649915476229b093c211c2b18e6c4
-        SHA1: 2d54c16a8f8b69ccdea48d0603c132f547a5cf75
-        SHA256: 2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
-        SHA384: 511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace
-    Signer:
-    - SerialNumber: 012eab44fa8853d913e7107c89406432
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA
-      Version: 1
-  Imphash: f8e4844312e81dbdb4e8e95e2ad2c127
-  LoadsDespiteHVCI: 'TRUE'
-- Authentihash:
-    MD5: 98a3ab2b723de48256701b417ff87a65
-    SHA1: ff80d6663a92ff454526e88847cbb4d9bd00e21e
-    SHA256: 79278979d9300670d1084493bbc03ae374efc5ab02850941e85753885fa88e47
-  Company: Microsoft Corporation
-  Copyright: '? Microsoft Corporation. All rights reserved.'
-  CreationTimestamp: '2023-03-30 04:23:58'
-  Date: ''
-  Description: Windows GUI symbolic debugger
-  ExportedFunctions: ''
-  FileVersion: 10.0.19041.685 (WinBuild.160101.0800)
-  Filename: windbg.sys
-  ImportedFunctions:
-  - ExAllocatePoolWithTag
-  - PsProcessType
-  - IoGetLowerDeviceObject
-  - ExFreePoolWithTag
-  - IoRegisterShutdownNotification
-  - IoAttachDeviceToDeviceStackSafe
-  - PsLookupProcessByProcessId
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - MmGetSystemRoutineAddress
-  - IoDetachDevice
-  - KeDelayExecutionThread
-  - IoUnregisterShutdownNotification
-  - ZwClose
-  - IoGetAttachedDeviceReference
-  - PsGetCurrentProcessId
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - IoEnumerateDeviceObjectList
-  - IoUnregisterFsRegistrationChange
-  - ObOpenObjectByPointer
-  - IoRegisterFsRegistrationChange
-  - IofCallDriver
-  - MmUnmapLockedPages
-  - _wcsicmp
-  - PsGetProcessPeb
-  - ZwCreateKey
-  - RtlCreateUnicodeString
-  - MmMapLockedPages
-  - PsSetLoadImageNotifyRoutine
-  - _wcsnicmp
-  - ZwReadFile
-  - IoGetRelatedDeviceObject
-  - KeSetEvent
-  - IoCreateFile
-  - KeInitializeEvent
-  - ZwDeleteValueKey
-  - ZwSetValueKey
-  - RtlEqualUnicodeString
-  - MmBuildMdlForNonPagedPool
-  - IoFreeMdl
-  - RtlFreeUnicodeString
-  - ObQueryNameString
-  - IoFileObjectType
-  - ZwQueryValueKey
-  - _vsnwprintf
-  - RtlRandom
-  - ObReferenceObjectByHandle
-  - KeWaitForSingleObject
-  - PsRemoveLoadImageNotifyRoutine
-  - ZwFlushKey
-  - MmCreateMdl
-  - IoFreeIrp
-  - ZwDeleteFile
-  - PsGetVersion
-  - IoAllocateIrp
-  - CmRegisterCallback
-  - RtlCopyUnicodeString
-  - MmIsAddressValid
-  - CmUnRegisterCallback
-  - ZwQueryInformationFile
-  - ZwWriteFile
-  - ZwDeleteKey
-  - ZwEnumerateKey
-  - ZwAllocateVirtualMemory
-  - ZwOpenKey
-  - KeUnstackDetachProcess
-  - ZwWaitForSingleObject
-  - ZwFreeVirtualMemory
-  - PsGetProcessSessionId
-  - ZwDuplicateObject
-  - ObReferenceObjectByName
-  - KeStackAttachProcess
-  - RtlSubAuthoritySid
-  - _strnicmp
-  - ZwOpenProcessTokenEx
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - PsThreadType
-  - RtlSubAuthorityCountSid
-  - ZwQueryInformationToken
-  - KeBugCheckEx
-  - strncmp
-  - strstr
-  - strchr
-  - strncpy
-  - _vsnprintf
-  - rand
-  - _stricmp
-  - ExAllocatePool
-  - IoBuildDeviceIoControlRequest
-  - ZwCreateFile
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - __C_specific_handler
-  Imports:
-  - ntoskrnl.exe
-  InternalName: windbg.sys
-  MD5: 844af8c877f5da723c1b82cf6e213fc1
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: windbg.sys
-  Product: Microsoft? Windows? Operating System
-  ProductVersion: 10.0.19041.685
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 0b8725117e665d5272218cb41038327d
-    SHA1: a6dde20a0c8ba6cfe531ce1a57035b8d7b3d900a
-    SHA256: b54213d1248761579f5f569ab7e32402dd88a12622377d381f7eb55d4f4eb053
-  SHA1: 4f2d9a70ea24121ae01df8a76ffba1f9cc0fde4a
-  SHA256: 6994b32e3f3357f4a1d0abe81e8b62dd54e36b17816f2f1a80018584200a1b77
-  Sections:
-    .text:
-      Entropy: 6.316212989532183
-      Virtual Size: '0xf332'
-    .rdata:
-      Entropy: 7.924187513971753
-      Virtual Size: '0x1100cc'
-    .data:
-      Entropy: 1.4059711626373768
-      Virtual Size: '0x2608'
-    .pdata:
-      Entropy: 4.843716813714921
-      Virtual Size: '0x6d8'
-    INIT:
-      Entropy: 5.256170796244334
-      Virtual Size: '0xb70'
-    .rsrc:
-      Entropy: 3.333432129597516
-      Virtual Size: '0x400'
-    .reloc:
-      Entropy: 1.3463891478457575
-      Virtual Size: '0x174'
-  Signature: ''
-  Signatures: {}
-  Imphash: 3db9de43d5d530c10d0cd2d43c7a0771
-  LoadsDespiteHVCI: 'TRUE'
-- Authentihash:
-    MD5: 75c70824590d4db183418c7fd9e47d2d
-    SHA1: 1ccd8bc3104fe1654806752e1e6730d3ee0b4ee4
-    SHA256: e7e7824d611527b67fc36128da1b35d9b8ce3ffdab3fb96e3dbabd6e9c9570c0
-  Company: Microsoft Corporation
-  Copyright: '? Microsoft Corporation. All rights reserved.'
-  CreationTimestamp: '2023-03-08 03:14:00'
-  Date: ''
-  Description: Windows GUI symbolic debugger
-  ExportedFunctions: ''
-  FileVersion: 10.0.19041.685 (WinBuild.160101.0800)
-  Filename: windbg.sys
-  ImportedFunctions:
-  - ExAllocatePoolWithTag
-  - PsProcessType
-  - IoGetLowerDeviceObject
-  - ExFreePoolWithTag
-  - IoRegisterShutdownNotification
-  - IoAttachDeviceToDeviceStackSafe
-  - PsLookupProcessByProcessId
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - MmGetSystemRoutineAddress
-  - IoDetachDevice
-  - KeDelayExecutionThread
-  - IoUnregisterShutdownNotification
-  - ZwClose
-  - IoGetAttachedDeviceReference
-  - PsGetCurrentProcessId
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - IoEnumerateDeviceObjectList
-  - IoUnregisterFsRegistrationChange
-  - ObOpenObjectByPointer
-  - IoRegisterFsRegistrationChange
-  - IofCallDriver
-  - MmUnmapLockedPages
-  - _wcsicmp
-  - PsGetProcessPeb
-  - ZwCreateKey
-  - RtlCreateUnicodeString
-  - MmMapLockedPages
-  - PsSetLoadImageNotifyRoutine
-  - _wcsnicmp
-  - ZwReadFile
-  - IoCreateFile
-  - ZwDeleteValueKey
-  - ZwSetValueKey
-  - RtlEqualUnicodeString
-  - MmBuildMdlForNonPagedPool
-  - IoFreeMdl
-  - RtlFreeUnicodeString
-  - ObQueryNameString
-  - ZwQueryValueKey
-  - _vsnwprintf
-  - RtlRandom
-  - PsRemoveLoadImageNotifyRoutine
-  - ZwFlushKey
-  - MmCreateMdl
-  - ZwDeleteFile
-  - PsGetVersion
-  - CmRegisterCallback
-  - RtlCopyUnicodeString
-  - MmIsAddressValid
-  - CmUnRegisterCallback
-  - ZwQueryInformationFile
-  - ZwWriteFile
-  - ZwDeleteKey
-  - ZwEnumerateKey
-  - ZwAllocateVirtualMemory
-  - ZwOpenKey
-  - KeUnstackDetachProcess
-  - ZwWaitForSingleObject
-  - ZwFreeVirtualMemory
-  - PsGetProcessSessionId
-  - ZwDuplicateObject
-  - ObReferenceObjectByName
-  - KeStackAttachProcess
-  - RtlSubAuthoritySid
-  - _strnicmp
-  - KeSetEvent
-  - KeInitializeEvent
-  - ZwOpenProcessTokenEx
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - ObReferenceObjectByHandle
-  - KeWaitForSingleObject
-  - PsThreadType
-  - RtlSubAuthorityCountSid
-  - ZwQueryInformationToken
-  - KeBugCheckEx
-  - strncmp
-  - strstr
-  - strchr
-  - strncpy
-  - _vsnprintf
-  - rand
-  - _stricmp
-  - ExAllocatePool
-  - IoBuildDeviceIoControlRequest
-  - IoGetRelatedDeviceObject
-  - ZwCreateFile
-  - IoFreeIrp
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - __C_specific_handler
-  Imports:
-  - ntoskrnl.exe
-  InternalName: windbg.sys
-  MD5: 2ec877e425bd7eddb663627216e3491e
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: windbg.sys
-  Product: Microsoft? Windows? Operating System
-  ProductVersion: 10.0.19041.685
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 57462998048f7ee977ca73cacd0a8a2a
-    SHA1: f1a4626b2b16389bf879d451c63ff53bca825d23
-    SHA256: 9e96e39a30076c985ce6aa3547b8279c8f471122a0b25bebde5a189d9795d427
-  SHA1: d4f5323da704ff2f25d6b97f38763c147f2a0e6f
-  SHA256: 32882949ea084434a376451ff8364243a50485a3b4af2f2240bb5f20c164543d
-  Sections:
-    .text:
-      Entropy: 6.3276248460048405
-      Virtual Size: '0xee62'
-    .rdata:
-      Entropy: 7.875642919708588
-      Virtual Size: '0x116164'
-    .data:
-      Entropy: 1.4228529560727312
-      Virtual Size: '0x2608'
-    .pdata:
-      Entropy: 4.838191412178099
-      Virtual Size: '0x6b4'
-    INIT:
-      Entropy: 5.354478421940713
-      Virtual Size: '0xb3c'
-    .rsrc:
-      Entropy: 3.337476767732356
-      Virtual Size: '0x400'
-    .reloc:
-      Entropy: 1.3463891478457575
-      Virtual Size: '0x174'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=CN, ST=Shandong, L=Binzhou, O=Binzhoushi Yongyu Feed Co.,LTd., CN=Binzhoushi
-        Yongyu Feed Co.,LTd.
-      ValidFrom: '2014-01-17 00:00:00'
-      ValidTo: '2016-01-17 23:59:59'
-      Signature: 565de91bd9b0bbefe729b5e1a4070c18ee9855ad678967425dd8f4284cdd54fd20affa0449eb2061c26c0720e6b64ee7323461482ad375a2223074f1d41c96b48249ef810d1dc390b89890e703a407c05c7f5d8670573f22dcf7aa210b6d35793423e62a015309d1b37bc59664c32778d78bda41c215a9db9f13c95d922b5d2c0a798b3a642f50cc1aa12db6a398ab2741ce185e65d24ecbcad0d2309cf28530ae4c2ab4207dd35168d612ba3974230fd8d6121f4a9bd47b8ccb5e431f56e7b7f31e879a0f905dc16d1b73f0aa3ef9aeef75a471c09d484c1f474f97fcae827f29cedbd9f022d3e14a1d7ed7792a62b581f58e5e74c5eae41a32b9cc1da2f889
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 5d11784fb81765023f89a4f4243fe1a9
-      Version: 3
-      TBS:
-        MD5: b5ff0da6f1d327dca52b08e9c7c8d439
-        SHA1: c7acfdfc234a3bb37535cbe2785d9202b4b0a10c
-        SHA256: 80a8f0e8652dcea59596b4238f4c2d9f0212a25ea7434fde70a68a202b7ed0b1
-        SHA384: 5cb5027c847cd97082d64888db37cd3fed2ce3663ae3c7466d16887661fb8772f84f9a756782bd9eadde048ceb0f3773
-    - Subject: C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 56fe535ce1c79ebca7ed7e536d6a144b518c405e805faaa4e82fef38c804c9ca3ecfdf3a584eb0d4b663c52957fa02059a454d68db2a1bd4343d9f00c35acb9549a56ee1b0c5fc414d414a6fd377c8d7388de419de18f31f1565836d450c53f90a9a2ea55dbf6f32811892196a5500ad631c52067e55d92968ae4a7c189a79886b2323d827382a298776cafbc7b662231fed7a564cdd9c325bf53d0c4618953b2a2368836441d9006d0f1924156872bdc571676eac4cdb90eb51a51a6207d0be6a00473c722fec4f613e7385ce5a0ab7bac01c1375e3223928dd6d1d09469d4fbae8408191c6a4ce94721b01cf2a6e15679589ae7db7b7cdf90a3d75b66b3c25
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47974d7873a5bcab0d2fb370192fce5e
-      Version: 3
-      TBS:
-        MD5: e3a93dc2a8a8a668fdbb286bfe9afab5
-        SHA1: 95795d2aa2a554a423bc8c6e5b0a016d14887d35
-        SHA256: d8844186775bddbccaf3dc017064df7d760fd4b85c5d07561a3efd7da950f89e
-        SHA384: 78d972495720b43a6470b18ae1226bcca20707628087717a9364c14ca053ba264e6d149718b103542d9942200138a69d
-    - Subject: C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006
-        thawte, Inc. , For authorized use only, CN=thawte Primary Root CA
-      ValidFrom: '2011-02-22 19:31:57'
-      ValidTo: '2021-02-22 19:41:57'
-      Signature: 2dcc71b5e8ba94ff5ee64467007b6afc412c3ee70e41855ab12a932ba95b89f2f72b499c8003f297b8e760a80ed7fd5de545467594f4ed1c9de166228b61fb29f2c6a8bdf387c98f7f47e1c058b64a1aa2e7f718606969e083069e26c775c40c0d79da746b52b9fae8ea3359b9bb18dd291a14dfd36a37277a9da0dacffffc22c4faf009ff33e93e17ba1cc742cfce2743d30c0c5581303db96060ce02ece19ee81ddc852ce0a18d966d95ac17a4713ea16741b6281d2ce3b615e5b7e5a2f6256d86e320acf9f8314f8e629b9833376d6af735523e90feb03b5fc5b852a9e06ea0479a279e97aea24a9e531939ec357ec659de3ae0aaf533f06abda0821812dea18c4570ca2bd62e959145995a5c240049bd23b30ceca43df5b9e1d1b1825a38eea3fba1ab483a8c5dffa065223fd3d3fe4990db1446a3852e8a554b09ab38b2ab63a008d1fdad48e273d812bcc26ca516fad09ac05e38383a2b718e553aac42197a1f0d4220e7ab5d8c6880524ca1c0d488d02321fb901309007b4937afa9df486022abf4f6c2363bf8513c34bbc586e43ae19f4b90fe5461024b159c34176aa94b8d4cb69d2326c83af1d6b805cdda1d6240183a2f1b41cd3a993a0aa9d1d77eb8c4aff7b8c980105ed55df6ce7a9a02c50f6381efb564e9fc5bd8d2619a68c37cf9c78df91e87d5fa2cf816ae9dab068fc86dc741cda14e84e3dac26ebcfb
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611fb0a400000000001d
-      Version: 3
-      TBS:
-        MD5: a3f222107d4e1085e73b5b589c2f480b
-        SHA1: b94aa26cd77c48d91a53ac44506cbd255e1d362c
-        SHA256: a39ed0d6fd4eb1a6f7fed60f726e23eae668b7591bc004644625d22c701213fa
-        SHA384: 64b7643e4146016cbf83c911eb67e4601b6bb8d66f8ee8dcee67b815f91770d86ab23678b984430f22a963e5484881b7
-    Signer:
-    - SerialNumber: 5d11784fb81765023f89a4f4243fe1a9
-      Issuer: C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2
-      Version: 1
-  Imphash: 63fd1582ac2edee50f7ec7eedde38ee8
-  LoadsDespiteHVCI: 'TRUE'
-- Authentihash:
-    MD5: c12f9f4027088d2ca69b2d2fec33131b
-    SHA1: f73aa876791246fb7486214e4d3f81a0d375e649
-    SHA256: 88b901ce8ee199bc371e9cf39ab5375d31c6881a25ba5827e9b32ba7946ecda1
-  Company: Microsoft Corporation
-  Copyright: '? Microsoft Corporation. All rights reserved.'
-  CreationTimestamp: '2023-03-09 06:55:38'
-  Date: ''
-  Description: Windows GUI symbolic debugger
-  ExportedFunctions: ''
-  FileVersion: 10.0.19041.685 (WinBuild.160101.0800)
-  Filename: windbg.sys
-  ImportedFunctions:
-  - ExAllocatePoolWithTag
-  - ExAllocatePool
-  - NtQuerySystemInformation
-  - ExFreePoolWithTag
-  - IoAllocateMdl
-  - MmProbeAndLockPages
-  - MmMapLockedPagesSpecifyCache
-  - MmUnlockPages
-  - IoFreeMdl
-  - KeQueryActiveProcessors
-  - KeSetSystemAffinityThread
-  - KeRevertToUserAffinityThread
-  - DbgPrint
-  - KeQueryPerformanceCounter
-  Imports:
-  - ntoskrnl.exe
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: windbg.sys
-  MD5: 0023ca0ca16a62d93ef51f3df98b2f94
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: windbg.sys
-  Product: Microsoft? Windows? Operating System
-  ProductVersion: 10.0.19041.685
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: ffdf660eb1ebf020a1d0a55a90712dfb
-    SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
-    SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
-  SHA1: 97812f334a077c40e8e642bb9872ac2c49ddb9a2
-  SHA256: 50819a1add4c81c0d53203592d6803f022443440935ff8260ff3b6d5253c0c76
-  Sections:
-    .text:
-      Entropy: 0.0
-      Virtual Size: '0xecf2'
-    .rdata:
-      Entropy: 0.0
-      Virtual Size: '0x11139c'
-    .data:
-      Entropy: 0.0
-      Virtual Size: '0x2608'
-    .pdata:
-      Entropy: 0.0
-      Virtual Size: '0x6a8'
-    INIT:
-      Entropy: 0.0
-      Virtual Size: '0xb3c'
-    .%V,:
-      Entropy: 0.0
-      Virtual Size: '0x2f1e75'
-    .vK6:
-      Entropy: 0.44041120165049624
-      Virtual Size: '0x410'
-    .ubd:
-      Entropy: 7.791669802177395
-      Virtual Size: '0x66d38c'
-    .reloc:
-      Entropy: 3.688528320309426
-      Virtual Size: '0xf0'
-    .rsrc:
-      Entropy: 3.3574600171780125
-      Virtual Size: '0x3f8'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: ??=CN, ??=, ??=, ??=Private Organization, serialNumber=91420100MA4KN92W72,
-        C=CN, ST=, L=, O=Wuhan Jiajia Yiyong Technology Co., Ltd., CN=Wuhan Jiajia
-        Yiyong Technology Co., Ltd.
-      ValidFrom: '2020-11-17 00:00:00'
-      ValidTo: '2023-11-12 23:59:59'
-      Signature: 9451eb3eee03a01f0c66d87dc537eb17f37bc157ec9037c05a55ee4a3d0c207c67b981841c2b642084bca0a3c65f8e8eb5413f3e897b267aad91044c4098319a1f703fa995afdc53896d20245af8c2829e80081d36135ac1acb414bf966fd0af157b3fc2dac8f616f2b794a76b0fb7b300db0c579f093e31dd739b43f09fb7a73c6c914d8453032ea14950246e80abfc7fbaff2597ab68b6f03d30d97edbee25c0e2786040a1770e26661867920f3b01132c4ac5dc9ef97ae59e7baad68fe1b2b12acc7ed54697e9d4025ced62ac9dca82104ac7dd8219b331fcbed72aab33b95fed0ef6a1f9831c8b68457be6b080ae3c9ae15df500a53b7b2a198ee71abd1b
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 012eab44fa8853d913e7107c89406432
-      Version: 3
-      TBS:
-        MD5: 5d40693a8cfc4fd21f0c610ed3ee8477
-        SHA1: 4dffeb59ea4c32c7b87c9fe44d55f5e622444824
-        SHA256: d7380ff1b3d400fdf8cf2d8ab18ac65a071ae51c83cce017fa236fb530c4af74
-        SHA384: 9feb1b57516ca5131bb53e05cfc2c1d1df028761ede93e58f42026a9781507a72e28bb2aca693c72f29da7f0421f45bc
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA
-      ValidFrom: '2012-04-18 12:00:00'
-      ValidTo: '2027-04-18 12:00:00'
-      Signature: 9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0dd0e3374ac95bdbfa6b434b2a48ec06
-      Version: 3
-      TBS:
-        MD5: f92649915476229b093c211c2b18e6c4
-        SHA1: 2d54c16a8f8b69ccdea48d0603c132f547a5cf75
-        SHA256: 2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
-        SHA384: 511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace
-    Signer:
-    - SerialNumber: 012eab44fa8853d913e7107c89406432
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA
-      Version: 1
-  Imphash: 6b387c029257f024a43a73f38afb2629
-  LoadsDespiteHVCI: 'TRUE'
-- Authentihash:
-    MD5: 5d9b4ff04047d06a76354c7f7caa1e9e
-    SHA1: 6230645a707228e023d7fc9c5c86c340be05f9c3
-    SHA256: 28d3a5a85eef4561c4ad08fd83aca4f7a946f8dca8bfb7958a855a80197f68a6
-  Company: Microsoft Corporation
-  Copyright: '? Microsoft Corporation. All rights reserved.'
-  CreationTimestamp: '2023-03-30 04:23:58'
-  Date: ''
-  Description: Windows GUI symbolic debugger
-  ExportedFunctions: ''
-  FileVersion: 10.0.19041.685 (WinBuild.160101.0800)
-  Filename: windbg.sys
-  ImportedFunctions:
-  - ExAllocatePoolWithTag
-  - PsProcessType
-  - IoGetLowerDeviceObject
-  - ExFreePoolWithTag
-  - IoRegisterShutdownNotification
-  - IoAttachDeviceToDeviceStackSafe
-  - PsLookupProcessByProcessId
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - MmGetSystemRoutineAddress
-  - IoDetachDevice
-  - KeDelayExecutionThread
-  - IoUnregisterShutdownNotification
-  - ZwClose
-  - IoGetAttachedDeviceReference
-  - PsGetCurrentProcessId
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - IoEnumerateDeviceObjectList
-  - IoUnregisterFsRegistrationChange
-  - ObOpenObjectByPointer
-  - IoRegisterFsRegistrationChange
-  - IofCallDriver
-  - MmUnmapLockedPages
-  - _wcsicmp
-  - PsGetProcessPeb
-  - ZwCreateKey
-  - RtlCreateUnicodeString
-  - MmMapLockedPages
-  - PsSetLoadImageNotifyRoutine
-  - _wcsnicmp
-  - ZwReadFile
-  - IoGetRelatedDeviceObject
-  - KeSetEvent
-  - IoCreateFile
-  - KeInitializeEvent
-  - ZwDeleteValueKey
-  - ZwSetValueKey
-  - RtlEqualUnicodeString
-  - MmBuildMdlForNonPagedPool
-  - IoFreeMdl
-  - RtlFreeUnicodeString
-  - ObQueryNameString
-  - IoFileObjectType
-  - ZwQueryValueKey
-  - _vsnwprintf
-  - RtlRandom
-  - ObReferenceObjectByHandle
-  - KeWaitForSingleObject
-  - PsRemoveLoadImageNotifyRoutine
-  - ZwFlushKey
-  - MmCreateMdl
-  - IoFreeIrp
-  - ZwDeleteFile
-  - PsGetVersion
-  - IoAllocateIrp
-  - CmRegisterCallback
-  - RtlCopyUnicodeString
-  - MmIsAddressValid
-  - CmUnRegisterCallback
-  - ZwQueryInformationFile
-  - ZwWriteFile
-  - ZwDeleteKey
-  - ZwEnumerateKey
-  - ZwAllocateVirtualMemory
-  - ZwOpenKey
-  - KeUnstackDetachProcess
-  - ZwWaitForSingleObject
-  - ZwFreeVirtualMemory
-  - PsGetProcessSessionId
-  - ZwDuplicateObject
-  - ObReferenceObjectByName
-  - KeStackAttachProcess
-  - RtlSubAuthoritySid
-  - _strnicmp
-  - ZwOpenProcessTokenEx
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - PsThreadType
-  - RtlSubAuthorityCountSid
-  - ZwQueryInformationToken
-  - KeBugCheckEx
-  - strncmp
-  - strstr
-  - strchr
-  - strncpy
-  - _vsnprintf
-  - rand
-  - _stricmp
-  - ExAllocatePool
-  - IoBuildDeviceIoControlRequest
-  - ZwCreateFile
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - __C_specific_handler
-  Imports:
-  - ntoskrnl.exe
-  InternalName: windbg.sys
-  MD5: f69b06ca7c34d16f26ea1c6861edf62a
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: windbg.sys
-  Product: Microsoft? Windows? Operating System
-  ProductVersion: 10.0.19041.685
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 0b8725117e665d5272218cb41038327d
-    SHA1: a6dde20a0c8ba6cfe531ce1a57035b8d7b3d900a
-    SHA256: b54213d1248761579f5f569ab7e32402dd88a12622377d381f7eb55d4f4eb053
-  SHA1: fdbcebb6cafda927d384d7be2e8063a4377d884f
-  SHA256: 770f33259d6fb10f4a32d8a57d0d12953e8455c72bb7b60cb39ce505c507013a
-  Sections:
-    .text:
-      Entropy: 6.31593365316145
-      Virtual Size: '0xf332'
-    .rdata:
-      Entropy: 7.924187513971753
-      Virtual Size: '0x1100cc'
-    .data:
-      Entropy: 1.4059711626373768
-      Virtual Size: '0x2608'
-    .pdata:
-      Entropy: 4.843716813714921
-      Virtual Size: '0x6d8'
-    INIT:
-      Entropy: 5.256170796244334
-      Virtual Size: '0xb70'
-    .rsrc:
-      Entropy: 3.333432129597516
-      Virtual Size: '0x400'
-    .reloc:
-      Entropy: 1.3463891478457575
-      Virtual Size: '0x174'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: ??=CN, ??=, ??=, ??=Private Organization, serialNumber=91420100MA4KN92W72,
-        C=CN, ST=, L=, O=Wuhan Jiajia Yiyong Technology Co., Ltd., CN=Wuhan Jiajia
-        Yiyong Technology Co., Ltd.
-      ValidFrom: '2020-11-17 00:00:00'
-      ValidTo: '2023-11-12 23:59:59'
-      Signature: 9451eb3eee03a01f0c66d87dc537eb17f37bc157ec9037c05a55ee4a3d0c207c67b981841c2b642084bca0a3c65f8e8eb5413f3e897b267aad91044c4098319a1f703fa995afdc53896d20245af8c2829e80081d36135ac1acb414bf966fd0af157b3fc2dac8f616f2b794a76b0fb7b300db0c579f093e31dd739b43f09fb7a73c6c914d8453032ea14950246e80abfc7fbaff2597ab68b6f03d30d97edbee25c0e2786040a1770e26661867920f3b01132c4ac5dc9ef97ae59e7baad68fe1b2b12acc7ed54697e9d4025ced62ac9dca82104ac7dd8219b331fcbed72aab33b95fed0ef6a1f9831c8b68457be6b080ae3c9ae15df500a53b7b2a198ee71abd1b
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 012eab44fa8853d913e7107c89406432
-      Version: 3
-      TBS:
-        MD5: 5d40693a8cfc4fd21f0c610ed3ee8477
-        SHA1: 4dffeb59ea4c32c7b87c9fe44d55f5e622444824
-        SHA256: d7380ff1b3d400fdf8cf2d8ab18ac65a071ae51c83cce017fa236fb530c4af74
-        SHA384: 9feb1b57516ca5131bb53e05cfc2c1d1df028761ede93e58f42026a9781507a72e28bb2aca693c72f29da7f0421f45bc
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA
-      ValidFrom: '2012-04-18 12:00:00'
-      ValidTo: '2027-04-18 12:00:00'
-      Signature: 9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0dd0e3374ac95bdbfa6b434b2a48ec06
-      Version: 3
-      TBS:
-        MD5: f92649915476229b093c211c2b18e6c4
-        SHA1: 2d54c16a8f8b69ccdea48d0603c132f547a5cf75
-        SHA256: 2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
-        SHA384: 511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace
-    Signer:
-    - SerialNumber: 012eab44fa8853d913e7107c89406432
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA
-      Version: 1
-  Imphash: 3db9de43d5d530c10d0cd2d43c7a0771
-  LoadsDespiteHVCI: 'TRUE'
-- Authentihash:
-    MD5: 1584b06241f08d74434a452e798b2809
-    SHA1: 8eca36d54d04736f61f54285bcee8c30ed892553
-    SHA256: ff6108dd2017f9bc7ea93c43c1afbda0f1cc7b00f5afafb4ce3cf0a193e9598b
-  Company: Microsoft Corporation
-  Copyright: '? Microsoft Corporation. All rights reserved.'
-  CreationTimestamp: '2023-03-27 22:28:03'
-  Date: ''
-  Description: Windows GUI symbolic debugger
-  ExportedFunctions: ''
-  FileVersion: 10.0.19041.685 (WinBuild.160101.0800)
-  Filename: windbg.sys
-  ImportedFunctions:
-  - ExAllocatePoolWithTag
-  - PsProcessType
-  - IoGetLowerDeviceObject
-  - ExFreePoolWithTag
-  - IoRegisterShutdownNotification
-  - IoAttachDeviceToDeviceStackSafe
-  - PsLookupProcessByProcessId
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - MmGetSystemRoutineAddress
-  - IoDetachDevice
-  - KeDelayExecutionThread
-  - IoUnregisterShutdownNotification
-  - ZwClose
-  - IoGetAttachedDeviceReference
-  - PsGetCurrentProcessId
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - IoEnumerateDeviceObjectList
-  - IoUnregisterFsRegistrationChange
-  - ObOpenObjectByPointer
-  - IoRegisterFsRegistrationChange
-  - IofCallDriver
-  - MmUnmapLockedPages
-  - _wcsicmp
-  - PsGetProcessPeb
-  - ZwCreateKey
-  - RtlCreateUnicodeString
-  - MmMapLockedPages
-  - PsSetLoadImageNotifyRoutine
-  - _wcsnicmp
-  - ZwReadFile
-  - IoGetRelatedDeviceObject
-  - KeSetEvent
-  - IoCreateFile
-  - KeInitializeEvent
-  - ZwDeleteValueKey
-  - ZwSetValueKey
-  - RtlEqualUnicodeString
-  - MmBuildMdlForNonPagedPool
-  - IoFreeMdl
-  - RtlFreeUnicodeString
-  - ObQueryNameString
-  - IoFileObjectType
-  - ZwQueryValueKey
-  - _vsnwprintf
-  - RtlRandom
-  - ObReferenceObjectByHandle
-  - KeWaitForSingleObject
-  - PsRemoveLoadImageNotifyRoutine
-  - ZwFlushKey
-  - MmCreateMdl
-  - IoFreeIrp
-  - ZwDeleteFile
-  - PsGetVersion
-  - IoAllocateIrp
-  - CmRegisterCallback
-  - RtlCopyUnicodeString
-  - MmIsAddressValid
-  - CmUnRegisterCallback
-  - ZwQueryInformationFile
-  - ZwWriteFile
-  - ZwDeleteKey
-  - ZwEnumerateKey
-  - ZwAllocateVirtualMemory
-  - ZwOpenKey
-  - KeUnstackDetachProcess
-  - ZwWaitForSingleObject
-  - ZwFreeVirtualMemory
-  - PsGetProcessSessionId
-  - ZwDuplicateObject
-  - ObReferenceObjectByName
-  - KeStackAttachProcess
-  - RtlSubAuthoritySid
-  - _strnicmp
-  - ZwOpenProcessTokenEx
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - PsThreadType
-  - RtlSubAuthorityCountSid
-  - ZwQueryInformationToken
-  - KeBugCheckEx
-  - strncmp
-  - strstr
-  - strchr
-  - strncpy
-  - _vsnprintf
-  - rand
-  - _stricmp
-  - ExAllocatePool
-  - IoBuildDeviceIoControlRequest
-  - ZwCreateFile
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - __C_specific_handler
-  Imports:
-  - ntoskrnl.exe
-  InternalName: windbg.sys
-  MD5: e8eac6642b882a6196555539149c73f2
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: windbg.sys
-  Product: Microsoft? Windows? Operating System
-  ProductVersion: 10.0.19041.685
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 0b8725117e665d5272218cb41038327d
-    SHA1: a6dde20a0c8ba6cfe531ce1a57035b8d7b3d900a
-    SHA256: b54213d1248761579f5f569ab7e32402dd88a12622377d381f7eb55d4f4eb053
-  SHA1: 3825ebb0b0664b5f0789371240f65231693be37d
-  SHA256: 86047bb1969d1db455493955fd450d18c62a3f36294d0a6c3732c88dfbcc4f62
-  Sections:
-    .text:
-      Entropy: 6.316575464847126
-      Virtual Size: '0xf332'
-    .rdata:
-      Entropy: 7.924631486386995
-      Virtual Size: '0x1104dc'
-    .data:
-      Entropy: 1.4059711626373768
-      Virtual Size: '0x2608'
-    .pdata:
-      Entropy: 4.817825512018466
-      Virtual Size: '0x6d8'
-    INIT:
-      Entropy: 5.256170796244334
-      Virtual Size: '0xb70'
-    .rsrc:
-      Entropy: 3.333432129597516
-      Virtual Size: '0x400'
-    .reloc:
-      Entropy: 1.3463891478457575
-      Virtual Size: '0x174'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: ??=CN, ??=, ??=, ??=Private Organization, serialNumber=91420100MA4KN92W72,
-        C=CN, ST=, L=, O=Wuhan Jiajia Yiyong Technology Co., Ltd., CN=Wuhan Jiajia
-        Yiyong Technology Co., Ltd.
-      ValidFrom: '2020-11-17 00:00:00'
-      ValidTo: '2023-11-12 23:59:59'
-      Signature: 9451eb3eee03a01f0c66d87dc537eb17f37bc157ec9037c05a55ee4a3d0c207c67b981841c2b642084bca0a3c65f8e8eb5413f3e897b267aad91044c4098319a1f703fa995afdc53896d20245af8c2829e80081d36135ac1acb414bf966fd0af157b3fc2dac8f616f2b794a76b0fb7b300db0c579f093e31dd739b43f09fb7a73c6c914d8453032ea14950246e80abfc7fbaff2597ab68b6f03d30d97edbee25c0e2786040a1770e26661867920f3b01132c4ac5dc9ef97ae59e7baad68fe1b2b12acc7ed54697e9d4025ced62ac9dca82104ac7dd8219b331fcbed72aab33b95fed0ef6a1f9831c8b68457be6b080ae3c9ae15df500a53b7b2a198ee71abd1b
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 012eab44fa8853d913e7107c89406432
-      Version: 3
-      TBS:
-        MD5: 5d40693a8cfc4fd21f0c610ed3ee8477
-        SHA1: 4dffeb59ea4c32c7b87c9fe44d55f5e622444824
-        SHA256: d7380ff1b3d400fdf8cf2d8ab18ac65a071ae51c83cce017fa236fb530c4af74
-        SHA384: 9feb1b57516ca5131bb53e05cfc2c1d1df028761ede93e58f42026a9781507a72e28bb2aca693c72f29da7f0421f45bc
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA
-      ValidFrom: '2012-04-18 12:00:00'
-      ValidTo: '2027-04-18 12:00:00'
-      Signature: 9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0dd0e3374ac95bdbfa6b434b2a48ec06
-      Version: 3
-      TBS:
-        MD5: f92649915476229b093c211c2b18e6c4
-        SHA1: 2d54c16a8f8b69ccdea48d0603c132f547a5cf75
-        SHA256: 2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
-        SHA384: 511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace
-    Signer:
-    - SerialNumber: 012eab44fa8853d913e7107c89406432
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA
-      Version: 1
-  Imphash: 3db9de43d5d530c10d0cd2d43c7a0771
-  LoadsDespiteHVCI: 'TRUE'
-- Authentihash:
-    MD5: 1959eac3bb98c3032791b0dc6d662281
-    SHA1: f8df5fd765770a56c227c66b47edcf38f868ef33
-    SHA256: a0801ade5de44b65afb8c275e11e4d766ae64af1a5740ad4f1db1acc4e088774
-  Company: Microsoft Corporation
-  Copyright: '? Microsoft Corporation. All rights reserved.'
-  CreationTimestamp: '2023-03-30 04:23:58'
-  Date: ''
-  Description: Windows GUI symbolic debugger
-  ExportedFunctions: ''
-  FileVersion: 10.0.19041.685 (WinBuild.160101.0800)
-  Filename: windbg.sys
-  ImportedFunctions:
-  - ExAllocatePoolWithTag
-  - PsProcessType
-  - IoGetLowerDeviceObject
-  - ExFreePoolWithTag
-  - IoRegisterShutdownNotification
-  - IoAttachDeviceToDeviceStackSafe
-  - PsLookupProcessByProcessId
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - MmGetSystemRoutineAddress
-  - IoDetachDevice
-  - KeDelayExecutionThread
-  - IoUnregisterShutdownNotification
-  - ZwClose
-  - IoGetAttachedDeviceReference
-  - PsGetCurrentProcessId
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - IoEnumerateDeviceObjectList
-  - IoUnregisterFsRegistrationChange
-  - ObOpenObjectByPointer
-  - IoRegisterFsRegistrationChange
-  - IofCallDriver
-  - MmUnmapLockedPages
-  - _wcsicmp
-  - PsGetProcessPeb
-  - ZwCreateKey
-  - RtlCreateUnicodeString
-  - MmMapLockedPages
-  - PsSetLoadImageNotifyRoutine
-  - _wcsnicmp
-  - ZwReadFile
-  - IoGetRelatedDeviceObject
-  - KeSetEvent
-  - IoCreateFile
-  - KeInitializeEvent
-  - ZwDeleteValueKey
-  - ZwSetValueKey
-  - RtlEqualUnicodeString
-  - MmBuildMdlForNonPagedPool
-  - IoFreeMdl
-  - RtlFreeUnicodeString
-  - ObQueryNameString
-  - IoFileObjectType
-  - ZwQueryValueKey
-  - _vsnwprintf
-  - RtlRandom
-  - ObReferenceObjectByHandle
-  - KeWaitForSingleObject
-  - PsRemoveLoadImageNotifyRoutine
-  - ZwFlushKey
-  - MmCreateMdl
-  - IoFreeIrp
-  - ZwDeleteFile
-  - PsGetVersion
-  - IoAllocateIrp
-  - CmRegisterCallback
-  - RtlCopyUnicodeString
-  - MmIsAddressValid
-  - CmUnRegisterCallback
-  - ZwQueryInformationFile
-  - ZwWriteFile
-  - ZwDeleteKey
-  - ZwEnumerateKey
-  - ZwAllocateVirtualMemory
-  - ZwOpenKey
-  - KeUnstackDetachProcess
-  - ZwWaitForSingleObject
-  - ZwFreeVirtualMemory
-  - PsGetProcessSessionId
-  - ZwDuplicateObject
-  - ObReferenceObjectByName
-  - KeStackAttachProcess
-  - RtlSubAuthoritySid
-  - _strnicmp
-  - ZwOpenProcessTokenEx
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - PsThreadType
-  - RtlSubAuthorityCountSid
-  - ZwQueryInformationToken
-  - KeBugCheckEx
-  - strncmp
-  - strstr
-  - strchr
-  - strncpy
-  - _vsnprintf
-  - rand
-  - _stricmp
-  - ExAllocatePool
-  - IoBuildDeviceIoControlRequest
-  - ZwCreateFile
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - __C_specific_handler
-  Imports:
-  - ntoskrnl.exe
-  InternalName: windbg.sys
-  MD5: 5ebfc0af031130ba9de1d5d3275734b3
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: windbg.sys
-  Product: Microsoft? Windows? Operating System
-  ProductVersion: 10.0.19041.685
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 0b8725117e665d5272218cb41038327d
-    SHA1: a6dde20a0c8ba6cfe531ce1a57035b8d7b3d900a
-    SHA256: b54213d1248761579f5f569ab7e32402dd88a12622377d381f7eb55d4f4eb053
-  SHA1: 48f03a13b0f6d3d929a86514ce48a9352ffef5ad
-  SHA256: bb2422e96ea993007f25c71d55b2eddfa1e940c89e895abb50dd07d7c17ca1df
-  Sections:
-    .text:
-      Entropy: 6.315949532585678
-      Virtual Size: '0xf332'
-    .rdata:
-      Entropy: 7.924187513971753
-      Virtual Size: '0x1100cc'
-    .data:
-      Entropy: 1.4059711626373768
-      Virtual Size: '0x2608'
-    .pdata:
-      Entropy: 4.843716813714921
-      Virtual Size: '0x6d8'
-    INIT:
-      Entropy: 5.256170796244334
-      Virtual Size: '0xb70'
-    .rsrc:
-      Entropy: 3.333432129597516
-      Virtual Size: '0x400'
-    .reloc:
-      Entropy: 1.3463891478457575
-      Virtual Size: '0x174'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: ??=CN, ??=, ??=, ??=Private Organization, serialNumber=91420100MA4KN92W72,
-        C=CN, ST=, L=, O=Wuhan Jiajia Yiyong Technology Co., Ltd., CN=Wuhan Jiajia
-        Yiyong Technology Co., Ltd.
-      ValidFrom: '2020-11-17 00:00:00'
-      ValidTo: '2023-11-12 23:59:59'
-      Signature: 9451eb3eee03a01f0c66d87dc537eb17f37bc157ec9037c05a55ee4a3d0c207c67b981841c2b642084bca0a3c65f8e8eb5413f3e897b267aad91044c4098319a1f703fa995afdc53896d20245af8c2829e80081d36135ac1acb414bf966fd0af157b3fc2dac8f616f2b794a76b0fb7b300db0c579f093e31dd739b43f09fb7a73c6c914d8453032ea14950246e80abfc7fbaff2597ab68b6f03d30d97edbee25c0e2786040a1770e26661867920f3b01132c4ac5dc9ef97ae59e7baad68fe1b2b12acc7ed54697e9d4025ced62ac9dca82104ac7dd8219b331fcbed72aab33b95fed0ef6a1f9831c8b68457be6b080ae3c9ae15df500a53b7b2a198ee71abd1b
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 012eab44fa8853d913e7107c89406432
-      Version: 3
-      TBS:
-        MD5: 5d40693a8cfc4fd21f0c610ed3ee8477
-        SHA1: 4dffeb59ea4c32c7b87c9fe44d55f5e622444824
-        SHA256: d7380ff1b3d400fdf8cf2d8ab18ac65a071ae51c83cce017fa236fb530c4af74
-        SHA384: 9feb1b57516ca5131bb53e05cfc2c1d1df028761ede93e58f42026a9781507a72e28bb2aca693c72f29da7f0421f45bc
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA
-      ValidFrom: '2012-04-18 12:00:00'
-      ValidTo: '2027-04-18 12:00:00'
-      Signature: 9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0dd0e3374ac95bdbfa6b434b2a48ec06
-      Version: 3
-      TBS:
-        MD5: f92649915476229b093c211c2b18e6c4
-        SHA1: 2d54c16a8f8b69ccdea48d0603c132f547a5cf75
-        SHA256: 2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
-        SHA384: 511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace
-    Signer:
-    - SerialNumber: 012eab44fa8853d913e7107c89406432
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA
-      Version: 1
-  Imphash: 3db9de43d5d530c10d0cd2d43c7a0771
-  LoadsDespiteHVCI: 'TRUE'
-- Authentihash:
-    MD5: 98a3ab2b723de48256701b417ff87a65
-    SHA1: ff80d6663a92ff454526e88847cbb4d9bd00e21e
-    SHA256: 79278979d9300670d1084493bbc03ae374efc5ab02850941e85753885fa88e47
-  Company: Microsoft Corporation
-  Copyright: '? Microsoft Corporation. All rights reserved.'
-  CreationTimestamp: '2023-03-30 04:23:58'
-  Date: ''
-  Description: Windows GUI symbolic debugger
-  ExportedFunctions: ''
-  FileVersion: 10.0.19041.685 (WinBuild.160101.0800)
-  Filename: windbg.sys
-  ImportedFunctions:
-  - ExAllocatePoolWithTag
-  - PsProcessType
-  - IoGetLowerDeviceObject
-  - ExFreePoolWithTag
-  - IoRegisterShutdownNotification
-  - IoAttachDeviceToDeviceStackSafe
-  - PsLookupProcessByProcessId
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - MmGetSystemRoutineAddress
-  - IoDetachDevice
-  - KeDelayExecutionThread
-  - IoUnregisterShutdownNotification
-  - ZwClose
-  - IoGetAttachedDeviceReference
-  - PsGetCurrentProcessId
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - IoEnumerateDeviceObjectList
-  - IoUnregisterFsRegistrationChange
-  - ObOpenObjectByPointer
-  - IoRegisterFsRegistrationChange
-  - IofCallDriver
-  - MmUnmapLockedPages
-  - _wcsicmp
-  - PsGetProcessPeb
-  - ZwCreateKey
-  - RtlCreateUnicodeString
-  - MmMapLockedPages
-  - PsSetLoadImageNotifyRoutine
-  - _wcsnicmp
-  - ZwReadFile
-  - IoGetRelatedDeviceObject
-  - KeSetEvent
-  - IoCreateFile
-  - KeInitializeEvent
-  - ZwDeleteValueKey
-  - ZwSetValueKey
-  - RtlEqualUnicodeString
-  - MmBuildMdlForNonPagedPool
-  - IoFreeMdl
-  - RtlFreeUnicodeString
-  - ObQueryNameString
-  - IoFileObjectType
-  - ZwQueryValueKey
-  - _vsnwprintf
-  - RtlRandom
-  - ObReferenceObjectByHandle
-  - KeWaitForSingleObject
-  - PsRemoveLoadImageNotifyRoutine
-  - ZwFlushKey
-  - MmCreateMdl
-  - IoFreeIrp
-  - ZwDeleteFile
-  - PsGetVersion
-  - IoAllocateIrp
-  - CmRegisterCallback
-  - RtlCopyUnicodeString
-  - MmIsAddressValid
-  - CmUnRegisterCallback
-  - ZwQueryInformationFile
-  - ZwWriteFile
-  - ZwDeleteKey
-  - ZwEnumerateKey
-  - ZwAllocateVirtualMemory
-  - ZwOpenKey
-  - KeUnstackDetachProcess
-  - ZwWaitForSingleObject
-  - ZwFreeVirtualMemory
-  - PsGetProcessSessionId
-  - ZwDuplicateObject
-  - ObReferenceObjectByName
-  - KeStackAttachProcess
-  - RtlSubAuthoritySid
-  - _strnicmp
-  - ZwOpenProcessTokenEx
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - PsThreadType
-  - RtlSubAuthorityCountSid
-  - ZwQueryInformationToken
-  - KeBugCheckEx
-  - strncmp
-  - strstr
-  - strchr
-  - strncpy
-  - _vsnprintf
-  - rand
-  - _stricmp
-  - ExAllocatePool
-  - IoBuildDeviceIoControlRequest
-  - ZwCreateFile
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - __C_specific_handler
-  Imports:
-  - ntoskrnl.exe
-  InternalName: windbg.sys
-  MD5: 40b968ecdbe9e967d92c5da51c390eee
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: windbg.sys
-  Product: Microsoft? Windows? Operating System
-  ProductVersion: 10.0.19041.685
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 0b8725117e665d5272218cb41038327d
-    SHA1: a6dde20a0c8ba6cfe531ce1a57035b8d7b3d900a
-    SHA256: b54213d1248761579f5f569ab7e32402dd88a12622377d381f7eb55d4f4eb053
-  SHA1: b8b123a413b7bccfa8433deba4f88669c969b543
-  SHA256: 06c5ebd0371342d18bc81a96f5e5ce28de64101e3c2fd0161d0b54d8368d2f1f
-  Sections:
-    .text:
-      Entropy: 6.316212989532183
-      Virtual Size: '0xf332'
-    .rdata:
-      Entropy: 7.924187513971753
-      Virtual Size: '0x1100cc'
-    .data:
-      Entropy: 1.4059711626373768
-      Virtual Size: '0x2608'
-    .pdata:
-      Entropy: 4.843716813714921
-      Virtual Size: '0x6d8'
-    INIT:
-      Entropy: 5.256170796244334
-      Virtual Size: '0xb70'
-    .rsrc:
-      Entropy: 3.333432129597516
-      Virtual Size: '0x400'
-    .reloc:
-      Entropy: 1.3463891478457575
-      Virtual Size: '0x174'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Hardware Compatibility Publisher
-      ValidFrom: '2023-01-12 19:14:52'
-      ValidTo: '2023-12-15 19:14:52'
-      Signature: 5548d9042f4a8d4776b5fccbacda2e58d5161fb7932287aa5da1c9afaca15c230908ed96adeb0f6a86dc3972a85de00fb4d4db0a52394116887998fd673f57a0520fa1e39806b348e555cfe5a419c501a0fbfbdb79e88d37656735fa6cd56d5c465fe3871f5157e357d73956d4586bd50508522be7e24d2357d7ab53e3ae46d2d168e52d0d15761eaab962c36ee0791cabd33869f11f9512772261cda6249f16f85772116cc0585975600e5fe949e1a2bb85820ddf901b9e48ee805aacd1c826a1304916e2180de5d3ecc2fc0375d3a877ab8a058dda7e05aa91727523e579d17ce0dce414612d9b638b1ff5ad74d654c5b7e638a3cca372c5f51db638794ed6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 33000000f5e8773b206b1ccd610000000000f5
-      Version: 3
-      TBS:
-        MD5: bf6aed18e4c3fd6ac87330096df18117
-        SHA1: f96be504b875f1e63bf51eacc6768e4fdecddcc6
-        SHA256: 76c137a4dd29ebb1cb6a5d319d17e7049ad6d524f9de5d47c24c14b16a4f0720
-        SHA384: f1d9ab8315a45f1b96431b009f4b5c12cb4d05428d5b003a4100d4b31124799e8d70dbf72a47787657c42e198bbdff33
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2012
-      ValidFrom: '2012-04-18 23:48:38'
-      ValidTo: '2027-04-18 23:58:38'
-      Signature: 5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 610baac1000000000009
-      Version: 3
-      TBS:
-        MD5: a569061297e8e824767dbc3184a69bea
-        SHA1: adbb26a587a8f44b4fccaecb306f980d1c55a150
-        SHA256: cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46
-        SHA384: e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba
-    Signer:
-    - SerialNumber: 33000000f5e8773b206b1ccd610000000000f5
-      Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2012
-      Version: 1
-  Imphash: 3db9de43d5d530c10d0cd2d43c7a0771
-  LoadsDespiteHVCI: 'TRUE'
-- Authentihash:
-    MD5: 01788e7162863cfe7aeba0f040a6cc08
-    SHA1: ded2c02db6b5addf9d521361fd3657b2b6894a48
-    SHA256: 223b320fb86cd4a1019ce31ac6901ce6bc41792810bd995db232dad790398852
-  Company: Microsoft Corporation
-  Copyright: '? Microsoft Corporation. All rights reserved.'
-  CreationTimestamp: '2023-03-07 08:50:54'
-  Date: ''
-  Description: Windows GUI symbolic debugger
-  ExportedFunctions: ''
-  FileVersion: 10.0.19041.685 (WinBuild.160101.0800)
-  Filename: windbg.sys
-  ImportedFunctions:
-  - IoDeleteDevice
-  - IoDetachDevice
-  - memcpy
-  - memset
-  - ZwClose
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - ObOpenObjectByPointer
-  - PsProcessType
-  - PsLookupProcessByProcessId
-  - MmGetSystemRoutineAddress
-  - RtlInitUnicodeString
-  - IofCallDriver
-  - PsGetCurrentProcessId
-  - IoGetLowerDeviceObject
-  - ObfDereferenceObject
-  - IoGetAttachedDeviceReference
-  - IoUnregisterShutdownNotification
-  - KeDelayExecutionThread
-  - IoAttachDeviceToDeviceStackSafe
-  - IoCreateDevice
-  - IoEnumerateDeviceObjectList
-  - IoRegisterShutdownNotification
-  - IoUnregisterFsRegistrationChange
-  - IoRegisterFsRegistrationChange
-  - _vsnwprintf
-  - PsGetVersion
-  - ZwAllocateVirtualMemory
-  - MmUnmapLockedPages
-  - IoFreeMdl
-  - MmMapLockedPages
-  - MmBuildMdlForNonPagedPool
-  - MmCreateMdl
-  - ZwReadFile
-  - ZwQueryInformationFile
-  - IoCreateFile
-  - _wcsicmp
-  - _wcsnicmp
-  - RtlEqualUnicodeString
-  - ZwWriteFile
-  - ZwFlushKey
-  - ZwSetValueKey
-  - ZwQueryValueKey
-  - RtlRandom
-  - KeQuerySystemTime
-  - ZwDeleteKey
-  - ZwOpenKey
-  - ZwEnumerateKey
-  - ObQueryNameString
-  - RtlCopyUnicodeString
-  - MmIsAddressValid
-  - PsGetProcessPeb
-  - RtlCreateUnicodeString
-  - ZwDeleteValueKey
-  - ZwCreateKey
-  - RtlFreeUnicodeString
-  - ZwDeleteFile
-  - PsRemoveLoadImageNotifyRoutine
-  - CmUnRegisterCallback
-  - PsSetLoadImageNotifyRoutine
-  - CmRegisterCallback
-  - ObReferenceObjectByName
-  - ZwFreeVirtualMemory
-  - ZwWaitForSingleObject
-  - KeUnstackDetachProcess
-  - KeStackAttachProcess
-  - ZwDuplicateObject
-  - PsGetProcessSessionId
-  - _strnicmp
-  - RtlSubAuthoritySid
-  - RtlSubAuthorityCountSid
-  - ZwQueryInformationToken
-  - ZwOpenProcessTokenEx
-  - PsTerminateSystemThread
-  - KeWaitForSingleObject
-  - ObReferenceObjectByHandle
-  - PsThreadType
-  - PsCreateSystemThread
-  - KeInitializeEvent
-  - KeSetEvent
-  - KeTickCount
-  - KeBugCheckEx
-  - _vsnprintf
-  - strncmp
-  - strchr
-  - strncpy
-  - strstr
-  - ExAllocatePool
-  - _stricmp
-  - rand
-  - ZwCreateFile
-  - IoBuildDeviceIoControlRequest
-  - IoGetRelatedDeviceObject
-  - MmProbeAndLockPages
-  - IoFreeIrp
-  - IoAllocateMdl
-  - _allshl
-  - RtlUnwind
-  Imports:
-  - ntoskrnl.exe
-  InternalName: windbg.sys
-  MD5: c71be7b112059d2dc84c0f952e04e6cc
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: windbg.sys
-  Product: Microsoft? Windows? Operating System
-  ProductVersion: 10.0.19041.685
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: fcc2deab7e9faa5b1d77595feb500b14
-    SHA1: 986d82b450e146954da1d2aa002df555a2458878
-    SHA256: 8a1062d510272d9077cb3bc5a2afaeb4284c1d31bca2a87324830440d1165e6c
-  SHA1: 9ee31f1f25f675a12b7bad386244a9fbfa786a87
-  SHA256: 6661320f779337b95bbbe1943ee64afb2101c92f92f3d1571c1bf4201c38c724
-  Sections:
-    .text:
-      Entropy: 6.537204681444195
-      Virtual Size: '0xcbb8'
-    .rdata:
-      Entropy: 7.89986640817199
-      Virtual Size: '0xe2184'
-    .data:
-      Entropy: 2.3812541502696827
-      Virtual Size: '0x2420'
-    INIT:
-      Entropy: 5.640068534278057
-      Virtual Size: '0x9d4'
-    .rsrc:
-      Entropy: 3.3328333229060245
-      Virtual Size: '0x400'
-    .reloc:
-      Entropy: 3.325148925851967
-      Virtual Size: '0x143c'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=CN, ST=Guangdong, L=Shenzhen, O=Shenzhen Luyoudashi Technology Co.,
-        Ltd., OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=Shenzhen
-        Luyoudashi Technology Co., Ltd.
-      ValidFrom: '2014-05-06 00:00:00'
-      ValidTo: '2015-05-06 23:59:59'
-      Signature: 14a41c7ad5dc6309c5b0390f4dbdec058fab41138c90e8a92e5316495d46210a64a3573a304cb2d791c50f3815a2b7ed11057018158311d061080686a2bd6a0a3c9097161b98e46ab15267b3bbdbd76d43d1bc9a239a24e98a6673e1b1c6ca83230ce3862e0d422f113bb3b5fb2b9254346f40c810f6e0bbc7f137f22d0d272a150eac91baf8513472d277290dfc55c7d2b22003c0fccad9a29fbceeba1586efae4bd98de245bda466f7eca00673d4418f90609b9a6c5cbf1a25a3373f2744a3974cd0ba89f9d1b23a02058dd151c0fda03ffca6a40a6d91c7678b675996b5c0c63f491428684be2367b5a60048f3543b5ddf6ba5270bbe376f5e2b62b14fe6a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 5f9e06262d2eed425c886a4709350426
-      Version: 3
-      TBS:
-        MD5: e01323d4e9f20b9c042abdd9585d2d81
-        SHA1: d1fab71f563191354037fe0bb8bf73718c721e45
-        SHA256: 9db6a214ff40e20a9785ef23e93d98de1c0f3b018703c86e6c7cd0d4ade37a14
-        SHA384: 9977259d83cbe7a02e23c446aa606f37b48ab088e375bb4f09a356fdd3abfc114eb2d22305c3d9daeaa47be4fef9f16b
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    - Subject: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo
-        RSA Time Stamping CA
-      ValidFrom: '2019-05-02 00:00:00'
-      ValidTo: '2038-01-18 23:59:59'
-      Signature: 6d5481a5335d16e1b553819175df037a320b2d258411b2b0db2a7d2a05f5bc3b27f45aa0b9495990296c61cbb550dbe27df99f00ef40c3add3e2e456f95841cff142e5107dffb0741f8fc65c09f9335eeaa01c26585cf3b4110fd5d5c3e2bcd55878bf4876e144676d8fb043100f8de4f93862bf1301c585a34cc5ccb2533095a4d6f4965608b8cd5c7f0196be72526a3b42377c1678399393949bb1dcb26d416d67cdc96f903d7f4572c11b23d6c2558466e4b3c56606f6f3d64b5eada32b428a2192fea86f5a2570628173635ea0bbd8dcd74ad33daf830638121d24872de4fc02d63e7704bc0436b5e777cb9c2e8d2318b9a3c2471df05dd6a1735705689aa7c937651dbeeabcd842834305a58ba609ffd1a194a64eaa3d09f5056cb7d2645ad82a22c24b9df1395e4cde483d9b34969a095f8efdf7b15291ce3f89f61ca1b5a9751f71bf5b435d653d50816eabf0d0d3fcb2b31fb6999626f43c798b5c64cccdee279ae5a0c00c7287c16e4d5ad31eeaf044e6326f1ceb174e94c37865203b0f41aa1fe9a1419dfeb1b8a0652a34e0dea8f93ce6c130bbc0a0632cfc5c1600a8d0c47fea119d1e06c6a66d325db438092b4907aafdec30daf1a72fcfb7fdfad0a384d9279efb016677b95610e1206ec6aeb1f9b6bac8355d33768ef17c200c2a77aeb5a20286ba29eeb45a00b18cabe3f90ac9545dd4b96a749ebd48ae98
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.12
-      IsCertificateAuthority: true
-      SerialNumber: 300f6facdd6698747ca94636a7782db9
-      Version: 3
-      TBS:
-        MD5: 63499ed59a1293b786649470e4ce0bd7
-        SHA1: 7309d8eaa65da1f3da7030c08f00a3b0a20fa908
-        SHA256: 8c8d2046b29e792e71b28705fe67c435208a336dde074a75452d98e72c734937
-        SHA384: 5dbc5eae13908fee4c4e5216f87e3e87208fff0d1052f5fa9f0856a429d6a6c422c625f2318f2f29aea26ece09c1e811
-    - Subject: 'C=GB, ST=Manchester, O=Sectigo Limited, CN=Sectigo RSA Time Stamping
-        Signer #3'
-      ValidFrom: '2022-05-11 00:00:00'
-      ValidTo: '2033-08-10 23:59:59'
-      Signature: 73daed6872cbc2b940a131bbb403a32d147b24e7b45b157da8e9fdadd1920d7c3d36a069d9f39a30daac69d67457243f7e0f3cd9f5c379256c26e88d6893cef17789397fa80405da34c314ea9f0854abffc47e966c2bd394ebb46ce0454d2cb2f73b3b5ab5c1fbd789756d987272f6f70728f3d3b2d0eb19be152c78efcd45a000e4f80476bb57c590be775490749e0b4f4dc4aa138f97af01352bcb9b1178e9f2f989043c4ee3821262ebb4440c7541c20f34b8889dc822f1136adb182f6e78adc405b4e884089307f97d83fe689834e477e5b1ce8c946cdb036d2805477e9b2ef064fbdba40331107c1afb3c1980d10b70b9555f47be3964ceb7da235432e346b232d8d22986c9155d8095af02fbb4d12e9d387c35e00f1ced1b47489c226a5582d9f2ba086503e5f129f3488a09014ca679f2a2b61a9994eb9728e1be7d1ba17ced5680a6f4223390e48453fc2afac0a797a8eab58d7acee4e04ba133ab0b76a0d56916b78e66bf5ffa1fc4a87fa7a14814910d82fcbd4d99edc9e66c36fe774399b8692d7c612feda3b049fe5bbe692491ff93fc5769924bd9053f6d8672d3a2d0c064d23a42c11a03fbd0ed9a21b83fafa6b25154d54cc5ca1f128d57c639ed5cffec9f2676ad646667e8aa30e0d2adb77db16a41276e038aa374e08a09826ebfe3f6b7bc9e0b29186881a19c3f6e16594b1409099ae6aebf6015dd86f5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.12
-      IsCertificateAuthority: false
-      SerialNumber: 0090397f9ad24a3a13f2bd915f0838a943
-      Version: 3
-      TBS:
-        MD5: 26ec2c9bfcb06fdf8a6d95f2c616fd72
-        SHA1: 635466f1432046f6fd338624c068872ab6488b12
-        SHA256: 2219bd6adf84dc8f6f04833974d150f75f5ce79cbf85788a6f7efaa4a5205839
-        SHA384: 62d3259a3af5706e5bd6ca3f7ca35c0978253facbf7bee54f61d6afdd548e39e435fb55f952dbf8ed2bd6ee0c6b69660
-    Signer:
-    - SerialNumber: 5f9e06262d2eed425c886a4709350426
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: cf0eb2dce2ba2c9ff5dd0da794b8b372
-  LoadsDespiteHVCI: 'TRUE'
-- Authentihash:
-    MD5: 0318de365e28ee38442c92b03747b088
-    SHA1: ff0497dbd779bd65bbb7302b360dc0738a464e9b
-    SHA256: dd759c6b9c4222c7b19e8b0ba7288d7395594d6884b9bcdf0ccfada3e6b7a8d5
-  Company: Microsoft Corporation
-  Copyright: '? Microsoft Corporation. All rights reserved.'
-  CreationTimestamp: '2023-03-08 03:14:17'
-  Date: ''
-  Description: Windows GUI symbolic debugger
-  ExportedFunctions: ''
-  FileVersion: 10.0.19041.685 (WinBuild.160101.0800)
-  Filename: windbg.sys
-  ImportedFunctions:
-  - IoDeleteDevice
-  - IoDetachDevice
-  - memcpy
-  - memset
-  - ZwClose
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - ObOpenObjectByPointer
-  - PsProcessType
-  - PsLookupProcessByProcessId
-  - MmGetSystemRoutineAddress
-  - RtlInitUnicodeString
-  - IofCallDriver
-  - PsGetCurrentProcessId
-  - IoGetLowerDeviceObject
-  - ObfDereferenceObject
-  - IoGetAttachedDeviceReference
-  - IoUnregisterShutdownNotification
-  - KeDelayExecutionThread
-  - IoAttachDeviceToDeviceStackSafe
-  - IoCreateDevice
-  - IoEnumerateDeviceObjectList
-  - IoRegisterShutdownNotification
-  - IoUnregisterFsRegistrationChange
-  - IoRegisterFsRegistrationChange
-  - _vsnwprintf
-  - PsGetVersion
-  - ZwAllocateVirtualMemory
-  - MmUnmapLockedPages
-  - IoFreeMdl
-  - MmMapLockedPages
-  - MmBuildMdlForNonPagedPool
-  - MmCreateMdl
-  - ZwReadFile
-  - ZwQueryInformationFile
-  - IoCreateFile
-  - _wcsicmp
-  - _wcsnicmp
-  - RtlEqualUnicodeString
-  - ZwWriteFile
-  - ZwFlushKey
-  - ZwSetValueKey
-  - ZwQueryValueKey
-  - RtlRandom
-  - KeQuerySystemTime
-  - ZwDeleteKey
-  - ZwOpenKey
-  - ZwEnumerateKey
-  - ObQueryNameString
-  - RtlCopyUnicodeString
-  - MmIsAddressValid
-  - PsGetProcessPeb
-  - RtlCreateUnicodeString
-  - ZwDeleteValueKey
-  - ZwCreateKey
-  - RtlFreeUnicodeString
-  - ZwDeleteFile
-  - PsRemoveLoadImageNotifyRoutine
-  - CmUnRegisterCallback
-  - PsSetLoadImageNotifyRoutine
-  - CmRegisterCallback
-  - ObReferenceObjectByName
-  - ZwFreeVirtualMemory
-  - ZwWaitForSingleObject
-  - KeUnstackDetachProcess
-  - KeStackAttachProcess
-  - ZwDuplicateObject
-  - PsGetProcessSessionId
-  - _strnicmp
-  - RtlSubAuthoritySid
-  - RtlSubAuthorityCountSid
-  - ZwQueryInformationToken
-  - ZwOpenProcessTokenEx
-  - PsTerminateSystemThread
-  - KeWaitForSingleObject
-  - ObReferenceObjectByHandle
-  - PsThreadType
-  - PsCreateSystemThread
-  - KeInitializeEvent
-  - KeSetEvent
-  - KeTickCount
-  - KeBugCheckEx
-  - _vsnprintf
-  - strncmp
-  - strchr
-  - strncpy
-  - strstr
-  - ExAllocatePool
-  - _stricmp
-  - rand
-  - ZwCreateFile
-  - IoBuildDeviceIoControlRequest
-  - IoGetRelatedDeviceObject
-  - MmProbeAndLockPages
-  - IoFreeIrp
-  - IoAllocateMdl
-  - _allshl
-  - RtlUnwind
-  Imports:
-  - ntoskrnl.exe
-  InternalName: windbg.sys
-  MD5: 0ea8389589c603a8b05146bd06020597
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: windbg.sys
-  Product: Microsoft? Windows? Operating System
-  ProductVersion: 10.0.19041.685
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: fcc2deab7e9faa5b1d77595feb500b14
-    SHA1: 986d82b450e146954da1d2aa002df555a2458878
-    SHA256: 8a1062d510272d9077cb3bc5a2afaeb4284c1d31bca2a87324830440d1165e6c
-  SHA1: 3c1c3f5f5081127229ba0019fbf0efc2a9c1d677
-  SHA256: f9f2091fccb289bcf6a945f6b38676ec71dedb32f3674262928ccaf840ca131a
-  Sections:
-    .text:
-      Entropy: 6.5355947269042955
-      Virtual Size: '0xcbb8'
-    .rdata:
-      Entropy: 7.900782744418186
-      Virtual Size: '0xe2184'
-    .data:
-      Entropy: 2.3812541502696827
-      Virtual Size: '0x2420'
-    INIT:
-      Entropy: 5.640068534278057
-      Virtual Size: '0x9d4'
-    .rsrc:
-      Entropy: 3.3328333229060245
-      Virtual Size: '0x400'
-    .reloc:
-      Entropy: 3.325148925851967
-      Virtual Size: '0x143c'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=CN, ST=Shandong, L=Binzhou, O=Binzhoushi Yongyu Feed Co.,LTd., CN=Binzhoushi
-        Yongyu Feed Co.,LTd.
-      ValidFrom: '2014-01-17 00:00:00'
-      ValidTo: '2016-01-17 23:59:59'
-      Signature: 565de91bd9b0bbefe729b5e1a4070c18ee9855ad678967425dd8f4284cdd54fd20affa0449eb2061c26c0720e6b64ee7323461482ad375a2223074f1d41c96b48249ef810d1dc390b89890e703a407c05c7f5d8670573f22dcf7aa210b6d35793423e62a015309d1b37bc59664c32778d78bda41c215a9db9f13c95d922b5d2c0a798b3a642f50cc1aa12db6a398ab2741ce185e65d24ecbcad0d2309cf28530ae4c2ab4207dd35168d612ba3974230fd8d6121f4a9bd47b8ccb5e431f56e7b7f31e879a0f905dc16d1b73f0aa3ef9aeef75a471c09d484c1f474f97fcae827f29cedbd9f022d3e14a1d7ed7792a62b581f58e5e74c5eae41a32b9cc1da2f889
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 5d11784fb81765023f89a4f4243fe1a9
-      Version: 3
-      TBS:
-        MD5: b5ff0da6f1d327dca52b08e9c7c8d439
-        SHA1: c7acfdfc234a3bb37535cbe2785d9202b4b0a10c
-        SHA256: 80a8f0e8652dcea59596b4238f4c2d9f0212a25ea7434fde70a68a202b7ed0b1
-        SHA384: 5cb5027c847cd97082d64888db37cd3fed2ce3663ae3c7466d16887661fb8772f84f9a756782bd9eadde048ceb0f3773
-    - Subject: C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 56fe535ce1c79ebca7ed7e536d6a144b518c405e805faaa4e82fef38c804c9ca3ecfdf3a584eb0d4b663c52957fa02059a454d68db2a1bd4343d9f00c35acb9549a56ee1b0c5fc414d414a6fd377c8d7388de419de18f31f1565836d450c53f90a9a2ea55dbf6f32811892196a5500ad631c52067e55d92968ae4a7c189a79886b2323d827382a298776cafbc7b662231fed7a564cdd9c325bf53d0c4618953b2a2368836441d9006d0f1924156872bdc571676eac4cdb90eb51a51a6207d0be6a00473c722fec4f613e7385ce5a0ab7bac01c1375e3223928dd6d1d09469d4fbae8408191c6a4ce94721b01cf2a6e15679589ae7db7b7cdf90a3d75b66b3c25
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47974d7873a5bcab0d2fb370192fce5e
-      Version: 3
-      TBS:
-        MD5: e3a93dc2a8a8a668fdbb286bfe9afab5
-        SHA1: 95795d2aa2a554a423bc8c6e5b0a016d14887d35
-        SHA256: d8844186775bddbccaf3dc017064df7d760fd4b85c5d07561a3efd7da950f89e
-        SHA384: 78d972495720b43a6470b18ae1226bcca20707628087717a9364c14ca053ba264e6d149718b103542d9942200138a69d
-    - Subject: C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006
-        thawte, Inc. , For authorized use only, CN=thawte Primary Root CA
-      ValidFrom: '2011-02-22 19:31:57'
-      ValidTo: '2021-02-22 19:41:57'
-      Signature: 2dcc71b5e8ba94ff5ee64467007b6afc412c3ee70e41855ab12a932ba95b89f2f72b499c8003f297b8e760a80ed7fd5de545467594f4ed1c9de166228b61fb29f2c6a8bdf387c98f7f47e1c058b64a1aa2e7f718606969e083069e26c775c40c0d79da746b52b9fae8ea3359b9bb18dd291a14dfd36a37277a9da0dacffffc22c4faf009ff33e93e17ba1cc742cfce2743d30c0c5581303db96060ce02ece19ee81ddc852ce0a18d966d95ac17a4713ea16741b6281d2ce3b615e5b7e5a2f6256d86e320acf9f8314f8e629b9833376d6af735523e90feb03b5fc5b852a9e06ea0479a279e97aea24a9e531939ec357ec659de3ae0aaf533f06abda0821812dea18c4570ca2bd62e959145995a5c240049bd23b30ceca43df5b9e1d1b1825a38eea3fba1ab483a8c5dffa065223fd3d3fe4990db1446a3852e8a554b09ab38b2ab63a008d1fdad48e273d812bcc26ca516fad09ac05e38383a2b718e553aac42197a1f0d4220e7ab5d8c6880524ca1c0d488d02321fb901309007b4937afa9df486022abf4f6c2363bf8513c34bbc586e43ae19f4b90fe5461024b159c34176aa94b8d4cb69d2326c83af1d6b805cdda1d6240183a2f1b41cd3a993a0aa9d1d77eb8c4aff7b8c980105ed55df6ce7a9a02c50f6381efb564e9fc5bd8d2619a68c37cf9c78df91e87d5fa2cf816ae9dab068fc86dc741cda14e84e3dac26ebcfb
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611fb0a400000000001d
-      Version: 3
-      TBS:
-        MD5: a3f222107d4e1085e73b5b589c2f480b
-        SHA1: b94aa26cd77c48d91a53ac44506cbd255e1d362c
-        SHA256: a39ed0d6fd4eb1a6f7fed60f726e23eae668b7591bc004644625d22c701213fa
-        SHA384: 64b7643e4146016cbf83c911eb67e4601b6bb8d66f8ee8dcee67b815f91770d86ab23678b984430f22a963e5484881b7
-    Signer:
-    - SerialNumber: 5d11784fb81765023f89a4f4243fe1a9
-      Issuer: C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2
-      Version: 1
-  Imphash: cf0eb2dce2ba2c9ff5dd0da794b8b372
-  LoadsDespiteHVCI: 'TRUE'
-- Authentihash:
-    MD5: 619b74b682d2abd190cb3e0ac5ecd6f7
-    SHA1: ed5e61e534550b1f286d0801d4464d45f38d2739
-    SHA256: 40e0be2ed5d07d5ecf14232fe64a95c7ad6fd942a60b4a6e21fda69c75bbb78d
-  Company: Microsoft Corporation
-  Copyright: '? Microsoft Corporation. All rights reserved.'
-  CreationTimestamp: '2023-03-09 06:55:46'
-  Date: ''
-  Description: Windows GUI symbolic debugger
-  ExportedFunctions: ''
-  FileVersion: 10.0.19041.685 (WinBuild.160101.0800)
-  Filename: windbg.sys
-  ImportedFunctions:
-  - IoDeleteDevice
-  - ExAllocatePool
-  - NtQuerySystemInformation
-  - ExFreePoolWithTag
-  - IoAllocateMdl
-  - MmProbeAndLockPages
-  - MmMapLockedPagesSpecifyCache
-  - MmUnlockPages
-  - IoFreeMdl
-  - KeQueryActiveProcessors
-  - KeSetSystemAffinityThread
-  - KeRevertToUserAffinityThread
-  - DbgPrint
-  - _except_handler3
-  - KeQueryPerformanceCounter
-  Imports:
-  - ntoskrnl.exe
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: windbg.sys
-  MD5: 19bdd9b799e3c2c54c0d7fff68b31c20
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: windbg.sys
-  Product: Microsoft? Windows? Operating System
-  ProductVersion: 10.0.19041.685
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: ffdf660eb1ebf020a1d0a55a90712dfb
-    SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
-    SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
-  SHA1: ea4a405445bb6e58c16b81f6d5d2c9a9edde419b
-  SHA256: e6f764c3b5580cd1675cbf184938ad5a201a8c096607857869bd7c3399df0d12
-  Sections:
-    .text:
-      Entropy: 0.0
-      Virtual Size: '0xcab8'
-    .rdata:
-      Entropy: 0.0
-      Virtual Size: '0xdd534'
-    .data:
-      Entropy: 0.0
-      Virtual Size: '0x2420'
-    INIT:
-      Entropy: 0.0
-      Virtual Size: '0x9d4'
-    .!ah:
-      Entropy: 0.0
-      Virtual Size: '0x13a13a'
-    .ayl:
-      Entropy: 0.8731292151353464
-      Virtual Size: '0x240'
-    .a"#:
-      Entropy: 7.905485094234152
-      Virtual Size: '0x353c10'
-    .reloc:
-      Entropy: 4.327337601167297
-      Virtual Size: '0x5bc'
-    .rsrc:
-      Entropy: 3.3535230093039967
-      Virtual Size: '0x3f8'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: ??=CN, ??=, ??=, ??=Private Organization, serialNumber=91420100MA4KN92W72,
-        C=CN, ST=, L=, O=Wuhan Jiajia Yiyong Technology Co., Ltd., CN=Wuhan Jiajia
-        Yiyong Technology Co., Ltd.
-      ValidFrom: '2020-11-17 00:00:00'
-      ValidTo: '2023-11-12 23:59:59'
-      Signature: 9451eb3eee03a01f0c66d87dc537eb17f37bc157ec9037c05a55ee4a3d0c207c67b981841c2b642084bca0a3c65f8e8eb5413f3e897b267aad91044c4098319a1f703fa995afdc53896d20245af8c2829e80081d36135ac1acb414bf966fd0af157b3fc2dac8f616f2b794a76b0fb7b300db0c579f093e31dd739b43f09fb7a73c6c914d8453032ea14950246e80abfc7fbaff2597ab68b6f03d30d97edbee25c0e2786040a1770e26661867920f3b01132c4ac5dc9ef97ae59e7baad68fe1b2b12acc7ed54697e9d4025ced62ac9dca82104ac7dd8219b331fcbed72aab33b95fed0ef6a1f9831c8b68457be6b080ae3c9ae15df500a53b7b2a198ee71abd1b
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 012eab44fa8853d913e7107c89406432
-      Version: 3
-      TBS:
-        MD5: 5d40693a8cfc4fd21f0c610ed3ee8477
-        SHA1: 4dffeb59ea4c32c7b87c9fe44d55f5e622444824
-        SHA256: d7380ff1b3d400fdf8cf2d8ab18ac65a071ae51c83cce017fa236fb530c4af74
-        SHA384: 9feb1b57516ca5131bb53e05cfc2c1d1df028761ede93e58f42026a9781507a72e28bb2aca693c72f29da7f0421f45bc
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA
-      ValidFrom: '2012-04-18 12:00:00'
-      ValidTo: '2027-04-18 12:00:00'
-      Signature: 9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0dd0e3374ac95bdbfa6b434b2a48ec06
-      Version: 3
-      TBS:
-        MD5: f92649915476229b093c211c2b18e6c4
-        SHA1: 2d54c16a8f8b69ccdea48d0603c132f547a5cf75
-        SHA256: 2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
-        SHA384: 511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace
-    Signer:
-    - SerialNumber: 012eab44fa8853d913e7107c89406432
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA
-      Version: 1
-  Imphash: 514298d18002920ee5a917fc34426417
-  LoadsDespiteHVCI: 'TRUE'
-- Authentihash:
-    MD5: 265462dbda175886e0c02257f2385753
-    SHA1: 0e45b675fec76249e64f8a2d4bd5483886b91169
-    SHA256: 37a1a3fa4dc148924c1bfb60c88ffef082ee58cd0ee804d2de0f1d22c1e7802c
-  Company: Microsoft Corporation
-  Copyright: '? Microsoft Corporation. All rights reserved.'
-  CreationTimestamp: '2023-03-30 04:24:09'
-  Date: ''
-  Description: Windows GUI symbolic debugger
-  ExportedFunctions: ''
-  FileVersion: 10.0.19041.685 (WinBuild.160101.0800)
-  Filename: windbg.sys
-  ImportedFunctions:
-  - IoDeleteDevice
-  - IoDetachDevice
-  - memcpy
-  - memset
-  - ZwClose
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - ObOpenObjectByPointer
-  - PsProcessType
-  - PsLookupProcessByProcessId
-  - MmGetSystemRoutineAddress
-  - RtlInitUnicodeString
-  - IofCallDriver
-  - PsGetCurrentProcessId
-  - IoGetLowerDeviceObject
-  - ObfDereferenceObject
-  - IoGetAttachedDeviceReference
-  - IoUnregisterShutdownNotification
-  - KeDelayExecutionThread
-  - IoAttachDeviceToDeviceStackSafe
-  - IoCreateDevice
-  - IoEnumerateDeviceObjectList
-  - IoRegisterShutdownNotification
-  - IoUnregisterFsRegistrationChange
-  - IoRegisterFsRegistrationChange
-  - _vsnwprintf
-  - PsGetVersion
-  - ZwAllocateVirtualMemory
-  - MmUnmapLockedPages
-  - IoFreeMdl
-  - MmMapLockedPages
-  - MmBuildMdlForNonPagedPool
-  - MmCreateMdl
-  - ZwReadFile
-  - ZwQueryInformationFile
-  - IoCreateFile
-  - _wcsicmp
-  - _wcsnicmp
-  - RtlEqualUnicodeString
-  - ZwWriteFile
-  - ZwFlushKey
-  - ZwSetValueKey
-  - ZwQueryValueKey
-  - RtlRandom
-  - KeQuerySystemTime
-  - ZwDeleteKey
-  - ZwOpenKey
-  - ZwEnumerateKey
-  - IoFreeIrp
-  - KeSetEvent
-  - KeWaitForSingleObject
-  - KeGetCurrentThread
-  - KeInitializeEvent
-  - IoAllocateIrp
-  - IoGetRelatedDeviceObject
-  - ObReferenceObjectByHandle
-  - IoFileObjectType
-  - ObQueryNameString
-  - RtlCopyUnicodeString
-  - MmIsAddressValid
-  - PsGetProcessPeb
-  - RtlCreateUnicodeString
-  - ZwDeleteValueKey
-  - ZwCreateKey
-  - RtlFreeUnicodeString
-  - ZwDeleteFile
-  - PsRemoveLoadImageNotifyRoutine
-  - CmUnRegisterCallback
-  - PsSetLoadImageNotifyRoutine
-  - CmRegisterCallback
-  - ObReferenceObjectByName
-  - ZwFreeVirtualMemory
-  - ZwWaitForSingleObject
-  - KeUnstackDetachProcess
-  - KeStackAttachProcess
-  - ZwDuplicateObject
-  - PsGetProcessSessionId
-  - _strnicmp
-  - RtlSubAuthoritySid
-  - RtlSubAuthorityCountSid
-  - ZwQueryInformationToken
-  - ZwOpenProcessTokenEx
-  - PsTerminateSystemThread
-  - PsThreadType
-  - PsCreateSystemThread
-  - KeTickCount
-  - KeBugCheckEx
-  - _vsnprintf
-  - strncmp
-  - strchr
-  - strncpy
-  - strstr
-  - ExAllocatePool
-  - _stricmp
-  - rand
-  - ZwCreateFile
-  - IoBuildDeviceIoControlRequest
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - _allshl
-  - RtlUnwind
-  Imports:
-  - ntoskrnl.exe
-  InternalName: windbg.sys
-  MD5: 88bea56ae9257b40063785cf47546024
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: windbg.sys
-  Product: Microsoft? Windows? Operating System
-  ProductVersion: 10.0.19041.685
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: e1c6e942db6887e4c9e630b5bb75c313
-    SHA1: e703cd9718363d923287424967d01ca57fc8a842
-    SHA256: 8afa5d95d504001486a7641c204a06b483d2cf4f3b4ed072606cc05759996d9d
-  SHA1: b5a8e2104d76dbb04cd9ffe86784113585822375
-  SHA256: e1cb86386757b947b39086cc8639da988f6e8018ca9995dd669bdc03c8d39d7d
-  Sections:
-    .text:
-      Entropy: 6.560143155001299
-      Virtual Size: '0xcf52'
-    .rdata:
-      Entropy: 7.956474654695534
-      Virtual Size: '0xdc5e4'
-    .data:
-      Entropy: 2.3758735106170197
-      Virtual Size: '0x2420'
-    INIT:
-      Entropy: 5.700732148931988
-      Virtual Size: '0xa1a'
-    .rsrc:
-      Entropy: 3.337476767732356
-      Virtual Size: '0x400'
-    .reloc:
-      Entropy: 3.4327474207821553
-      Virtual Size: '0x144e'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: ??=CN, ??=, ??=, ??=Private Organization, serialNumber=91420100MA4KN92W72,
-        C=CN, ST=, L=, O=Wuhan Jiajia Yiyong Technology Co., Ltd., CN=Wuhan Jiajia
-        Yiyong Technology Co., Ltd.
-      ValidFrom: '2020-11-17 00:00:00'
-      ValidTo: '2023-11-12 23:59:59'
-      Signature: 9451eb3eee03a01f0c66d87dc537eb17f37bc157ec9037c05a55ee4a3d0c207c67b981841c2b642084bca0a3c65f8e8eb5413f3e897b267aad91044c4098319a1f703fa995afdc53896d20245af8c2829e80081d36135ac1acb414bf966fd0af157b3fc2dac8f616f2b794a76b0fb7b300db0c579f093e31dd739b43f09fb7a73c6c914d8453032ea14950246e80abfc7fbaff2597ab68b6f03d30d97edbee25c0e2786040a1770e26661867920f3b01132c4ac5dc9ef97ae59e7baad68fe1b2b12acc7ed54697e9d4025ced62ac9dca82104ac7dd8219b331fcbed72aab33b95fed0ef6a1f9831c8b68457be6b080ae3c9ae15df500a53b7b2a198ee71abd1b
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 012eab44fa8853d913e7107c89406432
-      Version: 3
-      TBS:
-        MD5: 5d40693a8cfc4fd21f0c610ed3ee8477
-        SHA1: 4dffeb59ea4c32c7b87c9fe44d55f5e622444824
-        SHA256: d7380ff1b3d400fdf8cf2d8ab18ac65a071ae51c83cce017fa236fb530c4af74
-        SHA384: 9feb1b57516ca5131bb53e05cfc2c1d1df028761ede93e58f42026a9781507a72e28bb2aca693c72f29da7f0421f45bc
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA
-      ValidFrom: '2012-04-18 12:00:00'
-      ValidTo: '2027-04-18 12:00:00'
-      Signature: 9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0dd0e3374ac95bdbfa6b434b2a48ec06
-      Version: 3
-      TBS:
-        MD5: f92649915476229b093c211c2b18e6c4
-        SHA1: 2d54c16a8f8b69ccdea48d0603c132f547a5cf75
-        SHA256: 2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
-        SHA384: 511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace
-    Signer:
-    - SerialNumber: 012eab44fa8853d913e7107c89406432
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA
-      Version: 1
-  Imphash: f8e4844312e81dbdb4e8e95e2ad2c127
-  LoadsDespiteHVCI: 'TRUE'
-- Authentihash:
-    MD5: 096f2e1d163a780fa3cb7f0870fe2b34
-    SHA1: 0e4f45b762d5c548322cde3d0e2d5ff2d81c87f1
-    SHA256: 948735962436df24baa69e58421345d4a295e0821f4f93fd9f64e11f51a9666f
-  Company: Microsoft Corporation
-  Copyright: '? Microsoft Corporation. All rights reserved.'
-  CreationTimestamp: '2023-03-27 22:28:14'
-  Date: ''
-  Description: Windows GUI symbolic debugger
-  ExportedFunctions: ''
-  FileVersion: 10.0.19041.685 (WinBuild.160101.0800)
-  Filename: windbg.sys
-  ImportedFunctions:
-  - IoDeleteDevice
-  - IoDetachDevice
-  - memcpy
-  - memset
-  - ZwClose
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - ObOpenObjectByPointer
-  - PsProcessType
-  - PsLookupProcessByProcessId
-  - MmGetSystemRoutineAddress
-  - RtlInitUnicodeString
-  - IofCallDriver
-  - PsGetCurrentProcessId
-  - IoGetLowerDeviceObject
-  - ObfDereferenceObject
-  - IoGetAttachedDeviceReference
-  - IoUnregisterShutdownNotification
-  - KeDelayExecutionThread
-  - IoAttachDeviceToDeviceStackSafe
-  - IoCreateDevice
-  - IoEnumerateDeviceObjectList
-  - IoRegisterShutdownNotification
-  - IoUnregisterFsRegistrationChange
-  - IoRegisterFsRegistrationChange
-  - _vsnwprintf
-  - PsGetVersion
-  - ZwAllocateVirtualMemory
-  - MmUnmapLockedPages
-  - IoFreeMdl
-  - MmMapLockedPages
-  - MmBuildMdlForNonPagedPool
-  - MmCreateMdl
-  - ZwReadFile
-  - ZwQueryInformationFile
-  - IoCreateFile
-  - _wcsicmp
-  - _wcsnicmp
-  - RtlEqualUnicodeString
-  - ZwWriteFile
-  - ZwFlushKey
-  - ZwSetValueKey
-  - ZwQueryValueKey
-  - RtlRandom
-  - KeQuerySystemTime
-  - ZwDeleteKey
-  - ZwOpenKey
-  - ZwEnumerateKey
-  - IoFreeIrp
-  - KeSetEvent
-  - KeWaitForSingleObject
-  - KeGetCurrentThread
-  - KeInitializeEvent
-  - IoAllocateIrp
-  - IoGetRelatedDeviceObject
-  - ObReferenceObjectByHandle
-  - IoFileObjectType
-  - ObQueryNameString
-  - RtlCopyUnicodeString
-  - MmIsAddressValid
-  - PsGetProcessPeb
-  - RtlCreateUnicodeString
-  - ZwDeleteValueKey
-  - ZwCreateKey
-  - RtlFreeUnicodeString
-  - ZwDeleteFile
-  - PsRemoveLoadImageNotifyRoutine
-  - CmUnRegisterCallback
-  - PsSetLoadImageNotifyRoutine
-  - CmRegisterCallback
-  - ObReferenceObjectByName
-  - ZwFreeVirtualMemory
-  - ZwWaitForSingleObject
-  - KeUnstackDetachProcess
-  - KeStackAttachProcess
-  - ZwDuplicateObject
-  - PsGetProcessSessionId
-  - _strnicmp
-  - RtlSubAuthoritySid
-  - RtlSubAuthorityCountSid
-  - ZwQueryInformationToken
-  - ZwOpenProcessTokenEx
-  - PsTerminateSystemThread
-  - PsThreadType
-  - PsCreateSystemThread
-  - KeTickCount
-  - KeBugCheckEx
-  - _vsnprintf
-  - strncmp
-  - strchr
-  - strncpy
-  - strstr
-  - ExAllocatePool
-  - _stricmp
-  - rand
-  - ZwCreateFile
-  - IoBuildDeviceIoControlRequest
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - _allshl
-  - RtlUnwind
-  Imports:
-  - ntoskrnl.exe
-  InternalName: windbg.sys
-  MD5: 3f11a94f1ac5efdd19767c6976da9ba4
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: windbg.sys
-  Product: Microsoft? Windows? Operating System
-  ProductVersion: 10.0.19041.685
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: e1c6e942db6887e4c9e630b5bb75c313
-    SHA1: e703cd9718363d923287424967d01ca57fc8a842
-    SHA256: 8afa5d95d504001486a7641c204a06b483d2cf4f3b4ed072606cc05759996d9d
-  SHA1: f92faed3ef92fa5bc88ebc1725221be5d7425528
-  SHA256: 4734a0a5d88f44a4939b8d812364cab6ca5f611b9b8ceebe27df6c1ed3a6d8a4
-  Sections:
-    .text:
-      Entropy: 6.562572727180479
-      Virtual Size: '0xcf52'
-    .rdata:
-      Entropy: 7.956615408068725
-      Virtual Size: '0xdc824'
-    .data:
-      Entropy: 2.3758735106170197
-      Virtual Size: '0x2420'
-    INIT:
-      Entropy: 5.700732148931988
-      Virtual Size: '0xa1a'
-    .rsrc:
-      Entropy: 3.337476767732356
-      Virtual Size: '0x400'
-    .reloc:
-      Entropy: 3.4303160245829205
-      Virtual Size: '0x144e'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: ??=CN, ??=, ??=, ??=Private Organization, serialNumber=91420100MA4KN92W72,
-        C=CN, ST=, L=, O=Wuhan Jiajia Yiyong Technology Co., Ltd., CN=Wuhan Jiajia
-        Yiyong Technology Co., Ltd.
-      ValidFrom: '2020-11-17 00:00:00'
-      ValidTo: '2023-11-12 23:59:59'
-      Signature: 9451eb3eee03a01f0c66d87dc537eb17f37bc157ec9037c05a55ee4a3d0c207c67b981841c2b642084bca0a3c65f8e8eb5413f3e897b267aad91044c4098319a1f703fa995afdc53896d20245af8c2829e80081d36135ac1acb414bf966fd0af157b3fc2dac8f616f2b794a76b0fb7b300db0c579f093e31dd739b43f09fb7a73c6c914d8453032ea14950246e80abfc7fbaff2597ab68b6f03d30d97edbee25c0e2786040a1770e26661867920f3b01132c4ac5dc9ef97ae59e7baad68fe1b2b12acc7ed54697e9d4025ced62ac9dca82104ac7dd8219b331fcbed72aab33b95fed0ef6a1f9831c8b68457be6b080ae3c9ae15df500a53b7b2a198ee71abd1b
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 012eab44fa8853d913e7107c89406432
-      Version: 3
-      TBS:
-        MD5: 5d40693a8cfc4fd21f0c610ed3ee8477
-        SHA1: 4dffeb59ea4c32c7b87c9fe44d55f5e622444824
-        SHA256: d7380ff1b3d400fdf8cf2d8ab18ac65a071ae51c83cce017fa236fb530c4af74
-        SHA384: 9feb1b57516ca5131bb53e05cfc2c1d1df028761ede93e58f42026a9781507a72e28bb2aca693c72f29da7f0421f45bc
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA
-      ValidFrom: '2012-04-18 12:00:00'
-      ValidTo: '2027-04-18 12:00:00'
-      Signature: 9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0dd0e3374ac95bdbfa6b434b2a48ec06
-      Version: 3
-      TBS:
-        MD5: f92649915476229b093c211c2b18e6c4
-        SHA1: 2d54c16a8f8b69ccdea48d0603c132f547a5cf75
-        SHA256: 2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
-        SHA384: 511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace
-    Signer:
-    - SerialNumber: 012eab44fa8853d913e7107c89406432
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA
-      Version: 1
-  Imphash: f8e4844312e81dbdb4e8e95e2ad2c127
-  LoadsDespiteHVCI: 'TRUE'
-- Authentihash:
-    MD5: 207e5de5c589271ee469dd33442a0bb0
-    SHA1: 34e83718226e039ebf28c4ea2284b011701710d0
-    SHA256: aa833c9e3bcdc33eaf64fd913e80f5b9ce60618f6e3ff4c386420fea4a494380
-  Company: Microsoft Corporation
-  Copyright: '? Microsoft Corporation. All rights reserved.'
-  CreationTimestamp: '2023-03-30 04:24:09'
-  Date: ''
-  Description: Windows GUI symbolic debugger
-  ExportedFunctions: ''
-  FileVersion: 10.0.19041.685 (WinBuild.160101.0800)
-  Filename: windbg.sys
-  ImportedFunctions:
-  - IoDeleteDevice
-  - IoDetachDevice
-  - memcpy
-  - memset
-  - ZwClose
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - ObOpenObjectByPointer
-  - PsProcessType
-  - PsLookupProcessByProcessId
-  - MmGetSystemRoutineAddress
-  - RtlInitUnicodeString
-  - IofCallDriver
-  - PsGetCurrentProcessId
-  - IoGetLowerDeviceObject
-  - ObfDereferenceObject
-  - IoGetAttachedDeviceReference
-  - IoUnregisterShutdownNotification
-  - KeDelayExecutionThread
-  - IoAttachDeviceToDeviceStackSafe
-  - IoCreateDevice
-  - IoEnumerateDeviceObjectList
-  - IoRegisterShutdownNotification
-  - IoUnregisterFsRegistrationChange
-  - IoRegisterFsRegistrationChange
-  - _vsnwprintf
-  - PsGetVersion
-  - ZwAllocateVirtualMemory
-  - MmUnmapLockedPages
-  - IoFreeMdl
-  - MmMapLockedPages
-  - MmBuildMdlForNonPagedPool
-  - MmCreateMdl
-  - ZwReadFile
-  - ZwQueryInformationFile
-  - IoCreateFile
-  - _wcsicmp
-  - _wcsnicmp
-  - RtlEqualUnicodeString
-  - ZwWriteFile
-  - ZwFlushKey
-  - ZwSetValueKey
-  - ZwQueryValueKey
-  - RtlRandom
-  - KeQuerySystemTime
-  - ZwDeleteKey
-  - ZwOpenKey
-  - ZwEnumerateKey
-  - IoFreeIrp
-  - KeSetEvent
-  - KeWaitForSingleObject
-  - KeGetCurrentThread
-  - KeInitializeEvent
-  - IoAllocateIrp
-  - IoGetRelatedDeviceObject
-  - ObReferenceObjectByHandle
-  - IoFileObjectType
-  - ObQueryNameString
-  - RtlCopyUnicodeString
-  - MmIsAddressValid
-  - PsGetProcessPeb
-  - RtlCreateUnicodeString
-  - ZwDeleteValueKey
-  - ZwCreateKey
-  - RtlFreeUnicodeString
-  - ZwDeleteFile
-  - PsRemoveLoadImageNotifyRoutine
-  - CmUnRegisterCallback
-  - PsSetLoadImageNotifyRoutine
-  - CmRegisterCallback
-  - ObReferenceObjectByName
-  - ZwFreeVirtualMemory
-  - ZwWaitForSingleObject
-  - KeUnstackDetachProcess
-  - KeStackAttachProcess
-  - ZwDuplicateObject
-  - PsGetProcessSessionId
-  - _strnicmp
-  - RtlSubAuthoritySid
-  - RtlSubAuthorityCountSid
-  - ZwQueryInformationToken
-  - ZwOpenProcessTokenEx
-  - PsTerminateSystemThread
-  - PsThreadType
-  - PsCreateSystemThread
-  - KeTickCount
-  - KeBugCheckEx
-  - _vsnprintf
-  - strncmp
-  - strchr
-  - strncpy
-  - strstr
-  - ExAllocatePool
-  - _stricmp
-  - rand
-  - ZwCreateFile
-  - IoBuildDeviceIoControlRequest
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - _allshl
-  - RtlUnwind
-  Imports:
-  - ntoskrnl.exe
-  InternalName: windbg.sys
-  MD5: 0bdd51cc33e88b5265dfb7d88c5dc8d6
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: windbg.sys
-  Product: Microsoft? Windows? Operating System
-  ProductVersion: 10.0.19041.685
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: e1c6e942db6887e4c9e630b5bb75c313
-    SHA1: e703cd9718363d923287424967d01ca57fc8a842
-    SHA256: 8afa5d95d504001486a7641c204a06b483d2cf4f3b4ed072606cc05759996d9d
-  SHA1: 6a6fe0d69e0ea34d695c3b525e6db639f9ad6ac5
-  SHA256: ea50f22daade04d3ca06dedb497b905215cba31aae7b4cab4b533fda0c5be620
-  Sections:
-    .text:
-      Entropy: 6.560075759576669
-      Virtual Size: '0xcf52'
-    .rdata:
-      Entropy: 7.956474654695534
-      Virtual Size: '0xdc5e4'
-    .data:
-      Entropy: 2.3758735106170197
-      Virtual Size: '0x2420'
-    INIT:
-      Entropy: 5.700732148931988
-      Virtual Size: '0xa1a'
-    .rsrc:
-      Entropy: 3.337476767732356
-      Virtual Size: '0x400'
-    .reloc:
-      Entropy: 3.4327474207821553
-      Virtual Size: '0x144e'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: ??=CN, ??=, ??=, ??=Private Organization, serialNumber=91420100MA4KN92W72,
-        C=CN, ST=, L=, O=Wuhan Jiajia Yiyong Technology Co., Ltd., CN=Wuhan Jiajia
-        Yiyong Technology Co., Ltd.
-      ValidFrom: '2020-11-17 00:00:00'
-      ValidTo: '2023-11-12 23:59:59'
-      Signature: 9451eb3eee03a01f0c66d87dc537eb17f37bc157ec9037c05a55ee4a3d0c207c67b981841c2b642084bca0a3c65f8e8eb5413f3e897b267aad91044c4098319a1f703fa995afdc53896d20245af8c2829e80081d36135ac1acb414bf966fd0af157b3fc2dac8f616f2b794a76b0fb7b300db0c579f093e31dd739b43f09fb7a73c6c914d8453032ea14950246e80abfc7fbaff2597ab68b6f03d30d97edbee25c0e2786040a1770e26661867920f3b01132c4ac5dc9ef97ae59e7baad68fe1b2b12acc7ed54697e9d4025ced62ac9dca82104ac7dd8219b331fcbed72aab33b95fed0ef6a1f9831c8b68457be6b080ae3c9ae15df500a53b7b2a198ee71abd1b
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 012eab44fa8853d913e7107c89406432
-      Version: 3
-      TBS:
-        MD5: 5d40693a8cfc4fd21f0c610ed3ee8477
-        SHA1: 4dffeb59ea4c32c7b87c9fe44d55f5e622444824
-        SHA256: d7380ff1b3d400fdf8cf2d8ab18ac65a071ae51c83cce017fa236fb530c4af74
-        SHA384: 9feb1b57516ca5131bb53e05cfc2c1d1df028761ede93e58f42026a9781507a72e28bb2aca693c72f29da7f0421f45bc
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA
-      ValidFrom: '2012-04-18 12:00:00'
-      ValidTo: '2027-04-18 12:00:00'
-      Signature: 9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0dd0e3374ac95bdbfa6b434b2a48ec06
-      Version: 3
-      TBS:
-        MD5: f92649915476229b093c211c2b18e6c4
-        SHA1: 2d54c16a8f8b69ccdea48d0603c132f547a5cf75
-        SHA256: 2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
-        SHA384: 511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace
-    Signer:
-    - SerialNumber: 012eab44fa8853d913e7107c89406432
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA
-      Version: 1
-  Imphash: f8e4844312e81dbdb4e8e95e2ad2c127
-  LoadsDespiteHVCI: 'TRUE'
-- Authentihash:
-    MD5: dbc72430b48b0ca636a84b9e5ed0d534
-    SHA1: 58ca196bfd54c6166aae0f8000fa8a1a66a0073e
-    SHA256: 45b969ae1b381716a29cd509622470b5b20b70c7efe4c9b7c0568faa298605ff
-  Company: Microsoft Corporation
-  Copyright: '? Microsoft Corporation. All rights reserved.'
-  CreationTimestamp: '2023-03-30 04:24:09'
-  Date: ''
-  Description: Windows GUI symbolic debugger
-  ExportedFunctions: ''
-  FileVersion: 10.0.19041.685 (WinBuild.160101.0800)
-  Filename: windbg.sys
-  ImportedFunctions:
-  - IoDeleteDevice
-  - IoDetachDevice
-  - memcpy
-  - memset
-  - ZwClose
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - ObOpenObjectByPointer
-  - PsProcessType
-  - PsLookupProcessByProcessId
-  - MmGetSystemRoutineAddress
-  - RtlInitUnicodeString
-  - IofCallDriver
-  - PsGetCurrentProcessId
-  - IoGetLowerDeviceObject
-  - ObfDereferenceObject
-  - IoGetAttachedDeviceReference
-  - IoUnregisterShutdownNotification
-  - KeDelayExecutionThread
-  - IoAttachDeviceToDeviceStackSafe
-  - IoCreateDevice
-  - IoEnumerateDeviceObjectList
-  - IoRegisterShutdownNotification
-  - IoUnregisterFsRegistrationChange
-  - IoRegisterFsRegistrationChange
-  - _vsnwprintf
-  - PsGetVersion
-  - ZwAllocateVirtualMemory
-  - MmUnmapLockedPages
-  - IoFreeMdl
-  - MmMapLockedPages
-  - MmBuildMdlForNonPagedPool
-  - MmCreateMdl
-  - ZwReadFile
-  - ZwQueryInformationFile
-  - IoCreateFile
-  - _wcsicmp
-  - _wcsnicmp
-  - RtlEqualUnicodeString
-  - ZwWriteFile
-  - ZwFlushKey
-  - ZwSetValueKey
-  - ZwQueryValueKey
-  - RtlRandom
-  - KeQuerySystemTime
-  - ZwDeleteKey
-  - ZwOpenKey
-  - ZwEnumerateKey
-  - IoFreeIrp
-  - KeSetEvent
-  - KeWaitForSingleObject
-  - KeGetCurrentThread
-  - KeInitializeEvent
-  - IoAllocateIrp
-  - IoGetRelatedDeviceObject
-  - ObReferenceObjectByHandle
-  - IoFileObjectType
-  - ObQueryNameString
-  - RtlCopyUnicodeString
-  - MmIsAddressValid
-  - PsGetProcessPeb
-  - RtlCreateUnicodeString
-  - ZwDeleteValueKey
-  - ZwCreateKey
-  - RtlFreeUnicodeString
-  - ZwDeleteFile
-  - PsRemoveLoadImageNotifyRoutine
-  - CmUnRegisterCallback
-  - PsSetLoadImageNotifyRoutine
-  - CmRegisterCallback
-  - ObReferenceObjectByName
-  - ZwFreeVirtualMemory
-  - ZwWaitForSingleObject
-  - KeUnstackDetachProcess
-  - KeStackAttachProcess
-  - ZwDuplicateObject
-  - PsGetProcessSessionId
-  - _strnicmp
-  - RtlSubAuthoritySid
-  - RtlSubAuthorityCountSid
-  - ZwQueryInformationToken
-  - ZwOpenProcessTokenEx
-  - PsTerminateSystemThread
-  - PsThreadType
-  - PsCreateSystemThread
-  - KeTickCount
-  - KeBugCheckEx
-  - _vsnprintf
-  - strncmp
-  - strchr
-  - strncpy
-  - strstr
-  - ExAllocatePool
-  - _stricmp
-  - rand
-  - ZwCreateFile
-  - IoBuildDeviceIoControlRequest
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - _allshl
-  - RtlUnwind
-  Imports:
-  - ntoskrnl.exe
-  InternalName: windbg.sys
-  MD5: b6b530dd25c5eb66499968ec82e8791e
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: windbg.sys
-  Product: Microsoft? Windows? Operating System
-  ProductVersion: 10.0.19041.685
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: e1c6e942db6887e4c9e630b5bb75c313
-    SHA1: e703cd9718363d923287424967d01ca57fc8a842
-    SHA256: 8afa5d95d504001486a7641c204a06b483d2cf4f3b4ed072606cc05759996d9d
-  SHA1: 9c1c9032aa1e33461f35dbf79b6f2d061bfc6774
-  SHA256: fa9abb3e7e06f857be191a1e049dd37642ec41fb2520c105df2227fcac3de5d5
-  Sections:
-    .text:
-      Entropy: 6.560245241511933
-      Virtual Size: '0xcf52'
-    .rdata:
-      Entropy: 7.956474654695534
-      Virtual Size: '0xdc5e4'
-    .data:
-      Entropy: 2.3758735106170197
-      Virtual Size: '0x2420'
-    INIT:
-      Entropy: 5.700732148931988
-      Virtual Size: '0xa1a'
-    .rsrc:
-      Entropy: 3.337476767732356
-      Virtual Size: '0x400'
-    .reloc:
-      Entropy: 3.4327474207821553
-      Virtual Size: '0x144e'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Hardware Compatibility Publisher
-      ValidFrom: '2023-01-12 19:14:51'
-      ValidTo: '2023-12-15 19:14:51'
-      Signature: 04d1261b735b38b551b427cf9a295d4eb18edd92de14079aa33a10511ee6d262938b29ae208f96be64a80e2967fb8d7aa5750613901a9da6a82935398175482096430c9acecb55ee2c5468d119f467378c18251a8fe01e9d7b79bce903ccb7afb227e2d0abee00bd9fd6bbbbd67c014888dc46f3efa912d4576f7ca9980957609cd21fbd51815cb11bee95fa780498d905e866bc1a604e407ee0d97a105bcc8e600200b19b9c3a56cb3918047f21ba9ee2228b46b8e5c8b456ba65e6f0c40d28294b654761660e9d14948866c3f0f65f028e47641059d3f195812e871362128bcefb901d5aeace862e3d683b291d65c138138ea1335fe3552f4c46a7f7b0c6e5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 33000000f3158ea57d1c559f290000000000f3
-      Version: 3
-      TBS:
-        MD5: 8d4476692bcda36ed89244b94bd705f0
-        SHA1: ce72176d5cad611366e13a9a997ad7ecc7eb815f
-        SHA256: dd1db9c0e7e50040ac6c586c1b6fd479cef240c064473373f75fbeb3e04ff972
-        SHA384: 6f8e6245a2f817203781cc38a9463e5ac7a7db499aede35d3321b4848fc1389dd29831cdfc26984a691d5875c4eebf1a
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2012
-      ValidFrom: '2012-04-18 23:48:38'
-      ValidTo: '2027-04-18 23:58:38'
-      Signature: 5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 610baac1000000000009
-      Version: 3
-      TBS:
-        MD5: a569061297e8e824767dbc3184a69bea
-        SHA1: adbb26a587a8f44b4fccaecb306f980d1c55a150
-        SHA256: cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46
-        SHA384: e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba
-    Signer:
-    - SerialNumber: 33000000f3158ea57d1c559f290000000000f3
-      Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2012
-      Version: 1
-  Imphash: f8e4844312e81dbdb4e8e95e2ad2c127
-  LoadsDespiteHVCI: 'TRUE'
-- Authentihash:
-    MD5: ff65997d5644ff042a7e3a5cb9030af2
-    SHA1: a1c5483d4d29d0cd9edc6e42a21d70f56de12aaf
-    SHA256: 9be868eb7e177ee6d762f2a022acf18b6b190fecbe445b3c09fc0494e8244ee8
-  Company: Microsoft Corporation
-  Copyright: '? Microsoft Corporation. All rights reserved.'
-  CreationTimestamp: '2023-03-30 04:23:58'
-  Date: ''
-  Description: Windows GUI symbolic debugger
-  ExportedFunctions: ''
-  FileVersion: 10.0.19041.685 (WinBuild.160101.0800)
-  Filename: windbg.sys
-  ImportedFunctions:
-  - ExAllocatePoolWithTag
-  - PsProcessType
-  - IoGetLowerDeviceObject
-  - ExFreePoolWithTag
-  - IoRegisterShutdownNotification
-  - IoAttachDeviceToDeviceStackSafe
-  - PsLookupProcessByProcessId
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - MmGetSystemRoutineAddress
-  - IoDetachDevice
-  - KeDelayExecutionThread
-  - IoUnregisterShutdownNotification
-  - ZwClose
-  - IoGetAttachedDeviceReference
-  - PsGetCurrentProcessId
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - IoEnumerateDeviceObjectList
-  - IoUnregisterFsRegistrationChange
-  - ObOpenObjectByPointer
-  - IoRegisterFsRegistrationChange
-  - IofCallDriver
-  - MmUnmapLockedPages
-  - _wcsicmp
-  - PsGetProcessPeb
-  - ZwCreateKey
-  - RtlCreateUnicodeString
-  - MmMapLockedPages
-  - PsSetLoadImageNotifyRoutine
-  - _wcsnicmp
-  - ZwReadFile
-  - IoGetRelatedDeviceObject
-  - KeSetEvent
-  - IoCreateFile
-  - KeInitializeEvent
-  - ZwDeleteValueKey
-  - ZwSetValueKey
-  - RtlEqualUnicodeString
-  - MmBuildMdlForNonPagedPool
-  - IoFreeMdl
-  - RtlFreeUnicodeString
-  - ObQueryNameString
-  - IoFileObjectType
-  - ZwQueryValueKey
-  - _vsnwprintf
-  - RtlRandom
-  - ObReferenceObjectByHandle
-  - KeWaitForSingleObject
-  - PsRemoveLoadImageNotifyRoutine
-  - ZwFlushKey
-  - MmCreateMdl
-  - IoFreeIrp
-  - ZwDeleteFile
-  - PsGetVersion
-  - IoAllocateIrp
-  - CmRegisterCallback
-  - RtlCopyUnicodeString
-  - MmIsAddressValid
-  - CmUnRegisterCallback
-  - ZwQueryInformationFile
-  - ZwWriteFile
-  - ZwDeleteKey
-  - ZwEnumerateKey
-  - ZwAllocateVirtualMemory
-  - ZwOpenKey
-  - KeUnstackDetachProcess
-  - ZwWaitForSingleObject
-  - ZwFreeVirtualMemory
-  - PsGetProcessSessionId
-  - ZwDuplicateObject
-  - ObReferenceObjectByName
-  - KeStackAttachProcess
-  - RtlSubAuthoritySid
-  - _strnicmp
-  - ZwOpenProcessTokenEx
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - PsThreadType
-  - RtlSubAuthorityCountSid
-  - ZwQueryInformationToken
-  - KeBugCheckEx
-  - strncmp
-  - strstr
-  - strchr
-  - strncpy
-  - _vsnprintf
-  - rand
-  - _stricmp
-  - ExAllocatePool
-  - IoBuildDeviceIoControlRequest
-  - ZwCreateFile
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - __C_specific_handler
-  Imports:
-  - ntoskrnl.exe
-  InternalName: windbg.sys
-  MD5: 77a7ed4798d02ef6636cd0fd07fc382a
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: windbg.sys
-  Product: Microsoft? Windows? Operating System
-  ProductVersion: 10.0.19041.685
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 0b8725117e665d5272218cb41038327d
-    SHA1: a6dde20a0c8ba6cfe531ce1a57035b8d7b3d900a
-    SHA256: b54213d1248761579f5f569ab7e32402dd88a12622377d381f7eb55d4f4eb053
-  SHA1: 76789196eebfd4203f477a5a6c75eefc12d9a837
-  SHA256: f936ec4c8164cbd31add659b61c16cb3a717eac90e74d89c47afb96b60120280
-  Sections:
-    .text:
-      Entropy: 6.316005052434714
-      Virtual Size: '0xf332'
-    .rdata:
-      Entropy: 7.924187513971753
-      Virtual Size: '0x1100cc'
-    .data:
-      Entropy: 1.4059711626373768
-      Virtual Size: '0x2608'
-    .pdata:
-      Entropy: 4.843716813714921
-      Virtual Size: '0x6d8'
-    INIT:
-      Entropy: 5.256170796244334
-      Virtual Size: '0xb70'
-    .rsrc:
-      Entropy: 3.333432129597516
-      Virtual Size: '0x400'
-    .reloc:
-      Entropy: 1.3463891478457575
-      Virtual Size: '0x174'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: ??=CN, ??=, ??=, ??=Private Organization, serialNumber=91420100MA4KN92W72,
-        C=CN, ST=, L=, O=Wuhan Jiajia Yiyong Technology Co., Ltd., CN=Wuhan Jiajia
-        Yiyong Technology Co., Ltd.
-      ValidFrom: '2020-11-17 00:00:00'
-      ValidTo: '2023-11-12 23:59:59'
-      Signature: 9451eb3eee03a01f0c66d87dc537eb17f37bc157ec9037c05a55ee4a3d0c207c67b981841c2b642084bca0a3c65f8e8eb5413f3e897b267aad91044c4098319a1f703fa995afdc53896d20245af8c2829e80081d36135ac1acb414bf966fd0af157b3fc2dac8f616f2b794a76b0fb7b300db0c579f093e31dd739b43f09fb7a73c6c914d8453032ea14950246e80abfc7fbaff2597ab68b6f03d30d97edbee25c0e2786040a1770e26661867920f3b01132c4ac5dc9ef97ae59e7baad68fe1b2b12acc7ed54697e9d4025ced62ac9dca82104ac7dd8219b331fcbed72aab33b95fed0ef6a1f9831c8b68457be6b080ae3c9ae15df500a53b7b2a198ee71abd1b
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 012eab44fa8853d913e7107c89406432
-      Version: 3
-      TBS:
-        MD5: 5d40693a8cfc4fd21f0c610ed3ee8477
-        SHA1: 4dffeb59ea4c32c7b87c9fe44d55f5e622444824
-        SHA256: d7380ff1b3d400fdf8cf2d8ab18ac65a071ae51c83cce017fa236fb530c4af74
-        SHA384: 9feb1b57516ca5131bb53e05cfc2c1d1df028761ede93e58f42026a9781507a72e28bb2aca693c72f29da7f0421f45bc
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA
-      ValidFrom: '2012-04-18 12:00:00'
-      ValidTo: '2027-04-18 12:00:00'
-      Signature: 9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0dd0e3374ac95bdbfa6b434b2a48ec06
-      Version: 3
-      TBS:
-        MD5: f92649915476229b093c211c2b18e6c4
-        SHA1: 2d54c16a8f8b69ccdea48d0603c132f547a5cf75
-        SHA256: 2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
-        SHA384: 511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace
-    Signer:
-    - SerialNumber: 012eab44fa8853d913e7107c89406432
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA
-      Version: 1
-  Imphash: 3db9de43d5d530c10d0cd2d43c7a0771
-  LoadsDespiteHVCI: 'TRUE'
 MitreID: T1068
+Category: malicious
+Commands:
+    Command: sc.exe create windbg.sys binPath=C:\windows\temp\windbg.sys type=kernel
+        && sc.exe start windbg.sys
+    Description: Kernel driver seen in a recent CopperStealer campaign.
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://www.proofpoint.com/us/blog/threat-insight/now-you-see-it-now-you-dont-copperstealer-performs-widespread-theft
 - https://twitter.com/jaydinbas/status/1642898531445886978?s=20
 - https://twitter.com/jaydinbas/status/1646475092006785027?s=20
-Tags:
-- windbg.sys
-Verified: 'TRUE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/e1cb86386757b947b39086cc8639da988f6e8018ca9995dd669bdc03c8d39d7d.yara
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/fa9abb3e7e06f857be191a1e049dd37642ec41fb2520c105df2227fcac3de5d5.yara
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/06c5ebd0371342d18bc81a96f5e5ce28de64101e3c2fd0161d0b54d8368d2f1f.yara
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_mal_drivers_strict.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 265462dbda175886e0c02257f2385753
+        SHA1: 0e45b675fec76249e64f8a2d4bd5483886b91169
+        SHA256: 37a1a3fa4dc148924c1bfb60c88ffef082ee58cd0ee804d2de0f1d22c1e7802c
+    Company: Microsoft Corporation
+    Copyright: '? Microsoft Corporation. All rights reserved.'
+    CreationTimestamp: '2023-03-30 04:24:09'
+    Date: ''
+    Description: Windows GUI symbolic debugger
+    ExportedFunctions: ''
+    FileVersion: 10.0.19041.685 (WinBuild.160101.0800)
+    Filename: windbg.sys
+    ImportedFunctions:
+    - IoDeleteDevice
+    - IoDetachDevice
+    - memcpy
+    - memset
+    - ZwClose
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - ObOpenObjectByPointer
+    - PsProcessType
+    - PsLookupProcessByProcessId
+    - MmGetSystemRoutineAddress
+    - RtlInitUnicodeString
+    - IofCallDriver
+    - PsGetCurrentProcessId
+    - IoGetLowerDeviceObject
+    - ObfDereferenceObject
+    - IoGetAttachedDeviceReference
+    - IoUnregisterShutdownNotification
+    - KeDelayExecutionThread
+    - IoAttachDeviceToDeviceStackSafe
+    - IoCreateDevice
+    - IoEnumerateDeviceObjectList
+    - IoRegisterShutdownNotification
+    - IoUnregisterFsRegistrationChange
+    - IoRegisterFsRegistrationChange
+    - _vsnwprintf
+    - PsGetVersion
+    - ZwAllocateVirtualMemory
+    - MmUnmapLockedPages
+    - IoFreeMdl
+    - MmMapLockedPages
+    - MmBuildMdlForNonPagedPool
+    - MmCreateMdl
+    - ZwReadFile
+    - ZwQueryInformationFile
+    - IoCreateFile
+    - _wcsicmp
+    - _wcsnicmp
+    - RtlEqualUnicodeString
+    - ZwWriteFile
+    - ZwFlushKey
+    - ZwSetValueKey
+    - ZwQueryValueKey
+    - RtlRandom
+    - KeQuerySystemTime
+    - ZwDeleteKey
+    - ZwOpenKey
+    - ZwEnumerateKey
+    - IoFreeIrp
+    - KeSetEvent
+    - KeWaitForSingleObject
+    - KeGetCurrentThread
+    - KeInitializeEvent
+    - IoAllocateIrp
+    - IoGetRelatedDeviceObject
+    - ObReferenceObjectByHandle
+    - IoFileObjectType
+    - ObQueryNameString
+    - RtlCopyUnicodeString
+    - MmIsAddressValid
+    - PsGetProcessPeb
+    - RtlCreateUnicodeString
+    - ZwDeleteValueKey
+    - ZwCreateKey
+    - RtlFreeUnicodeString
+    - ZwDeleteFile
+    - PsRemoveLoadImageNotifyRoutine
+    - CmUnRegisterCallback
+    - PsSetLoadImageNotifyRoutine
+    - CmRegisterCallback
+    - ObReferenceObjectByName
+    - ZwFreeVirtualMemory
+    - ZwWaitForSingleObject
+    - KeUnstackDetachProcess
+    - KeStackAttachProcess
+    - ZwDuplicateObject
+    - PsGetProcessSessionId
+    - _strnicmp
+    - RtlSubAuthoritySid
+    - RtlSubAuthorityCountSid
+    - ZwQueryInformationToken
+    - ZwOpenProcessTokenEx
+    - PsTerminateSystemThread
+    - PsThreadType
+    - PsCreateSystemThread
+    - KeTickCount
+    - KeBugCheckEx
+    - _vsnprintf
+    - strncmp
+    - strchr
+    - strncpy
+    - strstr
+    - ExAllocatePool
+    - _stricmp
+    - rand
+    - ZwCreateFile
+    - IoBuildDeviceIoControlRequest
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - _allshl
+    - RtlUnwind
+    Imports:
+    - ntoskrnl.exe
+    InternalName: windbg.sys
+    MD5: 88bea56ae9257b40063785cf47546024
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: windbg.sys
+    Product: Microsoft? Windows? Operating System
+    ProductVersion: 10.0.19041.685
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: e1c6e942db6887e4c9e630b5bb75c313
+        SHA1: e703cd9718363d923287424967d01ca57fc8a842
+        SHA256: 8afa5d95d504001486a7641c204a06b483d2cf4f3b4ed072606cc05759996d9d
+    SHA1: b5a8e2104d76dbb04cd9ffe86784113585822375
+    SHA256: e1cb86386757b947b39086cc8639da988f6e8018ca9995dd669bdc03c8d39d7d
+    Sections:
+        .text:
+            Entropy: 6.560143155001299
+            Virtual Size: '0xcf52'
+        .rdata:
+            Entropy: 7.956474654695534
+            Virtual Size: '0xdc5e4'
+        .data:
+            Entropy: 2.3758735106170197
+            Virtual Size: '0x2420'
+        INIT:
+            Entropy: 5.700732148931988
+            Virtual Size: '0xa1a'
+        .rsrc:
+            Entropy: 3.337476767732356
+            Virtual Size: '0x400'
+        .reloc:
+            Entropy: 3.4327474207821553
+            Virtual Size: '0x144e'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: ??=CN, ??=, ??=, ??=Private Organization, serialNumber=91420100MA4KN92W72,
+                C=CN, ST=, L=, O=Wuhan Jiajia Yiyong Technology Co., Ltd., CN=Wuhan
+                Jiajia Yiyong Technology Co., Ltd.
+            ValidFrom: '2020-11-17 00:00:00'
+            ValidTo: '2023-11-12 23:59:59'
+            Signature: 9451eb3eee03a01f0c66d87dc537eb17f37bc157ec9037c05a55ee4a3d0c207c67b981841c2b642084bca0a3c65f8e8eb5413f3e897b267aad91044c4098319a1f703fa995afdc53896d20245af8c2829e80081d36135ac1acb414bf966fd0af157b3fc2dac8f616f2b794a76b0fb7b300db0c579f093e31dd739b43f09fb7a73c6c914d8453032ea14950246e80abfc7fbaff2597ab68b6f03d30d97edbee25c0e2786040a1770e26661867920f3b01132c4ac5dc9ef97ae59e7baad68fe1b2b12acc7ed54697e9d4025ced62ac9dca82104ac7dd8219b331fcbed72aab33b95fed0ef6a1f9831c8b68457be6b080ae3c9ae15df500a53b7b2a198ee71abd1b
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 012eab44fa8853d913e7107c89406432
+            Version: 3
+            TBS:
+                MD5: 5d40693a8cfc4fd21f0c610ed3ee8477
+                SHA1: 4dffeb59ea4c32c7b87c9fe44d55f5e622444824
+                SHA256: d7380ff1b3d400fdf8cf2d8ab18ac65a071ae51c83cce017fa236fb530c4af74
+                SHA384: 9feb1b57516ca5131bb53e05cfc2c1d1df028761ede93e58f42026a9781507a72e28bb2aca693c72f29da7f0421f45bc
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA
+            ValidFrom: '2012-04-18 12:00:00'
+            ValidTo: '2027-04-18 12:00:00'
+            Signature: 9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0dd0e3374ac95bdbfa6b434b2a48ec06
+            Version: 3
+            TBS:
+                MD5: f92649915476229b093c211c2b18e6c4
+                SHA1: 2d54c16a8f8b69ccdea48d0603c132f547a5cf75
+                SHA256: 2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
+                SHA384: 511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace
+        Signer:
+        -   SerialNumber: 012eab44fa8853d913e7107c89406432
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA
+            Version: 1
+    Imphash: f8e4844312e81dbdb4e8e95e2ad2c127
+    LoadsDespiteHVCI: 'TRUE'
+-   Authentihash:
+        MD5: dbc72430b48b0ca636a84b9e5ed0d534
+        SHA1: 58ca196bfd54c6166aae0f8000fa8a1a66a0073e
+        SHA256: 45b969ae1b381716a29cd509622470b5b20b70c7efe4c9b7c0568faa298605ff
+    Company: Microsoft Corporation
+    Copyright: '? Microsoft Corporation. All rights reserved.'
+    CreationTimestamp: '2023-03-30 04:24:09'
+    Date: ''
+    Description: Windows GUI symbolic debugger
+    ExportedFunctions: ''
+    FileVersion: 10.0.19041.685 (WinBuild.160101.0800)
+    Filename: windbg.sys
+    ImportedFunctions:
+    - IoDeleteDevice
+    - IoDetachDevice
+    - memcpy
+    - memset
+    - ZwClose
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - ObOpenObjectByPointer
+    - PsProcessType
+    - PsLookupProcessByProcessId
+    - MmGetSystemRoutineAddress
+    - RtlInitUnicodeString
+    - IofCallDriver
+    - PsGetCurrentProcessId
+    - IoGetLowerDeviceObject
+    - ObfDereferenceObject
+    - IoGetAttachedDeviceReference
+    - IoUnregisterShutdownNotification
+    - KeDelayExecutionThread
+    - IoAttachDeviceToDeviceStackSafe
+    - IoCreateDevice
+    - IoEnumerateDeviceObjectList
+    - IoRegisterShutdownNotification
+    - IoUnregisterFsRegistrationChange
+    - IoRegisterFsRegistrationChange
+    - _vsnwprintf
+    - PsGetVersion
+    - ZwAllocateVirtualMemory
+    - MmUnmapLockedPages
+    - IoFreeMdl
+    - MmMapLockedPages
+    - MmBuildMdlForNonPagedPool
+    - MmCreateMdl
+    - ZwReadFile
+    - ZwQueryInformationFile
+    - IoCreateFile
+    - _wcsicmp
+    - _wcsnicmp
+    - RtlEqualUnicodeString
+    - ZwWriteFile
+    - ZwFlushKey
+    - ZwSetValueKey
+    - ZwQueryValueKey
+    - RtlRandom
+    - KeQuerySystemTime
+    - ZwDeleteKey
+    - ZwOpenKey
+    - ZwEnumerateKey
+    - IoFreeIrp
+    - KeSetEvent
+    - KeWaitForSingleObject
+    - KeGetCurrentThread
+    - KeInitializeEvent
+    - IoAllocateIrp
+    - IoGetRelatedDeviceObject
+    - ObReferenceObjectByHandle
+    - IoFileObjectType
+    - ObQueryNameString
+    - RtlCopyUnicodeString
+    - MmIsAddressValid
+    - PsGetProcessPeb
+    - RtlCreateUnicodeString
+    - ZwDeleteValueKey
+    - ZwCreateKey
+    - RtlFreeUnicodeString
+    - ZwDeleteFile
+    - PsRemoveLoadImageNotifyRoutine
+    - CmUnRegisterCallback
+    - PsSetLoadImageNotifyRoutine
+    - CmRegisterCallback
+    - ObReferenceObjectByName
+    - ZwFreeVirtualMemory
+    - ZwWaitForSingleObject
+    - KeUnstackDetachProcess
+    - KeStackAttachProcess
+    - ZwDuplicateObject
+    - PsGetProcessSessionId
+    - _strnicmp
+    - RtlSubAuthoritySid
+    - RtlSubAuthorityCountSid
+    - ZwQueryInformationToken
+    - ZwOpenProcessTokenEx
+    - PsTerminateSystemThread
+    - PsThreadType
+    - PsCreateSystemThread
+    - KeTickCount
+    - KeBugCheckEx
+    - _vsnprintf
+    - strncmp
+    - strchr
+    - strncpy
+    - strstr
+    - ExAllocatePool
+    - _stricmp
+    - rand
+    - ZwCreateFile
+    - IoBuildDeviceIoControlRequest
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - _allshl
+    - RtlUnwind
+    Imports:
+    - ntoskrnl.exe
+    InternalName: windbg.sys
+    MD5: b6b530dd25c5eb66499968ec82e8791e
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: windbg.sys
+    Product: Microsoft? Windows? Operating System
+    ProductVersion: 10.0.19041.685
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: e1c6e942db6887e4c9e630b5bb75c313
+        SHA1: e703cd9718363d923287424967d01ca57fc8a842
+        SHA256: 8afa5d95d504001486a7641c204a06b483d2cf4f3b4ed072606cc05759996d9d
+    SHA1: 9c1c9032aa1e33461f35dbf79b6f2d061bfc6774
+    SHA256: fa9abb3e7e06f857be191a1e049dd37642ec41fb2520c105df2227fcac3de5d5
+    Sections:
+        .text:
+            Entropy: 6.560245241511933
+            Virtual Size: '0xcf52'
+        .rdata:
+            Entropy: 7.956474654695534
+            Virtual Size: '0xdc5e4'
+        .data:
+            Entropy: 2.3758735106170197
+            Virtual Size: '0x2420'
+        INIT:
+            Entropy: 5.700732148931988
+            Virtual Size: '0xa1a'
+        .rsrc:
+            Entropy: 3.337476767732356
+            Virtual Size: '0x400'
+        .reloc:
+            Entropy: 3.4327474207821553
+            Virtual Size: '0x144e'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Hardware Compatibility Publisher
+            ValidFrom: '2023-01-12 19:14:51'
+            ValidTo: '2023-12-15 19:14:51'
+            Signature: 04d1261b735b38b551b427cf9a295d4eb18edd92de14079aa33a10511ee6d262938b29ae208f96be64a80e2967fb8d7aa5750613901a9da6a82935398175482096430c9acecb55ee2c5468d119f467378c18251a8fe01e9d7b79bce903ccb7afb227e2d0abee00bd9fd6bbbbd67c014888dc46f3efa912d4576f7ca9980957609cd21fbd51815cb11bee95fa780498d905e866bc1a604e407ee0d97a105bcc8e600200b19b9c3a56cb3918047f21ba9ee2228b46b8e5c8b456ba65e6f0c40d28294b654761660e9d14948866c3f0f65f028e47641059d3f195812e871362128bcefb901d5aeace862e3d683b291d65c138138ea1335fe3552f4c46a7f7b0c6e5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 33000000f3158ea57d1c559f290000000000f3
+            Version: 3
+            TBS:
+                MD5: 8d4476692bcda36ed89244b94bd705f0
+                SHA1: ce72176d5cad611366e13a9a997ad7ecc7eb815f
+                SHA256: dd1db9c0e7e50040ac6c586c1b6fd479cef240c064473373f75fbeb3e04ff972
+                SHA384: 6f8e6245a2f817203781cc38a9463e5ac7a7db499aede35d3321b4848fc1389dd29831cdfc26984a691d5875c4eebf1a
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2012
+            ValidFrom: '2012-04-18 23:48:38'
+            ValidTo: '2027-04-18 23:58:38'
+            Signature: 5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 610baac1000000000009
+            Version: 3
+            TBS:
+                MD5: a569061297e8e824767dbc3184a69bea
+                SHA1: adbb26a587a8f44b4fccaecb306f980d1c55a150
+                SHA256: cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46
+                SHA384: e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba
+        Signer:
+        -   SerialNumber: 33000000f3158ea57d1c559f290000000000f3
+            Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2012
+            Version: 1
+    Imphash: f8e4844312e81dbdb4e8e95e2ad2c127
+    LoadsDespiteHVCI: 'TRUE'
+-   Authentihash:
+        MD5: 98a3ab2b723de48256701b417ff87a65
+        SHA1: ff80d6663a92ff454526e88847cbb4d9bd00e21e
+        SHA256: 79278979d9300670d1084493bbc03ae374efc5ab02850941e85753885fa88e47
+    Company: Microsoft Corporation
+    Copyright: '? Microsoft Corporation. All rights reserved.'
+    CreationTimestamp: '2023-03-30 04:23:58'
+    Date: ''
+    Description: Windows GUI symbolic debugger
+    ExportedFunctions: ''
+    FileVersion: 10.0.19041.685 (WinBuild.160101.0800)
+    Filename: windbg.sys
+    ImportedFunctions:
+    - ExAllocatePoolWithTag
+    - PsProcessType
+    - IoGetLowerDeviceObject
+    - ExFreePoolWithTag
+    - IoRegisterShutdownNotification
+    - IoAttachDeviceToDeviceStackSafe
+    - PsLookupProcessByProcessId
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - MmGetSystemRoutineAddress
+    - IoDetachDevice
+    - KeDelayExecutionThread
+    - IoUnregisterShutdownNotification
+    - ZwClose
+    - IoGetAttachedDeviceReference
+    - PsGetCurrentProcessId
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - IoEnumerateDeviceObjectList
+    - IoUnregisterFsRegistrationChange
+    - ObOpenObjectByPointer
+    - IoRegisterFsRegistrationChange
+    - IofCallDriver
+    - MmUnmapLockedPages
+    - _wcsicmp
+    - PsGetProcessPeb
+    - ZwCreateKey
+    - RtlCreateUnicodeString
+    - MmMapLockedPages
+    - PsSetLoadImageNotifyRoutine
+    - _wcsnicmp
+    - ZwReadFile
+    - IoGetRelatedDeviceObject
+    - KeSetEvent
+    - IoCreateFile
+    - KeInitializeEvent
+    - ZwDeleteValueKey
+    - ZwSetValueKey
+    - RtlEqualUnicodeString
+    - MmBuildMdlForNonPagedPool
+    - IoFreeMdl
+    - RtlFreeUnicodeString
+    - ObQueryNameString
+    - IoFileObjectType
+    - ZwQueryValueKey
+    - _vsnwprintf
+    - RtlRandom
+    - ObReferenceObjectByHandle
+    - KeWaitForSingleObject
+    - PsRemoveLoadImageNotifyRoutine
+    - ZwFlushKey
+    - MmCreateMdl
+    - IoFreeIrp
+    - ZwDeleteFile
+    - PsGetVersion
+    - IoAllocateIrp
+    - CmRegisterCallback
+    - RtlCopyUnicodeString
+    - MmIsAddressValid
+    - CmUnRegisterCallback
+    - ZwQueryInformationFile
+    - ZwWriteFile
+    - ZwDeleteKey
+    - ZwEnumerateKey
+    - ZwAllocateVirtualMemory
+    - ZwOpenKey
+    - KeUnstackDetachProcess
+    - ZwWaitForSingleObject
+    - ZwFreeVirtualMemory
+    - PsGetProcessSessionId
+    - ZwDuplicateObject
+    - ObReferenceObjectByName
+    - KeStackAttachProcess
+    - RtlSubAuthoritySid
+    - _strnicmp
+    - ZwOpenProcessTokenEx
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - PsThreadType
+    - RtlSubAuthorityCountSid
+    - ZwQueryInformationToken
+    - KeBugCheckEx
+    - strncmp
+    - strstr
+    - strchr
+    - strncpy
+    - _vsnprintf
+    - rand
+    - _stricmp
+    - ExAllocatePool
+    - IoBuildDeviceIoControlRequest
+    - ZwCreateFile
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - __C_specific_handler
+    Imports:
+    - ntoskrnl.exe
+    InternalName: windbg.sys
+    MD5: 40b968ecdbe9e967d92c5da51c390eee
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: windbg.sys
+    Product: Microsoft? Windows? Operating System
+    ProductVersion: 10.0.19041.685
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 0b8725117e665d5272218cb41038327d
+        SHA1: a6dde20a0c8ba6cfe531ce1a57035b8d7b3d900a
+        SHA256: b54213d1248761579f5f569ab7e32402dd88a12622377d381f7eb55d4f4eb053
+    SHA1: b8b123a413b7bccfa8433deba4f88669c969b543
+    SHA256: 06c5ebd0371342d18bc81a96f5e5ce28de64101e3c2fd0161d0b54d8368d2f1f
+    Sections:
+        .text:
+            Entropy: 6.316212989532183
+            Virtual Size: '0xf332'
+        .rdata:
+            Entropy: 7.924187513971753
+            Virtual Size: '0x1100cc'
+        .data:
+            Entropy: 1.4059711626373768
+            Virtual Size: '0x2608'
+        .pdata:
+            Entropy: 4.843716813714921
+            Virtual Size: '0x6d8'
+        INIT:
+            Entropy: 5.256170796244334
+            Virtual Size: '0xb70'
+        .rsrc:
+            Entropy: 3.333432129597516
+            Virtual Size: '0x400'
+        .reloc:
+            Entropy: 1.3463891478457575
+            Virtual Size: '0x174'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Hardware Compatibility Publisher
+            ValidFrom: '2023-01-12 19:14:52'
+            ValidTo: '2023-12-15 19:14:52'
+            Signature: 5548d9042f4a8d4776b5fccbacda2e58d5161fb7932287aa5da1c9afaca15c230908ed96adeb0f6a86dc3972a85de00fb4d4db0a52394116887998fd673f57a0520fa1e39806b348e555cfe5a419c501a0fbfbdb79e88d37656735fa6cd56d5c465fe3871f5157e357d73956d4586bd50508522be7e24d2357d7ab53e3ae46d2d168e52d0d15761eaab962c36ee0791cabd33869f11f9512772261cda6249f16f85772116cc0585975600e5fe949e1a2bb85820ddf901b9e48ee805aacd1c826a1304916e2180de5d3ecc2fc0375d3a877ab8a058dda7e05aa91727523e579d17ce0dce414612d9b638b1ff5ad74d654c5b7e638a3cca372c5f51db638794ed6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 33000000f5e8773b206b1ccd610000000000f5
+            Version: 3
+            TBS:
+                MD5: bf6aed18e4c3fd6ac87330096df18117
+                SHA1: f96be504b875f1e63bf51eacc6768e4fdecddcc6
+                SHA256: 76c137a4dd29ebb1cb6a5d319d17e7049ad6d524f9de5d47c24c14b16a4f0720
+                SHA384: f1d9ab8315a45f1b96431b009f4b5c12cb4d05428d5b003a4100d4b31124799e8d70dbf72a47787657c42e198bbdff33
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2012
+            ValidFrom: '2012-04-18 23:48:38'
+            ValidTo: '2027-04-18 23:58:38'
+            Signature: 5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 610baac1000000000009
+            Version: 3
+            TBS:
+                MD5: a569061297e8e824767dbc3184a69bea
+                SHA1: adbb26a587a8f44b4fccaecb306f980d1c55a150
+                SHA256: cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46
+                SHA384: e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba
+        Signer:
+        -   SerialNumber: 33000000f5e8773b206b1ccd610000000000f5
+            Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2012
+            Version: 1
+    Imphash: 3db9de43d5d530c10d0cd2d43c7a0771
+    LoadsDespiteHVCI: 'TRUE'
+-   Authentihash:
+        MD5: 3a2404b8c4c87facf5316e4ff16bd603
+        SHA1: ff3d240cf0faeafb37f176b71151dd83b2177a0e
+        SHA256: e307ebe2d43cc8e290e5ade032a6e38bc6961439f92d6e99b954bf1368a975ef
+    Company: Microsoft Corporation
+    Copyright: '? Microsoft Corporation. All rights reserved.'
+    CreationTimestamp: '2023-03-07 08:50:35'
+    Date: ''
+    Description: Windows GUI symbolic debugger
+    ExportedFunctions: ''
+    FileVersion: 10.0.19041.685 (WinBuild.160101.0800)
+    Filename: windbg.sys
+    ImportedFunctions:
+    - ExAllocatePoolWithTag
+    - PsProcessType
+    - IoGetLowerDeviceObject
+    - ExFreePoolWithTag
+    - IoRegisterShutdownNotification
+    - IoAttachDeviceToDeviceStackSafe
+    - PsLookupProcessByProcessId
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - MmGetSystemRoutineAddress
+    - IoDetachDevice
+    - KeDelayExecutionThread
+    - IoUnregisterShutdownNotification
+    - ZwClose
+    - IoGetAttachedDeviceReference
+    - PsGetCurrentProcessId
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - IoEnumerateDeviceObjectList
+    - IoUnregisterFsRegistrationChange
+    - ObOpenObjectByPointer
+    - IoRegisterFsRegistrationChange
+    - IofCallDriver
+    - MmUnmapLockedPages
+    - _wcsicmp
+    - PsGetProcessPeb
+    - ZwCreateKey
+    - RtlCreateUnicodeString
+    - MmMapLockedPages
+    - PsSetLoadImageNotifyRoutine
+    - _wcsnicmp
+    - ZwReadFile
+    - IoCreateFile
+    - ZwDeleteValueKey
+    - ZwSetValueKey
+    - RtlEqualUnicodeString
+    - MmBuildMdlForNonPagedPool
+    - IoFreeMdl
+    - RtlFreeUnicodeString
+    - ObQueryNameString
+    - ZwQueryValueKey
+    - _vsnwprintf
+    - RtlRandom
+    - PsRemoveLoadImageNotifyRoutine
+    - ZwFlushKey
+    - MmCreateMdl
+    - ZwDeleteFile
+    - PsGetVersion
+    - CmRegisterCallback
+    - RtlCopyUnicodeString
+    - MmIsAddressValid
+    - CmUnRegisterCallback
+    - ZwQueryInformationFile
+    - ZwWriteFile
+    - ZwDeleteKey
+    - ZwEnumerateKey
+    - ZwAllocateVirtualMemory
+    - ZwOpenKey
+    - KeUnstackDetachProcess
+    - ZwWaitForSingleObject
+    - ZwFreeVirtualMemory
+    - PsGetProcessSessionId
+    - ZwDuplicateObject
+    - ObReferenceObjectByName
+    - KeStackAttachProcess
+    - RtlSubAuthoritySid
+    - _strnicmp
+    - KeSetEvent
+    - KeInitializeEvent
+    - ZwOpenProcessTokenEx
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - ObReferenceObjectByHandle
+    - KeWaitForSingleObject
+    - PsThreadType
+    - RtlSubAuthorityCountSid
+    - ZwQueryInformationToken
+    - KeBugCheckEx
+    - strncmp
+    - strstr
+    - strchr
+    - strncpy
+    - _vsnprintf
+    - rand
+    - _stricmp
+    - ExAllocatePool
+    - IoBuildDeviceIoControlRequest
+    - IoGetRelatedDeviceObject
+    - ZwCreateFile
+    - IoFreeIrp
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - __C_specific_handler
+    Imports:
+    - ntoskrnl.exe
+    InternalName: windbg.sys
+    MD5: 40f35792e7565aa047796758a3ce1b77
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: windbg.sys
+    Product: Microsoft? Windows? Operating System
+    ProductVersion: 10.0.19041.685
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 57462998048f7ee977ca73cacd0a8a2a
+        SHA1: f1a4626b2b16389bf879d451c63ff53bca825d23
+        SHA256: 9e96e39a30076c985ce6aa3547b8279c8f471122a0b25bebde5a189d9795d427
+    SHA1: 6df35a0c2f6d7d39d24277137ea840078dafb812
+    SHA256: 139f8412a7c6fdc43dcfbbcdba256ee55654eb36a40f338249d5162a1f69b988
+    Sections:
+        .text:
+            Entropy: 6.329047072816416
+            Virtual Size: '0xee62'
+        .rdata:
+            Entropy: 7.874863723842617
+            Virtual Size: '0x116164'
+        .data:
+            Entropy: 1.4228529560727312
+            Virtual Size: '0x2608'
+        .pdata:
+            Entropy: 4.838191412178099
+            Virtual Size: '0x6b4'
+        INIT:
+            Entropy: 5.354478421940713
+            Virtual Size: '0xb3c'
+        .rsrc:
+            Entropy: 3.337476767732356
+            Virtual Size: '0x400'
+        .reloc:
+            Entropy: 1.3463891478457575
+            Virtual Size: '0x174'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=CN, ST=Guangdong, L=Shenzhen, O=Shenzhen Luyoudashi Technology
+                Co., Ltd., OU=Digital ID Class 3 , Microsoft Software Validation v2,
+                CN=Shenzhen Luyoudashi Technology Co., Ltd.
+            ValidFrom: '2014-05-06 00:00:00'
+            ValidTo: '2015-05-06 23:59:59'
+            Signature: 14a41c7ad5dc6309c5b0390f4dbdec058fab41138c90e8a92e5316495d46210a64a3573a304cb2d791c50f3815a2b7ed11057018158311d061080686a2bd6a0a3c9097161b98e46ab15267b3bbdbd76d43d1bc9a239a24e98a6673e1b1c6ca83230ce3862e0d422f113bb3b5fb2b9254346f40c810f6e0bbc7f137f22d0d272a150eac91baf8513472d277290dfc55c7d2b22003c0fccad9a29fbceeba1586efae4bd98de245bda466f7eca00673d4418f90609b9a6c5cbf1a25a3373f2744a3974cd0ba89f9d1b23a02058dd151c0fda03ffca6a40a6d91c7678b675996b5c0c63f491428684be2367b5a60048f3543b5ddf6ba5270bbe376f5e2b62b14fe6a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 5f9e06262d2eed425c886a4709350426
+            Version: 3
+            TBS:
+                MD5: e01323d4e9f20b9c042abdd9585d2d81
+                SHA1: d1fab71f563191354037fe0bb8bf73718c721e45
+                SHA256: 9db6a214ff40e20a9785ef23e93d98de1c0f3b018703c86e6c7cd0d4ade37a14
+                SHA384: 9977259d83cbe7a02e23c446aa606f37b48ab088e375bb4f09a356fdd3abfc114eb2d22305c3d9daeaa47be4fef9f16b
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        -   Subject: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo
+                RSA Time Stamping CA
+            ValidFrom: '2019-05-02 00:00:00'
+            ValidTo: '2038-01-18 23:59:59'
+            Signature: 6d5481a5335d16e1b553819175df037a320b2d258411b2b0db2a7d2a05f5bc3b27f45aa0b9495990296c61cbb550dbe27df99f00ef40c3add3e2e456f95841cff142e5107dffb0741f8fc65c09f9335eeaa01c26585cf3b4110fd5d5c3e2bcd55878bf4876e144676d8fb043100f8de4f93862bf1301c585a34cc5ccb2533095a4d6f4965608b8cd5c7f0196be72526a3b42377c1678399393949bb1dcb26d416d67cdc96f903d7f4572c11b23d6c2558466e4b3c56606f6f3d64b5eada32b428a2192fea86f5a2570628173635ea0bbd8dcd74ad33daf830638121d24872de4fc02d63e7704bc0436b5e777cb9c2e8d2318b9a3c2471df05dd6a1735705689aa7c937651dbeeabcd842834305a58ba609ffd1a194a64eaa3d09f5056cb7d2645ad82a22c24b9df1395e4cde483d9b34969a095f8efdf7b15291ce3f89f61ca1b5a9751f71bf5b435d653d50816eabf0d0d3fcb2b31fb6999626f43c798b5c64cccdee279ae5a0c00c7287c16e4d5ad31eeaf044e6326f1ceb174e94c37865203b0f41aa1fe9a1419dfeb1b8a0652a34e0dea8f93ce6c130bbc0a0632cfc5c1600a8d0c47fea119d1e06c6a66d325db438092b4907aafdec30daf1a72fcfb7fdfad0a384d9279efb016677b95610e1206ec6aeb1f9b6bac8355d33768ef17c200c2a77aeb5a20286ba29eeb45a00b18cabe3f90ac9545dd4b96a749ebd48ae98
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.12
+            IsCertificateAuthority: true
+            SerialNumber: 300f6facdd6698747ca94636a7782db9
+            Version: 3
+            TBS:
+                MD5: 63499ed59a1293b786649470e4ce0bd7
+                SHA1: 7309d8eaa65da1f3da7030c08f00a3b0a20fa908
+                SHA256: 8c8d2046b29e792e71b28705fe67c435208a336dde074a75452d98e72c734937
+                SHA384: 5dbc5eae13908fee4c4e5216f87e3e87208fff0d1052f5fa9f0856a429d6a6c422c625f2318f2f29aea26ece09c1e811
+        -   Subject: 'C=GB, ST=Manchester, O=Sectigo Limited, CN=Sectigo RSA Time
+                Stamping Signer #3'
+            ValidFrom: '2022-05-11 00:00:00'
+            ValidTo: '2033-08-10 23:59:59'
+            Signature: 73daed6872cbc2b940a131bbb403a32d147b24e7b45b157da8e9fdadd1920d7c3d36a069d9f39a30daac69d67457243f7e0f3cd9f5c379256c26e88d6893cef17789397fa80405da34c314ea9f0854abffc47e966c2bd394ebb46ce0454d2cb2f73b3b5ab5c1fbd789756d987272f6f70728f3d3b2d0eb19be152c78efcd45a000e4f80476bb57c590be775490749e0b4f4dc4aa138f97af01352bcb9b1178e9f2f989043c4ee3821262ebb4440c7541c20f34b8889dc822f1136adb182f6e78adc405b4e884089307f97d83fe689834e477e5b1ce8c946cdb036d2805477e9b2ef064fbdba40331107c1afb3c1980d10b70b9555f47be3964ceb7da235432e346b232d8d22986c9155d8095af02fbb4d12e9d387c35e00f1ced1b47489c226a5582d9f2ba086503e5f129f3488a09014ca679f2a2b61a9994eb9728e1be7d1ba17ced5680a6f4223390e48453fc2afac0a797a8eab58d7acee4e04ba133ab0b76a0d56916b78e66bf5ffa1fc4a87fa7a14814910d82fcbd4d99edc9e66c36fe774399b8692d7c612feda3b049fe5bbe692491ff93fc5769924bd9053f6d8672d3a2d0c064d23a42c11a03fbd0ed9a21b83fafa6b25154d54cc5ca1f128d57c639ed5cffec9f2676ad646667e8aa30e0d2adb77db16a41276e038aa374e08a09826ebfe3f6b7bc9e0b29186881a19c3f6e16594b1409099ae6aebf6015dd86f5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.12
+            IsCertificateAuthority: false
+            SerialNumber: 0090397f9ad24a3a13f2bd915f0838a943
+            Version: 3
+            TBS:
+                MD5: 26ec2c9bfcb06fdf8a6d95f2c616fd72
+                SHA1: 635466f1432046f6fd338624c068872ab6488b12
+                SHA256: 2219bd6adf84dc8f6f04833974d150f75f5ce79cbf85788a6f7efaa4a5205839
+                SHA384: 62d3259a3af5706e5bd6ca3f7ca35c0978253facbf7bee54f61d6afdd548e39e435fb55f952dbf8ed2bd6ee0c6b69660
+        Signer:
+        -   SerialNumber: 5f9e06262d2eed425c886a4709350426
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 63fd1582ac2edee50f7ec7eedde38ee8
+    LoadsDespiteHVCI: 'TRUE'
+-   Authentihash:
+        MD5: dab51577c44fda1574532847f4deb56c
+        SHA1: c7cb92f60ffe07d1c9bfa43ea1213f8c8f766022
+        SHA256: 6ee267fc3d0ac2662a9cfdb0ed5a2354ee09ef4c218303f20350177cae125cf7
+    Company: Microsoft Corporation
+    Copyright: '? Microsoft Corporation. All rights reserved.'
+    CreationTimestamp: '2023-03-30 04:24:09'
+    Date: ''
+    Description: Windows GUI symbolic debugger
+    ExportedFunctions: ''
+    FileVersion: 10.0.19041.685 (WinBuild.160101.0800)
+    Filename: windbg.sys
+    ImportedFunctions:
+    - IoDeleteDevice
+    - IoDetachDevice
+    - memcpy
+    - memset
+    - ZwClose
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - ObOpenObjectByPointer
+    - PsProcessType
+    - PsLookupProcessByProcessId
+    - MmGetSystemRoutineAddress
+    - RtlInitUnicodeString
+    - IofCallDriver
+    - PsGetCurrentProcessId
+    - IoGetLowerDeviceObject
+    - ObfDereferenceObject
+    - IoGetAttachedDeviceReference
+    - IoUnregisterShutdownNotification
+    - KeDelayExecutionThread
+    - IoAttachDeviceToDeviceStackSafe
+    - IoCreateDevice
+    - IoEnumerateDeviceObjectList
+    - IoRegisterShutdownNotification
+    - IoUnregisterFsRegistrationChange
+    - IoRegisterFsRegistrationChange
+    - _vsnwprintf
+    - PsGetVersion
+    - ZwAllocateVirtualMemory
+    - MmUnmapLockedPages
+    - IoFreeMdl
+    - MmMapLockedPages
+    - MmBuildMdlForNonPagedPool
+    - MmCreateMdl
+    - ZwReadFile
+    - ZwQueryInformationFile
+    - IoCreateFile
+    - _wcsicmp
+    - _wcsnicmp
+    - RtlEqualUnicodeString
+    - ZwWriteFile
+    - ZwFlushKey
+    - ZwSetValueKey
+    - ZwQueryValueKey
+    - RtlRandom
+    - KeQuerySystemTime
+    - ZwDeleteKey
+    - ZwOpenKey
+    - ZwEnumerateKey
+    - IoFreeIrp
+    - KeSetEvent
+    - KeWaitForSingleObject
+    - KeGetCurrentThread
+    - KeInitializeEvent
+    - IoAllocateIrp
+    - IoGetRelatedDeviceObject
+    - ObReferenceObjectByHandle
+    - IoFileObjectType
+    - ObQueryNameString
+    - RtlCopyUnicodeString
+    - MmIsAddressValid
+    - PsGetProcessPeb
+    - RtlCreateUnicodeString
+    - ZwDeleteValueKey
+    - ZwCreateKey
+    - RtlFreeUnicodeString
+    - ZwDeleteFile
+    - PsRemoveLoadImageNotifyRoutine
+    - CmUnRegisterCallback
+    - PsSetLoadImageNotifyRoutine
+    - CmRegisterCallback
+    - ObReferenceObjectByName
+    - ZwFreeVirtualMemory
+    - ZwWaitForSingleObject
+    - KeUnstackDetachProcess
+    - KeStackAttachProcess
+    - ZwDuplicateObject
+    - PsGetProcessSessionId
+    - _strnicmp
+    - RtlSubAuthoritySid
+    - RtlSubAuthorityCountSid
+    - ZwQueryInformationToken
+    - ZwOpenProcessTokenEx
+    - PsTerminateSystemThread
+    - PsThreadType
+    - PsCreateSystemThread
+    - KeTickCount
+    - KeBugCheckEx
+    - _vsnprintf
+    - strncmp
+    - strchr
+    - strncpy
+    - strstr
+    - ExAllocatePool
+    - _stricmp
+    - rand
+    - ZwCreateFile
+    - IoBuildDeviceIoControlRequest
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - _allshl
+    - RtlUnwind
+    Imports:
+    - ntoskrnl.exe
+    InternalName: windbg.sys
+    MD5: 093a2a635c3a27aac50efd6463f4efa1
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: windbg.sys
+    Product: Microsoft? Windows? Operating System
+    ProductVersion: 10.0.19041.685
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: e1c6e942db6887e4c9e630b5bb75c313
+        SHA1: e703cd9718363d923287424967d01ca57fc8a842
+        SHA256: 8afa5d95d504001486a7641c204a06b483d2cf4f3b4ed072606cc05759996d9d
+    SHA1: b34a012887ddab761b2298f882858fa1ff4d99f1
+    SHA256: 5b932eab6c67f62f097a3249477ac46d80ddccdc52654f8674060b4ddf638e5d
+    Sections:
+        .text:
+            Entropy: 6.5601743726896915
+            Virtual Size: '0xcf52'
+        .rdata:
+            Entropy: 7.956474654695534
+            Virtual Size: '0xdc5e4'
+        .data:
+            Entropy: 2.3758735106170197
+            Virtual Size: '0x2420'
+        INIT:
+            Entropy: 5.700732148931988
+            Virtual Size: '0xa1a'
+        .rsrc:
+            Entropy: 3.337476767732356
+            Virtual Size: '0x400'
+        .reloc:
+            Entropy: 3.4327474207821553
+            Virtual Size: '0x144e'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: ??=CN, ??=, ??=, ??=Private Organization, serialNumber=91420100MA4KN92W72,
+                C=CN, ST=, L=, O=Wuhan Jiajia Yiyong Technology Co., Ltd., CN=Wuhan
+                Jiajia Yiyong Technology Co., Ltd.
+            ValidFrom: '2020-11-17 00:00:00'
+            ValidTo: '2023-11-12 23:59:59'
+            Signature: 9451eb3eee03a01f0c66d87dc537eb17f37bc157ec9037c05a55ee4a3d0c207c67b981841c2b642084bca0a3c65f8e8eb5413f3e897b267aad91044c4098319a1f703fa995afdc53896d20245af8c2829e80081d36135ac1acb414bf966fd0af157b3fc2dac8f616f2b794a76b0fb7b300db0c579f093e31dd739b43f09fb7a73c6c914d8453032ea14950246e80abfc7fbaff2597ab68b6f03d30d97edbee25c0e2786040a1770e26661867920f3b01132c4ac5dc9ef97ae59e7baad68fe1b2b12acc7ed54697e9d4025ced62ac9dca82104ac7dd8219b331fcbed72aab33b95fed0ef6a1f9831c8b68457be6b080ae3c9ae15df500a53b7b2a198ee71abd1b
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 012eab44fa8853d913e7107c89406432
+            Version: 3
+            TBS:
+                MD5: 5d40693a8cfc4fd21f0c610ed3ee8477
+                SHA1: 4dffeb59ea4c32c7b87c9fe44d55f5e622444824
+                SHA256: d7380ff1b3d400fdf8cf2d8ab18ac65a071ae51c83cce017fa236fb530c4af74
+                SHA384: 9feb1b57516ca5131bb53e05cfc2c1d1df028761ede93e58f42026a9781507a72e28bb2aca693c72f29da7f0421f45bc
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA
+            ValidFrom: '2012-04-18 12:00:00'
+            ValidTo: '2027-04-18 12:00:00'
+            Signature: 9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0dd0e3374ac95bdbfa6b434b2a48ec06
+            Version: 3
+            TBS:
+                MD5: f92649915476229b093c211c2b18e6c4
+                SHA1: 2d54c16a8f8b69ccdea48d0603c132f547a5cf75
+                SHA256: 2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
+                SHA384: 511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace
+        Signer:
+        -   SerialNumber: 012eab44fa8853d913e7107c89406432
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA
+            Version: 1
+    Imphash: f8e4844312e81dbdb4e8e95e2ad2c127
+    LoadsDespiteHVCI: 'TRUE'
+-   Authentihash:
+        MD5: 98a3ab2b723de48256701b417ff87a65
+        SHA1: ff80d6663a92ff454526e88847cbb4d9bd00e21e
+        SHA256: 79278979d9300670d1084493bbc03ae374efc5ab02850941e85753885fa88e47
+    Company: Microsoft Corporation
+    Copyright: '? Microsoft Corporation. All rights reserved.'
+    CreationTimestamp: '2023-03-30 04:23:58'
+    Date: ''
+    Description: Windows GUI symbolic debugger
+    ExportedFunctions: ''
+    FileVersion: 10.0.19041.685 (WinBuild.160101.0800)
+    Filename: windbg.sys
+    ImportedFunctions:
+    - ExAllocatePoolWithTag
+    - PsProcessType
+    - IoGetLowerDeviceObject
+    - ExFreePoolWithTag
+    - IoRegisterShutdownNotification
+    - IoAttachDeviceToDeviceStackSafe
+    - PsLookupProcessByProcessId
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - MmGetSystemRoutineAddress
+    - IoDetachDevice
+    - KeDelayExecutionThread
+    - IoUnregisterShutdownNotification
+    - ZwClose
+    - IoGetAttachedDeviceReference
+    - PsGetCurrentProcessId
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - IoEnumerateDeviceObjectList
+    - IoUnregisterFsRegistrationChange
+    - ObOpenObjectByPointer
+    - IoRegisterFsRegistrationChange
+    - IofCallDriver
+    - MmUnmapLockedPages
+    - _wcsicmp
+    - PsGetProcessPeb
+    - ZwCreateKey
+    - RtlCreateUnicodeString
+    - MmMapLockedPages
+    - PsSetLoadImageNotifyRoutine
+    - _wcsnicmp
+    - ZwReadFile
+    - IoGetRelatedDeviceObject
+    - KeSetEvent
+    - IoCreateFile
+    - KeInitializeEvent
+    - ZwDeleteValueKey
+    - ZwSetValueKey
+    - RtlEqualUnicodeString
+    - MmBuildMdlForNonPagedPool
+    - IoFreeMdl
+    - RtlFreeUnicodeString
+    - ObQueryNameString
+    - IoFileObjectType
+    - ZwQueryValueKey
+    - _vsnwprintf
+    - RtlRandom
+    - ObReferenceObjectByHandle
+    - KeWaitForSingleObject
+    - PsRemoveLoadImageNotifyRoutine
+    - ZwFlushKey
+    - MmCreateMdl
+    - IoFreeIrp
+    - ZwDeleteFile
+    - PsGetVersion
+    - IoAllocateIrp
+    - CmRegisterCallback
+    - RtlCopyUnicodeString
+    - MmIsAddressValid
+    - CmUnRegisterCallback
+    - ZwQueryInformationFile
+    - ZwWriteFile
+    - ZwDeleteKey
+    - ZwEnumerateKey
+    - ZwAllocateVirtualMemory
+    - ZwOpenKey
+    - KeUnstackDetachProcess
+    - ZwWaitForSingleObject
+    - ZwFreeVirtualMemory
+    - PsGetProcessSessionId
+    - ZwDuplicateObject
+    - ObReferenceObjectByName
+    - KeStackAttachProcess
+    - RtlSubAuthoritySid
+    - _strnicmp
+    - ZwOpenProcessTokenEx
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - PsThreadType
+    - RtlSubAuthorityCountSid
+    - ZwQueryInformationToken
+    - KeBugCheckEx
+    - strncmp
+    - strstr
+    - strchr
+    - strncpy
+    - _vsnprintf
+    - rand
+    - _stricmp
+    - ExAllocatePool
+    - IoBuildDeviceIoControlRequest
+    - ZwCreateFile
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - __C_specific_handler
+    Imports:
+    - ntoskrnl.exe
+    InternalName: windbg.sys
+    MD5: 844af8c877f5da723c1b82cf6e213fc1
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: windbg.sys
+    Product: Microsoft? Windows? Operating System
+    ProductVersion: 10.0.19041.685
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 0b8725117e665d5272218cb41038327d
+        SHA1: a6dde20a0c8ba6cfe531ce1a57035b8d7b3d900a
+        SHA256: b54213d1248761579f5f569ab7e32402dd88a12622377d381f7eb55d4f4eb053
+    SHA1: 4f2d9a70ea24121ae01df8a76ffba1f9cc0fde4a
+    SHA256: 6994b32e3f3357f4a1d0abe81e8b62dd54e36b17816f2f1a80018584200a1b77
+    Sections:
+        .text:
+            Entropy: 6.316212989532183
+            Virtual Size: '0xf332'
+        .rdata:
+            Entropy: 7.924187513971753
+            Virtual Size: '0x1100cc'
+        .data:
+            Entropy: 1.4059711626373768
+            Virtual Size: '0x2608'
+        .pdata:
+            Entropy: 4.843716813714921
+            Virtual Size: '0x6d8'
+        INIT:
+            Entropy: 5.256170796244334
+            Virtual Size: '0xb70'
+        .rsrc:
+            Entropy: 3.333432129597516
+            Virtual Size: '0x400'
+        .reloc:
+            Entropy: 1.3463891478457575
+            Virtual Size: '0x174'
+    Signature: ''
+    Signatures: {}
+    Imphash: 3db9de43d5d530c10d0cd2d43c7a0771
+    LoadsDespiteHVCI: 'TRUE'
+-   Authentihash:
+        MD5: 75c70824590d4db183418c7fd9e47d2d
+        SHA1: 1ccd8bc3104fe1654806752e1e6730d3ee0b4ee4
+        SHA256: e7e7824d611527b67fc36128da1b35d9b8ce3ffdab3fb96e3dbabd6e9c9570c0
+    Company: Microsoft Corporation
+    Copyright: '? Microsoft Corporation. All rights reserved.'
+    CreationTimestamp: '2023-03-08 03:14:00'
+    Date: ''
+    Description: Windows GUI symbolic debugger
+    ExportedFunctions: ''
+    FileVersion: 10.0.19041.685 (WinBuild.160101.0800)
+    Filename: windbg.sys
+    ImportedFunctions:
+    - ExAllocatePoolWithTag
+    - PsProcessType
+    - IoGetLowerDeviceObject
+    - ExFreePoolWithTag
+    - IoRegisterShutdownNotification
+    - IoAttachDeviceToDeviceStackSafe
+    - PsLookupProcessByProcessId
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - MmGetSystemRoutineAddress
+    - IoDetachDevice
+    - KeDelayExecutionThread
+    - IoUnregisterShutdownNotification
+    - ZwClose
+    - IoGetAttachedDeviceReference
+    - PsGetCurrentProcessId
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - IoEnumerateDeviceObjectList
+    - IoUnregisterFsRegistrationChange
+    - ObOpenObjectByPointer
+    - IoRegisterFsRegistrationChange
+    - IofCallDriver
+    - MmUnmapLockedPages
+    - _wcsicmp
+    - PsGetProcessPeb
+    - ZwCreateKey
+    - RtlCreateUnicodeString
+    - MmMapLockedPages
+    - PsSetLoadImageNotifyRoutine
+    - _wcsnicmp
+    - ZwReadFile
+    - IoCreateFile
+    - ZwDeleteValueKey
+    - ZwSetValueKey
+    - RtlEqualUnicodeString
+    - MmBuildMdlForNonPagedPool
+    - IoFreeMdl
+    - RtlFreeUnicodeString
+    - ObQueryNameString
+    - ZwQueryValueKey
+    - _vsnwprintf
+    - RtlRandom
+    - PsRemoveLoadImageNotifyRoutine
+    - ZwFlushKey
+    - MmCreateMdl
+    - ZwDeleteFile
+    - PsGetVersion
+    - CmRegisterCallback
+    - RtlCopyUnicodeString
+    - MmIsAddressValid
+    - CmUnRegisterCallback
+    - ZwQueryInformationFile
+    - ZwWriteFile
+    - ZwDeleteKey
+    - ZwEnumerateKey
+    - ZwAllocateVirtualMemory
+    - ZwOpenKey
+    - KeUnstackDetachProcess
+    - ZwWaitForSingleObject
+    - ZwFreeVirtualMemory
+    - PsGetProcessSessionId
+    - ZwDuplicateObject
+    - ObReferenceObjectByName
+    - KeStackAttachProcess
+    - RtlSubAuthoritySid
+    - _strnicmp
+    - KeSetEvent
+    - KeInitializeEvent
+    - ZwOpenProcessTokenEx
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - ObReferenceObjectByHandle
+    - KeWaitForSingleObject
+    - PsThreadType
+    - RtlSubAuthorityCountSid
+    - ZwQueryInformationToken
+    - KeBugCheckEx
+    - strncmp
+    - strstr
+    - strchr
+    - strncpy
+    - _vsnprintf
+    - rand
+    - _stricmp
+    - ExAllocatePool
+    - IoBuildDeviceIoControlRequest
+    - IoGetRelatedDeviceObject
+    - ZwCreateFile
+    - IoFreeIrp
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - __C_specific_handler
+    Imports:
+    - ntoskrnl.exe
+    InternalName: windbg.sys
+    MD5: 2ec877e425bd7eddb663627216e3491e
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: windbg.sys
+    Product: Microsoft? Windows? Operating System
+    ProductVersion: 10.0.19041.685
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 57462998048f7ee977ca73cacd0a8a2a
+        SHA1: f1a4626b2b16389bf879d451c63ff53bca825d23
+        SHA256: 9e96e39a30076c985ce6aa3547b8279c8f471122a0b25bebde5a189d9795d427
+    SHA1: d4f5323da704ff2f25d6b97f38763c147f2a0e6f
+    SHA256: 32882949ea084434a376451ff8364243a50485a3b4af2f2240bb5f20c164543d
+    Sections:
+        .text:
+            Entropy: 6.3276248460048405
+            Virtual Size: '0xee62'
+        .rdata:
+            Entropy: 7.875642919708588
+            Virtual Size: '0x116164'
+        .data:
+            Entropy: 1.4228529560727312
+            Virtual Size: '0x2608'
+        .pdata:
+            Entropy: 4.838191412178099
+            Virtual Size: '0x6b4'
+        INIT:
+            Entropy: 5.354478421940713
+            Virtual Size: '0xb3c'
+        .rsrc:
+            Entropy: 3.337476767732356
+            Virtual Size: '0x400'
+        .reloc:
+            Entropy: 1.3463891478457575
+            Virtual Size: '0x174'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=CN, ST=Shandong, L=Binzhou, O=Binzhoushi Yongyu Feed Co.,LTd.,
+                CN=Binzhoushi Yongyu Feed Co.,LTd.
+            ValidFrom: '2014-01-17 00:00:00'
+            ValidTo: '2016-01-17 23:59:59'
+            Signature: 565de91bd9b0bbefe729b5e1a4070c18ee9855ad678967425dd8f4284cdd54fd20affa0449eb2061c26c0720e6b64ee7323461482ad375a2223074f1d41c96b48249ef810d1dc390b89890e703a407c05c7f5d8670573f22dcf7aa210b6d35793423e62a015309d1b37bc59664c32778d78bda41c215a9db9f13c95d922b5d2c0a798b3a642f50cc1aa12db6a398ab2741ce185e65d24ecbcad0d2309cf28530ae4c2ab4207dd35168d612ba3974230fd8d6121f4a9bd47b8ccb5e431f56e7b7f31e879a0f905dc16d1b73f0aa3ef9aeef75a471c09d484c1f474f97fcae827f29cedbd9f022d3e14a1d7ed7792a62b581f58e5e74c5eae41a32b9cc1da2f889
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 5d11784fb81765023f89a4f4243fe1a9
+            Version: 3
+            TBS:
+                MD5: b5ff0da6f1d327dca52b08e9c7c8d439
+                SHA1: c7acfdfc234a3bb37535cbe2785d9202b4b0a10c
+                SHA256: 80a8f0e8652dcea59596b4238f4c2d9f0212a25ea7434fde70a68a202b7ed0b1
+                SHA384: 5cb5027c847cd97082d64888db37cd3fed2ce3663ae3c7466d16887661fb8772f84f9a756782bd9eadde048ceb0f3773
+        -   Subject: C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 56fe535ce1c79ebca7ed7e536d6a144b518c405e805faaa4e82fef38c804c9ca3ecfdf3a584eb0d4b663c52957fa02059a454d68db2a1bd4343d9f00c35acb9549a56ee1b0c5fc414d414a6fd377c8d7388de419de18f31f1565836d450c53f90a9a2ea55dbf6f32811892196a5500ad631c52067e55d92968ae4a7c189a79886b2323d827382a298776cafbc7b662231fed7a564cdd9c325bf53d0c4618953b2a2368836441d9006d0f1924156872bdc571676eac4cdb90eb51a51a6207d0be6a00473c722fec4f613e7385ce5a0ab7bac01c1375e3223928dd6d1d09469d4fbae8408191c6a4ce94721b01cf2a6e15679589ae7db7b7cdf90a3d75b66b3c25
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47974d7873a5bcab0d2fb370192fce5e
+            Version: 3
+            TBS:
+                MD5: e3a93dc2a8a8a668fdbb286bfe9afab5
+                SHA1: 95795d2aa2a554a423bc8c6e5b0a016d14887d35
+                SHA256: d8844186775bddbccaf3dc017064df7d760fd4b85c5d07561a3efd7da950f89e
+                SHA384: 78d972495720b43a6470b18ae1226bcca20707628087717a9364c14ca053ba264e6d149718b103542d9942200138a69d
+        -   Subject: C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c)
+                2006 thawte, Inc. , For authorized use only, CN=thawte Primary Root
+                CA
+            ValidFrom: '2011-02-22 19:31:57'
+            ValidTo: '2021-02-22 19:41:57'
+            Signature: 2dcc71b5e8ba94ff5ee64467007b6afc412c3ee70e41855ab12a932ba95b89f2f72b499c8003f297b8e760a80ed7fd5de545467594f4ed1c9de166228b61fb29f2c6a8bdf387c98f7f47e1c058b64a1aa2e7f718606969e083069e26c775c40c0d79da746b52b9fae8ea3359b9bb18dd291a14dfd36a37277a9da0dacffffc22c4faf009ff33e93e17ba1cc742cfce2743d30c0c5581303db96060ce02ece19ee81ddc852ce0a18d966d95ac17a4713ea16741b6281d2ce3b615e5b7e5a2f6256d86e320acf9f8314f8e629b9833376d6af735523e90feb03b5fc5b852a9e06ea0479a279e97aea24a9e531939ec357ec659de3ae0aaf533f06abda0821812dea18c4570ca2bd62e959145995a5c240049bd23b30ceca43df5b9e1d1b1825a38eea3fba1ab483a8c5dffa065223fd3d3fe4990db1446a3852e8a554b09ab38b2ab63a008d1fdad48e273d812bcc26ca516fad09ac05e38383a2b718e553aac42197a1f0d4220e7ab5d8c6880524ca1c0d488d02321fb901309007b4937afa9df486022abf4f6c2363bf8513c34bbc586e43ae19f4b90fe5461024b159c34176aa94b8d4cb69d2326c83af1d6b805cdda1d6240183a2f1b41cd3a993a0aa9d1d77eb8c4aff7b8c980105ed55df6ce7a9a02c50f6381efb564e9fc5bd8d2619a68c37cf9c78df91e87d5fa2cf816ae9dab068fc86dc741cda14e84e3dac26ebcfb
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611fb0a400000000001d
+            Version: 3
+            TBS:
+                MD5: a3f222107d4e1085e73b5b589c2f480b
+                SHA1: b94aa26cd77c48d91a53ac44506cbd255e1d362c
+                SHA256: a39ed0d6fd4eb1a6f7fed60f726e23eae668b7591bc004644625d22c701213fa
+                SHA384: 64b7643e4146016cbf83c911eb67e4601b6bb8d66f8ee8dcee67b815f91770d86ab23678b984430f22a963e5484881b7
+        Signer:
+        -   SerialNumber: 5d11784fb81765023f89a4f4243fe1a9
+            Issuer: C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2
+            Version: 1
+    Imphash: 63fd1582ac2edee50f7ec7eedde38ee8
+    LoadsDespiteHVCI: 'TRUE'
+-   Authentihash:
+        MD5: c12f9f4027088d2ca69b2d2fec33131b
+        SHA1: f73aa876791246fb7486214e4d3f81a0d375e649
+        SHA256: 88b901ce8ee199bc371e9cf39ab5375d31c6881a25ba5827e9b32ba7946ecda1
+    Company: Microsoft Corporation
+    Copyright: '? Microsoft Corporation. All rights reserved.'
+    CreationTimestamp: '2023-03-09 06:55:38'
+    Date: ''
+    Description: Windows GUI symbolic debugger
+    ExportedFunctions: ''
+    FileVersion: 10.0.19041.685 (WinBuild.160101.0800)
+    Filename: windbg.sys
+    ImportedFunctions:
+    - ExAllocatePoolWithTag
+    - ExAllocatePool
+    - NtQuerySystemInformation
+    - ExFreePoolWithTag
+    - IoAllocateMdl
+    - MmProbeAndLockPages
+    - MmMapLockedPagesSpecifyCache
+    - MmUnlockPages
+    - IoFreeMdl
+    - KeQueryActiveProcessors
+    - KeSetSystemAffinityThread
+    - KeRevertToUserAffinityThread
+    - DbgPrint
+    - KeQueryPerformanceCounter
+    Imports:
+    - ntoskrnl.exe
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: windbg.sys
+    MD5: 0023ca0ca16a62d93ef51f3df98b2f94
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: windbg.sys
+    Product: Microsoft? Windows? Operating System
+    ProductVersion: 10.0.19041.685
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: ffdf660eb1ebf020a1d0a55a90712dfb
+        SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
+        SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
+    SHA1: 97812f334a077c40e8e642bb9872ac2c49ddb9a2
+    SHA256: 50819a1add4c81c0d53203592d6803f022443440935ff8260ff3b6d5253c0c76
+    Sections:
+        .text:
+            Entropy: 0.0
+            Virtual Size: '0xecf2'
+        .rdata:
+            Entropy: 0.0
+            Virtual Size: '0x11139c'
+        .data:
+            Entropy: 0.0
+            Virtual Size: '0x2608'
+        .pdata:
+            Entropy: 0.0
+            Virtual Size: '0x6a8'
+        INIT:
+            Entropy: 0.0
+            Virtual Size: '0xb3c'
+        .%V,:
+            Entropy: 0.0
+            Virtual Size: '0x2f1e75'
+        .vK6:
+            Entropy: 0.44041120165049624
+            Virtual Size: '0x410'
+        .ubd:
+            Entropy: 7.791669802177395
+            Virtual Size: '0x66d38c'
+        .reloc:
+            Entropy: 3.688528320309426
+            Virtual Size: '0xf0'
+        .rsrc:
+            Entropy: 3.3574600171780125
+            Virtual Size: '0x3f8'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: ??=CN, ??=, ??=, ??=Private Organization, serialNumber=91420100MA4KN92W72,
+                C=CN, ST=, L=, O=Wuhan Jiajia Yiyong Technology Co., Ltd., CN=Wuhan
+                Jiajia Yiyong Technology Co., Ltd.
+            ValidFrom: '2020-11-17 00:00:00'
+            ValidTo: '2023-11-12 23:59:59'
+            Signature: 9451eb3eee03a01f0c66d87dc537eb17f37bc157ec9037c05a55ee4a3d0c207c67b981841c2b642084bca0a3c65f8e8eb5413f3e897b267aad91044c4098319a1f703fa995afdc53896d20245af8c2829e80081d36135ac1acb414bf966fd0af157b3fc2dac8f616f2b794a76b0fb7b300db0c579f093e31dd739b43f09fb7a73c6c914d8453032ea14950246e80abfc7fbaff2597ab68b6f03d30d97edbee25c0e2786040a1770e26661867920f3b01132c4ac5dc9ef97ae59e7baad68fe1b2b12acc7ed54697e9d4025ced62ac9dca82104ac7dd8219b331fcbed72aab33b95fed0ef6a1f9831c8b68457be6b080ae3c9ae15df500a53b7b2a198ee71abd1b
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 012eab44fa8853d913e7107c89406432
+            Version: 3
+            TBS:
+                MD5: 5d40693a8cfc4fd21f0c610ed3ee8477
+                SHA1: 4dffeb59ea4c32c7b87c9fe44d55f5e622444824
+                SHA256: d7380ff1b3d400fdf8cf2d8ab18ac65a071ae51c83cce017fa236fb530c4af74
+                SHA384: 9feb1b57516ca5131bb53e05cfc2c1d1df028761ede93e58f42026a9781507a72e28bb2aca693c72f29da7f0421f45bc
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA
+            ValidFrom: '2012-04-18 12:00:00'
+            ValidTo: '2027-04-18 12:00:00'
+            Signature: 9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0dd0e3374ac95bdbfa6b434b2a48ec06
+            Version: 3
+            TBS:
+                MD5: f92649915476229b093c211c2b18e6c4
+                SHA1: 2d54c16a8f8b69ccdea48d0603c132f547a5cf75
+                SHA256: 2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
+                SHA384: 511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace
+        Signer:
+        -   SerialNumber: 012eab44fa8853d913e7107c89406432
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA
+            Version: 1
+    Imphash: 6b387c029257f024a43a73f38afb2629
+    LoadsDespiteHVCI: 'TRUE'
+-   Authentihash:
+        MD5: 5d9b4ff04047d06a76354c7f7caa1e9e
+        SHA1: 6230645a707228e023d7fc9c5c86c340be05f9c3
+        SHA256: 28d3a5a85eef4561c4ad08fd83aca4f7a946f8dca8bfb7958a855a80197f68a6
+    Company: Microsoft Corporation
+    Copyright: '? Microsoft Corporation. All rights reserved.'
+    CreationTimestamp: '2023-03-30 04:23:58'
+    Date: ''
+    Description: Windows GUI symbolic debugger
+    ExportedFunctions: ''
+    FileVersion: 10.0.19041.685 (WinBuild.160101.0800)
+    Filename: windbg.sys
+    ImportedFunctions:
+    - ExAllocatePoolWithTag
+    - PsProcessType
+    - IoGetLowerDeviceObject
+    - ExFreePoolWithTag
+    - IoRegisterShutdownNotification
+    - IoAttachDeviceToDeviceStackSafe
+    - PsLookupProcessByProcessId
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - MmGetSystemRoutineAddress
+    - IoDetachDevice
+    - KeDelayExecutionThread
+    - IoUnregisterShutdownNotification
+    - ZwClose
+    - IoGetAttachedDeviceReference
+    - PsGetCurrentProcessId
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - IoEnumerateDeviceObjectList
+    - IoUnregisterFsRegistrationChange
+    - ObOpenObjectByPointer
+    - IoRegisterFsRegistrationChange
+    - IofCallDriver
+    - MmUnmapLockedPages
+    - _wcsicmp
+    - PsGetProcessPeb
+    - ZwCreateKey
+    - RtlCreateUnicodeString
+    - MmMapLockedPages
+    - PsSetLoadImageNotifyRoutine
+    - _wcsnicmp
+    - ZwReadFile
+    - IoGetRelatedDeviceObject
+    - KeSetEvent
+    - IoCreateFile
+    - KeInitializeEvent
+    - ZwDeleteValueKey
+    - ZwSetValueKey
+    - RtlEqualUnicodeString
+    - MmBuildMdlForNonPagedPool
+    - IoFreeMdl
+    - RtlFreeUnicodeString
+    - ObQueryNameString
+    - IoFileObjectType
+    - ZwQueryValueKey
+    - _vsnwprintf
+    - RtlRandom
+    - ObReferenceObjectByHandle
+    - KeWaitForSingleObject
+    - PsRemoveLoadImageNotifyRoutine
+    - ZwFlushKey
+    - MmCreateMdl
+    - IoFreeIrp
+    - ZwDeleteFile
+    - PsGetVersion
+    - IoAllocateIrp
+    - CmRegisterCallback
+    - RtlCopyUnicodeString
+    - MmIsAddressValid
+    - CmUnRegisterCallback
+    - ZwQueryInformationFile
+    - ZwWriteFile
+    - ZwDeleteKey
+    - ZwEnumerateKey
+    - ZwAllocateVirtualMemory
+    - ZwOpenKey
+    - KeUnstackDetachProcess
+    - ZwWaitForSingleObject
+    - ZwFreeVirtualMemory
+    - PsGetProcessSessionId
+    - ZwDuplicateObject
+    - ObReferenceObjectByName
+    - KeStackAttachProcess
+    - RtlSubAuthoritySid
+    - _strnicmp
+    - ZwOpenProcessTokenEx
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - PsThreadType
+    - RtlSubAuthorityCountSid
+    - ZwQueryInformationToken
+    - KeBugCheckEx
+    - strncmp
+    - strstr
+    - strchr
+    - strncpy
+    - _vsnprintf
+    - rand
+    - _stricmp
+    - ExAllocatePool
+    - IoBuildDeviceIoControlRequest
+    - ZwCreateFile
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - __C_specific_handler
+    Imports:
+    - ntoskrnl.exe
+    InternalName: windbg.sys
+    MD5: f69b06ca7c34d16f26ea1c6861edf62a
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: windbg.sys
+    Product: Microsoft? Windows? Operating System
+    ProductVersion: 10.0.19041.685
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 0b8725117e665d5272218cb41038327d
+        SHA1: a6dde20a0c8ba6cfe531ce1a57035b8d7b3d900a
+        SHA256: b54213d1248761579f5f569ab7e32402dd88a12622377d381f7eb55d4f4eb053
+    SHA1: fdbcebb6cafda927d384d7be2e8063a4377d884f
+    SHA256: 770f33259d6fb10f4a32d8a57d0d12953e8455c72bb7b60cb39ce505c507013a
+    Sections:
+        .text:
+            Entropy: 6.31593365316145
+            Virtual Size: '0xf332'
+        .rdata:
+            Entropy: 7.924187513971753
+            Virtual Size: '0x1100cc'
+        .data:
+            Entropy: 1.4059711626373768
+            Virtual Size: '0x2608'
+        .pdata:
+            Entropy: 4.843716813714921
+            Virtual Size: '0x6d8'
+        INIT:
+            Entropy: 5.256170796244334
+            Virtual Size: '0xb70'
+        .rsrc:
+            Entropy: 3.333432129597516
+            Virtual Size: '0x400'
+        .reloc:
+            Entropy: 1.3463891478457575
+            Virtual Size: '0x174'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: ??=CN, ??=, ??=, ??=Private Organization, serialNumber=91420100MA4KN92W72,
+                C=CN, ST=, L=, O=Wuhan Jiajia Yiyong Technology Co., Ltd., CN=Wuhan
+                Jiajia Yiyong Technology Co., Ltd.
+            ValidFrom: '2020-11-17 00:00:00'
+            ValidTo: '2023-11-12 23:59:59'
+            Signature: 9451eb3eee03a01f0c66d87dc537eb17f37bc157ec9037c05a55ee4a3d0c207c67b981841c2b642084bca0a3c65f8e8eb5413f3e897b267aad91044c4098319a1f703fa995afdc53896d20245af8c2829e80081d36135ac1acb414bf966fd0af157b3fc2dac8f616f2b794a76b0fb7b300db0c579f093e31dd739b43f09fb7a73c6c914d8453032ea14950246e80abfc7fbaff2597ab68b6f03d30d97edbee25c0e2786040a1770e26661867920f3b01132c4ac5dc9ef97ae59e7baad68fe1b2b12acc7ed54697e9d4025ced62ac9dca82104ac7dd8219b331fcbed72aab33b95fed0ef6a1f9831c8b68457be6b080ae3c9ae15df500a53b7b2a198ee71abd1b
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 012eab44fa8853d913e7107c89406432
+            Version: 3
+            TBS:
+                MD5: 5d40693a8cfc4fd21f0c610ed3ee8477
+                SHA1: 4dffeb59ea4c32c7b87c9fe44d55f5e622444824
+                SHA256: d7380ff1b3d400fdf8cf2d8ab18ac65a071ae51c83cce017fa236fb530c4af74
+                SHA384: 9feb1b57516ca5131bb53e05cfc2c1d1df028761ede93e58f42026a9781507a72e28bb2aca693c72f29da7f0421f45bc
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA
+            ValidFrom: '2012-04-18 12:00:00'
+            ValidTo: '2027-04-18 12:00:00'
+            Signature: 9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0dd0e3374ac95bdbfa6b434b2a48ec06
+            Version: 3
+            TBS:
+                MD5: f92649915476229b093c211c2b18e6c4
+                SHA1: 2d54c16a8f8b69ccdea48d0603c132f547a5cf75
+                SHA256: 2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
+                SHA384: 511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace
+        Signer:
+        -   SerialNumber: 012eab44fa8853d913e7107c89406432
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA
+            Version: 1
+    Imphash: 3db9de43d5d530c10d0cd2d43c7a0771
+    LoadsDespiteHVCI: 'TRUE'
+-   Authentihash:
+        MD5: 1584b06241f08d74434a452e798b2809
+        SHA1: 8eca36d54d04736f61f54285bcee8c30ed892553
+        SHA256: ff6108dd2017f9bc7ea93c43c1afbda0f1cc7b00f5afafb4ce3cf0a193e9598b
+    Company: Microsoft Corporation
+    Copyright: '? Microsoft Corporation. All rights reserved.'
+    CreationTimestamp: '2023-03-27 22:28:03'
+    Date: ''
+    Description: Windows GUI symbolic debugger
+    ExportedFunctions: ''
+    FileVersion: 10.0.19041.685 (WinBuild.160101.0800)
+    Filename: windbg.sys
+    ImportedFunctions:
+    - ExAllocatePoolWithTag
+    - PsProcessType
+    - IoGetLowerDeviceObject
+    - ExFreePoolWithTag
+    - IoRegisterShutdownNotification
+    - IoAttachDeviceToDeviceStackSafe
+    - PsLookupProcessByProcessId
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - MmGetSystemRoutineAddress
+    - IoDetachDevice
+    - KeDelayExecutionThread
+    - IoUnregisterShutdownNotification
+    - ZwClose
+    - IoGetAttachedDeviceReference
+    - PsGetCurrentProcessId
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - IoEnumerateDeviceObjectList
+    - IoUnregisterFsRegistrationChange
+    - ObOpenObjectByPointer
+    - IoRegisterFsRegistrationChange
+    - IofCallDriver
+    - MmUnmapLockedPages
+    - _wcsicmp
+    - PsGetProcessPeb
+    - ZwCreateKey
+    - RtlCreateUnicodeString
+    - MmMapLockedPages
+    - PsSetLoadImageNotifyRoutine
+    - _wcsnicmp
+    - ZwReadFile
+    - IoGetRelatedDeviceObject
+    - KeSetEvent
+    - IoCreateFile
+    - KeInitializeEvent
+    - ZwDeleteValueKey
+    - ZwSetValueKey
+    - RtlEqualUnicodeString
+    - MmBuildMdlForNonPagedPool
+    - IoFreeMdl
+    - RtlFreeUnicodeString
+    - ObQueryNameString
+    - IoFileObjectType
+    - ZwQueryValueKey
+    - _vsnwprintf
+    - RtlRandom
+    - ObReferenceObjectByHandle
+    - KeWaitForSingleObject
+    - PsRemoveLoadImageNotifyRoutine
+    - ZwFlushKey
+    - MmCreateMdl
+    - IoFreeIrp
+    - ZwDeleteFile
+    - PsGetVersion
+    - IoAllocateIrp
+    - CmRegisterCallback
+    - RtlCopyUnicodeString
+    - MmIsAddressValid
+    - CmUnRegisterCallback
+    - ZwQueryInformationFile
+    - ZwWriteFile
+    - ZwDeleteKey
+    - ZwEnumerateKey
+    - ZwAllocateVirtualMemory
+    - ZwOpenKey
+    - KeUnstackDetachProcess
+    - ZwWaitForSingleObject
+    - ZwFreeVirtualMemory
+    - PsGetProcessSessionId
+    - ZwDuplicateObject
+    - ObReferenceObjectByName
+    - KeStackAttachProcess
+    - RtlSubAuthoritySid
+    - _strnicmp
+    - ZwOpenProcessTokenEx
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - PsThreadType
+    - RtlSubAuthorityCountSid
+    - ZwQueryInformationToken
+    - KeBugCheckEx
+    - strncmp
+    - strstr
+    - strchr
+    - strncpy
+    - _vsnprintf
+    - rand
+    - _stricmp
+    - ExAllocatePool
+    - IoBuildDeviceIoControlRequest
+    - ZwCreateFile
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - __C_specific_handler
+    Imports:
+    - ntoskrnl.exe
+    InternalName: windbg.sys
+    MD5: e8eac6642b882a6196555539149c73f2
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: windbg.sys
+    Product: Microsoft? Windows? Operating System
+    ProductVersion: 10.0.19041.685
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 0b8725117e665d5272218cb41038327d
+        SHA1: a6dde20a0c8ba6cfe531ce1a57035b8d7b3d900a
+        SHA256: b54213d1248761579f5f569ab7e32402dd88a12622377d381f7eb55d4f4eb053
+    SHA1: 3825ebb0b0664b5f0789371240f65231693be37d
+    SHA256: 86047bb1969d1db455493955fd450d18c62a3f36294d0a6c3732c88dfbcc4f62
+    Sections:
+        .text:
+            Entropy: 6.316575464847126
+            Virtual Size: '0xf332'
+        .rdata:
+            Entropy: 7.924631486386995
+            Virtual Size: '0x1104dc'
+        .data:
+            Entropy: 1.4059711626373768
+            Virtual Size: '0x2608'
+        .pdata:
+            Entropy: 4.817825512018466
+            Virtual Size: '0x6d8'
+        INIT:
+            Entropy: 5.256170796244334
+            Virtual Size: '0xb70'
+        .rsrc:
+            Entropy: 3.333432129597516
+            Virtual Size: '0x400'
+        .reloc:
+            Entropy: 1.3463891478457575
+            Virtual Size: '0x174'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: ??=CN, ??=, ??=, ??=Private Organization, serialNumber=91420100MA4KN92W72,
+                C=CN, ST=, L=, O=Wuhan Jiajia Yiyong Technology Co., Ltd., CN=Wuhan
+                Jiajia Yiyong Technology Co., Ltd.
+            ValidFrom: '2020-11-17 00:00:00'
+            ValidTo: '2023-11-12 23:59:59'
+            Signature: 9451eb3eee03a01f0c66d87dc537eb17f37bc157ec9037c05a55ee4a3d0c207c67b981841c2b642084bca0a3c65f8e8eb5413f3e897b267aad91044c4098319a1f703fa995afdc53896d20245af8c2829e80081d36135ac1acb414bf966fd0af157b3fc2dac8f616f2b794a76b0fb7b300db0c579f093e31dd739b43f09fb7a73c6c914d8453032ea14950246e80abfc7fbaff2597ab68b6f03d30d97edbee25c0e2786040a1770e26661867920f3b01132c4ac5dc9ef97ae59e7baad68fe1b2b12acc7ed54697e9d4025ced62ac9dca82104ac7dd8219b331fcbed72aab33b95fed0ef6a1f9831c8b68457be6b080ae3c9ae15df500a53b7b2a198ee71abd1b
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 012eab44fa8853d913e7107c89406432
+            Version: 3
+            TBS:
+                MD5: 5d40693a8cfc4fd21f0c610ed3ee8477
+                SHA1: 4dffeb59ea4c32c7b87c9fe44d55f5e622444824
+                SHA256: d7380ff1b3d400fdf8cf2d8ab18ac65a071ae51c83cce017fa236fb530c4af74
+                SHA384: 9feb1b57516ca5131bb53e05cfc2c1d1df028761ede93e58f42026a9781507a72e28bb2aca693c72f29da7f0421f45bc
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA
+            ValidFrom: '2012-04-18 12:00:00'
+            ValidTo: '2027-04-18 12:00:00'
+            Signature: 9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0dd0e3374ac95bdbfa6b434b2a48ec06
+            Version: 3
+            TBS:
+                MD5: f92649915476229b093c211c2b18e6c4
+                SHA1: 2d54c16a8f8b69ccdea48d0603c132f547a5cf75
+                SHA256: 2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
+                SHA384: 511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace
+        Signer:
+        -   SerialNumber: 012eab44fa8853d913e7107c89406432
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA
+            Version: 1
+    Imphash: 3db9de43d5d530c10d0cd2d43c7a0771
+    LoadsDespiteHVCI: 'TRUE'
+-   Authentihash:
+        MD5: 1959eac3bb98c3032791b0dc6d662281
+        SHA1: f8df5fd765770a56c227c66b47edcf38f868ef33
+        SHA256: a0801ade5de44b65afb8c275e11e4d766ae64af1a5740ad4f1db1acc4e088774
+    Company: Microsoft Corporation
+    Copyright: '? Microsoft Corporation. All rights reserved.'
+    CreationTimestamp: '2023-03-30 04:23:58'
+    Date: ''
+    Description: Windows GUI symbolic debugger
+    ExportedFunctions: ''
+    FileVersion: 10.0.19041.685 (WinBuild.160101.0800)
+    Filename: windbg.sys
+    ImportedFunctions:
+    - ExAllocatePoolWithTag
+    - PsProcessType
+    - IoGetLowerDeviceObject
+    - ExFreePoolWithTag
+    - IoRegisterShutdownNotification
+    - IoAttachDeviceToDeviceStackSafe
+    - PsLookupProcessByProcessId
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - MmGetSystemRoutineAddress
+    - IoDetachDevice
+    - KeDelayExecutionThread
+    - IoUnregisterShutdownNotification
+    - ZwClose
+    - IoGetAttachedDeviceReference
+    - PsGetCurrentProcessId
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - IoEnumerateDeviceObjectList
+    - IoUnregisterFsRegistrationChange
+    - ObOpenObjectByPointer
+    - IoRegisterFsRegistrationChange
+    - IofCallDriver
+    - MmUnmapLockedPages
+    - _wcsicmp
+    - PsGetProcessPeb
+    - ZwCreateKey
+    - RtlCreateUnicodeString
+    - MmMapLockedPages
+    - PsSetLoadImageNotifyRoutine
+    - _wcsnicmp
+    - ZwReadFile
+    - IoGetRelatedDeviceObject
+    - KeSetEvent
+    - IoCreateFile
+    - KeInitializeEvent
+    - ZwDeleteValueKey
+    - ZwSetValueKey
+    - RtlEqualUnicodeString
+    - MmBuildMdlForNonPagedPool
+    - IoFreeMdl
+    - RtlFreeUnicodeString
+    - ObQueryNameString
+    - IoFileObjectType
+    - ZwQueryValueKey
+    - _vsnwprintf
+    - RtlRandom
+    - ObReferenceObjectByHandle
+    - KeWaitForSingleObject
+    - PsRemoveLoadImageNotifyRoutine
+    - ZwFlushKey
+    - MmCreateMdl
+    - IoFreeIrp
+    - ZwDeleteFile
+    - PsGetVersion
+    - IoAllocateIrp
+    - CmRegisterCallback
+    - RtlCopyUnicodeString
+    - MmIsAddressValid
+    - CmUnRegisterCallback
+    - ZwQueryInformationFile
+    - ZwWriteFile
+    - ZwDeleteKey
+    - ZwEnumerateKey
+    - ZwAllocateVirtualMemory
+    - ZwOpenKey
+    - KeUnstackDetachProcess
+    - ZwWaitForSingleObject
+    - ZwFreeVirtualMemory
+    - PsGetProcessSessionId
+    - ZwDuplicateObject
+    - ObReferenceObjectByName
+    - KeStackAttachProcess
+    - RtlSubAuthoritySid
+    - _strnicmp
+    - ZwOpenProcessTokenEx
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - PsThreadType
+    - RtlSubAuthorityCountSid
+    - ZwQueryInformationToken
+    - KeBugCheckEx
+    - strncmp
+    - strstr
+    - strchr
+    - strncpy
+    - _vsnprintf
+    - rand
+    - _stricmp
+    - ExAllocatePool
+    - IoBuildDeviceIoControlRequest
+    - ZwCreateFile
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - __C_specific_handler
+    Imports:
+    - ntoskrnl.exe
+    InternalName: windbg.sys
+    MD5: 5ebfc0af031130ba9de1d5d3275734b3
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: windbg.sys
+    Product: Microsoft? Windows? Operating System
+    ProductVersion: 10.0.19041.685
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 0b8725117e665d5272218cb41038327d
+        SHA1: a6dde20a0c8ba6cfe531ce1a57035b8d7b3d900a
+        SHA256: b54213d1248761579f5f569ab7e32402dd88a12622377d381f7eb55d4f4eb053
+    SHA1: 48f03a13b0f6d3d929a86514ce48a9352ffef5ad
+    SHA256: bb2422e96ea993007f25c71d55b2eddfa1e940c89e895abb50dd07d7c17ca1df
+    Sections:
+        .text:
+            Entropy: 6.315949532585678
+            Virtual Size: '0xf332'
+        .rdata:
+            Entropy: 7.924187513971753
+            Virtual Size: '0x1100cc'
+        .data:
+            Entropy: 1.4059711626373768
+            Virtual Size: '0x2608'
+        .pdata:
+            Entropy: 4.843716813714921
+            Virtual Size: '0x6d8'
+        INIT:
+            Entropy: 5.256170796244334
+            Virtual Size: '0xb70'
+        .rsrc:
+            Entropy: 3.333432129597516
+            Virtual Size: '0x400'
+        .reloc:
+            Entropy: 1.3463891478457575
+            Virtual Size: '0x174'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: ??=CN, ??=, ??=, ??=Private Organization, serialNumber=91420100MA4KN92W72,
+                C=CN, ST=, L=, O=Wuhan Jiajia Yiyong Technology Co., Ltd., CN=Wuhan
+                Jiajia Yiyong Technology Co., Ltd.
+            ValidFrom: '2020-11-17 00:00:00'
+            ValidTo: '2023-11-12 23:59:59'
+            Signature: 9451eb3eee03a01f0c66d87dc537eb17f37bc157ec9037c05a55ee4a3d0c207c67b981841c2b642084bca0a3c65f8e8eb5413f3e897b267aad91044c4098319a1f703fa995afdc53896d20245af8c2829e80081d36135ac1acb414bf966fd0af157b3fc2dac8f616f2b794a76b0fb7b300db0c579f093e31dd739b43f09fb7a73c6c914d8453032ea14950246e80abfc7fbaff2597ab68b6f03d30d97edbee25c0e2786040a1770e26661867920f3b01132c4ac5dc9ef97ae59e7baad68fe1b2b12acc7ed54697e9d4025ced62ac9dca82104ac7dd8219b331fcbed72aab33b95fed0ef6a1f9831c8b68457be6b080ae3c9ae15df500a53b7b2a198ee71abd1b
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 012eab44fa8853d913e7107c89406432
+            Version: 3
+            TBS:
+                MD5: 5d40693a8cfc4fd21f0c610ed3ee8477
+                SHA1: 4dffeb59ea4c32c7b87c9fe44d55f5e622444824
+                SHA256: d7380ff1b3d400fdf8cf2d8ab18ac65a071ae51c83cce017fa236fb530c4af74
+                SHA384: 9feb1b57516ca5131bb53e05cfc2c1d1df028761ede93e58f42026a9781507a72e28bb2aca693c72f29da7f0421f45bc
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA
+            ValidFrom: '2012-04-18 12:00:00'
+            ValidTo: '2027-04-18 12:00:00'
+            Signature: 9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0dd0e3374ac95bdbfa6b434b2a48ec06
+            Version: 3
+            TBS:
+                MD5: f92649915476229b093c211c2b18e6c4
+                SHA1: 2d54c16a8f8b69ccdea48d0603c132f547a5cf75
+                SHA256: 2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
+                SHA384: 511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace
+        Signer:
+        -   SerialNumber: 012eab44fa8853d913e7107c89406432
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA
+            Version: 1
+    Imphash: 3db9de43d5d530c10d0cd2d43c7a0771
+    LoadsDespiteHVCI: 'TRUE'
+-   Authentihash:
+        MD5: 98a3ab2b723de48256701b417ff87a65
+        SHA1: ff80d6663a92ff454526e88847cbb4d9bd00e21e
+        SHA256: 79278979d9300670d1084493bbc03ae374efc5ab02850941e85753885fa88e47
+    Company: Microsoft Corporation
+    Copyright: '? Microsoft Corporation. All rights reserved.'
+    CreationTimestamp: '2023-03-30 04:23:58'
+    Date: ''
+    Description: Windows GUI symbolic debugger
+    ExportedFunctions: ''
+    FileVersion: 10.0.19041.685 (WinBuild.160101.0800)
+    Filename: windbg.sys
+    ImportedFunctions:
+    - ExAllocatePoolWithTag
+    - PsProcessType
+    - IoGetLowerDeviceObject
+    - ExFreePoolWithTag
+    - IoRegisterShutdownNotification
+    - IoAttachDeviceToDeviceStackSafe
+    - PsLookupProcessByProcessId
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - MmGetSystemRoutineAddress
+    - IoDetachDevice
+    - KeDelayExecutionThread
+    - IoUnregisterShutdownNotification
+    - ZwClose
+    - IoGetAttachedDeviceReference
+    - PsGetCurrentProcessId
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - IoEnumerateDeviceObjectList
+    - IoUnregisterFsRegistrationChange
+    - ObOpenObjectByPointer
+    - IoRegisterFsRegistrationChange
+    - IofCallDriver
+    - MmUnmapLockedPages
+    - _wcsicmp
+    - PsGetProcessPeb
+    - ZwCreateKey
+    - RtlCreateUnicodeString
+    - MmMapLockedPages
+    - PsSetLoadImageNotifyRoutine
+    - _wcsnicmp
+    - ZwReadFile
+    - IoGetRelatedDeviceObject
+    - KeSetEvent
+    - IoCreateFile
+    - KeInitializeEvent
+    - ZwDeleteValueKey
+    - ZwSetValueKey
+    - RtlEqualUnicodeString
+    - MmBuildMdlForNonPagedPool
+    - IoFreeMdl
+    - RtlFreeUnicodeString
+    - ObQueryNameString
+    - IoFileObjectType
+    - ZwQueryValueKey
+    - _vsnwprintf
+    - RtlRandom
+    - ObReferenceObjectByHandle
+    - KeWaitForSingleObject
+    - PsRemoveLoadImageNotifyRoutine
+    - ZwFlushKey
+    - MmCreateMdl
+    - IoFreeIrp
+    - ZwDeleteFile
+    - PsGetVersion
+    - IoAllocateIrp
+    - CmRegisterCallback
+    - RtlCopyUnicodeString
+    - MmIsAddressValid
+    - CmUnRegisterCallback
+    - ZwQueryInformationFile
+    - ZwWriteFile
+    - ZwDeleteKey
+    - ZwEnumerateKey
+    - ZwAllocateVirtualMemory
+    - ZwOpenKey
+    - KeUnstackDetachProcess
+    - ZwWaitForSingleObject
+    - ZwFreeVirtualMemory
+    - PsGetProcessSessionId
+    - ZwDuplicateObject
+    - ObReferenceObjectByName
+    - KeStackAttachProcess
+    - RtlSubAuthoritySid
+    - _strnicmp
+    - ZwOpenProcessTokenEx
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - PsThreadType
+    - RtlSubAuthorityCountSid
+    - ZwQueryInformationToken
+    - KeBugCheckEx
+    - strncmp
+    - strstr
+    - strchr
+    - strncpy
+    - _vsnprintf
+    - rand
+    - _stricmp
+    - ExAllocatePool
+    - IoBuildDeviceIoControlRequest
+    - ZwCreateFile
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - __C_specific_handler
+    Imports:
+    - ntoskrnl.exe
+    InternalName: windbg.sys
+    MD5: 40b968ecdbe9e967d92c5da51c390eee
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: windbg.sys
+    Product: Microsoft? Windows? Operating System
+    ProductVersion: 10.0.19041.685
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 0b8725117e665d5272218cb41038327d
+        SHA1: a6dde20a0c8ba6cfe531ce1a57035b8d7b3d900a
+        SHA256: b54213d1248761579f5f569ab7e32402dd88a12622377d381f7eb55d4f4eb053
+    SHA1: b8b123a413b7bccfa8433deba4f88669c969b543
+    SHA256: 06c5ebd0371342d18bc81a96f5e5ce28de64101e3c2fd0161d0b54d8368d2f1f
+    Sections:
+        .text:
+            Entropy: 6.316212989532183
+            Virtual Size: '0xf332'
+        .rdata:
+            Entropy: 7.924187513971753
+            Virtual Size: '0x1100cc'
+        .data:
+            Entropy: 1.4059711626373768
+            Virtual Size: '0x2608'
+        .pdata:
+            Entropy: 4.843716813714921
+            Virtual Size: '0x6d8'
+        INIT:
+            Entropy: 5.256170796244334
+            Virtual Size: '0xb70'
+        .rsrc:
+            Entropy: 3.333432129597516
+            Virtual Size: '0x400'
+        .reloc:
+            Entropy: 1.3463891478457575
+            Virtual Size: '0x174'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Hardware Compatibility Publisher
+            ValidFrom: '2023-01-12 19:14:52'
+            ValidTo: '2023-12-15 19:14:52'
+            Signature: 5548d9042f4a8d4776b5fccbacda2e58d5161fb7932287aa5da1c9afaca15c230908ed96adeb0f6a86dc3972a85de00fb4d4db0a52394116887998fd673f57a0520fa1e39806b348e555cfe5a419c501a0fbfbdb79e88d37656735fa6cd56d5c465fe3871f5157e357d73956d4586bd50508522be7e24d2357d7ab53e3ae46d2d168e52d0d15761eaab962c36ee0791cabd33869f11f9512772261cda6249f16f85772116cc0585975600e5fe949e1a2bb85820ddf901b9e48ee805aacd1c826a1304916e2180de5d3ecc2fc0375d3a877ab8a058dda7e05aa91727523e579d17ce0dce414612d9b638b1ff5ad74d654c5b7e638a3cca372c5f51db638794ed6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 33000000f5e8773b206b1ccd610000000000f5
+            Version: 3
+            TBS:
+                MD5: bf6aed18e4c3fd6ac87330096df18117
+                SHA1: f96be504b875f1e63bf51eacc6768e4fdecddcc6
+                SHA256: 76c137a4dd29ebb1cb6a5d319d17e7049ad6d524f9de5d47c24c14b16a4f0720
+                SHA384: f1d9ab8315a45f1b96431b009f4b5c12cb4d05428d5b003a4100d4b31124799e8d70dbf72a47787657c42e198bbdff33
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2012
+            ValidFrom: '2012-04-18 23:48:38'
+            ValidTo: '2027-04-18 23:58:38'
+            Signature: 5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 610baac1000000000009
+            Version: 3
+            TBS:
+                MD5: a569061297e8e824767dbc3184a69bea
+                SHA1: adbb26a587a8f44b4fccaecb306f980d1c55a150
+                SHA256: cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46
+                SHA384: e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba
+        Signer:
+        -   SerialNumber: 33000000f5e8773b206b1ccd610000000000f5
+            Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2012
+            Version: 1
+    Imphash: 3db9de43d5d530c10d0cd2d43c7a0771
+    LoadsDespiteHVCI: 'TRUE'
+-   Authentihash:
+        MD5: 01788e7162863cfe7aeba0f040a6cc08
+        SHA1: ded2c02db6b5addf9d521361fd3657b2b6894a48
+        SHA256: 223b320fb86cd4a1019ce31ac6901ce6bc41792810bd995db232dad790398852
+    Company: Microsoft Corporation
+    Copyright: '? Microsoft Corporation. All rights reserved.'
+    CreationTimestamp: '2023-03-07 08:50:54'
+    Date: ''
+    Description: Windows GUI symbolic debugger
+    ExportedFunctions: ''
+    FileVersion: 10.0.19041.685 (WinBuild.160101.0800)
+    Filename: windbg.sys
+    ImportedFunctions:
+    - IoDeleteDevice
+    - IoDetachDevice
+    - memcpy
+    - memset
+    - ZwClose
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - ObOpenObjectByPointer
+    - PsProcessType
+    - PsLookupProcessByProcessId
+    - MmGetSystemRoutineAddress
+    - RtlInitUnicodeString
+    - IofCallDriver
+    - PsGetCurrentProcessId
+    - IoGetLowerDeviceObject
+    - ObfDereferenceObject
+    - IoGetAttachedDeviceReference
+    - IoUnregisterShutdownNotification
+    - KeDelayExecutionThread
+    - IoAttachDeviceToDeviceStackSafe
+    - IoCreateDevice
+    - IoEnumerateDeviceObjectList
+    - IoRegisterShutdownNotification
+    - IoUnregisterFsRegistrationChange
+    - IoRegisterFsRegistrationChange
+    - _vsnwprintf
+    - PsGetVersion
+    - ZwAllocateVirtualMemory
+    - MmUnmapLockedPages
+    - IoFreeMdl
+    - MmMapLockedPages
+    - MmBuildMdlForNonPagedPool
+    - MmCreateMdl
+    - ZwReadFile
+    - ZwQueryInformationFile
+    - IoCreateFile
+    - _wcsicmp
+    - _wcsnicmp
+    - RtlEqualUnicodeString
+    - ZwWriteFile
+    - ZwFlushKey
+    - ZwSetValueKey
+    - ZwQueryValueKey
+    - RtlRandom
+    - KeQuerySystemTime
+    - ZwDeleteKey
+    - ZwOpenKey
+    - ZwEnumerateKey
+    - ObQueryNameString
+    - RtlCopyUnicodeString
+    - MmIsAddressValid
+    - PsGetProcessPeb
+    - RtlCreateUnicodeString
+    - ZwDeleteValueKey
+    - ZwCreateKey
+    - RtlFreeUnicodeString
+    - ZwDeleteFile
+    - PsRemoveLoadImageNotifyRoutine
+    - CmUnRegisterCallback
+    - PsSetLoadImageNotifyRoutine
+    - CmRegisterCallback
+    - ObReferenceObjectByName
+    - ZwFreeVirtualMemory
+    - ZwWaitForSingleObject
+    - KeUnstackDetachProcess
+    - KeStackAttachProcess
+    - ZwDuplicateObject
+    - PsGetProcessSessionId
+    - _strnicmp
+    - RtlSubAuthoritySid
+    - RtlSubAuthorityCountSid
+    - ZwQueryInformationToken
+    - ZwOpenProcessTokenEx
+    - PsTerminateSystemThread
+    - KeWaitForSingleObject
+    - ObReferenceObjectByHandle
+    - PsThreadType
+    - PsCreateSystemThread
+    - KeInitializeEvent
+    - KeSetEvent
+    - KeTickCount
+    - KeBugCheckEx
+    - _vsnprintf
+    - strncmp
+    - strchr
+    - strncpy
+    - strstr
+    - ExAllocatePool
+    - _stricmp
+    - rand
+    - ZwCreateFile
+    - IoBuildDeviceIoControlRequest
+    - IoGetRelatedDeviceObject
+    - MmProbeAndLockPages
+    - IoFreeIrp
+    - IoAllocateMdl
+    - _allshl
+    - RtlUnwind
+    Imports:
+    - ntoskrnl.exe
+    InternalName: windbg.sys
+    MD5: c71be7b112059d2dc84c0f952e04e6cc
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: windbg.sys
+    Product: Microsoft? Windows? Operating System
+    ProductVersion: 10.0.19041.685
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: fcc2deab7e9faa5b1d77595feb500b14
+        SHA1: 986d82b450e146954da1d2aa002df555a2458878
+        SHA256: 8a1062d510272d9077cb3bc5a2afaeb4284c1d31bca2a87324830440d1165e6c
+    SHA1: 9ee31f1f25f675a12b7bad386244a9fbfa786a87
+    SHA256: 6661320f779337b95bbbe1943ee64afb2101c92f92f3d1571c1bf4201c38c724
+    Sections:
+        .text:
+            Entropy: 6.537204681444195
+            Virtual Size: '0xcbb8'
+        .rdata:
+            Entropy: 7.89986640817199
+            Virtual Size: '0xe2184'
+        .data:
+            Entropy: 2.3812541502696827
+            Virtual Size: '0x2420'
+        INIT:
+            Entropy: 5.640068534278057
+            Virtual Size: '0x9d4'
+        .rsrc:
+            Entropy: 3.3328333229060245
+            Virtual Size: '0x400'
+        .reloc:
+            Entropy: 3.325148925851967
+            Virtual Size: '0x143c'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=CN, ST=Guangdong, L=Shenzhen, O=Shenzhen Luyoudashi Technology
+                Co., Ltd., OU=Digital ID Class 3 , Microsoft Software Validation v2,
+                CN=Shenzhen Luyoudashi Technology Co., Ltd.
+            ValidFrom: '2014-05-06 00:00:00'
+            ValidTo: '2015-05-06 23:59:59'
+            Signature: 14a41c7ad5dc6309c5b0390f4dbdec058fab41138c90e8a92e5316495d46210a64a3573a304cb2d791c50f3815a2b7ed11057018158311d061080686a2bd6a0a3c9097161b98e46ab15267b3bbdbd76d43d1bc9a239a24e98a6673e1b1c6ca83230ce3862e0d422f113bb3b5fb2b9254346f40c810f6e0bbc7f137f22d0d272a150eac91baf8513472d277290dfc55c7d2b22003c0fccad9a29fbceeba1586efae4bd98de245bda466f7eca00673d4418f90609b9a6c5cbf1a25a3373f2744a3974cd0ba89f9d1b23a02058dd151c0fda03ffca6a40a6d91c7678b675996b5c0c63f491428684be2367b5a60048f3543b5ddf6ba5270bbe376f5e2b62b14fe6a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 5f9e06262d2eed425c886a4709350426
+            Version: 3
+            TBS:
+                MD5: e01323d4e9f20b9c042abdd9585d2d81
+                SHA1: d1fab71f563191354037fe0bb8bf73718c721e45
+                SHA256: 9db6a214ff40e20a9785ef23e93d98de1c0f3b018703c86e6c7cd0d4ade37a14
+                SHA384: 9977259d83cbe7a02e23c446aa606f37b48ab088e375bb4f09a356fdd3abfc114eb2d22305c3d9daeaa47be4fef9f16b
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        -   Subject: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo
+                RSA Time Stamping CA
+            ValidFrom: '2019-05-02 00:00:00'
+            ValidTo: '2038-01-18 23:59:59'
+            Signature: 6d5481a5335d16e1b553819175df037a320b2d258411b2b0db2a7d2a05f5bc3b27f45aa0b9495990296c61cbb550dbe27df99f00ef40c3add3e2e456f95841cff142e5107dffb0741f8fc65c09f9335eeaa01c26585cf3b4110fd5d5c3e2bcd55878bf4876e144676d8fb043100f8de4f93862bf1301c585a34cc5ccb2533095a4d6f4965608b8cd5c7f0196be72526a3b42377c1678399393949bb1dcb26d416d67cdc96f903d7f4572c11b23d6c2558466e4b3c56606f6f3d64b5eada32b428a2192fea86f5a2570628173635ea0bbd8dcd74ad33daf830638121d24872de4fc02d63e7704bc0436b5e777cb9c2e8d2318b9a3c2471df05dd6a1735705689aa7c937651dbeeabcd842834305a58ba609ffd1a194a64eaa3d09f5056cb7d2645ad82a22c24b9df1395e4cde483d9b34969a095f8efdf7b15291ce3f89f61ca1b5a9751f71bf5b435d653d50816eabf0d0d3fcb2b31fb6999626f43c798b5c64cccdee279ae5a0c00c7287c16e4d5ad31eeaf044e6326f1ceb174e94c37865203b0f41aa1fe9a1419dfeb1b8a0652a34e0dea8f93ce6c130bbc0a0632cfc5c1600a8d0c47fea119d1e06c6a66d325db438092b4907aafdec30daf1a72fcfb7fdfad0a384d9279efb016677b95610e1206ec6aeb1f9b6bac8355d33768ef17c200c2a77aeb5a20286ba29eeb45a00b18cabe3f90ac9545dd4b96a749ebd48ae98
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.12
+            IsCertificateAuthority: true
+            SerialNumber: 300f6facdd6698747ca94636a7782db9
+            Version: 3
+            TBS:
+                MD5: 63499ed59a1293b786649470e4ce0bd7
+                SHA1: 7309d8eaa65da1f3da7030c08f00a3b0a20fa908
+                SHA256: 8c8d2046b29e792e71b28705fe67c435208a336dde074a75452d98e72c734937
+                SHA384: 5dbc5eae13908fee4c4e5216f87e3e87208fff0d1052f5fa9f0856a429d6a6c422c625f2318f2f29aea26ece09c1e811
+        -   Subject: 'C=GB, ST=Manchester, O=Sectigo Limited, CN=Sectigo RSA Time
+                Stamping Signer #3'
+            ValidFrom: '2022-05-11 00:00:00'
+            ValidTo: '2033-08-10 23:59:59'
+            Signature: 73daed6872cbc2b940a131bbb403a32d147b24e7b45b157da8e9fdadd1920d7c3d36a069d9f39a30daac69d67457243f7e0f3cd9f5c379256c26e88d6893cef17789397fa80405da34c314ea9f0854abffc47e966c2bd394ebb46ce0454d2cb2f73b3b5ab5c1fbd789756d987272f6f70728f3d3b2d0eb19be152c78efcd45a000e4f80476bb57c590be775490749e0b4f4dc4aa138f97af01352bcb9b1178e9f2f989043c4ee3821262ebb4440c7541c20f34b8889dc822f1136adb182f6e78adc405b4e884089307f97d83fe689834e477e5b1ce8c946cdb036d2805477e9b2ef064fbdba40331107c1afb3c1980d10b70b9555f47be3964ceb7da235432e346b232d8d22986c9155d8095af02fbb4d12e9d387c35e00f1ced1b47489c226a5582d9f2ba086503e5f129f3488a09014ca679f2a2b61a9994eb9728e1be7d1ba17ced5680a6f4223390e48453fc2afac0a797a8eab58d7acee4e04ba133ab0b76a0d56916b78e66bf5ffa1fc4a87fa7a14814910d82fcbd4d99edc9e66c36fe774399b8692d7c612feda3b049fe5bbe692491ff93fc5769924bd9053f6d8672d3a2d0c064d23a42c11a03fbd0ed9a21b83fafa6b25154d54cc5ca1f128d57c639ed5cffec9f2676ad646667e8aa30e0d2adb77db16a41276e038aa374e08a09826ebfe3f6b7bc9e0b29186881a19c3f6e16594b1409099ae6aebf6015dd86f5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.12
+            IsCertificateAuthority: false
+            SerialNumber: 0090397f9ad24a3a13f2bd915f0838a943
+            Version: 3
+            TBS:
+                MD5: 26ec2c9bfcb06fdf8a6d95f2c616fd72
+                SHA1: 635466f1432046f6fd338624c068872ab6488b12
+                SHA256: 2219bd6adf84dc8f6f04833974d150f75f5ce79cbf85788a6f7efaa4a5205839
+                SHA384: 62d3259a3af5706e5bd6ca3f7ca35c0978253facbf7bee54f61d6afdd548e39e435fb55f952dbf8ed2bd6ee0c6b69660
+        Signer:
+        -   SerialNumber: 5f9e06262d2eed425c886a4709350426
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: cf0eb2dce2ba2c9ff5dd0da794b8b372
+    LoadsDespiteHVCI: 'TRUE'
+-   Authentihash:
+        MD5: 0318de365e28ee38442c92b03747b088
+        SHA1: ff0497dbd779bd65bbb7302b360dc0738a464e9b
+        SHA256: dd759c6b9c4222c7b19e8b0ba7288d7395594d6884b9bcdf0ccfada3e6b7a8d5
+    Company: Microsoft Corporation
+    Copyright: '? Microsoft Corporation. All rights reserved.'
+    CreationTimestamp: '2023-03-08 03:14:17'
+    Date: ''
+    Description: Windows GUI symbolic debugger
+    ExportedFunctions: ''
+    FileVersion: 10.0.19041.685 (WinBuild.160101.0800)
+    Filename: windbg.sys
+    ImportedFunctions:
+    - IoDeleteDevice
+    - IoDetachDevice
+    - memcpy
+    - memset
+    - ZwClose
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - ObOpenObjectByPointer
+    - PsProcessType
+    - PsLookupProcessByProcessId
+    - MmGetSystemRoutineAddress
+    - RtlInitUnicodeString
+    - IofCallDriver
+    - PsGetCurrentProcessId
+    - IoGetLowerDeviceObject
+    - ObfDereferenceObject
+    - IoGetAttachedDeviceReference
+    - IoUnregisterShutdownNotification
+    - KeDelayExecutionThread
+    - IoAttachDeviceToDeviceStackSafe
+    - IoCreateDevice
+    - IoEnumerateDeviceObjectList
+    - IoRegisterShutdownNotification
+    - IoUnregisterFsRegistrationChange
+    - IoRegisterFsRegistrationChange
+    - _vsnwprintf
+    - PsGetVersion
+    - ZwAllocateVirtualMemory
+    - MmUnmapLockedPages
+    - IoFreeMdl
+    - MmMapLockedPages
+    - MmBuildMdlForNonPagedPool
+    - MmCreateMdl
+    - ZwReadFile
+    - ZwQueryInformationFile
+    - IoCreateFile
+    - _wcsicmp
+    - _wcsnicmp
+    - RtlEqualUnicodeString
+    - ZwWriteFile
+    - ZwFlushKey
+    - ZwSetValueKey
+    - ZwQueryValueKey
+    - RtlRandom
+    - KeQuerySystemTime
+    - ZwDeleteKey
+    - ZwOpenKey
+    - ZwEnumerateKey
+    - ObQueryNameString
+    - RtlCopyUnicodeString
+    - MmIsAddressValid
+    - PsGetProcessPeb
+    - RtlCreateUnicodeString
+    - ZwDeleteValueKey
+    - ZwCreateKey
+    - RtlFreeUnicodeString
+    - ZwDeleteFile
+    - PsRemoveLoadImageNotifyRoutine
+    - CmUnRegisterCallback
+    - PsSetLoadImageNotifyRoutine
+    - CmRegisterCallback
+    - ObReferenceObjectByName
+    - ZwFreeVirtualMemory
+    - ZwWaitForSingleObject
+    - KeUnstackDetachProcess
+    - KeStackAttachProcess
+    - ZwDuplicateObject
+    - PsGetProcessSessionId
+    - _strnicmp
+    - RtlSubAuthoritySid
+    - RtlSubAuthorityCountSid
+    - ZwQueryInformationToken
+    - ZwOpenProcessTokenEx
+    - PsTerminateSystemThread
+    - KeWaitForSingleObject
+    - ObReferenceObjectByHandle
+    - PsThreadType
+    - PsCreateSystemThread
+    - KeInitializeEvent
+    - KeSetEvent
+    - KeTickCount
+    - KeBugCheckEx
+    - _vsnprintf
+    - strncmp
+    - strchr
+    - strncpy
+    - strstr
+    - ExAllocatePool
+    - _stricmp
+    - rand
+    - ZwCreateFile
+    - IoBuildDeviceIoControlRequest
+    - IoGetRelatedDeviceObject
+    - MmProbeAndLockPages
+    - IoFreeIrp
+    - IoAllocateMdl
+    - _allshl
+    - RtlUnwind
+    Imports:
+    - ntoskrnl.exe
+    InternalName: windbg.sys
+    MD5: 0ea8389589c603a8b05146bd06020597
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: windbg.sys
+    Product: Microsoft? Windows? Operating System
+    ProductVersion: 10.0.19041.685
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: fcc2deab7e9faa5b1d77595feb500b14
+        SHA1: 986d82b450e146954da1d2aa002df555a2458878
+        SHA256: 8a1062d510272d9077cb3bc5a2afaeb4284c1d31bca2a87324830440d1165e6c
+    SHA1: 3c1c3f5f5081127229ba0019fbf0efc2a9c1d677
+    SHA256: f9f2091fccb289bcf6a945f6b38676ec71dedb32f3674262928ccaf840ca131a
+    Sections:
+        .text:
+            Entropy: 6.5355947269042955
+            Virtual Size: '0xcbb8'
+        .rdata:
+            Entropy: 7.900782744418186
+            Virtual Size: '0xe2184'
+        .data:
+            Entropy: 2.3812541502696827
+            Virtual Size: '0x2420'
+        INIT:
+            Entropy: 5.640068534278057
+            Virtual Size: '0x9d4'
+        .rsrc:
+            Entropy: 3.3328333229060245
+            Virtual Size: '0x400'
+        .reloc:
+            Entropy: 3.325148925851967
+            Virtual Size: '0x143c'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=CN, ST=Shandong, L=Binzhou, O=Binzhoushi Yongyu Feed Co.,LTd.,
+                CN=Binzhoushi Yongyu Feed Co.,LTd.
+            ValidFrom: '2014-01-17 00:00:00'
+            ValidTo: '2016-01-17 23:59:59'
+            Signature: 565de91bd9b0bbefe729b5e1a4070c18ee9855ad678967425dd8f4284cdd54fd20affa0449eb2061c26c0720e6b64ee7323461482ad375a2223074f1d41c96b48249ef810d1dc390b89890e703a407c05c7f5d8670573f22dcf7aa210b6d35793423e62a015309d1b37bc59664c32778d78bda41c215a9db9f13c95d922b5d2c0a798b3a642f50cc1aa12db6a398ab2741ce185e65d24ecbcad0d2309cf28530ae4c2ab4207dd35168d612ba3974230fd8d6121f4a9bd47b8ccb5e431f56e7b7f31e879a0f905dc16d1b73f0aa3ef9aeef75a471c09d484c1f474f97fcae827f29cedbd9f022d3e14a1d7ed7792a62b581f58e5e74c5eae41a32b9cc1da2f889
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 5d11784fb81765023f89a4f4243fe1a9
+            Version: 3
+            TBS:
+                MD5: b5ff0da6f1d327dca52b08e9c7c8d439
+                SHA1: c7acfdfc234a3bb37535cbe2785d9202b4b0a10c
+                SHA256: 80a8f0e8652dcea59596b4238f4c2d9f0212a25ea7434fde70a68a202b7ed0b1
+                SHA384: 5cb5027c847cd97082d64888db37cd3fed2ce3663ae3c7466d16887661fb8772f84f9a756782bd9eadde048ceb0f3773
+        -   Subject: C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 56fe535ce1c79ebca7ed7e536d6a144b518c405e805faaa4e82fef38c804c9ca3ecfdf3a584eb0d4b663c52957fa02059a454d68db2a1bd4343d9f00c35acb9549a56ee1b0c5fc414d414a6fd377c8d7388de419de18f31f1565836d450c53f90a9a2ea55dbf6f32811892196a5500ad631c52067e55d92968ae4a7c189a79886b2323d827382a298776cafbc7b662231fed7a564cdd9c325bf53d0c4618953b2a2368836441d9006d0f1924156872bdc571676eac4cdb90eb51a51a6207d0be6a00473c722fec4f613e7385ce5a0ab7bac01c1375e3223928dd6d1d09469d4fbae8408191c6a4ce94721b01cf2a6e15679589ae7db7b7cdf90a3d75b66b3c25
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47974d7873a5bcab0d2fb370192fce5e
+            Version: 3
+            TBS:
+                MD5: e3a93dc2a8a8a668fdbb286bfe9afab5
+                SHA1: 95795d2aa2a554a423bc8c6e5b0a016d14887d35
+                SHA256: d8844186775bddbccaf3dc017064df7d760fd4b85c5d07561a3efd7da950f89e
+                SHA384: 78d972495720b43a6470b18ae1226bcca20707628087717a9364c14ca053ba264e6d149718b103542d9942200138a69d
+        -   Subject: C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c)
+                2006 thawte, Inc. , For authorized use only, CN=thawte Primary Root
+                CA
+            ValidFrom: '2011-02-22 19:31:57'
+            ValidTo: '2021-02-22 19:41:57'
+            Signature: 2dcc71b5e8ba94ff5ee64467007b6afc412c3ee70e41855ab12a932ba95b89f2f72b499c8003f297b8e760a80ed7fd5de545467594f4ed1c9de166228b61fb29f2c6a8bdf387c98f7f47e1c058b64a1aa2e7f718606969e083069e26c775c40c0d79da746b52b9fae8ea3359b9bb18dd291a14dfd36a37277a9da0dacffffc22c4faf009ff33e93e17ba1cc742cfce2743d30c0c5581303db96060ce02ece19ee81ddc852ce0a18d966d95ac17a4713ea16741b6281d2ce3b615e5b7e5a2f6256d86e320acf9f8314f8e629b9833376d6af735523e90feb03b5fc5b852a9e06ea0479a279e97aea24a9e531939ec357ec659de3ae0aaf533f06abda0821812dea18c4570ca2bd62e959145995a5c240049bd23b30ceca43df5b9e1d1b1825a38eea3fba1ab483a8c5dffa065223fd3d3fe4990db1446a3852e8a554b09ab38b2ab63a008d1fdad48e273d812bcc26ca516fad09ac05e38383a2b718e553aac42197a1f0d4220e7ab5d8c6880524ca1c0d488d02321fb901309007b4937afa9df486022abf4f6c2363bf8513c34bbc586e43ae19f4b90fe5461024b159c34176aa94b8d4cb69d2326c83af1d6b805cdda1d6240183a2f1b41cd3a993a0aa9d1d77eb8c4aff7b8c980105ed55df6ce7a9a02c50f6381efb564e9fc5bd8d2619a68c37cf9c78df91e87d5fa2cf816ae9dab068fc86dc741cda14e84e3dac26ebcfb
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611fb0a400000000001d
+            Version: 3
+            TBS:
+                MD5: a3f222107d4e1085e73b5b589c2f480b
+                SHA1: b94aa26cd77c48d91a53ac44506cbd255e1d362c
+                SHA256: a39ed0d6fd4eb1a6f7fed60f726e23eae668b7591bc004644625d22c701213fa
+                SHA384: 64b7643e4146016cbf83c911eb67e4601b6bb8d66f8ee8dcee67b815f91770d86ab23678b984430f22a963e5484881b7
+        Signer:
+        -   SerialNumber: 5d11784fb81765023f89a4f4243fe1a9
+            Issuer: C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2
+            Version: 1
+    Imphash: cf0eb2dce2ba2c9ff5dd0da794b8b372
+    LoadsDespiteHVCI: 'TRUE'
+-   Authentihash:
+        MD5: 619b74b682d2abd190cb3e0ac5ecd6f7
+        SHA1: ed5e61e534550b1f286d0801d4464d45f38d2739
+        SHA256: 40e0be2ed5d07d5ecf14232fe64a95c7ad6fd942a60b4a6e21fda69c75bbb78d
+    Company: Microsoft Corporation
+    Copyright: '? Microsoft Corporation. All rights reserved.'
+    CreationTimestamp: '2023-03-09 06:55:46'
+    Date: ''
+    Description: Windows GUI symbolic debugger
+    ExportedFunctions: ''
+    FileVersion: 10.0.19041.685 (WinBuild.160101.0800)
+    Filename: windbg.sys
+    ImportedFunctions:
+    - IoDeleteDevice
+    - ExAllocatePool
+    - NtQuerySystemInformation
+    - ExFreePoolWithTag
+    - IoAllocateMdl
+    - MmProbeAndLockPages
+    - MmMapLockedPagesSpecifyCache
+    - MmUnlockPages
+    - IoFreeMdl
+    - KeQueryActiveProcessors
+    - KeSetSystemAffinityThread
+    - KeRevertToUserAffinityThread
+    - DbgPrint
+    - _except_handler3
+    - KeQueryPerformanceCounter
+    Imports:
+    - ntoskrnl.exe
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: windbg.sys
+    MD5: 19bdd9b799e3c2c54c0d7fff68b31c20
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: windbg.sys
+    Product: Microsoft? Windows? Operating System
+    ProductVersion: 10.0.19041.685
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: ffdf660eb1ebf020a1d0a55a90712dfb
+        SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
+        SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
+    SHA1: ea4a405445bb6e58c16b81f6d5d2c9a9edde419b
+    SHA256: e6f764c3b5580cd1675cbf184938ad5a201a8c096607857869bd7c3399df0d12
+    Sections:
+        .text:
+            Entropy: 0.0
+            Virtual Size: '0xcab8'
+        .rdata:
+            Entropy: 0.0
+            Virtual Size: '0xdd534'
+        .data:
+            Entropy: 0.0
+            Virtual Size: '0x2420'
+        INIT:
+            Entropy: 0.0
+            Virtual Size: '0x9d4'
+        .!ah:
+            Entropy: 0.0
+            Virtual Size: '0x13a13a'
+        .ayl:
+            Entropy: 0.8731292151353464
+            Virtual Size: '0x240'
+        .a"#:
+            Entropy: 7.905485094234152
+            Virtual Size: '0x353c10'
+        .reloc:
+            Entropy: 4.327337601167297
+            Virtual Size: '0x5bc'
+        .rsrc:
+            Entropy: 3.3535230093039967
+            Virtual Size: '0x3f8'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: ??=CN, ??=, ??=, ??=Private Organization, serialNumber=91420100MA4KN92W72,
+                C=CN, ST=, L=, O=Wuhan Jiajia Yiyong Technology Co., Ltd., CN=Wuhan
+                Jiajia Yiyong Technology Co., Ltd.
+            ValidFrom: '2020-11-17 00:00:00'
+            ValidTo: '2023-11-12 23:59:59'
+            Signature: 9451eb3eee03a01f0c66d87dc537eb17f37bc157ec9037c05a55ee4a3d0c207c67b981841c2b642084bca0a3c65f8e8eb5413f3e897b267aad91044c4098319a1f703fa995afdc53896d20245af8c2829e80081d36135ac1acb414bf966fd0af157b3fc2dac8f616f2b794a76b0fb7b300db0c579f093e31dd739b43f09fb7a73c6c914d8453032ea14950246e80abfc7fbaff2597ab68b6f03d30d97edbee25c0e2786040a1770e26661867920f3b01132c4ac5dc9ef97ae59e7baad68fe1b2b12acc7ed54697e9d4025ced62ac9dca82104ac7dd8219b331fcbed72aab33b95fed0ef6a1f9831c8b68457be6b080ae3c9ae15df500a53b7b2a198ee71abd1b
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 012eab44fa8853d913e7107c89406432
+            Version: 3
+            TBS:
+                MD5: 5d40693a8cfc4fd21f0c610ed3ee8477
+                SHA1: 4dffeb59ea4c32c7b87c9fe44d55f5e622444824
+                SHA256: d7380ff1b3d400fdf8cf2d8ab18ac65a071ae51c83cce017fa236fb530c4af74
+                SHA384: 9feb1b57516ca5131bb53e05cfc2c1d1df028761ede93e58f42026a9781507a72e28bb2aca693c72f29da7f0421f45bc
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA
+            ValidFrom: '2012-04-18 12:00:00'
+            ValidTo: '2027-04-18 12:00:00'
+            Signature: 9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0dd0e3374ac95bdbfa6b434b2a48ec06
+            Version: 3
+            TBS:
+                MD5: f92649915476229b093c211c2b18e6c4
+                SHA1: 2d54c16a8f8b69ccdea48d0603c132f547a5cf75
+                SHA256: 2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
+                SHA384: 511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace
+        Signer:
+        -   SerialNumber: 012eab44fa8853d913e7107c89406432
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA
+            Version: 1
+    Imphash: 514298d18002920ee5a917fc34426417
+    LoadsDespiteHVCI: 'TRUE'
+-   Authentihash:
+        MD5: 265462dbda175886e0c02257f2385753
+        SHA1: 0e45b675fec76249e64f8a2d4bd5483886b91169
+        SHA256: 37a1a3fa4dc148924c1bfb60c88ffef082ee58cd0ee804d2de0f1d22c1e7802c
+    Company: Microsoft Corporation
+    Copyright: '? Microsoft Corporation. All rights reserved.'
+    CreationTimestamp: '2023-03-30 04:24:09'
+    Date: ''
+    Description: Windows GUI symbolic debugger
+    ExportedFunctions: ''
+    FileVersion: 10.0.19041.685 (WinBuild.160101.0800)
+    Filename: windbg.sys
+    ImportedFunctions:
+    - IoDeleteDevice
+    - IoDetachDevice
+    - memcpy
+    - memset
+    - ZwClose
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - ObOpenObjectByPointer
+    - PsProcessType
+    - PsLookupProcessByProcessId
+    - MmGetSystemRoutineAddress
+    - RtlInitUnicodeString
+    - IofCallDriver
+    - PsGetCurrentProcessId
+    - IoGetLowerDeviceObject
+    - ObfDereferenceObject
+    - IoGetAttachedDeviceReference
+    - IoUnregisterShutdownNotification
+    - KeDelayExecutionThread
+    - IoAttachDeviceToDeviceStackSafe
+    - IoCreateDevice
+    - IoEnumerateDeviceObjectList
+    - IoRegisterShutdownNotification
+    - IoUnregisterFsRegistrationChange
+    - IoRegisterFsRegistrationChange
+    - _vsnwprintf
+    - PsGetVersion
+    - ZwAllocateVirtualMemory
+    - MmUnmapLockedPages
+    - IoFreeMdl
+    - MmMapLockedPages
+    - MmBuildMdlForNonPagedPool
+    - MmCreateMdl
+    - ZwReadFile
+    - ZwQueryInformationFile
+    - IoCreateFile
+    - _wcsicmp
+    - _wcsnicmp
+    - RtlEqualUnicodeString
+    - ZwWriteFile
+    - ZwFlushKey
+    - ZwSetValueKey
+    - ZwQueryValueKey
+    - RtlRandom
+    - KeQuerySystemTime
+    - ZwDeleteKey
+    - ZwOpenKey
+    - ZwEnumerateKey
+    - IoFreeIrp
+    - KeSetEvent
+    - KeWaitForSingleObject
+    - KeGetCurrentThread
+    - KeInitializeEvent
+    - IoAllocateIrp
+    - IoGetRelatedDeviceObject
+    - ObReferenceObjectByHandle
+    - IoFileObjectType
+    - ObQueryNameString
+    - RtlCopyUnicodeString
+    - MmIsAddressValid
+    - PsGetProcessPeb
+    - RtlCreateUnicodeString
+    - ZwDeleteValueKey
+    - ZwCreateKey
+    - RtlFreeUnicodeString
+    - ZwDeleteFile
+    - PsRemoveLoadImageNotifyRoutine
+    - CmUnRegisterCallback
+    - PsSetLoadImageNotifyRoutine
+    - CmRegisterCallback
+    - ObReferenceObjectByName
+    - ZwFreeVirtualMemory
+    - ZwWaitForSingleObject
+    - KeUnstackDetachProcess
+    - KeStackAttachProcess
+    - ZwDuplicateObject
+    - PsGetProcessSessionId
+    - _strnicmp
+    - RtlSubAuthoritySid
+    - RtlSubAuthorityCountSid
+    - ZwQueryInformationToken
+    - ZwOpenProcessTokenEx
+    - PsTerminateSystemThread
+    - PsThreadType
+    - PsCreateSystemThread
+    - KeTickCount
+    - KeBugCheckEx
+    - _vsnprintf
+    - strncmp
+    - strchr
+    - strncpy
+    - strstr
+    - ExAllocatePool
+    - _stricmp
+    - rand
+    - ZwCreateFile
+    - IoBuildDeviceIoControlRequest
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - _allshl
+    - RtlUnwind
+    Imports:
+    - ntoskrnl.exe
+    InternalName: windbg.sys
+    MD5: 88bea56ae9257b40063785cf47546024
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: windbg.sys
+    Product: Microsoft? Windows? Operating System
+    ProductVersion: 10.0.19041.685
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: e1c6e942db6887e4c9e630b5bb75c313
+        SHA1: e703cd9718363d923287424967d01ca57fc8a842
+        SHA256: 8afa5d95d504001486a7641c204a06b483d2cf4f3b4ed072606cc05759996d9d
+    SHA1: b5a8e2104d76dbb04cd9ffe86784113585822375
+    SHA256: e1cb86386757b947b39086cc8639da988f6e8018ca9995dd669bdc03c8d39d7d
+    Sections:
+        .text:
+            Entropy: 6.560143155001299
+            Virtual Size: '0xcf52'
+        .rdata:
+            Entropy: 7.956474654695534
+            Virtual Size: '0xdc5e4'
+        .data:
+            Entropy: 2.3758735106170197
+            Virtual Size: '0x2420'
+        INIT:
+            Entropy: 5.700732148931988
+            Virtual Size: '0xa1a'
+        .rsrc:
+            Entropy: 3.337476767732356
+            Virtual Size: '0x400'
+        .reloc:
+            Entropy: 3.4327474207821553
+            Virtual Size: '0x144e'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: ??=CN, ??=, ??=, ??=Private Organization, serialNumber=91420100MA4KN92W72,
+                C=CN, ST=, L=, O=Wuhan Jiajia Yiyong Technology Co., Ltd., CN=Wuhan
+                Jiajia Yiyong Technology Co., Ltd.
+            ValidFrom: '2020-11-17 00:00:00'
+            ValidTo: '2023-11-12 23:59:59'
+            Signature: 9451eb3eee03a01f0c66d87dc537eb17f37bc157ec9037c05a55ee4a3d0c207c67b981841c2b642084bca0a3c65f8e8eb5413f3e897b267aad91044c4098319a1f703fa995afdc53896d20245af8c2829e80081d36135ac1acb414bf966fd0af157b3fc2dac8f616f2b794a76b0fb7b300db0c579f093e31dd739b43f09fb7a73c6c914d8453032ea14950246e80abfc7fbaff2597ab68b6f03d30d97edbee25c0e2786040a1770e26661867920f3b01132c4ac5dc9ef97ae59e7baad68fe1b2b12acc7ed54697e9d4025ced62ac9dca82104ac7dd8219b331fcbed72aab33b95fed0ef6a1f9831c8b68457be6b080ae3c9ae15df500a53b7b2a198ee71abd1b
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 012eab44fa8853d913e7107c89406432
+            Version: 3
+            TBS:
+                MD5: 5d40693a8cfc4fd21f0c610ed3ee8477
+                SHA1: 4dffeb59ea4c32c7b87c9fe44d55f5e622444824
+                SHA256: d7380ff1b3d400fdf8cf2d8ab18ac65a071ae51c83cce017fa236fb530c4af74
+                SHA384: 9feb1b57516ca5131bb53e05cfc2c1d1df028761ede93e58f42026a9781507a72e28bb2aca693c72f29da7f0421f45bc
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA
+            ValidFrom: '2012-04-18 12:00:00'
+            ValidTo: '2027-04-18 12:00:00'
+            Signature: 9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0dd0e3374ac95bdbfa6b434b2a48ec06
+            Version: 3
+            TBS:
+                MD5: f92649915476229b093c211c2b18e6c4
+                SHA1: 2d54c16a8f8b69ccdea48d0603c132f547a5cf75
+                SHA256: 2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
+                SHA384: 511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace
+        Signer:
+        -   SerialNumber: 012eab44fa8853d913e7107c89406432
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA
+            Version: 1
+    Imphash: f8e4844312e81dbdb4e8e95e2ad2c127
+    LoadsDespiteHVCI: 'TRUE'
+-   Authentihash:
+        MD5: 096f2e1d163a780fa3cb7f0870fe2b34
+        SHA1: 0e4f45b762d5c548322cde3d0e2d5ff2d81c87f1
+        SHA256: 948735962436df24baa69e58421345d4a295e0821f4f93fd9f64e11f51a9666f
+    Company: Microsoft Corporation
+    Copyright: '? Microsoft Corporation. All rights reserved.'
+    CreationTimestamp: '2023-03-27 22:28:14'
+    Date: ''
+    Description: Windows GUI symbolic debugger
+    ExportedFunctions: ''
+    FileVersion: 10.0.19041.685 (WinBuild.160101.0800)
+    Filename: windbg.sys
+    ImportedFunctions:
+    - IoDeleteDevice
+    - IoDetachDevice
+    - memcpy
+    - memset
+    - ZwClose
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - ObOpenObjectByPointer
+    - PsProcessType
+    - PsLookupProcessByProcessId
+    - MmGetSystemRoutineAddress
+    - RtlInitUnicodeString
+    - IofCallDriver
+    - PsGetCurrentProcessId
+    - IoGetLowerDeviceObject
+    - ObfDereferenceObject
+    - IoGetAttachedDeviceReference
+    - IoUnregisterShutdownNotification
+    - KeDelayExecutionThread
+    - IoAttachDeviceToDeviceStackSafe
+    - IoCreateDevice
+    - IoEnumerateDeviceObjectList
+    - IoRegisterShutdownNotification
+    - IoUnregisterFsRegistrationChange
+    - IoRegisterFsRegistrationChange
+    - _vsnwprintf
+    - PsGetVersion
+    - ZwAllocateVirtualMemory
+    - MmUnmapLockedPages
+    - IoFreeMdl
+    - MmMapLockedPages
+    - MmBuildMdlForNonPagedPool
+    - MmCreateMdl
+    - ZwReadFile
+    - ZwQueryInformationFile
+    - IoCreateFile
+    - _wcsicmp
+    - _wcsnicmp
+    - RtlEqualUnicodeString
+    - ZwWriteFile
+    - ZwFlushKey
+    - ZwSetValueKey
+    - ZwQueryValueKey
+    - RtlRandom
+    - KeQuerySystemTime
+    - ZwDeleteKey
+    - ZwOpenKey
+    - ZwEnumerateKey
+    - IoFreeIrp
+    - KeSetEvent
+    - KeWaitForSingleObject
+    - KeGetCurrentThread
+    - KeInitializeEvent
+    - IoAllocateIrp
+    - IoGetRelatedDeviceObject
+    - ObReferenceObjectByHandle
+    - IoFileObjectType
+    - ObQueryNameString
+    - RtlCopyUnicodeString
+    - MmIsAddressValid
+    - PsGetProcessPeb
+    - RtlCreateUnicodeString
+    - ZwDeleteValueKey
+    - ZwCreateKey
+    - RtlFreeUnicodeString
+    - ZwDeleteFile
+    - PsRemoveLoadImageNotifyRoutine
+    - CmUnRegisterCallback
+    - PsSetLoadImageNotifyRoutine
+    - CmRegisterCallback
+    - ObReferenceObjectByName
+    - ZwFreeVirtualMemory
+    - ZwWaitForSingleObject
+    - KeUnstackDetachProcess
+    - KeStackAttachProcess
+    - ZwDuplicateObject
+    - PsGetProcessSessionId
+    - _strnicmp
+    - RtlSubAuthoritySid
+    - RtlSubAuthorityCountSid
+    - ZwQueryInformationToken
+    - ZwOpenProcessTokenEx
+    - PsTerminateSystemThread
+    - PsThreadType
+    - PsCreateSystemThread
+    - KeTickCount
+    - KeBugCheckEx
+    - _vsnprintf
+    - strncmp
+    - strchr
+    - strncpy
+    - strstr
+    - ExAllocatePool
+    - _stricmp
+    - rand
+    - ZwCreateFile
+    - IoBuildDeviceIoControlRequest
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - _allshl
+    - RtlUnwind
+    Imports:
+    - ntoskrnl.exe
+    InternalName: windbg.sys
+    MD5: 3f11a94f1ac5efdd19767c6976da9ba4
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: windbg.sys
+    Product: Microsoft? Windows? Operating System
+    ProductVersion: 10.0.19041.685
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: e1c6e942db6887e4c9e630b5bb75c313
+        SHA1: e703cd9718363d923287424967d01ca57fc8a842
+        SHA256: 8afa5d95d504001486a7641c204a06b483d2cf4f3b4ed072606cc05759996d9d
+    SHA1: f92faed3ef92fa5bc88ebc1725221be5d7425528
+    SHA256: 4734a0a5d88f44a4939b8d812364cab6ca5f611b9b8ceebe27df6c1ed3a6d8a4
+    Sections:
+        .text:
+            Entropy: 6.562572727180479
+            Virtual Size: '0xcf52'
+        .rdata:
+            Entropy: 7.956615408068725
+            Virtual Size: '0xdc824'
+        .data:
+            Entropy: 2.3758735106170197
+            Virtual Size: '0x2420'
+        INIT:
+            Entropy: 5.700732148931988
+            Virtual Size: '0xa1a'
+        .rsrc:
+            Entropy: 3.337476767732356
+            Virtual Size: '0x400'
+        .reloc:
+            Entropy: 3.4303160245829205
+            Virtual Size: '0x144e'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: ??=CN, ??=, ??=, ??=Private Organization, serialNumber=91420100MA4KN92W72,
+                C=CN, ST=, L=, O=Wuhan Jiajia Yiyong Technology Co., Ltd., CN=Wuhan
+                Jiajia Yiyong Technology Co., Ltd.
+            ValidFrom: '2020-11-17 00:00:00'
+            ValidTo: '2023-11-12 23:59:59'
+            Signature: 9451eb3eee03a01f0c66d87dc537eb17f37bc157ec9037c05a55ee4a3d0c207c67b981841c2b642084bca0a3c65f8e8eb5413f3e897b267aad91044c4098319a1f703fa995afdc53896d20245af8c2829e80081d36135ac1acb414bf966fd0af157b3fc2dac8f616f2b794a76b0fb7b300db0c579f093e31dd739b43f09fb7a73c6c914d8453032ea14950246e80abfc7fbaff2597ab68b6f03d30d97edbee25c0e2786040a1770e26661867920f3b01132c4ac5dc9ef97ae59e7baad68fe1b2b12acc7ed54697e9d4025ced62ac9dca82104ac7dd8219b331fcbed72aab33b95fed0ef6a1f9831c8b68457be6b080ae3c9ae15df500a53b7b2a198ee71abd1b
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 012eab44fa8853d913e7107c89406432
+            Version: 3
+            TBS:
+                MD5: 5d40693a8cfc4fd21f0c610ed3ee8477
+                SHA1: 4dffeb59ea4c32c7b87c9fe44d55f5e622444824
+                SHA256: d7380ff1b3d400fdf8cf2d8ab18ac65a071ae51c83cce017fa236fb530c4af74
+                SHA384: 9feb1b57516ca5131bb53e05cfc2c1d1df028761ede93e58f42026a9781507a72e28bb2aca693c72f29da7f0421f45bc
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA
+            ValidFrom: '2012-04-18 12:00:00'
+            ValidTo: '2027-04-18 12:00:00'
+            Signature: 9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0dd0e3374ac95bdbfa6b434b2a48ec06
+            Version: 3
+            TBS:
+                MD5: f92649915476229b093c211c2b18e6c4
+                SHA1: 2d54c16a8f8b69ccdea48d0603c132f547a5cf75
+                SHA256: 2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
+                SHA384: 511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace
+        Signer:
+        -   SerialNumber: 012eab44fa8853d913e7107c89406432
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA
+            Version: 1
+    Imphash: f8e4844312e81dbdb4e8e95e2ad2c127
+    LoadsDespiteHVCI: 'TRUE'
+-   Authentihash:
+        MD5: 207e5de5c589271ee469dd33442a0bb0
+        SHA1: 34e83718226e039ebf28c4ea2284b011701710d0
+        SHA256: aa833c9e3bcdc33eaf64fd913e80f5b9ce60618f6e3ff4c386420fea4a494380
+    Company: Microsoft Corporation
+    Copyright: '? Microsoft Corporation. All rights reserved.'
+    CreationTimestamp: '2023-03-30 04:24:09'
+    Date: ''
+    Description: Windows GUI symbolic debugger
+    ExportedFunctions: ''
+    FileVersion: 10.0.19041.685 (WinBuild.160101.0800)
+    Filename: windbg.sys
+    ImportedFunctions:
+    - IoDeleteDevice
+    - IoDetachDevice
+    - memcpy
+    - memset
+    - ZwClose
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - ObOpenObjectByPointer
+    - PsProcessType
+    - PsLookupProcessByProcessId
+    - MmGetSystemRoutineAddress
+    - RtlInitUnicodeString
+    - IofCallDriver
+    - PsGetCurrentProcessId
+    - IoGetLowerDeviceObject
+    - ObfDereferenceObject
+    - IoGetAttachedDeviceReference
+    - IoUnregisterShutdownNotification
+    - KeDelayExecutionThread
+    - IoAttachDeviceToDeviceStackSafe
+    - IoCreateDevice
+    - IoEnumerateDeviceObjectList
+    - IoRegisterShutdownNotification
+    - IoUnregisterFsRegistrationChange
+    - IoRegisterFsRegistrationChange
+    - _vsnwprintf
+    - PsGetVersion
+    - ZwAllocateVirtualMemory
+    - MmUnmapLockedPages
+    - IoFreeMdl
+    - MmMapLockedPages
+    - MmBuildMdlForNonPagedPool
+    - MmCreateMdl
+    - ZwReadFile
+    - ZwQueryInformationFile
+    - IoCreateFile
+    - _wcsicmp
+    - _wcsnicmp
+    - RtlEqualUnicodeString
+    - ZwWriteFile
+    - ZwFlushKey
+    - ZwSetValueKey
+    - ZwQueryValueKey
+    - RtlRandom
+    - KeQuerySystemTime
+    - ZwDeleteKey
+    - ZwOpenKey
+    - ZwEnumerateKey
+    - IoFreeIrp
+    - KeSetEvent
+    - KeWaitForSingleObject
+    - KeGetCurrentThread
+    - KeInitializeEvent
+    - IoAllocateIrp
+    - IoGetRelatedDeviceObject
+    - ObReferenceObjectByHandle
+    - IoFileObjectType
+    - ObQueryNameString
+    - RtlCopyUnicodeString
+    - MmIsAddressValid
+    - PsGetProcessPeb
+    - RtlCreateUnicodeString
+    - ZwDeleteValueKey
+    - ZwCreateKey
+    - RtlFreeUnicodeString
+    - ZwDeleteFile
+    - PsRemoveLoadImageNotifyRoutine
+    - CmUnRegisterCallback
+    - PsSetLoadImageNotifyRoutine
+    - CmRegisterCallback
+    - ObReferenceObjectByName
+    - ZwFreeVirtualMemory
+    - ZwWaitForSingleObject
+    - KeUnstackDetachProcess
+    - KeStackAttachProcess
+    - ZwDuplicateObject
+    - PsGetProcessSessionId
+    - _strnicmp
+    - RtlSubAuthoritySid
+    - RtlSubAuthorityCountSid
+    - ZwQueryInformationToken
+    - ZwOpenProcessTokenEx
+    - PsTerminateSystemThread
+    - PsThreadType
+    - PsCreateSystemThread
+    - KeTickCount
+    - KeBugCheckEx
+    - _vsnprintf
+    - strncmp
+    - strchr
+    - strncpy
+    - strstr
+    - ExAllocatePool
+    - _stricmp
+    - rand
+    - ZwCreateFile
+    - IoBuildDeviceIoControlRequest
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - _allshl
+    - RtlUnwind
+    Imports:
+    - ntoskrnl.exe
+    InternalName: windbg.sys
+    MD5: 0bdd51cc33e88b5265dfb7d88c5dc8d6
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: windbg.sys
+    Product: Microsoft? Windows? Operating System
+    ProductVersion: 10.0.19041.685
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: e1c6e942db6887e4c9e630b5bb75c313
+        SHA1: e703cd9718363d923287424967d01ca57fc8a842
+        SHA256: 8afa5d95d504001486a7641c204a06b483d2cf4f3b4ed072606cc05759996d9d
+    SHA1: 6a6fe0d69e0ea34d695c3b525e6db639f9ad6ac5
+    SHA256: ea50f22daade04d3ca06dedb497b905215cba31aae7b4cab4b533fda0c5be620
+    Sections:
+        .text:
+            Entropy: 6.560075759576669
+            Virtual Size: '0xcf52'
+        .rdata:
+            Entropy: 7.956474654695534
+            Virtual Size: '0xdc5e4'
+        .data:
+            Entropy: 2.3758735106170197
+            Virtual Size: '0x2420'
+        INIT:
+            Entropy: 5.700732148931988
+            Virtual Size: '0xa1a'
+        .rsrc:
+            Entropy: 3.337476767732356
+            Virtual Size: '0x400'
+        .reloc:
+            Entropy: 3.4327474207821553
+            Virtual Size: '0x144e'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: ??=CN, ??=, ??=, ??=Private Organization, serialNumber=91420100MA4KN92W72,
+                C=CN, ST=, L=, O=Wuhan Jiajia Yiyong Technology Co., Ltd., CN=Wuhan
+                Jiajia Yiyong Technology Co., Ltd.
+            ValidFrom: '2020-11-17 00:00:00'
+            ValidTo: '2023-11-12 23:59:59'
+            Signature: 9451eb3eee03a01f0c66d87dc537eb17f37bc157ec9037c05a55ee4a3d0c207c67b981841c2b642084bca0a3c65f8e8eb5413f3e897b267aad91044c4098319a1f703fa995afdc53896d20245af8c2829e80081d36135ac1acb414bf966fd0af157b3fc2dac8f616f2b794a76b0fb7b300db0c579f093e31dd739b43f09fb7a73c6c914d8453032ea14950246e80abfc7fbaff2597ab68b6f03d30d97edbee25c0e2786040a1770e26661867920f3b01132c4ac5dc9ef97ae59e7baad68fe1b2b12acc7ed54697e9d4025ced62ac9dca82104ac7dd8219b331fcbed72aab33b95fed0ef6a1f9831c8b68457be6b080ae3c9ae15df500a53b7b2a198ee71abd1b
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 012eab44fa8853d913e7107c89406432
+            Version: 3
+            TBS:
+                MD5: 5d40693a8cfc4fd21f0c610ed3ee8477
+                SHA1: 4dffeb59ea4c32c7b87c9fe44d55f5e622444824
+                SHA256: d7380ff1b3d400fdf8cf2d8ab18ac65a071ae51c83cce017fa236fb530c4af74
+                SHA384: 9feb1b57516ca5131bb53e05cfc2c1d1df028761ede93e58f42026a9781507a72e28bb2aca693c72f29da7f0421f45bc
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA
+            ValidFrom: '2012-04-18 12:00:00'
+            ValidTo: '2027-04-18 12:00:00'
+            Signature: 9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0dd0e3374ac95bdbfa6b434b2a48ec06
+            Version: 3
+            TBS:
+                MD5: f92649915476229b093c211c2b18e6c4
+                SHA1: 2d54c16a8f8b69ccdea48d0603c132f547a5cf75
+                SHA256: 2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
+                SHA384: 511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace
+        Signer:
+        -   SerialNumber: 012eab44fa8853d913e7107c89406432
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA
+            Version: 1
+    Imphash: f8e4844312e81dbdb4e8e95e2ad2c127
+    LoadsDespiteHVCI: 'TRUE'
+-   Authentihash:
+        MD5: dbc72430b48b0ca636a84b9e5ed0d534
+        SHA1: 58ca196bfd54c6166aae0f8000fa8a1a66a0073e
+        SHA256: 45b969ae1b381716a29cd509622470b5b20b70c7efe4c9b7c0568faa298605ff
+    Company: Microsoft Corporation
+    Copyright: '? Microsoft Corporation. All rights reserved.'
+    CreationTimestamp: '2023-03-30 04:24:09'
+    Date: ''
+    Description: Windows GUI symbolic debugger
+    ExportedFunctions: ''
+    FileVersion: 10.0.19041.685 (WinBuild.160101.0800)
+    Filename: windbg.sys
+    ImportedFunctions:
+    - IoDeleteDevice
+    - IoDetachDevice
+    - memcpy
+    - memset
+    - ZwClose
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - ObOpenObjectByPointer
+    - PsProcessType
+    - PsLookupProcessByProcessId
+    - MmGetSystemRoutineAddress
+    - RtlInitUnicodeString
+    - IofCallDriver
+    - PsGetCurrentProcessId
+    - IoGetLowerDeviceObject
+    - ObfDereferenceObject
+    - IoGetAttachedDeviceReference
+    - IoUnregisterShutdownNotification
+    - KeDelayExecutionThread
+    - IoAttachDeviceToDeviceStackSafe
+    - IoCreateDevice
+    - IoEnumerateDeviceObjectList
+    - IoRegisterShutdownNotification
+    - IoUnregisterFsRegistrationChange
+    - IoRegisterFsRegistrationChange
+    - _vsnwprintf
+    - PsGetVersion
+    - ZwAllocateVirtualMemory
+    - MmUnmapLockedPages
+    - IoFreeMdl
+    - MmMapLockedPages
+    - MmBuildMdlForNonPagedPool
+    - MmCreateMdl
+    - ZwReadFile
+    - ZwQueryInformationFile
+    - IoCreateFile
+    - _wcsicmp
+    - _wcsnicmp
+    - RtlEqualUnicodeString
+    - ZwWriteFile
+    - ZwFlushKey
+    - ZwSetValueKey
+    - ZwQueryValueKey
+    - RtlRandom
+    - KeQuerySystemTime
+    - ZwDeleteKey
+    - ZwOpenKey
+    - ZwEnumerateKey
+    - IoFreeIrp
+    - KeSetEvent
+    - KeWaitForSingleObject
+    - KeGetCurrentThread
+    - KeInitializeEvent
+    - IoAllocateIrp
+    - IoGetRelatedDeviceObject
+    - ObReferenceObjectByHandle
+    - IoFileObjectType
+    - ObQueryNameString
+    - RtlCopyUnicodeString
+    - MmIsAddressValid
+    - PsGetProcessPeb
+    - RtlCreateUnicodeString
+    - ZwDeleteValueKey
+    - ZwCreateKey
+    - RtlFreeUnicodeString
+    - ZwDeleteFile
+    - PsRemoveLoadImageNotifyRoutine
+    - CmUnRegisterCallback
+    - PsSetLoadImageNotifyRoutine
+    - CmRegisterCallback
+    - ObReferenceObjectByName
+    - ZwFreeVirtualMemory
+    - ZwWaitForSingleObject
+    - KeUnstackDetachProcess
+    - KeStackAttachProcess
+    - ZwDuplicateObject
+    - PsGetProcessSessionId
+    - _strnicmp
+    - RtlSubAuthoritySid
+    - RtlSubAuthorityCountSid
+    - ZwQueryInformationToken
+    - ZwOpenProcessTokenEx
+    - PsTerminateSystemThread
+    - PsThreadType
+    - PsCreateSystemThread
+    - KeTickCount
+    - KeBugCheckEx
+    - _vsnprintf
+    - strncmp
+    - strchr
+    - strncpy
+    - strstr
+    - ExAllocatePool
+    - _stricmp
+    - rand
+    - ZwCreateFile
+    - IoBuildDeviceIoControlRequest
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - _allshl
+    - RtlUnwind
+    Imports:
+    - ntoskrnl.exe
+    InternalName: windbg.sys
+    MD5: b6b530dd25c5eb66499968ec82e8791e
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: windbg.sys
+    Product: Microsoft? Windows? Operating System
+    ProductVersion: 10.0.19041.685
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: e1c6e942db6887e4c9e630b5bb75c313
+        SHA1: e703cd9718363d923287424967d01ca57fc8a842
+        SHA256: 8afa5d95d504001486a7641c204a06b483d2cf4f3b4ed072606cc05759996d9d
+    SHA1: 9c1c9032aa1e33461f35dbf79b6f2d061bfc6774
+    SHA256: fa9abb3e7e06f857be191a1e049dd37642ec41fb2520c105df2227fcac3de5d5
+    Sections:
+        .text:
+            Entropy: 6.560245241511933
+            Virtual Size: '0xcf52'
+        .rdata:
+            Entropy: 7.956474654695534
+            Virtual Size: '0xdc5e4'
+        .data:
+            Entropy: 2.3758735106170197
+            Virtual Size: '0x2420'
+        INIT:
+            Entropy: 5.700732148931988
+            Virtual Size: '0xa1a'
+        .rsrc:
+            Entropy: 3.337476767732356
+            Virtual Size: '0x400'
+        .reloc:
+            Entropy: 3.4327474207821553
+            Virtual Size: '0x144e'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Hardware Compatibility Publisher
+            ValidFrom: '2023-01-12 19:14:51'
+            ValidTo: '2023-12-15 19:14:51'
+            Signature: 04d1261b735b38b551b427cf9a295d4eb18edd92de14079aa33a10511ee6d262938b29ae208f96be64a80e2967fb8d7aa5750613901a9da6a82935398175482096430c9acecb55ee2c5468d119f467378c18251a8fe01e9d7b79bce903ccb7afb227e2d0abee00bd9fd6bbbbd67c014888dc46f3efa912d4576f7ca9980957609cd21fbd51815cb11bee95fa780498d905e866bc1a604e407ee0d97a105bcc8e600200b19b9c3a56cb3918047f21ba9ee2228b46b8e5c8b456ba65e6f0c40d28294b654761660e9d14948866c3f0f65f028e47641059d3f195812e871362128bcefb901d5aeace862e3d683b291d65c138138ea1335fe3552f4c46a7f7b0c6e5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 33000000f3158ea57d1c559f290000000000f3
+            Version: 3
+            TBS:
+                MD5: 8d4476692bcda36ed89244b94bd705f0
+                SHA1: ce72176d5cad611366e13a9a997ad7ecc7eb815f
+                SHA256: dd1db9c0e7e50040ac6c586c1b6fd479cef240c064473373f75fbeb3e04ff972
+                SHA384: 6f8e6245a2f817203781cc38a9463e5ac7a7db499aede35d3321b4848fc1389dd29831cdfc26984a691d5875c4eebf1a
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2012
+            ValidFrom: '2012-04-18 23:48:38'
+            ValidTo: '2027-04-18 23:58:38'
+            Signature: 5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 610baac1000000000009
+            Version: 3
+            TBS:
+                MD5: a569061297e8e824767dbc3184a69bea
+                SHA1: adbb26a587a8f44b4fccaecb306f980d1c55a150
+                SHA256: cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46
+                SHA384: e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba
+        Signer:
+        -   SerialNumber: 33000000f3158ea57d1c559f290000000000f3
+            Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2012
+            Version: 1
+    Imphash: f8e4844312e81dbdb4e8e95e2ad2c127
+    LoadsDespiteHVCI: 'TRUE'
+-   Authentihash:
+        MD5: ff65997d5644ff042a7e3a5cb9030af2
+        SHA1: a1c5483d4d29d0cd9edc6e42a21d70f56de12aaf
+        SHA256: 9be868eb7e177ee6d762f2a022acf18b6b190fecbe445b3c09fc0494e8244ee8
+    Company: Microsoft Corporation
+    Copyright: '? Microsoft Corporation. All rights reserved.'
+    CreationTimestamp: '2023-03-30 04:23:58'
+    Date: ''
+    Description: Windows GUI symbolic debugger
+    ExportedFunctions: ''
+    FileVersion: 10.0.19041.685 (WinBuild.160101.0800)
+    Filename: windbg.sys
+    ImportedFunctions:
+    - ExAllocatePoolWithTag
+    - PsProcessType
+    - IoGetLowerDeviceObject
+    - ExFreePoolWithTag
+    - IoRegisterShutdownNotification
+    - IoAttachDeviceToDeviceStackSafe
+    - PsLookupProcessByProcessId
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - MmGetSystemRoutineAddress
+    - IoDetachDevice
+    - KeDelayExecutionThread
+    - IoUnregisterShutdownNotification
+    - ZwClose
+    - IoGetAttachedDeviceReference
+    - PsGetCurrentProcessId
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - IoEnumerateDeviceObjectList
+    - IoUnregisterFsRegistrationChange
+    - ObOpenObjectByPointer
+    - IoRegisterFsRegistrationChange
+    - IofCallDriver
+    - MmUnmapLockedPages
+    - _wcsicmp
+    - PsGetProcessPeb
+    - ZwCreateKey
+    - RtlCreateUnicodeString
+    - MmMapLockedPages
+    - PsSetLoadImageNotifyRoutine
+    - _wcsnicmp
+    - ZwReadFile
+    - IoGetRelatedDeviceObject
+    - KeSetEvent
+    - IoCreateFile
+    - KeInitializeEvent
+    - ZwDeleteValueKey
+    - ZwSetValueKey
+    - RtlEqualUnicodeString
+    - MmBuildMdlForNonPagedPool
+    - IoFreeMdl
+    - RtlFreeUnicodeString
+    - ObQueryNameString
+    - IoFileObjectType
+    - ZwQueryValueKey
+    - _vsnwprintf
+    - RtlRandom
+    - ObReferenceObjectByHandle
+    - KeWaitForSingleObject
+    - PsRemoveLoadImageNotifyRoutine
+    - ZwFlushKey
+    - MmCreateMdl
+    - IoFreeIrp
+    - ZwDeleteFile
+    - PsGetVersion
+    - IoAllocateIrp
+    - CmRegisterCallback
+    - RtlCopyUnicodeString
+    - MmIsAddressValid
+    - CmUnRegisterCallback
+    - ZwQueryInformationFile
+    - ZwWriteFile
+    - ZwDeleteKey
+    - ZwEnumerateKey
+    - ZwAllocateVirtualMemory
+    - ZwOpenKey
+    - KeUnstackDetachProcess
+    - ZwWaitForSingleObject
+    - ZwFreeVirtualMemory
+    - PsGetProcessSessionId
+    - ZwDuplicateObject
+    - ObReferenceObjectByName
+    - KeStackAttachProcess
+    - RtlSubAuthoritySid
+    - _strnicmp
+    - ZwOpenProcessTokenEx
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - PsThreadType
+    - RtlSubAuthorityCountSid
+    - ZwQueryInformationToken
+    - KeBugCheckEx
+    - strncmp
+    - strstr
+    - strchr
+    - strncpy
+    - _vsnprintf
+    - rand
+    - _stricmp
+    - ExAllocatePool
+    - IoBuildDeviceIoControlRequest
+    - ZwCreateFile
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - __C_specific_handler
+    Imports:
+    - ntoskrnl.exe
+    InternalName: windbg.sys
+    MD5: 77a7ed4798d02ef6636cd0fd07fc382a
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: windbg.sys
+    Product: Microsoft? Windows? Operating System
+    ProductVersion: 10.0.19041.685
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 0b8725117e665d5272218cb41038327d
+        SHA1: a6dde20a0c8ba6cfe531ce1a57035b8d7b3d900a
+        SHA256: b54213d1248761579f5f569ab7e32402dd88a12622377d381f7eb55d4f4eb053
+    SHA1: 76789196eebfd4203f477a5a6c75eefc12d9a837
+    SHA256: f936ec4c8164cbd31add659b61c16cb3a717eac90e74d89c47afb96b60120280
+    Sections:
+        .text:
+            Entropy: 6.316005052434714
+            Virtual Size: '0xf332'
+        .rdata:
+            Entropy: 7.924187513971753
+            Virtual Size: '0x1100cc'
+        .data:
+            Entropy: 1.4059711626373768
+            Virtual Size: '0x2608'
+        .pdata:
+            Entropy: 4.843716813714921
+            Virtual Size: '0x6d8'
+        INIT:
+            Entropy: 5.256170796244334
+            Virtual Size: '0xb70'
+        .rsrc:
+            Entropy: 3.333432129597516
+            Virtual Size: '0x400'
+        .reloc:
+            Entropy: 1.3463891478457575
+            Virtual Size: '0x174'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: ??=CN, ??=, ??=, ??=Private Organization, serialNumber=91420100MA4KN92W72,
+                C=CN, ST=, L=, O=Wuhan Jiajia Yiyong Technology Co., Ltd., CN=Wuhan
+                Jiajia Yiyong Technology Co., Ltd.
+            ValidFrom: '2020-11-17 00:00:00'
+            ValidTo: '2023-11-12 23:59:59'
+            Signature: 9451eb3eee03a01f0c66d87dc537eb17f37bc157ec9037c05a55ee4a3d0c207c67b981841c2b642084bca0a3c65f8e8eb5413f3e897b267aad91044c4098319a1f703fa995afdc53896d20245af8c2829e80081d36135ac1acb414bf966fd0af157b3fc2dac8f616f2b794a76b0fb7b300db0c579f093e31dd739b43f09fb7a73c6c914d8453032ea14950246e80abfc7fbaff2597ab68b6f03d30d97edbee25c0e2786040a1770e26661867920f3b01132c4ac5dc9ef97ae59e7baad68fe1b2b12acc7ed54697e9d4025ced62ac9dca82104ac7dd8219b331fcbed72aab33b95fed0ef6a1f9831c8b68457be6b080ae3c9ae15df500a53b7b2a198ee71abd1b
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 012eab44fa8853d913e7107c89406432
+            Version: 3
+            TBS:
+                MD5: 5d40693a8cfc4fd21f0c610ed3ee8477
+                SHA1: 4dffeb59ea4c32c7b87c9fe44d55f5e622444824
+                SHA256: d7380ff1b3d400fdf8cf2d8ab18ac65a071ae51c83cce017fa236fb530c4af74
+                SHA384: 9feb1b57516ca5131bb53e05cfc2c1d1df028761ede93e58f42026a9781507a72e28bb2aca693c72f29da7f0421f45bc
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA
+            ValidFrom: '2012-04-18 12:00:00'
+            ValidTo: '2027-04-18 12:00:00'
+            Signature: 9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0dd0e3374ac95bdbfa6b434b2a48ec06
+            Version: 3
+            TBS:
+                MD5: f92649915476229b093c211c2b18e6c4
+                SHA1: 2d54c16a8f8b69ccdea48d0603c132f547a5cf75
+                SHA256: 2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
+                SHA384: 511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace
+        Signer:
+        -   SerialNumber: 012eab44fa8853d913e7107c89406432
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA
+            Version: 1
+    Imphash: 3db9de43d5d530c10d0cd2d43c7a0771
+    LoadsDespiteHVCI: 'TRUE'
diff --git a/yaml/9c4e2e75-a8be-4d2f-b016-e2a98281c8ec.yaml b/yaml/9c4e2e75-a8be-4d2f-b016-e2a98281c8ec.yaml
index 4a6d61364..b654483ab 100644
--- a/yaml/9c4e2e75-a8be-4d2f-b016-e2a98281c8ec.yaml
+++ b/yaml/9c4e2e75-a8be-4d2f-b016-e2a98281c8ec.yaml
@@ -1,173 +1,174 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 9c4e2e75-a8be-4d2f-b016-e2a98281c8ec
+Tags:
+- bs_hwmio64.sys
+Verified: 'TRUE'
 Author: Michael Haag
+Created: '2023-07-22'
+MitreID: T1068
 CVE:
 - ''
 Category: vulnerable drivers
 Commands:
-  Command: ''
-  Description: Confirmed vulnerable driver from Microsoft Block List
-  OperatingSystem: Windows
-  Privileges: kernel
-  Usecase: Elevate privileges
-Created: '2023-07-22'
-Detection:
-- type: ''
-  value: ''
-Id: 9c4e2e75-a8be-4d2f-b016-e2a98281c8ec
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 7aee4bd242f01b3e4441b80c6a6dd593
-    SHA1: eddcdd3838c05f5b95661d5404bf5d510ef34eb3
-    SHA256: 7ea9b2420483183cf7b25d6577848f2dfe2ae064a61d931d6b8b65b31a1b2685
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2010-12-02 00:35:34'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - IoDeleteDevice
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - MmUnmapIoSpace
-  - IoStartNextPacket
-  - MmMapIoSpace
-  - RtlInitUnicodeString
-  - IoReleaseCancelSpinLock
-  - IoAcquireCancelSpinLock
-  - IoStartPacket
-  - IofCompleteRequest
-  - KeBugCheckEx
-  - KeRemoveEntryDeviceQueue
-  - IoDeleteSymbolicLink
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: 8af49cbb873437aeacfbdbcf884f8ebe
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 38f70f0494a101ea4839b05c985a21b8
-    SHA1: 93a89a3c6fba092934046ba5ee0f0d8a31b1a005
-    SHA256: 0fcffe908eeda4beb440a7c245b47e6d82878c111a2f25434e94a6f33541351d
-  SHA1: e7f1f0e62e40ba70aa3227a006f8587b753b4ea3
-  SHA256: 6dafd15ee2fbce87fef1279312660fc399c4168f55b6e6d463bf680f1979adcf
-  Sections:
-    .text:
-      Entropy: 5.757986737987432
-      Virtual Size: '0x3af'
-    .rdata:
-      Entropy: 3.929371440317254
-      Virtual Size: '0x12c'
-    .data:
-      Entropy: 0.5035334969292564
-      Virtual Size: '0x118'
-    .pdata:
-      Entropy: 3.094619127901513
-      Virtual Size: '0x54'
-    PAGE:
-      Entropy: 4.263541737154311
-      Virtual Size: '0x7a'
-    INIT:
-      Entropy: 5.264829625302344
-      Virtual Size: '0x3b8'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=TW, ST=TAIPEI HSIEN, L=HSIN TIEN, O=BIOSTAR MICROTECH INT'L CORP,
-        OU=Digital ID Class 3 , Microsoft Software Validation v2, OU=BMA;BMG, CN=BIOSTAR
-        MICROTECH INT'L CORP
-      ValidFrom: '2010-09-19 00:00:00'
-      ValidTo: '2013-10-19 23:59:59'
-      Signature: 06b346c5f71bba225d131ad7b037d6c016703a8f3d89746a2d49e5641a0ccd4034c78e4a5a756380d88cf8321b3c886cb5e2656c16c03cff1588b126a7d206fd98fd7e2d61cc80998dfb58d4652112aa258506f779543fcc0b72c06f2174f11bb01017a5c49ae4b31fd913cee75241022e7c5bd14ffff2dbe5f9c211b1a8b3bd9cc3cb5648712c5b57397f136c105148021299be4d99ba1c29d611adb10695d4565a697efe03e6c95d869883c63dffb2fac5f3db7612608f6ee7a59646031231292c7904d69bd997c266ad2f1bca7e35453a08e53d8d9e302b9bbeeca812c64f03bc641cdeb7c5ba70999724f7d92918f1f8a8657f95290cc16ee0e281a785e7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 124dc5a63cc2bd8265445e912ed07d1f
-      Version: 3
-      TBS:
-        MD5: beccd5c41126e0c537cf489954b53feb
-        SHA1: 109fbb823652c1148c4949cdc860abd5b4ad24e5
-        SHA256: aac7608d0bcb286dc9869eb39125b27a960d9533db860cc9e3148149ca149c4a
-        SHA384: 16a03de40518fd3ffcee724d218effca4edfd9abf66d374d45ef3310ccf7e5be707f27588306b4c1bf28172a7d281869
-    Signer:
-    - SerialNumber: 124dc5a63cc2bd8265445e912ed07d1f
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  Imphash: 42bba6b33379ce4af9d401af88faaca3
-  LoadsDespiteHVCI: 'FALSE'
-MitreID: T1068
+    Command: ''
+    Description: Confirmed vulnerable driver from Microsoft Block List
+    OperatingSystem: Windows
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://gist.github.com/mgraeber-rc/1bde6a2a83237f17b463d051d32e802c
-Tags:
-- bs_hwmio64.sys
-Verified: 'TRUE'
+Detection:
+-   type: ''
+    value: ''
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 7aee4bd242f01b3e4441b80c6a6dd593
+        SHA1: eddcdd3838c05f5b95661d5404bf5d510ef34eb3
+        SHA256: 7ea9b2420483183cf7b25d6577848f2dfe2ae064a61d931d6b8b65b31a1b2685
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2010-12-02 00:35:34'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - IoDeleteDevice
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - MmUnmapIoSpace
+    - IoStartNextPacket
+    - MmMapIoSpace
+    - RtlInitUnicodeString
+    - IoReleaseCancelSpinLock
+    - IoAcquireCancelSpinLock
+    - IoStartPacket
+    - IofCompleteRequest
+    - KeBugCheckEx
+    - KeRemoveEntryDeviceQueue
+    - IoDeleteSymbolicLink
+    - HalTranslateBusAddress
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: 8af49cbb873437aeacfbdbcf884f8ebe
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 38f70f0494a101ea4839b05c985a21b8
+        SHA1: 93a89a3c6fba092934046ba5ee0f0d8a31b1a005
+        SHA256: 0fcffe908eeda4beb440a7c245b47e6d82878c111a2f25434e94a6f33541351d
+    SHA1: e7f1f0e62e40ba70aa3227a006f8587b753b4ea3
+    SHA256: 6dafd15ee2fbce87fef1279312660fc399c4168f55b6e6d463bf680f1979adcf
+    Sections:
+        .text:
+            Entropy: 5.757986737987432
+            Virtual Size: '0x3af'
+        .rdata:
+            Entropy: 3.929371440317254
+            Virtual Size: '0x12c'
+        .data:
+            Entropy: 0.5035334969292564
+            Virtual Size: '0x118'
+        .pdata:
+            Entropy: 3.094619127901513
+            Virtual Size: '0x54'
+        PAGE:
+            Entropy: 4.263541737154311
+            Virtual Size: '0x7a'
+        INIT:
+            Entropy: 5.264829625302344
+            Virtual Size: '0x3b8'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=TW, ST=TAIPEI HSIEN, L=HSIN TIEN, O=BIOSTAR MICROTECH INT'L
+                CORP, OU=Digital ID Class 3 , Microsoft Software Validation v2, OU=BMA;BMG,
+                CN=BIOSTAR MICROTECH INT'L CORP
+            ValidFrom: '2010-09-19 00:00:00'
+            ValidTo: '2013-10-19 23:59:59'
+            Signature: 06b346c5f71bba225d131ad7b037d6c016703a8f3d89746a2d49e5641a0ccd4034c78e4a5a756380d88cf8321b3c886cb5e2656c16c03cff1588b126a7d206fd98fd7e2d61cc80998dfb58d4652112aa258506f779543fcc0b72c06f2174f11bb01017a5c49ae4b31fd913cee75241022e7c5bd14ffff2dbe5f9c211b1a8b3bd9cc3cb5648712c5b57397f136c105148021299be4d99ba1c29d611adb10695d4565a697efe03e6c95d869883c63dffb2fac5f3db7612608f6ee7a59646031231292c7904d69bd997c266ad2f1bca7e35453a08e53d8d9e302b9bbeeca812c64f03bc641cdeb7c5ba70999724f7d92918f1f8a8657f95290cc16ee0e281a785e7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 124dc5a63cc2bd8265445e912ed07d1f
+            Version: 3
+            TBS:
+                MD5: beccd5c41126e0c537cf489954b53feb
+                SHA1: 109fbb823652c1148c4949cdc860abd5b4ad24e5
+                SHA256: aac7608d0bcb286dc9869eb39125b27a960d9533db860cc9e3148149ca149c4a
+                SHA384: 16a03de40518fd3ffcee724d218effca4edfd9abf66d374d45ef3310ccf7e5be707f27588306b4c1bf28172a7d281869
+        Signer:
+        -   SerialNumber: 124dc5a63cc2bd8265445e912ed07d1f
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    Imphash: 42bba6b33379ce4af9d401af88faaca3
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/9ca73d04-3349-4c16-9384-94c43335a031.yaml b/yaml/9ca73d04-3349-4c16-9384-94c43335a031.yaml
index 95385578f..881e12131 100644
--- a/yaml/9ca73d04-3349-4c16-9384-94c43335a031.yaml
+++ b/yaml/9ca73d04-3349-4c16-9384-94c43335a031.yaml
@@ -1,210 +1,211 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 9ca73d04-3349-4c16-9384-94c43335a031
+Tags:
+- Driver7.sys
+Verified: 'TRUE'
 Author: Michael Haag
+Created: '2023-07-22'
+MitreID: T1068
 CVE:
 - ''
 Category: vulnerable drivers
 Commands:
-  Command: ''
-  Description: Confirmed vulnerable driver from Microsoft Block List
-  OperatingSystem: Windows
-  Privileges: kernel
-  Usecase: Elevate privileges
-Created: '2023-07-22'
-Detection:
-- type: ''
-  value: ''
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: 9ca73d04-3349-4c16-9384-94c43335a031
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: c0422d1f940cc872c08c1d0d7103856d
-    SHA1: 87c2e547126b4eebfa51142625b14eb4312a53cc
-    SHA256: 7fba2584bb4fb801f322e3a63253ffac36a76d9dc5f0a4747746b0791e2a0d0b
-  Company: ASUStek
-  Copyright: 'Copyright '
-  CreationTimestamp: '2013-03-21 06:35:29'
-  Date: ''
-  Description: The driver for the ECtool driver-based tools
-  ExportedFunctions: ''
-  FileVersion: 2.5.0.2
-  Filename: ''
-  ImportedFunctions:
-  - IoWMIQueryAllData
-  - ZwMapViewOfSection
-  - RtlInitUnicodeString
-  - IoWMIOpenBlock
-  - MmGetPhysicalAddress
-  - ZwUnmapViewOfSection
-  - ZwClose
-  - IofCompleteRequest
-  - ExFreePoolWithTag
-  - ObfDereferenceObject
-  - ZwOpenSection
-  - DbgPrint
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeBugCheckEx
-  - ObReferenceObjectByHandle
-  - ExAllocatePoolWithTag
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: Driver7.sys
-  MD5: 4ad13cdb6330cede4b2c4e1be3ee267f
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: Driver7
-  PDBPath: ''
-  Product: EC tool
-  ProductVersion: '2.5'
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 2e1105714ec7e9b57b3520499701e54b
-    SHA1: 0ce55ddc4c9b7fcd807a2f5454078dd0f2bad162
-    SHA256: 19f427ad1dd3c81ebdc6898b80c89e9b005482333025bd7c0109e9ed4d2630fd
-  SHA1: 8a4aec02fb728786cdecbb29c82db2463d4717f1
-  SHA256: 1beb15c90dcf7a5234ed077833a0a3e900969b60be1d04fcebce0a9f8994bdbb
-  Sections:
-    .text:
-      Entropy: 6.500568788219929
-      Virtual Size: '0x2134'
-    .rdata:
-      Entropy: 4.3339555414847135
-      Virtual Size: '0x264'
-    .data:
-      Entropy: 0.7309800478383667
-      Virtual Size: '0x140'
-    .pdata:
-      Entropy: 3.8199400332498428
-      Virtual Size: '0x150'
-    PAGE:
-      Entropy: 4.586659502510647
-      Virtual Size: '0x59'
-    INIT:
-      Entropy: 5.570641218013118
-      Virtual Size: '0x444'
-    .rsrc:
-      Entropy: 3.2536897266769826
-      Virtual Size: '0x398'
-    .reloc:
-      Entropy: 1.3741854163060885
-      Virtual Size: '0x18'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=TW, ST=Taiwan, L=Taipei / Peitou, O=ASUSTeK Computer Inc., OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=Quality Testing Department,
-        CN=ASUSTeK Computer Inc.
-      ValidFrom: '2012-07-31 00:00:00'
-      ValidTo: '2015-08-03 23:59:59'
-      Signature: 03cd161c1960e13d0b06441f08fdfc9df8319f8d87a83ecc865bc20767841d4087e40dc9d770bdc5c0fe6ccb9cf3e08bee7364451b03fb3130356761cae54417e8a282ed7cd33b0becd72e8799b616a2766976a7172a1cc299e8321ebeb479f592e03f425da4b2ea6a0cd0b5cc32b9bdeec80aa3ef0a62d6e16b72765301d53ef883ab9210a4b868ff2e2724e37804feb5277d3e26da8ba9d0b6ef61769d1c0f62a78757779d7134a63320b1a692584f12162d3fa20ec6e1b038b1a8d7afc2fad7b692759c6a000159714271f40d608fed3c08213b757fa75baf4674380f5aea46b7125f17532c636876c1f3e0d4b0350822f2a640001fda794b969e2cc681c2
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 7d08d9bc130726de26ee4ef28e133084
-      Version: 3
-      TBS:
-        MD5: 72cafb0a175f0481177fa2c9803283c7
-        SHA1: b603167b958c5fcd7094552891ddc4e2ea4c149f
-        SHA256: a36a0024075771a4b30eab8f1288817059fe1a01003d0c1d92f647df17f3b688
-        SHA384: 33c28dc6857ce5d20a2e9ba8a47f6bc80a9a98fba518fd732963bedbbb408848b89b3d8438d413f8b933ee761ffa1653
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 7d08d9bc130726de26ee4ef28e133084
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 83153e4562f92801f14f1b21f712cb46
-  LoadsDespiteHVCI: 'FALSE'
-MitreID: T1068
+    Command: ''
+    Description: Confirmed vulnerable driver from Microsoft Block List
+    OperatingSystem: Windows
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://gist.github.com/mgraeber-rc/1bde6a2a83237f17b463d051d32e802c
-Tags:
-- Driver7.sys
-Verified: 'TRUE'
+Detection:
+-   type: ''
+    value: ''
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: c0422d1f940cc872c08c1d0d7103856d
+        SHA1: 87c2e547126b4eebfa51142625b14eb4312a53cc
+        SHA256: 7fba2584bb4fb801f322e3a63253ffac36a76d9dc5f0a4747746b0791e2a0d0b
+    Company: ASUStek
+    Copyright: 'Copyright '
+    CreationTimestamp: '2013-03-21 06:35:29'
+    Date: ''
+    Description: The driver for the ECtool driver-based tools
+    ExportedFunctions: ''
+    FileVersion: 2.5.0.2
+    Filename: ''
+    ImportedFunctions:
+    - IoWMIQueryAllData
+    - ZwMapViewOfSection
+    - RtlInitUnicodeString
+    - IoWMIOpenBlock
+    - MmGetPhysicalAddress
+    - ZwUnmapViewOfSection
+    - ZwClose
+    - IofCompleteRequest
+    - ExFreePoolWithTag
+    - ObfDereferenceObject
+    - ZwOpenSection
+    - DbgPrint
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeBugCheckEx
+    - ObReferenceObjectByHandle
+    - ExAllocatePoolWithTag
+    - HalTranslateBusAddress
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: Driver7.sys
+    MD5: 4ad13cdb6330cede4b2c4e1be3ee267f
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: Driver7
+    PDBPath: ''
+    Product: EC tool
+    ProductVersion: '2.5'
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 2e1105714ec7e9b57b3520499701e54b
+        SHA1: 0ce55ddc4c9b7fcd807a2f5454078dd0f2bad162
+        SHA256: 19f427ad1dd3c81ebdc6898b80c89e9b005482333025bd7c0109e9ed4d2630fd
+    SHA1: 8a4aec02fb728786cdecbb29c82db2463d4717f1
+    SHA256: 1beb15c90dcf7a5234ed077833a0a3e900969b60be1d04fcebce0a9f8994bdbb
+    Sections:
+        .text:
+            Entropy: 6.500568788219929
+            Virtual Size: '0x2134'
+        .rdata:
+            Entropy: 4.3339555414847135
+            Virtual Size: '0x264'
+        .data:
+            Entropy: 0.7309800478383667
+            Virtual Size: '0x140'
+        .pdata:
+            Entropy: 3.8199400332498428
+            Virtual Size: '0x150'
+        PAGE:
+            Entropy: 4.586659502510647
+            Virtual Size: '0x59'
+        INIT:
+            Entropy: 5.570641218013118
+            Virtual Size: '0x444'
+        .rsrc:
+            Entropy: 3.2536897266769826
+            Virtual Size: '0x398'
+        .reloc:
+            Entropy: 1.3741854163060885
+            Virtual Size: '0x18'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=TW, ST=Taiwan, L=Taipei / Peitou, O=ASUSTeK Computer Inc.,
+                OU=Digital ID Class 3 , Microsoft Software Validation v2, OU=Quality
+                Testing Department, CN=ASUSTeK Computer Inc.
+            ValidFrom: '2012-07-31 00:00:00'
+            ValidTo: '2015-08-03 23:59:59'
+            Signature: 03cd161c1960e13d0b06441f08fdfc9df8319f8d87a83ecc865bc20767841d4087e40dc9d770bdc5c0fe6ccb9cf3e08bee7364451b03fb3130356761cae54417e8a282ed7cd33b0becd72e8799b616a2766976a7172a1cc299e8321ebeb479f592e03f425da4b2ea6a0cd0b5cc32b9bdeec80aa3ef0a62d6e16b72765301d53ef883ab9210a4b868ff2e2724e37804feb5277d3e26da8ba9d0b6ef61769d1c0f62a78757779d7134a63320b1a692584f12162d3fa20ec6e1b038b1a8d7afc2fad7b692759c6a000159714271f40d608fed3c08213b757fa75baf4674380f5aea46b7125f17532c636876c1f3e0d4b0350822f2a640001fda794b969e2cc681c2
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 7d08d9bc130726de26ee4ef28e133084
+            Version: 3
+            TBS:
+                MD5: 72cafb0a175f0481177fa2c9803283c7
+                SHA1: b603167b958c5fcd7094552891ddc4e2ea4c149f
+                SHA256: a36a0024075771a4b30eab8f1288817059fe1a01003d0c1d92f647df17f3b688
+                SHA384: 33c28dc6857ce5d20a2e9ba8a47f6bc80a9a98fba518fd732963bedbbb408848b89b3d8438d413f8b933ee761ffa1653
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 7d08d9bc130726de26ee4ef28e133084
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 83153e4562f92801f14f1b21f712cb46
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/9d4358c3-5d6e-48a0-971e-e2ad7724c106.yaml b/yaml/9d4358c3-5d6e-48a0-971e-e2ad7724c106.yaml
index aae37f246..c6862c6d8 100644
--- a/yaml/9d4358c3-5d6e-48a0-971e-e2ad7724c106.yaml
+++ b/yaml/9d4358c3-5d6e-48a0-971e-e2ad7724c106.yaml
@@ -1,189 +1,190 @@
 Id: 9d4358c3-5d6e-48a0-971e-e2ad7724c106
+Tags:
+- filwfp.sys
+Verified: 'TRUE'
 Author: VirarK
 Created: '2024-06-20'
 MitreID: T1068
 Category: vulnerable driver
-Verified: 'TRUE'
 Commands:
-  Command: sc.exe create filwfp.sys binPath=C:\windows\temp\filwfp.sys type=kernel
-    && sc.exe start filwfp.sys
-  Description: "Twister Antivirus, fildds.sys, DoS2\n\n    CVE-2023-1444\n\n    From\
-    \ IoControlCode 0x8011206B, a normal user can cause DoS due to writing into\n\
-    \    null address."
-  Usecase: Elevate privileges
-  Privileges: kernel
-  OperatingSystem: Windows 10
+    Command: sc.exe create filwfp.sys binPath=C:\windows\temp\filwfp.sys type=kernel
+        && sc.exe start filwfp.sys
+    Description: "Twister Antivirus, fildds.sys, DoS2\n\n    CVE-2023-1444\n\n   \
+        \ From IoControlCode 0x8011206B, a normal user can cause DoS due to writing\
+        \ into\n    null address."
+    Usecase: Elevate privileges
+    Privileges: kernel
+    OperatingSystem: Windows 10
 Resources:
 - https://github.com/zeze-zeze/WindowsKernelVuln/tree/master/CVE-2023-1444
-Acknowledgement:
-  Person: ''
-  Handle: ''
 Detection: []
+Acknowledgement:
+    Person: ''
+    Handle: ''
 KnownVulnerableSamples:
-- Filename: ''
-  MD5: 09a85a7798059699231c111176a56a16
-  SHA1: 55a540e91527b4c0eadfdf01426bb841f590d9bb
-  SHA256: 490cfbb540dcd70b7bff4fdd62e7ed7400bbfebaf5083523d49f7184670f7b9a
-  Signature: ''
-  Date: ''
-  Publisher: ''
-  Company: Filseclab Corporation
-  Description: Filseclab Firewall
-  Product: Filseclab Firewall
-  ProductVersion: 1, 0, 0, 1216
-  FileVersion: 1, 0, 0, 1216
-  MachineType: AMD64
-  OriginalFilename: filwfp.sys
-  Imphash: 6461061c996437e942bd925300b79263
-  Authentihash:
-    MD5: 5aa51bc81bb52456cfde02916ae46545
-    SHA1: 25d318c988e09b38da0181be689b7c7ebeba22b2
-    SHA256: d253561067550539a9aca8884846432116fac5eee9948f2c5bdce7cf61985b7d
-  RichPEHeaderHash:
-    MD5: 251c1ccdd835c310182566457353b379
-    SHA1: 7bfea68dfc3a31957a4eb1e58c0c7b916a3250d6
-    SHA256: 6e6be30e2ffe968629979096d3cf3db6c63c9b5111fd527e0ab2853df02233a9
-  Sections:
-    .text:
-      Entropy: 6.058237723079888
-      Virtual Size: '0x6d60'
-    .rdata:
-      Entropy: 5.2117027229618635
-      Virtual Size: '0x1ac4'
-    .data:
-      Entropy: 3.5263861163253623
-      Virtual Size: '0x1008'
-    .pdata:
-      Entropy: 4.2400821760471485
-      Virtual Size: '0x3f0'
-    .edata:
-      Entropy: 3.6635615805648585
-      Virtual Size: '0xab'
-    INIT:
-      Entropy: 4.5647788045741
-      Virtual Size: '0x34c'
-    .rsrc:
-      Entropy: 3.246030050051526
-      Virtual Size: '0x3d8'
-    .reloc:
-      Entropy: 4.788951765805477
-      Virtual Size: '0x2f0'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2013-01-30 04:17:45'
-  InternalName: filwfp
-  Copyright: Copyright (C) Filseclab Corporation
-  Imports:
-  - ntoskrnl.exe
-  - filnk.sys
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - KeBugCheckEx
-  - DbgPrint
-  - IoCreateDevice
-  - MmIsAddressValid
-  - ZwClose
-  - MmMapLockedPagesSpecifyCache
-  - PsCreateSystemThread
-  - KeDelayExecutionThread
-  - IoDeleteDevice
-  - RtlInitUnicodeString
-  - ExAllocatePoolWithTag
-  - _strnicmp
-  - __C_specific_handler
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=CN, ST=Beijing, L=Beijing, O=Filseclab Corporation, OU=Digital ID
-        Class 3 , Microsoft Software Validation v2, CN=Filseclab Corporation
-      ValidFrom: '2013-01-24 00:00:00'
-      ValidTo: '2015-03-25 23:59:59'
-      Signature: 8ef68f4f79ab4918401fb7f1b56dfadc5fe0ebe33e6378262d56e1c1b594f06a2d722b9d9560637feff7fea27277744eeb39e1de4a02f1c341383804b621116568092ea38b3964ff8bfe40e3e54b96e33a2e402717abfd4a87acb2e291e89382467224ec13289015bb1ccf6cb6e5249cecb7773fd6d5fd490f334eefe3333f8a12fdb5cc2a6eda583ff2271eb8f1a51637ee8480cf9f7c1a77a4b3f6405014559d5c929a47a3b04835eaf54e63b7f9865acc75a7ad93148747b16e8600a4a70570f14631b898700b078553cf4235909bb1043017361ba0afa5a7e01e3d646ba50cb5c732f97a76f64a50d95c552cd05c3c55982f1bef1543995242a4830a1da3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0c042011198c46c2253eaa60d10f6c37
-      Version: 3
-      TBS:
-        MD5: b6c7960875e80711e84c32514037a56b
-        SHA1: 7100d9b9e36e3e33b70fb33ec728e1ac125d854c
-        SHA256: 2c39a3baaa1135c89c3201e1f57d9b68bd404c6c20f33ea21e6fec81039d0f9b
-        SHA384: dbf6dc6fa0fe8c9b743805be6153ba99a6e4241d0afa3e768bcc8ce4b3013dc43c310f43607d14b590432a7d66e68564
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 0c042011198c46c2253eaa60d10f6c37
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-Tags:
-- filwfp.sys
+-   Filename: ''
+    MD5: 09a85a7798059699231c111176a56a16
+    SHA1: 55a540e91527b4c0eadfdf01426bb841f590d9bb
+    SHA256: 490cfbb540dcd70b7bff4fdd62e7ed7400bbfebaf5083523d49f7184670f7b9a
+    Signature: ''
+    Date: ''
+    Publisher: ''
+    Company: Filseclab Corporation
+    Description: Filseclab Firewall
+    Product: Filseclab Firewall
+    ProductVersion: 1, 0, 0, 1216
+    FileVersion: 1, 0, 0, 1216
+    MachineType: AMD64
+    OriginalFilename: filwfp.sys
+    Imphash: 6461061c996437e942bd925300b79263
+    Authentihash:
+        MD5: 5aa51bc81bb52456cfde02916ae46545
+        SHA1: 25d318c988e09b38da0181be689b7c7ebeba22b2
+        SHA256: d253561067550539a9aca8884846432116fac5eee9948f2c5bdce7cf61985b7d
+    RichPEHeaderHash:
+        MD5: 251c1ccdd835c310182566457353b379
+        SHA1: 7bfea68dfc3a31957a4eb1e58c0c7b916a3250d6
+        SHA256: 6e6be30e2ffe968629979096d3cf3db6c63c9b5111fd527e0ab2853df02233a9
+    Sections:
+        .text:
+            Entropy: 6.058237723079888
+            Virtual Size: '0x6d60'
+        .rdata:
+            Entropy: 5.2117027229618635
+            Virtual Size: '0x1ac4'
+        .data:
+            Entropy: 3.5263861163253623
+            Virtual Size: '0x1008'
+        .pdata:
+            Entropy: 4.2400821760471485
+            Virtual Size: '0x3f0'
+        .edata:
+            Entropy: 3.6635615805648585
+            Virtual Size: '0xab'
+        INIT:
+            Entropy: 4.5647788045741
+            Virtual Size: '0x34c'
+        .rsrc:
+            Entropy: 3.246030050051526
+            Virtual Size: '0x3d8'
+        .reloc:
+            Entropy: 4.788951765805477
+            Virtual Size: '0x2f0'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2013-01-30 04:17:45'
+    InternalName: filwfp
+    Copyright: Copyright (C) Filseclab Corporation
+    Imports:
+    - ntoskrnl.exe
+    - filnk.sys
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - KeBugCheckEx
+    - DbgPrint
+    - IoCreateDevice
+    - MmIsAddressValid
+    - ZwClose
+    - MmMapLockedPagesSpecifyCache
+    - PsCreateSystemThread
+    - KeDelayExecutionThread
+    - IoDeleteDevice
+    - RtlInitUnicodeString
+    - ExAllocatePoolWithTag
+    - _strnicmp
+    - __C_specific_handler
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=CN, ST=Beijing, L=Beijing, O=Filseclab Corporation, OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, CN=Filseclab Corporation
+            ValidFrom: '2013-01-24 00:00:00'
+            ValidTo: '2015-03-25 23:59:59'
+            Signature: 8ef68f4f79ab4918401fb7f1b56dfadc5fe0ebe33e6378262d56e1c1b594f06a2d722b9d9560637feff7fea27277744eeb39e1de4a02f1c341383804b621116568092ea38b3964ff8bfe40e3e54b96e33a2e402717abfd4a87acb2e291e89382467224ec13289015bb1ccf6cb6e5249cecb7773fd6d5fd490f334eefe3333f8a12fdb5cc2a6eda583ff2271eb8f1a51637ee8480cf9f7c1a77a4b3f6405014559d5c929a47a3b04835eaf54e63b7f9865acc75a7ad93148747b16e8600a4a70570f14631b898700b078553cf4235909bb1043017361ba0afa5a7e01e3d646ba50cb5c732f97a76f64a50d95c552cd05c3c55982f1bef1543995242a4830a1da3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0c042011198c46c2253eaa60d10f6c37
+            Version: 3
+            TBS:
+                MD5: b6c7960875e80711e84c32514037a56b
+                SHA1: 7100d9b9e36e3e33b70fb33ec728e1ac125d854c
+                SHA256: 2c39a3baaa1135c89c3201e1f57d9b68bd404c6c20f33ea21e6fec81039d0f9b
+                SHA384: dbf6dc6fa0fe8c9b743805be6153ba99a6e4241d0afa3e768bcc8ce4b3013dc43c310f43607d14b590432a7d66e68564
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 0c042011198c46c2253eaa60d10f6c37
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
diff --git a/yaml/9e87b6b0-00ed-4259-bcd7-05e2c924d58c.yaml b/yaml/9e87b6b0-00ed-4259-bcd7-05e2c924d58c.yaml
index ecc9afd6a..decaf7428 100644
--- a/yaml/9e87b6b0-00ed-4259-bcd7-05e2c924d58c.yaml
+++ b/yaml/9e87b6b0-00ed-4259-bcd7-05e2c924d58c.yaml
@@ -1,215 +1,216 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: 9e87b6b0-00ed-4259-bcd7-05e2c924d58c
+Tags:
+- BSMEMx64.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create BSMEMx64.sys binPath=C:\windows\temp\BSMEMx64.sys type=kernel
-    && sc.exe start BSMEMx64.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/f929bead59e9424ab90427b379dcdd63fbfe0c4fb5e1792e3a1685541cd5ec65.yara
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: 9e87b6b0-00ed-4259-bcd7-05e2c924d58c
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 464c033940c536ca2b627ba616f33fd0
-    SHA1: 59e1a1abd37be9c1e33dd7d47526394d6ecb9c49
-    SHA256: 20c87381f8f0bf953cb109a5d50a2184c0104cc8ab30e2f94dfba89a5d19b9d8
-  Company: BIOSTAR Group
-  Copyright: Copyright (c) 2002-2006 BIOSTAR Group
-  CreationTimestamp: '2012-07-26 03:34:27'
-  Date: ''
-  Description: I/O Interface driver file
-  ExportedFunctions: ''
-  FileVersion: 1, 1, 0, 0
-  Filename: BSMEMx64.sys
-  ImportedFunctions:
-  - KeInitializeEvent
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - ObfDereferenceObject
-  - KeWaitForSingleObject
-  - ExInterlockedInsertTailList
-  - RtlTimeToTimeFields
-  - PsTerminateSystemThread
-  - ZwWriteFile
-  - ExInterlockedRemoveHeadList
-  - KeSetPriorityThread
-  - ZwCreateFile
-  - RtlInitUnicodeString
-  - PsCreateSystemThread
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - IoDeleteSymbolicLink
-  - IoStartNextPacket
-  - IoReleaseCancelSpinLock
-  - IoAcquireCancelSpinLock
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - KeRemoveEntryDeviceQueue
-  - IoStartPacket
-  - IofCompleteRequest
-  - ObReferenceObjectByHandle
-  - ZwClose
-  - IoDeleteDevice
-  - KeSetEvent
-  - HalSetBusDataByOffset
-  - HalTranslateBusAddress
-  - HalGetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: I/O driver
-  MD5: 49fe3d1f3d5c2e50a0df0f6e8436d778
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: BS_I2cIo.sys
-  Product: BIOSTAR I/O driver fle
-  ProductVersion: 1, 1, 0, 0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 4ed2618a21b160612d932949de7cc9c1
-    SHA1: c8532f6c93c3309ef18d1af84e23974e37c416c9
-    SHA256: b6afffab9ad144e0b85cfb4291c424fe49ccb7755d35ecc957a676995d30d30a
-  SHA1: 9d07df024ec457168bf0be7e0009619f6ac4f13c
-  SHA256: f929bead59e9424ab90427b379dcdd63fbfe0c4fb5e1792e3a1685541cd5ec65
-  Sections:
-    .text:
-      Entropy: 5.497681647688023
-      Virtual Size: '0x2f80'
-    .rdata:
-      Entropy: 4.793247819425211
-      Virtual Size: '0xa44'
-    .data:
-      Entropy: 2.072964022170868
-      Virtual Size: '0x478'
-    .pdata:
-      Entropy: 3.902550941909573
-      Virtual Size: '0x180'
-    PAGE:
-      Entropy: 5.038194818532384
-      Virtual Size: '0x14b'
-    INIT:
-      Entropy: 5.491111922058012
-      Virtual Size: '0x7dc'
-    .rsrc:
-      Entropy: 3.2817760862665835
-      Virtual Size: '0x408'
-    .reloc:
-      Entropy: 3.593030469985413
-      Virtual Size: '0xf8'
-  Signature:
-  - BIOSTAR MICROTECH INT'L CORP
-  - VeriSign Class 3 Code Signing 2009-2 CA
-  - VeriSign Class 3 Public Primary CA
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G3
-      ValidFrom: '2012-05-01 00:00:00'
-      ValidTo: '2012-12-31 23:59:59'
-      Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
-      Version: 3
-      TBS:
-        MD5: e6d820afb23af20a65cf0b03247ea05e
-        SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
-        SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
-        SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=TW, ST=TAIPEI HSIEN, L=HSIN TIEN, O=BIOSTAR MICROTECH INT'L CORP,
-        OU=Digital ID Class 3 , Microsoft Software Validation v2, OU=BMA;BMG, CN=BIOSTAR
-        MICROTECH INT'L CORP
-      ValidFrom: '2010-09-19 00:00:00'
-      ValidTo: '2013-10-19 23:59:59'
-      Signature: 06b346c5f71bba225d131ad7b037d6c016703a8f3d89746a2d49e5641a0ccd4034c78e4a5a756380d88cf8321b3c886cb5e2656c16c03cff1588b126a7d206fd98fd7e2d61cc80998dfb58d4652112aa258506f779543fcc0b72c06f2174f11bb01017a5c49ae4b31fd913cee75241022e7c5bd14ffff2dbe5f9c211b1a8b3bd9cc3cb5648712c5b57397f136c105148021299be4d99ba1c29d611adb10695d4565a697efe03e6c95d869883c63dffb2fac5f3db7612608f6ee7a59646031231292c7904d69bd997c266ad2f1bca7e35453a08e53d8d9e302b9bbeeca812c64f03bc641cdeb7c5ba70999724f7d92918f1f8a8657f95290cc16ee0e281a785e7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 124dc5a63cc2bd8265445e912ed07d1f
-      Version: 3
-      TBS:
-        MD5: beccd5c41126e0c537cf489954b53feb
-        SHA1: 109fbb823652c1148c4949cdc860abd5b4ad24e5
-        SHA256: aac7608d0bcb286dc9869eb39125b27a960d9533db860cc9e3148149ca149c4a
-        SHA384: 16a03de40518fd3ffcee724d218effca4edfd9abf66d374d45ef3310ccf7e5be707f27588306b4c1bf28172a7d281869
-    Signer:
-    - SerialNumber: 124dc5a63cc2bd8265445e912ed07d1f
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  Imphash: f939ef0b7f792672866386600f82aa04
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create BSMEMx64.sys binPath=C:\windows\temp\BSMEMx64.sys type=kernel
+        && sc.exe start BSMEMx64.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://github.com/eclypsium/Screwed-Drivers/blob/master/DRIVERS.md
-Tags:
-- BSMEMx64.sys
-Verified: 'TRUE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/f929bead59e9424ab90427b379dcdd63fbfe0c4fb5e1792e3a1685541cd5ec65.yara
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 464c033940c536ca2b627ba616f33fd0
+        SHA1: 59e1a1abd37be9c1e33dd7d47526394d6ecb9c49
+        SHA256: 20c87381f8f0bf953cb109a5d50a2184c0104cc8ab30e2f94dfba89a5d19b9d8
+    Company: BIOSTAR Group
+    Copyright: Copyright (c) 2002-2006 BIOSTAR Group
+    CreationTimestamp: '2012-07-26 03:34:27'
+    Date: ''
+    Description: I/O Interface driver file
+    ExportedFunctions: ''
+    FileVersion: 1, 1, 0, 0
+    Filename: BSMEMx64.sys
+    ImportedFunctions:
+    - KeInitializeEvent
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - ObfDereferenceObject
+    - KeWaitForSingleObject
+    - ExInterlockedInsertTailList
+    - RtlTimeToTimeFields
+    - PsTerminateSystemThread
+    - ZwWriteFile
+    - ExInterlockedRemoveHeadList
+    - KeSetPriorityThread
+    - ZwCreateFile
+    - RtlInitUnicodeString
+    - PsCreateSystemThread
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - IoDeleteSymbolicLink
+    - IoStartNextPacket
+    - IoReleaseCancelSpinLock
+    - IoAcquireCancelSpinLock
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - KeRemoveEntryDeviceQueue
+    - IoStartPacket
+    - IofCompleteRequest
+    - ObReferenceObjectByHandle
+    - ZwClose
+    - IoDeleteDevice
+    - KeSetEvent
+    - HalSetBusDataByOffset
+    - HalTranslateBusAddress
+    - HalGetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: I/O driver
+    MD5: 49fe3d1f3d5c2e50a0df0f6e8436d778
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: BS_I2cIo.sys
+    Product: BIOSTAR I/O driver fle
+    ProductVersion: 1, 1, 0, 0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 4ed2618a21b160612d932949de7cc9c1
+        SHA1: c8532f6c93c3309ef18d1af84e23974e37c416c9
+        SHA256: b6afffab9ad144e0b85cfb4291c424fe49ccb7755d35ecc957a676995d30d30a
+    SHA1: 9d07df024ec457168bf0be7e0009619f6ac4f13c
+    SHA256: f929bead59e9424ab90427b379dcdd63fbfe0c4fb5e1792e3a1685541cd5ec65
+    Sections:
+        .text:
+            Entropy: 5.497681647688023
+            Virtual Size: '0x2f80'
+        .rdata:
+            Entropy: 4.793247819425211
+            Virtual Size: '0xa44'
+        .data:
+            Entropy: 2.072964022170868
+            Virtual Size: '0x478'
+        .pdata:
+            Entropy: 3.902550941909573
+            Virtual Size: '0x180'
+        PAGE:
+            Entropy: 5.038194818532384
+            Virtual Size: '0x14b'
+        INIT:
+            Entropy: 5.491111922058012
+            Virtual Size: '0x7dc'
+        .rsrc:
+            Entropy: 3.2817760862665835
+            Virtual Size: '0x408'
+        .reloc:
+            Entropy: 3.593030469985413
+            Virtual Size: '0xf8'
+    Signature:
+    - BIOSTAR MICROTECH INT'L CORP
+    - VeriSign Class 3 Code Signing 2009-2 CA
+    - VeriSign Class 3 Public Primary CA
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G3
+            ValidFrom: '2012-05-01 00:00:00'
+            ValidTo: '2012-12-31 23:59:59'
+            Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
+            Version: 3
+            TBS:
+                MD5: e6d820afb23af20a65cf0b03247ea05e
+                SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
+                SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
+                SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=TW, ST=TAIPEI HSIEN, L=HSIN TIEN, O=BIOSTAR MICROTECH INT'L
+                CORP, OU=Digital ID Class 3 , Microsoft Software Validation v2, OU=BMA;BMG,
+                CN=BIOSTAR MICROTECH INT'L CORP
+            ValidFrom: '2010-09-19 00:00:00'
+            ValidTo: '2013-10-19 23:59:59'
+            Signature: 06b346c5f71bba225d131ad7b037d6c016703a8f3d89746a2d49e5641a0ccd4034c78e4a5a756380d88cf8321b3c886cb5e2656c16c03cff1588b126a7d206fd98fd7e2d61cc80998dfb58d4652112aa258506f779543fcc0b72c06f2174f11bb01017a5c49ae4b31fd913cee75241022e7c5bd14ffff2dbe5f9c211b1a8b3bd9cc3cb5648712c5b57397f136c105148021299be4d99ba1c29d611adb10695d4565a697efe03e6c95d869883c63dffb2fac5f3db7612608f6ee7a59646031231292c7904d69bd997c266ad2f1bca7e35453a08e53d8d9e302b9bbeeca812c64f03bc641cdeb7c5ba70999724f7d92918f1f8a8657f95290cc16ee0e281a785e7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 124dc5a63cc2bd8265445e912ed07d1f
+            Version: 3
+            TBS:
+                MD5: beccd5c41126e0c537cf489954b53feb
+                SHA1: 109fbb823652c1148c4949cdc860abd5b4ad24e5
+                SHA256: aac7608d0bcb286dc9869eb39125b27a960d9533db860cc9e3148149ca149c4a
+                SHA384: 16a03de40518fd3ffcee724d218effca4edfd9abf66d374d45ef3310ccf7e5be707f27588306b4c1bf28172a7d281869
+        Signer:
+        -   SerialNumber: 124dc5a63cc2bd8265445e912ed07d1f
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    Imphash: f939ef0b7f792672866386600f82aa04
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/a005e057-c84f-47cd-9b4b-5b1e51a06ab4.yaml b/yaml/a005e057-c84f-47cd-9b4b-5b1e51a06ab4.yaml
index 54b587e63..253b2cc38 100644
--- a/yaml/a005e057-c84f-47cd-9b4b-5b1e51a06ab4.yaml
+++ b/yaml/a005e057-c84f-47cd-9b4b-5b1e51a06ab4.yaml
@@ -1,191 +1,193 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: a005e057-c84f-47cd-9b4b-5b1e51a06ab4
+Tags:
+- fidpcidrv64.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create fidpcidrv64.sys binPath=C:\windows\temp\fidpcidrv64.sys     type=kernel
-    && sc.exe start fidpcidrv64.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection: []
-Id: a005e057-c84f-47cd-9b4b-5b1e51a06ab4
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 66e3da88d9b3b4637474d0da27a523a6
-    SHA1: 4789b910023a667bee70ff1f1a8f369cffb10fe8
-    SHA256: 7fb0f6fc5bdd22d53f8532cb19da666a77a66ffb1cf3919a2e22b66c13b415b7
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2009-10-08 13:06:56'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: fidpcidrv64.sys
-  ImportedFunctions:
-  - MmGetSystemRoutineAddress
-  - IoGetDeviceAttachmentBaseRef
-  - KeInitializeEvent
-  - KeWaitForSingleObject
-  - IoFreeIrp
-  - ExAllocatePoolWithTag
-  - RtlCompareUnicodeString
-  - ObfReferenceObject
-  - IoDeleteSymbolicLink
-  - IoCreateSymbolicLink
-  - ExFreePoolWithTag
-  - IofCompleteRequest
-  - ObReferenceObjectByName
-  - IoCreateDevice
-  - IoDriverObjectType
-  - IoEnumerateDeviceObjectList
-  - IoBuildSynchronousFsdRequest
-  - IoGetDeviceProperty
-  - DbgPrint
-  - IofCallDriver
-  - KeBugCheckEx
-  - IoDeleteDevice
-  - ObfDereferenceObject
-  - RtlInitUnicodeString
-  - HalGetBusData
-  - HalGetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: 2fed983ec44d1e7cffb0d516407746f2
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 50b4263c96a2e44811bd7388415712dc
-    SHA1: b89fa3a3024ea7c111d4b9681f4bdbf0cf8217f5
-    SHA256: 917bc89a5889295ed43c14092bdb72d2dd0ca05a35f47328eb2e2ef1036960e6
-  SHA1: eb93d2f564fea9b3dc350f386b45de2cd9a3e001
-  SHA256: 3ac5e01689a3d745e60925bc7faca8d4306ae693e803b5e19c94906dc30add46
-  Sections:
-    .text:
-      Entropy: 6.182156159214639
-      Virtual Size: '0x1438'
-    .rdata:
-      Entropy: 4.593841506669575
-      Virtual Size: '0x270'
-    .data:
-      Entropy: 1.0975594113294969
-      Virtual Size: '0x130'
-    .pdata:
-      Entropy: 3.5904624670053096
-      Virtual Size: '0xa8'
-    PAGE:
-      Entropy: 5.489182751023983
-      Virtual Size: '0x470'
-    INIT:
-      Entropy: 5.219327338093401
-      Virtual Size: '0x508'
-  Signature:
-  - Intel(R) Processor Identification Utility
-  - Intel External Basic Issuing CA 3A
-  - Intel External Basic Policy CA
-  - GeoTrust
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Intel Corporation, CN=Intel External Basic Policy CA
-      ValidFrom: '2006-02-16 18:01:30'
-      ValidTo: '2016-02-19 18:01:30'
-      Signature: 131038ada454a5489545b02d3772c09f9ed8ef8f0bfb9096d2b6177951cab3df067ebdb4e9083f84a00c939fb31ca86c8acf2deef99012f0f83a26d773810e9fc4319259d4282541f555f1ca3d993dda64c8d21864223209092d1de331fafdd347d764a8f95dea8227e24fd2612124611d54263e145964b098d5f3a7c3aead50
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 05b0ff
-      Version: 3
-      TBS:
-        MD5: f532f9999c3f7a078f0f973c726a2a04
-        SHA1: f56832bc9412c372f9a8744591258f8bb11af2d8
-        SHA256: 4c75ce4be51027c4e1f7422775c3ae79d5195ffc0ff7f379123a603ccb702c60
-        SHA384: 084772ceb63ae50ebd8125ba9eba0c9b38d0e94a806f58513f71f1d5489f52489b0dfbb8c67603a425a603451b3b1719
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=Equifax, OU=Equifax Secure Certificate Authority
-      ValidFrom: '2006-05-23 17:01:15'
-      ValidTo: '2016-05-23 17:11:15'
-      Signature: 87a40f6b55916248ff54811ccf5db6c5a514aa671df485f6860d38b31c8d22ce7c867946fb71e16114d0ed4e46a48bca64654094f92ad7870ca9b7bedcc40bbd09c106eb9530841b9d8de7bc70c6f86539c4e5c4e65c8fcda130baef065e555290edd8587f15142ecc21a593dab8508d805e6e22a70fde8093add71d24b02aa2f4f20b98750131cc69bc359b3d13662f21bde54ec3639cc8518d59f5b600937ef10c35b0f4180dbfa7bdb2aae16b9f3ce6bb41b5d904e7c8a63abf8a5bdcaa9a3cd2c8dfcb1774163d78470b4c108e406616a0f300ede034998af0f9460ff27fbf202c972616d59e81da94a6dc61c8f18e092d4e32d03df682267d91d7a6c67bc1311d210ed4a342c1b4dfc0446b4f2aeebb29d62787b0a450ae1a9ab5f996f4ccabe52b3df166e2d5e1c3f0c687b659536638026e6194df1563aa415052f9bb64dc95e05b6c2aacfed6e603c21ff65557fe7e813fcb5a0bc1029cac84e47cd3f4c25a17c312706009ec82e5eccdd0b2106d69868c8da60e0416c57164ebd95bb8b08cfc32427e60846f655b7244272b846181f461d50fd51dbc05a27a5f937f26d1c8b3afa0190723e43e225d32d14a0fcee7b72a5c7b6e1c57126864e8337e8c501340a487b0d3a69b1eacbd3d7812bc52af09e0bab0508e5c81f98383af1482f50a6d035721bb9ac32e66fb04215b0a120fc1c907d63cecabf9a52f90883a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610bdc8f00000000001a
-      Version: 3
-      TBS:
-        MD5: 6e11ed171e9a07e607b8ca65bf0e8858
-        SHA1: 6d329a72420f76868584957854cdc45172e9f902
-        SHA256: 75efb8656a18ba5dacc596757bfb0fa11f0d3d81fd5f8cf9bb8975ced87e7b1b
-        SHA384: c41060ed797c77588692c0b3e36e19cca2d48c354863437f3df76009e25c916e8d2c7e17b297fbc59da085e98d070093
-    - Subject: CN=Intel(R) Processor Identification Utility
-      ValidFrom: '2009-03-19 00:29:29'
-      ValidTo: '2012-03-18 00:29:29'
-      Signature: 86c24504c2f46f4eb6f3dc997172bd94eecd17fe47c54e3be9e7d9c6a1dfb0158bbee32ab23b4e48d4c889e91edbde24cd5753feb01ac761e3c236ab02ef21345a0afe54a61cc5587f89484170d6bdd703606685ee22539b68c84201a0ac746ff98a719d7b8a358d0109d599d46bc8dc15392b3f9ed67a5092665aa4c0ece1c1591915ed5479a123c9a2da0aafa79b69dee0e16d89949c2139f73174e914ac0ac224660c083684ff56d29df499539b701e80a45b69107f7dc25e031fb9f491475e0d0ff6c7a2127caad2978c4a292d3e126ff06f841183fea1a4a66e831fd7ecce3132413239db87e78850d743953f73d140b22d7d2a50b468be4662ec2a06a6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 13fd5f58000000002ea3
-      Version: 3
-      TBS:
-        MD5: b3bd1f3e90334bd036db0c87a99bbe67
-        SHA1: 560fd30788b6778228d6f72d2383fdad0ea7d6f4
-        SHA256: bf0423565349e55db360084fa861a2189f3a186453b49849eea648fbe6c38a06
-        SHA384: 86a06d6f26ddbfe8e607ef1f25ded4a7077162c098a1127b37bff187b9dfdf94ac831eff028d137642a6d7a9fde216ae
-    - Subject: C=US, O=Intel Corporation, CN=Intel External Basic Issuing CA 3A
-      ValidFrom: '2006-03-22 22:22:42'
-      ValidTo: '2012-03-22 22:32:42'
-      Signature: ae3429de709faf0e95f3b073b3304cb3e0a8133436c944e1da83c1ff65581aeeca1ca09c82f872aa0df420c627d5a2b6d36d26a3081100c6a83a6db356049eaa28e1479de06b5e410d7f959d0f9d1e093085591577108b0710e43590fd1e35857911de21a7dcbac00495eb3db3f3a3b8faaa2e2c98a8c3800886808a0fcac4c83ece0e04ef8ef2c22a9b15c8f946d633954ac392205d95526b9e0262b74455389e9f37cdeacafe3d06dfba308678840d3e998709147745cbe399edd66ef20293046e75d44c735a5e713e3fdf249379c35dd5b6e6c07ee7159c611dc6a6031d4226603ff7f4299fb264a344ee0729dc8fcee295ea50d588b0b4984e2deca00476
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 612c9489000000000005
-      Version: 3
-      TBS:
-        MD5: 5563adcf63b9dd7859bcf84b3c2c95bb
-        SHA1: 83c83dbb905a1b9612d3de74267f36cfb88f714c
-        SHA256: 335520ee32bdf0d48087cde95c0964d6f64ebfb89223dc1b85ab22307c6328f1
-        SHA384: 3770ae5456ac5ac1e9027fd13495d9cbbb51379a0dc00c7bd8b96b2d566cfd4c158c05ebe9bf63768b9684680a4cc4e4
-    Signer:
-    - SerialNumber: 13fd5f58000000002ea3
-      Issuer: C=US, O=Intel Corporation, CN=Intel External Basic Issuing CA 3A
-      Version: 1
-  Imphash: 67bace81ce26ddf73732dd75cbd0c0f2
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create fidpcidrv64.sys binPath=C:\windows\temp\fidpcidrv64.sys     type=kernel
+        && sc.exe start fidpcidrv64.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://github.com/elastic/protections-artifacts/search?q=VulnDriver
-Tags:
-- fidpcidrv64.sys
-Verified: 'TRUE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 66e3da88d9b3b4637474d0da27a523a6
+        SHA1: 4789b910023a667bee70ff1f1a8f369cffb10fe8
+        SHA256: 7fb0f6fc5bdd22d53f8532cb19da666a77a66ffb1cf3919a2e22b66c13b415b7
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2009-10-08 13:06:56'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: fidpcidrv64.sys
+    ImportedFunctions:
+    - MmGetSystemRoutineAddress
+    - IoGetDeviceAttachmentBaseRef
+    - KeInitializeEvent
+    - KeWaitForSingleObject
+    - IoFreeIrp
+    - ExAllocatePoolWithTag
+    - RtlCompareUnicodeString
+    - ObfReferenceObject
+    - IoDeleteSymbolicLink
+    - IoCreateSymbolicLink
+    - ExFreePoolWithTag
+    - IofCompleteRequest
+    - ObReferenceObjectByName
+    - IoCreateDevice
+    - IoDriverObjectType
+    - IoEnumerateDeviceObjectList
+    - IoBuildSynchronousFsdRequest
+    - IoGetDeviceProperty
+    - DbgPrint
+    - IofCallDriver
+    - KeBugCheckEx
+    - IoDeleteDevice
+    - ObfDereferenceObject
+    - RtlInitUnicodeString
+    - HalGetBusData
+    - HalGetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: 2fed983ec44d1e7cffb0d516407746f2
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 50b4263c96a2e44811bd7388415712dc
+        SHA1: b89fa3a3024ea7c111d4b9681f4bdbf0cf8217f5
+        SHA256: 917bc89a5889295ed43c14092bdb72d2dd0ca05a35f47328eb2e2ef1036960e6
+    SHA1: eb93d2f564fea9b3dc350f386b45de2cd9a3e001
+    SHA256: 3ac5e01689a3d745e60925bc7faca8d4306ae693e803b5e19c94906dc30add46
+    Sections:
+        .text:
+            Entropy: 6.182156159214639
+            Virtual Size: '0x1438'
+        .rdata:
+            Entropy: 4.593841506669575
+            Virtual Size: '0x270'
+        .data:
+            Entropy: 1.0975594113294969
+            Virtual Size: '0x130'
+        .pdata:
+            Entropy: 3.5904624670053096
+            Virtual Size: '0xa8'
+        PAGE:
+            Entropy: 5.489182751023983
+            Virtual Size: '0x470'
+        INIT:
+            Entropy: 5.219327338093401
+            Virtual Size: '0x508'
+    Signature:
+    - Intel(R) Processor Identification Utility
+    - Intel External Basic Issuing CA 3A
+    - Intel External Basic Policy CA
+    - GeoTrust
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Intel Corporation, CN=Intel External Basic Policy CA
+            ValidFrom: '2006-02-16 18:01:30'
+            ValidTo: '2016-02-19 18:01:30'
+            Signature: 131038ada454a5489545b02d3772c09f9ed8ef8f0bfb9096d2b6177951cab3df067ebdb4e9083f84a00c939fb31ca86c8acf2deef99012f0f83a26d773810e9fc4319259d4282541f555f1ca3d993dda64c8d21864223209092d1de331fafdd347d764a8f95dea8227e24fd2612124611d54263e145964b098d5f3a7c3aead50
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 05b0ff
+            Version: 3
+            TBS:
+                MD5: f532f9999c3f7a078f0f973c726a2a04
+                SHA1: f56832bc9412c372f9a8744591258f8bb11af2d8
+                SHA256: 4c75ce4be51027c4e1f7422775c3ae79d5195ffc0ff7f379123a603ccb702c60
+                SHA384: 084772ceb63ae50ebd8125ba9eba0c9b38d0e94a806f58513f71f1d5489f52489b0dfbb8c67603a425a603451b3b1719
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=Equifax, OU=Equifax Secure Certificate Authority
+            ValidFrom: '2006-05-23 17:01:15'
+            ValidTo: '2016-05-23 17:11:15'
+            Signature: 87a40f6b55916248ff54811ccf5db6c5a514aa671df485f6860d38b31c8d22ce7c867946fb71e16114d0ed4e46a48bca64654094f92ad7870ca9b7bedcc40bbd09c106eb9530841b9d8de7bc70c6f86539c4e5c4e65c8fcda130baef065e555290edd8587f15142ecc21a593dab8508d805e6e22a70fde8093add71d24b02aa2f4f20b98750131cc69bc359b3d13662f21bde54ec3639cc8518d59f5b600937ef10c35b0f4180dbfa7bdb2aae16b9f3ce6bb41b5d904e7c8a63abf8a5bdcaa9a3cd2c8dfcb1774163d78470b4c108e406616a0f300ede034998af0f9460ff27fbf202c972616d59e81da94a6dc61c8f18e092d4e32d03df682267d91d7a6c67bc1311d210ed4a342c1b4dfc0446b4f2aeebb29d62787b0a450ae1a9ab5f996f4ccabe52b3df166e2d5e1c3f0c687b659536638026e6194df1563aa415052f9bb64dc95e05b6c2aacfed6e603c21ff65557fe7e813fcb5a0bc1029cac84e47cd3f4c25a17c312706009ec82e5eccdd0b2106d69868c8da60e0416c57164ebd95bb8b08cfc32427e60846f655b7244272b846181f461d50fd51dbc05a27a5f937f26d1c8b3afa0190723e43e225d32d14a0fcee7b72a5c7b6e1c57126864e8337e8c501340a487b0d3a69b1eacbd3d7812bc52af09e0bab0508e5c81f98383af1482f50a6d035721bb9ac32e66fb04215b0a120fc1c907d63cecabf9a52f90883a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610bdc8f00000000001a
+            Version: 3
+            TBS:
+                MD5: 6e11ed171e9a07e607b8ca65bf0e8858
+                SHA1: 6d329a72420f76868584957854cdc45172e9f902
+                SHA256: 75efb8656a18ba5dacc596757bfb0fa11f0d3d81fd5f8cf9bb8975ced87e7b1b
+                SHA384: c41060ed797c77588692c0b3e36e19cca2d48c354863437f3df76009e25c916e8d2c7e17b297fbc59da085e98d070093
+        -   Subject: CN=Intel(R) Processor Identification Utility
+            ValidFrom: '2009-03-19 00:29:29'
+            ValidTo: '2012-03-18 00:29:29'
+            Signature: 86c24504c2f46f4eb6f3dc997172bd94eecd17fe47c54e3be9e7d9c6a1dfb0158bbee32ab23b4e48d4c889e91edbde24cd5753feb01ac761e3c236ab02ef21345a0afe54a61cc5587f89484170d6bdd703606685ee22539b68c84201a0ac746ff98a719d7b8a358d0109d599d46bc8dc15392b3f9ed67a5092665aa4c0ece1c1591915ed5479a123c9a2da0aafa79b69dee0e16d89949c2139f73174e914ac0ac224660c083684ff56d29df499539b701e80a45b69107f7dc25e031fb9f491475e0d0ff6c7a2127caad2978c4a292d3e126ff06f841183fea1a4a66e831fd7ecce3132413239db87e78850d743953f73d140b22d7d2a50b468be4662ec2a06a6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 13fd5f58000000002ea3
+            Version: 3
+            TBS:
+                MD5: b3bd1f3e90334bd036db0c87a99bbe67
+                SHA1: 560fd30788b6778228d6f72d2383fdad0ea7d6f4
+                SHA256: bf0423565349e55db360084fa861a2189f3a186453b49849eea648fbe6c38a06
+                SHA384: 86a06d6f26ddbfe8e607ef1f25ded4a7077162c098a1127b37bff187b9dfdf94ac831eff028d137642a6d7a9fde216ae
+        -   Subject: C=US, O=Intel Corporation, CN=Intel External Basic Issuing CA
+                3A
+            ValidFrom: '2006-03-22 22:22:42'
+            ValidTo: '2012-03-22 22:32:42'
+            Signature: ae3429de709faf0e95f3b073b3304cb3e0a8133436c944e1da83c1ff65581aeeca1ca09c82f872aa0df420c627d5a2b6d36d26a3081100c6a83a6db356049eaa28e1479de06b5e410d7f959d0f9d1e093085591577108b0710e43590fd1e35857911de21a7dcbac00495eb3db3f3a3b8faaa2e2c98a8c3800886808a0fcac4c83ece0e04ef8ef2c22a9b15c8f946d633954ac392205d95526b9e0262b74455389e9f37cdeacafe3d06dfba308678840d3e998709147745cbe399edd66ef20293046e75d44c735a5e713e3fdf249379c35dd5b6e6c07ee7159c611dc6a6031d4226603ff7f4299fb264a344ee0729dc8fcee295ea50d588b0b4984e2deca00476
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 612c9489000000000005
+            Version: 3
+            TBS:
+                MD5: 5563adcf63b9dd7859bcf84b3c2c95bb
+                SHA1: 83c83dbb905a1b9612d3de74267f36cfb88f714c
+                SHA256: 335520ee32bdf0d48087cde95c0964d6f64ebfb89223dc1b85ab22307c6328f1
+                SHA384: 3770ae5456ac5ac1e9027fd13495d9cbbb51379a0dc00c7bd8b96b2d566cfd4c158c05ebe9bf63768b9684680a4cc4e4
+        Signer:
+        -   SerialNumber: 13fd5f58000000002ea3
+            Issuer: C=US, O=Intel Corporation, CN=Intel External Basic Issuing CA
+                3A
+            Version: 1
+    Imphash: 67bace81ce26ddf73732dd75cbd0c0f2
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/a02e1801-f6fb-41c3-a782-05fdbed44a3c.yaml b/yaml/a02e1801-f6fb-41c3-a782-05fdbed44a3c.yaml
index 6a73c25f1..b3892a31e 100644
--- a/yaml/a02e1801-f6fb-41c3-a782-05fdbed44a3c.yaml
+++ b/yaml/a02e1801-f6fb-41c3-a782-05fdbed44a3c.yaml
@@ -1,161 +1,161 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: a02e1801-f6fb-41c3-a782-05fdbed44a3c
+Tags:
+- atomicredteamcapcom.sys
+Verified: 'TRUE'
 Author: Michael Haag
+Created: '2023-07-22'
+MitreID: T1068
 CVE:
 - ''
 Category: vulnerable drivers
 Commands:
-  Command: ''
-  Description: Confirmed vulnerable driver from Microsoft Block List
-  OperatingSystem: Windows
-  Privileges: kernel
-  Usecase: Elevate privileges
-Created: '2023-07-22'
-Detection:
-- type: ''
-  value: ''
-Id: a02e1801-f6fb-41c3-a782-05fdbed44a3c
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 37458813b5115cbf06552da28fefbbbb
-    SHA1: 1d1cafc73c97c6bcd2331f8777d90fdca57125a3
-    SHA256: faa08cb609a5b7be6bfdb61f1e4a5e8adf2f5a1d2492f262483df7326934f5d4
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2016-09-05 00:43:33'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - IofCompleteRequest
-  - MmGetSystemRoutineAddress
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - IoDeleteDevice
-  Imports:
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: ce59e4ab8405192dd47be9a762c197d8
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: b2f23c03be4553a744ff25735a80073c
-    SHA1: 2703d60c8f12df9d6adf5ae475bfeb1786486888
-    SHA256: 46ffd109664b6694974986a39d508002d564434d60a0fb9f861401f2cb2c83f1
-  SHA1: 9f08fef63861cfccea29134e12d0ef8055de3d34
-  SHA256: 33bdaf3ab141db0f4c6a2c1f9fb047b4e5c6fa6ddc709d905efdd24c2b43041c
-  Sections:
-    .text:
-      Entropy: 5.848826218029174
-      Virtual Size: '0x4e0'
-    .data:
-      Entropy: -0.0
-      Virtual Size: '0xc0'
-    .pdata:
-      Entropy: 3.006469661076665
-      Virtual Size: '0x48'
-    .info:
-      Entropy: 1.3665783978789787
-      Virtual Size: '0xa0'
-    INIT:
-      Entropy: 4.123682579107587
-      Virtual Size: '0x114'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=JP, ST=Osaka, L=Chuo,ku, O=CAPCOM Co.,Ltd., OU=R&D Asset Management
-        Section, CN=CAPCOM Co.,Ltd.
-      ValidFrom: '2016-05-02 00:00:00'
-      ValidTo: '2017-05-02 23:59:59'
-      Signature: 6b29c609e5a3bc4d2e3b59a22b42cfdcf409104be6cc7767624c4f96d585ef8243554de2513754867f64e7fdd39b00956903eee7ac6087641b82d8d49548202b8349085d9298c8e2498f2094190aa46cdda0510d937d4ab73ba469229672407822b47c4f1312475a14adcb291a101f0360acdcfa64a6aac9147b034fcea762c2a68a103885208922461990ef0bf3e602ba942257b36604ef4832c715d5320b99d5fd5ba7a76128ed6d0ba7cf90c4362ee2a96422fa4a69d5af070babf4ad786adfa43a21d1ae93fedfcef13b7e2f56b7c619f7d40bcaf8756e09797a9928daa90a582c8e7180cdb62f47c0873cc708f3e396820a7fdef929190fe86dea0b2566
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 7e59408d3c99c511a853fb2f73c03dc4
-      Version: 3
-      TBS:
-        MD5: a9f59eaae33b89f4e1abd1f49343dcac
-        SHA1: 070bcfc8c776cb0c28f80c39c84633e233bea90a
-        SHA256: 30107b5e2bcaa8ae8a2c0682c78b4b79377ca56f6a84c5610ebfc0adcf7b21ad
-        SHA384: b2dfce32fc217b83ce010a7f866e8dfc1dea72f11580521aa400c155b924432707abf72f279939ca1136d84800d445cf
-    - Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 SHA256 Code Signing CA
-      ValidFrom: '2013-12-10 00:00:00'
-      ValidTo: '2023-12-09 23:59:59'
-      Signature: 13851a1e69a937f7a0bda4af7e1d6153fe9d8c5e0ca6751e781723ddfdec1a035539fb7195c7655aa78e30d2445a61db706fda2105c22e73ba49f1d193fe5dc9cd5e03e0899e3f741ed7f7388ba9d6cfbb352f3358a89256d1c84d3b82e6798416fc28b0b147f31da23eee87d9a67fa456a53fad842e29de7cbca8aaa33d0401eaba93a20e502229174c87e43a115fd6a425899b056b2fb4c9014c277b0bac190522a060153fdac9fb4d4c8ffb726777fd2794c7ba350e8849fe8dfd28af4a12bd0db39705de440c15fa362b03dcc15001f1a1115d14e5e2bd274b54be2b845e0fa6c374050aef97c38922b11f77f3bdcd43d4f14ca93fb58b84af64f2d01421
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 3d78d7f9764960b2617df4f01eca862a
-      Version: 3
-      TBS:
-        MD5: 1f056ff7d5f874984dc605402b7cb042
-        SHA1: bdb348353a2203deb4b767914fa1bd7248dd728b
-        SHA256: a08e79c386083d875014c409c13d144e0a24386132980df11ff59737c8489eb1
-        SHA384: fa2729064b49e0d77540c1ee95d5f74acaf8eaf55197851a3a40383335f8113e51190bc48b552196edf8ac5cf0c89278
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    Signer:
-    - SerialNumber: 7e59408d3c99c511a853fb2f73c03dc4
-      Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 SHA256 Code Signing CA
-      Version: 1
-  Imphash: 45bfe170e0cd654bc1e2ae3fca3ac3f4
-  LoadsDespiteHVCI: 'FALSE'
-MitreID: T1068
+    Command: ''
+    Description: Confirmed vulnerable driver from Microsoft Block List
+    OperatingSystem: Windows
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://gist.github.com/mgraeber-rc/1bde6a2a83237f17b463d051d32e802c
-Tags:
-- atomicredteamcapcom.sys
-Verified: 'TRUE'
+Detection:
+-   type: ''
+    value: ''
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 37458813b5115cbf06552da28fefbbbb
+        SHA1: 1d1cafc73c97c6bcd2331f8777d90fdca57125a3
+        SHA256: faa08cb609a5b7be6bfdb61f1e4a5e8adf2f5a1d2492f262483df7326934f5d4
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2016-09-05 00:43:33'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - IofCompleteRequest
+    - MmGetSystemRoutineAddress
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - IoDeleteDevice
+    Imports:
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: ce59e4ab8405192dd47be9a762c197d8
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: b2f23c03be4553a744ff25735a80073c
+        SHA1: 2703d60c8f12df9d6adf5ae475bfeb1786486888
+        SHA256: 46ffd109664b6694974986a39d508002d564434d60a0fb9f861401f2cb2c83f1
+    SHA1: 9f08fef63861cfccea29134e12d0ef8055de3d34
+    SHA256: 33bdaf3ab141db0f4c6a2c1f9fb047b4e5c6fa6ddc709d905efdd24c2b43041c
+    Sections:
+        .text:
+            Entropy: 5.848826218029174
+            Virtual Size: '0x4e0'
+        .data:
+            Entropy: -0.0
+            Virtual Size: '0xc0'
+        .pdata:
+            Entropy: 3.006469661076665
+            Virtual Size: '0x48'
+        .info:
+            Entropy: 1.3665783978789787
+            Virtual Size: '0xa0'
+        INIT:
+            Entropy: 4.123682579107587
+            Virtual Size: '0x114'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=JP, ST=Osaka, L=Chuo,ku, O=CAPCOM Co.,Ltd., OU=R&D Asset Management
+                Section, CN=CAPCOM Co.,Ltd.
+            ValidFrom: '2016-05-02 00:00:00'
+            ValidTo: '2017-05-02 23:59:59'
+            Signature: 6b29c609e5a3bc4d2e3b59a22b42cfdcf409104be6cc7767624c4f96d585ef8243554de2513754867f64e7fdd39b00956903eee7ac6087641b82d8d49548202b8349085d9298c8e2498f2094190aa46cdda0510d937d4ab73ba469229672407822b47c4f1312475a14adcb291a101f0360acdcfa64a6aac9147b034fcea762c2a68a103885208922461990ef0bf3e602ba942257b36604ef4832c715d5320b99d5fd5ba7a76128ed6d0ba7cf90c4362ee2a96422fa4a69d5af070babf4ad786adfa43a21d1ae93fedfcef13b7e2f56b7c619f7d40bcaf8756e09797a9928daa90a582c8e7180cdb62f47c0873cc708f3e396820a7fdef929190fe86dea0b2566
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 7e59408d3c99c511a853fb2f73c03dc4
+            Version: 3
+            TBS:
+                MD5: a9f59eaae33b89f4e1abd1f49343dcac
+                SHA1: 070bcfc8c776cb0c28f80c39c84633e233bea90a
+                SHA256: 30107b5e2bcaa8ae8a2c0682c78b4b79377ca56f6a84c5610ebfc0adcf7b21ad
+                SHA384: b2dfce32fc217b83ce010a7f866e8dfc1dea72f11580521aa400c155b924432707abf72f279939ca1136d84800d445cf
+        -   Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 SHA256 Code Signing CA
+            ValidFrom: '2013-12-10 00:00:00'
+            ValidTo: '2023-12-09 23:59:59'
+            Signature: 13851a1e69a937f7a0bda4af7e1d6153fe9d8c5e0ca6751e781723ddfdec1a035539fb7195c7655aa78e30d2445a61db706fda2105c22e73ba49f1d193fe5dc9cd5e03e0899e3f741ed7f7388ba9d6cfbb352f3358a89256d1c84d3b82e6798416fc28b0b147f31da23eee87d9a67fa456a53fad842e29de7cbca8aaa33d0401eaba93a20e502229174c87e43a115fd6a425899b056b2fb4c9014c277b0bac190522a060153fdac9fb4d4c8ffb726777fd2794c7ba350e8849fe8dfd28af4a12bd0db39705de440c15fa362b03dcc15001f1a1115d14e5e2bd274b54be2b845e0fa6c374050aef97c38922b11f77f3bdcd43d4f14ca93fb58b84af64f2d01421
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 3d78d7f9764960b2617df4f01eca862a
+            Version: 3
+            TBS:
+                MD5: 1f056ff7d5f874984dc605402b7cb042
+                SHA1: bdb348353a2203deb4b767914fa1bd7248dd728b
+                SHA256: a08e79c386083d875014c409c13d144e0a24386132980df11ff59737c8489eb1
+                SHA384: fa2729064b49e0d77540c1ee95d5f74acaf8eaf55197851a3a40383335f8113e51190bc48b552196edf8ac5cf0c89278
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        Signer:
+        -   SerialNumber: 7e59408d3c99c511a853fb2f73c03dc4
+            Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 SHA256 Code Signing CA
+            Version: 1
+    Imphash: 45bfe170e0cd654bc1e2ae3fca3ac3f4
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/a02ee964-a21e-4b08-9c98-a730c90bfd53.yaml b/yaml/a02ee964-a21e-4b08-9c98-a730c90bfd53.yaml
index 4fb0c0750..8d79f5cb4 100644
--- a/yaml/a02ee964-a21e-4b08-9c98-a730c90bfd53.yaml
+++ b/yaml/a02ee964-a21e-4b08-9c98-a730c90bfd53.yaml
@@ -1,190 +1,191 @@
 Id: a02ee964-a21e-4b08-9c98-a730c90bfd53
+Tags:
+- LMIinfo.sys
+Verified: 'TRUE'
 Author: Nasreddine Bencherchali
 Created: '2023-05-11'
 MitreID: T1068
 Category: vulnerable driver
-Verified: 'TRUE'
 Commands:
-  Command: sc.exe create LMIinfo binPath=C:\windows\temp\LMIinfo.sys type=kernel &&
-    sc.exe start LMIinfo.sys
-  Description: ''
-  Usecase: Elevate privileges
-  Privileges: kernel
-  OperatingSystem: Windows 10
+    Command: sc.exe create LMIinfo binPath=C:\windows\temp\LMIinfo.sys type=kernel
+        && sc.exe start LMIinfo.sys
+    Description: ''
+    Usecase: Elevate privileges
+    Privileges: kernel
+    OperatingSystem: Windows 10
 Resources:
 - Internal Research
-Acknowledgement:
-  Person: Michael Alfaro
-  Handle: '@_mmpte_software'
 Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Person: Michael Alfaro
+    Handle: '@_mmpte_software'
 KnownVulnerableSamples:
-- Filename: LMIinfo.sys
-  MD5: d4f7c14e92b36c341c41ae93159407dd
-  SHA1: eac1b9e1848dc455ed780292f20cd6a0c38a3406
-  SHA256: 453be8f63cc6b116e2049659e081d896491cf1a426e3d5f029f98146a3f44233
-  Authentihash:
-    MD5: 99b6f355ca0fb587ccb303e88bd73785
-    SHA1: 0ae6274d4f95b64415c6a5aefe3b5d6be8d1e4a4
-    SHA256: e466e2bf4e190edd8717f6e8466b77a66b3304f5ae1458ca4400025a869fdfd1
-  Description: LogMeIn Kernel Information Provider
-  Company: LogMeIn, Inc.
-  InternalName: LMIinfo.sys
-  OriginalFilename: LMIinfo.sys
-  FileVersion: 11.1.0.3220
-  Product: LogMeIn
-  ProductVersion: 11.1.0.3220
-  Copyright: "Copyright \xA9 2003-2017 LogMeIn, Inc. Patented and patents pending."
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - WDFLDR.SYS
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ObReferenceObjectByHandle
-  - ObfDereferenceObject
-  - ZwClose
-  - ZwOpenKey
-  - ExFreePoolWithTag
-  - ZwOpenProcess
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - PsLookupProcessByProcessId
-  - ObQueryNameString
-  - ZwDuplicateObject
-  - __C_specific_handler
-  - KeBugCheckEx
-  - RtlCopyUnicodeString
-  - ExAllocatePoolWithTag
-  - RtlFreeAnsiString
-  - RtlUnicodeStringToAnsiString
-  - ZwQueryValueKey
-  - RtlInitUnicodeString
-  - WdfVersionBindClass
-  - WdfVersionBind
-  - WdfVersionUnbind
-  - WdfVersionUnbindClass
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: ??=Private Organization, ??=US, ??=Delaware, serialNumber=3830661,
-        ??=320 Summer Street, postalCode=02210, C=US, ST=Massachusetts, L=Boston,
-        O=LogMeIn, Inc., CN=LogMeIn, Inc.
-      ValidFrom: '2015-06-18 00:00:00'
-      ValidTo: '2018-06-22 12:00:00'
-      Signature: 6a0e23b60625614e2b9d63745730ab1055883fd2e09d3ed78bb7723882c8f7d67be6deb473463ebbdf4996afae195462426a3f57f9d37b9d8182499f3416a24f2fd9f6da7e3cef9215dfe3c889f47cce584eaf5dd2116da627b91d4de5705951c8c9807fc21f899c05f9ed97a655ccc0ae9b311f85715ae8510c213cb05139929690950e9155386da88d1b1158ae20699db1116a988a6b0bdc98b246767e71b1ec40df7a5f2d7e3b17bb4cb4de8da18d77c58b938f4db8f197bd9d1313cf5711f222a16add8a5cb7c576bd26ec4abcff8701766a32f9bd8d89b9a9f875908cfc34a0d3d216729ebb5fee7e73b1b036caae620a80e6bd921425cc59dc3e692fc4
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 080d35880102e23d2340f69eb3c0e561
-      Version: 3
-      TBS:
-        MD5: 0ab811681729b60e5a52e1d629735427
-        SHA1: 915bae9a4eb8f9401e25e88aa88df0291d284e87
-        SHA256: 0959baf33a5efce5a36076b4fde7d39f1c04e3c4e2b0f6859be66cc9d472538f
-        SHA384: 42654d164eef35c9ef5c4138dd485009b65b8db4affc1f1359572b00465b92bf5ce3dd64e4504f74263b81f81eb73044
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA (SHA2)
-      ValidFrom: '2012-04-18 12:00:00'
-      ValidTo: '2027-04-18 12:00:00'
-      Signature: 19334a0c813337dbad36c9e4c93abbb51b2e7aa2e2f44342179ebf4ea14de1b1dbe981dd9f01f2e488d5e9fe09fd21c1ec5d80d2f0d6c143c2fe772bdbf9d79133ce6cd5b2193be62ed6c9934f88408ecde1f57ef10fc6595672e8eb6a41bd1cd546d57c49ca663815c1bfe091707787dcc98d31c90c29a233ed8de287cd898d3f1bffd5e01a978b7cda6dfba8c6b23a666b7b01b3cdd8a634ec1201ab9558a5c45357a860e6e70212a0b92364a24dbb7c81256421becfee42184397bba53706af4dff26a54d614bec4641b865ceb8799e08960b818c8a3b8fc7998ca32a6e986d5e61c696b78ab9612d93b8eb0e0443d7f5fea6f062d4996aa5c1c1f0649480
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 03f1b4e15f3a82f1149678b3d7d8475c
-      Version: 3
-      TBS:
-        MD5: 83f5de89f641d0fbf60248e10a7b9534
-        SHA1: 382a73a059a08698d6eb98c87e1b36fc750933a4
-        SHA256: eec58131dc11cd7f512501b15fdbc6074c603b68ca91f7162d5a042054edb0cf
-        SHA384: 4a25018683cabfb8ec2cad136334f37f33c89aa8540326322991d997c8adfb7faf06ab602ebd46630fe75fe3d2edc6b1
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 080d35880102e23d2340f69eb3c0e561
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA (SHA2)
-      Version: 1
-  RichPEHeaderHash:
-    MD5: bdff99685e44a2a995ac2c3f89cbfbc4
-    SHA1: 9e01c42c79a136e87196a62b38b3341bdda1fc0d
-    SHA256: 92cbcf061051bb7af8e3d62500d56bf58677d8c1f1775ca303d9692a793db897
-  Sections:
-    .text:
-      Entropy: 6.3716328247359995
-      Virtual Size: '0x13fe'
-    .rdata:
-      Entropy: 3.700134110487962
-      Virtual Size: '0x3c4'
-    .data:
-      Entropy: 1.9101517233007972
-      Virtual Size: '0xfe0'
-    .pdata:
-      Entropy: 3.6288991018347074
-      Virtual Size: '0xfc'
-    INIT:
-      Entropy: 5.1019801701731975
-      Virtual Size: '0x404'
-    .rsrc:
-      Entropy: 3.552566938777486
-      Virtual Size: '0x438'
-    .reloc:
-      Entropy: 2.3438548967005404
-      Virtual Size: '0x20'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2017-01-10 09:30:08'
-  Imphash: 8f52e36711c80bb9d7e30995e0092e83
-  LoadsDespiteHVCI: 'TRUE'
-Tags:
-- LMIinfo.sys
+-   Filename: LMIinfo.sys
+    MD5: d4f7c14e92b36c341c41ae93159407dd
+    SHA1: eac1b9e1848dc455ed780292f20cd6a0c38a3406
+    SHA256: 453be8f63cc6b116e2049659e081d896491cf1a426e3d5f029f98146a3f44233
+    Authentihash:
+        MD5: 99b6f355ca0fb587ccb303e88bd73785
+        SHA1: 0ae6274d4f95b64415c6a5aefe3b5d6be8d1e4a4
+        SHA256: e466e2bf4e190edd8717f6e8466b77a66b3304f5ae1458ca4400025a869fdfd1
+    Description: LogMeIn Kernel Information Provider
+    Company: LogMeIn, Inc.
+    InternalName: LMIinfo.sys
+    OriginalFilename: LMIinfo.sys
+    FileVersion: 11.1.0.3220
+    Product: LogMeIn
+    ProductVersion: 11.1.0.3220
+    Copyright: "Copyright \xA9 2003-2017 LogMeIn, Inc. Patented and patents pending."
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - WDFLDR.SYS
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - ObReferenceObjectByHandle
+    - ObfDereferenceObject
+    - ZwClose
+    - ZwOpenKey
+    - ExFreePoolWithTag
+    - ZwOpenProcess
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - PsLookupProcessByProcessId
+    - ObQueryNameString
+    - ZwDuplicateObject
+    - __C_specific_handler
+    - KeBugCheckEx
+    - RtlCopyUnicodeString
+    - ExAllocatePoolWithTag
+    - RtlFreeAnsiString
+    - RtlUnicodeStringToAnsiString
+    - ZwQueryValueKey
+    - RtlInitUnicodeString
+    - WdfVersionBindClass
+    - WdfVersionBind
+    - WdfVersionUnbind
+    - WdfVersionUnbindClass
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: ??=Private Organization, ??=US, ??=Delaware, serialNumber=3830661,
+                ??=320 Summer Street, postalCode=02210, C=US, ST=Massachusetts, L=Boston,
+                O=LogMeIn, Inc., CN=LogMeIn, Inc.
+            ValidFrom: '2015-06-18 00:00:00'
+            ValidTo: '2018-06-22 12:00:00'
+            Signature: 6a0e23b60625614e2b9d63745730ab1055883fd2e09d3ed78bb7723882c8f7d67be6deb473463ebbdf4996afae195462426a3f57f9d37b9d8182499f3416a24f2fd9f6da7e3cef9215dfe3c889f47cce584eaf5dd2116da627b91d4de5705951c8c9807fc21f899c05f9ed97a655ccc0ae9b311f85715ae8510c213cb05139929690950e9155386da88d1b1158ae20699db1116a988a6b0bdc98b246767e71b1ec40df7a5f2d7e3b17bb4cb4de8da18d77c58b938f4db8f197bd9d1313cf5711f222a16add8a5cb7c576bd26ec4abcff8701766a32f9bd8d89b9a9f875908cfc34a0d3d216729ebb5fee7e73b1b036caae620a80e6bd921425cc59dc3e692fc4
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 080d35880102e23d2340f69eb3c0e561
+            Version: 3
+            TBS:
+                MD5: 0ab811681729b60e5a52e1d629735427
+                SHA1: 915bae9a4eb8f9401e25e88aa88df0291d284e87
+                SHA256: 0959baf33a5efce5a36076b4fde7d39f1c04e3c4e2b0f6859be66cc9d472538f
+                SHA384: 42654d164eef35c9ef5c4138dd485009b65b8db4affc1f1359572b00465b92bf5ce3dd64e4504f74263b81f81eb73044
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA (SHA2)
+            ValidFrom: '2012-04-18 12:00:00'
+            ValidTo: '2027-04-18 12:00:00'
+            Signature: 19334a0c813337dbad36c9e4c93abbb51b2e7aa2e2f44342179ebf4ea14de1b1dbe981dd9f01f2e488d5e9fe09fd21c1ec5d80d2f0d6c143c2fe772bdbf9d79133ce6cd5b2193be62ed6c9934f88408ecde1f57ef10fc6595672e8eb6a41bd1cd546d57c49ca663815c1bfe091707787dcc98d31c90c29a233ed8de287cd898d3f1bffd5e01a978b7cda6dfba8c6b23a666b7b01b3cdd8a634ec1201ab9558a5c45357a860e6e70212a0b92364a24dbb7c81256421becfee42184397bba53706af4dff26a54d614bec4641b865ceb8799e08960b818c8a3b8fc7998ca32a6e986d5e61c696b78ab9612d93b8eb0e0443d7f5fea6f062d4996aa5c1c1f0649480
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 03f1b4e15f3a82f1149678b3d7d8475c
+            Version: 3
+            TBS:
+                MD5: 83f5de89f641d0fbf60248e10a7b9534
+                SHA1: 382a73a059a08698d6eb98c87e1b36fc750933a4
+                SHA256: eec58131dc11cd7f512501b15fdbc6074c603b68ca91f7162d5a042054edb0cf
+                SHA384: 4a25018683cabfb8ec2cad136334f37f33c89aa8540326322991d997c8adfb7faf06ab602ebd46630fe75fe3d2edc6b1
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 080d35880102e23d2340f69eb3c0e561
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA (SHA2)
+            Version: 1
+    RichPEHeaderHash:
+        MD5: bdff99685e44a2a995ac2c3f89cbfbc4
+        SHA1: 9e01c42c79a136e87196a62b38b3341bdda1fc0d
+        SHA256: 92cbcf061051bb7af8e3d62500d56bf58677d8c1f1775ca303d9692a793db897
+    Sections:
+        .text:
+            Entropy: 6.3716328247359995
+            Virtual Size: '0x13fe'
+        .rdata:
+            Entropy: 3.700134110487962
+            Virtual Size: '0x3c4'
+        .data:
+            Entropy: 1.9101517233007972
+            Virtual Size: '0xfe0'
+        .pdata:
+            Entropy: 3.6288991018347074
+            Virtual Size: '0xfc'
+        INIT:
+            Entropy: 5.1019801701731975
+            Virtual Size: '0x404'
+        .rsrc:
+            Entropy: 3.552566938777486
+            Virtual Size: '0x438'
+        .reloc:
+            Entropy: 2.3438548967005404
+            Virtual Size: '0x20'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2017-01-10 09:30:08'
+    Imphash: 8f52e36711c80bb9d7e30995e0092e83
+    LoadsDespiteHVCI: 'TRUE'
diff --git a/yaml/a08ee79f-801d-4b98-996f-55f6a72ac5f7.yaml b/yaml/a08ee79f-801d-4b98-996f-55f6a72ac5f7.yaml
index 40fbca130..46e054a48 100644
--- a/yaml/a08ee79f-801d-4b98-996f-55f6a72ac5f7.yaml
+++ b/yaml/a08ee79f-801d-4b98-996f-55f6a72ac5f7.yaml
@@ -1,989 +1,993 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: a08ee79f-801d-4b98-996f-55f6a72ac5f7
+Tags:
+- CP2X72C.SYS
+Verified: 'TRUE'
 Author: Takahiro Haruyama
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create CP2X72CSYS binPath= C:\windows\temp\CP2X72CSYS.sys type=kernel
-    && sc.exe start CP2X72CSYS
-  Description: The Carbon Black Threat Analysis Unit (TAU) discovered 34 unique vulnerable
-    drivers (237 file hashes) accepting firmware access. Six allow kernel memory access.
-    All give full control of the devices to non-admin users. By exploiting the vulnerable
-    drivers, an attacker without the system privilege may erase/alter firmware, and/or
-    elevate privileges. As of the time of writing in October 2023, the filenames of
-    the vulnerable drivers have not been made public until now.
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-11-02'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: a08ee79f-801d-4b98-996f-55f6a72ac5f7
-KnownVulnerableSamples:
-- Company: Interface Corporation
-  Date: ''
-  Description: GPC-2X72C I/O Module Device Driver
-  FileVersion: 3.30.33.0
-  Filename: ''
-  MD5: c8d3784a3ab7a04ad34ea0aba32289ca
-  MachineType: I386
-  OriginalFilename: CP2X72C.SYS
-  Product: GPC-2X72C DIO-BM(PCI/C-PCI)
-  ProductVersion: 3.30.33.0
-  Publisher: ''
-  SHA1: 8b63eb0f5dbb844ee5f6682f0badef872ae569bf
-  SHA256: 05c15a75d183301382a082f6d76bf3ab4c520bf158abca4433d9881134461686
-  Signature: ''
-  Imphash: 7a286ef4179598007a8afe9e5af95a48
-  Authentihash:
-    MD5: cd3000188fccd86bdd61590fbdf952e1
-    SHA1: eb4ea030ab0bd3b78ef513c39bd6a9c84a723962
-    SHA256: 145b3490f5d3f45dc014d8c14112e9973796024ef1e896a10998f08bba45d8e5
-  RichPEHeaderHash:
-    MD5: 392105478261191dc6112bb08d97b499
-    SHA1: ea819d9ecaeed60cb8b4543baa87ab9f1c9d3c10
-    SHA256: c5295a6a29894b43be50051e75c63cf3624590f4307694e80f6d3fc3770dd760
-  Sections:
-    .text:
-      Entropy: 6.351903149739522
-      Virtual Size: '0xf698'
-    DIOBM:
-      Entropy: 6.230459312442208
-      Virtual Size: '0x124f'
-    FBIDIO:
-      Entropy: 6.21127909561219
-      Virtual Size: '0xaa5'
-    .rdata:
-      Entropy: 4.480953225433032
-      Virtual Size: '0x384'
-    .data:
-      Entropy: 2.9182958340544896
-      Virtual Size: '0xc'
-    INIT:
-      Entropy: 5.786532708309565
-      Virtual Size: '0x8b0'
-    .rsrc:
-      Entropy: 3.590496069100722
-      Virtual Size: '0xe50'
-    .reloc:
-      Entropy: 5.251511541647596
-      Virtual Size: '0x4ea'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2020-03-25 22:53:21'
-  InternalName: CP2X72C.SYS
-  Copyright: Copyright 2001, 2020 Interface Corporation. All rights reserved.
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - ExAllocatePool
-  - RtlInitUnicodeString
-  - memset
-  - IoCreateSymbolicLink
-  - RtlAppendUnicodeToString
-  - IoDeleteSymbolicLink
-  - ZwClose
-  - ZwQueryValueKey
-  - IoOpenDeviceRegistryKey
-  - memcpy
-  - KeClearEvent
-  - IoFreeIrp
-  - IoAllocateIrp
-  - ZwSetValueKey
-  - IoGetDmaAdapter
-  - READ_REGISTER_UCHAR
-  - READ_REGISTER_USHORT
-  - READ_REGISTER_ULONG
-  - WRITE_REGISTER_UCHAR
-  - WRITE_REGISTER_USHORT
-  - WRITE_REGISTER_ULONG
-  - IoConnectInterrupt
-  - MmMapIoSpace
-  - PoRequestPowerIrp
-  - RtlIntegerToUnicodeString
-  - IoCreateDevice
-  - MmUnmapIoSpace
-  - KeRemoveQueueDpc
-  - IoDisconnectInterrupt
-  - IoInitializeRemoveLockEx
-  - IoDeleteDevice
-  - IoAttachDeviceToDeviceStack
-  - IoDetachDevice
-  - IoReleaseRemoveLockAndWaitEx
-  - IoReleaseRemoveLockEx
-  - IoAcquireRemoveLockEx
-  - MmUnlockPagableImageSection
-  - MmLockPagableDataSection
-  - IoStartPacket
-  - IoReleaseCancelSpinLock
-  - IoFreeMdl
-  - MmUnmapLockedPages
-  - IoAcquireCancelSpinLock
-  - KeInsertQueueDpc
-  - KeSynchronizeExecution
-  - IoStartNextPacket
-  - KefReleaseSpinLockFromDpcLevel
-  - KefAcquireSpinLockAtDpcLevel
-  - KeTickCount
-  - KeBugCheckEx
-  - RtlAppendUnicodeStringToString
-  - ExFreePoolWithTag
-  - IofCallDriver
-  - KeInitializeEvent
-  - PoCallDriver
-  - KeWaitForSingleObject
-  - PoSetPowerState
-  - PoStartNextPowerIrp
-  - IofCompleteRequest
-  - KeInitializeDpc
-  - KeSetEvent
-  - ExFreePool
-  - RtlCompareMemory
-  - IoGetDeviceProperty
-  - ExAllocatePoolWithTag
-  - ZwEnumerateKey
-  - ZwOpenKey
-  - RtlUnwind
-  - KfLowerIrql
-  - KeStallExecutionProcessor
-  - HalTranslateBusAddress
-  - WRITE_PORT_ULONG
-  - WRITE_PORT_USHORT
-  - WRITE_PORT_UCHAR
-  - READ_PORT_ULONG
-  - READ_PORT_USHORT
-  - READ_PORT_UCHAR
-  - KeRaiseIrqlToDpcLevel
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 Extended Validation Code Signing CA , G2
-      ValidFrom: '2014-03-04 00:00:00'
-      ValidTo: '2024-03-03 23:59:59'
-      Signature: 3f5b19f3fa13d575382a5aee9f5aa04ca91dc5cc94eede15fef5106ea41ba56483541858c40b28a185c34e74e5ff897cfed5ed3cba719f5602268f162a88feb0a32722ce4be2388e00a63a865f9de53ea8de644941744121fd07c88417da1d653082cb264f39d60427a481b14b49c3238b7e02321827b7ab0bf31872b6a4ee67066f38a6588de0f17e5da460c6a8e5505fe0e8bae28f9958b6b5a0a876f1a2f11c8841727e52979b0a36998d50f701eb3ce7f0226ae5358c63368a1ab1d967665f971aefa8209df02fba6cced9948500f158f17dc97c22b5075d02c6e60bbfab9393ff27188e33367e5734f1c3af04c184f156b3e8878336f8d30a31dc6e2c6d
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 191a32cb759c97b8cfac118dd5127f49
-      Version: 3
-      TBS:
-        MD5: 788b61bd26da89253179e3de2cdb527f
-        SHA1: 7d06f16e7bf21bce4f71c2cb7a3e74351451bf69
-        SHA256: b3c925b4048c3f7c444d248a2b101186b57cba39596eb5dce0e17a4ee4b32f19
-        SHA384: 2955e28cb7ec0ea9730b499a0f189f9621eceb02591a9486b583f12bb845885a30d6a871826318a167cc5f06b274e58c
-    - Subject: ??=JP, ??=Private Organization, serialNumber=2400,01,000873, C=JP,
-        ST=Hiroshima, L=Hiroshima, O=Interface Corporation, OU=Development department,
-        CN=Interface Corporation
-      ValidFrom: '2019-05-11 00:00:00'
-      ValidTo: '2021-05-10 23:59:59'
-      Signature: b3e7b16c76cee3ae479c25d30debce73d3622ccc321b1991abf6dc07d602f84a5e58e427c92ea1eb0eb426aeec0ae9ead5b15e874b67a1e65fc43fb4ee94fdd529779a19f7f6082a595b878e3da81a22ea229855bfd0fa8da928645e7c757c10c68890beb97bb6dead90de2d9491b514d3de0045c76c19f96d5734fc8d78ab9d02eadaeed30e5852aa5e2e2bf482e17ad5ce630ec044b864ad17146b4f5a39123ec7ec59f57e6fd73bd52fe8d7da767254f3f72916f0e5c8758f81b6b402c324f1b7ccbd49afe0dc0f81d5d23ea844d9b8932fef0af0f136732ed66dad9b1bffca564a61f572365ad88e6a8a40bfd82788ccf2f587edae46df4a9d62fe5d741b
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 6ec713048249f5421753b77c2796320f
-      Version: 3
-      TBS:
-        MD5: 899ac369826f1405bd7bf55c1d034016
-        SHA1: 27edea8e430cad6d62f38aa060eaa042c4e8c9ed
-        SHA256: e9a0d18bbc667e7267f40aab5d2fc592ad72b4520f89474e1ca3d05f9af004d5
-        SHA384: 6239f85331b6afe03a4e0631e5d01ff66fe58140fa5a1aad93aeac19e11417bc458c6aa831552dd5cfe4f0cd9ce49dbf
-    Signer:
-    - SerialNumber: 6ec713048249f5421753b77c2796320f
-      Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 Extended Validation Code Signing CA , G2
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: Interface Corporation
-  Date: ''
-  Description: GPC-2X72C Kernel Device Driver(SYS) WindowsNT
-  FileVersion: 1.61-20
-  Filename: ''
-  MD5: ad612a7eb913b5f7d25703cd44953c35
-  MachineType: I386
-  OriginalFilename: CP2X72C
-  Product: GPC-2X72C
-  ProductVersion: 1.61-20
-  Publisher: ''
-  SHA1: 2ba0db7465cf4ffb272f803a9d77292b79c1e6df
-  SHA256: 11832c345e9898c4f74d3bf8f126cf84b4b1a66ad36135e15d103dbf2ac17359
-  Signature: ''
-  Imphash: 787e32b3fd816479fb93f9af0b6d0da3
-  Authentihash:
-    MD5: 3ea1e0ce9e19d6f8d5eeb4bca0b39a32
-    SHA1: aef1fb88d1ba3e38694ca2fd1e845ec4b3668f4b
-    SHA256: b44dfe8ea675910799fefab7626993926c04bad32091ece3dbdad5add31a6f15
-  RichPEHeaderHash:
-    MD5: c6f78c6f1f8c55d3cce2c58d50882c7f
-    SHA1: 33b9d5f56fbe1f6d5e97c6e70b2ba40cb76a1df4
-    SHA256: 10c83bfb35afcd97ed09e38b26c16ee402b8b4c29f266dea3d6ced3bb248e859
-  Sections:
-    .text:
-      Entropy: 6.190789868002631
-      Virtual Size: '0xc236'
-    DIOBM:
-      Entropy: 6.054924021052618
-      Virtual Size: '0xb4d'
-    FBIDIO:
-      Entropy: 6.1457195745106095
-      Virtual Size: '0x77a'
-    .rdata:
-      Entropy: 4.508434116129917
-      Virtual Size: '0x188'
-    .data:
-      Entropy: 2.0
-      Virtual Size: '0x4'
-    INIT:
-      Entropy: 5.901505230050809
-      Virtual Size: '0x826'
-    .rsrc:
-      Entropy: 3.3665063439288576
-      Virtual Size: '0x3b0'
-    .reloc:
-      Entropy: 6.061067314312593
-      Virtual Size: '0x4ea'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2007-03-12 00:06:43'
-  InternalName: CP2X72C.sys
-  Copyright: Copyright 2001, 2007 Interface Corp. All rights reserved.
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoConnectInterrupt
-  - KeInitializeDpc
-  - KeInitializeSpinLock
-  - IoCreateDevice
-  - MmUnlockPagableImageSection
-  - MmLockPagableDataSection
-  - RtlIntegerToUnicodeString
-  - IoStartPacket
-  - IofCompleteRequest
-  - InterlockedExchange
-  - IoAcquireCancelSpinLock
-  - ExfInterlockedInsertTailList
-  - ExfInterlockedRemoveHeadList
-  - IoReleaseCancelSpinLock
-  - IoDeleteDevice
-  - READ_REGISTER_UCHAR
-  - READ_REGISTER_USHORT
-  - READ_REGISTER_ULONG
-  - WRITE_REGISTER_UCHAR
-  - WRITE_REGISTER_USHORT
-  - WRITE_REGISTER_ULONG
-  - KeInsertQueueDpc
-  - KeSynchronizeExecution
-  - IoStartNextPacket
-  - KefReleaseSpinLockFromDpcLevel
-  - KefAcquireSpinLockAtDpcLevel
-  - IoAllocateAdapterChannel
-  - KeTickCount
-  - KeBugCheckEx
-  - IoDisconnectInterrupt
-  - KeRemoveQueueDpc
-  - ZwOpenKey
-  - ZwClose
-  - ZwEnumerateKey
-  - RtlUnicodeStringToInteger
-  - ZwQueryValueKey
-  - IoReportResourceUsage
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - ExAllocatePoolWithTag
-  - RtlAppendUnicodeToString
-  - RtlAppendUnicodeStringToString
-  - IoCreateSymbolicLink
-  - ExFreePool
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - IoFreeMapRegisters
-  - KfAcquireSpinLock
-  - KfReleaseSpinLock
-  - READ_PORT_USHORT
-  - READ_PORT_ULONG
-  - WRITE_PORT_ULONG
-  - WRITE_PORT_USHORT
-  - WRITE_PORT_UCHAR
-  - HalGetBusData
-  - READ_PORT_UCHAR
-  - HalGetInterruptVector
-  - HalGetAdapter
-  - HalGetBusDataByOffset
-  - HalSetBusDataByOffset
-  - HalTranslateBusAddress
-  - IoMapTransfer
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=JP, ST=Hiroshima, L=Hiroshima, O=Interface Corporation, OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=DSC, CN=Interface Corporation
-      ValidFrom: '2007-09-20 00:00:00'
-      ValidTo: '2008-09-19 23:59:59'
-      Signature: 7e4c545b887dc3cd4278be9ef92e3636965f1cb58ad4a566441c11178bf60e4e9a2081ebf1d192d2b84cef1c7025a3a4b75738fba0a7470a1d2fc4502da1c4c22a47a86853e01d09aab19443cae2a1f482c2bb5f19e2cbc7e6a2fc97626f945a47a5a5b0b83c20971a5b7b6e2e01107e9adaa4bf06b51a2299826895aa78a47cc96c5c9d28e315c90dc63ade5f2f623db497cc846cc7d258474abdd7cd1f43998230d16d1a1e613191d450a55bd6442cd690dfe7aeeb732dde9317d228301f06a14b274bd1b02509deef5f222c86f5351864d96274daffc5bb4828a55a7f12500e27a6d8345440f0e4e288f3eaf15519c678f6b15766eb0f80f03dba44c1c254
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 69513db11ff8c46acacef4fa45441973
-      Version: 3
-      TBS:
-        MD5: 7872f0a6159c70980c4e682420c1d612
-        SHA1: 1de98c55375993a6a3ed8281ce7d9fedc7dd39af
-        SHA256: 578a3437935bd47ac80b60aba4d446b1213e9b29fa1d825cdd911d77eede7d0c
-        SHA384: cc3667cd9a66cb7a187af758846531c193f48fc88b151ea868c7a997f69ef051da5b91ecadf23f20def5e9ad4db80ab5
-    Signer:
-    - SerialNumber: 69513db11ff8c46acacef4fa45441973
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: Interface Corporation
-  Date: ''
-  Description: GPC-2X72C I/O Module Device Driver
-  FileVersion: 3.30.33.0
-  Filename: ''
-  MD5: 2601cf769ad6ffee727997679693f774
-  MachineType: AMD64
-  OriginalFilename: CP2X72C.SYS
-  Product: GPC-2X72C DIO-BM(PCI/C-PCI)
-  ProductVersion: 3.30.33.0
-  Publisher: ''
-  SHA1: 0536c9f15094ca8ddeef6dec75d93dc35366d8a9
-  SHA256: 4b4ea21da21a1167c00b903c05a4e3af6c514ea3dfe0b5f371f6a06305e1d27f
-  Signature: ''
-  Imphash: e08b2d7c450761f01ec9ed4ef0ca56a4
-  Authentihash:
-    MD5: eab512f1f1e844469d104076f8243695
-    SHA1: 4288602c828247d96839e8f89fd8aa063a5ca371
-    SHA256: b177164100a31fd01e7f0a24cb0a32015736d3c7c65744c21914a2d4459ef83d
-  RichPEHeaderHash:
-    MD5: ae0166a19cbd3b63ae5df13bbd38b738
-    SHA1: 1fa6b355a71e454e465a35747788e8667b5da30a
-    SHA256: bdf2eb85c939b50a30f24be3dbd02beffdb695579d96aca9506182f5247b5249
-  Sections:
-    .text:
-      Entropy: 6.339573808432115
-      Virtual Size: '0x115ba'
-    DIOBM:
-      Entropy: 6.064777352812242
-      Virtual Size: '0x16aa'
-    FBIDIO:
-      Entropy: 6.2762711095415336
-      Virtual Size: '0x1231'
-    .rdata:
-      Entropy: 4.707111876786829
-      Virtual Size: '0x8cc'
-    .data:
-      Entropy: 0.5096713223407059
-      Virtual Size: '0x114'
-    .pdata:
-      Entropy: 4.754467514646047
-      Virtual Size: '0x3fc'
-    INIT:
-      Entropy: 5.416107123423342
-      Virtual Size: '0x970'
-    .rsrc:
-      Entropy: 3.5913055129335945
-      Virtual Size: '0xe50'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2020-03-25 22:53:57'
-  InternalName: CP2X72C.SYS
-  Copyright: Copyright 2001, 2020 Interface Corporation. All rights reserved.
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - ZwClose
-  - RtlInitUnicodeString
-  - RtlAppendUnicodeStringToString
-  - RtlIntegerToUnicodeString
-  - IofCompleteRequest
-  - IoDeleteDevice
-  - KeSetEvent
-  - IoConnectInterrupt
-  - RtlAppendUnicodeToString
-  - IoReleaseRemoveLockAndWaitEx
-  - KeInitializeEvent
-  - KeWaitForSingleObject
-  - RtlGetVersion
-  - IoFreeIrp
-  - ZwSetValueKey
-  - IoAttachDeviceToDeviceStack
-  - KeInitializeDpc
-  - PoCallDriver
-  - IoReleaseRemoveLockEx
-  - IoAllocateIrp
-  - IoCreateSymbolicLink
-  - MmUnlockPagableImageSection
-  - IoDetachDevice
-  - IoInitializeRemoveLockEx
-  - IoOpenDeviceRegistryKey
-  - MmUnmapIoSpace
-  - IoGetDmaAdapter
-  - IoCreateDevice
-  - PoStartNextPowerIrp
-  - PoRequestPowerIrp
-  - IoDisconnectInterrupt
-  - IoAllocateErrorLogEntry
-  - KeClearEvent
-  - MmLockPagableDataSection
-  - PoSetPowerState
-  - IoWriteErrorLogEntry
-  - IoDeleteSymbolicLink
-  - ZwQueryValueKey
-  - IofCallDriver
-  - ExFreePoolWithTag
-  - ExAllocatePool
-  - KeRemoveQueueDpc
-  - MmUnmapLockedPages
-  - MmMapLockedPages
-  - IoStartPacket
-  - IoIs32bitProcess
-  - MmBuildMdlForNonPagedPool
-  - IoFreeMdl
-  - IoReleaseCancelSpinLock
-  - IoAcquireCancelSpinLock
-  - IoAllocateMdl
-  - KeSynchronizeExecution
-  - KeInsertQueueDpc
-  - KeReleaseSpinLockFromDpcLevel
-  - IoStartNextPacket
-  - KeAcquireSpinLockAtDpcLevel
-  - KeBugCheckEx
-  - MmMapIoSpace
-  - IoAcquireRemoveLockEx
-  - Mm64BitPhysicalAddress
-  - ExAllocatePoolWithTag
-  - ExFreePool
-  - RtlCompareMemory
-  - IoGetDeviceProperty
-  - ZwEnumerateKey
-  - ZwOpenKey
-  - __C_specific_handler
-  - HalTranslateBusAddress
-  - KeStallExecutionProcessor
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 Extended Validation Code Signing CA , G2
-      ValidFrom: '2014-03-04 00:00:00'
-      ValidTo: '2024-03-03 23:59:59'
-      Signature: 3f5b19f3fa13d575382a5aee9f5aa04ca91dc5cc94eede15fef5106ea41ba56483541858c40b28a185c34e74e5ff897cfed5ed3cba719f5602268f162a88feb0a32722ce4be2388e00a63a865f9de53ea8de644941744121fd07c88417da1d653082cb264f39d60427a481b14b49c3238b7e02321827b7ab0bf31872b6a4ee67066f38a6588de0f17e5da460c6a8e5505fe0e8bae28f9958b6b5a0a876f1a2f11c8841727e52979b0a36998d50f701eb3ce7f0226ae5358c63368a1ab1d967665f971aefa8209df02fba6cced9948500f158f17dc97c22b5075d02c6e60bbfab9393ff27188e33367e5734f1c3af04c184f156b3e8878336f8d30a31dc6e2c6d
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 191a32cb759c97b8cfac118dd5127f49
-      Version: 3
-      TBS:
-        MD5: 788b61bd26da89253179e3de2cdb527f
-        SHA1: 7d06f16e7bf21bce4f71c2cb7a3e74351451bf69
-        SHA256: b3c925b4048c3f7c444d248a2b101186b57cba39596eb5dce0e17a4ee4b32f19
-        SHA384: 2955e28cb7ec0ea9730b499a0f189f9621eceb02591a9486b583f12bb845885a30d6a871826318a167cc5f06b274e58c
-    - Subject: ??=JP, ??=Private Organization, serialNumber=2400,01,000873, C=JP,
-        ST=Hiroshima, L=Hiroshima, O=Interface Corporation, OU=Development department,
-        CN=Interface Corporation
-      ValidFrom: '2019-05-11 00:00:00'
-      ValidTo: '2021-05-10 23:59:59'
-      Signature: b3e7b16c76cee3ae479c25d30debce73d3622ccc321b1991abf6dc07d602f84a5e58e427c92ea1eb0eb426aeec0ae9ead5b15e874b67a1e65fc43fb4ee94fdd529779a19f7f6082a595b878e3da81a22ea229855bfd0fa8da928645e7c757c10c68890beb97bb6dead90de2d9491b514d3de0045c76c19f96d5734fc8d78ab9d02eadaeed30e5852aa5e2e2bf482e17ad5ce630ec044b864ad17146b4f5a39123ec7ec59f57e6fd73bd52fe8d7da767254f3f72916f0e5c8758f81b6b402c324f1b7ccbd49afe0dc0f81d5d23ea844d9b8932fef0af0f136732ed66dad9b1bffca564a61f572365ad88e6a8a40bfd82788ccf2f587edae46df4a9d62fe5d741b
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 6ec713048249f5421753b77c2796320f
-      Version: 3
-      TBS:
-        MD5: 899ac369826f1405bd7bf55c1d034016
-        SHA1: 27edea8e430cad6d62f38aa060eaa042c4e8c9ed
-        SHA256: e9a0d18bbc667e7267f40aab5d2fc592ad72b4520f89474e1ca3d05f9af004d5
-        SHA384: 6239f85331b6afe03a4e0631e5d01ff66fe58140fa5a1aad93aeac19e11417bc458c6aa831552dd5cfe4f0cd9ce49dbf
-    Signer:
-    - SerialNumber: 6ec713048249f5421753b77c2796320f
-      Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 Extended Validation Code Signing CA , G2
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: Interface Corporation
-  Date: ''
-  Description: GPC-2X72C I/O Module Device Driver
-  FileVersion: 3.02.30.0
-  Filename: ''
-  MD5: de2aac9468158c73880e31509924d7e0
-  MachineType: I386
-  OriginalFilename: CP2X72C.SYS
-  Product: GPC-2X72C DIO-BM(PCI/C-PCI)
-  ProductVersion: 3.02.30.0
-  Publisher: ''
-  SHA1: d9b05c5ffc5eddf65186ba802bb1ece0249cab05
-  SHA256: 63865f04c1150655817ed4c9f56ad9f637d41ebd2965b6127fc7c02757a7800e
-  Signature: ''
-  Imphash: 7a286ef4179598007a8afe9e5af95a48
-  Authentihash:
-    MD5: c21ee0f8ba66b8b72e43158fd740f4dd
-    SHA1: 7ec84ab4170b0b911d5a21d717d06aeb7a8c8ace
-    SHA256: 3c03433ea3376f6f099ad77a4ce59187817d1bc0c3c0f55fd931320d909dd920
-  RichPEHeaderHash:
-    MD5: 392105478261191dc6112bb08d97b499
-    SHA1: ea819d9ecaeed60cb8b4543baa87ab9f1c9d3c10
-    SHA256: c5295a6a29894b43be50051e75c63cf3624590f4307694e80f6d3fc3770dd760
-  Sections:
-    .text:
-      Entropy: 6.353525880400966
-      Virtual Size: '0xf688'
-    DIOBM:
-      Entropy: 6.235155216162854
-      Virtual Size: '0x124f'
-    FBIDIO:
-      Entropy: 6.2142280087441355
-      Virtual Size: '0xaa5'
-    .rdata:
-      Entropy: 4.496813770315384
-      Virtual Size: '0x384'
-    .data:
-      Entropy: 2.9182958340544896
-      Virtual Size: '0xc'
-    INIT:
-      Entropy: 5.7861932804758585
-      Virtual Size: '0x8b0'
-    .rsrc:
-      Entropy: 3.587595742919749
-      Virtual Size: '0xe50'
-    .reloc:
-      Entropy: 5.221651508671624
-      Virtual Size: '0x4ea'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2014-04-27 22:36:43'
-  InternalName: CP2X72C.SYS
-  Copyright: Copyright 2001, 2014 Interface Corporation. All rights reserved.
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - ExAllocatePool
-  - RtlInitUnicodeString
-  - memset
-  - IoCreateSymbolicLink
-  - RtlAppendUnicodeToString
-  - IoDeleteSymbolicLink
-  - ZwClose
-  - ZwQueryValueKey
-  - IoOpenDeviceRegistryKey
-  - memcpy
-  - KeClearEvent
-  - IoFreeIrp
-  - IoAllocateIrp
-  - ZwSetValueKey
-  - IoGetDmaAdapter
-  - READ_REGISTER_UCHAR
-  - READ_REGISTER_USHORT
-  - READ_REGISTER_ULONG
-  - WRITE_REGISTER_UCHAR
-  - WRITE_REGISTER_USHORT
-  - WRITE_REGISTER_ULONG
-  - IoConnectInterrupt
-  - MmMapIoSpace
-  - PoRequestPowerIrp
-  - RtlIntegerToUnicodeString
-  - IoCreateDevice
-  - MmUnmapIoSpace
-  - KeRemoveQueueDpc
-  - IoDisconnectInterrupt
-  - IoInitializeRemoveLockEx
-  - IoDeleteDevice
-  - IoAttachDeviceToDeviceStack
-  - IoDetachDevice
-  - IoReleaseRemoveLockAndWaitEx
-  - IoReleaseRemoveLockEx
-  - IoAcquireRemoveLockEx
-  - MmUnlockPagableImageSection
-  - MmLockPagableDataSection
-  - IoStartPacket
-  - IoReleaseCancelSpinLock
-  - IoFreeMdl
-  - MmUnmapLockedPages
-  - IoAcquireCancelSpinLock
-  - KeInsertQueueDpc
-  - KeSynchronizeExecution
-  - IoStartNextPacket
-  - KefReleaseSpinLockFromDpcLevel
-  - KefAcquireSpinLockAtDpcLevel
-  - KeTickCount
-  - KeBugCheckEx
-  - RtlAppendUnicodeStringToString
-  - ExFreePoolWithTag
-  - IofCallDriver
-  - KeInitializeEvent
-  - PoCallDriver
-  - KeWaitForSingleObject
-  - PoSetPowerState
-  - PoStartNextPowerIrp
-  - IofCompleteRequest
-  - KeInitializeDpc
-  - KeSetEvent
-  - ExFreePool
-  - RtlCompareMemory
-  - IoGetDeviceProperty
-  - ExAllocatePoolWithTag
-  - ZwEnumerateKey
-  - ZwOpenKey
-  - RtlUnwind
-  - KfLowerIrql
-  - KeStallExecutionProcessor
-  - HalTranslateBusAddress
-  - WRITE_PORT_ULONG
-  - WRITE_PORT_USHORT
-  - WRITE_PORT_UCHAR
-  - READ_PORT_ULONG
-  - READ_PORT_USHORT
-  - READ_PORT_UCHAR
-  - KeRaiseIrqlToDpcLevel
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=JP, ST=Hiroshima, L=Hiroshima, O=Interface Corporation, OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=DSC, CN=Interface Corporation
-      ValidFrom: '2012-08-22 00:00:00'
-      ValidTo: '2014-09-07 23:59:59'
-      Signature: 23bea08ce952689a0d22cd1925aeb8a8b3ff27a2a68b29d472ec70a7dbd85d72f1a0bff7a68c931a356e15902cd4036fa1a42d4f3c3a5d65d2dc0d1b6aeb0b997e75d50a9271afbea7fc74ba8ffaa63c5306871aa64b5424b0733871b53ec955c47bc417d3ffe488e1656119e269c17c9b1b16b967b1790e0c10407f833fe970b2a26b989e9e08ba914b5249f77c7352a1b19708416748b7278bd0c51e6f2819e592faa90d7e292119533e00819a4b49ed4131064286f90f2ff67ac5d94c46bffe99a3265b95c4ce177f9096c1cbad9f1f32ee408bd2e9e147e6eee5e950c5455a36144d3c46e3ffbdbc51da28f0733a5b3f2b61894d2b1f2dd828dc5a42ff64
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 05f803452203a09cc083f213aad07fb6
-      Version: 3
-      TBS:
-        MD5: ef79dcc14a9e19d41d383b3979d58a05
-        SHA1: 9388992f7a914b818de4832a0e9c071bfad99ac8
-        SHA256: 6bf61e40c54da3dc52ce6fec7796a39b119089037b06085079860b00060cae6a
-        SHA384: 3d2f4ca1680ff25d8e92c37d62fc1ebef616b507f4dbf852d85c3096fd3d1f02654aa4b2d8356e6a5b9d92ce47bcc2db
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 05f803452203a09cc083f213aad07fb6
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: Interface Corporation
-  Date: ''
-  Description: GPC-2X72C I/O Module Device Driver
-  FileVersion: 3.02.30.0
-  Filename: ''
-  MD5: e98f4cc2cbf9ec23fd84da30c0625884
-  MachineType: AMD64
-  OriginalFilename: CP2X72C.SYS
-  Product: GPC-2X72C DIO-BM(PCI/C-PCI)
-  ProductVersion: 3.02.30.0
-  Publisher: ''
-  SHA1: 67e87ca093da64a23cf0fc0be2b35e03d1bf1543
-  SHA256: 9c8ed1506b3e35f5eea6ac539e286d46ef76ddbfdfc5406390fd2157c762ce91
-  Signature: ''
-  Imphash: e08b2d7c450761f01ec9ed4ef0ca56a4
-  Authentihash:
-    MD5: 3189fc90f7a5a27e512fb733de818110
-    SHA1: 2170ba5d21bf949702480a0419d08bf00321afe5
-    SHA256: 054f04dc0ba1b20701c6f44169ea0fdd27b01a8450a44cc273b0eb0c91cbdb68
-  RichPEHeaderHash:
-    MD5: ae0166a19cbd3b63ae5df13bbd38b738
-    SHA1: 1fa6b355a71e454e465a35747788e8667b5da30a
-    SHA256: bdf2eb85c939b50a30f24be3dbd02beffdb695579d96aca9506182f5247b5249
-  Sections:
-    .text:
-      Entropy: 6.341134427898596
-      Virtual Size: '0x1158a'
-    DIOBM:
-      Entropy: 6.064109331875678
-      Virtual Size: '0x16aa'
-    FBIDIO:
-      Entropy: 6.270042726174776
-      Virtual Size: '0x1231'
-    .rdata:
-      Entropy: 4.693041244500339
-      Virtual Size: '0x8d0'
-    .data:
-      Entropy: 0.5096713223407059
-      Virtual Size: '0x114'
-    .pdata:
-      Entropy: 4.7403955063801995
-      Virtual Size: '0x3fc'
-    INIT:
-      Entropy: 5.415633097335706
-      Virtual Size: '0x970'
-    .rsrc:
-      Entropy: 3.5884380372230194
-      Virtual Size: '0xe50'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2014-04-27 22:37:11'
-  InternalName: CP2X72C.SYS
-  Copyright: Copyright 2001, 2014 Interface Corporation. All rights reserved.
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - ZwClose
-  - RtlInitUnicodeString
-  - RtlAppendUnicodeStringToString
-  - RtlIntegerToUnicodeString
-  - IofCompleteRequest
-  - IoDeleteDevice
-  - KeSetEvent
-  - IoConnectInterrupt
-  - RtlAppendUnicodeToString
-  - IoReleaseRemoveLockAndWaitEx
-  - KeInitializeEvent
-  - KeWaitForSingleObject
-  - RtlGetVersion
-  - IoFreeIrp
-  - ZwSetValueKey
-  - IoAttachDeviceToDeviceStack
-  - KeInitializeDpc
-  - PoCallDriver
-  - IoReleaseRemoveLockEx
-  - IoAllocateIrp
-  - IoCreateSymbolicLink
-  - MmUnlockPagableImageSection
-  - IoDetachDevice
-  - IoInitializeRemoveLockEx
-  - IoOpenDeviceRegistryKey
-  - MmUnmapIoSpace
-  - IoGetDmaAdapter
-  - IoCreateDevice
-  - PoStartNextPowerIrp
-  - PoRequestPowerIrp
-  - IoDisconnectInterrupt
-  - IoAllocateErrorLogEntry
-  - KeClearEvent
-  - MmLockPagableDataSection
-  - PoSetPowerState
-  - IoWriteErrorLogEntry
-  - IoDeleteSymbolicLink
-  - ZwQueryValueKey
-  - IofCallDriver
-  - ExFreePoolWithTag
-  - ExAllocatePool
-  - KeRemoveQueueDpc
-  - MmUnmapLockedPages
-  - MmMapLockedPages
-  - IoStartPacket
-  - IoIs32bitProcess
-  - MmBuildMdlForNonPagedPool
-  - IoFreeMdl
-  - IoReleaseCancelSpinLock
-  - IoAcquireCancelSpinLock
-  - IoAllocateMdl
-  - KeSynchronizeExecution
-  - KeInsertQueueDpc
-  - KeReleaseSpinLockFromDpcLevel
-  - IoStartNextPacket
-  - KeAcquireSpinLockAtDpcLevel
-  - KeBugCheckEx
-  - MmMapIoSpace
-  - IoAcquireRemoveLockEx
-  - Mm64BitPhysicalAddress
-  - ExAllocatePoolWithTag
-  - ExFreePool
-  - RtlCompareMemory
-  - IoGetDeviceProperty
-  - ZwEnumerateKey
-  - ZwOpenKey
-  - __C_specific_handler
-  - HalTranslateBusAddress
-  - KeStallExecutionProcessor
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=JP, ST=Hiroshima, L=Hiroshima, O=Interface Corporation, OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=DSC, CN=Interface Corporation
-      ValidFrom: '2012-08-22 00:00:00'
-      ValidTo: '2014-09-07 23:59:59'
-      Signature: 23bea08ce952689a0d22cd1925aeb8a8b3ff27a2a68b29d472ec70a7dbd85d72f1a0bff7a68c931a356e15902cd4036fa1a42d4f3c3a5d65d2dc0d1b6aeb0b997e75d50a9271afbea7fc74ba8ffaa63c5306871aa64b5424b0733871b53ec955c47bc417d3ffe488e1656119e269c17c9b1b16b967b1790e0c10407f833fe970b2a26b989e9e08ba914b5249f77c7352a1b19708416748b7278bd0c51e6f2819e592faa90d7e292119533e00819a4b49ed4131064286f90f2ff67ac5d94c46bffe99a3265b95c4ce177f9096c1cbad9f1f32ee408bd2e9e147e6eee5e950c5455a36144d3c46e3ffbdbc51da28f0733a5b3f2b61894d2b1f2dd828dc5a42ff64
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 05f803452203a09cc083f213aad07fb6
-      Version: 3
-      TBS:
-        MD5: ef79dcc14a9e19d41d383b3979d58a05
-        SHA1: 9388992f7a914b818de4832a0e9c071bfad99ac8
-        SHA256: 6bf61e40c54da3dc52ce6fec7796a39b119089037b06085079860b00060cae6a
-        SHA384: 3d2f4ca1680ff25d8e92c37d62fc1ebef616b507f4dbf852d85c3096fd3d1f02654aa4b2d8356e6a5b9d92ce47bcc2db
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 05f803452203a09cc083f213aad07fb6
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create CP2X72CSYS binPath= C:\windows\temp\CP2X72CSYS.sys type=kernel
+        && sc.exe start CP2X72CSYS
+    Description: The Carbon Black Threat Analysis Unit (TAU) discovered 34 unique
+        vulnerable drivers (237 file hashes) accepting firmware access. Six allow
+        kernel memory access. All give full control of the devices to non-admin users.
+        By exploiting the vulnerable drivers, an attacker without the system privilege
+        may erase/alter firmware, and/or elevate privileges. As of the time of writing
+        in October 2023, the filenames of the vulnerable drivers have not been made
+        public until now.
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://blogs.vmware.com/security/2023/10/hunting-vulnerable-kernel-drivers.html
-Tags:
-- CP2X72C.SYS
-Verified: 'TRUE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Company: Interface Corporation
+    Date: ''
+    Description: GPC-2X72C I/O Module Device Driver
+    FileVersion: 3.30.33.0
+    Filename: ''
+    MD5: c8d3784a3ab7a04ad34ea0aba32289ca
+    MachineType: I386
+    OriginalFilename: CP2X72C.SYS
+    Product: GPC-2X72C DIO-BM(PCI/C-PCI)
+    ProductVersion: 3.30.33.0
+    Publisher: ''
+    SHA1: 8b63eb0f5dbb844ee5f6682f0badef872ae569bf
+    SHA256: 05c15a75d183301382a082f6d76bf3ab4c520bf158abca4433d9881134461686
+    Signature: ''
+    Imphash: 7a286ef4179598007a8afe9e5af95a48
+    Authentihash:
+        MD5: cd3000188fccd86bdd61590fbdf952e1
+        SHA1: eb4ea030ab0bd3b78ef513c39bd6a9c84a723962
+        SHA256: 145b3490f5d3f45dc014d8c14112e9973796024ef1e896a10998f08bba45d8e5
+    RichPEHeaderHash:
+        MD5: 392105478261191dc6112bb08d97b499
+        SHA1: ea819d9ecaeed60cb8b4543baa87ab9f1c9d3c10
+        SHA256: c5295a6a29894b43be50051e75c63cf3624590f4307694e80f6d3fc3770dd760
+    Sections:
+        .text:
+            Entropy: 6.351903149739522
+            Virtual Size: '0xf698'
+        DIOBM:
+            Entropy: 6.230459312442208
+            Virtual Size: '0x124f'
+        FBIDIO:
+            Entropy: 6.21127909561219
+            Virtual Size: '0xaa5'
+        .rdata:
+            Entropy: 4.480953225433032
+            Virtual Size: '0x384'
+        .data:
+            Entropy: 2.9182958340544896
+            Virtual Size: '0xc'
+        INIT:
+            Entropy: 5.786532708309565
+            Virtual Size: '0x8b0'
+        .rsrc:
+            Entropy: 3.590496069100722
+            Virtual Size: '0xe50'
+        .reloc:
+            Entropy: 5.251511541647596
+            Virtual Size: '0x4ea'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2020-03-25 22:53:21'
+    InternalName: CP2X72C.SYS
+    Copyright: Copyright 2001, 2020 Interface Corporation. All rights reserved.
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - ExAllocatePool
+    - RtlInitUnicodeString
+    - memset
+    - IoCreateSymbolicLink
+    - RtlAppendUnicodeToString
+    - IoDeleteSymbolicLink
+    - ZwClose
+    - ZwQueryValueKey
+    - IoOpenDeviceRegistryKey
+    - memcpy
+    - KeClearEvent
+    - IoFreeIrp
+    - IoAllocateIrp
+    - ZwSetValueKey
+    - IoGetDmaAdapter
+    - READ_REGISTER_UCHAR
+    - READ_REGISTER_USHORT
+    - READ_REGISTER_ULONG
+    - WRITE_REGISTER_UCHAR
+    - WRITE_REGISTER_USHORT
+    - WRITE_REGISTER_ULONG
+    - IoConnectInterrupt
+    - MmMapIoSpace
+    - PoRequestPowerIrp
+    - RtlIntegerToUnicodeString
+    - IoCreateDevice
+    - MmUnmapIoSpace
+    - KeRemoveQueueDpc
+    - IoDisconnectInterrupt
+    - IoInitializeRemoveLockEx
+    - IoDeleteDevice
+    - IoAttachDeviceToDeviceStack
+    - IoDetachDevice
+    - IoReleaseRemoveLockAndWaitEx
+    - IoReleaseRemoveLockEx
+    - IoAcquireRemoveLockEx
+    - MmUnlockPagableImageSection
+    - MmLockPagableDataSection
+    - IoStartPacket
+    - IoReleaseCancelSpinLock
+    - IoFreeMdl
+    - MmUnmapLockedPages
+    - IoAcquireCancelSpinLock
+    - KeInsertQueueDpc
+    - KeSynchronizeExecution
+    - IoStartNextPacket
+    - KefReleaseSpinLockFromDpcLevel
+    - KefAcquireSpinLockAtDpcLevel
+    - KeTickCount
+    - KeBugCheckEx
+    - RtlAppendUnicodeStringToString
+    - ExFreePoolWithTag
+    - IofCallDriver
+    - KeInitializeEvent
+    - PoCallDriver
+    - KeWaitForSingleObject
+    - PoSetPowerState
+    - PoStartNextPowerIrp
+    - IofCompleteRequest
+    - KeInitializeDpc
+    - KeSetEvent
+    - ExFreePool
+    - RtlCompareMemory
+    - IoGetDeviceProperty
+    - ExAllocatePoolWithTag
+    - ZwEnumerateKey
+    - ZwOpenKey
+    - RtlUnwind
+    - KfLowerIrql
+    - KeStallExecutionProcessor
+    - HalTranslateBusAddress
+    - WRITE_PORT_ULONG
+    - WRITE_PORT_USHORT
+    - WRITE_PORT_UCHAR
+    - READ_PORT_ULONG
+    - READ_PORT_USHORT
+    - READ_PORT_UCHAR
+    - KeRaiseIrqlToDpcLevel
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 Extended Validation Code Signing CA , G2
+            ValidFrom: '2014-03-04 00:00:00'
+            ValidTo: '2024-03-03 23:59:59'
+            Signature: 3f5b19f3fa13d575382a5aee9f5aa04ca91dc5cc94eede15fef5106ea41ba56483541858c40b28a185c34e74e5ff897cfed5ed3cba719f5602268f162a88feb0a32722ce4be2388e00a63a865f9de53ea8de644941744121fd07c88417da1d653082cb264f39d60427a481b14b49c3238b7e02321827b7ab0bf31872b6a4ee67066f38a6588de0f17e5da460c6a8e5505fe0e8bae28f9958b6b5a0a876f1a2f11c8841727e52979b0a36998d50f701eb3ce7f0226ae5358c63368a1ab1d967665f971aefa8209df02fba6cced9948500f158f17dc97c22b5075d02c6e60bbfab9393ff27188e33367e5734f1c3af04c184f156b3e8878336f8d30a31dc6e2c6d
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 191a32cb759c97b8cfac118dd5127f49
+            Version: 3
+            TBS:
+                MD5: 788b61bd26da89253179e3de2cdb527f
+                SHA1: 7d06f16e7bf21bce4f71c2cb7a3e74351451bf69
+                SHA256: b3c925b4048c3f7c444d248a2b101186b57cba39596eb5dce0e17a4ee4b32f19
+                SHA384: 2955e28cb7ec0ea9730b499a0f189f9621eceb02591a9486b583f12bb845885a30d6a871826318a167cc5f06b274e58c
+        -   Subject: ??=JP, ??=Private Organization, serialNumber=2400,01,000873,
+                C=JP, ST=Hiroshima, L=Hiroshima, O=Interface Corporation, OU=Development
+                department, CN=Interface Corporation
+            ValidFrom: '2019-05-11 00:00:00'
+            ValidTo: '2021-05-10 23:59:59'
+            Signature: b3e7b16c76cee3ae479c25d30debce73d3622ccc321b1991abf6dc07d602f84a5e58e427c92ea1eb0eb426aeec0ae9ead5b15e874b67a1e65fc43fb4ee94fdd529779a19f7f6082a595b878e3da81a22ea229855bfd0fa8da928645e7c757c10c68890beb97bb6dead90de2d9491b514d3de0045c76c19f96d5734fc8d78ab9d02eadaeed30e5852aa5e2e2bf482e17ad5ce630ec044b864ad17146b4f5a39123ec7ec59f57e6fd73bd52fe8d7da767254f3f72916f0e5c8758f81b6b402c324f1b7ccbd49afe0dc0f81d5d23ea844d9b8932fef0af0f136732ed66dad9b1bffca564a61f572365ad88e6a8a40bfd82788ccf2f587edae46df4a9d62fe5d741b
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 6ec713048249f5421753b77c2796320f
+            Version: 3
+            TBS:
+                MD5: 899ac369826f1405bd7bf55c1d034016
+                SHA1: 27edea8e430cad6d62f38aa060eaa042c4e8c9ed
+                SHA256: e9a0d18bbc667e7267f40aab5d2fc592ad72b4520f89474e1ca3d05f9af004d5
+                SHA384: 6239f85331b6afe03a4e0631e5d01ff66fe58140fa5a1aad93aeac19e11417bc458c6aa831552dd5cfe4f0cd9ce49dbf
+        Signer:
+        -   SerialNumber: 6ec713048249f5421753b77c2796320f
+            Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 Extended Validation Code Signing CA , G2
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: Interface Corporation
+    Date: ''
+    Description: GPC-2X72C Kernel Device Driver(SYS) WindowsNT
+    FileVersion: 1.61-20
+    Filename: ''
+    MD5: ad612a7eb913b5f7d25703cd44953c35
+    MachineType: I386
+    OriginalFilename: CP2X72C
+    Product: GPC-2X72C
+    ProductVersion: 1.61-20
+    Publisher: ''
+    SHA1: 2ba0db7465cf4ffb272f803a9d77292b79c1e6df
+    SHA256: 11832c345e9898c4f74d3bf8f126cf84b4b1a66ad36135e15d103dbf2ac17359
+    Signature: ''
+    Imphash: 787e32b3fd816479fb93f9af0b6d0da3
+    Authentihash:
+        MD5: 3ea1e0ce9e19d6f8d5eeb4bca0b39a32
+        SHA1: aef1fb88d1ba3e38694ca2fd1e845ec4b3668f4b
+        SHA256: b44dfe8ea675910799fefab7626993926c04bad32091ece3dbdad5add31a6f15
+    RichPEHeaderHash:
+        MD5: c6f78c6f1f8c55d3cce2c58d50882c7f
+        SHA1: 33b9d5f56fbe1f6d5e97c6e70b2ba40cb76a1df4
+        SHA256: 10c83bfb35afcd97ed09e38b26c16ee402b8b4c29f266dea3d6ced3bb248e859
+    Sections:
+        .text:
+            Entropy: 6.190789868002631
+            Virtual Size: '0xc236'
+        DIOBM:
+            Entropy: 6.054924021052618
+            Virtual Size: '0xb4d'
+        FBIDIO:
+            Entropy: 6.1457195745106095
+            Virtual Size: '0x77a'
+        .rdata:
+            Entropy: 4.508434116129917
+            Virtual Size: '0x188'
+        .data:
+            Entropy: 2.0
+            Virtual Size: '0x4'
+        INIT:
+            Entropy: 5.901505230050809
+            Virtual Size: '0x826'
+        .rsrc:
+            Entropy: 3.3665063439288576
+            Virtual Size: '0x3b0'
+        .reloc:
+            Entropy: 6.061067314312593
+            Virtual Size: '0x4ea'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2007-03-12 00:06:43'
+    InternalName: CP2X72C.sys
+    Copyright: Copyright 2001, 2007 Interface Corp. All rights reserved.
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoConnectInterrupt
+    - KeInitializeDpc
+    - KeInitializeSpinLock
+    - IoCreateDevice
+    - MmUnlockPagableImageSection
+    - MmLockPagableDataSection
+    - RtlIntegerToUnicodeString
+    - IoStartPacket
+    - IofCompleteRequest
+    - InterlockedExchange
+    - IoAcquireCancelSpinLock
+    - ExfInterlockedInsertTailList
+    - ExfInterlockedRemoveHeadList
+    - IoReleaseCancelSpinLock
+    - IoDeleteDevice
+    - READ_REGISTER_UCHAR
+    - READ_REGISTER_USHORT
+    - READ_REGISTER_ULONG
+    - WRITE_REGISTER_UCHAR
+    - WRITE_REGISTER_USHORT
+    - WRITE_REGISTER_ULONG
+    - KeInsertQueueDpc
+    - KeSynchronizeExecution
+    - IoStartNextPacket
+    - KefReleaseSpinLockFromDpcLevel
+    - KefAcquireSpinLockAtDpcLevel
+    - IoAllocateAdapterChannel
+    - KeTickCount
+    - KeBugCheckEx
+    - IoDisconnectInterrupt
+    - KeRemoveQueueDpc
+    - ZwOpenKey
+    - ZwClose
+    - ZwEnumerateKey
+    - RtlUnicodeStringToInteger
+    - ZwQueryValueKey
+    - IoReportResourceUsage
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - ExAllocatePoolWithTag
+    - RtlAppendUnicodeToString
+    - RtlAppendUnicodeStringToString
+    - IoCreateSymbolicLink
+    - ExFreePool
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - IoFreeMapRegisters
+    - KfAcquireSpinLock
+    - KfReleaseSpinLock
+    - READ_PORT_USHORT
+    - READ_PORT_ULONG
+    - WRITE_PORT_ULONG
+    - WRITE_PORT_USHORT
+    - WRITE_PORT_UCHAR
+    - HalGetBusData
+    - READ_PORT_UCHAR
+    - HalGetInterruptVector
+    - HalGetAdapter
+    - HalGetBusDataByOffset
+    - HalSetBusDataByOffset
+    - HalTranslateBusAddress
+    - IoMapTransfer
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=JP, ST=Hiroshima, L=Hiroshima, O=Interface Corporation, OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, OU=DSC, CN=Interface
+                Corporation
+            ValidFrom: '2007-09-20 00:00:00'
+            ValidTo: '2008-09-19 23:59:59'
+            Signature: 7e4c545b887dc3cd4278be9ef92e3636965f1cb58ad4a566441c11178bf60e4e9a2081ebf1d192d2b84cef1c7025a3a4b75738fba0a7470a1d2fc4502da1c4c22a47a86853e01d09aab19443cae2a1f482c2bb5f19e2cbc7e6a2fc97626f945a47a5a5b0b83c20971a5b7b6e2e01107e9adaa4bf06b51a2299826895aa78a47cc96c5c9d28e315c90dc63ade5f2f623db497cc846cc7d258474abdd7cd1f43998230d16d1a1e613191d450a55bd6442cd690dfe7aeeb732dde9317d228301f06a14b274bd1b02509deef5f222c86f5351864d96274daffc5bb4828a55a7f12500e27a6d8345440f0e4e288f3eaf15519c678f6b15766eb0f80f03dba44c1c254
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 69513db11ff8c46acacef4fa45441973
+            Version: 3
+            TBS:
+                MD5: 7872f0a6159c70980c4e682420c1d612
+                SHA1: 1de98c55375993a6a3ed8281ce7d9fedc7dd39af
+                SHA256: 578a3437935bd47ac80b60aba4d446b1213e9b29fa1d825cdd911d77eede7d0c
+                SHA384: cc3667cd9a66cb7a187af758846531c193f48fc88b151ea868c7a997f69ef051da5b91ecadf23f20def5e9ad4db80ab5
+        Signer:
+        -   SerialNumber: 69513db11ff8c46acacef4fa45441973
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: Interface Corporation
+    Date: ''
+    Description: GPC-2X72C I/O Module Device Driver
+    FileVersion: 3.30.33.0
+    Filename: ''
+    MD5: 2601cf769ad6ffee727997679693f774
+    MachineType: AMD64
+    OriginalFilename: CP2X72C.SYS
+    Product: GPC-2X72C DIO-BM(PCI/C-PCI)
+    ProductVersion: 3.30.33.0
+    Publisher: ''
+    SHA1: 0536c9f15094ca8ddeef6dec75d93dc35366d8a9
+    SHA256: 4b4ea21da21a1167c00b903c05a4e3af6c514ea3dfe0b5f371f6a06305e1d27f
+    Signature: ''
+    Imphash: e08b2d7c450761f01ec9ed4ef0ca56a4
+    Authentihash:
+        MD5: eab512f1f1e844469d104076f8243695
+        SHA1: 4288602c828247d96839e8f89fd8aa063a5ca371
+        SHA256: b177164100a31fd01e7f0a24cb0a32015736d3c7c65744c21914a2d4459ef83d
+    RichPEHeaderHash:
+        MD5: ae0166a19cbd3b63ae5df13bbd38b738
+        SHA1: 1fa6b355a71e454e465a35747788e8667b5da30a
+        SHA256: bdf2eb85c939b50a30f24be3dbd02beffdb695579d96aca9506182f5247b5249
+    Sections:
+        .text:
+            Entropy: 6.339573808432115
+            Virtual Size: '0x115ba'
+        DIOBM:
+            Entropy: 6.064777352812242
+            Virtual Size: '0x16aa'
+        FBIDIO:
+            Entropy: 6.2762711095415336
+            Virtual Size: '0x1231'
+        .rdata:
+            Entropy: 4.707111876786829
+            Virtual Size: '0x8cc'
+        .data:
+            Entropy: 0.5096713223407059
+            Virtual Size: '0x114'
+        .pdata:
+            Entropy: 4.754467514646047
+            Virtual Size: '0x3fc'
+        INIT:
+            Entropy: 5.416107123423342
+            Virtual Size: '0x970'
+        .rsrc:
+            Entropy: 3.5913055129335945
+            Virtual Size: '0xe50'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2020-03-25 22:53:57'
+    InternalName: CP2X72C.SYS
+    Copyright: Copyright 2001, 2020 Interface Corporation. All rights reserved.
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - ZwClose
+    - RtlInitUnicodeString
+    - RtlAppendUnicodeStringToString
+    - RtlIntegerToUnicodeString
+    - IofCompleteRequest
+    - IoDeleteDevice
+    - KeSetEvent
+    - IoConnectInterrupt
+    - RtlAppendUnicodeToString
+    - IoReleaseRemoveLockAndWaitEx
+    - KeInitializeEvent
+    - KeWaitForSingleObject
+    - RtlGetVersion
+    - IoFreeIrp
+    - ZwSetValueKey
+    - IoAttachDeviceToDeviceStack
+    - KeInitializeDpc
+    - PoCallDriver
+    - IoReleaseRemoveLockEx
+    - IoAllocateIrp
+    - IoCreateSymbolicLink
+    - MmUnlockPagableImageSection
+    - IoDetachDevice
+    - IoInitializeRemoveLockEx
+    - IoOpenDeviceRegistryKey
+    - MmUnmapIoSpace
+    - IoGetDmaAdapter
+    - IoCreateDevice
+    - PoStartNextPowerIrp
+    - PoRequestPowerIrp
+    - IoDisconnectInterrupt
+    - IoAllocateErrorLogEntry
+    - KeClearEvent
+    - MmLockPagableDataSection
+    - PoSetPowerState
+    - IoWriteErrorLogEntry
+    - IoDeleteSymbolicLink
+    - ZwQueryValueKey
+    - IofCallDriver
+    - ExFreePoolWithTag
+    - ExAllocatePool
+    - KeRemoveQueueDpc
+    - MmUnmapLockedPages
+    - MmMapLockedPages
+    - IoStartPacket
+    - IoIs32bitProcess
+    - MmBuildMdlForNonPagedPool
+    - IoFreeMdl
+    - IoReleaseCancelSpinLock
+    - IoAcquireCancelSpinLock
+    - IoAllocateMdl
+    - KeSynchronizeExecution
+    - KeInsertQueueDpc
+    - KeReleaseSpinLockFromDpcLevel
+    - IoStartNextPacket
+    - KeAcquireSpinLockAtDpcLevel
+    - KeBugCheckEx
+    - MmMapIoSpace
+    - IoAcquireRemoveLockEx
+    - Mm64BitPhysicalAddress
+    - ExAllocatePoolWithTag
+    - ExFreePool
+    - RtlCompareMemory
+    - IoGetDeviceProperty
+    - ZwEnumerateKey
+    - ZwOpenKey
+    - __C_specific_handler
+    - HalTranslateBusAddress
+    - KeStallExecutionProcessor
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 Extended Validation Code Signing CA , G2
+            ValidFrom: '2014-03-04 00:00:00'
+            ValidTo: '2024-03-03 23:59:59'
+            Signature: 3f5b19f3fa13d575382a5aee9f5aa04ca91dc5cc94eede15fef5106ea41ba56483541858c40b28a185c34e74e5ff897cfed5ed3cba719f5602268f162a88feb0a32722ce4be2388e00a63a865f9de53ea8de644941744121fd07c88417da1d653082cb264f39d60427a481b14b49c3238b7e02321827b7ab0bf31872b6a4ee67066f38a6588de0f17e5da460c6a8e5505fe0e8bae28f9958b6b5a0a876f1a2f11c8841727e52979b0a36998d50f701eb3ce7f0226ae5358c63368a1ab1d967665f971aefa8209df02fba6cced9948500f158f17dc97c22b5075d02c6e60bbfab9393ff27188e33367e5734f1c3af04c184f156b3e8878336f8d30a31dc6e2c6d
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 191a32cb759c97b8cfac118dd5127f49
+            Version: 3
+            TBS:
+                MD5: 788b61bd26da89253179e3de2cdb527f
+                SHA1: 7d06f16e7bf21bce4f71c2cb7a3e74351451bf69
+                SHA256: b3c925b4048c3f7c444d248a2b101186b57cba39596eb5dce0e17a4ee4b32f19
+                SHA384: 2955e28cb7ec0ea9730b499a0f189f9621eceb02591a9486b583f12bb845885a30d6a871826318a167cc5f06b274e58c
+        -   Subject: ??=JP, ??=Private Organization, serialNumber=2400,01,000873,
+                C=JP, ST=Hiroshima, L=Hiroshima, O=Interface Corporation, OU=Development
+                department, CN=Interface Corporation
+            ValidFrom: '2019-05-11 00:00:00'
+            ValidTo: '2021-05-10 23:59:59'
+            Signature: b3e7b16c76cee3ae479c25d30debce73d3622ccc321b1991abf6dc07d602f84a5e58e427c92ea1eb0eb426aeec0ae9ead5b15e874b67a1e65fc43fb4ee94fdd529779a19f7f6082a595b878e3da81a22ea229855bfd0fa8da928645e7c757c10c68890beb97bb6dead90de2d9491b514d3de0045c76c19f96d5734fc8d78ab9d02eadaeed30e5852aa5e2e2bf482e17ad5ce630ec044b864ad17146b4f5a39123ec7ec59f57e6fd73bd52fe8d7da767254f3f72916f0e5c8758f81b6b402c324f1b7ccbd49afe0dc0f81d5d23ea844d9b8932fef0af0f136732ed66dad9b1bffca564a61f572365ad88e6a8a40bfd82788ccf2f587edae46df4a9d62fe5d741b
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 6ec713048249f5421753b77c2796320f
+            Version: 3
+            TBS:
+                MD5: 899ac369826f1405bd7bf55c1d034016
+                SHA1: 27edea8e430cad6d62f38aa060eaa042c4e8c9ed
+                SHA256: e9a0d18bbc667e7267f40aab5d2fc592ad72b4520f89474e1ca3d05f9af004d5
+                SHA384: 6239f85331b6afe03a4e0631e5d01ff66fe58140fa5a1aad93aeac19e11417bc458c6aa831552dd5cfe4f0cd9ce49dbf
+        Signer:
+        -   SerialNumber: 6ec713048249f5421753b77c2796320f
+            Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 Extended Validation Code Signing CA , G2
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: Interface Corporation
+    Date: ''
+    Description: GPC-2X72C I/O Module Device Driver
+    FileVersion: 3.02.30.0
+    Filename: ''
+    MD5: de2aac9468158c73880e31509924d7e0
+    MachineType: I386
+    OriginalFilename: CP2X72C.SYS
+    Product: GPC-2X72C DIO-BM(PCI/C-PCI)
+    ProductVersion: 3.02.30.0
+    Publisher: ''
+    SHA1: d9b05c5ffc5eddf65186ba802bb1ece0249cab05
+    SHA256: 63865f04c1150655817ed4c9f56ad9f637d41ebd2965b6127fc7c02757a7800e
+    Signature: ''
+    Imphash: 7a286ef4179598007a8afe9e5af95a48
+    Authentihash:
+        MD5: c21ee0f8ba66b8b72e43158fd740f4dd
+        SHA1: 7ec84ab4170b0b911d5a21d717d06aeb7a8c8ace
+        SHA256: 3c03433ea3376f6f099ad77a4ce59187817d1bc0c3c0f55fd931320d909dd920
+    RichPEHeaderHash:
+        MD5: 392105478261191dc6112bb08d97b499
+        SHA1: ea819d9ecaeed60cb8b4543baa87ab9f1c9d3c10
+        SHA256: c5295a6a29894b43be50051e75c63cf3624590f4307694e80f6d3fc3770dd760
+    Sections:
+        .text:
+            Entropy: 6.353525880400966
+            Virtual Size: '0xf688'
+        DIOBM:
+            Entropy: 6.235155216162854
+            Virtual Size: '0x124f'
+        FBIDIO:
+            Entropy: 6.2142280087441355
+            Virtual Size: '0xaa5'
+        .rdata:
+            Entropy: 4.496813770315384
+            Virtual Size: '0x384'
+        .data:
+            Entropy: 2.9182958340544896
+            Virtual Size: '0xc'
+        INIT:
+            Entropy: 5.7861932804758585
+            Virtual Size: '0x8b0'
+        .rsrc:
+            Entropy: 3.587595742919749
+            Virtual Size: '0xe50'
+        .reloc:
+            Entropy: 5.221651508671624
+            Virtual Size: '0x4ea'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2014-04-27 22:36:43'
+    InternalName: CP2X72C.SYS
+    Copyright: Copyright 2001, 2014 Interface Corporation. All rights reserved.
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - ExAllocatePool
+    - RtlInitUnicodeString
+    - memset
+    - IoCreateSymbolicLink
+    - RtlAppendUnicodeToString
+    - IoDeleteSymbolicLink
+    - ZwClose
+    - ZwQueryValueKey
+    - IoOpenDeviceRegistryKey
+    - memcpy
+    - KeClearEvent
+    - IoFreeIrp
+    - IoAllocateIrp
+    - ZwSetValueKey
+    - IoGetDmaAdapter
+    - READ_REGISTER_UCHAR
+    - READ_REGISTER_USHORT
+    - READ_REGISTER_ULONG
+    - WRITE_REGISTER_UCHAR
+    - WRITE_REGISTER_USHORT
+    - WRITE_REGISTER_ULONG
+    - IoConnectInterrupt
+    - MmMapIoSpace
+    - PoRequestPowerIrp
+    - RtlIntegerToUnicodeString
+    - IoCreateDevice
+    - MmUnmapIoSpace
+    - KeRemoveQueueDpc
+    - IoDisconnectInterrupt
+    - IoInitializeRemoveLockEx
+    - IoDeleteDevice
+    - IoAttachDeviceToDeviceStack
+    - IoDetachDevice
+    - IoReleaseRemoveLockAndWaitEx
+    - IoReleaseRemoveLockEx
+    - IoAcquireRemoveLockEx
+    - MmUnlockPagableImageSection
+    - MmLockPagableDataSection
+    - IoStartPacket
+    - IoReleaseCancelSpinLock
+    - IoFreeMdl
+    - MmUnmapLockedPages
+    - IoAcquireCancelSpinLock
+    - KeInsertQueueDpc
+    - KeSynchronizeExecution
+    - IoStartNextPacket
+    - KefReleaseSpinLockFromDpcLevel
+    - KefAcquireSpinLockAtDpcLevel
+    - KeTickCount
+    - KeBugCheckEx
+    - RtlAppendUnicodeStringToString
+    - ExFreePoolWithTag
+    - IofCallDriver
+    - KeInitializeEvent
+    - PoCallDriver
+    - KeWaitForSingleObject
+    - PoSetPowerState
+    - PoStartNextPowerIrp
+    - IofCompleteRequest
+    - KeInitializeDpc
+    - KeSetEvent
+    - ExFreePool
+    - RtlCompareMemory
+    - IoGetDeviceProperty
+    - ExAllocatePoolWithTag
+    - ZwEnumerateKey
+    - ZwOpenKey
+    - RtlUnwind
+    - KfLowerIrql
+    - KeStallExecutionProcessor
+    - HalTranslateBusAddress
+    - WRITE_PORT_ULONG
+    - WRITE_PORT_USHORT
+    - WRITE_PORT_UCHAR
+    - READ_PORT_ULONG
+    - READ_PORT_USHORT
+    - READ_PORT_UCHAR
+    - KeRaiseIrqlToDpcLevel
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=JP, ST=Hiroshima, L=Hiroshima, O=Interface Corporation, OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, OU=DSC, CN=Interface
+                Corporation
+            ValidFrom: '2012-08-22 00:00:00'
+            ValidTo: '2014-09-07 23:59:59'
+            Signature: 23bea08ce952689a0d22cd1925aeb8a8b3ff27a2a68b29d472ec70a7dbd85d72f1a0bff7a68c931a356e15902cd4036fa1a42d4f3c3a5d65d2dc0d1b6aeb0b997e75d50a9271afbea7fc74ba8ffaa63c5306871aa64b5424b0733871b53ec955c47bc417d3ffe488e1656119e269c17c9b1b16b967b1790e0c10407f833fe970b2a26b989e9e08ba914b5249f77c7352a1b19708416748b7278bd0c51e6f2819e592faa90d7e292119533e00819a4b49ed4131064286f90f2ff67ac5d94c46bffe99a3265b95c4ce177f9096c1cbad9f1f32ee408bd2e9e147e6eee5e950c5455a36144d3c46e3ffbdbc51da28f0733a5b3f2b61894d2b1f2dd828dc5a42ff64
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 05f803452203a09cc083f213aad07fb6
+            Version: 3
+            TBS:
+                MD5: ef79dcc14a9e19d41d383b3979d58a05
+                SHA1: 9388992f7a914b818de4832a0e9c071bfad99ac8
+                SHA256: 6bf61e40c54da3dc52ce6fec7796a39b119089037b06085079860b00060cae6a
+                SHA384: 3d2f4ca1680ff25d8e92c37d62fc1ebef616b507f4dbf852d85c3096fd3d1f02654aa4b2d8356e6a5b9d92ce47bcc2db
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 05f803452203a09cc083f213aad07fb6
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: Interface Corporation
+    Date: ''
+    Description: GPC-2X72C I/O Module Device Driver
+    FileVersion: 3.02.30.0
+    Filename: ''
+    MD5: e98f4cc2cbf9ec23fd84da30c0625884
+    MachineType: AMD64
+    OriginalFilename: CP2X72C.SYS
+    Product: GPC-2X72C DIO-BM(PCI/C-PCI)
+    ProductVersion: 3.02.30.0
+    Publisher: ''
+    SHA1: 67e87ca093da64a23cf0fc0be2b35e03d1bf1543
+    SHA256: 9c8ed1506b3e35f5eea6ac539e286d46ef76ddbfdfc5406390fd2157c762ce91
+    Signature: ''
+    Imphash: e08b2d7c450761f01ec9ed4ef0ca56a4
+    Authentihash:
+        MD5: 3189fc90f7a5a27e512fb733de818110
+        SHA1: 2170ba5d21bf949702480a0419d08bf00321afe5
+        SHA256: 054f04dc0ba1b20701c6f44169ea0fdd27b01a8450a44cc273b0eb0c91cbdb68
+    RichPEHeaderHash:
+        MD5: ae0166a19cbd3b63ae5df13bbd38b738
+        SHA1: 1fa6b355a71e454e465a35747788e8667b5da30a
+        SHA256: bdf2eb85c939b50a30f24be3dbd02beffdb695579d96aca9506182f5247b5249
+    Sections:
+        .text:
+            Entropy: 6.341134427898596
+            Virtual Size: '0x1158a'
+        DIOBM:
+            Entropy: 6.064109331875678
+            Virtual Size: '0x16aa'
+        FBIDIO:
+            Entropy: 6.270042726174776
+            Virtual Size: '0x1231'
+        .rdata:
+            Entropy: 4.693041244500339
+            Virtual Size: '0x8d0'
+        .data:
+            Entropy: 0.5096713223407059
+            Virtual Size: '0x114'
+        .pdata:
+            Entropy: 4.7403955063801995
+            Virtual Size: '0x3fc'
+        INIT:
+            Entropy: 5.415633097335706
+            Virtual Size: '0x970'
+        .rsrc:
+            Entropy: 3.5884380372230194
+            Virtual Size: '0xe50'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2014-04-27 22:37:11'
+    InternalName: CP2X72C.SYS
+    Copyright: Copyright 2001, 2014 Interface Corporation. All rights reserved.
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - ZwClose
+    - RtlInitUnicodeString
+    - RtlAppendUnicodeStringToString
+    - RtlIntegerToUnicodeString
+    - IofCompleteRequest
+    - IoDeleteDevice
+    - KeSetEvent
+    - IoConnectInterrupt
+    - RtlAppendUnicodeToString
+    - IoReleaseRemoveLockAndWaitEx
+    - KeInitializeEvent
+    - KeWaitForSingleObject
+    - RtlGetVersion
+    - IoFreeIrp
+    - ZwSetValueKey
+    - IoAttachDeviceToDeviceStack
+    - KeInitializeDpc
+    - PoCallDriver
+    - IoReleaseRemoveLockEx
+    - IoAllocateIrp
+    - IoCreateSymbolicLink
+    - MmUnlockPagableImageSection
+    - IoDetachDevice
+    - IoInitializeRemoveLockEx
+    - IoOpenDeviceRegistryKey
+    - MmUnmapIoSpace
+    - IoGetDmaAdapter
+    - IoCreateDevice
+    - PoStartNextPowerIrp
+    - PoRequestPowerIrp
+    - IoDisconnectInterrupt
+    - IoAllocateErrorLogEntry
+    - KeClearEvent
+    - MmLockPagableDataSection
+    - PoSetPowerState
+    - IoWriteErrorLogEntry
+    - IoDeleteSymbolicLink
+    - ZwQueryValueKey
+    - IofCallDriver
+    - ExFreePoolWithTag
+    - ExAllocatePool
+    - KeRemoveQueueDpc
+    - MmUnmapLockedPages
+    - MmMapLockedPages
+    - IoStartPacket
+    - IoIs32bitProcess
+    - MmBuildMdlForNonPagedPool
+    - IoFreeMdl
+    - IoReleaseCancelSpinLock
+    - IoAcquireCancelSpinLock
+    - IoAllocateMdl
+    - KeSynchronizeExecution
+    - KeInsertQueueDpc
+    - KeReleaseSpinLockFromDpcLevel
+    - IoStartNextPacket
+    - KeAcquireSpinLockAtDpcLevel
+    - KeBugCheckEx
+    - MmMapIoSpace
+    - IoAcquireRemoveLockEx
+    - Mm64BitPhysicalAddress
+    - ExAllocatePoolWithTag
+    - ExFreePool
+    - RtlCompareMemory
+    - IoGetDeviceProperty
+    - ZwEnumerateKey
+    - ZwOpenKey
+    - __C_specific_handler
+    - HalTranslateBusAddress
+    - KeStallExecutionProcessor
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=JP, ST=Hiroshima, L=Hiroshima, O=Interface Corporation, OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, OU=DSC, CN=Interface
+                Corporation
+            ValidFrom: '2012-08-22 00:00:00'
+            ValidTo: '2014-09-07 23:59:59'
+            Signature: 23bea08ce952689a0d22cd1925aeb8a8b3ff27a2a68b29d472ec70a7dbd85d72f1a0bff7a68c931a356e15902cd4036fa1a42d4f3c3a5d65d2dc0d1b6aeb0b997e75d50a9271afbea7fc74ba8ffaa63c5306871aa64b5424b0733871b53ec955c47bc417d3ffe488e1656119e269c17c9b1b16b967b1790e0c10407f833fe970b2a26b989e9e08ba914b5249f77c7352a1b19708416748b7278bd0c51e6f2819e592faa90d7e292119533e00819a4b49ed4131064286f90f2ff67ac5d94c46bffe99a3265b95c4ce177f9096c1cbad9f1f32ee408bd2e9e147e6eee5e950c5455a36144d3c46e3ffbdbc51da28f0733a5b3f2b61894d2b1f2dd828dc5a42ff64
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 05f803452203a09cc083f213aad07fb6
+            Version: 3
+            TBS:
+                MD5: ef79dcc14a9e19d41d383b3979d58a05
+                SHA1: 9388992f7a914b818de4832a0e9c071bfad99ac8
+                SHA256: 6bf61e40c54da3dc52ce6fec7796a39b119089037b06085079860b00060cae6a
+                SHA384: 3d2f4ca1680ff25d8e92c37d62fc1ebef616b507f4dbf852d85c3096fd3d1f02654aa4b2d8356e6a5b9d92ce47bcc2db
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 05f803452203a09cc083f213aad07fb6
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/a0fbd397-64d5-4af2-844b-b096e08a1866.yaml b/yaml/a0fbd397-64d5-4af2-844b-b096e08a1866.yaml
index d82c9023d..66b77c230 100644
--- a/yaml/a0fbd397-64d5-4af2-844b-b096e08a1866.yaml
+++ b/yaml/a0fbd397-64d5-4af2-844b-b096e08a1866.yaml
@@ -1,930 +1,934 @@
 Id: a0fbd397-64d5-4af2-844b-b096e08a1866
+Tags:
+- libnicm.sys
+Verified: 'TRUE'
 Author: Nasreddine Bencherchali
 Created: '2023-05-06'
 MitreID: T1068
 Category: vulnerable driver
-Verified: 'TRUE'
 Commands:
-  Command: sc.exe create libnicm.sys binPath=C:\windows\temp\libnicm.sys type=kernel
-    && sc.exe start libnicm.sys
-  Description: ''
-  Usecase: Elevate privileges
-  Privileges: kernel
-  OperatingSystem: Windows 10
+    Command: sc.exe create libnicm.sys binPath=C:\windows\temp\libnicm.sys type=kernel
+        && sc.exe start libnicm.sys
+    Description: ''
+    Usecase: Elevate privileges
+    Privileges: kernel
+    OperatingSystem: Windows 10
 Resources:
 - Internal Research
-Acknowledgement:
-  Person: ''
-  Handle: ''
 Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Person: ''
+    Handle: ''
 KnownVulnerableSamples:
-- Filename: libnicm.sys
-  MD5: 7a6a6d6921cd1a4e1d61f9672a4560d6
-  SHA1: cb5229acdf87493e45d54886e6371fc59fc09ee5
-  SHA256: ab0925398f3fa69a67eacee2bbb7b34ac395bb309df7fc7a9a9b8103ef41ed7a
-  Authentihash:
-    MD5: 8804d6be09e294ab07e2691ca91e67a5
-    SHA1: ffe0a81f1e2aee5cb4c5720da8d3ab2cdec52dc1
-    SHA256: 6aa427e7230a2b077bfecade35ffff67b2f15c051cf92fd207a3412c747f83c3
-  Description: Novell XTCOM Services Driver
-  Company: Novell, Inc.
-  InternalName: ''
-  OriginalFilename: libnicm.sys
-  FileVersion: 3.1.11.0
-  Product: Novell XTier
-  ProductVersion: 3.1.11
-  Copyright: (C) Copyright 2000-2013, Novell, Inc. All Rights Reserved.
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions:
-  - NicmCreateInstance
-  - NicmDeregisterClassFactory
-  - NicmGetVersion
-  - NicmRegisterClassFactory
-  - XTComCreateInstance
-  - XTComDeregisterClassFactory
-  - XTComFreeUnusedLibrariesEx
-  - XTComGetClassObject
-  - XTComGetVersion
-  - XTComInitialize
-  - XTComRegisterClassFactory
-  ImportedFunctions:
-  - ExAcquireResourceExclusiveLite
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - strstr
-  - RtlInitAnsiString
-  - ExAcquireResourceSharedLite
-  - ExReleaseResourceLite
-  - RtlEqualString
-  - MmUnmapLockedPages
-  - ProbeForRead
-  - IoDeleteSymbolicLink
-  - IoRegisterShutdownNotification
-  - KeInitializeMutex
-  - KeLeaveCriticalRegion
-  - IoDeleteDevice
-  - ProbeForWrite
-  - IoFreeMdl
-  - KeEnterCriticalRegion
-  - KeReleaseMutex
-  - ZwCreateFile
-  - MmMapLockedPagesSpecifyCache
-  - IoUnregisterShutdownNotification
-  - ZwClose
-  - IofCompleteRequest
-  - IoSetTopLevelIrp
-  - KeWaitForSingleObject
-  - MmProbeAndLockPages
-  - MmUnlockPages
-  - ExDeleteResourceLite
-  - IoGetTopLevelIrp
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - ExInitializeResourceLite
-  - NtSetSecurityObject
-  - DbgPrintEx
-  - IoAllocateMdl
-  - RtlCreateSecurityDescriptor
-  - IoGetCurrentProcess
-  - ZwCreateKey
-  - RtlAnsiStringToUnicodeString
-  - ZwReadFile
-  - RtlInitUnicodeString
-  - RtlAppendUnicodeToString
-  - RtlUnicodeStringToAnsiString
-  - ZwSetValueKey
-  - ZwQuerySystemInformation
-  - RtlInitString
-  - KeDelayExecutionThread
-  - RtlFreeUnicodeString
-  - ZwWaitForSingleObject
-  - ZwQueryValueKey
-  - ZwQueryDirectoryFile
-  - RtlAppendUnicodeStringToString
-  - RtlCopyString
-  - MmIsAddressValid
-  - ZwOpenFile
-  - ZwQueryInformationFile
-  - ZwLoadDriver
-  - ZwOpenKey
-  - KeBugCheckEx
-  - __C_specific_handler
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Corporation
-      ValidFrom: '2021-09-02 18:32:59'
-      ValidTo: '2022-09-01 18:32:59'
-      Signature: 164937b92c644c4061d4db4097b062bc812c0167605f5a99f847593186d029ab18e888522d744cc45d41dce29d47d2bf91c72992f35c1a5f03ed8c984b89a109430147e54bae0ddff0f523dfc03d5796a2636fc9a24ed66453809a33d134d1a7c9e83b974953893845a84fb668eb3afa179e82a01d7a51a03492911cb591ba118ab8b230e65920c7d2b2f90bd9ae7fc3762f2e4c88162a9f8c186f3163a3c1bef8e0b7d8d04a19673eb677518f01bf0cbaaf29e15c1695d15d134cbd20131ede87f2b5a3c3226abbbab3fec5caa38b7944b8bd31e1f538012f90edc4262ead76d2055b4bd458f8e3e39dffa7260bd9a6bebb62c86ef4f58dd177761d263d9fdc626aed8eca756ab441885ab4a8417a0e1fc63860d32badda0e9a3359b18cd3eb138f33e87582346bbd80c2b966e765751c386b8e59d3a02892da1fd02a8ec9312bbead188e81385e96b4fbced3fcf5545cda9fed8faa494efef4bb4b42e318478c377123e3b8dbacbcb7fd8019dc87946a33b91a0ed6160e02f2078d847ecc5e32ac0a5b003e4d58b41eb591a9f4b1da895b139ea125c1243233922b3dec46eba91425f752ba3261fe762feda2553add6bc5d67ac3c6eb63279f74fc02e2dfcde245b806df392111c7b20564ef7650fa17135b848cbe6c925d724d907732e6e0380e05f0aa11361be21401124fe9c6f1cf2e22c6d979bd3c49e61032a8d51269
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 33000002528b33aaf895f339db000000000252
-      Version: 3
-      TBS:
-        MD5: 92b6022918bc02eb361b8a02fb1da57d
-        SHA1: 8ceb945fac0f6d623d464e21740ae6eb60351652
-        SHA256: c1446860a1cd9db490d3ea85e9df05df44af8d44e2bb803a2a2018f3b6c41bcb
-        SHA384: 322ed1a62a9f2ed7c7f601e99a8db15371e3ba1039a73c81801165ea987679023bc36f8c357f74354dce65532b71be3c
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Code Signing PCA 2011
-      ValidFrom: '2011-07-08 20:59:09'
-      ValidTo: '2026-07-08 21:09:09'
-      Signature: 67f286a598e054791a2ed3d87467229b0b9611e163929942967dd2790c90c1655f2e2c3ef8c372d16d83febe3fe80aca3bbf47a9a3f369db63bf2235a5975d6584907d8b465055d80c927cd21a4b1cf33c428b52d0b0fd6be33e072e299be63d1ba5d4b51d779439e2e964c9443d787a23f3137da69074838df4cb2602462ac28a10bba4a9050c9bed68fa682e95a02a3f2a6b5849631f09696e5a9896e483f4c08ff3462bdefc3bd0bd35ef6e25aee5af27edd0ddf30eaf992897984d0e3d0bf20889d61fc33218e2f0c52dce5b9eb449390ac60ac2c6adaee5b2d9db1588514558383271271a7fb1f427f8de2c3a206998b25989686e6fa7b774c3400506a6012a283e823f134d660bc0b34df5e18f7f1c6f157d45a776e5402a65a3c35d526286c31d63369786dfdaf3f8f216a19a27e1cda597d0ee5d6341e35b079c873e067706d106b1751f14be6161b5f0dcc61b04bedf41c70e28eede652fec97f6a15c96d800d6a146bd59f397a5094b481099801fd00029c5b19ba53f45771e35c6d2a2a29f7a7a22fa48951fabfb472380f59ef8bf6bb74b97e2eb75781aecea379979184bffd6b3236875e6affafc8beb0b80ea693baffc30ed044c8edfdf756d63913dd19d564e4fbf805722a1781132217aef410ab13ffba8cca45dc1a1889b5771564e4845c042c99b765b0a80486bfd799fc1bd6d6d6ac95273130d7a50cd
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 610e90d2000000000003
-      Version: 3
-      TBS:
-        MD5: b4ec95434f1d45b8055077cf90540a5f
-        SHA1: 71f74db41d045d6eaf81a849bbb3e21544edcff4
-        SHA256: f6f717a43ad9abddc8cefdde1c505462535e7d1307e630f9544a2d14fe8bf26e
-        SHA384: 25cbac323e740588a1ea3ca39ea907647440884ad75fc4bd99be6c82202aba42e95049fa7b66884977e60b819b21a2a5
-    Signer:
-    - SerialNumber: 33000002528b33aaf895f339db000000000252
-      Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Code Signing PCA 2011
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 4a53ed67faf49ecb288c974cd66ea496
-    SHA1: f83f49f155f801d8ce781070309c4ce878f8f87f
-    SHA256: 93963bed2c58da923a8df184e6443740eba6ecb6949996b6568f42fe525bf906
-  Sections:
-    .text:
-      Entropy: 6.307312732264105
-      Virtual Size: '0x3980'
-    .rdata:
-      Entropy: 4.780683221400144
-      Virtual Size: '0x56c'
-    .data:
-      Entropy: 2.7659755587497967
-      Virtual Size: '0x968'
-    .pdata:
-      Entropy: 4.129962233416926
-      Virtual Size: '0x228'
-    .edata:
-      Entropy: 4.8209283897016855
-      Virtual Size: '0x18e'
-    INIT:
-      Entropy: 5.7784312613823845
-      Virtual Size: '0xb38'
-    .rsrc:
-      Entropy: 3.2963910982792863
-      Virtual Size: '0x360'
-    .reloc:
-      Entropy: 1.3741854163060885
-      Virtual Size: '0x18'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2013-01-15 23:19:18'
-  Imphash: 262d8fbbf1f514399bb3f230cddc12af
-  LoadsDespiteHVCI: 'TRUE'
-- Filename: libnicm.sys
-  MD5: cfad9185ffcf5850b5810c28b24d5fc8
-  SHA1: 87f313fc30ec8759b391e9d6c08f79b02f3ecebd
-  SHA256: b37b3c6877b70289c0f43aeb71349f7344b06063996e6347c3c18d8c5de77f3b
-  Authentihash:
-    MD5: e30ca4b88f80e5441aee1a7102dccf9a
-    SHA1: 5e68ae28b2e80d0045c01affba7c76f649241fb6
-    SHA256: c5647d315fb5ca1dcf4b063ea3f54003e2545739871519b8f2c98dc5baf66bac
-  Description: Novell XTCOM Services Driver
-  Company: Novell, Inc.
-  InternalName: ''
-  OriginalFilename: libnicm.sys
-  FileVersion: 3.1.6.0
-  Product: Novell XTier
-  ProductVersion: 3.1.6
-  Copyright: (C) Copyright 2000-2008, Novell, Inc. All Rights Reserved.
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions:
-  - NicmCreateInstance
-  - NicmDeregisterClassFactory
-  - NicmGetVersion
-  - NicmRegisterClassFactory
-  - XTComCreateInstance
-  - XTComDeregisterClassFactory
-  - XTComFreeUnusedLibrariesEx
-  - XTComGetClassObject
-  - XTComGetVersion
-  - XTComInitialize
-  - XTComRegisterClassFactory
-  ImportedFunctions:
-  - ExFreePoolWithTag
-  - RtlInitAnsiString
-  - ExAcquireResourceSharedLite
-  - ExReleaseResourceLite
-  - RtlEqualString
-  - ExAcquireResourceExclusiveLite
-  - ExAllocatePoolWithTag
-  - strstr
-  - IoFreeMdl
-  - RtlCreateSecurityDescriptor
-  - KeEnterCriticalRegion
-  - KeReleaseMutex
-  - ZwCreateFile
-  - MmMapLockedPagesSpecifyCache
-  - IoUnregisterShutdownNotification
-  - ZwClose
-  - IofCompleteRequest
-  - IoSetTopLevelIrp
-  - MmUnmapLockedPages
-  - KeWaitForSingleObject
-  - ProbeForRead
-  - MmProbeAndLockPages
-  - IoDeleteSymbolicLink
-  - IoRegisterShutdownNotification
-  - MmUnlockPages
-  - KeInitializeMutex
-  - ExDeleteResourceLite
-  - KeLeaveCriticalRegion
-  - IoGetTopLevelIrp
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoCreateDevice
-  - ProbeForWrite
-  - ExInitializeResourceLite
-  - NtSetSecurityObject
-  - DbgPrintEx
-  - IoAllocateMdl
-  - IoGetCurrentProcess
-  - ZwLoadDriver
-  - ZwReadFile
-  - RtlInitUnicodeString
-  - ZwOpenKey
-  - RtlAppendUnicodeToString
-  - RtlUnicodeStringToAnsiString
-  - ZwSetValueKey
-  - ZwQuerySystemInformation
-  - RtlInitString
-  - KeDelayExecutionThread
-  - RtlFreeUnicodeString
-  - ZwWaitForSingleObject
-  - ZwQueryValueKey
-  - ZwQueryDirectoryFile
-  - RtlAppendUnicodeStringToString
-  - RtlCopyString
-  - MmIsAddressValid
-  - ZwCreateKey
-  - ZwOpenFile
-  - RtlAnsiStringToUnicodeString
-  - ZwQueryInformationFile
-  - KeBugCheckEx
-  - __C_specific_handler
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, OU=Novell Products Group, CN=Novell, Inc.
-      ValidFrom: '2007-04-04 00:00:00'
-      ValidTo: '2010-04-27 23:59:59'
-      Signature: 267f71f6ee43755fd6395f85c34bb15a72a6f2a959c2074627d294395fb1aaa4c7bbeff369d735628b233bde7e5c95a0f1837e5ad03704270834ce9c1b07649a256027930f44e064568666b06e7f9dc3cd299b38b0a6766301200ab58434a05a34a369ab99bbbf2aaa6b3603481e0393a80ea09e78a7cf55317a9590c49887f02e1fd948c3b1f6d203e91782ce423d0569f45e7f074205df5f92be6ccd9836641439af4390022242e0ca84aedb0d71c5a50f2dbd1ed30e5ac9c1bda67c694f94f2fe4aa83945ed32e426afe26f44dcb6dcc8186728f86f1a1bddc1ea7dd82b76578a42d1e63bf5f8f348fbcd509094858978e375d277394529df1dd5d78abab2
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 4808d93b14b8600dbfa18dab5d15310f
-      Version: 3
-      TBS:
-        MD5: adddb65a3a360b3c1a55cb33e426f32a
-        SHA1: 93d9b282265288a94ee4f1a01c5fb3a08badb7ac
-        SHA256: d98d63f26125a94eb767fdd2526f6c74bfb40cb4d117a1d87ca3ed0d99bd6f0b
-        SHA384: cf20d9d6343b52b05ebaeace8a75ad950089e2d55508571cf5b153583fdf2d7b11bc61b8f38bfa70f09b2e7ac63d9ef5
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 4808d93b14b8600dbfa18dab5d15310f
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: c93ac24ebf03669439ddaedcdec40816
-    SHA1: 5fa20de9a3815959d4a524edfd3e84d75d9057a9
-    SHA256: 143c2b92a334ff7919b92c2360f8a38b2ba578796bef13a77df8bbc2cefeee47
-  Sections:
-    .text:
-      Entropy: 6.3095364913748115
-      Virtual Size: '0x396c'
-    .rdata:
-      Entropy: 4.801718169229357
-      Virtual Size: '0x548'
-    .data:
-      Entropy: 2.7659755587497967
-      Virtual Size: '0x968'
-    .pdata:
-      Entropy: 4.135209047489949
-      Virtual Size: '0x1f8'
-    .edata:
-      Entropy: 4.823155614292039
-      Virtual Size: '0x18e'
-    INIT:
-      Entropy: 5.7600622039931295
-      Virtual Size: '0xb18'
-    .rsrc:
-      Entropy: 3.2975194770283838
-      Virtual Size: '0x358'
-    .reloc:
-      Entropy: 1.3741854163060885
-      Virtual Size: '0x18'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2009-03-27 11:53:33'
-  Imphash: 96f270be3f73ec3fc2f2237fe84efca0
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: libnicm.sys
-  MD5: 0809f48fd30845d983d569b847fa83cf
-  SHA1: c02cb8256dfb37f690f2698473fe5428d17bc178
-  SHA256: b50ffc60eaa4fb7429fdbb67c0aba0c7085f5129564d0a113fec231c5f8ff62e
-  Authentihash:
-    MD5: 1fd61feb0c5b905441426742e69ec997
-    SHA1: faab67dd8387e4ccb17e28f3637ccce4096bd10b
-    SHA256: fcdf0eaf9c8effa2786c82e774974f1ef4098dcd376461bad37fd4168dcab52b
-  Description: Novell XTCOM Services Driver
-  Company: Novell, Inc.
-  InternalName: ''
-  OriginalFilename: libnicm.sys
-  FileVersion: 3.1.6.0
-  Product: Novell XTier
-  ProductVersion: 3.1.6
-  Copyright: (C) Copyright 2000-2008, Novell, Inc. All Rights Reserved.
-  MachineType: I386
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions:
-  - NicmCreateInstance
-  - NicmDeregisterClassFactory
-  - NicmGetVersion
-  - NicmRegisterClassFactory
-  - XTComCreateInstance
-  - XTComDeregisterClassFactory
-  - XTComFreeUnusedLibrariesEx
-  - XTComGetClassObject
-  - XTComGetVersion
-  - XTComInitialize
-  - XTComRegisterClassFactory
-  ImportedFunctions:
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - RtlEqualString
-  - RtlInitAnsiString
-  - strstr
-  - ExReleaseResourceLite
-  - ExAcquireResourceExclusiveLite
-  - ExAcquireResourceSharedLite
-  - ExInitializeResourceLite
-  - ExDeleteResourceLite
-  - ZwClose
-  - NtSetSecurityObject
-  - ZwCreateFile
-  - RtlCreateSecurityDescriptor
-  - IoSetTopLevelIrp
-  - IoGetTopLevelIrp
-  - IofCompleteRequest
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - KeReleaseMutex
-  - KeWaitForSingleObject
-  - KeLeaveCriticalRegion
-  - IoFreeMdl
-  - MmUnlockPages
-  - MmUnmapLockedPages
-  - MmMapLockedPagesSpecifyCache
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - ProbeForWrite
-  - ProbeForRead
-  - KeEnterCriticalRegion
-  - IoUnregisterShutdownNotification
-  - IoCreateSymbolicLink
-  - IoRegisterShutdownNotification
-  - IoCreateDevice
-  - KeInitializeMutex
-  - DbgPrintEx
-  - IoGetCurrentProcess
-  - KeDelayExecutionThread
-  - RtlAnsiStringToUnicodeString
-  - RtlFreeUnicodeString
-  - ZwSetValueKey
-  - RtlInitUnicodeString
-  - ZwCreateKey
-  - RtlAppendUnicodeStringToString
-  - memset
-  - ZwQuerySystemInformation
-  - RtlUnicodeStringToAnsiString
-  - ZwQueryValueKey
-  - ZwOpenKey
-  - ZwOpenFile
-  - RtlCopyString
-  - MmIsAddressValid
-  - ZwWaitForSingleObject
-  - ZwReadFile
-  - ZwQueryInformationFile
-  - RtlInitString
-  - ZwQueryDirectoryFile
-  - ZwLoadDriver
-  - RtlAppendUnicodeToString
-  - KeTickCount
-  - KeBugCheckEx
-  - RtlUnwind
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, OU=Novell Products Group, CN=Novell, Inc.
-      ValidFrom: '2007-04-04 00:00:00'
-      ValidTo: '2010-04-27 23:59:59'
-      Signature: 267f71f6ee43755fd6395f85c34bb15a72a6f2a959c2074627d294395fb1aaa4c7bbeff369d735628b233bde7e5c95a0f1837e5ad03704270834ce9c1b07649a256027930f44e064568666b06e7f9dc3cd299b38b0a6766301200ab58434a05a34a369ab99bbbf2aaa6b3603481e0393a80ea09e78a7cf55317a9590c49887f02e1fd948c3b1f6d203e91782ce423d0569f45e7f074205df5f92be6ccd9836641439af4390022242e0ca84aedb0d71c5a50f2dbd1ed30e5ac9c1bda67c694f94f2fe4aa83945ed32e426afe26f44dcb6dcc8186728f86f1a1bddc1ea7dd82b76578a42d1e63bf5f8f348fbcd509094858978e375d277394529df1dd5d78abab2
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 4808d93b14b8600dbfa18dab5d15310f
-      Version: 3
-      TBS:
-        MD5: adddb65a3a360b3c1a55cb33e426f32a
-        SHA1: 93d9b282265288a94ee4f1a01c5fb3a08badb7ac
-        SHA256: d98d63f26125a94eb767fdd2526f6c74bfb40cb4d117a1d87ca3ed0d99bd6f0b
-        SHA384: cf20d9d6343b52b05ebaeace8a75ad950089e2d55508571cf5b153583fdf2d7b11bc61b8f38bfa70f09b2e7ac63d9ef5
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 4808d93b14b8600dbfa18dab5d15310f
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 1057b10c078b885e3f08290c07a28c50
-    SHA1: 0ffa7dfa0ba19fb7b801bc37ee18c31964d8f68c
-    SHA256: 159cb8b8bd40916edc60562397b13c91c0f1dadc1c5d63eebadbe165c0cc327b
-  Sections:
-    .text:
-      Entropy: 6.40205063988472
-      Virtual Size: '0x2eb2'
-    .rdata:
-      Entropy: 5.327211687609018
-      Virtual Size: '0x328'
-    .data:
-      Entropy: 2.732784594862837
-      Virtual Size: '0x574'
-    .edata:
-      Entropy: 4.79344220843885
-      Virtual Size: '0x18e'
-    INIT:
-      Entropy: 5.758686784808341
-      Virtual Size: '0x8b8'
-    .rsrc:
-      Entropy: 3.294301150507165
-      Virtual Size: '0x358'
-    .reloc:
-      Entropy: 5.760669973768758
-      Virtual Size: '0x3d2'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2009-03-27 11:49:09'
-  Imphash: 28d780857f0f6616f938aca3a38b5072
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: libnicm.sys
-  MD5: 6ae9d25e02b54367a4e93c2492b8b02e
-  SHA1: cfdf9c9125755f4e81fa7cc5410d7740fdfea4ed
-  SHA256: da11e9598eef033722b97873d1c046270dd039d0e3ee6cd37911e2dc2eb2608d
-  Authentihash:
-    MD5: e960feebe973feb9fa4ceae648439f05
-    SHA1: 85dd2e3e9e97e981542336ab7051035d5e611380
-    SHA256: 14ec631a3cff171b86e2b0279c8db436cb88ec705c517bd82a964e2c59def92f
-  Description: Novell XTCOM Services Driver
-  Company: Novell, Inc.
-  InternalName: ''
-  OriginalFilename: libnicm.sys
-  FileVersion: 3.1.11.0
-  Product: Novell XTier
-  ProductVersion: 3.1.11
-  Copyright: (C) Copyright 2000-2013, Novell, Inc. All Rights Reserved.
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions:
-  - NicmCreateInstance
-  - NicmDeregisterClassFactory
-  - NicmGetVersion
-  - NicmRegisterClassFactory
-  - XTComCreateInstance
-  - XTComDeregisterClassFactory
-  - XTComFreeUnusedLibrariesEx
-  - XTComGetClassObject
-  - XTComGetVersion
-  - XTComInitialize
-  - XTComRegisterClassFactory
-  ImportedFunctions:
-  - ExAcquireResourceExclusiveLite
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - strstr
-  - RtlInitAnsiString
-  - ExAcquireResourceSharedLite
-  - ExReleaseResourceLite
-  - RtlEqualString
-  - MmUnmapLockedPages
-  - ProbeForRead
-  - IoDeleteSymbolicLink
-  - IoRegisterShutdownNotification
-  - KeInitializeMutex
-  - KeLeaveCriticalRegion
-  - IoDeleteDevice
-  - ProbeForWrite
-  - IoFreeMdl
-  - KeEnterCriticalRegion
-  - KeReleaseMutex
-  - ZwCreateFile
-  - MmMapLockedPagesSpecifyCache
-  - IoUnregisterShutdownNotification
-  - ZwClose
-  - IofCompleteRequest
-  - IoSetTopLevelIrp
-  - KeWaitForSingleObject
-  - MmProbeAndLockPages
-  - MmUnlockPages
-  - ExDeleteResourceLite
-  - IoGetTopLevelIrp
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - ExInitializeResourceLite
-  - NtSetSecurityObject
-  - DbgPrintEx
-  - IoAllocateMdl
-  - RtlCreateSecurityDescriptor
-  - IoGetCurrentProcess
-  - ZwCreateKey
-  - RtlAnsiStringToUnicodeString
-  - ZwReadFile
-  - RtlInitUnicodeString
-  - RtlAppendUnicodeToString
-  - RtlUnicodeStringToAnsiString
-  - ZwSetValueKey
-  - ZwQuerySystemInformation
-  - RtlInitString
-  - KeDelayExecutionThread
-  - RtlFreeUnicodeString
-  - ZwWaitForSingleObject
-  - ZwQueryValueKey
-  - ZwQueryDirectoryFile
-  - RtlAppendUnicodeStringToString
-  - RtlCopyString
-  - MmIsAddressValid
-  - ZwOpenFile
-  - ZwQueryInformationFile
-  - ZwLoadDriver
-  - ZwOpenKey
-  - KeBugCheckEx
-  - __C_specific_handler
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Corporation
-      ValidFrom: '2021-09-02 18:32:59'
-      ValidTo: '2022-09-01 18:32:59'
-      Signature: 164937b92c644c4061d4db4097b062bc812c0167605f5a99f847593186d029ab18e888522d744cc45d41dce29d47d2bf91c72992f35c1a5f03ed8c984b89a109430147e54bae0ddff0f523dfc03d5796a2636fc9a24ed66453809a33d134d1a7c9e83b974953893845a84fb668eb3afa179e82a01d7a51a03492911cb591ba118ab8b230e65920c7d2b2f90bd9ae7fc3762f2e4c88162a9f8c186f3163a3c1bef8e0b7d8d04a19673eb677518f01bf0cbaaf29e15c1695d15d134cbd20131ede87f2b5a3c3226abbbab3fec5caa38b7944b8bd31e1f538012f90edc4262ead76d2055b4bd458f8e3e39dffa7260bd9a6bebb62c86ef4f58dd177761d263d9fdc626aed8eca756ab441885ab4a8417a0e1fc63860d32badda0e9a3359b18cd3eb138f33e87582346bbd80c2b966e765751c386b8e59d3a02892da1fd02a8ec9312bbead188e81385e96b4fbced3fcf5545cda9fed8faa494efef4bb4b42e318478c377123e3b8dbacbcb7fd8019dc87946a33b91a0ed6160e02f2078d847ecc5e32ac0a5b003e4d58b41eb591a9f4b1da895b139ea125c1243233922b3dec46eba91425f752ba3261fe762feda2553add6bc5d67ac3c6eb63279f74fc02e2dfcde245b806df392111c7b20564ef7650fa17135b848cbe6c925d724d907732e6e0380e05f0aa11361be21401124fe9c6f1cf2e22c6d979bd3c49e61032a8d51269
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 33000002528b33aaf895f339db000000000252
-      Version: 3
-      TBS:
-        MD5: 92b6022918bc02eb361b8a02fb1da57d
-        SHA1: 8ceb945fac0f6d623d464e21740ae6eb60351652
-        SHA256: c1446860a1cd9db490d3ea85e9df05df44af8d44e2bb803a2a2018f3b6c41bcb
-        SHA384: 322ed1a62a9f2ed7c7f601e99a8db15371e3ba1039a73c81801165ea987679023bc36f8c357f74354dce65532b71be3c
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Code Signing PCA 2011
-      ValidFrom: '2011-07-08 20:59:09'
-      ValidTo: '2026-07-08 21:09:09'
-      Signature: 67f286a598e054791a2ed3d87467229b0b9611e163929942967dd2790c90c1655f2e2c3ef8c372d16d83febe3fe80aca3bbf47a9a3f369db63bf2235a5975d6584907d8b465055d80c927cd21a4b1cf33c428b52d0b0fd6be33e072e299be63d1ba5d4b51d779439e2e964c9443d787a23f3137da69074838df4cb2602462ac28a10bba4a9050c9bed68fa682e95a02a3f2a6b5849631f09696e5a9896e483f4c08ff3462bdefc3bd0bd35ef6e25aee5af27edd0ddf30eaf992897984d0e3d0bf20889d61fc33218e2f0c52dce5b9eb449390ac60ac2c6adaee5b2d9db1588514558383271271a7fb1f427f8de2c3a206998b25989686e6fa7b774c3400506a6012a283e823f134d660bc0b34df5e18f7f1c6f157d45a776e5402a65a3c35d526286c31d63369786dfdaf3f8f216a19a27e1cda597d0ee5d6341e35b079c873e067706d106b1751f14be6161b5f0dcc61b04bedf41c70e28eede652fec97f6a15c96d800d6a146bd59f397a5094b481099801fd00029c5b19ba53f45771e35c6d2a2a29f7a7a22fa48951fabfb472380f59ef8bf6bb74b97e2eb75781aecea379979184bffd6b3236875e6affafc8beb0b80ea693baffc30ed044c8edfdf756d63913dd19d564e4fbf805722a1781132217aef410ab13ffba8cca45dc1a1889b5771564e4845c042c99b765b0a80486bfd799fc1bd6d6d6ac95273130d7a50cd
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 610e90d2000000000003
-      Version: 3
-      TBS:
-        MD5: b4ec95434f1d45b8055077cf90540a5f
-        SHA1: 71f74db41d045d6eaf81a849bbb3e21544edcff4
-        SHA256: f6f717a43ad9abddc8cefdde1c505462535e7d1307e630f9544a2d14fe8bf26e
-        SHA384: 25cbac323e740588a1ea3ca39ea907647440884ad75fc4bd99be6c82202aba42e95049fa7b66884977e60b819b21a2a5
-    Signer:
-    - SerialNumber: 33000002528b33aaf895f339db000000000252
-      Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Code Signing PCA 2011
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 4a53ed67faf49ecb288c974cd66ea496
-    SHA1: f83f49f155f801d8ce781070309c4ce878f8f87f
-    SHA256: 93963bed2c58da923a8df184e6443740eba6ecb6949996b6568f42fe525bf906
-  Sections:
-    .text:
-      Entropy: 6.307312732264105
-      Virtual Size: '0x3980'
-    .rdata:
-      Entropy: 4.780683221400144
-      Virtual Size: '0x56c'
-    .data:
-      Entropy: 2.7659755587497967
-      Virtual Size: '0x968'
-    .pdata:
-      Entropy: 4.129962233416926
-      Virtual Size: '0x228'
-    .edata:
-      Entropy: 4.8209283897016855
-      Virtual Size: '0x18e'
-    INIT:
-      Entropy: 5.8834626044862475
-      Virtual Size: '0xb38'
-    .rsrc:
-      Entropy: 6.471949403238668
-      Virtual Size: '0x14a2c'
-    .reloc:
-      Entropy: 3.5739348962840563
-      Virtual Size: '0x18'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2013-01-15 23:19:18'
-  Imphash: 262d8fbbf1f514399bb3f230cddc12af
-  LoadsDespiteHVCI: 'TRUE'
-- Filename: libnicm.sys
-  MD5: 34a7fab63a4ed5a0b61eb204828e08e5
-  SHA1: 469c04cb7841eedd43227facaf60a6d55cf21fd7
-  SHA256: e16dc51c51b2df88c474feb52ce884d152b3511094306a289623de69dedfdf48
-  Authentihash:
-    MD5: e960feebe973feb9fa4ceae648439f05
-    SHA1: 85dd2e3e9e97e981542336ab7051035d5e611380
-    SHA256: 14ec631a3cff171b86e2b0279c8db436cb88ec705c517bd82a964e2c59def92f
-  Description: Novell XTCOM Services Driver
-  Company: Novell, Inc.
-  InternalName: ''
-  OriginalFilename: libnicm.sys
-  FileVersion: 3.1.11.0
-  Product: Novell XTier
-  ProductVersion: 3.1.11
-  Copyright: (C) Copyright 2000-2013, Novell, Inc. All Rights Reserved.
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions:
-  - NicmCreateInstance
-  - NicmDeregisterClassFactory
-  - NicmGetVersion
-  - NicmRegisterClassFactory
-  - XTComCreateInstance
-  - XTComDeregisterClassFactory
-  - XTComFreeUnusedLibrariesEx
-  - XTComGetClassObject
-  - XTComGetVersion
-  - XTComInitialize
-  - XTComRegisterClassFactory
-  ImportedFunctions:
-  - ExAcquireResourceExclusiveLite
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - strstr
-  - RtlInitAnsiString
-  - ExAcquireResourceSharedLite
-  - ExReleaseResourceLite
-  - RtlEqualString
-  - MmUnmapLockedPages
-  - ProbeForRead
-  - IoDeleteSymbolicLink
-  - IoRegisterShutdownNotification
-  - KeInitializeMutex
-  - KeLeaveCriticalRegion
-  - IoDeleteDevice
-  - ProbeForWrite
-  - IoFreeMdl
-  - KeEnterCriticalRegion
-  - KeReleaseMutex
-  - ZwCreateFile
-  - MmMapLockedPagesSpecifyCache
-  - IoUnregisterShutdownNotification
-  - ZwClose
-  - IofCompleteRequest
-  - IoSetTopLevelIrp
-  - KeWaitForSingleObject
-  - MmProbeAndLockPages
-  - MmUnlockPages
-  - ExDeleteResourceLite
-  - IoGetTopLevelIrp
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - ExInitializeResourceLite
-  - NtSetSecurityObject
-  - DbgPrintEx
-  - IoAllocateMdl
-  - RtlCreateSecurityDescriptor
-  - IoGetCurrentProcess
-  - ZwCreateKey
-  - RtlAnsiStringToUnicodeString
-  - ZwReadFile
-  - RtlInitUnicodeString
-  - RtlAppendUnicodeToString
-  - RtlUnicodeStringToAnsiString
-  - ZwSetValueKey
-  - ZwQuerySystemInformation
-  - RtlInitString
-  - KeDelayExecutionThread
-  - RtlFreeUnicodeString
-  - ZwWaitForSingleObject
-  - ZwQueryValueKey
-  - ZwQueryDirectoryFile
-  - RtlAppendUnicodeStringToString
-  - RtlCopyString
-  - MmIsAddressValid
-  - ZwOpenFile
-  - ZwQueryInformationFile
-  - ZwLoadDriver
-  - ZwOpenKey
-  - KeBugCheckEx
-  - __C_specific_handler
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Publisher
-      ValidFrom: '2022-01-27 19:31:19'
-      ValidTo: '2023-01-26 19:31:19'
-      Signature: 941777115fcaf24c60c4a8c891758c491887aa5e9f0902a704191e75dd6f99be3d14a24aa35b1f2a1c1c42dde08da3fa75a73edbf7b5ae0fe94b3716e43b838ff30149e19c51b8b87cc53377ae08bfc0f54c7fafa398db43e839de108493510bc34d0fe998a44fcd0a11b0dc0c7315421dac79ab09ca47f847f9fa88e15d57a564f7b074664409c0ce01c697b2dcfd31676fc908fbc6bb928f82170f0b5a54f52f4327797278b78188b87e37b192b493d00eaf661e30f12b9e67fbd1df9cc5843e6a1c68b45d4f62423450cdc990fab2367d7f57719cb8272f59d4f300284a36d88adfc976cb08c6b0da33d5e988be0e1a3cef2a9669b5227a5b8d027f804908
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 330000036ce57eeb5d1cc2be1700000000036c
-      Version: 3
-      TBS:
-        MD5: 7ece739fdaa27d96b67f587db04186a7
-        SHA1: b8701efa0ab12b8fea2293c9cff8772ecca084d0
-        SHA256: c1392bdcbb0b50215fca8c78f25c2d857e515dce06c87ce86527c88c91d5d7e4
-        SHA384: 8d292e8db16824f3ac9d668816c4cf521a9eb251069694c92932683afcaa4e53d5fa3a1f58356749e655299ed83fe191
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Production PCA 2011
-      ValidFrom: '2011-10-19 18:41:42'
-      ValidTo: '2026-10-19 18:51:42'
-      Signature: 14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: '61077656000000000008'
-      Version: 3
-      TBS:
-        MD5: 30a3f0b64324ed7f465e7fc618cb69e7
-        SHA1: 002de3561519b662c5e3f5faba1b92c403fb7c41
-        SHA256: 4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146
-        SHA384: 4f9a02c3eac5e83c38074d54c0bf270e03a1d668e0001c9812c509eb08a19075ee778a7630e65598e4608fc66e2d1c66
-    Signer:
-    - SerialNumber: 330000036ce57eeb5d1cc2be1700000000036c
-      Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Production PCA 2011
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 4a53ed67faf49ecb288c974cd66ea496
-    SHA1: f83f49f155f801d8ce781070309c4ce878f8f87f
-    SHA256: 93963bed2c58da923a8df184e6443740eba6ecb6949996b6568f42fe525bf906
-  Sections:
-    .text:
-      Entropy: 6.307312732264105
-      Virtual Size: '0x3980'
-    .rdata:
-      Entropy: 4.780683221400144
-      Virtual Size: '0x56c'
-    .data:
-      Entropy: 2.7659755587497967
-      Virtual Size: '0x968'
-    .pdata:
-      Entropy: 4.129962233416926
-      Virtual Size: '0x228'
-    .edata:
-      Entropy: 4.8209283897016855
-      Virtual Size: '0x18e'
-    INIT:
-      Entropy: 5.8834626044862475
-      Virtual Size: '0xb38'
-    .rsrc:
-      Entropy: 6.471949403238668
-      Virtual Size: '0x14a2c'
-    .reloc:
-      Entropy: 3.5739348962840563
-      Virtual Size: '0x18'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2013-01-15 23:19:18'
-  Imphash: 262d8fbbf1f514399bb3f230cddc12af
-  LoadsDespiteHVCI: 'TRUE'
-Tags:
-- libnicm.sys
+-   Filename: libnicm.sys
+    MD5: 7a6a6d6921cd1a4e1d61f9672a4560d6
+    SHA1: cb5229acdf87493e45d54886e6371fc59fc09ee5
+    SHA256: ab0925398f3fa69a67eacee2bbb7b34ac395bb309df7fc7a9a9b8103ef41ed7a
+    Authentihash:
+        MD5: 8804d6be09e294ab07e2691ca91e67a5
+        SHA1: ffe0a81f1e2aee5cb4c5720da8d3ab2cdec52dc1
+        SHA256: 6aa427e7230a2b077bfecade35ffff67b2f15c051cf92fd207a3412c747f83c3
+    Description: Novell XTCOM Services Driver
+    Company: Novell, Inc.
+    InternalName: ''
+    OriginalFilename: libnicm.sys
+    FileVersion: 3.1.11.0
+    Product: Novell XTier
+    ProductVersion: 3.1.11
+    Copyright: (C) Copyright 2000-2013, Novell, Inc. All Rights Reserved.
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions:
+    - NicmCreateInstance
+    - NicmDeregisterClassFactory
+    - NicmGetVersion
+    - NicmRegisterClassFactory
+    - XTComCreateInstance
+    - XTComDeregisterClassFactory
+    - XTComFreeUnusedLibrariesEx
+    - XTComGetClassObject
+    - XTComGetVersion
+    - XTComInitialize
+    - XTComRegisterClassFactory
+    ImportedFunctions:
+    - ExAcquireResourceExclusiveLite
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - strstr
+    - RtlInitAnsiString
+    - ExAcquireResourceSharedLite
+    - ExReleaseResourceLite
+    - RtlEqualString
+    - MmUnmapLockedPages
+    - ProbeForRead
+    - IoDeleteSymbolicLink
+    - IoRegisterShutdownNotification
+    - KeInitializeMutex
+    - KeLeaveCriticalRegion
+    - IoDeleteDevice
+    - ProbeForWrite
+    - IoFreeMdl
+    - KeEnterCriticalRegion
+    - KeReleaseMutex
+    - ZwCreateFile
+    - MmMapLockedPagesSpecifyCache
+    - IoUnregisterShutdownNotification
+    - ZwClose
+    - IofCompleteRequest
+    - IoSetTopLevelIrp
+    - KeWaitForSingleObject
+    - MmProbeAndLockPages
+    - MmUnlockPages
+    - ExDeleteResourceLite
+    - IoGetTopLevelIrp
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - ExInitializeResourceLite
+    - NtSetSecurityObject
+    - DbgPrintEx
+    - IoAllocateMdl
+    - RtlCreateSecurityDescriptor
+    - IoGetCurrentProcess
+    - ZwCreateKey
+    - RtlAnsiStringToUnicodeString
+    - ZwReadFile
+    - RtlInitUnicodeString
+    - RtlAppendUnicodeToString
+    - RtlUnicodeStringToAnsiString
+    - ZwSetValueKey
+    - ZwQuerySystemInformation
+    - RtlInitString
+    - KeDelayExecutionThread
+    - RtlFreeUnicodeString
+    - ZwWaitForSingleObject
+    - ZwQueryValueKey
+    - ZwQueryDirectoryFile
+    - RtlAppendUnicodeStringToString
+    - RtlCopyString
+    - MmIsAddressValid
+    - ZwOpenFile
+    - ZwQueryInformationFile
+    - ZwLoadDriver
+    - ZwOpenKey
+    - KeBugCheckEx
+    - __C_specific_handler
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Corporation
+            ValidFrom: '2021-09-02 18:32:59'
+            ValidTo: '2022-09-01 18:32:59'
+            Signature: 164937b92c644c4061d4db4097b062bc812c0167605f5a99f847593186d029ab18e888522d744cc45d41dce29d47d2bf91c72992f35c1a5f03ed8c984b89a109430147e54bae0ddff0f523dfc03d5796a2636fc9a24ed66453809a33d134d1a7c9e83b974953893845a84fb668eb3afa179e82a01d7a51a03492911cb591ba118ab8b230e65920c7d2b2f90bd9ae7fc3762f2e4c88162a9f8c186f3163a3c1bef8e0b7d8d04a19673eb677518f01bf0cbaaf29e15c1695d15d134cbd20131ede87f2b5a3c3226abbbab3fec5caa38b7944b8bd31e1f538012f90edc4262ead76d2055b4bd458f8e3e39dffa7260bd9a6bebb62c86ef4f58dd177761d263d9fdc626aed8eca756ab441885ab4a8417a0e1fc63860d32badda0e9a3359b18cd3eb138f33e87582346bbd80c2b966e765751c386b8e59d3a02892da1fd02a8ec9312bbead188e81385e96b4fbced3fcf5545cda9fed8faa494efef4bb4b42e318478c377123e3b8dbacbcb7fd8019dc87946a33b91a0ed6160e02f2078d847ecc5e32ac0a5b003e4d58b41eb591a9f4b1da895b139ea125c1243233922b3dec46eba91425f752ba3261fe762feda2553add6bc5d67ac3c6eb63279f74fc02e2dfcde245b806df392111c7b20564ef7650fa17135b848cbe6c925d724d907732e6e0380e05f0aa11361be21401124fe9c6f1cf2e22c6d979bd3c49e61032a8d51269
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 33000002528b33aaf895f339db000000000252
+            Version: 3
+            TBS:
+                MD5: 92b6022918bc02eb361b8a02fb1da57d
+                SHA1: 8ceb945fac0f6d623d464e21740ae6eb60351652
+                SHA256: c1446860a1cd9db490d3ea85e9df05df44af8d44e2bb803a2a2018f3b6c41bcb
+                SHA384: 322ed1a62a9f2ed7c7f601e99a8db15371e3ba1039a73c81801165ea987679023bc36f8c357f74354dce65532b71be3c
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Code Signing PCA 2011
+            ValidFrom: '2011-07-08 20:59:09'
+            ValidTo: '2026-07-08 21:09:09'
+            Signature: 67f286a598e054791a2ed3d87467229b0b9611e163929942967dd2790c90c1655f2e2c3ef8c372d16d83febe3fe80aca3bbf47a9a3f369db63bf2235a5975d6584907d8b465055d80c927cd21a4b1cf33c428b52d0b0fd6be33e072e299be63d1ba5d4b51d779439e2e964c9443d787a23f3137da69074838df4cb2602462ac28a10bba4a9050c9bed68fa682e95a02a3f2a6b5849631f09696e5a9896e483f4c08ff3462bdefc3bd0bd35ef6e25aee5af27edd0ddf30eaf992897984d0e3d0bf20889d61fc33218e2f0c52dce5b9eb449390ac60ac2c6adaee5b2d9db1588514558383271271a7fb1f427f8de2c3a206998b25989686e6fa7b774c3400506a6012a283e823f134d660bc0b34df5e18f7f1c6f157d45a776e5402a65a3c35d526286c31d63369786dfdaf3f8f216a19a27e1cda597d0ee5d6341e35b079c873e067706d106b1751f14be6161b5f0dcc61b04bedf41c70e28eede652fec97f6a15c96d800d6a146bd59f397a5094b481099801fd00029c5b19ba53f45771e35c6d2a2a29f7a7a22fa48951fabfb472380f59ef8bf6bb74b97e2eb75781aecea379979184bffd6b3236875e6affafc8beb0b80ea693baffc30ed044c8edfdf756d63913dd19d564e4fbf805722a1781132217aef410ab13ffba8cca45dc1a1889b5771564e4845c042c99b765b0a80486bfd799fc1bd6d6d6ac95273130d7a50cd
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 610e90d2000000000003
+            Version: 3
+            TBS:
+                MD5: b4ec95434f1d45b8055077cf90540a5f
+                SHA1: 71f74db41d045d6eaf81a849bbb3e21544edcff4
+                SHA256: f6f717a43ad9abddc8cefdde1c505462535e7d1307e630f9544a2d14fe8bf26e
+                SHA384: 25cbac323e740588a1ea3ca39ea907647440884ad75fc4bd99be6c82202aba42e95049fa7b66884977e60b819b21a2a5
+        Signer:
+        -   SerialNumber: 33000002528b33aaf895f339db000000000252
+            Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Code Signing PCA 2011
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 4a53ed67faf49ecb288c974cd66ea496
+        SHA1: f83f49f155f801d8ce781070309c4ce878f8f87f
+        SHA256: 93963bed2c58da923a8df184e6443740eba6ecb6949996b6568f42fe525bf906
+    Sections:
+        .text:
+            Entropy: 6.307312732264105
+            Virtual Size: '0x3980'
+        .rdata:
+            Entropy: 4.780683221400144
+            Virtual Size: '0x56c'
+        .data:
+            Entropy: 2.7659755587497967
+            Virtual Size: '0x968'
+        .pdata:
+            Entropy: 4.129962233416926
+            Virtual Size: '0x228'
+        .edata:
+            Entropy: 4.8209283897016855
+            Virtual Size: '0x18e'
+        INIT:
+            Entropy: 5.7784312613823845
+            Virtual Size: '0xb38'
+        .rsrc:
+            Entropy: 3.2963910982792863
+            Virtual Size: '0x360'
+        .reloc:
+            Entropy: 1.3741854163060885
+            Virtual Size: '0x18'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2013-01-15 23:19:18'
+    Imphash: 262d8fbbf1f514399bb3f230cddc12af
+    LoadsDespiteHVCI: 'TRUE'
+-   Filename: libnicm.sys
+    MD5: cfad9185ffcf5850b5810c28b24d5fc8
+    SHA1: 87f313fc30ec8759b391e9d6c08f79b02f3ecebd
+    SHA256: b37b3c6877b70289c0f43aeb71349f7344b06063996e6347c3c18d8c5de77f3b
+    Authentihash:
+        MD5: e30ca4b88f80e5441aee1a7102dccf9a
+        SHA1: 5e68ae28b2e80d0045c01affba7c76f649241fb6
+        SHA256: c5647d315fb5ca1dcf4b063ea3f54003e2545739871519b8f2c98dc5baf66bac
+    Description: Novell XTCOM Services Driver
+    Company: Novell, Inc.
+    InternalName: ''
+    OriginalFilename: libnicm.sys
+    FileVersion: 3.1.6.0
+    Product: Novell XTier
+    ProductVersion: 3.1.6
+    Copyright: (C) Copyright 2000-2008, Novell, Inc. All Rights Reserved.
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions:
+    - NicmCreateInstance
+    - NicmDeregisterClassFactory
+    - NicmGetVersion
+    - NicmRegisterClassFactory
+    - XTComCreateInstance
+    - XTComDeregisterClassFactory
+    - XTComFreeUnusedLibrariesEx
+    - XTComGetClassObject
+    - XTComGetVersion
+    - XTComInitialize
+    - XTComRegisterClassFactory
+    ImportedFunctions:
+    - ExFreePoolWithTag
+    - RtlInitAnsiString
+    - ExAcquireResourceSharedLite
+    - ExReleaseResourceLite
+    - RtlEqualString
+    - ExAcquireResourceExclusiveLite
+    - ExAllocatePoolWithTag
+    - strstr
+    - IoFreeMdl
+    - RtlCreateSecurityDescriptor
+    - KeEnterCriticalRegion
+    - KeReleaseMutex
+    - ZwCreateFile
+    - MmMapLockedPagesSpecifyCache
+    - IoUnregisterShutdownNotification
+    - ZwClose
+    - IofCompleteRequest
+    - IoSetTopLevelIrp
+    - MmUnmapLockedPages
+    - KeWaitForSingleObject
+    - ProbeForRead
+    - MmProbeAndLockPages
+    - IoDeleteSymbolicLink
+    - IoRegisterShutdownNotification
+    - MmUnlockPages
+    - KeInitializeMutex
+    - ExDeleteResourceLite
+    - KeLeaveCriticalRegion
+    - IoGetTopLevelIrp
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoCreateDevice
+    - ProbeForWrite
+    - ExInitializeResourceLite
+    - NtSetSecurityObject
+    - DbgPrintEx
+    - IoAllocateMdl
+    - IoGetCurrentProcess
+    - ZwLoadDriver
+    - ZwReadFile
+    - RtlInitUnicodeString
+    - ZwOpenKey
+    - RtlAppendUnicodeToString
+    - RtlUnicodeStringToAnsiString
+    - ZwSetValueKey
+    - ZwQuerySystemInformation
+    - RtlInitString
+    - KeDelayExecutionThread
+    - RtlFreeUnicodeString
+    - ZwWaitForSingleObject
+    - ZwQueryValueKey
+    - ZwQueryDirectoryFile
+    - RtlAppendUnicodeStringToString
+    - RtlCopyString
+    - MmIsAddressValid
+    - ZwCreateKey
+    - ZwOpenFile
+    - RtlAnsiStringToUnicodeString
+    - ZwQueryInformationFile
+    - KeBugCheckEx
+    - __C_specific_handler
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3
+                , Microsoft Software Validation v2, OU=Novell Products Group, CN=Novell,
+                Inc.
+            ValidFrom: '2007-04-04 00:00:00'
+            ValidTo: '2010-04-27 23:59:59'
+            Signature: 267f71f6ee43755fd6395f85c34bb15a72a6f2a959c2074627d294395fb1aaa4c7bbeff369d735628b233bde7e5c95a0f1837e5ad03704270834ce9c1b07649a256027930f44e064568666b06e7f9dc3cd299b38b0a6766301200ab58434a05a34a369ab99bbbf2aaa6b3603481e0393a80ea09e78a7cf55317a9590c49887f02e1fd948c3b1f6d203e91782ce423d0569f45e7f074205df5f92be6ccd9836641439af4390022242e0ca84aedb0d71c5a50f2dbd1ed30e5ac9c1bda67c694f94f2fe4aa83945ed32e426afe26f44dcb6dcc8186728f86f1a1bddc1ea7dd82b76578a42d1e63bf5f8f348fbcd509094858978e375d277394529df1dd5d78abab2
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 4808d93b14b8600dbfa18dab5d15310f
+            Version: 3
+            TBS:
+                MD5: adddb65a3a360b3c1a55cb33e426f32a
+                SHA1: 93d9b282265288a94ee4f1a01c5fb3a08badb7ac
+                SHA256: d98d63f26125a94eb767fdd2526f6c74bfb40cb4d117a1d87ca3ed0d99bd6f0b
+                SHA384: cf20d9d6343b52b05ebaeace8a75ad950089e2d55508571cf5b153583fdf2d7b11bc61b8f38bfa70f09b2e7ac63d9ef5
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 4808d93b14b8600dbfa18dab5d15310f
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: c93ac24ebf03669439ddaedcdec40816
+        SHA1: 5fa20de9a3815959d4a524edfd3e84d75d9057a9
+        SHA256: 143c2b92a334ff7919b92c2360f8a38b2ba578796bef13a77df8bbc2cefeee47
+    Sections:
+        .text:
+            Entropy: 6.3095364913748115
+            Virtual Size: '0x396c'
+        .rdata:
+            Entropy: 4.801718169229357
+            Virtual Size: '0x548'
+        .data:
+            Entropy: 2.7659755587497967
+            Virtual Size: '0x968'
+        .pdata:
+            Entropy: 4.135209047489949
+            Virtual Size: '0x1f8'
+        .edata:
+            Entropy: 4.823155614292039
+            Virtual Size: '0x18e'
+        INIT:
+            Entropy: 5.7600622039931295
+            Virtual Size: '0xb18'
+        .rsrc:
+            Entropy: 3.2975194770283838
+            Virtual Size: '0x358'
+        .reloc:
+            Entropy: 1.3741854163060885
+            Virtual Size: '0x18'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2009-03-27 11:53:33'
+    Imphash: 96f270be3f73ec3fc2f2237fe84efca0
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: libnicm.sys
+    MD5: 0809f48fd30845d983d569b847fa83cf
+    SHA1: c02cb8256dfb37f690f2698473fe5428d17bc178
+    SHA256: b50ffc60eaa4fb7429fdbb67c0aba0c7085f5129564d0a113fec231c5f8ff62e
+    Authentihash:
+        MD5: 1fd61feb0c5b905441426742e69ec997
+        SHA1: faab67dd8387e4ccb17e28f3637ccce4096bd10b
+        SHA256: fcdf0eaf9c8effa2786c82e774974f1ef4098dcd376461bad37fd4168dcab52b
+    Description: Novell XTCOM Services Driver
+    Company: Novell, Inc.
+    InternalName: ''
+    OriginalFilename: libnicm.sys
+    FileVersion: 3.1.6.0
+    Product: Novell XTier
+    ProductVersion: 3.1.6
+    Copyright: (C) Copyright 2000-2008, Novell, Inc. All Rights Reserved.
+    MachineType: I386
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions:
+    - NicmCreateInstance
+    - NicmDeregisterClassFactory
+    - NicmGetVersion
+    - NicmRegisterClassFactory
+    - XTComCreateInstance
+    - XTComDeregisterClassFactory
+    - XTComFreeUnusedLibrariesEx
+    - XTComGetClassObject
+    - XTComGetVersion
+    - XTComInitialize
+    - XTComRegisterClassFactory
+    ImportedFunctions:
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - RtlEqualString
+    - RtlInitAnsiString
+    - strstr
+    - ExReleaseResourceLite
+    - ExAcquireResourceExclusiveLite
+    - ExAcquireResourceSharedLite
+    - ExInitializeResourceLite
+    - ExDeleteResourceLite
+    - ZwClose
+    - NtSetSecurityObject
+    - ZwCreateFile
+    - RtlCreateSecurityDescriptor
+    - IoSetTopLevelIrp
+    - IoGetTopLevelIrp
+    - IofCompleteRequest
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - KeReleaseMutex
+    - KeWaitForSingleObject
+    - KeLeaveCriticalRegion
+    - IoFreeMdl
+    - MmUnlockPages
+    - MmUnmapLockedPages
+    - MmMapLockedPagesSpecifyCache
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - ProbeForWrite
+    - ProbeForRead
+    - KeEnterCriticalRegion
+    - IoUnregisterShutdownNotification
+    - IoCreateSymbolicLink
+    - IoRegisterShutdownNotification
+    - IoCreateDevice
+    - KeInitializeMutex
+    - DbgPrintEx
+    - IoGetCurrentProcess
+    - KeDelayExecutionThread
+    - RtlAnsiStringToUnicodeString
+    - RtlFreeUnicodeString
+    - ZwSetValueKey
+    - RtlInitUnicodeString
+    - ZwCreateKey
+    - RtlAppendUnicodeStringToString
+    - memset
+    - ZwQuerySystemInformation
+    - RtlUnicodeStringToAnsiString
+    - ZwQueryValueKey
+    - ZwOpenKey
+    - ZwOpenFile
+    - RtlCopyString
+    - MmIsAddressValid
+    - ZwWaitForSingleObject
+    - ZwReadFile
+    - ZwQueryInformationFile
+    - RtlInitString
+    - ZwQueryDirectoryFile
+    - ZwLoadDriver
+    - RtlAppendUnicodeToString
+    - KeTickCount
+    - KeBugCheckEx
+    - RtlUnwind
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3
+                , Microsoft Software Validation v2, OU=Novell Products Group, CN=Novell,
+                Inc.
+            ValidFrom: '2007-04-04 00:00:00'
+            ValidTo: '2010-04-27 23:59:59'
+            Signature: 267f71f6ee43755fd6395f85c34bb15a72a6f2a959c2074627d294395fb1aaa4c7bbeff369d735628b233bde7e5c95a0f1837e5ad03704270834ce9c1b07649a256027930f44e064568666b06e7f9dc3cd299b38b0a6766301200ab58434a05a34a369ab99bbbf2aaa6b3603481e0393a80ea09e78a7cf55317a9590c49887f02e1fd948c3b1f6d203e91782ce423d0569f45e7f074205df5f92be6ccd9836641439af4390022242e0ca84aedb0d71c5a50f2dbd1ed30e5ac9c1bda67c694f94f2fe4aa83945ed32e426afe26f44dcb6dcc8186728f86f1a1bddc1ea7dd82b76578a42d1e63bf5f8f348fbcd509094858978e375d277394529df1dd5d78abab2
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 4808d93b14b8600dbfa18dab5d15310f
+            Version: 3
+            TBS:
+                MD5: adddb65a3a360b3c1a55cb33e426f32a
+                SHA1: 93d9b282265288a94ee4f1a01c5fb3a08badb7ac
+                SHA256: d98d63f26125a94eb767fdd2526f6c74bfb40cb4d117a1d87ca3ed0d99bd6f0b
+                SHA384: cf20d9d6343b52b05ebaeace8a75ad950089e2d55508571cf5b153583fdf2d7b11bc61b8f38bfa70f09b2e7ac63d9ef5
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 4808d93b14b8600dbfa18dab5d15310f
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 1057b10c078b885e3f08290c07a28c50
+        SHA1: 0ffa7dfa0ba19fb7b801bc37ee18c31964d8f68c
+        SHA256: 159cb8b8bd40916edc60562397b13c91c0f1dadc1c5d63eebadbe165c0cc327b
+    Sections:
+        .text:
+            Entropy: 6.40205063988472
+            Virtual Size: '0x2eb2'
+        .rdata:
+            Entropy: 5.327211687609018
+            Virtual Size: '0x328'
+        .data:
+            Entropy: 2.732784594862837
+            Virtual Size: '0x574'
+        .edata:
+            Entropy: 4.79344220843885
+            Virtual Size: '0x18e'
+        INIT:
+            Entropy: 5.758686784808341
+            Virtual Size: '0x8b8'
+        .rsrc:
+            Entropy: 3.294301150507165
+            Virtual Size: '0x358'
+        .reloc:
+            Entropy: 5.760669973768758
+            Virtual Size: '0x3d2'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2009-03-27 11:49:09'
+    Imphash: 28d780857f0f6616f938aca3a38b5072
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: libnicm.sys
+    MD5: 6ae9d25e02b54367a4e93c2492b8b02e
+    SHA1: cfdf9c9125755f4e81fa7cc5410d7740fdfea4ed
+    SHA256: da11e9598eef033722b97873d1c046270dd039d0e3ee6cd37911e2dc2eb2608d
+    Authentihash:
+        MD5: e960feebe973feb9fa4ceae648439f05
+        SHA1: 85dd2e3e9e97e981542336ab7051035d5e611380
+        SHA256: 14ec631a3cff171b86e2b0279c8db436cb88ec705c517bd82a964e2c59def92f
+    Description: Novell XTCOM Services Driver
+    Company: Novell, Inc.
+    InternalName: ''
+    OriginalFilename: libnicm.sys
+    FileVersion: 3.1.11.0
+    Product: Novell XTier
+    ProductVersion: 3.1.11
+    Copyright: (C) Copyright 2000-2013, Novell, Inc. All Rights Reserved.
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions:
+    - NicmCreateInstance
+    - NicmDeregisterClassFactory
+    - NicmGetVersion
+    - NicmRegisterClassFactory
+    - XTComCreateInstance
+    - XTComDeregisterClassFactory
+    - XTComFreeUnusedLibrariesEx
+    - XTComGetClassObject
+    - XTComGetVersion
+    - XTComInitialize
+    - XTComRegisterClassFactory
+    ImportedFunctions:
+    - ExAcquireResourceExclusiveLite
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - strstr
+    - RtlInitAnsiString
+    - ExAcquireResourceSharedLite
+    - ExReleaseResourceLite
+    - RtlEqualString
+    - MmUnmapLockedPages
+    - ProbeForRead
+    - IoDeleteSymbolicLink
+    - IoRegisterShutdownNotification
+    - KeInitializeMutex
+    - KeLeaveCriticalRegion
+    - IoDeleteDevice
+    - ProbeForWrite
+    - IoFreeMdl
+    - KeEnterCriticalRegion
+    - KeReleaseMutex
+    - ZwCreateFile
+    - MmMapLockedPagesSpecifyCache
+    - IoUnregisterShutdownNotification
+    - ZwClose
+    - IofCompleteRequest
+    - IoSetTopLevelIrp
+    - KeWaitForSingleObject
+    - MmProbeAndLockPages
+    - MmUnlockPages
+    - ExDeleteResourceLite
+    - IoGetTopLevelIrp
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - ExInitializeResourceLite
+    - NtSetSecurityObject
+    - DbgPrintEx
+    - IoAllocateMdl
+    - RtlCreateSecurityDescriptor
+    - IoGetCurrentProcess
+    - ZwCreateKey
+    - RtlAnsiStringToUnicodeString
+    - ZwReadFile
+    - RtlInitUnicodeString
+    - RtlAppendUnicodeToString
+    - RtlUnicodeStringToAnsiString
+    - ZwSetValueKey
+    - ZwQuerySystemInformation
+    - RtlInitString
+    - KeDelayExecutionThread
+    - RtlFreeUnicodeString
+    - ZwWaitForSingleObject
+    - ZwQueryValueKey
+    - ZwQueryDirectoryFile
+    - RtlAppendUnicodeStringToString
+    - RtlCopyString
+    - MmIsAddressValid
+    - ZwOpenFile
+    - ZwQueryInformationFile
+    - ZwLoadDriver
+    - ZwOpenKey
+    - KeBugCheckEx
+    - __C_specific_handler
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Corporation
+            ValidFrom: '2021-09-02 18:32:59'
+            ValidTo: '2022-09-01 18:32:59'
+            Signature: 164937b92c644c4061d4db4097b062bc812c0167605f5a99f847593186d029ab18e888522d744cc45d41dce29d47d2bf91c72992f35c1a5f03ed8c984b89a109430147e54bae0ddff0f523dfc03d5796a2636fc9a24ed66453809a33d134d1a7c9e83b974953893845a84fb668eb3afa179e82a01d7a51a03492911cb591ba118ab8b230e65920c7d2b2f90bd9ae7fc3762f2e4c88162a9f8c186f3163a3c1bef8e0b7d8d04a19673eb677518f01bf0cbaaf29e15c1695d15d134cbd20131ede87f2b5a3c3226abbbab3fec5caa38b7944b8bd31e1f538012f90edc4262ead76d2055b4bd458f8e3e39dffa7260bd9a6bebb62c86ef4f58dd177761d263d9fdc626aed8eca756ab441885ab4a8417a0e1fc63860d32badda0e9a3359b18cd3eb138f33e87582346bbd80c2b966e765751c386b8e59d3a02892da1fd02a8ec9312bbead188e81385e96b4fbced3fcf5545cda9fed8faa494efef4bb4b42e318478c377123e3b8dbacbcb7fd8019dc87946a33b91a0ed6160e02f2078d847ecc5e32ac0a5b003e4d58b41eb591a9f4b1da895b139ea125c1243233922b3dec46eba91425f752ba3261fe762feda2553add6bc5d67ac3c6eb63279f74fc02e2dfcde245b806df392111c7b20564ef7650fa17135b848cbe6c925d724d907732e6e0380e05f0aa11361be21401124fe9c6f1cf2e22c6d979bd3c49e61032a8d51269
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 33000002528b33aaf895f339db000000000252
+            Version: 3
+            TBS:
+                MD5: 92b6022918bc02eb361b8a02fb1da57d
+                SHA1: 8ceb945fac0f6d623d464e21740ae6eb60351652
+                SHA256: c1446860a1cd9db490d3ea85e9df05df44af8d44e2bb803a2a2018f3b6c41bcb
+                SHA384: 322ed1a62a9f2ed7c7f601e99a8db15371e3ba1039a73c81801165ea987679023bc36f8c357f74354dce65532b71be3c
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Code Signing PCA 2011
+            ValidFrom: '2011-07-08 20:59:09'
+            ValidTo: '2026-07-08 21:09:09'
+            Signature: 67f286a598e054791a2ed3d87467229b0b9611e163929942967dd2790c90c1655f2e2c3ef8c372d16d83febe3fe80aca3bbf47a9a3f369db63bf2235a5975d6584907d8b465055d80c927cd21a4b1cf33c428b52d0b0fd6be33e072e299be63d1ba5d4b51d779439e2e964c9443d787a23f3137da69074838df4cb2602462ac28a10bba4a9050c9bed68fa682e95a02a3f2a6b5849631f09696e5a9896e483f4c08ff3462bdefc3bd0bd35ef6e25aee5af27edd0ddf30eaf992897984d0e3d0bf20889d61fc33218e2f0c52dce5b9eb449390ac60ac2c6adaee5b2d9db1588514558383271271a7fb1f427f8de2c3a206998b25989686e6fa7b774c3400506a6012a283e823f134d660bc0b34df5e18f7f1c6f157d45a776e5402a65a3c35d526286c31d63369786dfdaf3f8f216a19a27e1cda597d0ee5d6341e35b079c873e067706d106b1751f14be6161b5f0dcc61b04bedf41c70e28eede652fec97f6a15c96d800d6a146bd59f397a5094b481099801fd00029c5b19ba53f45771e35c6d2a2a29f7a7a22fa48951fabfb472380f59ef8bf6bb74b97e2eb75781aecea379979184bffd6b3236875e6affafc8beb0b80ea693baffc30ed044c8edfdf756d63913dd19d564e4fbf805722a1781132217aef410ab13ffba8cca45dc1a1889b5771564e4845c042c99b765b0a80486bfd799fc1bd6d6d6ac95273130d7a50cd
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 610e90d2000000000003
+            Version: 3
+            TBS:
+                MD5: b4ec95434f1d45b8055077cf90540a5f
+                SHA1: 71f74db41d045d6eaf81a849bbb3e21544edcff4
+                SHA256: f6f717a43ad9abddc8cefdde1c505462535e7d1307e630f9544a2d14fe8bf26e
+                SHA384: 25cbac323e740588a1ea3ca39ea907647440884ad75fc4bd99be6c82202aba42e95049fa7b66884977e60b819b21a2a5
+        Signer:
+        -   SerialNumber: 33000002528b33aaf895f339db000000000252
+            Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Code Signing PCA 2011
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 4a53ed67faf49ecb288c974cd66ea496
+        SHA1: f83f49f155f801d8ce781070309c4ce878f8f87f
+        SHA256: 93963bed2c58da923a8df184e6443740eba6ecb6949996b6568f42fe525bf906
+    Sections:
+        .text:
+            Entropy: 6.307312732264105
+            Virtual Size: '0x3980'
+        .rdata:
+            Entropy: 4.780683221400144
+            Virtual Size: '0x56c'
+        .data:
+            Entropy: 2.7659755587497967
+            Virtual Size: '0x968'
+        .pdata:
+            Entropy: 4.129962233416926
+            Virtual Size: '0x228'
+        .edata:
+            Entropy: 4.8209283897016855
+            Virtual Size: '0x18e'
+        INIT:
+            Entropy: 5.8834626044862475
+            Virtual Size: '0xb38'
+        .rsrc:
+            Entropy: 6.471949403238668
+            Virtual Size: '0x14a2c'
+        .reloc:
+            Entropy: 3.5739348962840563
+            Virtual Size: '0x18'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2013-01-15 23:19:18'
+    Imphash: 262d8fbbf1f514399bb3f230cddc12af
+    LoadsDespiteHVCI: 'TRUE'
+-   Filename: libnicm.sys
+    MD5: 34a7fab63a4ed5a0b61eb204828e08e5
+    SHA1: 469c04cb7841eedd43227facaf60a6d55cf21fd7
+    SHA256: e16dc51c51b2df88c474feb52ce884d152b3511094306a289623de69dedfdf48
+    Authentihash:
+        MD5: e960feebe973feb9fa4ceae648439f05
+        SHA1: 85dd2e3e9e97e981542336ab7051035d5e611380
+        SHA256: 14ec631a3cff171b86e2b0279c8db436cb88ec705c517bd82a964e2c59def92f
+    Description: Novell XTCOM Services Driver
+    Company: Novell, Inc.
+    InternalName: ''
+    OriginalFilename: libnicm.sys
+    FileVersion: 3.1.11.0
+    Product: Novell XTier
+    ProductVersion: 3.1.11
+    Copyright: (C) Copyright 2000-2013, Novell, Inc. All Rights Reserved.
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions:
+    - NicmCreateInstance
+    - NicmDeregisterClassFactory
+    - NicmGetVersion
+    - NicmRegisterClassFactory
+    - XTComCreateInstance
+    - XTComDeregisterClassFactory
+    - XTComFreeUnusedLibrariesEx
+    - XTComGetClassObject
+    - XTComGetVersion
+    - XTComInitialize
+    - XTComRegisterClassFactory
+    ImportedFunctions:
+    - ExAcquireResourceExclusiveLite
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - strstr
+    - RtlInitAnsiString
+    - ExAcquireResourceSharedLite
+    - ExReleaseResourceLite
+    - RtlEqualString
+    - MmUnmapLockedPages
+    - ProbeForRead
+    - IoDeleteSymbolicLink
+    - IoRegisterShutdownNotification
+    - KeInitializeMutex
+    - KeLeaveCriticalRegion
+    - IoDeleteDevice
+    - ProbeForWrite
+    - IoFreeMdl
+    - KeEnterCriticalRegion
+    - KeReleaseMutex
+    - ZwCreateFile
+    - MmMapLockedPagesSpecifyCache
+    - IoUnregisterShutdownNotification
+    - ZwClose
+    - IofCompleteRequest
+    - IoSetTopLevelIrp
+    - KeWaitForSingleObject
+    - MmProbeAndLockPages
+    - MmUnlockPages
+    - ExDeleteResourceLite
+    - IoGetTopLevelIrp
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - ExInitializeResourceLite
+    - NtSetSecurityObject
+    - DbgPrintEx
+    - IoAllocateMdl
+    - RtlCreateSecurityDescriptor
+    - IoGetCurrentProcess
+    - ZwCreateKey
+    - RtlAnsiStringToUnicodeString
+    - ZwReadFile
+    - RtlInitUnicodeString
+    - RtlAppendUnicodeToString
+    - RtlUnicodeStringToAnsiString
+    - ZwSetValueKey
+    - ZwQuerySystemInformation
+    - RtlInitString
+    - KeDelayExecutionThread
+    - RtlFreeUnicodeString
+    - ZwWaitForSingleObject
+    - ZwQueryValueKey
+    - ZwQueryDirectoryFile
+    - RtlAppendUnicodeStringToString
+    - RtlCopyString
+    - MmIsAddressValid
+    - ZwOpenFile
+    - ZwQueryInformationFile
+    - ZwLoadDriver
+    - ZwOpenKey
+    - KeBugCheckEx
+    - __C_specific_handler
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Publisher
+            ValidFrom: '2022-01-27 19:31:19'
+            ValidTo: '2023-01-26 19:31:19'
+            Signature: 941777115fcaf24c60c4a8c891758c491887aa5e9f0902a704191e75dd6f99be3d14a24aa35b1f2a1c1c42dde08da3fa75a73edbf7b5ae0fe94b3716e43b838ff30149e19c51b8b87cc53377ae08bfc0f54c7fafa398db43e839de108493510bc34d0fe998a44fcd0a11b0dc0c7315421dac79ab09ca47f847f9fa88e15d57a564f7b074664409c0ce01c697b2dcfd31676fc908fbc6bb928f82170f0b5a54f52f4327797278b78188b87e37b192b493d00eaf661e30f12b9e67fbd1df9cc5843e6a1c68b45d4f62423450cdc990fab2367d7f57719cb8272f59d4f300284a36d88adfc976cb08c6b0da33d5e988be0e1a3cef2a9669b5227a5b8d027f804908
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 330000036ce57eeb5d1cc2be1700000000036c
+            Version: 3
+            TBS:
+                MD5: 7ece739fdaa27d96b67f587db04186a7
+                SHA1: b8701efa0ab12b8fea2293c9cff8772ecca084d0
+                SHA256: c1392bdcbb0b50215fca8c78f25c2d857e515dce06c87ce86527c88c91d5d7e4
+                SHA384: 8d292e8db16824f3ac9d668816c4cf521a9eb251069694c92932683afcaa4e53d5fa3a1f58356749e655299ed83fe191
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Production PCA 2011
+            ValidFrom: '2011-10-19 18:41:42'
+            ValidTo: '2026-10-19 18:51:42'
+            Signature: 14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: '61077656000000000008'
+            Version: 3
+            TBS:
+                MD5: 30a3f0b64324ed7f465e7fc618cb69e7
+                SHA1: 002de3561519b662c5e3f5faba1b92c403fb7c41
+                SHA256: 4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146
+                SHA384: 4f9a02c3eac5e83c38074d54c0bf270e03a1d668e0001c9812c509eb08a19075ee778a7630e65598e4608fc66e2d1c66
+        Signer:
+        -   SerialNumber: 330000036ce57eeb5d1cc2be1700000000036c
+            Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Production PCA 2011
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 4a53ed67faf49ecb288c974cd66ea496
+        SHA1: f83f49f155f801d8ce781070309c4ce878f8f87f
+        SHA256: 93963bed2c58da923a8df184e6443740eba6ecb6949996b6568f42fe525bf906
+    Sections:
+        .text:
+            Entropy: 6.307312732264105
+            Virtual Size: '0x3980'
+        .rdata:
+            Entropy: 4.780683221400144
+            Virtual Size: '0x56c'
+        .data:
+            Entropy: 2.7659755587497967
+            Virtual Size: '0x968'
+        .pdata:
+            Entropy: 4.129962233416926
+            Virtual Size: '0x228'
+        .edata:
+            Entropy: 4.8209283897016855
+            Virtual Size: '0x18e'
+        INIT:
+            Entropy: 5.8834626044862475
+            Virtual Size: '0xb38'
+        .rsrc:
+            Entropy: 6.471949403238668
+            Virtual Size: '0x14a2c'
+        .reloc:
+            Entropy: 3.5739348962840563
+            Virtual Size: '0x18'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2013-01-15 23:19:18'
+    Imphash: 262d8fbbf1f514399bb3f230cddc12af
+    LoadsDespiteHVCI: 'TRUE'
diff --git a/yaml/a1d35b93-e97f-4ddd-a465-2405e804e754.yaml b/yaml/a1d35b93-e97f-4ddd-a465-2405e804e754.yaml
index 71d1cc4e5..ff40d61c7 100644
--- a/yaml/a1d35b93-e97f-4ddd-a465-2405e804e754.yaml
+++ b/yaml/a1d35b93-e97f-4ddd-a465-2405e804e754.yaml
@@ -1,35 +1,35 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: a1d35b93-e97f-4ddd-a465-2405e804e754
+Tags:
+- windows-xp-64.sys
+Verified: 'FALSE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create windows-xp-64.sys binPath=C:\windows\temp\windows-xp-64.sys     type=kernel
-    type=kernel && sc.exe start windows-xp-64.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection: []
-Id: a1d35b93-e97f-4ddd-a465-2405e804e754
-KnownVulnerableSamples:
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: windows-xp-64.sys
-  MachineType: ''
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA256: dfaefd06b680f9ea837e7815fc1cc7d1f4cc375641ac850667ab20739f46ad22
-  Signature: []
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create windows-xp-64.sys binPath=C:\windows\temp\windows-xp-64.sys     type=kernel
+        type=kernel && sc.exe start windows-xp-64.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules
-Tags:
-- windows-xp-64.sys
-Verified: 'FALSE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: windows-xp-64.sys
+    MachineType: ''
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA256: dfaefd06b680f9ea837e7815fc1cc7d1f4cc375641ac850667ab20739f46ad22
+    Signature: []
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/a22104a8-126d-449f-ba3e-28678c60c587.yaml b/yaml/a22104a8-126d-449f-ba3e-28678c60c587.yaml
index 2a43835fa..1a77d821a 100644
--- a/yaml/a22104a8-126d-449f-ba3e-28678c60c587.yaml
+++ b/yaml/a22104a8-126d-449f-ba3e-28678c60c587.yaml
@@ -1,189 +1,189 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: a22104a8-126d-449f-ba3e-28678c60c587
+Tags:
+- wantd_3.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: malicious
-Commands:
-  Command: sc.exe create wantd_3.sys binPath=C:\windows\temp\wantd_3.sys type=kernel
-    && sc.exe start wantd_3.sys
-  Description: Driver used in the Daxin malware campaign.
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-02-28'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/81c7bb39100d358f8286da5e9aa838606c98dfcc263e9a82ed91cd438cb130d1.yara
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_mal_drivers_strict.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: a22104a8-126d-449f-ba3e-28678c60c587
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: cbb18883d7893156620f084ff40b2fbf
-    SHA1: df59532dbae676b3fb2653a1bbd9cd5f1cd3ba78
-    SHA256: a1ee0b8a7974f3d11c10241027c0e7171c798a28589aae9ff8c5a86228642af7
-  Company: Microsoft Corporation
-  Copyright: Microsoft Corporation. All rights reserved.
-  CreationTimestamp: '2014-04-30 01:52:21'
-  Date: ''
-  Description: WAN Transport Driver
-  ExportedFunctions: ''
-  FileVersion: 5.2.3790.938
-  Filename: wantd_3.sys
-  ImportedFunctions:
-  - IofCompleteRequest
-  - KeResetEvent
-  - InterlockedIncrement
-  - KeSetEvent
-  - InterlockedDecrement
-  - RtlUnicodeStringToInteger
-  - RtlInitUnicodeString
-  - KeInitializeEvent
-  - wcsncmp
-  - wcscat
-  - wcslen
-  - wcscpy
-  - MmBuildMdlForNonPagedPool
-  - IoAllocateMdl
-  - KeInsertQueueApc
-  - KeInitializeApc
-  - KeDetachProcess
-  - KeAttachProcess
-  - PsLookupThreadByThreadId
-  - ZwAllocateVirtualMemory
-  - RtlCompareUnicodeString
-  - PsLookupProcessByProcessId
-  - ZwFreeVirtualMemory
-  - _wcsnicmp
-  - ZwQuerySystemInformation
-  - ZwQueryInformationProcess
-  - RtlImageDirectoryEntryToData
-  - _stricmp
-  - NtQuerySystemInformation
-  - ZwOpenFile
-  - MmGetSystemRoutineAddress
-  - ZwQueryValueKey
-  - ZwOpenKey
-  - ZwTerminateProcess
-  - ZwOpenProcess
-  - IoCreateFile
-  - RtlSetDaclSecurityDescriptor
-  - RtlAddAccessAllowedAce
-  - RtlCreateAcl
-  - RtlLengthSid
-  - RtlCreateSecurityDescriptor
-  - NtWriteFile
-  - NtReadFile
-  - KeWaitForMultipleObjects
-  - NtFsControlFile
-  - ZwWaitForSingleObject
-  - RtlLengthRequiredSid
-  - IoCreateSymbolicLink
-  - DbgPrint
-  - IoCreateDevice
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - sprintf
-  - ZwCreateFile
-  - RtlAnsiStringToUnicodeString
-  - ZwWriteFile
-  - ZwReadFile
-  - ZwQueryInformationFile
-  - vsprintf
-  - ZwDeviceIoControlFile
-  - MmMapLockedPagesSpecifyCache
-  - IoFreeMdl
-  - KeWaitForSingleObject
-  - ObfDereferenceObject
-  - KeDelayExecutionThread
-  - PsTerminateSystemThread
-  - PsCreateSystemThread
-  - PsThreadType
-  - ObReferenceObjectByHandle
-  - ZwClose
-  - KeQueryTimeIncrement
-  - KeTickCount
-  - KeInitializeSpinLock
-  - ExAllocatePoolWithTag
-  - PsGetVersion
-  - ExFreePool
-  - KfReleaseSpinLock
-  - KfAcquireSpinLock
-  - NdisAllocatePacketPool
-  - NdisAllocateBufferPool
-  - NdisRegisterProtocol
-  - NdisDeregisterProtocol
-  - NdisUnchainBufferAtFront
-  - NdisAllocatePacket
-  - NdisAllocateMemory
-  - NdisFreePacket
-  - NdisAllocateBuffer
-  - NdisFreeMemory
-  - NdisFreeBufferPool
-  - NdisCopyFromPacketToPacket
-  - NdisFreePacketPool
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  - NDIS.SYS
-  InternalName: wantd.sys
-  MD5: fb7c61ef427f9b2fdff3574ee6b1819b
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: wantd.sys
-  Product: Microsoft Windows Operating System
-  ProductVersion: 5.2.3790.938
-  Publisher: n/a
-  RichPEHeaderHash:
-    MD5: 7dac9e657681230dfe85b6e42aa5891e
-    SHA1: 02e8444b111e83edca1a07580800daf3e7e2453d
-    SHA256: 3e7f74d584bec768a7e4677b53f195737e86f319c4804790a13a2adbb38425a9
-  SHA1: 1f25f54e9b289f76604e81e98483309612c5a471
-  SHA256: 81c7bb39100d358f8286da5e9aa838606c98dfcc263e9a82ed91cd438cb130d1
-  Sections:
-    .text:
-      Entropy: 6.502320391551188
-      Virtual Size: '0xb444'
-    .rdata:
-      Entropy: 4.059142627811111
-      Virtual Size: '0x178'
-    .data:
-      Entropy: 3.447893896844354
-      Virtual Size: '0xd70c0'
-    INIT:
-      Entropy: 5.35998649387063
-      Virtual Size: '0x952'
-    .rsrc:
-      Entropy: 3.272892553001117
-      Virtual Size: '0x3b0'
-    .reloc:
-      Entropy: 3.7078151277985745
-      Virtual Size: '0x10a2'
-  Signature: Unsigned
-  Signatures: {}
-  Imphash: 420625b024fba72a24025defdf95b303
-  LoadsDespiteHVCI: 'TRUE'
 MitreID: T1068
+Category: malicious
+Commands:
+    Command: sc.exe create wantd_3.sys binPath=C:\windows\temp\wantd_3.sys type=kernel
+        && sc.exe start wantd_3.sys
+    Description: Driver used in the Daxin malware campaign.
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://gist.github.com/MHaggis/9ab3bb795a6018d70fb11fa7c31f8f48
 - https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/daxin-backdoor-espionage
 - ''
-Tags:
-- wantd_3.sys
-Verified: 'TRUE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/81c7bb39100d358f8286da5e9aa838606c98dfcc263e9a82ed91cd438cb130d1.yara
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_mal_drivers_strict.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: cbb18883d7893156620f084ff40b2fbf
+        SHA1: df59532dbae676b3fb2653a1bbd9cd5f1cd3ba78
+        SHA256: a1ee0b8a7974f3d11c10241027c0e7171c798a28589aae9ff8c5a86228642af7
+    Company: Microsoft Corporation
+    Copyright: Microsoft Corporation. All rights reserved.
+    CreationTimestamp: '2014-04-30 01:52:21'
+    Date: ''
+    Description: WAN Transport Driver
+    ExportedFunctions: ''
+    FileVersion: 5.2.3790.938
+    Filename: wantd_3.sys
+    ImportedFunctions:
+    - IofCompleteRequest
+    - KeResetEvent
+    - InterlockedIncrement
+    - KeSetEvent
+    - InterlockedDecrement
+    - RtlUnicodeStringToInteger
+    - RtlInitUnicodeString
+    - KeInitializeEvent
+    - wcsncmp
+    - wcscat
+    - wcslen
+    - wcscpy
+    - MmBuildMdlForNonPagedPool
+    - IoAllocateMdl
+    - KeInsertQueueApc
+    - KeInitializeApc
+    - KeDetachProcess
+    - KeAttachProcess
+    - PsLookupThreadByThreadId
+    - ZwAllocateVirtualMemory
+    - RtlCompareUnicodeString
+    - PsLookupProcessByProcessId
+    - ZwFreeVirtualMemory
+    - _wcsnicmp
+    - ZwQuerySystemInformation
+    - ZwQueryInformationProcess
+    - RtlImageDirectoryEntryToData
+    - _stricmp
+    - NtQuerySystemInformation
+    - ZwOpenFile
+    - MmGetSystemRoutineAddress
+    - ZwQueryValueKey
+    - ZwOpenKey
+    - ZwTerminateProcess
+    - ZwOpenProcess
+    - IoCreateFile
+    - RtlSetDaclSecurityDescriptor
+    - RtlAddAccessAllowedAce
+    - RtlCreateAcl
+    - RtlLengthSid
+    - RtlCreateSecurityDescriptor
+    - NtWriteFile
+    - NtReadFile
+    - KeWaitForMultipleObjects
+    - NtFsControlFile
+    - ZwWaitForSingleObject
+    - RtlLengthRequiredSid
+    - IoCreateSymbolicLink
+    - DbgPrint
+    - IoCreateDevice
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - sprintf
+    - ZwCreateFile
+    - RtlAnsiStringToUnicodeString
+    - ZwWriteFile
+    - ZwReadFile
+    - ZwQueryInformationFile
+    - vsprintf
+    - ZwDeviceIoControlFile
+    - MmMapLockedPagesSpecifyCache
+    - IoFreeMdl
+    - KeWaitForSingleObject
+    - ObfDereferenceObject
+    - KeDelayExecutionThread
+    - PsTerminateSystemThread
+    - PsCreateSystemThread
+    - PsThreadType
+    - ObReferenceObjectByHandle
+    - ZwClose
+    - KeQueryTimeIncrement
+    - KeTickCount
+    - KeInitializeSpinLock
+    - ExAllocatePoolWithTag
+    - PsGetVersion
+    - ExFreePool
+    - KfReleaseSpinLock
+    - KfAcquireSpinLock
+    - NdisAllocatePacketPool
+    - NdisAllocateBufferPool
+    - NdisRegisterProtocol
+    - NdisDeregisterProtocol
+    - NdisUnchainBufferAtFront
+    - NdisAllocatePacket
+    - NdisAllocateMemory
+    - NdisFreePacket
+    - NdisAllocateBuffer
+    - NdisFreeMemory
+    - NdisFreeBufferPool
+    - NdisCopyFromPacketToPacket
+    - NdisFreePacketPool
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    - NDIS.SYS
+    InternalName: wantd.sys
+    MD5: fb7c61ef427f9b2fdff3574ee6b1819b
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: wantd.sys
+    Product: Microsoft Windows Operating System
+    ProductVersion: 5.2.3790.938
+    Publisher: n/a
+    RichPEHeaderHash:
+        MD5: 7dac9e657681230dfe85b6e42aa5891e
+        SHA1: 02e8444b111e83edca1a07580800daf3e7e2453d
+        SHA256: 3e7f74d584bec768a7e4677b53f195737e86f319c4804790a13a2adbb38425a9
+    SHA1: 1f25f54e9b289f76604e81e98483309612c5a471
+    SHA256: 81c7bb39100d358f8286da5e9aa838606c98dfcc263e9a82ed91cd438cb130d1
+    Sections:
+        .text:
+            Entropy: 6.502320391551188
+            Virtual Size: '0xb444'
+        .rdata:
+            Entropy: 4.059142627811111
+            Virtual Size: '0x178'
+        .data:
+            Entropy: 3.447893896844354
+            Virtual Size: '0xd70c0'
+        INIT:
+            Entropy: 5.35998649387063
+            Virtual Size: '0x952'
+        .rsrc:
+            Entropy: 3.272892553001117
+            Virtual Size: '0x3b0'
+        .reloc:
+            Entropy: 3.7078151277985745
+            Virtual Size: '0x10a2'
+    Signature: Unsigned
+    Signatures: {}
+    Imphash: 420625b024fba72a24025defdf95b303
+    LoadsDespiteHVCI: 'TRUE'
diff --git a/yaml/a254e684-f6eb-40c4-a50a-7b76feb6cc02.yaml b/yaml/a254e684-f6eb-40c4-a50a-7b76feb6cc02.yaml
index 6bcbdb4e8..3ffbcf2fc 100644
--- a/yaml/a254e684-f6eb-40c4-a50a-7b76feb6cc02.yaml
+++ b/yaml/a254e684-f6eb-40c4-a50a-7b76feb6cc02.yaml
@@ -1,201 +1,201 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: a254e684-f6eb-40c4-a50a-7b76feb6cc02
+Tags:
+- directio64.sys
+- utiA2D4.sys
+Verified: 'TRUE'
 Author: Michael Haag
+Created: '2023-07-22'
+MitreID: T1068
 CVE:
 - ''
 Category: vulnerable drivers
 Commands:
-  Command: ''
-  Description: Confirmed vulnerable driver from Microsoft Block List
-  OperatingSystem: Windows
-  Privileges: kernel
-  Usecase: Elevate privileges
-Created: '2023-07-22'
-Detection:
-- type: ''
-  value: ''
-Id: a254e684-f6eb-40c4-a50a-7b76feb6cc02
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 0c357509adc3c4e42390c50a6a79575d
-    SHA1: fca1ee04be5d7752a1ad717a6aac9c143c5c8bcd
-    SHA256: e219276a4068b1eea5ce08f83a322845dce4eca89e05c71a0c2417065ce48813
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2020-07-08 05:23:10'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - RtlInitUnicodeString
-  - RtlQueryRegistryValues
-  - MmGetSystemRoutineAddress
-  - RtlWriteRegistryValue
-  - RtlAppendUnicodeStringToString
-  - RtlAppendUnicodeToString
-  - DbgPrintEx
-  - RtlGetVersion
-  - KeInitializeEvent
-  - KeWaitForSingleObject
-  - ExAllocatePoolWithTag
-  - ExAllocatePoolWithQuotaTag
-  - ExFreePoolWithTag
-  - MmBuildMdlForNonPagedPool
-  - MmMapLockedPagesSpecifyCache
-  - MmUnmapLockedPages
-  - MmMapIoSpace
-  - MmUnmapIoSpace
-  - IoAllocateErrorLogEntry
-  - IoAllocateMdl
-  - IoBuildDeviceIoControlRequest
-  - IoBuildSynchronousFsdRequest
-  - IofCallDriver
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - IoFreeMdl
-  - IoGetAttachedDeviceReference
-  - IoGetDeviceObjectPointer
-  - RtlIntegerToUnicodeString
-  - IoGetDeviceProperty
-  - ObReferenceObjectByHandle
-  - ObReferenceObjectByPointer
-  - ObfDereferenceObject
-  - ZwCreateFile
-  - ZwWriteFile
-  - ZwClose
-  - ZwOpenSection
-  - ZwMapViewOfSection
-  - ZwUnmapViewOfSection
-  - ZwOpenKey
-  - ZwQueryValueKey
-  - MmGetPhysicalMemoryRanges
-  - PsGetProcessId
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - IoEnumerateDeviceObjectList
-  - ObQueryNameString
-  - _vsnwprintf
-  - ObReferenceObjectByName
-  - __C_specific_handler
-  - IoFileObjectType
-  - PsProcessType
-  - PsInitialSystemProcess
-  - NtBuildNumber
-  - IoDriverObjectType
-  - KeEnterCriticalRegion
-  - KeLeaveCriticalRegion
-  - KdSystemDebugControl
-  - KdDebuggerEnabled
-  - KeQueryActiveProcessors
-  - KeBugCheckEx
-  - IoWriteErrorLogEntry
-  - wcsrchr
-  - KeStallExecutionProcessor
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: afbb28a756e233d32e224a664763f79c
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: d450b7a57cccd5a3db68a7e806a19964
-    SHA1: 470f1d22cd3e654fab37a79b0333dd7303fdcb6a
-    SHA256: b8aec1219a4d5f9701a7efa8c8211eacb4fc3b65cf29f9361c8c9d578b26f712
-  SHA1: e44297a2b750ec1958bef265e2f1ae6fa4323b28
-  SHA256: d84e3e250a86227c64a96f6d5ac2b447674ba93d399160850acb2339da43eae5
-  Sections:
-    .text:
-      Entropy: 6.071965718233516
-      Virtual Size: '0x3c5a'
-    .rdata:
-      Entropy: 4.1509658726216285
-      Virtual Size: '0x83c'
-    .data:
-      Entropy: 3.1174924611847556
-      Virtual Size: '0x18'
-    .pdata:
-      Entropy: 3.930519001098817
-      Virtual Size: '0x1a4'
-    PAGE:
-      Entropy: 5.139743175424712
-      Virtual Size: '0xb8'
-    INIT:
-      Entropy: 5.280434802516445
-      Virtual Size: '0x8e8'
-    .reloc:
-      Entropy: 2.7678941476196224
-      Virtual Size: '0x18'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: ??=AU, ??=Private Organization, serialNumber=099 321 392, C=AU, ST=New
-        South Wales, L=Surry Hills, O=PassMark Software Pty Ltd, CN=PassMark Software
-        Pty Ltd
-      ValidFrom: '2018-10-18 00:00:00'
-      ValidTo: '2021-02-28 12:00:00'
-      Signature: 5c01ed6a6f6c302d1b2ff3c17bae241ce2fcd501196d753b285ea9d44ba291565fc97503fa50ba4b0abba54066e1b04ac66018e8eb06c8104515df0b903f432e04c1d486336929a4d637fe7e06197a75ad7199bfae0a3a66ea6e55cf1ba9b68e33ef35f5b46cef71f5c8b6230d459c2e843a09b01ebe5020852ac9948357f09a66ad78bc60d795fce62fb63288f5550bc6446acbe7fdad31f8dd76045d7ed50bb79dc6ee9333ad8c12b64e2e544f922dfea0586b0d1cb80c37f96fc68b20f95b104f11ef5fe49349829afe35ceecfd22c96b5f89263701f95364d4f0816bcd0bee9e40aa1b956cd4659181e05d0872f4838b3208138b67d9c03faad605f1b924
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 0d671c2c3c13676231329afa97b1ec2b
-      Version: 3
-      TBS:
-        MD5: fd290a4891edd36420e082391a96d9b0
-        SHA1: fe33d6386cb017f4d39d5b1e21861bbc387aae7a
-        SHA256: 57e2af9bbd6fed434ad5df9b194936fc6d3a1b71658bdd31c2d289f8a0f5c2e0
-        SHA384: feff93a9900bd0c3ac0d46892b5c06dc002eb55bc2daa6c4d62d20491c9f5141771c7563166751af02b2308059449e52
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA (SHA2)
-      ValidFrom: '2012-04-18 12:00:00'
-      ValidTo: '2027-04-18 12:00:00'
-      Signature: 19334a0c813337dbad36c9e4c93abbb51b2e7aa2e2f44342179ebf4ea14de1b1dbe981dd9f01f2e488d5e9fe09fd21c1ec5d80d2f0d6c143c2fe772bdbf9d79133ce6cd5b2193be62ed6c9934f88408ecde1f57ef10fc6595672e8eb6a41bd1cd546d57c49ca663815c1bfe091707787dcc98d31c90c29a233ed8de287cd898d3f1bffd5e01a978b7cda6dfba8c6b23a666b7b01b3cdd8a634ec1201ab9558a5c45357a860e6e70212a0b92364a24dbb7c81256421becfee42184397bba53706af4dff26a54d614bec4641b865ceb8799e08960b818c8a3b8fc7998ca32a6e986d5e61c696b78ab9612d93b8eb0e0443d7f5fea6f062d4996aa5c1c1f0649480
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 03f1b4e15f3a82f1149678b3d7d8475c
-      Version: 3
-      TBS:
-        MD5: 83f5de89f641d0fbf60248e10a7b9534
-        SHA1: 382a73a059a08698d6eb98c87e1b36fc750933a4
-        SHA256: eec58131dc11cd7f512501b15fdbc6074c603b68ca91f7162d5a042054edb0cf
-        SHA384: 4a25018683cabfb8ec2cad136334f37f33c89aa8540326322991d997c8adfb7faf06ab602ebd46630fe75fe3d2edc6b1
-    Signer:
-    - SerialNumber: 0d671c2c3c13676231329afa97b1ec2b
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA (SHA2)
-      Version: 1
-  Imphash: cef6a450f196b28e634aa3c0655d8eda
-  LoadsDespiteHVCI: 'FALSE'
-MitreID: T1068
+    Command: ''
+    Description: Confirmed vulnerable driver from Microsoft Block List
+    OperatingSystem: Windows
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://gist.github.com/mgraeber-rc/1bde6a2a83237f17b463d051d32e802c
-Tags:
-- directio64.sys
-- utiA2D4.sys
-Verified: 'TRUE'
+Detection:
+-   type: ''
+    value: ''
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 0c357509adc3c4e42390c50a6a79575d
+        SHA1: fca1ee04be5d7752a1ad717a6aac9c143c5c8bcd
+        SHA256: e219276a4068b1eea5ce08f83a322845dce4eca89e05c71a0c2417065ce48813
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2020-07-08 05:23:10'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - RtlInitUnicodeString
+    - RtlQueryRegistryValues
+    - MmGetSystemRoutineAddress
+    - RtlWriteRegistryValue
+    - RtlAppendUnicodeStringToString
+    - RtlAppendUnicodeToString
+    - DbgPrintEx
+    - RtlGetVersion
+    - KeInitializeEvent
+    - KeWaitForSingleObject
+    - ExAllocatePoolWithTag
+    - ExAllocatePoolWithQuotaTag
+    - ExFreePoolWithTag
+    - MmBuildMdlForNonPagedPool
+    - MmMapLockedPagesSpecifyCache
+    - MmUnmapLockedPages
+    - MmMapIoSpace
+    - MmUnmapIoSpace
+    - IoAllocateErrorLogEntry
+    - IoAllocateMdl
+    - IoBuildDeviceIoControlRequest
+    - IoBuildSynchronousFsdRequest
+    - IofCallDriver
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - IoFreeMdl
+    - IoGetAttachedDeviceReference
+    - IoGetDeviceObjectPointer
+    - RtlIntegerToUnicodeString
+    - IoGetDeviceProperty
+    - ObReferenceObjectByHandle
+    - ObReferenceObjectByPointer
+    - ObfDereferenceObject
+    - ZwCreateFile
+    - ZwWriteFile
+    - ZwClose
+    - ZwOpenSection
+    - ZwMapViewOfSection
+    - ZwUnmapViewOfSection
+    - ZwOpenKey
+    - ZwQueryValueKey
+    - MmGetPhysicalMemoryRanges
+    - PsGetProcessId
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - IoEnumerateDeviceObjectList
+    - ObQueryNameString
+    - _vsnwprintf
+    - ObReferenceObjectByName
+    - __C_specific_handler
+    - IoFileObjectType
+    - PsProcessType
+    - PsInitialSystemProcess
+    - NtBuildNumber
+    - IoDriverObjectType
+    - KeEnterCriticalRegion
+    - KeLeaveCriticalRegion
+    - KdSystemDebugControl
+    - KdDebuggerEnabled
+    - KeQueryActiveProcessors
+    - KeBugCheckEx
+    - IoWriteErrorLogEntry
+    - wcsrchr
+    - KeStallExecutionProcessor
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: afbb28a756e233d32e224a664763f79c
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: d450b7a57cccd5a3db68a7e806a19964
+        SHA1: 470f1d22cd3e654fab37a79b0333dd7303fdcb6a
+        SHA256: b8aec1219a4d5f9701a7efa8c8211eacb4fc3b65cf29f9361c8c9d578b26f712
+    SHA1: e44297a2b750ec1958bef265e2f1ae6fa4323b28
+    SHA256: d84e3e250a86227c64a96f6d5ac2b447674ba93d399160850acb2339da43eae5
+    Sections:
+        .text:
+            Entropy: 6.071965718233516
+            Virtual Size: '0x3c5a'
+        .rdata:
+            Entropy: 4.1509658726216285
+            Virtual Size: '0x83c'
+        .data:
+            Entropy: 3.1174924611847556
+            Virtual Size: '0x18'
+        .pdata:
+            Entropy: 3.930519001098817
+            Virtual Size: '0x1a4'
+        PAGE:
+            Entropy: 5.139743175424712
+            Virtual Size: '0xb8'
+        INIT:
+            Entropy: 5.280434802516445
+            Virtual Size: '0x8e8'
+        .reloc:
+            Entropy: 2.7678941476196224
+            Virtual Size: '0x18'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: ??=AU, ??=Private Organization, serialNumber=099 321 392, C=AU,
+                ST=New South Wales, L=Surry Hills, O=PassMark Software Pty Ltd, CN=PassMark
+                Software Pty Ltd
+            ValidFrom: '2018-10-18 00:00:00'
+            ValidTo: '2021-02-28 12:00:00'
+            Signature: 5c01ed6a6f6c302d1b2ff3c17bae241ce2fcd501196d753b285ea9d44ba291565fc97503fa50ba4b0abba54066e1b04ac66018e8eb06c8104515df0b903f432e04c1d486336929a4d637fe7e06197a75ad7199bfae0a3a66ea6e55cf1ba9b68e33ef35f5b46cef71f5c8b6230d459c2e843a09b01ebe5020852ac9948357f09a66ad78bc60d795fce62fb63288f5550bc6446acbe7fdad31f8dd76045d7ed50bb79dc6ee9333ad8c12b64e2e544f922dfea0586b0d1cb80c37f96fc68b20f95b104f11ef5fe49349829afe35ceecfd22c96b5f89263701f95364d4f0816bcd0bee9e40aa1b956cd4659181e05d0872f4838b3208138b67d9c03faad605f1b924
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 0d671c2c3c13676231329afa97b1ec2b
+            Version: 3
+            TBS:
+                MD5: fd290a4891edd36420e082391a96d9b0
+                SHA1: fe33d6386cb017f4d39d5b1e21861bbc387aae7a
+                SHA256: 57e2af9bbd6fed434ad5df9b194936fc6d3a1b71658bdd31c2d289f8a0f5c2e0
+                SHA384: feff93a9900bd0c3ac0d46892b5c06dc002eb55bc2daa6c4d62d20491c9f5141771c7563166751af02b2308059449e52
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA (SHA2)
+            ValidFrom: '2012-04-18 12:00:00'
+            ValidTo: '2027-04-18 12:00:00'
+            Signature: 19334a0c813337dbad36c9e4c93abbb51b2e7aa2e2f44342179ebf4ea14de1b1dbe981dd9f01f2e488d5e9fe09fd21c1ec5d80d2f0d6c143c2fe772bdbf9d79133ce6cd5b2193be62ed6c9934f88408ecde1f57ef10fc6595672e8eb6a41bd1cd546d57c49ca663815c1bfe091707787dcc98d31c90c29a233ed8de287cd898d3f1bffd5e01a978b7cda6dfba8c6b23a666b7b01b3cdd8a634ec1201ab9558a5c45357a860e6e70212a0b92364a24dbb7c81256421becfee42184397bba53706af4dff26a54d614bec4641b865ceb8799e08960b818c8a3b8fc7998ca32a6e986d5e61c696b78ab9612d93b8eb0e0443d7f5fea6f062d4996aa5c1c1f0649480
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 03f1b4e15f3a82f1149678b3d7d8475c
+            Version: 3
+            TBS:
+                MD5: 83f5de89f641d0fbf60248e10a7b9534
+                SHA1: 382a73a059a08698d6eb98c87e1b36fc750933a4
+                SHA256: eec58131dc11cd7f512501b15fdbc6074c603b68ca91f7162d5a042054edb0cf
+                SHA384: 4a25018683cabfb8ec2cad136334f37f33c89aa8540326322991d997c8adfb7faf06ab602ebd46630fe75fe3d2edc6b1
+        Signer:
+        -   SerialNumber: 0d671c2c3c13676231329afa97b1ec2b
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA (SHA2)
+            Version: 1
+    Imphash: cef6a450f196b28e634aa3c0655d8eda
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/a261cd64-0d04-4bf5-ad73-f3bb96bf83cf.yaml b/yaml/a261cd64-0d04-4bf5-ad73-f3bb96bf83cf.yaml
index 6f3520903..1f4744080 100644
--- a/yaml/a261cd64-0d04-4bf5-ad73-f3bb96bf83cf.yaml
+++ b/yaml/a261cd64-0d04-4bf5-ad73-f3bb96bf83cf.yaml
@@ -1,272 +1,272 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: a261cd64-0d04-4bf5-ad73-f3bb96bf83cf
+Tags:
+- PCHunter.sys
+Verified: 'FALSE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create PCHunter.sys binPath=C:\windows\temp\PCHunter.sys type=kernel
-    && sc.exe start PCHunter.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/1b7fb154a7b7903a3c81f12f4b094f24a3c60a6a8cffca894c67c264ab7545fa.yara
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: a261cd64-0d04-4bf5-ad73-f3bb96bf83cf
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 9655d43fd874e7a6720b36e7fd9fa6b7
-    SHA1: a14261c290339995b7430495f2dfdd1da64dcfc5
-    SHA256: c2d209ed240027608003f8d32b621f8baaf5601aaf348e64269e4457a594c7c3
-  Company: "\u4E00\u666E\u660E\u4E3A\uFF08\u5317\u4EAC\uFF09\u4FE1\u606F\u6280\u672F\
-    \u6709\u9650\u516C\u53F8"
-  Copyright: (C) 2013-2016 Epoolsoft Corporation. All Rights Reserved.
-  CreationTimestamp: '2016-04-10 08:17:05'
-  Date: ''
-  Description: Epoolsoft Windows Information View Tools
-  ExportedFunctions: ''
-  FileVersion: 1.0.0.4
-  Filename: PCHunter.sys
-  ImportedFunctions:
-  - ZwCreateKey
-  - RtlInitUnicodeString
-  - ZwSetValueKey
-  - ExGetPreviousMode
-  - PsGetCurrentProcessId
-  - KeInitializeEvent
-  - ExFreePoolWithTag
-  - ZwQuerySymbolicLinkObject
-  - SeCreateAccessState
-  - KeSetEvent
-  - IoGetFileObjectGenericMapping
-  - ObCreateObject
-  - IoCreateFile
-  - MmBuildMdlForNonPagedPool
-  - ZwOpenSymbolicLinkObject
-  - IoFreeMdl
-  - IoFileObjectType
-  - ExAllocatePool
-  - ObReferenceObjectByHandle
-  - KeWaitForSingleObject
-  - IoFreeIrp
-  - MmProbeAndLockPages
-  - ZwClose
-  - MmUnlockPages
-  - ObOpenObjectByPointer
-  - IoAllocateMdl
-  - MmSectionObjectType
-  - _wcsicmp
-  - NtDeviceIoControlFile
-  - NtFsControlFile
-  - swprintf
-  - MmGetSystemRoutineAddress
-  - ExAllocatePoolWithTag
-  - ObQueryNameString
-  - KeBugCheckEx
-  - PsLookupThreadByThreadId
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - wcsncat
-  - KeDelayExecutionThread
-  - wcsrchr
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - MmUnmapLockedPages
-  - MmMapLockedPagesSpecifyCache
-  - KeStackAttachProcess
-  - ObfDereferenceObject
-  - MmIsAddressValid
-  - KeUnstackDetachProcess
-  - PsLookupProcessByProcessId
-  - ProbeForRead
-  - IoGetCurrentProcess
-  - MmUserProbeAddress
-  - ProbeForWrite
-  - NtBuildNumber
-  - IoAllocateIrp
-  - MmSystemRangeStart
-  - __C_specific_handler
-  - FltReleaseFileNameInformation
-  - FltClose
-  - FltStartFiltering
-  - FltParseFileNameInformation
-  - FltCreateFile
-  - FltRegisterFilter
-  - FltUnregisterFilter
-  - FltGetFileNameInformation
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: PCHunter.sys
-  MD5: c2c1b8c00b99e913d992a870ed478a24
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: PCHunter.sys
-  Product: PCHunter
-  ProductVersion: 1.0.0.4
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 819db1bed1ee2ace0a19ce67f94dfc84
-    SHA1: 0dd604290ee6a8e102aa4964d90c99d1c8bc1332
-    SHA256: 608f08d51ee0c93ea049baae3b51084ac93c2453383d22aacfbcde896d4d398a
-  SHA1: a64354aac2d68b4fa74b5829a9d42d90d83b040c
-  SHA256: 1b7fb154a7b7903a3c81f12f4b094f24a3c60a6a8cffca894c67c264ab7545fa
-  Sections:
-    .text:
-      Entropy: 6.3553477241339005
-      Virtual Size: '0x81050'
-    .rdata:
-      Entropy: 5.552306001700414
-      Virtual Size: '0xcf7c'
-    .data:
-      Entropy: 2.831777228998586
-      Virtual Size: '0x2eda8'
-    .pdata:
-      Entropy: 5.938259413904041
-      Virtual Size: '0x7860'
-    INIT:
-      Entropy: 5.080110483782868
-      Virtual Size: '0x852'
-    .rsrc:
-      Entropy: 3.4546217154700916
-      Virtual Size: '0x3b0'
-    .pchunt0:
-      Entropy: 1.7563449969203195
-      Virtual Size: '0x780'
-    .pchunt1:
-      Entropy: 7.978022918434585
-      Virtual Size: '0x166bd'
-    .reloc:
-      Entropy: 4.690928622225438
-      Virtual Size: '0x180'
-  Signature: []
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=CN, ST=, L=, O=(), CN=()
-      ValidFrom: '2015-10-16 04:47:28'
-      ValidTo: '2016-11-16 04:47:28'
-      Signature: c87f8ed5e0c37da04f8f7b193aae1974b8712e6d9740a8dc55058a576301c1783919200b621b7d674954efe2689ee641cdd2609541eea9a633277af5e3ac84fc33b681d3737d54bd45bf9405947dbfe89338577c841b148dd745c742f19775cdb6f1f456500b439b79e350b41987c671ebd6bf05eb6832fb8bde7e4aaa42d7e26d8080b41cd6181f9a0ac62bce4cb9103907f279d6c18237b4744a745bcfa118f90bd2fa3f4eed5b059faffef0f8ae7c023f2e9e8788cd071b6ceb949a00b078591988a8ab7792cb11a545c7bb079687d2defdb88a6615e0d3204c29dae9a6f19fbb3ae4c3d338522648cb1bd5399f55fa7bd01ee9041330eb6a57edcd0fc455
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 5c5d0a336ba298b9695d2cfa5a181510
-      Version: 3
-      TBS:
-        MD5: 22abfcdb0a677a41a0e98019f629e785
-        SHA1: 3c68a9e0ba9434a54c9b731fed228bb0f662f6c5
-        SHA256: 5142ab5696ee82d72ca8fc8f622adffcdb73bf2e6d6a8531d5f86ce4f823ac23
-        SHA384: 94fb388bf7369e43f7824012505050758ff9c7fff41df4d869ed3d6780c7a8875b291ca9c1b89fb68fb7b51d2febae42
-    - Subject: C=CN, O=WoSign CA Limited, CN=WoSign Time Stamping Signer
-      ValidFrom: '2009-08-08 01:00:05'
-      ValidTo: '2024-08-08 01:00:05'
-      Signature: 7c982fbbc3d2aec22a8fa69776568632c4cd36688becd7801a3179b05e56b969ebb90b32a98326dc775d7a56b246a07d15d66df9acf835737836026022201cef188f7e66b24fe771935a2be6e58d3d5d2e274b46cb1d04f30b8c3f13a80dd4cde828e82a9c55c8e3ff9da922496ee8e7889237578060441827435818046d86c065470557555091e67350ee3f10a98f052fda6811536e1fad98f3763e85d057a3cfe4c11a4c6406a644ab4e1ee24bd5a46d71f86bcb6613a6471f212aa1ae4c89a47d2877174f888db1d15db1c4935abf22926cab678268edd721cb63bc93c4178e871925ad1754b479d2a59373bc7cbbe4800f8fccaa0ad0e49375aa6ccf497d75ec82285c73f042bf9ea6132ede6cee8003a6ee8836a01bb282e83dbba61ad511ae0a0b62d651369723175226edf1c5b62175391507e042f12a89047766ad1404d2c7d47c4f6cdd4edced8ea9f68617e7e15966bbd07ad09442ebafc154cae21aa4a9b6a5d481ca1526fa6fb4df7810048c4818bc2859669ab818f1d95e5b82fffe11d7d40436309f511d3cc86440757cd83583efb1e528760a053de9b81e70503a60e2a50188889c04cc6af21585d10cb74a6d934e82ca29e9750b42e43a4724086d805ce66a672cb61308c94fd86653b9b67fe2ea39956f71779603afb9e3cce3a1b9f101c66ebefc975cb2d1f17bfb33c665eae618f9ab3a271a2d206be6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 251f5d988182172e3c419e014fb0404c
-      Version: 3
-      TBS:
-        MD5: 626797c449e52df71f4d81ad5be6d993
-        SHA1: 58672dea8f4352d39f2021436acf155a2dcbb224
-        SHA256: 21ee871c9b6d0fdb62f442f75f9f446f5cfece9c8ed5624f5691bfd704fa90e5
-        SHA384: 4568d42f64a1f6e61ed808fa82c4cfd12a63908ac2e5fa3cf2b413ea835250c245bfd38f781f91ccca94082edce253df
-    - Subject: C=CN, O=WoSign CA Limited, CN=WoSign Class 3 Code Signing CA
-      ValidFrom: '2009-08-08 01:00:05'
-      ValidTo: '2024-08-08 01:00:05'
-      Signature: 0e93a5712562a282627ab579eae1eaaccaa58bc7a14cdcccae1ce9ea2e88e251e5812276e9f6e06641c974e4de667ef9529912fdc59e6a85a45dc554f2221fbc786120c0fe1c1b24ff01e3dcad1379cbcc3daef43f6e35cacf5dc6053e431ea78d03dd6eabcd5c6ab8155085dab896530f557d19d9a374681a84d0c25809d6dd6ae785a5d4ac415edefda6ab798e24abed396f8f5f71990274fc427e3202202932c29006c27ed0ab065017c3acfba6b96bbeeebea41e188002ed449da2c6544dabe1b698197ee1b4ba7c2c3c4719cb4af76362665e5709a86c1eb84dec5394d781ff0c0bef080215aed8d49f5c3987d7246684a0d038904a4e994d936076f51ae28e465f5b1297b466d77c4f421623e80aed86460f6d9ae47baf37dcf380544b3b22dd902c07bdc097f2c3ec7f7cfbbe4699366e48c781e5f28c020dc07c3fc5439b700281f5b0aa7f0554c0c2309cc5c257f519b190bcd99dd62608d60c0eb268d091e3e73e274837475ed351b50e5959c9baa7cb846e0384cfec50bbeecd756d7c3a9b9afb151890b1c4a3e19819770896fcd548c455f7d3ac2058ff47c3d4fc7bae641855ab472d84e42453b000f47873cbcca622202e7ff5454d0a49aa6bae6e6624e2c40a7ea42b908e90621cf58bf14528f7614acbb48c48839ece01f3a584f4d26afd3a2568f208c5cf1c8d27c036db17136cc1da214035f866b32327
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 46bbb340fab9c17928938c93da108679
-      Version: 3
-      TBS:
-        MD5: 1a335fef744b698e4bde0dbe71df85ba
-        SHA1: 567c76a1da9fd89c9f8bc09fe4f1e8109b8794cd
-        SHA256: 86eaa893035f20d7480aba99d60c96cbe5aebb5490adef7b2d18f0da65efc238
-        SHA384: d752946329772337992b5ebd1193b60da7fee9c80d767c42c6833bbaeda23e41b4b0f156de8749f654e1a3a590a471e8
-    - Subject: C=CN, O=WoSign CA Limited, CN=Certification Authority of WoSign
-      ValidFrom: '2015-04-29 17:12:11'
-      ValidTo: '2025-04-29 17:12:11'
-      Signature: 0c9e907a381c3c94a5f76fb3989e6f52f9cac16e59ac5e76a96251971b98be114a421c5aec81972fd19436b91ea63e2a6ca219d2124b3924e36986125a2af5d8ca331725a69d3c8ba9beba6b956e04603ff9a84d77e874aa7b6776991b797f1f64dd62858ea09559332ff81c87f0f7f3060cd13c3e9b4f1b5b4a99dd8c62f1308ef8a4900f64c303f84ec232e2c18b71977d49aebdf6770e470bf36f182318e0a03071a49afd47ee0cf36e466274504a08bae15862143d40b6744d21c347520780632a4af199e5e71e7f20d87d04e34e528e712e08ab6ec4223c0d6b6d90f3b4d861c675c0ca26d5f01d9ced505558654ef637108d212938c3dfdb98b6a76663e65675bb166a4cbc9d516745008564555fbbcbff213c0833b59c8455e22497e5deefd15336710e7be432c58da0c54d976e7ff2c7e8c951ca325114d63771667ef0668107d84c50ee0497dc93916d1fb794c7cf710e011d66b4f64cce75a74ca754ffc83bea3711b414f1a609455b28ce7ebc5074ed934fbbcd48fe378a59a72b97a097eb4c59e0907698397d4b38125aa22c00def8f3f2f7ef3a05040a905c87d47accb70917a6d557c03a8f28b70782d7add8df43a7238c95be42e923abc9c7f033a890947f80cbe75f66a342592fa4776fee2956da0a091f16f0699018c41284bfa0b6e608ce46b893168fb7e04ecb38c25d2f1078fdbe0c41825b47049f64
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 330000003965c472e0dc2bd965000000000039
-      Version: 3
-      TBS:
-        MD5: ac25a5b7bc19804fd0911884d862f25c
-        SHA1: d474e0b87ecde20a8aeaa4fa25431a620cbd4b63
-        SHA256: 1fcf929a758d423c1466d3504642ec681de44f4d3b57dcca98c637f3a46d6f12
-        SHA384: 2e0a3138431b93f42f82b9ae193de6fd9f3b9abe286c3d65e442a8aa2f67a8d27027a8622859a05f3749c2cfc7f8c6be
-    - Subject: C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom
-        Certification Authority
-      ValidFrom: '2011-04-15 20:13:19'
-      ValidTo: '2021-04-15 20:23:19'
-      Signature: 375933ca5e487d489a5be42fdbdb59a8c61f77c0a58747e86508c6672688d95c58e2c631ac0c32b96f7cc58748db2c0a23484d0dcf1116ef60577ed5326e22de373cc7dc16f3c9ce2939fb37daf5e4e741d8a2f82db3498a601f64ef9c1364b3469a82cc650f18550776c9e9337790a644daefa64d551038316f3a58ed31486190c04615b4c0a64e5493c00db524e55017c6d62392226992e0abab297508255399959f50b65b6753aaa2ba905a6ea3e35b5c830e54426dbdb917a8205284b51a4fb24d68d2c28ff8f9ae837c24a6e6c17f9a932f2e550df87bc1be336fab0cd934585c9c40ce284a015529655d5bfd525a54591171470b3eff2c9ae931d9046a33871d2f880fc99aab14a8c20b4f8589ac25490dff54395513d6b84d6bf44aad1833bc8e0052b476c2eccd8beb60d57880844a0eb93d4d560d1b17176f60fcdbd867cd3d4082b55c567f8d274cc76d5da410b57c410c39912f41d2c6310686eb405087d8131e852f10448b7a0361693b29fedfcdd3e07d19ba3b84e34e9ad78c7cd73d9dd7fd50108f06683bd8be3bbbaa284552eadde83a334caf38c715e3e97cee83eb2a1cbdd8fdf5394e7c5f25b39349ca88e56152f0dd14f8394ead47182aefcc6b29493fd7a48e7abd6f6bee675db7b167a60055014532b842fe96fc06b9cecfcff9fb6eab728718451afce3846a414f36714c77eea3191ab87d098c01
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 6139bb9c000000000033
-      Version: 3
-      TBS:
-        MD5: 5b3304180221a8328ce477b1fd93898f
-        SHA1: 9b7f1e1653a52d801387f1e51d17fabb8d435d0c
-        SHA256: 67070bcf2ee304cedd252a1dd8a7222c1be50fd2d5eabef9446cb633e133d264
-        SHA384: be36b1ba9a006afb9eb53263634cb8ca38dd6ca7f95ec56f943324f3a26f9c34c2dff1a3a5c72c88513e23e1f20c8824
-    - Subject: C=CN, O=WoSign CA Limited, CN=Certification Authority of WoSign
-      ValidFrom: '2006-09-17 22:46:36'
-      ValidTo: '2019-12-31 23:59:59'
-      Signature: b66df870fbe20d4c98b3074915f504c46ccacaf568a008fe126d9c0406c9ad9a91523e78c45cee9f541deee3f15e30c949e139e0a69d366c57fae6344f55e887a82cdd05f1581291e8cace28788fdf078501a5dc459605d480b22b059acb9aa58be03a67e67347be4afd27b188efe6cacf8d0e269ffa5f5778ad6dfeae9b3508b1c3bac1004a4b7d14bdf7f1d35518acd03370886dc4097114a62b4f8881e70b0037a9157d7ed701963f2faf7b62ae0a4abf4b392e35108bfe0439e43c3a0c0956403ab5f4c2680cb5f952cdee9df898fc78e758478f1c73586933abffdddf8e24017798193ab06679bce108a30e4fc104b3f301c8ebd3591c35d2931e7065827fdbcffbc8991260c3446f3a804bd7be21aa147a64cbdd3743455b322e45f0d9591f6b18f07ce9553619615fb57df18dbd88e4754b98dd27b0e484442a6184570582111faa3558f3200eaf59effa5572720d26d09b5349acce372e6561fff6ec1beaf6f1a6d3d1b57bbe35f422c1bc8d01bd685e830d2fecd6da630c27d1543ee4a8d3ce4b32b89194fffb5b492d7518a8ba719a3baed9c0a94f8791ed8b7b6b20988939834f80c469cc17c9c84ebee4a9a5817670060432cd8365f4bc7d3e13bcd2e86f63aab53bda8d863282789dd9ccffbf576474ed283d446215614bf794b00d2a671cf0cb9ba592bff8415ac13d60ed9fbbb86d9bcea96a163f7eea06f1
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 19c28530e93b36
-      Version: 3
-      TBS:
-        MD5: dd50ed7562bd4ce20df7b5c24d9f1446
-        SHA1: 188ce565932b1320e89f1c94e1b21eb49f714a6b
-        SHA256: e9c8df2dbd3edd63c701a9a6b71cf740eb8d54526dba56970712888237086691
-        SHA384: 3c0a92298ab549c53c98518786164baadde65fa06a197de4784bf34053752ce84ba6b943ae4dcc9944bb334c9e346c91
-    - Subject: C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom
-        Certification Authority
-      ValidFrom: '2006-09-17 19:46:36'
-      ValidTo: '2036-09-17 19:46:36'
-      Signature: 166c99f4660c34f5d0855e7d0aecda104e381c5edfa625054b9132c1e83bf13ddd44095b07498a29cb6602b7b19af72598093c8e1be1dd36872b4bbb68d339663da026c7f239911d51ab827b7ed5ce5ae4e2035770699708f95e58a60adf8c069a451616380a5e57f662c77a0205e6bc1eb5f29ef4a92983f8b214e36e288744c3901ade38a93cac434d6445cedd28a95cf2737b04f817e8abb1f32e5c646e73313a12b8bcb311e47d8f81519a3b8d89f44d93667b3c03edd39a1d9af36550f5a0d0759f2faff0ea824398f8699c8979c4438e4672e3643612aff7251e388990777ec36b6ab9c3cb444bac78908be7c72c1e4b1144c8345227cd0a5d9f85c189d51a78f295105332dd80846675d9b56828fb612ebe84a838c0991286a51e6764ad062e2fa97085c7960f7c8965f58e43540eabdda580399460c034c996702ca312f51f487bbd1c7e6bb79d90f4223baef8fc2acafa8252a0efaf4b5593ebc1b5f0228bac344e262204a1872c754ab7e57d13d7b80c64c036d2c92f86128c2309c11b823b7349a36a578794e5d678c5994363e34de0772de165997269041a4709e60f015624fb1fbf0e79a9582eb9c409017e95ba6d00063eb2ea4a1039d8d02bf5bfec75bf9702c5091b08dc5537e281fb3784436220cae7564b65eafe6cc1249324a134eb05ff9a22ae9b7d3ff165510aa6306ab3f4881c800dfc728ae8835e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: '01'
-      Version: 3
-      TBS:
-        MD5: 8df2b22eaf3cd2c53b65a50b1e9bb8aa
-        SHA1: 84e608dd4cc47c78e2de0f831405996c467fc35d
-        SHA256: e6f79754976245b19b33d66ba2fb76381e96c2fe296354e73d19ef9d177a5025
-        SHA384: a8ae434f73a057427e39a002e0fbfbdb402381e82cff6c472c836c6040af688e2afa61e13785b5c533dfff728e1cd9f3
-    Signer:
-    - SerialNumber: 5c5d0a336ba298b9695d2cfa5a181510
-      Issuer: C=CN, O=WoSign CA Limited, CN=WoSign Class 3 Code Signing CA
-      Version: 1
-  Imphash: f510a429c6ce5c8d414550518b3823d2
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create PCHunter.sys binPath=C:\windows\temp\PCHunter.sys type=kernel
+        && sc.exe start PCHunter.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules
-Tags:
-- PCHunter.sys
-Verified: 'FALSE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/1b7fb154a7b7903a3c81f12f4b094f24a3c60a6a8cffca894c67c264ab7545fa.yara
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 9655d43fd874e7a6720b36e7fd9fa6b7
+        SHA1: a14261c290339995b7430495f2dfdd1da64dcfc5
+        SHA256: c2d209ed240027608003f8d32b621f8baaf5601aaf348e64269e4457a594c7c3
+    Company: "\u4E00\u666E\u660E\u4E3A\uFF08\u5317\u4EAC\uFF09\u4FE1\u606F\u6280\u672F\
+        \u6709\u9650\u516C\u53F8"
+    Copyright: (C) 2013-2016 Epoolsoft Corporation. All Rights Reserved.
+    CreationTimestamp: '2016-04-10 08:17:05'
+    Date: ''
+    Description: Epoolsoft Windows Information View Tools
+    ExportedFunctions: ''
+    FileVersion: 1.0.0.4
+    Filename: PCHunter.sys
+    ImportedFunctions:
+    - ZwCreateKey
+    - RtlInitUnicodeString
+    - ZwSetValueKey
+    - ExGetPreviousMode
+    - PsGetCurrentProcessId
+    - KeInitializeEvent
+    - ExFreePoolWithTag
+    - ZwQuerySymbolicLinkObject
+    - SeCreateAccessState
+    - KeSetEvent
+    - IoGetFileObjectGenericMapping
+    - ObCreateObject
+    - IoCreateFile
+    - MmBuildMdlForNonPagedPool
+    - ZwOpenSymbolicLinkObject
+    - IoFreeMdl
+    - IoFileObjectType
+    - ExAllocatePool
+    - ObReferenceObjectByHandle
+    - KeWaitForSingleObject
+    - IoFreeIrp
+    - MmProbeAndLockPages
+    - ZwClose
+    - MmUnlockPages
+    - ObOpenObjectByPointer
+    - IoAllocateMdl
+    - MmSectionObjectType
+    - _wcsicmp
+    - NtDeviceIoControlFile
+    - NtFsControlFile
+    - swprintf
+    - MmGetSystemRoutineAddress
+    - ExAllocatePoolWithTag
+    - ObQueryNameString
+    - KeBugCheckEx
+    - PsLookupThreadByThreadId
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - wcsncat
+    - KeDelayExecutionThread
+    - wcsrchr
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - MmUnmapLockedPages
+    - MmMapLockedPagesSpecifyCache
+    - KeStackAttachProcess
+    - ObfDereferenceObject
+    - MmIsAddressValid
+    - KeUnstackDetachProcess
+    - PsLookupProcessByProcessId
+    - ProbeForRead
+    - IoGetCurrentProcess
+    - MmUserProbeAddress
+    - ProbeForWrite
+    - NtBuildNumber
+    - IoAllocateIrp
+    - MmSystemRangeStart
+    - __C_specific_handler
+    - FltReleaseFileNameInformation
+    - FltClose
+    - FltStartFiltering
+    - FltParseFileNameInformation
+    - FltCreateFile
+    - FltRegisterFilter
+    - FltUnregisterFilter
+    - FltGetFileNameInformation
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: PCHunter.sys
+    MD5: c2c1b8c00b99e913d992a870ed478a24
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: PCHunter.sys
+    Product: PCHunter
+    ProductVersion: 1.0.0.4
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 819db1bed1ee2ace0a19ce67f94dfc84
+        SHA1: 0dd604290ee6a8e102aa4964d90c99d1c8bc1332
+        SHA256: 608f08d51ee0c93ea049baae3b51084ac93c2453383d22aacfbcde896d4d398a
+    SHA1: a64354aac2d68b4fa74b5829a9d42d90d83b040c
+    SHA256: 1b7fb154a7b7903a3c81f12f4b094f24a3c60a6a8cffca894c67c264ab7545fa
+    Sections:
+        .text:
+            Entropy: 6.3553477241339005
+            Virtual Size: '0x81050'
+        .rdata:
+            Entropy: 5.552306001700414
+            Virtual Size: '0xcf7c'
+        .data:
+            Entropy: 2.831777228998586
+            Virtual Size: '0x2eda8'
+        .pdata:
+            Entropy: 5.938259413904041
+            Virtual Size: '0x7860'
+        INIT:
+            Entropy: 5.080110483782868
+            Virtual Size: '0x852'
+        .rsrc:
+            Entropy: 3.4546217154700916
+            Virtual Size: '0x3b0'
+        .pchunt0:
+            Entropy: 1.7563449969203195
+            Virtual Size: '0x780'
+        .pchunt1:
+            Entropy: 7.978022918434585
+            Virtual Size: '0x166bd'
+        .reloc:
+            Entropy: 4.690928622225438
+            Virtual Size: '0x180'
+    Signature: []
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=CN, ST=, L=, O=(), CN=()
+            ValidFrom: '2015-10-16 04:47:28'
+            ValidTo: '2016-11-16 04:47:28'
+            Signature: c87f8ed5e0c37da04f8f7b193aae1974b8712e6d9740a8dc55058a576301c1783919200b621b7d674954efe2689ee641cdd2609541eea9a633277af5e3ac84fc33b681d3737d54bd45bf9405947dbfe89338577c841b148dd745c742f19775cdb6f1f456500b439b79e350b41987c671ebd6bf05eb6832fb8bde7e4aaa42d7e26d8080b41cd6181f9a0ac62bce4cb9103907f279d6c18237b4744a745bcfa118f90bd2fa3f4eed5b059faffef0f8ae7c023f2e9e8788cd071b6ceb949a00b078591988a8ab7792cb11a545c7bb079687d2defdb88a6615e0d3204c29dae9a6f19fbb3ae4c3d338522648cb1bd5399f55fa7bd01ee9041330eb6a57edcd0fc455
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 5c5d0a336ba298b9695d2cfa5a181510
+            Version: 3
+            TBS:
+                MD5: 22abfcdb0a677a41a0e98019f629e785
+                SHA1: 3c68a9e0ba9434a54c9b731fed228bb0f662f6c5
+                SHA256: 5142ab5696ee82d72ca8fc8f622adffcdb73bf2e6d6a8531d5f86ce4f823ac23
+                SHA384: 94fb388bf7369e43f7824012505050758ff9c7fff41df4d869ed3d6780c7a8875b291ca9c1b89fb68fb7b51d2febae42
+        -   Subject: C=CN, O=WoSign CA Limited, CN=WoSign Time Stamping Signer
+            ValidFrom: '2009-08-08 01:00:05'
+            ValidTo: '2024-08-08 01:00:05'
+            Signature: 7c982fbbc3d2aec22a8fa69776568632c4cd36688becd7801a3179b05e56b969ebb90b32a98326dc775d7a56b246a07d15d66df9acf835737836026022201cef188f7e66b24fe771935a2be6e58d3d5d2e274b46cb1d04f30b8c3f13a80dd4cde828e82a9c55c8e3ff9da922496ee8e7889237578060441827435818046d86c065470557555091e67350ee3f10a98f052fda6811536e1fad98f3763e85d057a3cfe4c11a4c6406a644ab4e1ee24bd5a46d71f86bcb6613a6471f212aa1ae4c89a47d2877174f888db1d15db1c4935abf22926cab678268edd721cb63bc93c4178e871925ad1754b479d2a59373bc7cbbe4800f8fccaa0ad0e49375aa6ccf497d75ec82285c73f042bf9ea6132ede6cee8003a6ee8836a01bb282e83dbba61ad511ae0a0b62d651369723175226edf1c5b62175391507e042f12a89047766ad1404d2c7d47c4f6cdd4edced8ea9f68617e7e15966bbd07ad09442ebafc154cae21aa4a9b6a5d481ca1526fa6fb4df7810048c4818bc2859669ab818f1d95e5b82fffe11d7d40436309f511d3cc86440757cd83583efb1e528760a053de9b81e70503a60e2a50188889c04cc6af21585d10cb74a6d934e82ca29e9750b42e43a4724086d805ce66a672cb61308c94fd86653b9b67fe2ea39956f71779603afb9e3cce3a1b9f101c66ebefc975cb2d1f17bfb33c665eae618f9ab3a271a2d206be6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 251f5d988182172e3c419e014fb0404c
+            Version: 3
+            TBS:
+                MD5: 626797c449e52df71f4d81ad5be6d993
+                SHA1: 58672dea8f4352d39f2021436acf155a2dcbb224
+                SHA256: 21ee871c9b6d0fdb62f442f75f9f446f5cfece9c8ed5624f5691bfd704fa90e5
+                SHA384: 4568d42f64a1f6e61ed808fa82c4cfd12a63908ac2e5fa3cf2b413ea835250c245bfd38f781f91ccca94082edce253df
+        -   Subject: C=CN, O=WoSign CA Limited, CN=WoSign Class 3 Code Signing CA
+            ValidFrom: '2009-08-08 01:00:05'
+            ValidTo: '2024-08-08 01:00:05'
+            Signature: 0e93a5712562a282627ab579eae1eaaccaa58bc7a14cdcccae1ce9ea2e88e251e5812276e9f6e06641c974e4de667ef9529912fdc59e6a85a45dc554f2221fbc786120c0fe1c1b24ff01e3dcad1379cbcc3daef43f6e35cacf5dc6053e431ea78d03dd6eabcd5c6ab8155085dab896530f557d19d9a374681a84d0c25809d6dd6ae785a5d4ac415edefda6ab798e24abed396f8f5f71990274fc427e3202202932c29006c27ed0ab065017c3acfba6b96bbeeebea41e188002ed449da2c6544dabe1b698197ee1b4ba7c2c3c4719cb4af76362665e5709a86c1eb84dec5394d781ff0c0bef080215aed8d49f5c3987d7246684a0d038904a4e994d936076f51ae28e465f5b1297b466d77c4f421623e80aed86460f6d9ae47baf37dcf380544b3b22dd902c07bdc097f2c3ec7f7cfbbe4699366e48c781e5f28c020dc07c3fc5439b700281f5b0aa7f0554c0c2309cc5c257f519b190bcd99dd62608d60c0eb268d091e3e73e274837475ed351b50e5959c9baa7cb846e0384cfec50bbeecd756d7c3a9b9afb151890b1c4a3e19819770896fcd548c455f7d3ac2058ff47c3d4fc7bae641855ab472d84e42453b000f47873cbcca622202e7ff5454d0a49aa6bae6e6624e2c40a7ea42b908e90621cf58bf14528f7614acbb48c48839ece01f3a584f4d26afd3a2568f208c5cf1c8d27c036db17136cc1da214035f866b32327
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 46bbb340fab9c17928938c93da108679
+            Version: 3
+            TBS:
+                MD5: 1a335fef744b698e4bde0dbe71df85ba
+                SHA1: 567c76a1da9fd89c9f8bc09fe4f1e8109b8794cd
+                SHA256: 86eaa893035f20d7480aba99d60c96cbe5aebb5490adef7b2d18f0da65efc238
+                SHA384: d752946329772337992b5ebd1193b60da7fee9c80d767c42c6833bbaeda23e41b4b0f156de8749f654e1a3a590a471e8
+        -   Subject: C=CN, O=WoSign CA Limited, CN=Certification Authority of WoSign
+            ValidFrom: '2015-04-29 17:12:11'
+            ValidTo: '2025-04-29 17:12:11'
+            Signature: 0c9e907a381c3c94a5f76fb3989e6f52f9cac16e59ac5e76a96251971b98be114a421c5aec81972fd19436b91ea63e2a6ca219d2124b3924e36986125a2af5d8ca331725a69d3c8ba9beba6b956e04603ff9a84d77e874aa7b6776991b797f1f64dd62858ea09559332ff81c87f0f7f3060cd13c3e9b4f1b5b4a99dd8c62f1308ef8a4900f64c303f84ec232e2c18b71977d49aebdf6770e470bf36f182318e0a03071a49afd47ee0cf36e466274504a08bae15862143d40b6744d21c347520780632a4af199e5e71e7f20d87d04e34e528e712e08ab6ec4223c0d6b6d90f3b4d861c675c0ca26d5f01d9ced505558654ef637108d212938c3dfdb98b6a76663e65675bb166a4cbc9d516745008564555fbbcbff213c0833b59c8455e22497e5deefd15336710e7be432c58da0c54d976e7ff2c7e8c951ca325114d63771667ef0668107d84c50ee0497dc93916d1fb794c7cf710e011d66b4f64cce75a74ca754ffc83bea3711b414f1a609455b28ce7ebc5074ed934fbbcd48fe378a59a72b97a097eb4c59e0907698397d4b38125aa22c00def8f3f2f7ef3a05040a905c87d47accb70917a6d557c03a8f28b70782d7add8df43a7238c95be42e923abc9c7f033a890947f80cbe75f66a342592fa4776fee2956da0a091f16f0699018c41284bfa0b6e608ce46b893168fb7e04ecb38c25d2f1078fdbe0c41825b47049f64
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 330000003965c472e0dc2bd965000000000039
+            Version: 3
+            TBS:
+                MD5: ac25a5b7bc19804fd0911884d862f25c
+                SHA1: d474e0b87ecde20a8aeaa4fa25431a620cbd4b63
+                SHA256: 1fcf929a758d423c1466d3504642ec681de44f4d3b57dcca98c637f3a46d6f12
+                SHA384: 2e0a3138431b93f42f82b9ae193de6fd9f3b9abe286c3d65e442a8aa2f67a8d27027a8622859a05f3749c2cfc7f8c6be
+        -   Subject: C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing,
+                CN=StartCom Certification Authority
+            ValidFrom: '2011-04-15 20:13:19'
+            ValidTo: '2021-04-15 20:23:19'
+            Signature: 375933ca5e487d489a5be42fdbdb59a8c61f77c0a58747e86508c6672688d95c58e2c631ac0c32b96f7cc58748db2c0a23484d0dcf1116ef60577ed5326e22de373cc7dc16f3c9ce2939fb37daf5e4e741d8a2f82db3498a601f64ef9c1364b3469a82cc650f18550776c9e9337790a644daefa64d551038316f3a58ed31486190c04615b4c0a64e5493c00db524e55017c6d62392226992e0abab297508255399959f50b65b6753aaa2ba905a6ea3e35b5c830e54426dbdb917a8205284b51a4fb24d68d2c28ff8f9ae837c24a6e6c17f9a932f2e550df87bc1be336fab0cd934585c9c40ce284a015529655d5bfd525a54591171470b3eff2c9ae931d9046a33871d2f880fc99aab14a8c20b4f8589ac25490dff54395513d6b84d6bf44aad1833bc8e0052b476c2eccd8beb60d57880844a0eb93d4d560d1b17176f60fcdbd867cd3d4082b55c567f8d274cc76d5da410b57c410c39912f41d2c6310686eb405087d8131e852f10448b7a0361693b29fedfcdd3e07d19ba3b84e34e9ad78c7cd73d9dd7fd50108f06683bd8be3bbbaa284552eadde83a334caf38c715e3e97cee83eb2a1cbdd8fdf5394e7c5f25b39349ca88e56152f0dd14f8394ead47182aefcc6b29493fd7a48e7abd6f6bee675db7b167a60055014532b842fe96fc06b9cecfcff9fb6eab728718451afce3846a414f36714c77eea3191ab87d098c01
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 6139bb9c000000000033
+            Version: 3
+            TBS:
+                MD5: 5b3304180221a8328ce477b1fd93898f
+                SHA1: 9b7f1e1653a52d801387f1e51d17fabb8d435d0c
+                SHA256: 67070bcf2ee304cedd252a1dd8a7222c1be50fd2d5eabef9446cb633e133d264
+                SHA384: be36b1ba9a006afb9eb53263634cb8ca38dd6ca7f95ec56f943324f3a26f9c34c2dff1a3a5c72c88513e23e1f20c8824
+        -   Subject: C=CN, O=WoSign CA Limited, CN=Certification Authority of WoSign
+            ValidFrom: '2006-09-17 22:46:36'
+            ValidTo: '2019-12-31 23:59:59'
+            Signature: b66df870fbe20d4c98b3074915f504c46ccacaf568a008fe126d9c0406c9ad9a91523e78c45cee9f541deee3f15e30c949e139e0a69d366c57fae6344f55e887a82cdd05f1581291e8cace28788fdf078501a5dc459605d480b22b059acb9aa58be03a67e67347be4afd27b188efe6cacf8d0e269ffa5f5778ad6dfeae9b3508b1c3bac1004a4b7d14bdf7f1d35518acd03370886dc4097114a62b4f8881e70b0037a9157d7ed701963f2faf7b62ae0a4abf4b392e35108bfe0439e43c3a0c0956403ab5f4c2680cb5f952cdee9df898fc78e758478f1c73586933abffdddf8e24017798193ab06679bce108a30e4fc104b3f301c8ebd3591c35d2931e7065827fdbcffbc8991260c3446f3a804bd7be21aa147a64cbdd3743455b322e45f0d9591f6b18f07ce9553619615fb57df18dbd88e4754b98dd27b0e484442a6184570582111faa3558f3200eaf59effa5572720d26d09b5349acce372e6561fff6ec1beaf6f1a6d3d1b57bbe35f422c1bc8d01bd685e830d2fecd6da630c27d1543ee4a8d3ce4b32b89194fffb5b492d7518a8ba719a3baed9c0a94f8791ed8b7b6b20988939834f80c469cc17c9c84ebee4a9a5817670060432cd8365f4bc7d3e13bcd2e86f63aab53bda8d863282789dd9ccffbf576474ed283d446215614bf794b00d2a671cf0cb9ba592bff8415ac13d60ed9fbbb86d9bcea96a163f7eea06f1
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 19c28530e93b36
+            Version: 3
+            TBS:
+                MD5: dd50ed7562bd4ce20df7b5c24d9f1446
+                SHA1: 188ce565932b1320e89f1c94e1b21eb49f714a6b
+                SHA256: e9c8df2dbd3edd63c701a9a6b71cf740eb8d54526dba56970712888237086691
+                SHA384: 3c0a92298ab549c53c98518786164baadde65fa06a197de4784bf34053752ce84ba6b943ae4dcc9944bb334c9e346c91
+        -   Subject: C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing,
+                CN=StartCom Certification Authority
+            ValidFrom: '2006-09-17 19:46:36'
+            ValidTo: '2036-09-17 19:46:36'
+            Signature: 166c99f4660c34f5d0855e7d0aecda104e381c5edfa625054b9132c1e83bf13ddd44095b07498a29cb6602b7b19af72598093c8e1be1dd36872b4bbb68d339663da026c7f239911d51ab827b7ed5ce5ae4e2035770699708f95e58a60adf8c069a451616380a5e57f662c77a0205e6bc1eb5f29ef4a92983f8b214e36e288744c3901ade38a93cac434d6445cedd28a95cf2737b04f817e8abb1f32e5c646e73313a12b8bcb311e47d8f81519a3b8d89f44d93667b3c03edd39a1d9af36550f5a0d0759f2faff0ea824398f8699c8979c4438e4672e3643612aff7251e388990777ec36b6ab9c3cb444bac78908be7c72c1e4b1144c8345227cd0a5d9f85c189d51a78f295105332dd80846675d9b56828fb612ebe84a838c0991286a51e6764ad062e2fa97085c7960f7c8965f58e43540eabdda580399460c034c996702ca312f51f487bbd1c7e6bb79d90f4223baef8fc2acafa8252a0efaf4b5593ebc1b5f0228bac344e262204a1872c754ab7e57d13d7b80c64c036d2c92f86128c2309c11b823b7349a36a578794e5d678c5994363e34de0772de165997269041a4709e60f015624fb1fbf0e79a9582eb9c409017e95ba6d00063eb2ea4a1039d8d02bf5bfec75bf9702c5091b08dc5537e281fb3784436220cae7564b65eafe6cc1249324a134eb05ff9a22ae9b7d3ff165510aa6306ab3f4881c800dfc728ae8835e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: '01'
+            Version: 3
+            TBS:
+                MD5: 8df2b22eaf3cd2c53b65a50b1e9bb8aa
+                SHA1: 84e608dd4cc47c78e2de0f831405996c467fc35d
+                SHA256: e6f79754976245b19b33d66ba2fb76381e96c2fe296354e73d19ef9d177a5025
+                SHA384: a8ae434f73a057427e39a002e0fbfbdb402381e82cff6c472c836c6040af688e2afa61e13785b5c533dfff728e1cd9f3
+        Signer:
+        -   SerialNumber: 5c5d0a336ba298b9695d2cfa5a181510
+            Issuer: C=CN, O=WoSign CA Limited, CN=WoSign Class 3 Code Signing CA
+            Version: 1
+    Imphash: f510a429c6ce5c8d414550518b3823d2
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/a285591e-ad3c-46a3-a648-c58589ff5efc.yaml b/yaml/a285591e-ad3c-46a3-a648-c58589ff5efc.yaml
index 840260952..741d33e7d 100644
--- a/yaml/a285591e-ad3c-46a3-a648-c58589ff5efc.yaml
+++ b/yaml/a285591e-ad3c-46a3-a648-c58589ff5efc.yaml
@@ -1,320 +1,322 @@
-Acknowledgement:
-  Handle: hfiref0x
-  Person: hfiref0x
+Id: a285591e-ad3c-46a3-a648-c58589ff5efc
+Tags:
+- amsdk.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create amsdk.sys binPath=C:\windows\temp\amsdk.sys type=kernel &&
-    sc.exe start amsdk.sys
-  Description: Vulnerable driver found in https://github.com/hfiref0x/KDU.
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-05-22'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/6f55c148bb27c14408cf0f16f344abcd63539174ac855e510a42d78cfaec451c.yara
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: a285591e-ad3c-46a3-a648-c58589ff5efc
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 89627ebd29f4ae929d7f40fd4dabead3
-    SHA1: 084553447bdbc056bbe49bad8acfaf25eb83462a
-    SHA256: 60571dbcaec96d9517e0d116d066e70ae747aa4396d7857b2eea0f4c1a5a70b4
-  Company: Copyright 2018.
-  Copyright: Copyright 2018. All rights reserved.
-  CreationTimestamp: '2019-04-23 03:04:57'
-  Date: ''
-  Description: Advanced Malware Protection
-  ExportedFunctions: ''
-  FileVersion: 3.0.0.000
-  Filename: amsdk.sys
-  ImportedFunctions:
-  - FltRegisterFilter
-  - FltUnregisterFilter
-  - FltStartFiltering
-  - FltAllocatePoolAlignedWithTag
-  - FltFreePoolAlignedWithTag
-  - FltGetFileNameInformation
-  - FltReleaseFileNameInformation
-  - FltParseFileNameInformation
-  - FltReadFile
-  - FltQueryInformationFile
-  - FltCancelFileOpen
-  - FltAllocateContext
-  - FltSetStreamHandleContext
-  - FltGetStreamHandleContext
-  - FltReleaseContext
-  - FltCreateCommunicationPort
-  - FltCloseCommunicationPort
-  - FltSendMessage
-  - FltBuildDefaultSecurityDescriptor
-  - strstr
-  - wcsstr
-  - RtlInitUnicodeString
-  - RtlCopyUnicodeString
-  - DbgPrint
-  - RtlGetVersion
-  - KeDelayExecutionThread
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - ProbeForRead
-  - ObReferenceObjectByHandle
-  - ObfDereferenceObject
-  - ZwCreateFile
-  - ZwClose
-  - RtlUpperString
-  - RtlUpcaseUnicodeString
-  - PsGetCurrentProcessId
-  - ZwOpenProcess
-  - PsLookupProcessByProcessId
-  - ObQueryNameString
-  - FsRtlIsNameInExpression
-  - PsGetProcessImageFileName
-  - ZwQueryInformationProcess
-  - __C_specific_handler
-  - strchr
-  - RtlAppendUnicodeToString
-  - KeInitializeSemaphore
-  - KeReleaseSemaphore
-  - KeWaitForSingleObject
-  - KeAcquireSpinLockRaiseToDpc
-  - KeReleaseSpinLock
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - ZwQueryInformationFile
-  - ZwWriteFile
-  - PsGetCurrentThreadId
-  - ZwDeleteFile
-  - _vsnprintf
-  - PsThreadType
-  - PsSetCreateProcessNotifyRoutine
-  - PsGetProcessSessionId
-  - RtlAppendUnicodeStringToString
-  - ZwDeleteValueKey
-  - ZwSetValueKey
-  - towupper
-  - RtlIntegerToUnicodeString
-  - KeInitializeEvent
-  - KeSetEvent
-  - KeAcquireSpinLockAtDpcLevel
-  - KeReleaseSpinLockFromDpcLevel
-  - MmProbeAndLockPages
-  - IoAllocateIrp
-  - IoAllocateMdl
-  - IofCallDriver
-  - IoFreeIrp
-  - IoFreeMdl
-  - IoGetDeviceObjectPointer
-  - IoGetRelatedDeviceObject
-  - ObCloseHandle
-  - ObfReferenceObject
-  - ZwSetInformationFile
-  - ZwReadFile
-  - ZwOpenSymbolicLinkObject
-  - ZwQuerySymbolicLinkObject
-  - IoCreateFileSpecifyDeviceObjectHint
-  - IoGetDeviceAttachmentBaseRef
-  - FsRtlGetFileSize
-  - ZwQuerySystemInformation
-  - IoFileObjectType
-  - KeReadStateEvent
-  - ExQueueWorkItem
-  - ExGetPreviousMode
-  - MmGetSystemRoutineAddress
-  - NtOpenProcess
-  - ZwCreateEvent
-  - ZwWaitForSingleObject
-  - ZwSetEvent
-  - NtQuerySystemInformation
-  - ExEventObjectType
-  - NtBuildNumber
-  - ZwDeleteKey
-  - ObReferenceObjectByName
-  - IoDriverObjectType
-  - MmIsDriverVerifying
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - RtlSetDaclSecurityDescriptor
-  - MmMapLockedPagesSpecifyCache
-  - PsGetProcessId
-  - IoThreadToProcess
-  - PsGetCurrentProcessSessionId
-  - ZwTerminateProcess
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - ZwOpenThread
-  - PsProcessType
-  - ExInterlockedInsertHeadList
-  - ExInterlockedRemoveHeadList
-  - CmRegisterCallback
-  - CmUnRegisterCallback
-  - RtlCreateRegistryKey
-  - ZwOpenKey
-  - ZwEnumerateKey
-  - ZwQueryKey
-  - ZwQueryValueKey
-  - RtlUnicodeStringToAnsiString
-  - RtlFreeAnsiString
-  - ProbeForWrite
-  - PsSetLoadImageNotifyRoutine
-  - PsRemoveLoadImageNotifyRoutine
-  - PsGetProcessSectionBaseAddress
-  - MmSystemRangeStart
-  - KeBugCheckEx
-  - IoCreateDevice
-  - ObOpenObjectByPointer
-  - ZwSetSecurityObject
-  - IoDeviceObjectType
-  - _snwprintf
-  - RtlLengthSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - RtlCreateSecurityDescriptor
-  - RtlAbsoluteToSelfRelativeSD
-  - IoIsWdmVersionAvailable
-  - SeExports
-  - wcschr
-  - _wcsnicmp
-  - RtlLengthSid
-  - RtlAddAccessAllowedAce
-  - RtlGetSaclSecurityDescriptor
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - ZwCreateKey
-  - RtlFreeUnicodeString
-  Imports:
-  - FLTMGR.SYS
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: eb525d99a31eb4fff09814e83593a494
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ZAM.exe
-  Product: Advanced Malware Protection
-  ProductVersion: 3.0.0.000
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 538cd5afb8509a14342d4a050452744b
-    SHA1: af8e1d754d89a2c862fd68cee30add8efb16ac34
-    SHA256: f3c4c4d8cba6ebe5127ccbe7eec2a8cc847c56e45b87963b1cd731aee7399677
-  SHA1: 290d6376658cf0f8182de0fae40b503098fa09fd
-  SHA256: 6f55c148bb27c14408cf0f16f344abcd63539174ac855e510a42d78cfaec451c
-  Sections:
-    .text:
-      Entropy: 6.288792032582127
-      Virtual Size: '0x21e55'
-    .hook:
-      Entropy: 5.057670405083817
-      Virtual Size: '0x9bf'
-    .rdata:
-      Entropy: 5.308796601472368
-      Virtual Size: '0x4b48'
-    .data:
-      Entropy: 4.851242079025995
-      Virtual Size: '0x53f88'
-    .pdata:
-      Entropy: 5.286849909582269
-      Virtual Size: '0xa50'
-    PAGE:
-      Entropy: 6.2717360142736265
-      Virtual Size: '0x1a47'
-    INIT:
-      Entropy: 5.316023504958503
-      Virtual Size: '0x1384'
-    .rsrc:
-      Entropy: 3.2308389214733806
-      Virtual Size: '0x348'
-    .reloc:
-      Entropy: 1.4735474069876848
-      Virtual Size: '0x234'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: OU=GlobalSign Root CA , R3, O=GlobalSign, CN=GlobalSign
-      ValidFrom: '2018-09-19 00:00:00'
-      ValidTo: '2028-01-28 12:00:00'
-      Signature: 2370e9cfe2bef559ae94426fc44333aacd3f3ab96417f262064b48f140880617a1feabd15f3cc633f2f38edd1f1d3ecc1a6099820bacc7fc7e9a872aa57d0fa657eeac3b6a85d6debd4063f8ada6c888b012fcf641df0f09971e38ea539fbe05f43eead39f501276be098bc20b487d1e2e51f68d53d3ab1f401b8a8eed7dfb4f7956705f0cd38e1bb3a7700d372b9795abdae0126b1c40cec5c77eedc26258ec77ed7322c28af5864388adea136efdd8fe422fb97d5ead18ef9490ca3d27ab26949975c7cbd37bf7ca4cd3af5121925b847d2b9f153f74cb51e89e830e166f1be746ce23bdf9e4a28bd2396baa791c912ce261242d8e2a487090c41ec5e8e070
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 01ee5f169dff97352b6465d66a
-      Version: 3
-      TBS:
-        MD5: 51c3959a45cecf3d21a3effb05762573
-        SHA1: ecfcd25fd0525448a74875ba271566bc0bfbf061
-        SHA256: de1da11668f0a8d5e13346ed3ab2755f5d25bebffcfd1d0bde5b9f87bc292c91
-        SHA384: f0eab75baf1f24a53d63bd795cd07292a312f603513c8cb0f40fe5acbdb477ed72607d309fad21471a16f6223fb3a838
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Code Signing Root R45
-      ValidFrom: '2020-07-28 00:00:00'
-      ValidTo: '2029-03-18 00:00:00'
-      Signature: acf7cc158b3079a81d0b28881909d71c7ffe86bd7b5a336e0d670e7b62d9e1185cb0bd135d1d23ae39507637aa44fd5f01235986564cccadbc64131430a420a8e03fe89c72dc7ef3d80c23baa82daa3cf6ec9f87310765f539a7518275e1f22f97f6d1e165968364fea11d51fbb5249bf5d27769bc852c5cfa5877d1aea7b10be2d677bba9b4344aa96f3df4f30d955de6f97a45b02517312edbf70f68e6831fa9f7e5d49d988cd3614b2fc3287e7ade930eb47da00a6d92c4b4663f7da758eeacf7ecc30801ab38fc0a1ca9c597b288c8090219f65c9a1af14d6c30d4b306ab0060480d78abcf17ad9293622077756cbdc832b4dc4debd9dfc1909629bdc17f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.12
-      IsCertificateAuthority: true
-      SerialNumber: 7803184245708a41cf6f01b8eeb4a954
-      Version: 3
-      TBS:
-        MD5: a33260428269bc902bc1cd280e4b1837
-        SHA1: 254209ca172cffcc67bd2a88996556d2f09538f0
-        SHA256: a67411358594f2cf016741a63fd49f36de917f86531b3e3a43eb6a421c654868
-        SHA384: fec727af43d1569995cea26e8eb97167165842a5b185304425a92c03b71254c5d51222837515f33e60cb8ed2e8c625ba
-    - Subject: ??=Private Organization, serialNumber=460726, ??=US, ??=Idaho, C=US,
-        ST=Idaho, L=Boise, ??=702 W Idaho Street Suite 1100, O=WATCHDOGDEVELOPMENT.COM,
-        LLC, CN=WATCHDOGDEVELOPMENT.COM, LLC
-      ValidFrom: '2021-04-21 14:24:27'
-      ValidTo: '2022-03-25 19:57:48'
-      Signature: 9ba0d9eef89f4e9a41f5cf68ac4fe0f024dac877c639b288bae6c89bdbcb5ea6c81f1b8bd62f53be6a880bcd072c82ac2dc99f32f56bc6b02946d0bba3ebefe29dcf49e118dcfd966b4fa9ca56a4845e61910c077fe7fbbbf56daa73a82be2ceff3a9e84b397fe97dfb407c7d9160dd92a371fb76a2d35c8ba04c94e5028b2e3354fb09dc8974298b654f7a2ec4b703cf36aa5dada972d076a5685b5e292e2521c0d1b6ead53911bbe887e49916dca7913ee57cb16da99537f2addeb1cef02465db1b72b4ed09dc275230eec1aba61848a07d34b4d271619a5a6230b73fe406cf6aae6c2d20cbf2ff7d18eb662804680c96b8d390713c22d80e6e84b3933bd519d9ecc0af19282a5ab7d4886da8e0ca6947135691bd2f891258e8ef8f913de42229d87985c96da4b58de561afacaa99800ffcaa2d386fc88d8f6f82e7442cbd51ba9f3f4e8e9d2d1752d467e1d95a06cafd4438ad8648dc3d552126a589b205269b05be5b181c93fedf0a20caab8a185663f56be9e86287db166eb49493a5789e4e95f455d4f032274a63b6e8ad8bf8534aef7a8ab80c73ff24cf42db5d4293f6d5f5c6b7262c211e767e87cbe196ec28ec820eb1e5b138c3604329ed5d0139cc8f2e049c7d416fb7a0c5a55dcd0cc5fcf8e566d644b5583e557f24244296762139a4ee1fd70be0b15402c7193996b25223dd05e9206e0290aa6e1f52f3097b3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 1f7b0de3090ee13a436315a6
-      Version: 3
-      TBS:
-        MD5: cf8f84376abaf814f76cb8332f32d76f
-        SHA1: 1103e907c83a85682befe4adba4d03b8f6c95543
-        SHA256: 8de6eae4e1479f02dc58281ad5c035e629345ff74a177e559192d03bd23e0f9f
-        SHA384: 6fba402fc6da63e224d7b775f3377322607bfda2e9f00ea3a22705921ff4a9ea40b28bc032799ca30fe000df3e429793
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign GCC R45 EV CodeSigning CA 2020
-      ValidFrom: '2020-07-28 00:00:00'
-      ValidTo: '2030-07-28 00:00:00'
-      Signature: 2575a009c939bab7a139892f189fabd6eb1d4be8947c0d07689b1c9def71b6176a6b024fb33f864587cc659b4ce35806022266d56102c5638fd4a2f1b65e250b7796e9cd7140338829eceef3a26dbc4db53e064bc97333ca08142d3d4ce8b0ba75a6742da4583a6c1349f8a5150a149685b16a68342542af9656f410fa247df12b72c116e16bebe6a998c73e5af4d0189dfd74978677462a3d237d28738aaeef2b1b9abf6c53a7149e3c8771c05e8ec8fbd32a9233ea574d5e075ecac118ac812d1a21fa6ecf97617bdf717a3aca63f7d530443732febb4385dcbafca6ca33192b776ddbcb05f07e5f752ea2b6bf35aa3663c9ce64d9bdfcbc2cf3495600c8122bc627bb37af57efc4cf1e29c4f4e22dce2a61cf57edf50a40e2f518d61ee9902fcad3875f938a481a111de537859f2e66629a5e814e95ac555743dc538b257e3c610f8a0bbaf53fa6d78ef704565e21bb9fd76a7180bf96de7203d8d8222bf327164f38e851400cae92efbe3d7df780c64c36578495a7841548300e5227088d8ea2bd22c719c9a6ca0ea87a36db6aba615f112495a4e28e68ee19a949995ed0b434bdd6f940c710973152393529118724d3c4fba963cb7748d5fa62fc24e0047a4ed0e46edece9e385026f4217165d70925d4c907007ab8c7f377e8c5d4e255d0d31ef67f52e2498db911720c88442633660144dfe4330e21de62894807daf5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 77bd0e05b7590bb61d4761531e3f75ed
-      Version: 3
-      TBS:
-        MD5: 65fd1dac1f115d9507f4e1840c8cb36a
-        SHA1: c7cf5607e19b22fe60c055e71d9b555d70f71f66
-        SHA256: d9c7db0b704f07089440c56e69a0f31d730edf77cfbf7514630e8b5390a270fe
-        SHA384: defe810317bd1215b4d1ee0ec8a5fb38b21d094ef1173cae670956cd899232638e4f9473fd947bd550a4a77300bbb2ab
-    Signer:
-    - SerialNumber: 1f7b0de3090ee13a436315a6
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign GCC R45 EV CodeSigning CA 2020
-      Version: 1
-  Imphash: ad0cdf3bab32983050527655bce40f96
-  LoadsDespiteHVCI: 'TRUE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create amsdk.sys binPath=C:\windows\temp\amsdk.sys type=kernel
+        && sc.exe start amsdk.sys
+    Description: Vulnerable driver found in https://github.com/hfiref0x/KDU.
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://github.com/magicsword-io/LOLDrivers/issues/55#issuecomment-1537161951
-Tags:
-- amsdk.sys
-Verified: 'TRUE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/6f55c148bb27c14408cf0f16f344abcd63539174ac855e510a42d78cfaec451c.yara
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: hfiref0x
+    Person: hfiref0x
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 89627ebd29f4ae929d7f40fd4dabead3
+        SHA1: 084553447bdbc056bbe49bad8acfaf25eb83462a
+        SHA256: 60571dbcaec96d9517e0d116d066e70ae747aa4396d7857b2eea0f4c1a5a70b4
+    Company: Copyright 2018.
+    Copyright: Copyright 2018. All rights reserved.
+    CreationTimestamp: '2019-04-23 03:04:57'
+    Date: ''
+    Description: Advanced Malware Protection
+    ExportedFunctions: ''
+    FileVersion: 3.0.0.000
+    Filename: amsdk.sys
+    ImportedFunctions:
+    - FltRegisterFilter
+    - FltUnregisterFilter
+    - FltStartFiltering
+    - FltAllocatePoolAlignedWithTag
+    - FltFreePoolAlignedWithTag
+    - FltGetFileNameInformation
+    - FltReleaseFileNameInformation
+    - FltParseFileNameInformation
+    - FltReadFile
+    - FltQueryInformationFile
+    - FltCancelFileOpen
+    - FltAllocateContext
+    - FltSetStreamHandleContext
+    - FltGetStreamHandleContext
+    - FltReleaseContext
+    - FltCreateCommunicationPort
+    - FltCloseCommunicationPort
+    - FltSendMessage
+    - FltBuildDefaultSecurityDescriptor
+    - strstr
+    - wcsstr
+    - RtlInitUnicodeString
+    - RtlCopyUnicodeString
+    - DbgPrint
+    - RtlGetVersion
+    - KeDelayExecutionThread
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - ProbeForRead
+    - ObReferenceObjectByHandle
+    - ObfDereferenceObject
+    - ZwCreateFile
+    - ZwClose
+    - RtlUpperString
+    - RtlUpcaseUnicodeString
+    - PsGetCurrentProcessId
+    - ZwOpenProcess
+    - PsLookupProcessByProcessId
+    - ObQueryNameString
+    - FsRtlIsNameInExpression
+    - PsGetProcessImageFileName
+    - ZwQueryInformationProcess
+    - __C_specific_handler
+    - strchr
+    - RtlAppendUnicodeToString
+    - KeInitializeSemaphore
+    - KeReleaseSemaphore
+    - KeWaitForSingleObject
+    - KeAcquireSpinLockRaiseToDpc
+    - KeReleaseSpinLock
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - ZwQueryInformationFile
+    - ZwWriteFile
+    - PsGetCurrentThreadId
+    - ZwDeleteFile
+    - _vsnprintf
+    - PsThreadType
+    - PsSetCreateProcessNotifyRoutine
+    - PsGetProcessSessionId
+    - RtlAppendUnicodeStringToString
+    - ZwDeleteValueKey
+    - ZwSetValueKey
+    - towupper
+    - RtlIntegerToUnicodeString
+    - KeInitializeEvent
+    - KeSetEvent
+    - KeAcquireSpinLockAtDpcLevel
+    - KeReleaseSpinLockFromDpcLevel
+    - MmProbeAndLockPages
+    - IoAllocateIrp
+    - IoAllocateMdl
+    - IofCallDriver
+    - IoFreeIrp
+    - IoFreeMdl
+    - IoGetDeviceObjectPointer
+    - IoGetRelatedDeviceObject
+    - ObCloseHandle
+    - ObfReferenceObject
+    - ZwSetInformationFile
+    - ZwReadFile
+    - ZwOpenSymbolicLinkObject
+    - ZwQuerySymbolicLinkObject
+    - IoCreateFileSpecifyDeviceObjectHint
+    - IoGetDeviceAttachmentBaseRef
+    - FsRtlGetFileSize
+    - ZwQuerySystemInformation
+    - IoFileObjectType
+    - KeReadStateEvent
+    - ExQueueWorkItem
+    - ExGetPreviousMode
+    - MmGetSystemRoutineAddress
+    - NtOpenProcess
+    - ZwCreateEvent
+    - ZwWaitForSingleObject
+    - ZwSetEvent
+    - NtQuerySystemInformation
+    - ExEventObjectType
+    - NtBuildNumber
+    - ZwDeleteKey
+    - ObReferenceObjectByName
+    - IoDriverObjectType
+    - MmIsDriverVerifying
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - RtlSetDaclSecurityDescriptor
+    - MmMapLockedPagesSpecifyCache
+    - PsGetProcessId
+    - IoThreadToProcess
+    - PsGetCurrentProcessSessionId
+    - ZwTerminateProcess
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - ZwOpenThread
+    - PsProcessType
+    - ExInterlockedInsertHeadList
+    - ExInterlockedRemoveHeadList
+    - CmRegisterCallback
+    - CmUnRegisterCallback
+    - RtlCreateRegistryKey
+    - ZwOpenKey
+    - ZwEnumerateKey
+    - ZwQueryKey
+    - ZwQueryValueKey
+    - RtlUnicodeStringToAnsiString
+    - RtlFreeAnsiString
+    - ProbeForWrite
+    - PsSetLoadImageNotifyRoutine
+    - PsRemoveLoadImageNotifyRoutine
+    - PsGetProcessSectionBaseAddress
+    - MmSystemRangeStart
+    - KeBugCheckEx
+    - IoCreateDevice
+    - ObOpenObjectByPointer
+    - ZwSetSecurityObject
+    - IoDeviceObjectType
+    - _snwprintf
+    - RtlLengthSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - RtlCreateSecurityDescriptor
+    - RtlAbsoluteToSelfRelativeSD
+    - IoIsWdmVersionAvailable
+    - SeExports
+    - wcschr
+    - _wcsnicmp
+    - RtlLengthSid
+    - RtlAddAccessAllowedAce
+    - RtlGetSaclSecurityDescriptor
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - ZwCreateKey
+    - RtlFreeUnicodeString
+    Imports:
+    - FLTMGR.SYS
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: eb525d99a31eb4fff09814e83593a494
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ZAM.exe
+    Product: Advanced Malware Protection
+    ProductVersion: 3.0.0.000
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 538cd5afb8509a14342d4a050452744b
+        SHA1: af8e1d754d89a2c862fd68cee30add8efb16ac34
+        SHA256: f3c4c4d8cba6ebe5127ccbe7eec2a8cc847c56e45b87963b1cd731aee7399677
+    SHA1: 290d6376658cf0f8182de0fae40b503098fa09fd
+    SHA256: 6f55c148bb27c14408cf0f16f344abcd63539174ac855e510a42d78cfaec451c
+    Sections:
+        .text:
+            Entropy: 6.288792032582127
+            Virtual Size: '0x21e55'
+        .hook:
+            Entropy: 5.057670405083817
+            Virtual Size: '0x9bf'
+        .rdata:
+            Entropy: 5.308796601472368
+            Virtual Size: '0x4b48'
+        .data:
+            Entropy: 4.851242079025995
+            Virtual Size: '0x53f88'
+        .pdata:
+            Entropy: 5.286849909582269
+            Virtual Size: '0xa50'
+        PAGE:
+            Entropy: 6.2717360142736265
+            Virtual Size: '0x1a47'
+        INIT:
+            Entropy: 5.316023504958503
+            Virtual Size: '0x1384'
+        .rsrc:
+            Entropy: 3.2308389214733806
+            Virtual Size: '0x348'
+        .reloc:
+            Entropy: 1.4735474069876848
+            Virtual Size: '0x234'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: OU=GlobalSign Root CA , R3, O=GlobalSign, CN=GlobalSign
+            ValidFrom: '2018-09-19 00:00:00'
+            ValidTo: '2028-01-28 12:00:00'
+            Signature: 2370e9cfe2bef559ae94426fc44333aacd3f3ab96417f262064b48f140880617a1feabd15f3cc633f2f38edd1f1d3ecc1a6099820bacc7fc7e9a872aa57d0fa657eeac3b6a85d6debd4063f8ada6c888b012fcf641df0f09971e38ea539fbe05f43eead39f501276be098bc20b487d1e2e51f68d53d3ab1f401b8a8eed7dfb4f7956705f0cd38e1bb3a7700d372b9795abdae0126b1c40cec5c77eedc26258ec77ed7322c28af5864388adea136efdd8fe422fb97d5ead18ef9490ca3d27ab26949975c7cbd37bf7ca4cd3af5121925b847d2b9f153f74cb51e89e830e166f1be746ce23bdf9e4a28bd2396baa791c912ce261242d8e2a487090c41ec5e8e070
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 01ee5f169dff97352b6465d66a
+            Version: 3
+            TBS:
+                MD5: 51c3959a45cecf3d21a3effb05762573
+                SHA1: ecfcd25fd0525448a74875ba271566bc0bfbf061
+                SHA256: de1da11668f0a8d5e13346ed3ab2755f5d25bebffcfd1d0bde5b9f87bc292c91
+                SHA384: f0eab75baf1f24a53d63bd795cd07292a312f603513c8cb0f40fe5acbdb477ed72607d309fad21471a16f6223fb3a838
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Code Signing Root R45
+            ValidFrom: '2020-07-28 00:00:00'
+            ValidTo: '2029-03-18 00:00:00'
+            Signature: acf7cc158b3079a81d0b28881909d71c7ffe86bd7b5a336e0d670e7b62d9e1185cb0bd135d1d23ae39507637aa44fd5f01235986564cccadbc64131430a420a8e03fe89c72dc7ef3d80c23baa82daa3cf6ec9f87310765f539a7518275e1f22f97f6d1e165968364fea11d51fbb5249bf5d27769bc852c5cfa5877d1aea7b10be2d677bba9b4344aa96f3df4f30d955de6f97a45b02517312edbf70f68e6831fa9f7e5d49d988cd3614b2fc3287e7ade930eb47da00a6d92c4b4663f7da758eeacf7ecc30801ab38fc0a1ca9c597b288c8090219f65c9a1af14d6c30d4b306ab0060480d78abcf17ad9293622077756cbdc832b4dc4debd9dfc1909629bdc17f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.12
+            IsCertificateAuthority: true
+            SerialNumber: 7803184245708a41cf6f01b8eeb4a954
+            Version: 3
+            TBS:
+                MD5: a33260428269bc902bc1cd280e4b1837
+                SHA1: 254209ca172cffcc67bd2a88996556d2f09538f0
+                SHA256: a67411358594f2cf016741a63fd49f36de917f86531b3e3a43eb6a421c654868
+                SHA384: fec727af43d1569995cea26e8eb97167165842a5b185304425a92c03b71254c5d51222837515f33e60cb8ed2e8c625ba
+        -   Subject: ??=Private Organization, serialNumber=460726, ??=US, ??=Idaho,
+                C=US, ST=Idaho, L=Boise, ??=702 W Idaho Street Suite 1100, O=WATCHDOGDEVELOPMENT.COM,
+                LLC, CN=WATCHDOGDEVELOPMENT.COM, LLC
+            ValidFrom: '2021-04-21 14:24:27'
+            ValidTo: '2022-03-25 19:57:48'
+            Signature: 9ba0d9eef89f4e9a41f5cf68ac4fe0f024dac877c639b288bae6c89bdbcb5ea6c81f1b8bd62f53be6a880bcd072c82ac2dc99f32f56bc6b02946d0bba3ebefe29dcf49e118dcfd966b4fa9ca56a4845e61910c077fe7fbbbf56daa73a82be2ceff3a9e84b397fe97dfb407c7d9160dd92a371fb76a2d35c8ba04c94e5028b2e3354fb09dc8974298b654f7a2ec4b703cf36aa5dada972d076a5685b5e292e2521c0d1b6ead53911bbe887e49916dca7913ee57cb16da99537f2addeb1cef02465db1b72b4ed09dc275230eec1aba61848a07d34b4d271619a5a6230b73fe406cf6aae6c2d20cbf2ff7d18eb662804680c96b8d390713c22d80e6e84b3933bd519d9ecc0af19282a5ab7d4886da8e0ca6947135691bd2f891258e8ef8f913de42229d87985c96da4b58de561afacaa99800ffcaa2d386fc88d8f6f82e7442cbd51ba9f3f4e8e9d2d1752d467e1d95a06cafd4438ad8648dc3d552126a589b205269b05be5b181c93fedf0a20caab8a185663f56be9e86287db166eb49493a5789e4e95f455d4f032274a63b6e8ad8bf8534aef7a8ab80c73ff24cf42db5d4293f6d5f5c6b7262c211e767e87cbe196ec28ec820eb1e5b138c3604329ed5d0139cc8f2e049c7d416fb7a0c5a55dcd0cc5fcf8e566d644b5583e557f24244296762139a4ee1fd70be0b15402c7193996b25223dd05e9206e0290aa6e1f52f3097b3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 1f7b0de3090ee13a436315a6
+            Version: 3
+            TBS:
+                MD5: cf8f84376abaf814f76cb8332f32d76f
+                SHA1: 1103e907c83a85682befe4adba4d03b8f6c95543
+                SHA256: 8de6eae4e1479f02dc58281ad5c035e629345ff74a177e559192d03bd23e0f9f
+                SHA384: 6fba402fc6da63e224d7b775f3377322607bfda2e9f00ea3a22705921ff4a9ea40b28bc032799ca30fe000df3e429793
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign GCC R45 EV CodeSigning
+                CA 2020
+            ValidFrom: '2020-07-28 00:00:00'
+            ValidTo: '2030-07-28 00:00:00'
+            Signature: 2575a009c939bab7a139892f189fabd6eb1d4be8947c0d07689b1c9def71b6176a6b024fb33f864587cc659b4ce35806022266d56102c5638fd4a2f1b65e250b7796e9cd7140338829eceef3a26dbc4db53e064bc97333ca08142d3d4ce8b0ba75a6742da4583a6c1349f8a5150a149685b16a68342542af9656f410fa247df12b72c116e16bebe6a998c73e5af4d0189dfd74978677462a3d237d28738aaeef2b1b9abf6c53a7149e3c8771c05e8ec8fbd32a9233ea574d5e075ecac118ac812d1a21fa6ecf97617bdf717a3aca63f7d530443732febb4385dcbafca6ca33192b776ddbcb05f07e5f752ea2b6bf35aa3663c9ce64d9bdfcbc2cf3495600c8122bc627bb37af57efc4cf1e29c4f4e22dce2a61cf57edf50a40e2f518d61ee9902fcad3875f938a481a111de537859f2e66629a5e814e95ac555743dc538b257e3c610f8a0bbaf53fa6d78ef704565e21bb9fd76a7180bf96de7203d8d8222bf327164f38e851400cae92efbe3d7df780c64c36578495a7841548300e5227088d8ea2bd22c719c9a6ca0ea87a36db6aba615f112495a4e28e68ee19a949995ed0b434bdd6f940c710973152393529118724d3c4fba963cb7748d5fa62fc24e0047a4ed0e46edece9e385026f4217165d70925d4c907007ab8c7f377e8c5d4e255d0d31ef67f52e2498db911720c88442633660144dfe4330e21de62894807daf5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 77bd0e05b7590bb61d4761531e3f75ed
+            Version: 3
+            TBS:
+                MD5: 65fd1dac1f115d9507f4e1840c8cb36a
+                SHA1: c7cf5607e19b22fe60c055e71d9b555d70f71f66
+                SHA256: d9c7db0b704f07089440c56e69a0f31d730edf77cfbf7514630e8b5390a270fe
+                SHA384: defe810317bd1215b4d1ee0ec8a5fb38b21d094ef1173cae670956cd899232638e4f9473fd947bd550a4a77300bbb2ab
+        Signer:
+        -   SerialNumber: 1f7b0de3090ee13a436315a6
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign GCC R45 EV CodeSigning
+                CA 2020
+            Version: 1
+    Imphash: ad0cdf3bab32983050527655bce40f96
+    LoadsDespiteHVCI: 'TRUE'
diff --git a/yaml/a2c3f6e9-25a5-4b75-8c6b-ad2d4e155822.yaml b/yaml/a2c3f6e9-25a5-4b75-8c6b-ad2d4e155822.yaml
index ff10d53d8..b37cab56c 100644
--- a/yaml/a2c3f6e9-25a5-4b75-8c6b-ad2d4e155822.yaml
+++ b/yaml/a2c3f6e9-25a5-4b75-8c6b-ad2d4e155822.yaml
@@ -1,196 +1,197 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: a2c3f6e9-25a5-4b75-8c6b-ad2d4e155822
+Tags:
+- directio.sys
+Verified: 'TRUE'
 Author: Michael Haag
+Created: '2023-07-22'
+MitreID: T1068
 CVE:
 - ''
 Category: vulnerable drivers
 Commands:
-  Command: ''
-  Description: Confirmed vulnerable driver from Microsoft Block List
-  OperatingSystem: Windows
-  Privileges: kernel
-  Usecase: Elevate privileges
-Created: '2023-07-22'
-Detection:
-- type: ''
-  value: ''
-Id: a2c3f6e9-25a5-4b75-8c6b-ad2d4e155822
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 6f37ada0b6fac68e49db4573cca8a982
-    SHA1: ebf8c7dc8292950acc260a0e473678ae3c56b210
-    SHA256: 43b7715e38449bf82ad0bb6b11d03da42150c1ee23148c5f396cc4ab1001622d
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2010-06-29 18:26:39'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - IoAllocateErrorLogEntry
-  - DbgPrint
-  - ZwCreateFile
-  - IofCallDriver
-  - ZwOpenKey
-  - IoGetDeviceObjectPointer
-  - ZwQueryValueKey
-  - ZwUnmapViewOfSection
-  - ExAllocatePoolWithTag
-  - ExAllocatePool
-  - IoWriteErrorLogEntry
-  - ZwClose
-  - IoBuildDeviceIoControlRequest
-  - RtlAppendUnicodeStringToString
-  - IoDeleteSymbolicLink
-  - IofCompleteRequest
-  - ExFreePoolWithTag
-  - ObReferenceObjectByHandle
-  - KeWaitForSingleObject
-  - RtlWriteRegistryValue
-  - NtBuildNumber
-  - ZwMapViewOfSection
-  - IoCreateSymbolicLink
-  - RtlInitUnicodeString
-  - ObfDereferenceObject
-  - RtlIntegerToUnicodeString
-  - IoDeleteDevice
-  - IoCreateDevice
-  - RtlAppendUnicodeToString
-  - MmGetPhysicalMemoryRanges
-  - KeInitializeEvent
-  - RtlQueryRegistryValues
-  - ZwWriteFile
-  - ZwOpenSection
-  - ObReferenceObjectByPointer
-  - PsGetProcessId
-  - KeQueryActiveProcessors
-  - KeLeaveCriticalRegion
-  - MmGetSystemRoutineAddress
-  - KdSystemDebugControl
-  - KeEnterCriticalRegion
-  - KdDebuggerEnabled
-  - KeBugCheckEx
-  Imports:
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: 6ba44f6ab055d6827a3ba43b215a7e13
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 8193c37da7962d923239cec2ac2dc04b
-    SHA1: 350f748608e3f21d4329c72bbaec93c5b26a5613
-    SHA256: 916a2d46d6b3fca2c7a378ae3b1c286d278a561bfa67dcba045e66e007682657
-  SHA1: 750f1e91d04c25aff8825fb2e3b8341212a431f0
-  SHA256: e6a7a497010579fde69cd52bed8de28db610c33bbc5ce0774459dcf64657b802
-  Sections:
-    .text:
-      Entropy: 5.917471028336092
-      Virtual Size: '0x31b4'
-    .rdata:
-      Entropy: 4.1902561805972045
-      Virtual Size: '0x2e8'
-    .data:
-      Entropy: 0.8808638227277628
-      Virtual Size: '0x130'
-    .pdata:
-      Entropy: 3.611861232997776
-      Virtual Size: '0xa8'
-    INIT:
-      Entropy: 5.103288754954153
-      Virtual Size: '0x5b6'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=AU, ST=NSW, O=PassMark Software Pty Ltd, OU=Digital ID Class 3 ,
-        Microsoft Software Validation v2, CN=PassMark Software Pty Ltd
-      ValidFrom: '2009-09-22 00:00:00'
-      ValidTo: '2012-10-18 23:59:59'
-      Signature: b7f68f477ab8836d5a2eaa9eaf9449186c71f90679d58058c558928f1ad7c76398511ce520afd6dce66540f536c377f824cf5b84fd60f83ead01a592fbce29cc51cca7da2fe8b50e89bc6999104fb406db3b878a7f9f148c767b668b84fcba161c1c14215de332cfcfc2fa52bce1543341231dd345b41da888372d4a2f82711f6125e029fd71859711bccd6b600247a440b6603296cfa9451e6ec81d51b1b7512705461af59e23e0423ba441c68025359a6e591c6370fa516188f8d720a16c6c7b24e975a204fbe5a3b8236443813e993d717df40642fe7d88d85aa1a51b47a3a05232da19c8f2de4144aa11d4577379c794ef9a48d60fc40f8793d5273a25da
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 38e7fa0db1a398f805bb85a69171dc9d
-      Version: 3
-      TBS:
-        MD5: 159feaed9447c7d71653069c337ec2b3
-        SHA1: 5079a8aa946ee016c86153d4456f58277360c036
-        SHA256: e76ee5754b8da5b514befb3a89eed638de08605326a1e611ddbed9e864551abf
-        SHA384: 9830194c19654f1196e74505a987588c36aa700489f3f482f1ad017bba6e39ebf9be18ab153da8cd9f8a672801820a87
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 38e7fa0db1a398f805bb85a69171dc9d
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  Imphash: 81b3081f25ad1a83f2f6dc05c8e83aec
-  LoadsDespiteHVCI: 'FALSE'
-MitreID: T1068
+    Command: ''
+    Description: Confirmed vulnerable driver from Microsoft Block List
+    OperatingSystem: Windows
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://gist.github.com/mgraeber-rc/1bde6a2a83237f17b463d051d32e802c
-Tags:
-- directio.sys
-Verified: 'TRUE'
+Detection:
+-   type: ''
+    value: ''
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 6f37ada0b6fac68e49db4573cca8a982
+        SHA1: ebf8c7dc8292950acc260a0e473678ae3c56b210
+        SHA256: 43b7715e38449bf82ad0bb6b11d03da42150c1ee23148c5f396cc4ab1001622d
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2010-06-29 18:26:39'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - IoAllocateErrorLogEntry
+    - DbgPrint
+    - ZwCreateFile
+    - IofCallDriver
+    - ZwOpenKey
+    - IoGetDeviceObjectPointer
+    - ZwQueryValueKey
+    - ZwUnmapViewOfSection
+    - ExAllocatePoolWithTag
+    - ExAllocatePool
+    - IoWriteErrorLogEntry
+    - ZwClose
+    - IoBuildDeviceIoControlRequest
+    - RtlAppendUnicodeStringToString
+    - IoDeleteSymbolicLink
+    - IofCompleteRequest
+    - ExFreePoolWithTag
+    - ObReferenceObjectByHandle
+    - KeWaitForSingleObject
+    - RtlWriteRegistryValue
+    - NtBuildNumber
+    - ZwMapViewOfSection
+    - IoCreateSymbolicLink
+    - RtlInitUnicodeString
+    - ObfDereferenceObject
+    - RtlIntegerToUnicodeString
+    - IoDeleteDevice
+    - IoCreateDevice
+    - RtlAppendUnicodeToString
+    - MmGetPhysicalMemoryRanges
+    - KeInitializeEvent
+    - RtlQueryRegistryValues
+    - ZwWriteFile
+    - ZwOpenSection
+    - ObReferenceObjectByPointer
+    - PsGetProcessId
+    - KeQueryActiveProcessors
+    - KeLeaveCriticalRegion
+    - MmGetSystemRoutineAddress
+    - KdSystemDebugControl
+    - KeEnterCriticalRegion
+    - KdDebuggerEnabled
+    - KeBugCheckEx
+    Imports:
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: 6ba44f6ab055d6827a3ba43b215a7e13
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 8193c37da7962d923239cec2ac2dc04b
+        SHA1: 350f748608e3f21d4329c72bbaec93c5b26a5613
+        SHA256: 916a2d46d6b3fca2c7a378ae3b1c286d278a561bfa67dcba045e66e007682657
+    SHA1: 750f1e91d04c25aff8825fb2e3b8341212a431f0
+    SHA256: e6a7a497010579fde69cd52bed8de28db610c33bbc5ce0774459dcf64657b802
+    Sections:
+        .text:
+            Entropy: 5.917471028336092
+            Virtual Size: '0x31b4'
+        .rdata:
+            Entropy: 4.1902561805972045
+            Virtual Size: '0x2e8'
+        .data:
+            Entropy: 0.8808638227277628
+            Virtual Size: '0x130'
+        .pdata:
+            Entropy: 3.611861232997776
+            Virtual Size: '0xa8'
+        INIT:
+            Entropy: 5.103288754954153
+            Virtual Size: '0x5b6'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=AU, ST=NSW, O=PassMark Software Pty Ltd, OU=Digital ID Class
+                3 , Microsoft Software Validation v2, CN=PassMark Software Pty Ltd
+            ValidFrom: '2009-09-22 00:00:00'
+            ValidTo: '2012-10-18 23:59:59'
+            Signature: b7f68f477ab8836d5a2eaa9eaf9449186c71f90679d58058c558928f1ad7c76398511ce520afd6dce66540f536c377f824cf5b84fd60f83ead01a592fbce29cc51cca7da2fe8b50e89bc6999104fb406db3b878a7f9f148c767b668b84fcba161c1c14215de332cfcfc2fa52bce1543341231dd345b41da888372d4a2f82711f6125e029fd71859711bccd6b600247a440b6603296cfa9451e6ec81d51b1b7512705461af59e23e0423ba441c68025359a6e591c6370fa516188f8d720a16c6c7b24e975a204fbe5a3b8236443813e993d717df40642fe7d88d85aa1a51b47a3a05232da19c8f2de4144aa11d4577379c794ef9a48d60fc40f8793d5273a25da
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 38e7fa0db1a398f805bb85a69171dc9d
+            Version: 3
+            TBS:
+                MD5: 159feaed9447c7d71653069c337ec2b3
+                SHA1: 5079a8aa946ee016c86153d4456f58277360c036
+                SHA256: e76ee5754b8da5b514befb3a89eed638de08605326a1e611ddbed9e864551abf
+                SHA384: 9830194c19654f1196e74505a987588c36aa700489f3f482f1ad017bba6e39ebf9be18ab153da8cd9f8a672801820a87
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 38e7fa0db1a398f805bb85a69171dc9d
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    Imphash: 81b3081f25ad1a83f2f6dc05c8e83aec
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/a338a9fc-9fe3-400c-9fe4-69bb7892602d.yaml b/yaml/a338a9fc-9fe3-400c-9fe4-69bb7892602d.yaml
index 360322fd6..ff55e518c 100644
--- a/yaml/a338a9fc-9fe3-400c-9fe4-69bb7892602d.yaml
+++ b/yaml/a338a9fc-9fe3-400c-9fe4-69bb7892602d.yaml
@@ -1,172 +1,173 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: a338a9fc-9fe3-400c-9fe4-69bb7892602d
+Tags:
+- UCOREW64.SYS
+Verified: 'TRUE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create UCOREW64.SYS binPath=C:\windows\temp\UCOREW64.SYS type=kernel
-    && sc.exe start UCOREW64.SYS
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection: []
-Id: a338a9fc-9fe3-400c-9fe4-69bb7892602d
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 6957cb828dd243621e2e67c948171264
-    SHA1: c55173b926235b8678bddb9b49a1a8b9a92a1ada
-    SHA256: f9c290ffc007e94fb61aecff42d267c1e626ec7939025b1a7d7285441d1c490d
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2008-04-22 05:01:50'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: UCOREW64.SYS
-  ImportedFunctions:
-  - MmMapLockedPages
-  - MmBuildMdlForNonPagedPool
-  - IoAllocateMdl
-  - MmGetPhysicalAddress
-  - MmIsAddressValid
-  - MmAllocateContiguousMemory
-  - DbgPrint
-  - MmUnmapLockedPages
-  - MmMapIoSpace
-  - MmUnmapIoSpace
-  - IoFreeMdl
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - RtlInitUnicodeString
-  - ZwUnmapViewOfSection
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - ZwClose
-  - MmFreeContiguousMemory
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: a17c58c0582ee560c72f60764ed63224
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 6acaf901cdbe1b7ccb7ac8f25cddac3b
-    SHA1: d2e07f98c23fa821659b14533fa1734b478fb627
-    SHA256: c820b388e3fb5223c2ce1b6b764aca527b34b3335ec7c20a408946dc26b4c1ef
-  SHA1: bbc0b9fd67c8f4cefa3d76fcb29ff3cef996b825
-  SHA256: a7c8f4faf3cbb088cac7753d81f8ec4c38ccb97cd9da817741f49272e8d01200
-  Sections:
-    .text:
-      Entropy: 6.361965845410384
-      Virtual Size: '0x18d0'
-    .pdata:
-      Entropy: 3.4274538707186792
-      Virtual Size: '0x90'
-    INIT:
-      Entropy: 4.624071499789533
-      Virtual Size: '0x31a'
-  Signature:
-  - American Megatrends, Inc.
-  - VeriSign Class 3 Code Signing 2004 CA
-  - VeriSign Class 3 Public Primary CA
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=US, ST=Georgia, L=Norcross, O=American Megatrends, Inc., OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=Headquarters, CN=American
-        Megatrends, Inc.
-      ValidFrom: '2006-09-30 00:00:00'
-      ValidTo: '2009-11-16 23:59:59'
-      Signature: 7cb6b8f10c441fc01d130c6ae39a287be5cb175f02ae6c214f0034c77f262006f866180e4db8619079a50fef4fde71927b061ef79f3d0e1be1bba040afd81f202bb10892ce7a0549506158a1d15067dd7a82488cc4bd2c3f408ee928c85117ee0d080d9dc24b571b5d75e3ef1e87d3d6b755ab6f9c07ff92e3b2d515ab1219424bf288aed36595d534d91b905b80378c02bd470dd0fb8150888cd0ac3c98cd62becd7c274469167be833f226b05b822d875efa40863faa10e358edd17e3f4d1ee7d62590d1d3e26e9c953be9e1d9a309990e0bb9c06cdfaa89f7b021aaa8d933440d432eab2e7676bda57841b3e7a8933da8b1e047e9cde29ea89b62b4eb48b8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 08dfd80b2826716554b1fb8cfa5043d7
-      Version: 3
-      TBS:
-        MD5: 960327b70b290ec28fa2e85cbb7a41fa
-        SHA1: a2ac59e0c82196d6661212232bd3bcf0588e40ea
-        SHA256: 8bb26b4dc7c105fd9cdd0604cedbf3647a700dc4ddadcad839d8e27312253e73
-        SHA384: 7cfe0dfecc1d1abfa204d28c446f706736b73a35cb37e4c2a40c7f3b68eef14ebfb665a6f23e3c0413cd8caf5979607e
-    Signer:
-    - SerialNumber: 08dfd80b2826716554b1fb8cfa5043d7
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  Imphash: 0dcd262801389f839ce909cb173448e2
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create UCOREW64.SYS binPath=C:\windows\temp\UCOREW64.SYS type=kernel
+        && sc.exe start UCOREW64.SYS
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://github.com/eclypsium/Screwed-Drivers/blob/master/DRIVERS.md
-Tags:
-- UCOREW64.SYS
-Verified: 'TRUE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 6957cb828dd243621e2e67c948171264
+        SHA1: c55173b926235b8678bddb9b49a1a8b9a92a1ada
+        SHA256: f9c290ffc007e94fb61aecff42d267c1e626ec7939025b1a7d7285441d1c490d
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2008-04-22 05:01:50'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: UCOREW64.SYS
+    ImportedFunctions:
+    - MmMapLockedPages
+    - MmBuildMdlForNonPagedPool
+    - IoAllocateMdl
+    - MmGetPhysicalAddress
+    - MmIsAddressValid
+    - MmAllocateContiguousMemory
+    - DbgPrint
+    - MmUnmapLockedPages
+    - MmMapIoSpace
+    - MmUnmapIoSpace
+    - IoFreeMdl
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - RtlInitUnicodeString
+    - ZwUnmapViewOfSection
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - ZwClose
+    - MmFreeContiguousMemory
+    - HalTranslateBusAddress
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: a17c58c0582ee560c72f60764ed63224
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 6acaf901cdbe1b7ccb7ac8f25cddac3b
+        SHA1: d2e07f98c23fa821659b14533fa1734b478fb627
+        SHA256: c820b388e3fb5223c2ce1b6b764aca527b34b3335ec7c20a408946dc26b4c1ef
+    SHA1: bbc0b9fd67c8f4cefa3d76fcb29ff3cef996b825
+    SHA256: a7c8f4faf3cbb088cac7753d81f8ec4c38ccb97cd9da817741f49272e8d01200
+    Sections:
+        .text:
+            Entropy: 6.361965845410384
+            Virtual Size: '0x18d0'
+        .pdata:
+            Entropy: 3.4274538707186792
+            Virtual Size: '0x90'
+        INIT:
+            Entropy: 4.624071499789533
+            Virtual Size: '0x31a'
+    Signature:
+    - American Megatrends, Inc.
+    - VeriSign Class 3 Code Signing 2004 CA
+    - VeriSign Class 3 Public Primary CA
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=US, ST=Georgia, L=Norcross, O=American Megatrends, Inc., OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, OU=Headquarters, CN=American
+                Megatrends, Inc.
+            ValidFrom: '2006-09-30 00:00:00'
+            ValidTo: '2009-11-16 23:59:59'
+            Signature: 7cb6b8f10c441fc01d130c6ae39a287be5cb175f02ae6c214f0034c77f262006f866180e4db8619079a50fef4fde71927b061ef79f3d0e1be1bba040afd81f202bb10892ce7a0549506158a1d15067dd7a82488cc4bd2c3f408ee928c85117ee0d080d9dc24b571b5d75e3ef1e87d3d6b755ab6f9c07ff92e3b2d515ab1219424bf288aed36595d534d91b905b80378c02bd470dd0fb8150888cd0ac3c98cd62becd7c274469167be833f226b05b822d875efa40863faa10e358edd17e3f4d1ee7d62590d1d3e26e9c953be9e1d9a309990e0bb9c06cdfaa89f7b021aaa8d933440d432eab2e7676bda57841b3e7a8933da8b1e047e9cde29ea89b62b4eb48b8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 08dfd80b2826716554b1fb8cfa5043d7
+            Version: 3
+            TBS:
+                MD5: 960327b70b290ec28fa2e85cbb7a41fa
+                SHA1: a2ac59e0c82196d6661212232bd3bcf0588e40ea
+                SHA256: 8bb26b4dc7c105fd9cdd0604cedbf3647a700dc4ddadcad839d8e27312253e73
+                SHA384: 7cfe0dfecc1d1abfa204d28c446f706736b73a35cb37e4c2a40c7f3b68eef14ebfb665a6f23e3c0413cd8caf5979607e
+        Signer:
+        -   SerialNumber: 08dfd80b2826716554b1fb8cfa5043d7
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    Imphash: 0dcd262801389f839ce909cb173448e2
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/a3c52cbe-90ca-432c-9520-761b60e7d9cb.yaml b/yaml/a3c52cbe-90ca-432c-9520-761b60e7d9cb.yaml
index c96175626..c5333cae9 100644
--- a/yaml/a3c52cbe-90ca-432c-9520-761b60e7d9cb.yaml
+++ b/yaml/a3c52cbe-90ca-432c-9520-761b60e7d9cb.yaml
@@ -1,1697 +1,1705 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: a3c52cbe-90ca-432c-9520-761b60e7d9cb
+Tags:
+- AODDriver.sys
+Verified: 'TRUE'
 Author: Takahiro Haruyama
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create AODDriversys binPath= C:\windows\temp\AODDriversys.sys type=kernel
-    && sc.exe start AODDriversys
-  Description: The Carbon Black Threat Analysis Unit (TAU) discovered 34 unique vulnerable
-    drivers (237 file hashes) accepting firmware access. Six allow kernel memory access.
-    All give full control of the devices to non-admin users. By exploiting the vulnerable
-    drivers, an attacker without the system privilege may erase/alter firmware, and/or
-    elevate privileges. As of the time of writing in October 2023, the filenames of
-    the vulnerable drivers have not been made public until now.
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-11-02'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: a3c52cbe-90ca-432c-9520-761b60e7d9cb
-KnownVulnerableSamples:
-- Company: Advanced Micro Devices
-  Date: ''
-  Description: AMD OverDrive Service Driver
-  FileVersion: '4.2.0 built by: WinDDK'
-  Filename: ''
-  MD5: 2faa725dd9bb22b2100e3010f8a72182
-  MachineType: I386
-  OriginalFilename: AODDriver2.sys
-  Product: AMD OverDrive Service Driver
-  ProductVersion: 4.2.0
-  Publisher: ''
-  SHA1: 5ce273aa80ed3b0394e593a999059096682736ae
-  SHA256: 070ff602cccaaef9e2b094e03983fd7f1bf0c0326612eb76593eabbf1bda9103
-  Signature: ''
-  Imphash: 48028b3b694466c1c0eb1d91ef5c02cb
-  Authentihash:
-    MD5: 28eeecde23e284924186b1c40f263fb1
-    SHA1: 84a576d26cfb5dac55308ab00c3b6a5558f162ca
-    SHA256: 42f468244050bafdcfc061c0eb468fd78267f93404b8703353d68fdca8b4355e
-  RichPEHeaderHash:
-    MD5: cf562e2b6816b28c3f2b643926edbdc6
-    SHA1: 5d846f8e38c47c50502ecf7956350a9b57a899ce
-    SHA256: 0cb77c25ac0071844595a395458ade87e448e27fe1e27f4552c367ff175d92ce
-  Sections:
-    .text:
-      Entropy: 6.345833281265631
-      Virtual Size: '0x6a58'
-    .rdata:
-      Entropy: 4.147807313596107
-      Virtual Size: '0x404'
-    .data:
-      Entropy: 2.753667292506314
-      Virtual Size: '0x20928'
-    PAGE:
-      Entropy: 6.275414385698134
-      Virtual Size: '0x13d3'
-    INIT:
-      Entropy: 5.698144849789103
-      Virtual Size: '0x666'
-    .rsrc:
-      Entropy: 3.279344075574124
-      Virtual Size: '0x3b0'
-    .reloc:
-      Entropy: 5.619199574410783
-      Virtual Size: '0x80a'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2012-11-21 00:46:49'
-  InternalName: AODDriver2.sys
-  Copyright: "Copyright \xA9 2012 AMD, Inc."
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - MmMapLockedPagesSpecifyCache
-  - MmMapIoSpace
-  - DbgPrint
-  - KeDelayExecutionThread
-  - memcpy
-  - strncmp
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - IofCompleteRequest
-  - KeLeaveCriticalRegion
-  - MmUnmapIoSpace
-  - _allshl
-  - _aullshr
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - IoCreateSymbolicLink
-  - KeTickCount
-  - KeBugCheckEx
-  - memset
-  - IoAllocateMdl
-  - MmBuildMdlForNonPagedPool
-  - MmUnmapLockedPages
-  - IoFreeMdl
-  - KeEnterCriticalRegion
-  - MmGetSystemRoutineAddress
-  - ZwClose
-  - ZwSetSecurityObject
-  - ObOpenObjectByPointer
-  - IoDeviceObjectType
-  - IoCreateDevice
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetSaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - _snwprintf
-  - RtlLengthSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - SeExports
-  - IoIsWdmVersionAvailable
-  - _wcsnicmp
-  - RtlAddAccessAllowedAce
-  - RtlLengthSid
-  - wcschr
-  - RtlAbsoluteToSelfRelativeSD
-  - RtlSetDaclSecurityDescriptor
-  - RtlCreateSecurityDescriptor
-  - ZwOpenKey
-  - ZwCreateKey
-  - ZwQueryValueKey
-  - ZwSetValueKey
-  - RtlFreeUnicodeString
-  - READ_PORT_UCHAR
-  - WRITE_PORT_USHORT
-  - READ_PORT_USHORT
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  - WRITE_PORT_UCHAR
-  - WRITE_PORT_ULONG
-  - READ_PORT_ULONG
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=US, ST=Texas, L=Austin, O=Advanced Micro Devices, Inc., OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=Developer Systems Support,
-        CN=Advanced Micro Devices, Inc.
-      ValidFrom: '2010-04-13 00:00:00'
-      ValidTo: '2013-04-24 23:59:59'
-      Signature: 28ede95334981f3dec776403807d9b2f331cf8c03253ae13872a2cb0c9f95d7bee70f53f8554b2fb78d8e51ade631b2842ae88f6667bef6dce764531cf92c1c15f6750059c4cdc40e011d5cabbe41417d2473e70bf332df709a6ffe79a78058d1833bdb92aeab6143cbb9b6295506ad5babef53246beb4aa1ff50c2b80a389828dd10e2f8b45eac2dad9e53f11bb1ea07955ce049e3f8dc5f65f403f503e7bcd8fbdd9e79a0d54cc384edf6d70299929901a4fea7795b5ff8fb91b8f21f1178795679601a62190233ad918ef304c32f07592fc5e37de5f556b8962f1024d7bad187a3ee9b28ef0a22277bc51423d7714598a469bcabbc1a44f47b40e83d43664
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 30ac31a0f3257e0b0cabcbadeba5534c
-      Version: 3
-      TBS:
-        MD5: c57ab6c4a315c3e64b5f571ad90cc9ba
-        SHA1: 4d719c5e6fc053d4fbce935cde7bccae6d5df476
-        SHA256: b48a4bfe89e6334cb2cdec4b69e68f86ddea6792cce7d04cfafb35cfef322d55
-        SHA384: 7e2cdde91aa8144c99ec10257cfd0b97f328be961eecd8fdf682f009db1d241f7159a61546fedcadc6d9c29ea64b715e
-    Signer:
-    - SerialNumber: 30ac31a0f3257e0b0cabcbadeba5534c
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: ''
-  MD5: 03c9d5f24fd65ad57de2d8a2c7960a70
-  MachineType: I386
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: e5bfb18f63fcfb7dc09b0292602112ea7837ef7a
-  SHA256: 33d7046a5d41f4010ad5df632577154ed223dac2ab0ca2da57dbf1724db45a57
-  Signature: ''
-  Imphash: 30c0ed518c03fa46fa0bfe76f2db0e42
-  Authentihash:
-    MD5: f431c34b502d259aa61092efb68bea83
-    SHA1: d4cb7f2539b32d0445dc1fb21c022e244fe8a7e7
-    SHA256: cb3dd0482092eb019dc11797dcf09f69fb3f06330e1fba0047678b226b57c2cd
-  RichPEHeaderHash:
-    MD5: e05185bbeea3ae7160d3f3360a7ba693
-    SHA1: f1d8734b79d02b2f2107bd538efe879ab3d12be2
-    SHA256: 502f51c76faf81cc365d9aaa0235137a67d05492ce5ec81ecdb62f097bc1d6d7
-  Sections:
-    .text:
-      Entropy: 6.452178872181208
-      Virtual Size: '0x85e'
-    .rdata:
-      Entropy: 4.289115492033144
-      Virtual Size: '0xd7'
-    .data:
-      Entropy: 3.0560579622127317
-      Virtual Size: '0x58'
-    INIT:
-      Entropy: 5.339345499877285
-      Virtual Size: '0x2c2'
-    .reloc:
-      Entropy: 3.8816129331502913
-      Virtual Size: '0xb8'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2007-10-11 01:52:30'
-  InternalName: ''
-  Copyright: ''
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - IofCompleteRequest
-  - IoCreateDevice
-  - KeTickCount
-  - DbgPrint
-  - MmMapIoSpace
-  - IoAllocateMdl
-  - MmBuildMdlForNonPagedPool
-  - MmMapLockedPages
-  - MmUnmapIoSpace
-  - MmUnmapLockedPages
-  - IoCreateSymbolicLink
-  - IoFreeMdl
-  - WRITE_PORT_USHORT
-  - WRITE_PORT_UCHAR
-  - READ_PORT_ULONG
-  - READ_PORT_USHORT
-  - READ_PORT_UCHAR
-  - HalGetBusDataByOffset
-  - HalSetBusDataByOffset
-  - WRITE_PORT_ULONG
-  Signatures: {}
-  LoadsDespiteHVCI: 'FALSE'
-- Company: Advanced Micro Devices
-  Date: ''
-  Description: AMD OverDrive Service Driver
-  FileVersion: '3.1.0 built by: WinDDK'
-  Filename: ''
-  MD5: 43ed1d08c19626688db34f63e55114fb
-  MachineType: AMD64
-  OriginalFilename: AODDriver.sys
-  Product: AMD OverDrive Service Driver
-  ProductVersion: 3.1.0
-  Publisher: ''
-  SHA1: 0f2fdfb249c260c892334e62ab77ac88fcb8b5e4
-  SHA256: 3c11dec1571253594d64619d8efc8c0212897be84a75a8646c578e665f58bf5d
-  Signature: ''
-  Imphash: 7716b766e630388f64de1961719be3d4
-  Authentihash:
-    MD5: f3a6f467fb2f1a7f65285aa0e4d24990
-    SHA1: fc8f64827ea4a6a787ea304f3dfc599ec1cd935a
-    SHA256: 2381e9fc518488f51e3ec49d5ca4e59d10727d20678067ca147e50b0c4294f9a
-  RichPEHeaderHash:
-    MD5: 4b7abf8a2b876e7a0cfb31a545f93905
-    SHA1: ea9e8b33f0974ee05802b3a4048bb4abd2338c1d
-    SHA256: 3e994a531dab8425b1e3a06f3b06b555cb68bed46665bb2c7ecdfbe0f8f1d76b
-  Sections:
-    .text:
-      Entropy: 5.509930238195589
-      Virtual Size: '0x24ac'
-    .rdata:
-      Entropy: 3.889894025473051
-      Virtual Size: '0x190'
-    .data:
-      Entropy: 1.2478157323570183
-      Virtual Size: '0x184'
-    .pdata:
-      Entropy: 3.2784012760465573
-      Virtual Size: '0x90'
-    INIT:
-      Entropy: 4.922009201916293
-      Virtual Size: '0x300'
-    .rsrc:
-      Entropy: 3.249834790290215
-      Virtual Size: '0x3a8'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2009-09-02 20:41:48'
-  InternalName: AODDriver.sys
-  Copyright: Copyright 2009 AMD, Inc.
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - MmBuildMdlForNonPagedPool
-  - IoFreeMdl
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - MmAllocateContiguousMemorySpecifyCache
-  - MmUnmapIoSpace
-  - IoAllocateMdl
-  - MmUnmapLockedPages
-  - IoDeleteSymbolicLink
-  - MmFreeContiguousMemorySpecifyCache
-  - MmMapLockedPages
-  - KeBugCheckEx
-  - IoDeleteDevice
-  - DbgPrint
-  - RtlInitUnicodeString
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=US, ST=Texas, L=Austin, O=Advanced Micro Devices, Inc., OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=Developer Systems Support,
-        CN=Advanced Micro Devices, Inc.
-      ValidFrom: '2009-03-16 00:00:00'
-      ValidTo: '2010-04-25 23:59:59'
-      Signature: 3e4ab0d305f4d1d51e1a4a3eb11333809b402b73d0aa7b85bf2441dca235e6dc1593ca4911caf8aa005d7354f3cc77ac4772753a326000c07fd110d3fa9f54780f2e1c22b092015b05399db9f8267bfa686a7663d7ca7e9ac2d918fbbed2be29d33295267ffb0c4f8ace264c25d2c3f3a60bf9cc43b37790a15f3285bb0c10d2043be5cd9cf4714bb4a56e2450400d1cf82271da5ff3302441ce1cadcc90892ebd42b4b927275afe95e0ef51cb3f1e5c6556ae2a64711476add0f6d4d152660a7fdcd1000ab8945d080512dbe34198d8f71357435e432878a202749b8b175d91b610893f8051385964f6dd57aaa7682d6ecc807264cb3028f4aaf0d7764f42ba
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 08b96c67a275ff544980bbc72a39a6d1
-      Version: 3
-      TBS:
-        MD5: 0e3acf9c17f4e2159356533e5a841b34
-        SHA1: ecdc54b7d61942d3eaf86be64af4f9837f4f90dd
-        SHA256: 651f3eea445efd8ad06dc1e7e6b795ae44ca4e10818de60ce2e44e19a38934ae
-        SHA384: 901a764d8606471e7e40fbc4397021712e80be985a0fa87743aab684ad5344cfb7508c862029263395075e082f3716c1
-    Signer:
-    - SerialNumber: 08b96c67a275ff544980bbc72a39a6d1
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: ''
-  MD5: 1a6e12c2d11e208bdf72a8962120fae7
-  MachineType: AMD64
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: 17d28a90ef4d3dbb083371f99943ff938f3b39f6
-  SHA256: 478bcb750017cb6541f3dd0d08a47370f3c92eec998bc3825b5d8e08ee831b70
-  Signature: ''
-  Imphash: cb8397a3262c80b558aff93ab75b6a7b
-  Authentihash:
-    MD5: b5d2eb2549f75a4a1ced7a0df90fb96e
-    SHA1: 9a329362e340fc8363e67fb5f23a8391cb83bf00
-    SHA256: ffd548833a96c2c5f8410b22fc110d10b36a47eb0b16b3d2e7edb82c3cabf97b
-  RichPEHeaderHash:
-    MD5: 66fe3419e37146017c0136838261ae2e
-    SHA1: 39b5dd38cef5d8d3c26653e09ab8d05f33356d7d
-    SHA256: f5d27359070c7e45be06e3694e8c1b0da1a227c12d2057af063c9efc6c781a69
-  Sections:
-    .text:
-      Entropy: 6.45699898094285
-      Virtual Size: '0x11bc'
-    .rdata:
-      Entropy: 4.115325486972536
-      Virtual Size: '0x174'
-    .data:
-      Entropy: 1.2099429743974393
-      Virtual Size: '0x170'
-    .pdata:
-      Entropy: 3.098579861712073
-      Virtual Size: '0x48'
-    INIT:
-      Entropy: 4.910053868611627
-      Virtual Size: '0x300'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2008-10-12 22:38:55'
-  InternalName: ''
-  Copyright: ''
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - MmAllocateContiguousMemorySpecifyCache
-  - DbgPrint
-  - IoAllocateMdl
-  - IoFreeMdl
-  - IoDeleteSymbolicLink
-  - MmFreeContiguousMemorySpecifyCache
-  - MmMapLockedPages
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeBugCheckEx
-  - MmBuildMdlForNonPagedPool
-  - MmUnmapLockedPages
-  - MmUnmapIoSpace
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=US, ST=Texas, L=Austin, O=Advanced Micro Devices, Inc., OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=Developer Systems Support,
-        CN=Advanced Micro Devices, Inc.
-      ValidFrom: '2008-03-25 00:00:00'
-      ValidTo: '2009-04-25 23:59:59'
-      Signature: 6759952967d6b966a479b5d2a71f4538e5b85fcfa2fcf6e928a38db964549ad6ec0145beaf8a60d003289cc5c008d516304fdcf4d12314b376b1cad8fe01df20303aa5f2c1bb66606dd559bb32dc457d3c8a964fe583a4f46988b88c290ee4b395ab74c6d899b1d977b84b1287452698dc17a8e525efd00f2d38815dd2f7219700843913aba313065892d5cfa46bf2bd9784e2c376baab05df21627f157f965b6d994fcf0200cc571055ceb574105dced576de506934972f1f05228a14945e892440094792c5fd1eea9cfaf9f47c9891a39b449e6eee76e63ac9ce69d683ad0eaa75874cbf1b733eb96567e3942282496cf711ca6fa358b4304f859023f3c305
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 19201e5ae135ce9c8c77ce0c7b8aca13
-      Version: 3
-      TBS:
-        MD5: c3e7ab8689bcb94bf19962ac62d0b128
-        SHA1: 819ee906219f1a26914b21966f8786e3bff26d27
-        SHA256: 1f89c47ace545ddf40ab216be9421ee28f41454971765b10ec44bb6a9f64b517
-        SHA384: 8a0821981d0234783a635d480ae4c02c91ef91a03fd6f397692d93af21a9895124c7e900a23a9feab53d7700828be654
-    Signer:
-    - SerialNumber: 19201e5ae135ce9c8c77ce0c7b8aca13
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: ''
-  MD5: 21ca6a013a75fcf6f930d4b08803973a
-  MachineType: I386
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: b3b523504af5228c49060ec8dea9f8adce05e117
-  SHA256: 49ae47b6b4d5e1b791b89e0395659d42a29a79c3e6ec52cbfcb9f9cef857a9dd
-  Signature: ''
-  Imphash: 7f8c74638fcf297f8216aa5b184f61d6
-  Authentihash:
-    MD5: da65f47b65a05396e9d3e53872af5b50
-    SHA1: 4a726544ef24840f38af646c3f1609e51f42c7d8
-    SHA256: d033f5c0a764aa7ecff779cf7fe13140d7d8eb1645dd212f408ed2fa119e3b47
-  RichPEHeaderHash:
-    MD5: 7b6e9fff0c17beb2de05b732b6800597
-    SHA1: f045b276f6d77d8ca42c76f8335e63835aa85297
-    SHA256: 5172569455079adb7c446a73d81b19b5e885fed04154be7e0ef45373c1326831
-  Sections:
-    .text:
-      Entropy: 6.3442987839687275
-      Virtual Size: '0xc9a'
-    .rdata:
-      Entropy: 4.401680420662313
-      Virtual Size: '0xed'
-    .data:
-      Entropy: 2.9823054054437197
-      Virtual Size: '0x58'
-    INIT:
-      Entropy: 5.374480349290966
-      Virtual Size: '0x344'
-    .reloc:
-      Entropy: 4.499060646383309
-      Virtual Size: '0xe8'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2008-10-12 22:42:32'
-  InternalName: ''
-  Copyright: ''
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - DbgPrint
-  - memcpy
-  - _allmul
-  - MmUnmapIoSpace
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeTickCount
-  - memset
-  - MmAllocateContiguousMemorySpecifyCache
-  - IoAllocateMdl
-  - MmBuildMdlForNonPagedPool
-  - MmMapLockedPages
-  - MmUnmapLockedPages
-  - IoFreeMdl
-  - IoDeleteDevice
-  - MmFreeContiguousMemorySpecifyCache
-  - WRITE_PORT_ULONG
-  - WRITE_PORT_USHORT
-  - WRITE_PORT_UCHAR
-  - READ_PORT_ULONG
-  - READ_PORT_USHORT
-  - READ_PORT_UCHAR
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  Signatures: {}
-  LoadsDespiteHVCI: 'FALSE'
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: ''
-  MD5: f160ecce1500a5a5877c123584e86b17
-  MachineType: AMD64
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: dda8c7e852fe07d67c110dab163354a2a85f44a5
-  SHA256: 4ace6dded819e87f3686af2006cb415ed75554881a28c54de606975c41975112
-  Signature: ''
-  Imphash: cb8397a3262c80b558aff93ab75b6a7b
-  Authentihash:
-    MD5: b5d2eb2549f75a4a1ced7a0df90fb96e
-    SHA1: 9a329362e340fc8363e67fb5f23a8391cb83bf00
-    SHA256: ffd548833a96c2c5f8410b22fc110d10b36a47eb0b16b3d2e7edb82c3cabf97b
-  RichPEHeaderHash:
-    MD5: 66fe3419e37146017c0136838261ae2e
-    SHA1: 39b5dd38cef5d8d3c26653e09ab8d05f33356d7d
-    SHA256: f5d27359070c7e45be06e3694e8c1b0da1a227c12d2057af063c9efc6c781a69
-  Sections:
-    .text:
-      Entropy: 6.45699898094285
-      Virtual Size: '0x11bc'
-    .rdata:
-      Entropy: 4.115325486972536
-      Virtual Size: '0x174'
-    .data:
-      Entropy: 1.2099429743974393
-      Virtual Size: '0x170'
-    .pdata:
-      Entropy: 3.098579861712073
-      Virtual Size: '0x48'
-    INIT:
-      Entropy: 4.910053868611627
-      Virtual Size: '0x300'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2008-10-12 22:38:55'
-  InternalName: ''
-  Copyright: ''
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - MmAllocateContiguousMemorySpecifyCache
-  - DbgPrint
-  - IoAllocateMdl
-  - IoFreeMdl
-  - IoDeleteSymbolicLink
-  - MmFreeContiguousMemorySpecifyCache
-  - MmMapLockedPages
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeBugCheckEx
-  - MmBuildMdlForNonPagedPool
-  - MmUnmapLockedPages
-  - MmUnmapIoSpace
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=US, ST=Texas, L=Austin, O=Advanced Micro Devices, Inc., OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=Developer Systems Support,
-        CN=Advanced Micro Devices, Inc.
-      ValidFrom: '2008-03-25 00:00:00'
-      ValidTo: '2009-04-25 23:59:59'
-      Signature: 6759952967d6b966a479b5d2a71f4538e5b85fcfa2fcf6e928a38db964549ad6ec0145beaf8a60d003289cc5c008d516304fdcf4d12314b376b1cad8fe01df20303aa5f2c1bb66606dd559bb32dc457d3c8a964fe583a4f46988b88c290ee4b395ab74c6d899b1d977b84b1287452698dc17a8e525efd00f2d38815dd2f7219700843913aba313065892d5cfa46bf2bd9784e2c376baab05df21627f157f965b6d994fcf0200cc571055ceb574105dced576de506934972f1f05228a14945e892440094792c5fd1eea9cfaf9f47c9891a39b449e6eee76e63ac9ce69d683ad0eaa75874cbf1b733eb96567e3942282496cf711ca6fa358b4304f859023f3c305
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 19201e5ae135ce9c8c77ce0c7b8aca13
-      Version: 3
-      TBS:
-        MD5: c3e7ab8689bcb94bf19962ac62d0b128
-        SHA1: 819ee906219f1a26914b21966f8786e3bff26d27
-        SHA256: 1f89c47ace545ddf40ab216be9421ee28f41454971765b10ec44bb6a9f64b517
-        SHA384: 8a0821981d0234783a635d480ae4c02c91ef91a03fd6f397692d93af21a9895124c7e900a23a9feab53d7700828be654
-    Signer:
-    - SerialNumber: 19201e5ae135ce9c8c77ce0c7b8aca13
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: Advanced Micro Devices
-  Date: ''
-  Description: AMD OverDrive Service Driver
-  FileVersion: '3.1.0 built by: WinDDK'
-  Filename: ''
-  MD5: b934322c68c30dceca96c0274a51f7b0
-  MachineType: AMD64
-  OriginalFilename: AODDriver.sys
-  Product: AMD OverDrive Service Driver
-  ProductVersion: 3.1.0
-  Publisher: ''
-  SHA1: 18938e0d924ee7c0febdbf2676a099e828182c1c
-  SHA256: 5a0b10a9e662a0b0eeb951ffd2a82cc71d30939a78daebd26b3f58bb24351ac9
-  Signature: ''
-  Imphash: 7f53340c91c108efedb5b8678c5207b3
-  Authentihash:
-    MD5: bc5b3e62168d06b6581755afd6fd4f5d
-    SHA1: 01c9d8a69065cbc8aba2d00ed69628e3b847b167
-    SHA256: 129bfa559bde499f748cffc218f2b7ec4b22ee3114ceae8e386fbbe4e58e4523
-  RichPEHeaderHash:
-    MD5: 0155d1c1b94fe61e7564fe4047feb613
-    SHA1: 84da935966036af991bb9e5f9ea6b4e73fad9c57
-    SHA256: e396b4c3a0494aea766275eecb482347acd598e904ef6e2963f34aa3061afc24
-  Sections:
-    .text:
-      Entropy: 5.979993977618507
-      Virtual Size: '0x7243'
-    .rdata:
-      Entropy: 4.440197935949107
-      Virtual Size: '0x7b4'
-    .data:
-      Entropy: 1.6792243032035326
-      Virtual Size: '0x209e8'
-    .pdata:
-      Entropy: 4.53127514673866
-      Virtual Size: '0x3fc'
-    PAGE:
-      Entropy: 6.249029457903788
-      Virtual Size: '0x19f7'
-    INIT:
-      Entropy: 5.244528886331704
-      Virtual Size: '0x66c'
-    .rsrc:
-      Entropy: 3.2616129475774747
-      Virtual Size: '0x3a8'
-    .reloc:
-      Entropy: 1.2072398645622462
-      Virtual Size: '0x60'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2010-03-04 03:58:24'
-  InternalName: AODDriver.sys
-  Copyright: Copyright 2009 AMD, Inc.
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - MmMapLockedPages
-  - MmUnmapIoSpace
-  - MmBuildMdlForNonPagedPool
-  - IoFreeMdl
-  - MmMapIoSpace
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - MmUnmapLockedPages
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeEnterCriticalRegion
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoDeleteSymbolicLink
-  - KeLeaveCriticalRegion
-  - KeBugCheckEx
-  - IoAllocateMdl
-  - DbgPrint
-  - strncmp
-  - MmGetSystemRoutineAddress
-  - IoCreateDevice
-  - ZwClose
-  - ObOpenObjectByPointer
-  - ZwSetSecurityObject
-  - IoDeviceObjectType
-  - _snwprintf
-  - RtlLengthSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - RtlCreateSecurityDescriptor
-  - RtlSetDaclSecurityDescriptor
-  - RtlAbsoluteToSelfRelativeSD
-  - IoIsWdmVersionAvailable
-  - SeExports
-  - wcschr
-  - _wcsnicmp
-  - RtlLengthSid
-  - RtlAddAccessAllowedAce
-  - RtlGetSaclSecurityDescriptor
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - RtlFreeUnicodeString
-  - ZwOpenKey
-  - ZwCreateKey
-  - ZwQueryValueKey
-  - ZwSetValueKey
-  - HalGetBusDataByOffset
-  - HalSetBusDataByOffset
-  - KeStallExecutionProcessor
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=US, ST=Texas, L=Austin, O=Advanced Micro Devices, Inc., OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=Developer Systems Support,
-        CN=Advanced Micro Devices, Inc.
-      ValidFrom: '2009-03-16 00:00:00'
-      ValidTo: '2010-04-25 23:59:59'
-      Signature: 3e4ab0d305f4d1d51e1a4a3eb11333809b402b73d0aa7b85bf2441dca235e6dc1593ca4911caf8aa005d7354f3cc77ac4772753a326000c07fd110d3fa9f54780f2e1c22b092015b05399db9f8267bfa686a7663d7ca7e9ac2d918fbbed2be29d33295267ffb0c4f8ace264c25d2c3f3a60bf9cc43b37790a15f3285bb0c10d2043be5cd9cf4714bb4a56e2450400d1cf82271da5ff3302441ce1cadcc90892ebd42b4b927275afe95e0ef51cb3f1e5c6556ae2a64711476add0f6d4d152660a7fdcd1000ab8945d080512dbe34198d8f71357435e432878a202749b8b175d91b610893f8051385964f6dd57aaa7682d6ecc807264cb3028f4aaf0d7764f42ba
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 08b96c67a275ff544980bbc72a39a6d1
-      Version: 3
-      TBS:
-        MD5: 0e3acf9c17f4e2159356533e5a841b34
-        SHA1: ecdc54b7d61942d3eaf86be64af4f9837f4f90dd
-        SHA256: 651f3eea445efd8ad06dc1e7e6b795ae44ca4e10818de60ce2e44e19a38934ae
-        SHA384: 901a764d8606471e7e40fbc4397021712e80be985a0fa87743aab684ad5344cfb7508c862029263395075e082f3716c1
-    Signer:
-    - SerialNumber: 08b96c67a275ff544980bbc72a39a6d1
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: ''
-  MD5: fe3fb6719e86481a3514ab9e00a55bcf
-  MachineType: AMD64
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: e8311ba74bc6b35b1171b81056d0148913b1d61c
-  SHA256: 5daa8fa3b5db2e6225a2effea41af95fe7ffc579550c4081c8028ed33bc023b8
-  Signature: ''
-  Imphash: 7716b766e630388f64de1961719be3d4
-  Authentihash:
-    MD5: 59bd50b9577bdfca5452e158725b96a1
-    SHA1: 3099e0d37fd0ee97738cf271bae3793a91b88382
-    SHA256: 5640179b9cffc3517d322ac2c0bc1258b563f65ebb1b67eb22ecf7f3a0500c7d
-  RichPEHeaderHash:
-    MD5: a0f0847c87019909402cfe54fcd1841b
-    SHA1: 29fa0c52693fa3116724916ca0406a83c944046c
-    SHA256: bf0d703bd016cb194240c7e227262c9c5df925f3f6ba8edbde7263a8af4deb8c
-  Sections:
-    .text:
-      Entropy: 5.503715409035299
-      Virtual Size: '0x252c'
-    .rdata:
-      Entropy: 3.9173848730896146
-      Virtual Size: '0x190'
-    .data:
-      Entropy: 1.2478157323570183
-      Virtual Size: '0x184'
-    .pdata:
-      Entropy: 3.3414996533186425
-      Virtual Size: '0x90'
-    INIT:
-      Entropy: 4.922009201916293
-      Virtual Size: '0x300'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2009-03-18 01:59:35'
-  InternalName: ''
-  Copyright: ''
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - MmBuildMdlForNonPagedPool
-  - IoFreeMdl
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - MmAllocateContiguousMemorySpecifyCache
-  - MmUnmapIoSpace
-  - IoAllocateMdl
-  - MmUnmapLockedPages
-  - IoDeleteSymbolicLink
-  - MmFreeContiguousMemorySpecifyCache
-  - MmMapLockedPages
-  - KeBugCheckEx
-  - IoDeleteDevice
-  - DbgPrint
-  - RtlInitUnicodeString
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=US, ST=Texas, L=Austin, O=Advanced Micro Devices, Inc., OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=Developer Systems Support,
-        CN=Advanced Micro Devices, Inc.
-      ValidFrom: '2008-03-25 00:00:00'
-      ValidTo: '2009-04-25 23:59:59'
-      Signature: 6759952967d6b966a479b5d2a71f4538e5b85fcfa2fcf6e928a38db964549ad6ec0145beaf8a60d003289cc5c008d516304fdcf4d12314b376b1cad8fe01df20303aa5f2c1bb66606dd559bb32dc457d3c8a964fe583a4f46988b88c290ee4b395ab74c6d899b1d977b84b1287452698dc17a8e525efd00f2d38815dd2f7219700843913aba313065892d5cfa46bf2bd9784e2c376baab05df21627f157f965b6d994fcf0200cc571055ceb574105dced576de506934972f1f05228a14945e892440094792c5fd1eea9cfaf9f47c9891a39b449e6eee76e63ac9ce69d683ad0eaa75874cbf1b733eb96567e3942282496cf711ca6fa358b4304f859023f3c305
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 19201e5ae135ce9c8c77ce0c7b8aca13
-      Version: 3
-      TBS:
-        MD5: c3e7ab8689bcb94bf19962ac62d0b128
-        SHA1: 819ee906219f1a26914b21966f8786e3bff26d27
-        SHA256: 1f89c47ace545ddf40ab216be9421ee28f41454971765b10ec44bb6a9f64b517
-        SHA384: 8a0821981d0234783a635d480ae4c02c91ef91a03fd6f397692d93af21a9895124c7e900a23a9feab53d7700828be654
-    Signer:
-    - SerialNumber: 19201e5ae135ce9c8c77ce0c7b8aca13
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: Advanced Micro Devices
-  Date: ''
-  Description: AMD OverDrive Service Driver
-  FileVersion: '3.1.0 built by: WinDDK'
-  Filename: ''
-  MD5: 0ad87bba19f0b71ccb2d32239abd49ec
-  MachineType: I386
-  OriginalFilename: AODDriver.sys
-  Product: AMD OverDrive Service Driver
-  ProductVersion: 3.1.0
-  Publisher: ''
-  SHA1: e0ee5ea6693c26f21b143ef9b133f53efe443b1e
-  SHA256: 7a1105548bfc4b0a1b7b891cde0356d39b6633975cbcd0f2e2d8e31b3646d2ca
-  Signature: ''
-  Imphash: 51ecd9b363fde1f003f4b4f20c874b1b
-  Authentihash:
-    MD5: 7f337e0d90850309bb5bc8a847ee6336
-    SHA1: fcbbd7b4d138e4f2c2a23c32437e96e87af2019a
-    SHA256: 84683c840af3440b8b40d34088ec852e092f882ca558409d8338f1f5f46d2741
-  RichPEHeaderHash:
-    MD5: bd7a01ea7c446f987bb6d13427a7dcbd
-    SHA1: 3ad11abd65ff30a08c2868c40adddffdabd7f59e
-    SHA256: 805c20389793e8dfe93d80e0305e1bb39c2244c17c311a5a24653c4f0ca3b0f3
-  Sections:
-    .text:
-      Entropy: 6.39180750596254
-      Virtual Size: '0xe56'
-    .rdata:
-      Entropy: 4.418847616255422
-      Virtual Size: '0x113'
-    .data:
-      Entropy: 2.9792814698224577
-      Virtual Size: '0x64'
-    INIT:
-      Entropy: 5.370857082848018
-      Virtual Size: '0x344'
-    .rsrc:
-      Entropy: 3.2533017908220914
-      Virtual Size: '0x3a8'
-    .reloc:
-      Entropy: 4.577010549473324
-      Virtual Size: '0x102'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2009-08-31 00:17:54'
-  InternalName: AODDriver.sys
-  Copyright: Copyright 2009 AMD, Inc.
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - DbgPrint
-  - memcpy
-  - _allmul
-  - MmUnmapIoSpace
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeTickCount
-  - memset
-  - MmAllocateContiguousMemorySpecifyCache
-  - IoAllocateMdl
-  - MmBuildMdlForNonPagedPool
-  - MmMapLockedPages
-  - MmUnmapLockedPages
-  - IoFreeMdl
-  - IoDeleteDevice
-  - MmFreeContiguousMemorySpecifyCache
-  - WRITE_PORT_USHORT
-  - WRITE_PORT_UCHAR
-  - READ_PORT_USHORT
-  - READ_PORT_UCHAR
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  - READ_PORT_ULONG
-  - WRITE_PORT_ULONG
-  Signatures: {}
-  LoadsDespiteHVCI: 'FALSE'
-- Company: Advanced Micro Devices
-  Date: ''
-  Description: AMD OverDrive Service Driver
-  FileVersion: '3.2.0 built by: WinDDK'
-  Filename: ''
-  MD5: 5bd30b502168013c9ea03a5c2f1c9776
-  MachineType: I386
-  OriginalFilename: AODDriver.sys
-  Product: AMD OverDrive Service Driver
-  ProductVersion: 3.2.0
-  Publisher: ''
-  SHA1: 7b4c922415e13deaf54bb2771f2ae30814ee1d14
-  SHA256: 81d54ebef1716e195955046ffded498a5a7e325bf83e7847893aa3b0b3776d05
-  Signature: ''
-  Imphash: 2430f988dcdc3828f6079e1e2cc71dc8
-  Authentihash:
-    MD5: 08641141599e00b60cf7f5b4f16c7410
-    SHA1: c2e6ad05c0bcf694f024a3fc561dc987e4a28396
-    SHA256: 6fcb7131bc940fc01dc5444a1ae18bf299e92c3155a783629007cf2a61cda9db
-  RichPEHeaderHash:
-    MD5: 2662aedd17c15379c7db511e8f9bd9e4
-    SHA1: 26f001ebeb7725509010d35a01c168c3823045ef
-    SHA256: df0075725093273960a58e1f0d05ecb624b7ee6c84308d589ecc33516f359f44
-  Sections:
-    .text:
-      Entropy: 6.3339595908349065
-      Virtual Size: '0x5928'
-    .rdata:
-      Entropy: 4.173164731434227
-      Virtual Size: '0x403'
-    .data:
-      Entropy: 2.267399253551173
-      Virtual Size: '0x20868'
-    PAGE:
-      Entropy: 6.257618384310238
-      Virtual Size: '0x13d3'
-    INIT:
-      Entropy: 5.678310099271175
-      Virtual Size: '0x65c'
-    .rsrc:
-      Entropy: 3.265297786841924
-      Virtual Size: '0x3a8'
-    .reloc:
-      Entropy: 5.4358651010980035
-      Virtual Size: '0x724'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2010-03-04 03:41:36'
-  InternalName: AODDriver.sys
-  Copyright: Copyright 2010 AMD, Inc.
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - DbgPrint
-  - memcpy
-  - strncmp
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - IofCompleteRequest
-  - KeLeaveCriticalRegion
-  - KeEnterCriticalRegion
-  - MmMapIoSpace
-  - _aullshr
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - IoCreateSymbolicLink
-  - KeTickCount
-  - KeBugCheckEx
-  - MmUnmapIoSpace
-  - memset
-  - IoAllocateMdl
-  - MmBuildMdlForNonPagedPool
-  - MmMapLockedPages
-  - MmUnmapLockedPages
-  - IoFreeMdl
-  - _allshl
-  - MmGetSystemRoutineAddress
-  - ZwClose
-  - ZwSetSecurityObject
-  - ObOpenObjectByPointer
-  - IoDeviceObjectType
-  - IoCreateDevice
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetSaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - _snwprintf
-  - RtlLengthSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - SeExports
-  - IoIsWdmVersionAvailable
-  - _wcsnicmp
-  - RtlAddAccessAllowedAce
-  - RtlLengthSid
-  - wcschr
-  - RtlAbsoluteToSelfRelativeSD
-  - RtlSetDaclSecurityDescriptor
-  - RtlCreateSecurityDescriptor
-  - ZwOpenKey
-  - ZwCreateKey
-  - ZwQueryValueKey
-  - ZwSetValueKey
-  - RtlFreeUnicodeString
-  - HalSetBusDataByOffset
-  - KeStallExecutionProcessor
-  - WRITE_PORT_USHORT
-  - READ_PORT_USHORT
-  - HalGetBusDataByOffset
-  - READ_PORT_UCHAR
-  - WRITE_PORT_UCHAR
-  - WRITE_PORT_ULONG
-  - READ_PORT_ULONG
-  Signatures: {}
-  LoadsDespiteHVCI: 'FALSE'
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: ''
-  MD5: c5b8e612360277ac70aa328432a99fd6
-  MachineType: AMD64
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: f5bafebfbfb67a022452870289ac7849e9ee1f61
-  SHA256: 8a982eed9cbc724d50a9ddf4f74ecbcd67b4fdcd9c2bb1795bc88c2d9caf7506
-  Signature: ''
-  Imphash: 2d7766896629499b1484227afaf43dd7
-  Authentihash:
-    MD5: 84420ea7b0d040aaaff4d2a2743a5eaf
-    SHA1: 23ac84bd285d1e6d2598b4eea65aac22015a76ef
-    SHA256: 79247cd973878500461753431f1528ed35e5f85a8978bf68ac211335ffcae27a
-  RichPEHeaderHash:
-    MD5: 286a69fb620218141a9b16dad2b8cbce
-    SHA1: 861734a40513d6dc58092803d4f757788f54f1e5
-    SHA256: 37813c3a77f50a0b9f4a252dada342da204ad6a12289a34afc261f71b0260e41
-  Sections:
-    .text:
-      Entropy: 6.349610588453567
-      Virtual Size: '0x9ac'
-    .rdata:
-      Entropy: 4.061114097772852
-      Virtual Size: '0x14c'
-    .data:
-      Entropy: 1.2599999127892403
-      Virtual Size: '0x164'
-    .pdata:
-      Entropy: 2.9347883731581965
-      Virtual Size: '0x3c'
-    INIT:
-      Entropy: 4.917368719792384
-      Virtual Size: '0x2a0'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2007-10-11 00:26:50'
-  InternalName: ''
-  Copyright: ''
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoCreateDevice
-  - DbgPrint
-  - IoAllocateMdl
-  - MmUnmapLockedPages
-  - IoDeleteSymbolicLink
-  - MmMapLockedPages
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - MmUnmapIoSpace
-  - MmBuildMdlForNonPagedPool
-  - IoFreeMdl
-  - KeBugCheckEx
-  - IofCompleteRequest
-  - RtlInitUnicodeString
-  - MmMapIoSpace
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  Signatures: {}
-  LoadsDespiteHVCI: 'FALSE'
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: ''
-  MD5: cd1c8a66e885b7a8b464094395566a46
-  MachineType: I386
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: 1ab702c495cb7832d4cc1ff896277fa56ed8f30d
-  SHA256: ef438a754fd940d145cc5d658ddac666a06871d71652b258946c21efe4b7e517
-  Signature: ''
-  Imphash: c1579e4266fbdc47a5abc493a2d9d597
-  Authentihash:
-    MD5: f398a5cf97cb3693c094d0c0560f4f5b
-    SHA1: 81282dd51b710f930a5f8d4da65521be1d06fc63
-    SHA256: b0e2a4bf10a9428888e043fa40f7af74a963ed663c6bf4e2f136e39c41f606db
-  RichPEHeaderHash:
-    MD5: 54b6a604b4251abf94808f2aef00530b
-    SHA1: ce8e475ab534da3662b415b5fd8ba15fcae42644
-    SHA256: 1606453b435fa703e3a3629aeed9f4caa13e42d8195dbf02c61a65e44ecda37c
-  Sections:
-    .text:
-      Entropy: 5.8759004602052185
-      Virtual Size: '0x19e8'
-    .rdata:
-      Entropy: 4.327608614099631
-      Virtual Size: '0xec'
-    .data:
-      Entropy: 2.9823054054437197
-      Virtual Size: '0x58'
-    INIT:
-      Entropy: 5.352903638927322
-      Virtual Size: '0x354'
-    .reloc:
-      Entropy: 5.003048441234915
-      Virtual Size: '0x12e'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2008-08-25 03:01:19'
-  InternalName: ''
-  Copyright: ''
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - DbgPrint
-  - memcpy
-  - _allshl
-  - _aullshr
-  - MmUnmapIoSpace
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeTickCount
-  - memset
-  - MmAllocateContiguousMemorySpecifyCache
-  - IoAllocateMdl
-  - MmBuildMdlForNonPagedPool
-  - MmMapLockedPages
-  - MmUnmapLockedPages
-  - IoFreeMdl
-  - IoDeleteDevice
-  - MmFreeContiguousMemorySpecifyCache
-  - READ_PORT_USHORT
-  - READ_PORT_ULONG
-  - WRITE_PORT_UCHAR
-  - WRITE_PORT_USHORT
-  - WRITE_PORT_ULONG
-  - HalGetBusDataByOffset
-  - HalSetBusDataByOffset
-  - READ_PORT_UCHAR
-  Signatures: {}
-  LoadsDespiteHVCI: 'FALSE'
-- Company: Advanced Micro Devices
-  Date: ''
-  Description: AMD OverDrive Service Driver
-  FileVersion: '4.2.0 built by: WinDDK'
-  Filename: ''
-  MD5: 5f44a01ccc530b34051b9d0ccb5bb842
-  MachineType: AMD64
-  OriginalFilename: AODDriver2.sys
-  Product: AMD OverDrive Service Driver
-  ProductVersion: 4.2.0
-  Publisher: ''
-  SHA1: c520a368c472869c3dc356a7bcfa88046352e4d9
-  SHA256: f4dc11b7922bf2674ca9673638e7fe4e26aceb0ebdc528e6d10c8676e555d7b2
-  Signature: ''
-  Imphash: f119bff607049d431d0968fbaf6532f3
-  Authentihash:
-    MD5: 3958bf0abbaf2cb70708bc790b89840a
-    SHA1: 7686074bc96fc23d94c2347c11fae073d86ac401
-    SHA256: 4ce5523dea824b2f2d4d442a9016d0f1b7cc52dce58a1740f4c43fd28e1c6dcb
-  RichPEHeaderHash:
-    MD5: 99ea20d88305d842158e8ece088b2db5
-    SHA1: 524b29f6ff12bee8807cdd3bb9f3b24747442c69
-    SHA256: fefa148316d60d3d1cb5312c3fae4714b60ba980573233f69c6bfe550121f16b
-  Sections:
-    .text:
-      Entropy: 5.998614310617645
-      Virtual Size: '0x85b3'
-    .rdata:
-      Entropy: 4.472276868641076
-      Virtual Size: '0x7e8'
-    .data:
-      Entropy: 2.0281268782469555
-      Virtual Size: '0x20aa8'
-    .pdata:
-      Entropy: 4.554564217032994
-      Virtual Size: '0x45c'
-    PAGE:
-      Entropy: 6.24816999610764
-      Virtual Size: '0x19f7'
-    INIT:
-      Entropy: 5.236459840907012
-      Virtual Size: '0x676'
-    .rsrc:
-      Entropy: 3.2685600262773464
-      Virtual Size: '0x3b0'
-    .reloc:
-      Entropy: 1.2072398645622462
-      Virtual Size: '0x60'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2012-11-21 00:47:09'
-  InternalName: AODDriver2.sys
-  Copyright: "Copyright \xA9 2012 AMD, Inc."
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - KeDelayExecutionThread
-  - MmMapLockedPagesSpecifyCache
-  - MmMapIoSpace
-  - MmUnmapLockedPages
-  - DbgPrint
-  - IoAllocateMdl
-  - ExAllocatePoolWithTag
-  - IoFreeMdl
-  - strncmp
-  - IoCreateSymbolicLink
-  - IoDeleteSymbolicLink
-  - KeLeaveCriticalRegion
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeEnterCriticalRegion
-  - IofCompleteRequest
-  - KeBugCheckEx
-  - MmBuildMdlForNonPagedPool
-  - ExFreePoolWithTag
-  - MmUnmapIoSpace
-  - MmGetSystemRoutineAddress
-  - IoCreateDevice
-  - ZwClose
-  - ObOpenObjectByPointer
-  - ZwSetSecurityObject
-  - IoDeviceObjectType
-  - _snwprintf
-  - RtlLengthSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - RtlCreateSecurityDescriptor
-  - RtlSetDaclSecurityDescriptor
-  - RtlAbsoluteToSelfRelativeSD
-  - IoIsWdmVersionAvailable
-  - SeExports
-  - wcschr
-  - _wcsnicmp
-  - RtlLengthSid
-  - RtlAddAccessAllowedAce
-  - RtlGetSaclSecurityDescriptor
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - RtlFreeUnicodeString
-  - ZwOpenKey
-  - ZwCreateKey
-  - ZwQueryValueKey
-  - ZwSetValueKey
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=US, ST=Texas, L=Austin, O=Advanced Micro Devices, Inc., OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=Developer Systems Support,
-        CN=Advanced Micro Devices, Inc.
-      ValidFrom: '2010-04-13 00:00:00'
-      ValidTo: '2013-04-24 23:59:59'
-      Signature: 28ede95334981f3dec776403807d9b2f331cf8c03253ae13872a2cb0c9f95d7bee70f53f8554b2fb78d8e51ade631b2842ae88f6667bef6dce764531cf92c1c15f6750059c4cdc40e011d5cabbe41417d2473e70bf332df709a6ffe79a78058d1833bdb92aeab6143cbb9b6295506ad5babef53246beb4aa1ff50c2b80a389828dd10e2f8b45eac2dad9e53f11bb1ea07955ce049e3f8dc5f65f403f503e7bcd8fbdd9e79a0d54cc384edf6d70299929901a4fea7795b5ff8fb91b8f21f1178795679601a62190233ad918ef304c32f07592fc5e37de5f556b8962f1024d7bad187a3ee9b28ef0a22277bc51423d7714598a469bcabbc1a44f47b40e83d43664
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 30ac31a0f3257e0b0cabcbadeba5534c
-      Version: 3
-      TBS:
-        MD5: c57ab6c4a315c3e64b5f571ad90cc9ba
-        SHA1: 4d719c5e6fc053d4fbce935cde7bccae6d5df476
-        SHA256: b48a4bfe89e6334cb2cdec4b69e68f86ddea6792cce7d04cfafb35cfef322d55
-        SHA384: 7e2cdde91aa8144c99ec10257cfd0b97f328be961eecd8fdf682f009db1d241f7159a61546fedcadc6d9c29ea64b715e
-    Signer:
-    - SerialNumber: 30ac31a0f3257e0b0cabcbadeba5534c
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create AODDriversys binPath= C:\windows\temp\AODDriversys.sys
+        type=kernel && sc.exe start AODDriversys
+    Description: The Carbon Black Threat Analysis Unit (TAU) discovered 34 unique
+        vulnerable drivers (237 file hashes) accepting firmware access. Six allow
+        kernel memory access. All give full control of the devices to non-admin users.
+        By exploiting the vulnerable drivers, an attacker without the system privilege
+        may erase/alter firmware, and/or elevate privileges. As of the time of writing
+        in October 2023, the filenames of the vulnerable drivers have not been made
+        public until now.
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://blogs.vmware.com/security/2023/10/hunting-vulnerable-kernel-drivers.html
-Tags:
-- AODDriver.sys
-Verified: 'TRUE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Company: Advanced Micro Devices
+    Date: ''
+    Description: AMD OverDrive Service Driver
+    FileVersion: '4.2.0 built by: WinDDK'
+    Filename: ''
+    MD5: 2faa725dd9bb22b2100e3010f8a72182
+    MachineType: I386
+    OriginalFilename: AODDriver2.sys
+    Product: AMD OverDrive Service Driver
+    ProductVersion: 4.2.0
+    Publisher: ''
+    SHA1: 5ce273aa80ed3b0394e593a999059096682736ae
+    SHA256: 070ff602cccaaef9e2b094e03983fd7f1bf0c0326612eb76593eabbf1bda9103
+    Signature: ''
+    Imphash: 48028b3b694466c1c0eb1d91ef5c02cb
+    Authentihash:
+        MD5: 28eeecde23e284924186b1c40f263fb1
+        SHA1: 84a576d26cfb5dac55308ab00c3b6a5558f162ca
+        SHA256: 42f468244050bafdcfc061c0eb468fd78267f93404b8703353d68fdca8b4355e
+    RichPEHeaderHash:
+        MD5: cf562e2b6816b28c3f2b643926edbdc6
+        SHA1: 5d846f8e38c47c50502ecf7956350a9b57a899ce
+        SHA256: 0cb77c25ac0071844595a395458ade87e448e27fe1e27f4552c367ff175d92ce
+    Sections:
+        .text:
+            Entropy: 6.345833281265631
+            Virtual Size: '0x6a58'
+        .rdata:
+            Entropy: 4.147807313596107
+            Virtual Size: '0x404'
+        .data:
+            Entropy: 2.753667292506314
+            Virtual Size: '0x20928'
+        PAGE:
+            Entropy: 6.275414385698134
+            Virtual Size: '0x13d3'
+        INIT:
+            Entropy: 5.698144849789103
+            Virtual Size: '0x666'
+        .rsrc:
+            Entropy: 3.279344075574124
+            Virtual Size: '0x3b0'
+        .reloc:
+            Entropy: 5.619199574410783
+            Virtual Size: '0x80a'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2012-11-21 00:46:49'
+    InternalName: AODDriver2.sys
+    Copyright: "Copyright \xA9 2012 AMD, Inc."
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - MmMapLockedPagesSpecifyCache
+    - MmMapIoSpace
+    - DbgPrint
+    - KeDelayExecutionThread
+    - memcpy
+    - strncmp
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - IofCompleteRequest
+    - KeLeaveCriticalRegion
+    - MmUnmapIoSpace
+    - _allshl
+    - _aullshr
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - IoCreateSymbolicLink
+    - KeTickCount
+    - KeBugCheckEx
+    - memset
+    - IoAllocateMdl
+    - MmBuildMdlForNonPagedPool
+    - MmUnmapLockedPages
+    - IoFreeMdl
+    - KeEnterCriticalRegion
+    - MmGetSystemRoutineAddress
+    - ZwClose
+    - ZwSetSecurityObject
+    - ObOpenObjectByPointer
+    - IoDeviceObjectType
+    - IoCreateDevice
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetSaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - _snwprintf
+    - RtlLengthSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - SeExports
+    - IoIsWdmVersionAvailable
+    - _wcsnicmp
+    - RtlAddAccessAllowedAce
+    - RtlLengthSid
+    - wcschr
+    - RtlAbsoluteToSelfRelativeSD
+    - RtlSetDaclSecurityDescriptor
+    - RtlCreateSecurityDescriptor
+    - ZwOpenKey
+    - ZwCreateKey
+    - ZwQueryValueKey
+    - ZwSetValueKey
+    - RtlFreeUnicodeString
+    - READ_PORT_UCHAR
+    - WRITE_PORT_USHORT
+    - READ_PORT_USHORT
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    - WRITE_PORT_UCHAR
+    - WRITE_PORT_ULONG
+    - READ_PORT_ULONG
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=US, ST=Texas, L=Austin, O=Advanced Micro Devices, Inc., OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, OU=Developer Systems
+                Support, CN=Advanced Micro Devices, Inc.
+            ValidFrom: '2010-04-13 00:00:00'
+            ValidTo: '2013-04-24 23:59:59'
+            Signature: 28ede95334981f3dec776403807d9b2f331cf8c03253ae13872a2cb0c9f95d7bee70f53f8554b2fb78d8e51ade631b2842ae88f6667bef6dce764531cf92c1c15f6750059c4cdc40e011d5cabbe41417d2473e70bf332df709a6ffe79a78058d1833bdb92aeab6143cbb9b6295506ad5babef53246beb4aa1ff50c2b80a389828dd10e2f8b45eac2dad9e53f11bb1ea07955ce049e3f8dc5f65f403f503e7bcd8fbdd9e79a0d54cc384edf6d70299929901a4fea7795b5ff8fb91b8f21f1178795679601a62190233ad918ef304c32f07592fc5e37de5f556b8962f1024d7bad187a3ee9b28ef0a22277bc51423d7714598a469bcabbc1a44f47b40e83d43664
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 30ac31a0f3257e0b0cabcbadeba5534c
+            Version: 3
+            TBS:
+                MD5: c57ab6c4a315c3e64b5f571ad90cc9ba
+                SHA1: 4d719c5e6fc053d4fbce935cde7bccae6d5df476
+                SHA256: b48a4bfe89e6334cb2cdec4b69e68f86ddea6792cce7d04cfafb35cfef322d55
+                SHA384: 7e2cdde91aa8144c99ec10257cfd0b97f328be961eecd8fdf682f009db1d241f7159a61546fedcadc6d9c29ea64b715e
+        Signer:
+        -   SerialNumber: 30ac31a0f3257e0b0cabcbadeba5534c
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: ''
+    MD5: 03c9d5f24fd65ad57de2d8a2c7960a70
+    MachineType: I386
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: e5bfb18f63fcfb7dc09b0292602112ea7837ef7a
+    SHA256: 33d7046a5d41f4010ad5df632577154ed223dac2ab0ca2da57dbf1724db45a57
+    Signature: ''
+    Imphash: 30c0ed518c03fa46fa0bfe76f2db0e42
+    Authentihash:
+        MD5: f431c34b502d259aa61092efb68bea83
+        SHA1: d4cb7f2539b32d0445dc1fb21c022e244fe8a7e7
+        SHA256: cb3dd0482092eb019dc11797dcf09f69fb3f06330e1fba0047678b226b57c2cd
+    RichPEHeaderHash:
+        MD5: e05185bbeea3ae7160d3f3360a7ba693
+        SHA1: f1d8734b79d02b2f2107bd538efe879ab3d12be2
+        SHA256: 502f51c76faf81cc365d9aaa0235137a67d05492ce5ec81ecdb62f097bc1d6d7
+    Sections:
+        .text:
+            Entropy: 6.452178872181208
+            Virtual Size: '0x85e'
+        .rdata:
+            Entropy: 4.289115492033144
+            Virtual Size: '0xd7'
+        .data:
+            Entropy: 3.0560579622127317
+            Virtual Size: '0x58'
+        INIT:
+            Entropy: 5.339345499877285
+            Virtual Size: '0x2c2'
+        .reloc:
+            Entropy: 3.8816129331502913
+            Virtual Size: '0xb8'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2007-10-11 01:52:30'
+    InternalName: ''
+    Copyright: ''
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - IofCompleteRequest
+    - IoCreateDevice
+    - KeTickCount
+    - DbgPrint
+    - MmMapIoSpace
+    - IoAllocateMdl
+    - MmBuildMdlForNonPagedPool
+    - MmMapLockedPages
+    - MmUnmapIoSpace
+    - MmUnmapLockedPages
+    - IoCreateSymbolicLink
+    - IoFreeMdl
+    - WRITE_PORT_USHORT
+    - WRITE_PORT_UCHAR
+    - READ_PORT_ULONG
+    - READ_PORT_USHORT
+    - READ_PORT_UCHAR
+    - HalGetBusDataByOffset
+    - HalSetBusDataByOffset
+    - WRITE_PORT_ULONG
+    Signatures: {}
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: Advanced Micro Devices
+    Date: ''
+    Description: AMD OverDrive Service Driver
+    FileVersion: '3.1.0 built by: WinDDK'
+    Filename: ''
+    MD5: 43ed1d08c19626688db34f63e55114fb
+    MachineType: AMD64
+    OriginalFilename: AODDriver.sys
+    Product: AMD OverDrive Service Driver
+    ProductVersion: 3.1.0
+    Publisher: ''
+    SHA1: 0f2fdfb249c260c892334e62ab77ac88fcb8b5e4
+    SHA256: 3c11dec1571253594d64619d8efc8c0212897be84a75a8646c578e665f58bf5d
+    Signature: ''
+    Imphash: 7716b766e630388f64de1961719be3d4
+    Authentihash:
+        MD5: f3a6f467fb2f1a7f65285aa0e4d24990
+        SHA1: fc8f64827ea4a6a787ea304f3dfc599ec1cd935a
+        SHA256: 2381e9fc518488f51e3ec49d5ca4e59d10727d20678067ca147e50b0c4294f9a
+    RichPEHeaderHash:
+        MD5: 4b7abf8a2b876e7a0cfb31a545f93905
+        SHA1: ea9e8b33f0974ee05802b3a4048bb4abd2338c1d
+        SHA256: 3e994a531dab8425b1e3a06f3b06b555cb68bed46665bb2c7ecdfbe0f8f1d76b
+    Sections:
+        .text:
+            Entropy: 5.509930238195589
+            Virtual Size: '0x24ac'
+        .rdata:
+            Entropy: 3.889894025473051
+            Virtual Size: '0x190'
+        .data:
+            Entropy: 1.2478157323570183
+            Virtual Size: '0x184'
+        .pdata:
+            Entropy: 3.2784012760465573
+            Virtual Size: '0x90'
+        INIT:
+            Entropy: 4.922009201916293
+            Virtual Size: '0x300'
+        .rsrc:
+            Entropy: 3.249834790290215
+            Virtual Size: '0x3a8'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2009-09-02 20:41:48'
+    InternalName: AODDriver.sys
+    Copyright: Copyright 2009 AMD, Inc.
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - MmBuildMdlForNonPagedPool
+    - IoFreeMdl
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - MmAllocateContiguousMemorySpecifyCache
+    - MmUnmapIoSpace
+    - IoAllocateMdl
+    - MmUnmapLockedPages
+    - IoDeleteSymbolicLink
+    - MmFreeContiguousMemorySpecifyCache
+    - MmMapLockedPages
+    - KeBugCheckEx
+    - IoDeleteDevice
+    - DbgPrint
+    - RtlInitUnicodeString
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=US, ST=Texas, L=Austin, O=Advanced Micro Devices, Inc., OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, OU=Developer Systems
+                Support, CN=Advanced Micro Devices, Inc.
+            ValidFrom: '2009-03-16 00:00:00'
+            ValidTo: '2010-04-25 23:59:59'
+            Signature: 3e4ab0d305f4d1d51e1a4a3eb11333809b402b73d0aa7b85bf2441dca235e6dc1593ca4911caf8aa005d7354f3cc77ac4772753a326000c07fd110d3fa9f54780f2e1c22b092015b05399db9f8267bfa686a7663d7ca7e9ac2d918fbbed2be29d33295267ffb0c4f8ace264c25d2c3f3a60bf9cc43b37790a15f3285bb0c10d2043be5cd9cf4714bb4a56e2450400d1cf82271da5ff3302441ce1cadcc90892ebd42b4b927275afe95e0ef51cb3f1e5c6556ae2a64711476add0f6d4d152660a7fdcd1000ab8945d080512dbe34198d8f71357435e432878a202749b8b175d91b610893f8051385964f6dd57aaa7682d6ecc807264cb3028f4aaf0d7764f42ba
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 08b96c67a275ff544980bbc72a39a6d1
+            Version: 3
+            TBS:
+                MD5: 0e3acf9c17f4e2159356533e5a841b34
+                SHA1: ecdc54b7d61942d3eaf86be64af4f9837f4f90dd
+                SHA256: 651f3eea445efd8ad06dc1e7e6b795ae44ca4e10818de60ce2e44e19a38934ae
+                SHA384: 901a764d8606471e7e40fbc4397021712e80be985a0fa87743aab684ad5344cfb7508c862029263395075e082f3716c1
+        Signer:
+        -   SerialNumber: 08b96c67a275ff544980bbc72a39a6d1
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: ''
+    MD5: 1a6e12c2d11e208bdf72a8962120fae7
+    MachineType: AMD64
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: 17d28a90ef4d3dbb083371f99943ff938f3b39f6
+    SHA256: 478bcb750017cb6541f3dd0d08a47370f3c92eec998bc3825b5d8e08ee831b70
+    Signature: ''
+    Imphash: cb8397a3262c80b558aff93ab75b6a7b
+    Authentihash:
+        MD5: b5d2eb2549f75a4a1ced7a0df90fb96e
+        SHA1: 9a329362e340fc8363e67fb5f23a8391cb83bf00
+        SHA256: ffd548833a96c2c5f8410b22fc110d10b36a47eb0b16b3d2e7edb82c3cabf97b
+    RichPEHeaderHash:
+        MD5: 66fe3419e37146017c0136838261ae2e
+        SHA1: 39b5dd38cef5d8d3c26653e09ab8d05f33356d7d
+        SHA256: f5d27359070c7e45be06e3694e8c1b0da1a227c12d2057af063c9efc6c781a69
+    Sections:
+        .text:
+            Entropy: 6.45699898094285
+            Virtual Size: '0x11bc'
+        .rdata:
+            Entropy: 4.115325486972536
+            Virtual Size: '0x174'
+        .data:
+            Entropy: 1.2099429743974393
+            Virtual Size: '0x170'
+        .pdata:
+            Entropy: 3.098579861712073
+            Virtual Size: '0x48'
+        INIT:
+            Entropy: 4.910053868611627
+            Virtual Size: '0x300'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2008-10-12 22:38:55'
+    InternalName: ''
+    Copyright: ''
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - MmAllocateContiguousMemorySpecifyCache
+    - DbgPrint
+    - IoAllocateMdl
+    - IoFreeMdl
+    - IoDeleteSymbolicLink
+    - MmFreeContiguousMemorySpecifyCache
+    - MmMapLockedPages
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeBugCheckEx
+    - MmBuildMdlForNonPagedPool
+    - MmUnmapLockedPages
+    - MmUnmapIoSpace
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=US, ST=Texas, L=Austin, O=Advanced Micro Devices, Inc., OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, OU=Developer Systems
+                Support, CN=Advanced Micro Devices, Inc.
+            ValidFrom: '2008-03-25 00:00:00'
+            ValidTo: '2009-04-25 23:59:59'
+            Signature: 6759952967d6b966a479b5d2a71f4538e5b85fcfa2fcf6e928a38db964549ad6ec0145beaf8a60d003289cc5c008d516304fdcf4d12314b376b1cad8fe01df20303aa5f2c1bb66606dd559bb32dc457d3c8a964fe583a4f46988b88c290ee4b395ab74c6d899b1d977b84b1287452698dc17a8e525efd00f2d38815dd2f7219700843913aba313065892d5cfa46bf2bd9784e2c376baab05df21627f157f965b6d994fcf0200cc571055ceb574105dced576de506934972f1f05228a14945e892440094792c5fd1eea9cfaf9f47c9891a39b449e6eee76e63ac9ce69d683ad0eaa75874cbf1b733eb96567e3942282496cf711ca6fa358b4304f859023f3c305
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 19201e5ae135ce9c8c77ce0c7b8aca13
+            Version: 3
+            TBS:
+                MD5: c3e7ab8689bcb94bf19962ac62d0b128
+                SHA1: 819ee906219f1a26914b21966f8786e3bff26d27
+                SHA256: 1f89c47ace545ddf40ab216be9421ee28f41454971765b10ec44bb6a9f64b517
+                SHA384: 8a0821981d0234783a635d480ae4c02c91ef91a03fd6f397692d93af21a9895124c7e900a23a9feab53d7700828be654
+        Signer:
+        -   SerialNumber: 19201e5ae135ce9c8c77ce0c7b8aca13
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: ''
+    MD5: 21ca6a013a75fcf6f930d4b08803973a
+    MachineType: I386
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: b3b523504af5228c49060ec8dea9f8adce05e117
+    SHA256: 49ae47b6b4d5e1b791b89e0395659d42a29a79c3e6ec52cbfcb9f9cef857a9dd
+    Signature: ''
+    Imphash: 7f8c74638fcf297f8216aa5b184f61d6
+    Authentihash:
+        MD5: da65f47b65a05396e9d3e53872af5b50
+        SHA1: 4a726544ef24840f38af646c3f1609e51f42c7d8
+        SHA256: d033f5c0a764aa7ecff779cf7fe13140d7d8eb1645dd212f408ed2fa119e3b47
+    RichPEHeaderHash:
+        MD5: 7b6e9fff0c17beb2de05b732b6800597
+        SHA1: f045b276f6d77d8ca42c76f8335e63835aa85297
+        SHA256: 5172569455079adb7c446a73d81b19b5e885fed04154be7e0ef45373c1326831
+    Sections:
+        .text:
+            Entropy: 6.3442987839687275
+            Virtual Size: '0xc9a'
+        .rdata:
+            Entropy: 4.401680420662313
+            Virtual Size: '0xed'
+        .data:
+            Entropy: 2.9823054054437197
+            Virtual Size: '0x58'
+        INIT:
+            Entropy: 5.374480349290966
+            Virtual Size: '0x344'
+        .reloc:
+            Entropy: 4.499060646383309
+            Virtual Size: '0xe8'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2008-10-12 22:42:32'
+    InternalName: ''
+    Copyright: ''
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - DbgPrint
+    - memcpy
+    - _allmul
+    - MmUnmapIoSpace
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeTickCount
+    - memset
+    - MmAllocateContiguousMemorySpecifyCache
+    - IoAllocateMdl
+    - MmBuildMdlForNonPagedPool
+    - MmMapLockedPages
+    - MmUnmapLockedPages
+    - IoFreeMdl
+    - IoDeleteDevice
+    - MmFreeContiguousMemorySpecifyCache
+    - WRITE_PORT_ULONG
+    - WRITE_PORT_USHORT
+    - WRITE_PORT_UCHAR
+    - READ_PORT_ULONG
+    - READ_PORT_USHORT
+    - READ_PORT_UCHAR
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    Signatures: {}
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: ''
+    MD5: f160ecce1500a5a5877c123584e86b17
+    MachineType: AMD64
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: dda8c7e852fe07d67c110dab163354a2a85f44a5
+    SHA256: 4ace6dded819e87f3686af2006cb415ed75554881a28c54de606975c41975112
+    Signature: ''
+    Imphash: cb8397a3262c80b558aff93ab75b6a7b
+    Authentihash:
+        MD5: b5d2eb2549f75a4a1ced7a0df90fb96e
+        SHA1: 9a329362e340fc8363e67fb5f23a8391cb83bf00
+        SHA256: ffd548833a96c2c5f8410b22fc110d10b36a47eb0b16b3d2e7edb82c3cabf97b
+    RichPEHeaderHash:
+        MD5: 66fe3419e37146017c0136838261ae2e
+        SHA1: 39b5dd38cef5d8d3c26653e09ab8d05f33356d7d
+        SHA256: f5d27359070c7e45be06e3694e8c1b0da1a227c12d2057af063c9efc6c781a69
+    Sections:
+        .text:
+            Entropy: 6.45699898094285
+            Virtual Size: '0x11bc'
+        .rdata:
+            Entropy: 4.115325486972536
+            Virtual Size: '0x174'
+        .data:
+            Entropy: 1.2099429743974393
+            Virtual Size: '0x170'
+        .pdata:
+            Entropy: 3.098579861712073
+            Virtual Size: '0x48'
+        INIT:
+            Entropy: 4.910053868611627
+            Virtual Size: '0x300'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2008-10-12 22:38:55'
+    InternalName: ''
+    Copyright: ''
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - MmAllocateContiguousMemorySpecifyCache
+    - DbgPrint
+    - IoAllocateMdl
+    - IoFreeMdl
+    - IoDeleteSymbolicLink
+    - MmFreeContiguousMemorySpecifyCache
+    - MmMapLockedPages
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeBugCheckEx
+    - MmBuildMdlForNonPagedPool
+    - MmUnmapLockedPages
+    - MmUnmapIoSpace
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=US, ST=Texas, L=Austin, O=Advanced Micro Devices, Inc., OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, OU=Developer Systems
+                Support, CN=Advanced Micro Devices, Inc.
+            ValidFrom: '2008-03-25 00:00:00'
+            ValidTo: '2009-04-25 23:59:59'
+            Signature: 6759952967d6b966a479b5d2a71f4538e5b85fcfa2fcf6e928a38db964549ad6ec0145beaf8a60d003289cc5c008d516304fdcf4d12314b376b1cad8fe01df20303aa5f2c1bb66606dd559bb32dc457d3c8a964fe583a4f46988b88c290ee4b395ab74c6d899b1d977b84b1287452698dc17a8e525efd00f2d38815dd2f7219700843913aba313065892d5cfa46bf2bd9784e2c376baab05df21627f157f965b6d994fcf0200cc571055ceb574105dced576de506934972f1f05228a14945e892440094792c5fd1eea9cfaf9f47c9891a39b449e6eee76e63ac9ce69d683ad0eaa75874cbf1b733eb96567e3942282496cf711ca6fa358b4304f859023f3c305
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 19201e5ae135ce9c8c77ce0c7b8aca13
+            Version: 3
+            TBS:
+                MD5: c3e7ab8689bcb94bf19962ac62d0b128
+                SHA1: 819ee906219f1a26914b21966f8786e3bff26d27
+                SHA256: 1f89c47ace545ddf40ab216be9421ee28f41454971765b10ec44bb6a9f64b517
+                SHA384: 8a0821981d0234783a635d480ae4c02c91ef91a03fd6f397692d93af21a9895124c7e900a23a9feab53d7700828be654
+        Signer:
+        -   SerialNumber: 19201e5ae135ce9c8c77ce0c7b8aca13
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: Advanced Micro Devices
+    Date: ''
+    Description: AMD OverDrive Service Driver
+    FileVersion: '3.1.0 built by: WinDDK'
+    Filename: ''
+    MD5: b934322c68c30dceca96c0274a51f7b0
+    MachineType: AMD64
+    OriginalFilename: AODDriver.sys
+    Product: AMD OverDrive Service Driver
+    ProductVersion: 3.1.0
+    Publisher: ''
+    SHA1: 18938e0d924ee7c0febdbf2676a099e828182c1c
+    SHA256: 5a0b10a9e662a0b0eeb951ffd2a82cc71d30939a78daebd26b3f58bb24351ac9
+    Signature: ''
+    Imphash: 7f53340c91c108efedb5b8678c5207b3
+    Authentihash:
+        MD5: bc5b3e62168d06b6581755afd6fd4f5d
+        SHA1: 01c9d8a69065cbc8aba2d00ed69628e3b847b167
+        SHA256: 129bfa559bde499f748cffc218f2b7ec4b22ee3114ceae8e386fbbe4e58e4523
+    RichPEHeaderHash:
+        MD5: 0155d1c1b94fe61e7564fe4047feb613
+        SHA1: 84da935966036af991bb9e5f9ea6b4e73fad9c57
+        SHA256: e396b4c3a0494aea766275eecb482347acd598e904ef6e2963f34aa3061afc24
+    Sections:
+        .text:
+            Entropy: 5.979993977618507
+            Virtual Size: '0x7243'
+        .rdata:
+            Entropy: 4.440197935949107
+            Virtual Size: '0x7b4'
+        .data:
+            Entropy: 1.6792243032035326
+            Virtual Size: '0x209e8'
+        .pdata:
+            Entropy: 4.53127514673866
+            Virtual Size: '0x3fc'
+        PAGE:
+            Entropy: 6.249029457903788
+            Virtual Size: '0x19f7'
+        INIT:
+            Entropy: 5.244528886331704
+            Virtual Size: '0x66c'
+        .rsrc:
+            Entropy: 3.2616129475774747
+            Virtual Size: '0x3a8'
+        .reloc:
+            Entropy: 1.2072398645622462
+            Virtual Size: '0x60'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2010-03-04 03:58:24'
+    InternalName: AODDriver.sys
+    Copyright: Copyright 2009 AMD, Inc.
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - MmMapLockedPages
+    - MmUnmapIoSpace
+    - MmBuildMdlForNonPagedPool
+    - IoFreeMdl
+    - MmMapIoSpace
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - MmUnmapLockedPages
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeEnterCriticalRegion
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoDeleteSymbolicLink
+    - KeLeaveCriticalRegion
+    - KeBugCheckEx
+    - IoAllocateMdl
+    - DbgPrint
+    - strncmp
+    - MmGetSystemRoutineAddress
+    - IoCreateDevice
+    - ZwClose
+    - ObOpenObjectByPointer
+    - ZwSetSecurityObject
+    - IoDeviceObjectType
+    - _snwprintf
+    - RtlLengthSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - RtlCreateSecurityDescriptor
+    - RtlSetDaclSecurityDescriptor
+    - RtlAbsoluteToSelfRelativeSD
+    - IoIsWdmVersionAvailable
+    - SeExports
+    - wcschr
+    - _wcsnicmp
+    - RtlLengthSid
+    - RtlAddAccessAllowedAce
+    - RtlGetSaclSecurityDescriptor
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - RtlFreeUnicodeString
+    - ZwOpenKey
+    - ZwCreateKey
+    - ZwQueryValueKey
+    - ZwSetValueKey
+    - HalGetBusDataByOffset
+    - HalSetBusDataByOffset
+    - KeStallExecutionProcessor
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=US, ST=Texas, L=Austin, O=Advanced Micro Devices, Inc., OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, OU=Developer Systems
+                Support, CN=Advanced Micro Devices, Inc.
+            ValidFrom: '2009-03-16 00:00:00'
+            ValidTo: '2010-04-25 23:59:59'
+            Signature: 3e4ab0d305f4d1d51e1a4a3eb11333809b402b73d0aa7b85bf2441dca235e6dc1593ca4911caf8aa005d7354f3cc77ac4772753a326000c07fd110d3fa9f54780f2e1c22b092015b05399db9f8267bfa686a7663d7ca7e9ac2d918fbbed2be29d33295267ffb0c4f8ace264c25d2c3f3a60bf9cc43b37790a15f3285bb0c10d2043be5cd9cf4714bb4a56e2450400d1cf82271da5ff3302441ce1cadcc90892ebd42b4b927275afe95e0ef51cb3f1e5c6556ae2a64711476add0f6d4d152660a7fdcd1000ab8945d080512dbe34198d8f71357435e432878a202749b8b175d91b610893f8051385964f6dd57aaa7682d6ecc807264cb3028f4aaf0d7764f42ba
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 08b96c67a275ff544980bbc72a39a6d1
+            Version: 3
+            TBS:
+                MD5: 0e3acf9c17f4e2159356533e5a841b34
+                SHA1: ecdc54b7d61942d3eaf86be64af4f9837f4f90dd
+                SHA256: 651f3eea445efd8ad06dc1e7e6b795ae44ca4e10818de60ce2e44e19a38934ae
+                SHA384: 901a764d8606471e7e40fbc4397021712e80be985a0fa87743aab684ad5344cfb7508c862029263395075e082f3716c1
+        Signer:
+        -   SerialNumber: 08b96c67a275ff544980bbc72a39a6d1
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: ''
+    MD5: fe3fb6719e86481a3514ab9e00a55bcf
+    MachineType: AMD64
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: e8311ba74bc6b35b1171b81056d0148913b1d61c
+    SHA256: 5daa8fa3b5db2e6225a2effea41af95fe7ffc579550c4081c8028ed33bc023b8
+    Signature: ''
+    Imphash: 7716b766e630388f64de1961719be3d4
+    Authentihash:
+        MD5: 59bd50b9577bdfca5452e158725b96a1
+        SHA1: 3099e0d37fd0ee97738cf271bae3793a91b88382
+        SHA256: 5640179b9cffc3517d322ac2c0bc1258b563f65ebb1b67eb22ecf7f3a0500c7d
+    RichPEHeaderHash:
+        MD5: a0f0847c87019909402cfe54fcd1841b
+        SHA1: 29fa0c52693fa3116724916ca0406a83c944046c
+        SHA256: bf0d703bd016cb194240c7e227262c9c5df925f3f6ba8edbde7263a8af4deb8c
+    Sections:
+        .text:
+            Entropy: 5.503715409035299
+            Virtual Size: '0x252c'
+        .rdata:
+            Entropy: 3.9173848730896146
+            Virtual Size: '0x190'
+        .data:
+            Entropy: 1.2478157323570183
+            Virtual Size: '0x184'
+        .pdata:
+            Entropy: 3.3414996533186425
+            Virtual Size: '0x90'
+        INIT:
+            Entropy: 4.922009201916293
+            Virtual Size: '0x300'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2009-03-18 01:59:35'
+    InternalName: ''
+    Copyright: ''
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - MmBuildMdlForNonPagedPool
+    - IoFreeMdl
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - MmAllocateContiguousMemorySpecifyCache
+    - MmUnmapIoSpace
+    - IoAllocateMdl
+    - MmUnmapLockedPages
+    - IoDeleteSymbolicLink
+    - MmFreeContiguousMemorySpecifyCache
+    - MmMapLockedPages
+    - KeBugCheckEx
+    - IoDeleteDevice
+    - DbgPrint
+    - RtlInitUnicodeString
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=US, ST=Texas, L=Austin, O=Advanced Micro Devices, Inc., OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, OU=Developer Systems
+                Support, CN=Advanced Micro Devices, Inc.
+            ValidFrom: '2008-03-25 00:00:00'
+            ValidTo: '2009-04-25 23:59:59'
+            Signature: 6759952967d6b966a479b5d2a71f4538e5b85fcfa2fcf6e928a38db964549ad6ec0145beaf8a60d003289cc5c008d516304fdcf4d12314b376b1cad8fe01df20303aa5f2c1bb66606dd559bb32dc457d3c8a964fe583a4f46988b88c290ee4b395ab74c6d899b1d977b84b1287452698dc17a8e525efd00f2d38815dd2f7219700843913aba313065892d5cfa46bf2bd9784e2c376baab05df21627f157f965b6d994fcf0200cc571055ceb574105dced576de506934972f1f05228a14945e892440094792c5fd1eea9cfaf9f47c9891a39b449e6eee76e63ac9ce69d683ad0eaa75874cbf1b733eb96567e3942282496cf711ca6fa358b4304f859023f3c305
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 19201e5ae135ce9c8c77ce0c7b8aca13
+            Version: 3
+            TBS:
+                MD5: c3e7ab8689bcb94bf19962ac62d0b128
+                SHA1: 819ee906219f1a26914b21966f8786e3bff26d27
+                SHA256: 1f89c47ace545ddf40ab216be9421ee28f41454971765b10ec44bb6a9f64b517
+                SHA384: 8a0821981d0234783a635d480ae4c02c91ef91a03fd6f397692d93af21a9895124c7e900a23a9feab53d7700828be654
+        Signer:
+        -   SerialNumber: 19201e5ae135ce9c8c77ce0c7b8aca13
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: Advanced Micro Devices
+    Date: ''
+    Description: AMD OverDrive Service Driver
+    FileVersion: '3.1.0 built by: WinDDK'
+    Filename: ''
+    MD5: 0ad87bba19f0b71ccb2d32239abd49ec
+    MachineType: I386
+    OriginalFilename: AODDriver.sys
+    Product: AMD OverDrive Service Driver
+    ProductVersion: 3.1.0
+    Publisher: ''
+    SHA1: e0ee5ea6693c26f21b143ef9b133f53efe443b1e
+    SHA256: 7a1105548bfc4b0a1b7b891cde0356d39b6633975cbcd0f2e2d8e31b3646d2ca
+    Signature: ''
+    Imphash: 51ecd9b363fde1f003f4b4f20c874b1b
+    Authentihash:
+        MD5: 7f337e0d90850309bb5bc8a847ee6336
+        SHA1: fcbbd7b4d138e4f2c2a23c32437e96e87af2019a
+        SHA256: 84683c840af3440b8b40d34088ec852e092f882ca558409d8338f1f5f46d2741
+    RichPEHeaderHash:
+        MD5: bd7a01ea7c446f987bb6d13427a7dcbd
+        SHA1: 3ad11abd65ff30a08c2868c40adddffdabd7f59e
+        SHA256: 805c20389793e8dfe93d80e0305e1bb39c2244c17c311a5a24653c4f0ca3b0f3
+    Sections:
+        .text:
+            Entropy: 6.39180750596254
+            Virtual Size: '0xe56'
+        .rdata:
+            Entropy: 4.418847616255422
+            Virtual Size: '0x113'
+        .data:
+            Entropy: 2.9792814698224577
+            Virtual Size: '0x64'
+        INIT:
+            Entropy: 5.370857082848018
+            Virtual Size: '0x344'
+        .rsrc:
+            Entropy: 3.2533017908220914
+            Virtual Size: '0x3a8'
+        .reloc:
+            Entropy: 4.577010549473324
+            Virtual Size: '0x102'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2009-08-31 00:17:54'
+    InternalName: AODDriver.sys
+    Copyright: Copyright 2009 AMD, Inc.
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - DbgPrint
+    - memcpy
+    - _allmul
+    - MmUnmapIoSpace
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeTickCount
+    - memset
+    - MmAllocateContiguousMemorySpecifyCache
+    - IoAllocateMdl
+    - MmBuildMdlForNonPagedPool
+    - MmMapLockedPages
+    - MmUnmapLockedPages
+    - IoFreeMdl
+    - IoDeleteDevice
+    - MmFreeContiguousMemorySpecifyCache
+    - WRITE_PORT_USHORT
+    - WRITE_PORT_UCHAR
+    - READ_PORT_USHORT
+    - READ_PORT_UCHAR
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    - READ_PORT_ULONG
+    - WRITE_PORT_ULONG
+    Signatures: {}
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: Advanced Micro Devices
+    Date: ''
+    Description: AMD OverDrive Service Driver
+    FileVersion: '3.2.0 built by: WinDDK'
+    Filename: ''
+    MD5: 5bd30b502168013c9ea03a5c2f1c9776
+    MachineType: I386
+    OriginalFilename: AODDriver.sys
+    Product: AMD OverDrive Service Driver
+    ProductVersion: 3.2.0
+    Publisher: ''
+    SHA1: 7b4c922415e13deaf54bb2771f2ae30814ee1d14
+    SHA256: 81d54ebef1716e195955046ffded498a5a7e325bf83e7847893aa3b0b3776d05
+    Signature: ''
+    Imphash: 2430f988dcdc3828f6079e1e2cc71dc8
+    Authentihash:
+        MD5: 08641141599e00b60cf7f5b4f16c7410
+        SHA1: c2e6ad05c0bcf694f024a3fc561dc987e4a28396
+        SHA256: 6fcb7131bc940fc01dc5444a1ae18bf299e92c3155a783629007cf2a61cda9db
+    RichPEHeaderHash:
+        MD5: 2662aedd17c15379c7db511e8f9bd9e4
+        SHA1: 26f001ebeb7725509010d35a01c168c3823045ef
+        SHA256: df0075725093273960a58e1f0d05ecb624b7ee6c84308d589ecc33516f359f44
+    Sections:
+        .text:
+            Entropy: 6.3339595908349065
+            Virtual Size: '0x5928'
+        .rdata:
+            Entropy: 4.173164731434227
+            Virtual Size: '0x403'
+        .data:
+            Entropy: 2.267399253551173
+            Virtual Size: '0x20868'
+        PAGE:
+            Entropy: 6.257618384310238
+            Virtual Size: '0x13d3'
+        INIT:
+            Entropy: 5.678310099271175
+            Virtual Size: '0x65c'
+        .rsrc:
+            Entropy: 3.265297786841924
+            Virtual Size: '0x3a8'
+        .reloc:
+            Entropy: 5.4358651010980035
+            Virtual Size: '0x724'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2010-03-04 03:41:36'
+    InternalName: AODDriver.sys
+    Copyright: Copyright 2010 AMD, Inc.
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - DbgPrint
+    - memcpy
+    - strncmp
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - IofCompleteRequest
+    - KeLeaveCriticalRegion
+    - KeEnterCriticalRegion
+    - MmMapIoSpace
+    - _aullshr
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - IoCreateSymbolicLink
+    - KeTickCount
+    - KeBugCheckEx
+    - MmUnmapIoSpace
+    - memset
+    - IoAllocateMdl
+    - MmBuildMdlForNonPagedPool
+    - MmMapLockedPages
+    - MmUnmapLockedPages
+    - IoFreeMdl
+    - _allshl
+    - MmGetSystemRoutineAddress
+    - ZwClose
+    - ZwSetSecurityObject
+    - ObOpenObjectByPointer
+    - IoDeviceObjectType
+    - IoCreateDevice
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetSaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - _snwprintf
+    - RtlLengthSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - SeExports
+    - IoIsWdmVersionAvailable
+    - _wcsnicmp
+    - RtlAddAccessAllowedAce
+    - RtlLengthSid
+    - wcschr
+    - RtlAbsoluteToSelfRelativeSD
+    - RtlSetDaclSecurityDescriptor
+    - RtlCreateSecurityDescriptor
+    - ZwOpenKey
+    - ZwCreateKey
+    - ZwQueryValueKey
+    - ZwSetValueKey
+    - RtlFreeUnicodeString
+    - HalSetBusDataByOffset
+    - KeStallExecutionProcessor
+    - WRITE_PORT_USHORT
+    - READ_PORT_USHORT
+    - HalGetBusDataByOffset
+    - READ_PORT_UCHAR
+    - WRITE_PORT_UCHAR
+    - WRITE_PORT_ULONG
+    - READ_PORT_ULONG
+    Signatures: {}
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: ''
+    MD5: c5b8e612360277ac70aa328432a99fd6
+    MachineType: AMD64
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: f5bafebfbfb67a022452870289ac7849e9ee1f61
+    SHA256: 8a982eed9cbc724d50a9ddf4f74ecbcd67b4fdcd9c2bb1795bc88c2d9caf7506
+    Signature: ''
+    Imphash: 2d7766896629499b1484227afaf43dd7
+    Authentihash:
+        MD5: 84420ea7b0d040aaaff4d2a2743a5eaf
+        SHA1: 23ac84bd285d1e6d2598b4eea65aac22015a76ef
+        SHA256: 79247cd973878500461753431f1528ed35e5f85a8978bf68ac211335ffcae27a
+    RichPEHeaderHash:
+        MD5: 286a69fb620218141a9b16dad2b8cbce
+        SHA1: 861734a40513d6dc58092803d4f757788f54f1e5
+        SHA256: 37813c3a77f50a0b9f4a252dada342da204ad6a12289a34afc261f71b0260e41
+    Sections:
+        .text:
+            Entropy: 6.349610588453567
+            Virtual Size: '0x9ac'
+        .rdata:
+            Entropy: 4.061114097772852
+            Virtual Size: '0x14c'
+        .data:
+            Entropy: 1.2599999127892403
+            Virtual Size: '0x164'
+        .pdata:
+            Entropy: 2.9347883731581965
+            Virtual Size: '0x3c'
+        INIT:
+            Entropy: 4.917368719792384
+            Virtual Size: '0x2a0'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2007-10-11 00:26:50'
+    InternalName: ''
+    Copyright: ''
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoCreateDevice
+    - DbgPrint
+    - IoAllocateMdl
+    - MmUnmapLockedPages
+    - IoDeleteSymbolicLink
+    - MmMapLockedPages
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - MmUnmapIoSpace
+    - MmBuildMdlForNonPagedPool
+    - IoFreeMdl
+    - KeBugCheckEx
+    - IofCompleteRequest
+    - RtlInitUnicodeString
+    - MmMapIoSpace
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    Signatures: {}
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: ''
+    MD5: cd1c8a66e885b7a8b464094395566a46
+    MachineType: I386
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: 1ab702c495cb7832d4cc1ff896277fa56ed8f30d
+    SHA256: ef438a754fd940d145cc5d658ddac666a06871d71652b258946c21efe4b7e517
+    Signature: ''
+    Imphash: c1579e4266fbdc47a5abc493a2d9d597
+    Authentihash:
+        MD5: f398a5cf97cb3693c094d0c0560f4f5b
+        SHA1: 81282dd51b710f930a5f8d4da65521be1d06fc63
+        SHA256: b0e2a4bf10a9428888e043fa40f7af74a963ed663c6bf4e2f136e39c41f606db
+    RichPEHeaderHash:
+        MD5: 54b6a604b4251abf94808f2aef00530b
+        SHA1: ce8e475ab534da3662b415b5fd8ba15fcae42644
+        SHA256: 1606453b435fa703e3a3629aeed9f4caa13e42d8195dbf02c61a65e44ecda37c
+    Sections:
+        .text:
+            Entropy: 5.8759004602052185
+            Virtual Size: '0x19e8'
+        .rdata:
+            Entropy: 4.327608614099631
+            Virtual Size: '0xec'
+        .data:
+            Entropy: 2.9823054054437197
+            Virtual Size: '0x58'
+        INIT:
+            Entropy: 5.352903638927322
+            Virtual Size: '0x354'
+        .reloc:
+            Entropy: 5.003048441234915
+            Virtual Size: '0x12e'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2008-08-25 03:01:19'
+    InternalName: ''
+    Copyright: ''
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - DbgPrint
+    - memcpy
+    - _allshl
+    - _aullshr
+    - MmUnmapIoSpace
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeTickCount
+    - memset
+    - MmAllocateContiguousMemorySpecifyCache
+    - IoAllocateMdl
+    - MmBuildMdlForNonPagedPool
+    - MmMapLockedPages
+    - MmUnmapLockedPages
+    - IoFreeMdl
+    - IoDeleteDevice
+    - MmFreeContiguousMemorySpecifyCache
+    - READ_PORT_USHORT
+    - READ_PORT_ULONG
+    - WRITE_PORT_UCHAR
+    - WRITE_PORT_USHORT
+    - WRITE_PORT_ULONG
+    - HalGetBusDataByOffset
+    - HalSetBusDataByOffset
+    - READ_PORT_UCHAR
+    Signatures: {}
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: Advanced Micro Devices
+    Date: ''
+    Description: AMD OverDrive Service Driver
+    FileVersion: '4.2.0 built by: WinDDK'
+    Filename: ''
+    MD5: 5f44a01ccc530b34051b9d0ccb5bb842
+    MachineType: AMD64
+    OriginalFilename: AODDriver2.sys
+    Product: AMD OverDrive Service Driver
+    ProductVersion: 4.2.0
+    Publisher: ''
+    SHA1: c520a368c472869c3dc356a7bcfa88046352e4d9
+    SHA256: f4dc11b7922bf2674ca9673638e7fe4e26aceb0ebdc528e6d10c8676e555d7b2
+    Signature: ''
+    Imphash: f119bff607049d431d0968fbaf6532f3
+    Authentihash:
+        MD5: 3958bf0abbaf2cb70708bc790b89840a
+        SHA1: 7686074bc96fc23d94c2347c11fae073d86ac401
+        SHA256: 4ce5523dea824b2f2d4d442a9016d0f1b7cc52dce58a1740f4c43fd28e1c6dcb
+    RichPEHeaderHash:
+        MD5: 99ea20d88305d842158e8ece088b2db5
+        SHA1: 524b29f6ff12bee8807cdd3bb9f3b24747442c69
+        SHA256: fefa148316d60d3d1cb5312c3fae4714b60ba980573233f69c6bfe550121f16b
+    Sections:
+        .text:
+            Entropy: 5.998614310617645
+            Virtual Size: '0x85b3'
+        .rdata:
+            Entropy: 4.472276868641076
+            Virtual Size: '0x7e8'
+        .data:
+            Entropy: 2.0281268782469555
+            Virtual Size: '0x20aa8'
+        .pdata:
+            Entropy: 4.554564217032994
+            Virtual Size: '0x45c'
+        PAGE:
+            Entropy: 6.24816999610764
+            Virtual Size: '0x19f7'
+        INIT:
+            Entropy: 5.236459840907012
+            Virtual Size: '0x676'
+        .rsrc:
+            Entropy: 3.2685600262773464
+            Virtual Size: '0x3b0'
+        .reloc:
+            Entropy: 1.2072398645622462
+            Virtual Size: '0x60'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2012-11-21 00:47:09'
+    InternalName: AODDriver2.sys
+    Copyright: "Copyright \xA9 2012 AMD, Inc."
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - KeDelayExecutionThread
+    - MmMapLockedPagesSpecifyCache
+    - MmMapIoSpace
+    - MmUnmapLockedPages
+    - DbgPrint
+    - IoAllocateMdl
+    - ExAllocatePoolWithTag
+    - IoFreeMdl
+    - strncmp
+    - IoCreateSymbolicLink
+    - IoDeleteSymbolicLink
+    - KeLeaveCriticalRegion
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeEnterCriticalRegion
+    - IofCompleteRequest
+    - KeBugCheckEx
+    - MmBuildMdlForNonPagedPool
+    - ExFreePoolWithTag
+    - MmUnmapIoSpace
+    - MmGetSystemRoutineAddress
+    - IoCreateDevice
+    - ZwClose
+    - ObOpenObjectByPointer
+    - ZwSetSecurityObject
+    - IoDeviceObjectType
+    - _snwprintf
+    - RtlLengthSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - RtlCreateSecurityDescriptor
+    - RtlSetDaclSecurityDescriptor
+    - RtlAbsoluteToSelfRelativeSD
+    - IoIsWdmVersionAvailable
+    - SeExports
+    - wcschr
+    - _wcsnicmp
+    - RtlLengthSid
+    - RtlAddAccessAllowedAce
+    - RtlGetSaclSecurityDescriptor
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - RtlFreeUnicodeString
+    - ZwOpenKey
+    - ZwCreateKey
+    - ZwQueryValueKey
+    - ZwSetValueKey
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=US, ST=Texas, L=Austin, O=Advanced Micro Devices, Inc., OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, OU=Developer Systems
+                Support, CN=Advanced Micro Devices, Inc.
+            ValidFrom: '2010-04-13 00:00:00'
+            ValidTo: '2013-04-24 23:59:59'
+            Signature: 28ede95334981f3dec776403807d9b2f331cf8c03253ae13872a2cb0c9f95d7bee70f53f8554b2fb78d8e51ade631b2842ae88f6667bef6dce764531cf92c1c15f6750059c4cdc40e011d5cabbe41417d2473e70bf332df709a6ffe79a78058d1833bdb92aeab6143cbb9b6295506ad5babef53246beb4aa1ff50c2b80a389828dd10e2f8b45eac2dad9e53f11bb1ea07955ce049e3f8dc5f65f403f503e7bcd8fbdd9e79a0d54cc384edf6d70299929901a4fea7795b5ff8fb91b8f21f1178795679601a62190233ad918ef304c32f07592fc5e37de5f556b8962f1024d7bad187a3ee9b28ef0a22277bc51423d7714598a469bcabbc1a44f47b40e83d43664
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 30ac31a0f3257e0b0cabcbadeba5534c
+            Version: 3
+            TBS:
+                MD5: c57ab6c4a315c3e64b5f571ad90cc9ba
+                SHA1: 4d719c5e6fc053d4fbce935cde7bccae6d5df476
+                SHA256: b48a4bfe89e6334cb2cdec4b69e68f86ddea6792cce7d04cfafb35cfef322d55
+                SHA384: 7e2cdde91aa8144c99ec10257cfd0b97f328be961eecd8fdf682f009db1d241f7159a61546fedcadc6d9c29ea64b715e
+        Signer:
+        -   SerialNumber: 30ac31a0f3257e0b0cabcbadeba5534c
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/a4795ab6-d908-44cf-9ebf-a47db367d385.yaml b/yaml/a4795ab6-d908-44cf-9ebf-a47db367d385.yaml
index 1cbbba6f6..45de8dc5f 100644
--- a/yaml/a4795ab6-d908-44cf-9ebf-a47db367d385.yaml
+++ b/yaml/a4795ab6-d908-44cf-9ebf-a47db367d385.yaml
@@ -1,155 +1,157 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: a4795ab6-d908-44cf-9ebf-a47db367d385
+Tags:
+- WiRwaDrv.sys
+Verified: 'TRUE'
 Author: Takahiro Haruyama
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create WiRwaDrvsys binPath= C:\windows\temp\WiRwaDrvsys.sys type=kernel
-    && sc.exe start WiRwaDrvsys
-  Description: The Carbon Black Threat Analysis Unit (TAU) discovered 34 unique vulnerable
-    drivers (237 file hashes) accepting firmware access. Six allow kernel memory access.
-    All give full control of the devices to non-admin users. By exploiting the vulnerable
-    drivers, an attacker without the system privilege may erase/alter firmware, and/or
-    elevate privileges. As of the time of writing in October 2023, the filenames of
-    the vulnerable drivers have not been made public until now.
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-11-02'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: a4795ab6-d908-44cf-9ebf-a47db367d385
-KnownVulnerableSamples:
-- Company: Wistron Corporation
-  Date: ''
-  Description: Wistron RWA Driver
-  FileVersion: 1.0.0.1016
-  Filename: ''
-  MD5: 7be3a7a743f2013c3e90355219626c2c
-  MachineType: AMD64
-  OriginalFilename: WiRwaDrv.sys
-  Product: Wistron RWA Driver
-  ProductVersion: 1.0.0.1016
-  Publisher: ''
-  SHA1: a951953e3c1bb08653ed7b0daec38be7b0169c27
-  SHA256: d8fc8e3a1348393c5d7c3a84bcbae383d85a4721a751ad7afac5428e5e579b4e
-  Signature: ''
-  Imphash: 21f58b1f2de6ad0e9c019da7a4e7317b
-  Authentihash:
-    MD5: b27ddf036b235b1a2a0f9c3869cf12e5
-    SHA1: d6540f9784c51a4bf08b59e7398de5bacb4e9011
-    SHA256: c7e5bd0090962b4f31e17ab3d1f97bd9870d23238b591a70e27a0c91db138f95
-  RichPEHeaderHash:
-    MD5: c5599f502c132e4cd94d522a8cadd663
-    SHA1: d726b26c064ab532c55824107f0340b8b618b35e
-    SHA256: 5927d293c65d42091d25a0554140352e17a69c69953e583671bc6fad80728249
-  Sections:
-    .text:
-      Entropy: 6.462033360013696
-      Virtual Size: '0x1543'
-    .rdata:
-      Entropy: 3.739190983334858
-      Virtual Size: '0x454'
-    .data:
-      Entropy: 2.620879970154579
-      Virtual Size: '0x28'
-    .pdata:
-      Entropy: 3.480354095113092
-      Virtual Size: '0xb4'
-    INIT:
-      Entropy: 4.855913278600088
-      Virtual Size: '0x1f6'
-    .rsrc:
-      Entropy: 3.5094540781323795
-      Virtual Size: '0x410'
-    .reloc:
-      Entropy: 2.684183719779189
-      Virtual Size: '0x14'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2019-10-18 02:40:37'
-  InternalName: WiRwaDrv.sys
-  Copyright: Copyright (C) 2019 Wistron Corporation
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - MmMapIoSpace
-  - MmUnmapIoSpace
-  - IofCompleteRequest
-  - DbgPrint
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - IoIs32bitProcess
-  - IoCreateDevice
-  - RtlInitUnicodeString
-  - KeStallExecutionProcessor
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 Extended Validation Code Signing CA , G2
-      ValidFrom: '2014-03-04 00:00:00'
-      ValidTo: '2024-03-03 23:59:59'
-      Signature: 3f5b19f3fa13d575382a5aee9f5aa04ca91dc5cc94eede15fef5106ea41ba56483541858c40b28a185c34e74e5ff897cfed5ed3cba719f5602268f162a88feb0a32722ce4be2388e00a63a865f9de53ea8de644941744121fd07c88417da1d653082cb264f39d60427a481b14b49c3238b7e02321827b7ab0bf31872b6a4ee67066f38a6588de0f17e5da460c6a8e5505fe0e8bae28f9958b6b5a0a876f1a2f11c8841727e52979b0a36998d50f701eb3ce7f0226ae5358c63368a1ab1d967665f971aefa8209df02fba6cced9948500f158f17dc97c22b5075d02c6e60bbfab9393ff27188e33367e5734f1c3af04c184f156b3e8878336f8d30a31dc6e2c6d
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 191a32cb759c97b8cfac118dd5127f49
-      Version: 3
-      TBS:
-        MD5: 788b61bd26da89253179e3de2cdb527f
-        SHA1: 7d06f16e7bf21bce4f71c2cb7a3e74351451bf69
-        SHA256: b3c925b4048c3f7c444d248a2b101186b57cba39596eb5dce0e17a4ee4b32f19
-        SHA384: 2955e28cb7ec0ea9730b499a0f189f9621eceb02591a9486b583f12bb845885a30d6a871826318a167cc5f06b274e58c
-    - Subject: ??=TW, ??=Taipei City, ??=Taipei City, ??=Private Organization, serialNumber=12868358,
-        C=TW, L=Taipei City, O=Wistron Corporation, CN=Wistron Corporation
-      ValidFrom: '2019-07-10 00:00:00'
-      ValidTo: '2021-04-10 23:59:59'
-      Signature: 26664b896d1e83b2fa44d95a88188d6a2afec9f4b0495a9b719dc107cbc8ed0efd4c65c8d6a36101ab32caba91f92d7d9402a6b6db782ecd9cea5849917e349b39d7d528045c701abb7072af2dfd526b4756733f4ed5f31e1c84ace251e39a0661493af6de24dba761a94915ced95b4d8421b5167bc9e85318021116959d9f2fe98b674d0d24f01929d50699b151b9cdb8464dfbdc578e725f6a7af29d0e8970f82531130b31fc5874650d637b359ac33a00b64b10bc8fae20adf2ade12764de5902023f8bb7782c8b5c72acf2bdced5727197f9e9d519fccaa7c397ae149da1702cda9d644f654f38044e04f637728f8228391bbe645f87977ca170f1e6cb4f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 3fab6983c8188ce80d06ddd6b92ef292
-      Version: 3
-      TBS:
-        MD5: 05bc106762d78fe49ebb5136aba4f0ed
-        SHA1: a5f824c6cb64fad75d9adcb6e1bb85eafd6bfb40
-        SHA256: 04b2175a32b3b2aa1c4523f6e6668c5ae4081ce76175f6cfe2a0fff19481b987
-        SHA384: 07a7d53cee7840bc277f18fc445986b9d951c577a3ab46a6a985ac21e15705e9c1556a19de3993c3af13724e5e9a5d49
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    Signer:
-    - SerialNumber: 3fab6983c8188ce80d06ddd6b92ef292
-      Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 Extended Validation Code Signing CA , G2
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create WiRwaDrvsys binPath= C:\windows\temp\WiRwaDrvsys.sys type=kernel
+        && sc.exe start WiRwaDrvsys
+    Description: The Carbon Black Threat Analysis Unit (TAU) discovered 34 unique
+        vulnerable drivers (237 file hashes) accepting firmware access. Six allow
+        kernel memory access. All give full control of the devices to non-admin users.
+        By exploiting the vulnerable drivers, an attacker without the system privilege
+        may erase/alter firmware, and/or elevate privileges. As of the time of writing
+        in October 2023, the filenames of the vulnerable drivers have not been made
+        public until now.
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://blogs.vmware.com/security/2023/10/hunting-vulnerable-kernel-drivers.html
-Tags:
-- WiRwaDrv.sys
-Verified: 'TRUE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Company: Wistron Corporation
+    Date: ''
+    Description: Wistron RWA Driver
+    FileVersion: 1.0.0.1016
+    Filename: ''
+    MD5: 7be3a7a743f2013c3e90355219626c2c
+    MachineType: AMD64
+    OriginalFilename: WiRwaDrv.sys
+    Product: Wistron RWA Driver
+    ProductVersion: 1.0.0.1016
+    Publisher: ''
+    SHA1: a951953e3c1bb08653ed7b0daec38be7b0169c27
+    SHA256: d8fc8e3a1348393c5d7c3a84bcbae383d85a4721a751ad7afac5428e5e579b4e
+    Signature: ''
+    Imphash: 21f58b1f2de6ad0e9c019da7a4e7317b
+    Authentihash:
+        MD5: b27ddf036b235b1a2a0f9c3869cf12e5
+        SHA1: d6540f9784c51a4bf08b59e7398de5bacb4e9011
+        SHA256: c7e5bd0090962b4f31e17ab3d1f97bd9870d23238b591a70e27a0c91db138f95
+    RichPEHeaderHash:
+        MD5: c5599f502c132e4cd94d522a8cadd663
+        SHA1: d726b26c064ab532c55824107f0340b8b618b35e
+        SHA256: 5927d293c65d42091d25a0554140352e17a69c69953e583671bc6fad80728249
+    Sections:
+        .text:
+            Entropy: 6.462033360013696
+            Virtual Size: '0x1543'
+        .rdata:
+            Entropy: 3.739190983334858
+            Virtual Size: '0x454'
+        .data:
+            Entropy: 2.620879970154579
+            Virtual Size: '0x28'
+        .pdata:
+            Entropy: 3.480354095113092
+            Virtual Size: '0xb4'
+        INIT:
+            Entropy: 4.855913278600088
+            Virtual Size: '0x1f6'
+        .rsrc:
+            Entropy: 3.5094540781323795
+            Virtual Size: '0x410'
+        .reloc:
+            Entropy: 2.684183719779189
+            Virtual Size: '0x14'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2019-10-18 02:40:37'
+    InternalName: WiRwaDrv.sys
+    Copyright: Copyright (C) 2019 Wistron Corporation
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - MmMapIoSpace
+    - MmUnmapIoSpace
+    - IofCompleteRequest
+    - DbgPrint
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - IoIs32bitProcess
+    - IoCreateDevice
+    - RtlInitUnicodeString
+    - KeStallExecutionProcessor
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 Extended Validation Code Signing CA , G2
+            ValidFrom: '2014-03-04 00:00:00'
+            ValidTo: '2024-03-03 23:59:59'
+            Signature: 3f5b19f3fa13d575382a5aee9f5aa04ca91dc5cc94eede15fef5106ea41ba56483541858c40b28a185c34e74e5ff897cfed5ed3cba719f5602268f162a88feb0a32722ce4be2388e00a63a865f9de53ea8de644941744121fd07c88417da1d653082cb264f39d60427a481b14b49c3238b7e02321827b7ab0bf31872b6a4ee67066f38a6588de0f17e5da460c6a8e5505fe0e8bae28f9958b6b5a0a876f1a2f11c8841727e52979b0a36998d50f701eb3ce7f0226ae5358c63368a1ab1d967665f971aefa8209df02fba6cced9948500f158f17dc97c22b5075d02c6e60bbfab9393ff27188e33367e5734f1c3af04c184f156b3e8878336f8d30a31dc6e2c6d
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 191a32cb759c97b8cfac118dd5127f49
+            Version: 3
+            TBS:
+                MD5: 788b61bd26da89253179e3de2cdb527f
+                SHA1: 7d06f16e7bf21bce4f71c2cb7a3e74351451bf69
+                SHA256: b3c925b4048c3f7c444d248a2b101186b57cba39596eb5dce0e17a4ee4b32f19
+                SHA384: 2955e28cb7ec0ea9730b499a0f189f9621eceb02591a9486b583f12bb845885a30d6a871826318a167cc5f06b274e58c
+        -   Subject: ??=TW, ??=Taipei City, ??=Taipei City, ??=Private Organization,
+                serialNumber=12868358, C=TW, L=Taipei City, O=Wistron Corporation,
+                CN=Wistron Corporation
+            ValidFrom: '2019-07-10 00:00:00'
+            ValidTo: '2021-04-10 23:59:59'
+            Signature: 26664b896d1e83b2fa44d95a88188d6a2afec9f4b0495a9b719dc107cbc8ed0efd4c65c8d6a36101ab32caba91f92d7d9402a6b6db782ecd9cea5849917e349b39d7d528045c701abb7072af2dfd526b4756733f4ed5f31e1c84ace251e39a0661493af6de24dba761a94915ced95b4d8421b5167bc9e85318021116959d9f2fe98b674d0d24f01929d50699b151b9cdb8464dfbdc578e725f6a7af29d0e8970f82531130b31fc5874650d637b359ac33a00b64b10bc8fae20adf2ade12764de5902023f8bb7782c8b5c72acf2bdced5727197f9e9d519fccaa7c397ae149da1702cda9d644f654f38044e04f637728f8228391bbe645f87977ca170f1e6cb4f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 3fab6983c8188ce80d06ddd6b92ef292
+            Version: 3
+            TBS:
+                MD5: 05bc106762d78fe49ebb5136aba4f0ed
+                SHA1: a5f824c6cb64fad75d9adcb6e1bb85eafd6bfb40
+                SHA256: 04b2175a32b3b2aa1c4523f6e6668c5ae4081ce76175f6cfe2a0fff19481b987
+                SHA384: 07a7d53cee7840bc277f18fc445986b9d951c577a3ab46a6a985ac21e15705e9c1556a19de3993c3af13724e5e9a5d49
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        Signer:
+        -   SerialNumber: 3fab6983c8188ce80d06ddd6b92ef292
+            Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 Extended Validation Code Signing CA , G2
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/a4aa80bc-4ecd-49ab-bc0f-0f49b07fdd7f.yaml b/yaml/a4aa80bc-4ecd-49ab-bc0f-0f49b07fdd7f.yaml
index 9403d1184..207028fe8 100644
--- a/yaml/a4aa80bc-4ecd-49ab-bc0f-0f49b07fdd7f.yaml
+++ b/yaml/a4aa80bc-4ecd-49ab-bc0f-0f49b07fdd7f.yaml
@@ -1,1308 +1,1320 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: a4aa80bc-4ecd-49ab-bc0f-0f49b07fdd7f
+Tags:
+- segwindrvx64.sys
+Verified: 'TRUE'
 Author: Michael Haag, Nasreddine Bencherchali
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create segwindrvx64.sys binPath=C:\windows\temp\segwindrvx64.sys     type=kernel
-    && sc.exe start segwindrvx64.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/65329dad28e92f4bcc64de15c552b6ef424494028b18875b7dba840053bc0cdd.yara
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: a4aa80bc-4ecd-49ab-bc0f-0f49b07fdd7f
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 5751b28d2c87f7016e4271edbdcf6017
-    SHA1: 4fb10f02d5af8ead68a5fdf101651b2f645a9eae
-    SHA256: e1d2d76829640542eabc0c96356675c0a930e4607869de8037daf62f898903b5
-  Company: Insyde Software Corp.
-  Copyright: Copyright (c) 2012 - 2014, Insyde Software Corp. All Rights Reserved.
-  CreationTimestamp: '2014-03-25 23:49:03'
-  Date: ''
-  Description: SEG Windows Driver x64
-  ExportedFunctions: ''
-  FileVersion: 100, 0, 7, 0
-  Filename: ''
-  ImportedFunctions:
-  - ExAllocatePoolWithTag
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - MmFreeContiguousMemorySpecifyCache
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - MmUnmapIoSpace
-  - MmGetPhysicalAddress
-  - MmMapIoSpace
-  - _vsnprintf
-  - IofCompleteRequest
-  - RtlCompareMemory
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - MmAllocateContiguousMemorySpecifyCache
-  - MmMapLockedPagesSpecifyCache
-  - RtlQueryRegistryValues
-  - ZwCreateFile
-  - ExSystemTimeToLocalTime
-  - ZwClose
-  - RtlTimeToTimeFields
-  - ZwWriteFile
-  - RtlInitAnsiString
-  - ExAllocatePool
-  - RtlFreeAnsiString
-  - RtlCopyString
-  - RtlEqualString
-  - MmGetSystemRoutineAddress
-  - KeBugCheckEx
-  Imports:
-  - ntoskrnl.exe
-  InternalName: segwindrvx64.sys
-  MD5: 9cbdb5fb6dc63cb13f10b6333407cbb9
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: segwindrvx64.sys
-  PDBPath: ''
-  Product: SEG Windows Driver x64
-  ProductVersion: 100, 0, 7, 0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: b8dc0c597ed9fbe3b9c1d1979a5835b1
-    SHA1: da0ea2d0cb88aa592c6e7236242e8dae028933d2
-    SHA256: 6435bf0541179b78d004077d66f1ae9221f7c4653bd69b0b2c7c5073f08d2e4f
-  SHA1: fc62b746e0e726537bf848b48212f46db585af6d
-  SHA256: 0d30c6c4fa0216d0637b4049142bc275814fd674859373bd4af520ce173a1c75
-  Sections:
-    .text:
-      Entropy: 5.730097404505606
-      Virtual Size: '0x4e76'
-    init:
-      Entropy: 5.809490364052008
-      Virtual Size: '0xba0'
-    page:
-      Entropy: 5.918798816254175
-      Virtual Size: '0xaa1c'
-    .rdata:
-      Entropy: 4.589120564200675
-      Virtual Size: '0x45c'
-    .data:
-      Entropy: 0.378703493487675
-      Virtual Size: '0x8c0'
-    .pdata:
-      Entropy: 4.582338372329757
-      Virtual Size: '0x474'
-    INIT:
-      Entropy: 5.245499370600843
-      Virtual Size: '0x422'
-    .rsrc:
-      Entropy: 3.3571301170640653
-      Virtual Size: '0x418'
-    .reloc:
-      Entropy: 1.5230096548354992
-      Virtual Size: '0x18'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=TW, ST=Taiwan, L=Taipei, O=Insyde Software Corp., OU=Digital ID Class
-        3 , Microsoft Software Validation v2, CN=Insyde Software Corp.
-      ValidFrom: '2012-12-28 00:00:00'
-      ValidTo: '2016-01-27 23:59:59'
-      Signature: 19cf4cfe8a901a2d50614d496664fcdaaa80098ec50cec3e3f56a3d08a399d96d13046789c8281a1a9bf1054c79351f73e091664da593dcd39ec4ad7077513b01270666042cb743d4cd2387b61067384d5ed20ee0773e7e61fc1a8a750c3882c6e64ad0f8819b91c19c50708510467ee34ac845fb0a68259e90c7dbef65dcc4b75c72fde8d954ef37d53bba6f00a40e1c85deeb81531772b07232f8e8fe791eac42ab152b5e970c008f14bdec7a7e1ac114bae73ae1ba4f3a525a169f37de670a9447f65653426abb77c6a8b7f91c2d5428a63059129ba94818d3f6cceac0e0790ddb23d56f598e0a9083fc8b92a3b100c0dc1729290ba44fb1538ac4cedf926
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0355af7ef9418e476d877eecd9f9e9e2
-      Version: 3
-      TBS:
-        MD5: 768c1a47836a7536fbc50e7be60e65ff
-        SHA1: 569a77bd8a095070b13b75bc81cd0422f746daa3
-        SHA256: d5289c20d1f89ac5000b691627764379d369c68ab7d53425baa8e83f09b5b369
-        SHA384: 92eb214d60e1c7342eb7b4863dd634d364d80494b4090301e872fba4d2efbec2a799d49f0ac9590f8c61e0fb3b905af3
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 0355af7ef9418e476d877eecd9f9e9e2
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 865c945f842a3f5f5453fb90d12f6765
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: bfc8d6405949be17179975d604e62c90
-    SHA1: c7d32983805f04c7aac4e9713d203399aaca7acc
-    SHA256: f1f345591efe74fd12e706132939f51963eb39dd0a1db556123c3e850c60fada
-  Company: Insyde Software Corp.
-  Copyright: Copyright (c) 2012 - 2015, Insyde Software Corp. All Rights Reserved.
-  CreationTimestamp: '2015-04-01 03:39:09'
-  Date: ''
-  Description: SEG Windows Driver x64
-  ExportedFunctions: ''
-  FileVersion: 100.00.07.02
-  Filename: segwindrvx64.sys
-  ImportedFunctions:
-  - MmMapLockedPagesSpecifyCache
-  - MmMapIoSpace
-  - MmUnmapIoSpace
-  - MmAllocateContiguousMemorySpecifyCache
-  - MmFreeContiguousMemorySpecifyCache
-  - IofCompleteRequest
-  - MmGetPhysicalAddress
-  - _vsnprintf
-  - RtlInitUnicodeString
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - MmGetSystemRoutineAddress
-  - RtlInitAnsiString
-  - RtlFreeAnsiString
-  - ExAllocatePool
-  - RtlCopyString
-  - RtlEqualString
-  - RtlCompareMemory
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - RtlQueryRegistryValues
-  - RtlTimeToTimeFields
-  - ExSystemTimeToLocalTime
-  - ZwCreateFile
-  - ZwWriteFile
-  - ZwClose
-  - KeBugCheckEx
-  Imports:
-  - ntoskrnl.exe
-  InternalName: segwindrvx64.sys
-  MD5: 4ae55080ec8aed49343e40d08370195c
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: segwindrvx64.sys
-  Product: SEG Windows Driver x64
-  ProductVersion: 100.00.07.02
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: dc3dfe1fda1d095e5fa3849e71bb1fb6
-    SHA1: 772d5aa7af303c29b3901b79fcca7b061680e29e
-    SHA256: 82732fd11bdbc96fa1c3a0b827c338cc56c5c8d8bdae6c6a7a5006b7d611d9c2
-  SHA1: d702d88b12233be9413446c445f22fda4a92a1d9
-  SHA256: 65329dad28e92f4bcc64de15c552b6ef424494028b18875b7dba840053bc0cdd
-  Sections:
-    .text:
-      Entropy: 6.394547304706308
-      Virtual Size: '0x3790'
-    page:
-      Entropy: 6.446390725227797
-      Virtual Size: '0x7bac'
-    init:
-      Entropy: 6.152461897826253
-      Virtual Size: '0x8e0'
-    .rdata:
-      Entropy: 4.702836701507362
-      Virtual Size: '0x8ac'
-    .data:
-      Entropy: 0.3584113039007212
-      Virtual Size: '0x7c8'
-    .pdata:
-      Entropy: 4.315963058834505
-      Virtual Size: '0x3c0'
-    INIT:
-      Entropy: 5.4316832618837925
-      Virtual Size: '0x42a'
-    .rsrc:
-      Entropy: 3.3723185213577525
-      Virtual Size: '0x418'
-    .reloc:
-      Entropy: 2.4954618442383216
-      Virtual Size: '0x14'
-  Signature:
-  - Insyde Software Corp.
-  - VeriSign Class 3 Code Signing 2010 CA
-  - VeriSign
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=TW, ST=Taiwan, L=Taipei, O=Insyde Software Corp., OU=Digital ID Class
-        3 , Microsoft Software Validation v2, CN=Insyde Software Corp.
-      ValidFrom: '2012-12-28 00:00:00'
-      ValidTo: '2016-01-27 23:59:59'
-      Signature: 19cf4cfe8a901a2d50614d496664fcdaaa80098ec50cec3e3f56a3d08a399d96d13046789c8281a1a9bf1054c79351f73e091664da593dcd39ec4ad7077513b01270666042cb743d4cd2387b61067384d5ed20ee0773e7e61fc1a8a750c3882c6e64ad0f8819b91c19c50708510467ee34ac845fb0a68259e90c7dbef65dcc4b75c72fde8d954ef37d53bba6f00a40e1c85deeb81531772b07232f8e8fe791eac42ab152b5e970c008f14bdec7a7e1ac114bae73ae1ba4f3a525a169f37de670a9447f65653426abb77c6a8b7f91c2d5428a63059129ba94818d3f6cceac0e0790ddb23d56f598e0a9083fc8b92a3b100c0dc1729290ba44fb1538ac4cedf926
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0355af7ef9418e476d877eecd9f9e9e2
-      Version: 3
-      TBS:
-        MD5: 768c1a47836a7536fbc50e7be60e65ff
-        SHA1: 569a77bd8a095070b13b75bc81cd0422f746daa3
-        SHA256: d5289c20d1f89ac5000b691627764379d369c68ab7d53425baa8e83f09b5b369
-        SHA384: 92eb214d60e1c7342eb7b4863dd634d364d80494b4090301e872fba4d2efbec2a799d49f0ac9590f8c61e0fb3b905af3
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 0355af7ef9418e476d877eecd9f9e9e2
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: d5d40497d82daf7e44255ede810ce7a6
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 9eea185193b6357a2bd97455572b650c
-    SHA1: 4ac29762ab2ad025a13a1e8cf7af9b7f4c875aac
-    SHA256: ca213b79336c69128620bc39e6d987c1e605299fb6525344ba1b08b7829197c7
-  Company: Insyde Software Corp.
-  Copyright: Copyright (c) 2012 - 2014, Insyde Software Corp. All Rights Reserved.
-  CreationTimestamp: '2014-03-18 14:20:01'
-  Description: SEG Windows Driver x64
-  ExportedFunctions: ''
-  FileVersion: 100, 0, 7, 0
-  Filename: segwindrvx64.sys
-  ImportedFunctions:
-  - MmMapLockedPagesSpecifyCache
-  - MmMapIoSpace
-  - MmUnmapIoSpace
-  - MmAllocateContiguousMemorySpecifyCache
-  - MmFreeContiguousMemorySpecifyCache
-  - IofCompleteRequest
-  - MmGetPhysicalAddress
-  - _vsnprintf
-  - RtlInitUnicodeString
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - MmGetSystemRoutineAddress
-  - RtlInitAnsiString
-  - RtlFreeAnsiString
-  - ExAllocatePool
-  - RtlCopyString
-  - RtlEqualString
-  - RtlCompareMemory
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - RtlQueryRegistryValues
-  - RtlTimeToTimeFields
-  - ExSystemTimeToLocalTime
-  - ZwCreateFile
-  - ZwWriteFile
-  - ZwClose
-  - KeBugCheckEx
-  Imports:
-  - ntoskrnl.exe
-  InternalName: segwindrvx64.sys
-  MD5: bdc3b6b83dde7111d5d6b9a2aadf233f
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: segwindrvx64.sys
-  Product: SEG Windows Driver x64
-  ProductVersion: 100, 0, 7, 0
-  RichPEHeaderHash:
-    MD5: b771c0bd9fe0e428b467b774d1cbc0bf
-    SHA1: 93b03b61a7b4b4efd2f85ff40709bdacae9d0a2a
-    SHA256: 98f486ee105b32d3e054170a341c20d2874830b8f67bd00bf2479a10ed9497b1
-  SHA1: 2ade3347df84d6707f39d9b821890440bcfdb5e9
-  SHA256: c628cda1ef43defc00af45b79949675a8422490d32b080b3a8bb9434242bdbf2
-  Sections:
-    .text:
-      Entropy: 6.356774466840064
-      Virtual Size: '0x3950'
-    page:
-      Entropy: 6.439453102429494
-      Virtual Size: '0x7f6c'
-    init:
-      Entropy: 6.129358966398015
-      Virtual Size: '0x8f0'
-    .rdata:
-      Entropy: 4.8954447934549234
-      Virtual Size: '0x884'
-    .data:
-      Entropy: 0.378703493487675
-      Virtual Size: '0x8c8'
-    .pdata:
-      Entropy: 4.382232766052746
-      Virtual Size: '0x3c0'
-    INIT:
-      Entropy: 5.4024440204530935
-      Virtual Size: '0x43a'
-    .rsrc:
-      Entropy: 3.353203563698321
-      Virtual Size: '0x418'
-    .reloc:
-      Entropy: 1.298790964781857
-      Virtual Size: '0x24'
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=TW, ST=Taiwan, L=Taipei, O=Insyde Software Corp., OU=Digital ID Class
-        3 , Microsoft Software Validation v2, CN=Insyde Software Corp.
-      ValidFrom: '2012-12-28 00:00:00'
-      ValidTo: '2016-01-27 23:59:59'
-      Signature: 19cf4cfe8a901a2d50614d496664fcdaaa80098ec50cec3e3f56a3d08a399d96d13046789c8281a1a9bf1054c79351f73e091664da593dcd39ec4ad7077513b01270666042cb743d4cd2387b61067384d5ed20ee0773e7e61fc1a8a750c3882c6e64ad0f8819b91c19c50708510467ee34ac845fb0a68259e90c7dbef65dcc4b75c72fde8d954ef37d53bba6f00a40e1c85deeb81531772b07232f8e8fe791eac42ab152b5e970c008f14bdec7a7e1ac114bae73ae1ba4f3a525a169f37de670a9447f65653426abb77c6a8b7f91c2d5428a63059129ba94818d3f6cceac0e0790ddb23d56f598e0a9083fc8b92a3b100c0dc1729290ba44fb1538ac4cedf926
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0355af7ef9418e476d877eecd9f9e9e2
-      Version: 3
-      TBS:
-        MD5: 768c1a47836a7536fbc50e7be60e65ff
-        SHA1: 569a77bd8a095070b13b75bc81cd0422f746daa3
-        SHA256: d5289c20d1f89ac5000b691627764379d369c68ab7d53425baa8e83f09b5b369
-        SHA384: 92eb214d60e1c7342eb7b4863dd634d364d80494b4090301e872fba4d2efbec2a799d49f0ac9590f8c61e0fb3b905af3
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 0355af7ef9418e476d877eecd9f9e9e2
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: d5d40497d82daf7e44255ede810ce7a6
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 455be805eef8874daa03b46c0dc8237b
-    SHA1: 7ebdf0f226a8e60cc9da39add12f75e17f615b7a
-    SHA256: ee8ee16198dd8eec8d5fbb7f98f64bb849b2dfcf652cc102f4cdc63a4551549f
-  Company: Insyde Software Corp.
-  Copyright: Copyright (c) 2012 - 2014, Insyde Software Corp. All Rights Reserved.
-  CreationTimestamp: '2014-03-18 14:27:12'
-  Date: ''
-  Description: SEG Windows Driver x64
-  ExportedFunctions: ''
-  FileVersion: 100, 0, 7, 0
-  Filename: ''
-  ImportedFunctions:
-  - WRITE_REGISTER_ULONG
-  - WRITE_REGISTER_BUFFER_UCHAR
-  - MmMapLockedPagesSpecifyCache
-  - MmMapIoSpace
-  - MmUnmapIoSpace
-  - MmAllocateContiguousMemorySpecifyCache
-  - MmFreeContiguousMemorySpecifyCache
-  - IofCompleteRequest
-  - MmGetPhysicalAddress
-  - _vsnprintf
-  - memcpy
-  - memset
-  - RtlInitUnicodeString
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - MmGetSystemRoutineAddress
-  - RtlInitAnsiString
-  - RtlFreeAnsiString
-  - WRITE_REGISTER_USHORT
-  - RtlCopyString
-  - RtlEqualString
-  - RtlCompareMemory
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - RtlQueryRegistryValues
-  - RtlTimeToTimeFields
-  - KeQuerySystemTime
-  - ExSystemTimeToLocalTime
-  - ZwCreateFile
-  - ZwWriteFile
-  - ZwClose
-  - KeTickCount
-  - KeBugCheckEx
-  - WRITE_REGISTER_UCHAR
-  - READ_REGISTER_BUFFER_UCHAR
-  - READ_REGISTER_ULONG
-  - READ_REGISTER_USHORT
-  - ExAllocatePool
-  - READ_REGISTER_UCHAR
-  - WRITE_PORT_ULONG
-  - WRITE_PORT_UCHAR
-  - READ_PORT_ULONG
-  - READ_PORT_UCHAR
-  - KeGetCurrentIrql
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: segwindrvx64.sys
-  MD5: 31a331a88c6280555859455518a95c35
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: segwindrvx64.sys
-  PDBPath: ''
-  Product: SEG Windows Driver x64
-  ProductVersion: 100, 0, 7, 0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: d3ecd8b9995fa87438ee429391c9f76b
-    SHA1: ac66be77e53f64702c8fc8ef219a1ce42794fa58
-    SHA256: e663e1327e434c11c041d6a8df33663ce4228f15fffabbf4a18863be02d1bb2b
-  SHA1: c3be2bbd9b3f696bc9d51d5973cc00ca059fb172
-  SHA256: 7164aaff86b3b7c588fc7ae7839cc09c5c8c6ae29d1aff5325adaf5bedd7c9f5
-  Sections:
-    page:
-      Entropy: 6.439541377992988
-      Virtual Size: '0x647a'
-    .text:
-      Entropy: 6.3508325334692906
-      Virtual Size: '0x2eec'
-    init:
-      Entropy: 6.311415509117727
-      Virtual Size: '0x76c'
-    .rdata:
-      Entropy: 4.252909275286044
-      Virtual Size: '0x1f4'
-    .data:
-      Entropy: 0.30999732431271465
-      Virtual Size: '0x680'
-    INIT:
-      Entropy: 5.857854174755009
-      Virtual Size: '0x5e4'
-    .rsrc:
-      Entropy: 3.3542363142996017
-      Virtual Size: '0x418'
-    .reloc:
-      Entropy: 6.499125852370471
-      Virtual Size: '0x892'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=TW, ST=Taiwan, L=Taipei, O=Insyde Software Corp., OU=Digital ID Class
-        3 , Microsoft Software Validation v2, CN=Insyde Software Corp.
-      ValidFrom: '2012-12-28 00:00:00'
-      ValidTo: '2016-01-27 23:59:59'
-      Signature: 19cf4cfe8a901a2d50614d496664fcdaaa80098ec50cec3e3f56a3d08a399d96d13046789c8281a1a9bf1054c79351f73e091664da593dcd39ec4ad7077513b01270666042cb743d4cd2387b61067384d5ed20ee0773e7e61fc1a8a750c3882c6e64ad0f8819b91c19c50708510467ee34ac845fb0a68259e90c7dbef65dcc4b75c72fde8d954ef37d53bba6f00a40e1c85deeb81531772b07232f8e8fe791eac42ab152b5e970c008f14bdec7a7e1ac114bae73ae1ba4f3a525a169f37de670a9447f65653426abb77c6a8b7f91c2d5428a63059129ba94818d3f6cceac0e0790ddb23d56f598e0a9083fc8b92a3b100c0dc1729290ba44fb1538ac4cedf926
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0355af7ef9418e476d877eecd9f9e9e2
-      Version: 3
-      TBS:
-        MD5: 768c1a47836a7536fbc50e7be60e65ff
-        SHA1: 569a77bd8a095070b13b75bc81cd0422f746daa3
-        SHA256: d5289c20d1f89ac5000b691627764379d369c68ab7d53425baa8e83f09b5b369
-        SHA384: 92eb214d60e1c7342eb7b4863dd634d364d80494b4090301e872fba4d2efbec2a799d49f0ac9590f8c61e0fb3b905af3
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 0355af7ef9418e476d877eecd9f9e9e2
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 6736c04d5ff512e5e2eb608414276513
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 0c6627c22f2d4cedbace35610ef22217
-    SHA1: 287617c248c57c29357d09d46b795690efeb1f7f
-    SHA256: f83465d2c38c20a3854d86c293867de3baae2f90419dbe82405bc9f9dd7bbd8c
-  Company: Insyde Software Corp.
-  Copyright: Copyright (c) 2012 - 2014, Insyde Software Corp. All Rights Reserved.
-  CreationTimestamp: '2014-09-19 00:42:51'
-  Date: ''
-  Description: SEG Windows Driver x64
-  ExportedFunctions: ''
-  FileVersion: 100.00.07.01
-  Filename: ''
-  ImportedFunctions:
-  - MmMapLockedPagesSpecifyCache
-  - MmMapIoSpace
-  - MmUnmapIoSpace
-  - MmAllocateContiguousMemorySpecifyCache
-  - MmFreeContiguousMemorySpecifyCache
-  - IofCompleteRequest
-  - MmGetPhysicalAddress
-  - _vsnprintf
-  - RtlInitUnicodeString
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - MmGetSystemRoutineAddress
-  - RtlInitAnsiString
-  - RtlFreeAnsiString
-  - ExAllocatePool
-  - RtlCopyString
-  - RtlEqualString
-  - RtlCompareMemory
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - RtlQueryRegistryValues
-  - RtlTimeToTimeFields
-  - ExSystemTimeToLocalTime
-  - ZwCreateFile
-  - ZwWriteFile
-  - ZwClose
-  - KeBugCheckEx
-  Imports:
-  - ntoskrnl.exe
-  InternalName: segwindrvx64.sys
-  MD5: 875c44411674b75feb07592aeffa09c1
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: segwindrvx64.sys
-  PDBPath: ''
-  Product: SEG Windows Driver x64
-  ProductVersion: 100.00.07.01
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: dc3dfe1fda1d095e5fa3849e71bb1fb6
-    SHA1: 772d5aa7af303c29b3901b79fcca7b061680e29e
-    SHA256: 82732fd11bdbc96fa1c3a0b827c338cc56c5c8d8bdae6c6a7a5006b7d611d9c2
-  SHA1: dc69a6cdf048e2c4a370d4b5cafd717d236374ea
-  SHA256: b9ae1d53a464bc9bb86782ab6c55e2da8804c80a361139a82a6c8eef30fddd7c
-  Sections:
-    .text:
-      Entropy: 6.394547304706308
-      Virtual Size: '0x3790'
-    page:
-      Entropy: 6.447016152363958
-      Virtual Size: '0x7bac'
-    init:
-      Entropy: 6.152461897826253
-      Virtual Size: '0x8e0'
-    .rdata:
-      Entropy: 4.7104561151712145
-      Virtual Size: '0x8b4'
-    .data:
-      Entropy: 0.3584113039007212
-      Virtual Size: '0x7c8'
-    .pdata:
-      Entropy: 4.341982648651994
-      Virtual Size: '0x3c0'
-    INIT:
-      Entropy: 5.4316832618837925
-      Virtual Size: '0x42a'
-    .rsrc:
-      Entropy: 3.3605735192832755
-      Virtual Size: '0x418'
-    .reloc:
-      Entropy: 2.4954618442383216
-      Virtual Size: '0x14'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=TW, ST=Taiwan, L=Taipei, O=Insyde Software Corp., OU=Digital ID Class
-        3 , Microsoft Software Validation v2, CN=Insyde Software Corp.
-      ValidFrom: '2012-12-28 00:00:00'
-      ValidTo: '2016-01-27 23:59:59'
-      Signature: 19cf4cfe8a901a2d50614d496664fcdaaa80098ec50cec3e3f56a3d08a399d96d13046789c8281a1a9bf1054c79351f73e091664da593dcd39ec4ad7077513b01270666042cb743d4cd2387b61067384d5ed20ee0773e7e61fc1a8a750c3882c6e64ad0f8819b91c19c50708510467ee34ac845fb0a68259e90c7dbef65dcc4b75c72fde8d954ef37d53bba6f00a40e1c85deeb81531772b07232f8e8fe791eac42ab152b5e970c008f14bdec7a7e1ac114bae73ae1ba4f3a525a169f37de670a9447f65653426abb77c6a8b7f91c2d5428a63059129ba94818d3f6cceac0e0790ddb23d56f598e0a9083fc8b92a3b100c0dc1729290ba44fb1538ac4cedf926
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0355af7ef9418e476d877eecd9f9e9e2
-      Version: 3
-      TBS:
-        MD5: 768c1a47836a7536fbc50e7be60e65ff
-        SHA1: 569a77bd8a095070b13b75bc81cd0422f746daa3
-        SHA256: d5289c20d1f89ac5000b691627764379d369c68ab7d53425baa8e83f09b5b369
-        SHA384: 92eb214d60e1c7342eb7b4863dd634d364d80494b4090301e872fba4d2efbec2a799d49f0ac9590f8c61e0fb3b905af3
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 0355af7ef9418e476d877eecd9f9e9e2
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: d5d40497d82daf7e44255ede810ce7a6
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 0bc06ae681c0c6d57349c70a56da0d6c
-    SHA1: 95c09ff1fdec9fa1739492c047d333fd8124b33b
-    SHA256: 61bd9a26c01371d865e681f6354853dc0e27b1064906cd99b15220098be6e88d
-  Company: Insyde Software Corp.
-  Copyright: Copyright (c) 2012 - 2013, Insyde Software Corp. All Rights Reserved.
-  CreationTimestamp: '2013-11-15 00:50:12'
-  Date: ''
-  Description: SEG Windows Driver x64
-  ExportedFunctions: ''
-  FileVersion: 100, 0, 4, 0
-  Filename: ''
-  ImportedFunctions:
-  - ExAllocatePoolWithTag
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - MmFreeContiguousMemorySpecifyCache
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - MmUnmapIoSpace
-  - MmGetPhysicalAddress
-  - MmMapIoSpace
-  - _vsnprintf
-  - IofCompleteRequest
-  - RtlCompareMemory
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - MmAllocateContiguousMemorySpecifyCache
-  - MmMapLockedPagesSpecifyCache
-  - RtlQueryRegistryValues
-  - ZwCreateFile
-  - ExSystemTimeToLocalTime
-  - ZwClose
-  - RtlTimeToTimeFields
-  - ZwWriteFile
-  - MmGetSystemRoutineAddress
-  - KeBugCheckEx
-  Imports:
-  - ntoskrnl.exe
-  InternalName: segwindrvx64.sys
-  MD5: dad8f40626ed4702e0e8502562d93d7c
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: segwindrvx64.sys
-  PDBPath: ''
-  Product: SEG Windows Driver x64
-  ProductVersion: 100, 0, 4, 0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 11b19e98ecaef1027a2916f67da6a9ee
-    SHA1: 99dee060fc9d3cd87aee4f8fba92d26f17355497
-    SHA256: 35396200c56c16bfeca125286105155e2126b3b4d30f6159af19cfbe512c5014
-  SHA1: b4f1877156bf3157bff1170ba878848b2f22d2d5
-  SHA256: 38d6d90d543bf6037023c1b1b14212b4fa07731cbbb44bdb17e8faffc12b22e8
-  Sections:
-    .text:
-      Entropy: 5.707280071498698
-      Virtual Size: '0x3406'
-    init:
-      Entropy: 5.824328621472292
-      Virtual Size: '0xba0'
-    page:
-      Entropy: 5.921130042839161
-      Virtual Size: '0x9e4c'
-    .rdata:
-      Entropy: 4.549620442419733
-      Virtual Size: '0x3dc'
-    .data:
-      Entropy: 0.378703493487675
-      Virtual Size: '0x8c0'
-    .pdata:
-      Entropy: 4.4308918727986075
-      Virtual Size: '0x3fc'
-    INIT:
-      Entropy: 5.3100840967243155
-      Virtual Size: '0x39e'
-    .rsrc:
-      Entropy: 3.350432073162678
-      Virtual Size: '0x418'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=TW, ST=Taiwan, L=Taipei, O=Insyde Software Corp., OU=Digital ID Class
-        3 , Microsoft Software Validation v2, CN=Insyde Software Corp.
-      ValidFrom: '2012-12-28 00:00:00'
-      ValidTo: '2016-01-27 23:59:59'
-      Signature: 19cf4cfe8a901a2d50614d496664fcdaaa80098ec50cec3e3f56a3d08a399d96d13046789c8281a1a9bf1054c79351f73e091664da593dcd39ec4ad7077513b01270666042cb743d4cd2387b61067384d5ed20ee0773e7e61fc1a8a750c3882c6e64ad0f8819b91c19c50708510467ee34ac845fb0a68259e90c7dbef65dcc4b75c72fde8d954ef37d53bba6f00a40e1c85deeb81531772b07232f8e8fe791eac42ab152b5e970c008f14bdec7a7e1ac114bae73ae1ba4f3a525a169f37de670a9447f65653426abb77c6a8b7f91c2d5428a63059129ba94818d3f6cceac0e0790ddb23d56f598e0a9083fc8b92a3b100c0dc1729290ba44fb1538ac4cedf926
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0355af7ef9418e476d877eecd9f9e9e2
-      Version: 3
-      TBS:
-        MD5: 768c1a47836a7536fbc50e7be60e65ff
-        SHA1: 569a77bd8a095070b13b75bc81cd0422f746daa3
-        SHA256: d5289c20d1f89ac5000b691627764379d369c68ab7d53425baa8e83f09b5b369
-        SHA384: 92eb214d60e1c7342eb7b4863dd634d364d80494b4090301e872fba4d2efbec2a799d49f0ac9590f8c61e0fb3b905af3
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 0355af7ef9418e476d877eecd9f9e9e2
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: e10e743d152cf62f219a7e9192fb533d
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 1845c2eab4e455303c6505335101afb6
-    SHA1: 5c0bf58978971842776ce4ec33ad6bcdeaeee353
-    SHA256: b06dad9821beef3442cd9e775228baa56582a3a85c9d178693f3cf236623de17
-  Company: Insyde Software Corp.
-  Copyright: Copyright (c) 2012 - 2013, Insyde Software Corp. All Rights Reserved.
-  CreationTimestamp: '2013-02-21 22:35:02'
-  Date: ''
-  Description: SEG Windows Driver x64
-  ExportedFunctions: ''
-  FileVersion: 100, 0, 0, 1
-  Filename: ''
-  ImportedFunctions:
-  - ExAllocatePoolWithTag
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - MmFreeContiguousMemorySpecifyCache
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - MmUnmapIoSpace
-  - MmGetPhysicalAddress
-  - MmMapIoSpace
-  - _vsnprintf
-  - IofCompleteRequest
-  - RtlCompareMemory
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - MmAllocateContiguousMemorySpecifyCache
-  - MmMapLockedPagesSpecifyCache
-  - RtlQueryRegistryValues
-  - ZwCreateFile
-  - ExSystemTimeToLocalTime
-  - ExAllocatePool
-  - ZwClose
-  - RtlTimeToTimeFields
-  - ZwWriteFile
-  - KeBugCheckEx
-  Imports:
-  - ntoskrnl.exe
-  InternalName: segwindrvx64.sys
-  MD5: f14359ceb3705d77353b244bb795b552
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: segwindrvx64.sys
-  PDBPath: ''
-  Product: SEG Windows Driver x64
-  ProductVersion: 100, 0, 0, 1
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: a6b77c0eb57f1bd34daae338bb41d04d
-    SHA1: 4754c75aa96693cd9803574f6c98b3d7871d0d9f
-    SHA256: 2290ea57e29d9e155bcd0a4582b5b9476a2c2e5f4de38f807190b13401e2c4b8
-  SHA1: a09334489fb18443c8793cb0395860518193cc3c
-  SHA256: 0452a6e8f00bae0b79335c1799a26b2b77d603451f2e6cc3b137ad91996d4dec
-  Sections:
-    .text:
-      Entropy: 6.146128475354888
-      Virtual Size: '0x1a80'
-    init:
-      Entropy: 6.2072707847092
-      Virtual Size: '0x940'
-    page:
-      Entropy: 6.394014520675923
-      Virtual Size: '0x61cc'
-    .rdata:
-      Entropy: 4.742663114685996
-      Virtual Size: '0x4b4'
-    .data:
-      Entropy: 0.378703493487675
-      Virtual Size: '0x894'
-    .pdata:
-      Entropy: 4.2617984893543515
-      Virtual Size: '0x258'
-    INIT:
-      Entropy: 5.162390420703397
-      Virtual Size: '0x394'
-    .rsrc:
-      Entropy: 3.3436702453051788
-      Virtual Size: '0x418'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=TW, ST=Taiwan, L=Taipei, O=Insyde Software Corp., OU=Digital ID Class
-        3 , Microsoft Software Validation v2, CN=Insyde Software Corp.
-      ValidFrom: '2012-12-28 00:00:00'
-      ValidTo: '2016-01-27 23:59:59'
-      Signature: 19cf4cfe8a901a2d50614d496664fcdaaa80098ec50cec3e3f56a3d08a399d96d13046789c8281a1a9bf1054c79351f73e091664da593dcd39ec4ad7077513b01270666042cb743d4cd2387b61067384d5ed20ee0773e7e61fc1a8a750c3882c6e64ad0f8819b91c19c50708510467ee34ac845fb0a68259e90c7dbef65dcc4b75c72fde8d954ef37d53bba6f00a40e1c85deeb81531772b07232f8e8fe791eac42ab152b5e970c008f14bdec7a7e1ac114bae73ae1ba4f3a525a169f37de670a9447f65653426abb77c6a8b7f91c2d5428a63059129ba94818d3f6cceac0e0790ddb23d56f598e0a9083fc8b92a3b100c0dc1729290ba44fb1538ac4cedf926
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0355af7ef9418e476d877eecd9f9e9e2
-      Version: 3
-      TBS:
-        MD5: 768c1a47836a7536fbc50e7be60e65ff
-        SHA1: 569a77bd8a095070b13b75bc81cd0422f746daa3
-        SHA256: d5289c20d1f89ac5000b691627764379d369c68ab7d53425baa8e83f09b5b369
-        SHA384: 92eb214d60e1c7342eb7b4863dd634d364d80494b4090301e872fba4d2efbec2a799d49f0ac9590f8c61e0fb3b905af3
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 0355af7ef9418e476d877eecd9f9e9e2
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 235102691b04f562ae8aa7ece38d8bc9
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create segwindrvx64.sys binPath=C:\windows\temp\segwindrvx64.sys     type=kernel
+        && sc.exe start segwindrvx64.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://github.com/eclypsium/Screwed-Drivers/blob/master/DRIVERS.md
-Tags:
-- segwindrvx64.sys
-Verified: 'TRUE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/65329dad28e92f4bcc64de15c552b6ef424494028b18875b7dba840053bc0cdd.yara
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 5751b28d2c87f7016e4271edbdcf6017
+        SHA1: 4fb10f02d5af8ead68a5fdf101651b2f645a9eae
+        SHA256: e1d2d76829640542eabc0c96356675c0a930e4607869de8037daf62f898903b5
+    Company: Insyde Software Corp.
+    Copyright: Copyright (c) 2012 - 2014, Insyde Software Corp. All Rights Reserved.
+    CreationTimestamp: '2014-03-25 23:49:03'
+    Date: ''
+    Description: SEG Windows Driver x64
+    ExportedFunctions: ''
+    FileVersion: 100, 0, 7, 0
+    Filename: ''
+    ImportedFunctions:
+    - ExAllocatePoolWithTag
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - MmFreeContiguousMemorySpecifyCache
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - MmUnmapIoSpace
+    - MmGetPhysicalAddress
+    - MmMapIoSpace
+    - _vsnprintf
+    - IofCompleteRequest
+    - RtlCompareMemory
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - MmAllocateContiguousMemorySpecifyCache
+    - MmMapLockedPagesSpecifyCache
+    - RtlQueryRegistryValues
+    - ZwCreateFile
+    - ExSystemTimeToLocalTime
+    - ZwClose
+    - RtlTimeToTimeFields
+    - ZwWriteFile
+    - RtlInitAnsiString
+    - ExAllocatePool
+    - RtlFreeAnsiString
+    - RtlCopyString
+    - RtlEqualString
+    - MmGetSystemRoutineAddress
+    - KeBugCheckEx
+    Imports:
+    - ntoskrnl.exe
+    InternalName: segwindrvx64.sys
+    MD5: 9cbdb5fb6dc63cb13f10b6333407cbb9
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: segwindrvx64.sys
+    PDBPath: ''
+    Product: SEG Windows Driver x64
+    ProductVersion: 100, 0, 7, 0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: b8dc0c597ed9fbe3b9c1d1979a5835b1
+        SHA1: da0ea2d0cb88aa592c6e7236242e8dae028933d2
+        SHA256: 6435bf0541179b78d004077d66f1ae9221f7c4653bd69b0b2c7c5073f08d2e4f
+    SHA1: fc62b746e0e726537bf848b48212f46db585af6d
+    SHA256: 0d30c6c4fa0216d0637b4049142bc275814fd674859373bd4af520ce173a1c75
+    Sections:
+        .text:
+            Entropy: 5.730097404505606
+            Virtual Size: '0x4e76'
+        init:
+            Entropy: 5.809490364052008
+            Virtual Size: '0xba0'
+        page:
+            Entropy: 5.918798816254175
+            Virtual Size: '0xaa1c'
+        .rdata:
+            Entropy: 4.589120564200675
+            Virtual Size: '0x45c'
+        .data:
+            Entropy: 0.378703493487675
+            Virtual Size: '0x8c0'
+        .pdata:
+            Entropy: 4.582338372329757
+            Virtual Size: '0x474'
+        INIT:
+            Entropy: 5.245499370600843
+            Virtual Size: '0x422'
+        .rsrc:
+            Entropy: 3.3571301170640653
+            Virtual Size: '0x418'
+        .reloc:
+            Entropy: 1.5230096548354992
+            Virtual Size: '0x18'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=TW, ST=Taiwan, L=Taipei, O=Insyde Software Corp., OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, CN=Insyde Software
+                Corp.
+            ValidFrom: '2012-12-28 00:00:00'
+            ValidTo: '2016-01-27 23:59:59'
+            Signature: 19cf4cfe8a901a2d50614d496664fcdaaa80098ec50cec3e3f56a3d08a399d96d13046789c8281a1a9bf1054c79351f73e091664da593dcd39ec4ad7077513b01270666042cb743d4cd2387b61067384d5ed20ee0773e7e61fc1a8a750c3882c6e64ad0f8819b91c19c50708510467ee34ac845fb0a68259e90c7dbef65dcc4b75c72fde8d954ef37d53bba6f00a40e1c85deeb81531772b07232f8e8fe791eac42ab152b5e970c008f14bdec7a7e1ac114bae73ae1ba4f3a525a169f37de670a9447f65653426abb77c6a8b7f91c2d5428a63059129ba94818d3f6cceac0e0790ddb23d56f598e0a9083fc8b92a3b100c0dc1729290ba44fb1538ac4cedf926
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0355af7ef9418e476d877eecd9f9e9e2
+            Version: 3
+            TBS:
+                MD5: 768c1a47836a7536fbc50e7be60e65ff
+                SHA1: 569a77bd8a095070b13b75bc81cd0422f746daa3
+                SHA256: d5289c20d1f89ac5000b691627764379d369c68ab7d53425baa8e83f09b5b369
+                SHA384: 92eb214d60e1c7342eb7b4863dd634d364d80494b4090301e872fba4d2efbec2a799d49f0ac9590f8c61e0fb3b905af3
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 0355af7ef9418e476d877eecd9f9e9e2
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 865c945f842a3f5f5453fb90d12f6765
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: bfc8d6405949be17179975d604e62c90
+        SHA1: c7d32983805f04c7aac4e9713d203399aaca7acc
+        SHA256: f1f345591efe74fd12e706132939f51963eb39dd0a1db556123c3e850c60fada
+    Company: Insyde Software Corp.
+    Copyright: Copyright (c) 2012 - 2015, Insyde Software Corp. All Rights Reserved.
+    CreationTimestamp: '2015-04-01 03:39:09'
+    Date: ''
+    Description: SEG Windows Driver x64
+    ExportedFunctions: ''
+    FileVersion: 100.00.07.02
+    Filename: segwindrvx64.sys
+    ImportedFunctions:
+    - MmMapLockedPagesSpecifyCache
+    - MmMapIoSpace
+    - MmUnmapIoSpace
+    - MmAllocateContiguousMemorySpecifyCache
+    - MmFreeContiguousMemorySpecifyCache
+    - IofCompleteRequest
+    - MmGetPhysicalAddress
+    - _vsnprintf
+    - RtlInitUnicodeString
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - MmGetSystemRoutineAddress
+    - RtlInitAnsiString
+    - RtlFreeAnsiString
+    - ExAllocatePool
+    - RtlCopyString
+    - RtlEqualString
+    - RtlCompareMemory
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - RtlQueryRegistryValues
+    - RtlTimeToTimeFields
+    - ExSystemTimeToLocalTime
+    - ZwCreateFile
+    - ZwWriteFile
+    - ZwClose
+    - KeBugCheckEx
+    Imports:
+    - ntoskrnl.exe
+    InternalName: segwindrvx64.sys
+    MD5: 4ae55080ec8aed49343e40d08370195c
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: segwindrvx64.sys
+    Product: SEG Windows Driver x64
+    ProductVersion: 100.00.07.02
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: dc3dfe1fda1d095e5fa3849e71bb1fb6
+        SHA1: 772d5aa7af303c29b3901b79fcca7b061680e29e
+        SHA256: 82732fd11bdbc96fa1c3a0b827c338cc56c5c8d8bdae6c6a7a5006b7d611d9c2
+    SHA1: d702d88b12233be9413446c445f22fda4a92a1d9
+    SHA256: 65329dad28e92f4bcc64de15c552b6ef424494028b18875b7dba840053bc0cdd
+    Sections:
+        .text:
+            Entropy: 6.394547304706308
+            Virtual Size: '0x3790'
+        page:
+            Entropy: 6.446390725227797
+            Virtual Size: '0x7bac'
+        init:
+            Entropy: 6.152461897826253
+            Virtual Size: '0x8e0'
+        .rdata:
+            Entropy: 4.702836701507362
+            Virtual Size: '0x8ac'
+        .data:
+            Entropy: 0.3584113039007212
+            Virtual Size: '0x7c8'
+        .pdata:
+            Entropy: 4.315963058834505
+            Virtual Size: '0x3c0'
+        INIT:
+            Entropy: 5.4316832618837925
+            Virtual Size: '0x42a'
+        .rsrc:
+            Entropy: 3.3723185213577525
+            Virtual Size: '0x418'
+        .reloc:
+            Entropy: 2.4954618442383216
+            Virtual Size: '0x14'
+    Signature:
+    - Insyde Software Corp.
+    - VeriSign Class 3 Code Signing 2010 CA
+    - VeriSign
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=TW, ST=Taiwan, L=Taipei, O=Insyde Software Corp., OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, CN=Insyde Software
+                Corp.
+            ValidFrom: '2012-12-28 00:00:00'
+            ValidTo: '2016-01-27 23:59:59'
+            Signature: 19cf4cfe8a901a2d50614d496664fcdaaa80098ec50cec3e3f56a3d08a399d96d13046789c8281a1a9bf1054c79351f73e091664da593dcd39ec4ad7077513b01270666042cb743d4cd2387b61067384d5ed20ee0773e7e61fc1a8a750c3882c6e64ad0f8819b91c19c50708510467ee34ac845fb0a68259e90c7dbef65dcc4b75c72fde8d954ef37d53bba6f00a40e1c85deeb81531772b07232f8e8fe791eac42ab152b5e970c008f14bdec7a7e1ac114bae73ae1ba4f3a525a169f37de670a9447f65653426abb77c6a8b7f91c2d5428a63059129ba94818d3f6cceac0e0790ddb23d56f598e0a9083fc8b92a3b100c0dc1729290ba44fb1538ac4cedf926
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0355af7ef9418e476d877eecd9f9e9e2
+            Version: 3
+            TBS:
+                MD5: 768c1a47836a7536fbc50e7be60e65ff
+                SHA1: 569a77bd8a095070b13b75bc81cd0422f746daa3
+                SHA256: d5289c20d1f89ac5000b691627764379d369c68ab7d53425baa8e83f09b5b369
+                SHA384: 92eb214d60e1c7342eb7b4863dd634d364d80494b4090301e872fba4d2efbec2a799d49f0ac9590f8c61e0fb3b905af3
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 0355af7ef9418e476d877eecd9f9e9e2
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: d5d40497d82daf7e44255ede810ce7a6
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 9eea185193b6357a2bd97455572b650c
+        SHA1: 4ac29762ab2ad025a13a1e8cf7af9b7f4c875aac
+        SHA256: ca213b79336c69128620bc39e6d987c1e605299fb6525344ba1b08b7829197c7
+    Company: Insyde Software Corp.
+    Copyright: Copyright (c) 2012 - 2014, Insyde Software Corp. All Rights Reserved.
+    CreationTimestamp: '2014-03-18 14:20:01'
+    Description: SEG Windows Driver x64
+    ExportedFunctions: ''
+    FileVersion: 100, 0, 7, 0
+    Filename: segwindrvx64.sys
+    ImportedFunctions:
+    - MmMapLockedPagesSpecifyCache
+    - MmMapIoSpace
+    - MmUnmapIoSpace
+    - MmAllocateContiguousMemorySpecifyCache
+    - MmFreeContiguousMemorySpecifyCache
+    - IofCompleteRequest
+    - MmGetPhysicalAddress
+    - _vsnprintf
+    - RtlInitUnicodeString
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - MmGetSystemRoutineAddress
+    - RtlInitAnsiString
+    - RtlFreeAnsiString
+    - ExAllocatePool
+    - RtlCopyString
+    - RtlEqualString
+    - RtlCompareMemory
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - RtlQueryRegistryValues
+    - RtlTimeToTimeFields
+    - ExSystemTimeToLocalTime
+    - ZwCreateFile
+    - ZwWriteFile
+    - ZwClose
+    - KeBugCheckEx
+    Imports:
+    - ntoskrnl.exe
+    InternalName: segwindrvx64.sys
+    MD5: bdc3b6b83dde7111d5d6b9a2aadf233f
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: segwindrvx64.sys
+    Product: SEG Windows Driver x64
+    ProductVersion: 100, 0, 7, 0
+    RichPEHeaderHash:
+        MD5: b771c0bd9fe0e428b467b774d1cbc0bf
+        SHA1: 93b03b61a7b4b4efd2f85ff40709bdacae9d0a2a
+        SHA256: 98f486ee105b32d3e054170a341c20d2874830b8f67bd00bf2479a10ed9497b1
+    SHA1: 2ade3347df84d6707f39d9b821890440bcfdb5e9
+    SHA256: c628cda1ef43defc00af45b79949675a8422490d32b080b3a8bb9434242bdbf2
+    Sections:
+        .text:
+            Entropy: 6.356774466840064
+            Virtual Size: '0x3950'
+        page:
+            Entropy: 6.439453102429494
+            Virtual Size: '0x7f6c'
+        init:
+            Entropy: 6.129358966398015
+            Virtual Size: '0x8f0'
+        .rdata:
+            Entropy: 4.8954447934549234
+            Virtual Size: '0x884'
+        .data:
+            Entropy: 0.378703493487675
+            Virtual Size: '0x8c8'
+        .pdata:
+            Entropy: 4.382232766052746
+            Virtual Size: '0x3c0'
+        INIT:
+            Entropy: 5.4024440204530935
+            Virtual Size: '0x43a'
+        .rsrc:
+            Entropy: 3.353203563698321
+            Virtual Size: '0x418'
+        .reloc:
+            Entropy: 1.298790964781857
+            Virtual Size: '0x24'
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=TW, ST=Taiwan, L=Taipei, O=Insyde Software Corp., OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, CN=Insyde Software
+                Corp.
+            ValidFrom: '2012-12-28 00:00:00'
+            ValidTo: '2016-01-27 23:59:59'
+            Signature: 19cf4cfe8a901a2d50614d496664fcdaaa80098ec50cec3e3f56a3d08a399d96d13046789c8281a1a9bf1054c79351f73e091664da593dcd39ec4ad7077513b01270666042cb743d4cd2387b61067384d5ed20ee0773e7e61fc1a8a750c3882c6e64ad0f8819b91c19c50708510467ee34ac845fb0a68259e90c7dbef65dcc4b75c72fde8d954ef37d53bba6f00a40e1c85deeb81531772b07232f8e8fe791eac42ab152b5e970c008f14bdec7a7e1ac114bae73ae1ba4f3a525a169f37de670a9447f65653426abb77c6a8b7f91c2d5428a63059129ba94818d3f6cceac0e0790ddb23d56f598e0a9083fc8b92a3b100c0dc1729290ba44fb1538ac4cedf926
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0355af7ef9418e476d877eecd9f9e9e2
+            Version: 3
+            TBS:
+                MD5: 768c1a47836a7536fbc50e7be60e65ff
+                SHA1: 569a77bd8a095070b13b75bc81cd0422f746daa3
+                SHA256: d5289c20d1f89ac5000b691627764379d369c68ab7d53425baa8e83f09b5b369
+                SHA384: 92eb214d60e1c7342eb7b4863dd634d364d80494b4090301e872fba4d2efbec2a799d49f0ac9590f8c61e0fb3b905af3
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 0355af7ef9418e476d877eecd9f9e9e2
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: d5d40497d82daf7e44255ede810ce7a6
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 455be805eef8874daa03b46c0dc8237b
+        SHA1: 7ebdf0f226a8e60cc9da39add12f75e17f615b7a
+        SHA256: ee8ee16198dd8eec8d5fbb7f98f64bb849b2dfcf652cc102f4cdc63a4551549f
+    Company: Insyde Software Corp.
+    Copyright: Copyright (c) 2012 - 2014, Insyde Software Corp. All Rights Reserved.
+    CreationTimestamp: '2014-03-18 14:27:12'
+    Date: ''
+    Description: SEG Windows Driver x64
+    ExportedFunctions: ''
+    FileVersion: 100, 0, 7, 0
+    Filename: ''
+    ImportedFunctions:
+    - WRITE_REGISTER_ULONG
+    - WRITE_REGISTER_BUFFER_UCHAR
+    - MmMapLockedPagesSpecifyCache
+    - MmMapIoSpace
+    - MmUnmapIoSpace
+    - MmAllocateContiguousMemorySpecifyCache
+    - MmFreeContiguousMemorySpecifyCache
+    - IofCompleteRequest
+    - MmGetPhysicalAddress
+    - _vsnprintf
+    - memcpy
+    - memset
+    - RtlInitUnicodeString
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - MmGetSystemRoutineAddress
+    - RtlInitAnsiString
+    - RtlFreeAnsiString
+    - WRITE_REGISTER_USHORT
+    - RtlCopyString
+    - RtlEqualString
+    - RtlCompareMemory
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - RtlQueryRegistryValues
+    - RtlTimeToTimeFields
+    - KeQuerySystemTime
+    - ExSystemTimeToLocalTime
+    - ZwCreateFile
+    - ZwWriteFile
+    - ZwClose
+    - KeTickCount
+    - KeBugCheckEx
+    - WRITE_REGISTER_UCHAR
+    - READ_REGISTER_BUFFER_UCHAR
+    - READ_REGISTER_ULONG
+    - READ_REGISTER_USHORT
+    - ExAllocatePool
+    - READ_REGISTER_UCHAR
+    - WRITE_PORT_ULONG
+    - WRITE_PORT_UCHAR
+    - READ_PORT_ULONG
+    - READ_PORT_UCHAR
+    - KeGetCurrentIrql
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: segwindrvx64.sys
+    MD5: 31a331a88c6280555859455518a95c35
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: segwindrvx64.sys
+    PDBPath: ''
+    Product: SEG Windows Driver x64
+    ProductVersion: 100, 0, 7, 0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: d3ecd8b9995fa87438ee429391c9f76b
+        SHA1: ac66be77e53f64702c8fc8ef219a1ce42794fa58
+        SHA256: e663e1327e434c11c041d6a8df33663ce4228f15fffabbf4a18863be02d1bb2b
+    SHA1: c3be2bbd9b3f696bc9d51d5973cc00ca059fb172
+    SHA256: 7164aaff86b3b7c588fc7ae7839cc09c5c8c6ae29d1aff5325adaf5bedd7c9f5
+    Sections:
+        page:
+            Entropy: 6.439541377992988
+            Virtual Size: '0x647a'
+        .text:
+            Entropy: 6.3508325334692906
+            Virtual Size: '0x2eec'
+        init:
+            Entropy: 6.311415509117727
+            Virtual Size: '0x76c'
+        .rdata:
+            Entropy: 4.252909275286044
+            Virtual Size: '0x1f4'
+        .data:
+            Entropy: 0.30999732431271465
+            Virtual Size: '0x680'
+        INIT:
+            Entropy: 5.857854174755009
+            Virtual Size: '0x5e4'
+        .rsrc:
+            Entropy: 3.3542363142996017
+            Virtual Size: '0x418'
+        .reloc:
+            Entropy: 6.499125852370471
+            Virtual Size: '0x892'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=TW, ST=Taiwan, L=Taipei, O=Insyde Software Corp., OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, CN=Insyde Software
+                Corp.
+            ValidFrom: '2012-12-28 00:00:00'
+            ValidTo: '2016-01-27 23:59:59'
+            Signature: 19cf4cfe8a901a2d50614d496664fcdaaa80098ec50cec3e3f56a3d08a399d96d13046789c8281a1a9bf1054c79351f73e091664da593dcd39ec4ad7077513b01270666042cb743d4cd2387b61067384d5ed20ee0773e7e61fc1a8a750c3882c6e64ad0f8819b91c19c50708510467ee34ac845fb0a68259e90c7dbef65dcc4b75c72fde8d954ef37d53bba6f00a40e1c85deeb81531772b07232f8e8fe791eac42ab152b5e970c008f14bdec7a7e1ac114bae73ae1ba4f3a525a169f37de670a9447f65653426abb77c6a8b7f91c2d5428a63059129ba94818d3f6cceac0e0790ddb23d56f598e0a9083fc8b92a3b100c0dc1729290ba44fb1538ac4cedf926
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0355af7ef9418e476d877eecd9f9e9e2
+            Version: 3
+            TBS:
+                MD5: 768c1a47836a7536fbc50e7be60e65ff
+                SHA1: 569a77bd8a095070b13b75bc81cd0422f746daa3
+                SHA256: d5289c20d1f89ac5000b691627764379d369c68ab7d53425baa8e83f09b5b369
+                SHA384: 92eb214d60e1c7342eb7b4863dd634d364d80494b4090301e872fba4d2efbec2a799d49f0ac9590f8c61e0fb3b905af3
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 0355af7ef9418e476d877eecd9f9e9e2
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 6736c04d5ff512e5e2eb608414276513
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 0c6627c22f2d4cedbace35610ef22217
+        SHA1: 287617c248c57c29357d09d46b795690efeb1f7f
+        SHA256: f83465d2c38c20a3854d86c293867de3baae2f90419dbe82405bc9f9dd7bbd8c
+    Company: Insyde Software Corp.
+    Copyright: Copyright (c) 2012 - 2014, Insyde Software Corp. All Rights Reserved.
+    CreationTimestamp: '2014-09-19 00:42:51'
+    Date: ''
+    Description: SEG Windows Driver x64
+    ExportedFunctions: ''
+    FileVersion: 100.00.07.01
+    Filename: ''
+    ImportedFunctions:
+    - MmMapLockedPagesSpecifyCache
+    - MmMapIoSpace
+    - MmUnmapIoSpace
+    - MmAllocateContiguousMemorySpecifyCache
+    - MmFreeContiguousMemorySpecifyCache
+    - IofCompleteRequest
+    - MmGetPhysicalAddress
+    - _vsnprintf
+    - RtlInitUnicodeString
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - MmGetSystemRoutineAddress
+    - RtlInitAnsiString
+    - RtlFreeAnsiString
+    - ExAllocatePool
+    - RtlCopyString
+    - RtlEqualString
+    - RtlCompareMemory
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - RtlQueryRegistryValues
+    - RtlTimeToTimeFields
+    - ExSystemTimeToLocalTime
+    - ZwCreateFile
+    - ZwWriteFile
+    - ZwClose
+    - KeBugCheckEx
+    Imports:
+    - ntoskrnl.exe
+    InternalName: segwindrvx64.sys
+    MD5: 875c44411674b75feb07592aeffa09c1
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: segwindrvx64.sys
+    PDBPath: ''
+    Product: SEG Windows Driver x64
+    ProductVersion: 100.00.07.01
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: dc3dfe1fda1d095e5fa3849e71bb1fb6
+        SHA1: 772d5aa7af303c29b3901b79fcca7b061680e29e
+        SHA256: 82732fd11bdbc96fa1c3a0b827c338cc56c5c8d8bdae6c6a7a5006b7d611d9c2
+    SHA1: dc69a6cdf048e2c4a370d4b5cafd717d236374ea
+    SHA256: b9ae1d53a464bc9bb86782ab6c55e2da8804c80a361139a82a6c8eef30fddd7c
+    Sections:
+        .text:
+            Entropy: 6.394547304706308
+            Virtual Size: '0x3790'
+        page:
+            Entropy: 6.447016152363958
+            Virtual Size: '0x7bac'
+        init:
+            Entropy: 6.152461897826253
+            Virtual Size: '0x8e0'
+        .rdata:
+            Entropy: 4.7104561151712145
+            Virtual Size: '0x8b4'
+        .data:
+            Entropy: 0.3584113039007212
+            Virtual Size: '0x7c8'
+        .pdata:
+            Entropy: 4.341982648651994
+            Virtual Size: '0x3c0'
+        INIT:
+            Entropy: 5.4316832618837925
+            Virtual Size: '0x42a'
+        .rsrc:
+            Entropy: 3.3605735192832755
+            Virtual Size: '0x418'
+        .reloc:
+            Entropy: 2.4954618442383216
+            Virtual Size: '0x14'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=TW, ST=Taiwan, L=Taipei, O=Insyde Software Corp., OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, CN=Insyde Software
+                Corp.
+            ValidFrom: '2012-12-28 00:00:00'
+            ValidTo: '2016-01-27 23:59:59'
+            Signature: 19cf4cfe8a901a2d50614d496664fcdaaa80098ec50cec3e3f56a3d08a399d96d13046789c8281a1a9bf1054c79351f73e091664da593dcd39ec4ad7077513b01270666042cb743d4cd2387b61067384d5ed20ee0773e7e61fc1a8a750c3882c6e64ad0f8819b91c19c50708510467ee34ac845fb0a68259e90c7dbef65dcc4b75c72fde8d954ef37d53bba6f00a40e1c85deeb81531772b07232f8e8fe791eac42ab152b5e970c008f14bdec7a7e1ac114bae73ae1ba4f3a525a169f37de670a9447f65653426abb77c6a8b7f91c2d5428a63059129ba94818d3f6cceac0e0790ddb23d56f598e0a9083fc8b92a3b100c0dc1729290ba44fb1538ac4cedf926
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0355af7ef9418e476d877eecd9f9e9e2
+            Version: 3
+            TBS:
+                MD5: 768c1a47836a7536fbc50e7be60e65ff
+                SHA1: 569a77bd8a095070b13b75bc81cd0422f746daa3
+                SHA256: d5289c20d1f89ac5000b691627764379d369c68ab7d53425baa8e83f09b5b369
+                SHA384: 92eb214d60e1c7342eb7b4863dd634d364d80494b4090301e872fba4d2efbec2a799d49f0ac9590f8c61e0fb3b905af3
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 0355af7ef9418e476d877eecd9f9e9e2
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: d5d40497d82daf7e44255ede810ce7a6
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 0bc06ae681c0c6d57349c70a56da0d6c
+        SHA1: 95c09ff1fdec9fa1739492c047d333fd8124b33b
+        SHA256: 61bd9a26c01371d865e681f6354853dc0e27b1064906cd99b15220098be6e88d
+    Company: Insyde Software Corp.
+    Copyright: Copyright (c) 2012 - 2013, Insyde Software Corp. All Rights Reserved.
+    CreationTimestamp: '2013-11-15 00:50:12'
+    Date: ''
+    Description: SEG Windows Driver x64
+    ExportedFunctions: ''
+    FileVersion: 100, 0, 4, 0
+    Filename: ''
+    ImportedFunctions:
+    - ExAllocatePoolWithTag
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - MmFreeContiguousMemorySpecifyCache
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - MmUnmapIoSpace
+    - MmGetPhysicalAddress
+    - MmMapIoSpace
+    - _vsnprintf
+    - IofCompleteRequest
+    - RtlCompareMemory
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - MmAllocateContiguousMemorySpecifyCache
+    - MmMapLockedPagesSpecifyCache
+    - RtlQueryRegistryValues
+    - ZwCreateFile
+    - ExSystemTimeToLocalTime
+    - ZwClose
+    - RtlTimeToTimeFields
+    - ZwWriteFile
+    - MmGetSystemRoutineAddress
+    - KeBugCheckEx
+    Imports:
+    - ntoskrnl.exe
+    InternalName: segwindrvx64.sys
+    MD5: dad8f40626ed4702e0e8502562d93d7c
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: segwindrvx64.sys
+    PDBPath: ''
+    Product: SEG Windows Driver x64
+    ProductVersion: 100, 0, 4, 0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 11b19e98ecaef1027a2916f67da6a9ee
+        SHA1: 99dee060fc9d3cd87aee4f8fba92d26f17355497
+        SHA256: 35396200c56c16bfeca125286105155e2126b3b4d30f6159af19cfbe512c5014
+    SHA1: b4f1877156bf3157bff1170ba878848b2f22d2d5
+    SHA256: 38d6d90d543bf6037023c1b1b14212b4fa07731cbbb44bdb17e8faffc12b22e8
+    Sections:
+        .text:
+            Entropy: 5.707280071498698
+            Virtual Size: '0x3406'
+        init:
+            Entropy: 5.824328621472292
+            Virtual Size: '0xba0'
+        page:
+            Entropy: 5.921130042839161
+            Virtual Size: '0x9e4c'
+        .rdata:
+            Entropy: 4.549620442419733
+            Virtual Size: '0x3dc'
+        .data:
+            Entropy: 0.378703493487675
+            Virtual Size: '0x8c0'
+        .pdata:
+            Entropy: 4.4308918727986075
+            Virtual Size: '0x3fc'
+        INIT:
+            Entropy: 5.3100840967243155
+            Virtual Size: '0x39e'
+        .rsrc:
+            Entropy: 3.350432073162678
+            Virtual Size: '0x418'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=TW, ST=Taiwan, L=Taipei, O=Insyde Software Corp., OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, CN=Insyde Software
+                Corp.
+            ValidFrom: '2012-12-28 00:00:00'
+            ValidTo: '2016-01-27 23:59:59'
+            Signature: 19cf4cfe8a901a2d50614d496664fcdaaa80098ec50cec3e3f56a3d08a399d96d13046789c8281a1a9bf1054c79351f73e091664da593dcd39ec4ad7077513b01270666042cb743d4cd2387b61067384d5ed20ee0773e7e61fc1a8a750c3882c6e64ad0f8819b91c19c50708510467ee34ac845fb0a68259e90c7dbef65dcc4b75c72fde8d954ef37d53bba6f00a40e1c85deeb81531772b07232f8e8fe791eac42ab152b5e970c008f14bdec7a7e1ac114bae73ae1ba4f3a525a169f37de670a9447f65653426abb77c6a8b7f91c2d5428a63059129ba94818d3f6cceac0e0790ddb23d56f598e0a9083fc8b92a3b100c0dc1729290ba44fb1538ac4cedf926
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0355af7ef9418e476d877eecd9f9e9e2
+            Version: 3
+            TBS:
+                MD5: 768c1a47836a7536fbc50e7be60e65ff
+                SHA1: 569a77bd8a095070b13b75bc81cd0422f746daa3
+                SHA256: d5289c20d1f89ac5000b691627764379d369c68ab7d53425baa8e83f09b5b369
+                SHA384: 92eb214d60e1c7342eb7b4863dd634d364d80494b4090301e872fba4d2efbec2a799d49f0ac9590f8c61e0fb3b905af3
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 0355af7ef9418e476d877eecd9f9e9e2
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: e10e743d152cf62f219a7e9192fb533d
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 1845c2eab4e455303c6505335101afb6
+        SHA1: 5c0bf58978971842776ce4ec33ad6bcdeaeee353
+        SHA256: b06dad9821beef3442cd9e775228baa56582a3a85c9d178693f3cf236623de17
+    Company: Insyde Software Corp.
+    Copyright: Copyright (c) 2012 - 2013, Insyde Software Corp. All Rights Reserved.
+    CreationTimestamp: '2013-02-21 22:35:02'
+    Date: ''
+    Description: SEG Windows Driver x64
+    ExportedFunctions: ''
+    FileVersion: 100, 0, 0, 1
+    Filename: ''
+    ImportedFunctions:
+    - ExAllocatePoolWithTag
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - MmFreeContiguousMemorySpecifyCache
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - MmUnmapIoSpace
+    - MmGetPhysicalAddress
+    - MmMapIoSpace
+    - _vsnprintf
+    - IofCompleteRequest
+    - RtlCompareMemory
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - MmAllocateContiguousMemorySpecifyCache
+    - MmMapLockedPagesSpecifyCache
+    - RtlQueryRegistryValues
+    - ZwCreateFile
+    - ExSystemTimeToLocalTime
+    - ExAllocatePool
+    - ZwClose
+    - RtlTimeToTimeFields
+    - ZwWriteFile
+    - KeBugCheckEx
+    Imports:
+    - ntoskrnl.exe
+    InternalName: segwindrvx64.sys
+    MD5: f14359ceb3705d77353b244bb795b552
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: segwindrvx64.sys
+    PDBPath: ''
+    Product: SEG Windows Driver x64
+    ProductVersion: 100, 0, 0, 1
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: a6b77c0eb57f1bd34daae338bb41d04d
+        SHA1: 4754c75aa96693cd9803574f6c98b3d7871d0d9f
+        SHA256: 2290ea57e29d9e155bcd0a4582b5b9476a2c2e5f4de38f807190b13401e2c4b8
+    SHA1: a09334489fb18443c8793cb0395860518193cc3c
+    SHA256: 0452a6e8f00bae0b79335c1799a26b2b77d603451f2e6cc3b137ad91996d4dec
+    Sections:
+        .text:
+            Entropy: 6.146128475354888
+            Virtual Size: '0x1a80'
+        init:
+            Entropy: 6.2072707847092
+            Virtual Size: '0x940'
+        page:
+            Entropy: 6.394014520675923
+            Virtual Size: '0x61cc'
+        .rdata:
+            Entropy: 4.742663114685996
+            Virtual Size: '0x4b4'
+        .data:
+            Entropy: 0.378703493487675
+            Virtual Size: '0x894'
+        .pdata:
+            Entropy: 4.2617984893543515
+            Virtual Size: '0x258'
+        INIT:
+            Entropy: 5.162390420703397
+            Virtual Size: '0x394'
+        .rsrc:
+            Entropy: 3.3436702453051788
+            Virtual Size: '0x418'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=TW, ST=Taiwan, L=Taipei, O=Insyde Software Corp., OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, CN=Insyde Software
+                Corp.
+            ValidFrom: '2012-12-28 00:00:00'
+            ValidTo: '2016-01-27 23:59:59'
+            Signature: 19cf4cfe8a901a2d50614d496664fcdaaa80098ec50cec3e3f56a3d08a399d96d13046789c8281a1a9bf1054c79351f73e091664da593dcd39ec4ad7077513b01270666042cb743d4cd2387b61067384d5ed20ee0773e7e61fc1a8a750c3882c6e64ad0f8819b91c19c50708510467ee34ac845fb0a68259e90c7dbef65dcc4b75c72fde8d954ef37d53bba6f00a40e1c85deeb81531772b07232f8e8fe791eac42ab152b5e970c008f14bdec7a7e1ac114bae73ae1ba4f3a525a169f37de670a9447f65653426abb77c6a8b7f91c2d5428a63059129ba94818d3f6cceac0e0790ddb23d56f598e0a9083fc8b92a3b100c0dc1729290ba44fb1538ac4cedf926
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0355af7ef9418e476d877eecd9f9e9e2
+            Version: 3
+            TBS:
+                MD5: 768c1a47836a7536fbc50e7be60e65ff
+                SHA1: 569a77bd8a095070b13b75bc81cd0422f746daa3
+                SHA256: d5289c20d1f89ac5000b691627764379d369c68ab7d53425baa8e83f09b5b369
+                SHA384: 92eb214d60e1c7342eb7b4863dd634d364d80494b4090301e872fba4d2efbec2a799d49f0ac9590f8c61e0fb3b905af3
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 0355af7ef9418e476d877eecd9f9e9e2
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 235102691b04f562ae8aa7ece38d8bc9
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/a4eabc75-edf6-4b74-9a24-6a26187adabf.yaml b/yaml/a4eabc75-edf6-4b74-9a24-6a26187adabf.yaml
index 543288c38..8b2d2c7e4 100644
--- a/yaml/a4eabc75-edf6-4b74-9a24-6a26187adabf.yaml
+++ b/yaml/a4eabc75-edf6-4b74-9a24-6a26187adabf.yaml
@@ -1,524 +1,527 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: a4eabc75-edf6-4b74-9a24-6a26187adabf
+Tags:
+- dbutil_2_3.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create dbutil_2_3.sys binPath=C:\windows\temp\dbutil_2_3.sys type=kernel
-    && sc.exe start dbutil_2_3.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection: []
-Id: a4eabc75-edf6-4b74-9a24-6a26187adabf
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: e593dd14a41fd9a6cb42fdae324c3092
-    SHA1: e3c1dd569aa4758552566b0213ee4d1fe6382c4b
-    SHA256: fe4270a61dbed978c28b2915fcc2826d011148dcb7533fa8bd072ddce5944cef
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2009-11-02 22:14:51'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: dbutil_2_3.sys
-  ImportedFunctions:
-  - KeSetImportanceDpc
-  - KeSetTargetProcessorDpc
-  - MmFreeContiguousMemorySpecifyCache
-  - KeSetPriorityThread
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeInitializeDpc
-  - MmUnmapIoSpace
-  - MmGetPhysicalAddress
-  - MmMapIoSpace
-  - KeInsertQueueDpc
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - MmAllocateContiguousMemorySpecifyCache
-  - KeBugCheckEx
-  Imports:
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: c996d7971c49252c582171d9380360f2
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: Dell Inc.
-  RichPEHeaderHash:
-    MD5: 0df29e332220beca9a43c8a546411803
-    SHA1: fbc770f7abc1c150d19058bc52b402f0530f28bf
-    SHA256: 890246379c5e6ebdb38b657798a7615b23836e48297e4a1d72324cd9388c6ab5
-  SHA1: c948ae14761095e4d76b55d9de86412258be7afd
-  SHA256: 0296e2ce999e67c76352613a718e11516fe1b0efc3ffdb8918fc999dd76a73a5
-  Sections:
-    .text:
-      Entropy: 6.157947073914349
-      Virtual Size: '0xcbe'
-    .rdata:
-      Entropy: 4.556311411979091
-      Virtual Size: '0x1dc'
-    .data:
-      Entropy: 1.9605762165037797
-      Virtual Size: '0x170'
-    .pdata:
-      Entropy: 3.439776353432688
-      Virtual Size: '0x90'
-    PAGE:
-      Entropy: 5.817170922849514
-      Virtual Size: '0x32c'
-    INIT:
-      Entropy: 4.924895661769451
-      Virtual Size: '0x296'
-  Signature:
-  - Dell Inc.
-  - VeriSign Class 3 Code Signing 2004 CA
-  - VeriSign Class 3 Public Primary CA
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=US, ST=Texas, L=Round Rock, O=Dell Inc., OU=Digital ID Class 3 ,
-        Microsoft Software Validation v2, CN=Dell Inc.
-      ValidFrom: '2006-12-15 00:00:00'
-      ValidTo: '2010-01-10 23:59:59'
-      Signature: 964a90189bd6c008960e4aae75cdf7c5f763b0e04e8921995bb7bb7898297c7d4c84082cc6c324d5a0cc60c77f72cc04c7782416f13b04254e961796dab40b7b5726a18f4f1a1d6a02f18794758bbbc4f8664cef6cc505a5367a8ea999b3c296006dc8336d03d71bfbb5f828d14646a39714657909190d5927bbfa55aec76aad25fe4ec1c5d73b37caec576dbe1a40d13e91509e316dc512d6b07b01c08b7f59f8dbd0d65fcac246b545a91527a2e89c0d3a6603ef49ae2d5373f640ba930fcac4848ae1d1820d3b80866f4335eb9072ece3ab41e80d9d9b1338d8c0e026a11d90e96396b92bf4e4fdf5a161a526f7896a0b77357976010916e455d6bb888d67
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 18a686a1229059017a672136ac2e7265
-      Version: 3
-      TBS:
-        MD5: 3f3990fd4fcf9d9ca9e6a3d53abb0083
-        SHA1: e642b59ed916131746a973ddecfc5549cc81ecb3
-        SHA256: cdfd38299aeafaa4853c8c21e8c33e2f6816a01d2b7daa4b8a7a0a59092d268e
-        SHA384: 33007140387111f8970a2e9f798a874c8ba6c8fc14b41e6cde3308d150e362c97185b5691f2f3647bd928159688d5441
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 18a686a1229059017a672136ac2e7265
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  Imphash: 473c3773ca11aa7371dbf350919c5724
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: e593dd14a41fd9a6cb42fdae324c3092
-    SHA1: e3c1dd569aa4758552566b0213ee4d1fe6382c4b
-    SHA256: fe4270a61dbed978c28b2915fcc2826d011148dcb7533fa8bd072ddce5944cef
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2009-11-02 22:14:51'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: dbutil_2_3.sys
-  ImportedFunctions:
-  - KeSetImportanceDpc
-  - KeSetTargetProcessorDpc
-  - MmFreeContiguousMemorySpecifyCache
-  - KeSetPriorityThread
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeInitializeDpc
-  - MmUnmapIoSpace
-  - MmGetPhysicalAddress
-  - MmMapIoSpace
-  - KeInsertQueueDpc
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - MmAllocateContiguousMemorySpecifyCache
-  - KeBugCheckEx
-  Imports:
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: c996d7971c49252c582171d9380360f2
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: Dell Inc.
-  RichPEHeaderHash:
-    MD5: 0df29e332220beca9a43c8a546411803
-    SHA1: fbc770f7abc1c150d19058bc52b402f0530f28bf
-    SHA256: 890246379c5e6ebdb38b657798a7615b23836e48297e4a1d72324cd9388c6ab5
-  SHA1: c948ae14761095e4d76b55d9de86412258be7afd
-  SHA256: 0296e2ce999e67c76352613a718e11516fe1b0efc3ffdb8918fc999dd76a73a5
-  Sections:
-    .text:
-      Entropy: 6.157947073914349
-      Virtual Size: '0xcbe'
-    .rdata:
-      Entropy: 4.556311411979091
-      Virtual Size: '0x1dc'
-    .data:
-      Entropy: 1.9605762165037797
-      Virtual Size: '0x170'
-    .pdata:
-      Entropy: 3.439776353432688
-      Virtual Size: '0x90'
-    PAGE:
-      Entropy: 5.817170922849514
-      Virtual Size: '0x32c'
-    INIT:
-      Entropy: 4.924895661769451
-      Virtual Size: '0x296'
-  Signature:
-  - Dell Inc.
-  - VeriSign Class 3 Code Signing 2004 CA
-  - VeriSign Class 3 Public Primary CA
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=US, ST=Texas, L=Round Rock, O=Dell Inc., OU=Digital ID Class 3 ,
-        Microsoft Software Validation v2, CN=Dell Inc.
-      ValidFrom: '2006-12-15 00:00:00'
-      ValidTo: '2010-01-10 23:59:59'
-      Signature: 964a90189bd6c008960e4aae75cdf7c5f763b0e04e8921995bb7bb7898297c7d4c84082cc6c324d5a0cc60c77f72cc04c7782416f13b04254e961796dab40b7b5726a18f4f1a1d6a02f18794758bbbc4f8664cef6cc505a5367a8ea999b3c296006dc8336d03d71bfbb5f828d14646a39714657909190d5927bbfa55aec76aad25fe4ec1c5d73b37caec576dbe1a40d13e91509e316dc512d6b07b01c08b7f59f8dbd0d65fcac246b545a91527a2e89c0d3a6603ef49ae2d5373f640ba930fcac4848ae1d1820d3b80866f4335eb9072ece3ab41e80d9d9b1338d8c0e026a11d90e96396b92bf4e4fdf5a161a526f7896a0b77357976010916e455d6bb888d67
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 18a686a1229059017a672136ac2e7265
-      Version: 3
-      TBS:
-        MD5: 3f3990fd4fcf9d9ca9e6a3d53abb0083
-        SHA1: e642b59ed916131746a973ddecfc5549cc81ecb3
-        SHA256: cdfd38299aeafaa4853c8c21e8c33e2f6816a01d2b7daa4b8a7a0a59092d268e
-        SHA384: 33007140387111f8970a2e9f798a874c8ba6c8fc14b41e6cde3308d150e362c97185b5691f2f3647bd928159688d5441
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 18a686a1229059017a672136ac2e7265
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  Imphash: 473c3773ca11aa7371dbf350919c5724
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 5a1c888607ae9844ed843b06c8d689ea
-    SHA1: 485c0b9710a196c7177b99ee95e5ddb35b26ddd1
-    SHA256: 96ee751f7c38731e97773e07e0f13f4dd361af9aaa1d30b41652c2e6efc3fb3e
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2009-11-02 22:17:17'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: 'dbutil_2_3.sys'
-  ImportedFunctions:
-  - KeInsertQueueDpc
-  - MmFreeContiguousMemorySpecifyCache
-  - memcpy
-  - KeSetPriorityThread
-  - KeGetCurrentThread
-  - MmUnmapIoSpace
-  - WRITE_REGISTER_BUFFER_UCHAR
-  - READ_REGISTER_BUFFER_UCHAR
-  - MmMapIoSpace
-  - MmGetPhysicalAddress
-  - MmAllocateContiguousMemorySpecifyCache
-  - IofCompleteRequest
-  - KeSetImportanceDpc
-  - KeSetTargetProcessorDpc
-  - KeInitializeDpc
-  - IoDeleteDevice
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - RtlInitUnicodeString
-  - memset
-  - KeTickCount
-  - KeBugCheckEx
-  Imports:
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: 084bd27e151fef55b5d80025c3114d35
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 38dd76e1593386ee8ad3ac38dc2e9afb
-    SHA1: d90afc2759c39ceb19e6ca2c41bb930f907e56bc
-    SHA256: e375ae0725df923846d6d83c72a489d208e33fdb03dbe7bc10afe9a11c40c2a1
-  SHA1: c6920171fa6dff2c17eb83befb5fd28e8dddf5f0
-  SHA256: 87e38e7aeaaaa96efe1a74f59fca8371de93544b7af22862eb0e574cec49c7c3
-  Sections:
-    .text:
-      Entropy: 6.207750322327919
-      Virtual Size: '0x4b6'
-    .rdata:
-      Entropy: 4.993003512106535
-      Virtual Size: '0x108'
-    .data:
-      Entropy: 4.565904688646901
-      Virtual Size: '0x60'
-    PAGE:
-      Entropy: 5.974042273921459
-      Virtual Size: '0x513'
-    INIT:
-      Entropy: 5.398626207030868
-      Virtual Size: '0x2ba'
-    .reloc:
-      Entropy: 3.295345307367048
-      Virtual Size: '0xa2'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=US, ST=Texas, L=Round Rock, O=Dell Inc., OU=Digital ID Class 3 ,
-        Microsoft Software Validation v2, CN=Dell Inc.
-      ValidFrom: '2006-12-15 00:00:00'
-      ValidTo: '2010-01-10 23:59:59'
-      Signature: 964a90189bd6c008960e4aae75cdf7c5f763b0e04e8921995bb7bb7898297c7d4c84082cc6c324d5a0cc60c77f72cc04c7782416f13b04254e961796dab40b7b5726a18f4f1a1d6a02f18794758bbbc4f8664cef6cc505a5367a8ea999b3c296006dc8336d03d71bfbb5f828d14646a39714657909190d5927bbfa55aec76aad25fe4ec1c5d73b37caec576dbe1a40d13e91509e316dc512d6b07b01c08b7f59f8dbd0d65fcac246b545a91527a2e89c0d3a6603ef49ae2d5373f640ba930fcac4848ae1d1820d3b80866f4335eb9072ece3ab41e80d9d9b1338d8c0e026a11d90e96396b92bf4e4fdf5a161a526f7896a0b77357976010916e455d6bb888d67
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 18a686a1229059017a672136ac2e7265
-      Version: 3
-      TBS:
-        MD5: 3f3990fd4fcf9d9ca9e6a3d53abb0083
-        SHA1: e642b59ed916131746a973ddecfc5549cc81ecb3
-        SHA256: cdfd38299aeafaa4853c8c21e8c33e2f6816a01d2b7daa4b8a7a0a59092d268e
-        SHA384: 33007140387111f8970a2e9f798a874c8ba6c8fc14b41e6cde3308d150e362c97185b5691f2f3647bd928159688d5441
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 18a686a1229059017a672136ac2e7265
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  Imphash: 7e1327419d10a7eeece5579526f75d9f
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 3a15f75c672fd3f26510ee4c42785cbd
-    SHA1: 71307f712022732585b78afe1ba655a6d4892d1f
-    SHA256: 56c6977777763d72cd82b3327d97bb05b13c2424d886d87f9ffbb07ead628142
-  Filename: 'dbutil_2_3.sys'
-  MD5: d2fd132ab7bbc6bbb87a84f026fa0244
-  SHA1: 10b30bdee43b3a2ec4aa63375577ade650269d25
-  SHA256: ddbf5ecca5c8086afde1fb4f551e9e6400e94f4428fe7fb5559da5cffa654cc1
-  Signature: ''
-  Date: ''
-  Publisher: ''
-  Company: ''
-  Description: ''
-  Product: ''
-  ProductVersion: ''
-  FileVersion: ''
-  MachineType: AMD64
-  OriginalFilename: ''
-  Imphash: ''
-  RichPEHeaderHash:
-    MD5: 0df29e332220beca9a43c8a546411803
-    SHA1: fbc770f7abc1c150d19058bc52b402f0530f28bf
-    SHA256: 890246379c5e6ebdb38b657798a7615b23836e48297e4a1d72324cd9388c6ab5
-  Sections:
-    .text:
-      Entropy: 0.4700941726633142
-      Virtual Size: '0xcbe'
-    .rdata:
-      Entropy: 5.562685278219123
-      Virtual Size: '0x1dc'
-    .data:
-      Entropy: 5.882833523179626
-      Virtual Size: '0x170'
-    .pdata:
-      Entropy: 4.878200449167054
-      Virtual Size: '0x90'
-    PAGE:
-      Entropy: 5.52594721767507
-      Virtual Size: '0x32c'
-    INIT:
-      Entropy: 1.8484630171924943
-      Virtual Size: '0x296'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2009-11-03 06:14:51'
-  InternalName: ''
-  Copyright: ''
-  Imports: []
-  ExportedFunctions: ''
-  ImportedFunctions: ''
-  Signatures: {}
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create dbutil_2_3.sys binPath=C:\windows\temp\dbutil_2_3.sys type=kernel
+        && sc.exe start dbutil_2_3.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://github.com/namazso/physmem_drivers
 - https://www.sentinelone.com/labs/cve-2021-21551-hundreds-of-millions-of-dell-computers-at-risk-due-to-multiple-bios-driver-privilege-escalation-flaws/
-Tags:
-- dbutil_2_3.sys
-Verified: 'TRUE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: e593dd14a41fd9a6cb42fdae324c3092
+        SHA1: e3c1dd569aa4758552566b0213ee4d1fe6382c4b
+        SHA256: fe4270a61dbed978c28b2915fcc2826d011148dcb7533fa8bd072ddce5944cef
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2009-11-02 22:14:51'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: dbutil_2_3.sys
+    ImportedFunctions:
+    - KeSetImportanceDpc
+    - KeSetTargetProcessorDpc
+    - MmFreeContiguousMemorySpecifyCache
+    - KeSetPriorityThread
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeInitializeDpc
+    - MmUnmapIoSpace
+    - MmGetPhysicalAddress
+    - MmMapIoSpace
+    - KeInsertQueueDpc
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - MmAllocateContiguousMemorySpecifyCache
+    - KeBugCheckEx
+    Imports:
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: c996d7971c49252c582171d9380360f2
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: Dell Inc.
+    RichPEHeaderHash:
+        MD5: 0df29e332220beca9a43c8a546411803
+        SHA1: fbc770f7abc1c150d19058bc52b402f0530f28bf
+        SHA256: 890246379c5e6ebdb38b657798a7615b23836e48297e4a1d72324cd9388c6ab5
+    SHA1: c948ae14761095e4d76b55d9de86412258be7afd
+    SHA256: 0296e2ce999e67c76352613a718e11516fe1b0efc3ffdb8918fc999dd76a73a5
+    Sections:
+        .text:
+            Entropy: 6.157947073914349
+            Virtual Size: '0xcbe'
+        .rdata:
+            Entropy: 4.556311411979091
+            Virtual Size: '0x1dc'
+        .data:
+            Entropy: 1.9605762165037797
+            Virtual Size: '0x170'
+        .pdata:
+            Entropy: 3.439776353432688
+            Virtual Size: '0x90'
+        PAGE:
+            Entropy: 5.817170922849514
+            Virtual Size: '0x32c'
+        INIT:
+            Entropy: 4.924895661769451
+            Virtual Size: '0x296'
+    Signature:
+    - Dell Inc.
+    - VeriSign Class 3 Code Signing 2004 CA
+    - VeriSign Class 3 Public Primary CA
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=US, ST=Texas, L=Round Rock, O=Dell Inc., OU=Digital ID Class
+                3 , Microsoft Software Validation v2, CN=Dell Inc.
+            ValidFrom: '2006-12-15 00:00:00'
+            ValidTo: '2010-01-10 23:59:59'
+            Signature: 964a90189bd6c008960e4aae75cdf7c5f763b0e04e8921995bb7bb7898297c7d4c84082cc6c324d5a0cc60c77f72cc04c7782416f13b04254e961796dab40b7b5726a18f4f1a1d6a02f18794758bbbc4f8664cef6cc505a5367a8ea999b3c296006dc8336d03d71bfbb5f828d14646a39714657909190d5927bbfa55aec76aad25fe4ec1c5d73b37caec576dbe1a40d13e91509e316dc512d6b07b01c08b7f59f8dbd0d65fcac246b545a91527a2e89c0d3a6603ef49ae2d5373f640ba930fcac4848ae1d1820d3b80866f4335eb9072ece3ab41e80d9d9b1338d8c0e026a11d90e96396b92bf4e4fdf5a161a526f7896a0b77357976010916e455d6bb888d67
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 18a686a1229059017a672136ac2e7265
+            Version: 3
+            TBS:
+                MD5: 3f3990fd4fcf9d9ca9e6a3d53abb0083
+                SHA1: e642b59ed916131746a973ddecfc5549cc81ecb3
+                SHA256: cdfd38299aeafaa4853c8c21e8c33e2f6816a01d2b7daa4b8a7a0a59092d268e
+                SHA384: 33007140387111f8970a2e9f798a874c8ba6c8fc14b41e6cde3308d150e362c97185b5691f2f3647bd928159688d5441
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 18a686a1229059017a672136ac2e7265
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    Imphash: 473c3773ca11aa7371dbf350919c5724
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: e593dd14a41fd9a6cb42fdae324c3092
+        SHA1: e3c1dd569aa4758552566b0213ee4d1fe6382c4b
+        SHA256: fe4270a61dbed978c28b2915fcc2826d011148dcb7533fa8bd072ddce5944cef
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2009-11-02 22:14:51'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: dbutil_2_3.sys
+    ImportedFunctions:
+    - KeSetImportanceDpc
+    - KeSetTargetProcessorDpc
+    - MmFreeContiguousMemorySpecifyCache
+    - KeSetPriorityThread
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeInitializeDpc
+    - MmUnmapIoSpace
+    - MmGetPhysicalAddress
+    - MmMapIoSpace
+    - KeInsertQueueDpc
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - MmAllocateContiguousMemorySpecifyCache
+    - KeBugCheckEx
+    Imports:
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: c996d7971c49252c582171d9380360f2
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: Dell Inc.
+    RichPEHeaderHash:
+        MD5: 0df29e332220beca9a43c8a546411803
+        SHA1: fbc770f7abc1c150d19058bc52b402f0530f28bf
+        SHA256: 890246379c5e6ebdb38b657798a7615b23836e48297e4a1d72324cd9388c6ab5
+    SHA1: c948ae14761095e4d76b55d9de86412258be7afd
+    SHA256: 0296e2ce999e67c76352613a718e11516fe1b0efc3ffdb8918fc999dd76a73a5
+    Sections:
+        .text:
+            Entropy: 6.157947073914349
+            Virtual Size: '0xcbe'
+        .rdata:
+            Entropy: 4.556311411979091
+            Virtual Size: '0x1dc'
+        .data:
+            Entropy: 1.9605762165037797
+            Virtual Size: '0x170'
+        .pdata:
+            Entropy: 3.439776353432688
+            Virtual Size: '0x90'
+        PAGE:
+            Entropy: 5.817170922849514
+            Virtual Size: '0x32c'
+        INIT:
+            Entropy: 4.924895661769451
+            Virtual Size: '0x296'
+    Signature:
+    - Dell Inc.
+    - VeriSign Class 3 Code Signing 2004 CA
+    - VeriSign Class 3 Public Primary CA
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=US, ST=Texas, L=Round Rock, O=Dell Inc., OU=Digital ID Class
+                3 , Microsoft Software Validation v2, CN=Dell Inc.
+            ValidFrom: '2006-12-15 00:00:00'
+            ValidTo: '2010-01-10 23:59:59'
+            Signature: 964a90189bd6c008960e4aae75cdf7c5f763b0e04e8921995bb7bb7898297c7d4c84082cc6c324d5a0cc60c77f72cc04c7782416f13b04254e961796dab40b7b5726a18f4f1a1d6a02f18794758bbbc4f8664cef6cc505a5367a8ea999b3c296006dc8336d03d71bfbb5f828d14646a39714657909190d5927bbfa55aec76aad25fe4ec1c5d73b37caec576dbe1a40d13e91509e316dc512d6b07b01c08b7f59f8dbd0d65fcac246b545a91527a2e89c0d3a6603ef49ae2d5373f640ba930fcac4848ae1d1820d3b80866f4335eb9072ece3ab41e80d9d9b1338d8c0e026a11d90e96396b92bf4e4fdf5a161a526f7896a0b77357976010916e455d6bb888d67
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 18a686a1229059017a672136ac2e7265
+            Version: 3
+            TBS:
+                MD5: 3f3990fd4fcf9d9ca9e6a3d53abb0083
+                SHA1: e642b59ed916131746a973ddecfc5549cc81ecb3
+                SHA256: cdfd38299aeafaa4853c8c21e8c33e2f6816a01d2b7daa4b8a7a0a59092d268e
+                SHA384: 33007140387111f8970a2e9f798a874c8ba6c8fc14b41e6cde3308d150e362c97185b5691f2f3647bd928159688d5441
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 18a686a1229059017a672136ac2e7265
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    Imphash: 473c3773ca11aa7371dbf350919c5724
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 5a1c888607ae9844ed843b06c8d689ea
+        SHA1: 485c0b9710a196c7177b99ee95e5ddb35b26ddd1
+        SHA256: 96ee751f7c38731e97773e07e0f13f4dd361af9aaa1d30b41652c2e6efc3fb3e
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2009-11-02 22:17:17'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: dbutil_2_3.sys
+    ImportedFunctions:
+    - KeInsertQueueDpc
+    - MmFreeContiguousMemorySpecifyCache
+    - memcpy
+    - KeSetPriorityThread
+    - KeGetCurrentThread
+    - MmUnmapIoSpace
+    - WRITE_REGISTER_BUFFER_UCHAR
+    - READ_REGISTER_BUFFER_UCHAR
+    - MmMapIoSpace
+    - MmGetPhysicalAddress
+    - MmAllocateContiguousMemorySpecifyCache
+    - IofCompleteRequest
+    - KeSetImportanceDpc
+    - KeSetTargetProcessorDpc
+    - KeInitializeDpc
+    - IoDeleteDevice
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - RtlInitUnicodeString
+    - memset
+    - KeTickCount
+    - KeBugCheckEx
+    Imports:
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: 084bd27e151fef55b5d80025c3114d35
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 38dd76e1593386ee8ad3ac38dc2e9afb
+        SHA1: d90afc2759c39ceb19e6ca2c41bb930f907e56bc
+        SHA256: e375ae0725df923846d6d83c72a489d208e33fdb03dbe7bc10afe9a11c40c2a1
+    SHA1: c6920171fa6dff2c17eb83befb5fd28e8dddf5f0
+    SHA256: 87e38e7aeaaaa96efe1a74f59fca8371de93544b7af22862eb0e574cec49c7c3
+    Sections:
+        .text:
+            Entropy: 6.207750322327919
+            Virtual Size: '0x4b6'
+        .rdata:
+            Entropy: 4.993003512106535
+            Virtual Size: '0x108'
+        .data:
+            Entropy: 4.565904688646901
+            Virtual Size: '0x60'
+        PAGE:
+            Entropy: 5.974042273921459
+            Virtual Size: '0x513'
+        INIT:
+            Entropy: 5.398626207030868
+            Virtual Size: '0x2ba'
+        .reloc:
+            Entropy: 3.295345307367048
+            Virtual Size: '0xa2'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=US, ST=Texas, L=Round Rock, O=Dell Inc., OU=Digital ID Class
+                3 , Microsoft Software Validation v2, CN=Dell Inc.
+            ValidFrom: '2006-12-15 00:00:00'
+            ValidTo: '2010-01-10 23:59:59'
+            Signature: 964a90189bd6c008960e4aae75cdf7c5f763b0e04e8921995bb7bb7898297c7d4c84082cc6c324d5a0cc60c77f72cc04c7782416f13b04254e961796dab40b7b5726a18f4f1a1d6a02f18794758bbbc4f8664cef6cc505a5367a8ea999b3c296006dc8336d03d71bfbb5f828d14646a39714657909190d5927bbfa55aec76aad25fe4ec1c5d73b37caec576dbe1a40d13e91509e316dc512d6b07b01c08b7f59f8dbd0d65fcac246b545a91527a2e89c0d3a6603ef49ae2d5373f640ba930fcac4848ae1d1820d3b80866f4335eb9072ece3ab41e80d9d9b1338d8c0e026a11d90e96396b92bf4e4fdf5a161a526f7896a0b77357976010916e455d6bb888d67
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 18a686a1229059017a672136ac2e7265
+            Version: 3
+            TBS:
+                MD5: 3f3990fd4fcf9d9ca9e6a3d53abb0083
+                SHA1: e642b59ed916131746a973ddecfc5549cc81ecb3
+                SHA256: cdfd38299aeafaa4853c8c21e8c33e2f6816a01d2b7daa4b8a7a0a59092d268e
+                SHA384: 33007140387111f8970a2e9f798a874c8ba6c8fc14b41e6cde3308d150e362c97185b5691f2f3647bd928159688d5441
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 18a686a1229059017a672136ac2e7265
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    Imphash: 7e1327419d10a7eeece5579526f75d9f
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 3a15f75c672fd3f26510ee4c42785cbd
+        SHA1: 71307f712022732585b78afe1ba655a6d4892d1f
+        SHA256: 56c6977777763d72cd82b3327d97bb05b13c2424d886d87f9ffbb07ead628142
+    Filename: dbutil_2_3.sys
+    MD5: d2fd132ab7bbc6bbb87a84f026fa0244
+    SHA1: 10b30bdee43b3a2ec4aa63375577ade650269d25
+    SHA256: ddbf5ecca5c8086afde1fb4f551e9e6400e94f4428fe7fb5559da5cffa654cc1
+    Signature: ''
+    Date: ''
+    Publisher: ''
+    Company: ''
+    Description: ''
+    Product: ''
+    ProductVersion: ''
+    FileVersion: ''
+    MachineType: AMD64
+    OriginalFilename: ''
+    Imphash: ''
+    RichPEHeaderHash:
+        MD5: 0df29e332220beca9a43c8a546411803
+        SHA1: fbc770f7abc1c150d19058bc52b402f0530f28bf
+        SHA256: 890246379c5e6ebdb38b657798a7615b23836e48297e4a1d72324cd9388c6ab5
+    Sections:
+        .text:
+            Entropy: 0.4700941726633142
+            Virtual Size: '0xcbe'
+        .rdata:
+            Entropy: 5.562685278219123
+            Virtual Size: '0x1dc'
+        .data:
+            Entropy: 5.882833523179626
+            Virtual Size: '0x170'
+        .pdata:
+            Entropy: 4.878200449167054
+            Virtual Size: '0x90'
+        PAGE:
+            Entropy: 5.52594721767507
+            Virtual Size: '0x32c'
+        INIT:
+            Entropy: 1.8484630171924943
+            Virtual Size: '0x296'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2009-11-03 06:14:51'
+    InternalName: ''
+    Copyright: ''
+    Imports: []
+    ExportedFunctions: ''
+    ImportedFunctions: ''
+    Signatures: {}
diff --git a/yaml/a5792a63-ba77-44ac-bd4a-134b24b01033.yaml b/yaml/a5792a63-ba77-44ac-bd4a-134b24b01033.yaml
index 974b15c93..7460cb5fd 100644
--- a/yaml/a5792a63-ba77-44ac-bd4a-134b24b01033.yaml
+++ b/yaml/a5792a63-ba77-44ac-bd4a-134b24b01033.yaml
@@ -1,35 +1,35 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: a5792a63-ba77-44ac-bd4a-134b24b01033
+Tags:
+- 1.sys
+Verified: 'FALSE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create 1.sys binPath=C:\windows\temp\1.sys type=kernel && sc.exe
-    start 1.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection: []
-Id: a5792a63-ba77-44ac-bd4a-134b24b01033
-KnownVulnerableSamples:
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: 1.sys
-  MachineType: ''
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA256: 64f9e664bc6d4b8f5f68616dd50ae819c3e60452efd5e589d6604b9356841b57
-  Signature: []
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create 1.sys binPath=C:\windows\temp\1.sys type=kernel && sc.exe
+        start 1.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules
-Tags:
-- 1.sys
-Verified: 'FALSE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: 1.sys
+    MachineType: ''
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA256: 64f9e664bc6d4b8f5f68616dd50ae819c3e60452efd5e589d6604b9356841b57
+    Signature: []
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/a5ebba11-5a31-48d2-9c6d-78bba397edf1.yaml b/yaml/a5ebba11-5a31-48d2-9c6d-78bba397edf1.yaml
index f8519cf4c..f00995d82 100644
--- a/yaml/a5ebba11-5a31-48d2-9c6d-78bba397edf1.yaml
+++ b/yaml/a5ebba11-5a31-48d2-9c6d-78bba397edf1.yaml
@@ -1,226 +1,226 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: a5ebba11-5a31-48d2-9c6d-78bba397edf1
+Tags:
+- PcieCubed.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: malicious
-Commands:
-  Command: sc.exe create PcieCubed.sys binPath=C:\windows\temp\PcieCubed.sys type=kernel
-    && sc.exe start PcieCubed.sys
-  Description: Driver categorized as POORTRY by Mandiant.
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-03-04'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/fd223833abffa9cd6cc1848d77599673643585925a7ee51259d67c44d361cce8.yara
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_mal_drivers_strict.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: a5ebba11-5a31-48d2-9c6d-78bba397edf1
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 489c034fa8dcfc9d211fc7e8e80c24e6
-    SHA1: 0a2da48019251954888ff3963ef21ccb624c1aba
-    SHA256: 2bbbe2ae5aa51868e7afc2c16c3a0a79fa3302e6830feeccca7f0363a62dddb4
-  Company: Legal Corp.
-  Copyright: 2016 Legal
-  CreationTimestamp: '2017-10-24 00:01:19'
-  Date: ''
-  Description: PCIe Video Capture
-  ExportedFunctions: ''
-  FileVersion: 1.0.0.15
-  Filename: PcieCubed.sys
-  ImportedFunctions:
-  - KeDelayExecutionThread
-  - KeWaitForMultipleObjects
-  - ZwReadFile
-  - RtlInitUnicodeString
-  - MmMapLockedPagesSpecifyCache
-  - ZwQueryInformationFile
-  - IoAllocateMdl
-  - RtlAnsiStringToUnicodeString
-  - IoBuildSynchronousFsdRequest
-  - RtlAppendUnicodeToString
-  - RtlQueryRegistryValues
-  - RtlInitAnsiString
-  - ZwSetValueKey
-  - ObfDereferenceObject
-  - ZwQueryValueKey
-  - ExAllocatePool
-  - RtlAppendUnicodeStringToString
-  - IoFreeIrp
-  - IoGetAttachedDeviceReference
-  - IoAllocateIrp
-  - RtlCopyUnicodeString
-  - IoOpenDeviceRegistryKey
-  - IoGetDeviceProperty
-  - ZwEnumerateKey
-  - IofCallDriver
-  - ZwQueryKey
-  - ZwOpenKey
-  - PoUnregisterSystemState
-  - PoRegisterSystemState
-  - RtlCompareMemory
-  - KeBugCheckEx
-  - KeReleaseSemaphore
-  - KeWaitForSingleObject
-  - ObReferenceObjectByHandle
-  - KeInitializeSemaphore
-  - ZwClose
-  - PsTerminateSystemThread
-  - PsCreateSystemThread
-  - KeInitializeEvent
-  - KeSetEvent
-  - KeSetPriorityThread
-  - KeClearEvent
-  - ExFreePool
-  - KeAcquireSpinLockRaiseToDpc
-  - KeReleaseSpinLock
-  - DbgPrint
-  - ExFreePoolWithTag
-  - RtlFreeUnicodeString
-  - ExAllocatePoolWithTag
-  - ZwOpenFile
-  - IoConnectInterrupt
-  - IoDisconnectInterrupt
-  - IoGetDmaAdapter
-  - IoFreeMdl
-  - KeInsertQueueDpc
-  - MmProbeAndLockPages
-  - MmUnlockPages
-  - MmUnmapIoSpace
-  - KeInitializeDpc
-  - MmMapIoSpace
-  - KeSetTimerEx
-  - KeInitializeTimerEx
-  - KeCancelTimer
-  - MmGetSystemRoutineAddress
-  - PsGetVersion
-  - __C_specific_handler
-  - memcmp
-  - KeQueryPerformanceCounter
-  - KsPinGetLeadingEdgeStreamPointer
-  - KsPinGetParentFilter
-  - KsStreamPointerUnlock
-  - KsGetPinFromIrp
-  - KsGetFilterFromIrp
-  - KsGetDevice
-  - _KsEdit
-  - KsReleaseDevice
-  - KsCreateFilterFactory
-  - KsAddItemToObjectBag
-  - KsInitializeDriver
-  - KsFilterFactoryUpdateCacheData
-  - KsPinReleaseProcessingMutex
-  - KsPinAcquireProcessingMutex
-  - KsAcquireDevice
-  - KsPinGetReferenceClockInterface
-  Imports:
-  - ntoskrnl.exe
-  - HAL.DLL
-  - ks.sys
-  InternalName: ''
-  MD5: 22949977ce5cd96ba674b403a9c81285
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: PcieCubed.sys
-  Product: PCI Express Video Capture
-  ProductVersion: 1.0.0.15
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 1bef43f2e0bf4a79c17818c4437f1b78
-    SHA1: d1d5c1e0a1dc1049ac16711d7ba8943954167639
-    SHA256: 095a215b9a8ab34f0ddc1e7df4d6687eff136ff73ceb3e81296ecce27926a91a
-  SHA1: 745335bcdf02fb42df7d890a24858e16094f48fd
-  SHA256: fd223833abffa9cd6cc1848d77599673643585925a7ee51259d67c44d361cce8
-  Sections:
-    .text:
-      Entropy: 6.346689098489718
-      Virtual Size: '0x3f92d'
-    .rdata:
-      Entropy: 4.6238943300255775
-      Virtual Size: '0x1ab24'
-    .data:
-      Entropy: 3.3567678592928782
-      Virtual Size: '0x205d4'
-    .pdata:
-      Entropy: 5.574699559285883
-      Virtual Size: '0x1f08'
-    PAGE:
-      Entropy: 0.8112781244591328
-      Virtual Size: '0x18'
-    INIT:
-      Entropy: 5.187652924677167
-      Virtual Size: '0xabe'
-    .rsrc:
-      Entropy: 3.3153275739966412
-      Virtual Size: '0x378'
-    .reloc:
-      Entropy: 3.3480125359038277
-      Virtual Size: '0x8e8'
-  Signature:
-  - Microsoft Windows Hardware Compatibility Publisher
-  - Microsoft Windows Third Party Component CA 2014
-  - Microsoft Root Certificate Authority 2010
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Hardware Compatibility Publisher
-      ValidFrom: '2022-06-07 18:08:06'
-      ValidTo: '2023-06-01 18:08:06'
-      Signature: 0a835e40cdb627d4f0a0d3dbbf64a46a05c132d0b5df9d11cd9c195d7037737057d57a342732ae68d67de47f460e7211c7c40dc29b0a079caff871c4834a9a2fc85e759de9b78659ad6fd79b7320e538e9ba5d52227ad67cc00b0a770ef662af3d743a558643ad89cfb015591709a69b6271a9b65db71898e7cb9964c6376dc474898301a6133198b486b518fdd9d7b9723dcffc441e026833f7c72e27986026c97b9184a0048b10d1fe6847ae467f02173f7a69120be780e5b6b9e6399402cc58735a31b537cc33578fbea443135a4a612359150bcf9ab316f6a9248bc71ef3f3480b9b3fa2341692bc3a121d80214688f7bd87d5ec56dcbd0ea61abf2c7ed2b739a07590adb596d401735d955f5f94c591d69ab4363a42f9fca549d439495711ff7990448c03724792ed4acf31f2b35b136c1b2f37aa82b1aabf7daf059dcb2e976e95311ec6e9cc53876dd09632cf512d39c801849a7c1088a565691953e07c7ff17b22518e982dd2dcc0feda8c834ca1f5e247aef1c3af5f13cd4b8cc1b6c0179bc876db88d677047c34366533e349796dbdea86389ad640710b7742ae8cc4ec88f10fa80ede4b1c93f81b55480fc8228216d54813df0327e74b3db9f3512a40c0568e4215827f9b7a2613deea72a7ec4df2def05e5559015049fe83edc83300526045cb128119e131b7d3573b268e24b0a25b9ad59f6301c8fc8f409322
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 3300000057ee4d659a923e7c10000000000057
-      Version: 3
-      TBS:
-        MD5: fdc11a5676aed4e9cc0c09eeb7450dfb
-        SHA1: 4902077d9a05d4231b791d3b05bafa4a79132f03
-        SHA256: 5db56c23d83bf67c7152e28ad4a684a7372b4ae4f52afe7a81ce91eef94caec3
-        SHA384: c952d7f0e0ea5216ce4400601fb7c0829f0f3fcd6eb2b5b9112fbe45d133e00c4abd660f8e1794f7ac4ef95123e2c0ab
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2014
-      ValidFrom: '2014-10-15 20:31:27'
-      ValidTo: '2029-10-15 20:41:27'
-      Signature: 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 330000000d690d5d7893d076df00000000000d
-      Version: 3
-      TBS:
-        MD5: 83f69422963f11c3c340b81712eef319
-        SHA1: 0c5e5f24590b53bc291e28583acb78e5adc95601
-        SHA256: d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
-        SHA384: 260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63
-    Signer:
-    - SerialNumber: 3300000057ee4d659a923e7c10000000000057
-      Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2014
-      Version: 1
-  Imphash: 3c5d2ffd06074f1b09c89465cc8bfbf7
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: malicious
+Commands:
+    Command: sc.exe create PcieCubed.sys binPath=C:\windows\temp\PcieCubed.sys type=kernel
+        && sc.exe start PcieCubed.sys
+    Description: Driver categorized as POORTRY by Mandiant.
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://www.mandiant.com/resources/blog/hunting-attestation-signed-malware
 - ''
-Tags:
-- PcieCubed.sys
-Verified: 'TRUE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/fd223833abffa9cd6cc1848d77599673643585925a7ee51259d67c44d361cce8.yara
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_mal_drivers_strict.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 489c034fa8dcfc9d211fc7e8e80c24e6
+        SHA1: 0a2da48019251954888ff3963ef21ccb624c1aba
+        SHA256: 2bbbe2ae5aa51868e7afc2c16c3a0a79fa3302e6830feeccca7f0363a62dddb4
+    Company: Legal Corp.
+    Copyright: 2016 Legal
+    CreationTimestamp: '2017-10-24 00:01:19'
+    Date: ''
+    Description: PCIe Video Capture
+    ExportedFunctions: ''
+    FileVersion: 1.0.0.15
+    Filename: PcieCubed.sys
+    ImportedFunctions:
+    - KeDelayExecutionThread
+    - KeWaitForMultipleObjects
+    - ZwReadFile
+    - RtlInitUnicodeString
+    - MmMapLockedPagesSpecifyCache
+    - ZwQueryInformationFile
+    - IoAllocateMdl
+    - RtlAnsiStringToUnicodeString
+    - IoBuildSynchronousFsdRequest
+    - RtlAppendUnicodeToString
+    - RtlQueryRegistryValues
+    - RtlInitAnsiString
+    - ZwSetValueKey
+    - ObfDereferenceObject
+    - ZwQueryValueKey
+    - ExAllocatePool
+    - RtlAppendUnicodeStringToString
+    - IoFreeIrp
+    - IoGetAttachedDeviceReference
+    - IoAllocateIrp
+    - RtlCopyUnicodeString
+    - IoOpenDeviceRegistryKey
+    - IoGetDeviceProperty
+    - ZwEnumerateKey
+    - IofCallDriver
+    - ZwQueryKey
+    - ZwOpenKey
+    - PoUnregisterSystemState
+    - PoRegisterSystemState
+    - RtlCompareMemory
+    - KeBugCheckEx
+    - KeReleaseSemaphore
+    - KeWaitForSingleObject
+    - ObReferenceObjectByHandle
+    - KeInitializeSemaphore
+    - ZwClose
+    - PsTerminateSystemThread
+    - PsCreateSystemThread
+    - KeInitializeEvent
+    - KeSetEvent
+    - KeSetPriorityThread
+    - KeClearEvent
+    - ExFreePool
+    - KeAcquireSpinLockRaiseToDpc
+    - KeReleaseSpinLock
+    - DbgPrint
+    - ExFreePoolWithTag
+    - RtlFreeUnicodeString
+    - ExAllocatePoolWithTag
+    - ZwOpenFile
+    - IoConnectInterrupt
+    - IoDisconnectInterrupt
+    - IoGetDmaAdapter
+    - IoFreeMdl
+    - KeInsertQueueDpc
+    - MmProbeAndLockPages
+    - MmUnlockPages
+    - MmUnmapIoSpace
+    - KeInitializeDpc
+    - MmMapIoSpace
+    - KeSetTimerEx
+    - KeInitializeTimerEx
+    - KeCancelTimer
+    - MmGetSystemRoutineAddress
+    - PsGetVersion
+    - __C_specific_handler
+    - memcmp
+    - KeQueryPerformanceCounter
+    - KsPinGetLeadingEdgeStreamPointer
+    - KsPinGetParentFilter
+    - KsStreamPointerUnlock
+    - KsGetPinFromIrp
+    - KsGetFilterFromIrp
+    - KsGetDevice
+    - _KsEdit
+    - KsReleaseDevice
+    - KsCreateFilterFactory
+    - KsAddItemToObjectBag
+    - KsInitializeDriver
+    - KsFilterFactoryUpdateCacheData
+    - KsPinReleaseProcessingMutex
+    - KsPinAcquireProcessingMutex
+    - KsAcquireDevice
+    - KsPinGetReferenceClockInterface
+    Imports:
+    - ntoskrnl.exe
+    - HAL.DLL
+    - ks.sys
+    InternalName: ''
+    MD5: 22949977ce5cd96ba674b403a9c81285
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: PcieCubed.sys
+    Product: PCI Express Video Capture
+    ProductVersion: 1.0.0.15
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 1bef43f2e0bf4a79c17818c4437f1b78
+        SHA1: d1d5c1e0a1dc1049ac16711d7ba8943954167639
+        SHA256: 095a215b9a8ab34f0ddc1e7df4d6687eff136ff73ceb3e81296ecce27926a91a
+    SHA1: 745335bcdf02fb42df7d890a24858e16094f48fd
+    SHA256: fd223833abffa9cd6cc1848d77599673643585925a7ee51259d67c44d361cce8
+    Sections:
+        .text:
+            Entropy: 6.346689098489718
+            Virtual Size: '0x3f92d'
+        .rdata:
+            Entropy: 4.6238943300255775
+            Virtual Size: '0x1ab24'
+        .data:
+            Entropy: 3.3567678592928782
+            Virtual Size: '0x205d4'
+        .pdata:
+            Entropy: 5.574699559285883
+            Virtual Size: '0x1f08'
+        PAGE:
+            Entropy: 0.8112781244591328
+            Virtual Size: '0x18'
+        INIT:
+            Entropy: 5.187652924677167
+            Virtual Size: '0xabe'
+        .rsrc:
+            Entropy: 3.3153275739966412
+            Virtual Size: '0x378'
+        .reloc:
+            Entropy: 3.3480125359038277
+            Virtual Size: '0x8e8'
+    Signature:
+    - Microsoft Windows Hardware Compatibility Publisher
+    - Microsoft Windows Third Party Component CA 2014
+    - Microsoft Root Certificate Authority 2010
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Hardware Compatibility Publisher
+            ValidFrom: '2022-06-07 18:08:06'
+            ValidTo: '2023-06-01 18:08:06'
+            Signature: 0a835e40cdb627d4f0a0d3dbbf64a46a05c132d0b5df9d11cd9c195d7037737057d57a342732ae68d67de47f460e7211c7c40dc29b0a079caff871c4834a9a2fc85e759de9b78659ad6fd79b7320e538e9ba5d52227ad67cc00b0a770ef662af3d743a558643ad89cfb015591709a69b6271a9b65db71898e7cb9964c6376dc474898301a6133198b486b518fdd9d7b9723dcffc441e026833f7c72e27986026c97b9184a0048b10d1fe6847ae467f02173f7a69120be780e5b6b9e6399402cc58735a31b537cc33578fbea443135a4a612359150bcf9ab316f6a9248bc71ef3f3480b9b3fa2341692bc3a121d80214688f7bd87d5ec56dcbd0ea61abf2c7ed2b739a07590adb596d401735d955f5f94c591d69ab4363a42f9fca549d439495711ff7990448c03724792ed4acf31f2b35b136c1b2f37aa82b1aabf7daf059dcb2e976e95311ec6e9cc53876dd09632cf512d39c801849a7c1088a565691953e07c7ff17b22518e982dd2dcc0feda8c834ca1f5e247aef1c3af5f13cd4b8cc1b6c0179bc876db88d677047c34366533e349796dbdea86389ad640710b7742ae8cc4ec88f10fa80ede4b1c93f81b55480fc8228216d54813df0327e74b3db9f3512a40c0568e4215827f9b7a2613deea72a7ec4df2def05e5559015049fe83edc83300526045cb128119e131b7d3573b268e24b0a25b9ad59f6301c8fc8f409322
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 3300000057ee4d659a923e7c10000000000057
+            Version: 3
+            TBS:
+                MD5: fdc11a5676aed4e9cc0c09eeb7450dfb
+                SHA1: 4902077d9a05d4231b791d3b05bafa4a79132f03
+                SHA256: 5db56c23d83bf67c7152e28ad4a684a7372b4ae4f52afe7a81ce91eef94caec3
+                SHA384: c952d7f0e0ea5216ce4400601fb7c0829f0f3fcd6eb2b5b9112fbe45d133e00c4abd660f8e1794f7ac4ef95123e2c0ab
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2014
+            ValidFrom: '2014-10-15 20:31:27'
+            ValidTo: '2029-10-15 20:41:27'
+            Signature: 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 330000000d690d5d7893d076df00000000000d
+            Version: 3
+            TBS:
+                MD5: 83f69422963f11c3c340b81712eef319
+                SHA1: 0c5e5f24590b53bc291e28583acb78e5adc95601
+                SHA256: d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
+                SHA384: 260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63
+        Signer:
+        -   SerialNumber: 3300000057ee4d659a923e7c10000000000057
+            Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2014
+            Version: 1
+    Imphash: 3c5d2ffd06074f1b09c89465cc8bfbf7
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/a66d0413-cc82-4f1e-bcf1-0dcf9d79f6c0.yaml b/yaml/a66d0413-cc82-4f1e-bcf1-0dcf9d79f6c0.yaml
index 15b512cd1..717e8af41 100644
--- a/yaml/a66d0413-cc82-4f1e-bcf1-0dcf9d79f6c0.yaml
+++ b/yaml/a66d0413-cc82-4f1e-bcf1-0dcf9d79f6c0.yaml
@@ -1,161 +1,161 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: a66d0413-cc82-4f1e-bcf1-0dcf9d79f6c0
+Tags:
+- BS_HWMIO64_W10.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create BS_HWMIO64_W10.sys binPath=C:\windows\temp\BS_HWMIO64_W10.sys     type=kernel
-    && sc.exe start BS_HWMIO64_W10.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/1d0397c263d51e9fc95bcc8baf98d1a853e1c0401cd0e27c7bf5da3fba1c93a8.yara
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: a66d0413-cc82-4f1e-bcf1-0dcf9d79f6c0
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 88704eaf268ad2d72eb099de209873c6
-    SHA1: 2d8499e9b45d7ae198cab59c7435bc83cd4162a0
-    SHA256: c3fa4872fd2c286904a0cf37a392ef89fb6ba2a84fc9e1b66c70e0cb5ae28efa
-  Company: BIOSTAR Group
-  Copyright: Copyright (c) 2018-2019 BIOSTAR Group
-  CreationTimestamp: '2018-06-22 01:44:19'
-  Date: ''
-  Description: I/O Interface driver file
-  ExportedFunctions: ''
-  FileVersion: 10, 0, 1806, 2200
-  Filename: BS_HWMIO64_W10.sys
-  ImportedFunctions:
-  - KeInitializeSemaphore
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeSetEvent
-  - MmUnmapIoSpace
-  - KeDelayExecutionThread
-  - PsCreateSystemThread
-  - IoStartNextPacket
-  - PsTerminateSystemThread
-  - ExEventObjectType
-  - MmMapIoSpace
-  - IoDeleteDevice
-  - ObReferenceObjectByHandle
-  - KeWaitForSingleObject
-  - KeReleaseSemaphore
-  - ObfDereferenceObject
-  - IoReleaseCancelSpinLock
-  - IoAcquireCancelSpinLock
-  - IoStartPacket
-  - IofCompleteRequest
-  - KeRemoveEntryDeviceQueue
-  - KeBugCheckEx
-  - RtlInitUnicodeString
-  - ZwClose
-  - IoDeleteSymbolicLink
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: I/O driver
-  MD5: d2588631d8aae2a3e54410eaf54f0679
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: BS_HWMIO64_W10.sys
-  Product: BIOSTAR I/O driver
-  ProductVersion: 10, 0, 1806, 2200
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: fa3d25060a1ec2f8199a8bba2d045991
-    SHA1: ad2b349c74d3ed46f9becdf406543a042bc9aa42
-    SHA256: 248bdbea478bce55d40dfffeec5d164dd8018c12791b03ef33306faa402a261c
-  SHA1: cb3de54667548a5c9abf5d8fa47db4097fcee9f1
-  SHA256: 1d0397c263d51e9fc95bcc8baf98d1a853e1c0401cd0e27c7bf5da3fba1c93a8
-  Sections:
-    .text:
-      Entropy: 6.347451867098618
-      Virtual Size: '0x17fa'
-    .rdata:
-      Entropy: 4.575317657961913
-      Virtual Size: '0x284'
-    .data:
-      Entropy: 0.4546683345547283
-      Virtual Size: '0x13c'
-    .pdata:
-      Entropy: 3.779283626461584
-      Virtual Size: '0x108'
-    INIT:
-      Entropy: 5.347992842976472
-      Virtual Size: '0x560'
-    .rsrc:
-      Entropy: 3.4136205238930715
-      Virtual Size: '0x420'
-  Signature:
-  - Microsoft Windows Hardware Compatibility Publisher
-  - Microsoft Windows Third Party Component CA 2014
-  - Microsoft Root Certificate Authority 2010
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Hardware Compatibility Publisher
-      ValidFrom: '2017-10-05 17:44:16'
-      ValidTo: '2018-10-05 17:44:16'
-      Signature: 5d029dd2c0ca0f997555ec89434d33899bd9a1ed711df775386647a579200c20df265adea863cc62d7e52425677abd190bf3717a12cd237961cdb74793930af7d63c57e4b868dbe09b8f03604a5a2e2b7fda4f9210aca193758f848d353f68f5913887c6e286a88519db9258401e939a2b541ea2b970460afa999f9fd26ba5b7c109d1088a3c2d42873691ff2ccb482289205190d0349c1f5b559f5f84e2bfa45e0152111d2c54ccd7d6212c50b5de6f0add83776bc70b319a108076fde4973d281e0f020f33dd8f7d57501216c6499d40dd8ac64566a564fee1abf5d3667d3b9bc9c904dfba7c0ca42b0d8267b16e8fe257f11c45f2fbe2d9bba0f688d12c4ffb563b68fc1e8be829f600829c49fdac4f757ea24e774d000ef3caa359f1a34ef54c77a3c0c11fc3a5849efd089b301356ff4c88a811abfdadeac18a64f61ea2d79146c18c0d3f066abc0b0fa9e803a8a3e99a960be0c4b40a7a36a7d2880ff89a17f7db91181f67dd134ae7751ac0bcdf047c262834fe3ad8ca28e2f74c3ad7f370b6f184fb58001f1b12c1aa214117f3b253162d2a29a5096d6620324c63c5e32a3cf7384664a09a978dbbebe0b6e34d1aaa1b959e620b0e37750322453dcd172537bd90717c9c9508ad1f3b9281091562c62a2a3004b89d35ee7cb6ea1927b32ffac4bdeaa1b596c5a136e0dd4498fbd3c3a6f17c4ee2668ab03229a4a013
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 330000001f9800c911029569be00000000001f
-      Version: 3
-      TBS:
-        MD5: adc809facabcdfc353d4e5d9f8956845
-        SHA1: ec1181c8eafabeee4ba13edd8f260a880474b665
-        SHA256: cca1b4b3969e9dc0065cfa36ee48648341771a5af94db2d51320d6352c16c85b
-        SHA384: a2dfd2d0ad5b27d66da28e972c313ebc2395004638dc6344fafd26d79735359f7562d273b7dbacf6ab294a913a20cd0b
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2014
-      ValidFrom: '2014-10-15 20:31:27'
-      ValidTo: '2029-10-15 20:41:27'
-      Signature: 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 330000000d690d5d7893d076df00000000000d
-      Version: 3
-      TBS:
-        MD5: 83f69422963f11c3c340b81712eef319
-        SHA1: 0c5e5f24590b53bc291e28583acb78e5adc95601
-        SHA256: d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
-        SHA384: 260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63
-    Signer:
-    - SerialNumber: 330000001f9800c911029569be00000000001f
-      Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2014
-      Version: 1
-  Imphash: 095c0cdb9c0421da216371c1f4e8790e
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create BS_HWMIO64_W10.sys binPath=C:\windows\temp\BS_HWMIO64_W10.sys     type=kernel
+        && sc.exe start BS_HWMIO64_W10.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://github.com/eclypsium/Screwed-Drivers/blob/master/DRIVERS.md
-Tags:
-- BS_HWMIO64_W10.sys
-Verified: 'TRUE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/1d0397c263d51e9fc95bcc8baf98d1a853e1c0401cd0e27c7bf5da3fba1c93a8.yara
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 88704eaf268ad2d72eb099de209873c6
+        SHA1: 2d8499e9b45d7ae198cab59c7435bc83cd4162a0
+        SHA256: c3fa4872fd2c286904a0cf37a392ef89fb6ba2a84fc9e1b66c70e0cb5ae28efa
+    Company: BIOSTAR Group
+    Copyright: Copyright (c) 2018-2019 BIOSTAR Group
+    CreationTimestamp: '2018-06-22 01:44:19'
+    Date: ''
+    Description: I/O Interface driver file
+    ExportedFunctions: ''
+    FileVersion: 10, 0, 1806, 2200
+    Filename: BS_HWMIO64_W10.sys
+    ImportedFunctions:
+    - KeInitializeSemaphore
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeSetEvent
+    - MmUnmapIoSpace
+    - KeDelayExecutionThread
+    - PsCreateSystemThread
+    - IoStartNextPacket
+    - PsTerminateSystemThread
+    - ExEventObjectType
+    - MmMapIoSpace
+    - IoDeleteDevice
+    - ObReferenceObjectByHandle
+    - KeWaitForSingleObject
+    - KeReleaseSemaphore
+    - ObfDereferenceObject
+    - IoReleaseCancelSpinLock
+    - IoAcquireCancelSpinLock
+    - IoStartPacket
+    - IofCompleteRequest
+    - KeRemoveEntryDeviceQueue
+    - KeBugCheckEx
+    - RtlInitUnicodeString
+    - ZwClose
+    - IoDeleteSymbolicLink
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: I/O driver
+    MD5: d2588631d8aae2a3e54410eaf54f0679
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: BS_HWMIO64_W10.sys
+    Product: BIOSTAR I/O driver
+    ProductVersion: 10, 0, 1806, 2200
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: fa3d25060a1ec2f8199a8bba2d045991
+        SHA1: ad2b349c74d3ed46f9becdf406543a042bc9aa42
+        SHA256: 248bdbea478bce55d40dfffeec5d164dd8018c12791b03ef33306faa402a261c
+    SHA1: cb3de54667548a5c9abf5d8fa47db4097fcee9f1
+    SHA256: 1d0397c263d51e9fc95bcc8baf98d1a853e1c0401cd0e27c7bf5da3fba1c93a8
+    Sections:
+        .text:
+            Entropy: 6.347451867098618
+            Virtual Size: '0x17fa'
+        .rdata:
+            Entropy: 4.575317657961913
+            Virtual Size: '0x284'
+        .data:
+            Entropy: 0.4546683345547283
+            Virtual Size: '0x13c'
+        .pdata:
+            Entropy: 3.779283626461584
+            Virtual Size: '0x108'
+        INIT:
+            Entropy: 5.347992842976472
+            Virtual Size: '0x560'
+        .rsrc:
+            Entropy: 3.4136205238930715
+            Virtual Size: '0x420'
+    Signature:
+    - Microsoft Windows Hardware Compatibility Publisher
+    - Microsoft Windows Third Party Component CA 2014
+    - Microsoft Root Certificate Authority 2010
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Hardware Compatibility Publisher
+            ValidFrom: '2017-10-05 17:44:16'
+            ValidTo: '2018-10-05 17:44:16'
+            Signature: 5d029dd2c0ca0f997555ec89434d33899bd9a1ed711df775386647a579200c20df265adea863cc62d7e52425677abd190bf3717a12cd237961cdb74793930af7d63c57e4b868dbe09b8f03604a5a2e2b7fda4f9210aca193758f848d353f68f5913887c6e286a88519db9258401e939a2b541ea2b970460afa999f9fd26ba5b7c109d1088a3c2d42873691ff2ccb482289205190d0349c1f5b559f5f84e2bfa45e0152111d2c54ccd7d6212c50b5de6f0add83776bc70b319a108076fde4973d281e0f020f33dd8f7d57501216c6499d40dd8ac64566a564fee1abf5d3667d3b9bc9c904dfba7c0ca42b0d8267b16e8fe257f11c45f2fbe2d9bba0f688d12c4ffb563b68fc1e8be829f600829c49fdac4f757ea24e774d000ef3caa359f1a34ef54c77a3c0c11fc3a5849efd089b301356ff4c88a811abfdadeac18a64f61ea2d79146c18c0d3f066abc0b0fa9e803a8a3e99a960be0c4b40a7a36a7d2880ff89a17f7db91181f67dd134ae7751ac0bcdf047c262834fe3ad8ca28e2f74c3ad7f370b6f184fb58001f1b12c1aa214117f3b253162d2a29a5096d6620324c63c5e32a3cf7384664a09a978dbbebe0b6e34d1aaa1b959e620b0e37750322453dcd172537bd90717c9c9508ad1f3b9281091562c62a2a3004b89d35ee7cb6ea1927b32ffac4bdeaa1b596c5a136e0dd4498fbd3c3a6f17c4ee2668ab03229a4a013
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 330000001f9800c911029569be00000000001f
+            Version: 3
+            TBS:
+                MD5: adc809facabcdfc353d4e5d9f8956845
+                SHA1: ec1181c8eafabeee4ba13edd8f260a880474b665
+                SHA256: cca1b4b3969e9dc0065cfa36ee48648341771a5af94db2d51320d6352c16c85b
+                SHA384: a2dfd2d0ad5b27d66da28e972c313ebc2395004638dc6344fafd26d79735359f7562d273b7dbacf6ab294a913a20cd0b
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2014
+            ValidFrom: '2014-10-15 20:31:27'
+            ValidTo: '2029-10-15 20:41:27'
+            Signature: 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 330000000d690d5d7893d076df00000000000d
+            Version: 3
+            TBS:
+                MD5: 83f69422963f11c3c340b81712eef319
+                SHA1: 0c5e5f24590b53bc291e28583acb78e5adc95601
+                SHA256: d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
+                SHA384: 260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63
+        Signer:
+        -   SerialNumber: 330000001f9800c911029569be00000000001f
+            Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2014
+            Version: 1
+    Imphash: 095c0cdb9c0421da216371c1f4e8790e
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/a7628504-9e35-4e42-91f7-0c0a512549f4.yaml b/yaml/a7628504-9e35-4e42-91f7-0c0a512549f4.yaml
index 202275d1e..2c0d28d3d 100644
--- a/yaml/a7628504-9e35-4e42-91f7-0c0a512549f4.yaml
+++ b/yaml/a7628504-9e35-4e42-91f7-0c0a512549f4.yaml
@@ -1,650 +1,651 @@
 Id: a7628504-9e35-4e42-91f7-0c0a512549f4
+Tags:
+- SANDRA.sys
+Verified: 'TRUE'
 Author: Nasreddine Bencherchali
 Created: '2023-05-06'
 MitreID: T1068
 Category: vulnerable driver
-Verified: 'TRUE'
 Commands:
-  Command: sc.exe create SANDRA binPath=C:\windows\temp\SANDRA type=kernel && sc.exe
-    start SANDRA
-  Description: ''
-  Usecase: Elevate privileges
-  Privileges: kernel
-  OperatingSystem: Windows 10
+    Command: sc.exe create SANDRA binPath=C:\windows\temp\SANDRA type=kernel && sc.exe
+        start SANDRA
+    Description: ''
+    Usecase: Elevate privileges
+    Privileges: kernel
+    OperatingSystem: Windows 10
 Resources:
 - Internal Research
-Acknowledgement:
-  Person: ''
-  Handle: ''
 Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Person: ''
+    Handle: ''
 KnownVulnerableSamples:
-- Filename: SANDRA
-  MD5: c842827d4704a5ef53a809463254e1cc
-  SHA1: 09c567b8dd7c7f93884c2e6b71a7149fc0a7a1b5
-  SHA256: 3e274df646f191d2705c0beaa35eeea84808593c3b333809f13632782e27ad75
-  Authentihash:
-    MD5: e4c579f7ebcf89c4f5790a584eb5af4c
-    SHA1: 6cec31c2fa78387a8d4d06934ac370033dd24ade
-    SHA256: 959860cea7a720811a960e28e0318c470948d96ab3ba3312d20fea0f24bc0979
-  Description: Sandra Device Driver (Win64 x64)(Unicode)
-  Company: SiSoftware
-  InternalName: SANDRA
-  OriginalFilename: SANDRA
-  FileVersion: '10.7.1.1 built by: WinDDK'
-  Product: SiSoftware Sandra
-  ProductVersion: 10.7.1.1
-  Copyright: "Copyright \xA9 SiSoftware Ltd 1995-2007. All rights reserved."
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - ZwSetValueKey
-  - NtQueryInformationProcess
-  - ZwClose
-  - MmMapIoSpace
-  - MmUnmapIoSpace
-  - IoQueryDeviceDescription
-  - ZwSetInformationThread
-  - RtlUnicodeStringToAnsiString
-  - MmMapLockedPagesSpecifyCache
-  - MmUnmapLockedPages
-  - IoFreeMdl
-  - IoAllocateMdl
-  - MmBuildMdlForNonPagedPool
-  - ZwCreateKey
-  - IoRegisterShutdownNotification
-  - MmResetDriverPaging
-  - KeAcquireSpinLockRaiseToDpc
-  - KeReleaseSpinLock
-  - IofCompleteRequest
-  - MmPageEntireDriver
-  - IoUnregisterShutdownNotification
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - RtlQueryRegistryValues
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - KeBugCheckEx
-  - RtlAppendUnicodeToString
-  - IoReportResourceUsage
-  - RtlInitUnicodeString
-  - __C_specific_handler
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  - HalTranslateBusAddress
-  - KeStallExecutionProcessor
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, OU=GeoTrust TrustCenter CodeSigning CA, O=GeoTrust Inc, CN=GeoTrust
-        TrustCenter CodeSigning CA I
-      ValidFrom: '2006-02-01 21:44:28'
-      ValidTo: '2016-01-30 21:44:28'
-      Signature: 65c62c9e0fc5dec5639b6e8341e0d9137104dcd9813151f57eb9930d2ef80ae8c329c0e15e02c935bb2d936ff620702b7af688c0a60133696035618235da87d374289fa4b7c023012a763198473d2bd618173691b6203e8c00876f603252123d15d2a49c00def933f55e980a433ab6af40d8924b85b25701b2c9b09174f7b754
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 05ab96
-      Version: 3
-      TBS:
-        MD5: 861ac2a336eb5977ee1d342b79b3339a
-        SHA1: 172f39bca3dda7c6d5169c96b34a5fe7e96ff0bd
-        SHA256: 4e5f8008413b8bd1daacea968d79051fc84d2fcd76ded06c65fd8d2cf3b4e2e1
-        SHA384: 99b4b343c5b223a1446551c3dd26e2a0dcafe214460c5fcc4f9f12eaca42695ae9adb04fc19eec33f17d1659a0730e95
-    - Subject: C=GB, ST=London, L=London, O=SiSoftware Ltd, OU=Development, OU=GeoTrust
-        Code Signing, CN=SiSoftware Ltd
-      ValidFrom: '2006-08-25 14:34:37'
-      ValidTo: '2009-08-25 14:34:37'
-      Signature: 4c99f17e9f0b78f896f63b6e8169341c47002763232639c5a84b1ca9ce9af913f4fb60a7a35671b1eedbdd3a6f8e25f1976ec8ca8cd430e26df8872f17e846280193959d43d627fe7e1ec7090b0b5d556a343835712f2a89963601f1ada68ec83c674d1314800ccef6cb90950d53488917e8ad20a291bedbe8bdf439d2d7e511510ed93e25efc0c96d47dcebada3c4343a3572e8c54b73d5d9945278129d735147ca201016dd7ae28429501b4fcf0ec713e6a1399dcc6050e3f7ced3c3d470beed59c912a287014097a3cd1b30fed67c26e21a78b1e32f3dc2ddfb118a9208cd030d936f380cecd2c20046f6ce477d1a303a4ff6666b1294702a2d5d0cf3cbc7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 008da900010020ba965fe3dc471ba8
-      Version: 3
-      TBS:
-        MD5: 53874260ddccaab0a480923b0bdb9f87
-        SHA1: 918b8c4efb05da56f1d3d99f99a20eebaca51734
-        SHA256: ba08cbcbf581a6f105512e5ce808655aeb91406ae3565ab1cdee935f19d9c86e
-        SHA384: 2c9c1ef0dce7e30a34e8873394e6142d705ae6eb8c2aa7cafb4ff600f56df44213ad4437ea6771b0d79b79fa31eeda60
-    - Subject: C=US, O=GeoTrust Inc., OU=GeoTrust TrustCenter Timestamp, CN=GeoTrust
-        TrustCenter Authenticode Timestamp I
-      ValidFrom: '2006-02-13 15:40:22'
-      ValidTo: '2016-02-11 15:40:22'
-      Signature: bb64424e3d84a554ba24c4d75f1adbff39b1e0569823903b43d0d95dde4aacb2c13c40d61330b7ba52d48127399813f0c3754d556b0375bcc671348bf7e7e73916ed64ef034ef6a611ad21b3ecc0281f040d8c09aa32d72c99f16216d26e6f387e29504782ab56733ba9e75c53456699b30acfc19840d31d4228274c497f1ab1f9827a2ff19b3b784e48511a2af48c06c09610e337b18d9be9739267b2b45fae47daa2fd8f5b9dbbb85a080a12c025ecd637182df0661ec24020c0303cc7fe64d032590519f908d367c1d5ffa85948d7c1dda9f06fe09acc4e55a625fa3175f41d46ab5c9e35a86b9dfa1bb608e586a0ed95d9fe6ff59f4f26724567ba77449e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 02358f
-      Version: 3
-      TBS:
-        MD5: 75ffae38758191312831922d8786a94e
-        SHA1: d134a530fe0e79d599a54543644dd0f05020d64f
-        SHA256: ff5857d0dbbcfcef23ec8aadc7cb4db858d427de94bf380629223fe6429ece19
-        SHA384: c0fea314395e452e7cf6713c28ef5405859078ec210d9110f1f2455754eca38eb516b349731e0499ec74a06c09153924
-    - Subject: C=US, O=Equifax, OU=Equifax Secure Certificate Authority
-      ValidFrom: '2006-05-23 17:01:15'
-      ValidTo: '2016-05-23 17:11:15'
-      Signature: 87a40f6b55916248ff54811ccf5db6c5a514aa671df485f6860d38b31c8d22ce7c867946fb71e16114d0ed4e46a48bca64654094f92ad7870ca9b7bedcc40bbd09c106eb9530841b9d8de7bc70c6f86539c4e5c4e65c8fcda130baef065e555290edd8587f15142ecc21a593dab8508d805e6e22a70fde8093add71d24b02aa2f4f20b98750131cc69bc359b3d13662f21bde54ec3639cc8518d59f5b600937ef10c35b0f4180dbfa7bdb2aae16b9f3ce6bb41b5d904e7c8a63abf8a5bdcaa9a3cd2c8dfcb1774163d78470b4c108e406616a0f300ede034998af0f9460ff27fbf202c972616d59e81da94a6dc61c8f18e092d4e32d03df682267d91d7a6c67bc1311d210ed4a342c1b4dfc0446b4f2aeebb29d62787b0a450ae1a9ab5f996f4ccabe52b3df166e2d5e1c3f0c687b659536638026e6194df1563aa415052f9bb64dc95e05b6c2aacfed6e603c21ff65557fe7e813fcb5a0bc1029cac84e47cd3f4c25a17c312706009ec82e5eccdd0b2106d69868c8da60e0416c57164ebd95bb8b08cfc32427e60846f655b7244272b846181f461d50fd51dbc05a27a5f937f26d1c8b3afa0190723e43e225d32d14a0fcee7b72a5c7b6e1c57126864e8337e8c501340a487b0d3a69b1eacbd3d7812bc52af09e0bab0508e5c81f98383af1482f50a6d035721bb9ac32e66fb04215b0a120fc1c907d63cecabf9a52f90883a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610bdc8f00000000001a
-      Version: 3
-      TBS:
-        MD5: 6e11ed171e9a07e607b8ca65bf0e8858
-        SHA1: 6d329a72420f76868584957854cdc45172e9f902
-        SHA256: 75efb8656a18ba5dacc596757bfb0fa11f0d3d81fd5f8cf9bb8975ced87e7b1b
-        SHA384: c41060ed797c77588692c0b3e36e19cca2d48c354863437f3df76009e25c916e8d2c7e17b297fbc59da085e98d070093
-    Signer:
-    - SerialNumber: 008da900010020ba965fe3dc471ba8
-      Issuer: C=US, OU=GeoTrust TrustCenter CodeSigning CA, O=GeoTrust Inc, CN=GeoTrust
-        TrustCenter CodeSigning CA I
-      Version: 1
-  RichPEHeaderHash:
-    MD5: a75be3527d956e54b71d4d394aceffb9
-    SHA1: e4fb9247c5e978a65b93b199486696a8bc2b9653
-    SHA256: dc2eec05cc1757c2944200b86425c679ef74a3d3ce2c78a7a52d5fa9461264a6
-  Sections:
-    .text:
-      Entropy: 6.3384916014226045
-      Virtual Size: '0x218e'
-    init:
-      Entropy: 5.499913754863658
-      Virtual Size: '0x41a'
-    .rdata:
-      Entropy: 4.27904932893982
-      Virtual Size: '0x2fc'
-    .data:
-      Entropy: 0.3888300330017545
-      Virtual Size: '0x17c'
-    .pdata:
-      Entropy: 3.8505556961502627
-      Virtual Size: '0x12c'
-    INIT:
-      Entropy: 5.1106217019206195
-      Virtual Size: '0x50a'
-    .rsrc:
-      Entropy: 3.409412010935478
-      Virtual Size: '0x728'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2007-11-17 01:40:50'
-  Imphash: 84d45ee8df6f63b5af419d89003a97bc
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: SANDRA
-  MD5: 84b17daba8715089542641990c1ea3c2
-  SHA1: 3059bc49e027a79ff61f0147edbc5cd56ad5fc2d
-  SHA256: 496f4a4021226fb0f1b5f71a7634c84114c29faa308746a12c2414adb6b2a40b
-  Authentihash:
-    MD5: 22eb1c16aae2709fa26bb9da73ab3df8
-    SHA1: deec6cefac2084349127f29ac7ccf26b24458d89
-    SHA256: 18dfe852fade6625862cc963922c1f2389a296af96df11eb7b62bbeddd61e18a
-  Description: Sandra Device Driver (Win64 x64)(Unicode)
-  Company: SiSoftware
-  InternalName: SANDRA
-  OriginalFilename: SANDRA
-  FileVersion: '10.5.1.1 built by: WinDDK'
-  Product: SiSoftware Sandra
-  ProductVersion: 10.5.1.1
-  Copyright: "Copyright \xA9 SiSoftware Ltd 1995-2006. All rights reserved."
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - ZwSetValueKey
-  - NtQueryInformationProcess
-  - ZwClose
-  - MmMapIoSpace
-  - MmUnmapIoSpace
-  - IoQueryDeviceDescription
-  - ZwSetInformationThread
-  - RtlUnicodeStringToAnsiString
-  - IoAllocateMdl
-  - MmBuildMdlForNonPagedPool
-  - MmMapLockedPagesSpecifyCache
-  - MmUnmapLockedPages
-  - IoFreeMdl
-  - ZwCreateKey
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoRegisterShutdownNotification
-  - MmResetDriverPaging
-  - KeAcquireSpinLockRaiseToDpc
-  - KeReleaseSpinLock
-  - IofCompleteRequest
-  - MmPageEntireDriver
-  - IoUnregisterShutdownNotification
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - RtlQueryRegistryValues
-  - KeBugCheckEx
-  - RtlAppendUnicodeToString
-  - IoReportResourceUsage
-  - RtlInitUnicodeString
-  - __C_specific_handler
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  - HalTranslateBusAddress
-  - KeStallExecutionProcessor
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, OU=GeoTrust TrustCenter CodeSigning CA, O=GeoTrust Inc, CN=GeoTrust
-        TrustCenter CodeSigning CA I
-      ValidFrom: '2006-02-01 21:44:28'
-      ValidTo: '2016-01-30 21:44:28'
-      Signature: 65c62c9e0fc5dec5639b6e8341e0d9137104dcd9813151f57eb9930d2ef80ae8c329c0e15e02c935bb2d936ff620702b7af688c0a60133696035618235da87d374289fa4b7c023012a763198473d2bd618173691b6203e8c00876f603252123d15d2a49c00def933f55e980a433ab6af40d8924b85b25701b2c9b09174f7b754
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 05ab96
-      Version: 3
-      TBS:
-        MD5: 861ac2a336eb5977ee1d342b79b3339a
-        SHA1: 172f39bca3dda7c6d5169c96b34a5fe7e96ff0bd
-        SHA256: 4e5f8008413b8bd1daacea968d79051fc84d2fcd76ded06c65fd8d2cf3b4e2e1
-        SHA384: 99b4b343c5b223a1446551c3dd26e2a0dcafe214460c5fcc4f9f12eaca42695ae9adb04fc19eec33f17d1659a0730e95
-    - Subject: C=GB, ST=London, L=London, O=SiSoftware Ltd, OU=Development, OU=GeoTrust
-        Code Signing, CN=SiSoftware Ltd
-      ValidFrom: '2006-08-25 14:34:37'
-      ValidTo: '2009-08-25 14:34:37'
-      Signature: 4c99f17e9f0b78f896f63b6e8169341c47002763232639c5a84b1ca9ce9af913f4fb60a7a35671b1eedbdd3a6f8e25f1976ec8ca8cd430e26df8872f17e846280193959d43d627fe7e1ec7090b0b5d556a343835712f2a89963601f1ada68ec83c674d1314800ccef6cb90950d53488917e8ad20a291bedbe8bdf439d2d7e511510ed93e25efc0c96d47dcebada3c4343a3572e8c54b73d5d9945278129d735147ca201016dd7ae28429501b4fcf0ec713e6a1399dcc6050e3f7ced3c3d470beed59c912a287014097a3cd1b30fed67c26e21a78b1e32f3dc2ddfb118a9208cd030d936f380cecd2c20046f6ce477d1a303a4ff6666b1294702a2d5d0cf3cbc7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 008da900010020ba965fe3dc471ba8
-      Version: 3
-      TBS:
-        MD5: 53874260ddccaab0a480923b0bdb9f87
-        SHA1: 918b8c4efb05da56f1d3d99f99a20eebaca51734
-        SHA256: ba08cbcbf581a6f105512e5ce808655aeb91406ae3565ab1cdee935f19d9c86e
-        SHA384: 2c9c1ef0dce7e30a34e8873394e6142d705ae6eb8c2aa7cafb4ff600f56df44213ad4437ea6771b0d79b79fa31eeda60
-    - Subject: C=US, O=GeoTrust Inc., OU=GeoTrust TrustCenter Timestamp, CN=GeoTrust
-        TrustCenter Authenticode Timestamp I
-      ValidFrom: '2006-02-13 15:40:22'
-      ValidTo: '2016-02-11 15:40:22'
-      Signature: bb64424e3d84a554ba24c4d75f1adbff39b1e0569823903b43d0d95dde4aacb2c13c40d61330b7ba52d48127399813f0c3754d556b0375bcc671348bf7e7e73916ed64ef034ef6a611ad21b3ecc0281f040d8c09aa32d72c99f16216d26e6f387e29504782ab56733ba9e75c53456699b30acfc19840d31d4228274c497f1ab1f9827a2ff19b3b784e48511a2af48c06c09610e337b18d9be9739267b2b45fae47daa2fd8f5b9dbbb85a080a12c025ecd637182df0661ec24020c0303cc7fe64d032590519f908d367c1d5ffa85948d7c1dda9f06fe09acc4e55a625fa3175f41d46ab5c9e35a86b9dfa1bb608e586a0ed95d9fe6ff59f4f26724567ba77449e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 02358f
-      Version: 3
-      TBS:
-        MD5: 75ffae38758191312831922d8786a94e
-        SHA1: d134a530fe0e79d599a54543644dd0f05020d64f
-        SHA256: ff5857d0dbbcfcef23ec8aadc7cb4db858d427de94bf380629223fe6429ece19
-        SHA384: c0fea314395e452e7cf6713c28ef5405859078ec210d9110f1f2455754eca38eb516b349731e0499ec74a06c09153924
-    - Subject: C=US, O=Equifax, OU=Equifax Secure Certificate Authority
-      ValidFrom: '2006-05-23 17:01:15'
-      ValidTo: '2016-05-23 17:11:15'
-      Signature: 87a40f6b55916248ff54811ccf5db6c5a514aa671df485f6860d38b31c8d22ce7c867946fb71e16114d0ed4e46a48bca64654094f92ad7870ca9b7bedcc40bbd09c106eb9530841b9d8de7bc70c6f86539c4e5c4e65c8fcda130baef065e555290edd8587f15142ecc21a593dab8508d805e6e22a70fde8093add71d24b02aa2f4f20b98750131cc69bc359b3d13662f21bde54ec3639cc8518d59f5b600937ef10c35b0f4180dbfa7bdb2aae16b9f3ce6bb41b5d904e7c8a63abf8a5bdcaa9a3cd2c8dfcb1774163d78470b4c108e406616a0f300ede034998af0f9460ff27fbf202c972616d59e81da94a6dc61c8f18e092d4e32d03df682267d91d7a6c67bc1311d210ed4a342c1b4dfc0446b4f2aeebb29d62787b0a450ae1a9ab5f996f4ccabe52b3df166e2d5e1c3f0c687b659536638026e6194df1563aa415052f9bb64dc95e05b6c2aacfed6e603c21ff65557fe7e813fcb5a0bc1029cac84e47cd3f4c25a17c312706009ec82e5eccdd0b2106d69868c8da60e0416c57164ebd95bb8b08cfc32427e60846f655b7244272b846181f461d50fd51dbc05a27a5f937f26d1c8b3afa0190723e43e225d32d14a0fcee7b72a5c7b6e1c57126864e8337e8c501340a487b0d3a69b1eacbd3d7812bc52af09e0bab0508e5c81f98383af1482f50a6d035721bb9ac32e66fb04215b0a120fc1c907d63cecabf9a52f90883a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610bdc8f00000000001a
-      Version: 3
-      TBS:
-        MD5: 6e11ed171e9a07e607b8ca65bf0e8858
-        SHA1: 6d329a72420f76868584957854cdc45172e9f902
-        SHA256: 75efb8656a18ba5dacc596757bfb0fa11f0d3d81fd5f8cf9bb8975ced87e7b1b
-        SHA384: c41060ed797c77588692c0b3e36e19cca2d48c354863437f3df76009e25c916e8d2c7e17b297fbc59da085e98d070093
-    Signer:
-    - SerialNumber: 008da900010020ba965fe3dc471ba8
-      Issuer: C=US, OU=GeoTrust TrustCenter CodeSigning CA, O=GeoTrust Inc, CN=GeoTrust
-        TrustCenter CodeSigning CA I
-      Version: 1
-  RichPEHeaderHash:
-    MD5: a75be3527d956e54b71d4d394aceffb9
-    SHA1: e4fb9247c5e978a65b93b199486696a8bc2b9653
-    SHA256: dc2eec05cc1757c2944200b86425c679ef74a3d3ce2c78a7a52d5fa9461264a6
-  Sections:
-    .text:
-      Entropy: 6.351976267078303
-      Virtual Size: '0x214e'
-    init:
-      Entropy: 5.498116523833083
-      Virtual Size: '0x41a'
-    .rdata:
-      Entropy: 4.285751893718157
-      Virtual Size: '0x2fc'
-    .data:
-      Entropy: 0.3888300330017545
-      Virtual Size: '0x17c'
-    .pdata:
-      Entropy: 3.8481788844096063
-      Virtual Size: '0x12c'
-    INIT:
-      Entropy: 5.098947380745783
-      Virtual Size: '0x50a'
-    .rsrc:
-      Entropy: 3.407283116541433
-      Virtual Size: '0x728'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2007-04-03 05:04:51'
-  Imphash: 4433528b0f664177546dd3e229f0daa5
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: SANDRA
-  MD5: e36f6f7401ae11e11f69d744703914db
-  SHA1: dcdc9b2bc8e79d44846086d0d482cb7c589f09b8
-  SHA256: 881bca6dc2dafe1ae18aeb59216af939a3ac37248c13ed42ad0e1048a3855461
-  Authentihash:
-    MD5: 5ef46421c4cda0345e6d732ae4be93d5
-    SHA1: c021fb8f391cdedb6f152a8eb839464c3770bf5d
-    SHA256: 9ce44d1643bc4d87e5029a4927613035bbd96b4e45a2400aed987396115791f7
-  Description: Sandra Device Driver (Win64 x64)(Unicode)
-  Company: SiSoftware
-  InternalName: SANDRA
-  OriginalFilename: SANDRA
-  FileVersion: '10.3.1.1 built by: WinDDK'
-  Product: SiSoftware Sandra
-  ProductVersion: 10.3.1.1
-  Copyright: "Copyright \xA9 SiSoftware Ltd 1995-2005. All rights reserved."
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - ZwSetValueKey
-  - ZwCreateKey
-  - RtlAppendUnicodeToString
-  - MmMapIoSpace
-  - MmUnmapIoSpace
-  - IoQueryDeviceDescription
-  - ZwSetInformationThread
-  - RtlUnicodeStringToAnsiString
-  - __C_specific_handler
-  - MmMapLockedPagesSpecifyCache
-  - MmBuildMdlForNonPagedPool
-  - IoAllocateMdl
-  - IoFreeMdl
-  - NtQueryInformationProcess
-  - IoReportResourceUsage
-  - IofCompleteRequest
-  - KeReleaseSpinLock
-  - KeAcquireSpinLockRaiseToDpc
-  - MmResetDriverPaging
-  - MmPageEntireDriver
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - IoUnregisterShutdownNotification
-  - RtlQueryRegistryValues
-  - IoRegisterShutdownNotification
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeBugCheckEx
-  - ZwClose
-  - MmUnmapLockedPages
-  - RtlInitUnicodeString
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  - HalTranslateBusAddress
-  - KeStallExecutionProcessor
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=ZA, O=Thawte Consulting (Pty) Ltd., CN=Thawte Code Signing CA
-      ValidFrom: '2003-08-06 00:00:00'
-      ValidTo: '2013-08-05 23:59:59'
-      Signature: 76b29cee139f1bf62d349294457334dc8e6b2e5cfc4c7d89ebc368f1d7990f2e1d17c8b5168bbecd8a0506f219493a035b05c9208e6d52e17681a0c3658a2267e41c53533746bfbcd72feb7b9ed014456c402108e25d757666301ef4df828a2fbdf3a20cbf1ddb9f14a29a72374db07748e84a3f09ce55192cefe60724e1afec
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0a
-      Version: 3
-      TBS:
-        MD5: 6c239df74ade9185bb735cea2298c028
-        SHA1: f6297a00d3b2b4ce4750402b66e7ea018d54f683
-        SHA256: c5e3eebf1434d85e615b06e3c7a4d3c31d10a4fb0ff7a9b262bd41b43a6aaefe
-        SHA384: 48520b9f122b94ccc316982c87d8ebf6ca4fc4e6fd4504c8fcee63b307b5502c403bf0676ef96ca9dc2004a11bbc825b
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: CN=SiSoftware LTD, O=SiSoftware LTD, OU=Secure Application Development,
-        C=UK, ST=London, L=London
-      ValidFrom: '2004-09-23 16:28:04'
-      ValidTo: '2005-09-23 16:28:04'
-      Signature: 2623e3d4f0ca2111695ee2c1493671d554de79106efd8d98928e0890eb65e7da15d2f4c8f739e5fd1ce3e2205327c540b29ad0a901b605a623b2de380e382e4b75b9b41c5b4deb75c974d02c1911fb58851e75b6fc20bb947fca991fc050dee03a914b69345c77aeba2fa02e1b22cd2b75ad2593d9f5caa24550a02db6a3506d
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.4
-      IsCertificateAuthority: false
-      SerialNumber: 3ea278
-      Version: 3
-      TBS:
-        MD5: d1fe7af23616fed8bc3caa7652a5a797
-        SHA1: 2761ec21ac2de20b9341ae80bfb2d7fecbbc82f8
-        SHA256: e1b99e1290c46d85fea0a77eff3976c23b4f50950eea0ad74e69375b6a8d46e1
-        SHA384: 8fc563c827ac41fbde84bebb16f27264dae9c37f874b629b75c62c1b3bf45c06342954994092067e21086e89aecb8bcf
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2008-12-03 23:59:59'
-      Signature: 877870da4e5201205be079c98230c4fdb91996bd9100c3bdcdcdc6f40ed8fff94dc033623011c5f5741bd492de5f9c2013b17c45be50cd83e7801783a72793671346fbcab8984103cc9b515b058b7fa86ff31b501b242ef2698d6c22f7bbca1695ed0c74c06877d9eb996287c17390f889747a23aba3987b97b1f78f29714d2e751b4841daf0b50d2054d677a097826369fd09cf8af075bb099bd9f91155269a6132be7a02b07b86bea2c38b222c78d13576bc92735cf9b9e64c150a23cce4d2d4342e4940153c0f607a24c6a566ef96cf70eb3ee7f40d7edcd17ca3767169c19c4f47303521b1a2af1a623c2bd98eaa2a077bd818b35c7be29da56ffe3c89ad
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0de92bf0d4d82988183205095e9a7688
-      Version: 3
-      TBS:
-        MD5: 45c204b8a20f6abb0188d2d38a3fb0c9
-        SHA1: cdf3a3c5c2eda4c29621f30fd3154f9f8c765739
-        SHA256: e32839dddc0f4ed2474efaf37f59d46db400c700fd19533cb0895a111124bc77
-        SHA384: ee9c75832cb252218b3201619852209df490d2ef7a5f7a28afdb37f1c1dd56f4604898838e558f615b1c798d4a488223
-    Signer:
-    - SerialNumber: 3ea278
-      Issuer: C=ZA, O=Thawte Consulting (Pty) Ltd., CN=Thawte Code Signing CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 0b1badd16412378c5f8ce453dcf5b205
-    SHA1: 19668d93884235c4796380d0c30e258e7398f4be
-    SHA256: 804579d970fb87472c50f30d7e3efd218c63a6a867a351f8668f3e4c46e5e8f3
-  Sections:
-    .text:
-      Entropy: 6.190485449062566
-      Virtual Size: '0x286a'
-    init:
-      Entropy: 5.285282898206711
-      Virtual Size: '0x3de'
-    .rdata:
-      Entropy: 4.408132636607159
-      Virtual Size: '0x3f4'
-    .data:
-      Entropy: 0.4975521352521052
-      Virtual Size: '0x11c'
-    .pdata:
-      Entropy: 3.945553175339081
-      Virtual Size: '0x1b0'
-    INIT:
-      Entropy: 5.079681736051613
-      Virtual Size: '0x512'
-    .rsrc:
-      Entropy: 3.4089999544386638
-      Virtual Size: '0x728'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2005-08-12 18:05:15'
-  Imphash: e2306e26abfd90a5ce4dad0e266b3905
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: SANDRA
-  MD5: 1610342659cb8eb4a0361dbc047a2221
-  SHA1: 8d0f33d073720597164f7321603578cd13346d1f
-  SHA256: b019ebd77ac19cdd72bba3318032752649bd56a7576723a8ae1cccd70ee1e61a
-  Authentihash:
-    MD5: 04ef6182073a4cbc8a606a4480093e0c
-    SHA1: 3c722e2822e0af72d3f868fffb8e5b884e502254
-    SHA256: 68dca726b16c56c70259c8f936ec20adb9ecb8c3cc73985083f41358c83935f4
-  Description: Sandra Device Driver (Win32 x86)(Unicode)
-  Company: SiSoftware
-  InternalName: SANDRA
-  OriginalFilename: SANDRA
-  FileVersion: '10.7.1.1 built by: WinDDK'
-  Product: SiSoftware Sandra
-  ProductVersion: 10.7.1.1
-  Copyright: "Copyright \xA9 SiSoftware Ltd 1995-2007. All rights reserved."
-  MachineType: I386
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - READ_REGISTER_USHORT
-  - READ_REGISTER_ULONG
-  - IoQueryDeviceDescription
-  - ZwSetInformationThread
-  - RtlUnicodeStringToAnsiString
-  - MmMapLockedPagesSpecifyCache
-  - MmBuildMdlForNonPagedPool
-  - IoAllocateMdl
-  - IoFreeMdl
-  - MmUnmapLockedPages
-  - IoReportResourceUsage
-  - READ_REGISTER_UCHAR
-  - MmResetDriverPaging
-  - MmPageEntireDriver
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - IoUnregisterShutdownNotification
-  - RtlQueryRegistryValues
-  - IoRegisterShutdownNotification
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeTickCount
-  - KeBugCheckEx
-  - RtlUnwind
-  - WRITE_REGISTER_ULONG
-  - WRITE_REGISTER_USHORT
-  - WRITE_REGISTER_UCHAR
-  - memset
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - RtlAppendUnicodeToString
-  - ZwCreateKey
-  - ZwSetValueKey
-  - NtQueryInformationProcess
-  - ZwClose
-  - IofCompleteRequest
-  - RtlInitUnicodeString
-  - KfReleaseSpinLock
-  - HalGetInterruptVector
-  - KeStallExecutionProcessor
-  - KeRaiseIrqlToDpcLevel
-  - KfLowerIrql
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  - WRITE_PORT_ULONG
-  - WRITE_PORT_USHORT
-  - WRITE_PORT_UCHAR
-  - READ_PORT_ULONG
-  - READ_PORT_USHORT
-  - READ_PORT_UCHAR
-  - HalTranslateBusAddress
-  - KfAcquireSpinLock
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, OU=GeoTrust TrustCenter CodeSigning CA, O=GeoTrust Inc, CN=GeoTrust
-        TrustCenter CodeSigning CA I
-      ValidFrom: '2006-02-01 21:44:28'
-      ValidTo: '2016-01-30 21:44:28'
-      Signature: 65c62c9e0fc5dec5639b6e8341e0d9137104dcd9813151f57eb9930d2ef80ae8c329c0e15e02c935bb2d936ff620702b7af688c0a60133696035618235da87d374289fa4b7c023012a763198473d2bd618173691b6203e8c00876f603252123d15d2a49c00def933f55e980a433ab6af40d8924b85b25701b2c9b09174f7b754
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 05ab96
-      Version: 3
-      TBS:
-        MD5: 861ac2a336eb5977ee1d342b79b3339a
-        SHA1: 172f39bca3dda7c6d5169c96b34a5fe7e96ff0bd
-        SHA256: 4e5f8008413b8bd1daacea968d79051fc84d2fcd76ded06c65fd8d2cf3b4e2e1
-        SHA384: 99b4b343c5b223a1446551c3dd26e2a0dcafe214460c5fcc4f9f12eaca42695ae9adb04fc19eec33f17d1659a0730e95
-    - Subject: C=GB, ST=London, L=London, O=SiSoftware Ltd, OU=Development, OU=GeoTrust
-        Code Signing, CN=SiSoftware Ltd
-      ValidFrom: '2006-08-25 14:34:37'
-      ValidTo: '2009-08-25 14:34:37'
-      Signature: 4c99f17e9f0b78f896f63b6e8169341c47002763232639c5a84b1ca9ce9af913f4fb60a7a35671b1eedbdd3a6f8e25f1976ec8ca8cd430e26df8872f17e846280193959d43d627fe7e1ec7090b0b5d556a343835712f2a89963601f1ada68ec83c674d1314800ccef6cb90950d53488917e8ad20a291bedbe8bdf439d2d7e511510ed93e25efc0c96d47dcebada3c4343a3572e8c54b73d5d9945278129d735147ca201016dd7ae28429501b4fcf0ec713e6a1399dcc6050e3f7ced3c3d470beed59c912a287014097a3cd1b30fed67c26e21a78b1e32f3dc2ddfb118a9208cd030d936f380cecd2c20046f6ce477d1a303a4ff6666b1294702a2d5d0cf3cbc7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 008da900010020ba965fe3dc471ba8
-      Version: 3
-      TBS:
-        MD5: 53874260ddccaab0a480923b0bdb9f87
-        SHA1: 918b8c4efb05da56f1d3d99f99a20eebaca51734
-        SHA256: ba08cbcbf581a6f105512e5ce808655aeb91406ae3565ab1cdee935f19d9c86e
-        SHA384: 2c9c1ef0dce7e30a34e8873394e6142d705ae6eb8c2aa7cafb4ff600f56df44213ad4437ea6771b0d79b79fa31eeda60
-    - Subject: C=US, O=GeoTrust Inc., OU=GeoTrust TrustCenter Timestamp, CN=GeoTrust
-        TrustCenter Authenticode Timestamp I
-      ValidFrom: '2006-02-13 15:40:22'
-      ValidTo: '2016-02-11 15:40:22'
-      Signature: bb64424e3d84a554ba24c4d75f1adbff39b1e0569823903b43d0d95dde4aacb2c13c40d61330b7ba52d48127399813f0c3754d556b0375bcc671348bf7e7e73916ed64ef034ef6a611ad21b3ecc0281f040d8c09aa32d72c99f16216d26e6f387e29504782ab56733ba9e75c53456699b30acfc19840d31d4228274c497f1ab1f9827a2ff19b3b784e48511a2af48c06c09610e337b18d9be9739267b2b45fae47daa2fd8f5b9dbbb85a080a12c025ecd637182df0661ec24020c0303cc7fe64d032590519f908d367c1d5ffa85948d7c1dda9f06fe09acc4e55a625fa3175f41d46ab5c9e35a86b9dfa1bb608e586a0ed95d9fe6ff59f4f26724567ba77449e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 02358f
-      Version: 3
-      TBS:
-        MD5: 75ffae38758191312831922d8786a94e
-        SHA1: d134a530fe0e79d599a54543644dd0f05020d64f
-        SHA256: ff5857d0dbbcfcef23ec8aadc7cb4db858d427de94bf380629223fe6429ece19
-        SHA384: c0fea314395e452e7cf6713c28ef5405859078ec210d9110f1f2455754eca38eb516b349731e0499ec74a06c09153924
-    - Subject: C=US, O=Equifax, OU=Equifax Secure Certificate Authority
-      ValidFrom: '2006-05-23 17:01:15'
-      ValidTo: '2016-05-23 17:11:15'
-      Signature: 87a40f6b55916248ff54811ccf5db6c5a514aa671df485f6860d38b31c8d22ce7c867946fb71e16114d0ed4e46a48bca64654094f92ad7870ca9b7bedcc40bbd09c106eb9530841b9d8de7bc70c6f86539c4e5c4e65c8fcda130baef065e555290edd8587f15142ecc21a593dab8508d805e6e22a70fde8093add71d24b02aa2f4f20b98750131cc69bc359b3d13662f21bde54ec3639cc8518d59f5b600937ef10c35b0f4180dbfa7bdb2aae16b9f3ce6bb41b5d904e7c8a63abf8a5bdcaa9a3cd2c8dfcb1774163d78470b4c108e406616a0f300ede034998af0f9460ff27fbf202c972616d59e81da94a6dc61c8f18e092d4e32d03df682267d91d7a6c67bc1311d210ed4a342c1b4dfc0446b4f2aeebb29d62787b0a450ae1a9ab5f996f4ccabe52b3df166e2d5e1c3f0c687b659536638026e6194df1563aa415052f9bb64dc95e05b6c2aacfed6e603c21ff65557fe7e813fcb5a0bc1029cac84e47cd3f4c25a17c312706009ec82e5eccdd0b2106d69868c8da60e0416c57164ebd95bb8b08cfc32427e60846f655b7244272b846181f461d50fd51dbc05a27a5f937f26d1c8b3afa0190723e43e225d32d14a0fcee7b72a5c7b6e1c57126864e8337e8c501340a487b0d3a69b1eacbd3d7812bc52af09e0bab0508e5c81f98383af1482f50a6d035721bb9ac32e66fb04215b0a120fc1c907d63cecabf9a52f90883a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610bdc8f00000000001a
-      Version: 3
-      TBS:
-        MD5: 6e11ed171e9a07e607b8ca65bf0e8858
-        SHA1: 6d329a72420f76868584957854cdc45172e9f902
-        SHA256: 75efb8656a18ba5dacc596757bfb0fa11f0d3d81fd5f8cf9bb8975ced87e7b1b
-        SHA384: c41060ed797c77588692c0b3e36e19cca2d48c354863437f3df76009e25c916e8d2c7e17b297fbc59da085e98d070093
-    Signer:
-    - SerialNumber: 008da900010020ba965fe3dc471ba8
-      Issuer: C=US, OU=GeoTrust TrustCenter CodeSigning CA, O=GeoTrust Inc, CN=GeoTrust
-        TrustCenter CodeSigning CA I
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 52643c3d20d3fd32c519cfdfaf5ab05a
-    SHA1: e8fc62f39e14b51bedb5f90e71bbcac953db38b8
-    SHA256: 864428cfc9203c13d0686b0901405b673d89d407cfd96a209e897867863ec444
-  Sections:
-    .text:
-      Entropy: 6.318955615333831
-      Virtual Size: '0x211c'
-    init:
-      Entropy: 5.54824616562491
-      Virtual Size: '0x2ea'
-    .rdata:
-      Entropy: 3.818463965333731
-      Virtual Size: '0x1b4'
-    .data:
-      Entropy: 0.7502511536537395
-      Virtual Size: '0x84'
-    INIT:
-      Entropy: 5.487578401110144
-      Virtual Size: '0x5de'
-    .rsrc:
-      Entropy: 3.411024793928045
-      Virtual Size: '0x728'
-    .reloc:
-      Entropy: 5.014225498795592
-      Virtual Size: '0x24c'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2007-11-17 01:40:29'
-  Imphash: 8e96d1a56746c6f6f30f1a0963ce2f26
-  LoadsDespiteHVCI: 'FALSE'
-Tags:
-- SANDRA.sys
+-   Filename: SANDRA
+    MD5: c842827d4704a5ef53a809463254e1cc
+    SHA1: 09c567b8dd7c7f93884c2e6b71a7149fc0a7a1b5
+    SHA256: 3e274df646f191d2705c0beaa35eeea84808593c3b333809f13632782e27ad75
+    Authentihash:
+        MD5: e4c579f7ebcf89c4f5790a584eb5af4c
+        SHA1: 6cec31c2fa78387a8d4d06934ac370033dd24ade
+        SHA256: 959860cea7a720811a960e28e0318c470948d96ab3ba3312d20fea0f24bc0979
+    Description: Sandra Device Driver (Win64 x64)(Unicode)
+    Company: SiSoftware
+    InternalName: SANDRA
+    OriginalFilename: SANDRA
+    FileVersion: '10.7.1.1 built by: WinDDK'
+    Product: SiSoftware Sandra
+    ProductVersion: 10.7.1.1
+    Copyright: "Copyright \xA9 SiSoftware Ltd 1995-2007. All rights reserved."
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - ZwSetValueKey
+    - NtQueryInformationProcess
+    - ZwClose
+    - MmMapIoSpace
+    - MmUnmapIoSpace
+    - IoQueryDeviceDescription
+    - ZwSetInformationThread
+    - RtlUnicodeStringToAnsiString
+    - MmMapLockedPagesSpecifyCache
+    - MmUnmapLockedPages
+    - IoFreeMdl
+    - IoAllocateMdl
+    - MmBuildMdlForNonPagedPool
+    - ZwCreateKey
+    - IoRegisterShutdownNotification
+    - MmResetDriverPaging
+    - KeAcquireSpinLockRaiseToDpc
+    - KeReleaseSpinLock
+    - IofCompleteRequest
+    - MmPageEntireDriver
+    - IoUnregisterShutdownNotification
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - RtlQueryRegistryValues
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - KeBugCheckEx
+    - RtlAppendUnicodeToString
+    - IoReportResourceUsage
+    - RtlInitUnicodeString
+    - __C_specific_handler
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    - HalTranslateBusAddress
+    - KeStallExecutionProcessor
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, OU=GeoTrust TrustCenter CodeSigning CA, O=GeoTrust Inc,
+                CN=GeoTrust TrustCenter CodeSigning CA I
+            ValidFrom: '2006-02-01 21:44:28'
+            ValidTo: '2016-01-30 21:44:28'
+            Signature: 65c62c9e0fc5dec5639b6e8341e0d9137104dcd9813151f57eb9930d2ef80ae8c329c0e15e02c935bb2d936ff620702b7af688c0a60133696035618235da87d374289fa4b7c023012a763198473d2bd618173691b6203e8c00876f603252123d15d2a49c00def933f55e980a433ab6af40d8924b85b25701b2c9b09174f7b754
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 05ab96
+            Version: 3
+            TBS:
+                MD5: 861ac2a336eb5977ee1d342b79b3339a
+                SHA1: 172f39bca3dda7c6d5169c96b34a5fe7e96ff0bd
+                SHA256: 4e5f8008413b8bd1daacea968d79051fc84d2fcd76ded06c65fd8d2cf3b4e2e1
+                SHA384: 99b4b343c5b223a1446551c3dd26e2a0dcafe214460c5fcc4f9f12eaca42695ae9adb04fc19eec33f17d1659a0730e95
+        -   Subject: C=GB, ST=London, L=London, O=SiSoftware Ltd, OU=Development,
+                OU=GeoTrust Code Signing, CN=SiSoftware Ltd
+            ValidFrom: '2006-08-25 14:34:37'
+            ValidTo: '2009-08-25 14:34:37'
+            Signature: 4c99f17e9f0b78f896f63b6e8169341c47002763232639c5a84b1ca9ce9af913f4fb60a7a35671b1eedbdd3a6f8e25f1976ec8ca8cd430e26df8872f17e846280193959d43d627fe7e1ec7090b0b5d556a343835712f2a89963601f1ada68ec83c674d1314800ccef6cb90950d53488917e8ad20a291bedbe8bdf439d2d7e511510ed93e25efc0c96d47dcebada3c4343a3572e8c54b73d5d9945278129d735147ca201016dd7ae28429501b4fcf0ec713e6a1399dcc6050e3f7ced3c3d470beed59c912a287014097a3cd1b30fed67c26e21a78b1e32f3dc2ddfb118a9208cd030d936f380cecd2c20046f6ce477d1a303a4ff6666b1294702a2d5d0cf3cbc7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 008da900010020ba965fe3dc471ba8
+            Version: 3
+            TBS:
+                MD5: 53874260ddccaab0a480923b0bdb9f87
+                SHA1: 918b8c4efb05da56f1d3d99f99a20eebaca51734
+                SHA256: ba08cbcbf581a6f105512e5ce808655aeb91406ae3565ab1cdee935f19d9c86e
+                SHA384: 2c9c1ef0dce7e30a34e8873394e6142d705ae6eb8c2aa7cafb4ff600f56df44213ad4437ea6771b0d79b79fa31eeda60
+        -   Subject: C=US, O=GeoTrust Inc., OU=GeoTrust TrustCenter Timestamp, CN=GeoTrust
+                TrustCenter Authenticode Timestamp I
+            ValidFrom: '2006-02-13 15:40:22'
+            ValidTo: '2016-02-11 15:40:22'
+            Signature: bb64424e3d84a554ba24c4d75f1adbff39b1e0569823903b43d0d95dde4aacb2c13c40d61330b7ba52d48127399813f0c3754d556b0375bcc671348bf7e7e73916ed64ef034ef6a611ad21b3ecc0281f040d8c09aa32d72c99f16216d26e6f387e29504782ab56733ba9e75c53456699b30acfc19840d31d4228274c497f1ab1f9827a2ff19b3b784e48511a2af48c06c09610e337b18d9be9739267b2b45fae47daa2fd8f5b9dbbb85a080a12c025ecd637182df0661ec24020c0303cc7fe64d032590519f908d367c1d5ffa85948d7c1dda9f06fe09acc4e55a625fa3175f41d46ab5c9e35a86b9dfa1bb608e586a0ed95d9fe6ff59f4f26724567ba77449e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 02358f
+            Version: 3
+            TBS:
+                MD5: 75ffae38758191312831922d8786a94e
+                SHA1: d134a530fe0e79d599a54543644dd0f05020d64f
+                SHA256: ff5857d0dbbcfcef23ec8aadc7cb4db858d427de94bf380629223fe6429ece19
+                SHA384: c0fea314395e452e7cf6713c28ef5405859078ec210d9110f1f2455754eca38eb516b349731e0499ec74a06c09153924
+        -   Subject: C=US, O=Equifax, OU=Equifax Secure Certificate Authority
+            ValidFrom: '2006-05-23 17:01:15'
+            ValidTo: '2016-05-23 17:11:15'
+            Signature: 87a40f6b55916248ff54811ccf5db6c5a514aa671df485f6860d38b31c8d22ce7c867946fb71e16114d0ed4e46a48bca64654094f92ad7870ca9b7bedcc40bbd09c106eb9530841b9d8de7bc70c6f86539c4e5c4e65c8fcda130baef065e555290edd8587f15142ecc21a593dab8508d805e6e22a70fde8093add71d24b02aa2f4f20b98750131cc69bc359b3d13662f21bde54ec3639cc8518d59f5b600937ef10c35b0f4180dbfa7bdb2aae16b9f3ce6bb41b5d904e7c8a63abf8a5bdcaa9a3cd2c8dfcb1774163d78470b4c108e406616a0f300ede034998af0f9460ff27fbf202c972616d59e81da94a6dc61c8f18e092d4e32d03df682267d91d7a6c67bc1311d210ed4a342c1b4dfc0446b4f2aeebb29d62787b0a450ae1a9ab5f996f4ccabe52b3df166e2d5e1c3f0c687b659536638026e6194df1563aa415052f9bb64dc95e05b6c2aacfed6e603c21ff65557fe7e813fcb5a0bc1029cac84e47cd3f4c25a17c312706009ec82e5eccdd0b2106d69868c8da60e0416c57164ebd95bb8b08cfc32427e60846f655b7244272b846181f461d50fd51dbc05a27a5f937f26d1c8b3afa0190723e43e225d32d14a0fcee7b72a5c7b6e1c57126864e8337e8c501340a487b0d3a69b1eacbd3d7812bc52af09e0bab0508e5c81f98383af1482f50a6d035721bb9ac32e66fb04215b0a120fc1c907d63cecabf9a52f90883a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610bdc8f00000000001a
+            Version: 3
+            TBS:
+                MD5: 6e11ed171e9a07e607b8ca65bf0e8858
+                SHA1: 6d329a72420f76868584957854cdc45172e9f902
+                SHA256: 75efb8656a18ba5dacc596757bfb0fa11f0d3d81fd5f8cf9bb8975ced87e7b1b
+                SHA384: c41060ed797c77588692c0b3e36e19cca2d48c354863437f3df76009e25c916e8d2c7e17b297fbc59da085e98d070093
+        Signer:
+        -   SerialNumber: 008da900010020ba965fe3dc471ba8
+            Issuer: C=US, OU=GeoTrust TrustCenter CodeSigning CA, O=GeoTrust Inc,
+                CN=GeoTrust TrustCenter CodeSigning CA I
+            Version: 1
+    RichPEHeaderHash:
+        MD5: a75be3527d956e54b71d4d394aceffb9
+        SHA1: e4fb9247c5e978a65b93b199486696a8bc2b9653
+        SHA256: dc2eec05cc1757c2944200b86425c679ef74a3d3ce2c78a7a52d5fa9461264a6
+    Sections:
+        .text:
+            Entropy: 6.3384916014226045
+            Virtual Size: '0x218e'
+        init:
+            Entropy: 5.499913754863658
+            Virtual Size: '0x41a'
+        .rdata:
+            Entropy: 4.27904932893982
+            Virtual Size: '0x2fc'
+        .data:
+            Entropy: 0.3888300330017545
+            Virtual Size: '0x17c'
+        .pdata:
+            Entropy: 3.8505556961502627
+            Virtual Size: '0x12c'
+        INIT:
+            Entropy: 5.1106217019206195
+            Virtual Size: '0x50a'
+        .rsrc:
+            Entropy: 3.409412010935478
+            Virtual Size: '0x728'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2007-11-17 01:40:50'
+    Imphash: 84d45ee8df6f63b5af419d89003a97bc
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: SANDRA
+    MD5: 84b17daba8715089542641990c1ea3c2
+    SHA1: 3059bc49e027a79ff61f0147edbc5cd56ad5fc2d
+    SHA256: 496f4a4021226fb0f1b5f71a7634c84114c29faa308746a12c2414adb6b2a40b
+    Authentihash:
+        MD5: 22eb1c16aae2709fa26bb9da73ab3df8
+        SHA1: deec6cefac2084349127f29ac7ccf26b24458d89
+        SHA256: 18dfe852fade6625862cc963922c1f2389a296af96df11eb7b62bbeddd61e18a
+    Description: Sandra Device Driver (Win64 x64)(Unicode)
+    Company: SiSoftware
+    InternalName: SANDRA
+    OriginalFilename: SANDRA
+    FileVersion: '10.5.1.1 built by: WinDDK'
+    Product: SiSoftware Sandra
+    ProductVersion: 10.5.1.1
+    Copyright: "Copyright \xA9 SiSoftware Ltd 1995-2006. All rights reserved."
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - ZwSetValueKey
+    - NtQueryInformationProcess
+    - ZwClose
+    - MmMapIoSpace
+    - MmUnmapIoSpace
+    - IoQueryDeviceDescription
+    - ZwSetInformationThread
+    - RtlUnicodeStringToAnsiString
+    - IoAllocateMdl
+    - MmBuildMdlForNonPagedPool
+    - MmMapLockedPagesSpecifyCache
+    - MmUnmapLockedPages
+    - IoFreeMdl
+    - ZwCreateKey
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoRegisterShutdownNotification
+    - MmResetDriverPaging
+    - KeAcquireSpinLockRaiseToDpc
+    - KeReleaseSpinLock
+    - IofCompleteRequest
+    - MmPageEntireDriver
+    - IoUnregisterShutdownNotification
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - RtlQueryRegistryValues
+    - KeBugCheckEx
+    - RtlAppendUnicodeToString
+    - IoReportResourceUsage
+    - RtlInitUnicodeString
+    - __C_specific_handler
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    - HalTranslateBusAddress
+    - KeStallExecutionProcessor
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, OU=GeoTrust TrustCenter CodeSigning CA, O=GeoTrust Inc,
+                CN=GeoTrust TrustCenter CodeSigning CA I
+            ValidFrom: '2006-02-01 21:44:28'
+            ValidTo: '2016-01-30 21:44:28'
+            Signature: 65c62c9e0fc5dec5639b6e8341e0d9137104dcd9813151f57eb9930d2ef80ae8c329c0e15e02c935bb2d936ff620702b7af688c0a60133696035618235da87d374289fa4b7c023012a763198473d2bd618173691b6203e8c00876f603252123d15d2a49c00def933f55e980a433ab6af40d8924b85b25701b2c9b09174f7b754
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 05ab96
+            Version: 3
+            TBS:
+                MD5: 861ac2a336eb5977ee1d342b79b3339a
+                SHA1: 172f39bca3dda7c6d5169c96b34a5fe7e96ff0bd
+                SHA256: 4e5f8008413b8bd1daacea968d79051fc84d2fcd76ded06c65fd8d2cf3b4e2e1
+                SHA384: 99b4b343c5b223a1446551c3dd26e2a0dcafe214460c5fcc4f9f12eaca42695ae9adb04fc19eec33f17d1659a0730e95
+        -   Subject: C=GB, ST=London, L=London, O=SiSoftware Ltd, OU=Development,
+                OU=GeoTrust Code Signing, CN=SiSoftware Ltd
+            ValidFrom: '2006-08-25 14:34:37'
+            ValidTo: '2009-08-25 14:34:37'
+            Signature: 4c99f17e9f0b78f896f63b6e8169341c47002763232639c5a84b1ca9ce9af913f4fb60a7a35671b1eedbdd3a6f8e25f1976ec8ca8cd430e26df8872f17e846280193959d43d627fe7e1ec7090b0b5d556a343835712f2a89963601f1ada68ec83c674d1314800ccef6cb90950d53488917e8ad20a291bedbe8bdf439d2d7e511510ed93e25efc0c96d47dcebada3c4343a3572e8c54b73d5d9945278129d735147ca201016dd7ae28429501b4fcf0ec713e6a1399dcc6050e3f7ced3c3d470beed59c912a287014097a3cd1b30fed67c26e21a78b1e32f3dc2ddfb118a9208cd030d936f380cecd2c20046f6ce477d1a303a4ff6666b1294702a2d5d0cf3cbc7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 008da900010020ba965fe3dc471ba8
+            Version: 3
+            TBS:
+                MD5: 53874260ddccaab0a480923b0bdb9f87
+                SHA1: 918b8c4efb05da56f1d3d99f99a20eebaca51734
+                SHA256: ba08cbcbf581a6f105512e5ce808655aeb91406ae3565ab1cdee935f19d9c86e
+                SHA384: 2c9c1ef0dce7e30a34e8873394e6142d705ae6eb8c2aa7cafb4ff600f56df44213ad4437ea6771b0d79b79fa31eeda60
+        -   Subject: C=US, O=GeoTrust Inc., OU=GeoTrust TrustCenter Timestamp, CN=GeoTrust
+                TrustCenter Authenticode Timestamp I
+            ValidFrom: '2006-02-13 15:40:22'
+            ValidTo: '2016-02-11 15:40:22'
+            Signature: bb64424e3d84a554ba24c4d75f1adbff39b1e0569823903b43d0d95dde4aacb2c13c40d61330b7ba52d48127399813f0c3754d556b0375bcc671348bf7e7e73916ed64ef034ef6a611ad21b3ecc0281f040d8c09aa32d72c99f16216d26e6f387e29504782ab56733ba9e75c53456699b30acfc19840d31d4228274c497f1ab1f9827a2ff19b3b784e48511a2af48c06c09610e337b18d9be9739267b2b45fae47daa2fd8f5b9dbbb85a080a12c025ecd637182df0661ec24020c0303cc7fe64d032590519f908d367c1d5ffa85948d7c1dda9f06fe09acc4e55a625fa3175f41d46ab5c9e35a86b9dfa1bb608e586a0ed95d9fe6ff59f4f26724567ba77449e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 02358f
+            Version: 3
+            TBS:
+                MD5: 75ffae38758191312831922d8786a94e
+                SHA1: d134a530fe0e79d599a54543644dd0f05020d64f
+                SHA256: ff5857d0dbbcfcef23ec8aadc7cb4db858d427de94bf380629223fe6429ece19
+                SHA384: c0fea314395e452e7cf6713c28ef5405859078ec210d9110f1f2455754eca38eb516b349731e0499ec74a06c09153924
+        -   Subject: C=US, O=Equifax, OU=Equifax Secure Certificate Authority
+            ValidFrom: '2006-05-23 17:01:15'
+            ValidTo: '2016-05-23 17:11:15'
+            Signature: 87a40f6b55916248ff54811ccf5db6c5a514aa671df485f6860d38b31c8d22ce7c867946fb71e16114d0ed4e46a48bca64654094f92ad7870ca9b7bedcc40bbd09c106eb9530841b9d8de7bc70c6f86539c4e5c4e65c8fcda130baef065e555290edd8587f15142ecc21a593dab8508d805e6e22a70fde8093add71d24b02aa2f4f20b98750131cc69bc359b3d13662f21bde54ec3639cc8518d59f5b600937ef10c35b0f4180dbfa7bdb2aae16b9f3ce6bb41b5d904e7c8a63abf8a5bdcaa9a3cd2c8dfcb1774163d78470b4c108e406616a0f300ede034998af0f9460ff27fbf202c972616d59e81da94a6dc61c8f18e092d4e32d03df682267d91d7a6c67bc1311d210ed4a342c1b4dfc0446b4f2aeebb29d62787b0a450ae1a9ab5f996f4ccabe52b3df166e2d5e1c3f0c687b659536638026e6194df1563aa415052f9bb64dc95e05b6c2aacfed6e603c21ff65557fe7e813fcb5a0bc1029cac84e47cd3f4c25a17c312706009ec82e5eccdd0b2106d69868c8da60e0416c57164ebd95bb8b08cfc32427e60846f655b7244272b846181f461d50fd51dbc05a27a5f937f26d1c8b3afa0190723e43e225d32d14a0fcee7b72a5c7b6e1c57126864e8337e8c501340a487b0d3a69b1eacbd3d7812bc52af09e0bab0508e5c81f98383af1482f50a6d035721bb9ac32e66fb04215b0a120fc1c907d63cecabf9a52f90883a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610bdc8f00000000001a
+            Version: 3
+            TBS:
+                MD5: 6e11ed171e9a07e607b8ca65bf0e8858
+                SHA1: 6d329a72420f76868584957854cdc45172e9f902
+                SHA256: 75efb8656a18ba5dacc596757bfb0fa11f0d3d81fd5f8cf9bb8975ced87e7b1b
+                SHA384: c41060ed797c77588692c0b3e36e19cca2d48c354863437f3df76009e25c916e8d2c7e17b297fbc59da085e98d070093
+        Signer:
+        -   SerialNumber: 008da900010020ba965fe3dc471ba8
+            Issuer: C=US, OU=GeoTrust TrustCenter CodeSigning CA, O=GeoTrust Inc,
+                CN=GeoTrust TrustCenter CodeSigning CA I
+            Version: 1
+    RichPEHeaderHash:
+        MD5: a75be3527d956e54b71d4d394aceffb9
+        SHA1: e4fb9247c5e978a65b93b199486696a8bc2b9653
+        SHA256: dc2eec05cc1757c2944200b86425c679ef74a3d3ce2c78a7a52d5fa9461264a6
+    Sections:
+        .text:
+            Entropy: 6.351976267078303
+            Virtual Size: '0x214e'
+        init:
+            Entropy: 5.498116523833083
+            Virtual Size: '0x41a'
+        .rdata:
+            Entropy: 4.285751893718157
+            Virtual Size: '0x2fc'
+        .data:
+            Entropy: 0.3888300330017545
+            Virtual Size: '0x17c'
+        .pdata:
+            Entropy: 3.8481788844096063
+            Virtual Size: '0x12c'
+        INIT:
+            Entropy: 5.098947380745783
+            Virtual Size: '0x50a'
+        .rsrc:
+            Entropy: 3.407283116541433
+            Virtual Size: '0x728'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2007-04-03 05:04:51'
+    Imphash: 4433528b0f664177546dd3e229f0daa5
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: SANDRA
+    MD5: e36f6f7401ae11e11f69d744703914db
+    SHA1: dcdc9b2bc8e79d44846086d0d482cb7c589f09b8
+    SHA256: 881bca6dc2dafe1ae18aeb59216af939a3ac37248c13ed42ad0e1048a3855461
+    Authentihash:
+        MD5: 5ef46421c4cda0345e6d732ae4be93d5
+        SHA1: c021fb8f391cdedb6f152a8eb839464c3770bf5d
+        SHA256: 9ce44d1643bc4d87e5029a4927613035bbd96b4e45a2400aed987396115791f7
+    Description: Sandra Device Driver (Win64 x64)(Unicode)
+    Company: SiSoftware
+    InternalName: SANDRA
+    OriginalFilename: SANDRA
+    FileVersion: '10.3.1.1 built by: WinDDK'
+    Product: SiSoftware Sandra
+    ProductVersion: 10.3.1.1
+    Copyright: "Copyright \xA9 SiSoftware Ltd 1995-2005. All rights reserved."
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - ZwSetValueKey
+    - ZwCreateKey
+    - RtlAppendUnicodeToString
+    - MmMapIoSpace
+    - MmUnmapIoSpace
+    - IoQueryDeviceDescription
+    - ZwSetInformationThread
+    - RtlUnicodeStringToAnsiString
+    - __C_specific_handler
+    - MmMapLockedPagesSpecifyCache
+    - MmBuildMdlForNonPagedPool
+    - IoAllocateMdl
+    - IoFreeMdl
+    - NtQueryInformationProcess
+    - IoReportResourceUsage
+    - IofCompleteRequest
+    - KeReleaseSpinLock
+    - KeAcquireSpinLockRaiseToDpc
+    - MmResetDriverPaging
+    - MmPageEntireDriver
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - IoUnregisterShutdownNotification
+    - RtlQueryRegistryValues
+    - IoRegisterShutdownNotification
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeBugCheckEx
+    - ZwClose
+    - MmUnmapLockedPages
+    - RtlInitUnicodeString
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    - HalTranslateBusAddress
+    - KeStallExecutionProcessor
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=ZA, O=Thawte Consulting (Pty) Ltd., CN=Thawte Code Signing
+                CA
+            ValidFrom: '2003-08-06 00:00:00'
+            ValidTo: '2013-08-05 23:59:59'
+            Signature: 76b29cee139f1bf62d349294457334dc8e6b2e5cfc4c7d89ebc368f1d7990f2e1d17c8b5168bbecd8a0506f219493a035b05c9208e6d52e17681a0c3658a2267e41c53533746bfbcd72feb7b9ed014456c402108e25d757666301ef4df828a2fbdf3a20cbf1ddb9f14a29a72374db07748e84a3f09ce55192cefe60724e1afec
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0a
+            Version: 3
+            TBS:
+                MD5: 6c239df74ade9185bb735cea2298c028
+                SHA1: f6297a00d3b2b4ce4750402b66e7ea018d54f683
+                SHA256: c5e3eebf1434d85e615b06e3c7a4d3c31d10a4fb0ff7a9b262bd41b43a6aaefe
+                SHA384: 48520b9f122b94ccc316982c87d8ebf6ca4fc4e6fd4504c8fcee63b307b5502c403bf0676ef96ca9dc2004a11bbc825b
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: CN=SiSoftware LTD, O=SiSoftware LTD, OU=Secure Application Development,
+                C=UK, ST=London, L=London
+            ValidFrom: '2004-09-23 16:28:04'
+            ValidTo: '2005-09-23 16:28:04'
+            Signature: 2623e3d4f0ca2111695ee2c1493671d554de79106efd8d98928e0890eb65e7da15d2f4c8f739e5fd1ce3e2205327c540b29ad0a901b605a623b2de380e382e4b75b9b41c5b4deb75c974d02c1911fb58851e75b6fc20bb947fca991fc050dee03a914b69345c77aeba2fa02e1b22cd2b75ad2593d9f5caa24550a02db6a3506d
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.4
+            IsCertificateAuthority: false
+            SerialNumber: 3ea278
+            Version: 3
+            TBS:
+                MD5: d1fe7af23616fed8bc3caa7652a5a797
+                SHA1: 2761ec21ac2de20b9341ae80bfb2d7fecbbc82f8
+                SHA256: e1b99e1290c46d85fea0a77eff3976c23b4f50950eea0ad74e69375b6a8d46e1
+                SHA384: 8fc563c827ac41fbde84bebb16f27264dae9c37f874b629b75c62c1b3bf45c06342954994092067e21086e89aecb8bcf
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2008-12-03 23:59:59'
+            Signature: 877870da4e5201205be079c98230c4fdb91996bd9100c3bdcdcdc6f40ed8fff94dc033623011c5f5741bd492de5f9c2013b17c45be50cd83e7801783a72793671346fbcab8984103cc9b515b058b7fa86ff31b501b242ef2698d6c22f7bbca1695ed0c74c06877d9eb996287c17390f889747a23aba3987b97b1f78f29714d2e751b4841daf0b50d2054d677a097826369fd09cf8af075bb099bd9f91155269a6132be7a02b07b86bea2c38b222c78d13576bc92735cf9b9e64c150a23cce4d2d4342e4940153c0f607a24c6a566ef96cf70eb3ee7f40d7edcd17ca3767169c19c4f47303521b1a2af1a623c2bd98eaa2a077bd818b35c7be29da56ffe3c89ad
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0de92bf0d4d82988183205095e9a7688
+            Version: 3
+            TBS:
+                MD5: 45c204b8a20f6abb0188d2d38a3fb0c9
+                SHA1: cdf3a3c5c2eda4c29621f30fd3154f9f8c765739
+                SHA256: e32839dddc0f4ed2474efaf37f59d46db400c700fd19533cb0895a111124bc77
+                SHA384: ee9c75832cb252218b3201619852209df490d2ef7a5f7a28afdb37f1c1dd56f4604898838e558f615b1c798d4a488223
+        Signer:
+        -   SerialNumber: 3ea278
+            Issuer: C=ZA, O=Thawte Consulting (Pty) Ltd., CN=Thawte Code Signing CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 0b1badd16412378c5f8ce453dcf5b205
+        SHA1: 19668d93884235c4796380d0c30e258e7398f4be
+        SHA256: 804579d970fb87472c50f30d7e3efd218c63a6a867a351f8668f3e4c46e5e8f3
+    Sections:
+        .text:
+            Entropy: 6.190485449062566
+            Virtual Size: '0x286a'
+        init:
+            Entropy: 5.285282898206711
+            Virtual Size: '0x3de'
+        .rdata:
+            Entropy: 4.408132636607159
+            Virtual Size: '0x3f4'
+        .data:
+            Entropy: 0.4975521352521052
+            Virtual Size: '0x11c'
+        .pdata:
+            Entropy: 3.945553175339081
+            Virtual Size: '0x1b0'
+        INIT:
+            Entropy: 5.079681736051613
+            Virtual Size: '0x512'
+        .rsrc:
+            Entropy: 3.4089999544386638
+            Virtual Size: '0x728'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2005-08-12 18:05:15'
+    Imphash: e2306e26abfd90a5ce4dad0e266b3905
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: SANDRA
+    MD5: 1610342659cb8eb4a0361dbc047a2221
+    SHA1: 8d0f33d073720597164f7321603578cd13346d1f
+    SHA256: b019ebd77ac19cdd72bba3318032752649bd56a7576723a8ae1cccd70ee1e61a
+    Authentihash:
+        MD5: 04ef6182073a4cbc8a606a4480093e0c
+        SHA1: 3c722e2822e0af72d3f868fffb8e5b884e502254
+        SHA256: 68dca726b16c56c70259c8f936ec20adb9ecb8c3cc73985083f41358c83935f4
+    Description: Sandra Device Driver (Win32 x86)(Unicode)
+    Company: SiSoftware
+    InternalName: SANDRA
+    OriginalFilename: SANDRA
+    FileVersion: '10.7.1.1 built by: WinDDK'
+    Product: SiSoftware Sandra
+    ProductVersion: 10.7.1.1
+    Copyright: "Copyright \xA9 SiSoftware Ltd 1995-2007. All rights reserved."
+    MachineType: I386
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - READ_REGISTER_USHORT
+    - READ_REGISTER_ULONG
+    - IoQueryDeviceDescription
+    - ZwSetInformationThread
+    - RtlUnicodeStringToAnsiString
+    - MmMapLockedPagesSpecifyCache
+    - MmBuildMdlForNonPagedPool
+    - IoAllocateMdl
+    - IoFreeMdl
+    - MmUnmapLockedPages
+    - IoReportResourceUsage
+    - READ_REGISTER_UCHAR
+    - MmResetDriverPaging
+    - MmPageEntireDriver
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - IoUnregisterShutdownNotification
+    - RtlQueryRegistryValues
+    - IoRegisterShutdownNotification
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeTickCount
+    - KeBugCheckEx
+    - RtlUnwind
+    - WRITE_REGISTER_ULONG
+    - WRITE_REGISTER_USHORT
+    - WRITE_REGISTER_UCHAR
+    - memset
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - RtlAppendUnicodeToString
+    - ZwCreateKey
+    - ZwSetValueKey
+    - NtQueryInformationProcess
+    - ZwClose
+    - IofCompleteRequest
+    - RtlInitUnicodeString
+    - KfReleaseSpinLock
+    - HalGetInterruptVector
+    - KeStallExecutionProcessor
+    - KeRaiseIrqlToDpcLevel
+    - KfLowerIrql
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    - WRITE_PORT_ULONG
+    - WRITE_PORT_USHORT
+    - WRITE_PORT_UCHAR
+    - READ_PORT_ULONG
+    - READ_PORT_USHORT
+    - READ_PORT_UCHAR
+    - HalTranslateBusAddress
+    - KfAcquireSpinLock
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, OU=GeoTrust TrustCenter CodeSigning CA, O=GeoTrust Inc,
+                CN=GeoTrust TrustCenter CodeSigning CA I
+            ValidFrom: '2006-02-01 21:44:28'
+            ValidTo: '2016-01-30 21:44:28'
+            Signature: 65c62c9e0fc5dec5639b6e8341e0d9137104dcd9813151f57eb9930d2ef80ae8c329c0e15e02c935bb2d936ff620702b7af688c0a60133696035618235da87d374289fa4b7c023012a763198473d2bd618173691b6203e8c00876f603252123d15d2a49c00def933f55e980a433ab6af40d8924b85b25701b2c9b09174f7b754
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 05ab96
+            Version: 3
+            TBS:
+                MD5: 861ac2a336eb5977ee1d342b79b3339a
+                SHA1: 172f39bca3dda7c6d5169c96b34a5fe7e96ff0bd
+                SHA256: 4e5f8008413b8bd1daacea968d79051fc84d2fcd76ded06c65fd8d2cf3b4e2e1
+                SHA384: 99b4b343c5b223a1446551c3dd26e2a0dcafe214460c5fcc4f9f12eaca42695ae9adb04fc19eec33f17d1659a0730e95
+        -   Subject: C=GB, ST=London, L=London, O=SiSoftware Ltd, OU=Development,
+                OU=GeoTrust Code Signing, CN=SiSoftware Ltd
+            ValidFrom: '2006-08-25 14:34:37'
+            ValidTo: '2009-08-25 14:34:37'
+            Signature: 4c99f17e9f0b78f896f63b6e8169341c47002763232639c5a84b1ca9ce9af913f4fb60a7a35671b1eedbdd3a6f8e25f1976ec8ca8cd430e26df8872f17e846280193959d43d627fe7e1ec7090b0b5d556a343835712f2a89963601f1ada68ec83c674d1314800ccef6cb90950d53488917e8ad20a291bedbe8bdf439d2d7e511510ed93e25efc0c96d47dcebada3c4343a3572e8c54b73d5d9945278129d735147ca201016dd7ae28429501b4fcf0ec713e6a1399dcc6050e3f7ced3c3d470beed59c912a287014097a3cd1b30fed67c26e21a78b1e32f3dc2ddfb118a9208cd030d936f380cecd2c20046f6ce477d1a303a4ff6666b1294702a2d5d0cf3cbc7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 008da900010020ba965fe3dc471ba8
+            Version: 3
+            TBS:
+                MD5: 53874260ddccaab0a480923b0bdb9f87
+                SHA1: 918b8c4efb05da56f1d3d99f99a20eebaca51734
+                SHA256: ba08cbcbf581a6f105512e5ce808655aeb91406ae3565ab1cdee935f19d9c86e
+                SHA384: 2c9c1ef0dce7e30a34e8873394e6142d705ae6eb8c2aa7cafb4ff600f56df44213ad4437ea6771b0d79b79fa31eeda60
+        -   Subject: C=US, O=GeoTrust Inc., OU=GeoTrust TrustCenter Timestamp, CN=GeoTrust
+                TrustCenter Authenticode Timestamp I
+            ValidFrom: '2006-02-13 15:40:22'
+            ValidTo: '2016-02-11 15:40:22'
+            Signature: bb64424e3d84a554ba24c4d75f1adbff39b1e0569823903b43d0d95dde4aacb2c13c40d61330b7ba52d48127399813f0c3754d556b0375bcc671348bf7e7e73916ed64ef034ef6a611ad21b3ecc0281f040d8c09aa32d72c99f16216d26e6f387e29504782ab56733ba9e75c53456699b30acfc19840d31d4228274c497f1ab1f9827a2ff19b3b784e48511a2af48c06c09610e337b18d9be9739267b2b45fae47daa2fd8f5b9dbbb85a080a12c025ecd637182df0661ec24020c0303cc7fe64d032590519f908d367c1d5ffa85948d7c1dda9f06fe09acc4e55a625fa3175f41d46ab5c9e35a86b9dfa1bb608e586a0ed95d9fe6ff59f4f26724567ba77449e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 02358f
+            Version: 3
+            TBS:
+                MD5: 75ffae38758191312831922d8786a94e
+                SHA1: d134a530fe0e79d599a54543644dd0f05020d64f
+                SHA256: ff5857d0dbbcfcef23ec8aadc7cb4db858d427de94bf380629223fe6429ece19
+                SHA384: c0fea314395e452e7cf6713c28ef5405859078ec210d9110f1f2455754eca38eb516b349731e0499ec74a06c09153924
+        -   Subject: C=US, O=Equifax, OU=Equifax Secure Certificate Authority
+            ValidFrom: '2006-05-23 17:01:15'
+            ValidTo: '2016-05-23 17:11:15'
+            Signature: 87a40f6b55916248ff54811ccf5db6c5a514aa671df485f6860d38b31c8d22ce7c867946fb71e16114d0ed4e46a48bca64654094f92ad7870ca9b7bedcc40bbd09c106eb9530841b9d8de7bc70c6f86539c4e5c4e65c8fcda130baef065e555290edd8587f15142ecc21a593dab8508d805e6e22a70fde8093add71d24b02aa2f4f20b98750131cc69bc359b3d13662f21bde54ec3639cc8518d59f5b600937ef10c35b0f4180dbfa7bdb2aae16b9f3ce6bb41b5d904e7c8a63abf8a5bdcaa9a3cd2c8dfcb1774163d78470b4c108e406616a0f300ede034998af0f9460ff27fbf202c972616d59e81da94a6dc61c8f18e092d4e32d03df682267d91d7a6c67bc1311d210ed4a342c1b4dfc0446b4f2aeebb29d62787b0a450ae1a9ab5f996f4ccabe52b3df166e2d5e1c3f0c687b659536638026e6194df1563aa415052f9bb64dc95e05b6c2aacfed6e603c21ff65557fe7e813fcb5a0bc1029cac84e47cd3f4c25a17c312706009ec82e5eccdd0b2106d69868c8da60e0416c57164ebd95bb8b08cfc32427e60846f655b7244272b846181f461d50fd51dbc05a27a5f937f26d1c8b3afa0190723e43e225d32d14a0fcee7b72a5c7b6e1c57126864e8337e8c501340a487b0d3a69b1eacbd3d7812bc52af09e0bab0508e5c81f98383af1482f50a6d035721bb9ac32e66fb04215b0a120fc1c907d63cecabf9a52f90883a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610bdc8f00000000001a
+            Version: 3
+            TBS:
+                MD5: 6e11ed171e9a07e607b8ca65bf0e8858
+                SHA1: 6d329a72420f76868584957854cdc45172e9f902
+                SHA256: 75efb8656a18ba5dacc596757bfb0fa11f0d3d81fd5f8cf9bb8975ced87e7b1b
+                SHA384: c41060ed797c77588692c0b3e36e19cca2d48c354863437f3df76009e25c916e8d2c7e17b297fbc59da085e98d070093
+        Signer:
+        -   SerialNumber: 008da900010020ba965fe3dc471ba8
+            Issuer: C=US, OU=GeoTrust TrustCenter CodeSigning CA, O=GeoTrust Inc,
+                CN=GeoTrust TrustCenter CodeSigning CA I
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 52643c3d20d3fd32c519cfdfaf5ab05a
+        SHA1: e8fc62f39e14b51bedb5f90e71bbcac953db38b8
+        SHA256: 864428cfc9203c13d0686b0901405b673d89d407cfd96a209e897867863ec444
+    Sections:
+        .text:
+            Entropy: 6.318955615333831
+            Virtual Size: '0x211c'
+        init:
+            Entropy: 5.54824616562491
+            Virtual Size: '0x2ea'
+        .rdata:
+            Entropy: 3.818463965333731
+            Virtual Size: '0x1b4'
+        .data:
+            Entropy: 0.7502511536537395
+            Virtual Size: '0x84'
+        INIT:
+            Entropy: 5.487578401110144
+            Virtual Size: '0x5de'
+        .rsrc:
+            Entropy: 3.411024793928045
+            Virtual Size: '0x728'
+        .reloc:
+            Entropy: 5.014225498795592
+            Virtual Size: '0x24c'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2007-11-17 01:40:29'
+    Imphash: 8e96d1a56746c6f6f30f1a0963ce2f26
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/a7bba474-815f-49be-bddc-4d76a64c866c.yaml b/yaml/a7bba474-815f-49be-bddc-4d76a64c866c.yaml
index ad6533f4f..83a5fa419 100644
--- a/yaml/a7bba474-815f-49be-bddc-4d76a64c866c.yaml
+++ b/yaml/a7bba474-815f-49be-bddc-4d76a64c866c.yaml
@@ -1,6148 +1,6148 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: a7bba474-815f-49be-bddc-4d76a64c866c
+Tags:
+- NTIOLib.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create NTIOLib.sys binPath=C:\windows\temp\NTIOLib.sys type=kernel
-    && sc.exe start NTIOLib.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/09bedbf7a41e0f8dabe4f41d331db58373ce15b2e9204540873a1884f38bdde1.yara
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/101402d4f5d1ae413ded499c78a5fcbbc7e3bae9b000d64c1dd64e3c48c37558.yara
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/131d5490ceb9a5b2324d8e927fea5becfc633015661de2f4c2f2375a3a3b64c6.yara
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/1ddfe4756f5db9fb319d6c6da9c41c588a729d9e7817190b027b38e9c076d219.yara
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/1e8b0c1966e566a523d652e00f7727d8b0663f1dfdce3b9a09b9adfaef48d8ee.yara
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/2bbe65cbec3bb069e92233924f7ee1f95ffa16173fceb932c34f68d862781250.yara
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/30706f110725199e338e9cc1c940d9a644d19a14f0eb8847712cba4cacda67ab.yara
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/3124b0411b8077605db2a9b7909d8240e0d554496600e2706e531c93c931e1b5.yara
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/38fa0c663c8689048726666f1c5e019feaa9da8278f1df6ff62da33961891d2a.yara
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/39cfde7d401efce4f550e0a9461f5fc4d71fa07235e1336e4f0b4882bd76550e.yara
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/3d9e83b189fcf5c3541c62d1f54a0da0a4e5b62c3243d2989afc46644056c8e3.yara
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/3f2fda9a7a9c57b7138687bbce49a2e156d6095dddabb3454ea09737e02c3fa5.yara
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/47f0cdaa2359a63ad1389ef4a635f1f6eee1f63bdf6ef177f114bdcdadc2e005.yara
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/50d5eaa168c077ce5b7f15b3f2c43bd2b86b07b1e926c1b332f8cb13bd2e0793.yara
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/56a3c9ac137d862a85b4004f043d46542a1b61c6acb438098a9640469e2d80e7.yara
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/591bd5e92dfa0117b3daa29750e73e2db25baa717c31217539d30ffb1f7f3a52.yara
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/5d530e111400785d183057113d70623e17af32931668ab7c7fc826f0fd4f91a3.yara
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/6f1ff29e2e710f6d064dc74e8e011331d807c32cc2a622cbe507fd4b4d43f8f4.yara
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/79e2d37632c417138970b4feba91b7e10c2ea251c5efe3d1fc6fa0190f176b57.yara
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/85866e8c25d82c1ec91d7a8076c7d073cccf421cf57d9c83d80d63943a4edd94.yara
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/89b0017bc30cc026e32b758c66a1af88bd54c6a78e11ec2908ff854e00ac46be.yara
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/9254f012009d55f555418ff85f7d93b184ab7cb0e37aecdfdab62cfe94dea96b.yara
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/9529efb1837b1005e5e8f477773752078e0a46500c748bc30c9b5084d04082e6.yara
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/984a77e5424c6d099051441005f2938ae92b31b5ad8f6521c6b001932862add7.yara
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/98b734dda78c16ebcaa4afeb31007926542b63b2f163b2f733fa0d00dbb344d8.yara
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/99f4994a0e5bd1bf6e3f637d3225c69ff4cd620557e23637533e7f18d7d6cba1.yara
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/9c10e2ec4f9ef591415f9a784b93dc9c9cdafa7c69602c0dc860c5b62222e449.yara
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/a961f5939088238d76757669a9a81905e33f247c9c635b908daac146ae063499.yara
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/a9706e320179993dade519a83061477ace195daa1b788662825484813001f526.yara
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/b7a20b5f15e1871b392782c46ebcc897929443d82073ee4dcb3874b6a5976b5d.yara
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/cc586254e9e89e88334adee44e332166119307e79c2f18f6c2ab90ce8ba7fc9b.yara
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/cd4a249c3ef65af285d0f8f30a8a96e83688486aab515836318a2559757a89bb.yara
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/cf4b5fa853ce809f1924df3a3ae3c4e191878c4ea5248d8785dc7e51807a512b.yara
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/d0bd1ae72aeb5f3eabf1531a635f990e5eaae7fdd560342f915f723766c80889.yara
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/d8b58f6a89a7618558e37afc360cd772b6731e3ba367f8d58734ecee2244a530.yara
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/d92eab70bcece4432258c9c9a914483a2267f6ab5ce2630048d3a99e8cb1b482.yara
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/e005e8d183e853a27ad3bb56f25489f369c11b0d47e3d4095aad9291b3343bf1.yara
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/e68d453d333854787f8470c8baef3e0d082f26df5aa19c0493898bcf3401e39a.yara
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/e83908eba2501a00ef9e74e7d1c8b4ff1279f1cd6051707fd51824f87e4378fa.yara
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/ef86c4e5ee1dbc4f81cd864e8cd2f4a2a85ee4475b9a9ab698a4ae1cc71fbeb0.yara
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/f088b2ba27dacd5c28f8ee428f1350dca4bc7c6606309c287c801b2e1da1a53d.yara
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/fd8669794c67b396c12fc5f08e9c004fdf851a82faf302846878173e4fbecb03.yara
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: a7bba474-815f-49be-bddc-4d76a64c866c
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: fb5bbdd2bc73cd1f1f4bf727e6ddb137
-    SHA1: 918768712f37fe0f3092b2ea452906d06f189bb3
-    SHA256: 5b08a501124d13262c86889617071743521aeefc2d77f678d541aa8dbad52992
-  Company: MSI
-  Copyright: Copyright (C) 2016 Micro-Star INT'L CO., LTD.
-  CreationTimestamp: '2016-04-12 01:04:16'
-  Date: ''
-  Description: NTIOLib
-  ExportedFunctions: ''
-  FileVersion: 1.0.0.2
-  Filename: NTIOLib.sys
-  ImportedFunctions:
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - IoDeleteDevice
-  - IoCreateDevice
-  - KeBugCheckEx
-  - RtlInitUnicodeString
-  - IoCreateSymbolicLink
-  - IoDeleteSymbolicLink
-  - __C_specific_handler
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: NTIOLib_X64.sys
-  MD5: 6126065af2fc2639473d12ee3c0c198e
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: NTIOLib_X64.sys
-  Product: NTIOLib
-  ProductVersion: 1.0.0.2
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 41ddd08b440611823bc5d8cb732c563d
-    SHA1: 8acdfc9ac988c6250e2a031640f6e169b5fddb73
-    SHA256: 189683b4db2e68d2f0b3f91f1141907b3887f23991867a68a22389d40ad3634e
-  SHA1: d7e8aef8c8feb87ce722c0b9abf34a7e6bab6eb4
-  SHA256: 09bedbf7a41e0f8dabe4f41d331db58373ce15b2e9204540873a1884f38bdde1
-  Sections:
-    .text:
-      Entropy: 5.971664587983523
-      Virtual Size: '0x7aa'
-    .rdata:
-      Entropy: 3.9501955572588057
-      Virtual Size: '0x180'
-    .data:
-      Entropy: 0.5096713223407059
-      Virtual Size: '0x114'
-    .pdata:
-      Entropy: 3.2842472767726067
-      Virtual Size: '0x78'
-    INIT:
-      Entropy: 5.046663153942613
-      Virtual Size: '0x242'
-    .rsrc:
-      Entropy: 3.290991172993315
-      Virtual Size: '0x378'
-  Signature:
-  - MICRO-STAR INTERNATIONAL CO., LTD.
-  - GlobalSign CodeSigning CA - G2
-  - GlobalSign Root CA - R1
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2011-04-15 19:55:08'
-      ValidTo: '2021-04-15 20:05:08'
-      Signature: 5ff8d065746a81c6a6ca5b03b6914ae84bbdef2ba142f0efb4a5adcd3389ec0b9585ac62501108aa58d25aa08310e5a6337af25af2c5fe787cf09c83df190ad97396002dd62ccde914d41d9de83f3c1a76f7904efb01350a6c9313a0c356eb67a0e4d17a96dec267f190f80a7bf5321b94ec5f751f8d1b34da6c58a7cb2d279e2226b7c9aa30cc0777b836e38201b5393ccc8dd9a75f7f23b3877fdb5798918bd7ce2520e39d644fdd87f72b68490318e0a5df7c5f68644d36838d4781f2e9e0a869abfa7b163c05a449ea8830190a6c73055178dfd41ddd3ad47f2de44e54be83431e7a7433b4a4ebd77073bc2a02988966eef6bc8f749378e329025a5a43e258ce7ccf9acad236893be25fda26054ec8d4e72c910e1797c5beee8b13112323294ffa83d050f6bafad53db3173df4ff034aa325dce67561d1fa35086bd62744d068b78d45e0eb852cc8a15d614474160e5958aed2b5eea5bcd6d7076ab62978fd976767dd8d4f17944fd2ed0caf972437c3a29c81da6be143b6577b4cecbf791319e79fe844e94781b75e701e91f83dd17b27f50b7056434805dda92fab86101d0b12e31ad04c6e75ded645b30b748887935c564a41029af7aeb799d8b67f88fa11f2457cf4d71b91c01cf1a0fbd4080a411a142acef4eb34486e66879ed54b7a397fbb0e3d3861cf735706e412066bd96b5308cd7018c22d4f974691bca9f0
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 6129152700000000002a
-      Version: 3
-      TBS:
-        MD5: 0bb058d116f02817737920f112d9fd3b
-        SHA1: fd116235171a4feafedee586b7a59185fb5fd7e6
-        SHA256: f970426cc46d2ae0fc5f899fa19dbe76e05f07e525654c60c3c9399492c291f4
-        SHA384: c0df876be008c26ca407fe904e6f5e7ccded17f9c16830ce9f8022309c9e64c97f494810f152811ae43e223b82ad7cc6
-    - Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL CO.,
-        LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL CO.,
-        LTD.
-      ValidFrom: '2014-06-03 09:16:15'
-      ValidTo: '2017-09-03 09:16:15'
-      Signature: 8c35a5b5d3503f50119ab8f99b07a4bb4b71cafaf983206f744545c2997ae1762032fa2d37f4780cfe83bfa999d7bcbd863dc4a51ff39978160e2e191482ae6d7f08e8ffa337c96d8c2d38ddf476a497265a890c1bbf0dee89b1abd32343889a3757732d205ba06525fa8f6e15005405a53e55cef71ac0b6af3a640e4c8aef5e950ab8a8b5c8bcddb2ade96ad9473a3d860ae16fdbe3362cabfd916da089167d906d378dbf4534f7ffb77d87baba29f8f5bbbd9b4b7c127ac170a270dc7a7272d38fdf3bbadbfb448d47e5dd4d310a588666a0d66762e1b3704b1e00e39739190c02f4b981cf2d27ba07d2472ec320edf29e263f26278995d162102968c999b3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112158044863e4dc19cf29a85668b7f45842
-      Version: 3
-      TBS:
-        MD5: 403bb44a62aed1a94bd5df05b3292482
-        SHA1: e4a0353e75940ab1e8cbff2f433f186c7f0b0f09
-        SHA256: 5b81998ed98b343c04134c336e03f3051779eae0e9f882e8339593d18556375d
-        SHA384: db0076cad41a0ef4ea68754ef6905bd5ff772adcb745b05c0060344e43588abc95952dc3ad272f5a8f17b206e4089aca
-    Signer:
-    - SerialNumber: 112158044863e4dc19cf29a85668b7f45842
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: d6f977640d4810a784d152e4d3c63a6b
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: b3f5d7d5ea5ddb56cae089ab780d2058
-    SHA1: b648e51b784f071adbf9f53048e3765efb96ab8a
-    SHA256: 745273e1620bc657d2210ae1b5abb49f4f5928829f95c8ef01ce151bdbb4c32f
-  Company: MSI
-  Copyright: Copyright (C) 2008-2009 MSI. All rights reserved.
-  CreationTimestamp: '2014-03-17 04:24:03'
-  Date: ''
-  Description: NTIOLib
-  ExportedFunctions: ''
-  FileVersion: 1.0.0.0
-  Filename: NTIOLib.sys
-  ImportedFunctions:
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - IoDeleteDevice
-  - IoCreateDevice
-  - KeBugCheckEx
-  - RtlInitUnicodeString
-  - IoCreateSymbolicLink
-  - IoDeleteSymbolicLink
-  - __C_specific_handler
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: NTIOLib.sys
-  MD5: c6f8983dd3d75640c072a8459b8fa55a
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: NTIOLib.sys
-  Product: NTIOLib
-  ProductVersion: 1.0.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 39c75f9f5960f67f8cc161923c9e27de
-    SHA1: 04563d9ba3a46a4a80e909593385d142161e460f
-    SHA256: 160c6345935fc4df2858df076b6075d17a8f8adec1d01711474d4221fe4168a8
-  SHA1: 5e6ddd2b39a3de0016385cbd7aa50e49451e376d
-  SHA256: 101402d4f5d1ae413ded499c78a5fcbbc7e3bae9b000d64c1dd64e3c48c37558
-  Sections:
-    .text:
-      Entropy: 5.967421127744944
-      Virtual Size: '0x7aa'
-    .rdata:
-      Entropy: 4.036147730749083
-      Virtual Size: '0x188'
-    .data:
-      Entropy: 0.5096713223407059
-      Virtual Size: '0x114'
-    .pdata:
-      Entropy: 3.30946455767327
-      Virtual Size: '0x78'
-    INIT:
-      Entropy: 5.022741972184718
-      Virtual Size: '0x242'
-    .rsrc:
-      Entropy: 3.2498244109800973
-      Virtual Size: '0x370'
-  Signature:
-  - MICRO-STAR INTERNATIONAL CO., LTD.
-  - GlobalSign CodeSigning CA - G2
-  - GlobalSign Root CA - R1
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL CO.,
-        LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL CO.,
-        LTD.
-      ValidFrom: '2011-08-30 06:46:09'
-      ValidTo: '2014-08-30 06:46:09'
-      Signature: 87bf57ab7ffd7e005076b34b14ddd924045ec7e389871661794f1ece1bef10e050893b28236cb650af1415f8cd95e86c2052d93311d73e0bbe6fb1c22ddea438a93c8b18bd4b8c0f81ad07032efb46d406bbaa730dd3ac92cbf0d9cc711a397a0e0320b213a5161e6be83ec69967a712b463129ea56d5a8ecd3ff8901be09dfaa0a0f10e879b307863e1b1c3a3149ac73bc3f3160db7012229b57bced6d47b875878663642a8cddd03da1e7f236b8cf16713a5e0f4c892aaca77a8c7dab41d84567e2bbf09b336a2824e0e18d54d199e6e024d2630bb210cd24a9ef4b377be0429e2ecc9bf8478a8c6a78c686e26f29c95925baee85e4bbb97b6eecffe44a25e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
-      Version: 3
-      TBS:
-        MD5: 3a98a18e8636f2a01e49e2a6d116c360
-        SHA1: a2938150e46525adcec2e3a2348824bc1cf532b2
-        SHA256: 01a2e2d31d0a4f3005753cce5972b5da2a7c08b0750fb6947e0fd231e64ae7ec
-        SHA384: 722398e51e6b5bbe064df372be6b6a9ccfcc9719ad775213cae46920e0a3e6c5a4dc8b912de3148abfc60ff4a59050ea
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: d6f977640d4810a784d152e4d3c63a6b
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 63cc49f8ae8897706dec2444951c0414
-    SHA1: ae69d3501e7fe1e2109998beed9da13f74e032c2
-    SHA256: 7334c46a55acf8bb18435ab60ed9b89f2c1ab31587ef052730358efc32fddb62
-  Company: MSI
-  Copyright: Copyright (C) 2008-2009 MSI. All rights reserved.
-  CreationTimestamp: '2012-10-25 05:46:40'
-  Date: ''
-  Description: NTIOLib
-  ExportedFunctions: ''
-  FileVersion: 1.0.0.0
-  Filename: NTIOLib.sys
-  ImportedFunctions:
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - IoDeleteDevice
-  - IoCreateDevice
-  - KeBugCheckEx
-  - RtlInitUnicodeString
-  - IoCreateSymbolicLink
-  - IoDeleteSymbolicLink
-  - __C_specific_handler
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: NTIOLib.sys
-  MD5: f7cbbb5eb263ec9a35a1042f52e82ca4
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: NTIOLib.sys
-  Product: NTIOLib
-  ProductVersion: 1.0.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 6c9272bb390e89b75934eea3b15a1858
-    SHA1: 16dab615286d22f060143bb9316a28122f8e4d1b
-    SHA256: 4a41cc91e3a5794be7d9088e93b0277f123a88d3b6568c5f92fe084bb5c78b4a
-  SHA1: 976777d39d73034df6b113dfce1aa6e1d00ffcfd
-  SHA256: 131d5490ceb9a5b2324d8e927fea5becfc633015661de2f4c2f2375a3a3b64c6
-  Sections:
-    .text:
-      Entropy: 6.012173012273225
-      Virtual Size: '0x794'
-    .rdata:
-      Entropy: 4.0454157606140875
-      Virtual Size: '0x184'
-    .data:
-      Entropy: 0.5096713223407059
-      Virtual Size: '0x114'
-    .pdata:
-      Entropy: 3.2568923621127186
-      Virtual Size: '0x6c'
-    INIT:
-      Entropy: 4.859566382396186
-      Virtual Size: '0x222'
-    .rsrc:
-      Entropy: 3.2498244109800973
-      Virtual Size: '0x370'
-  Signature:
-  - MICRO-STAR INTERNATIONAL CO., LTD.
-  - GlobalSign CodeSigning CA - G2
-  - GlobalSign Root CA - R1
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G3
-      ValidFrom: '2012-05-01 00:00:00'
-      ValidTo: '2012-12-31 23:59:59'
-      Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
-      Version: 3
-      TBS:
-        MD5: e6d820afb23af20a65cf0b03247ea05e
-        SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
-        SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
-        SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL CO.,
-        LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL CO.,
-        LTD.
-      ValidFrom: '2011-08-30 06:46:09'
-      ValidTo: '2014-08-30 06:46:09'
-      Signature: 87bf57ab7ffd7e005076b34b14ddd924045ec7e389871661794f1ece1bef10e050893b28236cb650af1415f8cd95e86c2052d93311d73e0bbe6fb1c22ddea438a93c8b18bd4b8c0f81ad07032efb46d406bbaa730dd3ac92cbf0d9cc711a397a0e0320b213a5161e6be83ec69967a712b463129ea56d5a8ecd3ff8901be09dfaa0a0f10e879b307863e1b1c3a3149ac73bc3f3160db7012229b57bced6d47b875878663642a8cddd03da1e7f236b8cf16713a5e0f4c892aaca77a8c7dab41d84567e2bbf09b336a2824e0e18d54d199e6e024d2630bb210cd24a9ef4b377be0429e2ecc9bf8478a8c6a78c686e26f29c95925baee85e4bbb97b6eecffe44a25e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
-      Version: 3
-      TBS:
-        MD5: 3a98a18e8636f2a01e49e2a6d116c360
-        SHA1: a2938150e46525adcec2e3a2348824bc1cf532b2
-        SHA256: 01a2e2d31d0a4f3005753cce5972b5da2a7c08b0750fb6947e0fd231e64ae7ec
-        SHA384: 722398e51e6b5bbe064df372be6b6a9ccfcc9719ad775213cae46920e0a3e6c5a4dc8b912de3148abfc60ff4a59050ea
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: d6f977640d4810a784d152e4d3c63a6b
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 07744c410b3e3a459576524f1b522a88
-    SHA1: bfa958230e3816f9879e16ec391e94b607f292e6
-    SHA256: 7af3585ca7c2dd65032fa48759a0124db2c5bbca5fc8caf8bb8f61fa5085149d
-  Company: MSI
-  Copyright: Copyright (C) 2016 Micro-Star INT'L CO., LTD.
-  CreationTimestamp: '2016-09-07 20:55:34'
-  Date: ''
-  Description: NTIOLib
-  ExportedFunctions: ''
-  FileVersion: 1.0.0.3
-  Filename: NTIOLib.sys
-  ImportedFunctions:
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - IoDeleteDevice
-  - IoCreateDevice
-  - KeBugCheckEx
-  - RtlInitUnicodeString
-  - IoCreateSymbolicLink
-  - IoDeleteSymbolicLink
-  - __C_specific_handler
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: NTIOLib.sys
-  MD5: 7ed6030f14e66e743241f2c1fa783e69
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: NTIOLib.sys
-  Product: NTIOLib
-  ProductVersion: 1.0.0.3
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 41ddd08b440611823bc5d8cb732c563d
-    SHA1: 8acdfc9ac988c6250e2a031640f6e169b5fddb73
-    SHA256: 189683b4db2e68d2f0b3f91f1141907b3887f23991867a68a22389d40ad3634e
-  SHA1: 9c6749fc6c1127f8788bff70e0ce9062959637c9
-  SHA256: 1ddfe4756f5db9fb319d6c6da9c41c588a729d9e7817190b027b38e9c076d219
-  Sections:
-    .text:
-      Entropy: 5.972120892906804
-      Virtual Size: '0x7aa'
-    .rdata:
-      Entropy: 4.126214961912172
-      Virtual Size: '0x194'
-    .data:
-      Entropy: 0.5096713223407059
-      Virtual Size: '0x114'
-    .pdata:
-      Entropy: 3.370810739796811
-      Virtual Size: '0x78'
-    INIT:
-      Entropy: 5.046663153942613
-      Virtual Size: '0x242'
-    .rsrc:
-      Entropy: 3.2672225175142127
-      Virtual Size: '0x368'
-  Signature:
-  - MICRO-STAR INTERNATIONAL CO., LTD.
-  - GlobalSign CodeSigning CA - G2
-  - GlobalSign Root CA - R1
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2011-04-15 19:55:08'
-      ValidTo: '2021-04-15 20:05:08'
-      Signature: 5ff8d065746a81c6a6ca5b03b6914ae84bbdef2ba142f0efb4a5adcd3389ec0b9585ac62501108aa58d25aa08310e5a6337af25af2c5fe787cf09c83df190ad97396002dd62ccde914d41d9de83f3c1a76f7904efb01350a6c9313a0c356eb67a0e4d17a96dec267f190f80a7bf5321b94ec5f751f8d1b34da6c58a7cb2d279e2226b7c9aa30cc0777b836e38201b5393ccc8dd9a75f7f23b3877fdb5798918bd7ce2520e39d644fdd87f72b68490318e0a5df7c5f68644d36838d4781f2e9e0a869abfa7b163c05a449ea8830190a6c73055178dfd41ddd3ad47f2de44e54be83431e7a7433b4a4ebd77073bc2a02988966eef6bc8f749378e329025a5a43e258ce7ccf9acad236893be25fda26054ec8d4e72c910e1797c5beee8b13112323294ffa83d050f6bafad53db3173df4ff034aa325dce67561d1fa35086bd62744d068b78d45e0eb852cc8a15d614474160e5958aed2b5eea5bcd6d7076ab62978fd976767dd8d4f17944fd2ed0caf972437c3a29c81da6be143b6577b4cecbf791319e79fe844e94781b75e701e91f83dd17b27f50b7056434805dda92fab86101d0b12e31ad04c6e75ded645b30b748887935c564a41029af7aeb799d8b67f88fa11f2457cf4d71b91c01cf1a0fbd4080a411a142acef4eb34486e66879ed54b7a397fbb0e3d3861cf735706e412066bd96b5308cd7018c22d4f974691bca9f0
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 6129152700000000002a
-      Version: 3
-      TBS:
-        MD5: 0bb058d116f02817737920f112d9fd3b
-        SHA1: fd116235171a4feafedee586b7a59185fb5fd7e6
-        SHA256: f970426cc46d2ae0fc5f899fa19dbe76e05f07e525654c60c3c9399492c291f4
-        SHA384: c0df876be008c26ca407fe904e6f5e7ccded17f9c16830ce9f8022309c9e64c97f494810f152811ae43e223b82ad7cc6
-    - Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL CO.,
-        LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL CO.,
-        LTD.
-      ValidFrom: '2014-06-03 09:16:15'
-      ValidTo: '2017-09-03 09:16:15'
-      Signature: 8c35a5b5d3503f50119ab8f99b07a4bb4b71cafaf983206f744545c2997ae1762032fa2d37f4780cfe83bfa999d7bcbd863dc4a51ff39978160e2e191482ae6d7f08e8ffa337c96d8c2d38ddf476a497265a890c1bbf0dee89b1abd32343889a3757732d205ba06525fa8f6e15005405a53e55cef71ac0b6af3a640e4c8aef5e950ab8a8b5c8bcddb2ade96ad9473a3d860ae16fdbe3362cabfd916da089167d906d378dbf4534f7ffb77d87baba29f8f5bbbd9b4b7c127ac170a270dc7a7272d38fdf3bbadbfb448d47e5dd4d310a588666a0d66762e1b3704b1e00e39739190c02f4b981cf2d27ba07d2472ec320edf29e263f26278995d162102968c999b3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112158044863e4dc19cf29a85668b7f45842
-      Version: 3
-      TBS:
-        MD5: 403bb44a62aed1a94bd5df05b3292482
-        SHA1: e4a0353e75940ab1e8cbff2f433f186c7f0b0f09
-        SHA256: 5b81998ed98b343c04134c336e03f3051779eae0e9f882e8339593d18556375d
-        SHA384: db0076cad41a0ef4ea68754ef6905bd5ff772adcb745b05c0060344e43588abc95952dc3ad272f5a8f17b206e4089aca
-    Signer:
-    - SerialNumber: 112158044863e4dc19cf29a85668b7f45842
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: d6f977640d4810a784d152e4d3c63a6b
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 575bfa9a34097f8d19982dcdd9118094
-    SHA1: 9369dbe6e082a2af351daebeef1c464af33cc270
-    SHA256: 6f96c129eb96bc4df9a7d247a98fecb9a3801dde63281ac1aba3d2ef869d32a5
-  Company: MSI
-  Copyright: Copyright (C) 2014 MSI. All rights reserved.
-  CreationTimestamp: '2014-12-23 02:24:53'
-  Date: ''
-  Description: NTIOLib_X64
-  ExportedFunctions: ''
-  FileVersion: 1.0.0.1
-  Filename: NTIOLib.sys
-  ImportedFunctions:
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - IoDeleteDevice
-  - IoCreateDevice
-  - KeBugCheckEx
-  - RtlInitUnicodeString
-  - IoCreateSymbolicLink
-  - IoDeleteSymbolicLink
-  - __C_specific_handler
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: NTIOLib_X64.sys
-  MD5: 3651a6990fe38711ebb285143f867a43
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: NTIOLib_X64.sys
-  Product: NTIOLib_X64
-  ProductVersion: 1.0.0.1
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 41ddd08b440611823bc5d8cb732c563d
-    SHA1: 8acdfc9ac988c6250e2a031640f6e169b5fddb73
-    SHA256: 189683b4db2e68d2f0b3f91f1141907b3887f23991867a68a22389d40ad3634e
-  SHA1: 53acd4d9e7ba0b1056cf52af0d191f226eddf312
-  SHA256: 1e8b0c1966e566a523d652e00f7727d8b0663f1dfdce3b9a09b9adfaef48d8ee
-  Sections:
-    .text:
-      Entropy: 5.971417659239729
-      Virtual Size: '0x7b0'
-    .rdata:
-      Entropy: 4.073899546293937
-      Virtual Size: '0x194'
-    .data:
-      Entropy: 0.5096713223407059
-      Virtual Size: '0x114'
-    .pdata:
-      Entropy: 3.370810739796811
-      Virtual Size: '0x78'
-    INIT:
-      Entropy: 5.046663153942613
-      Virtual Size: '0x242'
-    .rsrc:
-      Entropy: 3.2961638366069916
-      Virtual Size: '0x388'
-  Signature:
-  - MICRO-STAR INTERNATIONAL CO., LTD.
-  - GlobalSign CodeSigning CA - G2
-  - GlobalSign Root CA - R1
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2011-04-15 19:55:08'
-      ValidTo: '2021-04-15 20:05:08'
-      Signature: 5ff8d065746a81c6a6ca5b03b6914ae84bbdef2ba142f0efb4a5adcd3389ec0b9585ac62501108aa58d25aa08310e5a6337af25af2c5fe787cf09c83df190ad97396002dd62ccde914d41d9de83f3c1a76f7904efb01350a6c9313a0c356eb67a0e4d17a96dec267f190f80a7bf5321b94ec5f751f8d1b34da6c58a7cb2d279e2226b7c9aa30cc0777b836e38201b5393ccc8dd9a75f7f23b3877fdb5798918bd7ce2520e39d644fdd87f72b68490318e0a5df7c5f68644d36838d4781f2e9e0a869abfa7b163c05a449ea8830190a6c73055178dfd41ddd3ad47f2de44e54be83431e7a7433b4a4ebd77073bc2a02988966eef6bc8f749378e329025a5a43e258ce7ccf9acad236893be25fda26054ec8d4e72c910e1797c5beee8b13112323294ffa83d050f6bafad53db3173df4ff034aa325dce67561d1fa35086bd62744d068b78d45e0eb852cc8a15d614474160e5958aed2b5eea5bcd6d7076ab62978fd976767dd8d4f17944fd2ed0caf972437c3a29c81da6be143b6577b4cecbf791319e79fe844e94781b75e701e91f83dd17b27f50b7056434805dda92fab86101d0b12e31ad04c6e75ded645b30b748887935c564a41029af7aeb799d8b67f88fa11f2457cf4d71b91c01cf1a0fbd4080a411a142acef4eb34486e66879ed54b7a397fbb0e3d3861cf735706e412066bd96b5308cd7018c22d4f974691bca9f0
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 6129152700000000002a
-      Version: 3
-      TBS:
-        MD5: 0bb058d116f02817737920f112d9fd3b
-        SHA1: fd116235171a4feafedee586b7a59185fb5fd7e6
-        SHA256: f970426cc46d2ae0fc5f899fa19dbe76e05f07e525654c60c3c9399492c291f4
-        SHA384: c0df876be008c26ca407fe904e6f5e7ccded17f9c16830ce9f8022309c9e64c97f494810f152811ae43e223b82ad7cc6
-    - Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL CO.,
-        LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL CO.,
-        LTD.
-      ValidFrom: '2014-06-03 09:16:15'
-      ValidTo: '2017-09-03 09:16:15'
-      Signature: 8c35a5b5d3503f50119ab8f99b07a4bb4b71cafaf983206f744545c2997ae1762032fa2d37f4780cfe83bfa999d7bcbd863dc4a51ff39978160e2e191482ae6d7f08e8ffa337c96d8c2d38ddf476a497265a890c1bbf0dee89b1abd32343889a3757732d205ba06525fa8f6e15005405a53e55cef71ac0b6af3a640e4c8aef5e950ab8a8b5c8bcddb2ade96ad9473a3d860ae16fdbe3362cabfd916da089167d906d378dbf4534f7ffb77d87baba29f8f5bbbd9b4b7c127ac170a270dc7a7272d38fdf3bbadbfb448d47e5dd4d310a588666a0d66762e1b3704b1e00e39739190c02f4b981cf2d27ba07d2472ec320edf29e263f26278995d162102968c999b3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112158044863e4dc19cf29a85668b7f45842
-      Version: 3
-      TBS:
-        MD5: 403bb44a62aed1a94bd5df05b3292482
-        SHA1: e4a0353e75940ab1e8cbff2f433f186c7f0b0f09
-        SHA256: 5b81998ed98b343c04134c336e03f3051779eae0e9f882e8339593d18556375d
-        SHA384: db0076cad41a0ef4ea68754ef6905bd5ff772adcb745b05c0060344e43588abc95952dc3ad272f5a8f17b206e4089aca
-    Signer:
-    - SerialNumber: 112158044863e4dc19cf29a85668b7f45842
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: d6f977640d4810a784d152e4d3c63a6b
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: fb364fe88525eface63e291f7e86338e
-    SHA1: 0f661f61f0106faeda1d6cbe83b81aaf3ea4d28c
-    SHA256: 299f36c717c5d5d77a8e9c15879e95cd825f74e77c7ed24e7cccbefeb38a2165
-  Company: MSI
-  Copyright: Copyright (C) 2011-2012 MSI. All rights reserved.
-  CreationTimestamp: '2012-11-23 00:16:41'
-  Date: ''
-  Description: NTIOLib For MSISimple_OC
-  ExportedFunctions: ''
-  FileVersion: 1.0.0.2
-  Filename: NTIOLib.sys
-  ImportedFunctions:
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - IoDeleteDevice
-  - IoCreateDevice
-  - KeBugCheckEx
-  - RtlInitUnicodeString
-  - IoCreateSymbolicLink
-  - IoDeleteSymbolicLink
-  - __C_specific_handler
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: NTIOLib.sys
-  MD5: 736c4b85ce346ddf3b49b1e3abb4e72a
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: NTIOLib.sys
-  Product: NTIOLib
-  ProductVersion: 1.0.0.2
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 41ddd08b440611823bc5d8cb732c563d
-    SHA1: 8acdfc9ac988c6250e2a031640f6e169b5fddb73
-    SHA256: 189683b4db2e68d2f0b3f91f1141907b3887f23991867a68a22389d40ad3634e
-  SHA1: 3abb9d0a9d600200ae19c706e570465ef0a15643
-  SHA256: 2bbe65cbec3bb069e92233924f7ee1f95ffa16173fceb932c34f68d862781250
-  Sections:
-    .text:
-      Entropy: 5.963848857097665
-      Virtual Size: '0x7e2'
-    .rdata:
-      Entropy: 3.980940617017931
-      Virtual Size: '0x180'
-    .data:
-      Entropy: 0.5096713223407059
-      Virtual Size: '0x114'
-    .pdata:
-      Entropy: 3.3677730066584752
-      Virtual Size: '0x78'
-    INIT:
-      Entropy: 5.046663153942613
-      Virtual Size: '0x242'
-    .rsrc:
-      Entropy: 3.262414652315032
-      Virtual Size: '0x398'
-  Signature:
-  - MICRO-STAR INTERNATIONAL CO.
-  - GlobalSign CodeSigning CA - G2
-  - GlobalSign
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G3
-      ValidFrom: '2012-05-01 00:00:00'
-      ValidTo: '2012-12-31 23:59:59'
-      Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
-      Version: 3
-      TBS:
-        MD5: e6d820afb23af20a65cf0b03247ea05e
-        SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
-        SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
-        SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL CO.,
-        LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL CO.,
-        LTD.
-      ValidFrom: '2011-08-30 06:46:09'
-      ValidTo: '2014-08-30 06:46:09'
-      Signature: 87bf57ab7ffd7e005076b34b14ddd924045ec7e389871661794f1ece1bef10e050893b28236cb650af1415f8cd95e86c2052d93311d73e0bbe6fb1c22ddea438a93c8b18bd4b8c0f81ad07032efb46d406bbaa730dd3ac92cbf0d9cc711a397a0e0320b213a5161e6be83ec69967a712b463129ea56d5a8ecd3ff8901be09dfaa0a0f10e879b307863e1b1c3a3149ac73bc3f3160db7012229b57bced6d47b875878663642a8cddd03da1e7f236b8cf16713a5e0f4c892aaca77a8c7dab41d84567e2bbf09b336a2824e0e18d54d199e6e024d2630bb210cd24a9ef4b377be0429e2ecc9bf8478a8c6a78c686e26f29c95925baee85e4bbb97b6eecffe44a25e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
-      Version: 3
-      TBS:
-        MD5: 3a98a18e8636f2a01e49e2a6d116c360
-        SHA1: a2938150e46525adcec2e3a2348824bc1cf532b2
-        SHA256: 01a2e2d31d0a4f3005753cce5972b5da2a7c08b0750fb6947e0fd231e64ae7ec
-        SHA384: 722398e51e6b5bbe064df372be6b6a9ccfcc9719ad775213cae46920e0a3e6c5a4dc8b912de3148abfc60ff4a59050ea
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: d6f977640d4810a784d152e4d3c63a6b
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 1a384cdc0edc4e14d6dfb5b242e9313f
-    SHA1: 13874ae76957845e9315eedf0f5f2b59eedcb9a6
-    SHA256: 1f210a62de46c5acb868a083465b94287331ec28acd3b269e64ab6c3f372021f
-  Company: MSI
-  Copyright: Copyright (C) 2013 MSI. All rights reserved.
-  CreationTimestamp: '2013-04-15 00:40:05'
-  Date: ''
-  Description: MSI ComCenService Driver
-  ExportedFunctions: ''
-  FileVersion: 1.0.0.0
-  Filename: NTIOLib.sys
-  ImportedFunctions:
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - IoDeleteDevice
-  - IoCreateDevice
-  - KeBugCheckEx
-  - RtlInitUnicodeString
-  - IoCreateSymbolicLink
-  - IoDeleteSymbolicLink
-  - __C_specific_handler
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: NTIOLib.sys
-  MD5: 4a06bcd96ef0b90a1753a805b4235f28
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: NTIOLib.sys
-  Product: NTIOLib
-  ProductVersion: 1.0.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 2ee757c19c3e831d8f872914fe1b1384
-    SHA1: 9c58163cf35d80dbe450b656a52ee9de12bc60d2
-    SHA256: c5a21f0ae765d60ce4e2189aa3ca90b603b75ac02d9a98d1ab04375ad398132c
-  SHA1: 27eab595ec403580236e04101172247c4f5d5426
-  SHA256: 30706f110725199e338e9cc1c940d9a644d19a14f0eb8847712cba4cacda67ab
-  Sections:
-    .text:
-      Entropy: 6.00523305700914
-      Virtual Size: '0x7b0'
-    .rdata:
-      Entropy: 4.179967406544632
-      Virtual Size: '0x190'
-    .data:
-      Entropy: 0.5096713223407059
-      Virtual Size: '0x114'
-    .pdata:
-      Entropy: 3.2625699366690815
-      Virtual Size: '0x6c'
-    INIT:
-      Entropy: 4.846887314724898
-      Virtual Size: '0x222'
-    .rsrc:
-      Entropy: 3.2473671574311322
-      Virtual Size: '0x390'
-  Signature:
-  - MICRO-STAR INTERNATIONAL CO., LTD.
-  - GlobalSign CodeSigning CA - G2
-  - GlobalSign
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL CO.,
-        LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL CO.,
-        LTD.
-      ValidFrom: '2011-08-30 06:46:09'
-      ValidTo: '2014-08-30 06:46:09'
-      Signature: 87bf57ab7ffd7e005076b34b14ddd924045ec7e389871661794f1ece1bef10e050893b28236cb650af1415f8cd95e86c2052d93311d73e0bbe6fb1c22ddea438a93c8b18bd4b8c0f81ad07032efb46d406bbaa730dd3ac92cbf0d9cc711a397a0e0320b213a5161e6be83ec69967a712b463129ea56d5a8ecd3ff8901be09dfaa0a0f10e879b307863e1b1c3a3149ac73bc3f3160db7012229b57bced6d47b875878663642a8cddd03da1e7f236b8cf16713a5e0f4c892aaca77a8c7dab41d84567e2bbf09b336a2824e0e18d54d199e6e024d2630bb210cd24a9ef4b377be0429e2ecc9bf8478a8c6a78c686e26f29c95925baee85e4bbb97b6eecffe44a25e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
-      Version: 3
-      TBS:
-        MD5: 3a98a18e8636f2a01e49e2a6d116c360
-        SHA1: a2938150e46525adcec2e3a2348824bc1cf532b2
-        SHA256: 01a2e2d31d0a4f3005753cce5972b5da2a7c08b0750fb6947e0fd231e64ae7ec
-        SHA384: 722398e51e6b5bbe064df372be6b6a9ccfcc9719ad775213cae46920e0a3e6c5a4dc8b912de3148abfc60ff4a59050ea
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: d6f977640d4810a784d152e4d3c63a6b
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 9e87790870d27c78e12a870557a5decf
-    SHA1: ff09c47ebaa82cdde41a1be4e65f5a7cafb28322
-    SHA256: 051dad67cc6cb6b6e20b1230b04c09cc360d106a6b7000e0991381356ace0811
-  Company: MSI
-  Copyright: Copyright (C) 2008-2009 MSI. All rights reserved.
-  CreationTimestamp: '2012-11-20 01:25:26'
-  Date: ''
-  Description: NTIOLib for MSIFrequency_CC
-  ExportedFunctions: ''
-  FileVersion: 1.0.0.0
-  Filename: NTIOLib.sys
-  ImportedFunctions:
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - IoDeleteDevice
-  - IoCreateDevice
-  - KeBugCheckEx
-  - RtlInitUnicodeString
-  - IoCreateSymbolicLink
-  - IoDeleteSymbolicLink
-  - __C_specific_handler
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: NTIOLib.sys
-  MD5: 63e333d64a8716e1ae59f914cb686ae8
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: NTIOLib.sys
-  Product: NTIOLib
-  ProductVersion: 1.0.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 41ddd08b440611823bc5d8cb732c563d
-    SHA1: 8acdfc9ac988c6250e2a031640f6e169b5fddb73
-    SHA256: 189683b4db2e68d2f0b3f91f1141907b3887f23991867a68a22389d40ad3634e
-  SHA1: 78b9481607ca6f3a80b4515c432ddfe6550b18a8
-  SHA256: 3124b0411b8077605db2a9b7909d8240e0d554496600e2706e531c93c931e1b5
-  Sections:
-    .text:
-      Entropy: 5.976202989108171
-      Virtual Size: '0x7e8'
-    .rdata:
-      Entropy: 4.475236234610116
-      Virtual Size: '0x1bc'
-    .data:
-      Entropy: 0.5096713223407059
-      Virtual Size: '0x114'
-    .pdata:
-      Entropy: 3.2681217064915287
-      Virtual Size: '0x78'
-    INIT:
-      Entropy: 5.046663153942613
-      Virtual Size: '0x242'
-    .rsrc:
-      Entropy: 3.28531630148464
-      Virtual Size: '0x398'
-  Signature:
-  - MICRO-STAR INTERNATIONAL CO., LTD.
-  - GlobalSign CodeSigning CA - G2
-  - GlobalSign Root CA - R1
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G3
-      ValidFrom: '2012-05-01 00:00:00'
-      ValidTo: '2012-12-31 23:59:59'
-      Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
-      Version: 3
-      TBS:
-        MD5: e6d820afb23af20a65cf0b03247ea05e
-        SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
-        SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
-        SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL CO.,
-        LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL CO.,
-        LTD.
-      ValidFrom: '2011-08-30 06:46:09'
-      ValidTo: '2014-08-30 06:46:09'
-      Signature: 87bf57ab7ffd7e005076b34b14ddd924045ec7e389871661794f1ece1bef10e050893b28236cb650af1415f8cd95e86c2052d93311d73e0bbe6fb1c22ddea438a93c8b18bd4b8c0f81ad07032efb46d406bbaa730dd3ac92cbf0d9cc711a397a0e0320b213a5161e6be83ec69967a712b463129ea56d5a8ecd3ff8901be09dfaa0a0f10e879b307863e1b1c3a3149ac73bc3f3160db7012229b57bced6d47b875878663642a8cddd03da1e7f236b8cf16713a5e0f4c892aaca77a8c7dab41d84567e2bbf09b336a2824e0e18d54d199e6e024d2630bb210cd24a9ef4b377be0429e2ecc9bf8478a8c6a78c686e26f29c95925baee85e4bbb97b6eecffe44a25e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
-      Version: 3
-      TBS:
-        MD5: 3a98a18e8636f2a01e49e2a6d116c360
-        SHA1: a2938150e46525adcec2e3a2348824bc1cf532b2
-        SHA256: 01a2e2d31d0a4f3005753cce5972b5da2a7c08b0750fb6947e0fd231e64ae7ec
-        SHA384: 722398e51e6b5bbe064df372be6b6a9ccfcc9719ad775213cae46920e0a3e6c5a4dc8b912de3148abfc60ff4a59050ea
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: d6f977640d4810a784d152e4d3c63a6b
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 4f3fc3f46b55c66e36a411e0389d9740
-    SHA1: fed54cfff38966133b7fbc067246bbfca871118b
-    SHA256: 9a1d483d6ca994942533fcfe10c11b1725bbb9551e435476453a57ce7ff17029
-  Company: MSI
-  Copyright: Copyright (C) 2008-2009 MSI. All rights reserved.
-  CreationTimestamp: '2010-07-12 03:43:04'
-  Date: ''
-  Description: NTIOLib
-  ExportedFunctions: ''
-  FileVersion: 1.0.0.0
-  Filename: NTIOLib.sys
-  ImportedFunctions:
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - IoDeleteDevice
-  - IoCreateDevice
-  - KeBugCheckEx
-  - RtlInitUnicodeString
-  - IoCreateSymbolicLink
-  - IoDeleteSymbolicLink
-  - __C_specific_handler
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: NTIOLib.sys
-  MD5: 79483cb29a0c428e1362ec8642109eee
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: NTIOLib.sys
-  Product: NTIOLib
-  ProductVersion: 1.0.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 2ee757c19c3e831d8f872914fe1b1384
-    SHA1: 9c58163cf35d80dbe450b656a52ee9de12bc60d2
-    SHA256: c5a21f0ae765d60ce4e2189aa3ca90b603b75ac02d9a98d1ab04375ad398132c
-  SHA1: 414cd15d6c991d19fb5be02e3b9fb0e6c5ce731c
-  SHA256: 38fa0c663c8689048726666f1c5e019feaa9da8278f1df6ff62da33961891d2a
-  Sections:
-    .text:
-      Entropy: 6.008267655921238
-      Virtual Size: '0x794'
-    .rdata:
-      Entropy: 4.367965340454747
-      Virtual Size: '0x1b0'
-    .data:
-      Entropy: 0.5096713223407059
-      Virtual Size: '0x114'
-    .pdata:
-      Entropy: 3.217404746311882
-      Virtual Size: '0x6c'
-    INIT:
-      Entropy: 4.846887314724898
-      Virtual Size: '0x222'
-    .rsrc:
-      Entropy: 3.2498244109800973
-      Virtual Size: '0x370'
-  Signature:
-  - Micro-Star Int'l Co. Ltd.
-  - GlobalSign ObjectSign CA
-  - GlobalSign Primary Object Publishing CA
-  - GlobalSign
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
-        Primary Object Publishing CA
-      ValidFrom: '1999-01-28 12:00:00'
-      ValidTo: '2014-01-27 11:00:00'
-      Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9611cd6
-      Version: 3
-      TBS:
-        MD5: 698f075151097d84c0b1f3e7bc3d6fca
-        SHA1: 041750993d7c9e063f02dfe74699598640911aab
-        SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
-        SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
-    - Subject: C=TW, O=Micro,Star Int'l Co. Ltd., CN=Micro,Star Int'l Co. Ltd.
-      ValidFrom: '2008-08-28 09:49:45'
-      ValidTo: '2011-08-28 09:49:45'
-      Signature: 572df373e9b036711b3cf5ee882e5d75d8d50f012407cf0c1b554ff8f41c7b6477fa0b2ad579f2c1fe7b8b9d7374b690527c219eb979686fb67d0b4cf2885d8d7d1261f05cb72fe4c9f294c52aa05f3e5d1ceb0d77085dbd6af07978032505da666f353283a8982af26985e69c1599479945b591124183574b8a4cc34caa62e31b523dac3fedbd04951b3661399ed34f5c5868d9bbe3295fc09890d9521e1cdcae2ff129f547d4c8ce8aa08616107c555fac60e5b63c14ddfeb6962af3608b75d9c77c69260d8af9775b83afaa15b8ecef6840cb4ee87d451f9042b49735ea40931c0664c8c2bf6a139db6ac5b90edcea63a6bf5b54978f027b1046170d476d0
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0100000000011c08b7f67e
-      Version: 3
-      TBS:
-        MD5: 4566c37f56f951a0ce5b4ae966c0ea9f
-        SHA1: a51cbf2834eb6f8535bc5e44913a9ec979379782
-        SHA256: 88a8e9a799af515b9223e4cdf24d0ef1e72f12124be02786f026a3c26317b417
-        SHA384: d8d8769d5b6a0fe7c56fcde24c735475ee0e5d01c63dbf7690cdae5a3e251818bed42443d0c6424d39e81a19d6c83bdb
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      ValidFrom: '2004-01-22 09:00:00'
-      ValidTo: '2014-01-27 10:00:00'
-      Signature: 3c4a010267edf20a2e736e40252f1dccbc2db652141b27122cf1229e190a89b6ef352a29152b1a88c20f37168d2602d5e93080f608b9939ac0498f332c3035ff4ab9892aa75c38e761a778fe22851a07b4b9edcf21f25ddedff329c5d38d9e14c4285c88e590a300442912b23e759540244a6beee2d0ef862ddf6d741a4f1cc79424c443464f7b81015d23733cd9752e995361565e7ccd13e237d222e570f8a743f6154147fda24702c43651ca545da6cdcad61817533ff1d38e0f0aafda17941657a0991431c90e1611d2c04ca2a25978fbb6b933cff763c9d2c4c84953dd8a59525e7d3b385eed220360ac85cd58325dcdc31c07fa7ef67efbc8ac378be498
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000117ab50b915
-      Version: 3
-      TBS:
-        MD5: 5686b287d716c4d2428b092c4ef30f9c
-        SHA1: 306fb5fbeb3d531510bb4b663c4fd48adc121e14
-        SHA256: 60846fc990e271a707cd2d53d0bb21834a04f7652214aa0c12597ff6649d352d
-        SHA384: 6b37b28ca97b32a31b0fa53b5e961ae0f2d1aae2c5bf46de132e57834ee3968d9af7ad204821f9389cc4e0b5a8481fe8
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 0100000000011c08b7f67e
-      Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      Version: 1
-  Imphash: d6f977640d4810a784d152e4d3c63a6b
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: d3ef4e7146fce9f2a17134d42c07166b
-    SHA1: ee34907ac4afce04fe1bab85e68d7e743db05841
-    SHA256: a6bf32fafa57bcbb84b06db0d7d28e4b1457ead69c33fa883d5abe84ecd91b51
-  Company: MSI
-  Copyright: Copyright (C) 2008-2009 MSI. All rights reserved.
-  CreationTimestamp: '2012-10-25 04:27:58'
-  Date: ''
-  Description: NTIOLib
-  ExportedFunctions: ''
-  FileVersion: 1.0.0.0
-  Filename: NTIOLib.sys
-  ImportedFunctions:
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - IoDeleteDevice
-  - IoCreateDevice
-  - KeBugCheckEx
-  - RtlInitUnicodeString
-  - IoCreateSymbolicLink
-  - IoDeleteSymbolicLink
-  - __C_specific_handler
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: NTIOLib.sys
-  MD5: 23cf3da010497eb2bf39a5c5a57e437c
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: NTIOLib.sys
-  Product: NTIOLib
-  ProductVersion: 1.0.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 6c9272bb390e89b75934eea3b15a1858
-    SHA1: 16dab615286d22f060143bb9316a28122f8e4d1b
-    SHA256: 4a41cc91e3a5794be7d9088e93b0277f123a88d3b6568c5f92fe084bb5c78b4a
-  SHA1: d9c09dd725bc7bc3c19b4db37866015817a516ef
-  SHA256: 39cfde7d401efce4f550e0a9461f5fc4d71fa07235e1336e4f0b4882bd76550e
-  Sections:
-    .text:
-      Entropy: 6.008267655921238
-      Virtual Size: '0x794'
-    .rdata:
-      Entropy: 4.0381557239580514
-      Virtual Size: '0x184'
-    .data:
-      Entropy: 0.5096713223407059
-      Virtual Size: '0x114'
-    .pdata:
-      Entropy: 3.2568923621127186
-      Virtual Size: '0x6c'
-    INIT:
-      Entropy: 4.859566382396186
-      Virtual Size: '0x222'
-    .rsrc:
-      Entropy: 3.2498244109800973
-      Virtual Size: '0x370'
-  Signature:
-  - MICRO-STAR INTERNATIONAL CO., LTD.
-  - GlobalSign CodeSigning CA - G2
-  - GlobalSign Root CA - R1
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G3
-      ValidFrom: '2012-05-01 00:00:00'
-      ValidTo: '2012-12-31 23:59:59'
-      Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
-      Version: 3
-      TBS:
-        MD5: e6d820afb23af20a65cf0b03247ea05e
-        SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
-        SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
-        SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL CO.,
-        LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL CO.,
-        LTD.
-      ValidFrom: '2011-08-30 06:46:09'
-      ValidTo: '2014-08-30 06:46:09'
-      Signature: 87bf57ab7ffd7e005076b34b14ddd924045ec7e389871661794f1ece1bef10e050893b28236cb650af1415f8cd95e86c2052d93311d73e0bbe6fb1c22ddea438a93c8b18bd4b8c0f81ad07032efb46d406bbaa730dd3ac92cbf0d9cc711a397a0e0320b213a5161e6be83ec69967a712b463129ea56d5a8ecd3ff8901be09dfaa0a0f10e879b307863e1b1c3a3149ac73bc3f3160db7012229b57bced6d47b875878663642a8cddd03da1e7f236b8cf16713a5e0f4c892aaca77a8c7dab41d84567e2bbf09b336a2824e0e18d54d199e6e024d2630bb210cd24a9ef4b377be0429e2ecc9bf8478a8c6a78c686e26f29c95925baee85e4bbb97b6eecffe44a25e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
-      Version: 3
-      TBS:
-        MD5: 3a98a18e8636f2a01e49e2a6d116c360
-        SHA1: a2938150e46525adcec2e3a2348824bc1cf532b2
-        SHA256: 01a2e2d31d0a4f3005753cce5972b5da2a7c08b0750fb6947e0fd231e64ae7ec
-        SHA384: 722398e51e6b5bbe064df372be6b6a9ccfcc9719ad775213cae46920e0a3e6c5a4dc8b912de3148abfc60ff4a59050ea
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: d6f977640d4810a784d152e4d3c63a6b
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: ff9b15a51f11874a9abe7a1b9f4cfd0d
-    SHA1: 0d3956de7c3a7788727358867abf34880eaa7100
-    SHA256: cf3ec8972720f84d73e907bb293de40468a0d605ce0da658a786f7b4842b3c62
-  Company: MSI
-  Copyright: Copyright (C) 2011-2012 MSI. All rights reserved.
-  CreationTimestamp: '2014-01-05 23:15:54'
-  Date: ''
-  Description: NTIOLib For NTIOLib_ECO
-  ExportedFunctions: ''
-  FileVersion: 1.0.0.2
-  Filename: NTIOLib.sys
-  ImportedFunctions:
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - IoDeleteDevice
-  - IoCreateDevice
-  - KeBugCheckEx
-  - RtlInitUnicodeString
-  - IoCreateSymbolicLink
-  - IoDeleteSymbolicLink
-  - __C_specific_handler
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: NTIOLib.sys
-  MD5: 9638f265b1ddd5da6ecdf5c0619dcbe6
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: NTIOLib.sys
-  Product: NTIOLib
-  ProductVersion: 1.0.0.2
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 41ddd08b440611823bc5d8cb732c563d
-    SHA1: 8acdfc9ac988c6250e2a031640f6e169b5fddb73
-    SHA256: 189683b4db2e68d2f0b3f91f1141907b3887f23991867a68a22389d40ad3634e
-  SHA1: 9c256edd10823ca76c0443a330e523027b70522d
-  SHA256: 3d9e83b189fcf5c3541c62d1f54a0da0a4e5b62c3243d2989afc46644056c8e3
-  Sections:
-    .text:
-      Entropy: 5.96152964311516
-      Virtual Size: '0x7c0'
-    .rdata:
-      Entropy: 4.035248794842369
-      Virtual Size: '0x184'
-    .data:
-      Entropy: 0.5096713223407059
-      Virtual Size: '0x114'
-    .pdata:
-      Entropy: 3.362663189557749
-      Virtual Size: '0x78'
-    INIT:
-      Entropy: 5.046663153942613
-      Virtual Size: '0x242'
-    .rsrc:
-      Entropy: 3.2737427387952023
-      Virtual Size: '0x390'
-  Signature:
-  - MICRO-STAR INTERNATIONAL CO., LTD.
-  - GlobalSign CodeSigning CA - G2
-  - GlobalSign Root CA - R1
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL CO.,
-        LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL CO.,
-        LTD.
-      ValidFrom: '2011-08-30 06:46:09'
-      ValidTo: '2014-08-30 06:46:09'
-      Signature: 87bf57ab7ffd7e005076b34b14ddd924045ec7e389871661794f1ece1bef10e050893b28236cb650af1415f8cd95e86c2052d93311d73e0bbe6fb1c22ddea438a93c8b18bd4b8c0f81ad07032efb46d406bbaa730dd3ac92cbf0d9cc711a397a0e0320b213a5161e6be83ec69967a712b463129ea56d5a8ecd3ff8901be09dfaa0a0f10e879b307863e1b1c3a3149ac73bc3f3160db7012229b57bced6d47b875878663642a8cddd03da1e7f236b8cf16713a5e0f4c892aaca77a8c7dab41d84567e2bbf09b336a2824e0e18d54d199e6e024d2630bb210cd24a9ef4b377be0429e2ecc9bf8478a8c6a78c686e26f29c95925baee85e4bbb97b6eecffe44a25e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
-      Version: 3
-      TBS:
-        MD5: 3a98a18e8636f2a01e49e2a6d116c360
-        SHA1: a2938150e46525adcec2e3a2348824bc1cf532b2
-        SHA256: 01a2e2d31d0a4f3005753cce5972b5da2a7c08b0750fb6947e0fd231e64ae7ec
-        SHA384: 722398e51e6b5bbe064df372be6b6a9ccfcc9719ad775213cae46920e0a3e6c5a4dc8b912de3148abfc60ff4a59050ea
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: d6f977640d4810a784d152e4d3c63a6b
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 2d87365d63e81ef0edc577bf0cb33995
-    SHA1: b472d32094e258b2af60914db8604cd0bf439c4b
-    SHA256: d33f19a12cd8e8649a56ce2a41e2b56d2ed80f203e5ededc4114c78ef773ffa8
-  Company: MSI
-  Copyright: Copyright (C) 2008-2009 MSI. All rights reserved.
-  CreationTimestamp: '2015-11-23 23:34:45'
-  Date: ''
-  Description: NTIOLib
-  ExportedFunctions: ''
-  FileVersion: 1.0.0.0
-  Filename: NTIOLib.sys
-  ImportedFunctions:
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - IoDeleteDevice
-  - IoCreateDevice
-  - KeBugCheckEx
-  - RtlInitUnicodeString
-  - IoCreateSymbolicLink
-  - IoDeleteSymbolicLink
-  - __C_specific_handler
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: NTIOLib.sys
-  MD5: f2f728d2f69765f5dfda913d407783d2
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: NTIOLib.sys
-  Product: NTIOLib
-  ProductVersion: 1.0.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 41ddd08b440611823bc5d8cb732c563d
-    SHA1: 8acdfc9ac988c6250e2a031640f6e169b5fddb73
-    SHA256: 189683b4db2e68d2f0b3f91f1141907b3887f23991867a68a22389d40ad3634e
-  SHA1: 35829e096a15e559fcbabf3441d99e580ca3b26e
-  SHA256: 3f2fda9a7a9c57b7138687bbce49a2e156d6095dddabb3454ea09737e02c3fa5
-  Sections:
-    .text:
-      Entropy: 5.973820627052045
-      Virtual Size: '0x7b2'
-    .rdata:
-      Entropy: 4.093549068276716
-      Virtual Size: '0x18c'
-    .data:
-      Entropy: 0.5096713223407059
-      Virtual Size: '0x114'
-    .pdata:
-      Entropy: 3.3271014689815064
-      Virtual Size: '0x78'
-    INIT:
-      Entropy: 5.046663153942613
-      Virtual Size: '0x242'
-    .rsrc:
-      Entropy: 3.2498244109800973
-      Virtual Size: '0x370'
-  Signature:
-  - MICRO-STAR INTERNATIONAL CO., LTD.
-  - GlobalSign CodeSigning CA - G2
-  - GlobalSign Root CA - R1
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2011-04-15 19:55:08'
-      ValidTo: '2021-04-15 20:05:08'
-      Signature: 5ff8d065746a81c6a6ca5b03b6914ae84bbdef2ba142f0efb4a5adcd3389ec0b9585ac62501108aa58d25aa08310e5a6337af25af2c5fe787cf09c83df190ad97396002dd62ccde914d41d9de83f3c1a76f7904efb01350a6c9313a0c356eb67a0e4d17a96dec267f190f80a7bf5321b94ec5f751f8d1b34da6c58a7cb2d279e2226b7c9aa30cc0777b836e38201b5393ccc8dd9a75f7f23b3877fdb5798918bd7ce2520e39d644fdd87f72b68490318e0a5df7c5f68644d36838d4781f2e9e0a869abfa7b163c05a449ea8830190a6c73055178dfd41ddd3ad47f2de44e54be83431e7a7433b4a4ebd77073bc2a02988966eef6bc8f749378e329025a5a43e258ce7ccf9acad236893be25fda26054ec8d4e72c910e1797c5beee8b13112323294ffa83d050f6bafad53db3173df4ff034aa325dce67561d1fa35086bd62744d068b78d45e0eb852cc8a15d614474160e5958aed2b5eea5bcd6d7076ab62978fd976767dd8d4f17944fd2ed0caf972437c3a29c81da6be143b6577b4cecbf791319e79fe844e94781b75e701e91f83dd17b27f50b7056434805dda92fab86101d0b12e31ad04c6e75ded645b30b748887935c564a41029af7aeb799d8b67f88fa11f2457cf4d71b91c01cf1a0fbd4080a411a142acef4eb34486e66879ed54b7a397fbb0e3d3861cf735706e412066bd96b5308cd7018c22d4f974691bca9f0
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 6129152700000000002a
-      Version: 3
-      TBS:
-        MD5: 0bb058d116f02817737920f112d9fd3b
-        SHA1: fd116235171a4feafedee586b7a59185fb5fd7e6
-        SHA256: f970426cc46d2ae0fc5f899fa19dbe76e05f07e525654c60c3c9399492c291f4
-        SHA384: c0df876be008c26ca407fe904e6f5e7ccded17f9c16830ce9f8022309c9e64c97f494810f152811ae43e223b82ad7cc6
-    - Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL CO.,
-        LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL CO.,
-        LTD.
-      ValidFrom: '2014-06-03 09:16:15'
-      ValidTo: '2017-09-03 09:16:15'
-      Signature: 8c35a5b5d3503f50119ab8f99b07a4bb4b71cafaf983206f744545c2997ae1762032fa2d37f4780cfe83bfa999d7bcbd863dc4a51ff39978160e2e191482ae6d7f08e8ffa337c96d8c2d38ddf476a497265a890c1bbf0dee89b1abd32343889a3757732d205ba06525fa8f6e15005405a53e55cef71ac0b6af3a640e4c8aef5e950ab8a8b5c8bcddb2ade96ad9473a3d860ae16fdbe3362cabfd916da089167d906d378dbf4534f7ffb77d87baba29f8f5bbbd9b4b7c127ac170a270dc7a7272d38fdf3bbadbfb448d47e5dd4d310a588666a0d66762e1b3704b1e00e39739190c02f4b981cf2d27ba07d2472ec320edf29e263f26278995d162102968c999b3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112158044863e4dc19cf29a85668b7f45842
-      Version: 3
-      TBS:
-        MD5: 403bb44a62aed1a94bd5df05b3292482
-        SHA1: e4a0353e75940ab1e8cbff2f433f186c7f0b0f09
-        SHA256: 5b81998ed98b343c04134c336e03f3051779eae0e9f882e8339593d18556375d
-        SHA384: db0076cad41a0ef4ea68754ef6905bd5ff772adcb745b05c0060344e43588abc95952dc3ad272f5a8f17b206e4089aca
-    Signer:
-    - SerialNumber: 112158044863e4dc19cf29a85668b7f45842
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: d6f977640d4810a784d152e4d3c63a6b
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 1d0d0ef174a767359bb32e53fe346416
-    SHA1: 4dbbf2558cdbdaf4a5e5ec65e844f5abdace5514
-    SHA256: 809403706c3669a0d67bd35a87f66714989d1bc66e2aa6ca5979781ae3c4fdb0
-  Company: MSI
-  Copyright: Copyright (C) 2008-2009 MSI. All rights reserved.
-  CreationTimestamp: '2012-10-25 19:46:44'
-  Date: ''
-  Description: NTIOLib
-  ExportedFunctions: ''
-  FileVersion: 1.0.0.0
-  Filename: NTIOLib.sys
-  ImportedFunctions:
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - IoDeleteDevice
-  - IoCreateDevice
-  - KeBugCheckEx
-  - RtlInitUnicodeString
-  - IoCreateSymbolicLink
-  - IoDeleteSymbolicLink
-  - __C_specific_handler
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: NTIOLib.sys
-  MD5: 992ded5b623be3c228f32edb4ca3f2d2
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: NTIOLib.sys
-  Product: NTIOLib
-  ProductVersion: 1.0.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 39c75f9f5960f67f8cc161923c9e27de
-    SHA1: 04563d9ba3a46a4a80e909593385d142161e460f
-    SHA256: 160c6345935fc4df2858df076b6075d17a8f8adec1d01711474d4221fe4168a8
-  SHA1: b8de3a1aeeda9deea43e3f768071125851c85bd0
-  SHA256: 47f0cdaa2359a63ad1389ef4a635f1f6eee1f63bdf6ef177f114bdcdadc2e005
-  Sections:
-    .text:
-      Entropy: 5.971571035043868
-      Virtual Size: '0x7aa'
-    .rdata:
-      Entropy: 4.33479813403352
-      Virtual Size: '0x1ac'
-    .data:
-      Entropy: 0.5096713223407059
-      Virtual Size: '0x114'
-    .pdata:
-      Entropy: 3.21881588635179
-      Virtual Size: '0x78'
-    INIT:
-      Entropy: 5.022741972184718
-      Virtual Size: '0x242'
-    .rsrc:
-      Entropy: 3.2498244109800973
-      Virtual Size: '0x370'
-  Signature:
-  - MICRO-STAR INTERNATIONAL CO., LTD.
-  - GlobalSign CodeSigning CA - G2
-  - GlobalSign Root CA - R1
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G3
-      ValidFrom: '2012-05-01 00:00:00'
-      ValidTo: '2012-12-31 23:59:59'
-      Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
-      Version: 3
-      TBS:
-        MD5: e6d820afb23af20a65cf0b03247ea05e
-        SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
-        SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
-        SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL CO.,
-        LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL CO.,
-        LTD.
-      ValidFrom: '2011-08-30 06:46:09'
-      ValidTo: '2014-08-30 06:46:09'
-      Signature: 87bf57ab7ffd7e005076b34b14ddd924045ec7e389871661794f1ece1bef10e050893b28236cb650af1415f8cd95e86c2052d93311d73e0bbe6fb1c22ddea438a93c8b18bd4b8c0f81ad07032efb46d406bbaa730dd3ac92cbf0d9cc711a397a0e0320b213a5161e6be83ec69967a712b463129ea56d5a8ecd3ff8901be09dfaa0a0f10e879b307863e1b1c3a3149ac73bc3f3160db7012229b57bced6d47b875878663642a8cddd03da1e7f236b8cf16713a5e0f4c892aaca77a8c7dab41d84567e2bbf09b336a2824e0e18d54d199e6e024d2630bb210cd24a9ef4b377be0429e2ecc9bf8478a8c6a78c686e26f29c95925baee85e4bbb97b6eecffe44a25e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
-      Version: 3
-      TBS:
-        MD5: 3a98a18e8636f2a01e49e2a6d116c360
-        SHA1: a2938150e46525adcec2e3a2348824bc1cf532b2
-        SHA256: 01a2e2d31d0a4f3005753cce5972b5da2a7c08b0750fb6947e0fd231e64ae7ec
-        SHA384: 722398e51e6b5bbe064df372be6b6a9ccfcc9719ad775213cae46920e0a3e6c5a4dc8b912de3148abfc60ff4a59050ea
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: d6f977640d4810a784d152e4d3c63a6b
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 922f6d3d0dda7748bad7a537a8bc9e4e
-    SHA1: 71355d9ebcf35492b60c3f936550d30310a31049
-    SHA256: 9d734d6443a707d601d76577692dc613b35201518856d0189b037f7a4fbd420d
-  Company: MSI
-  Copyright: Copyright (C) 2008-2009 MSI. All rights reserved.
-  CreationTimestamp: '2009-10-04 19:28:48'
-  Date: ''
-  Description: NTIOLib
-  ExportedFunctions: ''
-  FileVersion: 1.0.0.0
-  Filename: NTIOLib.sys
-  ImportedFunctions:
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - IoDeleteDevice
-  - IoCreateDevice
-  - KeBugCheckEx
-  - RtlInitUnicodeString
-  - IoCreateSymbolicLink
-  - IoDeleteSymbolicLink
-  - __C_specific_handler
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: NTIOLib.sys
-  MD5: c3fea895fe95ea7a57d9f4d7abed5e71
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: NTIOLib.sys
-  Product: NTIOLib
-  ProductVersion: 1.0.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 2ee757c19c3e831d8f872914fe1b1384
-    SHA1: 9c58163cf35d80dbe450b656a52ee9de12bc60d2
-    SHA256: c5a21f0ae765d60ce4e2189aa3ca90b603b75ac02d9a98d1ab04375ad398132c
-  SHA1: 054a50293c7b4eea064c91ef59cf120d8100f237
-  SHA256: 50d5eaa168c077ce5b7f15b3f2c43bd2b86b07b1e926c1b332f8cb13bd2e0793
-  Sections:
-    .text:
-      Entropy: 6.010356299493828
-      Virtual Size: '0x794'
-    .rdata:
-      Entropy: 4.383466469193105
-      Virtual Size: '0x1b4'
-    .data:
-      Entropy: 0.5096713223407059
-      Virtual Size: '0x114'
-    .pdata:
-      Entropy: 3.168838889850432
-      Virtual Size: '0x6c'
-    INIT:
-      Entropy: 4.846887314724898
-      Virtual Size: '0x222'
-    .rsrc:
-      Entropy: 3.2498244109800973
-      Virtual Size: '0x370'
-  Signature:
-  - Micro-Star Int'l Co. Ltd.
-  - GlobalSign ObjectSign CA
-  - GlobalSign Primary Object Publishing CA
-  - GlobalSign Root CA - R1
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
-        Primary Object Publishing CA
-      ValidFrom: '1999-01-28 12:00:00'
-      ValidTo: '2014-01-27 11:00:00'
-      Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9611cd6
-      Version: 3
-      TBS:
-        MD5: 698f075151097d84c0b1f3e7bc3d6fca
-        SHA1: 041750993d7c9e063f02dfe74699598640911aab
-        SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
-        SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
-    - Subject: C=TW, O=Micro,Star Int'l Co. Ltd., CN=Micro,Star Int'l Co. Ltd.
-      ValidFrom: '2008-08-28 09:49:45'
-      ValidTo: '2011-08-28 09:49:45'
-      Signature: 572df373e9b036711b3cf5ee882e5d75d8d50f012407cf0c1b554ff8f41c7b6477fa0b2ad579f2c1fe7b8b9d7374b690527c219eb979686fb67d0b4cf2885d8d7d1261f05cb72fe4c9f294c52aa05f3e5d1ceb0d77085dbd6af07978032505da666f353283a8982af26985e69c1599479945b591124183574b8a4cc34caa62e31b523dac3fedbd04951b3661399ed34f5c5868d9bbe3295fc09890d9521e1cdcae2ff129f547d4c8ce8aa08616107c555fac60e5b63c14ddfeb6962af3608b75d9c77c69260d8af9775b83afaa15b8ecef6840cb4ee87d451f9042b49735ea40931c0664c8c2bf6a139db6ac5b90edcea63a6bf5b54978f027b1046170d476d0
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0100000000011c08b7f67e
-      Version: 3
-      TBS:
-        MD5: 4566c37f56f951a0ce5b4ae966c0ea9f
-        SHA1: a51cbf2834eb6f8535bc5e44913a9ec979379782
-        SHA256: 88a8e9a799af515b9223e4cdf24d0ef1e72f12124be02786f026a3c26317b417
-        SHA384: d8d8769d5b6a0fe7c56fcde24c735475ee0e5d01c63dbf7690cdae5a3e251818bed42443d0c6424d39e81a19d6c83bdb
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      ValidFrom: '2004-01-22 09:00:00'
-      ValidTo: '2014-01-27 10:00:00'
-      Signature: 3c4a010267edf20a2e736e40252f1dccbc2db652141b27122cf1229e190a89b6ef352a29152b1a88c20f37168d2602d5e93080f608b9939ac0498f332c3035ff4ab9892aa75c38e761a778fe22851a07b4b9edcf21f25ddedff329c5d38d9e14c4285c88e590a300442912b23e759540244a6beee2d0ef862ddf6d741a4f1cc79424c443464f7b81015d23733cd9752e995361565e7ccd13e237d222e570f8a743f6154147fda24702c43651ca545da6cdcad61817533ff1d38e0f0aafda17941657a0991431c90e1611d2c04ca2a25978fbb6b933cff763c9d2c4c84953dd8a59525e7d3b385eed220360ac85cd58325dcdc31c07fa7ef67efbc8ac378be498
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000117ab50b915
-      Version: 3
-      TBS:
-        MD5: 5686b287d716c4d2428b092c4ef30f9c
-        SHA1: 306fb5fbeb3d531510bb4b663c4fd48adc121e14
-        SHA256: 60846fc990e271a707cd2d53d0bb21834a04f7652214aa0c12597ff6649d352d
-        SHA384: 6b37b28ca97b32a31b0fa53b5e961ae0f2d1aae2c5bf46de132e57834ee3968d9af7ad204821f9389cc4e0b5a8481fe8
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 0100000000011c08b7f67e
-      Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      Version: 1
-  Imphash: d6f977640d4810a784d152e4d3c63a6b
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: c6830e904e56ea951005ea7639eedd35
-    SHA1: c57c0dd18135bca5fdb094858a70033c006cd281
-    SHA256: 4a05ad47cd63932b3df2d0f1f42617321729772211bec651fe061140d3e75957
-  Company: MSI
-  Copyright: Copyright (C) 2008-2009 MSI. All rights reserved.
-  CreationTimestamp: '2011-01-05 20:05:14'
-  Date: ''
-  Description: NTIOLib
-  ExportedFunctions: ''
-  FileVersion: 1.0.0.0
-  Filename: NTIOLib.sys
-  ImportedFunctions:
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - IoDeleteDevice
-  - IoCreateDevice
-  - KeBugCheckEx
-  - RtlInitUnicodeString
-  - IoCreateSymbolicLink
-  - IoDeleteSymbolicLink
-  - __C_specific_handler
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: NTIOLib.sys
-  MD5: 0395b4e0eb21693590ad1cfdf7044b8b
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: NTIOLib.sys
-  Product: NTIOLib
-  ProductVersion: 1.0.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 2ee757c19c3e831d8f872914fe1b1384
-    SHA1: 9c58163cf35d80dbe450b656a52ee9de12bc60d2
-    SHA256: c5a21f0ae765d60ce4e2189aa3ca90b603b75ac02d9a98d1ab04375ad398132c
-  SHA1: d94f2fb3198e14bfe69b44fb9f00f2551f7248b2
-  SHA256: 56a3c9ac137d862a85b4004f043d46542a1b61c6acb438098a9640469e2d80e7
-  Sections:
-    .text:
-      Entropy: 6.012418155163931
-      Virtual Size: '0x794'
-    .rdata:
-      Entropy: 4.38104344738678
-      Virtual Size: '0x1b0'
-    .data:
-      Entropy: 0.5096713223407059
-      Virtual Size: '0x114'
-    .pdata:
-      Entropy: 3.217404746311882
-      Virtual Size: '0x6c'
-    INIT:
-      Entropy: 4.846887314724898
-      Virtual Size: '0x222'
-    .rsrc:
-      Entropy: 3.2498244109800973
-      Virtual Size: '0x370'
-  Signature:
-  - MICRO-STAR INTERNATIONAL CO., LTD.
-  - GlobalSign CodeSigning CA - G2
-  - GlobalSign Root CA - R1
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL CO.,
-        LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL CO.,
-        LTD.
-      ValidFrom: '2011-08-30 06:46:09'
-      ValidTo: '2014-08-30 06:46:09'
-      Signature: 87bf57ab7ffd7e005076b34b14ddd924045ec7e389871661794f1ece1bef10e050893b28236cb650af1415f8cd95e86c2052d93311d73e0bbe6fb1c22ddea438a93c8b18bd4b8c0f81ad07032efb46d406bbaa730dd3ac92cbf0d9cc711a397a0e0320b213a5161e6be83ec69967a712b463129ea56d5a8ecd3ff8901be09dfaa0a0f10e879b307863e1b1c3a3149ac73bc3f3160db7012229b57bced6d47b875878663642a8cddd03da1e7f236b8cf16713a5e0f4c892aaca77a8c7dab41d84567e2bbf09b336a2824e0e18d54d199e6e024d2630bb210cd24a9ef4b377be0429e2ecc9bf8478a8c6a78c686e26f29c95925baee85e4bbb97b6eecffe44a25e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
-      Version: 3
-      TBS:
-        MD5: 3a98a18e8636f2a01e49e2a6d116c360
-        SHA1: a2938150e46525adcec2e3a2348824bc1cf532b2
-        SHA256: 01a2e2d31d0a4f3005753cce5972b5da2a7c08b0750fb6947e0fd231e64ae7ec
-        SHA384: 722398e51e6b5bbe064df372be6b6a9ccfcc9719ad775213cae46920e0a3e6c5a4dc8b912de3148abfc60ff4a59050ea
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: d6f977640d4810a784d152e4d3c63a6b
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 3b7d9b57810ca80137223615a97635e0
-    SHA1: 8d9f65a6a9048ec91dd010216071c4ec983887c7
-    SHA256: 4e92baa37cd8b665ca0851f8442766aaf3b96fa61ea137d5972d5eb059389a05
-  Company: MSI
-  Copyright: Copyright (C) 2008-2009 MSI. All rights reserved.
-  CreationTimestamp: '2012-11-20 01:19:18'
-  Date: ''
-  Description: NTIOLib For MSIRatio_CC
-  ExportedFunctions: ''
-  FileVersion: 1.0.0.0
-  Filename: NTIOLib.sys
-  ImportedFunctions:
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - IoDeleteDevice
-  - IoCreateDevice
-  - KeBugCheckEx
-  - RtlInitUnicodeString
-  - IoCreateSymbolicLink
-  - IoDeleteSymbolicLink
-  - __C_specific_handler
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: NTIOLib.sys
-  MD5: 68dde686d6999ad2e5d182b20403240b
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: NTIOLib.sys
-  Product: NTIOLib
-  ProductVersion: 1.0.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 39c75f9f5960f67f8cc161923c9e27de
-    SHA1: 04563d9ba3a46a4a80e909593385d142161e460f
-    SHA256: 160c6345935fc4df2858df076b6075d17a8f8adec1d01711474d4221fe4168a8
-  SHA1: 01a578a3a39697c4de8e3dab04dba55a4c35163e
-  SHA256: 591bd5e92dfa0117b3daa29750e73e2db25baa717c31217539d30ffb1f7f3a52
-  Sections:
-    .text:
-      Entropy: 5.961728375737623
-      Virtual Size: '0x7e0'
-    .rdata:
-      Entropy: 4.419381794164025
-      Virtual Size: '0x1b8'
-    .data:
-      Entropy: 0.5096713223407059
-      Virtual Size: '0x114'
-    .pdata:
-      Entropy: 3.333607461074226
-      Virtual Size: '0x78'
-    INIT:
-      Entropy: 5.022741972184718
-      Virtual Size: '0x242'
-    .rsrc:
-      Entropy: 3.2695871327423482
-      Virtual Size: '0x390'
-  Signature:
-  - MICRO-STAR INTERNATIONAL CO., LTD.
-  - GlobalSign CodeSigning CA - G2
-  - GlobalSign Root CA - R1
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G3
-      ValidFrom: '2012-05-01 00:00:00'
-      ValidTo: '2012-12-31 23:59:59'
-      Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
-      Version: 3
-      TBS:
-        MD5: e6d820afb23af20a65cf0b03247ea05e
-        SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
-        SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
-        SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL CO.,
-        LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL CO.,
-        LTD.
-      ValidFrom: '2011-08-30 06:46:09'
-      ValidTo: '2014-08-30 06:46:09'
-      Signature: 87bf57ab7ffd7e005076b34b14ddd924045ec7e389871661794f1ece1bef10e050893b28236cb650af1415f8cd95e86c2052d93311d73e0bbe6fb1c22ddea438a93c8b18bd4b8c0f81ad07032efb46d406bbaa730dd3ac92cbf0d9cc711a397a0e0320b213a5161e6be83ec69967a712b463129ea56d5a8ecd3ff8901be09dfaa0a0f10e879b307863e1b1c3a3149ac73bc3f3160db7012229b57bced6d47b875878663642a8cddd03da1e7f236b8cf16713a5e0f4c892aaca77a8c7dab41d84567e2bbf09b336a2824e0e18d54d199e6e024d2630bb210cd24a9ef4b377be0429e2ecc9bf8478a8c6a78c686e26f29c95925baee85e4bbb97b6eecffe44a25e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
-      Version: 3
-      TBS:
-        MD5: 3a98a18e8636f2a01e49e2a6d116c360
-        SHA1: a2938150e46525adcec2e3a2348824bc1cf532b2
-        SHA256: 01a2e2d31d0a4f3005753cce5972b5da2a7c08b0750fb6947e0fd231e64ae7ec
-        SHA384: 722398e51e6b5bbe064df372be6b6a9ccfcc9719ad775213cae46920e0a3e6c5a4dc8b912de3148abfc60ff4a59050ea
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: d6f977640d4810a784d152e4d3c63a6b
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 066bcfa3fdd0925385faf92debce887c
-    SHA1: a2948b9d2e2ee9f4929b39acad6c850ea70dd34c
-    SHA256: 7fa5c326b294f4fc537207a27947c2fcbbfa4eabde1ba4727c92cd8613e0fc7f
-  Company: MSI
-  Copyright: Copyright (C) 2014 MSI. All rights reserved.
-  CreationTimestamp: '2014-07-08 20:05:01'
-  Date: ''
-  Description: NTIOLib_X64
-  ExportedFunctions: ''
-  FileVersion: 1.0.0.1
-  Filename: NTIOLib.sys
-  ImportedFunctions:
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - IoDeleteDevice
-  - IoCreateDevice
-  - KeBugCheckEx
-  - RtlInitUnicodeString
-  - IoCreateSymbolicLink
-  - IoDeleteSymbolicLink
-  - __C_specific_handler
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: NTIOLib_X64.sys
-  MD5: 34069a15ae3aa0e879cd0d81708e4bcc
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: NTIOLib_X64.sys
-  Product: NTIOLib_X64
-  ProductVersion: 1.0.0.1
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 41ddd08b440611823bc5d8cb732c563d
-    SHA1: 8acdfc9ac988c6250e2a031640f6e169b5fddb73
-    SHA256: 189683b4db2e68d2f0b3f91f1141907b3887f23991867a68a22389d40ad3634e
-  SHA1: 14bf0eaa90e012169745b3e30c281a327751e316
-  SHA256: 5d530e111400785d183057113d70623e17af32931668ab7c7fc826f0fd4f91a3
-  Sections:
-    .text:
-      Entropy: 5.983528095962123
-      Virtual Size: '0x7b4'
-    .rdata:
-      Entropy: 4.153120300926222
-      Virtual Size: '0x194'
-    .data:
-      Entropy: 0.5096713223407059
-      Virtual Size: '0x114'
-    .pdata:
-      Entropy: 3.370810739796811
-      Virtual Size: '0x78'
-    INIT:
-      Entropy: 5.046663153942613
-      Virtual Size: '0x242'
-    .rsrc:
-      Entropy: 3.2961638366069916
-      Virtual Size: '0x388'
-  Signature:
-  - MICRO-STAR INTERNATIONAL CO.
-  - GlobalSign CodeSigning CA - G2
-  - GlobalSign
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2011-04-15 19:55:08'
-      ValidTo: '2021-04-15 20:05:08'
-      Signature: 5ff8d065746a81c6a6ca5b03b6914ae84bbdef2ba142f0efb4a5adcd3389ec0b9585ac62501108aa58d25aa08310e5a6337af25af2c5fe787cf09c83df190ad97396002dd62ccde914d41d9de83f3c1a76f7904efb01350a6c9313a0c356eb67a0e4d17a96dec267f190f80a7bf5321b94ec5f751f8d1b34da6c58a7cb2d279e2226b7c9aa30cc0777b836e38201b5393ccc8dd9a75f7f23b3877fdb5798918bd7ce2520e39d644fdd87f72b68490318e0a5df7c5f68644d36838d4781f2e9e0a869abfa7b163c05a449ea8830190a6c73055178dfd41ddd3ad47f2de44e54be83431e7a7433b4a4ebd77073bc2a02988966eef6bc8f749378e329025a5a43e258ce7ccf9acad236893be25fda26054ec8d4e72c910e1797c5beee8b13112323294ffa83d050f6bafad53db3173df4ff034aa325dce67561d1fa35086bd62744d068b78d45e0eb852cc8a15d614474160e5958aed2b5eea5bcd6d7076ab62978fd976767dd8d4f17944fd2ed0caf972437c3a29c81da6be143b6577b4cecbf791319e79fe844e94781b75e701e91f83dd17b27f50b7056434805dda92fab86101d0b12e31ad04c6e75ded645b30b748887935c564a41029af7aeb799d8b67f88fa11f2457cf4d71b91c01cf1a0fbd4080a411a142acef4eb34486e66879ed54b7a397fbb0e3d3861cf735706e412066bd96b5308cd7018c22d4f974691bca9f0
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 6129152700000000002a
-      Version: 3
-      TBS:
-        MD5: 0bb058d116f02817737920f112d9fd3b
-        SHA1: fd116235171a4feafedee586b7a59185fb5fd7e6
-        SHA256: f970426cc46d2ae0fc5f899fa19dbe76e05f07e525654c60c3c9399492c291f4
-        SHA384: c0df876be008c26ca407fe904e6f5e7ccded17f9c16830ce9f8022309c9e64c97f494810f152811ae43e223b82ad7cc6
-    - Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL CO.,
-        LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL CO.,
-        LTD.
-      ValidFrom: '2014-06-03 09:16:15'
-      ValidTo: '2017-09-03 09:16:15'
-      Signature: 8c35a5b5d3503f50119ab8f99b07a4bb4b71cafaf983206f744545c2997ae1762032fa2d37f4780cfe83bfa999d7bcbd863dc4a51ff39978160e2e191482ae6d7f08e8ffa337c96d8c2d38ddf476a497265a890c1bbf0dee89b1abd32343889a3757732d205ba06525fa8f6e15005405a53e55cef71ac0b6af3a640e4c8aef5e950ab8a8b5c8bcddb2ade96ad9473a3d860ae16fdbe3362cabfd916da089167d906d378dbf4534f7ffb77d87baba29f8f5bbbd9b4b7c127ac170a270dc7a7272d38fdf3bbadbfb448d47e5dd4d310a588666a0d66762e1b3704b1e00e39739190c02f4b981cf2d27ba07d2472ec320edf29e263f26278995d162102968c999b3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112158044863e4dc19cf29a85668b7f45842
-      Version: 3
-      TBS:
-        MD5: 403bb44a62aed1a94bd5df05b3292482
-        SHA1: e4a0353e75940ab1e8cbff2f433f186c7f0b0f09
-        SHA256: 5b81998ed98b343c04134c336e03f3051779eae0e9f882e8339593d18556375d
-        SHA384: db0076cad41a0ef4ea68754ef6905bd5ff772adcb745b05c0060344e43588abc95952dc3ad272f5a8f17b206e4089aca
-    Signer:
-    - SerialNumber: 112158044863e4dc19cf29a85668b7f45842
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: d6f977640d4810a784d152e4d3c63a6b
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 7c60ced61bb34cad2982f5ddb1306754
-    SHA1: d02d19abf19569df72ea2c5071330de3d57e0982
-    SHA256: fa861c61102cbcaa1e5f6020deaa066c4fcdfaee3ded1ee156ab81d59ad54f9a
-  Company: MSI
-  Copyright: Copyright (C) 2008-2009 MSI. All rights reserved.
-  CreationTimestamp: '2010-01-17 19:31:59'
-  Date: ''
-  Description: NTIOLib
-  ExportedFunctions: ''
-  FileVersion: 1.0.0.0
-  Filename: NTIOLib.sys
-  ImportedFunctions:
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - IoDeleteDevice
-  - IoCreateDevice
-  - KeBugCheckEx
-  - RtlInitUnicodeString
-  - IoCreateSymbolicLink
-  - IoDeleteSymbolicLink
-  - __C_specific_handler
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: NTIOLib.sys
-  MD5: 3f39f013168428c8e505a7b9e6cba8a2
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: NTIOLib.sys
-  Product: NTIOLib
-  ProductVersion: 1.0.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 2ee757c19c3e831d8f872914fe1b1384
-    SHA1: 9c58163cf35d80dbe450b656a52ee9de12bc60d2
-    SHA256: c5a21f0ae765d60ce4e2189aa3ca90b603b75ac02d9a98d1ab04375ad398132c
-  SHA1: f50c6b84dfb8f2d53ba3bce000a55f0a486c0e79
-  SHA256: 6f1ff29e2e710f6d064dc74e8e011331d807c32cc2a622cbe507fd4b4d43f8f4
-  Sections:
-    .text:
-      Entropy: 6.010356299493828
-      Virtual Size: '0x794'
-    .rdata:
-      Entropy: 4.247032045117121
-      Virtual Size: '0x19c'
-    .data:
-      Entropy: 0.5096713223407059
-      Virtual Size: '0x114'
-    .pdata:
-      Entropy: 3.1951235244918195
-      Virtual Size: '0x6c'
-    INIT:
-      Entropy: 4.846887314724898
-      Virtual Size: '0x222'
-    .rsrc:
-      Entropy: 3.2498244109800973
-      Virtual Size: '0x370'
-  Signature:
-  - Micro-Star Int'l Co. Ltd.
-  - GlobalSign ObjectSign CA
-  - GlobalSign Primary Object Publishing CA
-  - GlobalSign Root CA - R1
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
-        Primary Object Publishing CA
-      ValidFrom: '1999-01-28 12:00:00'
-      ValidTo: '2014-01-27 11:00:00'
-      Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9611cd6
-      Version: 3
-      TBS:
-        MD5: 698f075151097d84c0b1f3e7bc3d6fca
-        SHA1: 041750993d7c9e063f02dfe74699598640911aab
-        SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
-        SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
-    - Subject: C=TW, O=Micro,Star Int'l Co. Ltd., CN=Micro,Star Int'l Co. Ltd.
-      ValidFrom: '2008-08-28 09:49:45'
-      ValidTo: '2011-08-28 09:49:45'
-      Signature: 572df373e9b036711b3cf5ee882e5d75d8d50f012407cf0c1b554ff8f41c7b6477fa0b2ad579f2c1fe7b8b9d7374b690527c219eb979686fb67d0b4cf2885d8d7d1261f05cb72fe4c9f294c52aa05f3e5d1ceb0d77085dbd6af07978032505da666f353283a8982af26985e69c1599479945b591124183574b8a4cc34caa62e31b523dac3fedbd04951b3661399ed34f5c5868d9bbe3295fc09890d9521e1cdcae2ff129f547d4c8ce8aa08616107c555fac60e5b63c14ddfeb6962af3608b75d9c77c69260d8af9775b83afaa15b8ecef6840cb4ee87d451f9042b49735ea40931c0664c8c2bf6a139db6ac5b90edcea63a6bf5b54978f027b1046170d476d0
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0100000000011c08b7f67e
-      Version: 3
-      TBS:
-        MD5: 4566c37f56f951a0ce5b4ae966c0ea9f
-        SHA1: a51cbf2834eb6f8535bc5e44913a9ec979379782
-        SHA256: 88a8e9a799af515b9223e4cdf24d0ef1e72f12124be02786f026a3c26317b417
-        SHA384: d8d8769d5b6a0fe7c56fcde24c735475ee0e5d01c63dbf7690cdae5a3e251818bed42443d0c6424d39e81a19d6c83bdb
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      ValidFrom: '2004-01-22 09:00:00'
-      ValidTo: '2014-01-27 10:00:00'
-      Signature: 3c4a010267edf20a2e736e40252f1dccbc2db652141b27122cf1229e190a89b6ef352a29152b1a88c20f37168d2602d5e93080f608b9939ac0498f332c3035ff4ab9892aa75c38e761a778fe22851a07b4b9edcf21f25ddedff329c5d38d9e14c4285c88e590a300442912b23e759540244a6beee2d0ef862ddf6d741a4f1cc79424c443464f7b81015d23733cd9752e995361565e7ccd13e237d222e570f8a743f6154147fda24702c43651ca545da6cdcad61817533ff1d38e0f0aafda17941657a0991431c90e1611d2c04ca2a25978fbb6b933cff763c9d2c4c84953dd8a59525e7d3b385eed220360ac85cd58325dcdc31c07fa7ef67efbc8ac378be498
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000117ab50b915
-      Version: 3
-      TBS:
-        MD5: 5686b287d716c4d2428b092c4ef30f9c
-        SHA1: 306fb5fbeb3d531510bb4b663c4fd48adc121e14
-        SHA256: 60846fc990e271a707cd2d53d0bb21834a04f7652214aa0c12597ff6649d352d
-        SHA384: 6b37b28ca97b32a31b0fa53b5e961ae0f2d1aae2c5bf46de132e57834ee3968d9af7ad204821f9389cc4e0b5a8481fe8
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 0100000000011c08b7f67e
-      Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      Version: 1
-  Imphash: d6f977640d4810a784d152e4d3c63a6b
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: ef516589154145d31284df600c9ad58b
-    SHA1: dbed3d7755df2c30d7e445529ed2bbe60ce9ee2d
-    SHA256: 6bed7f1304c6785a06064b04e0e3cb55384588f18ea2fc348a6fcd5784f47558
-  Company: MSI
-  Copyright: Copyright (C) 2008-2009 MSI. All rights reserved.
-  CreationTimestamp: '2011-06-28 19:57:56'
-  Date: ''
-  Description: NTIOLib
-  ExportedFunctions: ''
-  FileVersion: 1.0.0.0
-  Filename: NTIOLib.sys
-  ImportedFunctions:
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - IoDeleteDevice
-  - IoCreateDevice
-  - KeBugCheckEx
-  - RtlInitUnicodeString
-  - IoCreateSymbolicLink
-  - IoDeleteSymbolicLink
-  - __C_specific_handler
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: NTIOLib.sys
-  MD5: 1ed043249c21ab201edccb37f1d40af9
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: NTIOLib.sys
-  Product: NTIOLib
-  ProductVersion: 1.0.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 2ee757c19c3e831d8f872914fe1b1384
-    SHA1: 9c58163cf35d80dbe450b656a52ee9de12bc60d2
-    SHA256: c5a21f0ae765d60ce4e2189aa3ca90b603b75ac02d9a98d1ab04375ad398132c
-  SHA1: 6100eb82a25d64a7a7702e94c2b21333bc15bd08
-  SHA256: 79e2d37632c417138970b4feba91b7e10c2ea251c5efe3d1fc6fa0190f176b57
-  Sections:
-    .text:
-      Entropy: 6.009915705178223
-      Virtual Size: '0x794'
-    .rdata:
-      Entropy: 4.344435717685349
-      Virtual Size: '0x1b0'
-    .data:
-      Entropy: 0.5096713223407059
-      Virtual Size: '0x114'
-    .pdata:
-      Entropy: 3.217404746311882
-      Virtual Size: '0x6c'
-    INIT:
-      Entropy: 4.846887314724898
-      Virtual Size: '0x222'
-    .rsrc:
-      Entropy: 3.2498244109800973
-      Virtual Size: '0x370'
-  Signature:
-  - Micro-Star Int'l Co. Ltd.
-  - GlobalSign ObjectSign CA
-  - GlobalSign Primary Object Publishing CA
-  - GlobalSign Root CA - R1
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
-        Primary Object Publishing CA
-      ValidFrom: '1999-01-28 12:00:00'
-      ValidTo: '2014-01-27 11:00:00'
-      Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9611cd6
-      Version: 3
-      TBS:
-        MD5: 698f075151097d84c0b1f3e7bc3d6fca
-        SHA1: 041750993d7c9e063f02dfe74699598640911aab
-        SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
-        SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
-    - Subject: C=TW, O=Micro,Star Int'l Co. Ltd., CN=Micro,Star Int'l Co. Ltd.
-      ValidFrom: '2008-08-28 09:49:45'
-      ValidTo: '2011-08-28 09:49:45'
-      Signature: 572df373e9b036711b3cf5ee882e5d75d8d50f012407cf0c1b554ff8f41c7b6477fa0b2ad579f2c1fe7b8b9d7374b690527c219eb979686fb67d0b4cf2885d8d7d1261f05cb72fe4c9f294c52aa05f3e5d1ceb0d77085dbd6af07978032505da666f353283a8982af26985e69c1599479945b591124183574b8a4cc34caa62e31b523dac3fedbd04951b3661399ed34f5c5868d9bbe3295fc09890d9521e1cdcae2ff129f547d4c8ce8aa08616107c555fac60e5b63c14ddfeb6962af3608b75d9c77c69260d8af9775b83afaa15b8ecef6840cb4ee87d451f9042b49735ea40931c0664c8c2bf6a139db6ac5b90edcea63a6bf5b54978f027b1046170d476d0
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0100000000011c08b7f67e
-      Version: 3
-      TBS:
-        MD5: 4566c37f56f951a0ce5b4ae966c0ea9f
-        SHA1: a51cbf2834eb6f8535bc5e44913a9ec979379782
-        SHA256: 88a8e9a799af515b9223e4cdf24d0ef1e72f12124be02786f026a3c26317b417
-        SHA384: d8d8769d5b6a0fe7c56fcde24c735475ee0e5d01c63dbf7690cdae5a3e251818bed42443d0c6424d39e81a19d6c83bdb
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      ValidFrom: '2004-01-22 09:00:00'
-      ValidTo: '2014-01-27 10:00:00'
-      Signature: 3c4a010267edf20a2e736e40252f1dccbc2db652141b27122cf1229e190a89b6ef352a29152b1a88c20f37168d2602d5e93080f608b9939ac0498f332c3035ff4ab9892aa75c38e761a778fe22851a07b4b9edcf21f25ddedff329c5d38d9e14c4285c88e590a300442912b23e759540244a6beee2d0ef862ddf6d741a4f1cc79424c443464f7b81015d23733cd9752e995361565e7ccd13e237d222e570f8a743f6154147fda24702c43651ca545da6cdcad61817533ff1d38e0f0aafda17941657a0991431c90e1611d2c04ca2a25978fbb6b933cff763c9d2c4c84953dd8a59525e7d3b385eed220360ac85cd58325dcdc31c07fa7ef67efbc8ac378be498
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000117ab50b915
-      Version: 3
-      TBS:
-        MD5: 5686b287d716c4d2428b092c4ef30f9c
-        SHA1: 306fb5fbeb3d531510bb4b663c4fd48adc121e14
-        SHA256: 60846fc990e271a707cd2d53d0bb21834a04f7652214aa0c12597ff6649d352d
-        SHA384: 6b37b28ca97b32a31b0fa53b5e961ae0f2d1aae2c5bf46de132e57834ee3968d9af7ad204821f9389cc4e0b5a8481fe8
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 0100000000011c08b7f67e
-      Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      Version: 1
-  Imphash: d6f977640d4810a784d152e4d3c63a6b
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 133e1582c5d14c52ac3590c9d2ada850
-    SHA1: a22e6b855062f1154ae8f244e2652e04b4ea5b4c
-    SHA256: 5a63937a6320f50c4782d0675104932907d16a91d89088ac979a7a0129aad986
-  Company: MSI
-  Copyright: Copyright (C) 2008-2009 MSI. All rights reserved.
-  CreationTimestamp: '2012-10-28 21:49:49'
-  Date: ''
-  Description: NTIOLib
-  ExportedFunctions: ''
-  FileVersion: 1.0.0.0
-  Filename: NTIOLib.sys
-  ImportedFunctions:
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - IoDeleteDevice
-  - IoCreateDevice
-  - KeBugCheckEx
-  - RtlInitUnicodeString
-  - IoCreateSymbolicLink
-  - IoDeleteSymbolicLink
-  - __C_specific_handler
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: NTIOLib.sys
-  MD5: 96b463b6fa426ae42c414177af550ba2
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: NTIOLib.sys
-  Product: NTIOLib
-  ProductVersion: 1.0.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 2ee757c19c3e831d8f872914fe1b1384
-    SHA1: 9c58163cf35d80dbe450b656a52ee9de12bc60d2
-    SHA256: c5a21f0ae765d60ce4e2189aa3ca90b603b75ac02d9a98d1ab04375ad398132c
-  SHA1: bf87e32a651bdfd9b9244a8cf24fca0e459eb614
-  SHA256: 85866e8c25d82c1ec91d7a8076c7d073cccf421cf57d9c83d80d63943a4edd94
-  Sections:
-    .text:
-      Entropy: 6.012544122375453
-      Virtual Size: '0x794'
-    .rdata:
-      Entropy: 4.438103864964335
-      Virtual Size: '0x1b4'
-    .data:
-      Entropy: 0.5096713223407059
-      Virtual Size: '0x114'
-    .pdata:
-      Entropy: 3.168838889850432
-      Virtual Size: '0x6c'
-    INIT:
-      Entropy: 4.846887314724898
-      Virtual Size: '0x222'
-    .rsrc:
-      Entropy: 3.2498244109800973
-      Virtual Size: '0x370'
-  Signature:
-  - MICRO-STAR INTERNATIONAL CO., LTD.
-  - GlobalSign CodeSigning CA - G2
-  - GlobalSign Root CA - R1
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G3
-      ValidFrom: '2012-05-01 00:00:00'
-      ValidTo: '2012-12-31 23:59:59'
-      Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
-      Version: 3
-      TBS:
-        MD5: e6d820afb23af20a65cf0b03247ea05e
-        SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
-        SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
-        SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL CO.,
-        LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL CO.,
-        LTD.
-      ValidFrom: '2011-08-30 06:46:09'
-      ValidTo: '2014-08-30 06:46:09'
-      Signature: 87bf57ab7ffd7e005076b34b14ddd924045ec7e389871661794f1ece1bef10e050893b28236cb650af1415f8cd95e86c2052d93311d73e0bbe6fb1c22ddea438a93c8b18bd4b8c0f81ad07032efb46d406bbaa730dd3ac92cbf0d9cc711a397a0e0320b213a5161e6be83ec69967a712b463129ea56d5a8ecd3ff8901be09dfaa0a0f10e879b307863e1b1c3a3149ac73bc3f3160db7012229b57bced6d47b875878663642a8cddd03da1e7f236b8cf16713a5e0f4c892aaca77a8c7dab41d84567e2bbf09b336a2824e0e18d54d199e6e024d2630bb210cd24a9ef4b377be0429e2ecc9bf8478a8c6a78c686e26f29c95925baee85e4bbb97b6eecffe44a25e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
-      Version: 3
-      TBS:
-        MD5: 3a98a18e8636f2a01e49e2a6d116c360
-        SHA1: a2938150e46525adcec2e3a2348824bc1cf532b2
-        SHA256: 01a2e2d31d0a4f3005753cce5972b5da2a7c08b0750fb6947e0fd231e64ae7ec
-        SHA384: 722398e51e6b5bbe064df372be6b6a9ccfcc9719ad775213cae46920e0a3e6c5a4dc8b912de3148abfc60ff4a59050ea
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: d6f977640d4810a784d152e4d3c63a6b
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 761bee6879171d50932f73cfa9c718e0
-    SHA1: 33b2e3af695f0febd39d02d8f931e92ad88461f4
-    SHA256: e951858d5317724c015eef07d402e8bcb33cf1a7c2ccf7a75cea63e3430d16a2
-  Company: MSI
-  Copyright: Copyright (C) 2008-2009 MSI. All rights reserved.
-  CreationTimestamp: '2011-02-09 01:39:49'
-  Date: ''
-  Description: NTIOLib
-  ExportedFunctions: ''
-  FileVersion: 1.0.0.0
-  Filename: NTIOLib.sys
-  ImportedFunctions:
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - IoDeleteDevice
-  - IoCreateDevice
-  - KeBugCheckEx
-  - RtlInitUnicodeString
-  - IoCreateSymbolicLink
-  - IoDeleteSymbolicLink
-  - __C_specific_handler
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: NTIOLib.sys
-  MD5: 0752f113d983030939b4ab98b0812cf0
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: NTIOLib.sys
-  Product: NTIOLib
-  ProductVersion: 1.0.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 2ee757c19c3e831d8f872914fe1b1384
-    SHA1: 9c58163cf35d80dbe450b656a52ee9de12bc60d2
-    SHA256: c5a21f0ae765d60ce4e2189aa3ca90b603b75ac02d9a98d1ab04375ad398132c
-  SHA1: 28b1c0b91eb6afd2d26b239c9f93beb053867a1a
-  SHA256: 89b0017bc30cc026e32b758c66a1af88bd54c6a78e11ec2908ff854e00ac46be
-  Sections:
-    .text:
-      Entropy: 6.012418155163931
-      Virtual Size: '0x794'
-    .rdata:
-      Entropy: 4.375413346679536
-      Virtual Size: '0x1b0'
-    .data:
-      Entropy: 0.5096713223407059
-      Virtual Size: '0x114'
-    .pdata:
-      Entropy: 3.217404746311882
-      Virtual Size: '0x6c'
-    INIT:
-      Entropy: 4.846887314724898
-      Virtual Size: '0x222'
-    .rsrc:
-      Entropy: 3.2498244109800973
-      Virtual Size: '0x370'
-  Signature:
-  - Micro-Star Int'l Co. Ltd.
-  - GlobalSign ObjectSign CA
-  - GlobalSign Primary Object Publishing CA
-  - GlobalSign Root CA - R1
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
-        Primary Object Publishing CA
-      ValidFrom: '1999-01-28 12:00:00'
-      ValidTo: '2014-01-27 11:00:00'
-      Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9611cd6
-      Version: 3
-      TBS:
-        MD5: 698f075151097d84c0b1f3e7bc3d6fca
-        SHA1: 041750993d7c9e063f02dfe74699598640911aab
-        SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
-        SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
-    - Subject: C=TW, O=Micro,Star Int'l Co. Ltd., CN=Micro,Star Int'l Co. Ltd.
-      ValidFrom: '2008-08-28 09:49:45'
-      ValidTo: '2011-08-28 09:49:45'
-      Signature: 572df373e9b036711b3cf5ee882e5d75d8d50f012407cf0c1b554ff8f41c7b6477fa0b2ad579f2c1fe7b8b9d7374b690527c219eb979686fb67d0b4cf2885d8d7d1261f05cb72fe4c9f294c52aa05f3e5d1ceb0d77085dbd6af07978032505da666f353283a8982af26985e69c1599479945b591124183574b8a4cc34caa62e31b523dac3fedbd04951b3661399ed34f5c5868d9bbe3295fc09890d9521e1cdcae2ff129f547d4c8ce8aa08616107c555fac60e5b63c14ddfeb6962af3608b75d9c77c69260d8af9775b83afaa15b8ecef6840cb4ee87d451f9042b49735ea40931c0664c8c2bf6a139db6ac5b90edcea63a6bf5b54978f027b1046170d476d0
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0100000000011c08b7f67e
-      Version: 3
-      TBS:
-        MD5: 4566c37f56f951a0ce5b4ae966c0ea9f
-        SHA1: a51cbf2834eb6f8535bc5e44913a9ec979379782
-        SHA256: 88a8e9a799af515b9223e4cdf24d0ef1e72f12124be02786f026a3c26317b417
-        SHA384: d8d8769d5b6a0fe7c56fcde24c735475ee0e5d01c63dbf7690cdae5a3e251818bed42443d0c6424d39e81a19d6c83bdb
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      ValidFrom: '2004-01-22 09:00:00'
-      ValidTo: '2014-01-27 10:00:00'
-      Signature: 3c4a010267edf20a2e736e40252f1dccbc2db652141b27122cf1229e190a89b6ef352a29152b1a88c20f37168d2602d5e93080f608b9939ac0498f332c3035ff4ab9892aa75c38e761a778fe22851a07b4b9edcf21f25ddedff329c5d38d9e14c4285c88e590a300442912b23e759540244a6beee2d0ef862ddf6d741a4f1cc79424c443464f7b81015d23733cd9752e995361565e7ccd13e237d222e570f8a743f6154147fda24702c43651ca545da6cdcad61817533ff1d38e0f0aafda17941657a0991431c90e1611d2c04ca2a25978fbb6b933cff763c9d2c4c84953dd8a59525e7d3b385eed220360ac85cd58325dcdc31c07fa7ef67efbc8ac378be498
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000117ab50b915
-      Version: 3
-      TBS:
-        MD5: 5686b287d716c4d2428b092c4ef30f9c
-        SHA1: 306fb5fbeb3d531510bb4b663c4fd48adc121e14
-        SHA256: 60846fc990e271a707cd2d53d0bb21834a04f7652214aa0c12597ff6649d352d
-        SHA384: 6b37b28ca97b32a31b0fa53b5e961ae0f2d1aae2c5bf46de132e57834ee3968d9af7ad204821f9389cc4e0b5a8481fe8
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 0100000000011c08b7f67e
-      Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      Version: 1
-  Imphash: d6f977640d4810a784d152e4d3c63a6b
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 63ea2f5ce789857efaf657ae86d029c5
-    SHA1: 33286e984b12811b38b2ad3396451388e2f24424
-    SHA256: 98f5cb928827e8dadc79c1be4f27f67755dbeb802c3485af9cace78b9eb65c59
-  Company: MSI
-  Copyright: Copyright (C) 2008-2009 MSI. All rights reserved.
-  CreationTimestamp: '2012-11-26 03:11:53'
-  Date: ''
-  Description: NTIOLib for MSIDDR_CC
-  ExportedFunctions: ''
-  FileVersion: 1.0.0.0
-  Filename: NTIOLib.sys
-  ImportedFunctions:
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - IoDeleteDevice
-  - IoCreateDevice
-  - KeBugCheckEx
-  - RtlInitUnicodeString
-  - IoCreateSymbolicLink
-  - IoDeleteSymbolicLink
-  - __C_specific_handler
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: NTIOLib.sys
-  MD5: 6cce5bb9c8c2a8293df2d3b1897941a2
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: NTIOLib.sys
-  Product: NTIOLib
-  ProductVersion: 1.0.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 39c75f9f5960f67f8cc161923c9e27de
-    SHA1: 04563d9ba3a46a4a80e909593385d142161e460f
-    SHA256: 160c6345935fc4df2858df076b6075d17a8f8adec1d01711474d4221fe4168a8
-  SHA1: 879fcc6795cebe67718388228e715c470de87dca
-  SHA256: 9254f012009d55f555418ff85f7d93b184ab7cb0e37aecdfdab62cfe94dea96b
-  Sections:
-    .text:
-      Entropy: 5.955420026970786
-      Virtual Size: '0x7dc'
-    .rdata:
-      Entropy: 4.398803023184568
-      Virtual Size: '0x1b8'
-    .data:
-      Entropy: 0.5096713223407059
-      Virtual Size: '0x114'
-    .pdata:
-      Entropy: 3.333607461074226
-      Virtual Size: '0x78'
-    INIT:
-      Entropy: 5.022741972184718
-      Virtual Size: '0x242'
-    .rsrc:
-      Entropy: 3.2731616661183063
-      Virtual Size: '0x390'
-  Signature:
-  - MICRO-STAR INTERNATIONAL CO., LTD.
-  - GlobalSign CodeSigning CA - G2
-  - GlobalSign Root CA - R1
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G3
-      ValidFrom: '2012-05-01 00:00:00'
-      ValidTo: '2012-12-31 23:59:59'
-      Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
-      Version: 3
-      TBS:
-        MD5: e6d820afb23af20a65cf0b03247ea05e
-        SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
-        SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
-        SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL CO.,
-        LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL CO.,
-        LTD.
-      ValidFrom: '2011-08-30 06:46:09'
-      ValidTo: '2014-08-30 06:46:09'
-      Signature: 87bf57ab7ffd7e005076b34b14ddd924045ec7e389871661794f1ece1bef10e050893b28236cb650af1415f8cd95e86c2052d93311d73e0bbe6fb1c22ddea438a93c8b18bd4b8c0f81ad07032efb46d406bbaa730dd3ac92cbf0d9cc711a397a0e0320b213a5161e6be83ec69967a712b463129ea56d5a8ecd3ff8901be09dfaa0a0f10e879b307863e1b1c3a3149ac73bc3f3160db7012229b57bced6d47b875878663642a8cddd03da1e7f236b8cf16713a5e0f4c892aaca77a8c7dab41d84567e2bbf09b336a2824e0e18d54d199e6e024d2630bb210cd24a9ef4b377be0429e2ecc9bf8478a8c6a78c686e26f29c95925baee85e4bbb97b6eecffe44a25e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
-      Version: 3
-      TBS:
-        MD5: 3a98a18e8636f2a01e49e2a6d116c360
-        SHA1: a2938150e46525adcec2e3a2348824bc1cf532b2
-        SHA256: 01a2e2d31d0a4f3005753cce5972b5da2a7c08b0750fb6947e0fd231e64ae7ec
-        SHA384: 722398e51e6b5bbe064df372be6b6a9ccfcc9719ad775213cae46920e0a3e6c5a4dc8b912de3148abfc60ff4a59050ea
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: d6f977640d4810a784d152e4d3c63a6b
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: c6788d75093368b6dc2bc373df4591b8
-    SHA1: a3799e1aa983ad65de762a430f3286eefeff61e0
-    SHA256: 1ef80a6b63766ca36e2f2a7d29c49dc5859a58604bd8fde15011d8c379f76e01
-  Company: MSI
-  Copyright: Copyright (C) 2008-2009 MSI. All rights reserved.
-  CreationTimestamp: '2013-03-19 04:14:02'
-  Date: ''
-  Description: NTIOLib
-  ExportedFunctions: ''
-  FileVersion: 1.0.0.0
-  Filename: NTIOLib.sys
-  ImportedFunctions:
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - IoDeleteDevice
-  - IoCreateDevice
-  - KeBugCheckEx
-  - RtlInitUnicodeString
-  - IoCreateSymbolicLink
-  - IoDeleteSymbolicLink
-  - __C_specific_handler
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: NTIOLib.sys
-  MD5: 64efbffaa153b0d53dc1bccda4279299
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: NTIOLib.sys
-  Product: NTIOLib
-  ProductVersion: 1.0.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 2ee757c19c3e831d8f872914fe1b1384
-    SHA1: 9c58163cf35d80dbe450b656a52ee9de12bc60d2
-    SHA256: c5a21f0ae765d60ce4e2189aa3ca90b603b75ac02d9a98d1ab04375ad398132c
-  SHA1: 15df139494d2c40a645fb010908551185c27f3c5
-  SHA256: 9529efb1837b1005e5e8f477773752078e0a46500c748bc30c9b5084d04082e6
-  Sections:
-    .text:
-      Entropy: 5.992872363407889
-      Virtual Size: '0x7aa'
-    .rdata:
-      Entropy: 3.9972247036176958
-      Virtual Size: '0x180'
-    .data:
-      Entropy: 0.5096713223407059
-      Virtual Size: '0x114'
-    .pdata:
-      Entropy: 3.226482986972494
-      Virtual Size: '0x6c'
-    INIT:
-      Entropy: 4.846887314724898
-      Virtual Size: '0x222'
-    .rsrc:
-      Entropy: 3.2498244109800973
-      Virtual Size: '0x370'
-  Signature:
-  - MICRO-STAR INTERNATIONAL CO., LTD.
-  - GlobalSign CodeSigning CA - G2
-  - GlobalSign Root CA - R1
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL CO.,
-        LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL CO.,
-        LTD.
-      ValidFrom: '2011-08-30 06:46:09'
-      ValidTo: '2014-08-30 06:46:09'
-      Signature: 87bf57ab7ffd7e005076b34b14ddd924045ec7e389871661794f1ece1bef10e050893b28236cb650af1415f8cd95e86c2052d93311d73e0bbe6fb1c22ddea438a93c8b18bd4b8c0f81ad07032efb46d406bbaa730dd3ac92cbf0d9cc711a397a0e0320b213a5161e6be83ec69967a712b463129ea56d5a8ecd3ff8901be09dfaa0a0f10e879b307863e1b1c3a3149ac73bc3f3160db7012229b57bced6d47b875878663642a8cddd03da1e7f236b8cf16713a5e0f4c892aaca77a8c7dab41d84567e2bbf09b336a2824e0e18d54d199e6e024d2630bb210cd24a9ef4b377be0429e2ecc9bf8478a8c6a78c686e26f29c95925baee85e4bbb97b6eecffe44a25e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
-      Version: 3
-      TBS:
-        MD5: 3a98a18e8636f2a01e49e2a6d116c360
-        SHA1: a2938150e46525adcec2e3a2348824bc1cf532b2
-        SHA256: 01a2e2d31d0a4f3005753cce5972b5da2a7c08b0750fb6947e0fd231e64ae7ec
-        SHA384: 722398e51e6b5bbe064df372be6b6a9ccfcc9719ad775213cae46920e0a3e6c5a4dc8b912de3148abfc60ff4a59050ea
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: d6f977640d4810a784d152e4d3c63a6b
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 5e4c54660e02b951d67e54ce3c16dcc9
-    SHA1: 14e798609095df77d135dd2afae8277e0a968d99
-    SHA256: 5eb233ed9df3c1def326e2c63ee304dc85af303f8c9f038c993aa6e34f91ffaf
-  Company: MSI
-  Copyright: Copyright (C) 2008-2009 MSI. All rights reserved.
-  CreationTimestamp: '2012-11-08 18:43:52'
-  Date: ''
-  Description: NTIOLib
-  ExportedFunctions: ''
-  FileVersion: 1.0.0.0
-  Filename: NTIOLib.sys
-  ImportedFunctions:
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - IoDeleteDevice
-  - IoCreateDevice
-  - KeBugCheckEx
-  - RtlInitUnicodeString
-  - IoCreateSymbolicLink
-  - IoDeleteSymbolicLink
-  - __C_specific_handler
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: NTIOLib.sys
-  MD5: 2da209dde8188076a9579bd256dc90d0
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: NTIOLib.sys
-  Product: NTIOLib
-  ProductVersion: 1.0.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 39c75f9f5960f67f8cc161923c9e27de
-    SHA1: 04563d9ba3a46a4a80e909593385d142161e460f
-    SHA256: 160c6345935fc4df2858df076b6075d17a8f8adec1d01711474d4221fe4168a8
-  SHA1: 1f7501e01d84a2297c85cb39880ec4e40ac3fe8a
-  SHA256: 984a77e5424c6d099051441005f2938ae92b31b5ad8f6521c6b001932862add7
-  Sections:
-    .text:
-      Entropy: 5.977500374905586
-      Virtual Size: '0x7ac'
-    .rdata:
-      Entropy: 4.399778656501929
-      Virtual Size: '0x1b8'
-    .data:
-      Entropy: 0.5096713223407059
-      Virtual Size: '0x114'
-    .pdata:
-      Entropy: 3.2429587897527465
-      Virtual Size: '0x78'
-    INIT:
-      Entropy: 5.022741972184718
-      Virtual Size: '0x242'
-    .rsrc:
-      Entropy: 3.2498244109800973
-      Virtual Size: '0x370'
-  Signature:
-  - MICRO-STAR INTERNATIONAL CO., LTD.
-  - GlobalSign CodeSigning CA - G2
-  - GlobalSign Root CA - R1
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G3
-      ValidFrom: '2012-05-01 00:00:00'
-      ValidTo: '2012-12-31 23:59:59'
-      Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
-      Version: 3
-      TBS:
-        MD5: e6d820afb23af20a65cf0b03247ea05e
-        SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
-        SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
-        SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL CO.,
-        LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL CO.,
-        LTD.
-      ValidFrom: '2011-08-30 06:46:09'
-      ValidTo: '2014-08-30 06:46:09'
-      Signature: 87bf57ab7ffd7e005076b34b14ddd924045ec7e389871661794f1ece1bef10e050893b28236cb650af1415f8cd95e86c2052d93311d73e0bbe6fb1c22ddea438a93c8b18bd4b8c0f81ad07032efb46d406bbaa730dd3ac92cbf0d9cc711a397a0e0320b213a5161e6be83ec69967a712b463129ea56d5a8ecd3ff8901be09dfaa0a0f10e879b307863e1b1c3a3149ac73bc3f3160db7012229b57bced6d47b875878663642a8cddd03da1e7f236b8cf16713a5e0f4c892aaca77a8c7dab41d84567e2bbf09b336a2824e0e18d54d199e6e024d2630bb210cd24a9ef4b377be0429e2ecc9bf8478a8c6a78c686e26f29c95925baee85e4bbb97b6eecffe44a25e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
-      Version: 3
-      TBS:
-        MD5: 3a98a18e8636f2a01e49e2a6d116c360
-        SHA1: a2938150e46525adcec2e3a2348824bc1cf532b2
-        SHA256: 01a2e2d31d0a4f3005753cce5972b5da2a7c08b0750fb6947e0fd231e64ae7ec
-        SHA384: 722398e51e6b5bbe064df372be6b6a9ccfcc9719ad775213cae46920e0a3e6c5a4dc8b912de3148abfc60ff4a59050ea
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: d6f977640d4810a784d152e4d3c63a6b
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: e2fde714a590d75cec614058707ac9d7
-    SHA1: 450a92b5d604ad2c7d848ab96dc1c0455c7d1f92
-    SHA256: 5dfb950d4771c35f4f82626b5d8859cce74bf03db67f2be3036631894a62eca8
-  Company: MSI
-  Copyright: Copyright (C) 2013 MSI. All rights reserved.
-  CreationTimestamp: '2013-05-24 00:11:50'
-  Date: ''
-  Description: NTIOLib for DebugLED
-  ExportedFunctions: ''
-  FileVersion: 1.0.0.0
-  Filename: NTIOLib.sys
-  ImportedFunctions:
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - IoDeleteDevice
-  - IoCreateDevice
-  - KeBugCheckEx
-  - RtlInitUnicodeString
-  - IoCreateSymbolicLink
-  - IoDeleteSymbolicLink
-  - __C_specific_handler
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: NTIOLib.sys
-  MD5: 84ba7af6ada1b3ea5efb9871a0613fc6
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: NTIOLib.sys
-  Product: NTIOLib
-  ProductVersion: 1.0.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 2ee757c19c3e831d8f872914fe1b1384
-    SHA1: 9c58163cf35d80dbe450b656a52ee9de12bc60d2
-    SHA256: c5a21f0ae765d60ce4e2189aa3ca90b603b75ac02d9a98d1ab04375ad398132c
-  SHA1: 152b6bb9ffd2ffec00cc46f5c6e29362d0e66e67
-  SHA256: 98b734dda78c16ebcaa4afeb31007926542b63b2f163b2f733fa0d00dbb344d8
-  Sections:
-    .text:
-      Entropy: 5.979915867784713
-      Virtual Size: '0x7e0'
-    .rdata:
-      Entropy: 3.866955901244594
-      Virtual Size: '0x170'
-    .data:
-      Entropy: 0.5096713223407059
-      Virtual Size: '0x114'
-    .pdata:
-      Entropy: 3.2395377048819114
-      Virtual Size: '0x6c'
-    INIT:
-      Entropy: 4.846887314724898
-      Virtual Size: '0x222'
-    .rsrc:
-      Entropy: 3.250564276778797
-      Virtual Size: '0x388'
-  Signature:
-  - MICRO-STAR INTERNATIONAL CO.
-  - GlobalSign CodeSigning CA - G2
-  - GlobalSign
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL CO.,
-        LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL CO.,
-        LTD.
-      ValidFrom: '2011-08-30 06:46:09'
-      ValidTo: '2014-08-30 06:46:09'
-      Signature: 87bf57ab7ffd7e005076b34b14ddd924045ec7e389871661794f1ece1bef10e050893b28236cb650af1415f8cd95e86c2052d93311d73e0bbe6fb1c22ddea438a93c8b18bd4b8c0f81ad07032efb46d406bbaa730dd3ac92cbf0d9cc711a397a0e0320b213a5161e6be83ec69967a712b463129ea56d5a8ecd3ff8901be09dfaa0a0f10e879b307863e1b1c3a3149ac73bc3f3160db7012229b57bced6d47b875878663642a8cddd03da1e7f236b8cf16713a5e0f4c892aaca77a8c7dab41d84567e2bbf09b336a2824e0e18d54d199e6e024d2630bb210cd24a9ef4b377be0429e2ecc9bf8478a8c6a78c686e26f29c95925baee85e4bbb97b6eecffe44a25e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
-      Version: 3
-      TBS:
-        MD5: 3a98a18e8636f2a01e49e2a6d116c360
-        SHA1: a2938150e46525adcec2e3a2348824bc1cf532b2
-        SHA256: 01a2e2d31d0a4f3005753cce5972b5da2a7c08b0750fb6947e0fd231e64ae7ec
-        SHA384: 722398e51e6b5bbe064df372be6b6a9ccfcc9719ad775213cae46920e0a3e6c5a4dc8b912de3148abfc60ff4a59050ea
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: d6f977640d4810a784d152e4d3c63a6b
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: b36ce3dc6e3ca0e76c9f9a7d4d331524
-    SHA1: 0b68901f632deadc3f0691febe7d0dacb8a2d4d8
-    SHA256: bb4e3aa888a779238b210d6406aa480f01d27ea28d20699b1ec29a59dae19913
-  Company: MSI
-  Copyright: Copyright (C) 2008-2009 MSI. All rights reserved.
-  CreationTimestamp: '2010-10-20 00:45:49'
-  Date: ''
-  Description: NTIOLib
-  ExportedFunctions: ''
-  FileVersion: 1.0.0.0
-  Filename: NTIOLib.sys
-  ImportedFunctions:
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - IoDeleteDevice
-  - IoCreateDevice
-  - KeBugCheckEx
-  - RtlInitUnicodeString
-  - IoCreateSymbolicLink
-  - IoDeleteSymbolicLink
-  - __C_specific_handler
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: NTIOLib.sys
-  MD5: 1b32c54b95121ab1683c7b83b2db4b96
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: NTIOLib.sys
-  Product: NTIOLib
-  ProductVersion: 1.0.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 2ee757c19c3e831d8f872914fe1b1384
-    SHA1: 9c58163cf35d80dbe450b656a52ee9de12bc60d2
-    SHA256: c5a21f0ae765d60ce4e2189aa3ca90b603b75ac02d9a98d1ab04375ad398132c
-  SHA1: 5f8356ffa8201f338dd2ea979eb47881a6db9f03
-  SHA256: 99f4994a0e5bd1bf6e3f637d3225c69ff4cd620557e23637533e7f18d7d6cba1
-  Sections:
-    .text:
-      Entropy: 6.010998110059723
-      Virtual Size: '0x794'
-    .rdata:
-      Entropy: 4.367914348843864
-      Virtual Size: '0x1b0'
-    .data:
-      Entropy: 0.5096713223407059
-      Virtual Size: '0x114'
-    .pdata:
-      Entropy: 3.217404746311882
-      Virtual Size: '0x6c'
-    INIT:
-      Entropy: 4.846887314724898
-      Virtual Size: '0x222'
-    .rsrc:
-      Entropy: 3.2498244109800973
-      Virtual Size: '0x370'
-  Signature:
-  - Micro-Star Int'l Co. Ltd.
-  - GlobalSign ObjectSign CA
-  - GlobalSign Primary Object Publishing CA
-  - GlobalSign Root CA - R1
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
-        Primary Object Publishing CA
-      ValidFrom: '1999-01-28 12:00:00'
-      ValidTo: '2014-01-27 11:00:00'
-      Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9611cd6
-      Version: 3
-      TBS:
-        MD5: 698f075151097d84c0b1f3e7bc3d6fca
-        SHA1: 041750993d7c9e063f02dfe74699598640911aab
-        SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
-        SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
-    - Subject: C=TW, O=Micro,Star Int'l Co. Ltd., CN=Micro,Star Int'l Co. Ltd.
-      ValidFrom: '2008-08-28 09:49:45'
-      ValidTo: '2011-08-28 09:49:45'
-      Signature: 572df373e9b036711b3cf5ee882e5d75d8d50f012407cf0c1b554ff8f41c7b6477fa0b2ad579f2c1fe7b8b9d7374b690527c219eb979686fb67d0b4cf2885d8d7d1261f05cb72fe4c9f294c52aa05f3e5d1ceb0d77085dbd6af07978032505da666f353283a8982af26985e69c1599479945b591124183574b8a4cc34caa62e31b523dac3fedbd04951b3661399ed34f5c5868d9bbe3295fc09890d9521e1cdcae2ff129f547d4c8ce8aa08616107c555fac60e5b63c14ddfeb6962af3608b75d9c77c69260d8af9775b83afaa15b8ecef6840cb4ee87d451f9042b49735ea40931c0664c8c2bf6a139db6ac5b90edcea63a6bf5b54978f027b1046170d476d0
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0100000000011c08b7f67e
-      Version: 3
-      TBS:
-        MD5: 4566c37f56f951a0ce5b4ae966c0ea9f
-        SHA1: a51cbf2834eb6f8535bc5e44913a9ec979379782
-        SHA256: 88a8e9a799af515b9223e4cdf24d0ef1e72f12124be02786f026a3c26317b417
-        SHA384: d8d8769d5b6a0fe7c56fcde24c735475ee0e5d01c63dbf7690cdae5a3e251818bed42443d0c6424d39e81a19d6c83bdb
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      ValidFrom: '2004-01-22 09:00:00'
-      ValidTo: '2014-01-27 10:00:00'
-      Signature: 3c4a010267edf20a2e736e40252f1dccbc2db652141b27122cf1229e190a89b6ef352a29152b1a88c20f37168d2602d5e93080f608b9939ac0498f332c3035ff4ab9892aa75c38e761a778fe22851a07b4b9edcf21f25ddedff329c5d38d9e14c4285c88e590a300442912b23e759540244a6beee2d0ef862ddf6d741a4f1cc79424c443464f7b81015d23733cd9752e995361565e7ccd13e237d222e570f8a743f6154147fda24702c43651ca545da6cdcad61817533ff1d38e0f0aafda17941657a0991431c90e1611d2c04ca2a25978fbb6b933cff763c9d2c4c84953dd8a59525e7d3b385eed220360ac85cd58325dcdc31c07fa7ef67efbc8ac378be498
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000117ab50b915
-      Version: 3
-      TBS:
-        MD5: 5686b287d716c4d2428b092c4ef30f9c
-        SHA1: 306fb5fbeb3d531510bb4b663c4fd48adc121e14
-        SHA256: 60846fc990e271a707cd2d53d0bb21834a04f7652214aa0c12597ff6649d352d
-        SHA384: 6b37b28ca97b32a31b0fa53b5e961ae0f2d1aae2c5bf46de132e57834ee3968d9af7ad204821f9389cc4e0b5a8481fe8
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 0100000000011c08b7f67e
-      Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      Version: 1
-  Imphash: d6f977640d4810a784d152e4d3c63a6b
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 498e18a0df3d49779e5d50e2ce1e8385
-    SHA1: cb7ed29416920b38a00695d11751ca6766a7b5f9
-    SHA256: 48ac8ae911c490e1b7f7813c0f345677e110ffaa9ef385b86ca25e5519e2c0de
-  Company: MSI
-  Copyright: Copyright (C) 2008-2009 MSI. All rights reserved.
-  CreationTimestamp: '2009-06-11 03:40:43'
-  Date: ''
-  Description: NTIOLib
-  ExportedFunctions: ''
-  FileVersion: 1.0.0.0
-  Filename: NTIOLib.sys
-  ImportedFunctions:
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - IoDeleteDevice
-  - IoCreateDevice
-  - KeBugCheckEx
-  - RtlInitUnicodeString
-  - IoCreateSymbolicLink
-  - IoDeleteSymbolicLink
-  - __C_specific_handler
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: NTIOLib.sys
-  MD5: b0baac4d6cbac384a633c71858b35a2e
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: NTIOLib.sys
-  Product: NTIOLib
-  ProductVersion: 1.0.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 2ee757c19c3e831d8f872914fe1b1384
-    SHA1: 9c58163cf35d80dbe450b656a52ee9de12bc60d2
-    SHA256: c5a21f0ae765d60ce4e2189aa3ca90b603b75ac02d9a98d1ab04375ad398132c
-  SHA1: a7bd05de737f8ea57857f1e0845a25677df01872
-  SHA256: 9c10e2ec4f9ef591415f9a784b93dc9c9cdafa7c69602c0dc860c5b62222e449
-  Sections:
-    .text:
-      Entropy: 6.001141971912083
-      Virtual Size: '0x7b4'
-    .rdata:
-      Entropy: 3.971997786208771
-      Virtual Size: '0x180'
-    .data:
-      Entropy: 0.5096713223407059
-      Virtual Size: '0x114'
-    .pdata:
-      Entropy: 3.2386130246031164
-      Virtual Size: '0x6c'
-    INIT:
-      Entropy: 4.846887314724898
-      Virtual Size: '0x222'
-    .rsrc:
-      Entropy: 3.2498244109800973
-      Virtual Size: '0x370'
-  Signature:
-  - Micro-Star Int'l Co. Ltd.
-  - GlobalSign ObjectSign CA
-  - GlobalSign Primary Object Publishing CA
-  - GlobalSign
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
-        Primary Object Publishing CA
-      ValidFrom: '1999-01-28 12:00:00'
-      ValidTo: '2014-01-27 11:00:00'
-      Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9611cd6
-      Version: 3
-      TBS:
-        MD5: 698f075151097d84c0b1f3e7bc3d6fca
-        SHA1: 041750993d7c9e063f02dfe74699598640911aab
-        SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
-        SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
-    - Subject: C=TW, O=Micro,Star Int'l Co. Ltd., CN=Micro,Star Int'l Co. Ltd.
-      ValidFrom: '2008-08-28 09:49:45'
-      ValidTo: '2011-08-28 09:49:45'
-      Signature: 572df373e9b036711b3cf5ee882e5d75d8d50f012407cf0c1b554ff8f41c7b6477fa0b2ad579f2c1fe7b8b9d7374b690527c219eb979686fb67d0b4cf2885d8d7d1261f05cb72fe4c9f294c52aa05f3e5d1ceb0d77085dbd6af07978032505da666f353283a8982af26985e69c1599479945b591124183574b8a4cc34caa62e31b523dac3fedbd04951b3661399ed34f5c5868d9bbe3295fc09890d9521e1cdcae2ff129f547d4c8ce8aa08616107c555fac60e5b63c14ddfeb6962af3608b75d9c77c69260d8af9775b83afaa15b8ecef6840cb4ee87d451f9042b49735ea40931c0664c8c2bf6a139db6ac5b90edcea63a6bf5b54978f027b1046170d476d0
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0100000000011c08b7f67e
-      Version: 3
-      TBS:
-        MD5: 4566c37f56f951a0ce5b4ae966c0ea9f
-        SHA1: a51cbf2834eb6f8535bc5e44913a9ec979379782
-        SHA256: 88a8e9a799af515b9223e4cdf24d0ef1e72f12124be02786f026a3c26317b417
-        SHA384: d8d8769d5b6a0fe7c56fcde24c735475ee0e5d01c63dbf7690cdae5a3e251818bed42443d0c6424d39e81a19d6c83bdb
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      ValidFrom: '2004-01-22 09:00:00'
-      ValidTo: '2014-01-27 10:00:00'
-      Signature: 3c4a010267edf20a2e736e40252f1dccbc2db652141b27122cf1229e190a89b6ef352a29152b1a88c20f37168d2602d5e93080f608b9939ac0498f332c3035ff4ab9892aa75c38e761a778fe22851a07b4b9edcf21f25ddedff329c5d38d9e14c4285c88e590a300442912b23e759540244a6beee2d0ef862ddf6d741a4f1cc79424c443464f7b81015d23733cd9752e995361565e7ccd13e237d222e570f8a743f6154147fda24702c43651ca545da6cdcad61817533ff1d38e0f0aafda17941657a0991431c90e1611d2c04ca2a25978fbb6b933cff763c9d2c4c84953dd8a59525e7d3b385eed220360ac85cd58325dcdc31c07fa7ef67efbc8ac378be498
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000117ab50b915
-      Version: 3
-      TBS:
-        MD5: 5686b287d716c4d2428b092c4ef30f9c
-        SHA1: 306fb5fbeb3d531510bb4b663c4fd48adc121e14
-        SHA256: 60846fc990e271a707cd2d53d0bb21834a04f7652214aa0c12597ff6649d352d
-        SHA384: 6b37b28ca97b32a31b0fa53b5e961ae0f2d1aae2c5bf46de132e57834ee3968d9af7ad204821f9389cc4e0b5a8481fe8
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 0100000000011c08b7f67e
-      Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      Version: 1
-  Imphash: d6f977640d4810a784d152e4d3c63a6b
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: b70f71ebef5d45dcf99098beb0f72951
-    SHA1: 049b1cd656849214bd5c864c79e3b27be6b46b34
-    SHA256: c1795ec9d05d0efe56e76bf4b76a09a804d3cd5b0e75bc47049d5ee488fc2bec
-  Company: MSI
-  Copyright: Copyright (C) 2008-2009 MSI. All rights reserved.
-  CreationTimestamp: '2010-12-19 23:45:05'
-  Date: ''
-  Description: NTIOLib
-  ExportedFunctions: ''
-  FileVersion: 1.0.0.0
-  Filename: NTIOLib.sys
-  ImportedFunctions:
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - IoDeleteDevice
-  - IoCreateDevice
-  - KeBugCheckEx
-  - RtlInitUnicodeString
-  - IoCreateSymbolicLink
-  - IoDeleteSymbolicLink
-  - __C_specific_handler
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: NTIOLib.sys
-  MD5: b89b097b8b8aecb8341d05136f334ebb
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: NTIOLib.sys
-  Product: NTIOLib
-  ProductVersion: 1.0.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 2ee757c19c3e831d8f872914fe1b1384
-    SHA1: 9c58163cf35d80dbe450b656a52ee9de12bc60d2
-    SHA256: c5a21f0ae765d60ce4e2189aa3ca90b603b75ac02d9a98d1ab04375ad398132c
-  SHA1: cce9b82f01ec68f450f5fe4312f40d929c6a506e
-  SHA256: a961f5939088238d76757669a9a81905e33f247c9c635b908daac146ae063499
-  Sections:
-    .text:
-      Entropy: 6.012418155163931
-      Virtual Size: '0x794'
-    .rdata:
-      Entropy: 4.38662767864017
-      Virtual Size: '0x1b0'
-    .data:
-      Entropy: 0.5096713223407059
-      Virtual Size: '0x114'
-    .pdata:
-      Entropy: 3.217404746311882
-      Virtual Size: '0x6c'
-    INIT:
-      Entropy: 4.846887314724898
-      Virtual Size: '0x222'
-    .rsrc:
-      Entropy: 3.2498244109800973
-      Virtual Size: '0x370'
-  Signature:
-  - Micro-Star Int'l Co. Ltd.
-  - GlobalSign ObjectSign CA
-  - GlobalSign Primary Object Publishing CA
-  - GlobalSign Root CA - R1
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
-        Primary Object Publishing CA
-      ValidFrom: '1999-01-28 12:00:00'
-      ValidTo: '2014-01-27 11:00:00'
-      Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9611cd6
-      Version: 3
-      TBS:
-        MD5: 698f075151097d84c0b1f3e7bc3d6fca
-        SHA1: 041750993d7c9e063f02dfe74699598640911aab
-        SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
-        SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
-    - Subject: C=TW, O=Micro,Star Int'l Co. Ltd., CN=Micro,Star Int'l Co. Ltd.
-      ValidFrom: '2008-08-28 09:49:45'
-      ValidTo: '2011-08-28 09:49:45'
-      Signature: 572df373e9b036711b3cf5ee882e5d75d8d50f012407cf0c1b554ff8f41c7b6477fa0b2ad579f2c1fe7b8b9d7374b690527c219eb979686fb67d0b4cf2885d8d7d1261f05cb72fe4c9f294c52aa05f3e5d1ceb0d77085dbd6af07978032505da666f353283a8982af26985e69c1599479945b591124183574b8a4cc34caa62e31b523dac3fedbd04951b3661399ed34f5c5868d9bbe3295fc09890d9521e1cdcae2ff129f547d4c8ce8aa08616107c555fac60e5b63c14ddfeb6962af3608b75d9c77c69260d8af9775b83afaa15b8ecef6840cb4ee87d451f9042b49735ea40931c0664c8c2bf6a139db6ac5b90edcea63a6bf5b54978f027b1046170d476d0
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0100000000011c08b7f67e
-      Version: 3
-      TBS:
-        MD5: 4566c37f56f951a0ce5b4ae966c0ea9f
-        SHA1: a51cbf2834eb6f8535bc5e44913a9ec979379782
-        SHA256: 88a8e9a799af515b9223e4cdf24d0ef1e72f12124be02786f026a3c26317b417
-        SHA384: d8d8769d5b6a0fe7c56fcde24c735475ee0e5d01c63dbf7690cdae5a3e251818bed42443d0c6424d39e81a19d6c83bdb
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      ValidFrom: '2004-01-22 09:00:00'
-      ValidTo: '2014-01-27 10:00:00'
-      Signature: 3c4a010267edf20a2e736e40252f1dccbc2db652141b27122cf1229e190a89b6ef352a29152b1a88c20f37168d2602d5e93080f608b9939ac0498f332c3035ff4ab9892aa75c38e761a778fe22851a07b4b9edcf21f25ddedff329c5d38d9e14c4285c88e590a300442912b23e759540244a6beee2d0ef862ddf6d741a4f1cc79424c443464f7b81015d23733cd9752e995361565e7ccd13e237d222e570f8a743f6154147fda24702c43651ca545da6cdcad61817533ff1d38e0f0aafda17941657a0991431c90e1611d2c04ca2a25978fbb6b933cff763c9d2c4c84953dd8a59525e7d3b385eed220360ac85cd58325dcdc31c07fa7ef67efbc8ac378be498
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000117ab50b915
-      Version: 3
-      TBS:
-        MD5: 5686b287d716c4d2428b092c4ef30f9c
-        SHA1: 306fb5fbeb3d531510bb4b663c4fd48adc121e14
-        SHA256: 60846fc990e271a707cd2d53d0bb21834a04f7652214aa0c12597ff6649d352d
-        SHA384: 6b37b28ca97b32a31b0fa53b5e961ae0f2d1aae2c5bf46de132e57834ee3968d9af7ad204821f9389cc4e0b5a8481fe8
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 0100000000011c08b7f67e
-      Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      Version: 1
-  Imphash: d6f977640d4810a784d152e4d3c63a6b
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: ec3966c4b4ec6fc15ff0940548fd10c2
-    SHA1: 531a782723ecc50ea4fcfbbfe4b94465782a21d0
-    SHA256: eae8045d43f16e33232fd8bd2399f48b14f8a6391c9fffe38960c03fee978b27
-  Company: MSI
-  Copyright: Copyright (C) 2008-2009 MSI. All rights reserved.
-  CreationTimestamp: '2012-11-18 21:20:28'
-  Date: ''
-  Description: NTIOLib
-  ExportedFunctions: ''
-  FileVersion: 1.0.0.0
-  Filename: NTIOLib.sys
-  ImportedFunctions:
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - IoDeleteDevice
-  - IoCreateDevice
-  - KeBugCheckEx
-  - RtlInitUnicodeString
-  - IoCreateSymbolicLink
-  - IoDeleteSymbolicLink
-  - __C_specific_handler
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: NTIOLib.sys
-  MD5: a711e6ab17802fabf2e69e0cd57c54cd
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: NTIOLib.sys
-  Product: NTIOLib
-  ProductVersion: 1.0.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 39c75f9f5960f67f8cc161923c9e27de
-    SHA1: 04563d9ba3a46a4a80e909593385d142161e460f
-    SHA256: 160c6345935fc4df2858df076b6075d17a8f8adec1d01711474d4221fe4168a8
-  SHA1: e35a2b009d54e1a0b231d8a276251f64231b66a3
-  SHA256: a9706e320179993dade519a83061477ace195daa1b788662825484813001f526
-  Sections:
-    .text:
-      Entropy: 5.975947439924971
-      Virtual Size: '0x7ae'
-    .rdata:
-      Entropy: 4.407100393590958
-      Virtual Size: '0x1b8'
-    .data:
-      Entropy: 0.5096713223407059
-      Virtual Size: '0x114'
-    .pdata:
-      Entropy: 3.2429587897527465
-      Virtual Size: '0x78'
-    INIT:
-      Entropy: 5.022741972184718
-      Virtual Size: '0x242'
-    .rsrc:
-      Entropy: 3.263054562740841
-      Virtual Size: '0x390'
-  Signature:
-  - MICRO-STAR INTERNATIONAL CO., LTD.
-  - GlobalSign CodeSigning CA - G2
-  - GlobalSign Root CA - R1
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G3
-      ValidFrom: '2012-05-01 00:00:00'
-      ValidTo: '2012-12-31 23:59:59'
-      Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
-      Version: 3
-      TBS:
-        MD5: e6d820afb23af20a65cf0b03247ea05e
-        SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
-        SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
-        SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL CO.,
-        LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL CO.,
-        LTD.
-      ValidFrom: '2011-08-30 06:46:09'
-      ValidTo: '2014-08-30 06:46:09'
-      Signature: 87bf57ab7ffd7e005076b34b14ddd924045ec7e389871661794f1ece1bef10e050893b28236cb650af1415f8cd95e86c2052d93311d73e0bbe6fb1c22ddea438a93c8b18bd4b8c0f81ad07032efb46d406bbaa730dd3ac92cbf0d9cc711a397a0e0320b213a5161e6be83ec69967a712b463129ea56d5a8ecd3ff8901be09dfaa0a0f10e879b307863e1b1c3a3149ac73bc3f3160db7012229b57bced6d47b875878663642a8cddd03da1e7f236b8cf16713a5e0f4c892aaca77a8c7dab41d84567e2bbf09b336a2824e0e18d54d199e6e024d2630bb210cd24a9ef4b377be0429e2ecc9bf8478a8c6a78c686e26f29c95925baee85e4bbb97b6eecffe44a25e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
-      Version: 3
-      TBS:
-        MD5: 3a98a18e8636f2a01e49e2a6d116c360
-        SHA1: a2938150e46525adcec2e3a2348824bc1cf532b2
-        SHA256: 01a2e2d31d0a4f3005753cce5972b5da2a7c08b0750fb6947e0fd231e64ae7ec
-        SHA384: 722398e51e6b5bbe064df372be6b6a9ccfcc9719ad775213cae46920e0a3e6c5a4dc8b912de3148abfc60ff4a59050ea
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: d6f977640d4810a784d152e4d3c63a6b
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 364af1be1135ce8bede31bb6c201f7bb
-    SHA1: 3d0c8e9e7fcd431a91d4c4ea088d94fa371d546b
-    SHA256: c1c18591d7b68fafa870f3d0f1124a353682765236674cc7476c5f1cc71b1528
-  Company: MSI
-  Copyright: Copyright (C) 2008-2009 MSI. All rights reserved.
-  CreationTimestamp: '2011-01-26 23:43:32'
-  Date: ''
-  Description: NTIOLib
-  ExportedFunctions: ''
-  FileVersion: 1.0.0.0
-  Filename: NTIOLib.sys
-  ImportedFunctions:
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - IoDeleteDevice
-  - IoCreateDevice
-  - KeBugCheckEx
-  - RtlInitUnicodeString
-  - IoCreateSymbolicLink
-  - IoDeleteSymbolicLink
-  - __C_specific_handler
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: NTIOLib.sys
-  MD5: 490b1f404c4f31f4538b36736c990136
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: NTIOLib.sys
-  Product: NTIOLib
-  ProductVersion: 1.0.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 2ee757c19c3e831d8f872914fe1b1384
-    SHA1: 9c58163cf35d80dbe450b656a52ee9de12bc60d2
-    SHA256: c5a21f0ae765d60ce4e2189aa3ca90b603b75ac02d9a98d1ab04375ad398132c
-  SHA1: 37364cb5f5cefd68e5eca56f95c0ab4aff43afcc
-  SHA256: b7a20b5f15e1871b392782c46ebcc897929443d82073ee4dcb3874b6a5976b5d
-  Sections:
-    .text:
-      Entropy: 6.009303802596938
-      Virtual Size: '0x794'
-    .rdata:
-      Entropy: 4.365165608318326
-      Virtual Size: '0x1b0'
-    .data:
-      Entropy: 0.5096713223407059
-      Virtual Size: '0x114'
-    .pdata:
-      Entropy: 3.217404746311882
-      Virtual Size: '0x6c'
-    INIT:
-      Entropy: 4.846887314724898
-      Virtual Size: '0x222'
-    .rsrc:
-      Entropy: 3.2498244109800973
-      Virtual Size: '0x370'
-  Signature:
-  - Micro-Star Int'l Co. Ltd.
-  - GlobalSign ObjectSign CA
-  - GlobalSign Primary Object Publishing CA
-  - GlobalSign
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
-        Primary Object Publishing CA
-      ValidFrom: '1999-01-28 12:00:00'
-      ValidTo: '2014-01-27 11:00:00'
-      Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9611cd6
-      Version: 3
-      TBS:
-        MD5: 698f075151097d84c0b1f3e7bc3d6fca
-        SHA1: 041750993d7c9e063f02dfe74699598640911aab
-        SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
-        SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
-    - Subject: C=TW, O=Micro,Star Int'l Co. Ltd., CN=Micro,Star Int'l Co. Ltd.
-      ValidFrom: '2008-08-28 09:49:45'
-      ValidTo: '2011-08-28 09:49:45'
-      Signature: 572df373e9b036711b3cf5ee882e5d75d8d50f012407cf0c1b554ff8f41c7b6477fa0b2ad579f2c1fe7b8b9d7374b690527c219eb979686fb67d0b4cf2885d8d7d1261f05cb72fe4c9f294c52aa05f3e5d1ceb0d77085dbd6af07978032505da666f353283a8982af26985e69c1599479945b591124183574b8a4cc34caa62e31b523dac3fedbd04951b3661399ed34f5c5868d9bbe3295fc09890d9521e1cdcae2ff129f547d4c8ce8aa08616107c555fac60e5b63c14ddfeb6962af3608b75d9c77c69260d8af9775b83afaa15b8ecef6840cb4ee87d451f9042b49735ea40931c0664c8c2bf6a139db6ac5b90edcea63a6bf5b54978f027b1046170d476d0
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0100000000011c08b7f67e
-      Version: 3
-      TBS:
-        MD5: 4566c37f56f951a0ce5b4ae966c0ea9f
-        SHA1: a51cbf2834eb6f8535bc5e44913a9ec979379782
-        SHA256: 88a8e9a799af515b9223e4cdf24d0ef1e72f12124be02786f026a3c26317b417
-        SHA384: d8d8769d5b6a0fe7c56fcde24c735475ee0e5d01c63dbf7690cdae5a3e251818bed42443d0c6424d39e81a19d6c83bdb
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      ValidFrom: '2004-01-22 09:00:00'
-      ValidTo: '2014-01-27 10:00:00'
-      Signature: 3c4a010267edf20a2e736e40252f1dccbc2db652141b27122cf1229e190a89b6ef352a29152b1a88c20f37168d2602d5e93080f608b9939ac0498f332c3035ff4ab9892aa75c38e761a778fe22851a07b4b9edcf21f25ddedff329c5d38d9e14c4285c88e590a300442912b23e759540244a6beee2d0ef862ddf6d741a4f1cc79424c443464f7b81015d23733cd9752e995361565e7ccd13e237d222e570f8a743f6154147fda24702c43651ca545da6cdcad61817533ff1d38e0f0aafda17941657a0991431c90e1611d2c04ca2a25978fbb6b933cff763c9d2c4c84953dd8a59525e7d3b385eed220360ac85cd58325dcdc31c07fa7ef67efbc8ac378be498
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000117ab50b915
-      Version: 3
-      TBS:
-        MD5: 5686b287d716c4d2428b092c4ef30f9c
-        SHA1: 306fb5fbeb3d531510bb4b663c4fd48adc121e14
-        SHA256: 60846fc990e271a707cd2d53d0bb21834a04f7652214aa0c12597ff6649d352d
-        SHA384: 6b37b28ca97b32a31b0fa53b5e961ae0f2d1aae2c5bf46de132e57834ee3968d9af7ad204821f9389cc4e0b5a8481fe8
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 0100000000011c08b7f67e
-      Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      Version: 1
-  Imphash: d6f977640d4810a784d152e4d3c63a6b
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: c7069e41aab11ec8cb06657e6e8babd0
-    SHA1: 156907d0ca2ecff7efa07f479622b018af74bf2f
-    SHA256: 9c513f4d4c38a10af9f4a967bb6c7901275adf0df8046fc7e1b7e4c3e3c7c3cf
-  Company: MSI
-  Copyright: Copyright (C) 2015 MSI. All rights reserved.
-  CreationTimestamp: '2015-05-14 19:48:55'
-  Date: ''
-  Description: NTIOLib
-  ExportedFunctions: ''
-  FileVersion: 1.0.0.1
-  Filename: NTIOLib.sys
-  ImportedFunctions:
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - IoDeleteDevice
-  - IoCreateDevice
-  - KeBugCheckEx
-  - RtlInitUnicodeString
-  - IoCreateSymbolicLink
-  - IoDeleteSymbolicLink
-  - __C_specific_handler
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: NTIOLib.sys
-  MD5: 6f5d54ab483659ac78672440422ae3f1
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: NTIOLib_X64.sys
-  Product: NTIOLib
-  ProductVersion: 1.0.0.1
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 41ddd08b440611823bc5d8cb732c563d
-    SHA1: 8acdfc9ac988c6250e2a031640f6e169b5fddb73
-    SHA256: 189683b4db2e68d2f0b3f91f1141907b3887f23991867a68a22389d40ad3634e
-  SHA1: d62fa51e520022483bdc5847141658de689c0c29
-  SHA256: cc586254e9e89e88334adee44e332166119307e79c2f18f6c2ab90ce8ba7fc9b
-  Sections:
-    .text:
-      Entropy: 5.981169985310225
-      Virtual Size: '0x796'
-    .rdata:
-      Entropy: 4.1249295039622025
-      Virtual Size: '0x194'
-    .data:
-      Entropy: 0.5096713223407059
-      Virtual Size: '0x114'
-    .pdata:
-      Entropy: 3.370810739796811
-      Virtual Size: '0x78'
-    INIT:
-      Entropy: 5.046663153942613
-      Virtual Size: '0x242'
-    .rsrc:
-      Entropy: 3.260584183914935
-      Virtual Size: '0x370'
-  Signature:
-  - MICRO-STAR INTERNATIONAL CO., LTD.
-  - GlobalSign CodeSigning CA - G2
-  - GlobalSign Root CA - R1
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2011-04-15 19:55:08'
-      ValidTo: '2021-04-15 20:05:08'
-      Signature: 5ff8d065746a81c6a6ca5b03b6914ae84bbdef2ba142f0efb4a5adcd3389ec0b9585ac62501108aa58d25aa08310e5a6337af25af2c5fe787cf09c83df190ad97396002dd62ccde914d41d9de83f3c1a76f7904efb01350a6c9313a0c356eb67a0e4d17a96dec267f190f80a7bf5321b94ec5f751f8d1b34da6c58a7cb2d279e2226b7c9aa30cc0777b836e38201b5393ccc8dd9a75f7f23b3877fdb5798918bd7ce2520e39d644fdd87f72b68490318e0a5df7c5f68644d36838d4781f2e9e0a869abfa7b163c05a449ea8830190a6c73055178dfd41ddd3ad47f2de44e54be83431e7a7433b4a4ebd77073bc2a02988966eef6bc8f749378e329025a5a43e258ce7ccf9acad236893be25fda26054ec8d4e72c910e1797c5beee8b13112323294ffa83d050f6bafad53db3173df4ff034aa325dce67561d1fa35086bd62744d068b78d45e0eb852cc8a15d614474160e5958aed2b5eea5bcd6d7076ab62978fd976767dd8d4f17944fd2ed0caf972437c3a29c81da6be143b6577b4cecbf791319e79fe844e94781b75e701e91f83dd17b27f50b7056434805dda92fab86101d0b12e31ad04c6e75ded645b30b748887935c564a41029af7aeb799d8b67f88fa11f2457cf4d71b91c01cf1a0fbd4080a411a142acef4eb34486e66879ed54b7a397fbb0e3d3861cf735706e412066bd96b5308cd7018c22d4f974691bca9f0
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 6129152700000000002a
-      Version: 3
-      TBS:
-        MD5: 0bb058d116f02817737920f112d9fd3b
-        SHA1: fd116235171a4feafedee586b7a59185fb5fd7e6
-        SHA256: f970426cc46d2ae0fc5f899fa19dbe76e05f07e525654c60c3c9399492c291f4
-        SHA384: c0df876be008c26ca407fe904e6f5e7ccded17f9c16830ce9f8022309c9e64c97f494810f152811ae43e223b82ad7cc6
-    - Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL CO.,
-        LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL CO.,
-        LTD.
-      ValidFrom: '2014-06-03 09:16:15'
-      ValidTo: '2017-09-03 09:16:15'
-      Signature: 8c35a5b5d3503f50119ab8f99b07a4bb4b71cafaf983206f744545c2997ae1762032fa2d37f4780cfe83bfa999d7bcbd863dc4a51ff39978160e2e191482ae6d7f08e8ffa337c96d8c2d38ddf476a497265a890c1bbf0dee89b1abd32343889a3757732d205ba06525fa8f6e15005405a53e55cef71ac0b6af3a640e4c8aef5e950ab8a8b5c8bcddb2ade96ad9473a3d860ae16fdbe3362cabfd916da089167d906d378dbf4534f7ffb77d87baba29f8f5bbbd9b4b7c127ac170a270dc7a7272d38fdf3bbadbfb448d47e5dd4d310a588666a0d66762e1b3704b1e00e39739190c02f4b981cf2d27ba07d2472ec320edf29e263f26278995d162102968c999b3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112158044863e4dc19cf29a85668b7f45842
-      Version: 3
-      TBS:
-        MD5: 403bb44a62aed1a94bd5df05b3292482
-        SHA1: e4a0353e75940ab1e8cbff2f433f186c7f0b0f09
-        SHA256: 5b81998ed98b343c04134c336e03f3051779eae0e9f882e8339593d18556375d
-        SHA384: db0076cad41a0ef4ea68754ef6905bd5ff772adcb745b05c0060344e43588abc95952dc3ad272f5a8f17b206e4089aca
-    Signer:
-    - SerialNumber: 112158044863e4dc19cf29a85668b7f45842
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: d6f977640d4810a784d152e4d3c63a6b
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 55cd6f1f309b3409bf2cb92a4eb56e74
-    SHA1: e7558eaa5e3357ca3010ee219cf52fdf46e5cd5a
-    SHA256: a502c904a7fe42183d3ea66f1e01fbd4321eb202280b054b9124dd333f093ba2
-  Company: MSI
-  Copyright: Copyright (C) 2008-2009 MSI. All rights reserved.
-  CreationTimestamp: '2012-11-18 21:32:58'
-  Date: ''
-  Description: NTIOLib
-  ExportedFunctions: ''
-  FileVersion: 1.0.0.0
-  Filename: NTIOLib.sys
-  ImportedFunctions:
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - IoDeleteDevice
-  - IoCreateDevice
-  - KeBugCheckEx
-  - RtlInitUnicodeString
-  - IoCreateSymbolicLink
-  - IoDeleteSymbolicLink
-  - __C_specific_handler
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: NTIOLib.sys
-  MD5: dd04cd3de0c19bede84e9c95a86b3ca8
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: NTIOLib.sys
-  Product: NTIOLib
-  ProductVersion: 1.0.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 39c75f9f5960f67f8cc161923c9e27de
-    SHA1: 04563d9ba3a46a4a80e909593385d142161e460f
-    SHA256: 160c6345935fc4df2858df076b6075d17a8f8adec1d01711474d4221fe4168a8
-  SHA1: 93aa3bb934b74160446df3a47fa085fd7f3a6be9
-  SHA256: cd4a249c3ef65af285d0f8f30a8a96e83688486aab515836318a2559757a89bb
-  Sections:
-    .text:
-      Entropy: 5.978512693873158
-      Virtual Size: '0x7b4'
-    .rdata:
-      Entropy: 4.412631225089427
-      Virtual Size: '0x1bc'
-    .data:
-      Entropy: 0.5096713223407059
-      Virtual Size: '0x114'
-    .pdata:
-      Entropy: 3.2266179565636444
-      Virtual Size: '0x78'
-    INIT:
-      Entropy: 5.022741972184718
-      Virtual Size: '0x242'
-    .rsrc:
-      Entropy: 3.2598670707049178
-      Virtual Size: '0x398'
-  Signature:
-  - MICRO-STAR INTERNATIONAL CO., LTD.
-  - GlobalSign CodeSigning CA - G2
-  - GlobalSign Root CA - R1
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G3
-      ValidFrom: '2012-05-01 00:00:00'
-      ValidTo: '2012-12-31 23:59:59'
-      Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
-      Version: 3
-      TBS:
-        MD5: e6d820afb23af20a65cf0b03247ea05e
-        SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
-        SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
-        SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL CO.,
-        LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL CO.,
-        LTD.
-      ValidFrom: '2011-08-30 06:46:09'
-      ValidTo: '2014-08-30 06:46:09'
-      Signature: 87bf57ab7ffd7e005076b34b14ddd924045ec7e389871661794f1ece1bef10e050893b28236cb650af1415f8cd95e86c2052d93311d73e0bbe6fb1c22ddea438a93c8b18bd4b8c0f81ad07032efb46d406bbaa730dd3ac92cbf0d9cc711a397a0e0320b213a5161e6be83ec69967a712b463129ea56d5a8ecd3ff8901be09dfaa0a0f10e879b307863e1b1c3a3149ac73bc3f3160db7012229b57bced6d47b875878663642a8cddd03da1e7f236b8cf16713a5e0f4c892aaca77a8c7dab41d84567e2bbf09b336a2824e0e18d54d199e6e024d2630bb210cd24a9ef4b377be0429e2ecc9bf8478a8c6a78c686e26f29c95925baee85e4bbb97b6eecffe44a25e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
-      Version: 3
-      TBS:
-        MD5: 3a98a18e8636f2a01e49e2a6d116c360
-        SHA1: a2938150e46525adcec2e3a2348824bc1cf532b2
-        SHA256: 01a2e2d31d0a4f3005753cce5972b5da2a7c08b0750fb6947e0fd231e64ae7ec
-        SHA384: 722398e51e6b5bbe064df372be6b6a9ccfcc9719ad775213cae46920e0a3e6c5a4dc8b912de3148abfc60ff4a59050ea
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: d6f977640d4810a784d152e4d3c63a6b
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 0c06dcbb129db21d296df3f6f8e98514
-    SHA1: d3642da8e37cb772b1dd7b75a69323a4a00566c8
-    SHA256: ce89124d29b5e562bbcc2f07b1dfac0f22dd66ad3deb32dd32c8c138a3739ef8
-  Company: MSI
-  Copyright: Copyright (C) 2008-2009 MSI. All rights reserved.
-  CreationTimestamp: '2012-11-20 01:11:26'
-  Date: ''
-  Description: NTIOLib for MSIClock_CC
-  ExportedFunctions: ''
-  FileVersion: 1.0.0.0
-  Filename: NTIOLib.sys
-  ImportedFunctions:
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - IoDeleteDevice
-  - IoCreateDevice
-  - KeBugCheckEx
-  - RtlInitUnicodeString
-  - IoCreateSymbolicLink
-  - IoDeleteSymbolicLink
-  - __C_specific_handler
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: NTIOLib.sys
-  MD5: 95e4c7b0384da89dce8ea6f31c3613d9
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: NTIOLib.sys
-  Product: NTIOLib
-  ProductVersion: 1.0.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 39c75f9f5960f67f8cc161923c9e27de
-    SHA1: 04563d9ba3a46a4a80e909593385d142161e460f
-    SHA256: 160c6345935fc4df2858df076b6075d17a8f8adec1d01711474d4221fe4168a8
-  SHA1: ec4cc6de4c779bb1ca1dd32ee3a03f7e8d633a9b
-  SHA256: cf4b5fa853ce809f1924df3a3ae3c4e191878c4ea5248d8785dc7e51807a512b
-  Sections:
-    .text:
-      Entropy: 5.966682819331583
-      Virtual Size: '0x7e0'
-    .rdata:
-      Entropy: 4.42947106384773
-      Virtual Size: '0x1b8'
-    .data:
-      Entropy: 0.5096713223407059
-      Virtual Size: '0x114'
-    .pdata:
-      Entropy: 3.333607461074226
-      Virtual Size: '0x78'
-    INIT:
-      Entropy: 5.022741972184718
-      Virtual Size: '0x242'
-    .rsrc:
-      Entropy: 3.2766504288129297
-      Virtual Size: '0x390'
-  Signature:
-  - MICRO-STAR INTERNATIONAL CO., LTD.
-  - GlobalSign CodeSigning CA - G2
-  - GlobalSign Root CA - R1
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G3
-      ValidFrom: '2012-05-01 00:00:00'
-      ValidTo: '2012-12-31 23:59:59'
-      Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
-      Version: 3
-      TBS:
-        MD5: e6d820afb23af20a65cf0b03247ea05e
-        SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
-        SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
-        SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL CO.,
-        LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL CO.,
-        LTD.
-      ValidFrom: '2011-08-30 06:46:09'
-      ValidTo: '2014-08-30 06:46:09'
-      Signature: 87bf57ab7ffd7e005076b34b14ddd924045ec7e389871661794f1ece1bef10e050893b28236cb650af1415f8cd95e86c2052d93311d73e0bbe6fb1c22ddea438a93c8b18bd4b8c0f81ad07032efb46d406bbaa730dd3ac92cbf0d9cc711a397a0e0320b213a5161e6be83ec69967a712b463129ea56d5a8ecd3ff8901be09dfaa0a0f10e879b307863e1b1c3a3149ac73bc3f3160db7012229b57bced6d47b875878663642a8cddd03da1e7f236b8cf16713a5e0f4c892aaca77a8c7dab41d84567e2bbf09b336a2824e0e18d54d199e6e024d2630bb210cd24a9ef4b377be0429e2ecc9bf8478a8c6a78c686e26f29c95925baee85e4bbb97b6eecffe44a25e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
-      Version: 3
-      TBS:
-        MD5: 3a98a18e8636f2a01e49e2a6d116c360
-        SHA1: a2938150e46525adcec2e3a2348824bc1cf532b2
-        SHA256: 01a2e2d31d0a4f3005753cce5972b5da2a7c08b0750fb6947e0fd231e64ae7ec
-        SHA384: 722398e51e6b5bbe064df372be6b6a9ccfcc9719ad775213cae46920e0a3e6c5a4dc8b912de3148abfc60ff4a59050ea
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: d6f977640d4810a784d152e4d3c63a6b
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 37256f56e87f5530dd63e3069a3e3252
-    SHA1: 17f4ab1865a5a2be4768cd25019439441fd0e10b
-    SHA256: 61a3bf24d4e3eac56c380b022dfc195bad4cc8d03156cdc3ba743faab582284a
-  Company: MSI
-  Copyright: Copyright (C) 2016 Micro-Star INT'L CO., LTD.
-  CreationTimestamp: '2016-10-11 01:40:12'
-  Date: ''
-  Description: NTIOLib
-  ExportedFunctions: ''
-  FileVersion: 1.0.0.01
-  Filename: NTIOLib.sys
-  ImportedFunctions:
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - IoDeleteDevice
-  - IoCreateDevice
-  - KeBugCheckEx
-  - RtlInitUnicodeString
-  - IoCreateSymbolicLink
-  - IoDeleteSymbolicLink
-  - __C_specific_handler
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: NTIOLib.sys
-  MD5: 9aa7ed7809eec0d8bc6c545a1d18107a
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: NTIOLib.sys
-  Product: NTIOLib
-  ProductVersion: 1.0.0.01
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 41ddd08b440611823bc5d8cb732c563d
-    SHA1: 8acdfc9ac988c6250e2a031640f6e169b5fddb73
-    SHA256: 189683b4db2e68d2f0b3f91f1141907b3887f23991867a68a22389d40ad3634e
-  SHA1: 35f1ba60ba0da8512a0b1b15ee8e30fe240d77cd
-  SHA256: d0bd1ae72aeb5f3eabf1531a635f990e5eaae7fdd560342f915f723766c80889
-  Sections:
-    .text:
-      Entropy: 5.978079396715016
-      Virtual Size: '0x7aa'
-    .rdata:
-      Entropy: 4.212893870600013
-      Virtual Size: '0x19c'
-    .data:
-      Entropy: 0.5096713223407059
-      Virtual Size: '0x114'
-    .pdata:
-      Entropy: 3.276775635503942
-      Virtual Size: '0x78'
-    INIT:
-      Entropy: 5.046663153942613
-      Virtual Size: '0x242'
-    .rsrc:
-      Entropy: 3.262254565992317
-      Virtual Size: '0x370'
-  Signature:
-  - MICRO-STAR INTERNATIONAL CO., LTD.
-  - GlobalSign CodeSigning CA - G2
-  - GlobalSign Root CA - R1
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2011-04-15 19:55:08'
-      ValidTo: '2021-04-15 20:05:08'
-      Signature: 5ff8d065746a81c6a6ca5b03b6914ae84bbdef2ba142f0efb4a5adcd3389ec0b9585ac62501108aa58d25aa08310e5a6337af25af2c5fe787cf09c83df190ad97396002dd62ccde914d41d9de83f3c1a76f7904efb01350a6c9313a0c356eb67a0e4d17a96dec267f190f80a7bf5321b94ec5f751f8d1b34da6c58a7cb2d279e2226b7c9aa30cc0777b836e38201b5393ccc8dd9a75f7f23b3877fdb5798918bd7ce2520e39d644fdd87f72b68490318e0a5df7c5f68644d36838d4781f2e9e0a869abfa7b163c05a449ea8830190a6c73055178dfd41ddd3ad47f2de44e54be83431e7a7433b4a4ebd77073bc2a02988966eef6bc8f749378e329025a5a43e258ce7ccf9acad236893be25fda26054ec8d4e72c910e1797c5beee8b13112323294ffa83d050f6bafad53db3173df4ff034aa325dce67561d1fa35086bd62744d068b78d45e0eb852cc8a15d614474160e5958aed2b5eea5bcd6d7076ab62978fd976767dd8d4f17944fd2ed0caf972437c3a29c81da6be143b6577b4cecbf791319e79fe844e94781b75e701e91f83dd17b27f50b7056434805dda92fab86101d0b12e31ad04c6e75ded645b30b748887935c564a41029af7aeb799d8b67f88fa11f2457cf4d71b91c01cf1a0fbd4080a411a142acef4eb34486e66879ed54b7a397fbb0e3d3861cf735706e412066bd96b5308cd7018c22d4f974691bca9f0
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 6129152700000000002a
-      Version: 3
-      TBS:
-        MD5: 0bb058d116f02817737920f112d9fd3b
-        SHA1: fd116235171a4feafedee586b7a59185fb5fd7e6
-        SHA256: f970426cc46d2ae0fc5f899fa19dbe76e05f07e525654c60c3c9399492c291f4
-        SHA384: c0df876be008c26ca407fe904e6f5e7ccded17f9c16830ce9f8022309c9e64c97f494810f152811ae43e223b82ad7cc6
-    - Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL CO.,
-        LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL CO.,
-        LTD.
-      ValidFrom: '2014-06-03 09:16:15'
-      ValidTo: '2017-09-03 09:16:15'
-      Signature: 8c35a5b5d3503f50119ab8f99b07a4bb4b71cafaf983206f744545c2997ae1762032fa2d37f4780cfe83bfa999d7bcbd863dc4a51ff39978160e2e191482ae6d7f08e8ffa337c96d8c2d38ddf476a497265a890c1bbf0dee89b1abd32343889a3757732d205ba06525fa8f6e15005405a53e55cef71ac0b6af3a640e4c8aef5e950ab8a8b5c8bcddb2ade96ad9473a3d860ae16fdbe3362cabfd916da089167d906d378dbf4534f7ffb77d87baba29f8f5bbbd9b4b7c127ac170a270dc7a7272d38fdf3bbadbfb448d47e5dd4d310a588666a0d66762e1b3704b1e00e39739190c02f4b981cf2d27ba07d2472ec320edf29e263f26278995d162102968c999b3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112158044863e4dc19cf29a85668b7f45842
-      Version: 3
-      TBS:
-        MD5: 403bb44a62aed1a94bd5df05b3292482
-        SHA1: e4a0353e75940ab1e8cbff2f433f186c7f0b0f09
-        SHA256: 5b81998ed98b343c04134c336e03f3051779eae0e9f882e8339593d18556375d
-        SHA384: db0076cad41a0ef4ea68754ef6905bd5ff772adcb745b05c0060344e43588abc95952dc3ad272f5a8f17b206e4089aca
-    Signer:
-    - SerialNumber: 112158044863e4dc19cf29a85668b7f45842
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: d6f977640d4810a784d152e4d3c63a6b
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: c6830e904e56ea951005ea7639eedd35
-    SHA1: c57c0dd18135bca5fdb094858a70033c006cd281
-    SHA256: 4a05ad47cd63932b3df2d0f1f42617321729772211bec651fe061140d3e75957
-  Company: MSI
-  Copyright: Copyright (C) 2008-2009 MSI. All rights reserved.
-  CreationTimestamp: '2011-01-05 20:05:14'
-  Date: ''
-  Description: NTIOLib
-  ExportedFunctions: ''
-  FileVersion: 1.0.0.0
-  Filename: NTIOLib.sys
-  ImportedFunctions:
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - IoDeleteDevice
-  - IoCreateDevice
-  - KeBugCheckEx
-  - RtlInitUnicodeString
-  - IoCreateSymbolicLink
-  - IoDeleteSymbolicLink
-  - __C_specific_handler
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: NTIOLib.sys
-  MD5: c02f70960fa934b8defa16a03d7f6556
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: NTIOLib.sys
-  Product: NTIOLib
-  ProductVersion: 1.0.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 2ee757c19c3e831d8f872914fe1b1384
-    SHA1: 9c58163cf35d80dbe450b656a52ee9de12bc60d2
-    SHA256: c5a21f0ae765d60ce4e2189aa3ca90b603b75ac02d9a98d1ab04375ad398132c
-  SHA1: 3805e4e08ad342d224973ecdade8b00c40ed31be
-  SHA256: d8b58f6a89a7618558e37afc360cd772b6731e3ba367f8d58734ecee2244a530
-  Sections:
-    .text:
-      Entropy: 6.012418155163931
-      Virtual Size: '0x794'
-    .rdata:
-      Entropy: 4.38104344738678
-      Virtual Size: '0x1b0'
-    .data:
-      Entropy: 0.5096713223407059
-      Virtual Size: '0x114'
-    .pdata:
-      Entropy: 3.217404746311882
-      Virtual Size: '0x6c'
-    INIT:
-      Entropy: 4.846887314724898
-      Virtual Size: '0x222'
-    .rsrc:
-      Entropy: 3.2498244109800973
-      Virtual Size: '0x370'
-  Signature:
-  - Micro-Star Int'l Co. Ltd.
-  - GlobalSign ObjectSign CA
-  - GlobalSign Primary Object Publishing CA
-  - GlobalSign Root CA - R1
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
-        Primary Object Publishing CA
-      ValidFrom: '1999-01-28 12:00:00'
-      ValidTo: '2014-01-27 11:00:00'
-      Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9611cd6
-      Version: 3
-      TBS:
-        MD5: 698f075151097d84c0b1f3e7bc3d6fca
-        SHA1: 041750993d7c9e063f02dfe74699598640911aab
-        SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
-        SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
-    - Subject: C=TW, O=Micro,Star Int'l Co. Ltd., CN=Micro,Star Int'l Co. Ltd.
-      ValidFrom: '2008-08-28 09:49:45'
-      ValidTo: '2011-08-28 09:49:45'
-      Signature: 572df373e9b036711b3cf5ee882e5d75d8d50f012407cf0c1b554ff8f41c7b6477fa0b2ad579f2c1fe7b8b9d7374b690527c219eb979686fb67d0b4cf2885d8d7d1261f05cb72fe4c9f294c52aa05f3e5d1ceb0d77085dbd6af07978032505da666f353283a8982af26985e69c1599479945b591124183574b8a4cc34caa62e31b523dac3fedbd04951b3661399ed34f5c5868d9bbe3295fc09890d9521e1cdcae2ff129f547d4c8ce8aa08616107c555fac60e5b63c14ddfeb6962af3608b75d9c77c69260d8af9775b83afaa15b8ecef6840cb4ee87d451f9042b49735ea40931c0664c8c2bf6a139db6ac5b90edcea63a6bf5b54978f027b1046170d476d0
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0100000000011c08b7f67e
-      Version: 3
-      TBS:
-        MD5: 4566c37f56f951a0ce5b4ae966c0ea9f
-        SHA1: a51cbf2834eb6f8535bc5e44913a9ec979379782
-        SHA256: 88a8e9a799af515b9223e4cdf24d0ef1e72f12124be02786f026a3c26317b417
-        SHA384: d8d8769d5b6a0fe7c56fcde24c735475ee0e5d01c63dbf7690cdae5a3e251818bed42443d0c6424d39e81a19d6c83bdb
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      ValidFrom: '2004-01-22 09:00:00'
-      ValidTo: '2014-01-27 10:00:00'
-      Signature: 3c4a010267edf20a2e736e40252f1dccbc2db652141b27122cf1229e190a89b6ef352a29152b1a88c20f37168d2602d5e93080f608b9939ac0498f332c3035ff4ab9892aa75c38e761a778fe22851a07b4b9edcf21f25ddedff329c5d38d9e14c4285c88e590a300442912b23e759540244a6beee2d0ef862ddf6d741a4f1cc79424c443464f7b81015d23733cd9752e995361565e7ccd13e237d222e570f8a743f6154147fda24702c43651ca545da6cdcad61817533ff1d38e0f0aafda17941657a0991431c90e1611d2c04ca2a25978fbb6b933cff763c9d2c4c84953dd8a59525e7d3b385eed220360ac85cd58325dcdc31c07fa7ef67efbc8ac378be498
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000117ab50b915
-      Version: 3
-      TBS:
-        MD5: 5686b287d716c4d2428b092c4ef30f9c
-        SHA1: 306fb5fbeb3d531510bb4b663c4fd48adc121e14
-        SHA256: 60846fc990e271a707cd2d53d0bb21834a04f7652214aa0c12597ff6649d352d
-        SHA384: 6b37b28ca97b32a31b0fa53b5e961ae0f2d1aae2c5bf46de132e57834ee3968d9af7ad204821f9389cc4e0b5a8481fe8
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 0100000000011c08b7f67e
-      Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      Version: 1
-  Imphash: d6f977640d4810a784d152e4d3c63a6b
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 6b5dd12cfdee0cf8a654eacc65028c36
-    SHA1: 081d87fdb40a348b85382c63ea029281f213b778
-    SHA256: d82a938dc7b0077a06d940bd3ce6097e3b02cdc254ec6fd863c0e526f2af69fa
-  Company: MSI
-  Copyright: Copyright (C) 2008-2009 MSI. All rights reserved.
-  CreationTimestamp: '2011-09-19 21:09:19'
-  Date: ''
-  Description: NTIOLib
-  ExportedFunctions: ''
-  FileVersion: 1.0.0.0
-  Filename: NTIOLib.sys
-  ImportedFunctions:
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - IoDeleteDevice
-  - IoCreateDevice
-  - KeBugCheckEx
-  - RtlInitUnicodeString
-  - IoCreateSymbolicLink
-  - IoDeleteSymbolicLink
-  - __C_specific_handler
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: NTIOLib.sys
-  MD5: 300c5b1795c9b6cc1bc4d7d55c7bbe85
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: NTIOLib.sys
-  Product: NTIOLib
-  ProductVersion: 1.0.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 2ee757c19c3e831d8f872914fe1b1384
-    SHA1: 9c58163cf35d80dbe450b656a52ee9de12bc60d2
-    SHA256: c5a21f0ae765d60ce4e2189aa3ca90b603b75ac02d9a98d1ab04375ad398132c
-  SHA1: 65d8a7c2e867b22d1c14592b020c548dd0665646
-  SHA256: d92eab70bcece4432258c9c9a914483a2267f6ab5ce2630048d3a99e8cb1b482
-  Sections:
-    .text:
-      Entropy: 6.006903393945739
-      Virtual Size: '0x794'
-    .rdata:
-      Entropy: 4.348917494639358
-      Virtual Size: '0x1b0'
-    .data:
-      Entropy: 0.5096713223407059
-      Virtual Size: '0x114'
-    .pdata:
-      Entropy: 3.217404746311882
-      Virtual Size: '0x6c'
-    INIT:
-      Entropy: 4.846887314724898
-      Virtual Size: '0x222'
-    .rsrc:
-      Entropy: 3.2498244109800973
-      Virtual Size: '0x370'
-  Signature:
-  - MICRO-STAR INTERNATIONAL CO., LTD.
-  - GlobalSign CodeSigning CA - G2
-  - GlobalSign Root CA - R1
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL CO.,
-        LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL CO.,
-        LTD.
-      ValidFrom: '2011-08-30 06:46:09'
-      ValidTo: '2014-08-30 06:46:09'
-      Signature: 87bf57ab7ffd7e005076b34b14ddd924045ec7e389871661794f1ece1bef10e050893b28236cb650af1415f8cd95e86c2052d93311d73e0bbe6fb1c22ddea438a93c8b18bd4b8c0f81ad07032efb46d406bbaa730dd3ac92cbf0d9cc711a397a0e0320b213a5161e6be83ec69967a712b463129ea56d5a8ecd3ff8901be09dfaa0a0f10e879b307863e1b1c3a3149ac73bc3f3160db7012229b57bced6d47b875878663642a8cddd03da1e7f236b8cf16713a5e0f4c892aaca77a8c7dab41d84567e2bbf09b336a2824e0e18d54d199e6e024d2630bb210cd24a9ef4b377be0429e2ecc9bf8478a8c6a78c686e26f29c95925baee85e4bbb97b6eecffe44a25e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
-      Version: 3
-      TBS:
-        MD5: 3a98a18e8636f2a01e49e2a6d116c360
-        SHA1: a2938150e46525adcec2e3a2348824bc1cf532b2
-        SHA256: 01a2e2d31d0a4f3005753cce5972b5da2a7c08b0750fb6947e0fd231e64ae7ec
-        SHA384: 722398e51e6b5bbe064df372be6b6a9ccfcc9719ad775213cae46920e0a3e6c5a4dc8b912de3148abfc60ff4a59050ea
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: d6f977640d4810a784d152e4d3c63a6b
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: c80d819869c1718a58dfada2167e842c
-    SHA1: 0d6b74ac325c816bfdc20aa4a0fc0eb2cd45f4e6
-    SHA256: f8ffb8a23be71c26f784905110b7e752473be55216300d08a83c40c1496fb6c1
-  Company: MSI
-  Copyright: Copyright (C) 2008-2009 MSI. All rights reserved.
-  CreationTimestamp: '2012-11-18 21:31:30'
-  Date: ''
-  Description: NTIOLib
-  ExportedFunctions: ''
-  FileVersion: 1.0.0.0
-  Filename: NTIOLib.sys
-  ImportedFunctions:
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - IoDeleteDevice
-  - IoCreateDevice
-  - KeBugCheckEx
-  - RtlInitUnicodeString
-  - IoCreateSymbolicLink
-  - IoDeleteSymbolicLink
-  - __C_specific_handler
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: NTIOLib.sys
-  MD5: 3dbf69f935ea48571ea6b0f5a2878896
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: NTIOLib.sys
-  Product: NTIOLib
-  ProductVersion: 1.0.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 39c75f9f5960f67f8cc161923c9e27de
-    SHA1: 04563d9ba3a46a4a80e909593385d142161e460f
-    SHA256: 160c6345935fc4df2858df076b6075d17a8f8adec1d01711474d4221fe4168a8
-  SHA1: c8d87f3cd34c572870e63a696cf771580e6ea81b
-  SHA256: e005e8d183e853a27ad3bb56f25489f369c11b0d47e3d4095aad9291b3343bf1
-  Sections:
-    .text:
-      Entropy: 5.977500374905586
-      Virtual Size: '0x7ac'
-    .rdata:
-      Entropy: 4.393744515519988
-      Virtual Size: '0x1b8'
-    .data:
-      Entropy: 0.5096713223407059
-      Virtual Size: '0x114'
-    .pdata:
-      Entropy: 3.2429587897527465
-      Virtual Size: '0x78'
-    INIT:
-      Entropy: 5.022741972184718
-      Virtual Size: '0x242'
-    .rsrc:
-      Entropy: 3.2727795218797135
-      Virtual Size: '0x390'
-  Signature:
-  - MICRO-STAR INTERNATIONAL CO., LTD.
-  - GlobalSign CodeSigning CA - G2
-  - GlobalSign Root CA - R1
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G3
-      ValidFrom: '2012-05-01 00:00:00'
-      ValidTo: '2012-12-31 23:59:59'
-      Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
-      Version: 3
-      TBS:
-        MD5: e6d820afb23af20a65cf0b03247ea05e
-        SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
-        SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
-        SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL CO.,
-        LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL CO.,
-        LTD.
-      ValidFrom: '2011-08-30 06:46:09'
-      ValidTo: '2014-08-30 06:46:09'
-      Signature: 87bf57ab7ffd7e005076b34b14ddd924045ec7e389871661794f1ece1bef10e050893b28236cb650af1415f8cd95e86c2052d93311d73e0bbe6fb1c22ddea438a93c8b18bd4b8c0f81ad07032efb46d406bbaa730dd3ac92cbf0d9cc711a397a0e0320b213a5161e6be83ec69967a712b463129ea56d5a8ecd3ff8901be09dfaa0a0f10e879b307863e1b1c3a3149ac73bc3f3160db7012229b57bced6d47b875878663642a8cddd03da1e7f236b8cf16713a5e0f4c892aaca77a8c7dab41d84567e2bbf09b336a2824e0e18d54d199e6e024d2630bb210cd24a9ef4b377be0429e2ecc9bf8478a8c6a78c686e26f29c95925baee85e4bbb97b6eecffe44a25e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
-      Version: 3
-      TBS:
-        MD5: 3a98a18e8636f2a01e49e2a6d116c360
-        SHA1: a2938150e46525adcec2e3a2348824bc1cf532b2
-        SHA256: 01a2e2d31d0a4f3005753cce5972b5da2a7c08b0750fb6947e0fd231e64ae7ec
-        SHA384: 722398e51e6b5bbe064df372be6b6a9ccfcc9719ad775213cae46920e0a3e6c5a4dc8b912de3148abfc60ff4a59050ea
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: d6f977640d4810a784d152e4d3c63a6b
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 7e9154ee514d494701eb8559524f8e2e
-    SHA1: 95c5f63e97d18e1ccc449a79ec952a5f6e76b9eb
-    SHA256: 543ee203b355c4cbac74d9bac71fb73c0c5c5c3afe268e2ae8ae48d61d350709
-  Company: MSI
-  Copyright: Copyright (C) 2011-2012 MSI. All rights reserved.
-  CreationTimestamp: '2013-12-03 01:49:26'
-  Date: ''
-  Description: NTIOLib For MSISimple_OC
-  ExportedFunctions: ''
-  FileVersion: 1.0.0.2
-  Filename: NTIOLib.sys
-  ImportedFunctions:
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - IoDeleteDevice
-  - IoCreateDevice
-  - KeBugCheckEx
-  - RtlInitUnicodeString
-  - IoCreateSymbolicLink
-  - IoDeleteSymbolicLink
-  - __C_specific_handler
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: NTIOLib.sys
-  MD5: 8d63e1a9ff4cafee1af179c0c544365c
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: NTIOLib.sys
-  Product: NTIOLib
-  ProductVersion: 1.0.0.2
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 41ddd08b440611823bc5d8cb732c563d
-    SHA1: 8acdfc9ac988c6250e2a031640f6e169b5fddb73
-    SHA256: 189683b4db2e68d2f0b3f91f1141907b3887f23991867a68a22389d40ad3634e
-  SHA1: c4d7fb9db3c3459f7e8c0e3d48c95c7c9c4cff60
-  SHA256: e68d453d333854787f8470c8baef3e0d082f26df5aa19c0493898bcf3401e39a
-  Sections:
-    .text:
-      Entropy: 5.969121261835391
-      Virtual Size: '0x7c6'
-    .rdata:
-      Entropy: 4.188443311802988
-      Virtual Size: '0x194'
-    .data:
-      Entropy: 0.5096713223407059
-      Virtual Size: '0x114'
-    .pdata:
-      Entropy: 3.397853343945449
-      Virtual Size: '0x78'
-    INIT:
-      Entropy: 5.046663153942613
-      Virtual Size: '0x242'
-    .rsrc:
-      Entropy: 3.262414652315032
-      Virtual Size: '0x398'
-  Signature:
-  - MICRO-STAR INTERNATIONAL CO., LTD.
-  - GlobalSign CodeSigning CA - G2
-  - GlobalSign Root CA - R1
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL CO.,
-        LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL CO.,
-        LTD.
-      ValidFrom: '2011-08-30 06:46:09'
-      ValidTo: '2014-08-30 06:46:09'
-      Signature: 87bf57ab7ffd7e005076b34b14ddd924045ec7e389871661794f1ece1bef10e050893b28236cb650af1415f8cd95e86c2052d93311d73e0bbe6fb1c22ddea438a93c8b18bd4b8c0f81ad07032efb46d406bbaa730dd3ac92cbf0d9cc711a397a0e0320b213a5161e6be83ec69967a712b463129ea56d5a8ecd3ff8901be09dfaa0a0f10e879b307863e1b1c3a3149ac73bc3f3160db7012229b57bced6d47b875878663642a8cddd03da1e7f236b8cf16713a5e0f4c892aaca77a8c7dab41d84567e2bbf09b336a2824e0e18d54d199e6e024d2630bb210cd24a9ef4b377be0429e2ecc9bf8478a8c6a78c686e26f29c95925baee85e4bbb97b6eecffe44a25e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
-      Version: 3
-      TBS:
-        MD5: 3a98a18e8636f2a01e49e2a6d116c360
-        SHA1: a2938150e46525adcec2e3a2348824bc1cf532b2
-        SHA256: 01a2e2d31d0a4f3005753cce5972b5da2a7c08b0750fb6947e0fd231e64ae7ec
-        SHA384: 722398e51e6b5bbe064df372be6b6a9ccfcc9719ad775213cae46920e0a3e6c5a4dc8b912de3148abfc60ff4a59050ea
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: d6f977640d4810a784d152e4d3c63a6b
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 01a9049b40b0e848649dd1e0d224e63e
-    SHA1: 9030ba396131afec733fc208ef55a4d37b6ffc07
-    SHA256: 826e80ea5f657c75127c066b86caea8089f33b09b12c3d393fca8efedd40c1ef
-  Company: MSI
-  Copyright: Copyright (C) 2008-2009 MSI. All rights reserved.
-  CreationTimestamp: '2012-11-20 01:14:23'
-  Date: ''
-  Description: NTIOLib for MSICPU_CC
-  ExportedFunctions: ''
-  FileVersion: 1.0.0.0
-  Filename: NTIOLib.sys
-  ImportedFunctions:
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - IoDeleteDevice
-  - IoCreateDevice
-  - KeBugCheckEx
-  - RtlInitUnicodeString
-  - IoCreateSymbolicLink
-  - IoDeleteSymbolicLink
-  - __C_specific_handler
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: NTIOLib.sys
-  MD5: e9a30edef1105b8a64218f892b2e56ed
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: NTIOLib.sys
-  Product: NTIOLib
-  ProductVersion: 1.0.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 39c75f9f5960f67f8cc161923c9e27de
-    SHA1: 04563d9ba3a46a4a80e909593385d142161e460f
-    SHA256: 160c6345935fc4df2858df076b6075d17a8f8adec1d01711474d4221fe4168a8
-  SHA1: d34a7c497c603f3f7fcad546dc4097c2da17c430
-  SHA256: e83908eba2501a00ef9e74e7d1c8b4ff1279f1cd6051707fd51824f87e4378fa
-  Sections:
-    .text:
-      Entropy: 5.960812481369582
-      Virtual Size: '0x7dc'
-    .rdata:
-      Entropy: 4.413802817693075
-      Virtual Size: '0x1b8'
-    .data:
-      Entropy: 0.5096713223407059
-      Virtual Size: '0x114'
-    .pdata:
-      Entropy: 3.333607461074226
-      Virtual Size: '0x78'
-    INIT:
-      Entropy: 5.022741972184718
-      Virtual Size: '0x242'
-    .rsrc:
-      Entropy: 3.2750820059478167
-      Virtual Size: '0x390'
-  Signature:
-  - MICRO-STAR INTERNATIONAL CO., LTD.
-  - GlobalSign CodeSigning CA - G2
-  - GlobalSign Root CA - R1
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G3
-      ValidFrom: '2012-05-01 00:00:00'
-      ValidTo: '2012-12-31 23:59:59'
-      Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
-      Version: 3
-      TBS:
-        MD5: e6d820afb23af20a65cf0b03247ea05e
-        SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
-        SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
-        SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL CO.,
-        LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL CO.,
-        LTD.
-      ValidFrom: '2011-08-30 06:46:09'
-      ValidTo: '2014-08-30 06:46:09'
-      Signature: 87bf57ab7ffd7e005076b34b14ddd924045ec7e389871661794f1ece1bef10e050893b28236cb650af1415f8cd95e86c2052d93311d73e0bbe6fb1c22ddea438a93c8b18bd4b8c0f81ad07032efb46d406bbaa730dd3ac92cbf0d9cc711a397a0e0320b213a5161e6be83ec69967a712b463129ea56d5a8ecd3ff8901be09dfaa0a0f10e879b307863e1b1c3a3149ac73bc3f3160db7012229b57bced6d47b875878663642a8cddd03da1e7f236b8cf16713a5e0f4c892aaca77a8c7dab41d84567e2bbf09b336a2824e0e18d54d199e6e024d2630bb210cd24a9ef4b377be0429e2ecc9bf8478a8c6a78c686e26f29c95925baee85e4bbb97b6eecffe44a25e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
-      Version: 3
-      TBS:
-        MD5: 3a98a18e8636f2a01e49e2a6d116c360
-        SHA1: a2938150e46525adcec2e3a2348824bc1cf532b2
-        SHA256: 01a2e2d31d0a4f3005753cce5972b5da2a7c08b0750fb6947e0fd231e64ae7ec
-        SHA384: 722398e51e6b5bbe064df372be6b6a9ccfcc9719ad775213cae46920e0a3e6c5a4dc8b912de3148abfc60ff4a59050ea
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: d6f977640d4810a784d152e4d3c63a6b
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 94faebdbb74a0b99a8a17430671cdf9e
-    SHA1: aca4c47b4823b5653cb42e599ee6168f435bdcc7
-    SHA256: 21a6689456d9833453d5247e4c5faf13edcd4835408e033c40ae1a225711ae8f
-  Company: MSI
-  Copyright: Copyright (C) 2008-2009 MSI. All rights reserved.
-  CreationTimestamp: '2013-12-25 03:41:18'
-  Date: ''
-  Description: NTIOLib
-  ExportedFunctions: ''
-  FileVersion: 1.0.0.0
-  Filename: NTIOLib.sys
-  ImportedFunctions:
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - IoDeleteDevice
-  - IoCreateDevice
-  - KeBugCheckEx
-  - RtlInitUnicodeString
-  - IoCreateSymbolicLink
-  - IoDeleteSymbolicLink
-  - __C_specific_handler
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: NTIOLib.sys
-  MD5: 361a598d8bb92c13b18abb7cac850b01
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: NTIOLib.sys
-  Product: NTIOLib
-  ProductVersion: 1.0.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 41ddd08b440611823bc5d8cb732c563d
-    SHA1: 8acdfc9ac988c6250e2a031640f6e169b5fddb73
-    SHA256: 189683b4db2e68d2f0b3f91f1141907b3887f23991867a68a22389d40ad3634e
-  SHA1: 1fd7f881ea4a1dbb5c9aeb9e7ad659a85421745b
-  SHA256: ef86c4e5ee1dbc4f81cd864e8cd2f4a2a85ee4475b9a9ab698a4ae1cc71fbeb0
-  Sections:
-    .text:
-      Entropy: 5.981519493284177
-      Virtual Size: '0x78e'
-    .rdata:
-      Entropy: 4.014273883336038
-      Virtual Size: '0x184'
-    .data:
-      Entropy: 0.5096713223407059
-      Virtual Size: '0x114'
-    .pdata:
-      Entropy: 3.317906443583505
-      Virtual Size: '0x78'
-    INIT:
-      Entropy: 5.046663153942613
-      Virtual Size: '0x242'
-    .rsrc:
-      Entropy: 3.2498244109800973
-      Virtual Size: '0x370'
-  Signature:
-  - MICRO-STAR INTERNATIONAL CO., LTD.
-  - GlobalSign CodeSigning CA - G2
-  - GlobalSign Root CA - R1
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL CO.,
-        LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL CO.,
-        LTD.
-      ValidFrom: '2011-08-30 06:46:09'
-      ValidTo: '2014-08-30 06:46:09'
-      Signature: 87bf57ab7ffd7e005076b34b14ddd924045ec7e389871661794f1ece1bef10e050893b28236cb650af1415f8cd95e86c2052d93311d73e0bbe6fb1c22ddea438a93c8b18bd4b8c0f81ad07032efb46d406bbaa730dd3ac92cbf0d9cc711a397a0e0320b213a5161e6be83ec69967a712b463129ea56d5a8ecd3ff8901be09dfaa0a0f10e879b307863e1b1c3a3149ac73bc3f3160db7012229b57bced6d47b875878663642a8cddd03da1e7f236b8cf16713a5e0f4c892aaca77a8c7dab41d84567e2bbf09b336a2824e0e18d54d199e6e024d2630bb210cd24a9ef4b377be0429e2ecc9bf8478a8c6a78c686e26f29c95925baee85e4bbb97b6eecffe44a25e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
-      Version: 3
-      TBS:
-        MD5: 3a98a18e8636f2a01e49e2a6d116c360
-        SHA1: a2938150e46525adcec2e3a2348824bc1cf532b2
-        SHA256: 01a2e2d31d0a4f3005753cce5972b5da2a7c08b0750fb6947e0fd231e64ae7ec
-        SHA384: 722398e51e6b5bbe064df372be6b6a9ccfcc9719ad775213cae46920e0a3e6c5a4dc8b912de3148abfc60ff4a59050ea
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: d6f977640d4810a784d152e4d3c63a6b
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 85dcbf05c91ceacc919a1638dd3c8f9f
-    SHA1: 3d947aff431bb8ec02d9be3b4499312a62d4fec9
-    SHA256: 5c22b7f65de948fdb74ffc3b5bae68f109bf7404a154ddbfa25dfd53e1bde667
-  Company: MSI
-  Copyright: Copyright (C) 2008-2009 MSI. All rights reserved.
-  CreationTimestamp: '2012-10-25 20:11:43'
-  Date: ''
-  Description: NTIOLib
-  ExportedFunctions: ''
-  FileVersion: 1.0.0.0
-  Filename: NTIOLib.sys
-  ImportedFunctions:
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - IoDeleteDevice
-  - IoCreateDevice
-  - KeBugCheckEx
-  - RtlInitUnicodeString
-  - IoCreateSymbolicLink
-  - IoDeleteSymbolicLink
-  - __C_specific_handler
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: NTIOLib.sys
-  MD5: 7b43dfd84de5e81162ebcfafb764b769
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: NTIOLib.sys
-  Product: NTIOLib
-  ProductVersion: 1.0.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 39c75f9f5960f67f8cc161923c9e27de
-    SHA1: 04563d9ba3a46a4a80e909593385d142161e460f
-    SHA256: 160c6345935fc4df2858df076b6075d17a8f8adec1d01711474d4221fe4168a8
-  SHA1: 0b8b83f245d94107cb802a285e6529161d9a834d
-  SHA256: f088b2ba27dacd5c28f8ee428f1350dca4bc7c6606309c287c801b2e1da1a53d
-  Sections:
-    .text:
-      Entropy: 5.984143862267471
-      Virtual Size: '0x798'
-    .rdata:
-      Entropy: 4.372889415937577
-      Virtual Size: '0x1b4'
-    .data:
-      Entropy: 0.5096713223407059
-      Virtual Size: '0x114'
-    .pdata:
-      Entropy: 3.1756477119220743
-      Virtual Size: '0x78'
-    INIT:
-      Entropy: 5.022741972184718
-      Virtual Size: '0x242'
-    .rsrc:
-      Entropy: 3.2498244109800973
-      Virtual Size: '0x370'
-  Signature:
-  - MICRO-STAR INTERNATIONAL CO., LTD.
-  - GlobalSign CodeSigning CA - G2
-  - GlobalSign Root CA - R1
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G3
-      ValidFrom: '2012-05-01 00:00:00'
-      ValidTo: '2012-12-31 23:59:59'
-      Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
-      Version: 3
-      TBS:
-        MD5: e6d820afb23af20a65cf0b03247ea05e
-        SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
-        SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
-        SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL CO.,
-        LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL CO.,
-        LTD.
-      ValidFrom: '2011-08-30 06:46:09'
-      ValidTo: '2014-08-30 06:46:09'
-      Signature: 87bf57ab7ffd7e005076b34b14ddd924045ec7e389871661794f1ece1bef10e050893b28236cb650af1415f8cd95e86c2052d93311d73e0bbe6fb1c22ddea438a93c8b18bd4b8c0f81ad07032efb46d406bbaa730dd3ac92cbf0d9cc711a397a0e0320b213a5161e6be83ec69967a712b463129ea56d5a8ecd3ff8901be09dfaa0a0f10e879b307863e1b1c3a3149ac73bc3f3160db7012229b57bced6d47b875878663642a8cddd03da1e7f236b8cf16713a5e0f4c892aaca77a8c7dab41d84567e2bbf09b336a2824e0e18d54d199e6e024d2630bb210cd24a9ef4b377be0429e2ecc9bf8478a8c6a78c686e26f29c95925baee85e4bbb97b6eecffe44a25e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
-      Version: 3
-      TBS:
-        MD5: 3a98a18e8636f2a01e49e2a6d116c360
-        SHA1: a2938150e46525adcec2e3a2348824bc1cf532b2
-        SHA256: 01a2e2d31d0a4f3005753cce5972b5da2a7c08b0750fb6947e0fd231e64ae7ec
-        SHA384: 722398e51e6b5bbe064df372be6b6a9ccfcc9719ad775213cae46920e0a3e6c5a4dc8b912de3148abfc60ff4a59050ea
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: d6f977640d4810a784d152e4d3c63a6b
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: b9951498dd00ac42a36a6f5d59ebe98d
-    SHA1: 0c429ee64668374fdf6d187071d4f0a932992a5f
-    SHA256: 2e5648f892460e2a2a450519b523007ca6973a3679a59c07582aa5bdbd6584d4
-  Company: MSI
-  Copyright: Copyright (C) 2008-2009 MSI. All rights reserved.
-  CreationTimestamp: '2010-04-20 19:13:34'
-  Date: ''
-  Description: NTIOLib
-  ExportedFunctions: ''
-  FileVersion: 1.0.0.0
-  Filename: NTIOLib.sys
-  ImportedFunctions:
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - IoDeleteDevice
-  - IoCreateDevice
-  - KeBugCheckEx
-  - RtlInitUnicodeString
-  - IoCreateSymbolicLink
-  - IoDeleteSymbolicLink
-  - __C_specific_handler
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: NTIOLib.sys
-  MD5: f66b96aa7ae430b56289409241645099
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: NTIOLib.sys
-  Product: NTIOLib
-  ProductVersion: 1.0.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 2ee757c19c3e831d8f872914fe1b1384
-    SHA1: 9c58163cf35d80dbe450b656a52ee9de12bc60d2
-    SHA256: c5a21f0ae765d60ce4e2189aa3ca90b603b75ac02d9a98d1ab04375ad398132c
-  SHA1: c969f1f73922fd95db1992a5b552fbc488366a40
-  SHA256: fd8669794c67b396c12fc5f08e9c004fdf851a82faf302846878173e4fbecb03
-  Sections:
-    .text:
-      Entropy: 6.009915705178224
-      Virtual Size: '0x794'
-    .rdata:
-      Entropy: 4.369060306402698
-      Virtual Size: '0x1b0'
-    .data:
-      Entropy: 0.5096713223407059
-      Virtual Size: '0x114'
-    .pdata:
-      Entropy: 3.217404746311882
-      Virtual Size: '0x6c'
-    INIT:
-      Entropy: 4.846887314724898
-      Virtual Size: '0x222'
-    .rsrc:
-      Entropy: 3.2498244109800973
-      Virtual Size: '0x370'
-  Signature:
-  - Micro-Star Int'l Co. Ltd.
-  - GlobalSign ObjectSign CA
-  - GlobalSign Primary Object Publishing CA
-  - GlobalSign
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
-        Primary Object Publishing CA
-      ValidFrom: '1999-01-28 12:00:00'
-      ValidTo: '2014-01-27 11:00:00'
-      Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9611cd6
-      Version: 3
-      TBS:
-        MD5: 698f075151097d84c0b1f3e7bc3d6fca
-        SHA1: 041750993d7c9e063f02dfe74699598640911aab
-        SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
-        SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
-    - Subject: C=TW, O=Micro,Star Int'l Co. Ltd., CN=Micro,Star Int'l Co. Ltd.
-      ValidFrom: '2008-08-28 09:49:45'
-      ValidTo: '2011-08-28 09:49:45'
-      Signature: 572df373e9b036711b3cf5ee882e5d75d8d50f012407cf0c1b554ff8f41c7b6477fa0b2ad579f2c1fe7b8b9d7374b690527c219eb979686fb67d0b4cf2885d8d7d1261f05cb72fe4c9f294c52aa05f3e5d1ceb0d77085dbd6af07978032505da666f353283a8982af26985e69c1599479945b591124183574b8a4cc34caa62e31b523dac3fedbd04951b3661399ed34f5c5868d9bbe3295fc09890d9521e1cdcae2ff129f547d4c8ce8aa08616107c555fac60e5b63c14ddfeb6962af3608b75d9c77c69260d8af9775b83afaa15b8ecef6840cb4ee87d451f9042b49735ea40931c0664c8c2bf6a139db6ac5b90edcea63a6bf5b54978f027b1046170d476d0
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0100000000011c08b7f67e
-      Version: 3
-      TBS:
-        MD5: 4566c37f56f951a0ce5b4ae966c0ea9f
-        SHA1: a51cbf2834eb6f8535bc5e44913a9ec979379782
-        SHA256: 88a8e9a799af515b9223e4cdf24d0ef1e72f12124be02786f026a3c26317b417
-        SHA384: d8d8769d5b6a0fe7c56fcde24c735475ee0e5d01c63dbf7690cdae5a3e251818bed42443d0c6424d39e81a19d6c83bdb
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      ValidFrom: '2004-01-22 09:00:00'
-      ValidTo: '2014-01-27 10:00:00'
-      Signature: 3c4a010267edf20a2e736e40252f1dccbc2db652141b27122cf1229e190a89b6ef352a29152b1a88c20f37168d2602d5e93080f608b9939ac0498f332c3035ff4ab9892aa75c38e761a778fe22851a07b4b9edcf21f25ddedff329c5d38d9e14c4285c88e590a300442912b23e759540244a6beee2d0ef862ddf6d741a4f1cc79424c443464f7b81015d23733cd9752e995361565e7ccd13e237d222e570f8a743f6154147fda24702c43651ca545da6cdcad61817533ff1d38e0f0aafda17941657a0991431c90e1611d2c04ca2a25978fbb6b933cff763c9d2c4c84953dd8a59525e7d3b385eed220360ac85cd58325dcdc31c07fa7ef67efbc8ac378be498
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000117ab50b915
-      Version: 3
-      TBS:
-        MD5: 5686b287d716c4d2428b092c4ef30f9c
-        SHA1: 306fb5fbeb3d531510bb4b663c4fd48adc121e14
-        SHA256: 60846fc990e271a707cd2d53d0bb21834a04f7652214aa0c12597ff6649d352d
-        SHA384: 6b37b28ca97b32a31b0fa53b5e961ae0f2d1aae2c5bf46de132e57834ee3968d9af7ad204821f9389cc4e0b5a8481fe8
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 0100000000011c08b7f67e
-      Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      Version: 1
-  Imphash: d6f977640d4810a784d152e4d3c63a6b
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create NTIOLib.sys binPath=C:\windows\temp\NTIOLib.sys type=kernel
+        && sc.exe start NTIOLib.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://github.com/namazso/physmem_drivers
-Tags:
-- NTIOLib.sys
-Verified: 'TRUE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/09bedbf7a41e0f8dabe4f41d331db58373ce15b2e9204540873a1884f38bdde1.yara
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/101402d4f5d1ae413ded499c78a5fcbbc7e3bae9b000d64c1dd64e3c48c37558.yara
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/131d5490ceb9a5b2324d8e927fea5becfc633015661de2f4c2f2375a3a3b64c6.yara
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/1ddfe4756f5db9fb319d6c6da9c41c588a729d9e7817190b027b38e9c076d219.yara
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/1e8b0c1966e566a523d652e00f7727d8b0663f1dfdce3b9a09b9adfaef48d8ee.yara
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/2bbe65cbec3bb069e92233924f7ee1f95ffa16173fceb932c34f68d862781250.yara
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/30706f110725199e338e9cc1c940d9a644d19a14f0eb8847712cba4cacda67ab.yara
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/3124b0411b8077605db2a9b7909d8240e0d554496600e2706e531c93c931e1b5.yara
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/38fa0c663c8689048726666f1c5e019feaa9da8278f1df6ff62da33961891d2a.yara
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/39cfde7d401efce4f550e0a9461f5fc4d71fa07235e1336e4f0b4882bd76550e.yara
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/3d9e83b189fcf5c3541c62d1f54a0da0a4e5b62c3243d2989afc46644056c8e3.yara
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/3f2fda9a7a9c57b7138687bbce49a2e156d6095dddabb3454ea09737e02c3fa5.yara
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/47f0cdaa2359a63ad1389ef4a635f1f6eee1f63bdf6ef177f114bdcdadc2e005.yara
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/50d5eaa168c077ce5b7f15b3f2c43bd2b86b07b1e926c1b332f8cb13bd2e0793.yara
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/56a3c9ac137d862a85b4004f043d46542a1b61c6acb438098a9640469e2d80e7.yara
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/591bd5e92dfa0117b3daa29750e73e2db25baa717c31217539d30ffb1f7f3a52.yara
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/5d530e111400785d183057113d70623e17af32931668ab7c7fc826f0fd4f91a3.yara
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/6f1ff29e2e710f6d064dc74e8e011331d807c32cc2a622cbe507fd4b4d43f8f4.yara
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/79e2d37632c417138970b4feba91b7e10c2ea251c5efe3d1fc6fa0190f176b57.yara
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/85866e8c25d82c1ec91d7a8076c7d073cccf421cf57d9c83d80d63943a4edd94.yara
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/89b0017bc30cc026e32b758c66a1af88bd54c6a78e11ec2908ff854e00ac46be.yara
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/9254f012009d55f555418ff85f7d93b184ab7cb0e37aecdfdab62cfe94dea96b.yara
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/9529efb1837b1005e5e8f477773752078e0a46500c748bc30c9b5084d04082e6.yara
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/984a77e5424c6d099051441005f2938ae92b31b5ad8f6521c6b001932862add7.yara
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/98b734dda78c16ebcaa4afeb31007926542b63b2f163b2f733fa0d00dbb344d8.yara
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/99f4994a0e5bd1bf6e3f637d3225c69ff4cd620557e23637533e7f18d7d6cba1.yara
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/9c10e2ec4f9ef591415f9a784b93dc9c9cdafa7c69602c0dc860c5b62222e449.yara
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/a961f5939088238d76757669a9a81905e33f247c9c635b908daac146ae063499.yara
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/a9706e320179993dade519a83061477ace195daa1b788662825484813001f526.yara
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/b7a20b5f15e1871b392782c46ebcc897929443d82073ee4dcb3874b6a5976b5d.yara
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/cc586254e9e89e88334adee44e332166119307e79c2f18f6c2ab90ce8ba7fc9b.yara
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/cd4a249c3ef65af285d0f8f30a8a96e83688486aab515836318a2559757a89bb.yara
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/cf4b5fa853ce809f1924df3a3ae3c4e191878c4ea5248d8785dc7e51807a512b.yara
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/d0bd1ae72aeb5f3eabf1531a635f990e5eaae7fdd560342f915f723766c80889.yara
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/d8b58f6a89a7618558e37afc360cd772b6731e3ba367f8d58734ecee2244a530.yara
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/d92eab70bcece4432258c9c9a914483a2267f6ab5ce2630048d3a99e8cb1b482.yara
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/e005e8d183e853a27ad3bb56f25489f369c11b0d47e3d4095aad9291b3343bf1.yara
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/e68d453d333854787f8470c8baef3e0d082f26df5aa19c0493898bcf3401e39a.yara
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/e83908eba2501a00ef9e74e7d1c8b4ff1279f1cd6051707fd51824f87e4378fa.yara
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/ef86c4e5ee1dbc4f81cd864e8cd2f4a2a85ee4475b9a9ab698a4ae1cc71fbeb0.yara
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/f088b2ba27dacd5c28f8ee428f1350dca4bc7c6606309c287c801b2e1da1a53d.yara
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/fd8669794c67b396c12fc5f08e9c004fdf851a82faf302846878173e4fbecb03.yara
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: fb5bbdd2bc73cd1f1f4bf727e6ddb137
+        SHA1: 918768712f37fe0f3092b2ea452906d06f189bb3
+        SHA256: 5b08a501124d13262c86889617071743521aeefc2d77f678d541aa8dbad52992
+    Company: MSI
+    Copyright: Copyright (C) 2016 Micro-Star INT'L CO., LTD.
+    CreationTimestamp: '2016-04-12 01:04:16'
+    Date: ''
+    Description: NTIOLib
+    ExportedFunctions: ''
+    FileVersion: 1.0.0.2
+    Filename: NTIOLib.sys
+    ImportedFunctions:
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - IoDeleteDevice
+    - IoCreateDevice
+    - KeBugCheckEx
+    - RtlInitUnicodeString
+    - IoCreateSymbolicLink
+    - IoDeleteSymbolicLink
+    - __C_specific_handler
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: NTIOLib_X64.sys
+    MD5: 6126065af2fc2639473d12ee3c0c198e
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: NTIOLib_X64.sys
+    Product: NTIOLib
+    ProductVersion: 1.0.0.2
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 41ddd08b440611823bc5d8cb732c563d
+        SHA1: 8acdfc9ac988c6250e2a031640f6e169b5fddb73
+        SHA256: 189683b4db2e68d2f0b3f91f1141907b3887f23991867a68a22389d40ad3634e
+    SHA1: d7e8aef8c8feb87ce722c0b9abf34a7e6bab6eb4
+    SHA256: 09bedbf7a41e0f8dabe4f41d331db58373ce15b2e9204540873a1884f38bdde1
+    Sections:
+        .text:
+            Entropy: 5.971664587983523
+            Virtual Size: '0x7aa'
+        .rdata:
+            Entropy: 3.9501955572588057
+            Virtual Size: '0x180'
+        .data:
+            Entropy: 0.5096713223407059
+            Virtual Size: '0x114'
+        .pdata:
+            Entropy: 3.2842472767726067
+            Virtual Size: '0x78'
+        INIT:
+            Entropy: 5.046663153942613
+            Virtual Size: '0x242'
+        .rsrc:
+            Entropy: 3.290991172993315
+            Virtual Size: '0x378'
+    Signature:
+    - MICRO-STAR INTERNATIONAL CO., LTD.
+    - GlobalSign CodeSigning CA - G2
+    - GlobalSign Root CA - R1
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2011-04-15 19:55:08'
+            ValidTo: '2021-04-15 20:05:08'
+            Signature: 5ff8d065746a81c6a6ca5b03b6914ae84bbdef2ba142f0efb4a5adcd3389ec0b9585ac62501108aa58d25aa08310e5a6337af25af2c5fe787cf09c83df190ad97396002dd62ccde914d41d9de83f3c1a76f7904efb01350a6c9313a0c356eb67a0e4d17a96dec267f190f80a7bf5321b94ec5f751f8d1b34da6c58a7cb2d279e2226b7c9aa30cc0777b836e38201b5393ccc8dd9a75f7f23b3877fdb5798918bd7ce2520e39d644fdd87f72b68490318e0a5df7c5f68644d36838d4781f2e9e0a869abfa7b163c05a449ea8830190a6c73055178dfd41ddd3ad47f2de44e54be83431e7a7433b4a4ebd77073bc2a02988966eef6bc8f749378e329025a5a43e258ce7ccf9acad236893be25fda26054ec8d4e72c910e1797c5beee8b13112323294ffa83d050f6bafad53db3173df4ff034aa325dce67561d1fa35086bd62744d068b78d45e0eb852cc8a15d614474160e5958aed2b5eea5bcd6d7076ab62978fd976767dd8d4f17944fd2ed0caf972437c3a29c81da6be143b6577b4cecbf791319e79fe844e94781b75e701e91f83dd17b27f50b7056434805dda92fab86101d0b12e31ad04c6e75ded645b30b748887935c564a41029af7aeb799d8b67f88fa11f2457cf4d71b91c01cf1a0fbd4080a411a142acef4eb34486e66879ed54b7a397fbb0e3d3861cf735706e412066bd96b5308cd7018c22d4f974691bca9f0
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 6129152700000000002a
+            Version: 3
+            TBS:
+                MD5: 0bb058d116f02817737920f112d9fd3b
+                SHA1: fd116235171a4feafedee586b7a59185fb5fd7e6
+                SHA256: f970426cc46d2ae0fc5f899fa19dbe76e05f07e525654c60c3c9399492c291f4
+                SHA384: c0df876be008c26ca407fe904e6f5e7ccded17f9c16830ce9f8022309c9e64c97f494810f152811ae43e223b82ad7cc6
+        -   Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL
+                CO., LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL
+                CO., LTD.
+            ValidFrom: '2014-06-03 09:16:15'
+            ValidTo: '2017-09-03 09:16:15'
+            Signature: 8c35a5b5d3503f50119ab8f99b07a4bb4b71cafaf983206f744545c2997ae1762032fa2d37f4780cfe83bfa999d7bcbd863dc4a51ff39978160e2e191482ae6d7f08e8ffa337c96d8c2d38ddf476a497265a890c1bbf0dee89b1abd32343889a3757732d205ba06525fa8f6e15005405a53e55cef71ac0b6af3a640e4c8aef5e950ab8a8b5c8bcddb2ade96ad9473a3d860ae16fdbe3362cabfd916da089167d906d378dbf4534f7ffb77d87baba29f8f5bbbd9b4b7c127ac170a270dc7a7272d38fdf3bbadbfb448d47e5dd4d310a588666a0d66762e1b3704b1e00e39739190c02f4b981cf2d27ba07d2472ec320edf29e263f26278995d162102968c999b3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112158044863e4dc19cf29a85668b7f45842
+            Version: 3
+            TBS:
+                MD5: 403bb44a62aed1a94bd5df05b3292482
+                SHA1: e4a0353e75940ab1e8cbff2f433f186c7f0b0f09
+                SHA256: 5b81998ed98b343c04134c336e03f3051779eae0e9f882e8339593d18556375d
+                SHA384: db0076cad41a0ef4ea68754ef6905bd5ff772adcb745b05c0060344e43588abc95952dc3ad272f5a8f17b206e4089aca
+        Signer:
+        -   SerialNumber: 112158044863e4dc19cf29a85668b7f45842
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: d6f977640d4810a784d152e4d3c63a6b
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: b3f5d7d5ea5ddb56cae089ab780d2058
+        SHA1: b648e51b784f071adbf9f53048e3765efb96ab8a
+        SHA256: 745273e1620bc657d2210ae1b5abb49f4f5928829f95c8ef01ce151bdbb4c32f
+    Company: MSI
+    Copyright: Copyright (C) 2008-2009 MSI. All rights reserved.
+    CreationTimestamp: '2014-03-17 04:24:03'
+    Date: ''
+    Description: NTIOLib
+    ExportedFunctions: ''
+    FileVersion: 1.0.0.0
+    Filename: NTIOLib.sys
+    ImportedFunctions:
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - IoDeleteDevice
+    - IoCreateDevice
+    - KeBugCheckEx
+    - RtlInitUnicodeString
+    - IoCreateSymbolicLink
+    - IoDeleteSymbolicLink
+    - __C_specific_handler
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: NTIOLib.sys
+    MD5: c6f8983dd3d75640c072a8459b8fa55a
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: NTIOLib.sys
+    Product: NTIOLib
+    ProductVersion: 1.0.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 39c75f9f5960f67f8cc161923c9e27de
+        SHA1: 04563d9ba3a46a4a80e909593385d142161e460f
+        SHA256: 160c6345935fc4df2858df076b6075d17a8f8adec1d01711474d4221fe4168a8
+    SHA1: 5e6ddd2b39a3de0016385cbd7aa50e49451e376d
+    SHA256: 101402d4f5d1ae413ded499c78a5fcbbc7e3bae9b000d64c1dd64e3c48c37558
+    Sections:
+        .text:
+            Entropy: 5.967421127744944
+            Virtual Size: '0x7aa'
+        .rdata:
+            Entropy: 4.036147730749083
+            Virtual Size: '0x188'
+        .data:
+            Entropy: 0.5096713223407059
+            Virtual Size: '0x114'
+        .pdata:
+            Entropy: 3.30946455767327
+            Virtual Size: '0x78'
+        INIT:
+            Entropy: 5.022741972184718
+            Virtual Size: '0x242'
+        .rsrc:
+            Entropy: 3.2498244109800973
+            Virtual Size: '0x370'
+    Signature:
+    - MICRO-STAR INTERNATIONAL CO., LTD.
+    - GlobalSign CodeSigning CA - G2
+    - GlobalSign Root CA - R1
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL
+                CO., LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL
+                CO., LTD.
+            ValidFrom: '2011-08-30 06:46:09'
+            ValidTo: '2014-08-30 06:46:09'
+            Signature: 87bf57ab7ffd7e005076b34b14ddd924045ec7e389871661794f1ece1bef10e050893b28236cb650af1415f8cd95e86c2052d93311d73e0bbe6fb1c22ddea438a93c8b18bd4b8c0f81ad07032efb46d406bbaa730dd3ac92cbf0d9cc711a397a0e0320b213a5161e6be83ec69967a712b463129ea56d5a8ecd3ff8901be09dfaa0a0f10e879b307863e1b1c3a3149ac73bc3f3160db7012229b57bced6d47b875878663642a8cddd03da1e7f236b8cf16713a5e0f4c892aaca77a8c7dab41d84567e2bbf09b336a2824e0e18d54d199e6e024d2630bb210cd24a9ef4b377be0429e2ecc9bf8478a8c6a78c686e26f29c95925baee85e4bbb97b6eecffe44a25e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
+            Version: 3
+            TBS:
+                MD5: 3a98a18e8636f2a01e49e2a6d116c360
+                SHA1: a2938150e46525adcec2e3a2348824bc1cf532b2
+                SHA256: 01a2e2d31d0a4f3005753cce5972b5da2a7c08b0750fb6947e0fd231e64ae7ec
+                SHA384: 722398e51e6b5bbe064df372be6b6a9ccfcc9719ad775213cae46920e0a3e6c5a4dc8b912de3148abfc60ff4a59050ea
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: d6f977640d4810a784d152e4d3c63a6b
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 63cc49f8ae8897706dec2444951c0414
+        SHA1: ae69d3501e7fe1e2109998beed9da13f74e032c2
+        SHA256: 7334c46a55acf8bb18435ab60ed9b89f2c1ab31587ef052730358efc32fddb62
+    Company: MSI
+    Copyright: Copyright (C) 2008-2009 MSI. All rights reserved.
+    CreationTimestamp: '2012-10-25 05:46:40'
+    Date: ''
+    Description: NTIOLib
+    ExportedFunctions: ''
+    FileVersion: 1.0.0.0
+    Filename: NTIOLib.sys
+    ImportedFunctions:
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - IoDeleteDevice
+    - IoCreateDevice
+    - KeBugCheckEx
+    - RtlInitUnicodeString
+    - IoCreateSymbolicLink
+    - IoDeleteSymbolicLink
+    - __C_specific_handler
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: NTIOLib.sys
+    MD5: f7cbbb5eb263ec9a35a1042f52e82ca4
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: NTIOLib.sys
+    Product: NTIOLib
+    ProductVersion: 1.0.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 6c9272bb390e89b75934eea3b15a1858
+        SHA1: 16dab615286d22f060143bb9316a28122f8e4d1b
+        SHA256: 4a41cc91e3a5794be7d9088e93b0277f123a88d3b6568c5f92fe084bb5c78b4a
+    SHA1: 976777d39d73034df6b113dfce1aa6e1d00ffcfd
+    SHA256: 131d5490ceb9a5b2324d8e927fea5becfc633015661de2f4c2f2375a3a3b64c6
+    Sections:
+        .text:
+            Entropy: 6.012173012273225
+            Virtual Size: '0x794'
+        .rdata:
+            Entropy: 4.0454157606140875
+            Virtual Size: '0x184'
+        .data:
+            Entropy: 0.5096713223407059
+            Virtual Size: '0x114'
+        .pdata:
+            Entropy: 3.2568923621127186
+            Virtual Size: '0x6c'
+        INIT:
+            Entropy: 4.859566382396186
+            Virtual Size: '0x222'
+        .rsrc:
+            Entropy: 3.2498244109800973
+            Virtual Size: '0x370'
+    Signature:
+    - MICRO-STAR INTERNATIONAL CO., LTD.
+    - GlobalSign CodeSigning CA - G2
+    - GlobalSign Root CA - R1
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G3
+            ValidFrom: '2012-05-01 00:00:00'
+            ValidTo: '2012-12-31 23:59:59'
+            Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
+            Version: 3
+            TBS:
+                MD5: e6d820afb23af20a65cf0b03247ea05e
+                SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
+                SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
+                SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL
+                CO., LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL
+                CO., LTD.
+            ValidFrom: '2011-08-30 06:46:09'
+            ValidTo: '2014-08-30 06:46:09'
+            Signature: 87bf57ab7ffd7e005076b34b14ddd924045ec7e389871661794f1ece1bef10e050893b28236cb650af1415f8cd95e86c2052d93311d73e0bbe6fb1c22ddea438a93c8b18bd4b8c0f81ad07032efb46d406bbaa730dd3ac92cbf0d9cc711a397a0e0320b213a5161e6be83ec69967a712b463129ea56d5a8ecd3ff8901be09dfaa0a0f10e879b307863e1b1c3a3149ac73bc3f3160db7012229b57bced6d47b875878663642a8cddd03da1e7f236b8cf16713a5e0f4c892aaca77a8c7dab41d84567e2bbf09b336a2824e0e18d54d199e6e024d2630bb210cd24a9ef4b377be0429e2ecc9bf8478a8c6a78c686e26f29c95925baee85e4bbb97b6eecffe44a25e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
+            Version: 3
+            TBS:
+                MD5: 3a98a18e8636f2a01e49e2a6d116c360
+                SHA1: a2938150e46525adcec2e3a2348824bc1cf532b2
+                SHA256: 01a2e2d31d0a4f3005753cce5972b5da2a7c08b0750fb6947e0fd231e64ae7ec
+                SHA384: 722398e51e6b5bbe064df372be6b6a9ccfcc9719ad775213cae46920e0a3e6c5a4dc8b912de3148abfc60ff4a59050ea
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: d6f977640d4810a784d152e4d3c63a6b
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 07744c410b3e3a459576524f1b522a88
+        SHA1: bfa958230e3816f9879e16ec391e94b607f292e6
+        SHA256: 7af3585ca7c2dd65032fa48759a0124db2c5bbca5fc8caf8bb8f61fa5085149d
+    Company: MSI
+    Copyright: Copyright (C) 2016 Micro-Star INT'L CO., LTD.
+    CreationTimestamp: '2016-09-07 20:55:34'
+    Date: ''
+    Description: NTIOLib
+    ExportedFunctions: ''
+    FileVersion: 1.0.0.3
+    Filename: NTIOLib.sys
+    ImportedFunctions:
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - IoDeleteDevice
+    - IoCreateDevice
+    - KeBugCheckEx
+    - RtlInitUnicodeString
+    - IoCreateSymbolicLink
+    - IoDeleteSymbolicLink
+    - __C_specific_handler
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: NTIOLib.sys
+    MD5: 7ed6030f14e66e743241f2c1fa783e69
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: NTIOLib.sys
+    Product: NTIOLib
+    ProductVersion: 1.0.0.3
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 41ddd08b440611823bc5d8cb732c563d
+        SHA1: 8acdfc9ac988c6250e2a031640f6e169b5fddb73
+        SHA256: 189683b4db2e68d2f0b3f91f1141907b3887f23991867a68a22389d40ad3634e
+    SHA1: 9c6749fc6c1127f8788bff70e0ce9062959637c9
+    SHA256: 1ddfe4756f5db9fb319d6c6da9c41c588a729d9e7817190b027b38e9c076d219
+    Sections:
+        .text:
+            Entropy: 5.972120892906804
+            Virtual Size: '0x7aa'
+        .rdata:
+            Entropy: 4.126214961912172
+            Virtual Size: '0x194'
+        .data:
+            Entropy: 0.5096713223407059
+            Virtual Size: '0x114'
+        .pdata:
+            Entropy: 3.370810739796811
+            Virtual Size: '0x78'
+        INIT:
+            Entropy: 5.046663153942613
+            Virtual Size: '0x242'
+        .rsrc:
+            Entropy: 3.2672225175142127
+            Virtual Size: '0x368'
+    Signature:
+    - MICRO-STAR INTERNATIONAL CO., LTD.
+    - GlobalSign CodeSigning CA - G2
+    - GlobalSign Root CA - R1
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2011-04-15 19:55:08'
+            ValidTo: '2021-04-15 20:05:08'
+            Signature: 5ff8d065746a81c6a6ca5b03b6914ae84bbdef2ba142f0efb4a5adcd3389ec0b9585ac62501108aa58d25aa08310e5a6337af25af2c5fe787cf09c83df190ad97396002dd62ccde914d41d9de83f3c1a76f7904efb01350a6c9313a0c356eb67a0e4d17a96dec267f190f80a7bf5321b94ec5f751f8d1b34da6c58a7cb2d279e2226b7c9aa30cc0777b836e38201b5393ccc8dd9a75f7f23b3877fdb5798918bd7ce2520e39d644fdd87f72b68490318e0a5df7c5f68644d36838d4781f2e9e0a869abfa7b163c05a449ea8830190a6c73055178dfd41ddd3ad47f2de44e54be83431e7a7433b4a4ebd77073bc2a02988966eef6bc8f749378e329025a5a43e258ce7ccf9acad236893be25fda26054ec8d4e72c910e1797c5beee8b13112323294ffa83d050f6bafad53db3173df4ff034aa325dce67561d1fa35086bd62744d068b78d45e0eb852cc8a15d614474160e5958aed2b5eea5bcd6d7076ab62978fd976767dd8d4f17944fd2ed0caf972437c3a29c81da6be143b6577b4cecbf791319e79fe844e94781b75e701e91f83dd17b27f50b7056434805dda92fab86101d0b12e31ad04c6e75ded645b30b748887935c564a41029af7aeb799d8b67f88fa11f2457cf4d71b91c01cf1a0fbd4080a411a142acef4eb34486e66879ed54b7a397fbb0e3d3861cf735706e412066bd96b5308cd7018c22d4f974691bca9f0
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 6129152700000000002a
+            Version: 3
+            TBS:
+                MD5: 0bb058d116f02817737920f112d9fd3b
+                SHA1: fd116235171a4feafedee586b7a59185fb5fd7e6
+                SHA256: f970426cc46d2ae0fc5f899fa19dbe76e05f07e525654c60c3c9399492c291f4
+                SHA384: c0df876be008c26ca407fe904e6f5e7ccded17f9c16830ce9f8022309c9e64c97f494810f152811ae43e223b82ad7cc6
+        -   Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL
+                CO., LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL
+                CO., LTD.
+            ValidFrom: '2014-06-03 09:16:15'
+            ValidTo: '2017-09-03 09:16:15'
+            Signature: 8c35a5b5d3503f50119ab8f99b07a4bb4b71cafaf983206f744545c2997ae1762032fa2d37f4780cfe83bfa999d7bcbd863dc4a51ff39978160e2e191482ae6d7f08e8ffa337c96d8c2d38ddf476a497265a890c1bbf0dee89b1abd32343889a3757732d205ba06525fa8f6e15005405a53e55cef71ac0b6af3a640e4c8aef5e950ab8a8b5c8bcddb2ade96ad9473a3d860ae16fdbe3362cabfd916da089167d906d378dbf4534f7ffb77d87baba29f8f5bbbd9b4b7c127ac170a270dc7a7272d38fdf3bbadbfb448d47e5dd4d310a588666a0d66762e1b3704b1e00e39739190c02f4b981cf2d27ba07d2472ec320edf29e263f26278995d162102968c999b3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112158044863e4dc19cf29a85668b7f45842
+            Version: 3
+            TBS:
+                MD5: 403bb44a62aed1a94bd5df05b3292482
+                SHA1: e4a0353e75940ab1e8cbff2f433f186c7f0b0f09
+                SHA256: 5b81998ed98b343c04134c336e03f3051779eae0e9f882e8339593d18556375d
+                SHA384: db0076cad41a0ef4ea68754ef6905bd5ff772adcb745b05c0060344e43588abc95952dc3ad272f5a8f17b206e4089aca
+        Signer:
+        -   SerialNumber: 112158044863e4dc19cf29a85668b7f45842
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: d6f977640d4810a784d152e4d3c63a6b
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 575bfa9a34097f8d19982dcdd9118094
+        SHA1: 9369dbe6e082a2af351daebeef1c464af33cc270
+        SHA256: 6f96c129eb96bc4df9a7d247a98fecb9a3801dde63281ac1aba3d2ef869d32a5
+    Company: MSI
+    Copyright: Copyright (C) 2014 MSI. All rights reserved.
+    CreationTimestamp: '2014-12-23 02:24:53'
+    Date: ''
+    Description: NTIOLib_X64
+    ExportedFunctions: ''
+    FileVersion: 1.0.0.1
+    Filename: NTIOLib.sys
+    ImportedFunctions:
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - IoDeleteDevice
+    - IoCreateDevice
+    - KeBugCheckEx
+    - RtlInitUnicodeString
+    - IoCreateSymbolicLink
+    - IoDeleteSymbolicLink
+    - __C_specific_handler
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: NTIOLib_X64.sys
+    MD5: 3651a6990fe38711ebb285143f867a43
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: NTIOLib_X64.sys
+    Product: NTIOLib_X64
+    ProductVersion: 1.0.0.1
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 41ddd08b440611823bc5d8cb732c563d
+        SHA1: 8acdfc9ac988c6250e2a031640f6e169b5fddb73
+        SHA256: 189683b4db2e68d2f0b3f91f1141907b3887f23991867a68a22389d40ad3634e
+    SHA1: 53acd4d9e7ba0b1056cf52af0d191f226eddf312
+    SHA256: 1e8b0c1966e566a523d652e00f7727d8b0663f1dfdce3b9a09b9adfaef48d8ee
+    Sections:
+        .text:
+            Entropy: 5.971417659239729
+            Virtual Size: '0x7b0'
+        .rdata:
+            Entropy: 4.073899546293937
+            Virtual Size: '0x194'
+        .data:
+            Entropy: 0.5096713223407059
+            Virtual Size: '0x114'
+        .pdata:
+            Entropy: 3.370810739796811
+            Virtual Size: '0x78'
+        INIT:
+            Entropy: 5.046663153942613
+            Virtual Size: '0x242'
+        .rsrc:
+            Entropy: 3.2961638366069916
+            Virtual Size: '0x388'
+    Signature:
+    - MICRO-STAR INTERNATIONAL CO., LTD.
+    - GlobalSign CodeSigning CA - G2
+    - GlobalSign Root CA - R1
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2011-04-15 19:55:08'
+            ValidTo: '2021-04-15 20:05:08'
+            Signature: 5ff8d065746a81c6a6ca5b03b6914ae84bbdef2ba142f0efb4a5adcd3389ec0b9585ac62501108aa58d25aa08310e5a6337af25af2c5fe787cf09c83df190ad97396002dd62ccde914d41d9de83f3c1a76f7904efb01350a6c9313a0c356eb67a0e4d17a96dec267f190f80a7bf5321b94ec5f751f8d1b34da6c58a7cb2d279e2226b7c9aa30cc0777b836e38201b5393ccc8dd9a75f7f23b3877fdb5798918bd7ce2520e39d644fdd87f72b68490318e0a5df7c5f68644d36838d4781f2e9e0a869abfa7b163c05a449ea8830190a6c73055178dfd41ddd3ad47f2de44e54be83431e7a7433b4a4ebd77073bc2a02988966eef6bc8f749378e329025a5a43e258ce7ccf9acad236893be25fda26054ec8d4e72c910e1797c5beee8b13112323294ffa83d050f6bafad53db3173df4ff034aa325dce67561d1fa35086bd62744d068b78d45e0eb852cc8a15d614474160e5958aed2b5eea5bcd6d7076ab62978fd976767dd8d4f17944fd2ed0caf972437c3a29c81da6be143b6577b4cecbf791319e79fe844e94781b75e701e91f83dd17b27f50b7056434805dda92fab86101d0b12e31ad04c6e75ded645b30b748887935c564a41029af7aeb799d8b67f88fa11f2457cf4d71b91c01cf1a0fbd4080a411a142acef4eb34486e66879ed54b7a397fbb0e3d3861cf735706e412066bd96b5308cd7018c22d4f974691bca9f0
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 6129152700000000002a
+            Version: 3
+            TBS:
+                MD5: 0bb058d116f02817737920f112d9fd3b
+                SHA1: fd116235171a4feafedee586b7a59185fb5fd7e6
+                SHA256: f970426cc46d2ae0fc5f899fa19dbe76e05f07e525654c60c3c9399492c291f4
+                SHA384: c0df876be008c26ca407fe904e6f5e7ccded17f9c16830ce9f8022309c9e64c97f494810f152811ae43e223b82ad7cc6
+        -   Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL
+                CO., LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL
+                CO., LTD.
+            ValidFrom: '2014-06-03 09:16:15'
+            ValidTo: '2017-09-03 09:16:15'
+            Signature: 8c35a5b5d3503f50119ab8f99b07a4bb4b71cafaf983206f744545c2997ae1762032fa2d37f4780cfe83bfa999d7bcbd863dc4a51ff39978160e2e191482ae6d7f08e8ffa337c96d8c2d38ddf476a497265a890c1bbf0dee89b1abd32343889a3757732d205ba06525fa8f6e15005405a53e55cef71ac0b6af3a640e4c8aef5e950ab8a8b5c8bcddb2ade96ad9473a3d860ae16fdbe3362cabfd916da089167d906d378dbf4534f7ffb77d87baba29f8f5bbbd9b4b7c127ac170a270dc7a7272d38fdf3bbadbfb448d47e5dd4d310a588666a0d66762e1b3704b1e00e39739190c02f4b981cf2d27ba07d2472ec320edf29e263f26278995d162102968c999b3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112158044863e4dc19cf29a85668b7f45842
+            Version: 3
+            TBS:
+                MD5: 403bb44a62aed1a94bd5df05b3292482
+                SHA1: e4a0353e75940ab1e8cbff2f433f186c7f0b0f09
+                SHA256: 5b81998ed98b343c04134c336e03f3051779eae0e9f882e8339593d18556375d
+                SHA384: db0076cad41a0ef4ea68754ef6905bd5ff772adcb745b05c0060344e43588abc95952dc3ad272f5a8f17b206e4089aca
+        Signer:
+        -   SerialNumber: 112158044863e4dc19cf29a85668b7f45842
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: d6f977640d4810a784d152e4d3c63a6b
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: fb364fe88525eface63e291f7e86338e
+        SHA1: 0f661f61f0106faeda1d6cbe83b81aaf3ea4d28c
+        SHA256: 299f36c717c5d5d77a8e9c15879e95cd825f74e77c7ed24e7cccbefeb38a2165
+    Company: MSI
+    Copyright: Copyright (C) 2011-2012 MSI. All rights reserved.
+    CreationTimestamp: '2012-11-23 00:16:41'
+    Date: ''
+    Description: NTIOLib For MSISimple_OC
+    ExportedFunctions: ''
+    FileVersion: 1.0.0.2
+    Filename: NTIOLib.sys
+    ImportedFunctions:
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - IoDeleteDevice
+    - IoCreateDevice
+    - KeBugCheckEx
+    - RtlInitUnicodeString
+    - IoCreateSymbolicLink
+    - IoDeleteSymbolicLink
+    - __C_specific_handler
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: NTIOLib.sys
+    MD5: 736c4b85ce346ddf3b49b1e3abb4e72a
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: NTIOLib.sys
+    Product: NTIOLib
+    ProductVersion: 1.0.0.2
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 41ddd08b440611823bc5d8cb732c563d
+        SHA1: 8acdfc9ac988c6250e2a031640f6e169b5fddb73
+        SHA256: 189683b4db2e68d2f0b3f91f1141907b3887f23991867a68a22389d40ad3634e
+    SHA1: 3abb9d0a9d600200ae19c706e570465ef0a15643
+    SHA256: 2bbe65cbec3bb069e92233924f7ee1f95ffa16173fceb932c34f68d862781250
+    Sections:
+        .text:
+            Entropy: 5.963848857097665
+            Virtual Size: '0x7e2'
+        .rdata:
+            Entropy: 3.980940617017931
+            Virtual Size: '0x180'
+        .data:
+            Entropy: 0.5096713223407059
+            Virtual Size: '0x114'
+        .pdata:
+            Entropy: 3.3677730066584752
+            Virtual Size: '0x78'
+        INIT:
+            Entropy: 5.046663153942613
+            Virtual Size: '0x242'
+        .rsrc:
+            Entropy: 3.262414652315032
+            Virtual Size: '0x398'
+    Signature:
+    - MICRO-STAR INTERNATIONAL CO.
+    - GlobalSign CodeSigning CA - G2
+    - GlobalSign
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G3
+            ValidFrom: '2012-05-01 00:00:00'
+            ValidTo: '2012-12-31 23:59:59'
+            Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
+            Version: 3
+            TBS:
+                MD5: e6d820afb23af20a65cf0b03247ea05e
+                SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
+                SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
+                SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL
+                CO., LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL
+                CO., LTD.
+            ValidFrom: '2011-08-30 06:46:09'
+            ValidTo: '2014-08-30 06:46:09'
+            Signature: 87bf57ab7ffd7e005076b34b14ddd924045ec7e389871661794f1ece1bef10e050893b28236cb650af1415f8cd95e86c2052d93311d73e0bbe6fb1c22ddea438a93c8b18bd4b8c0f81ad07032efb46d406bbaa730dd3ac92cbf0d9cc711a397a0e0320b213a5161e6be83ec69967a712b463129ea56d5a8ecd3ff8901be09dfaa0a0f10e879b307863e1b1c3a3149ac73bc3f3160db7012229b57bced6d47b875878663642a8cddd03da1e7f236b8cf16713a5e0f4c892aaca77a8c7dab41d84567e2bbf09b336a2824e0e18d54d199e6e024d2630bb210cd24a9ef4b377be0429e2ecc9bf8478a8c6a78c686e26f29c95925baee85e4bbb97b6eecffe44a25e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
+            Version: 3
+            TBS:
+                MD5: 3a98a18e8636f2a01e49e2a6d116c360
+                SHA1: a2938150e46525adcec2e3a2348824bc1cf532b2
+                SHA256: 01a2e2d31d0a4f3005753cce5972b5da2a7c08b0750fb6947e0fd231e64ae7ec
+                SHA384: 722398e51e6b5bbe064df372be6b6a9ccfcc9719ad775213cae46920e0a3e6c5a4dc8b912de3148abfc60ff4a59050ea
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: d6f977640d4810a784d152e4d3c63a6b
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 1a384cdc0edc4e14d6dfb5b242e9313f
+        SHA1: 13874ae76957845e9315eedf0f5f2b59eedcb9a6
+        SHA256: 1f210a62de46c5acb868a083465b94287331ec28acd3b269e64ab6c3f372021f
+    Company: MSI
+    Copyright: Copyright (C) 2013 MSI. All rights reserved.
+    CreationTimestamp: '2013-04-15 00:40:05'
+    Date: ''
+    Description: MSI ComCenService Driver
+    ExportedFunctions: ''
+    FileVersion: 1.0.0.0
+    Filename: NTIOLib.sys
+    ImportedFunctions:
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - IoDeleteDevice
+    - IoCreateDevice
+    - KeBugCheckEx
+    - RtlInitUnicodeString
+    - IoCreateSymbolicLink
+    - IoDeleteSymbolicLink
+    - __C_specific_handler
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: NTIOLib.sys
+    MD5: 4a06bcd96ef0b90a1753a805b4235f28
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: NTIOLib.sys
+    Product: NTIOLib
+    ProductVersion: 1.0.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 2ee757c19c3e831d8f872914fe1b1384
+        SHA1: 9c58163cf35d80dbe450b656a52ee9de12bc60d2
+        SHA256: c5a21f0ae765d60ce4e2189aa3ca90b603b75ac02d9a98d1ab04375ad398132c
+    SHA1: 27eab595ec403580236e04101172247c4f5d5426
+    SHA256: 30706f110725199e338e9cc1c940d9a644d19a14f0eb8847712cba4cacda67ab
+    Sections:
+        .text:
+            Entropy: 6.00523305700914
+            Virtual Size: '0x7b0'
+        .rdata:
+            Entropy: 4.179967406544632
+            Virtual Size: '0x190'
+        .data:
+            Entropy: 0.5096713223407059
+            Virtual Size: '0x114'
+        .pdata:
+            Entropy: 3.2625699366690815
+            Virtual Size: '0x6c'
+        INIT:
+            Entropy: 4.846887314724898
+            Virtual Size: '0x222'
+        .rsrc:
+            Entropy: 3.2473671574311322
+            Virtual Size: '0x390'
+    Signature:
+    - MICRO-STAR INTERNATIONAL CO., LTD.
+    - GlobalSign CodeSigning CA - G2
+    - GlobalSign
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL
+                CO., LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL
+                CO., LTD.
+            ValidFrom: '2011-08-30 06:46:09'
+            ValidTo: '2014-08-30 06:46:09'
+            Signature: 87bf57ab7ffd7e005076b34b14ddd924045ec7e389871661794f1ece1bef10e050893b28236cb650af1415f8cd95e86c2052d93311d73e0bbe6fb1c22ddea438a93c8b18bd4b8c0f81ad07032efb46d406bbaa730dd3ac92cbf0d9cc711a397a0e0320b213a5161e6be83ec69967a712b463129ea56d5a8ecd3ff8901be09dfaa0a0f10e879b307863e1b1c3a3149ac73bc3f3160db7012229b57bced6d47b875878663642a8cddd03da1e7f236b8cf16713a5e0f4c892aaca77a8c7dab41d84567e2bbf09b336a2824e0e18d54d199e6e024d2630bb210cd24a9ef4b377be0429e2ecc9bf8478a8c6a78c686e26f29c95925baee85e4bbb97b6eecffe44a25e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
+            Version: 3
+            TBS:
+                MD5: 3a98a18e8636f2a01e49e2a6d116c360
+                SHA1: a2938150e46525adcec2e3a2348824bc1cf532b2
+                SHA256: 01a2e2d31d0a4f3005753cce5972b5da2a7c08b0750fb6947e0fd231e64ae7ec
+                SHA384: 722398e51e6b5bbe064df372be6b6a9ccfcc9719ad775213cae46920e0a3e6c5a4dc8b912de3148abfc60ff4a59050ea
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: d6f977640d4810a784d152e4d3c63a6b
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 9e87790870d27c78e12a870557a5decf
+        SHA1: ff09c47ebaa82cdde41a1be4e65f5a7cafb28322
+        SHA256: 051dad67cc6cb6b6e20b1230b04c09cc360d106a6b7000e0991381356ace0811
+    Company: MSI
+    Copyright: Copyright (C) 2008-2009 MSI. All rights reserved.
+    CreationTimestamp: '2012-11-20 01:25:26'
+    Date: ''
+    Description: NTIOLib for MSIFrequency_CC
+    ExportedFunctions: ''
+    FileVersion: 1.0.0.0
+    Filename: NTIOLib.sys
+    ImportedFunctions:
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - IoDeleteDevice
+    - IoCreateDevice
+    - KeBugCheckEx
+    - RtlInitUnicodeString
+    - IoCreateSymbolicLink
+    - IoDeleteSymbolicLink
+    - __C_specific_handler
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: NTIOLib.sys
+    MD5: 63e333d64a8716e1ae59f914cb686ae8
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: NTIOLib.sys
+    Product: NTIOLib
+    ProductVersion: 1.0.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 41ddd08b440611823bc5d8cb732c563d
+        SHA1: 8acdfc9ac988c6250e2a031640f6e169b5fddb73
+        SHA256: 189683b4db2e68d2f0b3f91f1141907b3887f23991867a68a22389d40ad3634e
+    SHA1: 78b9481607ca6f3a80b4515c432ddfe6550b18a8
+    SHA256: 3124b0411b8077605db2a9b7909d8240e0d554496600e2706e531c93c931e1b5
+    Sections:
+        .text:
+            Entropy: 5.976202989108171
+            Virtual Size: '0x7e8'
+        .rdata:
+            Entropy: 4.475236234610116
+            Virtual Size: '0x1bc'
+        .data:
+            Entropy: 0.5096713223407059
+            Virtual Size: '0x114'
+        .pdata:
+            Entropy: 3.2681217064915287
+            Virtual Size: '0x78'
+        INIT:
+            Entropy: 5.046663153942613
+            Virtual Size: '0x242'
+        .rsrc:
+            Entropy: 3.28531630148464
+            Virtual Size: '0x398'
+    Signature:
+    - MICRO-STAR INTERNATIONAL CO., LTD.
+    - GlobalSign CodeSigning CA - G2
+    - GlobalSign Root CA - R1
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G3
+            ValidFrom: '2012-05-01 00:00:00'
+            ValidTo: '2012-12-31 23:59:59'
+            Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
+            Version: 3
+            TBS:
+                MD5: e6d820afb23af20a65cf0b03247ea05e
+                SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
+                SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
+                SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL
+                CO., LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL
+                CO., LTD.
+            ValidFrom: '2011-08-30 06:46:09'
+            ValidTo: '2014-08-30 06:46:09'
+            Signature: 87bf57ab7ffd7e005076b34b14ddd924045ec7e389871661794f1ece1bef10e050893b28236cb650af1415f8cd95e86c2052d93311d73e0bbe6fb1c22ddea438a93c8b18bd4b8c0f81ad07032efb46d406bbaa730dd3ac92cbf0d9cc711a397a0e0320b213a5161e6be83ec69967a712b463129ea56d5a8ecd3ff8901be09dfaa0a0f10e879b307863e1b1c3a3149ac73bc3f3160db7012229b57bced6d47b875878663642a8cddd03da1e7f236b8cf16713a5e0f4c892aaca77a8c7dab41d84567e2bbf09b336a2824e0e18d54d199e6e024d2630bb210cd24a9ef4b377be0429e2ecc9bf8478a8c6a78c686e26f29c95925baee85e4bbb97b6eecffe44a25e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
+            Version: 3
+            TBS:
+                MD5: 3a98a18e8636f2a01e49e2a6d116c360
+                SHA1: a2938150e46525adcec2e3a2348824bc1cf532b2
+                SHA256: 01a2e2d31d0a4f3005753cce5972b5da2a7c08b0750fb6947e0fd231e64ae7ec
+                SHA384: 722398e51e6b5bbe064df372be6b6a9ccfcc9719ad775213cae46920e0a3e6c5a4dc8b912de3148abfc60ff4a59050ea
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: d6f977640d4810a784d152e4d3c63a6b
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 4f3fc3f46b55c66e36a411e0389d9740
+        SHA1: fed54cfff38966133b7fbc067246bbfca871118b
+        SHA256: 9a1d483d6ca994942533fcfe10c11b1725bbb9551e435476453a57ce7ff17029
+    Company: MSI
+    Copyright: Copyright (C) 2008-2009 MSI. All rights reserved.
+    CreationTimestamp: '2010-07-12 03:43:04'
+    Date: ''
+    Description: NTIOLib
+    ExportedFunctions: ''
+    FileVersion: 1.0.0.0
+    Filename: NTIOLib.sys
+    ImportedFunctions:
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - IoDeleteDevice
+    - IoCreateDevice
+    - KeBugCheckEx
+    - RtlInitUnicodeString
+    - IoCreateSymbolicLink
+    - IoDeleteSymbolicLink
+    - __C_specific_handler
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: NTIOLib.sys
+    MD5: 79483cb29a0c428e1362ec8642109eee
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: NTIOLib.sys
+    Product: NTIOLib
+    ProductVersion: 1.0.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 2ee757c19c3e831d8f872914fe1b1384
+        SHA1: 9c58163cf35d80dbe450b656a52ee9de12bc60d2
+        SHA256: c5a21f0ae765d60ce4e2189aa3ca90b603b75ac02d9a98d1ab04375ad398132c
+    SHA1: 414cd15d6c991d19fb5be02e3b9fb0e6c5ce731c
+    SHA256: 38fa0c663c8689048726666f1c5e019feaa9da8278f1df6ff62da33961891d2a
+    Sections:
+        .text:
+            Entropy: 6.008267655921238
+            Virtual Size: '0x794'
+        .rdata:
+            Entropy: 4.367965340454747
+            Virtual Size: '0x1b0'
+        .data:
+            Entropy: 0.5096713223407059
+            Virtual Size: '0x114'
+        .pdata:
+            Entropy: 3.217404746311882
+            Virtual Size: '0x6c'
+        INIT:
+            Entropy: 4.846887314724898
+            Virtual Size: '0x222'
+        .rsrc:
+            Entropy: 3.2498244109800973
+            Virtual Size: '0x370'
+    Signature:
+    - Micro-Star Int'l Co. Ltd.
+    - GlobalSign ObjectSign CA
+    - GlobalSign Primary Object Publishing CA
+    - GlobalSign
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
+                Primary Object Publishing CA
+            ValidFrom: '1999-01-28 12:00:00'
+            ValidTo: '2014-01-27 11:00:00'
+            Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9611cd6
+            Version: 3
+            TBS:
+                MD5: 698f075151097d84c0b1f3e7bc3d6fca
+                SHA1: 041750993d7c9e063f02dfe74699598640911aab
+                SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
+                SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
+        -   Subject: C=TW, O=Micro,Star Int'l Co. Ltd., CN=Micro,Star Int'l Co. Ltd.
+            ValidFrom: '2008-08-28 09:49:45'
+            ValidTo: '2011-08-28 09:49:45'
+            Signature: 572df373e9b036711b3cf5ee882e5d75d8d50f012407cf0c1b554ff8f41c7b6477fa0b2ad579f2c1fe7b8b9d7374b690527c219eb979686fb67d0b4cf2885d8d7d1261f05cb72fe4c9f294c52aa05f3e5d1ceb0d77085dbd6af07978032505da666f353283a8982af26985e69c1599479945b591124183574b8a4cc34caa62e31b523dac3fedbd04951b3661399ed34f5c5868d9bbe3295fc09890d9521e1cdcae2ff129f547d4c8ce8aa08616107c555fac60e5b63c14ddfeb6962af3608b75d9c77c69260d8af9775b83afaa15b8ecef6840cb4ee87d451f9042b49735ea40931c0664c8c2bf6a139db6ac5b90edcea63a6bf5b54978f027b1046170d476d0
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0100000000011c08b7f67e
+            Version: 3
+            TBS:
+                MD5: 4566c37f56f951a0ce5b4ae966c0ea9f
+                SHA1: a51cbf2834eb6f8535bc5e44913a9ec979379782
+                SHA256: 88a8e9a799af515b9223e4cdf24d0ef1e72f12124be02786f026a3c26317b417
+                SHA384: d8d8769d5b6a0fe7c56fcde24c735475ee0e5d01c63dbf7690cdae5a3e251818bed42443d0c6424d39e81a19d6c83bdb
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            ValidFrom: '2004-01-22 09:00:00'
+            ValidTo: '2014-01-27 10:00:00'
+            Signature: 3c4a010267edf20a2e736e40252f1dccbc2db652141b27122cf1229e190a89b6ef352a29152b1a88c20f37168d2602d5e93080f608b9939ac0498f332c3035ff4ab9892aa75c38e761a778fe22851a07b4b9edcf21f25ddedff329c5d38d9e14c4285c88e590a300442912b23e759540244a6beee2d0ef862ddf6d741a4f1cc79424c443464f7b81015d23733cd9752e995361565e7ccd13e237d222e570f8a743f6154147fda24702c43651ca545da6cdcad61817533ff1d38e0f0aafda17941657a0991431c90e1611d2c04ca2a25978fbb6b933cff763c9d2c4c84953dd8a59525e7d3b385eed220360ac85cd58325dcdc31c07fa7ef67efbc8ac378be498
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000117ab50b915
+            Version: 3
+            TBS:
+                MD5: 5686b287d716c4d2428b092c4ef30f9c
+                SHA1: 306fb5fbeb3d531510bb4b663c4fd48adc121e14
+                SHA256: 60846fc990e271a707cd2d53d0bb21834a04f7652214aa0c12597ff6649d352d
+                SHA384: 6b37b28ca97b32a31b0fa53b5e961ae0f2d1aae2c5bf46de132e57834ee3968d9af7ad204821f9389cc4e0b5a8481fe8
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 0100000000011c08b7f67e
+            Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            Version: 1
+    Imphash: d6f977640d4810a784d152e4d3c63a6b
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: d3ef4e7146fce9f2a17134d42c07166b
+        SHA1: ee34907ac4afce04fe1bab85e68d7e743db05841
+        SHA256: a6bf32fafa57bcbb84b06db0d7d28e4b1457ead69c33fa883d5abe84ecd91b51
+    Company: MSI
+    Copyright: Copyright (C) 2008-2009 MSI. All rights reserved.
+    CreationTimestamp: '2012-10-25 04:27:58'
+    Date: ''
+    Description: NTIOLib
+    ExportedFunctions: ''
+    FileVersion: 1.0.0.0
+    Filename: NTIOLib.sys
+    ImportedFunctions:
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - IoDeleteDevice
+    - IoCreateDevice
+    - KeBugCheckEx
+    - RtlInitUnicodeString
+    - IoCreateSymbolicLink
+    - IoDeleteSymbolicLink
+    - __C_specific_handler
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: NTIOLib.sys
+    MD5: 23cf3da010497eb2bf39a5c5a57e437c
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: NTIOLib.sys
+    Product: NTIOLib
+    ProductVersion: 1.0.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 6c9272bb390e89b75934eea3b15a1858
+        SHA1: 16dab615286d22f060143bb9316a28122f8e4d1b
+        SHA256: 4a41cc91e3a5794be7d9088e93b0277f123a88d3b6568c5f92fe084bb5c78b4a
+    SHA1: d9c09dd725bc7bc3c19b4db37866015817a516ef
+    SHA256: 39cfde7d401efce4f550e0a9461f5fc4d71fa07235e1336e4f0b4882bd76550e
+    Sections:
+        .text:
+            Entropy: 6.008267655921238
+            Virtual Size: '0x794'
+        .rdata:
+            Entropy: 4.0381557239580514
+            Virtual Size: '0x184'
+        .data:
+            Entropy: 0.5096713223407059
+            Virtual Size: '0x114'
+        .pdata:
+            Entropy: 3.2568923621127186
+            Virtual Size: '0x6c'
+        INIT:
+            Entropy: 4.859566382396186
+            Virtual Size: '0x222'
+        .rsrc:
+            Entropy: 3.2498244109800973
+            Virtual Size: '0x370'
+    Signature:
+    - MICRO-STAR INTERNATIONAL CO., LTD.
+    - GlobalSign CodeSigning CA - G2
+    - GlobalSign Root CA - R1
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G3
+            ValidFrom: '2012-05-01 00:00:00'
+            ValidTo: '2012-12-31 23:59:59'
+            Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
+            Version: 3
+            TBS:
+                MD5: e6d820afb23af20a65cf0b03247ea05e
+                SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
+                SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
+                SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL
+                CO., LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL
+                CO., LTD.
+            ValidFrom: '2011-08-30 06:46:09'
+            ValidTo: '2014-08-30 06:46:09'
+            Signature: 87bf57ab7ffd7e005076b34b14ddd924045ec7e389871661794f1ece1bef10e050893b28236cb650af1415f8cd95e86c2052d93311d73e0bbe6fb1c22ddea438a93c8b18bd4b8c0f81ad07032efb46d406bbaa730dd3ac92cbf0d9cc711a397a0e0320b213a5161e6be83ec69967a712b463129ea56d5a8ecd3ff8901be09dfaa0a0f10e879b307863e1b1c3a3149ac73bc3f3160db7012229b57bced6d47b875878663642a8cddd03da1e7f236b8cf16713a5e0f4c892aaca77a8c7dab41d84567e2bbf09b336a2824e0e18d54d199e6e024d2630bb210cd24a9ef4b377be0429e2ecc9bf8478a8c6a78c686e26f29c95925baee85e4bbb97b6eecffe44a25e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
+            Version: 3
+            TBS:
+                MD5: 3a98a18e8636f2a01e49e2a6d116c360
+                SHA1: a2938150e46525adcec2e3a2348824bc1cf532b2
+                SHA256: 01a2e2d31d0a4f3005753cce5972b5da2a7c08b0750fb6947e0fd231e64ae7ec
+                SHA384: 722398e51e6b5bbe064df372be6b6a9ccfcc9719ad775213cae46920e0a3e6c5a4dc8b912de3148abfc60ff4a59050ea
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: d6f977640d4810a784d152e4d3c63a6b
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: ff9b15a51f11874a9abe7a1b9f4cfd0d
+        SHA1: 0d3956de7c3a7788727358867abf34880eaa7100
+        SHA256: cf3ec8972720f84d73e907bb293de40468a0d605ce0da658a786f7b4842b3c62
+    Company: MSI
+    Copyright: Copyright (C) 2011-2012 MSI. All rights reserved.
+    CreationTimestamp: '2014-01-05 23:15:54'
+    Date: ''
+    Description: NTIOLib For NTIOLib_ECO
+    ExportedFunctions: ''
+    FileVersion: 1.0.0.2
+    Filename: NTIOLib.sys
+    ImportedFunctions:
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - IoDeleteDevice
+    - IoCreateDevice
+    - KeBugCheckEx
+    - RtlInitUnicodeString
+    - IoCreateSymbolicLink
+    - IoDeleteSymbolicLink
+    - __C_specific_handler
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: NTIOLib.sys
+    MD5: 9638f265b1ddd5da6ecdf5c0619dcbe6
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: NTIOLib.sys
+    Product: NTIOLib
+    ProductVersion: 1.0.0.2
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 41ddd08b440611823bc5d8cb732c563d
+        SHA1: 8acdfc9ac988c6250e2a031640f6e169b5fddb73
+        SHA256: 189683b4db2e68d2f0b3f91f1141907b3887f23991867a68a22389d40ad3634e
+    SHA1: 9c256edd10823ca76c0443a330e523027b70522d
+    SHA256: 3d9e83b189fcf5c3541c62d1f54a0da0a4e5b62c3243d2989afc46644056c8e3
+    Sections:
+        .text:
+            Entropy: 5.96152964311516
+            Virtual Size: '0x7c0'
+        .rdata:
+            Entropy: 4.035248794842369
+            Virtual Size: '0x184'
+        .data:
+            Entropy: 0.5096713223407059
+            Virtual Size: '0x114'
+        .pdata:
+            Entropy: 3.362663189557749
+            Virtual Size: '0x78'
+        INIT:
+            Entropy: 5.046663153942613
+            Virtual Size: '0x242'
+        .rsrc:
+            Entropy: 3.2737427387952023
+            Virtual Size: '0x390'
+    Signature:
+    - MICRO-STAR INTERNATIONAL CO., LTD.
+    - GlobalSign CodeSigning CA - G2
+    - GlobalSign Root CA - R1
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL
+                CO., LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL
+                CO., LTD.
+            ValidFrom: '2011-08-30 06:46:09'
+            ValidTo: '2014-08-30 06:46:09'
+            Signature: 87bf57ab7ffd7e005076b34b14ddd924045ec7e389871661794f1ece1bef10e050893b28236cb650af1415f8cd95e86c2052d93311d73e0bbe6fb1c22ddea438a93c8b18bd4b8c0f81ad07032efb46d406bbaa730dd3ac92cbf0d9cc711a397a0e0320b213a5161e6be83ec69967a712b463129ea56d5a8ecd3ff8901be09dfaa0a0f10e879b307863e1b1c3a3149ac73bc3f3160db7012229b57bced6d47b875878663642a8cddd03da1e7f236b8cf16713a5e0f4c892aaca77a8c7dab41d84567e2bbf09b336a2824e0e18d54d199e6e024d2630bb210cd24a9ef4b377be0429e2ecc9bf8478a8c6a78c686e26f29c95925baee85e4bbb97b6eecffe44a25e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
+            Version: 3
+            TBS:
+                MD5: 3a98a18e8636f2a01e49e2a6d116c360
+                SHA1: a2938150e46525adcec2e3a2348824bc1cf532b2
+                SHA256: 01a2e2d31d0a4f3005753cce5972b5da2a7c08b0750fb6947e0fd231e64ae7ec
+                SHA384: 722398e51e6b5bbe064df372be6b6a9ccfcc9719ad775213cae46920e0a3e6c5a4dc8b912de3148abfc60ff4a59050ea
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: d6f977640d4810a784d152e4d3c63a6b
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 2d87365d63e81ef0edc577bf0cb33995
+        SHA1: b472d32094e258b2af60914db8604cd0bf439c4b
+        SHA256: d33f19a12cd8e8649a56ce2a41e2b56d2ed80f203e5ededc4114c78ef773ffa8
+    Company: MSI
+    Copyright: Copyright (C) 2008-2009 MSI. All rights reserved.
+    CreationTimestamp: '2015-11-23 23:34:45'
+    Date: ''
+    Description: NTIOLib
+    ExportedFunctions: ''
+    FileVersion: 1.0.0.0
+    Filename: NTIOLib.sys
+    ImportedFunctions:
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - IoDeleteDevice
+    - IoCreateDevice
+    - KeBugCheckEx
+    - RtlInitUnicodeString
+    - IoCreateSymbolicLink
+    - IoDeleteSymbolicLink
+    - __C_specific_handler
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: NTIOLib.sys
+    MD5: f2f728d2f69765f5dfda913d407783d2
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: NTIOLib.sys
+    Product: NTIOLib
+    ProductVersion: 1.0.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 41ddd08b440611823bc5d8cb732c563d
+        SHA1: 8acdfc9ac988c6250e2a031640f6e169b5fddb73
+        SHA256: 189683b4db2e68d2f0b3f91f1141907b3887f23991867a68a22389d40ad3634e
+    SHA1: 35829e096a15e559fcbabf3441d99e580ca3b26e
+    SHA256: 3f2fda9a7a9c57b7138687bbce49a2e156d6095dddabb3454ea09737e02c3fa5
+    Sections:
+        .text:
+            Entropy: 5.973820627052045
+            Virtual Size: '0x7b2'
+        .rdata:
+            Entropy: 4.093549068276716
+            Virtual Size: '0x18c'
+        .data:
+            Entropy: 0.5096713223407059
+            Virtual Size: '0x114'
+        .pdata:
+            Entropy: 3.3271014689815064
+            Virtual Size: '0x78'
+        INIT:
+            Entropy: 5.046663153942613
+            Virtual Size: '0x242'
+        .rsrc:
+            Entropy: 3.2498244109800973
+            Virtual Size: '0x370'
+    Signature:
+    - MICRO-STAR INTERNATIONAL CO., LTD.
+    - GlobalSign CodeSigning CA - G2
+    - GlobalSign Root CA - R1
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2011-04-15 19:55:08'
+            ValidTo: '2021-04-15 20:05:08'
+            Signature: 5ff8d065746a81c6a6ca5b03b6914ae84bbdef2ba142f0efb4a5adcd3389ec0b9585ac62501108aa58d25aa08310e5a6337af25af2c5fe787cf09c83df190ad97396002dd62ccde914d41d9de83f3c1a76f7904efb01350a6c9313a0c356eb67a0e4d17a96dec267f190f80a7bf5321b94ec5f751f8d1b34da6c58a7cb2d279e2226b7c9aa30cc0777b836e38201b5393ccc8dd9a75f7f23b3877fdb5798918bd7ce2520e39d644fdd87f72b68490318e0a5df7c5f68644d36838d4781f2e9e0a869abfa7b163c05a449ea8830190a6c73055178dfd41ddd3ad47f2de44e54be83431e7a7433b4a4ebd77073bc2a02988966eef6bc8f749378e329025a5a43e258ce7ccf9acad236893be25fda26054ec8d4e72c910e1797c5beee8b13112323294ffa83d050f6bafad53db3173df4ff034aa325dce67561d1fa35086bd62744d068b78d45e0eb852cc8a15d614474160e5958aed2b5eea5bcd6d7076ab62978fd976767dd8d4f17944fd2ed0caf972437c3a29c81da6be143b6577b4cecbf791319e79fe844e94781b75e701e91f83dd17b27f50b7056434805dda92fab86101d0b12e31ad04c6e75ded645b30b748887935c564a41029af7aeb799d8b67f88fa11f2457cf4d71b91c01cf1a0fbd4080a411a142acef4eb34486e66879ed54b7a397fbb0e3d3861cf735706e412066bd96b5308cd7018c22d4f974691bca9f0
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 6129152700000000002a
+            Version: 3
+            TBS:
+                MD5: 0bb058d116f02817737920f112d9fd3b
+                SHA1: fd116235171a4feafedee586b7a59185fb5fd7e6
+                SHA256: f970426cc46d2ae0fc5f899fa19dbe76e05f07e525654c60c3c9399492c291f4
+                SHA384: c0df876be008c26ca407fe904e6f5e7ccded17f9c16830ce9f8022309c9e64c97f494810f152811ae43e223b82ad7cc6
+        -   Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL
+                CO., LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL
+                CO., LTD.
+            ValidFrom: '2014-06-03 09:16:15'
+            ValidTo: '2017-09-03 09:16:15'
+            Signature: 8c35a5b5d3503f50119ab8f99b07a4bb4b71cafaf983206f744545c2997ae1762032fa2d37f4780cfe83bfa999d7bcbd863dc4a51ff39978160e2e191482ae6d7f08e8ffa337c96d8c2d38ddf476a497265a890c1bbf0dee89b1abd32343889a3757732d205ba06525fa8f6e15005405a53e55cef71ac0b6af3a640e4c8aef5e950ab8a8b5c8bcddb2ade96ad9473a3d860ae16fdbe3362cabfd916da089167d906d378dbf4534f7ffb77d87baba29f8f5bbbd9b4b7c127ac170a270dc7a7272d38fdf3bbadbfb448d47e5dd4d310a588666a0d66762e1b3704b1e00e39739190c02f4b981cf2d27ba07d2472ec320edf29e263f26278995d162102968c999b3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112158044863e4dc19cf29a85668b7f45842
+            Version: 3
+            TBS:
+                MD5: 403bb44a62aed1a94bd5df05b3292482
+                SHA1: e4a0353e75940ab1e8cbff2f433f186c7f0b0f09
+                SHA256: 5b81998ed98b343c04134c336e03f3051779eae0e9f882e8339593d18556375d
+                SHA384: db0076cad41a0ef4ea68754ef6905bd5ff772adcb745b05c0060344e43588abc95952dc3ad272f5a8f17b206e4089aca
+        Signer:
+        -   SerialNumber: 112158044863e4dc19cf29a85668b7f45842
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: d6f977640d4810a784d152e4d3c63a6b
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 1d0d0ef174a767359bb32e53fe346416
+        SHA1: 4dbbf2558cdbdaf4a5e5ec65e844f5abdace5514
+        SHA256: 809403706c3669a0d67bd35a87f66714989d1bc66e2aa6ca5979781ae3c4fdb0
+    Company: MSI
+    Copyright: Copyright (C) 2008-2009 MSI. All rights reserved.
+    CreationTimestamp: '2012-10-25 19:46:44'
+    Date: ''
+    Description: NTIOLib
+    ExportedFunctions: ''
+    FileVersion: 1.0.0.0
+    Filename: NTIOLib.sys
+    ImportedFunctions:
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - IoDeleteDevice
+    - IoCreateDevice
+    - KeBugCheckEx
+    - RtlInitUnicodeString
+    - IoCreateSymbolicLink
+    - IoDeleteSymbolicLink
+    - __C_specific_handler
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: NTIOLib.sys
+    MD5: 992ded5b623be3c228f32edb4ca3f2d2
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: NTIOLib.sys
+    Product: NTIOLib
+    ProductVersion: 1.0.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 39c75f9f5960f67f8cc161923c9e27de
+        SHA1: 04563d9ba3a46a4a80e909593385d142161e460f
+        SHA256: 160c6345935fc4df2858df076b6075d17a8f8adec1d01711474d4221fe4168a8
+    SHA1: b8de3a1aeeda9deea43e3f768071125851c85bd0
+    SHA256: 47f0cdaa2359a63ad1389ef4a635f1f6eee1f63bdf6ef177f114bdcdadc2e005
+    Sections:
+        .text:
+            Entropy: 5.971571035043868
+            Virtual Size: '0x7aa'
+        .rdata:
+            Entropy: 4.33479813403352
+            Virtual Size: '0x1ac'
+        .data:
+            Entropy: 0.5096713223407059
+            Virtual Size: '0x114'
+        .pdata:
+            Entropy: 3.21881588635179
+            Virtual Size: '0x78'
+        INIT:
+            Entropy: 5.022741972184718
+            Virtual Size: '0x242'
+        .rsrc:
+            Entropy: 3.2498244109800973
+            Virtual Size: '0x370'
+    Signature:
+    - MICRO-STAR INTERNATIONAL CO., LTD.
+    - GlobalSign CodeSigning CA - G2
+    - GlobalSign Root CA - R1
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G3
+            ValidFrom: '2012-05-01 00:00:00'
+            ValidTo: '2012-12-31 23:59:59'
+            Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
+            Version: 3
+            TBS:
+                MD5: e6d820afb23af20a65cf0b03247ea05e
+                SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
+                SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
+                SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL
+                CO., LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL
+                CO., LTD.
+            ValidFrom: '2011-08-30 06:46:09'
+            ValidTo: '2014-08-30 06:46:09'
+            Signature: 87bf57ab7ffd7e005076b34b14ddd924045ec7e389871661794f1ece1bef10e050893b28236cb650af1415f8cd95e86c2052d93311d73e0bbe6fb1c22ddea438a93c8b18bd4b8c0f81ad07032efb46d406bbaa730dd3ac92cbf0d9cc711a397a0e0320b213a5161e6be83ec69967a712b463129ea56d5a8ecd3ff8901be09dfaa0a0f10e879b307863e1b1c3a3149ac73bc3f3160db7012229b57bced6d47b875878663642a8cddd03da1e7f236b8cf16713a5e0f4c892aaca77a8c7dab41d84567e2bbf09b336a2824e0e18d54d199e6e024d2630bb210cd24a9ef4b377be0429e2ecc9bf8478a8c6a78c686e26f29c95925baee85e4bbb97b6eecffe44a25e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
+            Version: 3
+            TBS:
+                MD5: 3a98a18e8636f2a01e49e2a6d116c360
+                SHA1: a2938150e46525adcec2e3a2348824bc1cf532b2
+                SHA256: 01a2e2d31d0a4f3005753cce5972b5da2a7c08b0750fb6947e0fd231e64ae7ec
+                SHA384: 722398e51e6b5bbe064df372be6b6a9ccfcc9719ad775213cae46920e0a3e6c5a4dc8b912de3148abfc60ff4a59050ea
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: d6f977640d4810a784d152e4d3c63a6b
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 922f6d3d0dda7748bad7a537a8bc9e4e
+        SHA1: 71355d9ebcf35492b60c3f936550d30310a31049
+        SHA256: 9d734d6443a707d601d76577692dc613b35201518856d0189b037f7a4fbd420d
+    Company: MSI
+    Copyright: Copyright (C) 2008-2009 MSI. All rights reserved.
+    CreationTimestamp: '2009-10-04 19:28:48'
+    Date: ''
+    Description: NTIOLib
+    ExportedFunctions: ''
+    FileVersion: 1.0.0.0
+    Filename: NTIOLib.sys
+    ImportedFunctions:
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - IoDeleteDevice
+    - IoCreateDevice
+    - KeBugCheckEx
+    - RtlInitUnicodeString
+    - IoCreateSymbolicLink
+    - IoDeleteSymbolicLink
+    - __C_specific_handler
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: NTIOLib.sys
+    MD5: c3fea895fe95ea7a57d9f4d7abed5e71
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: NTIOLib.sys
+    Product: NTIOLib
+    ProductVersion: 1.0.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 2ee757c19c3e831d8f872914fe1b1384
+        SHA1: 9c58163cf35d80dbe450b656a52ee9de12bc60d2
+        SHA256: c5a21f0ae765d60ce4e2189aa3ca90b603b75ac02d9a98d1ab04375ad398132c
+    SHA1: 054a50293c7b4eea064c91ef59cf120d8100f237
+    SHA256: 50d5eaa168c077ce5b7f15b3f2c43bd2b86b07b1e926c1b332f8cb13bd2e0793
+    Sections:
+        .text:
+            Entropy: 6.010356299493828
+            Virtual Size: '0x794'
+        .rdata:
+            Entropy: 4.383466469193105
+            Virtual Size: '0x1b4'
+        .data:
+            Entropy: 0.5096713223407059
+            Virtual Size: '0x114'
+        .pdata:
+            Entropy: 3.168838889850432
+            Virtual Size: '0x6c'
+        INIT:
+            Entropy: 4.846887314724898
+            Virtual Size: '0x222'
+        .rsrc:
+            Entropy: 3.2498244109800973
+            Virtual Size: '0x370'
+    Signature:
+    - Micro-Star Int'l Co. Ltd.
+    - GlobalSign ObjectSign CA
+    - GlobalSign Primary Object Publishing CA
+    - GlobalSign Root CA - R1
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
+                Primary Object Publishing CA
+            ValidFrom: '1999-01-28 12:00:00'
+            ValidTo: '2014-01-27 11:00:00'
+            Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9611cd6
+            Version: 3
+            TBS:
+                MD5: 698f075151097d84c0b1f3e7bc3d6fca
+                SHA1: 041750993d7c9e063f02dfe74699598640911aab
+                SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
+                SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
+        -   Subject: C=TW, O=Micro,Star Int'l Co. Ltd., CN=Micro,Star Int'l Co. Ltd.
+            ValidFrom: '2008-08-28 09:49:45'
+            ValidTo: '2011-08-28 09:49:45'
+            Signature: 572df373e9b036711b3cf5ee882e5d75d8d50f012407cf0c1b554ff8f41c7b6477fa0b2ad579f2c1fe7b8b9d7374b690527c219eb979686fb67d0b4cf2885d8d7d1261f05cb72fe4c9f294c52aa05f3e5d1ceb0d77085dbd6af07978032505da666f353283a8982af26985e69c1599479945b591124183574b8a4cc34caa62e31b523dac3fedbd04951b3661399ed34f5c5868d9bbe3295fc09890d9521e1cdcae2ff129f547d4c8ce8aa08616107c555fac60e5b63c14ddfeb6962af3608b75d9c77c69260d8af9775b83afaa15b8ecef6840cb4ee87d451f9042b49735ea40931c0664c8c2bf6a139db6ac5b90edcea63a6bf5b54978f027b1046170d476d0
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0100000000011c08b7f67e
+            Version: 3
+            TBS:
+                MD5: 4566c37f56f951a0ce5b4ae966c0ea9f
+                SHA1: a51cbf2834eb6f8535bc5e44913a9ec979379782
+                SHA256: 88a8e9a799af515b9223e4cdf24d0ef1e72f12124be02786f026a3c26317b417
+                SHA384: d8d8769d5b6a0fe7c56fcde24c735475ee0e5d01c63dbf7690cdae5a3e251818bed42443d0c6424d39e81a19d6c83bdb
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            ValidFrom: '2004-01-22 09:00:00'
+            ValidTo: '2014-01-27 10:00:00'
+            Signature: 3c4a010267edf20a2e736e40252f1dccbc2db652141b27122cf1229e190a89b6ef352a29152b1a88c20f37168d2602d5e93080f608b9939ac0498f332c3035ff4ab9892aa75c38e761a778fe22851a07b4b9edcf21f25ddedff329c5d38d9e14c4285c88e590a300442912b23e759540244a6beee2d0ef862ddf6d741a4f1cc79424c443464f7b81015d23733cd9752e995361565e7ccd13e237d222e570f8a743f6154147fda24702c43651ca545da6cdcad61817533ff1d38e0f0aafda17941657a0991431c90e1611d2c04ca2a25978fbb6b933cff763c9d2c4c84953dd8a59525e7d3b385eed220360ac85cd58325dcdc31c07fa7ef67efbc8ac378be498
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000117ab50b915
+            Version: 3
+            TBS:
+                MD5: 5686b287d716c4d2428b092c4ef30f9c
+                SHA1: 306fb5fbeb3d531510bb4b663c4fd48adc121e14
+                SHA256: 60846fc990e271a707cd2d53d0bb21834a04f7652214aa0c12597ff6649d352d
+                SHA384: 6b37b28ca97b32a31b0fa53b5e961ae0f2d1aae2c5bf46de132e57834ee3968d9af7ad204821f9389cc4e0b5a8481fe8
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 0100000000011c08b7f67e
+            Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            Version: 1
+    Imphash: d6f977640d4810a784d152e4d3c63a6b
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: c6830e904e56ea951005ea7639eedd35
+        SHA1: c57c0dd18135bca5fdb094858a70033c006cd281
+        SHA256: 4a05ad47cd63932b3df2d0f1f42617321729772211bec651fe061140d3e75957
+    Company: MSI
+    Copyright: Copyright (C) 2008-2009 MSI. All rights reserved.
+    CreationTimestamp: '2011-01-05 20:05:14'
+    Date: ''
+    Description: NTIOLib
+    ExportedFunctions: ''
+    FileVersion: 1.0.0.0
+    Filename: NTIOLib.sys
+    ImportedFunctions:
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - IoDeleteDevice
+    - IoCreateDevice
+    - KeBugCheckEx
+    - RtlInitUnicodeString
+    - IoCreateSymbolicLink
+    - IoDeleteSymbolicLink
+    - __C_specific_handler
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: NTIOLib.sys
+    MD5: 0395b4e0eb21693590ad1cfdf7044b8b
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: NTIOLib.sys
+    Product: NTIOLib
+    ProductVersion: 1.0.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 2ee757c19c3e831d8f872914fe1b1384
+        SHA1: 9c58163cf35d80dbe450b656a52ee9de12bc60d2
+        SHA256: c5a21f0ae765d60ce4e2189aa3ca90b603b75ac02d9a98d1ab04375ad398132c
+    SHA1: d94f2fb3198e14bfe69b44fb9f00f2551f7248b2
+    SHA256: 56a3c9ac137d862a85b4004f043d46542a1b61c6acb438098a9640469e2d80e7
+    Sections:
+        .text:
+            Entropy: 6.012418155163931
+            Virtual Size: '0x794'
+        .rdata:
+            Entropy: 4.38104344738678
+            Virtual Size: '0x1b0'
+        .data:
+            Entropy: 0.5096713223407059
+            Virtual Size: '0x114'
+        .pdata:
+            Entropy: 3.217404746311882
+            Virtual Size: '0x6c'
+        INIT:
+            Entropy: 4.846887314724898
+            Virtual Size: '0x222'
+        .rsrc:
+            Entropy: 3.2498244109800973
+            Virtual Size: '0x370'
+    Signature:
+    - MICRO-STAR INTERNATIONAL CO., LTD.
+    - GlobalSign CodeSigning CA - G2
+    - GlobalSign Root CA - R1
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL
+                CO., LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL
+                CO., LTD.
+            ValidFrom: '2011-08-30 06:46:09'
+            ValidTo: '2014-08-30 06:46:09'
+            Signature: 87bf57ab7ffd7e005076b34b14ddd924045ec7e389871661794f1ece1bef10e050893b28236cb650af1415f8cd95e86c2052d93311d73e0bbe6fb1c22ddea438a93c8b18bd4b8c0f81ad07032efb46d406bbaa730dd3ac92cbf0d9cc711a397a0e0320b213a5161e6be83ec69967a712b463129ea56d5a8ecd3ff8901be09dfaa0a0f10e879b307863e1b1c3a3149ac73bc3f3160db7012229b57bced6d47b875878663642a8cddd03da1e7f236b8cf16713a5e0f4c892aaca77a8c7dab41d84567e2bbf09b336a2824e0e18d54d199e6e024d2630bb210cd24a9ef4b377be0429e2ecc9bf8478a8c6a78c686e26f29c95925baee85e4bbb97b6eecffe44a25e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
+            Version: 3
+            TBS:
+                MD5: 3a98a18e8636f2a01e49e2a6d116c360
+                SHA1: a2938150e46525adcec2e3a2348824bc1cf532b2
+                SHA256: 01a2e2d31d0a4f3005753cce5972b5da2a7c08b0750fb6947e0fd231e64ae7ec
+                SHA384: 722398e51e6b5bbe064df372be6b6a9ccfcc9719ad775213cae46920e0a3e6c5a4dc8b912de3148abfc60ff4a59050ea
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: d6f977640d4810a784d152e4d3c63a6b
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 3b7d9b57810ca80137223615a97635e0
+        SHA1: 8d9f65a6a9048ec91dd010216071c4ec983887c7
+        SHA256: 4e92baa37cd8b665ca0851f8442766aaf3b96fa61ea137d5972d5eb059389a05
+    Company: MSI
+    Copyright: Copyright (C) 2008-2009 MSI. All rights reserved.
+    CreationTimestamp: '2012-11-20 01:19:18'
+    Date: ''
+    Description: NTIOLib For MSIRatio_CC
+    ExportedFunctions: ''
+    FileVersion: 1.0.0.0
+    Filename: NTIOLib.sys
+    ImportedFunctions:
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - IoDeleteDevice
+    - IoCreateDevice
+    - KeBugCheckEx
+    - RtlInitUnicodeString
+    - IoCreateSymbolicLink
+    - IoDeleteSymbolicLink
+    - __C_specific_handler
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: NTIOLib.sys
+    MD5: 68dde686d6999ad2e5d182b20403240b
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: NTIOLib.sys
+    Product: NTIOLib
+    ProductVersion: 1.0.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 39c75f9f5960f67f8cc161923c9e27de
+        SHA1: 04563d9ba3a46a4a80e909593385d142161e460f
+        SHA256: 160c6345935fc4df2858df076b6075d17a8f8adec1d01711474d4221fe4168a8
+    SHA1: 01a578a3a39697c4de8e3dab04dba55a4c35163e
+    SHA256: 591bd5e92dfa0117b3daa29750e73e2db25baa717c31217539d30ffb1f7f3a52
+    Sections:
+        .text:
+            Entropy: 5.961728375737623
+            Virtual Size: '0x7e0'
+        .rdata:
+            Entropy: 4.419381794164025
+            Virtual Size: '0x1b8'
+        .data:
+            Entropy: 0.5096713223407059
+            Virtual Size: '0x114'
+        .pdata:
+            Entropy: 3.333607461074226
+            Virtual Size: '0x78'
+        INIT:
+            Entropy: 5.022741972184718
+            Virtual Size: '0x242'
+        .rsrc:
+            Entropy: 3.2695871327423482
+            Virtual Size: '0x390'
+    Signature:
+    - MICRO-STAR INTERNATIONAL CO., LTD.
+    - GlobalSign CodeSigning CA - G2
+    - GlobalSign Root CA - R1
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G3
+            ValidFrom: '2012-05-01 00:00:00'
+            ValidTo: '2012-12-31 23:59:59'
+            Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
+            Version: 3
+            TBS:
+                MD5: e6d820afb23af20a65cf0b03247ea05e
+                SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
+                SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
+                SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL
+                CO., LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL
+                CO., LTD.
+            ValidFrom: '2011-08-30 06:46:09'
+            ValidTo: '2014-08-30 06:46:09'
+            Signature: 87bf57ab7ffd7e005076b34b14ddd924045ec7e389871661794f1ece1bef10e050893b28236cb650af1415f8cd95e86c2052d93311d73e0bbe6fb1c22ddea438a93c8b18bd4b8c0f81ad07032efb46d406bbaa730dd3ac92cbf0d9cc711a397a0e0320b213a5161e6be83ec69967a712b463129ea56d5a8ecd3ff8901be09dfaa0a0f10e879b307863e1b1c3a3149ac73bc3f3160db7012229b57bced6d47b875878663642a8cddd03da1e7f236b8cf16713a5e0f4c892aaca77a8c7dab41d84567e2bbf09b336a2824e0e18d54d199e6e024d2630bb210cd24a9ef4b377be0429e2ecc9bf8478a8c6a78c686e26f29c95925baee85e4bbb97b6eecffe44a25e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
+            Version: 3
+            TBS:
+                MD5: 3a98a18e8636f2a01e49e2a6d116c360
+                SHA1: a2938150e46525adcec2e3a2348824bc1cf532b2
+                SHA256: 01a2e2d31d0a4f3005753cce5972b5da2a7c08b0750fb6947e0fd231e64ae7ec
+                SHA384: 722398e51e6b5bbe064df372be6b6a9ccfcc9719ad775213cae46920e0a3e6c5a4dc8b912de3148abfc60ff4a59050ea
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: d6f977640d4810a784d152e4d3c63a6b
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 066bcfa3fdd0925385faf92debce887c
+        SHA1: a2948b9d2e2ee9f4929b39acad6c850ea70dd34c
+        SHA256: 7fa5c326b294f4fc537207a27947c2fcbbfa4eabde1ba4727c92cd8613e0fc7f
+    Company: MSI
+    Copyright: Copyright (C) 2014 MSI. All rights reserved.
+    CreationTimestamp: '2014-07-08 20:05:01'
+    Date: ''
+    Description: NTIOLib_X64
+    ExportedFunctions: ''
+    FileVersion: 1.0.0.1
+    Filename: NTIOLib.sys
+    ImportedFunctions:
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - IoDeleteDevice
+    - IoCreateDevice
+    - KeBugCheckEx
+    - RtlInitUnicodeString
+    - IoCreateSymbolicLink
+    - IoDeleteSymbolicLink
+    - __C_specific_handler
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: NTIOLib_X64.sys
+    MD5: 34069a15ae3aa0e879cd0d81708e4bcc
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: NTIOLib_X64.sys
+    Product: NTIOLib_X64
+    ProductVersion: 1.0.0.1
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 41ddd08b440611823bc5d8cb732c563d
+        SHA1: 8acdfc9ac988c6250e2a031640f6e169b5fddb73
+        SHA256: 189683b4db2e68d2f0b3f91f1141907b3887f23991867a68a22389d40ad3634e
+    SHA1: 14bf0eaa90e012169745b3e30c281a327751e316
+    SHA256: 5d530e111400785d183057113d70623e17af32931668ab7c7fc826f0fd4f91a3
+    Sections:
+        .text:
+            Entropy: 5.983528095962123
+            Virtual Size: '0x7b4'
+        .rdata:
+            Entropy: 4.153120300926222
+            Virtual Size: '0x194'
+        .data:
+            Entropy: 0.5096713223407059
+            Virtual Size: '0x114'
+        .pdata:
+            Entropy: 3.370810739796811
+            Virtual Size: '0x78'
+        INIT:
+            Entropy: 5.046663153942613
+            Virtual Size: '0x242'
+        .rsrc:
+            Entropy: 3.2961638366069916
+            Virtual Size: '0x388'
+    Signature:
+    - MICRO-STAR INTERNATIONAL CO.
+    - GlobalSign CodeSigning CA - G2
+    - GlobalSign
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2011-04-15 19:55:08'
+            ValidTo: '2021-04-15 20:05:08'
+            Signature: 5ff8d065746a81c6a6ca5b03b6914ae84bbdef2ba142f0efb4a5adcd3389ec0b9585ac62501108aa58d25aa08310e5a6337af25af2c5fe787cf09c83df190ad97396002dd62ccde914d41d9de83f3c1a76f7904efb01350a6c9313a0c356eb67a0e4d17a96dec267f190f80a7bf5321b94ec5f751f8d1b34da6c58a7cb2d279e2226b7c9aa30cc0777b836e38201b5393ccc8dd9a75f7f23b3877fdb5798918bd7ce2520e39d644fdd87f72b68490318e0a5df7c5f68644d36838d4781f2e9e0a869abfa7b163c05a449ea8830190a6c73055178dfd41ddd3ad47f2de44e54be83431e7a7433b4a4ebd77073bc2a02988966eef6bc8f749378e329025a5a43e258ce7ccf9acad236893be25fda26054ec8d4e72c910e1797c5beee8b13112323294ffa83d050f6bafad53db3173df4ff034aa325dce67561d1fa35086bd62744d068b78d45e0eb852cc8a15d614474160e5958aed2b5eea5bcd6d7076ab62978fd976767dd8d4f17944fd2ed0caf972437c3a29c81da6be143b6577b4cecbf791319e79fe844e94781b75e701e91f83dd17b27f50b7056434805dda92fab86101d0b12e31ad04c6e75ded645b30b748887935c564a41029af7aeb799d8b67f88fa11f2457cf4d71b91c01cf1a0fbd4080a411a142acef4eb34486e66879ed54b7a397fbb0e3d3861cf735706e412066bd96b5308cd7018c22d4f974691bca9f0
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 6129152700000000002a
+            Version: 3
+            TBS:
+                MD5: 0bb058d116f02817737920f112d9fd3b
+                SHA1: fd116235171a4feafedee586b7a59185fb5fd7e6
+                SHA256: f970426cc46d2ae0fc5f899fa19dbe76e05f07e525654c60c3c9399492c291f4
+                SHA384: c0df876be008c26ca407fe904e6f5e7ccded17f9c16830ce9f8022309c9e64c97f494810f152811ae43e223b82ad7cc6
+        -   Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL
+                CO., LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL
+                CO., LTD.
+            ValidFrom: '2014-06-03 09:16:15'
+            ValidTo: '2017-09-03 09:16:15'
+            Signature: 8c35a5b5d3503f50119ab8f99b07a4bb4b71cafaf983206f744545c2997ae1762032fa2d37f4780cfe83bfa999d7bcbd863dc4a51ff39978160e2e191482ae6d7f08e8ffa337c96d8c2d38ddf476a497265a890c1bbf0dee89b1abd32343889a3757732d205ba06525fa8f6e15005405a53e55cef71ac0b6af3a640e4c8aef5e950ab8a8b5c8bcddb2ade96ad9473a3d860ae16fdbe3362cabfd916da089167d906d378dbf4534f7ffb77d87baba29f8f5bbbd9b4b7c127ac170a270dc7a7272d38fdf3bbadbfb448d47e5dd4d310a588666a0d66762e1b3704b1e00e39739190c02f4b981cf2d27ba07d2472ec320edf29e263f26278995d162102968c999b3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112158044863e4dc19cf29a85668b7f45842
+            Version: 3
+            TBS:
+                MD5: 403bb44a62aed1a94bd5df05b3292482
+                SHA1: e4a0353e75940ab1e8cbff2f433f186c7f0b0f09
+                SHA256: 5b81998ed98b343c04134c336e03f3051779eae0e9f882e8339593d18556375d
+                SHA384: db0076cad41a0ef4ea68754ef6905bd5ff772adcb745b05c0060344e43588abc95952dc3ad272f5a8f17b206e4089aca
+        Signer:
+        -   SerialNumber: 112158044863e4dc19cf29a85668b7f45842
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: d6f977640d4810a784d152e4d3c63a6b
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 7c60ced61bb34cad2982f5ddb1306754
+        SHA1: d02d19abf19569df72ea2c5071330de3d57e0982
+        SHA256: fa861c61102cbcaa1e5f6020deaa066c4fcdfaee3ded1ee156ab81d59ad54f9a
+    Company: MSI
+    Copyright: Copyright (C) 2008-2009 MSI. All rights reserved.
+    CreationTimestamp: '2010-01-17 19:31:59'
+    Date: ''
+    Description: NTIOLib
+    ExportedFunctions: ''
+    FileVersion: 1.0.0.0
+    Filename: NTIOLib.sys
+    ImportedFunctions:
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - IoDeleteDevice
+    - IoCreateDevice
+    - KeBugCheckEx
+    - RtlInitUnicodeString
+    - IoCreateSymbolicLink
+    - IoDeleteSymbolicLink
+    - __C_specific_handler
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: NTIOLib.sys
+    MD5: 3f39f013168428c8e505a7b9e6cba8a2
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: NTIOLib.sys
+    Product: NTIOLib
+    ProductVersion: 1.0.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 2ee757c19c3e831d8f872914fe1b1384
+        SHA1: 9c58163cf35d80dbe450b656a52ee9de12bc60d2
+        SHA256: c5a21f0ae765d60ce4e2189aa3ca90b603b75ac02d9a98d1ab04375ad398132c
+    SHA1: f50c6b84dfb8f2d53ba3bce000a55f0a486c0e79
+    SHA256: 6f1ff29e2e710f6d064dc74e8e011331d807c32cc2a622cbe507fd4b4d43f8f4
+    Sections:
+        .text:
+            Entropy: 6.010356299493828
+            Virtual Size: '0x794'
+        .rdata:
+            Entropy: 4.247032045117121
+            Virtual Size: '0x19c'
+        .data:
+            Entropy: 0.5096713223407059
+            Virtual Size: '0x114'
+        .pdata:
+            Entropy: 3.1951235244918195
+            Virtual Size: '0x6c'
+        INIT:
+            Entropy: 4.846887314724898
+            Virtual Size: '0x222'
+        .rsrc:
+            Entropy: 3.2498244109800973
+            Virtual Size: '0x370'
+    Signature:
+    - Micro-Star Int'l Co. Ltd.
+    - GlobalSign ObjectSign CA
+    - GlobalSign Primary Object Publishing CA
+    - GlobalSign Root CA - R1
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
+                Primary Object Publishing CA
+            ValidFrom: '1999-01-28 12:00:00'
+            ValidTo: '2014-01-27 11:00:00'
+            Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9611cd6
+            Version: 3
+            TBS:
+                MD5: 698f075151097d84c0b1f3e7bc3d6fca
+                SHA1: 041750993d7c9e063f02dfe74699598640911aab
+                SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
+                SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
+        -   Subject: C=TW, O=Micro,Star Int'l Co. Ltd., CN=Micro,Star Int'l Co. Ltd.
+            ValidFrom: '2008-08-28 09:49:45'
+            ValidTo: '2011-08-28 09:49:45'
+            Signature: 572df373e9b036711b3cf5ee882e5d75d8d50f012407cf0c1b554ff8f41c7b6477fa0b2ad579f2c1fe7b8b9d7374b690527c219eb979686fb67d0b4cf2885d8d7d1261f05cb72fe4c9f294c52aa05f3e5d1ceb0d77085dbd6af07978032505da666f353283a8982af26985e69c1599479945b591124183574b8a4cc34caa62e31b523dac3fedbd04951b3661399ed34f5c5868d9bbe3295fc09890d9521e1cdcae2ff129f547d4c8ce8aa08616107c555fac60e5b63c14ddfeb6962af3608b75d9c77c69260d8af9775b83afaa15b8ecef6840cb4ee87d451f9042b49735ea40931c0664c8c2bf6a139db6ac5b90edcea63a6bf5b54978f027b1046170d476d0
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0100000000011c08b7f67e
+            Version: 3
+            TBS:
+                MD5: 4566c37f56f951a0ce5b4ae966c0ea9f
+                SHA1: a51cbf2834eb6f8535bc5e44913a9ec979379782
+                SHA256: 88a8e9a799af515b9223e4cdf24d0ef1e72f12124be02786f026a3c26317b417
+                SHA384: d8d8769d5b6a0fe7c56fcde24c735475ee0e5d01c63dbf7690cdae5a3e251818bed42443d0c6424d39e81a19d6c83bdb
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            ValidFrom: '2004-01-22 09:00:00'
+            ValidTo: '2014-01-27 10:00:00'
+            Signature: 3c4a010267edf20a2e736e40252f1dccbc2db652141b27122cf1229e190a89b6ef352a29152b1a88c20f37168d2602d5e93080f608b9939ac0498f332c3035ff4ab9892aa75c38e761a778fe22851a07b4b9edcf21f25ddedff329c5d38d9e14c4285c88e590a300442912b23e759540244a6beee2d0ef862ddf6d741a4f1cc79424c443464f7b81015d23733cd9752e995361565e7ccd13e237d222e570f8a743f6154147fda24702c43651ca545da6cdcad61817533ff1d38e0f0aafda17941657a0991431c90e1611d2c04ca2a25978fbb6b933cff763c9d2c4c84953dd8a59525e7d3b385eed220360ac85cd58325dcdc31c07fa7ef67efbc8ac378be498
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000117ab50b915
+            Version: 3
+            TBS:
+                MD5: 5686b287d716c4d2428b092c4ef30f9c
+                SHA1: 306fb5fbeb3d531510bb4b663c4fd48adc121e14
+                SHA256: 60846fc990e271a707cd2d53d0bb21834a04f7652214aa0c12597ff6649d352d
+                SHA384: 6b37b28ca97b32a31b0fa53b5e961ae0f2d1aae2c5bf46de132e57834ee3968d9af7ad204821f9389cc4e0b5a8481fe8
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 0100000000011c08b7f67e
+            Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            Version: 1
+    Imphash: d6f977640d4810a784d152e4d3c63a6b
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: ef516589154145d31284df600c9ad58b
+        SHA1: dbed3d7755df2c30d7e445529ed2bbe60ce9ee2d
+        SHA256: 6bed7f1304c6785a06064b04e0e3cb55384588f18ea2fc348a6fcd5784f47558
+    Company: MSI
+    Copyright: Copyright (C) 2008-2009 MSI. All rights reserved.
+    CreationTimestamp: '2011-06-28 19:57:56'
+    Date: ''
+    Description: NTIOLib
+    ExportedFunctions: ''
+    FileVersion: 1.0.0.0
+    Filename: NTIOLib.sys
+    ImportedFunctions:
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - IoDeleteDevice
+    - IoCreateDevice
+    - KeBugCheckEx
+    - RtlInitUnicodeString
+    - IoCreateSymbolicLink
+    - IoDeleteSymbolicLink
+    - __C_specific_handler
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: NTIOLib.sys
+    MD5: 1ed043249c21ab201edccb37f1d40af9
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: NTIOLib.sys
+    Product: NTIOLib
+    ProductVersion: 1.0.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 2ee757c19c3e831d8f872914fe1b1384
+        SHA1: 9c58163cf35d80dbe450b656a52ee9de12bc60d2
+        SHA256: c5a21f0ae765d60ce4e2189aa3ca90b603b75ac02d9a98d1ab04375ad398132c
+    SHA1: 6100eb82a25d64a7a7702e94c2b21333bc15bd08
+    SHA256: 79e2d37632c417138970b4feba91b7e10c2ea251c5efe3d1fc6fa0190f176b57
+    Sections:
+        .text:
+            Entropy: 6.009915705178223
+            Virtual Size: '0x794'
+        .rdata:
+            Entropy: 4.344435717685349
+            Virtual Size: '0x1b0'
+        .data:
+            Entropy: 0.5096713223407059
+            Virtual Size: '0x114'
+        .pdata:
+            Entropy: 3.217404746311882
+            Virtual Size: '0x6c'
+        INIT:
+            Entropy: 4.846887314724898
+            Virtual Size: '0x222'
+        .rsrc:
+            Entropy: 3.2498244109800973
+            Virtual Size: '0x370'
+    Signature:
+    - Micro-Star Int'l Co. Ltd.
+    - GlobalSign ObjectSign CA
+    - GlobalSign Primary Object Publishing CA
+    - GlobalSign Root CA - R1
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
+                Primary Object Publishing CA
+            ValidFrom: '1999-01-28 12:00:00'
+            ValidTo: '2014-01-27 11:00:00'
+            Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9611cd6
+            Version: 3
+            TBS:
+                MD5: 698f075151097d84c0b1f3e7bc3d6fca
+                SHA1: 041750993d7c9e063f02dfe74699598640911aab
+                SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
+                SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
+        -   Subject: C=TW, O=Micro,Star Int'l Co. Ltd., CN=Micro,Star Int'l Co. Ltd.
+            ValidFrom: '2008-08-28 09:49:45'
+            ValidTo: '2011-08-28 09:49:45'
+            Signature: 572df373e9b036711b3cf5ee882e5d75d8d50f012407cf0c1b554ff8f41c7b6477fa0b2ad579f2c1fe7b8b9d7374b690527c219eb979686fb67d0b4cf2885d8d7d1261f05cb72fe4c9f294c52aa05f3e5d1ceb0d77085dbd6af07978032505da666f353283a8982af26985e69c1599479945b591124183574b8a4cc34caa62e31b523dac3fedbd04951b3661399ed34f5c5868d9bbe3295fc09890d9521e1cdcae2ff129f547d4c8ce8aa08616107c555fac60e5b63c14ddfeb6962af3608b75d9c77c69260d8af9775b83afaa15b8ecef6840cb4ee87d451f9042b49735ea40931c0664c8c2bf6a139db6ac5b90edcea63a6bf5b54978f027b1046170d476d0
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0100000000011c08b7f67e
+            Version: 3
+            TBS:
+                MD5: 4566c37f56f951a0ce5b4ae966c0ea9f
+                SHA1: a51cbf2834eb6f8535bc5e44913a9ec979379782
+                SHA256: 88a8e9a799af515b9223e4cdf24d0ef1e72f12124be02786f026a3c26317b417
+                SHA384: d8d8769d5b6a0fe7c56fcde24c735475ee0e5d01c63dbf7690cdae5a3e251818bed42443d0c6424d39e81a19d6c83bdb
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            ValidFrom: '2004-01-22 09:00:00'
+            ValidTo: '2014-01-27 10:00:00'
+            Signature: 3c4a010267edf20a2e736e40252f1dccbc2db652141b27122cf1229e190a89b6ef352a29152b1a88c20f37168d2602d5e93080f608b9939ac0498f332c3035ff4ab9892aa75c38e761a778fe22851a07b4b9edcf21f25ddedff329c5d38d9e14c4285c88e590a300442912b23e759540244a6beee2d0ef862ddf6d741a4f1cc79424c443464f7b81015d23733cd9752e995361565e7ccd13e237d222e570f8a743f6154147fda24702c43651ca545da6cdcad61817533ff1d38e0f0aafda17941657a0991431c90e1611d2c04ca2a25978fbb6b933cff763c9d2c4c84953dd8a59525e7d3b385eed220360ac85cd58325dcdc31c07fa7ef67efbc8ac378be498
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000117ab50b915
+            Version: 3
+            TBS:
+                MD5: 5686b287d716c4d2428b092c4ef30f9c
+                SHA1: 306fb5fbeb3d531510bb4b663c4fd48adc121e14
+                SHA256: 60846fc990e271a707cd2d53d0bb21834a04f7652214aa0c12597ff6649d352d
+                SHA384: 6b37b28ca97b32a31b0fa53b5e961ae0f2d1aae2c5bf46de132e57834ee3968d9af7ad204821f9389cc4e0b5a8481fe8
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 0100000000011c08b7f67e
+            Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            Version: 1
+    Imphash: d6f977640d4810a784d152e4d3c63a6b
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 133e1582c5d14c52ac3590c9d2ada850
+        SHA1: a22e6b855062f1154ae8f244e2652e04b4ea5b4c
+        SHA256: 5a63937a6320f50c4782d0675104932907d16a91d89088ac979a7a0129aad986
+    Company: MSI
+    Copyright: Copyright (C) 2008-2009 MSI. All rights reserved.
+    CreationTimestamp: '2012-10-28 21:49:49'
+    Date: ''
+    Description: NTIOLib
+    ExportedFunctions: ''
+    FileVersion: 1.0.0.0
+    Filename: NTIOLib.sys
+    ImportedFunctions:
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - IoDeleteDevice
+    - IoCreateDevice
+    - KeBugCheckEx
+    - RtlInitUnicodeString
+    - IoCreateSymbolicLink
+    - IoDeleteSymbolicLink
+    - __C_specific_handler
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: NTIOLib.sys
+    MD5: 96b463b6fa426ae42c414177af550ba2
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: NTIOLib.sys
+    Product: NTIOLib
+    ProductVersion: 1.0.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 2ee757c19c3e831d8f872914fe1b1384
+        SHA1: 9c58163cf35d80dbe450b656a52ee9de12bc60d2
+        SHA256: c5a21f0ae765d60ce4e2189aa3ca90b603b75ac02d9a98d1ab04375ad398132c
+    SHA1: bf87e32a651bdfd9b9244a8cf24fca0e459eb614
+    SHA256: 85866e8c25d82c1ec91d7a8076c7d073cccf421cf57d9c83d80d63943a4edd94
+    Sections:
+        .text:
+            Entropy: 6.012544122375453
+            Virtual Size: '0x794'
+        .rdata:
+            Entropy: 4.438103864964335
+            Virtual Size: '0x1b4'
+        .data:
+            Entropy: 0.5096713223407059
+            Virtual Size: '0x114'
+        .pdata:
+            Entropy: 3.168838889850432
+            Virtual Size: '0x6c'
+        INIT:
+            Entropy: 4.846887314724898
+            Virtual Size: '0x222'
+        .rsrc:
+            Entropy: 3.2498244109800973
+            Virtual Size: '0x370'
+    Signature:
+    - MICRO-STAR INTERNATIONAL CO., LTD.
+    - GlobalSign CodeSigning CA - G2
+    - GlobalSign Root CA - R1
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G3
+            ValidFrom: '2012-05-01 00:00:00'
+            ValidTo: '2012-12-31 23:59:59'
+            Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
+            Version: 3
+            TBS:
+                MD5: e6d820afb23af20a65cf0b03247ea05e
+                SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
+                SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
+                SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL
+                CO., LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL
+                CO., LTD.
+            ValidFrom: '2011-08-30 06:46:09'
+            ValidTo: '2014-08-30 06:46:09'
+            Signature: 87bf57ab7ffd7e005076b34b14ddd924045ec7e389871661794f1ece1bef10e050893b28236cb650af1415f8cd95e86c2052d93311d73e0bbe6fb1c22ddea438a93c8b18bd4b8c0f81ad07032efb46d406bbaa730dd3ac92cbf0d9cc711a397a0e0320b213a5161e6be83ec69967a712b463129ea56d5a8ecd3ff8901be09dfaa0a0f10e879b307863e1b1c3a3149ac73bc3f3160db7012229b57bced6d47b875878663642a8cddd03da1e7f236b8cf16713a5e0f4c892aaca77a8c7dab41d84567e2bbf09b336a2824e0e18d54d199e6e024d2630bb210cd24a9ef4b377be0429e2ecc9bf8478a8c6a78c686e26f29c95925baee85e4bbb97b6eecffe44a25e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
+            Version: 3
+            TBS:
+                MD5: 3a98a18e8636f2a01e49e2a6d116c360
+                SHA1: a2938150e46525adcec2e3a2348824bc1cf532b2
+                SHA256: 01a2e2d31d0a4f3005753cce5972b5da2a7c08b0750fb6947e0fd231e64ae7ec
+                SHA384: 722398e51e6b5bbe064df372be6b6a9ccfcc9719ad775213cae46920e0a3e6c5a4dc8b912de3148abfc60ff4a59050ea
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: d6f977640d4810a784d152e4d3c63a6b
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 761bee6879171d50932f73cfa9c718e0
+        SHA1: 33b2e3af695f0febd39d02d8f931e92ad88461f4
+        SHA256: e951858d5317724c015eef07d402e8bcb33cf1a7c2ccf7a75cea63e3430d16a2
+    Company: MSI
+    Copyright: Copyright (C) 2008-2009 MSI. All rights reserved.
+    CreationTimestamp: '2011-02-09 01:39:49'
+    Date: ''
+    Description: NTIOLib
+    ExportedFunctions: ''
+    FileVersion: 1.0.0.0
+    Filename: NTIOLib.sys
+    ImportedFunctions:
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - IoDeleteDevice
+    - IoCreateDevice
+    - KeBugCheckEx
+    - RtlInitUnicodeString
+    - IoCreateSymbolicLink
+    - IoDeleteSymbolicLink
+    - __C_specific_handler
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: NTIOLib.sys
+    MD5: 0752f113d983030939b4ab98b0812cf0
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: NTIOLib.sys
+    Product: NTIOLib
+    ProductVersion: 1.0.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 2ee757c19c3e831d8f872914fe1b1384
+        SHA1: 9c58163cf35d80dbe450b656a52ee9de12bc60d2
+        SHA256: c5a21f0ae765d60ce4e2189aa3ca90b603b75ac02d9a98d1ab04375ad398132c
+    SHA1: 28b1c0b91eb6afd2d26b239c9f93beb053867a1a
+    SHA256: 89b0017bc30cc026e32b758c66a1af88bd54c6a78e11ec2908ff854e00ac46be
+    Sections:
+        .text:
+            Entropy: 6.012418155163931
+            Virtual Size: '0x794'
+        .rdata:
+            Entropy: 4.375413346679536
+            Virtual Size: '0x1b0'
+        .data:
+            Entropy: 0.5096713223407059
+            Virtual Size: '0x114'
+        .pdata:
+            Entropy: 3.217404746311882
+            Virtual Size: '0x6c'
+        INIT:
+            Entropy: 4.846887314724898
+            Virtual Size: '0x222'
+        .rsrc:
+            Entropy: 3.2498244109800973
+            Virtual Size: '0x370'
+    Signature:
+    - Micro-Star Int'l Co. Ltd.
+    - GlobalSign ObjectSign CA
+    - GlobalSign Primary Object Publishing CA
+    - GlobalSign Root CA - R1
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
+                Primary Object Publishing CA
+            ValidFrom: '1999-01-28 12:00:00'
+            ValidTo: '2014-01-27 11:00:00'
+            Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9611cd6
+            Version: 3
+            TBS:
+                MD5: 698f075151097d84c0b1f3e7bc3d6fca
+                SHA1: 041750993d7c9e063f02dfe74699598640911aab
+                SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
+                SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
+        -   Subject: C=TW, O=Micro,Star Int'l Co. Ltd., CN=Micro,Star Int'l Co. Ltd.
+            ValidFrom: '2008-08-28 09:49:45'
+            ValidTo: '2011-08-28 09:49:45'
+            Signature: 572df373e9b036711b3cf5ee882e5d75d8d50f012407cf0c1b554ff8f41c7b6477fa0b2ad579f2c1fe7b8b9d7374b690527c219eb979686fb67d0b4cf2885d8d7d1261f05cb72fe4c9f294c52aa05f3e5d1ceb0d77085dbd6af07978032505da666f353283a8982af26985e69c1599479945b591124183574b8a4cc34caa62e31b523dac3fedbd04951b3661399ed34f5c5868d9bbe3295fc09890d9521e1cdcae2ff129f547d4c8ce8aa08616107c555fac60e5b63c14ddfeb6962af3608b75d9c77c69260d8af9775b83afaa15b8ecef6840cb4ee87d451f9042b49735ea40931c0664c8c2bf6a139db6ac5b90edcea63a6bf5b54978f027b1046170d476d0
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0100000000011c08b7f67e
+            Version: 3
+            TBS:
+                MD5: 4566c37f56f951a0ce5b4ae966c0ea9f
+                SHA1: a51cbf2834eb6f8535bc5e44913a9ec979379782
+                SHA256: 88a8e9a799af515b9223e4cdf24d0ef1e72f12124be02786f026a3c26317b417
+                SHA384: d8d8769d5b6a0fe7c56fcde24c735475ee0e5d01c63dbf7690cdae5a3e251818bed42443d0c6424d39e81a19d6c83bdb
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            ValidFrom: '2004-01-22 09:00:00'
+            ValidTo: '2014-01-27 10:00:00'
+            Signature: 3c4a010267edf20a2e736e40252f1dccbc2db652141b27122cf1229e190a89b6ef352a29152b1a88c20f37168d2602d5e93080f608b9939ac0498f332c3035ff4ab9892aa75c38e761a778fe22851a07b4b9edcf21f25ddedff329c5d38d9e14c4285c88e590a300442912b23e759540244a6beee2d0ef862ddf6d741a4f1cc79424c443464f7b81015d23733cd9752e995361565e7ccd13e237d222e570f8a743f6154147fda24702c43651ca545da6cdcad61817533ff1d38e0f0aafda17941657a0991431c90e1611d2c04ca2a25978fbb6b933cff763c9d2c4c84953dd8a59525e7d3b385eed220360ac85cd58325dcdc31c07fa7ef67efbc8ac378be498
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000117ab50b915
+            Version: 3
+            TBS:
+                MD5: 5686b287d716c4d2428b092c4ef30f9c
+                SHA1: 306fb5fbeb3d531510bb4b663c4fd48adc121e14
+                SHA256: 60846fc990e271a707cd2d53d0bb21834a04f7652214aa0c12597ff6649d352d
+                SHA384: 6b37b28ca97b32a31b0fa53b5e961ae0f2d1aae2c5bf46de132e57834ee3968d9af7ad204821f9389cc4e0b5a8481fe8
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 0100000000011c08b7f67e
+            Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            Version: 1
+    Imphash: d6f977640d4810a784d152e4d3c63a6b
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 63ea2f5ce789857efaf657ae86d029c5
+        SHA1: 33286e984b12811b38b2ad3396451388e2f24424
+        SHA256: 98f5cb928827e8dadc79c1be4f27f67755dbeb802c3485af9cace78b9eb65c59
+    Company: MSI
+    Copyright: Copyright (C) 2008-2009 MSI. All rights reserved.
+    CreationTimestamp: '2012-11-26 03:11:53'
+    Date: ''
+    Description: NTIOLib for MSIDDR_CC
+    ExportedFunctions: ''
+    FileVersion: 1.0.0.0
+    Filename: NTIOLib.sys
+    ImportedFunctions:
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - IoDeleteDevice
+    - IoCreateDevice
+    - KeBugCheckEx
+    - RtlInitUnicodeString
+    - IoCreateSymbolicLink
+    - IoDeleteSymbolicLink
+    - __C_specific_handler
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: NTIOLib.sys
+    MD5: 6cce5bb9c8c2a8293df2d3b1897941a2
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: NTIOLib.sys
+    Product: NTIOLib
+    ProductVersion: 1.0.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 39c75f9f5960f67f8cc161923c9e27de
+        SHA1: 04563d9ba3a46a4a80e909593385d142161e460f
+        SHA256: 160c6345935fc4df2858df076b6075d17a8f8adec1d01711474d4221fe4168a8
+    SHA1: 879fcc6795cebe67718388228e715c470de87dca
+    SHA256: 9254f012009d55f555418ff85f7d93b184ab7cb0e37aecdfdab62cfe94dea96b
+    Sections:
+        .text:
+            Entropy: 5.955420026970786
+            Virtual Size: '0x7dc'
+        .rdata:
+            Entropy: 4.398803023184568
+            Virtual Size: '0x1b8'
+        .data:
+            Entropy: 0.5096713223407059
+            Virtual Size: '0x114'
+        .pdata:
+            Entropy: 3.333607461074226
+            Virtual Size: '0x78'
+        INIT:
+            Entropy: 5.022741972184718
+            Virtual Size: '0x242'
+        .rsrc:
+            Entropy: 3.2731616661183063
+            Virtual Size: '0x390'
+    Signature:
+    - MICRO-STAR INTERNATIONAL CO., LTD.
+    - GlobalSign CodeSigning CA - G2
+    - GlobalSign Root CA - R1
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G3
+            ValidFrom: '2012-05-01 00:00:00'
+            ValidTo: '2012-12-31 23:59:59'
+            Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
+            Version: 3
+            TBS:
+                MD5: e6d820afb23af20a65cf0b03247ea05e
+                SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
+                SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
+                SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL
+                CO., LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL
+                CO., LTD.
+            ValidFrom: '2011-08-30 06:46:09'
+            ValidTo: '2014-08-30 06:46:09'
+            Signature: 87bf57ab7ffd7e005076b34b14ddd924045ec7e389871661794f1ece1bef10e050893b28236cb650af1415f8cd95e86c2052d93311d73e0bbe6fb1c22ddea438a93c8b18bd4b8c0f81ad07032efb46d406bbaa730dd3ac92cbf0d9cc711a397a0e0320b213a5161e6be83ec69967a712b463129ea56d5a8ecd3ff8901be09dfaa0a0f10e879b307863e1b1c3a3149ac73bc3f3160db7012229b57bced6d47b875878663642a8cddd03da1e7f236b8cf16713a5e0f4c892aaca77a8c7dab41d84567e2bbf09b336a2824e0e18d54d199e6e024d2630bb210cd24a9ef4b377be0429e2ecc9bf8478a8c6a78c686e26f29c95925baee85e4bbb97b6eecffe44a25e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
+            Version: 3
+            TBS:
+                MD5: 3a98a18e8636f2a01e49e2a6d116c360
+                SHA1: a2938150e46525adcec2e3a2348824bc1cf532b2
+                SHA256: 01a2e2d31d0a4f3005753cce5972b5da2a7c08b0750fb6947e0fd231e64ae7ec
+                SHA384: 722398e51e6b5bbe064df372be6b6a9ccfcc9719ad775213cae46920e0a3e6c5a4dc8b912de3148abfc60ff4a59050ea
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: d6f977640d4810a784d152e4d3c63a6b
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: c6788d75093368b6dc2bc373df4591b8
+        SHA1: a3799e1aa983ad65de762a430f3286eefeff61e0
+        SHA256: 1ef80a6b63766ca36e2f2a7d29c49dc5859a58604bd8fde15011d8c379f76e01
+    Company: MSI
+    Copyright: Copyright (C) 2008-2009 MSI. All rights reserved.
+    CreationTimestamp: '2013-03-19 04:14:02'
+    Date: ''
+    Description: NTIOLib
+    ExportedFunctions: ''
+    FileVersion: 1.0.0.0
+    Filename: NTIOLib.sys
+    ImportedFunctions:
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - IoDeleteDevice
+    - IoCreateDevice
+    - KeBugCheckEx
+    - RtlInitUnicodeString
+    - IoCreateSymbolicLink
+    - IoDeleteSymbolicLink
+    - __C_specific_handler
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: NTIOLib.sys
+    MD5: 64efbffaa153b0d53dc1bccda4279299
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: NTIOLib.sys
+    Product: NTIOLib
+    ProductVersion: 1.0.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 2ee757c19c3e831d8f872914fe1b1384
+        SHA1: 9c58163cf35d80dbe450b656a52ee9de12bc60d2
+        SHA256: c5a21f0ae765d60ce4e2189aa3ca90b603b75ac02d9a98d1ab04375ad398132c
+    SHA1: 15df139494d2c40a645fb010908551185c27f3c5
+    SHA256: 9529efb1837b1005e5e8f477773752078e0a46500c748bc30c9b5084d04082e6
+    Sections:
+        .text:
+            Entropy: 5.992872363407889
+            Virtual Size: '0x7aa'
+        .rdata:
+            Entropy: 3.9972247036176958
+            Virtual Size: '0x180'
+        .data:
+            Entropy: 0.5096713223407059
+            Virtual Size: '0x114'
+        .pdata:
+            Entropy: 3.226482986972494
+            Virtual Size: '0x6c'
+        INIT:
+            Entropy: 4.846887314724898
+            Virtual Size: '0x222'
+        .rsrc:
+            Entropy: 3.2498244109800973
+            Virtual Size: '0x370'
+    Signature:
+    - MICRO-STAR INTERNATIONAL CO., LTD.
+    - GlobalSign CodeSigning CA - G2
+    - GlobalSign Root CA - R1
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL
+                CO., LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL
+                CO., LTD.
+            ValidFrom: '2011-08-30 06:46:09'
+            ValidTo: '2014-08-30 06:46:09'
+            Signature: 87bf57ab7ffd7e005076b34b14ddd924045ec7e389871661794f1ece1bef10e050893b28236cb650af1415f8cd95e86c2052d93311d73e0bbe6fb1c22ddea438a93c8b18bd4b8c0f81ad07032efb46d406bbaa730dd3ac92cbf0d9cc711a397a0e0320b213a5161e6be83ec69967a712b463129ea56d5a8ecd3ff8901be09dfaa0a0f10e879b307863e1b1c3a3149ac73bc3f3160db7012229b57bced6d47b875878663642a8cddd03da1e7f236b8cf16713a5e0f4c892aaca77a8c7dab41d84567e2bbf09b336a2824e0e18d54d199e6e024d2630bb210cd24a9ef4b377be0429e2ecc9bf8478a8c6a78c686e26f29c95925baee85e4bbb97b6eecffe44a25e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
+            Version: 3
+            TBS:
+                MD5: 3a98a18e8636f2a01e49e2a6d116c360
+                SHA1: a2938150e46525adcec2e3a2348824bc1cf532b2
+                SHA256: 01a2e2d31d0a4f3005753cce5972b5da2a7c08b0750fb6947e0fd231e64ae7ec
+                SHA384: 722398e51e6b5bbe064df372be6b6a9ccfcc9719ad775213cae46920e0a3e6c5a4dc8b912de3148abfc60ff4a59050ea
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: d6f977640d4810a784d152e4d3c63a6b
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 5e4c54660e02b951d67e54ce3c16dcc9
+        SHA1: 14e798609095df77d135dd2afae8277e0a968d99
+        SHA256: 5eb233ed9df3c1def326e2c63ee304dc85af303f8c9f038c993aa6e34f91ffaf
+    Company: MSI
+    Copyright: Copyright (C) 2008-2009 MSI. All rights reserved.
+    CreationTimestamp: '2012-11-08 18:43:52'
+    Date: ''
+    Description: NTIOLib
+    ExportedFunctions: ''
+    FileVersion: 1.0.0.0
+    Filename: NTIOLib.sys
+    ImportedFunctions:
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - IoDeleteDevice
+    - IoCreateDevice
+    - KeBugCheckEx
+    - RtlInitUnicodeString
+    - IoCreateSymbolicLink
+    - IoDeleteSymbolicLink
+    - __C_specific_handler
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: NTIOLib.sys
+    MD5: 2da209dde8188076a9579bd256dc90d0
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: NTIOLib.sys
+    Product: NTIOLib
+    ProductVersion: 1.0.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 39c75f9f5960f67f8cc161923c9e27de
+        SHA1: 04563d9ba3a46a4a80e909593385d142161e460f
+        SHA256: 160c6345935fc4df2858df076b6075d17a8f8adec1d01711474d4221fe4168a8
+    SHA1: 1f7501e01d84a2297c85cb39880ec4e40ac3fe8a
+    SHA256: 984a77e5424c6d099051441005f2938ae92b31b5ad8f6521c6b001932862add7
+    Sections:
+        .text:
+            Entropy: 5.977500374905586
+            Virtual Size: '0x7ac'
+        .rdata:
+            Entropy: 4.399778656501929
+            Virtual Size: '0x1b8'
+        .data:
+            Entropy: 0.5096713223407059
+            Virtual Size: '0x114'
+        .pdata:
+            Entropy: 3.2429587897527465
+            Virtual Size: '0x78'
+        INIT:
+            Entropy: 5.022741972184718
+            Virtual Size: '0x242'
+        .rsrc:
+            Entropy: 3.2498244109800973
+            Virtual Size: '0x370'
+    Signature:
+    - MICRO-STAR INTERNATIONAL CO., LTD.
+    - GlobalSign CodeSigning CA - G2
+    - GlobalSign Root CA - R1
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G3
+            ValidFrom: '2012-05-01 00:00:00'
+            ValidTo: '2012-12-31 23:59:59'
+            Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
+            Version: 3
+            TBS:
+                MD5: e6d820afb23af20a65cf0b03247ea05e
+                SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
+                SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
+                SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL
+                CO., LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL
+                CO., LTD.
+            ValidFrom: '2011-08-30 06:46:09'
+            ValidTo: '2014-08-30 06:46:09'
+            Signature: 87bf57ab7ffd7e005076b34b14ddd924045ec7e389871661794f1ece1bef10e050893b28236cb650af1415f8cd95e86c2052d93311d73e0bbe6fb1c22ddea438a93c8b18bd4b8c0f81ad07032efb46d406bbaa730dd3ac92cbf0d9cc711a397a0e0320b213a5161e6be83ec69967a712b463129ea56d5a8ecd3ff8901be09dfaa0a0f10e879b307863e1b1c3a3149ac73bc3f3160db7012229b57bced6d47b875878663642a8cddd03da1e7f236b8cf16713a5e0f4c892aaca77a8c7dab41d84567e2bbf09b336a2824e0e18d54d199e6e024d2630bb210cd24a9ef4b377be0429e2ecc9bf8478a8c6a78c686e26f29c95925baee85e4bbb97b6eecffe44a25e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
+            Version: 3
+            TBS:
+                MD5: 3a98a18e8636f2a01e49e2a6d116c360
+                SHA1: a2938150e46525adcec2e3a2348824bc1cf532b2
+                SHA256: 01a2e2d31d0a4f3005753cce5972b5da2a7c08b0750fb6947e0fd231e64ae7ec
+                SHA384: 722398e51e6b5bbe064df372be6b6a9ccfcc9719ad775213cae46920e0a3e6c5a4dc8b912de3148abfc60ff4a59050ea
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: d6f977640d4810a784d152e4d3c63a6b
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: e2fde714a590d75cec614058707ac9d7
+        SHA1: 450a92b5d604ad2c7d848ab96dc1c0455c7d1f92
+        SHA256: 5dfb950d4771c35f4f82626b5d8859cce74bf03db67f2be3036631894a62eca8
+    Company: MSI
+    Copyright: Copyright (C) 2013 MSI. All rights reserved.
+    CreationTimestamp: '2013-05-24 00:11:50'
+    Date: ''
+    Description: NTIOLib for DebugLED
+    ExportedFunctions: ''
+    FileVersion: 1.0.0.0
+    Filename: NTIOLib.sys
+    ImportedFunctions:
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - IoDeleteDevice
+    - IoCreateDevice
+    - KeBugCheckEx
+    - RtlInitUnicodeString
+    - IoCreateSymbolicLink
+    - IoDeleteSymbolicLink
+    - __C_specific_handler
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: NTIOLib.sys
+    MD5: 84ba7af6ada1b3ea5efb9871a0613fc6
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: NTIOLib.sys
+    Product: NTIOLib
+    ProductVersion: 1.0.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 2ee757c19c3e831d8f872914fe1b1384
+        SHA1: 9c58163cf35d80dbe450b656a52ee9de12bc60d2
+        SHA256: c5a21f0ae765d60ce4e2189aa3ca90b603b75ac02d9a98d1ab04375ad398132c
+    SHA1: 152b6bb9ffd2ffec00cc46f5c6e29362d0e66e67
+    SHA256: 98b734dda78c16ebcaa4afeb31007926542b63b2f163b2f733fa0d00dbb344d8
+    Sections:
+        .text:
+            Entropy: 5.979915867784713
+            Virtual Size: '0x7e0'
+        .rdata:
+            Entropy: 3.866955901244594
+            Virtual Size: '0x170'
+        .data:
+            Entropy: 0.5096713223407059
+            Virtual Size: '0x114'
+        .pdata:
+            Entropy: 3.2395377048819114
+            Virtual Size: '0x6c'
+        INIT:
+            Entropy: 4.846887314724898
+            Virtual Size: '0x222'
+        .rsrc:
+            Entropy: 3.250564276778797
+            Virtual Size: '0x388'
+    Signature:
+    - MICRO-STAR INTERNATIONAL CO.
+    - GlobalSign CodeSigning CA - G2
+    - GlobalSign
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL
+                CO., LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL
+                CO., LTD.
+            ValidFrom: '2011-08-30 06:46:09'
+            ValidTo: '2014-08-30 06:46:09'
+            Signature: 87bf57ab7ffd7e005076b34b14ddd924045ec7e389871661794f1ece1bef10e050893b28236cb650af1415f8cd95e86c2052d93311d73e0bbe6fb1c22ddea438a93c8b18bd4b8c0f81ad07032efb46d406bbaa730dd3ac92cbf0d9cc711a397a0e0320b213a5161e6be83ec69967a712b463129ea56d5a8ecd3ff8901be09dfaa0a0f10e879b307863e1b1c3a3149ac73bc3f3160db7012229b57bced6d47b875878663642a8cddd03da1e7f236b8cf16713a5e0f4c892aaca77a8c7dab41d84567e2bbf09b336a2824e0e18d54d199e6e024d2630bb210cd24a9ef4b377be0429e2ecc9bf8478a8c6a78c686e26f29c95925baee85e4bbb97b6eecffe44a25e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
+            Version: 3
+            TBS:
+                MD5: 3a98a18e8636f2a01e49e2a6d116c360
+                SHA1: a2938150e46525adcec2e3a2348824bc1cf532b2
+                SHA256: 01a2e2d31d0a4f3005753cce5972b5da2a7c08b0750fb6947e0fd231e64ae7ec
+                SHA384: 722398e51e6b5bbe064df372be6b6a9ccfcc9719ad775213cae46920e0a3e6c5a4dc8b912de3148abfc60ff4a59050ea
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: d6f977640d4810a784d152e4d3c63a6b
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: b36ce3dc6e3ca0e76c9f9a7d4d331524
+        SHA1: 0b68901f632deadc3f0691febe7d0dacb8a2d4d8
+        SHA256: bb4e3aa888a779238b210d6406aa480f01d27ea28d20699b1ec29a59dae19913
+    Company: MSI
+    Copyright: Copyright (C) 2008-2009 MSI. All rights reserved.
+    CreationTimestamp: '2010-10-20 00:45:49'
+    Date: ''
+    Description: NTIOLib
+    ExportedFunctions: ''
+    FileVersion: 1.0.0.0
+    Filename: NTIOLib.sys
+    ImportedFunctions:
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - IoDeleteDevice
+    - IoCreateDevice
+    - KeBugCheckEx
+    - RtlInitUnicodeString
+    - IoCreateSymbolicLink
+    - IoDeleteSymbolicLink
+    - __C_specific_handler
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: NTIOLib.sys
+    MD5: 1b32c54b95121ab1683c7b83b2db4b96
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: NTIOLib.sys
+    Product: NTIOLib
+    ProductVersion: 1.0.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 2ee757c19c3e831d8f872914fe1b1384
+        SHA1: 9c58163cf35d80dbe450b656a52ee9de12bc60d2
+        SHA256: c5a21f0ae765d60ce4e2189aa3ca90b603b75ac02d9a98d1ab04375ad398132c
+    SHA1: 5f8356ffa8201f338dd2ea979eb47881a6db9f03
+    SHA256: 99f4994a0e5bd1bf6e3f637d3225c69ff4cd620557e23637533e7f18d7d6cba1
+    Sections:
+        .text:
+            Entropy: 6.010998110059723
+            Virtual Size: '0x794'
+        .rdata:
+            Entropy: 4.367914348843864
+            Virtual Size: '0x1b0'
+        .data:
+            Entropy: 0.5096713223407059
+            Virtual Size: '0x114'
+        .pdata:
+            Entropy: 3.217404746311882
+            Virtual Size: '0x6c'
+        INIT:
+            Entropy: 4.846887314724898
+            Virtual Size: '0x222'
+        .rsrc:
+            Entropy: 3.2498244109800973
+            Virtual Size: '0x370'
+    Signature:
+    - Micro-Star Int'l Co. Ltd.
+    - GlobalSign ObjectSign CA
+    - GlobalSign Primary Object Publishing CA
+    - GlobalSign Root CA - R1
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
+                Primary Object Publishing CA
+            ValidFrom: '1999-01-28 12:00:00'
+            ValidTo: '2014-01-27 11:00:00'
+            Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9611cd6
+            Version: 3
+            TBS:
+                MD5: 698f075151097d84c0b1f3e7bc3d6fca
+                SHA1: 041750993d7c9e063f02dfe74699598640911aab
+                SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
+                SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
+        -   Subject: C=TW, O=Micro,Star Int'l Co. Ltd., CN=Micro,Star Int'l Co. Ltd.
+            ValidFrom: '2008-08-28 09:49:45'
+            ValidTo: '2011-08-28 09:49:45'
+            Signature: 572df373e9b036711b3cf5ee882e5d75d8d50f012407cf0c1b554ff8f41c7b6477fa0b2ad579f2c1fe7b8b9d7374b690527c219eb979686fb67d0b4cf2885d8d7d1261f05cb72fe4c9f294c52aa05f3e5d1ceb0d77085dbd6af07978032505da666f353283a8982af26985e69c1599479945b591124183574b8a4cc34caa62e31b523dac3fedbd04951b3661399ed34f5c5868d9bbe3295fc09890d9521e1cdcae2ff129f547d4c8ce8aa08616107c555fac60e5b63c14ddfeb6962af3608b75d9c77c69260d8af9775b83afaa15b8ecef6840cb4ee87d451f9042b49735ea40931c0664c8c2bf6a139db6ac5b90edcea63a6bf5b54978f027b1046170d476d0
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0100000000011c08b7f67e
+            Version: 3
+            TBS:
+                MD5: 4566c37f56f951a0ce5b4ae966c0ea9f
+                SHA1: a51cbf2834eb6f8535bc5e44913a9ec979379782
+                SHA256: 88a8e9a799af515b9223e4cdf24d0ef1e72f12124be02786f026a3c26317b417
+                SHA384: d8d8769d5b6a0fe7c56fcde24c735475ee0e5d01c63dbf7690cdae5a3e251818bed42443d0c6424d39e81a19d6c83bdb
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            ValidFrom: '2004-01-22 09:00:00'
+            ValidTo: '2014-01-27 10:00:00'
+            Signature: 3c4a010267edf20a2e736e40252f1dccbc2db652141b27122cf1229e190a89b6ef352a29152b1a88c20f37168d2602d5e93080f608b9939ac0498f332c3035ff4ab9892aa75c38e761a778fe22851a07b4b9edcf21f25ddedff329c5d38d9e14c4285c88e590a300442912b23e759540244a6beee2d0ef862ddf6d741a4f1cc79424c443464f7b81015d23733cd9752e995361565e7ccd13e237d222e570f8a743f6154147fda24702c43651ca545da6cdcad61817533ff1d38e0f0aafda17941657a0991431c90e1611d2c04ca2a25978fbb6b933cff763c9d2c4c84953dd8a59525e7d3b385eed220360ac85cd58325dcdc31c07fa7ef67efbc8ac378be498
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000117ab50b915
+            Version: 3
+            TBS:
+                MD5: 5686b287d716c4d2428b092c4ef30f9c
+                SHA1: 306fb5fbeb3d531510bb4b663c4fd48adc121e14
+                SHA256: 60846fc990e271a707cd2d53d0bb21834a04f7652214aa0c12597ff6649d352d
+                SHA384: 6b37b28ca97b32a31b0fa53b5e961ae0f2d1aae2c5bf46de132e57834ee3968d9af7ad204821f9389cc4e0b5a8481fe8
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 0100000000011c08b7f67e
+            Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            Version: 1
+    Imphash: d6f977640d4810a784d152e4d3c63a6b
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 498e18a0df3d49779e5d50e2ce1e8385
+        SHA1: cb7ed29416920b38a00695d11751ca6766a7b5f9
+        SHA256: 48ac8ae911c490e1b7f7813c0f345677e110ffaa9ef385b86ca25e5519e2c0de
+    Company: MSI
+    Copyright: Copyright (C) 2008-2009 MSI. All rights reserved.
+    CreationTimestamp: '2009-06-11 03:40:43'
+    Date: ''
+    Description: NTIOLib
+    ExportedFunctions: ''
+    FileVersion: 1.0.0.0
+    Filename: NTIOLib.sys
+    ImportedFunctions:
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - IoDeleteDevice
+    - IoCreateDevice
+    - KeBugCheckEx
+    - RtlInitUnicodeString
+    - IoCreateSymbolicLink
+    - IoDeleteSymbolicLink
+    - __C_specific_handler
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: NTIOLib.sys
+    MD5: b0baac4d6cbac384a633c71858b35a2e
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: NTIOLib.sys
+    Product: NTIOLib
+    ProductVersion: 1.0.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 2ee757c19c3e831d8f872914fe1b1384
+        SHA1: 9c58163cf35d80dbe450b656a52ee9de12bc60d2
+        SHA256: c5a21f0ae765d60ce4e2189aa3ca90b603b75ac02d9a98d1ab04375ad398132c
+    SHA1: a7bd05de737f8ea57857f1e0845a25677df01872
+    SHA256: 9c10e2ec4f9ef591415f9a784b93dc9c9cdafa7c69602c0dc860c5b62222e449
+    Sections:
+        .text:
+            Entropy: 6.001141971912083
+            Virtual Size: '0x7b4'
+        .rdata:
+            Entropy: 3.971997786208771
+            Virtual Size: '0x180'
+        .data:
+            Entropy: 0.5096713223407059
+            Virtual Size: '0x114'
+        .pdata:
+            Entropy: 3.2386130246031164
+            Virtual Size: '0x6c'
+        INIT:
+            Entropy: 4.846887314724898
+            Virtual Size: '0x222'
+        .rsrc:
+            Entropy: 3.2498244109800973
+            Virtual Size: '0x370'
+    Signature:
+    - Micro-Star Int'l Co. Ltd.
+    - GlobalSign ObjectSign CA
+    - GlobalSign Primary Object Publishing CA
+    - GlobalSign
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
+                Primary Object Publishing CA
+            ValidFrom: '1999-01-28 12:00:00'
+            ValidTo: '2014-01-27 11:00:00'
+            Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9611cd6
+            Version: 3
+            TBS:
+                MD5: 698f075151097d84c0b1f3e7bc3d6fca
+                SHA1: 041750993d7c9e063f02dfe74699598640911aab
+                SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
+                SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
+        -   Subject: C=TW, O=Micro,Star Int'l Co. Ltd., CN=Micro,Star Int'l Co. Ltd.
+            ValidFrom: '2008-08-28 09:49:45'
+            ValidTo: '2011-08-28 09:49:45'
+            Signature: 572df373e9b036711b3cf5ee882e5d75d8d50f012407cf0c1b554ff8f41c7b6477fa0b2ad579f2c1fe7b8b9d7374b690527c219eb979686fb67d0b4cf2885d8d7d1261f05cb72fe4c9f294c52aa05f3e5d1ceb0d77085dbd6af07978032505da666f353283a8982af26985e69c1599479945b591124183574b8a4cc34caa62e31b523dac3fedbd04951b3661399ed34f5c5868d9bbe3295fc09890d9521e1cdcae2ff129f547d4c8ce8aa08616107c555fac60e5b63c14ddfeb6962af3608b75d9c77c69260d8af9775b83afaa15b8ecef6840cb4ee87d451f9042b49735ea40931c0664c8c2bf6a139db6ac5b90edcea63a6bf5b54978f027b1046170d476d0
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0100000000011c08b7f67e
+            Version: 3
+            TBS:
+                MD5: 4566c37f56f951a0ce5b4ae966c0ea9f
+                SHA1: a51cbf2834eb6f8535bc5e44913a9ec979379782
+                SHA256: 88a8e9a799af515b9223e4cdf24d0ef1e72f12124be02786f026a3c26317b417
+                SHA384: d8d8769d5b6a0fe7c56fcde24c735475ee0e5d01c63dbf7690cdae5a3e251818bed42443d0c6424d39e81a19d6c83bdb
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            ValidFrom: '2004-01-22 09:00:00'
+            ValidTo: '2014-01-27 10:00:00'
+            Signature: 3c4a010267edf20a2e736e40252f1dccbc2db652141b27122cf1229e190a89b6ef352a29152b1a88c20f37168d2602d5e93080f608b9939ac0498f332c3035ff4ab9892aa75c38e761a778fe22851a07b4b9edcf21f25ddedff329c5d38d9e14c4285c88e590a300442912b23e759540244a6beee2d0ef862ddf6d741a4f1cc79424c443464f7b81015d23733cd9752e995361565e7ccd13e237d222e570f8a743f6154147fda24702c43651ca545da6cdcad61817533ff1d38e0f0aafda17941657a0991431c90e1611d2c04ca2a25978fbb6b933cff763c9d2c4c84953dd8a59525e7d3b385eed220360ac85cd58325dcdc31c07fa7ef67efbc8ac378be498
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000117ab50b915
+            Version: 3
+            TBS:
+                MD5: 5686b287d716c4d2428b092c4ef30f9c
+                SHA1: 306fb5fbeb3d531510bb4b663c4fd48adc121e14
+                SHA256: 60846fc990e271a707cd2d53d0bb21834a04f7652214aa0c12597ff6649d352d
+                SHA384: 6b37b28ca97b32a31b0fa53b5e961ae0f2d1aae2c5bf46de132e57834ee3968d9af7ad204821f9389cc4e0b5a8481fe8
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 0100000000011c08b7f67e
+            Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            Version: 1
+    Imphash: d6f977640d4810a784d152e4d3c63a6b
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: b70f71ebef5d45dcf99098beb0f72951
+        SHA1: 049b1cd656849214bd5c864c79e3b27be6b46b34
+        SHA256: c1795ec9d05d0efe56e76bf4b76a09a804d3cd5b0e75bc47049d5ee488fc2bec
+    Company: MSI
+    Copyright: Copyright (C) 2008-2009 MSI. All rights reserved.
+    CreationTimestamp: '2010-12-19 23:45:05'
+    Date: ''
+    Description: NTIOLib
+    ExportedFunctions: ''
+    FileVersion: 1.0.0.0
+    Filename: NTIOLib.sys
+    ImportedFunctions:
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - IoDeleteDevice
+    - IoCreateDevice
+    - KeBugCheckEx
+    - RtlInitUnicodeString
+    - IoCreateSymbolicLink
+    - IoDeleteSymbolicLink
+    - __C_specific_handler
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: NTIOLib.sys
+    MD5: b89b097b8b8aecb8341d05136f334ebb
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: NTIOLib.sys
+    Product: NTIOLib
+    ProductVersion: 1.0.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 2ee757c19c3e831d8f872914fe1b1384
+        SHA1: 9c58163cf35d80dbe450b656a52ee9de12bc60d2
+        SHA256: c5a21f0ae765d60ce4e2189aa3ca90b603b75ac02d9a98d1ab04375ad398132c
+    SHA1: cce9b82f01ec68f450f5fe4312f40d929c6a506e
+    SHA256: a961f5939088238d76757669a9a81905e33f247c9c635b908daac146ae063499
+    Sections:
+        .text:
+            Entropy: 6.012418155163931
+            Virtual Size: '0x794'
+        .rdata:
+            Entropy: 4.38662767864017
+            Virtual Size: '0x1b0'
+        .data:
+            Entropy: 0.5096713223407059
+            Virtual Size: '0x114'
+        .pdata:
+            Entropy: 3.217404746311882
+            Virtual Size: '0x6c'
+        INIT:
+            Entropy: 4.846887314724898
+            Virtual Size: '0x222'
+        .rsrc:
+            Entropy: 3.2498244109800973
+            Virtual Size: '0x370'
+    Signature:
+    - Micro-Star Int'l Co. Ltd.
+    - GlobalSign ObjectSign CA
+    - GlobalSign Primary Object Publishing CA
+    - GlobalSign Root CA - R1
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
+                Primary Object Publishing CA
+            ValidFrom: '1999-01-28 12:00:00'
+            ValidTo: '2014-01-27 11:00:00'
+            Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9611cd6
+            Version: 3
+            TBS:
+                MD5: 698f075151097d84c0b1f3e7bc3d6fca
+                SHA1: 041750993d7c9e063f02dfe74699598640911aab
+                SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
+                SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
+        -   Subject: C=TW, O=Micro,Star Int'l Co. Ltd., CN=Micro,Star Int'l Co. Ltd.
+            ValidFrom: '2008-08-28 09:49:45'
+            ValidTo: '2011-08-28 09:49:45'
+            Signature: 572df373e9b036711b3cf5ee882e5d75d8d50f012407cf0c1b554ff8f41c7b6477fa0b2ad579f2c1fe7b8b9d7374b690527c219eb979686fb67d0b4cf2885d8d7d1261f05cb72fe4c9f294c52aa05f3e5d1ceb0d77085dbd6af07978032505da666f353283a8982af26985e69c1599479945b591124183574b8a4cc34caa62e31b523dac3fedbd04951b3661399ed34f5c5868d9bbe3295fc09890d9521e1cdcae2ff129f547d4c8ce8aa08616107c555fac60e5b63c14ddfeb6962af3608b75d9c77c69260d8af9775b83afaa15b8ecef6840cb4ee87d451f9042b49735ea40931c0664c8c2bf6a139db6ac5b90edcea63a6bf5b54978f027b1046170d476d0
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0100000000011c08b7f67e
+            Version: 3
+            TBS:
+                MD5: 4566c37f56f951a0ce5b4ae966c0ea9f
+                SHA1: a51cbf2834eb6f8535bc5e44913a9ec979379782
+                SHA256: 88a8e9a799af515b9223e4cdf24d0ef1e72f12124be02786f026a3c26317b417
+                SHA384: d8d8769d5b6a0fe7c56fcde24c735475ee0e5d01c63dbf7690cdae5a3e251818bed42443d0c6424d39e81a19d6c83bdb
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            ValidFrom: '2004-01-22 09:00:00'
+            ValidTo: '2014-01-27 10:00:00'
+            Signature: 3c4a010267edf20a2e736e40252f1dccbc2db652141b27122cf1229e190a89b6ef352a29152b1a88c20f37168d2602d5e93080f608b9939ac0498f332c3035ff4ab9892aa75c38e761a778fe22851a07b4b9edcf21f25ddedff329c5d38d9e14c4285c88e590a300442912b23e759540244a6beee2d0ef862ddf6d741a4f1cc79424c443464f7b81015d23733cd9752e995361565e7ccd13e237d222e570f8a743f6154147fda24702c43651ca545da6cdcad61817533ff1d38e0f0aafda17941657a0991431c90e1611d2c04ca2a25978fbb6b933cff763c9d2c4c84953dd8a59525e7d3b385eed220360ac85cd58325dcdc31c07fa7ef67efbc8ac378be498
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000117ab50b915
+            Version: 3
+            TBS:
+                MD5: 5686b287d716c4d2428b092c4ef30f9c
+                SHA1: 306fb5fbeb3d531510bb4b663c4fd48adc121e14
+                SHA256: 60846fc990e271a707cd2d53d0bb21834a04f7652214aa0c12597ff6649d352d
+                SHA384: 6b37b28ca97b32a31b0fa53b5e961ae0f2d1aae2c5bf46de132e57834ee3968d9af7ad204821f9389cc4e0b5a8481fe8
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 0100000000011c08b7f67e
+            Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            Version: 1
+    Imphash: d6f977640d4810a784d152e4d3c63a6b
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: ec3966c4b4ec6fc15ff0940548fd10c2
+        SHA1: 531a782723ecc50ea4fcfbbfe4b94465782a21d0
+        SHA256: eae8045d43f16e33232fd8bd2399f48b14f8a6391c9fffe38960c03fee978b27
+    Company: MSI
+    Copyright: Copyright (C) 2008-2009 MSI. All rights reserved.
+    CreationTimestamp: '2012-11-18 21:20:28'
+    Date: ''
+    Description: NTIOLib
+    ExportedFunctions: ''
+    FileVersion: 1.0.0.0
+    Filename: NTIOLib.sys
+    ImportedFunctions:
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - IoDeleteDevice
+    - IoCreateDevice
+    - KeBugCheckEx
+    - RtlInitUnicodeString
+    - IoCreateSymbolicLink
+    - IoDeleteSymbolicLink
+    - __C_specific_handler
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: NTIOLib.sys
+    MD5: a711e6ab17802fabf2e69e0cd57c54cd
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: NTIOLib.sys
+    Product: NTIOLib
+    ProductVersion: 1.0.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 39c75f9f5960f67f8cc161923c9e27de
+        SHA1: 04563d9ba3a46a4a80e909593385d142161e460f
+        SHA256: 160c6345935fc4df2858df076b6075d17a8f8adec1d01711474d4221fe4168a8
+    SHA1: e35a2b009d54e1a0b231d8a276251f64231b66a3
+    SHA256: a9706e320179993dade519a83061477ace195daa1b788662825484813001f526
+    Sections:
+        .text:
+            Entropy: 5.975947439924971
+            Virtual Size: '0x7ae'
+        .rdata:
+            Entropy: 4.407100393590958
+            Virtual Size: '0x1b8'
+        .data:
+            Entropy: 0.5096713223407059
+            Virtual Size: '0x114'
+        .pdata:
+            Entropy: 3.2429587897527465
+            Virtual Size: '0x78'
+        INIT:
+            Entropy: 5.022741972184718
+            Virtual Size: '0x242'
+        .rsrc:
+            Entropy: 3.263054562740841
+            Virtual Size: '0x390'
+    Signature:
+    - MICRO-STAR INTERNATIONAL CO., LTD.
+    - GlobalSign CodeSigning CA - G2
+    - GlobalSign Root CA - R1
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G3
+            ValidFrom: '2012-05-01 00:00:00'
+            ValidTo: '2012-12-31 23:59:59'
+            Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
+            Version: 3
+            TBS:
+                MD5: e6d820afb23af20a65cf0b03247ea05e
+                SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
+                SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
+                SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL
+                CO., LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL
+                CO., LTD.
+            ValidFrom: '2011-08-30 06:46:09'
+            ValidTo: '2014-08-30 06:46:09'
+            Signature: 87bf57ab7ffd7e005076b34b14ddd924045ec7e389871661794f1ece1bef10e050893b28236cb650af1415f8cd95e86c2052d93311d73e0bbe6fb1c22ddea438a93c8b18bd4b8c0f81ad07032efb46d406bbaa730dd3ac92cbf0d9cc711a397a0e0320b213a5161e6be83ec69967a712b463129ea56d5a8ecd3ff8901be09dfaa0a0f10e879b307863e1b1c3a3149ac73bc3f3160db7012229b57bced6d47b875878663642a8cddd03da1e7f236b8cf16713a5e0f4c892aaca77a8c7dab41d84567e2bbf09b336a2824e0e18d54d199e6e024d2630bb210cd24a9ef4b377be0429e2ecc9bf8478a8c6a78c686e26f29c95925baee85e4bbb97b6eecffe44a25e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
+            Version: 3
+            TBS:
+                MD5: 3a98a18e8636f2a01e49e2a6d116c360
+                SHA1: a2938150e46525adcec2e3a2348824bc1cf532b2
+                SHA256: 01a2e2d31d0a4f3005753cce5972b5da2a7c08b0750fb6947e0fd231e64ae7ec
+                SHA384: 722398e51e6b5bbe064df372be6b6a9ccfcc9719ad775213cae46920e0a3e6c5a4dc8b912de3148abfc60ff4a59050ea
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: d6f977640d4810a784d152e4d3c63a6b
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 364af1be1135ce8bede31bb6c201f7bb
+        SHA1: 3d0c8e9e7fcd431a91d4c4ea088d94fa371d546b
+        SHA256: c1c18591d7b68fafa870f3d0f1124a353682765236674cc7476c5f1cc71b1528
+    Company: MSI
+    Copyright: Copyright (C) 2008-2009 MSI. All rights reserved.
+    CreationTimestamp: '2011-01-26 23:43:32'
+    Date: ''
+    Description: NTIOLib
+    ExportedFunctions: ''
+    FileVersion: 1.0.0.0
+    Filename: NTIOLib.sys
+    ImportedFunctions:
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - IoDeleteDevice
+    - IoCreateDevice
+    - KeBugCheckEx
+    - RtlInitUnicodeString
+    - IoCreateSymbolicLink
+    - IoDeleteSymbolicLink
+    - __C_specific_handler
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: NTIOLib.sys
+    MD5: 490b1f404c4f31f4538b36736c990136
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: NTIOLib.sys
+    Product: NTIOLib
+    ProductVersion: 1.0.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 2ee757c19c3e831d8f872914fe1b1384
+        SHA1: 9c58163cf35d80dbe450b656a52ee9de12bc60d2
+        SHA256: c5a21f0ae765d60ce4e2189aa3ca90b603b75ac02d9a98d1ab04375ad398132c
+    SHA1: 37364cb5f5cefd68e5eca56f95c0ab4aff43afcc
+    SHA256: b7a20b5f15e1871b392782c46ebcc897929443d82073ee4dcb3874b6a5976b5d
+    Sections:
+        .text:
+            Entropy: 6.009303802596938
+            Virtual Size: '0x794'
+        .rdata:
+            Entropy: 4.365165608318326
+            Virtual Size: '0x1b0'
+        .data:
+            Entropy: 0.5096713223407059
+            Virtual Size: '0x114'
+        .pdata:
+            Entropy: 3.217404746311882
+            Virtual Size: '0x6c'
+        INIT:
+            Entropy: 4.846887314724898
+            Virtual Size: '0x222'
+        .rsrc:
+            Entropy: 3.2498244109800973
+            Virtual Size: '0x370'
+    Signature:
+    - Micro-Star Int'l Co. Ltd.
+    - GlobalSign ObjectSign CA
+    - GlobalSign Primary Object Publishing CA
+    - GlobalSign
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
+                Primary Object Publishing CA
+            ValidFrom: '1999-01-28 12:00:00'
+            ValidTo: '2014-01-27 11:00:00'
+            Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9611cd6
+            Version: 3
+            TBS:
+                MD5: 698f075151097d84c0b1f3e7bc3d6fca
+                SHA1: 041750993d7c9e063f02dfe74699598640911aab
+                SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
+                SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
+        -   Subject: C=TW, O=Micro,Star Int'l Co. Ltd., CN=Micro,Star Int'l Co. Ltd.
+            ValidFrom: '2008-08-28 09:49:45'
+            ValidTo: '2011-08-28 09:49:45'
+            Signature: 572df373e9b036711b3cf5ee882e5d75d8d50f012407cf0c1b554ff8f41c7b6477fa0b2ad579f2c1fe7b8b9d7374b690527c219eb979686fb67d0b4cf2885d8d7d1261f05cb72fe4c9f294c52aa05f3e5d1ceb0d77085dbd6af07978032505da666f353283a8982af26985e69c1599479945b591124183574b8a4cc34caa62e31b523dac3fedbd04951b3661399ed34f5c5868d9bbe3295fc09890d9521e1cdcae2ff129f547d4c8ce8aa08616107c555fac60e5b63c14ddfeb6962af3608b75d9c77c69260d8af9775b83afaa15b8ecef6840cb4ee87d451f9042b49735ea40931c0664c8c2bf6a139db6ac5b90edcea63a6bf5b54978f027b1046170d476d0
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0100000000011c08b7f67e
+            Version: 3
+            TBS:
+                MD5: 4566c37f56f951a0ce5b4ae966c0ea9f
+                SHA1: a51cbf2834eb6f8535bc5e44913a9ec979379782
+                SHA256: 88a8e9a799af515b9223e4cdf24d0ef1e72f12124be02786f026a3c26317b417
+                SHA384: d8d8769d5b6a0fe7c56fcde24c735475ee0e5d01c63dbf7690cdae5a3e251818bed42443d0c6424d39e81a19d6c83bdb
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            ValidFrom: '2004-01-22 09:00:00'
+            ValidTo: '2014-01-27 10:00:00'
+            Signature: 3c4a010267edf20a2e736e40252f1dccbc2db652141b27122cf1229e190a89b6ef352a29152b1a88c20f37168d2602d5e93080f608b9939ac0498f332c3035ff4ab9892aa75c38e761a778fe22851a07b4b9edcf21f25ddedff329c5d38d9e14c4285c88e590a300442912b23e759540244a6beee2d0ef862ddf6d741a4f1cc79424c443464f7b81015d23733cd9752e995361565e7ccd13e237d222e570f8a743f6154147fda24702c43651ca545da6cdcad61817533ff1d38e0f0aafda17941657a0991431c90e1611d2c04ca2a25978fbb6b933cff763c9d2c4c84953dd8a59525e7d3b385eed220360ac85cd58325dcdc31c07fa7ef67efbc8ac378be498
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000117ab50b915
+            Version: 3
+            TBS:
+                MD5: 5686b287d716c4d2428b092c4ef30f9c
+                SHA1: 306fb5fbeb3d531510bb4b663c4fd48adc121e14
+                SHA256: 60846fc990e271a707cd2d53d0bb21834a04f7652214aa0c12597ff6649d352d
+                SHA384: 6b37b28ca97b32a31b0fa53b5e961ae0f2d1aae2c5bf46de132e57834ee3968d9af7ad204821f9389cc4e0b5a8481fe8
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 0100000000011c08b7f67e
+            Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            Version: 1
+    Imphash: d6f977640d4810a784d152e4d3c63a6b
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: c7069e41aab11ec8cb06657e6e8babd0
+        SHA1: 156907d0ca2ecff7efa07f479622b018af74bf2f
+        SHA256: 9c513f4d4c38a10af9f4a967bb6c7901275adf0df8046fc7e1b7e4c3e3c7c3cf
+    Company: MSI
+    Copyright: Copyright (C) 2015 MSI. All rights reserved.
+    CreationTimestamp: '2015-05-14 19:48:55'
+    Date: ''
+    Description: NTIOLib
+    ExportedFunctions: ''
+    FileVersion: 1.0.0.1
+    Filename: NTIOLib.sys
+    ImportedFunctions:
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - IoDeleteDevice
+    - IoCreateDevice
+    - KeBugCheckEx
+    - RtlInitUnicodeString
+    - IoCreateSymbolicLink
+    - IoDeleteSymbolicLink
+    - __C_specific_handler
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: NTIOLib.sys
+    MD5: 6f5d54ab483659ac78672440422ae3f1
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: NTIOLib_X64.sys
+    Product: NTIOLib
+    ProductVersion: 1.0.0.1
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 41ddd08b440611823bc5d8cb732c563d
+        SHA1: 8acdfc9ac988c6250e2a031640f6e169b5fddb73
+        SHA256: 189683b4db2e68d2f0b3f91f1141907b3887f23991867a68a22389d40ad3634e
+    SHA1: d62fa51e520022483bdc5847141658de689c0c29
+    SHA256: cc586254e9e89e88334adee44e332166119307e79c2f18f6c2ab90ce8ba7fc9b
+    Sections:
+        .text:
+            Entropy: 5.981169985310225
+            Virtual Size: '0x796'
+        .rdata:
+            Entropy: 4.1249295039622025
+            Virtual Size: '0x194'
+        .data:
+            Entropy: 0.5096713223407059
+            Virtual Size: '0x114'
+        .pdata:
+            Entropy: 3.370810739796811
+            Virtual Size: '0x78'
+        INIT:
+            Entropy: 5.046663153942613
+            Virtual Size: '0x242'
+        .rsrc:
+            Entropy: 3.260584183914935
+            Virtual Size: '0x370'
+    Signature:
+    - MICRO-STAR INTERNATIONAL CO., LTD.
+    - GlobalSign CodeSigning CA - G2
+    - GlobalSign Root CA - R1
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2011-04-15 19:55:08'
+            ValidTo: '2021-04-15 20:05:08'
+            Signature: 5ff8d065746a81c6a6ca5b03b6914ae84bbdef2ba142f0efb4a5adcd3389ec0b9585ac62501108aa58d25aa08310e5a6337af25af2c5fe787cf09c83df190ad97396002dd62ccde914d41d9de83f3c1a76f7904efb01350a6c9313a0c356eb67a0e4d17a96dec267f190f80a7bf5321b94ec5f751f8d1b34da6c58a7cb2d279e2226b7c9aa30cc0777b836e38201b5393ccc8dd9a75f7f23b3877fdb5798918bd7ce2520e39d644fdd87f72b68490318e0a5df7c5f68644d36838d4781f2e9e0a869abfa7b163c05a449ea8830190a6c73055178dfd41ddd3ad47f2de44e54be83431e7a7433b4a4ebd77073bc2a02988966eef6bc8f749378e329025a5a43e258ce7ccf9acad236893be25fda26054ec8d4e72c910e1797c5beee8b13112323294ffa83d050f6bafad53db3173df4ff034aa325dce67561d1fa35086bd62744d068b78d45e0eb852cc8a15d614474160e5958aed2b5eea5bcd6d7076ab62978fd976767dd8d4f17944fd2ed0caf972437c3a29c81da6be143b6577b4cecbf791319e79fe844e94781b75e701e91f83dd17b27f50b7056434805dda92fab86101d0b12e31ad04c6e75ded645b30b748887935c564a41029af7aeb799d8b67f88fa11f2457cf4d71b91c01cf1a0fbd4080a411a142acef4eb34486e66879ed54b7a397fbb0e3d3861cf735706e412066bd96b5308cd7018c22d4f974691bca9f0
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 6129152700000000002a
+            Version: 3
+            TBS:
+                MD5: 0bb058d116f02817737920f112d9fd3b
+                SHA1: fd116235171a4feafedee586b7a59185fb5fd7e6
+                SHA256: f970426cc46d2ae0fc5f899fa19dbe76e05f07e525654c60c3c9399492c291f4
+                SHA384: c0df876be008c26ca407fe904e6f5e7ccded17f9c16830ce9f8022309c9e64c97f494810f152811ae43e223b82ad7cc6
+        -   Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL
+                CO., LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL
+                CO., LTD.
+            ValidFrom: '2014-06-03 09:16:15'
+            ValidTo: '2017-09-03 09:16:15'
+            Signature: 8c35a5b5d3503f50119ab8f99b07a4bb4b71cafaf983206f744545c2997ae1762032fa2d37f4780cfe83bfa999d7bcbd863dc4a51ff39978160e2e191482ae6d7f08e8ffa337c96d8c2d38ddf476a497265a890c1bbf0dee89b1abd32343889a3757732d205ba06525fa8f6e15005405a53e55cef71ac0b6af3a640e4c8aef5e950ab8a8b5c8bcddb2ade96ad9473a3d860ae16fdbe3362cabfd916da089167d906d378dbf4534f7ffb77d87baba29f8f5bbbd9b4b7c127ac170a270dc7a7272d38fdf3bbadbfb448d47e5dd4d310a588666a0d66762e1b3704b1e00e39739190c02f4b981cf2d27ba07d2472ec320edf29e263f26278995d162102968c999b3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112158044863e4dc19cf29a85668b7f45842
+            Version: 3
+            TBS:
+                MD5: 403bb44a62aed1a94bd5df05b3292482
+                SHA1: e4a0353e75940ab1e8cbff2f433f186c7f0b0f09
+                SHA256: 5b81998ed98b343c04134c336e03f3051779eae0e9f882e8339593d18556375d
+                SHA384: db0076cad41a0ef4ea68754ef6905bd5ff772adcb745b05c0060344e43588abc95952dc3ad272f5a8f17b206e4089aca
+        Signer:
+        -   SerialNumber: 112158044863e4dc19cf29a85668b7f45842
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: d6f977640d4810a784d152e4d3c63a6b
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 55cd6f1f309b3409bf2cb92a4eb56e74
+        SHA1: e7558eaa5e3357ca3010ee219cf52fdf46e5cd5a
+        SHA256: a502c904a7fe42183d3ea66f1e01fbd4321eb202280b054b9124dd333f093ba2
+    Company: MSI
+    Copyright: Copyright (C) 2008-2009 MSI. All rights reserved.
+    CreationTimestamp: '2012-11-18 21:32:58'
+    Date: ''
+    Description: NTIOLib
+    ExportedFunctions: ''
+    FileVersion: 1.0.0.0
+    Filename: NTIOLib.sys
+    ImportedFunctions:
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - IoDeleteDevice
+    - IoCreateDevice
+    - KeBugCheckEx
+    - RtlInitUnicodeString
+    - IoCreateSymbolicLink
+    - IoDeleteSymbolicLink
+    - __C_specific_handler
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: NTIOLib.sys
+    MD5: dd04cd3de0c19bede84e9c95a86b3ca8
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: NTIOLib.sys
+    Product: NTIOLib
+    ProductVersion: 1.0.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 39c75f9f5960f67f8cc161923c9e27de
+        SHA1: 04563d9ba3a46a4a80e909593385d142161e460f
+        SHA256: 160c6345935fc4df2858df076b6075d17a8f8adec1d01711474d4221fe4168a8
+    SHA1: 93aa3bb934b74160446df3a47fa085fd7f3a6be9
+    SHA256: cd4a249c3ef65af285d0f8f30a8a96e83688486aab515836318a2559757a89bb
+    Sections:
+        .text:
+            Entropy: 5.978512693873158
+            Virtual Size: '0x7b4'
+        .rdata:
+            Entropy: 4.412631225089427
+            Virtual Size: '0x1bc'
+        .data:
+            Entropy: 0.5096713223407059
+            Virtual Size: '0x114'
+        .pdata:
+            Entropy: 3.2266179565636444
+            Virtual Size: '0x78'
+        INIT:
+            Entropy: 5.022741972184718
+            Virtual Size: '0x242'
+        .rsrc:
+            Entropy: 3.2598670707049178
+            Virtual Size: '0x398'
+    Signature:
+    - MICRO-STAR INTERNATIONAL CO., LTD.
+    - GlobalSign CodeSigning CA - G2
+    - GlobalSign Root CA - R1
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G3
+            ValidFrom: '2012-05-01 00:00:00'
+            ValidTo: '2012-12-31 23:59:59'
+            Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
+            Version: 3
+            TBS:
+                MD5: e6d820afb23af20a65cf0b03247ea05e
+                SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
+                SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
+                SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL
+                CO., LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL
+                CO., LTD.
+            ValidFrom: '2011-08-30 06:46:09'
+            ValidTo: '2014-08-30 06:46:09'
+            Signature: 87bf57ab7ffd7e005076b34b14ddd924045ec7e389871661794f1ece1bef10e050893b28236cb650af1415f8cd95e86c2052d93311d73e0bbe6fb1c22ddea438a93c8b18bd4b8c0f81ad07032efb46d406bbaa730dd3ac92cbf0d9cc711a397a0e0320b213a5161e6be83ec69967a712b463129ea56d5a8ecd3ff8901be09dfaa0a0f10e879b307863e1b1c3a3149ac73bc3f3160db7012229b57bced6d47b875878663642a8cddd03da1e7f236b8cf16713a5e0f4c892aaca77a8c7dab41d84567e2bbf09b336a2824e0e18d54d199e6e024d2630bb210cd24a9ef4b377be0429e2ecc9bf8478a8c6a78c686e26f29c95925baee85e4bbb97b6eecffe44a25e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
+            Version: 3
+            TBS:
+                MD5: 3a98a18e8636f2a01e49e2a6d116c360
+                SHA1: a2938150e46525adcec2e3a2348824bc1cf532b2
+                SHA256: 01a2e2d31d0a4f3005753cce5972b5da2a7c08b0750fb6947e0fd231e64ae7ec
+                SHA384: 722398e51e6b5bbe064df372be6b6a9ccfcc9719ad775213cae46920e0a3e6c5a4dc8b912de3148abfc60ff4a59050ea
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: d6f977640d4810a784d152e4d3c63a6b
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 0c06dcbb129db21d296df3f6f8e98514
+        SHA1: d3642da8e37cb772b1dd7b75a69323a4a00566c8
+        SHA256: ce89124d29b5e562bbcc2f07b1dfac0f22dd66ad3deb32dd32c8c138a3739ef8
+    Company: MSI
+    Copyright: Copyright (C) 2008-2009 MSI. All rights reserved.
+    CreationTimestamp: '2012-11-20 01:11:26'
+    Date: ''
+    Description: NTIOLib for MSIClock_CC
+    ExportedFunctions: ''
+    FileVersion: 1.0.0.0
+    Filename: NTIOLib.sys
+    ImportedFunctions:
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - IoDeleteDevice
+    - IoCreateDevice
+    - KeBugCheckEx
+    - RtlInitUnicodeString
+    - IoCreateSymbolicLink
+    - IoDeleteSymbolicLink
+    - __C_specific_handler
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: NTIOLib.sys
+    MD5: 95e4c7b0384da89dce8ea6f31c3613d9
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: NTIOLib.sys
+    Product: NTIOLib
+    ProductVersion: 1.0.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 39c75f9f5960f67f8cc161923c9e27de
+        SHA1: 04563d9ba3a46a4a80e909593385d142161e460f
+        SHA256: 160c6345935fc4df2858df076b6075d17a8f8adec1d01711474d4221fe4168a8
+    SHA1: ec4cc6de4c779bb1ca1dd32ee3a03f7e8d633a9b
+    SHA256: cf4b5fa853ce809f1924df3a3ae3c4e191878c4ea5248d8785dc7e51807a512b
+    Sections:
+        .text:
+            Entropy: 5.966682819331583
+            Virtual Size: '0x7e0'
+        .rdata:
+            Entropy: 4.42947106384773
+            Virtual Size: '0x1b8'
+        .data:
+            Entropy: 0.5096713223407059
+            Virtual Size: '0x114'
+        .pdata:
+            Entropy: 3.333607461074226
+            Virtual Size: '0x78'
+        INIT:
+            Entropy: 5.022741972184718
+            Virtual Size: '0x242'
+        .rsrc:
+            Entropy: 3.2766504288129297
+            Virtual Size: '0x390'
+    Signature:
+    - MICRO-STAR INTERNATIONAL CO., LTD.
+    - GlobalSign CodeSigning CA - G2
+    - GlobalSign Root CA - R1
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G3
+            ValidFrom: '2012-05-01 00:00:00'
+            ValidTo: '2012-12-31 23:59:59'
+            Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
+            Version: 3
+            TBS:
+                MD5: e6d820afb23af20a65cf0b03247ea05e
+                SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
+                SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
+                SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL
+                CO., LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL
+                CO., LTD.
+            ValidFrom: '2011-08-30 06:46:09'
+            ValidTo: '2014-08-30 06:46:09'
+            Signature: 87bf57ab7ffd7e005076b34b14ddd924045ec7e389871661794f1ece1bef10e050893b28236cb650af1415f8cd95e86c2052d93311d73e0bbe6fb1c22ddea438a93c8b18bd4b8c0f81ad07032efb46d406bbaa730dd3ac92cbf0d9cc711a397a0e0320b213a5161e6be83ec69967a712b463129ea56d5a8ecd3ff8901be09dfaa0a0f10e879b307863e1b1c3a3149ac73bc3f3160db7012229b57bced6d47b875878663642a8cddd03da1e7f236b8cf16713a5e0f4c892aaca77a8c7dab41d84567e2bbf09b336a2824e0e18d54d199e6e024d2630bb210cd24a9ef4b377be0429e2ecc9bf8478a8c6a78c686e26f29c95925baee85e4bbb97b6eecffe44a25e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
+            Version: 3
+            TBS:
+                MD5: 3a98a18e8636f2a01e49e2a6d116c360
+                SHA1: a2938150e46525adcec2e3a2348824bc1cf532b2
+                SHA256: 01a2e2d31d0a4f3005753cce5972b5da2a7c08b0750fb6947e0fd231e64ae7ec
+                SHA384: 722398e51e6b5bbe064df372be6b6a9ccfcc9719ad775213cae46920e0a3e6c5a4dc8b912de3148abfc60ff4a59050ea
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: d6f977640d4810a784d152e4d3c63a6b
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 37256f56e87f5530dd63e3069a3e3252
+        SHA1: 17f4ab1865a5a2be4768cd25019439441fd0e10b
+        SHA256: 61a3bf24d4e3eac56c380b022dfc195bad4cc8d03156cdc3ba743faab582284a
+    Company: MSI
+    Copyright: Copyright (C) 2016 Micro-Star INT'L CO., LTD.
+    CreationTimestamp: '2016-10-11 01:40:12'
+    Date: ''
+    Description: NTIOLib
+    ExportedFunctions: ''
+    FileVersion: 1.0.0.01
+    Filename: NTIOLib.sys
+    ImportedFunctions:
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - IoDeleteDevice
+    - IoCreateDevice
+    - KeBugCheckEx
+    - RtlInitUnicodeString
+    - IoCreateSymbolicLink
+    - IoDeleteSymbolicLink
+    - __C_specific_handler
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: NTIOLib.sys
+    MD5: 9aa7ed7809eec0d8bc6c545a1d18107a
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: NTIOLib.sys
+    Product: NTIOLib
+    ProductVersion: 1.0.0.01
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 41ddd08b440611823bc5d8cb732c563d
+        SHA1: 8acdfc9ac988c6250e2a031640f6e169b5fddb73
+        SHA256: 189683b4db2e68d2f0b3f91f1141907b3887f23991867a68a22389d40ad3634e
+    SHA1: 35f1ba60ba0da8512a0b1b15ee8e30fe240d77cd
+    SHA256: d0bd1ae72aeb5f3eabf1531a635f990e5eaae7fdd560342f915f723766c80889
+    Sections:
+        .text:
+            Entropy: 5.978079396715016
+            Virtual Size: '0x7aa'
+        .rdata:
+            Entropy: 4.212893870600013
+            Virtual Size: '0x19c'
+        .data:
+            Entropy: 0.5096713223407059
+            Virtual Size: '0x114'
+        .pdata:
+            Entropy: 3.276775635503942
+            Virtual Size: '0x78'
+        INIT:
+            Entropy: 5.046663153942613
+            Virtual Size: '0x242'
+        .rsrc:
+            Entropy: 3.262254565992317
+            Virtual Size: '0x370'
+    Signature:
+    - MICRO-STAR INTERNATIONAL CO., LTD.
+    - GlobalSign CodeSigning CA - G2
+    - GlobalSign Root CA - R1
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2011-04-15 19:55:08'
+            ValidTo: '2021-04-15 20:05:08'
+            Signature: 5ff8d065746a81c6a6ca5b03b6914ae84bbdef2ba142f0efb4a5adcd3389ec0b9585ac62501108aa58d25aa08310e5a6337af25af2c5fe787cf09c83df190ad97396002dd62ccde914d41d9de83f3c1a76f7904efb01350a6c9313a0c356eb67a0e4d17a96dec267f190f80a7bf5321b94ec5f751f8d1b34da6c58a7cb2d279e2226b7c9aa30cc0777b836e38201b5393ccc8dd9a75f7f23b3877fdb5798918bd7ce2520e39d644fdd87f72b68490318e0a5df7c5f68644d36838d4781f2e9e0a869abfa7b163c05a449ea8830190a6c73055178dfd41ddd3ad47f2de44e54be83431e7a7433b4a4ebd77073bc2a02988966eef6bc8f749378e329025a5a43e258ce7ccf9acad236893be25fda26054ec8d4e72c910e1797c5beee8b13112323294ffa83d050f6bafad53db3173df4ff034aa325dce67561d1fa35086bd62744d068b78d45e0eb852cc8a15d614474160e5958aed2b5eea5bcd6d7076ab62978fd976767dd8d4f17944fd2ed0caf972437c3a29c81da6be143b6577b4cecbf791319e79fe844e94781b75e701e91f83dd17b27f50b7056434805dda92fab86101d0b12e31ad04c6e75ded645b30b748887935c564a41029af7aeb799d8b67f88fa11f2457cf4d71b91c01cf1a0fbd4080a411a142acef4eb34486e66879ed54b7a397fbb0e3d3861cf735706e412066bd96b5308cd7018c22d4f974691bca9f0
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 6129152700000000002a
+            Version: 3
+            TBS:
+                MD5: 0bb058d116f02817737920f112d9fd3b
+                SHA1: fd116235171a4feafedee586b7a59185fb5fd7e6
+                SHA256: f970426cc46d2ae0fc5f899fa19dbe76e05f07e525654c60c3c9399492c291f4
+                SHA384: c0df876be008c26ca407fe904e6f5e7ccded17f9c16830ce9f8022309c9e64c97f494810f152811ae43e223b82ad7cc6
+        -   Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL
+                CO., LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL
+                CO., LTD.
+            ValidFrom: '2014-06-03 09:16:15'
+            ValidTo: '2017-09-03 09:16:15'
+            Signature: 8c35a5b5d3503f50119ab8f99b07a4bb4b71cafaf983206f744545c2997ae1762032fa2d37f4780cfe83bfa999d7bcbd863dc4a51ff39978160e2e191482ae6d7f08e8ffa337c96d8c2d38ddf476a497265a890c1bbf0dee89b1abd32343889a3757732d205ba06525fa8f6e15005405a53e55cef71ac0b6af3a640e4c8aef5e950ab8a8b5c8bcddb2ade96ad9473a3d860ae16fdbe3362cabfd916da089167d906d378dbf4534f7ffb77d87baba29f8f5bbbd9b4b7c127ac170a270dc7a7272d38fdf3bbadbfb448d47e5dd4d310a588666a0d66762e1b3704b1e00e39739190c02f4b981cf2d27ba07d2472ec320edf29e263f26278995d162102968c999b3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112158044863e4dc19cf29a85668b7f45842
+            Version: 3
+            TBS:
+                MD5: 403bb44a62aed1a94bd5df05b3292482
+                SHA1: e4a0353e75940ab1e8cbff2f433f186c7f0b0f09
+                SHA256: 5b81998ed98b343c04134c336e03f3051779eae0e9f882e8339593d18556375d
+                SHA384: db0076cad41a0ef4ea68754ef6905bd5ff772adcb745b05c0060344e43588abc95952dc3ad272f5a8f17b206e4089aca
+        Signer:
+        -   SerialNumber: 112158044863e4dc19cf29a85668b7f45842
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: d6f977640d4810a784d152e4d3c63a6b
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: c6830e904e56ea951005ea7639eedd35
+        SHA1: c57c0dd18135bca5fdb094858a70033c006cd281
+        SHA256: 4a05ad47cd63932b3df2d0f1f42617321729772211bec651fe061140d3e75957
+    Company: MSI
+    Copyright: Copyright (C) 2008-2009 MSI. All rights reserved.
+    CreationTimestamp: '2011-01-05 20:05:14'
+    Date: ''
+    Description: NTIOLib
+    ExportedFunctions: ''
+    FileVersion: 1.0.0.0
+    Filename: NTIOLib.sys
+    ImportedFunctions:
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - IoDeleteDevice
+    - IoCreateDevice
+    - KeBugCheckEx
+    - RtlInitUnicodeString
+    - IoCreateSymbolicLink
+    - IoDeleteSymbolicLink
+    - __C_specific_handler
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: NTIOLib.sys
+    MD5: c02f70960fa934b8defa16a03d7f6556
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: NTIOLib.sys
+    Product: NTIOLib
+    ProductVersion: 1.0.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 2ee757c19c3e831d8f872914fe1b1384
+        SHA1: 9c58163cf35d80dbe450b656a52ee9de12bc60d2
+        SHA256: c5a21f0ae765d60ce4e2189aa3ca90b603b75ac02d9a98d1ab04375ad398132c
+    SHA1: 3805e4e08ad342d224973ecdade8b00c40ed31be
+    SHA256: d8b58f6a89a7618558e37afc360cd772b6731e3ba367f8d58734ecee2244a530
+    Sections:
+        .text:
+            Entropy: 6.012418155163931
+            Virtual Size: '0x794'
+        .rdata:
+            Entropy: 4.38104344738678
+            Virtual Size: '0x1b0'
+        .data:
+            Entropy: 0.5096713223407059
+            Virtual Size: '0x114'
+        .pdata:
+            Entropy: 3.217404746311882
+            Virtual Size: '0x6c'
+        INIT:
+            Entropy: 4.846887314724898
+            Virtual Size: '0x222'
+        .rsrc:
+            Entropy: 3.2498244109800973
+            Virtual Size: '0x370'
+    Signature:
+    - Micro-Star Int'l Co. Ltd.
+    - GlobalSign ObjectSign CA
+    - GlobalSign Primary Object Publishing CA
+    - GlobalSign Root CA - R1
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
+                Primary Object Publishing CA
+            ValidFrom: '1999-01-28 12:00:00'
+            ValidTo: '2014-01-27 11:00:00'
+            Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9611cd6
+            Version: 3
+            TBS:
+                MD5: 698f075151097d84c0b1f3e7bc3d6fca
+                SHA1: 041750993d7c9e063f02dfe74699598640911aab
+                SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
+                SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
+        -   Subject: C=TW, O=Micro,Star Int'l Co. Ltd., CN=Micro,Star Int'l Co. Ltd.
+            ValidFrom: '2008-08-28 09:49:45'
+            ValidTo: '2011-08-28 09:49:45'
+            Signature: 572df373e9b036711b3cf5ee882e5d75d8d50f012407cf0c1b554ff8f41c7b6477fa0b2ad579f2c1fe7b8b9d7374b690527c219eb979686fb67d0b4cf2885d8d7d1261f05cb72fe4c9f294c52aa05f3e5d1ceb0d77085dbd6af07978032505da666f353283a8982af26985e69c1599479945b591124183574b8a4cc34caa62e31b523dac3fedbd04951b3661399ed34f5c5868d9bbe3295fc09890d9521e1cdcae2ff129f547d4c8ce8aa08616107c555fac60e5b63c14ddfeb6962af3608b75d9c77c69260d8af9775b83afaa15b8ecef6840cb4ee87d451f9042b49735ea40931c0664c8c2bf6a139db6ac5b90edcea63a6bf5b54978f027b1046170d476d0
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0100000000011c08b7f67e
+            Version: 3
+            TBS:
+                MD5: 4566c37f56f951a0ce5b4ae966c0ea9f
+                SHA1: a51cbf2834eb6f8535bc5e44913a9ec979379782
+                SHA256: 88a8e9a799af515b9223e4cdf24d0ef1e72f12124be02786f026a3c26317b417
+                SHA384: d8d8769d5b6a0fe7c56fcde24c735475ee0e5d01c63dbf7690cdae5a3e251818bed42443d0c6424d39e81a19d6c83bdb
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            ValidFrom: '2004-01-22 09:00:00'
+            ValidTo: '2014-01-27 10:00:00'
+            Signature: 3c4a010267edf20a2e736e40252f1dccbc2db652141b27122cf1229e190a89b6ef352a29152b1a88c20f37168d2602d5e93080f608b9939ac0498f332c3035ff4ab9892aa75c38e761a778fe22851a07b4b9edcf21f25ddedff329c5d38d9e14c4285c88e590a300442912b23e759540244a6beee2d0ef862ddf6d741a4f1cc79424c443464f7b81015d23733cd9752e995361565e7ccd13e237d222e570f8a743f6154147fda24702c43651ca545da6cdcad61817533ff1d38e0f0aafda17941657a0991431c90e1611d2c04ca2a25978fbb6b933cff763c9d2c4c84953dd8a59525e7d3b385eed220360ac85cd58325dcdc31c07fa7ef67efbc8ac378be498
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000117ab50b915
+            Version: 3
+            TBS:
+                MD5: 5686b287d716c4d2428b092c4ef30f9c
+                SHA1: 306fb5fbeb3d531510bb4b663c4fd48adc121e14
+                SHA256: 60846fc990e271a707cd2d53d0bb21834a04f7652214aa0c12597ff6649d352d
+                SHA384: 6b37b28ca97b32a31b0fa53b5e961ae0f2d1aae2c5bf46de132e57834ee3968d9af7ad204821f9389cc4e0b5a8481fe8
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 0100000000011c08b7f67e
+            Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            Version: 1
+    Imphash: d6f977640d4810a784d152e4d3c63a6b
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 6b5dd12cfdee0cf8a654eacc65028c36
+        SHA1: 081d87fdb40a348b85382c63ea029281f213b778
+        SHA256: d82a938dc7b0077a06d940bd3ce6097e3b02cdc254ec6fd863c0e526f2af69fa
+    Company: MSI
+    Copyright: Copyright (C) 2008-2009 MSI. All rights reserved.
+    CreationTimestamp: '2011-09-19 21:09:19'
+    Date: ''
+    Description: NTIOLib
+    ExportedFunctions: ''
+    FileVersion: 1.0.0.0
+    Filename: NTIOLib.sys
+    ImportedFunctions:
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - IoDeleteDevice
+    - IoCreateDevice
+    - KeBugCheckEx
+    - RtlInitUnicodeString
+    - IoCreateSymbolicLink
+    - IoDeleteSymbolicLink
+    - __C_specific_handler
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: NTIOLib.sys
+    MD5: 300c5b1795c9b6cc1bc4d7d55c7bbe85
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: NTIOLib.sys
+    Product: NTIOLib
+    ProductVersion: 1.0.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 2ee757c19c3e831d8f872914fe1b1384
+        SHA1: 9c58163cf35d80dbe450b656a52ee9de12bc60d2
+        SHA256: c5a21f0ae765d60ce4e2189aa3ca90b603b75ac02d9a98d1ab04375ad398132c
+    SHA1: 65d8a7c2e867b22d1c14592b020c548dd0665646
+    SHA256: d92eab70bcece4432258c9c9a914483a2267f6ab5ce2630048d3a99e8cb1b482
+    Sections:
+        .text:
+            Entropy: 6.006903393945739
+            Virtual Size: '0x794'
+        .rdata:
+            Entropy: 4.348917494639358
+            Virtual Size: '0x1b0'
+        .data:
+            Entropy: 0.5096713223407059
+            Virtual Size: '0x114'
+        .pdata:
+            Entropy: 3.217404746311882
+            Virtual Size: '0x6c'
+        INIT:
+            Entropy: 4.846887314724898
+            Virtual Size: '0x222'
+        .rsrc:
+            Entropy: 3.2498244109800973
+            Virtual Size: '0x370'
+    Signature:
+    - MICRO-STAR INTERNATIONAL CO., LTD.
+    - GlobalSign CodeSigning CA - G2
+    - GlobalSign Root CA - R1
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL
+                CO., LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL
+                CO., LTD.
+            ValidFrom: '2011-08-30 06:46:09'
+            ValidTo: '2014-08-30 06:46:09'
+            Signature: 87bf57ab7ffd7e005076b34b14ddd924045ec7e389871661794f1ece1bef10e050893b28236cb650af1415f8cd95e86c2052d93311d73e0bbe6fb1c22ddea438a93c8b18bd4b8c0f81ad07032efb46d406bbaa730dd3ac92cbf0d9cc711a397a0e0320b213a5161e6be83ec69967a712b463129ea56d5a8ecd3ff8901be09dfaa0a0f10e879b307863e1b1c3a3149ac73bc3f3160db7012229b57bced6d47b875878663642a8cddd03da1e7f236b8cf16713a5e0f4c892aaca77a8c7dab41d84567e2bbf09b336a2824e0e18d54d199e6e024d2630bb210cd24a9ef4b377be0429e2ecc9bf8478a8c6a78c686e26f29c95925baee85e4bbb97b6eecffe44a25e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
+            Version: 3
+            TBS:
+                MD5: 3a98a18e8636f2a01e49e2a6d116c360
+                SHA1: a2938150e46525adcec2e3a2348824bc1cf532b2
+                SHA256: 01a2e2d31d0a4f3005753cce5972b5da2a7c08b0750fb6947e0fd231e64ae7ec
+                SHA384: 722398e51e6b5bbe064df372be6b6a9ccfcc9719ad775213cae46920e0a3e6c5a4dc8b912de3148abfc60ff4a59050ea
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: d6f977640d4810a784d152e4d3c63a6b
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: c80d819869c1718a58dfada2167e842c
+        SHA1: 0d6b74ac325c816bfdc20aa4a0fc0eb2cd45f4e6
+        SHA256: f8ffb8a23be71c26f784905110b7e752473be55216300d08a83c40c1496fb6c1
+    Company: MSI
+    Copyright: Copyright (C) 2008-2009 MSI. All rights reserved.
+    CreationTimestamp: '2012-11-18 21:31:30'
+    Date: ''
+    Description: NTIOLib
+    ExportedFunctions: ''
+    FileVersion: 1.0.0.0
+    Filename: NTIOLib.sys
+    ImportedFunctions:
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - IoDeleteDevice
+    - IoCreateDevice
+    - KeBugCheckEx
+    - RtlInitUnicodeString
+    - IoCreateSymbolicLink
+    - IoDeleteSymbolicLink
+    - __C_specific_handler
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: NTIOLib.sys
+    MD5: 3dbf69f935ea48571ea6b0f5a2878896
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: NTIOLib.sys
+    Product: NTIOLib
+    ProductVersion: 1.0.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 39c75f9f5960f67f8cc161923c9e27de
+        SHA1: 04563d9ba3a46a4a80e909593385d142161e460f
+        SHA256: 160c6345935fc4df2858df076b6075d17a8f8adec1d01711474d4221fe4168a8
+    SHA1: c8d87f3cd34c572870e63a696cf771580e6ea81b
+    SHA256: e005e8d183e853a27ad3bb56f25489f369c11b0d47e3d4095aad9291b3343bf1
+    Sections:
+        .text:
+            Entropy: 5.977500374905586
+            Virtual Size: '0x7ac'
+        .rdata:
+            Entropy: 4.393744515519988
+            Virtual Size: '0x1b8'
+        .data:
+            Entropy: 0.5096713223407059
+            Virtual Size: '0x114'
+        .pdata:
+            Entropy: 3.2429587897527465
+            Virtual Size: '0x78'
+        INIT:
+            Entropy: 5.022741972184718
+            Virtual Size: '0x242'
+        .rsrc:
+            Entropy: 3.2727795218797135
+            Virtual Size: '0x390'
+    Signature:
+    - MICRO-STAR INTERNATIONAL CO., LTD.
+    - GlobalSign CodeSigning CA - G2
+    - GlobalSign Root CA - R1
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G3
+            ValidFrom: '2012-05-01 00:00:00'
+            ValidTo: '2012-12-31 23:59:59'
+            Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
+            Version: 3
+            TBS:
+                MD5: e6d820afb23af20a65cf0b03247ea05e
+                SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
+                SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
+                SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL
+                CO., LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL
+                CO., LTD.
+            ValidFrom: '2011-08-30 06:46:09'
+            ValidTo: '2014-08-30 06:46:09'
+            Signature: 87bf57ab7ffd7e005076b34b14ddd924045ec7e389871661794f1ece1bef10e050893b28236cb650af1415f8cd95e86c2052d93311d73e0bbe6fb1c22ddea438a93c8b18bd4b8c0f81ad07032efb46d406bbaa730dd3ac92cbf0d9cc711a397a0e0320b213a5161e6be83ec69967a712b463129ea56d5a8ecd3ff8901be09dfaa0a0f10e879b307863e1b1c3a3149ac73bc3f3160db7012229b57bced6d47b875878663642a8cddd03da1e7f236b8cf16713a5e0f4c892aaca77a8c7dab41d84567e2bbf09b336a2824e0e18d54d199e6e024d2630bb210cd24a9ef4b377be0429e2ecc9bf8478a8c6a78c686e26f29c95925baee85e4bbb97b6eecffe44a25e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
+            Version: 3
+            TBS:
+                MD5: 3a98a18e8636f2a01e49e2a6d116c360
+                SHA1: a2938150e46525adcec2e3a2348824bc1cf532b2
+                SHA256: 01a2e2d31d0a4f3005753cce5972b5da2a7c08b0750fb6947e0fd231e64ae7ec
+                SHA384: 722398e51e6b5bbe064df372be6b6a9ccfcc9719ad775213cae46920e0a3e6c5a4dc8b912de3148abfc60ff4a59050ea
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: d6f977640d4810a784d152e4d3c63a6b
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 7e9154ee514d494701eb8559524f8e2e
+        SHA1: 95c5f63e97d18e1ccc449a79ec952a5f6e76b9eb
+        SHA256: 543ee203b355c4cbac74d9bac71fb73c0c5c5c3afe268e2ae8ae48d61d350709
+    Company: MSI
+    Copyright: Copyright (C) 2011-2012 MSI. All rights reserved.
+    CreationTimestamp: '2013-12-03 01:49:26'
+    Date: ''
+    Description: NTIOLib For MSISimple_OC
+    ExportedFunctions: ''
+    FileVersion: 1.0.0.2
+    Filename: NTIOLib.sys
+    ImportedFunctions:
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - IoDeleteDevice
+    - IoCreateDevice
+    - KeBugCheckEx
+    - RtlInitUnicodeString
+    - IoCreateSymbolicLink
+    - IoDeleteSymbolicLink
+    - __C_specific_handler
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: NTIOLib.sys
+    MD5: 8d63e1a9ff4cafee1af179c0c544365c
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: NTIOLib.sys
+    Product: NTIOLib
+    ProductVersion: 1.0.0.2
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 41ddd08b440611823bc5d8cb732c563d
+        SHA1: 8acdfc9ac988c6250e2a031640f6e169b5fddb73
+        SHA256: 189683b4db2e68d2f0b3f91f1141907b3887f23991867a68a22389d40ad3634e
+    SHA1: c4d7fb9db3c3459f7e8c0e3d48c95c7c9c4cff60
+    SHA256: e68d453d333854787f8470c8baef3e0d082f26df5aa19c0493898bcf3401e39a
+    Sections:
+        .text:
+            Entropy: 5.969121261835391
+            Virtual Size: '0x7c6'
+        .rdata:
+            Entropy: 4.188443311802988
+            Virtual Size: '0x194'
+        .data:
+            Entropy: 0.5096713223407059
+            Virtual Size: '0x114'
+        .pdata:
+            Entropy: 3.397853343945449
+            Virtual Size: '0x78'
+        INIT:
+            Entropy: 5.046663153942613
+            Virtual Size: '0x242'
+        .rsrc:
+            Entropy: 3.262414652315032
+            Virtual Size: '0x398'
+    Signature:
+    - MICRO-STAR INTERNATIONAL CO., LTD.
+    - GlobalSign CodeSigning CA - G2
+    - GlobalSign Root CA - R1
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL
+                CO., LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL
+                CO., LTD.
+            ValidFrom: '2011-08-30 06:46:09'
+            ValidTo: '2014-08-30 06:46:09'
+            Signature: 87bf57ab7ffd7e005076b34b14ddd924045ec7e389871661794f1ece1bef10e050893b28236cb650af1415f8cd95e86c2052d93311d73e0bbe6fb1c22ddea438a93c8b18bd4b8c0f81ad07032efb46d406bbaa730dd3ac92cbf0d9cc711a397a0e0320b213a5161e6be83ec69967a712b463129ea56d5a8ecd3ff8901be09dfaa0a0f10e879b307863e1b1c3a3149ac73bc3f3160db7012229b57bced6d47b875878663642a8cddd03da1e7f236b8cf16713a5e0f4c892aaca77a8c7dab41d84567e2bbf09b336a2824e0e18d54d199e6e024d2630bb210cd24a9ef4b377be0429e2ecc9bf8478a8c6a78c686e26f29c95925baee85e4bbb97b6eecffe44a25e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
+            Version: 3
+            TBS:
+                MD5: 3a98a18e8636f2a01e49e2a6d116c360
+                SHA1: a2938150e46525adcec2e3a2348824bc1cf532b2
+                SHA256: 01a2e2d31d0a4f3005753cce5972b5da2a7c08b0750fb6947e0fd231e64ae7ec
+                SHA384: 722398e51e6b5bbe064df372be6b6a9ccfcc9719ad775213cae46920e0a3e6c5a4dc8b912de3148abfc60ff4a59050ea
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: d6f977640d4810a784d152e4d3c63a6b
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 01a9049b40b0e848649dd1e0d224e63e
+        SHA1: 9030ba396131afec733fc208ef55a4d37b6ffc07
+        SHA256: 826e80ea5f657c75127c066b86caea8089f33b09b12c3d393fca8efedd40c1ef
+    Company: MSI
+    Copyright: Copyright (C) 2008-2009 MSI. All rights reserved.
+    CreationTimestamp: '2012-11-20 01:14:23'
+    Date: ''
+    Description: NTIOLib for MSICPU_CC
+    ExportedFunctions: ''
+    FileVersion: 1.0.0.0
+    Filename: NTIOLib.sys
+    ImportedFunctions:
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - IoDeleteDevice
+    - IoCreateDevice
+    - KeBugCheckEx
+    - RtlInitUnicodeString
+    - IoCreateSymbolicLink
+    - IoDeleteSymbolicLink
+    - __C_specific_handler
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: NTIOLib.sys
+    MD5: e9a30edef1105b8a64218f892b2e56ed
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: NTIOLib.sys
+    Product: NTIOLib
+    ProductVersion: 1.0.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 39c75f9f5960f67f8cc161923c9e27de
+        SHA1: 04563d9ba3a46a4a80e909593385d142161e460f
+        SHA256: 160c6345935fc4df2858df076b6075d17a8f8adec1d01711474d4221fe4168a8
+    SHA1: d34a7c497c603f3f7fcad546dc4097c2da17c430
+    SHA256: e83908eba2501a00ef9e74e7d1c8b4ff1279f1cd6051707fd51824f87e4378fa
+    Sections:
+        .text:
+            Entropy: 5.960812481369582
+            Virtual Size: '0x7dc'
+        .rdata:
+            Entropy: 4.413802817693075
+            Virtual Size: '0x1b8'
+        .data:
+            Entropy: 0.5096713223407059
+            Virtual Size: '0x114'
+        .pdata:
+            Entropy: 3.333607461074226
+            Virtual Size: '0x78'
+        INIT:
+            Entropy: 5.022741972184718
+            Virtual Size: '0x242'
+        .rsrc:
+            Entropy: 3.2750820059478167
+            Virtual Size: '0x390'
+    Signature:
+    - MICRO-STAR INTERNATIONAL CO., LTD.
+    - GlobalSign CodeSigning CA - G2
+    - GlobalSign Root CA - R1
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G3
+            ValidFrom: '2012-05-01 00:00:00'
+            ValidTo: '2012-12-31 23:59:59'
+            Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
+            Version: 3
+            TBS:
+                MD5: e6d820afb23af20a65cf0b03247ea05e
+                SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
+                SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
+                SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL
+                CO., LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL
+                CO., LTD.
+            ValidFrom: '2011-08-30 06:46:09'
+            ValidTo: '2014-08-30 06:46:09'
+            Signature: 87bf57ab7ffd7e005076b34b14ddd924045ec7e389871661794f1ece1bef10e050893b28236cb650af1415f8cd95e86c2052d93311d73e0bbe6fb1c22ddea438a93c8b18bd4b8c0f81ad07032efb46d406bbaa730dd3ac92cbf0d9cc711a397a0e0320b213a5161e6be83ec69967a712b463129ea56d5a8ecd3ff8901be09dfaa0a0f10e879b307863e1b1c3a3149ac73bc3f3160db7012229b57bced6d47b875878663642a8cddd03da1e7f236b8cf16713a5e0f4c892aaca77a8c7dab41d84567e2bbf09b336a2824e0e18d54d199e6e024d2630bb210cd24a9ef4b377be0429e2ecc9bf8478a8c6a78c686e26f29c95925baee85e4bbb97b6eecffe44a25e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
+            Version: 3
+            TBS:
+                MD5: 3a98a18e8636f2a01e49e2a6d116c360
+                SHA1: a2938150e46525adcec2e3a2348824bc1cf532b2
+                SHA256: 01a2e2d31d0a4f3005753cce5972b5da2a7c08b0750fb6947e0fd231e64ae7ec
+                SHA384: 722398e51e6b5bbe064df372be6b6a9ccfcc9719ad775213cae46920e0a3e6c5a4dc8b912de3148abfc60ff4a59050ea
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: d6f977640d4810a784d152e4d3c63a6b
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 94faebdbb74a0b99a8a17430671cdf9e
+        SHA1: aca4c47b4823b5653cb42e599ee6168f435bdcc7
+        SHA256: 21a6689456d9833453d5247e4c5faf13edcd4835408e033c40ae1a225711ae8f
+    Company: MSI
+    Copyright: Copyright (C) 2008-2009 MSI. All rights reserved.
+    CreationTimestamp: '2013-12-25 03:41:18'
+    Date: ''
+    Description: NTIOLib
+    ExportedFunctions: ''
+    FileVersion: 1.0.0.0
+    Filename: NTIOLib.sys
+    ImportedFunctions:
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - IoDeleteDevice
+    - IoCreateDevice
+    - KeBugCheckEx
+    - RtlInitUnicodeString
+    - IoCreateSymbolicLink
+    - IoDeleteSymbolicLink
+    - __C_specific_handler
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: NTIOLib.sys
+    MD5: 361a598d8bb92c13b18abb7cac850b01
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: NTIOLib.sys
+    Product: NTIOLib
+    ProductVersion: 1.0.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 41ddd08b440611823bc5d8cb732c563d
+        SHA1: 8acdfc9ac988c6250e2a031640f6e169b5fddb73
+        SHA256: 189683b4db2e68d2f0b3f91f1141907b3887f23991867a68a22389d40ad3634e
+    SHA1: 1fd7f881ea4a1dbb5c9aeb9e7ad659a85421745b
+    SHA256: ef86c4e5ee1dbc4f81cd864e8cd2f4a2a85ee4475b9a9ab698a4ae1cc71fbeb0
+    Sections:
+        .text:
+            Entropy: 5.981519493284177
+            Virtual Size: '0x78e'
+        .rdata:
+            Entropy: 4.014273883336038
+            Virtual Size: '0x184'
+        .data:
+            Entropy: 0.5096713223407059
+            Virtual Size: '0x114'
+        .pdata:
+            Entropy: 3.317906443583505
+            Virtual Size: '0x78'
+        INIT:
+            Entropy: 5.046663153942613
+            Virtual Size: '0x242'
+        .rsrc:
+            Entropy: 3.2498244109800973
+            Virtual Size: '0x370'
+    Signature:
+    - MICRO-STAR INTERNATIONAL CO., LTD.
+    - GlobalSign CodeSigning CA - G2
+    - GlobalSign Root CA - R1
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL
+                CO., LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL
+                CO., LTD.
+            ValidFrom: '2011-08-30 06:46:09'
+            ValidTo: '2014-08-30 06:46:09'
+            Signature: 87bf57ab7ffd7e005076b34b14ddd924045ec7e389871661794f1ece1bef10e050893b28236cb650af1415f8cd95e86c2052d93311d73e0bbe6fb1c22ddea438a93c8b18bd4b8c0f81ad07032efb46d406bbaa730dd3ac92cbf0d9cc711a397a0e0320b213a5161e6be83ec69967a712b463129ea56d5a8ecd3ff8901be09dfaa0a0f10e879b307863e1b1c3a3149ac73bc3f3160db7012229b57bced6d47b875878663642a8cddd03da1e7f236b8cf16713a5e0f4c892aaca77a8c7dab41d84567e2bbf09b336a2824e0e18d54d199e6e024d2630bb210cd24a9ef4b377be0429e2ecc9bf8478a8c6a78c686e26f29c95925baee85e4bbb97b6eecffe44a25e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
+            Version: 3
+            TBS:
+                MD5: 3a98a18e8636f2a01e49e2a6d116c360
+                SHA1: a2938150e46525adcec2e3a2348824bc1cf532b2
+                SHA256: 01a2e2d31d0a4f3005753cce5972b5da2a7c08b0750fb6947e0fd231e64ae7ec
+                SHA384: 722398e51e6b5bbe064df372be6b6a9ccfcc9719ad775213cae46920e0a3e6c5a4dc8b912de3148abfc60ff4a59050ea
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: d6f977640d4810a784d152e4d3c63a6b
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 85dcbf05c91ceacc919a1638dd3c8f9f
+        SHA1: 3d947aff431bb8ec02d9be3b4499312a62d4fec9
+        SHA256: 5c22b7f65de948fdb74ffc3b5bae68f109bf7404a154ddbfa25dfd53e1bde667
+    Company: MSI
+    Copyright: Copyright (C) 2008-2009 MSI. All rights reserved.
+    CreationTimestamp: '2012-10-25 20:11:43'
+    Date: ''
+    Description: NTIOLib
+    ExportedFunctions: ''
+    FileVersion: 1.0.0.0
+    Filename: NTIOLib.sys
+    ImportedFunctions:
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - IoDeleteDevice
+    - IoCreateDevice
+    - KeBugCheckEx
+    - RtlInitUnicodeString
+    - IoCreateSymbolicLink
+    - IoDeleteSymbolicLink
+    - __C_specific_handler
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: NTIOLib.sys
+    MD5: 7b43dfd84de5e81162ebcfafb764b769
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: NTIOLib.sys
+    Product: NTIOLib
+    ProductVersion: 1.0.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 39c75f9f5960f67f8cc161923c9e27de
+        SHA1: 04563d9ba3a46a4a80e909593385d142161e460f
+        SHA256: 160c6345935fc4df2858df076b6075d17a8f8adec1d01711474d4221fe4168a8
+    SHA1: 0b8b83f245d94107cb802a285e6529161d9a834d
+    SHA256: f088b2ba27dacd5c28f8ee428f1350dca4bc7c6606309c287c801b2e1da1a53d
+    Sections:
+        .text:
+            Entropy: 5.984143862267471
+            Virtual Size: '0x798'
+        .rdata:
+            Entropy: 4.372889415937577
+            Virtual Size: '0x1b4'
+        .data:
+            Entropy: 0.5096713223407059
+            Virtual Size: '0x114'
+        .pdata:
+            Entropy: 3.1756477119220743
+            Virtual Size: '0x78'
+        INIT:
+            Entropy: 5.022741972184718
+            Virtual Size: '0x242'
+        .rsrc:
+            Entropy: 3.2498244109800973
+            Virtual Size: '0x370'
+    Signature:
+    - MICRO-STAR INTERNATIONAL CO., LTD.
+    - GlobalSign CodeSigning CA - G2
+    - GlobalSign Root CA - R1
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G3
+            ValidFrom: '2012-05-01 00:00:00'
+            ValidTo: '2012-12-31 23:59:59'
+            Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
+            Version: 3
+            TBS:
+                MD5: e6d820afb23af20a65cf0b03247ea05e
+                SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
+                SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
+                SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL
+                CO., LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL
+                CO., LTD.
+            ValidFrom: '2011-08-30 06:46:09'
+            ValidTo: '2014-08-30 06:46:09'
+            Signature: 87bf57ab7ffd7e005076b34b14ddd924045ec7e389871661794f1ece1bef10e050893b28236cb650af1415f8cd95e86c2052d93311d73e0bbe6fb1c22ddea438a93c8b18bd4b8c0f81ad07032efb46d406bbaa730dd3ac92cbf0d9cc711a397a0e0320b213a5161e6be83ec69967a712b463129ea56d5a8ecd3ff8901be09dfaa0a0f10e879b307863e1b1c3a3149ac73bc3f3160db7012229b57bced6d47b875878663642a8cddd03da1e7f236b8cf16713a5e0f4c892aaca77a8c7dab41d84567e2bbf09b336a2824e0e18d54d199e6e024d2630bb210cd24a9ef4b377be0429e2ecc9bf8478a8c6a78c686e26f29c95925baee85e4bbb97b6eecffe44a25e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
+            Version: 3
+            TBS:
+                MD5: 3a98a18e8636f2a01e49e2a6d116c360
+                SHA1: a2938150e46525adcec2e3a2348824bc1cf532b2
+                SHA256: 01a2e2d31d0a4f3005753cce5972b5da2a7c08b0750fb6947e0fd231e64ae7ec
+                SHA384: 722398e51e6b5bbe064df372be6b6a9ccfcc9719ad775213cae46920e0a3e6c5a4dc8b912de3148abfc60ff4a59050ea
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: d6f977640d4810a784d152e4d3c63a6b
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: b9951498dd00ac42a36a6f5d59ebe98d
+        SHA1: 0c429ee64668374fdf6d187071d4f0a932992a5f
+        SHA256: 2e5648f892460e2a2a450519b523007ca6973a3679a59c07582aa5bdbd6584d4
+    Company: MSI
+    Copyright: Copyright (C) 2008-2009 MSI. All rights reserved.
+    CreationTimestamp: '2010-04-20 19:13:34'
+    Date: ''
+    Description: NTIOLib
+    ExportedFunctions: ''
+    FileVersion: 1.0.0.0
+    Filename: NTIOLib.sys
+    ImportedFunctions:
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - IoDeleteDevice
+    - IoCreateDevice
+    - KeBugCheckEx
+    - RtlInitUnicodeString
+    - IoCreateSymbolicLink
+    - IoDeleteSymbolicLink
+    - __C_specific_handler
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: NTIOLib.sys
+    MD5: f66b96aa7ae430b56289409241645099
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: NTIOLib.sys
+    Product: NTIOLib
+    ProductVersion: 1.0.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 2ee757c19c3e831d8f872914fe1b1384
+        SHA1: 9c58163cf35d80dbe450b656a52ee9de12bc60d2
+        SHA256: c5a21f0ae765d60ce4e2189aa3ca90b603b75ac02d9a98d1ab04375ad398132c
+    SHA1: c969f1f73922fd95db1992a5b552fbc488366a40
+    SHA256: fd8669794c67b396c12fc5f08e9c004fdf851a82faf302846878173e4fbecb03
+    Sections:
+        .text:
+            Entropy: 6.009915705178224
+            Virtual Size: '0x794'
+        .rdata:
+            Entropy: 4.369060306402698
+            Virtual Size: '0x1b0'
+        .data:
+            Entropy: 0.5096713223407059
+            Virtual Size: '0x114'
+        .pdata:
+            Entropy: 3.217404746311882
+            Virtual Size: '0x6c'
+        INIT:
+            Entropy: 4.846887314724898
+            Virtual Size: '0x222'
+        .rsrc:
+            Entropy: 3.2498244109800973
+            Virtual Size: '0x370'
+    Signature:
+    - Micro-Star Int'l Co. Ltd.
+    - GlobalSign ObjectSign CA
+    - GlobalSign Primary Object Publishing CA
+    - GlobalSign
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
+                Primary Object Publishing CA
+            ValidFrom: '1999-01-28 12:00:00'
+            ValidTo: '2014-01-27 11:00:00'
+            Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9611cd6
+            Version: 3
+            TBS:
+                MD5: 698f075151097d84c0b1f3e7bc3d6fca
+                SHA1: 041750993d7c9e063f02dfe74699598640911aab
+                SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
+                SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
+        -   Subject: C=TW, O=Micro,Star Int'l Co. Ltd., CN=Micro,Star Int'l Co. Ltd.
+            ValidFrom: '2008-08-28 09:49:45'
+            ValidTo: '2011-08-28 09:49:45'
+            Signature: 572df373e9b036711b3cf5ee882e5d75d8d50f012407cf0c1b554ff8f41c7b6477fa0b2ad579f2c1fe7b8b9d7374b690527c219eb979686fb67d0b4cf2885d8d7d1261f05cb72fe4c9f294c52aa05f3e5d1ceb0d77085dbd6af07978032505da666f353283a8982af26985e69c1599479945b591124183574b8a4cc34caa62e31b523dac3fedbd04951b3661399ed34f5c5868d9bbe3295fc09890d9521e1cdcae2ff129f547d4c8ce8aa08616107c555fac60e5b63c14ddfeb6962af3608b75d9c77c69260d8af9775b83afaa15b8ecef6840cb4ee87d451f9042b49735ea40931c0664c8c2bf6a139db6ac5b90edcea63a6bf5b54978f027b1046170d476d0
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0100000000011c08b7f67e
+            Version: 3
+            TBS:
+                MD5: 4566c37f56f951a0ce5b4ae966c0ea9f
+                SHA1: a51cbf2834eb6f8535bc5e44913a9ec979379782
+                SHA256: 88a8e9a799af515b9223e4cdf24d0ef1e72f12124be02786f026a3c26317b417
+                SHA384: d8d8769d5b6a0fe7c56fcde24c735475ee0e5d01c63dbf7690cdae5a3e251818bed42443d0c6424d39e81a19d6c83bdb
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            ValidFrom: '2004-01-22 09:00:00'
+            ValidTo: '2014-01-27 10:00:00'
+            Signature: 3c4a010267edf20a2e736e40252f1dccbc2db652141b27122cf1229e190a89b6ef352a29152b1a88c20f37168d2602d5e93080f608b9939ac0498f332c3035ff4ab9892aa75c38e761a778fe22851a07b4b9edcf21f25ddedff329c5d38d9e14c4285c88e590a300442912b23e759540244a6beee2d0ef862ddf6d741a4f1cc79424c443464f7b81015d23733cd9752e995361565e7ccd13e237d222e570f8a743f6154147fda24702c43651ca545da6cdcad61817533ff1d38e0f0aafda17941657a0991431c90e1611d2c04ca2a25978fbb6b933cff763c9d2c4c84953dd8a59525e7d3b385eed220360ac85cd58325dcdc31c07fa7ef67efbc8ac378be498
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000117ab50b915
+            Version: 3
+            TBS:
+                MD5: 5686b287d716c4d2428b092c4ef30f9c
+                SHA1: 306fb5fbeb3d531510bb4b663c4fd48adc121e14
+                SHA256: 60846fc990e271a707cd2d53d0bb21834a04f7652214aa0c12597ff6649d352d
+                SHA384: 6b37b28ca97b32a31b0fa53b5e961ae0f2d1aae2c5bf46de132e57834ee3968d9af7ad204821f9389cc4e0b5a8481fe8
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 0100000000011c08b7f67e
+            Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            Version: 1
+    Imphash: d6f977640d4810a784d152e4d3c63a6b
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/a845a05c-5357-4b78-9783-16b4d34b2cb0.yaml b/yaml/a845a05c-5357-4b78-9783-16b4d34b2cb0.yaml
index cfa695e8e..089ba6215 100644
--- a/yaml/a845a05c-5357-4b78-9783-16b4d34b2cb0.yaml
+++ b/yaml/a845a05c-5357-4b78-9783-16b4d34b2cb0.yaml
@@ -1,323 +1,324 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: a845a05c-5357-4b78-9783-16b4d34b2cb0
+Tags:
+- aswVmm.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create aswVmm.sys binPath=C:\windows\temp\aswVmm.sys type=kernel
-    && sc.exe start aswVmm.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/36505921af5a09175395ebaea29c72b2a69a3a9204384a767a5be8a721f31b10.yara
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: a845a05c-5357-4b78-9783-16b4d34b2cb0
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 14260121e1984480cf6e7ec1adead3a3
-    SHA1: bce48d80831090b849b7f0d2f9dffd36ec44d894
-    SHA256: a2b0b2e9e458016b22ebbf47411008f0a87efd9103b125870ce37246ab5bdff0
-  Company: AVAST Software
-  Copyright: Copyright (c) 2013 AVAST Software
-  CreationTimestamp: '2013-08-30 01:36:44'
-  Date: ''
-  Description: avast! VM Monitor
-  ExportedFunctions: ''
-  FileVersion: 8.0.1497.376
-  Filename: aswVmm.sys
-  ImportedFunctions:
-  - memcpy
-  - IoDeleteDevice
-  - ZwClose
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - ExDeleteResourceLite
-  - IoReleaseRemoveLockAndWaitEx
-  - KeCancelTimer
-  - ExFreePoolWithTag
-  - IoUnregisterShutdownNotification
-  - KeSetTimerEx
-  - KeInitializeDpc
-  - KeInitializeTimerEx
-  - IoCreateSymbolicLink
-  - KeInitializeEvent
-  - IoRegisterShutdownNotification
-  - RtlAppendUnicodeToString
-  - RtlCopyUnicodeString
-  - ExAllocatePoolWithTag
-  - ExInitializeResourceLite
-  - IoAcquireRemoveLockEx
-  - IoInitializeRemoveLockEx
-  - IoIsWdmVersionAvailable
-  - KeQueryActiveProcessors
-  - InitSafeBootMode
-  - MmFreeContiguousMemory
-  - MmGetPhysicalAddress
-  - _allrem
-  - _alldiv
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - MmFreePagesFromMdl
-  - MmUnmapLockedPages
-  - MmMapLockedPagesSpecifyCache
-  - IoReleaseRemoveLockEx
-  - IofCompleteRequest
-  - KeLeaveCriticalRegion
-  - ExReleaseResourceLite
-  - ExAcquireResourceExclusiveLite
-  - KeEnterCriticalRegion
-  - ExAcquireResourceSharedLite
-  - IoFreeMdl
-  - MmUnlockPages
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - RtlLookupElementGenericTableAvl
-  - RtlDeleteElementGenericTableAvl
-  - RtlInsertElementGenericTableAvl
-  - _aullshr
-  - KeUnstackDetachProcess
-  - KeStackAttachProcess
-  - PsLookupProcessByProcessId
-  - RtlInitializeGenericTableAvl
-  - RtlEnumerateGenericTableAvl
-  - RtlIsGenericTableEmptyAvl
-  - ZwOpenFile
-  - _allshr
-  - _allmul
-  - MmIsAddressValid
-  - MmGetSystemRoutineAddress
-  - IoFreeWorkItem
-  - PsGetProcessWin32Process
-  - IoGetCurrentProcess
-  - IoQueueWorkItem
-  - IoAllocateWorkItem
-  - MmAllocateContiguousMemorySpecifyCache
-  - ExRegisterCallback
-  - ExCreateCallback
-  - ExUnregisterCallback
-  - PsRemoveLoadImageNotifyRoutine
-  - PsSetLoadImageNotifyRoutine
-  - PsSetCreateProcessNotifyRoutine
-  - KeResetEvent
-  - KeSetEvent
-  - MmGetPhysicalMemoryRanges
-  - MmAllocatePagesForMdl
-  - RtlCheckRegistryKey
-  - RtlCompareUnicodeString
-  - ZwCreateKey
-  - ZwQueryValueKey
-  - PsTerminateSystemThread
-  - KeWaitForSingleObject
-  - KeSetSystemAffinityThread
-  - KeSetPriorityThread
-  - ObReferenceObjectByHandle
-  - PsThreadType
-  - PsCreateSystemThread
-  - KeWaitForMultipleObjects
-  - DbgPrint
-  - MmFreeMappingAddress
-  - MmAllocateMappingAddress
-  - ProbeForRead
-  - ExGetPreviousMode
-  - KeTickCount
-  - KeBugCheckEx
-  - _allshl
-  - memset
-  - ObfDereferenceObject
-  - ZwSetSecurityObject
-  - ObOpenObjectByPointer
-  - IoDeviceObjectType
-  - IoCreateDevice
-  - RtlUnwind
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetSaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - _snwprintf
-  - RtlLengthSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - SeExports
-  - _wcsnicmp
-  - RtlAddAccessAllowedAce
-  - RtlLengthSid
-  - wcschr
-  - RtlAbsoluteToSelfRelativeSD
-  - RtlSetDaclSecurityDescriptor
-  - RtlCreateSecurityDescriptor
-  - ZwOpenKey
-  - ZwSetValueKey
-  - RtlFreeUnicodeString
-  - ZwUnmapViewOfSection
-  - ZwMapViewOfSection
-  - ZwCreateSection
-  - KfLowerIrql
-  - KeGetCurrentIrql
-  - KeRaiseIrqlToDpcLevel
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: aswVmm.sys
-  MD5: a5f637d61719d37a5b4868c385e363c0
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: aswVmm.sys
-  Product: avast! Antivirus
-  ProductVersion: 8.0.1497.376
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 32e18518c09e53f4f8e4f9522b0dae95
-    SHA1: 0ec193f3c2b5474347fca5c10fbb0ed72d6cd6fc
-    SHA256: 89ab793db2d8f113088473ba2431964d1103660a9475d1f93e5002710fd46ad8
-  SHA1: 34c85afe6d84cd3deec02c0a72e5abfa7a2886c3
-  SHA256: 36505921af5a09175395ebaea29c72b2a69a3a9204384a767a5be8a721f31b10
-  Sections:
-    .text:
-      Entropy: 6.435099675805003
-      Virtual Size: '0x11bdc'
-    .rdata:
-      Entropy: 4.337653561530945
-      Virtual Size: '0x3684'
-    .data:
-      Entropy: 2.248043192138036
-      Virtual Size: '0xf0d0'
-    PAGE:
-      Entropy: 6.275818990042088
-      Virtual Size: '0x13dd'
-    INIT:
-      Entropy: 5.497102312949239
-      Virtual Size: '0xdc4'
-    .rsrc:
-      Entropy: 3.4097453831731763
-      Virtual Size: '0x470'
-    .reloc:
-      Entropy: 6.2040113276427356
-      Virtual Size: '0x2058'
-  Signature:
-  - AVAST Software
-  - VeriSign Class 3 Code Signing 2010 CA
-  - VeriSign
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=CZ, ST=Praha, L=Praha 4, O=AVAST Software, OU=Digital ID Class 3
-        , Microsoft Software Validation v2, CN=AVAST Software
-      ValidFrom: '2011-01-31 00:00:00'
-      ValidTo: '2014-01-30 23:59:59'
-      Signature: 55d3e7e20555513f967fd483dbac39db82fadd950749cd336948b207edaf3a80b6aa50d6b4ffa06d68ceee6dc9897ab0db21d4f20614bf368254d736ece3929496cfa89b9a62b01fd2e289ff89d98ef138790741db87736de22fd69f8025e2da7c1e2981ac77061c2b3d9ff6cdb7461078d6dc4d2e4788fb64b5ad381654f126cae280a8a273bb35816c15c1af0b7d25336949b24e899643a9bddbe40d4823100c076ca91c6c2da844d73a142e2722aaf71e4fa040b6d99ad564c93b216200d58f079f83f90000d05e62ff90fc4994dd0ac1d8d01220698839d38c99adbd219f1fe1d5b18bba8e60a0cac5753dce332728041f6626e1ab13da1a7e2bd961b7ba
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0dd6d671fe0364d43b632131417e7b3f
-      Version: 3
-      TBS:
-        MD5: 21d1d3208df2fa1d448ca0d6a7c3f767
-        SHA1: 8c1c5b83db485fb02a60c5637d7a0e7dd61386e9
-        SHA256: efa85130741975dc47e84d0fe609aefcab90da0474420cef1c4002b032bd5d76
-        SHA384: 4246553acc05423f671b817d9c605f081132eced2149d8a0cb94b655721ad9c7cfc27744eb119d323e97084b805f21ef
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 0dd6d671fe0364d43b632131417e7b3f
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 44e6f2f64092b48f8eb926c36ebd1d56
-  LoadsDespiteHVCI: 'TRUE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create aswVmm.sys binPath=C:\windows\temp\aswVmm.sys type=kernel
+        && sc.exe start aswVmm.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://github.com/tanduRE/AvastHV
 - https://github.com/elastic/protections-artifacts/search?q=VulnDriver
-Tags:
-- aswVmm.sys
-Verified: 'TRUE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/36505921af5a09175395ebaea29c72b2a69a3a9204384a767a5be8a721f31b10.yara
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 14260121e1984480cf6e7ec1adead3a3
+        SHA1: bce48d80831090b849b7f0d2f9dffd36ec44d894
+        SHA256: a2b0b2e9e458016b22ebbf47411008f0a87efd9103b125870ce37246ab5bdff0
+    Company: AVAST Software
+    Copyright: Copyright (c) 2013 AVAST Software
+    CreationTimestamp: '2013-08-30 01:36:44'
+    Date: ''
+    Description: avast! VM Monitor
+    ExportedFunctions: ''
+    FileVersion: 8.0.1497.376
+    Filename: aswVmm.sys
+    ImportedFunctions:
+    - memcpy
+    - IoDeleteDevice
+    - ZwClose
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - ExDeleteResourceLite
+    - IoReleaseRemoveLockAndWaitEx
+    - KeCancelTimer
+    - ExFreePoolWithTag
+    - IoUnregisterShutdownNotification
+    - KeSetTimerEx
+    - KeInitializeDpc
+    - KeInitializeTimerEx
+    - IoCreateSymbolicLink
+    - KeInitializeEvent
+    - IoRegisterShutdownNotification
+    - RtlAppendUnicodeToString
+    - RtlCopyUnicodeString
+    - ExAllocatePoolWithTag
+    - ExInitializeResourceLite
+    - IoAcquireRemoveLockEx
+    - IoInitializeRemoveLockEx
+    - IoIsWdmVersionAvailable
+    - KeQueryActiveProcessors
+    - InitSafeBootMode
+    - MmFreeContiguousMemory
+    - MmGetPhysicalAddress
+    - _allrem
+    - _alldiv
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - MmFreePagesFromMdl
+    - MmUnmapLockedPages
+    - MmMapLockedPagesSpecifyCache
+    - IoReleaseRemoveLockEx
+    - IofCompleteRequest
+    - KeLeaveCriticalRegion
+    - ExReleaseResourceLite
+    - ExAcquireResourceExclusiveLite
+    - KeEnterCriticalRegion
+    - ExAcquireResourceSharedLite
+    - IoFreeMdl
+    - MmUnlockPages
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - RtlLookupElementGenericTableAvl
+    - RtlDeleteElementGenericTableAvl
+    - RtlInsertElementGenericTableAvl
+    - _aullshr
+    - KeUnstackDetachProcess
+    - KeStackAttachProcess
+    - PsLookupProcessByProcessId
+    - RtlInitializeGenericTableAvl
+    - RtlEnumerateGenericTableAvl
+    - RtlIsGenericTableEmptyAvl
+    - ZwOpenFile
+    - _allshr
+    - _allmul
+    - MmIsAddressValid
+    - MmGetSystemRoutineAddress
+    - IoFreeWorkItem
+    - PsGetProcessWin32Process
+    - IoGetCurrentProcess
+    - IoQueueWorkItem
+    - IoAllocateWorkItem
+    - MmAllocateContiguousMemorySpecifyCache
+    - ExRegisterCallback
+    - ExCreateCallback
+    - ExUnregisterCallback
+    - PsRemoveLoadImageNotifyRoutine
+    - PsSetLoadImageNotifyRoutine
+    - PsSetCreateProcessNotifyRoutine
+    - KeResetEvent
+    - KeSetEvent
+    - MmGetPhysicalMemoryRanges
+    - MmAllocatePagesForMdl
+    - RtlCheckRegistryKey
+    - RtlCompareUnicodeString
+    - ZwCreateKey
+    - ZwQueryValueKey
+    - PsTerminateSystemThread
+    - KeWaitForSingleObject
+    - KeSetSystemAffinityThread
+    - KeSetPriorityThread
+    - ObReferenceObjectByHandle
+    - PsThreadType
+    - PsCreateSystemThread
+    - KeWaitForMultipleObjects
+    - DbgPrint
+    - MmFreeMappingAddress
+    - MmAllocateMappingAddress
+    - ProbeForRead
+    - ExGetPreviousMode
+    - KeTickCount
+    - KeBugCheckEx
+    - _allshl
+    - memset
+    - ObfDereferenceObject
+    - ZwSetSecurityObject
+    - ObOpenObjectByPointer
+    - IoDeviceObjectType
+    - IoCreateDevice
+    - RtlUnwind
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetSaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - _snwprintf
+    - RtlLengthSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - SeExports
+    - _wcsnicmp
+    - RtlAddAccessAllowedAce
+    - RtlLengthSid
+    - wcschr
+    - RtlAbsoluteToSelfRelativeSD
+    - RtlSetDaclSecurityDescriptor
+    - RtlCreateSecurityDescriptor
+    - ZwOpenKey
+    - ZwSetValueKey
+    - RtlFreeUnicodeString
+    - ZwUnmapViewOfSection
+    - ZwMapViewOfSection
+    - ZwCreateSection
+    - KfLowerIrql
+    - KeGetCurrentIrql
+    - KeRaiseIrqlToDpcLevel
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: aswVmm.sys
+    MD5: a5f637d61719d37a5b4868c385e363c0
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: aswVmm.sys
+    Product: avast! Antivirus
+    ProductVersion: 8.0.1497.376
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 32e18518c09e53f4f8e4f9522b0dae95
+        SHA1: 0ec193f3c2b5474347fca5c10fbb0ed72d6cd6fc
+        SHA256: 89ab793db2d8f113088473ba2431964d1103660a9475d1f93e5002710fd46ad8
+    SHA1: 34c85afe6d84cd3deec02c0a72e5abfa7a2886c3
+    SHA256: 36505921af5a09175395ebaea29c72b2a69a3a9204384a767a5be8a721f31b10
+    Sections:
+        .text:
+            Entropy: 6.435099675805003
+            Virtual Size: '0x11bdc'
+        .rdata:
+            Entropy: 4.337653561530945
+            Virtual Size: '0x3684'
+        .data:
+            Entropy: 2.248043192138036
+            Virtual Size: '0xf0d0'
+        PAGE:
+            Entropy: 6.275818990042088
+            Virtual Size: '0x13dd'
+        INIT:
+            Entropy: 5.497102312949239
+            Virtual Size: '0xdc4'
+        .rsrc:
+            Entropy: 3.4097453831731763
+            Virtual Size: '0x470'
+        .reloc:
+            Entropy: 6.2040113276427356
+            Virtual Size: '0x2058'
+    Signature:
+    - AVAST Software
+    - VeriSign Class 3 Code Signing 2010 CA
+    - VeriSign
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=CZ, ST=Praha, L=Praha 4, O=AVAST Software, OU=Digital ID Class
+                3 , Microsoft Software Validation v2, CN=AVAST Software
+            ValidFrom: '2011-01-31 00:00:00'
+            ValidTo: '2014-01-30 23:59:59'
+            Signature: 55d3e7e20555513f967fd483dbac39db82fadd950749cd336948b207edaf3a80b6aa50d6b4ffa06d68ceee6dc9897ab0db21d4f20614bf368254d736ece3929496cfa89b9a62b01fd2e289ff89d98ef138790741db87736de22fd69f8025e2da7c1e2981ac77061c2b3d9ff6cdb7461078d6dc4d2e4788fb64b5ad381654f126cae280a8a273bb35816c15c1af0b7d25336949b24e899643a9bddbe40d4823100c076ca91c6c2da844d73a142e2722aaf71e4fa040b6d99ad564c93b216200d58f079f83f90000d05e62ff90fc4994dd0ac1d8d01220698839d38c99adbd219f1fe1d5b18bba8e60a0cac5753dce332728041f6626e1ab13da1a7e2bd961b7ba
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0dd6d671fe0364d43b632131417e7b3f
+            Version: 3
+            TBS:
+                MD5: 21d1d3208df2fa1d448ca0d6a7c3f767
+                SHA1: 8c1c5b83db485fb02a60c5637d7a0e7dd61386e9
+                SHA256: efa85130741975dc47e84d0fe609aefcab90da0474420cef1c4002b032bd5d76
+                SHA384: 4246553acc05423f671b817d9c605f081132eced2149d8a0cb94b655721ad9c7cfc27744eb119d323e97084b805f21ef
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 0dd6d671fe0364d43b632131417e7b3f
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 44e6f2f64092b48f8eb926c36ebd1d56
+    LoadsDespiteHVCI: 'TRUE'
diff --git a/yaml/a8e999ee-746f-4788-9102-c1d3d2914f56.yaml b/yaml/a8e999ee-746f-4788-9102-c1d3d2914f56.yaml
index c6d78bcc5..03ba4f14e 100644
--- a/yaml/a8e999ee-746f-4788-9102-c1d3d2914f56.yaml
+++ b/yaml/a8e999ee-746f-4788-9102-c1d3d2914f56.yaml
@@ -1,669 +1,671 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: a8e999ee-746f-4788-9102-c1d3d2914f56
+Tags:
+- LgDCatcher.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create LgDCatcher.sys binPath=C:\windows\temp\LgDCatcher.sys type=kernel
-    && sc.exe start LgDCatcher.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: a8e999ee-746f-4788-9102-c1d3d2914f56
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 0011ec462e11bd6288e1dc38def9be06
-    SHA1: c6f2e631f12737a5fa96db2e18c8ebf950d64eb6
-    SHA256: 3ba724dd78864cd527a99673fde1bf7f9f85f2415c91708e7380fbe5e2c085dd
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2021-07-21 01:22:27'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: LgDCatcher.sys
-  ImportedFunctions:
-  - ExpInterlockedPushEntrySList
-  - ExInitializeNPagedLookasideList
-  - ExDeleteNPagedLookasideList
-  - MmBuildMdlForNonPagedPool
-  - MmMapLockedPagesSpecifyCache
-  - MmUnmapLockedPages
-  - MmAllocatePagesForMdl
-  - MmFreePagesFromMdl
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - IoAllocateMdl
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - IoFreeMdl
-  - IoReleaseCancelSpinLock
-  - ObReferenceObjectByHandle
-  - ExpInterlockedPopEntrySList
-  - ZwClose
-  - ZwOpenKey
-  - ZwQueryValueKey
-  - PsGetCurrentProcessId
-  - ZwSetInformationThread
-  - RtlLengthSid
-  - RtlCreateAcl
-  - RtlAddAccessAllowedAce
-  - PsLookupProcessByProcessId
-  - ObOpenObjectByPointer
-  - ZwSetSecurityObject
-  - __C_specific_handler
-  - SeExports
-  - RtlGetVersion
-  - _stricmp
-  - ExAllocatePool
-  - ZwQuerySystemInformation
-  - RtlValidSid
-  - KeGetCurrentIrql
-  - KeWaitForSingleObject
-  - ExFreePoolWithTag
-  - ExQueryDepthSList
-  - KeSetEvent
-  - KeInitializeEvent
-  - RtlSetDaclSecurityDescriptor
-  - RtlCreateSecurityDescriptor
-  - RtlAppendUnicodeToString
-  - MmGetSystemRoutineAddress
-  - RtlInitUnicodeString
-  - swprintf_s
-  - ExUuidCreate
-  - ExAllocatePoolWithTag
-  - RtlCopyUnicodeString
-  - KeReleaseInStackQueuedSpinLock
-  - KeAcquireInStackQueuedSpinLock
-  - ObfDereferenceObject
-  - RtlCompareMemory
-  - FwpsFreeNetBufferList0
-  - NdisInitializeEvent
-  - NdisAdvanceNetBufferDataStart
-  - NdisGetDataBuffer
-  - NdisAllocateGenericObject
-  - NdisFreeNetBufferListPool
-  - NdisAllocateNetBufferListPool
-  - NdisWaitEvent
-  - NdisFreeGenericObject
-  - NdisRetreatNetBufferDataStart
-  - WdfVersionUnbind
-  - WdfVersionBind
-  - WdfVersionBindClass
-  - WdfVersionUnbindClass
-  Imports:
-  - ntoskrnl.exe
-  - fwpkclnt.sys
-  - NDIS.SYS
-  - WDFLDR.SYS
-  InternalName: ''
-  MD5: ed6348707f177629739df73b97ba1b6e
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: f78ee0a27870386b7cdb6fbdff0c5632
-    SHA1: a029f13ffd45455953c0f02dec6766788322bd70
-    SHA256: 1a0ce06c52b95e90b7085cb690931241935001dc8cf42d962bb783b308415145
-  SHA1: 806832983bb8cb1e26001e60ea3b7c3ade4d3471
-  SHA256: 58c071cfe72e9ee867bba85cbd0abe72eb223d27978d6f0650d0103553839b59
-  Sections:
-    .text:
-      Entropy: 6.301046283130523
-      Virtual Size: '0x102da'
-    .rdata:
-      Entropy: 5.841741222443777
-      Virtual Size: '0x1514'
-    .data:
-      Entropy: 2.1550056105114916
-      Virtual Size: '0x2930'
-    .pdata:
-      Entropy: 4.904696322087068
-      Virtual Size: '0x9d8'
-    INIT:
-      Entropy: 5.22718456837727
-      Virtual Size: '0x984'
-    .reloc:
-      Entropy: 4.9492093282023
-      Virtual Size: '0x164'
-  Signature:
-  - "\u96F7\u795E\uFF08\u6B66\u6C49\uFF09\u4FE1\u606F\u6280\u672F\u6709\u9650\u516C\
-    \u53F8"
-  - DigiCert SHA2 Assured ID Code Signing CA
-  - DigiCert
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Assured
-        ID Code Signing CA
-      ValidFrom: '2013-10-22 12:00:00'
-      ValidTo: '2028-10-22 12:00:00'
-      Signature: 3eec0d5a24b3f322d115c82c7c252976a81d5d1c2d3a1ac4ef3061d77e0b60fdc33d0fc4af8bfdef2adf205537b0e1f6d192750f51b46ea58e5ae25e24814e10a4ee3f718e630e134badd75f4479f33614068af79c464e5cff90b11b070e9115fbbaafb551c28d24ae24c6c7272aa129281a3a7128023c2e91a3c02511e29c1447a17a6868af9ba75c205cd971b10c8fbba8f8c512689fcf40cb4044a513f0e6640c25084232b2368a2402fe2f727e1cd7494596e8591de9fa74646bb2eb6643dab3b08cd5e90dddf60120ce9931633d081a18b3819b4fc6931006fc0781fa8bdaf98249f7626ea153fa129418852e9291ea686c4432b266a1e718a49a6451ef
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 0409181b5fd5bb66755343b56f955008
-      Version: 3
-      TBS:
-        MD5: 9359496ca4f021408b9d8923cab8b179
-        SHA1: 2aed40d7759997830870769be250199fd609e40e
-        SHA256: e767799478f64a34b3f53ff3bb9057fe1768f4ab178041b0dcc0ff1e210cba65
-        SHA384: 5cb7e7b4f1dbccd48d10db7e71b6f8c05fcb4bcb0085a6fefcfa0c2148f9a594e59f56ac4304004f3b398e259035c40c
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root
-        CA
-      ValidFrom: '2011-04-15 19:41:37'
-      ValidTo: '2021-04-15 19:51:37'
-      Signature: 5cf5b22d02ceed01b53512d813f7aa4014c7a15ca08a55ed7e55ea6ac457176fd04722423658efc5ac61c5f62c52ce6ae6c80d85dab334420ea40225182672b92a4ea57e4b16f2a0e40c449ce24d9af474f0f927a6699031c244654348c74869d0fc8409f286140ac22996857f11eb8713176ed3ec6bff1d578ab17b1ea5a07ce9a27a68e5fac6b161d67263fa379163835599f81d614f0c6fa3f7bcb1152acc8d85e31417ef7e49443fb022c0f0acbe2fdbe10c86b0f4585c5a10a94bcdf3448a4652083e0a6210e9459504b78b8d4b074f500db7bbe7fb8ca27878c6c53b7663b2cfe521845a66fce04c79834ecfa8ee700586587cc29cd73ca3ad3c7e76625c87d0ed7cd5c55b1421f4be75a275d2e9e15ad020307841624d6b5e6e1b1710244ad8588775d015d762bbfd185665842561977faad49df4f35d6da031c2e19e02ac3e90c3327ee832903416d08b14cf95accee58c54a265b8bfed186a57073ed3e79a4a2f081a041c49871a8ae61b08a365d81c31c50d9cbab368ddf45076160675fec403e7d13edfdc862e10027e661296534e7af3365879b12042d8963f35be3f8ef2999743f5e40ce13c68728c8d49d75a52b573fb7a35943a61b08482c04885c19732d39b725fa0d2348f7ef0467cf28c7294c707b0d7b5b230b81965f09c8327b0a0abd0a2727e050fb3aeddb95b9b42bcc32663456b86f11d4643edc8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611cb28a000000000026
-      Version: 3
-      TBS:
-        MD5: 983a0c315a50542362f2bd6a5d71c8d0
-        SHA1: 8047f476001f5cb16a661d2a3fd0c3576168f5e2
-        SHA256: 5f6a519ed2e35cd0fa1cdfc90f4387162c36287bbf9e4d6648251d99542a9e83
-        SHA384: 5f014b60511ddab3247ef0b3c03fe82c622237ba76015e2911d1adc50dc632d56ebd1ee532f3c2b6cbfe68d80a2c91dc
-    - Subject: C=CN, ST=, L=, O=, CN=
-      ValidFrom: '2020-04-07 00:00:00'
-      ValidTo: '2023-04-12 12:00:00'
-      Signature: a4c49209083ca0c02d22e42e0f174eb979220983298f1fb3ce5f14777b955ebb967d6ab384bc924776ec4d86bab81b19775efbafb8a330efd441e89b696862ab135515ae53e585fe95f42a6029af2a7dc8b2467e7ada564c0de809404746327890d06f247b5ef420978893e616ffa622e3fbdcd37c3147d04b84ce4be2af9d7408e342e39ebf2e77b111b22d824ce50b57c8c3f6adcd11cefa69f9f5d381084fa76f6531fd8c8462d9292f4ad4c0cadb0c293e350b96e847cd5af3c4a9c4d3e22c45c7dc10908af3e41a0e9fadd5fa45ffa88d413a50bd7db8f165d67df655de0e88fe8ab2d7638ebd1eef0c514a18a3e73cd0e2a5f6a56f7c7288b4f30a6673
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 0efd9bd4b4281c6522d96011df46c9c4
-      Version: 3
-      TBS:
-        MD5: a79bd916766d1d84788c637368712a33
-        SHA1: 59253425fe3216db3b4a61d841bb2e5a04b16de4
-        SHA256: 1fbfce5177088c54f2e5aaba30cd415afabd5248d49aa440a15963a9e7d2ea23
-        SHA384: 9f5c4429ac557572a26c0f0439d346ee956f6b626cbdd45caa8afe715b3aa84fdc327679c8a0486e0278ca5b806da41a
-    - Subject: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo
-        RSA Time Stamping CA
-      ValidFrom: '2019-05-02 00:00:00'
-      ValidTo: '2038-01-18 23:59:59'
-      Signature: 6d5481a5335d16e1b553819175df037a320b2d258411b2b0db2a7d2a05f5bc3b27f45aa0b9495990296c61cbb550dbe27df99f00ef40c3add3e2e456f95841cff142e5107dffb0741f8fc65c09f9335eeaa01c26585cf3b4110fd5d5c3e2bcd55878bf4876e144676d8fb043100f8de4f93862bf1301c585a34cc5ccb2533095a4d6f4965608b8cd5c7f0196be72526a3b42377c1678399393949bb1dcb26d416d67cdc96f903d7f4572c11b23d6c2558466e4b3c56606f6f3d64b5eada32b428a2192fea86f5a2570628173635ea0bbd8dcd74ad33daf830638121d24872de4fc02d63e7704bc0436b5e777cb9c2e8d2318b9a3c2471df05dd6a1735705689aa7c937651dbeeabcd842834305a58ba609ffd1a194a64eaa3d09f5056cb7d2645ad82a22c24b9df1395e4cde483d9b34969a095f8efdf7b15291ce3f89f61ca1b5a9751f71bf5b435d653d50816eabf0d0d3fcb2b31fb6999626f43c798b5c64cccdee279ae5a0c00c7287c16e4d5ad31eeaf044e6326f1ceb174e94c37865203b0f41aa1fe9a1419dfeb1b8a0652a34e0dea8f93ce6c130bbc0a0632cfc5c1600a8d0c47fea119d1e06c6a66d325db438092b4907aafdec30daf1a72fcfb7fdfad0a384d9279efb016677b95610e1206ec6aeb1f9b6bac8355d33768ef17c200c2a77aeb5a20286ba29eeb45a00b18cabe3f90ac9545dd4b96a749ebd48ae98
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.12
-      IsCertificateAuthority: true
-      SerialNumber: 300f6facdd6698747ca94636a7782db9
-      Version: 3
-      TBS:
-        MD5: 63499ed59a1293b786649470e4ce0bd7
-        SHA1: 7309d8eaa65da1f3da7030c08f00a3b0a20fa908
-        SHA256: 8c8d2046b29e792e71b28705fe67c435208a336dde074a75452d98e72c734937
-        SHA384: 5dbc5eae13908fee4c4e5216f87e3e87208fff0d1052f5fa9f0856a429d6a6c422c625f2318f2f29aea26ece09c1e811
-    - Subject: 'C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo
-        RSA Time Stamping Signer #2'
-      ValidFrom: '2020-10-23 00:00:00'
-      ValidTo: '2032-01-22 23:59:59'
-      Signature: 4a0378904233ec7b1a830936339855bb9d4006306b456af1940e1950ff5b255e3be139c45bbae995903737bddffb64ece582b795cc5755704b4ef4a887dd2285a657bbb82127d4a02a31948a07219e8abda71af50215cb4450998cec3eba0377a6820290c22e93a9be21347563b9e02d0fcf0137cb8da2fab85a9aaea17a9e139319558f09902edfea881716eb69d6e125bd45089780d75420284fca7bb3b3a5d200b0603465c4e3c5c3a5e4ba85aa7a69db75a43e79689a368b43ae36d461723c0e85620da05e70db642f01c7c1a1c72494a3b23c6eb25ea2d0faa8d1b8251c16e6c0d57f681ac46529352a2d88bceaae74d682e7c088b8e14f78f05ccac0405cc29fd5321c2cda3cac36f706529aa3403017b0291699c9aab78849f7e80b2533b53f6daf9f5f0a56df12b1c3eece9177e82013e95c24c7ea440b4ae613841c4deb0db5b886a030a78ba19fb42cccc01623c991e542034b80cee44de62a013ec05e85a024a11740d5dbdbe79810a4f1ea191b8054fa4789e89881a975c00edfd0689479a1a09e8eb6b74266cbd9d96b2f4dd8de3e321e20e4ec9c4d428d9dc73399823744d4262926408e782fb9eefa2ff1f18ffe50b878dd1496de1c0e70b02a856ab16c68e92ae4102b6e21fdd37c9d37e42a06d6c3f1d768e34f0779810813feb2645ee9b13ce6d07823b2092ce22662bf3ba99751ccc7443281b2afcfdf
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.12
-      IsCertificateAuthority: false
-      SerialNumber: 008c77a0008ff4d1b0c63d9f3a48838d6b
-      Version: 3
-      TBS:
-        MD5: 6efd500ce038df7aa3087c1e63a5eb5c
-        SHA1: 1c961712a02fb995c585080eda53a753656ca3ad
-        SHA256: f60d4f8f7b56499de889264b1e64890694c5b106129d3db068976ed33495577a
-        SHA384: 031fdf7c078e205b4d3ffaff40de36f48f91f87c3b0005b482ff614b320f5e47785045cb87a3e6a75085c24ae8409498
-    Signer:
-    - SerialNumber: 0efd9bd4b4281c6522d96011df46c9c4
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Assured
-        ID Code Signing CA
-      Version: 1
-  Imphash: 391ffad95759bc4bac2b737d0d0eaa84
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: befaf31ebd0bbedb364214fca5dd9799
-    SHA1: c58bebef6a92f5a5b37be0394695e8e18a42867f
-    SHA256: 350e15bf24dcfdc052db117718329a03e930c17ac8c835e51d001e74bad784e4
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2020-11-29 19:41:05'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - RtlValidSid
-  - RtlCompareMemory
-  - RtlGetVersion
-  - SeExports
-  - __C_specific_handler
-  - ZwSetSecurityObject
-  - ObOpenObjectByPointer
-  - PsLookupProcessByProcessId
-  - RtlAddAccessAllowedAce
-  - RtlCreateAcl
-  - RtlLengthSid
-  - ZwSetInformationThread
-  - PsGetCurrentProcessId
-  - ZwQueryValueKey
-  - ZwOpenKey
-  - ZwClose
-  - ObfDereferenceObject
-  - ObReferenceObjectByHandle
-  - IoReleaseCancelSpinLock
-  - IoFreeMdl
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - IofCompleteRequest
-  - IoAllocateMdl
-  - KeAcquireInStackQueuedSpinLock
-  - PsCreateSystemThread
-  - MmFreePagesFromMdl
-  - MmAllocatePagesForMdl
-  - MmUnmapLockedPages
-  - MmMapLockedPagesSpecifyCache
-  - MmBuildMdlForNonPagedPool
-  - ExDeleteNPagedLookasideList
-  - ExInitializeNPagedLookasideList
-  - ExpInterlockedPushEntrySList
-  - ExpInterlockedPopEntrySList
-  - ExQueryDepthSList
-  - ExFreePoolWithTag
-  - PsTerminateSystemThread
-  - KeInitializeSpinLock
-  - KeWaitForSingleObject
-  - KeSetEvent
-  - KeInitializeEvent
-  - RtlSetDaclSecurityDescriptor
-  - RtlCreateSecurityDescriptor
-  - RtlAppendUnicodeToString
-  - MmGetSystemRoutineAddress
-  - RtlInitUnicodeString
-  - RtlCopyUnicodeString
-  - swprintf_s
-  - ExUuidCreate
-  - ExAllocatePoolWithTag
-  - KeReleaseInStackQueuedSpinLock
-  - FwpsDiscardClonedStreamData0
-  - FwpsCloneStreamData0
-  - FwpsRedirectHandleDestroy0
-  - FwpsCompleteClassify0
-  - FwpsFlowRemoveContext0
-  - FwpmBfeStateUnsubscribeChanges0
-  - FwpmBfeStateSubscribeChanges0
-  - FwpmBfeStateGet0
-  - FwpsCopyStreamDataToBuffer0
-  - FwpsStreamInjectAsync0
-  - FwpsInjectNetworkReceiveAsync0
-  - FwpsInjectTransportReceiveAsync0
-  - FwpsInjectTransportSendAsync0
-  - FwpsConstructIpHeaderForTransportPacket0
-  - FwpsInjectNetworkSendAsync0
-  - FwpsFreeCloneNetBufferList0
-  - FwpsFreeNetBufferList0
-  - FwpsAllocateNetBufferAndNetBufferList0
-  - FwpsInjectionHandleDestroy0
-  - FwpsInjectionHandleCreate0
-  - FwpsFlowAbort0
-  - FwpmFilterAdd0
-  - FwpmCalloutAdd0
-  - FwpmSubLayerDestroyEnumHandle0
-  - FwpmSubLayerEnum0
-  - FwpmSubLayerCreateEnumHandle0
-  - FwpmSubLayerDeleteByKey0
-  - FwpmSubLayerAdd0
-  - FwpmProviderContextDeleteByKey0
-  - FwpmProviderAdd0
-  - FwpmTransactionAbort0
-  - FwpmTransactionCommit0
-  - FwpmTransactionBegin0
-  - FwpmEngineClose0
-  - FwpmEngineOpen0
-  - FwpmFreeMemory0
-  - FwpsRedirectHandleCreate0
-  - FwpsQueryPacketInjectionState0
-  - FwpsApplyModifiedLayerData0
-  - FwpsAcquireWritableLayerDataPointer0
-  - FwpsReleaseClassifyHandle0
-  - FwpsAcquireClassifyHandle0
-  - FwpsFlowAssociateContext0
-  - FwpsCalloutUnregisterByKey0
-  - FwpsCalloutRegister1
-  - FwpsPendClassify0
-  - NdisAllocateNetBufferListPool
-  - NdisAdvanceNetBufferDataStart
-  - NdisGetDataBuffer
-  - NdisAllocateGenericObject
-  - NdisFreeGenericObject
-  - NdisInitializeEvent
-  - NdisFreeNetBufferListPool
-  - NdisRetreatNetBufferDataStart
-  - NdisWaitEvent
-  - WdfVersionUnbind
-  - WdfVersionBindClass
-  - WdfVersionUnbindClass
-  - WdfVersionBind
-  Imports:
-  - ntoskrnl.exe
-  - fwpkclnt.sys
-  - NDIS.SYS
-  - WDFLDR.SYS
-  InternalName: ''
-  MD5: c8c6fadcb7cb85f197ab77e6a7b67aa9
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 685ad79cd9046fc877cf4045c6851f19
-    SHA1: a6fd21ddcc785c55b9cd4dae783bb1234c933a5d
-    SHA256: 0c85909eae295af47422021353ff5226ad93f3bab59069d315922368b5d511b8
-  SHA1: f86ae53eb61d3c7c316effe86395a4c0376b06db
-  SHA256: ae5cc99f3c61c86c7624b064fd188262e0160645c1676d231516bf4e716a22d3
-  Sections:
-    .text:
-      Entropy: 6.258357354555082
-      Virtual Size: '0xe19a'
-    .rdata:
-      Entropy: 5.216341532062553
-      Virtual Size: '0x1254'
-    .data:
-      Entropy: 2.1499810830170913
-      Virtual Size: '0x2740'
-    .pdata:
-      Entropy: 4.863003417071372
-      Virtual Size: '0x978'
-    INIT:
-      Entropy: 5.126260911710506
-      Virtual Size: '0xf82'
-    .reloc:
-      Entropy: 4.902525808147044
-      Virtual Size: '0x158'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root
-        CA
-      ValidFrom: '2011-04-15 19:41:37'
-      ValidTo: '2021-04-15 19:51:37'
-      Signature: 5cf5b22d02ceed01b53512d813f7aa4014c7a15ca08a55ed7e55ea6ac457176fd04722423658efc5ac61c5f62c52ce6ae6c80d85dab334420ea40225182672b92a4ea57e4b16f2a0e40c449ce24d9af474f0f927a6699031c244654348c74869d0fc8409f286140ac22996857f11eb8713176ed3ec6bff1d578ab17b1ea5a07ce9a27a68e5fac6b161d67263fa379163835599f81d614f0c6fa3f7bcb1152acc8d85e31417ef7e49443fb022c0f0acbe2fdbe10c86b0f4585c5a10a94bcdf3448a4652083e0a6210e9459504b78b8d4b074f500db7bbe7fb8ca27878c6c53b7663b2cfe521845a66fce04c79834ecfa8ee700586587cc29cd73ca3ad3c7e76625c87d0ed7cd5c55b1421f4be75a275d2e9e15ad020307841624d6b5e6e1b1710244ad8588775d015d762bbfd185665842561977faad49df4f35d6da031c2e19e02ac3e90c3327ee832903416d08b14cf95accee58c54a265b8bfed186a57073ed3e79a4a2f081a041c49871a8ae61b08a365d81c31c50d9cbab368ddf45076160675fec403e7d13edfdc862e10027e661296534e7af3365879b12042d8963f35be3f8ef2999743f5e40ce13c68728c8d49d75a52b573fb7a35943a61b08482c04885c19732d39b725fa0d2348f7ef0467cf28c7294c707b0d7b5b230b81965f09c8327b0a0abd0a2727e050fb3aeddb95b9b42bcc32663456b86f11d4643edc8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611cb28a000000000026
-      Version: 3
-      TBS:
-        MD5: 983a0c315a50542362f2bd6a5d71c8d0
-        SHA1: 8047f476001f5cb16a661d2a3fd0c3576168f5e2
-        SHA256: 5f6a519ed2e35cd0fa1cdfc90f4387162c36287bbf9e4d6648251d99542a9e83
-        SHA384: 5f014b60511ddab3247ef0b3c03fe82c622237ba76015e2911d1adc50dc632d56ebd1ee532f3c2b6cbfe68d80a2c91dc
-    - Subject: C=CN, ST=, L=, O=, CN=
-      ValidFrom: '2020-04-07 00:00:00'
-      ValidTo: '2023-04-12 12:00:00'
-      Signature: 056b54cd71b6206297f5e781cbdd5fd3e1d00efd8902ba8fa5e88fa99f3e4de7f620d29685cd48f2e229845102cae6eeaf3dd16087873576b35af8bde8b369baf14d6956c881d4d55c730734db3029c84b83eabed46aeaf79daacc1821220e82886a9b499923225ac471a3df7389ab99693d7a950c07f7fcb4da549ed53c462676b259c867b31f317552cbdbeb331b537ec9b3ca4ab68c26a47aede38fd3a33253655442c4a6113cd16669660e55088a03650dc6c1c5fe52aabd613651e5f0a45096bfc3baeafc386bbe75b53909d4974cc360a491cb19090b681bca3dda039ee52b5bd5fdf1ff157625ad1f54db0e14b571e00d7119bfbd667df0cd517e77bd
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0dd7d4a785990584d8c0837659173272
-      Version: 3
-      TBS:
-        MD5: 559c170b8f735dd1ba8c3946354c4fa5
-        SHA1: e7432e65001ca5e56478ee25ae9906981432ee75
-        SHA256: 1c6140780d5210fb89e1dd3005184e03dc52740266a921035b1f836b5af0d32a
-        SHA384: 545ad02c12154f939f80b6f4b9d7ae888550220af82ec3f0a42805c8f6e6d7e57dbe62c80a8f8ec35a894acce2f68d9f
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code
-        Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 7b721d64ff88c83ac1b7e9e7a9c487bbdb9492d7905933fa2b87dea85b80253f138f9b831b7c43c4e68cdf393ec315ecb0da3b21257b24c1725db84791811346fa9c3f6a5138deb425cbf0abdfc528015479104624d1380f26a161904dbabd28e63ff1c4aa9bf6da35534fc9f23dd36cdc23edaaa04d6709f33a803d3cfb364c90e776a4ddf23abf56352fa24c65e8e0d4dad1c7c8916a2d234f373b199418d4d59c103cd5b11c19ff8fc86b9b9ef8ae9c999678d1cd9c51155b4226725a8d0a4a239240e886de22c2933ad49b68a6df297f06b93c0ebd9fc4869c82474271328609997209794b9d7169f541ff7f397764f1848dbe8b1eb27d68a3a590b10cff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0fa8490615d700a0be2176fdc5ec6dbd
-      Version: 3
-      TBS:
-        MD5: a9a31555bbc92b6033975c5428fb3679
-        SHA1: 47f4b9898631773231b32844ec0d49990ac4eb1e
-        SHA256: c826846e4b1d73edb7561ab1b41c949354e237a91e82fe1be5b7e2e1701f52d1
-        SHA384: 86f49574f368a561914a52d7ae043ec6784ef8c718960700f834e123594605d25d39f1ad45f1eb5052c9567f3edd0e16
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 0dd7d4a785990584d8c0837659173272
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code
-        Signing CA,1
-      Version: 1
-  Imphash: 0ebf1214948a636eba076b14cd8f72d5
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: e7902722f707f386ff95d67bfd989be0
-    SHA1: 4604a20cae2dfe42320fe8f6aed000ec204efa7e
-    SHA256: 13b82d81d6eac1a8b2e4655504dabecbd70673cdf45c244702a02f3397fdff9a
-  Company: NetFilterSDK.com
-  Copyright: Copyright ? NetFilterSDK.com
-  CreationTimestamp: '2020-09-24 20:14:24'
-  Date: ''
-  Description: NetFilter SDK TDI Hook Driver (WPP)
-  ExportedFunctions: ''
-  FileVersion: '1.4.9.8 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - IoDeleteSymbolicLink
-  - IofCompleteRequest
-  - ZwClose
-  - ObfDereferenceObject
-  - ObOpenObjectByPointer
-  - PsLookupProcessByProcessId
-  - MmGetSystemRoutineAddress
-  - RtlInitUnicodeString
-  - IoDetachDevice
-  - IofCallDriver
-  - IoFreeMdl
-  - memcpy
-  - MmBuildMdlForNonPagedPool
-  - IoBuildDeviceIoControlRequest
-  - IoAllocateMdl
-  - RtlDowncaseUnicodeString
-  - PsGetCurrentProcessId
-  - KeWaitForSingleObject
-  - KeInitializeEvent
-  - KeInsertQueueDpc
-  - IoReleaseCancelSpinLock
-  - ObReferenceObjectByHandle
-  - IoDeleteDevice
-  - MmMapLockedPagesSpecifyCache
-  - IoAllocateIrp
-  - KeInitializeTimer
-  - KeInitializeDpc
-  - RtlAppendUnicodeToString
-  - IoAttachDeviceToDeviceStack
-  - IoGetDeviceObjectPointer
-  - KeSetTimer
-  - MmUnmapLockedPages
-  - MmFreePagesFromMdl
-  - MmAllocatePagesForMdl
-  - ZwQueryValueKey
-  - ZwOpenKey
-  - ZwSetSecurityObject
-  - RtlSetDaclSecurityDescriptor
-  - RtlCreateSecurityDescriptor
-  - RtlAddAccessAllowedAce
-  - RtlCreateAcl
-  - SeExports
-  - RtlLengthSid
-  - KeTickCount
-  - KeBugCheckEx
-  - RtlUnwind
-  - _aullrem
-  - ExFreePoolWithTag
-  - memset
-  - IoFreeIrp
-  - ExAllocatePoolWithTag
-  - KfAcquireSpinLock
-  - KfReleaseSpinLock
-  - TdiMapUserRequest
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  - TDI.SYS
-  InternalName: LgDCatcher.sys
-  MD5: ad6d5177656dfc5b43def5d13d32f9f6
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: LgDCatcher.sys
-  PDBPath: ''
-  Product: NetFilter SDK
-  ProductVersion: 1.5.8.9
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: ad9744fc505f62a6698d77730997bfc6
-    SHA1: 823b166d3fc361be477b0f81ae15171cca68accb
-    SHA256: b7399963880416ccdf6a6942c3d4dbf8a77044bc504f2405c7bdbbed2835295c
-  SHA1: a01c42a5be7950adbc7228a9612255ac3a06b904
-  SHA256: 0c42fe45ffa9a9c36c87a7f01510a077da6340ffd86bf8509f02c6939da133c5
-  Sections:
-    .text:
-      Entropy: 6.397798388592881
-      Virtual Size: '0x9c02'
-    .rdata:
-      Entropy: 4.044693905831574
-      Virtual Size: '0x204'
-    .data:
-      Entropy: 0.24044503450968063
-      Virtual Size: '0x1458'
-    INIT:
-      Entropy: 5.514785664446277
-      Virtual Size: '0x638'
-    .rsrc:
-      Entropy: 3.337655772667483
-      Virtual Size: '0x3a0'
-    .reloc:
-      Entropy: 6.444197863031406
-      Virtual Size: '0xa6a'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root
-        CA
-      ValidFrom: '2011-04-15 19:41:37'
-      ValidTo: '2021-04-15 19:51:37'
-      Signature: 5cf5b22d02ceed01b53512d813f7aa4014c7a15ca08a55ed7e55ea6ac457176fd04722423658efc5ac61c5f62c52ce6ae6c80d85dab334420ea40225182672b92a4ea57e4b16f2a0e40c449ce24d9af474f0f927a6699031c244654348c74869d0fc8409f286140ac22996857f11eb8713176ed3ec6bff1d578ab17b1ea5a07ce9a27a68e5fac6b161d67263fa379163835599f81d614f0c6fa3f7bcb1152acc8d85e31417ef7e49443fb022c0f0acbe2fdbe10c86b0f4585c5a10a94bcdf3448a4652083e0a6210e9459504b78b8d4b074f500db7bbe7fb8ca27878c6c53b7663b2cfe521845a66fce04c79834ecfa8ee700586587cc29cd73ca3ad3c7e76625c87d0ed7cd5c55b1421f4be75a275d2e9e15ad020307841624d6b5e6e1b1710244ad8588775d015d762bbfd185665842561977faad49df4f35d6da031c2e19e02ac3e90c3327ee832903416d08b14cf95accee58c54a265b8bfed186a57073ed3e79a4a2f081a041c49871a8ae61b08a365d81c31c50d9cbab368ddf45076160675fec403e7d13edfdc862e10027e661296534e7af3365879b12042d8963f35be3f8ef2999743f5e40ce13c68728c8d49d75a52b573fb7a35943a61b08482c04885c19732d39b725fa0d2348f7ef0467cf28c7294c707b0d7b5b230b81965f09c8327b0a0abd0a2727e050fb3aeddb95b9b42bcc32663456b86f11d4643edc8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611cb28a000000000026
-      Version: 3
-      TBS:
-        MD5: 983a0c315a50542362f2bd6a5d71c8d0
-        SHA1: 8047f476001f5cb16a661d2a3fd0c3576168f5e2
-        SHA256: 5f6a519ed2e35cd0fa1cdfc90f4387162c36287bbf9e4d6648251d99542a9e83
-        SHA384: 5f014b60511ddab3247ef0b3c03fe82c622237ba76015e2911d1adc50dc632d56ebd1ee532f3c2b6cbfe68d80a2c91dc
-    - Subject: C=CN, ST=, L=, O=, CN=
-      ValidFrom: '2020-04-07 00:00:00'
-      ValidTo: '2023-04-12 12:00:00'
-      Signature: 056b54cd71b6206297f5e781cbdd5fd3e1d00efd8902ba8fa5e88fa99f3e4de7f620d29685cd48f2e229845102cae6eeaf3dd16087873576b35af8bde8b369baf14d6956c881d4d55c730734db3029c84b83eabed46aeaf79daacc1821220e82886a9b499923225ac471a3df7389ab99693d7a950c07f7fcb4da549ed53c462676b259c867b31f317552cbdbeb331b537ec9b3ca4ab68c26a47aede38fd3a33253655442c4a6113cd16669660e55088a03650dc6c1c5fe52aabd613651e5f0a45096bfc3baeafc386bbe75b53909d4974cc360a491cb19090b681bca3dda039ee52b5bd5fdf1ff157625ad1f54db0e14b571e00d7119bfbd667df0cd517e77bd
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0dd7d4a785990584d8c0837659173272
-      Version: 3
-      TBS:
-        MD5: 559c170b8f735dd1ba8c3946354c4fa5
-        SHA1: e7432e65001ca5e56478ee25ae9906981432ee75
-        SHA256: 1c6140780d5210fb89e1dd3005184e03dc52740266a921035b1f836b5af0d32a
-        SHA384: 545ad02c12154f939f80b6f4b9d7ae888550220af82ec3f0a42805c8f6e6d7e57dbe62c80a8f8ec35a894acce2f68d9f
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code
-        Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 7b721d64ff88c83ac1b7e9e7a9c487bbdb9492d7905933fa2b87dea85b80253f138f9b831b7c43c4e68cdf393ec315ecb0da3b21257b24c1725db84791811346fa9c3f6a5138deb425cbf0abdfc528015479104624d1380f26a161904dbabd28e63ff1c4aa9bf6da35534fc9f23dd36cdc23edaaa04d6709f33a803d3cfb364c90e776a4ddf23abf56352fa24c65e8e0d4dad1c7c8916a2d234f373b199418d4d59c103cd5b11c19ff8fc86b9b9ef8ae9c999678d1cd9c51155b4226725a8d0a4a239240e886de22c2933ad49b68a6df297f06b93c0ebd9fc4869c82474271328609997209794b9d7169f541ff7f397764f1848dbe8b1eb27d68a3a590b10cff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0fa8490615d700a0be2176fdc5ec6dbd
-      Version: 3
-      TBS:
-        MD5: a9a31555bbc92b6033975c5428fb3679
-        SHA1: 47f4b9898631773231b32844ec0d49990ac4eb1e
-        SHA256: c826846e4b1d73edb7561ab1b41c949354e237a91e82fe1be5b7e2e1701f52d1
-        SHA384: 86f49574f368a561914a52d7ae043ec6784ef8c718960700f834e123594605d25d39f1ad45f1eb5052c9567f3edd0e16
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 0dd7d4a785990584d8c0837659173272
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code
-        Signing CA,1
-      Version: 1
-  Imphash: 835e364e2175338d970c2aaee365f3dc
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create LgDCatcher.sys binPath=C:\windows\temp\LgDCatcher.sys type=kernel
+        && sc.exe start LgDCatcher.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules
-Tags:
-- LgDCatcher.sys
-Verified: 'TRUE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 0011ec462e11bd6288e1dc38def9be06
+        SHA1: c6f2e631f12737a5fa96db2e18c8ebf950d64eb6
+        SHA256: 3ba724dd78864cd527a99673fde1bf7f9f85f2415c91708e7380fbe5e2c085dd
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2021-07-21 01:22:27'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: LgDCatcher.sys
+    ImportedFunctions:
+    - ExpInterlockedPushEntrySList
+    - ExInitializeNPagedLookasideList
+    - ExDeleteNPagedLookasideList
+    - MmBuildMdlForNonPagedPool
+    - MmMapLockedPagesSpecifyCache
+    - MmUnmapLockedPages
+    - MmAllocatePagesForMdl
+    - MmFreePagesFromMdl
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - IoAllocateMdl
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - IoFreeMdl
+    - IoReleaseCancelSpinLock
+    - ObReferenceObjectByHandle
+    - ExpInterlockedPopEntrySList
+    - ZwClose
+    - ZwOpenKey
+    - ZwQueryValueKey
+    - PsGetCurrentProcessId
+    - ZwSetInformationThread
+    - RtlLengthSid
+    - RtlCreateAcl
+    - RtlAddAccessAllowedAce
+    - PsLookupProcessByProcessId
+    - ObOpenObjectByPointer
+    - ZwSetSecurityObject
+    - __C_specific_handler
+    - SeExports
+    - RtlGetVersion
+    - _stricmp
+    - ExAllocatePool
+    - ZwQuerySystemInformation
+    - RtlValidSid
+    - KeGetCurrentIrql
+    - KeWaitForSingleObject
+    - ExFreePoolWithTag
+    - ExQueryDepthSList
+    - KeSetEvent
+    - KeInitializeEvent
+    - RtlSetDaclSecurityDescriptor
+    - RtlCreateSecurityDescriptor
+    - RtlAppendUnicodeToString
+    - MmGetSystemRoutineAddress
+    - RtlInitUnicodeString
+    - swprintf_s
+    - ExUuidCreate
+    - ExAllocatePoolWithTag
+    - RtlCopyUnicodeString
+    - KeReleaseInStackQueuedSpinLock
+    - KeAcquireInStackQueuedSpinLock
+    - ObfDereferenceObject
+    - RtlCompareMemory
+    - FwpsFreeNetBufferList0
+    - NdisInitializeEvent
+    - NdisAdvanceNetBufferDataStart
+    - NdisGetDataBuffer
+    - NdisAllocateGenericObject
+    - NdisFreeNetBufferListPool
+    - NdisAllocateNetBufferListPool
+    - NdisWaitEvent
+    - NdisFreeGenericObject
+    - NdisRetreatNetBufferDataStart
+    - WdfVersionUnbind
+    - WdfVersionBind
+    - WdfVersionBindClass
+    - WdfVersionUnbindClass
+    Imports:
+    - ntoskrnl.exe
+    - fwpkclnt.sys
+    - NDIS.SYS
+    - WDFLDR.SYS
+    InternalName: ''
+    MD5: ed6348707f177629739df73b97ba1b6e
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: f78ee0a27870386b7cdb6fbdff0c5632
+        SHA1: a029f13ffd45455953c0f02dec6766788322bd70
+        SHA256: 1a0ce06c52b95e90b7085cb690931241935001dc8cf42d962bb783b308415145
+    SHA1: 806832983bb8cb1e26001e60ea3b7c3ade4d3471
+    SHA256: 58c071cfe72e9ee867bba85cbd0abe72eb223d27978d6f0650d0103553839b59
+    Sections:
+        .text:
+            Entropy: 6.301046283130523
+            Virtual Size: '0x102da'
+        .rdata:
+            Entropy: 5.841741222443777
+            Virtual Size: '0x1514'
+        .data:
+            Entropy: 2.1550056105114916
+            Virtual Size: '0x2930'
+        .pdata:
+            Entropy: 4.904696322087068
+            Virtual Size: '0x9d8'
+        INIT:
+            Entropy: 5.22718456837727
+            Virtual Size: '0x984'
+        .reloc:
+            Entropy: 4.9492093282023
+            Virtual Size: '0x164'
+    Signature:
+    - "\u96F7\u795E\uFF08\u6B66\u6C49\uFF09\u4FE1\u606F\u6280\u672F\u6709\u9650\u516C\
+        \u53F8"
+    - DigiCert SHA2 Assured ID Code Signing CA
+    - DigiCert
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Assured
+                ID Code Signing CA
+            ValidFrom: '2013-10-22 12:00:00'
+            ValidTo: '2028-10-22 12:00:00'
+            Signature: 3eec0d5a24b3f322d115c82c7c252976a81d5d1c2d3a1ac4ef3061d77e0b60fdc33d0fc4af8bfdef2adf205537b0e1f6d192750f51b46ea58e5ae25e24814e10a4ee3f718e630e134badd75f4479f33614068af79c464e5cff90b11b070e9115fbbaafb551c28d24ae24c6c7272aa129281a3a7128023c2e91a3c02511e29c1447a17a6868af9ba75c205cd971b10c8fbba8f8c512689fcf40cb4044a513f0e6640c25084232b2368a2402fe2f727e1cd7494596e8591de9fa74646bb2eb6643dab3b08cd5e90dddf60120ce9931633d081a18b3819b4fc6931006fc0781fa8bdaf98249f7626ea153fa129418852e9291ea686c4432b266a1e718a49a6451ef
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 0409181b5fd5bb66755343b56f955008
+            Version: 3
+            TBS:
+                MD5: 9359496ca4f021408b9d8923cab8b179
+                SHA1: 2aed40d7759997830870769be250199fd609e40e
+                SHA256: e767799478f64a34b3f53ff3bb9057fe1768f4ab178041b0dcc0ff1e210cba65
+                SHA384: 5cb7e7b4f1dbccd48d10db7e71b6f8c05fcb4bcb0085a6fefcfa0c2148f9a594e59f56ac4304004f3b398e259035c40c
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID Root CA
+            ValidFrom: '2011-04-15 19:41:37'
+            ValidTo: '2021-04-15 19:51:37'
+            Signature: 5cf5b22d02ceed01b53512d813f7aa4014c7a15ca08a55ed7e55ea6ac457176fd04722423658efc5ac61c5f62c52ce6ae6c80d85dab334420ea40225182672b92a4ea57e4b16f2a0e40c449ce24d9af474f0f927a6699031c244654348c74869d0fc8409f286140ac22996857f11eb8713176ed3ec6bff1d578ab17b1ea5a07ce9a27a68e5fac6b161d67263fa379163835599f81d614f0c6fa3f7bcb1152acc8d85e31417ef7e49443fb022c0f0acbe2fdbe10c86b0f4585c5a10a94bcdf3448a4652083e0a6210e9459504b78b8d4b074f500db7bbe7fb8ca27878c6c53b7663b2cfe521845a66fce04c79834ecfa8ee700586587cc29cd73ca3ad3c7e76625c87d0ed7cd5c55b1421f4be75a275d2e9e15ad020307841624d6b5e6e1b1710244ad8588775d015d762bbfd185665842561977faad49df4f35d6da031c2e19e02ac3e90c3327ee832903416d08b14cf95accee58c54a265b8bfed186a57073ed3e79a4a2f081a041c49871a8ae61b08a365d81c31c50d9cbab368ddf45076160675fec403e7d13edfdc862e10027e661296534e7af3365879b12042d8963f35be3f8ef2999743f5e40ce13c68728c8d49d75a52b573fb7a35943a61b08482c04885c19732d39b725fa0d2348f7ef0467cf28c7294c707b0d7b5b230b81965f09c8327b0a0abd0a2727e050fb3aeddb95b9b42bcc32663456b86f11d4643edc8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611cb28a000000000026
+            Version: 3
+            TBS:
+                MD5: 983a0c315a50542362f2bd6a5d71c8d0
+                SHA1: 8047f476001f5cb16a661d2a3fd0c3576168f5e2
+                SHA256: 5f6a519ed2e35cd0fa1cdfc90f4387162c36287bbf9e4d6648251d99542a9e83
+                SHA384: 5f014b60511ddab3247ef0b3c03fe82c622237ba76015e2911d1adc50dc632d56ebd1ee532f3c2b6cbfe68d80a2c91dc
+        -   Subject: C=CN, ST=, L=, O=, CN=
+            ValidFrom: '2020-04-07 00:00:00'
+            ValidTo: '2023-04-12 12:00:00'
+            Signature: a4c49209083ca0c02d22e42e0f174eb979220983298f1fb3ce5f14777b955ebb967d6ab384bc924776ec4d86bab81b19775efbafb8a330efd441e89b696862ab135515ae53e585fe95f42a6029af2a7dc8b2467e7ada564c0de809404746327890d06f247b5ef420978893e616ffa622e3fbdcd37c3147d04b84ce4be2af9d7408e342e39ebf2e77b111b22d824ce50b57c8c3f6adcd11cefa69f9f5d381084fa76f6531fd8c8462d9292f4ad4c0cadb0c293e350b96e847cd5af3c4a9c4d3e22c45c7dc10908af3e41a0e9fadd5fa45ffa88d413a50bd7db8f165d67df655de0e88fe8ab2d7638ebd1eef0c514a18a3e73cd0e2a5f6a56f7c7288b4f30a6673
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 0efd9bd4b4281c6522d96011df46c9c4
+            Version: 3
+            TBS:
+                MD5: a79bd916766d1d84788c637368712a33
+                SHA1: 59253425fe3216db3b4a61d841bb2e5a04b16de4
+                SHA256: 1fbfce5177088c54f2e5aaba30cd415afabd5248d49aa440a15963a9e7d2ea23
+                SHA384: 9f5c4429ac557572a26c0f0439d346ee956f6b626cbdd45caa8afe715b3aa84fdc327679c8a0486e0278ca5b806da41a
+        -   Subject: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo
+                RSA Time Stamping CA
+            ValidFrom: '2019-05-02 00:00:00'
+            ValidTo: '2038-01-18 23:59:59'
+            Signature: 6d5481a5335d16e1b553819175df037a320b2d258411b2b0db2a7d2a05f5bc3b27f45aa0b9495990296c61cbb550dbe27df99f00ef40c3add3e2e456f95841cff142e5107dffb0741f8fc65c09f9335eeaa01c26585cf3b4110fd5d5c3e2bcd55878bf4876e144676d8fb043100f8de4f93862bf1301c585a34cc5ccb2533095a4d6f4965608b8cd5c7f0196be72526a3b42377c1678399393949bb1dcb26d416d67cdc96f903d7f4572c11b23d6c2558466e4b3c56606f6f3d64b5eada32b428a2192fea86f5a2570628173635ea0bbd8dcd74ad33daf830638121d24872de4fc02d63e7704bc0436b5e777cb9c2e8d2318b9a3c2471df05dd6a1735705689aa7c937651dbeeabcd842834305a58ba609ffd1a194a64eaa3d09f5056cb7d2645ad82a22c24b9df1395e4cde483d9b34969a095f8efdf7b15291ce3f89f61ca1b5a9751f71bf5b435d653d50816eabf0d0d3fcb2b31fb6999626f43c798b5c64cccdee279ae5a0c00c7287c16e4d5ad31eeaf044e6326f1ceb174e94c37865203b0f41aa1fe9a1419dfeb1b8a0652a34e0dea8f93ce6c130bbc0a0632cfc5c1600a8d0c47fea119d1e06c6a66d325db438092b4907aafdec30daf1a72fcfb7fdfad0a384d9279efb016677b95610e1206ec6aeb1f9b6bac8355d33768ef17c200c2a77aeb5a20286ba29eeb45a00b18cabe3f90ac9545dd4b96a749ebd48ae98
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.12
+            IsCertificateAuthority: true
+            SerialNumber: 300f6facdd6698747ca94636a7782db9
+            Version: 3
+            TBS:
+                MD5: 63499ed59a1293b786649470e4ce0bd7
+                SHA1: 7309d8eaa65da1f3da7030c08f00a3b0a20fa908
+                SHA256: 8c8d2046b29e792e71b28705fe67c435208a336dde074a75452d98e72c734937
+                SHA384: 5dbc5eae13908fee4c4e5216f87e3e87208fff0d1052f5fa9f0856a429d6a6c422c625f2318f2f29aea26ece09c1e811
+        -   Subject: 'C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo
+                RSA Time Stamping Signer #2'
+            ValidFrom: '2020-10-23 00:00:00'
+            ValidTo: '2032-01-22 23:59:59'
+            Signature: 4a0378904233ec7b1a830936339855bb9d4006306b456af1940e1950ff5b255e3be139c45bbae995903737bddffb64ece582b795cc5755704b4ef4a887dd2285a657bbb82127d4a02a31948a07219e8abda71af50215cb4450998cec3eba0377a6820290c22e93a9be21347563b9e02d0fcf0137cb8da2fab85a9aaea17a9e139319558f09902edfea881716eb69d6e125bd45089780d75420284fca7bb3b3a5d200b0603465c4e3c5c3a5e4ba85aa7a69db75a43e79689a368b43ae36d461723c0e85620da05e70db642f01c7c1a1c72494a3b23c6eb25ea2d0faa8d1b8251c16e6c0d57f681ac46529352a2d88bceaae74d682e7c088b8e14f78f05ccac0405cc29fd5321c2cda3cac36f706529aa3403017b0291699c9aab78849f7e80b2533b53f6daf9f5f0a56df12b1c3eece9177e82013e95c24c7ea440b4ae613841c4deb0db5b886a030a78ba19fb42cccc01623c991e542034b80cee44de62a013ec05e85a024a11740d5dbdbe79810a4f1ea191b8054fa4789e89881a975c00edfd0689479a1a09e8eb6b74266cbd9d96b2f4dd8de3e321e20e4ec9c4d428d9dc73399823744d4262926408e782fb9eefa2ff1f18ffe50b878dd1496de1c0e70b02a856ab16c68e92ae4102b6e21fdd37c9d37e42a06d6c3f1d768e34f0779810813feb2645ee9b13ce6d07823b2092ce22662bf3ba99751ccc7443281b2afcfdf
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.12
+            IsCertificateAuthority: false
+            SerialNumber: 008c77a0008ff4d1b0c63d9f3a48838d6b
+            Version: 3
+            TBS:
+                MD5: 6efd500ce038df7aa3087c1e63a5eb5c
+                SHA1: 1c961712a02fb995c585080eda53a753656ca3ad
+                SHA256: f60d4f8f7b56499de889264b1e64890694c5b106129d3db068976ed33495577a
+                SHA384: 031fdf7c078e205b4d3ffaff40de36f48f91f87c3b0005b482ff614b320f5e47785045cb87a3e6a75085c24ae8409498
+        Signer:
+        -   SerialNumber: 0efd9bd4b4281c6522d96011df46c9c4
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Assured
+                ID Code Signing CA
+            Version: 1
+    Imphash: 391ffad95759bc4bac2b737d0d0eaa84
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: befaf31ebd0bbedb364214fca5dd9799
+        SHA1: c58bebef6a92f5a5b37be0394695e8e18a42867f
+        SHA256: 350e15bf24dcfdc052db117718329a03e930c17ac8c835e51d001e74bad784e4
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2020-11-29 19:41:05'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - RtlValidSid
+    - RtlCompareMemory
+    - RtlGetVersion
+    - SeExports
+    - __C_specific_handler
+    - ZwSetSecurityObject
+    - ObOpenObjectByPointer
+    - PsLookupProcessByProcessId
+    - RtlAddAccessAllowedAce
+    - RtlCreateAcl
+    - RtlLengthSid
+    - ZwSetInformationThread
+    - PsGetCurrentProcessId
+    - ZwQueryValueKey
+    - ZwOpenKey
+    - ZwClose
+    - ObfDereferenceObject
+    - ObReferenceObjectByHandle
+    - IoReleaseCancelSpinLock
+    - IoFreeMdl
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - IofCompleteRequest
+    - IoAllocateMdl
+    - KeAcquireInStackQueuedSpinLock
+    - PsCreateSystemThread
+    - MmFreePagesFromMdl
+    - MmAllocatePagesForMdl
+    - MmUnmapLockedPages
+    - MmMapLockedPagesSpecifyCache
+    - MmBuildMdlForNonPagedPool
+    - ExDeleteNPagedLookasideList
+    - ExInitializeNPagedLookasideList
+    - ExpInterlockedPushEntrySList
+    - ExpInterlockedPopEntrySList
+    - ExQueryDepthSList
+    - ExFreePoolWithTag
+    - PsTerminateSystemThread
+    - KeInitializeSpinLock
+    - KeWaitForSingleObject
+    - KeSetEvent
+    - KeInitializeEvent
+    - RtlSetDaclSecurityDescriptor
+    - RtlCreateSecurityDescriptor
+    - RtlAppendUnicodeToString
+    - MmGetSystemRoutineAddress
+    - RtlInitUnicodeString
+    - RtlCopyUnicodeString
+    - swprintf_s
+    - ExUuidCreate
+    - ExAllocatePoolWithTag
+    - KeReleaseInStackQueuedSpinLock
+    - FwpsDiscardClonedStreamData0
+    - FwpsCloneStreamData0
+    - FwpsRedirectHandleDestroy0
+    - FwpsCompleteClassify0
+    - FwpsFlowRemoveContext0
+    - FwpmBfeStateUnsubscribeChanges0
+    - FwpmBfeStateSubscribeChanges0
+    - FwpmBfeStateGet0
+    - FwpsCopyStreamDataToBuffer0
+    - FwpsStreamInjectAsync0
+    - FwpsInjectNetworkReceiveAsync0
+    - FwpsInjectTransportReceiveAsync0
+    - FwpsInjectTransportSendAsync0
+    - FwpsConstructIpHeaderForTransportPacket0
+    - FwpsInjectNetworkSendAsync0
+    - FwpsFreeCloneNetBufferList0
+    - FwpsFreeNetBufferList0
+    - FwpsAllocateNetBufferAndNetBufferList0
+    - FwpsInjectionHandleDestroy0
+    - FwpsInjectionHandleCreate0
+    - FwpsFlowAbort0
+    - FwpmFilterAdd0
+    - FwpmCalloutAdd0
+    - FwpmSubLayerDestroyEnumHandle0
+    - FwpmSubLayerEnum0
+    - FwpmSubLayerCreateEnumHandle0
+    - FwpmSubLayerDeleteByKey0
+    - FwpmSubLayerAdd0
+    - FwpmProviderContextDeleteByKey0
+    - FwpmProviderAdd0
+    - FwpmTransactionAbort0
+    - FwpmTransactionCommit0
+    - FwpmTransactionBegin0
+    - FwpmEngineClose0
+    - FwpmEngineOpen0
+    - FwpmFreeMemory0
+    - FwpsRedirectHandleCreate0
+    - FwpsQueryPacketInjectionState0
+    - FwpsApplyModifiedLayerData0
+    - FwpsAcquireWritableLayerDataPointer0
+    - FwpsReleaseClassifyHandle0
+    - FwpsAcquireClassifyHandle0
+    - FwpsFlowAssociateContext0
+    - FwpsCalloutUnregisterByKey0
+    - FwpsCalloutRegister1
+    - FwpsPendClassify0
+    - NdisAllocateNetBufferListPool
+    - NdisAdvanceNetBufferDataStart
+    - NdisGetDataBuffer
+    - NdisAllocateGenericObject
+    - NdisFreeGenericObject
+    - NdisInitializeEvent
+    - NdisFreeNetBufferListPool
+    - NdisRetreatNetBufferDataStart
+    - NdisWaitEvent
+    - WdfVersionUnbind
+    - WdfVersionBindClass
+    - WdfVersionUnbindClass
+    - WdfVersionBind
+    Imports:
+    - ntoskrnl.exe
+    - fwpkclnt.sys
+    - NDIS.SYS
+    - WDFLDR.SYS
+    InternalName: ''
+    MD5: c8c6fadcb7cb85f197ab77e6a7b67aa9
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 685ad79cd9046fc877cf4045c6851f19
+        SHA1: a6fd21ddcc785c55b9cd4dae783bb1234c933a5d
+        SHA256: 0c85909eae295af47422021353ff5226ad93f3bab59069d315922368b5d511b8
+    SHA1: f86ae53eb61d3c7c316effe86395a4c0376b06db
+    SHA256: ae5cc99f3c61c86c7624b064fd188262e0160645c1676d231516bf4e716a22d3
+    Sections:
+        .text:
+            Entropy: 6.258357354555082
+            Virtual Size: '0xe19a'
+        .rdata:
+            Entropy: 5.216341532062553
+            Virtual Size: '0x1254'
+        .data:
+            Entropy: 2.1499810830170913
+            Virtual Size: '0x2740'
+        .pdata:
+            Entropy: 4.863003417071372
+            Virtual Size: '0x978'
+        INIT:
+            Entropy: 5.126260911710506
+            Virtual Size: '0xf82'
+        .reloc:
+            Entropy: 4.902525808147044
+            Virtual Size: '0x158'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID Root CA
+            ValidFrom: '2011-04-15 19:41:37'
+            ValidTo: '2021-04-15 19:51:37'
+            Signature: 5cf5b22d02ceed01b53512d813f7aa4014c7a15ca08a55ed7e55ea6ac457176fd04722423658efc5ac61c5f62c52ce6ae6c80d85dab334420ea40225182672b92a4ea57e4b16f2a0e40c449ce24d9af474f0f927a6699031c244654348c74869d0fc8409f286140ac22996857f11eb8713176ed3ec6bff1d578ab17b1ea5a07ce9a27a68e5fac6b161d67263fa379163835599f81d614f0c6fa3f7bcb1152acc8d85e31417ef7e49443fb022c0f0acbe2fdbe10c86b0f4585c5a10a94bcdf3448a4652083e0a6210e9459504b78b8d4b074f500db7bbe7fb8ca27878c6c53b7663b2cfe521845a66fce04c79834ecfa8ee700586587cc29cd73ca3ad3c7e76625c87d0ed7cd5c55b1421f4be75a275d2e9e15ad020307841624d6b5e6e1b1710244ad8588775d015d762bbfd185665842561977faad49df4f35d6da031c2e19e02ac3e90c3327ee832903416d08b14cf95accee58c54a265b8bfed186a57073ed3e79a4a2f081a041c49871a8ae61b08a365d81c31c50d9cbab368ddf45076160675fec403e7d13edfdc862e10027e661296534e7af3365879b12042d8963f35be3f8ef2999743f5e40ce13c68728c8d49d75a52b573fb7a35943a61b08482c04885c19732d39b725fa0d2348f7ef0467cf28c7294c707b0d7b5b230b81965f09c8327b0a0abd0a2727e050fb3aeddb95b9b42bcc32663456b86f11d4643edc8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611cb28a000000000026
+            Version: 3
+            TBS:
+                MD5: 983a0c315a50542362f2bd6a5d71c8d0
+                SHA1: 8047f476001f5cb16a661d2a3fd0c3576168f5e2
+                SHA256: 5f6a519ed2e35cd0fa1cdfc90f4387162c36287bbf9e4d6648251d99542a9e83
+                SHA384: 5f014b60511ddab3247ef0b3c03fe82c622237ba76015e2911d1adc50dc632d56ebd1ee532f3c2b6cbfe68d80a2c91dc
+        -   Subject: C=CN, ST=, L=, O=, CN=
+            ValidFrom: '2020-04-07 00:00:00'
+            ValidTo: '2023-04-12 12:00:00'
+            Signature: 056b54cd71b6206297f5e781cbdd5fd3e1d00efd8902ba8fa5e88fa99f3e4de7f620d29685cd48f2e229845102cae6eeaf3dd16087873576b35af8bde8b369baf14d6956c881d4d55c730734db3029c84b83eabed46aeaf79daacc1821220e82886a9b499923225ac471a3df7389ab99693d7a950c07f7fcb4da549ed53c462676b259c867b31f317552cbdbeb331b537ec9b3ca4ab68c26a47aede38fd3a33253655442c4a6113cd16669660e55088a03650dc6c1c5fe52aabd613651e5f0a45096bfc3baeafc386bbe75b53909d4974cc360a491cb19090b681bca3dda039ee52b5bd5fdf1ff157625ad1f54db0e14b571e00d7119bfbd667df0cd517e77bd
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0dd7d4a785990584d8c0837659173272
+            Version: 3
+            TBS:
+                MD5: 559c170b8f735dd1ba8c3946354c4fa5
+                SHA1: e7432e65001ca5e56478ee25ae9906981432ee75
+                SHA256: 1c6140780d5210fb89e1dd3005184e03dc52740266a921035b1f836b5af0d32a
+                SHA384: 545ad02c12154f939f80b6f4b9d7ae888550220af82ec3f0a42805c8f6e6d7e57dbe62c80a8f8ec35a894acce2f68d9f
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 7b721d64ff88c83ac1b7e9e7a9c487bbdb9492d7905933fa2b87dea85b80253f138f9b831b7c43c4e68cdf393ec315ecb0da3b21257b24c1725db84791811346fa9c3f6a5138deb425cbf0abdfc528015479104624d1380f26a161904dbabd28e63ff1c4aa9bf6da35534fc9f23dd36cdc23edaaa04d6709f33a803d3cfb364c90e776a4ddf23abf56352fa24c65e8e0d4dad1c7c8916a2d234f373b199418d4d59c103cd5b11c19ff8fc86b9b9ef8ae9c999678d1cd9c51155b4226725a8d0a4a239240e886de22c2933ad49b68a6df297f06b93c0ebd9fc4869c82474271328609997209794b9d7169f541ff7f397764f1848dbe8b1eb27d68a3a590b10cff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0fa8490615d700a0be2176fdc5ec6dbd
+            Version: 3
+            TBS:
+                MD5: a9a31555bbc92b6033975c5428fb3679
+                SHA1: 47f4b9898631773231b32844ec0d49990ac4eb1e
+                SHA256: c826846e4b1d73edb7561ab1b41c949354e237a91e82fe1be5b7e2e1701f52d1
+                SHA384: 86f49574f368a561914a52d7ae043ec6784ef8c718960700f834e123594605d25d39f1ad45f1eb5052c9567f3edd0e16
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 0dd7d4a785990584d8c0837659173272
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID Code Signing CA,1
+            Version: 1
+    Imphash: 0ebf1214948a636eba076b14cd8f72d5
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: e7902722f707f386ff95d67bfd989be0
+        SHA1: 4604a20cae2dfe42320fe8f6aed000ec204efa7e
+        SHA256: 13b82d81d6eac1a8b2e4655504dabecbd70673cdf45c244702a02f3397fdff9a
+    Company: NetFilterSDK.com
+    Copyright: Copyright ? NetFilterSDK.com
+    CreationTimestamp: '2020-09-24 20:14:24'
+    Date: ''
+    Description: NetFilter SDK TDI Hook Driver (WPP)
+    ExportedFunctions: ''
+    FileVersion: '1.4.9.8 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - IoDeleteSymbolicLink
+    - IofCompleteRequest
+    - ZwClose
+    - ObfDereferenceObject
+    - ObOpenObjectByPointer
+    - PsLookupProcessByProcessId
+    - MmGetSystemRoutineAddress
+    - RtlInitUnicodeString
+    - IoDetachDevice
+    - IofCallDriver
+    - IoFreeMdl
+    - memcpy
+    - MmBuildMdlForNonPagedPool
+    - IoBuildDeviceIoControlRequest
+    - IoAllocateMdl
+    - RtlDowncaseUnicodeString
+    - PsGetCurrentProcessId
+    - KeWaitForSingleObject
+    - KeInitializeEvent
+    - KeInsertQueueDpc
+    - IoReleaseCancelSpinLock
+    - ObReferenceObjectByHandle
+    - IoDeleteDevice
+    - MmMapLockedPagesSpecifyCache
+    - IoAllocateIrp
+    - KeInitializeTimer
+    - KeInitializeDpc
+    - RtlAppendUnicodeToString
+    - IoAttachDeviceToDeviceStack
+    - IoGetDeviceObjectPointer
+    - KeSetTimer
+    - MmUnmapLockedPages
+    - MmFreePagesFromMdl
+    - MmAllocatePagesForMdl
+    - ZwQueryValueKey
+    - ZwOpenKey
+    - ZwSetSecurityObject
+    - RtlSetDaclSecurityDescriptor
+    - RtlCreateSecurityDescriptor
+    - RtlAddAccessAllowedAce
+    - RtlCreateAcl
+    - SeExports
+    - RtlLengthSid
+    - KeTickCount
+    - KeBugCheckEx
+    - RtlUnwind
+    - _aullrem
+    - ExFreePoolWithTag
+    - memset
+    - IoFreeIrp
+    - ExAllocatePoolWithTag
+    - KfAcquireSpinLock
+    - KfReleaseSpinLock
+    - TdiMapUserRequest
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    - TDI.SYS
+    InternalName: LgDCatcher.sys
+    MD5: ad6d5177656dfc5b43def5d13d32f9f6
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: LgDCatcher.sys
+    PDBPath: ''
+    Product: NetFilter SDK
+    ProductVersion: 1.5.8.9
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: ad9744fc505f62a6698d77730997bfc6
+        SHA1: 823b166d3fc361be477b0f81ae15171cca68accb
+        SHA256: b7399963880416ccdf6a6942c3d4dbf8a77044bc504f2405c7bdbbed2835295c
+    SHA1: a01c42a5be7950adbc7228a9612255ac3a06b904
+    SHA256: 0c42fe45ffa9a9c36c87a7f01510a077da6340ffd86bf8509f02c6939da133c5
+    Sections:
+        .text:
+            Entropy: 6.397798388592881
+            Virtual Size: '0x9c02'
+        .rdata:
+            Entropy: 4.044693905831574
+            Virtual Size: '0x204'
+        .data:
+            Entropy: 0.24044503450968063
+            Virtual Size: '0x1458'
+        INIT:
+            Entropy: 5.514785664446277
+            Virtual Size: '0x638'
+        .rsrc:
+            Entropy: 3.337655772667483
+            Virtual Size: '0x3a0'
+        .reloc:
+            Entropy: 6.444197863031406
+            Virtual Size: '0xa6a'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID Root CA
+            ValidFrom: '2011-04-15 19:41:37'
+            ValidTo: '2021-04-15 19:51:37'
+            Signature: 5cf5b22d02ceed01b53512d813f7aa4014c7a15ca08a55ed7e55ea6ac457176fd04722423658efc5ac61c5f62c52ce6ae6c80d85dab334420ea40225182672b92a4ea57e4b16f2a0e40c449ce24d9af474f0f927a6699031c244654348c74869d0fc8409f286140ac22996857f11eb8713176ed3ec6bff1d578ab17b1ea5a07ce9a27a68e5fac6b161d67263fa379163835599f81d614f0c6fa3f7bcb1152acc8d85e31417ef7e49443fb022c0f0acbe2fdbe10c86b0f4585c5a10a94bcdf3448a4652083e0a6210e9459504b78b8d4b074f500db7bbe7fb8ca27878c6c53b7663b2cfe521845a66fce04c79834ecfa8ee700586587cc29cd73ca3ad3c7e76625c87d0ed7cd5c55b1421f4be75a275d2e9e15ad020307841624d6b5e6e1b1710244ad8588775d015d762bbfd185665842561977faad49df4f35d6da031c2e19e02ac3e90c3327ee832903416d08b14cf95accee58c54a265b8bfed186a57073ed3e79a4a2f081a041c49871a8ae61b08a365d81c31c50d9cbab368ddf45076160675fec403e7d13edfdc862e10027e661296534e7af3365879b12042d8963f35be3f8ef2999743f5e40ce13c68728c8d49d75a52b573fb7a35943a61b08482c04885c19732d39b725fa0d2348f7ef0467cf28c7294c707b0d7b5b230b81965f09c8327b0a0abd0a2727e050fb3aeddb95b9b42bcc32663456b86f11d4643edc8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611cb28a000000000026
+            Version: 3
+            TBS:
+                MD5: 983a0c315a50542362f2bd6a5d71c8d0
+                SHA1: 8047f476001f5cb16a661d2a3fd0c3576168f5e2
+                SHA256: 5f6a519ed2e35cd0fa1cdfc90f4387162c36287bbf9e4d6648251d99542a9e83
+                SHA384: 5f014b60511ddab3247ef0b3c03fe82c622237ba76015e2911d1adc50dc632d56ebd1ee532f3c2b6cbfe68d80a2c91dc
+        -   Subject: C=CN, ST=, L=, O=, CN=
+            ValidFrom: '2020-04-07 00:00:00'
+            ValidTo: '2023-04-12 12:00:00'
+            Signature: 056b54cd71b6206297f5e781cbdd5fd3e1d00efd8902ba8fa5e88fa99f3e4de7f620d29685cd48f2e229845102cae6eeaf3dd16087873576b35af8bde8b369baf14d6956c881d4d55c730734db3029c84b83eabed46aeaf79daacc1821220e82886a9b499923225ac471a3df7389ab99693d7a950c07f7fcb4da549ed53c462676b259c867b31f317552cbdbeb331b537ec9b3ca4ab68c26a47aede38fd3a33253655442c4a6113cd16669660e55088a03650dc6c1c5fe52aabd613651e5f0a45096bfc3baeafc386bbe75b53909d4974cc360a491cb19090b681bca3dda039ee52b5bd5fdf1ff157625ad1f54db0e14b571e00d7119bfbd667df0cd517e77bd
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0dd7d4a785990584d8c0837659173272
+            Version: 3
+            TBS:
+                MD5: 559c170b8f735dd1ba8c3946354c4fa5
+                SHA1: e7432e65001ca5e56478ee25ae9906981432ee75
+                SHA256: 1c6140780d5210fb89e1dd3005184e03dc52740266a921035b1f836b5af0d32a
+                SHA384: 545ad02c12154f939f80b6f4b9d7ae888550220af82ec3f0a42805c8f6e6d7e57dbe62c80a8f8ec35a894acce2f68d9f
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 7b721d64ff88c83ac1b7e9e7a9c487bbdb9492d7905933fa2b87dea85b80253f138f9b831b7c43c4e68cdf393ec315ecb0da3b21257b24c1725db84791811346fa9c3f6a5138deb425cbf0abdfc528015479104624d1380f26a161904dbabd28e63ff1c4aa9bf6da35534fc9f23dd36cdc23edaaa04d6709f33a803d3cfb364c90e776a4ddf23abf56352fa24c65e8e0d4dad1c7c8916a2d234f373b199418d4d59c103cd5b11c19ff8fc86b9b9ef8ae9c999678d1cd9c51155b4226725a8d0a4a239240e886de22c2933ad49b68a6df297f06b93c0ebd9fc4869c82474271328609997209794b9d7169f541ff7f397764f1848dbe8b1eb27d68a3a590b10cff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0fa8490615d700a0be2176fdc5ec6dbd
+            Version: 3
+            TBS:
+                MD5: a9a31555bbc92b6033975c5428fb3679
+                SHA1: 47f4b9898631773231b32844ec0d49990ac4eb1e
+                SHA256: c826846e4b1d73edb7561ab1b41c949354e237a91e82fe1be5b7e2e1701f52d1
+                SHA384: 86f49574f368a561914a52d7ae043ec6784ef8c718960700f834e123594605d25d39f1ad45f1eb5052c9567f3edd0e16
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 0dd7d4a785990584d8c0837659173272
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID Code Signing CA,1
+            Version: 1
+    Imphash: 835e364e2175338d970c2aaee365f3dc
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/a8f2da2a-369c-4b4d-9a00-d7a892b9f7c3.yaml b/yaml/a8f2da2a-369c-4b4d-9a00-d7a892b9f7c3.yaml
index 8c78efb04..899fbf0b6 100644
--- a/yaml/a8f2da2a-369c-4b4d-9a00-d7a892b9f7c3.yaml
+++ b/yaml/a8f2da2a-369c-4b4d-9a00-d7a892b9f7c3.yaml
@@ -1,161 +1,163 @@
 Id: a8f2da2a-369c-4b4d-9a00-d7a892b9f7c3
+Tags:
+- wsdkd.sys
+Verified: 'TRUE'
 Author: Chris Beckett, Jon Petersen
 Created: '2023-09-12'
 MitreID: T1068
 CVE:
 - CVE-2023-1453
 Category: vulnerable driver
-Verified: 'TRUE'
 Commands:
-  Command: sc.exe create wsdkd.sys binPath=C:\windows\temp\wsdkd.sys type=kernel &&
-    sc.exe start wsdkd.sys
-  Description: A vulnerability was found in Watchdog Anti-Virus 1.4.214.0. It has
-    been rated as critical. Affected by this issue is the function 0x80002008 in the
-    library wsdk-driver.sys of the component IoControlCode Handler. The manipulation
-    leads to improper access controls. Attacking locally is a requirement. The exploit
-    has been disclosed to the public and may be used. VDB-223298 is the identifier
-    assigned to this vulnerability.
-  Usecase: Elevate privileges
-  Privileges: kernel
-  OperatingSystem: Windows 10
+    Command: sc.exe create wsdkd.sys binPath=C:\windows\temp\wsdkd.sys type=kernel
+        && sc.exe start wsdkd.sys
+    Description: A vulnerability was found in Watchdog Anti-Virus 1.4.214.0. It has
+        been rated as critical. Affected by this issue is the function 0x80002008
+        in the library wsdk-driver.sys of the component IoControlCode Handler. The
+        manipulation leads to improper access controls. Attacking locally is a requirement.
+        The exploit has been disclosed to the public and may be used. VDB-223298 is
+        the identifier assigned to this vulnerability.
+    Usecase: Elevate privileges
+    Privileges: kernel
+    OperatingSystem: Windows 10
 Resources:
 - https://github.com/zeze-zeze/WindowsKernelVuln/tree/master/CVE-2023-1453
 - https://nvd.nist.gov/vuln/detail/CVE-2023-1453
 - https://avd.aquasec.com/nvd/2023/cve-2023-1453/
-Acknowledgement:
-  Person: Chris Beckett, Jon Petersen
-  Handle: '@cbecks_2'
 Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Person: Chris Beckett, Jon Petersen
+    Handle: '@cbecks_2'
 KnownVulnerableSamples:
-- Filename: wsdkd.sys
-  MD5: eff3a9cc3e99ef3ddae57df72807f0c7
-  SHA1: 611411538b2bc9045d29bbd07e6845e918343e3c
-  SHA256: 6278bc785113831b2ec3368e2c9c9e89e8aca49085a59d8d38dac651471d6440
-  Signature: ''
-  Date: ''
-  Publisher: ''
-  Company: WatchDogDevelopment.com, LLC.
-  Description: WatchDog Antivirus Driver
-  Product: wsdkd
-  ProductVersion: 0.3.1.0
-  FileVersion: 0.3.1.0
-  MachineType: AMD64
-  OriginalFilename: wsdkd.sys
-  Authentihash:
-    MD5: 081783e6cad865b315ac1343a481aab6
-    SHA1: e7d2e9b79774d5fac9c9ce299c7f705f1305d781
-    SHA256: 0cb429e6daaba89111d2edb3e01ef1d8ac9b90813b9d80292fe8050287a63146
-  RichPEHeaderHash:
-    MD5: 686a72d8fbac43c8bb0da656a345ad4f
-    SHA1: f44975463e54efb7dca1197b53a2a12b340ab70b
-    SHA256: 2456319bd369f9090d42eddff4ffe2cc8c31fc20037e6582103bf1dfa82c0663
-  Sections:
-    .text:
-      Entropy: 6.120818274031121
-      Virtual Size: '0x12a9'
-    .rdata:
-      Entropy: 3.4807301528585097
-      Virtual Size: '0x79c'
-    .data:
-      Entropy: 2.068369848904217
-      Virtual Size: '0x2c'
-    .pdata:
-      Entropy: 3.816937391759435
-      Virtual Size: '0x18c'
-    INIT:
-      Entropy: 5.138280288562083
-      Virtual Size: '0x490'
-    .rsrc:
-      Entropy: 3.2936061601594235
-      Virtual Size: '0x340'
-    .reloc:
-      Entropy: 3.5339846406206146
-      Virtual Size: '0x24'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2022-02-22 05:33:30'
-  InternalName: wsdkd.sys
-  Copyright: Copyright (C) 2022
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoGetDeviceAttachmentBaseRef
-  - ZwDeleteFile
-  - IoFileObjectType
-  - RtlGetVersion
-  - IofCompleteRequest
-  - IoCreateDevice
-  - ObCloseHandle
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - __C_specific_handler
-  - MmGetSystemRoutineAddress
-  - IoSetThreadHardErrorMode
-  - _local_unwind
-  - IoCreateFileSpecifyDeviceObjectHint
-  - ObReferenceObjectByHandle
-  - IoGetRelatedDeviceObject
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - RtlInitUnicodeString
-  - IoCreateSymbolicLink
-  - RtlSetDaclSecurityDescriptor
-  - KeBugCheckEx
-  - FltStartFiltering
-  - FltRegisterFilter
-  - FltBuildDefaultSecurityDescriptor
-  - FltSendMessage
-  - FltCloseCommunicationPort
-  - FltCreateCommunicationPort
-  - FltUnregisterFilter
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: ??=Private Organization, serialNumber=460726, ??=US, ??=Idaho, C=US,
-        ST=Idaho, L=Boise, ??=702 W Idaho Street Suite 1100, O=WATCHDOGDEVELOPMENT.COM,
-        LLC, CN=WATCHDOGDEVELOPMENT.COM, LLC
-      ValidFrom: '2021-04-21 14:24:27'
-      ValidTo: '2022-03-25 19:57:48'
-      Signature: 9ba0d9eef89f4e9a41f5cf68ac4fe0f024dac877c639b288bae6c89bdbcb5ea6c81f1b8bd62f53be6a880bcd072c82ac2dc99f32f56bc6b02946d0bba3ebefe29dcf49e118dcfd966b4fa9ca56a4845e61910c077fe7fbbbf56daa73a82be2ceff3a9e84b397fe97dfb407c7d9160dd92a371fb76a2d35c8ba04c94e5028b2e3354fb09dc8974298b654f7a2ec4b703cf36aa5dada972d076a5685b5e292e2521c0d1b6ead53911bbe887e49916dca7913ee57cb16da99537f2addeb1cef02465db1b72b4ed09dc275230eec1aba61848a07d34b4d271619a5a6230b73fe406cf6aae6c2d20cbf2ff7d18eb662804680c96b8d390713c22d80e6e84b3933bd519d9ecc0af19282a5ab7d4886da8e0ca6947135691bd2f891258e8ef8f913de42229d87985c96da4b58de561afacaa99800ffcaa2d386fc88d8f6f82e7442cbd51ba9f3f4e8e9d2d1752d467e1d95a06cafd4438ad8648dc3d552126a589b205269b05be5b181c93fedf0a20caab8a185663f56be9e86287db166eb49493a5789e4e95f455d4f032274a63b6e8ad8bf8534aef7a8ab80c73ff24cf42db5d4293f6d5f5c6b7262c211e767e87cbe196ec28ec820eb1e5b138c3604329ed5d0139cc8f2e049c7d416fb7a0c5a55dcd0cc5fcf8e566d644b5583e557f24244296762139a4ee1fd70be0b15402c7193996b25223dd05e9206e0290aa6e1f52f3097b3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 1f7b0de3090ee13a436315a6
-      Version: 3
-      TBS:
-        MD5: cf8f84376abaf814f76cb8332f32d76f
-        SHA1: 1103e907c83a85682befe4adba4d03b8f6c95543
-        SHA256: 8de6eae4e1479f02dc58281ad5c035e629345ff74a177e559192d03bd23e0f9f
-        SHA384: 6fba402fc6da63e224d7b775f3377322607bfda2e9f00ea3a22705921ff4a9ea40b28bc032799ca30fe000df3e429793
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign GCC R45 EV CodeSigning CA 2020
-      ValidFrom: '2020-07-28 00:00:00'
-      ValidTo: '2030-07-28 00:00:00'
-      Signature: 2575a009c939bab7a139892f189fabd6eb1d4be8947c0d07689b1c9def71b6176a6b024fb33f864587cc659b4ce35806022266d56102c5638fd4a2f1b65e250b7796e9cd7140338829eceef3a26dbc4db53e064bc97333ca08142d3d4ce8b0ba75a6742da4583a6c1349f8a5150a149685b16a68342542af9656f410fa247df12b72c116e16bebe6a998c73e5af4d0189dfd74978677462a3d237d28738aaeef2b1b9abf6c53a7149e3c8771c05e8ec8fbd32a9233ea574d5e075ecac118ac812d1a21fa6ecf97617bdf717a3aca63f7d530443732febb4385dcbafca6ca33192b776ddbcb05f07e5f752ea2b6bf35aa3663c9ce64d9bdfcbc2cf3495600c8122bc627bb37af57efc4cf1e29c4f4e22dce2a61cf57edf50a40e2f518d61ee9902fcad3875f938a481a111de537859f2e66629a5e814e95ac555743dc538b257e3c610f8a0bbaf53fa6d78ef704565e21bb9fd76a7180bf96de7203d8d8222bf327164f38e851400cae92efbe3d7df780c64c36578495a7841548300e5227088d8ea2bd22c719c9a6ca0ea87a36db6aba615f112495a4e28e68ee19a949995ed0b434bdd6f940c710973152393529118724d3c4fba963cb7748d5fa62fc24e0047a4ed0e46edece9e385026f4217165d70925d4c907007ab8c7f377e8c5d4e255d0d31ef67f52e2498db911720c88442633660144dfe4330e21de62894807daf5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 77bd0e05b7590bb61d4761531e3f75ed
-      Version: 3
-      TBS:
-        MD5: 65fd1dac1f115d9507f4e1840c8cb36a
-        SHA1: c7cf5607e19b22fe60c055e71d9b555d70f71f66
-        SHA256: d9c7db0b704f07089440c56e69a0f31d730edf77cfbf7514630e8b5390a270fe
-        SHA384: defe810317bd1215b4d1ee0ec8a5fb38b21d094ef1173cae670956cd899232638e4f9473fd947bd550a4a77300bbb2ab
-    Signer:
-    - SerialNumber: 1f7b0de3090ee13a436315a6
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign GCC R45 EV CodeSigning CA 2020
-      Version: 1
-  Imphash: 1e13511288689b63b2e1348bf5eb567b
-  LoadsDespiteHVCI: 'FALSE'
-Tags:
-- wsdkd.sys
+-   Filename: wsdkd.sys
+    MD5: eff3a9cc3e99ef3ddae57df72807f0c7
+    SHA1: 611411538b2bc9045d29bbd07e6845e918343e3c
+    SHA256: 6278bc785113831b2ec3368e2c9c9e89e8aca49085a59d8d38dac651471d6440
+    Signature: ''
+    Date: ''
+    Publisher: ''
+    Company: WatchDogDevelopment.com, LLC.
+    Description: WatchDog Antivirus Driver
+    Product: wsdkd
+    ProductVersion: 0.3.1.0
+    FileVersion: 0.3.1.0
+    MachineType: AMD64
+    OriginalFilename: wsdkd.sys
+    Authentihash:
+        MD5: 081783e6cad865b315ac1343a481aab6
+        SHA1: e7d2e9b79774d5fac9c9ce299c7f705f1305d781
+        SHA256: 0cb429e6daaba89111d2edb3e01ef1d8ac9b90813b9d80292fe8050287a63146
+    RichPEHeaderHash:
+        MD5: 686a72d8fbac43c8bb0da656a345ad4f
+        SHA1: f44975463e54efb7dca1197b53a2a12b340ab70b
+        SHA256: 2456319bd369f9090d42eddff4ffe2cc8c31fc20037e6582103bf1dfa82c0663
+    Sections:
+        .text:
+            Entropy: 6.120818274031121
+            Virtual Size: '0x12a9'
+        .rdata:
+            Entropy: 3.4807301528585097
+            Virtual Size: '0x79c'
+        .data:
+            Entropy: 2.068369848904217
+            Virtual Size: '0x2c'
+        .pdata:
+            Entropy: 3.816937391759435
+            Virtual Size: '0x18c'
+        INIT:
+            Entropy: 5.138280288562083
+            Virtual Size: '0x490'
+        .rsrc:
+            Entropy: 3.2936061601594235
+            Virtual Size: '0x340'
+        .reloc:
+            Entropy: 3.5339846406206146
+            Virtual Size: '0x24'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2022-02-22 05:33:30'
+    InternalName: wsdkd.sys
+    Copyright: Copyright (C) 2022
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoGetDeviceAttachmentBaseRef
+    - ZwDeleteFile
+    - IoFileObjectType
+    - RtlGetVersion
+    - IofCompleteRequest
+    - IoCreateDevice
+    - ObCloseHandle
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - __C_specific_handler
+    - MmGetSystemRoutineAddress
+    - IoSetThreadHardErrorMode
+    - _local_unwind
+    - IoCreateFileSpecifyDeviceObjectHint
+    - ObReferenceObjectByHandle
+    - IoGetRelatedDeviceObject
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - RtlInitUnicodeString
+    - IoCreateSymbolicLink
+    - RtlSetDaclSecurityDescriptor
+    - KeBugCheckEx
+    - FltStartFiltering
+    - FltRegisterFilter
+    - FltBuildDefaultSecurityDescriptor
+    - FltSendMessage
+    - FltCloseCommunicationPort
+    - FltCreateCommunicationPort
+    - FltUnregisterFilter
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: ??=Private Organization, serialNumber=460726, ??=US, ??=Idaho,
+                C=US, ST=Idaho, L=Boise, ??=702 W Idaho Street Suite 1100, O=WATCHDOGDEVELOPMENT.COM,
+                LLC, CN=WATCHDOGDEVELOPMENT.COM, LLC
+            ValidFrom: '2021-04-21 14:24:27'
+            ValidTo: '2022-03-25 19:57:48'
+            Signature: 9ba0d9eef89f4e9a41f5cf68ac4fe0f024dac877c639b288bae6c89bdbcb5ea6c81f1b8bd62f53be6a880bcd072c82ac2dc99f32f56bc6b02946d0bba3ebefe29dcf49e118dcfd966b4fa9ca56a4845e61910c077fe7fbbbf56daa73a82be2ceff3a9e84b397fe97dfb407c7d9160dd92a371fb76a2d35c8ba04c94e5028b2e3354fb09dc8974298b654f7a2ec4b703cf36aa5dada972d076a5685b5e292e2521c0d1b6ead53911bbe887e49916dca7913ee57cb16da99537f2addeb1cef02465db1b72b4ed09dc275230eec1aba61848a07d34b4d271619a5a6230b73fe406cf6aae6c2d20cbf2ff7d18eb662804680c96b8d390713c22d80e6e84b3933bd519d9ecc0af19282a5ab7d4886da8e0ca6947135691bd2f891258e8ef8f913de42229d87985c96da4b58de561afacaa99800ffcaa2d386fc88d8f6f82e7442cbd51ba9f3f4e8e9d2d1752d467e1d95a06cafd4438ad8648dc3d552126a589b205269b05be5b181c93fedf0a20caab8a185663f56be9e86287db166eb49493a5789e4e95f455d4f032274a63b6e8ad8bf8534aef7a8ab80c73ff24cf42db5d4293f6d5f5c6b7262c211e767e87cbe196ec28ec820eb1e5b138c3604329ed5d0139cc8f2e049c7d416fb7a0c5a55dcd0cc5fcf8e566d644b5583e557f24244296762139a4ee1fd70be0b15402c7193996b25223dd05e9206e0290aa6e1f52f3097b3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 1f7b0de3090ee13a436315a6
+            Version: 3
+            TBS:
+                MD5: cf8f84376abaf814f76cb8332f32d76f
+                SHA1: 1103e907c83a85682befe4adba4d03b8f6c95543
+                SHA256: 8de6eae4e1479f02dc58281ad5c035e629345ff74a177e559192d03bd23e0f9f
+                SHA384: 6fba402fc6da63e224d7b775f3377322607bfda2e9f00ea3a22705921ff4a9ea40b28bc032799ca30fe000df3e429793
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign GCC R45 EV CodeSigning
+                CA 2020
+            ValidFrom: '2020-07-28 00:00:00'
+            ValidTo: '2030-07-28 00:00:00'
+            Signature: 2575a009c939bab7a139892f189fabd6eb1d4be8947c0d07689b1c9def71b6176a6b024fb33f864587cc659b4ce35806022266d56102c5638fd4a2f1b65e250b7796e9cd7140338829eceef3a26dbc4db53e064bc97333ca08142d3d4ce8b0ba75a6742da4583a6c1349f8a5150a149685b16a68342542af9656f410fa247df12b72c116e16bebe6a998c73e5af4d0189dfd74978677462a3d237d28738aaeef2b1b9abf6c53a7149e3c8771c05e8ec8fbd32a9233ea574d5e075ecac118ac812d1a21fa6ecf97617bdf717a3aca63f7d530443732febb4385dcbafca6ca33192b776ddbcb05f07e5f752ea2b6bf35aa3663c9ce64d9bdfcbc2cf3495600c8122bc627bb37af57efc4cf1e29c4f4e22dce2a61cf57edf50a40e2f518d61ee9902fcad3875f938a481a111de537859f2e66629a5e814e95ac555743dc538b257e3c610f8a0bbaf53fa6d78ef704565e21bb9fd76a7180bf96de7203d8d8222bf327164f38e851400cae92efbe3d7df780c64c36578495a7841548300e5227088d8ea2bd22c719c9a6ca0ea87a36db6aba615f112495a4e28e68ee19a949995ed0b434bdd6f940c710973152393529118724d3c4fba963cb7748d5fa62fc24e0047a4ed0e46edece9e385026f4217165d70925d4c907007ab8c7f377e8c5d4e255d0d31ef67f52e2498db911720c88442633660144dfe4330e21de62894807daf5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 77bd0e05b7590bb61d4761531e3f75ed
+            Version: 3
+            TBS:
+                MD5: 65fd1dac1f115d9507f4e1840c8cb36a
+                SHA1: c7cf5607e19b22fe60c055e71d9b555d70f71f66
+                SHA256: d9c7db0b704f07089440c56e69a0f31d730edf77cfbf7514630e8b5390a270fe
+                SHA384: defe810317bd1215b4d1ee0ec8a5fb38b21d094ef1173cae670956cd899232638e4f9473fd947bd550a4a77300bbb2ab
+        Signer:
+        -   SerialNumber: 1f7b0de3090ee13a436315a6
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign GCC R45 EV CodeSigning
+                CA 2020
+            Version: 1
+    Imphash: 1e13511288689b63b2e1348bf5eb567b
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/a9ab4412-d484-459b-be97-5975f5ab8094.yaml b/yaml/a9ab4412-d484-459b-be97-5975f5ab8094.yaml
index 7b91d2c99..cc9e3bf9c 100644
--- a/yaml/a9ab4412-d484-459b-be97-5975f5ab8094.yaml
+++ b/yaml/a9ab4412-d484-459b-be97-5975f5ab8094.yaml
@@ -1,224 +1,225 @@
 Id: a9ab4412-d484-459b-be97-5975f5ab8094
+Tags:
+- be6318413160e589080df02bb3ca6e6a.sys
+Verified: 'TRUE'
 Author: Alice Climent-Pommeret
 Created: '2023-07-31'
 MitreID: T1014
 Category: malicious
-Verified: 'TRUE'
 Commands:
-  Command: sc.exe create be6318413160e589080df02bb3ca6e6a.sys binPath=C:\windows\temp\be6318413160e589080df02bb3ca6e6a.sys
-    type=kernel && sc.exe start be6318413160e589080df02bb3ca6e6a.sys
-  Description: "Cisco Talos has identified multiple versions of an undocumented malicious\
-    \ driver named \u201CRedDriver,\u201D a driver-based browser hijacker that uses\
-    \ the Windows Filtering Platform (WFP) to intercept browser traffic. RedDriver\
-    \ has been active since at least 2021. RedDriver utilizes HookSignTool to forge\
-    \ its signature timestamp to bypass Windows driver-signing policies. Code from\
-    \ multiple open-source tools has been used in the development of RedDriver's infection\
-    \ chain, including HP-Socket and a custom implementation of ReflectiveLoader.\
-    \ The authors of RedDriver appear to be skilled in driver development and have\
-    \ deep knowledge of the Windows operating system. This threat appears to target\
-    \ native Chinese speakers, as it searches for Chinese language browsers to hijack.\
-    \ Additionally, the authors are likely Chinese speakers themselves."
-  Usecase: ''
-  Privileges: kernel
-  OperatingSystem: Windows 10
+    Command: sc.exe create be6318413160e589080df02bb3ca6e6a.sys binPath=C:\windows\temp\be6318413160e589080df02bb3ca6e6a.sys
+        type=kernel && sc.exe start be6318413160e589080df02bb3ca6e6a.sys
+    Description: "Cisco Talos has identified multiple versions of an undocumented\
+        \ malicious driver named \u201CRedDriver,\u201D a driver-based browser hijacker\
+        \ that uses the Windows Filtering Platform (WFP) to intercept browser traffic.\
+        \ RedDriver has been active since at least 2021. RedDriver utilizes HookSignTool\
+        \ to forge its signature timestamp to bypass Windows driver-signing policies.\
+        \ Code from multiple open-source tools has been used in the development of\
+        \ RedDriver's infection chain, including HP-Socket and a custom implementation\
+        \ of ReflectiveLoader. The authors of RedDriver appear to be skilled in driver\
+        \ development and have deep knowledge of the Windows operating system. This\
+        \ threat appears to target native Chinese speakers, as it searches for Chinese\
+        \ language browsers to hijack. Additionally, the authors are likely Chinese\
+        \ speakers themselves."
+    Usecase: ''
+    Privileges: kernel
+    OperatingSystem: Windows 10
 Resources:
 - https://blog.talosintelligence.com/undocumented-reddriver/
-Acknowledgement:
-  Person: ''
-  Handle: ''
 Detection: []
+Acknowledgement:
+    Person: ''
+    Handle: ''
 KnownVulnerableSamples:
-- Filename: ''
-  MD5: be6318413160e589080df02bb3ca6e6a
-  SHA1: dd94a2436994ac35db91e0ec9438b95e438d38c5
-  SHA256: bed4285d0f8d18f17ddaa53a98a475c87c04c4d167499e24c770da788e5d45f4
-  Signature: ''
-  Date: ''
-  Publisher: ''
-  Company: ''
-  Description: ''
-  Product: ''
-  ProductVersion: ''
-  FileVersion: ''
-  MachineType: AMD64
-  OriginalFilename: ''
-  Authentihash:
-    MD5: 382d0c5c1e5821d578c7295441f8aa96
-    SHA1: 3f9172bcd067412570c0704a74aca4e5242b7354
-    SHA256: 4a367f9af0d4995eafb7bbdb4fa60eee88e470f7192276d3d66afc58f75013e1
-  RichPEHeaderHash:
-    MD5: ecdd5c0e8a78b145a8e5d9443ff0f2eb
-    SHA1: 3ed3a76d965f1b5e387959ceedc84567a2f7bca4
-    SHA256: 1edc4e310bd57e5c317b972f0bdb9f1f0794009b7039364dd6a879ee5f342754
-  Sections:
-    .text:
-      Entropy: 6.2119592546505995
-      Virtual Size: '0xc1ee'
-    .rdata:
-      Entropy: 5.110403242864534
-      Virtual Size: '0xbac'
-    .data:
-      Entropy: 7.880055977911046
-      Virtual Size: '0xa5490'
-    .pdata:
-      Entropy: 4.5968345164469415
-      Virtual Size: '0x540'
-    PAGE:
-      Entropy: 6.308757256393646
-      Virtual Size: '0x9b5'
-    INIT:
-      Entropy: 5.268683087271941
-      Virtual Size: '0xa96'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2023-06-30 05:57:00'
-  InternalName: ''
-  Copyright: ''
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IoRegisterDriverReinitialization
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeSetEvent
-  - KeInitializeEvent
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - ZwClose
-  - IofCompleteRequest
-  - ObReferenceObjectByHandle
-  - KeWaitForSingleObject
-  - PsThreadType
-  - IoIsWdmVersionAvailable
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - ZwReadFile
-  - IoCreateFile
-  - ZwSetInformationFile
-  - ZwCreateFile
-  - ZwQueryDirectoryFile
-  - ZwDeleteFile
-  - ZwOpenFile
-  - RtlImageNtHeader
-  - ZwQueryInformationFile
-  - ZwWriteFile
-  - ZwSetValueKey
-  - ZwQueryValueKey
-  - _vsnprintf
-  - ZwFlushKey
-  - ZwDeleteKey
-  - ZwOpenKey
-  - _stricmp
-  - ZwCreateKey
-  - PsSetLoadImageNotifyRoutine
-  - PsGetProcessImageFileName
-  - PsLookupProcessByProcessId
-  - MmGetSystemRoutineAddress
-  - RtlGetVersion
-  - FsRtlIsNameInExpression
-  - wcsrchr
-  - PsRemoveLoadImageNotifyRoutine
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - KeUnstackDetachProcess
-  - ObOpenObjectByPointer
-  - KeStackAttachProcess
-  - ZwAllocateVirtualMemory
-  - KeClearEvent
-  - _wcsnicmp
-  - ObCreateObject
-  - IoFileObjectType
-  - IoDriverObjectType
-  - MmMapLockedPagesSpecifyCache
-  - IoGetCurrentProcess
-  - _vsnwprintf
-  - KeQueryTimeIncrement
-  - IoGetDeviceAttachmentBaseRef
-  - IoFreeIrp
-  - IoAllocateIrp
-  - RtlCompareUnicodeString
-  - CmRegisterCallback
-  - PsGetCurrentProcessId
-  - RtlCopyUnicodeString
-  - CmCallbackGetKeyObjectID
-  - ZwEnumerateKey
-  - strstr
-  - KeDelayExecutionThread
-  - ExSystemTimeToLocalTime
-  - RtlTimeToTimeFields
-  - RtlMultiByteToUnicodeN
-  - IoBuildDeviceIoControlRequest
-  - IoGetRelatedDeviceObject
-  - IoFreeMdl
-  - IoCancelIrp
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - IofCallDriver
-  - ZwMapViewOfSection
-  - ExGetPreviousMode
-  - ZwQuerySystemInformation
-  - ZwUnmapViewOfSection
-  - ZwCreateSection
-  - ExFreePool
-  - KeBugCheckEx
-  - __C_specific_handler
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=CN, ST=Beijing, L=Beijing, O=Beijing JoinHope Image Technology Ltd.,
-        CN=Beijing JoinHope Image Technology Ltd.
-      ValidFrom: '2014-05-16 00:00:00'
-      ValidTo: '2015-05-16 23:59:59'
-      Signature: e896f8811ed9938fcbdc8c37f8c029045bb36722791c608d7d59f1d50b9e8923777b3ce973553c8164d7445f038c3720516d74f2f95fd734cd1349c1e6cf17f1c9042f069fb94350f7cd8f36f676fd175742d32adbc5d143423e3bc38bea71f9d021110303529d578ba7aab16d53c61642cf1f7e16964718a083182429d4347a09ea0047d9e53bad112ca5a5a14a180539ceb64000a677709bb70e9e3aea68158977072e7f130f1f99b08c2593b4003523f3f6cd441a7e4d8e88f3a2b871e6a03627dd3dadd97487df1dc5b93119ec65b60d1e4e0248a1978ee7480c08b8b8e54d890e7941aa852cf65d731cf0a6cf66584a0d0fba70d6697ee22a8d859919f4
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0a005d2e2bcd4137168217d8c727747c
-      Version: 3
-      TBS:
-        MD5: 4d213d99215f488050faaa39765656d1
-        SHA1: 0308508b5a3fcd330bbf28931f8e1a9c93c3ee69
-        SHA256: ea947432de238a25fdb7892e436f4ef44f30ab16ae9e1eb914860f4808b25ef2
-        SHA384: 430e932514f35ed55f31f050f33bcc0b9244fd83c6d1d28ee240306e54292e93b5894ef4eb9c09bf84cdc8068c6a7230
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 0a005d2e2bcd4137168217d8c727747c
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: be0dd8b8e045356d600ee55a64d9d197
-  LoadsDespiteHVCI: 'TRUE'
-Tags:
-- be6318413160e589080df02bb3ca6e6a.sys
+-   Filename: ''
+    MD5: be6318413160e589080df02bb3ca6e6a
+    SHA1: dd94a2436994ac35db91e0ec9438b95e438d38c5
+    SHA256: bed4285d0f8d18f17ddaa53a98a475c87c04c4d167499e24c770da788e5d45f4
+    Signature: ''
+    Date: ''
+    Publisher: ''
+    Company: ''
+    Description: ''
+    Product: ''
+    ProductVersion: ''
+    FileVersion: ''
+    MachineType: AMD64
+    OriginalFilename: ''
+    Authentihash:
+        MD5: 382d0c5c1e5821d578c7295441f8aa96
+        SHA1: 3f9172bcd067412570c0704a74aca4e5242b7354
+        SHA256: 4a367f9af0d4995eafb7bbdb4fa60eee88e470f7192276d3d66afc58f75013e1
+    RichPEHeaderHash:
+        MD5: ecdd5c0e8a78b145a8e5d9443ff0f2eb
+        SHA1: 3ed3a76d965f1b5e387959ceedc84567a2f7bca4
+        SHA256: 1edc4e310bd57e5c317b972f0bdb9f1f0794009b7039364dd6a879ee5f342754
+    Sections:
+        .text:
+            Entropy: 6.2119592546505995
+            Virtual Size: '0xc1ee'
+        .rdata:
+            Entropy: 5.110403242864534
+            Virtual Size: '0xbac'
+        .data:
+            Entropy: 7.880055977911046
+            Virtual Size: '0xa5490'
+        .pdata:
+            Entropy: 4.5968345164469415
+            Virtual Size: '0x540'
+        PAGE:
+            Entropy: 6.308757256393646
+            Virtual Size: '0x9b5'
+        INIT:
+            Entropy: 5.268683087271941
+            Virtual Size: '0xa96'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2023-06-30 05:57:00'
+    InternalName: ''
+    Copyright: ''
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - IoRegisterDriverReinitialization
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeSetEvent
+    - KeInitializeEvent
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - ZwClose
+    - IofCompleteRequest
+    - ObReferenceObjectByHandle
+    - KeWaitForSingleObject
+    - PsThreadType
+    - IoIsWdmVersionAvailable
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - ZwReadFile
+    - IoCreateFile
+    - ZwSetInformationFile
+    - ZwCreateFile
+    - ZwQueryDirectoryFile
+    - ZwDeleteFile
+    - ZwOpenFile
+    - RtlImageNtHeader
+    - ZwQueryInformationFile
+    - ZwWriteFile
+    - ZwSetValueKey
+    - ZwQueryValueKey
+    - _vsnprintf
+    - ZwFlushKey
+    - ZwDeleteKey
+    - ZwOpenKey
+    - _stricmp
+    - ZwCreateKey
+    - PsSetLoadImageNotifyRoutine
+    - PsGetProcessImageFileName
+    - PsLookupProcessByProcessId
+    - MmGetSystemRoutineAddress
+    - RtlGetVersion
+    - FsRtlIsNameInExpression
+    - wcsrchr
+    - PsRemoveLoadImageNotifyRoutine
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - KeUnstackDetachProcess
+    - ObOpenObjectByPointer
+    - KeStackAttachProcess
+    - ZwAllocateVirtualMemory
+    - KeClearEvent
+    - _wcsnicmp
+    - ObCreateObject
+    - IoFileObjectType
+    - IoDriverObjectType
+    - MmMapLockedPagesSpecifyCache
+    - IoGetCurrentProcess
+    - _vsnwprintf
+    - KeQueryTimeIncrement
+    - IoGetDeviceAttachmentBaseRef
+    - IoFreeIrp
+    - IoAllocateIrp
+    - RtlCompareUnicodeString
+    - CmRegisterCallback
+    - PsGetCurrentProcessId
+    - RtlCopyUnicodeString
+    - CmCallbackGetKeyObjectID
+    - ZwEnumerateKey
+    - strstr
+    - KeDelayExecutionThread
+    - ExSystemTimeToLocalTime
+    - RtlTimeToTimeFields
+    - RtlMultiByteToUnicodeN
+    - IoBuildDeviceIoControlRequest
+    - IoGetRelatedDeviceObject
+    - IoFreeMdl
+    - IoCancelIrp
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - IofCallDriver
+    - ZwMapViewOfSection
+    - ExGetPreviousMode
+    - ZwQuerySystemInformation
+    - ZwUnmapViewOfSection
+    - ZwCreateSection
+    - ExFreePool
+    - KeBugCheckEx
+    - __C_specific_handler
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=CN, ST=Beijing, L=Beijing, O=Beijing JoinHope Image Technology
+                Ltd., CN=Beijing JoinHope Image Technology Ltd.
+            ValidFrom: '2014-05-16 00:00:00'
+            ValidTo: '2015-05-16 23:59:59'
+            Signature: e896f8811ed9938fcbdc8c37f8c029045bb36722791c608d7d59f1d50b9e8923777b3ce973553c8164d7445f038c3720516d74f2f95fd734cd1349c1e6cf17f1c9042f069fb94350f7cd8f36f676fd175742d32adbc5d143423e3bc38bea71f9d021110303529d578ba7aab16d53c61642cf1f7e16964718a083182429d4347a09ea0047d9e53bad112ca5a5a14a180539ceb64000a677709bb70e9e3aea68158977072e7f130f1f99b08c2593b4003523f3f6cd441a7e4d8e88f3a2b871e6a03627dd3dadd97487df1dc5b93119ec65b60d1e4e0248a1978ee7480c08b8b8e54d890e7941aa852cf65d731cf0a6cf66584a0d0fba70d6697ee22a8d859919f4
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0a005d2e2bcd4137168217d8c727747c
+            Version: 3
+            TBS:
+                MD5: 4d213d99215f488050faaa39765656d1
+                SHA1: 0308508b5a3fcd330bbf28931f8e1a9c93c3ee69
+                SHA256: ea947432de238a25fdb7892e436f4ef44f30ab16ae9e1eb914860f4808b25ef2
+                SHA384: 430e932514f35ed55f31f050f33bcc0b9244fd83c6d1d28ee240306e54292e93b5894ef4eb9c09bf84cdc8068c6a7230
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 0a005d2e2bcd4137168217d8c727747c
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: be0dd8b8e045356d600ee55a64d9d197
+    LoadsDespiteHVCI: 'TRUE'
diff --git a/yaml/a9d9cbb7-b5f6-4e74-97a5-29993263280e.yaml b/yaml/a9d9cbb7-b5f6-4e74-97a5-29993263280e.yaml
index 233c36f44..a60f30739 100644
--- a/yaml/a9d9cbb7-b5f6-4e74-97a5-29993263280e.yaml
+++ b/yaml/a9d9cbb7-b5f6-4e74-97a5-29993263280e.yaml
@@ -1,529 +1,529 @@
 Id: a9d9cbb7-b5f6-4e74-97a5-29993263280e
+Tags:
+- CorsairLLAccess64.sys
+Verified: 'TRUE'
 Author: Nasreddine Bencherchali
 Created: '2023-05-06'
 MitreID: T1068
 Category: vulnerable driver
-Verified: 'TRUE'
 Commands:
-  Command: sc.exe create CorsairLLAccess64.sys binPath=C:\windows\temp\CorsairLLAccess64.sys
-    type=kernel && sc.exe start CorsairLLAccess64.sys
-  Description: ''
-  Usecase: Elevate privileges
-  Privileges: kernel
-  OperatingSystem: Windows 10
+    Command: sc.exe create CorsairLLAccess64.sys binPath=C:\windows\temp\CorsairLLAccess64.sys
+        type=kernel && sc.exe start CorsairLLAccess64.sys
+    Description: ''
+    Usecase: Elevate privileges
+    Privileges: kernel
+    OperatingSystem: Windows 10
 Resources:
 - Internal Research
-Acknowledgement:
-  Person: ''
-  Handle: ''
 Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Person: ''
+    Handle: ''
 KnownVulnerableSamples:
-- Filename: CorsairLLAccess64.sys
-  MD5: b34361d151c793415ef92ee5d368c053
-  SHA1: 89656051126c3e97477a9985d363fbdde0bc159e
-  SHA256: 29a90ae1dcee66335ece4287a06482716530509912be863c85a2a03a6450a5b6
-  Authentihash:
-    MD5: 7158180c7f219093d504d695240c2173
-    SHA1: 0302854ea87dc07a493aca60e8e7e63422932e42
-    SHA256: b5606dc2a76350916cd77348cfdfe502256d759a4743dd4af503d2f7f348eb70
-  Description: Corsair LL Access
-  Company: Corsair Memory, Inc.
-  InternalName: Corsair LL Access
-  OriginalFilename: Corsair LL Access
-  FileVersion: 1.0.16.0
-  Product: Corsair LL Access
-  ProductVersion: 1.0.16.0
-  Copyright: Corsair Memory, Inc. (c) 2019, All rights reserved
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - RtlInitUnicodeString
-  - KeInitializeMutex
-  - KeReleaseMutex
-  - KeWaitForSingleObject
-  - ExQueryDepthSList
-  - ExpInterlockedPopEntrySList
-  - ExpInterlockedPushEntrySList
-  - ExInitializeNPagedLookasideList
-  - ExDeleteNPagedLookasideList
-  - MmBuildMdlForNonPagedPool
-  - MmMapLockedPagesSpecifyCache
-  - wcsncmp
-  - MmMapIoSpace
-  - MmUnmapIoSpace
-  - IoAllocateMdl
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - IoFreeMdl
-  - IoGetRequestorProcessId
-  - __C_specific_handler
-  - KeBugCheckEx
-  - wcsncat_s
-  - MmUnmapLockedPages
-  - wcscpy_s
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Hardware Compatibility Publisher
-      ValidFrom: '2019-06-05 18:34:00'
-      ValidTo: '2020-06-03 18:34:00'
-      Signature: 312314217055afc1a5751181c7d2d7619b23ba17166e6ae6f358b16921c925c6e3b75c31b93035f357c154fe4d347019e927db1957193b741e3371b46f4d6212b3bec972d6ff2297e8b1f2391f840045471ee31c524d4f5bf1cae4a32b73f6e48f51f777bb5b8a726db2a387c7c8df42289540f4f3d27b37d4ab4854efba809021879f3257d5670d70003a51d62bbc68e345a769f37ccb3ad336b7b3c494f5d56ef8300228d29835e5129b070742a220f83b6c9d5e2589cf2e7a1f7b59cfc81cda3232fc2fa448d736db546dc4b274cad3da83433deaa3eb9919b23ad08dc4055a8026711adcfccdb47d7a7c1adb2671ecc7198a786973807699a0ee236a46771f88913b769693b0b8ce9b002a40c2aa426edfd9a98368f89817b0d174458a390e11628e21f77e751431fae13831228e0e357610a24d89806d85390e9b3831792f62688bf04f91ee9a854b252452de7e752f39e57765a09a4ff41ae96144593a8a99688c6c9ad6b9fcaba1189ef2372b99e96db3fe6402b0e125b17f36c6f70fc1eb83257ce639b6c691a9ec031dddb9fa6536bb8e6080c9db976533f4ddfb73309b6498543cc94d3283d43668d614dd60a4fe707eb3b871da3204c534c8cc73cbc66aeb36cefd765439eef68d7ee9c515eb617f051a72097d0a25003df2dceccc9a0c4be1fd27e473955cc83ee9dba626748b1cb723c3b1c8b8ebc59321a0f5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 33000000319479a318f5522d06000000000031
-      Version: 3
-      TBS:
-        MD5: 5b81fd0f706522a8d7c9f2957283c0b4
-        SHA1: 84d894599653a8ed0e0b2802db3197dc177908cc
-        SHA256: 4fa629304df4287c97ae5b7e481974316e9daf776b0cdeffab1671e7dca68fb4
-        SHA384: 0b89dc122fc7ebf80881a5047ffbbcb0bec30636516aff4f43307e2a925a476cabfc26e2cc392ad748d655f6ec4c8b75
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2014
-      ValidFrom: '2014-10-15 20:31:27'
-      ValidTo: '2029-10-15 20:41:27'
-      Signature: 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 330000000d690d5d7893d076df00000000000d
-      Version: 3
-      TBS:
-        MD5: 83f69422963f11c3c340b81712eef319
-        SHA1: 0c5e5f24590b53bc291e28583acb78e5adc95601
-        SHA256: d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
-        SHA384: 260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63
-    Signer:
-    - SerialNumber: 33000000319479a318f5522d06000000000031
-      Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2014
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 09623177d73b03f02ff61716a62d38b6
-    SHA1: fc2c790bf9784da7780d70f55636f2f322103f3e
-    SHA256: ea3ff622c09db0daef057ac5c3d82ffbf16b6da419c63adf30bd26a81f2135be
-  Sections:
-    .text:
-      Entropy: 6.181915217167236
-      Virtual Size: '0xf0a'
-    .rdata:
-      Entropy: 3.94248927081244
-      Virtual Size: '0x5dc'
-    .data:
-      Entropy: 0.28109187076190567
-      Virtual Size: '0x340'
-    .pdata:
-      Entropy: 3.682008270072732
-      Virtual Size: '0xfc'
-    INIT:
-      Entropy: 5.252106196995887
-      Virtual Size: '0x454'
-    .rsrc:
-      Entropy: 3.5003243984815375
-      Virtual Size: '0x428'
-    .reloc:
-      Entropy: 2.7588718484453603
-      Virtual Size: '0x14'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2019-09-05 21:33:31'
-  Imphash: 163436e69f8e582bdc1c1e6f735de23b
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: CorsairLLAccess64.sys
-  MD5: 3b9698a9ee85f0b4edf150deef790ccd
-  SHA1: fbfabf309680fbf7c0f6f14c5a0e4840c894e393
-  SHA256: 5fad3775feb8b6f6dcbd1642ae6b6a565ff7b64eadfc9bf9777918b51696ab36
-  Authentihash:
-    MD5: 2c91bc52c8cda89db47907b88590a2a0
-    SHA1: 2129fd9cf3839001abea6bab0bbde224abad967c
-    SHA256: a52a6fe55bd1c294d6f26b68839770d97850e9ccd5ecfd7f96b9dc4386e0ff08
-  Description: Corsair LL Access
-  Company: Corsair Memory, Inc.
-  InternalName: Corsair LL Access
-  OriginalFilename: Corsair LL Access
-  FileVersion: 1.0.16.0
-  Product: Corsair LL Access
-  ProductVersion: 1.0.16.0
-  Copyright: Corsair Memory, Inc. (c) 2019, All rights reserved
-  MachineType: I386
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - WRITE_REGISTER_ULONG
-  - KeInitializeMutex
-  - KeReleaseMutex
-  - KeWaitForSingleObject
-  - InterlockedPopEntrySList
-  - InterlockedPushEntrySList
-  - ExInitializeNPagedLookasideList
-  - ExDeleteNPagedLookasideList
-  - MmBuildMdlForNonPagedPool
-  - MmMapLockedPagesSpecifyCache
-  - MmUnmapLockedPages
-  - WRITE_REGISTER_USHORT
-  - MmUnmapIoSpace
-  - IoAllocateMdl
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - IoFreeMdl
-  - IoGetRequestorProcessId
-  - KeBugCheckEx
-  - WRITE_REGISTER_UCHAR
-  - RtlUnwind
-  - READ_REGISTER_ULONG
-  - READ_REGISTER_USHORT
-  - READ_REGISTER_UCHAR
-  - RtlInitUnicodeString
-  - wcsncmp
-  - wcsncat_s
-  - MmMapIoSpace
-  - wcscpy_s
-  - WRITE_PORT_ULONG
-  - WRITE_PORT_USHORT
-  - WRITE_PORT_UCHAR
-  - READ_PORT_ULONG
-  - READ_PORT_USHORT
-  - READ_PORT_UCHAR
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Hardware Compatibility Publisher
-      ValidFrom: '2019-06-05 18:34:00'
-      ValidTo: '2020-06-03 18:34:00'
-      Signature: 312314217055afc1a5751181c7d2d7619b23ba17166e6ae6f358b16921c925c6e3b75c31b93035f357c154fe4d347019e927db1957193b741e3371b46f4d6212b3bec972d6ff2297e8b1f2391f840045471ee31c524d4f5bf1cae4a32b73f6e48f51f777bb5b8a726db2a387c7c8df42289540f4f3d27b37d4ab4854efba809021879f3257d5670d70003a51d62bbc68e345a769f37ccb3ad336b7b3c494f5d56ef8300228d29835e5129b070742a220f83b6c9d5e2589cf2e7a1f7b59cfc81cda3232fc2fa448d736db546dc4b274cad3da83433deaa3eb9919b23ad08dc4055a8026711adcfccdb47d7a7c1adb2671ecc7198a786973807699a0ee236a46771f88913b769693b0b8ce9b002a40c2aa426edfd9a98368f89817b0d174458a390e11628e21f77e751431fae13831228e0e357610a24d89806d85390e9b3831792f62688bf04f91ee9a854b252452de7e752f39e57765a09a4ff41ae96144593a8a99688c6c9ad6b9fcaba1189ef2372b99e96db3fe6402b0e125b17f36c6f70fc1eb83257ce639b6c691a9ec031dddb9fa6536bb8e6080c9db976533f4ddfb73309b6498543cc94d3283d43668d614dd60a4fe707eb3b871da3204c534c8cc73cbc66aeb36cefd765439eef68d7ee9c515eb617f051a72097d0a25003df2dceccc9a0c4be1fd27e473955cc83ee9dba626748b1cb723c3b1c8b8ebc59321a0f5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 33000000319479a318f5522d06000000000031
-      Version: 3
-      TBS:
-        MD5: 5b81fd0f706522a8d7c9f2957283c0b4
-        SHA1: 84d894599653a8ed0e0b2802db3197dc177908cc
-        SHA256: 4fa629304df4287c97ae5b7e481974316e9daf776b0cdeffab1671e7dca68fb4
-        SHA384: 0b89dc122fc7ebf80881a5047ffbbcb0bec30636516aff4f43307e2a925a476cabfc26e2cc392ad748d655f6ec4c8b75
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2014
-      ValidFrom: '2014-10-15 20:31:27'
-      ValidTo: '2029-10-15 20:41:27'
-      Signature: 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 330000000d690d5d7893d076df00000000000d
-      Version: 3
-      TBS:
-        MD5: 83f69422963f11c3c340b81712eef319
-        SHA1: 0c5e5f24590b53bc291e28583acb78e5adc95601
-        SHA256: d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
-        SHA384: 260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63
-    Signer:
-    - SerialNumber: 33000000319479a318f5522d06000000000031
-      Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2014
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 2bd9998d5a3d752be9fda27c05556bf0
-    SHA1: 22bc82c127fad9e77e36eba619c52e4bf09bdf9a
-    SHA256: 4964d8c6bdbd9500a657897213fb509c83b324af6304964f422080ba3068d4a3
-  Sections:
-    .text:
-      Entropy: 6.326201043124514
-      Virtual Size: '0xeec'
-    .rdata:
-      Entropy: 4.051426020700893
-      Virtual Size: '0x3f4'
-    .data:
-      Entropy: 0.24044503450968063
-      Virtual Size: '0x290'
-    INIT:
-      Entropy: 5.533447382112606
-      Virtual Size: '0x496'
-    .rsrc:
-      Entropy: 3.495146038515065
-      Virtual Size: '0x428'
-    .reloc:
-      Entropy: 5.904008861740888
-      Virtual Size: '0x11c'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2019-09-05 21:33:16'
-  Imphash: 44cbd2ee295f1a35795eb4cd7cdd0864
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: CorsairLLAccess64.sys
-  MD5: 30efb7d485fc9c28fe82a97deac29626
-  SHA1: 85941b94524da181be8aad290127aa18fc71895c
-  SHA256: a334bdf0c0ab07803380eb6ef83eefe7c147d6962595dd9c943a6a76f2200b0d
-  Authentihash:
-    MD5: e5c1ddfd9df7a473d9394ec219ffaa15
-    SHA1: c0e1d74e70c5350e23c51209aa8b5df87bdf5642
-    SHA256: cff3fc66d54279b755ceedf89268847dbb5139227739e4689f5d9271b1d7923b
-  Description: Corsair LL Access
-  Company: Corsair Memory, Inc.
-  InternalName: Corsair LL Access
-  OriginalFilename: Corsair LL Access
-  FileVersion: 1.0.18.0
-  Product: Corsair LL Access
-  ProductVersion: 1.0.18.0
-  Copyright: Corsair Memory, Inc. (c) 2019, All rights reserved
-  MachineType: I386
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - WRITE_REGISTER_USHORT
-  - WRITE_REGISTER_ULONG
-  - KeInitializeMutex
-  - KeReleaseMutex
-  - KeWaitForSingleObject
-  - InterlockedPopEntrySList
-  - InterlockedPushEntrySList
-  - ExInitializeNPagedLookasideList
-  - ExDeleteNPagedLookasideList
-  - MmBuildMdlForNonPagedPool
-  - MmMapLockedPagesSpecifyCache
-  - WRITE_REGISTER_UCHAR
-  - MmMapIoSpace
-  - MmUnmapIoSpace
-  - IoAllocateMdl
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - IoFreeMdl
-  - IoGetRequestorProcessId
-  - KeBugCheckEx
-  - READ_REGISTER_ULONG
-  - RtlUnwind
-  - READ_REGISTER_USHORT
-  - READ_REGISTER_UCHAR
-  - RtlGetVersion
-  - RtlInitUnicodeString
-  - wcsncmp
-  - wcsncat_s
-  - MmUnmapLockedPages
-  - wcscpy_s
-  - WRITE_PORT_ULONG
-  - WRITE_PORT_USHORT
-  - WRITE_PORT_UCHAR
-  - READ_PORT_ULONG
-  - READ_PORT_USHORT
-  - READ_PORT_UCHAR
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Hardware Compatibility Publisher
-      ValidFrom: '2019-06-05 18:34:00'
-      ValidTo: '2020-06-03 18:34:00'
-      Signature: 312314217055afc1a5751181c7d2d7619b23ba17166e6ae6f358b16921c925c6e3b75c31b93035f357c154fe4d347019e927db1957193b741e3371b46f4d6212b3bec972d6ff2297e8b1f2391f840045471ee31c524d4f5bf1cae4a32b73f6e48f51f777bb5b8a726db2a387c7c8df42289540f4f3d27b37d4ab4854efba809021879f3257d5670d70003a51d62bbc68e345a769f37ccb3ad336b7b3c494f5d56ef8300228d29835e5129b070742a220f83b6c9d5e2589cf2e7a1f7b59cfc81cda3232fc2fa448d736db546dc4b274cad3da83433deaa3eb9919b23ad08dc4055a8026711adcfccdb47d7a7c1adb2671ecc7198a786973807699a0ee236a46771f88913b769693b0b8ce9b002a40c2aa426edfd9a98368f89817b0d174458a390e11628e21f77e751431fae13831228e0e357610a24d89806d85390e9b3831792f62688bf04f91ee9a854b252452de7e752f39e57765a09a4ff41ae96144593a8a99688c6c9ad6b9fcaba1189ef2372b99e96db3fe6402b0e125b17f36c6f70fc1eb83257ce639b6c691a9ec031dddb9fa6536bb8e6080c9db976533f4ddfb73309b6498543cc94d3283d43668d614dd60a4fe707eb3b871da3204c534c8cc73cbc66aeb36cefd765439eef68d7ee9c515eb617f051a72097d0a25003df2dceccc9a0c4be1fd27e473955cc83ee9dba626748b1cb723c3b1c8b8ebc59321a0f5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 33000000319479a318f5522d06000000000031
-      Version: 3
-      TBS:
-        MD5: 5b81fd0f706522a8d7c9f2957283c0b4
-        SHA1: 84d894599653a8ed0e0b2802db3197dc177908cc
-        SHA256: 4fa629304df4287c97ae5b7e481974316e9daf776b0cdeffab1671e7dca68fb4
-        SHA384: 0b89dc122fc7ebf80881a5047ffbbcb0bec30636516aff4f43307e2a925a476cabfc26e2cc392ad748d655f6ec4c8b75
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2014
-      ValidFrom: '2014-10-15 20:31:27'
-      ValidTo: '2029-10-15 20:41:27'
-      Signature: 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 330000000d690d5d7893d076df00000000000d
-      Version: 3
-      TBS:
-        MD5: 83f69422963f11c3c340b81712eef319
-        SHA1: 0c5e5f24590b53bc291e28583acb78e5adc95601
-        SHA256: d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
-        SHA384: 260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63
-    Signer:
-    - SerialNumber: 33000000319479a318f5522d06000000000031
-      Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2014
-      Version: 1
-  RichPEHeaderHash:
-    MD5: b3c51d93de6657ea03bfded31907268d
-    SHA1: 4b863e10ff72c56d9f5092920beae2ef1c060a29
-    SHA256: 8cce9adc0a3123b98608fd0a4bd3ed9249390fbaf9962b59c431833a7d1a12dc
-  Sections:
-    .text:
-      Entropy: 6.333999663714496
-      Virtual Size: '0xf2c'
-    .rdata:
-      Entropy: 4.008877803842863
-      Virtual Size: '0x404'
-    .data:
-      Entropy: 0.24044503450968063
-      Virtual Size: '0x298'
-    INIT:
-      Entropy: 5.5353242381008565
-      Virtual Size: '0x4aa'
-    .rsrc:
-      Entropy: 3.4890462029928155
-      Virtual Size: '0x428'
-    .reloc:
-      Entropy: 5.926808995856722
-      Virtual Size: '0x128'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2019-10-28 17:18:58'
-  Imphash: 82e75304c5b7ed87121b8b89c82f2389
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: CorsairLLAccess64.sys
-  MD5: f042e8318cf20957c2339d96690c3186
-  SHA1: 2871a631f36cd1ea2fd268036087d28070ef2c52
-  SHA256: f15ae970e222ce06dbf3752b223270d0e726fb78ebec3598b4f8225b5a0880b1
-  Authentihash:
-    MD5: 0249d3e10b361ce69d1e7a44889ed8b7
-    SHA1: fc577f0a129354623164e81fd287ebd6546c8ca3
-    SHA256: 09bc9d0606d8b96f1d9fb18741bdb43aa5c188981d298df047b8c75351d68653
-  Description: Corsair LL Access
-  Company: Corsair Memory, Inc.
-  InternalName: Corsair LL Access
-  OriginalFilename: Corsair LL Access
-  FileVersion: 1.0.15.0
-  Product: Corsair LL Access
-  ProductVersion: 1.0.15.0
-  Copyright: Corsair Memory, Inc. (c) 2019, All rights reserved
-  MachineType: I386
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - WRITE_REGISTER_ULONG
-  - KeInitializeMutex
-  - KeReleaseMutex
-  - KeWaitForSingleObject
-  - InterlockedPopEntrySList
-  - InterlockedPushEntrySList
-  - ExInitializeNPagedLookasideList
-  - ExDeleteNPagedLookasideList
-  - MmBuildMdlForNonPagedPool
-  - MmMapLockedPagesSpecifyCache
-  - MmUnmapLockedPages
-  - WRITE_REGISTER_USHORT
-  - MmUnmapIoSpace
-  - IoAllocateMdl
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - IoFreeMdl
-  - IoGetRequestorProcessId
-  - KeBugCheckEx
-  - WRITE_REGISTER_UCHAR
-  - RtlUnwind
-  - READ_REGISTER_ULONG
-  - READ_REGISTER_USHORT
-  - READ_REGISTER_UCHAR
-  - RtlInitUnicodeString
-  - wcsncmp
-  - wcsncat_s
-  - MmMapIoSpace
-  - wcscpy_s
-  - WRITE_PORT_ULONG
-  - WRITE_PORT_USHORT
-  - WRITE_PORT_UCHAR
-  - READ_PORT_ULONG
-  - READ_PORT_USHORT
-  - READ_PORT_UCHAR
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Hardware Compatibility Publisher
-      ValidFrom: '2019-06-05 18:34:00'
-      ValidTo: '2020-06-03 18:34:00'
-      Signature: 312314217055afc1a5751181c7d2d7619b23ba17166e6ae6f358b16921c925c6e3b75c31b93035f357c154fe4d347019e927db1957193b741e3371b46f4d6212b3bec972d6ff2297e8b1f2391f840045471ee31c524d4f5bf1cae4a32b73f6e48f51f777bb5b8a726db2a387c7c8df42289540f4f3d27b37d4ab4854efba809021879f3257d5670d70003a51d62bbc68e345a769f37ccb3ad336b7b3c494f5d56ef8300228d29835e5129b070742a220f83b6c9d5e2589cf2e7a1f7b59cfc81cda3232fc2fa448d736db546dc4b274cad3da83433deaa3eb9919b23ad08dc4055a8026711adcfccdb47d7a7c1adb2671ecc7198a786973807699a0ee236a46771f88913b769693b0b8ce9b002a40c2aa426edfd9a98368f89817b0d174458a390e11628e21f77e751431fae13831228e0e357610a24d89806d85390e9b3831792f62688bf04f91ee9a854b252452de7e752f39e57765a09a4ff41ae96144593a8a99688c6c9ad6b9fcaba1189ef2372b99e96db3fe6402b0e125b17f36c6f70fc1eb83257ce639b6c691a9ec031dddb9fa6536bb8e6080c9db976533f4ddfb73309b6498543cc94d3283d43668d614dd60a4fe707eb3b871da3204c534c8cc73cbc66aeb36cefd765439eef68d7ee9c515eb617f051a72097d0a25003df2dceccc9a0c4be1fd27e473955cc83ee9dba626748b1cb723c3b1c8b8ebc59321a0f5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 33000000319479a318f5522d06000000000031
-      Version: 3
-      TBS:
-        MD5: 5b81fd0f706522a8d7c9f2957283c0b4
-        SHA1: 84d894599653a8ed0e0b2802db3197dc177908cc
-        SHA256: 4fa629304df4287c97ae5b7e481974316e9daf776b0cdeffab1671e7dca68fb4
-        SHA384: 0b89dc122fc7ebf80881a5047ffbbcb0bec30636516aff4f43307e2a925a476cabfc26e2cc392ad748d655f6ec4c8b75
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2014
-      ValidFrom: '2014-10-15 20:31:27'
-      ValidTo: '2029-10-15 20:41:27'
-      Signature: 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 330000000d690d5d7893d076df00000000000d
-      Version: 3
-      TBS:
-        MD5: 83f69422963f11c3c340b81712eef319
-        SHA1: 0c5e5f24590b53bc291e28583acb78e5adc95601
-        SHA256: d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
-        SHA384: 260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63
-    Signer:
-    - SerialNumber: 33000000319479a318f5522d06000000000031
-      Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2014
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 2bd9998d5a3d752be9fda27c05556bf0
-    SHA1: 22bc82c127fad9e77e36eba619c52e4bf09bdf9a
-    SHA256: 4964d8c6bdbd9500a657897213fb509c83b324af6304964f422080ba3068d4a3
-  Sections:
-    .text:
-      Entropy: 6.3522393849805745
-      Virtual Size: '0xdfc'
-    .rdata:
-      Entropy: 4.026363426305179
-      Virtual Size: '0x3b4'
-    .data:
-      Entropy: 0.24044503450968063
-      Virtual Size: '0x290'
-    INIT:
-      Entropy: 5.53174380459983
-      Virtual Size: '0x496'
-    .rsrc:
-      Entropy: 3.4977352184983013
-      Virtual Size: '0x428'
-    .reloc:
-      Entropy: 5.9065976115977605
-      Virtual Size: '0x110'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2019-08-26 01:16:05'
-  Imphash: 44cbd2ee295f1a35795eb4cd7cdd0864
-  LoadsDespiteHVCI: 'FALSE'
-Tags:
-- CorsairLLAccess64.sys
+-   Filename: CorsairLLAccess64.sys
+    MD5: b34361d151c793415ef92ee5d368c053
+    SHA1: 89656051126c3e97477a9985d363fbdde0bc159e
+    SHA256: 29a90ae1dcee66335ece4287a06482716530509912be863c85a2a03a6450a5b6
+    Authentihash:
+        MD5: 7158180c7f219093d504d695240c2173
+        SHA1: 0302854ea87dc07a493aca60e8e7e63422932e42
+        SHA256: b5606dc2a76350916cd77348cfdfe502256d759a4743dd4af503d2f7f348eb70
+    Description: Corsair LL Access
+    Company: Corsair Memory, Inc.
+    InternalName: Corsair LL Access
+    OriginalFilename: Corsair LL Access
+    FileVersion: 1.0.16.0
+    Product: Corsair LL Access
+    ProductVersion: 1.0.16.0
+    Copyright: Corsair Memory, Inc. (c) 2019, All rights reserved
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - RtlInitUnicodeString
+    - KeInitializeMutex
+    - KeReleaseMutex
+    - KeWaitForSingleObject
+    - ExQueryDepthSList
+    - ExpInterlockedPopEntrySList
+    - ExpInterlockedPushEntrySList
+    - ExInitializeNPagedLookasideList
+    - ExDeleteNPagedLookasideList
+    - MmBuildMdlForNonPagedPool
+    - MmMapLockedPagesSpecifyCache
+    - wcsncmp
+    - MmMapIoSpace
+    - MmUnmapIoSpace
+    - IoAllocateMdl
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - IoFreeMdl
+    - IoGetRequestorProcessId
+    - __C_specific_handler
+    - KeBugCheckEx
+    - wcsncat_s
+    - MmUnmapLockedPages
+    - wcscpy_s
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Hardware Compatibility Publisher
+            ValidFrom: '2019-06-05 18:34:00'
+            ValidTo: '2020-06-03 18:34:00'
+            Signature: 312314217055afc1a5751181c7d2d7619b23ba17166e6ae6f358b16921c925c6e3b75c31b93035f357c154fe4d347019e927db1957193b741e3371b46f4d6212b3bec972d6ff2297e8b1f2391f840045471ee31c524d4f5bf1cae4a32b73f6e48f51f777bb5b8a726db2a387c7c8df42289540f4f3d27b37d4ab4854efba809021879f3257d5670d70003a51d62bbc68e345a769f37ccb3ad336b7b3c494f5d56ef8300228d29835e5129b070742a220f83b6c9d5e2589cf2e7a1f7b59cfc81cda3232fc2fa448d736db546dc4b274cad3da83433deaa3eb9919b23ad08dc4055a8026711adcfccdb47d7a7c1adb2671ecc7198a786973807699a0ee236a46771f88913b769693b0b8ce9b002a40c2aa426edfd9a98368f89817b0d174458a390e11628e21f77e751431fae13831228e0e357610a24d89806d85390e9b3831792f62688bf04f91ee9a854b252452de7e752f39e57765a09a4ff41ae96144593a8a99688c6c9ad6b9fcaba1189ef2372b99e96db3fe6402b0e125b17f36c6f70fc1eb83257ce639b6c691a9ec031dddb9fa6536bb8e6080c9db976533f4ddfb73309b6498543cc94d3283d43668d614dd60a4fe707eb3b871da3204c534c8cc73cbc66aeb36cefd765439eef68d7ee9c515eb617f051a72097d0a25003df2dceccc9a0c4be1fd27e473955cc83ee9dba626748b1cb723c3b1c8b8ebc59321a0f5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 33000000319479a318f5522d06000000000031
+            Version: 3
+            TBS:
+                MD5: 5b81fd0f706522a8d7c9f2957283c0b4
+                SHA1: 84d894599653a8ed0e0b2802db3197dc177908cc
+                SHA256: 4fa629304df4287c97ae5b7e481974316e9daf776b0cdeffab1671e7dca68fb4
+                SHA384: 0b89dc122fc7ebf80881a5047ffbbcb0bec30636516aff4f43307e2a925a476cabfc26e2cc392ad748d655f6ec4c8b75
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2014
+            ValidFrom: '2014-10-15 20:31:27'
+            ValidTo: '2029-10-15 20:41:27'
+            Signature: 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 330000000d690d5d7893d076df00000000000d
+            Version: 3
+            TBS:
+                MD5: 83f69422963f11c3c340b81712eef319
+                SHA1: 0c5e5f24590b53bc291e28583acb78e5adc95601
+                SHA256: d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
+                SHA384: 260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63
+        Signer:
+        -   SerialNumber: 33000000319479a318f5522d06000000000031
+            Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2014
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 09623177d73b03f02ff61716a62d38b6
+        SHA1: fc2c790bf9784da7780d70f55636f2f322103f3e
+        SHA256: ea3ff622c09db0daef057ac5c3d82ffbf16b6da419c63adf30bd26a81f2135be
+    Sections:
+        .text:
+            Entropy: 6.181915217167236
+            Virtual Size: '0xf0a'
+        .rdata:
+            Entropy: 3.94248927081244
+            Virtual Size: '0x5dc'
+        .data:
+            Entropy: 0.28109187076190567
+            Virtual Size: '0x340'
+        .pdata:
+            Entropy: 3.682008270072732
+            Virtual Size: '0xfc'
+        INIT:
+            Entropy: 5.252106196995887
+            Virtual Size: '0x454'
+        .rsrc:
+            Entropy: 3.5003243984815375
+            Virtual Size: '0x428'
+        .reloc:
+            Entropy: 2.7588718484453603
+            Virtual Size: '0x14'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2019-09-05 21:33:31'
+    Imphash: 163436e69f8e582bdc1c1e6f735de23b
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: CorsairLLAccess64.sys
+    MD5: 3b9698a9ee85f0b4edf150deef790ccd
+    SHA1: fbfabf309680fbf7c0f6f14c5a0e4840c894e393
+    SHA256: 5fad3775feb8b6f6dcbd1642ae6b6a565ff7b64eadfc9bf9777918b51696ab36
+    Authentihash:
+        MD5: 2c91bc52c8cda89db47907b88590a2a0
+        SHA1: 2129fd9cf3839001abea6bab0bbde224abad967c
+        SHA256: a52a6fe55bd1c294d6f26b68839770d97850e9ccd5ecfd7f96b9dc4386e0ff08
+    Description: Corsair LL Access
+    Company: Corsair Memory, Inc.
+    InternalName: Corsair LL Access
+    OriginalFilename: Corsair LL Access
+    FileVersion: 1.0.16.0
+    Product: Corsair LL Access
+    ProductVersion: 1.0.16.0
+    Copyright: Corsair Memory, Inc. (c) 2019, All rights reserved
+    MachineType: I386
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - WRITE_REGISTER_ULONG
+    - KeInitializeMutex
+    - KeReleaseMutex
+    - KeWaitForSingleObject
+    - InterlockedPopEntrySList
+    - InterlockedPushEntrySList
+    - ExInitializeNPagedLookasideList
+    - ExDeleteNPagedLookasideList
+    - MmBuildMdlForNonPagedPool
+    - MmMapLockedPagesSpecifyCache
+    - MmUnmapLockedPages
+    - WRITE_REGISTER_USHORT
+    - MmUnmapIoSpace
+    - IoAllocateMdl
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - IoFreeMdl
+    - IoGetRequestorProcessId
+    - KeBugCheckEx
+    - WRITE_REGISTER_UCHAR
+    - RtlUnwind
+    - READ_REGISTER_ULONG
+    - READ_REGISTER_USHORT
+    - READ_REGISTER_UCHAR
+    - RtlInitUnicodeString
+    - wcsncmp
+    - wcsncat_s
+    - MmMapIoSpace
+    - wcscpy_s
+    - WRITE_PORT_ULONG
+    - WRITE_PORT_USHORT
+    - WRITE_PORT_UCHAR
+    - READ_PORT_ULONG
+    - READ_PORT_USHORT
+    - READ_PORT_UCHAR
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Hardware Compatibility Publisher
+            ValidFrom: '2019-06-05 18:34:00'
+            ValidTo: '2020-06-03 18:34:00'
+            Signature: 312314217055afc1a5751181c7d2d7619b23ba17166e6ae6f358b16921c925c6e3b75c31b93035f357c154fe4d347019e927db1957193b741e3371b46f4d6212b3bec972d6ff2297e8b1f2391f840045471ee31c524d4f5bf1cae4a32b73f6e48f51f777bb5b8a726db2a387c7c8df42289540f4f3d27b37d4ab4854efba809021879f3257d5670d70003a51d62bbc68e345a769f37ccb3ad336b7b3c494f5d56ef8300228d29835e5129b070742a220f83b6c9d5e2589cf2e7a1f7b59cfc81cda3232fc2fa448d736db546dc4b274cad3da83433deaa3eb9919b23ad08dc4055a8026711adcfccdb47d7a7c1adb2671ecc7198a786973807699a0ee236a46771f88913b769693b0b8ce9b002a40c2aa426edfd9a98368f89817b0d174458a390e11628e21f77e751431fae13831228e0e357610a24d89806d85390e9b3831792f62688bf04f91ee9a854b252452de7e752f39e57765a09a4ff41ae96144593a8a99688c6c9ad6b9fcaba1189ef2372b99e96db3fe6402b0e125b17f36c6f70fc1eb83257ce639b6c691a9ec031dddb9fa6536bb8e6080c9db976533f4ddfb73309b6498543cc94d3283d43668d614dd60a4fe707eb3b871da3204c534c8cc73cbc66aeb36cefd765439eef68d7ee9c515eb617f051a72097d0a25003df2dceccc9a0c4be1fd27e473955cc83ee9dba626748b1cb723c3b1c8b8ebc59321a0f5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 33000000319479a318f5522d06000000000031
+            Version: 3
+            TBS:
+                MD5: 5b81fd0f706522a8d7c9f2957283c0b4
+                SHA1: 84d894599653a8ed0e0b2802db3197dc177908cc
+                SHA256: 4fa629304df4287c97ae5b7e481974316e9daf776b0cdeffab1671e7dca68fb4
+                SHA384: 0b89dc122fc7ebf80881a5047ffbbcb0bec30636516aff4f43307e2a925a476cabfc26e2cc392ad748d655f6ec4c8b75
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2014
+            ValidFrom: '2014-10-15 20:31:27'
+            ValidTo: '2029-10-15 20:41:27'
+            Signature: 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 330000000d690d5d7893d076df00000000000d
+            Version: 3
+            TBS:
+                MD5: 83f69422963f11c3c340b81712eef319
+                SHA1: 0c5e5f24590b53bc291e28583acb78e5adc95601
+                SHA256: d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
+                SHA384: 260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63
+        Signer:
+        -   SerialNumber: 33000000319479a318f5522d06000000000031
+            Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2014
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 2bd9998d5a3d752be9fda27c05556bf0
+        SHA1: 22bc82c127fad9e77e36eba619c52e4bf09bdf9a
+        SHA256: 4964d8c6bdbd9500a657897213fb509c83b324af6304964f422080ba3068d4a3
+    Sections:
+        .text:
+            Entropy: 6.326201043124514
+            Virtual Size: '0xeec'
+        .rdata:
+            Entropy: 4.051426020700893
+            Virtual Size: '0x3f4'
+        .data:
+            Entropy: 0.24044503450968063
+            Virtual Size: '0x290'
+        INIT:
+            Entropy: 5.533447382112606
+            Virtual Size: '0x496'
+        .rsrc:
+            Entropy: 3.495146038515065
+            Virtual Size: '0x428'
+        .reloc:
+            Entropy: 5.904008861740888
+            Virtual Size: '0x11c'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2019-09-05 21:33:16'
+    Imphash: 44cbd2ee295f1a35795eb4cd7cdd0864
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: CorsairLLAccess64.sys
+    MD5: 30efb7d485fc9c28fe82a97deac29626
+    SHA1: 85941b94524da181be8aad290127aa18fc71895c
+    SHA256: a334bdf0c0ab07803380eb6ef83eefe7c147d6962595dd9c943a6a76f2200b0d
+    Authentihash:
+        MD5: e5c1ddfd9df7a473d9394ec219ffaa15
+        SHA1: c0e1d74e70c5350e23c51209aa8b5df87bdf5642
+        SHA256: cff3fc66d54279b755ceedf89268847dbb5139227739e4689f5d9271b1d7923b
+    Description: Corsair LL Access
+    Company: Corsair Memory, Inc.
+    InternalName: Corsair LL Access
+    OriginalFilename: Corsair LL Access
+    FileVersion: 1.0.18.0
+    Product: Corsair LL Access
+    ProductVersion: 1.0.18.0
+    Copyright: Corsair Memory, Inc. (c) 2019, All rights reserved
+    MachineType: I386
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - WRITE_REGISTER_USHORT
+    - WRITE_REGISTER_ULONG
+    - KeInitializeMutex
+    - KeReleaseMutex
+    - KeWaitForSingleObject
+    - InterlockedPopEntrySList
+    - InterlockedPushEntrySList
+    - ExInitializeNPagedLookasideList
+    - ExDeleteNPagedLookasideList
+    - MmBuildMdlForNonPagedPool
+    - MmMapLockedPagesSpecifyCache
+    - WRITE_REGISTER_UCHAR
+    - MmMapIoSpace
+    - MmUnmapIoSpace
+    - IoAllocateMdl
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - IoFreeMdl
+    - IoGetRequestorProcessId
+    - KeBugCheckEx
+    - READ_REGISTER_ULONG
+    - RtlUnwind
+    - READ_REGISTER_USHORT
+    - READ_REGISTER_UCHAR
+    - RtlGetVersion
+    - RtlInitUnicodeString
+    - wcsncmp
+    - wcsncat_s
+    - MmUnmapLockedPages
+    - wcscpy_s
+    - WRITE_PORT_ULONG
+    - WRITE_PORT_USHORT
+    - WRITE_PORT_UCHAR
+    - READ_PORT_ULONG
+    - READ_PORT_USHORT
+    - READ_PORT_UCHAR
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Hardware Compatibility Publisher
+            ValidFrom: '2019-06-05 18:34:00'
+            ValidTo: '2020-06-03 18:34:00'
+            Signature: 312314217055afc1a5751181c7d2d7619b23ba17166e6ae6f358b16921c925c6e3b75c31b93035f357c154fe4d347019e927db1957193b741e3371b46f4d6212b3bec972d6ff2297e8b1f2391f840045471ee31c524d4f5bf1cae4a32b73f6e48f51f777bb5b8a726db2a387c7c8df42289540f4f3d27b37d4ab4854efba809021879f3257d5670d70003a51d62bbc68e345a769f37ccb3ad336b7b3c494f5d56ef8300228d29835e5129b070742a220f83b6c9d5e2589cf2e7a1f7b59cfc81cda3232fc2fa448d736db546dc4b274cad3da83433deaa3eb9919b23ad08dc4055a8026711adcfccdb47d7a7c1adb2671ecc7198a786973807699a0ee236a46771f88913b769693b0b8ce9b002a40c2aa426edfd9a98368f89817b0d174458a390e11628e21f77e751431fae13831228e0e357610a24d89806d85390e9b3831792f62688bf04f91ee9a854b252452de7e752f39e57765a09a4ff41ae96144593a8a99688c6c9ad6b9fcaba1189ef2372b99e96db3fe6402b0e125b17f36c6f70fc1eb83257ce639b6c691a9ec031dddb9fa6536bb8e6080c9db976533f4ddfb73309b6498543cc94d3283d43668d614dd60a4fe707eb3b871da3204c534c8cc73cbc66aeb36cefd765439eef68d7ee9c515eb617f051a72097d0a25003df2dceccc9a0c4be1fd27e473955cc83ee9dba626748b1cb723c3b1c8b8ebc59321a0f5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 33000000319479a318f5522d06000000000031
+            Version: 3
+            TBS:
+                MD5: 5b81fd0f706522a8d7c9f2957283c0b4
+                SHA1: 84d894599653a8ed0e0b2802db3197dc177908cc
+                SHA256: 4fa629304df4287c97ae5b7e481974316e9daf776b0cdeffab1671e7dca68fb4
+                SHA384: 0b89dc122fc7ebf80881a5047ffbbcb0bec30636516aff4f43307e2a925a476cabfc26e2cc392ad748d655f6ec4c8b75
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2014
+            ValidFrom: '2014-10-15 20:31:27'
+            ValidTo: '2029-10-15 20:41:27'
+            Signature: 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 330000000d690d5d7893d076df00000000000d
+            Version: 3
+            TBS:
+                MD5: 83f69422963f11c3c340b81712eef319
+                SHA1: 0c5e5f24590b53bc291e28583acb78e5adc95601
+                SHA256: d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
+                SHA384: 260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63
+        Signer:
+        -   SerialNumber: 33000000319479a318f5522d06000000000031
+            Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2014
+            Version: 1
+    RichPEHeaderHash:
+        MD5: b3c51d93de6657ea03bfded31907268d
+        SHA1: 4b863e10ff72c56d9f5092920beae2ef1c060a29
+        SHA256: 8cce9adc0a3123b98608fd0a4bd3ed9249390fbaf9962b59c431833a7d1a12dc
+    Sections:
+        .text:
+            Entropy: 6.333999663714496
+            Virtual Size: '0xf2c'
+        .rdata:
+            Entropy: 4.008877803842863
+            Virtual Size: '0x404'
+        .data:
+            Entropy: 0.24044503450968063
+            Virtual Size: '0x298'
+        INIT:
+            Entropy: 5.5353242381008565
+            Virtual Size: '0x4aa'
+        .rsrc:
+            Entropy: 3.4890462029928155
+            Virtual Size: '0x428'
+        .reloc:
+            Entropy: 5.926808995856722
+            Virtual Size: '0x128'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2019-10-28 17:18:58'
+    Imphash: 82e75304c5b7ed87121b8b89c82f2389
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: CorsairLLAccess64.sys
+    MD5: f042e8318cf20957c2339d96690c3186
+    SHA1: 2871a631f36cd1ea2fd268036087d28070ef2c52
+    SHA256: f15ae970e222ce06dbf3752b223270d0e726fb78ebec3598b4f8225b5a0880b1
+    Authentihash:
+        MD5: 0249d3e10b361ce69d1e7a44889ed8b7
+        SHA1: fc577f0a129354623164e81fd287ebd6546c8ca3
+        SHA256: 09bc9d0606d8b96f1d9fb18741bdb43aa5c188981d298df047b8c75351d68653
+    Description: Corsair LL Access
+    Company: Corsair Memory, Inc.
+    InternalName: Corsair LL Access
+    OriginalFilename: Corsair LL Access
+    FileVersion: 1.0.15.0
+    Product: Corsair LL Access
+    ProductVersion: 1.0.15.0
+    Copyright: Corsair Memory, Inc. (c) 2019, All rights reserved
+    MachineType: I386
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - WRITE_REGISTER_ULONG
+    - KeInitializeMutex
+    - KeReleaseMutex
+    - KeWaitForSingleObject
+    - InterlockedPopEntrySList
+    - InterlockedPushEntrySList
+    - ExInitializeNPagedLookasideList
+    - ExDeleteNPagedLookasideList
+    - MmBuildMdlForNonPagedPool
+    - MmMapLockedPagesSpecifyCache
+    - MmUnmapLockedPages
+    - WRITE_REGISTER_USHORT
+    - MmUnmapIoSpace
+    - IoAllocateMdl
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - IoFreeMdl
+    - IoGetRequestorProcessId
+    - KeBugCheckEx
+    - WRITE_REGISTER_UCHAR
+    - RtlUnwind
+    - READ_REGISTER_ULONG
+    - READ_REGISTER_USHORT
+    - READ_REGISTER_UCHAR
+    - RtlInitUnicodeString
+    - wcsncmp
+    - wcsncat_s
+    - MmMapIoSpace
+    - wcscpy_s
+    - WRITE_PORT_ULONG
+    - WRITE_PORT_USHORT
+    - WRITE_PORT_UCHAR
+    - READ_PORT_ULONG
+    - READ_PORT_USHORT
+    - READ_PORT_UCHAR
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Hardware Compatibility Publisher
+            ValidFrom: '2019-06-05 18:34:00'
+            ValidTo: '2020-06-03 18:34:00'
+            Signature: 312314217055afc1a5751181c7d2d7619b23ba17166e6ae6f358b16921c925c6e3b75c31b93035f357c154fe4d347019e927db1957193b741e3371b46f4d6212b3bec972d6ff2297e8b1f2391f840045471ee31c524d4f5bf1cae4a32b73f6e48f51f777bb5b8a726db2a387c7c8df42289540f4f3d27b37d4ab4854efba809021879f3257d5670d70003a51d62bbc68e345a769f37ccb3ad336b7b3c494f5d56ef8300228d29835e5129b070742a220f83b6c9d5e2589cf2e7a1f7b59cfc81cda3232fc2fa448d736db546dc4b274cad3da83433deaa3eb9919b23ad08dc4055a8026711adcfccdb47d7a7c1adb2671ecc7198a786973807699a0ee236a46771f88913b769693b0b8ce9b002a40c2aa426edfd9a98368f89817b0d174458a390e11628e21f77e751431fae13831228e0e357610a24d89806d85390e9b3831792f62688bf04f91ee9a854b252452de7e752f39e57765a09a4ff41ae96144593a8a99688c6c9ad6b9fcaba1189ef2372b99e96db3fe6402b0e125b17f36c6f70fc1eb83257ce639b6c691a9ec031dddb9fa6536bb8e6080c9db976533f4ddfb73309b6498543cc94d3283d43668d614dd60a4fe707eb3b871da3204c534c8cc73cbc66aeb36cefd765439eef68d7ee9c515eb617f051a72097d0a25003df2dceccc9a0c4be1fd27e473955cc83ee9dba626748b1cb723c3b1c8b8ebc59321a0f5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 33000000319479a318f5522d06000000000031
+            Version: 3
+            TBS:
+                MD5: 5b81fd0f706522a8d7c9f2957283c0b4
+                SHA1: 84d894599653a8ed0e0b2802db3197dc177908cc
+                SHA256: 4fa629304df4287c97ae5b7e481974316e9daf776b0cdeffab1671e7dca68fb4
+                SHA384: 0b89dc122fc7ebf80881a5047ffbbcb0bec30636516aff4f43307e2a925a476cabfc26e2cc392ad748d655f6ec4c8b75
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2014
+            ValidFrom: '2014-10-15 20:31:27'
+            ValidTo: '2029-10-15 20:41:27'
+            Signature: 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 330000000d690d5d7893d076df00000000000d
+            Version: 3
+            TBS:
+                MD5: 83f69422963f11c3c340b81712eef319
+                SHA1: 0c5e5f24590b53bc291e28583acb78e5adc95601
+                SHA256: d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
+                SHA384: 260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63
+        Signer:
+        -   SerialNumber: 33000000319479a318f5522d06000000000031
+            Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2014
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 2bd9998d5a3d752be9fda27c05556bf0
+        SHA1: 22bc82c127fad9e77e36eba619c52e4bf09bdf9a
+        SHA256: 4964d8c6bdbd9500a657897213fb509c83b324af6304964f422080ba3068d4a3
+    Sections:
+        .text:
+            Entropy: 6.3522393849805745
+            Virtual Size: '0xdfc'
+        .rdata:
+            Entropy: 4.026363426305179
+            Virtual Size: '0x3b4'
+        .data:
+            Entropy: 0.24044503450968063
+            Virtual Size: '0x290'
+        INIT:
+            Entropy: 5.53174380459983
+            Virtual Size: '0x496'
+        .rsrc:
+            Entropy: 3.4977352184983013
+            Virtual Size: '0x428'
+        .reloc:
+            Entropy: 5.9065976115977605
+            Virtual Size: '0x110'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2019-08-26 01:16:05'
+    Imphash: 44cbd2ee295f1a35795eb4cd7cdd0864
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/aa687f89-4f3b-4b59-b64e-fee5e2ae2310.yaml b/yaml/aa687f89-4f3b-4b59-b64e-fee5e2ae2310.yaml
index b88943ae7..1618ed294 100644
--- a/yaml/aa687f89-4f3b-4b59-b64e-fee5e2ae2310.yaml
+++ b/yaml/aa687f89-4f3b-4b59-b64e-fee5e2ae2310.yaml
@@ -1,260 +1,260 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: aa687f89-4f3b-4b59-b64e-fee5e2ae2310
+Tags:
+- wantd_2.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: malicious
-Commands:
-  Command: sc.exe create wantd_2.sys binPath=C:\windows\temp\wantd_2.sys type=kernel
-    && sc.exe start wantd_2.sys
-  Description: Driver used in the Daxin malware campaign.
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-02-28'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/6908ebf52eb19c6719a0b508d1e2128f198d10441551cbfb9f4031d382f5229f.yara
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_mal_drivers_strict.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: aa687f89-4f3b-4b59-b64e-fee5e2ae2310
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 4b7d15fe072cc44bb427206b295f861d
-    SHA1: 2edc9b891f72f204bee80618058f921a3f6fb5a1
-    SHA256: 25d16b2b53fc7b52a65616ab7fc04a503946c20fe96556681bfaddd589401f4a
-  Company: Microsoft Corporation
-  Copyright: Microsoft Corporation. All rights reserved.
-  CreationTimestamp: '2014-04-30 01:52:31'
-  Date: ''
-  Description: WAN Transport Driver
-  ExportedFunctions: ''
-  FileVersion: 6.1.7600.938
-  Filename: wantd_2.sys
-  ImportedFunctions:
-  - IoAllocateMdl
-  - _stricmp
-  - sprintf
-  - RtlLengthRequiredSid
-  - ExAllocatePoolWithTag
-  - vsprintf
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - RtlAnsiStringToUnicodeString
-  - NtWriteFile
-  - RtlCreateAcl
-  - PsLookupProcessByProcessId
-  - NtQuerySystemInformation
-  - _wcsnicmp
-  - ZwReadFile
-  - RtlSetDaclSecurityDescriptor
-  - KeInitializeApc
-  - IoDeleteDevice
-  - NtFsControlFile
-  - KeInsertQueueApc
-  - MmGetSystemRoutineAddress
-  - IoCreateFile
-  - ZwQuerySystemInformation
-  - KeReleaseSpinLock
-  - RtlAddAccessAllowedAce
-  - RtlImageDirectoryEntryToData
-  - KeDetachProcess
-  - KeDelayExecutionThread
-  - wcsncmp
-  - ZwCreateFile
-  - PsCreateSystemThread
-  - ZwQueryValueKey
-  - PsTerminateSystemThread
-  - ZwFreeVirtualMemory
-  - KeQueryTimeIncrement
-  - ObReferenceObjectByHandle
-  - KeWaitForSingleObject
-  - KeAttachProcess
-  - PsGetVersion
-  - PsThreadType
-  - RtlCompareUnicodeString
-  - ZwOpenProcess
-  - ZwQueryInformationProcess
-  - IoCreateSymbolicLink
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - ZwTerminateProcess
-  - ZwQueryInformationFile
-  - KeWaitForMultipleObjects
-  - ZwWriteFile
-  - NtReadFile
-  - DbgPrint
-  - PsLookupThreadByThreadId
-  - RtlLengthSid
-  - RtlCreateSecurityDescriptor
-  - ZwAllocateVirtualMemory
-  - ZwOpenKey
-  - KeAcquireSpinLockRaiseToDpc
-  - ZwOpenFile
-  - RtlUnicodeStringToInteger
-  - MmIsAddressValid
-  - ZwDeviceIoControlFile
-  - IofCompleteRequest
-  - ZwClose
-  - MmMapLockedPagesSpecifyCache
-  - MmUserProbeAddress
-  - MmBuildMdlForNonPagedPool
-  - memchr
-  - ZwWaitForSingleObject
-  - RtlInitUnicodeString
-  - NdisAllocateMemoryWithTag
-  - NdisAllocateNetBufferAndNetBufferList
-  - NdisMSendNetBufferListsComplete
-  - NdisReturnNetBufferLists
-  - NdisAllocateNetBufferListPool
-  - NdisFreeMemory
-  - NdisCopyFromNetBufferToNetBuffer
-  - NdisFreeMdl
-  - NdisFreeNetBufferListPool
-  - NdisFreeNetBufferList
-  - NdisSendNetBufferLists
-  Imports:
-  - ntoskrnl.exe
-  - NDIS.SYS
-  InternalName: wantd.sys
-  MD5: 8636fe3724f2bcba9399daffd6ef3c7e
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: wantd.sys
-  Product: Microsoft Windows Operating System
-  ProductVersion: 6.1.7600.938
-  Publisher: Anhua Xinda (Beijing) Technology Co., Ltd.
-  RichPEHeaderHash:
-    MD5: ffb3b0d0258fb0606ee7e21ca15c01ab
-    SHA1: 0c79c4323d4fdcd03744c74405225f23034656b4
-    SHA256: 24a759b45ba0cca67772c01218a5571bc0785aee67ab3288c539a077c540cf3f
-  SHA1: 3b6b35bca1b05fafbfc883a844df6d52af44ccdc
-  SHA256: 6908ebf52eb19c6719a0b508d1e2128f198d10441551cbfb9f4031d382f5229f
-  Sections:
-    .text:
-      Entropy: 6.388974674357349
-      Virtual Size: '0xbdd4'
-    .rdata:
-      Entropy: 4.666954990329082
-      Virtual Size: '0x7bc'
-    .data:
-      Entropy: 0.863417921176234
-      Virtual Size: '0x197db0'
-    .pdata:
-      Entropy: 4.546038299005804
-      Virtual Size: '0x780'
-    INIT:
-      Entropy: 5.898224748156246
-      Virtual Size: '0xe56'
-    .rsrc:
-      Entropy: 3.2588741664875855
-      Virtual Size: '0x3b0'
-  Signature: Signed
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=CN, ST=Beijing, L=Beijing, O=Anhua Xinda (Beijing) Technology Co.,
-        Ltd., OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=Anhua Xinda
-        (Beijing) Technology Co., Ltd.
-      ValidFrom: '2011-06-28 00:00:00'
-      ValidTo: '2014-06-27 23:59:59'
-      Signature: 75446640570a5790bb9af0f472df1738c47e362aedd568599f66a121e1c27b51008ca2e0d72ed727e61ee0c76a578dc56de22c5ee58136db144fc68aca0fd0196d70716bd8c9d19b5fdd8a147d749367a953604b24502efdd039577033df13b8d20a8cc7ca4829a303c11e7f6bf3c370d98b64b875ca3745546285bb70c204467968b1c4a416b0636c590dff6f7a3091ed00351c626e32e859bdd58d363940a5ed33d121e423d2ba1b8ad85c5c1296e23d627e0aafe9268945bce9567c38719621eecdde83a74139fb3e0920a32e558fd64c0149cfec10f4b82fdcc8cdaed4011977c2169035b71edc68fabaf43d59f989ee5d97ec94eaa05ef2a62bfc480fa9
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 387c9476e28320264594846317d46540
-      Version: 3
-      TBS:
-        MD5: ce372214eabe9d311e4a156fe2044327
-        SHA1: 7f7eb1a547c9b0b2e41b0f44515dfd20c16edceb
-        SHA256: 03d59cc81c6960a93ab4b02e5521aa9fb349e8d7df9dfdf675201e48c23b5a34
-        SHA384: 4b8829bc6980e82affeb7ad29efb59fc3ca9b02d015e6c0f385b9f2cf275609cd45936659f41fce579c073e34c2ca308
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 387c9476e28320264594846317d46540
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 27f6dc8a247a22308dd1beba5086b302
-  LoadsDespiteHVCI: 'TRUE'
 MitreID: T1068
+Category: malicious
+Commands:
+    Command: sc.exe create wantd_2.sys binPath=C:\windows\temp\wantd_2.sys type=kernel
+        && sc.exe start wantd_2.sys
+    Description: Driver used in the Daxin malware campaign.
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://gist.github.com/MHaggis/9ab3bb795a6018d70fb11fa7c31f8f48
 - https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/daxin-backdoor-espionage
 - ''
-Tags:
-- wantd_2.sys
-Verified: 'TRUE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/6908ebf52eb19c6719a0b508d1e2128f198d10441551cbfb9f4031d382f5229f.yara
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_mal_drivers_strict.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 4b7d15fe072cc44bb427206b295f861d
+        SHA1: 2edc9b891f72f204bee80618058f921a3f6fb5a1
+        SHA256: 25d16b2b53fc7b52a65616ab7fc04a503946c20fe96556681bfaddd589401f4a
+    Company: Microsoft Corporation
+    Copyright: Microsoft Corporation. All rights reserved.
+    CreationTimestamp: '2014-04-30 01:52:31'
+    Date: ''
+    Description: WAN Transport Driver
+    ExportedFunctions: ''
+    FileVersion: 6.1.7600.938
+    Filename: wantd_2.sys
+    ImportedFunctions:
+    - IoAllocateMdl
+    - _stricmp
+    - sprintf
+    - RtlLengthRequiredSid
+    - ExAllocatePoolWithTag
+    - vsprintf
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - RtlAnsiStringToUnicodeString
+    - NtWriteFile
+    - RtlCreateAcl
+    - PsLookupProcessByProcessId
+    - NtQuerySystemInformation
+    - _wcsnicmp
+    - ZwReadFile
+    - RtlSetDaclSecurityDescriptor
+    - KeInitializeApc
+    - IoDeleteDevice
+    - NtFsControlFile
+    - KeInsertQueueApc
+    - MmGetSystemRoutineAddress
+    - IoCreateFile
+    - ZwQuerySystemInformation
+    - KeReleaseSpinLock
+    - RtlAddAccessAllowedAce
+    - RtlImageDirectoryEntryToData
+    - KeDetachProcess
+    - KeDelayExecutionThread
+    - wcsncmp
+    - ZwCreateFile
+    - PsCreateSystemThread
+    - ZwQueryValueKey
+    - PsTerminateSystemThread
+    - ZwFreeVirtualMemory
+    - KeQueryTimeIncrement
+    - ObReferenceObjectByHandle
+    - KeWaitForSingleObject
+    - KeAttachProcess
+    - PsGetVersion
+    - PsThreadType
+    - RtlCompareUnicodeString
+    - ZwOpenProcess
+    - ZwQueryInformationProcess
+    - IoCreateSymbolicLink
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - ZwTerminateProcess
+    - ZwQueryInformationFile
+    - KeWaitForMultipleObjects
+    - ZwWriteFile
+    - NtReadFile
+    - DbgPrint
+    - PsLookupThreadByThreadId
+    - RtlLengthSid
+    - RtlCreateSecurityDescriptor
+    - ZwAllocateVirtualMemory
+    - ZwOpenKey
+    - KeAcquireSpinLockRaiseToDpc
+    - ZwOpenFile
+    - RtlUnicodeStringToInteger
+    - MmIsAddressValid
+    - ZwDeviceIoControlFile
+    - IofCompleteRequest
+    - ZwClose
+    - MmMapLockedPagesSpecifyCache
+    - MmUserProbeAddress
+    - MmBuildMdlForNonPagedPool
+    - memchr
+    - ZwWaitForSingleObject
+    - RtlInitUnicodeString
+    - NdisAllocateMemoryWithTag
+    - NdisAllocateNetBufferAndNetBufferList
+    - NdisMSendNetBufferListsComplete
+    - NdisReturnNetBufferLists
+    - NdisAllocateNetBufferListPool
+    - NdisFreeMemory
+    - NdisCopyFromNetBufferToNetBuffer
+    - NdisFreeMdl
+    - NdisFreeNetBufferListPool
+    - NdisFreeNetBufferList
+    - NdisSendNetBufferLists
+    Imports:
+    - ntoskrnl.exe
+    - NDIS.SYS
+    InternalName: wantd.sys
+    MD5: 8636fe3724f2bcba9399daffd6ef3c7e
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: wantd.sys
+    Product: Microsoft Windows Operating System
+    ProductVersion: 6.1.7600.938
+    Publisher: Anhua Xinda (Beijing) Technology Co., Ltd.
+    RichPEHeaderHash:
+        MD5: ffb3b0d0258fb0606ee7e21ca15c01ab
+        SHA1: 0c79c4323d4fdcd03744c74405225f23034656b4
+        SHA256: 24a759b45ba0cca67772c01218a5571bc0785aee67ab3288c539a077c540cf3f
+    SHA1: 3b6b35bca1b05fafbfc883a844df6d52af44ccdc
+    SHA256: 6908ebf52eb19c6719a0b508d1e2128f198d10441551cbfb9f4031d382f5229f
+    Sections:
+        .text:
+            Entropy: 6.388974674357349
+            Virtual Size: '0xbdd4'
+        .rdata:
+            Entropy: 4.666954990329082
+            Virtual Size: '0x7bc'
+        .data:
+            Entropy: 0.863417921176234
+            Virtual Size: '0x197db0'
+        .pdata:
+            Entropy: 4.546038299005804
+            Virtual Size: '0x780'
+        INIT:
+            Entropy: 5.898224748156246
+            Virtual Size: '0xe56'
+        .rsrc:
+            Entropy: 3.2588741664875855
+            Virtual Size: '0x3b0'
+    Signature: Signed
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=CN, ST=Beijing, L=Beijing, O=Anhua Xinda (Beijing) Technology
+                Co., Ltd., OU=Digital ID Class 3 , Microsoft Software Validation v2,
+                CN=Anhua Xinda (Beijing) Technology Co., Ltd.
+            ValidFrom: '2011-06-28 00:00:00'
+            ValidTo: '2014-06-27 23:59:59'
+            Signature: 75446640570a5790bb9af0f472df1738c47e362aedd568599f66a121e1c27b51008ca2e0d72ed727e61ee0c76a578dc56de22c5ee58136db144fc68aca0fd0196d70716bd8c9d19b5fdd8a147d749367a953604b24502efdd039577033df13b8d20a8cc7ca4829a303c11e7f6bf3c370d98b64b875ca3745546285bb70c204467968b1c4a416b0636c590dff6f7a3091ed00351c626e32e859bdd58d363940a5ed33d121e423d2ba1b8ad85c5c1296e23d627e0aafe9268945bce9567c38719621eecdde83a74139fb3e0920a32e558fd64c0149cfec10f4b82fdcc8cdaed4011977c2169035b71edc68fabaf43d59f989ee5d97ec94eaa05ef2a62bfc480fa9
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 387c9476e28320264594846317d46540
+            Version: 3
+            TBS:
+                MD5: ce372214eabe9d311e4a156fe2044327
+                SHA1: 7f7eb1a547c9b0b2e41b0f44515dfd20c16edceb
+                SHA256: 03d59cc81c6960a93ab4b02e5521aa9fb349e8d7df9dfdf675201e48c23b5a34
+                SHA384: 4b8829bc6980e82affeb7ad29efb59fc3ca9b02d015e6c0f385b9f2cf275609cd45936659f41fce579c073e34c2ca308
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 387c9476e28320264594846317d46540
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 27f6dc8a247a22308dd1beba5086b302
+    LoadsDespiteHVCI: 'TRUE'
diff --git a/yaml/aaa92ef1-5728-4e15-9fca-b054b02f0fb0.yaml b/yaml/aaa92ef1-5728-4e15-9fca-b054b02f0fb0.yaml
index 1fc0c4d28..998e80d35 100644
--- a/yaml/aaa92ef1-5728-4e15-9fca-b054b02f0fb0.yaml
+++ b/yaml/aaa92ef1-5728-4e15-9fca-b054b02f0fb0.yaml
@@ -1,154 +1,154 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: aaa92ef1-5728-4e15-9fca-b054b02f0fb0
+Tags:
+- piddrv64.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create piddrv64.sys binPath=C:\windows\temp\piddrv64.sys type=kernel
-    && sc.exe start piddrv64.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection: []
-Id: aaa92ef1-5728-4e15-9fca-b054b02f0fb0
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: a6200c0995103391120e3561971560a6
-    SHA1: 0c2599d738d01a82ec91725f499acebbcfb47cc9
-    SHA256: b97f870c501714fa453cf18ae8a30c87d08ff1e6d784afdbb0121aea3da2dc28
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2019-01-23 01:53:06'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: piddrv64.sys
-  ImportedFunctions:
-  - MmGetSystemRoutineAddress
-  - IoBuildSynchronousFsdRequest
-  - IofCallDriver
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - IoFreeIrp
-  - IoGetDeviceProperty
-  - ExFreePoolWithTag
-  - ObfDereferenceObject
-  - ObReferenceObjectByName
-  - IoEnumerateDeviceObjectList
-  - IoGetDeviceAttachmentBaseRef
-  - IoDriverObjectType
-  - KeBugCheckEx
-  - __C_specific_handler
-  - ExAllocatePoolWithTag
-  - KeWaitForSingleObject
-  - KeInitializeEvent
-  - RtlCopyUnicodeString
-  - DbgPrint
-  - RtlCompareUnicodeString
-  - RtlInitUnicodeString
-  - ObfReferenceObject
-  - memcpy_s
-  - HalGetBusData
-  - HalGetBusDataByOffset
-  - WdfVersionUnbind
-  - WdfVersionBind
-  - WdfVersionBindClass
-  - WdfVersionUnbindClass
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  - WDFLDR.SYS
-  InternalName: ''
-  MD5: fd7de498a72b2daf89f321d23948c3c4
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: b993d25ff5b93ffa13610af751faac82
-    SHA1: 56acb91e58ffd8ebdbcc7a832c3b07ec3da8d68d
-    SHA256: cedcd19f2c6c12e7ebbe9ae491fc73c2db6d4561bda95c6b689c42ed4805704d
-  SHA1: c4ed28fdfba7b8a8dfe39e591006f25d39990f07
-  SHA256: b03f26009de2e8eabfcf6152f49b02a55c5e5d0f73e01d48f5a745f93ce93a29
-  Sections:
-    .text:
-      Entropy: 6.261738272825293
-      Virtual Size: '0x14c8'
-    .rdata:
-      Entropy: 4.166385890678869
-      Virtual Size: '0x700'
-    .data:
-      Entropy: 0.9718077021742217
-      Virtual Size: '0xf48'
-    .pdata:
-      Entropy: 3.7490610892230234
-      Virtual Size: '0x15c'
-    .gfids:
-      Entropy: 0.8112781244591328
-      Virtual Size: '0x4'
-    PAGE:
-      Entropy: 5.647828214747166
-      Virtual Size: '0x68a'
-    INIT:
-      Entropy: 5.330366313619981
-      Virtual Size: '0x5f4'
-    .reloc:
-      Entropy: 3.084183719779188
-      Virtual Size: '0x28'
-  Signature:
-  - Microsoft Windows Hardware Compatibility Publisher
-  - Microsoft Windows Third Party Component CA 2012
-  - Microsoft Root Certificate Authority 2010
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Hardware Compatibility Publisher
-      ValidFrom: '2018-09-20 19:45:06'
-      ValidTo: '2019-09-20 19:45:06'
-      Signature: 180e211f245e9f356516359d002cb33904c7c9b883a39af9d000d7feee231f0c68bc272d4e9818533c6dd00a732df28966757d7c84db825265e3b453ccd9e620af2d714ea7aaf1019b7666098ed84df68cbdc52180b76bcef050c13e57a3125e05a576e11221316e763219b50353920b15f0bfd58474381f0d3fc4439dea7b3de5aa7287948b34909c689aa98df140c25ed2f0b7059e84a99c68c2cd69f42af3a2c9776df0eb5f08f3bf62ecd920144b0a6511a9201f00d2bee8774cc00863ba36827c01d8849a69cb06ae35ec50976412beaada0ff49a0bb11acb1465e80a206b0b846b3049548c400cd37cd1d1f1cb3dc1e040f6f26c53adf284153000c33b
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 330000006d9da53e87009d334900000000006d
-      Version: 3
-      TBS:
-        MD5: 492f0445b9066f46587442aaa5cd8e2f
-        SHA1: 0cbb75cf1d4b8a17871dbadf9f16551e370bfd4f
-        SHA256: 630b559341170d2934b0106cc099d2fff38d3add906676c2d1cb22379a028984
-        SHA384: eb0c7790e4d35dfd6e4f9802d7ab34b0f47e62d987ffac00f7bfc8a90bf8eac0940f00bb8239b23e0cce27c6a2fe727b
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2012
-      ValidFrom: '2012-04-18 23:48:38'
-      ValidTo: '2027-04-18 23:58:38'
-      Signature: 5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 610baac1000000000009
-      Version: 3
-      TBS:
-        MD5: a569061297e8e824767dbc3184a69bea
-        SHA1: adbb26a587a8f44b4fccaecb306f980d1c55a150
-        SHA256: cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46
-        SHA384: e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba
-    Signer:
-    - SerialNumber: 330000006d9da53e87009d334900000000006d
-      Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2012
-      Version: 1
-  Imphash: e80eeed7225a880bbde0d038a5fe1af4
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create piddrv64.sys binPath=C:\windows\temp\piddrv64.sys type=kernel
+        && sc.exe start piddrv64.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://github.com/eclypsium/Screwed-Drivers/blob/master/DRIVERS.md
-Tags:
-- piddrv64.sys
-Verified: 'TRUE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: a6200c0995103391120e3561971560a6
+        SHA1: 0c2599d738d01a82ec91725f499acebbcfb47cc9
+        SHA256: b97f870c501714fa453cf18ae8a30c87d08ff1e6d784afdbb0121aea3da2dc28
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2019-01-23 01:53:06'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: piddrv64.sys
+    ImportedFunctions:
+    - MmGetSystemRoutineAddress
+    - IoBuildSynchronousFsdRequest
+    - IofCallDriver
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - IoFreeIrp
+    - IoGetDeviceProperty
+    - ExFreePoolWithTag
+    - ObfDereferenceObject
+    - ObReferenceObjectByName
+    - IoEnumerateDeviceObjectList
+    - IoGetDeviceAttachmentBaseRef
+    - IoDriverObjectType
+    - KeBugCheckEx
+    - __C_specific_handler
+    - ExAllocatePoolWithTag
+    - KeWaitForSingleObject
+    - KeInitializeEvent
+    - RtlCopyUnicodeString
+    - DbgPrint
+    - RtlCompareUnicodeString
+    - RtlInitUnicodeString
+    - ObfReferenceObject
+    - memcpy_s
+    - HalGetBusData
+    - HalGetBusDataByOffset
+    - WdfVersionUnbind
+    - WdfVersionBind
+    - WdfVersionBindClass
+    - WdfVersionUnbindClass
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    - WDFLDR.SYS
+    InternalName: ''
+    MD5: fd7de498a72b2daf89f321d23948c3c4
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: b993d25ff5b93ffa13610af751faac82
+        SHA1: 56acb91e58ffd8ebdbcc7a832c3b07ec3da8d68d
+        SHA256: cedcd19f2c6c12e7ebbe9ae491fc73c2db6d4561bda95c6b689c42ed4805704d
+    SHA1: c4ed28fdfba7b8a8dfe39e591006f25d39990f07
+    SHA256: b03f26009de2e8eabfcf6152f49b02a55c5e5d0f73e01d48f5a745f93ce93a29
+    Sections:
+        .text:
+            Entropy: 6.261738272825293
+            Virtual Size: '0x14c8'
+        .rdata:
+            Entropy: 4.166385890678869
+            Virtual Size: '0x700'
+        .data:
+            Entropy: 0.9718077021742217
+            Virtual Size: '0xf48'
+        .pdata:
+            Entropy: 3.7490610892230234
+            Virtual Size: '0x15c'
+        .gfids:
+            Entropy: 0.8112781244591328
+            Virtual Size: '0x4'
+        PAGE:
+            Entropy: 5.647828214747166
+            Virtual Size: '0x68a'
+        INIT:
+            Entropy: 5.330366313619981
+            Virtual Size: '0x5f4'
+        .reloc:
+            Entropy: 3.084183719779188
+            Virtual Size: '0x28'
+    Signature:
+    - Microsoft Windows Hardware Compatibility Publisher
+    - Microsoft Windows Third Party Component CA 2012
+    - Microsoft Root Certificate Authority 2010
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Hardware Compatibility Publisher
+            ValidFrom: '2018-09-20 19:45:06'
+            ValidTo: '2019-09-20 19:45:06'
+            Signature: 180e211f245e9f356516359d002cb33904c7c9b883a39af9d000d7feee231f0c68bc272d4e9818533c6dd00a732df28966757d7c84db825265e3b453ccd9e620af2d714ea7aaf1019b7666098ed84df68cbdc52180b76bcef050c13e57a3125e05a576e11221316e763219b50353920b15f0bfd58474381f0d3fc4439dea7b3de5aa7287948b34909c689aa98df140c25ed2f0b7059e84a99c68c2cd69f42af3a2c9776df0eb5f08f3bf62ecd920144b0a6511a9201f00d2bee8774cc00863ba36827c01d8849a69cb06ae35ec50976412beaada0ff49a0bb11acb1465e80a206b0b846b3049548c400cd37cd1d1f1cb3dc1e040f6f26c53adf284153000c33b
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 330000006d9da53e87009d334900000000006d
+            Version: 3
+            TBS:
+                MD5: 492f0445b9066f46587442aaa5cd8e2f
+                SHA1: 0cbb75cf1d4b8a17871dbadf9f16551e370bfd4f
+                SHA256: 630b559341170d2934b0106cc099d2fff38d3add906676c2d1cb22379a028984
+                SHA384: eb0c7790e4d35dfd6e4f9802d7ab34b0f47e62d987ffac00f7bfc8a90bf8eac0940f00bb8239b23e0cce27c6a2fe727b
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2012
+            ValidFrom: '2012-04-18 23:48:38'
+            ValidTo: '2027-04-18 23:58:38'
+            Signature: 5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 610baac1000000000009
+            Version: 3
+            TBS:
+                MD5: a569061297e8e824767dbc3184a69bea
+                SHA1: adbb26a587a8f44b4fccaecb306f980d1c55a150
+                SHA256: cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46
+                SHA384: e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba
+        Signer:
+        -   SerialNumber: 330000006d9da53e87009d334900000000006d
+            Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2012
+            Version: 1
+    Imphash: e80eeed7225a880bbde0d038a5fe1af4
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/aaf8ce1a-e11b-4929-96e0-5ec0666cef2c.yaml b/yaml/aaf8ce1a-e11b-4929-96e0-5ec0666cef2c.yaml
index 16b930049..0d578142d 100644
--- a/yaml/aaf8ce1a-e11b-4929-96e0-5ec0666cef2c.yaml
+++ b/yaml/aaf8ce1a-e11b-4929-96e0-5ec0666cef2c.yaml
@@ -1,224 +1,225 @@
 Id: aaf8ce1a-e11b-4929-96e0-5ec0666cef2c
+Tags:
+- 1fc7aeeff3ab19004d2e53eae8160ab1.sys
+Verified: 'TRUE'
 Author: Alice Climent-Pommeret
 Created: '2023-07-31'
 MitreID: T1014
 Category: malicious
-Verified: 'TRUE'
 Commands:
-  Command: sc.exe create 1fc7aeeff3ab19004d2e53eae8160ab1.sys binPath=C:\windows\temp\1fc7aeeff3ab19004d2e53eae8160ab1.sys
-    type=kernel && sc.exe start 1fc7aeeff3ab19004d2e53eae8160ab1.sys
-  Description: "Cisco Talos has identified multiple versions of an undocumented malicious\
-    \ driver named \u201CRedDriver,\u201D a driver-based browser hijacker that uses\
-    \ the Windows Filtering Platform (WFP) to intercept browser traffic. RedDriver\
-    \ has been active since at least 2021. RedDriver utilizes HookSignTool to forge\
-    \ its signature timestamp to bypass Windows driver-signing policies. Code from\
-    \ multiple open-source tools has been used in the development of RedDriver's infection\
-    \ chain, including HP-Socket and a custom implementation of ReflectiveLoader.\
-    \ The authors of RedDriver appear to be skilled in driver development and have\
-    \ deep knowledge of the Windows operating system. This threat appears to target\
-    \ native Chinese speakers, as it searches for Chinese language browsers to hijack.\
-    \ Additionally, the authors are likely Chinese speakers themselves."
-  Usecase: ''
-  Privileges: kernel
-  OperatingSystem: Windows 10
+    Command: sc.exe create 1fc7aeeff3ab19004d2e53eae8160ab1.sys binPath=C:\windows\temp\1fc7aeeff3ab19004d2e53eae8160ab1.sys
+        type=kernel && sc.exe start 1fc7aeeff3ab19004d2e53eae8160ab1.sys
+    Description: "Cisco Talos has identified multiple versions of an undocumented\
+        \ malicious driver named \u201CRedDriver,\u201D a driver-based browser hijacker\
+        \ that uses the Windows Filtering Platform (WFP) to intercept browser traffic.\
+        \ RedDriver has been active since at least 2021. RedDriver utilizes HookSignTool\
+        \ to forge its signature timestamp to bypass Windows driver-signing policies.\
+        \ Code from multiple open-source tools has been used in the development of\
+        \ RedDriver's infection chain, including HP-Socket and a custom implementation\
+        \ of ReflectiveLoader. The authors of RedDriver appear to be skilled in driver\
+        \ development and have deep knowledge of the Windows operating system. This\
+        \ threat appears to target native Chinese speakers, as it searches for Chinese\
+        \ language browsers to hijack. Additionally, the authors are likely Chinese\
+        \ speakers themselves."
+    Usecase: ''
+    Privileges: kernel
+    OperatingSystem: Windows 10
 Resources:
 - https://blog.talosintelligence.com/undocumented-reddriver/
-Acknowledgement:
-  Person: ''
-  Handle: ''
 Detection: []
+Acknowledgement:
+    Person: ''
+    Handle: ''
 KnownVulnerableSamples:
-- Filename: ''
-  MD5: 1fc7aeeff3ab19004d2e53eae8160ab1
-  SHA1: 08dd35dde6187af579a1210e00eadbcea29e66d2
-  SHA256: 8922be14c657e603179f1dd94dc32de7c99d2268ac92d429c4fdda7396c32e50
-  Signature: ''
-  Date: ''
-  Publisher: ''
-  Company: ''
-  Description: ''
-  Product: ''
-  ProductVersion: ''
-  FileVersion: ''
-  MachineType: AMD64
-  OriginalFilename: ''
-  Authentihash:
-    MD5: 91f2581c4f2fab49711c9221aaf3d726
-    SHA1: e95809eda9fa380c8b7c8b056e443c419beae53f
-    SHA256: 43f88737fcdc8cd913ec2643c1841c87794f987e98b1432dd6220f769183467b
-  RichPEHeaderHash:
-    MD5: ecdd5c0e8a78b145a8e5d9443ff0f2eb
-    SHA1: 3ed3a76d965f1b5e387959ceedc84567a2f7bca4
-    SHA256: 1edc4e310bd57e5c317b972f0bdb9f1f0794009b7039364dd6a879ee5f342754
-  Sections:
-    .text:
-      Entropy: 6.2119592546505995
-      Virtual Size: '0xc1ee'
-    .rdata:
-      Entropy: 5.110403242864534
-      Virtual Size: '0xbac'
-    .data:
-      Entropy: 7.8800439180453505
-      Virtual Size: '0xa5490'
-    .pdata:
-      Entropy: 4.5968345164469415
-      Virtual Size: '0x540'
-    PAGE:
-      Entropy: 6.308757256393646
-      Virtual Size: '0x9b5'
-    INIT:
-      Entropy: 5.268683087271941
-      Virtual Size: '0xa96'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2023-06-30 01:34:36'
-  InternalName: ''
-  Copyright: ''
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IoRegisterDriverReinitialization
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeSetEvent
-  - KeInitializeEvent
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - ZwClose
-  - IofCompleteRequest
-  - ObReferenceObjectByHandle
-  - KeWaitForSingleObject
-  - PsThreadType
-  - IoIsWdmVersionAvailable
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - ZwReadFile
-  - IoCreateFile
-  - ZwSetInformationFile
-  - ZwCreateFile
-  - ZwQueryDirectoryFile
-  - ZwDeleteFile
-  - ZwOpenFile
-  - RtlImageNtHeader
-  - ZwQueryInformationFile
-  - ZwWriteFile
-  - ZwSetValueKey
-  - ZwQueryValueKey
-  - _vsnprintf
-  - ZwFlushKey
-  - ZwDeleteKey
-  - ZwOpenKey
-  - _stricmp
-  - ZwCreateKey
-  - PsSetLoadImageNotifyRoutine
-  - PsGetProcessImageFileName
-  - PsLookupProcessByProcessId
-  - MmGetSystemRoutineAddress
-  - RtlGetVersion
-  - FsRtlIsNameInExpression
-  - wcsrchr
-  - PsRemoveLoadImageNotifyRoutine
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - KeUnstackDetachProcess
-  - ObOpenObjectByPointer
-  - KeStackAttachProcess
-  - ZwAllocateVirtualMemory
-  - KeClearEvent
-  - _wcsnicmp
-  - ObCreateObject
-  - IoFileObjectType
-  - IoDriverObjectType
-  - MmMapLockedPagesSpecifyCache
-  - IoGetCurrentProcess
-  - _vsnwprintf
-  - KeQueryTimeIncrement
-  - IoGetDeviceAttachmentBaseRef
-  - IoFreeIrp
-  - IoAllocateIrp
-  - RtlCompareUnicodeString
-  - CmRegisterCallback
-  - PsGetCurrentProcessId
-  - RtlCopyUnicodeString
-  - CmCallbackGetKeyObjectID
-  - ZwEnumerateKey
-  - strstr
-  - KeDelayExecutionThread
-  - ExSystemTimeToLocalTime
-  - RtlTimeToTimeFields
-  - RtlMultiByteToUnicodeN
-  - IoBuildDeviceIoControlRequest
-  - IoGetRelatedDeviceObject
-  - IoFreeMdl
-  - IoCancelIrp
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - IofCallDriver
-  - ZwMapViewOfSection
-  - ExGetPreviousMode
-  - ZwQuerySystemInformation
-  - ZwUnmapViewOfSection
-  - ZwCreateSection
-  - ExFreePool
-  - KeBugCheckEx
-  - __C_specific_handler
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=CN, ST=Beijing, L=Beijing, O=Beijing JoinHope Image Technology Ltd.,
-        CN=Beijing JoinHope Image Technology Ltd.
-      ValidFrom: '2014-05-16 00:00:00'
-      ValidTo: '2015-05-16 23:59:59'
-      Signature: e896f8811ed9938fcbdc8c37f8c029045bb36722791c608d7d59f1d50b9e8923777b3ce973553c8164d7445f038c3720516d74f2f95fd734cd1349c1e6cf17f1c9042f069fb94350f7cd8f36f676fd175742d32adbc5d143423e3bc38bea71f9d021110303529d578ba7aab16d53c61642cf1f7e16964718a083182429d4347a09ea0047d9e53bad112ca5a5a14a180539ceb64000a677709bb70e9e3aea68158977072e7f130f1f99b08c2593b4003523f3f6cd441a7e4d8e88f3a2b871e6a03627dd3dadd97487df1dc5b93119ec65b60d1e4e0248a1978ee7480c08b8b8e54d890e7941aa852cf65d731cf0a6cf66584a0d0fba70d6697ee22a8d859919f4
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0a005d2e2bcd4137168217d8c727747c
-      Version: 3
-      TBS:
-        MD5: 4d213d99215f488050faaa39765656d1
-        SHA1: 0308508b5a3fcd330bbf28931f8e1a9c93c3ee69
-        SHA256: ea947432de238a25fdb7892e436f4ef44f30ab16ae9e1eb914860f4808b25ef2
-        SHA384: 430e932514f35ed55f31f050f33bcc0b9244fd83c6d1d28ee240306e54292e93b5894ef4eb9c09bf84cdc8068c6a7230
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 0a005d2e2bcd4137168217d8c727747c
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: be0dd8b8e045356d600ee55a64d9d197
-  LoadsDespiteHVCI: 'TRUE'
-Tags:
-- 1fc7aeeff3ab19004d2e53eae8160ab1.sys
+-   Filename: ''
+    MD5: 1fc7aeeff3ab19004d2e53eae8160ab1
+    SHA1: 08dd35dde6187af579a1210e00eadbcea29e66d2
+    SHA256: 8922be14c657e603179f1dd94dc32de7c99d2268ac92d429c4fdda7396c32e50
+    Signature: ''
+    Date: ''
+    Publisher: ''
+    Company: ''
+    Description: ''
+    Product: ''
+    ProductVersion: ''
+    FileVersion: ''
+    MachineType: AMD64
+    OriginalFilename: ''
+    Authentihash:
+        MD5: 91f2581c4f2fab49711c9221aaf3d726
+        SHA1: e95809eda9fa380c8b7c8b056e443c419beae53f
+        SHA256: 43f88737fcdc8cd913ec2643c1841c87794f987e98b1432dd6220f769183467b
+    RichPEHeaderHash:
+        MD5: ecdd5c0e8a78b145a8e5d9443ff0f2eb
+        SHA1: 3ed3a76d965f1b5e387959ceedc84567a2f7bca4
+        SHA256: 1edc4e310bd57e5c317b972f0bdb9f1f0794009b7039364dd6a879ee5f342754
+    Sections:
+        .text:
+            Entropy: 6.2119592546505995
+            Virtual Size: '0xc1ee'
+        .rdata:
+            Entropy: 5.110403242864534
+            Virtual Size: '0xbac'
+        .data:
+            Entropy: 7.8800439180453505
+            Virtual Size: '0xa5490'
+        .pdata:
+            Entropy: 4.5968345164469415
+            Virtual Size: '0x540'
+        PAGE:
+            Entropy: 6.308757256393646
+            Virtual Size: '0x9b5'
+        INIT:
+            Entropy: 5.268683087271941
+            Virtual Size: '0xa96'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2023-06-30 01:34:36'
+    InternalName: ''
+    Copyright: ''
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - IoRegisterDriverReinitialization
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeSetEvent
+    - KeInitializeEvent
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - ZwClose
+    - IofCompleteRequest
+    - ObReferenceObjectByHandle
+    - KeWaitForSingleObject
+    - PsThreadType
+    - IoIsWdmVersionAvailable
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - ZwReadFile
+    - IoCreateFile
+    - ZwSetInformationFile
+    - ZwCreateFile
+    - ZwQueryDirectoryFile
+    - ZwDeleteFile
+    - ZwOpenFile
+    - RtlImageNtHeader
+    - ZwQueryInformationFile
+    - ZwWriteFile
+    - ZwSetValueKey
+    - ZwQueryValueKey
+    - _vsnprintf
+    - ZwFlushKey
+    - ZwDeleteKey
+    - ZwOpenKey
+    - _stricmp
+    - ZwCreateKey
+    - PsSetLoadImageNotifyRoutine
+    - PsGetProcessImageFileName
+    - PsLookupProcessByProcessId
+    - MmGetSystemRoutineAddress
+    - RtlGetVersion
+    - FsRtlIsNameInExpression
+    - wcsrchr
+    - PsRemoveLoadImageNotifyRoutine
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - KeUnstackDetachProcess
+    - ObOpenObjectByPointer
+    - KeStackAttachProcess
+    - ZwAllocateVirtualMemory
+    - KeClearEvent
+    - _wcsnicmp
+    - ObCreateObject
+    - IoFileObjectType
+    - IoDriverObjectType
+    - MmMapLockedPagesSpecifyCache
+    - IoGetCurrentProcess
+    - _vsnwprintf
+    - KeQueryTimeIncrement
+    - IoGetDeviceAttachmentBaseRef
+    - IoFreeIrp
+    - IoAllocateIrp
+    - RtlCompareUnicodeString
+    - CmRegisterCallback
+    - PsGetCurrentProcessId
+    - RtlCopyUnicodeString
+    - CmCallbackGetKeyObjectID
+    - ZwEnumerateKey
+    - strstr
+    - KeDelayExecutionThread
+    - ExSystemTimeToLocalTime
+    - RtlTimeToTimeFields
+    - RtlMultiByteToUnicodeN
+    - IoBuildDeviceIoControlRequest
+    - IoGetRelatedDeviceObject
+    - IoFreeMdl
+    - IoCancelIrp
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - IofCallDriver
+    - ZwMapViewOfSection
+    - ExGetPreviousMode
+    - ZwQuerySystemInformation
+    - ZwUnmapViewOfSection
+    - ZwCreateSection
+    - ExFreePool
+    - KeBugCheckEx
+    - __C_specific_handler
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=CN, ST=Beijing, L=Beijing, O=Beijing JoinHope Image Technology
+                Ltd., CN=Beijing JoinHope Image Technology Ltd.
+            ValidFrom: '2014-05-16 00:00:00'
+            ValidTo: '2015-05-16 23:59:59'
+            Signature: e896f8811ed9938fcbdc8c37f8c029045bb36722791c608d7d59f1d50b9e8923777b3ce973553c8164d7445f038c3720516d74f2f95fd734cd1349c1e6cf17f1c9042f069fb94350f7cd8f36f676fd175742d32adbc5d143423e3bc38bea71f9d021110303529d578ba7aab16d53c61642cf1f7e16964718a083182429d4347a09ea0047d9e53bad112ca5a5a14a180539ceb64000a677709bb70e9e3aea68158977072e7f130f1f99b08c2593b4003523f3f6cd441a7e4d8e88f3a2b871e6a03627dd3dadd97487df1dc5b93119ec65b60d1e4e0248a1978ee7480c08b8b8e54d890e7941aa852cf65d731cf0a6cf66584a0d0fba70d6697ee22a8d859919f4
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0a005d2e2bcd4137168217d8c727747c
+            Version: 3
+            TBS:
+                MD5: 4d213d99215f488050faaa39765656d1
+                SHA1: 0308508b5a3fcd330bbf28931f8e1a9c93c3ee69
+                SHA256: ea947432de238a25fdb7892e436f4ef44f30ab16ae9e1eb914860f4808b25ef2
+                SHA384: 430e932514f35ed55f31f050f33bcc0b9244fd83c6d1d28ee240306e54292e93b5894ef4eb9c09bf84cdc8068c6a7230
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 0a005d2e2bcd4137168217d8c727747c
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: be0dd8b8e045356d600ee55a64d9d197
+    LoadsDespiteHVCI: 'TRUE'
diff --git a/yaml/abcd2c10-1078-4cf9-b320-04ca38d22f98.yaml b/yaml/abcd2c10-1078-4cf9-b320-04ca38d22f98.yaml
index c14bc3f5d..6894048bf 100644
--- a/yaml/abcd2c10-1078-4cf9-b320-04ca38d22f98.yaml
+++ b/yaml/abcd2c10-1078-4cf9-b320-04ca38d22f98.yaml
@@ -1,118 +1,118 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: abcd2c10-1078-4cf9-b320-04ca38d22f98
+Tags:
+- Chaos-Rootkit.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create Chaos-Rootkit.sys binPath=C:\windows\temp\Chaos-Rootkit.sys
-    type=kernel && sc.exe start Chaos-Rootkit.sys
-  Description: Chaos-Rootkit is a x64 ring0 rootkit with process hiding, privilege
-    escalation, and capabilities for protecting and unprotecting processes, work on
-    the latest Windows versions.
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-06-05'
-Detection: []
-Id: abcd2c10-1078-4cf9-b320-04ca38d22f98
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 7f41d82fd2f02bb6e2d621bc225c34b2
-    SHA1: 3b78b68280429db35d224cb4d32033e6c01b8011
-    SHA256: 60fb851ce3da03c319a423979b47a95dd231085d89b26516f3e25164a1a14dfb
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2023-05-21 06:19:33'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: Chaos-Rootkit.sys
-  ImportedFunctions:
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - PsLookupProcessByProcessId
-  - PsGetProcessImageFileName
-  - __C_specific_handler
-  - IofCompleteRequest
-  - RtlCopyUnicodeString
-  - DbgPrintEx
-  - ExReleasePushLockExclusiveEx
-  - ExAcquirePushLockExclusiveEx
-  - ExInitializePushLock
-  - PsReferencePrimaryToken
-  - DbgPrint
-  - WdfVersionUnbind
-  - WdfLdrQueryInterface
-  - WdfVersionBind
-  - WdfVersionUnbindClass
-  - WdfVersionBindClass
-  Imports:
-  - ntoskrnl.exe
-  - WDFLDR.SYS
-  InternalName: ''
-  MD5: 9532893c1d358188d66b0d7b0784bb6b
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: a0fa124e7a2c5f9aaacbb1ca24b36629
-    SHA1: 5be22e273d55ccd22c76a09844780399fd8e9f64
-    SHA256: f810290edf657960bade7beb246ab62f6f5d9caa01685a249ac4ad4c36255896
-  SHA1: d022f5e3c1bba43871af254a16ab0e378ea66184
-  SHA256: 0ae8d1dd56a8a000ced74a627052933d2e9bff31d251de185b3c0c5fc94a44db
-  Sections:
-    .text:
-      Entropy: 5.8460744196686925
-      Virtual Size: '0x15d5'
-    .rdata:
-      Entropy: 4.55099880214042
-      Virtual Size: '0x97c'
-    .data:
-      Entropy: 0.9568619474743305
-      Virtual Size: '0x300'
-    .pdata:
-      Entropy: 3.671187470457645
-      Virtual Size: '0x108'
-    INIT:
-      Entropy: 4.824674172237123
-      Virtual Size: '0x326'
-    .reloc:
-      Entropy: 3.6427249051134334
-      Virtual Size: '0x38'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: CN=WDKTestCert anash,133231280654008727
-      ValidFrom: '2023-03-12 20:54:25'
-      ValidTo: '2033-03-12 00:00:00'
-      Signature: 2877c0544f97abe3532296be49983e1e9b7f4c99ef327222c4b2b6d70194c8d97db7140a51dc6a18a009549aabe1bcb8c95d089917b9fed893b52f0518b649680aab7fdb5af9098de934aede339cee3d3c271ffc25c8d1b188fee3ff9a8b6591ac9f6e21934467db0d7d6595edcc98f3bbaf303202fab533ae82372da8d8b8dee1dcb80312e8ebe140ea9edfac35bf59e909b49edad358761784ffafb590665a6426e9b3fae943864a0484002555a654647e1495e92d9e8dafd00b0e36e30a921ec424e2d4a70d579879bdaaab9bc21824479b905e710ae1269e3fc3695c50811805f163e23590e53c173a79adda0fe1deb674f34fc0adf3cbcf93a4955907f7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 13d597c6ebaaaf994d4463d3387c0dd2
-      Version: 3
-      TBS:
-        MD5: 6b552c6f192fd7c811a7f292b41dd282
-        SHA1: fbd054373b922c03cad87c948c29ed2ed0883910
-        SHA256: e9098f46ff7e02093422a6e4745f420d41fc08c66a95b6f62f09b44297bf35af
-        SHA384: 4b008e59d2ea4c49427250d7da08075c183e7759d91b9defaf47873d9dab76f2b9e17cd95aeee7ca99ea0967a3ceeb0f
-    Signer:
-    - SerialNumber: 13d597c6ebaaaf994d4463d3387c0dd2
-      Issuer: CN=WDKTestCert anash,133231280654008727
-      Version: 1
-  Imphash: 3415f704b3149ea9a3d3a54036b208dd
-  LoadsDespiteHVCI: 'TRUE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create Chaos-Rootkit.sys binPath=C:\windows\temp\Chaos-Rootkit.sys
+        type=kernel && sc.exe start Chaos-Rootkit.sys
+    Description: Chaos-Rootkit is a x64 ring0 rootkit with process hiding, privilege
+        escalation, and capabilities for protecting and unprotecting processes, work
+        on the latest Windows versions.
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://github.com/ZeroMemoryEx/Chaos-Rootkit
-Tags:
-- Chaos-Rootkit.sys
-Verified: 'TRUE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 7f41d82fd2f02bb6e2d621bc225c34b2
+        SHA1: 3b78b68280429db35d224cb4d32033e6c01b8011
+        SHA256: 60fb851ce3da03c319a423979b47a95dd231085d89b26516f3e25164a1a14dfb
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2023-05-21 06:19:33'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: Chaos-Rootkit.sys
+    ImportedFunctions:
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - PsLookupProcessByProcessId
+    - PsGetProcessImageFileName
+    - __C_specific_handler
+    - IofCompleteRequest
+    - RtlCopyUnicodeString
+    - DbgPrintEx
+    - ExReleasePushLockExclusiveEx
+    - ExAcquirePushLockExclusiveEx
+    - ExInitializePushLock
+    - PsReferencePrimaryToken
+    - DbgPrint
+    - WdfVersionUnbind
+    - WdfLdrQueryInterface
+    - WdfVersionBind
+    - WdfVersionUnbindClass
+    - WdfVersionBindClass
+    Imports:
+    - ntoskrnl.exe
+    - WDFLDR.SYS
+    InternalName: ''
+    MD5: 9532893c1d358188d66b0d7b0784bb6b
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: a0fa124e7a2c5f9aaacbb1ca24b36629
+        SHA1: 5be22e273d55ccd22c76a09844780399fd8e9f64
+        SHA256: f810290edf657960bade7beb246ab62f6f5d9caa01685a249ac4ad4c36255896
+    SHA1: d022f5e3c1bba43871af254a16ab0e378ea66184
+    SHA256: 0ae8d1dd56a8a000ced74a627052933d2e9bff31d251de185b3c0c5fc94a44db
+    Sections:
+        .text:
+            Entropy: 5.8460744196686925
+            Virtual Size: '0x15d5'
+        .rdata:
+            Entropy: 4.55099880214042
+            Virtual Size: '0x97c'
+        .data:
+            Entropy: 0.9568619474743305
+            Virtual Size: '0x300'
+        .pdata:
+            Entropy: 3.671187470457645
+            Virtual Size: '0x108'
+        INIT:
+            Entropy: 4.824674172237123
+            Virtual Size: '0x326'
+        .reloc:
+            Entropy: 3.6427249051134334
+            Virtual Size: '0x38'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: CN=WDKTestCert anash,133231280654008727
+            ValidFrom: '2023-03-12 20:54:25'
+            ValidTo: '2033-03-12 00:00:00'
+            Signature: 2877c0544f97abe3532296be49983e1e9b7f4c99ef327222c4b2b6d70194c8d97db7140a51dc6a18a009549aabe1bcb8c95d089917b9fed893b52f0518b649680aab7fdb5af9098de934aede339cee3d3c271ffc25c8d1b188fee3ff9a8b6591ac9f6e21934467db0d7d6595edcc98f3bbaf303202fab533ae82372da8d8b8dee1dcb80312e8ebe140ea9edfac35bf59e909b49edad358761784ffafb590665a6426e9b3fae943864a0484002555a654647e1495e92d9e8dafd00b0e36e30a921ec424e2d4a70d579879bdaaab9bc21824479b905e710ae1269e3fc3695c50811805f163e23590e53c173a79adda0fe1deb674f34fc0adf3cbcf93a4955907f7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 13d597c6ebaaaf994d4463d3387c0dd2
+            Version: 3
+            TBS:
+                MD5: 6b552c6f192fd7c811a7f292b41dd282
+                SHA1: fbd054373b922c03cad87c948c29ed2ed0883910
+                SHA256: e9098f46ff7e02093422a6e4745f420d41fc08c66a95b6f62f09b44297bf35af
+                SHA384: 4b008e59d2ea4c49427250d7da08075c183e7759d91b9defaf47873d9dab76f2b9e17cd95aeee7ca99ea0967a3ceeb0f
+        Signer:
+        -   SerialNumber: 13d597c6ebaaaf994d4463d3387c0dd2
+            Issuer: CN=WDKTestCert anash,133231280654008727
+            Version: 1
+    Imphash: 3415f704b3149ea9a3d3a54036b208dd
+    LoadsDespiteHVCI: 'TRUE'
diff --git a/yaml/ac62e709-4aa5-41f4-87b1-b811283d70d1.yaml b/yaml/ac62e709-4aa5-41f4-87b1-b811283d70d1.yaml
index 2fb56adde..fbfb159fb 100644
--- a/yaml/ac62e709-4aa5-41f4-87b1-b811283d70d1.yaml
+++ b/yaml/ac62e709-4aa5-41f4-87b1-b811283d70d1.yaml
@@ -1,224 +1,225 @@
 Id: ac62e709-4aa5-41f4-87b1-b811283d70d1
+Tags:
+- a9df5964635ef8bd567ae487c3d214c4.sys
+Verified: 'TRUE'
 Author: Alice Climent-Pommeret
 Created: '2023-07-31'
 MitreID: T1014
 Category: malicious
-Verified: 'TRUE'
 Commands:
-  Command: sc.exe create a9df5964635ef8bd567ae487c3d214c4.sys binPath=C:\windows\temp\a9df5964635ef8bd567ae487c3d214c4.sys
-    type=kernel && sc.exe start a9df5964635ef8bd567ae487c3d214c4.sys
-  Description: "Cisco Talos has identified multiple versions of an undocumented malicious\
-    \ driver named \u201CRedDriver,\u201D a driver-based browser hijacker that uses\
-    \ the Windows Filtering Platform (WFP) to intercept browser traffic. RedDriver\
-    \ has been active since at least 2021. RedDriver utilizes HookSignTool to forge\
-    \ its signature timestamp to bypass Windows driver-signing policies. Code from\
-    \ multiple open-source tools has been used in the development of RedDriver's infection\
-    \ chain, including HP-Socket and a custom implementation of ReflectiveLoader.\
-    \ The authors of RedDriver appear to be skilled in driver development and have\
-    \ deep knowledge of the Windows operating system. This threat appears to target\
-    \ native Chinese speakers, as it searches for Chinese language browsers to hijack.\
-    \ Additionally, the authors are likely Chinese speakers themselves."
-  Usecase: ''
-  Privileges: kernel
-  OperatingSystem: Windows 10
+    Command: sc.exe create a9df5964635ef8bd567ae487c3d214c4.sys binPath=C:\windows\temp\a9df5964635ef8bd567ae487c3d214c4.sys
+        type=kernel && sc.exe start a9df5964635ef8bd567ae487c3d214c4.sys
+    Description: "Cisco Talos has identified multiple versions of an undocumented\
+        \ malicious driver named \u201CRedDriver,\u201D a driver-based browser hijacker\
+        \ that uses the Windows Filtering Platform (WFP) to intercept browser traffic.\
+        \ RedDriver has been active since at least 2021. RedDriver utilizes HookSignTool\
+        \ to forge its signature timestamp to bypass Windows driver-signing policies.\
+        \ Code from multiple open-source tools has been used in the development of\
+        \ RedDriver's infection chain, including HP-Socket and a custom implementation\
+        \ of ReflectiveLoader. The authors of RedDriver appear to be skilled in driver\
+        \ development and have deep knowledge of the Windows operating system. This\
+        \ threat appears to target native Chinese speakers, as it searches for Chinese\
+        \ language browsers to hijack. Additionally, the authors are likely Chinese\
+        \ speakers themselves."
+    Usecase: ''
+    Privileges: kernel
+    OperatingSystem: Windows 10
 Resources:
 - https://blog.talosintelligence.com/undocumented-reddriver/
-Acknowledgement:
-  Person: ''
-  Handle: ''
 Detection: []
+Acknowledgement:
+    Person: ''
+    Handle: ''
 KnownVulnerableSamples:
-- Filename: ''
-  MD5: a9df5964635ef8bd567ae487c3d214c4
-  SHA1: a14cd928c60495777629be283c1d5b8ebbab8c0d
-  SHA256: b0f1fbadc1d7a77557d3d836f7698bd986a3ec9fc5d534ad3403970f071176f7
-  Signature: ''
-  Date: ''
-  Publisher: ''
-  Company: ''
-  Description: ''
-  Product: ''
-  ProductVersion: ''
-  FileVersion: ''
-  MachineType: AMD64
-  OriginalFilename: ''
-  Authentihash:
-    MD5: c50f6bfea0edbca417ea91b00f40bff9
-    SHA1: e1b6f524eee540932fe101577d7aa6cc77ebb592
-    SHA256: 4e5cdf9d41843ecf7f9e252b706a0c5ca89ce288a4944ee70dd43fcc06965a8f
-  RichPEHeaderHash:
-    MD5: ecdd5c0e8a78b145a8e5d9443ff0f2eb
-    SHA1: 3ed3a76d965f1b5e387959ceedc84567a2f7bca4
-    SHA256: 1edc4e310bd57e5c317b972f0bdb9f1f0794009b7039364dd6a879ee5f342754
-  Sections:
-    .text:
-      Entropy: 6.2119592546505995
-      Virtual Size: '0xc1ee'
-    .rdata:
-      Entropy: 5.110403242864534
-      Virtual Size: '0xbac'
-    .data:
-      Entropy: 7.880054968686145
-      Virtual Size: '0xa5490'
-    .pdata:
-      Entropy: 4.5968345164469415
-      Virtual Size: '0x540'
-    PAGE:
-      Entropy: 6.308757256393646
-      Virtual Size: '0x9b5'
-    INIT:
-      Entropy: 5.268683087271941
-      Virtual Size: '0xa96'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2023-06-28 19:49:38'
-  InternalName: ''
-  Copyright: ''
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IoRegisterDriverReinitialization
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeSetEvent
-  - KeInitializeEvent
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - ZwClose
-  - IofCompleteRequest
-  - ObReferenceObjectByHandle
-  - KeWaitForSingleObject
-  - PsThreadType
-  - IoIsWdmVersionAvailable
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - ZwReadFile
-  - IoCreateFile
-  - ZwSetInformationFile
-  - ZwCreateFile
-  - ZwQueryDirectoryFile
-  - ZwDeleteFile
-  - ZwOpenFile
-  - RtlImageNtHeader
-  - ZwQueryInformationFile
-  - ZwWriteFile
-  - ZwSetValueKey
-  - ZwQueryValueKey
-  - _vsnprintf
-  - ZwFlushKey
-  - ZwDeleteKey
-  - ZwOpenKey
-  - _stricmp
-  - ZwCreateKey
-  - PsSetLoadImageNotifyRoutine
-  - PsGetProcessImageFileName
-  - PsLookupProcessByProcessId
-  - MmGetSystemRoutineAddress
-  - RtlGetVersion
-  - FsRtlIsNameInExpression
-  - wcsrchr
-  - PsRemoveLoadImageNotifyRoutine
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - KeUnstackDetachProcess
-  - ObOpenObjectByPointer
-  - KeStackAttachProcess
-  - ZwAllocateVirtualMemory
-  - KeClearEvent
-  - _wcsnicmp
-  - ObCreateObject
-  - IoFileObjectType
-  - IoDriverObjectType
-  - MmMapLockedPagesSpecifyCache
-  - IoGetCurrentProcess
-  - _vsnwprintf
-  - KeQueryTimeIncrement
-  - IoGetDeviceAttachmentBaseRef
-  - IoFreeIrp
-  - IoAllocateIrp
-  - RtlCompareUnicodeString
-  - CmRegisterCallback
-  - PsGetCurrentProcessId
-  - RtlCopyUnicodeString
-  - CmCallbackGetKeyObjectID
-  - ZwEnumerateKey
-  - strstr
-  - KeDelayExecutionThread
-  - ExSystemTimeToLocalTime
-  - RtlTimeToTimeFields
-  - RtlMultiByteToUnicodeN
-  - IoBuildDeviceIoControlRequest
-  - IoGetRelatedDeviceObject
-  - IoFreeMdl
-  - IoCancelIrp
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - IofCallDriver
-  - ZwMapViewOfSection
-  - ExGetPreviousMode
-  - ZwQuerySystemInformation
-  - ZwUnmapViewOfSection
-  - ZwCreateSection
-  - ExFreePool
-  - KeBugCheckEx
-  - __C_specific_handler
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=CN, ST=Beijing, L=Beijing, O=Beijing JoinHope Image Technology Ltd.,
-        CN=Beijing JoinHope Image Technology Ltd.
-      ValidFrom: '2014-05-16 00:00:00'
-      ValidTo: '2015-05-16 23:59:59'
-      Signature: e896f8811ed9938fcbdc8c37f8c029045bb36722791c608d7d59f1d50b9e8923777b3ce973553c8164d7445f038c3720516d74f2f95fd734cd1349c1e6cf17f1c9042f069fb94350f7cd8f36f676fd175742d32adbc5d143423e3bc38bea71f9d021110303529d578ba7aab16d53c61642cf1f7e16964718a083182429d4347a09ea0047d9e53bad112ca5a5a14a180539ceb64000a677709bb70e9e3aea68158977072e7f130f1f99b08c2593b4003523f3f6cd441a7e4d8e88f3a2b871e6a03627dd3dadd97487df1dc5b93119ec65b60d1e4e0248a1978ee7480c08b8b8e54d890e7941aa852cf65d731cf0a6cf66584a0d0fba70d6697ee22a8d859919f4
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0a005d2e2bcd4137168217d8c727747c
-      Version: 3
-      TBS:
-        MD5: 4d213d99215f488050faaa39765656d1
-        SHA1: 0308508b5a3fcd330bbf28931f8e1a9c93c3ee69
-        SHA256: ea947432de238a25fdb7892e436f4ef44f30ab16ae9e1eb914860f4808b25ef2
-        SHA384: 430e932514f35ed55f31f050f33bcc0b9244fd83c6d1d28ee240306e54292e93b5894ef4eb9c09bf84cdc8068c6a7230
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 0a005d2e2bcd4137168217d8c727747c
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: be0dd8b8e045356d600ee55a64d9d197
-  LoadsDespiteHVCI: 'TRUE'
-Tags:
-- a9df5964635ef8bd567ae487c3d214c4.sys
+-   Filename: ''
+    MD5: a9df5964635ef8bd567ae487c3d214c4
+    SHA1: a14cd928c60495777629be283c1d5b8ebbab8c0d
+    SHA256: b0f1fbadc1d7a77557d3d836f7698bd986a3ec9fc5d534ad3403970f071176f7
+    Signature: ''
+    Date: ''
+    Publisher: ''
+    Company: ''
+    Description: ''
+    Product: ''
+    ProductVersion: ''
+    FileVersion: ''
+    MachineType: AMD64
+    OriginalFilename: ''
+    Authentihash:
+        MD5: c50f6bfea0edbca417ea91b00f40bff9
+        SHA1: e1b6f524eee540932fe101577d7aa6cc77ebb592
+        SHA256: 4e5cdf9d41843ecf7f9e252b706a0c5ca89ce288a4944ee70dd43fcc06965a8f
+    RichPEHeaderHash:
+        MD5: ecdd5c0e8a78b145a8e5d9443ff0f2eb
+        SHA1: 3ed3a76d965f1b5e387959ceedc84567a2f7bca4
+        SHA256: 1edc4e310bd57e5c317b972f0bdb9f1f0794009b7039364dd6a879ee5f342754
+    Sections:
+        .text:
+            Entropy: 6.2119592546505995
+            Virtual Size: '0xc1ee'
+        .rdata:
+            Entropy: 5.110403242864534
+            Virtual Size: '0xbac'
+        .data:
+            Entropy: 7.880054968686145
+            Virtual Size: '0xa5490'
+        .pdata:
+            Entropy: 4.5968345164469415
+            Virtual Size: '0x540'
+        PAGE:
+            Entropy: 6.308757256393646
+            Virtual Size: '0x9b5'
+        INIT:
+            Entropy: 5.268683087271941
+            Virtual Size: '0xa96'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2023-06-28 19:49:38'
+    InternalName: ''
+    Copyright: ''
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - IoRegisterDriverReinitialization
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeSetEvent
+    - KeInitializeEvent
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - ZwClose
+    - IofCompleteRequest
+    - ObReferenceObjectByHandle
+    - KeWaitForSingleObject
+    - PsThreadType
+    - IoIsWdmVersionAvailable
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - ZwReadFile
+    - IoCreateFile
+    - ZwSetInformationFile
+    - ZwCreateFile
+    - ZwQueryDirectoryFile
+    - ZwDeleteFile
+    - ZwOpenFile
+    - RtlImageNtHeader
+    - ZwQueryInformationFile
+    - ZwWriteFile
+    - ZwSetValueKey
+    - ZwQueryValueKey
+    - _vsnprintf
+    - ZwFlushKey
+    - ZwDeleteKey
+    - ZwOpenKey
+    - _stricmp
+    - ZwCreateKey
+    - PsSetLoadImageNotifyRoutine
+    - PsGetProcessImageFileName
+    - PsLookupProcessByProcessId
+    - MmGetSystemRoutineAddress
+    - RtlGetVersion
+    - FsRtlIsNameInExpression
+    - wcsrchr
+    - PsRemoveLoadImageNotifyRoutine
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - KeUnstackDetachProcess
+    - ObOpenObjectByPointer
+    - KeStackAttachProcess
+    - ZwAllocateVirtualMemory
+    - KeClearEvent
+    - _wcsnicmp
+    - ObCreateObject
+    - IoFileObjectType
+    - IoDriverObjectType
+    - MmMapLockedPagesSpecifyCache
+    - IoGetCurrentProcess
+    - _vsnwprintf
+    - KeQueryTimeIncrement
+    - IoGetDeviceAttachmentBaseRef
+    - IoFreeIrp
+    - IoAllocateIrp
+    - RtlCompareUnicodeString
+    - CmRegisterCallback
+    - PsGetCurrentProcessId
+    - RtlCopyUnicodeString
+    - CmCallbackGetKeyObjectID
+    - ZwEnumerateKey
+    - strstr
+    - KeDelayExecutionThread
+    - ExSystemTimeToLocalTime
+    - RtlTimeToTimeFields
+    - RtlMultiByteToUnicodeN
+    - IoBuildDeviceIoControlRequest
+    - IoGetRelatedDeviceObject
+    - IoFreeMdl
+    - IoCancelIrp
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - IofCallDriver
+    - ZwMapViewOfSection
+    - ExGetPreviousMode
+    - ZwQuerySystemInformation
+    - ZwUnmapViewOfSection
+    - ZwCreateSection
+    - ExFreePool
+    - KeBugCheckEx
+    - __C_specific_handler
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=CN, ST=Beijing, L=Beijing, O=Beijing JoinHope Image Technology
+                Ltd., CN=Beijing JoinHope Image Technology Ltd.
+            ValidFrom: '2014-05-16 00:00:00'
+            ValidTo: '2015-05-16 23:59:59'
+            Signature: e896f8811ed9938fcbdc8c37f8c029045bb36722791c608d7d59f1d50b9e8923777b3ce973553c8164d7445f038c3720516d74f2f95fd734cd1349c1e6cf17f1c9042f069fb94350f7cd8f36f676fd175742d32adbc5d143423e3bc38bea71f9d021110303529d578ba7aab16d53c61642cf1f7e16964718a083182429d4347a09ea0047d9e53bad112ca5a5a14a180539ceb64000a677709bb70e9e3aea68158977072e7f130f1f99b08c2593b4003523f3f6cd441a7e4d8e88f3a2b871e6a03627dd3dadd97487df1dc5b93119ec65b60d1e4e0248a1978ee7480c08b8b8e54d890e7941aa852cf65d731cf0a6cf66584a0d0fba70d6697ee22a8d859919f4
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0a005d2e2bcd4137168217d8c727747c
+            Version: 3
+            TBS:
+                MD5: 4d213d99215f488050faaa39765656d1
+                SHA1: 0308508b5a3fcd330bbf28931f8e1a9c93c3ee69
+                SHA256: ea947432de238a25fdb7892e436f4ef44f30ab16ae9e1eb914860f4808b25ef2
+                SHA384: 430e932514f35ed55f31f050f33bcc0b9244fd83c6d1d28ee240306e54292e93b5894ef4eb9c09bf84cdc8068c6a7230
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 0a005d2e2bcd4137168217d8c727747c
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: be0dd8b8e045356d600ee55a64d9d197
+    LoadsDespiteHVCI: 'TRUE'
diff --git a/yaml/ad693146-4adf-4407-bb20-f2505e34c226.yaml b/yaml/ad693146-4adf-4407-bb20-f2505e34c226.yaml
index 455aa520b..409d18068 100644
--- a/yaml/ad693146-4adf-4407-bb20-f2505e34c226.yaml
+++ b/yaml/ad693146-4adf-4407-bb20-f2505e34c226.yaml
@@ -1,35 +1,35 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: ad693146-4adf-4407-bb20-f2505e34c226
+Tags:
+- TGSafe.sys
+Verified: 'FALSE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create TGSafe.sys binPath=C:\windows\temp\TGSafe.sys type=kernel
-    && sc.exe start TGSafe.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection: []
-Id: ad693146-4adf-4407-bb20-f2505e34c226
-KnownVulnerableSamples:
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: TGSafe.sys
-  MachineType: ''
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA256: 3a95cc82173032b82a0ffc7d2e438df64c13bc16b4574214c9fe3be37250925e
-  Signature: []
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create TGSafe.sys binPath=C:\windows\temp\TGSafe.sys type=kernel
+        && sc.exe start TGSafe.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules
-Tags:
-- TGSafe.sys
-Verified: 'FALSE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: TGSafe.sys
+    MachineType: ''
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA256: 3a95cc82173032b82a0ffc7d2e438df64c13bc16b4574214c9fe3be37250925e
+    Signature: []
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/adfb015a-f453-4b9e-a247-50f146209eb0.yaml b/yaml/adfb015a-f453-4b9e-a247-50f146209eb0.yaml
index 342130646..1b5ba39f1 100644
--- a/yaml/adfb015a-f453-4b9e-a247-50f146209eb0.yaml
+++ b/yaml/adfb015a-f453-4b9e-a247-50f146209eb0.yaml
@@ -1,35 +1,35 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: adfb015a-f453-4b9e-a247-50f146209eb0
+Tags:
+- b3.sys
+Verified: 'FALSE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create b3.sys binPath=C:\windows\temp\b3.sys type=kernel && sc.exe
-    start b3.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection: []
-Id: adfb015a-f453-4b9e-a247-50f146209eb0
-KnownVulnerableSamples:
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: b3.sys
-  MachineType: ''
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA256: 708016fbe22c813a251098f8f992b177b476bd1bbc48c2ed4a122ff74910a965
-  Signature: []
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create b3.sys binPath=C:\windows\temp\b3.sys type=kernel && sc.exe
+        start b3.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules
-Tags:
-- b3.sys
-Verified: 'FALSE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: b3.sys
+    MachineType: ''
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA256: 708016fbe22c813a251098f8f992b177b476bd1bbc48c2ed4a122ff74910a965
+    Signature: []
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/af98f6e6-f19e-4705-a7b9-e7ee7377447b.yaml b/yaml/af98f6e6-f19e-4705-a7b9-e7ee7377447b.yaml
index 9dbb39f25..297589995 100644
--- a/yaml/af98f6e6-f19e-4705-a7b9-e7ee7377447b.yaml
+++ b/yaml/af98f6e6-f19e-4705-a7b9-e7ee7377447b.yaml
@@ -1,188 +1,189 @@
 Id: af98f6e6-f19e-4705-a7b9-e7ee7377447b
+Tags:
+- fildds.sys
+Verified: 'TRUE'
 Author: VirarK
 Created: '2024-06-20'
 MitreID: T1068
 Category: vulnerable driver
-Verified: 'TRUE'
 Commands:
-  Command: sc.exe create fildds.sys binPath=C:\windows\temp\fildds.sys type=kernel
-    && sc.exe start fildds.sys
-  Description: 'Twister Antivirus, fildds.sys, DoS2
+    Command: sc.exe create fildds.sys binPath=C:\windows\temp\fildds.sys type=kernel
+        && sc.exe start fildds.sys
+    Description: 'Twister Antivirus, fildds.sys, DoS2
 
-    CVE-2023-1444
+        CVE-2023-1444
 
-    From IoControlCode 0x8011206B, a normal user can cause DoS due to writing into
-    null address.'
-  Usecase: Elevate privileges
-  Privileges: kernel
-  OperatingSystem: Windows 10
+        From IoControlCode 0x8011206B, a normal user can cause DoS due to writing
+        into null address.'
+    Usecase: Elevate privileges
+    Privileges: kernel
+    OperatingSystem: Windows 10
 Resources:
 - https://github.com/zeze-zeze/WindowsKernelVuln/tree/master/CVE-2023-1444
-Acknowledgement:
-  Person: ''
-  Handle: ''
 Detection: []
+Acknowledgement:
+    Person: ''
+    Handle: ''
 KnownVulnerableSamples:
-- Filename: ''
-  MD5: afdb17f38361130453ea1098c7ddb754
-  SHA1: 538bcb13cc8de64f7115429dbd9917a5a96f9bcd
-  SHA256: f8c07b6e2066a5a22a92d9f521ecdeb8c68698c400e4b83e0501b9f340957c22
-  Signature: ''
-  Date: ''
-  Publisher: ''
-  Company: Filseclab Corporation
-  Description: Filseclab Dynamic Defense System Drv
-  Product: Filseclab Dynamic Defense System
-  ProductVersion: 2, 0, 0, 8553
-  FileVersion: 2, 0, 0, 8553
-  MachineType: AMD64
-  OriginalFilename: fildds.sys
-  Imphash: 8a83e9dfc88f971a2dfc34e277724d28
-  Authentihash:
-    MD5: 1485041cae109ae12931b4e3d566d16c
-    SHA1: 1b77dd7da15e583db86707a8ce8633699488f627
-    SHA256: 2d345b048fabc9d2013358fb20fca0eb441909129f1d81965eadad8c7f812886
-  RichPEHeaderHash:
-    MD5: 3914b9f8a5b4947401231deebfb77e0b
-    SHA1: d02cf131dba33e8752d28e95f0df0147a490e3de
-    SHA256: 8f0093dd04b7f575f5744c63225089f4b9aaf1dbe78fb697b64c45fbcfa96613
-  Sections:
-    .text:
-      Entropy: 5.425936122036919
-      Virtual Size: '0x2916'
-    .rdata:
-      Entropy: 4.13341737487097
-      Virtual Size: '0x359c'
-    .data:
-      Entropy: 3.020457770889901
-      Virtual Size: '0x2608'
-    .pdata:
-      Entropy: 3.4649332471437626
-      Virtual Size: '0x90'
-    .edata:
-      Entropy: 2.055101584974662
-      Virtual Size: '0x33'
-    INIT:
-      Entropy: 3.861574765932179
-      Virtual Size: '0x452'
-    .rsrc:
-      Entropy: 3.3391580076636966
-      Virtual Size: '0x4a0'
-    .reloc:
-      Entropy: 5.25387854848233
-      Virtual Size: '0x5b8'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2013-04-11 01:21:09'
-  InternalName: fildds
-  Copyright: Copyright (C) 2002-2011 Filseclab Corporation
-  Imports:
-  - ntoskrnl.exe
-  - filnk.sys
-  - filwfp.sys
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - KeBugCheckEx
-  - PsGetCurrentThreadId
-  - PsRevertToSelf
-  - IofCompleteRequest
-  - RtlInitUnicodeString
-  - _snwprintf
-  - _wcsicmp
-  - __chkstk
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=CN, ST=Beijing, L=Beijing, O=Filseclab Corporation, OU=Digital ID
-        Class 3 , Microsoft Software Validation v2, CN=Filseclab Corporation
-      ValidFrom: '2013-01-24 00:00:00'
-      ValidTo: '2015-03-25 23:59:59'
-      Signature: 8ef68f4f79ab4918401fb7f1b56dfadc5fe0ebe33e6378262d56e1c1b594f06a2d722b9d9560637feff7fea27277744eeb39e1de4a02f1c341383804b621116568092ea38b3964ff8bfe40e3e54b96e33a2e402717abfd4a87acb2e291e89382467224ec13289015bb1ccf6cb6e5249cecb7773fd6d5fd490f334eefe3333f8a12fdb5cc2a6eda583ff2271eb8f1a51637ee8480cf9f7c1a77a4b3f6405014559d5c929a47a3b04835eaf54e63b7f9865acc75a7ad93148747b16e8600a4a70570f14631b898700b078553cf4235909bb1043017361ba0afa5a7e01e3d646ba50cb5c732f97a76f64a50d95c552cd05c3c55982f1bef1543995242a4830a1da3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0c042011198c46c2253eaa60d10f6c37
-      Version: 3
-      TBS:
-        MD5: b6c7960875e80711e84c32514037a56b
-        SHA1: 7100d9b9e36e3e33b70fb33ec728e1ac125d854c
-        SHA256: 2c39a3baaa1135c89c3201e1f57d9b68bd404c6c20f33ea21e6fec81039d0f9b
-        SHA384: dbf6dc6fa0fe8c9b743805be6153ba99a6e4241d0afa3e768bcc8ce4b3013dc43c310f43607d14b590432a7d66e68564
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 0c042011198c46c2253eaa60d10f6c37
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-Tags:
-- fildds.sys
+-   Filename: ''
+    MD5: afdb17f38361130453ea1098c7ddb754
+    SHA1: 538bcb13cc8de64f7115429dbd9917a5a96f9bcd
+    SHA256: f8c07b6e2066a5a22a92d9f521ecdeb8c68698c400e4b83e0501b9f340957c22
+    Signature: ''
+    Date: ''
+    Publisher: ''
+    Company: Filseclab Corporation
+    Description: Filseclab Dynamic Defense System Drv
+    Product: Filseclab Dynamic Defense System
+    ProductVersion: 2, 0, 0, 8553
+    FileVersion: 2, 0, 0, 8553
+    MachineType: AMD64
+    OriginalFilename: fildds.sys
+    Imphash: 8a83e9dfc88f971a2dfc34e277724d28
+    Authentihash:
+        MD5: 1485041cae109ae12931b4e3d566d16c
+        SHA1: 1b77dd7da15e583db86707a8ce8633699488f627
+        SHA256: 2d345b048fabc9d2013358fb20fca0eb441909129f1d81965eadad8c7f812886
+    RichPEHeaderHash:
+        MD5: 3914b9f8a5b4947401231deebfb77e0b
+        SHA1: d02cf131dba33e8752d28e95f0df0147a490e3de
+        SHA256: 8f0093dd04b7f575f5744c63225089f4b9aaf1dbe78fb697b64c45fbcfa96613
+    Sections:
+        .text:
+            Entropy: 5.425936122036919
+            Virtual Size: '0x2916'
+        .rdata:
+            Entropy: 4.13341737487097
+            Virtual Size: '0x359c'
+        .data:
+            Entropy: 3.020457770889901
+            Virtual Size: '0x2608'
+        .pdata:
+            Entropy: 3.4649332471437626
+            Virtual Size: '0x90'
+        .edata:
+            Entropy: 2.055101584974662
+            Virtual Size: '0x33'
+        INIT:
+            Entropy: 3.861574765932179
+            Virtual Size: '0x452'
+        .rsrc:
+            Entropy: 3.3391580076636966
+            Virtual Size: '0x4a0'
+        .reloc:
+            Entropy: 5.25387854848233
+            Virtual Size: '0x5b8'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2013-04-11 01:21:09'
+    InternalName: fildds
+    Copyright: Copyright (C) 2002-2011 Filseclab Corporation
+    Imports:
+    - ntoskrnl.exe
+    - filnk.sys
+    - filwfp.sys
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - KeBugCheckEx
+    - PsGetCurrentThreadId
+    - PsRevertToSelf
+    - IofCompleteRequest
+    - RtlInitUnicodeString
+    - _snwprintf
+    - _wcsicmp
+    - __chkstk
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=CN, ST=Beijing, L=Beijing, O=Filseclab Corporation, OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, CN=Filseclab Corporation
+            ValidFrom: '2013-01-24 00:00:00'
+            ValidTo: '2015-03-25 23:59:59'
+            Signature: 8ef68f4f79ab4918401fb7f1b56dfadc5fe0ebe33e6378262d56e1c1b594f06a2d722b9d9560637feff7fea27277744eeb39e1de4a02f1c341383804b621116568092ea38b3964ff8bfe40e3e54b96e33a2e402717abfd4a87acb2e291e89382467224ec13289015bb1ccf6cb6e5249cecb7773fd6d5fd490f334eefe3333f8a12fdb5cc2a6eda583ff2271eb8f1a51637ee8480cf9f7c1a77a4b3f6405014559d5c929a47a3b04835eaf54e63b7f9865acc75a7ad93148747b16e8600a4a70570f14631b898700b078553cf4235909bb1043017361ba0afa5a7e01e3d646ba50cb5c732f97a76f64a50d95c552cd05c3c55982f1bef1543995242a4830a1da3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0c042011198c46c2253eaa60d10f6c37
+            Version: 3
+            TBS:
+                MD5: b6c7960875e80711e84c32514037a56b
+                SHA1: 7100d9b9e36e3e33b70fb33ec728e1ac125d854c
+                SHA256: 2c39a3baaa1135c89c3201e1f57d9b68bd404c6c20f33ea21e6fec81039d0f9b
+                SHA384: dbf6dc6fa0fe8c9b743805be6153ba99a6e4241d0afa3e768bcc8ce4b3013dc43c310f43607d14b590432a7d66e68564
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 0c042011198c46c2253eaa60d10f6c37
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
diff --git a/yaml/afb8bb46-1d13-407d-9866-1daa7c82ca63.yaml b/yaml/afb8bb46-1d13-407d-9866-1daa7c82ca63.yaml
index de2f1d131..44d4285d1 100644
--- a/yaml/afb8bb46-1d13-407d-9866-1daa7c82ca63.yaml
+++ b/yaml/afb8bb46-1d13-407d-9866-1daa7c82ca63.yaml
@@ -1,774 +1,775 @@
 Id: afb8bb46-1d13-407d-9866-1daa7c82ca63
+Tags:
+- echo_driver.sys
+Verified: 'TRUE'
 Author: Protocol & Zach
 Created: '2023-07-14'
-Verified: 'TRUE'
 MitreID: T1134
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create echo_driver.sys binPath=C:\windows\temp\echo_driver.sys
+        type=kernel && sc.exe start echo_driver.sys
+    Description: Bad access controls in Inspect Element Ltd.'s echo_driver.sys allows
+        attacker to gain arbitrary memory read and write, which allows for easy Privilege
+        Escalation via Token Theft.
+    OperatingSystem: Windows 10/11
+    Privileges: kernel
+    Usecase: Elevate privileges, arbitrary memory read/write
 Resources:
 - https://ioctl.fail/echo-ac-writeup/
 - https://github.com/kite03/echoac-poc/tree/main/PoC
 - https://github.com/pseuxide/kur
-Acknowledgement:
-  Handle: '@WindowsKernel'
-  Person: protocol
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create echo_driver.sys binPath=C:\windows\temp\echo_driver.sys type=kernel
-    && sc.exe start echo_driver.sys
-  Description: Bad access controls in Inspect Element Ltd.'s echo_driver.sys allows
-    attacker to gain arbitrary memory read and write, which allows for easy Privilege
-    Escalation via Token Theft.
-  OperatingSystem: Windows 10/11
-  Privileges: kernel
-  Usecase: Elevate privileges, arbitrary memory read/write
 Detection: []
+Acknowledgement:
+    Handle: '@WindowsKernel'
+    Person: protocol
 KnownVulnerableSamples:
-- Authentihash:
-    MD5: cad120d8ba6473b07a3b76a41921d720
-    SHA1: 678620a9cc9e7ffe179bc5cda0a2dd0597e231ee
-    SHA256: 92f9d73cec5ab3352c4b3cbf4574d13b2e506cba24cc74580e19e941063eaf7d
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2021-06-17 17:17:15'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: echo_driver.sys
-  ImportedFunctions:
-  - BCryptVerifySignature
-  - BCryptCreateHash
-  - BCryptDestroyKey
-  - BCryptFinishHash
-  - BCryptDestroyHash
-  - BCryptImportKeyPair
-  - BCryptCloseAlgorithmProvider
-  - BCryptGetProperty
-  - BCryptHashData
-  - BCryptOpenAlgorithmProvider
-  - IoGetCurrentProcess
-  - ObRegisterCallbacks
-  - ObUnRegisterCallbacks
-  - ObGetFilterVersion
-  - PsGetProcessId
-  - PsGetThreadProcessId
-  - PsProcessType
-  - PsThreadType
-  - DbgPrint
-  - ExAllocatePoolWithTag
-  - IoDeleteDevice
-  - ProbeForRead
-  - ZwCreateFile
-  - ZwQueryInformationFile
-  - ZwReadFile
-  - ZwClose
-  - SeLocateProcessImageName
-  - RtlGetVersion
-  - IofCompleteRequest
-  - ObReferenceObjectByHandle
-  - ObfDereferenceObject
-  - PsLookupProcessByProcessId
-  - ObOpenObjectByPointer
-  - ZwQueryVirtualMemory
-  - MmCopyVirtualMemory
-  - __C_specific_handler
-  - ZwOpenProcess
-  - ZwQuerySystemInformation
-  - ZwQueryInformationProcess
-  - IoDeleteSymbolicLink
-  - RtlCopyUnicodeString
-  - DbgPrintEx
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - RtlInitUnicodeString
-  - ExFreePoolWithTag
-  - WdfVersionUnbind
-  - WdfVersionBindClass
-  - WdfVersionUnbindClass
-  - WdfVersionBind
-  Imports:
-  - cng.sys
-  - ntoskrnl.exe
-  - WDFLDR.SYS
-  InternalName: ''
-  MD5: 187ddca26d119573223cf0a32ba55a61
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: Microsoft Windows Hardware Compatibility Publisher
-  RichPEHeaderHash:
-    MD5: cc4824dfc6c671b058dc67ec8bf938b4
-    SHA1: c47436cdd195b3f6272869d73144fbd3771f8491
-    SHA256: 431855c1601ceb0745917f8b160449568c3fc9049779c5e2a7613a61728afc6b
-  SHA1: a93197c8c1897a95c4fb0367d7451019ae9f3054
-  SHA256: ea3c5569405ed02ec24298534a983bcb5de113c18bc3fd01a4dd0b5839cd17b9
-  Sections:
-    .text:
-      Entropy: 6.2214058928825935
-      Virtual Size: '0x19ed'
-    .rdata:
-      Entropy: 4.829954270142013
-      Virtual Size: '0xb44'
-    .data:
-      Entropy: 2.467385656401615
-      Virtual Size: '0x388'
-    .pdata:
-      Entropy: 3.707723651312958
-      Virtual Size: '0x12c'
-    INIT:
-      Entropy: 4.856375853777676
-      Virtual Size: '0x67a'
-    .reloc:
-      Entropy: 3.078175865086577
-      Virtual Size: '0x24'
-  Signature: Microsoft Windows Hardware Compatibility Publisher
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Hardware Compatibility Publisher
-      ValidFrom: '2020-12-15 22:25:28'
-      ValidTo: '2021-12-02 22:25:28'
-      Signature: 3a8e15af3660c47a1def4303906af38b6ca69186409b4f44ebe8106ece701f6e00e734fe1d0bb290d1496c3f17859e1f9ff1f31080dd8bfd2bb5013956c2f49ffe73916654f04c35b9df2fb27c55a71df3d8e1f25185d398abed244b42e27741c0b1c953c139c011b801f00e80ea992005a1305dd65bcb2032790b0d87636b75d2fb8f431546cd906ab0a55083a26d2649d822871b6aacd1b4d8c74ea2366903eeb318e7826db64e3a858d6377cf2f9a628f21d6ef65279603c18d25d365dd370cef1a45527deec589a331a221c909a8b0d2010d078970678c648d62168056e3b775233eac20e50cc039a85900749f627a419e8959fcf21efc89da76426107e43261ccdcaebad659b89abfdd5d1a78e9d438868b9ff58cac5176bddff8c8dd11008ed72ed249bb7d78af559b04561e6b44aae7846b103d2db8c0e31a5f661851f97acba0757b474c1caa49cf8eed86de15a4118743a418b6b415e7770265801ba51061b5d32125ed5ba1e27fe83ac795f9cc868949b14d59eb4f596763da9102f9e6ae8fe92de61d68af67a906e0be424f5c81dcecd4d190953a66384c3b5fe33f7b402a0934c2befd4a51b2f2850ef05e156fc4e1460eab2f67e3cbc999db761f57970ccafbc49040e999965f5306c1f5c90ce172d889a3aa63ec502a60020b2a7b4fff562b9dc5c50a8e06bc52f04ff0fe535591e2e6b7325239666152819a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 33000000433a68189e33902987000000000043
-      Version: 3
-      TBS:
-        MD5: 3d790bd5602e84a4aa8560133ced0a41
-        SHA1: 909e31e3e3808ab55d508fc0ba47e0132a57d7ab
-        SHA256: ac1acbcba260f10270527c3762457c1b96818466df9da51dfec3b147c90db453
-        SHA384: c548f472f381df2da149c036e2f47be20293838eb23adce5e1b0ad1ba1fe8c33f688528452146c87dcb26070a2a23ced
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2014
-      ValidFrom: '2014-10-15 20:31:27'
-      ValidTo: '2029-10-15 20:41:27'
-      Signature: 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 330000000d690d5d7893d076df00000000000d
-      Version: 3
-      TBS:
-        MD5: 83f69422963f11c3c340b81712eef319
-        SHA1: 0c5e5f24590b53bc291e28583acb78e5adc95601
-        SHA256: d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
-        SHA384: 260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63
-    Signer:
-    - SerialNumber: 33000000433a68189e33902987000000000043
-      Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2014
-      Version: 1
-  Imphash: a94892b77a6474429b9f692d9952a9d5
-- Filename: echodriver
-  Libraries:
-  - ntoskrnl.exe
-  - WDFLDR.SYS
-  ImportedFunctions:
-  - PsTerminateSystemThread
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - IoGetCurrentProcess
-  - ObReferenceObjectByHandle
-  - ObfDereferenceObject
-  - ObRegisterCallbacks
-  - ObUnRegisterCallbacks
-  - ObGetFilterVersion
-  - PsCreateSystemThread
-  - ZwClose
-  - PsSetCreateThreadNotifyRoutine
-  - PsRemoveCreateThreadNotifyRoutine
-  - PsGetCurrentProcessId
-  - PsGetProcessId
-  - PsGetThreadProcessId
-  - ZwTerminateProcess
-  - RtlRandomEx
-  - PsLookupProcessByProcessId
-  - ObOpenObjectByPointer
-  - PsProcessType
-  - PsThreadType
-  - KeWaitForSingleObject
-  - RtlCopyUnicodeString
-  - KeDelayExecutionThread
-  - DbgPrintEx
-  - ZwUnloadDriver
-  - RtlInitUnicodeString
-  - WdfVersionUnbind
-  - WdfVersionBind
-  - WdfVersionUnbindClass
-  - WdfVersionBindClass
-  ExportedFunctions: ''
-  MD5: 69fd73a83df164d7fe5d89e006e945dc
-  SHA1: 2fcfb50b5c91dd3e3b48d91a60acc26138f406b6
-  SHA256: a41e9bb037cf1dc2237659b1158f0ed4e49b752b2f9dae4cc310933a9d1f1e47
-  Imphash: 8b9e0d788c2eaf2c7f14613be96a14ef
-  Machine: AMD64
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2021-01-07 23:47:44'
-  RichPEHeaderMD5: a30de20396700c11c4814cc1afb687be
-  RichPEHeaderSHA1: c3a2151d02fa314d617fd4a56a3014e2232132e8
-  RichPEHeaderSHA256: dd442fcf6a0f1d238ea0c65995753b5ade95c734da71b0947442ac68b69e6714
-  AuthentihashMD5: ccaf2dcbc166d6436a8bdc226273ee8e
-  AuthentihashSHA1: 503901e0da00e491f28389f17cafd1f1d5243c60
-  AuthentihashSHA256: 48dc7fd16aacdc8792f8bad1b1f7ca9d675ddac7767e957ea8c4227150d64e2d
-  Sections:
-    .text:
-      Entropy: 6.014631414956102
-      Virtual Size: '0xcee'
-    .rdata:
-      Entropy: 4.859318138184422
-      Virtual Size: '0xa14'
-    .data:
-      Entropy: 0.5984918976590248
-      Virtual Size: '0x328'
-    .pdata:
-      Entropy: 3.5096664820400054
-      Virtual Size: '0xfc'
-    INIT:
-      Entropy: 5.408896279667701
-      Virtual Size: '0x6ae'
-    .reloc:
-      Entropy: 3.0362376705219396
-      Virtual Size: '0x24'
-  CompanyName: ''
-  FileDescription: ''
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  ProductName: ''
-  LegalCopyright: ''
-  ProductVersion: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Hardware Compatibility Publisher
-      ValidFrom: '2020-03-11 17:31:14'
-      ValidTo: '2021-03-05 17:31:14'
-      Signature: 7dfc7c353c4c04d9d06066e1ca8584637192eb15d1d6e7c5521b0d819d615fb56524985d30535b0573fb8e0d13173d51b27bd23b9a2052738891d67ed360766452b62c4566eb20c90f018229a8e951bf58df5a7d731c1e51217f471d470979f04e900920bfc8715122b331d82f68f73ebf3de36e09d18fbfed2f3c29190a41baafbca0025bf4e36310a04cb8e61c32fda677820aa693a7f5e69d3c3abdb495b12bb8b6d10f65d44fae945d9b0fcf695d4711fc9e1c0ddb1f569c13093e16c389f748d8fe60e8685f02357464564761db4cece391baa742f3ad3bcfa26e01975966ca41939c832bf1147bec870162ce042fd0cf10d048181ec573d317f2c5de21512f13b24de9bac9bb83fc2ceb4f6f766536fe38c03ede1f8b0a3b8828e8d914d73d0a17699ab20264a27a36e0f77c5144cf470bf44d2296290e345bd25c0bc6a08dd963ec39ce0e500599751c652dc20e9906c1ce76c1d86c09058ae8defb3d7b93b68a34ca83a981a30c2403723f7e5c664b1e951050002ad32e976db221c2d8c660047dc6acfe0da16d44c6372a5cd04b016a35193f841b903ba87e2d6e416a2c59469af9f16e249bb891f21ec22f2db0a84a48d7a9e43d2f7e3bdd016d600f57daf21829885ec035287ab332c32738f5e26c6d2502b2f044afb1e048c85c7c9baf76747de14ecdeca3c7481796a741672a047f89dafe2c12c01982a026c4
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 330000003a6ae333708fda7a7b00000000003a
-      Version: 3
-      TBS:
-        MD5: 6f5d716e7151f1c173396adb7213359e
-        SHA1: 100610baae90027e9844a8e9c4d489fe122ecd9c
-        SHA256: 677d532777cee24be88442efec75e9640e80ef57d8e1246396459a1a04be733f
-        SHA384: 35d397c22426b9c4c486fa5dd36c089209ab77026e981bd353ffbf060f54fd98f2afe9b45dd64c20614a5d5627b8dd0c
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2014
-      ValidFrom: '2014-10-15 20:31:27'
-      ValidTo: '2029-10-15 20:41:27'
-      Signature: 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 330000000d690d5d7893d076df00000000000d
-      Version: 3
-      TBS:
-        MD5: 83f69422963f11c3c340b81712eef319
-        SHA1: 0c5e5f24590b53bc291e28583acb78e5adc95601
-        SHA256: d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
-        SHA384: 260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63
-    Signer:
-    - SerialNumber: 330000003a6ae333708fda7a7b00000000003a
-      Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2014
-      Version: 1
-- Filename: echodriver.sys
-  Libraries:
-  - cng.sys
-  - ntoskrnl.exe
-  - WDFLDR.SYS
-  ImportedFunctions:
-  - BCryptVerifySignature
-  - BCryptCreateHash
-  - BCryptDestroyKey
-  - BCryptFinishHash
-  - BCryptDestroyHash
-  - BCryptImportKeyPair
-  - BCryptCloseAlgorithmProvider
-  - BCryptGetProperty
-  - BCryptHashData
-  - BCryptOpenAlgorithmProvider
-  - IoGetCurrentProcess
-  - ObRegisterCallbacks
-  - ObUnRegisterCallbacks
-  - ObGetFilterVersion
-  - PsGetProcessId
-  - PsGetThreadProcessId
-  - PsProcessType
-  - PsThreadType
-  - DbgPrint
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - ProbeForRead
-  - ZwCreateFile
-  - ZwQueryInformationFile
-  - IoDeleteDevice
-  - ZwClose
-  - SeLocateProcessImageName
-  - RtlGetVersion
-  - KeIpiGenericCall
-  - IofCompleteRequest
-  - ObReferenceObjectByHandle
-  - ObfDereferenceObject
-  - ZwOpenKey
-  - ZwQueryValueKey
-  - MmCopyMemory
-  - MmGetVirtualForPhysical
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - PsLookupProcessByProcessId
-  - ObOpenObjectByPointer
-  - ZwQueryVirtualMemory
-  - MmCopyVirtualMemory
-  - __C_specific_handler
-  - ZwOpenProcess
-  - ZwQuerySystemInformation
-  - ZwQueryInformationProcess
-  - IoDeleteSymbolicLink
-  - RtlCopyUnicodeString
-  - DbgPrintEx
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - RtlInitUnicodeString
-  - ZwReadFile
-  - WdfVersionUnbind
-  - WdfVersionBindClass
-  - WdfVersionUnbindClass
-  - WdfVersionBind
-  ExportedFunctions: ''
-  MD5: 410b44dc8ec9e756e2abdbb406aa42ad
-  SHA1: 04fd5eb356f63e2afc218a32aa7c27c9e9a5c42a
-  SHA256: ada2b855757c9062231f5ed4e80365b8d8094e9adbce8f26d1ff5ea0b7a70c77
-  Imphash: a2180e353b7db3ab59bab0bbbd09962b
-  Machine: AMD64
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2021-07-19 19:12:05'
-  RichPEHeaderMD5: a90d303a65c24db3a118b98e4a47ffdc
-  RichPEHeaderSHA1: 60cda5b7f044e0e6cc90a800741cae06d5a61975
-  RichPEHeaderSHA256: a8a785d37c7c1f79fcff9f9887d71c44e18001bd74ca5db3aa72b163ed798704
-  AuthentihashMD5: 825730ad17e9049c65f26f0426f7f233
-  AuthentihashSHA1: 18cd81740893fa24f1afbb9d187a60af9c5b2902
-  AuthentihashSHA256: 4160dae22484062ccc3750cc9cac8f929d8701694160a3b508715610814aa28d
-  Sections:
-    .text:
-      Entropy: 6.26052193214872
-      Virtual Size: '0x2061'
-    .rdata:
-      Entropy: 4.783468366688466
-      Virtual Size: '0xb9c'
-    .data:
-      Entropy: 2.463479406401615
-      Virtual Size: '0x388'
-    .pdata:
-      Entropy: 3.7115104332177165
-      Virtual Size: '0x138'
-    INIT:
-      Entropy: 4.879509043053179
-      Virtual Size: '0x740'
-    .reloc:
-      Entropy: 3.0210848226564435
-      Virtual Size: '0x24'
-  CompanyName: ''
-  FileDescription: ''
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  ProductName: ''
-  LegalCopyright: ''
-  ProductVersion: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Hardware Compatibility Publisher
-      ValidFrom: '2020-12-15 22:25:28'
-      ValidTo: '2021-12-02 22:25:28'
-      Signature: 3a8e15af3660c47a1def4303906af38b6ca69186409b4f44ebe8106ece701f6e00e734fe1d0bb290d1496c3f17859e1f9ff1f31080dd8bfd2bb5013956c2f49ffe73916654f04c35b9df2fb27c55a71df3d8e1f25185d398abed244b42e27741c0b1c953c139c011b801f00e80ea992005a1305dd65bcb2032790b0d87636b75d2fb8f431546cd906ab0a55083a26d2649d822871b6aacd1b4d8c74ea2366903eeb318e7826db64e3a858d6377cf2f9a628f21d6ef65279603c18d25d365dd370cef1a45527deec589a331a221c909a8b0d2010d078970678c648d62168056e3b775233eac20e50cc039a85900749f627a419e8959fcf21efc89da76426107e43261ccdcaebad659b89abfdd5d1a78e9d438868b9ff58cac5176bddff8c8dd11008ed72ed249bb7d78af559b04561e6b44aae7846b103d2db8c0e31a5f661851f97acba0757b474c1caa49cf8eed86de15a4118743a418b6b415e7770265801ba51061b5d32125ed5ba1e27fe83ac795f9cc868949b14d59eb4f596763da9102f9e6ae8fe92de61d68af67a906e0be424f5c81dcecd4d190953a66384c3b5fe33f7b402a0934c2befd4a51b2f2850ef05e156fc4e1460eab2f67e3cbc999db761f57970ccafbc49040e999965f5306c1f5c90ce172d889a3aa63ec502a60020b2a7b4fff562b9dc5c50a8e06bc52f04ff0fe535591e2e6b7325239666152819a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 33000000433a68189e33902987000000000043
-      Version: 3
-      TBS:
-        MD5: 3d790bd5602e84a4aa8560133ced0a41
-        SHA1: 909e31e3e3808ab55d508fc0ba47e0132a57d7ab
-        SHA256: ac1acbcba260f10270527c3762457c1b96818466df9da51dfec3b147c90db453
-        SHA384: c548f472f381df2da149c036e2f47be20293838eb23adce5e1b0ad1ba1fe8c33f688528452146c87dcb26070a2a23ced
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2014
-      ValidFrom: '2014-10-15 20:31:27'
-      ValidTo: '2029-10-15 20:41:27'
-      Signature: 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 330000000d690d5d7893d076df00000000000d
-      Version: 3
-      TBS:
-        MD5: 83f69422963f11c3c340b81712eef319
-        SHA1: 0c5e5f24590b53bc291e28583acb78e5adc95601
-        SHA256: d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
-        SHA384: 260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63
-    Signer:
-    - SerialNumber: 33000000433a68189e33902987000000000043
-      Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2014
-      Version: 1
-- Filename: echo.sys
-  Libraries:
-  - ntoskrnl.exe
-  - HAL.dll
-  ImportedFunctions:
-  - KeSetEvent
-  - KeInitializeEvent
-  - ZwCreateFile
-  - ExAllocatePool
-  - KeGetCurrentThread
-  - ZwClose
-  - ObReferenceObjectByHandle
-  - KeWaitForSingleObject
-  - ObfDereferenceObject
-  - ZwWriteFile
-  - DbgPrint
-  - KeInitializeDpc
-  - InterlockedPopEntrySList
-  - KeQuerySystemTime
-  - ZwWaitForSingleObject
-  - KeFlushQueuedDpcs
-  - PsCreateSystemThread
-  - ExSystemTimeToLocalTime
-  - _vsnprintf
-  - KeInsertQueueDpc
-  - RtlTimeToTimeFields
-  - PsThreadType
-  - PsGetCurrentThreadId
-  - InterlockedPushEntrySList
-  - PsProcessType
-  - PsLookupProcessByProcessId
-  - _wcsnicmp
-  - PsGetProcessInheritedFromUniqueProcessId
-  - ZwOpenProcess
-  - RtlInitUnicodeString
-  - RtlCopyUnicodeString
-  - MmIsAddressValid
-  - ZwTerminateProcess
-  - ObOpenObjectByPointer
-  - PsGetProcessId
-  - RtlAppendUnicodeToString
-  - ZwQuerySymbolicLinkObject
-  - ZwOpenSymbolicLinkObject
-  - KeClearEvent
-  - IoDeleteSymbolicLink
-  - KeResetEvent
-  - IoCreateNotificationEvent
-  - KeSetPriorityThread
-  - IoDeleteDevice
-  - KeSetTimerEx
-  - PsTerminateSystemThread
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeInitializeTimerEx
-  - KeCancelTimer
-  - ExFreePoolWithTag
-  - ZwQueryInformationProcess
-  - ExAllocatePoolWithTag
-  - memcpy
-  - _except_handler3
-  - memset
-  - _alldiv
-  - KeGetCurrentIrql
-  - KfReleaseSpinLock
-  - KfAcquireSpinLock
-  ExportedFunctions: ''
-  MD5: 1585d3eda733dfe42202bb98f95f7f5d
-  SHA1: 8a0d8b31fc2cdc44cb5a8547b7a63600307dd2d4
-  SHA256: 1aed62a63b4802e599bbd33162319129501d603cceeb5e1eb22fd4733b3018a3
-  Imphash: d5b8227536ae03b96e542a52b80aab47
-  Machine: I386
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2020-10-15 00:28:23'
-  RichPEHeaderMD5: 2e2215b2069ed96fcec4649c25ecce07
-  RichPEHeaderSHA1: f2dea0094772b0451202d789ab6f4e440a5dbb62
-  RichPEHeaderSHA256: 65ad8fd2d58ed83b8f95fcc50f82a9aef53c7db80c072589b30194f15776a3e7
-  AuthentihashMD5: 327bac48ef5c3162aaf555878ef89338
-  AuthentihashSHA1: 3653d167ffa47da551267c179a4b4f23430271b7
-  AuthentihashSHA256: 2e100aa891445f18f4805dced7c4055aa5bee6c65995daa42a438349ccad6c3c
-  Sections:
-    .text:
-      Entropy: 6.2825078531618965
-      Virtual Size: '0x1d50'
-    .rdata:
-      Entropy: 4.946960370494769
-      Virtual Size: '0x7d4'
-    .data:
-      Entropy: 0.08153941234324169
-      Virtual Size: '0x2028'
-    INIT:
-      Entropy: 5.25825107827808
-      Virtual Size: '0x644'
-    .reloc:
-      Entropy: 5.019721571589309
-      Virtual Size: '0x36a'
-  CompanyName: ''
-  FileDescription: ''
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  ProductName: ''
-  LegalCopyright: ''
-  ProductVersion: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root
-        CA
-      ValidFrom: '2011-04-15 19:41:37'
-      ValidTo: '2021-04-15 19:51:37'
-      Signature: 5cf5b22d02ceed01b53512d813f7aa4014c7a15ca08a55ed7e55ea6ac457176fd04722423658efc5ac61c5f62c52ce6ae6c80d85dab334420ea40225182672b92a4ea57e4b16f2a0e40c449ce24d9af474f0f927a6699031c244654348c74869d0fc8409f286140ac22996857f11eb8713176ed3ec6bff1d578ab17b1ea5a07ce9a27a68e5fac6b161d67263fa379163835599f81d614f0c6fa3f7bcb1152acc8d85e31417ef7e49443fb022c0f0acbe2fdbe10c86b0f4585c5a10a94bcdf3448a4652083e0a6210e9459504b78b8d4b074f500db7bbe7fb8ca27878c6c53b7663b2cfe521845a66fce04c79834ecfa8ee700586587cc29cd73ca3ad3c7e76625c87d0ed7cd5c55b1421f4be75a275d2e9e15ad020307841624d6b5e6e1b1710244ad8588775d015d762bbfd185665842561977faad49df4f35d6da031c2e19e02ac3e90c3327ee832903416d08b14cf95accee58c54a265b8bfed186a57073ed3e79a4a2f081a041c49871a8ae61b08a365d81c31c50d9cbab368ddf45076160675fec403e7d13edfdc862e10027e661296534e7af3365879b12042d8963f35be3f8ef2999743f5e40ce13c68728c8d49d75a52b573fb7a35943a61b08482c04885c19732d39b725fa0d2348f7ef0467cf28c7294c707b0d7b5b230b81965f09c8327b0a0abd0a2727e050fb3aeddb95b9b42bcc32663456b86f11d4643edc8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611cb28a000000000026
-      Version: 3
-      TBS:
-        MD5: 983a0c315a50542362f2bd6a5d71c8d0
-        SHA1: 8047f476001f5cb16a661d2a3fd0c3576168f5e2
-        SHA256: 5f6a519ed2e35cd0fa1cdfc90f4387162c36287bbf9e4d6648251d99542a9e83
-        SHA384: 5f014b60511ddab3247ef0b3c03fe82c622237ba76015e2911d1adc50dc632d56ebd1ee532f3c2b6cbfe68d80a2c91dc
-    - Subject: C=CN, ST=Zhejiang, L=Hangzhou, O=Hangzhou Shunwang Technology Co.,Ltd,
-        CN=Hangzhou Shunwang Technology Co.,Ltd
-      ValidFrom: '2019-12-27 00:00:00'
-      ValidTo: '2022-01-05 12:00:00'
-      Signature: 8147595b1b5b5c15cfd34eecc1af73a408dc6afb70b254cbe0654771d89947c98cc92708e61d9c5fdf3b6d13b1047bc00933dce01c24169068f5e02063f15d9ae5ae7c64e5baf373104c34fe57f2ac98410d6fc887fa42e20df6f4cd12f9ffd540eaa9111d6680e174c58f8a5f09b17c8f5b878f329c7c3b335484fb983cb2307a379dcfd4d4d5dac493f7f667491338b2213a761f7fa20376915597d6ae2015d69d43f4711356943cc08c7e5a4b1ce4bf0c69ea30d5154d59b08717b8330495a1e92383a12b96dce692aa2689d20ee3372e73b24049bc9c1d541f2227d4d411ba2f4785943ebb608bcafc8db1ffc1236b52ee833b3ede42535dc2d1710f62de
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0b1e1774fd8f4ea3d7ff1381fb73da92
-      Version: 3
-      TBS:
-        MD5: 7024d0a6b5e55936a7935914788421d5
-        SHA1: efab40dd88bfe8550db10f51a4cbcfc9cea76af0
-        SHA256: 4650e6e700bafb42b77d1928f425cc0f94bd24d59bbac383d3cc69a2900258d6
-        SHA384: c177df2dd65d446edd0fff9d5ee9be89d732081ff103ae7cf067b3e118636595a5620d209a4636fb470ef6ed42b83d8e
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code
-        Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 7b721d64ff88c83ac1b7e9e7a9c487bbdb9492d7905933fa2b87dea85b80253f138f9b831b7c43c4e68cdf393ec315ecb0da3b21257b24c1725db84791811346fa9c3f6a5138deb425cbf0abdfc528015479104624d1380f26a161904dbabd28e63ff1c4aa9bf6da35534fc9f23dd36cdc23edaaa04d6709f33a803d3cfb364c90e776a4ddf23abf56352fa24c65e8e0d4dad1c7c8916a2d234f373b199418d4d59c103cd5b11c19ff8fc86b9b9ef8ae9c999678d1cd9c51155b4226725a8d0a4a239240e886de22c2933ad49b68a6df297f06b93c0ebd9fc4869c82474271328609997209794b9d7169f541ff7f397764f1848dbe8b1eb27d68a3a590b10cff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0fa8490615d700a0be2176fdc5ec6dbd
-      Version: 3
-      TBS:
-        MD5: a9a31555bbc92b6033975c5428fb3679
-        SHA1: 47f4b9898631773231b32844ec0d49990ac4eb1e
-        SHA256: c826846e4b1d73edb7561ab1b41c949354e237a91e82fe1be5b7e2e1701f52d1
-        SHA384: 86f49574f368a561914a52d7ae043ec6784ef8c718960700f834e123594605d25d39f1ad45f1eb5052c9567f3edd0e16
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 0b1e1774fd8f4ea3d7ff1381fb73da92
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code
-        Signing CA,1
-      Version: 1
-  Authentihash:
-    MD5: 327bac48ef5c3162aaf555878ef89338
-    SHA1: 3653d167ffa47da551267c179a4b4f23430271b7
-    SHA256: 2e100aa891445f18f4805dced7c4055aa5bee6c65995daa42a438349ccad6c3c
-  RichPEHeaderHash:
-    MD5: 2e2215b2069ed96fcec4649c25ecce07
-    SHA1: f2dea0094772b0451202d789ab6f4e440a5dbb62
-    SHA256: 65ad8fd2d58ed83b8f95fcc50f82a9aef53c7db80c072589b30194f15776a3e7
-  Description: ''
-  Company: ''
-  Product: ''
-  Copyright: ''
-  MachineType: I386
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-- Filename: rentdrv2.sys
-  Libraries:
-  - ntoskrnl.exe
-  ImportedFunctions:
-  - RtlInitUnicodeString
-  - KeSetEvent
-  - KeInitializeEvent
-  - ZwCreateFile
-  - ExAllocatePool
-  - ZwClose
-  - ObReferenceObjectByHandle
-  - KeWaitForSingleObject
-  - ObfDereferenceObject
-  - ZwWriteFile
-  - DbgPrint
-  - InitializeSListHead
-  - ExpInterlockedPushEntrySList
-  - KeInitializeDpc
-  - KeReleaseSpinLock
-  - ExpInterlockedPopEntrySList
-  - ZwWaitForSingleObject
-  - KeFlushQueuedDpcs
-  - PsCreateSystemThread
-  - ExSystemTimeToLocalTime
-  - _vsnprintf
-  - KeInsertQueueDpc
-  - RtlTimeToTimeFields
-  - PsThreadType
-  - PsGetCurrentThreadId
-  - KeAcquireSpinLockRaiseToDpc
-  - PsProcessType
-  - PsLookupProcessByProcessId
-  - _wcsnicmp
-  - ExFreePoolWithTag
-  - ZwOpenProcess
-  - ZwQueryInformationProcess
-  - RtlCopyUnicodeString
-  - MmIsAddressValid
-  - ZwTerminateProcess
-  - ObOpenObjectByPointer
-  - PsGetProcessId
-  - RtlAppendUnicodeToString
-  - ZwQuerySymbolicLinkObject
-  - ZwOpenSymbolicLinkObject
-  - KeDelayExecutionThread
-  - ZwQuerySystemInformation
-  - KeBugCheckEx
-  - KeClearEvent
-  - IoDeleteSymbolicLink
-  - KeResetEvent
-  - IoCreateNotificationEvent
-  - KeSetPriorityThread
-  - IoDeleteDevice
-  - KeSetTimerEx
-  - PsTerminateSystemThread
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeInitializeTimerEx
-  - KeCancelTimer
-  - PsGetProcessInheritedFromUniqueProcessId
-  - ExAllocatePoolWithTag
-  - __C_specific_handler
-  ExportedFunctions: ''
-  MD5: 5fea22f442e7fd34a54008e363446d13
-  SHA1: 67d17ca90880b448d5c3b40f69cec04d3649f170
-  SHA256: 9165d4f3036919a96b86d24b64d75d692802c7513f2b3054b20be40c212240a5
-  Imphash: 1fb8e85267a70537d661f9df2fc215ac
-  Machine: AMD64
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2023-01-17 01:17:14'
-  RichPEHeaderMD5: df57763699cf5115bb47b14154391019
-  RichPEHeaderSHA1: cdf22aa848a0e173ed5aa1fef4ca77eea65b9403
-  RichPEHeaderSHA256: cf67066a7ed3bb69752ec5fc482e9d74f8bcff9683a417db05eeab1484cefea1
-  AuthentihashMD5: b0c6112ed0f7a1544320e96c4e28dfaf
-  AuthentihashSHA1: cebe563de888ee2055ba03051010a40705e778c8
-  AuthentihashSHA256: b3c9af8c4be8f62d25b955f92d2a4e9ebd34f7fa787580454ef54241102e7b30
-  Sections:
-    .text:
-      Entropy: 6.09672981622707
-      Virtual Size: '0x321a'
-    .rdata:
-      Entropy: 5.113705056700047
-      Virtual Size: '0x117c'
-    .data:
-      Entropy: 0.0
-      Virtual Size: '0x2038'
-    .pdata:
-      Entropy: 4.257063691646188
-      Virtual Size: '0x3fc'
-    INIT:
-      Entropy: 4.964146055158324
-      Virtual Size: '0x720'
-  CompanyName: ''
-  FileDescription: ''
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  ProductName: ''
-  LegalCopyright: ''
-  ProductVersion: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Hardware Compatibility Publisher
-      ValidFrom: '2022-06-07 18:08:06'
-      ValidTo: '2023-06-01 18:08:06'
-      Signature: 0a835e40cdb627d4f0a0d3dbbf64a46a05c132d0b5df9d11cd9c195d7037737057d57a342732ae68d67de47f460e7211c7c40dc29b0a079caff871c4834a9a2fc85e759de9b78659ad6fd79b7320e538e9ba5d52227ad67cc00b0a770ef662af3d743a558643ad89cfb015591709a69b6271a9b65db71898e7cb9964c6376dc474898301a6133198b486b518fdd9d7b9723dcffc441e026833f7c72e27986026c97b9184a0048b10d1fe6847ae467f02173f7a69120be780e5b6b9e6399402cc58735a31b537cc33578fbea443135a4a612359150bcf9ab316f6a9248bc71ef3f3480b9b3fa2341692bc3a121d80214688f7bd87d5ec56dcbd0ea61abf2c7ed2b739a07590adb596d401735d955f5f94c591d69ab4363a42f9fca549d439495711ff7990448c03724792ed4acf31f2b35b136c1b2f37aa82b1aabf7daf059dcb2e976e95311ec6e9cc53876dd09632cf512d39c801849a7c1088a565691953e07c7ff17b22518e982dd2dcc0feda8c834ca1f5e247aef1c3af5f13cd4b8cc1b6c0179bc876db88d677047c34366533e349796dbdea86389ad640710b7742ae8cc4ec88f10fa80ede4b1c93f81b55480fc8228216d54813df0327e74b3db9f3512a40c0568e4215827f9b7a2613deea72a7ec4df2def05e5559015049fe83edc83300526045cb128119e131b7d3573b268e24b0a25b9ad59f6301c8fc8f409322
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 3300000057ee4d659a923e7c10000000000057
-      Version: 3
-      TBS:
-        MD5: fdc11a5676aed4e9cc0c09eeb7450dfb
-        SHA1: 4902077d9a05d4231b791d3b05bafa4a79132f03
-        SHA256: 5db56c23d83bf67c7152e28ad4a684a7372b4ae4f52afe7a81ce91eef94caec3
-        SHA384: c952d7f0e0ea5216ce4400601fb7c0829f0f3fcd6eb2b5b9112fbe45d133e00c4abd660f8e1794f7ac4ef95123e2c0ab
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2014
-      ValidFrom: '2014-10-15 20:31:27'
-      ValidTo: '2029-10-15 20:41:27'
-      Signature: 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 330000000d690d5d7893d076df00000000000d
-      Version: 3
-      TBS:
-        MD5: 83f69422963f11c3c340b81712eef319
-        SHA1: 0c5e5f24590b53bc291e28583acb78e5adc95601
-        SHA256: d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
-        SHA384: 260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63
-    Signer:
-    - SerialNumber: 3300000057ee4d659a923e7c10000000000057
-      Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2014
-      Version: 1
-  Authentihash:
-    MD5: b0c6112ed0f7a1544320e96c4e28dfaf
-    SHA1: cebe563de888ee2055ba03051010a40705e778c8
-    SHA256: b3c9af8c4be8f62d25b955f92d2a4e9ebd34f7fa787580454ef54241102e7b30
-  RichPEHeaderHash:
-    MD5: df57763699cf5115bb47b14154391019
-    SHA1: cdf22aa848a0e173ed5aa1fef4ca77eea65b9403
-    SHA256: cf67066a7ed3bb69752ec5fc482e9d74f8bcff9683a417db05eeab1484cefea1
-  Description: ''
-  Company: ''
-  Product: ''
-  Copyright: ''
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-Tags:
-- echo_driver.sys
+-   Authentihash:
+        MD5: cad120d8ba6473b07a3b76a41921d720
+        SHA1: 678620a9cc9e7ffe179bc5cda0a2dd0597e231ee
+        SHA256: 92f9d73cec5ab3352c4b3cbf4574d13b2e506cba24cc74580e19e941063eaf7d
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2021-06-17 17:17:15'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: echo_driver.sys
+    ImportedFunctions:
+    - BCryptVerifySignature
+    - BCryptCreateHash
+    - BCryptDestroyKey
+    - BCryptFinishHash
+    - BCryptDestroyHash
+    - BCryptImportKeyPair
+    - BCryptCloseAlgorithmProvider
+    - BCryptGetProperty
+    - BCryptHashData
+    - BCryptOpenAlgorithmProvider
+    - IoGetCurrentProcess
+    - ObRegisterCallbacks
+    - ObUnRegisterCallbacks
+    - ObGetFilterVersion
+    - PsGetProcessId
+    - PsGetThreadProcessId
+    - PsProcessType
+    - PsThreadType
+    - DbgPrint
+    - ExAllocatePoolWithTag
+    - IoDeleteDevice
+    - ProbeForRead
+    - ZwCreateFile
+    - ZwQueryInformationFile
+    - ZwReadFile
+    - ZwClose
+    - SeLocateProcessImageName
+    - RtlGetVersion
+    - IofCompleteRequest
+    - ObReferenceObjectByHandle
+    - ObfDereferenceObject
+    - PsLookupProcessByProcessId
+    - ObOpenObjectByPointer
+    - ZwQueryVirtualMemory
+    - MmCopyVirtualMemory
+    - __C_specific_handler
+    - ZwOpenProcess
+    - ZwQuerySystemInformation
+    - ZwQueryInformationProcess
+    - IoDeleteSymbolicLink
+    - RtlCopyUnicodeString
+    - DbgPrintEx
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - RtlInitUnicodeString
+    - ExFreePoolWithTag
+    - WdfVersionUnbind
+    - WdfVersionBindClass
+    - WdfVersionUnbindClass
+    - WdfVersionBind
+    Imports:
+    - cng.sys
+    - ntoskrnl.exe
+    - WDFLDR.SYS
+    InternalName: ''
+    MD5: 187ddca26d119573223cf0a32ba55a61
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: Microsoft Windows Hardware Compatibility Publisher
+    RichPEHeaderHash:
+        MD5: cc4824dfc6c671b058dc67ec8bf938b4
+        SHA1: c47436cdd195b3f6272869d73144fbd3771f8491
+        SHA256: 431855c1601ceb0745917f8b160449568c3fc9049779c5e2a7613a61728afc6b
+    SHA1: a93197c8c1897a95c4fb0367d7451019ae9f3054
+    SHA256: ea3c5569405ed02ec24298534a983bcb5de113c18bc3fd01a4dd0b5839cd17b9
+    Sections:
+        .text:
+            Entropy: 6.2214058928825935
+            Virtual Size: '0x19ed'
+        .rdata:
+            Entropy: 4.829954270142013
+            Virtual Size: '0xb44'
+        .data:
+            Entropy: 2.467385656401615
+            Virtual Size: '0x388'
+        .pdata:
+            Entropy: 3.707723651312958
+            Virtual Size: '0x12c'
+        INIT:
+            Entropy: 4.856375853777676
+            Virtual Size: '0x67a'
+        .reloc:
+            Entropy: 3.078175865086577
+            Virtual Size: '0x24'
+    Signature: Microsoft Windows Hardware Compatibility Publisher
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Hardware Compatibility Publisher
+            ValidFrom: '2020-12-15 22:25:28'
+            ValidTo: '2021-12-02 22:25:28'
+            Signature: 3a8e15af3660c47a1def4303906af38b6ca69186409b4f44ebe8106ece701f6e00e734fe1d0bb290d1496c3f17859e1f9ff1f31080dd8bfd2bb5013956c2f49ffe73916654f04c35b9df2fb27c55a71df3d8e1f25185d398abed244b42e27741c0b1c953c139c011b801f00e80ea992005a1305dd65bcb2032790b0d87636b75d2fb8f431546cd906ab0a55083a26d2649d822871b6aacd1b4d8c74ea2366903eeb318e7826db64e3a858d6377cf2f9a628f21d6ef65279603c18d25d365dd370cef1a45527deec589a331a221c909a8b0d2010d078970678c648d62168056e3b775233eac20e50cc039a85900749f627a419e8959fcf21efc89da76426107e43261ccdcaebad659b89abfdd5d1a78e9d438868b9ff58cac5176bddff8c8dd11008ed72ed249bb7d78af559b04561e6b44aae7846b103d2db8c0e31a5f661851f97acba0757b474c1caa49cf8eed86de15a4118743a418b6b415e7770265801ba51061b5d32125ed5ba1e27fe83ac795f9cc868949b14d59eb4f596763da9102f9e6ae8fe92de61d68af67a906e0be424f5c81dcecd4d190953a66384c3b5fe33f7b402a0934c2befd4a51b2f2850ef05e156fc4e1460eab2f67e3cbc999db761f57970ccafbc49040e999965f5306c1f5c90ce172d889a3aa63ec502a60020b2a7b4fff562b9dc5c50a8e06bc52f04ff0fe535591e2e6b7325239666152819a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 33000000433a68189e33902987000000000043
+            Version: 3
+            TBS:
+                MD5: 3d790bd5602e84a4aa8560133ced0a41
+                SHA1: 909e31e3e3808ab55d508fc0ba47e0132a57d7ab
+                SHA256: ac1acbcba260f10270527c3762457c1b96818466df9da51dfec3b147c90db453
+                SHA384: c548f472f381df2da149c036e2f47be20293838eb23adce5e1b0ad1ba1fe8c33f688528452146c87dcb26070a2a23ced
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2014
+            ValidFrom: '2014-10-15 20:31:27'
+            ValidTo: '2029-10-15 20:41:27'
+            Signature: 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 330000000d690d5d7893d076df00000000000d
+            Version: 3
+            TBS:
+                MD5: 83f69422963f11c3c340b81712eef319
+                SHA1: 0c5e5f24590b53bc291e28583acb78e5adc95601
+                SHA256: d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
+                SHA384: 260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63
+        Signer:
+        -   SerialNumber: 33000000433a68189e33902987000000000043
+            Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2014
+            Version: 1
+    Imphash: a94892b77a6474429b9f692d9952a9d5
+-   Filename: echodriver
+    Libraries:
+    - ntoskrnl.exe
+    - WDFLDR.SYS
+    ImportedFunctions:
+    - PsTerminateSystemThread
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - IoGetCurrentProcess
+    - ObReferenceObjectByHandle
+    - ObfDereferenceObject
+    - ObRegisterCallbacks
+    - ObUnRegisterCallbacks
+    - ObGetFilterVersion
+    - PsCreateSystemThread
+    - ZwClose
+    - PsSetCreateThreadNotifyRoutine
+    - PsRemoveCreateThreadNotifyRoutine
+    - PsGetCurrentProcessId
+    - PsGetProcessId
+    - PsGetThreadProcessId
+    - ZwTerminateProcess
+    - RtlRandomEx
+    - PsLookupProcessByProcessId
+    - ObOpenObjectByPointer
+    - PsProcessType
+    - PsThreadType
+    - KeWaitForSingleObject
+    - RtlCopyUnicodeString
+    - KeDelayExecutionThread
+    - DbgPrintEx
+    - ZwUnloadDriver
+    - RtlInitUnicodeString
+    - WdfVersionUnbind
+    - WdfVersionBind
+    - WdfVersionUnbindClass
+    - WdfVersionBindClass
+    ExportedFunctions: ''
+    MD5: 69fd73a83df164d7fe5d89e006e945dc
+    SHA1: 2fcfb50b5c91dd3e3b48d91a60acc26138f406b6
+    SHA256: a41e9bb037cf1dc2237659b1158f0ed4e49b752b2f9dae4cc310933a9d1f1e47
+    Imphash: 8b9e0d788c2eaf2c7f14613be96a14ef
+    Machine: AMD64
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2021-01-07 23:47:44'
+    RichPEHeaderMD5: a30de20396700c11c4814cc1afb687be
+    RichPEHeaderSHA1: c3a2151d02fa314d617fd4a56a3014e2232132e8
+    RichPEHeaderSHA256: dd442fcf6a0f1d238ea0c65995753b5ade95c734da71b0947442ac68b69e6714
+    AuthentihashMD5: ccaf2dcbc166d6436a8bdc226273ee8e
+    AuthentihashSHA1: 503901e0da00e491f28389f17cafd1f1d5243c60
+    AuthentihashSHA256: 48dc7fd16aacdc8792f8bad1b1f7ca9d675ddac7767e957ea8c4227150d64e2d
+    Sections:
+        .text:
+            Entropy: 6.014631414956102
+            Virtual Size: '0xcee'
+        .rdata:
+            Entropy: 4.859318138184422
+            Virtual Size: '0xa14'
+        .data:
+            Entropy: 0.5984918976590248
+            Virtual Size: '0x328'
+        .pdata:
+            Entropy: 3.5096664820400054
+            Virtual Size: '0xfc'
+        INIT:
+            Entropy: 5.408896279667701
+            Virtual Size: '0x6ae'
+        .reloc:
+            Entropy: 3.0362376705219396
+            Virtual Size: '0x24'
+    CompanyName: ''
+    FileDescription: ''
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    ProductName: ''
+    LegalCopyright: ''
+    ProductVersion: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Hardware Compatibility Publisher
+            ValidFrom: '2020-03-11 17:31:14'
+            ValidTo: '2021-03-05 17:31:14'
+            Signature: 7dfc7c353c4c04d9d06066e1ca8584637192eb15d1d6e7c5521b0d819d615fb56524985d30535b0573fb8e0d13173d51b27bd23b9a2052738891d67ed360766452b62c4566eb20c90f018229a8e951bf58df5a7d731c1e51217f471d470979f04e900920bfc8715122b331d82f68f73ebf3de36e09d18fbfed2f3c29190a41baafbca0025bf4e36310a04cb8e61c32fda677820aa693a7f5e69d3c3abdb495b12bb8b6d10f65d44fae945d9b0fcf695d4711fc9e1c0ddb1f569c13093e16c389f748d8fe60e8685f02357464564761db4cece391baa742f3ad3bcfa26e01975966ca41939c832bf1147bec870162ce042fd0cf10d048181ec573d317f2c5de21512f13b24de9bac9bb83fc2ceb4f6f766536fe38c03ede1f8b0a3b8828e8d914d73d0a17699ab20264a27a36e0f77c5144cf470bf44d2296290e345bd25c0bc6a08dd963ec39ce0e500599751c652dc20e9906c1ce76c1d86c09058ae8defb3d7b93b68a34ca83a981a30c2403723f7e5c664b1e951050002ad32e976db221c2d8c660047dc6acfe0da16d44c6372a5cd04b016a35193f841b903ba87e2d6e416a2c59469af9f16e249bb891f21ec22f2db0a84a48d7a9e43d2f7e3bdd016d600f57daf21829885ec035287ab332c32738f5e26c6d2502b2f044afb1e048c85c7c9baf76747de14ecdeca3c7481796a741672a047f89dafe2c12c01982a026c4
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 330000003a6ae333708fda7a7b00000000003a
+            Version: 3
+            TBS:
+                MD5: 6f5d716e7151f1c173396adb7213359e
+                SHA1: 100610baae90027e9844a8e9c4d489fe122ecd9c
+                SHA256: 677d532777cee24be88442efec75e9640e80ef57d8e1246396459a1a04be733f
+                SHA384: 35d397c22426b9c4c486fa5dd36c089209ab77026e981bd353ffbf060f54fd98f2afe9b45dd64c20614a5d5627b8dd0c
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2014
+            ValidFrom: '2014-10-15 20:31:27'
+            ValidTo: '2029-10-15 20:41:27'
+            Signature: 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 330000000d690d5d7893d076df00000000000d
+            Version: 3
+            TBS:
+                MD5: 83f69422963f11c3c340b81712eef319
+                SHA1: 0c5e5f24590b53bc291e28583acb78e5adc95601
+                SHA256: d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
+                SHA384: 260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63
+        Signer:
+        -   SerialNumber: 330000003a6ae333708fda7a7b00000000003a
+            Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2014
+            Version: 1
+-   Filename: echodriver.sys
+    Libraries:
+    - cng.sys
+    - ntoskrnl.exe
+    - WDFLDR.SYS
+    ImportedFunctions:
+    - BCryptVerifySignature
+    - BCryptCreateHash
+    - BCryptDestroyKey
+    - BCryptFinishHash
+    - BCryptDestroyHash
+    - BCryptImportKeyPair
+    - BCryptCloseAlgorithmProvider
+    - BCryptGetProperty
+    - BCryptHashData
+    - BCryptOpenAlgorithmProvider
+    - IoGetCurrentProcess
+    - ObRegisterCallbacks
+    - ObUnRegisterCallbacks
+    - ObGetFilterVersion
+    - PsGetProcessId
+    - PsGetThreadProcessId
+    - PsProcessType
+    - PsThreadType
+    - DbgPrint
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - ProbeForRead
+    - ZwCreateFile
+    - ZwQueryInformationFile
+    - IoDeleteDevice
+    - ZwClose
+    - SeLocateProcessImageName
+    - RtlGetVersion
+    - KeIpiGenericCall
+    - IofCompleteRequest
+    - ObReferenceObjectByHandle
+    - ObfDereferenceObject
+    - ZwOpenKey
+    - ZwQueryValueKey
+    - MmCopyMemory
+    - MmGetVirtualForPhysical
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - PsLookupProcessByProcessId
+    - ObOpenObjectByPointer
+    - ZwQueryVirtualMemory
+    - MmCopyVirtualMemory
+    - __C_specific_handler
+    - ZwOpenProcess
+    - ZwQuerySystemInformation
+    - ZwQueryInformationProcess
+    - IoDeleteSymbolicLink
+    - RtlCopyUnicodeString
+    - DbgPrintEx
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - RtlInitUnicodeString
+    - ZwReadFile
+    - WdfVersionUnbind
+    - WdfVersionBindClass
+    - WdfVersionUnbindClass
+    - WdfVersionBind
+    ExportedFunctions: ''
+    MD5: 410b44dc8ec9e756e2abdbb406aa42ad
+    SHA1: 04fd5eb356f63e2afc218a32aa7c27c9e9a5c42a
+    SHA256: ada2b855757c9062231f5ed4e80365b8d8094e9adbce8f26d1ff5ea0b7a70c77
+    Imphash: a2180e353b7db3ab59bab0bbbd09962b
+    Machine: AMD64
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2021-07-19 19:12:05'
+    RichPEHeaderMD5: a90d303a65c24db3a118b98e4a47ffdc
+    RichPEHeaderSHA1: 60cda5b7f044e0e6cc90a800741cae06d5a61975
+    RichPEHeaderSHA256: a8a785d37c7c1f79fcff9f9887d71c44e18001bd74ca5db3aa72b163ed798704
+    AuthentihashMD5: 825730ad17e9049c65f26f0426f7f233
+    AuthentihashSHA1: 18cd81740893fa24f1afbb9d187a60af9c5b2902
+    AuthentihashSHA256: 4160dae22484062ccc3750cc9cac8f929d8701694160a3b508715610814aa28d
+    Sections:
+        .text:
+            Entropy: 6.26052193214872
+            Virtual Size: '0x2061'
+        .rdata:
+            Entropy: 4.783468366688466
+            Virtual Size: '0xb9c'
+        .data:
+            Entropy: 2.463479406401615
+            Virtual Size: '0x388'
+        .pdata:
+            Entropy: 3.7115104332177165
+            Virtual Size: '0x138'
+        INIT:
+            Entropy: 4.879509043053179
+            Virtual Size: '0x740'
+        .reloc:
+            Entropy: 3.0210848226564435
+            Virtual Size: '0x24'
+    CompanyName: ''
+    FileDescription: ''
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    ProductName: ''
+    LegalCopyright: ''
+    ProductVersion: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Hardware Compatibility Publisher
+            ValidFrom: '2020-12-15 22:25:28'
+            ValidTo: '2021-12-02 22:25:28'
+            Signature: 3a8e15af3660c47a1def4303906af38b6ca69186409b4f44ebe8106ece701f6e00e734fe1d0bb290d1496c3f17859e1f9ff1f31080dd8bfd2bb5013956c2f49ffe73916654f04c35b9df2fb27c55a71df3d8e1f25185d398abed244b42e27741c0b1c953c139c011b801f00e80ea992005a1305dd65bcb2032790b0d87636b75d2fb8f431546cd906ab0a55083a26d2649d822871b6aacd1b4d8c74ea2366903eeb318e7826db64e3a858d6377cf2f9a628f21d6ef65279603c18d25d365dd370cef1a45527deec589a331a221c909a8b0d2010d078970678c648d62168056e3b775233eac20e50cc039a85900749f627a419e8959fcf21efc89da76426107e43261ccdcaebad659b89abfdd5d1a78e9d438868b9ff58cac5176bddff8c8dd11008ed72ed249bb7d78af559b04561e6b44aae7846b103d2db8c0e31a5f661851f97acba0757b474c1caa49cf8eed86de15a4118743a418b6b415e7770265801ba51061b5d32125ed5ba1e27fe83ac795f9cc868949b14d59eb4f596763da9102f9e6ae8fe92de61d68af67a906e0be424f5c81dcecd4d190953a66384c3b5fe33f7b402a0934c2befd4a51b2f2850ef05e156fc4e1460eab2f67e3cbc999db761f57970ccafbc49040e999965f5306c1f5c90ce172d889a3aa63ec502a60020b2a7b4fff562b9dc5c50a8e06bc52f04ff0fe535591e2e6b7325239666152819a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 33000000433a68189e33902987000000000043
+            Version: 3
+            TBS:
+                MD5: 3d790bd5602e84a4aa8560133ced0a41
+                SHA1: 909e31e3e3808ab55d508fc0ba47e0132a57d7ab
+                SHA256: ac1acbcba260f10270527c3762457c1b96818466df9da51dfec3b147c90db453
+                SHA384: c548f472f381df2da149c036e2f47be20293838eb23adce5e1b0ad1ba1fe8c33f688528452146c87dcb26070a2a23ced
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2014
+            ValidFrom: '2014-10-15 20:31:27'
+            ValidTo: '2029-10-15 20:41:27'
+            Signature: 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 330000000d690d5d7893d076df00000000000d
+            Version: 3
+            TBS:
+                MD5: 83f69422963f11c3c340b81712eef319
+                SHA1: 0c5e5f24590b53bc291e28583acb78e5adc95601
+                SHA256: d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
+                SHA384: 260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63
+        Signer:
+        -   SerialNumber: 33000000433a68189e33902987000000000043
+            Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2014
+            Version: 1
+-   Filename: echo.sys
+    Libraries:
+    - ntoskrnl.exe
+    - HAL.dll
+    ImportedFunctions:
+    - KeSetEvent
+    - KeInitializeEvent
+    - ZwCreateFile
+    - ExAllocatePool
+    - KeGetCurrentThread
+    - ZwClose
+    - ObReferenceObjectByHandle
+    - KeWaitForSingleObject
+    - ObfDereferenceObject
+    - ZwWriteFile
+    - DbgPrint
+    - KeInitializeDpc
+    - InterlockedPopEntrySList
+    - KeQuerySystemTime
+    - ZwWaitForSingleObject
+    - KeFlushQueuedDpcs
+    - PsCreateSystemThread
+    - ExSystemTimeToLocalTime
+    - _vsnprintf
+    - KeInsertQueueDpc
+    - RtlTimeToTimeFields
+    - PsThreadType
+    - PsGetCurrentThreadId
+    - InterlockedPushEntrySList
+    - PsProcessType
+    - PsLookupProcessByProcessId
+    - _wcsnicmp
+    - PsGetProcessInheritedFromUniqueProcessId
+    - ZwOpenProcess
+    - RtlInitUnicodeString
+    - RtlCopyUnicodeString
+    - MmIsAddressValid
+    - ZwTerminateProcess
+    - ObOpenObjectByPointer
+    - PsGetProcessId
+    - RtlAppendUnicodeToString
+    - ZwQuerySymbolicLinkObject
+    - ZwOpenSymbolicLinkObject
+    - KeClearEvent
+    - IoDeleteSymbolicLink
+    - KeResetEvent
+    - IoCreateNotificationEvent
+    - KeSetPriorityThread
+    - IoDeleteDevice
+    - KeSetTimerEx
+    - PsTerminateSystemThread
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeInitializeTimerEx
+    - KeCancelTimer
+    - ExFreePoolWithTag
+    - ZwQueryInformationProcess
+    - ExAllocatePoolWithTag
+    - memcpy
+    - _except_handler3
+    - memset
+    - _alldiv
+    - KeGetCurrentIrql
+    - KfReleaseSpinLock
+    - KfAcquireSpinLock
+    ExportedFunctions: ''
+    MD5: 1585d3eda733dfe42202bb98f95f7f5d
+    SHA1: 8a0d8b31fc2cdc44cb5a8547b7a63600307dd2d4
+    SHA256: 1aed62a63b4802e599bbd33162319129501d603cceeb5e1eb22fd4733b3018a3
+    Imphash: d5b8227536ae03b96e542a52b80aab47
+    Machine: I386
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2020-10-15 00:28:23'
+    RichPEHeaderMD5: 2e2215b2069ed96fcec4649c25ecce07
+    RichPEHeaderSHA1: f2dea0094772b0451202d789ab6f4e440a5dbb62
+    RichPEHeaderSHA256: 65ad8fd2d58ed83b8f95fcc50f82a9aef53c7db80c072589b30194f15776a3e7
+    AuthentihashMD5: 327bac48ef5c3162aaf555878ef89338
+    AuthentihashSHA1: 3653d167ffa47da551267c179a4b4f23430271b7
+    AuthentihashSHA256: 2e100aa891445f18f4805dced7c4055aa5bee6c65995daa42a438349ccad6c3c
+    Sections:
+        .text:
+            Entropy: 6.2825078531618965
+            Virtual Size: '0x1d50'
+        .rdata:
+            Entropy: 4.946960370494769
+            Virtual Size: '0x7d4'
+        .data:
+            Entropy: 0.08153941234324169
+            Virtual Size: '0x2028'
+        INIT:
+            Entropy: 5.25825107827808
+            Virtual Size: '0x644'
+        .reloc:
+            Entropy: 5.019721571589309
+            Virtual Size: '0x36a'
+    CompanyName: ''
+    FileDescription: ''
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    ProductName: ''
+    LegalCopyright: ''
+    ProductVersion: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID Root CA
+            ValidFrom: '2011-04-15 19:41:37'
+            ValidTo: '2021-04-15 19:51:37'
+            Signature: 5cf5b22d02ceed01b53512d813f7aa4014c7a15ca08a55ed7e55ea6ac457176fd04722423658efc5ac61c5f62c52ce6ae6c80d85dab334420ea40225182672b92a4ea57e4b16f2a0e40c449ce24d9af474f0f927a6699031c244654348c74869d0fc8409f286140ac22996857f11eb8713176ed3ec6bff1d578ab17b1ea5a07ce9a27a68e5fac6b161d67263fa379163835599f81d614f0c6fa3f7bcb1152acc8d85e31417ef7e49443fb022c0f0acbe2fdbe10c86b0f4585c5a10a94bcdf3448a4652083e0a6210e9459504b78b8d4b074f500db7bbe7fb8ca27878c6c53b7663b2cfe521845a66fce04c79834ecfa8ee700586587cc29cd73ca3ad3c7e76625c87d0ed7cd5c55b1421f4be75a275d2e9e15ad020307841624d6b5e6e1b1710244ad8588775d015d762bbfd185665842561977faad49df4f35d6da031c2e19e02ac3e90c3327ee832903416d08b14cf95accee58c54a265b8bfed186a57073ed3e79a4a2f081a041c49871a8ae61b08a365d81c31c50d9cbab368ddf45076160675fec403e7d13edfdc862e10027e661296534e7af3365879b12042d8963f35be3f8ef2999743f5e40ce13c68728c8d49d75a52b573fb7a35943a61b08482c04885c19732d39b725fa0d2348f7ef0467cf28c7294c707b0d7b5b230b81965f09c8327b0a0abd0a2727e050fb3aeddb95b9b42bcc32663456b86f11d4643edc8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611cb28a000000000026
+            Version: 3
+            TBS:
+                MD5: 983a0c315a50542362f2bd6a5d71c8d0
+                SHA1: 8047f476001f5cb16a661d2a3fd0c3576168f5e2
+                SHA256: 5f6a519ed2e35cd0fa1cdfc90f4387162c36287bbf9e4d6648251d99542a9e83
+                SHA384: 5f014b60511ddab3247ef0b3c03fe82c622237ba76015e2911d1adc50dc632d56ebd1ee532f3c2b6cbfe68d80a2c91dc
+        -   Subject: C=CN, ST=Zhejiang, L=Hangzhou, O=Hangzhou Shunwang Technology
+                Co.,Ltd, CN=Hangzhou Shunwang Technology Co.,Ltd
+            ValidFrom: '2019-12-27 00:00:00'
+            ValidTo: '2022-01-05 12:00:00'
+            Signature: 8147595b1b5b5c15cfd34eecc1af73a408dc6afb70b254cbe0654771d89947c98cc92708e61d9c5fdf3b6d13b1047bc00933dce01c24169068f5e02063f15d9ae5ae7c64e5baf373104c34fe57f2ac98410d6fc887fa42e20df6f4cd12f9ffd540eaa9111d6680e174c58f8a5f09b17c8f5b878f329c7c3b335484fb983cb2307a379dcfd4d4d5dac493f7f667491338b2213a761f7fa20376915597d6ae2015d69d43f4711356943cc08c7e5a4b1ce4bf0c69ea30d5154d59b08717b8330495a1e92383a12b96dce692aa2689d20ee3372e73b24049bc9c1d541f2227d4d411ba2f4785943ebb608bcafc8db1ffc1236b52ee833b3ede42535dc2d1710f62de
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0b1e1774fd8f4ea3d7ff1381fb73da92
+            Version: 3
+            TBS:
+                MD5: 7024d0a6b5e55936a7935914788421d5
+                SHA1: efab40dd88bfe8550db10f51a4cbcfc9cea76af0
+                SHA256: 4650e6e700bafb42b77d1928f425cc0f94bd24d59bbac383d3cc69a2900258d6
+                SHA384: c177df2dd65d446edd0fff9d5ee9be89d732081ff103ae7cf067b3e118636595a5620d209a4636fb470ef6ed42b83d8e
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 7b721d64ff88c83ac1b7e9e7a9c487bbdb9492d7905933fa2b87dea85b80253f138f9b831b7c43c4e68cdf393ec315ecb0da3b21257b24c1725db84791811346fa9c3f6a5138deb425cbf0abdfc528015479104624d1380f26a161904dbabd28e63ff1c4aa9bf6da35534fc9f23dd36cdc23edaaa04d6709f33a803d3cfb364c90e776a4ddf23abf56352fa24c65e8e0d4dad1c7c8916a2d234f373b199418d4d59c103cd5b11c19ff8fc86b9b9ef8ae9c999678d1cd9c51155b4226725a8d0a4a239240e886de22c2933ad49b68a6df297f06b93c0ebd9fc4869c82474271328609997209794b9d7169f541ff7f397764f1848dbe8b1eb27d68a3a590b10cff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0fa8490615d700a0be2176fdc5ec6dbd
+            Version: 3
+            TBS:
+                MD5: a9a31555bbc92b6033975c5428fb3679
+                SHA1: 47f4b9898631773231b32844ec0d49990ac4eb1e
+                SHA256: c826846e4b1d73edb7561ab1b41c949354e237a91e82fe1be5b7e2e1701f52d1
+                SHA384: 86f49574f368a561914a52d7ae043ec6784ef8c718960700f834e123594605d25d39f1ad45f1eb5052c9567f3edd0e16
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 0b1e1774fd8f4ea3d7ff1381fb73da92
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID Code Signing CA,1
+            Version: 1
+    Authentihash:
+        MD5: 327bac48ef5c3162aaf555878ef89338
+        SHA1: 3653d167ffa47da551267c179a4b4f23430271b7
+        SHA256: 2e100aa891445f18f4805dced7c4055aa5bee6c65995daa42a438349ccad6c3c
+    RichPEHeaderHash:
+        MD5: 2e2215b2069ed96fcec4649c25ecce07
+        SHA1: f2dea0094772b0451202d789ab6f4e440a5dbb62
+        SHA256: 65ad8fd2d58ed83b8f95fcc50f82a9aef53c7db80c072589b30194f15776a3e7
+    Description: ''
+    Company: ''
+    Product: ''
+    Copyright: ''
+    MachineType: I386
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+-   Filename: rentdrv2.sys
+    Libraries:
+    - ntoskrnl.exe
+    ImportedFunctions:
+    - RtlInitUnicodeString
+    - KeSetEvent
+    - KeInitializeEvent
+    - ZwCreateFile
+    - ExAllocatePool
+    - ZwClose
+    - ObReferenceObjectByHandle
+    - KeWaitForSingleObject
+    - ObfDereferenceObject
+    - ZwWriteFile
+    - DbgPrint
+    - InitializeSListHead
+    - ExpInterlockedPushEntrySList
+    - KeInitializeDpc
+    - KeReleaseSpinLock
+    - ExpInterlockedPopEntrySList
+    - ZwWaitForSingleObject
+    - KeFlushQueuedDpcs
+    - PsCreateSystemThread
+    - ExSystemTimeToLocalTime
+    - _vsnprintf
+    - KeInsertQueueDpc
+    - RtlTimeToTimeFields
+    - PsThreadType
+    - PsGetCurrentThreadId
+    - KeAcquireSpinLockRaiseToDpc
+    - PsProcessType
+    - PsLookupProcessByProcessId
+    - _wcsnicmp
+    - ExFreePoolWithTag
+    - ZwOpenProcess
+    - ZwQueryInformationProcess
+    - RtlCopyUnicodeString
+    - MmIsAddressValid
+    - ZwTerminateProcess
+    - ObOpenObjectByPointer
+    - PsGetProcessId
+    - RtlAppendUnicodeToString
+    - ZwQuerySymbolicLinkObject
+    - ZwOpenSymbolicLinkObject
+    - KeDelayExecutionThread
+    - ZwQuerySystemInformation
+    - KeBugCheckEx
+    - KeClearEvent
+    - IoDeleteSymbolicLink
+    - KeResetEvent
+    - IoCreateNotificationEvent
+    - KeSetPriorityThread
+    - IoDeleteDevice
+    - KeSetTimerEx
+    - PsTerminateSystemThread
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeInitializeTimerEx
+    - KeCancelTimer
+    - PsGetProcessInheritedFromUniqueProcessId
+    - ExAllocatePoolWithTag
+    - __C_specific_handler
+    ExportedFunctions: ''
+    MD5: 5fea22f442e7fd34a54008e363446d13
+    SHA1: 67d17ca90880b448d5c3b40f69cec04d3649f170
+    SHA256: 9165d4f3036919a96b86d24b64d75d692802c7513f2b3054b20be40c212240a5
+    Imphash: 1fb8e85267a70537d661f9df2fc215ac
+    Machine: AMD64
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2023-01-17 01:17:14'
+    RichPEHeaderMD5: df57763699cf5115bb47b14154391019
+    RichPEHeaderSHA1: cdf22aa848a0e173ed5aa1fef4ca77eea65b9403
+    RichPEHeaderSHA256: cf67066a7ed3bb69752ec5fc482e9d74f8bcff9683a417db05eeab1484cefea1
+    AuthentihashMD5: b0c6112ed0f7a1544320e96c4e28dfaf
+    AuthentihashSHA1: cebe563de888ee2055ba03051010a40705e778c8
+    AuthentihashSHA256: b3c9af8c4be8f62d25b955f92d2a4e9ebd34f7fa787580454ef54241102e7b30
+    Sections:
+        .text:
+            Entropy: 6.09672981622707
+            Virtual Size: '0x321a'
+        .rdata:
+            Entropy: 5.113705056700047
+            Virtual Size: '0x117c'
+        .data:
+            Entropy: 0.0
+            Virtual Size: '0x2038'
+        .pdata:
+            Entropy: 4.257063691646188
+            Virtual Size: '0x3fc'
+        INIT:
+            Entropy: 4.964146055158324
+            Virtual Size: '0x720'
+    CompanyName: ''
+    FileDescription: ''
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    ProductName: ''
+    LegalCopyright: ''
+    ProductVersion: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Hardware Compatibility Publisher
+            ValidFrom: '2022-06-07 18:08:06'
+            ValidTo: '2023-06-01 18:08:06'
+            Signature: 0a835e40cdb627d4f0a0d3dbbf64a46a05c132d0b5df9d11cd9c195d7037737057d57a342732ae68d67de47f460e7211c7c40dc29b0a079caff871c4834a9a2fc85e759de9b78659ad6fd79b7320e538e9ba5d52227ad67cc00b0a770ef662af3d743a558643ad89cfb015591709a69b6271a9b65db71898e7cb9964c6376dc474898301a6133198b486b518fdd9d7b9723dcffc441e026833f7c72e27986026c97b9184a0048b10d1fe6847ae467f02173f7a69120be780e5b6b9e6399402cc58735a31b537cc33578fbea443135a4a612359150bcf9ab316f6a9248bc71ef3f3480b9b3fa2341692bc3a121d80214688f7bd87d5ec56dcbd0ea61abf2c7ed2b739a07590adb596d401735d955f5f94c591d69ab4363a42f9fca549d439495711ff7990448c03724792ed4acf31f2b35b136c1b2f37aa82b1aabf7daf059dcb2e976e95311ec6e9cc53876dd09632cf512d39c801849a7c1088a565691953e07c7ff17b22518e982dd2dcc0feda8c834ca1f5e247aef1c3af5f13cd4b8cc1b6c0179bc876db88d677047c34366533e349796dbdea86389ad640710b7742ae8cc4ec88f10fa80ede4b1c93f81b55480fc8228216d54813df0327e74b3db9f3512a40c0568e4215827f9b7a2613deea72a7ec4df2def05e5559015049fe83edc83300526045cb128119e131b7d3573b268e24b0a25b9ad59f6301c8fc8f409322
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 3300000057ee4d659a923e7c10000000000057
+            Version: 3
+            TBS:
+                MD5: fdc11a5676aed4e9cc0c09eeb7450dfb
+                SHA1: 4902077d9a05d4231b791d3b05bafa4a79132f03
+                SHA256: 5db56c23d83bf67c7152e28ad4a684a7372b4ae4f52afe7a81ce91eef94caec3
+                SHA384: c952d7f0e0ea5216ce4400601fb7c0829f0f3fcd6eb2b5b9112fbe45d133e00c4abd660f8e1794f7ac4ef95123e2c0ab
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2014
+            ValidFrom: '2014-10-15 20:31:27'
+            ValidTo: '2029-10-15 20:41:27'
+            Signature: 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 330000000d690d5d7893d076df00000000000d
+            Version: 3
+            TBS:
+                MD5: 83f69422963f11c3c340b81712eef319
+                SHA1: 0c5e5f24590b53bc291e28583acb78e5adc95601
+                SHA256: d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
+                SHA384: 260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63
+        Signer:
+        -   SerialNumber: 3300000057ee4d659a923e7c10000000000057
+            Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2014
+            Version: 1
+    Authentihash:
+        MD5: b0c6112ed0f7a1544320e96c4e28dfaf
+        SHA1: cebe563de888ee2055ba03051010a40705e778c8
+        SHA256: b3c9af8c4be8f62d25b955f92d2a4e9ebd34f7fa787580454ef54241102e7b30
+    RichPEHeaderHash:
+        MD5: df57763699cf5115bb47b14154391019
+        SHA1: cdf22aa848a0e173ed5aa1fef4ca77eea65b9403
+        SHA256: cf67066a7ed3bb69752ec5fc482e9d74f8bcff9683a417db05eeab1484cefea1
+    Description: ''
+    Company: ''
+    Product: ''
+    Copyright: ''
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
diff --git a/yaml/afed9dff-245e-4875-a156-3c5584beed03.yaml b/yaml/afed9dff-245e-4875-a156-3c5584beed03.yaml
index 989194654..c79f16f02 100644
--- a/yaml/afed9dff-245e-4875-a156-3c5584beed03.yaml
+++ b/yaml/afed9dff-245e-4875-a156-3c5584beed03.yaml
@@ -1,1796 +1,1805 @@
 Id: afed9dff-245e-4875-a156-3c5584beed03
+Tags:
+- directio64.sys
+Verified: 'TRUE'
 Author: Nasreddine Bencherchali
 Created: '2023-05-06'
 MitreID: T1068
 Category: vulnerable driver
-Verified: 'TRUE'
 Commands:
-  Command: sc.exe create directio64.sys binPath=C:\windows\temp\directio64.sys type=kernel
-    && sc.exe start directio64.sys
-  Description: ''
-  Usecase: Elevate privileges
-  Privileges: kernel
-  OperatingSystem: Windows 10
+    Command: sc.exe create directio64.sys binPath=C:\windows\temp\directio64.sys type=kernel
+        && sc.exe start directio64.sys
+    Description: ''
+    Usecase: Elevate privileges
+    Privileges: kernel
+    OperatingSystem: Windows 10
 Resources:
 - Internal Research
-Acknowledgement:
-  Person: ''
-  Handle: ''
 Detection: []
+Acknowledgement:
+    Person: ''
+    Handle: ''
 KnownVulnerableSamples:
-- Filename: directio64.sys
-  MD5: 537e2c3020b1d48b125da593e66508ec
-  SHA1: e702221d059b86d49ed11395adffa82ef32a1bce
-  SHA256: 092349aebdac28294dbad1656759d8461f362d1a36b01054dccf861d97beadf0
-  Authentihash:
-    MD5: e9ded101dac8161f1c3625da578d390d
-    SHA1: e8f7e20061f9cc20583dcab3b16054d106b8aa83
-    SHA256: b8bf3bd441ebc5814c5d39d053fdcb263e8e58476cbdee4b1226903305f547b6
-  Description: ''
-  Company: ''
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  Product: ''
-  ProductVersion: ''
-  Copyright: ''
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - ExAllocatePoolWithTag
-  - IoWriteErrorLogEntry
-  - IoBuildDeviceIoControlRequest
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - NtBuildNumber
-  - ZwMapViewOfSection
-  - RtlInitUnicodeString
-  - RtlIntegerToUnicodeString
-  - IoDeleteDevice
-  - RtlAppendUnicodeToString
-  - KeInitializeEvent
-  - RtlQueryRegistryValues
-  - IoAllocateErrorLogEntry
-  - ZwCreateFile
-  - wcsrchr
-  - IoGetDeviceObjectPointer
-  - ZwQueryValueKey
-  - ZwUnmapViewOfSection
-  - _snwprintf_s
-  - ZwClose
-  - RtlAppendUnicodeStringToString
-  - IofCompleteRequest
-  - ObReferenceObjectByHandle
-  - KeWaitForSingleObject
-  - RtlWriteRegistryValue
-  - IoCreateSymbolicLink
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - RtlAssert
-  - MmGetPhysicalMemoryRanges
-  - ZwWriteFile
-  - wcscpy_s
-  - ZwOpenSection
-  - DbgPrintEx
-  - ObReferenceObjectByPointer
-  - PsGetProcessId
-  - DbgPrint
-  - IofCallDriver
-  - ZwOpenKey
-  - KeQueryActiveProcessors
-  - KeLeaveCriticalRegion
-  - MmGetSystemRoutineAddress
-  - KdSystemDebugControl
-  - KeEnterCriticalRegion
-  - KdDebuggerEnabled
-  - KeBugCheckEx
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=AU, ST=NSW, O=PassMark Software Pty Ltd, OU=Digital ID Class 3 ,
-        Microsoft Software Validation v2, CN=PassMark Software Pty Ltd
-      ValidFrom: '2009-09-22 00:00:00'
-      ValidTo: '2012-10-18 23:59:59'
-      Signature: b7f68f477ab8836d5a2eaa9eaf9449186c71f90679d58058c558928f1ad7c76398511ce520afd6dce66540f536c377f824cf5b84fd60f83ead01a592fbce29cc51cca7da2fe8b50e89bc6999104fb406db3b878a7f9f148c767b668b84fcba161c1c14215de332cfcfc2fa52bce1543341231dd345b41da888372d4a2f82711f6125e029fd71859711bccd6b600247a440b6603296cfa9451e6ec81d51b1b7512705461af59e23e0423ba441c68025359a6e591c6370fa516188f8d720a16c6c7b24e975a204fbe5a3b8236443813e993d717df40642fe7d88d85aa1a51b47a3a05232da19c8f2de4144aa11d4577379c794ef9a48d60fc40f8793d5273a25da
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 38e7fa0db1a398f805bb85a69171dc9d
-      Version: 3
-      TBS:
-        MD5: 159feaed9447c7d71653069c337ec2b3
-        SHA1: 5079a8aa946ee016c86153d4456f58277360c036
-        SHA256: e76ee5754b8da5b514befb3a89eed638de08605326a1e611ddbed9e864551abf
-        SHA384: 9830194c19654f1196e74505a987588c36aa700489f3f482f1ad017bba6e39ebf9be18ab153da8cd9f8a672801820a87
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 38e7fa0db1a398f805bb85a69171dc9d
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 452eabb42cbbf7e724c8be454b6689ab
-    SHA1: 19352bde1342681ae5f2eafacd0ad5456a3f6616
-    SHA256: 128c2e1ac497e379854c941e1ea5f9d4dbf85b9dfafaa2267bdb65febfc09da0
-  Sections:
-    .text:
-      Entropy: 5.9515705369687755
-      Virtual Size: '0x3314'
-    .rdata:
-      Entropy: 4.168919883077898
-      Virtual Size: '0x32c'
-    .data:
-      Entropy: 0.8622020313988807
-      Virtual Size: '0x138'
-    .pdata:
-      Entropy: 3.7285134511291638
-      Virtual Size: '0xcc'
-    PAGE:
-      Entropy: 5.411254015049126
-      Virtual Size: '0x108'
-    INIT:
-      Entropy: 5.227088557036365
-      Virtual Size: '0x624'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2012-02-22 20:22:58'
-  Imphash: cae90f82e91b9a60af9a0e36c1f73be4
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: DirectIo64.sys
-  MD5: 8fbb1ffc6f13f9d5ee8480b36baffc52
-  SHA1: 3c9c86c0b215ecbab0eeb4479c204dba65258b8e
-  SHA256: 0bc3685b0b8adc97931b5d31348da235cd7581a67edf6d79913e6a5709866135
-  Authentihash:
-    MD5: fc4afd4ae9e72a9f117067d3b76be36c
-    SHA1: b74246c8cb77b0364b7cece38bff5f462eec983c
-    SHA256: 40e624bf557b51775af1ca17062c4eca3693322e250b257aec7dc579e626ef07
-  Description: ''
-  Company: ''
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  Product: ''
-  ProductVersion: ''
-  Copyright: ''
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - ExAllocatePoolWithTag
-  - IoWriteErrorLogEntry
-  - IoBuildDeviceIoControlRequest
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - NtBuildNumber
-  - ZwMapViewOfSection
-  - RtlInitUnicodeString
-  - RtlIntegerToUnicodeString
-  - IoDeleteDevice
-  - RtlAppendUnicodeToString
-  - KeInitializeEvent
-  - RtlQueryRegistryValues
-  - IoAllocateErrorLogEntry
-  - ZwCreateFile
-  - wcsrchr
-  - IoGetDeviceObjectPointer
-  - ZwQueryValueKey
-  - ZwUnmapViewOfSection
-  - _vsnwprintf
-  - ZwClose
-  - RtlAppendUnicodeStringToString
-  - IofCompleteRequest
-  - ObReferenceObjectByHandle
-  - KeWaitForSingleObject
-  - RtlWriteRegistryValue
-  - IoCreateSymbolicLink
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - RtlAssert
-  - MmGetPhysicalMemoryRanges
-  - ZwWriteFile
-  - ZwOpenSection
-  - DbgPrintEx
-  - ObReferenceObjectByPointer
-  - PsGetProcessId
-  - DbgPrint
-  - IofCallDriver
-  - ZwOpenKey
-  - KeQueryActiveProcessors
-  - KeLeaveCriticalRegion
-  - MmGetSystemRoutineAddress
-  - KdSystemDebugControl
-  - KeEnterCriticalRegion
-  - KdDebuggerEnabled
-  - KeBugCheckEx
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G3
-      ValidFrom: '2012-05-01 00:00:00'
-      ValidTo: '2012-12-31 23:59:59'
-      Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
-      Version: 3
-      TBS:
-        MD5: e6d820afb23af20a65cf0b03247ea05e
-        SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
-        SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
-        SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=AU, ST=NSW, O=PassMark Software Pty Ltd, OU=Digital ID Class 3 ,
-        Microsoft Software Validation v2, CN=PassMark Software Pty Ltd
-      ValidFrom: '2009-09-22 00:00:00'
-      ValidTo: '2012-10-18 23:59:59'
-      Signature: b7f68f477ab8836d5a2eaa9eaf9449186c71f90679d58058c558928f1ad7c76398511ce520afd6dce66540f536c377f824cf5b84fd60f83ead01a592fbce29cc51cca7da2fe8b50e89bc6999104fb406db3b878a7f9f148c767b668b84fcba161c1c14215de332cfcfc2fa52bce1543341231dd345b41da888372d4a2f82711f6125e029fd71859711bccd6b600247a440b6603296cfa9451e6ec81d51b1b7512705461af59e23e0423ba441c68025359a6e591c6370fa516188f8d720a16c6c7b24e975a204fbe5a3b8236443813e993d717df40642fe7d88d85aa1a51b47a3a05232da19c8f2de4144aa11d4577379c794ef9a48d60fc40f8793d5273a25da
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 38e7fa0db1a398f805bb85a69171dc9d
-      Version: 3
-      TBS:
-        MD5: 159feaed9447c7d71653069c337ec2b3
-        SHA1: 5079a8aa946ee016c86153d4456f58277360c036
-        SHA256: e76ee5754b8da5b514befb3a89eed638de08605326a1e611ddbed9e864551abf
-        SHA384: 9830194c19654f1196e74505a987588c36aa700489f3f482f1ad017bba6e39ebf9be18ab153da8cd9f8a672801820a87
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 38e7fa0db1a398f805bb85a69171dc9d
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 6b119cbe3f88d5f170b93a96ed2d5d74
-    SHA1: 3d42ee2f43a78b96bedc04f4f2bd30bdc9adb486
-    SHA256: eb78e7b1ebb205f8233c939a609ac568b9a9b60f69cea65b26d175238fda5ee6
-  Sections:
-    .text:
-      Entropy: 5.977637591893704
-      Virtual Size: '0x3394'
-    .rdata:
-      Entropy: 4.139541280272844
-      Virtual Size: '0x33c'
-    .data:
-      Entropy: 0.8622020313988807
-      Virtual Size: '0x138'
-    .pdata:
-      Entropy: 3.7403006541244106
-      Virtual Size: '0xd8'
-    PAGE:
-      Entropy: 5.411254015049125
-      Virtual Size: '0x108'
-    INIT:
-      Entropy: 5.221465772836785
-      Virtual Size: '0x60e'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2012-08-12 22:30:24'
-  Imphash: aa274f6b4b15691fd725d7044f98bf36
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: DirectIo64.sys
-  MD5: 76d1d4d285f74059f32b8ad19a146d0c
-  SHA1: 3f338ab65bac9550b8749bb1208edb0f7d7bcb81
-  SHA256: 4324f3d1e4007f6499a3d0f0102cd92ed9f554332bc0b633305cd7b957ff16c8
-  Authentihash:
-    MD5: 333bdf3d4b1fcc9038db0cacb89b9bab
-    SHA1: 8b86e08d610bcc9ab7b7750f036dbb568f733be0
-    SHA256: 841f965977f33d621d126412032c47dd6118251623c380e5572f7553b620b0e1
-  Description: ''
-  Company: ''
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  Product: ''
-  ProductVersion: ''
-  Copyright: ''
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoWriteErrorLogEntry
-  - IoBuildDeviceIoControlRequest
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - NtBuildNumber
-  - IoBuildSynchronousFsdRequest
-  - ZwMapViewOfSection
-  - RtlInitUnicodeString
-  - RtlIntegerToUnicodeString
-  - IoDeleteDevice
-  - RtlAppendUnicodeToString
-  - KeInitializeEvent
-  - RtlQueryRegistryValues
-  - MmUnmapIoSpace
-  - MmBuildMdlForNonPagedPool
-  - IoFreeMdl
-  - IoAllocateErrorLogEntry
-  - IoDriverObjectType
-  - ZwCreateFile
-  - wcsrchr
-  - MmMapLockedPagesSpecifyCache
-  - IoGetDeviceObjectPointer
-  - ZwQueryValueKey
-  - ZwUnmapViewOfSection
-  - _vsnwprintf
-  - MmMapIoSpace
-  - ZwClose
-  - RtlAppendUnicodeStringToString
-  - ExAllocatePoolWithTag
-  - ObReferenceObjectByHandle
-  - KeWaitForSingleObject
-  - RtlWriteRegistryValue
-  - IoGetAttachedDeviceReference
-  - IoCreateSymbolicLink
-  - ObfDereferenceObject
-  - ObReferenceObjectByName
-  - IoCreateDevice
-  - RtlAssert
-  - IoEnumerateDeviceObjectList
-  - MmGetPhysicalMemoryRanges
-  - ZwWriteFile
-  - IoGetDeviceProperty
-  - ZwOpenSection
-  - DbgPrintEx
-  - ObReferenceObjectByPointer
-  - PsGetProcessId
-  - DbgPrint
-  - IoAllocateMdl
-  - IofCallDriver
-  - ZwOpenKey
-  - KeQueryActiveProcessors
-  - KeLeaveCriticalRegion
-  - MmGetSystemRoutineAddress
-  - KdSystemDebugControl
-  - KeEnterCriticalRegion
-  - KdDebuggerEnabled
-  - KeBugCheckEx
-  - IofCompleteRequest
-  - MmUnmapLockedPages
-  - __C_specific_handler
-  - KeStallExecutionProcessor
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=AU, ST=New South Wales, L=Sydney, O=PassMark Software Pty Ltd, OU=Secure
-        Application Development, CN=PassMark Software Pty Ltd
-      ValidFrom: '2013-01-14 00:00:00'
-      ValidTo: '2015-01-14 23:59:59'
-      Signature: 962575976d67babaeead5b02f75eb90413510ab88431e41e557b88607fdb1788cc2a92e9314ec15ad64a575e59ad1d56b393600e9821e2ba7e50a4e8c7a8bbac03da75a6aa19c5ea5a74e541a0ee96928771368dce74948facce20e2fde3165fb5f5a5aa1c7f1809fca417d1179e7f4f46ade45c1c9f1b9696337719ca36dc304a0df468908064e37f878eeddc42a4b417652d563615134bc7f52927f8f96717b63631df61403dbad145e56ad07a466c911fca193cbe2e013925287326bf7c4870c0a7564be57688769c742685822b853bcc7ef4d53e322ac619c85a90693ecf40674cd9286cdac7da899b50a13c69433cbc298e176d7dbecf178fffd66a79f3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 6ec5060c23b767aa5eb4fe5ddad4af2d
-      Version: 3
-      TBS:
-        MD5: 68d63143985e350ea05f95c3c989d910
-        SHA1: 35d4099366238cdf0d0568367df87e76a721e4e4
-        SHA256: 565f57952c378ad23755193c410d80a4b4cf11374e8d68ae7ad35d58f7bd2705
-        SHA384: 4bd08adf5fda0e77a40698a53035b92924ac76993d1b3653da1db17f24e99f4525bdf5c31e5b2b0923bb76033f2804ac
-    - Subject: C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 56fe535ce1c79ebca7ed7e536d6a144b518c405e805faaa4e82fef38c804c9ca3ecfdf3a584eb0d4b663c52957fa02059a454d68db2a1bd4343d9f00c35acb9549a56ee1b0c5fc414d414a6fd377c8d7388de419de18f31f1565836d450c53f90a9a2ea55dbf6f32811892196a5500ad631c52067e55d92968ae4a7c189a79886b2323d827382a298776cafbc7b662231fed7a564cdd9c325bf53d0c4618953b2a2368836441d9006d0f1924156872bdc571676eac4cdb90eb51a51a6207d0be6a00473c722fec4f613e7385ce5a0ab7bac01c1375e3223928dd6d1d09469d4fbae8408191c6a4ce94721b01cf2a6e15679589ae7db7b7cdf90a3d75b66b3c25
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47974d7873a5bcab0d2fb370192fce5e
-      Version: 3
-      TBS:
-        MD5: e3a93dc2a8a8a668fdbb286bfe9afab5
-        SHA1: 95795d2aa2a554a423bc8c6e5b0a016d14887d35
-        SHA256: d8844186775bddbccaf3dc017064df7d760fd4b85c5d07561a3efd7da950f89e
-        SHA384: 78d972495720b43a6470b18ae1226bcca20707628087717a9364c14ca053ba264e6d149718b103542d9942200138a69d
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006
-        thawte, Inc. , For authorized use only, CN=thawte Primary Root CA
-      ValidFrom: '2011-02-22 19:31:57'
-      ValidTo: '2021-02-22 19:41:57'
-      Signature: 2dcc71b5e8ba94ff5ee64467007b6afc412c3ee70e41855ab12a932ba95b89f2f72b499c8003f297b8e760a80ed7fd5de545467594f4ed1c9de166228b61fb29f2c6a8bdf387c98f7f47e1c058b64a1aa2e7f718606969e083069e26c775c40c0d79da746b52b9fae8ea3359b9bb18dd291a14dfd36a37277a9da0dacffffc22c4faf009ff33e93e17ba1cc742cfce2743d30c0c5581303db96060ce02ece19ee81ddc852ce0a18d966d95ac17a4713ea16741b6281d2ce3b615e5b7e5a2f6256d86e320acf9f8314f8e629b9833376d6af735523e90feb03b5fc5b852a9e06ea0479a279e97aea24a9e531939ec357ec659de3ae0aaf533f06abda0821812dea18c4570ca2bd62e959145995a5c240049bd23b30ceca43df5b9e1d1b1825a38eea3fba1ab483a8c5dffa065223fd3d3fe4990db1446a3852e8a554b09ab38b2ab63a008d1fdad48e273d812bcc26ca516fad09ac05e38383a2b718e553aac42197a1f0d4220e7ab5d8c6880524ca1c0d488d02321fb901309007b4937afa9df486022abf4f6c2363bf8513c34bbc586e43ae19f4b90fe5461024b159c34176aa94b8d4cb69d2326c83af1d6b805cdda1d6240183a2f1b41cd3a993a0aa9d1d77eb8c4aff7b8c980105ed55df6ce7a9a02c50f6381efb564e9fc5bd8d2619a68c37cf9c78df91e87d5fa2cf816ae9dab068fc86dc741cda14e84e3dac26ebcfb
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611fb0a400000000001d
-      Version: 3
-      TBS:
-        MD5: a3f222107d4e1085e73b5b589c2f480b
-        SHA1: b94aa26cd77c48d91a53ac44506cbd255e1d362c
-        SHA256: a39ed0d6fd4eb1a6f7fed60f726e23eae668b7591bc004644625d22c701213fa
-        SHA384: 64b7643e4146016cbf83c911eb67e4601b6bb8d66f8ee8dcee67b815f91770d86ab23678b984430f22a963e5484881b7
-    Signer:
-    - SerialNumber: 6ec5060c23b767aa5eb4fe5ddad4af2d
-      Issuer: C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2
-      Version: 1
-  RichPEHeaderHash:
-    MD5: c0dd09e67568ab2d2c9c23068e3b0513
-    SHA1: 127bf4285eb012e949c1a03cfddaa341831cabc3
-    SHA256: d8598c15bc86d1af978e3f3329dd455a1b4a34d9a8ff02a0139079f54a048411
-  Sections:
-    .text:
-      Entropy: 6.070861673756494
-      Virtual Size: '0x42e4'
-    .rdata:
-      Entropy: 4.169165234387521
-      Virtual Size: '0x424'
-    .data:
-      Entropy: 0.8622020313988807
-      Virtual Size: '0x138'
-    .pdata:
-      Entropy: 3.868763621456546
-      Virtual Size: '0x114'
-    PAGE:
-      Entropy: 5.399340200550161
-      Virtual Size: '0x108'
-    INIT:
-      Entropy: 5.226965938564804
-      Virtual Size: '0x80e'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2014-03-10 10:47:29'
-  Imphash: 9521d8684357766840dbcac2b4cee67d
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: DirectIo64.sys
-  MD5: f41eea88057d3dd1a56027c4174eed22
-  SHA1: 13572d36428ef32cfed3af7a8bb011ee756302b0
-  SHA256: 72c0d2d699d0440db17cb7cbbc06a253eaafd21465f14bb0fed8b85ae73153d1
-  Authentihash:
-    MD5: 598c5fa89cbf0dbcdf6b252cac71aecd
-    SHA1: 02a7e085631ecfe031b76afa883a266c850ed61b
-    SHA256: fb5e65aec819c5a91ef0ce0fec0a957826b5e1ac9bac559a1b4201a3870462a3
-  Description: ''
-  Company: ''
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  Product: ''
-  ProductVersion: ''
-  Copyright: ''
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoWriteErrorLogEntry
-  - IoBuildDeviceIoControlRequest
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - NtBuildNumber
-  - IoBuildSynchronousFsdRequest
-  - ZwMapViewOfSection
-  - RtlInitUnicodeString
-  - RtlIntegerToUnicodeString
-  - IoDeleteDevice
-  - RtlAppendUnicodeToString
-  - KeInitializeEvent
-  - RtlQueryRegistryValues
-  - MmUnmapIoSpace
-  - MmBuildMdlForNonPagedPool
-  - IoFreeMdl
-  - IoAllocateErrorLogEntry
-  - IoDriverObjectType
-  - ZwCreateFile
-  - wcsrchr
-  - MmMapLockedPagesSpecifyCache
-  - IoGetDeviceObjectPointer
-  - ZwQueryValueKey
-  - ZwUnmapViewOfSection
-  - _vsnwprintf
-  - MmMapIoSpace
-  - ZwClose
-  - RtlAppendUnicodeStringToString
-  - ExAllocatePoolWithTag
-  - ObReferenceObjectByHandle
-  - KeWaitForSingleObject
-  - RtlWriteRegistryValue
-  - IoGetAttachedDeviceReference
-  - IoCreateSymbolicLink
-  - ObfDereferenceObject
-  - ObReferenceObjectByName
-  - IoCreateDevice
-  - RtlAssert
-  - IoEnumerateDeviceObjectList
-  - MmGetPhysicalMemoryRanges
-  - ZwWriteFile
-  - IoGetDeviceProperty
-  - ZwOpenSection
-  - DbgPrintEx
-  - ObReferenceObjectByPointer
-  - PsGetProcessId
-  - DbgPrint
-  - IoAllocateMdl
-  - IofCallDriver
-  - ZwOpenKey
-  - KeQueryActiveProcessors
-  - KeLeaveCriticalRegion
-  - MmGetSystemRoutineAddress
-  - KdSystemDebugControl
-  - KeEnterCriticalRegion
-  - KdDebuggerEnabled
-  - KeBugCheckEx
-  - IofCompleteRequest
-  - MmUnmapLockedPages
-  - __C_specific_handler
-  - KeStallExecutionProcessor
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=AU, ST=New South Wales, L=Sydney, O=PassMark Software Pty Ltd, OU=Secure
-        Application Development, CN=PassMark Software Pty Ltd
-      ValidFrom: '2013-01-14 00:00:00'
-      ValidTo: '2015-01-14 23:59:59'
-      Signature: 962575976d67babaeead5b02f75eb90413510ab88431e41e557b88607fdb1788cc2a92e9314ec15ad64a575e59ad1d56b393600e9821e2ba7e50a4e8c7a8bbac03da75a6aa19c5ea5a74e541a0ee96928771368dce74948facce20e2fde3165fb5f5a5aa1c7f1809fca417d1179e7f4f46ade45c1c9f1b9696337719ca36dc304a0df468908064e37f878eeddc42a4b417652d563615134bc7f52927f8f96717b63631df61403dbad145e56ad07a466c911fca193cbe2e013925287326bf7c4870c0a7564be57688769c742685822b853bcc7ef4d53e322ac619c85a90693ecf40674cd9286cdac7da899b50a13c69433cbc298e176d7dbecf178fffd66a79f3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 6ec5060c23b767aa5eb4fe5ddad4af2d
-      Version: 3
-      TBS:
-        MD5: 68d63143985e350ea05f95c3c989d910
-        SHA1: 35d4099366238cdf0d0568367df87e76a721e4e4
-        SHA256: 565f57952c378ad23755193c410d80a4b4cf11374e8d68ae7ad35d58f7bd2705
-        SHA384: 4bd08adf5fda0e77a40698a53035b92924ac76993d1b3653da1db17f24e99f4525bdf5c31e5b2b0923bb76033f2804ac
-    - Subject: C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 56fe535ce1c79ebca7ed7e536d6a144b518c405e805faaa4e82fef38c804c9ca3ecfdf3a584eb0d4b663c52957fa02059a454d68db2a1bd4343d9f00c35acb9549a56ee1b0c5fc414d414a6fd377c8d7388de419de18f31f1565836d450c53f90a9a2ea55dbf6f32811892196a5500ad631c52067e55d92968ae4a7c189a79886b2323d827382a298776cafbc7b662231fed7a564cdd9c325bf53d0c4618953b2a2368836441d9006d0f1924156872bdc571676eac4cdb90eb51a51a6207d0be6a00473c722fec4f613e7385ce5a0ab7bac01c1375e3223928dd6d1d09469d4fbae8408191c6a4ce94721b01cf2a6e15679589ae7db7b7cdf90a3d75b66b3c25
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47974d7873a5bcab0d2fb370192fce5e
-      Version: 3
-      TBS:
-        MD5: e3a93dc2a8a8a668fdbb286bfe9afab5
-        SHA1: 95795d2aa2a554a423bc8c6e5b0a016d14887d35
-        SHA256: d8844186775bddbccaf3dc017064df7d760fd4b85c5d07561a3efd7da950f89e
-        SHA384: 78d972495720b43a6470b18ae1226bcca20707628087717a9364c14ca053ba264e6d149718b103542d9942200138a69d
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006
-        thawte, Inc. , For authorized use only, CN=thawte Primary Root CA
-      ValidFrom: '2011-02-22 19:31:57'
-      ValidTo: '2021-02-22 19:41:57'
-      Signature: 2dcc71b5e8ba94ff5ee64467007b6afc412c3ee70e41855ab12a932ba95b89f2f72b499c8003f297b8e760a80ed7fd5de545467594f4ed1c9de166228b61fb29f2c6a8bdf387c98f7f47e1c058b64a1aa2e7f718606969e083069e26c775c40c0d79da746b52b9fae8ea3359b9bb18dd291a14dfd36a37277a9da0dacffffc22c4faf009ff33e93e17ba1cc742cfce2743d30c0c5581303db96060ce02ece19ee81ddc852ce0a18d966d95ac17a4713ea16741b6281d2ce3b615e5b7e5a2f6256d86e320acf9f8314f8e629b9833376d6af735523e90feb03b5fc5b852a9e06ea0479a279e97aea24a9e531939ec357ec659de3ae0aaf533f06abda0821812dea18c4570ca2bd62e959145995a5c240049bd23b30ceca43df5b9e1d1b1825a38eea3fba1ab483a8c5dffa065223fd3d3fe4990db1446a3852e8a554b09ab38b2ab63a008d1fdad48e273d812bcc26ca516fad09ac05e38383a2b718e553aac42197a1f0d4220e7ab5d8c6880524ca1c0d488d02321fb901309007b4937afa9df486022abf4f6c2363bf8513c34bbc586e43ae19f4b90fe5461024b159c34176aa94b8d4cb69d2326c83af1d6b805cdda1d6240183a2f1b41cd3a993a0aa9d1d77eb8c4aff7b8c980105ed55df6ce7a9a02c50f6381efb564e9fc5bd8d2619a68c37cf9c78df91e87d5fa2cf816ae9dab068fc86dc741cda14e84e3dac26ebcfb
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611fb0a400000000001d
-      Version: 3
-      TBS:
-        MD5: a3f222107d4e1085e73b5b589c2f480b
-        SHA1: b94aa26cd77c48d91a53ac44506cbd255e1d362c
-        SHA256: a39ed0d6fd4eb1a6f7fed60f726e23eae668b7591bc004644625d22c701213fa
-        SHA384: 64b7643e4146016cbf83c911eb67e4601b6bb8d66f8ee8dcee67b815f91770d86ab23678b984430f22a963e5484881b7
-    Signer:
-    - SerialNumber: 6ec5060c23b767aa5eb4fe5ddad4af2d
-      Issuer: C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2
-      Version: 1
-  RichPEHeaderHash:
-    MD5: c0dd09e67568ab2d2c9c23068e3b0513
-    SHA1: 127bf4285eb012e949c1a03cfddaa341831cabc3
-    SHA256: d8598c15bc86d1af978e3f3329dd455a1b4a34d9a8ff02a0139079f54a048411
-  Sections:
-    .text:
-      Entropy: 6.064617162342917
-      Virtual Size: '0x4224'
-    .rdata:
-      Entropy: 4.145854785674114
-      Virtual Size: '0x424'
-    .data:
-      Entropy: 0.8622020313988807
-      Virtual Size: '0x138'
-    .pdata:
-      Entropy: 3.8957330632203844
-      Virtual Size: '0x114'
-    PAGE:
-      Entropy: 5.406915958125919
-      Virtual Size: '0x108'
-    INIT:
-      Entropy: 5.226965938564804
-      Virtual Size: '0x80e'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2013-11-25 12:43:27'
-  Imphash: 9521d8684357766840dbcac2b4cee67d
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: DirectIo64.sys
-  MD5: c4f5619ce04d4bee38024d08513c77fd
-  SHA1: 4c6ec22bc10947d089167b19d83a26bdd69f0dd1
-  SHA256: 79e87b93fbed84ec09261b3a0145c935f7dfe4d4805edfb563b2f971a0d51463
-  Authentihash:
-    MD5: 060c97a44e53086add25404d8694d094
-    SHA1: 66941573dafd7259cba113c0fa9eaccd347355fd
-    SHA256: a520ff5c754a1fb62ba88399a313d0c0fb99145ba2d3d91dbf4282388b77fa84
-  Description: ''
-  Company: ''
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  Product: ''
-  ProductVersion: ''
-  Copyright: ''
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoWriteErrorLogEntry
-  - IoBuildDeviceIoControlRequest
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - NtBuildNumber
-  - IoBuildSynchronousFsdRequest
-  - ZwMapViewOfSection
-  - RtlInitUnicodeString
-  - RtlIntegerToUnicodeString
-  - IoDeleteDevice
-  - RtlAppendUnicodeToString
-  - KeInitializeEvent
-  - RtlQueryRegistryValues
-  - MmUnmapIoSpace
-  - MmBuildMdlForNonPagedPool
-  - IoFreeMdl
-  - IoAllocateErrorLogEntry
-  - IoDriverObjectType
-  - ZwCreateFile
-  - wcsrchr
-  - MmMapLockedPagesSpecifyCache
-  - IoGetDeviceObjectPointer
-  - ZwQueryValueKey
-  - ZwUnmapViewOfSection
-  - _vsnwprintf
-  - MmMapIoSpace
-  - ZwClose
-  - RtlAppendUnicodeStringToString
-  - ExAllocatePoolWithTag
-  - ObReferenceObjectByHandle
-  - KeWaitForSingleObject
-  - RtlWriteRegistryValue
-  - IoGetAttachedDeviceReference
-  - IoCreateSymbolicLink
-  - ObfDereferenceObject
-  - ObReferenceObjectByName
-  - IoCreateDevice
-  - RtlAssert
-  - IoEnumerateDeviceObjectList
-  - MmGetPhysicalMemoryRanges
-  - ZwWriteFile
-  - IoGetDeviceProperty
-  - ZwOpenSection
-  - DbgPrintEx
-  - ObReferenceObjectByPointer
-  - PsGetProcessId
-  - DbgPrint
-  - IoAllocateMdl
-  - IofCallDriver
-  - ZwOpenKey
-  - KeQueryActiveProcessors
-  - KeLeaveCriticalRegion
-  - MmGetSystemRoutineAddress
-  - KdSystemDebugControl
-  - KeEnterCriticalRegion
-  - KdDebuggerEnabled
-  - KeBugCheckEx
-  - IofCompleteRequest
-  - MmUnmapLockedPages
-  - __C_specific_handler
-  - KeStallExecutionProcessor
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=AU, ST=New South Wales, L=Sydney, O=PassMark Software Pty Ltd, OU=Secure
-        Application Development, CN=PassMark Software Pty Ltd
-      ValidFrom: '2013-01-14 00:00:00'
-      ValidTo: '2015-01-14 23:59:59'
-      Signature: 962575976d67babaeead5b02f75eb90413510ab88431e41e557b88607fdb1788cc2a92e9314ec15ad64a575e59ad1d56b393600e9821e2ba7e50a4e8c7a8bbac03da75a6aa19c5ea5a74e541a0ee96928771368dce74948facce20e2fde3165fb5f5a5aa1c7f1809fca417d1179e7f4f46ade45c1c9f1b9696337719ca36dc304a0df468908064e37f878eeddc42a4b417652d563615134bc7f52927f8f96717b63631df61403dbad145e56ad07a466c911fca193cbe2e013925287326bf7c4870c0a7564be57688769c742685822b853bcc7ef4d53e322ac619c85a90693ecf40674cd9286cdac7da899b50a13c69433cbc298e176d7dbecf178fffd66a79f3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 6ec5060c23b767aa5eb4fe5ddad4af2d
-      Version: 3
-      TBS:
-        MD5: 68d63143985e350ea05f95c3c989d910
-        SHA1: 35d4099366238cdf0d0568367df87e76a721e4e4
-        SHA256: 565f57952c378ad23755193c410d80a4b4cf11374e8d68ae7ad35d58f7bd2705
-        SHA384: 4bd08adf5fda0e77a40698a53035b92924ac76993d1b3653da1db17f24e99f4525bdf5c31e5b2b0923bb76033f2804ac
-    - Subject: C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 56fe535ce1c79ebca7ed7e536d6a144b518c405e805faaa4e82fef38c804c9ca3ecfdf3a584eb0d4b663c52957fa02059a454d68db2a1bd4343d9f00c35acb9549a56ee1b0c5fc414d414a6fd377c8d7388de419de18f31f1565836d450c53f90a9a2ea55dbf6f32811892196a5500ad631c52067e55d92968ae4a7c189a79886b2323d827382a298776cafbc7b662231fed7a564cdd9c325bf53d0c4618953b2a2368836441d9006d0f1924156872bdc571676eac4cdb90eb51a51a6207d0be6a00473c722fec4f613e7385ce5a0ab7bac01c1375e3223928dd6d1d09469d4fbae8408191c6a4ce94721b01cf2a6e15679589ae7db7b7cdf90a3d75b66b3c25
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47974d7873a5bcab0d2fb370192fce5e
-      Version: 3
-      TBS:
-        MD5: e3a93dc2a8a8a668fdbb286bfe9afab5
-        SHA1: 95795d2aa2a554a423bc8c6e5b0a016d14887d35
-        SHA256: d8844186775bddbccaf3dc017064df7d760fd4b85c5d07561a3efd7da950f89e
-        SHA384: 78d972495720b43a6470b18ae1226bcca20707628087717a9364c14ca053ba264e6d149718b103542d9942200138a69d
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006
-        thawte, Inc. , For authorized use only, CN=thawte Primary Root CA
-      ValidFrom: '2011-02-22 19:31:57'
-      ValidTo: '2021-02-22 19:41:57'
-      Signature: 2dcc71b5e8ba94ff5ee64467007b6afc412c3ee70e41855ab12a932ba95b89f2f72b499c8003f297b8e760a80ed7fd5de545467594f4ed1c9de166228b61fb29f2c6a8bdf387c98f7f47e1c058b64a1aa2e7f718606969e083069e26c775c40c0d79da746b52b9fae8ea3359b9bb18dd291a14dfd36a37277a9da0dacffffc22c4faf009ff33e93e17ba1cc742cfce2743d30c0c5581303db96060ce02ece19ee81ddc852ce0a18d966d95ac17a4713ea16741b6281d2ce3b615e5b7e5a2f6256d86e320acf9f8314f8e629b9833376d6af735523e90feb03b5fc5b852a9e06ea0479a279e97aea24a9e531939ec357ec659de3ae0aaf533f06abda0821812dea18c4570ca2bd62e959145995a5c240049bd23b30ceca43df5b9e1d1b1825a38eea3fba1ab483a8c5dffa065223fd3d3fe4990db1446a3852e8a554b09ab38b2ab63a008d1fdad48e273d812bcc26ca516fad09ac05e38383a2b718e553aac42197a1f0d4220e7ab5d8c6880524ca1c0d488d02321fb901309007b4937afa9df486022abf4f6c2363bf8513c34bbc586e43ae19f4b90fe5461024b159c34176aa94b8d4cb69d2326c83af1d6b805cdda1d6240183a2f1b41cd3a993a0aa9d1d77eb8c4aff7b8c980105ed55df6ce7a9a02c50f6381efb564e9fc5bd8d2619a68c37cf9c78df91e87d5fa2cf816ae9dab068fc86dc741cda14e84e3dac26ebcfb
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611fb0a400000000001d
-      Version: 3
-      TBS:
-        MD5: a3f222107d4e1085e73b5b589c2f480b
-        SHA1: b94aa26cd77c48d91a53ac44506cbd255e1d362c
-        SHA256: a39ed0d6fd4eb1a6f7fed60f726e23eae668b7591bc004644625d22c701213fa
-        SHA384: 64b7643e4146016cbf83c911eb67e4601b6bb8d66f8ee8dcee67b815f91770d86ab23678b984430f22a963e5484881b7
-    Signer:
-    - SerialNumber: 6ec5060c23b767aa5eb4fe5ddad4af2d
-      Issuer: C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 60d97484717f8475ef06d2e05a675115
-    SHA1: 98c4c1dfb1199f034f0c4226bc78f36998244f67
-    SHA256: 3a94fb83d4e281afc34ff770fcd692305d3dc479955918656fb53c82d5121d34
-  Sections:
-    .text:
-      Entropy: 5.51193742230065
-      Virtual Size: '0x619d'
-    .rdata:
-      Entropy: 3.751375750300176
-      Virtual Size: '0x3c8'
-    .data:
-      Entropy: 0.8808638227277628
-      Virtual Size: '0x130'
-    .pdata:
-      Entropy: 3.927374807869365
-      Virtual Size: '0x1e0'
-    PAGE:
-      Entropy: 5.2771074199280354
-      Virtual Size: '0x118'
-    INIT:
-      Entropy: 5.235595172767805
-      Virtual Size: '0x80e'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2014-03-27 21:48:42'
-  Imphash: 9521d8684357766840dbcac2b4cee67d
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: DirectIo64.sys
-  MD5: 5093f38d597532d59d4df9018056f0d1
-  SHA1: 0904b8fa4654197eefd6380c81bbb2149ffe0634
-  SHA256: 8939116df1d6c8fd0ebd14b2d37b3dec38a8820aa666ecd487bc1bb794f2a587
-  Authentihash:
-    MD5: 5789f4f652c129f3cfa28290ffad8672
-    SHA1: 706686f2a1ef4738a1856d01ab10eb730fc7b327
-    SHA256: 9996b31234ba736fc2c6f2b75f641e25d156f19d6ac84cf85283fde08a714842
-  Description: ''
-  Company: ''
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  Product: ''
-  ProductVersion: ''
-  Copyright: ''
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - RtlInitUnicodeString
-  - RtlQueryRegistryValues
-  - MmGetSystemRoutineAddress
-  - RtlWriteRegistryValue
-  - RtlAppendUnicodeStringToString
-  - RtlAppendUnicodeToString
-  - DbgPrintEx
-  - RtlGetVersion
-  - KeInitializeEvent
-  - KeWaitForSingleObject
-  - ExAllocatePoolWithTag
-  - ExAllocatePoolWithQuotaTag
-  - ExFreePoolWithTag
-  - MmBuildMdlForNonPagedPool
-  - MmMapLockedPagesSpecifyCache
-  - MmUnmapLockedPages
-  - MmMapIoSpace
-  - MmUnmapIoSpace
-  - IoAllocateErrorLogEntry
-  - IoAllocateMdl
-  - IoBuildDeviceIoControlRequest
-  - IoBuildSynchronousFsdRequest
-  - IofCallDriver
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - IoFreeMdl
-  - IoGetAttachedDeviceReference
-  - IoGetDeviceObjectPointer
-  - IoWriteErrorLogEntry
-  - RtlIntegerToUnicodeString
-  - ObReferenceObjectByHandle
-  - ObReferenceObjectByPointer
-  - ObfDereferenceObject
-  - ZwCreateFile
-  - ZwWriteFile
-  - ZwClose
-  - ZwOpenSection
-  - ZwMapViewOfSection
-  - ZwUnmapViewOfSection
-  - ZwOpenKey
-  - ZwQueryValueKey
-  - MmGetPhysicalMemoryRanges
-  - PsGetProcessId
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - IoEnumerateDeviceObjectList
-  - ObQueryNameString
-  - _vsnwprintf
-  - ObReferenceObjectByName
-  - __C_specific_handler
-  - IoFileObjectType
-  - PsProcessType
-  - PsInitialSystemProcess
-  - NtBuildNumber
-  - IoDriverObjectType
-  - KeEnterCriticalRegion
-  - KeLeaveCriticalRegion
-  - KdSystemDebugControl
-  - KdDebuggerEnabled
-  - KeQueryActiveProcessors
-  - KeBugCheckEx
-  - IoGetDeviceProperty
-  - wcsrchr
-  - KeStallExecutionProcessor
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 56fe535ce1c79ebca7ed7e536d6a144b518c405e805faaa4e82fef38c804c9ca3ecfdf3a584eb0d4b663c52957fa02059a454d68db2a1bd4343d9f00c35acb9549a56ee1b0c5fc414d414a6fd377c8d7388de419de18f31f1565836d450c53f90a9a2ea55dbf6f32811892196a5500ad631c52067e55d92968ae4a7c189a79886b2323d827382a298776cafbc7b662231fed7a564cdd9c325bf53d0c4618953b2a2368836441d9006d0f1924156872bdc571676eac4cdb90eb51a51a6207d0be6a00473c722fec4f613e7385ce5a0ab7bac01c1375e3223928dd6d1d09469d4fbae8408191c6a4ce94721b01cf2a6e15679589ae7db7b7cdf90a3d75b66b3c25
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47974d7873a5bcab0d2fb370192fce5e
-      Version: 3
-      TBS:
-        MD5: e3a93dc2a8a8a668fdbb286bfe9afab5
-        SHA1: 95795d2aa2a554a423bc8c6e5b0a016d14887d35
-        SHA256: d8844186775bddbccaf3dc017064df7d760fd4b85c5d07561a3efd7da950f89e
-        SHA384: 78d972495720b43a6470b18ae1226bcca20707628087717a9364c14ca053ba264e6d149718b103542d9942200138a69d
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=AU, ST=New South Wales, L=Sydney, O=PassMark Software Pty Ltd, OU=Secure
-        Application Development, CN=PassMark Software Pty Ltd
-      ValidFrom: '2014-10-23 00:00:00'
-      ValidTo: '2017-01-13 23:59:59'
-      Signature: 2a7625d379f9d98000b6a91746a285e932f9b02086b92f0f5511369a2fe6917b6b0b1f833094654288a1b282fe4057f84aa07a68c19a460d989c2935df87248a85456b058fcb53b1a5f3d037735374336fb58c1ff3d8973017b0aefac3e114f0d439239b2c7f3e1ef073bd38748dfd81ad871e50e71ece4cb43d44de9b36f13240b52c20a02a74581ba72f526f8362bf8bff2e51884cfdaf89859fe8ffd32e82d36745d05754c7161ee5945647d6fb907f347f0448761bf6dcd40ead8a425b4e575fc13ce3a74d1b99504a6db112fb1fb930c11488f702bc9fc78f278c4a987fa4de2382839206d25290cb74895c82be23d5d44002745c4e7a3cab28f42583f1
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 5ece8cdb4d508efee821a7cfff5b8016
-      Version: 3
-      TBS:
-        MD5: fbbc2fd31bef7df6deb6127e593c71bb
-        SHA1: 82b8bf771c8f1b038935f84e2a41a37c30650003
-        SHA256: ed0d4e6cc774379d4622d107da1a202d9f330e7a68b03abd182ec86685ec7067
-        SHA384: d774707c21ab68e089c3a431d1a85fa8037cf9f5148930ffecb95f979603ee80322b6bdd156d49d85b3a91d527f6034a
-    - Subject: C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006
-        thawte, Inc. , For authorized use only, CN=thawte Primary Root CA
-      ValidFrom: '2011-02-22 19:31:57'
-      ValidTo: '2021-02-22 19:41:57'
-      Signature: 2dcc71b5e8ba94ff5ee64467007b6afc412c3ee70e41855ab12a932ba95b89f2f72b499c8003f297b8e760a80ed7fd5de545467594f4ed1c9de166228b61fb29f2c6a8bdf387c98f7f47e1c058b64a1aa2e7f718606969e083069e26c775c40c0d79da746b52b9fae8ea3359b9bb18dd291a14dfd36a37277a9da0dacffffc22c4faf009ff33e93e17ba1cc742cfce2743d30c0c5581303db96060ce02ece19ee81ddc852ce0a18d966d95ac17a4713ea16741b6281d2ce3b615e5b7e5a2f6256d86e320acf9f8314f8e629b9833376d6af735523e90feb03b5fc5b852a9e06ea0479a279e97aea24a9e531939ec357ec659de3ae0aaf533f06abda0821812dea18c4570ca2bd62e959145995a5c240049bd23b30ceca43df5b9e1d1b1825a38eea3fba1ab483a8c5dffa065223fd3d3fe4990db1446a3852e8a554b09ab38b2ab63a008d1fdad48e273d812bcc26ca516fad09ac05e38383a2b718e553aac42197a1f0d4220e7ab5d8c6880524ca1c0d488d02321fb901309007b4937afa9df486022abf4f6c2363bf8513c34bbc586e43ae19f4b90fe5461024b159c34176aa94b8d4cb69d2326c83af1d6b805cdda1d6240183a2f1b41cd3a993a0aa9d1d77eb8c4aff7b8c980105ed55df6ce7a9a02c50f6381efb564e9fc5bd8d2619a68c37cf9c78df91e87d5fa2cf816ae9dab068fc86dc741cda14e84e3dac26ebcfb
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611fb0a400000000001d
-      Version: 3
-      TBS:
-        MD5: a3f222107d4e1085e73b5b589c2f480b
-        SHA1: b94aa26cd77c48d91a53ac44506cbd255e1d362c
-        SHA256: a39ed0d6fd4eb1a6f7fed60f726e23eae668b7591bc004644625d22c701213fa
-        SHA384: 64b7643e4146016cbf83c911eb67e4601b6bb8d66f8ee8dcee67b815f91770d86ab23678b984430f22a963e5484881b7
-    Signer:
-    - SerialNumber: 5ece8cdb4d508efee821a7cfff5b8016
-      Issuer: C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 2d9837832c7bb405ef52015ec58eee73
-    SHA1: 2d62189a9364c24794416e15bd840aa1cdb25883
-    SHA256: cf243b5653eaf18b0053550b15395fecde2a3b4d63b0d8ac399a601008c9505d
-  Sections:
-    .text:
-      Entropy: 6.1001997862429445
-      Virtual Size: '0x3b0a'
-    .rdata:
-      Entropy: 4.048184411054468
-      Virtual Size: '0x63c'
-    .data:
-      Entropy: 3.084567508161912
-      Virtual Size: '0x38'
-    .pdata:
-      Entropy: 3.9180819477965816
-      Virtual Size: '0x18c'
-    PAGE:
-      Entropy: 5.077856341041481
-      Virtual Size: '0xa8'
-    INIT:
-      Entropy: 5.283284747085455
-      Virtual Size: '0x8e8'
-    .reloc:
-      Entropy: 2.091917186688699
-      Virtual Size: '0x10'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2016-08-25 17:13:06'
-  Imphash: 832f0fb3579a07b1c4bec82b4478306b
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: DirectIo64.sys
-  MD5: 790ccca8341919bb8bb49262a21fca0e
-  SHA1: 61f5904e9ff0d7e83ad89f0e7a3741e7f2fbf799
-  SHA256: 9778136d2441439dc470861d15d96fa21dc9f16225232cd05b76791a5e0fde6f
-  Authentihash:
-    MD5: 7b9da0ee121248056b6ff192abd03ccb
-    SHA1: 8ec43d1def8bb20354aeba49a9084bacd2c02817
-    SHA256: ad44cfd9c6262a6ff36ee9d03e59ba4b0524ef87f6b980ce15abb10a35d39f88
-  Description: ''
-  Company: ''
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  Product: ''
-  ProductVersion: ''
-  Copyright: ''
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoWriteErrorLogEntry
-  - IoBuildDeviceIoControlRequest
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - NtBuildNumber
-  - IoBuildSynchronousFsdRequest
-  - ZwMapViewOfSection
-  - RtlInitUnicodeString
-  - RtlIntegerToUnicodeString
-  - IoDeleteDevice
-  - RtlAppendUnicodeToString
-  - KeInitializeEvent
-  - RtlQueryRegistryValues
-  - MmUnmapIoSpace
-  - MmBuildMdlForNonPagedPool
-  - IoFreeMdl
-  - IoAllocateErrorLogEntry
-  - IoDriverObjectType
-  - ZwCreateFile
-  - wcsrchr
-  - MmMapLockedPagesSpecifyCache
-  - IoGetDeviceObjectPointer
-  - ZwQueryValueKey
-  - ZwUnmapViewOfSection
-  - _vsnwprintf
-  - MmMapIoSpace
-  - ZwClose
-  - RtlAppendUnicodeStringToString
-  - ExAllocatePoolWithTag
-  - ObReferenceObjectByHandle
-  - KeWaitForSingleObject
-  - RtlWriteRegistryValue
-  - IoGetAttachedDeviceReference
-  - IoCreateSymbolicLink
-  - ObfDereferenceObject
-  - ObReferenceObjectByName
-  - IoCreateDevice
-  - RtlAssert
-  - IoEnumerateDeviceObjectList
-  - MmGetPhysicalMemoryRanges
-  - ZwWriteFile
-  - IoGetDeviceProperty
-  - ZwOpenSection
-  - DbgPrintEx
-  - ObReferenceObjectByPointer
-  - PsGetProcessId
-  - DbgPrint
-  - IoAllocateMdl
-  - IofCallDriver
-  - ZwOpenKey
-  - KeQueryActiveProcessors
-  - KeLeaveCriticalRegion
-  - MmGetSystemRoutineAddress
-  - KdSystemDebugControl
-  - KeEnterCriticalRegion
-  - KdDebuggerEnabled
-  - KeBugCheckEx
-  - IofCompleteRequest
-  - MmUnmapLockedPages
-  - __C_specific_handler
-  - KeStallExecutionProcessor
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 56fe535ce1c79ebca7ed7e536d6a144b518c405e805faaa4e82fef38c804c9ca3ecfdf3a584eb0d4b663c52957fa02059a454d68db2a1bd4343d9f00c35acb9549a56ee1b0c5fc414d414a6fd377c8d7388de419de18f31f1565836d450c53f90a9a2ea55dbf6f32811892196a5500ad631c52067e55d92968ae4a7c189a79886b2323d827382a298776cafbc7b662231fed7a564cdd9c325bf53d0c4618953b2a2368836441d9006d0f1924156872bdc571676eac4cdb90eb51a51a6207d0be6a00473c722fec4f613e7385ce5a0ab7bac01c1375e3223928dd6d1d09469d4fbae8408191c6a4ce94721b01cf2a6e15679589ae7db7b7cdf90a3d75b66b3c25
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47974d7873a5bcab0d2fb370192fce5e
-      Version: 3
-      TBS:
-        MD5: e3a93dc2a8a8a668fdbb286bfe9afab5
-        SHA1: 95795d2aa2a554a423bc8c6e5b0a016d14887d35
-        SHA256: d8844186775bddbccaf3dc017064df7d760fd4b85c5d07561a3efd7da950f89e
-        SHA384: 78d972495720b43a6470b18ae1226bcca20707628087717a9364c14ca053ba264e6d149718b103542d9942200138a69d
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=AU, ST=New South Wales, L=Sydney, O=PassMark Software Pty Ltd, OU=Secure
-        Application Development, CN=PassMark Software Pty Ltd
-      ValidFrom: '2014-10-23 00:00:00'
-      ValidTo: '2017-01-13 23:59:59'
-      Signature: 2a7625d379f9d98000b6a91746a285e932f9b02086b92f0f5511369a2fe6917b6b0b1f833094654288a1b282fe4057f84aa07a68c19a460d989c2935df87248a85456b058fcb53b1a5f3d037735374336fb58c1ff3d8973017b0aefac3e114f0d439239b2c7f3e1ef073bd38748dfd81ad871e50e71ece4cb43d44de9b36f13240b52c20a02a74581ba72f526f8362bf8bff2e51884cfdaf89859fe8ffd32e82d36745d05754c7161ee5945647d6fb907f347f0448761bf6dcd40ead8a425b4e575fc13ce3a74d1b99504a6db112fb1fb930c11488f702bc9fc78f278c4a987fa4de2382839206d25290cb74895c82be23d5d44002745c4e7a3cab28f42583f1
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 5ece8cdb4d508efee821a7cfff5b8016
-      Version: 3
-      TBS:
-        MD5: fbbc2fd31bef7df6deb6127e593c71bb
-        SHA1: 82b8bf771c8f1b038935f84e2a41a37c30650003
-        SHA256: ed0d4e6cc774379d4622d107da1a202d9f330e7a68b03abd182ec86685ec7067
-        SHA384: d774707c21ab68e089c3a431d1a85fa8037cf9f5148930ffecb95f979603ee80322b6bdd156d49d85b3a91d527f6034a
-    - Subject: C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006
-        thawte, Inc. , For authorized use only, CN=thawte Primary Root CA
-      ValidFrom: '2011-02-22 19:31:57'
-      ValidTo: '2021-02-22 19:41:57'
-      Signature: 2dcc71b5e8ba94ff5ee64467007b6afc412c3ee70e41855ab12a932ba95b89f2f72b499c8003f297b8e760a80ed7fd5de545467594f4ed1c9de166228b61fb29f2c6a8bdf387c98f7f47e1c058b64a1aa2e7f718606969e083069e26c775c40c0d79da746b52b9fae8ea3359b9bb18dd291a14dfd36a37277a9da0dacffffc22c4faf009ff33e93e17ba1cc742cfce2743d30c0c5581303db96060ce02ece19ee81ddc852ce0a18d966d95ac17a4713ea16741b6281d2ce3b615e5b7e5a2f6256d86e320acf9f8314f8e629b9833376d6af735523e90feb03b5fc5b852a9e06ea0479a279e97aea24a9e531939ec357ec659de3ae0aaf533f06abda0821812dea18c4570ca2bd62e959145995a5c240049bd23b30ceca43df5b9e1d1b1825a38eea3fba1ab483a8c5dffa065223fd3d3fe4990db1446a3852e8a554b09ab38b2ab63a008d1fdad48e273d812bcc26ca516fad09ac05e38383a2b718e553aac42197a1f0d4220e7ab5d8c6880524ca1c0d488d02321fb901309007b4937afa9df486022abf4f6c2363bf8513c34bbc586e43ae19f4b90fe5461024b159c34176aa94b8d4cb69d2326c83af1d6b805cdda1d6240183a2f1b41cd3a993a0aa9d1d77eb8c4aff7b8c980105ed55df6ce7a9a02c50f6381efb564e9fc5bd8d2619a68c37cf9c78df91e87d5fa2cf816ae9dab068fc86dc741cda14e84e3dac26ebcfb
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611fb0a400000000001d
-      Version: 3
-      TBS:
-        MD5: a3f222107d4e1085e73b5b589c2f480b
-        SHA1: b94aa26cd77c48d91a53ac44506cbd255e1d362c
-        SHA256: a39ed0d6fd4eb1a6f7fed60f726e23eae668b7591bc004644625d22c701213fa
-        SHA384: 64b7643e4146016cbf83c911eb67e4601b6bb8d66f8ee8dcee67b815f91770d86ab23678b984430f22a963e5484881b7
-    Signer:
-    - SerialNumber: 5ece8cdb4d508efee821a7cfff5b8016
-      Issuer: C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 01a4cb96763a0183d24013962a941e5d
-    SHA1: 3d8a18343f37a0d827a99864fdbcddffd862ad86
-    SHA256: 199eee7cc9b36e80f4074461daa0607b24cf742e007b4e983e38eb85e4f22479
-  Sections:
-    .text:
-      Entropy: 6.059318111466569
-      Virtual Size: '0x42d4'
-    .rdata:
-      Entropy: 4.215605826640909
-      Virtual Size: '0x434'
-    .data:
-      Entropy: 0.8622020313988807
-      Virtual Size: '0x138'
-    .pdata:
-      Entropy: 3.864487603588554
-      Virtual Size: '0x114'
-    PAGE:
-      Entropy: 5.406915958125919
-      Virtual Size: '0x108'
-    INIT:
-      Entropy: 5.236703969449414
-      Virtual Size: '0x80e'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2015-02-15 22:32:24'
-  Imphash: 9521d8684357766840dbcac2b4cee67d
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: DirectIo64.sys
-  MD5: 7978d858168fadd05c17779da5f4695a
-  SHA1: 2db49bdf8029fdcda0a2f722219ae744eae918b0
-  SHA256: ac63c26ca43701dddaa7fb1aea535d42190f88752900a03040fd5aaa24991e25
-  Authentihash:
-    MD5: 4f19a1d2166d52af3e3590d9748e91bc
-    SHA1: f1bdd3236f43338a119d74eca730f0d464ded973
-    SHA256: 96a5b3cd7c1a6dda5b6f402e6c35ba535270467f56addc7448dbe4aa78428411
-  Description: ''
-  Company: ''
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  Product: ''
-  ProductVersion: ''
-  Copyright: ''
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - RtlInitUnicodeString
-  - RtlQueryRegistryValues
-  - MmGetSystemRoutineAddress
-  - RtlWriteRegistryValue
-  - RtlAppendUnicodeStringToString
-  - RtlAppendUnicodeToString
-  - DbgPrintEx
-  - RtlGetVersion
-  - KeInitializeEvent
-  - KeWaitForSingleObject
-  - ExAllocatePoolWithTag
-  - ExAllocatePoolWithQuotaTag
-  - ExFreePoolWithTag
-  - MmBuildMdlForNonPagedPool
-  - MmMapLockedPagesSpecifyCache
-  - MmUnmapLockedPages
-  - MmMapIoSpace
-  - MmUnmapIoSpace
-  - IoAllocateErrorLogEntry
-  - IoAllocateMdl
-  - IoBuildDeviceIoControlRequest
-  - IoBuildSynchronousFsdRequest
-  - IofCallDriver
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - IoFreeMdl
-  - IoGetAttachedDeviceReference
-  - IoGetDeviceObjectPointer
-  - RtlIntegerToUnicodeString
-  - IoGetDeviceProperty
-  - ObReferenceObjectByHandle
-  - ObReferenceObjectByPointer
-  - ObfDereferenceObject
-  - ZwCreateFile
-  - ZwWriteFile
-  - ZwClose
-  - ZwOpenSection
-  - ZwMapViewOfSection
-  - ZwUnmapViewOfSection
-  - ZwOpenKey
-  - ZwQueryValueKey
-  - MmGetPhysicalMemoryRanges
-  - PsGetProcessId
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - IoEnumerateDeviceObjectList
-  - ObQueryNameString
-  - _vsnwprintf
-  - ObReferenceObjectByName
-  - __C_specific_handler
-  - IoFileObjectType
-  - PsProcessType
-  - PsInitialSystemProcess
-  - NtBuildNumber
-  - IoDriverObjectType
-  - KeEnterCriticalRegion
-  - KeLeaveCriticalRegion
-  - KdSystemDebugControl
-  - KdDebuggerEnabled
-  - KeQueryActiveProcessors
-  - KeBugCheckEx
-  - IoWriteErrorLogEntry
-  - wcsrchr
-  - KeStallExecutionProcessor
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: ??=AU, ??=Private Organization, serialNumber=099 321 392, C=AU, ST=New
-        South Wales, L=Surry Hills, O=PassMark Software Pty Ltd, CN=PassMark Software
-        Pty Ltd
-      ValidFrom: '2018-10-18 00:00:00'
-      ValidTo: '2021-02-28 12:00:00'
-      Signature: 5c01ed6a6f6c302d1b2ff3c17bae241ce2fcd501196d753b285ea9d44ba291565fc97503fa50ba4b0abba54066e1b04ac66018e8eb06c8104515df0b903f432e04c1d486336929a4d637fe7e06197a75ad7199bfae0a3a66ea6e55cf1ba9b68e33ef35f5b46cef71f5c8b6230d459c2e843a09b01ebe5020852ac9948357f09a66ad78bc60d795fce62fb63288f5550bc6446acbe7fdad31f8dd76045d7ed50bb79dc6ee9333ad8c12b64e2e544f922dfea0586b0d1cb80c37f96fc68b20f95b104f11ef5fe49349829afe35ceecfd22c96b5f89263701f95364d4f0816bcd0bee9e40aa1b956cd4659181e05d0872f4838b3208138b67d9c03faad605f1b924
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 0d671c2c3c13676231329afa97b1ec2b
-      Version: 3
-      TBS:
-        MD5: fd290a4891edd36420e082391a96d9b0
-        SHA1: fe33d6386cb017f4d39d5b1e21861bbc387aae7a
-        SHA256: 57e2af9bbd6fed434ad5df9b194936fc6d3a1b71658bdd31c2d289f8a0f5c2e0
-        SHA384: feff93a9900bd0c3ac0d46892b5c06dc002eb55bc2daa6c4d62d20491c9f5141771c7563166751af02b2308059449e52
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA (SHA2)
-      ValidFrom: '2012-04-18 12:00:00'
-      ValidTo: '2027-04-18 12:00:00'
-      Signature: 19334a0c813337dbad36c9e4c93abbb51b2e7aa2e2f44342179ebf4ea14de1b1dbe981dd9f01f2e488d5e9fe09fd21c1ec5d80d2f0d6c143c2fe772bdbf9d79133ce6cd5b2193be62ed6c9934f88408ecde1f57ef10fc6595672e8eb6a41bd1cd546d57c49ca663815c1bfe091707787dcc98d31c90c29a233ed8de287cd898d3f1bffd5e01a978b7cda6dfba8c6b23a666b7b01b3cdd8a634ec1201ab9558a5c45357a860e6e70212a0b92364a24dbb7c81256421becfee42184397bba53706af4dff26a54d614bec4641b865ceb8799e08960b818c8a3b8fc7998ca32a6e986d5e61c696b78ab9612d93b8eb0e0443d7f5fea6f062d4996aa5c1c1f0649480
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 03f1b4e15f3a82f1149678b3d7d8475c
-      Version: 3
-      TBS:
-        MD5: 83f5de89f641d0fbf60248e10a7b9534
-        SHA1: 382a73a059a08698d6eb98c87e1b36fc750933a4
-        SHA256: eec58131dc11cd7f512501b15fdbc6074c603b68ca91f7162d5a042054edb0cf
-        SHA384: 4a25018683cabfb8ec2cad136334f37f33c89aa8540326322991d997c8adfb7faf06ab602ebd46630fe75fe3d2edc6b1
-    Signer:
-    - SerialNumber: 0d671c2c3c13676231329afa97b1ec2b
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA (SHA2)
-      Version: 1
-  RichPEHeaderHash:
-    MD5: d450b7a57cccd5a3db68a7e806a19964
-    SHA1: 470f1d22cd3e654fab37a79b0333dd7303fdcb6a
-    SHA256: b8aec1219a4d5f9701a7efa8c8211eacb4fc3b65cf29f9361c8c9d578b26f712
-  Sections:
-    .text:
-      Entropy: 6.074038504280014
-      Virtual Size: '0x3c9a'
-    .rdata:
-      Entropy: 4.148648299864217
-      Virtual Size: '0x83c'
-    .data:
-      Entropy: 3.1174924611847556
-      Virtual Size: '0x18'
-    .pdata:
-      Entropy: 3.8748693325097565
-      Virtual Size: '0x1a4'
-    PAGE:
-      Entropy: 5.139743175424712
-      Virtual Size: '0xb8'
-    INIT:
-      Entropy: 5.280103711506725
-      Virtual Size: '0x8e8'
-    .reloc:
-      Entropy: 2.7678941476196224
-      Virtual Size: '0x18'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2020-08-11 23:44:52'
-  Imphash: cef6a450f196b28e634aa3c0655d8eda
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: DirectIo64.sys
-  MD5: d660fc7255646d5014d45c3bca9c6e20
-  SHA1: 01b95ae502aa09aabc69a0482fcc8198f7765950
-  SHA256: b2ba6efeff1860614b150916a77c9278f19d51e459e67a069ccd15f985cbc0e1
-  Authentihash:
-    MD5: 21853c3ceffa008b53f1144772a6750e
-    SHA1: 4aea4fbb9a732d57643f61f1bf3b82cebb18ab72
-    SHA256: 21a8aa12aa944658f05694243e4d7b9ba07ea24447b539d40977e9b7fa19fed1
-  Description: ''
-  Company: ''
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  Product: ''
-  ProductVersion: ''
-  Copyright: ''
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - RtlInitUnicodeString
-  - RtlQueryRegistryValues
-  - MmGetSystemRoutineAddress
-  - RtlWriteRegistryValue
-  - RtlAppendUnicodeStringToString
-  - RtlAppendUnicodeToString
-  - DbgPrintEx
-  - RtlGetVersion
-  - KeInitializeEvent
-  - KeWaitForSingleObject
-  - ExAllocatePool2
-  - ExFreePoolWithTag
-  - MmBuildMdlForNonPagedPool
-  - MmMapLockedPagesSpecifyCache
-  - MmUnmapLockedPages
-  - MmMapIoSpace
-  - MmUnmapIoSpace
-  - IoAllocateErrorLogEntry
-  - IoAllocateMdl
-  - IoBuildDeviceIoControlRequest
-  - IoBuildSynchronousFsdRequest
-  - IofCallDriver
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - IoFreeMdl
-  - IoGetAttachedDeviceReference
-  - IoGetDeviceObjectPointer
-  - IoWriteErrorLogEntry
-  - RtlIntegerToUnicodeString
-  - ObReferenceObjectByHandle
-  - ObReferenceObjectByPointer
-  - ObfDereferenceObject
-  - ZwCreateFile
-  - ZwWriteFile
-  - ZwClose
-  - ZwOpenSection
-  - ZwMapViewOfSection
-  - ZwUnmapViewOfSection
-  - ZwOpenKey
-  - ZwQueryValueKey
-  - MmGetPhysicalMemoryRanges
-  - PsGetProcessId
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - IoEnumerateDeviceObjectList
-  - ObQueryNameString
-  - _vsnwprintf
-  - ObReferenceObjectByName
-  - __C_specific_handler
-  - IoFileObjectType
-  - PsProcessType
-  - PsInitialSystemProcess
-  - NtBuildNumber
-  - IoDriverObjectType
-  - KeEnterCriticalRegion
-  - KeLeaveCriticalRegion
-  - KdSystemDebugControl
-  - KdDebuggerEnabled
-  - KeQueryActiveProcessors
-  - KeBugCheckEx
-  - IoGetDeviceProperty
-  - wcsrchr
-  - KeStallExecutionProcessor
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: serialNumber=49 099 321 392, ??=AU, ??=Private Organization, C=AU,
-        postalCode=2010, ST=New South Wales, L=Surry Hills, ??=Level 5 63 Foveaux
-        Street, O=PassMark Software Pty Ltd, CN=PassMark Software Pty Ltd
-      ValidFrom: '2021-01-06 00:00:00'
-      ValidTo: '2024-01-06 23:59:59'
-      Signature: 20b704815b2994a60f2bf8da03e3b563a506587e0796ca7707668d9138d0960576f873d06d5ac0d7a207b01f70b3610a0e518d5e4608cbe2c78bc694fbee783a1644c423892f6cea356af62dd9bdd6fcd121206601ed3e945e18588282a62bc21725563d3c14d08c20acbd8db092534053b2e83f4752089dd4c0a2ec0b738a2adf3360b328d17deb2efe66ecba0f46bba4a5fcc09e8e9638d344617c9079ae148fd3b5d1999ff464f88f20e358710270f53d3a31ac07f62c4b7396a393953b89e7ef635c872ba1a5158cd887bbe75dbe58036a736a87a696b2c82f7551c58effb02481e9f108ac9ce0c8aa893a4678883ae99f5def735d60650a98ed092b8167
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 00c230ef10f73148fd583fc3836a573892
-      Version: 3
-      TBS:
-        MD5: 2baec9756b3a504265976c41516baaaf
-        SHA1: ab61870aef61c26f46ca1b47b31cdb8e913e761a
-        SHA256: a3f1d66a2b69dbde47793b58177920f95c7cc03478edbdca0fcc8126c3f85c9c
-        SHA384: 8b19e693cc12862c8dbfd5af03e4205c3783a25720024b425edd461bbade11f879ccaf90811e9f856089d7df62eee26e
-    - Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO
-        RSA Extended Validation Code Signing CA
-      ValidFrom: '2014-12-03 00:00:00'
-      ValidTo: '2029-12-02 23:59:59'
-      Signature: 664eecb716776f11e81b5d6a4ed9f28b6cb15628408bc031c49948233df80ee88097ef6d200b1f13c486fb173415e18e54f7c2b8007315e028d9dabafa8254c2f7ebbfc336d0309fe5a11c94dfef7ce8f62c78a2accf266a15a11531d6313498bd534fc48483a3c4965c3dd8fed6f954ff67936df83e2b6b2ca2087c5648813218b26eac90c1dbe4de398b86e5c7184059a4df9647bab27fb1f8570f858074380e3a58621efe52e3e6ae530986fe8f9bdb5656cc07b089c104f1530b6c6f77ecb21fecf65b4043600f1bab1854b410048ef80ee9cb83b17af2344e6a544ce9832ae9b030251cce628e0eeb85e629feb14ae3f2ae3c91f54ca1bec8170e5cbb424de31a8a92cd3e207edde975b1ea1f745c9e54c29437b261dd0716597f968016e099b5d26eb0c9230615acd123f4338bce75f0c186d3ffe12efa904ffe46f9bbdb4fbbb7fed10d2b04f1d2d195852c8a2eb88556f2c38452a1e933b1eb50c8a1b09fe3c38b3a879ee755d3d36d3417300d68220bd5b9ed733572c3eda737cde343ae45cd34bf28ca8762ed43a4affacb31cb215861465eb6c67aa61e532aa8f85c511f3a5a100f28c0e4748b74c604aaf84b26280a3289db9d2a60716ac3964e16b963bf6195678c4b2ebbb04e83e94d31e58e2722f53c267b4491d3d45af0d37cf438be149a990e8bb15beae48b0f119d7742821c5c3ad4daab882f8d573054
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.12
-      IsCertificateAuthority: true
-      SerialNumber: 6dd472eb02ae0406e3dd843f5fe145e1
-      Version: 3
-      TBS:
-        MD5: e3898a5cae592360ce7bfdf5ff3fb13f
-        SHA1: 217c51b90dbb7f0528e8ba170d227f647fbc995b
-        SHA256: 3a9b4006a9e125b4458344389c86dfb4f6728848b9871654c615a138514d02ec
-        SHA384: fcd8dd15125f14b84fec55838806355ec3787407188bac83c2c0d6c841adf9ac76ee83eccc5c9463f1f88fc5295a31ee
-    Signer:
-    - SerialNumber: 00c230ef10f73148fd583fc3836a573892
-      Issuer: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO
-        RSA Extended Validation Code Signing CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 621804db6195b161c159119ad1fdbe41
-    SHA1: b33b574a8975351a15155943dc77f3f5c78bd505
-    SHA256: 960e71301913e91402d391fb433fa2ef911efc4815b7e8d40a0f3b7678a3d921
-  Sections:
-    .text:
-      Entropy: 6.077838124140272
-      Virtual Size: '0x3daa'
-    .rdata:
-      Entropy: 3.9535065165874417
-      Virtual Size: '0x990'
-    .data:
-      Entropy: 1.301963518657283
-      Virtual Size: '0x58'
-    .pdata:
-      Entropy: 3.970239889641578
-      Virtual Size: '0x1c8'
-    PAGE:
-      Entropy: 5.139743175424712
-      Virtual Size: '0xb8'
-    INIT:
-      Entropy: 5.2866904768043925
-      Virtual Size: '0x8bc'
-    .reloc:
-      Entropy: 3.471001127588696
-      Virtual Size: '0x24'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2022-06-27 22:21:07'
-  Imphash: 7863a0f25a0647ed7d52641222bd709a
-  LoadsDespiteHVCI: 'TRUE'
-- Filename: DirectIo64.sys
-  MD5: b3424a229d845a88340045c29327c529
-  SHA1: ffabdf33635bdc1ed1714bc8bbfd7b73ef78a37c
-  SHA256: bda99629ec6c522c3efcbcc9ca33688d31903146f05b37d0d3b43db81bfb3961
-  Authentihash:
-    MD5: 21853c3ceffa008b53f1144772a6750e
-    SHA1: 4aea4fbb9a732d57643f61f1bf3b82cebb18ab72
-    SHA256: 21a8aa12aa944658f05694243e4d7b9ba07ea24447b539d40977e9b7fa19fed1
-  Description: ''
-  Company: ''
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  Product: ''
-  ProductVersion: ''
-  Copyright: ''
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - RtlInitUnicodeString
-  - RtlQueryRegistryValues
-  - MmGetSystemRoutineAddress
-  - RtlWriteRegistryValue
-  - RtlAppendUnicodeStringToString
-  - RtlAppendUnicodeToString
-  - DbgPrintEx
-  - RtlGetVersion
-  - KeInitializeEvent
-  - KeWaitForSingleObject
-  - ExAllocatePool2
-  - ExFreePoolWithTag
-  - MmBuildMdlForNonPagedPool
-  - MmMapLockedPagesSpecifyCache
-  - MmUnmapLockedPages
-  - MmMapIoSpace
-  - MmUnmapIoSpace
-  - IoAllocateErrorLogEntry
-  - IoAllocateMdl
-  - IoBuildDeviceIoControlRequest
-  - IoBuildSynchronousFsdRequest
-  - IofCallDriver
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - IoFreeMdl
-  - IoGetAttachedDeviceReference
-  - IoGetDeviceObjectPointer
-  - IoWriteErrorLogEntry
-  - RtlIntegerToUnicodeString
-  - ObReferenceObjectByHandle
-  - ObReferenceObjectByPointer
-  - ObfDereferenceObject
-  - ZwCreateFile
-  - ZwWriteFile
-  - ZwClose
-  - ZwOpenSection
-  - ZwMapViewOfSection
-  - ZwUnmapViewOfSection
-  - ZwOpenKey
-  - ZwQueryValueKey
-  - MmGetPhysicalMemoryRanges
-  - PsGetProcessId
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - IoEnumerateDeviceObjectList
-  - ObQueryNameString
-  - _vsnwprintf
-  - ObReferenceObjectByName
-  - __C_specific_handler
-  - IoFileObjectType
-  - PsProcessType
-  - PsInitialSystemProcess
-  - NtBuildNumber
-  - IoDriverObjectType
-  - KeEnterCriticalRegion
-  - KeLeaveCriticalRegion
-  - KdSystemDebugControl
-  - KdDebuggerEnabled
-  - KeQueryActiveProcessors
-  - KeBugCheckEx
-  - IoGetDeviceProperty
-  - wcsrchr
-  - KeStallExecutionProcessor
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: serialNumber=49 099 321 392, ??=AU, ??=Private Organization, C=AU,
-        postalCode=2010, ST=New South Wales, L=Surry Hills, ??=Level 5 63 Foveaux
-        Street, O=PassMark Software Pty Ltd, CN=PassMark Software Pty Ltd
-      ValidFrom: '2021-01-06 00:00:00'
-      ValidTo: '2024-01-06 23:59:59'
-      Signature: 20b704815b2994a60f2bf8da03e3b563a506587e0796ca7707668d9138d0960576f873d06d5ac0d7a207b01f70b3610a0e518d5e4608cbe2c78bc694fbee783a1644c423892f6cea356af62dd9bdd6fcd121206601ed3e945e18588282a62bc21725563d3c14d08c20acbd8db092534053b2e83f4752089dd4c0a2ec0b738a2adf3360b328d17deb2efe66ecba0f46bba4a5fcc09e8e9638d344617c9079ae148fd3b5d1999ff464f88f20e358710270f53d3a31ac07f62c4b7396a393953b89e7ef635c872ba1a5158cd887bbe75dbe58036a736a87a696b2c82f7551c58effb02481e9f108ac9ce0c8aa893a4678883ae99f5def735d60650a98ed092b8167
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 00c230ef10f73148fd583fc3836a573892
-      Version: 3
-      TBS:
-        MD5: 2baec9756b3a504265976c41516baaaf
-        SHA1: ab61870aef61c26f46ca1b47b31cdb8e913e761a
-        SHA256: a3f1d66a2b69dbde47793b58177920f95c7cc03478edbdca0fcc8126c3f85c9c
-        SHA384: 8b19e693cc12862c8dbfd5af03e4205c3783a25720024b425edd461bbade11f879ccaf90811e9f856089d7df62eee26e
-    - Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO
-        RSA Extended Validation Code Signing CA
-      ValidFrom: '2014-12-03 00:00:00'
-      ValidTo: '2029-12-02 23:59:59'
-      Signature: 664eecb716776f11e81b5d6a4ed9f28b6cb15628408bc031c49948233df80ee88097ef6d200b1f13c486fb173415e18e54f7c2b8007315e028d9dabafa8254c2f7ebbfc336d0309fe5a11c94dfef7ce8f62c78a2accf266a15a11531d6313498bd534fc48483a3c4965c3dd8fed6f954ff67936df83e2b6b2ca2087c5648813218b26eac90c1dbe4de398b86e5c7184059a4df9647bab27fb1f8570f858074380e3a58621efe52e3e6ae530986fe8f9bdb5656cc07b089c104f1530b6c6f77ecb21fecf65b4043600f1bab1854b410048ef80ee9cb83b17af2344e6a544ce9832ae9b030251cce628e0eeb85e629feb14ae3f2ae3c91f54ca1bec8170e5cbb424de31a8a92cd3e207edde975b1ea1f745c9e54c29437b261dd0716597f968016e099b5d26eb0c9230615acd123f4338bce75f0c186d3ffe12efa904ffe46f9bbdb4fbbb7fed10d2b04f1d2d195852c8a2eb88556f2c38452a1e933b1eb50c8a1b09fe3c38b3a879ee755d3d36d3417300d68220bd5b9ed733572c3eda737cde343ae45cd34bf28ca8762ed43a4affacb31cb215861465eb6c67aa61e532aa8f85c511f3a5a100f28c0e4748b74c604aaf84b26280a3289db9d2a60716ac3964e16b963bf6195678c4b2ebbb04e83e94d31e58e2722f53c267b4491d3d45af0d37cf438be149a990e8bb15beae48b0f119d7742821c5c3ad4daab882f8d573054
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.12
-      IsCertificateAuthority: true
-      SerialNumber: 6dd472eb02ae0406e3dd843f5fe145e1
-      Version: 3
-      TBS:
-        MD5: e3898a5cae592360ce7bfdf5ff3fb13f
-        SHA1: 217c51b90dbb7f0528e8ba170d227f647fbc995b
-        SHA256: 3a9b4006a9e125b4458344389c86dfb4f6728848b9871654c615a138514d02ec
-        SHA384: fcd8dd15125f14b84fec55838806355ec3787407188bac83c2c0d6c841adf9ac76ee83eccc5c9463f1f88fc5295a31ee
-    Signer:
-    - SerialNumber: 00c230ef10f73148fd583fc3836a573892
-      Issuer: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO
-        RSA Extended Validation Code Signing CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 621804db6195b161c159119ad1fdbe41
-    SHA1: b33b574a8975351a15155943dc77f3f5c78bd505
-    SHA256: 960e71301913e91402d391fb433fa2ef911efc4815b7e8d40a0f3b7678a3d921
-  Sections:
-    .text:
-      Entropy: 6.077838124140272
-      Virtual Size: '0x3daa'
-    .rdata:
-      Entropy: 3.9535065165874417
-      Virtual Size: '0x990'
-    .data:
-      Entropy: 1.301963518657283
-      Virtual Size: '0x58'
-    .pdata:
-      Entropy: 3.970239889641578
-      Virtual Size: '0x1c8'
-    PAGE:
-      Entropy: 5.139743175424712
-      Virtual Size: '0xb8'
-    INIT:
-      Entropy: 5.2866904768043925
-      Virtual Size: '0x8bc'
-    .reloc:
-      Entropy: 3.471001127588696
-      Virtual Size: '0x24'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2022-06-27 22:21:07'
-  Imphash: 7863a0f25a0647ed7d52641222bd709a
-  LoadsDespiteHVCI: 'TRUE'
-Tags:
-- directio64.sys
+-   Filename: directio64.sys
+    MD5: 537e2c3020b1d48b125da593e66508ec
+    SHA1: e702221d059b86d49ed11395adffa82ef32a1bce
+    SHA256: 092349aebdac28294dbad1656759d8461f362d1a36b01054dccf861d97beadf0
+    Authentihash:
+        MD5: e9ded101dac8161f1c3625da578d390d
+        SHA1: e8f7e20061f9cc20583dcab3b16054d106b8aa83
+        SHA256: b8bf3bd441ebc5814c5d39d053fdcb263e8e58476cbdee4b1226903305f547b6
+    Description: ''
+    Company: ''
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    Product: ''
+    ProductVersion: ''
+    Copyright: ''
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - ExAllocatePoolWithTag
+    - IoWriteErrorLogEntry
+    - IoBuildDeviceIoControlRequest
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - NtBuildNumber
+    - ZwMapViewOfSection
+    - RtlInitUnicodeString
+    - RtlIntegerToUnicodeString
+    - IoDeleteDevice
+    - RtlAppendUnicodeToString
+    - KeInitializeEvent
+    - RtlQueryRegistryValues
+    - IoAllocateErrorLogEntry
+    - ZwCreateFile
+    - wcsrchr
+    - IoGetDeviceObjectPointer
+    - ZwQueryValueKey
+    - ZwUnmapViewOfSection
+    - _snwprintf_s
+    - ZwClose
+    - RtlAppendUnicodeStringToString
+    - IofCompleteRequest
+    - ObReferenceObjectByHandle
+    - KeWaitForSingleObject
+    - RtlWriteRegistryValue
+    - IoCreateSymbolicLink
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - RtlAssert
+    - MmGetPhysicalMemoryRanges
+    - ZwWriteFile
+    - wcscpy_s
+    - ZwOpenSection
+    - DbgPrintEx
+    - ObReferenceObjectByPointer
+    - PsGetProcessId
+    - DbgPrint
+    - IofCallDriver
+    - ZwOpenKey
+    - KeQueryActiveProcessors
+    - KeLeaveCriticalRegion
+    - MmGetSystemRoutineAddress
+    - KdSystemDebugControl
+    - KeEnterCriticalRegion
+    - KdDebuggerEnabled
+    - KeBugCheckEx
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=AU, ST=NSW, O=PassMark Software Pty Ltd, OU=Digital ID Class
+                3 , Microsoft Software Validation v2, CN=PassMark Software Pty Ltd
+            ValidFrom: '2009-09-22 00:00:00'
+            ValidTo: '2012-10-18 23:59:59'
+            Signature: b7f68f477ab8836d5a2eaa9eaf9449186c71f90679d58058c558928f1ad7c76398511ce520afd6dce66540f536c377f824cf5b84fd60f83ead01a592fbce29cc51cca7da2fe8b50e89bc6999104fb406db3b878a7f9f148c767b668b84fcba161c1c14215de332cfcfc2fa52bce1543341231dd345b41da888372d4a2f82711f6125e029fd71859711bccd6b600247a440b6603296cfa9451e6ec81d51b1b7512705461af59e23e0423ba441c68025359a6e591c6370fa516188f8d720a16c6c7b24e975a204fbe5a3b8236443813e993d717df40642fe7d88d85aa1a51b47a3a05232da19c8f2de4144aa11d4577379c794ef9a48d60fc40f8793d5273a25da
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 38e7fa0db1a398f805bb85a69171dc9d
+            Version: 3
+            TBS:
+                MD5: 159feaed9447c7d71653069c337ec2b3
+                SHA1: 5079a8aa946ee016c86153d4456f58277360c036
+                SHA256: e76ee5754b8da5b514befb3a89eed638de08605326a1e611ddbed9e864551abf
+                SHA384: 9830194c19654f1196e74505a987588c36aa700489f3f482f1ad017bba6e39ebf9be18ab153da8cd9f8a672801820a87
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 38e7fa0db1a398f805bb85a69171dc9d
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 452eabb42cbbf7e724c8be454b6689ab
+        SHA1: 19352bde1342681ae5f2eafacd0ad5456a3f6616
+        SHA256: 128c2e1ac497e379854c941e1ea5f9d4dbf85b9dfafaa2267bdb65febfc09da0
+    Sections:
+        .text:
+            Entropy: 5.9515705369687755
+            Virtual Size: '0x3314'
+        .rdata:
+            Entropy: 4.168919883077898
+            Virtual Size: '0x32c'
+        .data:
+            Entropy: 0.8622020313988807
+            Virtual Size: '0x138'
+        .pdata:
+            Entropy: 3.7285134511291638
+            Virtual Size: '0xcc'
+        PAGE:
+            Entropy: 5.411254015049126
+            Virtual Size: '0x108'
+        INIT:
+            Entropy: 5.227088557036365
+            Virtual Size: '0x624'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2012-02-22 20:22:58'
+    Imphash: cae90f82e91b9a60af9a0e36c1f73be4
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: DirectIo64.sys
+    MD5: 8fbb1ffc6f13f9d5ee8480b36baffc52
+    SHA1: 3c9c86c0b215ecbab0eeb4479c204dba65258b8e
+    SHA256: 0bc3685b0b8adc97931b5d31348da235cd7581a67edf6d79913e6a5709866135
+    Authentihash:
+        MD5: fc4afd4ae9e72a9f117067d3b76be36c
+        SHA1: b74246c8cb77b0364b7cece38bff5f462eec983c
+        SHA256: 40e624bf557b51775af1ca17062c4eca3693322e250b257aec7dc579e626ef07
+    Description: ''
+    Company: ''
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    Product: ''
+    ProductVersion: ''
+    Copyright: ''
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - ExAllocatePoolWithTag
+    - IoWriteErrorLogEntry
+    - IoBuildDeviceIoControlRequest
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - NtBuildNumber
+    - ZwMapViewOfSection
+    - RtlInitUnicodeString
+    - RtlIntegerToUnicodeString
+    - IoDeleteDevice
+    - RtlAppendUnicodeToString
+    - KeInitializeEvent
+    - RtlQueryRegistryValues
+    - IoAllocateErrorLogEntry
+    - ZwCreateFile
+    - wcsrchr
+    - IoGetDeviceObjectPointer
+    - ZwQueryValueKey
+    - ZwUnmapViewOfSection
+    - _vsnwprintf
+    - ZwClose
+    - RtlAppendUnicodeStringToString
+    - IofCompleteRequest
+    - ObReferenceObjectByHandle
+    - KeWaitForSingleObject
+    - RtlWriteRegistryValue
+    - IoCreateSymbolicLink
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - RtlAssert
+    - MmGetPhysicalMemoryRanges
+    - ZwWriteFile
+    - ZwOpenSection
+    - DbgPrintEx
+    - ObReferenceObjectByPointer
+    - PsGetProcessId
+    - DbgPrint
+    - IofCallDriver
+    - ZwOpenKey
+    - KeQueryActiveProcessors
+    - KeLeaveCriticalRegion
+    - MmGetSystemRoutineAddress
+    - KdSystemDebugControl
+    - KeEnterCriticalRegion
+    - KdDebuggerEnabled
+    - KeBugCheckEx
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G3
+            ValidFrom: '2012-05-01 00:00:00'
+            ValidTo: '2012-12-31 23:59:59'
+            Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
+            Version: 3
+            TBS:
+                MD5: e6d820afb23af20a65cf0b03247ea05e
+                SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
+                SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
+                SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=AU, ST=NSW, O=PassMark Software Pty Ltd, OU=Digital ID Class
+                3 , Microsoft Software Validation v2, CN=PassMark Software Pty Ltd
+            ValidFrom: '2009-09-22 00:00:00'
+            ValidTo: '2012-10-18 23:59:59'
+            Signature: b7f68f477ab8836d5a2eaa9eaf9449186c71f90679d58058c558928f1ad7c76398511ce520afd6dce66540f536c377f824cf5b84fd60f83ead01a592fbce29cc51cca7da2fe8b50e89bc6999104fb406db3b878a7f9f148c767b668b84fcba161c1c14215de332cfcfc2fa52bce1543341231dd345b41da888372d4a2f82711f6125e029fd71859711bccd6b600247a440b6603296cfa9451e6ec81d51b1b7512705461af59e23e0423ba441c68025359a6e591c6370fa516188f8d720a16c6c7b24e975a204fbe5a3b8236443813e993d717df40642fe7d88d85aa1a51b47a3a05232da19c8f2de4144aa11d4577379c794ef9a48d60fc40f8793d5273a25da
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 38e7fa0db1a398f805bb85a69171dc9d
+            Version: 3
+            TBS:
+                MD5: 159feaed9447c7d71653069c337ec2b3
+                SHA1: 5079a8aa946ee016c86153d4456f58277360c036
+                SHA256: e76ee5754b8da5b514befb3a89eed638de08605326a1e611ddbed9e864551abf
+                SHA384: 9830194c19654f1196e74505a987588c36aa700489f3f482f1ad017bba6e39ebf9be18ab153da8cd9f8a672801820a87
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 38e7fa0db1a398f805bb85a69171dc9d
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 6b119cbe3f88d5f170b93a96ed2d5d74
+        SHA1: 3d42ee2f43a78b96bedc04f4f2bd30bdc9adb486
+        SHA256: eb78e7b1ebb205f8233c939a609ac568b9a9b60f69cea65b26d175238fda5ee6
+    Sections:
+        .text:
+            Entropy: 5.977637591893704
+            Virtual Size: '0x3394'
+        .rdata:
+            Entropy: 4.139541280272844
+            Virtual Size: '0x33c'
+        .data:
+            Entropy: 0.8622020313988807
+            Virtual Size: '0x138'
+        .pdata:
+            Entropy: 3.7403006541244106
+            Virtual Size: '0xd8'
+        PAGE:
+            Entropy: 5.411254015049125
+            Virtual Size: '0x108'
+        INIT:
+            Entropy: 5.221465772836785
+            Virtual Size: '0x60e'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2012-08-12 22:30:24'
+    Imphash: aa274f6b4b15691fd725d7044f98bf36
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: DirectIo64.sys
+    MD5: 76d1d4d285f74059f32b8ad19a146d0c
+    SHA1: 3f338ab65bac9550b8749bb1208edb0f7d7bcb81
+    SHA256: 4324f3d1e4007f6499a3d0f0102cd92ed9f554332bc0b633305cd7b957ff16c8
+    Authentihash:
+        MD5: 333bdf3d4b1fcc9038db0cacb89b9bab
+        SHA1: 8b86e08d610bcc9ab7b7750f036dbb568f733be0
+        SHA256: 841f965977f33d621d126412032c47dd6118251623c380e5572f7553b620b0e1
+    Description: ''
+    Company: ''
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    Product: ''
+    ProductVersion: ''
+    Copyright: ''
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoWriteErrorLogEntry
+    - IoBuildDeviceIoControlRequest
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - NtBuildNumber
+    - IoBuildSynchronousFsdRequest
+    - ZwMapViewOfSection
+    - RtlInitUnicodeString
+    - RtlIntegerToUnicodeString
+    - IoDeleteDevice
+    - RtlAppendUnicodeToString
+    - KeInitializeEvent
+    - RtlQueryRegistryValues
+    - MmUnmapIoSpace
+    - MmBuildMdlForNonPagedPool
+    - IoFreeMdl
+    - IoAllocateErrorLogEntry
+    - IoDriverObjectType
+    - ZwCreateFile
+    - wcsrchr
+    - MmMapLockedPagesSpecifyCache
+    - IoGetDeviceObjectPointer
+    - ZwQueryValueKey
+    - ZwUnmapViewOfSection
+    - _vsnwprintf
+    - MmMapIoSpace
+    - ZwClose
+    - RtlAppendUnicodeStringToString
+    - ExAllocatePoolWithTag
+    - ObReferenceObjectByHandle
+    - KeWaitForSingleObject
+    - RtlWriteRegistryValue
+    - IoGetAttachedDeviceReference
+    - IoCreateSymbolicLink
+    - ObfDereferenceObject
+    - ObReferenceObjectByName
+    - IoCreateDevice
+    - RtlAssert
+    - IoEnumerateDeviceObjectList
+    - MmGetPhysicalMemoryRanges
+    - ZwWriteFile
+    - IoGetDeviceProperty
+    - ZwOpenSection
+    - DbgPrintEx
+    - ObReferenceObjectByPointer
+    - PsGetProcessId
+    - DbgPrint
+    - IoAllocateMdl
+    - IofCallDriver
+    - ZwOpenKey
+    - KeQueryActiveProcessors
+    - KeLeaveCriticalRegion
+    - MmGetSystemRoutineAddress
+    - KdSystemDebugControl
+    - KeEnterCriticalRegion
+    - KdDebuggerEnabled
+    - KeBugCheckEx
+    - IofCompleteRequest
+    - MmUnmapLockedPages
+    - __C_specific_handler
+    - KeStallExecutionProcessor
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=AU, ST=New South Wales, L=Sydney, O=PassMark Software Pty Ltd,
+                OU=Secure Application Development, CN=PassMark Software Pty Ltd
+            ValidFrom: '2013-01-14 00:00:00'
+            ValidTo: '2015-01-14 23:59:59'
+            Signature: 962575976d67babaeead5b02f75eb90413510ab88431e41e557b88607fdb1788cc2a92e9314ec15ad64a575e59ad1d56b393600e9821e2ba7e50a4e8c7a8bbac03da75a6aa19c5ea5a74e541a0ee96928771368dce74948facce20e2fde3165fb5f5a5aa1c7f1809fca417d1179e7f4f46ade45c1c9f1b9696337719ca36dc304a0df468908064e37f878eeddc42a4b417652d563615134bc7f52927f8f96717b63631df61403dbad145e56ad07a466c911fca193cbe2e013925287326bf7c4870c0a7564be57688769c742685822b853bcc7ef4d53e322ac619c85a90693ecf40674cd9286cdac7da899b50a13c69433cbc298e176d7dbecf178fffd66a79f3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 6ec5060c23b767aa5eb4fe5ddad4af2d
+            Version: 3
+            TBS:
+                MD5: 68d63143985e350ea05f95c3c989d910
+                SHA1: 35d4099366238cdf0d0568367df87e76a721e4e4
+                SHA256: 565f57952c378ad23755193c410d80a4b4cf11374e8d68ae7ad35d58f7bd2705
+                SHA384: 4bd08adf5fda0e77a40698a53035b92924ac76993d1b3653da1db17f24e99f4525bdf5c31e5b2b0923bb76033f2804ac
+        -   Subject: C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 56fe535ce1c79ebca7ed7e536d6a144b518c405e805faaa4e82fef38c804c9ca3ecfdf3a584eb0d4b663c52957fa02059a454d68db2a1bd4343d9f00c35acb9549a56ee1b0c5fc414d414a6fd377c8d7388de419de18f31f1565836d450c53f90a9a2ea55dbf6f32811892196a5500ad631c52067e55d92968ae4a7c189a79886b2323d827382a298776cafbc7b662231fed7a564cdd9c325bf53d0c4618953b2a2368836441d9006d0f1924156872bdc571676eac4cdb90eb51a51a6207d0be6a00473c722fec4f613e7385ce5a0ab7bac01c1375e3223928dd6d1d09469d4fbae8408191c6a4ce94721b01cf2a6e15679589ae7db7b7cdf90a3d75b66b3c25
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47974d7873a5bcab0d2fb370192fce5e
+            Version: 3
+            TBS:
+                MD5: e3a93dc2a8a8a668fdbb286bfe9afab5
+                SHA1: 95795d2aa2a554a423bc8c6e5b0a016d14887d35
+                SHA256: d8844186775bddbccaf3dc017064df7d760fd4b85c5d07561a3efd7da950f89e
+                SHA384: 78d972495720b43a6470b18ae1226bcca20707628087717a9364c14ca053ba264e6d149718b103542d9942200138a69d
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c)
+                2006 thawte, Inc. , For authorized use only, CN=thawte Primary Root
+                CA
+            ValidFrom: '2011-02-22 19:31:57'
+            ValidTo: '2021-02-22 19:41:57'
+            Signature: 2dcc71b5e8ba94ff5ee64467007b6afc412c3ee70e41855ab12a932ba95b89f2f72b499c8003f297b8e760a80ed7fd5de545467594f4ed1c9de166228b61fb29f2c6a8bdf387c98f7f47e1c058b64a1aa2e7f718606969e083069e26c775c40c0d79da746b52b9fae8ea3359b9bb18dd291a14dfd36a37277a9da0dacffffc22c4faf009ff33e93e17ba1cc742cfce2743d30c0c5581303db96060ce02ece19ee81ddc852ce0a18d966d95ac17a4713ea16741b6281d2ce3b615e5b7e5a2f6256d86e320acf9f8314f8e629b9833376d6af735523e90feb03b5fc5b852a9e06ea0479a279e97aea24a9e531939ec357ec659de3ae0aaf533f06abda0821812dea18c4570ca2bd62e959145995a5c240049bd23b30ceca43df5b9e1d1b1825a38eea3fba1ab483a8c5dffa065223fd3d3fe4990db1446a3852e8a554b09ab38b2ab63a008d1fdad48e273d812bcc26ca516fad09ac05e38383a2b718e553aac42197a1f0d4220e7ab5d8c6880524ca1c0d488d02321fb901309007b4937afa9df486022abf4f6c2363bf8513c34bbc586e43ae19f4b90fe5461024b159c34176aa94b8d4cb69d2326c83af1d6b805cdda1d6240183a2f1b41cd3a993a0aa9d1d77eb8c4aff7b8c980105ed55df6ce7a9a02c50f6381efb564e9fc5bd8d2619a68c37cf9c78df91e87d5fa2cf816ae9dab068fc86dc741cda14e84e3dac26ebcfb
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611fb0a400000000001d
+            Version: 3
+            TBS:
+                MD5: a3f222107d4e1085e73b5b589c2f480b
+                SHA1: b94aa26cd77c48d91a53ac44506cbd255e1d362c
+                SHA256: a39ed0d6fd4eb1a6f7fed60f726e23eae668b7591bc004644625d22c701213fa
+                SHA384: 64b7643e4146016cbf83c911eb67e4601b6bb8d66f8ee8dcee67b815f91770d86ab23678b984430f22a963e5484881b7
+        Signer:
+        -   SerialNumber: 6ec5060c23b767aa5eb4fe5ddad4af2d
+            Issuer: C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2
+            Version: 1
+    RichPEHeaderHash:
+        MD5: c0dd09e67568ab2d2c9c23068e3b0513
+        SHA1: 127bf4285eb012e949c1a03cfddaa341831cabc3
+        SHA256: d8598c15bc86d1af978e3f3329dd455a1b4a34d9a8ff02a0139079f54a048411
+    Sections:
+        .text:
+            Entropy: 6.070861673756494
+            Virtual Size: '0x42e4'
+        .rdata:
+            Entropy: 4.169165234387521
+            Virtual Size: '0x424'
+        .data:
+            Entropy: 0.8622020313988807
+            Virtual Size: '0x138'
+        .pdata:
+            Entropy: 3.868763621456546
+            Virtual Size: '0x114'
+        PAGE:
+            Entropy: 5.399340200550161
+            Virtual Size: '0x108'
+        INIT:
+            Entropy: 5.226965938564804
+            Virtual Size: '0x80e'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2014-03-10 10:47:29'
+    Imphash: 9521d8684357766840dbcac2b4cee67d
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: DirectIo64.sys
+    MD5: f41eea88057d3dd1a56027c4174eed22
+    SHA1: 13572d36428ef32cfed3af7a8bb011ee756302b0
+    SHA256: 72c0d2d699d0440db17cb7cbbc06a253eaafd21465f14bb0fed8b85ae73153d1
+    Authentihash:
+        MD5: 598c5fa89cbf0dbcdf6b252cac71aecd
+        SHA1: 02a7e085631ecfe031b76afa883a266c850ed61b
+        SHA256: fb5e65aec819c5a91ef0ce0fec0a957826b5e1ac9bac559a1b4201a3870462a3
+    Description: ''
+    Company: ''
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    Product: ''
+    ProductVersion: ''
+    Copyright: ''
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoWriteErrorLogEntry
+    - IoBuildDeviceIoControlRequest
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - NtBuildNumber
+    - IoBuildSynchronousFsdRequest
+    - ZwMapViewOfSection
+    - RtlInitUnicodeString
+    - RtlIntegerToUnicodeString
+    - IoDeleteDevice
+    - RtlAppendUnicodeToString
+    - KeInitializeEvent
+    - RtlQueryRegistryValues
+    - MmUnmapIoSpace
+    - MmBuildMdlForNonPagedPool
+    - IoFreeMdl
+    - IoAllocateErrorLogEntry
+    - IoDriverObjectType
+    - ZwCreateFile
+    - wcsrchr
+    - MmMapLockedPagesSpecifyCache
+    - IoGetDeviceObjectPointer
+    - ZwQueryValueKey
+    - ZwUnmapViewOfSection
+    - _vsnwprintf
+    - MmMapIoSpace
+    - ZwClose
+    - RtlAppendUnicodeStringToString
+    - ExAllocatePoolWithTag
+    - ObReferenceObjectByHandle
+    - KeWaitForSingleObject
+    - RtlWriteRegistryValue
+    - IoGetAttachedDeviceReference
+    - IoCreateSymbolicLink
+    - ObfDereferenceObject
+    - ObReferenceObjectByName
+    - IoCreateDevice
+    - RtlAssert
+    - IoEnumerateDeviceObjectList
+    - MmGetPhysicalMemoryRanges
+    - ZwWriteFile
+    - IoGetDeviceProperty
+    - ZwOpenSection
+    - DbgPrintEx
+    - ObReferenceObjectByPointer
+    - PsGetProcessId
+    - DbgPrint
+    - IoAllocateMdl
+    - IofCallDriver
+    - ZwOpenKey
+    - KeQueryActiveProcessors
+    - KeLeaveCriticalRegion
+    - MmGetSystemRoutineAddress
+    - KdSystemDebugControl
+    - KeEnterCriticalRegion
+    - KdDebuggerEnabled
+    - KeBugCheckEx
+    - IofCompleteRequest
+    - MmUnmapLockedPages
+    - __C_specific_handler
+    - KeStallExecutionProcessor
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=AU, ST=New South Wales, L=Sydney, O=PassMark Software Pty Ltd,
+                OU=Secure Application Development, CN=PassMark Software Pty Ltd
+            ValidFrom: '2013-01-14 00:00:00'
+            ValidTo: '2015-01-14 23:59:59'
+            Signature: 962575976d67babaeead5b02f75eb90413510ab88431e41e557b88607fdb1788cc2a92e9314ec15ad64a575e59ad1d56b393600e9821e2ba7e50a4e8c7a8bbac03da75a6aa19c5ea5a74e541a0ee96928771368dce74948facce20e2fde3165fb5f5a5aa1c7f1809fca417d1179e7f4f46ade45c1c9f1b9696337719ca36dc304a0df468908064e37f878eeddc42a4b417652d563615134bc7f52927f8f96717b63631df61403dbad145e56ad07a466c911fca193cbe2e013925287326bf7c4870c0a7564be57688769c742685822b853bcc7ef4d53e322ac619c85a90693ecf40674cd9286cdac7da899b50a13c69433cbc298e176d7dbecf178fffd66a79f3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 6ec5060c23b767aa5eb4fe5ddad4af2d
+            Version: 3
+            TBS:
+                MD5: 68d63143985e350ea05f95c3c989d910
+                SHA1: 35d4099366238cdf0d0568367df87e76a721e4e4
+                SHA256: 565f57952c378ad23755193c410d80a4b4cf11374e8d68ae7ad35d58f7bd2705
+                SHA384: 4bd08adf5fda0e77a40698a53035b92924ac76993d1b3653da1db17f24e99f4525bdf5c31e5b2b0923bb76033f2804ac
+        -   Subject: C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 56fe535ce1c79ebca7ed7e536d6a144b518c405e805faaa4e82fef38c804c9ca3ecfdf3a584eb0d4b663c52957fa02059a454d68db2a1bd4343d9f00c35acb9549a56ee1b0c5fc414d414a6fd377c8d7388de419de18f31f1565836d450c53f90a9a2ea55dbf6f32811892196a5500ad631c52067e55d92968ae4a7c189a79886b2323d827382a298776cafbc7b662231fed7a564cdd9c325bf53d0c4618953b2a2368836441d9006d0f1924156872bdc571676eac4cdb90eb51a51a6207d0be6a00473c722fec4f613e7385ce5a0ab7bac01c1375e3223928dd6d1d09469d4fbae8408191c6a4ce94721b01cf2a6e15679589ae7db7b7cdf90a3d75b66b3c25
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47974d7873a5bcab0d2fb370192fce5e
+            Version: 3
+            TBS:
+                MD5: e3a93dc2a8a8a668fdbb286bfe9afab5
+                SHA1: 95795d2aa2a554a423bc8c6e5b0a016d14887d35
+                SHA256: d8844186775bddbccaf3dc017064df7d760fd4b85c5d07561a3efd7da950f89e
+                SHA384: 78d972495720b43a6470b18ae1226bcca20707628087717a9364c14ca053ba264e6d149718b103542d9942200138a69d
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c)
+                2006 thawte, Inc. , For authorized use only, CN=thawte Primary Root
+                CA
+            ValidFrom: '2011-02-22 19:31:57'
+            ValidTo: '2021-02-22 19:41:57'
+            Signature: 2dcc71b5e8ba94ff5ee64467007b6afc412c3ee70e41855ab12a932ba95b89f2f72b499c8003f297b8e760a80ed7fd5de545467594f4ed1c9de166228b61fb29f2c6a8bdf387c98f7f47e1c058b64a1aa2e7f718606969e083069e26c775c40c0d79da746b52b9fae8ea3359b9bb18dd291a14dfd36a37277a9da0dacffffc22c4faf009ff33e93e17ba1cc742cfce2743d30c0c5581303db96060ce02ece19ee81ddc852ce0a18d966d95ac17a4713ea16741b6281d2ce3b615e5b7e5a2f6256d86e320acf9f8314f8e629b9833376d6af735523e90feb03b5fc5b852a9e06ea0479a279e97aea24a9e531939ec357ec659de3ae0aaf533f06abda0821812dea18c4570ca2bd62e959145995a5c240049bd23b30ceca43df5b9e1d1b1825a38eea3fba1ab483a8c5dffa065223fd3d3fe4990db1446a3852e8a554b09ab38b2ab63a008d1fdad48e273d812bcc26ca516fad09ac05e38383a2b718e553aac42197a1f0d4220e7ab5d8c6880524ca1c0d488d02321fb901309007b4937afa9df486022abf4f6c2363bf8513c34bbc586e43ae19f4b90fe5461024b159c34176aa94b8d4cb69d2326c83af1d6b805cdda1d6240183a2f1b41cd3a993a0aa9d1d77eb8c4aff7b8c980105ed55df6ce7a9a02c50f6381efb564e9fc5bd8d2619a68c37cf9c78df91e87d5fa2cf816ae9dab068fc86dc741cda14e84e3dac26ebcfb
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611fb0a400000000001d
+            Version: 3
+            TBS:
+                MD5: a3f222107d4e1085e73b5b589c2f480b
+                SHA1: b94aa26cd77c48d91a53ac44506cbd255e1d362c
+                SHA256: a39ed0d6fd4eb1a6f7fed60f726e23eae668b7591bc004644625d22c701213fa
+                SHA384: 64b7643e4146016cbf83c911eb67e4601b6bb8d66f8ee8dcee67b815f91770d86ab23678b984430f22a963e5484881b7
+        Signer:
+        -   SerialNumber: 6ec5060c23b767aa5eb4fe5ddad4af2d
+            Issuer: C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2
+            Version: 1
+    RichPEHeaderHash:
+        MD5: c0dd09e67568ab2d2c9c23068e3b0513
+        SHA1: 127bf4285eb012e949c1a03cfddaa341831cabc3
+        SHA256: d8598c15bc86d1af978e3f3329dd455a1b4a34d9a8ff02a0139079f54a048411
+    Sections:
+        .text:
+            Entropy: 6.064617162342917
+            Virtual Size: '0x4224'
+        .rdata:
+            Entropy: 4.145854785674114
+            Virtual Size: '0x424'
+        .data:
+            Entropy: 0.8622020313988807
+            Virtual Size: '0x138'
+        .pdata:
+            Entropy: 3.8957330632203844
+            Virtual Size: '0x114'
+        PAGE:
+            Entropy: 5.406915958125919
+            Virtual Size: '0x108'
+        INIT:
+            Entropy: 5.226965938564804
+            Virtual Size: '0x80e'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2013-11-25 12:43:27'
+    Imphash: 9521d8684357766840dbcac2b4cee67d
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: DirectIo64.sys
+    MD5: c4f5619ce04d4bee38024d08513c77fd
+    SHA1: 4c6ec22bc10947d089167b19d83a26bdd69f0dd1
+    SHA256: 79e87b93fbed84ec09261b3a0145c935f7dfe4d4805edfb563b2f971a0d51463
+    Authentihash:
+        MD5: 060c97a44e53086add25404d8694d094
+        SHA1: 66941573dafd7259cba113c0fa9eaccd347355fd
+        SHA256: a520ff5c754a1fb62ba88399a313d0c0fb99145ba2d3d91dbf4282388b77fa84
+    Description: ''
+    Company: ''
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    Product: ''
+    ProductVersion: ''
+    Copyright: ''
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoWriteErrorLogEntry
+    - IoBuildDeviceIoControlRequest
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - NtBuildNumber
+    - IoBuildSynchronousFsdRequest
+    - ZwMapViewOfSection
+    - RtlInitUnicodeString
+    - RtlIntegerToUnicodeString
+    - IoDeleteDevice
+    - RtlAppendUnicodeToString
+    - KeInitializeEvent
+    - RtlQueryRegistryValues
+    - MmUnmapIoSpace
+    - MmBuildMdlForNonPagedPool
+    - IoFreeMdl
+    - IoAllocateErrorLogEntry
+    - IoDriverObjectType
+    - ZwCreateFile
+    - wcsrchr
+    - MmMapLockedPagesSpecifyCache
+    - IoGetDeviceObjectPointer
+    - ZwQueryValueKey
+    - ZwUnmapViewOfSection
+    - _vsnwprintf
+    - MmMapIoSpace
+    - ZwClose
+    - RtlAppendUnicodeStringToString
+    - ExAllocatePoolWithTag
+    - ObReferenceObjectByHandle
+    - KeWaitForSingleObject
+    - RtlWriteRegistryValue
+    - IoGetAttachedDeviceReference
+    - IoCreateSymbolicLink
+    - ObfDereferenceObject
+    - ObReferenceObjectByName
+    - IoCreateDevice
+    - RtlAssert
+    - IoEnumerateDeviceObjectList
+    - MmGetPhysicalMemoryRanges
+    - ZwWriteFile
+    - IoGetDeviceProperty
+    - ZwOpenSection
+    - DbgPrintEx
+    - ObReferenceObjectByPointer
+    - PsGetProcessId
+    - DbgPrint
+    - IoAllocateMdl
+    - IofCallDriver
+    - ZwOpenKey
+    - KeQueryActiveProcessors
+    - KeLeaveCriticalRegion
+    - MmGetSystemRoutineAddress
+    - KdSystemDebugControl
+    - KeEnterCriticalRegion
+    - KdDebuggerEnabled
+    - KeBugCheckEx
+    - IofCompleteRequest
+    - MmUnmapLockedPages
+    - __C_specific_handler
+    - KeStallExecutionProcessor
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=AU, ST=New South Wales, L=Sydney, O=PassMark Software Pty Ltd,
+                OU=Secure Application Development, CN=PassMark Software Pty Ltd
+            ValidFrom: '2013-01-14 00:00:00'
+            ValidTo: '2015-01-14 23:59:59'
+            Signature: 962575976d67babaeead5b02f75eb90413510ab88431e41e557b88607fdb1788cc2a92e9314ec15ad64a575e59ad1d56b393600e9821e2ba7e50a4e8c7a8bbac03da75a6aa19c5ea5a74e541a0ee96928771368dce74948facce20e2fde3165fb5f5a5aa1c7f1809fca417d1179e7f4f46ade45c1c9f1b9696337719ca36dc304a0df468908064e37f878eeddc42a4b417652d563615134bc7f52927f8f96717b63631df61403dbad145e56ad07a466c911fca193cbe2e013925287326bf7c4870c0a7564be57688769c742685822b853bcc7ef4d53e322ac619c85a90693ecf40674cd9286cdac7da899b50a13c69433cbc298e176d7dbecf178fffd66a79f3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 6ec5060c23b767aa5eb4fe5ddad4af2d
+            Version: 3
+            TBS:
+                MD5: 68d63143985e350ea05f95c3c989d910
+                SHA1: 35d4099366238cdf0d0568367df87e76a721e4e4
+                SHA256: 565f57952c378ad23755193c410d80a4b4cf11374e8d68ae7ad35d58f7bd2705
+                SHA384: 4bd08adf5fda0e77a40698a53035b92924ac76993d1b3653da1db17f24e99f4525bdf5c31e5b2b0923bb76033f2804ac
+        -   Subject: C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 56fe535ce1c79ebca7ed7e536d6a144b518c405e805faaa4e82fef38c804c9ca3ecfdf3a584eb0d4b663c52957fa02059a454d68db2a1bd4343d9f00c35acb9549a56ee1b0c5fc414d414a6fd377c8d7388de419de18f31f1565836d450c53f90a9a2ea55dbf6f32811892196a5500ad631c52067e55d92968ae4a7c189a79886b2323d827382a298776cafbc7b662231fed7a564cdd9c325bf53d0c4618953b2a2368836441d9006d0f1924156872bdc571676eac4cdb90eb51a51a6207d0be6a00473c722fec4f613e7385ce5a0ab7bac01c1375e3223928dd6d1d09469d4fbae8408191c6a4ce94721b01cf2a6e15679589ae7db7b7cdf90a3d75b66b3c25
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47974d7873a5bcab0d2fb370192fce5e
+            Version: 3
+            TBS:
+                MD5: e3a93dc2a8a8a668fdbb286bfe9afab5
+                SHA1: 95795d2aa2a554a423bc8c6e5b0a016d14887d35
+                SHA256: d8844186775bddbccaf3dc017064df7d760fd4b85c5d07561a3efd7da950f89e
+                SHA384: 78d972495720b43a6470b18ae1226bcca20707628087717a9364c14ca053ba264e6d149718b103542d9942200138a69d
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c)
+                2006 thawte, Inc. , For authorized use only, CN=thawte Primary Root
+                CA
+            ValidFrom: '2011-02-22 19:31:57'
+            ValidTo: '2021-02-22 19:41:57'
+            Signature: 2dcc71b5e8ba94ff5ee64467007b6afc412c3ee70e41855ab12a932ba95b89f2f72b499c8003f297b8e760a80ed7fd5de545467594f4ed1c9de166228b61fb29f2c6a8bdf387c98f7f47e1c058b64a1aa2e7f718606969e083069e26c775c40c0d79da746b52b9fae8ea3359b9bb18dd291a14dfd36a37277a9da0dacffffc22c4faf009ff33e93e17ba1cc742cfce2743d30c0c5581303db96060ce02ece19ee81ddc852ce0a18d966d95ac17a4713ea16741b6281d2ce3b615e5b7e5a2f6256d86e320acf9f8314f8e629b9833376d6af735523e90feb03b5fc5b852a9e06ea0479a279e97aea24a9e531939ec357ec659de3ae0aaf533f06abda0821812dea18c4570ca2bd62e959145995a5c240049bd23b30ceca43df5b9e1d1b1825a38eea3fba1ab483a8c5dffa065223fd3d3fe4990db1446a3852e8a554b09ab38b2ab63a008d1fdad48e273d812bcc26ca516fad09ac05e38383a2b718e553aac42197a1f0d4220e7ab5d8c6880524ca1c0d488d02321fb901309007b4937afa9df486022abf4f6c2363bf8513c34bbc586e43ae19f4b90fe5461024b159c34176aa94b8d4cb69d2326c83af1d6b805cdda1d6240183a2f1b41cd3a993a0aa9d1d77eb8c4aff7b8c980105ed55df6ce7a9a02c50f6381efb564e9fc5bd8d2619a68c37cf9c78df91e87d5fa2cf816ae9dab068fc86dc741cda14e84e3dac26ebcfb
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611fb0a400000000001d
+            Version: 3
+            TBS:
+                MD5: a3f222107d4e1085e73b5b589c2f480b
+                SHA1: b94aa26cd77c48d91a53ac44506cbd255e1d362c
+                SHA256: a39ed0d6fd4eb1a6f7fed60f726e23eae668b7591bc004644625d22c701213fa
+                SHA384: 64b7643e4146016cbf83c911eb67e4601b6bb8d66f8ee8dcee67b815f91770d86ab23678b984430f22a963e5484881b7
+        Signer:
+        -   SerialNumber: 6ec5060c23b767aa5eb4fe5ddad4af2d
+            Issuer: C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 60d97484717f8475ef06d2e05a675115
+        SHA1: 98c4c1dfb1199f034f0c4226bc78f36998244f67
+        SHA256: 3a94fb83d4e281afc34ff770fcd692305d3dc479955918656fb53c82d5121d34
+    Sections:
+        .text:
+            Entropy: 5.51193742230065
+            Virtual Size: '0x619d'
+        .rdata:
+            Entropy: 3.751375750300176
+            Virtual Size: '0x3c8'
+        .data:
+            Entropy: 0.8808638227277628
+            Virtual Size: '0x130'
+        .pdata:
+            Entropy: 3.927374807869365
+            Virtual Size: '0x1e0'
+        PAGE:
+            Entropy: 5.2771074199280354
+            Virtual Size: '0x118'
+        INIT:
+            Entropy: 5.235595172767805
+            Virtual Size: '0x80e'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2014-03-27 21:48:42'
+    Imphash: 9521d8684357766840dbcac2b4cee67d
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: DirectIo64.sys
+    MD5: 5093f38d597532d59d4df9018056f0d1
+    SHA1: 0904b8fa4654197eefd6380c81bbb2149ffe0634
+    SHA256: 8939116df1d6c8fd0ebd14b2d37b3dec38a8820aa666ecd487bc1bb794f2a587
+    Authentihash:
+        MD5: 5789f4f652c129f3cfa28290ffad8672
+        SHA1: 706686f2a1ef4738a1856d01ab10eb730fc7b327
+        SHA256: 9996b31234ba736fc2c6f2b75f641e25d156f19d6ac84cf85283fde08a714842
+    Description: ''
+    Company: ''
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    Product: ''
+    ProductVersion: ''
+    Copyright: ''
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - RtlInitUnicodeString
+    - RtlQueryRegistryValues
+    - MmGetSystemRoutineAddress
+    - RtlWriteRegistryValue
+    - RtlAppendUnicodeStringToString
+    - RtlAppendUnicodeToString
+    - DbgPrintEx
+    - RtlGetVersion
+    - KeInitializeEvent
+    - KeWaitForSingleObject
+    - ExAllocatePoolWithTag
+    - ExAllocatePoolWithQuotaTag
+    - ExFreePoolWithTag
+    - MmBuildMdlForNonPagedPool
+    - MmMapLockedPagesSpecifyCache
+    - MmUnmapLockedPages
+    - MmMapIoSpace
+    - MmUnmapIoSpace
+    - IoAllocateErrorLogEntry
+    - IoAllocateMdl
+    - IoBuildDeviceIoControlRequest
+    - IoBuildSynchronousFsdRequest
+    - IofCallDriver
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - IoFreeMdl
+    - IoGetAttachedDeviceReference
+    - IoGetDeviceObjectPointer
+    - IoWriteErrorLogEntry
+    - RtlIntegerToUnicodeString
+    - ObReferenceObjectByHandle
+    - ObReferenceObjectByPointer
+    - ObfDereferenceObject
+    - ZwCreateFile
+    - ZwWriteFile
+    - ZwClose
+    - ZwOpenSection
+    - ZwMapViewOfSection
+    - ZwUnmapViewOfSection
+    - ZwOpenKey
+    - ZwQueryValueKey
+    - MmGetPhysicalMemoryRanges
+    - PsGetProcessId
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - IoEnumerateDeviceObjectList
+    - ObQueryNameString
+    - _vsnwprintf
+    - ObReferenceObjectByName
+    - __C_specific_handler
+    - IoFileObjectType
+    - PsProcessType
+    - PsInitialSystemProcess
+    - NtBuildNumber
+    - IoDriverObjectType
+    - KeEnterCriticalRegion
+    - KeLeaveCriticalRegion
+    - KdSystemDebugControl
+    - KdDebuggerEnabled
+    - KeQueryActiveProcessors
+    - KeBugCheckEx
+    - IoGetDeviceProperty
+    - wcsrchr
+    - KeStallExecutionProcessor
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 56fe535ce1c79ebca7ed7e536d6a144b518c405e805faaa4e82fef38c804c9ca3ecfdf3a584eb0d4b663c52957fa02059a454d68db2a1bd4343d9f00c35acb9549a56ee1b0c5fc414d414a6fd377c8d7388de419de18f31f1565836d450c53f90a9a2ea55dbf6f32811892196a5500ad631c52067e55d92968ae4a7c189a79886b2323d827382a298776cafbc7b662231fed7a564cdd9c325bf53d0c4618953b2a2368836441d9006d0f1924156872bdc571676eac4cdb90eb51a51a6207d0be6a00473c722fec4f613e7385ce5a0ab7bac01c1375e3223928dd6d1d09469d4fbae8408191c6a4ce94721b01cf2a6e15679589ae7db7b7cdf90a3d75b66b3c25
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47974d7873a5bcab0d2fb370192fce5e
+            Version: 3
+            TBS:
+                MD5: e3a93dc2a8a8a668fdbb286bfe9afab5
+                SHA1: 95795d2aa2a554a423bc8c6e5b0a016d14887d35
+                SHA256: d8844186775bddbccaf3dc017064df7d760fd4b85c5d07561a3efd7da950f89e
+                SHA384: 78d972495720b43a6470b18ae1226bcca20707628087717a9364c14ca053ba264e6d149718b103542d9942200138a69d
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=AU, ST=New South Wales, L=Sydney, O=PassMark Software Pty Ltd,
+                OU=Secure Application Development, CN=PassMark Software Pty Ltd
+            ValidFrom: '2014-10-23 00:00:00'
+            ValidTo: '2017-01-13 23:59:59'
+            Signature: 2a7625d379f9d98000b6a91746a285e932f9b02086b92f0f5511369a2fe6917b6b0b1f833094654288a1b282fe4057f84aa07a68c19a460d989c2935df87248a85456b058fcb53b1a5f3d037735374336fb58c1ff3d8973017b0aefac3e114f0d439239b2c7f3e1ef073bd38748dfd81ad871e50e71ece4cb43d44de9b36f13240b52c20a02a74581ba72f526f8362bf8bff2e51884cfdaf89859fe8ffd32e82d36745d05754c7161ee5945647d6fb907f347f0448761bf6dcd40ead8a425b4e575fc13ce3a74d1b99504a6db112fb1fb930c11488f702bc9fc78f278c4a987fa4de2382839206d25290cb74895c82be23d5d44002745c4e7a3cab28f42583f1
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 5ece8cdb4d508efee821a7cfff5b8016
+            Version: 3
+            TBS:
+                MD5: fbbc2fd31bef7df6deb6127e593c71bb
+                SHA1: 82b8bf771c8f1b038935f84e2a41a37c30650003
+                SHA256: ed0d4e6cc774379d4622d107da1a202d9f330e7a68b03abd182ec86685ec7067
+                SHA384: d774707c21ab68e089c3a431d1a85fa8037cf9f5148930ffecb95f979603ee80322b6bdd156d49d85b3a91d527f6034a
+        -   Subject: C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c)
+                2006 thawte, Inc. , For authorized use only, CN=thawte Primary Root
+                CA
+            ValidFrom: '2011-02-22 19:31:57'
+            ValidTo: '2021-02-22 19:41:57'
+            Signature: 2dcc71b5e8ba94ff5ee64467007b6afc412c3ee70e41855ab12a932ba95b89f2f72b499c8003f297b8e760a80ed7fd5de545467594f4ed1c9de166228b61fb29f2c6a8bdf387c98f7f47e1c058b64a1aa2e7f718606969e083069e26c775c40c0d79da746b52b9fae8ea3359b9bb18dd291a14dfd36a37277a9da0dacffffc22c4faf009ff33e93e17ba1cc742cfce2743d30c0c5581303db96060ce02ece19ee81ddc852ce0a18d966d95ac17a4713ea16741b6281d2ce3b615e5b7e5a2f6256d86e320acf9f8314f8e629b9833376d6af735523e90feb03b5fc5b852a9e06ea0479a279e97aea24a9e531939ec357ec659de3ae0aaf533f06abda0821812dea18c4570ca2bd62e959145995a5c240049bd23b30ceca43df5b9e1d1b1825a38eea3fba1ab483a8c5dffa065223fd3d3fe4990db1446a3852e8a554b09ab38b2ab63a008d1fdad48e273d812bcc26ca516fad09ac05e38383a2b718e553aac42197a1f0d4220e7ab5d8c6880524ca1c0d488d02321fb901309007b4937afa9df486022abf4f6c2363bf8513c34bbc586e43ae19f4b90fe5461024b159c34176aa94b8d4cb69d2326c83af1d6b805cdda1d6240183a2f1b41cd3a993a0aa9d1d77eb8c4aff7b8c980105ed55df6ce7a9a02c50f6381efb564e9fc5bd8d2619a68c37cf9c78df91e87d5fa2cf816ae9dab068fc86dc741cda14e84e3dac26ebcfb
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611fb0a400000000001d
+            Version: 3
+            TBS:
+                MD5: a3f222107d4e1085e73b5b589c2f480b
+                SHA1: b94aa26cd77c48d91a53ac44506cbd255e1d362c
+                SHA256: a39ed0d6fd4eb1a6f7fed60f726e23eae668b7591bc004644625d22c701213fa
+                SHA384: 64b7643e4146016cbf83c911eb67e4601b6bb8d66f8ee8dcee67b815f91770d86ab23678b984430f22a963e5484881b7
+        Signer:
+        -   SerialNumber: 5ece8cdb4d508efee821a7cfff5b8016
+            Issuer: C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 2d9837832c7bb405ef52015ec58eee73
+        SHA1: 2d62189a9364c24794416e15bd840aa1cdb25883
+        SHA256: cf243b5653eaf18b0053550b15395fecde2a3b4d63b0d8ac399a601008c9505d
+    Sections:
+        .text:
+            Entropy: 6.1001997862429445
+            Virtual Size: '0x3b0a'
+        .rdata:
+            Entropy: 4.048184411054468
+            Virtual Size: '0x63c'
+        .data:
+            Entropy: 3.084567508161912
+            Virtual Size: '0x38'
+        .pdata:
+            Entropy: 3.9180819477965816
+            Virtual Size: '0x18c'
+        PAGE:
+            Entropy: 5.077856341041481
+            Virtual Size: '0xa8'
+        INIT:
+            Entropy: 5.283284747085455
+            Virtual Size: '0x8e8'
+        .reloc:
+            Entropy: 2.091917186688699
+            Virtual Size: '0x10'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2016-08-25 17:13:06'
+    Imphash: 832f0fb3579a07b1c4bec82b4478306b
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: DirectIo64.sys
+    MD5: 790ccca8341919bb8bb49262a21fca0e
+    SHA1: 61f5904e9ff0d7e83ad89f0e7a3741e7f2fbf799
+    SHA256: 9778136d2441439dc470861d15d96fa21dc9f16225232cd05b76791a5e0fde6f
+    Authentihash:
+        MD5: 7b9da0ee121248056b6ff192abd03ccb
+        SHA1: 8ec43d1def8bb20354aeba49a9084bacd2c02817
+        SHA256: ad44cfd9c6262a6ff36ee9d03e59ba4b0524ef87f6b980ce15abb10a35d39f88
+    Description: ''
+    Company: ''
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    Product: ''
+    ProductVersion: ''
+    Copyright: ''
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoWriteErrorLogEntry
+    - IoBuildDeviceIoControlRequest
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - NtBuildNumber
+    - IoBuildSynchronousFsdRequest
+    - ZwMapViewOfSection
+    - RtlInitUnicodeString
+    - RtlIntegerToUnicodeString
+    - IoDeleteDevice
+    - RtlAppendUnicodeToString
+    - KeInitializeEvent
+    - RtlQueryRegistryValues
+    - MmUnmapIoSpace
+    - MmBuildMdlForNonPagedPool
+    - IoFreeMdl
+    - IoAllocateErrorLogEntry
+    - IoDriverObjectType
+    - ZwCreateFile
+    - wcsrchr
+    - MmMapLockedPagesSpecifyCache
+    - IoGetDeviceObjectPointer
+    - ZwQueryValueKey
+    - ZwUnmapViewOfSection
+    - _vsnwprintf
+    - MmMapIoSpace
+    - ZwClose
+    - RtlAppendUnicodeStringToString
+    - ExAllocatePoolWithTag
+    - ObReferenceObjectByHandle
+    - KeWaitForSingleObject
+    - RtlWriteRegistryValue
+    - IoGetAttachedDeviceReference
+    - IoCreateSymbolicLink
+    - ObfDereferenceObject
+    - ObReferenceObjectByName
+    - IoCreateDevice
+    - RtlAssert
+    - IoEnumerateDeviceObjectList
+    - MmGetPhysicalMemoryRanges
+    - ZwWriteFile
+    - IoGetDeviceProperty
+    - ZwOpenSection
+    - DbgPrintEx
+    - ObReferenceObjectByPointer
+    - PsGetProcessId
+    - DbgPrint
+    - IoAllocateMdl
+    - IofCallDriver
+    - ZwOpenKey
+    - KeQueryActiveProcessors
+    - KeLeaveCriticalRegion
+    - MmGetSystemRoutineAddress
+    - KdSystemDebugControl
+    - KeEnterCriticalRegion
+    - KdDebuggerEnabled
+    - KeBugCheckEx
+    - IofCompleteRequest
+    - MmUnmapLockedPages
+    - __C_specific_handler
+    - KeStallExecutionProcessor
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 56fe535ce1c79ebca7ed7e536d6a144b518c405e805faaa4e82fef38c804c9ca3ecfdf3a584eb0d4b663c52957fa02059a454d68db2a1bd4343d9f00c35acb9549a56ee1b0c5fc414d414a6fd377c8d7388de419de18f31f1565836d450c53f90a9a2ea55dbf6f32811892196a5500ad631c52067e55d92968ae4a7c189a79886b2323d827382a298776cafbc7b662231fed7a564cdd9c325bf53d0c4618953b2a2368836441d9006d0f1924156872bdc571676eac4cdb90eb51a51a6207d0be6a00473c722fec4f613e7385ce5a0ab7bac01c1375e3223928dd6d1d09469d4fbae8408191c6a4ce94721b01cf2a6e15679589ae7db7b7cdf90a3d75b66b3c25
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47974d7873a5bcab0d2fb370192fce5e
+            Version: 3
+            TBS:
+                MD5: e3a93dc2a8a8a668fdbb286bfe9afab5
+                SHA1: 95795d2aa2a554a423bc8c6e5b0a016d14887d35
+                SHA256: d8844186775bddbccaf3dc017064df7d760fd4b85c5d07561a3efd7da950f89e
+                SHA384: 78d972495720b43a6470b18ae1226bcca20707628087717a9364c14ca053ba264e6d149718b103542d9942200138a69d
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=AU, ST=New South Wales, L=Sydney, O=PassMark Software Pty Ltd,
+                OU=Secure Application Development, CN=PassMark Software Pty Ltd
+            ValidFrom: '2014-10-23 00:00:00'
+            ValidTo: '2017-01-13 23:59:59'
+            Signature: 2a7625d379f9d98000b6a91746a285e932f9b02086b92f0f5511369a2fe6917b6b0b1f833094654288a1b282fe4057f84aa07a68c19a460d989c2935df87248a85456b058fcb53b1a5f3d037735374336fb58c1ff3d8973017b0aefac3e114f0d439239b2c7f3e1ef073bd38748dfd81ad871e50e71ece4cb43d44de9b36f13240b52c20a02a74581ba72f526f8362bf8bff2e51884cfdaf89859fe8ffd32e82d36745d05754c7161ee5945647d6fb907f347f0448761bf6dcd40ead8a425b4e575fc13ce3a74d1b99504a6db112fb1fb930c11488f702bc9fc78f278c4a987fa4de2382839206d25290cb74895c82be23d5d44002745c4e7a3cab28f42583f1
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 5ece8cdb4d508efee821a7cfff5b8016
+            Version: 3
+            TBS:
+                MD5: fbbc2fd31bef7df6deb6127e593c71bb
+                SHA1: 82b8bf771c8f1b038935f84e2a41a37c30650003
+                SHA256: ed0d4e6cc774379d4622d107da1a202d9f330e7a68b03abd182ec86685ec7067
+                SHA384: d774707c21ab68e089c3a431d1a85fa8037cf9f5148930ffecb95f979603ee80322b6bdd156d49d85b3a91d527f6034a
+        -   Subject: C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c)
+                2006 thawte, Inc. , For authorized use only, CN=thawte Primary Root
+                CA
+            ValidFrom: '2011-02-22 19:31:57'
+            ValidTo: '2021-02-22 19:41:57'
+            Signature: 2dcc71b5e8ba94ff5ee64467007b6afc412c3ee70e41855ab12a932ba95b89f2f72b499c8003f297b8e760a80ed7fd5de545467594f4ed1c9de166228b61fb29f2c6a8bdf387c98f7f47e1c058b64a1aa2e7f718606969e083069e26c775c40c0d79da746b52b9fae8ea3359b9bb18dd291a14dfd36a37277a9da0dacffffc22c4faf009ff33e93e17ba1cc742cfce2743d30c0c5581303db96060ce02ece19ee81ddc852ce0a18d966d95ac17a4713ea16741b6281d2ce3b615e5b7e5a2f6256d86e320acf9f8314f8e629b9833376d6af735523e90feb03b5fc5b852a9e06ea0479a279e97aea24a9e531939ec357ec659de3ae0aaf533f06abda0821812dea18c4570ca2bd62e959145995a5c240049bd23b30ceca43df5b9e1d1b1825a38eea3fba1ab483a8c5dffa065223fd3d3fe4990db1446a3852e8a554b09ab38b2ab63a008d1fdad48e273d812bcc26ca516fad09ac05e38383a2b718e553aac42197a1f0d4220e7ab5d8c6880524ca1c0d488d02321fb901309007b4937afa9df486022abf4f6c2363bf8513c34bbc586e43ae19f4b90fe5461024b159c34176aa94b8d4cb69d2326c83af1d6b805cdda1d6240183a2f1b41cd3a993a0aa9d1d77eb8c4aff7b8c980105ed55df6ce7a9a02c50f6381efb564e9fc5bd8d2619a68c37cf9c78df91e87d5fa2cf816ae9dab068fc86dc741cda14e84e3dac26ebcfb
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611fb0a400000000001d
+            Version: 3
+            TBS:
+                MD5: a3f222107d4e1085e73b5b589c2f480b
+                SHA1: b94aa26cd77c48d91a53ac44506cbd255e1d362c
+                SHA256: a39ed0d6fd4eb1a6f7fed60f726e23eae668b7591bc004644625d22c701213fa
+                SHA384: 64b7643e4146016cbf83c911eb67e4601b6bb8d66f8ee8dcee67b815f91770d86ab23678b984430f22a963e5484881b7
+        Signer:
+        -   SerialNumber: 5ece8cdb4d508efee821a7cfff5b8016
+            Issuer: C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 01a4cb96763a0183d24013962a941e5d
+        SHA1: 3d8a18343f37a0d827a99864fdbcddffd862ad86
+        SHA256: 199eee7cc9b36e80f4074461daa0607b24cf742e007b4e983e38eb85e4f22479
+    Sections:
+        .text:
+            Entropy: 6.059318111466569
+            Virtual Size: '0x42d4'
+        .rdata:
+            Entropy: 4.215605826640909
+            Virtual Size: '0x434'
+        .data:
+            Entropy: 0.8622020313988807
+            Virtual Size: '0x138'
+        .pdata:
+            Entropy: 3.864487603588554
+            Virtual Size: '0x114'
+        PAGE:
+            Entropy: 5.406915958125919
+            Virtual Size: '0x108'
+        INIT:
+            Entropy: 5.236703969449414
+            Virtual Size: '0x80e'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2015-02-15 22:32:24'
+    Imphash: 9521d8684357766840dbcac2b4cee67d
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: DirectIo64.sys
+    MD5: 7978d858168fadd05c17779da5f4695a
+    SHA1: 2db49bdf8029fdcda0a2f722219ae744eae918b0
+    SHA256: ac63c26ca43701dddaa7fb1aea535d42190f88752900a03040fd5aaa24991e25
+    Authentihash:
+        MD5: 4f19a1d2166d52af3e3590d9748e91bc
+        SHA1: f1bdd3236f43338a119d74eca730f0d464ded973
+        SHA256: 96a5b3cd7c1a6dda5b6f402e6c35ba535270467f56addc7448dbe4aa78428411
+    Description: ''
+    Company: ''
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    Product: ''
+    ProductVersion: ''
+    Copyright: ''
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - RtlInitUnicodeString
+    - RtlQueryRegistryValues
+    - MmGetSystemRoutineAddress
+    - RtlWriteRegistryValue
+    - RtlAppendUnicodeStringToString
+    - RtlAppendUnicodeToString
+    - DbgPrintEx
+    - RtlGetVersion
+    - KeInitializeEvent
+    - KeWaitForSingleObject
+    - ExAllocatePoolWithTag
+    - ExAllocatePoolWithQuotaTag
+    - ExFreePoolWithTag
+    - MmBuildMdlForNonPagedPool
+    - MmMapLockedPagesSpecifyCache
+    - MmUnmapLockedPages
+    - MmMapIoSpace
+    - MmUnmapIoSpace
+    - IoAllocateErrorLogEntry
+    - IoAllocateMdl
+    - IoBuildDeviceIoControlRequest
+    - IoBuildSynchronousFsdRequest
+    - IofCallDriver
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - IoFreeMdl
+    - IoGetAttachedDeviceReference
+    - IoGetDeviceObjectPointer
+    - RtlIntegerToUnicodeString
+    - IoGetDeviceProperty
+    - ObReferenceObjectByHandle
+    - ObReferenceObjectByPointer
+    - ObfDereferenceObject
+    - ZwCreateFile
+    - ZwWriteFile
+    - ZwClose
+    - ZwOpenSection
+    - ZwMapViewOfSection
+    - ZwUnmapViewOfSection
+    - ZwOpenKey
+    - ZwQueryValueKey
+    - MmGetPhysicalMemoryRanges
+    - PsGetProcessId
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - IoEnumerateDeviceObjectList
+    - ObQueryNameString
+    - _vsnwprintf
+    - ObReferenceObjectByName
+    - __C_specific_handler
+    - IoFileObjectType
+    - PsProcessType
+    - PsInitialSystemProcess
+    - NtBuildNumber
+    - IoDriverObjectType
+    - KeEnterCriticalRegion
+    - KeLeaveCriticalRegion
+    - KdSystemDebugControl
+    - KdDebuggerEnabled
+    - KeQueryActiveProcessors
+    - KeBugCheckEx
+    - IoWriteErrorLogEntry
+    - wcsrchr
+    - KeStallExecutionProcessor
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: ??=AU, ??=Private Organization, serialNumber=099 321 392, C=AU,
+                ST=New South Wales, L=Surry Hills, O=PassMark Software Pty Ltd, CN=PassMark
+                Software Pty Ltd
+            ValidFrom: '2018-10-18 00:00:00'
+            ValidTo: '2021-02-28 12:00:00'
+            Signature: 5c01ed6a6f6c302d1b2ff3c17bae241ce2fcd501196d753b285ea9d44ba291565fc97503fa50ba4b0abba54066e1b04ac66018e8eb06c8104515df0b903f432e04c1d486336929a4d637fe7e06197a75ad7199bfae0a3a66ea6e55cf1ba9b68e33ef35f5b46cef71f5c8b6230d459c2e843a09b01ebe5020852ac9948357f09a66ad78bc60d795fce62fb63288f5550bc6446acbe7fdad31f8dd76045d7ed50bb79dc6ee9333ad8c12b64e2e544f922dfea0586b0d1cb80c37f96fc68b20f95b104f11ef5fe49349829afe35ceecfd22c96b5f89263701f95364d4f0816bcd0bee9e40aa1b956cd4659181e05d0872f4838b3208138b67d9c03faad605f1b924
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 0d671c2c3c13676231329afa97b1ec2b
+            Version: 3
+            TBS:
+                MD5: fd290a4891edd36420e082391a96d9b0
+                SHA1: fe33d6386cb017f4d39d5b1e21861bbc387aae7a
+                SHA256: 57e2af9bbd6fed434ad5df9b194936fc6d3a1b71658bdd31c2d289f8a0f5c2e0
+                SHA384: feff93a9900bd0c3ac0d46892b5c06dc002eb55bc2daa6c4d62d20491c9f5141771c7563166751af02b2308059449e52
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA (SHA2)
+            ValidFrom: '2012-04-18 12:00:00'
+            ValidTo: '2027-04-18 12:00:00'
+            Signature: 19334a0c813337dbad36c9e4c93abbb51b2e7aa2e2f44342179ebf4ea14de1b1dbe981dd9f01f2e488d5e9fe09fd21c1ec5d80d2f0d6c143c2fe772bdbf9d79133ce6cd5b2193be62ed6c9934f88408ecde1f57ef10fc6595672e8eb6a41bd1cd546d57c49ca663815c1bfe091707787dcc98d31c90c29a233ed8de287cd898d3f1bffd5e01a978b7cda6dfba8c6b23a666b7b01b3cdd8a634ec1201ab9558a5c45357a860e6e70212a0b92364a24dbb7c81256421becfee42184397bba53706af4dff26a54d614bec4641b865ceb8799e08960b818c8a3b8fc7998ca32a6e986d5e61c696b78ab9612d93b8eb0e0443d7f5fea6f062d4996aa5c1c1f0649480
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 03f1b4e15f3a82f1149678b3d7d8475c
+            Version: 3
+            TBS:
+                MD5: 83f5de89f641d0fbf60248e10a7b9534
+                SHA1: 382a73a059a08698d6eb98c87e1b36fc750933a4
+                SHA256: eec58131dc11cd7f512501b15fdbc6074c603b68ca91f7162d5a042054edb0cf
+                SHA384: 4a25018683cabfb8ec2cad136334f37f33c89aa8540326322991d997c8adfb7faf06ab602ebd46630fe75fe3d2edc6b1
+        Signer:
+        -   SerialNumber: 0d671c2c3c13676231329afa97b1ec2b
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA (SHA2)
+            Version: 1
+    RichPEHeaderHash:
+        MD5: d450b7a57cccd5a3db68a7e806a19964
+        SHA1: 470f1d22cd3e654fab37a79b0333dd7303fdcb6a
+        SHA256: b8aec1219a4d5f9701a7efa8c8211eacb4fc3b65cf29f9361c8c9d578b26f712
+    Sections:
+        .text:
+            Entropy: 6.074038504280014
+            Virtual Size: '0x3c9a'
+        .rdata:
+            Entropy: 4.148648299864217
+            Virtual Size: '0x83c'
+        .data:
+            Entropy: 3.1174924611847556
+            Virtual Size: '0x18'
+        .pdata:
+            Entropy: 3.8748693325097565
+            Virtual Size: '0x1a4'
+        PAGE:
+            Entropy: 5.139743175424712
+            Virtual Size: '0xb8'
+        INIT:
+            Entropy: 5.280103711506725
+            Virtual Size: '0x8e8'
+        .reloc:
+            Entropy: 2.7678941476196224
+            Virtual Size: '0x18'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2020-08-11 23:44:52'
+    Imphash: cef6a450f196b28e634aa3c0655d8eda
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: DirectIo64.sys
+    MD5: d660fc7255646d5014d45c3bca9c6e20
+    SHA1: 01b95ae502aa09aabc69a0482fcc8198f7765950
+    SHA256: b2ba6efeff1860614b150916a77c9278f19d51e459e67a069ccd15f985cbc0e1
+    Authentihash:
+        MD5: 21853c3ceffa008b53f1144772a6750e
+        SHA1: 4aea4fbb9a732d57643f61f1bf3b82cebb18ab72
+        SHA256: 21a8aa12aa944658f05694243e4d7b9ba07ea24447b539d40977e9b7fa19fed1
+    Description: ''
+    Company: ''
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    Product: ''
+    ProductVersion: ''
+    Copyright: ''
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - RtlInitUnicodeString
+    - RtlQueryRegistryValues
+    - MmGetSystemRoutineAddress
+    - RtlWriteRegistryValue
+    - RtlAppendUnicodeStringToString
+    - RtlAppendUnicodeToString
+    - DbgPrintEx
+    - RtlGetVersion
+    - KeInitializeEvent
+    - KeWaitForSingleObject
+    - ExAllocatePool2
+    - ExFreePoolWithTag
+    - MmBuildMdlForNonPagedPool
+    - MmMapLockedPagesSpecifyCache
+    - MmUnmapLockedPages
+    - MmMapIoSpace
+    - MmUnmapIoSpace
+    - IoAllocateErrorLogEntry
+    - IoAllocateMdl
+    - IoBuildDeviceIoControlRequest
+    - IoBuildSynchronousFsdRequest
+    - IofCallDriver
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - IoFreeMdl
+    - IoGetAttachedDeviceReference
+    - IoGetDeviceObjectPointer
+    - IoWriteErrorLogEntry
+    - RtlIntegerToUnicodeString
+    - ObReferenceObjectByHandle
+    - ObReferenceObjectByPointer
+    - ObfDereferenceObject
+    - ZwCreateFile
+    - ZwWriteFile
+    - ZwClose
+    - ZwOpenSection
+    - ZwMapViewOfSection
+    - ZwUnmapViewOfSection
+    - ZwOpenKey
+    - ZwQueryValueKey
+    - MmGetPhysicalMemoryRanges
+    - PsGetProcessId
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - IoEnumerateDeviceObjectList
+    - ObQueryNameString
+    - _vsnwprintf
+    - ObReferenceObjectByName
+    - __C_specific_handler
+    - IoFileObjectType
+    - PsProcessType
+    - PsInitialSystemProcess
+    - NtBuildNumber
+    - IoDriverObjectType
+    - KeEnterCriticalRegion
+    - KeLeaveCriticalRegion
+    - KdSystemDebugControl
+    - KdDebuggerEnabled
+    - KeQueryActiveProcessors
+    - KeBugCheckEx
+    - IoGetDeviceProperty
+    - wcsrchr
+    - KeStallExecutionProcessor
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: serialNumber=49 099 321 392, ??=AU, ??=Private Organization,
+                C=AU, postalCode=2010, ST=New South Wales, L=Surry Hills, ??=Level
+                5 63 Foveaux Street, O=PassMark Software Pty Ltd, CN=PassMark Software
+                Pty Ltd
+            ValidFrom: '2021-01-06 00:00:00'
+            ValidTo: '2024-01-06 23:59:59'
+            Signature: 20b704815b2994a60f2bf8da03e3b563a506587e0796ca7707668d9138d0960576f873d06d5ac0d7a207b01f70b3610a0e518d5e4608cbe2c78bc694fbee783a1644c423892f6cea356af62dd9bdd6fcd121206601ed3e945e18588282a62bc21725563d3c14d08c20acbd8db092534053b2e83f4752089dd4c0a2ec0b738a2adf3360b328d17deb2efe66ecba0f46bba4a5fcc09e8e9638d344617c9079ae148fd3b5d1999ff464f88f20e358710270f53d3a31ac07f62c4b7396a393953b89e7ef635c872ba1a5158cd887bbe75dbe58036a736a87a696b2c82f7551c58effb02481e9f108ac9ce0c8aa893a4678883ae99f5def735d60650a98ed092b8167
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 00c230ef10f73148fd583fc3836a573892
+            Version: 3
+            TBS:
+                MD5: 2baec9756b3a504265976c41516baaaf
+                SHA1: ab61870aef61c26f46ca1b47b31cdb8e913e761a
+                SHA256: a3f1d66a2b69dbde47793b58177920f95c7cc03478edbdca0fcc8126c3f85c9c
+                SHA384: 8b19e693cc12862c8dbfd5af03e4205c3783a25720024b425edd461bbade11f879ccaf90811e9f856089d7df62eee26e
+        -   Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited,
+                CN=COMODO RSA Extended Validation Code Signing CA
+            ValidFrom: '2014-12-03 00:00:00'
+            ValidTo: '2029-12-02 23:59:59'
+            Signature: 664eecb716776f11e81b5d6a4ed9f28b6cb15628408bc031c49948233df80ee88097ef6d200b1f13c486fb173415e18e54f7c2b8007315e028d9dabafa8254c2f7ebbfc336d0309fe5a11c94dfef7ce8f62c78a2accf266a15a11531d6313498bd534fc48483a3c4965c3dd8fed6f954ff67936df83e2b6b2ca2087c5648813218b26eac90c1dbe4de398b86e5c7184059a4df9647bab27fb1f8570f858074380e3a58621efe52e3e6ae530986fe8f9bdb5656cc07b089c104f1530b6c6f77ecb21fecf65b4043600f1bab1854b410048ef80ee9cb83b17af2344e6a544ce9832ae9b030251cce628e0eeb85e629feb14ae3f2ae3c91f54ca1bec8170e5cbb424de31a8a92cd3e207edde975b1ea1f745c9e54c29437b261dd0716597f968016e099b5d26eb0c9230615acd123f4338bce75f0c186d3ffe12efa904ffe46f9bbdb4fbbb7fed10d2b04f1d2d195852c8a2eb88556f2c38452a1e933b1eb50c8a1b09fe3c38b3a879ee755d3d36d3417300d68220bd5b9ed733572c3eda737cde343ae45cd34bf28ca8762ed43a4affacb31cb215861465eb6c67aa61e532aa8f85c511f3a5a100f28c0e4748b74c604aaf84b26280a3289db9d2a60716ac3964e16b963bf6195678c4b2ebbb04e83e94d31e58e2722f53c267b4491d3d45af0d37cf438be149a990e8bb15beae48b0f119d7742821c5c3ad4daab882f8d573054
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.12
+            IsCertificateAuthority: true
+            SerialNumber: 6dd472eb02ae0406e3dd843f5fe145e1
+            Version: 3
+            TBS:
+                MD5: e3898a5cae592360ce7bfdf5ff3fb13f
+                SHA1: 217c51b90dbb7f0528e8ba170d227f647fbc995b
+                SHA256: 3a9b4006a9e125b4458344389c86dfb4f6728848b9871654c615a138514d02ec
+                SHA384: fcd8dd15125f14b84fec55838806355ec3787407188bac83c2c0d6c841adf9ac76ee83eccc5c9463f1f88fc5295a31ee
+        Signer:
+        -   SerialNumber: 00c230ef10f73148fd583fc3836a573892
+            Issuer: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO
+                RSA Extended Validation Code Signing CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 621804db6195b161c159119ad1fdbe41
+        SHA1: b33b574a8975351a15155943dc77f3f5c78bd505
+        SHA256: 960e71301913e91402d391fb433fa2ef911efc4815b7e8d40a0f3b7678a3d921
+    Sections:
+        .text:
+            Entropy: 6.077838124140272
+            Virtual Size: '0x3daa'
+        .rdata:
+            Entropy: 3.9535065165874417
+            Virtual Size: '0x990'
+        .data:
+            Entropy: 1.301963518657283
+            Virtual Size: '0x58'
+        .pdata:
+            Entropy: 3.970239889641578
+            Virtual Size: '0x1c8'
+        PAGE:
+            Entropy: 5.139743175424712
+            Virtual Size: '0xb8'
+        INIT:
+            Entropy: 5.2866904768043925
+            Virtual Size: '0x8bc'
+        .reloc:
+            Entropy: 3.471001127588696
+            Virtual Size: '0x24'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2022-06-27 22:21:07'
+    Imphash: 7863a0f25a0647ed7d52641222bd709a
+    LoadsDespiteHVCI: 'TRUE'
+-   Filename: DirectIo64.sys
+    MD5: b3424a229d845a88340045c29327c529
+    SHA1: ffabdf33635bdc1ed1714bc8bbfd7b73ef78a37c
+    SHA256: bda99629ec6c522c3efcbcc9ca33688d31903146f05b37d0d3b43db81bfb3961
+    Authentihash:
+        MD5: 21853c3ceffa008b53f1144772a6750e
+        SHA1: 4aea4fbb9a732d57643f61f1bf3b82cebb18ab72
+        SHA256: 21a8aa12aa944658f05694243e4d7b9ba07ea24447b539d40977e9b7fa19fed1
+    Description: ''
+    Company: ''
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    Product: ''
+    ProductVersion: ''
+    Copyright: ''
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - RtlInitUnicodeString
+    - RtlQueryRegistryValues
+    - MmGetSystemRoutineAddress
+    - RtlWriteRegistryValue
+    - RtlAppendUnicodeStringToString
+    - RtlAppendUnicodeToString
+    - DbgPrintEx
+    - RtlGetVersion
+    - KeInitializeEvent
+    - KeWaitForSingleObject
+    - ExAllocatePool2
+    - ExFreePoolWithTag
+    - MmBuildMdlForNonPagedPool
+    - MmMapLockedPagesSpecifyCache
+    - MmUnmapLockedPages
+    - MmMapIoSpace
+    - MmUnmapIoSpace
+    - IoAllocateErrorLogEntry
+    - IoAllocateMdl
+    - IoBuildDeviceIoControlRequest
+    - IoBuildSynchronousFsdRequest
+    - IofCallDriver
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - IoFreeMdl
+    - IoGetAttachedDeviceReference
+    - IoGetDeviceObjectPointer
+    - IoWriteErrorLogEntry
+    - RtlIntegerToUnicodeString
+    - ObReferenceObjectByHandle
+    - ObReferenceObjectByPointer
+    - ObfDereferenceObject
+    - ZwCreateFile
+    - ZwWriteFile
+    - ZwClose
+    - ZwOpenSection
+    - ZwMapViewOfSection
+    - ZwUnmapViewOfSection
+    - ZwOpenKey
+    - ZwQueryValueKey
+    - MmGetPhysicalMemoryRanges
+    - PsGetProcessId
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - IoEnumerateDeviceObjectList
+    - ObQueryNameString
+    - _vsnwprintf
+    - ObReferenceObjectByName
+    - __C_specific_handler
+    - IoFileObjectType
+    - PsProcessType
+    - PsInitialSystemProcess
+    - NtBuildNumber
+    - IoDriverObjectType
+    - KeEnterCriticalRegion
+    - KeLeaveCriticalRegion
+    - KdSystemDebugControl
+    - KdDebuggerEnabled
+    - KeQueryActiveProcessors
+    - KeBugCheckEx
+    - IoGetDeviceProperty
+    - wcsrchr
+    - KeStallExecutionProcessor
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: serialNumber=49 099 321 392, ??=AU, ??=Private Organization,
+                C=AU, postalCode=2010, ST=New South Wales, L=Surry Hills, ??=Level
+                5 63 Foveaux Street, O=PassMark Software Pty Ltd, CN=PassMark Software
+                Pty Ltd
+            ValidFrom: '2021-01-06 00:00:00'
+            ValidTo: '2024-01-06 23:59:59'
+            Signature: 20b704815b2994a60f2bf8da03e3b563a506587e0796ca7707668d9138d0960576f873d06d5ac0d7a207b01f70b3610a0e518d5e4608cbe2c78bc694fbee783a1644c423892f6cea356af62dd9bdd6fcd121206601ed3e945e18588282a62bc21725563d3c14d08c20acbd8db092534053b2e83f4752089dd4c0a2ec0b738a2adf3360b328d17deb2efe66ecba0f46bba4a5fcc09e8e9638d344617c9079ae148fd3b5d1999ff464f88f20e358710270f53d3a31ac07f62c4b7396a393953b89e7ef635c872ba1a5158cd887bbe75dbe58036a736a87a696b2c82f7551c58effb02481e9f108ac9ce0c8aa893a4678883ae99f5def735d60650a98ed092b8167
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 00c230ef10f73148fd583fc3836a573892
+            Version: 3
+            TBS:
+                MD5: 2baec9756b3a504265976c41516baaaf
+                SHA1: ab61870aef61c26f46ca1b47b31cdb8e913e761a
+                SHA256: a3f1d66a2b69dbde47793b58177920f95c7cc03478edbdca0fcc8126c3f85c9c
+                SHA384: 8b19e693cc12862c8dbfd5af03e4205c3783a25720024b425edd461bbade11f879ccaf90811e9f856089d7df62eee26e
+        -   Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited,
+                CN=COMODO RSA Extended Validation Code Signing CA
+            ValidFrom: '2014-12-03 00:00:00'
+            ValidTo: '2029-12-02 23:59:59'
+            Signature: 664eecb716776f11e81b5d6a4ed9f28b6cb15628408bc031c49948233df80ee88097ef6d200b1f13c486fb173415e18e54f7c2b8007315e028d9dabafa8254c2f7ebbfc336d0309fe5a11c94dfef7ce8f62c78a2accf266a15a11531d6313498bd534fc48483a3c4965c3dd8fed6f954ff67936df83e2b6b2ca2087c5648813218b26eac90c1dbe4de398b86e5c7184059a4df9647bab27fb1f8570f858074380e3a58621efe52e3e6ae530986fe8f9bdb5656cc07b089c104f1530b6c6f77ecb21fecf65b4043600f1bab1854b410048ef80ee9cb83b17af2344e6a544ce9832ae9b030251cce628e0eeb85e629feb14ae3f2ae3c91f54ca1bec8170e5cbb424de31a8a92cd3e207edde975b1ea1f745c9e54c29437b261dd0716597f968016e099b5d26eb0c9230615acd123f4338bce75f0c186d3ffe12efa904ffe46f9bbdb4fbbb7fed10d2b04f1d2d195852c8a2eb88556f2c38452a1e933b1eb50c8a1b09fe3c38b3a879ee755d3d36d3417300d68220bd5b9ed733572c3eda737cde343ae45cd34bf28ca8762ed43a4affacb31cb215861465eb6c67aa61e532aa8f85c511f3a5a100f28c0e4748b74c604aaf84b26280a3289db9d2a60716ac3964e16b963bf6195678c4b2ebbb04e83e94d31e58e2722f53c267b4491d3d45af0d37cf438be149a990e8bb15beae48b0f119d7742821c5c3ad4daab882f8d573054
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.12
+            IsCertificateAuthority: true
+            SerialNumber: 6dd472eb02ae0406e3dd843f5fe145e1
+            Version: 3
+            TBS:
+                MD5: e3898a5cae592360ce7bfdf5ff3fb13f
+                SHA1: 217c51b90dbb7f0528e8ba170d227f647fbc995b
+                SHA256: 3a9b4006a9e125b4458344389c86dfb4f6728848b9871654c615a138514d02ec
+                SHA384: fcd8dd15125f14b84fec55838806355ec3787407188bac83c2c0d6c841adf9ac76ee83eccc5c9463f1f88fc5295a31ee
+        Signer:
+        -   SerialNumber: 00c230ef10f73148fd583fc3836a573892
+            Issuer: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO
+                RSA Extended Validation Code Signing CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 621804db6195b161c159119ad1fdbe41
+        SHA1: b33b574a8975351a15155943dc77f3f5c78bd505
+        SHA256: 960e71301913e91402d391fb433fa2ef911efc4815b7e8d40a0f3b7678a3d921
+    Sections:
+        .text:
+            Entropy: 6.077838124140272
+            Virtual Size: '0x3daa'
+        .rdata:
+            Entropy: 3.9535065165874417
+            Virtual Size: '0x990'
+        .data:
+            Entropy: 1.301963518657283
+            Virtual Size: '0x58'
+        .pdata:
+            Entropy: 3.970239889641578
+            Virtual Size: '0x1c8'
+        PAGE:
+            Entropy: 5.139743175424712
+            Virtual Size: '0xb8'
+        INIT:
+            Entropy: 5.2866904768043925
+            Virtual Size: '0x8bc'
+        .reloc:
+            Entropy: 3.471001127588696
+            Virtual Size: '0x24'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2022-06-27 22:21:07'
+    Imphash: 7863a0f25a0647ed7d52641222bd709a
+    LoadsDespiteHVCI: 'TRUE'
diff --git a/yaml/b03798af-d25a-400b-9236-4643a802846f.yaml b/yaml/b03798af-d25a-400b-9236-4643a802846f.yaml
index c793c96d2..594a0e650 100644
--- a/yaml/b03798af-d25a-400b-9236-4643a802846f.yaml
+++ b/yaml/b03798af-d25a-400b-9236-4643a802846f.yaml
@@ -1,1175 +1,1179 @@
 Id: b03798af-d25a-400b-9236-4643a802846f
+Tags:
+- RwDrv.sys
+Verified: 'TRUE'
 Author: Nasreddine Bencherchali
 Created: '2023-05-06'
 MitreID: T1068
 Category: vulnerable driver
-Verified: 'TRUE'
 Commands:
-  Command: sc.exe create RwDrv.sys binPath=C:\windows\temp\RwDrv.sys type=kernel &&
-    sc.exe start RwDrv.sys
-  Description: ''
-  Usecase: Elevate privileges
-  Privileges: kernel
-  OperatingSystem: Windows 10
+    Command: sc.exe create RwDrv.sys binPath=C:\windows\temp\RwDrv.sys type=kernel
+        && sc.exe start RwDrv.sys
+    Description: ''
+    Usecase: Elevate privileges
+    Privileges: kernel
+    OperatingSystem: Windows 10
 Resources:
 - Internal Research
-Acknowledgement:
-  Person: ''
-  Handle: ''
 Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Person: ''
+    Handle: ''
 KnownVulnerableSamples:
-- Filename: RwDrv.sys
-  MD5: f853abe0dc162601e66e4a346faed854
-  SHA1: 35b28b15835aa0775b57f460d8a03e53dc1fb30f
-  SHA256: 1e0eb0811a7cf1bdaf29d3d2cab373ca51eb8d8b58889ab7728e2d3aed244abe
-  Authentihash:
-    MD5: 9996409a6c7c91374a597ea9d1f7799c
-    SHA1: 5851f58c92f8fd548c42f10c258d1e95afe7ce88
-    SHA256: 1fd7a44b042d397ad5a6417e4aa4b30eb2e40df6274d3ac7155ecc68c88cdb6d
-  Description: RwDrv Driver
-  Company: RW-Everything
-  InternalName: RwDrv.sys
-  OriginalFilename: RwDrv.sys
-  FileVersion: '1.00.00.0000 built by: WinDDK'
-  Product: RwDrv Driver
-  ProductVersion: 1.00.00.0000
-  Copyright: Copyright (C) 2011 RW-Everything
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - IoRegisterPlugPlayNotification
-  - MmFreeContiguousMemorySpecifyCache
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - IoFreeWorkItem
-  - KeInitializeEvent
-  - RtlQueryRegistryValues
-  - KeReleaseSpinLock
-  - MmUnmapIoSpace
-  - IoFreeMdl
-  - MmGetPhysicalAddress
-  - IoGetDeviceObjectPointer
-  - IoBuildAsynchronousFsdRequest
-  - ExInterlockedInsertTailList
-  - IoBuildDeviceIoControlRequest
-  - MmMapIoSpace
-  - IoUnregisterPlugPlayNotification
-  - IofCompleteRequest
-  - KeWaitForSingleObject
-  - IoFreeIrp
-  - RtlCompareMemory
-  - MmUnlockPages
-  - IoCreateSymbolicLink
-  - RtlCopyUnicodeString
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - IoQueueWorkItem
-  - MmAllocateContiguousMemorySpecifyCache
-  - IofCallDriver
-  - KeAcquireSpinLockRaiseToDpc
-  - KeBugCheckEx
-  - IoAllocateWorkItem
-  - ExAllocatePoolWithTag
-  - KeStallExecutionProcessor
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=TW, ST=TAIWAN, L=Taipei, O=ASROCK Incorporation, OU=Digital ID Class
-        3 , Microsoft Software Validation v2, CN=ASROCK Incorporation
-      ValidFrom: '2011-03-07 00:00:00'
-      ValidTo: '2014-04-03 23:59:59'
-      Signature: e457550022e1dc5fe5a4f5162ea4664b819458f2359662f932d0d95e5ea6fd9ddafef2e213e9b4a46fa9acd6d5a07919479d127beb7ec1c11f0bc376b8ebfa7f815ec4f9b97646c2297359d2d8fda71a21143f33696ca8f3e1f830ef73cddea63b38fe440779ac5ef4885c3e5158183efbd50ecac394edbe86ad65c8245bf56719cd0dd5a13b2baad92c65ab6b2fbfc7aad423fc082e067d6080a3fbc634e58361bb6aa25ef376c78795d025f425faf64d8771549f3f7acfa1a55d4d7c4d8da57cd78411925d37a515cccbd1f978fb26abd268b80ff67b64bd4262e63b04d4015c8af232d9f117bfcec950c5612adbbcd70106d5712f5c70c131fbd19db21e6c
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 45dfec7bb3d378c97feb24efd699bb4e
-      Version: 3
-      TBS:
-        MD5: 544af7037e76dccfe47a9dffd9b847fd
-        SHA1: ea7dceadac1b76a4a0ed5624632072f8aa6ce02c
-        SHA256: 87f5b27417a56e4175d0e0acb7a831961963fad217e5d82fbf699287e8fdab25
-        SHA384: 2b6eb82e226dcec715cc7c98e2bf9a9a0dcb3f4e471827fe95d9dbd452ce459c6ae9525771c673800fa84b679b14db89
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 45dfec7bb3d378c97feb24efd699bb4e
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 0b5c9cd3aba44e676db021ef2c00fc45
-    SHA1: 51cce8a4ba776bf947e796c39beed532e3e4bf87
-    SHA256: c2c9369065835fd61a176b79323fbd54eff3e8c28cb32aff70bc05afafe01ec3
-  Sections:
-    .text:
-      Entropy: 6.3296841255130065
-      Virtual Size: '0x1d88'
-    .rdata:
-      Entropy: 4.4447903026481015
-      Virtual Size: '0x2dc'
-    .data:
-      Entropy: 0.46979092711892695
-      Virtual Size: '0x130'
-    .pdata:
-      Entropy: 3.7351136462328967
-      Virtual Size: '0x108'
-    INIT:
-      Entropy: 5.446921511256779
-      Virtual Size: '0x6d8'
-    .rsrc:
-      Entropy: 3.270238715581358
-      Virtual Size: '0x370'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2011-07-24 18:34:56'
-  Imphash: 955e7b12a8fa06444c68e54026c45de1
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: RwDrv.sys
-  MD5: 4ad30223df1361726ff64417f8515272
-  SHA1: 3f6a997b04d2299ba0e9f505803e8d60d0755f44
-  SHA256: 2470fd1b733314c9b0afa19fd39c5d19aa1b36db598b5ebbe93445caa545da5f
-  Authentihash:
-    MD5: a3b9e0285d00597ea1531664a051be06
-    SHA1: e7fac017b371a43276e03bf5f71d437e8d377930
-    SHA256: 0a3090ae46b3ce5f4cc6ba2d4dd265033e23c813d5c1e9c7a20a84d5d167dae3
-  Description: RW-Everything Read & Write Driver
-  Company: RW-Everything
-  InternalName: RwDrv.sys
-  OriginalFilename: RwDrv.sys
-  FileVersion: '1.00.00.0000 built by: WinDDK'
-  Product: RW-Everything Read & Write Driver
-  ProductVersion: 1.00.00.0000
-  Copyright: Copyright (C) 2008 RW-Everything
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - MmFreeContiguousMemorySpecifyCache
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - RtlQueryRegistryValues
-  - MmUnmapIoSpace
-  - IoFreeMdl
-  - MmGetPhysicalAddress
-  - IoBuildAsynchronousFsdRequest
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - IoFreeIrp
-  - RtlCompareMemory
-  - MmUnlockPages
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - MmAllocateContiguousMemorySpecifyCache
-  - IofCallDriver
-  - KeBugCheckEx
-  - ExAllocatePoolWithTag
-  - KeStallExecutionProcessor
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=TW, ST=TAIWAN, L=Taipei, O=ASROCK Incorporation, OU=Digital ID Class
-        3 , Microsoft Software Validation v2, CN=ASROCK Incorporation
-      ValidFrom: '2014-03-07 00:00:00'
-      ValidTo: '2017-05-05 23:59:59'
-      Signature: 1a2d36e51fc7012c4b1548f12a0b4dbef774c3662171e0e1779f412648292619a8d74f8603af4fff5516d4859e7a26de9f0f688b2714b64ff296e56165afb0781c9a9dd23220d939c15cc218fe29d63d9ccd12f74127268c027d4041d392cad853e9da0a6d9379ac46efa8fe2099da7c49374b6c416139038143a94cc56334fad15ccbba2a821a22591d2c5b1449999e40af21e4f8280485d02056d904740e5c73a36e30c43376e7dbc8d0ccb7520e4bffc6501d0c0674a684398281b23d7dcb4386721fdece5817c74509fe6cc86751cd28e255dd47de330646d6bfe863fc50c773b90078f0332c3a02539c9e82b5e793c288063f91ed5f2036eb6cd4eae9e0
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03ffdaa3aac322387d7eb98acf9524bf
-      Version: 3
-      TBS:
-        MD5: 987b0fb90b05c0b59ba66fb1527c27e3
-        SHA1: 1b5d5279beed01b2355731588b1a26da29218b55
-        SHA256: b3cd9f313e55fce2d39d25dbe303777e5db9d0c01448dcd9ac70c2355bb5b4ea
-        SHA384: 4bb9546cdd73e2bff4224e021b54318e708c822a1a773a9e7246a46054aba1dd14c1651e8f01f5661b4ff4a3241c32ff
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 03ffdaa3aac322387d7eb98acf9524bf
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: a84c01eca8a6ca8e5221dbca3000c16e
-    SHA1: ff0ae5ad07f99ad2ac40b53c5215335a5d84e926
-    SHA256: 961a144592952461a785ff1f4d4f55c4132016b9fbbce3d881edf6131038533b
-  Sections:
-    .text:
-      Entropy: 6.33719868492894
-      Virtual Size: '0x1a18'
-    .rdata:
-      Entropy: 4.5497517244655885
-      Virtual Size: '0x244'
-    .data:
-      Entropy: 0.46979092711892695
-      Virtual Size: '0x130'
-    .pdata:
-      Entropy: 3.69068788056556
-      Virtual Size: '0xf0'
-    INIT:
-      Entropy: 5.389076647519401
-      Virtual Size: '0x4b8'
-    .rsrc:
-      Entropy: 3.3169950909252863
-      Virtual Size: '0x3c0'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2015-12-25 01:39:58'
-  Imphash: 9d7183c1d8107495354c4fad9dae3452
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: RwDrv.sys
-  MD5: 969f1d19449dc5c2535dd5786093f651
-  SHA1: 78834ff75e2ff8b7456e85114802e58bc9fda457
-  SHA256: 2bf29a2df52110ed463d51376562afceac0e80fbb1033284cf50edd86c406b14
-  Authentihash:
-    MD5: a36411168cc8b448c6864d890c7727ea
-    SHA1: c2f2ac17f06be23c0b71f929ea63356123f3a72f
-    SHA256: aa7f25d4857a4b443222934bcbb0904348a799fc884096f653d921817c0b34aa
-  Description: RW-Everything Read & Write Driver
-  Company: RW-Everything
-  InternalName: RwDrv.sys
-  OriginalFilename: RwDrv.sys
-  FileVersion: '1.00.00.0000 built by: WinDDK'
-  Product: RW-Everything Read & Write Driver
-  ProductVersion: 1.00.00.0000
-  Copyright: Copyright (C) 2008 RW-Everything
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - MmFreeContiguousMemorySpecifyCache
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - RtlQueryRegistryValues
-  - MmUnmapIoSpace
-  - IoFreeMdl
-  - MmGetPhysicalAddress
-  - IoBuildAsynchronousFsdRequest
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - IoFreeIrp
-  - RtlCompareMemory
-  - MmUnlockPages
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - MmAllocateContiguousMemorySpecifyCache
-  - IofCallDriver
-  - KeBugCheckEx
-  - ExAllocatePoolWithTag
-  - KeStallExecutionProcessor
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=TW, ST=TAIWAN, L=Taipei, O=ASROCK Incorporation, OU=Digital ID Class
-        3 , Microsoft Software Validation v2, CN=ASROCK Incorporation
-      ValidFrom: '2011-03-07 00:00:00'
-      ValidTo: '2014-04-03 23:59:59'
-      Signature: e457550022e1dc5fe5a4f5162ea4664b819458f2359662f932d0d95e5ea6fd9ddafef2e213e9b4a46fa9acd6d5a07919479d127beb7ec1c11f0bc376b8ebfa7f815ec4f9b97646c2297359d2d8fda71a21143f33696ca8f3e1f830ef73cddea63b38fe440779ac5ef4885c3e5158183efbd50ecac394edbe86ad65c8245bf56719cd0dd5a13b2baad92c65ab6b2fbfc7aad423fc082e067d6080a3fbc634e58361bb6aa25ef376c78795d025f425faf64d8771549f3f7acfa1a55d4d7c4d8da57cd78411925d37a515cccbd1f978fb26abd268b80ff67b64bd4262e63b04d4015c8af232d9f117bfcec950c5612adbbcd70106d5712f5c70c131fbd19db21e6c
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 45dfec7bb3d378c97feb24efd699bb4e
-      Version: 3
-      TBS:
-        MD5: 544af7037e76dccfe47a9dffd9b847fd
-        SHA1: ea7dceadac1b76a4a0ed5624632072f8aa6ce02c
-        SHA256: 87f5b27417a56e4175d0e0acb7a831961963fad217e5d82fbf699287e8fdab25
-        SHA384: 2b6eb82e226dcec715cc7c98e2bf9a9a0dcb3f4e471827fe95d9dbd452ce459c6ae9525771c673800fa84b679b14db89
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 45dfec7bb3d378c97feb24efd699bb4e
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: a84c01eca8a6ca8e5221dbca3000c16e
-    SHA1: ff0ae5ad07f99ad2ac40b53c5215335a5d84e926
-    SHA256: 961a144592952461a785ff1f4d4f55c4132016b9fbbce3d881edf6131038533b
-  Sections:
-    .text:
-      Entropy: 6.33719868492894
-      Virtual Size: '0x1a18'
-    .rdata:
-      Entropy: 4.5787387017033945
-      Virtual Size: '0x23c'
-    .data:
-      Entropy: 0.46979092711892695
-      Virtual Size: '0x130'
-    .pdata:
-      Entropy: 3.6827706533576845
-      Virtual Size: '0xf0'
-    INIT:
-      Entropy: 5.39314476777941
-      Virtual Size: '0x4b8'
-    .rsrc:
-      Entropy: 3.3169950909252863
-      Virtual Size: '0x3c0'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2011-05-19 01:42:38'
-  Imphash: 9d7183c1d8107495354c4fad9dae3452
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: RwDrv.sys
-  MD5: c2585e2696e21e25c05122e37e75a947
-  SHA1: f736ccbb44c4de97cf9e9022e1379a4f58f5a5b8
-  SHA256: 3279593db91bb7ad5b489a01808c645eafafda6cc9c39f50d10ccc30203f2ddf
-  Authentihash:
-    MD5: 0496b6428ce874959af5387ce44b4eaf
-    SHA1: 39257fb86df888207e4f3a7768561b4ab1557848
-    SHA256: d475c4fe917020d420b5d0cf1f074b1427f49bd1f4414873501be51700f8832d
-  Description: RwDrv Driver
-  Company: RW-Everything
-  InternalName: RwDrv.sys
-  OriginalFilename: RwDrv.sys
-  FileVersion: '1.00.00.0000 built by: WinDDK'
-  Product: RwDrv Driver
-  ProductVersion: 1.00.00.0000
-  Copyright: Copyright (C) 2011 RW-Everything
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - IoRegisterPlugPlayNotification
-  - MmFreeContiguousMemorySpecifyCache
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - IoFreeWorkItem
-  - KeInitializeEvent
-  - RtlQueryRegistryValues
-  - KeReleaseSpinLock
-  - MmUnmapIoSpace
-  - IoFreeMdl
-  - MmGetPhysicalAddress
-  - IoGetDeviceObjectPointer
-  - IoBuildAsynchronousFsdRequest
-  - ExInterlockedInsertTailList
-  - IoBuildDeviceIoControlRequest
-  - MmMapIoSpace
-  - IoUnregisterPlugPlayNotification
-  - IofCompleteRequest
-  - KeWaitForSingleObject
-  - IoFreeIrp
-  - RtlCompareMemory
-  - MmUnlockPages
-  - IoCreateSymbolicLink
-  - RtlCopyUnicodeString
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - IoQueueWorkItem
-  - MmAllocateContiguousMemorySpecifyCache
-  - IofCallDriver
-  - KeAcquireSpinLockRaiseToDpc
-  - KeBugCheckEx
-  - IoAllocateWorkItem
-  - ExAllocatePoolWithTag
-  - KeStallExecutionProcessor
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: CN=ccf(TestCo)
-      ValidFrom: '2022-11-26 13:56:19'
-      ValidTo: '2039-12-31 23:59:59'
-      Signature: 7e36e0c156b1833305532bd71b31ac46e8ecda9e6ae43daa5fa320096f3a11a25088a82063ecbcd7f51700d61bdd85257ba4cc35e4e73f54f5ab8feb6a2ab7ca9d876f5ca6ff8a69dfe683ee68705fdcdc13ced023247ddd1b495d2cb4ffe68981d4c71359c55af660c55965a7c1ba8fdb6d953b1b29b6a60eca2919ed1e7c516171400e52f3b0c2cc770b4c2471395681b2b79868188dc6c04c2adfad8f83886d64c7beaba6cc6fd34b707edc53d4d93aa4245b081fe140c47d63240e896dd95e04fb1c161f64a68200fbdd3fb66a9ce574e436dca6f5edfb340606fc0fc16043590b3a70586d2b3736214164adf83157f1fc43214718418f906e45c1aada4b
-      SignatureAlgorithmOID: 1.3.14.3.2.29
-      IsCertificateAuthority: true
-      SerialNumber: 7030126691c282b942598e0cdadcf4bc
-      Version: 3
-      TBS:
-        MD5: ef07eb5dd1fe11676d44b02b8602d5e1
-        SHA1: 9ae0ce1b89411464dfdac02c612029a9d5a19e72
-        SHA256: 3a580d5a4df2f7c27cf557526c7fda5d509134a5e70f831e1dbf6234a88ca43e
-        SHA384: 8e713ea4722c50a2659f7db5e98acd9a8392326ee3a4e4973462a71e80a26a7512f1bdcdb090e0b3abe9012e7021eb81
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Trusted Root
-        G4
-      ValidFrom: '2022-08-01 00:00:00'
-      ValidTo: '2031-11-09 23:59:59'
-      Signature: 70a0bf435c55e7385fa0a3741b3db616d7f7bf5707bd9aaca1872cec855ea91abb22f8871a695422eda488776dbd1a14f4134a7a2f2db738eff4ff80b9f8a1f7f272de24bc5203c84ed02adefa2d56cff9f4f7ac307a9a8bb25ed4cfd143449b4321eb9672a148b499cb9d4fa7060313772744d4e77fe859a8f0bf2f0ba6e9f2343cecf703c787a8d24c401935466a6954b0b8a1568eeca4d53de8b1dcfd1cd8f4775a5c548c6fefa1503dfc760968849f6fcadb208d35601c0203cb20b0ac58a00e4063c59822c1b259f5556bcf27ab6c76ce6f232df47e716a236b22ff12b8542d277ed83ad9f0b68796fd5bd15cac18c34d9f73b701a99f57aa5e28e2b994
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.12
-      IsCertificateAuthority: true
-      SerialNumber: 0e9b188ef9d02de7efdb50e20840185a
-      Version: 3
-      TBS:
-        MD5: 21a266bd49f2778b24d13d95641ea6ac
-        SHA1: 21319f341fdf06bf6a104427afa8b7823b1ea7f3
-        SHA256: e933dc68ee65abd1f9b1aa6738eff60a6895d3d8cc4accf0c69069aa3decd757
-        SHA384: 11533efd6b326a4e065a936de300fe0586a479f93d569d2403bd62c7ad35f1b2199daee3adb510f429c4fc97b4b024e3
-    - Subject: C=US, O=DigiCert, Inc., CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping
-        CA
-      ValidFrom: '2022-03-23 00:00:00'
-      ValidTo: '2037-03-22 23:59:59'
-      Signature: 7d598ec093b66f98a94422017e66d6d82142e1b0182e104d13cf3053cebf18fbc7505de24b29fb708a0daa2969fc69c1cf1d07e93e60c8d80be55c5bd76d87fa842025343167cdb612966fc4504c621d0c0882a816bda956cf15738d012225ce95693f4777fb727414d7ffab4f8a2c7aab85cd435fed60b6aa4f91669e2c9ee08aace5fd8cbc6426876c92bd9d7cd0700a7cefa8bc754fba5af7a910b25de9ff285489f0d58a717665daccf072a323fac0278244ae99271bab241e26c1b7de2aebf69eb1799981a35686ab0a45c9dfc48da0e798fbfba69d72afc4c7c1c16a71d9c6138009c4b69fcd878724bb4fa349b9776691f1729ce94b0252a7377e9353ac3b1d08490f94cd397addff256399272c3d3f6ba7f166c341cd4fb6409b212140d0b71324cddc1d783ae49eade5347192d7266be43873aba6014fbd3f3b78ad4cadfbc4957bed0a5f33398741787a38e99ce1dd23fd1d28d3c7f9e8f1985ffb2bd87ef2469d752c1e272c26db6f157b1e198b36b893d4e6f2179959ca70f037bf9800df20164f27fb606716a166badd55c03a2986b098a02bed9541b73ad5159831b462090f0abd81d913febfa4d1f357d9bc04fa82de32df0489f000cd5dc2f9d0237f000be4760226d9f0657642a6298709472be67f1aa4850ffc9896f655542b1f80fac0f20e2be5d6fba92f44154ae7130e1ddb37381aa12bf6edd67cfc
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 073637b724547cd847acfd28662a5e5b
-      Version: 3
-      TBS:
-        MD5: e4b8ad9932ff9205f580cf8fb2afbb86
-        SHA1: 5301f7044d78bf94dd2b6e4871083a17fdba1dcc
-        SHA256: c3d01499a5d1d2f71e0f44e78fbfa4b8aadb43dd4f226401e0c1d7a6d53357fa
-        SHA384: 84b5f399da5a4f4387269adfd951ef7d2197c29552ed2d2e449060664c3825d6bdb2acc3e563d999e54652f7384f445e
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp 2022 , 2
-      ValidFrom: '2022-09-21 00:00:00'
-      ValidTo: '2033-11-21 23:59:59'
-      Signature: 55aa2a1af346f378573730fc75e34fd68523f1fcf995399b25e6f7728a98c377d464fc15fb36c249512c7888635509463900fc69d4ca9b29fba33fc0c9009b131db09889dc78f2cd7c85cd539daf62e26166a3142a45874a98422b50fc1bb59e083009fae42dd7098979f909e688ce7d1bb86aa29bc1536009e8a3b89dd7ad1f1cb8ec9841f0f60e80fbe4ffdf9d10a7eb00ba5f4a8f1a3a52b4eabf0949153536599a0f54d2b21b7f7e5e09ad76548a746dcad205672b76ebff98b226953819884414e50a59a26be7223e4421d23f1cc09bed7c48b2d8920c914f3c6694af5d0253eb9ee29ee4d31f8601649c00c2e95a74750d3de17988bf1c0197c9192380d7365a5f9616b1630cc646403bce5d35d4593e439a18aec3c9cbc3fb9b135f6ab5c7e0f305c359df27622bde41c953b9ff341067f62632987bfe5c42948194829dac0a8bc64b154ad3989045603380e023def803a4f64547e5ceb8034247e841367177adfda2e897744e2eda1e1d8c5ac81e9ad5c2f0c622a84f9bbdd81c9a51c42f9af65fa72797ba962e8557c060e778567f6aefc2959a4b1102c8829cc91a057cba71b54e7a996cf4e89ed45a98c89fbf8dbb185c43f5d02ae8e262ee7804dbbdd1fb5b0aa8707ef0978478e308035d472c63a825389701d23f3adae5e5f6e69bdc7e2cccff174c4d00a2d8d6010eb88beee6e07255892c271961f677018c
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 0c4d69724b94fa3c2a4a3d2907803d5a
-      Version: 3
-      TBS:
-        MD5: 812cb8ca0c79b318780ec5128ad13c1d
-        SHA1: 3f8047d078307123301e50a25e9afb0dc4b6843d
-        SHA256: 0c0b121e6f807bc22d4e0f4945634c22eca7e4d5ca58a1526a40e918a35c1d79
-        SHA384: 86aab81948499b3c90833253a853e7b3fd82ccf7b65b35806831ab60814bfc6ad8848c990df262a1c89b6fc4267dad81
-    Signer:
-    - SerialNumber: 7030126691c282b942598e0cdadcf4bc
-      Issuer: CN=ccf(TestCo)
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 0b5c9cd3aba44e676db021ef2c00fc45
-    SHA1: 51cce8a4ba776bf947e796c39beed532e3e4bf87
-    SHA256: c2c9369065835fd61a176b79323fbd54eff3e8c28cb32aff70bc05afafe01ec3
-  Sections:
-    .text:
-      Entropy: 6.338062454207204
-      Virtual Size: '0x20f8'
-    .rdata:
-      Entropy: 4.492487138872645
-      Virtual Size: '0x2fc'
-    .data:
-      Entropy: 0.5159719988134768
-      Virtual Size: '0x110'
-    .pdata:
-      Entropy: 3.734575031910455
-      Virtual Size: '0x114'
-    INIT:
-      Entropy: 5.457750027739125
-      Virtual Size: '0x6e8'
-    .rsrc:
-      Entropy: 3.2712100257771235
-      Virtual Size: '0x370'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2013-05-25 07:02:31'
-  Imphash: 955e7b12a8fa06444c68e54026c45de1
-  LoadsDespiteHVCI: 'TRUE'
-- Filename: RwDrv.sys
-  MD5: 7437d4070b5c018e05354c179f1d5e2a
-  SHA1: 03a56369b8b143049a6ec9f6cc4ef91ac2775863
-  SHA256: 3384f4a892f7aa72c43280ff682d85c8e3936f37a68d978d307a9461149192de
-  Authentihash:
-    MD5: 7fd75a9a4906445cc73a0a402bae506a
-    SHA1: cd111bf04815d4d1040a2813efb2d15ccfbd9b74
-    SHA256: a97e5c6cd926fa47ab1a69963169223cc669bd654a2f128165ba4ebe1d08bd17
-  Description: RW-Everything Read & Write Driver
-  Company: RW-Everything
-  InternalName: RwDrv.sys
-  OriginalFilename: RwDrv.sys
-  FileVersion: '1.00.00.0000 built by: WinDDK'
-  Product: RW-Everything Read & Write Driver
-  ProductVersion: 1.00.00.0000
-  Copyright: Copyright (C) 2008 RW-Everything
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - IoRegisterPlugPlayNotification
-  - MmFreeContiguousMemorySpecifyCache
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - IoFreeWorkItem
-  - KeInitializeEvent
-  - RtlQueryRegistryValues
-  - KeReleaseSpinLock
-  - MmUnmapIoSpace
-  - IoFreeMdl
-  - MmGetPhysicalAddress
-  - IoGetDeviceObjectPointer
-  - IoBuildAsynchronousFsdRequest
-  - ExInterlockedInsertTailList
-  - IoBuildDeviceIoControlRequest
-  - MmMapIoSpace
-  - IoUnregisterPlugPlayNotification
-  - IofCompleteRequest
-  - KeWaitForSingleObject
-  - IoFreeIrp
-  - RtlCompareMemory
-  - MmUnlockPages
-  - IoCreateSymbolicLink
-  - RtlCopyUnicodeString
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - IoQueueWorkItem
-  - MmAllocateContiguousMemorySpecifyCache
-  - IofCallDriver
-  - KeAcquireSpinLockRaiseToDpc
-  - KeBugCheckEx
-  - IoAllocateWorkItem
-  - ExAllocatePoolWithTag
-  - KeStallExecutionProcessor
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=TW, ST=TAIWAN, L=Taipei, O=ASROCK Incorporation, OU=Digital ID Class
-        3 , Microsoft Software Validation v2, CN=ASROCK Incorporation
-      ValidFrom: '2011-03-07 00:00:00'
-      ValidTo: '2014-04-03 23:59:59'
-      Signature: e457550022e1dc5fe5a4f5162ea4664b819458f2359662f932d0d95e5ea6fd9ddafef2e213e9b4a46fa9acd6d5a07919479d127beb7ec1c11f0bc376b8ebfa7f815ec4f9b97646c2297359d2d8fda71a21143f33696ca8f3e1f830ef73cddea63b38fe440779ac5ef4885c3e5158183efbd50ecac394edbe86ad65c8245bf56719cd0dd5a13b2baad92c65ab6b2fbfc7aad423fc082e067d6080a3fbc634e58361bb6aa25ef376c78795d025f425faf64d8771549f3f7acfa1a55d4d7c4d8da57cd78411925d37a515cccbd1f978fb26abd268b80ff67b64bd4262e63b04d4015c8af232d9f117bfcec950c5612adbbcd70106d5712f5c70c131fbd19db21e6c
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 45dfec7bb3d378c97feb24efd699bb4e
-      Version: 3
-      TBS:
-        MD5: 544af7037e76dccfe47a9dffd9b847fd
-        SHA1: ea7dceadac1b76a4a0ed5624632072f8aa6ce02c
-        SHA256: 87f5b27417a56e4175d0e0acb7a831961963fad217e5d82fbf699287e8fdab25
-        SHA384: 2b6eb82e226dcec715cc7c98e2bf9a9a0dcb3f4e471827fe95d9dbd452ce459c6ae9525771c673800fa84b679b14db89
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 45dfec7bb3d378c97feb24efd699bb4e
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 0b5c9cd3aba44e676db021ef2c00fc45
-    SHA1: 51cce8a4ba776bf947e796c39beed532e3e4bf87
-    SHA256: c2c9369065835fd61a176b79323fbd54eff3e8c28cb32aff70bc05afafe01ec3
-  Sections:
-    .text:
-      Entropy: 6.3306583515744315
-      Virtual Size: '0x1d78'
-    .rdata:
-      Entropy: 4.501642272077274
-      Virtual Size: '0x2ec'
-    .data:
-      Entropy: 0.46979092711892695
-      Virtual Size: '0x130'
-    .pdata:
-      Entropy: 3.639355894711397
-      Virtual Size: '0x108'
-    INIT:
-      Entropy: 5.413592444908746
-      Virtual Size: '0x6f0'
-    .rsrc:
-      Entropy: 3.3169950909252863
-      Virtual Size: '0x3c0'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2011-05-31 00:05:48'
-  Imphash: 955e7b12a8fa06444c68e54026c45de1
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: RwDrv.sys
-  MD5: 903c149851e9929ec45daefc544fcd99
-  SHA1: 1901467b6f04a93b35d3ca0727c8a14f3ce3ed52
-  SHA256: 45ba688a4bded8a7e78a4f5b0dc21004e951ddceb014bb92f51a3301d2fbc56a
-  Authentihash:
-    MD5: 0496b6428ce874959af5387ce44b4eaf
-    SHA1: 39257fb86df888207e4f3a7768561b4ab1557848
-    SHA256: d475c4fe917020d420b5d0cf1f074b1427f49bd1f4414873501be51700f8832d
-  Description: RwDrv Driver
-  Company: RW-Everything
-  InternalName: RwDrv.sys
-  OriginalFilename: RwDrv.sys
-  FileVersion: '1.00.00.0000 built by: WinDDK'
-  Product: RwDrv Driver
-  ProductVersion: 1.00.00.0000
-  Copyright: Copyright (C) 2011 RW-Everything
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - IoRegisterPlugPlayNotification
-  - MmFreeContiguousMemorySpecifyCache
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - IoFreeWorkItem
-  - KeInitializeEvent
-  - RtlQueryRegistryValues
-  - KeReleaseSpinLock
-  - MmUnmapIoSpace
-  - IoFreeMdl
-  - MmGetPhysicalAddress
-  - IoGetDeviceObjectPointer
-  - IoBuildAsynchronousFsdRequest
-  - ExInterlockedInsertTailList
-  - IoBuildDeviceIoControlRequest
-  - MmMapIoSpace
-  - IoUnregisterPlugPlayNotification
-  - IofCompleteRequest
-  - KeWaitForSingleObject
-  - IoFreeIrp
-  - RtlCompareMemory
-  - MmUnlockPages
-  - IoCreateSymbolicLink
-  - RtlCopyUnicodeString
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - IoQueueWorkItem
-  - MmAllocateContiguousMemorySpecifyCache
-  - IofCallDriver
-  - KeAcquireSpinLockRaiseToDpc
-  - KeBugCheckEx
-  - IoAllocateWorkItem
-  - ExAllocatePoolWithTag
-  - KeStallExecutionProcessor
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: CN=lab,z.com
-      ValidFrom: '2022-07-26 05:54:45'
-      ValidTo: '2039-12-31 23:59:59'
-      Signature: 3509d504605054d964ca214b28b1926809a3009a7852971a2b9e44a225131f0f772bdd65194ba25e929c2892fbcd99e37100985452a2f5a079b2e356731faf0d2f32dc47c09415c07d529d4f0383a52904b1f2d19ccbf17b5c99829593ff626607b95465f79d0e07bca1164d482e2e9b7f7bc03678804f6179453076e1de7e2a144438534dbe9a91f62d46d6fd3bf6971dfafa79c2c69bf330ba5ff3011f45bff7b21f1ebe80cf9a48f8c1381cf4199dd580a4a55c2f9166a3c7e0ac5f7f942183339ea90fdcfe92f41cb7a26aba213b769f439bb8e6f16862cc65661f92b1c272834ec4da1a39100f238079c5de28067ebbcff9445262e4ba04106ad75facde
-      SignatureAlgorithmOID: 1.3.14.3.2.29
-      IsCertificateAuthority: true
-      SerialNumber: 0dabd5a60a452fb44eadf46f478c7028
-      Version: 3
-      TBS:
-        MD5: 0f0faff15ab5919650797c8d5d0fd4e0
-        SHA1: 7753a3a0158d16efbdecf1e164312129f399c071
-        SHA256: 21b6837c7e333d897b1a3aab5ef0eb3c7d3b4d16e40fb55f114c7cb4910292a6
-        SHA384: 73c02bdd7f0ea2c38b95fdebc7a343f6dbcae91aa050f03ba6663add653ccca285325e8459d6e3b2f1568fe62bcc6089
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Trusted Root
-        G4
-      ValidFrom: '2022-06-09 00:00:00'
-      ValidTo: '2031-11-09 23:59:59'
-      Signature: 9a1602a501ef81fb0db458b278ada82319d97337da609e51d7cbf82f40b9a31f7c404e333e903ce789017585e8627b1d56e071bade5ec637bc795c62004df8497a514d0632f3c5d2002a2720ea892e1539e02c3ef8757c2c824161350f23d0ed3595d288952943cbe0a658107c538e9f45c9203714c0ed19ba7e7739d25496c7a611df3433f67552424b1c9d8d96d5956c471214245f2641fa1a46bddeb0e5914703ac1808cbcbdb66897f2b9c65bfbe374ebe2df39d4ac3cccc475ec89595add1cbbb2a0620f93f72ea36eb4572927a297b14033cfb4dd648717a10118a0874cd6c1b045cd28a950376515053d62ef74a46c3ae102c714cb087b62737446044
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.12
-      IsCertificateAuthority: true
-      SerialNumber: 01240afb1e380b8a16f14b719df4d3c0
-      Version: 3
-      TBS:
-        MD5: a780e8237c69d6012c9a0ce5576fbab0
-        SHA1: 613115803ff02f51d735686030790041e4207ecd
-        SHA256: 2a73e196c22294f2670b352ff3e37cb6c586d5754c67f2557c10dc49295e32dd
-        SHA384: 71f67d14277b8318635b771249919e29fa673b9f3b7b41ad50b83f38a0a128860d0a49f0fb212bec5bbacaf538749d57
-    - Subject: C=US, O=DigiCert, Inc., CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping
-        CA
-      ValidFrom: '2022-03-23 00:00:00'
-      ValidTo: '2037-03-22 23:59:59'
-      Signature: 7d598ec093b66f98a94422017e66d6d82142e1b0182e104d13cf3053cebf18fbc7505de24b29fb708a0daa2969fc69c1cf1d07e93e60c8d80be55c5bd76d87fa842025343167cdb612966fc4504c621d0c0882a816bda956cf15738d012225ce95693f4777fb727414d7ffab4f8a2c7aab85cd435fed60b6aa4f91669e2c9ee08aace5fd8cbc6426876c92bd9d7cd0700a7cefa8bc754fba5af7a910b25de9ff285489f0d58a717665daccf072a323fac0278244ae99271bab241e26c1b7de2aebf69eb1799981a35686ab0a45c9dfc48da0e798fbfba69d72afc4c7c1c16a71d9c6138009c4b69fcd878724bb4fa349b9776691f1729ce94b0252a7377e9353ac3b1d08490f94cd397addff256399272c3d3f6ba7f166c341cd4fb6409b212140d0b71324cddc1d783ae49eade5347192d7266be43873aba6014fbd3f3b78ad4cadfbc4957bed0a5f33398741787a38e99ce1dd23fd1d28d3c7f9e8f1985ffb2bd87ef2469d752c1e272c26db6f157b1e198b36b893d4e6f2179959ca70f037bf9800df20164f27fb606716a166badd55c03a2986b098a02bed9541b73ad5159831b462090f0abd81d913febfa4d1f357d9bc04fa82de32df0489f000cd5dc2f9d0237f000be4760226d9f0657642a6298709472be67f1aa4850ffc9896f655542b1f80fac0f20e2be5d6fba92f44154ae7130e1ddb37381aa12bf6edd67cfc
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 073637b724547cd847acfd28662a5e5b
-      Version: 3
-      TBS:
-        MD5: e4b8ad9932ff9205f580cf8fb2afbb86
-        SHA1: 5301f7044d78bf94dd2b6e4871083a17fdba1dcc
-        SHA256: c3d01499a5d1d2f71e0f44e78fbfa4b8aadb43dd4f226401e0c1d7a6d53357fa
-        SHA384: 84b5f399da5a4f4387269adfd951ef7d2197c29552ed2d2e449060664c3825d6bdb2acc3e563d999e54652f7384f445e
-    - Subject: C=US, O=DigiCert, Inc., CN=DigiCert Timestamp 2022 , 2
-      ValidFrom: '2022-03-29 00:00:00'
-      ValidTo: '2033-03-14 23:59:59'
-      Signature: 0d2d2374a6d1f5f8ea4b993f01e4f60ce4af169dd9b38c9782299c436f012dab38b57011bf84198b3f5de5864fbe933ade2a395a394ed88459a5bc1b98aae86cefd1486919385bcf89391d7070d94edf23226cd5dff659cba1c2ea4c76caa1dca12b96b89b55a91a6b7dd1f502094f82d6a57388c49880dfee4995b7b3ccc5a7ee0ee1ef1e388a9fef11c9314a58b6df387ccbfa5cf7e453bf6e0a7c7ed7de98d52965890fa29cc065f4012265c7ea5e74a65b3592507cf417a687644f3e46891663206bcbf27bd035e34a7048a9b6e71d60bd04221525700672a9443b694711d3eee9c7a03e4f10b93036e4f3aa6909a88b7e64a2659411fb6e32f1f5bb38adcdc09311d532784a4b372a4cf35cdcb685c0bb70305578d698fe546d7f71a9481a78dd46772e1b7ac0338af84a288c12a873cf2df9d323f29e19e00d9428a0ebdb1a51a095828e286ba4ce9d76dea973aa486a5943ae5feaf80f06429ddf066896fe2aa0745b6366de6b2cb878aa4d706df02cf107157e35b4e6b50ca299a5d7156b350e85d6e02ccce00c24b87c520b1e997cefc8c8c58c5869afab3de1cfcc7d15ae14bf8a71dfca97b1d847ea1c85e0454e121c142958cc6fd37fcbbec10e4a6f209caed973325908e72d92a11a11fe3298a65d2b97e08bd39ccc6db50dae47633847175b6f13da6a106e1f49b7445bb4080a875a59047611a1a77702131c
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 0a7a4a889ec99942900663384d86979d
-      Version: 3
-      TBS:
-        MD5: d49300b4e758e36a3832679763a83c58
-        SHA1: ec3075370fcea680e09497d44a4b246012f24160
-        SHA256: fa5e895ff2603de9e15939a00299836f73e5778058f22194f696d19e79a8b010
-        SHA384: 13ab2eedcd7e712f635ca1da3dc30cd8d8e22cedcf5a2c4994181509dddbf76867d07925b9a514d123bc1d5cab41fe9f
-    Signer:
-    - SerialNumber: 0dabd5a60a452fb44eadf46f478c7028
-      Issuer: CN=lab,z.com
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 0b5c9cd3aba44e676db021ef2c00fc45
-    SHA1: 51cce8a4ba776bf947e796c39beed532e3e4bf87
-    SHA256: c2c9369065835fd61a176b79323fbd54eff3e8c28cb32aff70bc05afafe01ec3
-  Sections:
-    .text:
-      Entropy: 6.338062454207204
-      Virtual Size: '0x20f8'
-    .rdata:
-      Entropy: 4.492487138872645
-      Virtual Size: '0x2fc'
-    .data:
-      Entropy: 0.5159719988134768
-      Virtual Size: '0x110'
-    .pdata:
-      Entropy: 3.734575031910455
-      Virtual Size: '0x114'
-    INIT:
-      Entropy: 5.457750027739125
-      Virtual Size: '0x6e8'
-    .rsrc:
-      Entropy: 3.2712100257771235
-      Virtual Size: '0x370'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2013-05-25 07:02:31'
-  Imphash: 955e7b12a8fa06444c68e54026c45de1
-  LoadsDespiteHVCI: 'TRUE'
-- Filename: RwDrv.sys
-  MD5: 60e84516c6ec6dfdae7b422d1f7cab06
-  SHA1: 66e95daee3d1244a029d7f3d91915f1f233d1916
-  SHA256: d969845ef6acc8e5d3421a7ce7e244f419989710871313b04148f9b322751e5d
-  Authentihash:
-    MD5: 0496b6428ce874959af5387ce44b4eaf
-    SHA1: 39257fb86df888207e4f3a7768561b4ab1557848
-    SHA256: d475c4fe917020d420b5d0cf1f074b1427f49bd1f4414873501be51700f8832d
-  Description: RwDrv Driver
-  Company: RW-Everything
-  InternalName: RwDrv.sys
-  OriginalFilename: RwDrv.sys
-  FileVersion: '1.00.00.0000 built by: WinDDK'
-  Product: RwDrv Driver
-  ProductVersion: 1.00.00.0000
-  Copyright: Copyright (C) 2011 RW-Everything
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - IoRegisterPlugPlayNotification
-  - MmFreeContiguousMemorySpecifyCache
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - IoFreeWorkItem
-  - KeInitializeEvent
-  - RtlQueryRegistryValues
-  - KeReleaseSpinLock
-  - MmUnmapIoSpace
-  - IoFreeMdl
-  - MmGetPhysicalAddress
-  - IoGetDeviceObjectPointer
-  - IoBuildAsynchronousFsdRequest
-  - ExInterlockedInsertTailList
-  - IoBuildDeviceIoControlRequest
-  - MmMapIoSpace
-  - IoUnregisterPlugPlayNotification
-  - IofCompleteRequest
-  - KeWaitForSingleObject
-  - IoFreeIrp
-  - RtlCompareMemory
-  - MmUnlockPages
-  - IoCreateSymbolicLink
-  - RtlCopyUnicodeString
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - IoQueueWorkItem
-  - MmAllocateContiguousMemorySpecifyCache
-  - IofCallDriver
-  - KeAcquireSpinLockRaiseToDpc
-  - KeBugCheckEx
-  - IoAllocateWorkItem
-  - ExAllocatePoolWithTag
-  - KeStallExecutionProcessor
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=TW, CN=ChongKim Chan
-      ValidFrom: '2012-07-31 20:41:59'
-      ValidTo: '2013-08-01 20:41:59'
-      Signature: 6b86336c2008e3d1a9cb42f4e323c36c782602b06948e63b7cc646ca61b5768677c2cdd5cf24f58d68844079cd6d8e9534b3170a0261fe64ea47971eecf4a84de8174a4a8b5c6ad87894cf5cc8a10ec522db9697504b208442ae34ec6e9a0e85d93470f66374f36c4f1ec3483c136497b2880d8ba4de0342b5aa2c0890ad80e010c8e34ae8792740e677952d3bc05a36a032ab7bbb64051d506f674e0232f66900c8c29dad2df6960012a8bb216f9e83157632545ead40db592c1e7de76f407601b111113e9b087db3e780f21a61e9f7593e96332f0c35162e0900a61c6ba3a88faee64d9fe94cad5705d6d16585603b5bb376161bdcf01b0bb9022bb360aceb
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 11218f56dafd7542d5f3d70b213e2a546cff
-      Version: 3
-      TBS:
-        MD5: b990c61c8edf9e8d0ac6504541be0b65
-        SHA1: 519e011f6cab88c812da20225dd37cc1808d5180
-        SHA256: 5b8b9e8e3ddd3ab7cc1f8531e88d83cb075539bb4473ed348d80a13dc1a4e065
-        SHA384: 98aa58231d0881595c83ab26289a982c0ff7f697e2a30eb1ff3bea3058897a722b67966a665b5a893cb0daa9dc88f93e
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2011-04-15 19:55:08'
-      ValidTo: '2021-04-15 20:05:08'
-      Signature: 5ff8d065746a81c6a6ca5b03b6914ae84bbdef2ba142f0efb4a5adcd3389ec0b9585ac62501108aa58d25aa08310e5a6337af25af2c5fe787cf09c83df190ad97396002dd62ccde914d41d9de83f3c1a76f7904efb01350a6c9313a0c356eb67a0e4d17a96dec267f190f80a7bf5321b94ec5f751f8d1b34da6c58a7cb2d279e2226b7c9aa30cc0777b836e38201b5393ccc8dd9a75f7f23b3877fdb5798918bd7ce2520e39d644fdd87f72b68490318e0a5df7c5f68644d36838d4781f2e9e0a869abfa7b163c05a449ea8830190a6c73055178dfd41ddd3ad47f2de44e54be83431e7a7433b4a4ebd77073bc2a02988966eef6bc8f749378e329025a5a43e258ce7ccf9acad236893be25fda26054ec8d4e72c910e1797c5beee8b13112323294ffa83d050f6bafad53db3173df4ff034aa325dce67561d1fa35086bd62744d068b78d45e0eb852cc8a15d614474160e5958aed2b5eea5bcd6d7076ab62978fd976767dd8d4f17944fd2ed0caf972437c3a29c81da6be143b6577b4cecbf791319e79fe844e94781b75e701e91f83dd17b27f50b7056434805dda92fab86101d0b12e31ad04c6e75ded645b30b748887935c564a41029af7aeb799d8b67f88fa11f2457cf4d71b91c01cf1a0fbd4080a411a142acef4eb34486e66879ed54b7a397fbb0e3d3861cf735706e412066bd96b5308cd7018c22d4f974691bca9f0
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 6129152700000000002a
-      Version: 3
-      TBS:
-        MD5: 0bb058d116f02817737920f112d9fd3b
-        SHA1: fd116235171a4feafedee586b7a59185fb5fd7e6
-        SHA256: f970426cc46d2ae0fc5f899fa19dbe76e05f07e525654c60c3c9399492c291f4
-        SHA384: c0df876be008c26ca407fe904e6f5e7ccded17f9c16830ce9f8022309c9e64c97f494810f152811ae43e223b82ad7cc6
-    Signer:
-    - SerialNumber: 11218f56dafd7542d5f3d70b213e2a546cff
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 0b5c9cd3aba44e676db021ef2c00fc45
-    SHA1: 51cce8a4ba776bf947e796c39beed532e3e4bf87
-    SHA256: c2c9369065835fd61a176b79323fbd54eff3e8c28cb32aff70bc05afafe01ec3
-  Sections:
-    .text:
-      Entropy: 6.338062454207204
-      Virtual Size: '0x20f8'
-    .rdata:
-      Entropy: 4.492487138872645
-      Virtual Size: '0x2fc'
-    .data:
-      Entropy: 0.5159719988134768
-      Virtual Size: '0x110'
-    .pdata:
-      Entropy: 3.734575031910455
-      Virtual Size: '0x114'
-    INIT:
-      Entropy: 5.457750027739125
-      Virtual Size: '0x6e8'
-    .rsrc:
-      Entropy: 3.2712100257771235
-      Virtual Size: '0x370'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2013-05-25 07:02:31'
-  Imphash: 955e7b12a8fa06444c68e54026c45de1
-  LoadsDespiteHVCI: 'FALSE'
-Tags:
-- RwDrv.sys
+-   Filename: RwDrv.sys
+    MD5: f853abe0dc162601e66e4a346faed854
+    SHA1: 35b28b15835aa0775b57f460d8a03e53dc1fb30f
+    SHA256: 1e0eb0811a7cf1bdaf29d3d2cab373ca51eb8d8b58889ab7728e2d3aed244abe
+    Authentihash:
+        MD5: 9996409a6c7c91374a597ea9d1f7799c
+        SHA1: 5851f58c92f8fd548c42f10c258d1e95afe7ce88
+        SHA256: 1fd7a44b042d397ad5a6417e4aa4b30eb2e40df6274d3ac7155ecc68c88cdb6d
+    Description: RwDrv Driver
+    Company: RW-Everything
+    InternalName: RwDrv.sys
+    OriginalFilename: RwDrv.sys
+    FileVersion: '1.00.00.0000 built by: WinDDK'
+    Product: RwDrv Driver
+    ProductVersion: 1.00.00.0000
+    Copyright: Copyright (C) 2011 RW-Everything
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - IoRegisterPlugPlayNotification
+    - MmFreeContiguousMemorySpecifyCache
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - IoFreeWorkItem
+    - KeInitializeEvent
+    - RtlQueryRegistryValues
+    - KeReleaseSpinLock
+    - MmUnmapIoSpace
+    - IoFreeMdl
+    - MmGetPhysicalAddress
+    - IoGetDeviceObjectPointer
+    - IoBuildAsynchronousFsdRequest
+    - ExInterlockedInsertTailList
+    - IoBuildDeviceIoControlRequest
+    - MmMapIoSpace
+    - IoUnregisterPlugPlayNotification
+    - IofCompleteRequest
+    - KeWaitForSingleObject
+    - IoFreeIrp
+    - RtlCompareMemory
+    - MmUnlockPages
+    - IoCreateSymbolicLink
+    - RtlCopyUnicodeString
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - IoQueueWorkItem
+    - MmAllocateContiguousMemorySpecifyCache
+    - IofCallDriver
+    - KeAcquireSpinLockRaiseToDpc
+    - KeBugCheckEx
+    - IoAllocateWorkItem
+    - ExAllocatePoolWithTag
+    - KeStallExecutionProcessor
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=TW, ST=TAIWAN, L=Taipei, O=ASROCK Incorporation, OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, CN=ASROCK Incorporation
+            ValidFrom: '2011-03-07 00:00:00'
+            ValidTo: '2014-04-03 23:59:59'
+            Signature: e457550022e1dc5fe5a4f5162ea4664b819458f2359662f932d0d95e5ea6fd9ddafef2e213e9b4a46fa9acd6d5a07919479d127beb7ec1c11f0bc376b8ebfa7f815ec4f9b97646c2297359d2d8fda71a21143f33696ca8f3e1f830ef73cddea63b38fe440779ac5ef4885c3e5158183efbd50ecac394edbe86ad65c8245bf56719cd0dd5a13b2baad92c65ab6b2fbfc7aad423fc082e067d6080a3fbc634e58361bb6aa25ef376c78795d025f425faf64d8771549f3f7acfa1a55d4d7c4d8da57cd78411925d37a515cccbd1f978fb26abd268b80ff67b64bd4262e63b04d4015c8af232d9f117bfcec950c5612adbbcd70106d5712f5c70c131fbd19db21e6c
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 45dfec7bb3d378c97feb24efd699bb4e
+            Version: 3
+            TBS:
+                MD5: 544af7037e76dccfe47a9dffd9b847fd
+                SHA1: ea7dceadac1b76a4a0ed5624632072f8aa6ce02c
+                SHA256: 87f5b27417a56e4175d0e0acb7a831961963fad217e5d82fbf699287e8fdab25
+                SHA384: 2b6eb82e226dcec715cc7c98e2bf9a9a0dcb3f4e471827fe95d9dbd452ce459c6ae9525771c673800fa84b679b14db89
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 45dfec7bb3d378c97feb24efd699bb4e
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 0b5c9cd3aba44e676db021ef2c00fc45
+        SHA1: 51cce8a4ba776bf947e796c39beed532e3e4bf87
+        SHA256: c2c9369065835fd61a176b79323fbd54eff3e8c28cb32aff70bc05afafe01ec3
+    Sections:
+        .text:
+            Entropy: 6.3296841255130065
+            Virtual Size: '0x1d88'
+        .rdata:
+            Entropy: 4.4447903026481015
+            Virtual Size: '0x2dc'
+        .data:
+            Entropy: 0.46979092711892695
+            Virtual Size: '0x130'
+        .pdata:
+            Entropy: 3.7351136462328967
+            Virtual Size: '0x108'
+        INIT:
+            Entropy: 5.446921511256779
+            Virtual Size: '0x6d8'
+        .rsrc:
+            Entropy: 3.270238715581358
+            Virtual Size: '0x370'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2011-07-24 18:34:56'
+    Imphash: 955e7b12a8fa06444c68e54026c45de1
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: RwDrv.sys
+    MD5: 4ad30223df1361726ff64417f8515272
+    SHA1: 3f6a997b04d2299ba0e9f505803e8d60d0755f44
+    SHA256: 2470fd1b733314c9b0afa19fd39c5d19aa1b36db598b5ebbe93445caa545da5f
+    Authentihash:
+        MD5: a3b9e0285d00597ea1531664a051be06
+        SHA1: e7fac017b371a43276e03bf5f71d437e8d377930
+        SHA256: 0a3090ae46b3ce5f4cc6ba2d4dd265033e23c813d5c1e9c7a20a84d5d167dae3
+    Description: RW-Everything Read & Write Driver
+    Company: RW-Everything
+    InternalName: RwDrv.sys
+    OriginalFilename: RwDrv.sys
+    FileVersion: '1.00.00.0000 built by: WinDDK'
+    Product: RW-Everything Read & Write Driver
+    ProductVersion: 1.00.00.0000
+    Copyright: Copyright (C) 2008 RW-Everything
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - MmFreeContiguousMemorySpecifyCache
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - RtlQueryRegistryValues
+    - MmUnmapIoSpace
+    - IoFreeMdl
+    - MmGetPhysicalAddress
+    - IoBuildAsynchronousFsdRequest
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - IoFreeIrp
+    - RtlCompareMemory
+    - MmUnlockPages
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - MmAllocateContiguousMemorySpecifyCache
+    - IofCallDriver
+    - KeBugCheckEx
+    - ExAllocatePoolWithTag
+    - KeStallExecutionProcessor
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=TW, ST=TAIWAN, L=Taipei, O=ASROCK Incorporation, OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, CN=ASROCK Incorporation
+            ValidFrom: '2014-03-07 00:00:00'
+            ValidTo: '2017-05-05 23:59:59'
+            Signature: 1a2d36e51fc7012c4b1548f12a0b4dbef774c3662171e0e1779f412648292619a8d74f8603af4fff5516d4859e7a26de9f0f688b2714b64ff296e56165afb0781c9a9dd23220d939c15cc218fe29d63d9ccd12f74127268c027d4041d392cad853e9da0a6d9379ac46efa8fe2099da7c49374b6c416139038143a94cc56334fad15ccbba2a821a22591d2c5b1449999e40af21e4f8280485d02056d904740e5c73a36e30c43376e7dbc8d0ccb7520e4bffc6501d0c0674a684398281b23d7dcb4386721fdece5817c74509fe6cc86751cd28e255dd47de330646d6bfe863fc50c773b90078f0332c3a02539c9e82b5e793c288063f91ed5f2036eb6cd4eae9e0
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03ffdaa3aac322387d7eb98acf9524bf
+            Version: 3
+            TBS:
+                MD5: 987b0fb90b05c0b59ba66fb1527c27e3
+                SHA1: 1b5d5279beed01b2355731588b1a26da29218b55
+                SHA256: b3cd9f313e55fce2d39d25dbe303777e5db9d0c01448dcd9ac70c2355bb5b4ea
+                SHA384: 4bb9546cdd73e2bff4224e021b54318e708c822a1a773a9e7246a46054aba1dd14c1651e8f01f5661b4ff4a3241c32ff
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 03ffdaa3aac322387d7eb98acf9524bf
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: a84c01eca8a6ca8e5221dbca3000c16e
+        SHA1: ff0ae5ad07f99ad2ac40b53c5215335a5d84e926
+        SHA256: 961a144592952461a785ff1f4d4f55c4132016b9fbbce3d881edf6131038533b
+    Sections:
+        .text:
+            Entropy: 6.33719868492894
+            Virtual Size: '0x1a18'
+        .rdata:
+            Entropy: 4.5497517244655885
+            Virtual Size: '0x244'
+        .data:
+            Entropy: 0.46979092711892695
+            Virtual Size: '0x130'
+        .pdata:
+            Entropy: 3.69068788056556
+            Virtual Size: '0xf0'
+        INIT:
+            Entropy: 5.389076647519401
+            Virtual Size: '0x4b8'
+        .rsrc:
+            Entropy: 3.3169950909252863
+            Virtual Size: '0x3c0'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2015-12-25 01:39:58'
+    Imphash: 9d7183c1d8107495354c4fad9dae3452
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: RwDrv.sys
+    MD5: 969f1d19449dc5c2535dd5786093f651
+    SHA1: 78834ff75e2ff8b7456e85114802e58bc9fda457
+    SHA256: 2bf29a2df52110ed463d51376562afceac0e80fbb1033284cf50edd86c406b14
+    Authentihash:
+        MD5: a36411168cc8b448c6864d890c7727ea
+        SHA1: c2f2ac17f06be23c0b71f929ea63356123f3a72f
+        SHA256: aa7f25d4857a4b443222934bcbb0904348a799fc884096f653d921817c0b34aa
+    Description: RW-Everything Read & Write Driver
+    Company: RW-Everything
+    InternalName: RwDrv.sys
+    OriginalFilename: RwDrv.sys
+    FileVersion: '1.00.00.0000 built by: WinDDK'
+    Product: RW-Everything Read & Write Driver
+    ProductVersion: 1.00.00.0000
+    Copyright: Copyright (C) 2008 RW-Everything
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - MmFreeContiguousMemorySpecifyCache
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - RtlQueryRegistryValues
+    - MmUnmapIoSpace
+    - IoFreeMdl
+    - MmGetPhysicalAddress
+    - IoBuildAsynchronousFsdRequest
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - IoFreeIrp
+    - RtlCompareMemory
+    - MmUnlockPages
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - MmAllocateContiguousMemorySpecifyCache
+    - IofCallDriver
+    - KeBugCheckEx
+    - ExAllocatePoolWithTag
+    - KeStallExecutionProcessor
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=TW, ST=TAIWAN, L=Taipei, O=ASROCK Incorporation, OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, CN=ASROCK Incorporation
+            ValidFrom: '2011-03-07 00:00:00'
+            ValidTo: '2014-04-03 23:59:59'
+            Signature: e457550022e1dc5fe5a4f5162ea4664b819458f2359662f932d0d95e5ea6fd9ddafef2e213e9b4a46fa9acd6d5a07919479d127beb7ec1c11f0bc376b8ebfa7f815ec4f9b97646c2297359d2d8fda71a21143f33696ca8f3e1f830ef73cddea63b38fe440779ac5ef4885c3e5158183efbd50ecac394edbe86ad65c8245bf56719cd0dd5a13b2baad92c65ab6b2fbfc7aad423fc082e067d6080a3fbc634e58361bb6aa25ef376c78795d025f425faf64d8771549f3f7acfa1a55d4d7c4d8da57cd78411925d37a515cccbd1f978fb26abd268b80ff67b64bd4262e63b04d4015c8af232d9f117bfcec950c5612adbbcd70106d5712f5c70c131fbd19db21e6c
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 45dfec7bb3d378c97feb24efd699bb4e
+            Version: 3
+            TBS:
+                MD5: 544af7037e76dccfe47a9dffd9b847fd
+                SHA1: ea7dceadac1b76a4a0ed5624632072f8aa6ce02c
+                SHA256: 87f5b27417a56e4175d0e0acb7a831961963fad217e5d82fbf699287e8fdab25
+                SHA384: 2b6eb82e226dcec715cc7c98e2bf9a9a0dcb3f4e471827fe95d9dbd452ce459c6ae9525771c673800fa84b679b14db89
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 45dfec7bb3d378c97feb24efd699bb4e
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: a84c01eca8a6ca8e5221dbca3000c16e
+        SHA1: ff0ae5ad07f99ad2ac40b53c5215335a5d84e926
+        SHA256: 961a144592952461a785ff1f4d4f55c4132016b9fbbce3d881edf6131038533b
+    Sections:
+        .text:
+            Entropy: 6.33719868492894
+            Virtual Size: '0x1a18'
+        .rdata:
+            Entropy: 4.5787387017033945
+            Virtual Size: '0x23c'
+        .data:
+            Entropy: 0.46979092711892695
+            Virtual Size: '0x130'
+        .pdata:
+            Entropy: 3.6827706533576845
+            Virtual Size: '0xf0'
+        INIT:
+            Entropy: 5.39314476777941
+            Virtual Size: '0x4b8'
+        .rsrc:
+            Entropy: 3.3169950909252863
+            Virtual Size: '0x3c0'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2011-05-19 01:42:38'
+    Imphash: 9d7183c1d8107495354c4fad9dae3452
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: RwDrv.sys
+    MD5: c2585e2696e21e25c05122e37e75a947
+    SHA1: f736ccbb44c4de97cf9e9022e1379a4f58f5a5b8
+    SHA256: 3279593db91bb7ad5b489a01808c645eafafda6cc9c39f50d10ccc30203f2ddf
+    Authentihash:
+        MD5: 0496b6428ce874959af5387ce44b4eaf
+        SHA1: 39257fb86df888207e4f3a7768561b4ab1557848
+        SHA256: d475c4fe917020d420b5d0cf1f074b1427f49bd1f4414873501be51700f8832d
+    Description: RwDrv Driver
+    Company: RW-Everything
+    InternalName: RwDrv.sys
+    OriginalFilename: RwDrv.sys
+    FileVersion: '1.00.00.0000 built by: WinDDK'
+    Product: RwDrv Driver
+    ProductVersion: 1.00.00.0000
+    Copyright: Copyright (C) 2011 RW-Everything
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - IoRegisterPlugPlayNotification
+    - MmFreeContiguousMemorySpecifyCache
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - IoFreeWorkItem
+    - KeInitializeEvent
+    - RtlQueryRegistryValues
+    - KeReleaseSpinLock
+    - MmUnmapIoSpace
+    - IoFreeMdl
+    - MmGetPhysicalAddress
+    - IoGetDeviceObjectPointer
+    - IoBuildAsynchronousFsdRequest
+    - ExInterlockedInsertTailList
+    - IoBuildDeviceIoControlRequest
+    - MmMapIoSpace
+    - IoUnregisterPlugPlayNotification
+    - IofCompleteRequest
+    - KeWaitForSingleObject
+    - IoFreeIrp
+    - RtlCompareMemory
+    - MmUnlockPages
+    - IoCreateSymbolicLink
+    - RtlCopyUnicodeString
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - IoQueueWorkItem
+    - MmAllocateContiguousMemorySpecifyCache
+    - IofCallDriver
+    - KeAcquireSpinLockRaiseToDpc
+    - KeBugCheckEx
+    - IoAllocateWorkItem
+    - ExAllocatePoolWithTag
+    - KeStallExecutionProcessor
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: CN=ccf(TestCo)
+            ValidFrom: '2022-11-26 13:56:19'
+            ValidTo: '2039-12-31 23:59:59'
+            Signature: 7e36e0c156b1833305532bd71b31ac46e8ecda9e6ae43daa5fa320096f3a11a25088a82063ecbcd7f51700d61bdd85257ba4cc35e4e73f54f5ab8feb6a2ab7ca9d876f5ca6ff8a69dfe683ee68705fdcdc13ced023247ddd1b495d2cb4ffe68981d4c71359c55af660c55965a7c1ba8fdb6d953b1b29b6a60eca2919ed1e7c516171400e52f3b0c2cc770b4c2471395681b2b79868188dc6c04c2adfad8f83886d64c7beaba6cc6fd34b707edc53d4d93aa4245b081fe140c47d63240e896dd95e04fb1c161f64a68200fbdd3fb66a9ce574e436dca6f5edfb340606fc0fc16043590b3a70586d2b3736214164adf83157f1fc43214718418f906e45c1aada4b
+            SignatureAlgorithmOID: 1.3.14.3.2.29
+            IsCertificateAuthority: true
+            SerialNumber: 7030126691c282b942598e0cdadcf4bc
+            Version: 3
+            TBS:
+                MD5: ef07eb5dd1fe11676d44b02b8602d5e1
+                SHA1: 9ae0ce1b89411464dfdac02c612029a9d5a19e72
+                SHA256: 3a580d5a4df2f7c27cf557526c7fda5d509134a5e70f831e1dbf6234a88ca43e
+                SHA384: 8e713ea4722c50a2659f7db5e98acd9a8392326ee3a4e4973462a71e80a26a7512f1bdcdb090e0b3abe9012e7021eb81
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Trusted
+                Root G4
+            ValidFrom: '2022-08-01 00:00:00'
+            ValidTo: '2031-11-09 23:59:59'
+            Signature: 70a0bf435c55e7385fa0a3741b3db616d7f7bf5707bd9aaca1872cec855ea91abb22f8871a695422eda488776dbd1a14f4134a7a2f2db738eff4ff80b9f8a1f7f272de24bc5203c84ed02adefa2d56cff9f4f7ac307a9a8bb25ed4cfd143449b4321eb9672a148b499cb9d4fa7060313772744d4e77fe859a8f0bf2f0ba6e9f2343cecf703c787a8d24c401935466a6954b0b8a1568eeca4d53de8b1dcfd1cd8f4775a5c548c6fefa1503dfc760968849f6fcadb208d35601c0203cb20b0ac58a00e4063c59822c1b259f5556bcf27ab6c76ce6f232df47e716a236b22ff12b8542d277ed83ad9f0b68796fd5bd15cac18c34d9f73b701a99f57aa5e28e2b994
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.12
+            IsCertificateAuthority: true
+            SerialNumber: 0e9b188ef9d02de7efdb50e20840185a
+            Version: 3
+            TBS:
+                MD5: 21a266bd49f2778b24d13d95641ea6ac
+                SHA1: 21319f341fdf06bf6a104427afa8b7823b1ea7f3
+                SHA256: e933dc68ee65abd1f9b1aa6738eff60a6895d3d8cc4accf0c69069aa3decd757
+                SHA384: 11533efd6b326a4e065a936de300fe0586a479f93d569d2403bd62c7ad35f1b2199daee3adb510f429c4fc97b4b024e3
+        -   Subject: C=US, O=DigiCert, Inc., CN=DigiCert Trusted G4 RSA4096 SHA256
+                TimeStamping CA
+            ValidFrom: '2022-03-23 00:00:00'
+            ValidTo: '2037-03-22 23:59:59'
+            Signature: 7d598ec093b66f98a94422017e66d6d82142e1b0182e104d13cf3053cebf18fbc7505de24b29fb708a0daa2969fc69c1cf1d07e93e60c8d80be55c5bd76d87fa842025343167cdb612966fc4504c621d0c0882a816bda956cf15738d012225ce95693f4777fb727414d7ffab4f8a2c7aab85cd435fed60b6aa4f91669e2c9ee08aace5fd8cbc6426876c92bd9d7cd0700a7cefa8bc754fba5af7a910b25de9ff285489f0d58a717665daccf072a323fac0278244ae99271bab241e26c1b7de2aebf69eb1799981a35686ab0a45c9dfc48da0e798fbfba69d72afc4c7c1c16a71d9c6138009c4b69fcd878724bb4fa349b9776691f1729ce94b0252a7377e9353ac3b1d08490f94cd397addff256399272c3d3f6ba7f166c341cd4fb6409b212140d0b71324cddc1d783ae49eade5347192d7266be43873aba6014fbd3f3b78ad4cadfbc4957bed0a5f33398741787a38e99ce1dd23fd1d28d3c7f9e8f1985ffb2bd87ef2469d752c1e272c26db6f157b1e198b36b893d4e6f2179959ca70f037bf9800df20164f27fb606716a166badd55c03a2986b098a02bed9541b73ad5159831b462090f0abd81d913febfa4d1f357d9bc04fa82de32df0489f000cd5dc2f9d0237f000be4760226d9f0657642a6298709472be67f1aa4850ffc9896f655542b1f80fac0f20e2be5d6fba92f44154ae7130e1ddb37381aa12bf6edd67cfc
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 073637b724547cd847acfd28662a5e5b
+            Version: 3
+            TBS:
+                MD5: e4b8ad9932ff9205f580cf8fb2afbb86
+                SHA1: 5301f7044d78bf94dd2b6e4871083a17fdba1dcc
+                SHA256: c3d01499a5d1d2f71e0f44e78fbfa4b8aadb43dd4f226401e0c1d7a6d53357fa
+                SHA384: 84b5f399da5a4f4387269adfd951ef7d2197c29552ed2d2e449060664c3825d6bdb2acc3e563d999e54652f7384f445e
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp 2022 , 2
+            ValidFrom: '2022-09-21 00:00:00'
+            ValidTo: '2033-11-21 23:59:59'
+            Signature: 55aa2a1af346f378573730fc75e34fd68523f1fcf995399b25e6f7728a98c377d464fc15fb36c249512c7888635509463900fc69d4ca9b29fba33fc0c9009b131db09889dc78f2cd7c85cd539daf62e26166a3142a45874a98422b50fc1bb59e083009fae42dd7098979f909e688ce7d1bb86aa29bc1536009e8a3b89dd7ad1f1cb8ec9841f0f60e80fbe4ffdf9d10a7eb00ba5f4a8f1a3a52b4eabf0949153536599a0f54d2b21b7f7e5e09ad76548a746dcad205672b76ebff98b226953819884414e50a59a26be7223e4421d23f1cc09bed7c48b2d8920c914f3c6694af5d0253eb9ee29ee4d31f8601649c00c2e95a74750d3de17988bf1c0197c9192380d7365a5f9616b1630cc646403bce5d35d4593e439a18aec3c9cbc3fb9b135f6ab5c7e0f305c359df27622bde41c953b9ff341067f62632987bfe5c42948194829dac0a8bc64b154ad3989045603380e023def803a4f64547e5ceb8034247e841367177adfda2e897744e2eda1e1d8c5ac81e9ad5c2f0c622a84f9bbdd81c9a51c42f9af65fa72797ba962e8557c060e778567f6aefc2959a4b1102c8829cc91a057cba71b54e7a996cf4e89ed45a98c89fbf8dbb185c43f5d02ae8e262ee7804dbbdd1fb5b0aa8707ef0978478e308035d472c63a825389701d23f3adae5e5f6e69bdc7e2cccff174c4d00a2d8d6010eb88beee6e07255892c271961f677018c
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 0c4d69724b94fa3c2a4a3d2907803d5a
+            Version: 3
+            TBS:
+                MD5: 812cb8ca0c79b318780ec5128ad13c1d
+                SHA1: 3f8047d078307123301e50a25e9afb0dc4b6843d
+                SHA256: 0c0b121e6f807bc22d4e0f4945634c22eca7e4d5ca58a1526a40e918a35c1d79
+                SHA384: 86aab81948499b3c90833253a853e7b3fd82ccf7b65b35806831ab60814bfc6ad8848c990df262a1c89b6fc4267dad81
+        Signer:
+        -   SerialNumber: 7030126691c282b942598e0cdadcf4bc
+            Issuer: CN=ccf(TestCo)
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 0b5c9cd3aba44e676db021ef2c00fc45
+        SHA1: 51cce8a4ba776bf947e796c39beed532e3e4bf87
+        SHA256: c2c9369065835fd61a176b79323fbd54eff3e8c28cb32aff70bc05afafe01ec3
+    Sections:
+        .text:
+            Entropy: 6.338062454207204
+            Virtual Size: '0x20f8'
+        .rdata:
+            Entropy: 4.492487138872645
+            Virtual Size: '0x2fc'
+        .data:
+            Entropy: 0.5159719988134768
+            Virtual Size: '0x110'
+        .pdata:
+            Entropy: 3.734575031910455
+            Virtual Size: '0x114'
+        INIT:
+            Entropy: 5.457750027739125
+            Virtual Size: '0x6e8'
+        .rsrc:
+            Entropy: 3.2712100257771235
+            Virtual Size: '0x370'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2013-05-25 07:02:31'
+    Imphash: 955e7b12a8fa06444c68e54026c45de1
+    LoadsDespiteHVCI: 'TRUE'
+-   Filename: RwDrv.sys
+    MD5: 7437d4070b5c018e05354c179f1d5e2a
+    SHA1: 03a56369b8b143049a6ec9f6cc4ef91ac2775863
+    SHA256: 3384f4a892f7aa72c43280ff682d85c8e3936f37a68d978d307a9461149192de
+    Authentihash:
+        MD5: 7fd75a9a4906445cc73a0a402bae506a
+        SHA1: cd111bf04815d4d1040a2813efb2d15ccfbd9b74
+        SHA256: a97e5c6cd926fa47ab1a69963169223cc669bd654a2f128165ba4ebe1d08bd17
+    Description: RW-Everything Read & Write Driver
+    Company: RW-Everything
+    InternalName: RwDrv.sys
+    OriginalFilename: RwDrv.sys
+    FileVersion: '1.00.00.0000 built by: WinDDK'
+    Product: RW-Everything Read & Write Driver
+    ProductVersion: 1.00.00.0000
+    Copyright: Copyright (C) 2008 RW-Everything
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - IoRegisterPlugPlayNotification
+    - MmFreeContiguousMemorySpecifyCache
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - IoFreeWorkItem
+    - KeInitializeEvent
+    - RtlQueryRegistryValues
+    - KeReleaseSpinLock
+    - MmUnmapIoSpace
+    - IoFreeMdl
+    - MmGetPhysicalAddress
+    - IoGetDeviceObjectPointer
+    - IoBuildAsynchronousFsdRequest
+    - ExInterlockedInsertTailList
+    - IoBuildDeviceIoControlRequest
+    - MmMapIoSpace
+    - IoUnregisterPlugPlayNotification
+    - IofCompleteRequest
+    - KeWaitForSingleObject
+    - IoFreeIrp
+    - RtlCompareMemory
+    - MmUnlockPages
+    - IoCreateSymbolicLink
+    - RtlCopyUnicodeString
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - IoQueueWorkItem
+    - MmAllocateContiguousMemorySpecifyCache
+    - IofCallDriver
+    - KeAcquireSpinLockRaiseToDpc
+    - KeBugCheckEx
+    - IoAllocateWorkItem
+    - ExAllocatePoolWithTag
+    - KeStallExecutionProcessor
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=TW, ST=TAIWAN, L=Taipei, O=ASROCK Incorporation, OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, CN=ASROCK Incorporation
+            ValidFrom: '2011-03-07 00:00:00'
+            ValidTo: '2014-04-03 23:59:59'
+            Signature: e457550022e1dc5fe5a4f5162ea4664b819458f2359662f932d0d95e5ea6fd9ddafef2e213e9b4a46fa9acd6d5a07919479d127beb7ec1c11f0bc376b8ebfa7f815ec4f9b97646c2297359d2d8fda71a21143f33696ca8f3e1f830ef73cddea63b38fe440779ac5ef4885c3e5158183efbd50ecac394edbe86ad65c8245bf56719cd0dd5a13b2baad92c65ab6b2fbfc7aad423fc082e067d6080a3fbc634e58361bb6aa25ef376c78795d025f425faf64d8771549f3f7acfa1a55d4d7c4d8da57cd78411925d37a515cccbd1f978fb26abd268b80ff67b64bd4262e63b04d4015c8af232d9f117bfcec950c5612adbbcd70106d5712f5c70c131fbd19db21e6c
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 45dfec7bb3d378c97feb24efd699bb4e
+            Version: 3
+            TBS:
+                MD5: 544af7037e76dccfe47a9dffd9b847fd
+                SHA1: ea7dceadac1b76a4a0ed5624632072f8aa6ce02c
+                SHA256: 87f5b27417a56e4175d0e0acb7a831961963fad217e5d82fbf699287e8fdab25
+                SHA384: 2b6eb82e226dcec715cc7c98e2bf9a9a0dcb3f4e471827fe95d9dbd452ce459c6ae9525771c673800fa84b679b14db89
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 45dfec7bb3d378c97feb24efd699bb4e
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 0b5c9cd3aba44e676db021ef2c00fc45
+        SHA1: 51cce8a4ba776bf947e796c39beed532e3e4bf87
+        SHA256: c2c9369065835fd61a176b79323fbd54eff3e8c28cb32aff70bc05afafe01ec3
+    Sections:
+        .text:
+            Entropy: 6.3306583515744315
+            Virtual Size: '0x1d78'
+        .rdata:
+            Entropy: 4.501642272077274
+            Virtual Size: '0x2ec'
+        .data:
+            Entropy: 0.46979092711892695
+            Virtual Size: '0x130'
+        .pdata:
+            Entropy: 3.639355894711397
+            Virtual Size: '0x108'
+        INIT:
+            Entropy: 5.413592444908746
+            Virtual Size: '0x6f0'
+        .rsrc:
+            Entropy: 3.3169950909252863
+            Virtual Size: '0x3c0'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2011-05-31 00:05:48'
+    Imphash: 955e7b12a8fa06444c68e54026c45de1
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: RwDrv.sys
+    MD5: 903c149851e9929ec45daefc544fcd99
+    SHA1: 1901467b6f04a93b35d3ca0727c8a14f3ce3ed52
+    SHA256: 45ba688a4bded8a7e78a4f5b0dc21004e951ddceb014bb92f51a3301d2fbc56a
+    Authentihash:
+        MD5: 0496b6428ce874959af5387ce44b4eaf
+        SHA1: 39257fb86df888207e4f3a7768561b4ab1557848
+        SHA256: d475c4fe917020d420b5d0cf1f074b1427f49bd1f4414873501be51700f8832d
+    Description: RwDrv Driver
+    Company: RW-Everything
+    InternalName: RwDrv.sys
+    OriginalFilename: RwDrv.sys
+    FileVersion: '1.00.00.0000 built by: WinDDK'
+    Product: RwDrv Driver
+    ProductVersion: 1.00.00.0000
+    Copyright: Copyright (C) 2011 RW-Everything
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - IoRegisterPlugPlayNotification
+    - MmFreeContiguousMemorySpecifyCache
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - IoFreeWorkItem
+    - KeInitializeEvent
+    - RtlQueryRegistryValues
+    - KeReleaseSpinLock
+    - MmUnmapIoSpace
+    - IoFreeMdl
+    - MmGetPhysicalAddress
+    - IoGetDeviceObjectPointer
+    - IoBuildAsynchronousFsdRequest
+    - ExInterlockedInsertTailList
+    - IoBuildDeviceIoControlRequest
+    - MmMapIoSpace
+    - IoUnregisterPlugPlayNotification
+    - IofCompleteRequest
+    - KeWaitForSingleObject
+    - IoFreeIrp
+    - RtlCompareMemory
+    - MmUnlockPages
+    - IoCreateSymbolicLink
+    - RtlCopyUnicodeString
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - IoQueueWorkItem
+    - MmAllocateContiguousMemorySpecifyCache
+    - IofCallDriver
+    - KeAcquireSpinLockRaiseToDpc
+    - KeBugCheckEx
+    - IoAllocateWorkItem
+    - ExAllocatePoolWithTag
+    - KeStallExecutionProcessor
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: CN=lab,z.com
+            ValidFrom: '2022-07-26 05:54:45'
+            ValidTo: '2039-12-31 23:59:59'
+            Signature: 3509d504605054d964ca214b28b1926809a3009a7852971a2b9e44a225131f0f772bdd65194ba25e929c2892fbcd99e37100985452a2f5a079b2e356731faf0d2f32dc47c09415c07d529d4f0383a52904b1f2d19ccbf17b5c99829593ff626607b95465f79d0e07bca1164d482e2e9b7f7bc03678804f6179453076e1de7e2a144438534dbe9a91f62d46d6fd3bf6971dfafa79c2c69bf330ba5ff3011f45bff7b21f1ebe80cf9a48f8c1381cf4199dd580a4a55c2f9166a3c7e0ac5f7f942183339ea90fdcfe92f41cb7a26aba213b769f439bb8e6f16862cc65661f92b1c272834ec4da1a39100f238079c5de28067ebbcff9445262e4ba04106ad75facde
+            SignatureAlgorithmOID: 1.3.14.3.2.29
+            IsCertificateAuthority: true
+            SerialNumber: 0dabd5a60a452fb44eadf46f478c7028
+            Version: 3
+            TBS:
+                MD5: 0f0faff15ab5919650797c8d5d0fd4e0
+                SHA1: 7753a3a0158d16efbdecf1e164312129f399c071
+                SHA256: 21b6837c7e333d897b1a3aab5ef0eb3c7d3b4d16e40fb55f114c7cb4910292a6
+                SHA384: 73c02bdd7f0ea2c38b95fdebc7a343f6dbcae91aa050f03ba6663add653ccca285325e8459d6e3b2f1568fe62bcc6089
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Trusted
+                Root G4
+            ValidFrom: '2022-06-09 00:00:00'
+            ValidTo: '2031-11-09 23:59:59'
+            Signature: 9a1602a501ef81fb0db458b278ada82319d97337da609e51d7cbf82f40b9a31f7c404e333e903ce789017585e8627b1d56e071bade5ec637bc795c62004df8497a514d0632f3c5d2002a2720ea892e1539e02c3ef8757c2c824161350f23d0ed3595d288952943cbe0a658107c538e9f45c9203714c0ed19ba7e7739d25496c7a611df3433f67552424b1c9d8d96d5956c471214245f2641fa1a46bddeb0e5914703ac1808cbcbdb66897f2b9c65bfbe374ebe2df39d4ac3cccc475ec89595add1cbbb2a0620f93f72ea36eb4572927a297b14033cfb4dd648717a10118a0874cd6c1b045cd28a950376515053d62ef74a46c3ae102c714cb087b62737446044
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.12
+            IsCertificateAuthority: true
+            SerialNumber: 01240afb1e380b8a16f14b719df4d3c0
+            Version: 3
+            TBS:
+                MD5: a780e8237c69d6012c9a0ce5576fbab0
+                SHA1: 613115803ff02f51d735686030790041e4207ecd
+                SHA256: 2a73e196c22294f2670b352ff3e37cb6c586d5754c67f2557c10dc49295e32dd
+                SHA384: 71f67d14277b8318635b771249919e29fa673b9f3b7b41ad50b83f38a0a128860d0a49f0fb212bec5bbacaf538749d57
+        -   Subject: C=US, O=DigiCert, Inc., CN=DigiCert Trusted G4 RSA4096 SHA256
+                TimeStamping CA
+            ValidFrom: '2022-03-23 00:00:00'
+            ValidTo: '2037-03-22 23:59:59'
+            Signature: 7d598ec093b66f98a94422017e66d6d82142e1b0182e104d13cf3053cebf18fbc7505de24b29fb708a0daa2969fc69c1cf1d07e93e60c8d80be55c5bd76d87fa842025343167cdb612966fc4504c621d0c0882a816bda956cf15738d012225ce95693f4777fb727414d7ffab4f8a2c7aab85cd435fed60b6aa4f91669e2c9ee08aace5fd8cbc6426876c92bd9d7cd0700a7cefa8bc754fba5af7a910b25de9ff285489f0d58a717665daccf072a323fac0278244ae99271bab241e26c1b7de2aebf69eb1799981a35686ab0a45c9dfc48da0e798fbfba69d72afc4c7c1c16a71d9c6138009c4b69fcd878724bb4fa349b9776691f1729ce94b0252a7377e9353ac3b1d08490f94cd397addff256399272c3d3f6ba7f166c341cd4fb6409b212140d0b71324cddc1d783ae49eade5347192d7266be43873aba6014fbd3f3b78ad4cadfbc4957bed0a5f33398741787a38e99ce1dd23fd1d28d3c7f9e8f1985ffb2bd87ef2469d752c1e272c26db6f157b1e198b36b893d4e6f2179959ca70f037bf9800df20164f27fb606716a166badd55c03a2986b098a02bed9541b73ad5159831b462090f0abd81d913febfa4d1f357d9bc04fa82de32df0489f000cd5dc2f9d0237f000be4760226d9f0657642a6298709472be67f1aa4850ffc9896f655542b1f80fac0f20e2be5d6fba92f44154ae7130e1ddb37381aa12bf6edd67cfc
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 073637b724547cd847acfd28662a5e5b
+            Version: 3
+            TBS:
+                MD5: e4b8ad9932ff9205f580cf8fb2afbb86
+                SHA1: 5301f7044d78bf94dd2b6e4871083a17fdba1dcc
+                SHA256: c3d01499a5d1d2f71e0f44e78fbfa4b8aadb43dd4f226401e0c1d7a6d53357fa
+                SHA384: 84b5f399da5a4f4387269adfd951ef7d2197c29552ed2d2e449060664c3825d6bdb2acc3e563d999e54652f7384f445e
+        -   Subject: C=US, O=DigiCert, Inc., CN=DigiCert Timestamp 2022 , 2
+            ValidFrom: '2022-03-29 00:00:00'
+            ValidTo: '2033-03-14 23:59:59'
+            Signature: 0d2d2374a6d1f5f8ea4b993f01e4f60ce4af169dd9b38c9782299c436f012dab38b57011bf84198b3f5de5864fbe933ade2a395a394ed88459a5bc1b98aae86cefd1486919385bcf89391d7070d94edf23226cd5dff659cba1c2ea4c76caa1dca12b96b89b55a91a6b7dd1f502094f82d6a57388c49880dfee4995b7b3ccc5a7ee0ee1ef1e388a9fef11c9314a58b6df387ccbfa5cf7e453bf6e0a7c7ed7de98d52965890fa29cc065f4012265c7ea5e74a65b3592507cf417a687644f3e46891663206bcbf27bd035e34a7048a9b6e71d60bd04221525700672a9443b694711d3eee9c7a03e4f10b93036e4f3aa6909a88b7e64a2659411fb6e32f1f5bb38adcdc09311d532784a4b372a4cf35cdcb685c0bb70305578d698fe546d7f71a9481a78dd46772e1b7ac0338af84a288c12a873cf2df9d323f29e19e00d9428a0ebdb1a51a095828e286ba4ce9d76dea973aa486a5943ae5feaf80f06429ddf066896fe2aa0745b6366de6b2cb878aa4d706df02cf107157e35b4e6b50ca299a5d7156b350e85d6e02ccce00c24b87c520b1e997cefc8c8c58c5869afab3de1cfcc7d15ae14bf8a71dfca97b1d847ea1c85e0454e121c142958cc6fd37fcbbec10e4a6f209caed973325908e72d92a11a11fe3298a65d2b97e08bd39ccc6db50dae47633847175b6f13da6a106e1f49b7445bb4080a875a59047611a1a77702131c
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 0a7a4a889ec99942900663384d86979d
+            Version: 3
+            TBS:
+                MD5: d49300b4e758e36a3832679763a83c58
+                SHA1: ec3075370fcea680e09497d44a4b246012f24160
+                SHA256: fa5e895ff2603de9e15939a00299836f73e5778058f22194f696d19e79a8b010
+                SHA384: 13ab2eedcd7e712f635ca1da3dc30cd8d8e22cedcf5a2c4994181509dddbf76867d07925b9a514d123bc1d5cab41fe9f
+        Signer:
+        -   SerialNumber: 0dabd5a60a452fb44eadf46f478c7028
+            Issuer: CN=lab,z.com
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 0b5c9cd3aba44e676db021ef2c00fc45
+        SHA1: 51cce8a4ba776bf947e796c39beed532e3e4bf87
+        SHA256: c2c9369065835fd61a176b79323fbd54eff3e8c28cb32aff70bc05afafe01ec3
+    Sections:
+        .text:
+            Entropy: 6.338062454207204
+            Virtual Size: '0x20f8'
+        .rdata:
+            Entropy: 4.492487138872645
+            Virtual Size: '0x2fc'
+        .data:
+            Entropy: 0.5159719988134768
+            Virtual Size: '0x110'
+        .pdata:
+            Entropy: 3.734575031910455
+            Virtual Size: '0x114'
+        INIT:
+            Entropy: 5.457750027739125
+            Virtual Size: '0x6e8'
+        .rsrc:
+            Entropy: 3.2712100257771235
+            Virtual Size: '0x370'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2013-05-25 07:02:31'
+    Imphash: 955e7b12a8fa06444c68e54026c45de1
+    LoadsDespiteHVCI: 'TRUE'
+-   Filename: RwDrv.sys
+    MD5: 60e84516c6ec6dfdae7b422d1f7cab06
+    SHA1: 66e95daee3d1244a029d7f3d91915f1f233d1916
+    SHA256: d969845ef6acc8e5d3421a7ce7e244f419989710871313b04148f9b322751e5d
+    Authentihash:
+        MD5: 0496b6428ce874959af5387ce44b4eaf
+        SHA1: 39257fb86df888207e4f3a7768561b4ab1557848
+        SHA256: d475c4fe917020d420b5d0cf1f074b1427f49bd1f4414873501be51700f8832d
+    Description: RwDrv Driver
+    Company: RW-Everything
+    InternalName: RwDrv.sys
+    OriginalFilename: RwDrv.sys
+    FileVersion: '1.00.00.0000 built by: WinDDK'
+    Product: RwDrv Driver
+    ProductVersion: 1.00.00.0000
+    Copyright: Copyright (C) 2011 RW-Everything
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - IoRegisterPlugPlayNotification
+    - MmFreeContiguousMemorySpecifyCache
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - IoFreeWorkItem
+    - KeInitializeEvent
+    - RtlQueryRegistryValues
+    - KeReleaseSpinLock
+    - MmUnmapIoSpace
+    - IoFreeMdl
+    - MmGetPhysicalAddress
+    - IoGetDeviceObjectPointer
+    - IoBuildAsynchronousFsdRequest
+    - ExInterlockedInsertTailList
+    - IoBuildDeviceIoControlRequest
+    - MmMapIoSpace
+    - IoUnregisterPlugPlayNotification
+    - IofCompleteRequest
+    - KeWaitForSingleObject
+    - IoFreeIrp
+    - RtlCompareMemory
+    - MmUnlockPages
+    - IoCreateSymbolicLink
+    - RtlCopyUnicodeString
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - IoQueueWorkItem
+    - MmAllocateContiguousMemorySpecifyCache
+    - IofCallDriver
+    - KeAcquireSpinLockRaiseToDpc
+    - KeBugCheckEx
+    - IoAllocateWorkItem
+    - ExAllocatePoolWithTag
+    - KeStallExecutionProcessor
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=TW, CN=ChongKim Chan
+            ValidFrom: '2012-07-31 20:41:59'
+            ValidTo: '2013-08-01 20:41:59'
+            Signature: 6b86336c2008e3d1a9cb42f4e323c36c782602b06948e63b7cc646ca61b5768677c2cdd5cf24f58d68844079cd6d8e9534b3170a0261fe64ea47971eecf4a84de8174a4a8b5c6ad87894cf5cc8a10ec522db9697504b208442ae34ec6e9a0e85d93470f66374f36c4f1ec3483c136497b2880d8ba4de0342b5aa2c0890ad80e010c8e34ae8792740e677952d3bc05a36a032ab7bbb64051d506f674e0232f66900c8c29dad2df6960012a8bb216f9e83157632545ead40db592c1e7de76f407601b111113e9b087db3e780f21a61e9f7593e96332f0c35162e0900a61c6ba3a88faee64d9fe94cad5705d6d16585603b5bb376161bdcf01b0bb9022bb360aceb
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 11218f56dafd7542d5f3d70b213e2a546cff
+            Version: 3
+            TBS:
+                MD5: b990c61c8edf9e8d0ac6504541be0b65
+                SHA1: 519e011f6cab88c812da20225dd37cc1808d5180
+                SHA256: 5b8b9e8e3ddd3ab7cc1f8531e88d83cb075539bb4473ed348d80a13dc1a4e065
+                SHA384: 98aa58231d0881595c83ab26289a982c0ff7f697e2a30eb1ff3bea3058897a722b67966a665b5a893cb0daa9dc88f93e
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2011-04-15 19:55:08'
+            ValidTo: '2021-04-15 20:05:08'
+            Signature: 5ff8d065746a81c6a6ca5b03b6914ae84bbdef2ba142f0efb4a5adcd3389ec0b9585ac62501108aa58d25aa08310e5a6337af25af2c5fe787cf09c83df190ad97396002dd62ccde914d41d9de83f3c1a76f7904efb01350a6c9313a0c356eb67a0e4d17a96dec267f190f80a7bf5321b94ec5f751f8d1b34da6c58a7cb2d279e2226b7c9aa30cc0777b836e38201b5393ccc8dd9a75f7f23b3877fdb5798918bd7ce2520e39d644fdd87f72b68490318e0a5df7c5f68644d36838d4781f2e9e0a869abfa7b163c05a449ea8830190a6c73055178dfd41ddd3ad47f2de44e54be83431e7a7433b4a4ebd77073bc2a02988966eef6bc8f749378e329025a5a43e258ce7ccf9acad236893be25fda26054ec8d4e72c910e1797c5beee8b13112323294ffa83d050f6bafad53db3173df4ff034aa325dce67561d1fa35086bd62744d068b78d45e0eb852cc8a15d614474160e5958aed2b5eea5bcd6d7076ab62978fd976767dd8d4f17944fd2ed0caf972437c3a29c81da6be143b6577b4cecbf791319e79fe844e94781b75e701e91f83dd17b27f50b7056434805dda92fab86101d0b12e31ad04c6e75ded645b30b748887935c564a41029af7aeb799d8b67f88fa11f2457cf4d71b91c01cf1a0fbd4080a411a142acef4eb34486e66879ed54b7a397fbb0e3d3861cf735706e412066bd96b5308cd7018c22d4f974691bca9f0
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 6129152700000000002a
+            Version: 3
+            TBS:
+                MD5: 0bb058d116f02817737920f112d9fd3b
+                SHA1: fd116235171a4feafedee586b7a59185fb5fd7e6
+                SHA256: f970426cc46d2ae0fc5f899fa19dbe76e05f07e525654c60c3c9399492c291f4
+                SHA384: c0df876be008c26ca407fe904e6f5e7ccded17f9c16830ce9f8022309c9e64c97f494810f152811ae43e223b82ad7cc6
+        Signer:
+        -   SerialNumber: 11218f56dafd7542d5f3d70b213e2a546cff
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 0b5c9cd3aba44e676db021ef2c00fc45
+        SHA1: 51cce8a4ba776bf947e796c39beed532e3e4bf87
+        SHA256: c2c9369065835fd61a176b79323fbd54eff3e8c28cb32aff70bc05afafe01ec3
+    Sections:
+        .text:
+            Entropy: 6.338062454207204
+            Virtual Size: '0x20f8'
+        .rdata:
+            Entropy: 4.492487138872645
+            Virtual Size: '0x2fc'
+        .data:
+            Entropy: 0.5159719988134768
+            Virtual Size: '0x110'
+        .pdata:
+            Entropy: 3.734575031910455
+            Virtual Size: '0x114'
+        INIT:
+            Entropy: 5.457750027739125
+            Virtual Size: '0x6e8'
+        .rsrc:
+            Entropy: 3.2712100257771235
+            Virtual Size: '0x370'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2013-05-25 07:02:31'
+    Imphash: 955e7b12a8fa06444c68e54026c45de1
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/b074dcb5-b278-4434-bdd9-14a055d724f3.yaml b/yaml/b074dcb5-b278-4434-bdd9-14a055d724f3.yaml
index 78f193a56..558a978b2 100644
--- a/yaml/b074dcb5-b278-4434-bdd9-14a055d724f3.yaml
+++ b/yaml/b074dcb5-b278-4434-bdd9-14a055d724f3.yaml
@@ -1,82 +1,82 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: b074dcb5-b278-4434-bdd9-14a055d724f3
+Tags:
+- mlgbbiicaihflrnh.sys
+Verified: 'TRUE'
 Author: Michael Haag
+Created: '2023-07-22'
+MitreID: T1068
 CVE:
 - ''
 Category: malicious
 Commands:
-  Command: ''
-  Description: Confirmed vulnerable driver from Microsoft Block List
-  OperatingSystem: Windows
-  Privileges: kernel
-  Usecase: Elevate privileges
-Created: '2023-07-22'
-Detection:
-- type: ''
-  value: ''
-Id: b074dcb5-b278-4434-bdd9-14a055d724f3
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 37458813b5115cbf06552da28fefbbbb
-    SHA1: 1d1cafc73c97c6bcd2331f8777d90fdca57125a3
-    SHA256: faa08cb609a5b7be6bfdb61f1e4a5e8adf2f5a1d2492f262483df7326934f5d4
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2016-09-05 00:43:33'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - IofCompleteRequest
-  - MmGetSystemRoutineAddress
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - IoDeleteDevice
-  Imports:
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: 5fec28e8f4f76e5ede24beb32a32b9d7
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: b2f23c03be4553a744ff25735a80073c
-    SHA1: 2703d60c8f12df9d6adf5ae475bfeb1786486888
-    SHA256: 46ffd109664b6694974986a39d508002d564434d60a0fb9f861401f2cb2c83f1
-  SHA1: fcf9978cf1af2e9b1e2eaf509513664dfcc1847b
-  SHA256: 7433f14b40c674c5e87b6210c330d5bcaf2f6f52d632ae29e9b7cf3ca405665b
-  Sections:
-    .text:
-      Entropy: 5.848826218029174
-      Virtual Size: '0x4e0'
-    .data:
-      Entropy: -0.0
-      Virtual Size: '0xc0'
-    .pdata:
-      Entropy: 3.006469661076665
-      Virtual Size: '0x48'
-    .info:
-      Entropy: 1.3665783978789787
-      Virtual Size: '0xa0'
-    INIT:
-      Entropy: 4.123682579107587
-      Virtual Size: '0x114'
-  Signature: ''
-  Signatures: {}
-  Imphash: 45bfe170e0cd654bc1e2ae3fca3ac3f4
-  LoadsDespiteHVCI: 'FALSE'
-MitreID: T1068
+    Command: ''
+    Description: Confirmed vulnerable driver from Microsoft Block List
+    OperatingSystem: Windows
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://gist.github.com/mgraeber-rc/1bde6a2a83237f17b463d051d32e802c
-Tags:
-- mlgbbiicaihflrnh.sys
-Verified: 'TRUE'
+Detection:
+-   type: ''
+    value: ''
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 37458813b5115cbf06552da28fefbbbb
+        SHA1: 1d1cafc73c97c6bcd2331f8777d90fdca57125a3
+        SHA256: faa08cb609a5b7be6bfdb61f1e4a5e8adf2f5a1d2492f262483df7326934f5d4
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2016-09-05 00:43:33'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - IofCompleteRequest
+    - MmGetSystemRoutineAddress
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - IoDeleteDevice
+    Imports:
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: 5fec28e8f4f76e5ede24beb32a32b9d7
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: b2f23c03be4553a744ff25735a80073c
+        SHA1: 2703d60c8f12df9d6adf5ae475bfeb1786486888
+        SHA256: 46ffd109664b6694974986a39d508002d564434d60a0fb9f861401f2cb2c83f1
+    SHA1: fcf9978cf1af2e9b1e2eaf509513664dfcc1847b
+    SHA256: 7433f14b40c674c5e87b6210c330d5bcaf2f6f52d632ae29e9b7cf3ca405665b
+    Sections:
+        .text:
+            Entropy: 5.848826218029174
+            Virtual Size: '0x4e0'
+        .data:
+            Entropy: -0.0
+            Virtual Size: '0xc0'
+        .pdata:
+            Entropy: 3.006469661076665
+            Virtual Size: '0x48'
+        .info:
+            Entropy: 1.3665783978789787
+            Virtual Size: '0xa0'
+        INIT:
+            Entropy: 4.123682579107587
+            Virtual Size: '0x114'
+    Signature: ''
+    Signatures: {}
+    Imphash: 45bfe170e0cd654bc1e2ae3fca3ac3f4
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/b0dedc3f-6e4b-497a-aade-390cbf4beebb.yaml b/yaml/b0dedc3f-6e4b-497a-aade-390cbf4beebb.yaml
index 6f793fbf4..aaf4c33f6 100644
--- a/yaml/b0dedc3f-6e4b-497a-aade-390cbf4beebb.yaml
+++ b/yaml/b0dedc3f-6e4b-497a-aade-390cbf4beebb.yaml
@@ -1,769 +1,770 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: b0dedc3f-6e4b-497a-aade-390cbf4beebb
+Tags:
+- GtcKmdfBs.sys
+Verified: 'TRUE'
 Author: Takahiro Haruyama
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create GtcKmdfBssys binPath= C:\windows\temp\GtcKmdfBssys.sys type=kernel
-    && sc.exe start GtcKmdfBssys
-  Description: The Carbon Black Threat Analysis Unit (TAU) discovered 34 unique vulnerable
-    drivers (237 file hashes) accepting firmware access. Six allow kernel memory access.
-    All give full control of the devices to non-admin users. By exploiting the vulnerable
-    drivers, an attacker without the system privilege may erase/alter firmware, and/or
-    elevate privileges. As of the time of writing in October 2023, the filenames of
-    the vulnerable drivers have not been made public until now.
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-11-02'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: b0dedc3f-6e4b-497a-aade-390cbf4beebb
-KnownVulnerableSamples:
-- Company: Getac Technology Corporation
-  Date: ''
-  Description: Getac System Service Provider
-  FileVersion: 21, 2, 0, 4
-  Filename: ''
-  MD5: e4ea7ebfa142d20a92fbe468a77eafa6
-  MachineType: AMD64
-  OriginalFilename: GtcKmdfBs.sys
-  Product: Getac System Service Provider
-  ProductVersion: 21, 2, 0, 4
-  Publisher: ''
-  SHA1: 31529d0e73f7fbfbe8c28367466c404c0e3e1d5a
-  SHA256: 0abca92512fc98fe6c2e7d0a33935686fc3acbd0a4c68b51f4a70ece828c0664
-  Signature: ''
-  Imphash: b1ed268dfdf4f39960971eb5822a4755
-  Authentihash:
-    MD5: dfc36c92d6e0de7f4f181f421812d103
-    SHA1: 9792ae85f09261a18cfc30a68d2dae36cebd3163
-    SHA256: 5d8a10b966e30ee6a696ecc6809936411be7ff672593998693c6b1a58baf0e42
-  RichPEHeaderHash:
-    MD5: ab91c31bf25b2b22cc46d71ce6d549dc
-    SHA1: f7354f413084e5ec85ff07e4a994760cad35efa3
-    SHA256: 6b417e304c4534d60ab3a4c65cb90f3f908c4f072509567a8bc3ead1583d3ce2
-  Sections:
-    .text:
-      Entropy: 6.282135142526532
-      Virtual Size: '0x1e05'
-    .rdata:
-      Entropy: 5.5696875879999235
-      Virtual Size: '0xfc8'
-    .data:
-      Entropy: 0.994818260930543
-      Virtual Size: '0x3e0'
-    .pdata:
-      Entropy: 4.285160508851652
-      Virtual Size: '0x390'
-    PAGE:
-      Entropy: 6.2404523713107505
-      Virtual Size: '0x4afc'
-    INIT:
-      Entropy: 5.644926332667292
-      Virtual Size: '0x6a8'
-    .rsrc:
-      Entropy: 3.4338688890390414
-      Virtual Size: '0x628'
-    .reloc:
-      Entropy: 3.628051844656089
-      Virtual Size: '0x44'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2021-02-22 23:31:41'
-  InternalName: mtcBSv64.sys
-  Copyright: Copyright (C) 2019 Getac Technology Corporation
-  Imports:
-  - cng.sys
-  - ntoskrnl.exe
-  - WppRecorder.sys
-  - WDFLDR.SYS
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - BCryptSetProperty
-  - BCryptCloseAlgorithmProvider
-  - BCryptDecrypt
-  - BCryptOpenAlgorithmProvider
-  - BCryptDestroyKey
-  - BCryptImportKey
-  - BCryptGetProperty
-  - MmUnmapIoSpace
-  - IoWMIRegistrationControl
-  - MmGetSystemRoutineAddress
-  - RtlInitUnicodeString
-  - RtlCopyUnicodeString
-  - MmMapIoSpace
-  - _vsnwprintf
-  - IoWriteErrorLogEntry
-  - IoAllocateErrorLogEntry
-  - DbgPrintEx
-  - WppAutoLogStart
-  - WppAutoLogStop
-  - imp_WppRecorderReplay
-  - WppAutoLogTrace
-  - WdfVersionBind
-  - WdfVersionUnbind
-  - WdfVersionUnbindClass
-  - WdfVersionBindClass
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 Extended Validation Code Signing CA , G2
-      ValidFrom: '2014-03-04 00:00:00'
-      ValidTo: '2024-03-03 23:59:59'
-      Signature: 3f5b19f3fa13d575382a5aee9f5aa04ca91dc5cc94eede15fef5106ea41ba56483541858c40b28a185c34e74e5ff897cfed5ed3cba719f5602268f162a88feb0a32722ce4be2388e00a63a865f9de53ea8de644941744121fd07c88417da1d653082cb264f39d60427a481b14b49c3238b7e02321827b7ab0bf31872b6a4ee67066f38a6588de0f17e5da460c6a8e5505fe0e8bae28f9958b6b5a0a876f1a2f11c8841727e52979b0a36998d50f701eb3ce7f0226ae5358c63368a1ab1d967665f971aefa8209df02fba6cced9948500f158f17dc97c22b5075d02c6e60bbfab9393ff27188e33367e5734f1c3af04c184f156b3e8878336f8d30a31dc6e2c6d
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 191a32cb759c97b8cfac118dd5127f49
-      Version: 3
-      TBS:
-        MD5: 788b61bd26da89253179e3de2cdb527f
-        SHA1: 7d06f16e7bf21bce4f71c2cb7a3e74351451bf69
-        SHA256: b3c925b4048c3f7c444d248a2b101186b57cba39596eb5dce0e17a4ee4b32f19
-        SHA384: 2955e28cb7ec0ea9730b499a0f189f9621eceb02591a9486b583f12bb845885a30d6a871826318a167cc5f06b274e58c
-    - Subject: ??=TW, ??=Taipei, ??=Taipei City, ??=Private Organization, serialNumber=22099532,
-        C=TW, ST=Taipei, L=Taipei City, O=Getac Technology Corp., CN=Getac Technology
-        Corp.
-      ValidFrom: '2018-05-15 00:00:00'
-      ValidTo: '2021-05-13 23:59:59'
-      Signature: c6d7c068ee995750afcde9392916cb31b300864a35a41e0eaf4f2da79218c1baf1b5ed4b579470ef8996679aabd86ac8e7562b0b4bb74780ab483fda4c30d0e94ef2f8e117a3a5c0c27630e8c0803feb493b55d686e3ed918faab1bc756a6a7ad1e2516e05f98fc950679f32c60d74f954ee6adcef2ee2dcb5bcdca54732b22317f2d232ff0a81373efbe9c95471b69bb3dd9b0f500d37e9e31addf551ce7f849d8a8c9a67eca7eb6d83ebbcbd2253448f671254866b68f3c23b4529a91696666f3f32a081852045ebb792e8f037acd4eba8559d8d1e6a575072b8b2727f28d698b2291c57f100a9ace0d803f62401e75b572aa73c3c5aeb7d4554bc9814c5e7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 3ace4ace02076b0bd6bb6ed06cbb540e
-      Version: 3
-      TBS:
-        MD5: ebe3c04dee2bdd919e2ac4735ec46780
-        SHA1: c99e6b965d1da2c16d701a22fcbae0ab5f7d0836
-        SHA256: b82ef870260c5011fb8e9704b0eea6fc65a1fdf2cd05bd898e44a89ff714795f
-        SHA384: 67c38f21e27542536331784edc6de9d71e84ce69b06e5bc8c0ef03ef7de181e7192fd63f754111d3c6b66ce51a661c17
-    Signer:
-    - SerialNumber: 3ace4ace02076b0bd6bb6ed06cbb540e
-      Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 Extended Validation Code Signing CA , G2
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: Getac Technology Corporation
-  Date: ''
-  Description: Getac System Service Provider
-  FileVersion: 21, 2, 0, 3
-  Filename: ''
-  MD5: 449bb1c656fa30de7702f17e35b11cd3
-  MachineType: AMD64
-  OriginalFilename: GtcKmdfBs.sys
-  Product: Getac System Service Provider
-  ProductVersion: 21, 2, 0, 3
-  Publisher: ''
-  SHA1: 273634ac170d1a6abd32e0db597376a6f62eb59e
-  SHA256: 4b465faf013929edf2f605c8cd1ac7a278ddc9a536c4c34096965e6852cbfb51
-  Signature: ''
-  Imphash: fc789f89340a45f1ab6c49e61b1f6b40
-  Authentihash:
-    MD5: 297e5b42f20370c97d9d0ae19a1335ff
-    SHA1: 6d3a6ace2ba6ceb28fbec4995fc3f206054609fc
-    SHA256: cf63f518c9e45fe87d336c87938eb587049602707f1ed16d605f8521f88e4a96
-  RichPEHeaderHash:
-    MD5: 617bcd4ff070340b124b41d0af0830ae
-    SHA1: fe26b24a5dd2ae13dc8f934a29f4bfd8ed242739
-    SHA256: c935e200cf50f432b092791b7e3c1e5e1f279d5b16bc0bd2d31718e51435c53b
-  Sections:
-    .text:
-      Entropy: 6.321952526961005
-      Virtual Size: '0x1ac5'
-    .rdata:
-      Entropy: 5.2068044528926825
-      Virtual Size: '0xbe4'
-    .data:
-      Entropy: 0.9298765672317081
-      Virtual Size: '0x3d0'
-    .pdata:
-      Entropy: 4.206578796431607
-      Virtual Size: '0x324'
-    PAGE:
-      Entropy: 6.204373283412655
-      Virtual Size: '0x390c'
-    INIT:
-      Entropy: 5.584082912432608
-      Virtual Size: '0x632'
-    .rsrc:
-      Entropy: 3.4146472535282086
-      Virtual Size: '0x5c0'
-    .reloc:
-      Entropy: 3.5500043357756796
-      Virtual Size: '0x34'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2019-09-26 20:08:13'
-  InternalName: mtcBSv64.sys
-  Copyright: Copyright (C) 2019 Getac Technology Corporation
-  Imports:
-  - cng.sys
-  - ntoskrnl.exe
-  - WppRecorder.sys
-  - WDFLDR.SYS
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - BCryptDecrypt
-  - BCryptSetProperty
-  - BCryptDestroyKey
-  - BCryptOpenAlgorithmProvider
-  - BCryptGetProperty
-  - BCryptCloseAlgorithmProvider
-  - BCryptImportKey
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - MmGetSystemRoutineAddress
-  - RtlInitUnicodeString
-  - IoWMIRegistrationControl
-  - _vsnwprintf
-  - IoWriteErrorLogEntry
-  - IoAllocateErrorLogEntry
-  - RtlCopyUnicodeString
-  - WppAutoLogTrace
-  - WppAutoLogStop
-  - WppAutoLogStart
-  - WdfVersionBind
-  - WdfVersionUnbind
-  - WdfVersionUnbindClass
-  - WdfVersionBindClass
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 Extended Validation Code Signing CA , G2
-      ValidFrom: '2014-03-04 00:00:00'
-      ValidTo: '2024-03-03 23:59:59'
-      Signature: 3f5b19f3fa13d575382a5aee9f5aa04ca91dc5cc94eede15fef5106ea41ba56483541858c40b28a185c34e74e5ff897cfed5ed3cba719f5602268f162a88feb0a32722ce4be2388e00a63a865f9de53ea8de644941744121fd07c88417da1d653082cb264f39d60427a481b14b49c3238b7e02321827b7ab0bf31872b6a4ee67066f38a6588de0f17e5da460c6a8e5505fe0e8bae28f9958b6b5a0a876f1a2f11c8841727e52979b0a36998d50f701eb3ce7f0226ae5358c63368a1ab1d967665f971aefa8209df02fba6cced9948500f158f17dc97c22b5075d02c6e60bbfab9393ff27188e33367e5734f1c3af04c184f156b3e8878336f8d30a31dc6e2c6d
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 191a32cb759c97b8cfac118dd5127f49
-      Version: 3
-      TBS:
-        MD5: 788b61bd26da89253179e3de2cdb527f
-        SHA1: 7d06f16e7bf21bce4f71c2cb7a3e74351451bf69
-        SHA256: b3c925b4048c3f7c444d248a2b101186b57cba39596eb5dce0e17a4ee4b32f19
-        SHA384: 2955e28cb7ec0ea9730b499a0f189f9621eceb02591a9486b583f12bb845885a30d6a871826318a167cc5f06b274e58c
-    - Subject: ??=TW, ??=Taipei, ??=Taipei City, ??=Private Organization, serialNumber=22099532,
-        C=TW, ST=Taipei, L=Taipei City, O=Getac Technology Corp., CN=Getac Technology
-        Corp.
-      ValidFrom: '2018-05-15 00:00:00'
-      ValidTo: '2021-05-13 23:59:59'
-      Signature: c6d7c068ee995750afcde9392916cb31b300864a35a41e0eaf4f2da79218c1baf1b5ed4b579470ef8996679aabd86ac8e7562b0b4bb74780ab483fda4c30d0e94ef2f8e117a3a5c0c27630e8c0803feb493b55d686e3ed918faab1bc756a6a7ad1e2516e05f98fc950679f32c60d74f954ee6adcef2ee2dcb5bcdca54732b22317f2d232ff0a81373efbe9c95471b69bb3dd9b0f500d37e9e31addf551ce7f849d8a8c9a67eca7eb6d83ebbcbd2253448f671254866b68f3c23b4529a91696666f3f32a081852045ebb792e8f037acd4eba8559d8d1e6a575072b8b2727f28d698b2291c57f100a9ace0d803f62401e75b572aa73c3c5aeb7d4554bc9814c5e7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 3ace4ace02076b0bd6bb6ed06cbb540e
-      Version: 3
-      TBS:
-        MD5: ebe3c04dee2bdd919e2ac4735ec46780
-        SHA1: c99e6b965d1da2c16d701a22fcbae0ab5f7d0836
-        SHA256: b82ef870260c5011fb8e9704b0eea6fc65a1fdf2cd05bd898e44a89ff714795f
-        SHA384: 67c38f21e27542536331784edc6de9d71e84ce69b06e5bc8c0ef03ef7de181e7192fd63f754111d3c6b66ce51a661c17
-    Signer:
-    - SerialNumber: 3ace4ace02076b0bd6bb6ed06cbb540e
-      Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 Extended Validation Code Signing CA , G2
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: Getac Technology Corporation
-  Date: ''
-  Description: Getac System Service Provider
-  FileVersion: 21, 2, 0, 1
-  Filename: ''
-  MD5: 4ec08e0bcdf3e880e7f5a7d78a73440c
-  MachineType: AMD64
-  OriginalFilename: GtcKmdfBs.sys
-  Product: Getac System Service Provider
-  ProductVersion: 21, 2, 0, 1
-  Publisher: ''
-  SHA1: a22c111045b4358f8279190e50851c443534fc24
-  SHA256: e6023b8fd2ce4ad2f3005a53aa160772e43fe58da8e467bd05ab71f3335fb822
-  Signature: ''
-  Imphash: b4a71a1265f5f82cf383af17e229acb5
-  Authentihash:
-    MD5: 2981c28ff4148a7b1ecb4ed28e389319
-    SHA1: 571a9735893053c2540bf40d353094b5576464af
-    SHA256: 1eff553cab0e6db50aa18e1ea10fbc9349b7529c938df4bed580f037cddd1309
-  RichPEHeaderHash:
-    MD5: b24be74d1225b5f991e3e124a533eabf
-    SHA1: 5eded17830b30b2018723541845d5090b48494b8
-    SHA256: 033c3293cd3c0095f6b3f8961e09cffe8c7ee0d271796e4c3bbf157d073b8a62
-  Sections:
-    .text:
-      Entropy: 6.312768831948087
-      Virtual Size: '0x1b05'
-    .rdata:
-      Entropy: 5.185029336318361
-      Virtual Size: '0xbec'
-    .data:
-      Entropy: 0.9274447068843711
-      Virtual Size: '0x3c0'
-    .pdata:
-      Entropy: 4.166289744857919
-      Virtual Size: '0x324'
-    PAGE:
-      Entropy: 6.20925603930929
-      Virtual Size: '0x393c'
-    INIT:
-      Entropy: 5.606148390136363
-      Virtual Size: '0x652'
-    .rsrc:
-      Entropy: 3.4104540927575835
-      Virtual Size: '0x5c0'
-    .reloc:
-      Entropy: 3.584439240025572
-      Virtual Size: '0x34'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2019-07-09 01:12:34'
-  InternalName: mtcBSv64.sys
-  Copyright: Copyright (C) 2019 Getac Technology Corporation
-  Imports:
-  - cng.sys
-  - ntoskrnl.exe
-  - WppRecorder.sys
-  - WDFLDR.SYS
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - BCryptSetProperty
-  - BCryptCloseAlgorithmProvider
-  - BCryptDecrypt
-  - BCryptOpenAlgorithmProvider
-  - BCryptDestroyKey
-  - BCryptImportKey
-  - BCryptGetProperty
-  - MmUnmapIoSpace
-  - IoWMIRegistrationControl
-  - MmGetSystemRoutineAddress
-  - RtlInitUnicodeString
-  - MmMapIoSpace
-  - _vsnwprintf
-  - IoWriteErrorLogEntry
-  - IoAllocateErrorLogEntry
-  - RtlCopyUnicodeString
-  - WppAutoLogStart
-  - WppAutoLogStop
-  - imp_WppRecorderReplay
-  - WppAutoLogTrace
-  - WdfVersionBind
-  - WdfVersionUnbind
-  - WdfVersionUnbindClass
-  - WdfVersionBindClass
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 Extended Validation Code Signing CA , G2
-      ValidFrom: '2014-03-04 00:00:00'
-      ValidTo: '2024-03-03 23:59:59'
-      Signature: 3f5b19f3fa13d575382a5aee9f5aa04ca91dc5cc94eede15fef5106ea41ba56483541858c40b28a185c34e74e5ff897cfed5ed3cba719f5602268f162a88feb0a32722ce4be2388e00a63a865f9de53ea8de644941744121fd07c88417da1d653082cb264f39d60427a481b14b49c3238b7e02321827b7ab0bf31872b6a4ee67066f38a6588de0f17e5da460c6a8e5505fe0e8bae28f9958b6b5a0a876f1a2f11c8841727e52979b0a36998d50f701eb3ce7f0226ae5358c63368a1ab1d967665f971aefa8209df02fba6cced9948500f158f17dc97c22b5075d02c6e60bbfab9393ff27188e33367e5734f1c3af04c184f156b3e8878336f8d30a31dc6e2c6d
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 191a32cb759c97b8cfac118dd5127f49
-      Version: 3
-      TBS:
-        MD5: 788b61bd26da89253179e3de2cdb527f
-        SHA1: 7d06f16e7bf21bce4f71c2cb7a3e74351451bf69
-        SHA256: b3c925b4048c3f7c444d248a2b101186b57cba39596eb5dce0e17a4ee4b32f19
-        SHA384: 2955e28cb7ec0ea9730b499a0f189f9621eceb02591a9486b583f12bb845885a30d6a871826318a167cc5f06b274e58c
-    - Subject: ??=TW, ??=Taipei, ??=Taipei City, ??=Private Organization, serialNumber=22099532,
-        C=TW, ST=Taipei, L=Taipei City, O=Getac Technology Corp., CN=Getac Technology
-        Corp.
-      ValidFrom: '2018-05-15 00:00:00'
-      ValidTo: '2021-05-13 23:59:59'
-      Signature: c6d7c068ee995750afcde9392916cb31b300864a35a41e0eaf4f2da79218c1baf1b5ed4b579470ef8996679aabd86ac8e7562b0b4bb74780ab483fda4c30d0e94ef2f8e117a3a5c0c27630e8c0803feb493b55d686e3ed918faab1bc756a6a7ad1e2516e05f98fc950679f32c60d74f954ee6adcef2ee2dcb5bcdca54732b22317f2d232ff0a81373efbe9c95471b69bb3dd9b0f500d37e9e31addf551ce7f849d8a8c9a67eca7eb6d83ebbcbd2253448f671254866b68f3c23b4529a91696666f3f32a081852045ebb792e8f037acd4eba8559d8d1e6a575072b8b2727f28d698b2291c57f100a9ace0d803f62401e75b572aa73c3c5aeb7d4554bc9814c5e7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 3ace4ace02076b0bd6bb6ed06cbb540e
-      Version: 3
-      TBS:
-        MD5: ebe3c04dee2bdd919e2ac4735ec46780
-        SHA1: c99e6b965d1da2c16d701a22fcbae0ab5f7d0836
-        SHA256: b82ef870260c5011fb8e9704b0eea6fc65a1fdf2cd05bd898e44a89ff714795f
-        SHA384: 67c38f21e27542536331784edc6de9d71e84ce69b06e5bc8c0ef03ef7de181e7192fd63f754111d3c6b66ce51a661c17
-    Signer:
-    - SerialNumber: 3ace4ace02076b0bd6bb6ed06cbb540e
-      Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 Extended Validation Code Signing CA , G2
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: Getac Technology Corporation
-  Date: ''
-  Description: Getac System Service Provider
-  FileVersion: 20, 2, 0, 3
-  Filename: ''
-  MD5: cc35379f0421b907004a9099611ee2cd
-  MachineType: I386
-  OriginalFilename: GtcKmdfBs.sys
-  Product: Getac System Service Provider
-  ProductVersion: 20, 2, 0, 3
-  Publisher: ''
-  SHA1: 2e9466d5a814c20403be7c7a5811039ca833bd5d
-  SHA256: e6d1ee0455068b74cf537388c874acb335382876aa9d74586efb05d6cc362ae5
-  Signature: ''
-  Imphash: fc9c0ba924e7f104eda5254aaeacc5e8
-  Authentihash:
-    MD5: f0459065e545f61f3e87d36e23dbf9c5
-    SHA1: 578a154d0420b3575d26060061428b2feb793356
-    SHA256: 37b0aaf4e3cdc9d4c475a3a08ad2ba1e28e177d7359546c9b0bba14ae73dfed0
-  RichPEHeaderHash:
-    MD5: 4d8be868521087c4d27dc5a32db1a2c7
-    SHA1: 9d42b70ad82f9fda96d93c75447d93847f52b20f
-    SHA256: aad37d8d39b973c6a0d2cacdb141ba3d2749046c4e9a41e1eaa685b0d248e001
-  Sections:
-    .text:
-      Entropy: 6.4146958204860285
-      Virtual Size: '0xedd'
-    .rdata:
-      Entropy: 5.152033634402799
-      Virtual Size: '0x714'
-    .data:
-      Entropy: 0.7135808216482484
-      Virtual Size: '0x300'
-    PAGE:
-      Entropy: 6.217158903211452
-      Virtual Size: '0x2e52'
-    INIT:
-      Entropy: 5.659243942333936
-      Virtual Size: '0x668'
-    .rsrc:
-      Entropy: 3.406085189034916
-      Virtual Size: '0x5c0'
-    .reloc:
-      Entropy: 6.659998518678376
-      Virtual Size: '0x558'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2019-09-26 20:07:44'
-  InternalName: mtcBSv32.sys
-  Copyright: Copyright (C) 2019 Getac Technology Corporation
-  Imports:
-  - cng.sys
-  - ntoskrnl.exe
-  - HAL.dll
-  - WppRecorder.sys
-  - WDFLDR.SYS
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - BCryptDestroyKey
-  - BCryptCloseAlgorithmProvider
-  - BCryptSetProperty
-  - BCryptGetProperty
-  - BCryptOpenAlgorithmProvider
-  - BCryptDecrypt
-  - BCryptImportKey
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - WRITE_REGISTER_BUFFER_USHORT
-  - WRITE_REGISTER_BUFFER_UCHAR
-  - READ_REGISTER_BUFFER_ULONG
-  - READ_REGISTER_BUFFER_USHORT
-  - READ_REGISTER_BUFFER_UCHAR
-  - IoWMIRegistrationControl
-  - MmGetSystemRoutineAddress
-  - RtlInitUnicodeString
-  - memset
-  - memcpy
-  - RtlCopyUnicodeString
-  - _vsnwprintf
-  - IoWriteErrorLogEntry
-  - IoAllocateErrorLogEntry
-  - WRITE_REGISTER_BUFFER_ULONG
-  - READ_PORT_UCHAR
-  - READ_PORT_USHORT
-  - READ_PORT_ULONG
-  - WRITE_PORT_UCHAR
-  - WRITE_PORT_USHORT
-  - WRITE_PORT_ULONG
-  - WppAutoLogStart
-  - WppAutoLogTrace
-  - WppAutoLogStop
-  - WdfVersionBindClass
-  - WdfVersionUnbind
-  - WdfVersionBind
-  - WdfVersionUnbindClass
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 Extended Validation Code Signing CA , G2
-      ValidFrom: '2014-03-04 00:00:00'
-      ValidTo: '2024-03-03 23:59:59'
-      Signature: 3f5b19f3fa13d575382a5aee9f5aa04ca91dc5cc94eede15fef5106ea41ba56483541858c40b28a185c34e74e5ff897cfed5ed3cba719f5602268f162a88feb0a32722ce4be2388e00a63a865f9de53ea8de644941744121fd07c88417da1d653082cb264f39d60427a481b14b49c3238b7e02321827b7ab0bf31872b6a4ee67066f38a6588de0f17e5da460c6a8e5505fe0e8bae28f9958b6b5a0a876f1a2f11c8841727e52979b0a36998d50f701eb3ce7f0226ae5358c63368a1ab1d967665f971aefa8209df02fba6cced9948500f158f17dc97c22b5075d02c6e60bbfab9393ff27188e33367e5734f1c3af04c184f156b3e8878336f8d30a31dc6e2c6d
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 191a32cb759c97b8cfac118dd5127f49
-      Version: 3
-      TBS:
-        MD5: 788b61bd26da89253179e3de2cdb527f
-        SHA1: 7d06f16e7bf21bce4f71c2cb7a3e74351451bf69
-        SHA256: b3c925b4048c3f7c444d248a2b101186b57cba39596eb5dce0e17a4ee4b32f19
-        SHA384: 2955e28cb7ec0ea9730b499a0f189f9621eceb02591a9486b583f12bb845885a30d6a871826318a167cc5f06b274e58c
-    - Subject: ??=TW, ??=Taipei, ??=Taipei City, ??=Private Organization, serialNumber=22099532,
-        C=TW, ST=Taipei, L=Taipei City, O=Getac Technology Corp., CN=Getac Technology
-        Corp.
-      ValidFrom: '2018-05-15 00:00:00'
-      ValidTo: '2021-05-13 23:59:59'
-      Signature: c6d7c068ee995750afcde9392916cb31b300864a35a41e0eaf4f2da79218c1baf1b5ed4b579470ef8996679aabd86ac8e7562b0b4bb74780ab483fda4c30d0e94ef2f8e117a3a5c0c27630e8c0803feb493b55d686e3ed918faab1bc756a6a7ad1e2516e05f98fc950679f32c60d74f954ee6adcef2ee2dcb5bcdca54732b22317f2d232ff0a81373efbe9c95471b69bb3dd9b0f500d37e9e31addf551ce7f849d8a8c9a67eca7eb6d83ebbcbd2253448f671254866b68f3c23b4529a91696666f3f32a081852045ebb792e8f037acd4eba8559d8d1e6a575072b8b2727f28d698b2291c57f100a9ace0d803f62401e75b572aa73c3c5aeb7d4554bc9814c5e7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 3ace4ace02076b0bd6bb6ed06cbb540e
-      Version: 3
-      TBS:
-        MD5: ebe3c04dee2bdd919e2ac4735ec46780
-        SHA1: c99e6b965d1da2c16d701a22fcbae0ab5f7d0836
-        SHA256: b82ef870260c5011fb8e9704b0eea6fc65a1fdf2cd05bd898e44a89ff714795f
-        SHA384: 67c38f21e27542536331784edc6de9d71e84ce69b06e5bc8c0ef03ef7de181e7192fd63f754111d3c6b66ce51a661c17
-    Signer:
-    - SerialNumber: 3ace4ace02076b0bd6bb6ed06cbb540e
-      Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 Extended Validation Code Signing CA , G2
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: Getac Technology Corporation
-  Date: ''
-  Description: Getac System Service Provider
-  FileVersion: 21, 2, 0, 3
-  Filename: ''
-  MD5: 9993a2a45c745bb0139bf3e8decd626c
-  MachineType: AMD64
-  OriginalFilename: GtcKmdfBs.sys
-  Product: Getac System Service Provider
-  ProductVersion: 21, 2, 0, 3
-  Publisher: ''
-  SHA1: 68b97bfaf61294743ba15ef36357cdb8e963b56e
-  SHA256: edbb23e74562e98b849e5d0eefde3af056ec6e272802a04b61bebd12395754e5
-  Signature: ''
-  Imphash: fc789f89340a45f1ab6c49e61b1f6b40
-  Authentihash:
-    MD5: 297e5b42f20370c97d9d0ae19a1335ff
-    SHA1: 6d3a6ace2ba6ceb28fbec4995fc3f206054609fc
-    SHA256: cf63f518c9e45fe87d336c87938eb587049602707f1ed16d605f8521f88e4a96
-  RichPEHeaderHash:
-    MD5: 617bcd4ff070340b124b41d0af0830ae
-    SHA1: fe26b24a5dd2ae13dc8f934a29f4bfd8ed242739
-    SHA256: c935e200cf50f432b092791b7e3c1e5e1f279d5b16bc0bd2d31718e51435c53b
-  Sections:
-    .text:
-      Entropy: 6.321952526961005
-      Virtual Size: '0x1ac5'
-    .rdata:
-      Entropy: 5.2068044528926825
-      Virtual Size: '0xbe4'
-    .data:
-      Entropy: 0.9298765672317081
-      Virtual Size: '0x3d0'
-    .pdata:
-      Entropy: 4.206578796431607
-      Virtual Size: '0x324'
-    PAGE:
-      Entropy: 6.204373283412655
-      Virtual Size: '0x390c'
-    INIT:
-      Entropy: 5.584082912432608
-      Virtual Size: '0x632'
-    .rsrc:
-      Entropy: 3.4146472535282086
-      Virtual Size: '0x5c0'
-    .reloc:
-      Entropy: 3.5500043357756796
-      Virtual Size: '0x34'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2019-09-26 20:08:13'
-  InternalName: mtcBSv64.sys
-  Copyright: Copyright (C) 2019 Getac Technology Corporation
-  Imports:
-  - cng.sys
-  - ntoskrnl.exe
-  - WppRecorder.sys
-  - WDFLDR.SYS
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - BCryptDecrypt
-  - BCryptSetProperty
-  - BCryptDestroyKey
-  - BCryptOpenAlgorithmProvider
-  - BCryptGetProperty
-  - BCryptCloseAlgorithmProvider
-  - BCryptImportKey
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - MmGetSystemRoutineAddress
-  - RtlInitUnicodeString
-  - IoWMIRegistrationControl
-  - _vsnwprintf
-  - IoWriteErrorLogEntry
-  - IoAllocateErrorLogEntry
-  - RtlCopyUnicodeString
-  - WppAutoLogTrace
-  - WppAutoLogStop
-  - WppAutoLogStart
-  - WdfVersionBind
-  - WdfVersionUnbind
-  - WdfVersionUnbindClass
-  - WdfVersionBindClass
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 Extended Validation Code Signing CA , G2
-      ValidFrom: '2014-03-04 00:00:00'
-      ValidTo: '2024-03-03 23:59:59'
-      Signature: 3f5b19f3fa13d575382a5aee9f5aa04ca91dc5cc94eede15fef5106ea41ba56483541858c40b28a185c34e74e5ff897cfed5ed3cba719f5602268f162a88feb0a32722ce4be2388e00a63a865f9de53ea8de644941744121fd07c88417da1d653082cb264f39d60427a481b14b49c3238b7e02321827b7ab0bf31872b6a4ee67066f38a6588de0f17e5da460c6a8e5505fe0e8bae28f9958b6b5a0a876f1a2f11c8841727e52979b0a36998d50f701eb3ce7f0226ae5358c63368a1ab1d967665f971aefa8209df02fba6cced9948500f158f17dc97c22b5075d02c6e60bbfab9393ff27188e33367e5734f1c3af04c184f156b3e8878336f8d30a31dc6e2c6d
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 191a32cb759c97b8cfac118dd5127f49
-      Version: 3
-      TBS:
-        MD5: 788b61bd26da89253179e3de2cdb527f
-        SHA1: 7d06f16e7bf21bce4f71c2cb7a3e74351451bf69
-        SHA256: b3c925b4048c3f7c444d248a2b101186b57cba39596eb5dce0e17a4ee4b32f19
-        SHA384: 2955e28cb7ec0ea9730b499a0f189f9621eceb02591a9486b583f12bb845885a30d6a871826318a167cc5f06b274e58c
-    - Subject: ??=TW, ??=Taipei, ??=Taipei City, ??=Private Organization, serialNumber=22099532,
-        C=TW, ST=Taipei, L=Taipei City, O=Getac Technology Corp., CN=Getac Technology
-        Corp.
-      ValidFrom: '2018-05-15 00:00:00'
-      ValidTo: '2021-05-13 23:59:59'
-      Signature: c6d7c068ee995750afcde9392916cb31b300864a35a41e0eaf4f2da79218c1baf1b5ed4b579470ef8996679aabd86ac8e7562b0b4bb74780ab483fda4c30d0e94ef2f8e117a3a5c0c27630e8c0803feb493b55d686e3ed918faab1bc756a6a7ad1e2516e05f98fc950679f32c60d74f954ee6adcef2ee2dcb5bcdca54732b22317f2d232ff0a81373efbe9c95471b69bb3dd9b0f500d37e9e31addf551ce7f849d8a8c9a67eca7eb6d83ebbcbd2253448f671254866b68f3c23b4529a91696666f3f32a081852045ebb792e8f037acd4eba8559d8d1e6a575072b8b2727f28d698b2291c57f100a9ace0d803f62401e75b572aa73c3c5aeb7d4554bc9814c5e7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 3ace4ace02076b0bd6bb6ed06cbb540e
-      Version: 3
-      TBS:
-        MD5: ebe3c04dee2bdd919e2ac4735ec46780
-        SHA1: c99e6b965d1da2c16d701a22fcbae0ab5f7d0836
-        SHA256: b82ef870260c5011fb8e9704b0eea6fc65a1fdf2cd05bd898e44a89ff714795f
-        SHA384: 67c38f21e27542536331784edc6de9d71e84ce69b06e5bc8c0ef03ef7de181e7192fd63f754111d3c6b66ce51a661c17
-    Signer:
-    - SerialNumber: 3ace4ace02076b0bd6bb6ed06cbb540e
-      Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 Extended Validation Code Signing CA , G2
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create GtcKmdfBssys binPath= C:\windows\temp\GtcKmdfBssys.sys
+        type=kernel && sc.exe start GtcKmdfBssys
+    Description: The Carbon Black Threat Analysis Unit (TAU) discovered 34 unique
+        vulnerable drivers (237 file hashes) accepting firmware access. Six allow
+        kernel memory access. All give full control of the devices to non-admin users.
+        By exploiting the vulnerable drivers, an attacker without the system privilege
+        may erase/alter firmware, and/or elevate privileges. As of the time of writing
+        in October 2023, the filenames of the vulnerable drivers have not been made
+        public until now.
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://blogs.vmware.com/security/2023/10/hunting-vulnerable-kernel-drivers.html
-Tags:
-- GtcKmdfBs.sys
-Verified: 'TRUE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Company: Getac Technology Corporation
+    Date: ''
+    Description: Getac System Service Provider
+    FileVersion: 21, 2, 0, 4
+    Filename: ''
+    MD5: e4ea7ebfa142d20a92fbe468a77eafa6
+    MachineType: AMD64
+    OriginalFilename: GtcKmdfBs.sys
+    Product: Getac System Service Provider
+    ProductVersion: 21, 2, 0, 4
+    Publisher: ''
+    SHA1: 31529d0e73f7fbfbe8c28367466c404c0e3e1d5a
+    SHA256: 0abca92512fc98fe6c2e7d0a33935686fc3acbd0a4c68b51f4a70ece828c0664
+    Signature: ''
+    Imphash: b1ed268dfdf4f39960971eb5822a4755
+    Authentihash:
+        MD5: dfc36c92d6e0de7f4f181f421812d103
+        SHA1: 9792ae85f09261a18cfc30a68d2dae36cebd3163
+        SHA256: 5d8a10b966e30ee6a696ecc6809936411be7ff672593998693c6b1a58baf0e42
+    RichPEHeaderHash:
+        MD5: ab91c31bf25b2b22cc46d71ce6d549dc
+        SHA1: f7354f413084e5ec85ff07e4a994760cad35efa3
+        SHA256: 6b417e304c4534d60ab3a4c65cb90f3f908c4f072509567a8bc3ead1583d3ce2
+    Sections:
+        .text:
+            Entropy: 6.282135142526532
+            Virtual Size: '0x1e05'
+        .rdata:
+            Entropy: 5.5696875879999235
+            Virtual Size: '0xfc8'
+        .data:
+            Entropy: 0.994818260930543
+            Virtual Size: '0x3e0'
+        .pdata:
+            Entropy: 4.285160508851652
+            Virtual Size: '0x390'
+        PAGE:
+            Entropy: 6.2404523713107505
+            Virtual Size: '0x4afc'
+        INIT:
+            Entropy: 5.644926332667292
+            Virtual Size: '0x6a8'
+        .rsrc:
+            Entropy: 3.4338688890390414
+            Virtual Size: '0x628'
+        .reloc:
+            Entropy: 3.628051844656089
+            Virtual Size: '0x44'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2021-02-22 23:31:41'
+    InternalName: mtcBSv64.sys
+    Copyright: Copyright (C) 2019 Getac Technology Corporation
+    Imports:
+    - cng.sys
+    - ntoskrnl.exe
+    - WppRecorder.sys
+    - WDFLDR.SYS
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - BCryptSetProperty
+    - BCryptCloseAlgorithmProvider
+    - BCryptDecrypt
+    - BCryptOpenAlgorithmProvider
+    - BCryptDestroyKey
+    - BCryptImportKey
+    - BCryptGetProperty
+    - MmUnmapIoSpace
+    - IoWMIRegistrationControl
+    - MmGetSystemRoutineAddress
+    - RtlInitUnicodeString
+    - RtlCopyUnicodeString
+    - MmMapIoSpace
+    - _vsnwprintf
+    - IoWriteErrorLogEntry
+    - IoAllocateErrorLogEntry
+    - DbgPrintEx
+    - WppAutoLogStart
+    - WppAutoLogStop
+    - imp_WppRecorderReplay
+    - WppAutoLogTrace
+    - WdfVersionBind
+    - WdfVersionUnbind
+    - WdfVersionUnbindClass
+    - WdfVersionBindClass
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 Extended Validation Code Signing CA , G2
+            ValidFrom: '2014-03-04 00:00:00'
+            ValidTo: '2024-03-03 23:59:59'
+            Signature: 3f5b19f3fa13d575382a5aee9f5aa04ca91dc5cc94eede15fef5106ea41ba56483541858c40b28a185c34e74e5ff897cfed5ed3cba719f5602268f162a88feb0a32722ce4be2388e00a63a865f9de53ea8de644941744121fd07c88417da1d653082cb264f39d60427a481b14b49c3238b7e02321827b7ab0bf31872b6a4ee67066f38a6588de0f17e5da460c6a8e5505fe0e8bae28f9958b6b5a0a876f1a2f11c8841727e52979b0a36998d50f701eb3ce7f0226ae5358c63368a1ab1d967665f971aefa8209df02fba6cced9948500f158f17dc97c22b5075d02c6e60bbfab9393ff27188e33367e5734f1c3af04c184f156b3e8878336f8d30a31dc6e2c6d
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 191a32cb759c97b8cfac118dd5127f49
+            Version: 3
+            TBS:
+                MD5: 788b61bd26da89253179e3de2cdb527f
+                SHA1: 7d06f16e7bf21bce4f71c2cb7a3e74351451bf69
+                SHA256: b3c925b4048c3f7c444d248a2b101186b57cba39596eb5dce0e17a4ee4b32f19
+                SHA384: 2955e28cb7ec0ea9730b499a0f189f9621eceb02591a9486b583f12bb845885a30d6a871826318a167cc5f06b274e58c
+        -   Subject: ??=TW, ??=Taipei, ??=Taipei City, ??=Private Organization, serialNumber=22099532,
+                C=TW, ST=Taipei, L=Taipei City, O=Getac Technology Corp., CN=Getac
+                Technology Corp.
+            ValidFrom: '2018-05-15 00:00:00'
+            ValidTo: '2021-05-13 23:59:59'
+            Signature: c6d7c068ee995750afcde9392916cb31b300864a35a41e0eaf4f2da79218c1baf1b5ed4b579470ef8996679aabd86ac8e7562b0b4bb74780ab483fda4c30d0e94ef2f8e117a3a5c0c27630e8c0803feb493b55d686e3ed918faab1bc756a6a7ad1e2516e05f98fc950679f32c60d74f954ee6adcef2ee2dcb5bcdca54732b22317f2d232ff0a81373efbe9c95471b69bb3dd9b0f500d37e9e31addf551ce7f849d8a8c9a67eca7eb6d83ebbcbd2253448f671254866b68f3c23b4529a91696666f3f32a081852045ebb792e8f037acd4eba8559d8d1e6a575072b8b2727f28d698b2291c57f100a9ace0d803f62401e75b572aa73c3c5aeb7d4554bc9814c5e7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 3ace4ace02076b0bd6bb6ed06cbb540e
+            Version: 3
+            TBS:
+                MD5: ebe3c04dee2bdd919e2ac4735ec46780
+                SHA1: c99e6b965d1da2c16d701a22fcbae0ab5f7d0836
+                SHA256: b82ef870260c5011fb8e9704b0eea6fc65a1fdf2cd05bd898e44a89ff714795f
+                SHA384: 67c38f21e27542536331784edc6de9d71e84ce69b06e5bc8c0ef03ef7de181e7192fd63f754111d3c6b66ce51a661c17
+        Signer:
+        -   SerialNumber: 3ace4ace02076b0bd6bb6ed06cbb540e
+            Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 Extended Validation Code Signing CA , G2
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: Getac Technology Corporation
+    Date: ''
+    Description: Getac System Service Provider
+    FileVersion: 21, 2, 0, 3
+    Filename: ''
+    MD5: 449bb1c656fa30de7702f17e35b11cd3
+    MachineType: AMD64
+    OriginalFilename: GtcKmdfBs.sys
+    Product: Getac System Service Provider
+    ProductVersion: 21, 2, 0, 3
+    Publisher: ''
+    SHA1: 273634ac170d1a6abd32e0db597376a6f62eb59e
+    SHA256: 4b465faf013929edf2f605c8cd1ac7a278ddc9a536c4c34096965e6852cbfb51
+    Signature: ''
+    Imphash: fc789f89340a45f1ab6c49e61b1f6b40
+    Authentihash:
+        MD5: 297e5b42f20370c97d9d0ae19a1335ff
+        SHA1: 6d3a6ace2ba6ceb28fbec4995fc3f206054609fc
+        SHA256: cf63f518c9e45fe87d336c87938eb587049602707f1ed16d605f8521f88e4a96
+    RichPEHeaderHash:
+        MD5: 617bcd4ff070340b124b41d0af0830ae
+        SHA1: fe26b24a5dd2ae13dc8f934a29f4bfd8ed242739
+        SHA256: c935e200cf50f432b092791b7e3c1e5e1f279d5b16bc0bd2d31718e51435c53b
+    Sections:
+        .text:
+            Entropy: 6.321952526961005
+            Virtual Size: '0x1ac5'
+        .rdata:
+            Entropy: 5.2068044528926825
+            Virtual Size: '0xbe4'
+        .data:
+            Entropy: 0.9298765672317081
+            Virtual Size: '0x3d0'
+        .pdata:
+            Entropy: 4.206578796431607
+            Virtual Size: '0x324'
+        PAGE:
+            Entropy: 6.204373283412655
+            Virtual Size: '0x390c'
+        INIT:
+            Entropy: 5.584082912432608
+            Virtual Size: '0x632'
+        .rsrc:
+            Entropy: 3.4146472535282086
+            Virtual Size: '0x5c0'
+        .reloc:
+            Entropy: 3.5500043357756796
+            Virtual Size: '0x34'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2019-09-26 20:08:13'
+    InternalName: mtcBSv64.sys
+    Copyright: Copyright (C) 2019 Getac Technology Corporation
+    Imports:
+    - cng.sys
+    - ntoskrnl.exe
+    - WppRecorder.sys
+    - WDFLDR.SYS
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - BCryptDecrypt
+    - BCryptSetProperty
+    - BCryptDestroyKey
+    - BCryptOpenAlgorithmProvider
+    - BCryptGetProperty
+    - BCryptCloseAlgorithmProvider
+    - BCryptImportKey
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - MmGetSystemRoutineAddress
+    - RtlInitUnicodeString
+    - IoWMIRegistrationControl
+    - _vsnwprintf
+    - IoWriteErrorLogEntry
+    - IoAllocateErrorLogEntry
+    - RtlCopyUnicodeString
+    - WppAutoLogTrace
+    - WppAutoLogStop
+    - WppAutoLogStart
+    - WdfVersionBind
+    - WdfVersionUnbind
+    - WdfVersionUnbindClass
+    - WdfVersionBindClass
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 Extended Validation Code Signing CA , G2
+            ValidFrom: '2014-03-04 00:00:00'
+            ValidTo: '2024-03-03 23:59:59'
+            Signature: 3f5b19f3fa13d575382a5aee9f5aa04ca91dc5cc94eede15fef5106ea41ba56483541858c40b28a185c34e74e5ff897cfed5ed3cba719f5602268f162a88feb0a32722ce4be2388e00a63a865f9de53ea8de644941744121fd07c88417da1d653082cb264f39d60427a481b14b49c3238b7e02321827b7ab0bf31872b6a4ee67066f38a6588de0f17e5da460c6a8e5505fe0e8bae28f9958b6b5a0a876f1a2f11c8841727e52979b0a36998d50f701eb3ce7f0226ae5358c63368a1ab1d967665f971aefa8209df02fba6cced9948500f158f17dc97c22b5075d02c6e60bbfab9393ff27188e33367e5734f1c3af04c184f156b3e8878336f8d30a31dc6e2c6d
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 191a32cb759c97b8cfac118dd5127f49
+            Version: 3
+            TBS:
+                MD5: 788b61bd26da89253179e3de2cdb527f
+                SHA1: 7d06f16e7bf21bce4f71c2cb7a3e74351451bf69
+                SHA256: b3c925b4048c3f7c444d248a2b101186b57cba39596eb5dce0e17a4ee4b32f19
+                SHA384: 2955e28cb7ec0ea9730b499a0f189f9621eceb02591a9486b583f12bb845885a30d6a871826318a167cc5f06b274e58c
+        -   Subject: ??=TW, ??=Taipei, ??=Taipei City, ??=Private Organization, serialNumber=22099532,
+                C=TW, ST=Taipei, L=Taipei City, O=Getac Technology Corp., CN=Getac
+                Technology Corp.
+            ValidFrom: '2018-05-15 00:00:00'
+            ValidTo: '2021-05-13 23:59:59'
+            Signature: c6d7c068ee995750afcde9392916cb31b300864a35a41e0eaf4f2da79218c1baf1b5ed4b579470ef8996679aabd86ac8e7562b0b4bb74780ab483fda4c30d0e94ef2f8e117a3a5c0c27630e8c0803feb493b55d686e3ed918faab1bc756a6a7ad1e2516e05f98fc950679f32c60d74f954ee6adcef2ee2dcb5bcdca54732b22317f2d232ff0a81373efbe9c95471b69bb3dd9b0f500d37e9e31addf551ce7f849d8a8c9a67eca7eb6d83ebbcbd2253448f671254866b68f3c23b4529a91696666f3f32a081852045ebb792e8f037acd4eba8559d8d1e6a575072b8b2727f28d698b2291c57f100a9ace0d803f62401e75b572aa73c3c5aeb7d4554bc9814c5e7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 3ace4ace02076b0bd6bb6ed06cbb540e
+            Version: 3
+            TBS:
+                MD5: ebe3c04dee2bdd919e2ac4735ec46780
+                SHA1: c99e6b965d1da2c16d701a22fcbae0ab5f7d0836
+                SHA256: b82ef870260c5011fb8e9704b0eea6fc65a1fdf2cd05bd898e44a89ff714795f
+                SHA384: 67c38f21e27542536331784edc6de9d71e84ce69b06e5bc8c0ef03ef7de181e7192fd63f754111d3c6b66ce51a661c17
+        Signer:
+        -   SerialNumber: 3ace4ace02076b0bd6bb6ed06cbb540e
+            Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 Extended Validation Code Signing CA , G2
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: Getac Technology Corporation
+    Date: ''
+    Description: Getac System Service Provider
+    FileVersion: 21, 2, 0, 1
+    Filename: ''
+    MD5: 4ec08e0bcdf3e880e7f5a7d78a73440c
+    MachineType: AMD64
+    OriginalFilename: GtcKmdfBs.sys
+    Product: Getac System Service Provider
+    ProductVersion: 21, 2, 0, 1
+    Publisher: ''
+    SHA1: a22c111045b4358f8279190e50851c443534fc24
+    SHA256: e6023b8fd2ce4ad2f3005a53aa160772e43fe58da8e467bd05ab71f3335fb822
+    Signature: ''
+    Imphash: b4a71a1265f5f82cf383af17e229acb5
+    Authentihash:
+        MD5: 2981c28ff4148a7b1ecb4ed28e389319
+        SHA1: 571a9735893053c2540bf40d353094b5576464af
+        SHA256: 1eff553cab0e6db50aa18e1ea10fbc9349b7529c938df4bed580f037cddd1309
+    RichPEHeaderHash:
+        MD5: b24be74d1225b5f991e3e124a533eabf
+        SHA1: 5eded17830b30b2018723541845d5090b48494b8
+        SHA256: 033c3293cd3c0095f6b3f8961e09cffe8c7ee0d271796e4c3bbf157d073b8a62
+    Sections:
+        .text:
+            Entropy: 6.312768831948087
+            Virtual Size: '0x1b05'
+        .rdata:
+            Entropy: 5.185029336318361
+            Virtual Size: '0xbec'
+        .data:
+            Entropy: 0.9274447068843711
+            Virtual Size: '0x3c0'
+        .pdata:
+            Entropy: 4.166289744857919
+            Virtual Size: '0x324'
+        PAGE:
+            Entropy: 6.20925603930929
+            Virtual Size: '0x393c'
+        INIT:
+            Entropy: 5.606148390136363
+            Virtual Size: '0x652'
+        .rsrc:
+            Entropy: 3.4104540927575835
+            Virtual Size: '0x5c0'
+        .reloc:
+            Entropy: 3.584439240025572
+            Virtual Size: '0x34'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2019-07-09 01:12:34'
+    InternalName: mtcBSv64.sys
+    Copyright: Copyright (C) 2019 Getac Technology Corporation
+    Imports:
+    - cng.sys
+    - ntoskrnl.exe
+    - WppRecorder.sys
+    - WDFLDR.SYS
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - BCryptSetProperty
+    - BCryptCloseAlgorithmProvider
+    - BCryptDecrypt
+    - BCryptOpenAlgorithmProvider
+    - BCryptDestroyKey
+    - BCryptImportKey
+    - BCryptGetProperty
+    - MmUnmapIoSpace
+    - IoWMIRegistrationControl
+    - MmGetSystemRoutineAddress
+    - RtlInitUnicodeString
+    - MmMapIoSpace
+    - _vsnwprintf
+    - IoWriteErrorLogEntry
+    - IoAllocateErrorLogEntry
+    - RtlCopyUnicodeString
+    - WppAutoLogStart
+    - WppAutoLogStop
+    - imp_WppRecorderReplay
+    - WppAutoLogTrace
+    - WdfVersionBind
+    - WdfVersionUnbind
+    - WdfVersionUnbindClass
+    - WdfVersionBindClass
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 Extended Validation Code Signing CA , G2
+            ValidFrom: '2014-03-04 00:00:00'
+            ValidTo: '2024-03-03 23:59:59'
+            Signature: 3f5b19f3fa13d575382a5aee9f5aa04ca91dc5cc94eede15fef5106ea41ba56483541858c40b28a185c34e74e5ff897cfed5ed3cba719f5602268f162a88feb0a32722ce4be2388e00a63a865f9de53ea8de644941744121fd07c88417da1d653082cb264f39d60427a481b14b49c3238b7e02321827b7ab0bf31872b6a4ee67066f38a6588de0f17e5da460c6a8e5505fe0e8bae28f9958b6b5a0a876f1a2f11c8841727e52979b0a36998d50f701eb3ce7f0226ae5358c63368a1ab1d967665f971aefa8209df02fba6cced9948500f158f17dc97c22b5075d02c6e60bbfab9393ff27188e33367e5734f1c3af04c184f156b3e8878336f8d30a31dc6e2c6d
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 191a32cb759c97b8cfac118dd5127f49
+            Version: 3
+            TBS:
+                MD5: 788b61bd26da89253179e3de2cdb527f
+                SHA1: 7d06f16e7bf21bce4f71c2cb7a3e74351451bf69
+                SHA256: b3c925b4048c3f7c444d248a2b101186b57cba39596eb5dce0e17a4ee4b32f19
+                SHA384: 2955e28cb7ec0ea9730b499a0f189f9621eceb02591a9486b583f12bb845885a30d6a871826318a167cc5f06b274e58c
+        -   Subject: ??=TW, ??=Taipei, ??=Taipei City, ??=Private Organization, serialNumber=22099532,
+                C=TW, ST=Taipei, L=Taipei City, O=Getac Technology Corp., CN=Getac
+                Technology Corp.
+            ValidFrom: '2018-05-15 00:00:00'
+            ValidTo: '2021-05-13 23:59:59'
+            Signature: c6d7c068ee995750afcde9392916cb31b300864a35a41e0eaf4f2da79218c1baf1b5ed4b579470ef8996679aabd86ac8e7562b0b4bb74780ab483fda4c30d0e94ef2f8e117a3a5c0c27630e8c0803feb493b55d686e3ed918faab1bc756a6a7ad1e2516e05f98fc950679f32c60d74f954ee6adcef2ee2dcb5bcdca54732b22317f2d232ff0a81373efbe9c95471b69bb3dd9b0f500d37e9e31addf551ce7f849d8a8c9a67eca7eb6d83ebbcbd2253448f671254866b68f3c23b4529a91696666f3f32a081852045ebb792e8f037acd4eba8559d8d1e6a575072b8b2727f28d698b2291c57f100a9ace0d803f62401e75b572aa73c3c5aeb7d4554bc9814c5e7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 3ace4ace02076b0bd6bb6ed06cbb540e
+            Version: 3
+            TBS:
+                MD5: ebe3c04dee2bdd919e2ac4735ec46780
+                SHA1: c99e6b965d1da2c16d701a22fcbae0ab5f7d0836
+                SHA256: b82ef870260c5011fb8e9704b0eea6fc65a1fdf2cd05bd898e44a89ff714795f
+                SHA384: 67c38f21e27542536331784edc6de9d71e84ce69b06e5bc8c0ef03ef7de181e7192fd63f754111d3c6b66ce51a661c17
+        Signer:
+        -   SerialNumber: 3ace4ace02076b0bd6bb6ed06cbb540e
+            Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 Extended Validation Code Signing CA , G2
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: Getac Technology Corporation
+    Date: ''
+    Description: Getac System Service Provider
+    FileVersion: 20, 2, 0, 3
+    Filename: ''
+    MD5: cc35379f0421b907004a9099611ee2cd
+    MachineType: I386
+    OriginalFilename: GtcKmdfBs.sys
+    Product: Getac System Service Provider
+    ProductVersion: 20, 2, 0, 3
+    Publisher: ''
+    SHA1: 2e9466d5a814c20403be7c7a5811039ca833bd5d
+    SHA256: e6d1ee0455068b74cf537388c874acb335382876aa9d74586efb05d6cc362ae5
+    Signature: ''
+    Imphash: fc9c0ba924e7f104eda5254aaeacc5e8
+    Authentihash:
+        MD5: f0459065e545f61f3e87d36e23dbf9c5
+        SHA1: 578a154d0420b3575d26060061428b2feb793356
+        SHA256: 37b0aaf4e3cdc9d4c475a3a08ad2ba1e28e177d7359546c9b0bba14ae73dfed0
+    RichPEHeaderHash:
+        MD5: 4d8be868521087c4d27dc5a32db1a2c7
+        SHA1: 9d42b70ad82f9fda96d93c75447d93847f52b20f
+        SHA256: aad37d8d39b973c6a0d2cacdb141ba3d2749046c4e9a41e1eaa685b0d248e001
+    Sections:
+        .text:
+            Entropy: 6.4146958204860285
+            Virtual Size: '0xedd'
+        .rdata:
+            Entropy: 5.152033634402799
+            Virtual Size: '0x714'
+        .data:
+            Entropy: 0.7135808216482484
+            Virtual Size: '0x300'
+        PAGE:
+            Entropy: 6.217158903211452
+            Virtual Size: '0x2e52'
+        INIT:
+            Entropy: 5.659243942333936
+            Virtual Size: '0x668'
+        .rsrc:
+            Entropy: 3.406085189034916
+            Virtual Size: '0x5c0'
+        .reloc:
+            Entropy: 6.659998518678376
+            Virtual Size: '0x558'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2019-09-26 20:07:44'
+    InternalName: mtcBSv32.sys
+    Copyright: Copyright (C) 2019 Getac Technology Corporation
+    Imports:
+    - cng.sys
+    - ntoskrnl.exe
+    - HAL.dll
+    - WppRecorder.sys
+    - WDFLDR.SYS
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - BCryptDestroyKey
+    - BCryptCloseAlgorithmProvider
+    - BCryptSetProperty
+    - BCryptGetProperty
+    - BCryptOpenAlgorithmProvider
+    - BCryptDecrypt
+    - BCryptImportKey
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - WRITE_REGISTER_BUFFER_USHORT
+    - WRITE_REGISTER_BUFFER_UCHAR
+    - READ_REGISTER_BUFFER_ULONG
+    - READ_REGISTER_BUFFER_USHORT
+    - READ_REGISTER_BUFFER_UCHAR
+    - IoWMIRegistrationControl
+    - MmGetSystemRoutineAddress
+    - RtlInitUnicodeString
+    - memset
+    - memcpy
+    - RtlCopyUnicodeString
+    - _vsnwprintf
+    - IoWriteErrorLogEntry
+    - IoAllocateErrorLogEntry
+    - WRITE_REGISTER_BUFFER_ULONG
+    - READ_PORT_UCHAR
+    - READ_PORT_USHORT
+    - READ_PORT_ULONG
+    - WRITE_PORT_UCHAR
+    - WRITE_PORT_USHORT
+    - WRITE_PORT_ULONG
+    - WppAutoLogStart
+    - WppAutoLogTrace
+    - WppAutoLogStop
+    - WdfVersionBindClass
+    - WdfVersionUnbind
+    - WdfVersionBind
+    - WdfVersionUnbindClass
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 Extended Validation Code Signing CA , G2
+            ValidFrom: '2014-03-04 00:00:00'
+            ValidTo: '2024-03-03 23:59:59'
+            Signature: 3f5b19f3fa13d575382a5aee9f5aa04ca91dc5cc94eede15fef5106ea41ba56483541858c40b28a185c34e74e5ff897cfed5ed3cba719f5602268f162a88feb0a32722ce4be2388e00a63a865f9de53ea8de644941744121fd07c88417da1d653082cb264f39d60427a481b14b49c3238b7e02321827b7ab0bf31872b6a4ee67066f38a6588de0f17e5da460c6a8e5505fe0e8bae28f9958b6b5a0a876f1a2f11c8841727e52979b0a36998d50f701eb3ce7f0226ae5358c63368a1ab1d967665f971aefa8209df02fba6cced9948500f158f17dc97c22b5075d02c6e60bbfab9393ff27188e33367e5734f1c3af04c184f156b3e8878336f8d30a31dc6e2c6d
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 191a32cb759c97b8cfac118dd5127f49
+            Version: 3
+            TBS:
+                MD5: 788b61bd26da89253179e3de2cdb527f
+                SHA1: 7d06f16e7bf21bce4f71c2cb7a3e74351451bf69
+                SHA256: b3c925b4048c3f7c444d248a2b101186b57cba39596eb5dce0e17a4ee4b32f19
+                SHA384: 2955e28cb7ec0ea9730b499a0f189f9621eceb02591a9486b583f12bb845885a30d6a871826318a167cc5f06b274e58c
+        -   Subject: ??=TW, ??=Taipei, ??=Taipei City, ??=Private Organization, serialNumber=22099532,
+                C=TW, ST=Taipei, L=Taipei City, O=Getac Technology Corp., CN=Getac
+                Technology Corp.
+            ValidFrom: '2018-05-15 00:00:00'
+            ValidTo: '2021-05-13 23:59:59'
+            Signature: c6d7c068ee995750afcde9392916cb31b300864a35a41e0eaf4f2da79218c1baf1b5ed4b579470ef8996679aabd86ac8e7562b0b4bb74780ab483fda4c30d0e94ef2f8e117a3a5c0c27630e8c0803feb493b55d686e3ed918faab1bc756a6a7ad1e2516e05f98fc950679f32c60d74f954ee6adcef2ee2dcb5bcdca54732b22317f2d232ff0a81373efbe9c95471b69bb3dd9b0f500d37e9e31addf551ce7f849d8a8c9a67eca7eb6d83ebbcbd2253448f671254866b68f3c23b4529a91696666f3f32a081852045ebb792e8f037acd4eba8559d8d1e6a575072b8b2727f28d698b2291c57f100a9ace0d803f62401e75b572aa73c3c5aeb7d4554bc9814c5e7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 3ace4ace02076b0bd6bb6ed06cbb540e
+            Version: 3
+            TBS:
+                MD5: ebe3c04dee2bdd919e2ac4735ec46780
+                SHA1: c99e6b965d1da2c16d701a22fcbae0ab5f7d0836
+                SHA256: b82ef870260c5011fb8e9704b0eea6fc65a1fdf2cd05bd898e44a89ff714795f
+                SHA384: 67c38f21e27542536331784edc6de9d71e84ce69b06e5bc8c0ef03ef7de181e7192fd63f754111d3c6b66ce51a661c17
+        Signer:
+        -   SerialNumber: 3ace4ace02076b0bd6bb6ed06cbb540e
+            Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 Extended Validation Code Signing CA , G2
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: Getac Technology Corporation
+    Date: ''
+    Description: Getac System Service Provider
+    FileVersion: 21, 2, 0, 3
+    Filename: ''
+    MD5: 9993a2a45c745bb0139bf3e8decd626c
+    MachineType: AMD64
+    OriginalFilename: GtcKmdfBs.sys
+    Product: Getac System Service Provider
+    ProductVersion: 21, 2, 0, 3
+    Publisher: ''
+    SHA1: 68b97bfaf61294743ba15ef36357cdb8e963b56e
+    SHA256: edbb23e74562e98b849e5d0eefde3af056ec6e272802a04b61bebd12395754e5
+    Signature: ''
+    Imphash: fc789f89340a45f1ab6c49e61b1f6b40
+    Authentihash:
+        MD5: 297e5b42f20370c97d9d0ae19a1335ff
+        SHA1: 6d3a6ace2ba6ceb28fbec4995fc3f206054609fc
+        SHA256: cf63f518c9e45fe87d336c87938eb587049602707f1ed16d605f8521f88e4a96
+    RichPEHeaderHash:
+        MD5: 617bcd4ff070340b124b41d0af0830ae
+        SHA1: fe26b24a5dd2ae13dc8f934a29f4bfd8ed242739
+        SHA256: c935e200cf50f432b092791b7e3c1e5e1f279d5b16bc0bd2d31718e51435c53b
+    Sections:
+        .text:
+            Entropy: 6.321952526961005
+            Virtual Size: '0x1ac5'
+        .rdata:
+            Entropy: 5.2068044528926825
+            Virtual Size: '0xbe4'
+        .data:
+            Entropy: 0.9298765672317081
+            Virtual Size: '0x3d0'
+        .pdata:
+            Entropy: 4.206578796431607
+            Virtual Size: '0x324'
+        PAGE:
+            Entropy: 6.204373283412655
+            Virtual Size: '0x390c'
+        INIT:
+            Entropy: 5.584082912432608
+            Virtual Size: '0x632'
+        .rsrc:
+            Entropy: 3.4146472535282086
+            Virtual Size: '0x5c0'
+        .reloc:
+            Entropy: 3.5500043357756796
+            Virtual Size: '0x34'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2019-09-26 20:08:13'
+    InternalName: mtcBSv64.sys
+    Copyright: Copyright (C) 2019 Getac Technology Corporation
+    Imports:
+    - cng.sys
+    - ntoskrnl.exe
+    - WppRecorder.sys
+    - WDFLDR.SYS
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - BCryptDecrypt
+    - BCryptSetProperty
+    - BCryptDestroyKey
+    - BCryptOpenAlgorithmProvider
+    - BCryptGetProperty
+    - BCryptCloseAlgorithmProvider
+    - BCryptImportKey
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - MmGetSystemRoutineAddress
+    - RtlInitUnicodeString
+    - IoWMIRegistrationControl
+    - _vsnwprintf
+    - IoWriteErrorLogEntry
+    - IoAllocateErrorLogEntry
+    - RtlCopyUnicodeString
+    - WppAutoLogTrace
+    - WppAutoLogStop
+    - WppAutoLogStart
+    - WdfVersionBind
+    - WdfVersionUnbind
+    - WdfVersionUnbindClass
+    - WdfVersionBindClass
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 Extended Validation Code Signing CA , G2
+            ValidFrom: '2014-03-04 00:00:00'
+            ValidTo: '2024-03-03 23:59:59'
+            Signature: 3f5b19f3fa13d575382a5aee9f5aa04ca91dc5cc94eede15fef5106ea41ba56483541858c40b28a185c34e74e5ff897cfed5ed3cba719f5602268f162a88feb0a32722ce4be2388e00a63a865f9de53ea8de644941744121fd07c88417da1d653082cb264f39d60427a481b14b49c3238b7e02321827b7ab0bf31872b6a4ee67066f38a6588de0f17e5da460c6a8e5505fe0e8bae28f9958b6b5a0a876f1a2f11c8841727e52979b0a36998d50f701eb3ce7f0226ae5358c63368a1ab1d967665f971aefa8209df02fba6cced9948500f158f17dc97c22b5075d02c6e60bbfab9393ff27188e33367e5734f1c3af04c184f156b3e8878336f8d30a31dc6e2c6d
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 191a32cb759c97b8cfac118dd5127f49
+            Version: 3
+            TBS:
+                MD5: 788b61bd26da89253179e3de2cdb527f
+                SHA1: 7d06f16e7bf21bce4f71c2cb7a3e74351451bf69
+                SHA256: b3c925b4048c3f7c444d248a2b101186b57cba39596eb5dce0e17a4ee4b32f19
+                SHA384: 2955e28cb7ec0ea9730b499a0f189f9621eceb02591a9486b583f12bb845885a30d6a871826318a167cc5f06b274e58c
+        -   Subject: ??=TW, ??=Taipei, ??=Taipei City, ??=Private Organization, serialNumber=22099532,
+                C=TW, ST=Taipei, L=Taipei City, O=Getac Technology Corp., CN=Getac
+                Technology Corp.
+            ValidFrom: '2018-05-15 00:00:00'
+            ValidTo: '2021-05-13 23:59:59'
+            Signature: c6d7c068ee995750afcde9392916cb31b300864a35a41e0eaf4f2da79218c1baf1b5ed4b579470ef8996679aabd86ac8e7562b0b4bb74780ab483fda4c30d0e94ef2f8e117a3a5c0c27630e8c0803feb493b55d686e3ed918faab1bc756a6a7ad1e2516e05f98fc950679f32c60d74f954ee6adcef2ee2dcb5bcdca54732b22317f2d232ff0a81373efbe9c95471b69bb3dd9b0f500d37e9e31addf551ce7f849d8a8c9a67eca7eb6d83ebbcbd2253448f671254866b68f3c23b4529a91696666f3f32a081852045ebb792e8f037acd4eba8559d8d1e6a575072b8b2727f28d698b2291c57f100a9ace0d803f62401e75b572aa73c3c5aeb7d4554bc9814c5e7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 3ace4ace02076b0bd6bb6ed06cbb540e
+            Version: 3
+            TBS:
+                MD5: ebe3c04dee2bdd919e2ac4735ec46780
+                SHA1: c99e6b965d1da2c16d701a22fcbae0ab5f7d0836
+                SHA256: b82ef870260c5011fb8e9704b0eea6fc65a1fdf2cd05bd898e44a89ff714795f
+                SHA384: 67c38f21e27542536331784edc6de9d71e84ce69b06e5bc8c0ef03ef7de181e7192fd63f754111d3c6b66ce51a661c17
+        Signer:
+        -   SerialNumber: 3ace4ace02076b0bd6bb6ed06cbb540e
+            Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 Extended Validation Code Signing CA , G2
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/b1dd91b1-9ba3-4d68-a2d1-919039e18430.yaml b/yaml/b1dd91b1-9ba3-4d68-a2d1-919039e18430.yaml
index a721761ef..269475d55 100644
--- a/yaml/b1dd91b1-9ba3-4d68-a2d1-919039e18430.yaml
+++ b/yaml/b1dd91b1-9ba3-4d68-a2d1-919039e18430.yaml
@@ -1,211 +1,211 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: b1dd91b1-9ba3-4d68-a2d1-919039e18430
+Tags:
+- dcr.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create dcr.sys binPath=C:\windows\temp\dcr.sys type=kernel && sc.exe
-    start dcr.sys
-  Description: DriveCrypt Dcr.sys vulnerability exploit for bypassing x64 DSE
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-04-14'
-Detection: []
-Id: b1dd91b1-9ba3-4d68-a2d1-919039e18430
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: accf79b751fafb101c1ce17fb7611b70
-    SHA1: 8f2f1684a7305f32015d54c402790a47c6c7a0c9
-    SHA256: 2b60228db4f3092063e115537b5731ef3487ecf55c036e812605c5149071332c
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2009-04-03 06:12:33'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: dcr.sys
-  ImportedFunctions:
-  - ExFreePoolWithTag
-  - RtlInitAnsiString
-  - IoCreateSymbolicLink
-  - PsTerminateSystemThread
-  - PoStartNextPowerIrp
-  - ObfDereferenceObject
-  - KeInitializeMutex
-  - ZwClose
-  - RtlAnsiStringToUnicodeString
-  - IofCompleteRequest
-  - wcsncat
-  - IoCreateDevice
-  - KeInitializeSemaphore
-  - ZwReadFile
-  - ObReferenceObjectByHandle
-  - KeWaitForSingleObject
-  - ZwSetInformationFile
-  - IoSetHardErrorOrVerifyDevice
-  - ZwWriteFile
-  - sprintf
-  - KeSetPriorityThread
-  - RtlFreeUnicodeString
-  - IoInitializeTimer
-  - IoStartTimer
-  - RtlDeleteRegistryValue
-  - RtlWriteRegistryValue
-  - RtlCreateRegistryKey
-  - ExAllocatePoolWithTag
-  - RtlInitUnicodeString
-  - ZwCreateFile
-  - IoAttachDevice
-  - ProbeForRead
-  - IoDeleteDevice
-  - PoCallDriver
-  - KeSetEvent
-  - IofCallDriver
-  - KeClearEvent
-  - ProbeForWrite
-  - PsCreateSystemThread
-  - KeReleaseSemaphore
-  - ExInterlockedRemoveHeadList
-  - ExInterlockedInsertTailList
-  - KeInitializeEvent
-  - IoDeleteSymbolicLink
-  - RtlQueryRegistryValues
-  - IoGetRelatedDeviceObject
-  - IoSetThreadHardErrorMode
-  - MmBuildMdlForNonPagedPool
-  - IoFreeMdl
-  - KeReleaseMutex
-  - IoFileObjectType
-  - MmMapLockedPagesSpecifyCache
-  - IoGetDeviceObjectPointer
-  - IoFreeIrp
-  - MmUnlockPages
-  - ZwQueryInformationFile
-  - IoAllocateMdl
-  - MmUnmapLockedPages
-  - IoBuildDeviceIoControlRequest
-  - IoAllocateIrp
-  - ZwDeviceIoControlFile
-  - ZwFsControlFile
-  - __C_specific_handler
-  - __chkstk
-  Imports:
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: c24800c382b38707e556af957e9e94fd
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 0173f40d754c5a013f4ca5651a62fbd0
-    SHA1: 680e2e28e9ce527689bc31a349ac87ead75b6826
-    SHA256: c523dbc32bc5ec4e966710432be7dc0d1c172b65bb3c42636c65f17cfde6196d
-  SHA1: b49ac8fefc6d1274d84fef44c1e5183cc7accba1
-  SHA256: 3c6f9917418e991ed41540d8d882c8ca51d582a82fd01bff6cdf26591454faf5
-  Sections:
-    .text:
-      Entropy: 6.401262967451807
-      Virtual Size: '0x2bf64'
-    .data:
-      Entropy: 1.268441553105141
-      Virtual Size: '0x22600'
-    .pdata:
-      Entropy: 5.321759404372387
-      Virtual Size: '0xc48'
-    INIT:
-      Entropy: 5.042298031844367
-      Virtual Size: '0x78a'
-    .reloc:
-      Entropy: 1.4128994326009754
-      Virtual Size: '0x384'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=DE, O=SecurStar GmbH, CN=SecurStar GmbH, emailAddress=contact@securstar.com
-      ValidFrom: '2007-04-13 10:29:04'
-      ValidTo: '2010-04-13 10:29:04'
-      Signature: 70ede326923eed24cf9fffcf121f86edcd8bcfa745f802c4fcc103bc1d14f7db3764a59088c51d10d9818c0cc5f096c90c3e69a0a96f5a1cb7e24f7af7e037d9750a6934e939cb6275aab2d5cde6c4368046624543e93cdc4f22993f130a09e0ac2b93e1cb7f84f67bd4ad1c1fc572d79b3ce6626fb9ae9bd36a2c5598629ac35ff3734387bd1984c0471e14f34f2142c8c958c2b71110995b5d672255bd12f49a9e9365dda42358ca9d80780df6095aead057d0632356da85501a92e0a610f8e247d0caa415939cf2f77a01dcc7ad79c265774c9f407b1e3c2715c99fd60ae370f891f232c7bc1228147a9d838ddec1878399b8590cd3f33c4cc3449151b751
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 01000000000111ea7d2e62
-      Version: 3
-      TBS:
-        MD5: 33218aaf2454a9863d9be77758790d24
-        SHA1: 7291c25764ff0ae63ab32a0cf3c20148a10ad6d7
-        SHA256: 5e5c742cb46466a1381c441851ddbc98e90f6f1fbe8023acac55a002f8b8ab9e
-        SHA384: 65153d4177c766a83f67d36dc427c05a70ce46f1372c6440ee772fbe2f3afc288adc83933cdeadbfcc6ebda84e7b0ded
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
-        Primary Object Publishing CA
-      ValidFrom: '1999-01-28 12:00:00'
-      ValidTo: '2014-01-27 11:00:00'
-      Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9611cd6
-      Version: 3
-      TBS:
-        MD5: 698f075151097d84c0b1f3e7bc3d6fca
-        SHA1: 041750993d7c9e063f02dfe74699598640911aab
-        SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
-        SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      ValidFrom: '2004-01-22 09:00:00'
-      ValidTo: '2014-01-27 10:00:00'
-      Signature: 11d45d8af43d0d9d7e4fa70071610b56b34caa70e1b2d1dec7886d1d897c2ba946e58b1f8e4cc26695911fe34d394ae31b70b7446edc068a4d6d25e89812dcbca0dd864eae8f81130540905a542529944acaf165b4ef0679dae7cb86f004c918dcee72b320015748dfe333e12ccd9c077f9447278d888d340ca67c5c20c17d07b3736b648c26d29bd7e87965a6a891a174862a050282c1847cf279cd3c2a2b0f99291eea8c8a1ab16aeaa266380e65e1add8c6c91f888d3976ee1782c4138d97ce6341e77af5b4b66c15c33813b3930b620688dde1447f10a950248b60dc05f75ba514b27b56720b96eabffc057090659e051ca4dd07af4b57dec639673bc574
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9612448
-      Version: 3
-      TBS:
-        MD5: 2fc76031fc24eec1ef3db2d246d21d6a
-        SHA1: 75c3a1f76b9dfa31ef6bf56325e7bd0bf6e4779d
-        SHA256: 9238292d441c56dc89684c253343c17de3ed9cecd7f83d1d8f793b5ebc91f7b9
-        SHA384: 9279c1377eb701fdd79ef85038ff151cd8902169ba55fca84b9850f003563f73a1daaf869544252a2e42f06f58d2275f
-    - Subject: C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=Comodo
-        Time Stamping Signer
-      ValidFrom: '2005-05-17 00:00:00'
-      ValidTo: '2010-05-16 23:59:59'
-      Signature: 4a8ffc1e30a83c75e847e773aeb0697ab24dbc50d69a8f81b6602af702a5483a1e15c7186b1c18a4c9dffdf1cef7b82ad66da7cde57d213d1e3f74c8a2b8799628aee1fa7343f27abe802e6704da17fa9e5a96f59c6d7e7e8c6c8127507f68d889fa7d0459670f2d74e49987d7c1e15d114a26f726108067c2c3f7cf341bc47921cc6035bfa960779ecbbc5232226caddadf6dddf32e36cdc5a754e0f4a4cce3f5d4624f99060ce56f596f11c7cf5824bfaf251d4511779965ae31d45d489d8cc372722999e50af1b9cc5a3c48d3ff40cecd10033dbf339c08f310222a47b0772bee5b4e65e0d3233c03c4cf2e4562690e1bd20bf9f3200f531ad07c71f138d0
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 4f63d030f815a3a5b3446940063d1689
-      Version: 3
-      TBS:
-        MD5: 6ad2be2166fde7539b29744bae5182a8
-        SHA1: f5f184fe76ce3561f8c3355fd377b2d7c7583ba2
-        SHA256: bf722b2aaaeabc5df82b10e576182c06d59222bb3fa617f7401a529bff7fc1e5
-        SHA384: 23c5ae758c09afa24de394693fe5c2140220723e9df48a6bd41c7612f1c10daf7210bb3be237765879890ac3db2adbe8
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 01000000000111ea7d2e62
-      Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      Version: 1
-  Imphash: 858ceae385cdcfcbc7814644564c23e6
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create dcr.sys binPath=C:\windows\temp\dcr.sys type=kernel &&
+        sc.exe start dcr.sys
+    Description: DriveCrypt Dcr.sys vulnerability exploit for bypassing x64 DSE
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://github.com/wjcsharp/DriveCrypt
-Tags:
-- dcr.sys
-Verified: 'TRUE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: accf79b751fafb101c1ce17fb7611b70
+        SHA1: 8f2f1684a7305f32015d54c402790a47c6c7a0c9
+        SHA256: 2b60228db4f3092063e115537b5731ef3487ecf55c036e812605c5149071332c
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2009-04-03 06:12:33'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: dcr.sys
+    ImportedFunctions:
+    - ExFreePoolWithTag
+    - RtlInitAnsiString
+    - IoCreateSymbolicLink
+    - PsTerminateSystemThread
+    - PoStartNextPowerIrp
+    - ObfDereferenceObject
+    - KeInitializeMutex
+    - ZwClose
+    - RtlAnsiStringToUnicodeString
+    - IofCompleteRequest
+    - wcsncat
+    - IoCreateDevice
+    - KeInitializeSemaphore
+    - ZwReadFile
+    - ObReferenceObjectByHandle
+    - KeWaitForSingleObject
+    - ZwSetInformationFile
+    - IoSetHardErrorOrVerifyDevice
+    - ZwWriteFile
+    - sprintf
+    - KeSetPriorityThread
+    - RtlFreeUnicodeString
+    - IoInitializeTimer
+    - IoStartTimer
+    - RtlDeleteRegistryValue
+    - RtlWriteRegistryValue
+    - RtlCreateRegistryKey
+    - ExAllocatePoolWithTag
+    - RtlInitUnicodeString
+    - ZwCreateFile
+    - IoAttachDevice
+    - ProbeForRead
+    - IoDeleteDevice
+    - PoCallDriver
+    - KeSetEvent
+    - IofCallDriver
+    - KeClearEvent
+    - ProbeForWrite
+    - PsCreateSystemThread
+    - KeReleaseSemaphore
+    - ExInterlockedRemoveHeadList
+    - ExInterlockedInsertTailList
+    - KeInitializeEvent
+    - IoDeleteSymbolicLink
+    - RtlQueryRegistryValues
+    - IoGetRelatedDeviceObject
+    - IoSetThreadHardErrorMode
+    - MmBuildMdlForNonPagedPool
+    - IoFreeMdl
+    - KeReleaseMutex
+    - IoFileObjectType
+    - MmMapLockedPagesSpecifyCache
+    - IoGetDeviceObjectPointer
+    - IoFreeIrp
+    - MmUnlockPages
+    - ZwQueryInformationFile
+    - IoAllocateMdl
+    - MmUnmapLockedPages
+    - IoBuildDeviceIoControlRequest
+    - IoAllocateIrp
+    - ZwDeviceIoControlFile
+    - ZwFsControlFile
+    - __C_specific_handler
+    - __chkstk
+    Imports:
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: c24800c382b38707e556af957e9e94fd
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 0173f40d754c5a013f4ca5651a62fbd0
+        SHA1: 680e2e28e9ce527689bc31a349ac87ead75b6826
+        SHA256: c523dbc32bc5ec4e966710432be7dc0d1c172b65bb3c42636c65f17cfde6196d
+    SHA1: b49ac8fefc6d1274d84fef44c1e5183cc7accba1
+    SHA256: 3c6f9917418e991ed41540d8d882c8ca51d582a82fd01bff6cdf26591454faf5
+    Sections:
+        .text:
+            Entropy: 6.401262967451807
+            Virtual Size: '0x2bf64'
+        .data:
+            Entropy: 1.268441553105141
+            Virtual Size: '0x22600'
+        .pdata:
+            Entropy: 5.321759404372387
+            Virtual Size: '0xc48'
+        INIT:
+            Entropy: 5.042298031844367
+            Virtual Size: '0x78a'
+        .reloc:
+            Entropy: 1.4128994326009754
+            Virtual Size: '0x384'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=DE, O=SecurStar GmbH, CN=SecurStar GmbH, emailAddress=contact@securstar.com
+            ValidFrom: '2007-04-13 10:29:04'
+            ValidTo: '2010-04-13 10:29:04'
+            Signature: 70ede326923eed24cf9fffcf121f86edcd8bcfa745f802c4fcc103bc1d14f7db3764a59088c51d10d9818c0cc5f096c90c3e69a0a96f5a1cb7e24f7af7e037d9750a6934e939cb6275aab2d5cde6c4368046624543e93cdc4f22993f130a09e0ac2b93e1cb7f84f67bd4ad1c1fc572d79b3ce6626fb9ae9bd36a2c5598629ac35ff3734387bd1984c0471e14f34f2142c8c958c2b71110995b5d672255bd12f49a9e9365dda42358ca9d80780df6095aead057d0632356da85501a92e0a610f8e247d0caa415939cf2f77a01dcc7ad79c265774c9f407b1e3c2715c99fd60ae370f891f232c7bc1228147a9d838ddec1878399b8590cd3f33c4cc3449151b751
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 01000000000111ea7d2e62
+            Version: 3
+            TBS:
+                MD5: 33218aaf2454a9863d9be77758790d24
+                SHA1: 7291c25764ff0ae63ab32a0cf3c20148a10ad6d7
+                SHA256: 5e5c742cb46466a1381c441851ddbc98e90f6f1fbe8023acac55a002f8b8ab9e
+                SHA384: 65153d4177c766a83f67d36dc427c05a70ce46f1372c6440ee772fbe2f3afc288adc83933cdeadbfcc6ebda84e7b0ded
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
+                Primary Object Publishing CA
+            ValidFrom: '1999-01-28 12:00:00'
+            ValidTo: '2014-01-27 11:00:00'
+            Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9611cd6
+            Version: 3
+            TBS:
+                MD5: 698f075151097d84c0b1f3e7bc3d6fca
+                SHA1: 041750993d7c9e063f02dfe74699598640911aab
+                SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
+                SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            ValidFrom: '2004-01-22 09:00:00'
+            ValidTo: '2014-01-27 10:00:00'
+            Signature: 11d45d8af43d0d9d7e4fa70071610b56b34caa70e1b2d1dec7886d1d897c2ba946e58b1f8e4cc26695911fe34d394ae31b70b7446edc068a4d6d25e89812dcbca0dd864eae8f81130540905a542529944acaf165b4ef0679dae7cb86f004c918dcee72b320015748dfe333e12ccd9c077f9447278d888d340ca67c5c20c17d07b3736b648c26d29bd7e87965a6a891a174862a050282c1847cf279cd3c2a2b0f99291eea8c8a1ab16aeaa266380e65e1add8c6c91f888d3976ee1782c4138d97ce6341e77af5b4b66c15c33813b3930b620688dde1447f10a950248b60dc05f75ba514b27b56720b96eabffc057090659e051ca4dd07af4b57dec639673bc574
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9612448
+            Version: 3
+            TBS:
+                MD5: 2fc76031fc24eec1ef3db2d246d21d6a
+                SHA1: 75c3a1f76b9dfa31ef6bf56325e7bd0bf6e4779d
+                SHA256: 9238292d441c56dc89684c253343c17de3ed9cecd7f83d1d8f793b5ebc91f7b9
+                SHA384: 9279c1377eb701fdd79ef85038ff151cd8902169ba55fca84b9850f003563f73a1daaf869544252a2e42f06f58d2275f
+        -   Subject: C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited,
+                CN=Comodo Time Stamping Signer
+            ValidFrom: '2005-05-17 00:00:00'
+            ValidTo: '2010-05-16 23:59:59'
+            Signature: 4a8ffc1e30a83c75e847e773aeb0697ab24dbc50d69a8f81b6602af702a5483a1e15c7186b1c18a4c9dffdf1cef7b82ad66da7cde57d213d1e3f74c8a2b8799628aee1fa7343f27abe802e6704da17fa9e5a96f59c6d7e7e8c6c8127507f68d889fa7d0459670f2d74e49987d7c1e15d114a26f726108067c2c3f7cf341bc47921cc6035bfa960779ecbbc5232226caddadf6dddf32e36cdc5a754e0f4a4cce3f5d4624f99060ce56f596f11c7cf5824bfaf251d4511779965ae31d45d489d8cc372722999e50af1b9cc5a3c48d3ff40cecd10033dbf339c08f310222a47b0772bee5b4e65e0d3233c03c4cf2e4562690e1bd20bf9f3200f531ad07c71f138d0
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 4f63d030f815a3a5b3446940063d1689
+            Version: 3
+            TBS:
+                MD5: 6ad2be2166fde7539b29744bae5182a8
+                SHA1: f5f184fe76ce3561f8c3355fd377b2d7c7583ba2
+                SHA256: bf722b2aaaeabc5df82b10e576182c06d59222bb3fa617f7401a529bff7fc1e5
+                SHA384: 23c5ae758c09afa24de394693fe5c2140220723e9df48a6bd41c7612f1c10daf7210bb3be237765879890ac3db2adbe8
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 01000000000111ea7d2e62
+            Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            Version: 1
+    Imphash: 858ceae385cdcfcbc7814644564c23e6
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/b28cc2ee-d4a2-4fe4-9acb-a7a61cad20c6.yaml b/yaml/b28cc2ee-d4a2-4fe4-9acb-a7a61cad20c6.yaml
index d8b187705..0271b6727 100644
--- a/yaml/b28cc2ee-d4a2-4fe4-9acb-a7a61cad20c6.yaml
+++ b/yaml/b28cc2ee-d4a2-4fe4-9acb-a7a61cad20c6.yaml
@@ -1,962 +1,969 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: b28cc2ee-d4a2-4fe4-9acb-a7a61cad20c6
+Tags:
+- WiseUnlo.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create WiseUnlo.sys binPath=C:\windows\temp\WiseUnlo.sys type=kernel
-    && sc.exe start WiseUnlo.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/358ac54be252673841a1d65bfc2fb6d549c1a4c877fa7f5e1bfa188f30375d69.yara
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: b28cc2ee-d4a2-4fe4-9acb-a7a61cad20c6
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 8df54f216312cc14d959dcb858702b01
-    SHA1: 7f921e6701f0cc33c6852ab7f79455b9ad9c8eac
-    SHA256: c10c70be4e36fa9c98a4796c2b03db86398e2b07018550b7f0d58edabc553ad2
-  Company: WiseCleaner.com
-  Copyright: "Copyright \xA9 2015"
-  CreationTimestamp: '2015-05-11 01:36:47'
-  Date: ''
-  Description: WiseUnlo
-  ExportedFunctions: ''
-  FileVersion: 1.0.1.12
-  Filename: ''
-  ImportedFunctions:
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - DbgPrint
-  - IoCreateFile
-  - IoFreeIrp
-  - KeSetEvent
-  - KeWaitForSingleObject
-  - IofCallDriver
-  - KeInitializeEvent
-  - ObfDereferenceObject
-  - IoAllocateIrp
-  - IoGetRelatedDeviceObject
-  - ObReferenceObjectByHandle
-  - IoFileObjectType
-  - RtlAssert
-  - ZwClose
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  Imports:
-  - ntoskrnl.exe
-  InternalName: WiseUnlo.sys
-  MD5: 33b3842172f21ba22982bfb6bffbda27
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: WiseUnlo.sys
-  PDBPath: ''
-  Product: WiseUnlo
-  ProductVersion: 1.0.1.12
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: c35062e4107cf5b1678dc60ad794c5bb
-    SHA1: b2bb35d38360088084f26094de08e1ab820c7ac6
-    SHA256: d6dff08654727de4a812f75583c88322f68fccfdd9df4f67c49c9484448c3359
-  SHA1: c201d5d0ab945095c3b1a356b3b228af1aa652fc
-  SHA256: 9d530642aeb6524691d06b9e02a84e3487c9cdd86c264b105035d925c984823a
-  Sections:
-    .text:
-      Entropy: 5.25170410443264
-      Virtual Size: '0x92a'
-    .rdata:
-      Entropy: 4.037092023862171
-      Virtual Size: '0x18c'
-    .data:
-      Entropy: 4.831845453284878
-      Virtual Size: '0x1cc'
-    .pdata:
-      Entropy: 3.136023649404046
-      Virtual Size: '0x78'
-    INIT:
-      Entropy: 4.50439329638124
-      Virtual Size: '0x25c'
-    .rsrc:
-      Entropy: 3.1590038317738816
-      Virtual Size: '0x320'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=CN, ST=BeiJing, L=BeiJing, O=Lespeed Technology Ltd., CN=Lespeed
-        Technology Ltd.
-      ValidFrom: '2015-05-07 00:00:00'
-      ValidTo: '2017-05-14 23:59:59'
-      Signature: a13032767aa0a7cf1bc7a580da80f4d20642b0b4b8160fc23d16d38d05fb4f65e792f2e47e29b3c720e247248144275fb0b63e8cfde47b3e15019edb71e9c59f88f2455bbf111dae971157ac862767d607307491183199c65837c588ca898d4019d0b5cc09c34c73ed5500f4158a5522b7f53d4e334d6af3d69915f55b688f5d8956d7048b19a7cf20c571e79df0e13af35b33796d0bff926814d3e8d984b9228db9b3ef9be929d62a1cca4c1e0c50e5bc8525d5431f0e380a7b46166def3b594ea0f73e2e8bb3f9af2a044ccf888e6b23185047d87fd349ed4a93a9d1a639c4122714c4046b4c6f2eb8cc667ae78ecbee2e477affffcb16f5e4a34a72dc1946
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 57c76f616cbd9aeb18b22862a09d94dc
-      Version: 3
-      TBS:
-        MD5: d3b63256734014c7a7f5e01a335af2ac
-        SHA1: b7c7ae11be35f9788e341a5b868b4b599b1d6763
-        SHA256: 0114225eea0b2816e2fe11ce39f522a5f7a4a0bdd6887016b9671308b6260937
-        SHA384: 38204a5ba53242499ba3fdd8579117d1a666070a872ecba8a05bc00a977b8c3ebfd0edb1148e2546f3f7dcfaf15d04d2
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 57c76f616cbd9aeb18b22862a09d94dc
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: d658b06ec1ce39670b02a2dd83e29d03
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 4e4d97955557f085f4e1fe4cbba82321
-    SHA1: 131a7703dbaf36bcf7034e8690a7046e9eb52d2b
-    SHA256: 8a844a8d993db0ee1159b096aee959e32bb9155edd9167b1e6aad2e4019202dd
-  Company: WiseCleaner.com
-  Copyright: "Copyright \xA9 2015"
-  CreationTimestamp: '2017-06-29 01:22:02'
-  Date: ''
-  Description: WiseUnlo
-  ExportedFunctions: ''
-  FileVersion: 1.0.2.13
-  Filename: ''
-  ImportedFunctions:
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeSetEvent
-  - IoCreateFile
-  - KeInitializeEvent
-  - IoFileObjectType
-  - KeGetCurrentThread
-  - ZwClose
-  - IofCompleteRequest
-  - IoGetRelatedDeviceObject
-  - KeWaitForSingleObject
-  - IoFreeIrp
-  - IoAllocateIrp
-  - IoCreateSymbolicLink
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - DbgPrint
-  - IofCallDriver
-  - ObReferenceObjectByHandle
-  - IoDeleteSymbolicLink
-  - KeGetCurrentIrql
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: WiseUnlo.sys
-  MD5: e626956c883c7ff3aeb0414570135a58
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: WiseUnlo.sys
-  PDBPath: ''
-  Product: WiseUnlo
-  ProductVersion: 1.0.2.13
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 90cb984cab66f2e7b36cce65ed28b399
-    SHA1: 72b29313b8c3e72489d006710e4f341b9dd15f24
-    SHA256: c882845cce4f8b835749bf56874a8a88d627bd1b225cb03363005b84f8e6c00b
-  SHA1: 70bb3b831880e058524735b14f2a0f1a72916a4c
-  SHA256: 786f0ba14567a7e19192645ad4e40bee6df259abf2fbdfda35b6a38f8493d6cc
-  Sections:
-    .text:
-      Entropy: 5.7443087353425
-      Virtual Size: '0x3e3'
-    .rdata:
-      Entropy: 4.688737123929247
-      Virtual Size: '0x192'
-    INIT:
-      Entropy: 4.9204784028642
-      Virtual Size: '0x24a'
-    .rsrc:
-      Entropy: 3.1675738626738394
-      Virtual Size: '0x320'
-    .reloc:
-      Entropy: 3.247255758754881
-      Virtual Size: '0xa8'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO
-        RSA Extended Validation Code Signing CA
-      ValidFrom: '2014-12-03 00:00:00'
-      ValidTo: '2029-12-02 23:59:59'
-      Signature: 664eecb716776f11e81b5d6a4ed9f28b6cb15628408bc031c49948233df80ee88097ef6d200b1f13c486fb173415e18e54f7c2b8007315e028d9dabafa8254c2f7ebbfc336d0309fe5a11c94dfef7ce8f62c78a2accf266a15a11531d6313498bd534fc48483a3c4965c3dd8fed6f954ff67936df83e2b6b2ca2087c5648813218b26eac90c1dbe4de398b86e5c7184059a4df9647bab27fb1f8570f858074380e3a58621efe52e3e6ae530986fe8f9bdb5656cc07b089c104f1530b6c6f77ecb21fecf65b4043600f1bab1854b410048ef80ee9cb83b17af2344e6a544ce9832ae9b030251cce628e0eeb85e629feb14ae3f2ae3c91f54ca1bec8170e5cbb424de31a8a92cd3e207edde975b1ea1f745c9e54c29437b261dd0716597f968016e099b5d26eb0c9230615acd123f4338bce75f0c186d3ffe12efa904ffe46f9bbdb4fbbb7fed10d2b04f1d2d195852c8a2eb88556f2c38452a1e933b1eb50c8a1b09fe3c38b3a879ee755d3d36d3417300d68220bd5b9ed733572c3eda737cde343ae45cd34bf28ca8762ed43a4affacb31cb215861465eb6c67aa61e532aa8f85c511f3a5a100f28c0e4748b74c604aaf84b26280a3289db9d2a60716ac3964e16b963bf6195678c4b2ebbb04e83e94d31e58e2722f53c267b4491d3d45af0d37cf438be149a990e8bb15beae48b0f119d7742821c5c3ad4daab882f8d573054
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.12
-      IsCertificateAuthority: true
-      SerialNumber: 6dd472eb02ae0406e3dd843f5fe145e1
-      Version: 3
-      TBS:
-        MD5: e3898a5cae592360ce7bfdf5ff3fb13f
-        SHA1: 217c51b90dbb7f0528e8ba170d227f647fbc995b
-        SHA256: 3a9b4006a9e125b4458344389c86dfb4f6728848b9871654c615a138514d02ec
-        SHA384: fcd8dd15125f14b84fec55838806355ec3787407188bac83c2c0d6c841adf9ac76ee83eccc5c9463f1f88fc5295a31ee
-    - Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO
-        RSA Certification Authority
-      ValidFrom: '2011-04-11 22:06:20'
-      ValidTo: '2021-04-11 22:16:20'
-      Signature: 81980792fe6f325fd9d24bf57dd971e0fdfc169205b4ce67f5cc4bd4c7109854fa521b48582f73bf19d937a0ad33f351052379d9b277648aebbdc3b39db7b1e637d1d2597e41d98fb314ab15774d6cda40245bb207b8582c4b0c2b5351b3df2eb976ac69c9c2ed64377b8d217accdc9fbc172804cc2547242a85cc56e639398775181f46f6910faa46fa4de64754e2322c76eefbcdbd62e1962429064b0cfe344ae9101d74e57a2f954bcc6ebafdd7355f91e45942defb008e08f151512d62258415081911864061d52553232c297738cc58d38c5fbc19b866064c6310dbb2ac306c16bc8bbcd21bc603131546a550f49a9684bb721038db519ad4c55327cbbf28159e086b3d3f4cc00c911cbf19848b3751a0199d8555c55da56479ef10a5ebf4231cda6fe32e7d17b037761f4d8dc102411f363e067bc5b7602d416251dedde4512da7de81f4c3e0e0e9c31680dd9c497d17cfcb556307d66952f4a49d248dbe1bc98099874548cb49c5ed703500267ca70f7532f7ed088ff0bca560a022d5331efbe5022c95a607f4be14de704c8ea97e41dea9d95064866f9424f7abf683955d0d45d18c238c030a13e40eb943030a4367b3107446e46dbd65de4541867072040bbaddba591f571393b00bedb1144169d3090459c7368e7db64b9df120fcd0f18bbd68ca3eb131cf43d066f5a3ddafb1dcc3178cfa3128c73e4927ab6a1b
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: '61185486000000000024'
-      Version: 3
-      TBS:
-        MD5: ad73330abdd8883ba17ac2572100221e
-        SHA1: 3770402ce3d71f9823386167aa35a7c862f409d3
-        SHA256: 04bc415adcb4ef7df32b9dfe199d92a4078cbd132fd5173961211e7f75385491
-        SHA384: a6c44d9022b3fb3e679acfa266bd26c0bf6a20bb244ef486c04b55539b10ddaa4894c4e0420dfdd025850c5094bb23d1
-    - Subject: serialNumber=91110101593898951F, ??=CN, ??=Private Organization, C=CN,
-        postalCode=100028, ST=Beijing Shi, L=Beijing, ??=Chaoyang District, ??=Room
-        1610, Haocheng Building, No.9 Building, No.6 Courtyard, Zuojiazhuang Middle
-        Street, O=Lespeed Technology Co., Ltd, CN=Lespeed Technology Co., Ltd
-      ValidFrom: '2020-07-09 00:00:00'
-      ValidTo: '2023-07-09 23:59:59'
-      Signature: 0813de16aad5aae2206ec189ee90af05a8a8b9d096e6812c419f8a6320ea5936e3089eb2abf2022a5e946464d9a3cb09d0b041ce8dd90c37d791f5e3fdafa755ad2fd7fbd7da760fa4bbaeba655509ad015c5f37df20229360fb596ebb7a91b644f7a86ef28c4f8d16debe8666f4d6ebefd7d4a4d5d8c3b96d36c54ebc0386ae680dd469dc252893eca2fba6929f4e589974cf6cb1d33fa8270b67d606dc4118ee320a1cb2894a7ea655dbf42f9ef9c2e204a736a62e326ef85afad054c8f38506b050580120383f3136b33f8f6160bddabbe9cdc3c9d130d2915a5987951d7237bb2480172bb326256efa866a88f4e4432b844a69892ea38c560dde939f18d7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 2e4a279bde2eb688e8ab30f5904fa875
-      Version: 3
-      TBS:
-        MD5: 99de6e0504f17e876cb9d36fc42080c4
-        SHA1: dd527101c981e893497468a612193e679a2a53d6
-        SHA256: d17e9d0bab1868e8d3e98517951899c58c639fd37ce9be228caf626ee91a1e5f
-        SHA384: 568e480cd4b6cbca50151d31b6f8d9c0978e0c3be7d74740a5b2d17d992157c94bdf44d552437f9390853605cf5682a2
-    Signer:
-    - SerialNumber: 2e4a279bde2eb688e8ab30f5904fa875
-      Issuer: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO
-        RSA Extended Validation Code Signing CA
-      Version: 1
-  Imphash: 7bc998aaa9fe4b4fd5e133554f42d913
-  LoadsDespiteHVCI: 'TRUE'
-- Authentihash:
-    MD5: 6d1e6e5682f9a5e8a64dc8d2ec6ddfac
-    SHA1: 49fb554b77c8d533e4a1ff30bbc60ef7f80b7055
-    SHA256: c36ace67f4e25f391e8709776348397e4fd3930e641b32c1b0da398e59199ca7
-  Company: WiseCleaner.com
-  Copyright: "Copyright \xA9 2015"
-  CreationTimestamp: '2017-06-29 01:21:54'
-  Date: ''
-  Description: WiseUnlo
-  ExportedFunctions: ''
-  FileVersion: 1.0.2.13
-  Filename: ''
-  ImportedFunctions:
-  - IoDeleteSymbolicLink
-  - IoGetRelatedDeviceObject
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeSetEvent
-  - IoCreateFile
-  - KeInitializeEvent
-  - IoFileObjectType
-  - ZwClose
-  - IofCompleteRequest
-  - ObReferenceObjectByHandle
-  - KeWaitForSingleObject
-  - IoFreeIrp
-  - IoAllocateIrp
-  - IoCreateSymbolicLink
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - DbgPrint
-  - IofCallDriver
-  Imports:
-  - ntoskrnl.exe
-  InternalName: WiseUnlo.sys
-  MD5: 9e0af1fe4d6dd2ca4721810ed1c930d6
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: WiseUnlo.sys
-  PDBPath: ''
-  Product: WiseUnlo
-  ProductVersion: 1.0.2.13
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 8d3c5247eb754073fa6215b4e6b75923
-    SHA1: 2810d5abd81048f341ced0b06c0d974c39795cce
-    SHA256: 379e3e6bf0f81d613c578c7131d36935edbf8d462638cdd4a1dc6787444af023
-  SHA1: 5b4619596c89ed17ccbe92fd5c0a823033f2f1e1
-  SHA256: 48b1344e45e4de4dfb74ef918af5e0e403001c9061018e703261bbd72dc30548
-  Sections:
-    .text:
-      Entropy: 5.471623893145366
-      Virtual Size: '0x502'
-    .rdata:
-      Entropy: 4.507897741341232
-      Virtual Size: '0x254'
-    .pdata:
-      Entropy: 3.110203256200424
-      Virtual Size: '0x60'
-    INIT:
-      Entropy: 4.490500601139112
-      Virtual Size: '0x248'
-    .rsrc:
-      Entropy: 3.1666302532961352
-      Virtual Size: '0x320'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: ??=Private Organization, ??=CN, ??=Beijing, serialNumber=91110101593898951F,
-        ??=Chaoyang District, ??=103, Unit C, Building 8, Yard 6, Zuojiazhuang Street,
-        postalCode=100028, C=CN, ST=Beijing, L=Beijing, O=Beijing Lang Xingda Network
-        Technology Co., Ltd, CN=Beijing Lang Xingda Network Technology Co., Ltd
-      ValidFrom: '2017-06-16 00:00:00'
-      ValidTo: '2019-12-31 12:00:00'
-      Signature: 036aa0d600d0e810dc9b7b5b6cb97acc0b21792e351c21236bd4f67a88c232ecde9e6fcd99c2933c5d4f24cb8ad45e6e39547a8a9df084ac43a89cb017cccda9430d89b932c5a8c8c3d1e7ebf997408739bd63d23d52b24bbd72bf3a4ad05363bb5515795ffc9d6328309273587abe0d5c4b60edb85e8ce73ba5caa6b0a1bf597e9691910cc996344537234eee6c64af497f1b29c4432e38d978d7f45822ef88ecd5462752beb2619ba4cbf88eb4be5b8ac2ba19eed2265ee342980ad7fb4f9767487867ce1d6f7f6d6ad0ce642879781ee23ef8e932fae775e511c2e4f07c5e60cf9d8362362cba51c61ff59f352cf8368c000ee3aa8c7a57dc7f3c7dd5a10a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0b847f536116fd6d5a31dbf8f6ad8aa1
-      Version: 3
-      TBS:
-        MD5: c4a1cd15e009d0791fdb4d9e3612c0b7
-        SHA1: 64d8e05d4deddf634440d1e326aacfb4e06c9a0b
-        SHA256: d34c5ac9e993a225771de09bbcf963e629669168ca2f57c2a0d0b91f0bb511c2
-        SHA384: 3c7a8b0403105f6477cc493bb0abaff14ffc72a961a1404b7a3040e4e94aeec4bf4f42fcfa867b3cf8c14c9b0c2ebcb7
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA
-      ValidFrom: '2012-04-18 12:00:00'
-      ValidTo: '2027-04-18 12:00:00'
-      Signature: 9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0dd0e3374ac95bdbfa6b434b2a48ec06
-      Version: 3
-      TBS:
-        MD5: f92649915476229b093c211c2b18e6c4
-        SHA1: 2d54c16a8f8b69ccdea48d0603c132f547a5cf75
-        SHA256: 2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
-        SHA384: 511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 0b847f536116fd6d5a31dbf8f6ad8aa1
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA
-      Version: 1
-  Imphash: d5bc15465b63888cc8b98ecc63a81517
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 4e4d97955557f085f4e1fe4cbba82321
-    SHA1: 131a7703dbaf36bcf7034e8690a7046e9eb52d2b
-    SHA256: 8a844a8d993db0ee1159b096aee959e32bb9155edd9167b1e6aad2e4019202dd
-  Company: WiseCleaner.com
-  Copyright: "Copyright \xA9 2015"
-  CreationTimestamp: '2017-06-29 01:22:02'
-  Date: ''
-  Description: WiseUnlo
-  ExportedFunctions: ''
-  FileVersion: 1.0.2.13
-  Filename: ''
-  ImportedFunctions:
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeSetEvent
-  - IoCreateFile
-  - KeInitializeEvent
-  - IoFileObjectType
-  - KeGetCurrentThread
-  - ZwClose
-  - IofCompleteRequest
-  - IoGetRelatedDeviceObject
-  - KeWaitForSingleObject
-  - IoFreeIrp
-  - IoAllocateIrp
-  - IoCreateSymbolicLink
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - DbgPrint
-  - IofCallDriver
-  - ObReferenceObjectByHandle
-  - IoDeleteSymbolicLink
-  - KeGetCurrentIrql
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: WiseUnlo.sys
-  MD5: da8437200af5f3f790e301b9958993d2
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: WiseUnlo.sys
-  PDBPath: ''
-  Product: WiseUnlo
-  ProductVersion: 1.0.2.13
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 90cb984cab66f2e7b36cce65ed28b399
-    SHA1: 72b29313b8c3e72489d006710e4f341b9dd15f24
-    SHA256: c882845cce4f8b835749bf56874a8a88d627bd1b225cb03363005b84f8e6c00b
-  SHA1: ce31292b05c0ae1dc639a6ee95bb3bc7350f2aaf
-  SHA256: 87aae726bf7104aac8c8f566ea98f2b51a2bfb6097b6fc8aa1f70adeb4681e1b
-  Sections:
-    .text:
-      Entropy: 5.7443087353425
-      Virtual Size: '0x3e3'
-    .rdata:
-      Entropy: 4.688737123929247
-      Virtual Size: '0x192'
-    INIT:
-      Entropy: 4.9204784028642
-      Virtual Size: '0x24a'
-    .rsrc:
-      Entropy: 3.1675738626738394
-      Virtual Size: '0x320'
-    .reloc:
-      Entropy: 3.247255758754881
-      Virtual Size: '0xa8'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: ??=Private Organization, ??=CN, ??=Beijing, serialNumber=91110101593898951F,
-        ??=Chaoyang District, ??=103, Unit C, Building 8, Yard 6, Zuojiazhuang Street,
-        postalCode=100028, C=CN, ST=Beijing, L=Beijing, O=Beijing Lang Xingda Network
-        Technology Co., Ltd, CN=Beijing Lang Xingda Network Technology Co., Ltd
-      ValidFrom: '2017-06-16 00:00:00'
-      ValidTo: '2019-12-31 12:00:00'
-      Signature: 036aa0d600d0e810dc9b7b5b6cb97acc0b21792e351c21236bd4f67a88c232ecde9e6fcd99c2933c5d4f24cb8ad45e6e39547a8a9df084ac43a89cb017cccda9430d89b932c5a8c8c3d1e7ebf997408739bd63d23d52b24bbd72bf3a4ad05363bb5515795ffc9d6328309273587abe0d5c4b60edb85e8ce73ba5caa6b0a1bf597e9691910cc996344537234eee6c64af497f1b29c4432e38d978d7f45822ef88ecd5462752beb2619ba4cbf88eb4be5b8ac2ba19eed2265ee342980ad7fb4f9767487867ce1d6f7f6d6ad0ce642879781ee23ef8e932fae775e511c2e4f07c5e60cf9d8362362cba51c61ff59f352cf8368c000ee3aa8c7a57dc7f3c7dd5a10a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0b847f536116fd6d5a31dbf8f6ad8aa1
-      Version: 3
-      TBS:
-        MD5: c4a1cd15e009d0791fdb4d9e3612c0b7
-        SHA1: 64d8e05d4deddf634440d1e326aacfb4e06c9a0b
-        SHA256: d34c5ac9e993a225771de09bbcf963e629669168ca2f57c2a0d0b91f0bb511c2
-        SHA384: 3c7a8b0403105f6477cc493bb0abaff14ffc72a961a1404b7a3040e4e94aeec4bf4f42fcfa867b3cf8c14c9b0c2ebcb7
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA
-      ValidFrom: '2012-04-18 12:00:00'
-      ValidTo: '2027-04-18 12:00:00'
-      Signature: 9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0dd0e3374ac95bdbfa6b434b2a48ec06
-      Version: 3
-      TBS:
-        MD5: f92649915476229b093c211c2b18e6c4
-        SHA1: 2d54c16a8f8b69ccdea48d0603c132f547a5cf75
-        SHA256: 2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
-        SHA384: 511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 0b847f536116fd6d5a31dbf8f6ad8aa1
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA
-      Version: 1
-  Imphash: 7bc998aaa9fe4b4fd5e133554f42d913
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 42d1a185325fed53f39a49a1cbf5ef51
-    SHA1: 0d258e0459c2a6754b7dfb69e12a2c44805ca8d8
-    SHA256: 36861bb32abd5ba7955aa69269d27772f75d0306485d10ed045125816422c423
-  Company: WiseCleaner.com
-  Copyright: "Copyright \xA9 2015"
-  CreationTimestamp: '2015-05-11 01:36:54'
-  Date: ''
-  Description: WiseUnlo
-  ExportedFunctions: ''
-  FileVersion: 1.0.1.12
-  Filename: ''
-  ImportedFunctions:
-  - RtlInitUnicodeString
-  - DbgPrint
-  - IoCreateFile
-  - IoFreeIrp
-  - KeSetEvent
-  - KeWaitForSingleObject
-  - IofCallDriver
-  - KeGetCurrentThread
-  - KeInitializeEvent
-  - IoDeleteSymbolicLink
-  - IoAllocateIrp
-  - IoGetRelatedDeviceObject
-  - ObReferenceObjectByHandle
-  - IoFileObjectType
-  - RtlAssert
-  - ZwClose
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - ObfDereferenceObject
-  - IoDeleteDevice
-  - KeGetCurrentIrql
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: WiseUnlo.sys
-  MD5: 4cee9945f9a3e8f2433f5aa8c58671fb
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: WiseUnlo.sys
-  PDBPath: ''
-  Product: WiseUnlo
-  ProductVersion: 1.0.1.12
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 2c93997fbfc6e8e1338e69bb9a988272
-    SHA1: a82c319dbe3b4991d04277b3bc2cc9d5b20b309c
-    SHA256: 0db9aad853aaf211e35030b5677df8f10a23c541537125b49ac8efd782819665
-  SHA1: b314742af197a786218c6dd704b438469445eefa
-  SHA256: 5e27fe26110d2b9f6c2bad407d3d0611356576b531564f75ff96f9f72d5fcae4
-  Sections:
-    .text:
-      Entropy: 5.577756892676977
-      Virtual Size: '0x6b0'
-    .rdata:
-      Entropy: 4.698324833419782
-      Virtual Size: '0xe2'
-    .data:
-      Entropy: 4.959006844370525
-      Virtual Size: '0x1b8'
-    INIT:
-      Entropy: 4.93069584449041
-      Virtual Size: '0x25a'
-    .rsrc:
-      Entropy: 3.1580602223961773
-      Virtual Size: '0x320'
-    .reloc:
-      Entropy: 4.610492951694966
-      Virtual Size: '0xbc'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=CN, ST=BeiJing, L=BeiJing, O=Lespeed Technology Ltd., CN=Lespeed
-        Technology Ltd.
-      ValidFrom: '2015-05-07 00:00:00'
-      ValidTo: '2017-05-14 23:59:59'
-      Signature: a13032767aa0a7cf1bc7a580da80f4d20642b0b4b8160fc23d16d38d05fb4f65e792f2e47e29b3c720e247248144275fb0b63e8cfde47b3e15019edb71e9c59f88f2455bbf111dae971157ac862767d607307491183199c65837c588ca898d4019d0b5cc09c34c73ed5500f4158a5522b7f53d4e334d6af3d69915f55b688f5d8956d7048b19a7cf20c571e79df0e13af35b33796d0bff926814d3e8d984b9228db9b3ef9be929d62a1cca4c1e0c50e5bc8525d5431f0e380a7b46166def3b594ea0f73e2e8bb3f9af2a044ccf888e6b23185047d87fd349ed4a93a9d1a639c4122714c4046b4c6f2eb8cc667ae78ecbee2e477affffcb16f5e4a34a72dc1946
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 57c76f616cbd9aeb18b22862a09d94dc
-      Version: 3
-      TBS:
-        MD5: d3b63256734014c7a7f5e01a335af2ac
-        SHA1: b7c7ae11be35f9788e341a5b868b4b599b1d6763
-        SHA256: 0114225eea0b2816e2fe11ce39f522a5f7a4a0bdd6887016b9671308b6260937
-        SHA384: 38204a5ba53242499ba3fdd8579117d1a666070a872ecba8a05bc00a977b8c3ebfd0edb1148e2546f3f7dcfaf15d04d2
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 57c76f616cbd9aeb18b22862a09d94dc
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 05fbe4619edf747787879d9323951439
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 6d1e6e5682f9a5e8a64dc8d2ec6ddfac
-    SHA1: 49fb554b77c8d533e4a1ff30bbc60ef7f80b7055
-    SHA256: c36ace67f4e25f391e8709776348397e4fd3930e641b32c1b0da398e59199ca7
-  Company: WiseCleaner.com
-  Copyright: "Copyright \xA9 2015"
-  CreationTimestamp: '2017-06-29 01:21:54'
-  Date: ''
-  Description: WiseUnlo
-  ExportedFunctions: ''
-  FileVersion: 1.0.2.13
-  Filename: ''
-  ImportedFunctions:
-  - IoDeleteSymbolicLink
-  - IoGetRelatedDeviceObject
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeSetEvent
-  - IoCreateFile
-  - KeInitializeEvent
-  - IoFileObjectType
-  - ZwClose
-  - IofCompleteRequest
-  - ObReferenceObjectByHandle
-  - KeWaitForSingleObject
-  - IoFreeIrp
-  - IoAllocateIrp
-  - IoCreateSymbolicLink
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - DbgPrint
-  - IofCallDriver
-  Imports:
-  - ntoskrnl.exe
-  InternalName: WiseUnlo.sys
-  MD5: 1762105b28eb90d19e9ab3acde16ead6
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: WiseUnlo.sys
-  PDBPath: ''
-  Product: WiseUnlo
-  ProductVersion: 1.0.2.13
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 8d3c5247eb754073fa6215b4e6b75923
-    SHA1: 2810d5abd81048f341ced0b06c0d974c39795cce
-    SHA256: 379e3e6bf0f81d613c578c7131d36935edbf8d462638cdd4a1dc6787444af023
-  SHA1: 20cf02c95e329cf2fd4563cddcbd434aad81ccb4
-  SHA256: daf549a7080d384ba99d1b5bd2383dbb1aa640f7ea3a216df1f08981508155f5
-  Sections:
-    .text:
-      Entropy: 5.471623893145366
-      Virtual Size: '0x502'
-    .rdata:
-      Entropy: 4.507897741341232
-      Virtual Size: '0x254'
-    .pdata:
-      Entropy: 3.110203256200424
-      Virtual Size: '0x60'
-    INIT:
-      Entropy: 4.490500601139112
-      Virtual Size: '0x248'
-    .rsrc:
-      Entropy: 3.1666302532961352
-      Virtual Size: '0x320'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO
-        RSA Extended Validation Code Signing CA
-      ValidFrom: '2014-12-03 00:00:00'
-      ValidTo: '2029-12-02 23:59:59'
-      Signature: 664eecb716776f11e81b5d6a4ed9f28b6cb15628408bc031c49948233df80ee88097ef6d200b1f13c486fb173415e18e54f7c2b8007315e028d9dabafa8254c2f7ebbfc336d0309fe5a11c94dfef7ce8f62c78a2accf266a15a11531d6313498bd534fc48483a3c4965c3dd8fed6f954ff67936df83e2b6b2ca2087c5648813218b26eac90c1dbe4de398b86e5c7184059a4df9647bab27fb1f8570f858074380e3a58621efe52e3e6ae530986fe8f9bdb5656cc07b089c104f1530b6c6f77ecb21fecf65b4043600f1bab1854b410048ef80ee9cb83b17af2344e6a544ce9832ae9b030251cce628e0eeb85e629feb14ae3f2ae3c91f54ca1bec8170e5cbb424de31a8a92cd3e207edde975b1ea1f745c9e54c29437b261dd0716597f968016e099b5d26eb0c9230615acd123f4338bce75f0c186d3ffe12efa904ffe46f9bbdb4fbbb7fed10d2b04f1d2d195852c8a2eb88556f2c38452a1e933b1eb50c8a1b09fe3c38b3a879ee755d3d36d3417300d68220bd5b9ed733572c3eda737cde343ae45cd34bf28ca8762ed43a4affacb31cb215861465eb6c67aa61e532aa8f85c511f3a5a100f28c0e4748b74c604aaf84b26280a3289db9d2a60716ac3964e16b963bf6195678c4b2ebbb04e83e94d31e58e2722f53c267b4491d3d45af0d37cf438be149a990e8bb15beae48b0f119d7742821c5c3ad4daab882f8d573054
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.12
-      IsCertificateAuthority: true
-      SerialNumber: 6dd472eb02ae0406e3dd843f5fe145e1
-      Version: 3
-      TBS:
-        MD5: e3898a5cae592360ce7bfdf5ff3fb13f
-        SHA1: 217c51b90dbb7f0528e8ba170d227f647fbc995b
-        SHA256: 3a9b4006a9e125b4458344389c86dfb4f6728848b9871654c615a138514d02ec
-        SHA384: fcd8dd15125f14b84fec55838806355ec3787407188bac83c2c0d6c841adf9ac76ee83eccc5c9463f1f88fc5295a31ee
-    - Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO
-        RSA Certification Authority
-      ValidFrom: '2011-04-11 22:06:20'
-      ValidTo: '2021-04-11 22:16:20'
-      Signature: 81980792fe6f325fd9d24bf57dd971e0fdfc169205b4ce67f5cc4bd4c7109854fa521b48582f73bf19d937a0ad33f351052379d9b277648aebbdc3b39db7b1e637d1d2597e41d98fb314ab15774d6cda40245bb207b8582c4b0c2b5351b3df2eb976ac69c9c2ed64377b8d217accdc9fbc172804cc2547242a85cc56e639398775181f46f6910faa46fa4de64754e2322c76eefbcdbd62e1962429064b0cfe344ae9101d74e57a2f954bcc6ebafdd7355f91e45942defb008e08f151512d62258415081911864061d52553232c297738cc58d38c5fbc19b866064c6310dbb2ac306c16bc8bbcd21bc603131546a550f49a9684bb721038db519ad4c55327cbbf28159e086b3d3f4cc00c911cbf19848b3751a0199d8555c55da56479ef10a5ebf4231cda6fe32e7d17b037761f4d8dc102411f363e067bc5b7602d416251dedde4512da7de81f4c3e0e0e9c31680dd9c497d17cfcb556307d66952f4a49d248dbe1bc98099874548cb49c5ed703500267ca70f7532f7ed088ff0bca560a022d5331efbe5022c95a607f4be14de704c8ea97e41dea9d95064866f9424f7abf683955d0d45d18c238c030a13e40eb943030a4367b3107446e46dbd65de4541867072040bbaddba591f571393b00bedb1144169d3090459c7368e7db64b9df120fcd0f18bbd68ca3eb131cf43d066f5a3ddafb1dcc3178cfa3128c73e4927ab6a1b
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: '61185486000000000024'
-      Version: 3
-      TBS:
-        MD5: ad73330abdd8883ba17ac2572100221e
-        SHA1: 3770402ce3d71f9823386167aa35a7c862f409d3
-        SHA256: 04bc415adcb4ef7df32b9dfe199d92a4078cbd132fd5173961211e7f75385491
-        SHA384: a6c44d9022b3fb3e679acfa266bd26c0bf6a20bb244ef486c04b55539b10ddaa4894c4e0420dfdd025850c5094bb23d1
-    - Subject: serialNumber=91110101593898951F, ??=CN, ??=Private Organization, C=CN,
-        postalCode=100028, ST=Beijing Shi, L=Beijing, ??=Chaoyang District, ??=Room
-        1610, Haocheng Building, No.9 Building, No.6 Courtyard, Zuojiazhuang Middle
-        Street, O=Lespeed Technology Co., Ltd, CN=Lespeed Technology Co., Ltd
-      ValidFrom: '2020-07-09 00:00:00'
-      ValidTo: '2023-07-09 23:59:59'
-      Signature: 0813de16aad5aae2206ec189ee90af05a8a8b9d096e6812c419f8a6320ea5936e3089eb2abf2022a5e946464d9a3cb09d0b041ce8dd90c37d791f5e3fdafa755ad2fd7fbd7da760fa4bbaeba655509ad015c5f37df20229360fb596ebb7a91b644f7a86ef28c4f8d16debe8666f4d6ebefd7d4a4d5d8c3b96d36c54ebc0386ae680dd469dc252893eca2fba6929f4e589974cf6cb1d33fa8270b67d606dc4118ee320a1cb2894a7ea655dbf42f9ef9c2e204a736a62e326ef85afad054c8f38506b050580120383f3136b33f8f6160bddabbe9cdc3c9d130d2915a5987951d7237bb2480172bb326256efa866a88f4e4432b844a69892ea38c560dde939f18d7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 2e4a279bde2eb688e8ab30f5904fa875
-      Version: 3
-      TBS:
-        MD5: 99de6e0504f17e876cb9d36fc42080c4
-        SHA1: dd527101c981e893497468a612193e679a2a53d6
-        SHA256: d17e9d0bab1868e8d3e98517951899c58c639fd37ce9be228caf626ee91a1e5f
-        SHA384: 568e480cd4b6cbca50151d31b6f8d9c0978e0c3be7d74740a5b2d17d992157c94bdf44d552437f9390853605cf5682a2
-    Signer:
-    - SerialNumber: 2e4a279bde2eb688e8ab30f5904fa875
-      Issuer: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO
-        RSA Extended Validation Code Signing CA
-      Version: 1
-  Imphash: d5bc15465b63888cc8b98ecc63a81517
-  LoadsDespiteHVCI: 'TRUE'
-- Authentihash:
-    MD5: 6d1e6e5682f9a5e8a64dc8d2ec6ddfac
-    SHA1: 49fb554b77c8d533e4a1ff30bbc60ef7f80b7055
-    SHA256: c36ace67f4e25f391e8709776348397e4fd3930e641b32c1b0da398e59199ca7
-  Company: WiseCleaner.com
-  Copyright: "Copyright \xA9 2015"
-  CreationTimestamp: '2017-06-29 01:21:54'
-  Date: ''
-  Description: WiseUnlo
-  ExportedFunctions: ''
-  FileVersion: 1.0.2.13
-  Filename: WiseUnlo.sys
-  ImportedFunctions:
-  - IoDeleteSymbolicLink
-  - IoGetRelatedDeviceObject
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeSetEvent
-  - IoCreateFile
-  - KeInitializeEvent
-  - IoFileObjectType
-  - ZwClose
-  - IofCompleteRequest
-  - ObReferenceObjectByHandle
-  - KeWaitForSingleObject
-  - IoFreeIrp
-  - IoAllocateIrp
-  - IoCreateSymbolicLink
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - DbgPrint
-  - IofCallDriver
-  Imports:
-  - ntoskrnl.exe
-  InternalName: WiseUnlo.sys
-  MD5: 356bda2bf0f6899a2c08b2da3ec69f13
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: WiseUnlo.sys
-  Product: WiseUnlo
-  ProductVersion: 1.0.2.13
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 8d3c5247eb754073fa6215b4e6b75923
-    SHA1: 2810d5abd81048f341ced0b06c0d974c39795cce
-    SHA256: 379e3e6bf0f81d613c578c7131d36935edbf8d462638cdd4a1dc6787444af023
-  SHA1: b9807b8840327c6d7fbdde45fc27de921f1f1a82
-  SHA256: 358ac54be252673841a1d65bfc2fb6d549c1a4c877fa7f5e1bfa188f30375d69
-  Sections:
-    .text:
-      Entropy: 5.471623893145366
-      Virtual Size: '0x502'
-    .rdata:
-      Entropy: 4.507897741341232
-      Virtual Size: '0x254'
-    .pdata:
-      Entropy: 3.110203256200424
-      Virtual Size: '0x60'
-    INIT:
-      Entropy: 4.490500601139112
-      Virtual Size: '0x248'
-    .rsrc:
-      Entropy: 3.1666302532961352
-      Virtual Size: '0x320'
-  Signature:
-  - Lespeed Technology Co., Ltd
-  - COMODO RSA Extended Validation Code Signing CA
-  - Sectigo (formerly Comodo CA)
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO
-        RSA Extended Validation Code Signing CA
-      ValidFrom: '2014-12-03 00:00:00'
-      ValidTo: '2029-12-02 23:59:59'
-      Signature: 664eecb716776f11e81b5d6a4ed9f28b6cb15628408bc031c49948233df80ee88097ef6d200b1f13c486fb173415e18e54f7c2b8007315e028d9dabafa8254c2f7ebbfc336d0309fe5a11c94dfef7ce8f62c78a2accf266a15a11531d6313498bd534fc48483a3c4965c3dd8fed6f954ff67936df83e2b6b2ca2087c5648813218b26eac90c1dbe4de398b86e5c7184059a4df9647bab27fb1f8570f858074380e3a58621efe52e3e6ae530986fe8f9bdb5656cc07b089c104f1530b6c6f77ecb21fecf65b4043600f1bab1854b410048ef80ee9cb83b17af2344e6a544ce9832ae9b030251cce628e0eeb85e629feb14ae3f2ae3c91f54ca1bec8170e5cbb424de31a8a92cd3e207edde975b1ea1f745c9e54c29437b261dd0716597f968016e099b5d26eb0c9230615acd123f4338bce75f0c186d3ffe12efa904ffe46f9bbdb4fbbb7fed10d2b04f1d2d195852c8a2eb88556f2c38452a1e933b1eb50c8a1b09fe3c38b3a879ee755d3d36d3417300d68220bd5b9ed733572c3eda737cde343ae45cd34bf28ca8762ed43a4affacb31cb215861465eb6c67aa61e532aa8f85c511f3a5a100f28c0e4748b74c604aaf84b26280a3289db9d2a60716ac3964e16b963bf6195678c4b2ebbb04e83e94d31e58e2722f53c267b4491d3d45af0d37cf438be149a990e8bb15beae48b0f119d7742821c5c3ad4daab882f8d573054
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.12
-      IsCertificateAuthority: true
-      SerialNumber: 6dd472eb02ae0406e3dd843f5fe145e1
-      Version: 3
-      TBS:
-        MD5: e3898a5cae592360ce7bfdf5ff3fb13f
-        SHA1: 217c51b90dbb7f0528e8ba170d227f647fbc995b
-        SHA256: 3a9b4006a9e125b4458344389c86dfb4f6728848b9871654c615a138514d02ec
-        SHA384: fcd8dd15125f14b84fec55838806355ec3787407188bac83c2c0d6c841adf9ac76ee83eccc5c9463f1f88fc5295a31ee
-    - Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO
-        RSA Certification Authority
-      ValidFrom: '2011-04-11 22:06:20'
-      ValidTo: '2021-04-11 22:16:20'
-      Signature: 81980792fe6f325fd9d24bf57dd971e0fdfc169205b4ce67f5cc4bd4c7109854fa521b48582f73bf19d937a0ad33f351052379d9b277648aebbdc3b39db7b1e637d1d2597e41d98fb314ab15774d6cda40245bb207b8582c4b0c2b5351b3df2eb976ac69c9c2ed64377b8d217accdc9fbc172804cc2547242a85cc56e639398775181f46f6910faa46fa4de64754e2322c76eefbcdbd62e1962429064b0cfe344ae9101d74e57a2f954bcc6ebafdd7355f91e45942defb008e08f151512d62258415081911864061d52553232c297738cc58d38c5fbc19b866064c6310dbb2ac306c16bc8bbcd21bc603131546a550f49a9684bb721038db519ad4c55327cbbf28159e086b3d3f4cc00c911cbf19848b3751a0199d8555c55da56479ef10a5ebf4231cda6fe32e7d17b037761f4d8dc102411f363e067bc5b7602d416251dedde4512da7de81f4c3e0e0e9c31680dd9c497d17cfcb556307d66952f4a49d248dbe1bc98099874548cb49c5ed703500267ca70f7532f7ed088ff0bca560a022d5331efbe5022c95a607f4be14de704c8ea97e41dea9d95064866f9424f7abf683955d0d45d18c238c030a13e40eb943030a4367b3107446e46dbd65de4541867072040bbaddba591f571393b00bedb1144169d3090459c7368e7db64b9df120fcd0f18bbd68ca3eb131cf43d066f5a3ddafb1dcc3178cfa3128c73e4927ab6a1b
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: '61185486000000000024'
-      Version: 3
-      TBS:
-        MD5: ad73330abdd8883ba17ac2572100221e
-        SHA1: 3770402ce3d71f9823386167aa35a7c862f409d3
-        SHA256: 04bc415adcb4ef7df32b9dfe199d92a4078cbd132fd5173961211e7f75385491
-        SHA384: a6c44d9022b3fb3e679acfa266bd26c0bf6a20bb244ef486c04b55539b10ddaa4894c4e0420dfdd025850c5094bb23d1
-    - Subject: serialNumber=91110101593898951F, ??=CN, ??=Private Organization, C=CN,
-        postalCode=100028, ST=Beijing Shi, L=Beijing, ??=Chaoyang District, ??=Room
-        1610, Haocheng Building, No.9 Building, No.6 Courtyard, Zuojiazhuang Middle
-        Street, O=Lespeed Technology Co., Ltd, CN=Lespeed Technology Co., Ltd
-      ValidFrom: '2020-07-09 00:00:00'
-      ValidTo: '2023-07-09 23:59:59'
-      Signature: 0813de16aad5aae2206ec189ee90af05a8a8b9d096e6812c419f8a6320ea5936e3089eb2abf2022a5e946464d9a3cb09d0b041ce8dd90c37d791f5e3fdafa755ad2fd7fbd7da760fa4bbaeba655509ad015c5f37df20229360fb596ebb7a91b644f7a86ef28c4f8d16debe8666f4d6ebefd7d4a4d5d8c3b96d36c54ebc0386ae680dd469dc252893eca2fba6929f4e589974cf6cb1d33fa8270b67d606dc4118ee320a1cb2894a7ea655dbf42f9ef9c2e204a736a62e326ef85afad054c8f38506b050580120383f3136b33f8f6160bddabbe9cdc3c9d130d2915a5987951d7237bb2480172bb326256efa866a88f4e4432b844a69892ea38c560dde939f18d7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 2e4a279bde2eb688e8ab30f5904fa875
-      Version: 3
-      TBS:
-        MD5: 99de6e0504f17e876cb9d36fc42080c4
-        SHA1: dd527101c981e893497468a612193e679a2a53d6
-        SHA256: d17e9d0bab1868e8d3e98517951899c58c639fd37ce9be228caf626ee91a1e5f
-        SHA384: 568e480cd4b6cbca50151d31b6f8d9c0978e0c3be7d74740a5b2d17d992157c94bdf44d552437f9390853605cf5682a2
-    Signer:
-    - SerialNumber: 2e4a279bde2eb688e8ab30f5904fa875
-      Issuer: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO
-        RSA Extended Validation Code Signing CA
-      Version: 1
-  Imphash: d5bc15465b63888cc8b98ecc63a81517
-  LoadsDespiteHVCI: 'TRUE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create WiseUnlo.sys binPath=C:\windows\temp\WiseUnlo.sys type=kernel
+        && sc.exe start WiseUnlo.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules
-Tags:
-- WiseUnlo.sys
-Verified: 'TRUE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/358ac54be252673841a1d65bfc2fb6d549c1a4c877fa7f5e1bfa188f30375d69.yara
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 8df54f216312cc14d959dcb858702b01
+        SHA1: 7f921e6701f0cc33c6852ab7f79455b9ad9c8eac
+        SHA256: c10c70be4e36fa9c98a4796c2b03db86398e2b07018550b7f0d58edabc553ad2
+    Company: WiseCleaner.com
+    Copyright: "Copyright \xA9 2015"
+    CreationTimestamp: '2015-05-11 01:36:47'
+    Date: ''
+    Description: WiseUnlo
+    ExportedFunctions: ''
+    FileVersion: 1.0.1.12
+    Filename: ''
+    ImportedFunctions:
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - DbgPrint
+    - IoCreateFile
+    - IoFreeIrp
+    - KeSetEvent
+    - KeWaitForSingleObject
+    - IofCallDriver
+    - KeInitializeEvent
+    - ObfDereferenceObject
+    - IoAllocateIrp
+    - IoGetRelatedDeviceObject
+    - ObReferenceObjectByHandle
+    - IoFileObjectType
+    - RtlAssert
+    - ZwClose
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    Imports:
+    - ntoskrnl.exe
+    InternalName: WiseUnlo.sys
+    MD5: 33b3842172f21ba22982bfb6bffbda27
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: WiseUnlo.sys
+    PDBPath: ''
+    Product: WiseUnlo
+    ProductVersion: 1.0.1.12
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: c35062e4107cf5b1678dc60ad794c5bb
+        SHA1: b2bb35d38360088084f26094de08e1ab820c7ac6
+        SHA256: d6dff08654727de4a812f75583c88322f68fccfdd9df4f67c49c9484448c3359
+    SHA1: c201d5d0ab945095c3b1a356b3b228af1aa652fc
+    SHA256: 9d530642aeb6524691d06b9e02a84e3487c9cdd86c264b105035d925c984823a
+    Sections:
+        .text:
+            Entropy: 5.25170410443264
+            Virtual Size: '0x92a'
+        .rdata:
+            Entropy: 4.037092023862171
+            Virtual Size: '0x18c'
+        .data:
+            Entropy: 4.831845453284878
+            Virtual Size: '0x1cc'
+        .pdata:
+            Entropy: 3.136023649404046
+            Virtual Size: '0x78'
+        INIT:
+            Entropy: 4.50439329638124
+            Virtual Size: '0x25c'
+        .rsrc:
+            Entropy: 3.1590038317738816
+            Virtual Size: '0x320'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=CN, ST=BeiJing, L=BeiJing, O=Lespeed Technology Ltd., CN=Lespeed
+                Technology Ltd.
+            ValidFrom: '2015-05-07 00:00:00'
+            ValidTo: '2017-05-14 23:59:59'
+            Signature: a13032767aa0a7cf1bc7a580da80f4d20642b0b4b8160fc23d16d38d05fb4f65e792f2e47e29b3c720e247248144275fb0b63e8cfde47b3e15019edb71e9c59f88f2455bbf111dae971157ac862767d607307491183199c65837c588ca898d4019d0b5cc09c34c73ed5500f4158a5522b7f53d4e334d6af3d69915f55b688f5d8956d7048b19a7cf20c571e79df0e13af35b33796d0bff926814d3e8d984b9228db9b3ef9be929d62a1cca4c1e0c50e5bc8525d5431f0e380a7b46166def3b594ea0f73e2e8bb3f9af2a044ccf888e6b23185047d87fd349ed4a93a9d1a639c4122714c4046b4c6f2eb8cc667ae78ecbee2e477affffcb16f5e4a34a72dc1946
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 57c76f616cbd9aeb18b22862a09d94dc
+            Version: 3
+            TBS:
+                MD5: d3b63256734014c7a7f5e01a335af2ac
+                SHA1: b7c7ae11be35f9788e341a5b868b4b599b1d6763
+                SHA256: 0114225eea0b2816e2fe11ce39f522a5f7a4a0bdd6887016b9671308b6260937
+                SHA384: 38204a5ba53242499ba3fdd8579117d1a666070a872ecba8a05bc00a977b8c3ebfd0edb1148e2546f3f7dcfaf15d04d2
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 57c76f616cbd9aeb18b22862a09d94dc
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: d658b06ec1ce39670b02a2dd83e29d03
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 4e4d97955557f085f4e1fe4cbba82321
+        SHA1: 131a7703dbaf36bcf7034e8690a7046e9eb52d2b
+        SHA256: 8a844a8d993db0ee1159b096aee959e32bb9155edd9167b1e6aad2e4019202dd
+    Company: WiseCleaner.com
+    Copyright: "Copyright \xA9 2015"
+    CreationTimestamp: '2017-06-29 01:22:02'
+    Date: ''
+    Description: WiseUnlo
+    ExportedFunctions: ''
+    FileVersion: 1.0.2.13
+    Filename: ''
+    ImportedFunctions:
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeSetEvent
+    - IoCreateFile
+    - KeInitializeEvent
+    - IoFileObjectType
+    - KeGetCurrentThread
+    - ZwClose
+    - IofCompleteRequest
+    - IoGetRelatedDeviceObject
+    - KeWaitForSingleObject
+    - IoFreeIrp
+    - IoAllocateIrp
+    - IoCreateSymbolicLink
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - DbgPrint
+    - IofCallDriver
+    - ObReferenceObjectByHandle
+    - IoDeleteSymbolicLink
+    - KeGetCurrentIrql
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: WiseUnlo.sys
+    MD5: e626956c883c7ff3aeb0414570135a58
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: WiseUnlo.sys
+    PDBPath: ''
+    Product: WiseUnlo
+    ProductVersion: 1.0.2.13
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 90cb984cab66f2e7b36cce65ed28b399
+        SHA1: 72b29313b8c3e72489d006710e4f341b9dd15f24
+        SHA256: c882845cce4f8b835749bf56874a8a88d627bd1b225cb03363005b84f8e6c00b
+    SHA1: 70bb3b831880e058524735b14f2a0f1a72916a4c
+    SHA256: 786f0ba14567a7e19192645ad4e40bee6df259abf2fbdfda35b6a38f8493d6cc
+    Sections:
+        .text:
+            Entropy: 5.7443087353425
+            Virtual Size: '0x3e3'
+        .rdata:
+            Entropy: 4.688737123929247
+            Virtual Size: '0x192'
+        INIT:
+            Entropy: 4.9204784028642
+            Virtual Size: '0x24a'
+        .rsrc:
+            Entropy: 3.1675738626738394
+            Virtual Size: '0x320'
+        .reloc:
+            Entropy: 3.247255758754881
+            Virtual Size: '0xa8'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited,
+                CN=COMODO RSA Extended Validation Code Signing CA
+            ValidFrom: '2014-12-03 00:00:00'
+            ValidTo: '2029-12-02 23:59:59'
+            Signature: 664eecb716776f11e81b5d6a4ed9f28b6cb15628408bc031c49948233df80ee88097ef6d200b1f13c486fb173415e18e54f7c2b8007315e028d9dabafa8254c2f7ebbfc336d0309fe5a11c94dfef7ce8f62c78a2accf266a15a11531d6313498bd534fc48483a3c4965c3dd8fed6f954ff67936df83e2b6b2ca2087c5648813218b26eac90c1dbe4de398b86e5c7184059a4df9647bab27fb1f8570f858074380e3a58621efe52e3e6ae530986fe8f9bdb5656cc07b089c104f1530b6c6f77ecb21fecf65b4043600f1bab1854b410048ef80ee9cb83b17af2344e6a544ce9832ae9b030251cce628e0eeb85e629feb14ae3f2ae3c91f54ca1bec8170e5cbb424de31a8a92cd3e207edde975b1ea1f745c9e54c29437b261dd0716597f968016e099b5d26eb0c9230615acd123f4338bce75f0c186d3ffe12efa904ffe46f9bbdb4fbbb7fed10d2b04f1d2d195852c8a2eb88556f2c38452a1e933b1eb50c8a1b09fe3c38b3a879ee755d3d36d3417300d68220bd5b9ed733572c3eda737cde343ae45cd34bf28ca8762ed43a4affacb31cb215861465eb6c67aa61e532aa8f85c511f3a5a100f28c0e4748b74c604aaf84b26280a3289db9d2a60716ac3964e16b963bf6195678c4b2ebbb04e83e94d31e58e2722f53c267b4491d3d45af0d37cf438be149a990e8bb15beae48b0f119d7742821c5c3ad4daab882f8d573054
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.12
+            IsCertificateAuthority: true
+            SerialNumber: 6dd472eb02ae0406e3dd843f5fe145e1
+            Version: 3
+            TBS:
+                MD5: e3898a5cae592360ce7bfdf5ff3fb13f
+                SHA1: 217c51b90dbb7f0528e8ba170d227f647fbc995b
+                SHA256: 3a9b4006a9e125b4458344389c86dfb4f6728848b9871654c615a138514d02ec
+                SHA384: fcd8dd15125f14b84fec55838806355ec3787407188bac83c2c0d6c841adf9ac76ee83eccc5c9463f1f88fc5295a31ee
+        -   Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited,
+                CN=COMODO RSA Certification Authority
+            ValidFrom: '2011-04-11 22:06:20'
+            ValidTo: '2021-04-11 22:16:20'
+            Signature: 81980792fe6f325fd9d24bf57dd971e0fdfc169205b4ce67f5cc4bd4c7109854fa521b48582f73bf19d937a0ad33f351052379d9b277648aebbdc3b39db7b1e637d1d2597e41d98fb314ab15774d6cda40245bb207b8582c4b0c2b5351b3df2eb976ac69c9c2ed64377b8d217accdc9fbc172804cc2547242a85cc56e639398775181f46f6910faa46fa4de64754e2322c76eefbcdbd62e1962429064b0cfe344ae9101d74e57a2f954bcc6ebafdd7355f91e45942defb008e08f151512d62258415081911864061d52553232c297738cc58d38c5fbc19b866064c6310dbb2ac306c16bc8bbcd21bc603131546a550f49a9684bb721038db519ad4c55327cbbf28159e086b3d3f4cc00c911cbf19848b3751a0199d8555c55da56479ef10a5ebf4231cda6fe32e7d17b037761f4d8dc102411f363e067bc5b7602d416251dedde4512da7de81f4c3e0e0e9c31680dd9c497d17cfcb556307d66952f4a49d248dbe1bc98099874548cb49c5ed703500267ca70f7532f7ed088ff0bca560a022d5331efbe5022c95a607f4be14de704c8ea97e41dea9d95064866f9424f7abf683955d0d45d18c238c030a13e40eb943030a4367b3107446e46dbd65de4541867072040bbaddba591f571393b00bedb1144169d3090459c7368e7db64b9df120fcd0f18bbd68ca3eb131cf43d066f5a3ddafb1dcc3178cfa3128c73e4927ab6a1b
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: '61185486000000000024'
+            Version: 3
+            TBS:
+                MD5: ad73330abdd8883ba17ac2572100221e
+                SHA1: 3770402ce3d71f9823386167aa35a7c862f409d3
+                SHA256: 04bc415adcb4ef7df32b9dfe199d92a4078cbd132fd5173961211e7f75385491
+                SHA384: a6c44d9022b3fb3e679acfa266bd26c0bf6a20bb244ef486c04b55539b10ddaa4894c4e0420dfdd025850c5094bb23d1
+        -   Subject: serialNumber=91110101593898951F, ??=CN, ??=Private Organization,
+                C=CN, postalCode=100028, ST=Beijing Shi, L=Beijing, ??=Chaoyang District,
+                ??=Room 1610, Haocheng Building, No.9 Building, No.6 Courtyard, Zuojiazhuang
+                Middle Street, O=Lespeed Technology Co., Ltd, CN=Lespeed Technology
+                Co., Ltd
+            ValidFrom: '2020-07-09 00:00:00'
+            ValidTo: '2023-07-09 23:59:59'
+            Signature: 0813de16aad5aae2206ec189ee90af05a8a8b9d096e6812c419f8a6320ea5936e3089eb2abf2022a5e946464d9a3cb09d0b041ce8dd90c37d791f5e3fdafa755ad2fd7fbd7da760fa4bbaeba655509ad015c5f37df20229360fb596ebb7a91b644f7a86ef28c4f8d16debe8666f4d6ebefd7d4a4d5d8c3b96d36c54ebc0386ae680dd469dc252893eca2fba6929f4e589974cf6cb1d33fa8270b67d606dc4118ee320a1cb2894a7ea655dbf42f9ef9c2e204a736a62e326ef85afad054c8f38506b050580120383f3136b33f8f6160bddabbe9cdc3c9d130d2915a5987951d7237bb2480172bb326256efa866a88f4e4432b844a69892ea38c560dde939f18d7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 2e4a279bde2eb688e8ab30f5904fa875
+            Version: 3
+            TBS:
+                MD5: 99de6e0504f17e876cb9d36fc42080c4
+                SHA1: dd527101c981e893497468a612193e679a2a53d6
+                SHA256: d17e9d0bab1868e8d3e98517951899c58c639fd37ce9be228caf626ee91a1e5f
+                SHA384: 568e480cd4b6cbca50151d31b6f8d9c0978e0c3be7d74740a5b2d17d992157c94bdf44d552437f9390853605cf5682a2
+        Signer:
+        -   SerialNumber: 2e4a279bde2eb688e8ab30f5904fa875
+            Issuer: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO
+                RSA Extended Validation Code Signing CA
+            Version: 1
+    Imphash: 7bc998aaa9fe4b4fd5e133554f42d913
+    LoadsDespiteHVCI: 'TRUE'
+-   Authentihash:
+        MD5: 6d1e6e5682f9a5e8a64dc8d2ec6ddfac
+        SHA1: 49fb554b77c8d533e4a1ff30bbc60ef7f80b7055
+        SHA256: c36ace67f4e25f391e8709776348397e4fd3930e641b32c1b0da398e59199ca7
+    Company: WiseCleaner.com
+    Copyright: "Copyright \xA9 2015"
+    CreationTimestamp: '2017-06-29 01:21:54'
+    Date: ''
+    Description: WiseUnlo
+    ExportedFunctions: ''
+    FileVersion: 1.0.2.13
+    Filename: ''
+    ImportedFunctions:
+    - IoDeleteSymbolicLink
+    - IoGetRelatedDeviceObject
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeSetEvent
+    - IoCreateFile
+    - KeInitializeEvent
+    - IoFileObjectType
+    - ZwClose
+    - IofCompleteRequest
+    - ObReferenceObjectByHandle
+    - KeWaitForSingleObject
+    - IoFreeIrp
+    - IoAllocateIrp
+    - IoCreateSymbolicLink
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - DbgPrint
+    - IofCallDriver
+    Imports:
+    - ntoskrnl.exe
+    InternalName: WiseUnlo.sys
+    MD5: 9e0af1fe4d6dd2ca4721810ed1c930d6
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: WiseUnlo.sys
+    PDBPath: ''
+    Product: WiseUnlo
+    ProductVersion: 1.0.2.13
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 8d3c5247eb754073fa6215b4e6b75923
+        SHA1: 2810d5abd81048f341ced0b06c0d974c39795cce
+        SHA256: 379e3e6bf0f81d613c578c7131d36935edbf8d462638cdd4a1dc6787444af023
+    SHA1: 5b4619596c89ed17ccbe92fd5c0a823033f2f1e1
+    SHA256: 48b1344e45e4de4dfb74ef918af5e0e403001c9061018e703261bbd72dc30548
+    Sections:
+        .text:
+            Entropy: 5.471623893145366
+            Virtual Size: '0x502'
+        .rdata:
+            Entropy: 4.507897741341232
+            Virtual Size: '0x254'
+        .pdata:
+            Entropy: 3.110203256200424
+            Virtual Size: '0x60'
+        INIT:
+            Entropy: 4.490500601139112
+            Virtual Size: '0x248'
+        .rsrc:
+            Entropy: 3.1666302532961352
+            Virtual Size: '0x320'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: ??=Private Organization, ??=CN, ??=Beijing, serialNumber=91110101593898951F,
+                ??=Chaoyang District, ??=103, Unit C, Building 8, Yard 6, Zuojiazhuang
+                Street, postalCode=100028, C=CN, ST=Beijing, L=Beijing, O=Beijing
+                Lang Xingda Network Technology Co., Ltd, CN=Beijing Lang Xingda Network
+                Technology Co., Ltd
+            ValidFrom: '2017-06-16 00:00:00'
+            ValidTo: '2019-12-31 12:00:00'
+            Signature: 036aa0d600d0e810dc9b7b5b6cb97acc0b21792e351c21236bd4f67a88c232ecde9e6fcd99c2933c5d4f24cb8ad45e6e39547a8a9df084ac43a89cb017cccda9430d89b932c5a8c8c3d1e7ebf997408739bd63d23d52b24bbd72bf3a4ad05363bb5515795ffc9d6328309273587abe0d5c4b60edb85e8ce73ba5caa6b0a1bf597e9691910cc996344537234eee6c64af497f1b29c4432e38d978d7f45822ef88ecd5462752beb2619ba4cbf88eb4be5b8ac2ba19eed2265ee342980ad7fb4f9767487867ce1d6f7f6d6ad0ce642879781ee23ef8e932fae775e511c2e4f07c5e60cf9d8362362cba51c61ff59f352cf8368c000ee3aa8c7a57dc7f3c7dd5a10a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0b847f536116fd6d5a31dbf8f6ad8aa1
+            Version: 3
+            TBS:
+                MD5: c4a1cd15e009d0791fdb4d9e3612c0b7
+                SHA1: 64d8e05d4deddf634440d1e326aacfb4e06c9a0b
+                SHA256: d34c5ac9e993a225771de09bbcf963e629669168ca2f57c2a0d0b91f0bb511c2
+                SHA384: 3c7a8b0403105f6477cc493bb0abaff14ffc72a961a1404b7a3040e4e94aeec4bf4f42fcfa867b3cf8c14c9b0c2ebcb7
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA
+            ValidFrom: '2012-04-18 12:00:00'
+            ValidTo: '2027-04-18 12:00:00'
+            Signature: 9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0dd0e3374ac95bdbfa6b434b2a48ec06
+            Version: 3
+            TBS:
+                MD5: f92649915476229b093c211c2b18e6c4
+                SHA1: 2d54c16a8f8b69ccdea48d0603c132f547a5cf75
+                SHA256: 2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
+                SHA384: 511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 0b847f536116fd6d5a31dbf8f6ad8aa1
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA
+            Version: 1
+    Imphash: d5bc15465b63888cc8b98ecc63a81517
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 4e4d97955557f085f4e1fe4cbba82321
+        SHA1: 131a7703dbaf36bcf7034e8690a7046e9eb52d2b
+        SHA256: 8a844a8d993db0ee1159b096aee959e32bb9155edd9167b1e6aad2e4019202dd
+    Company: WiseCleaner.com
+    Copyright: "Copyright \xA9 2015"
+    CreationTimestamp: '2017-06-29 01:22:02'
+    Date: ''
+    Description: WiseUnlo
+    ExportedFunctions: ''
+    FileVersion: 1.0.2.13
+    Filename: ''
+    ImportedFunctions:
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeSetEvent
+    - IoCreateFile
+    - KeInitializeEvent
+    - IoFileObjectType
+    - KeGetCurrentThread
+    - ZwClose
+    - IofCompleteRequest
+    - IoGetRelatedDeviceObject
+    - KeWaitForSingleObject
+    - IoFreeIrp
+    - IoAllocateIrp
+    - IoCreateSymbolicLink
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - DbgPrint
+    - IofCallDriver
+    - ObReferenceObjectByHandle
+    - IoDeleteSymbolicLink
+    - KeGetCurrentIrql
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: WiseUnlo.sys
+    MD5: da8437200af5f3f790e301b9958993d2
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: WiseUnlo.sys
+    PDBPath: ''
+    Product: WiseUnlo
+    ProductVersion: 1.0.2.13
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 90cb984cab66f2e7b36cce65ed28b399
+        SHA1: 72b29313b8c3e72489d006710e4f341b9dd15f24
+        SHA256: c882845cce4f8b835749bf56874a8a88d627bd1b225cb03363005b84f8e6c00b
+    SHA1: ce31292b05c0ae1dc639a6ee95bb3bc7350f2aaf
+    SHA256: 87aae726bf7104aac8c8f566ea98f2b51a2bfb6097b6fc8aa1f70adeb4681e1b
+    Sections:
+        .text:
+            Entropy: 5.7443087353425
+            Virtual Size: '0x3e3'
+        .rdata:
+            Entropy: 4.688737123929247
+            Virtual Size: '0x192'
+        INIT:
+            Entropy: 4.9204784028642
+            Virtual Size: '0x24a'
+        .rsrc:
+            Entropy: 3.1675738626738394
+            Virtual Size: '0x320'
+        .reloc:
+            Entropy: 3.247255758754881
+            Virtual Size: '0xa8'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: ??=Private Organization, ??=CN, ??=Beijing, serialNumber=91110101593898951F,
+                ??=Chaoyang District, ??=103, Unit C, Building 8, Yard 6, Zuojiazhuang
+                Street, postalCode=100028, C=CN, ST=Beijing, L=Beijing, O=Beijing
+                Lang Xingda Network Technology Co., Ltd, CN=Beijing Lang Xingda Network
+                Technology Co., Ltd
+            ValidFrom: '2017-06-16 00:00:00'
+            ValidTo: '2019-12-31 12:00:00'
+            Signature: 036aa0d600d0e810dc9b7b5b6cb97acc0b21792e351c21236bd4f67a88c232ecde9e6fcd99c2933c5d4f24cb8ad45e6e39547a8a9df084ac43a89cb017cccda9430d89b932c5a8c8c3d1e7ebf997408739bd63d23d52b24bbd72bf3a4ad05363bb5515795ffc9d6328309273587abe0d5c4b60edb85e8ce73ba5caa6b0a1bf597e9691910cc996344537234eee6c64af497f1b29c4432e38d978d7f45822ef88ecd5462752beb2619ba4cbf88eb4be5b8ac2ba19eed2265ee342980ad7fb4f9767487867ce1d6f7f6d6ad0ce642879781ee23ef8e932fae775e511c2e4f07c5e60cf9d8362362cba51c61ff59f352cf8368c000ee3aa8c7a57dc7f3c7dd5a10a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0b847f536116fd6d5a31dbf8f6ad8aa1
+            Version: 3
+            TBS:
+                MD5: c4a1cd15e009d0791fdb4d9e3612c0b7
+                SHA1: 64d8e05d4deddf634440d1e326aacfb4e06c9a0b
+                SHA256: d34c5ac9e993a225771de09bbcf963e629669168ca2f57c2a0d0b91f0bb511c2
+                SHA384: 3c7a8b0403105f6477cc493bb0abaff14ffc72a961a1404b7a3040e4e94aeec4bf4f42fcfa867b3cf8c14c9b0c2ebcb7
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA
+            ValidFrom: '2012-04-18 12:00:00'
+            ValidTo: '2027-04-18 12:00:00'
+            Signature: 9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0dd0e3374ac95bdbfa6b434b2a48ec06
+            Version: 3
+            TBS:
+                MD5: f92649915476229b093c211c2b18e6c4
+                SHA1: 2d54c16a8f8b69ccdea48d0603c132f547a5cf75
+                SHA256: 2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
+                SHA384: 511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 0b847f536116fd6d5a31dbf8f6ad8aa1
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA
+            Version: 1
+    Imphash: 7bc998aaa9fe4b4fd5e133554f42d913
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 42d1a185325fed53f39a49a1cbf5ef51
+        SHA1: 0d258e0459c2a6754b7dfb69e12a2c44805ca8d8
+        SHA256: 36861bb32abd5ba7955aa69269d27772f75d0306485d10ed045125816422c423
+    Company: WiseCleaner.com
+    Copyright: "Copyright \xA9 2015"
+    CreationTimestamp: '2015-05-11 01:36:54'
+    Date: ''
+    Description: WiseUnlo
+    ExportedFunctions: ''
+    FileVersion: 1.0.1.12
+    Filename: ''
+    ImportedFunctions:
+    - RtlInitUnicodeString
+    - DbgPrint
+    - IoCreateFile
+    - IoFreeIrp
+    - KeSetEvent
+    - KeWaitForSingleObject
+    - IofCallDriver
+    - KeGetCurrentThread
+    - KeInitializeEvent
+    - IoDeleteSymbolicLink
+    - IoAllocateIrp
+    - IoGetRelatedDeviceObject
+    - ObReferenceObjectByHandle
+    - IoFileObjectType
+    - RtlAssert
+    - ZwClose
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - ObfDereferenceObject
+    - IoDeleteDevice
+    - KeGetCurrentIrql
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: WiseUnlo.sys
+    MD5: 4cee9945f9a3e8f2433f5aa8c58671fb
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: WiseUnlo.sys
+    PDBPath: ''
+    Product: WiseUnlo
+    ProductVersion: 1.0.1.12
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 2c93997fbfc6e8e1338e69bb9a988272
+        SHA1: a82c319dbe3b4991d04277b3bc2cc9d5b20b309c
+        SHA256: 0db9aad853aaf211e35030b5677df8f10a23c541537125b49ac8efd782819665
+    SHA1: b314742af197a786218c6dd704b438469445eefa
+    SHA256: 5e27fe26110d2b9f6c2bad407d3d0611356576b531564f75ff96f9f72d5fcae4
+    Sections:
+        .text:
+            Entropy: 5.577756892676977
+            Virtual Size: '0x6b0'
+        .rdata:
+            Entropy: 4.698324833419782
+            Virtual Size: '0xe2'
+        .data:
+            Entropy: 4.959006844370525
+            Virtual Size: '0x1b8'
+        INIT:
+            Entropy: 4.93069584449041
+            Virtual Size: '0x25a'
+        .rsrc:
+            Entropy: 3.1580602223961773
+            Virtual Size: '0x320'
+        .reloc:
+            Entropy: 4.610492951694966
+            Virtual Size: '0xbc'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=CN, ST=BeiJing, L=BeiJing, O=Lespeed Technology Ltd., CN=Lespeed
+                Technology Ltd.
+            ValidFrom: '2015-05-07 00:00:00'
+            ValidTo: '2017-05-14 23:59:59'
+            Signature: a13032767aa0a7cf1bc7a580da80f4d20642b0b4b8160fc23d16d38d05fb4f65e792f2e47e29b3c720e247248144275fb0b63e8cfde47b3e15019edb71e9c59f88f2455bbf111dae971157ac862767d607307491183199c65837c588ca898d4019d0b5cc09c34c73ed5500f4158a5522b7f53d4e334d6af3d69915f55b688f5d8956d7048b19a7cf20c571e79df0e13af35b33796d0bff926814d3e8d984b9228db9b3ef9be929d62a1cca4c1e0c50e5bc8525d5431f0e380a7b46166def3b594ea0f73e2e8bb3f9af2a044ccf888e6b23185047d87fd349ed4a93a9d1a639c4122714c4046b4c6f2eb8cc667ae78ecbee2e477affffcb16f5e4a34a72dc1946
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 57c76f616cbd9aeb18b22862a09d94dc
+            Version: 3
+            TBS:
+                MD5: d3b63256734014c7a7f5e01a335af2ac
+                SHA1: b7c7ae11be35f9788e341a5b868b4b599b1d6763
+                SHA256: 0114225eea0b2816e2fe11ce39f522a5f7a4a0bdd6887016b9671308b6260937
+                SHA384: 38204a5ba53242499ba3fdd8579117d1a666070a872ecba8a05bc00a977b8c3ebfd0edb1148e2546f3f7dcfaf15d04d2
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 57c76f616cbd9aeb18b22862a09d94dc
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 05fbe4619edf747787879d9323951439
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 6d1e6e5682f9a5e8a64dc8d2ec6ddfac
+        SHA1: 49fb554b77c8d533e4a1ff30bbc60ef7f80b7055
+        SHA256: c36ace67f4e25f391e8709776348397e4fd3930e641b32c1b0da398e59199ca7
+    Company: WiseCleaner.com
+    Copyright: "Copyright \xA9 2015"
+    CreationTimestamp: '2017-06-29 01:21:54'
+    Date: ''
+    Description: WiseUnlo
+    ExportedFunctions: ''
+    FileVersion: 1.0.2.13
+    Filename: ''
+    ImportedFunctions:
+    - IoDeleteSymbolicLink
+    - IoGetRelatedDeviceObject
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeSetEvent
+    - IoCreateFile
+    - KeInitializeEvent
+    - IoFileObjectType
+    - ZwClose
+    - IofCompleteRequest
+    - ObReferenceObjectByHandle
+    - KeWaitForSingleObject
+    - IoFreeIrp
+    - IoAllocateIrp
+    - IoCreateSymbolicLink
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - DbgPrint
+    - IofCallDriver
+    Imports:
+    - ntoskrnl.exe
+    InternalName: WiseUnlo.sys
+    MD5: 1762105b28eb90d19e9ab3acde16ead6
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: WiseUnlo.sys
+    PDBPath: ''
+    Product: WiseUnlo
+    ProductVersion: 1.0.2.13
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 8d3c5247eb754073fa6215b4e6b75923
+        SHA1: 2810d5abd81048f341ced0b06c0d974c39795cce
+        SHA256: 379e3e6bf0f81d613c578c7131d36935edbf8d462638cdd4a1dc6787444af023
+    SHA1: 20cf02c95e329cf2fd4563cddcbd434aad81ccb4
+    SHA256: daf549a7080d384ba99d1b5bd2383dbb1aa640f7ea3a216df1f08981508155f5
+    Sections:
+        .text:
+            Entropy: 5.471623893145366
+            Virtual Size: '0x502'
+        .rdata:
+            Entropy: 4.507897741341232
+            Virtual Size: '0x254'
+        .pdata:
+            Entropy: 3.110203256200424
+            Virtual Size: '0x60'
+        INIT:
+            Entropy: 4.490500601139112
+            Virtual Size: '0x248'
+        .rsrc:
+            Entropy: 3.1666302532961352
+            Virtual Size: '0x320'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited,
+                CN=COMODO RSA Extended Validation Code Signing CA
+            ValidFrom: '2014-12-03 00:00:00'
+            ValidTo: '2029-12-02 23:59:59'
+            Signature: 664eecb716776f11e81b5d6a4ed9f28b6cb15628408bc031c49948233df80ee88097ef6d200b1f13c486fb173415e18e54f7c2b8007315e028d9dabafa8254c2f7ebbfc336d0309fe5a11c94dfef7ce8f62c78a2accf266a15a11531d6313498bd534fc48483a3c4965c3dd8fed6f954ff67936df83e2b6b2ca2087c5648813218b26eac90c1dbe4de398b86e5c7184059a4df9647bab27fb1f8570f858074380e3a58621efe52e3e6ae530986fe8f9bdb5656cc07b089c104f1530b6c6f77ecb21fecf65b4043600f1bab1854b410048ef80ee9cb83b17af2344e6a544ce9832ae9b030251cce628e0eeb85e629feb14ae3f2ae3c91f54ca1bec8170e5cbb424de31a8a92cd3e207edde975b1ea1f745c9e54c29437b261dd0716597f968016e099b5d26eb0c9230615acd123f4338bce75f0c186d3ffe12efa904ffe46f9bbdb4fbbb7fed10d2b04f1d2d195852c8a2eb88556f2c38452a1e933b1eb50c8a1b09fe3c38b3a879ee755d3d36d3417300d68220bd5b9ed733572c3eda737cde343ae45cd34bf28ca8762ed43a4affacb31cb215861465eb6c67aa61e532aa8f85c511f3a5a100f28c0e4748b74c604aaf84b26280a3289db9d2a60716ac3964e16b963bf6195678c4b2ebbb04e83e94d31e58e2722f53c267b4491d3d45af0d37cf438be149a990e8bb15beae48b0f119d7742821c5c3ad4daab882f8d573054
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.12
+            IsCertificateAuthority: true
+            SerialNumber: 6dd472eb02ae0406e3dd843f5fe145e1
+            Version: 3
+            TBS:
+                MD5: e3898a5cae592360ce7bfdf5ff3fb13f
+                SHA1: 217c51b90dbb7f0528e8ba170d227f647fbc995b
+                SHA256: 3a9b4006a9e125b4458344389c86dfb4f6728848b9871654c615a138514d02ec
+                SHA384: fcd8dd15125f14b84fec55838806355ec3787407188bac83c2c0d6c841adf9ac76ee83eccc5c9463f1f88fc5295a31ee
+        -   Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited,
+                CN=COMODO RSA Certification Authority
+            ValidFrom: '2011-04-11 22:06:20'
+            ValidTo: '2021-04-11 22:16:20'
+            Signature: 81980792fe6f325fd9d24bf57dd971e0fdfc169205b4ce67f5cc4bd4c7109854fa521b48582f73bf19d937a0ad33f351052379d9b277648aebbdc3b39db7b1e637d1d2597e41d98fb314ab15774d6cda40245bb207b8582c4b0c2b5351b3df2eb976ac69c9c2ed64377b8d217accdc9fbc172804cc2547242a85cc56e639398775181f46f6910faa46fa4de64754e2322c76eefbcdbd62e1962429064b0cfe344ae9101d74e57a2f954bcc6ebafdd7355f91e45942defb008e08f151512d62258415081911864061d52553232c297738cc58d38c5fbc19b866064c6310dbb2ac306c16bc8bbcd21bc603131546a550f49a9684bb721038db519ad4c55327cbbf28159e086b3d3f4cc00c911cbf19848b3751a0199d8555c55da56479ef10a5ebf4231cda6fe32e7d17b037761f4d8dc102411f363e067bc5b7602d416251dedde4512da7de81f4c3e0e0e9c31680dd9c497d17cfcb556307d66952f4a49d248dbe1bc98099874548cb49c5ed703500267ca70f7532f7ed088ff0bca560a022d5331efbe5022c95a607f4be14de704c8ea97e41dea9d95064866f9424f7abf683955d0d45d18c238c030a13e40eb943030a4367b3107446e46dbd65de4541867072040bbaddba591f571393b00bedb1144169d3090459c7368e7db64b9df120fcd0f18bbd68ca3eb131cf43d066f5a3ddafb1dcc3178cfa3128c73e4927ab6a1b
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: '61185486000000000024'
+            Version: 3
+            TBS:
+                MD5: ad73330abdd8883ba17ac2572100221e
+                SHA1: 3770402ce3d71f9823386167aa35a7c862f409d3
+                SHA256: 04bc415adcb4ef7df32b9dfe199d92a4078cbd132fd5173961211e7f75385491
+                SHA384: a6c44d9022b3fb3e679acfa266bd26c0bf6a20bb244ef486c04b55539b10ddaa4894c4e0420dfdd025850c5094bb23d1
+        -   Subject: serialNumber=91110101593898951F, ??=CN, ??=Private Organization,
+                C=CN, postalCode=100028, ST=Beijing Shi, L=Beijing, ??=Chaoyang District,
+                ??=Room 1610, Haocheng Building, No.9 Building, No.6 Courtyard, Zuojiazhuang
+                Middle Street, O=Lespeed Technology Co., Ltd, CN=Lespeed Technology
+                Co., Ltd
+            ValidFrom: '2020-07-09 00:00:00'
+            ValidTo: '2023-07-09 23:59:59'
+            Signature: 0813de16aad5aae2206ec189ee90af05a8a8b9d096e6812c419f8a6320ea5936e3089eb2abf2022a5e946464d9a3cb09d0b041ce8dd90c37d791f5e3fdafa755ad2fd7fbd7da760fa4bbaeba655509ad015c5f37df20229360fb596ebb7a91b644f7a86ef28c4f8d16debe8666f4d6ebefd7d4a4d5d8c3b96d36c54ebc0386ae680dd469dc252893eca2fba6929f4e589974cf6cb1d33fa8270b67d606dc4118ee320a1cb2894a7ea655dbf42f9ef9c2e204a736a62e326ef85afad054c8f38506b050580120383f3136b33f8f6160bddabbe9cdc3c9d130d2915a5987951d7237bb2480172bb326256efa866a88f4e4432b844a69892ea38c560dde939f18d7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 2e4a279bde2eb688e8ab30f5904fa875
+            Version: 3
+            TBS:
+                MD5: 99de6e0504f17e876cb9d36fc42080c4
+                SHA1: dd527101c981e893497468a612193e679a2a53d6
+                SHA256: d17e9d0bab1868e8d3e98517951899c58c639fd37ce9be228caf626ee91a1e5f
+                SHA384: 568e480cd4b6cbca50151d31b6f8d9c0978e0c3be7d74740a5b2d17d992157c94bdf44d552437f9390853605cf5682a2
+        Signer:
+        -   SerialNumber: 2e4a279bde2eb688e8ab30f5904fa875
+            Issuer: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO
+                RSA Extended Validation Code Signing CA
+            Version: 1
+    Imphash: d5bc15465b63888cc8b98ecc63a81517
+    LoadsDespiteHVCI: 'TRUE'
+-   Authentihash:
+        MD5: 6d1e6e5682f9a5e8a64dc8d2ec6ddfac
+        SHA1: 49fb554b77c8d533e4a1ff30bbc60ef7f80b7055
+        SHA256: c36ace67f4e25f391e8709776348397e4fd3930e641b32c1b0da398e59199ca7
+    Company: WiseCleaner.com
+    Copyright: "Copyright \xA9 2015"
+    CreationTimestamp: '2017-06-29 01:21:54'
+    Date: ''
+    Description: WiseUnlo
+    ExportedFunctions: ''
+    FileVersion: 1.0.2.13
+    Filename: WiseUnlo.sys
+    ImportedFunctions:
+    - IoDeleteSymbolicLink
+    - IoGetRelatedDeviceObject
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeSetEvent
+    - IoCreateFile
+    - KeInitializeEvent
+    - IoFileObjectType
+    - ZwClose
+    - IofCompleteRequest
+    - ObReferenceObjectByHandle
+    - KeWaitForSingleObject
+    - IoFreeIrp
+    - IoAllocateIrp
+    - IoCreateSymbolicLink
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - DbgPrint
+    - IofCallDriver
+    Imports:
+    - ntoskrnl.exe
+    InternalName: WiseUnlo.sys
+    MD5: 356bda2bf0f6899a2c08b2da3ec69f13
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: WiseUnlo.sys
+    Product: WiseUnlo
+    ProductVersion: 1.0.2.13
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 8d3c5247eb754073fa6215b4e6b75923
+        SHA1: 2810d5abd81048f341ced0b06c0d974c39795cce
+        SHA256: 379e3e6bf0f81d613c578c7131d36935edbf8d462638cdd4a1dc6787444af023
+    SHA1: b9807b8840327c6d7fbdde45fc27de921f1f1a82
+    SHA256: 358ac54be252673841a1d65bfc2fb6d549c1a4c877fa7f5e1bfa188f30375d69
+    Sections:
+        .text:
+            Entropy: 5.471623893145366
+            Virtual Size: '0x502'
+        .rdata:
+            Entropy: 4.507897741341232
+            Virtual Size: '0x254'
+        .pdata:
+            Entropy: 3.110203256200424
+            Virtual Size: '0x60'
+        INIT:
+            Entropy: 4.490500601139112
+            Virtual Size: '0x248'
+        .rsrc:
+            Entropy: 3.1666302532961352
+            Virtual Size: '0x320'
+    Signature:
+    - Lespeed Technology Co., Ltd
+    - COMODO RSA Extended Validation Code Signing CA
+    - Sectigo (formerly Comodo CA)
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited,
+                CN=COMODO RSA Extended Validation Code Signing CA
+            ValidFrom: '2014-12-03 00:00:00'
+            ValidTo: '2029-12-02 23:59:59'
+            Signature: 664eecb716776f11e81b5d6a4ed9f28b6cb15628408bc031c49948233df80ee88097ef6d200b1f13c486fb173415e18e54f7c2b8007315e028d9dabafa8254c2f7ebbfc336d0309fe5a11c94dfef7ce8f62c78a2accf266a15a11531d6313498bd534fc48483a3c4965c3dd8fed6f954ff67936df83e2b6b2ca2087c5648813218b26eac90c1dbe4de398b86e5c7184059a4df9647bab27fb1f8570f858074380e3a58621efe52e3e6ae530986fe8f9bdb5656cc07b089c104f1530b6c6f77ecb21fecf65b4043600f1bab1854b410048ef80ee9cb83b17af2344e6a544ce9832ae9b030251cce628e0eeb85e629feb14ae3f2ae3c91f54ca1bec8170e5cbb424de31a8a92cd3e207edde975b1ea1f745c9e54c29437b261dd0716597f968016e099b5d26eb0c9230615acd123f4338bce75f0c186d3ffe12efa904ffe46f9bbdb4fbbb7fed10d2b04f1d2d195852c8a2eb88556f2c38452a1e933b1eb50c8a1b09fe3c38b3a879ee755d3d36d3417300d68220bd5b9ed733572c3eda737cde343ae45cd34bf28ca8762ed43a4affacb31cb215861465eb6c67aa61e532aa8f85c511f3a5a100f28c0e4748b74c604aaf84b26280a3289db9d2a60716ac3964e16b963bf6195678c4b2ebbb04e83e94d31e58e2722f53c267b4491d3d45af0d37cf438be149a990e8bb15beae48b0f119d7742821c5c3ad4daab882f8d573054
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.12
+            IsCertificateAuthority: true
+            SerialNumber: 6dd472eb02ae0406e3dd843f5fe145e1
+            Version: 3
+            TBS:
+                MD5: e3898a5cae592360ce7bfdf5ff3fb13f
+                SHA1: 217c51b90dbb7f0528e8ba170d227f647fbc995b
+                SHA256: 3a9b4006a9e125b4458344389c86dfb4f6728848b9871654c615a138514d02ec
+                SHA384: fcd8dd15125f14b84fec55838806355ec3787407188bac83c2c0d6c841adf9ac76ee83eccc5c9463f1f88fc5295a31ee
+        -   Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited,
+                CN=COMODO RSA Certification Authority
+            ValidFrom: '2011-04-11 22:06:20'
+            ValidTo: '2021-04-11 22:16:20'
+            Signature: 81980792fe6f325fd9d24bf57dd971e0fdfc169205b4ce67f5cc4bd4c7109854fa521b48582f73bf19d937a0ad33f351052379d9b277648aebbdc3b39db7b1e637d1d2597e41d98fb314ab15774d6cda40245bb207b8582c4b0c2b5351b3df2eb976ac69c9c2ed64377b8d217accdc9fbc172804cc2547242a85cc56e639398775181f46f6910faa46fa4de64754e2322c76eefbcdbd62e1962429064b0cfe344ae9101d74e57a2f954bcc6ebafdd7355f91e45942defb008e08f151512d62258415081911864061d52553232c297738cc58d38c5fbc19b866064c6310dbb2ac306c16bc8bbcd21bc603131546a550f49a9684bb721038db519ad4c55327cbbf28159e086b3d3f4cc00c911cbf19848b3751a0199d8555c55da56479ef10a5ebf4231cda6fe32e7d17b037761f4d8dc102411f363e067bc5b7602d416251dedde4512da7de81f4c3e0e0e9c31680dd9c497d17cfcb556307d66952f4a49d248dbe1bc98099874548cb49c5ed703500267ca70f7532f7ed088ff0bca560a022d5331efbe5022c95a607f4be14de704c8ea97e41dea9d95064866f9424f7abf683955d0d45d18c238c030a13e40eb943030a4367b3107446e46dbd65de4541867072040bbaddba591f571393b00bedb1144169d3090459c7368e7db64b9df120fcd0f18bbd68ca3eb131cf43d066f5a3ddafb1dcc3178cfa3128c73e4927ab6a1b
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: '61185486000000000024'
+            Version: 3
+            TBS:
+                MD5: ad73330abdd8883ba17ac2572100221e
+                SHA1: 3770402ce3d71f9823386167aa35a7c862f409d3
+                SHA256: 04bc415adcb4ef7df32b9dfe199d92a4078cbd132fd5173961211e7f75385491
+                SHA384: a6c44d9022b3fb3e679acfa266bd26c0bf6a20bb244ef486c04b55539b10ddaa4894c4e0420dfdd025850c5094bb23d1
+        -   Subject: serialNumber=91110101593898951F, ??=CN, ??=Private Organization,
+                C=CN, postalCode=100028, ST=Beijing Shi, L=Beijing, ??=Chaoyang District,
+                ??=Room 1610, Haocheng Building, No.9 Building, No.6 Courtyard, Zuojiazhuang
+                Middle Street, O=Lespeed Technology Co., Ltd, CN=Lespeed Technology
+                Co., Ltd
+            ValidFrom: '2020-07-09 00:00:00'
+            ValidTo: '2023-07-09 23:59:59'
+            Signature: 0813de16aad5aae2206ec189ee90af05a8a8b9d096e6812c419f8a6320ea5936e3089eb2abf2022a5e946464d9a3cb09d0b041ce8dd90c37d791f5e3fdafa755ad2fd7fbd7da760fa4bbaeba655509ad015c5f37df20229360fb596ebb7a91b644f7a86ef28c4f8d16debe8666f4d6ebefd7d4a4d5d8c3b96d36c54ebc0386ae680dd469dc252893eca2fba6929f4e589974cf6cb1d33fa8270b67d606dc4118ee320a1cb2894a7ea655dbf42f9ef9c2e204a736a62e326ef85afad054c8f38506b050580120383f3136b33f8f6160bddabbe9cdc3c9d130d2915a5987951d7237bb2480172bb326256efa866a88f4e4432b844a69892ea38c560dde939f18d7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 2e4a279bde2eb688e8ab30f5904fa875
+            Version: 3
+            TBS:
+                MD5: 99de6e0504f17e876cb9d36fc42080c4
+                SHA1: dd527101c981e893497468a612193e679a2a53d6
+                SHA256: d17e9d0bab1868e8d3e98517951899c58c639fd37ce9be228caf626ee91a1e5f
+                SHA384: 568e480cd4b6cbca50151d31b6f8d9c0978e0c3be7d74740a5b2d17d992157c94bdf44d552437f9390853605cf5682a2
+        Signer:
+        -   SerialNumber: 2e4a279bde2eb688e8ab30f5904fa875
+            Issuer: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO
+                RSA Extended Validation Code Signing CA
+            Version: 1
+    Imphash: d5bc15465b63888cc8b98ecc63a81517
+    LoadsDespiteHVCI: 'TRUE'
diff --git a/yaml/b32d8d7d-0dc2-4d09-a306-8efc4caf1839.yaml b/yaml/b32d8d7d-0dc2-4d09-a306-8efc4caf1839.yaml
index ff4e2d688..7417cd57c 100644
--- a/yaml/b32d8d7d-0dc2-4d09-a306-8efc4caf1839.yaml
+++ b/yaml/b32d8d7d-0dc2-4d09-a306-8efc4caf1839.yaml
@@ -1,224 +1,225 @@
 Id: b32d8d7d-0dc2-4d09-a306-8efc4caf1839
+Tags:
+- 4118b86e490aed091b1a219dba45f332.sys
+Verified: 'TRUE'
 Author: Alice Climent-Pommeret
 Created: '2023-07-31'
 MitreID: T1014
 Category: malicious
-Verified: 'TRUE'
 Commands:
-  Command: sc.exe create 4118b86e490aed091b1a219dba45f332.sys binPath=C:\windows\temp\4118b86e490aed091b1a219dba45f332.sys
-    type=kernel && sc.exe start 4118b86e490aed091b1a219dba45f332.sys
-  Description: "Cisco Talos has identified multiple versions of an undocumented malicious\
-    \ driver named \u201CRedDriver,\u201D a driver-based browser hijacker that uses\
-    \ the Windows Filtering Platform (WFP) to intercept browser traffic. RedDriver\
-    \ has been active since at least 2021. RedDriver utilizes HookSignTool to forge\
-    \ its signature timestamp to bypass Windows driver-signing policies. Code from\
-    \ multiple open-source tools has been used in the development of RedDriver's infection\
-    \ chain, including HP-Socket and a custom implementation of ReflectiveLoader.\
-    \ The authors of RedDriver appear to be skilled in driver development and have\
-    \ deep knowledge of the Windows operating system. This threat appears to target\
-    \ native Chinese speakers, as it searches for Chinese language browsers to hijack.\
-    \ Additionally, the authors are likely Chinese speakers themselves."
-  Usecase: ''
-  Privileges: kernel
-  OperatingSystem: Windows 10
+    Command: sc.exe create 4118b86e490aed091b1a219dba45f332.sys binPath=C:\windows\temp\4118b86e490aed091b1a219dba45f332.sys
+        type=kernel && sc.exe start 4118b86e490aed091b1a219dba45f332.sys
+    Description: "Cisco Talos has identified multiple versions of an undocumented\
+        \ malicious driver named \u201CRedDriver,\u201D a driver-based browser hijacker\
+        \ that uses the Windows Filtering Platform (WFP) to intercept browser traffic.\
+        \ RedDriver has been active since at least 2021. RedDriver utilizes HookSignTool\
+        \ to forge its signature timestamp to bypass Windows driver-signing policies.\
+        \ Code from multiple open-source tools has been used in the development of\
+        \ RedDriver's infection chain, including HP-Socket and a custom implementation\
+        \ of ReflectiveLoader. The authors of RedDriver appear to be skilled in driver\
+        \ development and have deep knowledge of the Windows operating system. This\
+        \ threat appears to target native Chinese speakers, as it searches for Chinese\
+        \ language browsers to hijack. Additionally, the authors are likely Chinese\
+        \ speakers themselves."
+    Usecase: ''
+    Privileges: kernel
+    OperatingSystem: Windows 10
 Resources:
 - https://blog.talosintelligence.com/undocumented-reddriver/
-Acknowledgement:
-  Person: ''
-  Handle: ''
 Detection: []
+Acknowledgement:
+    Person: ''
+    Handle: ''
 KnownVulnerableSamples:
-- Filename: ''
-  MD5: 4118b86e490aed091b1a219dba45f332
-  SHA1: 2929de0b5b5e1ba1cce1908e9d800aa21f448b3d
-  SHA256: 0181d60506b1f3609217487c2c737621d637e1232f243f68c662d045f44d4873
-  Signature: ''
-  Date: ''
-  Publisher: ''
-  Company: ''
-  Description: ''
-  Product: ''
-  ProductVersion: ''
-  FileVersion: ''
-  MachineType: AMD64
-  OriginalFilename: ''
-  Authentihash:
-    MD5: fba17209a03798252e906344a3af3d8c
-    SHA1: e240bdbf276ae68a63edb05cfd12169ab779f99a
-    SHA256: d5b270ac8ca4f87ba51eafb3b28102875bdbdde0f15520ec0a629d8a898c0b2e
-  RichPEHeaderHash:
-    MD5: ecdd5c0e8a78b145a8e5d9443ff0f2eb
-    SHA1: 3ed3a76d965f1b5e387959ceedc84567a2f7bca4
-    SHA256: 1edc4e310bd57e5c317b972f0bdb9f1f0794009b7039364dd6a879ee5f342754
-  Sections:
-    .text:
-      Entropy: 6.2119592546505995
-      Virtual Size: '0xc1ee'
-    .rdata:
-      Entropy: 5.110403242864534
-      Virtual Size: '0xbac'
-    .data:
-      Entropy: 7.880049291366828
-      Virtual Size: '0xa5490'
-    .pdata:
-      Entropy: 4.5968345164469415
-      Virtual Size: '0x540'
-    PAGE:
-      Entropy: 6.308757256393646
-      Virtual Size: '0x9b5'
-    INIT:
-      Entropy: 5.268683087271941
-      Virtual Size: '0xa96'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2023-07-02 03:04:12'
-  InternalName: ''
-  Copyright: ''
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IoRegisterDriverReinitialization
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeSetEvent
-  - KeInitializeEvent
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - ZwClose
-  - IofCompleteRequest
-  - ObReferenceObjectByHandle
-  - KeWaitForSingleObject
-  - PsThreadType
-  - IoIsWdmVersionAvailable
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - ZwReadFile
-  - IoCreateFile
-  - ZwSetInformationFile
-  - ZwCreateFile
-  - ZwQueryDirectoryFile
-  - ZwDeleteFile
-  - ZwOpenFile
-  - RtlImageNtHeader
-  - ZwQueryInformationFile
-  - ZwWriteFile
-  - ZwSetValueKey
-  - ZwQueryValueKey
-  - _vsnprintf
-  - ZwFlushKey
-  - ZwDeleteKey
-  - ZwOpenKey
-  - _stricmp
-  - ZwCreateKey
-  - PsSetLoadImageNotifyRoutine
-  - PsGetProcessImageFileName
-  - PsLookupProcessByProcessId
-  - MmGetSystemRoutineAddress
-  - RtlGetVersion
-  - FsRtlIsNameInExpression
-  - wcsrchr
-  - PsRemoveLoadImageNotifyRoutine
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - KeUnstackDetachProcess
-  - ObOpenObjectByPointer
-  - KeStackAttachProcess
-  - ZwAllocateVirtualMemory
-  - KeClearEvent
-  - _wcsnicmp
-  - ObCreateObject
-  - IoFileObjectType
-  - IoDriverObjectType
-  - MmMapLockedPagesSpecifyCache
-  - IoGetCurrentProcess
-  - _vsnwprintf
-  - KeQueryTimeIncrement
-  - IoGetDeviceAttachmentBaseRef
-  - IoFreeIrp
-  - IoAllocateIrp
-  - RtlCompareUnicodeString
-  - CmRegisterCallback
-  - PsGetCurrentProcessId
-  - RtlCopyUnicodeString
-  - CmCallbackGetKeyObjectID
-  - ZwEnumerateKey
-  - strstr
-  - KeDelayExecutionThread
-  - ExSystemTimeToLocalTime
-  - RtlTimeToTimeFields
-  - RtlMultiByteToUnicodeN
-  - IoBuildDeviceIoControlRequest
-  - IoGetRelatedDeviceObject
-  - IoFreeMdl
-  - IoCancelIrp
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - IofCallDriver
-  - ZwMapViewOfSection
-  - ExGetPreviousMode
-  - ZwQuerySystemInformation
-  - ZwUnmapViewOfSection
-  - ZwCreateSection
-  - ExFreePool
-  - KeBugCheckEx
-  - __C_specific_handler
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=CN, ST=Beijing, L=Beijing, O=Beijing JoinHope Image Technology Ltd.,
-        CN=Beijing JoinHope Image Technology Ltd.
-      ValidFrom: '2014-05-16 00:00:00'
-      ValidTo: '2015-05-16 23:59:59'
-      Signature: e896f8811ed9938fcbdc8c37f8c029045bb36722791c608d7d59f1d50b9e8923777b3ce973553c8164d7445f038c3720516d74f2f95fd734cd1349c1e6cf17f1c9042f069fb94350f7cd8f36f676fd175742d32adbc5d143423e3bc38bea71f9d021110303529d578ba7aab16d53c61642cf1f7e16964718a083182429d4347a09ea0047d9e53bad112ca5a5a14a180539ceb64000a677709bb70e9e3aea68158977072e7f130f1f99b08c2593b4003523f3f6cd441a7e4d8e88f3a2b871e6a03627dd3dadd97487df1dc5b93119ec65b60d1e4e0248a1978ee7480c08b8b8e54d890e7941aa852cf65d731cf0a6cf66584a0d0fba70d6697ee22a8d859919f4
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0a005d2e2bcd4137168217d8c727747c
-      Version: 3
-      TBS:
-        MD5: 4d213d99215f488050faaa39765656d1
-        SHA1: 0308508b5a3fcd330bbf28931f8e1a9c93c3ee69
-        SHA256: ea947432de238a25fdb7892e436f4ef44f30ab16ae9e1eb914860f4808b25ef2
-        SHA384: 430e932514f35ed55f31f050f33bcc0b9244fd83c6d1d28ee240306e54292e93b5894ef4eb9c09bf84cdc8068c6a7230
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 0a005d2e2bcd4137168217d8c727747c
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: be0dd8b8e045356d600ee55a64d9d197
-  LoadsDespiteHVCI: 'TRUE'
-Tags:
-- 4118b86e490aed091b1a219dba45f332.sys
+-   Filename: ''
+    MD5: 4118b86e490aed091b1a219dba45f332
+    SHA1: 2929de0b5b5e1ba1cce1908e9d800aa21f448b3d
+    SHA256: 0181d60506b1f3609217487c2c737621d637e1232f243f68c662d045f44d4873
+    Signature: ''
+    Date: ''
+    Publisher: ''
+    Company: ''
+    Description: ''
+    Product: ''
+    ProductVersion: ''
+    FileVersion: ''
+    MachineType: AMD64
+    OriginalFilename: ''
+    Authentihash:
+        MD5: fba17209a03798252e906344a3af3d8c
+        SHA1: e240bdbf276ae68a63edb05cfd12169ab779f99a
+        SHA256: d5b270ac8ca4f87ba51eafb3b28102875bdbdde0f15520ec0a629d8a898c0b2e
+    RichPEHeaderHash:
+        MD5: ecdd5c0e8a78b145a8e5d9443ff0f2eb
+        SHA1: 3ed3a76d965f1b5e387959ceedc84567a2f7bca4
+        SHA256: 1edc4e310bd57e5c317b972f0bdb9f1f0794009b7039364dd6a879ee5f342754
+    Sections:
+        .text:
+            Entropy: 6.2119592546505995
+            Virtual Size: '0xc1ee'
+        .rdata:
+            Entropy: 5.110403242864534
+            Virtual Size: '0xbac'
+        .data:
+            Entropy: 7.880049291366828
+            Virtual Size: '0xa5490'
+        .pdata:
+            Entropy: 4.5968345164469415
+            Virtual Size: '0x540'
+        PAGE:
+            Entropy: 6.308757256393646
+            Virtual Size: '0x9b5'
+        INIT:
+            Entropy: 5.268683087271941
+            Virtual Size: '0xa96'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2023-07-02 03:04:12'
+    InternalName: ''
+    Copyright: ''
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - IoRegisterDriverReinitialization
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeSetEvent
+    - KeInitializeEvent
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - ZwClose
+    - IofCompleteRequest
+    - ObReferenceObjectByHandle
+    - KeWaitForSingleObject
+    - PsThreadType
+    - IoIsWdmVersionAvailable
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - ZwReadFile
+    - IoCreateFile
+    - ZwSetInformationFile
+    - ZwCreateFile
+    - ZwQueryDirectoryFile
+    - ZwDeleteFile
+    - ZwOpenFile
+    - RtlImageNtHeader
+    - ZwQueryInformationFile
+    - ZwWriteFile
+    - ZwSetValueKey
+    - ZwQueryValueKey
+    - _vsnprintf
+    - ZwFlushKey
+    - ZwDeleteKey
+    - ZwOpenKey
+    - _stricmp
+    - ZwCreateKey
+    - PsSetLoadImageNotifyRoutine
+    - PsGetProcessImageFileName
+    - PsLookupProcessByProcessId
+    - MmGetSystemRoutineAddress
+    - RtlGetVersion
+    - FsRtlIsNameInExpression
+    - wcsrchr
+    - PsRemoveLoadImageNotifyRoutine
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - KeUnstackDetachProcess
+    - ObOpenObjectByPointer
+    - KeStackAttachProcess
+    - ZwAllocateVirtualMemory
+    - KeClearEvent
+    - _wcsnicmp
+    - ObCreateObject
+    - IoFileObjectType
+    - IoDriverObjectType
+    - MmMapLockedPagesSpecifyCache
+    - IoGetCurrentProcess
+    - _vsnwprintf
+    - KeQueryTimeIncrement
+    - IoGetDeviceAttachmentBaseRef
+    - IoFreeIrp
+    - IoAllocateIrp
+    - RtlCompareUnicodeString
+    - CmRegisterCallback
+    - PsGetCurrentProcessId
+    - RtlCopyUnicodeString
+    - CmCallbackGetKeyObjectID
+    - ZwEnumerateKey
+    - strstr
+    - KeDelayExecutionThread
+    - ExSystemTimeToLocalTime
+    - RtlTimeToTimeFields
+    - RtlMultiByteToUnicodeN
+    - IoBuildDeviceIoControlRequest
+    - IoGetRelatedDeviceObject
+    - IoFreeMdl
+    - IoCancelIrp
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - IofCallDriver
+    - ZwMapViewOfSection
+    - ExGetPreviousMode
+    - ZwQuerySystemInformation
+    - ZwUnmapViewOfSection
+    - ZwCreateSection
+    - ExFreePool
+    - KeBugCheckEx
+    - __C_specific_handler
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=CN, ST=Beijing, L=Beijing, O=Beijing JoinHope Image Technology
+                Ltd., CN=Beijing JoinHope Image Technology Ltd.
+            ValidFrom: '2014-05-16 00:00:00'
+            ValidTo: '2015-05-16 23:59:59'
+            Signature: e896f8811ed9938fcbdc8c37f8c029045bb36722791c608d7d59f1d50b9e8923777b3ce973553c8164d7445f038c3720516d74f2f95fd734cd1349c1e6cf17f1c9042f069fb94350f7cd8f36f676fd175742d32adbc5d143423e3bc38bea71f9d021110303529d578ba7aab16d53c61642cf1f7e16964718a083182429d4347a09ea0047d9e53bad112ca5a5a14a180539ceb64000a677709bb70e9e3aea68158977072e7f130f1f99b08c2593b4003523f3f6cd441a7e4d8e88f3a2b871e6a03627dd3dadd97487df1dc5b93119ec65b60d1e4e0248a1978ee7480c08b8b8e54d890e7941aa852cf65d731cf0a6cf66584a0d0fba70d6697ee22a8d859919f4
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0a005d2e2bcd4137168217d8c727747c
+            Version: 3
+            TBS:
+                MD5: 4d213d99215f488050faaa39765656d1
+                SHA1: 0308508b5a3fcd330bbf28931f8e1a9c93c3ee69
+                SHA256: ea947432de238a25fdb7892e436f4ef44f30ab16ae9e1eb914860f4808b25ef2
+                SHA384: 430e932514f35ed55f31f050f33bcc0b9244fd83c6d1d28ee240306e54292e93b5894ef4eb9c09bf84cdc8068c6a7230
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 0a005d2e2bcd4137168217d8c727747c
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: be0dd8b8e045356d600ee55a64d9d197
+    LoadsDespiteHVCI: 'TRUE'
diff --git a/yaml/b3fd8560-79d3-40b7-b05f-c78044176c8c.yaml b/yaml/b3fd8560-79d3-40b7-b05f-c78044176c8c.yaml
index 91a34154c..ccad19b14 100644
--- a/yaml/b3fd8560-79d3-40b7-b05f-c78044176c8c.yaml
+++ b/yaml/b3fd8560-79d3-40b7-b05f-c78044176c8c.yaml
@@ -1,243 +1,245 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: b3fd8560-79d3-40b7-b05f-c78044176c8c
+Tags:
+- xjokercontroller.sys
+Verified: 'TRUE'
 Author: Michael Haag
+Created: '2023-07-22'
+MitreID: T1068
 CVE:
 - ''
 Category: vulnerable drivers
 Commands:
-  Command: ''
-  Description: Confirmed vulnerable driver from Microsoft Block List
-  OperatingSystem: Windows
-  Privileges: kernel
-  Usecase: Elevate privileges
-Created: '2023-07-22'
-Detection:
-- type: ''
-  value: ''
-Id: b3fd8560-79d3-40b7-b05f-c78044176c8c
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 788a1df0b3fd2dfa3fdfc24e441f9d2c
-    SHA1: 2a40c0a92107d9b3faa9aecdedf5016c1ea564f1
-    SHA256: 25454028a4f56d3c58747811a86be43397a6290d1a053bc30d97b41bf3c58c6f
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2020-04-19 21:19:37'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - NtQuerySystemInformation
-  - RtlInitUnicodeString
-  - ExAllocatePool
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - _wcsicmp
-  - RtlInitString
-  - RtlAnsiStringToUnicodeString
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - ZwClose
-  - MmIsAddressValid
-  - ZwOpenDirectoryObject
-  - ZwQueryDirectoryObject
-  - ObReferenceObjectByName
-  - ZwQuerySystemInformation
-  - __C_specific_handler
-  - MmHighestUserAddress
-  - IoDriverObjectType
-  - KeQueryTimeIncrement
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - PsGetProcessWow64Process
-  - PsGetProcessPeb
-  - MmUnlockPages
-  - MmGetSystemRoutineAddress
-  - MmUnmapLockedPages
-  - IoFreeMdl
-  - ZwTerminateProcess
-  - PsGetProcessImageFileName
-  - ObOpenObjectByPointer
-  - PsReferenceProcessFilePointer
-  - IoQueryFileDosDeviceName
-  - ZwQueryVirtualMemory
-  - MmProbeAndLockPages
-  - PsLookupProcessByProcessId
-  - MmMapLockedPagesSpecifyCache
-  - IoAllocateMdl
-  - IoGetCurrentProcess
-  - MmCopyVirtualMemory
-  - KeClearEvent
-  - KeSetEvent
-  - KeWaitForSingleObject
-  - MmMapLockedPages
-  - ObReferenceObjectByHandle
-  - PsSetCreateProcessNotifyRoutineEx
-  - PsSetCreateThreadNotifyRoutine
-  - PsRemoveCreateThreadNotifyRoutine
-  - PsSetLoadImageNotifyRoutine
-  - PsRemoveLoadImageNotifyRoutine
-  - ExEventObjectType
-  - ObRegisterCallbacks
-  - ObUnRegisterCallbacks
-  - ObGetFilterVersion
-  - IoThreadToProcess
-  - strcmp
-  - PsProcessType
-  - PsThreadType
-  - RtlGetVersion
-  - ObfReferenceObject
-  - ObGetObjectType
-  - ExEnumHandleTable
-  - ExfUnblockPushLock
-  - _snprintf
-  - vsprintf_s
-  - ZwCreateFile
-  - ZwWriteFile
-  - PsLookupThreadByThreadId
-  - NtQueryInformationThread
-  - DbgPrint
-  - KeDelayExecutionThread
-  - KdDisableDebugger
-  - KdChangeOption
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - KdDebuggerEnabled
-  - PsGetVersion
-  - KeInitializeEvent
-  - RtlCopyUnicodeString
-  - ObfDereferenceObject
-  - ExReleaseFastMutex
-  - ExAcquireFastMutex
-  - MmBuildMdlForNonPagedPool
-  - WdfVersionBindClass
-  - WdfVersionBind
-  - WdfVersionUnbind
-  - WdfVersionUnbindClass
-  Imports:
-  - ntoskrnl.exe
-  - WDFLDR.SYS
-  InternalName: ''
-  MD5: 7b2918d0a19ca452d39ec59b7670e880
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: ffdf660eb1ebf020a1d0a55a90712dfb
-    SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
-    SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
-  SHA1: 3edf489c11e25ff9b9b98c7708f3321c3d679603
-  SHA256: 19dba69b48b085d9487cc23a4135f3ef4849c181965bffc55baed9fa6c205429
-  Sections:
-    .text:
-      Entropy: 6.1912018117070735
-      Virtual Size: '0x6c80'
-    .rdata:
-      Entropy: 4.780472480164167
-      Virtual Size: '0x1584'
-    .data:
-      Entropy: 0.805522255156276
-      Virtual Size: '0x15f8'
-    .pdata:
-      Entropy: 7.695557676550278
-      Virtual Size: '0x678'
-    PAGE:
-      Entropy: 5.92926389421831
-      Virtual Size: '0xb0e'
-    INIT:
-      Entropy: 5.364167422952783
-      Virtual Size: '0xe36'
-    .upx0:
-      Entropy: 7.020133249394464
-      Virtual Size: '0x11f974'
-    .reloc:
-      Entropy: 3.8296982621776037
-      Virtual Size: '0xc0'
-    .rsrc:
-      Entropy: 2.892850468812766
-      Virtual Size: '0x22c'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Trusted Root
-        G4
-      ValidFrom: '2022-08-01 00:00:00'
-      ValidTo: '2031-11-09 23:59:59'
-      Signature: 70a0bf435c55e7385fa0a3741b3db616d7f7bf5707bd9aaca1872cec855ea91abb22f8871a695422eda488776dbd1a14f4134a7a2f2db738eff4ff80b9f8a1f7f272de24bc5203c84ed02adefa2d56cff9f4f7ac307a9a8bb25ed4cfd143449b4321eb9672a148b499cb9d4fa7060313772744d4e77fe859a8f0bf2f0ba6e9f2343cecf703c787a8d24c401935466a6954b0b8a1568eeca4d53de8b1dcfd1cd8f4775a5c548c6fefa1503dfc760968849f6fcadb208d35601c0203cb20b0ac58a00e4063c59822c1b259f5556bcf27ab6c76ce6f232df47e716a236b22ff12b8542d277ed83ad9f0b68796fd5bd15cac18c34d9f73b701a99f57aa5e28e2b994
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.12
-      IsCertificateAuthority: true
-      SerialNumber: 0e9b188ef9d02de7efdb50e20840185a
-      Version: 3
-      TBS:
-        MD5: 21a266bd49f2778b24d13d95641ea6ac
-        SHA1: 21319f341fdf06bf6a104427afa8b7823b1ea7f3
-        SHA256: e933dc68ee65abd1f9b1aa6738eff60a6895d3d8cc4accf0c69069aa3decd757
-        SHA384: 11533efd6b326a4e065a936de300fe0586a479f93d569d2403bd62c7ad35f1b2199daee3adb510f429c4fc97b4b024e3
-    - Subject: C=DE, ST=Berlin, L=Berlin, postalCode=48273, ??=Rathas G45, OU=Ownership,
-        O=Sex Shop L45, emailAddress=administration@parsec.net, CN=Sex Shop SRL
-      ValidFrom: '2022-06-03 00:00:01'
-      ValidTo: '2024-07-04 23:59:59'
-      Signature: 48c453934773519fb737a92159f039851b8140cc7ee24eb15465885099600c1d09644dfc7f15dc841a004b59f9e9b57f4ef33f7dceac01ff80f8a9fc9d51fe747addd7d08122fcf10812ebc1df26b7577365cd73d59956bf659c4a5c87477619a04c59987b47e768eb886ef45761fc6a0dc4e211b3da590ef0920c4b51445f7ab6cf95a8085174f4bdf17a5ce13e049f21892d6de70160f9be5efcbc9a8dc07ab20bb77b897157654e591da80e18c0cec859bf60b1570cc228762bdd394d1ef9f81db3bdb3c1cd07f63428db9fd7654f04f170435df6e27b744f41679bb8c45d321b5fb0bff8875ebf7ba083c73aed4513ec18190283007dadb3f3a1a8117a818cfc8b6d8028592ef283ecf90833a103f1533a6db0a4033967cbccb72dc07737d9bbc8b994e7e8f1b483c7bf10e9671e2b03445df506c2d406cca060f1edc949f4ff3e6e073fe6d4db1440d7d4abb9c8cd7c2ddff8a6e7c85b6c4269c05f76b88b0139120cf430d77dfb74a1d0032b6f17c487dd9c9bcb0fc05861e7c7e6e93b133f54577841dd9f35172fa6761fcb6e58cc716fe88dab5c337439c2359beb2fa5dc579e3ddfb8ab43ee7a4d11d65b48fe5ac51eb553712b19a2f66df90f6f8d88b84de58cc007df2440fa81b002abcd38f404c112fee3276296e7d65f4d47d6e37dab0ab10ca9a0432e72c249095673d4147cc093719230598b44ef3cf35114
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 00e3214c81339540a3804fca656f5aea7d
-      Version: 3
-      TBS:
-        MD5: e92698d5c465b606f7b442425888a42f
-        SHA1: 28ce18c759778e18724fba34c2ba4b2b8a13b06a
-        SHA256: abca5c5b177f79be37017f735312dcbb10b7ffe405a0c0feb93f08b3506d9044
-        SHA384: 568df6a08f7ab38d19b4cb314c74f6e9622524651b2dc82224f993a0790e0454887a9215281beb548672a80f8c856b5b
-    - Subject: C=US, O=DigiCert, Inc., CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping
-        CA
-      ValidFrom: '2022-03-23 00:00:00'
-      ValidTo: '2037-03-22 23:59:59'
-      Signature: 7d598ec093b66f98a94422017e66d6d82142e1b0182e104d13cf3053cebf18fbc7505de24b29fb708a0daa2969fc69c1cf1d07e93e60c8d80be55c5bd76d87fa842025343167cdb612966fc4504c621d0c0882a816bda956cf15738d012225ce95693f4777fb727414d7ffab4f8a2c7aab85cd435fed60b6aa4f91669e2c9ee08aace5fd8cbc6426876c92bd9d7cd0700a7cefa8bc754fba5af7a910b25de9ff285489f0d58a717665daccf072a323fac0278244ae99271bab241e26c1b7de2aebf69eb1799981a35686ab0a45c9dfc48da0e798fbfba69d72afc4c7c1c16a71d9c6138009c4b69fcd878724bb4fa349b9776691f1729ce94b0252a7377e9353ac3b1d08490f94cd397addff256399272c3d3f6ba7f166c341cd4fb6409b212140d0b71324cddc1d783ae49eade5347192d7266be43873aba6014fbd3f3b78ad4cadfbc4957bed0a5f33398741787a38e99ce1dd23fd1d28d3c7f9e8f1985ffb2bd87ef2469d752c1e272c26db6f157b1e198b36b893d4e6f2179959ca70f037bf9800df20164f27fb606716a166badd55c03a2986b098a02bed9541b73ad5159831b462090f0abd81d913febfa4d1f357d9bc04fa82de32df0489f000cd5dc2f9d0237f000be4760226d9f0657642a6298709472be67f1aa4850ffc9896f655542b1f80fac0f20e2be5d6fba92f44154ae7130e1ddb37381aa12bf6edd67cfc
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 073637b724547cd847acfd28662a5e5b
-      Version: 3
-      TBS:
-        MD5: e4b8ad9932ff9205f580cf8fb2afbb86
-        SHA1: 5301f7044d78bf94dd2b6e4871083a17fdba1dcc
-        SHA256: c3d01499a5d1d2f71e0f44e78fbfa4b8aadb43dd4f226401e0c1d7a6d53357fa
-        SHA384: 84b5f399da5a4f4387269adfd951ef7d2197c29552ed2d2e449060664c3825d6bdb2acc3e563d999e54652f7384f445e
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp 2022 , 2
-      ValidFrom: '2022-09-21 00:00:00'
-      ValidTo: '2033-11-21 23:59:59'
-      Signature: 55aa2a1af346f378573730fc75e34fd68523f1fcf995399b25e6f7728a98c377d464fc15fb36c249512c7888635509463900fc69d4ca9b29fba33fc0c9009b131db09889dc78f2cd7c85cd539daf62e26166a3142a45874a98422b50fc1bb59e083009fae42dd7098979f909e688ce7d1bb86aa29bc1536009e8a3b89dd7ad1f1cb8ec9841f0f60e80fbe4ffdf9d10a7eb00ba5f4a8f1a3a52b4eabf0949153536599a0f54d2b21b7f7e5e09ad76548a746dcad205672b76ebff98b226953819884414e50a59a26be7223e4421d23f1cc09bed7c48b2d8920c914f3c6694af5d0253eb9ee29ee4d31f8601649c00c2e95a74750d3de17988bf1c0197c9192380d7365a5f9616b1630cc646403bce5d35d4593e439a18aec3c9cbc3fb9b135f6ab5c7e0f305c359df27622bde41c953b9ff341067f62632987bfe5c42948194829dac0a8bc64b154ad3989045603380e023def803a4f64547e5ceb8034247e841367177adfda2e897744e2eda1e1d8c5ac81e9ad5c2f0c622a84f9bbdd81c9a51c42f9af65fa72797ba962e8557c060e778567f6aefc2959a4b1102c8829cc91a057cba71b54e7a996cf4e89ed45a98c89fbf8dbb185c43f5d02ae8e262ee7804dbbdd1fb5b0aa8707ef0978478e308035d472c63a825389701d23f3adae5e5f6e69bdc7e2cccff174c4d00a2d8d6010eb88beee6e07255892c271961f677018c
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 0c4d69724b94fa3c2a4a3d2907803d5a
-      Version: 3
-      TBS:
-        MD5: 812cb8ca0c79b318780ec5128ad13c1d
-        SHA1: 3f8047d078307123301e50a25e9afb0dc4b6843d
-        SHA256: 0c0b121e6f807bc22d4e0f4945634c22eca7e4d5ca58a1526a40e918a35c1d79
-        SHA384: 86aab81948499b3c90833253a853e7b3fd82ccf7b65b35806831ab60814bfc6ad8848c990df262a1c89b6fc4267dad81
-    Signer:
-    - SerialNumber: 00e3214c81339540a3804fca656f5aea7d
-      Issuer: C=DE, ST=Berlin, L=Berlin, postalCode=48273, ??=Rathas G45, OU=Ownership,
-        O=Sex Shop L45, emailAddress=administration@parsec.net, CN=Sex Shop SRL
-      Version: 1
-  Imphash: 409d2ab916237fb129c57aacbb7cb4fe
-  LoadsDespiteHVCI: 'FALSE'
-MitreID: T1068
+    Command: ''
+    Description: Confirmed vulnerable driver from Microsoft Block List
+    OperatingSystem: Windows
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://gist.github.com/mgraeber-rc/1bde6a2a83237f17b463d051d32e802c
-Tags:
-- xjokercontroller.sys
-Verified: 'TRUE'
+Detection:
+-   type: ''
+    value: ''
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 788a1df0b3fd2dfa3fdfc24e441f9d2c
+        SHA1: 2a40c0a92107d9b3faa9aecdedf5016c1ea564f1
+        SHA256: 25454028a4f56d3c58747811a86be43397a6290d1a053bc30d97b41bf3c58c6f
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2020-04-19 21:19:37'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - NtQuerySystemInformation
+    - RtlInitUnicodeString
+    - ExAllocatePool
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - _wcsicmp
+    - RtlInitString
+    - RtlAnsiStringToUnicodeString
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - ZwClose
+    - MmIsAddressValid
+    - ZwOpenDirectoryObject
+    - ZwQueryDirectoryObject
+    - ObReferenceObjectByName
+    - ZwQuerySystemInformation
+    - __C_specific_handler
+    - MmHighestUserAddress
+    - IoDriverObjectType
+    - KeQueryTimeIncrement
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - PsGetProcessWow64Process
+    - PsGetProcessPeb
+    - MmUnlockPages
+    - MmGetSystemRoutineAddress
+    - MmUnmapLockedPages
+    - IoFreeMdl
+    - ZwTerminateProcess
+    - PsGetProcessImageFileName
+    - ObOpenObjectByPointer
+    - PsReferenceProcessFilePointer
+    - IoQueryFileDosDeviceName
+    - ZwQueryVirtualMemory
+    - MmProbeAndLockPages
+    - PsLookupProcessByProcessId
+    - MmMapLockedPagesSpecifyCache
+    - IoAllocateMdl
+    - IoGetCurrentProcess
+    - MmCopyVirtualMemory
+    - KeClearEvent
+    - KeSetEvent
+    - KeWaitForSingleObject
+    - MmMapLockedPages
+    - ObReferenceObjectByHandle
+    - PsSetCreateProcessNotifyRoutineEx
+    - PsSetCreateThreadNotifyRoutine
+    - PsRemoveCreateThreadNotifyRoutine
+    - PsSetLoadImageNotifyRoutine
+    - PsRemoveLoadImageNotifyRoutine
+    - ExEventObjectType
+    - ObRegisterCallbacks
+    - ObUnRegisterCallbacks
+    - ObGetFilterVersion
+    - IoThreadToProcess
+    - strcmp
+    - PsProcessType
+    - PsThreadType
+    - RtlGetVersion
+    - ObfReferenceObject
+    - ObGetObjectType
+    - ExEnumHandleTable
+    - ExfUnblockPushLock
+    - _snprintf
+    - vsprintf_s
+    - ZwCreateFile
+    - ZwWriteFile
+    - PsLookupThreadByThreadId
+    - NtQueryInformationThread
+    - DbgPrint
+    - KeDelayExecutionThread
+    - KdDisableDebugger
+    - KdChangeOption
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - KdDebuggerEnabled
+    - PsGetVersion
+    - KeInitializeEvent
+    - RtlCopyUnicodeString
+    - ObfDereferenceObject
+    - ExReleaseFastMutex
+    - ExAcquireFastMutex
+    - MmBuildMdlForNonPagedPool
+    - WdfVersionBindClass
+    - WdfVersionBind
+    - WdfVersionUnbind
+    - WdfVersionUnbindClass
+    Imports:
+    - ntoskrnl.exe
+    - WDFLDR.SYS
+    InternalName: ''
+    MD5: 7b2918d0a19ca452d39ec59b7670e880
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: ffdf660eb1ebf020a1d0a55a90712dfb
+        SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
+        SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
+    SHA1: 3edf489c11e25ff9b9b98c7708f3321c3d679603
+    SHA256: 19dba69b48b085d9487cc23a4135f3ef4849c181965bffc55baed9fa6c205429
+    Sections:
+        .text:
+            Entropy: 6.1912018117070735
+            Virtual Size: '0x6c80'
+        .rdata:
+            Entropy: 4.780472480164167
+            Virtual Size: '0x1584'
+        .data:
+            Entropy: 0.805522255156276
+            Virtual Size: '0x15f8'
+        .pdata:
+            Entropy: 7.695557676550278
+            Virtual Size: '0x678'
+        PAGE:
+            Entropy: 5.92926389421831
+            Virtual Size: '0xb0e'
+        INIT:
+            Entropy: 5.364167422952783
+            Virtual Size: '0xe36'
+        .upx0:
+            Entropy: 7.020133249394464
+            Virtual Size: '0x11f974'
+        .reloc:
+            Entropy: 3.8296982621776037
+            Virtual Size: '0xc0'
+        .rsrc:
+            Entropy: 2.892850468812766
+            Virtual Size: '0x22c'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Trusted
+                Root G4
+            ValidFrom: '2022-08-01 00:00:00'
+            ValidTo: '2031-11-09 23:59:59'
+            Signature: 70a0bf435c55e7385fa0a3741b3db616d7f7bf5707bd9aaca1872cec855ea91abb22f8871a695422eda488776dbd1a14f4134a7a2f2db738eff4ff80b9f8a1f7f272de24bc5203c84ed02adefa2d56cff9f4f7ac307a9a8bb25ed4cfd143449b4321eb9672a148b499cb9d4fa7060313772744d4e77fe859a8f0bf2f0ba6e9f2343cecf703c787a8d24c401935466a6954b0b8a1568eeca4d53de8b1dcfd1cd8f4775a5c548c6fefa1503dfc760968849f6fcadb208d35601c0203cb20b0ac58a00e4063c59822c1b259f5556bcf27ab6c76ce6f232df47e716a236b22ff12b8542d277ed83ad9f0b68796fd5bd15cac18c34d9f73b701a99f57aa5e28e2b994
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.12
+            IsCertificateAuthority: true
+            SerialNumber: 0e9b188ef9d02de7efdb50e20840185a
+            Version: 3
+            TBS:
+                MD5: 21a266bd49f2778b24d13d95641ea6ac
+                SHA1: 21319f341fdf06bf6a104427afa8b7823b1ea7f3
+                SHA256: e933dc68ee65abd1f9b1aa6738eff60a6895d3d8cc4accf0c69069aa3decd757
+                SHA384: 11533efd6b326a4e065a936de300fe0586a479f93d569d2403bd62c7ad35f1b2199daee3adb510f429c4fc97b4b024e3
+        -   Subject: C=DE, ST=Berlin, L=Berlin, postalCode=48273, ??=Rathas G45, OU=Ownership,
+                O=Sex Shop L45, emailAddress=administration@parsec.net, CN=Sex Shop
+                SRL
+            ValidFrom: '2022-06-03 00:00:01'
+            ValidTo: '2024-07-04 23:59:59'
+            Signature: 48c453934773519fb737a92159f039851b8140cc7ee24eb15465885099600c1d09644dfc7f15dc841a004b59f9e9b57f4ef33f7dceac01ff80f8a9fc9d51fe747addd7d08122fcf10812ebc1df26b7577365cd73d59956bf659c4a5c87477619a04c59987b47e768eb886ef45761fc6a0dc4e211b3da590ef0920c4b51445f7ab6cf95a8085174f4bdf17a5ce13e049f21892d6de70160f9be5efcbc9a8dc07ab20bb77b897157654e591da80e18c0cec859bf60b1570cc228762bdd394d1ef9f81db3bdb3c1cd07f63428db9fd7654f04f170435df6e27b744f41679bb8c45d321b5fb0bff8875ebf7ba083c73aed4513ec18190283007dadb3f3a1a8117a818cfc8b6d8028592ef283ecf90833a103f1533a6db0a4033967cbccb72dc07737d9bbc8b994e7e8f1b483c7bf10e9671e2b03445df506c2d406cca060f1edc949f4ff3e6e073fe6d4db1440d7d4abb9c8cd7c2ddff8a6e7c85b6c4269c05f76b88b0139120cf430d77dfb74a1d0032b6f17c487dd9c9bcb0fc05861e7c7e6e93b133f54577841dd9f35172fa6761fcb6e58cc716fe88dab5c337439c2359beb2fa5dc579e3ddfb8ab43ee7a4d11d65b48fe5ac51eb553712b19a2f66df90f6f8d88b84de58cc007df2440fa81b002abcd38f404c112fee3276296e7d65f4d47d6e37dab0ab10ca9a0432e72c249095673d4147cc093719230598b44ef3cf35114
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 00e3214c81339540a3804fca656f5aea7d
+            Version: 3
+            TBS:
+                MD5: e92698d5c465b606f7b442425888a42f
+                SHA1: 28ce18c759778e18724fba34c2ba4b2b8a13b06a
+                SHA256: abca5c5b177f79be37017f735312dcbb10b7ffe405a0c0feb93f08b3506d9044
+                SHA384: 568df6a08f7ab38d19b4cb314c74f6e9622524651b2dc82224f993a0790e0454887a9215281beb548672a80f8c856b5b
+        -   Subject: C=US, O=DigiCert, Inc., CN=DigiCert Trusted G4 RSA4096 SHA256
+                TimeStamping CA
+            ValidFrom: '2022-03-23 00:00:00'
+            ValidTo: '2037-03-22 23:59:59'
+            Signature: 7d598ec093b66f98a94422017e66d6d82142e1b0182e104d13cf3053cebf18fbc7505de24b29fb708a0daa2969fc69c1cf1d07e93e60c8d80be55c5bd76d87fa842025343167cdb612966fc4504c621d0c0882a816bda956cf15738d012225ce95693f4777fb727414d7ffab4f8a2c7aab85cd435fed60b6aa4f91669e2c9ee08aace5fd8cbc6426876c92bd9d7cd0700a7cefa8bc754fba5af7a910b25de9ff285489f0d58a717665daccf072a323fac0278244ae99271bab241e26c1b7de2aebf69eb1799981a35686ab0a45c9dfc48da0e798fbfba69d72afc4c7c1c16a71d9c6138009c4b69fcd878724bb4fa349b9776691f1729ce94b0252a7377e9353ac3b1d08490f94cd397addff256399272c3d3f6ba7f166c341cd4fb6409b212140d0b71324cddc1d783ae49eade5347192d7266be43873aba6014fbd3f3b78ad4cadfbc4957bed0a5f33398741787a38e99ce1dd23fd1d28d3c7f9e8f1985ffb2bd87ef2469d752c1e272c26db6f157b1e198b36b893d4e6f2179959ca70f037bf9800df20164f27fb606716a166badd55c03a2986b098a02bed9541b73ad5159831b462090f0abd81d913febfa4d1f357d9bc04fa82de32df0489f000cd5dc2f9d0237f000be4760226d9f0657642a6298709472be67f1aa4850ffc9896f655542b1f80fac0f20e2be5d6fba92f44154ae7130e1ddb37381aa12bf6edd67cfc
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 073637b724547cd847acfd28662a5e5b
+            Version: 3
+            TBS:
+                MD5: e4b8ad9932ff9205f580cf8fb2afbb86
+                SHA1: 5301f7044d78bf94dd2b6e4871083a17fdba1dcc
+                SHA256: c3d01499a5d1d2f71e0f44e78fbfa4b8aadb43dd4f226401e0c1d7a6d53357fa
+                SHA384: 84b5f399da5a4f4387269adfd951ef7d2197c29552ed2d2e449060664c3825d6bdb2acc3e563d999e54652f7384f445e
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp 2022 , 2
+            ValidFrom: '2022-09-21 00:00:00'
+            ValidTo: '2033-11-21 23:59:59'
+            Signature: 55aa2a1af346f378573730fc75e34fd68523f1fcf995399b25e6f7728a98c377d464fc15fb36c249512c7888635509463900fc69d4ca9b29fba33fc0c9009b131db09889dc78f2cd7c85cd539daf62e26166a3142a45874a98422b50fc1bb59e083009fae42dd7098979f909e688ce7d1bb86aa29bc1536009e8a3b89dd7ad1f1cb8ec9841f0f60e80fbe4ffdf9d10a7eb00ba5f4a8f1a3a52b4eabf0949153536599a0f54d2b21b7f7e5e09ad76548a746dcad205672b76ebff98b226953819884414e50a59a26be7223e4421d23f1cc09bed7c48b2d8920c914f3c6694af5d0253eb9ee29ee4d31f8601649c00c2e95a74750d3de17988bf1c0197c9192380d7365a5f9616b1630cc646403bce5d35d4593e439a18aec3c9cbc3fb9b135f6ab5c7e0f305c359df27622bde41c953b9ff341067f62632987bfe5c42948194829dac0a8bc64b154ad3989045603380e023def803a4f64547e5ceb8034247e841367177adfda2e897744e2eda1e1d8c5ac81e9ad5c2f0c622a84f9bbdd81c9a51c42f9af65fa72797ba962e8557c060e778567f6aefc2959a4b1102c8829cc91a057cba71b54e7a996cf4e89ed45a98c89fbf8dbb185c43f5d02ae8e262ee7804dbbdd1fb5b0aa8707ef0978478e308035d472c63a825389701d23f3adae5e5f6e69bdc7e2cccff174c4d00a2d8d6010eb88beee6e07255892c271961f677018c
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 0c4d69724b94fa3c2a4a3d2907803d5a
+            Version: 3
+            TBS:
+                MD5: 812cb8ca0c79b318780ec5128ad13c1d
+                SHA1: 3f8047d078307123301e50a25e9afb0dc4b6843d
+                SHA256: 0c0b121e6f807bc22d4e0f4945634c22eca7e4d5ca58a1526a40e918a35c1d79
+                SHA384: 86aab81948499b3c90833253a853e7b3fd82ccf7b65b35806831ab60814bfc6ad8848c990df262a1c89b6fc4267dad81
+        Signer:
+        -   SerialNumber: 00e3214c81339540a3804fca656f5aea7d
+            Issuer: C=DE, ST=Berlin, L=Berlin, postalCode=48273, ??=Rathas G45, OU=Ownership,
+                O=Sex Shop L45, emailAddress=administration@parsec.net, CN=Sex Shop
+                SRL
+            Version: 1
+    Imphash: 409d2ab916237fb129c57aacbb7cb4fe
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/b45a3fdf-592a-4cd9-81e2-8fe03d554cad.yaml b/yaml/b45a3fdf-592a-4cd9-81e2-8fe03d554cad.yaml
index 5f4e0a1e1..10bcbe78c 100644
--- a/yaml/b45a3fdf-592a-4cd9-81e2-8fe03d554cad.yaml
+++ b/yaml/b45a3fdf-592a-4cd9-81e2-8fe03d554cad.yaml
@@ -1,35 +1,35 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: b45a3fdf-592a-4cd9-81e2-8fe03d554cad
+Tags:
+- windows7-32.sys
+Verified: 'FALSE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create windows7-32.sys binPath=C:\windows\temp\windows7-32.sys     type=kernel
-    type=kernel && sc.exe start windows7-32.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection: []
-Id: b45a3fdf-592a-4cd9-81e2-8fe03d554cad
-KnownVulnerableSamples:
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: windows7-32.sys
-  MachineType: ''
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA256: 4941c4298f4560fc1e59d0f16f84bab5c060793700b82be2fd7c63735f1657a8
-  Signature: []
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create windows7-32.sys binPath=C:\windows\temp\windows7-32.sys     type=kernel
+        type=kernel && sc.exe start windows7-32.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules
-Tags:
-- windows7-32.sys
-Verified: 'FALSE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: windows7-32.sys
+    MachineType: ''
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA256: 4941c4298f4560fc1e59d0f16f84bab5c060793700b82be2fd7c63735f1657a8
+    Signature: []
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/b51c441a-12c7-407d-9517-559cc0030cf6.yaml b/yaml/b51c441a-12c7-407d-9517-559cc0030cf6.yaml
index b0b08ec1a..f4ce298b2 100644
--- a/yaml/b51c441a-12c7-407d-9517-559cc0030cf6.yaml
+++ b/yaml/b51c441a-12c7-407d-9517-559cc0030cf6.yaml
@@ -1,871 +1,872 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: b51c441a-12c7-407d-9517-559cc0030cf6
+Tags:
+- capcom.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create capcom.sys binPath=C:\windows\temp\capcom.sys type=kernel
-    && sc.exe start capcom.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection: []
-Id: b51c441a-12c7-407d-9517-559cc0030cf6
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 37458813b5115cbf06552da28fefbbbb
-    SHA1: 1d1cafc73c97c6bcd2331f8777d90fdca57125a3
-    SHA256: faa08cb609a5b7be6bfdb61f1e4a5e8adf2f5a1d2492f262483df7326934f5d4
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2016-09-05 00:43:33'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: capcom.sys
-  ImportedFunctions:
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - IofCompleteRequest
-  - MmGetSystemRoutineAddress
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - IoDeleteDevice
-  Imports:
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: 73c98438ac64a68e88b7b0afd11ba140
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: b2f23c03be4553a744ff25735a80073c
-    SHA1: 2703d60c8f12df9d6adf5ae475bfeb1786486888
-    SHA256: 46ffd109664b6694974986a39d508002d564434d60a0fb9f861401f2cb2c83f1
-  SHA1: c1d5cf8c43e7679b782630e93f5e6420ca1749a7
-  SHA256: da6ca1fb539f825ca0f012ed6976baf57ef9c70143b7a1e88b4650bf7a925e24
-  Sections:
-    .text:
-      Entropy: 5.848826218029174
-      Virtual Size: '0x4e0'
-    .data:
-      Entropy: -0.0
-      Virtual Size: '0xc0'
-    .pdata:
-      Entropy: 3.006469661076665
-      Virtual Size: '0x48'
-    .info:
-      Entropy: 1.3665783978789787
-      Virtual Size: '0xa0'
-    INIT:
-      Entropy: 4.123682579107587
-      Virtual Size: '0x114'
-  Signature:
-  - CAPCOM Co.,Ltd.
-  - Symantec Class 3 SHA256 Code Signing CA
-  - VeriSign
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=JP, ST=Osaka, L=Chuo,ku, O=CAPCOM Co.,Ltd., OU=R&D Asset Management
-        Section, CN=CAPCOM Co.,Ltd.
-      ValidFrom: '2016-05-02 00:00:00'
-      ValidTo: '2017-05-02 23:59:59'
-      Signature: 6b29c609e5a3bc4d2e3b59a22b42cfdcf409104be6cc7767624c4f96d585ef8243554de2513754867f64e7fdd39b00956903eee7ac6087641b82d8d49548202b8349085d9298c8e2498f2094190aa46cdda0510d937d4ab73ba469229672407822b47c4f1312475a14adcb291a101f0360acdcfa64a6aac9147b034fcea762c2a68a103885208922461990ef0bf3e602ba942257b36604ef4832c715d5320b99d5fd5ba7a76128ed6d0ba7cf90c4362ee2a96422fa4a69d5af070babf4ad786adfa43a21d1ae93fedfcef13b7e2f56b7c619f7d40bcaf8756e09797a9928daa90a582c8e7180cdb62f47c0873cc708f3e396820a7fdef929190fe86dea0b2566
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 7e59408d3c99c511a853fb2f73c03dc4
-      Version: 3
-      TBS:
-        MD5: a9f59eaae33b89f4e1abd1f49343dcac
-        SHA1: 070bcfc8c776cb0c28f80c39c84633e233bea90a
-        SHA256: 30107b5e2bcaa8ae8a2c0682c78b4b79377ca56f6a84c5610ebfc0adcf7b21ad
-        SHA384: b2dfce32fc217b83ce010a7f866e8dfc1dea72f11580521aa400c155b924432707abf72f279939ca1136d84800d445cf
-    - Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 SHA256 Code Signing CA
-      ValidFrom: '2013-12-10 00:00:00'
-      ValidTo: '2023-12-09 23:59:59'
-      Signature: 13851a1e69a937f7a0bda4af7e1d6153fe9d8c5e0ca6751e781723ddfdec1a035539fb7195c7655aa78e30d2445a61db706fda2105c22e73ba49f1d193fe5dc9cd5e03e0899e3f741ed7f7388ba9d6cfbb352f3358a89256d1c84d3b82e6798416fc28b0b147f31da23eee87d9a67fa456a53fad842e29de7cbca8aaa33d0401eaba93a20e502229174c87e43a115fd6a425899b056b2fb4c9014c277b0bac190522a060153fdac9fb4d4c8ffb726777fd2794c7ba350e8849fe8dfd28af4a12bd0db39705de440c15fa362b03dcc15001f1a1115d14e5e2bd274b54be2b845e0fa6c374050aef97c38922b11f77f3bdcd43d4f14ca93fb58b84af64f2d01421
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 3d78d7f9764960b2617df4f01eca862a
-      Version: 3
-      TBS:
-        MD5: 1f056ff7d5f874984dc605402b7cb042
-        SHA1: bdb348353a2203deb4b767914fa1bd7248dd728b
-        SHA256: a08e79c386083d875014c409c13d144e0a24386132980df11ff59737c8489eb1
-        SHA384: fa2729064b49e0d77540c1ee95d5f74acaf8eaf55197851a3a40383335f8113e51190bc48b552196edf8ac5cf0c89278
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    Signer:
-    - SerialNumber: 7e59408d3c99c511a853fb2f73c03dc4
-      Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 SHA256 Code Signing CA
-      Version: 1
-  Imphash: 45bfe170e0cd654bc1e2ae3fca3ac3f4
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 37458813b5115cbf06552da28fefbbbb
-    SHA1: 1d1cafc73c97c6bcd2331f8777d90fdca57125a3
-    SHA256: faa08cb609a5b7be6bfdb61f1e4a5e8adf2f5a1d2492f262483df7326934f5d4
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2016-09-05 00:43:33'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - IofCompleteRequest
-  - MmGetSystemRoutineAddress
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - IoDeleteDevice
-  Imports:
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: 002a58b90a589913a07012253662c98c
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: b2f23c03be4553a744ff25735a80073c
-    SHA1: 2703d60c8f12df9d6adf5ae475bfeb1786486888
-    SHA256: 46ffd109664b6694974986a39d508002d564434d60a0fb9f861401f2cb2c83f1
-  SHA1: 723fd9dd0957403ed131c72340e1996648f77a48
-  SHA256: 2b188ae51ec3be082e4d08f7483777ec5e66d30e393a4e9b5b9dc9af93d1f09b
-  Sections:
-    .text:
-      Entropy: 5.848826218029174
-      Virtual Size: '0x4e0'
-    .data:
-      Entropy: -0.0
-      Virtual Size: '0xc0'
-    .pdata:
-      Entropy: 3.006469661076665
-      Virtual Size: '0x48'
-    .info:
-      Entropy: 1.3665783978789787
-      Virtual Size: '0xa0'
-    INIT:
-      Entropy: 4.123682579107587
-      Virtual Size: '0x114'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=JP, ST=Osaka, L=Chuo,ku, O=CAPCOM Co.,Ltd., OU=R&D Asset Management
-        Section, CN=CAPCOM Co.,Ltd.
-      ValidFrom: '2016-05-02 00:00:00'
-      ValidTo: '2017-05-02 23:59:59'
-      Signature: 6b29c609e5a3bc4d2e3b59a22b42cfdcf409104be6cc7767624c4f96d585ef8243554de2513754867f64e7fdd39b00956903eee7ac6087641b82d8d49548202b8349085d9298c8e2498f2094190aa46cdda0510d937d4ab73ba469229672407822b47c4f1312475a14adcb291a101f0360acdcfa64a6aac9147b034fcea762c2a68a103885208922461990ef0bf3e602ba942257b36604ef4832c715d5320b99d5fd5ba7a76128ed6d0ba7cf90c4362ee2a96422fa4a69d5af070babf4ad786adfa43a21d1ae93fedfcef13b7e2f56b7c619f7d40bcaf8756e09797a9928daa90a582c8e7180cdb62f47c0873cc708f3e396820a7fdef929190fe86dea0b2566
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 7e59408d3c99c511a853fb2f73c03dc4
-      Version: 3
-      TBS:
-        MD5: a9f59eaae33b89f4e1abd1f49343dcac
-        SHA1: 070bcfc8c776cb0c28f80c39c84633e233bea90a
-        SHA256: 30107b5e2bcaa8ae8a2c0682c78b4b79377ca56f6a84c5610ebfc0adcf7b21ad
-        SHA384: b2dfce32fc217b83ce010a7f866e8dfc1dea72f11580521aa400c155b924432707abf72f279939ca1136d84800d445cf
-    - Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 SHA256 Code Signing CA
-      ValidFrom: '2013-12-10 00:00:00'
-      ValidTo: '2023-12-09 23:59:59'
-      Signature: 13851a1e69a937f7a0bda4af7e1d6153fe9d8c5e0ca6751e781723ddfdec1a035539fb7195c7655aa78e30d2445a61db706fda2105c22e73ba49f1d193fe5dc9cd5e03e0899e3f741ed7f7388ba9d6cfbb352f3358a89256d1c84d3b82e6798416fc28b0b147f31da23eee87d9a67fa456a53fad842e29de7cbca8aaa33d0401eaba93a20e502229174c87e43a115fd6a425899b056b2fb4c9014c277b0bac190522a060153fdac9fb4d4c8ffb726777fd2794c7ba350e8849fe8dfd28af4a12bd0db39705de440c15fa362b03dcc15001f1a1115d14e5e2bd274b54be2b845e0fa6c374050aef97c38922b11f77f3bdcd43d4f14ca93fb58b84af64f2d01421
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 3d78d7f9764960b2617df4f01eca862a
-      Version: 3
-      TBS:
-        MD5: 1f056ff7d5f874984dc605402b7cb042
-        SHA1: bdb348353a2203deb4b767914fa1bd7248dd728b
-        SHA256: a08e79c386083d875014c409c13d144e0a24386132980df11ff59737c8489eb1
-        SHA384: fa2729064b49e0d77540c1ee95d5f74acaf8eaf55197851a3a40383335f8113e51190bc48b552196edf8ac5cf0c89278
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    Signer:
-    - SerialNumber: 7e59408d3c99c511a853fb2f73c03dc4
-      Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 SHA256 Code Signing CA
-      Version: 1
-  Imphash: 45bfe170e0cd654bc1e2ae3fca3ac3f4
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 37458813b5115cbf06552da28fefbbbb
-    SHA1: 1d1cafc73c97c6bcd2331f8777d90fdca57125a3
-    SHA256: faa08cb609a5b7be6bfdb61f1e4a5e8adf2f5a1d2492f262483df7326934f5d4
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2016-09-05 00:43:33'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - IofCompleteRequest
-  - MmGetSystemRoutineAddress
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - IoDeleteDevice
-  Imports:
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: 524cd77f4c100cf20af4004f740b0268
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: b2f23c03be4553a744ff25735a80073c
-    SHA1: 2703d60c8f12df9d6adf5ae475bfeb1786486888
-    SHA256: 46ffd109664b6694974986a39d508002d564434d60a0fb9f861401f2cb2c83f1
-  SHA1: b70321d078f2e9c9826303bdc87ba9b7be290807
-  SHA256: ac26150bc98ee0419a8b23e4cda3566e0eba94718ba8059346a9696401e9793d
-  Sections:
-    .text:
-      Entropy: 5.848826218029174
-      Virtual Size: '0x4e0'
-    .data:
-      Entropy: -0.0
-      Virtual Size: '0xc0'
-    .pdata:
-      Entropy: 3.006469661076665
-      Virtual Size: '0x48'
-    .info:
-      Entropy: 1.3665783978789787
-      Virtual Size: '0xa0'
-    INIT:
-      Entropy: 4.123682579107587
-      Virtual Size: '0x114'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=California, L=Santa Clara, O=NVIDIA Corporation, OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=Software, CN=NVIDIA Corporation
-      ValidFrom: '2011-09-02 00:00:00'
-      ValidTo: '2014-09-01 23:59:59'
-      Signature: 5238793a97b2868da546597dbe0a1fba197ae635b9f53b53e26758194d749767e05fb1ce407fd31469376b37c67d5d48bc834f970ac733cd63d557e8a3be20a1fbf9d09e7a5c6c4ebd6fc18a68d0842d2ffdf6f79142d914c6521d227014040fa12f2afb3878aa065cfbed7fa29091b4fe54ea6237a0e1f8f183d0573ebb5bfe712cee4c49bd0b2f40c33bfcf0c7de0bc51ce01a70d14072d4d01216f36e388159220a4d8e3250ddccd71c7ef8a93a26edda2e959b598703a85fa391630e052454e31390dd82d69afee5df2f287bdce8f45f6363c27e6e23ab92faefc7e8d78c10cc1f936f33c36a134cb8820b5749ff479f70834bd99d8e15ad79a1cb3d7ebf
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 43bb437d609866286dd839e1d00309f5
-      Version: 3
-      TBS:
-        MD5: cef292b5c6cdb07e480ccbba0c9d56d1
-        SHA1: 15c37dbebe6fcc77108e3d7ad982676d3d5e77f7
-        SHA256: 3cb152375fa9e694fd2f9167c382005166871c783774997df1a42e0b6013d82a
-        SHA384: e64427dea71a71110ebc317f3552cd7193c5743f72d5cac9257abe80346d15ee42930d5a85e16c02ea06f56c7e8811fb
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 43bb437d609866286dd839e1d00309f5
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 45bfe170e0cd654bc1e2ae3fca3ac3f4
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 37458813b5115cbf06552da28fefbbbb
-    SHA1: 1d1cafc73c97c6bcd2331f8777d90fdca57125a3
-    SHA256: faa08cb609a5b7be6bfdb61f1e4a5e8adf2f5a1d2492f262483df7326934f5d4
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2016-09-05 00:43:33'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - IofCompleteRequest
-  - MmGetSystemRoutineAddress
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - IoDeleteDevice
-  Imports:
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: 1f15a513abc039533ca996552ba27e51
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: b2f23c03be4553a744ff25735a80073c
-    SHA1: 2703d60c8f12df9d6adf5ae475bfeb1786486888
-    SHA256: 46ffd109664b6694974986a39d508002d564434d60a0fb9f861401f2cb2c83f1
-  SHA1: 91530e1e1fb25a26f3e0d6587200ddbaecb45c74
-  SHA256: 54488a8c7da53222f25b6ed74b0dedc55d00f5fa80f4eaf6daac28f7c3528876
-  Sections:
-    .text:
-      Entropy: 5.848826218029174
-      Virtual Size: '0x4e0'
-    .data:
-      Entropy: -0.0
-      Virtual Size: '0xc0'
-    .pdata:
-      Entropy: 3.006469661076665
-      Virtual Size: '0x48'
-    .info:
-      Entropy: 1.3665783978789787
-      Virtual Size: '0xa0'
-    INIT:
-      Entropy: 4.123682579107587
-      Virtual Size: '0x114'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=JP, ST=Osaka, L=Chuo,ku, O=CAPCOM Co.,Ltd., OU=R&D Asset Management
-        Section, CN=CAPCOM Co.,Ltd.
-      ValidFrom: '2016-05-02 00:00:00'
-      ValidTo: '2017-05-02 23:59:59'
-      Signature: 6b29c609e5a3bc4d2e3b59a22b42cfdcf409104be6cc7767624c4f96d585ef8243554de2513754867f64e7fdd39b00956903eee7ac6087641b82d8d49548202b8349085d9298c8e2498f2094190aa46cdda0510d937d4ab73ba469229672407822b47c4f1312475a14adcb291a101f0360acdcfa64a6aac9147b034fcea762c2a68a103885208922461990ef0bf3e602ba942257b36604ef4832c715d5320b99d5fd5ba7a76128ed6d0ba7cf90c4362ee2a96422fa4a69d5af070babf4ad786adfa43a21d1ae93fedfcef13b7e2f56b7c619f7d40bcaf8756e09797a9928daa90a582c8e7180cdb62f47c0873cc708f3e396820a7fdef929190fe86dea0b2566
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 7e59408d3c99c511a853fb2f73c03dc4
-      Version: 3
-      TBS:
-        MD5: a9f59eaae33b89f4e1abd1f49343dcac
-        SHA1: 070bcfc8c776cb0c28f80c39c84633e233bea90a
-        SHA256: 30107b5e2bcaa8ae8a2c0682c78b4b79377ca56f6a84c5610ebfc0adcf7b21ad
-        SHA384: b2dfce32fc217b83ce010a7f866e8dfc1dea72f11580521aa400c155b924432707abf72f279939ca1136d84800d445cf
-    - Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 SHA256 Code Signing CA
-      ValidFrom: '2013-12-10 00:00:00'
-      ValidTo: '2023-12-09 23:59:59'
-      Signature: 13851a1e69a937f7a0bda4af7e1d6153fe9d8c5e0ca6751e781723ddfdec1a035539fb7195c7655aa78e30d2445a61db706fda2105c22e73ba49f1d193fe5dc9cd5e03e0899e3f741ed7f7388ba9d6cfbb352f3358a89256d1c84d3b82e6798416fc28b0b147f31da23eee87d9a67fa456a53fad842e29de7cbca8aaa33d0401eaba93a20e502229174c87e43a115fd6a425899b056b2fb4c9014c277b0bac190522a060153fdac9fb4d4c8ffb726777fd2794c7ba350e8849fe8dfd28af4a12bd0db39705de440c15fa362b03dcc15001f1a1115d14e5e2bd274b54be2b845e0fa6c374050aef97c38922b11f77f3bdcd43d4f14ca93fb58b84af64f2d01421
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 3d78d7f9764960b2617df4f01eca862a
-      Version: 3
-      TBS:
-        MD5: 1f056ff7d5f874984dc605402b7cb042
-        SHA1: bdb348353a2203deb4b767914fa1bd7248dd728b
-        SHA256: a08e79c386083d875014c409c13d144e0a24386132980df11ff59737c8489eb1
-        SHA384: fa2729064b49e0d77540c1ee95d5f74acaf8eaf55197851a3a40383335f8113e51190bc48b552196edf8ac5cf0c89278
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    Signer:
-    - SerialNumber: 7e59408d3c99c511a853fb2f73c03dc4
-      Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 SHA256 Code Signing CA
-      Version: 1
-  Imphash: 45bfe170e0cd654bc1e2ae3fca3ac3f4
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 37458813b5115cbf06552da28fefbbbb
-    SHA1: 1d1cafc73c97c6bcd2331f8777d90fdca57125a3
-    SHA256: faa08cb609a5b7be6bfdb61f1e4a5e8adf2f5a1d2492f262483df7326934f5d4
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2016-09-05 00:43:33'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - IofCompleteRequest
-  - MmGetSystemRoutineAddress
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - IoDeleteDevice
-  Imports:
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: 394e290aff9d4e78e504cedfb2d99350
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: b2f23c03be4553a744ff25735a80073c
-    SHA1: 2703d60c8f12df9d6adf5ae475bfeb1786486888
-    SHA256: 46ffd109664b6694974986a39d508002d564434d60a0fb9f861401f2cb2c83f1
-  SHA1: 59e6effdb23644ca03e60618095dc172a28f846e
-  SHA256: c2562e0101cb39906c73b96fc15a6e6e3edd710b19858f6bbd0c90f1561b6038
-  Sections:
-    .text:
-      Entropy: 5.848826218029174
-      Virtual Size: '0x4e0'
-    .data:
-      Entropy: -0.0
-      Virtual Size: '0xc0'
-    .pdata:
-      Entropy: 3.006469661076665
-      Virtual Size: '0x48'
-    .info:
-      Entropy: 1.3665783978789787
-      Virtual Size: '0xa0'
-    INIT:
-      Entropy: 4.123682579107587
-      Virtual Size: '0x114'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=JP, ST=Osaka, L=Chuo,ku, O=CAPCOM Co.,Ltd., OU=R&D Asset Management
-        Section, CN=CAPCOM Co.,Ltd.
-      ValidFrom: '2016-05-02 00:00:00'
-      ValidTo: '2017-05-02 23:59:59'
-      Signature: 6b29c609e5a3bc4d2e3b59a22b42cfdcf409104be6cc7767624c4f96d585ef8243554de2513754867f64e7fdd39b00956903eee7ac6087641b82d8d49548202b8349085d9298c8e2498f2094190aa46cdda0510d937d4ab73ba469229672407822b47c4f1312475a14adcb291a101f0360acdcfa64a6aac9147b034fcea762c2a68a103885208922461990ef0bf3e602ba942257b36604ef4832c715d5320b99d5fd5ba7a76128ed6d0ba7cf90c4362ee2a96422fa4a69d5af070babf4ad786adfa43a21d1ae93fedfcef13b7e2f56b7c619f7d40bcaf8756e09797a9928daa90a582c8e7180cdb62f47c0873cc708f3e396820a7fdef929190fe86dea0b2566
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 7e59408d3c99c511a853fb2f73c03dc4
-      Version: 3
-      TBS:
-        MD5: a9f59eaae33b89f4e1abd1f49343dcac
-        SHA1: 070bcfc8c776cb0c28f80c39c84633e233bea90a
-        SHA256: 30107b5e2bcaa8ae8a2c0682c78b4b79377ca56f6a84c5610ebfc0adcf7b21ad
-        SHA384: b2dfce32fc217b83ce010a7f866e8dfc1dea72f11580521aa400c155b924432707abf72f279939ca1136d84800d445cf
-    - Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 SHA256 Code Signing CA
-      ValidFrom: '2013-12-10 00:00:00'
-      ValidTo: '2023-12-09 23:59:59'
-      Signature: 13851a1e69a937f7a0bda4af7e1d6153fe9d8c5e0ca6751e781723ddfdec1a035539fb7195c7655aa78e30d2445a61db706fda2105c22e73ba49f1d193fe5dc9cd5e03e0899e3f741ed7f7388ba9d6cfbb352f3358a89256d1c84d3b82e6798416fc28b0b147f31da23eee87d9a67fa456a53fad842e29de7cbca8aaa33d0401eaba93a20e502229174c87e43a115fd6a425899b056b2fb4c9014c277b0bac190522a060153fdac9fb4d4c8ffb726777fd2794c7ba350e8849fe8dfd28af4a12bd0db39705de440c15fa362b03dcc15001f1a1115d14e5e2bd274b54be2b845e0fa6c374050aef97c38922b11f77f3bdcd43d4f14ca93fb58b84af64f2d01421
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 3d78d7f9764960b2617df4f01eca862a
-      Version: 3
-      TBS:
-        MD5: 1f056ff7d5f874984dc605402b7cb042
-        SHA1: bdb348353a2203deb4b767914fa1bd7248dd728b
-        SHA256: a08e79c386083d875014c409c13d144e0a24386132980df11ff59737c8489eb1
-        SHA384: fa2729064b49e0d77540c1ee95d5f74acaf8eaf55197851a3a40383335f8113e51190bc48b552196edf8ac5cf0c89278
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    Signer:
-    - SerialNumber: 7e59408d3c99c511a853fb2f73c03dc4
-      Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 SHA256 Code Signing CA
-      Version: 1
-  Imphash: 45bfe170e0cd654bc1e2ae3fca3ac3f4
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 37458813b5115cbf06552da28fefbbbb
-    SHA1: 1d1cafc73c97c6bcd2331f8777d90fdca57125a3
-    SHA256: faa08cb609a5b7be6bfdb61f1e4a5e8adf2f5a1d2492f262483df7326934f5d4
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2016-09-05 00:43:33'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - IofCompleteRequest
-  - MmGetSystemRoutineAddress
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - IoDeleteDevice
-  Imports:
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: d4119a5cb07ce945c6549eae74e39731
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: b2f23c03be4553a744ff25735a80073c
-    SHA1: 2703d60c8f12df9d6adf5ae475bfeb1786486888
-    SHA256: 46ffd109664b6694974986a39d508002d564434d60a0fb9f861401f2cb2c83f1
-  SHA1: cfdb2085eaf729c7967f5d4efe16da3d50d07a23
-  SHA256: d9e8be11a19699903016f39f95c9c5bf1a39774ecea73670f2c3ed5385ebfe4c
-  Sections:
-    .text:
-      Entropy: 5.848826218029174
-      Virtual Size: '0x4e0'
-    .data:
-      Entropy: -0.0
-      Virtual Size: '0xc0'
-    .pdata:
-      Entropy: 3.006469661076665
-      Virtual Size: '0x48'
-    .info:
-      Entropy: 1.3665783978789787
-      Virtual Size: '0xa0'
-    INIT:
-      Entropy: 4.123682579107587
-      Virtual Size: '0x114'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=JP, ST=Osaka, L=Chuo,ku, O=CAPCOM Co.,Ltd., OU=R&D Asset Management
-        Section, CN=CAPCOM Co.,Ltd.
-      ValidFrom: '2016-05-02 00:00:00'
-      ValidTo: '2017-05-02 23:59:59'
-      Signature: 6b29c609e5a3bc4d2e3b59a22b42cfdcf409104be6cc7767624c4f96d585ef8243554de2513754867f64e7fdd39b00956903eee7ac6087641b82d8d49548202b8349085d9298c8e2498f2094190aa46cdda0510d937d4ab73ba469229672407822b47c4f1312475a14adcb291a101f0360acdcfa64a6aac9147b034fcea762c2a68a103885208922461990ef0bf3e602ba942257b36604ef4832c715d5320b99d5fd5ba7a76128ed6d0ba7cf90c4362ee2a96422fa4a69d5af070babf4ad786adfa43a21d1ae93fedfcef13b7e2f56b7c619f7d40bcaf8756e09797a9928daa90a582c8e7180cdb62f47c0873cc708f3e396820a7fdef929190fe86dea0b2566
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 7e59408d3c99c511a853fb2f73c03dc4
-      Version: 3
-      TBS:
-        MD5: a9f59eaae33b89f4e1abd1f49343dcac
-        SHA1: 070bcfc8c776cb0c28f80c39c84633e233bea90a
-        SHA256: 30107b5e2bcaa8ae8a2c0682c78b4b79377ca56f6a84c5610ebfc0adcf7b21ad
-        SHA384: b2dfce32fc217b83ce010a7f866e8dfc1dea72f11580521aa400c155b924432707abf72f279939ca1136d84800d445cf
-    - Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 SHA256 Code Signing CA
-      ValidFrom: '2013-12-10 00:00:00'
-      ValidTo: '2023-12-09 23:59:59'
-      Signature: 13851a1e69a937f7a0bda4af7e1d6153fe9d8c5e0ca6751e781723ddfdec1a035539fb7195c7655aa78e30d2445a61db706fda2105c22e73ba49f1d193fe5dc9cd5e03e0899e3f741ed7f7388ba9d6cfbb352f3358a89256d1c84d3b82e6798416fc28b0b147f31da23eee87d9a67fa456a53fad842e29de7cbca8aaa33d0401eaba93a20e502229174c87e43a115fd6a425899b056b2fb4c9014c277b0bac190522a060153fdac9fb4d4c8ffb726777fd2794c7ba350e8849fe8dfd28af4a12bd0db39705de440c15fa362b03dcc15001f1a1115d14e5e2bd274b54be2b845e0fa6c374050aef97c38922b11f77f3bdcd43d4f14ca93fb58b84af64f2d01421
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 3d78d7f9764960b2617df4f01eca862a
-      Version: 3
-      TBS:
-        MD5: 1f056ff7d5f874984dc605402b7cb042
-        SHA1: bdb348353a2203deb4b767914fa1bd7248dd728b
-        SHA256: a08e79c386083d875014c409c13d144e0a24386132980df11ff59737c8489eb1
-        SHA384: fa2729064b49e0d77540c1ee95d5f74acaf8eaf55197851a3a40383335f8113e51190bc48b552196edf8ac5cf0c89278
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    Signer:
-    - SerialNumber: 7e59408d3c99c511a853fb2f73c03dc4
-      Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 SHA256 Code Signing CA
-      Version: 1
-  Imphash: 45bfe170e0cd654bc1e2ae3fca3ac3f4
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 37458813b5115cbf06552da28fefbbbb
-    SHA1: 1d1cafc73c97c6bcd2331f8777d90fdca57125a3
-    SHA256: faa08cb609a5b7be6bfdb61f1e4a5e8adf2f5a1d2492f262483df7326934f5d4
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2016-09-05 00:43:33'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - IofCompleteRequest
-  - MmGetSystemRoutineAddress
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - IoDeleteDevice
-  Imports:
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: a346417e9ae2c17a8fbf73302eeb611d
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: b2f23c03be4553a744ff25735a80073c
-    SHA1: 2703d60c8f12df9d6adf5ae475bfeb1786486888
-    SHA256: 46ffd109664b6694974986a39d508002d564434d60a0fb9f861401f2cb2c83f1
-  SHA1: 756fd2b82bf92538786b1bd283c6ef2f9794761e
-  SHA256: 2a11b4f125d8537e69af7b684494e49ef2a30a219634988e278177fa36c934eb
-  Sections:
-    .text:
-      Entropy: 5.848826218029174
-      Virtual Size: '0x4e0'
-    .data:
-      Entropy: -0.0
-      Virtual Size: '0xc0'
-    .pdata:
-      Entropy: 3.006469661076665
-      Virtual Size: '0x48'
-    .info:
-      Entropy: 1.3665783978789787
-      Virtual Size: '0xa0'
-    INIT:
-      Entropy: 4.123682579107587
-      Virtual Size: '0x114'
-  Signature: ''
-  Signatures: {}
-  Imphash: 45bfe170e0cd654bc1e2ae3fca3ac3f4
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create capcom.sys binPath=C:\windows\temp\capcom.sys type=kernel
+        && sc.exe start capcom.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://github.com/elastic/protections-artifacts/search?q=VulnDriver
-Tags:
-- capcom.sys
-Verified: 'TRUE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 37458813b5115cbf06552da28fefbbbb
+        SHA1: 1d1cafc73c97c6bcd2331f8777d90fdca57125a3
+        SHA256: faa08cb609a5b7be6bfdb61f1e4a5e8adf2f5a1d2492f262483df7326934f5d4
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2016-09-05 00:43:33'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: capcom.sys
+    ImportedFunctions:
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - IofCompleteRequest
+    - MmGetSystemRoutineAddress
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - IoDeleteDevice
+    Imports:
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: 73c98438ac64a68e88b7b0afd11ba140
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: b2f23c03be4553a744ff25735a80073c
+        SHA1: 2703d60c8f12df9d6adf5ae475bfeb1786486888
+        SHA256: 46ffd109664b6694974986a39d508002d564434d60a0fb9f861401f2cb2c83f1
+    SHA1: c1d5cf8c43e7679b782630e93f5e6420ca1749a7
+    SHA256: da6ca1fb539f825ca0f012ed6976baf57ef9c70143b7a1e88b4650bf7a925e24
+    Sections:
+        .text:
+            Entropy: 5.848826218029174
+            Virtual Size: '0x4e0'
+        .data:
+            Entropy: -0.0
+            Virtual Size: '0xc0'
+        .pdata:
+            Entropy: 3.006469661076665
+            Virtual Size: '0x48'
+        .info:
+            Entropy: 1.3665783978789787
+            Virtual Size: '0xa0'
+        INIT:
+            Entropy: 4.123682579107587
+            Virtual Size: '0x114'
+    Signature:
+    - CAPCOM Co.,Ltd.
+    - Symantec Class 3 SHA256 Code Signing CA
+    - VeriSign
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=JP, ST=Osaka, L=Chuo,ku, O=CAPCOM Co.,Ltd., OU=R&D Asset Management
+                Section, CN=CAPCOM Co.,Ltd.
+            ValidFrom: '2016-05-02 00:00:00'
+            ValidTo: '2017-05-02 23:59:59'
+            Signature: 6b29c609e5a3bc4d2e3b59a22b42cfdcf409104be6cc7767624c4f96d585ef8243554de2513754867f64e7fdd39b00956903eee7ac6087641b82d8d49548202b8349085d9298c8e2498f2094190aa46cdda0510d937d4ab73ba469229672407822b47c4f1312475a14adcb291a101f0360acdcfa64a6aac9147b034fcea762c2a68a103885208922461990ef0bf3e602ba942257b36604ef4832c715d5320b99d5fd5ba7a76128ed6d0ba7cf90c4362ee2a96422fa4a69d5af070babf4ad786adfa43a21d1ae93fedfcef13b7e2f56b7c619f7d40bcaf8756e09797a9928daa90a582c8e7180cdb62f47c0873cc708f3e396820a7fdef929190fe86dea0b2566
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 7e59408d3c99c511a853fb2f73c03dc4
+            Version: 3
+            TBS:
+                MD5: a9f59eaae33b89f4e1abd1f49343dcac
+                SHA1: 070bcfc8c776cb0c28f80c39c84633e233bea90a
+                SHA256: 30107b5e2bcaa8ae8a2c0682c78b4b79377ca56f6a84c5610ebfc0adcf7b21ad
+                SHA384: b2dfce32fc217b83ce010a7f866e8dfc1dea72f11580521aa400c155b924432707abf72f279939ca1136d84800d445cf
+        -   Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 SHA256 Code Signing CA
+            ValidFrom: '2013-12-10 00:00:00'
+            ValidTo: '2023-12-09 23:59:59'
+            Signature: 13851a1e69a937f7a0bda4af7e1d6153fe9d8c5e0ca6751e781723ddfdec1a035539fb7195c7655aa78e30d2445a61db706fda2105c22e73ba49f1d193fe5dc9cd5e03e0899e3f741ed7f7388ba9d6cfbb352f3358a89256d1c84d3b82e6798416fc28b0b147f31da23eee87d9a67fa456a53fad842e29de7cbca8aaa33d0401eaba93a20e502229174c87e43a115fd6a425899b056b2fb4c9014c277b0bac190522a060153fdac9fb4d4c8ffb726777fd2794c7ba350e8849fe8dfd28af4a12bd0db39705de440c15fa362b03dcc15001f1a1115d14e5e2bd274b54be2b845e0fa6c374050aef97c38922b11f77f3bdcd43d4f14ca93fb58b84af64f2d01421
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 3d78d7f9764960b2617df4f01eca862a
+            Version: 3
+            TBS:
+                MD5: 1f056ff7d5f874984dc605402b7cb042
+                SHA1: bdb348353a2203deb4b767914fa1bd7248dd728b
+                SHA256: a08e79c386083d875014c409c13d144e0a24386132980df11ff59737c8489eb1
+                SHA384: fa2729064b49e0d77540c1ee95d5f74acaf8eaf55197851a3a40383335f8113e51190bc48b552196edf8ac5cf0c89278
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        Signer:
+        -   SerialNumber: 7e59408d3c99c511a853fb2f73c03dc4
+            Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 SHA256 Code Signing CA
+            Version: 1
+    Imphash: 45bfe170e0cd654bc1e2ae3fca3ac3f4
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 37458813b5115cbf06552da28fefbbbb
+        SHA1: 1d1cafc73c97c6bcd2331f8777d90fdca57125a3
+        SHA256: faa08cb609a5b7be6bfdb61f1e4a5e8adf2f5a1d2492f262483df7326934f5d4
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2016-09-05 00:43:33'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - IofCompleteRequest
+    - MmGetSystemRoutineAddress
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - IoDeleteDevice
+    Imports:
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: 002a58b90a589913a07012253662c98c
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: b2f23c03be4553a744ff25735a80073c
+        SHA1: 2703d60c8f12df9d6adf5ae475bfeb1786486888
+        SHA256: 46ffd109664b6694974986a39d508002d564434d60a0fb9f861401f2cb2c83f1
+    SHA1: 723fd9dd0957403ed131c72340e1996648f77a48
+    SHA256: 2b188ae51ec3be082e4d08f7483777ec5e66d30e393a4e9b5b9dc9af93d1f09b
+    Sections:
+        .text:
+            Entropy: 5.848826218029174
+            Virtual Size: '0x4e0'
+        .data:
+            Entropy: -0.0
+            Virtual Size: '0xc0'
+        .pdata:
+            Entropy: 3.006469661076665
+            Virtual Size: '0x48'
+        .info:
+            Entropy: 1.3665783978789787
+            Virtual Size: '0xa0'
+        INIT:
+            Entropy: 4.123682579107587
+            Virtual Size: '0x114'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=JP, ST=Osaka, L=Chuo,ku, O=CAPCOM Co.,Ltd., OU=R&D Asset Management
+                Section, CN=CAPCOM Co.,Ltd.
+            ValidFrom: '2016-05-02 00:00:00'
+            ValidTo: '2017-05-02 23:59:59'
+            Signature: 6b29c609e5a3bc4d2e3b59a22b42cfdcf409104be6cc7767624c4f96d585ef8243554de2513754867f64e7fdd39b00956903eee7ac6087641b82d8d49548202b8349085d9298c8e2498f2094190aa46cdda0510d937d4ab73ba469229672407822b47c4f1312475a14adcb291a101f0360acdcfa64a6aac9147b034fcea762c2a68a103885208922461990ef0bf3e602ba942257b36604ef4832c715d5320b99d5fd5ba7a76128ed6d0ba7cf90c4362ee2a96422fa4a69d5af070babf4ad786adfa43a21d1ae93fedfcef13b7e2f56b7c619f7d40bcaf8756e09797a9928daa90a582c8e7180cdb62f47c0873cc708f3e396820a7fdef929190fe86dea0b2566
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 7e59408d3c99c511a853fb2f73c03dc4
+            Version: 3
+            TBS:
+                MD5: a9f59eaae33b89f4e1abd1f49343dcac
+                SHA1: 070bcfc8c776cb0c28f80c39c84633e233bea90a
+                SHA256: 30107b5e2bcaa8ae8a2c0682c78b4b79377ca56f6a84c5610ebfc0adcf7b21ad
+                SHA384: b2dfce32fc217b83ce010a7f866e8dfc1dea72f11580521aa400c155b924432707abf72f279939ca1136d84800d445cf
+        -   Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 SHA256 Code Signing CA
+            ValidFrom: '2013-12-10 00:00:00'
+            ValidTo: '2023-12-09 23:59:59'
+            Signature: 13851a1e69a937f7a0bda4af7e1d6153fe9d8c5e0ca6751e781723ddfdec1a035539fb7195c7655aa78e30d2445a61db706fda2105c22e73ba49f1d193fe5dc9cd5e03e0899e3f741ed7f7388ba9d6cfbb352f3358a89256d1c84d3b82e6798416fc28b0b147f31da23eee87d9a67fa456a53fad842e29de7cbca8aaa33d0401eaba93a20e502229174c87e43a115fd6a425899b056b2fb4c9014c277b0bac190522a060153fdac9fb4d4c8ffb726777fd2794c7ba350e8849fe8dfd28af4a12bd0db39705de440c15fa362b03dcc15001f1a1115d14e5e2bd274b54be2b845e0fa6c374050aef97c38922b11f77f3bdcd43d4f14ca93fb58b84af64f2d01421
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 3d78d7f9764960b2617df4f01eca862a
+            Version: 3
+            TBS:
+                MD5: 1f056ff7d5f874984dc605402b7cb042
+                SHA1: bdb348353a2203deb4b767914fa1bd7248dd728b
+                SHA256: a08e79c386083d875014c409c13d144e0a24386132980df11ff59737c8489eb1
+                SHA384: fa2729064b49e0d77540c1ee95d5f74acaf8eaf55197851a3a40383335f8113e51190bc48b552196edf8ac5cf0c89278
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        Signer:
+        -   SerialNumber: 7e59408d3c99c511a853fb2f73c03dc4
+            Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 SHA256 Code Signing CA
+            Version: 1
+    Imphash: 45bfe170e0cd654bc1e2ae3fca3ac3f4
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 37458813b5115cbf06552da28fefbbbb
+        SHA1: 1d1cafc73c97c6bcd2331f8777d90fdca57125a3
+        SHA256: faa08cb609a5b7be6bfdb61f1e4a5e8adf2f5a1d2492f262483df7326934f5d4
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2016-09-05 00:43:33'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - IofCompleteRequest
+    - MmGetSystemRoutineAddress
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - IoDeleteDevice
+    Imports:
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: 524cd77f4c100cf20af4004f740b0268
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: b2f23c03be4553a744ff25735a80073c
+        SHA1: 2703d60c8f12df9d6adf5ae475bfeb1786486888
+        SHA256: 46ffd109664b6694974986a39d508002d564434d60a0fb9f861401f2cb2c83f1
+    SHA1: b70321d078f2e9c9826303bdc87ba9b7be290807
+    SHA256: ac26150bc98ee0419a8b23e4cda3566e0eba94718ba8059346a9696401e9793d
+    Sections:
+        .text:
+            Entropy: 5.848826218029174
+            Virtual Size: '0x4e0'
+        .data:
+            Entropy: -0.0
+            Virtual Size: '0xc0'
+        .pdata:
+            Entropy: 3.006469661076665
+            Virtual Size: '0x48'
+        .info:
+            Entropy: 1.3665783978789787
+            Virtual Size: '0xa0'
+        INIT:
+            Entropy: 4.123682579107587
+            Virtual Size: '0x114'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=California, L=Santa Clara, O=NVIDIA Corporation, OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, OU=Software, CN=NVIDIA
+                Corporation
+            ValidFrom: '2011-09-02 00:00:00'
+            ValidTo: '2014-09-01 23:59:59'
+            Signature: 5238793a97b2868da546597dbe0a1fba197ae635b9f53b53e26758194d749767e05fb1ce407fd31469376b37c67d5d48bc834f970ac733cd63d557e8a3be20a1fbf9d09e7a5c6c4ebd6fc18a68d0842d2ffdf6f79142d914c6521d227014040fa12f2afb3878aa065cfbed7fa29091b4fe54ea6237a0e1f8f183d0573ebb5bfe712cee4c49bd0b2f40c33bfcf0c7de0bc51ce01a70d14072d4d01216f36e388159220a4d8e3250ddccd71c7ef8a93a26edda2e959b598703a85fa391630e052454e31390dd82d69afee5df2f287bdce8f45f6363c27e6e23ab92faefc7e8d78c10cc1f936f33c36a134cb8820b5749ff479f70834bd99d8e15ad79a1cb3d7ebf
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 43bb437d609866286dd839e1d00309f5
+            Version: 3
+            TBS:
+                MD5: cef292b5c6cdb07e480ccbba0c9d56d1
+                SHA1: 15c37dbebe6fcc77108e3d7ad982676d3d5e77f7
+                SHA256: 3cb152375fa9e694fd2f9167c382005166871c783774997df1a42e0b6013d82a
+                SHA384: e64427dea71a71110ebc317f3552cd7193c5743f72d5cac9257abe80346d15ee42930d5a85e16c02ea06f56c7e8811fb
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 43bb437d609866286dd839e1d00309f5
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 45bfe170e0cd654bc1e2ae3fca3ac3f4
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 37458813b5115cbf06552da28fefbbbb
+        SHA1: 1d1cafc73c97c6bcd2331f8777d90fdca57125a3
+        SHA256: faa08cb609a5b7be6bfdb61f1e4a5e8adf2f5a1d2492f262483df7326934f5d4
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2016-09-05 00:43:33'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - IofCompleteRequest
+    - MmGetSystemRoutineAddress
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - IoDeleteDevice
+    Imports:
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: 1f15a513abc039533ca996552ba27e51
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: b2f23c03be4553a744ff25735a80073c
+        SHA1: 2703d60c8f12df9d6adf5ae475bfeb1786486888
+        SHA256: 46ffd109664b6694974986a39d508002d564434d60a0fb9f861401f2cb2c83f1
+    SHA1: 91530e1e1fb25a26f3e0d6587200ddbaecb45c74
+    SHA256: 54488a8c7da53222f25b6ed74b0dedc55d00f5fa80f4eaf6daac28f7c3528876
+    Sections:
+        .text:
+            Entropy: 5.848826218029174
+            Virtual Size: '0x4e0'
+        .data:
+            Entropy: -0.0
+            Virtual Size: '0xc0'
+        .pdata:
+            Entropy: 3.006469661076665
+            Virtual Size: '0x48'
+        .info:
+            Entropy: 1.3665783978789787
+            Virtual Size: '0xa0'
+        INIT:
+            Entropy: 4.123682579107587
+            Virtual Size: '0x114'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=JP, ST=Osaka, L=Chuo,ku, O=CAPCOM Co.,Ltd., OU=R&D Asset Management
+                Section, CN=CAPCOM Co.,Ltd.
+            ValidFrom: '2016-05-02 00:00:00'
+            ValidTo: '2017-05-02 23:59:59'
+            Signature: 6b29c609e5a3bc4d2e3b59a22b42cfdcf409104be6cc7767624c4f96d585ef8243554de2513754867f64e7fdd39b00956903eee7ac6087641b82d8d49548202b8349085d9298c8e2498f2094190aa46cdda0510d937d4ab73ba469229672407822b47c4f1312475a14adcb291a101f0360acdcfa64a6aac9147b034fcea762c2a68a103885208922461990ef0bf3e602ba942257b36604ef4832c715d5320b99d5fd5ba7a76128ed6d0ba7cf90c4362ee2a96422fa4a69d5af070babf4ad786adfa43a21d1ae93fedfcef13b7e2f56b7c619f7d40bcaf8756e09797a9928daa90a582c8e7180cdb62f47c0873cc708f3e396820a7fdef929190fe86dea0b2566
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 7e59408d3c99c511a853fb2f73c03dc4
+            Version: 3
+            TBS:
+                MD5: a9f59eaae33b89f4e1abd1f49343dcac
+                SHA1: 070bcfc8c776cb0c28f80c39c84633e233bea90a
+                SHA256: 30107b5e2bcaa8ae8a2c0682c78b4b79377ca56f6a84c5610ebfc0adcf7b21ad
+                SHA384: b2dfce32fc217b83ce010a7f866e8dfc1dea72f11580521aa400c155b924432707abf72f279939ca1136d84800d445cf
+        -   Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 SHA256 Code Signing CA
+            ValidFrom: '2013-12-10 00:00:00'
+            ValidTo: '2023-12-09 23:59:59'
+            Signature: 13851a1e69a937f7a0bda4af7e1d6153fe9d8c5e0ca6751e781723ddfdec1a035539fb7195c7655aa78e30d2445a61db706fda2105c22e73ba49f1d193fe5dc9cd5e03e0899e3f741ed7f7388ba9d6cfbb352f3358a89256d1c84d3b82e6798416fc28b0b147f31da23eee87d9a67fa456a53fad842e29de7cbca8aaa33d0401eaba93a20e502229174c87e43a115fd6a425899b056b2fb4c9014c277b0bac190522a060153fdac9fb4d4c8ffb726777fd2794c7ba350e8849fe8dfd28af4a12bd0db39705de440c15fa362b03dcc15001f1a1115d14e5e2bd274b54be2b845e0fa6c374050aef97c38922b11f77f3bdcd43d4f14ca93fb58b84af64f2d01421
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 3d78d7f9764960b2617df4f01eca862a
+            Version: 3
+            TBS:
+                MD5: 1f056ff7d5f874984dc605402b7cb042
+                SHA1: bdb348353a2203deb4b767914fa1bd7248dd728b
+                SHA256: a08e79c386083d875014c409c13d144e0a24386132980df11ff59737c8489eb1
+                SHA384: fa2729064b49e0d77540c1ee95d5f74acaf8eaf55197851a3a40383335f8113e51190bc48b552196edf8ac5cf0c89278
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        Signer:
+        -   SerialNumber: 7e59408d3c99c511a853fb2f73c03dc4
+            Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 SHA256 Code Signing CA
+            Version: 1
+    Imphash: 45bfe170e0cd654bc1e2ae3fca3ac3f4
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 37458813b5115cbf06552da28fefbbbb
+        SHA1: 1d1cafc73c97c6bcd2331f8777d90fdca57125a3
+        SHA256: faa08cb609a5b7be6bfdb61f1e4a5e8adf2f5a1d2492f262483df7326934f5d4
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2016-09-05 00:43:33'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - IofCompleteRequest
+    - MmGetSystemRoutineAddress
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - IoDeleteDevice
+    Imports:
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: 394e290aff9d4e78e504cedfb2d99350
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: b2f23c03be4553a744ff25735a80073c
+        SHA1: 2703d60c8f12df9d6adf5ae475bfeb1786486888
+        SHA256: 46ffd109664b6694974986a39d508002d564434d60a0fb9f861401f2cb2c83f1
+    SHA1: 59e6effdb23644ca03e60618095dc172a28f846e
+    SHA256: c2562e0101cb39906c73b96fc15a6e6e3edd710b19858f6bbd0c90f1561b6038
+    Sections:
+        .text:
+            Entropy: 5.848826218029174
+            Virtual Size: '0x4e0'
+        .data:
+            Entropy: -0.0
+            Virtual Size: '0xc0'
+        .pdata:
+            Entropy: 3.006469661076665
+            Virtual Size: '0x48'
+        .info:
+            Entropy: 1.3665783978789787
+            Virtual Size: '0xa0'
+        INIT:
+            Entropy: 4.123682579107587
+            Virtual Size: '0x114'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=JP, ST=Osaka, L=Chuo,ku, O=CAPCOM Co.,Ltd., OU=R&D Asset Management
+                Section, CN=CAPCOM Co.,Ltd.
+            ValidFrom: '2016-05-02 00:00:00'
+            ValidTo: '2017-05-02 23:59:59'
+            Signature: 6b29c609e5a3bc4d2e3b59a22b42cfdcf409104be6cc7767624c4f96d585ef8243554de2513754867f64e7fdd39b00956903eee7ac6087641b82d8d49548202b8349085d9298c8e2498f2094190aa46cdda0510d937d4ab73ba469229672407822b47c4f1312475a14adcb291a101f0360acdcfa64a6aac9147b034fcea762c2a68a103885208922461990ef0bf3e602ba942257b36604ef4832c715d5320b99d5fd5ba7a76128ed6d0ba7cf90c4362ee2a96422fa4a69d5af070babf4ad786adfa43a21d1ae93fedfcef13b7e2f56b7c619f7d40bcaf8756e09797a9928daa90a582c8e7180cdb62f47c0873cc708f3e396820a7fdef929190fe86dea0b2566
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 7e59408d3c99c511a853fb2f73c03dc4
+            Version: 3
+            TBS:
+                MD5: a9f59eaae33b89f4e1abd1f49343dcac
+                SHA1: 070bcfc8c776cb0c28f80c39c84633e233bea90a
+                SHA256: 30107b5e2bcaa8ae8a2c0682c78b4b79377ca56f6a84c5610ebfc0adcf7b21ad
+                SHA384: b2dfce32fc217b83ce010a7f866e8dfc1dea72f11580521aa400c155b924432707abf72f279939ca1136d84800d445cf
+        -   Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 SHA256 Code Signing CA
+            ValidFrom: '2013-12-10 00:00:00'
+            ValidTo: '2023-12-09 23:59:59'
+            Signature: 13851a1e69a937f7a0bda4af7e1d6153fe9d8c5e0ca6751e781723ddfdec1a035539fb7195c7655aa78e30d2445a61db706fda2105c22e73ba49f1d193fe5dc9cd5e03e0899e3f741ed7f7388ba9d6cfbb352f3358a89256d1c84d3b82e6798416fc28b0b147f31da23eee87d9a67fa456a53fad842e29de7cbca8aaa33d0401eaba93a20e502229174c87e43a115fd6a425899b056b2fb4c9014c277b0bac190522a060153fdac9fb4d4c8ffb726777fd2794c7ba350e8849fe8dfd28af4a12bd0db39705de440c15fa362b03dcc15001f1a1115d14e5e2bd274b54be2b845e0fa6c374050aef97c38922b11f77f3bdcd43d4f14ca93fb58b84af64f2d01421
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 3d78d7f9764960b2617df4f01eca862a
+            Version: 3
+            TBS:
+                MD5: 1f056ff7d5f874984dc605402b7cb042
+                SHA1: bdb348353a2203deb4b767914fa1bd7248dd728b
+                SHA256: a08e79c386083d875014c409c13d144e0a24386132980df11ff59737c8489eb1
+                SHA384: fa2729064b49e0d77540c1ee95d5f74acaf8eaf55197851a3a40383335f8113e51190bc48b552196edf8ac5cf0c89278
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        Signer:
+        -   SerialNumber: 7e59408d3c99c511a853fb2f73c03dc4
+            Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 SHA256 Code Signing CA
+            Version: 1
+    Imphash: 45bfe170e0cd654bc1e2ae3fca3ac3f4
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 37458813b5115cbf06552da28fefbbbb
+        SHA1: 1d1cafc73c97c6bcd2331f8777d90fdca57125a3
+        SHA256: faa08cb609a5b7be6bfdb61f1e4a5e8adf2f5a1d2492f262483df7326934f5d4
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2016-09-05 00:43:33'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - IofCompleteRequest
+    - MmGetSystemRoutineAddress
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - IoDeleteDevice
+    Imports:
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: d4119a5cb07ce945c6549eae74e39731
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: b2f23c03be4553a744ff25735a80073c
+        SHA1: 2703d60c8f12df9d6adf5ae475bfeb1786486888
+        SHA256: 46ffd109664b6694974986a39d508002d564434d60a0fb9f861401f2cb2c83f1
+    SHA1: cfdb2085eaf729c7967f5d4efe16da3d50d07a23
+    SHA256: d9e8be11a19699903016f39f95c9c5bf1a39774ecea73670f2c3ed5385ebfe4c
+    Sections:
+        .text:
+            Entropy: 5.848826218029174
+            Virtual Size: '0x4e0'
+        .data:
+            Entropy: -0.0
+            Virtual Size: '0xc0'
+        .pdata:
+            Entropy: 3.006469661076665
+            Virtual Size: '0x48'
+        .info:
+            Entropy: 1.3665783978789787
+            Virtual Size: '0xa0'
+        INIT:
+            Entropy: 4.123682579107587
+            Virtual Size: '0x114'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=JP, ST=Osaka, L=Chuo,ku, O=CAPCOM Co.,Ltd., OU=R&D Asset Management
+                Section, CN=CAPCOM Co.,Ltd.
+            ValidFrom: '2016-05-02 00:00:00'
+            ValidTo: '2017-05-02 23:59:59'
+            Signature: 6b29c609e5a3bc4d2e3b59a22b42cfdcf409104be6cc7767624c4f96d585ef8243554de2513754867f64e7fdd39b00956903eee7ac6087641b82d8d49548202b8349085d9298c8e2498f2094190aa46cdda0510d937d4ab73ba469229672407822b47c4f1312475a14adcb291a101f0360acdcfa64a6aac9147b034fcea762c2a68a103885208922461990ef0bf3e602ba942257b36604ef4832c715d5320b99d5fd5ba7a76128ed6d0ba7cf90c4362ee2a96422fa4a69d5af070babf4ad786adfa43a21d1ae93fedfcef13b7e2f56b7c619f7d40bcaf8756e09797a9928daa90a582c8e7180cdb62f47c0873cc708f3e396820a7fdef929190fe86dea0b2566
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 7e59408d3c99c511a853fb2f73c03dc4
+            Version: 3
+            TBS:
+                MD5: a9f59eaae33b89f4e1abd1f49343dcac
+                SHA1: 070bcfc8c776cb0c28f80c39c84633e233bea90a
+                SHA256: 30107b5e2bcaa8ae8a2c0682c78b4b79377ca56f6a84c5610ebfc0adcf7b21ad
+                SHA384: b2dfce32fc217b83ce010a7f866e8dfc1dea72f11580521aa400c155b924432707abf72f279939ca1136d84800d445cf
+        -   Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 SHA256 Code Signing CA
+            ValidFrom: '2013-12-10 00:00:00'
+            ValidTo: '2023-12-09 23:59:59'
+            Signature: 13851a1e69a937f7a0bda4af7e1d6153fe9d8c5e0ca6751e781723ddfdec1a035539fb7195c7655aa78e30d2445a61db706fda2105c22e73ba49f1d193fe5dc9cd5e03e0899e3f741ed7f7388ba9d6cfbb352f3358a89256d1c84d3b82e6798416fc28b0b147f31da23eee87d9a67fa456a53fad842e29de7cbca8aaa33d0401eaba93a20e502229174c87e43a115fd6a425899b056b2fb4c9014c277b0bac190522a060153fdac9fb4d4c8ffb726777fd2794c7ba350e8849fe8dfd28af4a12bd0db39705de440c15fa362b03dcc15001f1a1115d14e5e2bd274b54be2b845e0fa6c374050aef97c38922b11f77f3bdcd43d4f14ca93fb58b84af64f2d01421
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 3d78d7f9764960b2617df4f01eca862a
+            Version: 3
+            TBS:
+                MD5: 1f056ff7d5f874984dc605402b7cb042
+                SHA1: bdb348353a2203deb4b767914fa1bd7248dd728b
+                SHA256: a08e79c386083d875014c409c13d144e0a24386132980df11ff59737c8489eb1
+                SHA384: fa2729064b49e0d77540c1ee95d5f74acaf8eaf55197851a3a40383335f8113e51190bc48b552196edf8ac5cf0c89278
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        Signer:
+        -   SerialNumber: 7e59408d3c99c511a853fb2f73c03dc4
+            Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 SHA256 Code Signing CA
+            Version: 1
+    Imphash: 45bfe170e0cd654bc1e2ae3fca3ac3f4
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 37458813b5115cbf06552da28fefbbbb
+        SHA1: 1d1cafc73c97c6bcd2331f8777d90fdca57125a3
+        SHA256: faa08cb609a5b7be6bfdb61f1e4a5e8adf2f5a1d2492f262483df7326934f5d4
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2016-09-05 00:43:33'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - IofCompleteRequest
+    - MmGetSystemRoutineAddress
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - IoDeleteDevice
+    Imports:
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: a346417e9ae2c17a8fbf73302eeb611d
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: b2f23c03be4553a744ff25735a80073c
+        SHA1: 2703d60c8f12df9d6adf5ae475bfeb1786486888
+        SHA256: 46ffd109664b6694974986a39d508002d564434d60a0fb9f861401f2cb2c83f1
+    SHA1: 756fd2b82bf92538786b1bd283c6ef2f9794761e
+    SHA256: 2a11b4f125d8537e69af7b684494e49ef2a30a219634988e278177fa36c934eb
+    Sections:
+        .text:
+            Entropy: 5.848826218029174
+            Virtual Size: '0x4e0'
+        .data:
+            Entropy: -0.0
+            Virtual Size: '0xc0'
+        .pdata:
+            Entropy: 3.006469661076665
+            Virtual Size: '0x48'
+        .info:
+            Entropy: 1.3665783978789787
+            Virtual Size: '0xa0'
+        INIT:
+            Entropy: 4.123682579107587
+            Virtual Size: '0x114'
+    Signature: ''
+    Signatures: {}
+    Imphash: 45bfe170e0cd654bc1e2ae3fca3ac3f4
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/b72f7335-6f27-42c5-85f5-ed7eb9016eac.yaml b/yaml/b72f7335-6f27-42c5-85f5-ed7eb9016eac.yaml
index 6c293b3b3..8b1c40e89 100644
--- a/yaml/b72f7335-6f27-42c5-85f5-ed7eb9016eac.yaml
+++ b/yaml/b72f7335-6f27-42c5-85f5-ed7eb9016eac.yaml
@@ -1,214 +1,215 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: b72f7335-6f27-42c5-85f5-ed7eb9016eac
+Tags:
+- AsrAutoChkUpdDrv.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create AsrAutoChkUpdDrv.sys binPath=C:\windows\temp\AsrAutoChkUpdDrv.sys     type=kernel
-    && sc.exe start AsrAutoChkUpdDrv.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/2aa1b08f47fbb1e2bd2e4a492f5d616968e703e1359a921f62b38b8e4662f0c4.yara
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: b72f7335-6f27-42c5-85f5-ed7eb9016eac
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 18d039cb3a6ac52395a74fb8189c4110
-    SHA1: 2eaa89604fa6e129825219b0debb59e775949672
-    SHA256: d3d601c77d4bb367ab3105920ca8435aa775448a49c1eda6ac6f46ee5d8709cb
-  Company: ASRock Incorporation
-  Copyright: Copyright (C) 2012 ASRock Incorporation
-  CreationTimestamp: '2014-03-10 04:33:09'
-  Date: ''
-  Description: AsrAutoChkUpdDrv Driver
-  ExportedFunctions: ''
-  FileVersion: '1.00.00.0000 built by: WinDDK'
-  Filename: AsrAutoChkUpdDrv.sys
-  ImportedFunctions:
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - MmFreeContiguousMemorySpecifyCache
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - RtlQueryRegistryValues
-  - MmUnmapIoSpace
-  - IoFreeMdl
-  - MmGetPhysicalAddress
-  - IoBuildAsynchronousFsdRequest
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - IoFreeIrp
-  - RtlCompareMemory
-  - MmUnlockPages
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - MmAllocateContiguousMemorySpecifyCache
-  - IofCallDriver
-  - KeBugCheckEx
-  - ExAllocatePoolWithTag
-  - KeStallExecutionProcessor
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: AsrAutoChkUpdDrv.sys
-  MD5: 75d6c3469347de1cdfa3b1b9f1544208
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: AsrAutoChkUpdDrv.sys
-  Product: AsrAutoChkUpdDrv Driver
-  ProductVersion: 1.00.00.0000
-  Publisher: ASROCK Incorporation
-  RichPEHeaderHash:
-    MD5: a84c01eca8a6ca8e5221dbca3000c16e
-    SHA1: ff0ae5ad07f99ad2ac40b53c5215335a5d84e926
-    SHA256: 961a144592952461a785ff1f4d4f55c4132016b9fbbce3d881edf6131038533b
-  SHA1: 6523b3fd87de39eb5db1332e4523ce99556077dc
-  SHA256: 2aa1b08f47fbb1e2bd2e4a492f5d616968e703e1359a921f62b38b8e4662f0c4
-  Sections:
-    .text:
-      Entropy: 6.321005793860526
-      Virtual Size: '0x1c18'
-    .rdata:
-      Entropy: 4.697860289936982
-      Virtual Size: '0x264'
-    .data:
-      Entropy: 0.46979092711892695
-      Virtual Size: '0x130'
-    .pdata:
-      Entropy: 3.68915035708827
-      Virtual Size: '0xfc'
-    INIT:
-      Entropy: 5.38193379843065
-      Virtual Size: '0x4f8'
-    .rsrc:
-      Entropy: 3.3309960115957225
-      Virtual Size: '0x3e0'
-  Signature:
-  - ASROCK Incorporation
-  - VeriSign Class 3 Code Signing 2010 CA
-  - VeriSign
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=TW, ST=TAIWAN, L=Taipei, O=ASROCK Incorporation, OU=Digital ID Class
-        3 , Microsoft Software Validation v2, CN=ASROCK Incorporation
-      ValidFrom: '2011-03-07 00:00:00'
-      ValidTo: '2014-04-03 23:59:59'
-      Signature: e457550022e1dc5fe5a4f5162ea4664b819458f2359662f932d0d95e5ea6fd9ddafef2e213e9b4a46fa9acd6d5a07919479d127beb7ec1c11f0bc376b8ebfa7f815ec4f9b97646c2297359d2d8fda71a21143f33696ca8f3e1f830ef73cddea63b38fe440779ac5ef4885c3e5158183efbd50ecac394edbe86ad65c8245bf56719cd0dd5a13b2baad92c65ab6b2fbfc7aad423fc082e067d6080a3fbc634e58361bb6aa25ef376c78795d025f425faf64d8771549f3f7acfa1a55d4d7c4d8da57cd78411925d37a515cccbd1f978fb26abd268b80ff67b64bd4262e63b04d4015c8af232d9f117bfcec950c5612adbbcd70106d5712f5c70c131fbd19db21e6c
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 45dfec7bb3d378c97feb24efd699bb4e
-      Version: 3
-      TBS:
-        MD5: 544af7037e76dccfe47a9dffd9b847fd
-        SHA1: ea7dceadac1b76a4a0ed5624632072f8aa6ce02c
-        SHA256: 87f5b27417a56e4175d0e0acb7a831961963fad217e5d82fbf699287e8fdab25
-        SHA384: 2b6eb82e226dcec715cc7c98e2bf9a9a0dcb3f4e471827fe95d9dbd452ce459c6ae9525771c673800fa84b679b14db89
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 45dfec7bb3d378c97feb24efd699bb4e
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 9d7183c1d8107495354c4fad9dae3452
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create AsrAutoChkUpdDrv.sys binPath=C:\windows\temp\AsrAutoChkUpdDrv.sys     type=kernel
+        && sc.exe start AsrAutoChkUpdDrv.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://github.com/namazso/physmem_drivers
-Tags:
-- AsrAutoChkUpdDrv.sys
-Verified: 'TRUE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/2aa1b08f47fbb1e2bd2e4a492f5d616968e703e1359a921f62b38b8e4662f0c4.yara
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 18d039cb3a6ac52395a74fb8189c4110
+        SHA1: 2eaa89604fa6e129825219b0debb59e775949672
+        SHA256: d3d601c77d4bb367ab3105920ca8435aa775448a49c1eda6ac6f46ee5d8709cb
+    Company: ASRock Incorporation
+    Copyright: Copyright (C) 2012 ASRock Incorporation
+    CreationTimestamp: '2014-03-10 04:33:09'
+    Date: ''
+    Description: AsrAutoChkUpdDrv Driver
+    ExportedFunctions: ''
+    FileVersion: '1.00.00.0000 built by: WinDDK'
+    Filename: AsrAutoChkUpdDrv.sys
+    ImportedFunctions:
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - MmFreeContiguousMemorySpecifyCache
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - RtlQueryRegistryValues
+    - MmUnmapIoSpace
+    - IoFreeMdl
+    - MmGetPhysicalAddress
+    - IoBuildAsynchronousFsdRequest
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - IoFreeIrp
+    - RtlCompareMemory
+    - MmUnlockPages
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - MmAllocateContiguousMemorySpecifyCache
+    - IofCallDriver
+    - KeBugCheckEx
+    - ExAllocatePoolWithTag
+    - KeStallExecutionProcessor
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: AsrAutoChkUpdDrv.sys
+    MD5: 75d6c3469347de1cdfa3b1b9f1544208
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: AsrAutoChkUpdDrv.sys
+    Product: AsrAutoChkUpdDrv Driver
+    ProductVersion: 1.00.00.0000
+    Publisher: ASROCK Incorporation
+    RichPEHeaderHash:
+        MD5: a84c01eca8a6ca8e5221dbca3000c16e
+        SHA1: ff0ae5ad07f99ad2ac40b53c5215335a5d84e926
+        SHA256: 961a144592952461a785ff1f4d4f55c4132016b9fbbce3d881edf6131038533b
+    SHA1: 6523b3fd87de39eb5db1332e4523ce99556077dc
+    SHA256: 2aa1b08f47fbb1e2bd2e4a492f5d616968e703e1359a921f62b38b8e4662f0c4
+    Sections:
+        .text:
+            Entropy: 6.321005793860526
+            Virtual Size: '0x1c18'
+        .rdata:
+            Entropy: 4.697860289936982
+            Virtual Size: '0x264'
+        .data:
+            Entropy: 0.46979092711892695
+            Virtual Size: '0x130'
+        .pdata:
+            Entropy: 3.68915035708827
+            Virtual Size: '0xfc'
+        INIT:
+            Entropy: 5.38193379843065
+            Virtual Size: '0x4f8'
+        .rsrc:
+            Entropy: 3.3309960115957225
+            Virtual Size: '0x3e0'
+    Signature:
+    - ASROCK Incorporation
+    - VeriSign Class 3 Code Signing 2010 CA
+    - VeriSign
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=TW, ST=TAIWAN, L=Taipei, O=ASROCK Incorporation, OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, CN=ASROCK Incorporation
+            ValidFrom: '2011-03-07 00:00:00'
+            ValidTo: '2014-04-03 23:59:59'
+            Signature: e457550022e1dc5fe5a4f5162ea4664b819458f2359662f932d0d95e5ea6fd9ddafef2e213e9b4a46fa9acd6d5a07919479d127beb7ec1c11f0bc376b8ebfa7f815ec4f9b97646c2297359d2d8fda71a21143f33696ca8f3e1f830ef73cddea63b38fe440779ac5ef4885c3e5158183efbd50ecac394edbe86ad65c8245bf56719cd0dd5a13b2baad92c65ab6b2fbfc7aad423fc082e067d6080a3fbc634e58361bb6aa25ef376c78795d025f425faf64d8771549f3f7acfa1a55d4d7c4d8da57cd78411925d37a515cccbd1f978fb26abd268b80ff67b64bd4262e63b04d4015c8af232d9f117bfcec950c5612adbbcd70106d5712f5c70c131fbd19db21e6c
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 45dfec7bb3d378c97feb24efd699bb4e
+            Version: 3
+            TBS:
+                MD5: 544af7037e76dccfe47a9dffd9b847fd
+                SHA1: ea7dceadac1b76a4a0ed5624632072f8aa6ce02c
+                SHA256: 87f5b27417a56e4175d0e0acb7a831961963fad217e5d82fbf699287e8fdab25
+                SHA384: 2b6eb82e226dcec715cc7c98e2bf9a9a0dcb3f4e471827fe95d9dbd452ce459c6ae9525771c673800fa84b679b14db89
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 45dfec7bb3d378c97feb24efd699bb4e
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 9d7183c1d8107495354c4fad9dae3452
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/b745b5da-9cd6-4b3a-badf-fbe487497705.yaml b/yaml/b745b5da-9cd6-4b3a-badf-fbe487497705.yaml
index eb71ced0b..6a7de2aa2 100644
--- a/yaml/b745b5da-9cd6-4b3a-badf-fbe487497705.yaml
+++ b/yaml/b745b5da-9cd6-4b3a-badf-fbe487497705.yaml
@@ -1,472 +1,475 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: b745b5da-9cd6-4b3a-badf-fbe487497705
+Tags:
+- WINIODrv.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create WINIODrv.sys binPath=C:\windows\temp\WINIODrv.sys type=kernel
-    && sc.exe start WINIODrv.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection: []
-Id: b745b5da-9cd6-4b3a-badf-fbe487497705
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 83510d09c4d0f9f56c0d6caf40ee63cb
-    SHA1: 40cc2318ffffd458023c8cd1e285a5ad51adf538
-    SHA256: b3cbb2b364a494f096e68dc48cca89799ed27e6b97b17633036e363a98fd4421
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2013-12-26 02:45:03'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: WINIODrv.sys
-  ImportedFunctions:
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ObReferenceObjectByHandle
-  - IofCompleteRequest
-  - ZwClose
-  - ZwOpenSection
-  - ZwMapViewOfSection
-  - ZwUnmapViewOfSection
-  - ObfDereferenceObject
-  - RtlInitUnicodeString
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: a86150f2e29b35369afa2cafd7aa9764
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 4fa2b4fece7005e65b7c917adbd2fed0
-    SHA1: c3d9ecbaf78dd9c6b329072c9b8cdb1c77c485a9
-    SHA256: 082bc8a899ded81d677a8f34d644585ab272678d3679261246ec1b676041a75f
-  SHA1: 460008b1ffd31792a6deadfa6280fb2a30c8a5d2
-  SHA256: 3243aab18e273a9b9c4280a57aecef278e10bfff19abb260d7a7820e41739099
-  Sections:
-    .text:
-      Entropy: 5.996013008061167
-      Virtual Size: '0xa3e'
-    .rdata:
-      Entropy: 3.4730731296999338
-      Virtual Size: '0x22c'
-    .data:
-      Entropy: 0.5159719988134768
-      Virtual Size: '0x110'
-    .pdata:
-      Entropy: 3.330966436186793
-      Virtual Size: '0x6c'
-    INIT:
-      Entropy: 4.668334869829112
-      Virtual Size: '0x21e'
-    .reloc:
-      Entropy: 1.584962500721156
-      Virtual Size: '0xc'
-  Signature:
-  - Partner Tech(Shanghai)Co.,Ltd
-  - VeriSign Class 3 Code Signing 2010 CA
-  - VeriSign
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=CN, ST=shanghai, L=shanghai, O=Partner Tech(Shanghai)Co.,Ltd, OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=RD, CN=Partner Tech(Shanghai)Co.,Ltd
-      ValidFrom: '2013-07-29 00:00:00'
-      ValidTo: '2014-07-29 23:59:59'
-      Signature: 49130d705c6ee4c56abf0457045e851ad7d1b24a5c7f06c153e69cda05eec33218fa55a997eeafa781489d0cfb4aa23424818790cd532954cdb8b273ac4a50ac56833e9b80ed09ab6126322c8fe19d8f438bbdd058327039c0def160f3f42d7298ee90462742417e42351a0122cea0818200999f5f565b95da39b87344c7fb56cedceca3a2b5780ef9fda1e98649e6acec4ea5708d8f7b98d15ee76ba56cf561452943e49e91d6ed176856eb0c823d002e452d58f9082586667854de2abe9636f9d406efead995be7e004fa59b12143d4f7831e40debf91837d81d791e80405417b51020bf71bf04efb23936b4cdfec053e6f55d6f6dedbf7dfc60c4618db8e8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1402447b9e4c23e066ef2991f6975d79
-      Version: 3
-      TBS:
-        MD5: c92ee9843a1ef53fdbb6981acc61ef9d
-        SHA1: 4d1afa22d09fff91509bf1dfa475a4bf0fa2a9e3
-        SHA256: 6466b834fa28251da0cab5c20f24c707439c0704a56c079fb7270fddfda81207
-        SHA384: 5fc6336cf9990828f53fcd63e413c798effcf6938152043233727022b9816105d36f412ad3a278bd2404d27eee8ed438
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 1402447b9e4c23e066ef2991f6975d79
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 392aa6863da8d7c14ad7386026e93b58
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 792b743c370ad28281edd4801b22a31e
-    SHA1: 80ca9c9cce4b5e6afb92a56b5bfd954eca0ff690
-    SHA256: 9199979b9f3ea2108299d028373a6effcc41c81a46eecb430cc6653211d2913d
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2013-11-12 23:51:52'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: WINIODrv.sys
-  ImportedFunctions:
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ObReferenceObjectByHandle
-  - IofCompleteRequest
-  - ZwClose
-  - ZwOpenSection
-  - ZwMapViewOfSection
-  - ZwUnmapViewOfSection
-  - ObfDereferenceObject
-  - RtlInitUnicodeString
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: ad22a7b010de6f9c6f39c350a471a440
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 4fa2b4fece7005e65b7c917adbd2fed0
-    SHA1: c3d9ecbaf78dd9c6b329072c9b8cdb1c77c485a9
-    SHA256: 082bc8a899ded81d677a8f34d644585ab272678d3679261246ec1b676041a75f
-  SHA1: 738b7918d85e5cb4395df9e3f6fc94ddad90e939
-  SHA256: 7cfa5e10dff8a99a5d544b011f676bc383991274c693e21e3af40cf6982adb8c
-  Sections:
-    .text:
-      Entropy: 5.999444932979183
-      Virtual Size: '0xa3e'
-    .rdata:
-      Entropy: 3.5082495920566763
-      Virtual Size: '0x22c'
-    .data:
-      Entropy: 0.5159719988134768
-      Virtual Size: '0x110'
-    .pdata:
-      Entropy: 3.330966436186793
-      Virtual Size: '0x6c'
-    INIT:
-      Entropy: 4.668334869829112
-      Virtual Size: '0x21e'
-    .reloc:
-      Entropy: 1.584962500721156
-      Virtual Size: '0xc'
-  Signature:
-  - Partner Tech(Shanghai)Co.,Ltd
-  - VeriSign Class 3 Code Signing 2010 CA
-  - VeriSign
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=CN, ST=shanghai, L=shanghai, O=Partner Tech(Shanghai)Co.,Ltd, OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=RD, CN=Partner Tech(Shanghai)Co.,Ltd
-      ValidFrom: '2013-07-29 00:00:00'
-      ValidTo: '2014-07-29 23:59:59'
-      Signature: 49130d705c6ee4c56abf0457045e851ad7d1b24a5c7f06c153e69cda05eec33218fa55a997eeafa781489d0cfb4aa23424818790cd532954cdb8b273ac4a50ac56833e9b80ed09ab6126322c8fe19d8f438bbdd058327039c0def160f3f42d7298ee90462742417e42351a0122cea0818200999f5f565b95da39b87344c7fb56cedceca3a2b5780ef9fda1e98649e6acec4ea5708d8f7b98d15ee76ba56cf561452943e49e91d6ed176856eb0c823d002e452d58f9082586667854de2abe9636f9d406efead995be7e004fa59b12143d4f7831e40debf91837d81d791e80405417b51020bf71bf04efb23936b4cdfec053e6f55d6f6dedbf7dfc60c4618db8e8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1402447b9e4c23e066ef2991f6975d79
-      Version: 3
-      TBS:
-        MD5: c92ee9843a1ef53fdbb6981acc61ef9d
-        SHA1: 4d1afa22d09fff91509bf1dfa475a4bf0fa2a9e3
-        SHA256: 6466b834fa28251da0cab5c20f24c707439c0704a56c079fb7270fddfda81207
-        SHA384: 5fc6336cf9990828f53fcd63e413c798effcf6938152043233727022b9816105d36f412ad3a278bd2404d27eee8ed438
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 1402447b9e4c23e066ef2991f6975d79
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 392aa6863da8d7c14ad7386026e93b58
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: b2fc995c9a92965a53437c30b53d7096
-    SHA1: c21043466942961203e751c9cebcd159e661fa1a
-    SHA256: 961012d06eeaabd9eff9b36173e566bf148a5c8f743f3329c70d8918eba26093
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2013-11-12 23:50:37'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: WINIODrv.sys
-  ImportedFunctions:
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ObReferenceObjectByHandle
-  - IofCompleteRequest
-  - ZwClose
-  - ZwOpenSection
-  - ZwMapViewOfSection
-  - ZwUnmapViewOfSection
-  - ObfDereferenceObject
-  - RtlInitUnicodeString
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: 0761c357aed5f591142edaefdf0c89c8
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 4fa2b4fece7005e65b7c917adbd2fed0
-    SHA1: c3d9ecbaf78dd9c6b329072c9b8cdb1c77c485a9
-    SHA256: 082bc8a899ded81d677a8f34d644585ab272678d3679261246ec1b676041a75f
-  SHA1: 43419df1f9a07430a18c5f3b3cc74de621be0f8e
-  SHA256: c9b49b52b493b53cd49c12c3fa9553e57c5394555b64e32d1208f5b96a5b8c6e
-  Sections:
-    .text:
-      Entropy: 5.997461818264163
-      Virtual Size: '0xa3e'
-    .rdata:
-      Entropy: 3.501234961607233
-      Virtual Size: '0x22c'
-    .data:
-      Entropy: 0.5159719988134768
-      Virtual Size: '0x110'
-    .pdata:
-      Entropy: 3.330966436186793
-      Virtual Size: '0x6c'
-    INIT:
-      Entropy: 4.668334869829112
-      Virtual Size: '0x21e'
-    .reloc:
-      Entropy: 1.584962500721156
-      Virtual Size: '0xc'
-  Signature:
-  - Partner Tech(Shanghai)Co.,Ltd
-  - VeriSign Class 3 Code Signing 2010 CA
-  - VeriSign
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=CN, ST=shanghai, L=shanghai, O=Partner Tech(Shanghai)Co.,Ltd, OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=RD, CN=Partner Tech(Shanghai)Co.,Ltd
-      ValidFrom: '2013-07-29 00:00:00'
-      ValidTo: '2014-07-29 23:59:59'
-      Signature: 49130d705c6ee4c56abf0457045e851ad7d1b24a5c7f06c153e69cda05eec33218fa55a997eeafa781489d0cfb4aa23424818790cd532954cdb8b273ac4a50ac56833e9b80ed09ab6126322c8fe19d8f438bbdd058327039c0def160f3f42d7298ee90462742417e42351a0122cea0818200999f5f565b95da39b87344c7fb56cedceca3a2b5780ef9fda1e98649e6acec4ea5708d8f7b98d15ee76ba56cf561452943e49e91d6ed176856eb0c823d002e452d58f9082586667854de2abe9636f9d406efead995be7e004fa59b12143d4f7831e40debf91837d81d791e80405417b51020bf71bf04efb23936b4cdfec053e6f55d6f6dedbf7dfc60c4618db8e8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1402447b9e4c23e066ef2991f6975d79
-      Version: 3
-      TBS:
-        MD5: c92ee9843a1ef53fdbb6981acc61ef9d
-        SHA1: 4d1afa22d09fff91509bf1dfa475a4bf0fa2a9e3
-        SHA256: 6466b834fa28251da0cab5c20f24c707439c0704a56c079fb7270fddfda81207
-        SHA384: 5fc6336cf9990828f53fcd63e413c798effcf6938152043233727022b9816105d36f412ad3a278bd2404d27eee8ed438
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 1402447b9e4c23e066ef2991f6975d79
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 392aa6863da8d7c14ad7386026e93b58
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create WINIODrv.sys binPath=C:\windows\temp\WINIODrv.sys type=kernel
+        && sc.exe start WINIODrv.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://github.com/namazso/physmem_drivers
-Tags:
-- WINIODrv.sys
-Verified: 'TRUE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 83510d09c4d0f9f56c0d6caf40ee63cb
+        SHA1: 40cc2318ffffd458023c8cd1e285a5ad51adf538
+        SHA256: b3cbb2b364a494f096e68dc48cca89799ed27e6b97b17633036e363a98fd4421
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2013-12-26 02:45:03'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: WINIODrv.sys
+    ImportedFunctions:
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - ObReferenceObjectByHandle
+    - IofCompleteRequest
+    - ZwClose
+    - ZwOpenSection
+    - ZwMapViewOfSection
+    - ZwUnmapViewOfSection
+    - ObfDereferenceObject
+    - RtlInitUnicodeString
+    - HalTranslateBusAddress
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: a86150f2e29b35369afa2cafd7aa9764
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 4fa2b4fece7005e65b7c917adbd2fed0
+        SHA1: c3d9ecbaf78dd9c6b329072c9b8cdb1c77c485a9
+        SHA256: 082bc8a899ded81d677a8f34d644585ab272678d3679261246ec1b676041a75f
+    SHA1: 460008b1ffd31792a6deadfa6280fb2a30c8a5d2
+    SHA256: 3243aab18e273a9b9c4280a57aecef278e10bfff19abb260d7a7820e41739099
+    Sections:
+        .text:
+            Entropy: 5.996013008061167
+            Virtual Size: '0xa3e'
+        .rdata:
+            Entropy: 3.4730731296999338
+            Virtual Size: '0x22c'
+        .data:
+            Entropy: 0.5159719988134768
+            Virtual Size: '0x110'
+        .pdata:
+            Entropy: 3.330966436186793
+            Virtual Size: '0x6c'
+        INIT:
+            Entropy: 4.668334869829112
+            Virtual Size: '0x21e'
+        .reloc:
+            Entropy: 1.584962500721156
+            Virtual Size: '0xc'
+    Signature:
+    - Partner Tech(Shanghai)Co.,Ltd
+    - VeriSign Class 3 Code Signing 2010 CA
+    - VeriSign
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=CN, ST=shanghai, L=shanghai, O=Partner Tech(Shanghai)Co.,Ltd,
+                OU=Digital ID Class 3 , Microsoft Software Validation v2, OU=RD, CN=Partner
+                Tech(Shanghai)Co.,Ltd
+            ValidFrom: '2013-07-29 00:00:00'
+            ValidTo: '2014-07-29 23:59:59'
+            Signature: 49130d705c6ee4c56abf0457045e851ad7d1b24a5c7f06c153e69cda05eec33218fa55a997eeafa781489d0cfb4aa23424818790cd532954cdb8b273ac4a50ac56833e9b80ed09ab6126322c8fe19d8f438bbdd058327039c0def160f3f42d7298ee90462742417e42351a0122cea0818200999f5f565b95da39b87344c7fb56cedceca3a2b5780ef9fda1e98649e6acec4ea5708d8f7b98d15ee76ba56cf561452943e49e91d6ed176856eb0c823d002e452d58f9082586667854de2abe9636f9d406efead995be7e004fa59b12143d4f7831e40debf91837d81d791e80405417b51020bf71bf04efb23936b4cdfec053e6f55d6f6dedbf7dfc60c4618db8e8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1402447b9e4c23e066ef2991f6975d79
+            Version: 3
+            TBS:
+                MD5: c92ee9843a1ef53fdbb6981acc61ef9d
+                SHA1: 4d1afa22d09fff91509bf1dfa475a4bf0fa2a9e3
+                SHA256: 6466b834fa28251da0cab5c20f24c707439c0704a56c079fb7270fddfda81207
+                SHA384: 5fc6336cf9990828f53fcd63e413c798effcf6938152043233727022b9816105d36f412ad3a278bd2404d27eee8ed438
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 1402447b9e4c23e066ef2991f6975d79
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 392aa6863da8d7c14ad7386026e93b58
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 792b743c370ad28281edd4801b22a31e
+        SHA1: 80ca9c9cce4b5e6afb92a56b5bfd954eca0ff690
+        SHA256: 9199979b9f3ea2108299d028373a6effcc41c81a46eecb430cc6653211d2913d
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2013-11-12 23:51:52'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: WINIODrv.sys
+    ImportedFunctions:
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - ObReferenceObjectByHandle
+    - IofCompleteRequest
+    - ZwClose
+    - ZwOpenSection
+    - ZwMapViewOfSection
+    - ZwUnmapViewOfSection
+    - ObfDereferenceObject
+    - RtlInitUnicodeString
+    - HalTranslateBusAddress
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: ad22a7b010de6f9c6f39c350a471a440
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 4fa2b4fece7005e65b7c917adbd2fed0
+        SHA1: c3d9ecbaf78dd9c6b329072c9b8cdb1c77c485a9
+        SHA256: 082bc8a899ded81d677a8f34d644585ab272678d3679261246ec1b676041a75f
+    SHA1: 738b7918d85e5cb4395df9e3f6fc94ddad90e939
+    SHA256: 7cfa5e10dff8a99a5d544b011f676bc383991274c693e21e3af40cf6982adb8c
+    Sections:
+        .text:
+            Entropy: 5.999444932979183
+            Virtual Size: '0xa3e'
+        .rdata:
+            Entropy: 3.5082495920566763
+            Virtual Size: '0x22c'
+        .data:
+            Entropy: 0.5159719988134768
+            Virtual Size: '0x110'
+        .pdata:
+            Entropy: 3.330966436186793
+            Virtual Size: '0x6c'
+        INIT:
+            Entropy: 4.668334869829112
+            Virtual Size: '0x21e'
+        .reloc:
+            Entropy: 1.584962500721156
+            Virtual Size: '0xc'
+    Signature:
+    - Partner Tech(Shanghai)Co.,Ltd
+    - VeriSign Class 3 Code Signing 2010 CA
+    - VeriSign
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=CN, ST=shanghai, L=shanghai, O=Partner Tech(Shanghai)Co.,Ltd,
+                OU=Digital ID Class 3 , Microsoft Software Validation v2, OU=RD, CN=Partner
+                Tech(Shanghai)Co.,Ltd
+            ValidFrom: '2013-07-29 00:00:00'
+            ValidTo: '2014-07-29 23:59:59'
+            Signature: 49130d705c6ee4c56abf0457045e851ad7d1b24a5c7f06c153e69cda05eec33218fa55a997eeafa781489d0cfb4aa23424818790cd532954cdb8b273ac4a50ac56833e9b80ed09ab6126322c8fe19d8f438bbdd058327039c0def160f3f42d7298ee90462742417e42351a0122cea0818200999f5f565b95da39b87344c7fb56cedceca3a2b5780ef9fda1e98649e6acec4ea5708d8f7b98d15ee76ba56cf561452943e49e91d6ed176856eb0c823d002e452d58f9082586667854de2abe9636f9d406efead995be7e004fa59b12143d4f7831e40debf91837d81d791e80405417b51020bf71bf04efb23936b4cdfec053e6f55d6f6dedbf7dfc60c4618db8e8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1402447b9e4c23e066ef2991f6975d79
+            Version: 3
+            TBS:
+                MD5: c92ee9843a1ef53fdbb6981acc61ef9d
+                SHA1: 4d1afa22d09fff91509bf1dfa475a4bf0fa2a9e3
+                SHA256: 6466b834fa28251da0cab5c20f24c707439c0704a56c079fb7270fddfda81207
+                SHA384: 5fc6336cf9990828f53fcd63e413c798effcf6938152043233727022b9816105d36f412ad3a278bd2404d27eee8ed438
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 1402447b9e4c23e066ef2991f6975d79
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 392aa6863da8d7c14ad7386026e93b58
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: b2fc995c9a92965a53437c30b53d7096
+        SHA1: c21043466942961203e751c9cebcd159e661fa1a
+        SHA256: 961012d06eeaabd9eff9b36173e566bf148a5c8f743f3329c70d8918eba26093
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2013-11-12 23:50:37'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: WINIODrv.sys
+    ImportedFunctions:
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - ObReferenceObjectByHandle
+    - IofCompleteRequest
+    - ZwClose
+    - ZwOpenSection
+    - ZwMapViewOfSection
+    - ZwUnmapViewOfSection
+    - ObfDereferenceObject
+    - RtlInitUnicodeString
+    - HalTranslateBusAddress
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: 0761c357aed5f591142edaefdf0c89c8
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 4fa2b4fece7005e65b7c917adbd2fed0
+        SHA1: c3d9ecbaf78dd9c6b329072c9b8cdb1c77c485a9
+        SHA256: 082bc8a899ded81d677a8f34d644585ab272678d3679261246ec1b676041a75f
+    SHA1: 43419df1f9a07430a18c5f3b3cc74de621be0f8e
+    SHA256: c9b49b52b493b53cd49c12c3fa9553e57c5394555b64e32d1208f5b96a5b8c6e
+    Sections:
+        .text:
+            Entropy: 5.997461818264163
+            Virtual Size: '0xa3e'
+        .rdata:
+            Entropy: 3.501234961607233
+            Virtual Size: '0x22c'
+        .data:
+            Entropy: 0.5159719988134768
+            Virtual Size: '0x110'
+        .pdata:
+            Entropy: 3.330966436186793
+            Virtual Size: '0x6c'
+        INIT:
+            Entropy: 4.668334869829112
+            Virtual Size: '0x21e'
+        .reloc:
+            Entropy: 1.584962500721156
+            Virtual Size: '0xc'
+    Signature:
+    - Partner Tech(Shanghai)Co.,Ltd
+    - VeriSign Class 3 Code Signing 2010 CA
+    - VeriSign
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=CN, ST=shanghai, L=shanghai, O=Partner Tech(Shanghai)Co.,Ltd,
+                OU=Digital ID Class 3 , Microsoft Software Validation v2, OU=RD, CN=Partner
+                Tech(Shanghai)Co.,Ltd
+            ValidFrom: '2013-07-29 00:00:00'
+            ValidTo: '2014-07-29 23:59:59'
+            Signature: 49130d705c6ee4c56abf0457045e851ad7d1b24a5c7f06c153e69cda05eec33218fa55a997eeafa781489d0cfb4aa23424818790cd532954cdb8b273ac4a50ac56833e9b80ed09ab6126322c8fe19d8f438bbdd058327039c0def160f3f42d7298ee90462742417e42351a0122cea0818200999f5f565b95da39b87344c7fb56cedceca3a2b5780ef9fda1e98649e6acec4ea5708d8f7b98d15ee76ba56cf561452943e49e91d6ed176856eb0c823d002e452d58f9082586667854de2abe9636f9d406efead995be7e004fa59b12143d4f7831e40debf91837d81d791e80405417b51020bf71bf04efb23936b4cdfec053e6f55d6f6dedbf7dfc60c4618db8e8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1402447b9e4c23e066ef2991f6975d79
+            Version: 3
+            TBS:
+                MD5: c92ee9843a1ef53fdbb6981acc61ef9d
+                SHA1: 4d1afa22d09fff91509bf1dfa475a4bf0fa2a9e3
+                SHA256: 6466b834fa28251da0cab5c20f24c707439c0704a56c079fb7270fddfda81207
+                SHA384: 5fc6336cf9990828f53fcd63e413c798effcf6938152043233727022b9816105d36f412ad3a278bd2404d27eee8ed438
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 1402447b9e4c23e066ef2991f6975d79
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 392aa6863da8d7c14ad7386026e93b58
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/b759adfa-b353-4ca3-9dfb-8fadf7a437eb.yaml b/yaml/b759adfa-b353-4ca3-9dfb-8fadf7a437eb.yaml
index 5f29fc6a6..d7107a2ca 100644
--- a/yaml/b759adfa-b353-4ca3-9dfb-8fadf7a437eb.yaml
+++ b/yaml/b759adfa-b353-4ca3-9dfb-8fadf7a437eb.yaml
@@ -1,216 +1,217 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: b759adfa-b353-4ca3-9dfb-8fadf7a437eb
+Tags:
+- spwizimgVT.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: malicious
-Commands:
-  Command: sc.exe create spwizimgVT.sys binPath=C:\windows\temp\spwizimgVT.sys type=kernel
-    && sc.exe start spwizimgVT.sys
-  Description: "Cisco Talos has identified multiple versions of an undocumented malicious\
-    \ driver named \u201CRedDriver,\u201D a driver-based browser hijacker that uses\
-    \ the Windows Filtering Platform (WFP) to intercept browser traffic. RedDriver\
-    \ has been active since at least 2021.\nRedDriver utilizes HookSignTool to forge\
-    \ its signature timestamp to bypass Windows driver-signing policies.\nCode from\
-    \ multiple open-source tools has been used in the development of RedDriver's infection\
-    \ chain, including HP-Socket and a custom implementation of ReflectiveLoader.\n\
-    The authors of RedDriver appear to be skilled in driver development and have deep\
-    \ knowledge of the Windows operating system.\nThis threat appears to target native\
-    \ Chinese speakers, as it searches for Chinese language browsers to hijack. Additionally,\
-    \ the authors are likely Chinese speakers themselves."
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-07-12'
-Detection: []
-Id: b759adfa-b353-4ca3-9dfb-8fadf7a437eb
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: d4b2c5fa7675cb780e8d4bc6bee7e41c
-    SHA1: 69fb9f2483c8e571780175dd607d455d9ed8ce47
-    SHA256: c9fbff8b749a1f580b5b5b9e59ec3ffd769b4179970b82e32a3d36e7a3a8cb1a
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2023-05-15 01:22:31'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - FwpsReleaseClassifyHandle0
-  - FwpsAcquireClassifyHandle0
-  - FwpsApplyModifiedLayerData0
-  - FwpsAcquireWritableLayerDataPointer0
-  - FwpsCalloutRegister1
-  - RtlCompareMemory
-  - ExAllocatePool
-  - ExFreePoolWithTag
-  - CmRegisterCallback
-  - PsCreateSystemThread
-  - ZwClose
-  - MmIsAddressValid
-  - PsSetCreateProcessNotifyRoutine
-  - PsSetCreateThreadNotifyRoutine
-  - PsSetLoadImageNotifyRoutine
-  - __C_specific_handler
-  - RtlInitUnicodeString
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - ObfDereferenceObject
-  - PsGetCurrentProcessId
-  - ZwOpenProcess
-  - PsLookupProcessByProcessId
-  - ZwWaitForSingleObject
-  - PsReferenceProcessFilePointer
-  - RtlCompareUnicodeStrings
-  - KeEnterCriticalRegion
-  - KeLeaveCriticalRegion
-  - KeWaitForSingleObject
-  - ExQueryDepthSList
-  - ExpInterlockedPopEntrySList
-  - ExpInterlockedPushEntrySList
-  - ExInitializeNPagedLookasideList
-  - ExInitializeResourceLite
-  - ExAcquireResourceSharedLite
-  - ExAcquireResourceExclusiveLite
-  - ExReleaseResourceLite
-  - PsTerminateSystemThread
-  - ObReferenceObjectByHandle
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - PsGetProcessWow64Process
-  - PsGetProcessImageFileName
-  - ZwCreateFile
-  - ZwQueryInformationFile
-  - ZwReadFile
-  - ExAllocatePoolWithTag
-  - MmGetSystemRoutineAddress
-  - KeAcquireInStackQueuedSpinLock
-  - KeReleaseInStackQueuedSpinLock
-  - RtlIpv4AddressToStringA
-  - IoGetCurrentProcess
-  - PsGetProcessId
-  - PsProcessType
-  - PsGetProcessPeb
-  - RtlInitAnsiString
-  - RtlAnsiStringToUnicodeString
-  - RtlFreeUnicodeString
-  - _vsnprintf
-  - _vsnwprintf
-  - RtlGetVersion
-  - KeInitializeEvent
-  - KeQueryTimeIncrement
-  - RtlRandomEx
-  - ZwSetInformationFile
-  - ZwWriteFile
-  - IoFileObjectType
-  - ZwTerminateProcess
-  - RtlCopyUnicodeString
-  - KeBugCheckEx
-  - _wcslwr
-  - wcsstr
-  - ExSystemTimeToLocalTime
-  - RtlTimeToTimeFields
-  - WdfVersionBind
-  - WdfVersionBindClass
-  - WdfVersionUnbindClass
-  - WdfVersionUnbind
-  Imports:
-  - fwpkclnt.sys
-  - ntoskrnl.exe
-  - WDFLDR.SYS
-  InternalName: ''
-  MD5: 5917e415a5bf30b3fcbcbcb8a4f20ee0
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: ceb1860de56dcebdf714302cb649ff71
-    SHA1: a03c600569d3c813667c3520788e423f1c5eed0f
-    SHA256: 39e0e1bb3f0a24fd42b1e55d492f5b87a926d6689b172c3475e1898f737be750
-  SHA1: 4dd86ff6f7180abebcb92e556a486abe7132754c
-  SHA256: 30061ef383e18e74bb067fbca69544f1a7544e8dc017d4e7633d8379aff4c3c3
-  Sections:
-    .text:
-      Entropy: 6.259941019226518
-      Virtual Size: '0x6bb4'
-    .rdata:
-      Entropy: 4.500891407698158
-      Virtual Size: '0xd38'
-    .data:
-      Entropy: 5.434886649336555
-      Virtual Size: '0x2f28'
-    .pdata:
-      Entropy: 4.420943866714438
-      Virtual Size: '0x57c'
-    .gfids:
-      Entropy: 0.8112781244591328
-      Virtual Size: '0x4'
-    INIT:
-      Entropy: 5.1734289362463395
-      Virtual Size: '0xad4'
-    .reloc:
-      Entropy: 3.084183719779188
-      Virtual Size: '0x28'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=thawte, Inc., CN=thawte SHA256 Code Signing CA
-      ValidFrom: '2013-12-10 00:00:00'
-      ValidTo: '2023-12-09 23:59:59'
-      Signature: 243bf5d7a03613c743fef0098768d198316e12e43f1e1f967b6b4c1e879e8bc56ca3b10c7b5092d5819cb18f2c29b7eef99105b98e41f12cf6d0592d98e0b9ea8001474095b83d9d03bd79bb35b6ad9c4c27f6674510c9c5bc874e557bd287bbdddc30efc6d46ccc99356d1ce060d3cd688f29594b89960846c98efc754fc5dc09cc4e278b44cd07bcac04e0b533a5879ff4dd730c91ea12816fe375f01eb5936c4417d53e97c9bd072c56771f85dd46e8bfde2c8194a3f7e5b7a7c1379f75ca55774d5e3629ca85d84541725775c0795bfa3410066d642042b73ac81f1d4664025fc647bef0c43a2854daf61e4f9aa21943a46f49f8fc5e422028848b47206e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 71a0b73695ddb1afc23b2b9a18ee54cb
-      Version: 3
-      TBS:
-        MD5: 8314595952398203ab24badbbc927d39
-        SHA1: b07dcf73133408eee2786a208ce4b2543bf6c583
-        SHA256: c734685d985b8ea13db4fc1a6dcd26aa0dde78b4c3b651ea5d58e32e081b2a41
-        SHA384: 874ded773c743b4e18744d7978b41cfe2e55529c61d45a0e34b3950aaad56b6c7a3780880133bcd1df3b1f86d468d46d
-    - Subject: C=CN, L=, O=, OU=, CN=
-      ValidFrom: '2018-08-15 00:00:00'
-      ValidTo: '2019-08-15 23:59:59'
-      Signature: 3ebdf2009f802c1033d2a14df88ed84c6282db1e8d19d6324b21ffb8e69fbc0752d101bd22ab4fae6c8c45bb82b7ba0d9a7213d7a29a2f587bdf68c7ae3ab6f9ed7cc23e27d6f44a0a5311124381f6f9bdeec2e19c59fc7362d5d59f09951b8ffa03215e5679ae4bcffe45b7059426a96c2897107c07b2b3e6cbcbee46527908db76f7a1bf2af19c986eba31504c9c5c3cb34e81ba2a1eb55965a2d192820cac79f640a3e9672bb507dc3a561de5d94f9a0105a355f42bea235ea5349d7d2b104a71c56640e0170433fe1ef075d9f865f17be8989b590765917215c0f7b709e9820f7106dff8cec57d59ee2777cec96f8b1de8e3a93bc7e7b757d87c9888b9a2
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 0dbdf488aeaa9795e332a1ca2747af0d
-      Version: 3
-      TBS:
-        MD5: 5037c865c427f7d514ac954ef7e66ccf
-        SHA1: cfcc3ebb5c9003e88373beb66781dbdf9e1904d2
-        SHA256: cd684ad96d510b669c0767e4b845fb7a04fba27c1f3a0935b09a988d94938f6e
-        SHA384: 30bf56d04a2a54ae834ea9b111da02fe53c0c13ddd66f815aed8100bb887c6d5b299e518ba1f4abc0f2c3bb02029141b
-    - Subject: C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006
-        thawte, Inc. , For authorized use only, CN=thawte Primary Root CA
-      ValidFrom: '2011-02-22 19:31:57'
-      ValidTo: '2021-02-22 19:41:57'
-      Signature: 2dcc71b5e8ba94ff5ee64467007b6afc412c3ee70e41855ab12a932ba95b89f2f72b499c8003f297b8e760a80ed7fd5de545467594f4ed1c9de166228b61fb29f2c6a8bdf387c98f7f47e1c058b64a1aa2e7f718606969e083069e26c775c40c0d79da746b52b9fae8ea3359b9bb18dd291a14dfd36a37277a9da0dacffffc22c4faf009ff33e93e17ba1cc742cfce2743d30c0c5581303db96060ce02ece19ee81ddc852ce0a18d966d95ac17a4713ea16741b6281d2ce3b615e5b7e5a2f6256d86e320acf9f8314f8e629b9833376d6af735523e90feb03b5fc5b852a9e06ea0479a279e97aea24a9e531939ec357ec659de3ae0aaf533f06abda0821812dea18c4570ca2bd62e959145995a5c240049bd23b30ceca43df5b9e1d1b1825a38eea3fba1ab483a8c5dffa065223fd3d3fe4990db1446a3852e8a554b09ab38b2ab63a008d1fdad48e273d812bcc26ca516fad09ac05e38383a2b718e553aac42197a1f0d4220e7ab5d8c6880524ca1c0d488d02321fb901309007b4937afa9df486022abf4f6c2363bf8513c34bbc586e43ae19f4b90fe5461024b159c34176aa94b8d4cb69d2326c83af1d6b805cdda1d6240183a2f1b41cd3a993a0aa9d1d77eb8c4aff7b8c980105ed55df6ce7a9a02c50f6381efb564e9fc5bd8d2619a68c37cf9c78df91e87d5fa2cf816ae9dab068fc86dc741cda14e84e3dac26ebcfb
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611fb0a400000000001d
-      Version: 3
-      TBS:
-        MD5: a3f222107d4e1085e73b5b589c2f480b
-        SHA1: b94aa26cd77c48d91a53ac44506cbd255e1d362c
-        SHA256: a39ed0d6fd4eb1a6f7fed60f726e23eae668b7591bc004644625d22c701213fa
-        SHA384: 64b7643e4146016cbf83c911eb67e4601b6bb8d66f8ee8dcee67b815f91770d86ab23678b984430f22a963e5484881b7
-    Signer:
-    - SerialNumber: 0dbdf488aeaa9795e332a1ca2747af0d
-      Issuer: C=US, O=thawte, Inc., CN=thawte SHA256 Code Signing CA
-      Version: 1
-  Imphash: d51f0f6034eb5e45f0ed4e9b7bbc9c97
-  LoadsDespiteHVCI: 'TRUE'
 MitreID: T1068
+Category: malicious
+Commands:
+    Command: sc.exe create spwizimgVT.sys binPath=C:\windows\temp\spwizimgVT.sys type=kernel
+        && sc.exe start spwizimgVT.sys
+    Description: "Cisco Talos has identified multiple versions of an undocumented\
+        \ malicious driver named \u201CRedDriver,\u201D a driver-based browser hijacker\
+        \ that uses the Windows Filtering Platform (WFP) to intercept browser traffic.\
+        \ RedDriver has been active since at least 2021.\nRedDriver utilizes HookSignTool\
+        \ to forge its signature timestamp to bypass Windows driver-signing policies.\n\
+        Code from multiple open-source tools has been used in the development of RedDriver's\
+        \ infection chain, including HP-Socket and a custom implementation of ReflectiveLoader.\n\
+        The authors of RedDriver appear to be skilled in driver development and have\
+        \ deep knowledge of the Windows operating system.\nThis threat appears to\
+        \ target native Chinese speakers, as it searches for Chinese language browsers\
+        \ to hijack. Additionally, the authors are likely Chinese speakers themselves."
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://blog.talosintelligence.com/undocumented-reddriver/
-Tags:
-- spwizimgVT.sys
-Verified: 'TRUE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: d4b2c5fa7675cb780e8d4bc6bee7e41c
+        SHA1: 69fb9f2483c8e571780175dd607d455d9ed8ce47
+        SHA256: c9fbff8b749a1f580b5b5b9e59ec3ffd769b4179970b82e32a3d36e7a3a8cb1a
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2023-05-15 01:22:31'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - FwpsReleaseClassifyHandle0
+    - FwpsAcquireClassifyHandle0
+    - FwpsApplyModifiedLayerData0
+    - FwpsAcquireWritableLayerDataPointer0
+    - FwpsCalloutRegister1
+    - RtlCompareMemory
+    - ExAllocatePool
+    - ExFreePoolWithTag
+    - CmRegisterCallback
+    - PsCreateSystemThread
+    - ZwClose
+    - MmIsAddressValid
+    - PsSetCreateProcessNotifyRoutine
+    - PsSetCreateThreadNotifyRoutine
+    - PsSetLoadImageNotifyRoutine
+    - __C_specific_handler
+    - RtlInitUnicodeString
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - ObfDereferenceObject
+    - PsGetCurrentProcessId
+    - ZwOpenProcess
+    - PsLookupProcessByProcessId
+    - ZwWaitForSingleObject
+    - PsReferenceProcessFilePointer
+    - RtlCompareUnicodeStrings
+    - KeEnterCriticalRegion
+    - KeLeaveCriticalRegion
+    - KeWaitForSingleObject
+    - ExQueryDepthSList
+    - ExpInterlockedPopEntrySList
+    - ExpInterlockedPushEntrySList
+    - ExInitializeNPagedLookasideList
+    - ExInitializeResourceLite
+    - ExAcquireResourceSharedLite
+    - ExAcquireResourceExclusiveLite
+    - ExReleaseResourceLite
+    - PsTerminateSystemThread
+    - ObReferenceObjectByHandle
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - PsGetProcessWow64Process
+    - PsGetProcessImageFileName
+    - ZwCreateFile
+    - ZwQueryInformationFile
+    - ZwReadFile
+    - ExAllocatePoolWithTag
+    - MmGetSystemRoutineAddress
+    - KeAcquireInStackQueuedSpinLock
+    - KeReleaseInStackQueuedSpinLock
+    - RtlIpv4AddressToStringA
+    - IoGetCurrentProcess
+    - PsGetProcessId
+    - PsProcessType
+    - PsGetProcessPeb
+    - RtlInitAnsiString
+    - RtlAnsiStringToUnicodeString
+    - RtlFreeUnicodeString
+    - _vsnprintf
+    - _vsnwprintf
+    - RtlGetVersion
+    - KeInitializeEvent
+    - KeQueryTimeIncrement
+    - RtlRandomEx
+    - ZwSetInformationFile
+    - ZwWriteFile
+    - IoFileObjectType
+    - ZwTerminateProcess
+    - RtlCopyUnicodeString
+    - KeBugCheckEx
+    - _wcslwr
+    - wcsstr
+    - ExSystemTimeToLocalTime
+    - RtlTimeToTimeFields
+    - WdfVersionBind
+    - WdfVersionBindClass
+    - WdfVersionUnbindClass
+    - WdfVersionUnbind
+    Imports:
+    - fwpkclnt.sys
+    - ntoskrnl.exe
+    - WDFLDR.SYS
+    InternalName: ''
+    MD5: 5917e415a5bf30b3fcbcbcb8a4f20ee0
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: ceb1860de56dcebdf714302cb649ff71
+        SHA1: a03c600569d3c813667c3520788e423f1c5eed0f
+        SHA256: 39e0e1bb3f0a24fd42b1e55d492f5b87a926d6689b172c3475e1898f737be750
+    SHA1: 4dd86ff6f7180abebcb92e556a486abe7132754c
+    SHA256: 30061ef383e18e74bb067fbca69544f1a7544e8dc017d4e7633d8379aff4c3c3
+    Sections:
+        .text:
+            Entropy: 6.259941019226518
+            Virtual Size: '0x6bb4'
+        .rdata:
+            Entropy: 4.500891407698158
+            Virtual Size: '0xd38'
+        .data:
+            Entropy: 5.434886649336555
+            Virtual Size: '0x2f28'
+        .pdata:
+            Entropy: 4.420943866714438
+            Virtual Size: '0x57c'
+        .gfids:
+            Entropy: 0.8112781244591328
+            Virtual Size: '0x4'
+        INIT:
+            Entropy: 5.1734289362463395
+            Virtual Size: '0xad4'
+        .reloc:
+            Entropy: 3.084183719779188
+            Virtual Size: '0x28'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=thawte, Inc., CN=thawte SHA256 Code Signing CA
+            ValidFrom: '2013-12-10 00:00:00'
+            ValidTo: '2023-12-09 23:59:59'
+            Signature: 243bf5d7a03613c743fef0098768d198316e12e43f1e1f967b6b4c1e879e8bc56ca3b10c7b5092d5819cb18f2c29b7eef99105b98e41f12cf6d0592d98e0b9ea8001474095b83d9d03bd79bb35b6ad9c4c27f6674510c9c5bc874e557bd287bbdddc30efc6d46ccc99356d1ce060d3cd688f29594b89960846c98efc754fc5dc09cc4e278b44cd07bcac04e0b533a5879ff4dd730c91ea12816fe375f01eb5936c4417d53e97c9bd072c56771f85dd46e8bfde2c8194a3f7e5b7a7c1379f75ca55774d5e3629ca85d84541725775c0795bfa3410066d642042b73ac81f1d4664025fc647bef0c43a2854daf61e4f9aa21943a46f49f8fc5e422028848b47206e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 71a0b73695ddb1afc23b2b9a18ee54cb
+            Version: 3
+            TBS:
+                MD5: 8314595952398203ab24badbbc927d39
+                SHA1: b07dcf73133408eee2786a208ce4b2543bf6c583
+                SHA256: c734685d985b8ea13db4fc1a6dcd26aa0dde78b4c3b651ea5d58e32e081b2a41
+                SHA384: 874ded773c743b4e18744d7978b41cfe2e55529c61d45a0e34b3950aaad56b6c7a3780880133bcd1df3b1f86d468d46d
+        -   Subject: C=CN, L=, O=, OU=, CN=
+            ValidFrom: '2018-08-15 00:00:00'
+            ValidTo: '2019-08-15 23:59:59'
+            Signature: 3ebdf2009f802c1033d2a14df88ed84c6282db1e8d19d6324b21ffb8e69fbc0752d101bd22ab4fae6c8c45bb82b7ba0d9a7213d7a29a2f587bdf68c7ae3ab6f9ed7cc23e27d6f44a0a5311124381f6f9bdeec2e19c59fc7362d5d59f09951b8ffa03215e5679ae4bcffe45b7059426a96c2897107c07b2b3e6cbcbee46527908db76f7a1bf2af19c986eba31504c9c5c3cb34e81ba2a1eb55965a2d192820cac79f640a3e9672bb507dc3a561de5d94f9a0105a355f42bea235ea5349d7d2b104a71c56640e0170433fe1ef075d9f865f17be8989b590765917215c0f7b709e9820f7106dff8cec57d59ee2777cec96f8b1de8e3a93bc7e7b757d87c9888b9a2
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 0dbdf488aeaa9795e332a1ca2747af0d
+            Version: 3
+            TBS:
+                MD5: 5037c865c427f7d514ac954ef7e66ccf
+                SHA1: cfcc3ebb5c9003e88373beb66781dbdf9e1904d2
+                SHA256: cd684ad96d510b669c0767e4b845fb7a04fba27c1f3a0935b09a988d94938f6e
+                SHA384: 30bf56d04a2a54ae834ea9b111da02fe53c0c13ddd66f815aed8100bb887c6d5b299e518ba1f4abc0f2c3bb02029141b
+        -   Subject: C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c)
+                2006 thawte, Inc. , For authorized use only, CN=thawte Primary Root
+                CA
+            ValidFrom: '2011-02-22 19:31:57'
+            ValidTo: '2021-02-22 19:41:57'
+            Signature: 2dcc71b5e8ba94ff5ee64467007b6afc412c3ee70e41855ab12a932ba95b89f2f72b499c8003f297b8e760a80ed7fd5de545467594f4ed1c9de166228b61fb29f2c6a8bdf387c98f7f47e1c058b64a1aa2e7f718606969e083069e26c775c40c0d79da746b52b9fae8ea3359b9bb18dd291a14dfd36a37277a9da0dacffffc22c4faf009ff33e93e17ba1cc742cfce2743d30c0c5581303db96060ce02ece19ee81ddc852ce0a18d966d95ac17a4713ea16741b6281d2ce3b615e5b7e5a2f6256d86e320acf9f8314f8e629b9833376d6af735523e90feb03b5fc5b852a9e06ea0479a279e97aea24a9e531939ec357ec659de3ae0aaf533f06abda0821812dea18c4570ca2bd62e959145995a5c240049bd23b30ceca43df5b9e1d1b1825a38eea3fba1ab483a8c5dffa065223fd3d3fe4990db1446a3852e8a554b09ab38b2ab63a008d1fdad48e273d812bcc26ca516fad09ac05e38383a2b718e553aac42197a1f0d4220e7ab5d8c6880524ca1c0d488d02321fb901309007b4937afa9df486022abf4f6c2363bf8513c34bbc586e43ae19f4b90fe5461024b159c34176aa94b8d4cb69d2326c83af1d6b805cdda1d6240183a2f1b41cd3a993a0aa9d1d77eb8c4aff7b8c980105ed55df6ce7a9a02c50f6381efb564e9fc5bd8d2619a68c37cf9c78df91e87d5fa2cf816ae9dab068fc86dc741cda14e84e3dac26ebcfb
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611fb0a400000000001d
+            Version: 3
+            TBS:
+                MD5: a3f222107d4e1085e73b5b589c2f480b
+                SHA1: b94aa26cd77c48d91a53ac44506cbd255e1d362c
+                SHA256: a39ed0d6fd4eb1a6f7fed60f726e23eae668b7591bc004644625d22c701213fa
+                SHA384: 64b7643e4146016cbf83c911eb67e4601b6bb8d66f8ee8dcee67b815f91770d86ab23678b984430f22a963e5484881b7
+        Signer:
+        -   SerialNumber: 0dbdf488aeaa9795e332a1ca2747af0d
+            Issuer: C=US, O=thawte, Inc., CN=thawte SHA256 Code Signing CA
+            Version: 1
+    Imphash: d51f0f6034eb5e45f0ed4e9b7bbc9c97
+    LoadsDespiteHVCI: 'TRUE'
diff --git a/yaml/b7ec29c6-e151-4a9f-a293-e61f04ee6489.yaml b/yaml/b7ec29c6-e151-4a9f-a293-e61f04ee6489.yaml
index fcedf4f3e..d10886f15 100644
--- a/yaml/b7ec29c6-e151-4a9f-a293-e61f04ee6489.yaml
+++ b/yaml/b7ec29c6-e151-4a9f-a293-e61f04ee6489.yaml
@@ -1,35 +1,35 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: b7ec29c6-e151-4a9f-a293-e61f04ee6489
+Tags:
+- My.sys
+Verified: 'FALSE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create My.sys binPath=C:\windows\temp\My.sys type=kernel && sc.exe
-    start My.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection: []
-Id: b7ec29c6-e151-4a9f-a293-e61f04ee6489
-KnownVulnerableSamples:
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: My.sys
-  MachineType: ''
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA256: d25904fbf907e19f366d54962ff543d9f53b8fdfd2416c8b9796b6a8dd430e26
-  Signature: []
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create My.sys binPath=C:\windows\temp\My.sys type=kernel && sc.exe
+        start My.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules
-Tags:
-- My.sys
-Verified: 'FALSE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: My.sys
+    MachineType: ''
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA256: d25904fbf907e19f366d54962ff543d9f53b8fdfd2416c8b9796b6a8dd430e26
+    Signature: []
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/b8339454-0e84-4a5b-92d0-6a626ced6677.yaml b/yaml/b8339454-0e84-4a5b-92d0-6a626ced6677.yaml
index d97410926..6b8495b40 100644
--- a/yaml/b8339454-0e84-4a5b-92d0-6a626ced6677.yaml
+++ b/yaml/b8339454-0e84-4a5b-92d0-6a626ced6677.yaml
@@ -1,1756 +1,1769 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: b8339454-0e84-4a5b-92d0-6a626ced6677
+Tags:
+- ngiodriver.sys
+Verified: 'TRUE'
 Author: Takahiro Haruyama
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create ngiodriversys binPath= C:\windows\temp\ngiodriversys.sys
-    type=kernel && sc.exe start ngiodriversys
-  Description: The Carbon Black Threat Analysis Unit (TAU) discovered 34 unique vulnerable
-    drivers (237 file hashes) accepting firmware access. Six allow kernel memory access.
-    All give full control of the devices to non-admin users. By exploiting the vulnerable
-    drivers, an attacker without the system privilege may erase/alter firmware, and/or
-    elevate privileges. As of the time of writing in October 2023, the filenames of
-    the vulnerable drivers have not been made public until now.
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-11-02'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: b8339454-0e84-4a5b-92d0-6a626ced6677
-KnownVulnerableSamples:
-- Company: AVAST Software
-  Date: ''
-  Description: avast! NG setup helper driver
-  FileVersion: 10.0.0.1126
-  Filename: ''
-  MD5: 55cd6b46ac25bbe01245f2270a0d6cb8
-  MachineType: I386
-  OriginalFilename: ngiodriver.sys
-  Product: avast! NG
-  ProductVersion: 10.0.0.1126
-  Publisher: ''
-  SHA1: 004d9353f334e42c79a12c3a31785a96f330bbef
-  SHA256: 1072beb3ff6b191b3df1a339e3a8c87a8dc5eae727f2b993ea51b448e837636a
-  Signature: ''
-  Imphash: 77d6a7153b3015318622b793227fb394
-  Authentihash:
-    MD5: d26fd7449ea970328d9031e1e47268cc
-    SHA1: c460bb927c2280514e0fb6b338d4a3c17f6b6cb6
-    SHA256: bcaeac1a4a51b210bfc5ebdb6f797797299a171e0b6d50aa8f9bcdb45a51d629
-  RichPEHeaderHash:
-    MD5: d03ce7f3d8a2783451f05b4403d9604d
-    SHA1: 0fdce12b0545eb789a7b5b4f0a5252e2c00ed751
-    SHA256: dc268a553b869447a30f54911700122d2852afeaaa6baa3f861a88805a6133b4
-  Sections:
-    .text:
-      Entropy: 6.056939913721446
-      Virtual Size: '0x71e'
-    .rdata:
-      Entropy: 3.9101123432270892
-      Virtual Size: '0x184'
-    .data:
-      Entropy: 2.709147917027245
-      Virtual Size: '0x18'
-    INIT:
-      Entropy: 5.107139443195506
-      Virtual Size: '0x1fa'
-    .rsrc:
-      Entropy: 3.325570857263718
-      Virtual Size: '0x378'
-    .reloc:
-      Entropy: 3.985156363771524
-      Virtual Size: '0xb4'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2014-09-17 10:10:49'
-  InternalName: ngiodriver.sys
-  Copyright: Copyright (c) 2012 AVAST Software
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - RtlUnwind
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IofCompleteRequest
-  - RtlInitUnicodeString
-  - IoDeleteSymbolicLink
-  - KeTickCount
-  - IoDeleteDevice
-  - KeBugCheckEx
-  - WRITE_PORT_USHORT
-  - WRITE_PORT_UCHAR
-  - READ_PORT_ULONG
-  - READ_PORT_USHORT
-  - READ_PORT_UCHAR
-  - WRITE_PORT_ULONG
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-05-20 00:00:00'
-      ValidTo: '2015-06-03 00:00:00'
-      Signature: 104090b3719ff01e3b02dc3fbc4c15e70e3912c08640161aa065c8935bc307b0a488440f9094475e35c305b2fed89d1ed4f4b77ec607215e660fe535b2a41f042a4230e6274f276234c06694c2022f4779264a9d4a5c04b50448f32b79491a4714bc16e5c7b8675020bdacc4b4fdab21802c60a61bab7cef073c40ee69184dd627e23459e1294223b33d439d6e1e97c4dd82f8f2a114f88dfc667d64ec40370104de4c554e3fd322f846cf2e58c0cbb0a5bee0e51b8b485cb2119102ccb95cecfd1e7525fe7e2516ba2c12841fdbf10ef90453b2f84d9c06463371758686e3540fd7ebb3d558af2b5a87c4a0300d33c6a6f130bed5fb7f35bec6e28fd919ef94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 06640146e980e00e60a14d8f444a5958
-      Version: 3
-      TBS:
-        MD5: 1ce10b1105b364202a574393fd9e4280
-        SHA1: 073c25f235a4b3939e4bc5873e657292b3c505d0
-        SHA256: 3ab244526b2e0d4a28ed2948871de3ff07edeea8132c26512de0aabcdc3a7c93
-        SHA384: 50d55882cb1aa3a572baa998c671c40f0392128aa5cab9bc753776db07e0ad86fb050acc523a0a0dc642243d8e259d1d
-    - Subject: C=CZ, L=Praha 4, O=AVAST Software a.s., CN=AVAST Software a.s.
-      ValidFrom: '2013-07-12 00:00:00'
-      ValidTo: '2016-09-14 12:00:00'
-      Signature: 28dd038a8b1824ec13bb52ab16db006635fa9e07b6a3949d67a660fb46e38bcbef83aeeab5bbc0a0e92ef7f64a04c9647d000c66c4a3fbced041e347bfccb1dcac87a0ee04423b5419f1023142565d7f4f168f3e545b0c8d549bf702fd40cc5e22bf2728876072963a3c79cd7c0125473339b923a053ad14d6d56fb6693a1598995c47ab681f32f36f0ce8a49b0b93f61dbe5d0aaa1dab8f9ee928794e43ed0defe3d1b5834345ece88408deae457f7a990c5ed000f53ed5d70815aa08e3e2b6b72d5c48a30339fd204e1c8619e120ce5d21cba14ec2f299cedb4f02075489b1ed3d6a6bf266d1db1fdfb2d36f480dd5b05211185adf06e6745115e8c0b58600
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ef5eca7bd31cfc3a7f8e6259b423359
-      Version: 3
-      TBS:
-        MD5: a174efe24e7df3e8690e8c4ce8411cc6
-        SHA1: 191c63936fab86e7d3d618c583c63e82c7ca4749
-        SHA256: c83b811214d81590d30916b415a8ba7df9f25a467fb9431c46a6cf70b8459189
-        SHA384: 6f24c9264b1b1c240ed172101c32d11ca71c0a133c1484d403337475fc1bc68e9ab3656b14046cb5c4ff1a1dfeda301f
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
-      Version: 3
-      TBS:
-        MD5: 829995f702421dea833a24fb2c7f4442
-        SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
-        SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
-        SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 0ef5eca7bd31cfc3a7f8e6259b423359
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: AVAST Software
-  Date: ''
-  Description: avast! NG setup helper driver
-  FileVersion: 10.0.0.37
-  Filename: ''
-  MD5: c9b046a6961957cc6c93a5192d3e61e3
-  MachineType: I386
-  OriginalFilename: ngiodriver.sys
-  Product: Avast NG
-  ProductVersion: 10.0.0.37
-  Publisher: ''
-  SHA1: 55cffb0ef56e52686b0c407b94bbea3701d6eccd
-  SHA256: 1a450ae0c9258ab0ae64f126f876b5feed63498db729ec61d06ed280e6c46f67
-  Signature: ''
-  Imphash: 77d6a7153b3015318622b793227fb394
-  Authentihash:
-    MD5: c789170cbd24ffed5bd8eb6b6cf17c0d
-    SHA1: 1510703a1e99a2c0d52ee37c196da09563d08bab
-    SHA256: 8e1f3b15e4e5003a563bf8742558f5dc48fd0fe20238efe759001bf226f234ff
-  RichPEHeaderHash:
-    MD5: d03ce7f3d8a2783451f05b4403d9604d
-    SHA1: 0fdce12b0545eb789a7b5b4f0a5252e2c00ed751
-    SHA256: dc268a553b869447a30f54911700122d2852afeaaa6baa3f861a88805a6133b4
-  Sections:
-    .text:
-      Entropy: 6.056939913721446
-      Virtual Size: '0x71e'
-    .rdata:
-      Entropy: 3.905215089284073
-      Virtual Size: '0x184'
-    .data:
-      Entropy: 2.709147917027245
-      Virtual Size: '0x18'
-    INIT:
-      Entropy: 5.107139443195506
-      Virtual Size: '0x1fa'
-    .rsrc:
-      Entropy: 3.2958748933867295
-      Virtual Size: '0x370'
-    .reloc:
-      Entropy: 3.985156363771524
-      Virtual Size: '0xb4'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2014-10-13 03:23:33'
-  InternalName: ngiodriver.sys
-  Copyright: Copyright (c) 2014 AVAST Software
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - RtlUnwind
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IofCompleteRequest
-  - RtlInitUnicodeString
-  - IoDeleteSymbolicLink
-  - KeTickCount
-  - IoDeleteDevice
-  - KeBugCheckEx
-  - WRITE_PORT_USHORT
-  - WRITE_PORT_UCHAR
-  - READ_PORT_ULONG
-  - READ_PORT_USHORT
-  - READ_PORT_UCHAR
-  - WRITE_PORT_ULONG
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-05-20 00:00:00'
-      ValidTo: '2015-06-03 00:00:00'
-      Signature: 104090b3719ff01e3b02dc3fbc4c15e70e3912c08640161aa065c8935bc307b0a488440f9094475e35c305b2fed89d1ed4f4b77ec607215e660fe535b2a41f042a4230e6274f276234c06694c2022f4779264a9d4a5c04b50448f32b79491a4714bc16e5c7b8675020bdacc4b4fdab21802c60a61bab7cef073c40ee69184dd627e23459e1294223b33d439d6e1e97c4dd82f8f2a114f88dfc667d64ec40370104de4c554e3fd322f846cf2e58c0cbb0a5bee0e51b8b485cb2119102ccb95cecfd1e7525fe7e2516ba2c12841fdbf10ef90453b2f84d9c06463371758686e3540fd7ebb3d558af2b5a87c4a0300d33c6a6f130bed5fb7f35bec6e28fd919ef94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 06640146e980e00e60a14d8f444a5958
-      Version: 3
-      TBS:
-        MD5: 1ce10b1105b364202a574393fd9e4280
-        SHA1: 073c25f235a4b3939e4bc5873e657292b3c505d0
-        SHA256: 3ab244526b2e0d4a28ed2948871de3ff07edeea8132c26512de0aabcdc3a7c93
-        SHA384: 50d55882cb1aa3a572baa998c671c40f0392128aa5cab9bc753776db07e0ad86fb050acc523a0a0dc642243d8e259d1d
-    - Subject: C=CZ, L=Praha 4, O=AVAST Software a.s., CN=AVAST Software a.s.
-      ValidFrom: '2013-07-12 00:00:00'
-      ValidTo: '2016-09-14 12:00:00'
-      Signature: 28dd038a8b1824ec13bb52ab16db006635fa9e07b6a3949d67a660fb46e38bcbef83aeeab5bbc0a0e92ef7f64a04c9647d000c66c4a3fbced041e347bfccb1dcac87a0ee04423b5419f1023142565d7f4f168f3e545b0c8d549bf702fd40cc5e22bf2728876072963a3c79cd7c0125473339b923a053ad14d6d56fb6693a1598995c47ab681f32f36f0ce8a49b0b93f61dbe5d0aaa1dab8f9ee928794e43ed0defe3d1b5834345ece88408deae457f7a990c5ed000f53ed5d70815aa08e3e2b6b72d5c48a30339fd204e1c8619e120ce5d21cba14ec2f299cedb4f02075489b1ed3d6a6bf266d1db1fdfb2d36f480dd5b05211185adf06e6745115e8c0b58600
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ef5eca7bd31cfc3a7f8e6259b423359
-      Version: 3
-      TBS:
-        MD5: a174efe24e7df3e8690e8c4ce8411cc6
-        SHA1: 191c63936fab86e7d3d618c583c63e82c7ca4749
-        SHA256: c83b811214d81590d30916b415a8ba7df9f25a467fb9431c46a6cf70b8459189
-        SHA384: 6f24c9264b1b1c240ed172101c32d11ca71c0a133c1484d403337475fc1bc68e9ab3656b14046cb5c4ff1a1dfeda301f
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
-      Version: 3
-      TBS:
-        MD5: 829995f702421dea833a24fb2c7f4442
-        SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
-        SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
-        SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 0ef5eca7bd31cfc3a7f8e6259b423359
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: AVAST Software
-  Date: ''
-  Description: avast! NG setup helper driver
-  FileVersion: 10.0.0.52
-  Filename: ''
-  MD5: dff6c75c9754a6be61a47a273364cdf7
-  MachineType: I386
-  OriginalFilename: ngiodriver.sys
-  Product: Avast NG
-  ProductVersion: 10.0.0.52
-  Publisher: ''
-  SHA1: 74bf2ec32cb881424a79e99709071870148d242d
-  SHA256: 2ad8c38f6e0ca6c93abe3228c8a5d4299430ce0a2eeb80c914326c75ba8a33f9
-  Signature: ''
-  Imphash: 77d6a7153b3015318622b793227fb394
-  Authentihash:
-    MD5: 0acfad4dc34bee8aa8643d1bb8eb4706
-    SHA1: 21769bde84bbbaa6a58d08ab269a983d4b6bd8d3
-    SHA256: a01529ce82033d94802a3e0cc6a361d51200588068f5bd4f0a08ea05e061240f
-  RichPEHeaderHash:
-    MD5: d03ce7f3d8a2783451f05b4403d9604d
-    SHA1: 0fdce12b0545eb789a7b5b4f0a5252e2c00ed751
-    SHA256: dc268a553b869447a30f54911700122d2852afeaaa6baa3f861a88805a6133b4
-  Sections:
-    .text:
-      Entropy: 6.056939913721446
-      Virtual Size: '0x71e'
-    .rdata:
-      Entropy: 3.9245701795014107
-      Virtual Size: '0x184'
-    .data:
-      Entropy: 2.709147917027245
-      Virtual Size: '0x18'
-    INIT:
-      Entropy: 5.107139443195506
-      Virtual Size: '0x1fa'
-    .rsrc:
-      Entropy: 3.2844637070458584
-      Virtual Size: '0x370'
-    .reloc:
-      Entropy: 3.985156363771524
-      Virtual Size: '0xb4'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2014-10-21 04:07:45'
-  InternalName: ngiodriver.sys
-  Copyright: Copyright (c) 2014 AVAST Software
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - RtlUnwind
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IofCompleteRequest
-  - RtlInitUnicodeString
-  - IoDeleteSymbolicLink
-  - KeTickCount
-  - IoDeleteDevice
-  - KeBugCheckEx
-  - WRITE_PORT_USHORT
-  - WRITE_PORT_UCHAR
-  - READ_PORT_ULONG
-  - READ_PORT_USHORT
-  - READ_PORT_UCHAR
-  - WRITE_PORT_ULONG
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-05-20 00:00:00'
-      ValidTo: '2015-06-03 00:00:00'
-      Signature: 104090b3719ff01e3b02dc3fbc4c15e70e3912c08640161aa065c8935bc307b0a488440f9094475e35c305b2fed89d1ed4f4b77ec607215e660fe535b2a41f042a4230e6274f276234c06694c2022f4779264a9d4a5c04b50448f32b79491a4714bc16e5c7b8675020bdacc4b4fdab21802c60a61bab7cef073c40ee69184dd627e23459e1294223b33d439d6e1e97c4dd82f8f2a114f88dfc667d64ec40370104de4c554e3fd322f846cf2e58c0cbb0a5bee0e51b8b485cb2119102ccb95cecfd1e7525fe7e2516ba2c12841fdbf10ef90453b2f84d9c06463371758686e3540fd7ebb3d558af2b5a87c4a0300d33c6a6f130bed5fb7f35bec6e28fd919ef94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 06640146e980e00e60a14d8f444a5958
-      Version: 3
-      TBS:
-        MD5: 1ce10b1105b364202a574393fd9e4280
-        SHA1: 073c25f235a4b3939e4bc5873e657292b3c505d0
-        SHA256: 3ab244526b2e0d4a28ed2948871de3ff07edeea8132c26512de0aabcdc3a7c93
-        SHA384: 50d55882cb1aa3a572baa998c671c40f0392128aa5cab9bc753776db07e0ad86fb050acc523a0a0dc642243d8e259d1d
-    - Subject: C=CZ, L=Praha 4, O=AVAST Software a.s., CN=AVAST Software a.s.
-      ValidFrom: '2013-07-12 00:00:00'
-      ValidTo: '2016-09-14 12:00:00'
-      Signature: 28dd038a8b1824ec13bb52ab16db006635fa9e07b6a3949d67a660fb46e38bcbef83aeeab5bbc0a0e92ef7f64a04c9647d000c66c4a3fbced041e347bfccb1dcac87a0ee04423b5419f1023142565d7f4f168f3e545b0c8d549bf702fd40cc5e22bf2728876072963a3c79cd7c0125473339b923a053ad14d6d56fb6693a1598995c47ab681f32f36f0ce8a49b0b93f61dbe5d0aaa1dab8f9ee928794e43ed0defe3d1b5834345ece88408deae457f7a990c5ed000f53ed5d70815aa08e3e2b6b72d5c48a30339fd204e1c8619e120ce5d21cba14ec2f299cedb4f02075489b1ed3d6a6bf266d1db1fdfb2d36f480dd5b05211185adf06e6745115e8c0b58600
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ef5eca7bd31cfc3a7f8e6259b423359
-      Version: 3
-      TBS:
-        MD5: a174efe24e7df3e8690e8c4ce8411cc6
-        SHA1: 191c63936fab86e7d3d618c583c63e82c7ca4749
-        SHA256: c83b811214d81590d30916b415a8ba7df9f25a467fb9431c46a6cf70b8459189
-        SHA384: 6f24c9264b1b1c240ed172101c32d11ca71c0a133c1484d403337475fc1bc68e9ab3656b14046cb5c4ff1a1dfeda301f
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
-      Version: 3
-      TBS:
-        MD5: 829995f702421dea833a24fb2c7f4442
-        SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
-        SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
-        SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 0ef5eca7bd31cfc3a7f8e6259b423359
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: AVAST Software
-  Date: ''
-  Description: avast! NG setup helper driver
-  FileVersion: 10.0.0.320
-  Filename: ''
-  MD5: 9b5533c4af38759d167d5399e83b475f
-  MachineType: AMD64
-  OriginalFilename: ngiodriver.sys
-  Product: Avast NG
-  ProductVersion: 10.0.0.320
-  Publisher: ''
-  SHA1: 446130c61555e5c9224197963d32e108cd899ea0
-  SHA256: 42b31b850894bf917372ff50fbe1aff3990331e8bd03840d75e29dcc1026c180
-  Signature: ''
-  Imphash: 4946030efb34ab167180563899d5eb27
-  Authentihash:
-    MD5: 8cd81f87d7e8fc85cc973760e0e809e3
-    SHA1: 61a13395f07b8ecd7edabb39752f649126bb6942
-    SHA256: 0afba623a3ae2726112c6458c212bb48b210566851b7604ed3fbb880ffd3859f
-  RichPEHeaderHash:
-    MD5: 3d3e3c06f22b077f34b7f8e8196b2790
-    SHA1: 628a053ed6e2a87a4807eaf0cd7ed14e5cd8f058
-    SHA256: 860ee8d0e7d1e4d6a65146446cc9d4be77516c78acce16561d873738dcebff08
-  Sections:
-    .text:
-      Entropy: 6.198311756810645
-      Virtual Size: '0xb3e'
-    chipsec_:
-      Entropy: 4.840890178551545
-      Virtual Size: '0x12a'
-    .rdata:
-      Entropy: 4.428801397559138
-      Virtual Size: '0x1c4'
-    .data:
-      Entropy: 0.4804878386624626
-      Virtual Size: '0x128'
-    .pdata:
-      Entropy: 3.439172789195522
-      Virtual Size: '0x90'
-    INIT:
-      Entropy: 4.862221827985665
-      Virtual Size: '0x1de'
-    .rsrc:
-      Entropy: 3.2989978879129764
-      Virtual Size: '0x378'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2015-09-16 09:19:19'
-  InternalName: ngiodriver.sys
-  Copyright: Copyright (c) 2014 AVAST Software
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - ExFreePoolWithTag
-  - KeBugCheckEx
-  - __C_specific_handler
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=CZ, L=Praha 4, O=AVAST Software a.s., CN=AVAST Software a.s.
-      ValidFrom: '2013-07-12 00:00:00'
-      ValidTo: '2016-09-14 12:00:00'
-      Signature: 28dd038a8b1824ec13bb52ab16db006635fa9e07b6a3949d67a660fb46e38bcbef83aeeab5bbc0a0e92ef7f64a04c9647d000c66c4a3fbced041e347bfccb1dcac87a0ee04423b5419f1023142565d7f4f168f3e545b0c8d549bf702fd40cc5e22bf2728876072963a3c79cd7c0125473339b923a053ad14d6d56fb6693a1598995c47ab681f32f36f0ce8a49b0b93f61dbe5d0aaa1dab8f9ee928794e43ed0defe3d1b5834345ece88408deae457f7a990c5ed000f53ed5d70815aa08e3e2b6b72d5c48a30339fd204e1c8619e120ce5d21cba14ec2f299cedb4f02075489b1ed3d6a6bf266d1db1fdfb2d36f480dd5b05211185adf06e6745115e8c0b58600
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ef5eca7bd31cfc3a7f8e6259b423359
-      Version: 3
-      TBS:
-        MD5: a174efe24e7df3e8690e8c4ce8411cc6
-        SHA1: 191c63936fab86e7d3d618c583c63e82c7ca4749
-        SHA256: c83b811214d81590d30916b415a8ba7df9f25a467fb9431c46a6cf70b8459189
-        SHA384: 6f24c9264b1b1c240ed172101c32d11ca71c0a133c1484d403337475fc1bc68e9ab3656b14046cb5c4ff1a1dfeda301f
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
-      Version: 3
-      TBS:
-        MD5: 829995f702421dea833a24fb2c7f4442
-        SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
-        SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
-        SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 0ef5eca7bd31cfc3a7f8e6259b423359
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: AVAST Software
-  Date: ''
-  Description: avast! NG setup helper driver
-  FileVersion: 10.0.0.33
-  Filename: ''
-  MD5: ef1afb3a5ddad6795721f824690b4a69
-  MachineType: AMD64
-  OriginalFilename: ngiodriver.sys
-  Product: Avast NG
-  ProductVersion: 10.0.0.33
-  Publisher: ''
-  SHA1: 1a8b737dff81aa9e338b1fce0dc96ee7ee467bd5
-  SHA256: 5e3bc2d7bc56971457d642458563435c7e5c9c3c7c079ef5abeb6a61fb4d52ea
-  Signature: ''
-  Imphash: 54e54063abbf1edaa9cf9ed8a18916d6
-  Authentihash:
-    MD5: d0bb0781a6e2a7e3bad16ea1575cf109
-    SHA1: 61dad2a81e7d2dc7f4df7497a2e36879df4db47d
-    SHA256: 458efd66c94cd83cbd190d72c329b6c0cec3387802db8ca3cd530a84f80ce2b8
-  RichPEHeaderHash:
-    MD5: 978894e6fdeb83ae522a0e9a0b62a758
-    SHA1: 6feb616c5946bcb01cc190e0a41cd82a6ed227c9
-    SHA256: 74b9f053c667fdfb1b1bfdec577609a0678120a076af174b0274bbc7e0759f67
-  Sections:
-    .text:
-      Entropy: 5.672024429269039
-      Virtual Size: '0x3ce'
-    .rdata:
-      Entropy: 4.312204457145491
-      Virtual Size: '0x150'
-    .data:
-      Entropy: 0.5159719988134768
-      Virtual Size: '0x110'
-    .pdata:
-      Entropy: 3.091743235994535
-      Virtual Size: '0x54'
-    INIT:
-      Entropy: 4.839367877915433
-      Virtual Size: '0x190'
-    .rsrc:
-      Entropy: 3.2890567115685476
-      Virtual Size: '0x370'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2014-10-09 11:09:52'
-  InternalName: ngiodriver.sys
-  Copyright: Copyright (c) 2014 AVAST Software
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeBugCheckEx
-  - __C_specific_handler
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-05-20 00:00:00'
-      ValidTo: '2015-06-03 00:00:00'
-      Signature: 104090b3719ff01e3b02dc3fbc4c15e70e3912c08640161aa065c8935bc307b0a488440f9094475e35c305b2fed89d1ed4f4b77ec607215e660fe535b2a41f042a4230e6274f276234c06694c2022f4779264a9d4a5c04b50448f32b79491a4714bc16e5c7b8675020bdacc4b4fdab21802c60a61bab7cef073c40ee69184dd627e23459e1294223b33d439d6e1e97c4dd82f8f2a114f88dfc667d64ec40370104de4c554e3fd322f846cf2e58c0cbb0a5bee0e51b8b485cb2119102ccb95cecfd1e7525fe7e2516ba2c12841fdbf10ef90453b2f84d9c06463371758686e3540fd7ebb3d558af2b5a87c4a0300d33c6a6f130bed5fb7f35bec6e28fd919ef94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 06640146e980e00e60a14d8f444a5958
-      Version: 3
-      TBS:
-        MD5: 1ce10b1105b364202a574393fd9e4280
-        SHA1: 073c25f235a4b3939e4bc5873e657292b3c505d0
-        SHA256: 3ab244526b2e0d4a28ed2948871de3ff07edeea8132c26512de0aabcdc3a7c93
-        SHA384: 50d55882cb1aa3a572baa998c671c40f0392128aa5cab9bc753776db07e0ad86fb050acc523a0a0dc642243d8e259d1d
-    - Subject: C=CZ, L=Praha 4, O=AVAST Software a.s., CN=AVAST Software a.s.
-      ValidFrom: '2013-07-12 00:00:00'
-      ValidTo: '2016-09-14 12:00:00'
-      Signature: 28dd038a8b1824ec13bb52ab16db006635fa9e07b6a3949d67a660fb46e38bcbef83aeeab5bbc0a0e92ef7f64a04c9647d000c66c4a3fbced041e347bfccb1dcac87a0ee04423b5419f1023142565d7f4f168f3e545b0c8d549bf702fd40cc5e22bf2728876072963a3c79cd7c0125473339b923a053ad14d6d56fb6693a1598995c47ab681f32f36f0ce8a49b0b93f61dbe5d0aaa1dab8f9ee928794e43ed0defe3d1b5834345ece88408deae457f7a990c5ed000f53ed5d70815aa08e3e2b6b72d5c48a30339fd204e1c8619e120ce5d21cba14ec2f299cedb4f02075489b1ed3d6a6bf266d1db1fdfb2d36f480dd5b05211185adf06e6745115e8c0b58600
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ef5eca7bd31cfc3a7f8e6259b423359
-      Version: 3
-      TBS:
-        MD5: a174efe24e7df3e8690e8c4ce8411cc6
-        SHA1: 191c63936fab86e7d3d618c583c63e82c7ca4749
-        SHA256: c83b811214d81590d30916b415a8ba7df9f25a467fb9431c46a6cf70b8459189
-        SHA384: 6f24c9264b1b1c240ed172101c32d11ca71c0a133c1484d403337475fc1bc68e9ab3656b14046cb5c4ff1a1dfeda301f
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
-      Version: 3
-      TBS:
-        MD5: 829995f702421dea833a24fb2c7f4442
-        SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
-        SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
-        SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 0ef5eca7bd31cfc3a7f8e6259b423359
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: AVAST Software
-  Date: ''
-  Description: avast! NG setup helper driver
-  FileVersion: 11.0.0.362
-  Filename: ''
-  MD5: 0199a59af05d9986842ecbdee3884f0c
-  MachineType: I386
-  OriginalFilename: ngiodriver.sys
-  Product: Avast NG
-  ProductVersion: 11.0.0.362
-  Publisher: ''
-  SHA1: dbe26c67a4cabba16d339a1b256ca008effcf6c8
-  SHA256: 5fae7e491b0d919f0b551e15e0942ac7772f2889722684aea32cff369e975879
-  Signature: ''
-  Imphash: 5a50a9a44f5d36af5df1bde995d22e42
-  Authentihash:
-    MD5: fe41e3b2fedc16b11bbb2b9160f4fd21
-    SHA1: b6647c0c30b3e2727baf21d7f3c6bd928d6ec517
-    SHA256: b508921632475b1aadf6194b2f3feea72959b60675dcb44bbc3f8e363f8485ea
-  RichPEHeaderHash:
-    MD5: a5a0fc36d8a5c0082e09b75e3ec4dce3
-    SHA1: 807d4c627badd43df483d25ee76859fa0b9e26d0
-    SHA256: 547155fab99e250db4bf1ad48ce77caa5e5a347e1028706e3846b21c0d5e0072
-  Sections:
-    .text:
-      Entropy: 6.189655500565374
-      Virtual Size: '0xbaa'
-    .rdata:
-      Entropy: 3.9824191987808986
-      Virtual Size: '0x1a4'
-    .data:
-      Entropy: 2.0577277787393187
-      Virtual Size: '0x24'
-    .crtdata:
-      Entropy: -0.0
-      Virtual Size: '0x8'
-    INIT:
-      Entropy: 5.286355706336742
-      Virtual Size: '0x318'
-    .rsrc:
-      Entropy: 3.3064480646422245
-      Virtual Size: '0x378'
-    .reloc:
-      Entropy: 4.103562901241629
-      Virtual Size: '0x118'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2015-11-30 06:07:29'
-  InternalName: ngiodriver.sys
-  Copyright: Copyright (c) 2014 AVAST Software
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - MmMapIoSpace
-  - memcpy
-  - WRITE_REGISTER_BUFFER_UCHAR
-  - WRITE_REGISTER_BUFFER_USHORT
-  - WRITE_REGISTER_BUFFER_ULONG
-  - IofCompleteRequest
-  - READ_REGISTER_BUFFER_ULONG
-  - IoCreateDevice
-  - ExFreePoolWithTag
-  - KeTickCount
-  - RtlUnwind
-  - READ_REGISTER_BUFFER_USHORT
-  - READ_REGISTER_BUFFER_UCHAR
-  - MmUnmapIoSpace
-  - RtlInitUnicodeString
-  - IoDeleteSymbolicLink
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - KeBugCheckEx
-  - WRITE_PORT_USHORT
-  - WRITE_PORT_UCHAR
-  - READ_PORT_ULONG
-  - READ_PORT_USHORT
-  - READ_PORT_UCHAR
-  - WRITE_PORT_ULONG
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=CZ, L=Praha 4, O=AVAST Software a.s., CN=AVAST Software a.s.
-      ValidFrom: '2013-07-12 00:00:00'
-      ValidTo: '2016-09-14 12:00:00'
-      Signature: 28dd038a8b1824ec13bb52ab16db006635fa9e07b6a3949d67a660fb46e38bcbef83aeeab5bbc0a0e92ef7f64a04c9647d000c66c4a3fbced041e347bfccb1dcac87a0ee04423b5419f1023142565d7f4f168f3e545b0c8d549bf702fd40cc5e22bf2728876072963a3c79cd7c0125473339b923a053ad14d6d56fb6693a1598995c47ab681f32f36f0ce8a49b0b93f61dbe5d0aaa1dab8f9ee928794e43ed0defe3d1b5834345ece88408deae457f7a990c5ed000f53ed5d70815aa08e3e2b6b72d5c48a30339fd204e1c8619e120ce5d21cba14ec2f299cedb4f02075489b1ed3d6a6bf266d1db1fdfb2d36f480dd5b05211185adf06e6745115e8c0b58600
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ef5eca7bd31cfc3a7f8e6259b423359
-      Version: 3
-      TBS:
-        MD5: a174efe24e7df3e8690e8c4ce8411cc6
-        SHA1: 191c63936fab86e7d3d618c583c63e82c7ca4749
-        SHA256: c83b811214d81590d30916b415a8ba7df9f25a467fb9431c46a6cf70b8459189
-        SHA384: 6f24c9264b1b1c240ed172101c32d11ca71c0a133c1484d403337475fc1bc68e9ab3656b14046cb5c4ff1a1dfeda301f
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
-      Version: 3
-      TBS:
-        MD5: 829995f702421dea833a24fb2c7f4442
-        SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
-        SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
-        SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 0ef5eca7bd31cfc3a7f8e6259b423359
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: AVAST Software
-  Date: ''
-  Description: avast! NG setup helper driver
-  FileVersion: 10.0.0.207
-  Filename: ''
-  MD5: b9cf3294c13cdea624ab95ca3e2e483f
-  MachineType: AMD64
-  OriginalFilename: ngiodriver.sys
-  Product: Avast NG
-  ProductVersion: 10.0.0.207
-  Publisher: ''
-  SHA1: c127c4d0917f54cee13a61c6c0029c95ae0746cf
-  SHA256: 733789d0a253e8d80cc3240e365b8d4274e510e36007f6e4b5fd13b07b084c3e
-  Signature: ''
-  Imphash: 4946030efb34ab167180563899d5eb27
-  Authentihash:
-    MD5: 2210ca089694abf5a488069b328d09a5
-    SHA1: bc66119471ea7f5335cb2a267ab5d372b74da418
-    SHA256: c23ac21bfcf3bd7f76d4f3b91844ab35427a1a2d3bbaf93f7916edf7569e4b22
-  RichPEHeaderHash:
-    MD5: 3d3e3c06f22b077f34b7f8e8196b2790
-    SHA1: 628a053ed6e2a87a4807eaf0cd7ed14e5cd8f058
-    SHA256: 860ee8d0e7d1e4d6a65146446cc9d4be77516c78acce16561d873738dcebff08
-  Sections:
-    .text:
-      Entropy: 6.198311756810645
-      Virtual Size: '0xb3e'
-    chipsec_:
-      Entropy: 4.840890178551545
-      Virtual Size: '0x12a'
-    .rdata:
-      Entropy: 4.407448555845858
-      Virtual Size: '0x1c4'
-    .data:
-      Entropy: 0.4804878386624626
-      Virtual Size: '0x128'
-    .pdata:
-      Entropy: 3.439172789195522
-      Virtual Size: '0x90'
-    INIT:
-      Entropy: 4.862221827985665
-      Virtual Size: '0x1de'
-    .rsrc:
-      Entropy: 3.287881363246984
-      Virtual Size: '0x378'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2015-04-17 06:27:33'
-  InternalName: ngiodriver.sys
-  Copyright: Copyright (c) 2014 AVAST Software
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - ExFreePoolWithTag
-  - KeBugCheckEx
-  - __C_specific_handler
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=CZ, L=Praha 4, O=AVAST Software a.s., CN=AVAST Software a.s.
-      ValidFrom: '2013-07-12 00:00:00'
-      ValidTo: '2016-09-14 12:00:00'
-      Signature: 28dd038a8b1824ec13bb52ab16db006635fa9e07b6a3949d67a660fb46e38bcbef83aeeab5bbc0a0e92ef7f64a04c9647d000c66c4a3fbced041e347bfccb1dcac87a0ee04423b5419f1023142565d7f4f168f3e545b0c8d549bf702fd40cc5e22bf2728876072963a3c79cd7c0125473339b923a053ad14d6d56fb6693a1598995c47ab681f32f36f0ce8a49b0b93f61dbe5d0aaa1dab8f9ee928794e43ed0defe3d1b5834345ece88408deae457f7a990c5ed000f53ed5d70815aa08e3e2b6b72d5c48a30339fd204e1c8619e120ce5d21cba14ec2f299cedb4f02075489b1ed3d6a6bf266d1db1fdfb2d36f480dd5b05211185adf06e6745115e8c0b58600
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ef5eca7bd31cfc3a7f8e6259b423359
-      Version: 3
-      TBS:
-        MD5: a174efe24e7df3e8690e8c4ce8411cc6
-        SHA1: 191c63936fab86e7d3d618c583c63e82c7ca4749
-        SHA256: c83b811214d81590d30916b415a8ba7df9f25a467fb9431c46a6cf70b8459189
-        SHA384: 6f24c9264b1b1c240ed172101c32d11ca71c0a133c1484d403337475fc1bc68e9ab3656b14046cb5c4ff1a1dfeda301f
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
-      Version: 3
-      TBS:
-        MD5: 829995f702421dea833a24fb2c7f4442
-        SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
-        SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
-        SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 0ef5eca7bd31cfc3a7f8e6259b423359
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: AVAST Software
-  Date: ''
-  Description: avast! NG setup helper driver
-  FileVersion: 10.0.0.69
-  Filename: ''
-  MD5: ac591a3b4df82a589edbb236263ec70a
-  MachineType: AMD64
-  OriginalFilename: ngiodriver.sys
-  Product: Avast NG
-  ProductVersion: 10.0.0.69
-  Publisher: ''
-  SHA1: cef5a329f7a36c76a546d9528e57245127f37246
-  SHA256: 85fdd255c5d7add25fd7cd502221387a5e11f02144753890218dd31a8333a1a3
-  Signature: ''
-  Imphash: 54e54063abbf1edaa9cf9ed8a18916d6
-  Authentihash:
-    MD5: e278ffc1e930a5172a0176efd8935663
-    SHA1: 4ecd1d1613858f8da007852df88979ec7183198a
-    SHA256: 22901319d041f2650d1ade9a8f66f7e6993800d1c20e6014b7da6642d0e8d90e
-  RichPEHeaderHash:
-    MD5: 978894e6fdeb83ae522a0e9a0b62a758
-    SHA1: 6feb616c5946bcb01cc190e0a41cd82a6ed227c9
-    SHA256: 74b9f053c667fdfb1b1bfdec577609a0678120a076af174b0274bbc7e0759f67
-  Sections:
-    .text:
-      Entropy: 5.672024429269039
-      Virtual Size: '0x3ce'
-    .rdata:
-      Entropy: 4.330780572979379
-      Virtual Size: '0x150'
-    .data:
-      Entropy: 0.5159719988134768
-      Virtual Size: '0x110'
-    .pdata:
-      Entropy: 3.091743235994535
-      Virtual Size: '0x54'
-    INIT:
-      Entropy: 4.839367877915433
-      Virtual Size: '0x190'
-    .rsrc:
-      Entropy: 3.290471612134271
-      Virtual Size: '0x370'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2014-11-06 05:23:17'
-  InternalName: ngiodriver.sys
-  Copyright: Copyright (c) 2014 AVAST Software
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeBugCheckEx
-  - __C_specific_handler
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=CZ, L=Praha 4, O=AVAST Software a.s., CN=AVAST Software a.s.
-      ValidFrom: '2013-07-12 00:00:00'
-      ValidTo: '2016-09-14 12:00:00'
-      Signature: 28dd038a8b1824ec13bb52ab16db006635fa9e07b6a3949d67a660fb46e38bcbef83aeeab5bbc0a0e92ef7f64a04c9647d000c66c4a3fbced041e347bfccb1dcac87a0ee04423b5419f1023142565d7f4f168f3e545b0c8d549bf702fd40cc5e22bf2728876072963a3c79cd7c0125473339b923a053ad14d6d56fb6693a1598995c47ab681f32f36f0ce8a49b0b93f61dbe5d0aaa1dab8f9ee928794e43ed0defe3d1b5834345ece88408deae457f7a990c5ed000f53ed5d70815aa08e3e2b6b72d5c48a30339fd204e1c8619e120ce5d21cba14ec2f299cedb4f02075489b1ed3d6a6bf266d1db1fdfb2d36f480dd5b05211185adf06e6745115e8c0b58600
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ef5eca7bd31cfc3a7f8e6259b423359
-      Version: 3
-      TBS:
-        MD5: a174efe24e7df3e8690e8c4ce8411cc6
-        SHA1: 191c63936fab86e7d3d618c583c63e82c7ca4749
-        SHA256: c83b811214d81590d30916b415a8ba7df9f25a467fb9431c46a6cf70b8459189
-        SHA384: 6f24c9264b1b1c240ed172101c32d11ca71c0a133c1484d403337475fc1bc68e9ab3656b14046cb5c4ff1a1dfeda301f
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
-      Version: 3
-      TBS:
-        MD5: 829995f702421dea833a24fb2c7f4442
-        SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
-        SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
-        SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 0ef5eca7bd31cfc3a7f8e6259b423359
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: AVAST Software
-  Date: ''
-  Description: avast! NG setup helper driver
-  FileVersion: 10.0.0.320
-  Filename: ''
-  MD5: 8fcf90cb5f9cb7205c075c662720f762
-  MachineType: I386
-  OriginalFilename: ngiodriver.sys
-  Product: Avast NG
-  ProductVersion: 10.0.0.320
-  Publisher: ''
-  SHA1: b91c34bb846fd5b2f13f627b7da16c78e3ee7b0f
-  SHA256: c0c52425dd90f36d110952c665e5b644bb1092f952942c07bb4da998c9ce6e5b
-  Signature: ''
-  Imphash: 5a50a9a44f5d36af5df1bde995d22e42
-  Authentihash:
-    MD5: 515da95540a55208f24ca8bbfca6f81a
-    SHA1: 89452c4ecea9cd1119f1fd3d2ee2dd073d2df45d
-    SHA256: 1748436f8e9c251b2c0d1a33499a1aa1a06ae961e1c9911e8c172fe297ab1feb
-  RichPEHeaderHash:
-    MD5: a5a0fc36d8a5c0082e09b75e3ec4dce3
-    SHA1: 807d4c627badd43df483d25ee76859fa0b9e26d0
-    SHA256: 547155fab99e250db4bf1ad48ce77caa5e5a347e1028706e3846b21c0d5e0072
-  Sections:
-    .text:
-      Entropy: 6.189655500565374
-      Virtual Size: '0xbaa'
-    .rdata:
-      Entropy: 4.019233282303429
-      Virtual Size: '0x1a4'
-    .data:
-      Entropy: 2.0577277787393187
-      Virtual Size: '0x24'
-    .crtdata:
-      Entropy: -0.0
-      Virtual Size: '0x8'
-    INIT:
-      Entropy: 5.286355706336742
-      Virtual Size: '0x318'
-    .rsrc:
-      Entropy: 3.3014097228792787
-      Virtual Size: '0x378'
-    .reloc:
-      Entropy: 4.103562901241629
-      Virtual Size: '0x118'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2015-09-16 09:19:17'
-  InternalName: ngiodriver.sys
-  Copyright: Copyright (c) 2014 AVAST Software
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - MmMapIoSpace
-  - memcpy
-  - WRITE_REGISTER_BUFFER_UCHAR
-  - WRITE_REGISTER_BUFFER_USHORT
-  - WRITE_REGISTER_BUFFER_ULONG
-  - IofCompleteRequest
-  - READ_REGISTER_BUFFER_ULONG
-  - IoCreateDevice
-  - ExFreePoolWithTag
-  - KeTickCount
-  - RtlUnwind
-  - READ_REGISTER_BUFFER_USHORT
-  - READ_REGISTER_BUFFER_UCHAR
-  - MmUnmapIoSpace
-  - RtlInitUnicodeString
-  - IoDeleteSymbolicLink
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - KeBugCheckEx
-  - WRITE_PORT_USHORT
-  - WRITE_PORT_UCHAR
-  - READ_PORT_ULONG
-  - READ_PORT_USHORT
-  - READ_PORT_UCHAR
-  - WRITE_PORT_ULONG
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=CZ, L=Praha 4, O=AVAST Software a.s., CN=AVAST Software a.s.
-      ValidFrom: '2013-07-12 00:00:00'
-      ValidTo: '2016-09-14 12:00:00'
-      Signature: 28dd038a8b1824ec13bb52ab16db006635fa9e07b6a3949d67a660fb46e38bcbef83aeeab5bbc0a0e92ef7f64a04c9647d000c66c4a3fbced041e347bfccb1dcac87a0ee04423b5419f1023142565d7f4f168f3e545b0c8d549bf702fd40cc5e22bf2728876072963a3c79cd7c0125473339b923a053ad14d6d56fb6693a1598995c47ab681f32f36f0ce8a49b0b93f61dbe5d0aaa1dab8f9ee928794e43ed0defe3d1b5834345ece88408deae457f7a990c5ed000f53ed5d70815aa08e3e2b6b72d5c48a30339fd204e1c8619e120ce5d21cba14ec2f299cedb4f02075489b1ed3d6a6bf266d1db1fdfb2d36f480dd5b05211185adf06e6745115e8c0b58600
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ef5eca7bd31cfc3a7f8e6259b423359
-      Version: 3
-      TBS:
-        MD5: a174efe24e7df3e8690e8c4ce8411cc6
-        SHA1: 191c63936fab86e7d3d618c583c63e82c7ca4749
-        SHA256: c83b811214d81590d30916b415a8ba7df9f25a467fb9431c46a6cf70b8459189
-        SHA384: 6f24c9264b1b1c240ed172101c32d11ca71c0a133c1484d403337475fc1bc68e9ab3656b14046cb5c4ff1a1dfeda301f
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
-      Version: 3
-      TBS:
-        MD5: 829995f702421dea833a24fb2c7f4442
-        SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
-        SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
-        SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 0ef5eca7bd31cfc3a7f8e6259b423359
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: AVAST Software
-  Date: ''
-  Description: avast! NG setup helper driver
-  FileVersion: 10.0.0.52
-  Filename: ''
-  MD5: ef18d594c862d6d3704b777fa3445ac2
-  MachineType: AMD64
-  OriginalFilename: ngiodriver.sys
-  Product: Avast NG
-  ProductVersion: 10.0.0.52
-  Publisher: ''
-  SHA1: 8795df6494b724d9f279f007db33c24c27a91d08
-  SHA256: d0e4d3e1f5d5942aaf2c72631e9490eecc4d295ee78c323d8fe05092e5b788eb
-  Signature: ''
-  Imphash: 54e54063abbf1edaa9cf9ed8a18916d6
-  Authentihash:
-    MD5: 18051086d5898a69063f70148bd1c1d1
-    SHA1: 9c39cb449962d1facd910d68707c4cce8a1e95e0
-    SHA256: bb3b45506d203aafb4ef28586c0655cd2e9095e6238a8ccf76ab6eb6113b4476
-  RichPEHeaderHash:
-    MD5: 978894e6fdeb83ae522a0e9a0b62a758
-    SHA1: 6feb616c5946bcb01cc190e0a41cd82a6ed227c9
-    SHA256: 74b9f053c667fdfb1b1bfdec577609a0678120a076af174b0274bbc7e0759f67
-  Sections:
-    .text:
-      Entropy: 5.672024429269039
-      Virtual Size: '0x3ce'
-    .rdata:
-      Entropy: 4.280195863389052
-      Virtual Size: '0x150'
-    .data:
-      Entropy: 0.5159719988134768
-      Virtual Size: '0x110'
-    .pdata:
-      Entropy: 3.091743235994535
-      Virtual Size: '0x54'
-    INIT:
-      Entropy: 4.839367877915433
-      Virtual Size: '0x190'
-    .rsrc:
-      Entropy: 3.2853215337528625
-      Virtual Size: '0x370'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2014-10-21 04:07:46'
-  InternalName: ngiodriver.sys
-  Copyright: Copyright (c) 2014 AVAST Software
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeBugCheckEx
-  - __C_specific_handler
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-05-20 00:00:00'
-      ValidTo: '2015-06-03 00:00:00'
-      Signature: 104090b3719ff01e3b02dc3fbc4c15e70e3912c08640161aa065c8935bc307b0a488440f9094475e35c305b2fed89d1ed4f4b77ec607215e660fe535b2a41f042a4230e6274f276234c06694c2022f4779264a9d4a5c04b50448f32b79491a4714bc16e5c7b8675020bdacc4b4fdab21802c60a61bab7cef073c40ee69184dd627e23459e1294223b33d439d6e1e97c4dd82f8f2a114f88dfc667d64ec40370104de4c554e3fd322f846cf2e58c0cbb0a5bee0e51b8b485cb2119102ccb95cecfd1e7525fe7e2516ba2c12841fdbf10ef90453b2f84d9c06463371758686e3540fd7ebb3d558af2b5a87c4a0300d33c6a6f130bed5fb7f35bec6e28fd919ef94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 06640146e980e00e60a14d8f444a5958
-      Version: 3
-      TBS:
-        MD5: 1ce10b1105b364202a574393fd9e4280
-        SHA1: 073c25f235a4b3939e4bc5873e657292b3c505d0
-        SHA256: 3ab244526b2e0d4a28ed2948871de3ff07edeea8132c26512de0aabcdc3a7c93
-        SHA384: 50d55882cb1aa3a572baa998c671c40f0392128aa5cab9bc753776db07e0ad86fb050acc523a0a0dc642243d8e259d1d
-    - Subject: C=CZ, L=Praha 4, O=AVAST Software a.s., CN=AVAST Software a.s.
-      ValidFrom: '2013-07-12 00:00:00'
-      ValidTo: '2016-09-14 12:00:00'
-      Signature: 28dd038a8b1824ec13bb52ab16db006635fa9e07b6a3949d67a660fb46e38bcbef83aeeab5bbc0a0e92ef7f64a04c9647d000c66c4a3fbced041e347bfccb1dcac87a0ee04423b5419f1023142565d7f4f168f3e545b0c8d549bf702fd40cc5e22bf2728876072963a3c79cd7c0125473339b923a053ad14d6d56fb6693a1598995c47ab681f32f36f0ce8a49b0b93f61dbe5d0aaa1dab8f9ee928794e43ed0defe3d1b5834345ece88408deae457f7a990c5ed000f53ed5d70815aa08e3e2b6b72d5c48a30339fd204e1c8619e120ce5d21cba14ec2f299cedb4f02075489b1ed3d6a6bf266d1db1fdfb2d36f480dd5b05211185adf06e6745115e8c0b58600
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ef5eca7bd31cfc3a7f8e6259b423359
-      Version: 3
-      TBS:
-        MD5: a174efe24e7df3e8690e8c4ce8411cc6
-        SHA1: 191c63936fab86e7d3d618c583c63e82c7ca4749
-        SHA256: c83b811214d81590d30916b415a8ba7df9f25a467fb9431c46a6cf70b8459189
-        SHA384: 6f24c9264b1b1c240ed172101c32d11ca71c0a133c1484d403337475fc1bc68e9ab3656b14046cb5c4ff1a1dfeda301f
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
-      Version: 3
-      TBS:
-        MD5: 829995f702421dea833a24fb2c7f4442
-        SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
-        SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
-        SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 0ef5eca7bd31cfc3a7f8e6259b423359
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: AVAST Software
-  Date: ''
-  Description: avast! NG setup helper driver
-  FileVersion: 10.0.0.207
-  Filename: ''
-  MD5: 9988fc825675d4d3e2298537fc78e303
-  MachineType: I386
-  OriginalFilename: ngiodriver.sys
-  Product: Avast NG
-  ProductVersion: 10.0.0.207
-  Publisher: ''
-  SHA1: 184729ec2ffd0928a408255a23b3f532ffb3db3d
-  SHA256: d1463b7fec911c10a8c96d84eb7c0f9e95fa488d826647a591a38c0593f812a4
-  Signature: ''
-  Imphash: 5a50a9a44f5d36af5df1bde995d22e42
-  Authentihash:
-    MD5: 6fde5f69ec06e982a64db3b46dd5db94
-    SHA1: d65d3bc92a641a1b21f04c002553c66adcb644c5
-    SHA256: ec81b458b41c9732341ec8cde57b9b7c7bb776b3bc08f45f2c815c3692072d04
-  RichPEHeaderHash:
-    MD5: a5a0fc36d8a5c0082e09b75e3ec4dce3
-    SHA1: 807d4c627badd43df483d25ee76859fa0b9e26d0
-    SHA256: 547155fab99e250db4bf1ad48ce77caa5e5a347e1028706e3846b21c0d5e0072
-  Sections:
-    .text:
-      Entropy: 6.189655500565374
-      Virtual Size: '0xbaa'
-    .rdata:
-      Entropy: 4.008552445849762
-      Virtual Size: '0x1a4'
-    .data:
-      Entropy: 2.0577277787393187
-      Virtual Size: '0x24'
-    .crtdata:
-      Entropy: -0.0
-      Virtual Size: '0x8'
-    INIT:
-      Entropy: 5.286355706336742
-      Virtual Size: '0x318'
-    .rsrc:
-      Entropy: 3.2902931982132864
-      Virtual Size: '0x378'
-    .reloc:
-      Entropy: 4.103562901241629
-      Virtual Size: '0x118'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2015-04-17 06:27:32'
-  InternalName: ngiodriver.sys
-  Copyright: Copyright (c) 2014 AVAST Software
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - MmMapIoSpace
-  - memcpy
-  - WRITE_REGISTER_BUFFER_UCHAR
-  - WRITE_REGISTER_BUFFER_USHORT
-  - WRITE_REGISTER_BUFFER_ULONG
-  - IofCompleteRequest
-  - READ_REGISTER_BUFFER_ULONG
-  - IoCreateDevice
-  - ExFreePoolWithTag
-  - KeTickCount
-  - RtlUnwind
-  - READ_REGISTER_BUFFER_USHORT
-  - READ_REGISTER_BUFFER_UCHAR
-  - MmUnmapIoSpace
-  - RtlInitUnicodeString
-  - IoDeleteSymbolicLink
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - KeBugCheckEx
-  - WRITE_PORT_USHORT
-  - WRITE_PORT_UCHAR
-  - READ_PORT_ULONG
-  - READ_PORT_USHORT
-  - READ_PORT_UCHAR
-  - WRITE_PORT_ULONG
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=CZ, L=Praha 4, O=AVAST Software a.s., CN=AVAST Software a.s.
-      ValidFrom: '2013-07-12 00:00:00'
-      ValidTo: '2016-09-14 12:00:00'
-      Signature: 28dd038a8b1824ec13bb52ab16db006635fa9e07b6a3949d67a660fb46e38bcbef83aeeab5bbc0a0e92ef7f64a04c9647d000c66c4a3fbced041e347bfccb1dcac87a0ee04423b5419f1023142565d7f4f168f3e545b0c8d549bf702fd40cc5e22bf2728876072963a3c79cd7c0125473339b923a053ad14d6d56fb6693a1598995c47ab681f32f36f0ce8a49b0b93f61dbe5d0aaa1dab8f9ee928794e43ed0defe3d1b5834345ece88408deae457f7a990c5ed000f53ed5d70815aa08e3e2b6b72d5c48a30339fd204e1c8619e120ce5d21cba14ec2f299cedb4f02075489b1ed3d6a6bf266d1db1fdfb2d36f480dd5b05211185adf06e6745115e8c0b58600
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ef5eca7bd31cfc3a7f8e6259b423359
-      Version: 3
-      TBS:
-        MD5: a174efe24e7df3e8690e8c4ce8411cc6
-        SHA1: 191c63936fab86e7d3d618c583c63e82c7ca4749
-        SHA256: c83b811214d81590d30916b415a8ba7df9f25a467fb9431c46a6cf70b8459189
-        SHA384: 6f24c9264b1b1c240ed172101c32d11ca71c0a133c1484d403337475fc1bc68e9ab3656b14046cb5c4ff1a1dfeda301f
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
-      Version: 3
-      TBS:
-        MD5: 829995f702421dea833a24fb2c7f4442
-        SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
-        SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
-        SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 0ef5eca7bd31cfc3a7f8e6259b423359
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: AVAST Software
-  Date: ''
-  Description: avast! NG setup helper driver
-  FileVersion: 10.0.0.1126
-  Filename: ''
-  MD5: fa0d1fca7c5b44ce3b799389434fcaa5
-  MachineType: AMD64
-  OriginalFilename: ngiodriver.sys
-  Product: avast! NG
-  ProductVersion: 10.0.0.1126
-  Publisher: ''
-  SHA1: 8146ed4a9c9a2f7e7aeae0a0539610c3c1cd3563
-  SHA256: e8eb1c821dbf56bde05c0c49f6d560021628df89c29192058ce68907e7048994
-  Signature: ''
-  Imphash: 54e54063abbf1edaa9cf9ed8a18916d6
-  Authentihash:
-    MD5: d90c2ebafebef8826bc3d20ebdf462da
-    SHA1: 66003ac9ead8e3c7a1576ab2b8d0c30cec811953
-    SHA256: 783a127c470a136b07a41bdaf2d78a8e4e73c3fca1a124d33d5f8653ef887d30
-  RichPEHeaderHash:
-    MD5: 978894e6fdeb83ae522a0e9a0b62a758
-    SHA1: 6feb616c5946bcb01cc190e0a41cd82a6ed227c9
-    SHA256: 74b9f053c667fdfb1b1bfdec577609a0678120a076af174b0274bbc7e0759f67
-  Sections:
-    .text:
-      Entropy: 5.672024429269039
-      Virtual Size: '0x3ce'
-    .rdata:
-      Entropy: 4.287538534250268
-      Virtual Size: '0x150'
-    .data:
-      Entropy: 0.5159719988134768
-      Virtual Size: '0x110'
-    .pdata:
-      Entropy: 3.091743235994535
-      Virtual Size: '0x54'
-    INIT:
-      Entropy: 4.839367877915433
-      Virtual Size: '0x190'
-    .rsrc:
-      Entropy: 3.326420955802191
-      Virtual Size: '0x378'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2014-09-17 10:10:49'
-  InternalName: ngiodriver.sys
-  Copyright: Copyright (c) 2012 AVAST Software
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeBugCheckEx
-  - __C_specific_handler
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-05-20 00:00:00'
-      ValidTo: '2015-06-03 00:00:00'
-      Signature: 104090b3719ff01e3b02dc3fbc4c15e70e3912c08640161aa065c8935bc307b0a488440f9094475e35c305b2fed89d1ed4f4b77ec607215e660fe535b2a41f042a4230e6274f276234c06694c2022f4779264a9d4a5c04b50448f32b79491a4714bc16e5c7b8675020bdacc4b4fdab21802c60a61bab7cef073c40ee69184dd627e23459e1294223b33d439d6e1e97c4dd82f8f2a114f88dfc667d64ec40370104de4c554e3fd322f846cf2e58c0cbb0a5bee0e51b8b485cb2119102ccb95cecfd1e7525fe7e2516ba2c12841fdbf10ef90453b2f84d9c06463371758686e3540fd7ebb3d558af2b5a87c4a0300d33c6a6f130bed5fb7f35bec6e28fd919ef94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 06640146e980e00e60a14d8f444a5958
-      Version: 3
-      TBS:
-        MD5: 1ce10b1105b364202a574393fd9e4280
-        SHA1: 073c25f235a4b3939e4bc5873e657292b3c505d0
-        SHA256: 3ab244526b2e0d4a28ed2948871de3ff07edeea8132c26512de0aabcdc3a7c93
-        SHA384: 50d55882cb1aa3a572baa998c671c40f0392128aa5cab9bc753776db07e0ad86fb050acc523a0a0dc642243d8e259d1d
-    - Subject: C=CZ, L=Praha 4, O=AVAST Software a.s., CN=AVAST Software a.s.
-      ValidFrom: '2013-07-12 00:00:00'
-      ValidTo: '2016-09-14 12:00:00'
-      Signature: 28dd038a8b1824ec13bb52ab16db006635fa9e07b6a3949d67a660fb46e38bcbef83aeeab5bbc0a0e92ef7f64a04c9647d000c66c4a3fbced041e347bfccb1dcac87a0ee04423b5419f1023142565d7f4f168f3e545b0c8d549bf702fd40cc5e22bf2728876072963a3c79cd7c0125473339b923a053ad14d6d56fb6693a1598995c47ab681f32f36f0ce8a49b0b93f61dbe5d0aaa1dab8f9ee928794e43ed0defe3d1b5834345ece88408deae457f7a990c5ed000f53ed5d70815aa08e3e2b6b72d5c48a30339fd204e1c8619e120ce5d21cba14ec2f299cedb4f02075489b1ed3d6a6bf266d1db1fdfb2d36f480dd5b05211185adf06e6745115e8c0b58600
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ef5eca7bd31cfc3a7f8e6259b423359
-      Version: 3
-      TBS:
-        MD5: a174efe24e7df3e8690e8c4ce8411cc6
-        SHA1: 191c63936fab86e7d3d618c583c63e82c7ca4749
-        SHA256: c83b811214d81590d30916b415a8ba7df9f25a467fb9431c46a6cf70b8459189
-        SHA384: 6f24c9264b1b1c240ed172101c32d11ca71c0a133c1484d403337475fc1bc68e9ab3656b14046cb5c4ff1a1dfeda301f
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
-      Version: 3
-      TBS:
-        MD5: 829995f702421dea833a24fb2c7f4442
-        SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
-        SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
-        SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 0ef5eca7bd31cfc3a7f8e6259b423359
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create ngiodriversys binPath= C:\windows\temp\ngiodriversys.sys
+        type=kernel && sc.exe start ngiodriversys
+    Description: The Carbon Black Threat Analysis Unit (TAU) discovered 34 unique
+        vulnerable drivers (237 file hashes) accepting firmware access. Six allow
+        kernel memory access. All give full control of the devices to non-admin users.
+        By exploiting the vulnerable drivers, an attacker without the system privilege
+        may erase/alter firmware, and/or elevate privileges. As of the time of writing
+        in October 2023, the filenames of the vulnerable drivers have not been made
+        public until now.
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://blogs.vmware.com/security/2023/10/hunting-vulnerable-kernel-drivers.html
-Tags:
-- ngiodriver.sys
-Verified: 'TRUE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Company: AVAST Software
+    Date: ''
+    Description: avast! NG setup helper driver
+    FileVersion: 10.0.0.1126
+    Filename: ''
+    MD5: 55cd6b46ac25bbe01245f2270a0d6cb8
+    MachineType: I386
+    OriginalFilename: ngiodriver.sys
+    Product: avast! NG
+    ProductVersion: 10.0.0.1126
+    Publisher: ''
+    SHA1: 004d9353f334e42c79a12c3a31785a96f330bbef
+    SHA256: 1072beb3ff6b191b3df1a339e3a8c87a8dc5eae727f2b993ea51b448e837636a
+    Signature: ''
+    Imphash: 77d6a7153b3015318622b793227fb394
+    Authentihash:
+        MD5: d26fd7449ea970328d9031e1e47268cc
+        SHA1: c460bb927c2280514e0fb6b338d4a3c17f6b6cb6
+        SHA256: bcaeac1a4a51b210bfc5ebdb6f797797299a171e0b6d50aa8f9bcdb45a51d629
+    RichPEHeaderHash:
+        MD5: d03ce7f3d8a2783451f05b4403d9604d
+        SHA1: 0fdce12b0545eb789a7b5b4f0a5252e2c00ed751
+        SHA256: dc268a553b869447a30f54911700122d2852afeaaa6baa3f861a88805a6133b4
+    Sections:
+        .text:
+            Entropy: 6.056939913721446
+            Virtual Size: '0x71e'
+        .rdata:
+            Entropy: 3.9101123432270892
+            Virtual Size: '0x184'
+        .data:
+            Entropy: 2.709147917027245
+            Virtual Size: '0x18'
+        INIT:
+            Entropy: 5.107139443195506
+            Virtual Size: '0x1fa'
+        .rsrc:
+            Entropy: 3.325570857263718
+            Virtual Size: '0x378'
+        .reloc:
+            Entropy: 3.985156363771524
+            Virtual Size: '0xb4'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2014-09-17 10:10:49'
+    InternalName: ngiodriver.sys
+    Copyright: Copyright (c) 2012 AVAST Software
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - RtlUnwind
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IofCompleteRequest
+    - RtlInitUnicodeString
+    - IoDeleteSymbolicLink
+    - KeTickCount
+    - IoDeleteDevice
+    - KeBugCheckEx
+    - WRITE_PORT_USHORT
+    - WRITE_PORT_UCHAR
+    - READ_PORT_ULONG
+    - READ_PORT_USHORT
+    - READ_PORT_UCHAR
+    - WRITE_PORT_ULONG
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-05-20 00:00:00'
+            ValidTo: '2015-06-03 00:00:00'
+            Signature: 104090b3719ff01e3b02dc3fbc4c15e70e3912c08640161aa065c8935bc307b0a488440f9094475e35c305b2fed89d1ed4f4b77ec607215e660fe535b2a41f042a4230e6274f276234c06694c2022f4779264a9d4a5c04b50448f32b79491a4714bc16e5c7b8675020bdacc4b4fdab21802c60a61bab7cef073c40ee69184dd627e23459e1294223b33d439d6e1e97c4dd82f8f2a114f88dfc667d64ec40370104de4c554e3fd322f846cf2e58c0cbb0a5bee0e51b8b485cb2119102ccb95cecfd1e7525fe7e2516ba2c12841fdbf10ef90453b2f84d9c06463371758686e3540fd7ebb3d558af2b5a87c4a0300d33c6a6f130bed5fb7f35bec6e28fd919ef94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 06640146e980e00e60a14d8f444a5958
+            Version: 3
+            TBS:
+                MD5: 1ce10b1105b364202a574393fd9e4280
+                SHA1: 073c25f235a4b3939e4bc5873e657292b3c505d0
+                SHA256: 3ab244526b2e0d4a28ed2948871de3ff07edeea8132c26512de0aabcdc3a7c93
+                SHA384: 50d55882cb1aa3a572baa998c671c40f0392128aa5cab9bc753776db07e0ad86fb050acc523a0a0dc642243d8e259d1d
+        -   Subject: C=CZ, L=Praha 4, O=AVAST Software a.s., CN=AVAST Software a.s.
+            ValidFrom: '2013-07-12 00:00:00'
+            ValidTo: '2016-09-14 12:00:00'
+            Signature: 28dd038a8b1824ec13bb52ab16db006635fa9e07b6a3949d67a660fb46e38bcbef83aeeab5bbc0a0e92ef7f64a04c9647d000c66c4a3fbced041e347bfccb1dcac87a0ee04423b5419f1023142565d7f4f168f3e545b0c8d549bf702fd40cc5e22bf2728876072963a3c79cd7c0125473339b923a053ad14d6d56fb6693a1598995c47ab681f32f36f0ce8a49b0b93f61dbe5d0aaa1dab8f9ee928794e43ed0defe3d1b5834345ece88408deae457f7a990c5ed000f53ed5d70815aa08e3e2b6b72d5c48a30339fd204e1c8619e120ce5d21cba14ec2f299cedb4f02075489b1ed3d6a6bf266d1db1fdfb2d36f480dd5b05211185adf06e6745115e8c0b58600
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ef5eca7bd31cfc3a7f8e6259b423359
+            Version: 3
+            TBS:
+                MD5: a174efe24e7df3e8690e8c4ce8411cc6
+                SHA1: 191c63936fab86e7d3d618c583c63e82c7ca4749
+                SHA256: c83b811214d81590d30916b415a8ba7df9f25a467fb9431c46a6cf70b8459189
+                SHA384: 6f24c9264b1b1c240ed172101c32d11ca71c0a133c1484d403337475fc1bc68e9ab3656b14046cb5c4ff1a1dfeda301f
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
+            Version: 3
+            TBS:
+                MD5: 829995f702421dea833a24fb2c7f4442
+                SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
+                SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
+                SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 0ef5eca7bd31cfc3a7f8e6259b423359
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: AVAST Software
+    Date: ''
+    Description: avast! NG setup helper driver
+    FileVersion: 10.0.0.37
+    Filename: ''
+    MD5: c9b046a6961957cc6c93a5192d3e61e3
+    MachineType: I386
+    OriginalFilename: ngiodriver.sys
+    Product: Avast NG
+    ProductVersion: 10.0.0.37
+    Publisher: ''
+    SHA1: 55cffb0ef56e52686b0c407b94bbea3701d6eccd
+    SHA256: 1a450ae0c9258ab0ae64f126f876b5feed63498db729ec61d06ed280e6c46f67
+    Signature: ''
+    Imphash: 77d6a7153b3015318622b793227fb394
+    Authentihash:
+        MD5: c789170cbd24ffed5bd8eb6b6cf17c0d
+        SHA1: 1510703a1e99a2c0d52ee37c196da09563d08bab
+        SHA256: 8e1f3b15e4e5003a563bf8742558f5dc48fd0fe20238efe759001bf226f234ff
+    RichPEHeaderHash:
+        MD5: d03ce7f3d8a2783451f05b4403d9604d
+        SHA1: 0fdce12b0545eb789a7b5b4f0a5252e2c00ed751
+        SHA256: dc268a553b869447a30f54911700122d2852afeaaa6baa3f861a88805a6133b4
+    Sections:
+        .text:
+            Entropy: 6.056939913721446
+            Virtual Size: '0x71e'
+        .rdata:
+            Entropy: 3.905215089284073
+            Virtual Size: '0x184'
+        .data:
+            Entropy: 2.709147917027245
+            Virtual Size: '0x18'
+        INIT:
+            Entropy: 5.107139443195506
+            Virtual Size: '0x1fa'
+        .rsrc:
+            Entropy: 3.2958748933867295
+            Virtual Size: '0x370'
+        .reloc:
+            Entropy: 3.985156363771524
+            Virtual Size: '0xb4'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2014-10-13 03:23:33'
+    InternalName: ngiodriver.sys
+    Copyright: Copyright (c) 2014 AVAST Software
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - RtlUnwind
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IofCompleteRequest
+    - RtlInitUnicodeString
+    - IoDeleteSymbolicLink
+    - KeTickCount
+    - IoDeleteDevice
+    - KeBugCheckEx
+    - WRITE_PORT_USHORT
+    - WRITE_PORT_UCHAR
+    - READ_PORT_ULONG
+    - READ_PORT_USHORT
+    - READ_PORT_UCHAR
+    - WRITE_PORT_ULONG
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-05-20 00:00:00'
+            ValidTo: '2015-06-03 00:00:00'
+            Signature: 104090b3719ff01e3b02dc3fbc4c15e70e3912c08640161aa065c8935bc307b0a488440f9094475e35c305b2fed89d1ed4f4b77ec607215e660fe535b2a41f042a4230e6274f276234c06694c2022f4779264a9d4a5c04b50448f32b79491a4714bc16e5c7b8675020bdacc4b4fdab21802c60a61bab7cef073c40ee69184dd627e23459e1294223b33d439d6e1e97c4dd82f8f2a114f88dfc667d64ec40370104de4c554e3fd322f846cf2e58c0cbb0a5bee0e51b8b485cb2119102ccb95cecfd1e7525fe7e2516ba2c12841fdbf10ef90453b2f84d9c06463371758686e3540fd7ebb3d558af2b5a87c4a0300d33c6a6f130bed5fb7f35bec6e28fd919ef94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 06640146e980e00e60a14d8f444a5958
+            Version: 3
+            TBS:
+                MD5: 1ce10b1105b364202a574393fd9e4280
+                SHA1: 073c25f235a4b3939e4bc5873e657292b3c505d0
+                SHA256: 3ab244526b2e0d4a28ed2948871de3ff07edeea8132c26512de0aabcdc3a7c93
+                SHA384: 50d55882cb1aa3a572baa998c671c40f0392128aa5cab9bc753776db07e0ad86fb050acc523a0a0dc642243d8e259d1d
+        -   Subject: C=CZ, L=Praha 4, O=AVAST Software a.s., CN=AVAST Software a.s.
+            ValidFrom: '2013-07-12 00:00:00'
+            ValidTo: '2016-09-14 12:00:00'
+            Signature: 28dd038a8b1824ec13bb52ab16db006635fa9e07b6a3949d67a660fb46e38bcbef83aeeab5bbc0a0e92ef7f64a04c9647d000c66c4a3fbced041e347bfccb1dcac87a0ee04423b5419f1023142565d7f4f168f3e545b0c8d549bf702fd40cc5e22bf2728876072963a3c79cd7c0125473339b923a053ad14d6d56fb6693a1598995c47ab681f32f36f0ce8a49b0b93f61dbe5d0aaa1dab8f9ee928794e43ed0defe3d1b5834345ece88408deae457f7a990c5ed000f53ed5d70815aa08e3e2b6b72d5c48a30339fd204e1c8619e120ce5d21cba14ec2f299cedb4f02075489b1ed3d6a6bf266d1db1fdfb2d36f480dd5b05211185adf06e6745115e8c0b58600
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ef5eca7bd31cfc3a7f8e6259b423359
+            Version: 3
+            TBS:
+                MD5: a174efe24e7df3e8690e8c4ce8411cc6
+                SHA1: 191c63936fab86e7d3d618c583c63e82c7ca4749
+                SHA256: c83b811214d81590d30916b415a8ba7df9f25a467fb9431c46a6cf70b8459189
+                SHA384: 6f24c9264b1b1c240ed172101c32d11ca71c0a133c1484d403337475fc1bc68e9ab3656b14046cb5c4ff1a1dfeda301f
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
+            Version: 3
+            TBS:
+                MD5: 829995f702421dea833a24fb2c7f4442
+                SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
+                SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
+                SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 0ef5eca7bd31cfc3a7f8e6259b423359
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: AVAST Software
+    Date: ''
+    Description: avast! NG setup helper driver
+    FileVersion: 10.0.0.52
+    Filename: ''
+    MD5: dff6c75c9754a6be61a47a273364cdf7
+    MachineType: I386
+    OriginalFilename: ngiodriver.sys
+    Product: Avast NG
+    ProductVersion: 10.0.0.52
+    Publisher: ''
+    SHA1: 74bf2ec32cb881424a79e99709071870148d242d
+    SHA256: 2ad8c38f6e0ca6c93abe3228c8a5d4299430ce0a2eeb80c914326c75ba8a33f9
+    Signature: ''
+    Imphash: 77d6a7153b3015318622b793227fb394
+    Authentihash:
+        MD5: 0acfad4dc34bee8aa8643d1bb8eb4706
+        SHA1: 21769bde84bbbaa6a58d08ab269a983d4b6bd8d3
+        SHA256: a01529ce82033d94802a3e0cc6a361d51200588068f5bd4f0a08ea05e061240f
+    RichPEHeaderHash:
+        MD5: d03ce7f3d8a2783451f05b4403d9604d
+        SHA1: 0fdce12b0545eb789a7b5b4f0a5252e2c00ed751
+        SHA256: dc268a553b869447a30f54911700122d2852afeaaa6baa3f861a88805a6133b4
+    Sections:
+        .text:
+            Entropy: 6.056939913721446
+            Virtual Size: '0x71e'
+        .rdata:
+            Entropy: 3.9245701795014107
+            Virtual Size: '0x184'
+        .data:
+            Entropy: 2.709147917027245
+            Virtual Size: '0x18'
+        INIT:
+            Entropy: 5.107139443195506
+            Virtual Size: '0x1fa'
+        .rsrc:
+            Entropy: 3.2844637070458584
+            Virtual Size: '0x370'
+        .reloc:
+            Entropy: 3.985156363771524
+            Virtual Size: '0xb4'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2014-10-21 04:07:45'
+    InternalName: ngiodriver.sys
+    Copyright: Copyright (c) 2014 AVAST Software
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - RtlUnwind
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IofCompleteRequest
+    - RtlInitUnicodeString
+    - IoDeleteSymbolicLink
+    - KeTickCount
+    - IoDeleteDevice
+    - KeBugCheckEx
+    - WRITE_PORT_USHORT
+    - WRITE_PORT_UCHAR
+    - READ_PORT_ULONG
+    - READ_PORT_USHORT
+    - READ_PORT_UCHAR
+    - WRITE_PORT_ULONG
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-05-20 00:00:00'
+            ValidTo: '2015-06-03 00:00:00'
+            Signature: 104090b3719ff01e3b02dc3fbc4c15e70e3912c08640161aa065c8935bc307b0a488440f9094475e35c305b2fed89d1ed4f4b77ec607215e660fe535b2a41f042a4230e6274f276234c06694c2022f4779264a9d4a5c04b50448f32b79491a4714bc16e5c7b8675020bdacc4b4fdab21802c60a61bab7cef073c40ee69184dd627e23459e1294223b33d439d6e1e97c4dd82f8f2a114f88dfc667d64ec40370104de4c554e3fd322f846cf2e58c0cbb0a5bee0e51b8b485cb2119102ccb95cecfd1e7525fe7e2516ba2c12841fdbf10ef90453b2f84d9c06463371758686e3540fd7ebb3d558af2b5a87c4a0300d33c6a6f130bed5fb7f35bec6e28fd919ef94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 06640146e980e00e60a14d8f444a5958
+            Version: 3
+            TBS:
+                MD5: 1ce10b1105b364202a574393fd9e4280
+                SHA1: 073c25f235a4b3939e4bc5873e657292b3c505d0
+                SHA256: 3ab244526b2e0d4a28ed2948871de3ff07edeea8132c26512de0aabcdc3a7c93
+                SHA384: 50d55882cb1aa3a572baa998c671c40f0392128aa5cab9bc753776db07e0ad86fb050acc523a0a0dc642243d8e259d1d
+        -   Subject: C=CZ, L=Praha 4, O=AVAST Software a.s., CN=AVAST Software a.s.
+            ValidFrom: '2013-07-12 00:00:00'
+            ValidTo: '2016-09-14 12:00:00'
+            Signature: 28dd038a8b1824ec13bb52ab16db006635fa9e07b6a3949d67a660fb46e38bcbef83aeeab5bbc0a0e92ef7f64a04c9647d000c66c4a3fbced041e347bfccb1dcac87a0ee04423b5419f1023142565d7f4f168f3e545b0c8d549bf702fd40cc5e22bf2728876072963a3c79cd7c0125473339b923a053ad14d6d56fb6693a1598995c47ab681f32f36f0ce8a49b0b93f61dbe5d0aaa1dab8f9ee928794e43ed0defe3d1b5834345ece88408deae457f7a990c5ed000f53ed5d70815aa08e3e2b6b72d5c48a30339fd204e1c8619e120ce5d21cba14ec2f299cedb4f02075489b1ed3d6a6bf266d1db1fdfb2d36f480dd5b05211185adf06e6745115e8c0b58600
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ef5eca7bd31cfc3a7f8e6259b423359
+            Version: 3
+            TBS:
+                MD5: a174efe24e7df3e8690e8c4ce8411cc6
+                SHA1: 191c63936fab86e7d3d618c583c63e82c7ca4749
+                SHA256: c83b811214d81590d30916b415a8ba7df9f25a467fb9431c46a6cf70b8459189
+                SHA384: 6f24c9264b1b1c240ed172101c32d11ca71c0a133c1484d403337475fc1bc68e9ab3656b14046cb5c4ff1a1dfeda301f
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
+            Version: 3
+            TBS:
+                MD5: 829995f702421dea833a24fb2c7f4442
+                SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
+                SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
+                SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 0ef5eca7bd31cfc3a7f8e6259b423359
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: AVAST Software
+    Date: ''
+    Description: avast! NG setup helper driver
+    FileVersion: 10.0.0.320
+    Filename: ''
+    MD5: 9b5533c4af38759d167d5399e83b475f
+    MachineType: AMD64
+    OriginalFilename: ngiodriver.sys
+    Product: Avast NG
+    ProductVersion: 10.0.0.320
+    Publisher: ''
+    SHA1: 446130c61555e5c9224197963d32e108cd899ea0
+    SHA256: 42b31b850894bf917372ff50fbe1aff3990331e8bd03840d75e29dcc1026c180
+    Signature: ''
+    Imphash: 4946030efb34ab167180563899d5eb27
+    Authentihash:
+        MD5: 8cd81f87d7e8fc85cc973760e0e809e3
+        SHA1: 61a13395f07b8ecd7edabb39752f649126bb6942
+        SHA256: 0afba623a3ae2726112c6458c212bb48b210566851b7604ed3fbb880ffd3859f
+    RichPEHeaderHash:
+        MD5: 3d3e3c06f22b077f34b7f8e8196b2790
+        SHA1: 628a053ed6e2a87a4807eaf0cd7ed14e5cd8f058
+        SHA256: 860ee8d0e7d1e4d6a65146446cc9d4be77516c78acce16561d873738dcebff08
+    Sections:
+        .text:
+            Entropy: 6.198311756810645
+            Virtual Size: '0xb3e'
+        chipsec_:
+            Entropy: 4.840890178551545
+            Virtual Size: '0x12a'
+        .rdata:
+            Entropy: 4.428801397559138
+            Virtual Size: '0x1c4'
+        .data:
+            Entropy: 0.4804878386624626
+            Virtual Size: '0x128'
+        .pdata:
+            Entropy: 3.439172789195522
+            Virtual Size: '0x90'
+        INIT:
+            Entropy: 4.862221827985665
+            Virtual Size: '0x1de'
+        .rsrc:
+            Entropy: 3.2989978879129764
+            Virtual Size: '0x378'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2015-09-16 09:19:19'
+    InternalName: ngiodriver.sys
+    Copyright: Copyright (c) 2014 AVAST Software
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - ExFreePoolWithTag
+    - KeBugCheckEx
+    - __C_specific_handler
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=CZ, L=Praha 4, O=AVAST Software a.s., CN=AVAST Software a.s.
+            ValidFrom: '2013-07-12 00:00:00'
+            ValidTo: '2016-09-14 12:00:00'
+            Signature: 28dd038a8b1824ec13bb52ab16db006635fa9e07b6a3949d67a660fb46e38bcbef83aeeab5bbc0a0e92ef7f64a04c9647d000c66c4a3fbced041e347bfccb1dcac87a0ee04423b5419f1023142565d7f4f168f3e545b0c8d549bf702fd40cc5e22bf2728876072963a3c79cd7c0125473339b923a053ad14d6d56fb6693a1598995c47ab681f32f36f0ce8a49b0b93f61dbe5d0aaa1dab8f9ee928794e43ed0defe3d1b5834345ece88408deae457f7a990c5ed000f53ed5d70815aa08e3e2b6b72d5c48a30339fd204e1c8619e120ce5d21cba14ec2f299cedb4f02075489b1ed3d6a6bf266d1db1fdfb2d36f480dd5b05211185adf06e6745115e8c0b58600
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ef5eca7bd31cfc3a7f8e6259b423359
+            Version: 3
+            TBS:
+                MD5: a174efe24e7df3e8690e8c4ce8411cc6
+                SHA1: 191c63936fab86e7d3d618c583c63e82c7ca4749
+                SHA256: c83b811214d81590d30916b415a8ba7df9f25a467fb9431c46a6cf70b8459189
+                SHA384: 6f24c9264b1b1c240ed172101c32d11ca71c0a133c1484d403337475fc1bc68e9ab3656b14046cb5c4ff1a1dfeda301f
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
+            Version: 3
+            TBS:
+                MD5: 829995f702421dea833a24fb2c7f4442
+                SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
+                SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
+                SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 0ef5eca7bd31cfc3a7f8e6259b423359
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: AVAST Software
+    Date: ''
+    Description: avast! NG setup helper driver
+    FileVersion: 10.0.0.33
+    Filename: ''
+    MD5: ef1afb3a5ddad6795721f824690b4a69
+    MachineType: AMD64
+    OriginalFilename: ngiodriver.sys
+    Product: Avast NG
+    ProductVersion: 10.0.0.33
+    Publisher: ''
+    SHA1: 1a8b737dff81aa9e338b1fce0dc96ee7ee467bd5
+    SHA256: 5e3bc2d7bc56971457d642458563435c7e5c9c3c7c079ef5abeb6a61fb4d52ea
+    Signature: ''
+    Imphash: 54e54063abbf1edaa9cf9ed8a18916d6
+    Authentihash:
+        MD5: d0bb0781a6e2a7e3bad16ea1575cf109
+        SHA1: 61dad2a81e7d2dc7f4df7497a2e36879df4db47d
+        SHA256: 458efd66c94cd83cbd190d72c329b6c0cec3387802db8ca3cd530a84f80ce2b8
+    RichPEHeaderHash:
+        MD5: 978894e6fdeb83ae522a0e9a0b62a758
+        SHA1: 6feb616c5946bcb01cc190e0a41cd82a6ed227c9
+        SHA256: 74b9f053c667fdfb1b1bfdec577609a0678120a076af174b0274bbc7e0759f67
+    Sections:
+        .text:
+            Entropy: 5.672024429269039
+            Virtual Size: '0x3ce'
+        .rdata:
+            Entropy: 4.312204457145491
+            Virtual Size: '0x150'
+        .data:
+            Entropy: 0.5159719988134768
+            Virtual Size: '0x110'
+        .pdata:
+            Entropy: 3.091743235994535
+            Virtual Size: '0x54'
+        INIT:
+            Entropy: 4.839367877915433
+            Virtual Size: '0x190'
+        .rsrc:
+            Entropy: 3.2890567115685476
+            Virtual Size: '0x370'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2014-10-09 11:09:52'
+    InternalName: ngiodriver.sys
+    Copyright: Copyright (c) 2014 AVAST Software
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeBugCheckEx
+    - __C_specific_handler
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-05-20 00:00:00'
+            ValidTo: '2015-06-03 00:00:00'
+            Signature: 104090b3719ff01e3b02dc3fbc4c15e70e3912c08640161aa065c8935bc307b0a488440f9094475e35c305b2fed89d1ed4f4b77ec607215e660fe535b2a41f042a4230e6274f276234c06694c2022f4779264a9d4a5c04b50448f32b79491a4714bc16e5c7b8675020bdacc4b4fdab21802c60a61bab7cef073c40ee69184dd627e23459e1294223b33d439d6e1e97c4dd82f8f2a114f88dfc667d64ec40370104de4c554e3fd322f846cf2e58c0cbb0a5bee0e51b8b485cb2119102ccb95cecfd1e7525fe7e2516ba2c12841fdbf10ef90453b2f84d9c06463371758686e3540fd7ebb3d558af2b5a87c4a0300d33c6a6f130bed5fb7f35bec6e28fd919ef94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 06640146e980e00e60a14d8f444a5958
+            Version: 3
+            TBS:
+                MD5: 1ce10b1105b364202a574393fd9e4280
+                SHA1: 073c25f235a4b3939e4bc5873e657292b3c505d0
+                SHA256: 3ab244526b2e0d4a28ed2948871de3ff07edeea8132c26512de0aabcdc3a7c93
+                SHA384: 50d55882cb1aa3a572baa998c671c40f0392128aa5cab9bc753776db07e0ad86fb050acc523a0a0dc642243d8e259d1d
+        -   Subject: C=CZ, L=Praha 4, O=AVAST Software a.s., CN=AVAST Software a.s.
+            ValidFrom: '2013-07-12 00:00:00'
+            ValidTo: '2016-09-14 12:00:00'
+            Signature: 28dd038a8b1824ec13bb52ab16db006635fa9e07b6a3949d67a660fb46e38bcbef83aeeab5bbc0a0e92ef7f64a04c9647d000c66c4a3fbced041e347bfccb1dcac87a0ee04423b5419f1023142565d7f4f168f3e545b0c8d549bf702fd40cc5e22bf2728876072963a3c79cd7c0125473339b923a053ad14d6d56fb6693a1598995c47ab681f32f36f0ce8a49b0b93f61dbe5d0aaa1dab8f9ee928794e43ed0defe3d1b5834345ece88408deae457f7a990c5ed000f53ed5d70815aa08e3e2b6b72d5c48a30339fd204e1c8619e120ce5d21cba14ec2f299cedb4f02075489b1ed3d6a6bf266d1db1fdfb2d36f480dd5b05211185adf06e6745115e8c0b58600
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ef5eca7bd31cfc3a7f8e6259b423359
+            Version: 3
+            TBS:
+                MD5: a174efe24e7df3e8690e8c4ce8411cc6
+                SHA1: 191c63936fab86e7d3d618c583c63e82c7ca4749
+                SHA256: c83b811214d81590d30916b415a8ba7df9f25a467fb9431c46a6cf70b8459189
+                SHA384: 6f24c9264b1b1c240ed172101c32d11ca71c0a133c1484d403337475fc1bc68e9ab3656b14046cb5c4ff1a1dfeda301f
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
+            Version: 3
+            TBS:
+                MD5: 829995f702421dea833a24fb2c7f4442
+                SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
+                SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
+                SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 0ef5eca7bd31cfc3a7f8e6259b423359
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: AVAST Software
+    Date: ''
+    Description: avast! NG setup helper driver
+    FileVersion: 11.0.0.362
+    Filename: ''
+    MD5: 0199a59af05d9986842ecbdee3884f0c
+    MachineType: I386
+    OriginalFilename: ngiodriver.sys
+    Product: Avast NG
+    ProductVersion: 11.0.0.362
+    Publisher: ''
+    SHA1: dbe26c67a4cabba16d339a1b256ca008effcf6c8
+    SHA256: 5fae7e491b0d919f0b551e15e0942ac7772f2889722684aea32cff369e975879
+    Signature: ''
+    Imphash: 5a50a9a44f5d36af5df1bde995d22e42
+    Authentihash:
+        MD5: fe41e3b2fedc16b11bbb2b9160f4fd21
+        SHA1: b6647c0c30b3e2727baf21d7f3c6bd928d6ec517
+        SHA256: b508921632475b1aadf6194b2f3feea72959b60675dcb44bbc3f8e363f8485ea
+    RichPEHeaderHash:
+        MD5: a5a0fc36d8a5c0082e09b75e3ec4dce3
+        SHA1: 807d4c627badd43df483d25ee76859fa0b9e26d0
+        SHA256: 547155fab99e250db4bf1ad48ce77caa5e5a347e1028706e3846b21c0d5e0072
+    Sections:
+        .text:
+            Entropy: 6.189655500565374
+            Virtual Size: '0xbaa'
+        .rdata:
+            Entropy: 3.9824191987808986
+            Virtual Size: '0x1a4'
+        .data:
+            Entropy: 2.0577277787393187
+            Virtual Size: '0x24'
+        .crtdata:
+            Entropy: -0.0
+            Virtual Size: '0x8'
+        INIT:
+            Entropy: 5.286355706336742
+            Virtual Size: '0x318'
+        .rsrc:
+            Entropy: 3.3064480646422245
+            Virtual Size: '0x378'
+        .reloc:
+            Entropy: 4.103562901241629
+            Virtual Size: '0x118'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2015-11-30 06:07:29'
+    InternalName: ngiodriver.sys
+    Copyright: Copyright (c) 2014 AVAST Software
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - MmMapIoSpace
+    - memcpy
+    - WRITE_REGISTER_BUFFER_UCHAR
+    - WRITE_REGISTER_BUFFER_USHORT
+    - WRITE_REGISTER_BUFFER_ULONG
+    - IofCompleteRequest
+    - READ_REGISTER_BUFFER_ULONG
+    - IoCreateDevice
+    - ExFreePoolWithTag
+    - KeTickCount
+    - RtlUnwind
+    - READ_REGISTER_BUFFER_USHORT
+    - READ_REGISTER_BUFFER_UCHAR
+    - MmUnmapIoSpace
+    - RtlInitUnicodeString
+    - IoDeleteSymbolicLink
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - KeBugCheckEx
+    - WRITE_PORT_USHORT
+    - WRITE_PORT_UCHAR
+    - READ_PORT_ULONG
+    - READ_PORT_USHORT
+    - READ_PORT_UCHAR
+    - WRITE_PORT_ULONG
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=CZ, L=Praha 4, O=AVAST Software a.s., CN=AVAST Software a.s.
+            ValidFrom: '2013-07-12 00:00:00'
+            ValidTo: '2016-09-14 12:00:00'
+            Signature: 28dd038a8b1824ec13bb52ab16db006635fa9e07b6a3949d67a660fb46e38bcbef83aeeab5bbc0a0e92ef7f64a04c9647d000c66c4a3fbced041e347bfccb1dcac87a0ee04423b5419f1023142565d7f4f168f3e545b0c8d549bf702fd40cc5e22bf2728876072963a3c79cd7c0125473339b923a053ad14d6d56fb6693a1598995c47ab681f32f36f0ce8a49b0b93f61dbe5d0aaa1dab8f9ee928794e43ed0defe3d1b5834345ece88408deae457f7a990c5ed000f53ed5d70815aa08e3e2b6b72d5c48a30339fd204e1c8619e120ce5d21cba14ec2f299cedb4f02075489b1ed3d6a6bf266d1db1fdfb2d36f480dd5b05211185adf06e6745115e8c0b58600
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ef5eca7bd31cfc3a7f8e6259b423359
+            Version: 3
+            TBS:
+                MD5: a174efe24e7df3e8690e8c4ce8411cc6
+                SHA1: 191c63936fab86e7d3d618c583c63e82c7ca4749
+                SHA256: c83b811214d81590d30916b415a8ba7df9f25a467fb9431c46a6cf70b8459189
+                SHA384: 6f24c9264b1b1c240ed172101c32d11ca71c0a133c1484d403337475fc1bc68e9ab3656b14046cb5c4ff1a1dfeda301f
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
+            Version: 3
+            TBS:
+                MD5: 829995f702421dea833a24fb2c7f4442
+                SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
+                SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
+                SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 0ef5eca7bd31cfc3a7f8e6259b423359
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: AVAST Software
+    Date: ''
+    Description: avast! NG setup helper driver
+    FileVersion: 10.0.0.207
+    Filename: ''
+    MD5: b9cf3294c13cdea624ab95ca3e2e483f
+    MachineType: AMD64
+    OriginalFilename: ngiodriver.sys
+    Product: Avast NG
+    ProductVersion: 10.0.0.207
+    Publisher: ''
+    SHA1: c127c4d0917f54cee13a61c6c0029c95ae0746cf
+    SHA256: 733789d0a253e8d80cc3240e365b8d4274e510e36007f6e4b5fd13b07b084c3e
+    Signature: ''
+    Imphash: 4946030efb34ab167180563899d5eb27
+    Authentihash:
+        MD5: 2210ca089694abf5a488069b328d09a5
+        SHA1: bc66119471ea7f5335cb2a267ab5d372b74da418
+        SHA256: c23ac21bfcf3bd7f76d4f3b91844ab35427a1a2d3bbaf93f7916edf7569e4b22
+    RichPEHeaderHash:
+        MD5: 3d3e3c06f22b077f34b7f8e8196b2790
+        SHA1: 628a053ed6e2a87a4807eaf0cd7ed14e5cd8f058
+        SHA256: 860ee8d0e7d1e4d6a65146446cc9d4be77516c78acce16561d873738dcebff08
+    Sections:
+        .text:
+            Entropy: 6.198311756810645
+            Virtual Size: '0xb3e'
+        chipsec_:
+            Entropy: 4.840890178551545
+            Virtual Size: '0x12a'
+        .rdata:
+            Entropy: 4.407448555845858
+            Virtual Size: '0x1c4'
+        .data:
+            Entropy: 0.4804878386624626
+            Virtual Size: '0x128'
+        .pdata:
+            Entropy: 3.439172789195522
+            Virtual Size: '0x90'
+        INIT:
+            Entropy: 4.862221827985665
+            Virtual Size: '0x1de'
+        .rsrc:
+            Entropy: 3.287881363246984
+            Virtual Size: '0x378'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2015-04-17 06:27:33'
+    InternalName: ngiodriver.sys
+    Copyright: Copyright (c) 2014 AVAST Software
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - ExFreePoolWithTag
+    - KeBugCheckEx
+    - __C_specific_handler
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=CZ, L=Praha 4, O=AVAST Software a.s., CN=AVAST Software a.s.
+            ValidFrom: '2013-07-12 00:00:00'
+            ValidTo: '2016-09-14 12:00:00'
+            Signature: 28dd038a8b1824ec13bb52ab16db006635fa9e07b6a3949d67a660fb46e38bcbef83aeeab5bbc0a0e92ef7f64a04c9647d000c66c4a3fbced041e347bfccb1dcac87a0ee04423b5419f1023142565d7f4f168f3e545b0c8d549bf702fd40cc5e22bf2728876072963a3c79cd7c0125473339b923a053ad14d6d56fb6693a1598995c47ab681f32f36f0ce8a49b0b93f61dbe5d0aaa1dab8f9ee928794e43ed0defe3d1b5834345ece88408deae457f7a990c5ed000f53ed5d70815aa08e3e2b6b72d5c48a30339fd204e1c8619e120ce5d21cba14ec2f299cedb4f02075489b1ed3d6a6bf266d1db1fdfb2d36f480dd5b05211185adf06e6745115e8c0b58600
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ef5eca7bd31cfc3a7f8e6259b423359
+            Version: 3
+            TBS:
+                MD5: a174efe24e7df3e8690e8c4ce8411cc6
+                SHA1: 191c63936fab86e7d3d618c583c63e82c7ca4749
+                SHA256: c83b811214d81590d30916b415a8ba7df9f25a467fb9431c46a6cf70b8459189
+                SHA384: 6f24c9264b1b1c240ed172101c32d11ca71c0a133c1484d403337475fc1bc68e9ab3656b14046cb5c4ff1a1dfeda301f
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
+            Version: 3
+            TBS:
+                MD5: 829995f702421dea833a24fb2c7f4442
+                SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
+                SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
+                SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 0ef5eca7bd31cfc3a7f8e6259b423359
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: AVAST Software
+    Date: ''
+    Description: avast! NG setup helper driver
+    FileVersion: 10.0.0.69
+    Filename: ''
+    MD5: ac591a3b4df82a589edbb236263ec70a
+    MachineType: AMD64
+    OriginalFilename: ngiodriver.sys
+    Product: Avast NG
+    ProductVersion: 10.0.0.69
+    Publisher: ''
+    SHA1: cef5a329f7a36c76a546d9528e57245127f37246
+    SHA256: 85fdd255c5d7add25fd7cd502221387a5e11f02144753890218dd31a8333a1a3
+    Signature: ''
+    Imphash: 54e54063abbf1edaa9cf9ed8a18916d6
+    Authentihash:
+        MD5: e278ffc1e930a5172a0176efd8935663
+        SHA1: 4ecd1d1613858f8da007852df88979ec7183198a
+        SHA256: 22901319d041f2650d1ade9a8f66f7e6993800d1c20e6014b7da6642d0e8d90e
+    RichPEHeaderHash:
+        MD5: 978894e6fdeb83ae522a0e9a0b62a758
+        SHA1: 6feb616c5946bcb01cc190e0a41cd82a6ed227c9
+        SHA256: 74b9f053c667fdfb1b1bfdec577609a0678120a076af174b0274bbc7e0759f67
+    Sections:
+        .text:
+            Entropy: 5.672024429269039
+            Virtual Size: '0x3ce'
+        .rdata:
+            Entropy: 4.330780572979379
+            Virtual Size: '0x150'
+        .data:
+            Entropy: 0.5159719988134768
+            Virtual Size: '0x110'
+        .pdata:
+            Entropy: 3.091743235994535
+            Virtual Size: '0x54'
+        INIT:
+            Entropy: 4.839367877915433
+            Virtual Size: '0x190'
+        .rsrc:
+            Entropy: 3.290471612134271
+            Virtual Size: '0x370'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2014-11-06 05:23:17'
+    InternalName: ngiodriver.sys
+    Copyright: Copyright (c) 2014 AVAST Software
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeBugCheckEx
+    - __C_specific_handler
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=CZ, L=Praha 4, O=AVAST Software a.s., CN=AVAST Software a.s.
+            ValidFrom: '2013-07-12 00:00:00'
+            ValidTo: '2016-09-14 12:00:00'
+            Signature: 28dd038a8b1824ec13bb52ab16db006635fa9e07b6a3949d67a660fb46e38bcbef83aeeab5bbc0a0e92ef7f64a04c9647d000c66c4a3fbced041e347bfccb1dcac87a0ee04423b5419f1023142565d7f4f168f3e545b0c8d549bf702fd40cc5e22bf2728876072963a3c79cd7c0125473339b923a053ad14d6d56fb6693a1598995c47ab681f32f36f0ce8a49b0b93f61dbe5d0aaa1dab8f9ee928794e43ed0defe3d1b5834345ece88408deae457f7a990c5ed000f53ed5d70815aa08e3e2b6b72d5c48a30339fd204e1c8619e120ce5d21cba14ec2f299cedb4f02075489b1ed3d6a6bf266d1db1fdfb2d36f480dd5b05211185adf06e6745115e8c0b58600
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ef5eca7bd31cfc3a7f8e6259b423359
+            Version: 3
+            TBS:
+                MD5: a174efe24e7df3e8690e8c4ce8411cc6
+                SHA1: 191c63936fab86e7d3d618c583c63e82c7ca4749
+                SHA256: c83b811214d81590d30916b415a8ba7df9f25a467fb9431c46a6cf70b8459189
+                SHA384: 6f24c9264b1b1c240ed172101c32d11ca71c0a133c1484d403337475fc1bc68e9ab3656b14046cb5c4ff1a1dfeda301f
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
+            Version: 3
+            TBS:
+                MD5: 829995f702421dea833a24fb2c7f4442
+                SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
+                SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
+                SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 0ef5eca7bd31cfc3a7f8e6259b423359
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: AVAST Software
+    Date: ''
+    Description: avast! NG setup helper driver
+    FileVersion: 10.0.0.320
+    Filename: ''
+    MD5: 8fcf90cb5f9cb7205c075c662720f762
+    MachineType: I386
+    OriginalFilename: ngiodriver.sys
+    Product: Avast NG
+    ProductVersion: 10.0.0.320
+    Publisher: ''
+    SHA1: b91c34bb846fd5b2f13f627b7da16c78e3ee7b0f
+    SHA256: c0c52425dd90f36d110952c665e5b644bb1092f952942c07bb4da998c9ce6e5b
+    Signature: ''
+    Imphash: 5a50a9a44f5d36af5df1bde995d22e42
+    Authentihash:
+        MD5: 515da95540a55208f24ca8bbfca6f81a
+        SHA1: 89452c4ecea9cd1119f1fd3d2ee2dd073d2df45d
+        SHA256: 1748436f8e9c251b2c0d1a33499a1aa1a06ae961e1c9911e8c172fe297ab1feb
+    RichPEHeaderHash:
+        MD5: a5a0fc36d8a5c0082e09b75e3ec4dce3
+        SHA1: 807d4c627badd43df483d25ee76859fa0b9e26d0
+        SHA256: 547155fab99e250db4bf1ad48ce77caa5e5a347e1028706e3846b21c0d5e0072
+    Sections:
+        .text:
+            Entropy: 6.189655500565374
+            Virtual Size: '0xbaa'
+        .rdata:
+            Entropy: 4.019233282303429
+            Virtual Size: '0x1a4'
+        .data:
+            Entropy: 2.0577277787393187
+            Virtual Size: '0x24'
+        .crtdata:
+            Entropy: -0.0
+            Virtual Size: '0x8'
+        INIT:
+            Entropy: 5.286355706336742
+            Virtual Size: '0x318'
+        .rsrc:
+            Entropy: 3.3014097228792787
+            Virtual Size: '0x378'
+        .reloc:
+            Entropy: 4.103562901241629
+            Virtual Size: '0x118'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2015-09-16 09:19:17'
+    InternalName: ngiodriver.sys
+    Copyright: Copyright (c) 2014 AVAST Software
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - MmMapIoSpace
+    - memcpy
+    - WRITE_REGISTER_BUFFER_UCHAR
+    - WRITE_REGISTER_BUFFER_USHORT
+    - WRITE_REGISTER_BUFFER_ULONG
+    - IofCompleteRequest
+    - READ_REGISTER_BUFFER_ULONG
+    - IoCreateDevice
+    - ExFreePoolWithTag
+    - KeTickCount
+    - RtlUnwind
+    - READ_REGISTER_BUFFER_USHORT
+    - READ_REGISTER_BUFFER_UCHAR
+    - MmUnmapIoSpace
+    - RtlInitUnicodeString
+    - IoDeleteSymbolicLink
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - KeBugCheckEx
+    - WRITE_PORT_USHORT
+    - WRITE_PORT_UCHAR
+    - READ_PORT_ULONG
+    - READ_PORT_USHORT
+    - READ_PORT_UCHAR
+    - WRITE_PORT_ULONG
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=CZ, L=Praha 4, O=AVAST Software a.s., CN=AVAST Software a.s.
+            ValidFrom: '2013-07-12 00:00:00'
+            ValidTo: '2016-09-14 12:00:00'
+            Signature: 28dd038a8b1824ec13bb52ab16db006635fa9e07b6a3949d67a660fb46e38bcbef83aeeab5bbc0a0e92ef7f64a04c9647d000c66c4a3fbced041e347bfccb1dcac87a0ee04423b5419f1023142565d7f4f168f3e545b0c8d549bf702fd40cc5e22bf2728876072963a3c79cd7c0125473339b923a053ad14d6d56fb6693a1598995c47ab681f32f36f0ce8a49b0b93f61dbe5d0aaa1dab8f9ee928794e43ed0defe3d1b5834345ece88408deae457f7a990c5ed000f53ed5d70815aa08e3e2b6b72d5c48a30339fd204e1c8619e120ce5d21cba14ec2f299cedb4f02075489b1ed3d6a6bf266d1db1fdfb2d36f480dd5b05211185adf06e6745115e8c0b58600
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ef5eca7bd31cfc3a7f8e6259b423359
+            Version: 3
+            TBS:
+                MD5: a174efe24e7df3e8690e8c4ce8411cc6
+                SHA1: 191c63936fab86e7d3d618c583c63e82c7ca4749
+                SHA256: c83b811214d81590d30916b415a8ba7df9f25a467fb9431c46a6cf70b8459189
+                SHA384: 6f24c9264b1b1c240ed172101c32d11ca71c0a133c1484d403337475fc1bc68e9ab3656b14046cb5c4ff1a1dfeda301f
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
+            Version: 3
+            TBS:
+                MD5: 829995f702421dea833a24fb2c7f4442
+                SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
+                SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
+                SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 0ef5eca7bd31cfc3a7f8e6259b423359
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: AVAST Software
+    Date: ''
+    Description: avast! NG setup helper driver
+    FileVersion: 10.0.0.52
+    Filename: ''
+    MD5: ef18d594c862d6d3704b777fa3445ac2
+    MachineType: AMD64
+    OriginalFilename: ngiodriver.sys
+    Product: Avast NG
+    ProductVersion: 10.0.0.52
+    Publisher: ''
+    SHA1: 8795df6494b724d9f279f007db33c24c27a91d08
+    SHA256: d0e4d3e1f5d5942aaf2c72631e9490eecc4d295ee78c323d8fe05092e5b788eb
+    Signature: ''
+    Imphash: 54e54063abbf1edaa9cf9ed8a18916d6
+    Authentihash:
+        MD5: 18051086d5898a69063f70148bd1c1d1
+        SHA1: 9c39cb449962d1facd910d68707c4cce8a1e95e0
+        SHA256: bb3b45506d203aafb4ef28586c0655cd2e9095e6238a8ccf76ab6eb6113b4476
+    RichPEHeaderHash:
+        MD5: 978894e6fdeb83ae522a0e9a0b62a758
+        SHA1: 6feb616c5946bcb01cc190e0a41cd82a6ed227c9
+        SHA256: 74b9f053c667fdfb1b1bfdec577609a0678120a076af174b0274bbc7e0759f67
+    Sections:
+        .text:
+            Entropy: 5.672024429269039
+            Virtual Size: '0x3ce'
+        .rdata:
+            Entropy: 4.280195863389052
+            Virtual Size: '0x150'
+        .data:
+            Entropy: 0.5159719988134768
+            Virtual Size: '0x110'
+        .pdata:
+            Entropy: 3.091743235994535
+            Virtual Size: '0x54'
+        INIT:
+            Entropy: 4.839367877915433
+            Virtual Size: '0x190'
+        .rsrc:
+            Entropy: 3.2853215337528625
+            Virtual Size: '0x370'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2014-10-21 04:07:46'
+    InternalName: ngiodriver.sys
+    Copyright: Copyright (c) 2014 AVAST Software
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeBugCheckEx
+    - __C_specific_handler
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-05-20 00:00:00'
+            ValidTo: '2015-06-03 00:00:00'
+            Signature: 104090b3719ff01e3b02dc3fbc4c15e70e3912c08640161aa065c8935bc307b0a488440f9094475e35c305b2fed89d1ed4f4b77ec607215e660fe535b2a41f042a4230e6274f276234c06694c2022f4779264a9d4a5c04b50448f32b79491a4714bc16e5c7b8675020bdacc4b4fdab21802c60a61bab7cef073c40ee69184dd627e23459e1294223b33d439d6e1e97c4dd82f8f2a114f88dfc667d64ec40370104de4c554e3fd322f846cf2e58c0cbb0a5bee0e51b8b485cb2119102ccb95cecfd1e7525fe7e2516ba2c12841fdbf10ef90453b2f84d9c06463371758686e3540fd7ebb3d558af2b5a87c4a0300d33c6a6f130bed5fb7f35bec6e28fd919ef94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 06640146e980e00e60a14d8f444a5958
+            Version: 3
+            TBS:
+                MD5: 1ce10b1105b364202a574393fd9e4280
+                SHA1: 073c25f235a4b3939e4bc5873e657292b3c505d0
+                SHA256: 3ab244526b2e0d4a28ed2948871de3ff07edeea8132c26512de0aabcdc3a7c93
+                SHA384: 50d55882cb1aa3a572baa998c671c40f0392128aa5cab9bc753776db07e0ad86fb050acc523a0a0dc642243d8e259d1d
+        -   Subject: C=CZ, L=Praha 4, O=AVAST Software a.s., CN=AVAST Software a.s.
+            ValidFrom: '2013-07-12 00:00:00'
+            ValidTo: '2016-09-14 12:00:00'
+            Signature: 28dd038a8b1824ec13bb52ab16db006635fa9e07b6a3949d67a660fb46e38bcbef83aeeab5bbc0a0e92ef7f64a04c9647d000c66c4a3fbced041e347bfccb1dcac87a0ee04423b5419f1023142565d7f4f168f3e545b0c8d549bf702fd40cc5e22bf2728876072963a3c79cd7c0125473339b923a053ad14d6d56fb6693a1598995c47ab681f32f36f0ce8a49b0b93f61dbe5d0aaa1dab8f9ee928794e43ed0defe3d1b5834345ece88408deae457f7a990c5ed000f53ed5d70815aa08e3e2b6b72d5c48a30339fd204e1c8619e120ce5d21cba14ec2f299cedb4f02075489b1ed3d6a6bf266d1db1fdfb2d36f480dd5b05211185adf06e6745115e8c0b58600
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ef5eca7bd31cfc3a7f8e6259b423359
+            Version: 3
+            TBS:
+                MD5: a174efe24e7df3e8690e8c4ce8411cc6
+                SHA1: 191c63936fab86e7d3d618c583c63e82c7ca4749
+                SHA256: c83b811214d81590d30916b415a8ba7df9f25a467fb9431c46a6cf70b8459189
+                SHA384: 6f24c9264b1b1c240ed172101c32d11ca71c0a133c1484d403337475fc1bc68e9ab3656b14046cb5c4ff1a1dfeda301f
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
+            Version: 3
+            TBS:
+                MD5: 829995f702421dea833a24fb2c7f4442
+                SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
+                SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
+                SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 0ef5eca7bd31cfc3a7f8e6259b423359
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: AVAST Software
+    Date: ''
+    Description: avast! NG setup helper driver
+    FileVersion: 10.0.0.207
+    Filename: ''
+    MD5: 9988fc825675d4d3e2298537fc78e303
+    MachineType: I386
+    OriginalFilename: ngiodriver.sys
+    Product: Avast NG
+    ProductVersion: 10.0.0.207
+    Publisher: ''
+    SHA1: 184729ec2ffd0928a408255a23b3f532ffb3db3d
+    SHA256: d1463b7fec911c10a8c96d84eb7c0f9e95fa488d826647a591a38c0593f812a4
+    Signature: ''
+    Imphash: 5a50a9a44f5d36af5df1bde995d22e42
+    Authentihash:
+        MD5: 6fde5f69ec06e982a64db3b46dd5db94
+        SHA1: d65d3bc92a641a1b21f04c002553c66adcb644c5
+        SHA256: ec81b458b41c9732341ec8cde57b9b7c7bb776b3bc08f45f2c815c3692072d04
+    RichPEHeaderHash:
+        MD5: a5a0fc36d8a5c0082e09b75e3ec4dce3
+        SHA1: 807d4c627badd43df483d25ee76859fa0b9e26d0
+        SHA256: 547155fab99e250db4bf1ad48ce77caa5e5a347e1028706e3846b21c0d5e0072
+    Sections:
+        .text:
+            Entropy: 6.189655500565374
+            Virtual Size: '0xbaa'
+        .rdata:
+            Entropy: 4.008552445849762
+            Virtual Size: '0x1a4'
+        .data:
+            Entropy: 2.0577277787393187
+            Virtual Size: '0x24'
+        .crtdata:
+            Entropy: -0.0
+            Virtual Size: '0x8'
+        INIT:
+            Entropy: 5.286355706336742
+            Virtual Size: '0x318'
+        .rsrc:
+            Entropy: 3.2902931982132864
+            Virtual Size: '0x378'
+        .reloc:
+            Entropy: 4.103562901241629
+            Virtual Size: '0x118'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2015-04-17 06:27:32'
+    InternalName: ngiodriver.sys
+    Copyright: Copyright (c) 2014 AVAST Software
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - MmMapIoSpace
+    - memcpy
+    - WRITE_REGISTER_BUFFER_UCHAR
+    - WRITE_REGISTER_BUFFER_USHORT
+    - WRITE_REGISTER_BUFFER_ULONG
+    - IofCompleteRequest
+    - READ_REGISTER_BUFFER_ULONG
+    - IoCreateDevice
+    - ExFreePoolWithTag
+    - KeTickCount
+    - RtlUnwind
+    - READ_REGISTER_BUFFER_USHORT
+    - READ_REGISTER_BUFFER_UCHAR
+    - MmUnmapIoSpace
+    - RtlInitUnicodeString
+    - IoDeleteSymbolicLink
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - KeBugCheckEx
+    - WRITE_PORT_USHORT
+    - WRITE_PORT_UCHAR
+    - READ_PORT_ULONG
+    - READ_PORT_USHORT
+    - READ_PORT_UCHAR
+    - WRITE_PORT_ULONG
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=CZ, L=Praha 4, O=AVAST Software a.s., CN=AVAST Software a.s.
+            ValidFrom: '2013-07-12 00:00:00'
+            ValidTo: '2016-09-14 12:00:00'
+            Signature: 28dd038a8b1824ec13bb52ab16db006635fa9e07b6a3949d67a660fb46e38bcbef83aeeab5bbc0a0e92ef7f64a04c9647d000c66c4a3fbced041e347bfccb1dcac87a0ee04423b5419f1023142565d7f4f168f3e545b0c8d549bf702fd40cc5e22bf2728876072963a3c79cd7c0125473339b923a053ad14d6d56fb6693a1598995c47ab681f32f36f0ce8a49b0b93f61dbe5d0aaa1dab8f9ee928794e43ed0defe3d1b5834345ece88408deae457f7a990c5ed000f53ed5d70815aa08e3e2b6b72d5c48a30339fd204e1c8619e120ce5d21cba14ec2f299cedb4f02075489b1ed3d6a6bf266d1db1fdfb2d36f480dd5b05211185adf06e6745115e8c0b58600
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ef5eca7bd31cfc3a7f8e6259b423359
+            Version: 3
+            TBS:
+                MD5: a174efe24e7df3e8690e8c4ce8411cc6
+                SHA1: 191c63936fab86e7d3d618c583c63e82c7ca4749
+                SHA256: c83b811214d81590d30916b415a8ba7df9f25a467fb9431c46a6cf70b8459189
+                SHA384: 6f24c9264b1b1c240ed172101c32d11ca71c0a133c1484d403337475fc1bc68e9ab3656b14046cb5c4ff1a1dfeda301f
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
+            Version: 3
+            TBS:
+                MD5: 829995f702421dea833a24fb2c7f4442
+                SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
+                SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
+                SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 0ef5eca7bd31cfc3a7f8e6259b423359
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: AVAST Software
+    Date: ''
+    Description: avast! NG setup helper driver
+    FileVersion: 10.0.0.1126
+    Filename: ''
+    MD5: fa0d1fca7c5b44ce3b799389434fcaa5
+    MachineType: AMD64
+    OriginalFilename: ngiodriver.sys
+    Product: avast! NG
+    ProductVersion: 10.0.0.1126
+    Publisher: ''
+    SHA1: 8146ed4a9c9a2f7e7aeae0a0539610c3c1cd3563
+    SHA256: e8eb1c821dbf56bde05c0c49f6d560021628df89c29192058ce68907e7048994
+    Signature: ''
+    Imphash: 54e54063abbf1edaa9cf9ed8a18916d6
+    Authentihash:
+        MD5: d90c2ebafebef8826bc3d20ebdf462da
+        SHA1: 66003ac9ead8e3c7a1576ab2b8d0c30cec811953
+        SHA256: 783a127c470a136b07a41bdaf2d78a8e4e73c3fca1a124d33d5f8653ef887d30
+    RichPEHeaderHash:
+        MD5: 978894e6fdeb83ae522a0e9a0b62a758
+        SHA1: 6feb616c5946bcb01cc190e0a41cd82a6ed227c9
+        SHA256: 74b9f053c667fdfb1b1bfdec577609a0678120a076af174b0274bbc7e0759f67
+    Sections:
+        .text:
+            Entropy: 5.672024429269039
+            Virtual Size: '0x3ce'
+        .rdata:
+            Entropy: 4.287538534250268
+            Virtual Size: '0x150'
+        .data:
+            Entropy: 0.5159719988134768
+            Virtual Size: '0x110'
+        .pdata:
+            Entropy: 3.091743235994535
+            Virtual Size: '0x54'
+        INIT:
+            Entropy: 4.839367877915433
+            Virtual Size: '0x190'
+        .rsrc:
+            Entropy: 3.326420955802191
+            Virtual Size: '0x378'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2014-09-17 10:10:49'
+    InternalName: ngiodriver.sys
+    Copyright: Copyright (c) 2012 AVAST Software
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeBugCheckEx
+    - __C_specific_handler
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-05-20 00:00:00'
+            ValidTo: '2015-06-03 00:00:00'
+            Signature: 104090b3719ff01e3b02dc3fbc4c15e70e3912c08640161aa065c8935bc307b0a488440f9094475e35c305b2fed89d1ed4f4b77ec607215e660fe535b2a41f042a4230e6274f276234c06694c2022f4779264a9d4a5c04b50448f32b79491a4714bc16e5c7b8675020bdacc4b4fdab21802c60a61bab7cef073c40ee69184dd627e23459e1294223b33d439d6e1e97c4dd82f8f2a114f88dfc667d64ec40370104de4c554e3fd322f846cf2e58c0cbb0a5bee0e51b8b485cb2119102ccb95cecfd1e7525fe7e2516ba2c12841fdbf10ef90453b2f84d9c06463371758686e3540fd7ebb3d558af2b5a87c4a0300d33c6a6f130bed5fb7f35bec6e28fd919ef94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 06640146e980e00e60a14d8f444a5958
+            Version: 3
+            TBS:
+                MD5: 1ce10b1105b364202a574393fd9e4280
+                SHA1: 073c25f235a4b3939e4bc5873e657292b3c505d0
+                SHA256: 3ab244526b2e0d4a28ed2948871de3ff07edeea8132c26512de0aabcdc3a7c93
+                SHA384: 50d55882cb1aa3a572baa998c671c40f0392128aa5cab9bc753776db07e0ad86fb050acc523a0a0dc642243d8e259d1d
+        -   Subject: C=CZ, L=Praha 4, O=AVAST Software a.s., CN=AVAST Software a.s.
+            ValidFrom: '2013-07-12 00:00:00'
+            ValidTo: '2016-09-14 12:00:00'
+            Signature: 28dd038a8b1824ec13bb52ab16db006635fa9e07b6a3949d67a660fb46e38bcbef83aeeab5bbc0a0e92ef7f64a04c9647d000c66c4a3fbced041e347bfccb1dcac87a0ee04423b5419f1023142565d7f4f168f3e545b0c8d549bf702fd40cc5e22bf2728876072963a3c79cd7c0125473339b923a053ad14d6d56fb6693a1598995c47ab681f32f36f0ce8a49b0b93f61dbe5d0aaa1dab8f9ee928794e43ed0defe3d1b5834345ece88408deae457f7a990c5ed000f53ed5d70815aa08e3e2b6b72d5c48a30339fd204e1c8619e120ce5d21cba14ec2f299cedb4f02075489b1ed3d6a6bf266d1db1fdfb2d36f480dd5b05211185adf06e6745115e8c0b58600
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ef5eca7bd31cfc3a7f8e6259b423359
+            Version: 3
+            TBS:
+                MD5: a174efe24e7df3e8690e8c4ce8411cc6
+                SHA1: 191c63936fab86e7d3d618c583c63e82c7ca4749
+                SHA256: c83b811214d81590d30916b415a8ba7df9f25a467fb9431c46a6cf70b8459189
+                SHA384: 6f24c9264b1b1c240ed172101c32d11ca71c0a133c1484d403337475fc1bc68e9ab3656b14046cb5c4ff1a1dfeda301f
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
+            Version: 3
+            TBS:
+                MD5: 829995f702421dea833a24fb2c7f4442
+                SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
+                SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
+                SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 0ef5eca7bd31cfc3a7f8e6259b423359
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/b9b835bd-b720-424b-9160-2442bc4d6e58.yaml b/yaml/b9b835bd-b720-424b-9160-2442bc4d6e58.yaml
index a442241b5..a3990d8b8 100644
--- a/yaml/b9b835bd-b720-424b-9160-2442bc4d6e58.yaml
+++ b/yaml/b9b835bd-b720-424b-9160-2442bc4d6e58.yaml
@@ -1,217 +1,217 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: b9b835bd-b720-424b-9160-2442bc4d6e58
+Tags:
+- Blackbone.sys
+Verified: 'TRUE'
 Author: Michael Haag
+Created: '2023-07-22'
+MitreID: T1068
 CVE:
 - ''
 Category: vulnerable drivers
 Commands:
-  Command: ''
-  Description: Confirmed vulnerable driver from Microsoft Block List
-  OperatingSystem: Windows
-  Privileges: kernel
-  Usecase: Elevate privileges
-Created: '2023-07-22'
-Detection:
-- type: ''
-  value: ''
-Id: b9b835bd-b720-424b-9160-2442bc4d6e58
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 7f9d57ffbcd068082faac8c54b36be59
-    SHA1: 2a506e2512c9083419b7741b4499e012cdc60204
-    SHA256: d25904fbf907e19f366d54962ff543d9f53b8fdfd2416c8b9796b6a8dd430e26
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2020-03-26 21:08:39'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - WskCaptureProviderNPI
-  - WskReleaseProviderNPI
-  - WskDeregister
-  - WskRegister
-  - RtlUnicodeStringToInteger
-  - RtlInitAnsiString
-  - RtlInitUnicodeString
-  - DbgPrintEx
-  - RtlGetVersion
-  - KeInitializeGuardedMutex
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ObReferenceObjectByHandleWithTag
-  - ObCloseHandle
-  - ObfDereferenceObject
-  - ZwClose
-  - ZwOpenKey
-  - ZwQueryValueKey
-  - RtlInitializeGenericTableAvl
-  - RtlCompareString
-  - PsSetCreateProcessNotifyRoutine
-  - IoCreateFileEx
-  - MmFlushImageSection
-  - ZwDeleteFile
-  - RtlImageNtHeader
-  - IoFileObjectType
-  - IofCompleteRequest
-  - DbgPrint
-  - KeDelayExecutionThread
-  - KeQueryTimeIncrement
-  - ExAllocatePool
-  - ProbeForRead
-  - MmBuildMdlForNonPagedPool
-  - MmMapLockedPagesSpecifyCache
-  - MmUnmapLockedPages
-  - IoAllocateMdl
-  - IoFreeMdl
-  - IoGetCurrentProcess
-  - IoGetDeviceObjectPointer
-  - RtlRandomEx
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - PsIsThreadTerminating
-  - PsLookupProcessByProcessId
-  - ZwAllocateVirtualMemory
-  - ZwFreeVirtualMemory
-  - __C_specific_handler
-  - RtlImageDirectoryEntryToData
-  - RtlCompareUnicodeString
-  - KeWaitForSingleObject
-  - MmAllocatePagesForMdl
-  - MmFreePagesFromMdl
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - PsWrapApcWow64Thread
-  - ObReferenceObjectByHandle
-  - PsGetCurrentThreadId
-  - PsGetProcessId
-  - PsLookupThreadByThreadId
-  - ZwWaitForSingleObject
-  - ZwQuerySystemInformation
-  - ZwQueryInformationThread
-  - PsGetProcessPeb
-  - PsGetProcessWow64Process
-  - PsGetCurrentProcessWow64Process
-  - KeTestAlertThread
-  - KeInitializeApc
-  - KeInsertQueueApc
-  - PsThreadType
-  - RtlAnsiStringToUnicodeString
-  - RtlCopyUnicodeString
-  - RtlFreeUnicodeString
-  - KeResetEvent
-  - ZwCreateFile
-  - RtlDowncaseUnicodeString
-  - ZwQueryInformationProcess
-  - KeAcquireGuardedMutex
-  - KeReleaseGuardedMutex
-  - _stricmp
-  - MmGetSystemRoutineAddress
-  - RtlCaptureContext
-  - KeCapturePersistentThreadState
-  - RtlEqualUnicodeString
-  - MmProbeAndLockPages
-  - MmUnlockPages
-  - RtlDeleteElementGenericTableAvl
-  - RtlLookupElementGenericTableAvl
-  - RtlEnumerateGenericTableAvl
-  - RtlIsGenericTableEmptyAvl
-  - PsGetCurrentProcessId
-  - MmCopyVirtualMemory
-  - KeInitializeEvent
-  - KeSetEvent
-  - IoAllocateIrp
-  - IoFreeIrp
-  Imports:
-  - NETIO.SYS
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: a42d87de65d7136620b63d5c4ee017ea
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: a697b11eb161f3e69b3422b3c479f951
-    SHA1: 4150112a1301e53ca016d7929b5c147c26bb6077
-    SHA256: d3c766b8e956c355768b4bb0a12b412ab48d8a89968763785700ab98d8d90da3
-  SHA1: b76c3ea60293dae12076ebe5812f53ff85370b78
-  SHA256: 0856a1da15b2b3e8999bf9fc51bbdedd4051e21fab1302e2ce766180b4931d86
-  Sections:
-    .text:
-      Entropy: 6.42065454763361
-      Virtual Size: '0x3dad'
-    .rdata:
-      Entropy: 4.4563246254999545
-      Virtual Size: '0xd6c'
-    .data:
-      Entropy: 3.7469194836005717
-      Virtual Size: '0x798'
-    .pdata:
-      Entropy: 4.417519546931549
-      Virtual Size: '0x420'
-    PAGE:
-      Entropy: 6.465014960502126
-      Virtual Size: '0x3882'
-    INIT:
-      Entropy: 6.044718868227332
-      Virtual Size: '0x1a72'
-    .reloc:
-      Entropy: 2.5414460711655216
-      Virtual Size: '0x14'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Hardware Compatibility Publisher
-      ValidFrom: '2019-06-05 18:06:32'
-      ValidTo: '2020-06-03 18:06:32'
-      Signature: 11f64665e99ee9a3212a8317075cf2122256a6cd5452564366da4b3e890c7a94b167d27a0cb1e962de146f371429f531349fc359cccece5f32fa84cd25231f892e44c4676b5ff4008ce6b3f3d9a2690a956a2a6a9e982ba8ebd4256971437156136a25b2e5184e11550aecb83f5ec8ae5467e866d6bbf44b9e8642c8bd5e316a4a494f676aa15eefad41893dd0a7187c881fa235b45f1a0696a8ad2d5c1531eed442d7281290b84f976f9ca241027378c241157a326739b2e8305adbfcef5005f5ccec402c1ab03d6e28c36987ae0d07cd12e41a348098d846f57c3225dbfed0c1b809ad311770854d368d150ee7767676c39a3d148f05cf7c2dcea5f1f7c6f2
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 33000000857f83dc2a6ca979b8000000000085
-      Version: 3
-      TBS:
-        MD5: 85e8c40624a19ac2076dd91f49d8fb53
-        SHA1: 621756d2a4e10231e34677a3c0f2a8d1fb0fb7ca
-        SHA256: 442ba2fb3fc8ab1b1b3c71a45f6ea08ce00cea7eae124ef915d4c17622eb336a
-        SHA384: 19b80fb83482cdb42c94c2eabac29e4db7777988905aab348bd7ed62e325d2ea1f4c80df0d7275abcb2b67585cfc7c36
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2012
-      ValidFrom: '2012-04-18 23:48:38'
-      ValidTo: '2027-04-18 23:58:38'
-      Signature: 5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 610baac1000000000009
-      Version: 3
-      TBS:
-        MD5: a569061297e8e824767dbc3184a69bea
-        SHA1: adbb26a587a8f44b4fccaecb306f980d1c55a150
-        SHA256: cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46
-        SHA384: e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba
-    Signer:
-    - SerialNumber: 33000000857f83dc2a6ca979b8000000000085
-      Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2012
-      Version: 1
-  Imphash: 3fb8602cf4f6f47b09a3a3259de6786b
-  LoadsDespiteHVCI: 'FALSE'
-MitreID: T1068
+    Command: ''
+    Description: Confirmed vulnerable driver from Microsoft Block List
+    OperatingSystem: Windows
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://gist.github.com/mgraeber-rc/1bde6a2a83237f17b463d051d32e802c
-Tags:
-- Blackbone.sys
-Verified: 'TRUE'
+Detection:
+-   type: ''
+    value: ''
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 7f9d57ffbcd068082faac8c54b36be59
+        SHA1: 2a506e2512c9083419b7741b4499e012cdc60204
+        SHA256: d25904fbf907e19f366d54962ff543d9f53b8fdfd2416c8b9796b6a8dd430e26
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2020-03-26 21:08:39'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - WskCaptureProviderNPI
+    - WskReleaseProviderNPI
+    - WskDeregister
+    - WskRegister
+    - RtlUnicodeStringToInteger
+    - RtlInitAnsiString
+    - RtlInitUnicodeString
+    - DbgPrintEx
+    - RtlGetVersion
+    - KeInitializeGuardedMutex
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - ObReferenceObjectByHandleWithTag
+    - ObCloseHandle
+    - ObfDereferenceObject
+    - ZwClose
+    - ZwOpenKey
+    - ZwQueryValueKey
+    - RtlInitializeGenericTableAvl
+    - RtlCompareString
+    - PsSetCreateProcessNotifyRoutine
+    - IoCreateFileEx
+    - MmFlushImageSection
+    - ZwDeleteFile
+    - RtlImageNtHeader
+    - IoFileObjectType
+    - IofCompleteRequest
+    - DbgPrint
+    - KeDelayExecutionThread
+    - KeQueryTimeIncrement
+    - ExAllocatePool
+    - ProbeForRead
+    - MmBuildMdlForNonPagedPool
+    - MmMapLockedPagesSpecifyCache
+    - MmUnmapLockedPages
+    - IoAllocateMdl
+    - IoFreeMdl
+    - IoGetCurrentProcess
+    - IoGetDeviceObjectPointer
+    - RtlRandomEx
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - PsIsThreadTerminating
+    - PsLookupProcessByProcessId
+    - ZwAllocateVirtualMemory
+    - ZwFreeVirtualMemory
+    - __C_specific_handler
+    - RtlImageDirectoryEntryToData
+    - RtlCompareUnicodeString
+    - KeWaitForSingleObject
+    - MmAllocatePagesForMdl
+    - MmFreePagesFromMdl
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - PsWrapApcWow64Thread
+    - ObReferenceObjectByHandle
+    - PsGetCurrentThreadId
+    - PsGetProcessId
+    - PsLookupThreadByThreadId
+    - ZwWaitForSingleObject
+    - ZwQuerySystemInformation
+    - ZwQueryInformationThread
+    - PsGetProcessPeb
+    - PsGetProcessWow64Process
+    - PsGetCurrentProcessWow64Process
+    - KeTestAlertThread
+    - KeInitializeApc
+    - KeInsertQueueApc
+    - PsThreadType
+    - RtlAnsiStringToUnicodeString
+    - RtlCopyUnicodeString
+    - RtlFreeUnicodeString
+    - KeResetEvent
+    - ZwCreateFile
+    - RtlDowncaseUnicodeString
+    - ZwQueryInformationProcess
+    - KeAcquireGuardedMutex
+    - KeReleaseGuardedMutex
+    - _stricmp
+    - MmGetSystemRoutineAddress
+    - RtlCaptureContext
+    - KeCapturePersistentThreadState
+    - RtlEqualUnicodeString
+    - MmProbeAndLockPages
+    - MmUnlockPages
+    - RtlDeleteElementGenericTableAvl
+    - RtlLookupElementGenericTableAvl
+    - RtlEnumerateGenericTableAvl
+    - RtlIsGenericTableEmptyAvl
+    - PsGetCurrentProcessId
+    - MmCopyVirtualMemory
+    - KeInitializeEvent
+    - KeSetEvent
+    - IoAllocateIrp
+    - IoFreeIrp
+    Imports:
+    - NETIO.SYS
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: a42d87de65d7136620b63d5c4ee017ea
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: a697b11eb161f3e69b3422b3c479f951
+        SHA1: 4150112a1301e53ca016d7929b5c147c26bb6077
+        SHA256: d3c766b8e956c355768b4bb0a12b412ab48d8a89968763785700ab98d8d90da3
+    SHA1: b76c3ea60293dae12076ebe5812f53ff85370b78
+    SHA256: 0856a1da15b2b3e8999bf9fc51bbdedd4051e21fab1302e2ce766180b4931d86
+    Sections:
+        .text:
+            Entropy: 6.42065454763361
+            Virtual Size: '0x3dad'
+        .rdata:
+            Entropy: 4.4563246254999545
+            Virtual Size: '0xd6c'
+        .data:
+            Entropy: 3.7469194836005717
+            Virtual Size: '0x798'
+        .pdata:
+            Entropy: 4.417519546931549
+            Virtual Size: '0x420'
+        PAGE:
+            Entropy: 6.465014960502126
+            Virtual Size: '0x3882'
+        INIT:
+            Entropy: 6.044718868227332
+            Virtual Size: '0x1a72'
+        .reloc:
+            Entropy: 2.5414460711655216
+            Virtual Size: '0x14'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Hardware Compatibility Publisher
+            ValidFrom: '2019-06-05 18:06:32'
+            ValidTo: '2020-06-03 18:06:32'
+            Signature: 11f64665e99ee9a3212a8317075cf2122256a6cd5452564366da4b3e890c7a94b167d27a0cb1e962de146f371429f531349fc359cccece5f32fa84cd25231f892e44c4676b5ff4008ce6b3f3d9a2690a956a2a6a9e982ba8ebd4256971437156136a25b2e5184e11550aecb83f5ec8ae5467e866d6bbf44b9e8642c8bd5e316a4a494f676aa15eefad41893dd0a7187c881fa235b45f1a0696a8ad2d5c1531eed442d7281290b84f976f9ca241027378c241157a326739b2e8305adbfcef5005f5ccec402c1ab03d6e28c36987ae0d07cd12e41a348098d846f57c3225dbfed0c1b809ad311770854d368d150ee7767676c39a3d148f05cf7c2dcea5f1f7c6f2
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 33000000857f83dc2a6ca979b8000000000085
+            Version: 3
+            TBS:
+                MD5: 85e8c40624a19ac2076dd91f49d8fb53
+                SHA1: 621756d2a4e10231e34677a3c0f2a8d1fb0fb7ca
+                SHA256: 442ba2fb3fc8ab1b1b3c71a45f6ea08ce00cea7eae124ef915d4c17622eb336a
+                SHA384: 19b80fb83482cdb42c94c2eabac29e4db7777988905aab348bd7ed62e325d2ea1f4c80df0d7275abcb2b67585cfc7c36
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2012
+            ValidFrom: '2012-04-18 23:48:38'
+            ValidTo: '2027-04-18 23:58:38'
+            Signature: 5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 610baac1000000000009
+            Version: 3
+            TBS:
+                MD5: a569061297e8e824767dbc3184a69bea
+                SHA1: adbb26a587a8f44b4fccaecb306f980d1c55a150
+                SHA256: cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46
+                SHA384: e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba
+        Signer:
+        -   SerialNumber: 33000000857f83dc2a6ca979b8000000000085
+            Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2012
+            Version: 1
+    Imphash: 3fb8602cf4f6f47b09a3a3259de6786b
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/b9e01a11-6395-4837-a202-0c777d717a43.yaml b/yaml/b9e01a11-6395-4837-a202-0c777d717a43.yaml
index 5dc1a2a94..349eeb971 100644
--- a/yaml/b9e01a11-6395-4837-a202-0c777d717a43.yaml
+++ b/yaml/b9e01a11-6395-4837-a202-0c777d717a43.yaml
@@ -1,224 +1,224 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: b9e01a11-6395-4837-a202-0c777d717a43
+Tags:
+- rtcoremini64.sys
+Verified: 'TRUE'
 Author: Michael Haag
+Created: '2023-07-22'
+MitreID: T1068
 CVE:
 - ''
 Category: vulnerable drivers
 Commands:
-  Command: ''
-  Description: Confirmed vulnerable driver from Microsoft Block List
-  OperatingSystem: Windows
-  Privileges: kernel
-  Usecase: Elevate privileges
-Created: '2023-07-22'
-Detection:
-- type: ''
-  value: ''
-Id: b9e01a11-6395-4837-a202-0c777d717a43
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 1c9092fd102eb8333e091f6f3ccc1f82
-    SHA1: a7ce1394d10dcfde7b8a1c90667826da68933673
-    SHA256: 6279821bf9ecced596f474c8fc547dab0bddbb3ab972390596bd4c5c7b85c685
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2021-12-21 15:15:00'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - IoDeleteDevice
-  - KeBugCheckEx
-  - RtlInitUnicodeString
-  - IoCreateSymbolicLink
-  - IofCompleteRequest
-  - IoDeleteSymbolicLink
-  - MmGetSystemRoutineAddress
-  - IoCreateDevice
-  - ZwClose
-  - ObOpenObjectByPointer
-  - ZwSetSecurityObject
-  - IoDeviceObjectType
-  - _snwprintf
-  - RtlLengthSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - ExFreePoolWithTag
-  - RtlCreateSecurityDescriptor
-  - RtlSetDaclSecurityDescriptor
-  - RtlAbsoluteToSelfRelativeSD
-  - IoIsWdmVersionAvailable
-  - SeExports
-  - wcschr
-  - _wcsnicmp
-  - ExAllocatePoolWithTag
-  - RtlLengthSid
-  - RtlAddAccessAllowedAce
-  - RtlGetSaclSecurityDescriptor
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - ZwOpenKey
-  - ZwCreateKey
-  - ZwQueryValueKey
-  - ZwSetValueKey
-  - RtlFreeUnicodeString
-  - __C_specific_handler
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: 52cb7756bb236b966f75089edb309920
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 183d83a01ef9ce1e75280669c2acae63
-    SHA1: 9674679948e94d6647f14f1bd70de3b4bafb9a79
-    SHA256: d67e49b2d5140aa973f85982b8c06bed54f49f83fd6599ce9761785bdf7dbdf5
-  SHA1: 06a9248df99bd3cb106a6f0b21a782240c1929d4
-  SHA256: bea8c6728d57d4b075f372ac82b8134ac8044fe13f533696a58e8864fa3efee3
-  Sections:
-    .text:
-      Entropy: 6.064864171701036
-      Virtual Size: '0xbb8'
-    .rdata:
-      Entropy: 4.2580272667567
-      Virtual Size: '0x670'
-    .data:
-      Entropy: 1.7544455127443097
-      Virtual Size: '0x368'
-    .pdata:
-      Entropy: 4.044592443786725
-      Virtual Size: '0x1ec'
-    PAGE:
-      Entropy: 6.216453412622539
-      Virtual Size: '0x1a47'
-    INIT:
-      Entropy: 5.06041672328165
-      Virtual Size: '0x566'
-    .reloc:
-      Entropy: 1.3338522755739228
-      Virtual Size: '0x56'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: OU=GlobalSign Root CA , R3, O=GlobalSign, CN=GlobalSign
-      ValidFrom: '2009-03-18 10:00:00'
-      ValidTo: '2029-03-18 10:00:00'
-      Signature: 4b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000121585308a2
-      Version: 3
-      TBS:
-        MD5: 3e12d32ec517f55b419739b79b663983
-        SHA1: 02dd1db230dce5d495a9264bb0946a4621eeba08
-        SHA256: 5229ba15b31b0c6f4cca89c2985177974327d1b689a3b935a0bd975532af22ab
-        SHA384: 65f867b5cddad176bed9ce2206693bf5daa9f55b0aa5572b153c1704f45296353a9616c3bb4b8668a38ee00fe0c0cf86
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Extended Validation CodeSigning
-        CA , SHA256 , G3
-      ValidFrom: '2016-06-15 00:00:00'
-      ValidTo: '2024-06-15 00:00:00'
-      Signature: 7609c4cc2fd9ef1e4ba9f857f3403921ca4c3c1d9e292b20d42b44d288ce1a0d05cf8381bbeb69bc318d2ac4c744cc6060941ccfa1e102240ead5bbe2cc2271e67b7e8281f3251e339f398dfb89f2e8b2ab47b0a03bcbd36048fc9d09c4fa3022799b0f045e934dfe43aa3b70637d86f2a7990d4d44e5871ec53a96198f73969e0129c575872862729a51de532f32b99975abf2bb03cb406ea0e64ecb7cd65802417c2d937f5b1261035477b9a02ba54a24593ff79bf1a8cc59fb59fdf78e76b50f14794694b24b8da05e80c9d4f06ec4a31207e4f5d86842f35a3cd9cc184571f1fadc0e2a4b1ef296b2197a6d4feed0337b0fcf58d2abcdc8483e3dec3e75f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 481b6a07a9424c1eaafef3cdf10f
-      Version: 3
-      TBS:
-        MD5: fd8cfeea06be14fa89689909e1fc72dc
-        SHA1: 8bc3cd2f70abe543e0dbe721065a4076c8521f36
-        SHA256: 15e7050789df807f3e3174294a01b637a1239f603e42f4b5db9398efa9da9996
-        SHA384: 8b9f95e6d3dd45e4ef38e2f12fb893d7d1bb1ba867e152e4a73c49b3d51dd52bc83a05982deac29af90436061248546d
-    - Subject: O=GlobalSign, OU=GlobalSign Root CA , R3, CN=GlobalSign
-      ValidFrom: '2015-06-04 17:47:53'
-      ValidTo: '2025-06-04 17:47:53'
-      Signature: 6002ac0e090db46a7d590cad66450a180f5ea7255c14f6d35acf9d5e3bc77afc005f6e402b2de1ce6f76ab3cabd9f945cf779052ea21973ad25d3e57ba73ec007577a2754574c76226b054bad5c9c9da6ced66f2ff8b17b27959ca805465da96ca11de2abbc3d43d37fce6fdcb92866eb9ad4d1b68e047d9b08634231cda1ddd6e54edcb0ee17ad54db2a1abceda712fa23e0804ac2a53d713d93c6e338ca7b7b935afa559df305fea3ee8777123f8f9e91edbe214036a8aef64c17be05d56e0e4f2c84ce0d7ef07d3d620fade651998a7c6712b5d94aee9c90b91578690ccde9fd43c1995043efd5c2ba4fc39958fa88787b25bca804fc31638f50eb0edd7caf6fc774477d84ac89d9fff301798d712d590dde53a66e0f12c974799b60f0e56da9b410dc34bd5f0689ccaa5865c866612f23b8304ff46ed2d64d456952b7e799d01831318d568bd91cedd86fb08a0ab0c4564c3d126345e56a26c4c690c8b63ca84187ac573abb352ae8ddce22b03677d862a126f684f6481752d85e5b8ec80059bab3969ee1f316a6a2afb35bd63aac5ee65d3d696a43e99931ebeee3b6c646caecd140afcd88c20a31cf8627fa4c07d1f2c7f3a50c0269396379c8fa51363b473d816ab27487eaafeeb0f487f29989e3b499190f08f3ebadc9f26819d736631a727b6e4a94d04e5ea5331c0fa934a879dfc4a61e063a2ac4f88f4c5781f65
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 330000003b6ac01e2b21e615dc00000000003b
-      Version: 3
-      TBS:
-        MD5: b61c1ad0b5d89c8170aaa81f8b6218a3
-        SHA1: b84d6a44f86e112ef3ecb55e22527fd37f622de8
-        SHA256: 60c5e154e6794b6ac214b221c8b62a733eb8794092aa400729bbf88b72748230
-        SHA384: be8fab78dcd9709d29c973205e536a3994a93769c7032b72d9ab26106a5e00b5a3497e41baec9cf9824506ca0990ffac
-    - Subject: OU=GlobalSign Root CA , R6, O=GlobalSign, CN=GlobalSign
-      ValidFrom: '2019-02-20 00:00:00'
-      ValidTo: '2029-03-18 10:00:00'
-      Signature: 49ac5ec583f35acb612a4d974a15299fe41490aa09f9c47a9f35188a0a33156d7287224e413f6d0a9e18aedbe25ffc95d12c98143b8ec1f0365979f38d81cf74f618a4e4e168cfef7f655942e9ca5539bcd3c526ee7138fad721030fb74ed95b606a43b47d09d06061ddaaed005e4e321ee0b26c9e3cb2c2bb98d390766a69ad1adca889da584fd2c28b324ace54fb38e93b070b750a11db0b7c2527f1ac26cf1153e6dcc6e2613532f4cedd83e3193aebc268a37200c8243c4eb8533cb117abe6352cf9d34229e65f6003ac4261a6b1576a3342df353186ca3e372bdac4da24f54e12f2b6b9b747eabb20ad6116b7a033e32d89a7bcb33c017f231a800934e9
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.12
-      IsCertificateAuthority: true
-      SerialNumber: 01f2404240cefd22dbe96c71fc
-      Version: 3
-      TBS:
-        MD5: 0457b0f3260d39d5ebb31b5a25a0f98a
-        SHA1: 30396862f517c4aa71795b25d71a772badc36860
-        SHA256: a4b297fecf824963d3877b2008a7b42dd7576a2039e2c64c54fe354f32f51f1c
-        SHA384: db09e847954618e46dc648065395c2cbfdf7f0aa6d002e59150c04bfafe3e87255522552a8cd445e5ab73abf920e83ec
-    - Subject: ??=Private Organization, serialNumber=22178368, ??=TW, C=TW, ST=New
-        Taipei, L=New Taipei, ??=NO.69, LI,DE ST., ZHONGHE DIST., O=MICRO,STAR INTERNATIONAL
-        CO., LTD., CN=MICRO,STAR INTERNATIONAL CO., LTD.
-      ValidFrom: '2019-09-16 08:28:21'
-      ValidTo: '2022-09-16 08:28:21'
-      Signature: 31d3e258a115d41cea97ae1122b5482d2df37785b800cd8b16ee0e42b12a04e5b75d4c3447e1ffb7da8be87e733164fd2ed0020ab3d1010bf21a78cda4d031c4a75cec091a5072b44e8946476eb7c04c69e2e46af012ce640075751baf523140e803c62108f3b9efff3024a0e27138ba6763d36ca957fb480006e9b824f677b980edb98903a116d529b318753b539854a15778dacc6e4db10e4f3c5748b399f7270b244fe83e59743dbe4576c110bde088b2224d91e0c32bc8e4e5c7a61516602b962d66b01a46ccd5814a71bf9e99aac9604179d90230caea6c1229ecd20d2638084d62ff053dcf29675a0a44de07b9e75d5c3f8aeb66900828b949ea9289a8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 6a7bb9e55c0bbf1def6c739c
-      Version: 3
-      TBS:
-        MD5: 86cb9d8321d25d44f040248ada40f6e3
-        SHA1: 463cc47327cdb8d04848de5595f0f5d52d7e97ba
-        SHA256: 5ac1448b6565bffa2dcc53738f6b01aed6d37aa0b9cda1c6497060fc14144fa6
-        SHA384: 5fb0ee916e64059bfd26e29f31b2cf2bf9086aaae1af19ccba781b165be2731dd322ce5e0d9105a9ec2bf11eba76ded2
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Timestamping CA , SHA384 ,
-        G4
-      ValidFrom: '2018-06-20 00:00:00'
-      ValidTo: '2034-12-10 00:00:00'
-      Signature: 7fe288d957672b425f81a7090bbac4bb281856d64cbfdb1b0770c6fb0b09ad003a60331f39c6166b19404925081ee49bf7d6a40d8f1e96f286a217de41bf4fe1bcabcdeec0238cc685fe4b1524f91844ec1fc2a4acd0b2cfecc256651dbd7ff6de82c8b79f61d3b54648989702677a16954adb62c6d0b302cc34484555ddece94a9f5e14ed7210717670d20f96f3ea3757949118afdc8d99381958c2a9a17ea26e1526eab4f97f2ae7e74864692fd29aa172f6f7244b745a7d728635b302571f8b9cfcbbac4cdefade534c83fd12b1b649554f759dac6f4ac82e6ab9ca88c312304eb208739f5ea1d699cee97d4b962ccc166b18cde4593786092ce245d6b2cd6e8275a5da8d1eb75b2f882e3d7df1f29130059cce7b7ca0c5acaf5106f011c71d30c5515660e87c953d22e3d50a2453279780fa4889272c79e23ce59b1ee3aa8482893ec04af521fe6210ed1d30fcf6ccea48277c8b75427f6bcbf3a56b951f0458340a89ed8250e4d17ba8c9e6be48aa2b55d98db725200e1b51a0d463aa83ea6c72614ac9fa43c4c657c59db63cb08bb0b91c31efbdef14d814406c201dc22de80bc68d6d8cb671ed5221fe3ef69f9f391aaeacd22f7a20b1f4acaa1de22d149dfa966a1dc63ccaf3d91cbf534da447597c95c44341f925e22c107e81f90d94a77df2b509f5d8607240509520d44344befaa095e72059b678c6a46aaa229b
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.12
-      IsCertificateAuthority: true
-      SerialNumber: 01ec1c9240defd2e405d7c4774
-      Version: 3
-      TBS:
-        MD5: 4b80e148166f75934663aa914e0f1992
-        SHA1: dc2cbf1962ab679f4e3724e6c5953bb75f4cdb36
-        SHA256: 5eacff77bfe1704c571abfd361b1779bd77cebfead48e02afa3a3bd098f4f68c
-        SHA384: 93ba08f334b9e5f04cc1e2a33b4b7a22935a84e4e018bca1f1a96447b8e318e43eb2cc0a5d8f3abf478a74d182374133
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=Globalsign TSA for MS Authenticode Advanced
-        , G4
-      ValidFrom: '2021-05-27 10:00:16'
-      ValidTo: '2032-06-28 10:00:15'
-      Signature: 3893b77d358934ea1ad6aa7ace8d84dbe134b774a5ffd85d9436258fd2807ea165b19bcf35515ddba04b6ef721402eec4f6f1640721c751b300017398fc82fa471ce24332690d5e4ff39b961ef0bca39f32d5e8da0ff4ee156641fd49c7604a4445c3d6285702ff94ea4f78656db7a4926432d059be2c389b73aa12d272718c6438bdc43a1b6722d3fd9c6348a02d3623929f07d28d0a9c3648a466db3431c748bddb9a60b217b11a71f5da2db8ce055d369fa77d15d14b996ec91451b1b6c7e424024a4ed40c665fa418f48319ce3b8b317578279cacc1ec2d04f4f050e0d79d769dd95a1715d8a9ee75ac24fa8060f08897bdb58c8257dff68bc28a2709cbb0cb553e88e06b1b282818712a95e774c93ab18f844575811cbf693154931b7535021dad5fc607fdd30c5ac51440b67a5fad67734ad121f28fb88da519b449ade770eee321260560c919d588fbc9957f2becdb9c3732419da77a6e4ecf1de6fe0bc841d6fc3f1dbe1d5425186511242263ed3ea13f4289cad4d7ab7a2ba146a3f4055584e8c651cb3f675d67fae0f84802fbe88785c271f4717c23de4699ecbae9eef0268883710c26c268ac88c6590534dae5ddab84610d4900a8afff4284081e052c8f20164481884786a22faca9caa0e1dc58e72c3362219ebf8941fbfc2c50156e9a680ea011d133507e2b97414fd9a389e03d249f64ceba1bd1c14d2e399
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 0184d3a8ce3781eb57f4fd877b83aeb2
-      Version: 3
-      TBS:
-        MD5: 71fa2e9dc37bcda10b8ee18e8330f0d0
-        SHA1: d5f650f385330b7609759fbc058d610f52d4352e
-        SHA256: 0a4c62c6765d2ad7039277e3ff7d5637df89461cac60065965ab42b8bc491a7a
-        SHA384: a6d94156b0799c3fd25126b62a3d9db549729bd3c63ff262a0f2a7da7b57910fce0f054d0d09c5b8349619a1d5edf666
-    Signer:
-    - SerialNumber: 6a7bb9e55c0bbf1def6c739c
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Extended Validation CodeSigning
-        CA , SHA256 , G3
-      Version: 1
-  Imphash: 3a0b4122e41bf6973f2e7c1b5eee9c5b
-  LoadsDespiteHVCI: 'TRUE'
-MitreID: T1068
+    Command: ''
+    Description: Confirmed vulnerable driver from Microsoft Block List
+    OperatingSystem: Windows
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://gist.github.com/mgraeber-rc/1bde6a2a83237f17b463d051d32e802c
-Tags:
-- rtcoremini64.sys
-Verified: 'TRUE'
+Detection:
+-   type: ''
+    value: ''
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 1c9092fd102eb8333e091f6f3ccc1f82
+        SHA1: a7ce1394d10dcfde7b8a1c90667826da68933673
+        SHA256: 6279821bf9ecced596f474c8fc547dab0bddbb3ab972390596bd4c5c7b85c685
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2021-12-21 15:15:00'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - IoDeleteDevice
+    - KeBugCheckEx
+    - RtlInitUnicodeString
+    - IoCreateSymbolicLink
+    - IofCompleteRequest
+    - IoDeleteSymbolicLink
+    - MmGetSystemRoutineAddress
+    - IoCreateDevice
+    - ZwClose
+    - ObOpenObjectByPointer
+    - ZwSetSecurityObject
+    - IoDeviceObjectType
+    - _snwprintf
+    - RtlLengthSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - ExFreePoolWithTag
+    - RtlCreateSecurityDescriptor
+    - RtlSetDaclSecurityDescriptor
+    - RtlAbsoluteToSelfRelativeSD
+    - IoIsWdmVersionAvailable
+    - SeExports
+    - wcschr
+    - _wcsnicmp
+    - ExAllocatePoolWithTag
+    - RtlLengthSid
+    - RtlAddAccessAllowedAce
+    - RtlGetSaclSecurityDescriptor
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - ZwOpenKey
+    - ZwCreateKey
+    - ZwQueryValueKey
+    - ZwSetValueKey
+    - RtlFreeUnicodeString
+    - __C_specific_handler
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: 52cb7756bb236b966f75089edb309920
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 183d83a01ef9ce1e75280669c2acae63
+        SHA1: 9674679948e94d6647f14f1bd70de3b4bafb9a79
+        SHA256: d67e49b2d5140aa973f85982b8c06bed54f49f83fd6599ce9761785bdf7dbdf5
+    SHA1: 06a9248df99bd3cb106a6f0b21a782240c1929d4
+    SHA256: bea8c6728d57d4b075f372ac82b8134ac8044fe13f533696a58e8864fa3efee3
+    Sections:
+        .text:
+            Entropy: 6.064864171701036
+            Virtual Size: '0xbb8'
+        .rdata:
+            Entropy: 4.2580272667567
+            Virtual Size: '0x670'
+        .data:
+            Entropy: 1.7544455127443097
+            Virtual Size: '0x368'
+        .pdata:
+            Entropy: 4.044592443786725
+            Virtual Size: '0x1ec'
+        PAGE:
+            Entropy: 6.216453412622539
+            Virtual Size: '0x1a47'
+        INIT:
+            Entropy: 5.06041672328165
+            Virtual Size: '0x566'
+        .reloc:
+            Entropy: 1.3338522755739228
+            Virtual Size: '0x56'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: OU=GlobalSign Root CA , R3, O=GlobalSign, CN=GlobalSign
+            ValidFrom: '2009-03-18 10:00:00'
+            ValidTo: '2029-03-18 10:00:00'
+            Signature: 4b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000121585308a2
+            Version: 3
+            TBS:
+                MD5: 3e12d32ec517f55b419739b79b663983
+                SHA1: 02dd1db230dce5d495a9264bb0946a4621eeba08
+                SHA256: 5229ba15b31b0c6f4cca89c2985177974327d1b689a3b935a0bd975532af22ab
+                SHA384: 65f867b5cddad176bed9ce2206693bf5daa9f55b0aa5572b153c1704f45296353a9616c3bb4b8668a38ee00fe0c0cf86
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Extended Validation CodeSigning
+                CA , SHA256 , G3
+            ValidFrom: '2016-06-15 00:00:00'
+            ValidTo: '2024-06-15 00:00:00'
+            Signature: 7609c4cc2fd9ef1e4ba9f857f3403921ca4c3c1d9e292b20d42b44d288ce1a0d05cf8381bbeb69bc318d2ac4c744cc6060941ccfa1e102240ead5bbe2cc2271e67b7e8281f3251e339f398dfb89f2e8b2ab47b0a03bcbd36048fc9d09c4fa3022799b0f045e934dfe43aa3b70637d86f2a7990d4d44e5871ec53a96198f73969e0129c575872862729a51de532f32b99975abf2bb03cb406ea0e64ecb7cd65802417c2d937f5b1261035477b9a02ba54a24593ff79bf1a8cc59fb59fdf78e76b50f14794694b24b8da05e80c9d4f06ec4a31207e4f5d86842f35a3cd9cc184571f1fadc0e2a4b1ef296b2197a6d4feed0337b0fcf58d2abcdc8483e3dec3e75f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 481b6a07a9424c1eaafef3cdf10f
+            Version: 3
+            TBS:
+                MD5: fd8cfeea06be14fa89689909e1fc72dc
+                SHA1: 8bc3cd2f70abe543e0dbe721065a4076c8521f36
+                SHA256: 15e7050789df807f3e3174294a01b637a1239f603e42f4b5db9398efa9da9996
+                SHA384: 8b9f95e6d3dd45e4ef38e2f12fb893d7d1bb1ba867e152e4a73c49b3d51dd52bc83a05982deac29af90436061248546d
+        -   Subject: O=GlobalSign, OU=GlobalSign Root CA , R3, CN=GlobalSign
+            ValidFrom: '2015-06-04 17:47:53'
+            ValidTo: '2025-06-04 17:47:53'
+            Signature: 6002ac0e090db46a7d590cad66450a180f5ea7255c14f6d35acf9d5e3bc77afc005f6e402b2de1ce6f76ab3cabd9f945cf779052ea21973ad25d3e57ba73ec007577a2754574c76226b054bad5c9c9da6ced66f2ff8b17b27959ca805465da96ca11de2abbc3d43d37fce6fdcb92866eb9ad4d1b68e047d9b08634231cda1ddd6e54edcb0ee17ad54db2a1abceda712fa23e0804ac2a53d713d93c6e338ca7b7b935afa559df305fea3ee8777123f8f9e91edbe214036a8aef64c17be05d56e0e4f2c84ce0d7ef07d3d620fade651998a7c6712b5d94aee9c90b91578690ccde9fd43c1995043efd5c2ba4fc39958fa88787b25bca804fc31638f50eb0edd7caf6fc774477d84ac89d9fff301798d712d590dde53a66e0f12c974799b60f0e56da9b410dc34bd5f0689ccaa5865c866612f23b8304ff46ed2d64d456952b7e799d01831318d568bd91cedd86fb08a0ab0c4564c3d126345e56a26c4c690c8b63ca84187ac573abb352ae8ddce22b03677d862a126f684f6481752d85e5b8ec80059bab3969ee1f316a6a2afb35bd63aac5ee65d3d696a43e99931ebeee3b6c646caecd140afcd88c20a31cf8627fa4c07d1f2c7f3a50c0269396379c8fa51363b473d816ab27487eaafeeb0f487f29989e3b499190f08f3ebadc9f26819d736631a727b6e4a94d04e5ea5331c0fa934a879dfc4a61e063a2ac4f88f4c5781f65
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 330000003b6ac01e2b21e615dc00000000003b
+            Version: 3
+            TBS:
+                MD5: b61c1ad0b5d89c8170aaa81f8b6218a3
+                SHA1: b84d6a44f86e112ef3ecb55e22527fd37f622de8
+                SHA256: 60c5e154e6794b6ac214b221c8b62a733eb8794092aa400729bbf88b72748230
+                SHA384: be8fab78dcd9709d29c973205e536a3994a93769c7032b72d9ab26106a5e00b5a3497e41baec9cf9824506ca0990ffac
+        -   Subject: OU=GlobalSign Root CA , R6, O=GlobalSign, CN=GlobalSign
+            ValidFrom: '2019-02-20 00:00:00'
+            ValidTo: '2029-03-18 10:00:00'
+            Signature: 49ac5ec583f35acb612a4d974a15299fe41490aa09f9c47a9f35188a0a33156d7287224e413f6d0a9e18aedbe25ffc95d12c98143b8ec1f0365979f38d81cf74f618a4e4e168cfef7f655942e9ca5539bcd3c526ee7138fad721030fb74ed95b606a43b47d09d06061ddaaed005e4e321ee0b26c9e3cb2c2bb98d390766a69ad1adca889da584fd2c28b324ace54fb38e93b070b750a11db0b7c2527f1ac26cf1153e6dcc6e2613532f4cedd83e3193aebc268a37200c8243c4eb8533cb117abe6352cf9d34229e65f6003ac4261a6b1576a3342df353186ca3e372bdac4da24f54e12f2b6b9b747eabb20ad6116b7a033e32d89a7bcb33c017f231a800934e9
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.12
+            IsCertificateAuthority: true
+            SerialNumber: 01f2404240cefd22dbe96c71fc
+            Version: 3
+            TBS:
+                MD5: 0457b0f3260d39d5ebb31b5a25a0f98a
+                SHA1: 30396862f517c4aa71795b25d71a772badc36860
+                SHA256: a4b297fecf824963d3877b2008a7b42dd7576a2039e2c64c54fe354f32f51f1c
+                SHA384: db09e847954618e46dc648065395c2cbfdf7f0aa6d002e59150c04bfafe3e87255522552a8cd445e5ab73abf920e83ec
+        -   Subject: ??=Private Organization, serialNumber=22178368, ??=TW, C=TW,
+                ST=New Taipei, L=New Taipei, ??=NO.69, LI,DE ST., ZHONGHE DIST., O=MICRO,STAR
+                INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL CO., LTD.
+            ValidFrom: '2019-09-16 08:28:21'
+            ValidTo: '2022-09-16 08:28:21'
+            Signature: 31d3e258a115d41cea97ae1122b5482d2df37785b800cd8b16ee0e42b12a04e5b75d4c3447e1ffb7da8be87e733164fd2ed0020ab3d1010bf21a78cda4d031c4a75cec091a5072b44e8946476eb7c04c69e2e46af012ce640075751baf523140e803c62108f3b9efff3024a0e27138ba6763d36ca957fb480006e9b824f677b980edb98903a116d529b318753b539854a15778dacc6e4db10e4f3c5748b399f7270b244fe83e59743dbe4576c110bde088b2224d91e0c32bc8e4e5c7a61516602b962d66b01a46ccd5814a71bf9e99aac9604179d90230caea6c1229ecd20d2638084d62ff053dcf29675a0a44de07b9e75d5c3f8aeb66900828b949ea9289a8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 6a7bb9e55c0bbf1def6c739c
+            Version: 3
+            TBS:
+                MD5: 86cb9d8321d25d44f040248ada40f6e3
+                SHA1: 463cc47327cdb8d04848de5595f0f5d52d7e97ba
+                SHA256: 5ac1448b6565bffa2dcc53738f6b01aed6d37aa0b9cda1c6497060fc14144fa6
+                SHA384: 5fb0ee916e64059bfd26e29f31b2cf2bf9086aaae1af19ccba781b165be2731dd322ce5e0d9105a9ec2bf11eba76ded2
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Timestamping CA , SHA384
+                , G4
+            ValidFrom: '2018-06-20 00:00:00'
+            ValidTo: '2034-12-10 00:00:00'
+            Signature: 7fe288d957672b425f81a7090bbac4bb281856d64cbfdb1b0770c6fb0b09ad003a60331f39c6166b19404925081ee49bf7d6a40d8f1e96f286a217de41bf4fe1bcabcdeec0238cc685fe4b1524f91844ec1fc2a4acd0b2cfecc256651dbd7ff6de82c8b79f61d3b54648989702677a16954adb62c6d0b302cc34484555ddece94a9f5e14ed7210717670d20f96f3ea3757949118afdc8d99381958c2a9a17ea26e1526eab4f97f2ae7e74864692fd29aa172f6f7244b745a7d728635b302571f8b9cfcbbac4cdefade534c83fd12b1b649554f759dac6f4ac82e6ab9ca88c312304eb208739f5ea1d699cee97d4b962ccc166b18cde4593786092ce245d6b2cd6e8275a5da8d1eb75b2f882e3d7df1f29130059cce7b7ca0c5acaf5106f011c71d30c5515660e87c953d22e3d50a2453279780fa4889272c79e23ce59b1ee3aa8482893ec04af521fe6210ed1d30fcf6ccea48277c8b75427f6bcbf3a56b951f0458340a89ed8250e4d17ba8c9e6be48aa2b55d98db725200e1b51a0d463aa83ea6c72614ac9fa43c4c657c59db63cb08bb0b91c31efbdef14d814406c201dc22de80bc68d6d8cb671ed5221fe3ef69f9f391aaeacd22f7a20b1f4acaa1de22d149dfa966a1dc63ccaf3d91cbf534da447597c95c44341f925e22c107e81f90d94a77df2b509f5d8607240509520d44344befaa095e72059b678c6a46aaa229b
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.12
+            IsCertificateAuthority: true
+            SerialNumber: 01ec1c9240defd2e405d7c4774
+            Version: 3
+            TBS:
+                MD5: 4b80e148166f75934663aa914e0f1992
+                SHA1: dc2cbf1962ab679f4e3724e6c5953bb75f4cdb36
+                SHA256: 5eacff77bfe1704c571abfd361b1779bd77cebfead48e02afa3a3bd098f4f68c
+                SHA384: 93ba08f334b9e5f04cc1e2a33b4b7a22935a84e4e018bca1f1a96447b8e318e43eb2cc0a5d8f3abf478a74d182374133
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=Globalsign TSA for MS Authenticode
+                Advanced , G4
+            ValidFrom: '2021-05-27 10:00:16'
+            ValidTo: '2032-06-28 10:00:15'
+            Signature: 3893b77d358934ea1ad6aa7ace8d84dbe134b774a5ffd85d9436258fd2807ea165b19bcf35515ddba04b6ef721402eec4f6f1640721c751b300017398fc82fa471ce24332690d5e4ff39b961ef0bca39f32d5e8da0ff4ee156641fd49c7604a4445c3d6285702ff94ea4f78656db7a4926432d059be2c389b73aa12d272718c6438bdc43a1b6722d3fd9c6348a02d3623929f07d28d0a9c3648a466db3431c748bddb9a60b217b11a71f5da2db8ce055d369fa77d15d14b996ec91451b1b6c7e424024a4ed40c665fa418f48319ce3b8b317578279cacc1ec2d04f4f050e0d79d769dd95a1715d8a9ee75ac24fa8060f08897bdb58c8257dff68bc28a2709cbb0cb553e88e06b1b282818712a95e774c93ab18f844575811cbf693154931b7535021dad5fc607fdd30c5ac51440b67a5fad67734ad121f28fb88da519b449ade770eee321260560c919d588fbc9957f2becdb9c3732419da77a6e4ecf1de6fe0bc841d6fc3f1dbe1d5425186511242263ed3ea13f4289cad4d7ab7a2ba146a3f4055584e8c651cb3f675d67fae0f84802fbe88785c271f4717c23de4699ecbae9eef0268883710c26c268ac88c6590534dae5ddab84610d4900a8afff4284081e052c8f20164481884786a22faca9caa0e1dc58e72c3362219ebf8941fbfc2c50156e9a680ea011d133507e2b97414fd9a389e03d249f64ceba1bd1c14d2e399
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 0184d3a8ce3781eb57f4fd877b83aeb2
+            Version: 3
+            TBS:
+                MD5: 71fa2e9dc37bcda10b8ee18e8330f0d0
+                SHA1: d5f650f385330b7609759fbc058d610f52d4352e
+                SHA256: 0a4c62c6765d2ad7039277e3ff7d5637df89461cac60065965ab42b8bc491a7a
+                SHA384: a6d94156b0799c3fd25126b62a3d9db549729bd3c63ff262a0f2a7da7b57910fce0f054d0d09c5b8349619a1d5edf666
+        Signer:
+        -   SerialNumber: 6a7bb9e55c0bbf1def6c739c
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Extended Validation CodeSigning
+                CA , SHA256 , G3
+            Version: 1
+    Imphash: 3a0b4122e41bf6973f2e7c1b5eee9c5b
+    LoadsDespiteHVCI: 'TRUE'
diff --git a/yaml/ba91bce3-2cf9-4c44-bbd8-1170a44d23db.yaml b/yaml/ba91bce3-2cf9-4c44-bbd8-1170a44d23db.yaml
index a3e99f829..f1c6849f7 100644
--- a/yaml/ba91bce3-2cf9-4c44-bbd8-1170a44d23db.yaml
+++ b/yaml/ba91bce3-2cf9-4c44-bbd8-1170a44d23db.yaml
@@ -1,319 +1,320 @@
 Id: ba91bce3-2cf9-4c44-bbd8-1170a44d23db
+Tags:
+- filnk.sys
+Verified: 'TRUE'
 Author: VirarK
 Created: '2024-06-20'
 MitreID: T1068
 Category: vulnerable driver
-Verified: 'TRUE'
 Commands:
-  Command: sc.exe create filnk.sys binPath=C:\windows\temp\filnk.sys type=kernel &&
-    sc.exe start filnk.sys
-  Description: "Twister Antivirus, fildds.sys, DoS2\n\n    CVE-2023-1444\n\n    From\
-    \ IoControlCode 0x8011206B, a normal user can cause DoS due to writing into\n\
-    \    null address."
-  Usecase: Elevate privileges
-  Privileges: kernel
-  OperatingSystem: Windows 10
+    Command: sc.exe create filnk.sys binPath=C:\windows\temp\filnk.sys type=kernel
+        && sc.exe start filnk.sys
+    Description: "Twister Antivirus, fildds.sys, DoS2\n\n    CVE-2023-1444\n\n   \
+        \ From IoControlCode 0x8011206B, a normal user can cause DoS due to writing\
+        \ into\n    null address."
+    Usecase: Elevate privileges
+    Privileges: kernel
+    OperatingSystem: Windows 10
 Resources:
 - https://github.com/zeze-zeze/WindowsKernelVuln/tree/master/CVE-2023-1444
-Acknowledgement:
-  Person: ''
-  Handle: ''
 Detection: []
+Acknowledgement:
+    Person: ''
+    Handle: ''
 KnownVulnerableSamples:
-- Filename: ''
-  MD5: 4b22e494ad2ac90c42f02dcca0328b7c
-  SHA1: 116decf4442c23766953d68f05a20c74924ca22e
-  SHA256: ae55a0e93e5ef3948adecf20fa55b0f555dcf40589917a5bfbaa732075f0cc12
-  Signature: ''
-  Date: ''
-  Publisher: ''
-  Company: Filseclab Corporation
-  Description: Filseclab Dynamic Defense System Drv
-  Product: Filseclab Dynamic Defense System
-  ProductVersion: 2, 0, 0, 19353
-  FileVersion: 2, 0, 0, 19353
-  MachineType: AMD64
-  OriginalFilename: filnk.sys
-  Imphash: cd5186f6f0e55f9acedd31a5a6ce3e1c
-  Authentihash:
-    MD5: 5ee751959a9768cc62bbb6f4b8f4ad7e
-    SHA1: 8453c3915cf9bd5ca9ac4339bd592dbac85b51a2
-    SHA256: 2fa50ee8ed9d5c91d3375950613132497c44f468193bce9fe8e51c918a9498b5
-  RichPEHeaderHash:
-    MD5: e77aba1d9f407b19c8c1870d67837939
-    SHA1: a66a7af6cabf549dac05ed67590763cc4daa556d
-    SHA256: 4e4e7a91ccd9719b23dd5a11ff2a6d973dbaed35c6184302467775d318975368
-  Sections:
-    .text:
-      Entropy: 5.708093687560138
-      Virtual Size: '0xb99d4'
-    .rdata:
-      Entropy: 5.9553962784520085
-      Virtual Size: '0xa674'
-    .data:
-      Entropy: 4.728250504498198
-      Virtual Size: '0x1d930'
-    .pdata:
-      Entropy: 5.768631281048143
-      Virtual Size: '0x4f44'
-    .edata:
-      Entropy: 3.862205596455793
-      Virtual Size: '0x1326'
-    INIT:
-      Entropy: 5.292737401001127
-      Virtual Size: '0x106e'
-    .rsrc:
-      Entropy: 3.353644257131943
-      Virtual Size: '0x4a0'
-    .reloc:
-      Entropy: 3.8195269266849787
-      Virtual Size: '0x1384'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2013-07-10 01:13:59'
-  InternalName: filnk
-  Copyright: Copyright (C) 2002-2013 Filseclab Corporation
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - wcschr
-  - MmUnmapLockedPages
-  - _stricmp
-  - _wcsicmp
-  - KeInsertHeadQueue
-  - sprintf
-  - strncat
-  - _strnicmp
-  - SeTokenIsAdmin
-  - ExAllocatePoolWithTag
-  - PsProcessType
-  - wcscat
-  - ObGetObjectSecurity
-  - ZwCreateKey
-  - IoDeleteSymbolicLink
-  - KeResetEvent
-  - IoRegisterShutdownNotification
-  - strncmp
-  - RtlAnsiStringToUnicodeString
-  - ZwFsControlFile
-  - MmMapLockedPages
-  - _snwprintf
-  - PsLookupProcessByProcessId
-  - ZwQuerySymbolicLinkObject
-  - _wcsnicmp
-  - strlen
-  - ZwReadFile
-  - RtlFreeHeap
-  - RtlDowncaseUnicodeString
-  - KeInitializeApc
-  - PsReferenceImpersonationToken
-  - ZwMapViewOfSection
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeSetEvent
-  - ExGetPreviousMode
-  - wcsncpy
-  - strcpy
-  - KeInsertQueueApc
-  - RtlAppendUnicodeToString
-  - KeInitializeEvent
-  - RtlInitAnsiString
-  - PsSetCreateThreadNotifyRoutine
-  - RtlUnicodeStringToAnsiString
-  - _snprintf
-  - ZwDeleteValueKey
-  - ZwSetValueKey
-  - KeInitializeDpc
-  - ZwQuerySystemInformation
-  - wcsncat
-  - KeReleaseSpinLock
-  - ZwOpenThread
-  - PsSetCreateProcessNotifyRoutine
-  - ZwOpenProcessToken
-  - RtlEqualUnicodeString
-  - ZwOpenSymbolicLinkObject
-  - IoFreeMdl
-  - SeTokenIsRestricted
-  - KeUnstackDetachProcess
-  - _wcslwr
-  - wcslen
-  - KeInitializeTimer
-  - ZwSetInformationFile
-  - KeReleaseMutex
-  - SeCreateClientSecurity
-  - KeDelayExecutionThread
-  - RtlFreeUnicodeString
-  - ObQueryNameString
-  - strncpy
-  - IoFileObjectType
-  - SeQuerySessionIdToken
-  - PsImpersonateClient
-  - ZwCreateFile
-  - wcsrchr
-  - PsCreateSystemThread
-  - IoGetDeviceObjectPointer
-  - SeImpersonateClient
-  - ExSystemTimeToLocalTime
-  - ZwQueryValueKey
-  - ZwUnmapViewOfSection
-  - ZwQueryDirectoryFile
-  - IoUnregisterShutdownNotification
-  - PsTerminateSystemThread
-  - ExFreePool
-  - IoGetCurrentProcess
-  - ZwFreeVirtualMemory
-  - ZwSetInformationProcess
-  - ExEventObjectType
-  - strcmp
-  - _vsnprintf
-  - KeInsertQueueDpc
-  - ZwClose
-  - RtlAppendUnicodeStringToString
-  - RtlLengthSecurityDescriptor
-  - RtlAllocateHeap
-  - ZwQueryVolumeInformationFile
-  - ObReferenceObjectByHandle
-  - KeWaitForSingleObject
-  - RtlTimeToTimeFields
-  - MmProbeAndLockPages
-  - KeSetTimer
-  - ZwDeleteFile
-  - PsGetVersion
-  - PsThreadType
-  - PsRevertToSelf
-  - RtlCharToInteger
-  - ZwOpenProcess
-  - RtlCompareMemory
-  - MmUnlockPages
-  - ZwQueryInformationProcess
-  - _wcsupr
-  - IoCreateSymbolicLink
-  - PsGetCurrentThreadId
-  - PsGetCurrentProcessId
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - RtlUnicodeStringToInteger
-  - ZwCreateSection
-  - ObReleaseObjectSecurity
-  - IoCreateDevice
-  - IoQueueWorkItem
-  - ZwOpenFile
-  - wcsncmp
-  - ZwTerminateProcess
-  - wcscmp
-  - KeCancelTimer
-  - ZwQueryInformationFile
-  - MmIsNonPagedSystemAddressValid
-  - ZwWriteFile
-  - ZwDeleteKey
-  - wcscpy
-  - ObOpenObjectByPointer
-  - DbgPrint
-  - KeStackAttachProcess
-  - PsLookupThreadByThreadId
-  - IoAllocateMdl
-  - strcat
-  - ZwQueryKey
-  - SeTokenType
-  - ZwAllocateVirtualMemory
-  - ZwOpenKey
-  - KeAcquireSpinLockRaiseToDpc
-  - KeBugCheckEx
-  - __C_specific_handler
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=CN, ST=Beijing, L=Beijing, O=Filseclab Corporation, OU=Digital ID
-        Class 3 , Microsoft Software Validation v2, CN=Filseclab Corporation
-      ValidFrom: '2013-01-24 00:00:00'
-      ValidTo: '2015-03-25 23:59:59'
-      Signature: 8ef68f4f79ab4918401fb7f1b56dfadc5fe0ebe33e6378262d56e1c1b594f06a2d722b9d9560637feff7fea27277744eeb39e1de4a02f1c341383804b621116568092ea38b3964ff8bfe40e3e54b96e33a2e402717abfd4a87acb2e291e89382467224ec13289015bb1ccf6cb6e5249cecb7773fd6d5fd490f334eefe3333f8a12fdb5cc2a6eda583ff2271eb8f1a51637ee8480cf9f7c1a77a4b3f6405014559d5c929a47a3b04835eaf54e63b7f9865acc75a7ad93148747b16e8600a4a70570f14631b898700b078553cf4235909bb1043017361ba0afa5a7e01e3d646ba50cb5c732f97a76f64a50d95c552cd05c3c55982f1bef1543995242a4830a1da3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0c042011198c46c2253eaa60d10f6c37
-      Version: 3
-      TBS:
-        MD5: b6c7960875e80711e84c32514037a56b
-        SHA1: 7100d9b9e36e3e33b70fb33ec728e1ac125d854c
-        SHA256: 2c39a3baaa1135c89c3201e1f57d9b68bd404c6c20f33ea21e6fec81039d0f9b
-        SHA384: dbf6dc6fa0fe8c9b743805be6153ba99a6e4241d0afa3e768bcc8ce4b3013dc43c310f43607d14b590432a7d66e68564
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 0c042011198c46c2253eaa60d10f6c37
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-Tags:
-- filnk.sys
+-   Filename: ''
+    MD5: 4b22e494ad2ac90c42f02dcca0328b7c
+    SHA1: 116decf4442c23766953d68f05a20c74924ca22e
+    SHA256: ae55a0e93e5ef3948adecf20fa55b0f555dcf40589917a5bfbaa732075f0cc12
+    Signature: ''
+    Date: ''
+    Publisher: ''
+    Company: Filseclab Corporation
+    Description: Filseclab Dynamic Defense System Drv
+    Product: Filseclab Dynamic Defense System
+    ProductVersion: 2, 0, 0, 19353
+    FileVersion: 2, 0, 0, 19353
+    MachineType: AMD64
+    OriginalFilename: filnk.sys
+    Imphash: cd5186f6f0e55f9acedd31a5a6ce3e1c
+    Authentihash:
+        MD5: 5ee751959a9768cc62bbb6f4b8f4ad7e
+        SHA1: 8453c3915cf9bd5ca9ac4339bd592dbac85b51a2
+        SHA256: 2fa50ee8ed9d5c91d3375950613132497c44f468193bce9fe8e51c918a9498b5
+    RichPEHeaderHash:
+        MD5: e77aba1d9f407b19c8c1870d67837939
+        SHA1: a66a7af6cabf549dac05ed67590763cc4daa556d
+        SHA256: 4e4e7a91ccd9719b23dd5a11ff2a6d973dbaed35c6184302467775d318975368
+    Sections:
+        .text:
+            Entropy: 5.708093687560138
+            Virtual Size: '0xb99d4'
+        .rdata:
+            Entropy: 5.9553962784520085
+            Virtual Size: '0xa674'
+        .data:
+            Entropy: 4.728250504498198
+            Virtual Size: '0x1d930'
+        .pdata:
+            Entropy: 5.768631281048143
+            Virtual Size: '0x4f44'
+        .edata:
+            Entropy: 3.862205596455793
+            Virtual Size: '0x1326'
+        INIT:
+            Entropy: 5.292737401001127
+            Virtual Size: '0x106e'
+        .rsrc:
+            Entropy: 3.353644257131943
+            Virtual Size: '0x4a0'
+        .reloc:
+            Entropy: 3.8195269266849787
+            Virtual Size: '0x1384'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2013-07-10 01:13:59'
+    InternalName: filnk
+    Copyright: Copyright (C) 2002-2013 Filseclab Corporation
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - wcschr
+    - MmUnmapLockedPages
+    - _stricmp
+    - _wcsicmp
+    - KeInsertHeadQueue
+    - sprintf
+    - strncat
+    - _strnicmp
+    - SeTokenIsAdmin
+    - ExAllocatePoolWithTag
+    - PsProcessType
+    - wcscat
+    - ObGetObjectSecurity
+    - ZwCreateKey
+    - IoDeleteSymbolicLink
+    - KeResetEvent
+    - IoRegisterShutdownNotification
+    - strncmp
+    - RtlAnsiStringToUnicodeString
+    - ZwFsControlFile
+    - MmMapLockedPages
+    - _snwprintf
+    - PsLookupProcessByProcessId
+    - ZwQuerySymbolicLinkObject
+    - _wcsnicmp
+    - strlen
+    - ZwReadFile
+    - RtlFreeHeap
+    - RtlDowncaseUnicodeString
+    - KeInitializeApc
+    - PsReferenceImpersonationToken
+    - ZwMapViewOfSection
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeSetEvent
+    - ExGetPreviousMode
+    - wcsncpy
+    - strcpy
+    - KeInsertQueueApc
+    - RtlAppendUnicodeToString
+    - KeInitializeEvent
+    - RtlInitAnsiString
+    - PsSetCreateThreadNotifyRoutine
+    - RtlUnicodeStringToAnsiString
+    - _snprintf
+    - ZwDeleteValueKey
+    - ZwSetValueKey
+    - KeInitializeDpc
+    - ZwQuerySystemInformation
+    - wcsncat
+    - KeReleaseSpinLock
+    - ZwOpenThread
+    - PsSetCreateProcessNotifyRoutine
+    - ZwOpenProcessToken
+    - RtlEqualUnicodeString
+    - ZwOpenSymbolicLinkObject
+    - IoFreeMdl
+    - SeTokenIsRestricted
+    - KeUnstackDetachProcess
+    - _wcslwr
+    - wcslen
+    - KeInitializeTimer
+    - ZwSetInformationFile
+    - KeReleaseMutex
+    - SeCreateClientSecurity
+    - KeDelayExecutionThread
+    - RtlFreeUnicodeString
+    - ObQueryNameString
+    - strncpy
+    - IoFileObjectType
+    - SeQuerySessionIdToken
+    - PsImpersonateClient
+    - ZwCreateFile
+    - wcsrchr
+    - PsCreateSystemThread
+    - IoGetDeviceObjectPointer
+    - SeImpersonateClient
+    - ExSystemTimeToLocalTime
+    - ZwQueryValueKey
+    - ZwUnmapViewOfSection
+    - ZwQueryDirectoryFile
+    - IoUnregisterShutdownNotification
+    - PsTerminateSystemThread
+    - ExFreePool
+    - IoGetCurrentProcess
+    - ZwFreeVirtualMemory
+    - ZwSetInformationProcess
+    - ExEventObjectType
+    - strcmp
+    - _vsnprintf
+    - KeInsertQueueDpc
+    - ZwClose
+    - RtlAppendUnicodeStringToString
+    - RtlLengthSecurityDescriptor
+    - RtlAllocateHeap
+    - ZwQueryVolumeInformationFile
+    - ObReferenceObjectByHandle
+    - KeWaitForSingleObject
+    - RtlTimeToTimeFields
+    - MmProbeAndLockPages
+    - KeSetTimer
+    - ZwDeleteFile
+    - PsGetVersion
+    - PsThreadType
+    - PsRevertToSelf
+    - RtlCharToInteger
+    - ZwOpenProcess
+    - RtlCompareMemory
+    - MmUnlockPages
+    - ZwQueryInformationProcess
+    - _wcsupr
+    - IoCreateSymbolicLink
+    - PsGetCurrentThreadId
+    - PsGetCurrentProcessId
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - RtlUnicodeStringToInteger
+    - ZwCreateSection
+    - ObReleaseObjectSecurity
+    - IoCreateDevice
+    - IoQueueWorkItem
+    - ZwOpenFile
+    - wcsncmp
+    - ZwTerminateProcess
+    - wcscmp
+    - KeCancelTimer
+    - ZwQueryInformationFile
+    - MmIsNonPagedSystemAddressValid
+    - ZwWriteFile
+    - ZwDeleteKey
+    - wcscpy
+    - ObOpenObjectByPointer
+    - DbgPrint
+    - KeStackAttachProcess
+    - PsLookupThreadByThreadId
+    - IoAllocateMdl
+    - strcat
+    - ZwQueryKey
+    - SeTokenType
+    - ZwAllocateVirtualMemory
+    - ZwOpenKey
+    - KeAcquireSpinLockRaiseToDpc
+    - KeBugCheckEx
+    - __C_specific_handler
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=CN, ST=Beijing, L=Beijing, O=Filseclab Corporation, OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, CN=Filseclab Corporation
+            ValidFrom: '2013-01-24 00:00:00'
+            ValidTo: '2015-03-25 23:59:59'
+            Signature: 8ef68f4f79ab4918401fb7f1b56dfadc5fe0ebe33e6378262d56e1c1b594f06a2d722b9d9560637feff7fea27277744eeb39e1de4a02f1c341383804b621116568092ea38b3964ff8bfe40e3e54b96e33a2e402717abfd4a87acb2e291e89382467224ec13289015bb1ccf6cb6e5249cecb7773fd6d5fd490f334eefe3333f8a12fdb5cc2a6eda583ff2271eb8f1a51637ee8480cf9f7c1a77a4b3f6405014559d5c929a47a3b04835eaf54e63b7f9865acc75a7ad93148747b16e8600a4a70570f14631b898700b078553cf4235909bb1043017361ba0afa5a7e01e3d646ba50cb5c732f97a76f64a50d95c552cd05c3c55982f1bef1543995242a4830a1da3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0c042011198c46c2253eaa60d10f6c37
+            Version: 3
+            TBS:
+                MD5: b6c7960875e80711e84c32514037a56b
+                SHA1: 7100d9b9e36e3e33b70fb33ec728e1ac125d854c
+                SHA256: 2c39a3baaa1135c89c3201e1f57d9b68bd404c6c20f33ea21e6fec81039d0f9b
+                SHA384: dbf6dc6fa0fe8c9b743805be6153ba99a6e4241d0afa3e768bcc8ce4b3013dc43c310f43607d14b590432a7d66e68564
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 0c042011198c46c2253eaa60d10f6c37
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
diff --git a/yaml/baa168cd-eba2-42e4-95e9-47cb4b2f9094.yaml b/yaml/baa168cd-eba2-42e4-95e9-47cb4b2f9094.yaml
index 32b4f6374..a3cb4c028 100644
--- a/yaml/baa168cd-eba2-42e4-95e9-47cb4b2f9094.yaml
+++ b/yaml/baa168cd-eba2-42e4-95e9-47cb4b2f9094.yaml
@@ -1,159 +1,159 @@
 Id: baa168cd-eba2-42e4-95e9-47cb4b2f9094
+Tags:
+- wnbios.sys
+Verified: 'TRUE'
 Author: goosvorbook
 Created: '2024-06-20'
 MitreID: T1068
 Category: vulnerable driver
-Verified: 'TRUE'
 Commands:
-  Command: sc.exe create wnbios.sys binPath=C:\windows\temp\wnbios.sys type=kernel
-    && sc.exe start wnbios.sys
-  Description: 'Utilized in RealBlindingEDR. '
-  Usecase: Elevate privileges
-  Privileges: kernel
-  OperatingSystem: Windows 11
+    Command: sc.exe create wnbios.sys binPath=C:\windows\temp\wnbios.sys type=kernel
+        && sc.exe start wnbios.sys
+    Description: 'Utilized in RealBlindingEDR. '
+    Usecase: Elevate privileges
+    Privileges: kernel
+    OperatingSystem: Windows 11
 Resources:
 - https://github.com/myzxcg/RealBlindingEDR/
-Acknowledgement:
-  Person: ''
-  Handle: ''
 Detection: []
+Acknowledgement:
+    Person: ''
+    Handle: ''
 KnownVulnerableSamples:
-- Filename: ''
-  MD5: a55bcd596643362ddb2ee558aa238baf
-  SHA1: aec96520e85330594d3165c86cb92eac34c1e095
-  SHA256: 530d9223ec7e4123532a403abef96dfd1af5291eb49497392ff5d14d18fccfbb
-  Signature: ''
-  Date: ''
-  Publisher: ''
-  Company: Windows (R) Win 7 DDK provider
-  Description: WnBios Driver
-  Product: Windows (R) Win 7 DDK driver
-  ProductVersion: 1.2.0.0
-  FileVersion: '1.2.0.0 built by: WinDDK'
-  MachineType: AMD64
-  OriginalFilename: wnbios.sys
-  Imphash: 72374a1c4c0e0db4efcb1386f470a2f3
-  Authentihash:
-    MD5: 760cdf1bc9ef54fd4673fb79e8bbc62b
-    SHA1: a7179d7cf5ee58276c3c42a16195a0b733f31b53
-    SHA256: f6a5ef968bd0e47e1ca9433f8e8d0b9bed0aa0a3baf982fdc27b1cc3b4b857b8
-  RichPEHeaderHash:
-    MD5: 4623b307991ab7283ca62a6da465587b
-    SHA1: 10545d5d7f846010e667812954664a5a891882e7
-    SHA256: 3dd173c4012ddb47bcb69b8569a8adb3723b4da08519cd8dc46c6341d7f0a0e2
-  Sections:
-    .text:
-      Entropy: 5.810121631777131
-      Virtual Size: '0xd0e'
-    .rdata:
-      Entropy: 3.97524004908524
-      Virtual Size: '0x184'
-    .data:
-      Entropy: 0.48412594890657823
-      Virtual Size: '0x138'
-    .pdata:
-      Entropy: 3.1437019023826336
-      Virtual Size: '0x54'
-    INIT:
-      Entropy: 5.145857968400233
-      Virtual Size: '0x32a'
-    .rsrc:
-      Entropy: 3.3128683395030833
-      Virtual Size: '0x3c0'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2015-05-27 23:23:10'
-  InternalName: wnbios.sys
-  Copyright: "\xA9 Microsoft Corporation. All rights reserved."
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - MmFreeContiguousMemory
-  - MmFreeNonCachedMemory
-  - MmGetPhysicalAddress
-  - ZwUnmapViewOfSection
-  - ZwClose
-  - IofCompleteRequest
-  - ZwMapViewOfSection
-  - IoCreateSymbolicLink
-  - ObfDereferenceObject
-  - MmAllocateNonCachedMemory
-  - IoCreateDevice
-  - ZwOpenSection
-  - MmAllocateContiguousMemory
-  - KeBugCheckEx
-  - ObReferenceObjectByHandle
-  - IoDeleteSymbolicLink
-  - HalTranslateBusAddress
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=DE, ST=Germany, L=Paderborn, O=Wincor Nixdorf International GmbH,
-        CN=Wincor Nixdorf International GmbH
-      ValidFrom: '2014-08-25 00:00:00'
-      ValidTo: '2015-09-24 23:59:59'
-      Signature: ef78c372297a012b0027834afb6171c7b05eda7c3fa8bacde1b992e59586b90ffab40bcd11299b7e9b9c00ad0943157e8688020d603576073aca5fe52109ecc4e4fbaca3a296c522bc897c53fd458f843ab1995ee949140a83975c38564907c5850ae418d20c1ebcbdd4879f8a3a5913400b29bba09adbecfe4fadd3d7b02851195bcc9f25b46cf53c0a8152d26eb5fb46ab76630fdf5b15e15c91ebb075d373a208ca2b3ec15d6fb19e5a7d01da12f325d95570bd12282dc947ed35c3e3327fbb6a43fc13cb6abc7851545c8072666a73bffae4591765ae434f88bf60820745333d6c0dada9a1ab4cfdbccbaba9210375d8610130833497f7f6983c0cedea33
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 45b449e437675e5c92edfe601a2ad8e9
-      Version: 3
-      TBS:
-        MD5: 2c10903e4155d55f3e849f74517fe62f
-        SHA1: 5e9d7a729aeb3f96cf04d5a92f63e4b690acf23c
-        SHA256: afae36a576c67da835e73b191e86e6ce74005a4291ce913c0f62664fb9b07786
-        SHA384: 717c04227cb78e729c2749d81ed4aef72f5335d963c9d25946d2a22fd099443e63926100fa510988944ac7743cb92f96
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 45b449e437675e5c92edfe601a2ad8e9
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-Tags:
-- wnbios.sys
+-   Filename: ''
+    MD5: a55bcd596643362ddb2ee558aa238baf
+    SHA1: aec96520e85330594d3165c86cb92eac34c1e095
+    SHA256: 530d9223ec7e4123532a403abef96dfd1af5291eb49497392ff5d14d18fccfbb
+    Signature: ''
+    Date: ''
+    Publisher: ''
+    Company: Windows (R) Win 7 DDK provider
+    Description: WnBios Driver
+    Product: Windows (R) Win 7 DDK driver
+    ProductVersion: 1.2.0.0
+    FileVersion: '1.2.0.0 built by: WinDDK'
+    MachineType: AMD64
+    OriginalFilename: wnbios.sys
+    Imphash: 72374a1c4c0e0db4efcb1386f470a2f3
+    Authentihash:
+        MD5: 760cdf1bc9ef54fd4673fb79e8bbc62b
+        SHA1: a7179d7cf5ee58276c3c42a16195a0b733f31b53
+        SHA256: f6a5ef968bd0e47e1ca9433f8e8d0b9bed0aa0a3baf982fdc27b1cc3b4b857b8
+    RichPEHeaderHash:
+        MD5: 4623b307991ab7283ca62a6da465587b
+        SHA1: 10545d5d7f846010e667812954664a5a891882e7
+        SHA256: 3dd173c4012ddb47bcb69b8569a8adb3723b4da08519cd8dc46c6341d7f0a0e2
+    Sections:
+        .text:
+            Entropy: 5.810121631777131
+            Virtual Size: '0xd0e'
+        .rdata:
+            Entropy: 3.97524004908524
+            Virtual Size: '0x184'
+        .data:
+            Entropy: 0.48412594890657823
+            Virtual Size: '0x138'
+        .pdata:
+            Entropy: 3.1437019023826336
+            Virtual Size: '0x54'
+        INIT:
+            Entropy: 5.145857968400233
+            Virtual Size: '0x32a'
+        .rsrc:
+            Entropy: 3.3128683395030833
+            Virtual Size: '0x3c0'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2015-05-27 23:23:10'
+    InternalName: wnbios.sys
+    Copyright: "\xA9 Microsoft Corporation. All rights reserved."
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - MmFreeContiguousMemory
+    - MmFreeNonCachedMemory
+    - MmGetPhysicalAddress
+    - ZwUnmapViewOfSection
+    - ZwClose
+    - IofCompleteRequest
+    - ZwMapViewOfSection
+    - IoCreateSymbolicLink
+    - ObfDereferenceObject
+    - MmAllocateNonCachedMemory
+    - IoCreateDevice
+    - ZwOpenSection
+    - MmAllocateContiguousMemory
+    - KeBugCheckEx
+    - ObReferenceObjectByHandle
+    - IoDeleteSymbolicLink
+    - HalTranslateBusAddress
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=DE, ST=Germany, L=Paderborn, O=Wincor Nixdorf International
+                GmbH, CN=Wincor Nixdorf International GmbH
+            ValidFrom: '2014-08-25 00:00:00'
+            ValidTo: '2015-09-24 23:59:59'
+            Signature: ef78c372297a012b0027834afb6171c7b05eda7c3fa8bacde1b992e59586b90ffab40bcd11299b7e9b9c00ad0943157e8688020d603576073aca5fe52109ecc4e4fbaca3a296c522bc897c53fd458f843ab1995ee949140a83975c38564907c5850ae418d20c1ebcbdd4879f8a3a5913400b29bba09adbecfe4fadd3d7b02851195bcc9f25b46cf53c0a8152d26eb5fb46ab76630fdf5b15e15c91ebb075d373a208ca2b3ec15d6fb19e5a7d01da12f325d95570bd12282dc947ed35c3e3327fbb6a43fc13cb6abc7851545c8072666a73bffae4591765ae434f88bf60820745333d6c0dada9a1ab4cfdbccbaba9210375d8610130833497f7f6983c0cedea33
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 45b449e437675e5c92edfe601a2ad8e9
+            Version: 3
+            TBS:
+                MD5: 2c10903e4155d55f3e849f74517fe62f
+                SHA1: 5e9d7a729aeb3f96cf04d5a92f63e4b690acf23c
+                SHA256: afae36a576c67da835e73b191e86e6ce74005a4291ce913c0f62664fb9b07786
+                SHA384: 717c04227cb78e729c2749d81ed4aef72f5335d963c9d25946d2a22fd099443e63926100fa510988944ac7743cb92f96
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 45b449e437675e5c92edfe601a2ad8e9
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
diff --git a/yaml/babe348d-f160-41ec-9db9-2413b989c1f0.yaml b/yaml/babe348d-f160-41ec-9db9-2413b989c1f0.yaml
index c2add4dcf..3266fa6aa 100644
--- a/yaml/babe348d-f160-41ec-9db9-2413b989c1f0.yaml
+++ b/yaml/babe348d-f160-41ec-9db9-2413b989c1f0.yaml
@@ -1,429 +1,429 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: babe348d-f160-41ec-9db9-2413b989c1f0
+Tags:
+- VBoxUSBMon.sys
+Verified: 'TRUE'
 Author: Michael Haag
+Created: '2023-07-22'
+MitreID: T1068
 CVE:
 - ''
 Category: vulnerable drivers
 Commands:
-  Command: ''
-  Description: Confirmed vulnerable driver from Microsoft Block List
-  OperatingSystem: Windows
-  Privileges: kernel
-  Usecase: Elevate privileges
-Created: '2023-07-22'
-Detection:
-- type: ''
-  value: ''
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: babe348d-f160-41ec-9db9-2413b989c1f0
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 5fa85212ca01dc87b3128cd9c026c367
-    SHA1: 500e742265185088d979e9585bbde97f28fc9f32
-    SHA256: 235ab6981b521a424026926ad7f5d19a188e17491933e76269ad9a17a79ccc24
-  Company: innotek GmbH
-  Copyright: innotek GmbH
-  CreationTimestamp: '2007-12-29 01:25:23'
-  Date: ''
-  Description: VirtualBox USB Monitor Driver
-  ExportedFunctions:
-  - AssertMsg1
-  FileVersion: '1.00'
-  Filename: ''
-  ImportedFunctions:
-  - ExFreePool
-  - ExAllocatePoolWithTag
-  - IoFreeIrp
-  - KeWaitForSingleObject
-  - IofCallDriver
-  - IoBuildSynchronousFsdRequest
-  - KeInitializeEvent
-  - RtlFreeUnicodeString
-  - ObfDereferenceObject
-  - InterlockedCompareExchange
-  - RtlCompareUnicodeString
-  - IoGetDeviceObjectPointer
-  - RtlAnsiStringToUnicodeString
-  - sprintf
-  - RtlInitAnsiString
-  - IoAcquireRemoveLockEx
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - IoInitializeRemoveLockEx
-  - InterlockedExchange
-  - InterlockedIncrement
-  - IoReleaseRemoveLockAndWaitEx
-  - InterlockedDecrement
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeInitializeSpinLock
-  - RtlCompareMemory
-  - IoBuildDeviceIoControlRequest
-  - DbgPrint
-  - strncpy
-  - IofCompleteRequest
-  - RtlInitUnicodeString
-  - IoReleaseRemoveLockEx
-  - KfReleaseSpinLock
-  - KfAcquireSpinLock
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: VBoxUSBMon.sys
-  MD5: 0f651c53a63cef2d96be95c1638fa5bc
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: VBoxUSBMon.sys
-  PDBPath: ''
-  Product: VirtualBox USB Monitor Driver
-  ProductVersion: '1.00'
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 167269df1f7b2041a023cb049bf78791
-    SHA1: f37a9b80701625c2f88266a3176c9d76f1f06d0f
-    SHA256: f0e0741a6eeb99b2c4c85997985186997aa5c45ee000f42b6caa6bbac813810b
-  SHA1: 98c9cbbdb106ae708d4c5f752fb88340e91d9b2c
-  SHA256: 3d055be2671e136c937f361cef905e295ddb6983526341f1d5f80a16b7655b40
-  Sections:
-    .text:
-      Entropy: 6.272243107381891
-      Virtual Size: '0x18e4'
-    .rdata:
-      Entropy: 6.37471406653506
-      Virtual Size: '0xa0a'
-    .data:
-      Entropy: 0.005265837971608454
-      Virtual Size: '0x2028'
-    .edata:
-      Entropy: 3.559252396078374
-      Virtual Size: '0x4c'
-    INIT:
-      Entropy: 5.049926835690096
-      Virtual Size: '0x3f4'
-    .rsrc:
-      Entropy: 3.2154519145538956
-      Virtual Size: '0x360'
-    .reloc:
-      Entropy: 6.378575185284812
-      Virtual Size: '0x288'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=DE, O=InnoTek Systemberatung GmbH, CN=InnoTek Systemberatung GmbH,
-        emailAddress=info@innotek.de
-      ValidFrom: '2007-01-09 12:35:15'
-      ValidTo: '2008-01-09 12:35:15'
-      Signature: afdad3534508399d12ede2f611e2d0eeb79cddeb8193638a13865632fad7e8c879fa7dc83a9731e81f85ceb8bf6ef42b257af4b265a03fa7b445ea06869fda28efe2e0642c277fcb46d1e3d14394a70872581cff992979238c319514f6665e7906c738d7152ce8ae0e5660392ed454ef57309d41a139f32e4ef4ecd1fe9c8560da48ab88522492523bf103ca8a47d3ac853fd6d3502788ef56a107baa0a7335e25dca7dc2aa6456240144ba583c206ec308ba5b04c1be2229126c4d817e723ca2b8eb36d692329e7372e0dc4d78d82ace182d44856e88163ef041e16b415ab851b2dba181948f3c92fbaad952e41e7922e7e5354687f63204e6c76455b01ab5c
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0100000000011006daed6b
-      Version: 3
-      TBS:
-        MD5: bfbe9f4dc7264d47b48dbc2ec48aa897
-        SHA1: 699c3e67f349f262426097a4c9320951f0d56e8f
-        SHA256: 785b2e779c33465eaba8a6326a40af1ff990d22a5493b55ce3c1f3aa04f3b3e2
-        SHA384: 3178625856310ac3802a36f337bf9af1e2b62fbc7881221390cbd8f2e1be0f8d82c165dba90745f99c09c0bad2eced79
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
-        Primary Object Publishing CA
-      ValidFrom: '1999-01-28 12:00:00'
-      ValidTo: '2014-01-27 11:00:00'
-      Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9611cd6
-      Version: 3
-      TBS:
-        MD5: 698f075151097d84c0b1f3e7bc3d6fca
-        SHA1: 041750993d7c9e063f02dfe74699598640911aab
-        SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
-        SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      ValidFrom: '2004-01-22 09:00:00'
-      ValidTo: '2014-01-27 10:00:00'
-      Signature: 11d45d8af43d0d9d7e4fa70071610b56b34caa70e1b2d1dec7886d1d897c2ba946e58b1f8e4cc26695911fe34d394ae31b70b7446edc068a4d6d25e89812dcbca0dd864eae8f81130540905a542529944acaf165b4ef0679dae7cb86f004c918dcee72b320015748dfe333e12ccd9c077f9447278d888d340ca67c5c20c17d07b3736b648c26d29bd7e87965a6a891a174862a050282c1847cf279cd3c2a2b0f99291eea8c8a1ab16aeaa266380e65e1add8c6c91f888d3976ee1782c4138d97ce6341e77af5b4b66c15c33813b3930b620688dde1447f10a950248b60dc05f75ba514b27b56720b96eabffc057090659e051ca4dd07af4b57dec639673bc574
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9612448
-      Version: 3
-      TBS:
-        MD5: 2fc76031fc24eec1ef3db2d246d21d6a
-        SHA1: 75c3a1f76b9dfa31ef6bf56325e7bd0bf6e4779d
-        SHA256: 9238292d441c56dc89684c253343c17de3ed9cecd7f83d1d8f793b5ebc91f7b9
-        SHA384: 9279c1377eb701fdd79ef85038ff151cd8902169ba55fca84b9850f003563f73a1daaf869544252a2e42f06f58d2275f
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 0100000000011006daed6b
-      Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      Version: 1
-  Imphash: d4e3a701b28792a37c553b9675e40b27
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: f21264caccb006076dbfc164b6fc40a1
-    SHA1: 6adbca11d73a2d58ca3064703bc500a61cdb2235
-    SHA256: 292ada92cd442f78bfafe4098105c5e3f2427589f32ee5999d90b61c422fa445
-  Company: Sun Microsystems, Inc.
-  Copyright: Sun Microsystems, Inc.
-  CreationTimestamp: '2008-04-30 14:07:15'
-  Date: ''
-  Description: VirtualBox USB Monitor Driver
-  ExportedFunctions:
-  - AssertMsg1
-  - RTMemAlloc
-  - RTMemAllocZ
-  - RTMemContAlloc
-  - RTMemContFree
-  - RTMemExecAlloc
-  - RTMemExecFree
-  - RTMemFree
-  - RTMemRealloc
-  - RTMemTmpAlloc
-  - RTMemTmpAllocZ
-  - RTMemTmpFree
-  - RTProcSelf
-  - RTR0ProcHandleSelf
-  - RTSpinlockAcquire
-  - RTSpinlockAcquireNoInts
-  - RTSpinlockCreate
-  - RTSpinlockDestroy
-  - RTSpinlockRelease
-  - RTSpinlockReleaseNoInts
-  FileVersion: '1.00'
-  Filename: ''
-  ImportedFunctions:
-  - ExFreePool
-  - ExAllocatePoolWithTag
-  - IoFreeIrp
-  - KeWaitForSingleObject
-  - IofCallDriver
-  - IoBuildSynchronousFsdRequest
-  - KeInitializeEvent
-  - RtlFreeUnicodeString
-  - ObfDereferenceObject
-  - InterlockedCompareExchange
-  - RtlCompareUnicodeString
-  - IoGetDeviceObjectPointer
-  - RtlAnsiStringToUnicodeString
-  - sprintf
-  - RtlInitAnsiString
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - IoAcquireRemoveLockEx
-  - IoInitializeRemoveLockEx
-  - InterlockedExchange
-  - InterlockedIncrement
-  - IoReleaseRemoveLockAndWaitEx
-  - InterlockedDecrement
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeInitializeSpinLock
-  - IoBuildDeviceIoControlRequest
-  - RtlFreeAnsiString
-  - strncpy
-  - RtlUnicodeStringToAnsiString
-  - DbgPrint
-  - strncmp
-  - memchr
-  - memmove
-  - IofCompleteRequest
-  - IoDeleteSymbolicLink
-  - IoReleaseRemoveLockEx
-  - PsGetCurrentProcessId
-  - IoGetCurrentProcess
-  - ExFreePoolWithTag
-  - MmFreeContiguousMemory
-  - MmGetPhysicalAddress
-  - MmAllocateContiguousMemory
-  - KfReleaseSpinLock
-  - KfAcquireSpinLock
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: VBoxUSBMon.sys
-  MD5: 7ed45f56d809eed09a805402a7b92a49
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: VBoxUSBMon.sys
-  PDBPath: ''
-  Product: VirtualBox USB Monitor Driver
-  ProductVersion: '1.00'
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: b7ab203c21a4f312127a8f44df0ae25f
-    SHA1: 75e536cb2a9c6e7f528d91ee91aa9618ebe79029
-    SHA256: 952e958302d539ef45232ffc23b8de844c367646113955c21855f23e721bd682
-  SHA1: 4dfb6be34833e5d7989ffdae8869333cf5abd1b1
-  SHA256: 8a2482e19040d591c7cec5dfc35865596ce0154350b5c4e1c9eecc86e7752145
-  Sections:
-    .text:
-      Entropy: 6.442228185104197
-      Virtual Size: '0x3728'
-    .rdata:
-      Entropy: 6.371211541673349
-      Virtual Size: '0xa06'
-    .data:
-      Entropy: 0.0033365192847536135
-      Virtual Size: '0x3550'
-    .edata:
-      Entropy: 4.9514046215747225
-      Virtual Size: '0x231'
-    INIT:
-      Entropy: 5.170843981498802
-      Virtual Size: '0x4ec'
-    .rsrc:
-      Entropy: 3.2227218015719323
-      Virtual Size: '0x388'
-    .reloc:
-      Entropy: 6.34134857058711
-      Virtual Size: '0x3ca'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=DE, O=innotek GmbH, CN=innotek GmbH, emailAddress=info@innotek.de
-      ValidFrom: '2007-12-27 14:37:17'
-      ValidTo: '2010-12-27 14:37:17'
-      Signature: 2a6d31919705290526ee3286d2825883af75a52ec1257276e9ab0eeff47a83adeab4bc2068eb7f76f84a356d466012e17b91d4f5c2913d28c73ee15018243e2ba7487f70d21f954eeeefb9854fc980d1ee61bf9a779e6e9a661938d7d9d6d101ddb49a9917264622f0ce4d63ac106b50769c38e9361a34f6cf5c5cae3ef50eb2a49d0f02c001af28d1f1fe250f2c99e5436b485a107eab17295180e5750eb31faee1ea0937a827bc140906a014b85409d8c48afbfcee20bf53f4e74661c1f555823c4bee18fde06e1e3e44fb8930e3ea84385e5006fd994fe8e69205a84ed7ed0f25c7b9f8fcb6f7d5b30188c27bf99050175afb1fc60f89ed2462ce999ca5dc
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 010000000001171c092665
-      Version: 3
-      TBS:
-        MD5: 5cfd8530475b20ed5a2bed70b37ee977
-        SHA1: 4761dbd41ba2b01f21b9306ca21e8add93a30f09
-        SHA256: 219041cc8d9e3248c69d9b116d440a0bbaa6aa500aa0c5de2d5af15908d83c7f
-        SHA384: 46dcdf272bf47e608519abe5183dae12858d1b3763b78d7f5212be2adc021325e7f7a2ff3e18cc9b5307f43a61b184c5
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
-        Primary Object Publishing CA
-      ValidFrom: '1999-01-28 12:00:00'
-      ValidTo: '2014-01-27 11:00:00'
-      Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9611cd6
-      Version: 3
-      TBS:
-        MD5: 698f075151097d84c0b1f3e7bc3d6fca
-        SHA1: 041750993d7c9e063f02dfe74699598640911aab
-        SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
-        SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      ValidFrom: '2004-01-22 09:00:00'
-      ValidTo: '2014-01-27 10:00:00'
-      Signature: 11d45d8af43d0d9d7e4fa70071610b56b34caa70e1b2d1dec7886d1d897c2ba946e58b1f8e4cc26695911fe34d394ae31b70b7446edc068a4d6d25e89812dcbca0dd864eae8f81130540905a542529944acaf165b4ef0679dae7cb86f004c918dcee72b320015748dfe333e12ccd9c077f9447278d888d340ca67c5c20c17d07b3736b648c26d29bd7e87965a6a891a174862a050282c1847cf279cd3c2a2b0f99291eea8c8a1ab16aeaa266380e65e1add8c6c91f888d3976ee1782c4138d97ce6341e77af5b4b66c15c33813b3930b620688dde1447f10a950248b60dc05f75ba514b27b56720b96eabffc057090659e051ca4dd07af4b57dec639673bc574
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9612448
-      Version: 3
-      TBS:
-        MD5: 2fc76031fc24eec1ef3db2d246d21d6a
-        SHA1: 75c3a1f76b9dfa31ef6bf56325e7bd0bf6e4779d
-        SHA256: 9238292d441c56dc89684c253343c17de3ed9cecd7f83d1d8f793b5ebc91f7b9
-        SHA384: 9279c1377eb701fdd79ef85038ff151cd8902169ba55fca84b9850f003563f73a1daaf869544252a2e42f06f58d2275f
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 010000000001171c092665
-      Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      Version: 1
-  Imphash: 89f4cf2f8ccc4562dacd065d5f3bfe55
-  LoadsDespiteHVCI: 'FALSE'
-MitreID: T1068
+    Command: ''
+    Description: Confirmed vulnerable driver from Microsoft Block List
+    OperatingSystem: Windows
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://gist.github.com/mgraeber-rc/1bde6a2a83237f17b463d051d32e802c
-Tags:
-- VBoxUSBMon.sys
-Verified: 'TRUE'
+Detection:
+-   type: ''
+    value: ''
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 5fa85212ca01dc87b3128cd9c026c367
+        SHA1: 500e742265185088d979e9585bbde97f28fc9f32
+        SHA256: 235ab6981b521a424026926ad7f5d19a188e17491933e76269ad9a17a79ccc24
+    Company: innotek GmbH
+    Copyright: innotek GmbH
+    CreationTimestamp: '2007-12-29 01:25:23'
+    Date: ''
+    Description: VirtualBox USB Monitor Driver
+    ExportedFunctions:
+    - AssertMsg1
+    FileVersion: '1.00'
+    Filename: ''
+    ImportedFunctions:
+    - ExFreePool
+    - ExAllocatePoolWithTag
+    - IoFreeIrp
+    - KeWaitForSingleObject
+    - IofCallDriver
+    - IoBuildSynchronousFsdRequest
+    - KeInitializeEvent
+    - RtlFreeUnicodeString
+    - ObfDereferenceObject
+    - InterlockedCompareExchange
+    - RtlCompareUnicodeString
+    - IoGetDeviceObjectPointer
+    - RtlAnsiStringToUnicodeString
+    - sprintf
+    - RtlInitAnsiString
+    - IoAcquireRemoveLockEx
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - IoInitializeRemoveLockEx
+    - InterlockedExchange
+    - InterlockedIncrement
+    - IoReleaseRemoveLockAndWaitEx
+    - InterlockedDecrement
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeInitializeSpinLock
+    - RtlCompareMemory
+    - IoBuildDeviceIoControlRequest
+    - DbgPrint
+    - strncpy
+    - IofCompleteRequest
+    - RtlInitUnicodeString
+    - IoReleaseRemoveLockEx
+    - KfReleaseSpinLock
+    - KfAcquireSpinLock
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: VBoxUSBMon.sys
+    MD5: 0f651c53a63cef2d96be95c1638fa5bc
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: VBoxUSBMon.sys
+    PDBPath: ''
+    Product: VirtualBox USB Monitor Driver
+    ProductVersion: '1.00'
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 167269df1f7b2041a023cb049bf78791
+        SHA1: f37a9b80701625c2f88266a3176c9d76f1f06d0f
+        SHA256: f0e0741a6eeb99b2c4c85997985186997aa5c45ee000f42b6caa6bbac813810b
+    SHA1: 98c9cbbdb106ae708d4c5f752fb88340e91d9b2c
+    SHA256: 3d055be2671e136c937f361cef905e295ddb6983526341f1d5f80a16b7655b40
+    Sections:
+        .text:
+            Entropy: 6.272243107381891
+            Virtual Size: '0x18e4'
+        .rdata:
+            Entropy: 6.37471406653506
+            Virtual Size: '0xa0a'
+        .data:
+            Entropy: 0.005265837971608454
+            Virtual Size: '0x2028'
+        .edata:
+            Entropy: 3.559252396078374
+            Virtual Size: '0x4c'
+        INIT:
+            Entropy: 5.049926835690096
+            Virtual Size: '0x3f4'
+        .rsrc:
+            Entropy: 3.2154519145538956
+            Virtual Size: '0x360'
+        .reloc:
+            Entropy: 6.378575185284812
+            Virtual Size: '0x288'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=DE, O=InnoTek Systemberatung GmbH, CN=InnoTek Systemberatung
+                GmbH, emailAddress=info@innotek.de
+            ValidFrom: '2007-01-09 12:35:15'
+            ValidTo: '2008-01-09 12:35:15'
+            Signature: afdad3534508399d12ede2f611e2d0eeb79cddeb8193638a13865632fad7e8c879fa7dc83a9731e81f85ceb8bf6ef42b257af4b265a03fa7b445ea06869fda28efe2e0642c277fcb46d1e3d14394a70872581cff992979238c319514f6665e7906c738d7152ce8ae0e5660392ed454ef57309d41a139f32e4ef4ecd1fe9c8560da48ab88522492523bf103ca8a47d3ac853fd6d3502788ef56a107baa0a7335e25dca7dc2aa6456240144ba583c206ec308ba5b04c1be2229126c4d817e723ca2b8eb36d692329e7372e0dc4d78d82ace182d44856e88163ef041e16b415ab851b2dba181948f3c92fbaad952e41e7922e7e5354687f63204e6c76455b01ab5c
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0100000000011006daed6b
+            Version: 3
+            TBS:
+                MD5: bfbe9f4dc7264d47b48dbc2ec48aa897
+                SHA1: 699c3e67f349f262426097a4c9320951f0d56e8f
+                SHA256: 785b2e779c33465eaba8a6326a40af1ff990d22a5493b55ce3c1f3aa04f3b3e2
+                SHA384: 3178625856310ac3802a36f337bf9af1e2b62fbc7881221390cbd8f2e1be0f8d82c165dba90745f99c09c0bad2eced79
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
+                Primary Object Publishing CA
+            ValidFrom: '1999-01-28 12:00:00'
+            ValidTo: '2014-01-27 11:00:00'
+            Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9611cd6
+            Version: 3
+            TBS:
+                MD5: 698f075151097d84c0b1f3e7bc3d6fca
+                SHA1: 041750993d7c9e063f02dfe74699598640911aab
+                SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
+                SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            ValidFrom: '2004-01-22 09:00:00'
+            ValidTo: '2014-01-27 10:00:00'
+            Signature: 11d45d8af43d0d9d7e4fa70071610b56b34caa70e1b2d1dec7886d1d897c2ba946e58b1f8e4cc26695911fe34d394ae31b70b7446edc068a4d6d25e89812dcbca0dd864eae8f81130540905a542529944acaf165b4ef0679dae7cb86f004c918dcee72b320015748dfe333e12ccd9c077f9447278d888d340ca67c5c20c17d07b3736b648c26d29bd7e87965a6a891a174862a050282c1847cf279cd3c2a2b0f99291eea8c8a1ab16aeaa266380e65e1add8c6c91f888d3976ee1782c4138d97ce6341e77af5b4b66c15c33813b3930b620688dde1447f10a950248b60dc05f75ba514b27b56720b96eabffc057090659e051ca4dd07af4b57dec639673bc574
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9612448
+            Version: 3
+            TBS:
+                MD5: 2fc76031fc24eec1ef3db2d246d21d6a
+                SHA1: 75c3a1f76b9dfa31ef6bf56325e7bd0bf6e4779d
+                SHA256: 9238292d441c56dc89684c253343c17de3ed9cecd7f83d1d8f793b5ebc91f7b9
+                SHA384: 9279c1377eb701fdd79ef85038ff151cd8902169ba55fca84b9850f003563f73a1daaf869544252a2e42f06f58d2275f
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 0100000000011006daed6b
+            Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            Version: 1
+    Imphash: d4e3a701b28792a37c553b9675e40b27
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: f21264caccb006076dbfc164b6fc40a1
+        SHA1: 6adbca11d73a2d58ca3064703bc500a61cdb2235
+        SHA256: 292ada92cd442f78bfafe4098105c5e3f2427589f32ee5999d90b61c422fa445
+    Company: Sun Microsystems, Inc.
+    Copyright: Sun Microsystems, Inc.
+    CreationTimestamp: '2008-04-30 14:07:15'
+    Date: ''
+    Description: VirtualBox USB Monitor Driver
+    ExportedFunctions:
+    - AssertMsg1
+    - RTMemAlloc
+    - RTMemAllocZ
+    - RTMemContAlloc
+    - RTMemContFree
+    - RTMemExecAlloc
+    - RTMemExecFree
+    - RTMemFree
+    - RTMemRealloc
+    - RTMemTmpAlloc
+    - RTMemTmpAllocZ
+    - RTMemTmpFree
+    - RTProcSelf
+    - RTR0ProcHandleSelf
+    - RTSpinlockAcquire
+    - RTSpinlockAcquireNoInts
+    - RTSpinlockCreate
+    - RTSpinlockDestroy
+    - RTSpinlockRelease
+    - RTSpinlockReleaseNoInts
+    FileVersion: '1.00'
+    Filename: ''
+    ImportedFunctions:
+    - ExFreePool
+    - ExAllocatePoolWithTag
+    - IoFreeIrp
+    - KeWaitForSingleObject
+    - IofCallDriver
+    - IoBuildSynchronousFsdRequest
+    - KeInitializeEvent
+    - RtlFreeUnicodeString
+    - ObfDereferenceObject
+    - InterlockedCompareExchange
+    - RtlCompareUnicodeString
+    - IoGetDeviceObjectPointer
+    - RtlAnsiStringToUnicodeString
+    - sprintf
+    - RtlInitAnsiString
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - IoAcquireRemoveLockEx
+    - IoInitializeRemoveLockEx
+    - InterlockedExchange
+    - InterlockedIncrement
+    - IoReleaseRemoveLockAndWaitEx
+    - InterlockedDecrement
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeInitializeSpinLock
+    - IoBuildDeviceIoControlRequest
+    - RtlFreeAnsiString
+    - strncpy
+    - RtlUnicodeStringToAnsiString
+    - DbgPrint
+    - strncmp
+    - memchr
+    - memmove
+    - IofCompleteRequest
+    - IoDeleteSymbolicLink
+    - IoReleaseRemoveLockEx
+    - PsGetCurrentProcessId
+    - IoGetCurrentProcess
+    - ExFreePoolWithTag
+    - MmFreeContiguousMemory
+    - MmGetPhysicalAddress
+    - MmAllocateContiguousMemory
+    - KfReleaseSpinLock
+    - KfAcquireSpinLock
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: VBoxUSBMon.sys
+    MD5: 7ed45f56d809eed09a805402a7b92a49
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: VBoxUSBMon.sys
+    PDBPath: ''
+    Product: VirtualBox USB Monitor Driver
+    ProductVersion: '1.00'
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: b7ab203c21a4f312127a8f44df0ae25f
+        SHA1: 75e536cb2a9c6e7f528d91ee91aa9618ebe79029
+        SHA256: 952e958302d539ef45232ffc23b8de844c367646113955c21855f23e721bd682
+    SHA1: 4dfb6be34833e5d7989ffdae8869333cf5abd1b1
+    SHA256: 8a2482e19040d591c7cec5dfc35865596ce0154350b5c4e1c9eecc86e7752145
+    Sections:
+        .text:
+            Entropy: 6.442228185104197
+            Virtual Size: '0x3728'
+        .rdata:
+            Entropy: 6.371211541673349
+            Virtual Size: '0xa06'
+        .data:
+            Entropy: 0.0033365192847536135
+            Virtual Size: '0x3550'
+        .edata:
+            Entropy: 4.9514046215747225
+            Virtual Size: '0x231'
+        INIT:
+            Entropy: 5.170843981498802
+            Virtual Size: '0x4ec'
+        .rsrc:
+            Entropy: 3.2227218015719323
+            Virtual Size: '0x388'
+        .reloc:
+            Entropy: 6.34134857058711
+            Virtual Size: '0x3ca'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=DE, O=innotek GmbH, CN=innotek GmbH, emailAddress=info@innotek.de
+            ValidFrom: '2007-12-27 14:37:17'
+            ValidTo: '2010-12-27 14:37:17'
+            Signature: 2a6d31919705290526ee3286d2825883af75a52ec1257276e9ab0eeff47a83adeab4bc2068eb7f76f84a356d466012e17b91d4f5c2913d28c73ee15018243e2ba7487f70d21f954eeeefb9854fc980d1ee61bf9a779e6e9a661938d7d9d6d101ddb49a9917264622f0ce4d63ac106b50769c38e9361a34f6cf5c5cae3ef50eb2a49d0f02c001af28d1f1fe250f2c99e5436b485a107eab17295180e5750eb31faee1ea0937a827bc140906a014b85409d8c48afbfcee20bf53f4e74661c1f555823c4bee18fde06e1e3e44fb8930e3ea84385e5006fd994fe8e69205a84ed7ed0f25c7b9f8fcb6f7d5b30188c27bf99050175afb1fc60f89ed2462ce999ca5dc
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 010000000001171c092665
+            Version: 3
+            TBS:
+                MD5: 5cfd8530475b20ed5a2bed70b37ee977
+                SHA1: 4761dbd41ba2b01f21b9306ca21e8add93a30f09
+                SHA256: 219041cc8d9e3248c69d9b116d440a0bbaa6aa500aa0c5de2d5af15908d83c7f
+                SHA384: 46dcdf272bf47e608519abe5183dae12858d1b3763b78d7f5212be2adc021325e7f7a2ff3e18cc9b5307f43a61b184c5
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
+                Primary Object Publishing CA
+            ValidFrom: '1999-01-28 12:00:00'
+            ValidTo: '2014-01-27 11:00:00'
+            Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9611cd6
+            Version: 3
+            TBS:
+                MD5: 698f075151097d84c0b1f3e7bc3d6fca
+                SHA1: 041750993d7c9e063f02dfe74699598640911aab
+                SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
+                SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            ValidFrom: '2004-01-22 09:00:00'
+            ValidTo: '2014-01-27 10:00:00'
+            Signature: 11d45d8af43d0d9d7e4fa70071610b56b34caa70e1b2d1dec7886d1d897c2ba946e58b1f8e4cc26695911fe34d394ae31b70b7446edc068a4d6d25e89812dcbca0dd864eae8f81130540905a542529944acaf165b4ef0679dae7cb86f004c918dcee72b320015748dfe333e12ccd9c077f9447278d888d340ca67c5c20c17d07b3736b648c26d29bd7e87965a6a891a174862a050282c1847cf279cd3c2a2b0f99291eea8c8a1ab16aeaa266380e65e1add8c6c91f888d3976ee1782c4138d97ce6341e77af5b4b66c15c33813b3930b620688dde1447f10a950248b60dc05f75ba514b27b56720b96eabffc057090659e051ca4dd07af4b57dec639673bc574
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9612448
+            Version: 3
+            TBS:
+                MD5: 2fc76031fc24eec1ef3db2d246d21d6a
+                SHA1: 75c3a1f76b9dfa31ef6bf56325e7bd0bf6e4779d
+                SHA256: 9238292d441c56dc89684c253343c17de3ed9cecd7f83d1d8f793b5ebc91f7b9
+                SHA384: 9279c1377eb701fdd79ef85038ff151cd8902169ba55fca84b9850f003563f73a1daaf869544252a2e42f06f58d2275f
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 010000000001171c092665
+            Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            Version: 1
+    Imphash: 89f4cf2f8ccc4562dacd065d5f3bfe55
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/bb808089-5857-4df2-8998-753a7106cb44.yaml b/yaml/bb808089-5857-4df2-8998-753a7106cb44.yaml
index e510197de..1e4c672aa 100644
--- a/yaml/bb808089-5857-4df2-8998-753a7106cb44.yaml
+++ b/yaml/bb808089-5857-4df2-8998-753a7106cb44.yaml
@@ -1,272 +1,272 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: bb808089-5857-4df2-8998-753a7106cb44
+Tags:
+- DBUtilDrv2.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create DBUtilDrv2.sys binPath=C:\windows\temp\DBUtilDrv2.sys type=kernel
-    && sc.exe start DBUtilDrv2.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/71fe5af0f1564dc187eea8d59c0fbc897712afa07d18316d2080330ba17cf009.yara
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: bb808089-5857-4df2-8998-753a7106cb44
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 3736439958e5533142648f0d278fe7df
-    SHA1: 6bc2ab0f03d7a58685a165b519e8fee6937526a6
-    SHA256: d7c683ef033ac2dc4dfa0dc61f39931f91c0e8fd19e613f664cb03e14112ef6e
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2019-11-19 11:14:20'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: DBUtilDrv2.sys
-  ImportedFunctions:
-  - MmGetSystemRoutineAddress
-  - MmFreeContiguousMemorySpecifyCache
-  - MmAllocateContiguousMemorySpecifyCache
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - MmGetPhysicalAddress
-  - RtlCopyUnicodeString
-  - KeSetPriorityThread
-  - KeInsertQueueDpc
-  - IoWMIRegistrationControl
-  - RtlInitUnicodeString
-  - imp_WppRecorderReplay
-  - WppAutoLogStop
-  - WppAutoLogStart
-  - WppAutoLogTrace
-  - WdfVersionUnbindClass
-  - WdfVersionBindClass
-  - WdfVersionUnbind
-  - WdfVersionBind
-  Imports:
-  - ntoskrnl.exe
-  - WppRecorder.sys
-  - WDFLDR.SYS
-  InternalName: ''
-  MD5: dacb62578b3ea191ea37486d15f4f83c
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 7f1debacbafd3f259d7a213425c71b5f
-    SHA1: 9f5421410b697087e15bde4d688b7f33370f386f
-    SHA256: cefbbb88c4a69bad4c4a1698a8713d367f533be903326056cfa6fdbf4303e736
-  SHA1: 90a76945fd2fa45fab2b7bcfdaf6563595f94891
-  SHA256: 2e6b339597a89e875f175023ed952aaac64e9d20d457bbc07acf1586e7fe2df8
-  Sections:
-    .text:
-      Entropy: 6.269072098215991
-      Virtual Size: '0x1cb9'
-    .rdata:
-      Entropy: 4.66637534411376
-      Virtual Size: '0x798'
-    .data:
-      Entropy: 0.8066631169807633
-      Virtual Size: '0x390'
-    .pdata:
-      Entropy: 4.010875946168034
-      Virtual Size: '0x1c8'
-    PAGE:
-      Entropy: 6.06807405800903
-      Virtual Size: '0x9fc'
-    INIT:
-      Entropy: 5.661977650254811
-      Virtual Size: '0x4d8'
-    .reloc:
-      Entropy: 3.1733593135475084
-      Virtual Size: '0x2c'
-  Signature:
-  - Microsoft Windows Hardware Compatibility Publisher
-  - Microsoft Windows Third Party Component CA 2012
-  - Microsoft Root Certificate Authority 2010
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Hardware Compatibility Publisher
-      ValidFrom: '2019-06-05 18:06:32'
-      ValidTo: '2020-06-03 18:06:32'
-      Signature: 11f64665e99ee9a3212a8317075cf2122256a6cd5452564366da4b3e890c7a94b167d27a0cb1e962de146f371429f531349fc359cccece5f32fa84cd25231f892e44c4676b5ff4008ce6b3f3d9a2690a956a2a6a9e982ba8ebd4256971437156136a25b2e5184e11550aecb83f5ec8ae5467e866d6bbf44b9e8642c8bd5e316a4a494f676aa15eefad41893dd0a7187c881fa235b45f1a0696a8ad2d5c1531eed442d7281290b84f976f9ca241027378c241157a326739b2e8305adbfcef5005f5ccec402c1ab03d6e28c36987ae0d07cd12e41a348098d846f57c3225dbfed0c1b809ad311770854d368d150ee7767676c39a3d148f05cf7c2dcea5f1f7c6f2
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 33000000857f83dc2a6ca979b8000000000085
-      Version: 3
-      TBS:
-        MD5: 85e8c40624a19ac2076dd91f49d8fb53
-        SHA1: 621756d2a4e10231e34677a3c0f2a8d1fb0fb7ca
-        SHA256: 442ba2fb3fc8ab1b1b3c71a45f6ea08ce00cea7eae124ef915d4c17622eb336a
-        SHA384: 19b80fb83482cdb42c94c2eabac29e4db7777988905aab348bd7ed62e325d2ea1f4c80df0d7275abcb2b67585cfc7c36
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2012
-      ValidFrom: '2012-04-18 23:48:38'
-      ValidTo: '2027-04-18 23:58:38'
-      Signature: 5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 610baac1000000000009
-      Version: 3
-      TBS:
-        MD5: a569061297e8e824767dbc3184a69bea
-        SHA1: adbb26a587a8f44b4fccaecb306f980d1c55a150
-        SHA256: cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46
-        SHA384: e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba
-    Signer:
-    - SerialNumber: 33000000857f83dc2a6ca979b8000000000085
-      Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2012
-      Version: 1
-  Imphash: f138fdbc6c7fbf73e135717c7d7eac27
-  LoadsDespiteHVCI: 'TRUE'
-- Authentihash:
-    MD5: 1e96108c0938d4c34d7072f04bc8b951
-    SHA1: d46ae9bcc746ca408fbb55fb0d61b638720a8f25
-    SHA256: 7bacb353363cc29f7f3815a9d01e85cd86202d92378d1ab1b11df1ab2f42f40a
-  Company: Dell
-  Copyright: "\xA9 2021 Dell Inc. All Rights Reserved. "
-  CreationTimestamp: '2021-05-06 17:20:18'
-  Date: ''
-  Description: DBUtil
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: DBUtilDrv2.sys
-  ImportedFunctions:
-  - MmMapIoSpace
-  - MmUnmapIoSpace
-  - MmAllocateContiguousMemorySpecifyCache
-  - KeSetPriorityThread
-  - MmGetPhysicalAddress
-  - KeBugCheckEx
-  - KeInsertQueueDpc
-  - RtlCopyUnicodeString
-  - IoWMIRegistrationControl
-  - MmGetSystemRoutineAddress
-  - MmFreeContiguousMemorySpecifyCache
-  - RtlInitUnicodeString
-  - WdfVersionBind
-  - WdfVersionUnbind
-  - WdfVersionUnbindClass
-  - WdfVersionBindClass
-  Imports:
-  - ntoskrnl.exe
-  - WDFLDR.SYS
-  InternalName: ''
-  MD5: d104621c93213942b7b43d65b5d8d33e
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: DBUtil
-  ProductVersion: 2.7.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 55da99917deafbd2428eba37ab352764
-    SHA1: 72420433a55e6c3b3dd02e90ad238c5f5f632344
-    SHA256: 7c8e32c30b6f8a981e4b54696e979a23cc9662b6440c2c8833494bc6d17cd9fe
-  SHA1: b03b1996a40bfea72e4584b82f6b845c503a9748
-  SHA256: 71fe5af0f1564dc187eea8d59c0fbc897712afa07d18316d2080330ba17cf009
-  Sections:
-    .text:
-      Entropy: 6.230478937617782
-      Virtual Size: '0x1039'
-    .rdata:
-      Entropy: 4.642223343654196
-      Virtual Size: '0x754'
-    .data:
-      Entropy: 0.808730421176234
-      Virtual Size: '0xfe0'
-    .pdata:
-      Entropy: 3.9589762468524823
-      Virtual Size: '0x1bc'
-    PAGE:
-      Entropy: 6.243717098384845
-      Virtual Size: '0x118c'
-    INIT:
-      Entropy: 5.874007861559603
-      Virtual Size: '0x47a'
-    .rsrc:
-      Entropy: 3.174963077143067
-      Virtual Size: '0x2c0'
-    .reloc:
-      Entropy: 3.2464393446710145
-      Virtual Size: '0x28'
-  Signature:
-  - Microsoft Windows Hardware Compatibility Publisher
-  - Microsoft Windows Third Party Component CA 2012
-  - Microsoft Root Certificate Authority 2010
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Hardware Compatibility Publisher
-      ValidFrom: '2020-12-15 22:15:33'
-      ValidTo: '2021-12-02 22:15:33'
-      Signature: 0d2d53cd15a8feddcb17e2df1bf7dc1aef21e98c6cd220f58b593824849c134a0f1add59ce42ef80ddf47860273013604d9568ec5894a797bd4e571432a9aaf10ab04dd1c038b26ab7c5ca3a9c88d009267fab56254525546a0a055fb37b9cd8029c7d501809fc8b11482c7a4347b3ad29f35427c9570e87117db52cc94864259274b9e2e758f918a3af1fdb9f9d40ffa3ae2e2ae012fb97a436258642a2a4223dc6690db88103a6e5220646bd8afb3d12eb894ac28b527396a1965408487f6ab878b3c474b8c960842861ae8e799a3d2a8d6f918f50f8e26bb1ed6ced47be36e447574e8568582964ff31cd288b9c7f8d7e6a46d6c3d92f5c101fe1522a720c
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 33000000b5213fca1e4aa03de40000000000b5
-      Version: 3
-      TBS:
-        MD5: a0dd89c33c4973bf6758331e200fb6de
-        SHA1: 65ff7fa429c0f08f8a8bf30509e8ca2919d9edb5
-        SHA256: 29a7b646af062aee3bf37d1ba190211365116db7d7aa4cb87ba268843262ae47
-        SHA384: a7ac729302762483ea304ff2660a2ce2f5fa67cbbfc3f6df32a8feafa3852812c9bb8f7050140079aad1dec8119ee88e
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2012
-      ValidFrom: '2012-04-18 23:48:38'
-      ValidTo: '2027-04-18 23:58:38'
-      Signature: 5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 610baac1000000000009
-      Version: 3
-      TBS:
-        MD5: a569061297e8e824767dbc3184a69bea
-        SHA1: adbb26a587a8f44b4fccaecb306f980d1c55a150
-        SHA256: cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46
-        SHA384: e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba
-    Signer:
-    - SerialNumber: 33000000b5213fca1e4aa03de40000000000b5
-      Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2012
-      Version: 1
-  Imphash: 506a31d768aec26b297c45b50026c820
-  LoadsDespiteHVCI: 'TRUE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create DBUtilDrv2.sys binPath=C:\windows\temp\DBUtilDrv2.sys type=kernel
+        && sc.exe start DBUtilDrv2.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://github.com/jbaines-r7/dellicious
 - https://www.rapid7.com/blog/post/2021/12/13/driver-based-attacks-past-and-present/
-Tags:
-- DBUtilDrv2.sys
-Verified: 'TRUE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/71fe5af0f1564dc187eea8d59c0fbc897712afa07d18316d2080330ba17cf009.yara
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 3736439958e5533142648f0d278fe7df
+        SHA1: 6bc2ab0f03d7a58685a165b519e8fee6937526a6
+        SHA256: d7c683ef033ac2dc4dfa0dc61f39931f91c0e8fd19e613f664cb03e14112ef6e
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2019-11-19 11:14:20'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: DBUtilDrv2.sys
+    ImportedFunctions:
+    - MmGetSystemRoutineAddress
+    - MmFreeContiguousMemorySpecifyCache
+    - MmAllocateContiguousMemorySpecifyCache
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - MmGetPhysicalAddress
+    - RtlCopyUnicodeString
+    - KeSetPriorityThread
+    - KeInsertQueueDpc
+    - IoWMIRegistrationControl
+    - RtlInitUnicodeString
+    - imp_WppRecorderReplay
+    - WppAutoLogStop
+    - WppAutoLogStart
+    - WppAutoLogTrace
+    - WdfVersionUnbindClass
+    - WdfVersionBindClass
+    - WdfVersionUnbind
+    - WdfVersionBind
+    Imports:
+    - ntoskrnl.exe
+    - WppRecorder.sys
+    - WDFLDR.SYS
+    InternalName: ''
+    MD5: dacb62578b3ea191ea37486d15f4f83c
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 7f1debacbafd3f259d7a213425c71b5f
+        SHA1: 9f5421410b697087e15bde4d688b7f33370f386f
+        SHA256: cefbbb88c4a69bad4c4a1698a8713d367f533be903326056cfa6fdbf4303e736
+    SHA1: 90a76945fd2fa45fab2b7bcfdaf6563595f94891
+    SHA256: 2e6b339597a89e875f175023ed952aaac64e9d20d457bbc07acf1586e7fe2df8
+    Sections:
+        .text:
+            Entropy: 6.269072098215991
+            Virtual Size: '0x1cb9'
+        .rdata:
+            Entropy: 4.66637534411376
+            Virtual Size: '0x798'
+        .data:
+            Entropy: 0.8066631169807633
+            Virtual Size: '0x390'
+        .pdata:
+            Entropy: 4.010875946168034
+            Virtual Size: '0x1c8'
+        PAGE:
+            Entropy: 6.06807405800903
+            Virtual Size: '0x9fc'
+        INIT:
+            Entropy: 5.661977650254811
+            Virtual Size: '0x4d8'
+        .reloc:
+            Entropy: 3.1733593135475084
+            Virtual Size: '0x2c'
+    Signature:
+    - Microsoft Windows Hardware Compatibility Publisher
+    - Microsoft Windows Third Party Component CA 2012
+    - Microsoft Root Certificate Authority 2010
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Hardware Compatibility Publisher
+            ValidFrom: '2019-06-05 18:06:32'
+            ValidTo: '2020-06-03 18:06:32'
+            Signature: 11f64665e99ee9a3212a8317075cf2122256a6cd5452564366da4b3e890c7a94b167d27a0cb1e962de146f371429f531349fc359cccece5f32fa84cd25231f892e44c4676b5ff4008ce6b3f3d9a2690a956a2a6a9e982ba8ebd4256971437156136a25b2e5184e11550aecb83f5ec8ae5467e866d6bbf44b9e8642c8bd5e316a4a494f676aa15eefad41893dd0a7187c881fa235b45f1a0696a8ad2d5c1531eed442d7281290b84f976f9ca241027378c241157a326739b2e8305adbfcef5005f5ccec402c1ab03d6e28c36987ae0d07cd12e41a348098d846f57c3225dbfed0c1b809ad311770854d368d150ee7767676c39a3d148f05cf7c2dcea5f1f7c6f2
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 33000000857f83dc2a6ca979b8000000000085
+            Version: 3
+            TBS:
+                MD5: 85e8c40624a19ac2076dd91f49d8fb53
+                SHA1: 621756d2a4e10231e34677a3c0f2a8d1fb0fb7ca
+                SHA256: 442ba2fb3fc8ab1b1b3c71a45f6ea08ce00cea7eae124ef915d4c17622eb336a
+                SHA384: 19b80fb83482cdb42c94c2eabac29e4db7777988905aab348bd7ed62e325d2ea1f4c80df0d7275abcb2b67585cfc7c36
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2012
+            ValidFrom: '2012-04-18 23:48:38'
+            ValidTo: '2027-04-18 23:58:38'
+            Signature: 5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 610baac1000000000009
+            Version: 3
+            TBS:
+                MD5: a569061297e8e824767dbc3184a69bea
+                SHA1: adbb26a587a8f44b4fccaecb306f980d1c55a150
+                SHA256: cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46
+                SHA384: e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba
+        Signer:
+        -   SerialNumber: 33000000857f83dc2a6ca979b8000000000085
+            Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2012
+            Version: 1
+    Imphash: f138fdbc6c7fbf73e135717c7d7eac27
+    LoadsDespiteHVCI: 'TRUE'
+-   Authentihash:
+        MD5: 1e96108c0938d4c34d7072f04bc8b951
+        SHA1: d46ae9bcc746ca408fbb55fb0d61b638720a8f25
+        SHA256: 7bacb353363cc29f7f3815a9d01e85cd86202d92378d1ab1b11df1ab2f42f40a
+    Company: Dell
+    Copyright: "\xA9 2021 Dell Inc. All Rights Reserved. "
+    CreationTimestamp: '2021-05-06 17:20:18'
+    Date: ''
+    Description: DBUtil
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: DBUtilDrv2.sys
+    ImportedFunctions:
+    - MmMapIoSpace
+    - MmUnmapIoSpace
+    - MmAllocateContiguousMemorySpecifyCache
+    - KeSetPriorityThread
+    - MmGetPhysicalAddress
+    - KeBugCheckEx
+    - KeInsertQueueDpc
+    - RtlCopyUnicodeString
+    - IoWMIRegistrationControl
+    - MmGetSystemRoutineAddress
+    - MmFreeContiguousMemorySpecifyCache
+    - RtlInitUnicodeString
+    - WdfVersionBind
+    - WdfVersionUnbind
+    - WdfVersionUnbindClass
+    - WdfVersionBindClass
+    Imports:
+    - ntoskrnl.exe
+    - WDFLDR.SYS
+    InternalName: ''
+    MD5: d104621c93213942b7b43d65b5d8d33e
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: DBUtil
+    ProductVersion: 2.7.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 55da99917deafbd2428eba37ab352764
+        SHA1: 72420433a55e6c3b3dd02e90ad238c5f5f632344
+        SHA256: 7c8e32c30b6f8a981e4b54696e979a23cc9662b6440c2c8833494bc6d17cd9fe
+    SHA1: b03b1996a40bfea72e4584b82f6b845c503a9748
+    SHA256: 71fe5af0f1564dc187eea8d59c0fbc897712afa07d18316d2080330ba17cf009
+    Sections:
+        .text:
+            Entropy: 6.230478937617782
+            Virtual Size: '0x1039'
+        .rdata:
+            Entropy: 4.642223343654196
+            Virtual Size: '0x754'
+        .data:
+            Entropy: 0.808730421176234
+            Virtual Size: '0xfe0'
+        .pdata:
+            Entropy: 3.9589762468524823
+            Virtual Size: '0x1bc'
+        PAGE:
+            Entropy: 6.243717098384845
+            Virtual Size: '0x118c'
+        INIT:
+            Entropy: 5.874007861559603
+            Virtual Size: '0x47a'
+        .rsrc:
+            Entropy: 3.174963077143067
+            Virtual Size: '0x2c0'
+        .reloc:
+            Entropy: 3.2464393446710145
+            Virtual Size: '0x28'
+    Signature:
+    - Microsoft Windows Hardware Compatibility Publisher
+    - Microsoft Windows Third Party Component CA 2012
+    - Microsoft Root Certificate Authority 2010
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Hardware Compatibility Publisher
+            ValidFrom: '2020-12-15 22:15:33'
+            ValidTo: '2021-12-02 22:15:33'
+            Signature: 0d2d53cd15a8feddcb17e2df1bf7dc1aef21e98c6cd220f58b593824849c134a0f1add59ce42ef80ddf47860273013604d9568ec5894a797bd4e571432a9aaf10ab04dd1c038b26ab7c5ca3a9c88d009267fab56254525546a0a055fb37b9cd8029c7d501809fc8b11482c7a4347b3ad29f35427c9570e87117db52cc94864259274b9e2e758f918a3af1fdb9f9d40ffa3ae2e2ae012fb97a436258642a2a4223dc6690db88103a6e5220646bd8afb3d12eb894ac28b527396a1965408487f6ab878b3c474b8c960842861ae8e799a3d2a8d6f918f50f8e26bb1ed6ced47be36e447574e8568582964ff31cd288b9c7f8d7e6a46d6c3d92f5c101fe1522a720c
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 33000000b5213fca1e4aa03de40000000000b5
+            Version: 3
+            TBS:
+                MD5: a0dd89c33c4973bf6758331e200fb6de
+                SHA1: 65ff7fa429c0f08f8a8bf30509e8ca2919d9edb5
+                SHA256: 29a7b646af062aee3bf37d1ba190211365116db7d7aa4cb87ba268843262ae47
+                SHA384: a7ac729302762483ea304ff2660a2ce2f5fa67cbbfc3f6df32a8feafa3852812c9bb8f7050140079aad1dec8119ee88e
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2012
+            ValidFrom: '2012-04-18 23:48:38'
+            ValidTo: '2027-04-18 23:58:38'
+            Signature: 5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 610baac1000000000009
+            Version: 3
+            TBS:
+                MD5: a569061297e8e824767dbc3184a69bea
+                SHA1: adbb26a587a8f44b4fccaecb306f980d1c55a150
+                SHA256: cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46
+                SHA384: e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba
+        Signer:
+        -   SerialNumber: 33000000b5213fca1e4aa03de40000000000b5
+            Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2012
+            Version: 1
+    Imphash: 506a31d768aec26b297c45b50026c820
+    LoadsDespiteHVCI: 'TRUE'
diff --git a/yaml/bc5e020a-ecff-43c8-b57b-ee17b5f65b21.yaml b/yaml/bc5e020a-ecff-43c8-b57b-ee17b5f65b21.yaml
index 68480e210..b0da35aed 100644
--- a/yaml/bc5e020a-ecff-43c8-b57b-ee17b5f65b21.yaml
+++ b/yaml/bc5e020a-ecff-43c8-b57b-ee17b5f65b21.yaml
@@ -1,896 +1,897 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: bc5e020a-ecff-43c8-b57b-ee17b5f65b21
+Tags:
+- sandra.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create sandra.sys binPath=C:\windows\temp\sandra.sys type=kernel
-    && sc.exe start sandra.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/1aaf4c1e3cb6774857e2eef27c17e68dc1ae577112e4769665f516c2e8c4e27b.yara
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: bc5e020a-ecff-43c8-b57b-ee17b5f65b21
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 6f72f204305c65af27c9f97fe4296b54
-    SHA1: b785192962dd159acd960c8f8f9f211747c83610
-    SHA256: b9661dd0dcf81d2ee8e5eb3b728c907b4eb861806971051ad772f7fe4d09eb6a
-  Company: SiSoftware
-  Copyright: "Copyright \xA9 SiSoftware Ltd 1995-2008. All rights reserved."
-  CreationTimestamp: '2008-03-10 12:30:10'
-  Date: ''
-  Description: Sandra Device Driver (Win64 x64)(Unicode)
-  ExportedFunctions: ''
-  FileVersion: '10.11.1.1 built by: WinDDK'
-  Filename: sandra.sys
-  ImportedFunctions:
-  - ZwSetValueKey
-  - NtQueryInformationProcess
-  - ZwClose
-  - MmMapIoSpace
-  - MmUnmapIoSpace
-  - IoQueryDeviceDescription
-  - ZwSetInformationThread
-  - RtlUnicodeStringToAnsiString
-  - IoAllocateMdl
-  - MmBuildMdlForNonPagedPool
-  - MmMapLockedPagesSpecifyCache
-  - MmUnmapLockedPages
-  - IoFreeMdl
-  - ZwCreateKey
-  - MmResetDriverPaging
-  - KeAcquireSpinLockRaiseToDpc
-  - KeReleaseSpinLock
-  - IofCompleteRequest
-  - MmPageEntireDriver
-  - IoUnregisterShutdownNotification
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - RtlQueryRegistryValues
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoRegisterShutdownNotification
-  - KeBugCheckEx
-  - RtlAppendUnicodeToString
-  - IoReportResourceUsage
-  - RtlInitUnicodeString
-  - __C_specific_handler
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  - HalTranslateBusAddress
-  - KeStallExecutionProcessor
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: SANDRA
-  MD5: 9a237fa07ce3ed06ea924a9bed4a6b99
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: SANDRA
-  Product: SiSoftware Sandra
-  ProductVersion: 10.11.1.1
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: a75be3527d956e54b71d4d394aceffb9
-    SHA1: e4fb9247c5e978a65b93b199486696a8bc2b9653
-    SHA256: dc2eec05cc1757c2944200b86425c679ef74a3d3ce2c78a7a52d5fa9461264a6
-  SHA1: 82ba5513c33e056c3f54152c8555abf555f3e745
-  SHA256: 1aaf4c1e3cb6774857e2eef27c17e68dc1ae577112e4769665f516c2e8c4e27b
-  Sections:
-    .text:
-      Entropy: 6.3545226200997975
-      Virtual Size: '0x1fde'
-    init:
-      Entropy: 5.524375405916978
-      Virtual Size: '0x41a'
-    .rdata:
-      Entropy: 4.090920874616539
-      Virtual Size: '0x2dc'
-    .data:
-      Entropy: 0.3888300330017545
-      Virtual Size: '0x17c'
-    .pdata:
-      Entropy: 3.821946507798045
-      Virtual Size: '0x120'
-    INIT:
-      Entropy: 5.007565545055857
-      Virtual Size: '0x50a'
-    .rsrc:
-      Entropy: 3.4105227461664467
-      Virtual Size: '0x728'
-  Signature:
-  - SiSoftware Ltd
-  - GeoTrust TrustCenter CodeSigning CA I
-  - GeoTrust
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, OU=GeoTrust TrustCenter CodeSigning CA, O=GeoTrust Inc, CN=GeoTrust
-        TrustCenter CodeSigning CA I
-      ValidFrom: '2006-02-01 21:44:28'
-      ValidTo: '2016-01-30 21:44:28'
-      Signature: 65c62c9e0fc5dec5639b6e8341e0d9137104dcd9813151f57eb9930d2ef80ae8c329c0e15e02c935bb2d936ff620702b7af688c0a60133696035618235da87d374289fa4b7c023012a763198473d2bd618173691b6203e8c00876f603252123d15d2a49c00def933f55e980a433ab6af40d8924b85b25701b2c9b09174f7b754
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 05ab96
-      Version: 3
-      TBS:
-        MD5: 861ac2a336eb5977ee1d342b79b3339a
-        SHA1: 172f39bca3dda7c6d5169c96b34a5fe7e96ff0bd
-        SHA256: 4e5f8008413b8bd1daacea968d79051fc84d2fcd76ded06c65fd8d2cf3b4e2e1
-        SHA384: 99b4b343c5b223a1446551c3dd26e2a0dcafe214460c5fcc4f9f12eaca42695ae9adb04fc19eec33f17d1659a0730e95
-    - Subject: C=GB, ST=London, L=London, O=SiSoftware Ltd, OU=Development, OU=GeoTrust
-        Code Signing, CN=SiSoftware Ltd
-      ValidFrom: '2006-08-25 14:34:37'
-      ValidTo: '2009-08-25 14:34:37'
-      Signature: 4c99f17e9f0b78f896f63b6e8169341c47002763232639c5a84b1ca9ce9af913f4fb60a7a35671b1eedbdd3a6f8e25f1976ec8ca8cd430e26df8872f17e846280193959d43d627fe7e1ec7090b0b5d556a343835712f2a89963601f1ada68ec83c674d1314800ccef6cb90950d53488917e8ad20a291bedbe8bdf439d2d7e511510ed93e25efc0c96d47dcebada3c4343a3572e8c54b73d5d9945278129d735147ca201016dd7ae28429501b4fcf0ec713e6a1399dcc6050e3f7ced3c3d470beed59c912a287014097a3cd1b30fed67c26e21a78b1e32f3dc2ddfb118a9208cd030d936f380cecd2c20046f6ce477d1a303a4ff6666b1294702a2d5d0cf3cbc7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 008da900010020ba965fe3dc471ba8
-      Version: 3
-      TBS:
-        MD5: 53874260ddccaab0a480923b0bdb9f87
-        SHA1: 918b8c4efb05da56f1d3d99f99a20eebaca51734
-        SHA256: ba08cbcbf581a6f105512e5ce808655aeb91406ae3565ab1cdee935f19d9c86e
-        SHA384: 2c9c1ef0dce7e30a34e8873394e6142d705ae6eb8c2aa7cafb4ff600f56df44213ad4437ea6771b0d79b79fa31eeda60
-    - Subject: C=US, O=GeoTrust Inc., OU=GeoTrust TrustCenter Timestamp, CN=GeoTrust
-        TrustCenter Authenticode Timestamp I
-      ValidFrom: '2006-02-13 15:40:22'
-      ValidTo: '2016-02-11 15:40:22'
-      Signature: bb64424e3d84a554ba24c4d75f1adbff39b1e0569823903b43d0d95dde4aacb2c13c40d61330b7ba52d48127399813f0c3754d556b0375bcc671348bf7e7e73916ed64ef034ef6a611ad21b3ecc0281f040d8c09aa32d72c99f16216d26e6f387e29504782ab56733ba9e75c53456699b30acfc19840d31d4228274c497f1ab1f9827a2ff19b3b784e48511a2af48c06c09610e337b18d9be9739267b2b45fae47daa2fd8f5b9dbbb85a080a12c025ecd637182df0661ec24020c0303cc7fe64d032590519f908d367c1d5ffa85948d7c1dda9f06fe09acc4e55a625fa3175f41d46ab5c9e35a86b9dfa1bb608e586a0ed95d9fe6ff59f4f26724567ba77449e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 02358f
-      Version: 3
-      TBS:
-        MD5: 75ffae38758191312831922d8786a94e
-        SHA1: d134a530fe0e79d599a54543644dd0f05020d64f
-        SHA256: ff5857d0dbbcfcef23ec8aadc7cb4db858d427de94bf380629223fe6429ece19
-        SHA384: c0fea314395e452e7cf6713c28ef5405859078ec210d9110f1f2455754eca38eb516b349731e0499ec74a06c09153924
-    - Subject: C=US, O=Equifax, OU=Equifax Secure Certificate Authority
-      ValidFrom: '2006-05-23 17:01:15'
-      ValidTo: '2016-05-23 17:11:15'
-      Signature: 87a40f6b55916248ff54811ccf5db6c5a514aa671df485f6860d38b31c8d22ce7c867946fb71e16114d0ed4e46a48bca64654094f92ad7870ca9b7bedcc40bbd09c106eb9530841b9d8de7bc70c6f86539c4e5c4e65c8fcda130baef065e555290edd8587f15142ecc21a593dab8508d805e6e22a70fde8093add71d24b02aa2f4f20b98750131cc69bc359b3d13662f21bde54ec3639cc8518d59f5b600937ef10c35b0f4180dbfa7bdb2aae16b9f3ce6bb41b5d904e7c8a63abf8a5bdcaa9a3cd2c8dfcb1774163d78470b4c108e406616a0f300ede034998af0f9460ff27fbf202c972616d59e81da94a6dc61c8f18e092d4e32d03df682267d91d7a6c67bc1311d210ed4a342c1b4dfc0446b4f2aeebb29d62787b0a450ae1a9ab5f996f4ccabe52b3df166e2d5e1c3f0c687b659536638026e6194df1563aa415052f9bb64dc95e05b6c2aacfed6e603c21ff65557fe7e813fcb5a0bc1029cac84e47cd3f4c25a17c312706009ec82e5eccdd0b2106d69868c8da60e0416c57164ebd95bb8b08cfc32427e60846f655b7244272b846181f461d50fd51dbc05a27a5f937f26d1c8b3afa0190723e43e225d32d14a0fcee7b72a5c7b6e1c57126864e8337e8c501340a487b0d3a69b1eacbd3d7812bc52af09e0bab0508e5c81f98383af1482f50a6d035721bb9ac32e66fb04215b0a120fc1c907d63cecabf9a52f90883a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610bdc8f00000000001a
-      Version: 3
-      TBS:
-        MD5: 6e11ed171e9a07e607b8ca65bf0e8858
-        SHA1: 6d329a72420f76868584957854cdc45172e9f902
-        SHA256: 75efb8656a18ba5dacc596757bfb0fa11f0d3d81fd5f8cf9bb8975ced87e7b1b
-        SHA384: c41060ed797c77588692c0b3e36e19cca2d48c354863437f3df76009e25c916e8d2c7e17b297fbc59da085e98d070093
-    Signer:
-    - SerialNumber: 008da900010020ba965fe3dc471ba8
-      Issuer: C=US, OU=GeoTrust TrustCenter CodeSigning CA, O=GeoTrust Inc, CN=GeoTrust
-        TrustCenter CodeSigning CA I
-      Version: 1
-  Imphash: 756adaea6a3f9f0cdaff73d1a49ca201
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 59b18c35a208c7b07e660311e368b31e
-    SHA1: 073626838c7211f06a4dcf6d618caa3256dcfe94
-    SHA256: 367035e87b8a361bdc51f55a2467b2606eb29feae3af892d8c17df1841c20b97
-  Company: SiSoftware
-  Copyright: "Copyright \xA9 SiSoftware Ltd 1995-Present. All rights reserved."
-  CreationTimestamp: '2009-08-07 16:44:51'
-  Date: ''
-  Description: Sandra Device Driver (x64)(Unicode)
-  ExportedFunctions: ''
-  FileVersion: '15.18.1.1 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - ZwSetValueKey
-  - NtQueryInformationProcess
-  - ZwClose
-  - MmMapIoSpace
-  - MmUnmapIoSpace
-  - IoQueryDeviceDescription
-  - ZwSetInformationThread
-  - RtlUnicodeStringToAnsiString
-  - IoAllocateMdl
-  - MmBuildMdlForNonPagedPool
-  - MmMapLockedPagesSpecifyCache
-  - MmUnmapLockedPages
-  - IoFreeMdl
-  - ZwCreateKey
-  - MmResetDriverPaging
-  - KeAcquireSpinLockRaiseToDpc
-  - KeReleaseSpinLock
-  - IofCompleteRequest
-  - MmPageEntireDriver
-  - IoUnregisterShutdownNotification
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - RtlQueryRegistryValues
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoRegisterShutdownNotification
-  - KeBugCheckEx
-  - RtlAppendUnicodeToString
-  - IoReportResourceUsage
-  - RtlInitUnicodeString
-  - __C_specific_handler
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  - HalTranslateBusAddress
-  - KeStallExecutionProcessor
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: SANDRA
-  MD5: 5efbbfcc6adac121c8e2fe76641ed329
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: SANDRA
-  PDBPath: ''
-  Product: SiSoftware Sandra
-  ProductVersion: 15.18.1.1
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: e69c03b2be2914d637b48a27820d8a94
-    SHA1: d5cb3b8f858b20d173998370d62acacc181c4811
-    SHA256: 01d5b00a838c1b167e8e6aa122e77f81c486f304f4f75ebd8200c16dad476ea9
-  SHA1: 2fe874274bac6842819c1e9fe9477e6d5240944d
-  SHA256: 0eab16c7f54b61620277977f8c332737081a46bc6bbde50742b6904bdd54f502
-  Sections:
-    .text:
-      Entropy: 6.349714340820283
-      Virtual Size: '0x234e'
-    .rdata:
-      Entropy: 4.37370787251034
-      Virtual Size: '0x30c'
-    .data:
-      Entropy: 0.3458408061738237
-      Virtual Size: '0x1b4'
-    .pdata:
-      Entropy: 3.8807864998077926
-      Virtual Size: '0x150'
-    INIT:
-      Entropy: 5.7741173762361155
-      Virtual Size: '0x962'
-    .rsrc:
-      Entropy: 3.404123391011788
-      Virtual Size: '0x720'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, OU=GeoTrust TrustCenter CodeSigning CA, O=GeoTrust Inc, CN=GeoTrust
-        TrustCenter CodeSigning CA I
-      ValidFrom: '2006-02-01 21:44:28'
-      ValidTo: '2016-01-30 21:44:28'
-      Signature: 65c62c9e0fc5dec5639b6e8341e0d9137104dcd9813151f57eb9930d2ef80ae8c329c0e15e02c935bb2d936ff620702b7af688c0a60133696035618235da87d374289fa4b7c023012a763198473d2bd618173691b6203e8c00876f603252123d15d2a49c00def933f55e980a433ab6af40d8924b85b25701b2c9b09174f7b754
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 05ab96
-      Version: 3
-      TBS:
-        MD5: 861ac2a336eb5977ee1d342b79b3339a
-        SHA1: 172f39bca3dda7c6d5169c96b34a5fe7e96ff0bd
-        SHA256: 4e5f8008413b8bd1daacea968d79051fc84d2fcd76ded06c65fd8d2cf3b4e2e1
-        SHA384: 99b4b343c5b223a1446551c3dd26e2a0dcafe214460c5fcc4f9f12eaca42695ae9adb04fc19eec33f17d1659a0730e95
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=GB, ST=London, L=London, O=SiSoftware Ltd, OU=Development, OU=GeoTrust
-        Code Signing, CN=SiSoftware Ltd
-      ValidFrom: '2006-08-25 14:34:37'
-      ValidTo: '2009-08-25 14:34:37'
-      Signature: 4c99f17e9f0b78f896f63b6e8169341c47002763232639c5a84b1ca9ce9af913f4fb60a7a35671b1eedbdd3a6f8e25f1976ec8ca8cd430e26df8872f17e846280193959d43d627fe7e1ec7090b0b5d556a343835712f2a89963601f1ada68ec83c674d1314800ccef6cb90950d53488917e8ad20a291bedbe8bdf439d2d7e511510ed93e25efc0c96d47dcebada3c4343a3572e8c54b73d5d9945278129d735147ca201016dd7ae28429501b4fcf0ec713e6a1399dcc6050e3f7ced3c3d470beed59c912a287014097a3cd1b30fed67c26e21a78b1e32f3dc2ddfb118a9208cd030d936f380cecd2c20046f6ce477d1a303a4ff6666b1294702a2d5d0cf3cbc7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 008da900010020ba965fe3dc471ba8
-      Version: 3
-      TBS:
-        MD5: 53874260ddccaab0a480923b0bdb9f87
-        SHA1: 918b8c4efb05da56f1d3d99f99a20eebaca51734
-        SHA256: ba08cbcbf581a6f105512e5ce808655aeb91406ae3565ab1cdee935f19d9c86e
-        SHA384: 2c9c1ef0dce7e30a34e8873394e6142d705ae6eb8c2aa7cafb4ff600f56df44213ad4437ea6771b0d79b79fa31eeda60
-    - Subject: C=US, O=Equifax, OU=Equifax Secure Certificate Authority
-      ValidFrom: '2006-05-23 17:01:15'
-      ValidTo: '2016-05-23 17:11:15'
-      Signature: 87a40f6b55916248ff54811ccf5db6c5a514aa671df485f6860d38b31c8d22ce7c867946fb71e16114d0ed4e46a48bca64654094f92ad7870ca9b7bedcc40bbd09c106eb9530841b9d8de7bc70c6f86539c4e5c4e65c8fcda130baef065e555290edd8587f15142ecc21a593dab8508d805e6e22a70fde8093add71d24b02aa2f4f20b98750131cc69bc359b3d13662f21bde54ec3639cc8518d59f5b600937ef10c35b0f4180dbfa7bdb2aae16b9f3ce6bb41b5d904e7c8a63abf8a5bdcaa9a3cd2c8dfcb1774163d78470b4c108e406616a0f300ede034998af0f9460ff27fbf202c972616d59e81da94a6dc61c8f18e092d4e32d03df682267d91d7a6c67bc1311d210ed4a342c1b4dfc0446b4f2aeebb29d62787b0a450ae1a9ab5f996f4ccabe52b3df166e2d5e1c3f0c687b659536638026e6194df1563aa415052f9bb64dc95e05b6c2aacfed6e603c21ff65557fe7e813fcb5a0bc1029cac84e47cd3f4c25a17c312706009ec82e5eccdd0b2106d69868c8da60e0416c57164ebd95bb8b08cfc32427e60846f655b7244272b846181f461d50fd51dbc05a27a5f937f26d1c8b3afa0190723e43e225d32d14a0fcee7b72a5c7b6e1c57126864e8337e8c501340a487b0d3a69b1eacbd3d7812bc52af09e0bab0508e5c81f98383af1482f50a6d035721bb9ac32e66fb04215b0a120fc1c907d63cecabf9a52f90883a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610bdc8f00000000001a
-      Version: 3
-      TBS:
-        MD5: 6e11ed171e9a07e607b8ca65bf0e8858
-        SHA1: 6d329a72420f76868584957854cdc45172e9f902
-        SHA256: 75efb8656a18ba5dacc596757bfb0fa11f0d3d81fd5f8cf9bb8975ced87e7b1b
-        SHA384: c41060ed797c77588692c0b3e36e19cca2d48c354863437f3df76009e25c916e8d2c7e17b297fbc59da085e98d070093
-    Signer:
-    - SerialNumber: 008da900010020ba965fe3dc471ba8
-      Issuer: C=US, OU=GeoTrust TrustCenter CodeSigning CA, O=GeoTrust Inc, CN=GeoTrust
-        TrustCenter CodeSigning CA I
-      Version: 1
-  Imphash: 756adaea6a3f9f0cdaff73d1a49ca201
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: bdea036b5792ac51cef9f16b6688fcf8
-    SHA1: fa5499c24395cd44fa8c7129bd433bc00697d0a2
-    SHA256: 75e539170a00e447842a85441be36dc9e1fa81a3f6386806f3d90e7b4cca1ac1
-  Company: SiSoftware
-  Copyright: "Copyright \xA9 SiSoftware Ltd 1995-Present. All rights reserved."
-  CreationTimestamp: '2009-08-07 16:45:08'
-  Date: ''
-  Description: Sandra Device Driver (IA64)(Unicode)
-  ExportedFunctions: ''
-  FileVersion: '15.18.1.1 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - KeLowerIrql
-  - IoQueryDeviceDescription
-  - ZwSetInformationThread
-  - IoAllocateMdl
-  - MmBuildMdlForNonPagedPool
-  - MmMapLockedPagesSpecifyCache
-  - MmUnmapLockedPages
-  - IoFreeMdl
-  - IoReportResourceUsage
-  - MmResetDriverPaging
-  - KeAcquireSpinLockRaiseToDpc
-  - KeReleaseSpinLock
-  - KeRaiseIrqlToDpcLevel
-  - MmPageEntireDriver
-  - IoUnregisterShutdownNotification
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - RtlQueryRegistryValues
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoRegisterShutdownNotification
-  - KeTickCount
-  - KeBugCheckEx
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - ZwClose
-  - NtQueryInformationProcess
-  - ZwSetValueKey
-  - ZwCreateKey
-  - RtlAppendUnicodeToString
-  - IofCompleteRequest
-  - RtlInitUnicodeString
-  - __C_specific_handler
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  - WRITE_PORT_ULONG
-  - WRITE_PORT_USHORT
-  - WRITE_PORT_UCHAR
-  - READ_PORT_ULONG
-  - READ_PORT_USHORT
-  - READ_PORT_UCHAR
-  - HalTranslateBusAddress
-  - KeStallExecutionProcessor
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: SANDRA
-  MD5: 0be4a11bc261f3cd8b4dbfebee88c209
-  MachineType: IA64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: SANDRA
-  PDBPath: ''
-  Product: SiSoftware Sandra
-  ProductVersion: 15.18.1.1
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 166449aeb768baba5f9b2bc9161d1ddc
-    SHA1: a24bb9b7f5d44f07a442ae0dc53cfc2812de93ec
-    SHA256: d10123c382130825a283ad67f0b1c547327d8fae4540ac013b47782db5f68090
-  SHA1: d32408c3b79b1f007331d2a3c78b1a7e96f37f79
-  SHA256: cbf74bed1a4d3d5819b7c50e9d91e5760db1562d8032122edac6f0970f427183
-  Sections:
-    .text:
-      Entropy: 5.4102105799916975
-      Virtual Size: '0x7110'
-    .rdata:
-      Entropy: 3.7550946692171805
-      Virtual Size: '0x568'
-    .pdata:
-      Entropy: 3.7461220043136456
-      Virtual Size: '0x174'
-    .sdata:
-      Entropy: 2.0721296606285398
-      Virtual Size: '0x240'
-    .data:
-      Entropy: 0.0
-      Virtual Size: '0x4'
-    INIT:
-      Entropy: 5.541911115595251
-      Virtual Size: '0x11f2'
-    .rsrc:
-      Entropy: 3.3976740349481513
-      Virtual Size: '0x728'
-    .reloc:
-      Entropy: 1.2722604546230136
-      Virtual Size: '0x2f4'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, OU=GeoTrust TrustCenter CodeSigning CA, O=GeoTrust Inc, CN=GeoTrust
-        TrustCenter CodeSigning CA I
-      ValidFrom: '2006-02-01 21:44:28'
-      ValidTo: '2016-01-30 21:44:28'
-      Signature: 65c62c9e0fc5dec5639b6e8341e0d9137104dcd9813151f57eb9930d2ef80ae8c329c0e15e02c935bb2d936ff620702b7af688c0a60133696035618235da87d374289fa4b7c023012a763198473d2bd618173691b6203e8c00876f603252123d15d2a49c00def933f55e980a433ab6af40d8924b85b25701b2c9b09174f7b754
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 05ab96
-      Version: 3
-      TBS:
-        MD5: 861ac2a336eb5977ee1d342b79b3339a
-        SHA1: 172f39bca3dda7c6d5169c96b34a5fe7e96ff0bd
-        SHA256: 4e5f8008413b8bd1daacea968d79051fc84d2fcd76ded06c65fd8d2cf3b4e2e1
-        SHA384: 99b4b343c5b223a1446551c3dd26e2a0dcafe214460c5fcc4f9f12eaca42695ae9adb04fc19eec33f17d1659a0730e95
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=GB, ST=London, L=London, O=SiSoftware Ltd, OU=Development, OU=GeoTrust
-        Code Signing, CN=SiSoftware Ltd
-      ValidFrom: '2006-08-25 14:34:37'
-      ValidTo: '2009-08-25 14:34:37'
-      Signature: 4c99f17e9f0b78f896f63b6e8169341c47002763232639c5a84b1ca9ce9af913f4fb60a7a35671b1eedbdd3a6f8e25f1976ec8ca8cd430e26df8872f17e846280193959d43d627fe7e1ec7090b0b5d556a343835712f2a89963601f1ada68ec83c674d1314800ccef6cb90950d53488917e8ad20a291bedbe8bdf439d2d7e511510ed93e25efc0c96d47dcebada3c4343a3572e8c54b73d5d9945278129d735147ca201016dd7ae28429501b4fcf0ec713e6a1399dcc6050e3f7ced3c3d470beed59c912a287014097a3cd1b30fed67c26e21a78b1e32f3dc2ddfb118a9208cd030d936f380cecd2c20046f6ce477d1a303a4ff6666b1294702a2d5d0cf3cbc7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 008da900010020ba965fe3dc471ba8
-      Version: 3
-      TBS:
-        MD5: 53874260ddccaab0a480923b0bdb9f87
-        SHA1: 918b8c4efb05da56f1d3d99f99a20eebaca51734
-        SHA256: ba08cbcbf581a6f105512e5ce808655aeb91406ae3565ab1cdee935f19d9c86e
-        SHA384: 2c9c1ef0dce7e30a34e8873394e6142d705ae6eb8c2aa7cafb4ff600f56df44213ad4437ea6771b0d79b79fa31eeda60
-    - Subject: C=US, O=Equifax, OU=Equifax Secure Certificate Authority
-      ValidFrom: '2006-05-23 17:01:15'
-      ValidTo: '2016-05-23 17:11:15'
-      Signature: 87a40f6b55916248ff54811ccf5db6c5a514aa671df485f6860d38b31c8d22ce7c867946fb71e16114d0ed4e46a48bca64654094f92ad7870ca9b7bedcc40bbd09c106eb9530841b9d8de7bc70c6f86539c4e5c4e65c8fcda130baef065e555290edd8587f15142ecc21a593dab8508d805e6e22a70fde8093add71d24b02aa2f4f20b98750131cc69bc359b3d13662f21bde54ec3639cc8518d59f5b600937ef10c35b0f4180dbfa7bdb2aae16b9f3ce6bb41b5d904e7c8a63abf8a5bdcaa9a3cd2c8dfcb1774163d78470b4c108e406616a0f300ede034998af0f9460ff27fbf202c972616d59e81da94a6dc61c8f18e092d4e32d03df682267d91d7a6c67bc1311d210ed4a342c1b4dfc0446b4f2aeebb29d62787b0a450ae1a9ab5f996f4ccabe52b3df166e2d5e1c3f0c687b659536638026e6194df1563aa415052f9bb64dc95e05b6c2aacfed6e603c21ff65557fe7e813fcb5a0bc1029cac84e47cd3f4c25a17c312706009ec82e5eccdd0b2106d69868c8da60e0416c57164ebd95bb8b08cfc32427e60846f655b7244272b846181f461d50fd51dbc05a27a5f937f26d1c8b3afa0190723e43e225d32d14a0fcee7b72a5c7b6e1c57126864e8337e8c501340a487b0d3a69b1eacbd3d7812bc52af09e0bab0508e5c81f98383af1482f50a6d035721bb9ac32e66fb04215b0a120fc1c907d63cecabf9a52f90883a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610bdc8f00000000001a
-      Version: 3
-      TBS:
-        MD5: 6e11ed171e9a07e607b8ca65bf0e8858
-        SHA1: 6d329a72420f76868584957854cdc45172e9f902
-        SHA256: 75efb8656a18ba5dacc596757bfb0fa11f0d3d81fd5f8cf9bb8975ced87e7b1b
-        SHA384: c41060ed797c77588692c0b3e36e19cca2d48c354863437f3df76009e25c916e8d2c7e17b297fbc59da085e98d070093
-    Signer:
-    - SerialNumber: 008da900010020ba965fe3dc471ba8
-      Issuer: C=US, OU=GeoTrust TrustCenter CodeSigning CA, O=GeoTrust Inc, CN=GeoTrust
-        TrustCenter CodeSigning CA I
-      Version: 1
-  Imphash: abbab73b191d90dc642cbbc1f31d750d
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: fa4d63404779505dc50914274f9140d5
-    SHA1: 0eb3f60cfbb78a7299a3fa0aae4f9ede2bb60e6a
-    SHA256: 752b31418053dc19c0573d16953d5ad24723bd57e5f62eff391e632548855b5f
-  Company: SiSoftware
-  Copyright: "Copyright \xA9 SiSoftware Ltd 1995-2005. All rights reserved."
-  CreationTimestamp: '2005-02-09 08:08:53'
-  Date: ''
-  Description: Sandra Device Driver (Win32 x86)(Unicode)
-  ExportedFunctions: ''
-  FileVersion: '10.2.1.1 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - MmBuildMdlForNonPagedPool
-  - IoAllocateMdl
-  - _except_handler3
-  - IoFreeMdl
-  - MmUnmapLockedPages
-  - READ_REGISTER_ULONG
-  - READ_REGISTER_USHORT
-  - READ_REGISTER_UCHAR
-  - WRITE_REGISTER_ULONG
-  - WRITE_REGISTER_USHORT
-  - WRITE_REGISTER_UCHAR
-  - IoReportResourceUsage
-  - MmMapLockedPagesSpecifyCache
-  - MmResetDriverPaging
-  - MmPageEntireDriver
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - IoUnregisterShutdownNotification
-  - RtlQueryRegistryValues
-  - KeInitializeSpinLock
-  - IoRegisterShutdownNotification
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeTickCount
-  - KeBugCheckEx
-  - RtlUnicodeStringToAnsiString
-  - ZwSetInformationThread
-  - IoQueryDeviceDescription
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - RtlAppendUnicodeToString
-  - ZwCreateKey
-  - ZwSetValueKey
-  - NtQueryInformationProcess
-  - wcslen
-  - ZwClose
-  - IofCompleteRequest
-  - RtlInitUnicodeString
-  - KfReleaseSpinLock
-  - HalGetInterruptVector
-  - KeStallExecutionProcessor
-  - KeRaiseIrqlToDpcLevel
-  - KfLowerIrql
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  - WRITE_PORT_UCHAR
-  - WRITE_PORT_USHORT
-  - WRITE_PORT_ULONG
-  - READ_PORT_UCHAR
-  - READ_PORT_USHORT
-  - READ_PORT_ULONG
-  - HalTranslateBusAddress
-  - KfAcquireSpinLock
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: SANDRA
-  MD5: d86269ba823c9ecf49a145540cd0b3df
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: SANDRA
-  PDBPath: ''
-  Product: SiSoftware Sandra
-  ProductVersion: 10.2.1.1
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: aafad5020ce92eef8fbc7ad80d519673
-    SHA1: ef9fb0357510ea69f66b012abb9fbe6cd0ad6de6
-    SHA256: 269ca1654821ad613e212d88ce927ba4515f3d4329a0c4b4d7ea6c31bc25fed4
-  SHA1: f9eb4c942a89b4ba39d2bdbfd23716937ccb9925
-  SHA256: 1284a1462a5270833ec7719f768cdb381e7d0a9c475041f9f3c74fa8eea83590
-  Sections:
-    .text:
-      Entropy: 6.251401594953046
-      Virtual Size: '0x18f8'
-    init:
-      Entropy: 5.557777832993581
-      Virtual Size: '0x301'
-    .rdata:
-      Entropy: 3.8034701112314675
-      Virtual Size: '0x1a4'
-    .data:
-      Entropy: 1.5567796494470396
-      Virtual Size: '0x14'
-    INIT:
-      Entropy: 5.487441120729154
-      Virtual Size: '0x606'
-    .rsrc:
-      Entropy: 3.4036907314164977
-      Virtual Size: '0x728'
-    .reloc:
-      Entropy: 4.671970480708587
-      Virtual Size: '0x1e2'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=ZA, O=Thawte Consulting (Pty) Ltd., CN=Thawte Code Signing CA
-      ValidFrom: '2003-08-06 00:00:00'
-      ValidTo: '2013-08-05 23:59:59'
-      Signature: 76b29cee139f1bf62d349294457334dc8e6b2e5cfc4c7d89ebc368f1d7990f2e1d17c8b5168bbecd8a0506f219493a035b05c9208e6d52e17681a0c3658a2267e41c53533746bfbcd72feb7b9ed014456c402108e25d757666301ef4df828a2fbdf3a20cbf1ddb9f14a29a72374db07748e84a3f09ce55192cefe60724e1afec
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0a
-      Version: 3
-      TBS:
-        MD5: 6c239df74ade9185bb735cea2298c028
-        SHA1: f6297a00d3b2b4ce4750402b66e7ea018d54f683
-        SHA256: c5e3eebf1434d85e615b06e3c7a4d3c31d10a4fb0ff7a9b262bd41b43a6aaefe
-        SHA384: 48520b9f122b94ccc316982c87d8ebf6ca4fc4e6fd4504c8fcee63b307b5502c403bf0676ef96ca9dc2004a11bbc825b
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: CN=SiSoftware LTD, O=SiSoftware LTD, OU=Secure Application Development,
-        C=UK, ST=London, L=London
-      ValidFrom: '2004-09-23 16:28:04'
-      ValidTo: '2005-09-23 16:28:04'
-      Signature: 2623e3d4f0ca2111695ee2c1493671d554de79106efd8d98928e0890eb65e7da15d2f4c8f739e5fd1ce3e2205327c540b29ad0a901b605a623b2de380e382e4b75b9b41c5b4deb75c974d02c1911fb58851e75b6fc20bb947fca991fc050dee03a914b69345c77aeba2fa02e1b22cd2b75ad2593d9f5caa24550a02db6a3506d
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.4
-      IsCertificateAuthority: false
-      SerialNumber: 3ea278
-      Version: 3
-      TBS:
-        MD5: d1fe7af23616fed8bc3caa7652a5a797
-        SHA1: 2761ec21ac2de20b9341ae80bfb2d7fecbbc82f8
-        SHA256: e1b99e1290c46d85fea0a77eff3976c23b4f50950eea0ad74e69375b6a8d46e1
-        SHA384: 8fc563c827ac41fbde84bebb16f27264dae9c37f874b629b75c62c1b3bf45c06342954994092067e21086e89aecb8bcf
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2008-12-03 23:59:59'
-      Signature: 877870da4e5201205be079c98230c4fdb91996bd9100c3bdcdcdc6f40ed8fff94dc033623011c5f5741bd492de5f9c2013b17c45be50cd83e7801783a72793671346fbcab8984103cc9b515b058b7fa86ff31b501b242ef2698d6c22f7bbca1695ed0c74c06877d9eb996287c17390f889747a23aba3987b97b1f78f29714d2e751b4841daf0b50d2054d677a097826369fd09cf8af075bb099bd9f91155269a6132be7a02b07b86bea2c38b222c78d13576bc92735cf9b9e64c150a23cce4d2d4342e4940153c0f607a24c6a566ef96cf70eb3ee7f40d7edcd17ca3767169c19c4f47303521b1a2af1a623c2bd98eaa2a077bd818b35c7be29da56ffe3c89ad
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0de92bf0d4d82988183205095e9a7688
-      Version: 3
-      TBS:
-        MD5: 45c204b8a20f6abb0188d2d38a3fb0c9
-        SHA1: cdf3a3c5c2eda4c29621f30fd3154f9f8c765739
-        SHA256: e32839dddc0f4ed2474efaf37f59d46db400c700fd19533cb0895a111124bc77
-        SHA384: ee9c75832cb252218b3201619852209df490d2ef7a5f7a28afdb37f1c1dd56f4604898838e558f615b1c798d4a488223
-    Signer:
-    - SerialNumber: 3ea278
-      Issuer: C=ZA, O=Thawte Consulting (Pty) Ltd., CN=Thawte Code Signing CA
-      Version: 1
-  Imphash: 296afaa5ea70bbd17135afcd04758148
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 28c35352251b73a8b6a2ba74b137fa63
-    SHA1: 70d749add1825fad7c1c5107bc7a349b8e3740e3
-    SHA256: 31867db933ed4407d22de8f0ef9b52958c40c63c2328e1863dfd3fe58d3b53c3
-  Company: SiSoftware
-  Copyright: "Copyright \xA9 SiSoftware Ltd 1995-Present. All rights reserved."
-  CreationTimestamp: '2009-08-07 16:44:41'
-  Date: ''
-  Description: Sandra Device Driver (x86)(Unicode)
-  ExportedFunctions: ''
-  FileVersion: '15.18.1.1 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - READ_REGISTER_USHORT
-  - READ_REGISTER_ULONG
-  - IoQueryDeviceDescription
-  - ZwSetInformationThread
-  - RtlUnicodeStringToAnsiString
-  - MmMapLockedPagesSpecifyCache
-  - MmBuildMdlForNonPagedPool
-  - IoAllocateMdl
-  - IoFreeMdl
-  - MmUnmapLockedPages
-  - IoReportResourceUsage
-  - READ_REGISTER_UCHAR
-  - MmResetDriverPaging
-  - MmPageEntireDriver
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - IoUnregisterShutdownNotification
-  - RtlQueryRegistryValues
-  - IoRegisterShutdownNotification
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeTickCount
-  - KeBugCheckEx
-  - RtlUnwind
-  - WRITE_REGISTER_ULONG
-  - WRITE_REGISTER_USHORT
-  - WRITE_REGISTER_UCHAR
-  - memset
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - RtlAppendUnicodeToString
-  - ZwCreateKey
-  - ZwSetValueKey
-  - NtQueryInformationProcess
-  - ZwClose
-  - IofCompleteRequest
-  - RtlInitUnicodeString
-  - KfReleaseSpinLock
-  - HalGetInterruptVector
-  - KeStallExecutionProcessor
-  - KeRaiseIrqlToDpcLevel
-  - KfLowerIrql
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  - WRITE_PORT_ULONG
-  - WRITE_PORT_USHORT
-  - WRITE_PORT_UCHAR
-  - READ_PORT_ULONG
-  - READ_PORT_USHORT
-  - READ_PORT_UCHAR
-  - HalTranslateBusAddress
-  - KfAcquireSpinLock
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: SANDRA
-  MD5: 230fd3749904ca045ea5ec0aa14006e9
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: SANDRA
-  PDBPath: ''
-  Product: SiSoftware Sandra
-  ProductVersion: 15.18.1.1
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 4c53c50a8157a8d839fa0df04c90708d
-    SHA1: d337063e1ee6ef11a08ec56bd09b3bb03bc8937e
-    SHA256: 2eb834bbe1604d51b7a9032cdd62bab0b366dbf0f2601f9a3cd35cbf0e541e1e
-  SHA1: 22c08d67bf687bf7ddd57056e274cbbbdb647561
-  SHA256: d7c79238f862b471740aff4cc3982658d1339795e9ec884a8921efe2e547d7c3
-  Sections:
-    .text:
-      Entropy: 6.378172236096485
-      Virtual Size: '0x22ac'
-    .rdata:
-      Entropy: 3.9562346649102187
-      Virtual Size: '0x1c4'
-    .data:
-      Entropy: 0.560652868272508
-      Virtual Size: '0xbc'
-    INIT:
-      Entropy: 5.911577120409106
-      Virtual Size: '0x8d2'
-    .rsrc:
-      Entropy: 3.39983496546404
-      Virtual Size: '0x720'
-    .reloc:
-      Entropy: 5.146168090961645
-      Virtual Size: '0x248'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, OU=GeoTrust TrustCenter CodeSigning CA, O=GeoTrust Inc, CN=GeoTrust
-        TrustCenter CodeSigning CA I
-      ValidFrom: '2006-02-01 21:44:28'
-      ValidTo: '2016-01-30 21:44:28'
-      Signature: 65c62c9e0fc5dec5639b6e8341e0d9137104dcd9813151f57eb9930d2ef80ae8c329c0e15e02c935bb2d936ff620702b7af688c0a60133696035618235da87d374289fa4b7c023012a763198473d2bd618173691b6203e8c00876f603252123d15d2a49c00def933f55e980a433ab6af40d8924b85b25701b2c9b09174f7b754
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 05ab96
-      Version: 3
-      TBS:
-        MD5: 861ac2a336eb5977ee1d342b79b3339a
-        SHA1: 172f39bca3dda7c6d5169c96b34a5fe7e96ff0bd
-        SHA256: 4e5f8008413b8bd1daacea968d79051fc84d2fcd76ded06c65fd8d2cf3b4e2e1
-        SHA384: 99b4b343c5b223a1446551c3dd26e2a0dcafe214460c5fcc4f9f12eaca42695ae9adb04fc19eec33f17d1659a0730e95
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=GB, ST=London, L=London, O=SiSoftware Ltd, OU=Development, OU=GeoTrust
-        Code Signing, CN=SiSoftware Ltd
-      ValidFrom: '2006-08-25 14:34:37'
-      ValidTo: '2009-08-25 14:34:37'
-      Signature: 4c99f17e9f0b78f896f63b6e8169341c47002763232639c5a84b1ca9ce9af913f4fb60a7a35671b1eedbdd3a6f8e25f1976ec8ca8cd430e26df8872f17e846280193959d43d627fe7e1ec7090b0b5d556a343835712f2a89963601f1ada68ec83c674d1314800ccef6cb90950d53488917e8ad20a291bedbe8bdf439d2d7e511510ed93e25efc0c96d47dcebada3c4343a3572e8c54b73d5d9945278129d735147ca201016dd7ae28429501b4fcf0ec713e6a1399dcc6050e3f7ced3c3d470beed59c912a287014097a3cd1b30fed67c26e21a78b1e32f3dc2ddfb118a9208cd030d936f380cecd2c20046f6ce477d1a303a4ff6666b1294702a2d5d0cf3cbc7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 008da900010020ba965fe3dc471ba8
-      Version: 3
-      TBS:
-        MD5: 53874260ddccaab0a480923b0bdb9f87
-        SHA1: 918b8c4efb05da56f1d3d99f99a20eebaca51734
-        SHA256: ba08cbcbf581a6f105512e5ce808655aeb91406ae3565ab1cdee935f19d9c86e
-        SHA384: 2c9c1ef0dce7e30a34e8873394e6142d705ae6eb8c2aa7cafb4ff600f56df44213ad4437ea6771b0d79b79fa31eeda60
-    - Subject: C=US, O=Equifax, OU=Equifax Secure Certificate Authority
-      ValidFrom: '2006-05-23 17:01:15'
-      ValidTo: '2016-05-23 17:11:15'
-      Signature: 87a40f6b55916248ff54811ccf5db6c5a514aa671df485f6860d38b31c8d22ce7c867946fb71e16114d0ed4e46a48bca64654094f92ad7870ca9b7bedcc40bbd09c106eb9530841b9d8de7bc70c6f86539c4e5c4e65c8fcda130baef065e555290edd8587f15142ecc21a593dab8508d805e6e22a70fde8093add71d24b02aa2f4f20b98750131cc69bc359b3d13662f21bde54ec3639cc8518d59f5b600937ef10c35b0f4180dbfa7bdb2aae16b9f3ce6bb41b5d904e7c8a63abf8a5bdcaa9a3cd2c8dfcb1774163d78470b4c108e406616a0f300ede034998af0f9460ff27fbf202c972616d59e81da94a6dc61c8f18e092d4e32d03df682267d91d7a6c67bc1311d210ed4a342c1b4dfc0446b4f2aeebb29d62787b0a450ae1a9ab5f996f4ccabe52b3df166e2d5e1c3f0c687b659536638026e6194df1563aa415052f9bb64dc95e05b6c2aacfed6e603c21ff65557fe7e813fcb5a0bc1029cac84e47cd3f4c25a17c312706009ec82e5eccdd0b2106d69868c8da60e0416c57164ebd95bb8b08cfc32427e60846f655b7244272b846181f461d50fd51dbc05a27a5f937f26d1c8b3afa0190723e43e225d32d14a0fcee7b72a5c7b6e1c57126864e8337e8c501340a487b0d3a69b1eacbd3d7812bc52af09e0bab0508e5c81f98383af1482f50a6d035721bb9ac32e66fb04215b0a120fc1c907d63cecabf9a52f90883a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610bdc8f00000000001a
-      Version: 3
-      TBS:
-        MD5: 6e11ed171e9a07e607b8ca65bf0e8858
-        SHA1: 6d329a72420f76868584957854cdc45172e9f902
-        SHA256: 75efb8656a18ba5dacc596757bfb0fa11f0d3d81fd5f8cf9bb8975ced87e7b1b
-        SHA384: c41060ed797c77588692c0b3e36e19cca2d48c354863437f3df76009e25c916e8d2c7e17b297fbc59da085e98d070093
-    Signer:
-    - SerialNumber: 008da900010020ba965fe3dc471ba8
-      Issuer: C=US, OU=GeoTrust TrustCenter CodeSigning CA, O=GeoTrust Inc, CN=GeoTrust
-        TrustCenter CodeSigning CA I
-      Version: 1
-  Imphash: 8e96d1a56746c6f6f30f1a0963ce2f26
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create sandra.sys binPath=C:\windows\temp\sandra.sys type=kernel
+        && sc.exe start sandra.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://github.com/jbaines-r7/dellicious
 - https://www.rapid7.com/blog/post/2021/12/13/driver-based-attacks-past-and-present/
-Tags:
-- sandra.sys
-Verified: 'TRUE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/1aaf4c1e3cb6774857e2eef27c17e68dc1ae577112e4769665f516c2e8c4e27b.yara
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 6f72f204305c65af27c9f97fe4296b54
+        SHA1: b785192962dd159acd960c8f8f9f211747c83610
+        SHA256: b9661dd0dcf81d2ee8e5eb3b728c907b4eb861806971051ad772f7fe4d09eb6a
+    Company: SiSoftware
+    Copyright: "Copyright \xA9 SiSoftware Ltd 1995-2008. All rights reserved."
+    CreationTimestamp: '2008-03-10 12:30:10'
+    Date: ''
+    Description: Sandra Device Driver (Win64 x64)(Unicode)
+    ExportedFunctions: ''
+    FileVersion: '10.11.1.1 built by: WinDDK'
+    Filename: sandra.sys
+    ImportedFunctions:
+    - ZwSetValueKey
+    - NtQueryInformationProcess
+    - ZwClose
+    - MmMapIoSpace
+    - MmUnmapIoSpace
+    - IoQueryDeviceDescription
+    - ZwSetInformationThread
+    - RtlUnicodeStringToAnsiString
+    - IoAllocateMdl
+    - MmBuildMdlForNonPagedPool
+    - MmMapLockedPagesSpecifyCache
+    - MmUnmapLockedPages
+    - IoFreeMdl
+    - ZwCreateKey
+    - MmResetDriverPaging
+    - KeAcquireSpinLockRaiseToDpc
+    - KeReleaseSpinLock
+    - IofCompleteRequest
+    - MmPageEntireDriver
+    - IoUnregisterShutdownNotification
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - RtlQueryRegistryValues
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoRegisterShutdownNotification
+    - KeBugCheckEx
+    - RtlAppendUnicodeToString
+    - IoReportResourceUsage
+    - RtlInitUnicodeString
+    - __C_specific_handler
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    - HalTranslateBusAddress
+    - KeStallExecutionProcessor
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: SANDRA
+    MD5: 9a237fa07ce3ed06ea924a9bed4a6b99
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: SANDRA
+    Product: SiSoftware Sandra
+    ProductVersion: 10.11.1.1
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: a75be3527d956e54b71d4d394aceffb9
+        SHA1: e4fb9247c5e978a65b93b199486696a8bc2b9653
+        SHA256: dc2eec05cc1757c2944200b86425c679ef74a3d3ce2c78a7a52d5fa9461264a6
+    SHA1: 82ba5513c33e056c3f54152c8555abf555f3e745
+    SHA256: 1aaf4c1e3cb6774857e2eef27c17e68dc1ae577112e4769665f516c2e8c4e27b
+    Sections:
+        .text:
+            Entropy: 6.3545226200997975
+            Virtual Size: '0x1fde'
+        init:
+            Entropy: 5.524375405916978
+            Virtual Size: '0x41a'
+        .rdata:
+            Entropy: 4.090920874616539
+            Virtual Size: '0x2dc'
+        .data:
+            Entropy: 0.3888300330017545
+            Virtual Size: '0x17c'
+        .pdata:
+            Entropy: 3.821946507798045
+            Virtual Size: '0x120'
+        INIT:
+            Entropy: 5.007565545055857
+            Virtual Size: '0x50a'
+        .rsrc:
+            Entropy: 3.4105227461664467
+            Virtual Size: '0x728'
+    Signature:
+    - SiSoftware Ltd
+    - GeoTrust TrustCenter CodeSigning CA I
+    - GeoTrust
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, OU=GeoTrust TrustCenter CodeSigning CA, O=GeoTrust Inc,
+                CN=GeoTrust TrustCenter CodeSigning CA I
+            ValidFrom: '2006-02-01 21:44:28'
+            ValidTo: '2016-01-30 21:44:28'
+            Signature: 65c62c9e0fc5dec5639b6e8341e0d9137104dcd9813151f57eb9930d2ef80ae8c329c0e15e02c935bb2d936ff620702b7af688c0a60133696035618235da87d374289fa4b7c023012a763198473d2bd618173691b6203e8c00876f603252123d15d2a49c00def933f55e980a433ab6af40d8924b85b25701b2c9b09174f7b754
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 05ab96
+            Version: 3
+            TBS:
+                MD5: 861ac2a336eb5977ee1d342b79b3339a
+                SHA1: 172f39bca3dda7c6d5169c96b34a5fe7e96ff0bd
+                SHA256: 4e5f8008413b8bd1daacea968d79051fc84d2fcd76ded06c65fd8d2cf3b4e2e1
+                SHA384: 99b4b343c5b223a1446551c3dd26e2a0dcafe214460c5fcc4f9f12eaca42695ae9adb04fc19eec33f17d1659a0730e95
+        -   Subject: C=GB, ST=London, L=London, O=SiSoftware Ltd, OU=Development,
+                OU=GeoTrust Code Signing, CN=SiSoftware Ltd
+            ValidFrom: '2006-08-25 14:34:37'
+            ValidTo: '2009-08-25 14:34:37'
+            Signature: 4c99f17e9f0b78f896f63b6e8169341c47002763232639c5a84b1ca9ce9af913f4fb60a7a35671b1eedbdd3a6f8e25f1976ec8ca8cd430e26df8872f17e846280193959d43d627fe7e1ec7090b0b5d556a343835712f2a89963601f1ada68ec83c674d1314800ccef6cb90950d53488917e8ad20a291bedbe8bdf439d2d7e511510ed93e25efc0c96d47dcebada3c4343a3572e8c54b73d5d9945278129d735147ca201016dd7ae28429501b4fcf0ec713e6a1399dcc6050e3f7ced3c3d470beed59c912a287014097a3cd1b30fed67c26e21a78b1e32f3dc2ddfb118a9208cd030d936f380cecd2c20046f6ce477d1a303a4ff6666b1294702a2d5d0cf3cbc7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 008da900010020ba965fe3dc471ba8
+            Version: 3
+            TBS:
+                MD5: 53874260ddccaab0a480923b0bdb9f87
+                SHA1: 918b8c4efb05da56f1d3d99f99a20eebaca51734
+                SHA256: ba08cbcbf581a6f105512e5ce808655aeb91406ae3565ab1cdee935f19d9c86e
+                SHA384: 2c9c1ef0dce7e30a34e8873394e6142d705ae6eb8c2aa7cafb4ff600f56df44213ad4437ea6771b0d79b79fa31eeda60
+        -   Subject: C=US, O=GeoTrust Inc., OU=GeoTrust TrustCenter Timestamp, CN=GeoTrust
+                TrustCenter Authenticode Timestamp I
+            ValidFrom: '2006-02-13 15:40:22'
+            ValidTo: '2016-02-11 15:40:22'
+            Signature: bb64424e3d84a554ba24c4d75f1adbff39b1e0569823903b43d0d95dde4aacb2c13c40d61330b7ba52d48127399813f0c3754d556b0375bcc671348bf7e7e73916ed64ef034ef6a611ad21b3ecc0281f040d8c09aa32d72c99f16216d26e6f387e29504782ab56733ba9e75c53456699b30acfc19840d31d4228274c497f1ab1f9827a2ff19b3b784e48511a2af48c06c09610e337b18d9be9739267b2b45fae47daa2fd8f5b9dbbb85a080a12c025ecd637182df0661ec24020c0303cc7fe64d032590519f908d367c1d5ffa85948d7c1dda9f06fe09acc4e55a625fa3175f41d46ab5c9e35a86b9dfa1bb608e586a0ed95d9fe6ff59f4f26724567ba77449e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 02358f
+            Version: 3
+            TBS:
+                MD5: 75ffae38758191312831922d8786a94e
+                SHA1: d134a530fe0e79d599a54543644dd0f05020d64f
+                SHA256: ff5857d0dbbcfcef23ec8aadc7cb4db858d427de94bf380629223fe6429ece19
+                SHA384: c0fea314395e452e7cf6713c28ef5405859078ec210d9110f1f2455754eca38eb516b349731e0499ec74a06c09153924
+        -   Subject: C=US, O=Equifax, OU=Equifax Secure Certificate Authority
+            ValidFrom: '2006-05-23 17:01:15'
+            ValidTo: '2016-05-23 17:11:15'
+            Signature: 87a40f6b55916248ff54811ccf5db6c5a514aa671df485f6860d38b31c8d22ce7c867946fb71e16114d0ed4e46a48bca64654094f92ad7870ca9b7bedcc40bbd09c106eb9530841b9d8de7bc70c6f86539c4e5c4e65c8fcda130baef065e555290edd8587f15142ecc21a593dab8508d805e6e22a70fde8093add71d24b02aa2f4f20b98750131cc69bc359b3d13662f21bde54ec3639cc8518d59f5b600937ef10c35b0f4180dbfa7bdb2aae16b9f3ce6bb41b5d904e7c8a63abf8a5bdcaa9a3cd2c8dfcb1774163d78470b4c108e406616a0f300ede034998af0f9460ff27fbf202c972616d59e81da94a6dc61c8f18e092d4e32d03df682267d91d7a6c67bc1311d210ed4a342c1b4dfc0446b4f2aeebb29d62787b0a450ae1a9ab5f996f4ccabe52b3df166e2d5e1c3f0c687b659536638026e6194df1563aa415052f9bb64dc95e05b6c2aacfed6e603c21ff65557fe7e813fcb5a0bc1029cac84e47cd3f4c25a17c312706009ec82e5eccdd0b2106d69868c8da60e0416c57164ebd95bb8b08cfc32427e60846f655b7244272b846181f461d50fd51dbc05a27a5f937f26d1c8b3afa0190723e43e225d32d14a0fcee7b72a5c7b6e1c57126864e8337e8c501340a487b0d3a69b1eacbd3d7812bc52af09e0bab0508e5c81f98383af1482f50a6d035721bb9ac32e66fb04215b0a120fc1c907d63cecabf9a52f90883a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610bdc8f00000000001a
+            Version: 3
+            TBS:
+                MD5: 6e11ed171e9a07e607b8ca65bf0e8858
+                SHA1: 6d329a72420f76868584957854cdc45172e9f902
+                SHA256: 75efb8656a18ba5dacc596757bfb0fa11f0d3d81fd5f8cf9bb8975ced87e7b1b
+                SHA384: c41060ed797c77588692c0b3e36e19cca2d48c354863437f3df76009e25c916e8d2c7e17b297fbc59da085e98d070093
+        Signer:
+        -   SerialNumber: 008da900010020ba965fe3dc471ba8
+            Issuer: C=US, OU=GeoTrust TrustCenter CodeSigning CA, O=GeoTrust Inc,
+                CN=GeoTrust TrustCenter CodeSigning CA I
+            Version: 1
+    Imphash: 756adaea6a3f9f0cdaff73d1a49ca201
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 59b18c35a208c7b07e660311e368b31e
+        SHA1: 073626838c7211f06a4dcf6d618caa3256dcfe94
+        SHA256: 367035e87b8a361bdc51f55a2467b2606eb29feae3af892d8c17df1841c20b97
+    Company: SiSoftware
+    Copyright: "Copyright \xA9 SiSoftware Ltd 1995-Present. All rights reserved."
+    CreationTimestamp: '2009-08-07 16:44:51'
+    Date: ''
+    Description: Sandra Device Driver (x64)(Unicode)
+    ExportedFunctions: ''
+    FileVersion: '15.18.1.1 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - ZwSetValueKey
+    - NtQueryInformationProcess
+    - ZwClose
+    - MmMapIoSpace
+    - MmUnmapIoSpace
+    - IoQueryDeviceDescription
+    - ZwSetInformationThread
+    - RtlUnicodeStringToAnsiString
+    - IoAllocateMdl
+    - MmBuildMdlForNonPagedPool
+    - MmMapLockedPagesSpecifyCache
+    - MmUnmapLockedPages
+    - IoFreeMdl
+    - ZwCreateKey
+    - MmResetDriverPaging
+    - KeAcquireSpinLockRaiseToDpc
+    - KeReleaseSpinLock
+    - IofCompleteRequest
+    - MmPageEntireDriver
+    - IoUnregisterShutdownNotification
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - RtlQueryRegistryValues
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoRegisterShutdownNotification
+    - KeBugCheckEx
+    - RtlAppendUnicodeToString
+    - IoReportResourceUsage
+    - RtlInitUnicodeString
+    - __C_specific_handler
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    - HalTranslateBusAddress
+    - KeStallExecutionProcessor
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: SANDRA
+    MD5: 5efbbfcc6adac121c8e2fe76641ed329
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: SANDRA
+    PDBPath: ''
+    Product: SiSoftware Sandra
+    ProductVersion: 15.18.1.1
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: e69c03b2be2914d637b48a27820d8a94
+        SHA1: d5cb3b8f858b20d173998370d62acacc181c4811
+        SHA256: 01d5b00a838c1b167e8e6aa122e77f81c486f304f4f75ebd8200c16dad476ea9
+    SHA1: 2fe874274bac6842819c1e9fe9477e6d5240944d
+    SHA256: 0eab16c7f54b61620277977f8c332737081a46bc6bbde50742b6904bdd54f502
+    Sections:
+        .text:
+            Entropy: 6.349714340820283
+            Virtual Size: '0x234e'
+        .rdata:
+            Entropy: 4.37370787251034
+            Virtual Size: '0x30c'
+        .data:
+            Entropy: 0.3458408061738237
+            Virtual Size: '0x1b4'
+        .pdata:
+            Entropy: 3.8807864998077926
+            Virtual Size: '0x150'
+        INIT:
+            Entropy: 5.7741173762361155
+            Virtual Size: '0x962'
+        .rsrc:
+            Entropy: 3.404123391011788
+            Virtual Size: '0x720'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, OU=GeoTrust TrustCenter CodeSigning CA, O=GeoTrust Inc,
+                CN=GeoTrust TrustCenter CodeSigning CA I
+            ValidFrom: '2006-02-01 21:44:28'
+            ValidTo: '2016-01-30 21:44:28'
+            Signature: 65c62c9e0fc5dec5639b6e8341e0d9137104dcd9813151f57eb9930d2ef80ae8c329c0e15e02c935bb2d936ff620702b7af688c0a60133696035618235da87d374289fa4b7c023012a763198473d2bd618173691b6203e8c00876f603252123d15d2a49c00def933f55e980a433ab6af40d8924b85b25701b2c9b09174f7b754
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 05ab96
+            Version: 3
+            TBS:
+                MD5: 861ac2a336eb5977ee1d342b79b3339a
+                SHA1: 172f39bca3dda7c6d5169c96b34a5fe7e96ff0bd
+                SHA256: 4e5f8008413b8bd1daacea968d79051fc84d2fcd76ded06c65fd8d2cf3b4e2e1
+                SHA384: 99b4b343c5b223a1446551c3dd26e2a0dcafe214460c5fcc4f9f12eaca42695ae9adb04fc19eec33f17d1659a0730e95
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=GB, ST=London, L=London, O=SiSoftware Ltd, OU=Development,
+                OU=GeoTrust Code Signing, CN=SiSoftware Ltd
+            ValidFrom: '2006-08-25 14:34:37'
+            ValidTo: '2009-08-25 14:34:37'
+            Signature: 4c99f17e9f0b78f896f63b6e8169341c47002763232639c5a84b1ca9ce9af913f4fb60a7a35671b1eedbdd3a6f8e25f1976ec8ca8cd430e26df8872f17e846280193959d43d627fe7e1ec7090b0b5d556a343835712f2a89963601f1ada68ec83c674d1314800ccef6cb90950d53488917e8ad20a291bedbe8bdf439d2d7e511510ed93e25efc0c96d47dcebada3c4343a3572e8c54b73d5d9945278129d735147ca201016dd7ae28429501b4fcf0ec713e6a1399dcc6050e3f7ced3c3d470beed59c912a287014097a3cd1b30fed67c26e21a78b1e32f3dc2ddfb118a9208cd030d936f380cecd2c20046f6ce477d1a303a4ff6666b1294702a2d5d0cf3cbc7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 008da900010020ba965fe3dc471ba8
+            Version: 3
+            TBS:
+                MD5: 53874260ddccaab0a480923b0bdb9f87
+                SHA1: 918b8c4efb05da56f1d3d99f99a20eebaca51734
+                SHA256: ba08cbcbf581a6f105512e5ce808655aeb91406ae3565ab1cdee935f19d9c86e
+                SHA384: 2c9c1ef0dce7e30a34e8873394e6142d705ae6eb8c2aa7cafb4ff600f56df44213ad4437ea6771b0d79b79fa31eeda60
+        -   Subject: C=US, O=Equifax, OU=Equifax Secure Certificate Authority
+            ValidFrom: '2006-05-23 17:01:15'
+            ValidTo: '2016-05-23 17:11:15'
+            Signature: 87a40f6b55916248ff54811ccf5db6c5a514aa671df485f6860d38b31c8d22ce7c867946fb71e16114d0ed4e46a48bca64654094f92ad7870ca9b7bedcc40bbd09c106eb9530841b9d8de7bc70c6f86539c4e5c4e65c8fcda130baef065e555290edd8587f15142ecc21a593dab8508d805e6e22a70fde8093add71d24b02aa2f4f20b98750131cc69bc359b3d13662f21bde54ec3639cc8518d59f5b600937ef10c35b0f4180dbfa7bdb2aae16b9f3ce6bb41b5d904e7c8a63abf8a5bdcaa9a3cd2c8dfcb1774163d78470b4c108e406616a0f300ede034998af0f9460ff27fbf202c972616d59e81da94a6dc61c8f18e092d4e32d03df682267d91d7a6c67bc1311d210ed4a342c1b4dfc0446b4f2aeebb29d62787b0a450ae1a9ab5f996f4ccabe52b3df166e2d5e1c3f0c687b659536638026e6194df1563aa415052f9bb64dc95e05b6c2aacfed6e603c21ff65557fe7e813fcb5a0bc1029cac84e47cd3f4c25a17c312706009ec82e5eccdd0b2106d69868c8da60e0416c57164ebd95bb8b08cfc32427e60846f655b7244272b846181f461d50fd51dbc05a27a5f937f26d1c8b3afa0190723e43e225d32d14a0fcee7b72a5c7b6e1c57126864e8337e8c501340a487b0d3a69b1eacbd3d7812bc52af09e0bab0508e5c81f98383af1482f50a6d035721bb9ac32e66fb04215b0a120fc1c907d63cecabf9a52f90883a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610bdc8f00000000001a
+            Version: 3
+            TBS:
+                MD5: 6e11ed171e9a07e607b8ca65bf0e8858
+                SHA1: 6d329a72420f76868584957854cdc45172e9f902
+                SHA256: 75efb8656a18ba5dacc596757bfb0fa11f0d3d81fd5f8cf9bb8975ced87e7b1b
+                SHA384: c41060ed797c77588692c0b3e36e19cca2d48c354863437f3df76009e25c916e8d2c7e17b297fbc59da085e98d070093
+        Signer:
+        -   SerialNumber: 008da900010020ba965fe3dc471ba8
+            Issuer: C=US, OU=GeoTrust TrustCenter CodeSigning CA, O=GeoTrust Inc,
+                CN=GeoTrust TrustCenter CodeSigning CA I
+            Version: 1
+    Imphash: 756adaea6a3f9f0cdaff73d1a49ca201
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: bdea036b5792ac51cef9f16b6688fcf8
+        SHA1: fa5499c24395cd44fa8c7129bd433bc00697d0a2
+        SHA256: 75e539170a00e447842a85441be36dc9e1fa81a3f6386806f3d90e7b4cca1ac1
+    Company: SiSoftware
+    Copyright: "Copyright \xA9 SiSoftware Ltd 1995-Present. All rights reserved."
+    CreationTimestamp: '2009-08-07 16:45:08'
+    Date: ''
+    Description: Sandra Device Driver (IA64)(Unicode)
+    ExportedFunctions: ''
+    FileVersion: '15.18.1.1 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - KeLowerIrql
+    - IoQueryDeviceDescription
+    - ZwSetInformationThread
+    - IoAllocateMdl
+    - MmBuildMdlForNonPagedPool
+    - MmMapLockedPagesSpecifyCache
+    - MmUnmapLockedPages
+    - IoFreeMdl
+    - IoReportResourceUsage
+    - MmResetDriverPaging
+    - KeAcquireSpinLockRaiseToDpc
+    - KeReleaseSpinLock
+    - KeRaiseIrqlToDpcLevel
+    - MmPageEntireDriver
+    - IoUnregisterShutdownNotification
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - RtlQueryRegistryValues
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoRegisterShutdownNotification
+    - KeTickCount
+    - KeBugCheckEx
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - ZwClose
+    - NtQueryInformationProcess
+    - ZwSetValueKey
+    - ZwCreateKey
+    - RtlAppendUnicodeToString
+    - IofCompleteRequest
+    - RtlInitUnicodeString
+    - __C_specific_handler
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    - WRITE_PORT_ULONG
+    - WRITE_PORT_USHORT
+    - WRITE_PORT_UCHAR
+    - READ_PORT_ULONG
+    - READ_PORT_USHORT
+    - READ_PORT_UCHAR
+    - HalTranslateBusAddress
+    - KeStallExecutionProcessor
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: SANDRA
+    MD5: 0be4a11bc261f3cd8b4dbfebee88c209
+    MachineType: IA64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: SANDRA
+    PDBPath: ''
+    Product: SiSoftware Sandra
+    ProductVersion: 15.18.1.1
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 166449aeb768baba5f9b2bc9161d1ddc
+        SHA1: a24bb9b7f5d44f07a442ae0dc53cfc2812de93ec
+        SHA256: d10123c382130825a283ad67f0b1c547327d8fae4540ac013b47782db5f68090
+    SHA1: d32408c3b79b1f007331d2a3c78b1a7e96f37f79
+    SHA256: cbf74bed1a4d3d5819b7c50e9d91e5760db1562d8032122edac6f0970f427183
+    Sections:
+        .text:
+            Entropy: 5.4102105799916975
+            Virtual Size: '0x7110'
+        .rdata:
+            Entropy: 3.7550946692171805
+            Virtual Size: '0x568'
+        .pdata:
+            Entropy: 3.7461220043136456
+            Virtual Size: '0x174'
+        .sdata:
+            Entropy: 2.0721296606285398
+            Virtual Size: '0x240'
+        .data:
+            Entropy: 0.0
+            Virtual Size: '0x4'
+        INIT:
+            Entropy: 5.541911115595251
+            Virtual Size: '0x11f2'
+        .rsrc:
+            Entropy: 3.3976740349481513
+            Virtual Size: '0x728'
+        .reloc:
+            Entropy: 1.2722604546230136
+            Virtual Size: '0x2f4'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, OU=GeoTrust TrustCenter CodeSigning CA, O=GeoTrust Inc,
+                CN=GeoTrust TrustCenter CodeSigning CA I
+            ValidFrom: '2006-02-01 21:44:28'
+            ValidTo: '2016-01-30 21:44:28'
+            Signature: 65c62c9e0fc5dec5639b6e8341e0d9137104dcd9813151f57eb9930d2ef80ae8c329c0e15e02c935bb2d936ff620702b7af688c0a60133696035618235da87d374289fa4b7c023012a763198473d2bd618173691b6203e8c00876f603252123d15d2a49c00def933f55e980a433ab6af40d8924b85b25701b2c9b09174f7b754
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 05ab96
+            Version: 3
+            TBS:
+                MD5: 861ac2a336eb5977ee1d342b79b3339a
+                SHA1: 172f39bca3dda7c6d5169c96b34a5fe7e96ff0bd
+                SHA256: 4e5f8008413b8bd1daacea968d79051fc84d2fcd76ded06c65fd8d2cf3b4e2e1
+                SHA384: 99b4b343c5b223a1446551c3dd26e2a0dcafe214460c5fcc4f9f12eaca42695ae9adb04fc19eec33f17d1659a0730e95
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=GB, ST=London, L=London, O=SiSoftware Ltd, OU=Development,
+                OU=GeoTrust Code Signing, CN=SiSoftware Ltd
+            ValidFrom: '2006-08-25 14:34:37'
+            ValidTo: '2009-08-25 14:34:37'
+            Signature: 4c99f17e9f0b78f896f63b6e8169341c47002763232639c5a84b1ca9ce9af913f4fb60a7a35671b1eedbdd3a6f8e25f1976ec8ca8cd430e26df8872f17e846280193959d43d627fe7e1ec7090b0b5d556a343835712f2a89963601f1ada68ec83c674d1314800ccef6cb90950d53488917e8ad20a291bedbe8bdf439d2d7e511510ed93e25efc0c96d47dcebada3c4343a3572e8c54b73d5d9945278129d735147ca201016dd7ae28429501b4fcf0ec713e6a1399dcc6050e3f7ced3c3d470beed59c912a287014097a3cd1b30fed67c26e21a78b1e32f3dc2ddfb118a9208cd030d936f380cecd2c20046f6ce477d1a303a4ff6666b1294702a2d5d0cf3cbc7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 008da900010020ba965fe3dc471ba8
+            Version: 3
+            TBS:
+                MD5: 53874260ddccaab0a480923b0bdb9f87
+                SHA1: 918b8c4efb05da56f1d3d99f99a20eebaca51734
+                SHA256: ba08cbcbf581a6f105512e5ce808655aeb91406ae3565ab1cdee935f19d9c86e
+                SHA384: 2c9c1ef0dce7e30a34e8873394e6142d705ae6eb8c2aa7cafb4ff600f56df44213ad4437ea6771b0d79b79fa31eeda60
+        -   Subject: C=US, O=Equifax, OU=Equifax Secure Certificate Authority
+            ValidFrom: '2006-05-23 17:01:15'
+            ValidTo: '2016-05-23 17:11:15'
+            Signature: 87a40f6b55916248ff54811ccf5db6c5a514aa671df485f6860d38b31c8d22ce7c867946fb71e16114d0ed4e46a48bca64654094f92ad7870ca9b7bedcc40bbd09c106eb9530841b9d8de7bc70c6f86539c4e5c4e65c8fcda130baef065e555290edd8587f15142ecc21a593dab8508d805e6e22a70fde8093add71d24b02aa2f4f20b98750131cc69bc359b3d13662f21bde54ec3639cc8518d59f5b600937ef10c35b0f4180dbfa7bdb2aae16b9f3ce6bb41b5d904e7c8a63abf8a5bdcaa9a3cd2c8dfcb1774163d78470b4c108e406616a0f300ede034998af0f9460ff27fbf202c972616d59e81da94a6dc61c8f18e092d4e32d03df682267d91d7a6c67bc1311d210ed4a342c1b4dfc0446b4f2aeebb29d62787b0a450ae1a9ab5f996f4ccabe52b3df166e2d5e1c3f0c687b659536638026e6194df1563aa415052f9bb64dc95e05b6c2aacfed6e603c21ff65557fe7e813fcb5a0bc1029cac84e47cd3f4c25a17c312706009ec82e5eccdd0b2106d69868c8da60e0416c57164ebd95bb8b08cfc32427e60846f655b7244272b846181f461d50fd51dbc05a27a5f937f26d1c8b3afa0190723e43e225d32d14a0fcee7b72a5c7b6e1c57126864e8337e8c501340a487b0d3a69b1eacbd3d7812bc52af09e0bab0508e5c81f98383af1482f50a6d035721bb9ac32e66fb04215b0a120fc1c907d63cecabf9a52f90883a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610bdc8f00000000001a
+            Version: 3
+            TBS:
+                MD5: 6e11ed171e9a07e607b8ca65bf0e8858
+                SHA1: 6d329a72420f76868584957854cdc45172e9f902
+                SHA256: 75efb8656a18ba5dacc596757bfb0fa11f0d3d81fd5f8cf9bb8975ced87e7b1b
+                SHA384: c41060ed797c77588692c0b3e36e19cca2d48c354863437f3df76009e25c916e8d2c7e17b297fbc59da085e98d070093
+        Signer:
+        -   SerialNumber: 008da900010020ba965fe3dc471ba8
+            Issuer: C=US, OU=GeoTrust TrustCenter CodeSigning CA, O=GeoTrust Inc,
+                CN=GeoTrust TrustCenter CodeSigning CA I
+            Version: 1
+    Imphash: abbab73b191d90dc642cbbc1f31d750d
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: fa4d63404779505dc50914274f9140d5
+        SHA1: 0eb3f60cfbb78a7299a3fa0aae4f9ede2bb60e6a
+        SHA256: 752b31418053dc19c0573d16953d5ad24723bd57e5f62eff391e632548855b5f
+    Company: SiSoftware
+    Copyright: "Copyright \xA9 SiSoftware Ltd 1995-2005. All rights reserved."
+    CreationTimestamp: '2005-02-09 08:08:53'
+    Date: ''
+    Description: Sandra Device Driver (Win32 x86)(Unicode)
+    ExportedFunctions: ''
+    FileVersion: '10.2.1.1 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - MmBuildMdlForNonPagedPool
+    - IoAllocateMdl
+    - _except_handler3
+    - IoFreeMdl
+    - MmUnmapLockedPages
+    - READ_REGISTER_ULONG
+    - READ_REGISTER_USHORT
+    - READ_REGISTER_UCHAR
+    - WRITE_REGISTER_ULONG
+    - WRITE_REGISTER_USHORT
+    - WRITE_REGISTER_UCHAR
+    - IoReportResourceUsage
+    - MmMapLockedPagesSpecifyCache
+    - MmResetDriverPaging
+    - MmPageEntireDriver
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - IoUnregisterShutdownNotification
+    - RtlQueryRegistryValues
+    - KeInitializeSpinLock
+    - IoRegisterShutdownNotification
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeTickCount
+    - KeBugCheckEx
+    - RtlUnicodeStringToAnsiString
+    - ZwSetInformationThread
+    - IoQueryDeviceDescription
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - RtlAppendUnicodeToString
+    - ZwCreateKey
+    - ZwSetValueKey
+    - NtQueryInformationProcess
+    - wcslen
+    - ZwClose
+    - IofCompleteRequest
+    - RtlInitUnicodeString
+    - KfReleaseSpinLock
+    - HalGetInterruptVector
+    - KeStallExecutionProcessor
+    - KeRaiseIrqlToDpcLevel
+    - KfLowerIrql
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    - WRITE_PORT_UCHAR
+    - WRITE_PORT_USHORT
+    - WRITE_PORT_ULONG
+    - READ_PORT_UCHAR
+    - READ_PORT_USHORT
+    - READ_PORT_ULONG
+    - HalTranslateBusAddress
+    - KfAcquireSpinLock
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: SANDRA
+    MD5: d86269ba823c9ecf49a145540cd0b3df
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: SANDRA
+    PDBPath: ''
+    Product: SiSoftware Sandra
+    ProductVersion: 10.2.1.1
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: aafad5020ce92eef8fbc7ad80d519673
+        SHA1: ef9fb0357510ea69f66b012abb9fbe6cd0ad6de6
+        SHA256: 269ca1654821ad613e212d88ce927ba4515f3d4329a0c4b4d7ea6c31bc25fed4
+    SHA1: f9eb4c942a89b4ba39d2bdbfd23716937ccb9925
+    SHA256: 1284a1462a5270833ec7719f768cdb381e7d0a9c475041f9f3c74fa8eea83590
+    Sections:
+        .text:
+            Entropy: 6.251401594953046
+            Virtual Size: '0x18f8'
+        init:
+            Entropy: 5.557777832993581
+            Virtual Size: '0x301'
+        .rdata:
+            Entropy: 3.8034701112314675
+            Virtual Size: '0x1a4'
+        .data:
+            Entropy: 1.5567796494470396
+            Virtual Size: '0x14'
+        INIT:
+            Entropy: 5.487441120729154
+            Virtual Size: '0x606'
+        .rsrc:
+            Entropy: 3.4036907314164977
+            Virtual Size: '0x728'
+        .reloc:
+            Entropy: 4.671970480708587
+            Virtual Size: '0x1e2'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=ZA, O=Thawte Consulting (Pty) Ltd., CN=Thawte Code Signing
+                CA
+            ValidFrom: '2003-08-06 00:00:00'
+            ValidTo: '2013-08-05 23:59:59'
+            Signature: 76b29cee139f1bf62d349294457334dc8e6b2e5cfc4c7d89ebc368f1d7990f2e1d17c8b5168bbecd8a0506f219493a035b05c9208e6d52e17681a0c3658a2267e41c53533746bfbcd72feb7b9ed014456c402108e25d757666301ef4df828a2fbdf3a20cbf1ddb9f14a29a72374db07748e84a3f09ce55192cefe60724e1afec
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0a
+            Version: 3
+            TBS:
+                MD5: 6c239df74ade9185bb735cea2298c028
+                SHA1: f6297a00d3b2b4ce4750402b66e7ea018d54f683
+                SHA256: c5e3eebf1434d85e615b06e3c7a4d3c31d10a4fb0ff7a9b262bd41b43a6aaefe
+                SHA384: 48520b9f122b94ccc316982c87d8ebf6ca4fc4e6fd4504c8fcee63b307b5502c403bf0676ef96ca9dc2004a11bbc825b
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: CN=SiSoftware LTD, O=SiSoftware LTD, OU=Secure Application Development,
+                C=UK, ST=London, L=London
+            ValidFrom: '2004-09-23 16:28:04'
+            ValidTo: '2005-09-23 16:28:04'
+            Signature: 2623e3d4f0ca2111695ee2c1493671d554de79106efd8d98928e0890eb65e7da15d2f4c8f739e5fd1ce3e2205327c540b29ad0a901b605a623b2de380e382e4b75b9b41c5b4deb75c974d02c1911fb58851e75b6fc20bb947fca991fc050dee03a914b69345c77aeba2fa02e1b22cd2b75ad2593d9f5caa24550a02db6a3506d
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.4
+            IsCertificateAuthority: false
+            SerialNumber: 3ea278
+            Version: 3
+            TBS:
+                MD5: d1fe7af23616fed8bc3caa7652a5a797
+                SHA1: 2761ec21ac2de20b9341ae80bfb2d7fecbbc82f8
+                SHA256: e1b99e1290c46d85fea0a77eff3976c23b4f50950eea0ad74e69375b6a8d46e1
+                SHA384: 8fc563c827ac41fbde84bebb16f27264dae9c37f874b629b75c62c1b3bf45c06342954994092067e21086e89aecb8bcf
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2008-12-03 23:59:59'
+            Signature: 877870da4e5201205be079c98230c4fdb91996bd9100c3bdcdcdc6f40ed8fff94dc033623011c5f5741bd492de5f9c2013b17c45be50cd83e7801783a72793671346fbcab8984103cc9b515b058b7fa86ff31b501b242ef2698d6c22f7bbca1695ed0c74c06877d9eb996287c17390f889747a23aba3987b97b1f78f29714d2e751b4841daf0b50d2054d677a097826369fd09cf8af075bb099bd9f91155269a6132be7a02b07b86bea2c38b222c78d13576bc92735cf9b9e64c150a23cce4d2d4342e4940153c0f607a24c6a566ef96cf70eb3ee7f40d7edcd17ca3767169c19c4f47303521b1a2af1a623c2bd98eaa2a077bd818b35c7be29da56ffe3c89ad
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0de92bf0d4d82988183205095e9a7688
+            Version: 3
+            TBS:
+                MD5: 45c204b8a20f6abb0188d2d38a3fb0c9
+                SHA1: cdf3a3c5c2eda4c29621f30fd3154f9f8c765739
+                SHA256: e32839dddc0f4ed2474efaf37f59d46db400c700fd19533cb0895a111124bc77
+                SHA384: ee9c75832cb252218b3201619852209df490d2ef7a5f7a28afdb37f1c1dd56f4604898838e558f615b1c798d4a488223
+        Signer:
+        -   SerialNumber: 3ea278
+            Issuer: C=ZA, O=Thawte Consulting (Pty) Ltd., CN=Thawte Code Signing CA
+            Version: 1
+    Imphash: 296afaa5ea70bbd17135afcd04758148
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 28c35352251b73a8b6a2ba74b137fa63
+        SHA1: 70d749add1825fad7c1c5107bc7a349b8e3740e3
+        SHA256: 31867db933ed4407d22de8f0ef9b52958c40c63c2328e1863dfd3fe58d3b53c3
+    Company: SiSoftware
+    Copyright: "Copyright \xA9 SiSoftware Ltd 1995-Present. All rights reserved."
+    CreationTimestamp: '2009-08-07 16:44:41'
+    Date: ''
+    Description: Sandra Device Driver (x86)(Unicode)
+    ExportedFunctions: ''
+    FileVersion: '15.18.1.1 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - READ_REGISTER_USHORT
+    - READ_REGISTER_ULONG
+    - IoQueryDeviceDescription
+    - ZwSetInformationThread
+    - RtlUnicodeStringToAnsiString
+    - MmMapLockedPagesSpecifyCache
+    - MmBuildMdlForNonPagedPool
+    - IoAllocateMdl
+    - IoFreeMdl
+    - MmUnmapLockedPages
+    - IoReportResourceUsage
+    - READ_REGISTER_UCHAR
+    - MmResetDriverPaging
+    - MmPageEntireDriver
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - IoUnregisterShutdownNotification
+    - RtlQueryRegistryValues
+    - IoRegisterShutdownNotification
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeTickCount
+    - KeBugCheckEx
+    - RtlUnwind
+    - WRITE_REGISTER_ULONG
+    - WRITE_REGISTER_USHORT
+    - WRITE_REGISTER_UCHAR
+    - memset
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - RtlAppendUnicodeToString
+    - ZwCreateKey
+    - ZwSetValueKey
+    - NtQueryInformationProcess
+    - ZwClose
+    - IofCompleteRequest
+    - RtlInitUnicodeString
+    - KfReleaseSpinLock
+    - HalGetInterruptVector
+    - KeStallExecutionProcessor
+    - KeRaiseIrqlToDpcLevel
+    - KfLowerIrql
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    - WRITE_PORT_ULONG
+    - WRITE_PORT_USHORT
+    - WRITE_PORT_UCHAR
+    - READ_PORT_ULONG
+    - READ_PORT_USHORT
+    - READ_PORT_UCHAR
+    - HalTranslateBusAddress
+    - KfAcquireSpinLock
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: SANDRA
+    MD5: 230fd3749904ca045ea5ec0aa14006e9
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: SANDRA
+    PDBPath: ''
+    Product: SiSoftware Sandra
+    ProductVersion: 15.18.1.1
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 4c53c50a8157a8d839fa0df04c90708d
+        SHA1: d337063e1ee6ef11a08ec56bd09b3bb03bc8937e
+        SHA256: 2eb834bbe1604d51b7a9032cdd62bab0b366dbf0f2601f9a3cd35cbf0e541e1e
+    SHA1: 22c08d67bf687bf7ddd57056e274cbbbdb647561
+    SHA256: d7c79238f862b471740aff4cc3982658d1339795e9ec884a8921efe2e547d7c3
+    Sections:
+        .text:
+            Entropy: 6.378172236096485
+            Virtual Size: '0x22ac'
+        .rdata:
+            Entropy: 3.9562346649102187
+            Virtual Size: '0x1c4'
+        .data:
+            Entropy: 0.560652868272508
+            Virtual Size: '0xbc'
+        INIT:
+            Entropy: 5.911577120409106
+            Virtual Size: '0x8d2'
+        .rsrc:
+            Entropy: 3.39983496546404
+            Virtual Size: '0x720'
+        .reloc:
+            Entropy: 5.146168090961645
+            Virtual Size: '0x248'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, OU=GeoTrust TrustCenter CodeSigning CA, O=GeoTrust Inc,
+                CN=GeoTrust TrustCenter CodeSigning CA I
+            ValidFrom: '2006-02-01 21:44:28'
+            ValidTo: '2016-01-30 21:44:28'
+            Signature: 65c62c9e0fc5dec5639b6e8341e0d9137104dcd9813151f57eb9930d2ef80ae8c329c0e15e02c935bb2d936ff620702b7af688c0a60133696035618235da87d374289fa4b7c023012a763198473d2bd618173691b6203e8c00876f603252123d15d2a49c00def933f55e980a433ab6af40d8924b85b25701b2c9b09174f7b754
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 05ab96
+            Version: 3
+            TBS:
+                MD5: 861ac2a336eb5977ee1d342b79b3339a
+                SHA1: 172f39bca3dda7c6d5169c96b34a5fe7e96ff0bd
+                SHA256: 4e5f8008413b8bd1daacea968d79051fc84d2fcd76ded06c65fd8d2cf3b4e2e1
+                SHA384: 99b4b343c5b223a1446551c3dd26e2a0dcafe214460c5fcc4f9f12eaca42695ae9adb04fc19eec33f17d1659a0730e95
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=GB, ST=London, L=London, O=SiSoftware Ltd, OU=Development,
+                OU=GeoTrust Code Signing, CN=SiSoftware Ltd
+            ValidFrom: '2006-08-25 14:34:37'
+            ValidTo: '2009-08-25 14:34:37'
+            Signature: 4c99f17e9f0b78f896f63b6e8169341c47002763232639c5a84b1ca9ce9af913f4fb60a7a35671b1eedbdd3a6f8e25f1976ec8ca8cd430e26df8872f17e846280193959d43d627fe7e1ec7090b0b5d556a343835712f2a89963601f1ada68ec83c674d1314800ccef6cb90950d53488917e8ad20a291bedbe8bdf439d2d7e511510ed93e25efc0c96d47dcebada3c4343a3572e8c54b73d5d9945278129d735147ca201016dd7ae28429501b4fcf0ec713e6a1399dcc6050e3f7ced3c3d470beed59c912a287014097a3cd1b30fed67c26e21a78b1e32f3dc2ddfb118a9208cd030d936f380cecd2c20046f6ce477d1a303a4ff6666b1294702a2d5d0cf3cbc7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 008da900010020ba965fe3dc471ba8
+            Version: 3
+            TBS:
+                MD5: 53874260ddccaab0a480923b0bdb9f87
+                SHA1: 918b8c4efb05da56f1d3d99f99a20eebaca51734
+                SHA256: ba08cbcbf581a6f105512e5ce808655aeb91406ae3565ab1cdee935f19d9c86e
+                SHA384: 2c9c1ef0dce7e30a34e8873394e6142d705ae6eb8c2aa7cafb4ff600f56df44213ad4437ea6771b0d79b79fa31eeda60
+        -   Subject: C=US, O=Equifax, OU=Equifax Secure Certificate Authority
+            ValidFrom: '2006-05-23 17:01:15'
+            ValidTo: '2016-05-23 17:11:15'
+            Signature: 87a40f6b55916248ff54811ccf5db6c5a514aa671df485f6860d38b31c8d22ce7c867946fb71e16114d0ed4e46a48bca64654094f92ad7870ca9b7bedcc40bbd09c106eb9530841b9d8de7bc70c6f86539c4e5c4e65c8fcda130baef065e555290edd8587f15142ecc21a593dab8508d805e6e22a70fde8093add71d24b02aa2f4f20b98750131cc69bc359b3d13662f21bde54ec3639cc8518d59f5b600937ef10c35b0f4180dbfa7bdb2aae16b9f3ce6bb41b5d904e7c8a63abf8a5bdcaa9a3cd2c8dfcb1774163d78470b4c108e406616a0f300ede034998af0f9460ff27fbf202c972616d59e81da94a6dc61c8f18e092d4e32d03df682267d91d7a6c67bc1311d210ed4a342c1b4dfc0446b4f2aeebb29d62787b0a450ae1a9ab5f996f4ccabe52b3df166e2d5e1c3f0c687b659536638026e6194df1563aa415052f9bb64dc95e05b6c2aacfed6e603c21ff65557fe7e813fcb5a0bc1029cac84e47cd3f4c25a17c312706009ec82e5eccdd0b2106d69868c8da60e0416c57164ebd95bb8b08cfc32427e60846f655b7244272b846181f461d50fd51dbc05a27a5f937f26d1c8b3afa0190723e43e225d32d14a0fcee7b72a5c7b6e1c57126864e8337e8c501340a487b0d3a69b1eacbd3d7812bc52af09e0bab0508e5c81f98383af1482f50a6d035721bb9ac32e66fb04215b0a120fc1c907d63cecabf9a52f90883a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610bdc8f00000000001a
+            Version: 3
+            TBS:
+                MD5: 6e11ed171e9a07e607b8ca65bf0e8858
+                SHA1: 6d329a72420f76868584957854cdc45172e9f902
+                SHA256: 75efb8656a18ba5dacc596757bfb0fa11f0d3d81fd5f8cf9bb8975ced87e7b1b
+                SHA384: c41060ed797c77588692c0b3e36e19cca2d48c354863437f3df76009e25c916e8d2c7e17b297fbc59da085e98d070093
+        Signer:
+        -   SerialNumber: 008da900010020ba965fe3dc471ba8
+            Issuer: C=US, OU=GeoTrust TrustCenter CodeSigning CA, O=GeoTrust Inc,
+                CN=GeoTrust TrustCenter CodeSigning CA I
+            Version: 1
+    Imphash: 8e96d1a56746c6f6f30f1a0963ce2f26
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/bd9f084e-b235-4978-bf2a-5f1dc02937df.yaml b/yaml/bd9f084e-b235-4978-bf2a-5f1dc02937df.yaml
index 85941595a..fda33afe5 100644
--- a/yaml/bd9f084e-b235-4978-bf2a-5f1dc02937df.yaml
+++ b/yaml/bd9f084e-b235-4978-bf2a-5f1dc02937df.yaml
@@ -1,251 +1,253 @@
 Id: bd9f084e-b235-4978-bf2a-5f1dc02937df
+Tags:
+- TfSysMon.sys
+Verified: 'FALSE'
 Author: rahulwt
 Created: '2024-08-15'
 MitreID: T1068
 Category: vulnerable driver
-Verified: 'FALSE'
 Commands:
-  Command: 'sc.exe create TfSysMon.sys binPath=C:\windows\temp\TfSysMon.sys type=kernel && sc.exe start TfSysMon.sys'
-  Description: ''
-  Usecase: Elevate privileges
-  Privileges: kernel
-  OperatingSystem: Windows 10
+    Command: sc.exe create TfSysMon.sys binPath=C:\windows\temp\TfSysMon.sys type=kernel
+        && sc.exe start TfSysMon.sys
+    Description: ''
+    Usecase: Elevate privileges
+    Privileges: kernel
+    OperatingSystem: Windows 10
 Resources:
-- 'https://github.com/BlackSnufkin/BYOVD/tree/main/TfSysMon-Killer'
-Acknowledgement:
-  Person: ''
-  Handle: ''
+- https://github.com/BlackSnufkin/BYOVD/tree/main/TfSysMon-Killer
 Detection: []
+Acknowledgement:
+    Person: ''
+    Handle: ''
 KnownVulnerableSamples:
-- Filename: 'TfSysMon.sys'
-  MD5: 761f2e2b759389a472bd3d94141742b9
-  SHA1: c881f43c7fe94a6f056a84da8e9a32fe56d8dd9c
-  SHA256: 1c1a4ca2cbac9fe5954763a20aeb82da9b10d028824f42fff071503dcbe15856
-  Signature: ''
-  Date: ''
-  Publisher: ''
-  Company: PC Tools
-  Description: ThreatFire System Monitor
-  Product: ThreatFire
-  ProductVersion: 4.6.0.26
-  FileVersion: 4.10.2.1
-  MachineType: AMD64
-  OriginalFilename: TfSysMon.sys
-  Imphash: 9e7c36ff0dc8862002283773ace05f9e
-  Authentihash:
-    MD5: bf20ffaec0c931ba26ba3b4fa1168b8a
-    SHA1: 4e572da2a16b1588b2140f6739dc1dbd82cc1292
-    SHA256: 39f5d351878f7216a69d0330c40e5b2793c6d4d3ee72f0673cf7555ea9dbe86a
-  RichPEHeaderHash:
-    MD5: 7401835ee57bfad89c8355b1bd87ef20
-    SHA1: 5467c4177559d5b83ce52dd4c8f1366c7ad5ca20
-    SHA256: b40447d856fa680f34064911a1f0285f58dac4ec40e90b306c546ce11615a005
-  Sections:
-    .text:
-      Entropy: 6.326690300828168
-      Virtual Size: '0xa0b8'
-    .rdata:
-      Entropy: 5.328583885941854
-      Virtual Size: '0xca0'
-    .data:
-      Entropy: 0.6238885848006501
-      Virtual Size: '0x7e0'
-    .pdata:
-      Entropy: 4.439637717036265
-      Virtual Size: '0x480'
-    INIT:
-      Entropy: 5.125170195862425
-      Virtual Size: '0xcc4'
-    .rsrc:
-      Entropy: 3.2918275791152984
-      Virtual Size: '0x3f8'
-    .reloc:
-      Entropy: 1.2636865525783176
-      Virtual Size: '0x30'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2010-02-01 20:16:19'
-  InternalName: TfSysMon
-  Copyright: "Copyright \xA9 2005-2009 PC Tools. All Rights Reserved."
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - PsLookupProcessByProcessId
-  - RtlDowncaseUnicodeString
-  - RtlInitUnicodeString
-  - KeSetEvent
-  - MmGetSystemRoutineAddress
-  - KeInitializeEvent
-  - ZwQuerySystemInformation
-  - KeReleaseSpinLock
-  - KeUnstackDetachProcess
-  - KeInitializeTimer
-  - PsCreateSystemThread
-  - DbgBreakPoint
-  - ZwQueryValueKey
-  - ExAllocatePool
-  - ExInterlockedInsertTailList
-  - PsTerminateSystemThread
-  - KeQueryTimeIncrement
-  - ZwClose
-  - ObReferenceObjectByHandle
-  - KeWaitForSingleObject
-  - KeSetTimer
-  - PsGetVersion
-  - ExInterlockedRemoveHeadList
-  - ZwQueryInformationProcess
-  - PsGetCurrentProcessId
-  - ObfDereferenceObject
-  - KeCancelTimer
-  - ZwQueryInformationFile
-  - KeWaitForMultipleObjects
-  - RtlUpcaseUnicodeChar
-  - ObOpenObjectByPointer
-  - KeStackAttachProcess
-  - PsLookupThreadByThreadId
-  - ZwAllocateVirtualMemory
-  - ZwOpenKey
-  - KeAcquireSpinLockRaiseToDpc
-  - ExReleaseFastMutex
-  - RtlAnsiStringToUnicodeString
-  - ExAcquireFastMutex
-  - PsSetLoadImageNotifyRoutine
-  - IoFreeWorkItem
-  - RtlInitAnsiString
-  - PsSetCreateThreadNotifyRoutine
-  - RtlUnicodeStringToAnsiString
-  - PsSetCreateProcessNotifyRoutine
-  - RtlEqualUnicodeString
-  - RtlFreeUnicodeString
-  - IoAllocateWorkItem
-  - ZwOpenProcess
-  - RtlCompareMemory
-  - FsRtlDissectName
-  - PsGetCurrentThreadId
-  - IoQueueWorkItem
-  - ExAcquireResourceExclusiveLite
-  - KeLeaveCriticalRegion
-  - RtlAppendUnicodeToString
-  - ZwDeleteValueKey
-  - ZwSetValueKey
-  - RtlDeleteNoSplay
-  - KeEnterCriticalRegion
-  - ObQueryNameString
-  - ExReleaseResourceLite
-  - ZwEnumerateValueKey
-  - RtlAppendUnicodeStringToString
-  - RtlCompareUnicodeString
-  - RtlCopyUnicodeString
-  - ExInitializeResourceLite
-  - ZwDeleteKey
-  - RtlSplay
-  - ZwEnumerateKey
-  - ZwQueryKey
-  - IoBuildDeviceIoControlRequest
-  - IoDeleteDevice
-  - IoGetDeviceObjectPointer
-  - InitSafeBootMode
-  - IofCompleteRequest
-  - IoGetRequestorProcessId
-  - IoCreateSymbolicLink
-  - MmIsAddressValid
-  - IoCreateDevice
-  - ZwTerminateProcess
-  - IofCallDriver
-  - ZwOpenThread
-  - RtlDeleteElementGenericTableAvl
-  - RtlInsertElementGenericTableAvl
-  - ZwReadFile
-  - RtlGetElementGenericTableAvl
-  - IoCreateFile
-  - RtlIsGenericTableEmptyAvl
-  - ExAcquireResourceSharedLite
-  - RtlInitializeGenericTableAvl
-  - RtlUnicodeStringToInteger
-  - RtlLookupElementGenericTableAvl
-  - RtlEnumerateGenericTableWithoutSplayingAvl
-  - KeBugCheckEx
-  - __C_specific_handler
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=AU, ST=New South Wales, L=North Sydney, O=PC Tools, OU=Digital ID
-        Class 3 , Microsoft Software Validation v2, CN=PC Tools
-      ValidFrom: '2008-07-18 00:00:00'
-      ValidTo: '2011-08-06 23:59:59'
-      Signature: 247f30abadfba4d717be28260bc929394b837b4940a81c250cba8415892271ea306bc6c741112227dc8afd0419b93220a342d20987a085564886139a5f6ebf3f0b7c4a599e6419c5f9de6d58ff3fa620b4987e60d29a277d9d4a38cc7ed64487f94033bad2a92c49aa814b533332d9dae2e6f142f52163f407a43fd6a6ee0351fc40f0c1969584b0ed9aedfda8477b14febbccdcbd0d65645bc0cbf0b34a6cb52e7d6b9ca739d46b986d9e38bfced59b4fa952c916d67a0be9d6157e3d1f3f4023e64d4da93102eab9cfe63d2fc860501a60c8e786e9d446e9545b06178026b8390a3aae5e0d681499b468d6cb9b44afa0b5597dcb6ca920cfb01bae21208c7a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3942fe1de9b44298ffbec71ba408f092
-      Version: 3
-      TBS:
-        MD5: 9fd69d78f600dc8a17faa7b89a9ca51d
-        SHA1: f086710273cc2bd48d97f3bd8be55cdd80042d9d
-        SHA256: ed120b5be5d481a5ea7e3d8ae546185f6d5c9262a827b49faebcb3f0edfaeede
-        SHA384: be5320882ee52f54c3797d7b6dc4ac5cb812543ce52fae65c1939ecd4aad8c5715dbd1fe2ecdf00d2e86cc04fb840b8b
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 3942fe1de9b44298ffbec71ba408f092
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-Tags:
-- 'TfSysMon.sys'
+-   Filename: TfSysMon.sys
+    MD5: 761f2e2b759389a472bd3d94141742b9
+    SHA1: c881f43c7fe94a6f056a84da8e9a32fe56d8dd9c
+    SHA256: 1c1a4ca2cbac9fe5954763a20aeb82da9b10d028824f42fff071503dcbe15856
+    Signature: ''
+    Date: ''
+    Publisher: ''
+    Company: PC Tools
+    Description: ThreatFire System Monitor
+    Product: ThreatFire
+    ProductVersion: 4.6.0.26
+    FileVersion: 4.10.2.1
+    MachineType: AMD64
+    OriginalFilename: TfSysMon.sys
+    Imphash: 9e7c36ff0dc8862002283773ace05f9e
+    Authentihash:
+        MD5: bf20ffaec0c931ba26ba3b4fa1168b8a
+        SHA1: 4e572da2a16b1588b2140f6739dc1dbd82cc1292
+        SHA256: 39f5d351878f7216a69d0330c40e5b2793c6d4d3ee72f0673cf7555ea9dbe86a
+    RichPEHeaderHash:
+        MD5: 7401835ee57bfad89c8355b1bd87ef20
+        SHA1: 5467c4177559d5b83ce52dd4c8f1366c7ad5ca20
+        SHA256: b40447d856fa680f34064911a1f0285f58dac4ec40e90b306c546ce11615a005
+    Sections:
+        .text:
+            Entropy: 6.326690300828168
+            Virtual Size: '0xa0b8'
+        .rdata:
+            Entropy: 5.328583885941854
+            Virtual Size: '0xca0'
+        .data:
+            Entropy: 0.6238885848006501
+            Virtual Size: '0x7e0'
+        .pdata:
+            Entropy: 4.439637717036265
+            Virtual Size: '0x480'
+        INIT:
+            Entropy: 5.125170195862425
+            Virtual Size: '0xcc4'
+        .rsrc:
+            Entropy: 3.2918275791152984
+            Virtual Size: '0x3f8'
+        .reloc:
+            Entropy: 1.2636865525783176
+            Virtual Size: '0x30'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2010-02-01 20:16:19'
+    InternalName: TfSysMon
+    Copyright: "Copyright \xA9 2005-2009 PC Tools. All Rights Reserved."
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - PsLookupProcessByProcessId
+    - RtlDowncaseUnicodeString
+    - RtlInitUnicodeString
+    - KeSetEvent
+    - MmGetSystemRoutineAddress
+    - KeInitializeEvent
+    - ZwQuerySystemInformation
+    - KeReleaseSpinLock
+    - KeUnstackDetachProcess
+    - KeInitializeTimer
+    - PsCreateSystemThread
+    - DbgBreakPoint
+    - ZwQueryValueKey
+    - ExAllocatePool
+    - ExInterlockedInsertTailList
+    - PsTerminateSystemThread
+    - KeQueryTimeIncrement
+    - ZwClose
+    - ObReferenceObjectByHandle
+    - KeWaitForSingleObject
+    - KeSetTimer
+    - PsGetVersion
+    - ExInterlockedRemoveHeadList
+    - ZwQueryInformationProcess
+    - PsGetCurrentProcessId
+    - ObfDereferenceObject
+    - KeCancelTimer
+    - ZwQueryInformationFile
+    - KeWaitForMultipleObjects
+    - RtlUpcaseUnicodeChar
+    - ObOpenObjectByPointer
+    - KeStackAttachProcess
+    - PsLookupThreadByThreadId
+    - ZwAllocateVirtualMemory
+    - ZwOpenKey
+    - KeAcquireSpinLockRaiseToDpc
+    - ExReleaseFastMutex
+    - RtlAnsiStringToUnicodeString
+    - ExAcquireFastMutex
+    - PsSetLoadImageNotifyRoutine
+    - IoFreeWorkItem
+    - RtlInitAnsiString
+    - PsSetCreateThreadNotifyRoutine
+    - RtlUnicodeStringToAnsiString
+    - PsSetCreateProcessNotifyRoutine
+    - RtlEqualUnicodeString
+    - RtlFreeUnicodeString
+    - IoAllocateWorkItem
+    - ZwOpenProcess
+    - RtlCompareMemory
+    - FsRtlDissectName
+    - PsGetCurrentThreadId
+    - IoQueueWorkItem
+    - ExAcquireResourceExclusiveLite
+    - KeLeaveCriticalRegion
+    - RtlAppendUnicodeToString
+    - ZwDeleteValueKey
+    - ZwSetValueKey
+    - RtlDeleteNoSplay
+    - KeEnterCriticalRegion
+    - ObQueryNameString
+    - ExReleaseResourceLite
+    - ZwEnumerateValueKey
+    - RtlAppendUnicodeStringToString
+    - RtlCompareUnicodeString
+    - RtlCopyUnicodeString
+    - ExInitializeResourceLite
+    - ZwDeleteKey
+    - RtlSplay
+    - ZwEnumerateKey
+    - ZwQueryKey
+    - IoBuildDeviceIoControlRequest
+    - IoDeleteDevice
+    - IoGetDeviceObjectPointer
+    - InitSafeBootMode
+    - IofCompleteRequest
+    - IoGetRequestorProcessId
+    - IoCreateSymbolicLink
+    - MmIsAddressValid
+    - IoCreateDevice
+    - ZwTerminateProcess
+    - IofCallDriver
+    - ZwOpenThread
+    - RtlDeleteElementGenericTableAvl
+    - RtlInsertElementGenericTableAvl
+    - ZwReadFile
+    - RtlGetElementGenericTableAvl
+    - IoCreateFile
+    - RtlIsGenericTableEmptyAvl
+    - ExAcquireResourceSharedLite
+    - RtlInitializeGenericTableAvl
+    - RtlUnicodeStringToInteger
+    - RtlLookupElementGenericTableAvl
+    - RtlEnumerateGenericTableWithoutSplayingAvl
+    - KeBugCheckEx
+    - __C_specific_handler
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=AU, ST=New South Wales, L=North Sydney, O=PC Tools, OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, CN=PC Tools
+            ValidFrom: '2008-07-18 00:00:00'
+            ValidTo: '2011-08-06 23:59:59'
+            Signature: 247f30abadfba4d717be28260bc929394b837b4940a81c250cba8415892271ea306bc6c741112227dc8afd0419b93220a342d20987a085564886139a5f6ebf3f0b7c4a599e6419c5f9de6d58ff3fa620b4987e60d29a277d9d4a38cc7ed64487f94033bad2a92c49aa814b533332d9dae2e6f142f52163f407a43fd6a6ee0351fc40f0c1969584b0ed9aedfda8477b14febbccdcbd0d65645bc0cbf0b34a6cb52e7d6b9ca739d46b986d9e38bfced59b4fa952c916d67a0be9d6157e3d1f3f4023e64d4da93102eab9cfe63d2fc860501a60c8e786e9d446e9545b06178026b8390a3aae5e0d681499b468d6cb9b44afa0b5597dcb6ca920cfb01bae21208c7a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3942fe1de9b44298ffbec71ba408f092
+            Version: 3
+            TBS:
+                MD5: 9fd69d78f600dc8a17faa7b89a9ca51d
+                SHA1: f086710273cc2bd48d97f3bd8be55cdd80042d9d
+                SHA256: ed120b5be5d481a5ea7e3d8ae546185f6d5c9262a827b49faebcb3f0edfaeede
+                SHA384: be5320882ee52f54c3797d7b6dc4ac5cb812543ce52fae65c1939ecd4aad8c5715dbd1fe2ecdf00d2e86cc04fb840b8b
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 3942fe1de9b44298ffbec71ba408f092
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
diff --git a/yaml/be3e49ea-095e-4fdb-9529-f4c2dbb9a9fc.yaml b/yaml/be3e49ea-095e-4fdb-9529-f4c2dbb9a9fc.yaml
index 9f976423c..761bccecd 100644
--- a/yaml/be3e49ea-095e-4fdb-9529-f4c2dbb9a9fc.yaml
+++ b/yaml/be3e49ea-095e-4fdb-9529-f4c2dbb9a9fc.yaml
@@ -1,192 +1,193 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: be3e49ea-095e-4fdb-9529-f4c2dbb9a9fc
+Tags:
+- PhlashNT.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create PhlashNT.sys binPath=C:\windows\temp\PhlashNT.sys type=kernel
-    && sc.exe start PhlashNT.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/65db1b259e305a52042e07e111f4fa4af16542c8bacd33655f753ef642228890.yara
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: be3e49ea-095e-4fdb-9529-f4c2dbb9a9fc
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 5cf72ecb15ffea87586783893b02c43d
-    SHA1: ef2d7210b761f158a0832083a8407b3ec2f99db9
-    SHA256: cde02c7db90626bcfbfbbc1315d4ce18d4f15667fa57c16b9ac2b060507c62ad
-  Company: Phoenix Technologies, Ltd.
-  Copyright: (c) Phoenix Technologies, Ltd. 2000-2003
-  CreationTimestamp: '2009-09-22 22:36:24'
-  Date: ''
-  Description: SWinFlash Driver for Windows NT
-  ExportedFunctions: ''
-  FileVersion: 1.6.1.0
-  Filename: PhlashNT.sys
-  ImportedFunctions:
-  - IoDeleteDevice
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - RtlInitUnicodeString
-  - IoDeleteSymbolicLink
-  - IofCompleteRequest
-  - MmMapLockedPages
-  - RtlAssert
-  - DbgPrint
-  - MmMapIoSpace
-  - MmUnmapIoSpace
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  Imports:
-  - ntoskrnl.exe
-  InternalName: PHLASHNT
-  MD5: e9e786bdba458b8b4f9e93d034f73d00
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: PHLASHNT.SYS
-  Product: WinPhlash
-  ProductVersion: 1.6.1.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 73c7564d5bcb59bfea5884036081a613
-    SHA1: a3e28a225415911b2f00bfb8c248e7c0a89f0a5f
-    SHA256: 82a46d69e70d700c06faa5128c311c4d8d1e63ab9507e635cfca2d0e9c875c3f
-  SHA1: c6d349823bbb1f5b44bae91357895dba653c5861
-  SHA256: 65db1b259e305a52042e07e111f4fa4af16542c8bacd33655f753ef642228890
-  Sections:
-    .text:
-      Entropy: 5.653488587929744
-      Virtual Size: '0xb617'
-    .rdata:
-      Entropy: 3.8431584393217295
-      Virtual Size: '0x478'
-    .data:
-      Entropy: 1.4805049954314338
-      Virtual Size: '0x8cc'
-    .pdata:
-      Entropy: 4.32207066965722
-      Virtual Size: '0x534'
-    INIT:
-      Entropy: 4.833223964565047
-      Virtual Size: '0x212'
-    .rsrc:
-      Entropy: 3.3053699840139497
-      Virtual Size: '0x368'
-    .reloc:
-      Entropy: 1.667662953351116
-      Virtual Size: '0xdc'
-  Signature:
-  - Phoenix Technology Ltd.
-  - VeriSign Class 3 Code Signing 2004 CA
-  - VeriSign Class 3 Public Primary CA
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=US, ST=California, L=Milpitas, O=Phoenix Technology Ltd., OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=CSS Core Features Development,
-        CN=Phoenix Technology Ltd.
-      ValidFrom: '2008-11-14 00:00:00'
-      ValidTo: '2009-11-14 23:59:59'
-      Signature: addfb0156ef6ad5c431dffc5ef41cefa457136306d15d84146668cbe5be0f54450614be60c40f7b9ecf7b16b10fe5bcaeff5e31433abd8e218e5cfac8ecb246b3d59d8b3aa0b5ae88feab0b12dd24dc2f4cb51fec3a2a302f67903a652d52197b07e77410d4e480d0f2c3003e150f5da93bd09c91977fbc8d7652f4f5bb7c06d672dbda83f7458f6cb52719cd7f393395e1b036a9701608eccb8c1d2f42ccbee6e53e5fc342b9d5b65aac07d35b2d3b69fb8f51184699a46ac6d3ce7de8fa73353f74f58572f5d982d0d56ce29321d35633de97a04f99d73969c4c0b3bce7cdb95ec67c0b78deee1c5af17e49e9d4978db7f4063c9670adf5094c3e5a730d4fe
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 55272d7780471b989f3def09bb221c53
-      Version: 3
-      TBS:
-        MD5: e25e721298ff095a569a15965845ad33
-        SHA1: 241fbb78e76a1bed275262fa03b82141602acce0
-        SHA256: a854ee1ec235e308c5493d99dda2703087298f201bfcb177c872c07cbe8fe68b
-        SHA384: 2ae82a4e45a28c6e27561c03828abae37e6719c609657118b1189634d51bb0c2202091d32a415fcb606eec3a20080f3a
-    Signer:
-    - SerialNumber: 55272d7780471b989f3def09bb221c53
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  Imphash: b1336b0cb67918ed39f1f88c354910d0
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create PhlashNT.sys binPath=C:\windows\temp\PhlashNT.sys type=kernel
+        && sc.exe start PhlashNT.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://github.com/eclypsium/Screwed-Drivers/blob/master/DRIVERS.md
-Tags:
-- PhlashNT.sys
-Verified: 'TRUE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/65db1b259e305a52042e07e111f4fa4af16542c8bacd33655f753ef642228890.yara
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 5cf72ecb15ffea87586783893b02c43d
+        SHA1: ef2d7210b761f158a0832083a8407b3ec2f99db9
+        SHA256: cde02c7db90626bcfbfbbc1315d4ce18d4f15667fa57c16b9ac2b060507c62ad
+    Company: Phoenix Technologies, Ltd.
+    Copyright: (c) Phoenix Technologies, Ltd. 2000-2003
+    CreationTimestamp: '2009-09-22 22:36:24'
+    Date: ''
+    Description: SWinFlash Driver for Windows NT
+    ExportedFunctions: ''
+    FileVersion: 1.6.1.0
+    Filename: PhlashNT.sys
+    ImportedFunctions:
+    - IoDeleteDevice
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - RtlInitUnicodeString
+    - IoDeleteSymbolicLink
+    - IofCompleteRequest
+    - MmMapLockedPages
+    - RtlAssert
+    - DbgPrint
+    - MmMapIoSpace
+    - MmUnmapIoSpace
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    Imports:
+    - ntoskrnl.exe
+    InternalName: PHLASHNT
+    MD5: e9e786bdba458b8b4f9e93d034f73d00
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: PHLASHNT.SYS
+    Product: WinPhlash
+    ProductVersion: 1.6.1.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 73c7564d5bcb59bfea5884036081a613
+        SHA1: a3e28a225415911b2f00bfb8c248e7c0a89f0a5f
+        SHA256: 82a46d69e70d700c06faa5128c311c4d8d1e63ab9507e635cfca2d0e9c875c3f
+    SHA1: c6d349823bbb1f5b44bae91357895dba653c5861
+    SHA256: 65db1b259e305a52042e07e111f4fa4af16542c8bacd33655f753ef642228890
+    Sections:
+        .text:
+            Entropy: 5.653488587929744
+            Virtual Size: '0xb617'
+        .rdata:
+            Entropy: 3.8431584393217295
+            Virtual Size: '0x478'
+        .data:
+            Entropy: 1.4805049954314338
+            Virtual Size: '0x8cc'
+        .pdata:
+            Entropy: 4.32207066965722
+            Virtual Size: '0x534'
+        INIT:
+            Entropy: 4.833223964565047
+            Virtual Size: '0x212'
+        .rsrc:
+            Entropy: 3.3053699840139497
+            Virtual Size: '0x368'
+        .reloc:
+            Entropy: 1.667662953351116
+            Virtual Size: '0xdc'
+    Signature:
+    - Phoenix Technology Ltd.
+    - VeriSign Class 3 Code Signing 2004 CA
+    - VeriSign Class 3 Public Primary CA
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=US, ST=California, L=Milpitas, O=Phoenix Technology Ltd., OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, OU=CSS Core Features
+                Development, CN=Phoenix Technology Ltd.
+            ValidFrom: '2008-11-14 00:00:00'
+            ValidTo: '2009-11-14 23:59:59'
+            Signature: addfb0156ef6ad5c431dffc5ef41cefa457136306d15d84146668cbe5be0f54450614be60c40f7b9ecf7b16b10fe5bcaeff5e31433abd8e218e5cfac8ecb246b3d59d8b3aa0b5ae88feab0b12dd24dc2f4cb51fec3a2a302f67903a652d52197b07e77410d4e480d0f2c3003e150f5da93bd09c91977fbc8d7652f4f5bb7c06d672dbda83f7458f6cb52719cd7f393395e1b036a9701608eccb8c1d2f42ccbee6e53e5fc342b9d5b65aac07d35b2d3b69fb8f51184699a46ac6d3ce7de8fa73353f74f58572f5d982d0d56ce29321d35633de97a04f99d73969c4c0b3bce7cdb95ec67c0b78deee1c5af17e49e9d4978db7f4063c9670adf5094c3e5a730d4fe
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 55272d7780471b989f3def09bb221c53
+            Version: 3
+            TBS:
+                MD5: e25e721298ff095a569a15965845ad33
+                SHA1: 241fbb78e76a1bed275262fa03b82141602acce0
+                SHA256: a854ee1ec235e308c5493d99dda2703087298f201bfcb177c872c07cbe8fe68b
+                SHA384: 2ae82a4e45a28c6e27561c03828abae37e6719c609657118b1189634d51bb0c2202091d32a415fcb606eec3a20080f3a
+        Signer:
+        -   SerialNumber: 55272d7780471b989f3def09bb221c53
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    Imphash: b1336b0cb67918ed39f1f88c354910d0
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/be4843ef-a2a8-4a0d-91c6-42e165800bb0.yaml b/yaml/be4843ef-a2a8-4a0d-91c6-42e165800bb0.yaml
index 8aedb6ba1..c85ec03df 100644
--- a/yaml/be4843ef-a2a8-4a0d-91c6-42e165800bb0.yaml
+++ b/yaml/be4843ef-a2a8-4a0d-91c6-42e165800bb0.yaml
@@ -1,35 +1,35 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: be4843ef-a2a8-4a0d-91c6-42e165800bb0
+Tags:
+- TestBone.sys
+Verified: 'FALSE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create TestBone.sys binPath=C:\windows\temp\TestBone.sys type=kernel
-    && sc.exe start TestBone.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection: []
-Id: be4843ef-a2a8-4a0d-91c6-42e165800bb0
-KnownVulnerableSamples:
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: TestBone.sys
-  MachineType: ''
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA256: 0de4247e72d378713bcf22d5c5d3874d079203bb4364e25f67a90d5570bdcce8
-  Signature: []
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create TestBone.sys binPath=C:\windows\temp\TestBone.sys type=kernel
+        && sc.exe start TestBone.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules
-Tags:
-- TestBone.sys
-Verified: 'FALSE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: TestBone.sys
+    MachineType: ''
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA256: 0de4247e72d378713bcf22d5c5d3874d079203bb4364e25f67a90d5570bdcce8
+    Signature: []
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/bf01915d-045f-442c-a74e-25c56182123f.yaml b/yaml/bf01915d-045f-442c-a74e-25c56182123f.yaml
index d6ede42a6..243784d2b 100644
--- a/yaml/bf01915d-045f-442c-a74e-25c56182123f.yaml
+++ b/yaml/bf01915d-045f-442c-a74e-25c56182123f.yaml
@@ -1,193 +1,194 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: bf01915d-045f-442c-a74e-25c56182123f
+Tags:
+- BSMI.sys
+- BSMIXP64.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create BSMI.sys binPath=C:\windows\temp\BSMI.sys type=kernel &&
-    sc.exe start BSMI.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/59626cac380d8fe0b80a6d4c4406d62ba0683a2f0f68d50ad506ca1b1cf25347.yara
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: bf01915d-045f-442c-a74e-25c56182123f
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 0dea670f26bf6bf65701c4aa0dd89079
-    SHA1: cc071f9cc1cb577b22824d401b63508f61cd76c0
-    SHA256: df82f155376b4e95a3f497b7362ba6039c04d2ae78926f626dbe1a459bc626d7
-  Company: ''
-  Copyright: Copyright (C) BIOSTAR Corp. 2011
-  CreationTimestamp: '2012-08-29 02:16:01'
-  Date: ''
-  Description: SMI Driver
-  ExportedFunctions: ''
-  FileVersion: 1.0.0.3
-  Filename: BSMI.sys
-  ImportedFunctions:
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - MmUnmapIoSpace
-  - MmGetPhysicalAddress
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - RtlAssert
-  - DbgPrint
-  - KeBugCheckEx
-  Imports:
-  - ntoskrnl.exe
-  InternalName: BSMI.sys
-  MD5: fac8eb49e2fd541b81fcbdeb98a199cb
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: BSMI.sys
-  Product: ''
-  ProductVersion: 1.0.0.3
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 3be75f081abbf99ce6301a0d05ac2359
-    SHA1: a48fe1a284ba70b96c39ed2779f343bc84d3bd66
-    SHA256: a222a1ed1250afdb5191e967ce4ac6d941b921e778bf247f7c339326c86d6a63
-  SHA1: 9a35ae9a1f95ce4be64adc604c80079173e4a676
-  SHA256: 59626cac380d8fe0b80a6d4c4406d62ba0683a2f0f68d50ad506ca1b1cf25347
-  Sections:
-    .text:
-      Entropy: 5.332274090432314
-      Virtual Size: '0x1ec'
-    .rdata:
-      Entropy: 4.219189311950067
-      Virtual Size: '0x138'
-    .data:
-      Entropy: 0.5159719988134768
-      Virtual Size: '0x110'
-    .pdata:
-      Entropy: 3.2803544650278664
-      Virtual Size: '0x78'
-    PAGE:
-      Entropy: 5.860418233355002
-      Virtual Size: '0x10b7'
-    INIT:
-      Entropy: 5.45891810936059
-      Virtual Size: '0x44a'
-    .rsrc:
-      Entropy: 3.213568148851367
-      Virtual Size: '0x378'
-  Signature:
-  - BIOSTAR MICROTECH INT'L CORP
-  - VeriSign Class 3 Code Signing 2009-2 CA
-  - VeriSign Class 3 Public Primary CA
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G3
-      ValidFrom: '2012-05-01 00:00:00'
-      ValidTo: '2012-12-31 23:59:59'
-      Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
-      Version: 3
-      TBS:
-        MD5: e6d820afb23af20a65cf0b03247ea05e
-        SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
-        SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
-        SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=TW, ST=TAIPEI HSIEN, L=HSIN TIEN, O=BIOSTAR MICROTECH INT'L CORP,
-        OU=Digital ID Class 3 , Microsoft Software Validation v2, OU=BMA;BMG, CN=BIOSTAR
-        MICROTECH INT'L CORP
-      ValidFrom: '2010-09-19 00:00:00'
-      ValidTo: '2013-10-19 23:59:59'
-      Signature: 06b346c5f71bba225d131ad7b037d6c016703a8f3d89746a2d49e5641a0ccd4034c78e4a5a756380d88cf8321b3c886cb5e2656c16c03cff1588b126a7d206fd98fd7e2d61cc80998dfb58d4652112aa258506f779543fcc0b72c06f2174f11bb01017a5c49ae4b31fd913cee75241022e7c5bd14ffff2dbe5f9c211b1a8b3bd9cc3cb5648712c5b57397f136c105148021299be4d99ba1c29d611adb10695d4565a697efe03e6c95d869883c63dffb2fac5f3db7612608f6ee7a59646031231292c7904d69bd997c266ad2f1bca7e35453a08e53d8d9e302b9bbeeca812c64f03bc641cdeb7c5ba70999724f7d92918f1f8a8657f95290cc16ee0e281a785e7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 124dc5a63cc2bd8265445e912ed07d1f
-      Version: 3
-      TBS:
-        MD5: beccd5c41126e0c537cf489954b53feb
-        SHA1: 109fbb823652c1148c4949cdc860abd5b4ad24e5
-        SHA256: aac7608d0bcb286dc9869eb39125b27a960d9533db860cc9e3148149ca149c4a
-        SHA384: 16a03de40518fd3ffcee724d218effca4edfd9abf66d374d45ef3310ccf7e5be707f27588306b4c1bf28172a7d281869
-    Signer:
-    - SerialNumber: 124dc5a63cc2bd8265445e912ed07d1f
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  Imphash: bc5c06a7fa9555f3f34043d828d9b123
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create BSMI.sys binPath=C:\windows\temp\BSMI.sys type=kernel &&
+        sc.exe start BSMI.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://github.com/elastic/protections-artifacts/search?q=VulnDriver
 - https://github.com/eclypsium/Screwed-Drivers/blob/master/DRIVERS.md
-Tags:
-- BSMI.sys
-- BSMIXP64.sys
-Verified: 'TRUE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/59626cac380d8fe0b80a6d4c4406d62ba0683a2f0f68d50ad506ca1b1cf25347.yara
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 0dea670f26bf6bf65701c4aa0dd89079
+        SHA1: cc071f9cc1cb577b22824d401b63508f61cd76c0
+        SHA256: df82f155376b4e95a3f497b7362ba6039c04d2ae78926f626dbe1a459bc626d7
+    Company: ''
+    Copyright: Copyright (C) BIOSTAR Corp. 2011
+    CreationTimestamp: '2012-08-29 02:16:01'
+    Date: ''
+    Description: SMI Driver
+    ExportedFunctions: ''
+    FileVersion: 1.0.0.3
+    Filename: BSMI.sys
+    ImportedFunctions:
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - MmUnmapIoSpace
+    - MmGetPhysicalAddress
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - RtlAssert
+    - DbgPrint
+    - KeBugCheckEx
+    Imports:
+    - ntoskrnl.exe
+    InternalName: BSMI.sys
+    MD5: fac8eb49e2fd541b81fcbdeb98a199cb
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: BSMI.sys
+    Product: ''
+    ProductVersion: 1.0.0.3
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 3be75f081abbf99ce6301a0d05ac2359
+        SHA1: a48fe1a284ba70b96c39ed2779f343bc84d3bd66
+        SHA256: a222a1ed1250afdb5191e967ce4ac6d941b921e778bf247f7c339326c86d6a63
+    SHA1: 9a35ae9a1f95ce4be64adc604c80079173e4a676
+    SHA256: 59626cac380d8fe0b80a6d4c4406d62ba0683a2f0f68d50ad506ca1b1cf25347
+    Sections:
+        .text:
+            Entropy: 5.332274090432314
+            Virtual Size: '0x1ec'
+        .rdata:
+            Entropy: 4.219189311950067
+            Virtual Size: '0x138'
+        .data:
+            Entropy: 0.5159719988134768
+            Virtual Size: '0x110'
+        .pdata:
+            Entropy: 3.2803544650278664
+            Virtual Size: '0x78'
+        PAGE:
+            Entropy: 5.860418233355002
+            Virtual Size: '0x10b7'
+        INIT:
+            Entropy: 5.45891810936059
+            Virtual Size: '0x44a'
+        .rsrc:
+            Entropy: 3.213568148851367
+            Virtual Size: '0x378'
+    Signature:
+    - BIOSTAR MICROTECH INT'L CORP
+    - VeriSign Class 3 Code Signing 2009-2 CA
+    - VeriSign Class 3 Public Primary CA
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G3
+            ValidFrom: '2012-05-01 00:00:00'
+            ValidTo: '2012-12-31 23:59:59'
+            Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
+            Version: 3
+            TBS:
+                MD5: e6d820afb23af20a65cf0b03247ea05e
+                SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
+                SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
+                SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=TW, ST=TAIPEI HSIEN, L=HSIN TIEN, O=BIOSTAR MICROTECH INT'L
+                CORP, OU=Digital ID Class 3 , Microsoft Software Validation v2, OU=BMA;BMG,
+                CN=BIOSTAR MICROTECH INT'L CORP
+            ValidFrom: '2010-09-19 00:00:00'
+            ValidTo: '2013-10-19 23:59:59'
+            Signature: 06b346c5f71bba225d131ad7b037d6c016703a8f3d89746a2d49e5641a0ccd4034c78e4a5a756380d88cf8321b3c886cb5e2656c16c03cff1588b126a7d206fd98fd7e2d61cc80998dfb58d4652112aa258506f779543fcc0b72c06f2174f11bb01017a5c49ae4b31fd913cee75241022e7c5bd14ffff2dbe5f9c211b1a8b3bd9cc3cb5648712c5b57397f136c105148021299be4d99ba1c29d611adb10695d4565a697efe03e6c95d869883c63dffb2fac5f3db7612608f6ee7a59646031231292c7904d69bd997c266ad2f1bca7e35453a08e53d8d9e302b9bbeeca812c64f03bc641cdeb7c5ba70999724f7d92918f1f8a8657f95290cc16ee0e281a785e7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 124dc5a63cc2bd8265445e912ed07d1f
+            Version: 3
+            TBS:
+                MD5: beccd5c41126e0c537cf489954b53feb
+                SHA1: 109fbb823652c1148c4949cdc860abd5b4ad24e5
+                SHA256: aac7608d0bcb286dc9869eb39125b27a960d9533db860cc9e3148149ca149c4a
+                SHA384: 16a03de40518fd3ffcee724d218effca4edfd9abf66d374d45ef3310ccf7e5be707f27588306b4c1bf28172a7d281869
+        Signer:
+        -   SerialNumber: 124dc5a63cc2bd8265445e912ed07d1f
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    Imphash: bc5c06a7fa9555f3f34043d828d9b123
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/c00f818c-1c90-4b47-bc29-fb949f6efb65.yaml b/yaml/c00f818c-1c90-4b47-bc29-fb949f6efb65.yaml
index 0a3745469..7e2eb79ec 100644
--- a/yaml/c00f818c-1c90-4b47-bc29-fb949f6efb65.yaml
+++ b/yaml/c00f818c-1c90-4b47-bc29-fb949f6efb65.yaml
@@ -1,224 +1,225 @@
 Id: c00f818c-1c90-4b47-bc29-fb949f6efb65
+Tags:
+- e29f6311ae87542b3d693c1f38e4e3ad.sys
+Verified: 'TRUE'
 Author: Alice Climent-Pommeret
 Created: '2023-07-31'
 MitreID: T1014
 Category: malicious
-Verified: 'TRUE'
 Commands:
-  Command: sc.exe create e29f6311ae87542b3d693c1f38e4e3ad.sys binPath=C:\windows\temp\e29f6311ae87542b3d693c1f38e4e3ad.sys
-    type=kernel && sc.exe start e29f6311ae87542b3d693c1f38e4e3ad.sys
-  Description: "Cisco Talos has identified multiple versions of an undocumented malicious\
-    \ driver named \u201CRedDriver,\u201D a driver-based browser hijacker that uses\
-    \ the Windows Filtering Platform (WFP) to intercept browser traffic. RedDriver\
-    \ has been active since at least 2021. RedDriver utilizes HookSignTool to forge\
-    \ its signature timestamp to bypass Windows driver-signing policies. Code from\
-    \ multiple open-source tools has been used in the development of RedDriver's infection\
-    \ chain, including HP-Socket and a custom implementation of ReflectiveLoader.\
-    \ The authors of RedDriver appear to be skilled in driver development and have\
-    \ deep knowledge of the Windows operating system. This threat appears to target\
-    \ native Chinese speakers, as it searches for Chinese language browsers to hijack.\
-    \ Additionally, the authors are likely Chinese speakers themselves."
-  Usecase: ''
-  Privileges: kernel
-  OperatingSystem: Windows 10
+    Command: sc.exe create e29f6311ae87542b3d693c1f38e4e3ad.sys binPath=C:\windows\temp\e29f6311ae87542b3d693c1f38e4e3ad.sys
+        type=kernel && sc.exe start e29f6311ae87542b3d693c1f38e4e3ad.sys
+    Description: "Cisco Talos has identified multiple versions of an undocumented\
+        \ malicious driver named \u201CRedDriver,\u201D a driver-based browser hijacker\
+        \ that uses the Windows Filtering Platform (WFP) to intercept browser traffic.\
+        \ RedDriver has been active since at least 2021. RedDriver utilizes HookSignTool\
+        \ to forge its signature timestamp to bypass Windows driver-signing policies.\
+        \ Code from multiple open-source tools has been used in the development of\
+        \ RedDriver's infection chain, including HP-Socket and a custom implementation\
+        \ of ReflectiveLoader. The authors of RedDriver appear to be skilled in driver\
+        \ development and have deep knowledge of the Windows operating system. This\
+        \ threat appears to target native Chinese speakers, as it searches for Chinese\
+        \ language browsers to hijack. Additionally, the authors are likely Chinese\
+        \ speakers themselves."
+    Usecase: ''
+    Privileges: kernel
+    OperatingSystem: Windows 10
 Resources:
 - https://blog.talosintelligence.com/undocumented-reddriver/
-Acknowledgement:
-  Person: ''
-  Handle: ''
 Detection: []
+Acknowledgement:
+    Person: ''
+    Handle: ''
 KnownVulnerableSamples:
-- Filename: ''
-  MD5: e29f6311ae87542b3d693c1f38e4e3ad
-  SHA1: 27371f45f42383029c3c2e6d64a22e35dc772a72
-  SHA256: d25b5e4d07f594c640dcd93cfc8ab3f0a38348150bd0bfae89f404fbb0d811c6
-  Signature: ''
-  Date: ''
-  Publisher: ''
-  Company: ''
-  Description: ''
-  Product: ''
-  ProductVersion: ''
-  FileVersion: ''
-  MachineType: AMD64
-  OriginalFilename: ''
-  Authentihash:
-    MD5: 20b5622a89defecbf5fc8aa084c4b43e
-    SHA1: 6e80c1b17905dca548dc5a3a8751f1b75159b916
-    SHA256: 3db84cbf299307b1d3500b50355cf35f63d69c6c56d117335fbef7c84ddcc09b
-  RichPEHeaderHash:
-    MD5: ecdd5c0e8a78b145a8e5d9443ff0f2eb
-    SHA1: 3ed3a76d965f1b5e387959ceedc84567a2f7bca4
-    SHA256: 1edc4e310bd57e5c317b972f0bdb9f1f0794009b7039364dd6a879ee5f342754
-  Sections:
-    .text:
-      Entropy: 6.2119592546505995
-      Virtual Size: '0xc1ee'
-    .rdata:
-      Entropy: 5.110403242864534
-      Virtual Size: '0xbac'
-    .data:
-      Entropy: 7.880061616520016
-      Virtual Size: '0xa5490'
-    .pdata:
-      Entropy: 4.5968345164469415
-      Virtual Size: '0x540'
-    PAGE:
-      Entropy: 6.308757256393646
-      Virtual Size: '0x9b5'
-    INIT:
-      Entropy: 5.268683087271941
-      Virtual Size: '0xa96'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2023-07-08 19:13:45'
-  InternalName: ''
-  Copyright: ''
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IoRegisterDriverReinitialization
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeSetEvent
-  - KeInitializeEvent
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - ZwClose
-  - IofCompleteRequest
-  - ObReferenceObjectByHandle
-  - KeWaitForSingleObject
-  - PsThreadType
-  - IoIsWdmVersionAvailable
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - ZwReadFile
-  - IoCreateFile
-  - ZwSetInformationFile
-  - ZwCreateFile
-  - ZwQueryDirectoryFile
-  - ZwDeleteFile
-  - ZwOpenFile
-  - RtlImageNtHeader
-  - ZwQueryInformationFile
-  - ZwWriteFile
-  - ZwSetValueKey
-  - ZwQueryValueKey
-  - _vsnprintf
-  - ZwFlushKey
-  - ZwDeleteKey
-  - ZwOpenKey
-  - _stricmp
-  - ZwCreateKey
-  - PsSetLoadImageNotifyRoutine
-  - PsGetProcessImageFileName
-  - PsLookupProcessByProcessId
-  - MmGetSystemRoutineAddress
-  - RtlGetVersion
-  - FsRtlIsNameInExpression
-  - wcsrchr
-  - PsRemoveLoadImageNotifyRoutine
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - KeUnstackDetachProcess
-  - ObOpenObjectByPointer
-  - KeStackAttachProcess
-  - ZwAllocateVirtualMemory
-  - KeClearEvent
-  - _wcsnicmp
-  - ObCreateObject
-  - IoFileObjectType
-  - IoDriverObjectType
-  - MmMapLockedPagesSpecifyCache
-  - IoGetCurrentProcess
-  - _vsnwprintf
-  - KeQueryTimeIncrement
-  - IoGetDeviceAttachmentBaseRef
-  - IoFreeIrp
-  - IoAllocateIrp
-  - RtlCompareUnicodeString
-  - CmRegisterCallback
-  - PsGetCurrentProcessId
-  - RtlCopyUnicodeString
-  - CmCallbackGetKeyObjectID
-  - ZwEnumerateKey
-  - strstr
-  - KeDelayExecutionThread
-  - ExSystemTimeToLocalTime
-  - RtlTimeToTimeFields
-  - RtlMultiByteToUnicodeN
-  - IoBuildDeviceIoControlRequest
-  - IoGetRelatedDeviceObject
-  - IoFreeMdl
-  - IoCancelIrp
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - IofCallDriver
-  - ZwMapViewOfSection
-  - ExGetPreviousMode
-  - ZwQuerySystemInformation
-  - ZwUnmapViewOfSection
-  - ZwCreateSection
-  - ExFreePool
-  - KeBugCheckEx
-  - __C_specific_handler
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=CN, ST=Beijing, L=Beijing, O=Beijing JoinHope Image Technology Ltd.,
-        CN=Beijing JoinHope Image Technology Ltd.
-      ValidFrom: '2014-05-16 00:00:00'
-      ValidTo: '2015-05-16 23:59:59'
-      Signature: e896f8811ed9938fcbdc8c37f8c029045bb36722791c608d7d59f1d50b9e8923777b3ce973553c8164d7445f038c3720516d74f2f95fd734cd1349c1e6cf17f1c9042f069fb94350f7cd8f36f676fd175742d32adbc5d143423e3bc38bea71f9d021110303529d578ba7aab16d53c61642cf1f7e16964718a083182429d4347a09ea0047d9e53bad112ca5a5a14a180539ceb64000a677709bb70e9e3aea68158977072e7f130f1f99b08c2593b4003523f3f6cd441a7e4d8e88f3a2b871e6a03627dd3dadd97487df1dc5b93119ec65b60d1e4e0248a1978ee7480c08b8b8e54d890e7941aa852cf65d731cf0a6cf66584a0d0fba70d6697ee22a8d859919f4
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0a005d2e2bcd4137168217d8c727747c
-      Version: 3
-      TBS:
-        MD5: 4d213d99215f488050faaa39765656d1
-        SHA1: 0308508b5a3fcd330bbf28931f8e1a9c93c3ee69
-        SHA256: ea947432de238a25fdb7892e436f4ef44f30ab16ae9e1eb914860f4808b25ef2
-        SHA384: 430e932514f35ed55f31f050f33bcc0b9244fd83c6d1d28ee240306e54292e93b5894ef4eb9c09bf84cdc8068c6a7230
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 0a005d2e2bcd4137168217d8c727747c
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: be0dd8b8e045356d600ee55a64d9d197
-  LoadsDespiteHVCI: 'TRUE'
-Tags:
-- e29f6311ae87542b3d693c1f38e4e3ad.sys
+-   Filename: ''
+    MD5: e29f6311ae87542b3d693c1f38e4e3ad
+    SHA1: 27371f45f42383029c3c2e6d64a22e35dc772a72
+    SHA256: d25b5e4d07f594c640dcd93cfc8ab3f0a38348150bd0bfae89f404fbb0d811c6
+    Signature: ''
+    Date: ''
+    Publisher: ''
+    Company: ''
+    Description: ''
+    Product: ''
+    ProductVersion: ''
+    FileVersion: ''
+    MachineType: AMD64
+    OriginalFilename: ''
+    Authentihash:
+        MD5: 20b5622a89defecbf5fc8aa084c4b43e
+        SHA1: 6e80c1b17905dca548dc5a3a8751f1b75159b916
+        SHA256: 3db84cbf299307b1d3500b50355cf35f63d69c6c56d117335fbef7c84ddcc09b
+    RichPEHeaderHash:
+        MD5: ecdd5c0e8a78b145a8e5d9443ff0f2eb
+        SHA1: 3ed3a76d965f1b5e387959ceedc84567a2f7bca4
+        SHA256: 1edc4e310bd57e5c317b972f0bdb9f1f0794009b7039364dd6a879ee5f342754
+    Sections:
+        .text:
+            Entropy: 6.2119592546505995
+            Virtual Size: '0xc1ee'
+        .rdata:
+            Entropy: 5.110403242864534
+            Virtual Size: '0xbac'
+        .data:
+            Entropy: 7.880061616520016
+            Virtual Size: '0xa5490'
+        .pdata:
+            Entropy: 4.5968345164469415
+            Virtual Size: '0x540'
+        PAGE:
+            Entropy: 6.308757256393646
+            Virtual Size: '0x9b5'
+        INIT:
+            Entropy: 5.268683087271941
+            Virtual Size: '0xa96'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2023-07-08 19:13:45'
+    InternalName: ''
+    Copyright: ''
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - IoRegisterDriverReinitialization
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeSetEvent
+    - KeInitializeEvent
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - ZwClose
+    - IofCompleteRequest
+    - ObReferenceObjectByHandle
+    - KeWaitForSingleObject
+    - PsThreadType
+    - IoIsWdmVersionAvailable
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - ZwReadFile
+    - IoCreateFile
+    - ZwSetInformationFile
+    - ZwCreateFile
+    - ZwQueryDirectoryFile
+    - ZwDeleteFile
+    - ZwOpenFile
+    - RtlImageNtHeader
+    - ZwQueryInformationFile
+    - ZwWriteFile
+    - ZwSetValueKey
+    - ZwQueryValueKey
+    - _vsnprintf
+    - ZwFlushKey
+    - ZwDeleteKey
+    - ZwOpenKey
+    - _stricmp
+    - ZwCreateKey
+    - PsSetLoadImageNotifyRoutine
+    - PsGetProcessImageFileName
+    - PsLookupProcessByProcessId
+    - MmGetSystemRoutineAddress
+    - RtlGetVersion
+    - FsRtlIsNameInExpression
+    - wcsrchr
+    - PsRemoveLoadImageNotifyRoutine
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - KeUnstackDetachProcess
+    - ObOpenObjectByPointer
+    - KeStackAttachProcess
+    - ZwAllocateVirtualMemory
+    - KeClearEvent
+    - _wcsnicmp
+    - ObCreateObject
+    - IoFileObjectType
+    - IoDriverObjectType
+    - MmMapLockedPagesSpecifyCache
+    - IoGetCurrentProcess
+    - _vsnwprintf
+    - KeQueryTimeIncrement
+    - IoGetDeviceAttachmentBaseRef
+    - IoFreeIrp
+    - IoAllocateIrp
+    - RtlCompareUnicodeString
+    - CmRegisterCallback
+    - PsGetCurrentProcessId
+    - RtlCopyUnicodeString
+    - CmCallbackGetKeyObjectID
+    - ZwEnumerateKey
+    - strstr
+    - KeDelayExecutionThread
+    - ExSystemTimeToLocalTime
+    - RtlTimeToTimeFields
+    - RtlMultiByteToUnicodeN
+    - IoBuildDeviceIoControlRequest
+    - IoGetRelatedDeviceObject
+    - IoFreeMdl
+    - IoCancelIrp
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - IofCallDriver
+    - ZwMapViewOfSection
+    - ExGetPreviousMode
+    - ZwQuerySystemInformation
+    - ZwUnmapViewOfSection
+    - ZwCreateSection
+    - ExFreePool
+    - KeBugCheckEx
+    - __C_specific_handler
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=CN, ST=Beijing, L=Beijing, O=Beijing JoinHope Image Technology
+                Ltd., CN=Beijing JoinHope Image Technology Ltd.
+            ValidFrom: '2014-05-16 00:00:00'
+            ValidTo: '2015-05-16 23:59:59'
+            Signature: e896f8811ed9938fcbdc8c37f8c029045bb36722791c608d7d59f1d50b9e8923777b3ce973553c8164d7445f038c3720516d74f2f95fd734cd1349c1e6cf17f1c9042f069fb94350f7cd8f36f676fd175742d32adbc5d143423e3bc38bea71f9d021110303529d578ba7aab16d53c61642cf1f7e16964718a083182429d4347a09ea0047d9e53bad112ca5a5a14a180539ceb64000a677709bb70e9e3aea68158977072e7f130f1f99b08c2593b4003523f3f6cd441a7e4d8e88f3a2b871e6a03627dd3dadd97487df1dc5b93119ec65b60d1e4e0248a1978ee7480c08b8b8e54d890e7941aa852cf65d731cf0a6cf66584a0d0fba70d6697ee22a8d859919f4
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0a005d2e2bcd4137168217d8c727747c
+            Version: 3
+            TBS:
+                MD5: 4d213d99215f488050faaa39765656d1
+                SHA1: 0308508b5a3fcd330bbf28931f8e1a9c93c3ee69
+                SHA256: ea947432de238a25fdb7892e436f4ef44f30ab16ae9e1eb914860f4808b25ef2
+                SHA384: 430e932514f35ed55f31f050f33bcc0b9244fd83c6d1d28ee240306e54292e93b5894ef4eb9c09bf84cdc8068c6a7230
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 0a005d2e2bcd4137168217d8c727747c
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: be0dd8b8e045356d600ee55a64d9d197
+    LoadsDespiteHVCI: 'TRUE'
diff --git a/yaml/c0645f0f-9b97-4fe9-811e-2e45c250c9ef.yaml b/yaml/c0645f0f-9b97-4fe9-811e-2e45c250c9ef.yaml
index a6ce1bba4..f3f6251d9 100644
--- a/yaml/c0645f0f-9b97-4fe9-811e-2e45c250c9ef.yaml
+++ b/yaml/c0645f0f-9b97-4fe9-811e-2e45c250c9ef.yaml
@@ -1,35 +1,35 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: c0645f0f-9b97-4fe9-811e-2e45c250c9ef
+Tags:
+- cpupress.sys
+Verified: 'FALSE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create cpupress.sys binPath=C:\windows\temp\cpupress.sys type=kernel
-    && sc.exe start cpupress.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection: []
-Id: c0645f0f-9b97-4fe9-811e-2e45c250c9ef
-KnownVulnerableSamples:
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: cpupress.sys
-  MachineType: ''
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA256: fcdfe570e6dc6e768ef75138033d9961f78045adca53beb6fdb520f6417e0df1
-  Signature: []
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create cpupress.sys binPath=C:\windows\temp\cpupress.sys type=kernel
+        && sc.exe start cpupress.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules
-Tags:
-- cpupress.sys
-Verified: 'FALSE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: cpupress.sys
+    MachineType: ''
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA256: fcdfe570e6dc6e768ef75138033d9961f78045adca53beb6fdb520f6417e0df1
+    Signature: []
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/c08c03ff-a7b7-4282-a9fc-265ae88dc244.yaml b/yaml/c08c03ff-a7b7-4282-a9fc-265ae88dc244.yaml
index dbce06d01..ac6561410 100644
--- a/yaml/c08c03ff-a7b7-4282-a9fc-265ae88dc244.yaml
+++ b/yaml/c08c03ff-a7b7-4282-a9fc-265ae88dc244.yaml
@@ -1,366 +1,367 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: c08c03ff-a7b7-4282-a9fc-265ae88dc244
+Tags:
+- IoAccess.sys
+Verified: 'TRUE'
 Author: Takahiro Haruyama
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create IoAccesssys binPath= C:\windows\temp\IoAccesssys.sys type=kernel
-    && sc.exe start IoAccesssys
-  Description: The Carbon Black Threat Analysis Unit (TAU) discovered 34 unique vulnerable
-    drivers (237 file hashes) accepting firmware access. Six allow kernel memory access.
-    All give full control of the devices to non-admin users. By exploiting the vulnerable
-    drivers, an attacker without the system privilege may erase/alter firmware, and/or
-    elevate privileges. As of the time of writing in October 2023, the filenames of
-    the vulnerable drivers have not been made public until now.
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-11-02'
-Detection: []
-Id: c08c03ff-a7b7-4282-a9fc-265ae88dc244
-KnownVulnerableSamples:
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: ''
-  MD5: c15eb30e806ad5e771b23423fd2040b0
-  MachineType: I386
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: e0d12e44db3f57ee7ea723683a6fd346dacf2e3e
-  SHA256: b78eb7f12ba718183313cf336655996756411b7dcc8648157aaa4c891ca9dbee
-  Signature: ''
-  Imphash: c83f076c00d2b0a6ba9dc82f56a97631
-  Authentihash:
-    MD5: c36bebe2a76152bab204272b0bb789df
-    SHA1: 04d4fcdb3deb92b5424cda42b6870d4be6f47d33
-    SHA256: 5868cb3bf5d5a9237e29210218d3d93683c0e4894bc48685ac7d84a1e25e0462
-  RichPEHeaderHash:
-    MD5: 95459a5c07ad57d34911b680a265e9f8
-    SHA1: b8408f375d73ee6e75e3a14ceca744ec3b739bb2
-    SHA256: a0511a9c3353cef915281d5e26b8c5f992462a0a816e808cfafc8fd165211368
-  Sections:
-    .text:
-      Entropy: 6.2095533816131905
-      Virtual Size: '0x28cc'
-    .rdata:
-      Entropy: 5.162764344399424
-      Virtual Size: '0x2c4'
-    .data:
-      Entropy: 1.0972162989563548
-      Virtual Size: '0x9f0'
-    PAGE:
-      Entropy: 6.183611461208023
-      Virtual Size: '0x7de'
-    INIT:
-      Entropy: 5.90814733270709
-      Virtual Size: '0x49a'
-    .reloc:
-      Entropy: 6.620965086342201
-      Virtual Size: '0x540'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2015-06-07 04:50:25'
-  InternalName: ''
-  Copyright: ''
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  - WDFLDR.SYS
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - MmUnmapIoSpace
-  - MmAllocateContiguousMemorySpecifyCache
-  - MmFreeContiguousMemory
-  - IoAllocateMdl
-  - MmMapIoSpace
-  - MmGetPhysicalAddress
-  - RtlUnwind
-  - MmUnmapLockedPages
-  - MmMapLockedPagesSpecifyCache
-  - MmBuildMdlForNonPagedPool
-  - memset
-  - memcpy
-  - RtlCopyUnicodeString
-  - KeBugCheckEx
-  - IoWMIRegistrationControl
-  - MmGetSystemRoutineAddress
-  - RtlCompareMemory
-  - IoFreeMdl
-  - RtlInitUnicodeString
-  - WRITE_PORT_ULONG
-  - READ_PORT_UCHAR
-  - WRITE_PORT_UCHAR
-  - READ_PORT_ULONG
-  - WdfVersionUnbind
-  - WdfVersionBindClass
-  - WdfVersionBind
-  - WdfVersionUnbindClass
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust
-        External CA Root
-      ValidFrom: '2013-08-15 20:26:30'
-      ValidTo: '2023-08-15 20:36:30'
-      Signature: 362ba2f2e1331fe493f7f26985c6640ec99b632fe4703798fd94ec7bcff8a14246f9ed6a4e8d34693605557a1ebbad8c99429606e925a82684bec1bf16a97caa5b04b7fdd1c0f402be28edf577c79bfe3af6e8c17bd382abfa144ecf2bcfe5d5b54840b1a38f838bad2b2553aba634cef243f74f2ce9dd1e4e5ab6bae83b10992400bc50fd78f6e523a8899493f7b74130374a57b7e644d9c9df9905aa44fc74af8264cc07cb01b609c32ee3e832a7b49f4178c7a184365462f2ec150ac8ead084f8f1e06bf456125f95e0fcddb77693fe294a25e90400f1b4110ec9849edb177df51ea58e3629193a6d6c464bd7ab7024288d05a3d9d524f2f8a0d13c8239d4a8820e693a8109fc06f0c75933843693064191232c22a5a7012b50b428aedb46b0591b86b39b87e8494e390b6d14df4c03301e1f5f74aef55b590353ec9816e0d06235751b48b87d13e57a48b87752a40798253b069b7a4e6a6f44864f144f2779273d5073414c9c413edd290c73b1c7fb1f760c176504ebd25010924149ece4067d3615446f89bf697df94d40c13a98b6a07e31d2b5aecafb53d53f5086cd5e933b6d5d7c9a3f3ff7a9255884dd114900a2c7c89e37dd778e6d718be05b81345d54baccf59347886de7ef5be228e4801b40e40f2ad17f2315655aac9994433f465526d6c4fa8895e2919aa32d0b85deac8ce0f967709f71790231f761a229c4
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 3300000035d8d5595b0671412b000000000035
-      Version: 3
-      TBS:
-        MD5: 3d488d41aaeb5661974952080abef2fd
-        SHA1: df01e35e6befc7d65625319f17397b861e618d56
-        SHA256: 3d6ef38b5d26773dc77392e415e88b3a744b30ea9f2081e2a992b5818db2f0c4
-        SHA384: ac7c06916fe4a00307834b2499f12799d3fe463c2e63d1881df669a2786745beeee2b3a7d87cd6bc9e4fe293c22e5a59
-    - Subject: C=US, ST=CA, L=Santa Clara, O=Intel Corporation, CN=Intel Corporation
-        , Embedded Subsystems and IP Blocks Group
-      ValidFrom: '2014-03-18 07:17:07'
-      ValidTo: '2017-03-02 07:17:07'
-      Signature: aecbcba6584118a13d0abdc3a924a2e9a4fe53f24de7ded9c9602b86dc3f21bf44ed0a0d8f98900e0609659a46bac644058be48cecc1f7f2c051c5fdad73bb74ed1257d706f768aa47f13f2efff51a41b673560e24f7f8e3ec2ac330fd6706a3fae4f01defd681f5405894d9a4eb825b7ad4da3334c645f10ff7a09b3de7f16360c11230a1da51c3a0b2d25e9160819ba3bba96fcdee0ab27e1353c161662a289abdeabb333ca5a3e6d1e7628ae29af5c0b5d1a812eb3cc2236112655f03a9df066d31ab604f45c80ccf3836cfe854ec8f772e621a340ab4949c4a9a694a60bfbf569c662c3fef311c8371c9470e71a8843f57ae32ecef4eb43fec307de34b59
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 330000b10096925c294e64426800020000b100
-      Version: 3
-      TBS:
-        MD5: ee82a7de282d96ac9c2bdca2ad40956d
-        SHA1: 31028981d88afa81d29b28d84459fc7800280484
-        SHA256: 81be5065be4b9caf17015d2f93fc7798751defc60fea5987c43451f6232ee3a5
-        SHA384: 64679d84bb3a6d12f2523cd1d4dbead28649478247885b3f83df31f81bc202fffe225bf0751b94be6603aad0b5bb09a8
-    - Subject: C=US, ST=CA, L=Santa Clara, O=Intel Corporation, CN=Intel External
-        Basic Issuing CA 3B
-      ValidFrom: '2013-02-08 22:21:23'
-      ValidTo: '2018-02-08 22:31:23'
-      Signature: 47bb93e603b1d9570eff60e90fc75e86e623f7defa6dc27732ef23f68fcc6f2572d4a94bad11a273bb8bd2b7b8879474890ccc5cea3a9ac0753a97597c22003d7ac7c55be8d49313ec8f94cda833dfa4d79aa1c8d8a3b4497e173a02e96656978d16b470abbc6b1048e7457b13c74d05bca02c0516be067ef679678f9c3454e67eea197714f19d3b55e4339f69bba7a72254512c677d0452aa7b66dea96aad8ca15c7939cd1c85ec890699854627a001576e93365145e15a3a59af5b41f9709dc4160e05e795b401b4931a590b8a31f7b648c86af6228c9e92286fa893b4a772533ada2cfad43dbf09237fdfcc652ad091aa5031c865f53858d4b39be6311008
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 612cff88000100000010
-      Version: 3
-      TBS:
-        MD5: da9a02953cdcc039174d11b07dd2967d
-        SHA1: 568cfca269ff49615d305e680988337f0a90bc32
-        SHA256: fad628f5236458a9116a99f2d64fb9131a28f9942fca6239a5e7be0dddf4ce9f
-        SHA384: 5edeab0248f63cdc4c10b748618cd6fa4aa53ffb0ddfd51a2e35de2ea55a56822aa53fa734a46705655e8f5878b24ffd
-    - Subject: C=US, O=Intel Corporation, CN=Intel External Basic Policy CA
-      ValidFrom: '2013-02-01 00:00:00'
-      ValidTo: '2020-05-30 10:48:38'
-      Signature: 586fbfcd43074213fcb8d0ad8121f28a6fef87bc268a7c00bd680c2b19642c1167b3a9d9790aac395d6500163b53466ea2a6b56799dbe8bfa225ae049511093a2fdeacb73db8bc017430804748544ca0fb6ba8b8a284b7f434e57bcedc5278f4316d4251ae87bf94acbe9616fb55e5798264fdac5038e4dccb812ce7776f9d9b235c7d0403f4079e7ed457e266944debb55c5c629e8c2d83e64614e2a11380fddae0862711922bbd87174fcb19184b5e8ce60dd98f7d23766fa4ffa0ba3de36d37d62638e81a9c2392c8561f1a1a8e00d633a66b95fa821e740b0fa486df23337c9e3614b35ce2a3ed48a08e28f1d74cf6c09bb4f53ca3e5a863a22c08a5d5fe
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 79174aa9141736fe15a7ca9f2cff4588
-      Version: 3
-      TBS:
-        MD5: 6ce466d55ab160317ee9b13522c2a82a
-        SHA1: 53b052ba209c525233293274854b264bc0f68b73
-        SHA256: f71790e057380a0cbafdfc25bc8b3dafd6cfbeb01077bb3d8194e91254a2fc9b
-        SHA384: c0cc37f9505ff2bab958c8ef1ea94736efae52bcf5948c866446c46b64fb9f5e603fbad4bc70270ae74e58ac8ab055f9
-    Signer:
-    - SerialNumber: 330000b10096925c294e64426800020000b100
-      Issuer: C=US, ST=CA, L=Santa Clara, O=Intel Corporation, CN=Intel External Basic
-        Issuing CA 3B
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: ''
-  MD5: 9c3c250646e11052b1e38500ee0e467b
-  MachineType: AMD64
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: 03257294ee74f69881002c4bf764b9cb83b759d6
-  SHA256: b9e0c2a569ab02742fa3a37846310a1d4e46ba2bfd4f80e16f00865fc62690cb
-  Signature: ''
-  Imphash: 2b9471e7bb8c05dc55d0a2ff0591ea98
-  Authentihash:
-    MD5: e84c6faab5ee23b8581c1ef7ac659f30
-    SHA1: f423ba27068de365c22e92d36bf27d5b59dc1f4c
-    SHA256: f82cde6dc693a4ac8b485ac9225f2641141213f8333b0be8d7134d0139f17c26
-  RichPEHeaderHash:
-    MD5: 519c92d7a16994badfc60ce7b09cdd69
-    SHA1: a4148cf355f02cfc99b5dcb8dff41ba2cf2f4458
-    SHA256: 792e30b0468a6e25ea97b55e765c53a1853792dda01a6268dc20817516bf4978
-  Sections:
-    .text:
-      Entropy: 6.263585619165053
-      Virtual Size: '0x3344'
-    .rdata:
-      Entropy: 5.146856676235316
-      Virtual Size: '0x694'
-    .data:
-      Entropy: 1.3312006316419636
-      Virtual Size: '0x11a0'
-    .pdata:
-      Entropy: 4.154132238839191
-      Virtual Size: '0x264'
-    PAGE:
-      Entropy: 6.117300139522273
-      Virtual Size: '0x99c'
-    INIT:
-      Entropy: 5.7762943687625725
-      Virtual Size: '0x4e6'
-    .reloc:
-      Entropy: 3.2377886333147474
-      Virtual Size: '0x34'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2015-06-07 04:50:49'
-  InternalName: ''
-  Copyright: ''
-  Imports:
-  - ntoskrnl.exe
-  - WDFLDR.SYS
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - MmMapLockedPagesSpecifyCache
-  - MmUnmapLockedPages
-  - MmMapIoSpace
-  - MmUnmapIoSpace
-  - MmAllocateContiguousMemorySpecifyCache
-  - MmBuildMdlForNonPagedPool
-  - IoAllocateMdl
-  - IoFreeMdl
-  - MmGetPhysicalAddress
-  - __C_specific_handler
-  - RtlCopyUnicodeString
-  - IoWMIRegistrationControl
-  - MmGetSystemRoutineAddress
-  - RtlCompareMemory
-  - MmFreeContiguousMemory
-  - RtlInitUnicodeString
-  - WdfVersionBindClass
-  - WdfVersionUnbind
-  - WdfVersionBind
-  - WdfVersionUnbindClass
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust
-        External CA Root
-      ValidFrom: '2013-08-15 20:26:30'
-      ValidTo: '2023-08-15 20:36:30'
-      Signature: 362ba2f2e1331fe493f7f26985c6640ec99b632fe4703798fd94ec7bcff8a14246f9ed6a4e8d34693605557a1ebbad8c99429606e925a82684bec1bf16a97caa5b04b7fdd1c0f402be28edf577c79bfe3af6e8c17bd382abfa144ecf2bcfe5d5b54840b1a38f838bad2b2553aba634cef243f74f2ce9dd1e4e5ab6bae83b10992400bc50fd78f6e523a8899493f7b74130374a57b7e644d9c9df9905aa44fc74af8264cc07cb01b609c32ee3e832a7b49f4178c7a184365462f2ec150ac8ead084f8f1e06bf456125f95e0fcddb77693fe294a25e90400f1b4110ec9849edb177df51ea58e3629193a6d6c464bd7ab7024288d05a3d9d524f2f8a0d13c8239d4a8820e693a8109fc06f0c75933843693064191232c22a5a7012b50b428aedb46b0591b86b39b87e8494e390b6d14df4c03301e1f5f74aef55b590353ec9816e0d06235751b48b87d13e57a48b87752a40798253b069b7a4e6a6f44864f144f2779273d5073414c9c413edd290c73b1c7fb1f760c176504ebd25010924149ece4067d3615446f89bf697df94d40c13a98b6a07e31d2b5aecafb53d53f5086cd5e933b6d5d7c9a3f3ff7a9255884dd114900a2c7c89e37dd778e6d718be05b81345d54baccf59347886de7ef5be228e4801b40e40f2ad17f2315655aac9994433f465526d6c4fa8895e2919aa32d0b85deac8ce0f967709f71790231f761a229c4
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 3300000035d8d5595b0671412b000000000035
-      Version: 3
-      TBS:
-        MD5: 3d488d41aaeb5661974952080abef2fd
-        SHA1: df01e35e6befc7d65625319f17397b861e618d56
-        SHA256: 3d6ef38b5d26773dc77392e415e88b3a744b30ea9f2081e2a992b5818db2f0c4
-        SHA384: ac7c06916fe4a00307834b2499f12799d3fe463c2e63d1881df669a2786745beeee2b3a7d87cd6bc9e4fe293c22e5a59
-    - Subject: C=US, ST=CA, L=Santa Clara, O=Intel Corporation, CN=Intel Corporation
-        , Embedded Subsystems and IP Blocks Group
-      ValidFrom: '2014-03-18 07:17:07'
-      ValidTo: '2017-03-02 07:17:07'
-      Signature: aecbcba6584118a13d0abdc3a924a2e9a4fe53f24de7ded9c9602b86dc3f21bf44ed0a0d8f98900e0609659a46bac644058be48cecc1f7f2c051c5fdad73bb74ed1257d706f768aa47f13f2efff51a41b673560e24f7f8e3ec2ac330fd6706a3fae4f01defd681f5405894d9a4eb825b7ad4da3334c645f10ff7a09b3de7f16360c11230a1da51c3a0b2d25e9160819ba3bba96fcdee0ab27e1353c161662a289abdeabb333ca5a3e6d1e7628ae29af5c0b5d1a812eb3cc2236112655f03a9df066d31ab604f45c80ccf3836cfe854ec8f772e621a340ab4949c4a9a694a60bfbf569c662c3fef311c8371c9470e71a8843f57ae32ecef4eb43fec307de34b59
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 330000b10096925c294e64426800020000b100
-      Version: 3
-      TBS:
-        MD5: ee82a7de282d96ac9c2bdca2ad40956d
-        SHA1: 31028981d88afa81d29b28d84459fc7800280484
-        SHA256: 81be5065be4b9caf17015d2f93fc7798751defc60fea5987c43451f6232ee3a5
-        SHA384: 64679d84bb3a6d12f2523cd1d4dbead28649478247885b3f83df31f81bc202fffe225bf0751b94be6603aad0b5bb09a8
-    - Subject: C=US, ST=CA, L=Santa Clara, O=Intel Corporation, CN=Intel External
-        Basic Issuing CA 3B
-      ValidFrom: '2013-02-08 22:21:23'
-      ValidTo: '2018-02-08 22:31:23'
-      Signature: 47bb93e603b1d9570eff60e90fc75e86e623f7defa6dc27732ef23f68fcc6f2572d4a94bad11a273bb8bd2b7b8879474890ccc5cea3a9ac0753a97597c22003d7ac7c55be8d49313ec8f94cda833dfa4d79aa1c8d8a3b4497e173a02e96656978d16b470abbc6b1048e7457b13c74d05bca02c0516be067ef679678f9c3454e67eea197714f19d3b55e4339f69bba7a72254512c677d0452aa7b66dea96aad8ca15c7939cd1c85ec890699854627a001576e93365145e15a3a59af5b41f9709dc4160e05e795b401b4931a590b8a31f7b648c86af6228c9e92286fa893b4a772533ada2cfad43dbf09237fdfcc652ad091aa5031c865f53858d4b39be6311008
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 612cff88000100000010
-      Version: 3
-      TBS:
-        MD5: da9a02953cdcc039174d11b07dd2967d
-        SHA1: 568cfca269ff49615d305e680988337f0a90bc32
-        SHA256: fad628f5236458a9116a99f2d64fb9131a28f9942fca6239a5e7be0dddf4ce9f
-        SHA384: 5edeab0248f63cdc4c10b748618cd6fa4aa53ffb0ddfd51a2e35de2ea55a56822aa53fa734a46705655e8f5878b24ffd
-    - Subject: C=US, O=Intel Corporation, CN=Intel External Basic Policy CA
-      ValidFrom: '2013-02-01 00:00:00'
-      ValidTo: '2020-05-30 10:48:38'
-      Signature: 586fbfcd43074213fcb8d0ad8121f28a6fef87bc268a7c00bd680c2b19642c1167b3a9d9790aac395d6500163b53466ea2a6b56799dbe8bfa225ae049511093a2fdeacb73db8bc017430804748544ca0fb6ba8b8a284b7f434e57bcedc5278f4316d4251ae87bf94acbe9616fb55e5798264fdac5038e4dccb812ce7776f9d9b235c7d0403f4079e7ed457e266944debb55c5c629e8c2d83e64614e2a11380fddae0862711922bbd87174fcb19184b5e8ce60dd98f7d23766fa4ffa0ba3de36d37d62638e81a9c2392c8561f1a1a8e00d633a66b95fa821e740b0fa486df23337c9e3614b35ce2a3ed48a08e28f1d74cf6c09bb4f53ca3e5a863a22c08a5d5fe
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 79174aa9141736fe15a7ca9f2cff4588
-      Version: 3
-      TBS:
-        MD5: 6ce466d55ab160317ee9b13522c2a82a
-        SHA1: 53b052ba209c525233293274854b264bc0f68b73
-        SHA256: f71790e057380a0cbafdfc25bc8b3dafd6cfbeb01077bb3d8194e91254a2fc9b
-        SHA384: c0cc37f9505ff2bab958c8ef1ea94736efae52bcf5948c866446c46b64fb9f5e603fbad4bc70270ae74e58ac8ab055f9
-    Signer:
-    - SerialNumber: 330000b10096925c294e64426800020000b100
-      Issuer: C=US, ST=CA, L=Santa Clara, O=Intel Corporation, CN=Intel External Basic
-        Issuing CA 3B
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create IoAccesssys binPath= C:\windows\temp\IoAccesssys.sys type=kernel
+        && sc.exe start IoAccesssys
+    Description: The Carbon Black Threat Analysis Unit (TAU) discovered 34 unique
+        vulnerable drivers (237 file hashes) accepting firmware access. Six allow
+        kernel memory access. All give full control of the devices to non-admin users.
+        By exploiting the vulnerable drivers, an attacker without the system privilege
+        may erase/alter firmware, and/or elevate privileges. As of the time of writing
+        in October 2023, the filenames of the vulnerable drivers have not been made
+        public until now.
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://blogs.vmware.com/security/2023/10/hunting-vulnerable-kernel-drivers.html
-Tags:
-- IoAccess.sys
-Verified: 'TRUE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: ''
+    MD5: c15eb30e806ad5e771b23423fd2040b0
+    MachineType: I386
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: e0d12e44db3f57ee7ea723683a6fd346dacf2e3e
+    SHA256: b78eb7f12ba718183313cf336655996756411b7dcc8648157aaa4c891ca9dbee
+    Signature: ''
+    Imphash: c83f076c00d2b0a6ba9dc82f56a97631
+    Authentihash:
+        MD5: c36bebe2a76152bab204272b0bb789df
+        SHA1: 04d4fcdb3deb92b5424cda42b6870d4be6f47d33
+        SHA256: 5868cb3bf5d5a9237e29210218d3d93683c0e4894bc48685ac7d84a1e25e0462
+    RichPEHeaderHash:
+        MD5: 95459a5c07ad57d34911b680a265e9f8
+        SHA1: b8408f375d73ee6e75e3a14ceca744ec3b739bb2
+        SHA256: a0511a9c3353cef915281d5e26b8c5f992462a0a816e808cfafc8fd165211368
+    Sections:
+        .text:
+            Entropy: 6.2095533816131905
+            Virtual Size: '0x28cc'
+        .rdata:
+            Entropy: 5.162764344399424
+            Virtual Size: '0x2c4'
+        .data:
+            Entropy: 1.0972162989563548
+            Virtual Size: '0x9f0'
+        PAGE:
+            Entropy: 6.183611461208023
+            Virtual Size: '0x7de'
+        INIT:
+            Entropy: 5.90814733270709
+            Virtual Size: '0x49a'
+        .reloc:
+            Entropy: 6.620965086342201
+            Virtual Size: '0x540'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2015-06-07 04:50:25'
+    InternalName: ''
+    Copyright: ''
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    - WDFLDR.SYS
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - MmUnmapIoSpace
+    - MmAllocateContiguousMemorySpecifyCache
+    - MmFreeContiguousMemory
+    - IoAllocateMdl
+    - MmMapIoSpace
+    - MmGetPhysicalAddress
+    - RtlUnwind
+    - MmUnmapLockedPages
+    - MmMapLockedPagesSpecifyCache
+    - MmBuildMdlForNonPagedPool
+    - memset
+    - memcpy
+    - RtlCopyUnicodeString
+    - KeBugCheckEx
+    - IoWMIRegistrationControl
+    - MmGetSystemRoutineAddress
+    - RtlCompareMemory
+    - IoFreeMdl
+    - RtlInitUnicodeString
+    - WRITE_PORT_ULONG
+    - READ_PORT_UCHAR
+    - WRITE_PORT_UCHAR
+    - READ_PORT_ULONG
+    - WdfVersionUnbind
+    - WdfVersionBindClass
+    - WdfVersionBind
+    - WdfVersionUnbindClass
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust
+                External CA Root
+            ValidFrom: '2013-08-15 20:26:30'
+            ValidTo: '2023-08-15 20:36:30'
+            Signature: 362ba2f2e1331fe493f7f26985c6640ec99b632fe4703798fd94ec7bcff8a14246f9ed6a4e8d34693605557a1ebbad8c99429606e925a82684bec1bf16a97caa5b04b7fdd1c0f402be28edf577c79bfe3af6e8c17bd382abfa144ecf2bcfe5d5b54840b1a38f838bad2b2553aba634cef243f74f2ce9dd1e4e5ab6bae83b10992400bc50fd78f6e523a8899493f7b74130374a57b7e644d9c9df9905aa44fc74af8264cc07cb01b609c32ee3e832a7b49f4178c7a184365462f2ec150ac8ead084f8f1e06bf456125f95e0fcddb77693fe294a25e90400f1b4110ec9849edb177df51ea58e3629193a6d6c464bd7ab7024288d05a3d9d524f2f8a0d13c8239d4a8820e693a8109fc06f0c75933843693064191232c22a5a7012b50b428aedb46b0591b86b39b87e8494e390b6d14df4c03301e1f5f74aef55b590353ec9816e0d06235751b48b87d13e57a48b87752a40798253b069b7a4e6a6f44864f144f2779273d5073414c9c413edd290c73b1c7fb1f760c176504ebd25010924149ece4067d3615446f89bf697df94d40c13a98b6a07e31d2b5aecafb53d53f5086cd5e933b6d5d7c9a3f3ff7a9255884dd114900a2c7c89e37dd778e6d718be05b81345d54baccf59347886de7ef5be228e4801b40e40f2ad17f2315655aac9994433f465526d6c4fa8895e2919aa32d0b85deac8ce0f967709f71790231f761a229c4
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 3300000035d8d5595b0671412b000000000035
+            Version: 3
+            TBS:
+                MD5: 3d488d41aaeb5661974952080abef2fd
+                SHA1: df01e35e6befc7d65625319f17397b861e618d56
+                SHA256: 3d6ef38b5d26773dc77392e415e88b3a744b30ea9f2081e2a992b5818db2f0c4
+                SHA384: ac7c06916fe4a00307834b2499f12799d3fe463c2e63d1881df669a2786745beeee2b3a7d87cd6bc9e4fe293c22e5a59
+        -   Subject: C=US, ST=CA, L=Santa Clara, O=Intel Corporation, CN=Intel Corporation
+                , Embedded Subsystems and IP Blocks Group
+            ValidFrom: '2014-03-18 07:17:07'
+            ValidTo: '2017-03-02 07:17:07'
+            Signature: aecbcba6584118a13d0abdc3a924a2e9a4fe53f24de7ded9c9602b86dc3f21bf44ed0a0d8f98900e0609659a46bac644058be48cecc1f7f2c051c5fdad73bb74ed1257d706f768aa47f13f2efff51a41b673560e24f7f8e3ec2ac330fd6706a3fae4f01defd681f5405894d9a4eb825b7ad4da3334c645f10ff7a09b3de7f16360c11230a1da51c3a0b2d25e9160819ba3bba96fcdee0ab27e1353c161662a289abdeabb333ca5a3e6d1e7628ae29af5c0b5d1a812eb3cc2236112655f03a9df066d31ab604f45c80ccf3836cfe854ec8f772e621a340ab4949c4a9a694a60bfbf569c662c3fef311c8371c9470e71a8843f57ae32ecef4eb43fec307de34b59
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 330000b10096925c294e64426800020000b100
+            Version: 3
+            TBS:
+                MD5: ee82a7de282d96ac9c2bdca2ad40956d
+                SHA1: 31028981d88afa81d29b28d84459fc7800280484
+                SHA256: 81be5065be4b9caf17015d2f93fc7798751defc60fea5987c43451f6232ee3a5
+                SHA384: 64679d84bb3a6d12f2523cd1d4dbead28649478247885b3f83df31f81bc202fffe225bf0751b94be6603aad0b5bb09a8
+        -   Subject: C=US, ST=CA, L=Santa Clara, O=Intel Corporation, CN=Intel External
+                Basic Issuing CA 3B
+            ValidFrom: '2013-02-08 22:21:23'
+            ValidTo: '2018-02-08 22:31:23'
+            Signature: 47bb93e603b1d9570eff60e90fc75e86e623f7defa6dc27732ef23f68fcc6f2572d4a94bad11a273bb8bd2b7b8879474890ccc5cea3a9ac0753a97597c22003d7ac7c55be8d49313ec8f94cda833dfa4d79aa1c8d8a3b4497e173a02e96656978d16b470abbc6b1048e7457b13c74d05bca02c0516be067ef679678f9c3454e67eea197714f19d3b55e4339f69bba7a72254512c677d0452aa7b66dea96aad8ca15c7939cd1c85ec890699854627a001576e93365145e15a3a59af5b41f9709dc4160e05e795b401b4931a590b8a31f7b648c86af6228c9e92286fa893b4a772533ada2cfad43dbf09237fdfcc652ad091aa5031c865f53858d4b39be6311008
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 612cff88000100000010
+            Version: 3
+            TBS:
+                MD5: da9a02953cdcc039174d11b07dd2967d
+                SHA1: 568cfca269ff49615d305e680988337f0a90bc32
+                SHA256: fad628f5236458a9116a99f2d64fb9131a28f9942fca6239a5e7be0dddf4ce9f
+                SHA384: 5edeab0248f63cdc4c10b748618cd6fa4aa53ffb0ddfd51a2e35de2ea55a56822aa53fa734a46705655e8f5878b24ffd
+        -   Subject: C=US, O=Intel Corporation, CN=Intel External Basic Policy CA
+            ValidFrom: '2013-02-01 00:00:00'
+            ValidTo: '2020-05-30 10:48:38'
+            Signature: 586fbfcd43074213fcb8d0ad8121f28a6fef87bc268a7c00bd680c2b19642c1167b3a9d9790aac395d6500163b53466ea2a6b56799dbe8bfa225ae049511093a2fdeacb73db8bc017430804748544ca0fb6ba8b8a284b7f434e57bcedc5278f4316d4251ae87bf94acbe9616fb55e5798264fdac5038e4dccb812ce7776f9d9b235c7d0403f4079e7ed457e266944debb55c5c629e8c2d83e64614e2a11380fddae0862711922bbd87174fcb19184b5e8ce60dd98f7d23766fa4ffa0ba3de36d37d62638e81a9c2392c8561f1a1a8e00d633a66b95fa821e740b0fa486df23337c9e3614b35ce2a3ed48a08e28f1d74cf6c09bb4f53ca3e5a863a22c08a5d5fe
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 79174aa9141736fe15a7ca9f2cff4588
+            Version: 3
+            TBS:
+                MD5: 6ce466d55ab160317ee9b13522c2a82a
+                SHA1: 53b052ba209c525233293274854b264bc0f68b73
+                SHA256: f71790e057380a0cbafdfc25bc8b3dafd6cfbeb01077bb3d8194e91254a2fc9b
+                SHA384: c0cc37f9505ff2bab958c8ef1ea94736efae52bcf5948c866446c46b64fb9f5e603fbad4bc70270ae74e58ac8ab055f9
+        Signer:
+        -   SerialNumber: 330000b10096925c294e64426800020000b100
+            Issuer: C=US, ST=CA, L=Santa Clara, O=Intel Corporation, CN=Intel External
+                Basic Issuing CA 3B
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: ''
+    MD5: 9c3c250646e11052b1e38500ee0e467b
+    MachineType: AMD64
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: 03257294ee74f69881002c4bf764b9cb83b759d6
+    SHA256: b9e0c2a569ab02742fa3a37846310a1d4e46ba2bfd4f80e16f00865fc62690cb
+    Signature: ''
+    Imphash: 2b9471e7bb8c05dc55d0a2ff0591ea98
+    Authentihash:
+        MD5: e84c6faab5ee23b8581c1ef7ac659f30
+        SHA1: f423ba27068de365c22e92d36bf27d5b59dc1f4c
+        SHA256: f82cde6dc693a4ac8b485ac9225f2641141213f8333b0be8d7134d0139f17c26
+    RichPEHeaderHash:
+        MD5: 519c92d7a16994badfc60ce7b09cdd69
+        SHA1: a4148cf355f02cfc99b5dcb8dff41ba2cf2f4458
+        SHA256: 792e30b0468a6e25ea97b55e765c53a1853792dda01a6268dc20817516bf4978
+    Sections:
+        .text:
+            Entropy: 6.263585619165053
+            Virtual Size: '0x3344'
+        .rdata:
+            Entropy: 5.146856676235316
+            Virtual Size: '0x694'
+        .data:
+            Entropy: 1.3312006316419636
+            Virtual Size: '0x11a0'
+        .pdata:
+            Entropy: 4.154132238839191
+            Virtual Size: '0x264'
+        PAGE:
+            Entropy: 6.117300139522273
+            Virtual Size: '0x99c'
+        INIT:
+            Entropy: 5.7762943687625725
+            Virtual Size: '0x4e6'
+        .reloc:
+            Entropy: 3.2377886333147474
+            Virtual Size: '0x34'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2015-06-07 04:50:49'
+    InternalName: ''
+    Copyright: ''
+    Imports:
+    - ntoskrnl.exe
+    - WDFLDR.SYS
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - MmMapLockedPagesSpecifyCache
+    - MmUnmapLockedPages
+    - MmMapIoSpace
+    - MmUnmapIoSpace
+    - MmAllocateContiguousMemorySpecifyCache
+    - MmBuildMdlForNonPagedPool
+    - IoAllocateMdl
+    - IoFreeMdl
+    - MmGetPhysicalAddress
+    - __C_specific_handler
+    - RtlCopyUnicodeString
+    - IoWMIRegistrationControl
+    - MmGetSystemRoutineAddress
+    - RtlCompareMemory
+    - MmFreeContiguousMemory
+    - RtlInitUnicodeString
+    - WdfVersionBindClass
+    - WdfVersionUnbind
+    - WdfVersionBind
+    - WdfVersionUnbindClass
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust
+                External CA Root
+            ValidFrom: '2013-08-15 20:26:30'
+            ValidTo: '2023-08-15 20:36:30'
+            Signature: 362ba2f2e1331fe493f7f26985c6640ec99b632fe4703798fd94ec7bcff8a14246f9ed6a4e8d34693605557a1ebbad8c99429606e925a82684bec1bf16a97caa5b04b7fdd1c0f402be28edf577c79bfe3af6e8c17bd382abfa144ecf2bcfe5d5b54840b1a38f838bad2b2553aba634cef243f74f2ce9dd1e4e5ab6bae83b10992400bc50fd78f6e523a8899493f7b74130374a57b7e644d9c9df9905aa44fc74af8264cc07cb01b609c32ee3e832a7b49f4178c7a184365462f2ec150ac8ead084f8f1e06bf456125f95e0fcddb77693fe294a25e90400f1b4110ec9849edb177df51ea58e3629193a6d6c464bd7ab7024288d05a3d9d524f2f8a0d13c8239d4a8820e693a8109fc06f0c75933843693064191232c22a5a7012b50b428aedb46b0591b86b39b87e8494e390b6d14df4c03301e1f5f74aef55b590353ec9816e0d06235751b48b87d13e57a48b87752a40798253b069b7a4e6a6f44864f144f2779273d5073414c9c413edd290c73b1c7fb1f760c176504ebd25010924149ece4067d3615446f89bf697df94d40c13a98b6a07e31d2b5aecafb53d53f5086cd5e933b6d5d7c9a3f3ff7a9255884dd114900a2c7c89e37dd778e6d718be05b81345d54baccf59347886de7ef5be228e4801b40e40f2ad17f2315655aac9994433f465526d6c4fa8895e2919aa32d0b85deac8ce0f967709f71790231f761a229c4
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 3300000035d8d5595b0671412b000000000035
+            Version: 3
+            TBS:
+                MD5: 3d488d41aaeb5661974952080abef2fd
+                SHA1: df01e35e6befc7d65625319f17397b861e618d56
+                SHA256: 3d6ef38b5d26773dc77392e415e88b3a744b30ea9f2081e2a992b5818db2f0c4
+                SHA384: ac7c06916fe4a00307834b2499f12799d3fe463c2e63d1881df669a2786745beeee2b3a7d87cd6bc9e4fe293c22e5a59
+        -   Subject: C=US, ST=CA, L=Santa Clara, O=Intel Corporation, CN=Intel Corporation
+                , Embedded Subsystems and IP Blocks Group
+            ValidFrom: '2014-03-18 07:17:07'
+            ValidTo: '2017-03-02 07:17:07'
+            Signature: aecbcba6584118a13d0abdc3a924a2e9a4fe53f24de7ded9c9602b86dc3f21bf44ed0a0d8f98900e0609659a46bac644058be48cecc1f7f2c051c5fdad73bb74ed1257d706f768aa47f13f2efff51a41b673560e24f7f8e3ec2ac330fd6706a3fae4f01defd681f5405894d9a4eb825b7ad4da3334c645f10ff7a09b3de7f16360c11230a1da51c3a0b2d25e9160819ba3bba96fcdee0ab27e1353c161662a289abdeabb333ca5a3e6d1e7628ae29af5c0b5d1a812eb3cc2236112655f03a9df066d31ab604f45c80ccf3836cfe854ec8f772e621a340ab4949c4a9a694a60bfbf569c662c3fef311c8371c9470e71a8843f57ae32ecef4eb43fec307de34b59
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 330000b10096925c294e64426800020000b100
+            Version: 3
+            TBS:
+                MD5: ee82a7de282d96ac9c2bdca2ad40956d
+                SHA1: 31028981d88afa81d29b28d84459fc7800280484
+                SHA256: 81be5065be4b9caf17015d2f93fc7798751defc60fea5987c43451f6232ee3a5
+                SHA384: 64679d84bb3a6d12f2523cd1d4dbead28649478247885b3f83df31f81bc202fffe225bf0751b94be6603aad0b5bb09a8
+        -   Subject: C=US, ST=CA, L=Santa Clara, O=Intel Corporation, CN=Intel External
+                Basic Issuing CA 3B
+            ValidFrom: '2013-02-08 22:21:23'
+            ValidTo: '2018-02-08 22:31:23'
+            Signature: 47bb93e603b1d9570eff60e90fc75e86e623f7defa6dc27732ef23f68fcc6f2572d4a94bad11a273bb8bd2b7b8879474890ccc5cea3a9ac0753a97597c22003d7ac7c55be8d49313ec8f94cda833dfa4d79aa1c8d8a3b4497e173a02e96656978d16b470abbc6b1048e7457b13c74d05bca02c0516be067ef679678f9c3454e67eea197714f19d3b55e4339f69bba7a72254512c677d0452aa7b66dea96aad8ca15c7939cd1c85ec890699854627a001576e93365145e15a3a59af5b41f9709dc4160e05e795b401b4931a590b8a31f7b648c86af6228c9e92286fa893b4a772533ada2cfad43dbf09237fdfcc652ad091aa5031c865f53858d4b39be6311008
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 612cff88000100000010
+            Version: 3
+            TBS:
+                MD5: da9a02953cdcc039174d11b07dd2967d
+                SHA1: 568cfca269ff49615d305e680988337f0a90bc32
+                SHA256: fad628f5236458a9116a99f2d64fb9131a28f9942fca6239a5e7be0dddf4ce9f
+                SHA384: 5edeab0248f63cdc4c10b748618cd6fa4aa53ffb0ddfd51a2e35de2ea55a56822aa53fa734a46705655e8f5878b24ffd
+        -   Subject: C=US, O=Intel Corporation, CN=Intel External Basic Policy CA
+            ValidFrom: '2013-02-01 00:00:00'
+            ValidTo: '2020-05-30 10:48:38'
+            Signature: 586fbfcd43074213fcb8d0ad8121f28a6fef87bc268a7c00bd680c2b19642c1167b3a9d9790aac395d6500163b53466ea2a6b56799dbe8bfa225ae049511093a2fdeacb73db8bc017430804748544ca0fb6ba8b8a284b7f434e57bcedc5278f4316d4251ae87bf94acbe9616fb55e5798264fdac5038e4dccb812ce7776f9d9b235c7d0403f4079e7ed457e266944debb55c5c629e8c2d83e64614e2a11380fddae0862711922bbd87174fcb19184b5e8ce60dd98f7d23766fa4ffa0ba3de36d37d62638e81a9c2392c8561f1a1a8e00d633a66b95fa821e740b0fa486df23337c9e3614b35ce2a3ed48a08e28f1d74cf6c09bb4f53ca3e5a863a22c08a5d5fe
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 79174aa9141736fe15a7ca9f2cff4588
+            Version: 3
+            TBS:
+                MD5: 6ce466d55ab160317ee9b13522c2a82a
+                SHA1: 53b052ba209c525233293274854b264bc0f68b73
+                SHA256: f71790e057380a0cbafdfc25bc8b3dafd6cfbeb01077bb3d8194e91254a2fc9b
+                SHA384: c0cc37f9505ff2bab958c8ef1ea94736efae52bcf5948c866446c46b64fb9f5e603fbad4bc70270ae74e58ac8ab055f9
+        Signer:
+        -   SerialNumber: 330000b10096925c294e64426800020000b100
+            Issuer: C=US, ST=CA, L=Santa Clara, O=Intel Corporation, CN=Intel External
+                Basic Issuing CA 3B
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/c1265ee4-aed4-4e65-ac54-c64deb5e3b28.yaml b/yaml/c1265ee4-aed4-4e65-ac54-c64deb5e3b28.yaml
index 99ece10c4..c5ea5c8df 100644
--- a/yaml/c1265ee4-aed4-4e65-ac54-c64deb5e3b28.yaml
+++ b/yaml/c1265ee4-aed4-4e65-ac54-c64deb5e3b28.yaml
@@ -1,145 +1,145 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: c1265ee4-aed4-4e65-ac54-c64deb5e3b28
+Tags:
+- fur.sys
+Verified: 'TRUE'
 Author: Guus Verbeek
-Category: malicious
-Commands:
-  Command: sc.exe create fur.sys binPath=C:\windows\temp\fur.sys type=kernel && sc.exe
-    start fur.sys
-  Description: SophosLabs has discovered that threat actors are using a new driver
-    loader called BURNTCIGAR to install a malicious driver signed with Microsoft.
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-05-07'
-Detection: []
-Id: c1265ee4-aed4-4e65-ac54-c64deb5e3b28
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 5c23bab622d6bbabd23d29b4adaa4ae0
-    SHA1: 9fbb6f9a22d1c676ff1b97a33d4c5e94f18aca5f
-    SHA256: aab97fb324c883f1de71112e1d9fb716cef40636e39a3b9f4a5b8678cf7bde3f
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2022-09-14 22:24:03'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - ObQueryNameString
-  - FltUnregisterFilter
-  - WskRegister
-  - WdfVersionBind
-  - ExAllocatePool
-  - NtQuerySystemInformation
-  - ExFreePoolWithTag
-  - IoAllocateMdl
-  - MmProbeAndLockPages
-  - MmMapLockedPagesSpecifyCache
-  - MmUnlockPages
-  - IoFreeMdl
-  - KeQueryActiveProcessors
-  - KeSetSystemAffinityThread
-  - KeRevertToUserAffinityThread
-  - DbgPrint
-  - KeQueryPerformanceCounter
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  - NETIO.SYS
-  - WDFLDR.SYS
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: 6a066d2be83cf83f343d0550b0b8f206
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: ffdf660eb1ebf020a1d0a55a90712dfb
-    SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
-    SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
-  SHA1: 8e126f4f35e228fdd3aa78d533225db7122d8945
-  SHA256: 0d10c4b2f56364b475b60bd2933273c8b1ed2176353e59e65f968c61e93b7d99
-  Sections:
-    .text:
-      Entropy: 0.0
-      Virtual Size: '0x37fc5'
-    .rdata:
-      Entropy: 0.0
-      Virtual Size: '0x1db4'
-    .data:
-      Entropy: 0.0
-      Virtual Size: '0x43c8'
-    .pdata:
-      Entropy: 0.0
-      Virtual Size: '0x10a4'
-    PAGE:
-      Entropy: 0.0
-      Virtual Size: '0x13'
-    INIT:
-      Entropy: 0.0
-      Virtual Size: '0xdde'
-    .73h0:
-      Entropy: 0.0
-      Virtual Size: '0x1b36a5'
-    .73h1:
-      Entropy: 0.5261478929039797
-      Virtual Size: '0x4b8'
-    .73h2:
-      Entropy: 7.781889548207141
-      Virtual Size: '0x30ee44'
-    .reloc:
-      Entropy: 3.799240213996674
-      Virtual Size: '0xc8'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Hardware Compatibility Publisher
-      ValidFrom: '2022-06-07 18:08:06'
-      ValidTo: '2023-06-01 18:08:06'
-      Signature: 0a835e40cdb627d4f0a0d3dbbf64a46a05c132d0b5df9d11cd9c195d7037737057d57a342732ae68d67de47f460e7211c7c40dc29b0a079caff871c4834a9a2fc85e759de9b78659ad6fd79b7320e538e9ba5d52227ad67cc00b0a770ef662af3d743a558643ad89cfb015591709a69b6271a9b65db71898e7cb9964c6376dc474898301a6133198b486b518fdd9d7b9723dcffc441e026833f7c72e27986026c97b9184a0048b10d1fe6847ae467f02173f7a69120be780e5b6b9e6399402cc58735a31b537cc33578fbea443135a4a612359150bcf9ab316f6a9248bc71ef3f3480b9b3fa2341692bc3a121d80214688f7bd87d5ec56dcbd0ea61abf2c7ed2b739a07590adb596d401735d955f5f94c591d69ab4363a42f9fca549d439495711ff7990448c03724792ed4acf31f2b35b136c1b2f37aa82b1aabf7daf059dcb2e976e95311ec6e9cc53876dd09632cf512d39c801849a7c1088a565691953e07c7ff17b22518e982dd2dcc0feda8c834ca1f5e247aef1c3af5f13cd4b8cc1b6c0179bc876db88d677047c34366533e349796dbdea86389ad640710b7742ae8cc4ec88f10fa80ede4b1c93f81b55480fc8228216d54813df0327e74b3db9f3512a40c0568e4215827f9b7a2613deea72a7ec4df2def05e5559015049fe83edc83300526045cb128119e131b7d3573b268e24b0a25b9ad59f6301c8fc8f409322
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 3300000057ee4d659a923e7c10000000000057
-      Version: 3
-      TBS:
-        MD5: fdc11a5676aed4e9cc0c09eeb7450dfb
-        SHA1: 4902077d9a05d4231b791d3b05bafa4a79132f03
-        SHA256: 5db56c23d83bf67c7152e28ad4a684a7372b4ae4f52afe7a81ce91eef94caec3
-        SHA384: c952d7f0e0ea5216ce4400601fb7c0829f0f3fcd6eb2b5b9112fbe45d133e00c4abd660f8e1794f7ac4ef95123e2c0ab
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2014
-      ValidFrom: '2014-10-15 20:31:27'
-      ValidTo: '2029-10-15 20:41:27'
-      Signature: 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 330000000d690d5d7893d076df00000000000d
-      Version: 3
-      TBS:
-        MD5: 83f69422963f11c3c340b81712eef319
-        SHA1: 0c5e5f24590b53bc291e28583acb78e5adc95601
-        SHA256: d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
-        SHA384: 260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63
-    Signer:
-    - SerialNumber: 3300000057ee4d659a923e7c10000000000057
-      Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2014
-      Version: 1
-  Imphash: 28dc68bb6d6bf4f6b2db8dd7588b2511
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: malicious
+Commands:
+    Command: sc.exe create fur.sys binPath=C:\windows\temp\fur.sys type=kernel &&
+        sc.exe start fur.sys
+    Description: SophosLabs has discovered that threat actors are using a new driver
+        loader called BURNTCIGAR to install a malicious driver signed with Microsoft.
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://www.mandiant.com/resources/blog/hunting-attestation-signed-malware, https://news.sophos.com/en-us/2022/12/13/signed-driver-malware-moves-up-the-software-trust-chain/
-Tags:
-- fur.sys
-Verified: 'TRUE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 5c23bab622d6bbabd23d29b4adaa4ae0
+        SHA1: 9fbb6f9a22d1c676ff1b97a33d4c5e94f18aca5f
+        SHA256: aab97fb324c883f1de71112e1d9fb716cef40636e39a3b9f4a5b8678cf7bde3f
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2022-09-14 22:24:03'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - ObQueryNameString
+    - FltUnregisterFilter
+    - WskRegister
+    - WdfVersionBind
+    - ExAllocatePool
+    - NtQuerySystemInformation
+    - ExFreePoolWithTag
+    - IoAllocateMdl
+    - MmProbeAndLockPages
+    - MmMapLockedPagesSpecifyCache
+    - MmUnlockPages
+    - IoFreeMdl
+    - KeQueryActiveProcessors
+    - KeSetSystemAffinityThread
+    - KeRevertToUserAffinityThread
+    - DbgPrint
+    - KeQueryPerformanceCounter
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    - NETIO.SYS
+    - WDFLDR.SYS
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: 6a066d2be83cf83f343d0550b0b8f206
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: ffdf660eb1ebf020a1d0a55a90712dfb
+        SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
+        SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
+    SHA1: 8e126f4f35e228fdd3aa78d533225db7122d8945
+    SHA256: 0d10c4b2f56364b475b60bd2933273c8b1ed2176353e59e65f968c61e93b7d99
+    Sections:
+        .text:
+            Entropy: 0.0
+            Virtual Size: '0x37fc5'
+        .rdata:
+            Entropy: 0.0
+            Virtual Size: '0x1db4'
+        .data:
+            Entropy: 0.0
+            Virtual Size: '0x43c8'
+        .pdata:
+            Entropy: 0.0
+            Virtual Size: '0x10a4'
+        PAGE:
+            Entropy: 0.0
+            Virtual Size: '0x13'
+        INIT:
+            Entropy: 0.0
+            Virtual Size: '0xdde'
+        .73h0:
+            Entropy: 0.0
+            Virtual Size: '0x1b36a5'
+        .73h1:
+            Entropy: 0.5261478929039797
+            Virtual Size: '0x4b8'
+        .73h2:
+            Entropy: 7.781889548207141
+            Virtual Size: '0x30ee44'
+        .reloc:
+            Entropy: 3.799240213996674
+            Virtual Size: '0xc8'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Hardware Compatibility Publisher
+            ValidFrom: '2022-06-07 18:08:06'
+            ValidTo: '2023-06-01 18:08:06'
+            Signature: 0a835e40cdb627d4f0a0d3dbbf64a46a05c132d0b5df9d11cd9c195d7037737057d57a342732ae68d67de47f460e7211c7c40dc29b0a079caff871c4834a9a2fc85e759de9b78659ad6fd79b7320e538e9ba5d52227ad67cc00b0a770ef662af3d743a558643ad89cfb015591709a69b6271a9b65db71898e7cb9964c6376dc474898301a6133198b486b518fdd9d7b9723dcffc441e026833f7c72e27986026c97b9184a0048b10d1fe6847ae467f02173f7a69120be780e5b6b9e6399402cc58735a31b537cc33578fbea443135a4a612359150bcf9ab316f6a9248bc71ef3f3480b9b3fa2341692bc3a121d80214688f7bd87d5ec56dcbd0ea61abf2c7ed2b739a07590adb596d401735d955f5f94c591d69ab4363a42f9fca549d439495711ff7990448c03724792ed4acf31f2b35b136c1b2f37aa82b1aabf7daf059dcb2e976e95311ec6e9cc53876dd09632cf512d39c801849a7c1088a565691953e07c7ff17b22518e982dd2dcc0feda8c834ca1f5e247aef1c3af5f13cd4b8cc1b6c0179bc876db88d677047c34366533e349796dbdea86389ad640710b7742ae8cc4ec88f10fa80ede4b1c93f81b55480fc8228216d54813df0327e74b3db9f3512a40c0568e4215827f9b7a2613deea72a7ec4df2def05e5559015049fe83edc83300526045cb128119e131b7d3573b268e24b0a25b9ad59f6301c8fc8f409322
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 3300000057ee4d659a923e7c10000000000057
+            Version: 3
+            TBS:
+                MD5: fdc11a5676aed4e9cc0c09eeb7450dfb
+                SHA1: 4902077d9a05d4231b791d3b05bafa4a79132f03
+                SHA256: 5db56c23d83bf67c7152e28ad4a684a7372b4ae4f52afe7a81ce91eef94caec3
+                SHA384: c952d7f0e0ea5216ce4400601fb7c0829f0f3fcd6eb2b5b9112fbe45d133e00c4abd660f8e1794f7ac4ef95123e2c0ab
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2014
+            ValidFrom: '2014-10-15 20:31:27'
+            ValidTo: '2029-10-15 20:41:27'
+            Signature: 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 330000000d690d5d7893d076df00000000000d
+            Version: 3
+            TBS:
+                MD5: 83f69422963f11c3c340b81712eef319
+                SHA1: 0c5e5f24590b53bc291e28583acb78e5adc95601
+                SHA256: d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
+                SHA384: 260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63
+        Signer:
+        -   SerialNumber: 3300000057ee4d659a923e7c10000000000057
+            Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2014
+            Version: 1
+    Imphash: 28dc68bb6d6bf4f6b2db8dd7588b2511
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/c1ece07b-e92a-4050-95ee-90e03aa82120.yaml b/yaml/c1ece07b-e92a-4050-95ee-90e03aa82120.yaml
index a80920084..67f618578 100644
--- a/yaml/c1ece07b-e92a-4050-95ee-90e03aa82120.yaml
+++ b/yaml/c1ece07b-e92a-4050-95ee-90e03aa82120.yaml
@@ -1,35 +1,35 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: c1ece07b-e92a-4050-95ee-90e03aa82120
+Tags:
+- NetProxyDriver.sys
+Verified: 'FALSE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create NetProxyDriver.sys binPath=C:\windows\temp\NetProxyDriver.sys     type=kernel
-    type=kernel && sc.exe start NetProxyDriver.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection: []
-Id: c1ece07b-e92a-4050-95ee-90e03aa82120
-KnownVulnerableSamples:
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: NetProxyDriver.sys
-  MachineType: ''
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA256: 8111085022bda87e5f6aa4c195e743cc6dd6a3a6d41add475d267dc6b105a69f
-  Signature: []
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create NetProxyDriver.sys binPath=C:\windows\temp\NetProxyDriver.sys     type=kernel
+        type=kernel && sc.exe start NetProxyDriver.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules
-Tags:
-- NetProxyDriver.sys
-Verified: 'FALSE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: NetProxyDriver.sys
+    MachineType: ''
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA256: 8111085022bda87e5f6aa4c195e743cc6dd6a3a6d41add475d267dc6b105a69f
+    Signature: []
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/c2e70ee6-2f13-4d43-ad5a-c2bf033cc457.yaml b/yaml/c2e70ee6-2f13-4d43-ad5a-c2bf033cc457.yaml
index c0a7a3cdc..4591345d7 100644
--- a/yaml/c2e70ee6-2f13-4d43-ad5a-c2bf033cc457.yaml
+++ b/yaml/c2e70ee6-2f13-4d43-ad5a-c2bf033cc457.yaml
@@ -1,35 +1,35 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: c2e70ee6-2f13-4d43-ad5a-c2bf033cc457
+Tags:
+- d4.sys
+Verified: 'FALSE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create d4.sys binPath=C:\windows\temp\d4.sys type=kernel && sc.exe
-    start d4.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection: []
-Id: c2e70ee6-2f13-4d43-ad5a-c2bf033cc457
-KnownVulnerableSamples:
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: d4.sys
-  MachineType: ''
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA256: 823da894b2c73ffcd39e77366b6f1abf0ae9604d9b20140a54e6d55053aadeba
-  Signature: []
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create d4.sys binPath=C:\windows\temp\d4.sys type=kernel && sc.exe
+        start d4.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules
-Tags:
-- d4.sys
-Verified: 'FALSE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: d4.sys
+    MachineType: ''
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA256: 823da894b2c73ffcd39e77366b6f1abf0ae9604d9b20140a54e6d55053aadeba
+    Signature: []
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/c33648d7-6473-4e2b-92f6-93f195bc183f.yaml b/yaml/c33648d7-6473-4e2b-92f6-93f195bc183f.yaml
index fdadfa0e3..c44d0923e 100644
--- a/yaml/c33648d7-6473-4e2b-92f6-93f195bc183f.yaml
+++ b/yaml/c33648d7-6473-4e2b-92f6-93f195bc183f.yaml
@@ -1,1720 +1,1738 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: c33648d7-6473-4e2b-92f6-93f195bc183f
+Tags:
+- nvflsh32.sys
+Verified: 'TRUE'
 Author: Michael Haag
+Created: '2023-07-22'
+MitreID: T1068
 CVE:
 - ''
 Category: vulnerable drivers
 Commands:
-  Command: ''
-  Description: Confirmed vulnerable driver from Microsoft Block List
-  OperatingSystem: Windows
-  Privileges: kernel
-  Usecase: Elevate privileges
-Created: '2023-07-22'
-Detection:
-- type: ''
-  value: ''
-Id: c33648d7-6473-4e2b-92f6-93f195bc183f
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 349443d5fb1afb677c726b000917a039
-    SHA1: d4492258676968c5f3eabd0189f149ca143f16d4
-    SHA256: 1e1f20ceb2bfe9f38b50d6c997dbad032b2a79937ef6b3ce41b34bb74fbd24db
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2016-09-22 12:16:09'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - ZwOpenSection
-  - RtlInitUnicodeString
-  - ZwUnmapViewOfSection
-  - IofCompleteRequest
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ObReferenceObjectByHandle
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - ExAllocatePoolWithTag
-  - KeTickCount
-  - KeBugCheckEx
-  - ZwMapViewOfSection
-  - ObfDereferenceObject
-  - ExFreePoolWithTag
-  - ZwClose
-  - READ_PORT_ULONG
-  - HalTranslateBusAddress
-  - WRITE_PORT_ULONG
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: 804c3cda22b58a6b4eec8a1a789e5e27
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: e13d58791de2d0a78a75e7aa5895f01c
-    SHA1: b01e89baeba99bf6936438515a7908c0e67e1904
-    SHA256: 8c7a52aca95ef6b480d3aa8b2fc87809f8761197b6a2df4bae7a34da6664f6c6
-  SHA1: 55cf0933c84102cedfe787194823f85b684ac6e2
-  SHA256: 4710acca9c4a61e2fc6daafb09d72e11b603ef8cd732e12a84274ea9ad6d43be
-  Sections:
-    .text:
-      Entropy: 6.103723738242973
-      Virtual Size: '0x730'
-    .rdata:
-      Entropy: 4.65200565168475
-      Virtual Size: '0xfe'
-    .data:
-      Entropy: 2.1258145836939115
-      Virtual Size: '0xc'
-    INIT:
-      Entropy: 5.339356970733769
-      Virtual Size: '0x27a'
-    .reloc:
-      Entropy: 4.318633733633229
-      Virtual Size: '0x8c'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Timestamping CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2028-01-28 12:00:00'
-      Signature: 4e5e56901e46b4d94931f3bb1739281bc216ddfd41dc0905049b6fb2a29ad6992e40990055b5ea3fa52076d38634d417cc553ac782eeefa8babcd8069f1550dfcd167b523a02d7191afdaff0785ce04bc518df3a241edaacb8a95804020730dbb0125efe31bef00448f4f070f83a5e5683cf3dfb0dbcf4c5ed979db9d4dba52784e3389b8ba735864420a43b6da46a0ba183fd28ebdaef28f6cc885dfb0a3b00abe021ebe22f356c0f8e344597eba2f79933357ecb9a8abb454de73f9fc2d98afa65b26ec77e65ffe892e12c31a2f7b02736488f266f3bee4d761f79c3e57f9635bc2d0ecc01b08e7fff518080a792d4b34446648c874f166307314b63b0dff3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee152d7
-      Version: 3
-      TBS:
-        MD5: e140543fe3256027cfa79fc3c19c1776
-        SHA1: c655f94eb1ecc93de319fc0c9a2dc6c5ec063728
-        SHA256: 3ca71e85908ff67368e4dc00253f5691b9e6d50c966e7784143d75fb92aa3448
-        SHA384: d9d366f9328f2b55ee19a32cc5fd5148b81d764282fe5dc196c872ae249caa51d2c212ef39f33945dfe0cda81925e326
-    - Subject: C=SG, O=GMO GlobalSign Pte Ltd, CN=GlobalSign TSA for MS Authenticode
-        , G2
-      ValidFrom: '2016-05-24 00:00:00'
-      ValidTo: '2027-06-24 00:00:00'
-      Signature: 8fa91a916d04a637200e8396de23d36b6e1f6edd643d682122b5f84736698ee1a545c724a222b72909cc545aaec6bccd638eb33d5048e5b4ccaecd928d9e288b134a11aabda3efd3b236fcb4a172bf6d9763798c44bc702f7ef3bcdd8253ab1af6ebfa1c97bcb6379ca41c30bcabbc2d4736df922003e871c658f675059a34f00b595a824434aa80e42f84f6475d96c9b6caca9db7a6bae450d3d437b8ba200ed0d3922a5bc459bba16ddb3cce449dc1382aade38dbdcd09771a10be670a02366488b9b31b26eee79e60c446a8bc61336ccf4eb99cb96af09f37feb53d4f9ad34dffde208e4e97a6fd9f09bc4dca1876c9b04d8550f280d21d06f5580407b118
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1121d699a764973ef1f8427ee919cc534114
-      Version: 3
-      TBS:
-        MD5: acb5170547d76873f1e4ff18ed5de2eb
-        SHA1: bd6e261e75b807381bada7287de04d259258a5fa
-        SHA256: 4783380498acf592286ef2dea0fcc5bdea3f54d5e374d3e3497df9d5f662cfb6
-        SHA384: 4f428f115cf3d008248f15f32007fc7c54bd454e1b48b765776b4c87c23ab8818d8fbcbb3646d35eca012b025260a3b8
-    - Subject: C=US, ST=California, L=SANTA CLARA, O=NVIDIA Corporation, CN=NVIDIA
-        Corporation
-      ValidFrom: '2015-07-28 00:00:00'
-      ValidTo: '2018-07-26 23:59:59'
-      Signature: 988b749e6c6dfa90bcce704fcb9c081682463fcb9369f50230799817c5a5d2070e4a9803fcbbd643deae6fa5e8487b3499d5adafdca75ded45bfaa51ffba486a50139e5307035cd720852628b94aeb21873e8d28a69cbc07c941c6a3225b7ff3e6f4f3fcf37aea2a8860af577d6d31cf5bcb986a0c8fb8a71daae5cc74e5432cf7b01af58b8ea0e6c510a1a841a22dbd3ca766d2e7a9177273931527c0677a66d279b269e1a1b99ff11ab5a2f8ff601e4627364239d821d898c9d7f6f57d016993af75523ea3a3df6b43afb3f55376309f63d0bad89acd2f03876dc7da206ec95bfe850b2774e6c6dc4dfd9a2d4e59a4951b47d49b90377d106504ee0fb77176
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 14781bc862e8dc503a559346f5dcc518
-      Version: 3
-      TBS:
-        MD5: ca9c04cba2830b5f4ef152b4a39d12ed
-        SHA1: f049a238763d4a90b148ab10a500f96ebf1dc436
-        SHA256: aef2a80c4f1f523fd6832fef743b9222808b1c71991e914635846ab8802c4fd9
-        SHA384: 9675fa13ddfdf105282fbbe4697fdda632d16b27b5b81844f5694b9022b0556e2d32ed6e1b9665b5d792499a314e7eb2
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 14781bc862e8dc503a559346f5dcc518
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 528ac7a1e034801d1f20238971c6ec19
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: ec01455b6d890e6d26e7630c8c456bde
-    SHA1: d23911ce1e509163146b3661fa09031708be327d
-    SHA256: c2f5db10a59577aeff8550a58f9d96ce8aa8c1a13f96814cd0f4bb03274968e9
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2013-02-26 16:39:43'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - ZwOpenSection
-  - RtlInitUnicodeString
-  - ZwUnmapViewOfSection
-  - IofCompleteRequest
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ObReferenceObjectByHandle
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - ExAllocatePoolWithTag
-  - KeTickCount
-  - KeBugCheckEx
-  - ZwMapViewOfSection
-  - ObfDereferenceObject
-  - ExFreePoolWithTag
-  - ZwClose
-  - READ_PORT_ULONG
-  - HalTranslateBusAddress
-  - WRITE_PORT_ULONG
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: 4972b9e4cd0a2cb8fc71ffc9cbcb8c01
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: e13d58791de2d0a78a75e7aa5895f01c
-    SHA1: b01e89baeba99bf6936438515a7908c0e67e1904
-    SHA256: 8c7a52aca95ef6b480d3aa8b2fc87809f8761197b6a2df4bae7a34da6664f6c6
-  SHA1: 33f41ec87cd551fb5a6d7ab12df1959e58d6306f
-  SHA256: 4115b7a30061d11a034188c0ec7a2223f3b032c8b3420cfffabf6c4df692920d
-  Sections:
-    .text:
-      Entropy: 6.103723738242973
-      Virtual Size: '0x730'
-    .rdata:
-      Entropy: 4.142425355657491
-      Virtual Size: '0xc3'
-    .data:
-      Entropy: 2.1258145836939115
-      Virtual Size: '0xc'
-    INIT:
-      Entropy: 5.339356970733769
-      Virtual Size: '0x27a'
-    .reloc:
-      Entropy: 4.318633733633229
-      Virtual Size: '0x8c'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=US, ST=California, L=Santa Clara, O=NVIDIA Corporation, OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=Software, CN=NVIDIA Corporation
-      ValidFrom: '2011-09-02 00:00:00'
-      ValidTo: '2014-09-01 23:59:59'
-      Signature: 5238793a97b2868da546597dbe0a1fba197ae635b9f53b53e26758194d749767e05fb1ce407fd31469376b37c67d5d48bc834f970ac733cd63d557e8a3be20a1fbf9d09e7a5c6c4ebd6fc18a68d0842d2ffdf6f79142d914c6521d227014040fa12f2afb3878aa065cfbed7fa29091b4fe54ea6237a0e1f8f183d0573ebb5bfe712cee4c49bd0b2f40c33bfcf0c7de0bc51ce01a70d14072d4d01216f36e388159220a4d8e3250ddccd71c7ef8a93a26edda2e959b598703a85fa391630e052454e31390dd82d69afee5df2f287bdce8f45f6363c27e6e23ab92faefc7e8d78c10cc1f936f33c36a134cb8820b5749ff479f70834bd99d8e15ad79a1cb3d7ebf
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 43bb437d609866286dd839e1d00309f5
-      Version: 3
-      TBS:
-        MD5: cef292b5c6cdb07e480ccbba0c9d56d1
-        SHA1: 15c37dbebe6fcc77108e3d7ad982676d3d5e77f7
-        SHA256: 3cb152375fa9e694fd2f9167c382005166871c783774997df1a42e0b6013d82a
-        SHA384: e64427dea71a71110ebc317f3552cd7193c5743f72d5cac9257abe80346d15ee42930d5a85e16c02ea06f56c7e8811fb
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 43bb437d609866286dd839e1d00309f5
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 528ac7a1e034801d1f20238971c6ec19
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: ec01455b6d890e6d26e7630c8c456bde
-    SHA1: d23911ce1e509163146b3661fa09031708be327d
-    SHA256: c2f5db10a59577aeff8550a58f9d96ce8aa8c1a13f96814cd0f4bb03274968e9
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2013-02-26 16:39:43'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - ZwOpenSection
-  - RtlInitUnicodeString
-  - ZwUnmapViewOfSection
-  - IofCompleteRequest
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ObReferenceObjectByHandle
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - ExAllocatePoolWithTag
-  - KeTickCount
-  - KeBugCheckEx
-  - ZwMapViewOfSection
-  - ObfDereferenceObject
-  - ExFreePoolWithTag
-  - ZwClose
-  - READ_PORT_ULONG
-  - HalTranslateBusAddress
-  - WRITE_PORT_ULONG
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: 4972b9e4cd0a2cb8fc71ffc9cbcb8c01
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: e13d58791de2d0a78a75e7aa5895f01c
-    SHA1: b01e89baeba99bf6936438515a7908c0e67e1904
-    SHA256: 8c7a52aca95ef6b480d3aa8b2fc87809f8761197b6a2df4bae7a34da6664f6c6
-  SHA1: 33f41ec87cd551fb5a6d7ab12df1959e58d6306f
-  SHA256: 4115b7a30061d11a034188c0ec7a2223f3b032c8b3420cfffabf6c4df692920d
-  Sections:
-    .text:
-      Entropy: 6.103723738242973
-      Virtual Size: '0x730'
-    .rdata:
-      Entropy: 4.142425355657491
-      Virtual Size: '0xc3'
-    .data:
-      Entropy: 2.1258145836939115
-      Virtual Size: '0xc'
-    INIT:
-      Entropy: 5.339356970733769
-      Virtual Size: '0x27a'
-    .reloc:
-      Entropy: 4.318633733633229
-      Virtual Size: '0x8c'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=US, ST=California, L=Santa Clara, O=NVIDIA Corporation, OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=Software, CN=NVIDIA Corporation
-      ValidFrom: '2011-09-02 00:00:00'
-      ValidTo: '2014-09-01 23:59:59'
-      Signature: 5238793a97b2868da546597dbe0a1fba197ae635b9f53b53e26758194d749767e05fb1ce407fd31469376b37c67d5d48bc834f970ac733cd63d557e8a3be20a1fbf9d09e7a5c6c4ebd6fc18a68d0842d2ffdf6f79142d914c6521d227014040fa12f2afb3878aa065cfbed7fa29091b4fe54ea6237a0e1f8f183d0573ebb5bfe712cee4c49bd0b2f40c33bfcf0c7de0bc51ce01a70d14072d4d01216f36e388159220a4d8e3250ddccd71c7ef8a93a26edda2e959b598703a85fa391630e052454e31390dd82d69afee5df2f287bdce8f45f6363c27e6e23ab92faefc7e8d78c10cc1f936f33c36a134cb8820b5749ff479f70834bd99d8e15ad79a1cb3d7ebf
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 43bb437d609866286dd839e1d00309f5
-      Version: 3
-      TBS:
-        MD5: cef292b5c6cdb07e480ccbba0c9d56d1
-        SHA1: 15c37dbebe6fcc77108e3d7ad982676d3d5e77f7
-        SHA256: 3cb152375fa9e694fd2f9167c382005166871c783774997df1a42e0b6013d82a
-        SHA384: e64427dea71a71110ebc317f3552cd7193c5743f72d5cac9257abe80346d15ee42930d5a85e16c02ea06f56c7e8811fb
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 43bb437d609866286dd839e1d00309f5
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 528ac7a1e034801d1f20238971c6ec19
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 88891b1ac7ba6983708755427a8aa421
-    SHA1: c5ab13c024491029aa6f72020a4e44a8af004ee9
-    SHA256: 7680d9b4f66fe4fe9d4a45f2ebdb3f17e7d3e2519e0b61d691761a2222cf444b
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2010-05-25 14:12:50'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - ZwOpenSection
-  - RtlInitUnicodeString
-  - ZwUnmapViewOfSection
-  - IofCompleteRequest
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ObReferenceObjectByHandle
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - ExAllocatePoolWithTag
-  - KeTickCount
-  - KeBugCheckEx
-  - ZwMapViewOfSection
-  - ObfDereferenceObject
-  - ExFreePoolWithTag
-  - ZwClose
-  - READ_PORT_ULONG
-  - HalTranslateBusAddress
-  - WRITE_PORT_ULONG
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: a19eca4bc9dab100a0f0a1d5a1221fdc
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: e13d58791de2d0a78a75e7aa5895f01c
-    SHA1: b01e89baeba99bf6936438515a7908c0e67e1904
-    SHA256: 8c7a52aca95ef6b480d3aa8b2fc87809f8761197b6a2df4bae7a34da6664f6c6
-  SHA1: 385e2c136233722e6c4f21d16ee51b9e2c8aaade
-  SHA256: 79aa2cedd1b8415ba6d00f4b3601e2363c8bdd07f860a3b8de010f9e5187c0e9
-  Sections:
-    .text:
-      Entropy: 6.103049870654184
-      Virtual Size: '0x730'
-    .rdata:
-      Entropy: 4.186989232251814
-      Virtual Size: '0xc3'
-    .data:
-      Entropy: 2.1258145836939115
-      Virtual Size: '0xc'
-    INIT:
-      Entropy: 5.339356970733769
-      Virtual Size: '0x27a'
-    .reloc:
-      Entropy: 4.318633733633229
-      Virtual Size: '0x8c'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=US, ST=California, L=Santa Clara, O=NVIDIA Corporation, OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=Software, CN=NVIDIA Corporation
-      ValidFrom: '2009-07-31 00:00:00'
-      ValidTo: '2011-09-01 23:59:59'
-      Signature: 637b2f21e7ca2d9c511e9d61685062a36b1fa997fd860d4ebad28445116b417cef4a1bd7dfeb3a0aa4de2e23eae4c7f3abf12e823e3f4aa43e11df3c5bc1822d42125ae4c85c5b1de854950abdf7c1c1dce54186c2294bee017fdacfb123b13d8b1fce69fd7f1f40a112a4b8ca5e17a54251afae7b60f5e5e75cc20cc86bb0578c8478d21c7293af4613094ceff5ead14b0933572693afa4157fbb2ab13cb7a8d44d99fff11be3c0813bbb421ee7a0ed6e6da8f0d0ba915af1db2c9bd63d1bf371ddad6002debf35d03c124253aa9f4b06e5e448a075ef4d084b8061724d7263d19c48b28d916c8a582b5841a161e18d48d6c9618b8100f4194ca648a2fc656b
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 534abed0be56d9840dd12ddb84f8b031
-      Version: 3
-      TBS:
-        MD5: 4914c1d2c944d48a9636059155440df8
-        SHA1: 0337264fca5a8d774786b5b275e03ab42edb11ae
-        SHA256: 8833131f04e02297c80b986ec7e7793e194fb144470dc36cc57a376487c2750b
-        SHA384: 8450d31af22887ac50415c01d88f7eb6081b7044ab8f35ac0b63e09828786258e73fed98f37c99df6d5472b6a34f6db3
-    Signer:
-    - SerialNumber: 534abed0be56d9840dd12ddb84f8b031
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  Imphash: 528ac7a1e034801d1f20238971c6ec19
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 68f35abd2da737c67ff82b40507e776a
-    SHA1: b4f0f313882c61fce95faa982ca2e36c7129b5bd
-    SHA256: e52bb23d6e4572fda5318addb4dad602629c8f254b8e6c4baf4033dddf13d660
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2014-04-11 04:18:45'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - ZwOpenSection
-  - RtlInitUnicodeString
-  - ZwUnmapViewOfSection
-  - IofCompleteRequest
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ObReferenceObjectByHandle
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - ExAllocatePoolWithTag
-  - KeTickCount
-  - KeBugCheckEx
-  - ZwMapViewOfSection
-  - ObfDereferenceObject
-  - ExFreePoolWithTag
-  - ZwClose
-  - READ_PORT_ULONG
-  - HalTranslateBusAddress
-  - WRITE_PORT_ULONG
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: de1483e962bae5db0735872c036e404f
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: e13d58791de2d0a78a75e7aa5895f01c
-    SHA1: b01e89baeba99bf6936438515a7908c0e67e1904
-    SHA256: 8c7a52aca95ef6b480d3aa8b2fc87809f8761197b6a2df4bae7a34da6664f6c6
-  SHA1: 1d9a00b69a2e6b862410868b93cd6f6c2a553091
-  SHA256: c11305fc8da85568b2d41cdf030ce260815fea848af91dc0e01076d461bab919
-  Sections:
-    .text:
-      Entropy: 6.103723738242973
-      Virtual Size: '0x730'
-    .rdata:
-      Entropy: 4.156220001482583
-      Virtual Size: '0xc3'
-    .data:
-      Entropy: 2.1258145836939115
-      Virtual Size: '0xc'
-    INIT:
-      Entropy: 5.339356970733769
-      Virtual Size: '0x27a'
-    .reloc:
-      Entropy: 4.318633733633229
-      Virtual Size: '0x8c'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=US, ST=California, L=Santa Clara, O=NVIDIA Corporation, OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=Software, CN=NVIDIA Corporation
-      ValidFrom: '2011-09-02 00:00:00'
-      ValidTo: '2014-09-01 23:59:59'
-      Signature: 5238793a97b2868da546597dbe0a1fba197ae635b9f53b53e26758194d749767e05fb1ce407fd31469376b37c67d5d48bc834f970ac733cd63d557e8a3be20a1fbf9d09e7a5c6c4ebd6fc18a68d0842d2ffdf6f79142d914c6521d227014040fa12f2afb3878aa065cfbed7fa29091b4fe54ea6237a0e1f8f183d0573ebb5bfe712cee4c49bd0b2f40c33bfcf0c7de0bc51ce01a70d14072d4d01216f36e388159220a4d8e3250ddccd71c7ef8a93a26edda2e959b598703a85fa391630e052454e31390dd82d69afee5df2f287bdce8f45f6363c27e6e23ab92faefc7e8d78c10cc1f936f33c36a134cb8820b5749ff479f70834bd99d8e15ad79a1cb3d7ebf
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 43bb437d609866286dd839e1d00309f5
-      Version: 3
-      TBS:
-        MD5: cef292b5c6cdb07e480ccbba0c9d56d1
-        SHA1: 15c37dbebe6fcc77108e3d7ad982676d3d5e77f7
-        SHA256: 3cb152375fa9e694fd2f9167c382005166871c783774997df1a42e0b6013d82a
-        SHA384: e64427dea71a71110ebc317f3552cd7193c5743f72d5cac9257abe80346d15ee42930d5a85e16c02ea06f56c7e8811fb
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 43bb437d609866286dd839e1d00309f5
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 528ac7a1e034801d1f20238971c6ec19
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 0e52d99f0c6cb48566ca2dc9be3082dc
-    SHA1: e3908d3df9154fd25dae684c1e12750ab6c57fe1
-    SHA256: 5c58c38e4737c750ccafa621a18d875299bb5440bb1900eb8469dcf4130049c8
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2009-06-04 10:13:53'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - ZwOpenSection
-  - RtlInitUnicodeString
-  - ZwUnmapViewOfSection
-  - IofCompleteRequest
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ObReferenceObjectByHandle
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - ExAllocatePoolWithTag
-  - KeTickCount
-  - KeBugCheckEx
-  - ZwMapViewOfSection
-  - ObfDereferenceObject
-  - ExFreePoolWithTag
-  - ZwClose
-  - READ_PORT_ULONG
-  - HalTranslateBusAddress
-  - WRITE_PORT_ULONG
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: 927b1f6b14c51cb5491f286cbcfaed81
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: e13d58791de2d0a78a75e7aa5895f01c
-    SHA1: b01e89baeba99bf6936438515a7908c0e67e1904
-    SHA256: 8c7a52aca95ef6b480d3aa8b2fc87809f8761197b6a2df4bae7a34da6664f6c6
-  SHA1: 7e919b51092f00b1305191ca5e4b76ab3a9403fc
-  SHA256: fd94be9ac97f06abe64426933fbee02871d5d181b1d9025daf1aaa92d9342e90
-  Sections:
-    .text:
-      Entropy: 6.104619748831234
-      Virtual Size: '0x730'
-    .rdata:
-      Entropy: 4.177893834084298
-      Virtual Size: '0xc3'
-    .data:
-      Entropy: 2.1258145836939115
-      Virtual Size: '0xc'
-    INIT:
-      Entropy: 5.339356970733769
-      Virtual Size: '0x27a'
-    .reloc:
-      Entropy: 4.318633733633229
-      Virtual Size: '0x8c'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=US, ST=California, L=Santa Clara, O=NVIDIA Corporation, OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=Software, CN=NVIDIA Corporation
-      ValidFrom: '2007-08-07 00:00:00'
-      ValidTo: '2009-09-01 23:59:59'
-      Signature: 657ca22c6aee2d80e07d1d99f3b398873df0f8f68d6436cf98cc75c08d85d9c25a08c551117d7e953a865cff6a21049bdf07b1ea64d97fde9f03846a76f5a6157bb402c623b2e06f6765477f8ed4ef18c2f1f5a2670291479ad7b0adf93651e6dbba1229aff21c64a3b08eb8925b34e4e5e8b81b32a8922881158730d5279effc64687f44c278bae83ef2b920f48f857e02691fc88e2b31a342e6de912c57245571b74791fe6fb7c013511ee13690cf2bbc627ff4f8798bae0c2d0366089f2633c5472d7d159e9734afa1481fe861c29a10da1aa65cbcbf91ead8b03411584d16b66731e1043f3da0a516ed6f0142d9df8975c5b646a826cf0a88ba59ad0d512
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3af820a6907699580410055228ecaddf
-      Version: 3
-      TBS:
-        MD5: 175416493bada497157d28d65f476b32
-        SHA1: 80854f578e2a3b5552ea839ba4f98ddfe94b2381
-        SHA256: 9f176c9eea37039bc9ac9c92f64af7e3718e9cab05291cca2408dbef2bfb7a50
-        SHA384: c178b9d04327f47938b970e8645084e9ef15aec5f42a31067d0d9fb74cce2f092b73d4564be9bcbddd13715b063ab942
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 3af820a6907699580410055228ecaddf
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  Imphash: 528ac7a1e034801d1f20238971c6ec19
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 06c15903d891afcfb39e66a834f2e057
-    SHA1: 01371beb459717f8030a4f1f1b3c6e041d8a540d
-    SHA256: 11e3d9aa67ef620a452458f67e101aa513c7fbcca8f35e2e5d0e3403d9dee937
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2016-06-14 16:02:50'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - ZwOpenSection
-  - RtlInitUnicodeString
-  - ZwUnmapViewOfSection
-  - IofCompleteRequest
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ObReferenceObjectByHandle
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - ExAllocatePoolWithTag
-  - KeTickCount
-  - KeBugCheckEx
-  - ZwMapViewOfSection
-  - ObfDereferenceObject
-  - ExFreePoolWithTag
-  - ZwClose
-  - READ_PORT_ULONG
-  - HalTranslateBusAddress
-  - WRITE_PORT_ULONG
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: eac4a15c3d19af7f579b7d9ad2751543
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: e13d58791de2d0a78a75e7aa5895f01c
-    SHA1: b01e89baeba99bf6936438515a7908c0e67e1904
-    SHA256: 8c7a52aca95ef6b480d3aa8b2fc87809f8761197b6a2df4bae7a34da6664f6c6
-  SHA1: 298378c5515f87320e6507da9fd51204fa60c4b2
-  SHA256: b715d5682ab59a0ce3f858e47bf79bdf876a899f618c12c22b27cb1dd4daa8f4
-  Sections:
-    .text:
-      Entropy: 6.103723738242973
-      Virtual Size: '0x730'
-    .rdata:
-      Entropy: 4.672517282597135
-      Virtual Size: '0xfe'
-    .data:
-      Entropy: 2.1258145836939115
-      Virtual Size: '0xc'
-    INIT:
-      Entropy: 5.339356970733769
-      Virtual Size: '0x27a'
-    .reloc:
-      Entropy: 4.318633733633229
-      Virtual Size: '0x8c'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=California, L=SANTA CLARA, O=NVIDIA Corporation, CN=NVIDIA
-        Corporation
-      ValidFrom: '2015-07-28 00:00:00'
-      ValidTo: '2018-07-26 23:59:59'
-      Signature: 988b749e6c6dfa90bcce704fcb9c081682463fcb9369f50230799817c5a5d2070e4a9803fcbbd643deae6fa5e8487b3499d5adafdca75ded45bfaa51ffba486a50139e5307035cd720852628b94aeb21873e8d28a69cbc07c941c6a3225b7ff3e6f4f3fcf37aea2a8860af577d6d31cf5bcb986a0c8fb8a71daae5cc74e5432cf7b01af58b8ea0e6c510a1a841a22dbd3ca766d2e7a9177273931527c0677a66d279b269e1a1b99ff11ab5a2f8ff601e4627364239d821d898c9d7f6f57d016993af75523ea3a3df6b43afb3f55376309f63d0bad89acd2f03876dc7da206ec95bfe850b2774e6c6dc4dfd9a2d4e59a4951b47d49b90377d106504ee0fb77176
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 14781bc862e8dc503a559346f5dcc518
-      Version: 3
-      TBS:
-        MD5: ca9c04cba2830b5f4ef152b4a39d12ed
-        SHA1: f049a238763d4a90b148ab10a500f96ebf1dc436
-        SHA256: aef2a80c4f1f523fd6832fef743b9222808b1c71991e914635846ab8802c4fd9
-        SHA384: 9675fa13ddfdf105282fbbe4697fdda632d16b27b5b81844f5694b9022b0556e2d32ed6e1b9665b5d792499a314e7eb2
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 14781bc862e8dc503a559346f5dcc518
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 528ac7a1e034801d1f20238971c6ec19
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 2fa3c8fba04c06ebff10e8af8501e19b
-    SHA1: 239f1400ae2d6005db03f92203723bc227cfee7d
-    SHA256: c349c8036b5ee61e7b0831943697ba98bfe70a52bac0a06b497c229b0c0fff27
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2009-12-22 16:57:50'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - ZwOpenSection
-  - RtlInitUnicodeString
-  - ZwUnmapViewOfSection
-  - IofCompleteRequest
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ObReferenceObjectByHandle
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - ExAllocatePoolWithTag
-  - KeTickCount
-  - KeBugCheckEx
-  - ZwMapViewOfSection
-  - ObfDereferenceObject
-  - ExFreePoolWithTag
-  - ZwClose
-  - READ_PORT_ULONG
-  - HalTranslateBusAddress
-  - WRITE_PORT_ULONG
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: f8c5b8f95c6f86537a689f4083c54a18
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: e13d58791de2d0a78a75e7aa5895f01c
-    SHA1: b01e89baeba99bf6936438515a7908c0e67e1904
-    SHA256: 8c7a52aca95ef6b480d3aa8b2fc87809f8761197b6a2df4bae7a34da6664f6c6
-  SHA1: 487ad20f874099d63112ff347871a31fba548fce
-  SHA256: 835733590a778f48dae1df4e33da8455b89449fed3e04fa19b64bbdcb6a530db
-  Sections:
-    .text:
-      Entropy: 6.103049870654184
-      Virtual Size: '0x730'
-    .rdata:
-      Entropy: 4.128297727441268
-      Virtual Size: '0xc3'
-    .data:
-      Entropy: 2.1258145836939115
-      Virtual Size: '0xc'
-    INIT:
-      Entropy: 5.339356970733769
-      Virtual Size: '0x27a'
-    .reloc:
-      Entropy: 4.318633733633229
-      Virtual Size: '0x8c'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=US, ST=California, L=Santa Clara, O=NVIDIA Corporation, OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=Software, CN=NVIDIA Corporation
-      ValidFrom: '2009-07-31 00:00:00'
-      ValidTo: '2011-09-01 23:59:59'
-      Signature: 637b2f21e7ca2d9c511e9d61685062a36b1fa997fd860d4ebad28445116b417cef4a1bd7dfeb3a0aa4de2e23eae4c7f3abf12e823e3f4aa43e11df3c5bc1822d42125ae4c85c5b1de854950abdf7c1c1dce54186c2294bee017fdacfb123b13d8b1fce69fd7f1f40a112a4b8ca5e17a54251afae7b60f5e5e75cc20cc86bb0578c8478d21c7293af4613094ceff5ead14b0933572693afa4157fbb2ab13cb7a8d44d99fff11be3c0813bbb421ee7a0ed6e6da8f0d0ba915af1db2c9bd63d1bf371ddad6002debf35d03c124253aa9f4b06e5e448a075ef4d084b8061724d7263d19c48b28d916c8a582b5841a161e18d48d6c9618b8100f4194ca648a2fc656b
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 534abed0be56d9840dd12ddb84f8b031
-      Version: 3
-      TBS:
-        MD5: 4914c1d2c944d48a9636059155440df8
-        SHA1: 0337264fca5a8d774786b5b275e03ab42edb11ae
-        SHA256: 8833131f04e02297c80b986ec7e7793e194fb144470dc36cc57a376487c2750b
-        SHA384: 8450d31af22887ac50415c01d88f7eb6081b7044ab8f35ac0b63e09828786258e73fed98f37c99df6d5472b6a34f6db3
-    Signer:
-    - SerialNumber: 534abed0be56d9840dd12ddb84f8b031
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  Imphash: 528ac7a1e034801d1f20238971c6ec19
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 2bc29eaebb366f7f81f3c81200b8fe4a
-    SHA1: 507f08806cf4db099860bfe6725e1705d2f04994
-    SHA256: ab3fe6cbd9e3d70a64c5f3b186126cc38a04a624ceefc46afe4825f2001a3caa
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2012-11-29 13:31:32'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - ZwOpenSection
-  - RtlInitUnicodeString
-  - ZwUnmapViewOfSection
-  - IofCompleteRequest
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ObReferenceObjectByHandle
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - ExAllocatePoolWithTag
-  - KeTickCount
-  - KeBugCheckEx
-  - ZwMapViewOfSection
-  - ObfDereferenceObject
-  - ExFreePoolWithTag
-  - ZwClose
-  - READ_PORT_ULONG
-  - HalTranslateBusAddress
-  - WRITE_PORT_ULONG
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: 3ff6facc1598bf73890da601a518081a
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: e13d58791de2d0a78a75e7aa5895f01c
-    SHA1: b01e89baeba99bf6936438515a7908c0e67e1904
-    SHA256: 8c7a52aca95ef6b480d3aa8b2fc87809f8761197b6a2df4bae7a34da6664f6c6
-  SHA1: b3317298c0a72dd92e6b02d357940c7c6516bbfa
-  SHA256: df996d5a06a2e2ecc087569358b1957d500b176ec7ed37031bcee440963d9d80
-  Sections:
-    .text:
-      Entropy: 6.103723738242973
-      Virtual Size: '0x730'
-    .rdata:
-      Entropy: 4.2177584630210445
-      Virtual Size: '0xc3'
-    .data:
-      Entropy: 2.1258145836939115
-      Virtual Size: '0xc'
-    INIT:
-      Entropy: 5.339356970733769
-      Virtual Size: '0x27a'
-    .reloc:
-      Entropy: 4.318633733633229
-      Virtual Size: '0x8c'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G3
-      ValidFrom: '2012-05-01 00:00:00'
-      ValidTo: '2012-12-31 23:59:59'
-      Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
-      Version: 3
-      TBS:
-        MD5: e6d820afb23af20a65cf0b03247ea05e
-        SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
-        SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
-        SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=US, ST=California, L=Santa Clara, O=NVIDIA Corporation, OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=Software, CN=NVIDIA Corporation
-      ValidFrom: '2011-09-02 00:00:00'
-      ValidTo: '2014-09-01 23:59:59'
-      Signature: 5238793a97b2868da546597dbe0a1fba197ae635b9f53b53e26758194d749767e05fb1ce407fd31469376b37c67d5d48bc834f970ac733cd63d557e8a3be20a1fbf9d09e7a5c6c4ebd6fc18a68d0842d2ffdf6f79142d914c6521d227014040fa12f2afb3878aa065cfbed7fa29091b4fe54ea6237a0e1f8f183d0573ebb5bfe712cee4c49bd0b2f40c33bfcf0c7de0bc51ce01a70d14072d4d01216f36e388159220a4d8e3250ddccd71c7ef8a93a26edda2e959b598703a85fa391630e052454e31390dd82d69afee5df2f287bdce8f45f6363c27e6e23ab92faefc7e8d78c10cc1f936f33c36a134cb8820b5749ff479f70834bd99d8e15ad79a1cb3d7ebf
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 43bb437d609866286dd839e1d00309f5
-      Version: 3
-      TBS:
-        MD5: cef292b5c6cdb07e480ccbba0c9d56d1
-        SHA1: 15c37dbebe6fcc77108e3d7ad982676d3d5e77f7
-        SHA256: 3cb152375fa9e694fd2f9167c382005166871c783774997df1a42e0b6013d82a
-        SHA384: e64427dea71a71110ebc317f3552cd7193c5743f72d5cac9257abe80346d15ee42930d5a85e16c02ea06f56c7e8811fb
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 43bb437d609866286dd839e1d00309f5
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 528ac7a1e034801d1f20238971c6ec19
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 25a204379fc03c47777e59034726098c
-    SHA1: a3b195ea5f9e63790fa575dbef85d01b4e4d051f
-    SHA256: 989e3234c1b61ea2db590cb170f79e25e9c9a6262b7b9a751ecfc6bf4468b8c4
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2016-08-15 15:07:22'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - ZwOpenSection
-  - RtlInitUnicodeString
-  - ZwUnmapViewOfSection
-  - IofCompleteRequest
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ObReferenceObjectByHandle
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - ExAllocatePoolWithTag
-  - KeTickCount
-  - KeBugCheckEx
-  - ZwMapViewOfSection
-  - ObfDereferenceObject
-  - ExFreePoolWithTag
-  - ZwClose
-  - READ_PORT_ULONG
-  - HalTranslateBusAddress
-  - WRITE_PORT_ULONG
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: 6e1d33edc594af4d0e42a4b945a4f5f5
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: e13d58791de2d0a78a75e7aa5895f01c
-    SHA1: b01e89baeba99bf6936438515a7908c0e67e1904
-    SHA256: 8c7a52aca95ef6b480d3aa8b2fc87809f8761197b6a2df4bae7a34da6664f6c6
-  SHA1: 12419f5499213e2341b71e9123b7e965863964b7
-  SHA256: 9155470dc24449977d1be15a116b08705dd4c113a2eb4ab19a6000749ff4b100
-  Sections:
-    .text:
-      Entropy: 6.103723738242973
-      Virtual Size: '0x730'
-    .rdata:
-      Entropy: 4.6940175983896975
-      Virtual Size: '0xfe'
-    .data:
-      Entropy: 2.1258145836939115
-      Virtual Size: '0xc'
-    INIT:
-      Entropy: 5.339356970733769
-      Virtual Size: '0x27a'
-    .reloc:
-      Entropy: 4.318633733633229
-      Virtual Size: '0x8c'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=California, L=SANTA CLARA, O=NVIDIA Corporation, CN=NVIDIA
-        Corporation
-      ValidFrom: '2015-07-28 00:00:00'
-      ValidTo: '2018-07-26 23:59:59'
-      Signature: 988b749e6c6dfa90bcce704fcb9c081682463fcb9369f50230799817c5a5d2070e4a9803fcbbd643deae6fa5e8487b3499d5adafdca75ded45bfaa51ffba486a50139e5307035cd720852628b94aeb21873e8d28a69cbc07c941c6a3225b7ff3e6f4f3fcf37aea2a8860af577d6d31cf5bcb986a0c8fb8a71daae5cc74e5432cf7b01af58b8ea0e6c510a1a841a22dbd3ca766d2e7a9177273931527c0677a66d279b269e1a1b99ff11ab5a2f8ff601e4627364239d821d898c9d7f6f57d016993af75523ea3a3df6b43afb3f55376309f63d0bad89acd2f03876dc7da206ec95bfe850b2774e6c6dc4dfd9a2d4e59a4951b47d49b90377d106504ee0fb77176
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 14781bc862e8dc503a559346f5dcc518
-      Version: 3
-      TBS:
-        MD5: ca9c04cba2830b5f4ef152b4a39d12ed
-        SHA1: f049a238763d4a90b148ab10a500f96ebf1dc436
-        SHA256: aef2a80c4f1f523fd6832fef743b9222808b1c71991e914635846ab8802c4fd9
-        SHA384: 9675fa13ddfdf105282fbbe4697fdda632d16b27b5b81844f5694b9022b0556e2d32ed6e1b9665b5d792499a314e7eb2
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 14781bc862e8dc503a559346f5dcc518
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 528ac7a1e034801d1f20238971c6ec19
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 4ffe002f94b20caed9a0fe5d774f5f4c
-    SHA1: f3ad16a4376921f4f70e30f03b55dd87087cf8b4
-    SHA256: ae7d7d8a5bc48f2fb1dc81806a5eed52c3efc487cfdc8737d3ea3970dca7ce27
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2011-04-05 17:22:45'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - ZwOpenSection
-  - RtlInitUnicodeString
-  - ZwUnmapViewOfSection
-  - IofCompleteRequest
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ObReferenceObjectByHandle
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - ExAllocatePoolWithTag
-  - KeTickCount
-  - KeBugCheckEx
-  - ZwMapViewOfSection
-  - ObfDereferenceObject
-  - ExFreePoolWithTag
-  - ZwClose
-  - READ_PORT_ULONG
-  - HalTranslateBusAddress
-  - WRITE_PORT_ULONG
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: fc190e931663988766794e2776b84bc2
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: e13d58791de2d0a78a75e7aa5895f01c
-    SHA1: b01e89baeba99bf6936438515a7908c0e67e1904
-    SHA256: 8c7a52aca95ef6b480d3aa8b2fc87809f8761197b6a2df4bae7a34da6664f6c6
-  SHA1: 05e3e9b89ebdccbe18343652929896813a988d59
-  SHA256: 8162811e8aae05884e8cb84b8dd87c310e5ed5ec588b9023a4d849d558d6ae34
-  Sections:
-    .text:
-      Entropy: 6.103723738242973
-      Virtual Size: '0x730'
-    .rdata:
-      Entropy: 4.173194586426722
-      Virtual Size: '0xc3'
-    .data:
-      Entropy: 2.1258145836939115
-      Virtual Size: '0xc'
-    INIT:
-      Entropy: 5.339356970733769
-      Virtual Size: '0x27a'
-    .reloc:
-      Entropy: 4.318633733633229
-      Virtual Size: '0x8c'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=US, ST=California, L=Santa Clara, O=NVIDIA Corporation, OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=Software, CN=NVIDIA Corporation
-      ValidFrom: '2009-07-31 00:00:00'
-      ValidTo: '2011-09-01 23:59:59'
-      Signature: 637b2f21e7ca2d9c511e9d61685062a36b1fa997fd860d4ebad28445116b417cef4a1bd7dfeb3a0aa4de2e23eae4c7f3abf12e823e3f4aa43e11df3c5bc1822d42125ae4c85c5b1de854950abdf7c1c1dce54186c2294bee017fdacfb123b13d8b1fce69fd7f1f40a112a4b8ca5e17a54251afae7b60f5e5e75cc20cc86bb0578c8478d21c7293af4613094ceff5ead14b0933572693afa4157fbb2ab13cb7a8d44d99fff11be3c0813bbb421ee7a0ed6e6da8f0d0ba915af1db2c9bd63d1bf371ddad6002debf35d03c124253aa9f4b06e5e448a075ef4d084b8061724d7263d19c48b28d916c8a582b5841a161e18d48d6c9618b8100f4194ca648a2fc656b
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 534abed0be56d9840dd12ddb84f8b031
-      Version: 3
-      TBS:
-        MD5: 4914c1d2c944d48a9636059155440df8
-        SHA1: 0337264fca5a8d774786b5b275e03ab42edb11ae
-        SHA256: 8833131f04e02297c80b986ec7e7793e194fb144470dc36cc57a376487c2750b
-        SHA384: 8450d31af22887ac50415c01d88f7eb6081b7044ab8f35ac0b63e09828786258e73fed98f37c99df6d5472b6a34f6db3
-    Signer:
-    - SerialNumber: 534abed0be56d9840dd12ddb84f8b031
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  Imphash: 528ac7a1e034801d1f20238971c6ec19
-  LoadsDespiteHVCI: 'FALSE'
-MitreID: T1068
+    Command: ''
+    Description: Confirmed vulnerable driver from Microsoft Block List
+    OperatingSystem: Windows
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://gist.github.com/mgraeber-rc/1bde6a2a83237f17b463d051d32e802c
-Tags:
-- nvflsh32.sys
-Verified: 'TRUE'
+Detection:
+-   type: ''
+    value: ''
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 349443d5fb1afb677c726b000917a039
+        SHA1: d4492258676968c5f3eabd0189f149ca143f16d4
+        SHA256: 1e1f20ceb2bfe9f38b50d6c997dbad032b2a79937ef6b3ce41b34bb74fbd24db
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2016-09-22 12:16:09'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - ZwOpenSection
+    - RtlInitUnicodeString
+    - ZwUnmapViewOfSection
+    - IofCompleteRequest
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - ObReferenceObjectByHandle
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - ExAllocatePoolWithTag
+    - KeTickCount
+    - KeBugCheckEx
+    - ZwMapViewOfSection
+    - ObfDereferenceObject
+    - ExFreePoolWithTag
+    - ZwClose
+    - READ_PORT_ULONG
+    - HalTranslateBusAddress
+    - WRITE_PORT_ULONG
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: 804c3cda22b58a6b4eec8a1a789e5e27
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: e13d58791de2d0a78a75e7aa5895f01c
+        SHA1: b01e89baeba99bf6936438515a7908c0e67e1904
+        SHA256: 8c7a52aca95ef6b480d3aa8b2fc87809f8761197b6a2df4bae7a34da6664f6c6
+    SHA1: 55cf0933c84102cedfe787194823f85b684ac6e2
+    SHA256: 4710acca9c4a61e2fc6daafb09d72e11b603ef8cd732e12a84274ea9ad6d43be
+    Sections:
+        .text:
+            Entropy: 6.103723738242973
+            Virtual Size: '0x730'
+        .rdata:
+            Entropy: 4.65200565168475
+            Virtual Size: '0xfe'
+        .data:
+            Entropy: 2.1258145836939115
+            Virtual Size: '0xc'
+        INIT:
+            Entropy: 5.339356970733769
+            Virtual Size: '0x27a'
+        .reloc:
+            Entropy: 4.318633733633229
+            Virtual Size: '0x8c'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Timestamping CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2028-01-28 12:00:00'
+            Signature: 4e5e56901e46b4d94931f3bb1739281bc216ddfd41dc0905049b6fb2a29ad6992e40990055b5ea3fa52076d38634d417cc553ac782eeefa8babcd8069f1550dfcd167b523a02d7191afdaff0785ce04bc518df3a241edaacb8a95804020730dbb0125efe31bef00448f4f070f83a5e5683cf3dfb0dbcf4c5ed979db9d4dba52784e3389b8ba735864420a43b6da46a0ba183fd28ebdaef28f6cc885dfb0a3b00abe021ebe22f356c0f8e344597eba2f79933357ecb9a8abb454de73f9fc2d98afa65b26ec77e65ffe892e12c31a2f7b02736488f266f3bee4d761f79c3e57f9635bc2d0ecc01b08e7fff518080a792d4b34446648c874f166307314b63b0dff3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee152d7
+            Version: 3
+            TBS:
+                MD5: e140543fe3256027cfa79fc3c19c1776
+                SHA1: c655f94eb1ecc93de319fc0c9a2dc6c5ec063728
+                SHA256: 3ca71e85908ff67368e4dc00253f5691b9e6d50c966e7784143d75fb92aa3448
+                SHA384: d9d366f9328f2b55ee19a32cc5fd5148b81d764282fe5dc196c872ae249caa51d2c212ef39f33945dfe0cda81925e326
+        -   Subject: C=SG, O=GMO GlobalSign Pte Ltd, CN=GlobalSign TSA for MS Authenticode
+                , G2
+            ValidFrom: '2016-05-24 00:00:00'
+            ValidTo: '2027-06-24 00:00:00'
+            Signature: 8fa91a916d04a637200e8396de23d36b6e1f6edd643d682122b5f84736698ee1a545c724a222b72909cc545aaec6bccd638eb33d5048e5b4ccaecd928d9e288b134a11aabda3efd3b236fcb4a172bf6d9763798c44bc702f7ef3bcdd8253ab1af6ebfa1c97bcb6379ca41c30bcabbc2d4736df922003e871c658f675059a34f00b595a824434aa80e42f84f6475d96c9b6caca9db7a6bae450d3d437b8ba200ed0d3922a5bc459bba16ddb3cce449dc1382aade38dbdcd09771a10be670a02366488b9b31b26eee79e60c446a8bc61336ccf4eb99cb96af09f37feb53d4f9ad34dffde208e4e97a6fd9f09bc4dca1876c9b04d8550f280d21d06f5580407b118
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1121d699a764973ef1f8427ee919cc534114
+            Version: 3
+            TBS:
+                MD5: acb5170547d76873f1e4ff18ed5de2eb
+                SHA1: bd6e261e75b807381bada7287de04d259258a5fa
+                SHA256: 4783380498acf592286ef2dea0fcc5bdea3f54d5e374d3e3497df9d5f662cfb6
+                SHA384: 4f428f115cf3d008248f15f32007fc7c54bd454e1b48b765776b4c87c23ab8818d8fbcbb3646d35eca012b025260a3b8
+        -   Subject: C=US, ST=California, L=SANTA CLARA, O=NVIDIA Corporation, CN=NVIDIA
+                Corporation
+            ValidFrom: '2015-07-28 00:00:00'
+            ValidTo: '2018-07-26 23:59:59'
+            Signature: 988b749e6c6dfa90bcce704fcb9c081682463fcb9369f50230799817c5a5d2070e4a9803fcbbd643deae6fa5e8487b3499d5adafdca75ded45bfaa51ffba486a50139e5307035cd720852628b94aeb21873e8d28a69cbc07c941c6a3225b7ff3e6f4f3fcf37aea2a8860af577d6d31cf5bcb986a0c8fb8a71daae5cc74e5432cf7b01af58b8ea0e6c510a1a841a22dbd3ca766d2e7a9177273931527c0677a66d279b269e1a1b99ff11ab5a2f8ff601e4627364239d821d898c9d7f6f57d016993af75523ea3a3df6b43afb3f55376309f63d0bad89acd2f03876dc7da206ec95bfe850b2774e6c6dc4dfd9a2d4e59a4951b47d49b90377d106504ee0fb77176
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 14781bc862e8dc503a559346f5dcc518
+            Version: 3
+            TBS:
+                MD5: ca9c04cba2830b5f4ef152b4a39d12ed
+                SHA1: f049a238763d4a90b148ab10a500f96ebf1dc436
+                SHA256: aef2a80c4f1f523fd6832fef743b9222808b1c71991e914635846ab8802c4fd9
+                SHA384: 9675fa13ddfdf105282fbbe4697fdda632d16b27b5b81844f5694b9022b0556e2d32ed6e1b9665b5d792499a314e7eb2
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 14781bc862e8dc503a559346f5dcc518
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 528ac7a1e034801d1f20238971c6ec19
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: ec01455b6d890e6d26e7630c8c456bde
+        SHA1: d23911ce1e509163146b3661fa09031708be327d
+        SHA256: c2f5db10a59577aeff8550a58f9d96ce8aa8c1a13f96814cd0f4bb03274968e9
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2013-02-26 16:39:43'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - ZwOpenSection
+    - RtlInitUnicodeString
+    - ZwUnmapViewOfSection
+    - IofCompleteRequest
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - ObReferenceObjectByHandle
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - ExAllocatePoolWithTag
+    - KeTickCount
+    - KeBugCheckEx
+    - ZwMapViewOfSection
+    - ObfDereferenceObject
+    - ExFreePoolWithTag
+    - ZwClose
+    - READ_PORT_ULONG
+    - HalTranslateBusAddress
+    - WRITE_PORT_ULONG
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: 4972b9e4cd0a2cb8fc71ffc9cbcb8c01
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: e13d58791de2d0a78a75e7aa5895f01c
+        SHA1: b01e89baeba99bf6936438515a7908c0e67e1904
+        SHA256: 8c7a52aca95ef6b480d3aa8b2fc87809f8761197b6a2df4bae7a34da6664f6c6
+    SHA1: 33f41ec87cd551fb5a6d7ab12df1959e58d6306f
+    SHA256: 4115b7a30061d11a034188c0ec7a2223f3b032c8b3420cfffabf6c4df692920d
+    Sections:
+        .text:
+            Entropy: 6.103723738242973
+            Virtual Size: '0x730'
+        .rdata:
+            Entropy: 4.142425355657491
+            Virtual Size: '0xc3'
+        .data:
+            Entropy: 2.1258145836939115
+            Virtual Size: '0xc'
+        INIT:
+            Entropy: 5.339356970733769
+            Virtual Size: '0x27a'
+        .reloc:
+            Entropy: 4.318633733633229
+            Virtual Size: '0x8c'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=US, ST=California, L=Santa Clara, O=NVIDIA Corporation, OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, OU=Software, CN=NVIDIA
+                Corporation
+            ValidFrom: '2011-09-02 00:00:00'
+            ValidTo: '2014-09-01 23:59:59'
+            Signature: 5238793a97b2868da546597dbe0a1fba197ae635b9f53b53e26758194d749767e05fb1ce407fd31469376b37c67d5d48bc834f970ac733cd63d557e8a3be20a1fbf9d09e7a5c6c4ebd6fc18a68d0842d2ffdf6f79142d914c6521d227014040fa12f2afb3878aa065cfbed7fa29091b4fe54ea6237a0e1f8f183d0573ebb5bfe712cee4c49bd0b2f40c33bfcf0c7de0bc51ce01a70d14072d4d01216f36e388159220a4d8e3250ddccd71c7ef8a93a26edda2e959b598703a85fa391630e052454e31390dd82d69afee5df2f287bdce8f45f6363c27e6e23ab92faefc7e8d78c10cc1f936f33c36a134cb8820b5749ff479f70834bd99d8e15ad79a1cb3d7ebf
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 43bb437d609866286dd839e1d00309f5
+            Version: 3
+            TBS:
+                MD5: cef292b5c6cdb07e480ccbba0c9d56d1
+                SHA1: 15c37dbebe6fcc77108e3d7ad982676d3d5e77f7
+                SHA256: 3cb152375fa9e694fd2f9167c382005166871c783774997df1a42e0b6013d82a
+                SHA384: e64427dea71a71110ebc317f3552cd7193c5743f72d5cac9257abe80346d15ee42930d5a85e16c02ea06f56c7e8811fb
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 43bb437d609866286dd839e1d00309f5
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 528ac7a1e034801d1f20238971c6ec19
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: ec01455b6d890e6d26e7630c8c456bde
+        SHA1: d23911ce1e509163146b3661fa09031708be327d
+        SHA256: c2f5db10a59577aeff8550a58f9d96ce8aa8c1a13f96814cd0f4bb03274968e9
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2013-02-26 16:39:43'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - ZwOpenSection
+    - RtlInitUnicodeString
+    - ZwUnmapViewOfSection
+    - IofCompleteRequest
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - ObReferenceObjectByHandle
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - ExAllocatePoolWithTag
+    - KeTickCount
+    - KeBugCheckEx
+    - ZwMapViewOfSection
+    - ObfDereferenceObject
+    - ExFreePoolWithTag
+    - ZwClose
+    - READ_PORT_ULONG
+    - HalTranslateBusAddress
+    - WRITE_PORT_ULONG
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: 4972b9e4cd0a2cb8fc71ffc9cbcb8c01
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: e13d58791de2d0a78a75e7aa5895f01c
+        SHA1: b01e89baeba99bf6936438515a7908c0e67e1904
+        SHA256: 8c7a52aca95ef6b480d3aa8b2fc87809f8761197b6a2df4bae7a34da6664f6c6
+    SHA1: 33f41ec87cd551fb5a6d7ab12df1959e58d6306f
+    SHA256: 4115b7a30061d11a034188c0ec7a2223f3b032c8b3420cfffabf6c4df692920d
+    Sections:
+        .text:
+            Entropy: 6.103723738242973
+            Virtual Size: '0x730'
+        .rdata:
+            Entropy: 4.142425355657491
+            Virtual Size: '0xc3'
+        .data:
+            Entropy: 2.1258145836939115
+            Virtual Size: '0xc'
+        INIT:
+            Entropy: 5.339356970733769
+            Virtual Size: '0x27a'
+        .reloc:
+            Entropy: 4.318633733633229
+            Virtual Size: '0x8c'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=US, ST=California, L=Santa Clara, O=NVIDIA Corporation, OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, OU=Software, CN=NVIDIA
+                Corporation
+            ValidFrom: '2011-09-02 00:00:00'
+            ValidTo: '2014-09-01 23:59:59'
+            Signature: 5238793a97b2868da546597dbe0a1fba197ae635b9f53b53e26758194d749767e05fb1ce407fd31469376b37c67d5d48bc834f970ac733cd63d557e8a3be20a1fbf9d09e7a5c6c4ebd6fc18a68d0842d2ffdf6f79142d914c6521d227014040fa12f2afb3878aa065cfbed7fa29091b4fe54ea6237a0e1f8f183d0573ebb5bfe712cee4c49bd0b2f40c33bfcf0c7de0bc51ce01a70d14072d4d01216f36e388159220a4d8e3250ddccd71c7ef8a93a26edda2e959b598703a85fa391630e052454e31390dd82d69afee5df2f287bdce8f45f6363c27e6e23ab92faefc7e8d78c10cc1f936f33c36a134cb8820b5749ff479f70834bd99d8e15ad79a1cb3d7ebf
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 43bb437d609866286dd839e1d00309f5
+            Version: 3
+            TBS:
+                MD5: cef292b5c6cdb07e480ccbba0c9d56d1
+                SHA1: 15c37dbebe6fcc77108e3d7ad982676d3d5e77f7
+                SHA256: 3cb152375fa9e694fd2f9167c382005166871c783774997df1a42e0b6013d82a
+                SHA384: e64427dea71a71110ebc317f3552cd7193c5743f72d5cac9257abe80346d15ee42930d5a85e16c02ea06f56c7e8811fb
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 43bb437d609866286dd839e1d00309f5
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 528ac7a1e034801d1f20238971c6ec19
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 88891b1ac7ba6983708755427a8aa421
+        SHA1: c5ab13c024491029aa6f72020a4e44a8af004ee9
+        SHA256: 7680d9b4f66fe4fe9d4a45f2ebdb3f17e7d3e2519e0b61d691761a2222cf444b
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2010-05-25 14:12:50'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - ZwOpenSection
+    - RtlInitUnicodeString
+    - ZwUnmapViewOfSection
+    - IofCompleteRequest
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - ObReferenceObjectByHandle
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - ExAllocatePoolWithTag
+    - KeTickCount
+    - KeBugCheckEx
+    - ZwMapViewOfSection
+    - ObfDereferenceObject
+    - ExFreePoolWithTag
+    - ZwClose
+    - READ_PORT_ULONG
+    - HalTranslateBusAddress
+    - WRITE_PORT_ULONG
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: a19eca4bc9dab100a0f0a1d5a1221fdc
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: e13d58791de2d0a78a75e7aa5895f01c
+        SHA1: b01e89baeba99bf6936438515a7908c0e67e1904
+        SHA256: 8c7a52aca95ef6b480d3aa8b2fc87809f8761197b6a2df4bae7a34da6664f6c6
+    SHA1: 385e2c136233722e6c4f21d16ee51b9e2c8aaade
+    SHA256: 79aa2cedd1b8415ba6d00f4b3601e2363c8bdd07f860a3b8de010f9e5187c0e9
+    Sections:
+        .text:
+            Entropy: 6.103049870654184
+            Virtual Size: '0x730'
+        .rdata:
+            Entropy: 4.186989232251814
+            Virtual Size: '0xc3'
+        .data:
+            Entropy: 2.1258145836939115
+            Virtual Size: '0xc'
+        INIT:
+            Entropy: 5.339356970733769
+            Virtual Size: '0x27a'
+        .reloc:
+            Entropy: 4.318633733633229
+            Virtual Size: '0x8c'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=US, ST=California, L=Santa Clara, O=NVIDIA Corporation, OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, OU=Software, CN=NVIDIA
+                Corporation
+            ValidFrom: '2009-07-31 00:00:00'
+            ValidTo: '2011-09-01 23:59:59'
+            Signature: 637b2f21e7ca2d9c511e9d61685062a36b1fa997fd860d4ebad28445116b417cef4a1bd7dfeb3a0aa4de2e23eae4c7f3abf12e823e3f4aa43e11df3c5bc1822d42125ae4c85c5b1de854950abdf7c1c1dce54186c2294bee017fdacfb123b13d8b1fce69fd7f1f40a112a4b8ca5e17a54251afae7b60f5e5e75cc20cc86bb0578c8478d21c7293af4613094ceff5ead14b0933572693afa4157fbb2ab13cb7a8d44d99fff11be3c0813bbb421ee7a0ed6e6da8f0d0ba915af1db2c9bd63d1bf371ddad6002debf35d03c124253aa9f4b06e5e448a075ef4d084b8061724d7263d19c48b28d916c8a582b5841a161e18d48d6c9618b8100f4194ca648a2fc656b
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 534abed0be56d9840dd12ddb84f8b031
+            Version: 3
+            TBS:
+                MD5: 4914c1d2c944d48a9636059155440df8
+                SHA1: 0337264fca5a8d774786b5b275e03ab42edb11ae
+                SHA256: 8833131f04e02297c80b986ec7e7793e194fb144470dc36cc57a376487c2750b
+                SHA384: 8450d31af22887ac50415c01d88f7eb6081b7044ab8f35ac0b63e09828786258e73fed98f37c99df6d5472b6a34f6db3
+        Signer:
+        -   SerialNumber: 534abed0be56d9840dd12ddb84f8b031
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    Imphash: 528ac7a1e034801d1f20238971c6ec19
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 68f35abd2da737c67ff82b40507e776a
+        SHA1: b4f0f313882c61fce95faa982ca2e36c7129b5bd
+        SHA256: e52bb23d6e4572fda5318addb4dad602629c8f254b8e6c4baf4033dddf13d660
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2014-04-11 04:18:45'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - ZwOpenSection
+    - RtlInitUnicodeString
+    - ZwUnmapViewOfSection
+    - IofCompleteRequest
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - ObReferenceObjectByHandle
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - ExAllocatePoolWithTag
+    - KeTickCount
+    - KeBugCheckEx
+    - ZwMapViewOfSection
+    - ObfDereferenceObject
+    - ExFreePoolWithTag
+    - ZwClose
+    - READ_PORT_ULONG
+    - HalTranslateBusAddress
+    - WRITE_PORT_ULONG
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: de1483e962bae5db0735872c036e404f
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: e13d58791de2d0a78a75e7aa5895f01c
+        SHA1: b01e89baeba99bf6936438515a7908c0e67e1904
+        SHA256: 8c7a52aca95ef6b480d3aa8b2fc87809f8761197b6a2df4bae7a34da6664f6c6
+    SHA1: 1d9a00b69a2e6b862410868b93cd6f6c2a553091
+    SHA256: c11305fc8da85568b2d41cdf030ce260815fea848af91dc0e01076d461bab919
+    Sections:
+        .text:
+            Entropy: 6.103723738242973
+            Virtual Size: '0x730'
+        .rdata:
+            Entropy: 4.156220001482583
+            Virtual Size: '0xc3'
+        .data:
+            Entropy: 2.1258145836939115
+            Virtual Size: '0xc'
+        INIT:
+            Entropy: 5.339356970733769
+            Virtual Size: '0x27a'
+        .reloc:
+            Entropy: 4.318633733633229
+            Virtual Size: '0x8c'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=US, ST=California, L=Santa Clara, O=NVIDIA Corporation, OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, OU=Software, CN=NVIDIA
+                Corporation
+            ValidFrom: '2011-09-02 00:00:00'
+            ValidTo: '2014-09-01 23:59:59'
+            Signature: 5238793a97b2868da546597dbe0a1fba197ae635b9f53b53e26758194d749767e05fb1ce407fd31469376b37c67d5d48bc834f970ac733cd63d557e8a3be20a1fbf9d09e7a5c6c4ebd6fc18a68d0842d2ffdf6f79142d914c6521d227014040fa12f2afb3878aa065cfbed7fa29091b4fe54ea6237a0e1f8f183d0573ebb5bfe712cee4c49bd0b2f40c33bfcf0c7de0bc51ce01a70d14072d4d01216f36e388159220a4d8e3250ddccd71c7ef8a93a26edda2e959b598703a85fa391630e052454e31390dd82d69afee5df2f287bdce8f45f6363c27e6e23ab92faefc7e8d78c10cc1f936f33c36a134cb8820b5749ff479f70834bd99d8e15ad79a1cb3d7ebf
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 43bb437d609866286dd839e1d00309f5
+            Version: 3
+            TBS:
+                MD5: cef292b5c6cdb07e480ccbba0c9d56d1
+                SHA1: 15c37dbebe6fcc77108e3d7ad982676d3d5e77f7
+                SHA256: 3cb152375fa9e694fd2f9167c382005166871c783774997df1a42e0b6013d82a
+                SHA384: e64427dea71a71110ebc317f3552cd7193c5743f72d5cac9257abe80346d15ee42930d5a85e16c02ea06f56c7e8811fb
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 43bb437d609866286dd839e1d00309f5
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 528ac7a1e034801d1f20238971c6ec19
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 0e52d99f0c6cb48566ca2dc9be3082dc
+        SHA1: e3908d3df9154fd25dae684c1e12750ab6c57fe1
+        SHA256: 5c58c38e4737c750ccafa621a18d875299bb5440bb1900eb8469dcf4130049c8
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2009-06-04 10:13:53'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - ZwOpenSection
+    - RtlInitUnicodeString
+    - ZwUnmapViewOfSection
+    - IofCompleteRequest
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - ObReferenceObjectByHandle
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - ExAllocatePoolWithTag
+    - KeTickCount
+    - KeBugCheckEx
+    - ZwMapViewOfSection
+    - ObfDereferenceObject
+    - ExFreePoolWithTag
+    - ZwClose
+    - READ_PORT_ULONG
+    - HalTranslateBusAddress
+    - WRITE_PORT_ULONG
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: 927b1f6b14c51cb5491f286cbcfaed81
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: e13d58791de2d0a78a75e7aa5895f01c
+        SHA1: b01e89baeba99bf6936438515a7908c0e67e1904
+        SHA256: 8c7a52aca95ef6b480d3aa8b2fc87809f8761197b6a2df4bae7a34da6664f6c6
+    SHA1: 7e919b51092f00b1305191ca5e4b76ab3a9403fc
+    SHA256: fd94be9ac97f06abe64426933fbee02871d5d181b1d9025daf1aaa92d9342e90
+    Sections:
+        .text:
+            Entropy: 6.104619748831234
+            Virtual Size: '0x730'
+        .rdata:
+            Entropy: 4.177893834084298
+            Virtual Size: '0xc3'
+        .data:
+            Entropy: 2.1258145836939115
+            Virtual Size: '0xc'
+        INIT:
+            Entropy: 5.339356970733769
+            Virtual Size: '0x27a'
+        .reloc:
+            Entropy: 4.318633733633229
+            Virtual Size: '0x8c'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=US, ST=California, L=Santa Clara, O=NVIDIA Corporation, OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, OU=Software, CN=NVIDIA
+                Corporation
+            ValidFrom: '2007-08-07 00:00:00'
+            ValidTo: '2009-09-01 23:59:59'
+            Signature: 657ca22c6aee2d80e07d1d99f3b398873df0f8f68d6436cf98cc75c08d85d9c25a08c551117d7e953a865cff6a21049bdf07b1ea64d97fde9f03846a76f5a6157bb402c623b2e06f6765477f8ed4ef18c2f1f5a2670291479ad7b0adf93651e6dbba1229aff21c64a3b08eb8925b34e4e5e8b81b32a8922881158730d5279effc64687f44c278bae83ef2b920f48f857e02691fc88e2b31a342e6de912c57245571b74791fe6fb7c013511ee13690cf2bbc627ff4f8798bae0c2d0366089f2633c5472d7d159e9734afa1481fe861c29a10da1aa65cbcbf91ead8b03411584d16b66731e1043f3da0a516ed6f0142d9df8975c5b646a826cf0a88ba59ad0d512
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3af820a6907699580410055228ecaddf
+            Version: 3
+            TBS:
+                MD5: 175416493bada497157d28d65f476b32
+                SHA1: 80854f578e2a3b5552ea839ba4f98ddfe94b2381
+                SHA256: 9f176c9eea37039bc9ac9c92f64af7e3718e9cab05291cca2408dbef2bfb7a50
+                SHA384: c178b9d04327f47938b970e8645084e9ef15aec5f42a31067d0d9fb74cce2f092b73d4564be9bcbddd13715b063ab942
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 3af820a6907699580410055228ecaddf
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    Imphash: 528ac7a1e034801d1f20238971c6ec19
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 06c15903d891afcfb39e66a834f2e057
+        SHA1: 01371beb459717f8030a4f1f1b3c6e041d8a540d
+        SHA256: 11e3d9aa67ef620a452458f67e101aa513c7fbcca8f35e2e5d0e3403d9dee937
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2016-06-14 16:02:50'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - ZwOpenSection
+    - RtlInitUnicodeString
+    - ZwUnmapViewOfSection
+    - IofCompleteRequest
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - ObReferenceObjectByHandle
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - ExAllocatePoolWithTag
+    - KeTickCount
+    - KeBugCheckEx
+    - ZwMapViewOfSection
+    - ObfDereferenceObject
+    - ExFreePoolWithTag
+    - ZwClose
+    - READ_PORT_ULONG
+    - HalTranslateBusAddress
+    - WRITE_PORT_ULONG
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: eac4a15c3d19af7f579b7d9ad2751543
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: e13d58791de2d0a78a75e7aa5895f01c
+        SHA1: b01e89baeba99bf6936438515a7908c0e67e1904
+        SHA256: 8c7a52aca95ef6b480d3aa8b2fc87809f8761197b6a2df4bae7a34da6664f6c6
+    SHA1: 298378c5515f87320e6507da9fd51204fa60c4b2
+    SHA256: b715d5682ab59a0ce3f858e47bf79bdf876a899f618c12c22b27cb1dd4daa8f4
+    Sections:
+        .text:
+            Entropy: 6.103723738242973
+            Virtual Size: '0x730'
+        .rdata:
+            Entropy: 4.672517282597135
+            Virtual Size: '0xfe'
+        .data:
+            Entropy: 2.1258145836939115
+            Virtual Size: '0xc'
+        INIT:
+            Entropy: 5.339356970733769
+            Virtual Size: '0x27a'
+        .reloc:
+            Entropy: 4.318633733633229
+            Virtual Size: '0x8c'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=California, L=SANTA CLARA, O=NVIDIA Corporation, CN=NVIDIA
+                Corporation
+            ValidFrom: '2015-07-28 00:00:00'
+            ValidTo: '2018-07-26 23:59:59'
+            Signature: 988b749e6c6dfa90bcce704fcb9c081682463fcb9369f50230799817c5a5d2070e4a9803fcbbd643deae6fa5e8487b3499d5adafdca75ded45bfaa51ffba486a50139e5307035cd720852628b94aeb21873e8d28a69cbc07c941c6a3225b7ff3e6f4f3fcf37aea2a8860af577d6d31cf5bcb986a0c8fb8a71daae5cc74e5432cf7b01af58b8ea0e6c510a1a841a22dbd3ca766d2e7a9177273931527c0677a66d279b269e1a1b99ff11ab5a2f8ff601e4627364239d821d898c9d7f6f57d016993af75523ea3a3df6b43afb3f55376309f63d0bad89acd2f03876dc7da206ec95bfe850b2774e6c6dc4dfd9a2d4e59a4951b47d49b90377d106504ee0fb77176
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 14781bc862e8dc503a559346f5dcc518
+            Version: 3
+            TBS:
+                MD5: ca9c04cba2830b5f4ef152b4a39d12ed
+                SHA1: f049a238763d4a90b148ab10a500f96ebf1dc436
+                SHA256: aef2a80c4f1f523fd6832fef743b9222808b1c71991e914635846ab8802c4fd9
+                SHA384: 9675fa13ddfdf105282fbbe4697fdda632d16b27b5b81844f5694b9022b0556e2d32ed6e1b9665b5d792499a314e7eb2
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 14781bc862e8dc503a559346f5dcc518
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 528ac7a1e034801d1f20238971c6ec19
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 2fa3c8fba04c06ebff10e8af8501e19b
+        SHA1: 239f1400ae2d6005db03f92203723bc227cfee7d
+        SHA256: c349c8036b5ee61e7b0831943697ba98bfe70a52bac0a06b497c229b0c0fff27
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2009-12-22 16:57:50'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - ZwOpenSection
+    - RtlInitUnicodeString
+    - ZwUnmapViewOfSection
+    - IofCompleteRequest
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - ObReferenceObjectByHandle
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - ExAllocatePoolWithTag
+    - KeTickCount
+    - KeBugCheckEx
+    - ZwMapViewOfSection
+    - ObfDereferenceObject
+    - ExFreePoolWithTag
+    - ZwClose
+    - READ_PORT_ULONG
+    - HalTranslateBusAddress
+    - WRITE_PORT_ULONG
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: f8c5b8f95c6f86537a689f4083c54a18
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: e13d58791de2d0a78a75e7aa5895f01c
+        SHA1: b01e89baeba99bf6936438515a7908c0e67e1904
+        SHA256: 8c7a52aca95ef6b480d3aa8b2fc87809f8761197b6a2df4bae7a34da6664f6c6
+    SHA1: 487ad20f874099d63112ff347871a31fba548fce
+    SHA256: 835733590a778f48dae1df4e33da8455b89449fed3e04fa19b64bbdcb6a530db
+    Sections:
+        .text:
+            Entropy: 6.103049870654184
+            Virtual Size: '0x730'
+        .rdata:
+            Entropy: 4.128297727441268
+            Virtual Size: '0xc3'
+        .data:
+            Entropy: 2.1258145836939115
+            Virtual Size: '0xc'
+        INIT:
+            Entropy: 5.339356970733769
+            Virtual Size: '0x27a'
+        .reloc:
+            Entropy: 4.318633733633229
+            Virtual Size: '0x8c'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=US, ST=California, L=Santa Clara, O=NVIDIA Corporation, OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, OU=Software, CN=NVIDIA
+                Corporation
+            ValidFrom: '2009-07-31 00:00:00'
+            ValidTo: '2011-09-01 23:59:59'
+            Signature: 637b2f21e7ca2d9c511e9d61685062a36b1fa997fd860d4ebad28445116b417cef4a1bd7dfeb3a0aa4de2e23eae4c7f3abf12e823e3f4aa43e11df3c5bc1822d42125ae4c85c5b1de854950abdf7c1c1dce54186c2294bee017fdacfb123b13d8b1fce69fd7f1f40a112a4b8ca5e17a54251afae7b60f5e5e75cc20cc86bb0578c8478d21c7293af4613094ceff5ead14b0933572693afa4157fbb2ab13cb7a8d44d99fff11be3c0813bbb421ee7a0ed6e6da8f0d0ba915af1db2c9bd63d1bf371ddad6002debf35d03c124253aa9f4b06e5e448a075ef4d084b8061724d7263d19c48b28d916c8a582b5841a161e18d48d6c9618b8100f4194ca648a2fc656b
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 534abed0be56d9840dd12ddb84f8b031
+            Version: 3
+            TBS:
+                MD5: 4914c1d2c944d48a9636059155440df8
+                SHA1: 0337264fca5a8d774786b5b275e03ab42edb11ae
+                SHA256: 8833131f04e02297c80b986ec7e7793e194fb144470dc36cc57a376487c2750b
+                SHA384: 8450d31af22887ac50415c01d88f7eb6081b7044ab8f35ac0b63e09828786258e73fed98f37c99df6d5472b6a34f6db3
+        Signer:
+        -   SerialNumber: 534abed0be56d9840dd12ddb84f8b031
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    Imphash: 528ac7a1e034801d1f20238971c6ec19
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 2bc29eaebb366f7f81f3c81200b8fe4a
+        SHA1: 507f08806cf4db099860bfe6725e1705d2f04994
+        SHA256: ab3fe6cbd9e3d70a64c5f3b186126cc38a04a624ceefc46afe4825f2001a3caa
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2012-11-29 13:31:32'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - ZwOpenSection
+    - RtlInitUnicodeString
+    - ZwUnmapViewOfSection
+    - IofCompleteRequest
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - ObReferenceObjectByHandle
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - ExAllocatePoolWithTag
+    - KeTickCount
+    - KeBugCheckEx
+    - ZwMapViewOfSection
+    - ObfDereferenceObject
+    - ExFreePoolWithTag
+    - ZwClose
+    - READ_PORT_ULONG
+    - HalTranslateBusAddress
+    - WRITE_PORT_ULONG
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: 3ff6facc1598bf73890da601a518081a
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: e13d58791de2d0a78a75e7aa5895f01c
+        SHA1: b01e89baeba99bf6936438515a7908c0e67e1904
+        SHA256: 8c7a52aca95ef6b480d3aa8b2fc87809f8761197b6a2df4bae7a34da6664f6c6
+    SHA1: b3317298c0a72dd92e6b02d357940c7c6516bbfa
+    SHA256: df996d5a06a2e2ecc087569358b1957d500b176ec7ed37031bcee440963d9d80
+    Sections:
+        .text:
+            Entropy: 6.103723738242973
+            Virtual Size: '0x730'
+        .rdata:
+            Entropy: 4.2177584630210445
+            Virtual Size: '0xc3'
+        .data:
+            Entropy: 2.1258145836939115
+            Virtual Size: '0xc'
+        INIT:
+            Entropy: 5.339356970733769
+            Virtual Size: '0x27a'
+        .reloc:
+            Entropy: 4.318633733633229
+            Virtual Size: '0x8c'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G3
+            ValidFrom: '2012-05-01 00:00:00'
+            ValidTo: '2012-12-31 23:59:59'
+            Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
+            Version: 3
+            TBS:
+                MD5: e6d820afb23af20a65cf0b03247ea05e
+                SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
+                SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
+                SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=US, ST=California, L=Santa Clara, O=NVIDIA Corporation, OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, OU=Software, CN=NVIDIA
+                Corporation
+            ValidFrom: '2011-09-02 00:00:00'
+            ValidTo: '2014-09-01 23:59:59'
+            Signature: 5238793a97b2868da546597dbe0a1fba197ae635b9f53b53e26758194d749767e05fb1ce407fd31469376b37c67d5d48bc834f970ac733cd63d557e8a3be20a1fbf9d09e7a5c6c4ebd6fc18a68d0842d2ffdf6f79142d914c6521d227014040fa12f2afb3878aa065cfbed7fa29091b4fe54ea6237a0e1f8f183d0573ebb5bfe712cee4c49bd0b2f40c33bfcf0c7de0bc51ce01a70d14072d4d01216f36e388159220a4d8e3250ddccd71c7ef8a93a26edda2e959b598703a85fa391630e052454e31390dd82d69afee5df2f287bdce8f45f6363c27e6e23ab92faefc7e8d78c10cc1f936f33c36a134cb8820b5749ff479f70834bd99d8e15ad79a1cb3d7ebf
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 43bb437d609866286dd839e1d00309f5
+            Version: 3
+            TBS:
+                MD5: cef292b5c6cdb07e480ccbba0c9d56d1
+                SHA1: 15c37dbebe6fcc77108e3d7ad982676d3d5e77f7
+                SHA256: 3cb152375fa9e694fd2f9167c382005166871c783774997df1a42e0b6013d82a
+                SHA384: e64427dea71a71110ebc317f3552cd7193c5743f72d5cac9257abe80346d15ee42930d5a85e16c02ea06f56c7e8811fb
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 43bb437d609866286dd839e1d00309f5
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 528ac7a1e034801d1f20238971c6ec19
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 25a204379fc03c47777e59034726098c
+        SHA1: a3b195ea5f9e63790fa575dbef85d01b4e4d051f
+        SHA256: 989e3234c1b61ea2db590cb170f79e25e9c9a6262b7b9a751ecfc6bf4468b8c4
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2016-08-15 15:07:22'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - ZwOpenSection
+    - RtlInitUnicodeString
+    - ZwUnmapViewOfSection
+    - IofCompleteRequest
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - ObReferenceObjectByHandle
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - ExAllocatePoolWithTag
+    - KeTickCount
+    - KeBugCheckEx
+    - ZwMapViewOfSection
+    - ObfDereferenceObject
+    - ExFreePoolWithTag
+    - ZwClose
+    - READ_PORT_ULONG
+    - HalTranslateBusAddress
+    - WRITE_PORT_ULONG
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: 6e1d33edc594af4d0e42a4b945a4f5f5
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: e13d58791de2d0a78a75e7aa5895f01c
+        SHA1: b01e89baeba99bf6936438515a7908c0e67e1904
+        SHA256: 8c7a52aca95ef6b480d3aa8b2fc87809f8761197b6a2df4bae7a34da6664f6c6
+    SHA1: 12419f5499213e2341b71e9123b7e965863964b7
+    SHA256: 9155470dc24449977d1be15a116b08705dd4c113a2eb4ab19a6000749ff4b100
+    Sections:
+        .text:
+            Entropy: 6.103723738242973
+            Virtual Size: '0x730'
+        .rdata:
+            Entropy: 4.6940175983896975
+            Virtual Size: '0xfe'
+        .data:
+            Entropy: 2.1258145836939115
+            Virtual Size: '0xc'
+        INIT:
+            Entropy: 5.339356970733769
+            Virtual Size: '0x27a'
+        .reloc:
+            Entropy: 4.318633733633229
+            Virtual Size: '0x8c'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=California, L=SANTA CLARA, O=NVIDIA Corporation, CN=NVIDIA
+                Corporation
+            ValidFrom: '2015-07-28 00:00:00'
+            ValidTo: '2018-07-26 23:59:59'
+            Signature: 988b749e6c6dfa90bcce704fcb9c081682463fcb9369f50230799817c5a5d2070e4a9803fcbbd643deae6fa5e8487b3499d5adafdca75ded45bfaa51ffba486a50139e5307035cd720852628b94aeb21873e8d28a69cbc07c941c6a3225b7ff3e6f4f3fcf37aea2a8860af577d6d31cf5bcb986a0c8fb8a71daae5cc74e5432cf7b01af58b8ea0e6c510a1a841a22dbd3ca766d2e7a9177273931527c0677a66d279b269e1a1b99ff11ab5a2f8ff601e4627364239d821d898c9d7f6f57d016993af75523ea3a3df6b43afb3f55376309f63d0bad89acd2f03876dc7da206ec95bfe850b2774e6c6dc4dfd9a2d4e59a4951b47d49b90377d106504ee0fb77176
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 14781bc862e8dc503a559346f5dcc518
+            Version: 3
+            TBS:
+                MD5: ca9c04cba2830b5f4ef152b4a39d12ed
+                SHA1: f049a238763d4a90b148ab10a500f96ebf1dc436
+                SHA256: aef2a80c4f1f523fd6832fef743b9222808b1c71991e914635846ab8802c4fd9
+                SHA384: 9675fa13ddfdf105282fbbe4697fdda632d16b27b5b81844f5694b9022b0556e2d32ed6e1b9665b5d792499a314e7eb2
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 14781bc862e8dc503a559346f5dcc518
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 528ac7a1e034801d1f20238971c6ec19
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 4ffe002f94b20caed9a0fe5d774f5f4c
+        SHA1: f3ad16a4376921f4f70e30f03b55dd87087cf8b4
+        SHA256: ae7d7d8a5bc48f2fb1dc81806a5eed52c3efc487cfdc8737d3ea3970dca7ce27
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2011-04-05 17:22:45'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - ZwOpenSection
+    - RtlInitUnicodeString
+    - ZwUnmapViewOfSection
+    - IofCompleteRequest
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - ObReferenceObjectByHandle
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - ExAllocatePoolWithTag
+    - KeTickCount
+    - KeBugCheckEx
+    - ZwMapViewOfSection
+    - ObfDereferenceObject
+    - ExFreePoolWithTag
+    - ZwClose
+    - READ_PORT_ULONG
+    - HalTranslateBusAddress
+    - WRITE_PORT_ULONG
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: fc190e931663988766794e2776b84bc2
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: e13d58791de2d0a78a75e7aa5895f01c
+        SHA1: b01e89baeba99bf6936438515a7908c0e67e1904
+        SHA256: 8c7a52aca95ef6b480d3aa8b2fc87809f8761197b6a2df4bae7a34da6664f6c6
+    SHA1: 05e3e9b89ebdccbe18343652929896813a988d59
+    SHA256: 8162811e8aae05884e8cb84b8dd87c310e5ed5ec588b9023a4d849d558d6ae34
+    Sections:
+        .text:
+            Entropy: 6.103723738242973
+            Virtual Size: '0x730'
+        .rdata:
+            Entropy: 4.173194586426722
+            Virtual Size: '0xc3'
+        .data:
+            Entropy: 2.1258145836939115
+            Virtual Size: '0xc'
+        INIT:
+            Entropy: 5.339356970733769
+            Virtual Size: '0x27a'
+        .reloc:
+            Entropy: 4.318633733633229
+            Virtual Size: '0x8c'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=US, ST=California, L=Santa Clara, O=NVIDIA Corporation, OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, OU=Software, CN=NVIDIA
+                Corporation
+            ValidFrom: '2009-07-31 00:00:00'
+            ValidTo: '2011-09-01 23:59:59'
+            Signature: 637b2f21e7ca2d9c511e9d61685062a36b1fa997fd860d4ebad28445116b417cef4a1bd7dfeb3a0aa4de2e23eae4c7f3abf12e823e3f4aa43e11df3c5bc1822d42125ae4c85c5b1de854950abdf7c1c1dce54186c2294bee017fdacfb123b13d8b1fce69fd7f1f40a112a4b8ca5e17a54251afae7b60f5e5e75cc20cc86bb0578c8478d21c7293af4613094ceff5ead14b0933572693afa4157fbb2ab13cb7a8d44d99fff11be3c0813bbb421ee7a0ed6e6da8f0d0ba915af1db2c9bd63d1bf371ddad6002debf35d03c124253aa9f4b06e5e448a075ef4d084b8061724d7263d19c48b28d916c8a582b5841a161e18d48d6c9618b8100f4194ca648a2fc656b
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 534abed0be56d9840dd12ddb84f8b031
+            Version: 3
+            TBS:
+                MD5: 4914c1d2c944d48a9636059155440df8
+                SHA1: 0337264fca5a8d774786b5b275e03ab42edb11ae
+                SHA256: 8833131f04e02297c80b986ec7e7793e194fb144470dc36cc57a376487c2750b
+                SHA384: 8450d31af22887ac50415c01d88f7eb6081b7044ab8f35ac0b63e09828786258e73fed98f37c99df6d5472b6a34f6db3
+        Signer:
+        -   SerialNumber: 534abed0be56d9840dd12ddb84f8b031
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    Imphash: 528ac7a1e034801d1f20238971c6ec19
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/c3cca618-5a7f-4a51-8785-cb328fbfb0df.yaml b/yaml/c3cca618-5a7f-4a51-8785-cb328fbfb0df.yaml
index 316938d85..57d942714 100644
--- a/yaml/c3cca618-5a7f-4a51-8785-cb328fbfb0df.yaml
+++ b/yaml/c3cca618-5a7f-4a51-8785-cb328fbfb0df.yaml
@@ -1,264 +1,265 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: c3cca618-5a7f-4a51-8785-cb328fbfb0df
+Tags:
+- viraglt64.sys
+- viragt64.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create viraglt64.sys binPath=C:\windows\temp\viraglt64.sys type=kernel
-    && sc.exe start viraglt64.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/58a74dceb2022cd8a358b92acd1b48a5e01c524c3b0195d7033e4bd55eff4495.yara
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: c3cca618-5a7f-4a51-8785-cb328fbfb0df
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 68a2f77cfa5aec4556b4276852be637f
-    SHA1: 0188096c79f0cdde9233e52d4117c0f53e667e3d
-    SHA256: 54e969dc477af9a3e5b53dc4edaebc41a7b73c87ecca13dc1fbb8dfc86c0fd78
-  Company: TG Soft S.a.s.
-  Copyright: Copyright (C) TG Soft S.a.s. 2011, 2016 - www.tgsoft.it
-  CreationTimestamp: '2016-09-07 02:36:15'
-  Date: ''
-  Description: VirIT Agent System
-  ExportedFunctions: ''
-  FileVersion: 1, 0, 0, 11
-  Filename: viraglt64.sys
-  ImportedFunctions:
-  - mbstowcs
-  - ExAllocatePoolWithTag
-  - KeSetTargetProcessorDpc
-  - ZwCreateKey
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - KeInitializeMutex
-  - RtlAnsiStringToUnicodeString
-  - ZwReadFile
-  - strstr
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - RtlInitAnsiString
-  - ZwSetValueKey
-  - _strupr
-  - KeInitializeDpc
-  - ZwQuerySystemInformation
-  - MmBuildMdlForNonPagedPool
-  - IoFreeMdl
-  - ZwSetInformationFile
-  - KeReleaseMutex
-  - KeDelayExecutionThread
-  - ZwCreateFile
-  - PsCreateSystemThread
-  - MmMapLockedPagesSpecifyCache
-  - ExSystemTimeToLocalTime
-  - ZwQueryValueKey
-  - PsTerminateSystemThread
-  - KeInsertQueueDpc
-  - ZwEnumerateValueKey
-  - ZwClose
-  - sprintf
-  - ObReferenceObjectByHandle
-  - KeWaitForSingleObject
-  - RtlTimeToTimeFields
-  - MmProbeAndLockPages
-  - ZwOpenProcess
-  - MmUnlockPages
-  - IoCreateSymbolicLink
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - ZwTerminateProcess
-  - KeNumberProcessors
-  - ZwQueryInformationFile
-  - MmIsNonPagedSystemAddressValid
-  - ZwWriteFile
-  - ZwDeleteKey
-  - RtlFormatCurrentUserKeyPath
-  - ZwEnumerateKey
-  - IoAllocateMdl
-  - ZwOpenKey
-  - ObOpenObjectByName
-  - swprintf
-  - RtlUnicodeStringToAnsiString
-  - ZwOpenDirectoryObject
-  - IoFileObjectType
-  - IoDriverObjectType
-  - ZwQueryDirectoryObject
-  - wcstombs
-  - KeQueryActiveProcessors
-  - KeBugCheckEx
-  - IofCompleteRequest
-  - ExQueueWorkItem
-  - __C_specific_handler
-  - __chkstk
-  - KeStallExecutionProcessor
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: viragt.sys
-  MD5: 43830326cd5fae66f5508e27cbec39a0
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: viragt64.sys
-  Product: VirIT Agent System
-  ProductVersion: 1, 0, 0, 11
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: a93c261e407f22e8e9e11096ef7669a4
-    SHA1: 579ea1a06578ca54a9b86ccfa3c06b3be01831bf
-    SHA256: b566c96b0a5ca93fe5cdd066966b85657108a1cc6eadb0b683932c781d3a3510
-  SHA1: 05c0c49e8bcf11b883d41441ce87a2ee7a3aba1d
-  SHA256: 58a74dceb2022cd8a358b92acd1b48a5e01c524c3b0195d7033e4bd55eff4495
-  Sections:
-    .text:
-      Entropy: 6.38698919148908
-      Virtual Size: '0xd05a'
-    .rdata:
-      Entropy: 4.97390475614417
-      Virtual Size: '0xc58'
-    .data:
-      Entropy: 0.9258397206248276
-      Virtual Size: '0x3960'
-    .pdata:
-      Entropy: 4.385772691209427
-      Virtual Size: '0x36c'
-    INIT:
-      Entropy: 5.1732274398336635
-      Virtual Size: '0x842'
-    .rsrc:
-      Entropy: 3.313751980383981
-      Virtual Size: '0x438'
-    .reloc:
-      Entropy: 2.2971855943665056
-      Virtual Size: '0x14c'
-  Signature:
-  - TG Soft S.a.s. Di Tonello Gianfranco e C.
-  - VeriSign Class 3 Code Signing 2010 CA
-  - VeriSign
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=IT, ST=Padova, L=Rubano, O=TG Soft S.a.s. Di Tonello Gianfranco e
-        C., CN=TG Soft S.a.s. Di Tonello Gianfranco e C.
-      ValidFrom: '2016-01-20 00:00:00'
-      ValidTo: '2019-03-11 23:59:59'
-      Signature: 629f1e9a0f9ce5d38b9d6a8dd11af5b17d415d1891039677a3bc1ead43fdf569a403413d461fcfd48f76688244a7a7115e5408682f43319e9526d6dce0fd8ec4a0599331dc94ed2bb68aca4d58e63472587d17cea864ff3cf9ce209f122d904dfafb0db7cab4648b5b903922150f153a527764236b0222d9c1d51ff9631b87fba8b7b079b2ec5839af1be2c721dcebfa5dba429157f785d3a4929c785422ea5d2dacdc68dd1b3ca98c81aba0d7e232fefa7065e861fe51480983ed865dad87663c3a8c505c047ac1b6983917657497403bd7d0df0c71860aa2bec36b1954b1d2dc987e20e71c193f1e59a627c8d6a345b8f7e9b21f0841636672190217727209
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 7380a219373c43f82746ddf3ed55eaea
-      Version: 3
-      TBS:
-        MD5: 7ce1cf724ff7a2f7a8a062ec56732b01
-        SHA1: 744e935b56e4974671931f3cbf233d10e95f63bc
-        SHA256: f091c42ab9e8f450b435dfb1e09109137a0b578737cd49d1f5a1259b5ed44d8c
-        SHA384: d7b3f6cd2bb4fa23da07031f240e9e7195f211d2a96f3d6aa24c9eb67781ec0418b45024538a7235d0e336b2d47fbc07
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 7380a219373c43f82746ddf3ed55eaea
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 85fd19df117fbc21efbcb1d587063e12
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create viraglt64.sys binPath=C:\windows\temp\viraglt64.sys type=kernel
+        && sc.exe start viraglt64.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://github.com/jbaines-r7/dellicious
 - https://www.rapid7.com/blog/post/2021/12/13/driver-based-attacks-past-and-present/
-Tags:
-- viraglt64.sys
-- viragt64.sys
-Verified: 'TRUE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/58a74dceb2022cd8a358b92acd1b48a5e01c524c3b0195d7033e4bd55eff4495.yara
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 68a2f77cfa5aec4556b4276852be637f
+        SHA1: 0188096c79f0cdde9233e52d4117c0f53e667e3d
+        SHA256: 54e969dc477af9a3e5b53dc4edaebc41a7b73c87ecca13dc1fbb8dfc86c0fd78
+    Company: TG Soft S.a.s.
+    Copyright: Copyright (C) TG Soft S.a.s. 2011, 2016 - www.tgsoft.it
+    CreationTimestamp: '2016-09-07 02:36:15'
+    Date: ''
+    Description: VirIT Agent System
+    ExportedFunctions: ''
+    FileVersion: 1, 0, 0, 11
+    Filename: viraglt64.sys
+    ImportedFunctions:
+    - mbstowcs
+    - ExAllocatePoolWithTag
+    - KeSetTargetProcessorDpc
+    - ZwCreateKey
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - KeInitializeMutex
+    - RtlAnsiStringToUnicodeString
+    - ZwReadFile
+    - strstr
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - RtlInitAnsiString
+    - ZwSetValueKey
+    - _strupr
+    - KeInitializeDpc
+    - ZwQuerySystemInformation
+    - MmBuildMdlForNonPagedPool
+    - IoFreeMdl
+    - ZwSetInformationFile
+    - KeReleaseMutex
+    - KeDelayExecutionThread
+    - ZwCreateFile
+    - PsCreateSystemThread
+    - MmMapLockedPagesSpecifyCache
+    - ExSystemTimeToLocalTime
+    - ZwQueryValueKey
+    - PsTerminateSystemThread
+    - KeInsertQueueDpc
+    - ZwEnumerateValueKey
+    - ZwClose
+    - sprintf
+    - ObReferenceObjectByHandle
+    - KeWaitForSingleObject
+    - RtlTimeToTimeFields
+    - MmProbeAndLockPages
+    - ZwOpenProcess
+    - MmUnlockPages
+    - IoCreateSymbolicLink
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - ZwTerminateProcess
+    - KeNumberProcessors
+    - ZwQueryInformationFile
+    - MmIsNonPagedSystemAddressValid
+    - ZwWriteFile
+    - ZwDeleteKey
+    - RtlFormatCurrentUserKeyPath
+    - ZwEnumerateKey
+    - IoAllocateMdl
+    - ZwOpenKey
+    - ObOpenObjectByName
+    - swprintf
+    - RtlUnicodeStringToAnsiString
+    - ZwOpenDirectoryObject
+    - IoFileObjectType
+    - IoDriverObjectType
+    - ZwQueryDirectoryObject
+    - wcstombs
+    - KeQueryActiveProcessors
+    - KeBugCheckEx
+    - IofCompleteRequest
+    - ExQueueWorkItem
+    - __C_specific_handler
+    - __chkstk
+    - KeStallExecutionProcessor
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: viragt.sys
+    MD5: 43830326cd5fae66f5508e27cbec39a0
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: viragt64.sys
+    Product: VirIT Agent System
+    ProductVersion: 1, 0, 0, 11
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: a93c261e407f22e8e9e11096ef7669a4
+        SHA1: 579ea1a06578ca54a9b86ccfa3c06b3be01831bf
+        SHA256: b566c96b0a5ca93fe5cdd066966b85657108a1cc6eadb0b683932c781d3a3510
+    SHA1: 05c0c49e8bcf11b883d41441ce87a2ee7a3aba1d
+    SHA256: 58a74dceb2022cd8a358b92acd1b48a5e01c524c3b0195d7033e4bd55eff4495
+    Sections:
+        .text:
+            Entropy: 6.38698919148908
+            Virtual Size: '0xd05a'
+        .rdata:
+            Entropy: 4.97390475614417
+            Virtual Size: '0xc58'
+        .data:
+            Entropy: 0.9258397206248276
+            Virtual Size: '0x3960'
+        .pdata:
+            Entropy: 4.385772691209427
+            Virtual Size: '0x36c'
+        INIT:
+            Entropy: 5.1732274398336635
+            Virtual Size: '0x842'
+        .rsrc:
+            Entropy: 3.313751980383981
+            Virtual Size: '0x438'
+        .reloc:
+            Entropy: 2.2971855943665056
+            Virtual Size: '0x14c'
+    Signature:
+    - TG Soft S.a.s. Di Tonello Gianfranco e C.
+    - VeriSign Class 3 Code Signing 2010 CA
+    - VeriSign
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=IT, ST=Padova, L=Rubano, O=TG Soft S.a.s. Di Tonello Gianfranco
+                e C., CN=TG Soft S.a.s. Di Tonello Gianfranco e C.
+            ValidFrom: '2016-01-20 00:00:00'
+            ValidTo: '2019-03-11 23:59:59'
+            Signature: 629f1e9a0f9ce5d38b9d6a8dd11af5b17d415d1891039677a3bc1ead43fdf569a403413d461fcfd48f76688244a7a7115e5408682f43319e9526d6dce0fd8ec4a0599331dc94ed2bb68aca4d58e63472587d17cea864ff3cf9ce209f122d904dfafb0db7cab4648b5b903922150f153a527764236b0222d9c1d51ff9631b87fba8b7b079b2ec5839af1be2c721dcebfa5dba429157f785d3a4929c785422ea5d2dacdc68dd1b3ca98c81aba0d7e232fefa7065e861fe51480983ed865dad87663c3a8c505c047ac1b6983917657497403bd7d0df0c71860aa2bec36b1954b1d2dc987e20e71c193f1e59a627c8d6a345b8f7e9b21f0841636672190217727209
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 7380a219373c43f82746ddf3ed55eaea
+            Version: 3
+            TBS:
+                MD5: 7ce1cf724ff7a2f7a8a062ec56732b01
+                SHA1: 744e935b56e4974671931f3cbf233d10e95f63bc
+                SHA256: f091c42ab9e8f450b435dfb1e09109137a0b578737cd49d1f5a1259b5ed44d8c
+                SHA384: d7b3f6cd2bb4fa23da07031f240e9e7195f211d2a96f3d6aa24c9eb67781ec0418b45024538a7235d0e336b2d47fbc07
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 7380a219373c43f82746ddf3ed55eaea
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 85fd19df117fbc21efbcb1d587063e12
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/c4eab0c0-caf2-42b9-84f1-b4690d3db0d4.yaml b/yaml/c4eab0c0-caf2-42b9-84f1-b4690d3db0d4.yaml
index a3014fd76..a3fc1be0f 100644
--- a/yaml/c4eab0c0-caf2-42b9-84f1-b4690d3db0d4.yaml
+++ b/yaml/c4eab0c0-caf2-42b9-84f1-b4690d3db0d4.yaml
@@ -1,193 +1,196 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: c4eab0c0-caf2-42b9-84f1-b4690d3db0d4
+Tags:
+- SysInfoDetectorX64.sys
+Verified: 'TRUE'
 Author: Takahiro Haruyama
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create SysInfoDetectorX64sys binPath= C:\windows\temp\SysInfoDetectorX64sys.sys
-    type=kernel && sc.exe start SysInfoDetectorX64sys
-  Description: The Carbon Black Threat Analysis Unit (TAU) discovered 34 unique vulnerable
-    drivers (237 file hashes) accepting firmware access. Six allow kernel memory access.
-    All give full control of the devices to non-admin users. By exploiting the vulnerable
-    drivers, an attacker without the system privilege may erase/alter firmware, and/or
-    elevate privileges. As of the time of writing in October 2023, the filenames of
-    the vulnerable drivers have not been made public until now.
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-11-02'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: c4eab0c0-caf2-42b9-84f1-b4690d3db0d4
-KnownVulnerableSamples:
-- Company: Database Harbor Software
-  Date: ''
-  Description: Driver for SysInfo Detector
-  FileVersion: 2.0.0.3
-  Filename: ''
-  MD5: 33fc573c0e8bedfe3614e17219273429
-  MachineType: AMD64
-  OriginalFilename: SysInfoDetectorX64.sys
-  Product: SysInfo Detector
-  ProductVersion: 2.0.0.3
-  Publisher: ''
-  SHA1: 258f1cdc79bd20c2e6630a0865abfe60473b98d5
-  SHA256: 45e5977b8d5baec776eb2e62a84981a8e46f6ce17947c9a76fa1f955dc547271
-  Signature: ''
-  Imphash: d16f507665603095c26147a7adcb93b8
-  Authentihash:
-    MD5: 7aad8dc791435b53a1d98b68181603f6
-    SHA1: a5f7dbc6e9038b2bc9dc44eb8a9ffa437c3cdb1d
-    SHA256: 096e1641d26aa971dabc7de17c0259d3aa922091e38928ba7847e4ead64b7f41
-  RichPEHeaderHash:
-    MD5: 14166b4a7a8e2e93181735ac5c30c4cf
-    SHA1: 84cfbd6cbb23800ad39f06a61552e15ec8bfff5b
-    SHA256: 6a631937904c5a972d85c488788ac96ffdb9732a7fe568f8d8e389b9ca7edbbf
-  Sections:
-    .text:
-      Entropy: 5.925852111889014
-      Virtual Size: '0x5f8'
-    .rdata:
-      Entropy: 4.349363944485647
-      Virtual Size: '0x148'
-    .data:
-      Entropy: 0.4917211838342579
-      Virtual Size: '0x120'
-    .pdata:
-      Entropy: 3.3600877607321737
-      Virtual Size: '0x60'
-    INIT:
-      Entropy: 5.021306954838632
-      Virtual Size: '0x1e2'
-    .rsrc:
-      Entropy: 3.264975329318284
-      Virtual Size: '0x400'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2014-12-08 03:19:38'
-  InternalName: SysInfoDetectorX64.sys
-  Copyright: Copyright (C) 2014 Database Harbor Software
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeBugCheckEx
-  - __C_specific_handler
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=RU, ST=Buryatia, L=Ulan,Ude, O=Database Harbor Software, OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, CN=Database Harbor Software
-      ValidFrom: '2014-01-30 00:00:00'
-      ValidTo: '2017-03-30 23:59:59'
-      Signature: 810ed065ae17a17494428a79d4a176a74bf4aaf5e273b01e4f7cb2493bf898bda54a49ecdb4e6edea78ec473cce2aa419a185111e685c0de2ef7afb91c201feb85e1ec2b60aafe6002f32d114e37fd02be0ca25eb04917e5e2cd5cc88bc111e5c418c175f9324a92bd7291283851b08e3ea92fb472664c46bc1315e0c153b8179c2dee5c3c55fda263bec60a5205da9c6d52bdc9ee83bf1594a3435d0fc662b76e91d21958059b8d63f060957a4695d252e40295d9f419e42402670d80b08740617d51c7104e535e74604da9bec67f84ca0c99868b6c235d00290a2f876801fdc1bbda0b0deb2b3c5efe620695f5874fd2713364934bb73e638e0517dd8b9587
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 6dca352bdeea0b54a3eb523b1ca5a484
-      Version: 3
-      TBS:
-        MD5: 23d8041c784d626923569c738198092a
-        SHA1: 9e2c4426a44dc2cee291e7198110df48b77f3347
-        SHA256: edf4dd0f210575d3354f1433860cb68bbc61fc2a09159b945232733db8df9343
-        SHA384: a8616854a29e2bd91330647e0c7003d88a83a300cb377eab2ec6280f091fe3870980296efd954df3e85c428e124ab64f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 6dca352bdeea0b54a3eb523b1ca5a484
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create SysInfoDetectorX64sys binPath= C:\windows\temp\SysInfoDetectorX64sys.sys
+        type=kernel && sc.exe start SysInfoDetectorX64sys
+    Description: The Carbon Black Threat Analysis Unit (TAU) discovered 34 unique
+        vulnerable drivers (237 file hashes) accepting firmware access. Six allow
+        kernel memory access. All give full control of the devices to non-admin users.
+        By exploiting the vulnerable drivers, an attacker without the system privilege
+        may erase/alter firmware, and/or elevate privileges. As of the time of writing
+        in October 2023, the filenames of the vulnerable drivers have not been made
+        public until now.
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://blogs.vmware.com/security/2023/10/hunting-vulnerable-kernel-drivers.html
-Tags:
-- SysInfoDetectorX64.sys
-Verified: 'TRUE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Company: Database Harbor Software
+    Date: ''
+    Description: Driver for SysInfo Detector
+    FileVersion: 2.0.0.3
+    Filename: ''
+    MD5: 33fc573c0e8bedfe3614e17219273429
+    MachineType: AMD64
+    OriginalFilename: SysInfoDetectorX64.sys
+    Product: SysInfo Detector
+    ProductVersion: 2.0.0.3
+    Publisher: ''
+    SHA1: 258f1cdc79bd20c2e6630a0865abfe60473b98d5
+    SHA256: 45e5977b8d5baec776eb2e62a84981a8e46f6ce17947c9a76fa1f955dc547271
+    Signature: ''
+    Imphash: d16f507665603095c26147a7adcb93b8
+    Authentihash:
+        MD5: 7aad8dc791435b53a1d98b68181603f6
+        SHA1: a5f7dbc6e9038b2bc9dc44eb8a9ffa437c3cdb1d
+        SHA256: 096e1641d26aa971dabc7de17c0259d3aa922091e38928ba7847e4ead64b7f41
+    RichPEHeaderHash:
+        MD5: 14166b4a7a8e2e93181735ac5c30c4cf
+        SHA1: 84cfbd6cbb23800ad39f06a61552e15ec8bfff5b
+        SHA256: 6a631937904c5a972d85c488788ac96ffdb9732a7fe568f8d8e389b9ca7edbbf
+    Sections:
+        .text:
+            Entropy: 5.925852111889014
+            Virtual Size: '0x5f8'
+        .rdata:
+            Entropy: 4.349363944485647
+            Virtual Size: '0x148'
+        .data:
+            Entropy: 0.4917211838342579
+            Virtual Size: '0x120'
+        .pdata:
+            Entropy: 3.3600877607321737
+            Virtual Size: '0x60'
+        INIT:
+            Entropy: 5.021306954838632
+            Virtual Size: '0x1e2'
+        .rsrc:
+            Entropy: 3.264975329318284
+            Virtual Size: '0x400'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2014-12-08 03:19:38'
+    InternalName: SysInfoDetectorX64.sys
+    Copyright: Copyright (C) 2014 Database Harbor Software
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeBugCheckEx
+    - __C_specific_handler
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=RU, ST=Buryatia, L=Ulan,Ude, O=Database Harbor Software, OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, CN=Database Harbor
+                Software
+            ValidFrom: '2014-01-30 00:00:00'
+            ValidTo: '2017-03-30 23:59:59'
+            Signature: 810ed065ae17a17494428a79d4a176a74bf4aaf5e273b01e4f7cb2493bf898bda54a49ecdb4e6edea78ec473cce2aa419a185111e685c0de2ef7afb91c201feb85e1ec2b60aafe6002f32d114e37fd02be0ca25eb04917e5e2cd5cc88bc111e5c418c175f9324a92bd7291283851b08e3ea92fb472664c46bc1315e0c153b8179c2dee5c3c55fda263bec60a5205da9c6d52bdc9ee83bf1594a3435d0fc662b76e91d21958059b8d63f060957a4695d252e40295d9f419e42402670d80b08740617d51c7104e535e74604da9bec67f84ca0c99868b6c235d00290a2f876801fdc1bbda0b0deb2b3c5efe620695f5874fd2713364934bb73e638e0517dd8b9587
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 6dca352bdeea0b54a3eb523b1ca5a484
+            Version: 3
+            TBS:
+                MD5: 23d8041c784d626923569c738198092a
+                SHA1: 9e2c4426a44dc2cee291e7198110df48b77f3347
+                SHA256: edf4dd0f210575d3354f1433860cb68bbc61fc2a09159b945232733db8df9343
+                SHA384: a8616854a29e2bd91330647e0c7003d88a83a300cb377eab2ec6280f091fe3870980296efd954df3e85c428e124ab64f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 6dca352bdeea0b54a3eb523b1ca5a484
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/c734bcff-aaaa-4450-a9a9-25ee52aa7ff1.yaml b/yaml/c734bcff-aaaa-4450-a9a9-25ee52aa7ff1.yaml
index 3f11dbccf..fbd932c6a 100644
--- a/yaml/c734bcff-aaaa-4450-a9a9-25ee52aa7ff1.yaml
+++ b/yaml/c734bcff-aaaa-4450-a9a9-25ee52aa7ff1.yaml
@@ -1,38 +1,38 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: c734bcff-aaaa-4450-a9a9-25ee52aa7ff1
+Tags:
+- ktes.sys
+Verified: 'FALSE'
 Author: Guus Verbeek
-Category: malicious
-Commands:
-  Command: sc.exe create ktes.sys binPath=C:\windows\temp\ktes.sys type=kernel &&
-    sc.exe start ktes.sys
-  Description: BlackCat Ransomware Deploys New Signed Kernel Driver. BlackCat ransomware
-    incident that occurred in February 2023.
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-06-05'
-Detection: []
-Id: c734bcff-aaaa-4450-a9a9-25ee52aa7ff1
-KnownVulnerableSamples:
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: ktes.sys
-  MD5: ''
-  MachineType: ''
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: 5ed22c0033aed380aa154e672e8db3a2d4c195c4
-  SHA256: ''
-  Signature: ''
-  LoadsDespiteHVCI: 'TRUE'
 MitreID: T1068
+Category: malicious
+Commands:
+    Command: sc.exe create ktes.sys binPath=C:\windows\temp\ktes.sys type=kernel &&
+        sc.exe start ktes.sys
+    Description: BlackCat Ransomware Deploys New Signed Kernel Driver. BlackCat ransomware
+        incident that occurred in February 2023.
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://www.trendmicro.com/en_us/research/23/e/blackcat-ransomware-deploys-new-signed-kernel-driver.html
-Tags:
-- ktes.sys
-Verified: 'FALSE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: ktes.sys
+    MD5: ''
+    MachineType: ''
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: 5ed22c0033aed380aa154e672e8db3a2d4c195c4
+    SHA256: ''
+    Signature: ''
+    LoadsDespiteHVCI: 'TRUE'
diff --git a/yaml/c7f76931-e24c-4d94-9e1f-5a083da581b4.yaml b/yaml/c7f76931-e24c-4d94-9e1f-5a083da581b4.yaml
index 7e67299ed..f3420be66 100644
--- a/yaml/c7f76931-e24c-4d94-9e1f-5a083da581b4.yaml
+++ b/yaml/c7f76931-e24c-4d94-9e1f-5a083da581b4.yaml
@@ -1,146 +1,146 @@
 Id: c7f76931-e24c-4d94-9e1f-5a083da581b4
+Tags:
+- fd3b7234419fafc9bdd533f48896ed73_b816c5cd.sys
+Verified: 'TRUE'
 Author: Viral Maniar
 Created: '2023-07-25'
 MitreID: T1068
 Category: vulnerable driver
-Verified: 'TRUE'
 Commands:
-  Command: sc.exe create fd3b7234419fafc9bdd533f48896ed73_b816c5cd.sys binPath=C:\windows\temp\fd3b7234419fafc9bdd533f48896ed73_b816c5cd.sys
-    type=kernel && sc.exe start fd3b7234419fafc9bdd533f48896ed73_b816c5cd.sys
-  Description: The criminals signed their AV-killer malware, closely related to one
-    known as BURNTCIGAR, with a legitimate WHCP certificate
-  Usecase: Elevate privileges
-  Privileges: kernel
-  OperatingSystem: Windows 10
+    Command: sc.exe create fd3b7234419fafc9bdd533f48896ed73_b816c5cd.sys binPath=C:\windows\temp\fd3b7234419fafc9bdd533f48896ed73_b816c5cd.sys
+        type=kernel && sc.exe start fd3b7234419fafc9bdd533f48896ed73_b816c5cd.sys
+    Description: The criminals signed their AV-killer malware, closely related to
+        one known as BURNTCIGAR, with a legitimate WHCP certificate
+    Usecase: Elevate privileges
+    Privileges: kernel
+    OperatingSystem: Windows 10
 Resources:
 - https://news.sophos.com/en-us/2022/12/13/signed-driver-malware-moves-up-the-software-trust-chain/
 - https://github.com/magicsword-io/LOLDrivers/issues/114
-Acknowledgement:
-  Person: ''
-  Handle: ''
 Detection: []
+Acknowledgement:
+    Person: ''
+    Handle: ''
 KnownVulnerableSamples:
-- Filename: ''
-  MD5: fd3b7234419fafc9bdd533f48896ed73
-  SHA1: 3784d1b09a515c8824e05e9ea422c935e693080c
-  SHA256: 274340f7185a0cc047d82ecfb2cce5bd18764ee558b5227894565c2f9fe9f6ab
-  Signature: ''
-  Date: ''
-  Publisher: ''
-  Company: ''
-  Description: ''
-  Product: ''
-  ProductVersion: ''
-  FileVersion: ''
-  MachineType: AMD64
-  OriginalFilename: ''
-  Authentihash:
-    MD5: fea212edc50dd0f8f475d8cc5357db22
-    SHA1: 7ee97fb9318d44ef68529cf2b59b47e9c24760b7
-    SHA256: cac6f11d37bf2438a7f07053bbe692bb135bc06c245b56e8411e3bd906e15f98
-  RichPEHeaderHash:
-    MD5: ffdf660eb1ebf020a1d0a55a90712dfb
-    SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
-    SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
-  Sections:
-    .text:
-      Entropy: 0.0
-      Virtual Size: '0x37855'
-    .rdata:
-      Entropy: 0.0
-      Virtual Size: '0x1d9c'
-    .data:
-      Entropy: 0.0
-      Virtual Size: '0x4208'
-    .pdata:
-      Entropy: 0.0
-      Virtual Size: '0x1074'
-    PAGE:
-      Entropy: 0.0
-      Virtual Size: '0x13'
-    INIT:
-      Entropy: 0.0
-      Virtual Size: '0xdc2'
-    .hib0:
-      Entropy: 0.0
-      Virtual Size: '0x19e554'
-    .hib1:
-      Entropy: 0.5154751698681793
-      Virtual Size: '0x4b0'
-    .hib2:
-      Entropy: 7.770409682383786
-      Virtual Size: '0x2fb4e4'
-    .reloc:
-      Entropy: 3.9987238734590798
-      Virtual Size: '0xb8'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2022-09-14 22:23:16'
-  InternalName: ''
-  Copyright: ''
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  - NETIO.SYS
-  - WDFLDR.SYS
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - ObQueryNameString
-  - FltUnregisterFilter
-  - WskRegister
-  - WdfVersionBind
-  - ExAllocatePool
-  - NtQuerySystemInformation
-  - ExFreePoolWithTag
-  - IoAllocateMdl
-  - MmProbeAndLockPages
-  - MmMapLockedPagesSpecifyCache
-  - MmUnlockPages
-  - IoFreeMdl
-  - KeQueryActiveProcessors
-  - KeSetSystemAffinityThread
-  - KeRevertToUserAffinityThread
-  - DbgPrint
-  - KeQueryPerformanceCounter
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Hardware Compatibility Publisher
-      ValidFrom: '2022-06-07 18:08:06'
-      ValidTo: '2023-06-01 18:08:06'
-      Signature: 0a835e40cdb627d4f0a0d3dbbf64a46a05c132d0b5df9d11cd9c195d7037737057d57a342732ae68d67de47f460e7211c7c40dc29b0a079caff871c4834a9a2fc85e759de9b78659ad6fd79b7320e538e9ba5d52227ad67cc00b0a770ef662af3d743a558643ad89cfb015591709a69b6271a9b65db71898e7cb9964c6376dc474898301a6133198b486b518fdd9d7b9723dcffc441e026833f7c72e27986026c97b9184a0048b10d1fe6847ae467f02173f7a69120be780e5b6b9e6399402cc58735a31b537cc33578fbea443135a4a612359150bcf9ab316f6a9248bc71ef3f3480b9b3fa2341692bc3a121d80214688f7bd87d5ec56dcbd0ea61abf2c7ed2b739a07590adb596d401735d955f5f94c591d69ab4363a42f9fca549d439495711ff7990448c03724792ed4acf31f2b35b136c1b2f37aa82b1aabf7daf059dcb2e976e95311ec6e9cc53876dd09632cf512d39c801849a7c1088a565691953e07c7ff17b22518e982dd2dcc0feda8c834ca1f5e247aef1c3af5f13cd4b8cc1b6c0179bc876db88d677047c34366533e349796dbdea86389ad640710b7742ae8cc4ec88f10fa80ede4b1c93f81b55480fc8228216d54813df0327e74b3db9f3512a40c0568e4215827f9b7a2613deea72a7ec4df2def05e5559015049fe83edc83300526045cb128119e131b7d3573b268e24b0a25b9ad59f6301c8fc8f409322
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 3300000057ee4d659a923e7c10000000000057
-      Version: 3
-      TBS:
-        MD5: fdc11a5676aed4e9cc0c09eeb7450dfb
-        SHA1: 4902077d9a05d4231b791d3b05bafa4a79132f03
-        SHA256: 5db56c23d83bf67c7152e28ad4a684a7372b4ae4f52afe7a81ce91eef94caec3
-        SHA384: c952d7f0e0ea5216ce4400601fb7c0829f0f3fcd6eb2b5b9112fbe45d133e00c4abd660f8e1794f7ac4ef95123e2c0ab
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2014
-      ValidFrom: '2014-10-15 20:31:27'
-      ValidTo: '2029-10-15 20:41:27'
-      Signature: 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 330000000d690d5d7893d076df00000000000d
-      Version: 3
-      TBS:
-        MD5: 83f69422963f11c3c340b81712eef319
-        SHA1: 0c5e5f24590b53bc291e28583acb78e5adc95601
-        SHA256: d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
-        SHA384: 260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63
-    Signer:
-    - SerialNumber: 3300000057ee4d659a923e7c10000000000057
-      Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2014
-      Version: 1
-  Imphash: 28dc68bb6d6bf4f6b2db8dd7588b2511
-  LoadsDespiteHVCI: 'FALSE'
-Tags:
-- fd3b7234419fafc9bdd533f48896ed73_b816c5cd.sys
+-   Filename: ''
+    MD5: fd3b7234419fafc9bdd533f48896ed73
+    SHA1: 3784d1b09a515c8824e05e9ea422c935e693080c
+    SHA256: 274340f7185a0cc047d82ecfb2cce5bd18764ee558b5227894565c2f9fe9f6ab
+    Signature: ''
+    Date: ''
+    Publisher: ''
+    Company: ''
+    Description: ''
+    Product: ''
+    ProductVersion: ''
+    FileVersion: ''
+    MachineType: AMD64
+    OriginalFilename: ''
+    Authentihash:
+        MD5: fea212edc50dd0f8f475d8cc5357db22
+        SHA1: 7ee97fb9318d44ef68529cf2b59b47e9c24760b7
+        SHA256: cac6f11d37bf2438a7f07053bbe692bb135bc06c245b56e8411e3bd906e15f98
+    RichPEHeaderHash:
+        MD5: ffdf660eb1ebf020a1d0a55a90712dfb
+        SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
+        SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
+    Sections:
+        .text:
+            Entropy: 0.0
+            Virtual Size: '0x37855'
+        .rdata:
+            Entropy: 0.0
+            Virtual Size: '0x1d9c'
+        .data:
+            Entropy: 0.0
+            Virtual Size: '0x4208'
+        .pdata:
+            Entropy: 0.0
+            Virtual Size: '0x1074'
+        PAGE:
+            Entropy: 0.0
+            Virtual Size: '0x13'
+        INIT:
+            Entropy: 0.0
+            Virtual Size: '0xdc2'
+        .hib0:
+            Entropy: 0.0
+            Virtual Size: '0x19e554'
+        .hib1:
+            Entropy: 0.5154751698681793
+            Virtual Size: '0x4b0'
+        .hib2:
+            Entropy: 7.770409682383786
+            Virtual Size: '0x2fb4e4'
+        .reloc:
+            Entropy: 3.9987238734590798
+            Virtual Size: '0xb8'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2022-09-14 22:23:16'
+    InternalName: ''
+    Copyright: ''
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    - NETIO.SYS
+    - WDFLDR.SYS
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - ObQueryNameString
+    - FltUnregisterFilter
+    - WskRegister
+    - WdfVersionBind
+    - ExAllocatePool
+    - NtQuerySystemInformation
+    - ExFreePoolWithTag
+    - IoAllocateMdl
+    - MmProbeAndLockPages
+    - MmMapLockedPagesSpecifyCache
+    - MmUnlockPages
+    - IoFreeMdl
+    - KeQueryActiveProcessors
+    - KeSetSystemAffinityThread
+    - KeRevertToUserAffinityThread
+    - DbgPrint
+    - KeQueryPerformanceCounter
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Hardware Compatibility Publisher
+            ValidFrom: '2022-06-07 18:08:06'
+            ValidTo: '2023-06-01 18:08:06'
+            Signature: 0a835e40cdb627d4f0a0d3dbbf64a46a05c132d0b5df9d11cd9c195d7037737057d57a342732ae68d67de47f460e7211c7c40dc29b0a079caff871c4834a9a2fc85e759de9b78659ad6fd79b7320e538e9ba5d52227ad67cc00b0a770ef662af3d743a558643ad89cfb015591709a69b6271a9b65db71898e7cb9964c6376dc474898301a6133198b486b518fdd9d7b9723dcffc441e026833f7c72e27986026c97b9184a0048b10d1fe6847ae467f02173f7a69120be780e5b6b9e6399402cc58735a31b537cc33578fbea443135a4a612359150bcf9ab316f6a9248bc71ef3f3480b9b3fa2341692bc3a121d80214688f7bd87d5ec56dcbd0ea61abf2c7ed2b739a07590adb596d401735d955f5f94c591d69ab4363a42f9fca549d439495711ff7990448c03724792ed4acf31f2b35b136c1b2f37aa82b1aabf7daf059dcb2e976e95311ec6e9cc53876dd09632cf512d39c801849a7c1088a565691953e07c7ff17b22518e982dd2dcc0feda8c834ca1f5e247aef1c3af5f13cd4b8cc1b6c0179bc876db88d677047c34366533e349796dbdea86389ad640710b7742ae8cc4ec88f10fa80ede4b1c93f81b55480fc8228216d54813df0327e74b3db9f3512a40c0568e4215827f9b7a2613deea72a7ec4df2def05e5559015049fe83edc83300526045cb128119e131b7d3573b268e24b0a25b9ad59f6301c8fc8f409322
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 3300000057ee4d659a923e7c10000000000057
+            Version: 3
+            TBS:
+                MD5: fdc11a5676aed4e9cc0c09eeb7450dfb
+                SHA1: 4902077d9a05d4231b791d3b05bafa4a79132f03
+                SHA256: 5db56c23d83bf67c7152e28ad4a684a7372b4ae4f52afe7a81ce91eef94caec3
+                SHA384: c952d7f0e0ea5216ce4400601fb7c0829f0f3fcd6eb2b5b9112fbe45d133e00c4abd660f8e1794f7ac4ef95123e2c0ab
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2014
+            ValidFrom: '2014-10-15 20:31:27'
+            ValidTo: '2029-10-15 20:41:27'
+            Signature: 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 330000000d690d5d7893d076df00000000000d
+            Version: 3
+            TBS:
+                MD5: 83f69422963f11c3c340b81712eef319
+                SHA1: 0c5e5f24590b53bc291e28583acb78e5adc95601
+                SHA256: d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
+                SHA384: 260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63
+        Signer:
+        -   SerialNumber: 3300000057ee4d659a923e7c10000000000057
+            Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2014
+            Version: 1
+    Imphash: 28dc68bb6d6bf4f6b2db8dd7588b2511
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/c854b612-0b9f-4fc3-a7b8-a93bed7a291e.yaml b/yaml/c854b612-0b9f-4fc3-a7b8-a93bed7a291e.yaml
index dd2db2e71..6c030f4df 100644
--- a/yaml/c854b612-0b9f-4fc3-a7b8-a93bed7a291e.yaml
+++ b/yaml/c854b612-0b9f-4fc3-a7b8-a93bed7a291e.yaml
@@ -1,92 +1,93 @@
-Acknowledgement:
-  Handle: Void_Sec
-  Person: Paolo Stagno
+Id: c854b612-0b9f-4fc3-a7b8-a93bed7a291e
+Tags:
+- SSPORT.sys
+Verified: 'TRUE'
 Author: Nasreddine Bencherchali
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create SSPORT.sys binPath=C:\windows\temp\SSPORT.sys     type=kernel
-    && sc.exe start SSPORT.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-04-15'
-Detection: []
-Id: c854b612-0b9f-4fc3-a7b8-a93bed7a291e
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: ffc522ee567368a6f98c38dd2aa57f30
-    SHA1: 06643b15efe04a2177c08d0395a2be5a910ed58c
-    SHA256: 710639fd1eb76520e8733840ad78a81e09ce03930e4d3c47998e3162ae95f90e
-  Company: Samsung Electronics
-  Copyright: Copyright (C) Samsung Corp. 1998-2005
-  Date: ''
-  Description: Port Contention Driver
-  ExportedFunctions: ''
-  FileVersion: '1.0'
-  Filename: SSPORT.sys
-  ImportedFunctions:
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - strncpy
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - IofCompleteRequest
-  Imports:
-  - ntoskrnl.exe
-  InternalName: SSPORT.sys
-  MD5: 0211ab46b73a2623b86c1cfcb30579ab
-  MachineType: AMD64
-  OriginalFilename: SSPORT.sys
-  Product: Port Contention Driver
-  ProductVersion: '1.0'
-  Publisher: N/A
-  SHA1: ccd547ef957189eddb6ee213e5e0136e980186f9
-  SHA256: 7cc9ba2df7b9ea6bb17ee342898edd7f54703b93b6ded6a819e83a7ee9f938b4
-  Signature: N/A
-  Signatures:
-  - Certificates:
-    - Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-    - Signature: 877870da4e5201205be079c98230c4fdb91996bd9100c3bdcdcdc6f40ed8fff94dc033623011c5f5741bd492de5f9c2013b17c45be50cd83e7801783a72793671346fbcab8984103cc9b515b058b7fa86ff31b501b242ef2698d6c22f7bbca1695ed0c74c06877d9eb996287c17390f889747a23aba3987b97b1f78f29714d2e751b4841daf0b50d2054d677a097826369fd09cf8af075bb099bd9f91155269a6132be7a02b07b86bea2c38b222c78d13576bc92735cf9b9e64c150a23cce4d2d4342e4940153c0f607a24c6a566ef96cf70eb3ee7f40d7edcd17ca3767169c19c4f47303521b1a2af1a623c2bd98eaa2a077bd818b35c7be29da56ffe3c89ad
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2008-12-03 23:59:59'
-    - Signature: 9a65f5d8d7e1a4d05dded87d7bc3eec408c256d08cdcedac228de750060d072ca0a46995cc99dfcc6331cfb0c1e496cb38ce21fb7ce7580a2321072c9097abd89604935453ba3a1048720d85ec1b0a4125cc7d6cac7b03f1f7783cf2a840d05572dbbe0b28b5c8c705fed3e0b521dcbc40b7bebc60f5b8e3d85e3b65dd66565f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2009-07-15 23:59:59'
-    - Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-    - Signature: 4dceac99bddd261b0cba819d675d9769f4c0b78bb6916510b1bc30653c37c6a5a7deb1448f344a0064400030008a5c4a335b81453e39bf13b05e4172ae494162f8f58ea0c1ed36701a58eff239fa8456b3a2414812e2c78bea6745689beffb6d4f8f7fa4b65b3d6b3bb69102aac1f8fd41ac6a48b4cd651a7f80f2742b4277396250e1efb948c20a44fef90a1690db36677710078c60b2886c92174c9d680a20a77f0d9fce50c22311c8f78ec6519a558fc8a51ee9fca41a7213336555bda8fade96b9dbc789754f6b6fa715487cc2be4a2405d8c7f1512f530afeeba35deb952cfa8e3264a793a089d99d74ba6c84cba3d9910e82a5c0ca84b12dc707a4feb5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      Subject: C=KR, ST=Kyungki,Do, L=Suwon, O=Samsung Electronics CO., LTD., OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=Computer System, CN=Samsung
-        Electronics CO., LTD.
-      ValidFrom: '2005-11-08 00:00:00'
-      ValidTo: '2006-12-17 23:59:59'
-    CertificatesInfo: ''
-    Signer:
-    - Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      SerialNumber: 4ffbf40bae31d4c367d68e83e3e6712f
-    SignerInfo: ''
-  LoadsDespiteHVCI: 'TRUE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create SSPORT.sys binPath=C:\windows\temp\SSPORT.sys     type=kernel
+        && sc.exe start SSPORT.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://github.com/VoidSec/Exploit-Development/tree/b82b6d3ac1cce66221101d3e0f4634aa64cb4ca7/windows/x64/kernel/ssport_v1.0
-Tags:
-- SSPORT.sys
-Verified: 'TRUE'
+Detection: []
+Acknowledgement:
+    Handle: Void_Sec
+    Person: Paolo Stagno
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: ffc522ee567368a6f98c38dd2aa57f30
+        SHA1: 06643b15efe04a2177c08d0395a2be5a910ed58c
+        SHA256: 710639fd1eb76520e8733840ad78a81e09ce03930e4d3c47998e3162ae95f90e
+    Company: Samsung Electronics
+    Copyright: Copyright (C) Samsung Corp. 1998-2005
+    Date: ''
+    Description: Port Contention Driver
+    ExportedFunctions: ''
+    FileVersion: '1.0'
+    Filename: SSPORT.sys
+    ImportedFunctions:
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - strncpy
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - IofCompleteRequest
+    Imports:
+    - ntoskrnl.exe
+    InternalName: SSPORT.sys
+    MD5: 0211ab46b73a2623b86c1cfcb30579ab
+    MachineType: AMD64
+    OriginalFilename: SSPORT.sys
+    Product: Port Contention Driver
+    ProductVersion: '1.0'
+    Publisher: N/A
+    SHA1: ccd547ef957189eddb6ee213e5e0136e980186f9
+    SHA256: 7cc9ba2df7b9ea6bb17ee342898edd7f54703b93b6ded6a819e83a7ee9f938b4
+    Signature: N/A
+    Signatures:
+    -   Certificates:
+        -   Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+        -   Signature: 877870da4e5201205be079c98230c4fdb91996bd9100c3bdcdcdc6f40ed8fff94dc033623011c5f5741bd492de5f9c2013b17c45be50cd83e7801783a72793671346fbcab8984103cc9b515b058b7fa86ff31b501b242ef2698d6c22f7bbca1695ed0c74c06877d9eb996287c17390f889747a23aba3987b97b1f78f29714d2e751b4841daf0b50d2054d677a097826369fd09cf8af075bb099bd9f91155269a6132be7a02b07b86bea2c38b222c78d13576bc92735cf9b9e64c150a23cce4d2d4342e4940153c0f607a24c6a566ef96cf70eb3ee7f40d7edcd17ca3767169c19c4f47303521b1a2af1a623c2bd98eaa2a077bd818b35c7be29da56ffe3c89ad
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2008-12-03 23:59:59'
+        -   Signature: 9a65f5d8d7e1a4d05dded87d7bc3eec408c256d08cdcedac228de750060d072ca0a46995cc99dfcc6331cfb0c1e496cb38ce21fb7ce7580a2321072c9097abd89604935453ba3a1048720d85ec1b0a4125cc7d6cac7b03f1f7783cf2a840d05572dbbe0b28b5c8c705fed3e0b521dcbc40b7bebc60f5b8e3d85e3b65dd66565f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2009-07-15 23:59:59'
+        -   Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+        -   Signature: 4dceac99bddd261b0cba819d675d9769f4c0b78bb6916510b1bc30653c37c6a5a7deb1448f344a0064400030008a5c4a335b81453e39bf13b05e4172ae494162f8f58ea0c1ed36701a58eff239fa8456b3a2414812e2c78bea6745689beffb6d4f8f7fa4b65b3d6b3bb69102aac1f8fd41ac6a48b4cd651a7f80f2742b4277396250e1efb948c20a44fef90a1690db36677710078c60b2886c92174c9d680a20a77f0d9fce50c22311c8f78ec6519a558fc8a51ee9fca41a7213336555bda8fade96b9dbc789754f6b6fa715487cc2be4a2405d8c7f1512f530afeeba35deb952cfa8e3264a793a089d99d74ba6c84cba3d9910e82a5c0ca84b12dc707a4feb5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            Subject: C=KR, ST=Kyungki,Do, L=Suwon, O=Samsung Electronics CO., LTD.,
+                OU=Digital ID Class 3 , Microsoft Software Validation v2, OU=Computer
+                System, CN=Samsung Electronics CO., LTD.
+            ValidFrom: '2005-11-08 00:00:00'
+            ValidTo: '2006-12-17 23:59:59'
+        CertificatesInfo: ''
+        Signer:
+        -   Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            SerialNumber: 4ffbf40bae31d4c367d68e83e3e6712f
+        SignerInfo: ''
+    LoadsDespiteHVCI: 'TRUE'
diff --git a/yaml/c98af16e-197f-4e66-bf94-14646bde32dd.yaml b/yaml/c98af16e-197f-4e66-bf94-14646bde32dd.yaml
index 19434f2dd..120f28d9d 100644
--- a/yaml/c98af16e-197f-4e66-bf94-14646bde32dd.yaml
+++ b/yaml/c98af16e-197f-4e66-bf94-14646bde32dd.yaml
@@ -1,213 +1,213 @@
 Id: c98af16e-197f-4e66-bf94-14646bde32dd
+Tags:
+- CupFixerx64.sys
+Verified: 'TRUE'
 Author: Nasreddine Bencherchali
 Created: '2023-05-06'
 MitreID: T1068
 Category: vulnerable driver
-Verified: 'TRUE'
 Commands:
-  Command: sc.exe create CupFixerx64.sys binPath=C:\windows\temp\CupFixerx64.sys type=kernel
-    && sc.exe start CupFixerx64.sys
-  Description: ''
-  Usecase: Elevate privileges
-  Privileges: kernel
-  OperatingSystem: Windows 10
+    Command: sc.exe create CupFixerx64.sys binPath=C:\windows\temp\CupFixerx64.sys
+        type=kernel && sc.exe start CupFixerx64.sys
+    Description: ''
+    Usecase: Elevate privileges
+    Privileges: kernel
+    OperatingSystem: Windows 10
 Resources:
 - Internal Research
-Acknowledgement:
-  Person: ''
-  Handle: ''
 Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Person: ''
+    Handle: ''
 KnownVulnerableSamples:
-- Filename: CupFixerx64.sys
-  MD5: 2b3e0db4f00d4b3d0b4d178234b02e72
-  SHA1: 622e7bffda8c80997e149ac11492625572e386e0
-  SHA256: 8c748ae5dcc10614cc134064c99367d28f3131d1f1dda0c9c29e99279dc1bdd9
-  Authentihash:
-    MD5: 94821717c66d8a47853a8db22f0616bb
-    SHA1: 550937d17cfe9662abc8bd45f6bb58e159fc505a
-    SHA256: 8aba8df5a1aa3f14551047c8c9dea2b2d5867f2ad4dec89b53530c96a13c84db
-  Description: Sincey Cup Fixer
-  Company: Windows (R) Win 7 DDK provider
-  InternalName: CupFixerx64.sys
-  OriginalFilename: CupFixerx64.sys
-  FileVersion: 32.0.10011.13337
-  Product: Windows (R) Win 7 DDK driver
-  ProductVersion: 32.0.10011.13337
-  Copyright: "\xA9 Microsoft Corporation. All rights reserved."
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - MmMapLockedPagesSpecifyCache
-  - MmUnmapLockedPages
-  - MmAllocateContiguousMemory
-  - MmFreeContiguousMemory
-  - IoAllocateMdl
-  - IoFreeMdl
-  - MmGetPhysicalAddress
-  - RtlInitUnicodeString
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - KeLowerIrql
-  - MmBuildMdlForNonPagedPool
-  - MmMapIoSpace
-  - MmUnmapIoSpace
-  - ObReferenceObjectByHandle
-  - ZwClose
-  - ZwOpenSection
-  - ZwMapViewOfSection
-  - ZwUnmapViewOfSection
-  - ExFreePoolWithTag
-  - MmGetSystemRoutineAddress
-  - PsGetVersion
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - KfRaiseIrql
-  - RtlCompareMemory
-  - HalTranslateBusAddress
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Trusted Root
-        G4
-      ValidFrom: '2022-08-01 00:00:00'
-      ValidTo: '2031-11-09 23:59:59'
-      Signature: 70a0bf435c55e7385fa0a3741b3db616d7f7bf5707bd9aaca1872cec855ea91abb22f8871a695422eda488776dbd1a14f4134a7a2f2db738eff4ff80b9f8a1f7f272de24bc5203c84ed02adefa2d56cff9f4f7ac307a9a8bb25ed4cfd143449b4321eb9672a148b499cb9d4fa7060313772744d4e77fe859a8f0bf2f0ba6e9f2343cecf703c787a8d24c401935466a6954b0b8a1568eeca4d53de8b1dcfd1cd8f4775a5c548c6fefa1503dfc760968849f6fcadb208d35601c0203cb20b0ac58a00e4063c59822c1b259f5556bcf27ab6c76ce6f232df47e716a236b22ff12b8542d277ed83ad9f0b68796fd5bd15cac18c34d9f73b701a99f57aa5e28e2b994
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.12
-      IsCertificateAuthority: true
-      SerialNumber: 0e9b188ef9d02de7efdb50e20840185a
-      Version: 3
-      TBS:
-        MD5: 21a266bd49f2778b24d13d95641ea6ac
-        SHA1: 21319f341fdf06bf6a104427afa8b7823b1ea7f3
-        SHA256: e933dc68ee65abd1f9b1aa6738eff60a6895d3d8cc4accf0c69069aa3decd757
-        SHA384: 11533efd6b326a4e065a936de300fe0586a479f93d569d2403bd62c7ad35f1b2199daee3adb510f429c4fc97b4b024e3
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=CN, ST=Shanghai, L=Shanghai, O=Xinyi Electronic Technology (Shanghai)
-        Co., Ltd., OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=Xinyi
-        Electronic Technology (Shanghai) Co., Ltd.
-      ValidFrom: '2013-11-22 00:00:00'
-      ValidTo: '2014-11-22 23:59:59'
-      Signature: 3a212fdcabe8c8b07e1d177f63c312e4be61e21145297d1d61a3ca8f55136d41e917ee24c4969e00f822639f568f05a422c538446d7388f5e6d7f68ef986bd7368d689396aed497a7e95a94a7d51c04353647961e720f246abc6adc059dc57b19a70abc65f974aecf2da3385d7dc5cf13564e7352c5ae293b7d37569fec77d6e7344b784db2d453b675bd5420daad30dc2caa0e0b1cf532d6f98012b0f45ce89031e6decf7a6a865ae87a2d5ac8233c2c097d8d6b700257c58a54c7c8eb309e04b43c88851f67a06f487ae2fe8c6e11ae77b3af81a40e6df4b8dd554edd2c8f3fb7338b7e03c3f50526add42ebab380a4ed5aba26336b7a97200ce9124417efd
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 484b80a0e26c94f777323859a79adec5
-      Version: 3
-      TBS:
-        MD5: 83d06381f953c44c94a1a178d2d16611
-        SHA1: 0329f2b93e17731f601cf945769e742973f332c2
-        SHA256: ccc0365d4de61535fc0b027a27c7a78326d6745e11b5b7479490fd4b801d922f
-        SHA384: 6eceed253677ca6bd187e222691cbf5ca634fe8d0e167cda5ddc4829c1969ac7e6273e03f0bc917d0cf435d19c2f669f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    - Subject: C=US, O=DigiCert, Inc., CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping
-        CA
-      ValidFrom: '2022-03-23 00:00:00'
-      ValidTo: '2037-03-22 23:59:59'
-      Signature: 7d598ec093b66f98a94422017e66d6d82142e1b0182e104d13cf3053cebf18fbc7505de24b29fb708a0daa2969fc69c1cf1d07e93e60c8d80be55c5bd76d87fa842025343167cdb612966fc4504c621d0c0882a816bda956cf15738d012225ce95693f4777fb727414d7ffab4f8a2c7aab85cd435fed60b6aa4f91669e2c9ee08aace5fd8cbc6426876c92bd9d7cd0700a7cefa8bc754fba5af7a910b25de9ff285489f0d58a717665daccf072a323fac0278244ae99271bab241e26c1b7de2aebf69eb1799981a35686ab0a45c9dfc48da0e798fbfba69d72afc4c7c1c16a71d9c6138009c4b69fcd878724bb4fa349b9776691f1729ce94b0252a7377e9353ac3b1d08490f94cd397addff256399272c3d3f6ba7f166c341cd4fb6409b212140d0b71324cddc1d783ae49eade5347192d7266be43873aba6014fbd3f3b78ad4cadfbc4957bed0a5f33398741787a38e99ce1dd23fd1d28d3c7f9e8f1985ffb2bd87ef2469d752c1e272c26db6f157b1e198b36b893d4e6f2179959ca70f037bf9800df20164f27fb606716a166badd55c03a2986b098a02bed9541b73ad5159831b462090f0abd81d913febfa4d1f357d9bc04fa82de32df0489f000cd5dc2f9d0237f000be4760226d9f0657642a6298709472be67f1aa4850ffc9896f655542b1f80fac0f20e2be5d6fba92f44154ae7130e1ddb37381aa12bf6edd67cfc
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 073637b724547cd847acfd28662a5e5b
-      Version: 3
-      TBS:
-        MD5: e4b8ad9932ff9205f580cf8fb2afbb86
-        SHA1: 5301f7044d78bf94dd2b6e4871083a17fdba1dcc
-        SHA256: c3d01499a5d1d2f71e0f44e78fbfa4b8aadb43dd4f226401e0c1d7a6d53357fa
-        SHA384: 84b5f399da5a4f4387269adfd951ef7d2197c29552ed2d2e449060664c3825d6bdb2acc3e563d999e54652f7384f445e
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp 2022 , 2
-      ValidFrom: '2022-09-21 00:00:00'
-      ValidTo: '2033-11-21 23:59:59'
-      Signature: 55aa2a1af346f378573730fc75e34fd68523f1fcf995399b25e6f7728a98c377d464fc15fb36c249512c7888635509463900fc69d4ca9b29fba33fc0c9009b131db09889dc78f2cd7c85cd539daf62e26166a3142a45874a98422b50fc1bb59e083009fae42dd7098979f909e688ce7d1bb86aa29bc1536009e8a3b89dd7ad1f1cb8ec9841f0f60e80fbe4ffdf9d10a7eb00ba5f4a8f1a3a52b4eabf0949153536599a0f54d2b21b7f7e5e09ad76548a746dcad205672b76ebff98b226953819884414e50a59a26be7223e4421d23f1cc09bed7c48b2d8920c914f3c6694af5d0253eb9ee29ee4d31f8601649c00c2e95a74750d3de17988bf1c0197c9192380d7365a5f9616b1630cc646403bce5d35d4593e439a18aec3c9cbc3fb9b135f6ab5c7e0f305c359df27622bde41c953b9ff341067f62632987bfe5c42948194829dac0a8bc64b154ad3989045603380e023def803a4f64547e5ceb8034247e841367177adfda2e897744e2eda1e1d8c5ac81e9ad5c2f0c622a84f9bbdd81c9a51c42f9af65fa72797ba962e8557c060e778567f6aefc2959a4b1102c8829cc91a057cba71b54e7a996cf4e89ed45a98c89fbf8dbb185c43f5d02ae8e262ee7804dbbdd1fb5b0aa8707ef0978478e308035d472c63a825389701d23f3adae5e5f6e69bdc7e2cccff174c4d00a2d8d6010eb88beee6e07255892c271961f677018c
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 0c4d69724b94fa3c2a4a3d2907803d5a
-      Version: 3
-      TBS:
-        MD5: 812cb8ca0c79b318780ec5128ad13c1d
-        SHA1: 3f8047d078307123301e50a25e9afb0dc4b6843d
-        SHA256: 0c0b121e6f807bc22d4e0f4945634c22eca7e4d5ca58a1526a40e918a35c1d79
-        SHA384: 86aab81948499b3c90833253a853e7b3fd82ccf7b65b35806831ab60814bfc6ad8848c990df262a1c89b6fc4267dad81
-    Signer:
-    - SerialNumber: 484b80a0e26c94f777323859a79adec5
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: a1566c4c51fba223b42bcf16e9028638
-    SHA1: 7a6706209527ceae68d7f0e18983472dd6163177
-    SHA256: 42f78a461ed14e570a478480556a7a5080f89599e4cbc71653939ef634ec9131
-  Sections:
-    .text:
-      Entropy: 6.356712625314794
-      Virtual Size: '0x216e'
-    .rdata:
-      Entropy: 4.128210970466196
-      Virtual Size: '0x6e4'
-    .data:
-      Entropy: 0.6627058304164626
-      Virtual Size: '0x1fc'
-    .pdata:
-      Entropy: 3.94471136074808
-      Virtual Size: '0x1bc'
-    PAGE:
-      Entropy: 5.761547010517613
-      Virtual Size: '0x175'
-    INIT:
-      Entropy: 5.141802934652441
-      Virtual Size: '0x438'
-    .rsrc:
-      Entropy: 3.5824042953246473
-      Virtual Size: '0x460'
-    .reloc:
-      Entropy: 2.6981203125901447
-      Virtual Size: '0x18'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2020-07-28 02:31:47'
-  Imphash: f9141c3df8f7ec7b3f2d46265a3b5528
-  LoadsDespiteHVCI: 'TRUE'
-Tags:
-- CupFixerx64.sys
+-   Filename: CupFixerx64.sys
+    MD5: 2b3e0db4f00d4b3d0b4d178234b02e72
+    SHA1: 622e7bffda8c80997e149ac11492625572e386e0
+    SHA256: 8c748ae5dcc10614cc134064c99367d28f3131d1f1dda0c9c29e99279dc1bdd9
+    Authentihash:
+        MD5: 94821717c66d8a47853a8db22f0616bb
+        SHA1: 550937d17cfe9662abc8bd45f6bb58e159fc505a
+        SHA256: 8aba8df5a1aa3f14551047c8c9dea2b2d5867f2ad4dec89b53530c96a13c84db
+    Description: Sincey Cup Fixer
+    Company: Windows (R) Win 7 DDK provider
+    InternalName: CupFixerx64.sys
+    OriginalFilename: CupFixerx64.sys
+    FileVersion: 32.0.10011.13337
+    Product: Windows (R) Win 7 DDK driver
+    ProductVersion: 32.0.10011.13337
+    Copyright: "\xA9 Microsoft Corporation. All rights reserved."
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - MmMapLockedPagesSpecifyCache
+    - MmUnmapLockedPages
+    - MmAllocateContiguousMemory
+    - MmFreeContiguousMemory
+    - IoAllocateMdl
+    - IoFreeMdl
+    - MmGetPhysicalAddress
+    - RtlInitUnicodeString
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - KeLowerIrql
+    - MmBuildMdlForNonPagedPool
+    - MmMapIoSpace
+    - MmUnmapIoSpace
+    - ObReferenceObjectByHandle
+    - ZwClose
+    - ZwOpenSection
+    - ZwMapViewOfSection
+    - ZwUnmapViewOfSection
+    - ExFreePoolWithTag
+    - MmGetSystemRoutineAddress
+    - PsGetVersion
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - KfRaiseIrql
+    - RtlCompareMemory
+    - HalTranslateBusAddress
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Trusted
+                Root G4
+            ValidFrom: '2022-08-01 00:00:00'
+            ValidTo: '2031-11-09 23:59:59'
+            Signature: 70a0bf435c55e7385fa0a3741b3db616d7f7bf5707bd9aaca1872cec855ea91abb22f8871a695422eda488776dbd1a14f4134a7a2f2db738eff4ff80b9f8a1f7f272de24bc5203c84ed02adefa2d56cff9f4f7ac307a9a8bb25ed4cfd143449b4321eb9672a148b499cb9d4fa7060313772744d4e77fe859a8f0bf2f0ba6e9f2343cecf703c787a8d24c401935466a6954b0b8a1568eeca4d53de8b1dcfd1cd8f4775a5c548c6fefa1503dfc760968849f6fcadb208d35601c0203cb20b0ac58a00e4063c59822c1b259f5556bcf27ab6c76ce6f232df47e716a236b22ff12b8542d277ed83ad9f0b68796fd5bd15cac18c34d9f73b701a99f57aa5e28e2b994
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.12
+            IsCertificateAuthority: true
+            SerialNumber: 0e9b188ef9d02de7efdb50e20840185a
+            Version: 3
+            TBS:
+                MD5: 21a266bd49f2778b24d13d95641ea6ac
+                SHA1: 21319f341fdf06bf6a104427afa8b7823b1ea7f3
+                SHA256: e933dc68ee65abd1f9b1aa6738eff60a6895d3d8cc4accf0c69069aa3decd757
+                SHA384: 11533efd6b326a4e065a936de300fe0586a479f93d569d2403bd62c7ad35f1b2199daee3adb510f429c4fc97b4b024e3
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=CN, ST=Shanghai, L=Shanghai, O=Xinyi Electronic Technology
+                (Shanghai) Co., Ltd., OU=Digital ID Class 3 , Microsoft Software Validation
+                v2, CN=Xinyi Electronic Technology (Shanghai) Co., Ltd.
+            ValidFrom: '2013-11-22 00:00:00'
+            ValidTo: '2014-11-22 23:59:59'
+            Signature: 3a212fdcabe8c8b07e1d177f63c312e4be61e21145297d1d61a3ca8f55136d41e917ee24c4969e00f822639f568f05a422c538446d7388f5e6d7f68ef986bd7368d689396aed497a7e95a94a7d51c04353647961e720f246abc6adc059dc57b19a70abc65f974aecf2da3385d7dc5cf13564e7352c5ae293b7d37569fec77d6e7344b784db2d453b675bd5420daad30dc2caa0e0b1cf532d6f98012b0f45ce89031e6decf7a6a865ae87a2d5ac8233c2c097d8d6b700257c58a54c7c8eb309e04b43c88851f67a06f487ae2fe8c6e11ae77b3af81a40e6df4b8dd554edd2c8f3fb7338b7e03c3f50526add42ebab380a4ed5aba26336b7a97200ce9124417efd
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 484b80a0e26c94f777323859a79adec5
+            Version: 3
+            TBS:
+                MD5: 83d06381f953c44c94a1a178d2d16611
+                SHA1: 0329f2b93e17731f601cf945769e742973f332c2
+                SHA256: ccc0365d4de61535fc0b027a27c7a78326d6745e11b5b7479490fd4b801d922f
+                SHA384: 6eceed253677ca6bd187e222691cbf5ca634fe8d0e167cda5ddc4829c1969ac7e6273e03f0bc917d0cf435d19c2f669f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        -   Subject: C=US, O=DigiCert, Inc., CN=DigiCert Trusted G4 RSA4096 SHA256
+                TimeStamping CA
+            ValidFrom: '2022-03-23 00:00:00'
+            ValidTo: '2037-03-22 23:59:59'
+            Signature: 7d598ec093b66f98a94422017e66d6d82142e1b0182e104d13cf3053cebf18fbc7505de24b29fb708a0daa2969fc69c1cf1d07e93e60c8d80be55c5bd76d87fa842025343167cdb612966fc4504c621d0c0882a816bda956cf15738d012225ce95693f4777fb727414d7ffab4f8a2c7aab85cd435fed60b6aa4f91669e2c9ee08aace5fd8cbc6426876c92bd9d7cd0700a7cefa8bc754fba5af7a910b25de9ff285489f0d58a717665daccf072a323fac0278244ae99271bab241e26c1b7de2aebf69eb1799981a35686ab0a45c9dfc48da0e798fbfba69d72afc4c7c1c16a71d9c6138009c4b69fcd878724bb4fa349b9776691f1729ce94b0252a7377e9353ac3b1d08490f94cd397addff256399272c3d3f6ba7f166c341cd4fb6409b212140d0b71324cddc1d783ae49eade5347192d7266be43873aba6014fbd3f3b78ad4cadfbc4957bed0a5f33398741787a38e99ce1dd23fd1d28d3c7f9e8f1985ffb2bd87ef2469d752c1e272c26db6f157b1e198b36b893d4e6f2179959ca70f037bf9800df20164f27fb606716a166badd55c03a2986b098a02bed9541b73ad5159831b462090f0abd81d913febfa4d1f357d9bc04fa82de32df0489f000cd5dc2f9d0237f000be4760226d9f0657642a6298709472be67f1aa4850ffc9896f655542b1f80fac0f20e2be5d6fba92f44154ae7130e1ddb37381aa12bf6edd67cfc
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 073637b724547cd847acfd28662a5e5b
+            Version: 3
+            TBS:
+                MD5: e4b8ad9932ff9205f580cf8fb2afbb86
+                SHA1: 5301f7044d78bf94dd2b6e4871083a17fdba1dcc
+                SHA256: c3d01499a5d1d2f71e0f44e78fbfa4b8aadb43dd4f226401e0c1d7a6d53357fa
+                SHA384: 84b5f399da5a4f4387269adfd951ef7d2197c29552ed2d2e449060664c3825d6bdb2acc3e563d999e54652f7384f445e
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp 2022 , 2
+            ValidFrom: '2022-09-21 00:00:00'
+            ValidTo: '2033-11-21 23:59:59'
+            Signature: 55aa2a1af346f378573730fc75e34fd68523f1fcf995399b25e6f7728a98c377d464fc15fb36c249512c7888635509463900fc69d4ca9b29fba33fc0c9009b131db09889dc78f2cd7c85cd539daf62e26166a3142a45874a98422b50fc1bb59e083009fae42dd7098979f909e688ce7d1bb86aa29bc1536009e8a3b89dd7ad1f1cb8ec9841f0f60e80fbe4ffdf9d10a7eb00ba5f4a8f1a3a52b4eabf0949153536599a0f54d2b21b7f7e5e09ad76548a746dcad205672b76ebff98b226953819884414e50a59a26be7223e4421d23f1cc09bed7c48b2d8920c914f3c6694af5d0253eb9ee29ee4d31f8601649c00c2e95a74750d3de17988bf1c0197c9192380d7365a5f9616b1630cc646403bce5d35d4593e439a18aec3c9cbc3fb9b135f6ab5c7e0f305c359df27622bde41c953b9ff341067f62632987bfe5c42948194829dac0a8bc64b154ad3989045603380e023def803a4f64547e5ceb8034247e841367177adfda2e897744e2eda1e1d8c5ac81e9ad5c2f0c622a84f9bbdd81c9a51c42f9af65fa72797ba962e8557c060e778567f6aefc2959a4b1102c8829cc91a057cba71b54e7a996cf4e89ed45a98c89fbf8dbb185c43f5d02ae8e262ee7804dbbdd1fb5b0aa8707ef0978478e308035d472c63a825389701d23f3adae5e5f6e69bdc7e2cccff174c4d00a2d8d6010eb88beee6e07255892c271961f677018c
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 0c4d69724b94fa3c2a4a3d2907803d5a
+            Version: 3
+            TBS:
+                MD5: 812cb8ca0c79b318780ec5128ad13c1d
+                SHA1: 3f8047d078307123301e50a25e9afb0dc4b6843d
+                SHA256: 0c0b121e6f807bc22d4e0f4945634c22eca7e4d5ca58a1526a40e918a35c1d79
+                SHA384: 86aab81948499b3c90833253a853e7b3fd82ccf7b65b35806831ab60814bfc6ad8848c990df262a1c89b6fc4267dad81
+        Signer:
+        -   SerialNumber: 484b80a0e26c94f777323859a79adec5
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: a1566c4c51fba223b42bcf16e9028638
+        SHA1: 7a6706209527ceae68d7f0e18983472dd6163177
+        SHA256: 42f78a461ed14e570a478480556a7a5080f89599e4cbc71653939ef634ec9131
+    Sections:
+        .text:
+            Entropy: 6.356712625314794
+            Virtual Size: '0x216e'
+        .rdata:
+            Entropy: 4.128210970466196
+            Virtual Size: '0x6e4'
+        .data:
+            Entropy: 0.6627058304164626
+            Virtual Size: '0x1fc'
+        .pdata:
+            Entropy: 3.94471136074808
+            Virtual Size: '0x1bc'
+        PAGE:
+            Entropy: 5.761547010517613
+            Virtual Size: '0x175'
+        INIT:
+            Entropy: 5.141802934652441
+            Virtual Size: '0x438'
+        .rsrc:
+            Entropy: 3.5824042953246473
+            Virtual Size: '0x460'
+        .reloc:
+            Entropy: 2.6981203125901447
+            Virtual Size: '0x18'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2020-07-28 02:31:47'
+    Imphash: f9141c3df8f7ec7b3f2d46265a3b5528
+    LoadsDespiteHVCI: 'TRUE'
diff --git a/yaml/ca1e8664-841f-4e4b-9e67-3f515cc249c6.yaml b/yaml/ca1e8664-841f-4e4b-9e67-3f515cc249c6.yaml
index 4d1b7c834..965988ac4 100644
--- a/yaml/ca1e8664-841f-4e4b-9e67-3f515cc249c6.yaml
+++ b/yaml/ca1e8664-841f-4e4b-9e67-3f515cc249c6.yaml
@@ -1,185 +1,185 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: ca1e8664-841f-4e4b-9e67-3f515cc249c6
+Tags:
+- ndislan.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: malicious
-Commands:
-  Command: sc.exe create ndislan.sys binPath=C:\windows\temp \n \n \n  dislan.sys
-    type=kernel && sc.exe start ndislan.sys
-  Description: Driver used in the Daxin malware campaign.
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-02-28'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/b0eb4d999e4e0e7c2e33ff081e847c87b49940eb24a9e0794c6aa9516832c427.yara
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_mal_drivers_strict.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: ca1e8664-841f-4e4b-9e67-3f515cc249c6
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 8bddebd3670d9f154318afd62195a2b8
-    SHA1: 7f57424f2ce7186e3a1951f3710f28d7ce9c8a96
-    SHA256: 9345c3af554c06aa949492f1642a7a03404956d2952cca8a68658b62dccb0825
-  Company: Microsoft Corporation
-  Copyright: "\xA9 Microsoft Corporation. All rights reserved."
-  CreationTimestamp: '2012-10-12 10:49:03'
-  Date: ''
-  Description: MS LAN Driver
-  ExportedFunctions: ''
-  FileVersion: 6.1.7600.1421
-  Filename: ndislan.sys
-  ImportedFunctions:
-  - MmUnmapLockedPages
-  - RtlInitUnicodeString
-  - RtlUnicodeStringToAnsiString
-  - IoFreeMdl
-  - strncpy
-  - MmMapLockedPagesSpecifyCache
-  - ZwQueryValueKey
-  - ZwFreeVirtualMemory
-  - IofCompleteRequest
-  - RtlFreeAnsiString
-  - MmProbeAndLockPages
-  - MmUnlockPages
-  - strrchr
-  - IoAllocateMdl
-  - ZwAllocateVirtualMemory
-  - ZwOpenKey
-  - RtlAnsiStringToUnicodeString
-  - _stricmp
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - NtQuerySystemInformation
-  - MmGetSystemRoutineAddress
-  - RtlImageDirectoryEntryToData
-  - ObMakeTemporaryObject
-  - RtlInitAnsiString
-  - RtlFreeUnicodeString
-  - IoDriverObjectType
-  - ObfDereferenceObject
-  - IoCreateDriver
-  - ObReferenceObjectByName
-  - __C_specific_handler
-  Imports:
-  - ntoskrnl.exe
-  InternalName: ndislan.sys
-  MD5: 47e6ac52431ca47da17248d80bf71389
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ndislan.sys
-  Product: "Microsoft\xAE Windows\xAE Operating System"
-  ProductVersion: 6.1.7600.1421
-  Publisher: Anhua Xinda (Beijing) Technology Co., Ltd.
-  RichPEHeaderHash:
-    MD5: f72e2aff64758e755d064be58687c63a
-    SHA1: 5915e4960e60aebeaae7f44ce29f2ff94c2efbad
-    SHA256: e50f132eab52ef68882eb3887d20d6f5ba041849df869c16ad86faa982c92668
-  SHA1: d417c0be261b0c6f44afdec3d5432100e420c3ed
-  SHA256: b0eb4d999e4e0e7c2e33ff081e847c87b49940eb24a9e0794c6aa9516832c427
-  Sections:
-    .text:
-      Entropy: 6.456249805094755
-      Virtual Size: '0x19ce'
-    .rdata:
-      Entropy: 4.280603944787833
-      Virtual Size: '0x29c'
-    .data:
-      Entropy: 7.998560628737929
-      Virtual Size: '0x333d0'
-    .pdata:
-      Entropy: 3.7745259370743525
-      Virtual Size: '0xb4'
-    INIT:
-      Entropy: 5.849769223480602
-      Virtual Size: '0x660'
-    .rsrc:
-      Entropy: 3.36967354515268
-      Virtual Size: '0x3b0'
-    .reloc:
-      Entropy: 1.2385061127340509
-      Virtual Size: '0xb4'
-  Signature: A required certificate is not within its validity period when verifying
-    against the current system clock or the timestamp in the signed file.
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=CN, ST=Beijing, L=Beijing, O=Anhua Xinda (Beijing) Technology Co.,
-        Ltd., OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=Anhua Xinda
-        (Beijing) Technology Co., Ltd.
-      ValidFrom: '2011-06-28 00:00:00'
-      ValidTo: '2014-06-27 23:59:59'
-      Signature: 75446640570a5790bb9af0f472df1738c47e362aedd568599f66a121e1c27b51008ca2e0d72ed727e61ee0c76a578dc56de22c5ee58136db144fc68aca0fd0196d70716bd8c9d19b5fdd8a147d749367a953604b24502efdd039577033df13b8d20a8cc7ca4829a303c11e7f6bf3c370d98b64b875ca3745546285bb70c204467968b1c4a416b0636c590dff6f7a3091ed00351c626e32e859bdd58d363940a5ed33d121e423d2ba1b8ad85c5c1296e23d627e0aafe9268945bce9567c38719621eecdde83a74139fb3e0920a32e558fd64c0149cfec10f4b82fdcc8cdaed4011977c2169035b71edc68fabaf43d59f989ee5d97ec94eaa05ef2a62bfc480fa9
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 387c9476e28320264594846317d46540
-      Version: 3
-      TBS:
-        MD5: ce372214eabe9d311e4a156fe2044327
-        SHA1: 7f7eb1a547c9b0b2e41b0f44515dfd20c16edceb
-        SHA256: 03d59cc81c6960a93ab4b02e5521aa9fb349e8d7df9dfdf675201e48c23b5a34
-        SHA384: 4b8829bc6980e82affeb7ad29efb59fc3ca9b02d015e6c0f385b9f2cf275609cd45936659f41fce579c073e34c2ca308
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 387c9476e28320264594846317d46540
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 70e1caa5a322b56fd7951f1b2caacb0d
-  LoadsDespiteHVCI: 'TRUE'
 MitreID: T1068
+Category: malicious
+Commands:
+    Command: sc.exe create ndislan.sys binPath=C:\windows\temp \n \n \n  dislan.sys
+        type=kernel && sc.exe start ndislan.sys
+    Description: Driver used in the Daxin malware campaign.
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://gist.github.com/MHaggis/9ab3bb795a6018d70fb11fa7c31f8f48
 - https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/daxin-backdoor-espionage
 - ''
-Tags:
-- ndislan.sys
-Verified: 'TRUE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/b0eb4d999e4e0e7c2e33ff081e847c87b49940eb24a9e0794c6aa9516832c427.yara
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_mal_drivers_strict.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 8bddebd3670d9f154318afd62195a2b8
+        SHA1: 7f57424f2ce7186e3a1951f3710f28d7ce9c8a96
+        SHA256: 9345c3af554c06aa949492f1642a7a03404956d2952cca8a68658b62dccb0825
+    Company: Microsoft Corporation
+    Copyright: "\xA9 Microsoft Corporation. All rights reserved."
+    CreationTimestamp: '2012-10-12 10:49:03'
+    Date: ''
+    Description: MS LAN Driver
+    ExportedFunctions: ''
+    FileVersion: 6.1.7600.1421
+    Filename: ndislan.sys
+    ImportedFunctions:
+    - MmUnmapLockedPages
+    - RtlInitUnicodeString
+    - RtlUnicodeStringToAnsiString
+    - IoFreeMdl
+    - strncpy
+    - MmMapLockedPagesSpecifyCache
+    - ZwQueryValueKey
+    - ZwFreeVirtualMemory
+    - IofCompleteRequest
+    - RtlFreeAnsiString
+    - MmProbeAndLockPages
+    - MmUnlockPages
+    - strrchr
+    - IoAllocateMdl
+    - ZwAllocateVirtualMemory
+    - ZwOpenKey
+    - RtlAnsiStringToUnicodeString
+    - _stricmp
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - NtQuerySystemInformation
+    - MmGetSystemRoutineAddress
+    - RtlImageDirectoryEntryToData
+    - ObMakeTemporaryObject
+    - RtlInitAnsiString
+    - RtlFreeUnicodeString
+    - IoDriverObjectType
+    - ObfDereferenceObject
+    - IoCreateDriver
+    - ObReferenceObjectByName
+    - __C_specific_handler
+    Imports:
+    - ntoskrnl.exe
+    InternalName: ndislan.sys
+    MD5: 47e6ac52431ca47da17248d80bf71389
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ndislan.sys
+    Product: "Microsoft\xAE Windows\xAE Operating System"
+    ProductVersion: 6.1.7600.1421
+    Publisher: Anhua Xinda (Beijing) Technology Co., Ltd.
+    RichPEHeaderHash:
+        MD5: f72e2aff64758e755d064be58687c63a
+        SHA1: 5915e4960e60aebeaae7f44ce29f2ff94c2efbad
+        SHA256: e50f132eab52ef68882eb3887d20d6f5ba041849df869c16ad86faa982c92668
+    SHA1: d417c0be261b0c6f44afdec3d5432100e420c3ed
+    SHA256: b0eb4d999e4e0e7c2e33ff081e847c87b49940eb24a9e0794c6aa9516832c427
+    Sections:
+        .text:
+            Entropy: 6.456249805094755
+            Virtual Size: '0x19ce'
+        .rdata:
+            Entropy: 4.280603944787833
+            Virtual Size: '0x29c'
+        .data:
+            Entropy: 7.998560628737929
+            Virtual Size: '0x333d0'
+        .pdata:
+            Entropy: 3.7745259370743525
+            Virtual Size: '0xb4'
+        INIT:
+            Entropy: 5.849769223480602
+            Virtual Size: '0x660'
+        .rsrc:
+            Entropy: 3.36967354515268
+            Virtual Size: '0x3b0'
+        .reloc:
+            Entropy: 1.2385061127340509
+            Virtual Size: '0xb4'
+    Signature: A required certificate is not within its validity period when verifying
+        against the current system clock or the timestamp in the signed file.
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=CN, ST=Beijing, L=Beijing, O=Anhua Xinda (Beijing) Technology
+                Co., Ltd., OU=Digital ID Class 3 , Microsoft Software Validation v2,
+                CN=Anhua Xinda (Beijing) Technology Co., Ltd.
+            ValidFrom: '2011-06-28 00:00:00'
+            ValidTo: '2014-06-27 23:59:59'
+            Signature: 75446640570a5790bb9af0f472df1738c47e362aedd568599f66a121e1c27b51008ca2e0d72ed727e61ee0c76a578dc56de22c5ee58136db144fc68aca0fd0196d70716bd8c9d19b5fdd8a147d749367a953604b24502efdd039577033df13b8d20a8cc7ca4829a303c11e7f6bf3c370d98b64b875ca3745546285bb70c204467968b1c4a416b0636c590dff6f7a3091ed00351c626e32e859bdd58d363940a5ed33d121e423d2ba1b8ad85c5c1296e23d627e0aafe9268945bce9567c38719621eecdde83a74139fb3e0920a32e558fd64c0149cfec10f4b82fdcc8cdaed4011977c2169035b71edc68fabaf43d59f989ee5d97ec94eaa05ef2a62bfc480fa9
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 387c9476e28320264594846317d46540
+            Version: 3
+            TBS:
+                MD5: ce372214eabe9d311e4a156fe2044327
+                SHA1: 7f7eb1a547c9b0b2e41b0f44515dfd20c16edceb
+                SHA256: 03d59cc81c6960a93ab4b02e5521aa9fb349e8d7df9dfdf675201e48c23b5a34
+                SHA384: 4b8829bc6980e82affeb7ad29efb59fc3ca9b02d015e6c0f385b9f2cf275609cd45936659f41fce579c073e34c2ca308
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 387c9476e28320264594846317d46540
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 70e1caa5a322b56fd7951f1b2caacb0d
+    LoadsDespiteHVCI: 'TRUE'
diff --git a/yaml/ca415ed5-b611-4840-bfb2-6e1eacac33d1.yaml b/yaml/ca415ed5-b611-4840-bfb2-6e1eacac33d1.yaml
index 3189b4a95..7555d5879 100644
--- a/yaml/ca415ed5-b611-4840-bfb2-6e1eacac33d1.yaml
+++ b/yaml/ca415ed5-b611-4840-bfb2-6e1eacac33d1.yaml
@@ -1,193 +1,193 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: ca415ed5-b611-4840-bfb2-6e1eacac33d1
+Tags:
+- Monitor_win10_x64.sys
+Verified: 'TRUE'
 Author: Michael Haag
+Created: '2023-01-09'
+MitreID: T1068
 CVE:
 - CVE-2018-16712
 Category: vulnerable driver
 Commands:
-  Command: sc.exe create Monitor_win10_x64.sys binPath=C:\windows\temp\Monitor_win10_x64.sys     type=kernel
-    && sc.exe start Monitor_win10_x64.sys
-  Description: CVE-2018-16712
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
-Created: '2023-01-09'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/e4a7da2cf59a4a21fc42b611df1d59cae75051925a7ddf42bf216cc1a026eadb.yara
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: ca415ed5-b611-4840-bfb2-6e1eacac33d1
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 68e5bf10aeb81b2ec77280aec1c2dc22
-    SHA1: c42802424a1e61cc089ba1f071734b390232aec3
-    SHA256: 2dec76da0b361e4ed49a4015e67cefb0e6b812103d8ebf93b74016d99d9fcfad
-  Company: IObit
-  Copyright: "\xA9 IObit. All rights reserved."
-  CreationTimestamp: '2018-07-03 20:20:33'
-  Date: ''
-  Description: IObit Temperature Monitor
-  ExportedFunctions: ''
-  FileVersion: 1.2.0.11
-  Filename: Monitor_win10_x64.sys
-  ImportedFunctions:
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - IoDeleteDevice
-  - IoCreateDevice
-  - KeBugCheckEx
-  - RtlInitUnicodeString
-  - IoCreateSymbolicLink
-  - IoDeleteSymbolicLink
-  - __C_specific_handler
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: Monitor.sys
-  MD5: 988dabdcf990b134b0ac1e00512c30c4
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: Monitor.sys
-  Product: Advanced SystemCare
-  ProductVersion: 12.0.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 41ddd08b440611823bc5d8cb732c563d
-    SHA1: 8acdfc9ac988c6250e2a031640f6e169b5fddb73
-    SHA256: 189683b4db2e68d2f0b3f91f1141907b3887f23991867a68a22389d40ad3634e
-  SHA1: ef80da613442047697bec35ea228cde477c09a3d
-  SHA256: e4a7da2cf59a4a21fc42b611df1d59cae75051925a7ddf42bf216cc1a026eadb
-  Sections:
-    .text:
-      Entropy: 5.95023414975741
-      Virtual Size: '0x6e2'
-    .rdata:
-      Entropy: 4.184043693662125
-      Virtual Size: '0x188'
-    .data:
-      Entropy: 0.5096713223407059
-      Virtual Size: '0x114'
-    .pdata:
-      Entropy: 3.2826397607342592
-      Virtual Size: '0x6c'
-    INIT:
-      Entropy: 5.046663153942613
-      Virtual Size: '0x242'
-    .rsrc:
-      Entropy: 3.2374748801563418
-      Virtual Size: '0x388'
-  Signature:
-  - IObit Information Technology
-  - Symantec Class 3 SHA256 Code Signing CA
-  - VeriSign
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=CN, ST=Sichuan, L=Chengdu, O=IObit Information Technology, CN=IObit
-        Information Technology
-      ValidFrom: '2018-01-16 00:00:00'
-      ValidTo: '2021-03-30 23:59:59'
-      Signature: 2399cd4e647d91c7104b30472ba9c4be48e93b5c0e461daad843ecc81cde308513d1b6bc20ad75ae3ad9882a649b4409440700153f47b8df154d468b5716d8bf06d28dc92d96a2a43cdf5784eed93ff5ed05fbdb4d869a458c2e6bf732f549210ddae9806124e0a1b14371b778a8227b98ae06f3d2d99150ed9a066fa5e424d4a5688306dddad4b81785bbe97c8d61556f962d1f50178da4a1071ae3846770f7ac735d2907230d65e2c65407294c713c9e5f9cbf9235ac2224a0c623ebde5f46e957251594e25101404ae961c171a3aa82d36098e219d1d49b767cb801ff7f3ab00a4d73c00f784ef7328a65748a38690a777041d61042ce0d91f1e4ed550cf6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 5cd0502920c27eeaec2a184d0452e53a
-      Version: 3
-      TBS:
-        MD5: 7d52b09bcbaa1cc1c150237fdb1a6fb3
-        SHA1: 29ae1e91290141ab61b98697cbf53b6f1d997d3b
-        SHA256: 089b4b489e92d13b3c24467f79a20d52f4d8ee8f371f94a9a7c5a00a657bc91d
-        SHA384: 2f6ebc88cccdb55d2f83009b854f5c8bfb5ee925f4e99dd7ac8e5fb2054cef29099387433090dbd0ddd0bb3dc0ebb170
-    - Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 SHA256 Code Signing CA
-      ValidFrom: '2013-12-10 00:00:00'
-      ValidTo: '2023-12-09 23:59:59'
-      Signature: 13851a1e69a937f7a0bda4af7e1d6153fe9d8c5e0ca6751e781723ddfdec1a035539fb7195c7655aa78e30d2445a61db706fda2105c22e73ba49f1d193fe5dc9cd5e03e0899e3f741ed7f7388ba9d6cfbb352f3358a89256d1c84d3b82e6798416fc28b0b147f31da23eee87d9a67fa456a53fad842e29de7cbca8aaa33d0401eaba93a20e502229174c87e43a115fd6a425899b056b2fb4c9014c277b0bac190522a060153fdac9fb4d4c8ffb726777fd2794c7ba350e8849fe8dfd28af4a12bd0db39705de440c15fa362b03dcc15001f1a1115d14e5e2bd274b54be2b845e0fa6c374050aef97c38922b11f77f3bdcd43d4f14ca93fb58b84af64f2d01421
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 3d78d7f9764960b2617df4f01eca862a
-      Version: 3
-      TBS:
-        MD5: 1f056ff7d5f874984dc605402b7cb042
-        SHA1: bdb348353a2203deb4b767914fa1bd7248dd728b
-        SHA256: a08e79c386083d875014c409c13d144e0a24386132980df11ff59737c8489eb1
-        SHA384: fa2729064b49e0d77540c1ee95d5f74acaf8eaf55197851a3a40383335f8113e51190bc48b552196edf8ac5cf0c89278
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    Signer:
-    - SerialNumber: 5cd0502920c27eeaec2a184d0452e53a
-      Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 SHA256 Code Signing CA
-      Version: 1
-  Imphash: d6f977640d4810a784d152e4d3c63a6b
-  LoadsDespiteHVCI: 'FALSE'
-MitreID: T1068
+    Command: sc.exe create Monitor_win10_x64.sys binPath=C:\windows\temp\Monitor_win10_x64.sys     type=kernel
+        && sc.exe start Monitor_win10_x64.sys
+    Description: CVE-2018-16712
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://www.unknowncheats.me/forum/anti-cheat-bypass/334557-vulnerable-driver-megathread.html
 - https://www.unknowncheats.me/forum/anti-cheat-bypass/244386-mta-fairplaykd-driver-reversed-exploited-rpm.html
 - https://github.com/elastic/protections-artifacts/search?q=VulnDriver
-Tags:
-- Monitor_win10_x64.sys
-Verified: 'TRUE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/e4a7da2cf59a4a21fc42b611df1d59cae75051925a7ddf42bf216cc1a026eadb.yara
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 68e5bf10aeb81b2ec77280aec1c2dc22
+        SHA1: c42802424a1e61cc089ba1f071734b390232aec3
+        SHA256: 2dec76da0b361e4ed49a4015e67cefb0e6b812103d8ebf93b74016d99d9fcfad
+    Company: IObit
+    Copyright: "\xA9 IObit. All rights reserved."
+    CreationTimestamp: '2018-07-03 20:20:33'
+    Date: ''
+    Description: IObit Temperature Monitor
+    ExportedFunctions: ''
+    FileVersion: 1.2.0.11
+    Filename: Monitor_win10_x64.sys
+    ImportedFunctions:
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - IoDeleteDevice
+    - IoCreateDevice
+    - KeBugCheckEx
+    - RtlInitUnicodeString
+    - IoCreateSymbolicLink
+    - IoDeleteSymbolicLink
+    - __C_specific_handler
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: Monitor.sys
+    MD5: 988dabdcf990b134b0ac1e00512c30c4
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: Monitor.sys
+    Product: Advanced SystemCare
+    ProductVersion: 12.0.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 41ddd08b440611823bc5d8cb732c563d
+        SHA1: 8acdfc9ac988c6250e2a031640f6e169b5fddb73
+        SHA256: 189683b4db2e68d2f0b3f91f1141907b3887f23991867a68a22389d40ad3634e
+    SHA1: ef80da613442047697bec35ea228cde477c09a3d
+    SHA256: e4a7da2cf59a4a21fc42b611df1d59cae75051925a7ddf42bf216cc1a026eadb
+    Sections:
+        .text:
+            Entropy: 5.95023414975741
+            Virtual Size: '0x6e2'
+        .rdata:
+            Entropy: 4.184043693662125
+            Virtual Size: '0x188'
+        .data:
+            Entropy: 0.5096713223407059
+            Virtual Size: '0x114'
+        .pdata:
+            Entropy: 3.2826397607342592
+            Virtual Size: '0x6c'
+        INIT:
+            Entropy: 5.046663153942613
+            Virtual Size: '0x242'
+        .rsrc:
+            Entropy: 3.2374748801563418
+            Virtual Size: '0x388'
+    Signature:
+    - IObit Information Technology
+    - Symantec Class 3 SHA256 Code Signing CA
+    - VeriSign
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=CN, ST=Sichuan, L=Chengdu, O=IObit Information Technology,
+                CN=IObit Information Technology
+            ValidFrom: '2018-01-16 00:00:00'
+            ValidTo: '2021-03-30 23:59:59'
+            Signature: 2399cd4e647d91c7104b30472ba9c4be48e93b5c0e461daad843ecc81cde308513d1b6bc20ad75ae3ad9882a649b4409440700153f47b8df154d468b5716d8bf06d28dc92d96a2a43cdf5784eed93ff5ed05fbdb4d869a458c2e6bf732f549210ddae9806124e0a1b14371b778a8227b98ae06f3d2d99150ed9a066fa5e424d4a5688306dddad4b81785bbe97c8d61556f962d1f50178da4a1071ae3846770f7ac735d2907230d65e2c65407294c713c9e5f9cbf9235ac2224a0c623ebde5f46e957251594e25101404ae961c171a3aa82d36098e219d1d49b767cb801ff7f3ab00a4d73c00f784ef7328a65748a38690a777041d61042ce0d91f1e4ed550cf6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 5cd0502920c27eeaec2a184d0452e53a
+            Version: 3
+            TBS:
+                MD5: 7d52b09bcbaa1cc1c150237fdb1a6fb3
+                SHA1: 29ae1e91290141ab61b98697cbf53b6f1d997d3b
+                SHA256: 089b4b489e92d13b3c24467f79a20d52f4d8ee8f371f94a9a7c5a00a657bc91d
+                SHA384: 2f6ebc88cccdb55d2f83009b854f5c8bfb5ee925f4e99dd7ac8e5fb2054cef29099387433090dbd0ddd0bb3dc0ebb170
+        -   Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 SHA256 Code Signing CA
+            ValidFrom: '2013-12-10 00:00:00'
+            ValidTo: '2023-12-09 23:59:59'
+            Signature: 13851a1e69a937f7a0bda4af7e1d6153fe9d8c5e0ca6751e781723ddfdec1a035539fb7195c7655aa78e30d2445a61db706fda2105c22e73ba49f1d193fe5dc9cd5e03e0899e3f741ed7f7388ba9d6cfbb352f3358a89256d1c84d3b82e6798416fc28b0b147f31da23eee87d9a67fa456a53fad842e29de7cbca8aaa33d0401eaba93a20e502229174c87e43a115fd6a425899b056b2fb4c9014c277b0bac190522a060153fdac9fb4d4c8ffb726777fd2794c7ba350e8849fe8dfd28af4a12bd0db39705de440c15fa362b03dcc15001f1a1115d14e5e2bd274b54be2b845e0fa6c374050aef97c38922b11f77f3bdcd43d4f14ca93fb58b84af64f2d01421
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 3d78d7f9764960b2617df4f01eca862a
+            Version: 3
+            TBS:
+                MD5: 1f056ff7d5f874984dc605402b7cb042
+                SHA1: bdb348353a2203deb4b767914fa1bd7248dd728b
+                SHA256: a08e79c386083d875014c409c13d144e0a24386132980df11ff59737c8489eb1
+                SHA384: fa2729064b49e0d77540c1ee95d5f74acaf8eaf55197851a3a40383335f8113e51190bc48b552196edf8ac5cf0c89278
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        Signer:
+        -   SerialNumber: 5cd0502920c27eeaec2a184d0452e53a
+            Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 SHA256 Code Signing CA
+            Version: 1
+    Imphash: d6f977640d4810a784d152e4d3c63a6b
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/ca768fc5-9b5c-4ced-90ab-fd6be9a70199.yaml b/yaml/ca768fc5-9b5c-4ced-90ab-fd6be9a70199.yaml
index 07ac5f390..829085c62 100644
--- a/yaml/ca768fc5-9b5c-4ced-90ab-fd6be9a70199.yaml
+++ b/yaml/ca768fc5-9b5c-4ced-90ab-fd6be9a70199.yaml
@@ -1,303 +1,305 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: ca768fc5-9b5c-4ced-90ab-fd6be9a70199
+Tags:
+- amp.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create amp.sys binPath=C:\windows\temp\amp.sys type=kernel && sc.exe
-    start amp.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/cbb8239a765bf5b2c1b6a5c8832d2cab8fef5deacadfb65d8ed43ef56d291ab6.yara
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: ca768fc5-9b5c-4ced-90ab-fd6be9a70199
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 74ee74d20c3afc42d7722a88aacf3671
-    SHA1: 87a84133f5e4c12d2d4a42fcc3be84b43a6202b5
-    SHA256: a37371c4e62f106e7da03fd5bdd6f12ecdf7fcaf1195dbf9fb7ef6eb456a7506
-  Company: CYREN Inc.
-  Copyright: "Copyright \xA9 1999 - 2014. CYREN Inc. All rights reserved."
-  CreationTimestamp: '2014-03-25 13:59:30'
-  Date: ''
-  Description: AMP Minifilter
-  ExportedFunctions: ''
-  FileVersion: 5.4.11.1
-  Filename: amp.sys
-  ImportedFunctions:
-  - ObfDereferenceObject
-  - ObQueryNameString
-  - RtlIntegerToUnicodeString
-  - IoGetCurrentProcess
-  - _strnicmp
-  - MmIsAddressValid
-  - _strupr
-  - MmGetSystemRoutineAddress
-  - PsGetVersion
-  - ExInitializeResourceLite
-  - ExDeleteResourceLite
-  - KeEnterCriticalRegion
-  - ExAcquireResourceSharedLite
-  - ExReleaseResourceForThreadLite
-  - KeLeaveCriticalRegion
-  - ExAcquireResourceExclusiveLite
-  - wcschr
-  - wcsrchr
-  - ZwQueryInformationFile
-  - ZwSetInformationFile
-  - ZwReadFile
-  - ZwWriteFile
-  - ExUuidCreate
-  - ObReferenceObjectByHandle
-  - _wcsupr
-  - wcsncmp
-  - IoGetTopLevelIrp
-  - IoSetTopLevelIrp
-  - IoGetStackLimits
-  - ObfReferenceObject
-  - ZwOpenDirectoryObject
-  - ZwOpenSymbolicLinkObject
-  - ZwQuerySymbolicLinkObject
-  - RtlFreeUnicodeString
-  - KeSetEvent
-  - RtlTimeToTimeFields
-  - swprintf
-  - _wcsicmp
-  - ExSystemTimeToLocalTime
-  - KeWaitForMultipleObjects
-  - KeResetEvent
-  - PsTerminateSystemThread
-  - PsGetCurrentProcessId
-  - wcsncpy
-  - PsCreateSystemThread
-  - PsGetCurrentThreadId
-  - ZwOpenProcess
-  - ZwQueryInformationProcess
-  - IoAllocateErrorLogEntry
-  - IoWriteErrorLogEntry
-  - IoAllocateWorkItem
-  - IoQueueWorkItem
-  - IoFreeWorkItem
-  - ExReleaseResourceLite
-  - ZwCreateKey
-  - ZwSetValueKey
-  - ZwQueryValueKey
-  - RtlInitAnsiString
-  - RtlAnsiStringToUnicodeString
-  - RtlUnicodeStringToAnsiString
-  - RtlCopyUnicodeString
-  - IoGetDeviceObjectPointer
-  - IoBuildDeviceIoControlRequest
-  - KeWaitForSingleObject
-  - IofCallDriver
-  - KeInitializeEvent
-  - RtlCompareString
-  - RtlInitString
-  - ExAllocatePoolWithTag
-  - KeDelayExecutionThread
-  - IofCompleteRequest
-  - IoIs32bitProcess
-  - ZwLoadDriver
-  - ZwUnloadDriver
-  - RtlInitUnicodeString
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ZwClose
-  - ExAllocatePool
-  - ZwCreateFile
-  - ExFreePool
-  - RtlUnicodeStringToInteger
-  - strncmp
-  - _wcsnicmp
-  - strchr
-  - KeReleaseSpinLock
-  - KeAcquireSpinLockRaiseToDpc
-  - ExInitializeNPagedLookasideList
-  - ExpInterlockedPushEntrySList
-  - ExpInterlockedPopEntrySList
-  - ExDeletePagedLookasideList
-  - ExQueryDepthSList
-  - ExInitializePagedLookasideList
-  - ExDeleteNPagedLookasideList
-  - __C_specific_handler
-  - _local_unwind
-  - FltGetVolumeFromInstance
-  - FltSetCallbackDataDirty
-  - FltGetFileNameInformation
-  - FltReleaseFileNameInformation
-  - FltGetVolumeProperties
-  - FltStartFiltering
-  - FltRegisterFilter
-  - FltGetRoutineAddress
-  - FltGetDiskDeviceObject
-  - FltUnregisterFilter
-  - FltGetTunneledName
-  - FltGetDestinationFileNameInformation
-  - FltGetStreamHandleContext
-  - FltSetStreamHandleContext
-  - FltCancelFileOpen
-  - FltCreateFile
-  - FltObjectReference
-  - FltReleaseContext
-  - FltSetInstanceContext
-  - FltAllocateContext
-  - FltGetInstanceContext
-  - FltEnumerateInstances
-  - FltGetVolumeFromName
-  - FltObjectDereference
-  - FltGetFileNameInformationUnsafe
-  - FltQueryInformationFile
-  - FltClose
-  - FltFlushBuffers
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  InternalName: AMP
-  MD5: c533d6d64b474ffc3169a0e0fc0a701a
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: amp.sys
-  Product: CYREN AMP 5
-  ProductVersion: 5.4.11.1
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 593d089f4c58f69bf9a55187183311c5
-    SHA1: 44ca4aa0f7d23e93513678acc2cd2adc598e8ffb
-    SHA256: 760adc6081dcffb04db56b93951995c42ff320cccf993fc11bca93786a57ad41
-  SHA1: 3f223581409492172a1e875f130f3485b90fbe5f
-  SHA256: cbb8239a765bf5b2c1b6a5c8832d2cab8fef5deacadfb65d8ed43ef56d291ab6
-  Sections:
-    .text:
-      Entropy: 5.795894479251706
-      Virtual Size: '0x1f960'
-    .rdata:
-      Entropy: 4.518923904752782
-      Virtual Size: '0x4f90'
-    .data:
-      Entropy: 2.409200954086959
-      Virtual Size: '0x2b40'
-    .pdata:
-      Entropy: 5.291198709809552
-      Virtual Size: '0x19c8'
-    INIT:
-      Entropy: 5.073572228970491
-      Virtual Size: '0xf3a'
-    .rsrc:
-      Entropy: 3.534591232946144
-      Virtual Size: '0x4b8'
-    .reloc:
-      Entropy: 2.7884103232343667
-      Virtual Size: '0x2b6'
-  Signature: []
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-09-30 00:00:00'
-      ValidTo: '2014-01-01 23:59:59'
-      Signature: aedd211d5f8f807ad25209eadb6ed25d8be8c21b6904be51a5010e59fa37d174a3eedced89742b62d5a6bf4fad361754f013e0a345d24c26cbe26da21fd01e7a070fb6b37b6f5068a2e931b3b7997d8070a0a7de0b1ea4fff34d811bdd20c91cc4afcff18ffad9da95f0ecdc5cbfe88c5a3e7ab0a3eb59437411e09b1a6af36f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4d6290e58c54f0f1eb17341a1310e6a4
-      Version: 3
-      TBS:
-        MD5: b7d8444a70054990435f35a5630df5e1
-        SHA1: 4678c6e4a8787a8e6ed2bce8792b122f6c08afd8
-        SHA256: 0a8b4b359ea7890b358e56e436e9cfc6f32b037b2599b597ca7f7a80d475ec98
-        SHA384: ab21ee23bcdcf6f6066fb964d61467419ca8c0f3ad0b3fa2be4db6ed6af1cdff066b27d1988551c75836f22eddffef1f
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=US, ST=Virginia, L=McLean, O=Commtouch, Inc., OU=Digital ID Class
-        3 , Microsoft Software Validation v2, OU=R&D, CN=Commtouch, Inc.
-      ValidFrom: '2013-11-19 00:00:00'
-      ValidTo: '2017-01-16 23:59:59'
-      Signature: 58cd58fb0b58e291fe4896a360334f4ad8fdf84720dc356ce98f8f3e45dc0447c7223f75d55c2444202d455e7d282da1d189794fd4e2f499c7c55d98f0aecb3d0ef9b6dd1dff2f125e9d39ce95fb542c8f02d275176fc6da9a493427d018083d5852c13bf8b2908041af46b113f403bb93d6006ea0a0ff2ae7d648ed4280ed1cb4999203fc94832725928af6cb715395bd69bb6ce888efb9a658a15cf88b68de26957f49bb3cdbdb8f6d88cc91ac2c14f0500815e41f977b9cf55a173961bc8c02343b76a91a8e9dd3224329a3bb70d694ca497460aa6360d1f156f5d9fad8d54e846f171c1b5a30b713ba17296ffc75fdbc4b7f13efe4cdabae8769ce0e5609
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 560e308d590a10d941619020e45e2c2b
-      Version: 3
-      TBS:
-        MD5: 1c70d34387d8008dfcb38b42d3ed1d80
-        SHA1: 6128f04efd947c44e0e9034b1bbe07f37ae95f25
-        SHA256: 2cb1aa769c3e20eb26e5fa0af9df27311608c0a59515fef0f0e1ef05410b2d05
-        SHA384: b81d9e3728205cda6d19fde8388a35856915252624618a0e235014f81c3efa3de9317885a9236616a9d776f8b1a63da3
-    Signer:
-    - SerialNumber: 560e308d590a10d941619020e45e2c2b
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: d8752c1d5954bea175ac00df5acebb09
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create amp.sys binPath=C:\windows\temp\amp.sys type=kernel &&
+        sc.exe start amp.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://gist.github.com/k4nfr3/af970e7facb09195e56f2112e1c9549c
-Tags:
-- amp.sys
-Verified: 'TRUE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/cbb8239a765bf5b2c1b6a5c8832d2cab8fef5deacadfb65d8ed43ef56d291ab6.yara
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 74ee74d20c3afc42d7722a88aacf3671
+        SHA1: 87a84133f5e4c12d2d4a42fcc3be84b43a6202b5
+        SHA256: a37371c4e62f106e7da03fd5bdd6f12ecdf7fcaf1195dbf9fb7ef6eb456a7506
+    Company: CYREN Inc.
+    Copyright: "Copyright \xA9 1999 - 2014. CYREN Inc. All rights reserved."
+    CreationTimestamp: '2014-03-25 13:59:30'
+    Date: ''
+    Description: AMP Minifilter
+    ExportedFunctions: ''
+    FileVersion: 5.4.11.1
+    Filename: amp.sys
+    ImportedFunctions:
+    - ObfDereferenceObject
+    - ObQueryNameString
+    - RtlIntegerToUnicodeString
+    - IoGetCurrentProcess
+    - _strnicmp
+    - MmIsAddressValid
+    - _strupr
+    - MmGetSystemRoutineAddress
+    - PsGetVersion
+    - ExInitializeResourceLite
+    - ExDeleteResourceLite
+    - KeEnterCriticalRegion
+    - ExAcquireResourceSharedLite
+    - ExReleaseResourceForThreadLite
+    - KeLeaveCriticalRegion
+    - ExAcquireResourceExclusiveLite
+    - wcschr
+    - wcsrchr
+    - ZwQueryInformationFile
+    - ZwSetInformationFile
+    - ZwReadFile
+    - ZwWriteFile
+    - ExUuidCreate
+    - ObReferenceObjectByHandle
+    - _wcsupr
+    - wcsncmp
+    - IoGetTopLevelIrp
+    - IoSetTopLevelIrp
+    - IoGetStackLimits
+    - ObfReferenceObject
+    - ZwOpenDirectoryObject
+    - ZwOpenSymbolicLinkObject
+    - ZwQuerySymbolicLinkObject
+    - RtlFreeUnicodeString
+    - KeSetEvent
+    - RtlTimeToTimeFields
+    - swprintf
+    - _wcsicmp
+    - ExSystemTimeToLocalTime
+    - KeWaitForMultipleObjects
+    - KeResetEvent
+    - PsTerminateSystemThread
+    - PsGetCurrentProcessId
+    - wcsncpy
+    - PsCreateSystemThread
+    - PsGetCurrentThreadId
+    - ZwOpenProcess
+    - ZwQueryInformationProcess
+    - IoAllocateErrorLogEntry
+    - IoWriteErrorLogEntry
+    - IoAllocateWorkItem
+    - IoQueueWorkItem
+    - IoFreeWorkItem
+    - ExReleaseResourceLite
+    - ZwCreateKey
+    - ZwSetValueKey
+    - ZwQueryValueKey
+    - RtlInitAnsiString
+    - RtlAnsiStringToUnicodeString
+    - RtlUnicodeStringToAnsiString
+    - RtlCopyUnicodeString
+    - IoGetDeviceObjectPointer
+    - IoBuildDeviceIoControlRequest
+    - KeWaitForSingleObject
+    - IofCallDriver
+    - KeInitializeEvent
+    - RtlCompareString
+    - RtlInitString
+    - ExAllocatePoolWithTag
+    - KeDelayExecutionThread
+    - IofCompleteRequest
+    - IoIs32bitProcess
+    - ZwLoadDriver
+    - ZwUnloadDriver
+    - RtlInitUnicodeString
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - ZwClose
+    - ExAllocatePool
+    - ZwCreateFile
+    - ExFreePool
+    - RtlUnicodeStringToInteger
+    - strncmp
+    - _wcsnicmp
+    - strchr
+    - KeReleaseSpinLock
+    - KeAcquireSpinLockRaiseToDpc
+    - ExInitializeNPagedLookasideList
+    - ExpInterlockedPushEntrySList
+    - ExpInterlockedPopEntrySList
+    - ExDeletePagedLookasideList
+    - ExQueryDepthSList
+    - ExInitializePagedLookasideList
+    - ExDeleteNPagedLookasideList
+    - __C_specific_handler
+    - _local_unwind
+    - FltGetVolumeFromInstance
+    - FltSetCallbackDataDirty
+    - FltGetFileNameInformation
+    - FltReleaseFileNameInformation
+    - FltGetVolumeProperties
+    - FltStartFiltering
+    - FltRegisterFilter
+    - FltGetRoutineAddress
+    - FltGetDiskDeviceObject
+    - FltUnregisterFilter
+    - FltGetTunneledName
+    - FltGetDestinationFileNameInformation
+    - FltGetStreamHandleContext
+    - FltSetStreamHandleContext
+    - FltCancelFileOpen
+    - FltCreateFile
+    - FltObjectReference
+    - FltReleaseContext
+    - FltSetInstanceContext
+    - FltAllocateContext
+    - FltGetInstanceContext
+    - FltEnumerateInstances
+    - FltGetVolumeFromName
+    - FltObjectDereference
+    - FltGetFileNameInformationUnsafe
+    - FltQueryInformationFile
+    - FltClose
+    - FltFlushBuffers
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    InternalName: AMP
+    MD5: c533d6d64b474ffc3169a0e0fc0a701a
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: amp.sys
+    Product: CYREN AMP 5
+    ProductVersion: 5.4.11.1
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 593d089f4c58f69bf9a55187183311c5
+        SHA1: 44ca4aa0f7d23e93513678acc2cd2adc598e8ffb
+        SHA256: 760adc6081dcffb04db56b93951995c42ff320cccf993fc11bca93786a57ad41
+    SHA1: 3f223581409492172a1e875f130f3485b90fbe5f
+    SHA256: cbb8239a765bf5b2c1b6a5c8832d2cab8fef5deacadfb65d8ed43ef56d291ab6
+    Sections:
+        .text:
+            Entropy: 5.795894479251706
+            Virtual Size: '0x1f960'
+        .rdata:
+            Entropy: 4.518923904752782
+            Virtual Size: '0x4f90'
+        .data:
+            Entropy: 2.409200954086959
+            Virtual Size: '0x2b40'
+        .pdata:
+            Entropy: 5.291198709809552
+            Virtual Size: '0x19c8'
+        INIT:
+            Entropy: 5.073572228970491
+            Virtual Size: '0xf3a'
+        .rsrc:
+            Entropy: 3.534591232946144
+            Virtual Size: '0x4b8'
+        .reloc:
+            Entropy: 2.7884103232343667
+            Virtual Size: '0x2b6'
+    Signature: []
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-09-30 00:00:00'
+            ValidTo: '2014-01-01 23:59:59'
+            Signature: aedd211d5f8f807ad25209eadb6ed25d8be8c21b6904be51a5010e59fa37d174a3eedced89742b62d5a6bf4fad361754f013e0a345d24c26cbe26da21fd01e7a070fb6b37b6f5068a2e931b3b7997d8070a0a7de0b1ea4fff34d811bdd20c91cc4afcff18ffad9da95f0ecdc5cbfe88c5a3e7ab0a3eb59437411e09b1a6af36f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4d6290e58c54f0f1eb17341a1310e6a4
+            Version: 3
+            TBS:
+                MD5: b7d8444a70054990435f35a5630df5e1
+                SHA1: 4678c6e4a8787a8e6ed2bce8792b122f6c08afd8
+                SHA256: 0a8b4b359ea7890b358e56e436e9cfc6f32b037b2599b597ca7f7a80d475ec98
+                SHA384: ab21ee23bcdcf6f6066fb964d61467419ca8c0f3ad0b3fa2be4db6ed6af1cdff066b27d1988551c75836f22eddffef1f
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=US, ST=Virginia, L=McLean, O=Commtouch, Inc., OU=Digital ID
+                Class 3 , Microsoft Software Validation v2, OU=R&D, CN=Commtouch,
+                Inc.
+            ValidFrom: '2013-11-19 00:00:00'
+            ValidTo: '2017-01-16 23:59:59'
+            Signature: 58cd58fb0b58e291fe4896a360334f4ad8fdf84720dc356ce98f8f3e45dc0447c7223f75d55c2444202d455e7d282da1d189794fd4e2f499c7c55d98f0aecb3d0ef9b6dd1dff2f125e9d39ce95fb542c8f02d275176fc6da9a493427d018083d5852c13bf8b2908041af46b113f403bb93d6006ea0a0ff2ae7d648ed4280ed1cb4999203fc94832725928af6cb715395bd69bb6ce888efb9a658a15cf88b68de26957f49bb3cdbdb8f6d88cc91ac2c14f0500815e41f977b9cf55a173961bc8c02343b76a91a8e9dd3224329a3bb70d694ca497460aa6360d1f156f5d9fad8d54e846f171c1b5a30b713ba17296ffc75fdbc4b7f13efe4cdabae8769ce0e5609
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 560e308d590a10d941619020e45e2c2b
+            Version: 3
+            TBS:
+                MD5: 1c70d34387d8008dfcb38b42d3ed1d80
+                SHA1: 6128f04efd947c44e0e9034b1bbe07f37ae95f25
+                SHA256: 2cb1aa769c3e20eb26e5fa0af9df27311608c0a59515fef0f0e1ef05410b2d05
+                SHA384: b81d9e3728205cda6d19fde8388a35856915252624618a0e235014f81c3efa3de9317885a9236616a9d776f8b1a63da3
+        Signer:
+        -   SerialNumber: 560e308d590a10d941619020e45e2c2b
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: d8752c1d5954bea175ac00df5acebb09
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/cacc48e6-6ed8-431c-abee-88ee6c2dc3c1.yaml b/yaml/cacc48e6-6ed8-431c-abee-88ee6c2dc3c1.yaml
index ce5ad03d3..8c8845761 100644
--- a/yaml/cacc48e6-6ed8-431c-abee-88ee6c2dc3c1.yaml
+++ b/yaml/cacc48e6-6ed8-431c-abee-88ee6c2dc3c1.yaml
@@ -1,35 +1,35 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: cacc48e6-6ed8-431c-abee-88ee6c2dc3c1
+Tags:
+- nt2.sys
+Verified: 'FALSE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create nt2.sys binPath=C:\windows\temp \n \n \n  t2.sys type=kernel
-    && sc.exe start nt2.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection: []
-Id: cacc48e6-6ed8-431c-abee-88ee6c2dc3c1
-KnownVulnerableSamples:
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: nt2.sys
-  MachineType: ''
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA256: cb9890d4e303a4c03095d7bc176c42dee1b47d8aa58e2f442ec1514c8f9e3cec
-  Signature: []
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create nt2.sys binPath=C:\windows\temp \n \n \n  t2.sys type=kernel
+        && sc.exe start nt2.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules
-Tags:
-- nt2.sys
-Verified: 'FALSE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: nt2.sys
+    MachineType: ''
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA256: cb9890d4e303a4c03095d7bc176c42dee1b47d8aa58e2f442ec1514c8f9e3cec
+    Signature: []
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/cacf18a5-6d7d-4a63-92d4-bda386a3da18.yaml b/yaml/cacf18a5-6d7d-4a63-92d4-bda386a3da18.yaml
index 73f1423b6..c0db43ada 100644
--- a/yaml/cacf18a5-6d7d-4a63-92d4-bda386a3da18.yaml
+++ b/yaml/cacf18a5-6d7d-4a63-92d4-bda386a3da18.yaml
@@ -1,185 +1,185 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: cacf18a5-6d7d-4a63-92d4-bda386a3da18
+Tags:
+- bs_rcio64.sys
+Verified: 'TRUE'
 Author: Michael Haag
+Created: '2023-07-22'
+MitreID: T1068
 CVE:
 - ''
 Category: vulnerable drivers
 Commands:
-  Command: ''
-  Description: Confirmed vulnerable driver from Microsoft Block List
-  OperatingSystem: Windows
-  Privileges: kernel
-  Usecase: Elevate privileges
-Created: '2023-07-22'
-Detection:
-- type: ''
-  value: ''
-Id: cacf18a5-6d7d-4a63-92d4-bda386a3da18
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 1c716a0618a98ba89c60af2dd1ccc2d2
-    SHA1: 4bfe9e5a5a25b7cde6c81ebe31ed4abeb5147faf
-    SHA256: 0381632cd236cd94fa9e64ccc958516ac50f9437f99092e231a607b1e6be6cf8
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2016-05-05 20:02:57'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - KeInitializeSemaphore
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeSetEvent
-  - MmUnmapIoSpace
-  - KeDelayExecutionThread
-  - PsCreateSystemThread
-  - IoStartNextPacket
-  - PsTerminateSystemThread
-  - ExEventObjectType
-  - MmMapIoSpace
-  - IoDeleteDevice
-  - ObReferenceObjectByHandle
-  - KeWaitForSingleObject
-  - KeReleaseSemaphore
-  - ObfDereferenceObject
-  - IoReleaseCancelSpinLock
-  - IoAcquireCancelSpinLock
-  - IoStartPacket
-  - IofCompleteRequest
-  - KeRemoveEntryDeviceQueue
-  - KeBugCheckEx
-  - RtlInitUnicodeString
-  - ZwClose
-  - IoDeleteSymbolicLink
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: e9bb5b44d73669d74dcca8dbe64cc3d8
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: a0352c1bef1d43930bb6f7eaf15231cb
-    SHA1: eb6959c2bebf4125540fbbfec3309950047291bb
-    SHA256: 99e9217c3a4277803b5dcc67825090b7c4109665c2ba659a5690f524b6973120
-  SHA1: 4de33d03fee52f396a1c788000ca868d56ac30de
-  SHA256: 73327429c505d8c5fd690a8ec019ed4fd5a726b607cabe71509111c7bfe9fc7e
-  Sections:
-    .text:
-      Entropy: 6.3067682292740495
-      Virtual Size: '0x1698'
-    .rdata:
-      Entropy: 4.4921743202067885
-      Virtual Size: '0x270'
-    .data:
-      Entropy: 0.4546683345547283
-      Virtual Size: '0x13c'
-    .pdata:
-      Entropy: 3.7743598291175378
-      Virtual Size: '0x108'
-    INIT:
-      Entropy: 5.3504886330245975
-      Virtual Size: '0x550'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=TW, ST=TAIPEI HSIEN, L=HSIN TIEN, O=BIOSTAR MICROTECH INT'L CORP,
-        OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=BIOSTAR MICROTECH
-        INT'L CORP
-      ValidFrom: '2013-08-26 00:00:00'
-      ValidTo: '2016-11-24 23:59:59'
-      Signature: 08f8dc4cc28122b327a65f1a10cc4ecb3bd6589e01f7c5677d9e8621c1134c6728007b58718aae4b35f14dd52e537626115f06baee260ff9200684ecf5eb0d30a415d4c1c3ca33d7ac85fbb343ec52c7c0e6c0d8e6d8e35e7738fe6eba1555dfda7a698c4fecf77a7108060989ebcfbd2468615f5ba1c3b7c60ebcd14d03e64bd04f42a1cc0d0fe67ce7b725f3415f1cc465e07fbb46fa3b5e0783c184c25366c7b09e8272c83d8e467ecf2b835fae9ccbd89ad3e2625a5e494cd08abe6f43dda05e1abde42b918f76e29c801e94981e59fdb7750e146e9a062eb939fb1d1e18df1f323d88c871acf85b5369669a12d21eb4443322801abf420a9c9a56fd682b
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 32ba71c02f695ce02de7e6be26c4e481
-      Version: 3
-      TBS:
-        MD5: 63308081ef616eacfd255ea80348d48e
-        SHA1: 71101c0cb853bbae1723d1b1fe54acc512bbc1c5
-        SHA256: 742cc2473ca94322239868d3930b1c7dc43c47e476d96676e4e05e192646b8e7
-        SHA384: c98dc933ece7503d27498db2e37e5ab9e1ca3c8ddd7ce22eea3faf9ab86361945396553fb6d2898cee4444ecea8e7bad
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 32ba71c02f695ce02de7e6be26c4e481
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 095c0cdb9c0421da216371c1f4e8790e
-  LoadsDespiteHVCI: 'FALSE'
-MitreID: T1068
+    Command: ''
+    Description: Confirmed vulnerable driver from Microsoft Block List
+    OperatingSystem: Windows
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://gist.github.com/mgraeber-rc/1bde6a2a83237f17b463d051d32e802c
-Tags:
-- bs_rcio64.sys
-Verified: 'TRUE'
+Detection:
+-   type: ''
+    value: ''
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 1c716a0618a98ba89c60af2dd1ccc2d2
+        SHA1: 4bfe9e5a5a25b7cde6c81ebe31ed4abeb5147faf
+        SHA256: 0381632cd236cd94fa9e64ccc958516ac50f9437f99092e231a607b1e6be6cf8
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2016-05-05 20:02:57'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - KeInitializeSemaphore
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeSetEvent
+    - MmUnmapIoSpace
+    - KeDelayExecutionThread
+    - PsCreateSystemThread
+    - IoStartNextPacket
+    - PsTerminateSystemThread
+    - ExEventObjectType
+    - MmMapIoSpace
+    - IoDeleteDevice
+    - ObReferenceObjectByHandle
+    - KeWaitForSingleObject
+    - KeReleaseSemaphore
+    - ObfDereferenceObject
+    - IoReleaseCancelSpinLock
+    - IoAcquireCancelSpinLock
+    - IoStartPacket
+    - IofCompleteRequest
+    - KeRemoveEntryDeviceQueue
+    - KeBugCheckEx
+    - RtlInitUnicodeString
+    - ZwClose
+    - IoDeleteSymbolicLink
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: e9bb5b44d73669d74dcca8dbe64cc3d8
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: a0352c1bef1d43930bb6f7eaf15231cb
+        SHA1: eb6959c2bebf4125540fbbfec3309950047291bb
+        SHA256: 99e9217c3a4277803b5dcc67825090b7c4109665c2ba659a5690f524b6973120
+    SHA1: 4de33d03fee52f396a1c788000ca868d56ac30de
+    SHA256: 73327429c505d8c5fd690a8ec019ed4fd5a726b607cabe71509111c7bfe9fc7e
+    Sections:
+        .text:
+            Entropy: 6.3067682292740495
+            Virtual Size: '0x1698'
+        .rdata:
+            Entropy: 4.4921743202067885
+            Virtual Size: '0x270'
+        .data:
+            Entropy: 0.4546683345547283
+            Virtual Size: '0x13c'
+        .pdata:
+            Entropy: 3.7743598291175378
+            Virtual Size: '0x108'
+        INIT:
+            Entropy: 5.3504886330245975
+            Virtual Size: '0x550'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=TW, ST=TAIPEI HSIEN, L=HSIN TIEN, O=BIOSTAR MICROTECH INT'L
+                CORP, OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=BIOSTAR
+                MICROTECH INT'L CORP
+            ValidFrom: '2013-08-26 00:00:00'
+            ValidTo: '2016-11-24 23:59:59'
+            Signature: 08f8dc4cc28122b327a65f1a10cc4ecb3bd6589e01f7c5677d9e8621c1134c6728007b58718aae4b35f14dd52e537626115f06baee260ff9200684ecf5eb0d30a415d4c1c3ca33d7ac85fbb343ec52c7c0e6c0d8e6d8e35e7738fe6eba1555dfda7a698c4fecf77a7108060989ebcfbd2468615f5ba1c3b7c60ebcd14d03e64bd04f42a1cc0d0fe67ce7b725f3415f1cc465e07fbb46fa3b5e0783c184c25366c7b09e8272c83d8e467ecf2b835fae9ccbd89ad3e2625a5e494cd08abe6f43dda05e1abde42b918f76e29c801e94981e59fdb7750e146e9a062eb939fb1d1e18df1f323d88c871acf85b5369669a12d21eb4443322801abf420a9c9a56fd682b
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 32ba71c02f695ce02de7e6be26c4e481
+            Version: 3
+            TBS:
+                MD5: 63308081ef616eacfd255ea80348d48e
+                SHA1: 71101c0cb853bbae1723d1b1fe54acc512bbc1c5
+                SHA256: 742cc2473ca94322239868d3930b1c7dc43c47e476d96676e4e05e192646b8e7
+                SHA384: c98dc933ece7503d27498db2e37e5ab9e1ca3c8ddd7ce22eea3faf9ab86361945396553fb6d2898cee4444ecea8e7bad
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 32ba71c02f695ce02de7e6be26c4e481
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 095c0cdb9c0421da216371c1f4e8790e
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/cce291c8-4534-4362-af45-5f45cd32bd92.yaml b/yaml/cce291c8-4534-4362-af45-5f45cd32bd92.yaml
index 766858930..77116f4ab 100644
--- a/yaml/cce291c8-4534-4362-af45-5f45cd32bd92.yaml
+++ b/yaml/cce291c8-4534-4362-af45-5f45cd32bd92.yaml
@@ -1,154 +1,155 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: cce291c8-4534-4362-af45-5f45cd32bd92
+Tags:
+- smep_namco.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create smep_namco.sys binPath=C:\windows\temp\smep_namco.sys type=kernel
-    && sc.exe start smep_namco.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection: []
-Id: cce291c8-4534-4362-af45-5f45cd32bd92
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 5673638fc95d46f6b323144472c6e608
-    SHA1: 0f780b7ada5dd8464d9f2cc537d973f5ac804e9c
-    SHA256: 7fd788358585e0b863328475898bb4400ed8d478466d1b7f5cc0252671456cc8
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2013-07-09 19:35:24'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: smep_namco.sys
-  ImportedFunctions:
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - IofCompleteRequest
-  - MmGetSystemRoutineAddress
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - IoDeleteDevice
-  Imports:
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: 02198692732722681f246c1b33f7a9d9
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: b2f23c03be4553a744ff25735a80073c
-    SHA1: 2703d60c8f12df9d6adf5ae475bfeb1786486888
-    SHA256: 46ffd109664b6694974986a39d508002d564434d60a0fb9f861401f2cb2c83f1
-  SHA1: f052dc35b74a1a6246842fbb35eb481577537826
-  SHA256: 7ec93f34eb323823eb199fbf8d06219086d517d0e8f4b9e348d7afd41ec9fd5d
-  Sections:
-    .text:
-      Entropy: 5.848826218029174
-      Virtual Size: '0x4e0'
-    .data:
-      Entropy: -0.0
-      Virtual Size: '0xc0'
-    .pdata:
-      Entropy: 3.006469661076665
-      Virtual Size: '0x48'
-    .info:
-      Entropy: 2.422343555669997
-      Virtual Size: '0xa0'
-    INIT:
-      Entropy: 4.123682579107587
-      Virtual Size: '0x114'
-  Signature:
-  - NAMCO BANDAI Online Inc.
-  - GlobalSign CodeSigning CA - G2
-  - GlobalSign Root CA - R1
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: OU=Timestamping CA, O=GlobalSign, CN=GlobalSign Timestamping CA
-      ValidFrom: '2009-03-18 11:00:00'
-      ValidTo: '2028-01-28 12:00:00'
-      Signature: 5df6cb2b0d0140849f857a43706ae0c5e7aa0600d76713c9089131654f14a8a905dc389e6aa0300abd8dc78028ee4245ca94f3de5845a9803204f5595c6a70003927944df5b44634e81c5331b2b35416e9cc42abd5d959301cfb462725b88723b1e8758824831ec876377b01494548a4ede25dd27c9ca2dc2dba105a126265abae00c710343bcb72bd14240cdcc37627b4a7fee15829f20e169f91391d89a6e60f1c878ce258ac927e243eaaec14e73a33348bc63bac83ab0f14627aba1a2d4d4b1bc530f00b92797d3c78e0f8e6d215965999392b3061e8b8f8c0a1e9221411787dc4dc89bec0bb94e172aeebb540404fef171e585ed0a88996ac9228e9babf
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012019c19066
-      Version: 3
-      TBS:
-        MD5: 42023b9487cafe46c1b6a49c369a362e
-        SHA1: 7c7b524d269334b9f073c32e888e09544c6acd98
-        SHA256: b7126567833f3daa4085ff41e73112daad3d1e3808a942c1936520e2d6c46c78
-        SHA384: 0ee4f63d6f157ec4f6990c3ebb411ccd76cb1e2123c7f692459e43f96c0da2dbf60a2bce6afeacc60621d3055028baea
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=BE, O=GlobalSign NV, CN=GlobalSign Time Stamping Authority
-      ValidFrom: '2009-12-21 09:32:56'
-      ValidTo: '2020-12-22 09:32:56'
-      Signature: bc89ecfee63655935c79d4117a86808f17b693b26d9b91a1561811c655eaf608edad9b9ef52b81c8bbdd607b1b47991e6d403e1d80c213d58e04052fdbe7ae529e688472a1e54a603cf89bd52f46d8c3b2b79353ac9b6c432424d1f1fce9562e3411581843eaefff34746ca0c06c7fad031969881e9560cabbbd0cbb76efc724b081c63831cf36ad0c38b89020849b2e8f28b99ff6ca9427cdac396157e0e3955a9c769230f5dea6973d721c2a6032a8334d8635338a5cf3a4fdf7062ce16b4b30f5cbd34362f841b9de7d20cb058c8e2cf65f35fd338d42896508362ca389f45a858bb0b97bdb6ccba1f8d20e1bbb977cd12779be9d7c3be6a75634d8c991a9
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 01000000000125b0b4cc01
-      Version: 3
-      TBS:
-        MD5: e3369c8e5aec0504b3a50455f615d9f9
-        SHA1: 13c244a894b40ecd18aaf97c362f20385bd005a7
-        SHA256: 26da721a670c72836926032fee6920118bfb9bff89cc8d0ce30d9452c33f2532
-        SHA384: 1524902f0e25addc6d74039d439366d2b06199e215004fd8e145369f50ea94a021ce6312e8a62b35470da0309ccb975c
-    - Subject: C=JP, ST=Tokyo, L=Shinagawa, O=NAMCO BANDAI Online Inc., CN=NAMCO BANDAI
-        Online Inc.
-      ValidFrom: '2012-08-22 06:31:53'
-      ValidTo: '2014-10-21 03:05:04'
-      Signature: a6adc313f1c743fa19363fba06d32bdaf2c528004b8baf033ab77fa6a5a919cd30ebc7936933134553014329292e644225ee7dc0fcaa6fcfdb87e59947955d2acc40e2778598fe763057c821c93f3f2525c81179a4d0cb32d28329cc7f1e245b455ca755c1a8789bb8813da3492c19ce4f6b68d74cb5352deaed4865e1d944e01a6a3b14531a7305e9e385ea681d54062c2c1489384bb6f0917775250471255f5dcdc253fff80becd97053d22e6e8d73f3b2272d0bf0d262f73bb5dccfd48622cdf180eaf4ca77304b943362c759f125a1f56b3c5665f406fa2da81038161073f446d50fb3e8ae46d30f94021c514e6ca52f0d7d4951e2f9e245e4fd966f31f0
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1121953cf4f12153ed3974a70d218298b988
-      Version: 3
-      TBS:
-        MD5: ed2401f2f2a40ae687096d79a85955d7
-        SHA1: 01bbd03bb2a9285563adf031b7379cb95e34c26b
-        SHA256: fde6a38c54e98159e61ac0fbba5f725a65ab975d211aed1f693c645c0e64c4eb
-        SHA384: fb4e72f444466ab10e27eb009c2ae5861cbd388ce98c75b07bf9b20910e6d21019aab6b64ac5030a029991859e7b94a2
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2011-04-15 19:55:08'
-      ValidTo: '2021-04-15 20:05:08'
-      Signature: 5ff8d065746a81c6a6ca5b03b6914ae84bbdef2ba142f0efb4a5adcd3389ec0b9585ac62501108aa58d25aa08310e5a6337af25af2c5fe787cf09c83df190ad97396002dd62ccde914d41d9de83f3c1a76f7904efb01350a6c9313a0c356eb67a0e4d17a96dec267f190f80a7bf5321b94ec5f751f8d1b34da6c58a7cb2d279e2226b7c9aa30cc0777b836e38201b5393ccc8dd9a75f7f23b3877fdb5798918bd7ce2520e39d644fdd87f72b68490318e0a5df7c5f68644d36838d4781f2e9e0a869abfa7b163c05a449ea8830190a6c73055178dfd41ddd3ad47f2de44e54be83431e7a7433b4a4ebd77073bc2a02988966eef6bc8f749378e329025a5a43e258ce7ccf9acad236893be25fda26054ec8d4e72c910e1797c5beee8b13112323294ffa83d050f6bafad53db3173df4ff034aa325dce67561d1fa35086bd62744d068b78d45e0eb852cc8a15d614474160e5958aed2b5eea5bcd6d7076ab62978fd976767dd8d4f17944fd2ed0caf972437c3a29c81da6be143b6577b4cecbf791319e79fe844e94781b75e701e91f83dd17b27f50b7056434805dda92fab86101d0b12e31ad04c6e75ded645b30b748887935c564a41029af7aeb799d8b67f88fa11f2457cf4d71b91c01cf1a0fbd4080a411a142acef4eb34486e66879ed54b7a397fbb0e3d3861cf735706e412066bd96b5308cd7018c22d4f974691bca9f0
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 6129152700000000002a
-      Version: 3
-      TBS:
-        MD5: 0bb058d116f02817737920f112d9fd3b
-        SHA1: fd116235171a4feafedee586b7a59185fb5fd7e6
-        SHA256: f970426cc46d2ae0fc5f899fa19dbe76e05f07e525654c60c3c9399492c291f4
-        SHA384: c0df876be008c26ca407fe904e6f5e7ccded17f9c16830ce9f8022309c9e64c97f494810f152811ae43e223b82ad7cc6
-    Signer:
-    - SerialNumber: 1121953cf4f12153ed3974a70d218298b988
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 45bfe170e0cd654bc1e2ae3fca3ac3f4
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create smep_namco.sys binPath=C:\windows\temp\smep_namco.sys type=kernel
+        && sc.exe start smep_namco.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://github.com/namazso/physmem_drivers
-Tags:
-- smep_namco.sys
-Verified: 'TRUE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 5673638fc95d46f6b323144472c6e608
+        SHA1: 0f780b7ada5dd8464d9f2cc537d973f5ac804e9c
+        SHA256: 7fd788358585e0b863328475898bb4400ed8d478466d1b7f5cc0252671456cc8
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2013-07-09 19:35:24'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: smep_namco.sys
+    ImportedFunctions:
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - IofCompleteRequest
+    - MmGetSystemRoutineAddress
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - IoDeleteDevice
+    Imports:
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: 02198692732722681f246c1b33f7a9d9
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: b2f23c03be4553a744ff25735a80073c
+        SHA1: 2703d60c8f12df9d6adf5ae475bfeb1786486888
+        SHA256: 46ffd109664b6694974986a39d508002d564434d60a0fb9f861401f2cb2c83f1
+    SHA1: f052dc35b74a1a6246842fbb35eb481577537826
+    SHA256: 7ec93f34eb323823eb199fbf8d06219086d517d0e8f4b9e348d7afd41ec9fd5d
+    Sections:
+        .text:
+            Entropy: 5.848826218029174
+            Virtual Size: '0x4e0'
+        .data:
+            Entropy: -0.0
+            Virtual Size: '0xc0'
+        .pdata:
+            Entropy: 3.006469661076665
+            Virtual Size: '0x48'
+        .info:
+            Entropy: 2.422343555669997
+            Virtual Size: '0xa0'
+        INIT:
+            Entropy: 4.123682579107587
+            Virtual Size: '0x114'
+    Signature:
+    - NAMCO BANDAI Online Inc.
+    - GlobalSign CodeSigning CA - G2
+    - GlobalSign Root CA - R1
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: OU=Timestamping CA, O=GlobalSign, CN=GlobalSign Timestamping
+                CA
+            ValidFrom: '2009-03-18 11:00:00'
+            ValidTo: '2028-01-28 12:00:00'
+            Signature: 5df6cb2b0d0140849f857a43706ae0c5e7aa0600d76713c9089131654f14a8a905dc389e6aa0300abd8dc78028ee4245ca94f3de5845a9803204f5595c6a70003927944df5b44634e81c5331b2b35416e9cc42abd5d959301cfb462725b88723b1e8758824831ec876377b01494548a4ede25dd27c9ca2dc2dba105a126265abae00c710343bcb72bd14240cdcc37627b4a7fee15829f20e169f91391d89a6e60f1c878ce258ac927e243eaaec14e73a33348bc63bac83ab0f14627aba1a2d4d4b1bc530f00b92797d3c78e0f8e6d215965999392b3061e8b8f8c0a1e9221411787dc4dc89bec0bb94e172aeebb540404fef171e585ed0a88996ac9228e9babf
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012019c19066
+            Version: 3
+            TBS:
+                MD5: 42023b9487cafe46c1b6a49c369a362e
+                SHA1: 7c7b524d269334b9f073c32e888e09544c6acd98
+                SHA256: b7126567833f3daa4085ff41e73112daad3d1e3808a942c1936520e2d6c46c78
+                SHA384: 0ee4f63d6f157ec4f6990c3ebb411ccd76cb1e2123c7f692459e43f96c0da2dbf60a2bce6afeacc60621d3055028baea
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=BE, O=GlobalSign NV, CN=GlobalSign Time Stamping Authority
+            ValidFrom: '2009-12-21 09:32:56'
+            ValidTo: '2020-12-22 09:32:56'
+            Signature: bc89ecfee63655935c79d4117a86808f17b693b26d9b91a1561811c655eaf608edad9b9ef52b81c8bbdd607b1b47991e6d403e1d80c213d58e04052fdbe7ae529e688472a1e54a603cf89bd52f46d8c3b2b79353ac9b6c432424d1f1fce9562e3411581843eaefff34746ca0c06c7fad031969881e9560cabbbd0cbb76efc724b081c63831cf36ad0c38b89020849b2e8f28b99ff6ca9427cdac396157e0e3955a9c769230f5dea6973d721c2a6032a8334d8635338a5cf3a4fdf7062ce16b4b30f5cbd34362f841b9de7d20cb058c8e2cf65f35fd338d42896508362ca389f45a858bb0b97bdb6ccba1f8d20e1bbb977cd12779be9d7c3be6a75634d8c991a9
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 01000000000125b0b4cc01
+            Version: 3
+            TBS:
+                MD5: e3369c8e5aec0504b3a50455f615d9f9
+                SHA1: 13c244a894b40ecd18aaf97c362f20385bd005a7
+                SHA256: 26da721a670c72836926032fee6920118bfb9bff89cc8d0ce30d9452c33f2532
+                SHA384: 1524902f0e25addc6d74039d439366d2b06199e215004fd8e145369f50ea94a021ce6312e8a62b35470da0309ccb975c
+        -   Subject: C=JP, ST=Tokyo, L=Shinagawa, O=NAMCO BANDAI Online Inc., CN=NAMCO
+                BANDAI Online Inc.
+            ValidFrom: '2012-08-22 06:31:53'
+            ValidTo: '2014-10-21 03:05:04'
+            Signature: a6adc313f1c743fa19363fba06d32bdaf2c528004b8baf033ab77fa6a5a919cd30ebc7936933134553014329292e644225ee7dc0fcaa6fcfdb87e59947955d2acc40e2778598fe763057c821c93f3f2525c81179a4d0cb32d28329cc7f1e245b455ca755c1a8789bb8813da3492c19ce4f6b68d74cb5352deaed4865e1d944e01a6a3b14531a7305e9e385ea681d54062c2c1489384bb6f0917775250471255f5dcdc253fff80becd97053d22e6e8d73f3b2272d0bf0d262f73bb5dccfd48622cdf180eaf4ca77304b943362c759f125a1f56b3c5665f406fa2da81038161073f446d50fb3e8ae46d30f94021c514e6ca52f0d7d4951e2f9e245e4fd966f31f0
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1121953cf4f12153ed3974a70d218298b988
+            Version: 3
+            TBS:
+                MD5: ed2401f2f2a40ae687096d79a85955d7
+                SHA1: 01bbd03bb2a9285563adf031b7379cb95e34c26b
+                SHA256: fde6a38c54e98159e61ac0fbba5f725a65ab975d211aed1f693c645c0e64c4eb
+                SHA384: fb4e72f444466ab10e27eb009c2ae5861cbd388ce98c75b07bf9b20910e6d21019aab6b64ac5030a029991859e7b94a2
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2011-04-15 19:55:08'
+            ValidTo: '2021-04-15 20:05:08'
+            Signature: 5ff8d065746a81c6a6ca5b03b6914ae84bbdef2ba142f0efb4a5adcd3389ec0b9585ac62501108aa58d25aa08310e5a6337af25af2c5fe787cf09c83df190ad97396002dd62ccde914d41d9de83f3c1a76f7904efb01350a6c9313a0c356eb67a0e4d17a96dec267f190f80a7bf5321b94ec5f751f8d1b34da6c58a7cb2d279e2226b7c9aa30cc0777b836e38201b5393ccc8dd9a75f7f23b3877fdb5798918bd7ce2520e39d644fdd87f72b68490318e0a5df7c5f68644d36838d4781f2e9e0a869abfa7b163c05a449ea8830190a6c73055178dfd41ddd3ad47f2de44e54be83431e7a7433b4a4ebd77073bc2a02988966eef6bc8f749378e329025a5a43e258ce7ccf9acad236893be25fda26054ec8d4e72c910e1797c5beee8b13112323294ffa83d050f6bafad53db3173df4ff034aa325dce67561d1fa35086bd62744d068b78d45e0eb852cc8a15d614474160e5958aed2b5eea5bcd6d7076ab62978fd976767dd8d4f17944fd2ed0caf972437c3a29c81da6be143b6577b4cecbf791319e79fe844e94781b75e701e91f83dd17b27f50b7056434805dda92fab86101d0b12e31ad04c6e75ded645b30b748887935c564a41029af7aeb799d8b67f88fa11f2457cf4d71b91c01cf1a0fbd4080a411a142acef4eb34486e66879ed54b7a397fbb0e3d3861cf735706e412066bd96b5308cd7018c22d4f974691bca9f0
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 6129152700000000002a
+            Version: 3
+            TBS:
+                MD5: 0bb058d116f02817737920f112d9fd3b
+                SHA1: fd116235171a4feafedee586b7a59185fb5fd7e6
+                SHA256: f970426cc46d2ae0fc5f899fa19dbe76e05f07e525654c60c3c9399492c291f4
+                SHA384: c0df876be008c26ca407fe904e6f5e7ccded17f9c16830ce9f8022309c9e64c97f494810f152811ae43e223b82ad7cc6
+        Signer:
+        -   SerialNumber: 1121953cf4f12153ed3974a70d218298b988
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 45bfe170e0cd654bc1e2ae3fca3ac3f4
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/ce2d41fd-908f-414c-b6b5-338298f425b8.yaml b/yaml/ce2d41fd-908f-414c-b6b5-338298f425b8.yaml
index 56f725f9b..dd2f4ed63 100644
--- a/yaml/ce2d41fd-908f-414c-b6b5-338298f425b8.yaml
+++ b/yaml/ce2d41fd-908f-414c-b6b5-338298f425b8.yaml
@@ -1,208 +1,209 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: ce2d41fd-908f-414c-b6b5-338298f425b8
+Tags:
+- DirectIo.sys
+Verified: 'FALSE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create DirectIo.sys binPath=C:\windows\temp\DirectIo.sys type=kernel
-    && sc.exe start DirectIo.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection: []
-Id: ce2d41fd-908f-414c-b6b5-338298f425b8
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: c6fbe703bcefd3a5a191dce9cd2bf71d
-    SHA1: 7d24a5e3a9bb0eba2a4cf19f516384c7a0c95eb7
-    SHA256: 129fa1795cffca9973f59df59f880a9f2bdb3aa9873363f8e2f598ccc6e32542
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2012-02-15 17:39:35'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: DirectIo.sys
-  ImportedFunctions:
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - ZwUnmapViewOfSection
-  - ZwWriteFile
-  - PsGetProcessId
-  - NtBuildNumber
-  - RtlFillMemoryUlong
-  - ZwCreateFile
-  - memset
-  - memcpy
-  - MmGetPhysicalMemoryRanges
-  - IoWriteErrorLogEntry
-  - memmove
-  - IoAllocateErrorLogEntry
-  - IofCompleteRequest
-  - IoDeleteDevice
-  - RtlAppendUnicodeStringToString
-  - ObfDereferenceObject
-  - RtlAppendUnicodeToString
-  - IoDeleteSymbolicLink
-  - RtlQueryRegistryValues
-  - ZwOpenKey
-  - RtlWriteRegistryValue
-  - KeWaitForSingleObject
-  - IofCallDriver
-  - IoBuildDeviceIoControlRequest
-  - KeInitializeEvent
-  - IoCreateSymbolicLink
-  - ObReferenceObjectByPointer
-  - IoGetDeviceObjectPointer
-  - IoCreateDevice
-  - KeQueryActiveProcessors
-  - KeRevertToUserAffinityThread
-  - KeSetSystemAffinityThread
-  - KeTickCount
-  - KeBugCheckEx
-  - ZwClose
-  - DbgPrint
-  - RtlInitUnicodeString
-  - ExAllocatePoolWithTag
-  - ZwQueryValueKey
-  - ExFreePoolWithTag
-  - RtlIntegerToUnicodeString
-  - RtlAssert
-  - READ_PORT_USHORT
-  - READ_PORT_UCHAR
-  - WRITE_PORT_ULONG
-  - WRITE_PORT_USHORT
-  - WRITE_PORT_UCHAR
-  - KeGetCurrentIrql
-  - READ_PORT_ULONG
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: a785b3bc4309d2eb111911c1b55e793f
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: bdaae5ccba049985b33c943d9a3ef28e
-    SHA1: 0061b9039804cc086dbae70e788e91b9a85c5128
-    SHA256: c46f0e8863984c8b11a0ae9872cc81e67e15608f50035ce728700fce24b59787
-  SHA1: 19f3343bfad0ef3595f41d60272d21746c92ffca
-  SHA256: 4422851a0a102f654e95d3b79c357ae3af1b096d7d1576663c027cfbc04abaf9
-  Sections:
-    .text:
-      Entropy: 6.043671775499248
-      Virtual Size: '0x2537'
-    .rdata:
-      Entropy: 4.176113186134154
-      Virtual Size: '0x144'
-    .data:
-      Entropy: 3.625
-      Virtual Size: '0x20'
-    PAGE:
-      Entropy: 5.630531458844188
-      Virtual Size: '0xcd'
-    INIT:
-      Entropy: 5.468877748140006
-      Virtual Size: '0x5ba'
-    .reloc:
-      Entropy: 5.422595746439076
-      Virtual Size: '0x258'
-  Signature:
-  - PassMark Software Pty Ltd
-  - VeriSign Class 3 Code Signing 2009-2 CA
-  - VeriSign Class 3 Public Primary CA
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=AU, ST=NSW, O=PassMark Software Pty Ltd, OU=Digital ID Class 3 ,
-        Microsoft Software Validation v2, CN=PassMark Software Pty Ltd
-      ValidFrom: '2009-09-22 00:00:00'
-      ValidTo: '2012-10-18 23:59:59'
-      Signature: b7f68f477ab8836d5a2eaa9eaf9449186c71f90679d58058c558928f1ad7c76398511ce520afd6dce66540f536c377f824cf5b84fd60f83ead01a592fbce29cc51cca7da2fe8b50e89bc6999104fb406db3b878a7f9f148c767b668b84fcba161c1c14215de332cfcfc2fa52bce1543341231dd345b41da888372d4a2f82711f6125e029fd71859711bccd6b600247a440b6603296cfa9451e6ec81d51b1b7512705461af59e23e0423ba441c68025359a6e591c6370fa516188f8d720a16c6c7b24e975a204fbe5a3b8236443813e993d717df40642fe7d88d85aa1a51b47a3a05232da19c8f2de4144aa11d4577379c794ef9a48d60fc40f8793d5273a25da
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 38e7fa0db1a398f805bb85a69171dc9d
-      Version: 3
-      TBS:
-        MD5: 159feaed9447c7d71653069c337ec2b3
-        SHA1: 5079a8aa946ee016c86153d4456f58277360c036
-        SHA256: e76ee5754b8da5b514befb3a89eed638de08605326a1e611ddbed9e864551abf
-        SHA384: 9830194c19654f1196e74505a987588c36aa700489f3f482f1ad017bba6e39ebf9be18ab153da8cd9f8a672801820a87
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 38e7fa0db1a398f805bb85a69171dc9d
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  Imphash: 68b717fa2ab9431cd176776363359d48
-  LoadsDespiteHVCI: 'TRUE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create DirectIo.sys binPath=C:\windows\temp\DirectIo.sys type=kernel
+        && sc.exe start DirectIo.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules
-Tags:
-- DirectIo.sys
-Verified: 'FALSE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: c6fbe703bcefd3a5a191dce9cd2bf71d
+        SHA1: 7d24a5e3a9bb0eba2a4cf19f516384c7a0c95eb7
+        SHA256: 129fa1795cffca9973f59df59f880a9f2bdb3aa9873363f8e2f598ccc6e32542
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2012-02-15 17:39:35'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: DirectIo.sys
+    ImportedFunctions:
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - ZwUnmapViewOfSection
+    - ZwWriteFile
+    - PsGetProcessId
+    - NtBuildNumber
+    - RtlFillMemoryUlong
+    - ZwCreateFile
+    - memset
+    - memcpy
+    - MmGetPhysicalMemoryRanges
+    - IoWriteErrorLogEntry
+    - memmove
+    - IoAllocateErrorLogEntry
+    - IofCompleteRequest
+    - IoDeleteDevice
+    - RtlAppendUnicodeStringToString
+    - ObfDereferenceObject
+    - RtlAppendUnicodeToString
+    - IoDeleteSymbolicLink
+    - RtlQueryRegistryValues
+    - ZwOpenKey
+    - RtlWriteRegistryValue
+    - KeWaitForSingleObject
+    - IofCallDriver
+    - IoBuildDeviceIoControlRequest
+    - KeInitializeEvent
+    - IoCreateSymbolicLink
+    - ObReferenceObjectByPointer
+    - IoGetDeviceObjectPointer
+    - IoCreateDevice
+    - KeQueryActiveProcessors
+    - KeRevertToUserAffinityThread
+    - KeSetSystemAffinityThread
+    - KeTickCount
+    - KeBugCheckEx
+    - ZwClose
+    - DbgPrint
+    - RtlInitUnicodeString
+    - ExAllocatePoolWithTag
+    - ZwQueryValueKey
+    - ExFreePoolWithTag
+    - RtlIntegerToUnicodeString
+    - RtlAssert
+    - READ_PORT_USHORT
+    - READ_PORT_UCHAR
+    - WRITE_PORT_ULONG
+    - WRITE_PORT_USHORT
+    - WRITE_PORT_UCHAR
+    - KeGetCurrentIrql
+    - READ_PORT_ULONG
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: a785b3bc4309d2eb111911c1b55e793f
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: bdaae5ccba049985b33c943d9a3ef28e
+        SHA1: 0061b9039804cc086dbae70e788e91b9a85c5128
+        SHA256: c46f0e8863984c8b11a0ae9872cc81e67e15608f50035ce728700fce24b59787
+    SHA1: 19f3343bfad0ef3595f41d60272d21746c92ffca
+    SHA256: 4422851a0a102f654e95d3b79c357ae3af1b096d7d1576663c027cfbc04abaf9
+    Sections:
+        .text:
+            Entropy: 6.043671775499248
+            Virtual Size: '0x2537'
+        .rdata:
+            Entropy: 4.176113186134154
+            Virtual Size: '0x144'
+        .data:
+            Entropy: 3.625
+            Virtual Size: '0x20'
+        PAGE:
+            Entropy: 5.630531458844188
+            Virtual Size: '0xcd'
+        INIT:
+            Entropy: 5.468877748140006
+            Virtual Size: '0x5ba'
+        .reloc:
+            Entropy: 5.422595746439076
+            Virtual Size: '0x258'
+    Signature:
+    - PassMark Software Pty Ltd
+    - VeriSign Class 3 Code Signing 2009-2 CA
+    - VeriSign Class 3 Public Primary CA
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=AU, ST=NSW, O=PassMark Software Pty Ltd, OU=Digital ID Class
+                3 , Microsoft Software Validation v2, CN=PassMark Software Pty Ltd
+            ValidFrom: '2009-09-22 00:00:00'
+            ValidTo: '2012-10-18 23:59:59'
+            Signature: b7f68f477ab8836d5a2eaa9eaf9449186c71f90679d58058c558928f1ad7c76398511ce520afd6dce66540f536c377f824cf5b84fd60f83ead01a592fbce29cc51cca7da2fe8b50e89bc6999104fb406db3b878a7f9f148c767b668b84fcba161c1c14215de332cfcfc2fa52bce1543341231dd345b41da888372d4a2f82711f6125e029fd71859711bccd6b600247a440b6603296cfa9451e6ec81d51b1b7512705461af59e23e0423ba441c68025359a6e591c6370fa516188f8d720a16c6c7b24e975a204fbe5a3b8236443813e993d717df40642fe7d88d85aa1a51b47a3a05232da19c8f2de4144aa11d4577379c794ef9a48d60fc40f8793d5273a25da
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 38e7fa0db1a398f805bb85a69171dc9d
+            Version: 3
+            TBS:
+                MD5: 159feaed9447c7d71653069c337ec2b3
+                SHA1: 5079a8aa946ee016c86153d4456f58277360c036
+                SHA256: e76ee5754b8da5b514befb3a89eed638de08605326a1e611ddbed9e864551abf
+                SHA384: 9830194c19654f1196e74505a987588c36aa700489f3f482f1ad017bba6e39ebf9be18ab153da8cd9f8a672801820a87
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 38e7fa0db1a398f805bb85a69171dc9d
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    Imphash: 68b717fa2ab9431cd176776363359d48
+    LoadsDespiteHVCI: 'TRUE'
diff --git a/yaml/cf49f43c-d7b4-4c1a-a40d-1be36ea64bff.yaml b/yaml/cf49f43c-d7b4-4c1a-a40d-1be36ea64bff.yaml
index 11b4e303a..7d566c8ea 100644
--- a/yaml/cf49f43c-d7b4-4c1a-a40d-1be36ea64bff.yaml
+++ b/yaml/cf49f43c-d7b4-4c1a-a40d-1be36ea64bff.yaml
@@ -1,201 +1,202 @@
-Acknowledgement:
-  Handle: hfiref0x
-  Person: hfiref0x
+Id: cf49f43c-d7b4-4c1a-a40d-1be36ea64bff
+Tags:
+- SysDrv3S.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create SysDrv3S.sys binPath=C:\windows\temp\SysDrv3S.sys type=kernel
-    && sc.exe start SysDrv3S.sys
-  Description: Vulnerable driver found in https://github.com/hfiref0x/KDU.
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-05-22'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/0e53b58415fa68552928622118d5b8a3a851b2fc512709a90b63ba46acda8b6b.yara
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: cf49f43c-d7b4-4c1a-a40d-1be36ea64bff
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 0ef111dc998659cbc37f0d9845cdd2df
-    SHA1: 432b5809d84935d15574de8d64b22e06682ff715
-    SHA256: 97cada65b735f3eece349c7b7021c4469d5a9fb3cf8b5e2ac187006469ffbc98
-  Company: 3S-Smart Software Solutions GmbH
-  Copyright: "Copyright \xA9 2006-2014"
-  CreationTimestamp: '2016-02-24 05:31:51'
-  Date: ''
-  Description: SysDrv3S
-  ExportedFunctions: ''
-  FileVersion: 3,5,6,0
-  Filename: SysDrv3S.sys
-  ImportedFunctions:
-  - HalSetBusDataByOffset
-  - HalTranslateBusAddress
-  - HalGetBusData
-  - IoDeleteDevice
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - RtlInitUnicodeString
-  - DbgPrint
-  - IofCompleteRequest
-  - ZwUnmapViewOfSection
-  - RtlAssert
-  - IoDeleteSymbolicLink
-  - ZwClose
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - RtlQueryRegistryValues
-  - RtlWriteRegistryValue
-  - ZwCreateFile
-  - ZwReadFile
-  - ZwWriteFile
-  - ZwQueryInformationFile
-  - KeSetEvent
-  - KeWaitForSingleObject
-  - IofCallDriver
-  - KeInitializeEvent
-  - IoGetDeviceProperty
-  - __C_specific_handler
-  - IoDetachDevice
-  - RtlFreeUnicodeString
-  - IoAttachDeviceToDeviceStack
-  - RtlCopyUnicodeString
-  - ExAllocatePool
-  - PoCallDriver
-  - PoStartNextPowerIrp
-  - IoFreeIrp
-  - IoAllocateIrp
-  Imports:
-  - HAL.dll
-  - ntoskrnl.exe
-  InternalName: SysDrv3S
-  MD5: 31eca8c0b32135850d5a50aee11fec87
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: SysDrv3S.sys
-  Product: SysDrv3S
-  ProductVersion: 3.5.6.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 4c4e61d23caf453cd98052bd346147af
-    SHA1: 8cac5443a51b67b2cdcf79e16acf97e900f1cc3b
-    SHA256: b4312d3ba6a4607ea60df01e1cc8f20eced165f726bb535c437a1c48f63bb1b0
-  SHA1: e1069365cb580e3525090f2fa28efd4127223588
-  SHA256: 0e53b58415fa68552928622118d5b8a3a851b2fc512709a90b63ba46acda8b6b
-  Sections:
-    .text:
-      Entropy: 5.487700675400823
-      Virtual Size: '0x3afb'
-    .gdat:
-      Entropy: 0.0
-      Virtual Size: '0xec1314'
-    .rdata:
-      Entropy: 5.282534845463875
-      Virtual Size: '0xac4'
-    .data:
-      Entropy: 2.8653907057442844
-      Virtual Size: '0xf0'
-    .pdata:
-      Entropy: 4.315220761729047
-      Virtual Size: '0x2a0'
-    INIT:
-      Entropy: 4.919040139613327
-      Virtual Size: '0x472'
-    .rsrc:
-      Entropy: 3.3014617564676696
-      Virtual Size: '0x3c0'
-    .reloc:
-      Entropy: 1.2611452975073978
-      Virtual Size: '0x120'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: OU=GlobalSign Root CA , R3, O=GlobalSign, CN=GlobalSign
-      ValidFrom: '2009-11-18 10:00:00'
-      ValidTo: '2019-03-18 10:00:00'
-      Signature: 4252a97ea2cf5b3bcb4bddbaf85759d324a47772ef62443782ed06ee04d5165f24a314dc6c54056ab09b3dda8139daad28db956f8183f5cd62b14524b1dd29e5085495958cf01d065f1ad6463f1340174811169b474dd13ab50f571c9230d0f8b2253b0acdf687f9c7b257d33f7da58c14ce9ca8c79f4693da59fa795d652035445a4fc1909dc1549256dc34c8f5c103d05dc059489c00fc95a0f1d176f71636c813927f2d2bc0b880f126261f414d52bf1e97bb018208e715f6c1d5342accf5e4c3877a5781e1d6d74286620177e2a9c47a86f404387a076a7d00ec73f7a80b3478c59eb3efb838400e8c3353c875ec5f3eea755eff820e7415dc1905f3ba31
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000125071df9af
-      Version: 3
-      TBS:
-        MD5: f47739306d14722e670d9436eadb8e4f
-        SHA1: 457d9df00a652cb4c3356d00145d9528fc309172
-        SHA256: bd1765c56594221373893ef26d97f88c144fb0e5a0111215b45d7239c3444df7
-        SHA384: b8b268a1bdf388be66a1c969b7b353cb2bbc9fad446049b7efa05a9ab3b714494e97f4d1ee1c0bae35bfd9bf6ef275b3
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Extended Validation CodeSigning
-        CA , SHA256 , G3
-      ValidFrom: '2016-06-15 00:00:00'
-      ValidTo: '2024-06-15 00:00:00'
-      Signature: 7609c4cc2fd9ef1e4ba9f857f3403921ca4c3c1d9e292b20d42b44d288ce1a0d05cf8381bbeb69bc318d2ac4c744cc6060941ccfa1e102240ead5bbe2cc2271e67b7e8281f3251e339f398dfb89f2e8b2ab47b0a03bcbd36048fc9d09c4fa3022799b0f045e934dfe43aa3b70637d86f2a7990d4d44e5871ec53a96198f73969e0129c575872862729a51de532f32b99975abf2bb03cb406ea0e64ecb7cd65802417c2d937f5b1261035477b9a02ba54a24593ff79bf1a8cc59fb59fdf78e76b50f14794694b24b8da05e80c9d4f06ec4a31207e4f5d86842f35a3cd9cc184571f1fadc0e2a4b1ef296b2197a6d4feed0337b0fcf58d2abcdc8483e3dec3e75f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 481b6a07a9424c1eaafef3cdf10f
-      Version: 3
-      TBS:
-        MD5: fd8cfeea06be14fa89689909e1fc72dc
-        SHA1: 8bc3cd2f70abe543e0dbe721065a4076c8521f36
-        SHA256: 15e7050789df807f3e3174294a01b637a1239f603e42f4b5db9398efa9da9996
-        SHA384: 8b9f95e6d3dd45e4ef38e2f12fb893d7d1bb1ba867e152e4a73c49b3d51dd52bc83a05982deac29af90436061248546d
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2011-04-15 19:55:08'
-      ValidTo: '2021-04-15 20:05:08'
-      Signature: 5ff8d065746a81c6a6ca5b03b6914ae84bbdef2ba142f0efb4a5adcd3389ec0b9585ac62501108aa58d25aa08310e5a6337af25af2c5fe787cf09c83df190ad97396002dd62ccde914d41d9de83f3c1a76f7904efb01350a6c9313a0c356eb67a0e4d17a96dec267f190f80a7bf5321b94ec5f751f8d1b34da6c58a7cb2d279e2226b7c9aa30cc0777b836e38201b5393ccc8dd9a75f7f23b3877fdb5798918bd7ce2520e39d644fdd87f72b68490318e0a5df7c5f68644d36838d4781f2e9e0a869abfa7b163c05a449ea8830190a6c73055178dfd41ddd3ad47f2de44e54be83431e7a7433b4a4ebd77073bc2a02988966eef6bc8f749378e329025a5a43e258ce7ccf9acad236893be25fda26054ec8d4e72c910e1797c5beee8b13112323294ffa83d050f6bafad53db3173df4ff034aa325dce67561d1fa35086bd62744d068b78d45e0eb852cc8a15d614474160e5958aed2b5eea5bcd6d7076ab62978fd976767dd8d4f17944fd2ed0caf972437c3a29c81da6be143b6577b4cecbf791319e79fe844e94781b75e701e91f83dd17b27f50b7056434805dda92fab86101d0b12e31ad04c6e75ded645b30b748887935c564a41029af7aeb799d8b67f88fa11f2457cf4d71b91c01cf1a0fbd4080a411a142acef4eb34486e66879ed54b7a397fbb0e3d3861cf735706e412066bd96b5308cd7018c22d4f974691bca9f0
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 6129152700000000002a
-      Version: 3
-      TBS:
-        MD5: 0bb058d116f02817737920f112d9fd3b
-        SHA1: fd116235171a4feafedee586b7a59185fb5fd7e6
-        SHA256: f970426cc46d2ae0fc5f899fa19dbe76e05f07e525654c60c3c9399492c291f4
-        SHA384: c0df876be008c26ca407fe904e6f5e7ccded17f9c16830ce9f8022309c9e64c97f494810f152811ae43e223b82ad7cc6
-    - Subject: ??=Private Organization, serialNumber=HRB 6186, ??=DE, ??=Bayern, ??=Kempten
-        (Allgaeu), C=DE, ST=Bayern, L=Kempten (Allgu), ??=Memminger Str. 151, O=3S,Smart
-        Software Solutions GmbH, CN=3S,Smart Software Solutions GmbH, emailAddress=info@codesys.com
-      ValidFrom: '2019-02-01 15:34:02'
-      ValidTo: '2021-02-01 15:34:02'
-      Signature: 80dad6d1dcb4d50486f485a5309cfafec484503d27a24a02d63b1343782a476cf76e64e32c7dfc9aca28cbdcc636c4ce4da1da4dd72f613fa54c68489ee8331b4fc66399ea933533a946e4f30f64f2ee09d592c06d1482c128e6d2c8cf0b5321a919bece3e8338c86717291eb589575bd3780e66a24111a1fa3975ffd0df0e779cf4a3ec9ecb06a7a6d89e6467d9104742fe3be7af25d1adf7e3583159a852d82e64b7b4c5f9134dbab58e4d736204e1bfdf0a66121fd9cb0a674ffac58e4de9019444329e5dd5d81770c24fc4529c52f527f473cd2ecb27b97e68b2486db25f8c2c4ced516f0c18cf1cb4b36d09109d88d20ba6b5259f4b6405c5d268718a97
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 60a8b030535055def1677cc6
-      Version: 3
-      TBS:
-        MD5: e3f11dbfce17755c33f8e88f75d1920e
-        SHA1: 78dcece49b4dbff1bd9a4d66644961c0805aef51
-        SHA256: f8e8df9ee7f7b09507e2c889d366c16a4383d87ff22d2c01808b116a4898d5d3
-        SHA384: 012b1e87cc98ed598fd4dc3a8fccba9328af6fa73510f4fd613b5e2fbe031815f008046be97c766c5f0ab9367e89173b
-    Signer:
-    - SerialNumber: 60a8b030535055def1677cc6
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Extended Validation CodeSigning
-        CA , SHA256 , G3
-      Version: 1
-  Imphash: 1e6875beefe8571686d3e8530f8c4bfb
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create SysDrv3S.sys binPath=C:\windows\temp\SysDrv3S.sys type=kernel
+        && sc.exe start SysDrv3S.sys
+    Description: Vulnerable driver found in https://github.com/hfiref0x/KDU.
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://github.com/magicsword-io/LOLDrivers/issues/55#issuecomment-1537161951
-Tags:
-- SysDrv3S.sys
-Verified: 'TRUE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/0e53b58415fa68552928622118d5b8a3a851b2fc512709a90b63ba46acda8b6b.yara
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: hfiref0x
+    Person: hfiref0x
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 0ef111dc998659cbc37f0d9845cdd2df
+        SHA1: 432b5809d84935d15574de8d64b22e06682ff715
+        SHA256: 97cada65b735f3eece349c7b7021c4469d5a9fb3cf8b5e2ac187006469ffbc98
+    Company: 3S-Smart Software Solutions GmbH
+    Copyright: "Copyright \xA9 2006-2014"
+    CreationTimestamp: '2016-02-24 05:31:51'
+    Date: ''
+    Description: SysDrv3S
+    ExportedFunctions: ''
+    FileVersion: 3,5,6,0
+    Filename: SysDrv3S.sys
+    ImportedFunctions:
+    - HalSetBusDataByOffset
+    - HalTranslateBusAddress
+    - HalGetBusData
+    - IoDeleteDevice
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - RtlInitUnicodeString
+    - DbgPrint
+    - IofCompleteRequest
+    - ZwUnmapViewOfSection
+    - RtlAssert
+    - IoDeleteSymbolicLink
+    - ZwClose
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - RtlQueryRegistryValues
+    - RtlWriteRegistryValue
+    - ZwCreateFile
+    - ZwReadFile
+    - ZwWriteFile
+    - ZwQueryInformationFile
+    - KeSetEvent
+    - KeWaitForSingleObject
+    - IofCallDriver
+    - KeInitializeEvent
+    - IoGetDeviceProperty
+    - __C_specific_handler
+    - IoDetachDevice
+    - RtlFreeUnicodeString
+    - IoAttachDeviceToDeviceStack
+    - RtlCopyUnicodeString
+    - ExAllocatePool
+    - PoCallDriver
+    - PoStartNextPowerIrp
+    - IoFreeIrp
+    - IoAllocateIrp
+    Imports:
+    - HAL.dll
+    - ntoskrnl.exe
+    InternalName: SysDrv3S
+    MD5: 31eca8c0b32135850d5a50aee11fec87
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: SysDrv3S.sys
+    Product: SysDrv3S
+    ProductVersion: 3.5.6.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 4c4e61d23caf453cd98052bd346147af
+        SHA1: 8cac5443a51b67b2cdcf79e16acf97e900f1cc3b
+        SHA256: b4312d3ba6a4607ea60df01e1cc8f20eced165f726bb535c437a1c48f63bb1b0
+    SHA1: e1069365cb580e3525090f2fa28efd4127223588
+    SHA256: 0e53b58415fa68552928622118d5b8a3a851b2fc512709a90b63ba46acda8b6b
+    Sections:
+        .text:
+            Entropy: 5.487700675400823
+            Virtual Size: '0x3afb'
+        .gdat:
+            Entropy: 0.0
+            Virtual Size: '0xec1314'
+        .rdata:
+            Entropy: 5.282534845463875
+            Virtual Size: '0xac4'
+        .data:
+            Entropy: 2.8653907057442844
+            Virtual Size: '0xf0'
+        .pdata:
+            Entropy: 4.315220761729047
+            Virtual Size: '0x2a0'
+        INIT:
+            Entropy: 4.919040139613327
+            Virtual Size: '0x472'
+        .rsrc:
+            Entropy: 3.3014617564676696
+            Virtual Size: '0x3c0'
+        .reloc:
+            Entropy: 1.2611452975073978
+            Virtual Size: '0x120'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: OU=GlobalSign Root CA , R3, O=GlobalSign, CN=GlobalSign
+            ValidFrom: '2009-11-18 10:00:00'
+            ValidTo: '2019-03-18 10:00:00'
+            Signature: 4252a97ea2cf5b3bcb4bddbaf85759d324a47772ef62443782ed06ee04d5165f24a314dc6c54056ab09b3dda8139daad28db956f8183f5cd62b14524b1dd29e5085495958cf01d065f1ad6463f1340174811169b474dd13ab50f571c9230d0f8b2253b0acdf687f9c7b257d33f7da58c14ce9ca8c79f4693da59fa795d652035445a4fc1909dc1549256dc34c8f5c103d05dc059489c00fc95a0f1d176f71636c813927f2d2bc0b880f126261f414d52bf1e97bb018208e715f6c1d5342accf5e4c3877a5781e1d6d74286620177e2a9c47a86f404387a076a7d00ec73f7a80b3478c59eb3efb838400e8c3353c875ec5f3eea755eff820e7415dc1905f3ba31
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000125071df9af
+            Version: 3
+            TBS:
+                MD5: f47739306d14722e670d9436eadb8e4f
+                SHA1: 457d9df00a652cb4c3356d00145d9528fc309172
+                SHA256: bd1765c56594221373893ef26d97f88c144fb0e5a0111215b45d7239c3444df7
+                SHA384: b8b268a1bdf388be66a1c969b7b353cb2bbc9fad446049b7efa05a9ab3b714494e97f4d1ee1c0bae35bfd9bf6ef275b3
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Extended Validation CodeSigning
+                CA , SHA256 , G3
+            ValidFrom: '2016-06-15 00:00:00'
+            ValidTo: '2024-06-15 00:00:00'
+            Signature: 7609c4cc2fd9ef1e4ba9f857f3403921ca4c3c1d9e292b20d42b44d288ce1a0d05cf8381bbeb69bc318d2ac4c744cc6060941ccfa1e102240ead5bbe2cc2271e67b7e8281f3251e339f398dfb89f2e8b2ab47b0a03bcbd36048fc9d09c4fa3022799b0f045e934dfe43aa3b70637d86f2a7990d4d44e5871ec53a96198f73969e0129c575872862729a51de532f32b99975abf2bb03cb406ea0e64ecb7cd65802417c2d937f5b1261035477b9a02ba54a24593ff79bf1a8cc59fb59fdf78e76b50f14794694b24b8da05e80c9d4f06ec4a31207e4f5d86842f35a3cd9cc184571f1fadc0e2a4b1ef296b2197a6d4feed0337b0fcf58d2abcdc8483e3dec3e75f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 481b6a07a9424c1eaafef3cdf10f
+            Version: 3
+            TBS:
+                MD5: fd8cfeea06be14fa89689909e1fc72dc
+                SHA1: 8bc3cd2f70abe543e0dbe721065a4076c8521f36
+                SHA256: 15e7050789df807f3e3174294a01b637a1239f603e42f4b5db9398efa9da9996
+                SHA384: 8b9f95e6d3dd45e4ef38e2f12fb893d7d1bb1ba867e152e4a73c49b3d51dd52bc83a05982deac29af90436061248546d
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2011-04-15 19:55:08'
+            ValidTo: '2021-04-15 20:05:08'
+            Signature: 5ff8d065746a81c6a6ca5b03b6914ae84bbdef2ba142f0efb4a5adcd3389ec0b9585ac62501108aa58d25aa08310e5a6337af25af2c5fe787cf09c83df190ad97396002dd62ccde914d41d9de83f3c1a76f7904efb01350a6c9313a0c356eb67a0e4d17a96dec267f190f80a7bf5321b94ec5f751f8d1b34da6c58a7cb2d279e2226b7c9aa30cc0777b836e38201b5393ccc8dd9a75f7f23b3877fdb5798918bd7ce2520e39d644fdd87f72b68490318e0a5df7c5f68644d36838d4781f2e9e0a869abfa7b163c05a449ea8830190a6c73055178dfd41ddd3ad47f2de44e54be83431e7a7433b4a4ebd77073bc2a02988966eef6bc8f749378e329025a5a43e258ce7ccf9acad236893be25fda26054ec8d4e72c910e1797c5beee8b13112323294ffa83d050f6bafad53db3173df4ff034aa325dce67561d1fa35086bd62744d068b78d45e0eb852cc8a15d614474160e5958aed2b5eea5bcd6d7076ab62978fd976767dd8d4f17944fd2ed0caf972437c3a29c81da6be143b6577b4cecbf791319e79fe844e94781b75e701e91f83dd17b27f50b7056434805dda92fab86101d0b12e31ad04c6e75ded645b30b748887935c564a41029af7aeb799d8b67f88fa11f2457cf4d71b91c01cf1a0fbd4080a411a142acef4eb34486e66879ed54b7a397fbb0e3d3861cf735706e412066bd96b5308cd7018c22d4f974691bca9f0
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 6129152700000000002a
+            Version: 3
+            TBS:
+                MD5: 0bb058d116f02817737920f112d9fd3b
+                SHA1: fd116235171a4feafedee586b7a59185fb5fd7e6
+                SHA256: f970426cc46d2ae0fc5f899fa19dbe76e05f07e525654c60c3c9399492c291f4
+                SHA384: c0df876be008c26ca407fe904e6f5e7ccded17f9c16830ce9f8022309c9e64c97f494810f152811ae43e223b82ad7cc6
+        -   Subject: ??=Private Organization, serialNumber=HRB 6186, ??=DE, ??=Bayern,
+                ??=Kempten (Allgaeu), C=DE, ST=Bayern, L=Kempten (Allgu), ??=Memminger
+                Str. 151, O=3S,Smart Software Solutions GmbH, CN=3S,Smart Software
+                Solutions GmbH, emailAddress=info@codesys.com
+            ValidFrom: '2019-02-01 15:34:02'
+            ValidTo: '2021-02-01 15:34:02'
+            Signature: 80dad6d1dcb4d50486f485a5309cfafec484503d27a24a02d63b1343782a476cf76e64e32c7dfc9aca28cbdcc636c4ce4da1da4dd72f613fa54c68489ee8331b4fc66399ea933533a946e4f30f64f2ee09d592c06d1482c128e6d2c8cf0b5321a919bece3e8338c86717291eb589575bd3780e66a24111a1fa3975ffd0df0e779cf4a3ec9ecb06a7a6d89e6467d9104742fe3be7af25d1adf7e3583159a852d82e64b7b4c5f9134dbab58e4d736204e1bfdf0a66121fd9cb0a674ffac58e4de9019444329e5dd5d81770c24fc4529c52f527f473cd2ecb27b97e68b2486db25f8c2c4ced516f0c18cf1cb4b36d09109d88d20ba6b5259f4b6405c5d268718a97
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 60a8b030535055def1677cc6
+            Version: 3
+            TBS:
+                MD5: e3f11dbfce17755c33f8e88f75d1920e
+                SHA1: 78dcece49b4dbff1bd9a4d66644961c0805aef51
+                SHA256: f8e8df9ee7f7b09507e2c889d366c16a4383d87ff22d2c01808b116a4898d5d3
+                SHA384: 012b1e87cc98ed598fd4dc3a8fccba9328af6fa73510f4fd613b5e2fbe031815f008046be97c766c5f0ab9367e89173b
+        Signer:
+        -   SerialNumber: 60a8b030535055def1677cc6
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Extended Validation CodeSigning
+                CA , SHA256 , G3
+            Version: 1
+    Imphash: 1e6875beefe8571686d3e8530f8c4bfb
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/cf805b21-4611-4983-a8b6-271373a45057.yaml b/yaml/cf805b21-4611-4983-a8b6-271373a45057.yaml
index 1f952bedc..da7fb9d9a 100644
--- a/yaml/cf805b21-4611-4983-a8b6-271373a45057.yaml
+++ b/yaml/cf805b21-4611-4983-a8b6-271373a45057.yaml
@@ -1,649 +1,650 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: cf805b21-4611-4983-a8b6-271373a45057
+Tags:
+- SBIOSIO64.sys
+Verified: 'TRUE'
 Author: Takahiro Haruyama
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create SBIOSIO64sys binPath= C:\windows\temp\SBIOSIO64sys.sys type=kernel
-    && sc.exe start SBIOSIO64sys
-  Description: The Carbon Black Threat Analysis Unit (TAU) discovered 34 unique vulnerable
-    drivers (237 file hashes) accepting firmware access. Six allow kernel memory access.
-    All give full control of the devices to non-admin users. By exploiting the vulnerable
-    drivers, an attacker without the system privilege may erase/alter firmware, and/or
-    elevate privileges. As of the time of writing in October 2023, the filenames of
-    the vulnerable drivers have not been made public until now.
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-11-02'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: cf805b21-4611-4983-a8b6-271373a45057
-KnownVulnerableSamples:
-- Company: Windows (R) Win 7 DDK provider
-  Date: ''
-  Description: SBIOSIO Driver
-  FileVersion: 1.0.0000.0
-  Filename: ''
-  MD5: 942c6a8332d5dd06d8f4b2a9cb386ff4
-  MachineType: I386
-  OriginalFilename: SBIOSIO64.sys
-  Product: Samsung (R) BIOS IO driver
-  ProductVersion: 1.0.0000.0
-  Publisher: ''
-  SHA1: 06ec56736c2fc070066079bb628c17b089b58f6c
-  SHA256: 1e24c45ce2672ee403db34077c88e8b7d7797d113c6fd161906dce3784da627d
-  Signature: ''
-  Imphash: a5fd3b0143c8db98017ec1b2b2528360
-  Authentihash:
-    MD5: d125184c23727d2e5f3c3f05e7d7e5db
-    SHA1: 40eb3d916518582bbbd358d7ea84bb852664faac
-    SHA256: 2ff73944c43821b3d13abc37245c2c8d4eadc876dead02da45ea82fdf1525973
-  RichPEHeaderHash:
-    MD5: 09d0977737973a184184db45d99fb82d
-    SHA1: c3edec8ae01ef0740fbd749b25b7d40bf305a64f
-    SHA256: c2bf30fff6907aca996614a4ed2e8ddac724dc7e9377b1ee8506e6b9edc440fd
-  Sections:
-    .text:
-      Entropy: 4.069568003070597
-      Virtual Size: '0x56'
-    .rdata:
-      Entropy: 3.4480970126194883
-      Virtual Size: '0x144'
-    .data:
-      Entropy: 3.0
-      Virtual Size: '0x8'
-    PAGE:
-      Entropy: 6.139777557370786
-      Virtual Size: '0x7b4'
-    INIT:
-      Entropy: 5.92030367688513
-      Virtual Size: '0x4dc'
-    .rsrc:
-      Entropy: 3.539557332651068
-      Virtual Size: '0x450'
-    .reloc:
-      Entropy: 3.966403242128039
-      Virtual Size: '0x10a'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2012-08-02 19:08:41'
-  InternalName: SBIOSIO64.sys
-  Copyright: Copyright (c) Samsung Electronics. All rights reserved.
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoInitializeTimer
-  - IoStartTimer
-  - IoStopTimer
-  - memmove
-  - MmMapIoSpace
-  - IoDeleteSymbolicLink
-  - KeTickCount
-  - IoDeleteDevice
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - IofCompleteRequest
-  - DbgPrint
-  - MmUnmapIoSpace
-  - RtlInitUnicodeString
-  - WRITE_PORT_USHORT
-  - WRITE_PORT_UCHAR
-  - READ_PORT_ULONG
-  - READ_PORT_USHORT
-  - READ_PORT_UCHAR
-  - WRITE_PORT_ULONG
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G3
-      ValidFrom: '2012-05-01 00:00:00'
-      ValidTo: '2012-12-31 23:59:59'
-      Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
-      Version: 3
-      TBS:
-        MD5: e6d820afb23af20a65cf0b03247ea05e
-        SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
-        SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
-        SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=KR, ST=Kyungki,Do, L=Suwon, O=Samsung Electronics CO., LTD., OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=Computer System, CN=Samsung
-        Electronics CO., LTD.
-      ValidFrom: '2010-12-06 00:00:00'
-      ValidTo: '2013-12-21 23:59:59'
-      Signature: 2057a9fdf5045a037d1d984cc38b118e36b749e258350b588e86af2ababcf20718e11282f5a0f7d82085b856ad4bca95ce051c05915a10dbdb75b46e75ec3acea43ce4ae96c7fcfbd0600e6dceeea5890c38f5a4f4aedc6502059512d3d474c092eb7851b92b73857e32ee96c2fa20023880365e50f133f7663cac30cfe850a25d15348c6a815955f59be92464ec9b45d996a7782697735d4947ceb4e5d04780a65db5f751ec330b22ff6389d4a2088d010ffffb558c1c13810fd6a9684813cecc725aa75174af4e34f4b26afb94e67104a86d5b3b4cab81ef0a4ec60fe6ff517da12cda0dddc0f2d68acec8fc12775b585b8bf3d17e25cf4af70930565d8b5f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 02de9572414317531c3a3d52989eb11c
-      Version: 3
-      TBS:
-        MD5: de3b0d081703c04083296379c0805a41
-        SHA1: 7d0c5c00cb67528ebfbcf9d904e89097c0afd016
-        SHA256: 28c9fe03359a7f51aa95a341d12c42a3cb7572f92575972f80b14a4e52a3bd58
-        SHA384: 44f3fbb4c8821afaad7cbf9c9720df15a9580dd55d97933bc029815bebb66e463ff435823e9cbca84f6fff3a0a6330ec
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 02de9572414317531c3a3d52989eb11c
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: Windows (R) Win 7 DDK provider
-  Date: ''
-  Description: SBIOSIO Driver
-  FileVersion: 1.0.0000.0
-  Filename: ''
-  MD5: d98d2f80b94f70780b46d1f079a38d93
-  MachineType: AMD64
-  OriginalFilename: SBIOSIO64.sys
-  Product: Samsung (R) BIOS IO driver
-  ProductVersion: 1.0.0000.0
-  Publisher: ''
-  SHA1: 0e47bd9b67500a67ce18c24328d6d0db8ae2c493
-  SHA256: 39336e2ce105901ab65021d6fdc3932d3d6aab665fe4bd55aa1aa66eb0de32f0
-  Signature: ''
-  Imphash: 16b23f4c6ea47d01340a2cce4bf613f7
-  Authentihash:
-    MD5: 097a1574923b78c25f2f89e4e8dd0889
-    SHA1: d0ad756e0f7403307d3df85325ecb9c348b312af
-    SHA256: e53dabeff15be08a23fb7eccfd82fd1dbdc3de857b28209dac3b4b2bdc3cb13a
-  RichPEHeaderHash:
-    MD5: 6ee23ed6f4435eaf2b431ace99e582da
-    SHA1: 29f8381980864a35127acc16984ddaf0285c8391
-    SHA256: 0cea3ad44b6e25f345fca2c3e241b434216c9c8415e62f59d9b2c462540cac08
-  Sections:
-    .text:
-      Entropy: 5.518059504754779
-      Virtual Size: '0x3a2'
-    .rdata:
-      Entropy: 3.3032355476794035
-      Virtual Size: '0x204'
-    .data:
-      Entropy: 0.5159719988134768
-      Virtual Size: '0x110'
-    .pdata:
-      Entropy: 3.427892652622197
-      Virtual Size: '0xa8'
-    PAGE:
-      Entropy: 5.847176736264894
-      Virtual Size: '0x9aa'
-    INIT:
-      Entropy: 5.4721151625197
-      Virtual Size: '0x490'
-    .rsrc:
-      Entropy: 3.534084647886606
-      Virtual Size: '0x450'
-    .reloc:
-      Entropy: 1.584962500721156
-      Virtual Size: '0xc'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2012-08-02 07:43:40'
-  InternalName: SBIOSIO64.sys
-  Copyright: Copyright (c) Samsung Electronics. All rights reserved.
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - RtlInitUnicodeString
-  - DbgPrint
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - IoInitializeTimer
-  - IoStartTimer
-  - IoStopTimer
-  - MmMapIoSpace
-  - MmUnmapIoSpace
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G3
-      ValidFrom: '2012-05-01 00:00:00'
-      ValidTo: '2012-12-31 23:59:59'
-      Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
-      Version: 3
-      TBS:
-        MD5: e6d820afb23af20a65cf0b03247ea05e
-        SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
-        SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
-        SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=KR, ST=Kyungki,Do, L=Suwon, O=Samsung Electronics CO., LTD., OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=Computer System, CN=Samsung
-        Electronics CO., LTD.
-      ValidFrom: '2010-12-06 00:00:00'
-      ValidTo: '2013-12-21 23:59:59'
-      Signature: 2057a9fdf5045a037d1d984cc38b118e36b749e258350b588e86af2ababcf20718e11282f5a0f7d82085b856ad4bca95ce051c05915a10dbdb75b46e75ec3acea43ce4ae96c7fcfbd0600e6dceeea5890c38f5a4f4aedc6502059512d3d474c092eb7851b92b73857e32ee96c2fa20023880365e50f133f7663cac30cfe850a25d15348c6a815955f59be92464ec9b45d996a7782697735d4947ceb4e5d04780a65db5f751ec330b22ff6389d4a2088d010ffffb558c1c13810fd6a9684813cecc725aa75174af4e34f4b26afb94e67104a86d5b3b4cab81ef0a4ec60fe6ff517da12cda0dddc0f2d68acec8fc12775b585b8bf3d17e25cf4af70930565d8b5f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 02de9572414317531c3a3d52989eb11c
-      Version: 3
-      TBS:
-        MD5: de3b0d081703c04083296379c0805a41
-        SHA1: 7d0c5c00cb67528ebfbcf9d904e89097c0afd016
-        SHA256: 28c9fe03359a7f51aa95a341d12c42a3cb7572f92575972f80b14a4e52a3bd58
-        SHA384: 44f3fbb4c8821afaad7cbf9c9720df15a9580dd55d97933bc029815bebb66e463ff435823e9cbca84f6fff3a0a6330ec
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 02de9572414317531c3a3d52989eb11c
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: Windows (R) Win 7 DDK provider
-  Date: ''
-  Description: SBIOSIO Driver
-  FileVersion: 1.1.0000.0
-  Filename: ''
-  MD5: b7946feaeae34d51f045c4f986fa62ce
-  MachineType: AMD64
-  OriginalFilename: SBIOSIO64.sys
-  Product: Samsung (R) BIOS IO driver
-  ProductVersion: 1.1.0000.0
-  Publisher: ''
-  SHA1: fc69138b9365fa60e21243369940c8dcfcca5db1
-  SHA256: 442d506c1ac1f48f6224f0cdd64590779aee9c88bdda2f2cc3169b862cba1243
-  Signature: ''
-  Imphash: e586fd1c5af87b43696b9d29b09bf1b1
-  Authentihash:
-    MD5: eaf5ab9ab74419bee881d0714f922b5b
-    SHA1: e6584d2254a8d0a31c7988b0eecc2cee6990ce3f
-    SHA256: a0dbcf82dc346a49a816b3a6283392c9f2531661e460072ba063be898e5cbda0
-  RichPEHeaderHash:
-    MD5: f370a143545c68df6e6d3c0c79cf537c
-    SHA1: 2ce5961fe55121b9e7873d529bd481039a9b2c6b
-    SHA256: 6ee450fd0eeae403ebd83c363ba07961fc13934a603186753fa6144fe55a6865
-  Sections:
-    .text:
-      Entropy: 5.417823695306119
-      Virtual Size: '0x360'
-    .rdata:
-      Entropy: 3.4736085684433804
-      Virtual Size: '0x1ec'
-    .data:
-      Entropy: 0.5159719988134768
-      Virtual Size: '0x110'
-    .pdata:
-      Entropy: 3.399239447144194
-      Virtual Size: '0x9c'
-    PAGE:
-      Entropy: 5.838273633828555
-      Virtual Size: '0x98a'
-    INIT:
-      Entropy: 5.480371031323383
-      Virtual Size: '0x446'
-    .rsrc:
-      Entropy: 3.5385081165162506
-      Virtual Size: '0x450'
-    .reloc:
-      Entropy: 1.584962500721156
-      Virtual Size: '0xc'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2013-04-16 21:59:34'
-  InternalName: SBIOSIO64.sys
-  Copyright: Copyright (c) Samsung Electronics. All rights reserved.
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - RtlInitUnicodeString
-  - DbgPrint
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - MmMapIoSpace
-  - MmUnmapIoSpace
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=KR, ST=Kyungki,Do, L=Suwon, O=Samsung Electronics CO., LTD., OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=Computer System, CN=Samsung
-        Electronics CO., LTD.
-      ValidFrom: '2010-12-06 00:00:00'
-      ValidTo: '2013-12-21 23:59:59'
-      Signature: 2057a9fdf5045a037d1d984cc38b118e36b749e258350b588e86af2ababcf20718e11282f5a0f7d82085b856ad4bca95ce051c05915a10dbdb75b46e75ec3acea43ce4ae96c7fcfbd0600e6dceeea5890c38f5a4f4aedc6502059512d3d474c092eb7851b92b73857e32ee96c2fa20023880365e50f133f7663cac30cfe850a25d15348c6a815955f59be92464ec9b45d996a7782697735d4947ceb4e5d04780a65db5f751ec330b22ff6389d4a2088d010ffffb558c1c13810fd6a9684813cecc725aa75174af4e34f4b26afb94e67104a86d5b3b4cab81ef0a4ec60fe6ff517da12cda0dddc0f2d68acec8fc12775b585b8bf3d17e25cf4af70930565d8b5f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 02de9572414317531c3a3d52989eb11c
-      Version: 3
-      TBS:
-        MD5: de3b0d081703c04083296379c0805a41
-        SHA1: 7d0c5c00cb67528ebfbcf9d904e89097c0afd016
-        SHA256: 28c9fe03359a7f51aa95a341d12c42a3cb7572f92575972f80b14a4e52a3bd58
-        SHA384: 44f3fbb4c8821afaad7cbf9c9720df15a9580dd55d97933bc029815bebb66e463ff435823e9cbca84f6fff3a0a6330ec
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 02de9572414317531c3a3d52989eb11c
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: Windows (R) Win 7 DDK provider
-  Date: ''
-  Description: SBIOSIO Driver
-  FileVersion: 1.1.0000.0
-  Filename: ''
-  MD5: 3c9c537167923723429c86ab38743e7d
-  MachineType: I386
-  OriginalFilename: SBIOSIO64.sys
-  Product: Samsung (R) BIOS IO driver
-  ProductVersion: 1.1.0000.0
-  Publisher: ''
-  SHA1: ee877b496777763e853dd81fefd0924509bc5be0
-  SHA256: b3d1bdd4ad819b99870b6e2ed3527dfc0e3ce27b929ad64382b9c3d4e332315c
-  Signature: ''
-  Imphash: 8f4588156ea7d9af8e4c162ce4c3ff23
-  Authentihash:
-    MD5: d69685c4fb9d98f92f4c4a9bda2d421d
-    SHA1: 7f18a1c6513e3f5ac06e0a915106cf8a11c9fccd
-    SHA256: 6208a115fc72bc9014c7debb188c473c41f64e7ffeb3efbd31af6c48c0726702
-  RichPEHeaderHash:
-    MD5: 49e8ebe6573de777e41e8c45126b3f2a
-    SHA1: b9cdef67bb2d3f16cd94eef95adf92d635113361
-    SHA256: 857124c9bbc5ef4d01be683e20aebad31e5dbf4d710147d56822f2e0e1d65acf
-  Sections:
-    .text:
-      Entropy: 2.6449929343967673
-      Virtual Size: '0x28'
-    .rdata:
-      Entropy: 3.5522883555300018
-      Virtual Size: '0x134'
-    .data:
-      Entropy: 3.0
-      Virtual Size: '0x8'
-    PAGE:
-      Entropy: 6.140569968565812
-      Virtual Size: '0x794'
-    INIT:
-      Entropy: 5.931166652876869
-      Virtual Size: '0x49e'
-    .rsrc:
-      Entropy: 3.5439808012807132
-      Virtual Size: '0x450'
-    .reloc:
-      Entropy: 3.9199456371510095
-      Virtual Size: '0xfc'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2013-04-16 21:59:54'
-  InternalName: SBIOSIO64.sys
-  Copyright: Copyright (c) Samsung Electronics. All rights reserved.
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - memmove
-  - MmMapIoSpace
-  - MmUnmapIoSpace
-  - IoDeleteSymbolicLink
-  - KeTickCount
-  - IoDeleteDevice
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - IofCompleteRequest
-  - DbgPrint
-  - RtlInitUnicodeString
-  - WRITE_PORT_USHORT
-  - WRITE_PORT_UCHAR
-  - READ_PORT_ULONG
-  - READ_PORT_USHORT
-  - READ_PORT_UCHAR
-  - WRITE_PORT_ULONG
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=KR, ST=Kyungki,Do, L=Suwon, O=Samsung Electronics CO., LTD., OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=Computer System, CN=Samsung
-        Electronics CO., LTD.
-      ValidFrom: '2010-12-06 00:00:00'
-      ValidTo: '2013-12-21 23:59:59'
-      Signature: 2057a9fdf5045a037d1d984cc38b118e36b749e258350b588e86af2ababcf20718e11282f5a0f7d82085b856ad4bca95ce051c05915a10dbdb75b46e75ec3acea43ce4ae96c7fcfbd0600e6dceeea5890c38f5a4f4aedc6502059512d3d474c092eb7851b92b73857e32ee96c2fa20023880365e50f133f7663cac30cfe850a25d15348c6a815955f59be92464ec9b45d996a7782697735d4947ceb4e5d04780a65db5f751ec330b22ff6389d4a2088d010ffffb558c1c13810fd6a9684813cecc725aa75174af4e34f4b26afb94e67104a86d5b3b4cab81ef0a4ec60fe6ff517da12cda0dddc0f2d68acec8fc12775b585b8bf3d17e25cf4af70930565d8b5f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 02de9572414317531c3a3d52989eb11c
-      Version: 3
-      TBS:
-        MD5: de3b0d081703c04083296379c0805a41
-        SHA1: 7d0c5c00cb67528ebfbcf9d904e89097c0afd016
-        SHA256: 28c9fe03359a7f51aa95a341d12c42a3cb7572f92575972f80b14a4e52a3bd58
-        SHA384: 44f3fbb4c8821afaad7cbf9c9720df15a9580dd55d97933bc029815bebb66e463ff435823e9cbca84f6fff3a0a6330ec
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 02de9572414317531c3a3d52989eb11c
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create SBIOSIO64sys binPath= C:\windows\temp\SBIOSIO64sys.sys
+        type=kernel && sc.exe start SBIOSIO64sys
+    Description: The Carbon Black Threat Analysis Unit (TAU) discovered 34 unique
+        vulnerable drivers (237 file hashes) accepting firmware access. Six allow
+        kernel memory access. All give full control of the devices to non-admin users.
+        By exploiting the vulnerable drivers, an attacker without the system privilege
+        may erase/alter firmware, and/or elevate privileges. As of the time of writing
+        in October 2023, the filenames of the vulnerable drivers have not been made
+        public until now.
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://blogs.vmware.com/security/2023/10/hunting-vulnerable-kernel-drivers.html
-Tags:
-- SBIOSIO64.sys
-Verified: 'TRUE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Company: Windows (R) Win 7 DDK provider
+    Date: ''
+    Description: SBIOSIO Driver
+    FileVersion: 1.0.0000.0
+    Filename: ''
+    MD5: 942c6a8332d5dd06d8f4b2a9cb386ff4
+    MachineType: I386
+    OriginalFilename: SBIOSIO64.sys
+    Product: Samsung (R) BIOS IO driver
+    ProductVersion: 1.0.0000.0
+    Publisher: ''
+    SHA1: 06ec56736c2fc070066079bb628c17b089b58f6c
+    SHA256: 1e24c45ce2672ee403db34077c88e8b7d7797d113c6fd161906dce3784da627d
+    Signature: ''
+    Imphash: a5fd3b0143c8db98017ec1b2b2528360
+    Authentihash:
+        MD5: d125184c23727d2e5f3c3f05e7d7e5db
+        SHA1: 40eb3d916518582bbbd358d7ea84bb852664faac
+        SHA256: 2ff73944c43821b3d13abc37245c2c8d4eadc876dead02da45ea82fdf1525973
+    RichPEHeaderHash:
+        MD5: 09d0977737973a184184db45d99fb82d
+        SHA1: c3edec8ae01ef0740fbd749b25b7d40bf305a64f
+        SHA256: c2bf30fff6907aca996614a4ed2e8ddac724dc7e9377b1ee8506e6b9edc440fd
+    Sections:
+        .text:
+            Entropy: 4.069568003070597
+            Virtual Size: '0x56'
+        .rdata:
+            Entropy: 3.4480970126194883
+            Virtual Size: '0x144'
+        .data:
+            Entropy: 3.0
+            Virtual Size: '0x8'
+        PAGE:
+            Entropy: 6.139777557370786
+            Virtual Size: '0x7b4'
+        INIT:
+            Entropy: 5.92030367688513
+            Virtual Size: '0x4dc'
+        .rsrc:
+            Entropy: 3.539557332651068
+            Virtual Size: '0x450'
+        .reloc:
+            Entropy: 3.966403242128039
+            Virtual Size: '0x10a'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2012-08-02 19:08:41'
+    InternalName: SBIOSIO64.sys
+    Copyright: Copyright (c) Samsung Electronics. All rights reserved.
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoInitializeTimer
+    - IoStartTimer
+    - IoStopTimer
+    - memmove
+    - MmMapIoSpace
+    - IoDeleteSymbolicLink
+    - KeTickCount
+    - IoDeleteDevice
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - IofCompleteRequest
+    - DbgPrint
+    - MmUnmapIoSpace
+    - RtlInitUnicodeString
+    - WRITE_PORT_USHORT
+    - WRITE_PORT_UCHAR
+    - READ_PORT_ULONG
+    - READ_PORT_USHORT
+    - READ_PORT_UCHAR
+    - WRITE_PORT_ULONG
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G3
+            ValidFrom: '2012-05-01 00:00:00'
+            ValidTo: '2012-12-31 23:59:59'
+            Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
+            Version: 3
+            TBS:
+                MD5: e6d820afb23af20a65cf0b03247ea05e
+                SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
+                SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
+                SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=KR, ST=Kyungki,Do, L=Suwon, O=Samsung Electronics CO., LTD.,
+                OU=Digital ID Class 3 , Microsoft Software Validation v2, OU=Computer
+                System, CN=Samsung Electronics CO., LTD.
+            ValidFrom: '2010-12-06 00:00:00'
+            ValidTo: '2013-12-21 23:59:59'
+            Signature: 2057a9fdf5045a037d1d984cc38b118e36b749e258350b588e86af2ababcf20718e11282f5a0f7d82085b856ad4bca95ce051c05915a10dbdb75b46e75ec3acea43ce4ae96c7fcfbd0600e6dceeea5890c38f5a4f4aedc6502059512d3d474c092eb7851b92b73857e32ee96c2fa20023880365e50f133f7663cac30cfe850a25d15348c6a815955f59be92464ec9b45d996a7782697735d4947ceb4e5d04780a65db5f751ec330b22ff6389d4a2088d010ffffb558c1c13810fd6a9684813cecc725aa75174af4e34f4b26afb94e67104a86d5b3b4cab81ef0a4ec60fe6ff517da12cda0dddc0f2d68acec8fc12775b585b8bf3d17e25cf4af70930565d8b5f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 02de9572414317531c3a3d52989eb11c
+            Version: 3
+            TBS:
+                MD5: de3b0d081703c04083296379c0805a41
+                SHA1: 7d0c5c00cb67528ebfbcf9d904e89097c0afd016
+                SHA256: 28c9fe03359a7f51aa95a341d12c42a3cb7572f92575972f80b14a4e52a3bd58
+                SHA384: 44f3fbb4c8821afaad7cbf9c9720df15a9580dd55d97933bc029815bebb66e463ff435823e9cbca84f6fff3a0a6330ec
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 02de9572414317531c3a3d52989eb11c
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: Windows (R) Win 7 DDK provider
+    Date: ''
+    Description: SBIOSIO Driver
+    FileVersion: 1.0.0000.0
+    Filename: ''
+    MD5: d98d2f80b94f70780b46d1f079a38d93
+    MachineType: AMD64
+    OriginalFilename: SBIOSIO64.sys
+    Product: Samsung (R) BIOS IO driver
+    ProductVersion: 1.0.0000.0
+    Publisher: ''
+    SHA1: 0e47bd9b67500a67ce18c24328d6d0db8ae2c493
+    SHA256: 39336e2ce105901ab65021d6fdc3932d3d6aab665fe4bd55aa1aa66eb0de32f0
+    Signature: ''
+    Imphash: 16b23f4c6ea47d01340a2cce4bf613f7
+    Authentihash:
+        MD5: 097a1574923b78c25f2f89e4e8dd0889
+        SHA1: d0ad756e0f7403307d3df85325ecb9c348b312af
+        SHA256: e53dabeff15be08a23fb7eccfd82fd1dbdc3de857b28209dac3b4b2bdc3cb13a
+    RichPEHeaderHash:
+        MD5: 6ee23ed6f4435eaf2b431ace99e582da
+        SHA1: 29f8381980864a35127acc16984ddaf0285c8391
+        SHA256: 0cea3ad44b6e25f345fca2c3e241b434216c9c8415e62f59d9b2c462540cac08
+    Sections:
+        .text:
+            Entropy: 5.518059504754779
+            Virtual Size: '0x3a2'
+        .rdata:
+            Entropy: 3.3032355476794035
+            Virtual Size: '0x204'
+        .data:
+            Entropy: 0.5159719988134768
+            Virtual Size: '0x110'
+        .pdata:
+            Entropy: 3.427892652622197
+            Virtual Size: '0xa8'
+        PAGE:
+            Entropy: 5.847176736264894
+            Virtual Size: '0x9aa'
+        INIT:
+            Entropy: 5.4721151625197
+            Virtual Size: '0x490'
+        .rsrc:
+            Entropy: 3.534084647886606
+            Virtual Size: '0x450'
+        .reloc:
+            Entropy: 1.584962500721156
+            Virtual Size: '0xc'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2012-08-02 07:43:40'
+    InternalName: SBIOSIO64.sys
+    Copyright: Copyright (c) Samsung Electronics. All rights reserved.
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - RtlInitUnicodeString
+    - DbgPrint
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - IoInitializeTimer
+    - IoStartTimer
+    - IoStopTimer
+    - MmMapIoSpace
+    - MmUnmapIoSpace
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G3
+            ValidFrom: '2012-05-01 00:00:00'
+            ValidTo: '2012-12-31 23:59:59'
+            Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
+            Version: 3
+            TBS:
+                MD5: e6d820afb23af20a65cf0b03247ea05e
+                SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
+                SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
+                SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=KR, ST=Kyungki,Do, L=Suwon, O=Samsung Electronics CO., LTD.,
+                OU=Digital ID Class 3 , Microsoft Software Validation v2, OU=Computer
+                System, CN=Samsung Electronics CO., LTD.
+            ValidFrom: '2010-12-06 00:00:00'
+            ValidTo: '2013-12-21 23:59:59'
+            Signature: 2057a9fdf5045a037d1d984cc38b118e36b749e258350b588e86af2ababcf20718e11282f5a0f7d82085b856ad4bca95ce051c05915a10dbdb75b46e75ec3acea43ce4ae96c7fcfbd0600e6dceeea5890c38f5a4f4aedc6502059512d3d474c092eb7851b92b73857e32ee96c2fa20023880365e50f133f7663cac30cfe850a25d15348c6a815955f59be92464ec9b45d996a7782697735d4947ceb4e5d04780a65db5f751ec330b22ff6389d4a2088d010ffffb558c1c13810fd6a9684813cecc725aa75174af4e34f4b26afb94e67104a86d5b3b4cab81ef0a4ec60fe6ff517da12cda0dddc0f2d68acec8fc12775b585b8bf3d17e25cf4af70930565d8b5f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 02de9572414317531c3a3d52989eb11c
+            Version: 3
+            TBS:
+                MD5: de3b0d081703c04083296379c0805a41
+                SHA1: 7d0c5c00cb67528ebfbcf9d904e89097c0afd016
+                SHA256: 28c9fe03359a7f51aa95a341d12c42a3cb7572f92575972f80b14a4e52a3bd58
+                SHA384: 44f3fbb4c8821afaad7cbf9c9720df15a9580dd55d97933bc029815bebb66e463ff435823e9cbca84f6fff3a0a6330ec
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 02de9572414317531c3a3d52989eb11c
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: Windows (R) Win 7 DDK provider
+    Date: ''
+    Description: SBIOSIO Driver
+    FileVersion: 1.1.0000.0
+    Filename: ''
+    MD5: b7946feaeae34d51f045c4f986fa62ce
+    MachineType: AMD64
+    OriginalFilename: SBIOSIO64.sys
+    Product: Samsung (R) BIOS IO driver
+    ProductVersion: 1.1.0000.0
+    Publisher: ''
+    SHA1: fc69138b9365fa60e21243369940c8dcfcca5db1
+    SHA256: 442d506c1ac1f48f6224f0cdd64590779aee9c88bdda2f2cc3169b862cba1243
+    Signature: ''
+    Imphash: e586fd1c5af87b43696b9d29b09bf1b1
+    Authentihash:
+        MD5: eaf5ab9ab74419bee881d0714f922b5b
+        SHA1: e6584d2254a8d0a31c7988b0eecc2cee6990ce3f
+        SHA256: a0dbcf82dc346a49a816b3a6283392c9f2531661e460072ba063be898e5cbda0
+    RichPEHeaderHash:
+        MD5: f370a143545c68df6e6d3c0c79cf537c
+        SHA1: 2ce5961fe55121b9e7873d529bd481039a9b2c6b
+        SHA256: 6ee450fd0eeae403ebd83c363ba07961fc13934a603186753fa6144fe55a6865
+    Sections:
+        .text:
+            Entropy: 5.417823695306119
+            Virtual Size: '0x360'
+        .rdata:
+            Entropy: 3.4736085684433804
+            Virtual Size: '0x1ec'
+        .data:
+            Entropy: 0.5159719988134768
+            Virtual Size: '0x110'
+        .pdata:
+            Entropy: 3.399239447144194
+            Virtual Size: '0x9c'
+        PAGE:
+            Entropy: 5.838273633828555
+            Virtual Size: '0x98a'
+        INIT:
+            Entropy: 5.480371031323383
+            Virtual Size: '0x446'
+        .rsrc:
+            Entropy: 3.5385081165162506
+            Virtual Size: '0x450'
+        .reloc:
+            Entropy: 1.584962500721156
+            Virtual Size: '0xc'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2013-04-16 21:59:34'
+    InternalName: SBIOSIO64.sys
+    Copyright: Copyright (c) Samsung Electronics. All rights reserved.
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - RtlInitUnicodeString
+    - DbgPrint
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - MmMapIoSpace
+    - MmUnmapIoSpace
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=KR, ST=Kyungki,Do, L=Suwon, O=Samsung Electronics CO., LTD.,
+                OU=Digital ID Class 3 , Microsoft Software Validation v2, OU=Computer
+                System, CN=Samsung Electronics CO., LTD.
+            ValidFrom: '2010-12-06 00:00:00'
+            ValidTo: '2013-12-21 23:59:59'
+            Signature: 2057a9fdf5045a037d1d984cc38b118e36b749e258350b588e86af2ababcf20718e11282f5a0f7d82085b856ad4bca95ce051c05915a10dbdb75b46e75ec3acea43ce4ae96c7fcfbd0600e6dceeea5890c38f5a4f4aedc6502059512d3d474c092eb7851b92b73857e32ee96c2fa20023880365e50f133f7663cac30cfe850a25d15348c6a815955f59be92464ec9b45d996a7782697735d4947ceb4e5d04780a65db5f751ec330b22ff6389d4a2088d010ffffb558c1c13810fd6a9684813cecc725aa75174af4e34f4b26afb94e67104a86d5b3b4cab81ef0a4ec60fe6ff517da12cda0dddc0f2d68acec8fc12775b585b8bf3d17e25cf4af70930565d8b5f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 02de9572414317531c3a3d52989eb11c
+            Version: 3
+            TBS:
+                MD5: de3b0d081703c04083296379c0805a41
+                SHA1: 7d0c5c00cb67528ebfbcf9d904e89097c0afd016
+                SHA256: 28c9fe03359a7f51aa95a341d12c42a3cb7572f92575972f80b14a4e52a3bd58
+                SHA384: 44f3fbb4c8821afaad7cbf9c9720df15a9580dd55d97933bc029815bebb66e463ff435823e9cbca84f6fff3a0a6330ec
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 02de9572414317531c3a3d52989eb11c
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: Windows (R) Win 7 DDK provider
+    Date: ''
+    Description: SBIOSIO Driver
+    FileVersion: 1.1.0000.0
+    Filename: ''
+    MD5: 3c9c537167923723429c86ab38743e7d
+    MachineType: I386
+    OriginalFilename: SBIOSIO64.sys
+    Product: Samsung (R) BIOS IO driver
+    ProductVersion: 1.1.0000.0
+    Publisher: ''
+    SHA1: ee877b496777763e853dd81fefd0924509bc5be0
+    SHA256: b3d1bdd4ad819b99870b6e2ed3527dfc0e3ce27b929ad64382b9c3d4e332315c
+    Signature: ''
+    Imphash: 8f4588156ea7d9af8e4c162ce4c3ff23
+    Authentihash:
+        MD5: d69685c4fb9d98f92f4c4a9bda2d421d
+        SHA1: 7f18a1c6513e3f5ac06e0a915106cf8a11c9fccd
+        SHA256: 6208a115fc72bc9014c7debb188c473c41f64e7ffeb3efbd31af6c48c0726702
+    RichPEHeaderHash:
+        MD5: 49e8ebe6573de777e41e8c45126b3f2a
+        SHA1: b9cdef67bb2d3f16cd94eef95adf92d635113361
+        SHA256: 857124c9bbc5ef4d01be683e20aebad31e5dbf4d710147d56822f2e0e1d65acf
+    Sections:
+        .text:
+            Entropy: 2.6449929343967673
+            Virtual Size: '0x28'
+        .rdata:
+            Entropy: 3.5522883555300018
+            Virtual Size: '0x134'
+        .data:
+            Entropy: 3.0
+            Virtual Size: '0x8'
+        PAGE:
+            Entropy: 6.140569968565812
+            Virtual Size: '0x794'
+        INIT:
+            Entropy: 5.931166652876869
+            Virtual Size: '0x49e'
+        .rsrc:
+            Entropy: 3.5439808012807132
+            Virtual Size: '0x450'
+        .reloc:
+            Entropy: 3.9199456371510095
+            Virtual Size: '0xfc'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2013-04-16 21:59:54'
+    InternalName: SBIOSIO64.sys
+    Copyright: Copyright (c) Samsung Electronics. All rights reserved.
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - memmove
+    - MmMapIoSpace
+    - MmUnmapIoSpace
+    - IoDeleteSymbolicLink
+    - KeTickCount
+    - IoDeleteDevice
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - IofCompleteRequest
+    - DbgPrint
+    - RtlInitUnicodeString
+    - WRITE_PORT_USHORT
+    - WRITE_PORT_UCHAR
+    - READ_PORT_ULONG
+    - READ_PORT_USHORT
+    - READ_PORT_UCHAR
+    - WRITE_PORT_ULONG
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=KR, ST=Kyungki,Do, L=Suwon, O=Samsung Electronics CO., LTD.,
+                OU=Digital ID Class 3 , Microsoft Software Validation v2, OU=Computer
+                System, CN=Samsung Electronics CO., LTD.
+            ValidFrom: '2010-12-06 00:00:00'
+            ValidTo: '2013-12-21 23:59:59'
+            Signature: 2057a9fdf5045a037d1d984cc38b118e36b749e258350b588e86af2ababcf20718e11282f5a0f7d82085b856ad4bca95ce051c05915a10dbdb75b46e75ec3acea43ce4ae96c7fcfbd0600e6dceeea5890c38f5a4f4aedc6502059512d3d474c092eb7851b92b73857e32ee96c2fa20023880365e50f133f7663cac30cfe850a25d15348c6a815955f59be92464ec9b45d996a7782697735d4947ceb4e5d04780a65db5f751ec330b22ff6389d4a2088d010ffffb558c1c13810fd6a9684813cecc725aa75174af4e34f4b26afb94e67104a86d5b3b4cab81ef0a4ec60fe6ff517da12cda0dddc0f2d68acec8fc12775b585b8bf3d17e25cf4af70930565d8b5f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 02de9572414317531c3a3d52989eb11c
+            Version: 3
+            TBS:
+                MD5: de3b0d081703c04083296379c0805a41
+                SHA1: 7d0c5c00cb67528ebfbcf9d904e89097c0afd016
+                SHA256: 28c9fe03359a7f51aa95a341d12c42a3cb7572f92575972f80b14a4e52a3bd58
+                SHA384: 44f3fbb4c8821afaad7cbf9c9720df15a9580dd55d97933bc029815bebb66e463ff435823e9cbca84f6fff3a0a6330ec
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 02de9572414317531c3a3d52989eb11c
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/cf94939a-703f-46a4-917b-d6af7e0685ef.yaml b/yaml/cf94939a-703f-46a4-917b-d6af7e0685ef.yaml
index d17b8a554..e2b1b5bdd 100644
--- a/yaml/cf94939a-703f-46a4-917b-d6af7e0685ef.yaml
+++ b/yaml/cf94939a-703f-46a4-917b-d6af7e0685ef.yaml
@@ -1,161 +1,161 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: cf94939a-703f-46a4-917b-d6af7e0685ef
+Tags:
+- mapmom.sys
+Verified: 'TRUE'
 Author: Michael Haag
+Created: '2023-07-22'
+MitreID: T1068
 CVE:
 - ''
 Category: vulnerable drivers
 Commands:
-  Command: ''
-  Description: Confirmed vulnerable driver from Microsoft Block List
-  OperatingSystem: Windows
-  Privileges: kernel
-  Usecase: Elevate privileges
-Created: '2023-07-22'
-Detection:
-- type: ''
-  value: ''
-Id: cf94939a-703f-46a4-917b-d6af7e0685ef
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 37458813b5115cbf06552da28fefbbbb
-    SHA1: 1d1cafc73c97c6bcd2331f8777d90fdca57125a3
-    SHA256: faa08cb609a5b7be6bfdb61f1e4a5e8adf2f5a1d2492f262483df7326934f5d4
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2016-09-05 00:43:33'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - IofCompleteRequest
-  - MmGetSystemRoutineAddress
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - IoDeleteDevice
-  Imports:
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: d988f9a62b8a4936a47aa70d6bc52c27
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: b2f23c03be4553a744ff25735a80073c
-    SHA1: 2703d60c8f12df9d6adf5ae475bfeb1786486888
-    SHA256: 46ffd109664b6694974986a39d508002d564434d60a0fb9f861401f2cb2c83f1
-  SHA1: bb1a15843d376690f9224c957ca030fbde9b5bad
-  SHA256: 18b12a09448244180344d7e5f8028a0ca53ca0f3bddfec06d00f995619c3fc0b
-  Sections:
-    .text:
-      Entropy: 5.848826218029174
-      Virtual Size: '0x4e0'
-    .data:
-      Entropy: -0.0
-      Virtual Size: '0xc0'
-    .pdata:
-      Entropy: 3.006469661076665
-      Virtual Size: '0x48'
-    .info:
-      Entropy: 1.3665783978789787
-      Virtual Size: '0xa0'
-    INIT:
-      Entropy: 4.123682579107587
-      Virtual Size: '0x114'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=JP, ST=Osaka, L=Chuo,ku, O=CAPCOM Co.,Ltd., OU=R&D Asset Management
-        Section, CN=CAPCOM Co.,Ltd.
-      ValidFrom: '2016-05-02 00:00:00'
-      ValidTo: '2017-05-02 23:59:59'
-      Signature: 6b29c609e5a3bc4d2e3b59a22b42cfdcf409104be6cc7767624c4f96d585ef8243554de2513754867f64e7fdd39b00956903eee7ac6087641b82d8d49548202b8349085d9298c8e2498f2094190aa46cdda0510d937d4ab73ba469229672407822b47c4f1312475a14adcb291a101f0360acdcfa64a6aac9147b034fcea762c2a68a103885208922461990ef0bf3e602ba942257b36604ef4832c715d5320b99d5fd5ba7a76128ed6d0ba7cf90c4362ee2a96422fa4a69d5af070babf4ad786adfa43a21d1ae93fedfcef13b7e2f56b7c619f7d40bcaf8756e09797a9928daa90a582c8e7180cdb62f47c0873cc708f3e396820a7fdef929190fe86dea0b2566
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 7e59408d3c99c511a853fb2f73c03dc4
-      Version: 3
-      TBS:
-        MD5: a9f59eaae33b89f4e1abd1f49343dcac
-        SHA1: 070bcfc8c776cb0c28f80c39c84633e233bea90a
-        SHA256: 30107b5e2bcaa8ae8a2c0682c78b4b79377ca56f6a84c5610ebfc0adcf7b21ad
-        SHA384: b2dfce32fc217b83ce010a7f866e8dfc1dea72f11580521aa400c155b924432707abf72f279939ca1136d84800d445cf
-    - Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 SHA256 Code Signing CA
-      ValidFrom: '2013-12-10 00:00:00'
-      ValidTo: '2023-12-09 23:59:59'
-      Signature: 13851a1e69a937f7a0bda4af7e1d6153fe9d8c5e0ca6751e781723ddfdec1a035539fb7195c7655aa78e30d2445a61db706fda2105c22e73ba49f1d193fe5dc9cd5e03e0899e3f741ed7f7388ba9d6cfbb352f3358a89256d1c84d3b82e6798416fc28b0b147f31da23eee87d9a67fa456a53fad842e29de7cbca8aaa33d0401eaba93a20e502229174c87e43a115fd6a425899b056b2fb4c9014c277b0bac190522a060153fdac9fb4d4c8ffb726777fd2794c7ba350e8849fe8dfd28af4a12bd0db39705de440c15fa362b03dcc15001f1a1115d14e5e2bd274b54be2b845e0fa6c374050aef97c38922b11f77f3bdcd43d4f14ca93fb58b84af64f2d01421
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 3d78d7f9764960b2617df4f01eca862a
-      Version: 3
-      TBS:
-        MD5: 1f056ff7d5f874984dc605402b7cb042
-        SHA1: bdb348353a2203deb4b767914fa1bd7248dd728b
-        SHA256: a08e79c386083d875014c409c13d144e0a24386132980df11ff59737c8489eb1
-        SHA384: fa2729064b49e0d77540c1ee95d5f74acaf8eaf55197851a3a40383335f8113e51190bc48b552196edf8ac5cf0c89278
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    Signer:
-    - SerialNumber: 7e59408d3c99c511a853fb2f73c03dc4
-      Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 SHA256 Code Signing CA
-      Version: 1
-  Imphash: 45bfe170e0cd654bc1e2ae3fca3ac3f4
-  LoadsDespiteHVCI: 'FALSE'
-MitreID: T1068
+    Command: ''
+    Description: Confirmed vulnerable driver from Microsoft Block List
+    OperatingSystem: Windows
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://gist.github.com/mgraeber-rc/1bde6a2a83237f17b463d051d32e802c
-Tags:
-- mapmom.sys
-Verified: 'TRUE'
+Detection:
+-   type: ''
+    value: ''
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 37458813b5115cbf06552da28fefbbbb
+        SHA1: 1d1cafc73c97c6bcd2331f8777d90fdca57125a3
+        SHA256: faa08cb609a5b7be6bfdb61f1e4a5e8adf2f5a1d2492f262483df7326934f5d4
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2016-09-05 00:43:33'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - IofCompleteRequest
+    - MmGetSystemRoutineAddress
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - IoDeleteDevice
+    Imports:
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: d988f9a62b8a4936a47aa70d6bc52c27
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: b2f23c03be4553a744ff25735a80073c
+        SHA1: 2703d60c8f12df9d6adf5ae475bfeb1786486888
+        SHA256: 46ffd109664b6694974986a39d508002d564434d60a0fb9f861401f2cb2c83f1
+    SHA1: bb1a15843d376690f9224c957ca030fbde9b5bad
+    SHA256: 18b12a09448244180344d7e5f8028a0ca53ca0f3bddfec06d00f995619c3fc0b
+    Sections:
+        .text:
+            Entropy: 5.848826218029174
+            Virtual Size: '0x4e0'
+        .data:
+            Entropy: -0.0
+            Virtual Size: '0xc0'
+        .pdata:
+            Entropy: 3.006469661076665
+            Virtual Size: '0x48'
+        .info:
+            Entropy: 1.3665783978789787
+            Virtual Size: '0xa0'
+        INIT:
+            Entropy: 4.123682579107587
+            Virtual Size: '0x114'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=JP, ST=Osaka, L=Chuo,ku, O=CAPCOM Co.,Ltd., OU=R&D Asset Management
+                Section, CN=CAPCOM Co.,Ltd.
+            ValidFrom: '2016-05-02 00:00:00'
+            ValidTo: '2017-05-02 23:59:59'
+            Signature: 6b29c609e5a3bc4d2e3b59a22b42cfdcf409104be6cc7767624c4f96d585ef8243554de2513754867f64e7fdd39b00956903eee7ac6087641b82d8d49548202b8349085d9298c8e2498f2094190aa46cdda0510d937d4ab73ba469229672407822b47c4f1312475a14adcb291a101f0360acdcfa64a6aac9147b034fcea762c2a68a103885208922461990ef0bf3e602ba942257b36604ef4832c715d5320b99d5fd5ba7a76128ed6d0ba7cf90c4362ee2a96422fa4a69d5af070babf4ad786adfa43a21d1ae93fedfcef13b7e2f56b7c619f7d40bcaf8756e09797a9928daa90a582c8e7180cdb62f47c0873cc708f3e396820a7fdef929190fe86dea0b2566
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 7e59408d3c99c511a853fb2f73c03dc4
+            Version: 3
+            TBS:
+                MD5: a9f59eaae33b89f4e1abd1f49343dcac
+                SHA1: 070bcfc8c776cb0c28f80c39c84633e233bea90a
+                SHA256: 30107b5e2bcaa8ae8a2c0682c78b4b79377ca56f6a84c5610ebfc0adcf7b21ad
+                SHA384: b2dfce32fc217b83ce010a7f866e8dfc1dea72f11580521aa400c155b924432707abf72f279939ca1136d84800d445cf
+        -   Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 SHA256 Code Signing CA
+            ValidFrom: '2013-12-10 00:00:00'
+            ValidTo: '2023-12-09 23:59:59'
+            Signature: 13851a1e69a937f7a0bda4af7e1d6153fe9d8c5e0ca6751e781723ddfdec1a035539fb7195c7655aa78e30d2445a61db706fda2105c22e73ba49f1d193fe5dc9cd5e03e0899e3f741ed7f7388ba9d6cfbb352f3358a89256d1c84d3b82e6798416fc28b0b147f31da23eee87d9a67fa456a53fad842e29de7cbca8aaa33d0401eaba93a20e502229174c87e43a115fd6a425899b056b2fb4c9014c277b0bac190522a060153fdac9fb4d4c8ffb726777fd2794c7ba350e8849fe8dfd28af4a12bd0db39705de440c15fa362b03dcc15001f1a1115d14e5e2bd274b54be2b845e0fa6c374050aef97c38922b11f77f3bdcd43d4f14ca93fb58b84af64f2d01421
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 3d78d7f9764960b2617df4f01eca862a
+            Version: 3
+            TBS:
+                MD5: 1f056ff7d5f874984dc605402b7cb042
+                SHA1: bdb348353a2203deb4b767914fa1bd7248dd728b
+                SHA256: a08e79c386083d875014c409c13d144e0a24386132980df11ff59737c8489eb1
+                SHA384: fa2729064b49e0d77540c1ee95d5f74acaf8eaf55197851a3a40383335f8113e51190bc48b552196edf8ac5cf0c89278
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        Signer:
+        -   SerialNumber: 7e59408d3c99c511a853fb2f73c03dc4
+            Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 SHA256 Code Signing CA
+            Version: 1
+    Imphash: 45bfe170e0cd654bc1e2ae3fca3ac3f4
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/cfd36b2e-cf96-498e-aeb6-ee20e7b33bbb.yaml b/yaml/cfd36b2e-cf96-498e-aeb6-ee20e7b33bbb.yaml
index 74b9acbea..b6a5e9e19 100644
--- a/yaml/cfd36b2e-cf96-498e-aeb6-ee20e7b33bbb.yaml
+++ b/yaml/cfd36b2e-cf96-498e-aeb6-ee20e7b33bbb.yaml
@@ -1,147 +1,147 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: cfd36b2e-cf96-498e-aeb6-ee20e7b33bbb
+Tags:
+- magdrvamd64.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create magdrvamd64.sys binPath=C:\windows\temp\magdrvamd64.sys     type=kernel
-    && sc.exe start magdrvamd64.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection: []
-Id: cfd36b2e-cf96-498e-aeb6-ee20e7b33bbb
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 4bc9c678b740fdbb6da3da4af3444c09
-    SHA1: 592989e3e6942baf38127b50e39dd732b323a92d
-    SHA256: 911e01544557544de4ad59b374f1234513821c50a00c7afa62a8fcca07385b2f
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2013-11-28 06:29:00'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: magdrvamd64.sys
-  ImportedFunctions:
-  - IoDeleteDevice
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - RtlInitUnicodeString
-  - IofCompleteRequest
-  - IoDeleteSymbolicLink
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  Imports:
-  - NTOSKRNL.exe
-  InternalName: ''
-  MD5: 49938383844ceec33dba794fb751c9a5
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: b600bdf31f987123de173daba685c687
-    SHA1: a843b261089202e7260aaaeda0c341dd471e60de
-    SHA256: 631fce68262329c32a525e128948baa17c8438f89b68df4c9c460865dac05699
-  SHA1: e22495d92ac3dcae5eeb1980549a9ead8155f98a
-  SHA256: be54f7279e69fb7651f98e91d24069dbc7c4c67e65850e486622ccbdc44d9a57
-  Sections:
-    .text:
-      Entropy: 5.206906989594489
-      Virtual Size: '0x824'
-    .rdata:
-      Entropy: 2.5448150550251083
-      Virtual Size: '0xa0'
-    .data:
-      Entropy: 4.727146336862168
-      Virtual Size: '0x4bf'
-    .pdata:
-      Entropy: 3.142076023138039
-      Virtual Size: '0x84'
-    INIT:
-      Entropy: 4.012978735724934
-      Virtual Size: '0x122'
-    .rsrc:
-      Entropy: 4.085285638853219
-      Virtual Size: '0xb0'
-  Signature:
-  - Samsung Electronics Co., Ltd.
-  - GlobalSign CodeSigning CA - G2
-  - GlobalSign Root CA - R1
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO
-        Time Stamping Signer
-      ValidFrom: '2010-05-10 00:00:00'
-      ValidTo: '2015-05-10 23:59:59'
-      Signature: c8fb63f80b75752c3af1f213a72db6a31a9cad0107d3348e77e0c26eae025d484fa4d221b636fd2a35437c6bdf80870b15f0763200b4ceb567a42f2f201b9c549e833f1f5f149562820f2241221f70b3f3f742de6c51cd4bf821ac9b3b8cb1e5e6288fce2a8af9aa524d8c5b77ba4d5a58dbbb6a04cc521e9de228370ebbe70e91c7f8dbf18198ebcd37b30eab65d362ec3aa576eb13a83593c92e0a01ecc0e8cc3d7eb6ebe2c1ecd3149282668750dcfd5097acb34a767306c486113ab35f4304526feab3d074364ccaf11b7984377063ad74b9aa0ef398b08608ebdbe01f8c10f239649bae4f0a2c928a4f18b591e58d1a935f1faef1a6f02e97d0d2f62b3c
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 478a8efb59e1d83f0ce142d2a28707be
-      Version: 3
-      TBS:
-        MD5: f13ede9179075999ef7f856ec31e364b
-        SHA1: 2f09867166e6107e17808317f5c8d4ee157f45bc
-        SHA256: 089a2c4c6ac7432020acdb65c33bf39130da6f37c002ba79128bd4c94e4fa101
-        SHA384: 67be6d358f4ecd0726163603a404db9d78c340951d43fd608482cd89a2de7f9566f0ce45f8222f420003157cb266b939
-    - Subject: C=KR, ST=Gyeonggi,Do / Korea, L=Hwasung,City, O=Samsung Electronics
-        Co., Ltd., CN=Samsung Electronics Co., Ltd.
-      ValidFrom: '2012-10-09 11:25:07'
-      ValidTo: '2015-10-10 11:25:07'
-      Signature: 5fe3fc15d97d52d4b48417db069212fa1633b7b9d3b12f086f330cdcd18fd0e14f2a1a4ef4671d0be6f2a8608f47615d05c2f84aeb9efb68fcef3494fd8fdb25103da6d421066123c28af746358c1c8ea787b109fba16d159f1f3c654d92ce1f973e808267c2af6ed5f0cef0b5e749576fcfb38b8899fc9bdc7ba713f489a654d3564d82dbe16f0f2938dbf7edeade05fa9869ab6c642d37d93a7823e886cc308fbad46e0a9e76f6850d6b3edcd28402371bb2f53d062fb675ae2480602309b360b6ed1069a8fed7491ef01bda5e99db1f44fd87bf20f1518393d6b8836e19e0593da3b88e6548bb65600df0f9edea73414ad49ec400ab03445a9645f8e1025c
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1121d54c6060d0acf70c52ceac844116f169
-      Version: 3
-      TBS:
-        MD5: 8b286e174f9f82d6c4f68ff7f24942bd
-        SHA1: daa7914258adea501744674b7c67b4b6b857202b
-        SHA256: dea433e56a62967d675adc7c758cb5a97da80a8bc69826b22a6677fc5ec43971
-        SHA384: 0db739e7be37dbf14353298c00b90d083749a927441b11c970e078e70dfef4795a21b70d24900af534d96ac08dc99b26
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2011-04-15 19:55:08'
-      ValidTo: '2021-04-15 20:05:08'
-      Signature: 5ff8d065746a81c6a6ca5b03b6914ae84bbdef2ba142f0efb4a5adcd3389ec0b9585ac62501108aa58d25aa08310e5a6337af25af2c5fe787cf09c83df190ad97396002dd62ccde914d41d9de83f3c1a76f7904efb01350a6c9313a0c356eb67a0e4d17a96dec267f190f80a7bf5321b94ec5f751f8d1b34da6c58a7cb2d279e2226b7c9aa30cc0777b836e38201b5393ccc8dd9a75f7f23b3877fdb5798918bd7ce2520e39d644fdd87f72b68490318e0a5df7c5f68644d36838d4781f2e9e0a869abfa7b163c05a449ea8830190a6c73055178dfd41ddd3ad47f2de44e54be83431e7a7433b4a4ebd77073bc2a02988966eef6bc8f749378e329025a5a43e258ce7ccf9acad236893be25fda26054ec8d4e72c910e1797c5beee8b13112323294ffa83d050f6bafad53db3173df4ff034aa325dce67561d1fa35086bd62744d068b78d45e0eb852cc8a15d614474160e5958aed2b5eea5bcd6d7076ab62978fd976767dd8d4f17944fd2ed0caf972437c3a29c81da6be143b6577b4cecbf791319e79fe844e94781b75e701e91f83dd17b27f50b7056434805dda92fab86101d0b12e31ad04c6e75ded645b30b748887935c564a41029af7aeb799d8b67f88fa11f2457cf4d71b91c01cf1a0fbd4080a411a142acef4eb34486e66879ed54b7a397fbb0e3d3861cf735706e412066bd96b5308cd7018c22d4f974691bca9f0
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 6129152700000000002a
-      Version: 3
-      TBS:
-        MD5: 0bb058d116f02817737920f112d9fd3b
-        SHA1: fd116235171a4feafedee586b7a59185fb5fd7e6
-        SHA256: f970426cc46d2ae0fc5f899fa19dbe76e05f07e525654c60c3c9399492c291f4
-        SHA384: c0df876be008c26ca407fe904e6f5e7ccded17f9c16830ce9f8022309c9e64c97f494810f152811ae43e223b82ad7cc6
-    Signer:
-    - SerialNumber: 1121d54c6060d0acf70c52ceac844116f169
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 3ec1e7e215efad2711248558465da9ad
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create magdrvamd64.sys binPath=C:\windows\temp\magdrvamd64.sys     type=kernel
+        && sc.exe start magdrvamd64.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://www.unknowncheats.me/forum/anti-cheat-bypass/334557-vulnerable-driver-megathread.html
 - ''
-Tags:
-- magdrvamd64.sys
-Verified: 'TRUE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 4bc9c678b740fdbb6da3da4af3444c09
+        SHA1: 592989e3e6942baf38127b50e39dd732b323a92d
+        SHA256: 911e01544557544de4ad59b374f1234513821c50a00c7afa62a8fcca07385b2f
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2013-11-28 06:29:00'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: magdrvamd64.sys
+    ImportedFunctions:
+    - IoDeleteDevice
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - RtlInitUnicodeString
+    - IofCompleteRequest
+    - IoDeleteSymbolicLink
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    Imports:
+    - NTOSKRNL.exe
+    InternalName: ''
+    MD5: 49938383844ceec33dba794fb751c9a5
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: b600bdf31f987123de173daba685c687
+        SHA1: a843b261089202e7260aaaeda0c341dd471e60de
+        SHA256: 631fce68262329c32a525e128948baa17c8438f89b68df4c9c460865dac05699
+    SHA1: e22495d92ac3dcae5eeb1980549a9ead8155f98a
+    SHA256: be54f7279e69fb7651f98e91d24069dbc7c4c67e65850e486622ccbdc44d9a57
+    Sections:
+        .text:
+            Entropy: 5.206906989594489
+            Virtual Size: '0x824'
+        .rdata:
+            Entropy: 2.5448150550251083
+            Virtual Size: '0xa0'
+        .data:
+            Entropy: 4.727146336862168
+            Virtual Size: '0x4bf'
+        .pdata:
+            Entropy: 3.142076023138039
+            Virtual Size: '0x84'
+        INIT:
+            Entropy: 4.012978735724934
+            Virtual Size: '0x122'
+        .rsrc:
+            Entropy: 4.085285638853219
+            Virtual Size: '0xb0'
+    Signature:
+    - Samsung Electronics Co., Ltd.
+    - GlobalSign CodeSigning CA - G2
+    - GlobalSign Root CA - R1
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited,
+                CN=COMODO Time Stamping Signer
+            ValidFrom: '2010-05-10 00:00:00'
+            ValidTo: '2015-05-10 23:59:59'
+            Signature: c8fb63f80b75752c3af1f213a72db6a31a9cad0107d3348e77e0c26eae025d484fa4d221b636fd2a35437c6bdf80870b15f0763200b4ceb567a42f2f201b9c549e833f1f5f149562820f2241221f70b3f3f742de6c51cd4bf821ac9b3b8cb1e5e6288fce2a8af9aa524d8c5b77ba4d5a58dbbb6a04cc521e9de228370ebbe70e91c7f8dbf18198ebcd37b30eab65d362ec3aa576eb13a83593c92e0a01ecc0e8cc3d7eb6ebe2c1ecd3149282668750dcfd5097acb34a767306c486113ab35f4304526feab3d074364ccaf11b7984377063ad74b9aa0ef398b08608ebdbe01f8c10f239649bae4f0a2c928a4f18b591e58d1a935f1faef1a6f02e97d0d2f62b3c
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 478a8efb59e1d83f0ce142d2a28707be
+            Version: 3
+            TBS:
+                MD5: f13ede9179075999ef7f856ec31e364b
+                SHA1: 2f09867166e6107e17808317f5c8d4ee157f45bc
+                SHA256: 089a2c4c6ac7432020acdb65c33bf39130da6f37c002ba79128bd4c94e4fa101
+                SHA384: 67be6d358f4ecd0726163603a404db9d78c340951d43fd608482cd89a2de7f9566f0ce45f8222f420003157cb266b939
+        -   Subject: C=KR, ST=Gyeonggi,Do / Korea, L=Hwasung,City, O=Samsung Electronics
+                Co., Ltd., CN=Samsung Electronics Co., Ltd.
+            ValidFrom: '2012-10-09 11:25:07'
+            ValidTo: '2015-10-10 11:25:07'
+            Signature: 5fe3fc15d97d52d4b48417db069212fa1633b7b9d3b12f086f330cdcd18fd0e14f2a1a4ef4671d0be6f2a8608f47615d05c2f84aeb9efb68fcef3494fd8fdb25103da6d421066123c28af746358c1c8ea787b109fba16d159f1f3c654d92ce1f973e808267c2af6ed5f0cef0b5e749576fcfb38b8899fc9bdc7ba713f489a654d3564d82dbe16f0f2938dbf7edeade05fa9869ab6c642d37d93a7823e886cc308fbad46e0a9e76f6850d6b3edcd28402371bb2f53d062fb675ae2480602309b360b6ed1069a8fed7491ef01bda5e99db1f44fd87bf20f1518393d6b8836e19e0593da3b88e6548bb65600df0f9edea73414ad49ec400ab03445a9645f8e1025c
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1121d54c6060d0acf70c52ceac844116f169
+            Version: 3
+            TBS:
+                MD5: 8b286e174f9f82d6c4f68ff7f24942bd
+                SHA1: daa7914258adea501744674b7c67b4b6b857202b
+                SHA256: dea433e56a62967d675adc7c758cb5a97da80a8bc69826b22a6677fc5ec43971
+                SHA384: 0db739e7be37dbf14353298c00b90d083749a927441b11c970e078e70dfef4795a21b70d24900af534d96ac08dc99b26
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2011-04-15 19:55:08'
+            ValidTo: '2021-04-15 20:05:08'
+            Signature: 5ff8d065746a81c6a6ca5b03b6914ae84bbdef2ba142f0efb4a5adcd3389ec0b9585ac62501108aa58d25aa08310e5a6337af25af2c5fe787cf09c83df190ad97396002dd62ccde914d41d9de83f3c1a76f7904efb01350a6c9313a0c356eb67a0e4d17a96dec267f190f80a7bf5321b94ec5f751f8d1b34da6c58a7cb2d279e2226b7c9aa30cc0777b836e38201b5393ccc8dd9a75f7f23b3877fdb5798918bd7ce2520e39d644fdd87f72b68490318e0a5df7c5f68644d36838d4781f2e9e0a869abfa7b163c05a449ea8830190a6c73055178dfd41ddd3ad47f2de44e54be83431e7a7433b4a4ebd77073bc2a02988966eef6bc8f749378e329025a5a43e258ce7ccf9acad236893be25fda26054ec8d4e72c910e1797c5beee8b13112323294ffa83d050f6bafad53db3173df4ff034aa325dce67561d1fa35086bd62744d068b78d45e0eb852cc8a15d614474160e5958aed2b5eea5bcd6d7076ab62978fd976767dd8d4f17944fd2ed0caf972437c3a29c81da6be143b6577b4cecbf791319e79fe844e94781b75e701e91f83dd17b27f50b7056434805dda92fab86101d0b12e31ad04c6e75ded645b30b748887935c564a41029af7aeb799d8b67f88fa11f2457cf4d71b91c01cf1a0fbd4080a411a142acef4eb34486e66879ed54b7a397fbb0e3d3861cf735706e412066bd96b5308cd7018c22d4f974691bca9f0
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 6129152700000000002a
+            Version: 3
+            TBS:
+                MD5: 0bb058d116f02817737920f112d9fd3b
+                SHA1: fd116235171a4feafedee586b7a59185fb5fd7e6
+                SHA256: f970426cc46d2ae0fc5f899fa19dbe76e05f07e525654c60c3c9399492c291f4
+                SHA384: c0df876be008c26ca407fe904e6f5e7ccded17f9c16830ce9f8022309c9e64c97f494810f152811ae43e223b82ad7cc6
+        Signer:
+        -   SerialNumber: 1121d54c6060d0acf70c52ceac844116f169
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 3ec1e7e215efad2711248558465da9ad
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/cfdc5cb4-be5c-4dcc-a883-825fa72115b4.yaml b/yaml/cfdc5cb4-be5c-4dcc-a883-825fa72115b4.yaml
index 2ca4fb7cc..6abe285c5 100644
--- a/yaml/cfdc5cb4-be5c-4dcc-a883-825fa72115b4.yaml
+++ b/yaml/cfdc5cb4-be5c-4dcc-a883-825fa72115b4.yaml
@@ -1,215 +1,215 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: cfdc5cb4-be5c-4dcc-a883-825fa72115b4
+Tags:
+- PanMonFlt.sys
+Verified: 'FALSE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create PanMonFlt.sys binPath=C:\windows\temp\PanMonFlt.sys type=kernel
-    && sc.exe start PanMonFlt.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/7e0124fcc7c95fdc34408cf154cb41e654dade8b898c71ad587b2090b1da30d7.yara
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: cfdc5cb4-be5c-4dcc-a883-825fa72115b4
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 850ca45e16991f9560f708bf7a186754
-    SHA1: 800256c84e09de2c001868c0ec35211f6e9ad92a
-    SHA256: 348679f0f44eb5a50601c48728a5afd2b4312c95eeb7179ce57d447c0d30f873
-  Company: Pan Yazilim Bilisim Teknolojileri Tic. Ltd. Sti.
-  Copyright: "Copyright (c) 2012-2014 Pan Yaz\u0131l\u0131m Bilisim Teknolojileri\
-    \ Tic. Ltd. Sti."
-  CreationTimestamp: '2014-05-13 04:15:33'
-  Date: ''
-  Description: PanCafe Manager File Monitor
-  ExportedFunctions: ''
-  FileVersion: 1.0.0.0
-  Filename: PanMonFlt.sys
-  ImportedFunctions:
-  - ExfInterlockedInsertTailList
-  - RtlEqualUnicodeString
-  - KeTickCount
-  - ExfInterlockedRemoveHeadList
-  - IoVolumeDeviceToDosName
-  - RtlAppendUnicodeStringToString
-  - DbgPrint
-  - RtlAppendUnicodeToString
-  - RtlInitUnicodeString
-  - RtlCopyUnicodeString
-  - memset
-  - memcpy
-  - ExAllocatePoolWithTag
-  - PsGetCurrentThreadId
-  - ExFreePoolWithTag
-  - IoQueryFileDosDeviceName
-  - RtlUnwind
-  - KeBugCheckEx
-  - KfAcquireSpinLock
-  - KfReleaseSpinLock
-  - FltUnregisterFilter
-  - FltQueryInformationFile
-  - FltRegisterFilter
-  - FltBuildDefaultSecurityDescriptor
-  - FltCreateCommunicationPort
-  - FltFreeSecurityDescriptor
-  - FltStartFiltering
-  - FltGetStreamHandleContext
-  - FltSetInformationFile
-  - FltDeleteContext
-  - FltAllocateContext
-  - FltSetStreamHandleContext
-  - FltReleaseContext
-  - FltIsDirectory
-  - FltParseFileName
-  - FltSendMessage
-  - FltCloseClientPort
-  - FltCloseCommunicationPort
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  - FLTMGR.SYS
-  InternalName: PanMonFlt.sys
-  MD5: 2850608430dd089f24386f3336c84729
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: PanMonFlt.sys
-  Product: PanCafe Manager
-  ProductVersion: 1.0.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 1b4eab2e9a9d6d50d01f5f87b3204eca
-    SHA1: eac6a4bc47ad1644fe24fdba3c6b48473019e7dd
-    SHA256: 34e9a03dfe62d72f328ca4767b059492f97da7e2e417602f77fe7406a7383066
-  SHA1: a6816949cd469b6e5c35858d19273936fab1bef6
-  SHA256: 7e0124fcc7c95fdc34408cf154cb41e654dade8b898c71ad587b2090b1da30d7
-  Sections:
-    .text:
-      Entropy: 6.335726638794917
-      Virtual Size: '0x10f4'
-    .rdata:
-      Entropy: 3.525137185011594
-      Virtual Size: '0x2e4'
-    .data:
-      Entropy: 0.6031688079276124
-      Virtual Size: '0x6c'
-    PAGE:
-      Entropy: 6.342959495579106
-      Virtual Size: '0x8a9'
-    INIT:
-      Entropy: 5.701244302783198
-      Virtual Size: '0x662'
-    .rsrc:
-      Entropy: 3.277025420592376
-      Virtual Size: '0x458'
-    .reloc:
-      Entropy: 6.226641404507606
-      Virtual Size: '0x25a'
-  Signature:
-  - PAN YAZILIM BILISIM TEKNOLOJILERI TICARET LTD. STI.
-  - GlobalSign CodeSigning CA - G2
-  - GlobalSign
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Timestamping CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2028-01-28 12:00:00'
-      Signature: 4e5e56901e46b4d94931f3bb1739281bc216ddfd41dc0905049b6fb2a29ad6992e40990055b5ea3fa52076d38634d417cc553ac782eeefa8babcd8069f1550dfcd167b523a02d7191afdaff0785ce04bc518df3a241edaacb8a95804020730dbb0125efe31bef00448f4f070f83a5e5683cf3dfb0dbcf4c5ed979db9d4dba52784e3389b8ba735864420a43b6da46a0ba183fd28ebdaef28f6cc885dfb0a3b00abe021ebe22f356c0f8e344597eba2f79933357ecb9a8abb454de73f9fc2d98afa65b26ec77e65ffe892e12c31a2f7b02736488f266f3bee4d761f79c3e57f9635bc2d0ecc01b08e7fff518080a792d4b34446648c874f166307314b63b0dff3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee152d7
-      Version: 3
-      TBS:
-        MD5: e140543fe3256027cfa79fc3c19c1776
-        SHA1: c655f94eb1ecc93de319fc0c9a2dc6c5ec063728
-        SHA256: 3ca71e85908ff67368e4dc00253f5691b9e6d50c966e7784143d75fb92aa3448
-        SHA384: d9d366f9328f2b55ee19a32cc5fd5148b81d764282fe5dc196c872ae249caa51d2c212ef39f33945dfe0cda81925e326
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=SG, O=GMO GlobalSign Pte Ltd, CN=GlobalSign TSA for MS Authenticode
-        , G1
-      ValidFrom: '2013-08-23 00:00:00'
-      ValidTo: '2024-09-23 00:00:00'
-      Signature: 0231142e5857644185e8af12753c881cc35eec2ce9a13cf5baaa531db9d12963dc436786d439dadec6c9ffbe4585f4a4d7c151ea18ee40585ee67bcca241291338c8ea21169cce90a62efba6cad994df401df902182bbef65d4f9fff9a48dbc50509ca80cea0f9dc4bc323e6038fb4b4af5b71296191181a6b7af2fd0dd1cd7d5e98ebba705ee5f4ea43de353dc514818adb3e105ebb72faa1a093ab031cc1653c91138b045d2bc4b9161bcc55c50ce8abe743c9b28328a5531347ab3964b91cea3430b176009521f1d43da8fda00032d76e983ca69c3b0b83becbb8bb2a268c59b8b9aeaf26ace234a2dc210d810b3813f745a3e3dbc4aca16d1bb7e5615cd7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1121405c1f0ed258882be54d8686ba11ea45
-      Version: 3
-      TBS:
-        MD5: b95cbc184d388718612d5933f7b36770
-        SHA1: ff124c5d160710720108616ffee99bbe090ed363
-        SHA256: 13027620255363f07bbf85ae7d0dc06c07d8b0f4368b12f983ee3f4fce605733
-        SHA384: f42ed00f615f2822dcd3d33794477428afb52ddab932ebcde3586f92a27e18f9faba6b3334ca4e59e0cb24bdbf8395a6
-    - Subject: C=TR, ST=ISTANBUL, O=PAN YAZILIM BILISIM TEKNOLOJILERI TICARET LTD.
-        STI., CN=PAN YAZILIM BILISIM TEKNOLOJILERI TICARET LTD. STI.
-      ValidFrom: '2014-04-15 15:12:40'
-      ValidTo: '2015-04-15 10:41:35'
-      Signature: 80c106b241d9ce3836aa7f9cace1ff4019c000e7010613722cb52e25e706045117d0fc96252e9dcea3fbc685222c39fca608d772e3f15cb43d550686265d301bbdc1e45ce75db149dff45be1adb71ee24385407afac778ede4e047359e64e06d29b5bdab18517dd5751cd255bd05600be47f4774be0c97666d5afe6aa64ee53ee9083e0587fd5a2b3767733fd5c1eb58364c4e8823db789da3d0157eb468805f3a0032103e65265ee45cd7181abfb3583d8d3b20d4f6f0a010c0bf01a2d82df1c3a22220e712d83b067aec59990117b623cda1a344a7584fb74145df822b2a709b3ca47a45fd4822d3bcd1691b18ddbb64b7daa42dd63664d796fbf2fc7474ba
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1121506480253469e07e54ee8612041fbb92
-      Version: 3
-      TBS:
-        MD5: f56d9ee0c69c7569e5c15b486bca6e2e
-        SHA1: 819ca6276ed76625e86bb6def0d45f61d37c8975
-        SHA256: b3b13c549110379d1141116de140cad748fb8345208cd31eb2443850a529b53b
-        SHA384: 2f15812fb4c9bba4d8ae7916fa4ffc9ad0a69724d77dc564c89b1e5df3e98b8797b63fcafe68eef9acf1d8817e9988cf
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 1121506480253469e07e54ee8612041fbb92
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 78727a5fac8bd281903014ee00dcd553
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create PanMonFlt.sys binPath=C:\windows\temp\PanMonFlt.sys type=kernel
+        && sc.exe start PanMonFlt.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules
-Tags:
-- PanMonFlt.sys
-Verified: 'FALSE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/7e0124fcc7c95fdc34408cf154cb41e654dade8b898c71ad587b2090b1da30d7.yara
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 850ca45e16991f9560f708bf7a186754
+        SHA1: 800256c84e09de2c001868c0ec35211f6e9ad92a
+        SHA256: 348679f0f44eb5a50601c48728a5afd2b4312c95eeb7179ce57d447c0d30f873
+    Company: Pan Yazilim Bilisim Teknolojileri Tic. Ltd. Sti.
+    Copyright: "Copyright (c) 2012-2014 Pan Yaz\u0131l\u0131m Bilisim Teknolojileri\
+        \ Tic. Ltd. Sti."
+    CreationTimestamp: '2014-05-13 04:15:33'
+    Date: ''
+    Description: PanCafe Manager File Monitor
+    ExportedFunctions: ''
+    FileVersion: 1.0.0.0
+    Filename: PanMonFlt.sys
+    ImportedFunctions:
+    - ExfInterlockedInsertTailList
+    - RtlEqualUnicodeString
+    - KeTickCount
+    - ExfInterlockedRemoveHeadList
+    - IoVolumeDeviceToDosName
+    - RtlAppendUnicodeStringToString
+    - DbgPrint
+    - RtlAppendUnicodeToString
+    - RtlInitUnicodeString
+    - RtlCopyUnicodeString
+    - memset
+    - memcpy
+    - ExAllocatePoolWithTag
+    - PsGetCurrentThreadId
+    - ExFreePoolWithTag
+    - IoQueryFileDosDeviceName
+    - RtlUnwind
+    - KeBugCheckEx
+    - KfAcquireSpinLock
+    - KfReleaseSpinLock
+    - FltUnregisterFilter
+    - FltQueryInformationFile
+    - FltRegisterFilter
+    - FltBuildDefaultSecurityDescriptor
+    - FltCreateCommunicationPort
+    - FltFreeSecurityDescriptor
+    - FltStartFiltering
+    - FltGetStreamHandleContext
+    - FltSetInformationFile
+    - FltDeleteContext
+    - FltAllocateContext
+    - FltSetStreamHandleContext
+    - FltReleaseContext
+    - FltIsDirectory
+    - FltParseFileName
+    - FltSendMessage
+    - FltCloseClientPort
+    - FltCloseCommunicationPort
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    - FLTMGR.SYS
+    InternalName: PanMonFlt.sys
+    MD5: 2850608430dd089f24386f3336c84729
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: PanMonFlt.sys
+    Product: PanCafe Manager
+    ProductVersion: 1.0.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 1b4eab2e9a9d6d50d01f5f87b3204eca
+        SHA1: eac6a4bc47ad1644fe24fdba3c6b48473019e7dd
+        SHA256: 34e9a03dfe62d72f328ca4767b059492f97da7e2e417602f77fe7406a7383066
+    SHA1: a6816949cd469b6e5c35858d19273936fab1bef6
+    SHA256: 7e0124fcc7c95fdc34408cf154cb41e654dade8b898c71ad587b2090b1da30d7
+    Sections:
+        .text:
+            Entropy: 6.335726638794917
+            Virtual Size: '0x10f4'
+        .rdata:
+            Entropy: 3.525137185011594
+            Virtual Size: '0x2e4'
+        .data:
+            Entropy: 0.6031688079276124
+            Virtual Size: '0x6c'
+        PAGE:
+            Entropy: 6.342959495579106
+            Virtual Size: '0x8a9'
+        INIT:
+            Entropy: 5.701244302783198
+            Virtual Size: '0x662'
+        .rsrc:
+            Entropy: 3.277025420592376
+            Virtual Size: '0x458'
+        .reloc:
+            Entropy: 6.226641404507606
+            Virtual Size: '0x25a'
+    Signature:
+    - PAN YAZILIM BILISIM TEKNOLOJILERI TICARET LTD. STI.
+    - GlobalSign CodeSigning CA - G2
+    - GlobalSign
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Timestamping CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2028-01-28 12:00:00'
+            Signature: 4e5e56901e46b4d94931f3bb1739281bc216ddfd41dc0905049b6fb2a29ad6992e40990055b5ea3fa52076d38634d417cc553ac782eeefa8babcd8069f1550dfcd167b523a02d7191afdaff0785ce04bc518df3a241edaacb8a95804020730dbb0125efe31bef00448f4f070f83a5e5683cf3dfb0dbcf4c5ed979db9d4dba52784e3389b8ba735864420a43b6da46a0ba183fd28ebdaef28f6cc885dfb0a3b00abe021ebe22f356c0f8e344597eba2f79933357ecb9a8abb454de73f9fc2d98afa65b26ec77e65ffe892e12c31a2f7b02736488f266f3bee4d761f79c3e57f9635bc2d0ecc01b08e7fff518080a792d4b34446648c874f166307314b63b0dff3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee152d7
+            Version: 3
+            TBS:
+                MD5: e140543fe3256027cfa79fc3c19c1776
+                SHA1: c655f94eb1ecc93de319fc0c9a2dc6c5ec063728
+                SHA256: 3ca71e85908ff67368e4dc00253f5691b9e6d50c966e7784143d75fb92aa3448
+                SHA384: d9d366f9328f2b55ee19a32cc5fd5148b81d764282fe5dc196c872ae249caa51d2c212ef39f33945dfe0cda81925e326
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=SG, O=GMO GlobalSign Pte Ltd, CN=GlobalSign TSA for MS Authenticode
+                , G1
+            ValidFrom: '2013-08-23 00:00:00'
+            ValidTo: '2024-09-23 00:00:00'
+            Signature: 0231142e5857644185e8af12753c881cc35eec2ce9a13cf5baaa531db9d12963dc436786d439dadec6c9ffbe4585f4a4d7c151ea18ee40585ee67bcca241291338c8ea21169cce90a62efba6cad994df401df902182bbef65d4f9fff9a48dbc50509ca80cea0f9dc4bc323e6038fb4b4af5b71296191181a6b7af2fd0dd1cd7d5e98ebba705ee5f4ea43de353dc514818adb3e105ebb72faa1a093ab031cc1653c91138b045d2bc4b9161bcc55c50ce8abe743c9b28328a5531347ab3964b91cea3430b176009521f1d43da8fda00032d76e983ca69c3b0b83becbb8bb2a268c59b8b9aeaf26ace234a2dc210d810b3813f745a3e3dbc4aca16d1bb7e5615cd7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1121405c1f0ed258882be54d8686ba11ea45
+            Version: 3
+            TBS:
+                MD5: b95cbc184d388718612d5933f7b36770
+                SHA1: ff124c5d160710720108616ffee99bbe090ed363
+                SHA256: 13027620255363f07bbf85ae7d0dc06c07d8b0f4368b12f983ee3f4fce605733
+                SHA384: f42ed00f615f2822dcd3d33794477428afb52ddab932ebcde3586f92a27e18f9faba6b3334ca4e59e0cb24bdbf8395a6
+        -   Subject: C=TR, ST=ISTANBUL, O=PAN YAZILIM BILISIM TEKNOLOJILERI TICARET
+                LTD. STI., CN=PAN YAZILIM BILISIM TEKNOLOJILERI TICARET LTD. STI.
+            ValidFrom: '2014-04-15 15:12:40'
+            ValidTo: '2015-04-15 10:41:35'
+            Signature: 80c106b241d9ce3836aa7f9cace1ff4019c000e7010613722cb52e25e706045117d0fc96252e9dcea3fbc685222c39fca608d772e3f15cb43d550686265d301bbdc1e45ce75db149dff45be1adb71ee24385407afac778ede4e047359e64e06d29b5bdab18517dd5751cd255bd05600be47f4774be0c97666d5afe6aa64ee53ee9083e0587fd5a2b3767733fd5c1eb58364c4e8823db789da3d0157eb468805f3a0032103e65265ee45cd7181abfb3583d8d3b20d4f6f0a010c0bf01a2d82df1c3a22220e712d83b067aec59990117b623cda1a344a7584fb74145df822b2a709b3ca47a45fd4822d3bcd1691b18ddbb64b7daa42dd63664d796fbf2fc7474ba
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1121506480253469e07e54ee8612041fbb92
+            Version: 3
+            TBS:
+                MD5: f56d9ee0c69c7569e5c15b486bca6e2e
+                SHA1: 819ca6276ed76625e86bb6def0d45f61d37c8975
+                SHA256: b3b13c549110379d1141116de140cad748fb8345208cd31eb2443850a529b53b
+                SHA384: 2f15812fb4c9bba4d8ae7916fa4ffc9ad0a69724d77dc564c89b1e5df3e98b8797b63fcafe68eef9acf1d8817e9988cf
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 1121506480253469e07e54ee8612041fbb92
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 78727a5fac8bd281903014ee00dcd553
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/d0048840-970f-4ad5-9a07-1d39469d721f.yaml b/yaml/d0048840-970f-4ad5-9a07-1d39469d721f.yaml
index 32b1caf80..a45773253 100644
--- a/yaml/d0048840-970f-4ad5-9a07-1d39469d721f.yaml
+++ b/yaml/d0048840-970f-4ad5-9a07-1d39469d721f.yaml
@@ -1,203 +1,204 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: d0048840-970f-4ad5-9a07-1d39469d721f
+Tags:
+- asmmap64.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create asmmap64.sys binPath=C:\windows\temp\asmmap64.sys type=kernel
-    && sc.exe start asmmap64.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/025e7be9fcefd6a83f4471bba0c11f1c11bd5047047d26626da24ee9a419cdc4.yara
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: d0048840-970f-4ad5-9a07-1d39469d721f
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 882ef4da71bcb67204bdec731afe1c94
-    SHA1: 734f215383ef61350c2da97dea53589ede21a3d2
-    SHA256: ab300e7e0d5d540900dbe11495b8d6788039d1cffb22e2dc2304b730a71eec97
-  Company: ASUS
-  Copyright: Copyright (C) 2009
-  CreationTimestamp: '2009-07-02 03:13:26'
-  Date: ''
-  Description: Memory mapping Driver
-  ExportedFunctions: ''
-  FileVersion: 1, 0, 9, 1
-  Filename: asmmap64.sys
-  ImportedFunctions:
-  - MmMapLockedPages
-  - ZwMapViewOfSection
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - MmFreeContiguousMemory
-  - MmBuildMdlForNonPagedPool
-  - IoFreeMdl
-  - MmGetPhysicalAddress
-  - ZwUnmapViewOfSection
-  - IoDeleteSymbolicLink
-  - IofCompleteRequest
-  - ObReferenceObjectByHandle
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - ZwOpenSection
-  - DbgPrint
-  - IoAllocateMdl
-  - MmAllocateContiguousMemory
-  - KeBugCheckEx
-  - ZwClose
-  - MmUnmapLockedPages
-  - __C_specific_handler
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: asmmap.sys
-  MD5: 4c016fd76ed5c05e84ca8cab77993961
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: asmmap.sys
-  Product: ATK Generic Function Service
-  ProductVersion: 1, 0, 9, 0
-  Publisher: ASUSTeK Computer Inc.
-  RichPEHeaderHash:
-    MD5: 489421b3bc2efbff64c7ebb190792545
-    SHA1: 9e0ccca479f274f2850957f9f537e83466b00bcf
-    SHA256: 32cea88cc91e2ca87d15e37abade9eff363d2181098b8158a82fad96fe397af8
-  SHA1: 00a442a4305c62cefa8105c0b4c4a9a5f4d1e93b
-  SHA256: 025e7be9fcefd6a83f4471bba0c11f1c11bd5047047d26626da24ee9a419cdc4
-  Sections:
-    .text:
-      Entropy: 6.115881282143121
-      Virtual Size: '0xc24'
-    .rdata:
-      Entropy: 4.18878869048599
-      Virtual Size: '0x1c8'
-    .data:
-      Entropy: 0.4804878386624626
-      Virtual Size: '0x128'
-    .pdata:
-      Entropy: 3.106598149978197
-      Virtual Size: '0x54'
-    PAGE:
-      Entropy: 4.745588841989915
-      Virtual Size: '0x55'
-    INIT:
-      Entropy: 5.098158205267566
-      Virtual Size: '0x384'
-    .rsrc:
-      Entropy: 3.2593250631693493
-      Virtual Size: '0x350'
-  Signature:
-  - ASUSTeK Computer Inc.
-  - VeriSign Class 3 Code Signing 2004 CA
-  - VeriSign Class 3 Public Primary CA
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=TW, ST=Taiwan, L=Taipei / Peitou, O=ASUSTeK Computer Inc., OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=Quality Testing Department,
-        CN=ASUSTeK Computer Inc.
-      ValidFrom: '2008-07-22 00:00:00'
-      ValidTo: '2009-07-31 23:59:59'
-      Signature: 89ad20860cc0358a80a8a1a898ed70bff3f31496402a4cc453d2f0e46ad52635e6c42d305874ddb46fc271e5721ae1253f16050842c579562bdd0c470db15d1fdc1429d585118c27862594e46cbb8dd8f42379f0d3f074498e03d8242fb7c2917be7fee09fbb2b35ac52950881082e51171f6fec7b998b0e257bf42d33745ed6c673c23fed0a6d6d69024458b30244d8c58a1c92fba89e0d709264793ceeb8f69a39d0b1b6011855035003ce50e3ee3c7a59d394e589126e2ab96c3b243b0abbc1e485ce9ae9e70da5ba5d925cacbc054d78bd4fb82686509b0803e8526c5ab202d8307b9701b983e424919eeb1485981a5cff8f307c551266a89d499badb24e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 37ed9092bdd1dccf58d2afa47f961448
-      Version: 3
-      TBS:
-        MD5: 336ceef1b70541c73c4c4f7af221eac7
-        SHA1: 582a82a16246e3aa1e3534a2df1f33f7de90ad9d
-        SHA256: 6eb6b2bdb401d5172e19ce279574850c18e97bb0635dd89b62a92fc0442b73a3
-        SHA384: c1ff22f1feb811e669f8bf1c4b6f5334b72046c4ed2b81f07b96684747db19323a5c1dfb2fd08ad00a82538080c2689a
-    Signer:
-    - SerialNumber: 37ed9092bdd1dccf58d2afa47f961448
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  Imphash: 228bac53e82887d1ed92f51a667a8231
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create asmmap64.sys binPath=C:\windows\temp\asmmap64.sys type=kernel
+        && sc.exe start asmmap64.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://github.com/namazso/physmem_drivers
-Tags:
-- asmmap64.sys
-Verified: 'TRUE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/025e7be9fcefd6a83f4471bba0c11f1c11bd5047047d26626da24ee9a419cdc4.yara
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 882ef4da71bcb67204bdec731afe1c94
+        SHA1: 734f215383ef61350c2da97dea53589ede21a3d2
+        SHA256: ab300e7e0d5d540900dbe11495b8d6788039d1cffb22e2dc2304b730a71eec97
+    Company: ASUS
+    Copyright: Copyright (C) 2009
+    CreationTimestamp: '2009-07-02 03:13:26'
+    Date: ''
+    Description: Memory mapping Driver
+    ExportedFunctions: ''
+    FileVersion: 1, 0, 9, 1
+    Filename: asmmap64.sys
+    ImportedFunctions:
+    - MmMapLockedPages
+    - ZwMapViewOfSection
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - MmFreeContiguousMemory
+    - MmBuildMdlForNonPagedPool
+    - IoFreeMdl
+    - MmGetPhysicalAddress
+    - ZwUnmapViewOfSection
+    - IoDeleteSymbolicLink
+    - IofCompleteRequest
+    - ObReferenceObjectByHandle
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - ZwOpenSection
+    - DbgPrint
+    - IoAllocateMdl
+    - MmAllocateContiguousMemory
+    - KeBugCheckEx
+    - ZwClose
+    - MmUnmapLockedPages
+    - __C_specific_handler
+    - HalTranslateBusAddress
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: asmmap.sys
+    MD5: 4c016fd76ed5c05e84ca8cab77993961
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: asmmap.sys
+    Product: ATK Generic Function Service
+    ProductVersion: 1, 0, 9, 0
+    Publisher: ASUSTeK Computer Inc.
+    RichPEHeaderHash:
+        MD5: 489421b3bc2efbff64c7ebb190792545
+        SHA1: 9e0ccca479f274f2850957f9f537e83466b00bcf
+        SHA256: 32cea88cc91e2ca87d15e37abade9eff363d2181098b8158a82fad96fe397af8
+    SHA1: 00a442a4305c62cefa8105c0b4c4a9a5f4d1e93b
+    SHA256: 025e7be9fcefd6a83f4471bba0c11f1c11bd5047047d26626da24ee9a419cdc4
+    Sections:
+        .text:
+            Entropy: 6.115881282143121
+            Virtual Size: '0xc24'
+        .rdata:
+            Entropy: 4.18878869048599
+            Virtual Size: '0x1c8'
+        .data:
+            Entropy: 0.4804878386624626
+            Virtual Size: '0x128'
+        .pdata:
+            Entropy: 3.106598149978197
+            Virtual Size: '0x54'
+        PAGE:
+            Entropy: 4.745588841989915
+            Virtual Size: '0x55'
+        INIT:
+            Entropy: 5.098158205267566
+            Virtual Size: '0x384'
+        .rsrc:
+            Entropy: 3.2593250631693493
+            Virtual Size: '0x350'
+    Signature:
+    - ASUSTeK Computer Inc.
+    - VeriSign Class 3 Code Signing 2004 CA
+    - VeriSign Class 3 Public Primary CA
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=TW, ST=Taiwan, L=Taipei / Peitou, O=ASUSTeK Computer Inc.,
+                OU=Digital ID Class 3 , Microsoft Software Validation v2, OU=Quality
+                Testing Department, CN=ASUSTeK Computer Inc.
+            ValidFrom: '2008-07-22 00:00:00'
+            ValidTo: '2009-07-31 23:59:59'
+            Signature: 89ad20860cc0358a80a8a1a898ed70bff3f31496402a4cc453d2f0e46ad52635e6c42d305874ddb46fc271e5721ae1253f16050842c579562bdd0c470db15d1fdc1429d585118c27862594e46cbb8dd8f42379f0d3f074498e03d8242fb7c2917be7fee09fbb2b35ac52950881082e51171f6fec7b998b0e257bf42d33745ed6c673c23fed0a6d6d69024458b30244d8c58a1c92fba89e0d709264793ceeb8f69a39d0b1b6011855035003ce50e3ee3c7a59d394e589126e2ab96c3b243b0abbc1e485ce9ae9e70da5ba5d925cacbc054d78bd4fb82686509b0803e8526c5ab202d8307b9701b983e424919eeb1485981a5cff8f307c551266a89d499badb24e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 37ed9092bdd1dccf58d2afa47f961448
+            Version: 3
+            TBS:
+                MD5: 336ceef1b70541c73c4c4f7af221eac7
+                SHA1: 582a82a16246e3aa1e3534a2df1f33f7de90ad9d
+                SHA256: 6eb6b2bdb401d5172e19ce279574850c18e97bb0635dd89b62a92fc0442b73a3
+                SHA384: c1ff22f1feb811e669f8bf1c4b6f5334b72046c4ed2b81f07b96684747db19323a5c1dfb2fd08ad00a82538080c2689a
+        Signer:
+        -   SerialNumber: 37ed9092bdd1dccf58d2afa47f961448
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    Imphash: 228bac53e82887d1ed92f51a667a8231
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/d05a0a6c-c037-4647-99ac-c41593190223.yaml b/yaml/d05a0a6c-c037-4647-99ac-c41593190223.yaml
index 4365ccf22..8d15edd3e 100644
--- a/yaml/d05a0a6c-c037-4647-99ac-c41593190223.yaml
+++ b/yaml/d05a0a6c-c037-4647-99ac-c41593190223.yaml
@@ -1,35 +1,35 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: d05a0a6c-c037-4647-99ac-c41593190223
+Tags:
+- d2.sys
+Verified: 'FALSE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create d2.sys binPath=C:\windows\temp\d2.sys type=kernel && sc.exe
-    start d2.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection: []
-Id: d05a0a6c-c037-4647-99ac-c41593190223
-KnownVulnerableSamples:
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: d2.sys
-  MachineType: ''
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA256: cb57f3a7fe9e1f8e63332c563b0a319b26c944be839eabc03e9a3277756ba612
-  Signature: []
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create d2.sys binPath=C:\windows\temp\d2.sys type=kernel && sc.exe
+        start d2.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules
-Tags:
-- d2.sys
-Verified: 'FALSE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: d2.sys
+    MachineType: ''
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA256: cb57f3a7fe9e1f8e63332c563b0a319b26c944be839eabc03e9a3277756ba612
+    Signature: []
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/d1441172-cc15-4a96-b782-f440bfb681e1.yaml b/yaml/d1441172-cc15-4a96-b782-f440bfb681e1.yaml
index f542514da..59d8ca97f 100644
--- a/yaml/d1441172-cc15-4a96-b782-f440bfb681e1.yaml
+++ b/yaml/d1441172-cc15-4a96-b782-f440bfb681e1.yaml
@@ -1,35 +1,35 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: d1441172-cc15-4a96-b782-f440bfb681e1
+Tags:
+- b4.sys
+Verified: 'FALSE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create b4.sys binPath=C:\windows\temp\b4.sys type=kernel && sc.exe
-    start b4.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection: []
-Id: d1441172-cc15-4a96-b782-f440bfb681e1
-KnownVulnerableSamples:
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: b4.sys
-  MachineType: ''
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA256: dec8a933dba04463ed9bb7d53338ff87f2c23cfb79e0e988449fc631252c9dcc
-  Signature: []
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create b4.sys binPath=C:\windows\temp\b4.sys type=kernel && sc.exe
+        start b4.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules
-Tags:
-- b4.sys
-Verified: 'FALSE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: b4.sys
+    MachineType: ''
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA256: dec8a933dba04463ed9bb7d53338ff87f2c23cfb79e0e988449fc631252c9dcc
+    Signature: []
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/d158321b-4d56-49c5-9a18-bcff9f4a2ebe.yaml b/yaml/d158321b-4d56-49c5-9a18-bcff9f4a2ebe.yaml
index 53c668820..8b4c2740f 100644
--- a/yaml/d158321b-4d56-49c5-9a18-bcff9f4a2ebe.yaml
+++ b/yaml/d158321b-4d56-49c5-9a18-bcff9f4a2ebe.yaml
@@ -1,184 +1,184 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: d158321b-4d56-49c5-9a18-bcff9f4a2ebe
+Tags:
+- BS_HWMIo64.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create BS_HWMIo64.sys binPath=C:\windows\temp\BS_HWMIo64.sys type=kernel
-    && sc.exe start BS_HWMIo64.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection: []
-Id: d158321b-4d56-49c5-9a18-bcff9f4a2ebe
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: d6f9dc5cd435d1c210cd4053886b9f36
-    SHA1: 3281135748c9c7a9ddace55c648c720af810475f
-    SHA256: 3de51a3102db7297d96b4de5b60aca5f3a07e8577bbbed7f755f1de9a9c38e75
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2016-06-03 19:39:23'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: BS_HWMIo64.sys
-  ImportedFunctions:
-  - KeInitializeSemaphore
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeSetEvent
-  - MmUnmapIoSpace
-  - KeDelayExecutionThread
-  - PsCreateSystemThread
-  - IoStartNextPacket
-  - PsTerminateSystemThread
-  - ExEventObjectType
-  - MmMapIoSpace
-  - IoDeleteDevice
-  - ObReferenceObjectByHandle
-  - KeWaitForSingleObject
-  - KeReleaseSemaphore
-  - ObfDereferenceObject
-  - IoReleaseCancelSpinLock
-  - IoAcquireCancelSpinLock
-  - IoStartPacket
-  - IofCompleteRequest
-  - KeRemoveEntryDeviceQueue
-  - KeBugCheckEx
-  - RtlInitUnicodeString
-  - ZwClose
-  - IoDeleteSymbolicLink
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: 338a98e1c27bc76f09331fcd7ae413a5
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 9e4425704fab855e1d15d14884b50fc4
-    SHA1: fc1001bb82b6e079b79ce69deb28d7e2c44b50d7
-    SHA256: b5dd410353c4011fe699e4a824a89792144f5a11c756f64d5b5acfea3a9f1c8a
-  SHA1: 9c24dd75e4074041dbe03bf21f050c77d748b8e9
-  SHA256: 60c6f4f34c7319cb3f9ca682e59d92711a05a2688badbae4891b1303cd384813
-  Sections:
-    .text:
-      Entropy: 6.305327851031941
-      Virtual Size: '0x169a'
-    .rdata:
-      Entropy: 4.500724574112924
-      Virtual Size: '0x274'
-    .data:
-      Entropy: 0.4546683345547283
-      Virtual Size: '0x13c'
-    .pdata:
-      Entropy: 3.739340463595429
-      Virtual Size: '0x108'
-    INIT:
-      Entropy: 5.356916760341437
-      Virtual Size: '0x560'
-  Signature:
-  - BIOSTAR MICROTECH INT'L CORP
-  - VeriSign Class 3 Code Signing 2010 CA
-  - VeriSign
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=TW, ST=TAIPEI HSIEN, L=HSIN TIEN, O=BIOSTAR MICROTECH INT'L CORP,
-        OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=BIOSTAR MICROTECH
-        INT'L CORP
-      ValidFrom: '2013-08-26 00:00:00'
-      ValidTo: '2016-11-24 23:59:59'
-      Signature: 08f8dc4cc28122b327a65f1a10cc4ecb3bd6589e01f7c5677d9e8621c1134c6728007b58718aae4b35f14dd52e537626115f06baee260ff9200684ecf5eb0d30a415d4c1c3ca33d7ac85fbb343ec52c7c0e6c0d8e6d8e35e7738fe6eba1555dfda7a698c4fecf77a7108060989ebcfbd2468615f5ba1c3b7c60ebcd14d03e64bd04f42a1cc0d0fe67ce7b725f3415f1cc465e07fbb46fa3b5e0783c184c25366c7b09e8272c83d8e467ecf2b835fae9ccbd89ad3e2625a5e494cd08abe6f43dda05e1abde42b918f76e29c801e94981e59fdb7750e146e9a062eb939fb1d1e18df1f323d88c871acf85b5369669a12d21eb4443322801abf420a9c9a56fd682b
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 32ba71c02f695ce02de7e6be26c4e481
-      Version: 3
-      TBS:
-        MD5: 63308081ef616eacfd255ea80348d48e
-        SHA1: 71101c0cb853bbae1723d1b1fe54acc512bbc1c5
-        SHA256: 742cc2473ca94322239868d3930b1c7dc43c47e476d96676e4e05e192646b8e7
-        SHA384: c98dc933ece7503d27498db2e37e5ab9e1ca3c8ddd7ce22eea3faf9ab86361945396553fb6d2898cee4444ecea8e7bad
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 32ba71c02f695ce02de7e6be26c4e481
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 095c0cdb9c0421da216371c1f4e8790e
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create BS_HWMIo64.sys binPath=C:\windows\temp\BS_HWMIo64.sys type=kernel
+        && sc.exe start BS_HWMIo64.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://github.com/eclypsium/Screwed-Drivers/blob/master/DRIVERS.md
-Tags:
-- BS_HWMIo64.sys
-Verified: 'TRUE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: d6f9dc5cd435d1c210cd4053886b9f36
+        SHA1: 3281135748c9c7a9ddace55c648c720af810475f
+        SHA256: 3de51a3102db7297d96b4de5b60aca5f3a07e8577bbbed7f755f1de9a9c38e75
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2016-06-03 19:39:23'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: BS_HWMIo64.sys
+    ImportedFunctions:
+    - KeInitializeSemaphore
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeSetEvent
+    - MmUnmapIoSpace
+    - KeDelayExecutionThread
+    - PsCreateSystemThread
+    - IoStartNextPacket
+    - PsTerminateSystemThread
+    - ExEventObjectType
+    - MmMapIoSpace
+    - IoDeleteDevice
+    - ObReferenceObjectByHandle
+    - KeWaitForSingleObject
+    - KeReleaseSemaphore
+    - ObfDereferenceObject
+    - IoReleaseCancelSpinLock
+    - IoAcquireCancelSpinLock
+    - IoStartPacket
+    - IofCompleteRequest
+    - KeRemoveEntryDeviceQueue
+    - KeBugCheckEx
+    - RtlInitUnicodeString
+    - ZwClose
+    - IoDeleteSymbolicLink
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: 338a98e1c27bc76f09331fcd7ae413a5
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 9e4425704fab855e1d15d14884b50fc4
+        SHA1: fc1001bb82b6e079b79ce69deb28d7e2c44b50d7
+        SHA256: b5dd410353c4011fe699e4a824a89792144f5a11c756f64d5b5acfea3a9f1c8a
+    SHA1: 9c24dd75e4074041dbe03bf21f050c77d748b8e9
+    SHA256: 60c6f4f34c7319cb3f9ca682e59d92711a05a2688badbae4891b1303cd384813
+    Sections:
+        .text:
+            Entropy: 6.305327851031941
+            Virtual Size: '0x169a'
+        .rdata:
+            Entropy: 4.500724574112924
+            Virtual Size: '0x274'
+        .data:
+            Entropy: 0.4546683345547283
+            Virtual Size: '0x13c'
+        .pdata:
+            Entropy: 3.739340463595429
+            Virtual Size: '0x108'
+        INIT:
+            Entropy: 5.356916760341437
+            Virtual Size: '0x560'
+    Signature:
+    - BIOSTAR MICROTECH INT'L CORP
+    - VeriSign Class 3 Code Signing 2010 CA
+    - VeriSign
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=TW, ST=TAIPEI HSIEN, L=HSIN TIEN, O=BIOSTAR MICROTECH INT'L
+                CORP, OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=BIOSTAR
+                MICROTECH INT'L CORP
+            ValidFrom: '2013-08-26 00:00:00'
+            ValidTo: '2016-11-24 23:59:59'
+            Signature: 08f8dc4cc28122b327a65f1a10cc4ecb3bd6589e01f7c5677d9e8621c1134c6728007b58718aae4b35f14dd52e537626115f06baee260ff9200684ecf5eb0d30a415d4c1c3ca33d7ac85fbb343ec52c7c0e6c0d8e6d8e35e7738fe6eba1555dfda7a698c4fecf77a7108060989ebcfbd2468615f5ba1c3b7c60ebcd14d03e64bd04f42a1cc0d0fe67ce7b725f3415f1cc465e07fbb46fa3b5e0783c184c25366c7b09e8272c83d8e467ecf2b835fae9ccbd89ad3e2625a5e494cd08abe6f43dda05e1abde42b918f76e29c801e94981e59fdb7750e146e9a062eb939fb1d1e18df1f323d88c871acf85b5369669a12d21eb4443322801abf420a9c9a56fd682b
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 32ba71c02f695ce02de7e6be26c4e481
+            Version: 3
+            TBS:
+                MD5: 63308081ef616eacfd255ea80348d48e
+                SHA1: 71101c0cb853bbae1723d1b1fe54acc512bbc1c5
+                SHA256: 742cc2473ca94322239868d3930b1c7dc43c47e476d96676e4e05e192646b8e7
+                SHA384: c98dc933ece7503d27498db2e37e5ab9e1ca3c8ddd7ce22eea3faf9ab86361945396553fb6d2898cee4444ecea8e7bad
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 32ba71c02f695ce02de7e6be26c4e481
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 095c0cdb9c0421da216371c1f4e8790e
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/d2806397-9ceb-47c8-b5f3-3aabec182ff5.yaml b/yaml/d2806397-9ceb-47c8-b5f3-3aabec182ff5.yaml
index 057087463..bf43f6681 100644
--- a/yaml/d2806397-9ceb-47c8-b5f3-3aabec182ff5.yaml
+++ b/yaml/d2806397-9ceb-47c8-b5f3-3aabec182ff5.yaml
@@ -1,359 +1,361 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: d2806397-9ceb-47c8-b5f3-3aabec182ff5
+Tags:
+- NCHGBIOS2x64.SYS
+Verified: 'TRUE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create NCHGBIOS2x64.SYS binPath=C:\windows\temp\NCHGBIOS2x64.SYS     type=kernel
-    && sc.exe start NCHGBIOS2x64.SYS
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/314384b40626800b1cde6fbc51ebc7d13e91398be2688c2a58354aa08d00b073.yara
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: d2806397-9ceb-47c8-b5f3-3aabec182ff5
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 188d9708ba2de146c555d484668decee
-    SHA1: bb209301f3785febdd7bdeb717cbd66340ad5c65
-    SHA256: c4031eb0a40137c4ab6d2dbdd2755135c63ab137a0aeb74a7bbea6617b96f0a7
-  Company: TOSHIBA Corporation
-  Copyright: Copyright (C) 1999-2012 TOSHIBA Corporation. All Rights Reserved.
-  CreationTimestamp: '2013-01-14 18:59:36'
-  Date: ''
-  Description: BIOS Update Driver For Windows x64 Edition
-  ExportedFunctions: ''
-  FileVersion: '4.2.4.0 built by: WinDDK'
-  Filename: NCHGBIOS2x64.SYS
-  ImportedFunctions:
-  - MmFreeContiguousMemory
-  - MmUnmapIoSpace
-  - MmGetPhysicalAddress
-  - MmMapLockedPagesSpecifyCache
-  - MmMapIoSpace
-  - IoDeleteDevice
-  - RtlCompareMemory
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - MmAllocateContiguousMemory
-  - KeBugCheckEx
-  - RtlInitUnicodeString
-  - IofCompleteRequest
-  - IoDeleteSymbolicLink
-  - HalGetBusDataByOffset
-  - HalSetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: NCHGBIOS2x64.SYS
-  MD5: d9ce18960c23f38706ae9c6584d9ac90
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: NCHGBIOS2x64.SYS
-  Product: TOSHIBA BIOS Package
-  ProductVersion: 4.2.4.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 4f7e6e3302752393762ddd4d1a565b0c
-    SHA1: ac6c7cb3e72e66d733fd1817b782a649bc25811d
-    SHA256: efa5b383c248bf104da76a7f6f6c20360df7352644a1b7caf6258ccd47bbe499
-  SHA1: d0d39e1061f30946141b6ecfa0957f8cc3ddeb63
-  SHA256: 314384b40626800b1cde6fbc51ebc7d13e91398be2688c2a58354aa08d00b073
-  Sections:
-    .text:
-      Entropy: 6.182986303938289
-      Virtual Size: '0x110c'
-    .rdata:
-      Entropy: 4.711762585600857
-      Virtual Size: '0x1a8'
-    .data:
-      Entropy: 0.5035334969292564
-      Virtual Size: '0x118'
-    .pdata:
-      Entropy: 3.2580562234004296
-      Virtual Size: '0x6c'
-    INIT:
-      Entropy: 4.903742587310438
-      Virtual Size: '0x2ae'
-    .rsrc:
-      Entropy: 3.4356081026839522
-      Virtual Size: '0x410'
-  Signature:
-  - TOSHIBA CORPORATION
-  - VeriSign Class 3 Code Signing 2010 CA
-  - VeriSign
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=JP, ST=Tokyo, L=1,1 Shibaura, 1,chome, Minato,ku, O=TOSHIBA CORPORATION,
-        OU=Digital ID Class 3 , Microsoft Software Validation v2, OU=TOSHIBA CORPORATION,
-        CN=TOSHIBA CORPORATION
-      ValidFrom: '2012-04-05 00:00:00'
-      ValidTo: '2013-04-05 23:59:59'
-      Signature: d34cb4523367a2f1c3ac6cd7b60573565e4fb4408ebcd1b7b81a8c550df4c0cf8c5e4866f934b8cdc853c990a24134f098d4429befd62b07fdbfac78fec80ddb218b3a9311dec9d98fdba32ce0c2db6a40564212794311eaeb7459f19b355721a28e16c9e8d859983ce0d4c090baa076662d30e34385fea849917de462ced4be80e7b08b9a50493a5f59c84cc5f3258c8c85722cb2146e8470fe3f2a3ef9ad35a2e0ddd1227cdcc25b14e51d3eadea817412652ed9af9812fa86110376c487d0fc7370fdf9f9a5ad214e4c9e0ce464137965f8b6ef1c63a0743c1f127a910da444a05415b072ce6d3ce64e82368ac06a66d6d0a53a343ce06fe248cbb70d465a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 4dfa235fb8e4e89715cc62facb68438d
-      Version: 3
-      TBS:
-        MD5: 91ef24d360937dc7a131e11bd0ec6224
-        SHA1: 25bd894d25596a11b1ea317bf25d4774fc19ee4c
-        SHA256: 120afcbfa6317121a8255d79d9216cacb1545acf8b27f63c5e9f50e208d9abeb
-        SHA384: 5ec40867f9174220893b801f465c81b00e6ccc52ecc401768d55e1c0c9c7943187500707978dfcd1feeab13d72857412
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 4dfa235fb8e4e89715cc62facb68438d
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 17a9b50297a2334d8e9dfc3411bbe8ab
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: cedf27970826b662ee8b0de712b55804
-    SHA1: a50d03e73f06b42e5d3b8eca737fca51af666e1e
-    SHA256: 85686a6dec96776c2e8510fea7ca198b84429fb0b756a2d87ee1cc4570ac9b87
-  Company: TOSHIBA Corporation
-  Copyright: Copyright (C) 1999-2010 TOSHIBA Corporation. All Rights Reserved.
-  CreationTimestamp: '2010-12-16 06:08:35'
-  Date: ''
-  Description: BIOS Update Driver For Windows x64 Edition
-  ExportedFunctions: ''
-  FileVersion: '4.1.0.0 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - IoIs32bitProcess
-  - MmFreeContiguousMemory
-  - MmUnmapIoSpace
-  - MmGetPhysicalAddress
-  - MmMapLockedPagesSpecifyCache
-  - MmMapIoSpace
-  - IoDeleteDevice
-  - RtlCompareMemory
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - MmAllocateContiguousMemory
-  - KeBugCheckEx
-  - RtlInitUnicodeString
-  - IofCompleteRequest
-  - IoDeleteSymbolicLink
-  - HalGetBusDataByOffset
-  - HalSetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: NCHGBIOS2x64.SYS
-  MD5: 6e2178dc5f9e37e6b4b6cbdaef1b12b1
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: NCHGBIOS2x64.SYS
-  PDBPath: ''
-  Product: TOSHIBA BIOS Package
-  ProductVersion: 4.1.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 9273acec702ef7dbf3993013b2c001b4
-    SHA1: 203c5b06ad16226d3cfa537ccb1412fcb70218bc
-    SHA256: 97c0963f3ac97113ddec9407a97dfef856df510fc51b2c899c71f1e3f2e4fa82
-  SHA1: 091df975fa983e4ad44435ca092dbf84911f28a5
-  SHA256: 7d4ca5760b6ad2e4152080e115f040f9d42608d2c7d7f074a579f911d06c8cf8
-  Sections:
-    .text:
-      Entropy: 6.20314019431998
-      Virtual Size: '0x112c'
-    .rdata:
-      Entropy: 4.606069325843521
-      Virtual Size: '0x1b8'
-    .data:
-      Entropy: 0.5035334969292564
-      Virtual Size: '0x118'
-    .pdata:
-      Entropy: 3.25805622340043
-      Virtual Size: '0x6c'
-    INIT:
-      Entropy: 4.914629955349568
-      Virtual Size: '0x2ca'
-    .rsrc:
-      Entropy: 3.418422854912434
-      Virtual Size: '0x410'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=JP, ST=Tokyo, L=1,1 Shibaura, 1,chome, Minato,ku, O=TOSHIBA CORPORATION,
-        OU=Digital ID Class 3 , Microsoft Software Validation v2, OU=TOSHIBA CORPORATION,
-        CN=TOSHIBA CORPORATION
-      ValidFrom: '2010-04-22 00:00:00'
-      ValidTo: '2011-04-22 23:59:59'
-      Signature: 1b0a053791d4efe2a37a3a58620359c1c41196f246c518778b2a48752073b125f823aeab26613cf222fb496c5c257ae5a2d29c9b6be0749636b1e3dd041e7ac9373e57e8e650f6d54d19fa78d954aef45995eb99a1213bff7dc72973047b83069811becaca46ed4a5d8e1e5d1c584eb2048e5551cbeb77fd8af2d385d7d77a5589ac83e4c1d8ff7056409d3af7e01fe8412cf331190198eabe590ce35d6cd87937824067eb1e809d7add6ef0fc566c6a4987e851cfce9bc716dd41dc043a37fd451e6e63e070f8fd7d31b4968b96c786a4fed2e0423a4db6dd0c52e7fb8a2fd4ddc4c0dbae7b1a344ffe9d4a2bdaf886f33893250640d13b2f31d77a12c10978
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 4b06fb7842759523c64bc79deaa482c6
-      Version: 3
-      TBS:
-        MD5: b5879b02585ebcdb899f6ff09bf4d1ed
-        SHA1: c9b563daca0689780baf6bc6524d86dfd66c2fd8
-        SHA256: 36d22ed370549b7bd7ef59b27cc37d07e9462f9e270fb1f71bd69e3a2be18ba7
-        SHA384: fd931b18ba081535e5862f4e743413eee38ec460c3ffa05c919d1ee41f87674932dbe1a14d7623e66aa1da2e38a86336
-    Signer:
-    - SerialNumber: 4b06fb7842759523c64bc79deaa482c6
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  Imphash: c9f08d92efe88afb2545eb82a8870233
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create NCHGBIOS2x64.SYS binPath=C:\windows\temp\NCHGBIOS2x64.SYS     type=kernel
+        && sc.exe start NCHGBIOS2x64.SYS
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://github.com/eclypsium/Screwed-Drivers/blob/master/DRIVERS.md
-Tags:
-- NCHGBIOS2x64.SYS
-Verified: 'TRUE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/314384b40626800b1cde6fbc51ebc7d13e91398be2688c2a58354aa08d00b073.yara
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 188d9708ba2de146c555d484668decee
+        SHA1: bb209301f3785febdd7bdeb717cbd66340ad5c65
+        SHA256: c4031eb0a40137c4ab6d2dbdd2755135c63ab137a0aeb74a7bbea6617b96f0a7
+    Company: TOSHIBA Corporation
+    Copyright: Copyright (C) 1999-2012 TOSHIBA Corporation. All Rights Reserved.
+    CreationTimestamp: '2013-01-14 18:59:36'
+    Date: ''
+    Description: BIOS Update Driver For Windows x64 Edition
+    ExportedFunctions: ''
+    FileVersion: '4.2.4.0 built by: WinDDK'
+    Filename: NCHGBIOS2x64.SYS
+    ImportedFunctions:
+    - MmFreeContiguousMemory
+    - MmUnmapIoSpace
+    - MmGetPhysicalAddress
+    - MmMapLockedPagesSpecifyCache
+    - MmMapIoSpace
+    - IoDeleteDevice
+    - RtlCompareMemory
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - MmAllocateContiguousMemory
+    - KeBugCheckEx
+    - RtlInitUnicodeString
+    - IofCompleteRequest
+    - IoDeleteSymbolicLink
+    - HalGetBusDataByOffset
+    - HalSetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: NCHGBIOS2x64.SYS
+    MD5: d9ce18960c23f38706ae9c6584d9ac90
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: NCHGBIOS2x64.SYS
+    Product: TOSHIBA BIOS Package
+    ProductVersion: 4.2.4.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 4f7e6e3302752393762ddd4d1a565b0c
+        SHA1: ac6c7cb3e72e66d733fd1817b782a649bc25811d
+        SHA256: efa5b383c248bf104da76a7f6f6c20360df7352644a1b7caf6258ccd47bbe499
+    SHA1: d0d39e1061f30946141b6ecfa0957f8cc3ddeb63
+    SHA256: 314384b40626800b1cde6fbc51ebc7d13e91398be2688c2a58354aa08d00b073
+    Sections:
+        .text:
+            Entropy: 6.182986303938289
+            Virtual Size: '0x110c'
+        .rdata:
+            Entropy: 4.711762585600857
+            Virtual Size: '0x1a8'
+        .data:
+            Entropy: 0.5035334969292564
+            Virtual Size: '0x118'
+        .pdata:
+            Entropy: 3.2580562234004296
+            Virtual Size: '0x6c'
+        INIT:
+            Entropy: 4.903742587310438
+            Virtual Size: '0x2ae'
+        .rsrc:
+            Entropy: 3.4356081026839522
+            Virtual Size: '0x410'
+    Signature:
+    - TOSHIBA CORPORATION
+    - VeriSign Class 3 Code Signing 2010 CA
+    - VeriSign
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=JP, ST=Tokyo, L=1,1 Shibaura, 1,chome, Minato,ku, O=TOSHIBA
+                CORPORATION, OU=Digital ID Class 3 , Microsoft Software Validation
+                v2, OU=TOSHIBA CORPORATION, CN=TOSHIBA CORPORATION
+            ValidFrom: '2012-04-05 00:00:00'
+            ValidTo: '2013-04-05 23:59:59'
+            Signature: d34cb4523367a2f1c3ac6cd7b60573565e4fb4408ebcd1b7b81a8c550df4c0cf8c5e4866f934b8cdc853c990a24134f098d4429befd62b07fdbfac78fec80ddb218b3a9311dec9d98fdba32ce0c2db6a40564212794311eaeb7459f19b355721a28e16c9e8d859983ce0d4c090baa076662d30e34385fea849917de462ced4be80e7b08b9a50493a5f59c84cc5f3258c8c85722cb2146e8470fe3f2a3ef9ad35a2e0ddd1227cdcc25b14e51d3eadea817412652ed9af9812fa86110376c487d0fc7370fdf9f9a5ad214e4c9e0ce464137965f8b6ef1c63a0743c1f127a910da444a05415b072ce6d3ce64e82368ac06a66d6d0a53a343ce06fe248cbb70d465a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 4dfa235fb8e4e89715cc62facb68438d
+            Version: 3
+            TBS:
+                MD5: 91ef24d360937dc7a131e11bd0ec6224
+                SHA1: 25bd894d25596a11b1ea317bf25d4774fc19ee4c
+                SHA256: 120afcbfa6317121a8255d79d9216cacb1545acf8b27f63c5e9f50e208d9abeb
+                SHA384: 5ec40867f9174220893b801f465c81b00e6ccc52ecc401768d55e1c0c9c7943187500707978dfcd1feeab13d72857412
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 4dfa235fb8e4e89715cc62facb68438d
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 17a9b50297a2334d8e9dfc3411bbe8ab
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: cedf27970826b662ee8b0de712b55804
+        SHA1: a50d03e73f06b42e5d3b8eca737fca51af666e1e
+        SHA256: 85686a6dec96776c2e8510fea7ca198b84429fb0b756a2d87ee1cc4570ac9b87
+    Company: TOSHIBA Corporation
+    Copyright: Copyright (C) 1999-2010 TOSHIBA Corporation. All Rights Reserved.
+    CreationTimestamp: '2010-12-16 06:08:35'
+    Date: ''
+    Description: BIOS Update Driver For Windows x64 Edition
+    ExportedFunctions: ''
+    FileVersion: '4.1.0.0 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - IoIs32bitProcess
+    - MmFreeContiguousMemory
+    - MmUnmapIoSpace
+    - MmGetPhysicalAddress
+    - MmMapLockedPagesSpecifyCache
+    - MmMapIoSpace
+    - IoDeleteDevice
+    - RtlCompareMemory
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - MmAllocateContiguousMemory
+    - KeBugCheckEx
+    - RtlInitUnicodeString
+    - IofCompleteRequest
+    - IoDeleteSymbolicLink
+    - HalGetBusDataByOffset
+    - HalSetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: NCHGBIOS2x64.SYS
+    MD5: 6e2178dc5f9e37e6b4b6cbdaef1b12b1
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: NCHGBIOS2x64.SYS
+    PDBPath: ''
+    Product: TOSHIBA BIOS Package
+    ProductVersion: 4.1.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 9273acec702ef7dbf3993013b2c001b4
+        SHA1: 203c5b06ad16226d3cfa537ccb1412fcb70218bc
+        SHA256: 97c0963f3ac97113ddec9407a97dfef856df510fc51b2c899c71f1e3f2e4fa82
+    SHA1: 091df975fa983e4ad44435ca092dbf84911f28a5
+    SHA256: 7d4ca5760b6ad2e4152080e115f040f9d42608d2c7d7f074a579f911d06c8cf8
+    Sections:
+        .text:
+            Entropy: 6.20314019431998
+            Virtual Size: '0x112c'
+        .rdata:
+            Entropy: 4.606069325843521
+            Virtual Size: '0x1b8'
+        .data:
+            Entropy: 0.5035334969292564
+            Virtual Size: '0x118'
+        .pdata:
+            Entropy: 3.25805622340043
+            Virtual Size: '0x6c'
+        INIT:
+            Entropy: 4.914629955349568
+            Virtual Size: '0x2ca'
+        .rsrc:
+            Entropy: 3.418422854912434
+            Virtual Size: '0x410'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=JP, ST=Tokyo, L=1,1 Shibaura, 1,chome, Minato,ku, O=TOSHIBA
+                CORPORATION, OU=Digital ID Class 3 , Microsoft Software Validation
+                v2, OU=TOSHIBA CORPORATION, CN=TOSHIBA CORPORATION
+            ValidFrom: '2010-04-22 00:00:00'
+            ValidTo: '2011-04-22 23:59:59'
+            Signature: 1b0a053791d4efe2a37a3a58620359c1c41196f246c518778b2a48752073b125f823aeab26613cf222fb496c5c257ae5a2d29c9b6be0749636b1e3dd041e7ac9373e57e8e650f6d54d19fa78d954aef45995eb99a1213bff7dc72973047b83069811becaca46ed4a5d8e1e5d1c584eb2048e5551cbeb77fd8af2d385d7d77a5589ac83e4c1d8ff7056409d3af7e01fe8412cf331190198eabe590ce35d6cd87937824067eb1e809d7add6ef0fc566c6a4987e851cfce9bc716dd41dc043a37fd451e6e63e070f8fd7d31b4968b96c786a4fed2e0423a4db6dd0c52e7fb8a2fd4ddc4c0dbae7b1a344ffe9d4a2bdaf886f33893250640d13b2f31d77a12c10978
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 4b06fb7842759523c64bc79deaa482c6
+            Version: 3
+            TBS:
+                MD5: b5879b02585ebcdb899f6ff09bf4d1ed
+                SHA1: c9b563daca0689780baf6bc6524d86dfd66c2fd8
+                SHA256: 36d22ed370549b7bd7ef59b27cc37d07e9462f9e270fb1f71bd69e3a2be18ba7
+                SHA384: fd931b18ba081535e5862f4e743413eee38ec460c3ffa05c919d1ee41f87674932dbe1a14d7623e66aa1da2e38a86336
+        Signer:
+        -   SerialNumber: 4b06fb7842759523c64bc79deaa482c6
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    Imphash: c9f08d92efe88afb2545eb82a8870233
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/d3111e83-52eb-4a8c-817d-761ea72d37e2.yaml b/yaml/d3111e83-52eb-4a8c-817d-761ea72d37e2.yaml
index 039e7a2af..0647fc121 100644
--- a/yaml/d3111e83-52eb-4a8c-817d-761ea72d37e2.yaml
+++ b/yaml/d3111e83-52eb-4a8c-817d-761ea72d37e2.yaml
@@ -1,38 +1,38 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: d3111e83-52eb-4a8c-817d-761ea72d37e2
+Tags:
+- fgme.sys
+Verified: 'FALSE'
 Author: Guus Verbeek
-Category: malicious
-Commands:
-  Command: sc.exe create fgme.sys binPath=C:\windows\temp\fgme.sys type=kernel &&
-    sc.exe start fgme.sys
-  Description: BlackCat Ransomware Deploys New Signed Kernel Driver. BlackCat ransomware
-    incident that occurred in February 2023.
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-06-05'
-Detection: []
-Id: d3111e83-52eb-4a8c-817d-761ea72d37e2
-KnownVulnerableSamples:
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: fgme.sys
-  MD5: ''
-  MachineType: ''
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: 0bec69c1b22603e9a385495fbe94700ac36b28e5
-  SHA256: ''
-  Signature: ''
-  LoadsDespiteHVCI: 'TRUE'
 MitreID: T1068
+Category: malicious
+Commands:
+    Command: sc.exe create fgme.sys binPath=C:\windows\temp\fgme.sys type=kernel &&
+        sc.exe start fgme.sys
+    Description: BlackCat Ransomware Deploys New Signed Kernel Driver. BlackCat ransomware
+        incident that occurred in February 2023.
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://www.trendmicro.com/en_us/research/23/e/blackcat-ransomware-deploys-new-signed-kernel-driver.html
-Tags:
-- fgme.sys
-Verified: 'FALSE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: fgme.sys
+    MD5: ''
+    MachineType: ''
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: 0bec69c1b22603e9a385495fbe94700ac36b28e5
+    SHA256: ''
+    Signature: ''
+    LoadsDespiteHVCI: 'TRUE'
diff --git a/yaml/d35cb48d-2aca-4d7d-a194-f4566183bcd9.yaml b/yaml/d35cb48d-2aca-4d7d-a194-f4566183bcd9.yaml
index a8d53a97e..831db824e 100644
--- a/yaml/d35cb48d-2aca-4d7d-a194-f4566183bcd9.yaml
+++ b/yaml/d35cb48d-2aca-4d7d-a194-f4566183bcd9.yaml
@@ -1,32555 +1,32612 @@
 Id: d35cb48d-2aca-4d7d-a194-f4566183bcd9
+Tags:
+- TmComm.sys
+Verified: 'TRUE'
 Author: Nasreddine Bencherchali
 Created: '2023-05-06'
 MitreID: T1068
 Category: vulnerable driver
-Verified: 'TRUE'
 Commands:
-  Command: sc.exe create TmComm.sys binPath=C:\windows\temp\TmComm.sys type=kernel
-    && sc.exe start TmComm.sys
-  Description: ''
-  Usecase: Elevate privileges
-  Privileges: kernel
-  OperatingSystem: Windows 10
+    Command: sc.exe create TmComm.sys binPath=C:\windows\temp\TmComm.sys type=kernel
+        && sc.exe start TmComm.sys
+    Description: ''
+    Usecase: Elevate privileges
+    Privileges: kernel
+    OperatingSystem: Windows 10
 Resources:
 - Internal Research
-Acknowledgement:
-  Person: ''
-  Handle: ''
 Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Person: ''
+    Handle: ''
 KnownVulnerableSamples:
-- Filename: TmComm.sys
-  MD5: 34686a4b10f239d781772e9e94486c1a
-  SHA1: 8a922499f7a1b978555b46c30f90de1339760c74
-  SHA256: 0909005d625866ef8ccd8ae8af5745a469f4f70561b644d6e38b80bccb53eb06
-  Authentihash:
-    MD5: ebd5f8589975be817ecd3c281055d4a7
-    SHA1: ebd74b4fecfb48c28cdf11f123e0364c9e9852ea
-    SHA256: 66539655171ddff02d8134241c58a53de3faa6467db7be14131e04b99ef33cee
-  Description: TrendMicro Common Module
-  Company: Trend Micro Inc.
-  InternalName: TmComm.sys
-  OriginalFilename: TmComm.sys
-  FileVersion: 6.70.0.1106
-  Product: Trend Micro Eyes
-  ProductVersion: '6.70'
-  Copyright: Copyright  (C)  2017 Trend Micro Incorporated. All rights reserved.
-  MachineType: I386
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  - CLASSPNP.SYS
-  ExportedFunctions:
-  - ??0CAutoUpdateConfigThread@@QAE@ABV0@@Z
-  - ??0CAutoUpdateConfigThread@@QAE@PAU_UNICODE_STRING@@P6GX0PAX@Z1@Z
-  - ??0CBlobConfig@@QAE@ABV0@@Z
-  - ??0CBlobConfig@@QAE@K@Z
-  - ??0CContext@@QAE@ABV0@@Z
-  - ??0CContext@@QAE@KP6GJPAU_EVENT_REPORT@@PAXPAU_TMCE_REPORT@@PAU_TMCE_FEEDBACK@@@Z1K@Z
-  - ??0CContextList@@QAE@ABV0@@Z
-  - ??0CContextList@@QAE@KPAVIMemoryAllocator@@@Z
-  - ??0CDebugLog@@QAE@ABV0@@Z
-  - ??0CDebugLog@@QAE@PBG@Z
-  - ??0CDebugLogEx@@QAE@ABV0@@Z
-  - ??0CDebugLogEx@@QAE@K@Z
-  - ??0CDelayLoadThread@@QAE@ABV0@@Z
-  - ??0CDelayLoadThread@@QAE@XZ
-  - ??0CExclusionExtConfig@@QAE@ABV0@@Z
-  - ??0CExclusionExtConfig@@QAE@KKE@Z
-  - ??0CExclusionFileNameConfig@@QAE@ABV0@@Z
-  - ??0CExclusionFileNameConfig@@QAE@KK@Z
-  - ??0CExclusionFilePathConfig@@QAE@ABV0@@Z
-  - ??0CExclusionFilePathConfig@@QAE@KK@Z
-  - ??0CExclusionFolderConfig@@QAE@ABV0@@Z
-  - ??0CExclusionFolderConfig@@QAE@KK@Z
-  - ??0CExclusionRegistryConfig@@QAE@ABV0@@Z
-  - ??0CExclusionRegistryConfig@@QAE@KK@Z
-  - ??0CFile@@QAE@ABV0@@Z
-  - ??0CFile@@QAE@E@Z
-  - ??0CFileExtension@@QAE@ABV0@@Z
-  - ??0CFileExtension@@QAE@KEEPAVIMemoryAllocator@@@Z
-  - ??0CInclusionExtConfig@@QAE@ABV0@@Z
-  - ??0CInclusionExtConfig@@QAE@KKE@Z
-  - ??0CInclusionFileNameConfig@@QAE@ABV0@@Z
-  - ??0CInclusionFileNameConfig@@QAE@KK@Z
-  - ??0CInclusionFilePathConfig@@QAE@ABV0@@Z
-  - ??0CInclusionFilePathConfig@@QAE@KK@Z
-  - ??0CInclusionFolderConfig@@QAE@ABV0@@Z
-  - ??0CInclusionFolderConfig@@QAE@KK@Z
-  - ??0CKEvent@@QAE@ABV0@@Z
-  - ??0CKEvent@@QAE@W4_EVENT_TYPE@@E@Z
-  - ??0CList@@QAE@ABV0@@Z
-  - ??0CList@@QAE@KPAVIMemoryAllocator@@@Z
-  - ??0CLockEvent@@QAE@ABV0@@Z
-  - ??0CLockEvent@@QAE@XZ
-  - ??0CLockList@@QAE@ABV0@@Z
-  - ??0CLockList@@QAE@KKPAVIMemoryAllocator@@@Z
-  - ??0CMemoryAllocator@@IAE@W4_POOL_TYPE@@K@Z
-  - ??0CMemoryAllocator@@QAE@ABV0@@Z
-  - ??0CMemoryPoolAllocator@@IAE@W4_POOL_TYPE@@KKK@Z
-  - ??0CMemoryPoolAllocator@@QAE@ABV0@@Z
-  - ??0CModuleConfig@@QAE@ABV0@@Z
-  - ??0CModuleConfig@@QAE@XZ
-  - ??0CModuleConfigList@@QAE@ABV0@@Z
-  - ??0CModuleConfigList@@QAE@KPAVIMemoryAllocator@@@Z
-  - ??0CModuleFileExtConfig@@QAE@ABV0@@Z
-  - ??0CModuleFileExtConfig@@QAE@KKE@Z
-  - ??0CModuleFlagConfig@@QAE@ABV0@@Z
-  - ??0CModuleFlagConfig@@QAE@K@Z
-  - ??0CModuleMultiStringConfig@@QAE@ABV0@@Z
-  - ??0CModuleMultiStringConfig@@QAE@KK@Z
-  - ??0CModuleStringConfig@@QAE@ABV0@@Z
-  - ??0CModuleStringConfig@@QAE@K@Z
-  - ??0CNoLockList@@QAE@ABV0@@Z
-  - ??0CNoLockList@@QAE@KKPAVIMemoryAllocator@@@Z
-  - ??0CSmartLock@@QAE@AAVCLockEvent@@@Z
-  - ??0CSmartLock@@QAE@XZ
-  - ??0CSmartReference@@QAE@AAJ@Z
-  - ??0CSmartReference@@QAE@AAK@Z
-  - ??0CSmartResource@@QAE@AAVCResource@@E@Z
-  - ??0CStrList@@QAE@ABV0@@Z
-  - ??0CStrList@@QAE@KPAVIMemoryAllocator@@@Z
-  - ??0CSystemThread@@QAE@ABV0@@Z
-  - ??0CSystemThread@@QAE@K@Z
-  - ??0CUserFuncAdapterJob@@QAE@ABV0@@Z
-  - ??0CUserFuncAdapterJob@@QAE@P6GXPAX@Z01@Z
-  - ??0CWorkerThread@@IAE@PAVCWorkerThreadJobQueue@@@Z
-  - ??0CWorkerThread@@QAE@ABV0@@Z
-  - ??0CWorkerThreadJob@@QAE@ABV0@@Z
-  - ??0CWorkerThreadJob@@QAE@E@Z
-  - ??0CWorkerThreadJobQueue@@QAE@ABV0@@Z
-  - ??0CWorkerThreadJobQueue@@QAE@K@Z
-  - ??0CWorkerThreadPool@@QAE@ABV0@@Z
-  - ??0CWorkerThreadPool@@QAE@K@Z
-  - ??0CWorkerThreadPoolEx@@QAE@ABV0@@Z
-  - ??0CWorkerThreadPoolEx@@QAE@KK@Z
-  - ??0IMemoryAllocator@@QAE@ABV0@@Z
-  - ??0IMemoryAllocator@@QAE@XZ
-  - ??1CAutoUpdateConfigThread@@UAE@XZ
-  - ??1CBlobConfig@@UAE@XZ
-  - ??1CContext@@UAE@XZ
-  - ??1CContextList@@UAE@XZ
-  - ??1CDebugLog@@UAE@XZ
-  - ??1CDebugLogEx@@UAE@XZ
-  - ??1CDelayLoadThread@@UAE@XZ
-  - ??1CExclusionExtConfig@@UAE@XZ
-  - ??1CExclusionFileNameConfig@@UAE@XZ
-  - ??1CExclusionFilePathConfig@@UAE@XZ
-  - ??1CExclusionFolderConfig@@UAE@XZ
-  - ??1CExclusionRegistryConfig@@UAE@XZ
-  - ??1CFile@@UAE@XZ
-  - ??1CFileExtension@@UAE@XZ
-  - ??1CInclusionExtConfig@@UAE@XZ
-  - ??1CInclusionFileNameConfig@@UAE@XZ
-  - ??1CInclusionFilePathConfig@@UAE@XZ
-  - ??1CInclusionFolderConfig@@UAE@XZ
-  - ??1CKEvent@@UAE@XZ
-  - ??1CList@@UAE@XZ
-  - ??1CLockEvent@@UAE@XZ
-  - ??1CLockList@@UAE@XZ
-  - ??1CMemoryAllocator@@UAE@XZ
-  - ??1CMemoryPoolAllocator@@UAE@XZ
-  - ??1CModuleConfig@@UAE@XZ
-  - ??1CModuleConfigList@@UAE@XZ
-  - ??1CModuleFileExtConfig@@UAE@XZ
-  - ??1CModuleFlagConfig@@UAE@XZ
-  - ??1CModuleMultiStringConfig@@UAE@XZ
-  - ??1CModuleStringConfig@@UAE@XZ
-  - ??1CNoLockList@@UAE@XZ
-  - ??1CSmartLock@@QAE@XZ
-  - ??1CSmartReference@@QAE@XZ
-  - ??1CSmartResource@@QAE@XZ
-  - ??1CStrList@@UAE@XZ
-  - ??1CSystemThread@@UAE@XZ
-  - ??1CUserFuncAdapterJob@@UAE@XZ
-  - ??1CWorkerThread@@UAE@XZ
-  - ??1CWorkerThreadJob@@UAE@XZ
-  - ??1CWorkerThreadJobQueue@@UAE@XZ
-  - ??1CWorkerThreadPool@@UAE@XZ
-  - ??1CWorkerThreadPoolEx@@UAE@XZ
-  - ??1IMemoryAllocator@@UAE@XZ
-  - ??2@YAPAXIPAVIMemoryAllocator@@PBDK@Z
-  - ??2CMemoryAllocator@@SGPAXI@Z
-  - ??2CMemoryPoolAllocator@@SGPAXI@Z
-  - ??3@YAXPAX@Z
-  - ??3IMemoryAllocator@@SGXPAX@Z
-  - ??4CAutoUpdateConfigThread@@QAEAAV0@ABV0@@Z
-  - ??4CBlobConfig@@QAEAAV0@ABV0@@Z
-  - ??4CContext@@QAEAAV0@ABV0@@Z
-  - ??4CDebugLog@@QAEAAV0@ABV0@@Z
-  - ??4CDebugLogEx@@QAEAAV0@ABV0@@Z
-  - ??4CDelayLoadThread@@QAEAAV0@ABV0@@Z
-  - ??4CFile@@QAEAAV0@ABV0@@Z
-  - ??4CKEvent@@QAEAAV0@ABV0@@Z
-  - ??4CLockEvent@@QAEAAV0@ABV0@@Z
-  - ??4CMemoryAllocator@@QAEAAV0@ABV0@@Z
-  - ??4CMemoryPoolAllocator@@QAEAAV0@ABV0@@Z
-  - ??4CModuleConfig@@QAEAAV0@ABV0@@Z
-  - ??4CModuleFlagConfig@@QAEAAV0@ABV0@@Z
-  - ??4CModuleStringConfig@@QAEAAV0@ABV0@@Z
-  - ??4CSmartLock@@QAEAAV0@ABV0@@Z
-  - ??4CSmartLock@@QAEABV0@AAVCLockEvent@@@Z
-  - ??4CSmartResource@@QAEAAV0@ABV0@@Z
-  - ??4CSystemThread@@QAEAAV0@ABV0@@Z
-  - ??4CUserFuncAdapterJob@@QAEAAV0@ABV0@@Z
-  - ??4CWorkerThread@@QAEAAV0@ABV0@@Z
-  - ??4CWorkerThreadJob@@QAEAAV0@ABV0@@Z
-  - ??4IMemoryAllocator@@QAEAAV0@ABV0@@Z
-  - ??_7CAutoUpdateConfigThread@@6B@
-  - ??_7CBlobConfig@@6B@
-  - ??_7CContext@@6B@
-  - ??_7CContextList@@6B@
-  - ??_7CDebugLog@@6B@
-  - ??_7CDebugLogEx@@6B@
-  - ??_7CDelayLoadThread@@6B@
-  - ??_7CExclusionExtConfig@@6B@
-  - ??_7CExclusionFileNameConfig@@6B@
-  - ??_7CExclusionFilePathConfig@@6B@
-  - ??_7CExclusionFolderConfig@@6B@
-  - ??_7CExclusionRegistryConfig@@6B@
-  - ??_7CFile@@6B@
-  - ??_7CFileExtension@@6B@
-  - ??_7CInclusionExtConfig@@6B@
-  - ??_7CInclusionFileNameConfig@@6B@
-  - ??_7CInclusionFilePathConfig@@6B@
-  - ??_7CInclusionFolderConfig@@6B@
-  - ??_7CKEvent@@6B@
-  - ??_7CList@@6B@
-  - ??_7CLockEvent@@6B@
-  - ??_7CLockList@@6B@
-  - ??_7CMemoryAllocator@@6B@
-  - ??_7CMemoryPoolAllocator@@6B@
-  - ??_7CModuleConfig@@6B@
-  - ??_7CModuleConfigList@@6B@
-  - ??_7CModuleFileExtConfig@@6B@
-  - ??_7CModuleFlagConfig@@6B@
-  - ??_7CModuleMultiStringConfig@@6B@
-  - ??_7CModuleStringConfig@@6B@
-  - ??_7CNoLockList@@6B@
-  - ??_7CStrList@@6B@
-  - ??_7CSystemThread@@6B@
-  - ??_7CUserFuncAdapterJob@@6B@
-  - ??_7CWorkerThread@@6B@
-  - ??_7CWorkerThreadJob@@6B@
-  - ??_7CWorkerThreadJobQueue@@6B@
-  - ??_7CWorkerThreadPool@@6B@
-  - ??_7CWorkerThreadPoolEx@@6B@
-  - ??_7IMemoryAllocator@@6B@
-  - ??_FCContextList@@QAEXXZ
-  - ??_FCFile@@QAEXXZ
-  - ??_FCFileExtension@@QAEXXZ
-  - ??_FCModuleConfigList@@QAEXXZ
-  - ??_FCStrList@@QAEXXZ
-  - ??_FCSystemThread@@QAEXXZ
-  - ??_FCWorkerThread@@QAEXXZ
-  - ??_FCWorkerThreadJob@@QAEXXZ
-  - ??_FCWorkerThreadJobQueue@@QAEXXZ
-  - ??_U@YAPAXIPAVIMemoryAllocator@@PBDK@Z
-  - ??_V@YAXPAX@Z
-  - ?Acquire@CLockEvent@@QAEXXZ
-  - ?Add@CContextList@@QAEEPAVCContext@@@Z
-  - ?Add@CFileExtension@@QAEEPBGK@Z
-  - ?Add@CModuleConfigList@@QAEEPAVCModuleConfig@@@Z
-  - ?Add@CStrList@@QAEEPBG@Z
-  - ?AddNode@CLockList@@UAEEQAXE@Z
-  - ?AddNode@CNoLockList@@UAEEQAXE@Z
-  - ?Alloc@CMemoryAllocator@@UAEPAXKPBDK@Z
-  - ?Alloc@CMemoryPoolAllocator@@UAEPAXKPBDK@Z
-  - ?AllocBlock@CMemoryPoolAllocator@@IAEPAXK@Z
-  - ?AttachJobQueue@CWorkerThread@@QAEXPAVCWorkerThreadJobQueue@@@Z
-  - ?Cancel@CWorkerThreadJob@@QAEXXZ
-  - ?CheckNode@CLockList@@UAEHQAX@Z
-  - ?CheckNode@CNoLockList@@UAEHQAX@Z
-  - ?CleanQueue@CWorkerThreadJobQueue@@QAEXXZ
-  - ?Cleanup@CBlobConfig@@AAEXXZ
-  - ?Cleanup@CModuleFileExtConfig@@IAEXXZ
-  - ?Cleanup@CModuleMultiStringConfig@@IAEXXZ
-  - ?Cleanup@CModuleStringConfig@@AAEXXZ
-  - ?Close@CFile@@QAEJXZ
-  - ?Count@CLockList@@QAEKXZ
-  - ?Count@CNoLockList@@QAEKXZ
-  - ?Create@CFile@@QAEJPBGKKKK@Z
-  - ?Create@CSystemThread@@QAEEXZ
-  - ?CreateInstance@CMemoryAllocator@@SGPAV1@W4_POOL_TYPE@@K@Z
-  - ?CreateInstance@CMemoryPoolAllocator@@SGPAV1@W4_POOL_TYPE@@KKK@Z
-  - ?CreatePool@CWorkerThreadPool@@QAEEXZ
-  - ?CreatePool@CWorkerThreadPoolEx@@QAEEXZ
-  - ?CreateThreads@CWorkerThreadPool@@QAEEK@Z
-  - ?CreateThreads@CWorkerThreadPoolEx@@QAEEK@Z
-  - ?CreateWIRP@CFile@@QAEJPBGKKKK@Z
-  - ?Delete@CFile@@QAEJXZ
-  - ?Delete@CFileExtension@@QAEEPBGK@Z
-  - ?Delete@CStrList@@QAEEPBG@Z
-  - ?DeleteAll@CList@@UAEXXZ
-  - ?DeleteAll@CLockList@@UAEXXZ
-  - ?DeleteAll@CNoLockList@@UAEXXZ
-  - ?DeleteNode@CContextList@@MAEXPAX@Z
-  - ?DeleteNode@CList@@UAEXPAX@Z
-  - ?DeleteNode@CModuleConfigList@@MAEXPAX@Z
-  - ?DeleteNode@CStrList@@EAEXPAU_STR_LIST_NODE@1@@Z
-  - ?DisableWriteProtectFromCR0@@YGXPAPAX@Z
-  - ?DoIt@CWorkerThreadJob@@QAEJXZ
-  - ?EntryPoint@CSystemThread@@KGXPAX@Z
-  - ?Find@CContextList@@QAEPAVCContext@@K@Z
-  - ?Find@CContextList@@QAEPAVCContext@@PAX@Z
-  - ?Find@CFileExtension@@QAEPAU_STR_LIST_NODE@CStrList@@PBGK@Z
-  - ?Find@CModuleConfigList@@QAEPAVCModuleConfig@@K@Z
-  - ?Find@CStrList@@QAEPAU_STR_LIST_NODE@1@PBG@Z
-  - ?FindNode@CContextList@@IAEPAXPAX@Z
-  - ?FindPartiallyAndAllMatch@CStrList@@QAEPAU_STR_LIST_NODE@1@PBG@Z
-  - ?FinishFunction@CUserFuncAdapterJob@@MAEXXZ
-  - ?FinishIt@CWorkerThreadJob@@QAEJXZ
-  - ?First@CList@@UAEPAXXZ
-  - ?First@CLockList@@UAEPAXXZ
-  - ?First@CNoLockList@@UAEPAXXZ
-  - ?Free@CMemoryAllocator@@UAEXPAX@Z
-  - ?Free@CMemoryPoolAllocator@@UAEXPAX@Z
-  - ?GetAttributes@CFile@@QAEKXZ
-  - ?GetBasicInfomration@CFile@@IAEJXZ
-  - ?GetBlobCofig@CContext@@UAEJKPAXPAK@Z
-  - ?GetCategory@CContext@@QAEKXZ
-  - ?GetData@CBlobConfig@@QAEHPAXPAK@Z
-  - ?GetData@CModuleFileExtConfig@@QAEHPAGPAK@Z
-  - ?GetData@CModuleFileExtConfig@@QAEPAVCFileExtension@@XZ
-  - ?GetData@CModuleFlagConfig@@QAEKXZ
-  - ?GetData@CModuleMultiStringConfig@@QAEHPAGPAK@Z
-  - ?GetData@CModuleMultiStringConfig@@QAEPAVCStrList@@XZ
-  - ?GetData@CModuleStringConfig@@QAEPAGXZ
-  - ?GetData@CStrList@@QAEEPAGPAK@Z
-  - ?GetDataType@CModuleConfig@@QAEKXZ
-  - ?GetEngineContext@CContext@@QAEPAXXZ
-  - ?GetFileExtensionConfig@CContext@@QAEPAVCFileExtension@@K@Z
-  - ?GetFileExtensionConfig@CContext@@UAEJKPAGPAK@Z
-  - ?GetFileSize@CFile@@QAEJPAT_LARGE_INTEGER@@@Z
-  - ?GetFileSizeWIRP@CFile@@QAEJPAT_LARGE_INTEGER@@@Z
-  - ?GetFlagConfig@CContext@@UAEJKPAK@Z
-  - ?GetID@CModuleConfig@@QAEKXZ
-  - ?GetJob@CWorkerThreadJobQueue@@QAEPAVCWorkerThreadJob@@XZ
-  - ?GetLength@CModuleStringConfig@@QAEKXZ
-  - ?GetLinkContext@CContext@@QAEPAXXZ
-  - ?GetLogFlag@CDebugLog@@QAEKXZ
-  - ?GetLogFlag@CDebugLogEx@@QAEKXZ
-  - ?GetModuleId@CModuleConfig@@QAEKXZ
-  - ?GetMultiStringConfig@CContext@@QAEPAVCStrList@@K@Z
-  - ?GetMultiStringConfig@CContext@@UAEJKPAGPAK@Z
-  - ?GetOneThreadTEB@CWorkerThreadPool@@QAEPAU_ETHREAD@@XZ
-  - ?GetOneThreadTEB@CWorkerThreadPool@@QAEPAU_KTHREAD@@XZ
-  - ?GetOneThreadTEB@CWorkerThreadPoolEx@@QAEPAU_ETHREAD@@XZ
-  - ?GetOneThreadTEB@CWorkerThreadPoolEx@@QAEPAU_KTHREAD@@XZ
-  - ?GetReportCallBackRoutine@CContext@@QAEKXZ
-  - ?GetSize@CBlobConfig@@QAEKXZ
-  - ?GetStringConfig@CContext@@QAEPAGK@Z
-  - ?GetStringConfig@CContext@@UAEJKPAGPAK@Z
-  - ?GetThreadCount@CWorkerThreadPool@@QAEKXZ
-  - ?GetThreadCount@CWorkerThreadPoolEx@@QAEKXZ
-  - ?GetThreadID@CSystemThread@@QAEKXZ
-  - ?GetType@CContext@@QAEKXZ
-  - ?GetUserParameter@CContext@@QAEKXZ
-  - ?InitProcMon@CDebugLogEx@@IAEXXZ
-  - ?InitializeBlobConfig@CContext@@QAEHKPAXK@Z
-  - ?InitializeFileExtensionConfig@CContext@@QAEHKPBG@Z
-  - ?InitializeFlagConfig@CContext@@QAEHKK@Z
-  - ?InitializeMultiStringConfig@CContext@@QAEHKPBG@Z
-  - ?InitializeStringConfig@CContext@@QAEHKPBG@Z
-  - ?Insert@CList@@UAEXQAXE@Z
-  - ?Insert@CLockList@@UAEXQAXE@Z
-  - ?Insert@CNoLockList@@UAEXQAXE@Z
-  - ?InsertAfter@CList@@UAEXPAX0@Z
-  - ?InsertBefore@CList@@UAEXPAX0@Z
-  - ?Instance@CWorkerThreadPool@@SGPAV1@XZ
-  - ?IsEmpty@CList@@UAEEXZ
-  - ?IsEmpty@CLockList@@UAEEXZ
-  - ?IsEmpty@CNoLockList@@UAEEXZ
-  - ?IsExceedLimitation@CMemoryPoolAllocator@@IAEEK@Z
-  - ?IsFull@CLockList@@QBEEXZ
-  - ?IsFull@CNoLockList@@QBEEXZ
-  - ?IsInExclusionList@CExclusionExtConfig@@QAEEPBG@Z
-  - ?IsInExclusionList@CExclusionFileNameConfig@@QAEEPBG@Z
-  - ?IsInExclusionList@CExclusionFilePathConfig@@QAEEPBG@Z
-  - ?IsInExclusionList@CExclusionFolderConfig@@QAEEPBG@Z
-  - ?IsInExclusionList@CExclusionRegistryConfig@@QAEEPBG@Z
-  - ?IsInInclusionList@CInclusionExtConfig@@QAEEPBG@Z
-  - ?IsInInclusionList@CInclusionFileNameConfig@@QAEEPBG@Z
-  - ?IsInInclusionList@CInclusionFilePathConfig@@QAEEPBG@Z
-  - ?IsInInclusionList@CInclusionFolderConfig@@QAEEPBG@Z
-  - ?IsOpened@CFile@@QAEEXZ
-  - ?IsTerminated@CWorkerThreadPool@@QAEEXZ
-  - ?IsTerminated@CWorkerThreadPoolEx@@QAEEXZ
-  - ?IsValid@CMemoryAllocator@@UAEEXZ
-  - ?IsValid@CMemoryPoolAllocator@@UAEEXZ
-  - ?IsValid@IMemoryAllocator@@UAEEXZ
-  - ?IsWorkerThread@CWorkerThreadPool@@QAEEK@Z
-  - ?IsWorkerThread@CWorkerThreadPoolEx@@QAEEK@Z
-  - ?JobFunction@CUserFuncAdapterJob@@MAEXXZ
-  - ?JobQueue@CWorkerThreadPool@@QAEAAVCWorkerThreadJobQueue@@XZ
-  - ?JobQueue@CWorkerThreadPoolEx@@QAEAAVCWorkerThreadJobQueue@@XZ
-  - ?Limit@CLockList@@QAEKXZ
-  - ?Limit@CNoLockList@@QAEKXZ
-  - ?MatchAllExtensions@CFileExtension@@QAEEXZ
-  - ?MatchNoExtensions@CFileExtension@@QAEEXZ
-  - ?MergeLeft@CMemoryPoolAllocator@@IAEPAXPAX@Z
-  - ?MergeRight@CMemoryPoolAllocator@@IAEPAXPAX@Z
-  - ?NeedDelete@CWorkerThreadJob@@QAEEXZ
-  - ?NeedDeleteWhenFinish@CWorkerThreadJob@@QAEXE@Z
-  - ?NewNode@CList@@UAEPAXXZ
-  - ?NewNode@CStrList@@EAEPAXXZ
-  - ?NewNodeVariant@CList@@IAEPAXK@Z
-  - ?Next@CList@@UBEPAXQAX@Z
-  - ?Next@CLockList@@UBEPAXQAX@Z
-  - ?Next@CNoLockList@@UBEPAXQAX@Z
-  - ?NextPool@CMemoryPoolAllocator@@QAEPAV1@XZ
-  - ?NotityTerminate@CWorkerThread@@QAEXXZ
-  - ?PostJobToWorkerThread@CWorkerThreadPool@@QAEJP6GXPAX@Z0E@Z
-  - ?PostJobToWorkerThread@CWorkerThreadPoolEx@@QAEJP6GXPAX@Z0E1@Z
-  - ?Pulse@CKEvent@@QAEJJE@Z
-  - ?QueueJob@CWorkerThreadJobQueue@@QAEEPAVCWorkerThreadJob@@@Z
-  - ?QueueJobItem@CWorkerThreadPool@@QAEJPAVCWorkerThreadJob@@@Z
-  - ?QueueJobItem@CWorkerThreadPoolEx@@QAEJPAVCWorkerThreadJob@@@Z
-  - ?RCMInstance@CWorkerThreadPool@@SGPAV1@XZ
-  - ?Read@CFile@@QAEJPADKPAK@Z
-  - ?ReadWIRP@CFile@@QAEJPADKPAK@Z
-  - ?ReferenceCount@CContext@@QAEAAKXZ
-  - ?Release@CLockEvent@@QAEXXZ
-  - ?Remove@CContextList@@UAEEQAX@Z
-  - ?Remove@CList@@UAEEQAX@Z
-  - ?Remove@CLockList@@UAEEQAX@Z
-  - ?Remove@CNoLockList@@UAEEQAX@Z
-  - ?RemoveHead@CList@@UAEPAXXZ
-  - ?RemoveHead@CLockList@@UAEPAXXZ
-  - ?RemoveHead@CNoLockList@@UAEPAXXZ
-  - ?RemoveTail@CList@@UAEPAXXZ
-  - ?RemoveTail@CLockList@@UAEPAXXZ
-  - ?RemoveTail@CNoLockList@@UAEPAXXZ
-  - ?Reset@CKEvent@@QAEXXZ
-  - ?ResetData@CInclusionExtConfig@@QAEXXZ
-  - ?ResetData@CInclusionFileNameConfig@@QAEXXZ
-  - ?ResetData@CInclusionFilePathConfig@@QAEXXZ
-  - ?ResetData@CInclusionFolderConfig@@QAEXXZ
-  - ?RestoreCR0@@YGXPAX@Z
-  - ?Run@CAutoUpdateConfigThread@@UAEXXZ
-  - ?Run@CDelayLoadThread@@UAEXXZ
-  - ?Run@CWorkerThread@@UAEXXZ
-  - ?SeekToEnd@CFile@@QAEJXZ
-  - ?Set@CKEvent@@QAEJJE@Z
-  - ?SetAttributes@CFile@@QAEJK@Z
-  - ?SetBlobCofig@CContext@@UAEJKPAXK@Z
-  - ?SetData@CBlobConfig@@QAEHPAXK@Z
-  - ?SetData@CModuleFileExtConfig@@QAEHPBG@Z
-  - ?SetData@CModuleFlagConfig@@QAEHK@Z
-  - ?SetData@CModuleMultiStringConfig@@QAEHPBGK@Z
-  - ?SetData@CModuleStringConfig@@QAEHPBG@Z
-  - ?SetEngineContext@CContext@@QAEXPAX@Z
-  - ?SetFileExtensionConfig@CContext@@UAEJKPBG@Z
-  - ?SetFlagConfig@CContext@@UAEJKK@Z
-  - ?SetLinkContext@CContext@@QAEXPAX@Z
-  - ?SetLogFlag@CDebugLog@@QAEEK@Z
-  - ?SetLogFlag@CDebugLogEx@@QAEEK@Z
-  - ?SetMatchAllExtensions@CFileExtension@@QAEXE@Z
-  - ?SetMatchNoExtensions@CFileExtension@@QAEXE@Z
-  - ?SetMultiStringConfig@CContext@@UAEJKPBG@Z
-  - ?SetNewJobItemEvent@CWorkerThreadJobQueue@@QAEXXZ
-  - ?SetPriority@CSystemThread@@QAEXK@Z
-  - ?SetStopUse@CContext@@QAEXXZ
-  - ?SetStringConfig@CContext@@UAEJKPBG@Z
-  - ?Setup@CSystemThread@@MAEXXZ
-  - ?StopUse@CContext@@QAEHXZ
-  - ?TearDown@CSystemThread@@MAEXXZ
-  - ?Terminate@CSystemThread@@QAEXE@Z
-  - ?Terminate@CWorkerThreadPool@@QAEEXZ
-  - ?Terminate@CWorkerThreadPoolEx@@QAEEXZ
-  - ?TmExceptionFilter@@YGJPAU_EXCEPTION_POINTERS@@@Z
-  - ?Wait@CKEvent@@QAEJPAT_LARGE_INTEGER@@E@Z
-  - ?WaitFinish@CWorkerThreadJob@@QAEXXZ
-  - ?WaitForInit@CDelayLoadThread@@QAEEXZ
-  - ?WaitForLoad@CDelayLoadThread@@QAEEXZ
-  - ?WaitNewJobAvailable@CWorkerThreadJobQueue@@QAEEXZ
-  - ?WaitQueueEmpty@CWorkerThreadJobQueue@@QAEXXZ
-  - ?Write@CDebugLog@@QAAXPBDZZ
-  - ?Write@CDebugLogEx@@QAAXPBDZZ
-  - ?Write@CFile@@QAEJPADKPAT_LARGE_INTEGER@@PAK@Z
-  - ?WriteDataToFile@CDebugLogEx@@IAEXPADK@Z
-  - ?WriteDataToProcMonW@CDebugLogEx@@IAEXPAD@Z
-  - ?WriteSystemInformation@CDebugLog@@QAEXXZ
-  - ?WriteSystemInformation@CDebugLogEx@@QAEXXZ
-  - ?WriteSystemStringInformation@CDebugLog@@IAEXPBG@Z
-  - ?WriteSystemStringInformation@CDebugLogEx@@IAEXPBG@Z
-  - ?WriteToFile@CDebugLog@@IAEXPADK@Z
-  - ?WriteToProcMonW@CDebugLogEx@@IAEXPAU_UNICODE_STRING@@@Z
-  - ?_pNonPagedAllocator@@3PAVCMemoryAllocator@@A
-  - ?_pPagedAllocator@@3PAVCMemoryAllocator@@A
-  - ?m_lpInstance@CWorkerThreadPool@@1PAV1@A
-  - ?m_lpRCMInstance@CWorkerThreadPool@@1PAV1@A
-  - _DeInitKm2UmCommunication@0
-  - _DeInitKmLPC@0
-  - _DuplicateFullFileName@4
-  - _FreeFullFileName@4
-  - _GetKm2UmMode@0
-  - _GetModuleInfoByAddress@8
-  - _GetModuleInfoByModuleName@8
-  - _InitKm2UmCommunication@8
-  - _InitKmLPC@0
-  - _IsVerifierCodeCheckFlagOn@0
-  - _IsWindows8_1_update@4
-  - _KmCallUm@8
-  - _KmCallUmByLPC@8
-  - _KmCallUmEx@12
-  - _KmCleanupCommPortAPIs@0
-  - _KmGetUmInitProcess@0
-  - _KmSetCommPortAPIs@4
-  - _ModGetExportProcAddress@8
-  - _ModLoadDLLToBuffer@4
-  - _ModLoadDLLToBufferWithImageSize@8
-  - _ModLoadModule@8
-  - _ModUnLoadModule@4
-  - _NormalizeFileName@4
-  - _NormalizeFullNtPathToDosName@4
-  - _TmCommConfigRoutine@4
-  - _UtilAddDeviceInDriveTable@4
-  - _UtilAddReparsePointMapping@8
-  - _UtilCleanFileReadOnly@4
-  - _UtilCloseExclusiveHandle@12
-  - _UtilCreateDosFileName@8
-  - _UtilDeleteFileForce@4
-  - _UtilGetDeviceObjectName@8
-  - _UtilGetFileNameFromFileObject@4
-  - _UtilGetFileObjectForProcessByEPROC@8
-  - _UtilGetFileObjectFromFileName@12
-  - _UtilGetProcessName@12
-  - _UtilGetSystemDirectory@4
-  - _UtilGetSystemDirectoryEx@0
-  - _UtilGetSystemDirectoryLength@0
-  - _UtilGetSystemTime@4
-  - _UtilIoSetFileInfo@24
-  - _UtilIopCreateFileIRP@40
-  - _UtilKeGetLowFileDevice@16
-  - _UtilModuleIATHook@24
-  - _UtilModuleIATUnHook@8
-  - _UtilPostJobToWorkerThread@12
-  - _UtilQueryExclusiveHandle@12
-  - _UtilQueryKeyValue@24
-  - _UtilRemoveDeviceFromDriveTable@4
-  - _UtilVolumeDeviceToDosName@8
-  - _UtilWaitValueChangeToZero@8
-  - _UtilWriteVersionToRegistry@8
-  - _UtilbuildDynamicDiskMappingTable@0
-  - _UtlWriteBinValueKeyToRegistry@16
-  - _ValidateAddressWithSize@20
-  - __ResetProtectFromClose@4
-  - __UtilDosPathNameToNtPathName@12
-  ImportedFunctions:
-  - wcsrchr
-  - KeSetEvent
-  - KePulseEvent
-  - KeClearEvent
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - ObfDereferenceObject
-  - ZwSetEvent
-  - ZwClose
-  - ZwConnectPort
-  - RtlInitUnicodeString
-  - RtlUnicodeStringToInteger
-  - ZwCreateSection
-  - ZwWaitForSingleObject
-  - ZwOpenEvent
-  - IoGetCurrentProcess
-  - ObfReferenceObject
-  - DbgBreakPoint
-  - ZwRequestWaitReplyPort
-  - ExFreePoolWithTag
-  - ProbeForWrite
-  - ZwFreeVirtualMemory
-  - ZwAllocateVirtualMemory
-  - ObOpenObjectByPointer
-  - PsProcessType
-  - memmove
-  - PsGetProcessExitTime
-  - MmSectionObjectType
-  - PsThreadType
-  - ObReleaseObjectSecurity
-  - SeReleaseSubjectContext
-  - SeAccessCheck
-  - SeCaptureSubjectContext
-  - ObGetObjectSecurity
-  - DbgPrint
-  - memset
-  - MmIsAddressValid
-  - ExInitializeResourceLite
-  - ExDeleteResourceLite
-  - ZwWriteFile
-  - ZwReadFile
-  - ZwQueryInformationFile
-  - ZwSetInformationFile
-  - ZwCreateFile
-  - swprintf
-  - towupper
-  - _wcsnicmp
-  - ExAllocatePoolWithTag
-  - KeInitializeEvent
-  - _snprintf
-  - PsGetCurrentProcessId
-  - RtlTimeToTimeFields
-  - ExSystemTimeToLocalTime
-  - KeQuerySystemTime
-  - PsGetCurrentThreadId
-  - RtlInitAnsiString
-  - ZwDeviceIoControlFile
-  - ZwCreateKey
-  - ZwCreateEvent
-  - KeWaitForMultipleObjects
-  - ObReferenceObjectByHandle
-  - ZwNotifyChangeKey
-  - _vsnprintf
-  - RtlFreeUnicodeString
-  - RtlAnsiStringToUnicodeString
-  - RtlEqualUnicodeString
-  - RtlAppendUnicodeStringToString
-  - RtlCopyUnicodeString
-  - RtlUpcaseUnicodeChar
-  - ExGetPreviousMode
-  - KeWaitForSingleObject
-  - KeSetPriorityThread
-  - PsTerminateSystemThread
-  - PsCreateSystemThread
-  - KeDelayExecutionThread
-  - KeNumberProcessors
-  - ZwQueryInformationProcess
-  - PsLookupProcessByProcessId
-  - ZwOpenDirectoryObject
-  - PsSetCreateProcessNotifyRoutine
-  - ZwQuerySystemInformation
-  - ZwQueryDirectoryFile
-  - ZwQueryDirectoryObject
-  - ZwOpenKey
-  - ZwEnumerateKey
-  - ZwEnumerateValueKey
-  - ZwQueryValueKey
-  - ZwDeleteValueKey
-  - ZwDeleteKey
-  - ZwTerminateProcess
-  - ZwOpenProcess
-  - ZwQueryKey
-  - ZwSetValueKey
-  - IoFileObjectType
-  - _allrem
-  - ZwQuerySecurityObject
-  - memcpy
-  - RtlLengthSecurityDescriptor
-  - MmHighestUserAddress
-  - IoFreeIrp
-  - IoFreeMdl
-  - _purecall
-  - IoBuildAsynchronousFsdRequest
-  - _strnicmp
-  - RtlQueryRegistryValues
-  - RtlAppendUnicodeToString
-  - mbstowcs
-  - ZwQuerySymbolicLinkObject
-  - ZwOpenSymbolicLinkObject
-  - NtClose
-  - ObQueryNameString
-  - MmGetSystemRoutineAddress
-  - ZwSetInformationObject
-  - _stricmp
-  - ZwUnmapViewOfSection
-  - ZwMapViewOfSection
-  - ZwOpenFile
-  - IoCreateFile
-  - IofCallDriver
-  - IoAllocateIrp
-  - MmBuildMdlForNonPagedPool
-  - IoAllocateMdl
-  - ProbeForRead
-  - PsGetVersion
-  - RtlImageNtHeader
-  - RtlCompareMemory
-  - RtlUpcaseUnicodeString
-  - _snwprintf
-  - MmSystemRangeStart
-  - wcsncmp
-  - strrchr
-  - ZwQueryVolumeInformationFile
-  - ObReferenceObjectByPointer
-  - IoBuildDeviceIoControlRequest
-  - ZwOpenSection
-  - _allmul
-  - KeReleaseSemaphore
-  - RtlLengthRequiredSid
-  - RtlInitializeSid
-  - RtlSubAuthoritySid
-  - RtlSetDaclSecurityDescriptor
-  - RtlCreateSecurityDescriptor
-  - RtlAddAccessAllowedAce
-  - RtlCreateAcl
-  - KeInitializeSemaphore
-  - IofCompleteRequest
-  - ExEventObjectType
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - IoCreateSymbolicLink
-  - IoGetDeviceObjectPointer
-  - RtlUpperChar
-  - ObReferenceObjectByName
-  - IoDriverObjectType
-  - RtlCompareUnicodeString
-  - strncpy
-  - KeServiceDescriptorTable
-  - NtOpenProcess
-  - ObOpenObjectByName
-  - NtQueryInformationProcess
-  - PsIsThreadTerminating
-  - KeAddSystemServiceTable
-  - ZwFsControlFile
-  - ObInsertObject
-  - IoReleaseVpbSpinLock
-  - IoAcquireVpbSpinLock
-  - SeCreateAccessState
-  - IoGetFileObjectGenericMapping
-  - ObCreateObject
-  - _allshr
-  - ExInterlockedPopEntrySList
-  - IoGetStackLimits
-  - IoBuildSynchronousFsdRequest
-  - wcsstr
-  - IoUnregisterPlugPlayNotification
-  - FsRtlIsNameInExpression
-  - IoGetConfigurationInformation
-  - MmProbeAndLockPages
-  - IoGetDeviceInterfaces
-  - IoRegisterPlugPlayNotification
-  - ExAllocatePool
-  - RtlFreeAnsiString
-  - RtlUnicodeStringToAnsiString
-  - strncat
-  - wcschr
-  - wcsncat
-  - wcstombs
-  - KeTickCount
-  - KeBugCheckEx
-  - RtlUnwind
-  - wcsncpy
-  - ExReleaseResourceLite
-  - ExAcquireResourceExclusiveLite
-  - ExAcquireResourceSharedLite
-  - ExReleaseFastMutexUnsafe
-  - KeLeaveCriticalRegion
-  - KeEnterCriticalRegion
-  - ZwSetSecurityObject
-  - ExAcquireFastMutexUnsafe
-  - IoDeviceObjectType
-  - IoCreateDevice
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetSaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - SeExports
-  - IoIsWdmVersionAvailable
-  - RtlLengthSid
-  - RtlAbsoluteToSelfRelativeSD
-  - MmUnlockPages
-  - KeGetCurrentThread
-  - KfAcquireSpinLock
-  - KfReleaseSpinLock
-  - KeRaiseIrqlToDpcLevel
-  - KfLowerIrql
-  - ExAcquireFastMutex
-  - ExReleaseFastMutex
-  - KeGetCurrentIrql
-  - KfRaiseIrql
-  - ClassInitialize
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=TW, ST=Taiwan, L=Taipei, O=Trend Micro, Inc., CN=Trend Micro, Inc.
-      ValidFrom: '2017-04-27 00:00:00'
-      ValidTo: '2018-07-16 23:59:59'
-      Signature: f3b20c020c826fd9e2629408ffc97c9e245959d1050c9ce7708069d366d26af191812e16fce674eaca0d8f05b2a796280831737299800d2bfe0071efecf655117b7952a4d7c0701b97de034a1d42e928fd1a2082b081f9d22e9d39af3233cf05c1e61ae1f8fbfec872e78d9a0b29b4f147f1a053d1757a824601df2bb07c75c591fe7efbaf0021764b90cd446f85f80d14bc2cd42c83edfa7d2510f8f94c82d1b3ea999b1cff9093291977c7e996dc32904d3934f167077684ff76aa5327654a0bd7223d9d67657b47c5b46012dca6723d89e7fa051b3380d0c4977b9df537e75da3186ab149b27c089715a01bd695f408f7ded66bfbe920d27a6f6a7d4cc8b3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 497c4fad471540e6e453d0cafb155740
-      Version: 3
-      TBS:
-        MD5: 78eaa337666217b1c16a9a0ebd0b8434
-        SHA1: ff9cb835e78f6185eed4372096c3bae53b17d18d
-        SHA256: 1c0d9746725e176b4a7c2852878f14d7587f58e65d346bc1247f1c8ee6374250
-        SHA384: ffe3c75b860679a5de399c7d2c2844dbfac51d5d8581e24648d208daba1e4bed5c867808e02dc8d7cb3df1d4b2b53d10
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 497c4fad471540e6e453d0cafb155740
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 5b33b237bab6e0b50320054616983177
-    SHA1: 754c63349a54279bb01f24974f9faf6da8294d27
-    SHA256: 001d9e469d2c4160f8fbff1c0aee013e72881cffb568910a2c1473a17bf858b2
-  Sections:
-    .text:
-      Entropy: 6.662649939393341
-      Virtual Size: '0x38f22'
-    .rdata:
-      Entropy: 4.963258624077191
-      Virtual Size: '0x248c'
-    .data:
-      Entropy: 3.9418695125202508
-      Virtual Size: '0x34e8'
-    PAGE:
-      Entropy: 6.28472017483133
-      Virtual Size: '0x13dd'
-    .edata:
-      Entropy: 5.824573239851714
-      Virtual Size: '0x55d9'
-    INIT:
-      Entropy: 5.686422415916716
-      Virtual Size: '0x1676'
-    .rsrc:
-      Entropy: 3.3664663839402515
-      Virtual Size: '0x568'
-    .reloc:
-      Entropy: 6.584816287075715
-      Virtual Size: '0x368a'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2017-10-16 04:19:20'
-  Imphash: 383be1d728b0be96be1b810a131705ee
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: TmComm.sys
-  MD5: 28d6b138adc174a86c0f6248d8a88275
-  SHA1: 8ac5703e67c3e6e0585cb8dbb86d196c5362f9bb
-  SHA256: 12eda8b65ed8c1d80464a0c535ea099dffdb4981c134294cb0fa424efc85ee56
-  Authentihash:
-    MD5: 53dc04de7603508de1788cc4cfcbf35f
-    SHA1: b9b4d64e4c97b88e7258994f542c0ac84e934554
-    SHA256: cf0855a8517be550b08a981bfacf90f245791cd70620868a241f1b1e2d8dfd89
-  Description: TrendMicro Common Module
-  Company: Trend Micro Inc.
-  InternalName: TmComm.sys
-  OriginalFilename: TmComm.sys
-  FileVersion: 6.70.0.1121
-  Product: Trend Micro Eyes
-  ProductVersion: '6.70'
-  Copyright: Copyright  (C)  2019 Trend Micro Incorporated. All rights reserved.
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions:
-  - ??0CAutoUpdateConfigThread@@QEAA@AEBV0@@Z
-  - ??0CAutoUpdateConfigThread@@QEAA@PEAU_UNICODE_STRING@@P6AX0PEAX@Z1@Z
-  - ??0CBlobConfig@@QEAA@AEBV0@@Z
-  - ??0CBlobConfig@@QEAA@K@Z
-  - ??0CContext@@QEAA@AEBV0@@Z
-  - ??0CContext@@QEAA@KP6AJPEAU_EVENT_REPORT@@PEAXPEAU_TMCE_REPORT@@PEAU_TMCE_FEEDBACK@@@Z1K@Z
-  - ??0CContextList@@QEAA@AEBV0@@Z
-  - ??0CContextList@@QEAA@KPEAVIMemoryAllocator@@@Z
-  - ??0CDebugLog@@QEAA@AEBV0@@Z
-  - ??0CDebugLog@@QEAA@PEBG@Z
-  - ??0CDebugLogEx@@QEAA@AEBV0@@Z
-  - ??0CDebugLogEx@@QEAA@K@Z
-  - ??0CDelayLoadThread@@QEAA@AEBV0@@Z
-  - ??0CDelayLoadThread@@QEAA@XZ
-  - ??0CExclusionExtConfig@@QEAA@AEBV0@@Z
-  - ??0CExclusionExtConfig@@QEAA@KKE@Z
-  - ??0CExclusionFileNameConfig@@QEAA@AEBV0@@Z
-  - ??0CExclusionFileNameConfig@@QEAA@KK@Z
-  - ??0CExclusionFilePathConfig@@QEAA@AEBV0@@Z
-  - ??0CExclusionFilePathConfig@@QEAA@KK@Z
-  - ??0CExclusionFolderConfig@@QEAA@AEBV0@@Z
-  - ??0CExclusionFolderConfig@@QEAA@KK@Z
-  - ??0CExclusionRegistryConfig@@QEAA@AEBV0@@Z
-  - ??0CExclusionRegistryConfig@@QEAA@KK@Z
-  - ??0CFile@@QEAA@AEBV0@@Z
-  - ??0CFile@@QEAA@E@Z
-  - ??0CFileExtension@@QEAA@AEBV0@@Z
-  - ??0CFileExtension@@QEAA@KEEPEAVIMemoryAllocator@@@Z
-  - ??0CInclusionExtConfig@@QEAA@AEBV0@@Z
-  - ??0CInclusionExtConfig@@QEAA@KKE@Z
-  - ??0CInclusionFileNameConfig@@QEAA@AEBV0@@Z
-  - ??0CInclusionFileNameConfig@@QEAA@KK@Z
-  - ??0CInclusionFilePathConfig@@QEAA@AEBV0@@Z
-  - ??0CInclusionFilePathConfig@@QEAA@KK@Z
-  - ??0CInclusionFolderConfig@@QEAA@AEBV0@@Z
-  - ??0CInclusionFolderConfig@@QEAA@KK@Z
-  - ??0CKEvent@@QEAA@AEBV0@@Z
-  - ??0CKEvent@@QEAA@W4_EVENT_TYPE@@E@Z
-  - ??0CList@@QEAA@AEBV0@@Z
-  - ??0CList@@QEAA@KPEAVIMemoryAllocator@@@Z
-  - ??0CLockEvent@@QEAA@AEBV0@@Z
-  - ??0CLockEvent@@QEAA@XZ
-  - ??0CLockList@@QEAA@AEBV0@@Z
-  - ??0CLockList@@QEAA@KKPEAVIMemoryAllocator@@@Z
-  - ??0CMemoryAllocator@@IEAA@W4_POOL_TYPE@@K@Z
-  - ??0CMemoryAllocator@@QEAA@AEBV0@@Z
-  - ??0CMemoryPoolAllocator@@IEAA@W4_POOL_TYPE@@_K1K@Z
-  - ??0CMemoryPoolAllocator@@QEAA@AEBV0@@Z
-  - ??0CModuleConfig@@QEAA@AEBV0@@Z
-  - ??0CModuleConfig@@QEAA@XZ
-  - ??0CModuleConfigList@@QEAA@AEBV0@@Z
-  - ??0CModuleConfigList@@QEAA@KPEAVIMemoryAllocator@@@Z
-  - ??0CModuleFileExtConfig@@QEAA@AEBV0@@Z
-  - ??0CModuleFileExtConfig@@QEAA@KKE@Z
-  - ??0CModuleFlagConfig@@QEAA@AEBV0@@Z
-  - ??0CModuleFlagConfig@@QEAA@K@Z
-  - ??0CModuleMultiStringConfig@@QEAA@AEBV0@@Z
-  - ??0CModuleMultiStringConfig@@QEAA@KK@Z
-  - ??0CModuleStringConfig@@QEAA@AEBV0@@Z
-  - ??0CModuleStringConfig@@QEAA@K@Z
-  - ??0CNoLockList@@QEAA@AEBV0@@Z
-  - ??0CNoLockList@@QEAA@KKPEAVIMemoryAllocator@@@Z
-  - ??0CSmartLock@@QEAA@AEAVCLockEvent@@@Z
-  - ??0CSmartLock@@QEAA@XZ
-  - ??0CSmartReference@@QEAA@AEAJ@Z
-  - ??0CSmartReference@@QEAA@AEAK@Z
-  - ??0CSmartResource@@QEAA@AEAVCResource@@E@Z
-  - ??0CStrList@@QEAA@AEBV0@@Z
-  - ??0CStrList@@QEAA@KPEAVIMemoryAllocator@@@Z
-  - ??0CSystemThread@@QEAA@AEBV0@@Z
-  - ??0CSystemThread@@QEAA@K@Z
-  - ??0CUserFuncAdapterJob@@QEAA@AEBV0@@Z
-  - ??0CUserFuncAdapterJob@@QEAA@P6AXPEAX@Z01@Z
-  - ??0CWorkerThread@@IEAA@PEAVCWorkerThreadJobQueue@@@Z
-  - ??0CWorkerThread@@QEAA@AEBV0@@Z
-  - ??0CWorkerThreadJob@@QEAA@AEBV0@@Z
-  - ??0CWorkerThreadJob@@QEAA@E@Z
-  - ??0CWorkerThreadJobQueue@@QEAA@AEBV0@@Z
-  - ??0CWorkerThreadJobQueue@@QEAA@K@Z
-  - ??0CWorkerThreadPool@@QEAA@AEBV0@@Z
-  - ??0CWorkerThreadPool@@QEAA@K@Z
-  - ??0CWorkerThreadPoolEx@@QEAA@AEBV0@@Z
-  - ??0CWorkerThreadPoolEx@@QEAA@KK@Z
-  - ??0IMemoryAllocator@@QEAA@AEBV0@@Z
-  - ??0IMemoryAllocator@@QEAA@XZ
-  - ??1CAutoUpdateConfigThread@@UEAA@XZ
-  - ??1CBlobConfig@@UEAA@XZ
-  - ??1CContext@@UEAA@XZ
-  - ??1CContextList@@UEAA@XZ
-  - ??1CDebugLog@@UEAA@XZ
-  - ??1CDebugLogEx@@UEAA@XZ
-  - ??1CDelayLoadThread@@UEAA@XZ
-  - ??1CExclusionExtConfig@@UEAA@XZ
-  - ??1CExclusionFileNameConfig@@UEAA@XZ
-  - ??1CExclusionFilePathConfig@@UEAA@XZ
-  - ??1CExclusionFolderConfig@@UEAA@XZ
-  - ??1CExclusionRegistryConfig@@UEAA@XZ
-  - ??1CFile@@UEAA@XZ
-  - ??1CFileExtension@@UEAA@XZ
-  - ??1CInclusionExtConfig@@UEAA@XZ
-  - ??1CInclusionFileNameConfig@@UEAA@XZ
-  - ??1CInclusionFilePathConfig@@UEAA@XZ
-  - ??1CInclusionFolderConfig@@UEAA@XZ
-  - ??1CKEvent@@UEAA@XZ
-  - ??1CList@@UEAA@XZ
-  - ??1CLockEvent@@UEAA@XZ
-  - ??1CLockList@@UEAA@XZ
-  - ??1CMemoryAllocator@@UEAA@XZ
-  - ??1CMemoryPoolAllocator@@UEAA@XZ
-  - ??1CModuleConfig@@UEAA@XZ
-  - ??1CModuleConfigList@@UEAA@XZ
-  - ??1CModuleFileExtConfig@@UEAA@XZ
-  - ??1CModuleFlagConfig@@UEAA@XZ
-  - ??1CModuleMultiStringConfig@@UEAA@XZ
-  - ??1CModuleStringConfig@@UEAA@XZ
-  - ??1CNoLockList@@UEAA@XZ
-  - ??1CSmartLock@@QEAA@XZ
-  - ??1CSmartReference@@QEAA@XZ
-  - ??1CSmartResource@@QEAA@XZ
-  - ??1CStrList@@UEAA@XZ
-  - ??1CSystemThread@@UEAA@XZ
-  - ??1CUserFuncAdapterJob@@UEAA@XZ
-  - ??1CWorkerThread@@UEAA@XZ
-  - ??1CWorkerThreadJob@@UEAA@XZ
-  - ??1CWorkerThreadJobQueue@@UEAA@XZ
-  - ??1CWorkerThreadPool@@UEAA@XZ
-  - ??1CWorkerThreadPoolEx@@UEAA@XZ
-  - ??1IMemoryAllocator@@UEAA@XZ
-  - ??2@YAPEAX_KPEAVIMemoryAllocator@@PEBDK@Z
-  - ??2CMemoryAllocator@@SAPEAX_K@Z
-  - ??2CMemoryPoolAllocator@@SAPEAX_K@Z
-  - ??3@YAXPEAX@Z
-  - ??3IMemoryAllocator@@SAXPEAX@Z
-  - ??4CAutoUpdateConfigThread@@QEAAAEAV0@AEBV0@@Z
-  - ??4CBlobConfig@@QEAAAEAV0@AEBV0@@Z
-  - ??4CContext@@QEAAAEAV0@AEBV0@@Z
-  - ??4CDebugLog@@QEAAAEAV0@AEBV0@@Z
-  - ??4CDebugLogEx@@QEAAAEAV0@AEBV0@@Z
-  - ??4CDelayLoadThread@@QEAAAEAV0@AEBV0@@Z
-  - ??4CFile@@QEAAAEAV0@AEBV0@@Z
-  - ??4CKEvent@@QEAAAEAV0@AEBV0@@Z
-  - ??4CLockEvent@@QEAAAEAV0@AEBV0@@Z
-  - ??4CMemoryAllocator@@QEAAAEAV0@AEBV0@@Z
-  - ??4CMemoryPoolAllocator@@QEAAAEAV0@AEBV0@@Z
-  - ??4CModuleConfig@@QEAAAEAV0@AEBV0@@Z
-  - ??4CModuleFlagConfig@@QEAAAEAV0@AEBV0@@Z
-  - ??4CModuleStringConfig@@QEAAAEAV0@AEBV0@@Z
-  - ??4CSmartLock@@QEAAAEAV0@AEBV0@@Z
-  - ??4CSmartLock@@QEAAAEBV0@AEAVCLockEvent@@@Z
-  - ??4CSmartResource@@QEAAAEAV0@AEBV0@@Z
-  - ??4CSystemThread@@QEAAAEAV0@AEBV0@@Z
-  - ??4CUserFuncAdapterJob@@QEAAAEAV0@AEBV0@@Z
-  - ??4CWorkerThread@@QEAAAEAV0@AEBV0@@Z
-  - ??4CWorkerThreadJob@@QEAAAEAV0@AEBV0@@Z
-  - ??4IMemoryAllocator@@QEAAAEAV0@AEBV0@@Z
-  - ??_7CAutoUpdateConfigThread@@6B@
-  - ??_7CBlobConfig@@6B@
-  - ??_7CContext@@6B@
-  - ??_7CContextList@@6B@
-  - ??_7CDebugLog@@6B@
-  - ??_7CDebugLogEx@@6B@
-  - ??_7CDelayLoadThread@@6B@
-  - ??_7CExclusionExtConfig@@6B@
-  - ??_7CExclusionFileNameConfig@@6B@
-  - ??_7CExclusionFilePathConfig@@6B@
-  - ??_7CExclusionFolderConfig@@6B@
-  - ??_7CExclusionRegistryConfig@@6B@
-  - ??_7CFile@@6B@
-  - ??_7CFileExtension@@6B@
-  - ??_7CInclusionExtConfig@@6B@
-  - ??_7CInclusionFileNameConfig@@6B@
-  - ??_7CInclusionFilePathConfig@@6B@
-  - ??_7CInclusionFolderConfig@@6B@
-  - ??_7CKEvent@@6B@
-  - ??_7CList@@6B@
-  - ??_7CLockEvent@@6B@
-  - ??_7CLockList@@6B@
-  - ??_7CMemoryAllocator@@6B@
-  - ??_7CMemoryPoolAllocator@@6B@
-  - ??_7CModuleConfig@@6B@
-  - ??_7CModuleConfigList@@6B@
-  - ??_7CModuleFileExtConfig@@6B@
-  - ??_7CModuleFlagConfig@@6B@
-  - ??_7CModuleMultiStringConfig@@6B@
-  - ??_7CModuleStringConfig@@6B@
-  - ??_7CNoLockList@@6B@
-  - ??_7CStrList@@6B@
-  - ??_7CSystemThread@@6B@
-  - ??_7CUserFuncAdapterJob@@6B@
-  - ??_7CWorkerThread@@6B@
-  - ??_7CWorkerThreadJob@@6B@
-  - ??_7CWorkerThreadJobQueue@@6B@
-  - ??_7CWorkerThreadPool@@6B@
-  - ??_7CWorkerThreadPoolEx@@6B@
-  - ??_7IMemoryAllocator@@6B@
-  - ??_FCContextList@@QEAAXXZ
-  - ??_FCFile@@QEAAXXZ
-  - ??_FCFileExtension@@QEAAXXZ
-  - ??_FCModuleConfigList@@QEAAXXZ
-  - ??_FCStrList@@QEAAXXZ
-  - ??_FCSystemThread@@QEAAXXZ
-  - ??_FCWorkerThread@@QEAAXXZ
-  - ??_FCWorkerThreadJob@@QEAAXXZ
-  - ??_FCWorkerThreadJobQueue@@QEAAXXZ
-  - ??_U@YAPEAX_KPEAVIMemoryAllocator@@PEBDK@Z
-  - ??_V@YAXPEAX@Z
-  - ?Acquire@CLockEvent@@QEAAXXZ
-  - ?Add@CContextList@@QEAAEPEAVCContext@@@Z
-  - ?Add@CFileExtension@@QEAAEPEBGK@Z
-  - ?Add@CModuleConfigList@@QEAAEPEAVCModuleConfig@@@Z
-  - ?Add@CStrList@@QEAAEPEBG@Z
-  - ?AddNode@CLockList@@UEAAEQEAXE@Z
-  - ?AddNode@CNoLockList@@UEAAEQEAXE@Z
-  - ?Alloc@CMemoryAllocator@@UEAAPEAX_KPEBDK@Z
-  - ?Alloc@CMemoryPoolAllocator@@UEAAPEAX_KPEBDK@Z
-  - ?AllocBlock@CMemoryPoolAllocator@@IEAAPEAX_K@Z
-  - ?AttachJobQueue@CWorkerThread@@QEAAXPEAVCWorkerThreadJobQueue@@@Z
-  - ?Cancel@CWorkerThreadJob@@QEAAXXZ
-  - ?CheckNode@CLockList@@UEAAHQEAX@Z
-  - ?CheckNode@CNoLockList@@UEAAHQEAX@Z
-  - ?CleanQueue@CWorkerThreadJobQueue@@QEAAXXZ
-  - ?Cleanup@CBlobConfig@@AEAAXXZ
-  - ?Cleanup@CModuleFileExtConfig@@IEAAXXZ
-  - ?Cleanup@CModuleMultiStringConfig@@IEAAXXZ
-  - ?Cleanup@CModuleStringConfig@@AEAAXXZ
-  - ?Close@CFile@@QEAAJXZ
-  - ?Count@CLockList@@QEAAKXZ
-  - ?Count@CNoLockList@@QEAAKXZ
-  - ?Create@CFile@@QEAAJPEBGKKKK@Z
-  - ?Create@CSystemThread@@QEAAEXZ
-  - ?CreateInstance@CMemoryAllocator@@SAPEAV1@W4_POOL_TYPE@@K@Z
-  - ?CreateInstance@CMemoryPoolAllocator@@SAPEAV1@W4_POOL_TYPE@@_K1K@Z
-  - ?CreatePool@CWorkerThreadPool@@QEAAEXZ
-  - ?CreatePool@CWorkerThreadPoolEx@@QEAAEXZ
-  - ?CreateThreads@CWorkerThreadPool@@QEAAEK@Z
-  - ?CreateThreads@CWorkerThreadPoolEx@@QEAAEK@Z
-  - ?CreateWIRP@CFile@@QEAAJPEBGKKKK@Z
-  - ?Delete@CFile@@QEAAJXZ
-  - ?Delete@CFileExtension@@QEAAEPEBGK@Z
-  - ?Delete@CStrList@@QEAAEPEBG@Z
-  - ?DeleteAll@CList@@UEAAXXZ
-  - ?DeleteAll@CLockList@@UEAAXXZ
-  - ?DeleteAll@CNoLockList@@UEAAXXZ
-  - ?DeleteNode@CContextList@@MEAAXPEAX@Z
-  - ?DeleteNode@CList@@UEAAXPEAX@Z
-  - ?DeleteNode@CModuleConfigList@@MEAAXPEAX@Z
-  - ?DeleteNode@CStrList@@EEAAXPEAU_STR_LIST_NODE@1@@Z
-  - ?DisableWriteProtectFromCR0@@YAXPEAPEAX@Z
-  - ?DoIt@CWorkerThreadJob@@QEAAJXZ
-  - ?EntryPoint@CSystemThread@@KAXPEAX@Z
-  - ?Find@CContextList@@QEAAPEAVCContext@@K@Z
-  - ?Find@CContextList@@QEAAPEAVCContext@@PEAX@Z
-  - ?Find@CFileExtension@@QEAAPEAU_STR_LIST_NODE@CStrList@@PEBGK@Z
-  - ?Find@CModuleConfigList@@QEAAPEAVCModuleConfig@@K@Z
-  - ?Find@CStrList@@QEAAPEAU_STR_LIST_NODE@1@PEBG@Z
-  - ?FindNode@CContextList@@IEAAPEAXPEAX@Z
-  - ?FindPartiallyAndAllMatch@CStrList@@QEAAPEAU_STR_LIST_NODE@1@PEBG@Z
-  - ?FinishFunction@CUserFuncAdapterJob@@MEAAXXZ
-  - ?FinishIt@CWorkerThreadJob@@QEAAJXZ
-  - ?First@CList@@UEAAPEAXXZ
-  - ?First@CLockList@@UEAAPEAXXZ
-  - ?First@CNoLockList@@UEAAPEAXXZ
-  - ?Free@CMemoryAllocator@@UEAAXPEAX@Z
-  - ?Free@CMemoryPoolAllocator@@UEAAXPEAX@Z
-  - ?GetAttributes@CFile@@QEAAKXZ
-  - ?GetBasicInfomration@CFile@@IEAAJXZ
-  - ?GetBlobCofig@CContext@@UEAAJKPEAXPEAK@Z
-  - ?GetCategory@CContext@@QEAAKXZ
-  - ?GetData@CBlobConfig@@QEAAHPEAXPEAK@Z
-  - ?GetData@CModuleFileExtConfig@@QEAAHPEAGPEAK@Z
-  - ?GetData@CModuleFileExtConfig@@QEAAPEAVCFileExtension@@XZ
-  - ?GetData@CModuleFlagConfig@@QEAAKXZ
-  - ?GetData@CModuleMultiStringConfig@@QEAAHPEAGPEAK@Z
-  - ?GetData@CModuleMultiStringConfig@@QEAAPEAVCStrList@@XZ
-  - ?GetData@CModuleStringConfig@@QEAAPEAGXZ
-  - ?GetData@CStrList@@QEAAEPEAGPEAK@Z
-  - ?GetDataType@CModuleConfig@@QEAAKXZ
-  - ?GetEngineContext@CContext@@QEAAPEAXXZ
-  - ?GetFileExtensionConfig@CContext@@QEAAPEAVCFileExtension@@K@Z
-  - ?GetFileExtensionConfig@CContext@@UEAAJKPEAGPEAK@Z
-  - ?GetFileSize@CFile@@QEAAJPEAT_LARGE_INTEGER@@@Z
-  - ?GetFileSizeWIRP@CFile@@QEAAJPEAT_LARGE_INTEGER@@@Z
-  - ?GetFlagConfig@CContext@@UEAAJKPEAK@Z
-  - ?GetID@CModuleConfig@@QEAAKXZ
-  - ?GetJob@CWorkerThreadJobQueue@@QEAAPEAVCWorkerThreadJob@@XZ
-  - ?GetLength@CModuleStringConfig@@QEAAKXZ
-  - ?GetLinkContext@CContext@@QEAAPEAXXZ
-  - ?GetLogFlag@CDebugLog@@QEAAKXZ
-  - ?GetLogFlag@CDebugLogEx@@QEAAKXZ
-  - ?GetModuleId@CModuleConfig@@QEAAKXZ
-  - ?GetMultiStringConfig@CContext@@QEAAPEAVCStrList@@K@Z
-  - ?GetMultiStringConfig@CContext@@UEAAJKPEAGPEAK@Z
-  - ?GetOneThreadTEB@CWorkerThreadPool@@QEAAPEAU_ETHREAD@@XZ
-  - ?GetOneThreadTEB@CWorkerThreadPool@@QEAAPEAU_KTHREAD@@XZ
-  - ?GetOneThreadTEB@CWorkerThreadPoolEx@@QEAAPEAU_ETHREAD@@XZ
-  - ?GetOneThreadTEB@CWorkerThreadPoolEx@@QEAAPEAU_KTHREAD@@XZ
-  - ?GetReportCallBackRoutine@CContext@@QEAA_KXZ
-  - ?GetSize@CBlobConfig@@QEAAKXZ
-  - ?GetStringConfig@CContext@@QEAAPEAGK@Z
-  - ?GetStringConfig@CContext@@UEAAJKPEAGPEAK@Z
-  - ?GetThreadCount@CWorkerThreadPool@@QEAAKXZ
-  - ?GetThreadCount@CWorkerThreadPoolEx@@QEAAKXZ
-  - ?GetThreadID@CSystemThread@@QEAA_KXZ
-  - ?GetType@CContext@@QEAAKXZ
-  - ?GetUserParameter@CContext@@QEAA_KXZ
-  - ?InitProcMon@CDebugLogEx@@IEAAXXZ
-  - ?InitializeBlobConfig@CContext@@QEAAHKPEAXK@Z
-  - ?InitializeFileExtensionConfig@CContext@@QEAAHKPEBG@Z
-  - ?InitializeFlagConfig@CContext@@QEAAHKK@Z
-  - ?InitializeMultiStringConfig@CContext@@QEAAHKPEBG@Z
-  - ?InitializeStringConfig@CContext@@QEAAHKPEBG@Z
-  - ?Insert@CList@@UEAAXQEAXE@Z
-  - ?Insert@CLockList@@UEAAXQEAXE@Z
-  - ?Insert@CNoLockList@@UEAAXQEAXE@Z
-  - ?InsertAfter@CList@@UEAAXPEAX0@Z
-  - ?InsertBefore@CList@@UEAAXPEAX0@Z
-  - ?Instance@CWorkerThreadPool@@SAPEAV1@XZ
-  - ?IsEmpty@CList@@UEAAEXZ
-  - ?IsEmpty@CLockList@@UEAAEXZ
-  - ?IsEmpty@CNoLockList@@UEAAEXZ
-  - ?IsExceedLimitation@CMemoryPoolAllocator@@IEAAEK@Z
-  - ?IsFull@CLockList@@QEBAEXZ
-  - ?IsFull@CNoLockList@@QEBAEXZ
-  - ?IsInExclusionList@CExclusionExtConfig@@QEAAEPEBG@Z
-  - ?IsInExclusionList@CExclusionFileNameConfig@@QEAAEPEBG@Z
-  - ?IsInExclusionList@CExclusionFilePathConfig@@QEAAEPEBG@Z
-  - ?IsInExclusionList@CExclusionFolderConfig@@QEAAEPEBG@Z
-  - ?IsInExclusionList@CExclusionRegistryConfig@@QEAAEPEBG@Z
-  - ?IsInInclusionList@CInclusionExtConfig@@QEAAEPEBG@Z
-  - ?IsInInclusionList@CInclusionFileNameConfig@@QEAAEPEBG@Z
-  - ?IsInInclusionList@CInclusionFilePathConfig@@QEAAEPEBG@Z
-  - ?IsInInclusionList@CInclusionFolderConfig@@QEAAEPEBG@Z
-  - ?IsOpened@CFile@@QEAAEXZ
-  - ?IsTerminated@CWorkerThreadPool@@QEAAEXZ
-  - ?IsTerminated@CWorkerThreadPoolEx@@QEAAEXZ
-  - ?IsValid@CMemoryAllocator@@UEAAEXZ
-  - ?IsValid@CMemoryPoolAllocator@@UEAAEXZ
-  - ?IsValid@IMemoryAllocator@@UEAAEXZ
-  - ?IsWorkerThread@CWorkerThreadPool@@QEAAE_K@Z
-  - ?IsWorkerThread@CWorkerThreadPoolEx@@QEAAE_K@Z
-  - ?JobFunction@CUserFuncAdapterJob@@MEAAXXZ
-  - ?JobQueue@CWorkerThreadPool@@QEAAAEAVCWorkerThreadJobQueue@@XZ
-  - ?JobQueue@CWorkerThreadPoolEx@@QEAAAEAVCWorkerThreadJobQueue@@XZ
-  - ?Limit@CLockList@@QEAAKXZ
-  - ?Limit@CNoLockList@@QEAAKXZ
-  - ?MatchAllExtensions@CFileExtension@@QEAAEXZ
-  - ?MatchNoExtensions@CFileExtension@@QEAAEXZ
-  - ?MergeLeft@CMemoryPoolAllocator@@IEAAPEAXPEAX@Z
-  - ?MergeRight@CMemoryPoolAllocator@@IEAAPEAXPEAX@Z
-  - ?NeedDelete@CWorkerThreadJob@@QEAAEXZ
-  - ?NeedDeleteWhenFinish@CWorkerThreadJob@@QEAAXE@Z
-  - ?NewNode@CList@@UEAAPEAXXZ
-  - ?NewNode@CStrList@@EEAAPEAXXZ
-  - ?NewNodeVariant@CList@@IEAAPEAXK@Z
-  - ?Next@CList@@UEBAPEAXQEAX@Z
-  - ?Next@CLockList@@UEBAPEAXQEAX@Z
-  - ?Next@CNoLockList@@UEBAPEAXQEAX@Z
-  - ?NextPool@CMemoryPoolAllocator@@QEAAPEAV1@XZ
-  - ?NotityTerminate@CWorkerThread@@QEAAXXZ
-  - ?PostJobToWorkerThread@CWorkerThreadPool@@QEAAJP6AXPEAX@Z0E@Z
-  - ?PostJobToWorkerThread@CWorkerThreadPoolEx@@QEAAJP6AXPEAX@Z0E1@Z
-  - ?Pulse@CKEvent@@QEAAJJE@Z
-  - ?QueueJob@CWorkerThreadJobQueue@@QEAAEPEAVCWorkerThreadJob@@@Z
-  - ?QueueJobItem@CWorkerThreadPool@@QEAAJPEAVCWorkerThreadJob@@@Z
-  - ?QueueJobItem@CWorkerThreadPoolEx@@QEAAJPEAVCWorkerThreadJob@@@Z
-  - ?RCMInstance@CWorkerThreadPool@@SAPEAV1@XZ
-  - ?Read@CFile@@QEAAJPEADKPEAK@Z
-  - ?ReadWIRP@CFile@@QEAAJPEADKPEAK@Z
-  - ?ReferenceCount@CContext@@QEAAAEAKXZ
-  - ?Release@CLockEvent@@QEAAXXZ
-  - ?Remove@CContextList@@UEAAEQEAX@Z
-  - ?Remove@CList@@UEAAEQEAX@Z
-  - ?Remove@CLockList@@UEAAEQEAX@Z
-  - ?Remove@CNoLockList@@UEAAEQEAX@Z
-  - ?RemoveHead@CList@@UEAAPEAXXZ
-  - ?RemoveHead@CLockList@@UEAAPEAXXZ
-  - ?RemoveHead@CNoLockList@@UEAAPEAXXZ
-  - ?RemoveTail@CList@@UEAAPEAXXZ
-  - ?RemoveTail@CLockList@@UEAAPEAXXZ
-  - ?RemoveTail@CNoLockList@@UEAAPEAXXZ
-  - ?Reset@CKEvent@@QEAAXXZ
-  - ?ResetData@CInclusionExtConfig@@QEAAXXZ
-  - ?ResetData@CInclusionFileNameConfig@@QEAAXXZ
-  - ?ResetData@CInclusionFilePathConfig@@QEAAXXZ
-  - ?ResetData@CInclusionFolderConfig@@QEAAXXZ
-  - ?RestoreCR0@@YAXPEAX@Z
-  - ?Run@CAutoUpdateConfigThread@@UEAAXXZ
-  - ?Run@CDelayLoadThread@@UEAAXXZ
-  - ?Run@CWorkerThread@@UEAAXXZ
-  - ?SeekToEnd@CFile@@QEAAJXZ
-  - ?Set@CKEvent@@QEAAJJE@Z
-  - ?SetAttributes@CFile@@QEAAJK@Z
-  - ?SetBlobCofig@CContext@@UEAAJKPEAXK@Z
-  - ?SetData@CBlobConfig@@QEAAHPEAXK@Z
-  - ?SetData@CModuleFileExtConfig@@QEAAHPEBG@Z
-  - ?SetData@CModuleFlagConfig@@QEAAHK@Z
-  - ?SetData@CModuleMultiStringConfig@@QEAAHPEBGK@Z
-  - ?SetData@CModuleStringConfig@@QEAAHPEBG@Z
-  - ?SetEngineContext@CContext@@QEAAXPEAX@Z
-  - ?SetFileExtensionConfig@CContext@@UEAAJKPEBG@Z
-  - ?SetFlagConfig@CContext@@UEAAJKK@Z
-  - ?SetLinkContext@CContext@@QEAAXPEAX@Z
-  - ?SetLogFlag@CDebugLog@@QEAAEK@Z
-  - ?SetLogFlag@CDebugLogEx@@QEAAEK@Z
-  - ?SetMatchAllExtensions@CFileExtension@@QEAAXE@Z
-  - ?SetMatchNoExtensions@CFileExtension@@QEAAXE@Z
-  - ?SetMultiStringConfig@CContext@@UEAAJKPEBG@Z
-  - ?SetNewJobItemEvent@CWorkerThreadJobQueue@@QEAAXXZ
-  - ?SetPriority@CSystemThread@@QEAAXK@Z
-  - ?SetStopUse@CContext@@QEAAXXZ
-  - ?SetStringConfig@CContext@@UEAAJKPEBG@Z
-  - ?Setup@CSystemThread@@MEAAXXZ
-  - ?StopUse@CContext@@QEAAHXZ
-  - ?TearDown@CSystemThread@@MEAAXXZ
-  - ?Terminate@CSystemThread@@QEAAXE@Z
-  - ?Terminate@CWorkerThreadPool@@QEAAEXZ
-  - ?Terminate@CWorkerThreadPoolEx@@QEAAEXZ
-  - ?TmExceptionFilter@@YAJPEAU_EXCEPTION_POINTERS@@@Z
-  - ?Wait@CKEvent@@QEAAJPEAT_LARGE_INTEGER@@E@Z
-  - ?WaitFinish@CWorkerThreadJob@@QEAAXXZ
-  - ?WaitForInit@CDelayLoadThread@@QEAAEXZ
-  - ?WaitForLoad@CDelayLoadThread@@QEAAEXZ
-  - ?WaitNewJobAvailable@CWorkerThreadJobQueue@@QEAAEXZ
-  - ?WaitQueueEmpty@CWorkerThreadJobQueue@@QEAAXXZ
-  - ?Write@CDebugLog@@QEAAXPEBDZZ
-  - ?Write@CDebugLogEx@@QEAAXPEBDZZ
-  - ?Write@CFile@@QEAAJPEADKPEAT_LARGE_INTEGER@@PEAK@Z
-  - ?WriteDataToFile@CDebugLogEx@@IEAAXPEADK@Z
-  - ?WriteDataToProcMonW@CDebugLogEx@@IEAAXPEAD@Z
-  - ?WriteSystemInformation@CDebugLog@@QEAAXXZ
-  - ?WriteSystemInformation@CDebugLogEx@@QEAAXXZ
-  - ?WriteSystemStringInformation@CDebugLog@@IEAAXPEBG@Z
-  - ?WriteSystemStringInformation@CDebugLogEx@@IEAAXPEBG@Z
-  - ?WriteToFile@CDebugLog@@IEAAXPEADK@Z
-  - ?WriteToProcMonW@CDebugLogEx@@IEAAXPEAU_UNICODE_STRING@@@Z
-  - ?_pNonPagedAllocator@@3PEAVCMemoryAllocator@@EA
-  - ?_pPagedAllocator@@3PEAVCMemoryAllocator@@EA
-  - ?m_lpInstance@CWorkerThreadPool@@1PEAV1@EA
-  - ?m_lpRCMInstance@CWorkerThreadPool@@1PEAV1@EA
-  - DeInitKm2UmCommunication
-  - DeInitKmLPC
-  - DuplicateFullFileName
-  - FreeFullFileName
-  - GetKm2UmMode
-  - GetModuleInfoByAddress
-  - GetModuleInfoByModuleName
-  - InitKm2UmCommunication
-  - InitKmLPC
-  - IsVerifierCodeCheckFlagOn
-  - IsWindows8_1_update
-  - KmCallUm
-  - KmCallUmByLPC
-  - KmCallUmEx
-  - KmCleanupCommPortAPIs
-  - KmGetUmInitProcess
-  - KmSetCommPortAPIs
-  - ModGetExportProcAddress
-  - ModLoadDLLToBuffer
-  - ModLoadDLLToBufferWithImageSize
-  - ModLoadModule
-  - ModUnLoadModule
-  - NormalizeFileName
-  - NormalizeFullNtPathToDosName
-  - TmCommConfigRoutine
-  - UtilAddDeviceInDriveTable
-  - UtilAddReparsePointMapping
-  - UtilCleanFileReadOnly
-  - UtilCloseExclusiveHandle
-  - UtilCreateDosFileName
-  - UtilDeleteFileForce
-  - UtilGetDeviceObjectName
-  - UtilGetFileNameFromFileObject
-  - UtilGetFileObjectForProcessByEPROC
-  - UtilGetFileObjectFromFileName
-  - UtilGetProcessName
-  - UtilGetSystemDirectory
-  - UtilGetSystemDirectoryEx
-  - UtilGetSystemDirectoryLength
-  - UtilGetSystemTime
-  - UtilIoSetFileInfo
-  - UtilIopCreateFileIRP
-  - UtilKeGetLowFileDevice
-  - UtilModuleIATHook
-  - UtilModuleIATUnHook
-  - UtilPostJobToWorkerThread
-  - UtilQueryExclusiveHandle
-  - UtilQueryKeyValue
-  - UtilRemoveDeviceFromDriveTable
-  - UtilVolumeDeviceToDosName
-  - UtilWaitValueChangeToZero
-  - UtilWriteVersionToRegistry
-  - UtilbuildDynamicDiskMappingTable
-  - UtlWriteBinValueKeyToRegistry
-  - ValidateAddressWithSize
-  - _ResetProtectFromClose
-  - _UtilDosPathNameToNtPathName
-  ImportedFunctions:
-  - KeLeaveCriticalRegion
-  - wcsncpy
-  - KeEnterCriticalRegion
-  - ExAcquireFastMutexUnsafe
-  - wcsrchr
-  - ExAcquireResourceSharedLite
-  - ExReleaseResourceLite
-  - _purecall
-  - ZwOpenEvent
-  - ZwConnectPort
-  - KeClearEvent
-  - PsProcessType
-  - ExFreePoolWithTag
-  - RtlInitUnicodeString
-  - KeSetEvent
-  - ProbeForWrite
-  - KeUnstackDetachProcess
-  - ZwRequestWaitReplyPort
-  - ZwWaitForSingleObject
-  - DbgBreakPoint
-  - ZwSetEvent
-  - IoGetCurrentProcess
-  - ZwFreeVirtualMemory
-  - ZwClose
-  - ObfReferenceObject
-  - ObfDereferenceObject
-  - RtlUnicodeStringToInteger
-  - ZwCreateSection
-  - ObOpenObjectByPointer
-  - KeStackAttachProcess
-  - KePulseEvent
-  - ZwAllocateVirtualMemory
-  - ObGetObjectSecurity
-  - SeAccessCheck
-  - SeReleaseSubjectContext
-  - SeCaptureSubjectContext
-  - PsThreadType
-  - ObReleaseObjectSecurity
-  - PsGetProcessExitTime
-  - MmSectionObjectType
-  - DbgPrint
-  - ExDeleteResourceLite
-  - ExInitializeResourceLite
-  - ZwReadFile
-  - swprintf
-  - ZwSetInformationFile
-  - ZwCreateFile
-  - ZwQueryInformationFile
-  - ZwWriteFile
-  - _wcsnicmp
-  - towupper
-  - ExAllocatePoolWithTag
-  - KeInitializeEvent
-  - ZwCreateEvent
-  - ZwCreateKey
-  - RtlAnsiStringToUnicodeString
-  - ZwNotifyChangeKey
-  - RtlInitAnsiString
-  - _snprintf
-  - RtlFreeUnicodeString
-  - ExSystemTimeToLocalTime
-  - _vsnprintf
-  - ObReferenceObjectByHandle
-  - RtlTimeToTimeFields
-  - ZwDeviceIoControlFile
-  - PsGetCurrentThreadId
-  - PsGetCurrentProcessId
-  - KeWaitForMultipleObjects
-  - ExGetPreviousMode
-  - RtlEqualUnicodeString
-  - RtlPrefixUnicodeString
-  - RtlAppendUnicodeStringToString
-  - RtlCopyUnicodeString
-  - RtlUpcaseUnicodeChar
-  - KeWaitForSingleObject
-  - KeSetPriorityThread
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - MmIsAddressValid
-  - KeDelayExecutionThread
-  - KeNumberProcessors
-  - PsLookupProcessByProcessId
-  - PsSetCreateProcessNotifyRoutine
-  - ZwOpenDirectoryObject
-  - ZwQueryInformationProcess
-  - ZwQuerySecurityObject
-  - NtSetInformationFile
-  - ZwDeleteValueKey
-  - ZwSetValueKey
-  - ZwQuerySystemInformation
-  - NtQueryInformationFile
-  - IoFileObjectType
-  - ZwQueryValueKey
-  - ZwQueryDirectoryFile
-  - NtCreateFile
-  - ZwEnumerateValueKey
-  - RtlLengthSecurityDescriptor
-  - ZwQueryDirectoryObject
-  - ZwSetSecurityObject
-  - ZwDuplicateObject
-  - ZwOpenProcess
-  - ZwTerminateProcess
-  - ExReleaseFastMutexUnsafe
-  - ZwEnumerateKey
-  - ZwQueryKey
-  - ZwOpenKey
-  - MmSystemRangeStart
-  - _stricmp
-  - _strnicmp
-  - mbstowcs
-  - ProbeForRead
-  - RtlUpcaseUnicodeString
-  - _snwprintf
-  - ZwQuerySymbolicLinkObject
-  - ZwMapViewOfSection
-  - MmGetSystemRoutineAddress
-  - RtlAppendUnicodeToString
-  - IoCreateFile
-  - RtlQueryRegistryValues
-  - MmBuildMdlForNonPagedPool
-  - ZwOpenSymbolicLinkObject
-  - IoFreeMdl
-  - ObQueryNameString
-  - ZwUnmapViewOfSection
-  - NtClose
-  - IoFreeIrp
-  - PsGetVersion
-  - IoAllocateIrp
-  - RtlCompareMemory
-  - MmUnlockPages
-  - ZwSetInformationObject
-  - ZwOpenFile
-  - wcsncmp
-  - RtlImageNtHeader
-  - IoAllocateMdl
-  - IofCallDriver
-  - ZwQueryVolumeInformationFile
-  - ObReferenceObjectByPointer
-  - IoBuildDeviceIoControlRequest
-  - ZwOpenSection
-  - RtlSubAuthoritySid
-  - RtlLengthRequiredSid
-  - ExReleaseFastMutex
-  - ExAcquireFastMutex
-  - RtlCreateAcl
-  - RtlSetDaclSecurityDescriptor
-  - RtlAddAccessAllowedAce
-  - KeInitializeSemaphore
-  - KeReleaseSemaphore
-  - RtlInitializeSid
-  - RtlCreateSecurityDescriptor
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - IoGetDeviceObjectPointer
-  - ExEventObjectType
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - ObOpenObjectByName
-  - NtQueryInformationProcess
-  - strncpy
-  - NtOpenProcess
-  - ObInsertObject
-  - IoAcquireVpbSpinLock
-  - SeCreateAccessState
-  - IoGetFileObjectGenericMapping
-  - ObCreateObject
-  - KeAcquireQueuedSpinLock
-  - KeReleaseQueuedSpinLock
-  - IoReleaseVpbSpinLock
-  - wcschr
-  - strncat
-  - RtlUnicodeStringToAnsiString
-  - wcsncat
-  - RtlFreeAnsiString
-  - wcstombs
-  - IoGetConfigurationInformation
-  - IoRegisterPlugPlayNotification
-  - IoGetStackLimits
-  - IoBuildSynchronousFsdRequest
-  - KeReleaseSpinLock
-  - ExpInterlockedPopEntrySList
-  - FsRtlIsNameInExpression
-  - wcsstr
-  - ExAllocatePool
-  - IoUnregisterPlugPlayNotification
-  - MmProbeAndLockPages
-  - RtlCompareUnicodeString
-  - IoGetDeviceInterfaces
-  - KeAcquireSpinLockRaiseToDpc
-  - KeBugCheckEx
-  - IoCreateDevice
-  - IoDeviceObjectType
-  - SeCaptureSecurityDescriptor
-  - RtlAbsoluteToSelfRelativeSD
-  - IoIsWdmVersionAvailable
-  - SeExports
-  - RtlLengthSid
-  - RtlGetSaclSecurityDescriptor
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - ZwDeleteKey
-  - ExAcquireResourceExclusiveLite
-  - __C_specific_handler
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=TW, L=Taipei, O=Trend Micro, Inc., OU=Taipei, TW, CN=Trend Micro,
-        Inc.
-      ValidFrom: '2019-07-12 00:00:00'
-      ValidTo: '2020-07-10 12:00:00'
-      Signature: 5c08ae5d586a4751195382d6889dc2fc500e7c39c641e1a58def8d923e12b754e2cc35720cc8d3d29382980debf7d98fcc17d764187126dd07c134fdbb96dd44fe8a40195df6f6acd1881fa5ba2921dadceb3f64422344672834813916bbdf317533cf6aaf3317d78197d7d6c560ad681de135f39e2d4ad345b7fe491162660a5462c6075fd725382df1e6e6bc3a4c443be778f79b07f181082e38150ca28ab932f99e4bc4185dc5b3b6edf22c187fdfd84e23a21e7da1989837f43b89aa172e6b34dbcb297bffd511a1d1c100b25e0e921f622a0845e23317f9fec83659ca21c241800683e0dd66ce4d042a8aefc4142b5923a6fa93ee72c48e8dc04c13b4b0
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ea0fe4dfb74cc64bc32143103c27c8b
-      Version: 3
-      TBS:
-        MD5: e93e004baa6013b41135ac0648e29d5b
-        SHA1: dc91e26674d4b627319c700d3ebb1a6cf83d358e
-        SHA256: 0d20335edb166a303411548471bee6f301c8b4f7f7e453d09c15303de2c888d7
-        SHA384: 5e0130ee64e28e6366fcf0ca8a126b3f7e06eec60b8a46ac90dbfa858aac8f0c1a9cce248a606fdf9a98eae98dd5d887
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
-      Version: 3
-      TBS:
-        MD5: 829995f702421dea833a24fb2c7f4442
-        SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
-        SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
-        SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 0ea0fe4dfb74cc64bc32143103c27c8b
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 10609f326d2f94c82a36fc64676533d8
-    SHA1: 2a6eaf986eff3455a32fb6a20ceb7c3ffe70bf41
-    SHA256: b61ea91d46738a0387b4bbfb7c154f3a1881c8cab9360fd8eb85e1dd8c5d386c
-  Sections:
-    .text:
-      Entropy: 6.4384140721471494
-      Virtual Size: '0x37d64'
-    .rdata:
-      Entropy: 3.501299855418845
-      Virtual Size: '0x653c'
-    .data:
-      Entropy: 2.9889621727595177
-      Virtual Size: '0x3368'
-    .pdata:
-      Entropy: 5.427687917987517
-      Virtual Size: '0x26e8'
-    PAGE:
-      Entropy: 6.219135155974678
-      Virtual Size: '0x19f7'
-    .edata:
-      Entropy: 5.841180995766783
-      Virtual Size: '0x57c1'
-    INIT:
-      Entropy: 5.252864983862473
-      Virtual Size: '0x184e'
-    .rsrc:
-      Entropy: 3.371630723469513
-      Virtual Size: '0x568'
-    .reloc:
-      Entropy: 4.092946145413326
-      Virtual Size: '0x7f6'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2019-11-24 20:59:46'
-  Imphash: 3ac083b0ee2b752436a8a1532179f032
-  LoadsDespiteHVCI: 'TRUE'
-- Filename: TmComm.sys
-  MD5: e3aaa0c1c3a5e99eb9970ebe4b5a3183
-  SHA1: 8fafd70bae94bbc22786c9328ee9126fed54dbae
-  SHA256: 1c1251784e6f61525d0082882a969cb8a0c5d5359be22f5a73e3b0cd38b51687
-  Authentihash:
-    MD5: 257904eecb49998ecad8b3d2acee8344
-    SHA1: 7f7110dcca30c2110d31f5a875305d52dac0db49
-    SHA256: 3847a1ed764ba25361a1748761fd9a1cbb65e42db00094f8ad6def9ac5da4116
-  Description: TrendMicro Common Module
-  Company: Trend Micro Inc.
-  InternalName: TmComm.sys
-  OriginalFilename: TmComm.sys
-  FileVersion: 5.50.0.1124
-  Product: Trend Micro Eyes
-  ProductVersion: '5.50'
-  Copyright: Copyright (C) 2015 Trend Micro Incorporated. All rights reserved.
-  MachineType: I386
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  - CLASSPNP.SYS
-  ExportedFunctions:
-  - ??0CAutoUpdateConfigThread@@QAE@ABV0@@Z
-  - ??0CAutoUpdateConfigThread@@QAE@PAU_UNICODE_STRING@@P6GX0PAX@Z1@Z
-  - ??0CBlobConfig@@QAE@ABV0@@Z
-  - ??0CBlobConfig@@QAE@K@Z
-  - ??0CContext@@QAE@ABV0@@Z
-  - ??0CContext@@QAE@KP6GJPAU_EVENT_REPORT@@PAXPAU_TMCE_REPORT@@PAU_TMCE_FEEDBACK@@@Z1K@Z
-  - ??0CContextList@@QAE@ABV0@@Z
-  - ??0CContextList@@QAE@KPAVIMemoryAllocator@@@Z
-  - ??0CDebugLog@@QAE@ABV0@@Z
-  - ??0CDebugLog@@QAE@PBG@Z
-  - ??0CDelayLoadThread@@QAE@ABV0@@Z
-  - ??0CDelayLoadThread@@QAE@XZ
-  - ??0CExclusionExtConfig@@QAE@ABV0@@Z
-  - ??0CExclusionExtConfig@@QAE@KKE@Z
-  - ??0CExclusionFileNameConfig@@QAE@ABV0@@Z
-  - ??0CExclusionFileNameConfig@@QAE@KK@Z
-  - ??0CExclusionFilePathConfig@@QAE@ABV0@@Z
-  - ??0CExclusionFilePathConfig@@QAE@KK@Z
-  - ??0CExclusionFolderConfig@@QAE@ABV0@@Z
-  - ??0CExclusionFolderConfig@@QAE@KK@Z
-  - ??0CExclusionRegistryConfig@@QAE@ABV0@@Z
-  - ??0CExclusionRegistryConfig@@QAE@KK@Z
-  - ??0CFile@@QAE@ABV0@@Z
-  - ??0CFile@@QAE@E@Z
-  - ??0CFileExtension@@QAE@ABV0@@Z
-  - ??0CFileExtension@@QAE@KEEPAVIMemoryAllocator@@@Z
-  - ??0CInclusionExtConfig@@QAE@ABV0@@Z
-  - ??0CInclusionExtConfig@@QAE@KKE@Z
-  - ??0CInclusionFileNameConfig@@QAE@ABV0@@Z
-  - ??0CInclusionFileNameConfig@@QAE@KK@Z
-  - ??0CInclusionFilePathConfig@@QAE@ABV0@@Z
-  - ??0CInclusionFilePathConfig@@QAE@KK@Z
-  - ??0CInclusionFolderConfig@@QAE@ABV0@@Z
-  - ??0CInclusionFolderConfig@@QAE@KK@Z
-  - ??0CKEvent@@QAE@ABV0@@Z
-  - ??0CKEvent@@QAE@W4_EVENT_TYPE@@E@Z
-  - ??0CList@@QAE@ABV0@@Z
-  - ??0CList@@QAE@KPAVIMemoryAllocator@@@Z
-  - ??0CLockEvent@@QAE@ABV0@@Z
-  - ??0CLockEvent@@QAE@XZ
-  - ??0CLockList@@QAE@ABV0@@Z
-  - ??0CLockList@@QAE@KKPAVIMemoryAllocator@@@Z
-  - ??0CMemoryAllocator@@IAE@W4_POOL_TYPE@@K@Z
-  - ??0CMemoryAllocator@@QAE@ABV0@@Z
-  - ??0CMemoryPoolAllocator@@IAE@W4_POOL_TYPE@@KKK@Z
-  - ??0CMemoryPoolAllocator@@QAE@ABV0@@Z
-  - ??0CModuleConfig@@QAE@ABV0@@Z
-  - ??0CModuleConfig@@QAE@XZ
-  - ??0CModuleConfigList@@QAE@ABV0@@Z
-  - ??0CModuleConfigList@@QAE@KPAVIMemoryAllocator@@@Z
-  - ??0CModuleFileExtConfig@@QAE@ABV0@@Z
-  - ??0CModuleFileExtConfig@@QAE@KKE@Z
-  - ??0CModuleFlagConfig@@QAE@ABV0@@Z
-  - ??0CModuleFlagConfig@@QAE@K@Z
-  - ??0CModuleMultiStringConfig@@QAE@ABV0@@Z
-  - ??0CModuleMultiStringConfig@@QAE@KK@Z
-  - ??0CModuleStringConfig@@QAE@ABV0@@Z
-  - ??0CModuleStringConfig@@QAE@K@Z
-  - ??0CNoLockList@@QAE@ABV0@@Z
-  - ??0CNoLockList@@QAE@KKPAVIMemoryAllocator@@@Z
-  - ??0CSmartLock@@QAE@AAVCLockEvent@@@Z
-  - ??0CSmartLock@@QAE@XZ
-  - ??0CSmartReference@@QAE@AAJ@Z
-  - ??0CSmartReference@@QAE@AAK@Z
-  - ??0CSmartResource@@QAE@AAVCResource@@E@Z
-  - ??0CStrList@@QAE@ABV0@@Z
-  - ??0CStrList@@QAE@KPAVIMemoryAllocator@@@Z
-  - ??0CSystemThread@@QAE@ABV0@@Z
-  - ??0CSystemThread@@QAE@K@Z
-  - ??0CUserFuncAdapterJob@@QAE@ABV0@@Z
-  - ??0CUserFuncAdapterJob@@QAE@P6GXPAX@Z0@Z
-  - ??0CWorkerThread@@IAE@PAVCWorkerThreadJobQueue@@@Z
-  - ??0CWorkerThread@@QAE@ABV0@@Z
-  - ??0CWorkerThreadJob@@QAE@ABV0@@Z
-  - ??0CWorkerThreadJob@@QAE@E@Z
-  - ??0CWorkerThreadJobQueue@@QAE@ABV0@@Z
-  - ??0CWorkerThreadJobQueue@@QAE@K@Z
-  - ??0CWorkerThreadPool@@QAE@ABV0@@Z
-  - ??0CWorkerThreadPool@@QAE@K@Z
-  - ??0IMemoryAllocator@@QAE@ABV0@@Z
-  - ??0IMemoryAllocator@@QAE@XZ
-  - ??1CAutoUpdateConfigThread@@UAE@XZ
-  - ??1CBlobConfig@@UAE@XZ
-  - ??1CContext@@UAE@XZ
-  - ??1CContextList@@UAE@XZ
-  - ??1CDebugLog@@UAE@XZ
-  - ??1CDelayLoadThread@@UAE@XZ
-  - ??1CExclusionExtConfig@@UAE@XZ
-  - ??1CExclusionFileNameConfig@@UAE@XZ
-  - ??1CExclusionFilePathConfig@@UAE@XZ
-  - ??1CExclusionFolderConfig@@UAE@XZ
-  - ??1CExclusionRegistryConfig@@UAE@XZ
-  - ??1CFile@@UAE@XZ
-  - ??1CFileExtension@@UAE@XZ
-  - ??1CInclusionExtConfig@@UAE@XZ
-  - ??1CInclusionFileNameConfig@@UAE@XZ
-  - ??1CInclusionFilePathConfig@@UAE@XZ
-  - ??1CInclusionFolderConfig@@UAE@XZ
-  - ??1CKEvent@@UAE@XZ
-  - ??1CList@@UAE@XZ
-  - ??1CLockEvent@@UAE@XZ
-  - ??1CLockList@@UAE@XZ
-  - ??1CMemoryAllocator@@UAE@XZ
-  - ??1CMemoryPoolAllocator@@UAE@XZ
-  - ??1CModuleConfig@@UAE@XZ
-  - ??1CModuleConfigList@@UAE@XZ
-  - ??1CModuleFileExtConfig@@UAE@XZ
-  - ??1CModuleFlagConfig@@UAE@XZ
-  - ??1CModuleMultiStringConfig@@UAE@XZ
-  - ??1CModuleStringConfig@@UAE@XZ
-  - ??1CNoLockList@@UAE@XZ
-  - ??1CSmartLock@@QAE@XZ
-  - ??1CSmartReference@@QAE@XZ
-  - ??1CSmartResource@@QAE@XZ
-  - ??1CStrList@@UAE@XZ
-  - ??1CSystemThread@@UAE@XZ
-  - ??1CUserFuncAdapterJob@@UAE@XZ
-  - ??1CWorkerThread@@UAE@XZ
-  - ??1CWorkerThreadJob@@UAE@XZ
-  - ??1CWorkerThreadJobQueue@@UAE@XZ
-  - ??1CWorkerThreadPool@@UAE@XZ
-  - ??1IMemoryAllocator@@UAE@XZ
-  - ??2@YAPAXIPAVIMemoryAllocator@@PBDK@Z
-  - ??2CMemoryAllocator@@SGPAXI@Z
-  - ??2CMemoryPoolAllocator@@SGPAXI@Z
-  - ??3@YAXPAX@Z
-  - ??3IMemoryAllocator@@SGXPAX@Z
-  - ??4CAutoUpdateConfigThread@@QAEAAV0@ABV0@@Z
-  - ??4CBlobConfig@@QAEAAV0@ABV0@@Z
-  - ??4CContext@@QAEAAV0@ABV0@@Z
-  - ??4CDebugLog@@QAEAAV0@ABV0@@Z
-  - ??4CDelayLoadThread@@QAEAAV0@ABV0@@Z
-  - ??4CFile@@QAEAAV0@ABV0@@Z
-  - ??4CKEvent@@QAEAAV0@ABV0@@Z
-  - ??4CLockEvent@@QAEAAV0@ABV0@@Z
-  - ??4CMemoryAllocator@@QAEAAV0@ABV0@@Z
-  - ??4CMemoryPoolAllocator@@QAEAAV0@ABV0@@Z
-  - ??4CModuleConfig@@QAEAAV0@ABV0@@Z
-  - ??4CModuleFlagConfig@@QAEAAV0@ABV0@@Z
-  - ??4CModuleStringConfig@@QAEAAV0@ABV0@@Z
-  - ??4CSmartLock@@QAEAAV0@ABV0@@Z
-  - ??4CSmartLock@@QAEABV0@AAVCLockEvent@@@Z
-  - ??4CSmartResource@@QAEAAV0@ABV0@@Z
-  - ??4CSystemThread@@QAEAAV0@ABV0@@Z
-  - ??4CUserFuncAdapterJob@@QAEAAV0@ABV0@@Z
-  - ??4CWorkerThread@@QAEAAV0@ABV0@@Z
-  - ??4CWorkerThreadJob@@QAEAAV0@ABV0@@Z
-  - ??4IMemoryAllocator@@QAEAAV0@ABV0@@Z
-  - ??_7CAutoUpdateConfigThread@@6B@
-  - ??_7CBlobConfig@@6B@
-  - ??_7CContext@@6B@
-  - ??_7CContextList@@6B@
-  - ??_7CDebugLog@@6B@
-  - ??_7CDelayLoadThread@@6B@
-  - ??_7CExclusionExtConfig@@6B@
-  - ??_7CExclusionFileNameConfig@@6B@
-  - ??_7CExclusionFilePathConfig@@6B@
-  - ??_7CExclusionFolderConfig@@6B@
-  - ??_7CExclusionRegistryConfig@@6B@
-  - ??_7CFile@@6B@
-  - ??_7CFileExtension@@6B@
-  - ??_7CInclusionExtConfig@@6B@
-  - ??_7CInclusionFileNameConfig@@6B@
-  - ??_7CInclusionFilePathConfig@@6B@
-  - ??_7CInclusionFolderConfig@@6B@
-  - ??_7CKEvent@@6B@
-  - ??_7CList@@6B@
-  - ??_7CLockEvent@@6B@
-  - ??_7CLockList@@6B@
-  - ??_7CMemoryAllocator@@6B@
-  - ??_7CMemoryPoolAllocator@@6B@
-  - ??_7CModuleConfig@@6B@
-  - ??_7CModuleConfigList@@6B@
-  - ??_7CModuleFileExtConfig@@6B@
-  - ??_7CModuleFlagConfig@@6B@
-  - ??_7CModuleMultiStringConfig@@6B@
-  - ??_7CModuleStringConfig@@6B@
-  - ??_7CNoLockList@@6B@
-  - ??_7CStrList@@6B@
-  - ??_7CSystemThread@@6B@
-  - ??_7CUserFuncAdapterJob@@6B@
-  - ??_7CWorkerThread@@6B@
-  - ??_7CWorkerThreadJob@@6B@
-  - ??_7CWorkerThreadJobQueue@@6B@
-  - ??_7CWorkerThreadPool@@6B@
-  - ??_7IMemoryAllocator@@6B@
-  - ??_FCContextList@@QAEXXZ
-  - ??_FCFile@@QAEXXZ
-  - ??_FCFileExtension@@QAEXXZ
-  - ??_FCModuleConfigList@@QAEXXZ
-  - ??_FCStrList@@QAEXXZ
-  - ??_FCSystemThread@@QAEXXZ
-  - ??_FCWorkerThread@@QAEXXZ
-  - ??_FCWorkerThreadJob@@QAEXXZ
-  - ??_FCWorkerThreadJobQueue@@QAEXXZ
-  - ??_U@YAPAXIPAVIMemoryAllocator@@PBDK@Z
-  - ??_V@YAXPAX@Z
-  - ?Acquire@CLockEvent@@QAEXXZ
-  - ?Add@CContextList@@QAEEPAVCContext@@@Z
-  - ?Add@CFileExtension@@QAEEPBGK@Z
-  - ?Add@CModuleConfigList@@QAEEPAVCModuleConfig@@@Z
-  - ?Add@CStrList@@QAEEPBG@Z
-  - ?AddNode@CLockList@@UAEEQAXE@Z
-  - ?AddNode@CNoLockList@@UAEEQAXE@Z
-  - ?Alloc@CMemoryAllocator@@UAEPAXKPBDK@Z
-  - ?Alloc@CMemoryPoolAllocator@@UAEPAXKPBDK@Z
-  - ?AllocBlock@CMemoryPoolAllocator@@IAEPAXK@Z
-  - ?AttachJobQueue@CWorkerThread@@QAEXPAVCWorkerThreadJobQueue@@@Z
-  - ?Cancel@CWorkerThreadJob@@QAEXXZ
-  - ?CheckNode@CLockList@@UAEHQAX@Z
-  - ?CheckNode@CNoLockList@@UAEHQAX@Z
-  - ?CleanQueue@CWorkerThreadJobQueue@@QAEXXZ
-  - ?Cleanup@CBlobConfig@@AAEXXZ
-  - ?Cleanup@CModuleFileExtConfig@@IAEXXZ
-  - ?Cleanup@CModuleMultiStringConfig@@IAEXXZ
-  - ?Cleanup@CModuleStringConfig@@AAEXXZ
-  - ?Close@CFile@@QAEJXZ
-  - ?Count@CLockList@@QAEKXZ
-  - ?Count@CNoLockList@@QAEKXZ
-  - ?Create@CFile@@QAEJPBGKKKK@Z
-  - ?Create@CSystemThread@@QAEEXZ
-  - ?CreateInstance@CMemoryAllocator@@SGPAV1@W4_POOL_TYPE@@K@Z
-  - ?CreateInstance@CMemoryPoolAllocator@@SGPAV1@W4_POOL_TYPE@@KKK@Z
-  - ?CreatePool@CWorkerThreadPool@@QAEEXZ
-  - ?CreateThreads@CWorkerThreadPool@@QAEEK@Z
-  - ?CreateWIRP@CFile@@QAEJPBGKKKK@Z
-  - ?Delete@CFile@@QAEJXZ
-  - ?Delete@CFileExtension@@QAEEPBGK@Z
-  - ?Delete@CStrList@@QAEEPBG@Z
-  - ?DeleteAll@CList@@UAEXXZ
-  - ?DeleteAll@CLockList@@UAEXXZ
-  - ?DeleteAll@CNoLockList@@UAEXXZ
-  - ?DeleteNode@CContextList@@MAEXPAX@Z
-  - ?DeleteNode@CList@@UAEXPAX@Z
-  - ?DeleteNode@CModuleConfigList@@MAEXPAX@Z
-  - ?DeleteNode@CStrList@@EAEXPAU_STR_LIST_NODE@1@@Z
-  - ?DisableWriteProtectFromCR0@@YGXPAPAX@Z
-  - ?DoIt@CWorkerThreadJob@@QAEJXZ
-  - ?EntryPoint@CSystemThread@@KGXPAX@Z
-  - ?Find@CContextList@@QAEPAVCContext@@K@Z
-  - ?Find@CContextList@@QAEPAVCContext@@PAX@Z
-  - ?Find@CFileExtension@@QAEPAU_STR_LIST_NODE@CStrList@@PBGK@Z
-  - ?Find@CModuleConfigList@@QAEPAVCModuleConfig@@K@Z
-  - ?Find@CStrList@@QAEPAU_STR_LIST_NODE@1@PBG@Z
-  - ?FindNode@CContextList@@IAEPAXPAX@Z
-  - ?FindPartiallyAndAllMatch@CStrList@@QAEPAU_STR_LIST_NODE@1@PBG@Z
-  - ?First@CList@@UAEPAXXZ
-  - ?First@CLockList@@UAEPAXXZ
-  - ?First@CNoLockList@@UAEPAXXZ
-  - ?Free@CMemoryAllocator@@UAEXPAX@Z
-  - ?Free@CMemoryPoolAllocator@@UAEXPAX@Z
-  - ?GetAttributes@CFile@@QAEKXZ
-  - ?GetBasicInfomration@CFile@@IAEJXZ
-  - ?GetBlobCofig@CContext@@UAEJKPAXPAK@Z
-  - ?GetCategory@CContext@@QAEKXZ
-  - ?GetData@CBlobConfig@@QAEHPAXPAK@Z
-  - ?GetData@CModuleFileExtConfig@@QAEHPAGPAK@Z
-  - ?GetData@CModuleFileExtConfig@@QAEPAVCFileExtension@@XZ
-  - ?GetData@CModuleFlagConfig@@QAEKXZ
-  - ?GetData@CModuleMultiStringConfig@@QAEHPAGPAK@Z
-  - ?GetData@CModuleMultiStringConfig@@QAEPAVCStrList@@XZ
-  - ?GetData@CModuleStringConfig@@QAEPAGXZ
-  - ?GetData@CStrList@@QAEEPAGPAK@Z
-  - ?GetDataType@CModuleConfig@@QAEKXZ
-  - ?GetEngineContext@CContext@@QAEPAXXZ
-  - ?GetFileExtensionConfig@CContext@@QAEPAVCFileExtension@@K@Z
-  - ?GetFileExtensionConfig@CContext@@UAEJKPAGPAK@Z
-  - ?GetFileSize@CFile@@QAEJPAT_LARGE_INTEGER@@@Z
-  - ?GetFileSizeWIRP@CFile@@QAEJPAT_LARGE_INTEGER@@@Z
-  - ?GetFlagConfig@CContext@@UAEJKPAK@Z
-  - ?GetID@CModuleConfig@@QAEKXZ
-  - ?GetJob@CWorkerThreadJobQueue@@QAEPAVCWorkerThreadJob@@XZ
-  - ?GetLength@CModuleStringConfig@@QAEKXZ
-  - ?GetLinkContext@CContext@@QAEPAXXZ
-  - ?GetLogFlag@CDebugLog@@QAEKXZ
-  - ?GetModuleId@CModuleConfig@@QAEKXZ
-  - ?GetMultiStringConfig@CContext@@QAEPAVCStrList@@K@Z
-  - ?GetMultiStringConfig@CContext@@UAEJKPAGPAK@Z
-  - ?GetOneThreadTEB@CWorkerThreadPool@@QAEPAU_ETHREAD@@XZ
-  - ?GetReportCallBackRoutine@CContext@@QAEKXZ
-  - ?GetSize@CBlobConfig@@QAEKXZ
-  - ?GetStringConfig@CContext@@QAEPAGK@Z
-  - ?GetStringConfig@CContext@@UAEJKPAGPAK@Z
-  - ?GetThreadCount@CWorkerThreadPool@@QAEKXZ
-  - ?GetThreadID@CSystemThread@@QAEKXZ
-  - ?GetType@CContext@@QAEKXZ
-  - ?GetUserParameter@CContext@@QAEKXZ
-  - ?InitializeBlobConfig@CContext@@QAEHKPAXK@Z
-  - ?InitializeFileExtensionConfig@CContext@@QAEHKPBG@Z
-  - ?InitializeFlagConfig@CContext@@QAEHKK@Z
-  - ?InitializeMultiStringConfig@CContext@@QAEHKPBG@Z
-  - ?InitializeStringConfig@CContext@@QAEHKPBG@Z
-  - ?Insert@CList@@UAEXQAXE@Z
-  - ?Insert@CLockList@@UAEXQAXE@Z
-  - ?Insert@CNoLockList@@UAEXQAXE@Z
-  - ?InsertAfter@CList@@UAEXPAX0@Z
-  - ?InsertBefore@CList@@UAEXPAX0@Z
-  - ?Instance@CWorkerThreadPool@@SGPAV1@XZ
-  - ?IsEmpty@CList@@UAEEXZ
-  - ?IsEmpty@CLockList@@UAEEXZ
-  - ?IsEmpty@CNoLockList@@UAEEXZ
-  - ?IsExceedLimitation@CMemoryPoolAllocator@@IAEEK@Z
-  - ?IsFull@CLockList@@QBEEXZ
-  - ?IsFull@CNoLockList@@QBEEXZ
-  - ?IsInExclusionList@CExclusionExtConfig@@QAEEPBG@Z
-  - ?IsInExclusionList@CExclusionFileNameConfig@@QAEEPBG@Z
-  - ?IsInExclusionList@CExclusionFilePathConfig@@QAEEPBG@Z
-  - ?IsInExclusionList@CExclusionFolderConfig@@QAEEPBG@Z
-  - ?IsInExclusionList@CExclusionRegistryConfig@@QAEEPBG@Z
-  - ?IsInInclusionList@CInclusionExtConfig@@QAEEPBG@Z
-  - ?IsInInclusionList@CInclusionFileNameConfig@@QAEEPBG@Z
-  - ?IsInInclusionList@CInclusionFilePathConfig@@QAEEPBG@Z
-  - ?IsInInclusionList@CInclusionFolderConfig@@QAEEPBG@Z
-  - ?IsOpened@CFile@@QAEEXZ
-  - ?IsTerminated@CWorkerThreadPool@@QAEEXZ
-  - ?IsValid@CMemoryAllocator@@UAEEXZ
-  - ?IsValid@CMemoryPoolAllocator@@UAEEXZ
-  - ?IsValid@IMemoryAllocator@@UAEEXZ
-  - ?IsWorkerThread@CWorkerThreadPool@@QAEEK@Z
-  - ?JobFunction@CUserFuncAdapterJob@@MAEXXZ
-  - ?JobQueue@CWorkerThreadPool@@QAEAAVCWorkerThreadJobQueue@@XZ
-  - ?Limit@CLockList@@QAEKXZ
-  - ?Limit@CNoLockList@@QAEKXZ
-  - ?MatchAllExtensions@CFileExtension@@QAEEXZ
-  - ?MatchNoExtensions@CFileExtension@@QAEEXZ
-  - ?MergeLeft@CMemoryPoolAllocator@@IAEPAXPAX@Z
-  - ?MergeRight@CMemoryPoolAllocator@@IAEPAXPAX@Z
-  - ?NeedDelete@CWorkerThreadJob@@QAEEXZ
-  - ?NeedDeleteWhenFinish@CWorkerThreadJob@@QAEXE@Z
-  - ?NewNode@CList@@UAEPAXXZ
-  - ?NewNode@CStrList@@EAEPAXXZ
-  - ?NewNodeVariant@CList@@IAEPAXK@Z
-  - ?Next@CList@@UBEPAXQAX@Z
-  - ?Next@CLockList@@UBEPAXQAX@Z
-  - ?Next@CNoLockList@@UBEPAXQAX@Z
-  - ?NextPool@CMemoryPoolAllocator@@QAEPAV1@XZ
-  - ?NotityTerminate@CWorkerThread@@QAEXXZ
-  - ?PostJobToWorkerThread@CWorkerThreadPool@@QAEJP6GXPAX@Z0E@Z
-  - ?Pulse@CKEvent@@QAEJJE@Z
-  - ?QueueJob@CWorkerThreadJobQueue@@QAEEPAVCWorkerThreadJob@@@Z
-  - ?QueueJobItem@CWorkerThreadPool@@QAEJPAVCWorkerThreadJob@@@Z
-  - ?RCMInstance@CWorkerThreadPool@@SGPAV1@XZ
-  - ?Read@CFile@@QAEJPADKPAK@Z
-  - ?ReadWIRP@CFile@@QAEJPADKPAK@Z
-  - ?ReferenceCount@CContext@@QAEAAKXZ
-  - ?Release@CLockEvent@@QAEXXZ
-  - ?Remove@CContextList@@UAEEQAX@Z
-  - ?Remove@CList@@UAEEQAX@Z
-  - ?Remove@CLockList@@UAEEQAX@Z
-  - ?Remove@CNoLockList@@UAEEQAX@Z
-  - ?RemoveHead@CList@@UAEPAXXZ
-  - ?RemoveHead@CLockList@@UAEPAXXZ
-  - ?RemoveHead@CNoLockList@@UAEPAXXZ
-  - ?RemoveTail@CList@@UAEPAXXZ
-  - ?RemoveTail@CLockList@@UAEPAXXZ
-  - ?RemoveTail@CNoLockList@@UAEPAXXZ
-  - ?Reset@CKEvent@@QAEXXZ
-  - ?ResetData@CInclusionExtConfig@@QAEXXZ
-  - ?ResetData@CInclusionFileNameConfig@@QAEXXZ
-  - ?ResetData@CInclusionFilePathConfig@@QAEXXZ
-  - ?ResetData@CInclusionFolderConfig@@QAEXXZ
-  - ?RestoreCR0@@YGXPAX@Z
-  - ?Run@CAutoUpdateConfigThread@@UAEXXZ
-  - ?Run@CDelayLoadThread@@UAEXXZ
-  - ?Run@CWorkerThread@@UAEXXZ
-  - ?SeekToEnd@CFile@@QAEJXZ
-  - ?Set@CKEvent@@QAEJJE@Z
-  - ?SetAttributes@CFile@@QAEJK@Z
-  - ?SetBlobCofig@CContext@@UAEJKPAXK@Z
-  - ?SetData@CBlobConfig@@QAEHPAXK@Z
-  - ?SetData@CModuleFileExtConfig@@QAEHPBG@Z
-  - ?SetData@CModuleFlagConfig@@QAEHK@Z
-  - ?SetData@CModuleMultiStringConfig@@QAEHPBGK@Z
-  - ?SetData@CModuleStringConfig@@QAEHPBG@Z
-  - ?SetEngineContext@CContext@@QAEXPAX@Z
-  - ?SetFileExtensionConfig@CContext@@UAEJKPBG@Z
-  - ?SetFlagConfig@CContext@@UAEJKK@Z
-  - ?SetLinkContext@CContext@@QAEXPAX@Z
-  - ?SetLogFlag@CDebugLog@@QAEEK@Z
-  - ?SetMatchAllExtensions@CFileExtension@@QAEXE@Z
-  - ?SetMatchNoExtensions@CFileExtension@@QAEXE@Z
-  - ?SetMultiStringConfig@CContext@@UAEJKPBG@Z
-  - ?SetNewJobItemEvent@CWorkerThreadJobQueue@@QAEXXZ
-  - ?SetPriority@CSystemThread@@QAEXK@Z
-  - ?SetStopUse@CContext@@QAEXXZ
-  - ?SetStringConfig@CContext@@UAEJKPBG@Z
-  - ?Setup@CSystemThread@@MAEXXZ
-  - ?StopUse@CContext@@QAEHXZ
-  - ?TearDown@CSystemThread@@MAEXXZ
-  - ?Terminate@CSystemThread@@QAEXE@Z
-  - ?Terminate@CWorkerThreadPool@@QAEEXZ
-  - ?TmExceptionFilter@@YGJPAU_EXCEPTION_POINTERS@@@Z
-  - ?Wait@CKEvent@@QAEJPAT_LARGE_INTEGER@@E@Z
-  - ?WaitFinish@CWorkerThreadJob@@QAEXXZ
-  - ?WaitForInit@CDelayLoadThread@@QAEEXZ
-  - ?WaitForLoad@CDelayLoadThread@@QAEEXZ
-  - ?WaitNewJobAvailable@CWorkerThreadJobQueue@@QAEEXZ
-  - ?Write@CDebugLog@@QAAXPBDZZ
-  - ?Write@CFile@@QAEJPADKPAT_LARGE_INTEGER@@PAK@Z
-  - ?WriteSystemInformation@CDebugLog@@QAEXXZ
-  - ?WriteSystemStringInformation@CDebugLog@@IAEXPBG@Z
-  - ?WriteToFile@CDebugLog@@IAEXPADK@Z
-  - ?_pNonPagedAllocator@@3PAVCMemoryAllocator@@A
-  - ?_pPagedAllocator@@3PAVCMemoryAllocator@@A
-  - ?m_lpInstance@CWorkerThreadPool@@1PAV1@A
-  - ?m_lpRCMInstance@CWorkerThreadPool@@1PAV1@A
-  - _DeInitKmLPC@0
-  - _GetModuleInfoByAddress@8
-  - _GetModuleInfoByModuleName@8
-  - _InitKmLPC@0
-  - _IsVerifierCodeCheckFlagOn@0
-  - _IsWindows8_1_update@4
-  - _KmCallUm@8
-  - _KmCallUmEx@12
-  - _ModGetExportProcAddress@8
-  - _ModLoadDLLToBuffer@4
-  - _ModLoadDLLToBufferWithImageSize@8
-  - _ModLoadModule@8
-  - _ModUnLoadModule@4
-  - _NormalizeFileName@4
-  - _NormalizeFullNtPathToDosName@4
-  - _TmCommConfigRoutine@4
-  - _UtilAddDeviceInDriveTable@4
-  - _UtilCleanFileReadOnly@4
-  - _UtilDeleteFileForce@4
-  - _UtilGetFileObjectForProcessByEPROC@8
-  - _UtilGetFileObjectFromFileName@12
-  - _UtilGetProcessName@12
-  - _UtilGetSystemDirectory@4
-  - _UtilGetSystemDirectoryEx@0
-  - _UtilGetSystemDirectoryLength@0
-  - _UtilGetSystemTime@4
-  - _UtilIoSetFileInfo@24
-  - _UtilIopCreateFileIRP@40
-  - _UtilKeGetLowFileDevice@16
-  - _UtilModuleIATHook@24
-  - _UtilModuleIATUnHook@8
-  - _UtilQueryKeyValue@24
-  - _UtilRemoveDeviceFromDriveTable@4
-  - _UtilVolumeDeviceToDosName@8
-  - _UtilWaitValueChangeToZero@8
-  - _UtilWriteVersionToRegistry@8
-  - _UtilbuildDynamicDiskMappingTable@0
-  - _UtlWriteBinValueKeyToRegistry@16
-  - __UtilDosPathNameToNtPathName@12
-  ImportedFunctions:
-  - wcsrchr
-  - KeSetEvent
-  - KePulseEvent
-  - KeClearEvent
-  - KeInitializeSemaphore
-  - KeWaitForSingleObject
-  - KeReleaseSemaphore
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - RtlSubAuthoritySid
-  - RtlInitializeSid
-  - ExAllocatePoolWithTag
-  - RtlLengthRequiredSid
-  - ExFreePoolWithTag
-  - RtlSetDaclSecurityDescriptor
-  - RtlCreateSecurityDescriptor
-  - RtlAddAccessAllowedAce
-  - RtlCreateAcl
-  - ObfDereferenceObject
-  - ZwSetEvent
-  - ZwClose
-  - ZwRequestWaitReplyPort
-  - ProbeForWrite
-  - ZwFreeVirtualMemory
-  - ZwAllocateVirtualMemory
-  - ObOpenObjectByPointer
-  - PsProcessType
-  - memmove
-  - ZwConnectPort
-  - RtlInitUnicodeString
-  - RtlUnicodeStringToInteger
-  - ZwCreateSection
-  - ZwWaitForSingleObject
-  - ZwOpenEvent
-  - ObfReferenceObject
-  - IoGetCurrentProcess
-  - DbgBreakPoint
-  - PsGetProcessExitTime
-  - MmSectionObjectType
-  - PsThreadType
-  - MmGetSystemRoutineAddress
-  - DbgPrint
-  - memset
-  - MmIsAddressValid
-  - ExInitializeResourceLite
-  - ExDeleteResourceLite
-  - ZwWriteFile
-  - ZwReadFile
-  - ZwQueryInformationFile
-  - ZwSetInformationFile
-  - ZwCreateFile
-  - swprintf
-  - towupper
-  - _wcsnicmp
-  - KeInitializeEvent
-  - _snprintf
-  - PsGetCurrentProcessId
-  - RtlTimeToTimeFields
-  - ExSystemTimeToLocalTime
-  - KeQuerySystemTime
-  - ZwCreateKey
-  - ZwCreateEvent
-  - KeWaitForMultipleObjects
-  - ObReferenceObjectByHandle
-  - ZwNotifyChangeKey
-  - PsGetCurrentThreadId
-  - _vsnprintf
-  - KeSetPriorityThread
-  - PsTerminateSystemThread
-  - PsCreateSystemThread
-  - KeNumberProcessors
-  - ZwQueryInformationProcess
-  - PsLookupProcessByProcessId
-  - KeDelayExecutionThread
-  - ZwOpenDirectoryObject
-  - PsSetCreateProcessNotifyRoutine
-  - ZwQuerySystemInformation
-  - ZwQueryDirectoryFile
-  - ZwQueryDirectoryObject
-  - ZwDuplicateObject
-  - ZwOpenKey
-  - ZwEnumerateKey
-  - ZwEnumerateValueKey
-  - ZwQueryValueKey
-  - ZwDeleteValueKey
-  - ZwDeleteKey
-  - ExGetPreviousMode
-  - ZwTerminateProcess
-  - ZwOpenProcess
-  - ZwQueryKey
-  - ZwSetValueKey
-  - IoFileObjectType
-  - memcpy
-  - ZwQuerySecurityObject
-  - ZwSetSecurityObject
-  - RtlLengthSecurityDescriptor
-  - MmHighestUserAddress
-  - IoFreeIrp
-  - _purecall
-  - MmUnlockPages
-  - IoBuildAsynchronousFsdRequest
-  - _strnicmp
-  - RtlQueryRegistryValues
-  - RtlAppendUnicodeToString
-  - mbstowcs
-  - ZwQuerySymbolicLinkObject
-  - ZwOpenSymbolicLinkObject
-  - NtClose
-  - ZwSetInformationObject
-  - _stricmp
-  - ZwUnmapViewOfSection
-  - ZwMapViewOfSection
-  - ZwOpenFile
-  - RtlEqualUnicodeString
-  - IoCreateFile
-  - IofCallDriver
-  - IoAllocateIrp
-  - MmBuildMdlForNonPagedPool
-  - IoAllocateMdl
-  - ProbeForRead
-  - PsGetVersion
-  - RtlCopyUnicodeString
-  - RtlFreeUnicodeString
-  - RtlCompareMemory
-  - RtlUpcaseUnicodeString
-  - _snwprintf
-  - RtlImageNtHeader
-  - RtlAnsiStringToUnicodeString
-  - RtlInitAnsiString
-  - strrchr
-  - ZwQueryVolumeInformationFile
-  - ObReferenceObjectByPointer
-  - ObQueryNameString
-  - IoBuildDeviceIoControlRequest
-  - IofCompleteRequest
-  - ExEventObjectType
-  - _allmul
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - IoCreateSymbolicLink
-  - IoGetDeviceObjectPointer
-  - RtlUpperChar
-  - RtlCompareUnicodeString
-  - strncpy
-  - KeServiceDescriptorTable
-  - NtOpenProcess
-  - ObOpenObjectByName
-  - IoDriverObjectType
-  - RtlAppendUnicodeStringToString
-  - NtQueryInformationProcess
-  - IoThreadToProcess
-  - PsIsThreadTerminating
-  - KeAddSystemServiceTable
-  - ZwQueryObject
-  - ObInsertObject
-  - IoReleaseVpbSpinLock
-  - IoAcquireVpbSpinLock
-  - SeCreateAccessState
-  - IoGetFileObjectGenericMapping
-  - ObCreateObject
-  - _allshr
-  - ExInterlockedPopEntrySList
-  - IoGetStackLimits
-  - IoBuildSynchronousFsdRequest
-  - MmSystemRangeStart
-  - wcsstr
-  - IoUnregisterPlugPlayNotification
-  - FsRtlIsNameInExpression
-  - IoGetConfigurationInformation
-  - MmProbeAndLockPages
-  - IoGetDeviceInterfaces
-  - IoRegisterPlugPlayNotification
-  - ExAllocatePool
-  - RtlFreeAnsiString
-  - RtlUnicodeStringToAnsiString
-  - strncat
-  - wcschr
-  - wcsncat
-  - wcstombs
-  - KeTickCount
-  - KeBugCheckEx
-  - RtlUnwind
-  - wcsncpy
-  - ExReleaseResourceLite
-  - ExAcquireResourceExclusiveLite
-  - ExAcquireResourceSharedLite
-  - ExReleaseFastMutexUnsafe
-  - KeLeaveCriticalRegion
-  - KeEnterCriticalRegion
-  - _allrem
-  - ExAcquireFastMutexUnsafe
-  - IoDeviceObjectType
-  - IoCreateDevice
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetSaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - SeExports
-  - IoIsWdmVersionAvailable
-  - RtlLengthSid
-  - RtlAbsoluteToSelfRelativeSD
-  - IoFreeMdl
-  - KeGetCurrentThread
-  - KfAcquireSpinLock
-  - KfReleaseSpinLock
-  - KeRaiseIrqlToDpcLevel
-  - KfLowerIrql
-  - KeGetCurrentIrql
-  - ExAcquireFastMutex
-  - ExReleaseFastMutex
-  - KfRaiseIrql
-  - ClassInitialize
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO
-        Time Stamping Signer
-      ValidFrom: '2015-05-05 00:00:00'
-      ValidTo: '2015-12-31 23:59:59'
-      Signature: 0dbbad60111bb5f00dcce6483a7a3e0e33dc1cb9ead620fea34dd0cc764ee818d879dfd34f9a4264238a29728a3a6c66a63c3a17a8704565c673c3d0ce8954fbac690f58b019cb869f7eb97eeb5192bf9bddebd165f0257b887cdebda5c8b51451bcc081308a85387be679fe67559387fe4fe88d0eedf37292b5c289806dd159e31d0deab138ee039d0019a5ab219b79c3ccc23e687ebdc94d694db46451fbb22874e25389ce9dfaade2dbceab7b7e064474fd0aa3c9b7a730cd49d29264f122a6b828457479e9a7ce3b33f98350947d68c01d49c760787a3c6426d5befa0a6de41ee109538fa9c523acc79d614221f02c1671493b10af2c6f1ae631f114fd6c
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 009feac811b0f16247a5fc20d80523ace6
-      Version: 3
-      TBS:
-        MD5: b6aa9cf28bcfc9f07ec1069fb425ab61
-        SHA1: ca7a166fcd53878ba5a38d4cac37c63513cfc1fa
-        SHA256: 711394fc49f8948a831f687d42ced6b18514f57786ecc6cdbc3c3eb72e568a40
-        SHA384: ca01f9c9ed4e1ddff7126b7bbf618bc8132429886ca563f86655429e928739c621b9fdea6e04a623712cbb998c5c7d77
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=TW, ST=Taiwan, L=Taipei, O=Trend Micro, Inc., CN=Trend Micro, Inc.
-      ValidFrom: '2015-02-20 00:00:00'
-      ValidTo: '2016-05-21 23:59:59'
-      Signature: e480eb7f78216a855e34dbcb712d3879d6b1744c823c8e78c3661e55182a5c1f3a03686169393ef8778c893a49604a79769f5ba7156426c5431ae729a8dc5f8e22b14d124e46eff3f4f660552a57250a15e15d07ad548a02cddf8a204b5010be387a05b1019f618cf15078d80a809a7272b1822a63862c7db194f12697a786001ef630ac9d8bf9f5475191f327b8ed4839dff1ef65e5eb8f91379a66366451f99cb633848c57d4392096e6080fa327b23fc3834ad4f6043904d6c5aeb35454a265b3fda38167cffa8394f092a74bad1ea386f63b7baeb95271a97fc3bff0a2bc96a834f280a254d7170e5cc2830f3bd0649178f8b04514ecd1103753b1762902
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1519396ee230f02cad1fcfdb077a35f0
-      Version: 3
-      TBS:
-        MD5: 7e2a6f93403382b4ec42463426d0a4b5
-        SHA1: 62acc697c0e2dc37f3d37ab79751637346e051e2
-        SHA256: 3e9a51973a839e5bc6e81c886e085b777d08ce2b24f816b7552cf2c44e322d59
-        SHA384: e6206b8dc5d081bcf85545a545ebe91bb0c796b5b94bf0b915223440f73a2cea4ca0981d8da85ae07384918a1f7c927d
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 1519396ee230f02cad1fcfdb077a35f0
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: baada9343cbaf3c9fea4ef77c7273bfb
-    SHA1: 4c6b0ced9400f041538de6302dd3259a0e3e067c
-    SHA256: 4eb67ab524a9d7f44e010b8a29c08d68801262325b6d99adabb130d91438ebd3
-  Sections:
-    .text:
-      Entropy: 6.661606033507545
-      Virtual Size: '0x31e92'
-    .rdata:
-      Entropy: 4.998706327691213
-      Virtual Size: '0x21ec'
-    .data:
-      Entropy: 4.223344984970605
-      Virtual Size: '0x2b0c'
-    PAGE:
-      Entropy: 6.251000686256479
-      Virtual Size: '0x13dd'
-    .edata:
-      Entropy: 5.864036559426088
-      Virtual Size: '0x4cc0'
-    INIT:
-      Entropy: 5.649089582615812
-      Virtual Size: '0x15a4'
-    .rsrc:
-      Entropy: 3.3955059754786987
-      Virtual Size: '0x760'
-    .reloc:
-      Entropy: 6.563142165769885
-      Virtual Size: '0x2ec2'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2015-12-03 06:29:37'
-  Imphash: f43aa654b4bfb882a0af098ad3f899e9
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: TmComm.sys
-  MD5: 5a615f4641287e5e88968f5455627d45
-  SHA1: dcfeca5e883a084e89ecd734c4528b922a1099b9
-  SHA256: 2afdb3278a7b57466a103024aef9ff7f41c73a19bab843a8ebf3d3c4d4e82b30
-  Authentihash:
-    MD5: f9170d67a08b1a8f4e283615b4400773
-    SHA1: e1e0a986b99795fa8c40328c5a01b5b8cbb9ca34
-    SHA256: dd54115ef08b107691425e4c0bf94dc0ae7c522fba60a0ce3f574ebf4f5dbc5a
-  Description: TrendMicro Common Module
-  Company: Trend Micro Inc.
-  InternalName: TmComm.sys
-  OriginalFilename: TmComm.sys
-  FileVersion: 6.70.0.1098
-  Product: Trend Micro Eyes
-  ProductVersion: '6.70'
-  Copyright: Copyright (C) 2016 Trend Micro Incorporated. All rights reserved.
-  MachineType: I386
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  - CLASSPNP.SYS
-  ExportedFunctions:
-  - ??0CAutoUpdateConfigThread@@QAE@ABV0@@Z
-  - ??0CAutoUpdateConfigThread@@QAE@PAU_UNICODE_STRING@@P6GX0PAX@Z1@Z
-  - ??0CBlobConfig@@QAE@ABV0@@Z
-  - ??0CBlobConfig@@QAE@K@Z
-  - ??0CContext@@QAE@ABV0@@Z
-  - ??0CContext@@QAE@KP6GJPAU_EVENT_REPORT@@PAXPAU_TMCE_REPORT@@PAU_TMCE_FEEDBACK@@@Z1K@Z
-  - ??0CContextList@@QAE@ABV0@@Z
-  - ??0CContextList@@QAE@KPAVIMemoryAllocator@@@Z
-  - ??0CDebugLog@@QAE@ABV0@@Z
-  - ??0CDebugLog@@QAE@PBG@Z
-  - ??0CDebugLogEx@@QAE@ABV0@@Z
-  - ??0CDebugLogEx@@QAE@K@Z
-  - ??0CDelayLoadThread@@QAE@ABV0@@Z
-  - ??0CDelayLoadThread@@QAE@XZ
-  - ??0CExclusionExtConfig@@QAE@ABV0@@Z
-  - ??0CExclusionExtConfig@@QAE@KKE@Z
-  - ??0CExclusionFileNameConfig@@QAE@ABV0@@Z
-  - ??0CExclusionFileNameConfig@@QAE@KK@Z
-  - ??0CExclusionFilePathConfig@@QAE@ABV0@@Z
-  - ??0CExclusionFilePathConfig@@QAE@KK@Z
-  - ??0CExclusionFolderConfig@@QAE@ABV0@@Z
-  - ??0CExclusionFolderConfig@@QAE@KK@Z
-  - ??0CExclusionRegistryConfig@@QAE@ABV0@@Z
-  - ??0CExclusionRegistryConfig@@QAE@KK@Z
-  - ??0CFile@@QAE@ABV0@@Z
-  - ??0CFile@@QAE@E@Z
-  - ??0CFileExtension@@QAE@ABV0@@Z
-  - ??0CFileExtension@@QAE@KEEPAVIMemoryAllocator@@@Z
-  - ??0CInclusionExtConfig@@QAE@ABV0@@Z
-  - ??0CInclusionExtConfig@@QAE@KKE@Z
-  - ??0CInclusionFileNameConfig@@QAE@ABV0@@Z
-  - ??0CInclusionFileNameConfig@@QAE@KK@Z
-  - ??0CInclusionFilePathConfig@@QAE@ABV0@@Z
-  - ??0CInclusionFilePathConfig@@QAE@KK@Z
-  - ??0CInclusionFolderConfig@@QAE@ABV0@@Z
-  - ??0CInclusionFolderConfig@@QAE@KK@Z
-  - ??0CKEvent@@QAE@ABV0@@Z
-  - ??0CKEvent@@QAE@W4_EVENT_TYPE@@E@Z
-  - ??0CList@@QAE@ABV0@@Z
-  - ??0CList@@QAE@KPAVIMemoryAllocator@@@Z
-  - ??0CLockEvent@@QAE@ABV0@@Z
-  - ??0CLockEvent@@QAE@XZ
-  - ??0CLockList@@QAE@ABV0@@Z
-  - ??0CLockList@@QAE@KKPAVIMemoryAllocator@@@Z
-  - ??0CMemoryAllocator@@IAE@W4_POOL_TYPE@@K@Z
-  - ??0CMemoryAllocator@@QAE@ABV0@@Z
-  - ??0CMemoryPoolAllocator@@IAE@W4_POOL_TYPE@@KKK@Z
-  - ??0CMemoryPoolAllocator@@QAE@ABV0@@Z
-  - ??0CModuleConfig@@QAE@ABV0@@Z
-  - ??0CModuleConfig@@QAE@XZ
-  - ??0CModuleConfigList@@QAE@ABV0@@Z
-  - ??0CModuleConfigList@@QAE@KPAVIMemoryAllocator@@@Z
-  - ??0CModuleFileExtConfig@@QAE@ABV0@@Z
-  - ??0CModuleFileExtConfig@@QAE@KKE@Z
-  - ??0CModuleFlagConfig@@QAE@ABV0@@Z
-  - ??0CModuleFlagConfig@@QAE@K@Z
-  - ??0CModuleMultiStringConfig@@QAE@ABV0@@Z
-  - ??0CModuleMultiStringConfig@@QAE@KK@Z
-  - ??0CModuleStringConfig@@QAE@ABV0@@Z
-  - ??0CModuleStringConfig@@QAE@K@Z
-  - ??0CNoLockList@@QAE@ABV0@@Z
-  - ??0CNoLockList@@QAE@KKPAVIMemoryAllocator@@@Z
-  - ??0CSmartLock@@QAE@AAVCLockEvent@@@Z
-  - ??0CSmartLock@@QAE@XZ
-  - ??0CSmartReference@@QAE@AAJ@Z
-  - ??0CSmartReference@@QAE@AAK@Z
-  - ??0CSmartResource@@QAE@AAVCResource@@E@Z
-  - ??0CStrList@@QAE@ABV0@@Z
-  - ??0CStrList@@QAE@KPAVIMemoryAllocator@@@Z
-  - ??0CSystemThread@@QAE@ABV0@@Z
-  - ??0CSystemThread@@QAE@K@Z
-  - ??0CUserFuncAdapterJob@@QAE@ABV0@@Z
-  - ??0CUserFuncAdapterJob@@QAE@P6GXPAX@Z01@Z
-  - ??0CWorkerThread@@IAE@PAVCWorkerThreadJobQueue@@@Z
-  - ??0CWorkerThread@@QAE@ABV0@@Z
-  - ??0CWorkerThreadJob@@QAE@ABV0@@Z
-  - ??0CWorkerThreadJob@@QAE@E@Z
-  - ??0CWorkerThreadJobQueue@@QAE@ABV0@@Z
-  - ??0CWorkerThreadJobQueue@@QAE@K@Z
-  - ??0CWorkerThreadPool@@QAE@ABV0@@Z
-  - ??0CWorkerThreadPool@@QAE@K@Z
-  - ??0CWorkerThreadPoolEx@@QAE@ABV0@@Z
-  - ??0CWorkerThreadPoolEx@@QAE@KK@Z
-  - ??0IMemoryAllocator@@QAE@ABV0@@Z
-  - ??0IMemoryAllocator@@QAE@XZ
-  - ??1CAutoUpdateConfigThread@@UAE@XZ
-  - ??1CBlobConfig@@UAE@XZ
-  - ??1CContext@@UAE@XZ
-  - ??1CContextList@@UAE@XZ
-  - ??1CDebugLog@@UAE@XZ
-  - ??1CDebugLogEx@@UAE@XZ
-  - ??1CDelayLoadThread@@UAE@XZ
-  - ??1CExclusionExtConfig@@UAE@XZ
-  - ??1CExclusionFileNameConfig@@UAE@XZ
-  - ??1CExclusionFilePathConfig@@UAE@XZ
-  - ??1CExclusionFolderConfig@@UAE@XZ
-  - ??1CExclusionRegistryConfig@@UAE@XZ
-  - ??1CFile@@UAE@XZ
-  - ??1CFileExtension@@UAE@XZ
-  - ??1CInclusionExtConfig@@UAE@XZ
-  - ??1CInclusionFileNameConfig@@UAE@XZ
-  - ??1CInclusionFilePathConfig@@UAE@XZ
-  - ??1CInclusionFolderConfig@@UAE@XZ
-  - ??1CKEvent@@UAE@XZ
-  - ??1CList@@UAE@XZ
-  - ??1CLockEvent@@UAE@XZ
-  - ??1CLockList@@UAE@XZ
-  - ??1CMemoryAllocator@@UAE@XZ
-  - ??1CMemoryPoolAllocator@@UAE@XZ
-  - ??1CModuleConfig@@UAE@XZ
-  - ??1CModuleConfigList@@UAE@XZ
-  - ??1CModuleFileExtConfig@@UAE@XZ
-  - ??1CModuleFlagConfig@@UAE@XZ
-  - ??1CModuleMultiStringConfig@@UAE@XZ
-  - ??1CModuleStringConfig@@UAE@XZ
-  - ??1CNoLockList@@UAE@XZ
-  - ??1CSmartLock@@QAE@XZ
-  - ??1CSmartReference@@QAE@XZ
-  - ??1CSmartResource@@QAE@XZ
-  - ??1CStrList@@UAE@XZ
-  - ??1CSystemThread@@UAE@XZ
-  - ??1CUserFuncAdapterJob@@UAE@XZ
-  - ??1CWorkerThread@@UAE@XZ
-  - ??1CWorkerThreadJob@@UAE@XZ
-  - ??1CWorkerThreadJobQueue@@UAE@XZ
-  - ??1CWorkerThreadPool@@UAE@XZ
-  - ??1CWorkerThreadPoolEx@@UAE@XZ
-  - ??1IMemoryAllocator@@UAE@XZ
-  - ??2@YAPAXIPAVIMemoryAllocator@@PBDK@Z
-  - ??2CMemoryAllocator@@SGPAXI@Z
-  - ??2CMemoryPoolAllocator@@SGPAXI@Z
-  - ??3@YAXPAX@Z
-  - ??3IMemoryAllocator@@SGXPAX@Z
-  - ??4CAutoUpdateConfigThread@@QAEAAV0@ABV0@@Z
-  - ??4CBlobConfig@@QAEAAV0@ABV0@@Z
-  - ??4CContext@@QAEAAV0@ABV0@@Z
-  - ??4CDebugLog@@QAEAAV0@ABV0@@Z
-  - ??4CDebugLogEx@@QAEAAV0@ABV0@@Z
-  - ??4CDelayLoadThread@@QAEAAV0@ABV0@@Z
-  - ??4CFile@@QAEAAV0@ABV0@@Z
-  - ??4CKEvent@@QAEAAV0@ABV0@@Z
-  - ??4CLockEvent@@QAEAAV0@ABV0@@Z
-  - ??4CMemoryAllocator@@QAEAAV0@ABV0@@Z
-  - ??4CMemoryPoolAllocator@@QAEAAV0@ABV0@@Z
-  - ??4CModuleConfig@@QAEAAV0@ABV0@@Z
-  - ??4CModuleFlagConfig@@QAEAAV0@ABV0@@Z
-  - ??4CModuleStringConfig@@QAEAAV0@ABV0@@Z
-  - ??4CSmartLock@@QAEAAV0@ABV0@@Z
-  - ??4CSmartLock@@QAEABV0@AAVCLockEvent@@@Z
-  - ??4CSmartResource@@QAEAAV0@ABV0@@Z
-  - ??4CSystemThread@@QAEAAV0@ABV0@@Z
-  - ??4CUserFuncAdapterJob@@QAEAAV0@ABV0@@Z
-  - ??4CWorkerThread@@QAEAAV0@ABV0@@Z
-  - ??4CWorkerThreadJob@@QAEAAV0@ABV0@@Z
-  - ??4IMemoryAllocator@@QAEAAV0@ABV0@@Z
-  - ??_7CAutoUpdateConfigThread@@6B@
-  - ??_7CBlobConfig@@6B@
-  - ??_7CContext@@6B@
-  - ??_7CContextList@@6B@
-  - ??_7CDebugLog@@6B@
-  - ??_7CDebugLogEx@@6B@
-  - ??_7CDelayLoadThread@@6B@
-  - ??_7CExclusionExtConfig@@6B@
-  - ??_7CExclusionFileNameConfig@@6B@
-  - ??_7CExclusionFilePathConfig@@6B@
-  - ??_7CExclusionFolderConfig@@6B@
-  - ??_7CExclusionRegistryConfig@@6B@
-  - ??_7CFile@@6B@
-  - ??_7CFileExtension@@6B@
-  - ??_7CInclusionExtConfig@@6B@
-  - ??_7CInclusionFileNameConfig@@6B@
-  - ??_7CInclusionFilePathConfig@@6B@
-  - ??_7CInclusionFolderConfig@@6B@
-  - ??_7CKEvent@@6B@
-  - ??_7CList@@6B@
-  - ??_7CLockEvent@@6B@
-  - ??_7CLockList@@6B@
-  - ??_7CMemoryAllocator@@6B@
-  - ??_7CMemoryPoolAllocator@@6B@
-  - ??_7CModuleConfig@@6B@
-  - ??_7CModuleConfigList@@6B@
-  - ??_7CModuleFileExtConfig@@6B@
-  - ??_7CModuleFlagConfig@@6B@
-  - ??_7CModuleMultiStringConfig@@6B@
-  - ??_7CModuleStringConfig@@6B@
-  - ??_7CNoLockList@@6B@
-  - ??_7CStrList@@6B@
-  - ??_7CSystemThread@@6B@
-  - ??_7CUserFuncAdapterJob@@6B@
-  - ??_7CWorkerThread@@6B@
-  - ??_7CWorkerThreadJob@@6B@
-  - ??_7CWorkerThreadJobQueue@@6B@
-  - ??_7CWorkerThreadPool@@6B@
-  - ??_7CWorkerThreadPoolEx@@6B@
-  - ??_7IMemoryAllocator@@6B@
-  - ??_FCContextList@@QAEXXZ
-  - ??_FCFile@@QAEXXZ
-  - ??_FCFileExtension@@QAEXXZ
-  - ??_FCModuleConfigList@@QAEXXZ
-  - ??_FCStrList@@QAEXXZ
-  - ??_FCSystemThread@@QAEXXZ
-  - ??_FCWorkerThread@@QAEXXZ
-  - ??_FCWorkerThreadJob@@QAEXXZ
-  - ??_FCWorkerThreadJobQueue@@QAEXXZ
-  - ??_U@YAPAXIPAVIMemoryAllocator@@PBDK@Z
-  - ??_V@YAXPAX@Z
-  - ?Acquire@CLockEvent@@QAEXXZ
-  - ?Add@CContextList@@QAEEPAVCContext@@@Z
-  - ?Add@CFileExtension@@QAEEPBGK@Z
-  - ?Add@CModuleConfigList@@QAEEPAVCModuleConfig@@@Z
-  - ?Add@CStrList@@QAEEPBG@Z
-  - ?AddNode@CLockList@@UAEEQAXE@Z
-  - ?AddNode@CNoLockList@@UAEEQAXE@Z
-  - ?Alloc@CMemoryAllocator@@UAEPAXKPBDK@Z
-  - ?Alloc@CMemoryPoolAllocator@@UAEPAXKPBDK@Z
-  - ?AllocBlock@CMemoryPoolAllocator@@IAEPAXK@Z
-  - ?AttachJobQueue@CWorkerThread@@QAEXPAVCWorkerThreadJobQueue@@@Z
-  - ?Cancel@CWorkerThreadJob@@QAEXXZ
-  - ?CheckNode@CLockList@@UAEHQAX@Z
-  - ?CheckNode@CNoLockList@@UAEHQAX@Z
-  - ?CleanQueue@CWorkerThreadJobQueue@@QAEXXZ
-  - ?Cleanup@CBlobConfig@@AAEXXZ
-  - ?Cleanup@CModuleFileExtConfig@@IAEXXZ
-  - ?Cleanup@CModuleMultiStringConfig@@IAEXXZ
-  - ?Cleanup@CModuleStringConfig@@AAEXXZ
-  - ?Close@CFile@@QAEJXZ
-  - ?Count@CLockList@@QAEKXZ
-  - ?Count@CNoLockList@@QAEKXZ
-  - ?Create@CFile@@QAEJPBGKKKK@Z
-  - ?Create@CSystemThread@@QAEEXZ
-  - ?CreateInstance@CMemoryAllocator@@SGPAV1@W4_POOL_TYPE@@K@Z
-  - ?CreateInstance@CMemoryPoolAllocator@@SGPAV1@W4_POOL_TYPE@@KKK@Z
-  - ?CreatePool@CWorkerThreadPool@@QAEEXZ
-  - ?CreatePool@CWorkerThreadPoolEx@@QAEEXZ
-  - ?CreateThreads@CWorkerThreadPool@@QAEEK@Z
-  - ?CreateThreads@CWorkerThreadPoolEx@@QAEEK@Z
-  - ?CreateWIRP@CFile@@QAEJPBGKKKK@Z
-  - ?Delete@CFile@@QAEJXZ
-  - ?Delete@CFileExtension@@QAEEPBGK@Z
-  - ?Delete@CStrList@@QAEEPBG@Z
-  - ?DeleteAll@CList@@UAEXXZ
-  - ?DeleteAll@CLockList@@UAEXXZ
-  - ?DeleteAll@CNoLockList@@UAEXXZ
-  - ?DeleteNode@CContextList@@MAEXPAX@Z
-  - ?DeleteNode@CList@@UAEXPAX@Z
-  - ?DeleteNode@CModuleConfigList@@MAEXPAX@Z
-  - ?DeleteNode@CStrList@@EAEXPAU_STR_LIST_NODE@1@@Z
-  - ?DisableWriteProtectFromCR0@@YGXPAPAX@Z
-  - ?DoIt@CWorkerThreadJob@@QAEJXZ
-  - ?EntryPoint@CSystemThread@@KGXPAX@Z
-  - ?Find@CContextList@@QAEPAVCContext@@K@Z
-  - ?Find@CContextList@@QAEPAVCContext@@PAX@Z
-  - ?Find@CFileExtension@@QAEPAU_STR_LIST_NODE@CStrList@@PBGK@Z
-  - ?Find@CModuleConfigList@@QAEPAVCModuleConfig@@K@Z
-  - ?Find@CStrList@@QAEPAU_STR_LIST_NODE@1@PBG@Z
-  - ?FindNode@CContextList@@IAEPAXPAX@Z
-  - ?FindPartiallyAndAllMatch@CStrList@@QAEPAU_STR_LIST_NODE@1@PBG@Z
-  - ?FinishFunction@CUserFuncAdapterJob@@MAEXXZ
-  - ?FinishIt@CWorkerThreadJob@@QAEJXZ
-  - ?First@CList@@UAEPAXXZ
-  - ?First@CLockList@@UAEPAXXZ
-  - ?First@CNoLockList@@UAEPAXXZ
-  - ?Free@CMemoryAllocator@@UAEXPAX@Z
-  - ?Free@CMemoryPoolAllocator@@UAEXPAX@Z
-  - ?GetAttributes@CFile@@QAEKXZ
-  - ?GetBasicInfomration@CFile@@IAEJXZ
-  - ?GetBlobCofig@CContext@@UAEJKPAXPAK@Z
-  - ?GetCategory@CContext@@QAEKXZ
-  - ?GetData@CBlobConfig@@QAEHPAXPAK@Z
-  - ?GetData@CModuleFileExtConfig@@QAEHPAGPAK@Z
-  - ?GetData@CModuleFileExtConfig@@QAEPAVCFileExtension@@XZ
-  - ?GetData@CModuleFlagConfig@@QAEKXZ
-  - ?GetData@CModuleMultiStringConfig@@QAEHPAGPAK@Z
-  - ?GetData@CModuleMultiStringConfig@@QAEPAVCStrList@@XZ
-  - ?GetData@CModuleStringConfig@@QAEPAGXZ
-  - ?GetData@CStrList@@QAEEPAGPAK@Z
-  - ?GetDataType@CModuleConfig@@QAEKXZ
-  - ?GetEngineContext@CContext@@QAEPAXXZ
-  - ?GetFileExtensionConfig@CContext@@QAEPAVCFileExtension@@K@Z
-  - ?GetFileExtensionConfig@CContext@@UAEJKPAGPAK@Z
-  - ?GetFileSize@CFile@@QAEJPAT_LARGE_INTEGER@@@Z
-  - ?GetFileSizeWIRP@CFile@@QAEJPAT_LARGE_INTEGER@@@Z
-  - ?GetFlagConfig@CContext@@UAEJKPAK@Z
-  - ?GetID@CModuleConfig@@QAEKXZ
-  - ?GetJob@CWorkerThreadJobQueue@@QAEPAVCWorkerThreadJob@@XZ
-  - ?GetLength@CModuleStringConfig@@QAEKXZ
-  - ?GetLinkContext@CContext@@QAEPAXXZ
-  - ?GetLogFlag@CDebugLog@@QAEKXZ
-  - ?GetLogFlag@CDebugLogEx@@QAEKXZ
-  - ?GetModuleId@CModuleConfig@@QAEKXZ
-  - ?GetMultiStringConfig@CContext@@QAEPAVCStrList@@K@Z
-  - ?GetMultiStringConfig@CContext@@UAEJKPAGPAK@Z
-  - ?GetOneThreadTEB@CWorkerThreadPool@@QAEPAU_ETHREAD@@XZ
-  - ?GetOneThreadTEB@CWorkerThreadPool@@QAEPAU_KTHREAD@@XZ
-  - ?GetOneThreadTEB@CWorkerThreadPoolEx@@QAEPAU_ETHREAD@@XZ
-  - ?GetOneThreadTEB@CWorkerThreadPoolEx@@QAEPAU_KTHREAD@@XZ
-  - ?GetReportCallBackRoutine@CContext@@QAEKXZ
-  - ?GetSize@CBlobConfig@@QAEKXZ
-  - ?GetStringConfig@CContext@@QAEPAGK@Z
-  - ?GetStringConfig@CContext@@UAEJKPAGPAK@Z
-  - ?GetThreadCount@CWorkerThreadPool@@QAEKXZ
-  - ?GetThreadCount@CWorkerThreadPoolEx@@QAEKXZ
-  - ?GetThreadID@CSystemThread@@QAEKXZ
-  - ?GetType@CContext@@QAEKXZ
-  - ?GetUserParameter@CContext@@QAEKXZ
-  - ?InitProcMon@CDebugLogEx@@IAEXXZ
-  - ?InitializeBlobConfig@CContext@@QAEHKPAXK@Z
-  - ?InitializeFileExtensionConfig@CContext@@QAEHKPBG@Z
-  - ?InitializeFlagConfig@CContext@@QAEHKK@Z
-  - ?InitializeMultiStringConfig@CContext@@QAEHKPBG@Z
-  - ?InitializeStringConfig@CContext@@QAEHKPBG@Z
-  - ?Insert@CList@@UAEXQAXE@Z
-  - ?Insert@CLockList@@UAEXQAXE@Z
-  - ?Insert@CNoLockList@@UAEXQAXE@Z
-  - ?InsertAfter@CList@@UAEXPAX0@Z
-  - ?InsertBefore@CList@@UAEXPAX0@Z
-  - ?Instance@CWorkerThreadPool@@SGPAV1@XZ
-  - ?IsEmpty@CList@@UAEEXZ
-  - ?IsEmpty@CLockList@@UAEEXZ
-  - ?IsEmpty@CNoLockList@@UAEEXZ
-  - ?IsExceedLimitation@CMemoryPoolAllocator@@IAEEK@Z
-  - ?IsFull@CLockList@@QBEEXZ
-  - ?IsFull@CNoLockList@@QBEEXZ
-  - ?IsInExclusionList@CExclusionExtConfig@@QAEEPBG@Z
-  - ?IsInExclusionList@CExclusionFileNameConfig@@QAEEPBG@Z
-  - ?IsInExclusionList@CExclusionFilePathConfig@@QAEEPBG@Z
-  - ?IsInExclusionList@CExclusionFolderConfig@@QAEEPBG@Z
-  - ?IsInExclusionList@CExclusionRegistryConfig@@QAEEPBG@Z
-  - ?IsInInclusionList@CInclusionExtConfig@@QAEEPBG@Z
-  - ?IsInInclusionList@CInclusionFileNameConfig@@QAEEPBG@Z
-  - ?IsInInclusionList@CInclusionFilePathConfig@@QAEEPBG@Z
-  - ?IsInInclusionList@CInclusionFolderConfig@@QAEEPBG@Z
-  - ?IsOpened@CFile@@QAEEXZ
-  - ?IsTerminated@CWorkerThreadPool@@QAEEXZ
-  - ?IsTerminated@CWorkerThreadPoolEx@@QAEEXZ
-  - ?IsValid@CMemoryAllocator@@UAEEXZ
-  - ?IsValid@CMemoryPoolAllocator@@UAEEXZ
-  - ?IsValid@IMemoryAllocator@@UAEEXZ
-  - ?IsWorkerThread@CWorkerThreadPool@@QAEEK@Z
-  - ?IsWorkerThread@CWorkerThreadPoolEx@@QAEEK@Z
-  - ?JobFunction@CUserFuncAdapterJob@@MAEXXZ
-  - ?JobQueue@CWorkerThreadPool@@QAEAAVCWorkerThreadJobQueue@@XZ
-  - ?JobQueue@CWorkerThreadPoolEx@@QAEAAVCWorkerThreadJobQueue@@XZ
-  - ?Limit@CLockList@@QAEKXZ
-  - ?Limit@CNoLockList@@QAEKXZ
-  - ?MatchAllExtensions@CFileExtension@@QAEEXZ
-  - ?MatchNoExtensions@CFileExtension@@QAEEXZ
-  - ?MergeLeft@CMemoryPoolAllocator@@IAEPAXPAX@Z
-  - ?MergeRight@CMemoryPoolAllocator@@IAEPAXPAX@Z
-  - ?NeedDelete@CWorkerThreadJob@@QAEEXZ
-  - ?NeedDeleteWhenFinish@CWorkerThreadJob@@QAEXE@Z
-  - ?NewNode@CList@@UAEPAXXZ
-  - ?NewNode@CStrList@@EAEPAXXZ
-  - ?NewNodeVariant@CList@@IAEPAXK@Z
-  - ?Next@CList@@UBEPAXQAX@Z
-  - ?Next@CLockList@@UBEPAXQAX@Z
-  - ?Next@CNoLockList@@UBEPAXQAX@Z
-  - ?NextPool@CMemoryPoolAllocator@@QAEPAV1@XZ
-  - ?NotityTerminate@CWorkerThread@@QAEXXZ
-  - ?PostJobToWorkerThread@CWorkerThreadPool@@QAEJP6GXPAX@Z0E@Z
-  - ?PostJobToWorkerThread@CWorkerThreadPoolEx@@QAEJP6GXPAX@Z0E1@Z
-  - ?Pulse@CKEvent@@QAEJJE@Z
-  - ?QueueJob@CWorkerThreadJobQueue@@QAEEPAVCWorkerThreadJob@@@Z
-  - ?QueueJobItem@CWorkerThreadPool@@QAEJPAVCWorkerThreadJob@@@Z
-  - ?QueueJobItem@CWorkerThreadPoolEx@@QAEJPAVCWorkerThreadJob@@@Z
-  - ?RCMInstance@CWorkerThreadPool@@SGPAV1@XZ
-  - ?Read@CFile@@QAEJPADKPAK@Z
-  - ?ReadWIRP@CFile@@QAEJPADKPAK@Z
-  - ?ReferenceCount@CContext@@QAEAAKXZ
-  - ?Release@CLockEvent@@QAEXXZ
-  - ?Remove@CContextList@@UAEEQAX@Z
-  - ?Remove@CList@@UAEEQAX@Z
-  - ?Remove@CLockList@@UAEEQAX@Z
-  - ?Remove@CNoLockList@@UAEEQAX@Z
-  - ?RemoveHead@CList@@UAEPAXXZ
-  - ?RemoveHead@CLockList@@UAEPAXXZ
-  - ?RemoveHead@CNoLockList@@UAEPAXXZ
-  - ?RemoveTail@CList@@UAEPAXXZ
-  - ?RemoveTail@CLockList@@UAEPAXXZ
-  - ?RemoveTail@CNoLockList@@UAEPAXXZ
-  - ?Reset@CKEvent@@QAEXXZ
-  - ?ResetData@CInclusionExtConfig@@QAEXXZ
-  - ?ResetData@CInclusionFileNameConfig@@QAEXXZ
-  - ?ResetData@CInclusionFilePathConfig@@QAEXXZ
-  - ?ResetData@CInclusionFolderConfig@@QAEXXZ
-  - ?RestoreCR0@@YGXPAX@Z
-  - ?Run@CAutoUpdateConfigThread@@UAEXXZ
-  - ?Run@CDelayLoadThread@@UAEXXZ
-  - ?Run@CWorkerThread@@UAEXXZ
-  - ?SeekToEnd@CFile@@QAEJXZ
-  - ?Set@CKEvent@@QAEJJE@Z
-  - ?SetAttributes@CFile@@QAEJK@Z
-  - ?SetBlobCofig@CContext@@UAEJKPAXK@Z
-  - ?SetData@CBlobConfig@@QAEHPAXK@Z
-  - ?SetData@CModuleFileExtConfig@@QAEHPBG@Z
-  - ?SetData@CModuleFlagConfig@@QAEHK@Z
-  - ?SetData@CModuleMultiStringConfig@@QAEHPBGK@Z
-  - ?SetData@CModuleStringConfig@@QAEHPBG@Z
-  - ?SetEngineContext@CContext@@QAEXPAX@Z
-  - ?SetFileExtensionConfig@CContext@@UAEJKPBG@Z
-  - ?SetFlagConfig@CContext@@UAEJKK@Z
-  - ?SetLinkContext@CContext@@QAEXPAX@Z
-  - ?SetLogFlag@CDebugLog@@QAEEK@Z
-  - ?SetLogFlag@CDebugLogEx@@QAEEK@Z
-  - ?SetMatchAllExtensions@CFileExtension@@QAEXE@Z
-  - ?SetMatchNoExtensions@CFileExtension@@QAEXE@Z
-  - ?SetMultiStringConfig@CContext@@UAEJKPBG@Z
-  - ?SetNewJobItemEvent@CWorkerThreadJobQueue@@QAEXXZ
-  - ?SetPriority@CSystemThread@@QAEXK@Z
-  - ?SetStopUse@CContext@@QAEXXZ
-  - ?SetStringConfig@CContext@@UAEJKPBG@Z
-  - ?Setup@CSystemThread@@MAEXXZ
-  - ?StopUse@CContext@@QAEHXZ
-  - ?TearDown@CSystemThread@@MAEXXZ
-  - ?Terminate@CSystemThread@@QAEXE@Z
-  - ?Terminate@CWorkerThreadPool@@QAEEXZ
-  - ?Terminate@CWorkerThreadPoolEx@@QAEEXZ
-  - ?TmExceptionFilter@@YGJPAU_EXCEPTION_POINTERS@@@Z
-  - ?Wait@CKEvent@@QAEJPAT_LARGE_INTEGER@@E@Z
-  - ?WaitFinish@CWorkerThreadJob@@QAEXXZ
-  - ?WaitForInit@CDelayLoadThread@@QAEEXZ
-  - ?WaitForLoad@CDelayLoadThread@@QAEEXZ
-  - ?WaitNewJobAvailable@CWorkerThreadJobQueue@@QAEEXZ
-  - ?WaitQueueEmpty@CWorkerThreadJobQueue@@QAEXXZ
-  - ?Write@CDebugLog@@QAAXPBDZZ
-  - ?Write@CDebugLogEx@@QAAXPBDZZ
-  - ?Write@CFile@@QAEJPADKPAT_LARGE_INTEGER@@PAK@Z
-  - ?WriteDataToFile@CDebugLogEx@@IAEXPADK@Z
-  - ?WriteDataToProcMonW@CDebugLogEx@@IAEXPAD@Z
-  - ?WriteSystemInformation@CDebugLog@@QAEXXZ
-  - ?WriteSystemInformation@CDebugLogEx@@QAEXXZ
-  - ?WriteSystemStringInformation@CDebugLog@@IAEXPBG@Z
-  - ?WriteSystemStringInformation@CDebugLogEx@@IAEXPBG@Z
-  - ?WriteToFile@CDebugLog@@IAEXPADK@Z
-  - ?WriteToProcMonW@CDebugLogEx@@IAEXPAU_UNICODE_STRING@@@Z
-  - ?_pNonPagedAllocator@@3PAVCMemoryAllocator@@A
-  - ?_pPagedAllocator@@3PAVCMemoryAllocator@@A
-  - ?m_lpInstance@CWorkerThreadPool@@1PAV1@A
-  - ?m_lpRCMInstance@CWorkerThreadPool@@1PAV1@A
-  - _DeInitKm2UmCommunication@0
-  - _DeInitKmLPC@0
-  - _DuplicateFullFileName@4
-  - _FreeFullFileName@4
-  - _GetKm2UmMode@0
-  - _GetModuleInfoByAddress@8
-  - _GetModuleInfoByModuleName@8
-  - _InitKm2UmCommunication@8
-  - _InitKmLPC@0
-  - _IsVerifierCodeCheckFlagOn@0
-  - _IsWindows8_1_update@4
-  - _KmCallUm@8
-  - _KmCallUmByLPC@8
-  - _KmCallUmEx@12
-  - _KmCleanupCommPortAPIs@0
-  - _KmGetUmInitProcess@0
-  - _KmSetCommPortAPIs@4
-  - _ModGetExportProcAddress@8
-  - _ModLoadDLLToBuffer@4
-  - _ModLoadDLLToBufferWithImageSize@8
-  - _ModLoadModule@8
-  - _ModUnLoadModule@4
-  - _NormalizeFileName@4
-  - _NormalizeFullNtPathToDosName@4
-  - _TmCommConfigRoutine@4
-  - _UtilAddDeviceInDriveTable@4
-  - _UtilAddReparsePointMapping@8
-  - _UtilCleanFileReadOnly@4
-  - _UtilCloseExclusiveHandle@12
-  - _UtilCreateDosFileName@8
-  - _UtilDeleteFileForce@4
-  - _UtilGetDeviceObjectName@8
-  - _UtilGetFileNameFromFileObject@4
-  - _UtilGetFileObjectForProcessByEPROC@8
-  - _UtilGetFileObjectFromFileName@12
-  - _UtilGetProcessName@12
-  - _UtilGetSystemDirectory@4
-  - _UtilGetSystemDirectoryEx@0
-  - _UtilGetSystemDirectoryLength@0
-  - _UtilGetSystemTime@4
-  - _UtilIoSetFileInfo@24
-  - _UtilIopCreateFileIRP@40
-  - _UtilKeGetLowFileDevice@16
-  - _UtilModuleIATHook@24
-  - _UtilModuleIATUnHook@8
-  - _UtilPostJobToWorkerThread@12
-  - _UtilQueryExclusiveHandle@12
-  - _UtilQueryKeyValue@24
-  - _UtilRemoveDeviceFromDriveTable@4
-  - _UtilVolumeDeviceToDosName@8
-  - _UtilWaitValueChangeToZero@8
-  - _UtilWriteVersionToRegistry@8
-  - _UtilbuildDynamicDiskMappingTable@0
-  - _UtlWriteBinValueKeyToRegistry@16
-  - _ValidateAddressWithSize@20
-  - __ResetProtectFromClose@4
-  - __UtilDosPathNameToNtPathName@12
-  ImportedFunctions:
-  - wcsrchr
-  - KeSetEvent
-  - KePulseEvent
-  - KeClearEvent
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - ObfDereferenceObject
-  - ZwSetEvent
-  - ZwClose
-  - ZwConnectPort
-  - RtlInitUnicodeString
-  - RtlUnicodeStringToInteger
-  - ZwCreateSection
-  - ZwWaitForSingleObject
-  - ZwOpenEvent
-  - IoGetCurrentProcess
-  - ObfReferenceObject
-  - DbgBreakPoint
-  - ZwRequestWaitReplyPort
-  - ExFreePoolWithTag
-  - ProbeForWrite
-  - ZwFreeVirtualMemory
-  - ZwAllocateVirtualMemory
-  - ObOpenObjectByPointer
-  - PsProcessType
-  - memmove
-  - PsGetProcessExitTime
-  - MmSectionObjectType
-  - PsThreadType
-  - ObReleaseObjectSecurity
-  - SeReleaseSubjectContext
-  - SeAccessCheck
-  - SeCaptureSubjectContext
-  - ObGetObjectSecurity
-  - DbgPrint
-  - memset
-  - MmIsAddressValid
-  - ExInitializeResourceLite
-  - ExDeleteResourceLite
-  - ZwWriteFile
-  - ZwReadFile
-  - ZwQueryInformationFile
-  - ZwSetInformationFile
-  - ZwCreateFile
-  - swprintf
-  - towupper
-  - _wcsnicmp
-  - ExAllocatePoolWithTag
-  - KeInitializeEvent
-  - _snprintf
-  - PsGetCurrentProcessId
-  - RtlTimeToTimeFields
-  - ExSystemTimeToLocalTime
-  - KeQuerySystemTime
-  - PsGetCurrentThreadId
-  - RtlInitAnsiString
-  - ZwDeviceIoControlFile
-  - ZwCreateKey
-  - ZwCreateEvent
-  - KeWaitForMultipleObjects
-  - ObReferenceObjectByHandle
-  - ZwNotifyChangeKey
-  - _vsnprintf
-  - RtlFreeUnicodeString
-  - RtlAnsiStringToUnicodeString
-  - RtlEqualUnicodeString
-  - RtlAppendUnicodeStringToString
-  - RtlCopyUnicodeString
-  - RtlUpcaseUnicodeChar
-  - ExGetPreviousMode
-  - KeWaitForSingleObject
-  - KeSetPriorityThread
-  - PsTerminateSystemThread
-  - PsCreateSystemThread
-  - KeDelayExecutionThread
-  - KeNumberProcessors
-  - ZwQueryInformationProcess
-  - PsLookupProcessByProcessId
-  - ZwOpenDirectoryObject
-  - PsSetCreateProcessNotifyRoutine
-  - ZwQuerySystemInformation
-  - ZwQueryDirectoryFile
-  - ZwQueryDirectoryObject
-  - ZwOpenKey
-  - ZwEnumerateKey
-  - ZwEnumerateValueKey
-  - ZwQueryValueKey
-  - ZwDeleteValueKey
-  - ZwDeleteKey
-  - ZwTerminateProcess
-  - ZwOpenProcess
-  - ZwQueryKey
-  - ZwSetValueKey
-  - IoFileObjectType
-  - _allrem
-  - ZwQuerySecurityObject
-  - memcpy
-  - RtlLengthSecurityDescriptor
-  - MmHighestUserAddress
-  - IoFreeIrp
-  - IoFreeMdl
-  - _purecall
-  - IoBuildAsynchronousFsdRequest
-  - _strnicmp
-  - RtlQueryRegistryValues
-  - RtlAppendUnicodeToString
-  - mbstowcs
-  - ZwQuerySymbolicLinkObject
-  - ZwOpenSymbolicLinkObject
-  - NtClose
-  - ObQueryNameString
-  - MmGetSystemRoutineAddress
-  - ZwSetInformationObject
-  - _stricmp
-  - ZwUnmapViewOfSection
-  - ZwMapViewOfSection
-  - ZwOpenFile
-  - IoCreateFile
-  - IofCallDriver
-  - IoAllocateIrp
-  - MmBuildMdlForNonPagedPool
-  - IoAllocateMdl
-  - ProbeForRead
-  - PsGetVersion
-  - RtlImageNtHeader
-  - RtlCompareMemory
-  - RtlUpcaseUnicodeString
-  - _snwprintf
-  - MmSystemRangeStart
-  - wcsncmp
-  - strrchr
-  - ZwQueryVolumeInformationFile
-  - ObReferenceObjectByPointer
-  - IoBuildDeviceIoControlRequest
-  - ZwOpenSection
-  - _allmul
-  - KeReleaseSemaphore
-  - RtlLengthRequiredSid
-  - RtlInitializeSid
-  - RtlSubAuthoritySid
-  - RtlSetDaclSecurityDescriptor
-  - RtlCreateSecurityDescriptor
-  - RtlAddAccessAllowedAce
-  - RtlCreateAcl
-  - KeInitializeSemaphore
-  - IofCompleteRequest
-  - ExEventObjectType
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - IoCreateSymbolicLink
-  - IoGetDeviceObjectPointer
-  - RtlUpperChar
-  - ObReferenceObjectByName
-  - IoDriverObjectType
-  - RtlCompareUnicodeString
-  - strncpy
-  - KeServiceDescriptorTable
-  - NtOpenProcess
-  - ObOpenObjectByName
-  - NtQueryInformationProcess
-  - PsIsThreadTerminating
-  - KeAddSystemServiceTable
-  - ZwFsControlFile
-  - ObInsertObject
-  - IoReleaseVpbSpinLock
-  - IoAcquireVpbSpinLock
-  - SeCreateAccessState
-  - IoGetFileObjectGenericMapping
-  - ObCreateObject
-  - _allshr
-  - ExInterlockedPopEntrySList
-  - IoGetStackLimits
-  - IoBuildSynchronousFsdRequest
-  - wcsstr
-  - IoUnregisterPlugPlayNotification
-  - FsRtlIsNameInExpression
-  - IoGetConfigurationInformation
-  - MmProbeAndLockPages
-  - IoGetDeviceInterfaces
-  - IoRegisterPlugPlayNotification
-  - ExAllocatePool
-  - RtlFreeAnsiString
-  - RtlUnicodeStringToAnsiString
-  - strncat
-  - wcschr
-  - wcsncat
-  - wcstombs
-  - KeTickCount
-  - KeBugCheckEx
-  - RtlUnwind
-  - wcsncpy
-  - ExReleaseResourceLite
-  - ExAcquireResourceExclusiveLite
-  - ExAcquireResourceSharedLite
-  - ExReleaseFastMutexUnsafe
-  - KeLeaveCriticalRegion
-  - KeEnterCriticalRegion
-  - ZwSetSecurityObject
-  - ExAcquireFastMutexUnsafe
-  - IoDeviceObjectType
-  - IoCreateDevice
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetSaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - SeExports
-  - IoIsWdmVersionAvailable
-  - RtlLengthSid
-  - RtlAbsoluteToSelfRelativeSD
-  - MmUnlockPages
-  - KeGetCurrentThread
-  - KfAcquireSpinLock
-  - KfReleaseSpinLock
-  - KeRaiseIrqlToDpcLevel
-  - KfLowerIrql
-  - ExAcquireFastMutex
-  - ExReleaseFastMutex
-  - KeGetCurrentIrql
-  - KfRaiseIrql
-  - ClassInitialize
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO
-        SHA,1 Time Stamping Signer
-      ValidFrom: '2015-12-31 00:00:00'
-      ValidTo: '2019-07-09 18:40:36'
-      Signature: ba332440408c7cdb589fb36098b2f5c031feeb1f6e50f60ae0e4e681ad2687a2dffdb3daf473f300fb291b891b153edb6b52932bc4ac3981d73c67579a3936e028089ae3394f9b89097f7bc5617f598932250a6aae1a3ef0a227a8b6c3b887f7160448413d5cd8ec9f4d203104d965a1edcd690753163ddd36020a88eb40e506300bb8164bdcefbc5509ffc63e122e76b3dcce42eff97657e1b70a054098589a5d711693718c6581ea6ff389f7fb73adb4e7bfd98e6faa0b4f25f3b8e1d5dd75986881f8aac0d180c2c4c43989c1f6c99e6cd774f9d997f84fc29a0acd5e8ff819e9e0a59fc4f09221e62d7925c922f9c3f03a8457ad3a16f46394101d5dd0c6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1688f039255e638e69143907e6330b
-      Version: 3
-      TBS:
-        MD5: 0179e8ddeebaf8998fec419d65cdf13d
-        SHA1: 34c724c3369f2da8c25b591808962f66f10bde28
-        SHA256: 35b0bac11602847aaab65fb35199d3c8976cde3ccf7e061b130177c712cbd92f
-        SHA384: 85f2e758b5480eb225ae42777ed339de71da458c1d40677c0fb6ef8e560e42764a577335e4839b5342061c31ee837b6e
-    - Subject: C=TW, ST=Taiwan, L=Taipei, O=Trend Micro, Inc., CN=Trend Micro, Inc.
-      ValidFrom: '2016-03-29 00:00:00'
-      ValidTo: '2017-06-28 23:59:59'
-      Signature: 27351697f046d1d43fe306dff30b83e7a404e3e6431c1e06829c558d99eb3f21776021e3e1bd4e485aba08b89bb0972f23daa471d7b432a44a591270f9a838f13dbda32ee936c0df792cff8c493e1f27b2282b3d896ae7b4155ca1a50bf7111f3f4bbbe11f17cfe5d49c0589c210966ef7e567153e802d2e783ff498c59585598d9d3e93273d1e81c07ce85c0cfb24834d448c3930120f1686bd472d916ac8f9475acfdb27be8528311f668d71dfc132a0ff62df7baa575a0cc732b3de003beca214954d4d97cf9511b9329eccbb7b716675b31e543a43570080dffce3fc8ca8fbb17d954b9678e2d0c1e1710a5cf03952a687fede59dcba3bf98900f9934f12
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 774d49c5649436de6bf3190a67eedcdf
-      Version: 3
-      TBS:
-        MD5: b3ca7d6b821d8e3432b29874980af55e
-        SHA1: 618d7e55a24c1d8b65a0bcce79120c5e3b13fa4d
-        SHA256: c645c6a7dc7243a4a3f78a6569c029401a7bda8bc4732ce7198d9f21f19b12fa
-        SHA384: a215ae468847498103234ed023774ba72f8d35f82f2fef5ca8521f020e7ea9c1f2df2a312743bff5fa65747b0760ec59
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 774d49c5649436de6bf3190a67eedcdf
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 5b33b237bab6e0b50320054616983177
-    SHA1: 754c63349a54279bb01f24974f9faf6da8294d27
-    SHA256: 001d9e469d2c4160f8fbff1c0aee013e72881cffb568910a2c1473a17bf858b2
-  Sections:
-    .text:
-      Entropy: 6.67281466246844
-      Virtual Size: '0x38a9a'
-    .rdata:
-      Entropy: 4.975276040199546
-      Virtual Size: '0x249c'
-    .data:
-      Entropy: 4.1443020667665955
-      Virtual Size: '0x33c0'
-    PAGE:
-      Entropy: 6.286415053446689
-      Virtual Size: '0x13dd'
-    .edata:
-      Entropy: 5.8231443718271825
-      Virtual Size: '0x55d9'
-    INIT:
-      Entropy: 5.688321491488638
-      Virtual Size: '0x1676'
-    .rsrc:
-      Entropy: 3.4184273855348146
-      Virtual Size: '0x758'
-    .reloc:
-      Entropy: 6.578935622303867
-      Virtual Size: '0x35d6'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2016-08-04 03:27:03'
-  Imphash: 383be1d728b0be96be1b810a131705ee
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: TmComm.sys
-  MD5: 85e606523ce390f7fcd8370d5f4b812a
-  SHA1: 55c64235d223baeb8577a2445fdaa6bedcde23db
-  SHA256: 385485e643aa611e97ceae6590c6a8c47155886123dbb9de1e704d0d1624d039
-  Authentihash:
-    MD5: 438eb42132c6fb062033d6effb62813c
-    SHA1: e6c39b401e841e2351a9daa07b85abf679636f89
-    SHA256: 3ed3d54fb8222d861785f0d7e71d6223278fbf4d0baa335a54813087d7c3674e
-  Description: TrendMicro Common Module
-  Company: Trend Micro Inc.
-  InternalName: TmComm.sys
-  OriginalFilename: TmComm.sys
-  FileVersion: 7.30.0.1065
-  Product: Trend Micro Eyes
-  ProductVersion: '7.30'
-  Copyright: Copyright  (C)  2017 Trend Micro Incorporated. All rights reserved.
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions:
-  - ??0CAutoUpdateConfigThread@@QEAA@AEBV0@@Z
-  - ??0CAutoUpdateConfigThread@@QEAA@PEAU_UNICODE_STRING@@P6AX0PEAX@Z1@Z
-  - ??0CBlobConfig@@QEAA@AEBV0@@Z
-  - ??0CBlobConfig@@QEAA@K@Z
-  - ??0CContext@@QEAA@AEBV0@@Z
-  - ??0CContext@@QEAA@KP6AJPEAU_EVENT_REPORT@@PEAXPEAU_TMCE_REPORT@@PEAU_TMCE_FEEDBACK@@@Z1K@Z
-  - ??0CContextList@@QEAA@AEBV0@@Z
-  - ??0CContextList@@QEAA@KPEAVIMemoryAllocator@@@Z
-  - ??0CDebugLog@@QEAA@AEBV0@@Z
-  - ??0CDebugLog@@QEAA@PEBG@Z
-  - ??0CDebugLogEx@@QEAA@AEBV0@@Z
-  - ??0CDebugLogEx@@QEAA@K@Z
-  - ??0CDelayLoadThread@@QEAA@AEBV0@@Z
-  - ??0CDelayLoadThread@@QEAA@XZ
-  - ??0CExclusionExtConfig@@QEAA@AEBV0@@Z
-  - ??0CExclusionExtConfig@@QEAA@KKE@Z
-  - ??0CExclusionFileNameConfig@@QEAA@AEBV0@@Z
-  - ??0CExclusionFileNameConfig@@QEAA@KK@Z
-  - ??0CExclusionFilePathConfig@@QEAA@AEBV0@@Z
-  - ??0CExclusionFilePathConfig@@QEAA@KK@Z
-  - ??0CExclusionFolderConfig@@QEAA@AEBV0@@Z
-  - ??0CExclusionFolderConfig@@QEAA@KK@Z
-  - ??0CExclusionRegistryConfig@@QEAA@AEBV0@@Z
-  - ??0CExclusionRegistryConfig@@QEAA@KK@Z
-  - ??0CFile@@QEAA@AEBV0@@Z
-  - ??0CFile@@QEAA@E@Z
-  - ??0CFileExtension@@QEAA@AEBV0@@Z
-  - ??0CFileExtension@@QEAA@KEEPEAVIMemoryAllocator@@@Z
-  - ??0CInclusionExtConfig@@QEAA@AEBV0@@Z
-  - ??0CInclusionExtConfig@@QEAA@KKE@Z
-  - ??0CInclusionFileNameConfig@@QEAA@AEBV0@@Z
-  - ??0CInclusionFileNameConfig@@QEAA@KK@Z
-  - ??0CInclusionFilePathConfig@@QEAA@AEBV0@@Z
-  - ??0CInclusionFilePathConfig@@QEAA@KK@Z
-  - ??0CInclusionFolderConfig@@QEAA@AEBV0@@Z
-  - ??0CInclusionFolderConfig@@QEAA@KK@Z
-  - ??0CKEvent@@QEAA@AEBV0@@Z
-  - ??0CKEvent@@QEAA@W4_EVENT_TYPE@@E@Z
-  - ??0CList@@QEAA@AEBV0@@Z
-  - ??0CList@@QEAA@KPEAVIMemoryAllocator@@@Z
-  - ??0CLockEvent@@QEAA@AEBV0@@Z
-  - ??0CLockEvent@@QEAA@XZ
-  - ??0CLockList@@QEAA@AEBV0@@Z
-  - ??0CLockList@@QEAA@KKPEAVIMemoryAllocator@@@Z
-  - ??0CMemoryAllocator@@IEAA@W4_POOL_TYPE@@K@Z
-  - ??0CMemoryAllocator@@QEAA@AEBV0@@Z
-  - ??0CMemoryPoolAllocator@@IEAA@W4_POOL_TYPE@@_K1K@Z
-  - ??0CMemoryPoolAllocator@@QEAA@AEBV0@@Z
-  - ??0CModuleConfig@@QEAA@AEBV0@@Z
-  - ??0CModuleConfig@@QEAA@XZ
-  - ??0CModuleConfigList@@QEAA@AEBV0@@Z
-  - ??0CModuleConfigList@@QEAA@KPEAVIMemoryAllocator@@@Z
-  - ??0CModuleFileExtConfig@@QEAA@AEBV0@@Z
-  - ??0CModuleFileExtConfig@@QEAA@KKE@Z
-  - ??0CModuleFlagConfig@@QEAA@AEBV0@@Z
-  - ??0CModuleFlagConfig@@QEAA@K@Z
-  - ??0CModuleMultiStringConfig@@QEAA@AEBV0@@Z
-  - ??0CModuleMultiStringConfig@@QEAA@KK@Z
-  - ??0CModuleStringConfig@@QEAA@AEBV0@@Z
-  - ??0CModuleStringConfig@@QEAA@K@Z
-  - ??0CNoLockList@@QEAA@AEBV0@@Z
-  - ??0CNoLockList@@QEAA@KKPEAVIMemoryAllocator@@@Z
-  - ??0CSmartLock@@QEAA@AEAVCLockEvent@@@Z
-  - ??0CSmartLock@@QEAA@XZ
-  - ??0CSmartReference@@QEAA@AEAJ@Z
-  - ??0CSmartReference@@QEAA@AEAK@Z
-  - ??0CSmartResource@@QEAA@AEAVCResource@@E@Z
-  - ??0CStrList@@QEAA@AEBV0@@Z
-  - ??0CStrList@@QEAA@KPEAVIMemoryAllocator@@@Z
-  - ??0CSystemThread@@QEAA@AEBV0@@Z
-  - ??0CSystemThread@@QEAA@K@Z
-  - ??0CUserFuncAdapterJob@@QEAA@AEBV0@@Z
-  - ??0CUserFuncAdapterJob@@QEAA@P6AXPEAX@Z01@Z
-  - ??0CWorkerThread@@IEAA@PEAVCWorkerThreadJobQueue@@@Z
-  - ??0CWorkerThread@@QEAA@AEBV0@@Z
-  - ??0CWorkerThreadJob@@QEAA@AEBV0@@Z
-  - ??0CWorkerThreadJob@@QEAA@E@Z
-  - ??0CWorkerThreadJobQueue@@QEAA@AEBV0@@Z
-  - ??0CWorkerThreadJobQueue@@QEAA@K@Z
-  - ??0CWorkerThreadPool@@QEAA@AEBV0@@Z
-  - ??0CWorkerThreadPool@@QEAA@K@Z
-  - ??0CWorkerThreadPoolEx@@QEAA@AEBV0@@Z
-  - ??0CWorkerThreadPoolEx@@QEAA@KK@Z
-  - ??0IMemoryAllocator@@QEAA@AEBV0@@Z
-  - ??0IMemoryAllocator@@QEAA@XZ
-  - ??1CAutoUpdateConfigThread@@UEAA@XZ
-  - ??1CBlobConfig@@UEAA@XZ
-  - ??1CContext@@UEAA@XZ
-  - ??1CContextList@@UEAA@XZ
-  - ??1CDebugLog@@UEAA@XZ
-  - ??1CDebugLogEx@@UEAA@XZ
-  - ??1CDelayLoadThread@@UEAA@XZ
-  - ??1CExclusionExtConfig@@UEAA@XZ
-  - ??1CExclusionFileNameConfig@@UEAA@XZ
-  - ??1CExclusionFilePathConfig@@UEAA@XZ
-  - ??1CExclusionFolderConfig@@UEAA@XZ
-  - ??1CExclusionRegistryConfig@@UEAA@XZ
-  - ??1CFile@@UEAA@XZ
-  - ??1CFileExtension@@UEAA@XZ
-  - ??1CInclusionExtConfig@@UEAA@XZ
-  - ??1CInclusionFileNameConfig@@UEAA@XZ
-  - ??1CInclusionFilePathConfig@@UEAA@XZ
-  - ??1CInclusionFolderConfig@@UEAA@XZ
-  - ??1CKEvent@@UEAA@XZ
-  - ??1CList@@UEAA@XZ
-  - ??1CLockEvent@@UEAA@XZ
-  - ??1CLockList@@UEAA@XZ
-  - ??1CMemoryAllocator@@UEAA@XZ
-  - ??1CMemoryPoolAllocator@@UEAA@XZ
-  - ??1CModuleConfig@@UEAA@XZ
-  - ??1CModuleConfigList@@UEAA@XZ
-  - ??1CModuleFileExtConfig@@UEAA@XZ
-  - ??1CModuleFlagConfig@@UEAA@XZ
-  - ??1CModuleMultiStringConfig@@UEAA@XZ
-  - ??1CModuleStringConfig@@UEAA@XZ
-  - ??1CNoLockList@@UEAA@XZ
-  - ??1CSmartLock@@QEAA@XZ
-  - ??1CSmartReference@@QEAA@XZ
-  - ??1CSmartResource@@QEAA@XZ
-  - ??1CStrList@@UEAA@XZ
-  - ??1CSystemThread@@UEAA@XZ
-  - ??1CUserFuncAdapterJob@@UEAA@XZ
-  - ??1CWorkerThread@@UEAA@XZ
-  - ??1CWorkerThreadJob@@UEAA@XZ
-  - ??1CWorkerThreadJobQueue@@UEAA@XZ
-  - ??1CWorkerThreadPool@@UEAA@XZ
-  - ??1CWorkerThreadPoolEx@@UEAA@XZ
-  - ??1IMemoryAllocator@@UEAA@XZ
-  - ??2@YAPEAX_KPEAVIMemoryAllocator@@PEBDK@Z
-  - ??2CMemoryAllocator@@SAPEAX_K@Z
-  - ??2CMemoryPoolAllocator@@SAPEAX_K@Z
-  - ??3@YAXPEAX@Z
-  - ??3@YAXPEAX_K@Z
-  - ??3IMemoryAllocator@@SAXPEAX@Z
-  - ??4CAutoUpdateConfigThread@@QEAAAEAV0@AEBV0@@Z
-  - ??4CBlobConfig@@QEAAAEAV0@AEBV0@@Z
-  - ??4CContext@@QEAAAEAV0@AEBV0@@Z
-  - ??4CDebugLog@@QEAAAEAV0@AEBV0@@Z
-  - ??4CDebugLogEx@@QEAAAEAV0@AEBV0@@Z
-  - ??4CDelayLoadThread@@QEAAAEAV0@AEBV0@@Z
-  - ??4CFile@@QEAAAEAV0@AEBV0@@Z
-  - ??4CKEvent@@QEAAAEAV0@AEBV0@@Z
-  - ??4CLockEvent@@QEAAAEAV0@AEBV0@@Z
-  - ??4CMemoryAllocator@@QEAAAEAV0@AEBV0@@Z
-  - ??4CMemoryPoolAllocator@@QEAAAEAV0@AEBV0@@Z
-  - ??4CModuleConfig@@QEAAAEAV0@AEBV0@@Z
-  - ??4CModuleFlagConfig@@QEAAAEAV0@AEBV0@@Z
-  - ??4CModuleStringConfig@@QEAAAEAV0@AEBV0@@Z
-  - ??4CSmartLock@@QEAAAEAV0@AEBV0@@Z
-  - ??4CSmartLock@@QEAAAEBV0@AEAVCLockEvent@@@Z
-  - ??4CSmartResource@@QEAAAEAV0@AEBV0@@Z
-  - ??4CSystemThread@@QEAAAEAV0@AEBV0@@Z
-  - ??4CUserFuncAdapterJob@@QEAAAEAV0@AEBV0@@Z
-  - ??4CWorkerThread@@QEAAAEAV0@AEBV0@@Z
-  - ??4CWorkerThreadJob@@QEAAAEAV0@AEBV0@@Z
-  - ??4IMemoryAllocator@@QEAAAEAV0@AEBV0@@Z
-  - ??_7CAutoUpdateConfigThread@@6B@
-  - ??_7CBlobConfig@@6B@
-  - ??_7CContext@@6B@
-  - ??_7CContextList@@6B@
-  - ??_7CDebugLog@@6B@
-  - ??_7CDebugLogEx@@6B@
-  - ??_7CDelayLoadThread@@6B@
-  - ??_7CExclusionExtConfig@@6B@
-  - ??_7CExclusionFileNameConfig@@6B@
-  - ??_7CExclusionFilePathConfig@@6B@
-  - ??_7CExclusionFolderConfig@@6B@
-  - ??_7CExclusionRegistryConfig@@6B@
-  - ??_7CFile@@6B@
-  - ??_7CFileExtension@@6B@
-  - ??_7CInclusionExtConfig@@6B@
-  - ??_7CInclusionFileNameConfig@@6B@
-  - ??_7CInclusionFilePathConfig@@6B@
-  - ??_7CInclusionFolderConfig@@6B@
-  - ??_7CKEvent@@6B@
-  - ??_7CList@@6B@
-  - ??_7CLockEvent@@6B@
-  - ??_7CLockList@@6B@
-  - ??_7CMemoryAllocator@@6B@
-  - ??_7CMemoryPoolAllocator@@6B@
-  - ??_7CModuleConfig@@6B@
-  - ??_7CModuleConfigList@@6B@
-  - ??_7CModuleFileExtConfig@@6B@
-  - ??_7CModuleFlagConfig@@6B@
-  - ??_7CModuleMultiStringConfig@@6B@
-  - ??_7CModuleStringConfig@@6B@
-  - ??_7CNoLockList@@6B@
-  - ??_7CStrList@@6B@
-  - ??_7CSystemThread@@6B@
-  - ??_7CUserFuncAdapterJob@@6B@
-  - ??_7CWorkerThread@@6B@
-  - ??_7CWorkerThreadJob@@6B@
-  - ??_7CWorkerThreadJobQueue@@6B@
-  - ??_7CWorkerThreadPool@@6B@
-  - ??_7CWorkerThreadPoolEx@@6B@
-  - ??_7IMemoryAllocator@@6B@
-  - ??_FCContextList@@QEAAXXZ
-  - ??_FCFile@@QEAAXXZ
-  - ??_FCFileExtension@@QEAAXXZ
-  - ??_FCModuleConfigList@@QEAAXXZ
-  - ??_FCStrList@@QEAAXXZ
-  - ??_FCSystemThread@@QEAAXXZ
-  - ??_FCWorkerThread@@QEAAXXZ
-  - ??_FCWorkerThreadJob@@QEAAXXZ
-  - ??_FCWorkerThreadJobQueue@@QEAAXXZ
-  - ??_U@YAPEAX_KPEAVIMemoryAllocator@@PEBDK@Z
-  - ??_V@YAXPEAX@Z
-  - ??_V@YAXPEAX_K@Z
-  - ?Acquire@CLockEvent@@QEAAXXZ
-  - ?Add@CContextList@@QEAAEPEAVCContext@@@Z
-  - ?Add@CFileExtension@@QEAAEPEBGK@Z
-  - ?Add@CModuleConfigList@@QEAAEPEAVCModuleConfig@@@Z
-  - ?Add@CStrList@@QEAAEPEBG@Z
-  - ?AddNode@CLockList@@UEAAEQEAXE@Z
-  - ?AddNode@CNoLockList@@UEAAEQEAXE@Z
-  - ?Alloc@CMemoryAllocator@@UEAAPEAX_KPEBDK@Z
-  - ?Alloc@CMemoryPoolAllocator@@UEAAPEAX_KPEBDK@Z
-  - ?AllocBlock@CMemoryPoolAllocator@@IEAAPEAX_K@Z
-  - ?AttachJobQueue@CWorkerThread@@QEAAXPEAVCWorkerThreadJobQueue@@@Z
-  - ?Cancel@CWorkerThreadJob@@QEAAXXZ
-  - ?CheckNode@CLockList@@UEAAHQEAX@Z
-  - ?CheckNode@CNoLockList@@UEAAHQEAX@Z
-  - ?CleanQueue@CWorkerThreadJobQueue@@QEAAXXZ
-  - ?Cleanup@CBlobConfig@@AEAAXXZ
-  - ?Cleanup@CModuleFileExtConfig@@IEAAXXZ
-  - ?Cleanup@CModuleMultiStringConfig@@IEAAXXZ
-  - ?Cleanup@CModuleStringConfig@@AEAAXXZ
-  - ?Close@CFile@@QEAAJXZ
-  - ?Count@CLockList@@QEAAKXZ
-  - ?Count@CNoLockList@@QEAAKXZ
-  - ?Create@CFile@@QEAAJPEBGKKKK@Z
-  - ?Create@CSystemThread@@QEAAEXZ
-  - ?CreateInstance@CMemoryAllocator@@SAPEAV1@W4_POOL_TYPE@@K@Z
-  - ?CreateInstance@CMemoryPoolAllocator@@SAPEAV1@W4_POOL_TYPE@@_K1K@Z
-  - ?CreatePool@CWorkerThreadPool@@QEAAEXZ
-  - ?CreatePool@CWorkerThreadPoolEx@@QEAAEXZ
-  - ?CreateThreads@CWorkerThreadPool@@QEAAEK@Z
-  - ?CreateThreads@CWorkerThreadPoolEx@@QEAAEK@Z
-  - ?CreateWIRP@CFile@@QEAAJPEBGKKKK@Z
-  - ?Delete@CFile@@QEAAJXZ
-  - ?Delete@CFileExtension@@QEAAEPEBGK@Z
-  - ?Delete@CStrList@@QEAAEPEBG@Z
-  - ?DeleteAll@CList@@UEAAXXZ
-  - ?DeleteAll@CLockList@@UEAAXXZ
-  - ?DeleteAll@CNoLockList@@UEAAXXZ
-  - ?DeleteNode@CContextList@@MEAAXPEAX@Z
-  - ?DeleteNode@CList@@UEAAXPEAX@Z
-  - ?DeleteNode@CModuleConfigList@@MEAAXPEAX@Z
-  - ?DeleteNode@CStrList@@EEAAXPEAU_STR_LIST_NODE@1@@Z
-  - ?DisableWriteProtectFromCR0@@YAXPEAPEAX@Z
-  - ?DoIt@CWorkerThreadJob@@QEAAJXZ
-  - ?EntryPoint@CSystemThread@@KAXPEAX@Z
-  - ?Find@CContextList@@QEAAPEAVCContext@@K@Z
-  - ?Find@CContextList@@QEAAPEAVCContext@@PEAX@Z
-  - ?Find@CFileExtension@@QEAAPEAU_STR_LIST_NODE@CStrList@@PEBGK@Z
-  - ?Find@CModuleConfigList@@QEAAPEAVCModuleConfig@@K@Z
-  - ?Find@CStrList@@QEAAPEAU_STR_LIST_NODE@1@PEBG@Z
-  - ?FindNode@CContextList@@IEAAPEAXPEAX@Z
-  - ?FindPartiallyAndAllMatch@CStrList@@QEAAPEAU_STR_LIST_NODE@1@PEBG@Z
-  - ?FinishFunction@CUserFuncAdapterJob@@MEAAXXZ
-  - ?FinishIt@CWorkerThreadJob@@QEAAJXZ
-  - ?First@CList@@UEAAPEAXXZ
-  - ?First@CLockList@@UEAAPEAXXZ
-  - ?First@CNoLockList@@UEAAPEAXXZ
-  - ?Free@CMemoryAllocator@@UEAAXPEAX@Z
-  - ?Free@CMemoryPoolAllocator@@UEAAXPEAX@Z
-  - ?GetAttributes@CFile@@QEAAKXZ
-  - ?GetBasicInfomration@CFile@@IEAAJXZ
-  - ?GetBlobCofig@CContext@@UEAAJKPEAXPEAK@Z
-  - ?GetCategory@CContext@@QEAAKXZ
-  - ?GetData@CBlobConfig@@QEAAHPEAXPEAK@Z
-  - ?GetData@CModuleFileExtConfig@@QEAAHPEAGPEAK@Z
-  - ?GetData@CModuleFileExtConfig@@QEAAPEAVCFileExtension@@XZ
-  - ?GetData@CModuleFlagConfig@@QEAAKXZ
-  - ?GetData@CModuleMultiStringConfig@@QEAAHPEAGPEAK@Z
-  - ?GetData@CModuleMultiStringConfig@@QEAAPEAVCStrList@@XZ
-  - ?GetData@CModuleStringConfig@@QEAAPEAGXZ
-  - ?GetData@CStrList@@QEAAEPEAGPEAK@Z
-  - ?GetDataType@CModuleConfig@@QEAAKXZ
-  - ?GetEngineContext@CContext@@QEAAPEAXXZ
-  - ?GetFileExtensionConfig@CContext@@QEAAPEAVCFileExtension@@K@Z
-  - ?GetFileExtensionConfig@CContext@@UEAAJKPEAGPEAK@Z
-  - ?GetFileSize@CFile@@QEAAJPEAT_LARGE_INTEGER@@@Z
-  - ?GetFileSizeWIRP@CFile@@QEAAJPEAT_LARGE_INTEGER@@@Z
-  - ?GetFlagConfig@CContext@@UEAAJKPEAK@Z
-  - ?GetID@CModuleConfig@@QEAAKXZ
-  - ?GetJob@CWorkerThreadJobQueue@@QEAAPEAVCWorkerThreadJob@@XZ
-  - ?GetLength@CModuleStringConfig@@QEAAKXZ
-  - ?GetLinkContext@CContext@@QEAAPEAXXZ
-  - ?GetLogFlag@CDebugLog@@QEAAKXZ
-  - ?GetLogFlag@CDebugLogEx@@QEAAKXZ
-  - ?GetModuleId@CModuleConfig@@QEAAKXZ
-  - ?GetMultiStringConfig@CContext@@QEAAPEAVCStrList@@K@Z
-  - ?GetMultiStringConfig@CContext@@UEAAJKPEAGPEAK@Z
-  - ?GetOneThreadTEB@CWorkerThreadPool@@QEAAPEAU_ETHREAD@@XZ
-  - ?GetOneThreadTEB@CWorkerThreadPool@@QEAAPEAU_KTHREAD@@XZ
-  - ?GetOneThreadTEB@CWorkerThreadPoolEx@@QEAAPEAU_ETHREAD@@XZ
-  - ?GetOneThreadTEB@CWorkerThreadPoolEx@@QEAAPEAU_KTHREAD@@XZ
-  - ?GetReportCallBackRoutine@CContext@@QEAA_KXZ
-  - ?GetSize@CBlobConfig@@QEAAKXZ
-  - ?GetStringConfig@CContext@@QEAAPEAGK@Z
-  - ?GetStringConfig@CContext@@UEAAJKPEAGPEAK@Z
-  - ?GetThreadCount@CWorkerThreadPool@@QEAAKXZ
-  - ?GetThreadCount@CWorkerThreadPoolEx@@QEAAKXZ
-  - ?GetThreadID@CSystemThread@@QEAA_KXZ
-  - ?GetType@CContext@@QEAAKXZ
-  - ?GetUserParameter@CContext@@QEAA_KXZ
-  - ?InitProcMon@CDebugLogEx@@IEAAXXZ
-  - ?InitializeBlobConfig@CContext@@QEAAHKPEAXK@Z
-  - ?InitializeFileExtensionConfig@CContext@@QEAAHKPEBG@Z
-  - ?InitializeFlagConfig@CContext@@QEAAHKK@Z
-  - ?InitializeMultiStringConfig@CContext@@QEAAHKPEBG@Z
-  - ?InitializeStringConfig@CContext@@QEAAHKPEBG@Z
-  - ?Insert@CList@@UEAAXQEAXE@Z
-  - ?Insert@CLockList@@UEAAXQEAXE@Z
-  - ?Insert@CNoLockList@@UEAAXQEAXE@Z
-  - ?InsertAfter@CList@@UEAAXPEAX0@Z
-  - ?InsertBefore@CList@@UEAAXPEAX0@Z
-  - ?Instance@CWorkerThreadPool@@SAPEAV1@XZ
-  - ?IsEmpty@CList@@UEAAEXZ
-  - ?IsEmpty@CLockList@@UEAAEXZ
-  - ?IsEmpty@CNoLockList@@UEAAEXZ
-  - ?IsExceedLimitation@CMemoryPoolAllocator@@IEAAEK@Z
-  - ?IsFull@CLockList@@QEBAEXZ
-  - ?IsFull@CNoLockList@@QEBAEXZ
-  - ?IsInExclusionList@CExclusionExtConfig@@QEAAEPEBG@Z
-  - ?IsInExclusionList@CExclusionFileNameConfig@@QEAAEPEBG@Z
-  - ?IsInExclusionList@CExclusionFilePathConfig@@QEAAEPEBG@Z
-  - ?IsInExclusionList@CExclusionFolderConfig@@QEAAEPEBG@Z
-  - ?IsInExclusionList@CExclusionRegistryConfig@@QEAAEPEBG@Z
-  - ?IsInInclusionList@CInclusionExtConfig@@QEAAEPEBG@Z
-  - ?IsInInclusionList@CInclusionFileNameConfig@@QEAAEPEBG@Z
-  - ?IsInInclusionList@CInclusionFilePathConfig@@QEAAEPEBG@Z
-  - ?IsInInclusionList@CInclusionFolderConfig@@QEAAEPEBG@Z
-  - ?IsOpened@CFile@@QEAAEXZ
-  - ?IsTerminated@CWorkerThreadPool@@QEAAEXZ
-  - ?IsTerminated@CWorkerThreadPoolEx@@QEAAEXZ
-  - ?IsValid@CMemoryAllocator@@UEAAEXZ
-  - ?IsValid@CMemoryPoolAllocator@@UEAAEXZ
-  - ?IsValid@IMemoryAllocator@@UEAAEXZ
-  - ?IsWorkerThread@CWorkerThreadPool@@QEAAE_K@Z
-  - ?IsWorkerThread@CWorkerThreadPoolEx@@QEAAE_K@Z
-  - ?JobFunction@CUserFuncAdapterJob@@MEAAXXZ
-  - ?JobQueue@CWorkerThreadPool@@QEAAAEAVCWorkerThreadJobQueue@@XZ
-  - ?JobQueue@CWorkerThreadPoolEx@@QEAAAEAVCWorkerThreadJobQueue@@XZ
-  - ?Limit@CLockList@@QEAAKXZ
-  - ?Limit@CNoLockList@@QEAAKXZ
-  - ?MatchAllExtensions@CFileExtension@@QEAAEXZ
-  - ?MatchNoExtensions@CFileExtension@@QEAAEXZ
-  - ?MergeLeft@CMemoryPoolAllocator@@IEAAPEAXPEAX@Z
-  - ?MergeRight@CMemoryPoolAllocator@@IEAAPEAXPEAX@Z
-  - ?NeedDelete@CWorkerThreadJob@@QEAAEXZ
-  - ?NeedDeleteWhenFinish@CWorkerThreadJob@@QEAAXE@Z
-  - ?NewNode@CList@@UEAAPEAXXZ
-  - ?NewNode@CStrList@@EEAAPEAXXZ
-  - ?NewNodeVariant@CList@@IEAAPEAXK@Z
-  - ?Next@CList@@UEBAPEAXQEAX@Z
-  - ?Next@CLockList@@UEBAPEAXQEAX@Z
-  - ?Next@CNoLockList@@UEBAPEAXQEAX@Z
-  - ?NextPool@CMemoryPoolAllocator@@QEAAPEAV1@XZ
-  - ?NotityTerminate@CWorkerThread@@QEAAXXZ
-  - ?PostJobToWorkerThread@CWorkerThreadPool@@QEAAJP6AXPEAX@Z0E@Z
-  - ?PostJobToWorkerThread@CWorkerThreadPoolEx@@QEAAJP6AXPEAX@Z0E1@Z
-  - ?Pulse@CKEvent@@QEAAJJE@Z
-  - ?QueueJob@CWorkerThreadJobQueue@@QEAAEPEAVCWorkerThreadJob@@@Z
-  - ?QueueJobItem@CWorkerThreadPool@@QEAAJPEAVCWorkerThreadJob@@@Z
-  - ?QueueJobItem@CWorkerThreadPoolEx@@QEAAJPEAVCWorkerThreadJob@@@Z
-  - ?RCMInstance@CWorkerThreadPool@@SAPEAV1@XZ
-  - ?Read@CFile@@QEAAJPEADKPEAK@Z
-  - ?ReadWIRP@CFile@@QEAAJPEADKPEAK@Z
-  - ?ReferenceCount@CContext@@QEAAAEAKXZ
-  - ?Release@CLockEvent@@QEAAXXZ
-  - ?Remove@CContextList@@UEAAEQEAX@Z
-  - ?Remove@CList@@UEAAEQEAX@Z
-  - ?Remove@CLockList@@UEAAEQEAX@Z
-  - ?Remove@CNoLockList@@UEAAEQEAX@Z
-  - ?RemoveHead@CList@@UEAAPEAXXZ
-  - ?RemoveHead@CLockList@@UEAAPEAXXZ
-  - ?RemoveHead@CNoLockList@@UEAAPEAXXZ
-  - ?RemoveTail@CList@@UEAAPEAXXZ
-  - ?RemoveTail@CLockList@@UEAAPEAXXZ
-  - ?RemoveTail@CNoLockList@@UEAAPEAXXZ
-  - ?Reset@CKEvent@@QEAAXXZ
-  - ?ResetData@CInclusionExtConfig@@QEAAXXZ
-  - ?ResetData@CInclusionFileNameConfig@@QEAAXXZ
-  - ?ResetData@CInclusionFilePathConfig@@QEAAXXZ
-  - ?ResetData@CInclusionFolderConfig@@QEAAXXZ
-  - ?RestoreCR0@@YAXPEAX@Z
-  - ?Run@CAutoUpdateConfigThread@@UEAAXXZ
-  - ?Run@CDelayLoadThread@@UEAAXXZ
-  - ?Run@CWorkerThread@@UEAAXXZ
-  - ?SeekToEnd@CFile@@QEAAJXZ
-  - ?Set@CKEvent@@QEAAJJE@Z
-  - ?SetAttributes@CFile@@QEAAJK@Z
-  - ?SetBlobCofig@CContext@@UEAAJKPEAXK@Z
-  - ?SetData@CBlobConfig@@QEAAHPEAXK@Z
-  - ?SetData@CModuleFileExtConfig@@QEAAHPEBG@Z
-  - ?SetData@CModuleFlagConfig@@QEAAHK@Z
-  - ?SetData@CModuleMultiStringConfig@@QEAAHPEBGK@Z
-  - ?SetData@CModuleStringConfig@@QEAAHPEBG@Z
-  - ?SetEngineContext@CContext@@QEAAXPEAX@Z
-  - ?SetFileExtensionConfig@CContext@@UEAAJKPEBG@Z
-  - ?SetFlagConfig@CContext@@UEAAJKK@Z
-  - ?SetLinkContext@CContext@@QEAAXPEAX@Z
-  - ?SetLogFlag@CDebugLog@@QEAAEK@Z
-  - ?SetLogFlag@CDebugLogEx@@QEAAEK@Z
-  - ?SetMatchAllExtensions@CFileExtension@@QEAAXE@Z
-  - ?SetMatchNoExtensions@CFileExtension@@QEAAXE@Z
-  - ?SetMultiStringConfig@CContext@@UEAAJKPEBG@Z
-  - ?SetNewJobItemEvent@CWorkerThreadJobQueue@@QEAAXXZ
-  - ?SetPriority@CSystemThread@@QEAAXK@Z
-  - ?SetStopUse@CContext@@QEAAXXZ
-  - ?SetStringConfig@CContext@@UEAAJKPEBG@Z
-  - ?Setup@CSystemThread@@MEAAXXZ
-  - ?StopUse@CContext@@QEAAHXZ
-  - ?TearDown@CSystemThread@@MEAAXXZ
-  - ?Terminate@CSystemThread@@QEAAXE@Z
-  - ?Terminate@CWorkerThreadPool@@QEAAEXZ
-  - ?Terminate@CWorkerThreadPoolEx@@QEAAEXZ
-  - ?TmExceptionFilter@@YAJPEAU_EXCEPTION_POINTERS@@@Z
-  - ?Wait@CKEvent@@QEAAJPEAT_LARGE_INTEGER@@E@Z
-  - ?WaitFinish@CWorkerThreadJob@@QEAAXXZ
-  - ?WaitForInit@CDelayLoadThread@@QEAAEXZ
-  - ?WaitForLoad@CDelayLoadThread@@QEAAEXZ
-  - ?WaitNewJobAvailable@CWorkerThreadJobQueue@@QEAAEXZ
-  - ?WaitQueueEmpty@CWorkerThreadJobQueue@@QEAAXXZ
-  - ?Write@CDebugLog@@QEAAXPEBDZZ
-  - ?Write@CDebugLogEx@@QEAAXPEBDZZ
-  - ?Write@CFile@@QEAAJPEADKPEAT_LARGE_INTEGER@@PEAK@Z
-  - ?WriteDataToFile@CDebugLogEx@@IEAAXPEADK@Z
-  - ?WriteDataToProcMonW@CDebugLogEx@@IEAAXPEAD@Z
-  - ?WriteSystemInformation@CDebugLog@@QEAAXXZ
-  - ?WriteSystemInformation@CDebugLogEx@@QEAAXXZ
-  - ?WriteSystemStringInformation@CDebugLog@@IEAAXPEBG@Z
-  - ?WriteSystemStringInformation@CDebugLogEx@@IEAAXPEBG@Z
-  - ?WriteToFile@CDebugLog@@IEAAXPEADK@Z
-  - ?WriteToProcMonW@CDebugLogEx@@IEAAXPEAU_UNICODE_STRING@@@Z
-  - ?_pNonPagedAllocator@@3PEAVCMemoryAllocator@@EA
-  - ?_pPagedAllocator@@3PEAVCMemoryAllocator@@EA
-  - ?m_lpInstance@CWorkerThreadPool@@1PEAV1@EA
-  - ?m_lpRCMInstance@CWorkerThreadPool@@1PEAV1@EA
-  - AllocFullFileName
-  - DeInitKm2UmCommunication
-  - DeInitKmLPC
-  - DuplicateFullFileName
-  - FreeFullFileName
-  - GetKm2UmMode
-  - GetModuleInfoByAddress
-  - GetModuleInfoByModuleName
-  - InitKm2UmCommunication
-  - InitKmLPC
-  - IsVerifierCodeCheckFlagOn
-  - IsWindows8_1_update
-  - KmCallUm
-  - KmCallUmByLPC
-  - KmCallUmEx
-  - KmCleanupCommPortAPIs
-  - KmGetUmInitProcess
-  - KmSetBackupCommPortAPIs
-  - KmSetCommPortAPIs
-  - ModGetExportProcAddress
-  - ModLoadDLLToBuffer
-  - ModLoadDLLToBufferWithImageSize
-  - ModLoadModule
-  - ModUnLoadModule
-  - NormalizeFileName
-  - NormalizeFullNtPathToDosName
-  - TmCommConfigRoutine
-  - UtilAddDeviceInDriveTable
-  - UtilAddReparsePointMapping
-  - UtilCleanFileReadOnly
-  - UtilCloseExclusiveHandle
-  - UtilCreateDosFileName
-  - UtilDeleteFileForce
-  - UtilGetDeviceObjectName
-  - UtilGetFileNameFromFileObject
-  - UtilGetFileObjectForProcessByEPROC
-  - UtilGetFileObjectFromFileName
-  - UtilGetProcessName
-  - UtilGetSystemDirectory
-  - UtilGetSystemDirectoryEx
-  - UtilGetSystemDirectoryLength
-  - UtilGetSystemTime
-  - UtilIoSetFileInfo
-  - UtilIopCreateFileIRP
-  - UtilKeGetLowFileDevice
-  - UtilModuleIATHook
-  - UtilModuleIATUnHook
-  - UtilPostJobToWorkerThread
-  - UtilQueryExclusiveHandle
-  - UtilQueryKeyValue
-  - UtilRemoveDeviceFromDriveTable
-  - UtilVolumeDeviceToDosName
-  - UtilWaitValueChangeToZero
-  - UtilWriteVersionToRegistry
-  - UtilbuildDynamicDiskMappingTable
-  - UtlWriteBinValueKeyToRegistry
-  - ValidateAddressWithSize
-  - _ResetProtectFromClose
-  - _UtilDosPathNameToNtPathName
-  ImportedFunctions:
-  - RtlInitUnicodeString
-  - KeInitializeEvent
-  - KeClearEvent
-  - KeSetEvent
-  - KeEnterCriticalRegion
-  - KeLeaveCriticalRegion
-  - KeWaitForSingleObject
-  - ExFreePoolWithTag
-  - ExAcquireFastMutexUnsafe
-  - ExReleaseFastMutexUnsafe
-  - ProbeForRead
-  - ProbeForWrite
-  - ExAcquireResourceSharedLite
-  - ExAcquireResourceExclusiveLite
-  - ExReleaseResourceLite
-  - MmProbeAndLockPages
-  - MmUnlockPages
-  - MmMapLockedPagesSpecifyCache
-  - IoAllocateMdl
-  - IoFreeMdl
-  - IoGetCurrentProcess
-  - ObfReferenceObject
-  - ObfDereferenceObject
-  - ZwClose
-  - ZwCreateSection
-  - ZwOpenSection
-  - ZwMapViewOfSection
-  - ZwUnmapViewOfSection
-  - ZwOpenEvent
-  - KePulseEvent
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - ObOpenObjectByPointer
-  - ZwAllocateVirtualMemory
-  - ZwFreeVirtualMemory
-  - ZwSetEvent
-  - __C_specific_handler
-  - PsProcessType
-  - wcslen
-  - wcsncpy
-  - wcsrchr
-  - RtlUnicodeStringToInteger
-  - ZwWaitForSingleObject
-  - ZwRequestWaitReplyPort
-  - ZwConnectPort
-  - _stricmp
-  - ExAllocatePoolWithTag
-  - MmIsAddressValid
-  - RtlImageNtHeader
-  - ZwQuerySystemInformation
-  - SeCaptureSubjectContext
-  - SeReleaseSubjectContext
-  - SeAccessCheck
-  - ObGetObjectSecurity
-  - ObReleaseObjectSecurity
-  - PsGetProcessExitTime
-  - PsThreadType
-  - MmSectionObjectType
-  - RtlCreateSecurityDescriptor
-  - RtlSetDaclSecurityDescriptor
-  - KeInitializeSemaphore
-  - KeReleaseSemaphore
-  - ExAcquireFastMutex
-  - ExReleaseFastMutex
-  - RtlCreateAcl
-  - RtlAddAccessAllowedAce
-  - RtlLengthRequiredSid
-  - RtlInitializeSid
-  - RtlSubAuthoritySid
-  - KeDelayExecutionThread
-  - ExGetPreviousMode
-  - DbgPrint
-  - swprintf
-  - RtlCopyUnicodeString
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ObReferenceObjectByHandle
-  - PsGetCurrentProcessId
-  - ZwCreateEvent
-  - ExEventObjectType
-  - _wcsnicmp
-  - PsSetCreateProcessNotifyRoutine
-  - ZwQueryInformationProcess
-  - PsLookupProcessByProcessId
-  - ZwOpenDirectoryObject
-  - ExInitializeResourceLite
-  - ExDeleteResourceLite
-  - ZwCreateFile
-  - ZwQueryInformationFile
-  - ZwSetInformationFile
-  - ZwReadFile
-  - ZwWriteFile
-  - towupper
-  - MmGetSystemRoutineAddress
-  - ObReferenceObjectByPointer
-  - PsGetCurrentThreadId
-  - ObQueryNameString
-  - PsGetVersion
-  - _snprintf
-  - _vsnprintf
-  - RtlInitAnsiString
-  - wcscat
-  - RtlFreeUnicodeString
-  - RtlTimeToTimeFields
-  - KeWaitForMultipleObjects
-  - ExSystemTimeToLocalTime
-  - ZwCreateKey
-  - ZwDeviceIoControlFile
-  - ZwNotifyChangeKey
-  - ZwOpenFile
-  - ZwQueryVolumeInformationFile
-  - mbstowcs
-  - IoGetDeviceObjectPointer
-  - IoBuildDeviceIoControlRequest
-  - IofCallDriver
-  - IoCreateFile
-  - RtlEqualUnicodeString
-  - RtlAppendUnicodeStringToString
-  - RtlUpcaseUnicodeChar
-  - _snwprintf
-  - strlen
-  - _strnicmp
-  - strncpy
-  - NtOpenProcess
-  - NtQueryInformationProcess
-  - ObOpenObjectByName
-  - KeSetPriorityThread
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - KeNumberProcessors
-  - RtlLengthSecurityDescriptor
-  - ZwOpenKey
-  - ZwDeleteKey
-  - ZwDeleteValueKey
-  - ZwEnumerateKey
-  - ZwEnumerateValueKey
-  - ZwQueryKey
-  - ZwQueryValueKey
-  - ZwSetValueKey
-  - ZwTerminateProcess
-  - ZwOpenProcess
-  - ZwDuplicateObject
-  - ZwQuerySecurityObject
-  - ZwSetSecurityObject
-  - ZwQueryDirectoryObject
-  - ZwQueryDirectoryFile
-  - NtCreateFile
-  - NtQueryInformationFile
-  - NtSetInformationFile
-  - IoFileObjectType
-  - ObInsertObject
-  - wcschr
-  - wcsncmp
-  - RtlQueryRegistryValues
-  - RtlAppendUnicodeToString
-  - RtlCompareMemory
-  - MmBuildMdlForNonPagedPool
-  - IoAllocateIrp
-  - IoFreeIrp
-  - ZwOpenSymbolicLinkObject
-  - ZwQuerySymbolicLinkObject
-  - RtlUpcaseUnicodeString
-  - NtClose
-  - ZwSetInformationObject
-  - SeQueryAuthenticationIdToken
-  - MmSystemRangeStart
-  - IoGetFileObjectGenericMapping
-  - ObCreateObject
-  - SeCreateAccessState
-  - IoAcquireVpbSpinLock
-  - IoReleaseVpbSpinLock
-  - wcstombs
-  - strncat
-  - wcsncat
-  - RtlUnicodeStringToAnsiString
-  - RtlFreeAnsiString
-  - strcpy
-  - wcsstr
-  - RtlCompareUnicodeString
-  - DbgPrintEx
-  - KeAcquireSpinLockRaiseToDpc
-  - KeReleaseSpinLock
-  - ExAllocatePool
-  - ExpInterlockedPopEntrySList
-  - IoBuildSynchronousFsdRequest
-  - IoGetStackLimits
-  - IoGetDeviceInterfaces
-  - IoRegisterPlugPlayNotification
-  - IoUnregisterPlugPlayNotification
-  - IoGetConfigurationInformation
-  - FsRtlIsNameInExpression
-  - IoDeviceObjectType
-  - IoCreateDevice
-  - RtlGetOwnerSecurityDescriptor
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetSaclSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - RtlLengthSid
-  - SeExports
-  - IoIsWdmVersionAvailable
-  - RtlAbsoluteToSelfRelativeSD
-  - RtlAnsiStringToUnicodeString
-  - _purecall
-  - KeBugCheckEx
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=TW, ST=Taiwan, L=Taipei, O=Trend Micro, Inc., CN=Trend Micro, Inc.
-      ValidFrom: '2017-04-27 00:00:00'
-      ValidTo: '2018-07-16 23:59:59'
-      Signature: f3b20c020c826fd9e2629408ffc97c9e245959d1050c9ce7708069d366d26af191812e16fce674eaca0d8f05b2a796280831737299800d2bfe0071efecf655117b7952a4d7c0701b97de034a1d42e928fd1a2082b081f9d22e9d39af3233cf05c1e61ae1f8fbfec872e78d9a0b29b4f147f1a053d1757a824601df2bb07c75c591fe7efbaf0021764b90cd446f85f80d14bc2cd42c83edfa7d2510f8f94c82d1b3ea999b1cff9093291977c7e996dc32904d3934f167077684ff76aa5327654a0bd7223d9d67657b47c5b46012dca6723d89e7fa051b3380d0c4977b9df537e75da3186ab149b27c089715a01bd695f408f7ded66bfbe920d27a6f6a7d4cc8b3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 497c4fad471540e6e453d0cafb155740
-      Version: 3
-      TBS:
-        MD5: 78eaa337666217b1c16a9a0ebd0b8434
-        SHA1: ff9cb835e78f6185eed4372096c3bae53b17d18d
-        SHA256: 1c0d9746725e176b4a7c2852878f14d7587f58e65d346bc1247f1c8ee6374250
-        SHA384: ffe3c75b860679a5de399c7d2c2844dbfac51d5d8581e24648d208daba1e4bed5c867808e02dc8d7cb3df1d4b2b53d10
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 497c4fad471540e6e453d0cafb155740
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 9700ee6a34ba2b25ddc817d1a0743be8
-    SHA1: 80283ee3a81f182a56da60791555c7a5ac734e1c
-    SHA256: 7f352214a0d86b5a789492b8c5d18b8bb5fe7ec7145b883dbf27d6f1bc31a950
-  Sections:
-    .text:
-      Entropy: 5.882716454664285
-      Virtual Size: '0x52425'
-    .rdata:
-      Entropy: 3.4552608819028907
-      Virtual Size: '0x613c'
-    .data:
-      Entropy: 4.6804019792119735
-      Virtual Size: '0x3374'
-    .pdata:
-      Entropy: 5.561589432085414
-      Virtual Size: '0x3ab0'
-    .gfids:
-      Entropy: 2.0
-      Virtual Size: '0x4'
-    PAGE:
-      Entropy: 6.308406037999558
-      Virtual Size: '0x1ae4'
-    .edata:
-      Entropy: 5.84084380733241
-      Virtual Size: '0x5834'
-    INIT:
-      Entropy: 5.34434036674121
-      Virtual Size: '0x18a6'
-    .rsrc:
-      Entropy: 3.3891280022554757
-      Virtual Size: '0x568'
-    .reloc:
-      Entropy: 5.319305863516213
-      Virtual Size: '0x4c8'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2017-07-12 21:23:02'
-  Imphash: 234f0978e7f2aa0beb9501ff53d94e5b
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: TmComm.sys
-  MD5: 6e25148bb384469f3d5386dc5217548a
-  SHA1: dbf6e72c08824fe49c29b7660c9965c37d983e93
-  SHA256: 3c4207c90c97733fae2a08679d63fbbe94dfcf96fdfdf88406aa7ab3f80ea78f
-  Authentihash:
-    MD5: 2778b2480e305bca99547b921a96ede5
-    SHA1: 69044e94c725b1536c4f721b5a0cd9816581c745
-    SHA256: eb14c5db8307488809897be13c66ef02941f6020f9c34a9664db92a00d551f4a
-  Description: TrendMicro Common Module
-  Company: Trend Micro Inc.
-  InternalName: TmComm.sys
-  OriginalFilename: TmComm.sys
-  FileVersion: 6.70.0.1128
-  Product: Trend Micro Eyes
-  ProductVersion: '6.70'
-  Copyright: Copyright  (C)  2020 Trend Micro Incorporated. All rights reserved.
-  MachineType: I386
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  - CLASSPNP.SYS
-  ExportedFunctions:
-  - ??0CAutoUpdateConfigThread@@QAE@ABV0@@Z
-  - ??0CAutoUpdateConfigThread@@QAE@PAU_UNICODE_STRING@@P6GX0PAX@Z1@Z
-  - ??0CBlobConfig@@QAE@ABV0@@Z
-  - ??0CBlobConfig@@QAE@K@Z
-  - ??0CContext@@QAE@ABV0@@Z
-  - ??0CContext@@QAE@KP6GJPAU_EVENT_REPORT@@PAXPAU_TMCE_REPORT@@PAU_TMCE_FEEDBACK@@@Z1K@Z
-  - ??0CContextList@@QAE@ABV0@@Z
-  - ??0CContextList@@QAE@KPAVIMemoryAllocator@@@Z
-  - ??0CDebugLog@@QAE@ABV0@@Z
-  - ??0CDebugLog@@QAE@PBG@Z
-  - ??0CDebugLogEx@@QAE@ABV0@@Z
-  - ??0CDebugLogEx@@QAE@K@Z
-  - ??0CDelayLoadThread@@QAE@ABV0@@Z
-  - ??0CDelayLoadThread@@QAE@XZ
-  - ??0CExclusionExtConfig@@QAE@ABV0@@Z
-  - ??0CExclusionExtConfig@@QAE@KKE@Z
-  - ??0CExclusionFileNameConfig@@QAE@ABV0@@Z
-  - ??0CExclusionFileNameConfig@@QAE@KK@Z
-  - ??0CExclusionFilePathConfig@@QAE@ABV0@@Z
-  - ??0CExclusionFilePathConfig@@QAE@KK@Z
-  - ??0CExclusionFolderConfig@@QAE@ABV0@@Z
-  - ??0CExclusionFolderConfig@@QAE@KK@Z
-  - ??0CExclusionRegistryConfig@@QAE@ABV0@@Z
-  - ??0CExclusionRegistryConfig@@QAE@KK@Z
-  - ??0CFile@@QAE@ABV0@@Z
-  - ??0CFile@@QAE@E@Z
-  - ??0CFileExtension@@QAE@ABV0@@Z
-  - ??0CFileExtension@@QAE@KEEPAVIMemoryAllocator@@@Z
-  - ??0CInclusionExtConfig@@QAE@ABV0@@Z
-  - ??0CInclusionExtConfig@@QAE@KKE@Z
-  - ??0CInclusionFileNameConfig@@QAE@ABV0@@Z
-  - ??0CInclusionFileNameConfig@@QAE@KK@Z
-  - ??0CInclusionFilePathConfig@@QAE@ABV0@@Z
-  - ??0CInclusionFilePathConfig@@QAE@KK@Z
-  - ??0CInclusionFolderConfig@@QAE@ABV0@@Z
-  - ??0CInclusionFolderConfig@@QAE@KK@Z
-  - ??0CKEvent@@QAE@ABV0@@Z
-  - ??0CKEvent@@QAE@W4_EVENT_TYPE@@E@Z
-  - ??0CList@@QAE@ABV0@@Z
-  - ??0CList@@QAE@KPAVIMemoryAllocator@@@Z
-  - ??0CLockEvent@@QAE@ABV0@@Z
-  - ??0CLockEvent@@QAE@XZ
-  - ??0CLockList@@QAE@ABV0@@Z
-  - ??0CLockList@@QAE@KKPAVIMemoryAllocator@@@Z
-  - ??0CMemoryAllocator@@IAE@W4_POOL_TYPE@@K@Z
-  - ??0CMemoryAllocator@@QAE@ABV0@@Z
-  - ??0CMemoryPoolAllocator@@IAE@W4_POOL_TYPE@@KKK@Z
-  - ??0CMemoryPoolAllocator@@QAE@ABV0@@Z
-  - ??0CModuleConfig@@QAE@ABV0@@Z
-  - ??0CModuleConfig@@QAE@XZ
-  - ??0CModuleConfigList@@QAE@ABV0@@Z
-  - ??0CModuleConfigList@@QAE@KPAVIMemoryAllocator@@@Z
-  - ??0CModuleFileExtConfig@@QAE@ABV0@@Z
-  - ??0CModuleFileExtConfig@@QAE@KKE@Z
-  - ??0CModuleFlagConfig@@QAE@ABV0@@Z
-  - ??0CModuleFlagConfig@@QAE@K@Z
-  - ??0CModuleMultiStringConfig@@QAE@ABV0@@Z
-  - ??0CModuleMultiStringConfig@@QAE@KK@Z
-  - ??0CModuleStringConfig@@QAE@ABV0@@Z
-  - ??0CModuleStringConfig@@QAE@K@Z
-  - ??0CNoLockList@@QAE@ABV0@@Z
-  - ??0CNoLockList@@QAE@KKPAVIMemoryAllocator@@@Z
-  - ??0CSmartLock@@QAE@AAVCLockEvent@@@Z
-  - ??0CSmartLock@@QAE@XZ
-  - ??0CSmartReference@@QAE@AAJ@Z
-  - ??0CSmartReference@@QAE@AAK@Z
-  - ??0CSmartResource@@QAE@AAVCResource@@E@Z
-  - ??0CStrList@@QAE@ABV0@@Z
-  - ??0CStrList@@QAE@KPAVIMemoryAllocator@@@Z
-  - ??0CSystemThread@@QAE@ABV0@@Z
-  - ??0CSystemThread@@QAE@K@Z
-  - ??0CUserFuncAdapterJob@@QAE@ABV0@@Z
-  - ??0CUserFuncAdapterJob@@QAE@P6GXPAX@Z01@Z
-  - ??0CWorkerThread@@IAE@PAVCWorkerThreadJobQueue@@@Z
-  - ??0CWorkerThread@@QAE@ABV0@@Z
-  - ??0CWorkerThreadJob@@QAE@ABV0@@Z
-  - ??0CWorkerThreadJob@@QAE@E@Z
-  - ??0CWorkerThreadJobQueue@@QAE@ABV0@@Z
-  - ??0CWorkerThreadJobQueue@@QAE@K@Z
-  - ??0CWorkerThreadPool@@QAE@ABV0@@Z
-  - ??0CWorkerThreadPool@@QAE@K@Z
-  - ??0CWorkerThreadPoolEx@@QAE@ABV0@@Z
-  - ??0CWorkerThreadPoolEx@@QAE@KK@Z
-  - ??0IMemoryAllocator@@QAE@ABV0@@Z
-  - ??0IMemoryAllocator@@QAE@XZ
-  - ??1CAutoUpdateConfigThread@@UAE@XZ
-  - ??1CBlobConfig@@UAE@XZ
-  - ??1CContext@@UAE@XZ
-  - ??1CContextList@@UAE@XZ
-  - ??1CDebugLog@@UAE@XZ
-  - ??1CDebugLogEx@@UAE@XZ
-  - ??1CDelayLoadThread@@UAE@XZ
-  - ??1CExclusionExtConfig@@UAE@XZ
-  - ??1CExclusionFileNameConfig@@UAE@XZ
-  - ??1CExclusionFilePathConfig@@UAE@XZ
-  - ??1CExclusionFolderConfig@@UAE@XZ
-  - ??1CExclusionRegistryConfig@@UAE@XZ
-  - ??1CFile@@UAE@XZ
-  - ??1CFileExtension@@UAE@XZ
-  - ??1CInclusionExtConfig@@UAE@XZ
-  - ??1CInclusionFileNameConfig@@UAE@XZ
-  - ??1CInclusionFilePathConfig@@UAE@XZ
-  - ??1CInclusionFolderConfig@@UAE@XZ
-  - ??1CKEvent@@UAE@XZ
-  - ??1CList@@UAE@XZ
-  - ??1CLockEvent@@UAE@XZ
-  - ??1CLockList@@UAE@XZ
-  - ??1CMemoryAllocator@@UAE@XZ
-  - ??1CMemoryPoolAllocator@@UAE@XZ
-  - ??1CModuleConfig@@UAE@XZ
-  - ??1CModuleConfigList@@UAE@XZ
-  - ??1CModuleFileExtConfig@@UAE@XZ
-  - ??1CModuleFlagConfig@@UAE@XZ
-  - ??1CModuleMultiStringConfig@@UAE@XZ
-  - ??1CModuleStringConfig@@UAE@XZ
-  - ??1CNoLockList@@UAE@XZ
-  - ??1CSmartLock@@QAE@XZ
-  - ??1CSmartReference@@QAE@XZ
-  - ??1CSmartResource@@QAE@XZ
-  - ??1CStrList@@UAE@XZ
-  - ??1CSystemThread@@UAE@XZ
-  - ??1CUserFuncAdapterJob@@UAE@XZ
-  - ??1CWorkerThread@@UAE@XZ
-  - ??1CWorkerThreadJob@@UAE@XZ
-  - ??1CWorkerThreadJobQueue@@UAE@XZ
-  - ??1CWorkerThreadPool@@UAE@XZ
-  - ??1CWorkerThreadPoolEx@@UAE@XZ
-  - ??1IMemoryAllocator@@UAE@XZ
-  - ??2@YAPAXIPAVIMemoryAllocator@@PBDK@Z
-  - ??2CMemoryAllocator@@SGPAXI@Z
-  - ??2CMemoryPoolAllocator@@SGPAXI@Z
-  - ??3@YAXPAX@Z
-  - ??3IMemoryAllocator@@SGXPAX@Z
-  - ??4CAutoUpdateConfigThread@@QAEAAV0@ABV0@@Z
-  - ??4CBlobConfig@@QAEAAV0@ABV0@@Z
-  - ??4CContext@@QAEAAV0@ABV0@@Z
-  - ??4CDebugLog@@QAEAAV0@ABV0@@Z
-  - ??4CDebugLogEx@@QAEAAV0@ABV0@@Z
-  - ??4CDelayLoadThread@@QAEAAV0@ABV0@@Z
-  - ??4CFile@@QAEAAV0@ABV0@@Z
-  - ??4CKEvent@@QAEAAV0@ABV0@@Z
-  - ??4CLockEvent@@QAEAAV0@ABV0@@Z
-  - ??4CMemoryAllocator@@QAEAAV0@ABV0@@Z
-  - ??4CMemoryPoolAllocator@@QAEAAV0@ABV0@@Z
-  - ??4CModuleConfig@@QAEAAV0@ABV0@@Z
-  - ??4CModuleFlagConfig@@QAEAAV0@ABV0@@Z
-  - ??4CModuleStringConfig@@QAEAAV0@ABV0@@Z
-  - ??4CSmartLock@@QAEAAV0@ABV0@@Z
-  - ??4CSmartLock@@QAEABV0@AAVCLockEvent@@@Z
-  - ??4CSmartResource@@QAEAAV0@ABV0@@Z
-  - ??4CSystemThread@@QAEAAV0@ABV0@@Z
-  - ??4CUserFuncAdapterJob@@QAEAAV0@ABV0@@Z
-  - ??4CWorkerThread@@QAEAAV0@ABV0@@Z
-  - ??4CWorkerThreadJob@@QAEAAV0@ABV0@@Z
-  - ??4IMemoryAllocator@@QAEAAV0@ABV0@@Z
-  - ??_7CAutoUpdateConfigThread@@6B@
-  - ??_7CBlobConfig@@6B@
-  - ??_7CContext@@6B@
-  - ??_7CContextList@@6B@
-  - ??_7CDebugLog@@6B@
-  - ??_7CDebugLogEx@@6B@
-  - ??_7CDelayLoadThread@@6B@
-  - ??_7CExclusionExtConfig@@6B@
-  - ??_7CExclusionFileNameConfig@@6B@
-  - ??_7CExclusionFilePathConfig@@6B@
-  - ??_7CExclusionFolderConfig@@6B@
-  - ??_7CExclusionRegistryConfig@@6B@
-  - ??_7CFile@@6B@
-  - ??_7CFileExtension@@6B@
-  - ??_7CInclusionExtConfig@@6B@
-  - ??_7CInclusionFileNameConfig@@6B@
-  - ??_7CInclusionFilePathConfig@@6B@
-  - ??_7CInclusionFolderConfig@@6B@
-  - ??_7CKEvent@@6B@
-  - ??_7CList@@6B@
-  - ??_7CLockEvent@@6B@
-  - ??_7CLockList@@6B@
-  - ??_7CMemoryAllocator@@6B@
-  - ??_7CMemoryPoolAllocator@@6B@
-  - ??_7CModuleConfig@@6B@
-  - ??_7CModuleConfigList@@6B@
-  - ??_7CModuleFileExtConfig@@6B@
-  - ??_7CModuleFlagConfig@@6B@
-  - ??_7CModuleMultiStringConfig@@6B@
-  - ??_7CModuleStringConfig@@6B@
-  - ??_7CNoLockList@@6B@
-  - ??_7CStrList@@6B@
-  - ??_7CSystemThread@@6B@
-  - ??_7CUserFuncAdapterJob@@6B@
-  - ??_7CWorkerThread@@6B@
-  - ??_7CWorkerThreadJob@@6B@
-  - ??_7CWorkerThreadJobQueue@@6B@
-  - ??_7CWorkerThreadPool@@6B@
-  - ??_7CWorkerThreadPoolEx@@6B@
-  - ??_7IMemoryAllocator@@6B@
-  - ??_FCContextList@@QAEXXZ
-  - ??_FCFile@@QAEXXZ
-  - ??_FCFileExtension@@QAEXXZ
-  - ??_FCModuleConfigList@@QAEXXZ
-  - ??_FCStrList@@QAEXXZ
-  - ??_FCSystemThread@@QAEXXZ
-  - ??_FCWorkerThread@@QAEXXZ
-  - ??_FCWorkerThreadJob@@QAEXXZ
-  - ??_FCWorkerThreadJobQueue@@QAEXXZ
-  - ??_U@YAPAXIPAVIMemoryAllocator@@PBDK@Z
-  - ??_V@YAXPAX@Z
-  - ?Acquire@CLockEvent@@QAEXXZ
-  - ?Add@CContextList@@QAEEPAVCContext@@@Z
-  - ?Add@CFileExtension@@QAEEPBGK@Z
-  - ?Add@CModuleConfigList@@QAEEPAVCModuleConfig@@@Z
-  - ?Add@CStrList@@QAEEPBG@Z
-  - ?AddNode@CLockList@@UAEEQAXE@Z
-  - ?AddNode@CNoLockList@@UAEEQAXE@Z
-  - ?Alloc@CMemoryAllocator@@UAEPAXKPBDK@Z
-  - ?Alloc@CMemoryPoolAllocator@@UAEPAXKPBDK@Z
-  - ?AllocBlock@CMemoryPoolAllocator@@IAEPAXK@Z
-  - ?AttachJobQueue@CWorkerThread@@QAEXPAVCWorkerThreadJobQueue@@@Z
-  - ?Cancel@CWorkerThreadJob@@QAEXXZ
-  - ?CheckNode@CLockList@@UAEHQAX@Z
-  - ?CheckNode@CNoLockList@@UAEHQAX@Z
-  - ?CleanQueue@CWorkerThreadJobQueue@@QAEXXZ
-  - ?Cleanup@CBlobConfig@@AAEXXZ
-  - ?Cleanup@CModuleFileExtConfig@@IAEXXZ
-  - ?Cleanup@CModuleMultiStringConfig@@IAEXXZ
-  - ?Cleanup@CModuleStringConfig@@AAEXXZ
-  - ?Close@CFile@@QAEJXZ
-  - ?Count@CLockList@@QAEKXZ
-  - ?Count@CNoLockList@@QAEKXZ
-  - ?Create@CFile@@QAEJPBGKKKK@Z
-  - ?Create@CSystemThread@@QAEEXZ
-  - ?CreateInstance@CMemoryAllocator@@SGPAV1@W4_POOL_TYPE@@K@Z
-  - ?CreateInstance@CMemoryPoolAllocator@@SGPAV1@W4_POOL_TYPE@@KKK@Z
-  - ?CreatePool@CWorkerThreadPool@@QAEEXZ
-  - ?CreatePool@CWorkerThreadPoolEx@@QAEEXZ
-  - ?CreateThreads@CWorkerThreadPool@@QAEEK@Z
-  - ?CreateThreads@CWorkerThreadPoolEx@@QAEEK@Z
-  - ?CreateWIRP@CFile@@QAEJPBGKKKK@Z
-  - ?Delete@CFile@@QAEJXZ
-  - ?Delete@CFileExtension@@QAEEPBGK@Z
-  - ?Delete@CStrList@@QAEEPBG@Z
-  - ?DeleteAll@CList@@UAEXXZ
-  - ?DeleteAll@CLockList@@UAEXXZ
-  - ?DeleteAll@CNoLockList@@UAEXXZ
-  - ?DeleteNode@CContextList@@MAEXPAX@Z
-  - ?DeleteNode@CList@@UAEXPAX@Z
-  - ?DeleteNode@CModuleConfigList@@MAEXPAX@Z
-  - ?DeleteNode@CStrList@@EAEXPAU_STR_LIST_NODE@1@@Z
-  - ?DisableWriteProtectFromCR0@@YGXPAPAX@Z
-  - ?DoIt@CWorkerThreadJob@@QAEJXZ
-  - ?EntryPoint@CSystemThread@@KGXPAX@Z
-  - ?Find@CContextList@@QAEPAVCContext@@K@Z
-  - ?Find@CContextList@@QAEPAVCContext@@PAX@Z
-  - ?Find@CFileExtension@@QAEPAU_STR_LIST_NODE@CStrList@@PBGK@Z
-  - ?Find@CModuleConfigList@@QAEPAVCModuleConfig@@K@Z
-  - ?Find@CStrList@@QAEPAU_STR_LIST_NODE@1@PBG@Z
-  - ?FindNode@CContextList@@IAEPAXPAX@Z
-  - ?FindPartiallyAndAllMatch@CStrList@@QAEPAU_STR_LIST_NODE@1@PBG@Z
-  - ?FinishFunction@CUserFuncAdapterJob@@MAEXXZ
-  - ?FinishIt@CWorkerThreadJob@@QAEJXZ
-  - ?First@CList@@UAEPAXXZ
-  - ?First@CLockList@@UAEPAXXZ
-  - ?First@CNoLockList@@UAEPAXXZ
-  - ?Free@CMemoryAllocator@@UAEXPAX@Z
-  - ?Free@CMemoryPoolAllocator@@UAEXPAX@Z
-  - ?GetAttributes@CFile@@QAEKXZ
-  - ?GetBasicInfomration@CFile@@IAEJXZ
-  - ?GetBlobCofig@CContext@@UAEJKPAXPAK@Z
-  - ?GetCategory@CContext@@QAEKXZ
-  - ?GetData@CBlobConfig@@QAEHPAXPAK@Z
-  - ?GetData@CModuleFileExtConfig@@QAEHPAGPAK@Z
-  - ?GetData@CModuleFileExtConfig@@QAEPAVCFileExtension@@XZ
-  - ?GetData@CModuleFlagConfig@@QAEKXZ
-  - ?GetData@CModuleMultiStringConfig@@QAEHPAGPAK@Z
-  - ?GetData@CModuleMultiStringConfig@@QAEPAVCStrList@@XZ
-  - ?GetData@CModuleStringConfig@@QAEPAGXZ
-  - ?GetData@CStrList@@QAEEPAGPAK@Z
-  - ?GetDataType@CModuleConfig@@QAEKXZ
-  - ?GetEngineContext@CContext@@QAEPAXXZ
-  - ?GetFileExtensionConfig@CContext@@QAEPAVCFileExtension@@K@Z
-  - ?GetFileExtensionConfig@CContext@@UAEJKPAGPAK@Z
-  - ?GetFileSize@CFile@@QAEJPAT_LARGE_INTEGER@@@Z
-  - ?GetFileSizeWIRP@CFile@@QAEJPAT_LARGE_INTEGER@@@Z
-  - ?GetFlagConfig@CContext@@UAEJKPAK@Z
-  - ?GetID@CModuleConfig@@QAEKXZ
-  - ?GetJob@CWorkerThreadJobQueue@@QAEPAVCWorkerThreadJob@@XZ
-  - ?GetLength@CModuleStringConfig@@QAEKXZ
-  - ?GetLinkContext@CContext@@QAEPAXXZ
-  - ?GetLogFlag@CDebugLog@@QAEKXZ
-  - ?GetLogFlag@CDebugLogEx@@QAEKXZ
-  - ?GetModuleId@CModuleConfig@@QAEKXZ
-  - ?GetMultiStringConfig@CContext@@QAEPAVCStrList@@K@Z
-  - ?GetMultiStringConfig@CContext@@UAEJKPAGPAK@Z
-  - ?GetOneThreadTEB@CWorkerThreadPool@@QAEPAU_ETHREAD@@XZ
-  - ?GetOneThreadTEB@CWorkerThreadPool@@QAEPAU_KTHREAD@@XZ
-  - ?GetOneThreadTEB@CWorkerThreadPoolEx@@QAEPAU_ETHREAD@@XZ
-  - ?GetOneThreadTEB@CWorkerThreadPoolEx@@QAEPAU_KTHREAD@@XZ
-  - ?GetReportCallBackRoutine@CContext@@QAEKXZ
-  - ?GetSize@CBlobConfig@@QAEKXZ
-  - ?GetStringConfig@CContext@@QAEPAGK@Z
-  - ?GetStringConfig@CContext@@UAEJKPAGPAK@Z
-  - ?GetThreadCount@CWorkerThreadPool@@QAEKXZ
-  - ?GetThreadCount@CWorkerThreadPoolEx@@QAEKXZ
-  - ?GetThreadID@CSystemThread@@QAEKXZ
-  - ?GetType@CContext@@QAEKXZ
-  - ?GetUserParameter@CContext@@QAEKXZ
-  - ?InitProcMon@CDebugLogEx@@IAEXXZ
-  - ?InitializeBlobConfig@CContext@@QAEHKPAXK@Z
-  - ?InitializeFileExtensionConfig@CContext@@QAEHKPBG@Z
-  - ?InitializeFlagConfig@CContext@@QAEHKK@Z
-  - ?InitializeMultiStringConfig@CContext@@QAEHKPBG@Z
-  - ?InitializeStringConfig@CContext@@QAEHKPBG@Z
-  - ?Insert@CList@@UAEXQAXE@Z
-  - ?Insert@CLockList@@UAEXQAXE@Z
-  - ?Insert@CNoLockList@@UAEXQAXE@Z
-  - ?InsertAfter@CList@@UAEXPAX0@Z
-  - ?InsertBefore@CList@@UAEXPAX0@Z
-  - ?Instance@CWorkerThreadPool@@SGPAV1@XZ
-  - ?IsEmpty@CList@@UAEEXZ
-  - ?IsEmpty@CLockList@@UAEEXZ
-  - ?IsEmpty@CNoLockList@@UAEEXZ
-  - ?IsExceedLimitation@CMemoryPoolAllocator@@IAEEK@Z
-  - ?IsFull@CLockList@@QBEEXZ
-  - ?IsFull@CNoLockList@@QBEEXZ
-  - ?IsInExclusionList@CExclusionExtConfig@@QAEEPBG@Z
-  - ?IsInExclusionList@CExclusionFileNameConfig@@QAEEPBG@Z
-  - ?IsInExclusionList@CExclusionFilePathConfig@@QAEEPBG@Z
-  - ?IsInExclusionList@CExclusionFolderConfig@@QAEEPBG@Z
-  - ?IsInExclusionList@CExclusionRegistryConfig@@QAEEPBG@Z
-  - ?IsInInclusionList@CInclusionExtConfig@@QAEEPBG@Z
-  - ?IsInInclusionList@CInclusionFileNameConfig@@QAEEPBG@Z
-  - ?IsInInclusionList@CInclusionFilePathConfig@@QAEEPBG@Z
-  - ?IsInInclusionList@CInclusionFolderConfig@@QAEEPBG@Z
-  - ?IsOpened@CFile@@QAEEXZ
-  - ?IsTerminated@CWorkerThreadPool@@QAEEXZ
-  - ?IsTerminated@CWorkerThreadPoolEx@@QAEEXZ
-  - ?IsValid@CMemoryAllocator@@UAEEXZ
-  - ?IsValid@CMemoryPoolAllocator@@UAEEXZ
-  - ?IsValid@IMemoryAllocator@@UAEEXZ
-  - ?IsWorkerThread@CWorkerThreadPool@@QAEEK@Z
-  - ?IsWorkerThread@CWorkerThreadPoolEx@@QAEEK@Z
-  - ?JobFunction@CUserFuncAdapterJob@@MAEXXZ
-  - ?JobQueue@CWorkerThreadPool@@QAEAAVCWorkerThreadJobQueue@@XZ
-  - ?JobQueue@CWorkerThreadPoolEx@@QAEAAVCWorkerThreadJobQueue@@XZ
-  - ?Limit@CLockList@@QAEKXZ
-  - ?Limit@CNoLockList@@QAEKXZ
-  - ?MatchAllExtensions@CFileExtension@@QAEEXZ
-  - ?MatchNoExtensions@CFileExtension@@QAEEXZ
-  - ?MergeLeft@CMemoryPoolAllocator@@IAEPAXPAX@Z
-  - ?MergeRight@CMemoryPoolAllocator@@IAEPAXPAX@Z
-  - ?NeedDelete@CWorkerThreadJob@@QAEEXZ
-  - ?NeedDeleteWhenFinish@CWorkerThreadJob@@QAEXE@Z
-  - ?NewNode@CList@@UAEPAXXZ
-  - ?NewNode@CStrList@@EAEPAXXZ
-  - ?NewNodeVariant@CList@@IAEPAXK@Z
-  - ?Next@CList@@UBEPAXQAX@Z
-  - ?Next@CLockList@@UBEPAXQAX@Z
-  - ?Next@CNoLockList@@UBEPAXQAX@Z
-  - ?NextPool@CMemoryPoolAllocator@@QAEPAV1@XZ
-  - ?NotityTerminate@CWorkerThread@@QAEXXZ
-  - ?PostJobToWorkerThread@CWorkerThreadPool@@QAEJP6GXPAX@Z0E@Z
-  - ?PostJobToWorkerThread@CWorkerThreadPoolEx@@QAEJP6GXPAX@Z0E1@Z
-  - ?Pulse@CKEvent@@QAEJJE@Z
-  - ?QueueJob@CWorkerThreadJobQueue@@QAEEPAVCWorkerThreadJob@@@Z
-  - ?QueueJobItem@CWorkerThreadPool@@QAEJPAVCWorkerThreadJob@@@Z
-  - ?QueueJobItem@CWorkerThreadPoolEx@@QAEJPAVCWorkerThreadJob@@@Z
-  - ?RCMInstance@CWorkerThreadPool@@SGPAV1@XZ
-  - ?Read@CFile@@QAEJPADKPAK@Z
-  - ?ReadWIRP@CFile@@QAEJPADKPAK@Z
-  - ?ReferenceCount@CContext@@QAEAAKXZ
-  - ?Release@CLockEvent@@QAEXXZ
-  - ?Remove@CContextList@@UAEEQAX@Z
-  - ?Remove@CList@@UAEEQAX@Z
-  - ?Remove@CLockList@@UAEEQAX@Z
-  - ?Remove@CNoLockList@@UAEEQAX@Z
-  - ?RemoveHead@CList@@UAEPAXXZ
-  - ?RemoveHead@CLockList@@UAEPAXXZ
-  - ?RemoveHead@CNoLockList@@UAEPAXXZ
-  - ?RemoveTail@CList@@UAEPAXXZ
-  - ?RemoveTail@CLockList@@UAEPAXXZ
-  - ?RemoveTail@CNoLockList@@UAEPAXXZ
-  - ?Reset@CKEvent@@QAEXXZ
-  - ?ResetData@CInclusionExtConfig@@QAEXXZ
-  - ?ResetData@CInclusionFileNameConfig@@QAEXXZ
-  - ?ResetData@CInclusionFilePathConfig@@QAEXXZ
-  - ?ResetData@CInclusionFolderConfig@@QAEXXZ
-  - ?RestoreCR0@@YGXPAX@Z
-  - ?Run@CAutoUpdateConfigThread@@UAEXXZ
-  - ?Run@CDelayLoadThread@@UAEXXZ
-  - ?Run@CWorkerThread@@UAEXXZ
-  - ?SeekToEnd@CFile@@QAEJXZ
-  - ?Set@CKEvent@@QAEJJE@Z
-  - ?SetAttributes@CFile@@QAEJK@Z
-  - ?SetBlobCofig@CContext@@UAEJKPAXK@Z
-  - ?SetData@CBlobConfig@@QAEHPAXK@Z
-  - ?SetData@CModuleFileExtConfig@@QAEHPBG@Z
-  - ?SetData@CModuleFlagConfig@@QAEHK@Z
-  - ?SetData@CModuleMultiStringConfig@@QAEHPBGK@Z
-  - ?SetData@CModuleStringConfig@@QAEHPBG@Z
-  - ?SetEngineContext@CContext@@QAEXPAX@Z
-  - ?SetFileExtensionConfig@CContext@@UAEJKPBG@Z
-  - ?SetFlagConfig@CContext@@UAEJKK@Z
-  - ?SetLinkContext@CContext@@QAEXPAX@Z
-  - ?SetLogFlag@CDebugLog@@QAEEK@Z
-  - ?SetLogFlag@CDebugLogEx@@QAEEK@Z
-  - ?SetMatchAllExtensions@CFileExtension@@QAEXE@Z
-  - ?SetMatchNoExtensions@CFileExtension@@QAEXE@Z
-  - ?SetMultiStringConfig@CContext@@UAEJKPBG@Z
-  - ?SetNewJobItemEvent@CWorkerThreadJobQueue@@QAEXXZ
-  - ?SetPriority@CSystemThread@@QAEXK@Z
-  - ?SetStopUse@CContext@@QAEXXZ
-  - ?SetStringConfig@CContext@@UAEJKPBG@Z
-  - ?Setup@CSystemThread@@MAEXXZ
-  - ?StopUse@CContext@@QAEHXZ
-  - ?TearDown@CSystemThread@@MAEXXZ
-  - ?Terminate@CSystemThread@@QAEXE@Z
-  - ?Terminate@CWorkerThreadPool@@QAEEXZ
-  - ?Terminate@CWorkerThreadPoolEx@@QAEEXZ
-  - ?TmExceptionFilter@@YGJPAU_EXCEPTION_POINTERS@@@Z
-  - ?Wait@CKEvent@@QAEJPAT_LARGE_INTEGER@@E@Z
-  - ?WaitFinish@CWorkerThreadJob@@QAEXXZ
-  - ?WaitForInit@CDelayLoadThread@@QAEEXZ
-  - ?WaitForLoad@CDelayLoadThread@@QAEEXZ
-  - ?WaitNewJobAvailable@CWorkerThreadJobQueue@@QAEEXZ
-  - ?WaitQueueEmpty@CWorkerThreadJobQueue@@QAEXXZ
-  - ?Write@CDebugLog@@QAAXPBDZZ
-  - ?Write@CDebugLogEx@@QAAXPBDZZ
-  - ?Write@CFile@@QAEJPADKPAT_LARGE_INTEGER@@PAK@Z
-  - ?WriteDataToFile@CDebugLogEx@@IAEXPADK@Z
-  - ?WriteDataToProcMonW@CDebugLogEx@@IAEXPAD@Z
-  - ?WriteSystemInformation@CDebugLog@@QAEXXZ
-  - ?WriteSystemInformation@CDebugLogEx@@QAEXXZ
-  - ?WriteSystemStringInformation@CDebugLog@@IAEXPBG@Z
-  - ?WriteSystemStringInformation@CDebugLogEx@@IAEXPBG@Z
-  - ?WriteToFile@CDebugLog@@IAEXPADK@Z
-  - ?WriteToProcMonW@CDebugLogEx@@IAEXPAU_UNICODE_STRING@@@Z
-  - ?_pNonPagedAllocator@@3PAVCMemoryAllocator@@A
-  - ?_pPagedAllocator@@3PAVCMemoryAllocator@@A
-  - ?m_lpInstance@CWorkerThreadPool@@1PAV1@A
-  - ?m_lpRCMInstance@CWorkerThreadPool@@1PAV1@A
-  - _DeInitKm2UmCommunication@0
-  - _DeInitKmLPC@0
-  - _DuplicateFullFileName@4
-  - _FreeFullFileName@4
-  - _GetFileVersionOfNtoskrnl@16
-  - _GetKm2UmMode@0
-  - _GetModuleInfoByAddress@8
-  - _GetModuleInfoByModuleName@8
-  - _InitKm2UmCommunication@8
-  - _InitKmLPC@0
-  - _IsWindows8_1_update@4
-  - _KmCallUm@8
-  - _KmCallUmByLPC@8
-  - _KmCallUmEx@12
-  - _KmCleanupCommPortAPIs@0
-  - _KmGetUmInitProcess@0
-  - _KmSetCommPortAPIs@4
-  - _ModGetExportProcAddress@8
-  - _ModLoadDLLToBuffer@4
-  - _ModLoadDLLToBufferWithImageSize@8
-  - _ModLoadModule@8
-  - _ModUnLoadModule@4
-  - _NormalizeFileName@4
-  - _NormalizeFullNtPathToDosName@4
-  - _TmCommConfigRoutine@4
-  - _UtilAddDeviceInDriveTable@4
-  - _UtilAddReparsePointMapping@8
-  - _UtilCleanFileReadOnly@4
-  - _UtilCloseExclusiveHandle@12
-  - _UtilCreateDosFileName@8
-  - _UtilDeleteFileForce@4
-  - _UtilGetDeviceObjectName@8
-  - _UtilGetFileNameFromFileObject@4
-  - _UtilGetFileObjectForProcessByEPROC@8
-  - _UtilGetFileObjectFromFileName@12
-  - _UtilGetProcessName@12
-  - _UtilGetSystemDirectory@4
-  - _UtilGetSystemDirectoryEx@0
-  - _UtilGetSystemDirectoryLength@0
-  - _UtilGetSystemTime@4
-  - _UtilIoSetFileInfo@24
-  - _UtilIopCreateFileIRP@40
-  - _UtilKeGetLowFileDevice@16
-  - _UtilModuleIATHook@24
-  - _UtilModuleIATUnHook@8
-  - _UtilPostJobToWorkerThread@12
-  - _UtilQueryExclusiveHandle@12
-  - _UtilQueryKeyValue@24
-  - _UtilRemoveDeviceFromDriveTable@4
-  - _UtilVolumeDeviceToDosName@8
-  - _UtilWaitValueChangeToZero@8
-  - _UtilWriteVersionToRegistry@8
-  - _UtilbuildDynamicDiskMappingTable@0
-  - _UtlWriteBinValueKeyToRegistry@16
-  - _ValidateAddressWithSize@20
-  - __ResetProtectFromClose@4
-  - __UtilDosPathNameToNtPathName@12
-  ImportedFunctions:
-  - KePulseEvent
-  - KeClearEvent
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - ObfDereferenceObject
-  - ZwSetEvent
-  - ZwClose
-  - ZwConnectPort
-  - RtlInitUnicodeString
-  - RtlUnicodeStringToInteger
-  - ZwCreateSection
-  - ZwWaitForSingleObject
-  - ZwOpenEvent
-  - IoGetCurrentProcess
-  - ObfReferenceObject
-  - DbgBreakPoint
-  - ZwRequestWaitReplyPort
-  - ExFreePoolWithTag
-  - ProbeForWrite
-  - ZwFreeVirtualMemory
-  - ZwAllocateVirtualMemory
-  - ObOpenObjectByPointer
-  - PsProcessType
-  - memmove
-  - PsGetProcessExitTime
-  - MmSectionObjectType
-  - PsThreadType
-  - ObReleaseObjectSecurity
-  - SeReleaseSubjectContext
-  - SeAccessCheck
-  - SeCaptureSubjectContext
-  - ObGetObjectSecurity
-  - DbgPrint
-  - memset
-  - MmIsAddressValid
-  - ExInitializeResourceLite
-  - ExDeleteResourceLite
-  - ZwWriteFile
-  - ZwReadFile
-  - ZwQueryInformationFile
-  - ZwSetInformationFile
-  - ZwCreateFile
-  - swprintf
-  - towupper
-  - _wcsnicmp
-  - ExAllocatePoolWithTag
-  - KeInitializeEvent
-  - _snprintf
-  - PsGetCurrentProcessId
-  - RtlTimeToTimeFields
-  - ExSystemTimeToLocalTime
-  - KeQuerySystemTime
-  - PsGetCurrentThreadId
-  - RtlInitAnsiString
-  - ZwDeviceIoControlFile
-  - ZwCreateKey
-  - ZwCreateEvent
-  - KeWaitForMultipleObjects
-  - ObReferenceObjectByHandle
-  - ZwNotifyChangeKey
-  - _vsnprintf
-  - RtlFreeUnicodeString
-  - RtlAnsiStringToUnicodeString
-  - RtlEqualUnicodeString
-  - RtlAppendUnicodeStringToString
-  - RtlCopyUnicodeString
-  - RtlUpcaseUnicodeChar
-  - RtlPrefixUnicodeString
-  - ExGetPreviousMode
-  - KeWaitForSingleObject
-  - KeSetPriorityThread
-  - PsTerminateSystemThread
-  - PsCreateSystemThread
-  - KeDelayExecutionThread
-  - KeNumberProcessors
-  - ZwQueryInformationProcess
-  - PsLookupProcessByProcessId
-  - ZwOpenDirectoryObject
-  - PsSetCreateProcessNotifyRoutine
-  - ZwQuerySystemInformation
-  - ZwQueryDirectoryFile
-  - ZwQueryDirectoryObject
-  - ZwOpenKey
-  - ZwEnumerateKey
-  - ZwEnumerateValueKey
-  - ZwQueryValueKey
-  - ZwDeleteValueKey
-  - ZwDeleteKey
-  - ZwTerminateProcess
-  - ZwOpenProcess
-  - ZwQueryKey
-  - ZwSetValueKey
-  - IoFileObjectType
-  - KeSetEvent
-  - ZwQuerySecurityObject
-  - ZwSetSecurityObject
-  - RtlLengthSecurityDescriptor
-  - MmHighestUserAddress
-  - IoFreeIrp
-  - _purecall
-  - MmUnlockPages
-  - IoBuildAsynchronousFsdRequest
-  - _strnicmp
-  - RtlQueryRegistryValues
-  - RtlAppendUnicodeToString
-  - mbstowcs
-  - ZwQuerySymbolicLinkObject
-  - ZwOpenSymbolicLinkObject
-  - NtClose
-  - ObQueryNameString
-  - MmGetSystemRoutineAddress
-  - ZwSetInformationObject
-  - _stricmp
-  - ZwUnmapViewOfSection
-  - ZwMapViewOfSection
-  - ZwOpenFile
-  - IoCreateFile
-  - IofCallDriver
-  - IoAllocateIrp
-  - MmBuildMdlForNonPagedPool
-  - IoAllocateMdl
-  - ProbeForRead
-  - PsGetVersion
-  - RtlImageNtHeader
-  - RtlCompareMemory
-  - RtlUpcaseUnicodeString
-  - _snwprintf
-  - MmSystemRangeStart
-  - wcsncmp
-  - strrchr
-  - ZwQueryVolumeInformationFile
-  - ObReferenceObjectByPointer
-  - IoBuildDeviceIoControlRequest
-  - ZwOpenSection
-  - _allmul
-  - KeReleaseSemaphore
-  - RtlLengthRequiredSid
-  - RtlInitializeSid
-  - RtlSubAuthoritySid
-  - RtlSetDaclSecurityDescriptor
-  - RtlCreateSecurityDescriptor
-  - RtlAddAccessAllowedAce
-  - RtlCreateAcl
-  - KeInitializeSemaphore
-  - IoGetDeviceObjectPointer
-  - IofCompleteRequest
-  - ExEventObjectType
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - IoCreateSymbolicLink
-  - RtlUpperChar
-  - ObReferenceObjectByName
-  - IoDriverObjectType
-  - RtlCompareUnicodeString
-  - strncpy
-  - KeServiceDescriptorTable
-  - NtOpenProcess
-  - ObOpenObjectByName
-  - NtQueryInformationProcess
-  - PsIsThreadTerminating
-  - KeAddSystemServiceTable
-  - ZwFsControlFile
-  - ObInsertObject
-  - IoReleaseVpbSpinLock
-  - IoAcquireVpbSpinLock
-  - SeCreateAccessState
-  - IoGetFileObjectGenericMapping
-  - ObCreateObject
-  - _allshr
-  - ExInterlockedPopEntrySList
-  - IoGetStackLimits
-  - IoBuildSynchronousFsdRequest
-  - wcsstr
-  - IoUnregisterPlugPlayNotification
-  - FsRtlIsNameInExpression
-  - IoGetConfigurationInformation
-  - MmProbeAndLockPages
-  - IoGetDeviceInterfaces
-  - IoRegisterPlugPlayNotification
-  - ExAllocatePool
-  - wcschr
-  - KeTickCount
-  - KeBugCheckEx
-  - RtlUnwind
-  - wcsrchr
-  - memcpy
-  - wcsncpy
-  - ExReleaseResourceLite
-  - ExAcquireResourceExclusiveLite
-  - ExAcquireResourceSharedLite
-  - ExReleaseFastMutexUnsafe
-  - KeLeaveCriticalRegion
-  - KeEnterCriticalRegion
-  - _allrem
-  - ExAcquireFastMutexUnsafe
-  - IoDeviceObjectType
-  - IoCreateDevice
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetSaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - SeExports
-  - IoIsWdmVersionAvailable
-  - RtlLengthSid
-  - RtlAbsoluteToSelfRelativeSD
-  - IoFreeMdl
-  - KeGetCurrentThread
-  - KfAcquireSpinLock
-  - KfReleaseSpinLock
-  - KeRaiseIrqlToDpcLevel
-  - KfLowerIrql
-  - KeAcquireQueuedSpinLock
-  - KeReleaseQueuedSpinLock
-  - ExAcquireFastMutex
-  - ExReleaseFastMutex
-  - KeGetCurrentIrql
-  - KfRaiseIrql
-  - ClassInitialize
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=TW, L=Taipei, O=Trend Micro, Inc., OU=Taipei, TW, CN=Trend Micro,
-        Inc.
-      ValidFrom: '2019-07-12 00:00:00'
-      ValidTo: '2020-07-10 12:00:00'
-      Signature: 5c08ae5d586a4751195382d6889dc2fc500e7c39c641e1a58def8d923e12b754e2cc35720cc8d3d29382980debf7d98fcc17d764187126dd07c134fdbb96dd44fe8a40195df6f6acd1881fa5ba2921dadceb3f64422344672834813916bbdf317533cf6aaf3317d78197d7d6c560ad681de135f39e2d4ad345b7fe491162660a5462c6075fd725382df1e6e6bc3a4c443be778f79b07f181082e38150ca28ab932f99e4bc4185dc5b3b6edf22c187fdfd84e23a21e7da1989837f43b89aa172e6b34dbcb297bffd511a1d1c100b25e0e921f622a0845e23317f9fec83659ca21c241800683e0dd66ce4d042a8aefc4142b5923a6fa93ee72c48e8dc04c13b4b0
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ea0fe4dfb74cc64bc32143103c27c8b
-      Version: 3
-      TBS:
-        MD5: e93e004baa6013b41135ac0648e29d5b
-        SHA1: dc91e26674d4b627319c700d3ebb1a6cf83d358e
-        SHA256: 0d20335edb166a303411548471bee6f301c8b4f7f7e453d09c15303de2c888d7
-        SHA384: 5e0130ee64e28e6366fcf0ca8a126b3f7e06eec60b8a46ac90dbfa858aac8f0c1a9cce248a606fdf9a98eae98dd5d887
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
-      Version: 3
-      TBS:
-        MD5: 829995f702421dea833a24fb2c7f4442
-        SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
-        SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
-        SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 0ea0fe4dfb74cc64bc32143103c27c8b
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 8ae6b3a63d3444e617eba17c3a93979e
-    SHA1: 3cc95db9109125c87a3cb737bbe371034d9c3ade
-    SHA256: 118d8d8e4d2d1ce80640e7b28300dd41389daf9bdbdc6ad2e9fefcde4aab7ad2
-  Sections:
-    .text:
-      Entropy: 6.674088172403195
-      Virtual Size: '0x3521e'
-    .rdata:
-      Entropy: 4.891713204478538
-      Virtual Size: '0x240c'
-    .data:
-      Entropy: 3.902683274701683
-      Virtual Size: '0x3610'
-    PAGE:
-      Entropy: 6.269350000242081
-      Virtual Size: '0x13dd'
-    .edata:
-      Entropy: 5.844064311160178
-      Virtual Size: '0x55d9'
-    INIT:
-      Entropy: 5.530415320687985
-      Virtual Size: '0x1668'
-    .rsrc:
-      Entropy: 3.3690890151354242
-      Virtual Size: '0x568'
-    .reloc:
-      Entropy: 6.508397535267547
-      Virtual Size: '0x36c6'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2020-06-22 02:26:17'
-  Imphash: 31907ffcac211e27136b14bb2f442070
-  LoadsDespiteHVCI: 'TRUE'
-- Filename: TmComm.sys
-  MD5: ad866d83b4f0391aecceb4e507011831
-  SHA1: 2cc70b772b42e0208f345c7c70d78f7536812f99
-  SHA256: 3e1d47a497babbfd1c83905777b517ec87c65742bee7eb57a2273eca825d2272
-  Authentihash:
-    MD5: 9242d88e9b533ca214638aadacfb515a
-    SHA1: 9892893a2a7d2a458ee795eeee065f64d4f6e3c4
-    SHA256: 6ad7bdf11a7ce7296a06eb4f14091df84fafdb04413e714f09f9ea6c686a1323
-  Description: TrendMicro Common Module
-  Company: Trend Micro Inc.
-  InternalName: TmComm.sys
-  OriginalFilename: TmComm.sys
-  FileVersion: 5.0.0.1113
-  Product: Trend Micro Eyes
-  ProductVersion: '5.0'
-  Copyright: Copyright (C) 2005-2011 Trend Micro Incorporated. All rights reserved.
-  MachineType: I386
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  - CLASSPNP.SYS
-  - SCSIPORT.SYS
-  ExportedFunctions:
-  - ??0CAutoUpdateConfigThread@@QAE@ABV0@@Z
-  - ??0CAutoUpdateConfigThread@@QAE@PAU_UNICODE_STRING@@P6GX0PAX@Z1@Z
-  - ??0CBlobConfig@@QAE@ABV0@@Z
-  - ??0CBlobConfig@@QAE@K@Z
-  - ??0CContext@@QAE@ABV0@@Z
-  - ??0CContext@@QAE@KP6GJPAU_EVENT_REPORT@@PAXPAU_TMCE_REPORT@@PAU_TMCE_FEEDBACK@@@Z1K@Z
-  - ??0CContextList@@QAE@ABV0@@Z
-  - ??0CContextList@@QAE@KPAVIMemoryAllocator@@@Z
-  - ??0CDebugLog@@QAE@ABV0@@Z
-  - ??0CDebugLog@@QAE@PBG@Z
-  - ??0CDelayLoadThread@@QAE@ABV0@@Z
-  - ??0CDelayLoadThread@@QAE@XZ
-  - ??0CExclusionExtConfig@@QAE@ABV0@@Z
-  - ??0CExclusionExtConfig@@QAE@KKE@Z
-  - ??0CExclusionFileNameConfig@@QAE@ABV0@@Z
-  - ??0CExclusionFileNameConfig@@QAE@KK@Z
-  - ??0CExclusionFilePathConfig@@QAE@ABV0@@Z
-  - ??0CExclusionFilePathConfig@@QAE@KK@Z
-  - ??0CExclusionFolderConfig@@QAE@ABV0@@Z
-  - ??0CExclusionFolderConfig@@QAE@KK@Z
-  - ??0CExclusionRegistryConfig@@QAE@ABV0@@Z
-  - ??0CExclusionRegistryConfig@@QAE@KK@Z
-  - ??0CFile@@QAE@ABV0@@Z
-  - ??0CFile@@QAE@E@Z
-  - ??0CFileExtension@@QAE@ABV0@@Z
-  - ??0CFileExtension@@QAE@KEEPAVIMemoryAllocator@@@Z
-  - ??0CKEvent@@QAE@ABV0@@Z
-  - ??0CKEvent@@QAE@W4_EVENT_TYPE@@E@Z
-  - ??0CList@@QAE@ABV0@@Z
-  - ??0CList@@QAE@KPAVIMemoryAllocator@@@Z
-  - ??0CLockEvent@@QAE@ABV0@@Z
-  - ??0CLockEvent@@QAE@XZ
-  - ??0CLockList@@QAE@ABV0@@Z
-  - ??0CLockList@@QAE@KKPAVIMemoryAllocator@@@Z
-  - ??0CMemoryAllocator@@IAE@W4_POOL_TYPE@@K@Z
-  - ??0CMemoryAllocator@@QAE@ABV0@@Z
-  - ??0CMemoryPoolAllocator@@IAE@W4_POOL_TYPE@@KKK@Z
-  - ??0CMemoryPoolAllocator@@QAE@ABV0@@Z
-  - ??0CModuleConfig@@QAE@ABV0@@Z
-  - ??0CModuleConfig@@QAE@XZ
-  - ??0CModuleConfigList@@QAE@ABV0@@Z
-  - ??0CModuleConfigList@@QAE@KPAVIMemoryAllocator@@@Z
-  - ??0CModuleFileExtConfig@@QAE@ABV0@@Z
-  - ??0CModuleFileExtConfig@@QAE@KKE@Z
-  - ??0CModuleFlagConfig@@QAE@ABV0@@Z
-  - ??0CModuleFlagConfig@@QAE@K@Z
-  - ??0CModuleMultiStringConfig@@QAE@ABV0@@Z
-  - ??0CModuleMultiStringConfig@@QAE@KK@Z
-  - ??0CModuleStringConfig@@QAE@ABV0@@Z
-  - ??0CModuleStringConfig@@QAE@K@Z
-  - ??0CNoLockList@@QAE@ABV0@@Z
-  - ??0CNoLockList@@QAE@KKPAVIMemoryAllocator@@@Z
-  - ??0CSmartLock@@QAE@AAVCLockEvent@@@Z
-  - ??0CSmartLock@@QAE@XZ
-  - ??0CSmartReference@@QAE@AAJ@Z
-  - ??0CSmartReference@@QAE@AAK@Z
-  - ??0CSmartResource@@QAE@AAVCResource@@E@Z
-  - ??0CStrList@@QAE@ABV0@@Z
-  - ??0CStrList@@QAE@KPAVIMemoryAllocator@@@Z
-  - ??0CSystemThread@@QAE@ABV0@@Z
-  - ??0CSystemThread@@QAE@K@Z
-  - ??0CUserFuncAdapterJob@@QAE@ABV0@@Z
-  - ??0CUserFuncAdapterJob@@QAE@P6GXPAX@Z0@Z
-  - ??0CWorkerThread@@IAE@PAVCWorkerThreadJobQueue@@@Z
-  - ??0CWorkerThread@@QAE@ABV0@@Z
-  - ??0CWorkerThreadJob@@QAE@ABV0@@Z
-  - ??0CWorkerThreadJob@@QAE@E@Z
-  - ??0CWorkerThreadJobQueue@@QAE@ABV0@@Z
-  - ??0CWorkerThreadJobQueue@@QAE@K@Z
-  - ??0CWorkerThreadPool@@QAE@ABV0@@Z
-  - ??0CWorkerThreadPool@@QAE@K@Z
-  - ??0IMemoryAllocator@@QAE@ABV0@@Z
-  - ??0IMemoryAllocator@@QAE@XZ
-  - ??1CAutoUpdateConfigThread@@UAE@XZ
-  - ??1CBlobConfig@@UAE@XZ
-  - ??1CContext@@UAE@XZ
-  - ??1CContextList@@UAE@XZ
-  - ??1CDebugLog@@UAE@XZ
-  - ??1CDelayLoadThread@@UAE@XZ
-  - ??1CExclusionExtConfig@@UAE@XZ
-  - ??1CExclusionFileNameConfig@@UAE@XZ
-  - ??1CExclusionFilePathConfig@@UAE@XZ
-  - ??1CExclusionFolderConfig@@UAE@XZ
-  - ??1CExclusionRegistryConfig@@UAE@XZ
-  - ??1CFile@@UAE@XZ
-  - ??1CFileExtension@@UAE@XZ
-  - ??1CKEvent@@UAE@XZ
-  - ??1CList@@UAE@XZ
-  - ??1CLockEvent@@UAE@XZ
-  - ??1CLockList@@UAE@XZ
-  - ??1CMemoryAllocator@@UAE@XZ
-  - ??1CMemoryPoolAllocator@@UAE@XZ
-  - ??1CModuleConfig@@UAE@XZ
-  - ??1CModuleConfigList@@UAE@XZ
-  - ??1CModuleFileExtConfig@@UAE@XZ
-  - ??1CModuleFlagConfig@@UAE@XZ
-  - ??1CModuleMultiStringConfig@@UAE@XZ
-  - ??1CModuleStringConfig@@UAE@XZ
-  - ??1CNoLockList@@UAE@XZ
-  - ??1CSmartLock@@QAE@XZ
-  - ??1CSmartReference@@QAE@XZ
-  - ??1CSmartResource@@QAE@XZ
-  - ??1CStrList@@UAE@XZ
-  - ??1CSystemThread@@UAE@XZ
-  - ??1CUserFuncAdapterJob@@UAE@XZ
-  - ??1CWorkerThread@@UAE@XZ
-  - ??1CWorkerThreadJob@@UAE@XZ
-  - ??1CWorkerThreadJobQueue@@UAE@XZ
-  - ??1CWorkerThreadPool@@UAE@XZ
-  - ??1IMemoryAllocator@@UAE@XZ
-  - ??2@YAPAXIPAVIMemoryAllocator@@PBDK@Z
-  - ??2CMemoryAllocator@@SGPAXI@Z
-  - ??2CMemoryPoolAllocator@@SGPAXI@Z
-  - ??3@YAXPAX@Z
-  - ??3IMemoryAllocator@@SGXPAX@Z
-  - ??4CAutoUpdateConfigThread@@QAEAAV0@ABV0@@Z
-  - ??4CBlobConfig@@QAEAAV0@ABV0@@Z
-  - ??4CContext@@QAEAAV0@ABV0@@Z
-  - ??4CDebugLog@@QAEAAV0@ABV0@@Z
-  - ??4CDelayLoadThread@@QAEAAV0@ABV0@@Z
-  - ??4CFile@@QAEAAV0@ABV0@@Z
-  - ??4CKEvent@@QAEAAV0@ABV0@@Z
-  - ??4CLockEvent@@QAEAAV0@ABV0@@Z
-  - ??4CMemoryAllocator@@QAEAAV0@ABV0@@Z
-  - ??4CMemoryPoolAllocator@@QAEAAV0@ABV0@@Z
-  - ??4CModuleConfig@@QAEAAV0@ABV0@@Z
-  - ??4CModuleFlagConfig@@QAEAAV0@ABV0@@Z
-  - ??4CModuleStringConfig@@QAEAAV0@ABV0@@Z
-  - ??4CSmartLock@@QAEAAV0@ABV0@@Z
-  - ??4CSmartLock@@QAEABV0@AAVCLockEvent@@@Z
-  - ??4CSmartResource@@QAEAAV0@ABV0@@Z
-  - ??4CSystemThread@@QAEAAV0@ABV0@@Z
-  - ??4CUserFuncAdapterJob@@QAEAAV0@ABV0@@Z
-  - ??4CWorkerThread@@QAEAAV0@ABV0@@Z
-  - ??4CWorkerThreadJob@@QAEAAV0@ABV0@@Z
-  - ??4IMemoryAllocator@@QAEAAV0@ABV0@@Z
-  - ??_7CAutoUpdateConfigThread@@6B@
-  - ??_7CBlobConfig@@6B@
-  - ??_7CContext@@6B@
-  - ??_7CContextList@@6B@
-  - ??_7CDebugLog@@6B@
-  - ??_7CDelayLoadThread@@6B@
-  - ??_7CExclusionExtConfig@@6B@
-  - ??_7CExclusionFileNameConfig@@6B@
-  - ??_7CExclusionFilePathConfig@@6B@
-  - ??_7CExclusionFolderConfig@@6B@
-  - ??_7CExclusionRegistryConfig@@6B@
-  - ??_7CFile@@6B@
-  - ??_7CFileExtension@@6B@
-  - ??_7CKEvent@@6B@
-  - ??_7CList@@6B@
-  - ??_7CLockEvent@@6B@
-  - ??_7CLockList@@6B@
-  - ??_7CMemoryAllocator@@6B@
-  - ??_7CMemoryPoolAllocator@@6B@
-  - ??_7CModuleConfig@@6B@
-  - ??_7CModuleConfigList@@6B@
-  - ??_7CModuleFileExtConfig@@6B@
-  - ??_7CModuleFlagConfig@@6B@
-  - ??_7CModuleMultiStringConfig@@6B@
-  - ??_7CModuleStringConfig@@6B@
-  - ??_7CNoLockList@@6B@
-  - ??_7CStrList@@6B@
-  - ??_7CSystemThread@@6B@
-  - ??_7CUserFuncAdapterJob@@6B@
-  - ??_7CWorkerThread@@6B@
-  - ??_7CWorkerThreadJob@@6B@
-  - ??_7CWorkerThreadJobQueue@@6B@
-  - ??_7CWorkerThreadPool@@6B@
-  - ??_7IMemoryAllocator@@6B@
-  - ??_FCContextList@@QAEXXZ
-  - ??_FCFile@@QAEXXZ
-  - ??_FCFileExtension@@QAEXXZ
-  - ??_FCModuleConfigList@@QAEXXZ
-  - ??_FCStrList@@QAEXXZ
-  - ??_FCSystemThread@@QAEXXZ
-  - ??_FCWorkerThread@@QAEXXZ
-  - ??_FCWorkerThreadJob@@QAEXXZ
-  - ??_FCWorkerThreadJobQueue@@QAEXXZ
-  - ??_U@YAPAXIPAVIMemoryAllocator@@PBDK@Z
-  - ??_V@YAXPAX@Z
-  - ?Acquire@CLockEvent@@QAEXXZ
-  - ?Add@CContextList@@QAEEPAVCContext@@@Z
-  - ?Add@CFileExtension@@QAEEPBGK@Z
-  - ?Add@CModuleConfigList@@QAEEPAVCModuleConfig@@@Z
-  - ?Add@CStrList@@QAEEPBG@Z
-  - ?AddNode@CLockList@@UAEEQAXE@Z
-  - ?AddNode@CNoLockList@@UAEEQAXE@Z
-  - ?Alloc@CMemoryAllocator@@UAEPAXKPBDK@Z
-  - ?Alloc@CMemoryPoolAllocator@@UAEPAXKPBDK@Z
-  - ?AllocBlock@CMemoryPoolAllocator@@IAEPAXK@Z
-  - ?AttachJobQueue@CWorkerThread@@QAEXPAVCWorkerThreadJobQueue@@@Z
-  - ?Cancel@CWorkerThreadJob@@QAEXXZ
-  - ?CheckNode@CLockList@@UAEHQAX@Z
-  - ?CheckNode@CNoLockList@@UAEHQAX@Z
-  - ?CleanQueue@CWorkerThreadJobQueue@@QAEXXZ
-  - ?Cleanup@CBlobConfig@@AAEXXZ
-  - ?Cleanup@CModuleFileExtConfig@@IAEXXZ
-  - ?Cleanup@CModuleMultiStringConfig@@IAEXXZ
-  - ?Cleanup@CModuleStringConfig@@AAEXXZ
-  - ?Close@CFile@@QAEJXZ
-  - ?Count@CLockList@@QAEKXZ
-  - ?Count@CNoLockList@@QAEKXZ
-  - ?Create@CFile@@QAEJPBGKKKK@Z
-  - ?Create@CSystemThread@@QAEEXZ
-  - ?CreateInstance@CMemoryAllocator@@SGPAV1@W4_POOL_TYPE@@K@Z
-  - ?CreateInstance@CMemoryPoolAllocator@@SGPAV1@W4_POOL_TYPE@@KKK@Z
-  - ?CreatePool@CWorkerThreadPool@@QAEEXZ
-  - ?CreateThreads@CWorkerThreadPool@@QAEEK@Z
-  - ?CreateWIRP@CFile@@QAEJPBGKKKK@Z
-  - ?Delete@CFile@@QAEJXZ
-  - ?Delete@CFileExtension@@QAEEPBGK@Z
-  - ?Delete@CStrList@@QAEEPBG@Z
-  - ?DeleteAll@CList@@UAEXXZ
-  - ?DeleteAll@CLockList@@UAEXXZ
-  - ?DeleteAll@CNoLockList@@UAEXXZ
-  - ?DeleteNode@CContextList@@MAEXPAX@Z
-  - ?DeleteNode@CList@@UAEXPAX@Z
-  - ?DeleteNode@CModuleConfigList@@MAEXPAX@Z
-  - ?DeleteNode@CStrList@@EAEXPAU_STR_LIST_NODE@1@@Z
-  - ?DisableWriteProtectFromCR0@@YGXPAPAX@Z
-  - ?DoIt@CWorkerThreadJob@@QAEJXZ
-  - ?EntryPoint@CSystemThread@@KGXPAX@Z
-  - ?Find@CContextList@@QAEPAVCContext@@K@Z
-  - ?Find@CContextList@@QAEPAVCContext@@PAX@Z
-  - ?Find@CFileExtension@@QAEPAU_STR_LIST_NODE@CStrList@@PBGK@Z
-  - ?Find@CModuleConfigList@@QAEPAVCModuleConfig@@K@Z
-  - ?Find@CStrList@@QAEPAU_STR_LIST_NODE@1@PBG@Z
-  - ?FindNode@CContextList@@IAEPAXPAX@Z
-  - ?FindPartiallyAndAllMatch@CStrList@@QAEPAU_STR_LIST_NODE@1@PBG@Z
-  - ?First@CList@@UAEPAXXZ
-  - ?First@CLockList@@UAEPAXXZ
-  - ?First@CNoLockList@@UAEPAXXZ
-  - ?Free@CMemoryAllocator@@UAEXPAX@Z
-  - ?Free@CMemoryPoolAllocator@@UAEXPAX@Z
-  - ?GetAttributes@CFile@@QAEKXZ
-  - ?GetBasicInfomration@CFile@@IAEJXZ
-  - ?GetBlobCofig@CContext@@UAEJKPAXPAK@Z
-  - ?GetCategory@CContext@@QAEKXZ
-  - ?GetData@CBlobConfig@@QAEHPAXPAK@Z
-  - ?GetData@CModuleFileExtConfig@@QAEHPAGPAK@Z
-  - ?GetData@CModuleFileExtConfig@@QAEPAVCFileExtension@@XZ
-  - ?GetData@CModuleFlagConfig@@QAEKXZ
-  - ?GetData@CModuleMultiStringConfig@@QAEHPAGPAK@Z
-  - ?GetData@CModuleMultiStringConfig@@QAEPAVCStrList@@XZ
-  - ?GetData@CModuleStringConfig@@QAEPAGXZ
-  - ?GetData@CStrList@@QAEEPAGPAK@Z
-  - ?GetDataType@CModuleConfig@@QAEKXZ
-  - ?GetEngineContext@CContext@@QAEPAXXZ
-  - ?GetFileExtensionConfig@CContext@@QAEPAVCFileExtension@@K@Z
-  - ?GetFileExtensionConfig@CContext@@UAEJKPAGPAK@Z
-  - ?GetFileSize@CFile@@QAEJPAT_LARGE_INTEGER@@@Z
-  - ?GetFlagConfig@CContext@@UAEJKPAK@Z
-  - ?GetID@CModuleConfig@@QAEKXZ
-  - ?GetJob@CWorkerThreadJobQueue@@QAEPAVCWorkerThreadJob@@XZ
-  - ?GetLength@CModuleStringConfig@@QAEKXZ
-  - ?GetLinkContext@CContext@@QAEPAXXZ
-  - ?GetLogFlag@CDebugLog@@QAEKXZ
-  - ?GetModuleId@CModuleConfig@@QAEKXZ
-  - ?GetMultiStringConfig@CContext@@QAEPAVCStrList@@K@Z
-  - ?GetMultiStringConfig@CContext@@UAEJKPAGPAK@Z
-  - ?GetOneThreadTEB@CWorkerThreadPool@@QAEPAU_ETHREAD@@XZ
-  - ?GetReportCallBackRoutine@CContext@@QAEKXZ
-  - ?GetSize@CBlobConfig@@QAEKXZ
-  - ?GetStringConfig@CContext@@QAEPAGK@Z
-  - ?GetStringConfig@CContext@@UAEJKPAGPAK@Z
-  - ?GetThreadCount@CWorkerThreadPool@@QAEKXZ
-  - ?GetThreadID@CSystemThread@@QAEKXZ
-  - ?GetType@CContext@@QAEKXZ
-  - ?GetUserParameter@CContext@@QAEKXZ
-  - ?InitializeBlobConfig@CContext@@QAEHKPAXK@Z
-  - ?InitializeFileExtensionConfig@CContext@@QAEHKPBG@Z
-  - ?InitializeFlagConfig@CContext@@QAEHKK@Z
-  - ?InitializeMultiStringConfig@CContext@@QAEHKPBG@Z
-  - ?InitializeStringConfig@CContext@@QAEHKPBG@Z
-  - ?Insert@CList@@UAEXQAXE@Z
-  - ?Insert@CLockList@@UAEXQAXE@Z
-  - ?Insert@CNoLockList@@UAEXQAXE@Z
-  - ?InsertAfter@CList@@UAEXPAX0@Z
-  - ?InsertBefore@CList@@UAEXPAX0@Z
-  - ?Instance@CWorkerThreadPool@@SGPAV1@XZ
-  - ?IsEmpty@CList@@UAEEXZ
-  - ?IsEmpty@CLockList@@UAEEXZ
-  - ?IsEmpty@CNoLockList@@UAEEXZ
-  - ?IsExceedLimitation@CMemoryPoolAllocator@@IAEEK@Z
-  - ?IsFull@CLockList@@QBEEXZ
-  - ?IsFull@CNoLockList@@QBEEXZ
-  - ?IsInExclusionList@CExclusionExtConfig@@QAEEPBG@Z
-  - ?IsInExclusionList@CExclusionFileNameConfig@@QAEEPBG@Z
-  - ?IsInExclusionList@CExclusionFilePathConfig@@QAEEPBG@Z
-  - ?IsInExclusionList@CExclusionFolderConfig@@QAEEPBG@Z
-  - ?IsInExclusionList@CExclusionRegistryConfig@@QAEEPBG@Z
-  - ?IsOpened@CFile@@QAEEXZ
-  - ?IsTerminated@CWorkerThreadPool@@QAEEXZ
-  - ?IsValid@CMemoryAllocator@@UAEEXZ
-  - ?IsValid@CMemoryPoolAllocator@@UAEEXZ
-  - ?IsValid@IMemoryAllocator@@UAEEXZ
-  - ?IsWorkerThread@CWorkerThreadPool@@QAEEK@Z
-  - ?JobFunction@CUserFuncAdapterJob@@MAEXXZ
-  - ?JobQueue@CWorkerThreadPool@@QAEAAVCWorkerThreadJobQueue@@XZ
-  - ?Limit@CLockList@@QAEKXZ
-  - ?Limit@CNoLockList@@QAEKXZ
-  - ?MatchAllExtensions@CFileExtension@@QAEEXZ
-  - ?MatchNoExtensions@CFileExtension@@QAEEXZ
-  - ?MergeLeft@CMemoryPoolAllocator@@IAEPAXPAX@Z
-  - ?MergeRight@CMemoryPoolAllocator@@IAEPAXPAX@Z
-  - ?NeedDelete@CWorkerThreadJob@@QAEEXZ
-  - ?NeedDeleteWhenFinish@CWorkerThreadJob@@QAEXE@Z
-  - ?NewNode@CList@@UAEPAXXZ
-  - ?NewNode@CStrList@@EAEPAXXZ
-  - ?NewNodeVariant@CList@@IAEPAXK@Z
-  - ?Next@CList@@UBEPAXQAX@Z
-  - ?Next@CLockList@@UBEPAXQAX@Z
-  - ?Next@CNoLockList@@UBEPAXQAX@Z
-  - ?NextPool@CMemoryPoolAllocator@@QAEPAV1@XZ
-  - ?NotityTerminate@CWorkerThread@@QAEXXZ
-  - ?PostJobToWorkerThread@CWorkerThreadPool@@QAEJP6GXPAX@Z0E@Z
-  - ?Pulse@CKEvent@@QAEJJE@Z
-  - ?QueueJob@CWorkerThreadJobQueue@@QAEEPAVCWorkerThreadJob@@@Z
-  - ?QueueJobItem@CWorkerThreadPool@@QAEJPAVCWorkerThreadJob@@@Z
-  - ?RCMInstance@CWorkerThreadPool@@SGPAV1@XZ
-  - ?Read@CFile@@QAEJPADKPAK@Z
-  - ?ReferenceCount@CContext@@QAEAAKXZ
-  - ?Release@CLockEvent@@QAEXXZ
-  - ?Remove@CContextList@@UAEEQAX@Z
-  - ?Remove@CList@@UAEEQAX@Z
-  - ?Remove@CLockList@@UAEEQAX@Z
-  - ?Remove@CNoLockList@@UAEEQAX@Z
-  - ?RemoveHead@CList@@UAEPAXXZ
-  - ?RemoveHead@CLockList@@UAEPAXXZ
-  - ?RemoveHead@CNoLockList@@UAEPAXXZ
-  - ?RemoveTail@CList@@UAEPAXXZ
-  - ?RemoveTail@CLockList@@UAEPAXXZ
-  - ?RemoveTail@CNoLockList@@UAEPAXXZ
-  - ?Reset@CKEvent@@QAEXXZ
-  - ?RestoreCR0@@YGXPAX@Z
-  - ?Run@CAutoUpdateConfigThread@@UAEXXZ
-  - ?Run@CDelayLoadThread@@UAEXXZ
-  - ?Run@CWorkerThread@@UAEXXZ
-  - ?SeekToEnd@CFile@@QAEJXZ
-  - ?Set@CKEvent@@QAEJJE@Z
-  - ?SetAttributes@CFile@@QAEJK@Z
-  - ?SetBlobCofig@CContext@@UAEJKPAXK@Z
-  - ?SetData@CBlobConfig@@QAEHPAXK@Z
-  - ?SetData@CModuleFileExtConfig@@QAEHPBG@Z
-  - ?SetData@CModuleFlagConfig@@QAEHK@Z
-  - ?SetData@CModuleMultiStringConfig@@QAEHPBG@Z
-  - ?SetData@CModuleStringConfig@@QAEHPBG@Z
-  - ?SetEngineContext@CContext@@QAEXPAX@Z
-  - ?SetFileExtensionConfig@CContext@@UAEJKPBG@Z
-  - ?SetFlagConfig@CContext@@UAEJKK@Z
-  - ?SetLinkContext@CContext@@QAEXPAX@Z
-  - ?SetLogFlag@CDebugLog@@QAEEK@Z
-  - ?SetMatchAllExtensions@CFileExtension@@QAEXE@Z
-  - ?SetMatchNoExtensions@CFileExtension@@QAEXE@Z
-  - ?SetMultiStringConfig@CContext@@UAEJKPBG@Z
-  - ?SetNewJobItemEvent@CWorkerThreadJobQueue@@QAEXXZ
-  - ?SetPriority@CSystemThread@@QAEXK@Z
-  - ?SetStopUse@CContext@@QAEXXZ
-  - ?SetStringConfig@CContext@@UAEJKPBG@Z
-  - ?Setup@CSystemThread@@MAEXXZ
-  - ?StopUse@CContext@@QAEHXZ
-  - ?TearDown@CSystemThread@@MAEXXZ
-  - ?Terminate@CSystemThread@@QAEXE@Z
-  - ?Terminate@CWorkerThreadPool@@QAEEXZ
-  - ?TmExceptionFilter@@YGJPAU_EXCEPTION_POINTERS@@@Z
-  - ?Wait@CKEvent@@QAEJPAT_LARGE_INTEGER@@E@Z
-  - ?WaitFinish@CWorkerThreadJob@@QAEXXZ
-  - ?WaitForReady@CDelayLoadThread@@QAEEXZ
-  - ?WaitNewJobAvailable@CWorkerThreadJobQueue@@QAEEXZ
-  - ?Write@CDebugLog@@QAAXPBDZZ
-  - ?Write@CFile@@QAEJPADKPAT_LARGE_INTEGER@@PAK@Z
-  - ?WriteSystemInformation@CDebugLog@@QAEXXZ
-  - ?WriteSystemStringInformation@CDebugLog@@IAEXPBG@Z
-  - ?WriteToFile@CDebugLog@@IAEXPADK@Z
-  - ?_pNonPagedAllocator@@3PAVCMemoryAllocator@@A
-  - ?_pPagedAllocator@@3PAVCMemoryAllocator@@A
-  - ?m_lpInstance@CWorkerThreadPool@@1PAV1@A
-  - ?m_lpRCMInstance@CWorkerThreadPool@@1PAV1@A
-  - _DeInitKmLPC@0
-  - _GetModuleInfoByAddress@8
-  - _GetModuleInfoByModuleName@8
-  - _InitKmLPC@0
-  - _KmCallUm@8
-  - _KmCallUmEx@12
-  - _ModGetExportProcAddress@8
-  - _ModLoadDLLToBuffer@4
-  - _ModLoadDLLToBufferWithImageSize@8
-  - _ModLoadModule@8
-  - _ModUnLoadModule@4
-  - _NormalizeFileName@4
-  - _NormalizeFullNtPathToDosName@4
-  - _TmCommConfigRoutine@4
-  - _UtilAddDeviceInDriveTable@4
-  - _UtilCleanFileReadOnly@4
-  - _UtilDeleteFileForce@4
-  - _UtilGetFileObjectForProcessByEPROC@8
-  - _UtilGetFileObjectFromFileName@12
-  - _UtilGetProcessName@12
-  - _UtilGetSystemDirectory@4
-  - _UtilGetSystemTime@4
-  - _UtilIoSetFileInfo@24
-  - _UtilIopCreateFileIRP@40
-  - _UtilKeGetLowFileDevice@16
-  - _UtilModuleIATHook@24
-  - _UtilModuleIATUnHook@8
-  - _UtilQueryKeyValue@24
-  - _UtilRemoveDeviceFromDriveTable@4
-  - _UtilVolumeDeviceToDosName@8
-  - _UtilWaitValueChangeToZero@8
-  - _UtilWriteVersionToRegistry@8
-  - _UtilbuildDynamicDiskMappingTable@0
-  - __UtilDosPathNameToNtPathName@12
-  ImportedFunctions:
-  - KeWaitForSingleObject
-  - KeReleaseSemaphore
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - RtlSubAuthoritySid
-  - RtlInitializeSid
-  - ExAllocatePoolWithTag
-  - RtlLengthRequiredSid
-  - ExFreePoolWithTag
-  - RtlSetDaclSecurityDescriptor
-  - RtlCreateSecurityDescriptor
-  - RtlAddAccessAllowedAce
-  - RtlCreateAcl
-  - ObfDereferenceObject
-  - ZwSetEvent
-  - ZwClose
-  - ZwRequestWaitReplyPort
-  - ProbeForWrite
-  - ZwFreeVirtualMemory
-  - ZwAllocateVirtualMemory
-  - ObOpenObjectByPointer
-  - PsProcessType
-  - memmove
-  - ZwConnectPort
-  - RtlInitUnicodeString
-  - RtlUnicodeStringToInteger
-  - ZwCreateSection
-  - ZwWaitForSingleObject
-  - ZwOpenEvent
-  - ObfReferenceObject
-  - IoGetCurrentProcess
-  - DbgBreakPoint
-  - PsGetProcessExitTime
-  - MmSectionObjectType
-  - DbgPrint
-  - memset
-  - MmIsAddressValid
-  - ExInitializeResourceLite
-  - ExDeleteResourceLite
-  - ZwWriteFile
-  - ZwReadFile
-  - ZwQueryInformationFile
-  - ZwSetInformationFile
-  - ZwCreateFile
-  - swprintf
-  - towupper
-  - _wcsnicmp
-  - KeInitializeEvent
-  - _snprintf
-  - PsGetCurrentProcessId
-  - RtlTimeToTimeFields
-  - ExSystemTimeToLocalTime
-  - KeQuerySystemTime
-  - ZwCreateKey
-  - ZwCreateEvent
-  - KeWaitForMultipleObjects
-  - ObReferenceObjectByHandle
-  - ZwNotifyChangeKey
-  - PsGetCurrentThreadId
-  - _vsnprintf
-  - KeSetPriorityThread
-  - PsTerminateSystemThread
-  - PsCreateSystemThread
-  - KeNumberProcessors
-  - ZwQueryInformationProcess
-  - PsLookupProcessByProcessId
-  - KeDelayExecutionThread
-  - ZwOpenDirectoryObject
-  - PsSetCreateProcessNotifyRoutine
-  - ZwQuerySystemInformation
-  - ZwQueryDirectoryFile
-  - ZwQueryDirectoryObject
-  - ZwDuplicateObject
-  - ZwOpenKey
-  - ZwEnumerateKey
-  - ZwEnumerateValueKey
-  - ZwQueryValueKey
-  - ZwDeleteValueKey
-  - ZwDeleteKey
-  - ExGetPreviousMode
-  - ZwTerminateProcess
-  - ZwOpenProcess
-  - ZwQueryKey
-  - ZwSetValueKey
-  - MmHighestUserAddress
-  - IoFreeIrp
-  - IoFreeMdl
-  - MmUnlockPages
-  - KeInitializeSemaphore
-  - _strnicmp
-  - RtlQueryRegistryValues
-  - RtlAppendUnicodeToString
-  - mbstowcs
-  - ZwQuerySymbolicLinkObject
-  - ZwOpenSymbolicLinkObject
-  - NtClose
-  - ZwSetInformationObject
-  - _stricmp
-  - ZwUnmapViewOfSection
-  - ZwMapViewOfSection
-  - ZwOpenFile
-  - RtlEqualUnicodeString
-  - IoFileObjectType
-  - IoCreateFile
-  - IofCallDriver
-  - IoAllocateIrp
-  - MmBuildMdlForNonPagedPool
-  - IoAllocateMdl
-  - ProbeForRead
-  - PsGetVersion
-  - MmGetSystemRoutineAddress
-  - RtlCopyUnicodeString
-  - RtlCompareMemory
-  - _snwprintf
-  - RtlImageNtHeader
-  - RtlFreeUnicodeString
-  - RtlAnsiStringToUnicodeString
-  - RtlInitAnsiString
-  - strrchr
-  - ZwQueryVolumeInformationFile
-  - ObReferenceObjectByPointer
-  - ObQueryNameString
-  - IoBuildDeviceIoControlRequest
-  - IofCompleteRequest
-  - ExEventObjectType
-  - _allmul
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - IoCreateSymbolicLink
-  - IoGetDeviceObjectPointer
-  - RtlUpperChar
-  - RtlCompareUnicodeString
-  - strncpy
-  - KeServiceDescriptorTable
-  - NtOpenProcess
-  - ObOpenObjectByName
-  - IoDriverObjectType
-  - RtlAppendUnicodeStringToString
-  - NtQueryInformationProcess
-  - PsIsThreadTerminating
-  - PsThreadType
-  - KeAddSystemServiceTable
-  - ZwQueryObject
-  - ZwQuerySecurityObject
-  - ObInsertObject
-  - _allrem
-  - IoReleaseVpbSpinLock
-  - IoAcquireVpbSpinLock
-  - SeCreateAccessState
-  - IoGetFileObjectGenericMapping
-  - RtlUpcaseUnicodeString
-  - ObCreateObject
-  - _allshr
-  - MmUnmapIoSpace
-  - MmGetPhysicalAddress
-  - MmFreeContiguousMemory
-  - MmAllocateContiguousMemory
-  - MmMapIoSpace
-  - KeTickCount
-  - KeBugCheckEx
-  - RtlUnwind
-  - KeClearEvent
-  - KePulseEvent
-  - KeSetEvent
-  - wcsrchr
-  - memcpy
-  - ZwSetSecurityObject
-  - IoDeviceObjectType
-  - IoCreateDevice
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetSaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - RtlLengthSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - SeExports
-  - IoIsWdmVersionAvailable
-  - RtlLengthSid
-  - wcschr
-  - RtlAbsoluteToSelfRelativeSD
-  - wcsncpy
-  - ExReleaseResourceLite
-  - ExAcquireResourceExclusiveLite
-  - ExAcquireResourceSharedLite
-  - ExReleaseFastMutexUnsafe
-  - KeLeaveCriticalRegion
-  - KeEnterCriticalRegion
-  - ExAcquireFastMutexUnsafe
-  - _purecall
-  - IoBuildAsynchronousFsdRequest
-  - KeGetCurrentThread
-  - KeRaiseIrqlToDpcLevel
-  - KfLowerIrql
-  - ExReleaseFastMutex
-  - ExAcquireFastMutex
-  - ClassInitialize
-  - ScsiPortReadPortBufferUshort
-  - ScsiPortReadPortUchar
-  - ScsiPortWritePortUchar
-  - ScsiPortStallExecution
-  - ScsiPortWritePortBufferUshort
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-09-30 00:00:00'
-      ValidTo: '2014-01-01 23:59:59'
-      Signature: aedd211d5f8f807ad25209eadb6ed25d8be8c21b6904be51a5010e59fa37d174a3eedced89742b62d5a6bf4fad361754f013e0a345d24c26cbe26da21fd01e7a070fb6b37b6f5068a2e931b3b7997d8070a0a7de0b1ea4fff34d811bdd20c91cc4afcff18ffad9da95f0ecdc5cbfe88c5a3e7ab0a3eb59437411e09b1a6af36f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4d6290e58c54f0f1eb17341a1310e6a4
-      Version: 3
-      TBS:
-        MD5: b7d8444a70054990435f35a5630df5e1
-        SHA1: 4678c6e4a8787a8e6ed2bce8792b122f6c08afd8
-        SHA256: 0a8b4b359ea7890b358e56e436e9cfc6f32b037b2599b597ca7f7a80d475ec98
-        SHA384: ab21ee23bcdcf6f6066fb964d61467419ca8c0f3ad0b3fa2be4db6ed6af1cdff066b27d1988551c75836f22eddffef1f
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=TW, ST=Taiwan, L=Taipei, O=Trend Micro, Inc., OU=Digital ID Class
-        3 , Microsoft Software Validation v2, OU=RD, CN=Trend Micro, Inc.
-      ValidFrom: '2011-01-31 00:00:00'
-      ValidTo: '2012-02-16 23:59:59'
-      Signature: 5ae5a2abcc8bbf832dd651a0cb396ee5af87305e67d20288d6d830699286ce0b1b3ec77c732d80564e6a482461bda52329dc301ec6286011fe60413c97f4207bf675a71460365e9d917b19d7b5e7c49ff035a5488f8fc703a61512b1588cb6fc8ceef0f6353d47c66a5edbef40e53197431ada77acef71cca7db0dbaa88d02355af0a62a7901e91bc8c59ad48b4ecfd67f137023601c308691ad14d6859c9d6b28c6a3e15314e55832cea94793436a5610bbe5f0901cedc6796c9ca53b5d55f79974cd6be7093bba119675614c1654139096e506c3fb92460d45879bdbc196bd833ae4dc31da6e14130df14a20c05615db7ea7e25aa0fe59801ec30a56501e56
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 24e3d70b86ed54d0b22c3450b960984e
-      Version: 3
-      TBS:
-        MD5: 8ddf6d6623a3f10024af513804bb606d
-        SHA1: 4daedaec405b6dfefce005517e230b2419ad08bc
-        SHA256: 54894db2dab64a4991b4deab1a3415d4ea0d9905711af3b67242a0568d799b95
-        SHA384: 86d5ea29e277816e49909c8dc8a7771ade2a556ded900951402c72b4b892570cd6bc43f790716c492c07579919c366be
-    Signer:
-    - SerialNumber: 24e3d70b86ed54d0b22c3450b960984e
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 14f57f14bfadf8c2853ed049e6fe2971
-    SHA1: 318505d62e83e79bc68d918520aa260b537e69c8
-    SHA256: 426a0d423024b210c562a0b5b34161f67c5dbac0e8fd1ff5c7b273951f8efa37
-  Sections:
-    .text:
-      Entropy: 6.649557799549049
-      Virtual Size: '0x237db'
-    .rdata:
-      Entropy: 4.669618105240397
-      Virtual Size: '0x1a3c'
-    .data:
-      Entropy: 5.090706639524749
-      Virtual Size: '0x237c'
-    PAGE:
-      Entropy: 6.242163007320506
-      Virtual Size: '0x13dd'
-    .edata:
-      Entropy: 5.840991995219009
-      Virtual Size: '0x46c0'
-    INIT:
-      Entropy: 5.693019686156264
-      Virtual Size: '0x14b4'
-    .rsrc:
-      Entropy: 3.3612414595115774
-      Virtual Size: '0x4b0'
-    .reloc:
-      Entropy: 6.456848462956811
-      Virtual Size: '0x2378'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2011-07-27 20:25:40'
-  Imphash: 8ed3fbdefcc1982cd7decc40ace9d2e7
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: TmComm.sys
-  MD5: dd9596c18818288845423c68f3f39800
-  SHA1: fb1570b4865083dfce1fcff2bd72e9e1b03cead5
-  SHA256: 3fa6379951f08ed3cb87eeba9cf0c5f5e1d0317dcfcf003b810df9d795eeb73e
-  Authentihash:
-    MD5: ad490c2e1c6e3f31f1cd1073b03bb866
-    SHA1: a2c557dd6ee13783291800be7a6d28af2bc051a4
-    SHA256: 5b08743c8e1de8343ab0a0d453ca76487c6a438608c68c2b2921ea2c2a92821c
-  Description: TrendMicro Common Module
-  Company: Trend Micro Inc.
-  InternalName: TmComm.sys
-  OriginalFilename: TmComm.sys
-  FileVersion: 2.80.0.1077
-  Product: Trend Micro AEGIS
-  ProductVersion: '2.80'
-  Copyright: Copyright (C) 2005-2009 Trend Micro Incorporated. All rights reserved.
-  MachineType: I386
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  - CLASSPNP.SYS
-  ExportedFunctions:
-  - ??0CAutoUpdateConfigThread@@QAE@ABV0@@Z
-  - ??0CAutoUpdateConfigThread@@QAE@PAU_UNICODE_STRING@@P6GX0PAX@Z1@Z
-  - ??0CBlobConfig@@QAE@ABV0@@Z
-  - ??0CBlobConfig@@QAE@K@Z
-  - ??0CContext@@QAE@ABV0@@Z
-  - ??0CContext@@QAE@KP6GJPAU_EVENT_REPORT@@PAXPAU_TMCE_REPORT@@PAU_TMCE_FEEDBACK@@@Z1K@Z
-  - ??0CContextList@@QAE@ABV0@@Z
-  - ??0CContextList@@QAE@KPAVIMemoryAllocator@@@Z
-  - ??0CDebugLog@@QAE@ABV0@@Z
-  - ??0CDebugLog@@QAE@PBG@Z
-  - ??0CExclusionExtConfig@@QAE@ABV0@@Z
-  - ??0CExclusionExtConfig@@QAE@KKE@Z
-  - ??0CExclusionFileNameConfig@@QAE@ABV0@@Z
-  - ??0CExclusionFileNameConfig@@QAE@KK@Z
-  - ??0CExclusionFilePathConfig@@QAE@ABV0@@Z
-  - ??0CExclusionFilePathConfig@@QAE@KK@Z
-  - ??0CExclusionFolderConfig@@QAE@ABV0@@Z
-  - ??0CExclusionFolderConfig@@QAE@KK@Z
-  - ??0CExclusionRegistryConfig@@QAE@ABV0@@Z
-  - ??0CExclusionRegistryConfig@@QAE@KK@Z
-  - ??0CFile@@QAE@ABV0@@Z
-  - ??0CFile@@QAE@E@Z
-  - ??0CFileExtension@@QAE@ABV0@@Z
-  - ??0CFileExtension@@QAE@KEEPAVIMemoryAllocator@@@Z
-  - ??0CKEvent@@QAE@ABV0@@Z
-  - ??0CKEvent@@QAE@W4_EVENT_TYPE@@E@Z
-  - ??0CList@@QAE@ABV0@@Z
-  - ??0CList@@QAE@KPAVIMemoryAllocator@@@Z
-  - ??0CLockEvent@@QAE@ABV0@@Z
-  - ??0CLockEvent@@QAE@XZ
-  - ??0CLockList@@QAE@ABV0@@Z
-  - ??0CLockList@@QAE@KKPAVIMemoryAllocator@@@Z
-  - ??0CMemoryAllocator@@IAE@W4_POOL_TYPE@@K@Z
-  - ??0CMemoryAllocator@@QAE@ABV0@@Z
-  - ??0CMemoryPoolAllocator@@IAE@W4_POOL_TYPE@@KKK@Z
-  - ??0CMemoryPoolAllocator@@QAE@ABV0@@Z
-  - ??0CModuleConfig@@QAE@ABV0@@Z
-  - ??0CModuleConfig@@QAE@XZ
-  - ??0CModuleConfigList@@QAE@ABV0@@Z
-  - ??0CModuleConfigList@@QAE@KPAVIMemoryAllocator@@@Z
-  - ??0CModuleFileExtConfig@@QAE@ABV0@@Z
-  - ??0CModuleFileExtConfig@@QAE@KKE@Z
-  - ??0CModuleFlagConfig@@QAE@ABV0@@Z
-  - ??0CModuleFlagConfig@@QAE@K@Z
-  - ??0CModuleMultiStringConfig@@QAE@ABV0@@Z
-  - ??0CModuleMultiStringConfig@@QAE@KK@Z
-  - ??0CModuleStringConfig@@QAE@ABV0@@Z
-  - ??0CModuleStringConfig@@QAE@K@Z
-  - ??0CSmartLock@@QAE@AAVCLockEvent@@@Z
-  - ??0CSmartLock@@QAE@XZ
-  - ??0CSmartReference@@QAE@AAJ@Z
-  - ??0CSmartReference@@QAE@AAK@Z
-  - ??0CStrList@@QAE@ABV0@@Z
-  - ??0CStrList@@QAE@KPAVIMemoryAllocator@@@Z
-  - ??0CSystemThread@@QAE@ABV0@@Z
-  - ??0CSystemThread@@QAE@K@Z
-  - ??0CUserFuncAdapterJob@@QAE@ABV0@@Z
-  - ??0CUserFuncAdapterJob@@QAE@P6GXPAX@Z0@Z
-  - ??0CWorkerThread@@IAE@PAVCWorkerThreadJobQueue@@@Z
-  - ??0CWorkerThread@@QAE@ABV0@@Z
-  - ??0CWorkerThreadJob@@QAE@ABV0@@Z
-  - ??0CWorkerThreadJob@@QAE@E@Z
-  - ??0CWorkerThreadJobQueue@@QAE@ABV0@@Z
-  - ??0CWorkerThreadJobQueue@@QAE@K@Z
-  - ??0CWorkerThreadPool@@QAE@ABV0@@Z
-  - ??0CWorkerThreadPool@@QAE@K@Z
-  - ??0IMemoryAllocator@@QAE@ABV0@@Z
-  - ??0IMemoryAllocator@@QAE@XZ
-  - ??1CAutoUpdateConfigThread@@UAE@XZ
-  - ??1CBlobConfig@@UAE@XZ
-  - ??1CContext@@UAE@XZ
-  - ??1CContextList@@UAE@XZ
-  - ??1CDebugLog@@UAE@XZ
-  - ??1CExclusionExtConfig@@UAE@XZ
-  - ??1CExclusionFileNameConfig@@UAE@XZ
-  - ??1CExclusionFilePathConfig@@UAE@XZ
-  - ??1CExclusionFolderConfig@@UAE@XZ
-  - ??1CExclusionRegistryConfig@@UAE@XZ
-  - ??1CFile@@UAE@XZ
-  - ??1CFileExtension@@UAE@XZ
-  - ??1CKEvent@@UAE@XZ
-  - ??1CList@@UAE@XZ
-  - ??1CLockEvent@@UAE@XZ
-  - ??1CLockList@@UAE@XZ
-  - ??1CMemoryAllocator@@UAE@XZ
-  - ??1CMemoryPoolAllocator@@UAE@XZ
-  - ??1CModuleConfig@@UAE@XZ
-  - ??1CModuleConfigList@@UAE@XZ
-  - ??1CModuleFileExtConfig@@UAE@XZ
-  - ??1CModuleFlagConfig@@UAE@XZ
-  - ??1CModuleMultiStringConfig@@UAE@XZ
-  - ??1CModuleStringConfig@@UAE@XZ
-  - ??1CSmartLock@@QAE@XZ
-  - ??1CSmartReference@@QAE@XZ
-  - ??1CStrList@@UAE@XZ
-  - ??1CSystemThread@@UAE@XZ
-  - ??1CUserFuncAdapterJob@@UAE@XZ
-  - ??1CWorkerThread@@UAE@XZ
-  - ??1CWorkerThreadJob@@UAE@XZ
-  - ??1CWorkerThreadJobQueue@@UAE@XZ
-  - ??1CWorkerThreadPool@@UAE@XZ
-  - ??1IMemoryAllocator@@UAE@XZ
-  - ??2@YAPAXIPAVIMemoryAllocator@@PBDK@Z
-  - ??2CMemoryAllocator@@SGPAXI@Z
-  - ??2CMemoryPoolAllocator@@SGPAXI@Z
-  - ??3@YAXPAX@Z
-  - ??3IMemoryAllocator@@SGXPAX@Z
-  - ??4CAutoUpdateConfigThread@@QAEAAV0@ABV0@@Z
-  - ??4CBlobConfig@@QAEAAV0@ABV0@@Z
-  - ??4CContext@@QAEAAV0@ABV0@@Z
-  - ??4CDebugLog@@QAEAAV0@ABV0@@Z
-  - ??4CFile@@QAEAAV0@ABV0@@Z
-  - ??4CKEvent@@QAEAAV0@ABV0@@Z
-  - ??4CLockEvent@@QAEAAV0@ABV0@@Z
-  - ??4CMemoryAllocator@@QAEAAV0@ABV0@@Z
-  - ??4CMemoryPoolAllocator@@QAEAAV0@ABV0@@Z
-  - ??4CModuleConfig@@QAEAAV0@ABV0@@Z
-  - ??4CModuleFlagConfig@@QAEAAV0@ABV0@@Z
-  - ??4CModuleStringConfig@@QAEAAV0@ABV0@@Z
-  - ??4CSmartLock@@QAEAAV0@ABV0@@Z
-  - ??4CSmartLock@@QAEABV0@AAVCLockEvent@@@Z
-  - ??4CSystemThread@@QAEAAV0@ABV0@@Z
-  - ??4CUserFuncAdapterJob@@QAEAAV0@ABV0@@Z
-  - ??4CWorkerThread@@QAEAAV0@ABV0@@Z
-  - ??4CWorkerThreadJob@@QAEAAV0@ABV0@@Z
-  - ??4IMemoryAllocator@@QAEAAV0@ABV0@@Z
-  - ??_7CAutoUpdateConfigThread@@6B@
-  - ??_7CBlobConfig@@6B@
-  - ??_7CContext@@6B@
-  - ??_7CContextList@@6B@
-  - ??_7CDebugLog@@6B@
-  - ??_7CExclusionExtConfig@@6B@
-  - ??_7CExclusionFileNameConfig@@6B@
-  - ??_7CExclusionFilePathConfig@@6B@
-  - ??_7CExclusionFolderConfig@@6B@
-  - ??_7CExclusionRegistryConfig@@6B@
-  - ??_7CFile@@6B@
-  - ??_7CFileExtension@@6B@
-  - ??_7CKEvent@@6B@
-  - ??_7CList@@6B@
-  - ??_7CLockEvent@@6B@
-  - ??_7CLockList@@6B@
-  - ??_7CMemoryAllocator@@6B@
-  - ??_7CMemoryPoolAllocator@@6B@
-  - ??_7CModuleConfig@@6B@
-  - ??_7CModuleConfigList@@6B@
-  - ??_7CModuleFileExtConfig@@6B@
-  - ??_7CModuleFlagConfig@@6B@
-  - ??_7CModuleMultiStringConfig@@6B@
-  - ??_7CModuleStringConfig@@6B@
-  - ??_7CStrList@@6B@
-  - ??_7CSystemThread@@6B@
-  - ??_7CUserFuncAdapterJob@@6B@
-  - ??_7CWorkerThread@@6B@
-  - ??_7CWorkerThreadJob@@6B@
-  - ??_7CWorkerThreadJobQueue@@6B@
-  - ??_7CWorkerThreadPool@@6B@
-  - ??_7IMemoryAllocator@@6B@
-  - ??_FCContextList@@QAEXXZ
-  - ??_FCFile@@QAEXXZ
-  - ??_FCFileExtension@@QAEXXZ
-  - ??_FCModuleConfigList@@QAEXXZ
-  - ??_FCStrList@@QAEXXZ
-  - ??_FCSystemThread@@QAEXXZ
-  - ??_FCWorkerThread@@QAEXXZ
-  - ??_FCWorkerThreadJob@@QAEXXZ
-  - ??_FCWorkerThreadJobQueue@@QAEXXZ
-  - ??_U@YAPAXIPAVIMemoryAllocator@@PBDK@Z
-  - ??_V@YAXPAX@Z
-  - ?Acquire@CLockEvent@@QAEXXZ
-  - ?Add@CContextList@@QAEEPAVCContext@@@Z
-  - ?Add@CFileExtension@@QAEEPBGK@Z
-  - ?Add@CModuleConfigList@@QAEEPAVCModuleConfig@@@Z
-  - ?Add@CStrList@@QAEEPBG@Z
-  - ?AddNode@CLockList@@UAEEQAXE@Z
-  - ?Alloc@CMemoryAllocator@@UAEPAXKPBDK@Z
-  - ?Alloc@CMemoryPoolAllocator@@UAEPAXKPBDK@Z
-  - ?AllocBlock@CMemoryPoolAllocator@@IAEPAXK@Z
-  - ?AttachJobQueue@CWorkerThread@@QAEXPAVCWorkerThreadJobQueue@@@Z
-  - ?Cancel@CWorkerThreadJob@@QAEXXZ
-  - ?CheckNode@CLockList@@UAEHQAX@Z
-  - ?CleanQueue@CWorkerThreadJobQueue@@QAEXXZ
-  - ?Cleanup@CBlobConfig@@AAEXXZ
-  - ?Cleanup@CModuleFileExtConfig@@IAEXXZ
-  - ?Cleanup@CModuleMultiStringConfig@@IAEXXZ
-  - ?Cleanup@CModuleStringConfig@@AAEXXZ
-  - ?Close@CFile@@QAEJXZ
-  - ?Count@CLockList@@QAEKXZ
-  - ?Create@CFile@@QAEJPBGKKKK@Z
-  - ?Create@CSystemThread@@QAEEXZ
-  - ?CreateInstance@CMemoryAllocator@@SGPAV1@W4_POOL_TYPE@@K@Z
-  - ?CreateInstance@CMemoryPoolAllocator@@SGPAV1@W4_POOL_TYPE@@KKK@Z
-  - ?CreatePool@CWorkerThreadPool@@QAEEXZ
-  - ?CreateThreads@CWorkerThreadPool@@QAEEK@Z
-  - ?CreateWIRP@CFile@@QAEJPBGKKKK@Z
-  - ?Delete@CFile@@QAEJXZ
-  - ?Delete@CFileExtension@@QAEEPBGK@Z
-  - ?Delete@CStrList@@QAEEPBG@Z
-  - ?DeleteAll@CList@@UAEXXZ
-  - ?DeleteAll@CLockList@@UAEXXZ
-  - ?DeleteNode@CContextList@@MAEXPAX@Z
-  - ?DeleteNode@CList@@UAEXPAX@Z
-  - ?DeleteNode@CModuleConfigList@@MAEXPAX@Z
-  - ?DeleteNode@CStrList@@EAEXPAU_STR_LIST_NODE@1@@Z
-  - ?DisableWriteProtectFromCR0@@YGXPAPAX@Z
-  - ?DoIt@CWorkerThreadJob@@QAEJXZ
-  - ?EntryPoint@CSystemThread@@KGXPAX@Z
-  - ?Find@CContextList@@QAEPAVCContext@@K@Z
-  - ?Find@CContextList@@QAEPAVCContext@@PAX@Z
-  - ?Find@CFileExtension@@QAEPAU_STR_LIST_NODE@CStrList@@PBGK@Z
-  - ?Find@CModuleConfigList@@QAEPAVCModuleConfig@@K@Z
-  - ?Find@CStrList@@QAEPAU_STR_LIST_NODE@1@PBG@Z
-  - ?FindNode@CContextList@@IAEPAXPAX@Z
-  - ?FindPartiallyAndAllMatch@CStrList@@QAEPAU_STR_LIST_NODE@1@PBG@Z
-  - ?First@CList@@UAEPAXXZ
-  - ?First@CLockList@@UAEPAXXZ
-  - ?Free@CMemoryAllocator@@UAEXPAX@Z
-  - ?Free@CMemoryPoolAllocator@@UAEXPAX@Z
-  - ?GetAttributes@CFile@@QAEKXZ
-  - ?GetBasicInfomration@CFile@@IAEJXZ
-  - ?GetBlobCofig@CContext@@UAEJKPAXPAK@Z
-  - ?GetCategory@CContext@@QAEKXZ
-  - ?GetData@CBlobConfig@@QAEHPAXPAK@Z
-  - ?GetData@CModuleFileExtConfig@@QAEHPAGPAK@Z
-  - ?GetData@CModuleFileExtConfig@@QAEPAVCFileExtension@@XZ
-  - ?GetData@CModuleFlagConfig@@QAEKXZ
-  - ?GetData@CModuleMultiStringConfig@@QAEHPAGPAK@Z
-  - ?GetData@CModuleMultiStringConfig@@QAEPAVCStrList@@XZ
-  - ?GetData@CModuleStringConfig@@QAEPAGXZ
-  - ?GetData@CStrList@@QAEEPAGPAK@Z
-  - ?GetDataType@CModuleConfig@@QAEKXZ
-  - ?GetEngineContext@CContext@@QAEPAXXZ
-  - ?GetFBCallBackRoutine@CContext@@QAEKXZ
-  - ?GetFileExtensionConfig@CContext@@QAEPAVCFileExtension@@K@Z
-  - ?GetFileExtensionConfig@CContext@@UAEJKPAGPAK@Z
-  - ?GetFileSize@CFile@@QAEJPAT_LARGE_INTEGER@@@Z
-  - ?GetFlagConfig@CContext@@UAEJKPAK@Z
-  - ?GetID@CModuleConfig@@QAEKXZ
-  - ?GetJob@CWorkerThreadJobQueue@@QAEPAVCWorkerThreadJob@@XZ
-  - ?GetLength@CModuleStringConfig@@QAEKXZ
-  - ?GetLinkContext@CContext@@QAEPAXXZ
-  - ?GetLogFlag@CDebugLog@@QAEKXZ
-  - ?GetModuleId@CModuleConfig@@QAEKXZ
-  - ?GetMultiStringConfig@CContext@@QAEPAVCStrList@@K@Z
-  - ?GetMultiStringConfig@CContext@@UAEJKPAGPAK@Z
-  - ?GetOneThreadTEB@CWorkerThreadPool@@QAEPAU_ETHREAD@@XZ
-  - ?GetReportCallBackRoutine@CContext@@QAEKXZ
-  - ?GetSize@CBlobConfig@@QAEKXZ
-  - ?GetStringConfig@CContext@@QAEPAGK@Z
-  - ?GetStringConfig@CContext@@UAEJKPAGPAK@Z
-  - ?GetThreadCount@CWorkerThreadPool@@QAEKXZ
-  - ?GetThreadID@CSystemThread@@QAEKXZ
-  - ?GetType@CContext@@QAEKXZ
-  - ?GetUserParameter@CContext@@QAEKXZ
-  - ?InitializeBlobConfig@CContext@@QAEHKPAXK@Z
-  - ?InitializeFileExtensionConfig@CContext@@QAEHKPBG@Z
-  - ?InitializeFlagConfig@CContext@@QAEHKK@Z
-  - ?InitializeMultiStringConfig@CContext@@QAEHKPBG@Z
-  - ?InitializeStringConfig@CContext@@QAEHKPBG@Z
-  - ?Insert@CList@@UAEXQAXE@Z
-  - ?Insert@CLockList@@UAEXQAXE@Z
-  - ?InsertAfter@CList@@UAEXPAX0@Z
-  - ?InsertBefore@CList@@UAEXPAX0@Z
-  - ?Instance@CWorkerThreadPool@@SGPAV1@XZ
-  - ?IsEmpty@CList@@UAEEXZ
-  - ?IsEmpty@CLockList@@UAEEXZ
-  - ?IsExceedLimitation@CMemoryPoolAllocator@@IAEEK@Z
-  - ?IsFull@CLockList@@QBEEXZ
-  - ?IsInExclusionList@CExclusionExtConfig@@QAEEPBG@Z
-  - ?IsInExclusionList@CExclusionFileNameConfig@@QAEEPBG@Z
-  - ?IsInExclusionList@CExclusionFilePathConfig@@QAEEPBG@Z
-  - ?IsInExclusionList@CExclusionFolderConfig@@QAEEPBG@Z
-  - ?IsInExclusionList@CExclusionRegistryConfig@@QAEEPBG@Z
-  - ?IsOpened@CFile@@QAEEXZ
-  - ?IsTerminated@CWorkerThreadPool@@QAEEXZ
-  - ?IsValid@CMemoryAllocator@@UAEEXZ
-  - ?IsValid@CMemoryPoolAllocator@@UAEEXZ
-  - ?IsValid@IMemoryAllocator@@UAEEXZ
-  - ?IsWorkerThread@CWorkerThreadPool@@QAEEK@Z
-  - ?JobFunction@CUserFuncAdapterJob@@MAEXXZ
-  - ?JobQueue@CWorkerThreadPool@@QAEAAVCWorkerThreadJobQueue@@XZ
-  - ?Limit@CLockList@@QAEKXZ
-  - ?MatchAllExtensions@CFileExtension@@QAEEXZ
-  - ?MatchNoExtensions@CFileExtension@@QAEEXZ
-  - ?MergeLeft@CMemoryPoolAllocator@@IAEPAXPAX@Z
-  - ?MergeRight@CMemoryPoolAllocator@@IAEPAXPAX@Z
-  - ?NeedDelete@CWorkerThreadJob@@QAEEXZ
-  - ?NeedDeleteWhenFinish@CWorkerThreadJob@@QAEXE@Z
-  - ?NewNode@CList@@UAEPAXXZ
-  - ?NewNode@CStrList@@EAEPAXXZ
-  - ?NewNodeVariant@CList@@IAEPAXK@Z
-  - ?Next@CList@@UBEPAXQAX@Z
-  - ?Next@CLockList@@UBEPAXQAX@Z
-  - ?NextPool@CMemoryPoolAllocator@@QAEPAV1@XZ
-  - ?NotityTerminate@CWorkerThread@@QAEXXZ
-  - ?PostJobToWorkerThread@CWorkerThreadPool@@QAEJP6GXPAX@Z0E@Z
-  - ?Pulse@CKEvent@@QAEJJE@Z
-  - ?QueueJob@CWorkerThreadJobQueue@@QAEEPAVCWorkerThreadJob@@@Z
-  - ?QueueJobItem@CWorkerThreadPool@@QAEJPAVCWorkerThreadJob@@@Z
-  - ?RCMInstance@CWorkerThreadPool@@SGPAV1@XZ
-  - ?Read@CFile@@QAEJPADKPAK@Z
-  - ?ReferenceCount@CContext@@QAEAAKXZ
-  - ?Release@CLockEvent@@QAEXXZ
-  - ?Remove@CContextList@@UAEEQAX@Z
-  - ?Remove@CList@@UAEEQAX@Z
-  - ?Remove@CLockList@@UAEEQAX@Z
-  - ?RemoveHead@CList@@UAEPAXXZ
-  - ?RemoveHead@CLockList@@UAEPAXXZ
-  - ?RemoveTail@CList@@UAEPAXXZ
-  - ?RemoveTail@CLockList@@UAEPAXXZ
-  - ?Reset@CKEvent@@QAEXXZ
-  - ?RestoreCR0@@YGXPAX@Z
-  - ?Run@CAutoUpdateConfigThread@@UAEXXZ
-  - ?Run@CWorkerThread@@UAEXXZ
-  - ?SeekToEnd@CFile@@QAEJXZ
-  - ?Set@CKEvent@@QAEJJE@Z
-  - ?SetAttributes@CFile@@QAEJK@Z
-  - ?SetBlobCofig@CContext@@UAEJKPAXK@Z
-  - ?SetData@CBlobConfig@@QAEHPAXK@Z
-  - ?SetData@CModuleFileExtConfig@@QAEHPBG@Z
-  - ?SetData@CModuleFlagConfig@@QAEHK@Z
-  - ?SetData@CModuleMultiStringConfig@@QAEHPBG@Z
-  - ?SetData@CModuleStringConfig@@QAEHPBG@Z
-  - ?SetEngineContext@CContext@@QAEXPAX@Z
-  - ?SetFileExtensionConfig@CContext@@UAEJKPBG@Z
-  - ?SetFlagConfig@CContext@@UAEJKK@Z
-  - ?SetLinkContext@CContext@@QAEXPAX@Z
-  - ?SetLogFlag@CDebugLog@@QAEEK@Z
-  - ?SetMatchAllExtensions@CFileExtension@@QAEXE@Z
-  - ?SetMatchNoExtensions@CFileExtension@@QAEXE@Z
-  - ?SetMultiStringConfig@CContext@@UAEJKPBG@Z
-  - ?SetNewJobItemEvent@CWorkerThreadJobQueue@@QAEXXZ
-  - ?SetPriority@CSystemThread@@QAEXK@Z
-  - ?SetStopUse@CContext@@QAEXXZ
-  - ?SetStringConfig@CContext@@UAEJKPBG@Z
-  - ?Setup@CSystemThread@@MAEXXZ
-  - ?StopUse@CContext@@QAEHXZ
-  - ?TearDown@CSystemThread@@MAEXXZ
-  - ?Terminate@CSystemThread@@QAEXE@Z
-  - ?Terminate@CWorkerThreadPool@@QAEEXZ
-  - ?TmExceptionFilter@@YGJPAU_EXCEPTION_POINTERS@@@Z
-  - ?Wait@CKEvent@@QAEJPAT_LARGE_INTEGER@@E@Z
-  - ?WaitFinish@CWorkerThreadJob@@QAEXXZ
-  - ?WaitNewJobAvailable@CWorkerThreadJobQueue@@QAEEXZ
-  - ?Write@CDebugLog@@QAAXPBDZZ
-  - ?Write@CFile@@QAEJPADKPAT_LARGE_INTEGER@@PAK@Z
-  - ?WriteSystemInformation@CDebugLog@@QAEXXZ
-  - ?WriteSystemStringInformation@CDebugLog@@IAEXPBG@Z
-  - ?WriteToFile@CDebugLog@@IAEXPADK@Z
-  - ?_pNonPagedAllocator@@3PAVCMemoryAllocator@@A
-  - ?_pPagedAllocator@@3PAVCMemoryAllocator@@A
-  - ?m_lpInstance@CWorkerThreadPool@@1PAV1@A
-  - ?m_lpRCMInstance@CWorkerThreadPool@@1PAV1@A
-  - _DeInitKmLPC@0
-  - _GetModuleInfoByAddress@8
-  - _GetModuleInfoByModuleName@8
-  - _InitKmLPC@0
-  - _KmCallUm@8
-  - _ModGetExportProcAddress@8
-  - _ModLoadDLLToBuffer@4
-  - _ModLoadModule@8
-  - _ModUnLoadModule@4
-  - _NormalizeFileName@4
-  - _NormalizeFullNtPathToDosName@4
-  - _TmCommConfigRoutine@4
-  - _UtilCleanFileReadOnly@4
-  - _UtilDeleteFileForce@4
-  - _UtilGetFileObjectForProcessByEPROC@8
-  - _UtilGetFileObjectFromFileName@12
-  - _UtilGetProcessName@12
-  - _UtilGetSystemTime@4
-  - _UtilIoSetFileInfo@24
-  - _UtilIopCreateFileIRP@40
-  - _UtilKeGetLowFileDevice@16
-  - _UtilModuleIATHook@24
-  - _UtilModuleIATUnHook@8
-  - _UtilQueryKeyValue@24
-  - _UtilVolumeDeviceToDosName@8
-  - _UtilWaitValueChangeToZero@8
-  - _UtilWriteVersionToRegistry@8
-  - _UtilbuildDynamicDiskMappingTable@0
-  - __UtilDosPathNameToNtPathName@12
-  ImportedFunctions:
-  - ExReleaseFastMutexUnsafe
-  - wcsncpy
-  - memcpy
-  - wcsrchr
-  - KeSetEvent
-  - KePulseEvent
-  - KeClearEvent
-  - KeInitializeSemaphore
-  - KeWaitForSingleObject
-  - DbgPrint
-  - KeReleaseSemaphore
-  - RtlSubAuthoritySid
-  - RtlInitializeSid
-  - ExAllocatePoolWithTag
-  - RtlLengthRequiredSid
-  - ExFreePoolWithTag
-  - RtlSetDaclSecurityDescriptor
-  - RtlCreateSecurityDescriptor
-  - RtlAddAccessAllowedAce
-  - RtlCreateAcl
-  - ObfDereferenceObject
-  - ZwSetEvent
-  - ZwClose
-  - KeUnstackDetachProcess
-  - ZwRequestWaitReplyPort
-  - memmove
-  - KeStackAttachProcess
-  - ZwConnectPort
-  - RtlInitUnicodeString
-  - ZwCreateSection
-  - ZwWaitForSingleObject
-  - ZwOpenEvent
-  - ObfReferenceObject
-  - IoGetCurrentProcess
-  - memset
-  - MmIsAddressValid
-  - ZwWriteFile
-  - ZwReadFile
-  - ZwQueryInformationFile
-  - ZwSetInformationFile
-  - ZwCreateFile
-  - swprintf
-  - towupper
-  - _wcsnicmp
-  - KeInitializeEvent
-  - _snprintf
-  - PsGetCurrentProcessId
-  - RtlTimeToTimeFields
-  - ExSystemTimeToLocalTime
-  - KeQuerySystemTime
-  - ZwCreateKey
-  - ZwCreateEvent
-  - KeWaitForMultipleObjects
-  - ObReferenceObjectByHandle
-  - ZwNotifyChangeKey
-  - PsGetCurrentThreadId
-  - _vsnprintf
-  - KeSetPriorityThread
-  - PsTerminateSystemThread
-  - PsCreateSystemThread
-  - KeNumberProcessors
-  - ZwQuerySystemInformation
-  - ZwQueryDirectoryFile
-  - ZwOpenDirectoryObject
-  - ZwQueryDirectoryObject
-  - ZwDuplicateObject
-  - ZwOpenKey
-  - ZwEnumerateKey
-  - ZwEnumerateValueKey
-  - ZwQueryValueKey
-  - ZwDeleteValueKey
-  - ZwDeleteKey
-  - ExGetPreviousMode
-  - ZwTerminateProcess
-  - ObOpenObjectByPointer
-  - PsProcessType
-  - KeLeaveCriticalRegion
-  - ZwQueryKey
-  - ZwSetValueKey
-  - MmHighestUserAddress
-  - IoFreeIrp
-  - IoFreeMdl
-  - MmUnlockPages
-  - _purecall
-  - ProbeForWrite
-  - _strnicmp
-  - RtlQueryRegistryValues
-  - RtlAppendUnicodeToString
-  - KeDelayExecutionThread
-  - mbstowcs
-  - ZwQuerySymbolicLinkObject
-  - ZwOpenSymbolicLinkObject
-  - NtClose
-  - ZwSetInformationObject
-  - _stricmp
-  - ZwUnmapViewOfSection
-  - ZwMapViewOfSection
-  - ZwOpenFile
-  - RtlEqualUnicodeString
-  - IoFileObjectType
-  - IoCreateFile
-  - IofCallDriver
-  - IoAllocateIrp
-  - PsGetVersion
-  - MmGetSystemRoutineAddress
-  - RtlCompareMemory
-  - RtlCopyUnicodeString
-  - RtlImageNtHeader
-  - PsLookupProcessByProcessId
-  - RtlFreeUnicodeString
-  - RtlAnsiStringToUnicodeString
-  - RtlInitAnsiString
-  - strrchr
-  - KeBugCheckEx
-  - RtlAppendUnicodeStringToString
-  - IofCompleteRequest
-  - ExEventObjectType
-  - _allmul
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - IoCreateSymbolicLink
-  - ProbeForRead
-  - IoGetDeviceObjectPointer
-  - MmBuildMdlForNonPagedPool
-  - IoAllocateMdl
-  - RtlUpperChar
-  - RtlCompareUnicodeString
-  - strncpy
-  - KeServiceDescriptorTable
-  - NtOpenProcess
-  - ObReferenceObjectByPointer
-  - MmSectionObjectType
-  - ObQueryNameString
-  - ObOpenObjectByName
-  - IoDriverObjectType
-  - NtQueryInformationProcess
-  - _snwprintf
-  - ZwAllocateVirtualMemory
-  - ZwFreeVirtualMemory
-  - KeAddSystemServiceTable
-  - ZwQueryObject
-  - ZwQuerySecurityObject
-  - ObInsertObject
-  - _allrem
-  - IoBuildDeviceIoControlRequest
-  - IoReleaseVpbSpinLock
-  - IoAcquireVpbSpinLock
-  - SeCreateAccessState
-  - IoGetFileObjectGenericMapping
-  - ObCreateObject
-  - _allshr
-  - KeTickCount
-  - RtlUnwind
-  - KeEnterCriticalRegion
-  - ZwOpenProcess
-  - ExAcquireFastMutexUnsafe
-  - ZwSetSecurityObject
-  - IoDeviceObjectType
-  - IoCreateDevice
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetSaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - RtlLengthSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - SeExports
-  - IoIsWdmVersionAvailable
-  - RtlLengthSid
-  - wcschr
-  - RtlAbsoluteToSelfRelativeSD
-  - IoBuildAsynchronousFsdRequest
-  - KeGetCurrentThread
-  - KfLowerIrql
-  - KeRaiseIrqlToDpcLevel
-  - ClassInitialize
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=TW, ST=Taiwan, L=Taipei, O=Trend Micro, Inc., OU=Digital ID Class
-        3 , Microsoft Software Validation v2, OU=RD, CN=Trend Micro, Inc.
-      ValidFrom: '2008-01-16 00:00:00'
-      ValidTo: '2011-02-16 23:59:59'
-      Signature: 5a693868cea6ba49064b801a0d9e12887a37cbb92cca2950cc5e99c2df9aec5697422e67cd042836daf09a09e739f625255841fed1ec9657cb8b3edc08c55c302574cbdb3f7de2798ed769d766402619b48041f9d90f8c904488788412b1c632055e1afc4a5bbac642cb626bd20fece0feaa6cf9b287887788cf64586309a14a644b5f0595c0ddcb7d789831faedb48451e40e342da4ccbc38a5e992e57e7ce5328d531a8c68e61f9dc9be65605c1bedf3358579000b91a19b3be388bac36b58ca76b72358bd8e74e0a7b08b0587bb7a29758c01af40b80e8e72c76abd3a2babfe7c1ed6e7b1cd9b0221a605062b6d9d0ceb57e0eb305fdc5eb5bf6ea442f4c9
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 645212f783f4d7aba3555729e99ce065
-      Version: 3
-      TBS:
-        MD5: e00f0a38c65f7c0b9f19b97448d6a0e3
-        SHA1: 91c033a2f289418c4101654dceacef1b25bb55d0
-        SHA256: 38b3fcbdb734b0e3439f3c9a3c4c1712091f577d2b616d41224137faf7ba7c86
-        SHA384: d3a0e6ebbe1b8a4847fa56fa62a48d76fc223870a66d30de9ce77fe5ff4ac0eeb84644ab4b67a7c4638ce79dec03a62d
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 645212f783f4d7aba3555729e99ce065
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 76921aba04baecd2d45f9dfe4dcc990b
-    SHA1: 67b5d031a35a5f2585df570a51ec645d2afa7d42
-    SHA256: 6bea33a3d3886f3e61db7639abe45fc5e80ab3d1ee18b40248b0816c17f32433
-  Sections:
-    .text:
-      Entropy: 6.638788655632177
-      Virtual Size: '0x1af23'
-    .rdata:
-      Entropy: 4.634666729330959
-      Virtual Size: '0x144c'
-    .data:
-      Entropy: 3.9446075307325157
-      Virtual Size: '0x16bc'
-    PAGE:
-      Entropy: 6.243598029174851
-      Virtual Size: '0x13dd'
-    .edata:
-      Entropy: 5.749935609745734
-      Virtual Size: '0x41dd'
-    INIT:
-      Entropy: 5.631772594207243
-      Virtual Size: '0x118c'
-    .rsrc:
-      Entropy: 3.4004517599515784
-      Virtual Size: '0x4b0'
-    .reloc:
-      Entropy: 6.410366991109568
-      Virtual Size: '0x1b90'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2009-11-01 22:13:22'
-  Imphash: 6903b92e7760c5d7f7c181b64eb13176
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: TmComm.sys
-  MD5: 3e796eb95aca7e620d6a0c2118d6871b
-  SHA1: dc6e62dbde5869a6adc92253fff6326b6af5c8d4
-  SHA256: 478d855b648ef4501d3b08b3b10e94076ac67546b0ce86b454324f1bf9a78aa0
-  Authentihash:
-    MD5: 3d01509bec77747dea890e23147245ca
-    SHA1: 3dab396397670007e1d04f9497a7d4d6244d0cb7
-    SHA256: c032e2abdf4f07ba42ce4559e6413387becbebb0a43c287b6d367dbb33bde751
-  Description: TrendMicro Common Module
-  Company: Trend Micro Inc.
-  InternalName: TmComm.sys
-  OriginalFilename: TmComm.sys
-  FileVersion: 6.60.0.1082
-  Product: Trend Micro Eyes
-  ProductVersion: '6.60'
-  Copyright: Copyright  (C)  2019 Trend Micro Incorporated. All rights reserved.
-  MachineType: I386
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  - CLASSPNP.SYS
-  ExportedFunctions:
-  - ??0CAutoUpdateConfigThread@@QAE@ABV0@@Z
-  - ??0CAutoUpdateConfigThread@@QAE@PAU_UNICODE_STRING@@P6GX0PAX@Z1@Z
-  - ??0CBlobConfig@@QAE@ABV0@@Z
-  - ??0CBlobConfig@@QAE@K@Z
-  - ??0CContext@@QAE@ABV0@@Z
-  - ??0CContext@@QAE@KP6GJPAU_EVENT_REPORT@@PAXPAU_TMCE_REPORT@@PAU_TMCE_FEEDBACK@@@Z1K@Z
-  - ??0CContextList@@QAE@ABV0@@Z
-  - ??0CContextList@@QAE@KPAVIMemoryAllocator@@@Z
-  - ??0CDebugLog@@QAE@ABV0@@Z
-  - ??0CDebugLog@@QAE@PBG@Z
-  - ??0CDebugLogEx@@QAE@ABV0@@Z
-  - ??0CDebugLogEx@@QAE@K@Z
-  - ??0CDelayLoadThread@@QAE@ABV0@@Z
-  - ??0CDelayLoadThread@@QAE@XZ
-  - ??0CExclusionExtConfig@@QAE@ABV0@@Z
-  - ??0CExclusionExtConfig@@QAE@KKE@Z
-  - ??0CExclusionFileNameConfig@@QAE@ABV0@@Z
-  - ??0CExclusionFileNameConfig@@QAE@KK@Z
-  - ??0CExclusionFilePathConfig@@QAE@ABV0@@Z
-  - ??0CExclusionFilePathConfig@@QAE@KK@Z
-  - ??0CExclusionFolderConfig@@QAE@ABV0@@Z
-  - ??0CExclusionFolderConfig@@QAE@KK@Z
-  - ??0CExclusionRegistryConfig@@QAE@ABV0@@Z
-  - ??0CExclusionRegistryConfig@@QAE@KK@Z
-  - ??0CFile@@QAE@ABV0@@Z
-  - ??0CFile@@QAE@E@Z
-  - ??0CFileExtension@@QAE@ABV0@@Z
-  - ??0CFileExtension@@QAE@KEEPAVIMemoryAllocator@@@Z
-  - ??0CInclusionExtConfig@@QAE@ABV0@@Z
-  - ??0CInclusionExtConfig@@QAE@KKE@Z
-  - ??0CInclusionFileNameConfig@@QAE@ABV0@@Z
-  - ??0CInclusionFileNameConfig@@QAE@KK@Z
-  - ??0CInclusionFilePathConfig@@QAE@ABV0@@Z
-  - ??0CInclusionFilePathConfig@@QAE@KK@Z
-  - ??0CInclusionFolderConfig@@QAE@ABV0@@Z
-  - ??0CInclusionFolderConfig@@QAE@KK@Z
-  - ??0CKEvent@@QAE@ABV0@@Z
-  - ??0CKEvent@@QAE@W4_EVENT_TYPE@@E@Z
-  - ??0CList@@QAE@ABV0@@Z
-  - ??0CList@@QAE@KPAVIMemoryAllocator@@@Z
-  - ??0CLockEvent@@QAE@ABV0@@Z
-  - ??0CLockEvent@@QAE@XZ
-  - ??0CLockList@@QAE@ABV0@@Z
-  - ??0CLockList@@QAE@KKPAVIMemoryAllocator@@@Z
-  - ??0CMemoryAllocator@@IAE@W4_POOL_TYPE@@K@Z
-  - ??0CMemoryAllocator@@QAE@ABV0@@Z
-  - ??0CMemoryPoolAllocator@@IAE@W4_POOL_TYPE@@KKK@Z
-  - ??0CMemoryPoolAllocator@@QAE@ABV0@@Z
-  - ??0CModuleConfig@@QAE@ABV0@@Z
-  - ??0CModuleConfig@@QAE@XZ
-  - ??0CModuleConfigList@@QAE@ABV0@@Z
-  - ??0CModuleConfigList@@QAE@KPAVIMemoryAllocator@@@Z
-  - ??0CModuleFileExtConfig@@QAE@ABV0@@Z
-  - ??0CModuleFileExtConfig@@QAE@KKE@Z
-  - ??0CModuleFlagConfig@@QAE@ABV0@@Z
-  - ??0CModuleFlagConfig@@QAE@K@Z
-  - ??0CModuleMultiStringConfig@@QAE@ABV0@@Z
-  - ??0CModuleMultiStringConfig@@QAE@KK@Z
-  - ??0CModuleStringConfig@@QAE@ABV0@@Z
-  - ??0CModuleStringConfig@@QAE@K@Z
-  - ??0CNoLockList@@QAE@ABV0@@Z
-  - ??0CNoLockList@@QAE@KKPAVIMemoryAllocator@@@Z
-  - ??0CSmartLock@@QAE@AAVCLockEvent@@@Z
-  - ??0CSmartLock@@QAE@XZ
-  - ??0CSmartReference@@QAE@AAJ@Z
-  - ??0CSmartReference@@QAE@AAK@Z
-  - ??0CSmartResource@@QAE@AAVCResource@@E@Z
-  - ??0CStrList@@QAE@ABV0@@Z
-  - ??0CStrList@@QAE@KPAVIMemoryAllocator@@@Z
-  - ??0CSystemThread@@QAE@ABV0@@Z
-  - ??0CSystemThread@@QAE@K@Z
-  - ??0CUserFuncAdapterJob@@QAE@ABV0@@Z
-  - ??0CUserFuncAdapterJob@@QAE@P6GXPAX@Z01@Z
-  - ??0CWorkerThread@@IAE@PAVCWorkerThreadJobQueue@@@Z
-  - ??0CWorkerThread@@QAE@ABV0@@Z
-  - ??0CWorkerThreadJob@@QAE@ABV0@@Z
-  - ??0CWorkerThreadJob@@QAE@E@Z
-  - ??0CWorkerThreadJobQueue@@QAE@ABV0@@Z
-  - ??0CWorkerThreadJobQueue@@QAE@K@Z
-  - ??0CWorkerThreadPool@@QAE@ABV0@@Z
-  - ??0CWorkerThreadPool@@QAE@K@Z
-  - ??0CWorkerThreadPoolEx@@QAE@ABV0@@Z
-  - ??0CWorkerThreadPoolEx@@QAE@KK@Z
-  - ??0IMemoryAllocator@@QAE@ABV0@@Z
-  - ??0IMemoryAllocator@@QAE@XZ
-  - ??1CAutoUpdateConfigThread@@UAE@XZ
-  - ??1CBlobConfig@@UAE@XZ
-  - ??1CContext@@UAE@XZ
-  - ??1CContextList@@UAE@XZ
-  - ??1CDebugLog@@UAE@XZ
-  - ??1CDebugLogEx@@UAE@XZ
-  - ??1CDelayLoadThread@@UAE@XZ
-  - ??1CExclusionExtConfig@@UAE@XZ
-  - ??1CExclusionFileNameConfig@@UAE@XZ
-  - ??1CExclusionFilePathConfig@@UAE@XZ
-  - ??1CExclusionFolderConfig@@UAE@XZ
-  - ??1CExclusionRegistryConfig@@UAE@XZ
-  - ??1CFile@@UAE@XZ
-  - ??1CFileExtension@@UAE@XZ
-  - ??1CInclusionExtConfig@@UAE@XZ
-  - ??1CInclusionFileNameConfig@@UAE@XZ
-  - ??1CInclusionFilePathConfig@@UAE@XZ
-  - ??1CInclusionFolderConfig@@UAE@XZ
-  - ??1CKEvent@@UAE@XZ
-  - ??1CList@@UAE@XZ
-  - ??1CLockEvent@@UAE@XZ
-  - ??1CLockList@@UAE@XZ
-  - ??1CMemoryAllocator@@UAE@XZ
-  - ??1CMemoryPoolAllocator@@UAE@XZ
-  - ??1CModuleConfig@@UAE@XZ
-  - ??1CModuleConfigList@@UAE@XZ
-  - ??1CModuleFileExtConfig@@UAE@XZ
-  - ??1CModuleFlagConfig@@UAE@XZ
-  - ??1CModuleMultiStringConfig@@UAE@XZ
-  - ??1CModuleStringConfig@@UAE@XZ
-  - ??1CNoLockList@@UAE@XZ
-  - ??1CSmartLock@@QAE@XZ
-  - ??1CSmartReference@@QAE@XZ
-  - ??1CSmartResource@@QAE@XZ
-  - ??1CStrList@@UAE@XZ
-  - ??1CSystemThread@@UAE@XZ
-  - ??1CUserFuncAdapterJob@@UAE@XZ
-  - ??1CWorkerThread@@UAE@XZ
-  - ??1CWorkerThreadJob@@UAE@XZ
-  - ??1CWorkerThreadJobQueue@@UAE@XZ
-  - ??1CWorkerThreadPool@@UAE@XZ
-  - ??1CWorkerThreadPoolEx@@UAE@XZ
-  - ??1IMemoryAllocator@@UAE@XZ
-  - ??2@YAPAXIPAVIMemoryAllocator@@PBDK@Z
-  - ??2CMemoryAllocator@@SGPAXI@Z
-  - ??2CMemoryPoolAllocator@@SGPAXI@Z
-  - ??3@YAXPAX@Z
-  - ??3IMemoryAllocator@@SGXPAX@Z
-  - ??4CAutoUpdateConfigThread@@QAEAAV0@ABV0@@Z
-  - ??4CBlobConfig@@QAEAAV0@ABV0@@Z
-  - ??4CContext@@QAEAAV0@ABV0@@Z
-  - ??4CDebugLog@@QAEAAV0@ABV0@@Z
-  - ??4CDebugLogEx@@QAEAAV0@ABV0@@Z
-  - ??4CDelayLoadThread@@QAEAAV0@ABV0@@Z
-  - ??4CFile@@QAEAAV0@ABV0@@Z
-  - ??4CKEvent@@QAEAAV0@ABV0@@Z
-  - ??4CLockEvent@@QAEAAV0@ABV0@@Z
-  - ??4CMemoryAllocator@@QAEAAV0@ABV0@@Z
-  - ??4CMemoryPoolAllocator@@QAEAAV0@ABV0@@Z
-  - ??4CModuleConfig@@QAEAAV0@ABV0@@Z
-  - ??4CModuleFlagConfig@@QAEAAV0@ABV0@@Z
-  - ??4CModuleStringConfig@@QAEAAV0@ABV0@@Z
-  - ??4CSmartLock@@QAEAAV0@ABV0@@Z
-  - ??4CSmartLock@@QAEABV0@AAVCLockEvent@@@Z
-  - ??4CSmartResource@@QAEAAV0@ABV0@@Z
-  - ??4CSystemThread@@QAEAAV0@ABV0@@Z
-  - ??4CUserFuncAdapterJob@@QAEAAV0@ABV0@@Z
-  - ??4CWorkerThread@@QAEAAV0@ABV0@@Z
-  - ??4CWorkerThreadJob@@QAEAAV0@ABV0@@Z
-  - ??4IMemoryAllocator@@QAEAAV0@ABV0@@Z
-  - ??_7CAutoUpdateConfigThread@@6B@
-  - ??_7CBlobConfig@@6B@
-  - ??_7CContext@@6B@
-  - ??_7CContextList@@6B@
-  - ??_7CDebugLog@@6B@
-  - ??_7CDebugLogEx@@6B@
-  - ??_7CDelayLoadThread@@6B@
-  - ??_7CExclusionExtConfig@@6B@
-  - ??_7CExclusionFileNameConfig@@6B@
-  - ??_7CExclusionFilePathConfig@@6B@
-  - ??_7CExclusionFolderConfig@@6B@
-  - ??_7CExclusionRegistryConfig@@6B@
-  - ??_7CFile@@6B@
-  - ??_7CFileExtension@@6B@
-  - ??_7CInclusionExtConfig@@6B@
-  - ??_7CInclusionFileNameConfig@@6B@
-  - ??_7CInclusionFilePathConfig@@6B@
-  - ??_7CInclusionFolderConfig@@6B@
-  - ??_7CKEvent@@6B@
-  - ??_7CList@@6B@
-  - ??_7CLockEvent@@6B@
-  - ??_7CLockList@@6B@
-  - ??_7CMemoryAllocator@@6B@
-  - ??_7CMemoryPoolAllocator@@6B@
-  - ??_7CModuleConfig@@6B@
-  - ??_7CModuleConfigList@@6B@
-  - ??_7CModuleFileExtConfig@@6B@
-  - ??_7CModuleFlagConfig@@6B@
-  - ??_7CModuleMultiStringConfig@@6B@
-  - ??_7CModuleStringConfig@@6B@
-  - ??_7CNoLockList@@6B@
-  - ??_7CStrList@@6B@
-  - ??_7CSystemThread@@6B@
-  - ??_7CUserFuncAdapterJob@@6B@
-  - ??_7CWorkerThread@@6B@
-  - ??_7CWorkerThreadJob@@6B@
-  - ??_7CWorkerThreadJobQueue@@6B@
-  - ??_7CWorkerThreadPool@@6B@
-  - ??_7CWorkerThreadPoolEx@@6B@
-  - ??_7IMemoryAllocator@@6B@
-  - ??_FCContextList@@QAEXXZ
-  - ??_FCFile@@QAEXXZ
-  - ??_FCFileExtension@@QAEXXZ
-  - ??_FCModuleConfigList@@QAEXXZ
-  - ??_FCStrList@@QAEXXZ
-  - ??_FCSystemThread@@QAEXXZ
-  - ??_FCWorkerThread@@QAEXXZ
-  - ??_FCWorkerThreadJob@@QAEXXZ
-  - ??_FCWorkerThreadJobQueue@@QAEXXZ
-  - ??_U@YAPAXIPAVIMemoryAllocator@@PBDK@Z
-  - ??_V@YAXPAX@Z
-  - ?Acquire@CLockEvent@@QAEXXZ
-  - ?Add@CContextList@@QAEEPAVCContext@@@Z
-  - ?Add@CFileExtension@@QAEEPBGK@Z
-  - ?Add@CModuleConfigList@@QAEEPAVCModuleConfig@@@Z
-  - ?Add@CStrList@@QAEEPBG@Z
-  - ?AddNode@CLockList@@UAEEQAXE@Z
-  - ?AddNode@CNoLockList@@UAEEQAXE@Z
-  - ?Alloc@CMemoryAllocator@@UAEPAXKPBDK@Z
-  - ?Alloc@CMemoryPoolAllocator@@UAEPAXKPBDK@Z
-  - ?AllocBlock@CMemoryPoolAllocator@@IAEPAXK@Z
-  - ?AttachJobQueue@CWorkerThread@@QAEXPAVCWorkerThreadJobQueue@@@Z
-  - ?Cancel@CWorkerThreadJob@@QAEXXZ
-  - ?CheckNode@CLockList@@UAEHQAX@Z
-  - ?CheckNode@CNoLockList@@UAEHQAX@Z
-  - ?CleanQueue@CWorkerThreadJobQueue@@QAEXXZ
-  - ?Cleanup@CBlobConfig@@AAEXXZ
-  - ?Cleanup@CModuleFileExtConfig@@IAEXXZ
-  - ?Cleanup@CModuleMultiStringConfig@@IAEXXZ
-  - ?Cleanup@CModuleStringConfig@@AAEXXZ
-  - ?Close@CFile@@QAEJXZ
-  - ?Count@CLockList@@QAEKXZ
-  - ?Count@CNoLockList@@QAEKXZ
-  - ?Create@CFile@@QAEJPBGKKKK@Z
-  - ?Create@CSystemThread@@QAEEXZ
-  - ?CreateInstance@CMemoryAllocator@@SGPAV1@W4_POOL_TYPE@@K@Z
-  - ?CreateInstance@CMemoryPoolAllocator@@SGPAV1@W4_POOL_TYPE@@KKK@Z
-  - ?CreatePool@CWorkerThreadPool@@QAEEXZ
-  - ?CreatePool@CWorkerThreadPoolEx@@QAEEXZ
-  - ?CreateThreads@CWorkerThreadPool@@QAEEK@Z
-  - ?CreateThreads@CWorkerThreadPoolEx@@QAEEK@Z
-  - ?CreateWIRP@CFile@@QAEJPBGKKKK@Z
-  - ?Delete@CFile@@QAEJXZ
-  - ?Delete@CFileExtension@@QAEEPBGK@Z
-  - ?Delete@CStrList@@QAEEPBG@Z
-  - ?DeleteAll@CList@@UAEXXZ
-  - ?DeleteAll@CLockList@@UAEXXZ
-  - ?DeleteAll@CNoLockList@@UAEXXZ
-  - ?DeleteNode@CContextList@@MAEXPAX@Z
-  - ?DeleteNode@CList@@UAEXPAX@Z
-  - ?DeleteNode@CModuleConfigList@@MAEXPAX@Z
-  - ?DeleteNode@CStrList@@EAEXPAU_STR_LIST_NODE@1@@Z
-  - ?DisableWriteProtectFromCR0@@YGXPAPAX@Z
-  - ?DoIt@CWorkerThreadJob@@QAEJXZ
-  - ?EntryPoint@CSystemThread@@KGXPAX@Z
-  - ?Find@CContextList@@QAEPAVCContext@@K@Z
-  - ?Find@CContextList@@QAEPAVCContext@@PAX@Z
-  - ?Find@CFileExtension@@QAEPAU_STR_LIST_NODE@CStrList@@PBGK@Z
-  - ?Find@CModuleConfigList@@QAEPAVCModuleConfig@@K@Z
-  - ?Find@CStrList@@QAEPAU_STR_LIST_NODE@1@PBG@Z
-  - ?FindNode@CContextList@@IAEPAXPAX@Z
-  - ?FindPartiallyAndAllMatch@CStrList@@QAEPAU_STR_LIST_NODE@1@PBG@Z
-  - ?FinishFunction@CUserFuncAdapterJob@@MAEXXZ
-  - ?FinishIt@CWorkerThreadJob@@QAEJXZ
-  - ?First@CList@@UAEPAXXZ
-  - ?First@CLockList@@UAEPAXXZ
-  - ?First@CNoLockList@@UAEPAXXZ
-  - ?Free@CMemoryAllocator@@UAEXPAX@Z
-  - ?Free@CMemoryPoolAllocator@@UAEXPAX@Z
-  - ?GetAttributes@CFile@@QAEKXZ
-  - ?GetBasicInfomration@CFile@@IAEJXZ
-  - ?GetBlobCofig@CContext@@UAEJKPAXPAK@Z
-  - ?GetCategory@CContext@@QAEKXZ
-  - ?GetData@CBlobConfig@@QAEHPAXPAK@Z
-  - ?GetData@CModuleFileExtConfig@@QAEHPAGPAK@Z
-  - ?GetData@CModuleFileExtConfig@@QAEPAVCFileExtension@@XZ
-  - ?GetData@CModuleFlagConfig@@QAEKXZ
-  - ?GetData@CModuleMultiStringConfig@@QAEHPAGPAK@Z
-  - ?GetData@CModuleMultiStringConfig@@QAEPAVCStrList@@XZ
-  - ?GetData@CModuleStringConfig@@QAEPAGXZ
-  - ?GetData@CStrList@@QAEEPAGPAK@Z
-  - ?GetDataType@CModuleConfig@@QAEKXZ
-  - ?GetEngineContext@CContext@@QAEPAXXZ
-  - ?GetFileExtensionConfig@CContext@@QAEPAVCFileExtension@@K@Z
-  - ?GetFileExtensionConfig@CContext@@UAEJKPAGPAK@Z
-  - ?GetFileSize@CFile@@QAEJPAT_LARGE_INTEGER@@@Z
-  - ?GetFileSizeWIRP@CFile@@QAEJPAT_LARGE_INTEGER@@@Z
-  - ?GetFlagConfig@CContext@@UAEJKPAK@Z
-  - ?GetID@CModuleConfig@@QAEKXZ
-  - ?GetJob@CWorkerThreadJobQueue@@QAEPAVCWorkerThreadJob@@XZ
-  - ?GetLength@CModuleStringConfig@@QAEKXZ
-  - ?GetLinkContext@CContext@@QAEPAXXZ
-  - ?GetLogFlag@CDebugLog@@QAEKXZ
-  - ?GetLogFlag@CDebugLogEx@@QAEKXZ
-  - ?GetModuleId@CModuleConfig@@QAEKXZ
-  - ?GetMultiStringConfig@CContext@@QAEPAVCStrList@@K@Z
-  - ?GetMultiStringConfig@CContext@@UAEJKPAGPAK@Z
-  - ?GetOneThreadTEB@CWorkerThreadPool@@QAEPAU_ETHREAD@@XZ
-  - ?GetOneThreadTEB@CWorkerThreadPool@@QAEPAU_KTHREAD@@XZ
-  - ?GetOneThreadTEB@CWorkerThreadPoolEx@@QAEPAU_ETHREAD@@XZ
-  - ?GetOneThreadTEB@CWorkerThreadPoolEx@@QAEPAU_KTHREAD@@XZ
-  - ?GetReportCallBackRoutine@CContext@@QAEKXZ
-  - ?GetSize@CBlobConfig@@QAEKXZ
-  - ?GetStringConfig@CContext@@QAEPAGK@Z
-  - ?GetStringConfig@CContext@@UAEJKPAGPAK@Z
-  - ?GetThreadCount@CWorkerThreadPool@@QAEKXZ
-  - ?GetThreadCount@CWorkerThreadPoolEx@@QAEKXZ
-  - ?GetThreadID@CSystemThread@@QAEKXZ
-  - ?GetType@CContext@@QAEKXZ
-  - ?GetUserParameter@CContext@@QAEKXZ
-  - ?InitProcMon@CDebugLogEx@@IAEXXZ
-  - ?InitializeBlobConfig@CContext@@QAEHKPAXK@Z
-  - ?InitializeFileExtensionConfig@CContext@@QAEHKPBG@Z
-  - ?InitializeFlagConfig@CContext@@QAEHKK@Z
-  - ?InitializeMultiStringConfig@CContext@@QAEHKPBG@Z
-  - ?InitializeStringConfig@CContext@@QAEHKPBG@Z
-  - ?Insert@CList@@UAEXQAXE@Z
-  - ?Insert@CLockList@@UAEXQAXE@Z
-  - ?Insert@CNoLockList@@UAEXQAXE@Z
-  - ?InsertAfter@CList@@UAEXPAX0@Z
-  - ?InsertBefore@CList@@UAEXPAX0@Z
-  - ?Instance@CWorkerThreadPool@@SGPAV1@XZ
-  - ?IsEmpty@CList@@UAEEXZ
-  - ?IsEmpty@CLockList@@UAEEXZ
-  - ?IsEmpty@CNoLockList@@UAEEXZ
-  - ?IsExceedLimitation@CMemoryPoolAllocator@@IAEEK@Z
-  - ?IsFull@CLockList@@QBEEXZ
-  - ?IsFull@CNoLockList@@QBEEXZ
-  - ?IsInExclusionList@CExclusionExtConfig@@QAEEPBG@Z
-  - ?IsInExclusionList@CExclusionFileNameConfig@@QAEEPBG@Z
-  - ?IsInExclusionList@CExclusionFilePathConfig@@QAEEPBG@Z
-  - ?IsInExclusionList@CExclusionFolderConfig@@QAEEPBG@Z
-  - ?IsInExclusionList@CExclusionRegistryConfig@@QAEEPBG@Z
-  - ?IsInInclusionList@CInclusionExtConfig@@QAEEPBG@Z
-  - ?IsInInclusionList@CInclusionFileNameConfig@@QAEEPBG@Z
-  - ?IsInInclusionList@CInclusionFilePathConfig@@QAEEPBG@Z
-  - ?IsInInclusionList@CInclusionFolderConfig@@QAEEPBG@Z
-  - ?IsOpened@CFile@@QAEEXZ
-  - ?IsTerminated@CWorkerThreadPool@@QAEEXZ
-  - ?IsTerminated@CWorkerThreadPoolEx@@QAEEXZ
-  - ?IsValid@CMemoryAllocator@@UAEEXZ
-  - ?IsValid@CMemoryPoolAllocator@@UAEEXZ
-  - ?IsValid@IMemoryAllocator@@UAEEXZ
-  - ?IsWorkerThread@CWorkerThreadPool@@QAEEK@Z
-  - ?IsWorkerThread@CWorkerThreadPoolEx@@QAEEK@Z
-  - ?JobFunction@CUserFuncAdapterJob@@MAEXXZ
-  - ?JobQueue@CWorkerThreadPool@@QAEAAVCWorkerThreadJobQueue@@XZ
-  - ?JobQueue@CWorkerThreadPoolEx@@QAEAAVCWorkerThreadJobQueue@@XZ
-  - ?Limit@CLockList@@QAEKXZ
-  - ?Limit@CNoLockList@@QAEKXZ
-  - ?MatchAllExtensions@CFileExtension@@QAEEXZ
-  - ?MatchNoExtensions@CFileExtension@@QAEEXZ
-  - ?MergeLeft@CMemoryPoolAllocator@@IAEPAXPAX@Z
-  - ?MergeRight@CMemoryPoolAllocator@@IAEPAXPAX@Z
-  - ?NeedDelete@CWorkerThreadJob@@QAEEXZ
-  - ?NeedDeleteWhenFinish@CWorkerThreadJob@@QAEXE@Z
-  - ?NewNode@CList@@UAEPAXXZ
-  - ?NewNode@CStrList@@EAEPAXXZ
-  - ?NewNodeVariant@CList@@IAEPAXK@Z
-  - ?Next@CList@@UBEPAXQAX@Z
-  - ?Next@CLockList@@UBEPAXQAX@Z
-  - ?Next@CNoLockList@@UBEPAXQAX@Z
-  - ?NextPool@CMemoryPoolAllocator@@QAEPAV1@XZ
-  - ?NotityTerminate@CWorkerThread@@QAEXXZ
-  - ?PostJobToWorkerThread@CWorkerThreadPool@@QAEJP6GXPAX@Z0E@Z
-  - ?PostJobToWorkerThread@CWorkerThreadPoolEx@@QAEJP6GXPAX@Z0E1@Z
-  - ?Pulse@CKEvent@@QAEJJE@Z
-  - ?QueueJob@CWorkerThreadJobQueue@@QAEEPAVCWorkerThreadJob@@@Z
-  - ?QueueJobItem@CWorkerThreadPool@@QAEJPAVCWorkerThreadJob@@@Z
-  - ?QueueJobItem@CWorkerThreadPoolEx@@QAEJPAVCWorkerThreadJob@@@Z
-  - ?RCMInstance@CWorkerThreadPool@@SGPAV1@XZ
-  - ?Read@CFile@@QAEJPADKPAK@Z
-  - ?ReadWIRP@CFile@@QAEJPADKPAK@Z
-  - ?ReferenceCount@CContext@@QAEAAKXZ
-  - ?Release@CLockEvent@@QAEXXZ
-  - ?Remove@CContextList@@UAEEQAX@Z
-  - ?Remove@CList@@UAEEQAX@Z
-  - ?Remove@CLockList@@UAEEQAX@Z
-  - ?Remove@CNoLockList@@UAEEQAX@Z
-  - ?RemoveHead@CList@@UAEPAXXZ
-  - ?RemoveHead@CLockList@@UAEPAXXZ
-  - ?RemoveHead@CNoLockList@@UAEPAXXZ
-  - ?RemoveTail@CList@@UAEPAXXZ
-  - ?RemoveTail@CLockList@@UAEPAXXZ
-  - ?RemoveTail@CNoLockList@@UAEPAXXZ
-  - ?Reset@CKEvent@@QAEXXZ
-  - ?ResetData@CInclusionExtConfig@@QAEXXZ
-  - ?ResetData@CInclusionFileNameConfig@@QAEXXZ
-  - ?ResetData@CInclusionFilePathConfig@@QAEXXZ
-  - ?ResetData@CInclusionFolderConfig@@QAEXXZ
-  - ?RestoreCR0@@YGXPAX@Z
-  - ?Run@CAutoUpdateConfigThread@@UAEXXZ
-  - ?Run@CDelayLoadThread@@UAEXXZ
-  - ?Run@CWorkerThread@@UAEXXZ
-  - ?SeekToEnd@CFile@@QAEJXZ
-  - ?Set@CKEvent@@QAEJJE@Z
-  - ?SetAttributes@CFile@@QAEJK@Z
-  - ?SetBlobCofig@CContext@@UAEJKPAXK@Z
-  - ?SetData@CBlobConfig@@QAEHPAXK@Z
-  - ?SetData@CModuleFileExtConfig@@QAEHPBG@Z
-  - ?SetData@CModuleFlagConfig@@QAEHK@Z
-  - ?SetData@CModuleMultiStringConfig@@QAEHPBGK@Z
-  - ?SetData@CModuleStringConfig@@QAEHPBG@Z
-  - ?SetEngineContext@CContext@@QAEXPAX@Z
-  - ?SetFileExtensionConfig@CContext@@UAEJKPBG@Z
-  - ?SetFlagConfig@CContext@@UAEJKK@Z
-  - ?SetLinkContext@CContext@@QAEXPAX@Z
-  - ?SetLogFlag@CDebugLog@@QAEEK@Z
-  - ?SetLogFlag@CDebugLogEx@@QAEEK@Z
-  - ?SetMatchAllExtensions@CFileExtension@@QAEXE@Z
-  - ?SetMatchNoExtensions@CFileExtension@@QAEXE@Z
-  - ?SetMultiStringConfig@CContext@@UAEJKPBG@Z
-  - ?SetNewJobItemEvent@CWorkerThreadJobQueue@@QAEXXZ
-  - ?SetPriority@CSystemThread@@QAEXK@Z
-  - ?SetStopUse@CContext@@QAEXXZ
-  - ?SetStringConfig@CContext@@UAEJKPBG@Z
-  - ?Setup@CSystemThread@@MAEXXZ
-  - ?StopUse@CContext@@QAEHXZ
-  - ?TearDown@CSystemThread@@MAEXXZ
-  - ?Terminate@CSystemThread@@QAEXE@Z
-  - ?Terminate@CWorkerThreadPool@@QAEEXZ
-  - ?Terminate@CWorkerThreadPoolEx@@QAEEXZ
-  - ?TmExceptionFilter@@YGJPAU_EXCEPTION_POINTERS@@@Z
-  - ?Wait@CKEvent@@QAEJPAT_LARGE_INTEGER@@E@Z
-  - ?WaitFinish@CWorkerThreadJob@@QAEXXZ
-  - ?WaitForInit@CDelayLoadThread@@QAEEXZ
-  - ?WaitForLoad@CDelayLoadThread@@QAEEXZ
-  - ?WaitNewJobAvailable@CWorkerThreadJobQueue@@QAEEXZ
-  - ?WaitQueueEmpty@CWorkerThreadJobQueue@@QAEXXZ
-  - ?Write@CDebugLog@@QAAXPBDZZ
-  - ?Write@CDebugLogEx@@QAAXPBDZZ
-  - ?Write@CFile@@QAEJPADKPAT_LARGE_INTEGER@@PAK@Z
-  - ?WriteDataToFile@CDebugLogEx@@IAEXPADK@Z
-  - ?WriteDataToProcMonW@CDebugLogEx@@IAEXPAD@Z
-  - ?WriteSystemInformation@CDebugLog@@QAEXXZ
-  - ?WriteSystemInformation@CDebugLogEx@@QAEXXZ
-  - ?WriteSystemStringInformation@CDebugLog@@IAEXPBG@Z
-  - ?WriteSystemStringInformation@CDebugLogEx@@IAEXPBG@Z
-  - ?WriteToFile@CDebugLog@@IAEXPADK@Z
-  - ?WriteToProcMonW@CDebugLogEx@@IAEXPAU_UNICODE_STRING@@@Z
-  - ?_pNonPagedAllocator@@3PAVCMemoryAllocator@@A
-  - ?_pPagedAllocator@@3PAVCMemoryAllocator@@A
-  - ?m_lpInstance@CWorkerThreadPool@@1PAV1@A
-  - ?m_lpRCMInstance@CWorkerThreadPool@@1PAV1@A
-  - _DeInitKm2UmCommunication@0
-  - _DeInitKmLPC@0
-  - _DuplicateFullFileName@4
-  - _FreeFullFileName@4
-  - _GetFileVersionOfNtoskrnl@16
-  - _GetKm2UmMode@0
-  - _GetModuleInfoByAddress@8
-  - _GetModuleInfoByModuleName@8
-  - _InitKm2UmCommunication@8
-  - _InitKmLPC@0
-  - _IsVerifierCodeCheckFlagOn@0
-  - _IsWindows8_1_update@4
-  - _KmCallUm@8
-  - _KmCallUmByLPC@8
-  - _KmCallUmEx@12
-  - _KmCleanupCommPortAPIs@0
-  - _KmGetUmInitProcess@0
-  - _KmSetCommPortAPIs@4
-  - _ModGetExportProcAddress@8
-  - _ModLoadDLLToBuffer@4
-  - _ModLoadDLLToBufferWithImageSize@8
-  - _ModLoadModule@8
-  - _ModUnLoadModule@4
-  - _NormalizeFileName@4
-  - _NormalizeFullNtPathToDosName@4
-  - _TmCommConfigRoutine@4
-  - _UtilAddDeviceInDriveTable@4
-  - _UtilAddReparsePointMapping@8
-  - _UtilCleanFileReadOnly@4
-  - _UtilCloseExclusiveHandle@12
-  - _UtilCreateDosFileName@8
-  - _UtilDeleteFileForce@4
-  - _UtilGetDeviceObjectName@8
-  - _UtilGetFileNameFromFileObject@4
-  - _UtilGetFileObjectForProcessByEPROC@8
-  - _UtilGetFileObjectFromFileName@12
-  - _UtilGetProcessName@12
-  - _UtilGetSystemDirectory@4
-  - _UtilGetSystemDirectoryEx@0
-  - _UtilGetSystemDirectoryLength@0
-  - _UtilGetSystemTime@4
-  - _UtilIoSetFileInfo@24
-  - _UtilIopCreateFileIRP@40
-  - _UtilKeGetLowFileDevice@16
-  - _UtilModuleIATHook@24
-  - _UtilModuleIATUnHook@8
-  - _UtilPostJobToWorkerThread@12
-  - _UtilQueryExclusiveHandle@12
-  - _UtilQueryKeyValue@24
-  - _UtilRemoveDeviceFromDriveTable@4
-  - _UtilVolumeDeviceToDosName@8
-  - _UtilWaitValueChangeToZero@8
-  - _UtilWriteVersionToRegistry@8
-  - _UtilbuildDynamicDiskMappingTable@0
-  - _UtlWriteBinValueKeyToRegistry@16
-  - _ValidateAddressWithSize@20
-  - __ResetProtectFromClose@4
-  - __UtilDosPathNameToNtPathName@12
-  ImportedFunctions:
-  - KePulseEvent
-  - KeClearEvent
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - ObfDereferenceObject
-  - ZwSetEvent
-  - ZwClose
-  - ZwConnectPort
-  - RtlInitUnicodeString
-  - RtlUnicodeStringToInteger
-  - ZwCreateSection
-  - ZwWaitForSingleObject
-  - ZwOpenEvent
-  - IoGetCurrentProcess
-  - ObfReferenceObject
-  - DbgBreakPoint
-  - ZwRequestWaitReplyPort
-  - ExFreePoolWithTag
-  - ProbeForWrite
-  - ZwFreeVirtualMemory
-  - ZwAllocateVirtualMemory
-  - ObOpenObjectByPointer
-  - PsProcessType
-  - memmove
-  - PsGetProcessExitTime
-  - MmSectionObjectType
-  - PsThreadType
-  - MmGetSystemRoutineAddress
-  - ObReleaseObjectSecurity
-  - SeReleaseSubjectContext
-  - SeAccessCheck
-  - SeCaptureSubjectContext
-  - ObGetObjectSecurity
-  - DbgPrint
-  - memset
-  - MmIsAddressValid
-  - ExInitializeResourceLite
-  - ExDeleteResourceLite
-  - ZwWriteFile
-  - ZwReadFile
-  - ZwQueryInformationFile
-  - ZwSetInformationFile
-  - ZwCreateFile
-  - swprintf
-  - towupper
-  - _wcsnicmp
-  - ExAllocatePoolWithTag
-  - KeInitializeEvent
-  - _snprintf
-  - PsGetCurrentProcessId
-  - RtlTimeToTimeFields
-  - ExSystemTimeToLocalTime
-  - KeQuerySystemTime
-  - PsGetCurrentThreadId
-  - RtlInitAnsiString
-  - ZwDeviceIoControlFile
-  - ZwCreateKey
-  - ZwCreateEvent
-  - KeWaitForMultipleObjects
-  - ObReferenceObjectByHandle
-  - ZwNotifyChangeKey
-  - _vsnprintf
-  - RtlFreeUnicodeString
-  - RtlAnsiStringToUnicodeString
-  - RtlEqualUnicodeString
-  - RtlAppendUnicodeStringToString
-  - RtlCopyUnicodeString
-  - RtlUpcaseUnicodeChar
-  - ExGetPreviousMode
-  - KeWaitForSingleObject
-  - KeSetPriorityThread
-  - PsTerminateSystemThread
-  - PsCreateSystemThread
-  - KeDelayExecutionThread
-  - KeNumberProcessors
-  - ZwQueryInformationProcess
-  - PsLookupProcessByProcessId
-  - ZwOpenDirectoryObject
-  - PsSetCreateProcessNotifyRoutine
-  - ZwQuerySystemInformation
-  - ZwQueryDirectoryFile
-  - ZwQueryDirectoryObject
-  - ZwDuplicateObject
-  - ZwOpenKey
-  - ZwEnumerateKey
-  - ZwEnumerateValueKey
-  - ZwQueryValueKey
-  - ZwDeleteValueKey
-  - ZwDeleteKey
-  - ZwTerminateProcess
-  - ZwOpenProcess
-  - ZwQueryKey
-  - ZwSetValueKey
-  - IoFileObjectType
-  - _allrem
-  - KeSetEvent
-  - ZwSetSecurityObject
-  - RtlLengthSecurityDescriptor
-  - MmHighestUserAddress
-  - IoFreeIrp
-  - _purecall
-  - MmUnlockPages
-  - IoBuildAsynchronousFsdRequest
-  - _strnicmp
-  - RtlQueryRegistryValues
-  - RtlAppendUnicodeToString
-  - mbstowcs
-  - ZwQuerySymbolicLinkObject
-  - ZwOpenSymbolicLinkObject
-  - NtClose
-  - ObQueryNameString
-  - ZwSetInformationObject
-  - _stricmp
-  - ZwUnmapViewOfSection
-  - ZwMapViewOfSection
-  - ZwOpenFile
-  - IoCreateFile
-  - IofCallDriver
-  - IoAllocateIrp
-  - MmBuildMdlForNonPagedPool
-  - IoAllocateMdl
-  - ProbeForRead
-  - PsGetVersion
-  - RtlImageNtHeader
-  - RtlCompareMemory
-  - RtlUpcaseUnicodeString
-  - _snwprintf
-  - MmSystemRangeStart
-  - wcsncmp
-  - RtlCompareUnicodeString
-  - strrchr
-  - ZwQueryVolumeInformationFile
-  - ObReferenceObjectByPointer
-  - IoBuildDeviceIoControlRequest
-  - ZwOpenSection
-  - _allmul
-  - KeReleaseSemaphore
-  - RtlLengthRequiredSid
-  - RtlInitializeSid
-  - RtlSubAuthoritySid
-  - RtlSetDaclSecurityDescriptor
-  - RtlCreateSecurityDescriptor
-  - RtlAddAccessAllowedAce
-  - RtlCreateAcl
-  - KeInitializeSemaphore
-  - IoGetDeviceObjectPointer
-  - IofCompleteRequest
-  - ExEventObjectType
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - IoCreateSymbolicLink
-  - RtlUpperChar
-  - ObReferenceObjectByName
-  - IoDriverObjectType
-  - strncpy
-  - KeServiceDescriptorTable
-  - NtOpenProcess
-  - ObOpenObjectByName
-  - NtQueryInformationProcess
-  - PsIsThreadTerminating
-  - KeAddSystemServiceTable
-  - ZwQueryObject
-  - ZwFsControlFile
-  - ObInsertObject
-  - IoReleaseVpbSpinLock
-  - IoAcquireVpbSpinLock
-  - SeCreateAccessState
-  - IoGetFileObjectGenericMapping
-  - ObCreateObject
-  - _allshr
-  - ExInterlockedPopEntrySList
-  - IoGetStackLimits
-  - IoBuildSynchronousFsdRequest
-  - wcsstr
-  - IoUnregisterPlugPlayNotification
-  - FsRtlIsNameInExpression
-  - IoGetConfigurationInformation
-  - MmProbeAndLockPages
-  - IoGetDeviceInterfaces
-  - IoRegisterPlugPlayNotification
-  - ExAllocatePool
-  - RtlFreeAnsiString
-  - RtlUnicodeStringToAnsiString
-  - strncat
-  - wcschr
-  - wcsncat
-  - wcstombs
-  - KeTickCount
-  - KeBugCheckEx
-  - RtlUnwind
-  - wcsrchr
-  - memcpy
-  - wcsncpy
-  - ExReleaseResourceLite
-  - ExAcquireResourceExclusiveLite
-  - ExAcquireResourceSharedLite
-  - ExReleaseFastMutexUnsafe
-  - KeLeaveCriticalRegion
-  - KeEnterCriticalRegion
-  - ZwQuerySecurityObject
-  - ExAcquireFastMutexUnsafe
-  - IoDeviceObjectType
-  - IoCreateDevice
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetSaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - SeExports
-  - IoIsWdmVersionAvailable
-  - RtlLengthSid
-  - RtlAbsoluteToSelfRelativeSD
-  - IoFreeMdl
-  - KeGetCurrentThread
-  - KfAcquireSpinLock
-  - KfReleaseSpinLock
-  - KeRaiseIrqlToDpcLevel
-  - KfLowerIrql
-  - KeAcquireQueuedSpinLock
-  - KeReleaseQueuedSpinLock
-  - ExAcquireFastMutex
-  - ExReleaseFastMutex
-  - KeGetCurrentIrql
-  - KfRaiseIrql
-  - ClassInitialize
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=TW, L=Taipei, O=Trend Micro, Inc., OU=Taipei, TW, CN=Trend Micro,
-        Inc.
-      ValidFrom: '2019-07-12 00:00:00'
-      ValidTo: '2020-07-10 12:00:00'
-      Signature: 5c08ae5d586a4751195382d6889dc2fc500e7c39c641e1a58def8d923e12b754e2cc35720cc8d3d29382980debf7d98fcc17d764187126dd07c134fdbb96dd44fe8a40195df6f6acd1881fa5ba2921dadceb3f64422344672834813916bbdf317533cf6aaf3317d78197d7d6c560ad681de135f39e2d4ad345b7fe491162660a5462c6075fd725382df1e6e6bc3a4c443be778f79b07f181082e38150ca28ab932f99e4bc4185dc5b3b6edf22c187fdfd84e23a21e7da1989837f43b89aa172e6b34dbcb297bffd511a1d1c100b25e0e921f622a0845e23317f9fec83659ca21c241800683e0dd66ce4d042a8aefc4142b5923a6fa93ee72c48e8dc04c13b4b0
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ea0fe4dfb74cc64bc32143103c27c8b
-      Version: 3
-      TBS:
-        MD5: e93e004baa6013b41135ac0648e29d5b
-        SHA1: dc91e26674d4b627319c700d3ebb1a6cf83d358e
-        SHA256: 0d20335edb166a303411548471bee6f301c8b4f7f7e453d09c15303de2c888d7
-        SHA384: 5e0130ee64e28e6366fcf0ca8a126b3f7e06eec60b8a46ac90dbfa858aac8f0c1a9cce248a606fdf9a98eae98dd5d887
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
-      Version: 3
-      TBS:
-        MD5: 829995f702421dea833a24fb2c7f4442
-        SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
-        SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
-        SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 0ea0fe4dfb74cc64bc32143103c27c8b
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 5b33b237bab6e0b50320054616983177
-    SHA1: 754c63349a54279bb01f24974f9faf6da8294d27
-    SHA256: 001d9e469d2c4160f8fbff1c0aee013e72881cffb568910a2c1473a17bf858b2
-  Sections:
-    .text:
-      Entropy: 6.684999852122335
-      Virtual Size: '0x3a766'
-    .rdata:
-      Entropy: 4.984299070312925
-      Virtual Size: '0x247c'
-    .data:
-      Entropy: 3.9442152039569094
-      Virtual Size: '0x3500'
-    PAGE:
-      Entropy: 6.263191974939595
-      Virtual Size: '0x13dd'
-    .edata:
-      Entropy: 5.855274627420937
-      Virtual Size: '0x5600'
-    INIT:
-      Entropy: 5.688648408179323
-      Virtual Size: '0x16de'
-    .rsrc:
-      Entropy: 3.3796752140702377
-      Virtual Size: '0x568'
-    .reloc:
-      Entropy: 6.625578074091372
-      Virtual Size: '0x381c'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2019-11-18 03:29:47'
-  Imphash: 9b3ad85a76080f989d24cd89da90175a
-  LoadsDespiteHVCI: 'TRUE'
-- Filename: TmComm.sys
-  MD5: f4b7b84a6828d2f9205b55cf8cfc7742
-  SHA1: e835776e0dc68c994dd18e8628454520156c93e3
-  SHA256: 4bc0921ffd4acc865525d3faf98961e8decc5aec4974552cbbf2ae8d5a569de4
-  Authentihash:
-    MD5: 0fe42b5332d879959e93066779cac8e5
-    SHA1: 06c69146793ba18827da747ce0f0a5a13cc4399f
-    SHA256: 1f642b5e76572b80684d15bf48bb6e2b6d2743171280ab50502284808a515904
-  Description: TrendMicro Common Module
-  Company: Trend Micro Inc.
-  InternalName: TmComm.sys
-  OriginalFilename: TmComm.sys
-  FileVersion: 3.20.0.1012
-  Product: Trend Micro AEGIS
-  ProductVersion: '3.20'
-  Copyright: Copyright (C) 2005-2010 Trend Micro Incorporated. All rights reserved.
-  MachineType: I386
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  - CLASSPNP.SYS
-  ExportedFunctions:
-  - ??0CAutoUpdateConfigThread@@QAE@ABV0@@Z
-  - ??0CAutoUpdateConfigThread@@QAE@PAU_UNICODE_STRING@@P6GX0PAX@Z1@Z
-  - ??0CBlobConfig@@QAE@ABV0@@Z
-  - ??0CBlobConfig@@QAE@K@Z
-  - ??0CContext@@QAE@ABV0@@Z
-  - ??0CContext@@QAE@KP6GJPAU_EVENT_REPORT@@PAXPAU_TMCE_REPORT@@PAU_TMCE_FEEDBACK@@@Z1K@Z
-  - ??0CContextList@@QAE@ABV0@@Z
-  - ??0CContextList@@QAE@KPAVIMemoryAllocator@@@Z
-  - ??0CDebugLog@@QAE@ABV0@@Z
-  - ??0CDebugLog@@QAE@PBG@Z
-  - ??0CExclusionExtConfig@@QAE@ABV0@@Z
-  - ??0CExclusionExtConfig@@QAE@KKE@Z
-  - ??0CExclusionFileNameConfig@@QAE@ABV0@@Z
-  - ??0CExclusionFileNameConfig@@QAE@KK@Z
-  - ??0CExclusionFilePathConfig@@QAE@ABV0@@Z
-  - ??0CExclusionFilePathConfig@@QAE@KK@Z
-  - ??0CExclusionFolderConfig@@QAE@ABV0@@Z
-  - ??0CExclusionFolderConfig@@QAE@KK@Z
-  - ??0CExclusionRegistryConfig@@QAE@ABV0@@Z
-  - ??0CExclusionRegistryConfig@@QAE@KK@Z
-  - ??0CFile@@QAE@ABV0@@Z
-  - ??0CFile@@QAE@E@Z
-  - ??0CFileExtension@@QAE@ABV0@@Z
-  - ??0CFileExtension@@QAE@KEEPAVIMemoryAllocator@@@Z
-  - ??0CKEvent@@QAE@ABV0@@Z
-  - ??0CKEvent@@QAE@W4_EVENT_TYPE@@E@Z
-  - ??0CList@@QAE@ABV0@@Z
-  - ??0CList@@QAE@KPAVIMemoryAllocator@@@Z
-  - ??0CLockEvent@@QAE@ABV0@@Z
-  - ??0CLockEvent@@QAE@XZ
-  - ??0CLockList@@QAE@ABV0@@Z
-  - ??0CLockList@@QAE@KKPAVIMemoryAllocator@@@Z
-  - ??0CMemoryAllocator@@IAE@W4_POOL_TYPE@@K@Z
-  - ??0CMemoryAllocator@@QAE@ABV0@@Z
-  - ??0CMemoryPoolAllocator@@IAE@W4_POOL_TYPE@@KKK@Z
-  - ??0CMemoryPoolAllocator@@QAE@ABV0@@Z
-  - ??0CModuleConfig@@QAE@ABV0@@Z
-  - ??0CModuleConfig@@QAE@XZ
-  - ??0CModuleConfigList@@QAE@ABV0@@Z
-  - ??0CModuleConfigList@@QAE@KPAVIMemoryAllocator@@@Z
-  - ??0CModuleFileExtConfig@@QAE@ABV0@@Z
-  - ??0CModuleFileExtConfig@@QAE@KKE@Z
-  - ??0CModuleFlagConfig@@QAE@ABV0@@Z
-  - ??0CModuleFlagConfig@@QAE@K@Z
-  - ??0CModuleMultiStringConfig@@QAE@ABV0@@Z
-  - ??0CModuleMultiStringConfig@@QAE@KK@Z
-  - ??0CModuleStringConfig@@QAE@ABV0@@Z
-  - ??0CModuleStringConfig@@QAE@K@Z
-  - ??0CSmartLock@@QAE@AAVCLockEvent@@@Z
-  - ??0CSmartLock@@QAE@XZ
-  - ??0CSmartReference@@QAE@AAJ@Z
-  - ??0CSmartReference@@QAE@AAK@Z
-  - ??0CStrList@@QAE@ABV0@@Z
-  - ??0CStrList@@QAE@KPAVIMemoryAllocator@@@Z
-  - ??0CSystemThread@@QAE@ABV0@@Z
-  - ??0CSystemThread@@QAE@K@Z
-  - ??0CUserFuncAdapterJob@@QAE@ABV0@@Z
-  - ??0CUserFuncAdapterJob@@QAE@P6GXPAX@Z0@Z
-  - ??0CWorkerThread@@IAE@PAVCWorkerThreadJobQueue@@@Z
-  - ??0CWorkerThread@@QAE@ABV0@@Z
-  - ??0CWorkerThreadJob@@QAE@ABV0@@Z
-  - ??0CWorkerThreadJob@@QAE@E@Z
-  - ??0CWorkerThreadJobQueue@@QAE@ABV0@@Z
-  - ??0CWorkerThreadJobQueue@@QAE@K@Z
-  - ??0CWorkerThreadPool@@QAE@ABV0@@Z
-  - ??0CWorkerThreadPool@@QAE@K@Z
-  - ??0IMemoryAllocator@@QAE@ABV0@@Z
-  - ??0IMemoryAllocator@@QAE@XZ
-  - ??1CAutoUpdateConfigThread@@UAE@XZ
-  - ??1CBlobConfig@@UAE@XZ
-  - ??1CContext@@UAE@XZ
-  - ??1CContextList@@UAE@XZ
-  - ??1CDebugLog@@UAE@XZ
-  - ??1CExclusionExtConfig@@UAE@XZ
-  - ??1CExclusionFileNameConfig@@UAE@XZ
-  - ??1CExclusionFilePathConfig@@UAE@XZ
-  - ??1CExclusionFolderConfig@@UAE@XZ
-  - ??1CExclusionRegistryConfig@@UAE@XZ
-  - ??1CFile@@UAE@XZ
-  - ??1CFileExtension@@UAE@XZ
-  - ??1CKEvent@@UAE@XZ
-  - ??1CList@@UAE@XZ
-  - ??1CLockEvent@@UAE@XZ
-  - ??1CLockList@@UAE@XZ
-  - ??1CMemoryAllocator@@UAE@XZ
-  - ??1CMemoryPoolAllocator@@UAE@XZ
-  - ??1CModuleConfig@@UAE@XZ
-  - ??1CModuleConfigList@@UAE@XZ
-  - ??1CModuleFileExtConfig@@UAE@XZ
-  - ??1CModuleFlagConfig@@UAE@XZ
-  - ??1CModuleMultiStringConfig@@UAE@XZ
-  - ??1CModuleStringConfig@@UAE@XZ
-  - ??1CSmartLock@@QAE@XZ
-  - ??1CSmartReference@@QAE@XZ
-  - ??1CStrList@@UAE@XZ
-  - ??1CSystemThread@@UAE@XZ
-  - ??1CUserFuncAdapterJob@@UAE@XZ
-  - ??1CWorkerThread@@UAE@XZ
-  - ??1CWorkerThreadJob@@UAE@XZ
-  - ??1CWorkerThreadJobQueue@@UAE@XZ
-  - ??1CWorkerThreadPool@@UAE@XZ
-  - ??1IMemoryAllocator@@UAE@XZ
-  - ??2@YAPAXIPAVIMemoryAllocator@@PBDK@Z
-  - ??2CMemoryAllocator@@SGPAXI@Z
-  - ??2CMemoryPoolAllocator@@SGPAXI@Z
-  - ??3@YAXPAX@Z
-  - ??3IMemoryAllocator@@SGXPAX@Z
-  - ??4CAutoUpdateConfigThread@@QAEAAV0@ABV0@@Z
-  - ??4CBlobConfig@@QAEAAV0@ABV0@@Z
-  - ??4CContext@@QAEAAV0@ABV0@@Z
-  - ??4CDebugLog@@QAEAAV0@ABV0@@Z
-  - ??4CFile@@QAEAAV0@ABV0@@Z
-  - ??4CKEvent@@QAEAAV0@ABV0@@Z
-  - ??4CLockEvent@@QAEAAV0@ABV0@@Z
-  - ??4CMemoryAllocator@@QAEAAV0@ABV0@@Z
-  - ??4CMemoryPoolAllocator@@QAEAAV0@ABV0@@Z
-  - ??4CModuleConfig@@QAEAAV0@ABV0@@Z
-  - ??4CModuleFlagConfig@@QAEAAV0@ABV0@@Z
-  - ??4CModuleStringConfig@@QAEAAV0@ABV0@@Z
-  - ??4CSmartLock@@QAEAAV0@ABV0@@Z
-  - ??4CSmartLock@@QAEABV0@AAVCLockEvent@@@Z
-  - ??4CSystemThread@@QAEAAV0@ABV0@@Z
-  - ??4CUserFuncAdapterJob@@QAEAAV0@ABV0@@Z
-  - ??4CWorkerThread@@QAEAAV0@ABV0@@Z
-  - ??4CWorkerThreadJob@@QAEAAV0@ABV0@@Z
-  - ??4IMemoryAllocator@@QAEAAV0@ABV0@@Z
-  - ??_7CAutoUpdateConfigThread@@6B@
-  - ??_7CBlobConfig@@6B@
-  - ??_7CContext@@6B@
-  - ??_7CContextList@@6B@
-  - ??_7CDebugLog@@6B@
-  - ??_7CExclusionExtConfig@@6B@
-  - ??_7CExclusionFileNameConfig@@6B@
-  - ??_7CExclusionFilePathConfig@@6B@
-  - ??_7CExclusionFolderConfig@@6B@
-  - ??_7CExclusionRegistryConfig@@6B@
-  - ??_7CFile@@6B@
-  - ??_7CFileExtension@@6B@
-  - ??_7CKEvent@@6B@
-  - ??_7CList@@6B@
-  - ??_7CLockEvent@@6B@
-  - ??_7CLockList@@6B@
-  - ??_7CMemoryAllocator@@6B@
-  - ??_7CMemoryPoolAllocator@@6B@
-  - ??_7CModuleConfig@@6B@
-  - ??_7CModuleConfigList@@6B@
-  - ??_7CModuleFileExtConfig@@6B@
-  - ??_7CModuleFlagConfig@@6B@
-  - ??_7CModuleMultiStringConfig@@6B@
-  - ??_7CModuleStringConfig@@6B@
-  - ??_7CStrList@@6B@
-  - ??_7CSystemThread@@6B@
-  - ??_7CUserFuncAdapterJob@@6B@
-  - ??_7CWorkerThread@@6B@
-  - ??_7CWorkerThreadJob@@6B@
-  - ??_7CWorkerThreadJobQueue@@6B@
-  - ??_7CWorkerThreadPool@@6B@
-  - ??_7IMemoryAllocator@@6B@
-  - ??_FCContextList@@QAEXXZ
-  - ??_FCFile@@QAEXXZ
-  - ??_FCFileExtension@@QAEXXZ
-  - ??_FCModuleConfigList@@QAEXXZ
-  - ??_FCStrList@@QAEXXZ
-  - ??_FCSystemThread@@QAEXXZ
-  - ??_FCWorkerThread@@QAEXXZ
-  - ??_FCWorkerThreadJob@@QAEXXZ
-  - ??_FCWorkerThreadJobQueue@@QAEXXZ
-  - ??_U@YAPAXIPAVIMemoryAllocator@@PBDK@Z
-  - ??_V@YAXPAX@Z
-  - ?Acquire@CLockEvent@@QAEXXZ
-  - ?Add@CContextList@@QAEEPAVCContext@@@Z
-  - ?Add@CFileExtension@@QAEEPBGK@Z
-  - ?Add@CModuleConfigList@@QAEEPAVCModuleConfig@@@Z
-  - ?Add@CStrList@@QAEEPBG@Z
-  - ?AddNode@CLockList@@UAEEQAXE@Z
-  - ?Alloc@CMemoryAllocator@@UAEPAXKPBDK@Z
-  - ?Alloc@CMemoryPoolAllocator@@UAEPAXKPBDK@Z
-  - ?AllocBlock@CMemoryPoolAllocator@@IAEPAXK@Z
-  - ?AttachJobQueue@CWorkerThread@@QAEXPAVCWorkerThreadJobQueue@@@Z
-  - ?Cancel@CWorkerThreadJob@@QAEXXZ
-  - ?CheckNode@CLockList@@UAEHQAX@Z
-  - ?CleanQueue@CWorkerThreadJobQueue@@QAEXXZ
-  - ?Cleanup@CBlobConfig@@AAEXXZ
-  - ?Cleanup@CModuleFileExtConfig@@IAEXXZ
-  - ?Cleanup@CModuleMultiStringConfig@@IAEXXZ
-  - ?Cleanup@CModuleStringConfig@@AAEXXZ
-  - ?Close@CFile@@QAEJXZ
-  - ?Count@CLockList@@QAEKXZ
-  - ?Create@CFile@@QAEJPBGKKKK@Z
-  - ?Create@CSystemThread@@QAEEXZ
-  - ?CreateInstance@CMemoryAllocator@@SGPAV1@W4_POOL_TYPE@@K@Z
-  - ?CreateInstance@CMemoryPoolAllocator@@SGPAV1@W4_POOL_TYPE@@KKK@Z
-  - ?CreatePool@CWorkerThreadPool@@QAEEXZ
-  - ?CreateThreads@CWorkerThreadPool@@QAEEK@Z
-  - ?CreateWIRP@CFile@@QAEJPBGKKKK@Z
-  - ?Delete@CFile@@QAEJXZ
-  - ?Delete@CFileExtension@@QAEEPBGK@Z
-  - ?Delete@CStrList@@QAEEPBG@Z
-  - ?DeleteAll@CList@@UAEXXZ
-  - ?DeleteAll@CLockList@@UAEXXZ
-  - ?DeleteNode@CContextList@@MAEXPAX@Z
-  - ?DeleteNode@CList@@UAEXPAX@Z
-  - ?DeleteNode@CModuleConfigList@@MAEXPAX@Z
-  - ?DeleteNode@CStrList@@EAEXPAU_STR_LIST_NODE@1@@Z
-  - ?DisableWriteProtectFromCR0@@YGXPAPAX@Z
-  - ?DoIt@CWorkerThreadJob@@QAEJXZ
-  - ?EntryPoint@CSystemThread@@KGXPAX@Z
-  - ?Find@CContextList@@QAEPAVCContext@@K@Z
-  - ?Find@CContextList@@QAEPAVCContext@@PAX@Z
-  - ?Find@CFileExtension@@QAEPAU_STR_LIST_NODE@CStrList@@PBGK@Z
-  - ?Find@CModuleConfigList@@QAEPAVCModuleConfig@@K@Z
-  - ?Find@CStrList@@QAEPAU_STR_LIST_NODE@1@PBG@Z
-  - ?FindNode@CContextList@@IAEPAXPAX@Z
-  - ?FindPartiallyAndAllMatch@CStrList@@QAEPAU_STR_LIST_NODE@1@PBG@Z
-  - ?First@CList@@UAEPAXXZ
-  - ?First@CLockList@@UAEPAXXZ
-  - ?Free@CMemoryAllocator@@UAEXPAX@Z
-  - ?Free@CMemoryPoolAllocator@@UAEXPAX@Z
-  - ?GetAttributes@CFile@@QAEKXZ
-  - ?GetBasicInfomration@CFile@@IAEJXZ
-  - ?GetBlobCofig@CContext@@UAEJKPAXPAK@Z
-  - ?GetCategory@CContext@@QAEKXZ
-  - ?GetData@CBlobConfig@@QAEHPAXPAK@Z
-  - ?GetData@CModuleFileExtConfig@@QAEHPAGPAK@Z
-  - ?GetData@CModuleFileExtConfig@@QAEPAVCFileExtension@@XZ
-  - ?GetData@CModuleFlagConfig@@QAEKXZ
-  - ?GetData@CModuleMultiStringConfig@@QAEHPAGPAK@Z
-  - ?GetData@CModuleMultiStringConfig@@QAEPAVCStrList@@XZ
-  - ?GetData@CModuleStringConfig@@QAEPAGXZ
-  - ?GetData@CStrList@@QAEEPAGPAK@Z
-  - ?GetDataType@CModuleConfig@@QAEKXZ
-  - ?GetEngineContext@CContext@@QAEPAXXZ
-  - ?GetFileExtensionConfig@CContext@@QAEPAVCFileExtension@@K@Z
-  - ?GetFileExtensionConfig@CContext@@UAEJKPAGPAK@Z
-  - ?GetFileSize@CFile@@QAEJPAT_LARGE_INTEGER@@@Z
-  - ?GetFlagConfig@CContext@@UAEJKPAK@Z
-  - ?GetID@CModuleConfig@@QAEKXZ
-  - ?GetJob@CWorkerThreadJobQueue@@QAEPAVCWorkerThreadJob@@XZ
-  - ?GetLength@CModuleStringConfig@@QAEKXZ
-  - ?GetLinkContext@CContext@@QAEPAXXZ
-  - ?GetLogFlag@CDebugLog@@QAEKXZ
-  - ?GetModuleId@CModuleConfig@@QAEKXZ
-  - ?GetMultiStringConfig@CContext@@QAEPAVCStrList@@K@Z
-  - ?GetMultiStringConfig@CContext@@UAEJKPAGPAK@Z
-  - ?GetOneThreadTEB@CWorkerThreadPool@@QAEPAU_ETHREAD@@XZ
-  - ?GetReportCallBackRoutine@CContext@@QAEKXZ
-  - ?GetSize@CBlobConfig@@QAEKXZ
-  - ?GetStringConfig@CContext@@QAEPAGK@Z
-  - ?GetStringConfig@CContext@@UAEJKPAGPAK@Z
-  - ?GetThreadCount@CWorkerThreadPool@@QAEKXZ
-  - ?GetThreadID@CSystemThread@@QAEKXZ
-  - ?GetType@CContext@@QAEKXZ
-  - ?GetUserParameter@CContext@@QAEKXZ
-  - ?InitializeBlobConfig@CContext@@QAEHKPAXK@Z
-  - ?InitializeFileExtensionConfig@CContext@@QAEHKPBG@Z
-  - ?InitializeFlagConfig@CContext@@QAEHKK@Z
-  - ?InitializeMultiStringConfig@CContext@@QAEHKPBG@Z
-  - ?InitializeStringConfig@CContext@@QAEHKPBG@Z
-  - ?Insert@CList@@UAEXQAXE@Z
-  - ?Insert@CLockList@@UAEXQAXE@Z
-  - ?InsertAfter@CList@@UAEXPAX0@Z
-  - ?InsertBefore@CList@@UAEXPAX0@Z
-  - ?Instance@CWorkerThreadPool@@SGPAV1@XZ
-  - ?IsEmpty@CList@@UAEEXZ
-  - ?IsEmpty@CLockList@@UAEEXZ
-  - ?IsExceedLimitation@CMemoryPoolAllocator@@IAEEK@Z
-  - ?IsFull@CLockList@@QBEEXZ
-  - ?IsInExclusionList@CExclusionExtConfig@@QAEEPBG@Z
-  - ?IsInExclusionList@CExclusionFileNameConfig@@QAEEPBG@Z
-  - ?IsInExclusionList@CExclusionFilePathConfig@@QAEEPBG@Z
-  - ?IsInExclusionList@CExclusionFolderConfig@@QAEEPBG@Z
-  - ?IsInExclusionList@CExclusionRegistryConfig@@QAEEPBG@Z
-  - ?IsOpened@CFile@@QAEEXZ
-  - ?IsTerminated@CWorkerThreadPool@@QAEEXZ
-  - ?IsValid@CMemoryAllocator@@UAEEXZ
-  - ?IsValid@CMemoryPoolAllocator@@UAEEXZ
-  - ?IsValid@IMemoryAllocator@@UAEEXZ
-  - ?IsWorkerThread@CWorkerThreadPool@@QAEEK@Z
-  - ?JobFunction@CUserFuncAdapterJob@@MAEXXZ
-  - ?JobQueue@CWorkerThreadPool@@QAEAAVCWorkerThreadJobQueue@@XZ
-  - ?Limit@CLockList@@QAEKXZ
-  - ?MatchAllExtensions@CFileExtension@@QAEEXZ
-  - ?MatchNoExtensions@CFileExtension@@QAEEXZ
-  - ?MergeLeft@CMemoryPoolAllocator@@IAEPAXPAX@Z
-  - ?MergeRight@CMemoryPoolAllocator@@IAEPAXPAX@Z
-  - ?NeedDelete@CWorkerThreadJob@@QAEEXZ
-  - ?NeedDeleteWhenFinish@CWorkerThreadJob@@QAEXE@Z
-  - ?NewNode@CList@@UAEPAXXZ
-  - ?NewNode@CStrList@@EAEPAXXZ
-  - ?NewNodeVariant@CList@@IAEPAXK@Z
-  - ?Next@CList@@UBEPAXQAX@Z
-  - ?Next@CLockList@@UBEPAXQAX@Z
-  - ?NextPool@CMemoryPoolAllocator@@QAEPAV1@XZ
-  - ?NotityTerminate@CWorkerThread@@QAEXXZ
-  - ?PostJobToWorkerThread@CWorkerThreadPool@@QAEJP6GXPAX@Z0E@Z
-  - ?Pulse@CKEvent@@QAEJJE@Z
-  - ?QueueJob@CWorkerThreadJobQueue@@QAEEPAVCWorkerThreadJob@@@Z
-  - ?QueueJobItem@CWorkerThreadPool@@QAEJPAVCWorkerThreadJob@@@Z
-  - ?RCMInstance@CWorkerThreadPool@@SGPAV1@XZ
-  - ?Read@CFile@@QAEJPADKPAK@Z
-  - ?ReferenceCount@CContext@@QAEAAKXZ
-  - ?Release@CLockEvent@@QAEXXZ
-  - ?Remove@CContextList@@UAEEQAX@Z
-  - ?Remove@CList@@UAEEQAX@Z
-  - ?Remove@CLockList@@UAEEQAX@Z
-  - ?RemoveHead@CList@@UAEPAXXZ
-  - ?RemoveHead@CLockList@@UAEPAXXZ
-  - ?RemoveTail@CList@@UAEPAXXZ
-  - ?RemoveTail@CLockList@@UAEPAXXZ
-  - ?Reset@CKEvent@@QAEXXZ
-  - ?RestoreCR0@@YGXPAX@Z
-  - ?Run@CAutoUpdateConfigThread@@UAEXXZ
-  - ?Run@CWorkerThread@@UAEXXZ
-  - ?SeekToEnd@CFile@@QAEJXZ
-  - ?Set@CKEvent@@QAEJJE@Z
-  - ?SetAttributes@CFile@@QAEJK@Z
-  - ?SetBlobCofig@CContext@@UAEJKPAXK@Z
-  - ?SetData@CBlobConfig@@QAEHPAXK@Z
-  - ?SetData@CModuleFileExtConfig@@QAEHPBG@Z
-  - ?SetData@CModuleFlagConfig@@QAEHK@Z
-  - ?SetData@CModuleMultiStringConfig@@QAEHPBG@Z
-  - ?SetData@CModuleStringConfig@@QAEHPBG@Z
-  - ?SetEngineContext@CContext@@QAEXPAX@Z
-  - ?SetFileExtensionConfig@CContext@@UAEJKPBG@Z
-  - ?SetFlagConfig@CContext@@UAEJKK@Z
-  - ?SetLinkContext@CContext@@QAEXPAX@Z
-  - ?SetLogFlag@CDebugLog@@QAEEK@Z
-  - ?SetMatchAllExtensions@CFileExtension@@QAEXE@Z
-  - ?SetMatchNoExtensions@CFileExtension@@QAEXE@Z
-  - ?SetMultiStringConfig@CContext@@UAEJKPBG@Z
-  - ?SetNewJobItemEvent@CWorkerThreadJobQueue@@QAEXXZ
-  - ?SetPriority@CSystemThread@@QAEXK@Z
-  - ?SetStopUse@CContext@@QAEXXZ
-  - ?SetStringConfig@CContext@@UAEJKPBG@Z
-  - ?Setup@CSystemThread@@MAEXXZ
-  - ?StopUse@CContext@@QAEHXZ
-  - ?TearDown@CSystemThread@@MAEXXZ
-  - ?Terminate@CSystemThread@@QAEXE@Z
-  - ?Terminate@CWorkerThreadPool@@QAEEXZ
-  - ?TmExceptionFilter@@YGJPAU_EXCEPTION_POINTERS@@@Z
-  - ?Wait@CKEvent@@QAEJPAT_LARGE_INTEGER@@E@Z
-  - ?WaitFinish@CWorkerThreadJob@@QAEXXZ
-  - ?WaitNewJobAvailable@CWorkerThreadJobQueue@@QAEEXZ
-  - ?Write@CDebugLog@@QAAXPBDZZ
-  - ?Write@CFile@@QAEJPADKPAT_LARGE_INTEGER@@PAK@Z
-  - ?WriteSystemInformation@CDebugLog@@QAEXXZ
-  - ?WriteSystemStringInformation@CDebugLog@@IAEXPBG@Z
-  - ?WriteToFile@CDebugLog@@IAEXPADK@Z
-  - ?_pNonPagedAllocator@@3PAVCMemoryAllocator@@A
-  - ?_pPagedAllocator@@3PAVCMemoryAllocator@@A
-  - ?m_lpInstance@CWorkerThreadPool@@1PAV1@A
-  - ?m_lpRCMInstance@CWorkerThreadPool@@1PAV1@A
-  - _DeInitKmLPC@0
-  - _GetModuleInfoByAddress@8
-  - _GetModuleInfoByModuleName@8
-  - _InitKmLPC@0
-  - _KmCallUm@8
-  - _MapMem@12
-  - _ModGetExportProcAddress@8
-  - _ModLoadDLLToBuffer@4
-  - _ModLoadDLLToBufferWithImageSize@8
-  - _ModLoadModule@8
-  - _ModUnLoadModule@4
-  - _NormalizeFileName@4
-  - _NormalizeFullNtPathToDosName@4
-  - _TmCommConfigRoutine@4
-  - _UnMapMem@8
-  - _UtilCleanFileReadOnly@4
-  - _UtilDeleteFileForce@4
-  - _UtilGetFileObjectForProcessByEPROC@8
-  - _UtilGetFileObjectFromFileName@12
-  - _UtilGetProcessName@12
-  - _UtilGetSystemTime@4
-  - _UtilIoSetFileInfo@24
-  - _UtilIopCreateFileIRP@40
-  - _UtilKeGetLowFileDevice@16
-  - _UtilModuleIATHook@24
-  - _UtilModuleIATUnHook@8
-  - _UtilQueryKeyValue@24
-  - _UtilVolumeDeviceToDosName@8
-  - _UtilWaitValueChangeToZero@8
-  - _UtilWriteVersionToRegistry@8
-  - _UtilbuildDynamicDiskMappingTable@0
-  - __UtilDosPathNameToNtPathName@12
-  ImportedFunctions:
-  - ExReleaseFastMutexUnsafe
-  - wcsncpy
-  - memcpy
-  - wcsrchr
-  - KeSetEvent
-  - KePulseEvent
-  - KeClearEvent
-  - KeInitializeSemaphore
-  - KeWaitForSingleObject
-  - KeReleaseSemaphore
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - RtlSubAuthoritySid
-  - RtlInitializeSid
-  - ExAllocatePoolWithTag
-  - RtlLengthRequiredSid
-  - ExFreePoolWithTag
-  - RtlSetDaclSecurityDescriptor
-  - RtlCreateSecurityDescriptor
-  - RtlAddAccessAllowedAce
-  - RtlCreateAcl
-  - ObfDereferenceObject
-  - ZwSetEvent
-  - ZwClose
-  - ZwRequestWaitReplyPort
-  - ProbeForWrite
-  - ZwFreeVirtualMemory
-  - ZwAllocateVirtualMemory
-  - ObOpenObjectByPointer
-  - PsProcessType
-  - memmove
-  - ZwConnectPort
-  - RtlInitUnicodeString
-  - RtlUnicodeStringToInteger
-  - ZwCreateSection
-  - ZwWaitForSingleObject
-  - ZwOpenEvent
-  - ObfReferenceObject
-  - IoGetCurrentProcess
-  - PsGetProcessExitTime
-  - DbgPrint
-  - memset
-  - MmIsAddressValid
-  - ZwWriteFile
-  - ZwReadFile
-  - ZwQueryInformationFile
-  - ZwSetInformationFile
-  - ZwCreateFile
-  - swprintf
-  - towupper
-  - _wcsnicmp
-  - KeInitializeEvent
-  - _snprintf
-  - PsGetCurrentProcessId
-  - RtlTimeToTimeFields
-  - ExSystemTimeToLocalTime
-  - KeQuerySystemTime
-  - ZwCreateKey
-  - ZwCreateEvent
-  - KeWaitForMultipleObjects
-  - ObReferenceObjectByHandle
-  - ZwNotifyChangeKey
-  - PsGetCurrentThreadId
-  - _vsnprintf
-  - MmMapLockedPagesSpecifyCache
-  - MmBuildMdlForNonPagedPool
-  - MmCreateMdl
-  - MmUnmapLockedPages
-  - KeSetPriorityThread
-  - PsTerminateSystemThread
-  - PsCreateSystemThread
-  - KeNumberProcessors
-  - ZwQuerySystemInformation
-  - ZwQueryDirectoryFile
-  - ZwOpenDirectoryObject
-  - ZwQueryDirectoryObject
-  - ZwDuplicateObject
-  - ZwOpenKey
-  - KeLeaveCriticalRegion
-  - ZwEnumerateValueKey
-  - ZwQueryValueKey
-  - ZwDeleteValueKey
-  - ZwDeleteKey
-  - ExGetPreviousMode
-  - ZwTerminateProcess
-  - _purecall
-  - ZwQueryKey
-  - ZwSetValueKey
-  - IoFreeIrp
-  - IoFreeMdl
-  - MmUnlockPages
-  - IoBuildAsynchronousFsdRequest
-  - _strnicmp
-  - RtlQueryRegistryValues
-  - RtlAppendUnicodeToString
-  - KeDelayExecutionThread
-  - mbstowcs
-  - ZwQuerySymbolicLinkObject
-  - ZwOpenSymbolicLinkObject
-  - NtClose
-  - PsLookupProcessByProcessId
-  - ZwSetInformationObject
-  - _stricmp
-  - ZwUnmapViewOfSection
-  - ZwMapViewOfSection
-  - ZwOpenFile
-  - RtlEqualUnicodeString
-  - IoFileObjectType
-  - IoCreateFile
-  - IofCallDriver
-  - IoAllocateIrp
-  - IoAllocateMdl
-  - ProbeForRead
-  - PsGetVersion
-  - MmGetSystemRoutineAddress
-  - RtlCopyUnicodeString
-  - RtlCompareMemory
-  - _snwprintf
-  - RtlImageNtHeader
-  - RtlFreeUnicodeString
-  - RtlAnsiStringToUnicodeString
-  - RtlInitAnsiString
-  - strrchr
-  - KeBugCheckEx
-  - RtlAppendUnicodeStringToString
-  - ZwQueryVolumeInformationFile
-  - ObReferenceObjectByPointer
-  - ObQueryNameString
-  - IofCompleteRequest
-  - ExEventObjectType
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - IoCreateSymbolicLink
-  - IoGetDeviceObjectPointer
-  - RtlUpperChar
-  - RtlCompareUnicodeString
-  - strncpy
-  - KeServiceDescriptorTable
-  - NtOpenProcess
-  - MmSectionObjectType
-  - ObOpenObjectByName
-  - IoDriverObjectType
-  - NtQueryInformationProcess
-  - KeAddSystemServiceTable
-  - ZwQueryObject
-  - ZwQuerySecurityObject
-  - ObInsertObject
-  - _allrem
-  - IoReleaseVpbSpinLock
-  - IoAcquireVpbSpinLock
-  - SeCreateAccessState
-  - IoGetFileObjectGenericMapping
-  - ObCreateObject
-  - KeTickCount
-  - RtlUnwind
-  - KeEnterCriticalRegion
-  - ZwEnumerateKey
-  - ExAcquireFastMutexUnsafe
-  - ZwSetSecurityObject
-  - IoDeviceObjectType
-  - IoCreateDevice
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetSaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - RtlLengthSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - SeExports
-  - IoIsWdmVersionAvailable
-  - RtlLengthSid
-  - wcschr
-  - RtlAbsoluteToSelfRelativeSD
-  - ZwOpenProcess
-  - KeGetCurrentThread
-  - KfLowerIrql
-  - KeRaiseIrqlToDpcLevel
-  - ClassInitialize
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=TW, ST=Taiwan, L=Taipei, O=Trend Micro, Inc., OU=Digital ID Class
-        3 , Microsoft Software Validation v2, OU=RD, CN=Trend Micro, Inc.
-      ValidFrom: '2008-01-16 00:00:00'
-      ValidTo: '2011-02-16 23:59:59'
-      Signature: 5a693868cea6ba49064b801a0d9e12887a37cbb92cca2950cc5e99c2df9aec5697422e67cd042836daf09a09e739f625255841fed1ec9657cb8b3edc08c55c302574cbdb3f7de2798ed769d766402619b48041f9d90f8c904488788412b1c632055e1afc4a5bbac642cb626bd20fece0feaa6cf9b287887788cf64586309a14a644b5f0595c0ddcb7d789831faedb48451e40e342da4ccbc38a5e992e57e7ce5328d531a8c68e61f9dc9be65605c1bedf3358579000b91a19b3be388bac36b58ca76b72358bd8e74e0a7b08b0587bb7a29758c01af40b80e8e72c76abd3a2babfe7c1ed6e7b1cd9b0221a605062b6d9d0ceb57e0eb305fdc5eb5bf6ea442f4c9
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 645212f783f4d7aba3555729e99ce065
-      Version: 3
-      TBS:
-        MD5: e00f0a38c65f7c0b9f19b97448d6a0e3
-        SHA1: 91c033a2f289418c4101654dceacef1b25bb55d0
-        SHA256: 38b3fcbdb734b0e3439f3c9a3c4c1712091f577d2b616d41224137faf7ba7c86
-        SHA384: d3a0e6ebbe1b8a4847fa56fa62a48d76fc223870a66d30de9ce77fe5ff4ac0eeb84644ab4b67a7c4638ce79dec03a62d
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 645212f783f4d7aba3555729e99ce065
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: df8a25ecde66c4d7d7b6be099c7b9b67
-    SHA1: c723f9aa149d1ded440fe119ee6dccabdb9f5c1c
-    SHA256: 353de968d66434d82e17dad93d2565f57228bd75935707cf356b3a1cc6e55df2
-  Sections:
-    .text:
-      Entropy: 6.653371338957767
-      Virtual Size: '0x1c041'
-    .rdata:
-      Entropy: 4.685387628366295
-      Virtual Size: '0x1504'
-    .data:
-      Entropy: 4.775148100931776
-      Virtual Size: '0x20d0'
-    PAGE:
-      Entropy: 6.262363907801653
-      Virtual Size: '0x13dd'
-    .edata:
-      Entropy: 5.773141863953021
-      Virtual Size: '0x4204'
-    INIT:
-      Entropy: 5.711791309479314
-      Virtual Size: '0x11e0'
-    .rsrc:
-      Entropy: 3.3952563288801993
-      Virtual Size: '0x4b0'
-    .reloc:
-      Entropy: 6.406852082339942
-      Virtual Size: '0x1c9a'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2010-02-08 02:56:46'
-  Imphash: 0ebd5902a82ddfef8ed96678c1573a7b
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: TmComm.sys
-  MD5: 29122f970a9e766ef01a73e0616d68b3
-  SHA1: 432fa24e0ce4b3673113c90b34d6e52dc7bac471
-  SHA256: 4e37592a2a415f520438330c32cfbdbd6af594deef5290b2fa4b9722b898ff69
-  Authentihash:
-    MD5: 84cb997d2380df8ee2ac77eacdb2d9f7
-    SHA1: c8c6a98f592d7255d12b7a6c3d7f5bf5c4a34b50
-    SHA256: 62d1ca62fb251b1eeda5d2577719414e6e26d4afdc5f3df3faf3b35de5cb9506
-  Description: TrendMicro Common Module
-  Company: Trend Micro Inc.
-  InternalName: TmComm.sys
-  OriginalFilename: TmComm.sys
-  FileVersion: 6.70.0.1140
-  Product: Trend Micro Eyes
-  ProductVersion: '6.70'
-  Copyright: Copyright  (C)  2021 Trend Micro Incorporated. All rights reserved.
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions:
-  - ??0CAutoUpdateConfigThread@@QEAA@AEBV0@@Z
-  - ??0CAutoUpdateConfigThread@@QEAA@PEAU_UNICODE_STRING@@P6AX0PEAX@Z1@Z
-  - ??0CBlobConfig@@QEAA@AEBV0@@Z
-  - ??0CBlobConfig@@QEAA@K@Z
-  - ??0CContext@@QEAA@AEBV0@@Z
-  - ??0CContext@@QEAA@KP6AJPEAU_EVENT_REPORT@@PEAXPEAU_TMCE_REPORT@@PEAU_TMCE_FEEDBACK@@@Z1K@Z
-  - ??0CContextList@@QEAA@AEBV0@@Z
-  - ??0CContextList@@QEAA@KPEAVIMemoryAllocator@@@Z
-  - ??0CDebugLog@@QEAA@AEBV0@@Z
-  - ??0CDebugLog@@QEAA@PEBG@Z
-  - ??0CDebugLogEx@@QEAA@AEBV0@@Z
-  - ??0CDebugLogEx@@QEAA@K@Z
-  - ??0CDelayLoadThread@@QEAA@AEBV0@@Z
-  - ??0CDelayLoadThread@@QEAA@XZ
-  - ??0CExclusionExtConfig@@QEAA@AEBV0@@Z
-  - ??0CExclusionExtConfig@@QEAA@KKE@Z
-  - ??0CExclusionFileNameConfig@@QEAA@AEBV0@@Z
-  - ??0CExclusionFileNameConfig@@QEAA@KK@Z
-  - ??0CExclusionFilePathConfig@@QEAA@AEBV0@@Z
-  - ??0CExclusionFilePathConfig@@QEAA@KK@Z
-  - ??0CExclusionFolderConfig@@QEAA@AEBV0@@Z
-  - ??0CExclusionFolderConfig@@QEAA@KK@Z
-  - ??0CExclusionRegistryConfig@@QEAA@AEBV0@@Z
-  - ??0CExclusionRegistryConfig@@QEAA@KK@Z
-  - ??0CFile@@QEAA@AEBV0@@Z
-  - ??0CFile@@QEAA@E@Z
-  - ??0CFileExtension@@QEAA@AEBV0@@Z
-  - ??0CFileExtension@@QEAA@KEEPEAVIMemoryAllocator@@@Z
-  - ??0CInclusionExtConfig@@QEAA@AEBV0@@Z
-  - ??0CInclusionExtConfig@@QEAA@KKE@Z
-  - ??0CInclusionFileNameConfig@@QEAA@AEBV0@@Z
-  - ??0CInclusionFileNameConfig@@QEAA@KK@Z
-  - ??0CInclusionFilePathConfig@@QEAA@AEBV0@@Z
-  - ??0CInclusionFilePathConfig@@QEAA@KK@Z
-  - ??0CInclusionFolderConfig@@QEAA@AEBV0@@Z
-  - ??0CInclusionFolderConfig@@QEAA@KK@Z
-  - ??0CKEvent@@QEAA@AEBV0@@Z
-  - ??0CKEvent@@QEAA@W4_EVENT_TYPE@@E@Z
-  - ??0CList@@QEAA@AEBV0@@Z
-  - ??0CList@@QEAA@KPEAVIMemoryAllocator@@@Z
-  - ??0CLockEvent@@QEAA@AEBV0@@Z
-  - ??0CLockEvent@@QEAA@XZ
-  - ??0CLockList@@QEAA@AEBV0@@Z
-  - ??0CLockList@@QEAA@KKPEAVIMemoryAllocator@@@Z
-  - ??0CMemoryAllocator@@IEAA@W4_POOL_TYPE@@K@Z
-  - ??0CMemoryAllocator@@QEAA@AEBV0@@Z
-  - ??0CMemoryPoolAllocator@@IEAA@W4_POOL_TYPE@@_K1K@Z
-  - ??0CMemoryPoolAllocator@@QEAA@AEBV0@@Z
-  - ??0CModuleConfig@@QEAA@AEBV0@@Z
-  - ??0CModuleConfig@@QEAA@XZ
-  - ??0CModuleConfigList@@QEAA@AEBV0@@Z
-  - ??0CModuleConfigList@@QEAA@KPEAVIMemoryAllocator@@@Z
-  - ??0CModuleFileExtConfig@@QEAA@AEBV0@@Z
-  - ??0CModuleFileExtConfig@@QEAA@KKE@Z
-  - ??0CModuleFlagConfig@@QEAA@AEBV0@@Z
-  - ??0CModuleFlagConfig@@QEAA@K@Z
-  - ??0CModuleMultiStringConfig@@QEAA@AEBV0@@Z
-  - ??0CModuleMultiStringConfig@@QEAA@KK@Z
-  - ??0CModuleStringConfig@@QEAA@AEBV0@@Z
-  - ??0CModuleStringConfig@@QEAA@K@Z
-  - ??0CNoLockList@@QEAA@AEBV0@@Z
-  - ??0CNoLockList@@QEAA@KKPEAVIMemoryAllocator@@@Z
-  - ??0CSmartLock@@QEAA@AEAVCLockEvent@@@Z
-  - ??0CSmartLock@@QEAA@XZ
-  - ??0CSmartReference@@QEAA@AEAJ@Z
-  - ??0CSmartReference@@QEAA@AEAK@Z
-  - ??0CSmartResource@@QEAA@AEAVCResource@@E@Z
-  - ??0CStrList@@QEAA@AEBV0@@Z
-  - ??0CStrList@@QEAA@KPEAVIMemoryAllocator@@@Z
-  - ??0CSystemThread@@QEAA@AEBV0@@Z
-  - ??0CSystemThread@@QEAA@K@Z
-  - ??0CUserFuncAdapterJob@@QEAA@AEBV0@@Z
-  - ??0CUserFuncAdapterJob@@QEAA@P6AXPEAX@Z01@Z
-  - ??0CWorkerThread@@IEAA@PEAVCWorkerThreadJobQueue@@@Z
-  - ??0CWorkerThread@@QEAA@AEBV0@@Z
-  - ??0CWorkerThreadJob@@QEAA@AEBV0@@Z
-  - ??0CWorkerThreadJob@@QEAA@E@Z
-  - ??0CWorkerThreadJobQueue@@QEAA@AEBV0@@Z
-  - ??0CWorkerThreadJobQueue@@QEAA@K@Z
-  - ??0CWorkerThreadPool@@QEAA@AEBV0@@Z
-  - ??0CWorkerThreadPool@@QEAA@K@Z
-  - ??0CWorkerThreadPoolEx@@QEAA@AEBV0@@Z
-  - ??0CWorkerThreadPoolEx@@QEAA@KK@Z
-  - ??0IMemoryAllocator@@QEAA@AEBV0@@Z
-  - ??0IMemoryAllocator@@QEAA@XZ
-  - ??1CAutoUpdateConfigThread@@UEAA@XZ
-  - ??1CBlobConfig@@UEAA@XZ
-  - ??1CContext@@UEAA@XZ
-  - ??1CContextList@@UEAA@XZ
-  - ??1CDebugLog@@UEAA@XZ
-  - ??1CDebugLogEx@@UEAA@XZ
-  - ??1CDelayLoadThread@@UEAA@XZ
-  - ??1CExclusionExtConfig@@UEAA@XZ
-  - ??1CExclusionFileNameConfig@@UEAA@XZ
-  - ??1CExclusionFilePathConfig@@UEAA@XZ
-  - ??1CExclusionFolderConfig@@UEAA@XZ
-  - ??1CExclusionRegistryConfig@@UEAA@XZ
-  - ??1CFile@@UEAA@XZ
-  - ??1CFileExtension@@UEAA@XZ
-  - ??1CInclusionExtConfig@@UEAA@XZ
-  - ??1CInclusionFileNameConfig@@UEAA@XZ
-  - ??1CInclusionFilePathConfig@@UEAA@XZ
-  - ??1CInclusionFolderConfig@@UEAA@XZ
-  - ??1CKEvent@@UEAA@XZ
-  - ??1CList@@UEAA@XZ
-  - ??1CLockEvent@@UEAA@XZ
-  - ??1CLockList@@UEAA@XZ
-  - ??1CMemoryAllocator@@UEAA@XZ
-  - ??1CMemoryPoolAllocator@@UEAA@XZ
-  - ??1CModuleConfig@@UEAA@XZ
-  - ??1CModuleConfigList@@UEAA@XZ
-  - ??1CModuleFileExtConfig@@UEAA@XZ
-  - ??1CModuleFlagConfig@@UEAA@XZ
-  - ??1CModuleMultiStringConfig@@UEAA@XZ
-  - ??1CModuleStringConfig@@UEAA@XZ
-  - ??1CNoLockList@@UEAA@XZ
-  - ??1CSmartLock@@QEAA@XZ
-  - ??1CSmartReference@@QEAA@XZ
-  - ??1CSmartResource@@QEAA@XZ
-  - ??1CStrList@@UEAA@XZ
-  - ??1CSystemThread@@UEAA@XZ
-  - ??1CUserFuncAdapterJob@@UEAA@XZ
-  - ??1CWorkerThread@@UEAA@XZ
-  - ??1CWorkerThreadJob@@UEAA@XZ
-  - ??1CWorkerThreadJobQueue@@UEAA@XZ
-  - ??1CWorkerThreadPool@@UEAA@XZ
-  - ??1CWorkerThreadPoolEx@@UEAA@XZ
-  - ??1IMemoryAllocator@@UEAA@XZ
-  - ??2@YAPEAX_KPEAVIMemoryAllocator@@PEBDK@Z
-  - ??2CMemoryAllocator@@SAPEAX_K@Z
-  - ??2CMemoryPoolAllocator@@SAPEAX_K@Z
-  - ??3@YAXPEAX@Z
-  - ??3IMemoryAllocator@@SAXPEAX@Z
-  - ??4CAutoUpdateConfigThread@@QEAAAEAV0@AEBV0@@Z
-  - ??4CBlobConfig@@QEAAAEAV0@AEBV0@@Z
-  - ??4CContext@@QEAAAEAV0@AEBV0@@Z
-  - ??4CDebugLog@@QEAAAEAV0@AEBV0@@Z
-  - ??4CDebugLogEx@@QEAAAEAV0@AEBV0@@Z
-  - ??4CDelayLoadThread@@QEAAAEAV0@AEBV0@@Z
-  - ??4CFile@@QEAAAEAV0@AEBV0@@Z
-  - ??4CKEvent@@QEAAAEAV0@AEBV0@@Z
-  - ??4CLockEvent@@QEAAAEAV0@AEBV0@@Z
-  - ??4CMemoryAllocator@@QEAAAEAV0@AEBV0@@Z
-  - ??4CMemoryPoolAllocator@@QEAAAEAV0@AEBV0@@Z
-  - ??4CModuleConfig@@QEAAAEAV0@AEBV0@@Z
-  - ??4CModuleFlagConfig@@QEAAAEAV0@AEBV0@@Z
-  - ??4CModuleStringConfig@@QEAAAEAV0@AEBV0@@Z
-  - ??4CSmartLock@@QEAAAEAV0@AEBV0@@Z
-  - ??4CSmartLock@@QEAAAEBV0@AEAVCLockEvent@@@Z
-  - ??4CSmartResource@@QEAAAEAV0@AEBV0@@Z
-  - ??4CSystemThread@@QEAAAEAV0@AEBV0@@Z
-  - ??4CUserFuncAdapterJob@@QEAAAEAV0@AEBV0@@Z
-  - ??4CWorkerThread@@QEAAAEAV0@AEBV0@@Z
-  - ??4CWorkerThreadJob@@QEAAAEAV0@AEBV0@@Z
-  - ??4IMemoryAllocator@@QEAAAEAV0@AEBV0@@Z
-  - ??_7CAutoUpdateConfigThread@@6B@
-  - ??_7CBlobConfig@@6B@
-  - ??_7CContext@@6B@
-  - ??_7CContextList@@6B@
-  - ??_7CDebugLog@@6B@
-  - ??_7CDebugLogEx@@6B@
-  - ??_7CDelayLoadThread@@6B@
-  - ??_7CExclusionExtConfig@@6B@
-  - ??_7CExclusionFileNameConfig@@6B@
-  - ??_7CExclusionFilePathConfig@@6B@
-  - ??_7CExclusionFolderConfig@@6B@
-  - ??_7CExclusionRegistryConfig@@6B@
-  - ??_7CFile@@6B@
-  - ??_7CFileExtension@@6B@
-  - ??_7CInclusionExtConfig@@6B@
-  - ??_7CInclusionFileNameConfig@@6B@
-  - ??_7CInclusionFilePathConfig@@6B@
-  - ??_7CInclusionFolderConfig@@6B@
-  - ??_7CKEvent@@6B@
-  - ??_7CList@@6B@
-  - ??_7CLockEvent@@6B@
-  - ??_7CLockList@@6B@
-  - ??_7CMemoryAllocator@@6B@
-  - ??_7CMemoryPoolAllocator@@6B@
-  - ??_7CModuleConfig@@6B@
-  - ??_7CModuleConfigList@@6B@
-  - ??_7CModuleFileExtConfig@@6B@
-  - ??_7CModuleFlagConfig@@6B@
-  - ??_7CModuleMultiStringConfig@@6B@
-  - ??_7CModuleStringConfig@@6B@
-  - ??_7CNoLockList@@6B@
-  - ??_7CStrList@@6B@
-  - ??_7CSystemThread@@6B@
-  - ??_7CUserFuncAdapterJob@@6B@
-  - ??_7CWorkerThread@@6B@
-  - ??_7CWorkerThreadJob@@6B@
-  - ??_7CWorkerThreadJobQueue@@6B@
-  - ??_7CWorkerThreadPool@@6B@
-  - ??_7CWorkerThreadPoolEx@@6B@
-  - ??_7IMemoryAllocator@@6B@
-  - ??_FCContextList@@QEAAXXZ
-  - ??_FCFile@@QEAAXXZ
-  - ??_FCFileExtension@@QEAAXXZ
-  - ??_FCModuleConfigList@@QEAAXXZ
-  - ??_FCStrList@@QEAAXXZ
-  - ??_FCSystemThread@@QEAAXXZ
-  - ??_FCWorkerThread@@QEAAXXZ
-  - ??_FCWorkerThreadJob@@QEAAXXZ
-  - ??_FCWorkerThreadJobQueue@@QEAAXXZ
-  - ??_U@YAPEAX_KPEAVIMemoryAllocator@@PEBDK@Z
-  - ??_V@YAXPEAX@Z
-  - ?Acquire@CLockEvent@@QEAAXXZ
-  - ?Add@CContextList@@QEAAEPEAVCContext@@@Z
-  - ?Add@CFileExtension@@QEAAEPEBGK@Z
-  - ?Add@CModuleConfigList@@QEAAEPEAVCModuleConfig@@@Z
-  - ?Add@CStrList@@QEAAEPEBG@Z
-  - ?AddNode@CLockList@@UEAAEQEAXE@Z
-  - ?AddNode@CNoLockList@@UEAAEQEAXE@Z
-  - ?Alloc@CMemoryAllocator@@UEAAPEAX_KPEBDK@Z
-  - ?Alloc@CMemoryPoolAllocator@@UEAAPEAX_KPEBDK@Z
-  - ?AllocBlock@CMemoryPoolAllocator@@IEAAPEAX_K@Z
-  - ?AttachJobQueue@CWorkerThread@@QEAAXPEAVCWorkerThreadJobQueue@@@Z
-  - ?Cancel@CWorkerThreadJob@@QEAAXXZ
-  - ?CheckNode@CLockList@@UEAAHQEAX@Z
-  - ?CheckNode@CNoLockList@@UEAAHQEAX@Z
-  - ?CleanQueue@CWorkerThreadJobQueue@@QEAAXXZ
-  - ?Cleanup@CBlobConfig@@AEAAXXZ
-  - ?Cleanup@CModuleFileExtConfig@@IEAAXXZ
-  - ?Cleanup@CModuleMultiStringConfig@@IEAAXXZ
-  - ?Cleanup@CModuleStringConfig@@AEAAXXZ
-  - ?Close@CFile@@QEAAJXZ
-  - ?Count@CLockList@@QEAAKXZ
-  - ?Count@CNoLockList@@QEAAKXZ
-  - ?Create@CFile@@QEAAJPEBGKKKK@Z
-  - ?Create@CSystemThread@@QEAAEXZ
-  - ?CreateInstance@CMemoryAllocator@@SAPEAV1@W4_POOL_TYPE@@K@Z
-  - ?CreateInstance@CMemoryPoolAllocator@@SAPEAV1@W4_POOL_TYPE@@_K1K@Z
-  - ?CreatePool@CWorkerThreadPool@@QEAAEXZ
-  - ?CreatePool@CWorkerThreadPoolEx@@QEAAEXZ
-  - ?CreateThreads@CWorkerThreadPool@@QEAAEK@Z
-  - ?CreateThreads@CWorkerThreadPoolEx@@QEAAEK@Z
-  - ?CreateWIRP@CFile@@QEAAJPEBGKKKK@Z
-  - ?Delete@CFile@@QEAAJXZ
-  - ?Delete@CFileExtension@@QEAAEPEBGK@Z
-  - ?Delete@CStrList@@QEAAEPEBG@Z
-  - ?DeleteAll@CList@@UEAAXXZ
-  - ?DeleteAll@CLockList@@UEAAXXZ
-  - ?DeleteAll@CNoLockList@@UEAAXXZ
-  - ?DeleteNode@CContextList@@MEAAXPEAX@Z
-  - ?DeleteNode@CList@@UEAAXPEAX@Z
-  - ?DeleteNode@CModuleConfigList@@MEAAXPEAX@Z
-  - ?DeleteNode@CStrList@@EEAAXPEAU_STR_LIST_NODE@1@@Z
-  - ?DisableWriteProtectFromCR0@@YAXPEAPEAX@Z
-  - ?DoIt@CWorkerThreadJob@@QEAAJXZ
-  - ?EntryPoint@CSystemThread@@KAXPEAX@Z
-  - ?Find@CContextList@@QEAAPEAVCContext@@K@Z
-  - ?Find@CContextList@@QEAAPEAVCContext@@PEAX@Z
-  - ?Find@CFileExtension@@QEAAPEAU_STR_LIST_NODE@CStrList@@PEBGK@Z
-  - ?Find@CModuleConfigList@@QEAAPEAVCModuleConfig@@K@Z
-  - ?Find@CStrList@@QEAAPEAU_STR_LIST_NODE@1@PEBG@Z
-  - ?FindNode@CContextList@@IEAAPEAXPEAX@Z
-  - ?FindPartiallyAndAllMatch@CStrList@@QEAAPEAU_STR_LIST_NODE@1@PEBG@Z
-  - ?FinishFunction@CUserFuncAdapterJob@@MEAAXXZ
-  - ?FinishIt@CWorkerThreadJob@@QEAAJXZ
-  - ?First@CList@@UEAAPEAXXZ
-  - ?First@CLockList@@UEAAPEAXXZ
-  - ?First@CNoLockList@@UEAAPEAXXZ
-  - ?Free@CMemoryAllocator@@UEAAXPEAX@Z
-  - ?Free@CMemoryPoolAllocator@@UEAAXPEAX@Z
-  - ?GetAttributes@CFile@@QEAAKXZ
-  - ?GetBasicInfomration@CFile@@IEAAJXZ
-  - ?GetBlobCofig@CContext@@UEAAJKPEAXPEAK@Z
-  - ?GetCategory@CContext@@QEAAKXZ
-  - ?GetData@CBlobConfig@@QEAAHPEAXPEAK@Z
-  - ?GetData@CModuleFileExtConfig@@QEAAHPEAGPEAK@Z
-  - ?GetData@CModuleFileExtConfig@@QEAAPEAVCFileExtension@@XZ
-  - ?GetData@CModuleFlagConfig@@QEAAKXZ
-  - ?GetData@CModuleMultiStringConfig@@QEAAHPEAGPEAK@Z
-  - ?GetData@CModuleMultiStringConfig@@QEAAPEAVCStrList@@XZ
-  - ?GetData@CModuleStringConfig@@QEAAPEAGXZ
-  - ?GetData@CStrList@@QEAAEPEAGPEAK@Z
-  - ?GetDataType@CModuleConfig@@QEAAKXZ
-  - ?GetEngineContext@CContext@@QEAAPEAXXZ
-  - ?GetFileExtensionConfig@CContext@@QEAAPEAVCFileExtension@@K@Z
-  - ?GetFileExtensionConfig@CContext@@UEAAJKPEAGPEAK@Z
-  - ?GetFileSize@CFile@@QEAAJPEAT_LARGE_INTEGER@@@Z
-  - ?GetFileSizeWIRP@CFile@@QEAAJPEAT_LARGE_INTEGER@@@Z
-  - ?GetFlagConfig@CContext@@UEAAJKPEAK@Z
-  - ?GetID@CModuleConfig@@QEAAKXZ
-  - ?GetJob@CWorkerThreadJobQueue@@QEAAPEAVCWorkerThreadJob@@XZ
-  - ?GetLength@CModuleStringConfig@@QEAAKXZ
-  - ?GetLinkContext@CContext@@QEAAPEAXXZ
-  - ?GetLogFlag@CDebugLog@@QEAAKXZ
-  - ?GetLogFlag@CDebugLogEx@@QEAAKXZ
-  - ?GetModuleId@CModuleConfig@@QEAAKXZ
-  - ?GetMultiStringConfig@CContext@@QEAAPEAVCStrList@@K@Z
-  - ?GetMultiStringConfig@CContext@@UEAAJKPEAGPEAK@Z
-  - ?GetOneThreadTEB@CWorkerThreadPool@@QEAAPEAU_ETHREAD@@XZ
-  - ?GetOneThreadTEB@CWorkerThreadPool@@QEAAPEAU_KTHREAD@@XZ
-  - ?GetOneThreadTEB@CWorkerThreadPoolEx@@QEAAPEAU_ETHREAD@@XZ
-  - ?GetOneThreadTEB@CWorkerThreadPoolEx@@QEAAPEAU_KTHREAD@@XZ
-  - ?GetReportCallBackRoutine@CContext@@QEAA_KXZ
-  - ?GetSize@CBlobConfig@@QEAAKXZ
-  - ?GetStringConfig@CContext@@QEAAPEAGK@Z
-  - ?GetStringConfig@CContext@@UEAAJKPEAGPEAK@Z
-  - ?GetThreadCount@CWorkerThreadPool@@QEAAKXZ
-  - ?GetThreadCount@CWorkerThreadPoolEx@@QEAAKXZ
-  - ?GetThreadID@CSystemThread@@QEAA_KXZ
-  - ?GetType@CContext@@QEAAKXZ
-  - ?GetUserParameter@CContext@@QEAA_KXZ
-  - ?InitProcMon@CDebugLogEx@@IEAAXXZ
-  - ?InitializeBlobConfig@CContext@@QEAAHKPEAXK@Z
-  - ?InitializeFileExtensionConfig@CContext@@QEAAHKPEBG@Z
-  - ?InitializeFlagConfig@CContext@@QEAAHKK@Z
-  - ?InitializeMultiStringConfig@CContext@@QEAAHKPEBG@Z
-  - ?InitializeStringConfig@CContext@@QEAAHKPEBG@Z
-  - ?Insert@CList@@UEAAXQEAXE@Z
-  - ?Insert@CLockList@@UEAAXQEAXE@Z
-  - ?Insert@CNoLockList@@UEAAXQEAXE@Z
-  - ?InsertAfter@CList@@UEAAXPEAX0@Z
-  - ?InsertBefore@CList@@UEAAXPEAX0@Z
-  - ?Instance@CWorkerThreadPool@@SAPEAV1@XZ
-  - ?IsEmpty@CList@@UEAAEXZ
-  - ?IsEmpty@CLockList@@UEAAEXZ
-  - ?IsEmpty@CNoLockList@@UEAAEXZ
-  - ?IsExceedLimitation@CMemoryPoolAllocator@@IEAAEK@Z
-  - ?IsFull@CLockList@@QEBAEXZ
-  - ?IsFull@CNoLockList@@QEBAEXZ
-  - ?IsInExclusionList@CExclusionExtConfig@@QEAAEPEBG@Z
-  - ?IsInExclusionList@CExclusionFileNameConfig@@QEAAEPEBG@Z
-  - ?IsInExclusionList@CExclusionFilePathConfig@@QEAAEPEBG@Z
-  - ?IsInExclusionList@CExclusionFolderConfig@@QEAAEPEBG@Z
-  - ?IsInExclusionList@CExclusionRegistryConfig@@QEAAEPEBG@Z
-  - ?IsInInclusionList@CInclusionExtConfig@@QEAAEPEBG@Z
-  - ?IsInInclusionList@CInclusionFileNameConfig@@QEAAEPEBG@Z
-  - ?IsInInclusionList@CInclusionFilePathConfig@@QEAAEPEBG@Z
-  - ?IsInInclusionList@CInclusionFolderConfig@@QEAAEPEBG@Z
-  - ?IsOpened@CFile@@QEAAEXZ
-  - ?IsTerminated@CWorkerThreadPool@@QEAAEXZ
-  - ?IsTerminated@CWorkerThreadPoolEx@@QEAAEXZ
-  - ?IsValid@CMemoryAllocator@@UEAAEXZ
-  - ?IsValid@CMemoryPoolAllocator@@UEAAEXZ
-  - ?IsValid@IMemoryAllocator@@UEAAEXZ
-  - ?IsWorkerThread@CWorkerThreadPool@@QEAAE_K@Z
-  - ?IsWorkerThread@CWorkerThreadPoolEx@@QEAAE_K@Z
-  - ?JobFunction@CUserFuncAdapterJob@@MEAAXXZ
-  - ?JobQueue@CWorkerThreadPool@@QEAAAEAVCWorkerThreadJobQueue@@XZ
-  - ?JobQueue@CWorkerThreadPoolEx@@QEAAAEAVCWorkerThreadJobQueue@@XZ
-  - ?Limit@CLockList@@QEAAKXZ
-  - ?Limit@CNoLockList@@QEAAKXZ
-  - ?MatchAllExtensions@CFileExtension@@QEAAEXZ
-  - ?MatchNoExtensions@CFileExtension@@QEAAEXZ
-  - ?MergeLeft@CMemoryPoolAllocator@@IEAAPEAXPEAX@Z
-  - ?MergeRight@CMemoryPoolAllocator@@IEAAPEAXPEAX@Z
-  - ?NeedDelete@CWorkerThreadJob@@QEAAEXZ
-  - ?NeedDeleteWhenFinish@CWorkerThreadJob@@QEAAXE@Z
-  - ?NewNode@CList@@UEAAPEAXXZ
-  - ?NewNode@CStrList@@EEAAPEAXXZ
-  - ?NewNodeVariant@CList@@IEAAPEAXK@Z
-  - ?Next@CList@@UEBAPEAXQEAX@Z
-  - ?Next@CLockList@@UEBAPEAXQEAX@Z
-  - ?Next@CNoLockList@@UEBAPEAXQEAX@Z
-  - ?NextPool@CMemoryPoolAllocator@@QEAAPEAV1@XZ
-  - ?NotityTerminate@CWorkerThread@@QEAAXXZ
-  - ?PostJobToWorkerThread@CWorkerThreadPool@@QEAAJP6AXPEAX@Z0E@Z
-  - ?PostJobToWorkerThread@CWorkerThreadPoolEx@@QEAAJP6AXPEAX@Z0E1@Z
-  - ?Pulse@CKEvent@@QEAAJJE@Z
-  - ?QueueJob@CWorkerThreadJobQueue@@QEAAEPEAVCWorkerThreadJob@@@Z
-  - ?QueueJobItem@CWorkerThreadPool@@QEAAJPEAVCWorkerThreadJob@@@Z
-  - ?QueueJobItem@CWorkerThreadPoolEx@@QEAAJPEAVCWorkerThreadJob@@@Z
-  - ?RCMInstance@CWorkerThreadPool@@SAPEAV1@XZ
-  - ?Read@CFile@@QEAAJPEADKPEAK@Z
-  - ?ReadWIRP@CFile@@QEAAJPEADKPEAK@Z
-  - ?ReferenceCount@CContext@@QEAAAEAKXZ
-  - ?Release@CLockEvent@@QEAAXXZ
-  - ?Remove@CContextList@@UEAAEQEAX@Z
-  - ?Remove@CList@@UEAAEQEAX@Z
-  - ?Remove@CLockList@@UEAAEQEAX@Z
-  - ?Remove@CNoLockList@@UEAAEQEAX@Z
-  - ?RemoveHead@CList@@UEAAPEAXXZ
-  - ?RemoveHead@CLockList@@UEAAPEAXXZ
-  - ?RemoveHead@CNoLockList@@UEAAPEAXXZ
-  - ?RemoveTail@CList@@UEAAPEAXXZ
-  - ?RemoveTail@CLockList@@UEAAPEAXXZ
-  - ?RemoveTail@CNoLockList@@UEAAPEAXXZ
-  - ?Reset@CKEvent@@QEAAXXZ
-  - ?ResetData@CInclusionExtConfig@@QEAAXXZ
-  - ?ResetData@CInclusionFileNameConfig@@QEAAXXZ
-  - ?ResetData@CInclusionFilePathConfig@@QEAAXXZ
-  - ?ResetData@CInclusionFolderConfig@@QEAAXXZ
-  - ?RestoreCR0@@YAXPEAX@Z
-  - ?Run@CAutoUpdateConfigThread@@UEAAXXZ
-  - ?Run@CDelayLoadThread@@UEAAXXZ
-  - ?Run@CWorkerThread@@UEAAXXZ
-  - ?SeekToEnd@CFile@@QEAAJXZ
-  - ?Set@CKEvent@@QEAAJJE@Z
-  - ?SetAttributes@CFile@@QEAAJK@Z
-  - ?SetBlobCofig@CContext@@UEAAJKPEAXK@Z
-  - ?SetData@CBlobConfig@@QEAAHPEAXK@Z
-  - ?SetData@CModuleFileExtConfig@@QEAAHPEBG@Z
-  - ?SetData@CModuleFlagConfig@@QEAAHK@Z
-  - ?SetData@CModuleMultiStringConfig@@QEAAHPEBGK@Z
-  - ?SetData@CModuleStringConfig@@QEAAHPEBG@Z
-  - ?SetEngineContext@CContext@@QEAAXPEAX@Z
-  - ?SetFileExtensionConfig@CContext@@UEAAJKPEBG@Z
-  - ?SetFlagConfig@CContext@@UEAAJKK@Z
-  - ?SetLinkContext@CContext@@QEAAXPEAX@Z
-  - ?SetLogFlag@CDebugLog@@QEAAEK@Z
-  - ?SetLogFlag@CDebugLogEx@@QEAAEK@Z
-  - ?SetMatchAllExtensions@CFileExtension@@QEAAXE@Z
-  - ?SetMatchNoExtensions@CFileExtension@@QEAAXE@Z
-  - ?SetMultiStringConfig@CContext@@UEAAJKPEBG@Z
-  - ?SetNewJobItemEvent@CWorkerThreadJobQueue@@QEAAXXZ
-  - ?SetPriority@CSystemThread@@QEAAXK@Z
-  - ?SetStopUse@CContext@@QEAAXXZ
-  - ?SetStringConfig@CContext@@UEAAJKPEBG@Z
-  - ?Setup@CSystemThread@@MEAAXXZ
-  - ?StopUse@CContext@@QEAAHXZ
-  - ?TearDown@CSystemThread@@MEAAXXZ
-  - ?Terminate@CSystemThread@@QEAAXE@Z
-  - ?Terminate@CWorkerThreadPool@@QEAAEXZ
-  - ?Terminate@CWorkerThreadPoolEx@@QEAAEXZ
-  - ?TmExceptionFilter@@YAJPEAU_EXCEPTION_POINTERS@@@Z
-  - ?Wait@CKEvent@@QEAAJPEAT_LARGE_INTEGER@@E@Z
-  - ?WaitFinish@CWorkerThreadJob@@QEAAXXZ
-  - ?WaitForInit@CDelayLoadThread@@QEAAEXZ
-  - ?WaitForLoad@CDelayLoadThread@@QEAAEXZ
-  - ?WaitNewJobAvailable@CWorkerThreadJobQueue@@QEAAEXZ
-  - ?WaitQueueEmpty@CWorkerThreadJobQueue@@QEAAXXZ
-  - ?Write@CDebugLog@@QEAAXPEBDZZ
-  - ?Write@CDebugLogEx@@QEAAXPEBDZZ
-  - ?Write@CFile@@QEAAJPEADKPEAT_LARGE_INTEGER@@PEAK@Z
-  - ?WriteDataToFile@CDebugLogEx@@IEAAXPEADK@Z
-  - ?WriteDataToProcMonW@CDebugLogEx@@IEAAXPEAD@Z
-  - ?WriteSystemInformation@CDebugLog@@QEAAXXZ
-  - ?WriteSystemInformation@CDebugLogEx@@QEAAXXZ
-  - ?WriteSystemStringInformation@CDebugLog@@IEAAXPEBG@Z
-  - ?WriteSystemStringInformation@CDebugLogEx@@IEAAXPEBG@Z
-  - ?WriteToFile@CDebugLog@@IEAAXPEADK@Z
-  - ?WriteToProcMonW@CDebugLogEx@@IEAAXPEAU_UNICODE_STRING@@@Z
-  - ?_pNonPagedAllocator@@3PEAVCMemoryAllocator@@EA
-  - ?_pPagedAllocator@@3PEAVCMemoryAllocator@@EA
-  - ?m_lpInstance@CWorkerThreadPool@@1PEAV1@EA
-  - ?m_lpRCMInstance@CWorkerThreadPool@@1PEAV1@EA
-  - DeInitKm2UmCommunication
-  - DeInitKmLPC
-  - DuplicateFullFileName
-  - FreeFullFileName
-  - GetFileVersionOfNtoskrnl
-  - GetKm2UmMode
-  - GetModuleInfoByAddress
-  - GetModuleInfoByModuleName
-  - InitKm2UmCommunication
-  - InitKmLPC
-  - IsWindows8_1_update
-  - KmCallUm
-  - KmCallUmByLPC
-  - KmCallUmEx
-  - KmCleanupCommPortAPIs
-  - KmGetUmInitProcess
-  - KmSetCommPortAPIs
-  - ModGetExportProcAddress
-  - ModLoadDLLToBuffer
-  - ModLoadDLLToBufferWithImageSize
-  - ModLoadModule
-  - ModUnLoadModule
-  - NormalizeFileName
-  - NormalizeFileName1
-  - NormalizeFullNtPathToDosName
-  - NormalizeFullNtPathToDosName1
-  - TmCommConfigRoutine
-  - UtilAddDeviceInDriveTable
-  - UtilAddReparsePointMapping
-  - UtilCleanFileReadOnly
-  - UtilCloseExclusiveHandle
-  - UtilCreateDosFileName
-  - UtilDeleteFileForce
-  - UtilGetDeviceObjectName
-  - UtilGetFileNameFromFileObject
-  - UtilGetFileObjectForProcessByEPROC
-  - UtilGetFileObjectFromFileName
-  - UtilGetProcessName
-  - UtilGetSystemDirectory
-  - UtilGetSystemDirectoryEx
-  - UtilGetSystemDirectoryLength
-  - UtilGetSystemTime
-  - UtilIoSetFileInfo
-  - UtilIopCreateFileIRP
-  - UtilKeGetLowFileDevice
-  - UtilModuleIATHook
-  - UtilModuleIATUnHook
-  - UtilPostJobToWorkerThread
-  - UtilQueryExclusiveHandle
-  - UtilQueryKeyValue
-  - UtilRemoveDeviceFromDriveTable
-  - UtilVolumeDeviceToDosName
-  - UtilWaitValueChangeToZero
-  - UtilWriteVersionToRegistry
-  - UtilbuildDynamicDiskMappingTable
-  - UtlWriteBinValueKeyToRegistry
-  - ValidateAddressWithSize
-  - _ResetProtectFromClose
-  - _UtilDosPathNameToNtPathName
-  ImportedFunctions:
-  - KeLeaveCriticalRegion
-  - wcsncpy
-  - KeEnterCriticalRegion
-  - ExAcquireFastMutexUnsafe
-  - wcsrchr
-  - ExAcquireResourceSharedLite
-  - ExReleaseResourceLite
-  - _purecall
-  - ZwOpenEvent
-  - ZwConnectPort
-  - KeClearEvent
-  - PsProcessType
-  - ExFreePoolWithTag
-  - RtlInitUnicodeString
-  - KeSetEvent
-  - ProbeForWrite
-  - KeUnstackDetachProcess
-  - ZwRequestWaitReplyPort
-  - ZwWaitForSingleObject
-  - DbgBreakPoint
-  - ZwSetEvent
-  - IoGetCurrentProcess
-  - ZwFreeVirtualMemory
-  - ZwClose
-  - ObfReferenceObject
-  - ObfDereferenceObject
-  - RtlUnicodeStringToInteger
-  - ZwCreateSection
-  - ObOpenObjectByPointer
-  - KeStackAttachProcess
-  - KePulseEvent
-  - ZwAllocateVirtualMemory
-  - ObGetObjectSecurity
-  - SeAccessCheck
-  - SeReleaseSubjectContext
-  - SeCaptureSubjectContext
-  - PsThreadType
-  - ObReleaseObjectSecurity
-  - PsGetProcessExitTime
-  - MmSectionObjectType
-  - DbgPrint
-  - ExDeleteResourceLite
-  - ExInitializeResourceLite
-  - ZwReadFile
-  - swprintf
-  - ZwSetInformationFile
-  - ZwCreateFile
-  - ZwQueryInformationFile
-  - ZwWriteFile
-  - _wcsnicmp
-  - towupper
-  - ExAllocatePoolWithTag
-  - KeInitializeEvent
-  - ZwCreateEvent
-  - ZwCreateKey
-  - RtlAnsiStringToUnicodeString
-  - ZwNotifyChangeKey
-  - RtlInitAnsiString
-  - _snprintf
-  - RtlFreeUnicodeString
-  - ExSystemTimeToLocalTime
-  - _vsnprintf
-  - ObReferenceObjectByHandle
-  - RtlTimeToTimeFields
-  - ZwDeviceIoControlFile
-  - PsGetCurrentThreadId
-  - PsGetCurrentProcessId
-  - KeWaitForMultipleObjects
-  - ExGetPreviousMode
-  - RtlEqualUnicodeString
-  - RtlPrefixUnicodeString
-  - RtlAppendUnicodeStringToString
-  - RtlCopyUnicodeString
-  - RtlUpcaseUnicodeChar
-  - KeWaitForSingleObject
-  - KeSetPriorityThread
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - MmIsAddressValid
-  - KeDelayExecutionThread
-  - KeNumberProcessors
-  - PsLookupProcessByProcessId
-  - PsSetCreateProcessNotifyRoutine
-  - ZwOpenDirectoryObject
-  - ZwQueryInformationProcess
-  - ZwQuerySecurityObject
-  - NtSetInformationFile
-  - ZwDeleteValueKey
-  - ZwSetValueKey
-  - ZwQuerySystemInformation
-  - NtQueryInformationFile
-  - IoFileObjectType
-  - ZwQueryValueKey
-  - ZwQueryDirectoryFile
-  - NtCreateFile
-  - ZwEnumerateValueKey
-  - RtlLengthSecurityDescriptor
-  - ZwQueryDirectoryObject
-  - ZwSetSecurityObject
-  - ZwDuplicateObject
-  - ZwOpenProcess
-  - ExReleaseFastMutexUnsafe
-  - ZwDeleteKey
-  - ZwEnumerateKey
-  - ZwQueryKey
-  - ZwOpenKey
-  - MmSystemRangeStart
-  - _stricmp
-  - _strnicmp
-  - mbstowcs
-  - ProbeForRead
-  - RtlUpcaseUnicodeString
-  - _snwprintf
-  - ZwQuerySymbolicLinkObject
-  - ZwMapViewOfSection
-  - MmGetSystemRoutineAddress
-  - RtlAppendUnicodeToString
-  - IoCreateFile
-  - RtlQueryRegistryValues
-  - MmBuildMdlForNonPagedPool
-  - ZwOpenSymbolicLinkObject
-  - IoFreeMdl
-  - ObQueryNameString
-  - ZwUnmapViewOfSection
-  - NtClose
-  - IoFreeIrp
-  - PsGetVersion
-  - IoAllocateIrp
-  - RtlCompareMemory
-  - MmUnlockPages
-  - ZwSetInformationObject
-  - ZwOpenFile
-  - wcsncmp
-  - RtlImageNtHeader
-  - IoAllocateMdl
-  - IofCallDriver
-  - ZwQueryVolumeInformationFile
-  - ObReferenceObjectByPointer
-  - IoBuildDeviceIoControlRequest
-  - ZwOpenSection
-  - RtlSubAuthoritySid
-  - RtlLengthRequiredSid
-  - ExReleaseFastMutex
-  - ExAcquireFastMutex
-  - RtlCreateAcl
-  - RtlSetDaclSecurityDescriptor
-  - RtlAddAccessAllowedAce
-  - KeInitializeSemaphore
-  - KeReleaseSemaphore
-  - RtlInitializeSid
-  - RtlCreateSecurityDescriptor
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - IoGetDeviceObjectPointer
-  - ExEventObjectType
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - ObOpenObjectByName
-  - NtQueryInformationProcess
-  - strncpy
-  - NtOpenProcess
-  - ObInsertObject
-  - IoAcquireVpbSpinLock
-  - SeCreateAccessState
-  - IoGetFileObjectGenericMapping
-  - ObCreateObject
-  - KeAcquireQueuedSpinLock
-  - KeReleaseQueuedSpinLock
-  - IoReleaseVpbSpinLock
-  - wcschr
-  - IoGetConfigurationInformation
-  - IoRegisterPlugPlayNotification
-  - IoGetStackLimits
-  - IoBuildSynchronousFsdRequest
-  - KeReleaseSpinLock
-  - ExpInterlockedPopEntrySList
-  - FsRtlIsNameInExpression
-  - wcsstr
-  - ExAllocatePool
-  - IoUnregisterPlugPlayNotification
-  - MmProbeAndLockPages
-  - RtlCompareUnicodeString
-  - IoGetDeviceInterfaces
-  - KeAcquireSpinLockRaiseToDpc
-  - KeBugCheckEx
-  - IoCreateDevice
-  - IoDeviceObjectType
-  - SeCaptureSecurityDescriptor
-  - RtlAbsoluteToSelfRelativeSD
-  - IoIsWdmVersionAvailable
-  - SeExports
-  - RtlLengthSid
-  - RtlGetSaclSecurityDescriptor
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - ZwTerminateProcess
-  - ExAcquireResourceExclusiveLite
-  - __C_specific_handler
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Hardware Compatibility Publisher
-      ValidFrom: '2020-12-15 22:15:33'
-      ValidTo: '2021-12-02 22:15:33'
-      Signature: 0d2d53cd15a8feddcb17e2df1bf7dc1aef21e98c6cd220f58b593824849c134a0f1add59ce42ef80ddf47860273013604d9568ec5894a797bd4e571432a9aaf10ab04dd1c038b26ab7c5ca3a9c88d009267fab56254525546a0a055fb37b9cd8029c7d501809fc8b11482c7a4347b3ad29f35427c9570e87117db52cc94864259274b9e2e758f918a3af1fdb9f9d40ffa3ae2e2ae012fb97a436258642a2a4223dc6690db88103a6e5220646bd8afb3d12eb894ac28b527396a1965408487f6ab878b3c474b8c960842861ae8e799a3d2a8d6f918f50f8e26bb1ed6ced47be36e447574e8568582964ff31cd288b9c7f8d7e6a46d6c3d92f5c101fe1522a720c
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 33000000b5213fca1e4aa03de40000000000b5
-      Version: 3
-      TBS:
-        MD5: a0dd89c33c4973bf6758331e200fb6de
-        SHA1: 65ff7fa429c0f08f8a8bf30509e8ca2919d9edb5
-        SHA256: 29a7b646af062aee3bf37d1ba190211365116db7d7aa4cb87ba268843262ae47
-        SHA384: a7ac729302762483ea304ff2660a2ce2f5fa67cbbfc3f6df32a8feafa3852812c9bb8f7050140079aad1dec8119ee88e
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2012
-      ValidFrom: '2012-04-18 23:48:38'
-      ValidTo: '2027-04-18 23:58:38'
-      Signature: 5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 610baac1000000000009
-      Version: 3
-      TBS:
-        MD5: a569061297e8e824767dbc3184a69bea
-        SHA1: adbb26a587a8f44b4fccaecb306f980d1c55a150
-        SHA256: cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46
-        SHA384: e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba
-    Signer:
-    - SerialNumber: 33000000b5213fca1e4aa03de40000000000b5
-      Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2012
-      Version: 1
-  RichPEHeaderHash:
-    MD5: f4be961fdf2f7511374b1df8df43f982
-    SHA1: 548170450c7a94ed3369b8ea52224efc6207e53e
-    SHA256: afb90f23e79bf9a8d2b7c8cfe6668b65edca751317215ad400d3240b652eea37
-  Sections:
-    .text:
-      Entropy: 6.427114198273594
-      Virtual Size: '0x31f90'
-    .rdata:
-      Entropy: 3.4418936111862846
-      Virtual Size: '0x6140'
-    .data:
-      Entropy: 2.99098009328391
-      Virtual Size: '0x35a8'
-    .pdata:
-      Entropy: 5.377672795247099
-      Virtual Size: '0x23f4'
-    PAGE:
-      Entropy: 6.214710688570614
-      Virtual Size: '0x19f7'
-    .edata:
-      Entropy: 5.7715931789036965
-      Virtual Size: '0x5805'
-    INIT:
-      Entropy: 5.299636747033507
-      Virtual Size: '0x17d2'
-    .rsrc:
-      Entropy: 3.364607601829167
-      Virtual Size: '0x568'
-    .reloc:
-      Entropy: 4.0313065892955455
-      Virtual Size: '0x7be'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2021-06-17 20:32:14'
-  Imphash: fbcdb079e9c13a82f98b79bb6ce86175
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: TmComm.sys
-  MD5: 8580165a2803591e007380db9097bbcc
-  SHA1: 5a55c227ca13e9373b87f1ef6534533c7ce1f4fb
-  SHA256: 5027fce41ed60906a0e76b97c95c2a5a83d57a2d1cd42de232a21f26c0d58e48
-  Authentihash:
-    MD5: 01266e09667dd8822e9895786c7802b5
-    SHA1: 7e52c3e0861290dd0d7e8807a6f6cfd52b7ab5c2
-    SHA256: 5e71106ee81d050e30afd84cade4ef4a581d70130477aa1e34549e6de50cde87
-  Description: TrendMicro Common Module
-  Company: Trend Micro Inc.
-  InternalName: TmComm.sys
-  OriginalFilename: TmComm.sys
-  FileVersion: 5.50.0.1047
-  Product: Trend Micro Eyes
-  ProductVersion: '5.50'
-  Copyright: Copyright (C) 2002 - 2012 Trend Micro Incorporated. All rights reserved.
-  MachineType: I386
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  - CLASSPNP.SYS
-  ExportedFunctions:
-  - ??0CAutoUpdateConfigThread@@QAE@ABV0@@Z
-  - ??0CAutoUpdateConfigThread@@QAE@PAU_UNICODE_STRING@@P6GX0PAX@Z1@Z
-  - ??0CBlobConfig@@QAE@ABV0@@Z
-  - ??0CBlobConfig@@QAE@K@Z
-  - ??0CContext@@QAE@ABV0@@Z
-  - ??0CContext@@QAE@KP6GJPAU_EVENT_REPORT@@PAXPAU_TMCE_REPORT@@PAU_TMCE_FEEDBACK@@@Z1K@Z
-  - ??0CContextList@@QAE@ABV0@@Z
-  - ??0CContextList@@QAE@KPAVIMemoryAllocator@@@Z
-  - ??0CDebugLog@@QAE@ABV0@@Z
-  - ??0CDebugLog@@QAE@PBG@Z
-  - ??0CDelayLoadThread@@QAE@ABV0@@Z
-  - ??0CDelayLoadThread@@QAE@XZ
-  - ??0CExclusionExtConfig@@QAE@ABV0@@Z
-  - ??0CExclusionExtConfig@@QAE@KKE@Z
-  - ??0CExclusionFileNameConfig@@QAE@ABV0@@Z
-  - ??0CExclusionFileNameConfig@@QAE@KK@Z
-  - ??0CExclusionFilePathConfig@@QAE@ABV0@@Z
-  - ??0CExclusionFilePathConfig@@QAE@KK@Z
-  - ??0CExclusionFolderConfig@@QAE@ABV0@@Z
-  - ??0CExclusionFolderConfig@@QAE@KK@Z
-  - ??0CExclusionRegistryConfig@@QAE@ABV0@@Z
-  - ??0CExclusionRegistryConfig@@QAE@KK@Z
-  - ??0CFile@@QAE@ABV0@@Z
-  - ??0CFile@@QAE@E@Z
-  - ??0CFileExtension@@QAE@ABV0@@Z
-  - ??0CFileExtension@@QAE@KEEPAVIMemoryAllocator@@@Z
-  - ??0CInclusionExtConfig@@QAE@ABV0@@Z
-  - ??0CInclusionExtConfig@@QAE@KKE@Z
-  - ??0CInclusionFileNameConfig@@QAE@ABV0@@Z
-  - ??0CInclusionFileNameConfig@@QAE@KK@Z
-  - ??0CInclusionFilePathConfig@@QAE@ABV0@@Z
-  - ??0CInclusionFilePathConfig@@QAE@KK@Z
-  - ??0CInclusionFolderConfig@@QAE@ABV0@@Z
-  - ??0CInclusionFolderConfig@@QAE@KK@Z
-  - ??0CKEvent@@QAE@ABV0@@Z
-  - ??0CKEvent@@QAE@W4_EVENT_TYPE@@E@Z
-  - ??0CList@@QAE@ABV0@@Z
-  - ??0CList@@QAE@KPAVIMemoryAllocator@@@Z
-  - ??0CLockEvent@@QAE@ABV0@@Z
-  - ??0CLockEvent@@QAE@XZ
-  - ??0CLockList@@QAE@ABV0@@Z
-  - ??0CLockList@@QAE@KKPAVIMemoryAllocator@@@Z
-  - ??0CMemoryAllocator@@IAE@W4_POOL_TYPE@@K@Z
-  - ??0CMemoryAllocator@@QAE@ABV0@@Z
-  - ??0CMemoryPoolAllocator@@IAE@W4_POOL_TYPE@@KKK@Z
-  - ??0CMemoryPoolAllocator@@QAE@ABV0@@Z
-  - ??0CModuleConfig@@QAE@ABV0@@Z
-  - ??0CModuleConfig@@QAE@XZ
-  - ??0CModuleConfigList@@QAE@ABV0@@Z
-  - ??0CModuleConfigList@@QAE@KPAVIMemoryAllocator@@@Z
-  - ??0CModuleFileExtConfig@@QAE@ABV0@@Z
-  - ??0CModuleFileExtConfig@@QAE@KKE@Z
-  - ??0CModuleFlagConfig@@QAE@ABV0@@Z
-  - ??0CModuleFlagConfig@@QAE@K@Z
-  - ??0CModuleMultiStringConfig@@QAE@ABV0@@Z
-  - ??0CModuleMultiStringConfig@@QAE@KK@Z
-  - ??0CModuleStringConfig@@QAE@ABV0@@Z
-  - ??0CModuleStringConfig@@QAE@K@Z
-  - ??0CNoLockList@@QAE@ABV0@@Z
-  - ??0CNoLockList@@QAE@KKPAVIMemoryAllocator@@@Z
-  - ??0CSmartLock@@QAE@AAVCLockEvent@@@Z
-  - ??0CSmartLock@@QAE@XZ
-  - ??0CSmartReference@@QAE@AAJ@Z
-  - ??0CSmartReference@@QAE@AAK@Z
-  - ??0CSmartResource@@QAE@AAVCResource@@E@Z
-  - ??0CStrList@@QAE@ABV0@@Z
-  - ??0CStrList@@QAE@KPAVIMemoryAllocator@@@Z
-  - ??0CSystemThread@@QAE@ABV0@@Z
-  - ??0CSystemThread@@QAE@K@Z
-  - ??0CUserFuncAdapterJob@@QAE@ABV0@@Z
-  - ??0CUserFuncAdapterJob@@QAE@P6GXPAX@Z0@Z
-  - ??0CWorkerThread@@IAE@PAVCWorkerThreadJobQueue@@@Z
-  - ??0CWorkerThread@@QAE@ABV0@@Z
-  - ??0CWorkerThreadJob@@QAE@ABV0@@Z
-  - ??0CWorkerThreadJob@@QAE@E@Z
-  - ??0CWorkerThreadJobQueue@@QAE@ABV0@@Z
-  - ??0CWorkerThreadJobQueue@@QAE@K@Z
-  - ??0CWorkerThreadPool@@QAE@ABV0@@Z
-  - ??0CWorkerThreadPool@@QAE@K@Z
-  - ??0IMemoryAllocator@@QAE@ABV0@@Z
-  - ??0IMemoryAllocator@@QAE@XZ
-  - ??1CAutoUpdateConfigThread@@UAE@XZ
-  - ??1CBlobConfig@@UAE@XZ
-  - ??1CContext@@UAE@XZ
-  - ??1CContextList@@UAE@XZ
-  - ??1CDebugLog@@UAE@XZ
-  - ??1CDelayLoadThread@@UAE@XZ
-  - ??1CExclusionExtConfig@@UAE@XZ
-  - ??1CExclusionFileNameConfig@@UAE@XZ
-  - ??1CExclusionFilePathConfig@@UAE@XZ
-  - ??1CExclusionFolderConfig@@UAE@XZ
-  - ??1CExclusionRegistryConfig@@UAE@XZ
-  - ??1CFile@@UAE@XZ
-  - ??1CFileExtension@@UAE@XZ
-  - ??1CInclusionExtConfig@@UAE@XZ
-  - ??1CInclusionFileNameConfig@@UAE@XZ
-  - ??1CInclusionFilePathConfig@@UAE@XZ
-  - ??1CInclusionFolderConfig@@UAE@XZ
-  - ??1CKEvent@@UAE@XZ
-  - ??1CList@@UAE@XZ
-  - ??1CLockEvent@@UAE@XZ
-  - ??1CLockList@@UAE@XZ
-  - ??1CMemoryAllocator@@UAE@XZ
-  - ??1CMemoryPoolAllocator@@UAE@XZ
-  - ??1CModuleConfig@@UAE@XZ
-  - ??1CModuleConfigList@@UAE@XZ
-  - ??1CModuleFileExtConfig@@UAE@XZ
-  - ??1CModuleFlagConfig@@UAE@XZ
-  - ??1CModuleMultiStringConfig@@UAE@XZ
-  - ??1CModuleStringConfig@@UAE@XZ
-  - ??1CNoLockList@@UAE@XZ
-  - ??1CSmartLock@@QAE@XZ
-  - ??1CSmartReference@@QAE@XZ
-  - ??1CSmartResource@@QAE@XZ
-  - ??1CStrList@@UAE@XZ
-  - ??1CSystemThread@@UAE@XZ
-  - ??1CUserFuncAdapterJob@@UAE@XZ
-  - ??1CWorkerThread@@UAE@XZ
-  - ??1CWorkerThreadJob@@UAE@XZ
-  - ??1CWorkerThreadJobQueue@@UAE@XZ
-  - ??1CWorkerThreadPool@@UAE@XZ
-  - ??1IMemoryAllocator@@UAE@XZ
-  - ??2@YAPAXIPAVIMemoryAllocator@@PBDK@Z
-  - ??2CMemoryAllocator@@SGPAXI@Z
-  - ??2CMemoryPoolAllocator@@SGPAXI@Z
-  - ??3@YAXPAX@Z
-  - ??3IMemoryAllocator@@SGXPAX@Z
-  - ??4CAutoUpdateConfigThread@@QAEAAV0@ABV0@@Z
-  - ??4CBlobConfig@@QAEAAV0@ABV0@@Z
-  - ??4CContext@@QAEAAV0@ABV0@@Z
-  - ??4CDebugLog@@QAEAAV0@ABV0@@Z
-  - ??4CDelayLoadThread@@QAEAAV0@ABV0@@Z
-  - ??4CFile@@QAEAAV0@ABV0@@Z
-  - ??4CKEvent@@QAEAAV0@ABV0@@Z
-  - ??4CLockEvent@@QAEAAV0@ABV0@@Z
-  - ??4CMemoryAllocator@@QAEAAV0@ABV0@@Z
-  - ??4CMemoryPoolAllocator@@QAEAAV0@ABV0@@Z
-  - ??4CModuleConfig@@QAEAAV0@ABV0@@Z
-  - ??4CModuleFlagConfig@@QAEAAV0@ABV0@@Z
-  - ??4CModuleStringConfig@@QAEAAV0@ABV0@@Z
-  - ??4CSmartLock@@QAEAAV0@ABV0@@Z
-  - ??4CSmartLock@@QAEABV0@AAVCLockEvent@@@Z
-  - ??4CSmartResource@@QAEAAV0@ABV0@@Z
-  - ??4CSystemThread@@QAEAAV0@ABV0@@Z
-  - ??4CUserFuncAdapterJob@@QAEAAV0@ABV0@@Z
-  - ??4CWorkerThread@@QAEAAV0@ABV0@@Z
-  - ??4CWorkerThreadJob@@QAEAAV0@ABV0@@Z
-  - ??4IMemoryAllocator@@QAEAAV0@ABV0@@Z
-  - ??_7CAutoUpdateConfigThread@@6B@
-  - ??_7CBlobConfig@@6B@
-  - ??_7CContext@@6B@
-  - ??_7CContextList@@6B@
-  - ??_7CDebugLog@@6B@
-  - ??_7CDelayLoadThread@@6B@
-  - ??_7CExclusionExtConfig@@6B@
-  - ??_7CExclusionFileNameConfig@@6B@
-  - ??_7CExclusionFilePathConfig@@6B@
-  - ??_7CExclusionFolderConfig@@6B@
-  - ??_7CExclusionRegistryConfig@@6B@
-  - ??_7CFile@@6B@
-  - ??_7CFileExtension@@6B@
-  - ??_7CInclusionExtConfig@@6B@
-  - ??_7CInclusionFileNameConfig@@6B@
-  - ??_7CInclusionFilePathConfig@@6B@
-  - ??_7CInclusionFolderConfig@@6B@
-  - ??_7CKEvent@@6B@
-  - ??_7CList@@6B@
-  - ??_7CLockEvent@@6B@
-  - ??_7CLockList@@6B@
-  - ??_7CMemoryAllocator@@6B@
-  - ??_7CMemoryPoolAllocator@@6B@
-  - ??_7CModuleConfig@@6B@
-  - ??_7CModuleConfigList@@6B@
-  - ??_7CModuleFileExtConfig@@6B@
-  - ??_7CModuleFlagConfig@@6B@
-  - ??_7CModuleMultiStringConfig@@6B@
-  - ??_7CModuleStringConfig@@6B@
-  - ??_7CNoLockList@@6B@
-  - ??_7CStrList@@6B@
-  - ??_7CSystemThread@@6B@
-  - ??_7CUserFuncAdapterJob@@6B@
-  - ??_7CWorkerThread@@6B@
-  - ??_7CWorkerThreadJob@@6B@
-  - ??_7CWorkerThreadJobQueue@@6B@
-  - ??_7CWorkerThreadPool@@6B@
-  - ??_7IMemoryAllocator@@6B@
-  - ??_FCContextList@@QAEXXZ
-  - ??_FCFile@@QAEXXZ
-  - ??_FCFileExtension@@QAEXXZ
-  - ??_FCModuleConfigList@@QAEXXZ
-  - ??_FCStrList@@QAEXXZ
-  - ??_FCSystemThread@@QAEXXZ
-  - ??_FCWorkerThread@@QAEXXZ
-  - ??_FCWorkerThreadJob@@QAEXXZ
-  - ??_FCWorkerThreadJobQueue@@QAEXXZ
-  - ??_U@YAPAXIPAVIMemoryAllocator@@PBDK@Z
-  - ??_V@YAXPAX@Z
-  - ?Acquire@CLockEvent@@QAEXXZ
-  - ?Add@CContextList@@QAEEPAVCContext@@@Z
-  - ?Add@CFileExtension@@QAEEPBGK@Z
-  - ?Add@CModuleConfigList@@QAEEPAVCModuleConfig@@@Z
-  - ?Add@CStrList@@QAEEPBG@Z
-  - ?AddNode@CLockList@@UAEEQAXE@Z
-  - ?AddNode@CNoLockList@@UAEEQAXE@Z
-  - ?Alloc@CMemoryAllocator@@UAEPAXKPBDK@Z
-  - ?Alloc@CMemoryPoolAllocator@@UAEPAXKPBDK@Z
-  - ?AllocBlock@CMemoryPoolAllocator@@IAEPAXK@Z
-  - ?AttachJobQueue@CWorkerThread@@QAEXPAVCWorkerThreadJobQueue@@@Z
-  - ?Cancel@CWorkerThreadJob@@QAEXXZ
-  - ?CheckNode@CLockList@@UAEHQAX@Z
-  - ?CheckNode@CNoLockList@@UAEHQAX@Z
-  - ?CleanQueue@CWorkerThreadJobQueue@@QAEXXZ
-  - ?Cleanup@CBlobConfig@@AAEXXZ
-  - ?Cleanup@CModuleFileExtConfig@@IAEXXZ
-  - ?Cleanup@CModuleMultiStringConfig@@IAEXXZ
-  - ?Cleanup@CModuleStringConfig@@AAEXXZ
-  - ?Close@CFile@@QAEJXZ
-  - ?Count@CLockList@@QAEKXZ
-  - ?Count@CNoLockList@@QAEKXZ
-  - ?Create@CFile@@QAEJPBGKKKK@Z
-  - ?Create@CSystemThread@@QAEEXZ
-  - ?CreateInstance@CMemoryAllocator@@SGPAV1@W4_POOL_TYPE@@K@Z
-  - ?CreateInstance@CMemoryPoolAllocator@@SGPAV1@W4_POOL_TYPE@@KKK@Z
-  - ?CreatePool@CWorkerThreadPool@@QAEEXZ
-  - ?CreateThreads@CWorkerThreadPool@@QAEEK@Z
-  - ?CreateWIRP@CFile@@QAEJPBGKKKK@Z
-  - ?Delete@CFile@@QAEJXZ
-  - ?Delete@CFileExtension@@QAEEPBGK@Z
-  - ?Delete@CStrList@@QAEEPBG@Z
-  - ?DeleteAll@CList@@UAEXXZ
-  - ?DeleteAll@CLockList@@UAEXXZ
-  - ?DeleteAll@CNoLockList@@UAEXXZ
-  - ?DeleteNode@CContextList@@MAEXPAX@Z
-  - ?DeleteNode@CList@@UAEXPAX@Z
-  - ?DeleteNode@CModuleConfigList@@MAEXPAX@Z
-  - ?DeleteNode@CStrList@@EAEXPAU_STR_LIST_NODE@1@@Z
-  - ?DisableWriteProtectFromCR0@@YGXPAPAX@Z
-  - ?DoIt@CWorkerThreadJob@@QAEJXZ
-  - ?EntryPoint@CSystemThread@@KGXPAX@Z
-  - ?Find@CContextList@@QAEPAVCContext@@K@Z
-  - ?Find@CContextList@@QAEPAVCContext@@PAX@Z
-  - ?Find@CFileExtension@@QAEPAU_STR_LIST_NODE@CStrList@@PBGK@Z
-  - ?Find@CModuleConfigList@@QAEPAVCModuleConfig@@K@Z
-  - ?Find@CStrList@@QAEPAU_STR_LIST_NODE@1@PBG@Z
-  - ?FindNode@CContextList@@IAEPAXPAX@Z
-  - ?FindPartiallyAndAllMatch@CStrList@@QAEPAU_STR_LIST_NODE@1@PBG@Z
-  - ?First@CList@@UAEPAXXZ
-  - ?First@CLockList@@UAEPAXXZ
-  - ?First@CNoLockList@@UAEPAXXZ
-  - ?Free@CMemoryAllocator@@UAEXPAX@Z
-  - ?Free@CMemoryPoolAllocator@@UAEXPAX@Z
-  - ?GetAttributes@CFile@@QAEKXZ
-  - ?GetBasicInfomration@CFile@@IAEJXZ
-  - ?GetBlobCofig@CContext@@UAEJKPAXPAK@Z
-  - ?GetCategory@CContext@@QAEKXZ
-  - ?GetData@CBlobConfig@@QAEHPAXPAK@Z
-  - ?GetData@CModuleFileExtConfig@@QAEHPAGPAK@Z
-  - ?GetData@CModuleFileExtConfig@@QAEPAVCFileExtension@@XZ
-  - ?GetData@CModuleFlagConfig@@QAEKXZ
-  - ?GetData@CModuleMultiStringConfig@@QAEHPAGPAK@Z
-  - ?GetData@CModuleMultiStringConfig@@QAEPAVCStrList@@XZ
-  - ?GetData@CModuleStringConfig@@QAEPAGXZ
-  - ?GetData@CStrList@@QAEEPAGPAK@Z
-  - ?GetDataType@CModuleConfig@@QAEKXZ
-  - ?GetEngineContext@CContext@@QAEPAXXZ
-  - ?GetFileExtensionConfig@CContext@@QAEPAVCFileExtension@@K@Z
-  - ?GetFileExtensionConfig@CContext@@UAEJKPAGPAK@Z
-  - ?GetFileSize@CFile@@QAEJPAT_LARGE_INTEGER@@@Z
-  - ?GetFlagConfig@CContext@@UAEJKPAK@Z
-  - ?GetID@CModuleConfig@@QAEKXZ
-  - ?GetJob@CWorkerThreadJobQueue@@QAEPAVCWorkerThreadJob@@XZ
-  - ?GetLength@CModuleStringConfig@@QAEKXZ
-  - ?GetLinkContext@CContext@@QAEPAXXZ
-  - ?GetLogFlag@CDebugLog@@QAEKXZ
-  - ?GetModuleId@CModuleConfig@@QAEKXZ
-  - ?GetMultiStringConfig@CContext@@QAEPAVCStrList@@K@Z
-  - ?GetMultiStringConfig@CContext@@UAEJKPAGPAK@Z
-  - ?GetOneThreadTEB@CWorkerThreadPool@@QAEPAU_ETHREAD@@XZ
-  - ?GetReportCallBackRoutine@CContext@@QAEKXZ
-  - ?GetSize@CBlobConfig@@QAEKXZ
-  - ?GetStringConfig@CContext@@QAEPAGK@Z
-  - ?GetStringConfig@CContext@@UAEJKPAGPAK@Z
-  - ?GetThreadCount@CWorkerThreadPool@@QAEKXZ
-  - ?GetThreadID@CSystemThread@@QAEKXZ
-  - ?GetType@CContext@@QAEKXZ
-  - ?GetUserParameter@CContext@@QAEKXZ
-  - ?InitializeBlobConfig@CContext@@QAEHKPAXK@Z
-  - ?InitializeFileExtensionConfig@CContext@@QAEHKPBG@Z
-  - ?InitializeFlagConfig@CContext@@QAEHKK@Z
-  - ?InitializeMultiStringConfig@CContext@@QAEHKPBG@Z
-  - ?InitializeStringConfig@CContext@@QAEHKPBG@Z
-  - ?Insert@CList@@UAEXQAXE@Z
-  - ?Insert@CLockList@@UAEXQAXE@Z
-  - ?Insert@CNoLockList@@UAEXQAXE@Z
-  - ?InsertAfter@CList@@UAEXPAX0@Z
-  - ?InsertBefore@CList@@UAEXPAX0@Z
-  - ?Instance@CWorkerThreadPool@@SGPAV1@XZ
-  - ?IsEmpty@CList@@UAEEXZ
-  - ?IsEmpty@CLockList@@UAEEXZ
-  - ?IsEmpty@CNoLockList@@UAEEXZ
-  - ?IsExceedLimitation@CMemoryPoolAllocator@@IAEEK@Z
-  - ?IsFull@CLockList@@QBEEXZ
-  - ?IsFull@CNoLockList@@QBEEXZ
-  - ?IsInExclusionList@CExclusionExtConfig@@QAEEPBG@Z
-  - ?IsInExclusionList@CExclusionFileNameConfig@@QAEEPBG@Z
-  - ?IsInExclusionList@CExclusionFilePathConfig@@QAEEPBG@Z
-  - ?IsInExclusionList@CExclusionFolderConfig@@QAEEPBG@Z
-  - ?IsInExclusionList@CExclusionRegistryConfig@@QAEEPBG@Z
-  - ?IsInInclusionList@CInclusionExtConfig@@QAEEPBG@Z
-  - ?IsInInclusionList@CInclusionFileNameConfig@@QAEEPBG@Z
-  - ?IsInInclusionList@CInclusionFilePathConfig@@QAEEPBG@Z
-  - ?IsInInclusionList@CInclusionFolderConfig@@QAEEPBG@Z
-  - ?IsOpened@CFile@@QAEEXZ
-  - ?IsTerminated@CWorkerThreadPool@@QAEEXZ
-  - ?IsValid@CMemoryAllocator@@UAEEXZ
-  - ?IsValid@CMemoryPoolAllocator@@UAEEXZ
-  - ?IsValid@IMemoryAllocator@@UAEEXZ
-  - ?IsWorkerThread@CWorkerThreadPool@@QAEEK@Z
-  - ?JobFunction@CUserFuncAdapterJob@@MAEXXZ
-  - ?JobQueue@CWorkerThreadPool@@QAEAAVCWorkerThreadJobQueue@@XZ
-  - ?Limit@CLockList@@QAEKXZ
-  - ?Limit@CNoLockList@@QAEKXZ
-  - ?MatchAllExtensions@CFileExtension@@QAEEXZ
-  - ?MatchNoExtensions@CFileExtension@@QAEEXZ
-  - ?MergeLeft@CMemoryPoolAllocator@@IAEPAXPAX@Z
-  - ?MergeRight@CMemoryPoolAllocator@@IAEPAXPAX@Z
-  - ?NeedDelete@CWorkerThreadJob@@QAEEXZ
-  - ?NeedDeleteWhenFinish@CWorkerThreadJob@@QAEXE@Z
-  - ?NewNode@CList@@UAEPAXXZ
-  - ?NewNode@CStrList@@EAEPAXXZ
-  - ?NewNodeVariant@CList@@IAEPAXK@Z
-  - ?Next@CList@@UBEPAXQAX@Z
-  - ?Next@CLockList@@UBEPAXQAX@Z
-  - ?Next@CNoLockList@@UBEPAXQAX@Z
-  - ?NextPool@CMemoryPoolAllocator@@QAEPAV1@XZ
-  - ?NotityTerminate@CWorkerThread@@QAEXXZ
-  - ?PostJobToWorkerThread@CWorkerThreadPool@@QAEJP6GXPAX@Z0E@Z
-  - ?Pulse@CKEvent@@QAEJJE@Z
-  - ?QueueJob@CWorkerThreadJobQueue@@QAEEPAVCWorkerThreadJob@@@Z
-  - ?QueueJobItem@CWorkerThreadPool@@QAEJPAVCWorkerThreadJob@@@Z
-  - ?RCMInstance@CWorkerThreadPool@@SGPAV1@XZ
-  - ?Read@CFile@@QAEJPADKPAK@Z
-  - ?ReferenceCount@CContext@@QAEAAKXZ
-  - ?Release@CLockEvent@@QAEXXZ
-  - ?Remove@CContextList@@UAEEQAX@Z
-  - ?Remove@CList@@UAEEQAX@Z
-  - ?Remove@CLockList@@UAEEQAX@Z
-  - ?Remove@CNoLockList@@UAEEQAX@Z
-  - ?RemoveHead@CList@@UAEPAXXZ
-  - ?RemoveHead@CLockList@@UAEPAXXZ
-  - ?RemoveHead@CNoLockList@@UAEPAXXZ
-  - ?RemoveTail@CList@@UAEPAXXZ
-  - ?RemoveTail@CLockList@@UAEPAXXZ
-  - ?RemoveTail@CNoLockList@@UAEPAXXZ
-  - ?Reset@CKEvent@@QAEXXZ
-  - ?ResetData@CInclusionExtConfig@@QAEXXZ
-  - ?ResetData@CInclusionFileNameConfig@@QAEXXZ
-  - ?ResetData@CInclusionFilePathConfig@@QAEXXZ
-  - ?ResetData@CInclusionFolderConfig@@QAEXXZ
-  - ?RestoreCR0@@YGXPAX@Z
-  - ?Run@CAutoUpdateConfigThread@@UAEXXZ
-  - ?Run@CDelayLoadThread@@UAEXXZ
-  - ?Run@CWorkerThread@@UAEXXZ
-  - ?SeekToEnd@CFile@@QAEJXZ
-  - ?Set@CKEvent@@QAEJJE@Z
-  - ?SetAttributes@CFile@@QAEJK@Z
-  - ?SetBlobCofig@CContext@@UAEJKPAXK@Z
-  - ?SetData@CBlobConfig@@QAEHPAXK@Z
-  - ?SetData@CModuleFileExtConfig@@QAEHPBG@Z
-  - ?SetData@CModuleFlagConfig@@QAEHK@Z
-  - ?SetData@CModuleMultiStringConfig@@QAEHPBGK@Z
-  - ?SetData@CModuleStringConfig@@QAEHPBG@Z
-  - ?SetEngineContext@CContext@@QAEXPAX@Z
-  - ?SetFileExtensionConfig@CContext@@UAEJKPBG@Z
-  - ?SetFlagConfig@CContext@@UAEJKK@Z
-  - ?SetLinkContext@CContext@@QAEXPAX@Z
-  - ?SetLogFlag@CDebugLog@@QAEEK@Z
-  - ?SetMatchAllExtensions@CFileExtension@@QAEXE@Z
-  - ?SetMatchNoExtensions@CFileExtension@@QAEXE@Z
-  - ?SetMultiStringConfig@CContext@@UAEJKPBG@Z
-  - ?SetNewJobItemEvent@CWorkerThreadJobQueue@@QAEXXZ
-  - ?SetPriority@CSystemThread@@QAEXK@Z
-  - ?SetStopUse@CContext@@QAEXXZ
-  - ?SetStringConfig@CContext@@UAEJKPBG@Z
-  - ?Setup@CSystemThread@@MAEXXZ
-  - ?StopUse@CContext@@QAEHXZ
-  - ?TearDown@CSystemThread@@MAEXXZ
-  - ?Terminate@CSystemThread@@QAEXE@Z
-  - ?Terminate@CWorkerThreadPool@@QAEEXZ
-  - ?TmExceptionFilter@@YGJPAU_EXCEPTION_POINTERS@@@Z
-  - ?Wait@CKEvent@@QAEJPAT_LARGE_INTEGER@@E@Z
-  - ?WaitFinish@CWorkerThreadJob@@QAEXXZ
-  - ?WaitForInit@CDelayLoadThread@@QAEEXZ
-  - ?WaitForLoad@CDelayLoadThread@@QAEEXZ
-  - ?WaitNewJobAvailable@CWorkerThreadJobQueue@@QAEEXZ
-  - ?Write@CDebugLog@@QAAXPBDZZ
-  - ?Write@CFile@@QAEJPADKPAT_LARGE_INTEGER@@PAK@Z
-  - ?WriteSystemInformation@CDebugLog@@QAEXXZ
-  - ?WriteSystemStringInformation@CDebugLog@@IAEXPBG@Z
-  - ?WriteToFile@CDebugLog@@IAEXPADK@Z
-  - ?_pNonPagedAllocator@@3PAVCMemoryAllocator@@A
-  - ?_pPagedAllocator@@3PAVCMemoryAllocator@@A
-  - ?m_lpInstance@CWorkerThreadPool@@1PAV1@A
-  - ?m_lpRCMInstance@CWorkerThreadPool@@1PAV1@A
-  - _DeInitKmLPC@0
-  - _GetModuleInfoByAddress@8
-  - _GetModuleInfoByModuleName@8
-  - _InitKmLPC@0
-  - _KmCallUm@8
-  - _KmCallUmEx@12
-  - _ModGetExportProcAddress@8
-  - _ModLoadDLLToBuffer@4
-  - _ModLoadDLLToBufferWithImageSize@8
-  - _ModLoadModule@8
-  - _ModUnLoadModule@4
-  - _NormalizeFileName@4
-  - _NormalizeFullNtPathToDosName@4
-  - _TmCommConfigRoutine@4
-  - _UtilAddDeviceInDriveTable@4
-  - _UtilCleanFileReadOnly@4
-  - _UtilDeleteFileForce@4
-  - _UtilGetFileObjectForProcessByEPROC@8
-  - _UtilGetFileObjectFromFileName@12
-  - _UtilGetProcessName@12
-  - _UtilGetSystemDirectory@4
-  - _UtilGetSystemDirectoryEx@0
-  - _UtilGetSystemDirectoryLength@0
-  - _UtilGetSystemTime@4
-  - _UtilIoSetFileInfo@24
-  - _UtilIopCreateFileIRP@40
-  - _UtilKeGetLowFileDevice@16
-  - _UtilModuleIATHook@24
-  - _UtilModuleIATUnHook@8
-  - _UtilQueryKeyValue@24
-  - _UtilRemoveDeviceFromDriveTable@4
-  - _UtilVolumeDeviceToDosName@8
-  - _UtilWaitValueChangeToZero@8
-  - _UtilWriteVersionToRegistry@8
-  - _UtilbuildDynamicDiskMappingTable@0
-  - _UtlWriteBinValueKeyToRegistry@16
-  - __UtilDosPathNameToNtPathName@12
-  ImportedFunctions:
-  - wcsrchr
-  - KeSetEvent
-  - KePulseEvent
-  - KeClearEvent
-  - KeInitializeSemaphore
-  - KeWaitForSingleObject
-  - KeReleaseSemaphore
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - RtlSubAuthoritySid
-  - RtlInitializeSid
-  - ExAllocatePoolWithTag
-  - RtlLengthRequiredSid
-  - ExFreePoolWithTag
-  - RtlSetDaclSecurityDescriptor
-  - RtlCreateSecurityDescriptor
-  - RtlAddAccessAllowedAce
-  - RtlCreateAcl
-  - ObfDereferenceObject
-  - ZwSetEvent
-  - ZwClose
-  - ZwRequestWaitReplyPort
-  - ProbeForWrite
-  - ZwFreeVirtualMemory
-  - ZwAllocateVirtualMemory
-  - ObOpenObjectByPointer
-  - PsProcessType
-  - memmove
-  - ZwConnectPort
-  - RtlInitUnicodeString
-  - RtlUnicodeStringToInteger
-  - ZwCreateSection
-  - ZwWaitForSingleObject
-  - ZwOpenEvent
-  - ObfReferenceObject
-  - IoGetCurrentProcess
-  - DbgBreakPoint
-  - PsGetProcessExitTime
-  - MmSectionObjectType
-  - DbgPrint
-  - memset
-  - MmIsAddressValid
-  - ExInitializeResourceLite
-  - ExDeleteResourceLite
-  - ZwWriteFile
-  - ZwReadFile
-  - ZwQueryInformationFile
-  - ZwSetInformationFile
-  - ZwCreateFile
-  - swprintf
-  - towupper
-  - _wcsnicmp
-  - KeInitializeEvent
-  - _snprintf
-  - PsGetCurrentProcessId
-  - RtlTimeToTimeFields
-  - ExSystemTimeToLocalTime
-  - KeQuerySystemTime
-  - ZwCreateKey
-  - ZwCreateEvent
-  - KeWaitForMultipleObjects
-  - ObReferenceObjectByHandle
-  - ZwNotifyChangeKey
-  - PsGetCurrentThreadId
-  - _vsnprintf
-  - KeSetPriorityThread
-  - PsTerminateSystemThread
-  - PsCreateSystemThread
-  - KeNumberProcessors
-  - ZwQueryInformationProcess
-  - PsLookupProcessByProcessId
-  - KeDelayExecutionThread
-  - ZwOpenDirectoryObject
-  - PsSetCreateProcessNotifyRoutine
-  - ZwQuerySystemInformation
-  - ZwQueryDirectoryFile
-  - ZwQueryDirectoryObject
-  - ZwDuplicateObject
-  - ZwOpenKey
-  - ZwEnumerateKey
-  - ZwEnumerateValueKey
-  - ZwQueryValueKey
-  - ZwDeleteValueKey
-  - ZwDeleteKey
-  - ExGetPreviousMode
-  - ZwTerminateProcess
-  - ZwOpenProcess
-  - ZwQueryKey
-  - ZwSetValueKey
-  - MmHighestUserAddress
-  - IoFreeIrp
-  - memcpy
-  - MmUnlockPages
-  - IoBuildAsynchronousFsdRequest
-  - _strnicmp
-  - RtlQueryRegistryValues
-  - RtlAppendUnicodeToString
-  - mbstowcs
-  - _purecall
-  - ZwOpenSymbolicLinkObject
-  - NtClose
-  - ZwSetInformationObject
-  - _stricmp
-  - ZwUnmapViewOfSection
-  - ZwMapViewOfSection
-  - ZwOpenFile
-  - RtlEqualUnicodeString
-  - IoFileObjectType
-  - IoCreateFile
-  - IofCallDriver
-  - IoAllocateIrp
-  - MmBuildMdlForNonPagedPool
-  - IoAllocateMdl
-  - ProbeForRead
-  - PsGetVersion
-  - MmGetSystemRoutineAddress
-  - RtlCopyUnicodeString
-  - RtlCompareMemory
-  - _snwprintf
-  - RtlImageNtHeader
-  - RtlFreeUnicodeString
-  - RtlAnsiStringToUnicodeString
-  - RtlInitAnsiString
-  - strrchr
-  - ZwQueryVolumeInformationFile
-  - ObReferenceObjectByPointer
-  - ObQueryNameString
-  - IoBuildDeviceIoControlRequest
-  - IofCompleteRequest
-  - ExEventObjectType
-  - _allmul
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - IoCreateSymbolicLink
-  - IoGetDeviceObjectPointer
-  - RtlUpperChar
-  - RtlCompareUnicodeString
-  - strncpy
-  - KeServiceDescriptorTable
-  - NtOpenProcess
-  - ObOpenObjectByName
-  - IoDriverObjectType
-  - RtlAppendUnicodeStringToString
-  - strncmp
-  - NtQueryInformationProcess
-  - PsIsThreadTerminating
-  - PsThreadType
-  - KeAddSystemServiceTable
-  - ZwQueryObject
-  - ZwQuerySecurityObject
-  - ObInsertObject
-  - _allrem
-  - IoReleaseVpbSpinLock
-  - IoAcquireVpbSpinLock
-  - SeCreateAccessState
-  - IoGetFileObjectGenericMapping
-  - RtlUpcaseUnicodeString
-  - ObCreateObject
-  - _allshr
-  - ExInterlockedPopEntrySList
-  - IoGetStackLimits
-  - IoBuildSynchronousFsdRequest
-  - MmSystemRangeStart
-  - IoUnregisterPlugPlayNotification
-  - FsRtlIsNameInExpression
-  - wcsstr
-  - IoGetConfigurationInformation
-  - MmProbeAndLockPages
-  - IoGetDeviceInterfaces
-  - IoRegisterPlugPlayNotification
-  - ExAllocatePool
-  - RtlFreeAnsiString
-  - RtlUnicodeStringToAnsiString
-  - strncat
-  - wcschr
-  - wcsncat
-  - wcstombs
-  - KeTickCount
-  - KeBugCheckEx
-  - RtlUnwind
-  - wcsncpy
-  - ExReleaseResourceLite
-  - ExAcquireResourceExclusiveLite
-  - ExAcquireResourceSharedLite
-  - ExReleaseFastMutexUnsafe
-  - KeLeaveCriticalRegion
-  - KeEnterCriticalRegion
-  - IoFreeMdl
-  - ExAcquireFastMutexUnsafe
-  - ZwSetSecurityObject
-  - IoDeviceObjectType
-  - IoCreateDevice
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetSaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - RtlLengthSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - SeExports
-  - IoIsWdmVersionAvailable
-  - RtlLengthSid
-  - RtlAbsoluteToSelfRelativeSD
-  - ZwQuerySymbolicLinkObject
-  - KeGetCurrentThread
-  - KfAcquireSpinLock
-  - KfReleaseSpinLock
-  - KeRaiseIrqlToDpcLevel
-  - KfLowerIrql
-  - KeGetCurrentIrql
-  - ExAcquireFastMutex
-  - ExReleaseFastMutex
-  - KfRaiseIrql
-  - ClassInitialize
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G3
-      ValidFrom: '2012-05-01 00:00:00'
-      ValidTo: '2012-12-31 23:59:59'
-      Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
-      Version: 3
-      TBS:
-        MD5: e6d820afb23af20a65cf0b03247ea05e
-        SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
-        SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
-        SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-09-30 00:00:00'
-      ValidTo: '2014-01-01 23:59:59'
-      Signature: aedd211d5f8f807ad25209eadb6ed25d8be8c21b6904be51a5010e59fa37d174a3eedced89742b62d5a6bf4fad361754f013e0a345d24c26cbe26da21fd01e7a070fb6b37b6f5068a2e931b3b7997d8070a0a7de0b1ea4fff34d811bdd20c91cc4afcff18ffad9da95f0ecdc5cbfe88c5a3e7ab0a3eb59437411e09b1a6af36f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4d6290e58c54f0f1eb17341a1310e6a4
-      Version: 3
-      TBS:
-        MD5: b7d8444a70054990435f35a5630df5e1
-        SHA1: 4678c6e4a8787a8e6ed2bce8792b122f6c08afd8
-        SHA256: 0a8b4b359ea7890b358e56e436e9cfc6f32b037b2599b597ca7f7a80d475ec98
-        SHA384: ab21ee23bcdcf6f6066fb964d61467419ca8c0f3ad0b3fa2be4db6ed6af1cdff066b27d1988551c75836f22eddffef1f
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=TW, ST=Taiwan, L=Taipei, O=Trend Micro, Inc., OU=Digital ID Class
-        3 , Microsoft Software Validation v2, OU=RD, CN=Trend Micro, Inc.
-      ValidFrom: '2011-12-27 00:00:00'
-      ValidTo: '2013-02-15 23:59:59'
-      Signature: 840ba0fc35187fe2edc7b17c101fd2bf035bbad8f3de048e250741e96a3f4ecee86f1f065ea76f2f8f430a13a75ff3eab29a8b11a13006d27bf3173fa49aabf9cef98fc4554f1732317c4b821c740eb58a91977d85e86574dd712718b15d24f7eb88b6d4520aef788478e1ef8cebd7fff06fadbc87ca6ca2b77da85be3c30b4d590bcb8945a0acfa013f89073933494d9c465c0036280a5af39f6802e60bd175a2603366dd935cb3458b1791411a06b6e5f38e3171de4238051c79b33117cb94674d0625c402bdfb0f99b80625dc0f827911c6c11263884a4e41d1abf60070ad46b7296e19e1cfcda7304a650d7a814319cc11e5a947e82b2d00a169e798b871
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 6326c00ead256b6837eeb29b5ee84720
-      Version: 3
-      TBS:
-        MD5: 11b208a45459069f827186fe81c6badd
-        SHA1: 456356986e8ecbb7b05e4617d37cb8cd69ce4969
-        SHA256: 4a0336d7ffa5db42ece4b342e1244f5c2bd0681827f68f847d99195c83740145
-        SHA384: 8a5edd0f475b19f4667fde62ee69bbe81a130ddad07ff7cbeb16d4bd9bddd3aa1e59f2469cc15c01e8889e01b048778d
-    Signer:
-    - SerialNumber: 6326c00ead256b6837eeb29b5ee84720
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 03cc0cf6cc93ab1faa8dd44481e28703
-    SHA1: 7c749d49c0677c330200d6fcd0e2da5232be0970
-    SHA256: 8ff0549239941077a9cfd73a1d1e0ca0a20d4df41e2b9d249e6115f9bc1857b4
-  Sections:
-    .text:
-      Entropy: 6.660946608051692
-      Virtual Size: '0x2e408'
-    .rdata:
-      Entropy: 4.709860073342209
-      Virtual Size: '0x1cec'
-    .data:
-      Entropy: 4.4959420211886885
-      Virtual Size: '0x271c'
-    PAGE:
-      Entropy: 6.210709607609148
-      Virtual Size: '0x13dd'
-    .edata:
-      Entropy: 5.854662933678954
-      Virtual Size: '0x4c13'
-    INIT:
-      Entropy: 5.701929107824438
-      Virtual Size: '0x159a'
-    .rsrc:
-      Entropy: 3.4202040685324873
-      Virtual Size: '0x778'
-    .reloc:
-      Entropy: 6.549466447440598
-      Virtual Size: '0x2b5c'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2012-08-02 03:35:11'
-  Imphash: e9077c03c44a511c2c8eaf5bad9ab90b
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: TmComm.sys
-  MD5: 085d3423f3c12a17119920f1a293ab4d
-  SHA1: d3daa971580b9f94002f7257de44fcef13bb1673
-  SHA256: 5192ec4501d0fe0b1c8f7bf9b778f7524a7a70a26bbbb66e5dab8480f6fdbb8b
-  Authentihash:
-    MD5: 037efb773500b55fa774ab62ef60838c
-    SHA1: 9b1bc87c26d4a75e929ba54b88d32909d3cc6e5a
-    SHA256: 2e37c0e580bf6f0514af985b1581fef3d66b845aeefa790c625964512a911659
-  Description: TrendMicro Common Module
-  Company: Trend Micro Inc.
-  InternalName: TmComm.sys
-  OriginalFilename: TmComm.sys
-  FileVersion: 6.70.0.1073
-  Product: Trend Micro Eyes
-  ProductVersion: '6.70'
-  Copyright: Copyright (C) 2015 Trend Micro Incorporated. All rights reserved.
-  MachineType: I386
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  - CLASSPNP.SYS
-  ExportedFunctions:
-  - ??0CAutoUpdateConfigThread@@QAE@ABV0@@Z
-  - ??0CAutoUpdateConfigThread@@QAE@PAU_UNICODE_STRING@@P6GX0PAX@Z1@Z
-  - ??0CBlobConfig@@QAE@ABV0@@Z
-  - ??0CBlobConfig@@QAE@K@Z
-  - ??0CContext@@QAE@ABV0@@Z
-  - ??0CContext@@QAE@KP6GJPAU_EVENT_REPORT@@PAXPAU_TMCE_REPORT@@PAU_TMCE_FEEDBACK@@@Z1K@Z
-  - ??0CContextList@@QAE@ABV0@@Z
-  - ??0CContextList@@QAE@KPAVIMemoryAllocator@@@Z
-  - ??0CDebugLog@@QAE@ABV0@@Z
-  - ??0CDebugLog@@QAE@PBG@Z
-  - ??0CDebugLogEx@@QAE@ABV0@@Z
-  - ??0CDebugLogEx@@QAE@K@Z
-  - ??0CDelayLoadThread@@QAE@ABV0@@Z
-  - ??0CDelayLoadThread@@QAE@XZ
-  - ??0CExclusionExtConfig@@QAE@ABV0@@Z
-  - ??0CExclusionExtConfig@@QAE@KKE@Z
-  - ??0CExclusionFileNameConfig@@QAE@ABV0@@Z
-  - ??0CExclusionFileNameConfig@@QAE@KK@Z
-  - ??0CExclusionFilePathConfig@@QAE@ABV0@@Z
-  - ??0CExclusionFilePathConfig@@QAE@KK@Z
-  - ??0CExclusionFolderConfig@@QAE@ABV0@@Z
-  - ??0CExclusionFolderConfig@@QAE@KK@Z
-  - ??0CExclusionRegistryConfig@@QAE@ABV0@@Z
-  - ??0CExclusionRegistryConfig@@QAE@KK@Z
-  - ??0CFile@@QAE@ABV0@@Z
-  - ??0CFile@@QAE@E@Z
-  - ??0CFileExtension@@QAE@ABV0@@Z
-  - ??0CFileExtension@@QAE@KEEPAVIMemoryAllocator@@@Z
-  - ??0CInclusionExtConfig@@QAE@ABV0@@Z
-  - ??0CInclusionExtConfig@@QAE@KKE@Z
-  - ??0CInclusionFileNameConfig@@QAE@ABV0@@Z
-  - ??0CInclusionFileNameConfig@@QAE@KK@Z
-  - ??0CInclusionFilePathConfig@@QAE@ABV0@@Z
-  - ??0CInclusionFilePathConfig@@QAE@KK@Z
-  - ??0CInclusionFolderConfig@@QAE@ABV0@@Z
-  - ??0CInclusionFolderConfig@@QAE@KK@Z
-  - ??0CKEvent@@QAE@ABV0@@Z
-  - ??0CKEvent@@QAE@W4_EVENT_TYPE@@E@Z
-  - ??0CList@@QAE@ABV0@@Z
-  - ??0CList@@QAE@KPAVIMemoryAllocator@@@Z
-  - ??0CLockEvent@@QAE@ABV0@@Z
-  - ??0CLockEvent@@QAE@XZ
-  - ??0CLockList@@QAE@ABV0@@Z
-  - ??0CLockList@@QAE@KKPAVIMemoryAllocator@@@Z
-  - ??0CMemoryAllocator@@IAE@W4_POOL_TYPE@@K@Z
-  - ??0CMemoryAllocator@@QAE@ABV0@@Z
-  - ??0CMemoryPoolAllocator@@IAE@W4_POOL_TYPE@@KKK@Z
-  - ??0CMemoryPoolAllocator@@QAE@ABV0@@Z
-  - ??0CModuleConfig@@QAE@ABV0@@Z
-  - ??0CModuleConfig@@QAE@XZ
-  - ??0CModuleConfigList@@QAE@ABV0@@Z
-  - ??0CModuleConfigList@@QAE@KPAVIMemoryAllocator@@@Z
-  - ??0CModuleFileExtConfig@@QAE@ABV0@@Z
-  - ??0CModuleFileExtConfig@@QAE@KKE@Z
-  - ??0CModuleFlagConfig@@QAE@ABV0@@Z
-  - ??0CModuleFlagConfig@@QAE@K@Z
-  - ??0CModuleMultiStringConfig@@QAE@ABV0@@Z
-  - ??0CModuleMultiStringConfig@@QAE@KK@Z
-  - ??0CModuleStringConfig@@QAE@ABV0@@Z
-  - ??0CModuleStringConfig@@QAE@K@Z
-  - ??0CNoLockList@@QAE@ABV0@@Z
-  - ??0CNoLockList@@QAE@KKPAVIMemoryAllocator@@@Z
-  - ??0CSmartLock@@QAE@AAVCLockEvent@@@Z
-  - ??0CSmartLock@@QAE@XZ
-  - ??0CSmartReference@@QAE@AAJ@Z
-  - ??0CSmartReference@@QAE@AAK@Z
-  - ??0CSmartResource@@QAE@AAVCResource@@E@Z
-  - ??0CStrList@@QAE@ABV0@@Z
-  - ??0CStrList@@QAE@KPAVIMemoryAllocator@@@Z
-  - ??0CSystemThread@@QAE@ABV0@@Z
-  - ??0CSystemThread@@QAE@K@Z
-  - ??0CUserFuncAdapterJob@@QAE@ABV0@@Z
-  - ??0CUserFuncAdapterJob@@QAE@P6GXPAX@Z01@Z
-  - ??0CWorkerThread@@IAE@PAVCWorkerThreadJobQueue@@@Z
-  - ??0CWorkerThread@@QAE@ABV0@@Z
-  - ??0CWorkerThreadJob@@QAE@ABV0@@Z
-  - ??0CWorkerThreadJob@@QAE@E@Z
-  - ??0CWorkerThreadJobQueue@@QAE@ABV0@@Z
-  - ??0CWorkerThreadJobQueue@@QAE@K@Z
-  - ??0CWorkerThreadPool@@QAE@ABV0@@Z
-  - ??0CWorkerThreadPool@@QAE@K@Z
-  - ??0CWorkerThreadPoolEx@@QAE@ABV0@@Z
-  - ??0CWorkerThreadPoolEx@@QAE@KK@Z
-  - ??0IMemoryAllocator@@QAE@ABV0@@Z
-  - ??0IMemoryAllocator@@QAE@XZ
-  - ??1CAutoUpdateConfigThread@@UAE@XZ
-  - ??1CBlobConfig@@UAE@XZ
-  - ??1CContext@@UAE@XZ
-  - ??1CContextList@@UAE@XZ
-  - ??1CDebugLog@@UAE@XZ
-  - ??1CDebugLogEx@@UAE@XZ
-  - ??1CDelayLoadThread@@UAE@XZ
-  - ??1CExclusionExtConfig@@UAE@XZ
-  - ??1CExclusionFileNameConfig@@UAE@XZ
-  - ??1CExclusionFilePathConfig@@UAE@XZ
-  - ??1CExclusionFolderConfig@@UAE@XZ
-  - ??1CExclusionRegistryConfig@@UAE@XZ
-  - ??1CFile@@UAE@XZ
-  - ??1CFileExtension@@UAE@XZ
-  - ??1CInclusionExtConfig@@UAE@XZ
-  - ??1CInclusionFileNameConfig@@UAE@XZ
-  - ??1CInclusionFilePathConfig@@UAE@XZ
-  - ??1CInclusionFolderConfig@@UAE@XZ
-  - ??1CKEvent@@UAE@XZ
-  - ??1CList@@UAE@XZ
-  - ??1CLockEvent@@UAE@XZ
-  - ??1CLockList@@UAE@XZ
-  - ??1CMemoryAllocator@@UAE@XZ
-  - ??1CMemoryPoolAllocator@@UAE@XZ
-  - ??1CModuleConfig@@UAE@XZ
-  - ??1CModuleConfigList@@UAE@XZ
-  - ??1CModuleFileExtConfig@@UAE@XZ
-  - ??1CModuleFlagConfig@@UAE@XZ
-  - ??1CModuleMultiStringConfig@@UAE@XZ
-  - ??1CModuleStringConfig@@UAE@XZ
-  - ??1CNoLockList@@UAE@XZ
-  - ??1CSmartLock@@QAE@XZ
-  - ??1CSmartReference@@QAE@XZ
-  - ??1CSmartResource@@QAE@XZ
-  - ??1CStrList@@UAE@XZ
-  - ??1CSystemThread@@UAE@XZ
-  - ??1CUserFuncAdapterJob@@UAE@XZ
-  - ??1CWorkerThread@@UAE@XZ
-  - ??1CWorkerThreadJob@@UAE@XZ
-  - ??1CWorkerThreadJobQueue@@UAE@XZ
-  - ??1CWorkerThreadPool@@UAE@XZ
-  - ??1CWorkerThreadPoolEx@@UAE@XZ
-  - ??1IMemoryAllocator@@UAE@XZ
-  - ??2@YAPAXIPAVIMemoryAllocator@@PBDK@Z
-  - ??2CMemoryAllocator@@SGPAXI@Z
-  - ??2CMemoryPoolAllocator@@SGPAXI@Z
-  - ??3@YAXPAX@Z
-  - ??3IMemoryAllocator@@SGXPAX@Z
-  - ??4CAutoUpdateConfigThread@@QAEAAV0@ABV0@@Z
-  - ??4CBlobConfig@@QAEAAV0@ABV0@@Z
-  - ??4CContext@@QAEAAV0@ABV0@@Z
-  - ??4CDebugLog@@QAEAAV0@ABV0@@Z
-  - ??4CDebugLogEx@@QAEAAV0@ABV0@@Z
-  - ??4CDelayLoadThread@@QAEAAV0@ABV0@@Z
-  - ??4CFile@@QAEAAV0@ABV0@@Z
-  - ??4CKEvent@@QAEAAV0@ABV0@@Z
-  - ??4CLockEvent@@QAEAAV0@ABV0@@Z
-  - ??4CMemoryAllocator@@QAEAAV0@ABV0@@Z
-  - ??4CMemoryPoolAllocator@@QAEAAV0@ABV0@@Z
-  - ??4CModuleConfig@@QAEAAV0@ABV0@@Z
-  - ??4CModuleFlagConfig@@QAEAAV0@ABV0@@Z
-  - ??4CModuleStringConfig@@QAEAAV0@ABV0@@Z
-  - ??4CSmartLock@@QAEAAV0@ABV0@@Z
-  - ??4CSmartLock@@QAEABV0@AAVCLockEvent@@@Z
-  - ??4CSmartResource@@QAEAAV0@ABV0@@Z
-  - ??4CSystemThread@@QAEAAV0@ABV0@@Z
-  - ??4CUserFuncAdapterJob@@QAEAAV0@ABV0@@Z
-  - ??4CWorkerThread@@QAEAAV0@ABV0@@Z
-  - ??4CWorkerThreadJob@@QAEAAV0@ABV0@@Z
-  - ??4IMemoryAllocator@@QAEAAV0@ABV0@@Z
-  - ??_7CAutoUpdateConfigThread@@6B@
-  - ??_7CBlobConfig@@6B@
-  - ??_7CContext@@6B@
-  - ??_7CContextList@@6B@
-  - ??_7CDebugLog@@6B@
-  - ??_7CDebugLogEx@@6B@
-  - ??_7CDelayLoadThread@@6B@
-  - ??_7CExclusionExtConfig@@6B@
-  - ??_7CExclusionFileNameConfig@@6B@
-  - ??_7CExclusionFilePathConfig@@6B@
-  - ??_7CExclusionFolderConfig@@6B@
-  - ??_7CExclusionRegistryConfig@@6B@
-  - ??_7CFile@@6B@
-  - ??_7CFileExtension@@6B@
-  - ??_7CInclusionExtConfig@@6B@
-  - ??_7CInclusionFileNameConfig@@6B@
-  - ??_7CInclusionFilePathConfig@@6B@
-  - ??_7CInclusionFolderConfig@@6B@
-  - ??_7CKEvent@@6B@
-  - ??_7CList@@6B@
-  - ??_7CLockEvent@@6B@
-  - ??_7CLockList@@6B@
-  - ??_7CMemoryAllocator@@6B@
-  - ??_7CMemoryPoolAllocator@@6B@
-  - ??_7CModuleConfig@@6B@
-  - ??_7CModuleConfigList@@6B@
-  - ??_7CModuleFileExtConfig@@6B@
-  - ??_7CModuleFlagConfig@@6B@
-  - ??_7CModuleMultiStringConfig@@6B@
-  - ??_7CModuleStringConfig@@6B@
-  - ??_7CNoLockList@@6B@
-  - ??_7CStrList@@6B@
-  - ??_7CSystemThread@@6B@
-  - ??_7CUserFuncAdapterJob@@6B@
-  - ??_7CWorkerThread@@6B@
-  - ??_7CWorkerThreadJob@@6B@
-  - ??_7CWorkerThreadJobQueue@@6B@
-  - ??_7CWorkerThreadPool@@6B@
-  - ??_7CWorkerThreadPoolEx@@6B@
-  - ??_7IMemoryAllocator@@6B@
-  - ??_FCContextList@@QAEXXZ
-  - ??_FCFile@@QAEXXZ
-  - ??_FCFileExtension@@QAEXXZ
-  - ??_FCModuleConfigList@@QAEXXZ
-  - ??_FCStrList@@QAEXXZ
-  - ??_FCSystemThread@@QAEXXZ
-  - ??_FCWorkerThread@@QAEXXZ
-  - ??_FCWorkerThreadJob@@QAEXXZ
-  - ??_FCWorkerThreadJobQueue@@QAEXXZ
-  - ??_U@YAPAXIPAVIMemoryAllocator@@PBDK@Z
-  - ??_V@YAXPAX@Z
-  - ?Acquire@CLockEvent@@QAEXXZ
-  - ?Add@CContextList@@QAEEPAVCContext@@@Z
-  - ?Add@CFileExtension@@QAEEPBGK@Z
-  - ?Add@CModuleConfigList@@QAEEPAVCModuleConfig@@@Z
-  - ?Add@CStrList@@QAEEPBG@Z
-  - ?AddNode@CLockList@@UAEEQAXE@Z
-  - ?AddNode@CNoLockList@@UAEEQAXE@Z
-  - ?Alloc@CMemoryAllocator@@UAEPAXKPBDK@Z
-  - ?Alloc@CMemoryPoolAllocator@@UAEPAXKPBDK@Z
-  - ?AllocBlock@CMemoryPoolAllocator@@IAEPAXK@Z
-  - ?AttachJobQueue@CWorkerThread@@QAEXPAVCWorkerThreadJobQueue@@@Z
-  - ?Cancel@CWorkerThreadJob@@QAEXXZ
-  - ?CheckNode@CLockList@@UAEHQAX@Z
-  - ?CheckNode@CNoLockList@@UAEHQAX@Z
-  - ?CleanQueue@CWorkerThreadJobQueue@@QAEXXZ
-  - ?Cleanup@CBlobConfig@@AAEXXZ
-  - ?Cleanup@CModuleFileExtConfig@@IAEXXZ
-  - ?Cleanup@CModuleMultiStringConfig@@IAEXXZ
-  - ?Cleanup@CModuleStringConfig@@AAEXXZ
-  - ?Close@CFile@@QAEJXZ
-  - ?Count@CLockList@@QAEKXZ
-  - ?Count@CNoLockList@@QAEKXZ
-  - ?Create@CFile@@QAEJPBGKKKK@Z
-  - ?Create@CSystemThread@@QAEEXZ
-  - ?CreateInstance@CMemoryAllocator@@SGPAV1@W4_POOL_TYPE@@K@Z
-  - ?CreateInstance@CMemoryPoolAllocator@@SGPAV1@W4_POOL_TYPE@@KKK@Z
-  - ?CreatePool@CWorkerThreadPool@@QAEEXZ
-  - ?CreatePool@CWorkerThreadPoolEx@@QAEEXZ
-  - ?CreateThreads@CWorkerThreadPool@@QAEEK@Z
-  - ?CreateThreads@CWorkerThreadPoolEx@@QAEEK@Z
-  - ?CreateWIRP@CFile@@QAEJPBGKKKK@Z
-  - ?Delete@CFile@@QAEJXZ
-  - ?Delete@CFileExtension@@QAEEPBGK@Z
-  - ?Delete@CStrList@@QAEEPBG@Z
-  - ?DeleteAll@CList@@UAEXXZ
-  - ?DeleteAll@CLockList@@UAEXXZ
-  - ?DeleteAll@CNoLockList@@UAEXXZ
-  - ?DeleteNode@CContextList@@MAEXPAX@Z
-  - ?DeleteNode@CList@@UAEXPAX@Z
-  - ?DeleteNode@CModuleConfigList@@MAEXPAX@Z
-  - ?DeleteNode@CStrList@@EAEXPAU_STR_LIST_NODE@1@@Z
-  - ?DisableWriteProtectFromCR0@@YGXPAPAX@Z
-  - ?DoIt@CWorkerThreadJob@@QAEJXZ
-  - ?EntryPoint@CSystemThread@@KGXPAX@Z
-  - ?Find@CContextList@@QAEPAVCContext@@K@Z
-  - ?Find@CContextList@@QAEPAVCContext@@PAX@Z
-  - ?Find@CFileExtension@@QAEPAU_STR_LIST_NODE@CStrList@@PBGK@Z
-  - ?Find@CModuleConfigList@@QAEPAVCModuleConfig@@K@Z
-  - ?Find@CStrList@@QAEPAU_STR_LIST_NODE@1@PBG@Z
-  - ?FindNode@CContextList@@IAEPAXPAX@Z
-  - ?FindPartiallyAndAllMatch@CStrList@@QAEPAU_STR_LIST_NODE@1@PBG@Z
-  - ?FinishFunction@CUserFuncAdapterJob@@MAEXXZ
-  - ?FinishIt@CWorkerThreadJob@@QAEJXZ
-  - ?First@CList@@UAEPAXXZ
-  - ?First@CLockList@@UAEPAXXZ
-  - ?First@CNoLockList@@UAEPAXXZ
-  - ?Free@CMemoryAllocator@@UAEXPAX@Z
-  - ?Free@CMemoryPoolAllocator@@UAEXPAX@Z
-  - ?GetAttributes@CFile@@QAEKXZ
-  - ?GetBasicInfomration@CFile@@IAEJXZ
-  - ?GetBlobCofig@CContext@@UAEJKPAXPAK@Z
-  - ?GetCategory@CContext@@QAEKXZ
-  - ?GetData@CBlobConfig@@QAEHPAXPAK@Z
-  - ?GetData@CModuleFileExtConfig@@QAEHPAGPAK@Z
-  - ?GetData@CModuleFileExtConfig@@QAEPAVCFileExtension@@XZ
-  - ?GetData@CModuleFlagConfig@@QAEKXZ
-  - ?GetData@CModuleMultiStringConfig@@QAEHPAGPAK@Z
-  - ?GetData@CModuleMultiStringConfig@@QAEPAVCStrList@@XZ
-  - ?GetData@CModuleStringConfig@@QAEPAGXZ
-  - ?GetData@CStrList@@QAEEPAGPAK@Z
-  - ?GetDataType@CModuleConfig@@QAEKXZ
-  - ?GetEngineContext@CContext@@QAEPAXXZ
-  - ?GetFileExtensionConfig@CContext@@QAEPAVCFileExtension@@K@Z
-  - ?GetFileExtensionConfig@CContext@@UAEJKPAGPAK@Z
-  - ?GetFileSize@CFile@@QAEJPAT_LARGE_INTEGER@@@Z
-  - ?GetFileSizeWIRP@CFile@@QAEJPAT_LARGE_INTEGER@@@Z
-  - ?GetFlagConfig@CContext@@UAEJKPAK@Z
-  - ?GetID@CModuleConfig@@QAEKXZ
-  - ?GetJob@CWorkerThreadJobQueue@@QAEPAVCWorkerThreadJob@@XZ
-  - ?GetLength@CModuleStringConfig@@QAEKXZ
-  - ?GetLinkContext@CContext@@QAEPAXXZ
-  - ?GetLogFlag@CDebugLog@@QAEKXZ
-  - ?GetLogFlag@CDebugLogEx@@QAEKXZ
-  - ?GetModuleId@CModuleConfig@@QAEKXZ
-  - ?GetMultiStringConfig@CContext@@QAEPAVCStrList@@K@Z
-  - ?GetMultiStringConfig@CContext@@UAEJKPAGPAK@Z
-  - ?GetOneThreadTEB@CWorkerThreadPool@@QAEPAU_ETHREAD@@XZ
-  - ?GetOneThreadTEB@CWorkerThreadPool@@QAEPAU_KTHREAD@@XZ
-  - ?GetOneThreadTEB@CWorkerThreadPoolEx@@QAEPAU_ETHREAD@@XZ
-  - ?GetOneThreadTEB@CWorkerThreadPoolEx@@QAEPAU_KTHREAD@@XZ
-  - ?GetReportCallBackRoutine@CContext@@QAEKXZ
-  - ?GetSize@CBlobConfig@@QAEKXZ
-  - ?GetStringConfig@CContext@@QAEPAGK@Z
-  - ?GetStringConfig@CContext@@UAEJKPAGPAK@Z
-  - ?GetThreadCount@CWorkerThreadPool@@QAEKXZ
-  - ?GetThreadCount@CWorkerThreadPoolEx@@QAEKXZ
-  - ?GetThreadID@CSystemThread@@QAEKXZ
-  - ?GetType@CContext@@QAEKXZ
-  - ?GetUserParameter@CContext@@QAEKXZ
-  - ?InitProcMon@CDebugLogEx@@IAEXXZ
-  - ?InitializeBlobConfig@CContext@@QAEHKPAXK@Z
-  - ?InitializeFileExtensionConfig@CContext@@QAEHKPBG@Z
-  - ?InitializeFlagConfig@CContext@@QAEHKK@Z
-  - ?InitializeMultiStringConfig@CContext@@QAEHKPBG@Z
-  - ?InitializeStringConfig@CContext@@QAEHKPBG@Z
-  - ?Insert@CList@@UAEXQAXE@Z
-  - ?Insert@CLockList@@UAEXQAXE@Z
-  - ?Insert@CNoLockList@@UAEXQAXE@Z
-  - ?InsertAfter@CList@@UAEXPAX0@Z
-  - ?InsertBefore@CList@@UAEXPAX0@Z
-  - ?Instance@CWorkerThreadPool@@SGPAV1@XZ
-  - ?IsEmpty@CList@@UAEEXZ
-  - ?IsEmpty@CLockList@@UAEEXZ
-  - ?IsEmpty@CNoLockList@@UAEEXZ
-  - ?IsExceedLimitation@CMemoryPoolAllocator@@IAEEK@Z
-  - ?IsFull@CLockList@@QBEEXZ
-  - ?IsFull@CNoLockList@@QBEEXZ
-  - ?IsInExclusionList@CExclusionExtConfig@@QAEEPBG@Z
-  - ?IsInExclusionList@CExclusionFileNameConfig@@QAEEPBG@Z
-  - ?IsInExclusionList@CExclusionFilePathConfig@@QAEEPBG@Z
-  - ?IsInExclusionList@CExclusionFolderConfig@@QAEEPBG@Z
-  - ?IsInExclusionList@CExclusionRegistryConfig@@QAEEPBG@Z
-  - ?IsInInclusionList@CInclusionExtConfig@@QAEEPBG@Z
-  - ?IsInInclusionList@CInclusionFileNameConfig@@QAEEPBG@Z
-  - ?IsInInclusionList@CInclusionFilePathConfig@@QAEEPBG@Z
-  - ?IsInInclusionList@CInclusionFolderConfig@@QAEEPBG@Z
-  - ?IsOpened@CFile@@QAEEXZ
-  - ?IsTerminated@CWorkerThreadPool@@QAEEXZ
-  - ?IsTerminated@CWorkerThreadPoolEx@@QAEEXZ
-  - ?IsValid@CMemoryAllocator@@UAEEXZ
-  - ?IsValid@CMemoryPoolAllocator@@UAEEXZ
-  - ?IsValid@IMemoryAllocator@@UAEEXZ
-  - ?IsWorkerThread@CWorkerThreadPool@@QAEEK@Z
-  - ?IsWorkerThread@CWorkerThreadPoolEx@@QAEEK@Z
-  - ?JobFunction@CUserFuncAdapterJob@@MAEXXZ
-  - ?JobQueue@CWorkerThreadPool@@QAEAAVCWorkerThreadJobQueue@@XZ
-  - ?JobQueue@CWorkerThreadPoolEx@@QAEAAVCWorkerThreadJobQueue@@XZ
-  - ?Limit@CLockList@@QAEKXZ
-  - ?Limit@CNoLockList@@QAEKXZ
-  - ?MatchAllExtensions@CFileExtension@@QAEEXZ
-  - ?MatchNoExtensions@CFileExtension@@QAEEXZ
-  - ?MergeLeft@CMemoryPoolAllocator@@IAEPAXPAX@Z
-  - ?MergeRight@CMemoryPoolAllocator@@IAEPAXPAX@Z
-  - ?NeedDelete@CWorkerThreadJob@@QAEEXZ
-  - ?NeedDeleteWhenFinish@CWorkerThreadJob@@QAEXE@Z
-  - ?NewNode@CList@@UAEPAXXZ
-  - ?NewNode@CStrList@@EAEPAXXZ
-  - ?NewNodeVariant@CList@@IAEPAXK@Z
-  - ?Next@CList@@UBEPAXQAX@Z
-  - ?Next@CLockList@@UBEPAXQAX@Z
-  - ?Next@CNoLockList@@UBEPAXQAX@Z
-  - ?NextPool@CMemoryPoolAllocator@@QAEPAV1@XZ
-  - ?NotityTerminate@CWorkerThread@@QAEXXZ
-  - ?PostJobToWorkerThread@CWorkerThreadPool@@QAEJP6GXPAX@Z0E@Z
-  - ?PostJobToWorkerThread@CWorkerThreadPoolEx@@QAEJP6GXPAX@Z0E1@Z
-  - ?Pulse@CKEvent@@QAEJJE@Z
-  - ?QueueJob@CWorkerThreadJobQueue@@QAEEPAVCWorkerThreadJob@@@Z
-  - ?QueueJobItem@CWorkerThreadPool@@QAEJPAVCWorkerThreadJob@@@Z
-  - ?QueueJobItem@CWorkerThreadPoolEx@@QAEJPAVCWorkerThreadJob@@@Z
-  - ?RCMInstance@CWorkerThreadPool@@SGPAV1@XZ
-  - ?Read@CFile@@QAEJPADKPAK@Z
-  - ?ReadWIRP@CFile@@QAEJPADKPAK@Z
-  - ?ReferenceCount@CContext@@QAEAAKXZ
-  - ?Release@CLockEvent@@QAEXXZ
-  - ?Remove@CContextList@@UAEEQAX@Z
-  - ?Remove@CList@@UAEEQAX@Z
-  - ?Remove@CLockList@@UAEEQAX@Z
-  - ?Remove@CNoLockList@@UAEEQAX@Z
-  - ?RemoveHead@CList@@UAEPAXXZ
-  - ?RemoveHead@CLockList@@UAEPAXXZ
-  - ?RemoveHead@CNoLockList@@UAEPAXXZ
-  - ?RemoveTail@CList@@UAEPAXXZ
-  - ?RemoveTail@CLockList@@UAEPAXXZ
-  - ?RemoveTail@CNoLockList@@UAEPAXXZ
-  - ?Reset@CKEvent@@QAEXXZ
-  - ?ResetData@CInclusionExtConfig@@QAEXXZ
-  - ?ResetData@CInclusionFileNameConfig@@QAEXXZ
-  - ?ResetData@CInclusionFilePathConfig@@QAEXXZ
-  - ?ResetData@CInclusionFolderConfig@@QAEXXZ
-  - ?RestoreCR0@@YGXPAX@Z
-  - ?Run@CAutoUpdateConfigThread@@UAEXXZ
-  - ?Run@CDelayLoadThread@@UAEXXZ
-  - ?Run@CWorkerThread@@UAEXXZ
-  - ?SeekToEnd@CFile@@QAEJXZ
-  - ?Set@CKEvent@@QAEJJE@Z
-  - ?SetAttributes@CFile@@QAEJK@Z
-  - ?SetBlobCofig@CContext@@UAEJKPAXK@Z
-  - ?SetData@CBlobConfig@@QAEHPAXK@Z
-  - ?SetData@CModuleFileExtConfig@@QAEHPBG@Z
-  - ?SetData@CModuleFlagConfig@@QAEHK@Z
-  - ?SetData@CModuleMultiStringConfig@@QAEHPBGK@Z
-  - ?SetData@CModuleStringConfig@@QAEHPBG@Z
-  - ?SetEngineContext@CContext@@QAEXPAX@Z
-  - ?SetFileExtensionConfig@CContext@@UAEJKPBG@Z
-  - ?SetFlagConfig@CContext@@UAEJKK@Z
-  - ?SetLinkContext@CContext@@QAEXPAX@Z
-  - ?SetLogFlag@CDebugLog@@QAEEK@Z
-  - ?SetLogFlag@CDebugLogEx@@QAEEK@Z
-  - ?SetMatchAllExtensions@CFileExtension@@QAEXE@Z
-  - ?SetMatchNoExtensions@CFileExtension@@QAEXE@Z
-  - ?SetMultiStringConfig@CContext@@UAEJKPBG@Z
-  - ?SetNewJobItemEvent@CWorkerThreadJobQueue@@QAEXXZ
-  - ?SetPriority@CSystemThread@@QAEXK@Z
-  - ?SetStopUse@CContext@@QAEXXZ
-  - ?SetStringConfig@CContext@@UAEJKPBG@Z
-  - ?Setup@CSystemThread@@MAEXXZ
-  - ?StopUse@CContext@@QAEHXZ
-  - ?TearDown@CSystemThread@@MAEXXZ
-  - ?Terminate@CSystemThread@@QAEXE@Z
-  - ?Terminate@CWorkerThreadPool@@QAEEXZ
-  - ?Terminate@CWorkerThreadPoolEx@@QAEEXZ
-  - ?TmExceptionFilter@@YGJPAU_EXCEPTION_POINTERS@@@Z
-  - ?Wait@CKEvent@@QAEJPAT_LARGE_INTEGER@@E@Z
-  - ?WaitFinish@CWorkerThreadJob@@QAEXXZ
-  - ?WaitForInit@CDelayLoadThread@@QAEEXZ
-  - ?WaitForLoad@CDelayLoadThread@@QAEEXZ
-  - ?WaitNewJobAvailable@CWorkerThreadJobQueue@@QAEEXZ
-  - ?WaitQueueEmpty@CWorkerThreadJobQueue@@QAEXXZ
-  - ?Write@CDebugLog@@QAAXPBDZZ
-  - ?Write@CDebugLogEx@@QAAXPBDZZ
-  - ?Write@CFile@@QAEJPADKPAT_LARGE_INTEGER@@PAK@Z
-  - ?WriteDataToFile@CDebugLogEx@@IAEXPADK@Z
-  - ?WriteDataToProcMonW@CDebugLogEx@@IAEXPAD@Z
-  - ?WriteSystemInformation@CDebugLog@@QAEXXZ
-  - ?WriteSystemInformation@CDebugLogEx@@QAEXXZ
-  - ?WriteSystemStringInformation@CDebugLog@@IAEXPBG@Z
-  - ?WriteSystemStringInformation@CDebugLogEx@@IAEXPBG@Z
-  - ?WriteToFile@CDebugLog@@IAEXPADK@Z
-  - ?WriteToProcMonW@CDebugLogEx@@IAEXPAU_UNICODE_STRING@@@Z
-  - ?_pNonPagedAllocator@@3PAVCMemoryAllocator@@A
-  - ?_pPagedAllocator@@3PAVCMemoryAllocator@@A
-  - ?m_lpInstance@CWorkerThreadPool@@1PAV1@A
-  - ?m_lpRCMInstance@CWorkerThreadPool@@1PAV1@A
-  - _DeInitKm2UmCommunication@0
-  - _DeInitKmLPC@0
-  - _DuplicateFullFileName@4
-  - _FreeFullFileName@4
-  - _GetKm2UmMode@0
-  - _GetModuleInfoByAddress@8
-  - _GetModuleInfoByModuleName@8
-  - _InitKm2UmCommunication@8
-  - _InitKmLPC@0
-  - _IsVerifierCodeCheckFlagOn@0
-  - _IsWindows8_1_update@4
-  - _KmCallUm@8
-  - _KmCallUmByLPC@8
-  - _KmCallUmEx@12
-  - _KmCleanupCommPortAPIs@0
-  - _KmGetUmInitProcess@0
-  - _KmSetCommPortAPIs@4
-  - _ModGetExportProcAddress@8
-  - _ModLoadDLLToBuffer@4
-  - _ModLoadDLLToBufferWithImageSize@8
-  - _ModLoadModule@8
-  - _ModUnLoadModule@4
-  - _NormalizeFileName@4
-  - _NormalizeFullNtPathToDosName@4
-  - _TmCommConfigRoutine@4
-  - _UtilAddDeviceInDriveTable@4
-  - _UtilAddReparsePointMapping@8
-  - _UtilCleanFileReadOnly@4
-  - _UtilCloseExclusiveHandle@12
-  - _UtilCreateDosFileName@8
-  - _UtilDeleteFileForce@4
-  - _UtilGetDeviceObjectName@8
-  - _UtilGetFileNameFromFileObject@4
-  - _UtilGetFileObjectForProcessByEPROC@8
-  - _UtilGetFileObjectFromFileName@12
-  - _UtilGetProcessName@12
-  - _UtilGetSystemDirectory@4
-  - _UtilGetSystemDirectoryEx@0
-  - _UtilGetSystemDirectoryLength@0
-  - _UtilGetSystemTime@4
-  - _UtilIoSetFileInfo@24
-  - _UtilIopCreateFileIRP@40
-  - _UtilKeGetLowFileDevice@16
-  - _UtilModuleIATHook@24
-  - _UtilModuleIATUnHook@8
-  - _UtilPostJobToWorkerThread@12
-  - _UtilQueryExclusiveHandle@12
-  - _UtilQueryKeyValue@24
-  - _UtilRemoveDeviceFromDriveTable@4
-  - _UtilVolumeDeviceToDosName@8
-  - _UtilWaitValueChangeToZero@8
-  - _UtilWriteVersionToRegistry@8
-  - _UtilbuildDynamicDiskMappingTable@0
-  - _UtlWriteBinValueKeyToRegistry@16
-  - _ValidateAddressWithSize@20
-  - __ResetProtectFromClose@4
-  - __UtilDosPathNameToNtPathName@12
-  ImportedFunctions:
-  - wcsrchr
-  - KeSetEvent
-  - KePulseEvent
-  - KeClearEvent
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - ObfDereferenceObject
-  - ZwSetEvent
-  - ZwClose
-  - ZwConnectPort
-  - RtlInitUnicodeString
-  - RtlUnicodeStringToInteger
-  - ZwCreateSection
-  - ZwWaitForSingleObject
-  - ZwOpenEvent
-  - IoGetCurrentProcess
-  - ObfReferenceObject
-  - DbgBreakPoint
-  - ZwRequestWaitReplyPort
-  - ExFreePoolWithTag
-  - ProbeForWrite
-  - ZwFreeVirtualMemory
-  - ZwAllocateVirtualMemory
-  - ObOpenObjectByPointer
-  - PsProcessType
-  - memmove
-  - PsGetProcessExitTime
-  - MmSectionObjectType
-  - PsThreadType
-  - ObReleaseObjectSecurity
-  - SeReleaseSubjectContext
-  - SeAccessCheck
-  - SeCaptureSubjectContext
-  - ObGetObjectSecurity
-  - DbgPrint
-  - memset
-  - MmIsAddressValid
-  - ExInitializeResourceLite
-  - ExDeleteResourceLite
-  - ZwWriteFile
-  - ZwReadFile
-  - ZwQueryInformationFile
-  - ZwSetInformationFile
-  - ZwCreateFile
-  - swprintf
-  - towupper
-  - _wcsnicmp
-  - ExAllocatePoolWithTag
-  - KeInitializeEvent
-  - _snprintf
-  - PsGetCurrentProcessId
-  - RtlTimeToTimeFields
-  - ExSystemTimeToLocalTime
-  - KeQuerySystemTime
-  - PsGetCurrentThreadId
-  - RtlInitAnsiString
-  - ZwDeviceIoControlFile
-  - ZwCreateKey
-  - ZwCreateEvent
-  - KeWaitForMultipleObjects
-  - ObReferenceObjectByHandle
-  - ZwNotifyChangeKey
-  - _vsnprintf
-  - RtlFreeUnicodeString
-  - RtlAnsiStringToUnicodeString
-  - RtlEqualUnicodeString
-  - RtlAppendUnicodeStringToString
-  - RtlCopyUnicodeString
-  - RtlUpcaseUnicodeChar
-  - ExGetPreviousMode
-  - KeWaitForSingleObject
-  - KeSetPriorityThread
-  - PsTerminateSystemThread
-  - PsCreateSystemThread
-  - KeDelayExecutionThread
-  - KeNumberProcessors
-  - ZwQueryInformationProcess
-  - PsLookupProcessByProcessId
-  - ZwOpenDirectoryObject
-  - PsSetCreateProcessNotifyRoutine
-  - ZwQuerySystemInformation
-  - ZwQueryDirectoryFile
-  - ZwQueryDirectoryObject
-  - ZwOpenKey
-  - ZwEnumerateKey
-  - ZwEnumerateValueKey
-  - ZwQueryValueKey
-  - ZwDeleteValueKey
-  - ZwDeleteKey
-  - ZwTerminateProcess
-  - ZwOpenProcess
-  - ZwQueryKey
-  - ZwSetValueKey
-  - IoFileObjectType
-  - _allrem
-  - ZwQuerySecurityObject
-  - memcpy
-  - RtlLengthSecurityDescriptor
-  - MmHighestUserAddress
-  - IoFreeIrp
-  - IoFreeMdl
-  - _purecall
-  - IoBuildAsynchronousFsdRequest
-  - _strnicmp
-  - RtlQueryRegistryValues
-  - RtlAppendUnicodeToString
-  - mbstowcs
-  - ZwQuerySymbolicLinkObject
-  - ZwOpenSymbolicLinkObject
-  - NtClose
-  - ObQueryNameString
-  - MmGetSystemRoutineAddress
-  - ZwSetInformationObject
-  - _stricmp
-  - ZwUnmapViewOfSection
-  - ZwMapViewOfSection
-  - ZwOpenFile
-  - IoCreateFile
-  - IofCallDriver
-  - IoAllocateIrp
-  - MmBuildMdlForNonPagedPool
-  - IoAllocateMdl
-  - ProbeForRead
-  - PsGetVersion
-  - RtlImageNtHeader
-  - RtlCompareMemory
-  - RtlUpcaseUnicodeString
-  - _snwprintf
-  - MmSystemRangeStart
-  - wcsncmp
-  - strrchr
-  - ZwQueryVolumeInformationFile
-  - ObReferenceObjectByPointer
-  - IoBuildDeviceIoControlRequest
-  - ZwOpenSection
-  - _allmul
-  - KeReleaseSemaphore
-  - RtlLengthRequiredSid
-  - RtlInitializeSid
-  - RtlSubAuthoritySid
-  - RtlSetDaclSecurityDescriptor
-  - RtlCreateSecurityDescriptor
-  - RtlAddAccessAllowedAce
-  - RtlCreateAcl
-  - KeInitializeSemaphore
-  - IofCompleteRequest
-  - ExEventObjectType
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - IoCreateSymbolicLink
-  - IoGetDeviceObjectPointer
-  - RtlUpperChar
-  - ObReferenceObjectByName
-  - IoDriverObjectType
-  - RtlCompareUnicodeString
-  - strncpy
-  - KeServiceDescriptorTable
-  - NtOpenProcess
-  - ObOpenObjectByName
-  - NtQueryInformationProcess
-  - PsIsThreadTerminating
-  - KeAddSystemServiceTable
-  - ZwFsControlFile
-  - ObInsertObject
-  - IoReleaseVpbSpinLock
-  - IoAcquireVpbSpinLock
-  - SeCreateAccessState
-  - IoGetFileObjectGenericMapping
-  - ObCreateObject
-  - _allshr
-  - ExInterlockedPopEntrySList
-  - IoGetStackLimits
-  - IoBuildSynchronousFsdRequest
-  - wcsstr
-  - IoUnregisterPlugPlayNotification
-  - FsRtlIsNameInExpression
-  - IoGetConfigurationInformation
-  - MmProbeAndLockPages
-  - IoGetDeviceInterfaces
-  - IoRegisterPlugPlayNotification
-  - ExAllocatePool
-  - RtlFreeAnsiString
-  - RtlUnicodeStringToAnsiString
-  - strncat
-  - wcschr
-  - wcsncat
-  - wcstombs
-  - KeTickCount
-  - KeBugCheckEx
-  - RtlUnwind
-  - wcsncpy
-  - ExReleaseResourceLite
-  - ExAcquireResourceExclusiveLite
-  - ExAcquireResourceSharedLite
-  - ExReleaseFastMutexUnsafe
-  - KeLeaveCriticalRegion
-  - KeEnterCriticalRegion
-  - ZwSetSecurityObject
-  - ExAcquireFastMutexUnsafe
-  - IoDeviceObjectType
-  - IoCreateDevice
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetSaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - SeExports
-  - IoIsWdmVersionAvailable
-  - RtlLengthSid
-  - RtlAbsoluteToSelfRelativeSD
-  - MmUnlockPages
-  - KeGetCurrentThread
-  - KfAcquireSpinLock
-  - KfReleaseSpinLock
-  - KeRaiseIrqlToDpcLevel
-  - KfLowerIrql
-  - ExAcquireFastMutex
-  - ExReleaseFastMutex
-  - KeGetCurrentIrql
-  - KfRaiseIrql
-  - ClassInitialize
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO
-        Time Stamping Signer
-      ValidFrom: '2015-05-05 00:00:00'
-      ValidTo: '2015-12-31 23:59:59'
-      Signature: 0dbbad60111bb5f00dcce6483a7a3e0e33dc1cb9ead620fea34dd0cc764ee818d879dfd34f9a4264238a29728a3a6c66a63c3a17a8704565c673c3d0ce8954fbac690f58b019cb869f7eb97eeb5192bf9bddebd165f0257b887cdebda5c8b51451bcc081308a85387be679fe67559387fe4fe88d0eedf37292b5c289806dd159e31d0deab138ee039d0019a5ab219b79c3ccc23e687ebdc94d694db46451fbb22874e25389ce9dfaade2dbceab7b7e064474fd0aa3c9b7a730cd49d29264f122a6b828457479e9a7ce3b33f98350947d68c01d49c760787a3c6426d5befa0a6de41ee109538fa9c523acc79d614221f02c1671493b10af2c6f1ae631f114fd6c
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 009feac811b0f16247a5fc20d80523ace6
-      Version: 3
-      TBS:
-        MD5: b6aa9cf28bcfc9f07ec1069fb425ab61
-        SHA1: ca7a166fcd53878ba5a38d4cac37c63513cfc1fa
-        SHA256: 711394fc49f8948a831f687d42ced6b18514f57786ecc6cdbc3c3eb72e568a40
-        SHA384: ca01f9c9ed4e1ddff7126b7bbf618bc8132429886ca563f86655429e928739c621b9fdea6e04a623712cbb998c5c7d77
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=TW, ST=Taiwan, L=Taipei, O=Trend Micro, Inc., CN=Trend Micro, Inc.
-      ValidFrom: '2015-02-20 00:00:00'
-      ValidTo: '2016-05-21 23:59:59'
-      Signature: e480eb7f78216a855e34dbcb712d3879d6b1744c823c8e78c3661e55182a5c1f3a03686169393ef8778c893a49604a79769f5ba7156426c5431ae729a8dc5f8e22b14d124e46eff3f4f660552a57250a15e15d07ad548a02cddf8a204b5010be387a05b1019f618cf15078d80a809a7272b1822a63862c7db194f12697a786001ef630ac9d8bf9f5475191f327b8ed4839dff1ef65e5eb8f91379a66366451f99cb633848c57d4392096e6080fa327b23fc3834ad4f6043904d6c5aeb35454a265b3fda38167cffa8394f092a74bad1ea386f63b7baeb95271a97fc3bff0a2bc96a834f280a254d7170e5cc2830f3bd0649178f8b04514ecd1103753b1762902
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1519396ee230f02cad1fcfdb077a35f0
-      Version: 3
-      TBS:
-        MD5: 7e2a6f93403382b4ec42463426d0a4b5
-        SHA1: 62acc697c0e2dc37f3d37ab79751637346e051e2
-        SHA256: 3e9a51973a839e5bc6e81c886e085b777d08ce2b24f816b7552cf2c44e322d59
-        SHA384: e6206b8dc5d081bcf85545a545ebe91bb0c796b5b94bf0b915223440f73a2cea4ca0981d8da85ae07384918a1f7c927d
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 1519396ee230f02cad1fcfdb077a35f0
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 5b33b237bab6e0b50320054616983177
-    SHA1: 754c63349a54279bb01f24974f9faf6da8294d27
-    SHA256: 001d9e469d2c4160f8fbff1c0aee013e72881cffb568910a2c1473a17bf858b2
-  Sections:
-    .text:
-      Entropy: 6.67128338092209
-      Virtual Size: '0x3846a'
-    .rdata:
-      Entropy: 4.982309760035619
-      Virtual Size: '0x249c'
-    .data:
-      Entropy: 4.3753627367754016
-      Virtual Size: '0x3180'
-    PAGE:
-      Entropy: 6.29167790866865
-      Virtual Size: '0x13dd'
-    .edata:
-      Entropy: 5.826712241683845
-      Virtual Size: '0x55d9'
-    INIT:
-      Entropy: 5.683406925828227
-      Virtual Size: '0x1676'
-    .rsrc:
-      Entropy: 3.40997749366868
-      Virtual Size: '0x760'
-    .reloc:
-      Entropy: 6.584936952359539
-      Virtual Size: '0x35ce'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2015-07-16 05:25:16'
-  Imphash: 383be1d728b0be96be1b810a131705ee
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: TmComm.sys
-  MD5: 08bac71557df8a9b1381c8c165f64520
-  SHA1: 891c8d482e23222498022845a6b349fe1a186bcc
-  SHA256: 61befeef14783eb0fed679fca179d2f5c33eb2dcbd40980669ca2ebeb3bf11cf
-  Authentihash:
-    MD5: cfb84fad4e23da054656c41b09c8c467
-    SHA1: 4dad9e501ec85acd2b405eca3fc1e5787d64ab34
-    SHA256: 14cfe7b4f7572aa3434ac5dd458a35f286538b34734cf7a310fb7bcba209921c
-  Description: TrendMicro Common Module
-  Company: Trend Micro Inc.
-  InternalName: TmComm.sys
-  OriginalFilename: TmComm.sys
-  FileVersion: 2.5.0.1106
-  Product: AEGIS
-  ProductVersion: '2.5'
-  Copyright: Copyright (C) 2005-2008 Trend Micro Incorporated. All rights reserved.
-  MachineType: I386
-  Imports:
-  - ntoskrnl.exe
-  - CLASSPNP.SYS
-  ExportedFunctions:
-  - ??0CAutoUpdateConfigThread@@QAE@ABV0@@Z
-  - ??0CAutoUpdateConfigThread@@QAE@PAU_UNICODE_STRING@@P6GX0PAX@Z1@Z
-  - ??0CBlobConfig@@QAE@ABV0@@Z
-  - ??0CBlobConfig@@QAE@K@Z
-  - ??0CContext@@QAE@ABV0@@Z
-  - ??0CContext@@QAE@KP6GJPAU_EVENT_REPORT@@PAXPAU_TMCE_REPORT@@PAU_TMCE_FEEDBACK@@@Z1K@Z
-  - ??0CContextList@@QAE@ABV0@@Z
-  - ??0CContextList@@QAE@KPAVIMemoryAllocator@@@Z
-  - ??0CDebugLog@@QAE@ABV0@@Z
-  - ??0CDebugLog@@QAE@PBG@Z
-  - ??0CExclusionExtConfig@@QAE@ABV0@@Z
-  - ??0CExclusionExtConfig@@QAE@KKE@Z
-  - ??0CExclusionFileNameConfig@@QAE@ABV0@@Z
-  - ??0CExclusionFileNameConfig@@QAE@KK@Z
-  - ??0CExclusionFilePathConfig@@QAE@ABV0@@Z
-  - ??0CExclusionFilePathConfig@@QAE@KK@Z
-  - ??0CExclusionFolderConfig@@QAE@ABV0@@Z
-  - ??0CExclusionFolderConfig@@QAE@KK@Z
-  - ??0CExclusionRegistryConfig@@QAE@ABV0@@Z
-  - ??0CExclusionRegistryConfig@@QAE@KK@Z
-  - ??0CFile@@QAE@ABV0@@Z
-  - ??0CFile@@QAE@E@Z
-  - ??0CFileExtension@@QAE@ABV0@@Z
-  - ??0CFileExtension@@QAE@KEEPAVIMemoryAllocator@@@Z
-  - ??0CKEvent@@QAE@ABV0@@Z
-  - ??0CKEvent@@QAE@W4_EVENT_TYPE@@E@Z
-  - ??0CList@@QAE@ABV0@@Z
-  - ??0CList@@QAE@KPAVIMemoryAllocator@@@Z
-  - ??0CLockEvent@@QAE@ABV0@@Z
-  - ??0CLockEvent@@QAE@XZ
-  - ??0CLockList@@QAE@ABV0@@Z
-  - ??0CLockList@@QAE@KKPAVIMemoryAllocator@@@Z
-  - ??0CMemoryAllocator@@IAE@W4_POOL_TYPE@@K@Z
-  - ??0CMemoryAllocator@@QAE@ABV0@@Z
-  - ??0CMemoryPoolAllocator@@IAE@W4_POOL_TYPE@@KKK@Z
-  - ??0CMemoryPoolAllocator@@QAE@ABV0@@Z
-  - ??0CModuleConfig@@QAE@ABV0@@Z
-  - ??0CModuleConfig@@QAE@XZ
-  - ??0CModuleConfigList@@QAE@ABV0@@Z
-  - ??0CModuleConfigList@@QAE@KPAVIMemoryAllocator@@@Z
-  - ??0CModuleFileExtConfig@@QAE@ABV0@@Z
-  - ??0CModuleFileExtConfig@@QAE@KKE@Z
-  - ??0CModuleFlagConfig@@QAE@ABV0@@Z
-  - ??0CModuleFlagConfig@@QAE@K@Z
-  - ??0CModuleMultiStringConfig@@QAE@ABV0@@Z
-  - ??0CModuleMultiStringConfig@@QAE@KK@Z
-  - ??0CModuleStringConfig@@QAE@ABV0@@Z
-  - ??0CModuleStringConfig@@QAE@K@Z
-  - ??0CSmartLock@@QAE@AAVCLockEvent@@@Z
-  - ??0CSmartLock@@QAE@XZ
-  - ??0CSmartReference@@QAE@AAJ@Z
-  - ??0CSmartReference@@QAE@AAK@Z
-  - ??0CStrList@@QAE@ABV0@@Z
-  - ??0CStrList@@QAE@KPAVIMemoryAllocator@@@Z
-  - ??0CSystemThread@@QAE@ABV0@@Z
-  - ??0CSystemThread@@QAE@K@Z
-  - ??0CUserFuncAdapterJob@@QAE@ABV0@@Z
-  - ??0CUserFuncAdapterJob@@QAE@P6GXPAX@Z0@Z
-  - ??0CWorkerThread@@IAE@PAVCWorkerThreadJobQueue@@@Z
-  - ??0CWorkerThread@@QAE@ABV0@@Z
-  - ??0CWorkerThreadJob@@QAE@ABV0@@Z
-  - ??0CWorkerThreadJob@@QAE@E@Z
-  - ??0CWorkerThreadJobQueue@@QAE@ABV0@@Z
-  - ??0CWorkerThreadJobQueue@@QAE@K@Z
-  - ??0CWorkerThreadPool@@QAE@ABV0@@Z
-  - ??0CWorkerThreadPool@@QAE@K@Z
-  - ??0IMemoryAllocator@@QAE@ABV0@@Z
-  - ??0IMemoryAllocator@@QAE@XZ
-  - ??1CAutoUpdateConfigThread@@UAE@XZ
-  - ??1CBlobConfig@@UAE@XZ
-  - ??1CContext@@UAE@XZ
-  - ??1CContextList@@UAE@XZ
-  - ??1CDebugLog@@UAE@XZ
-  - ??1CExclusionExtConfig@@UAE@XZ
-  - ??1CExclusionFileNameConfig@@UAE@XZ
-  - ??1CExclusionFilePathConfig@@UAE@XZ
-  - ??1CExclusionFolderConfig@@UAE@XZ
-  - ??1CExclusionRegistryConfig@@UAE@XZ
-  - ??1CFile@@UAE@XZ
-  - ??1CFileExtension@@UAE@XZ
-  - ??1CKEvent@@UAE@XZ
-  - ??1CList@@UAE@XZ
-  - ??1CLockEvent@@UAE@XZ
-  - ??1CLockList@@UAE@XZ
-  - ??1CMemoryAllocator@@UAE@XZ
-  - ??1CMemoryPoolAllocator@@UAE@XZ
-  - ??1CModuleConfig@@UAE@XZ
-  - ??1CModuleConfigList@@UAE@XZ
-  - ??1CModuleFileExtConfig@@UAE@XZ
-  - ??1CModuleFlagConfig@@UAE@XZ
-  - ??1CModuleMultiStringConfig@@UAE@XZ
-  - ??1CModuleStringConfig@@UAE@XZ
-  - ??1CSmartLock@@QAE@XZ
-  - ??1CSmartReference@@QAE@XZ
-  - ??1CStrList@@UAE@XZ
-  - ??1CSystemThread@@UAE@XZ
-  - ??1CUserFuncAdapterJob@@UAE@XZ
-  - ??1CWorkerThread@@UAE@XZ
-  - ??1CWorkerThreadJob@@UAE@XZ
-  - ??1CWorkerThreadJobQueue@@UAE@XZ
-  - ??1CWorkerThreadPool@@UAE@XZ
-  - ??1IMemoryAllocator@@UAE@XZ
-  - ??2@YAPAXIPAVIMemoryAllocator@@PBDK@Z
-  - ??2CMemoryAllocator@@SGPAXI@Z
-  - ??2CMemoryPoolAllocator@@SGPAXI@Z
-  - ??3@YAXPAX@Z
-  - ??3IMemoryAllocator@@SGXPAX@Z
-  - ??4CAutoUpdateConfigThread@@QAEAAV0@ABV0@@Z
-  - ??4CBlobConfig@@QAEAAV0@ABV0@@Z
-  - ??4CContext@@QAEAAV0@ABV0@@Z
-  - ??4CDebugLog@@QAEAAV0@ABV0@@Z
-  - ??4CFile@@QAEAAV0@ABV0@@Z
-  - ??4CKEvent@@QAEAAV0@ABV0@@Z
-  - ??4CLockEvent@@QAEAAV0@ABV0@@Z
-  - ??4CMemoryAllocator@@QAEAAV0@ABV0@@Z
-  - ??4CMemoryPoolAllocator@@QAEAAV0@ABV0@@Z
-  - ??4CModuleConfig@@QAEAAV0@ABV0@@Z
-  - ??4CModuleFlagConfig@@QAEAAV0@ABV0@@Z
-  - ??4CModuleStringConfig@@QAEAAV0@ABV0@@Z
-  - ??4CSmartLock@@QAEAAV0@ABV0@@Z
-  - ??4CSmartLock@@QAEABV0@AAVCLockEvent@@@Z
-  - ??4CSystemThread@@QAEAAV0@ABV0@@Z
-  - ??4CUserFuncAdapterJob@@QAEAAV0@ABV0@@Z
-  - ??4CWorkerThread@@QAEAAV0@ABV0@@Z
-  - ??4CWorkerThreadJob@@QAEAAV0@ABV0@@Z
-  - ??4IMemoryAllocator@@QAEAAV0@ABV0@@Z
-  - ??_7CAutoUpdateConfigThread@@6B@
-  - ??_7CBlobConfig@@6B@
-  - ??_7CContext@@6B@
-  - ??_7CContextList@@6B@
-  - ??_7CDebugLog@@6B@
-  - ??_7CExclusionExtConfig@@6B@
-  - ??_7CExclusionFileNameConfig@@6B@
-  - ??_7CExclusionFilePathConfig@@6B@
-  - ??_7CExclusionFolderConfig@@6B@
-  - ??_7CExclusionRegistryConfig@@6B@
-  - ??_7CFile@@6B@
-  - ??_7CFileExtension@@6B@
-  - ??_7CKEvent@@6B@
-  - ??_7CList@@6B@
-  - ??_7CLockEvent@@6B@
-  - ??_7CLockList@@6B@
-  - ??_7CMemoryAllocator@@6B@
-  - ??_7CMemoryPoolAllocator@@6B@
-  - ??_7CModuleConfig@@6B@
-  - ??_7CModuleConfigList@@6B@
-  - ??_7CModuleFileExtConfig@@6B@
-  - ??_7CModuleFlagConfig@@6B@
-  - ??_7CModuleMultiStringConfig@@6B@
-  - ??_7CModuleStringConfig@@6B@
-  - ??_7CStrList@@6B@
-  - ??_7CSystemThread@@6B@
-  - ??_7CUserFuncAdapterJob@@6B@
-  - ??_7CWorkerThread@@6B@
-  - ??_7CWorkerThreadJob@@6B@
-  - ??_7CWorkerThreadJobQueue@@6B@
-  - ??_7CWorkerThreadPool@@6B@
-  - ??_7IMemoryAllocator@@6B@
-  - ??_FCContextList@@QAEXXZ
-  - ??_FCFile@@QAEXXZ
-  - ??_FCFileExtension@@QAEXXZ
-  - ??_FCModuleConfigList@@QAEXXZ
-  - ??_FCStrList@@QAEXXZ
-  - ??_FCSystemThread@@QAEXXZ
-  - ??_FCWorkerThread@@QAEXXZ
-  - ??_FCWorkerThreadJob@@QAEXXZ
-  - ??_FCWorkerThreadJobQueue@@QAEXXZ
-  - ??_U@YAPAXIPAVIMemoryAllocator@@PBDK@Z
-  - ??_V@YAXPAX@Z
-  - ?Acquire@CLockEvent@@QAEXXZ
-  - ?Add@CContextList@@QAEEPAVCContext@@@Z
-  - ?Add@CFileExtension@@QAEEPBGK@Z
-  - ?Add@CModuleConfigList@@QAEEPAVCModuleConfig@@@Z
-  - ?Add@CStrList@@QAEEPBG@Z
-  - ?Alloc@CMemoryAllocator@@UAEPAXKPBDK@Z
-  - ?Alloc@CMemoryPoolAllocator@@UAEPAXKPBDK@Z
-  - ?AllocBlock@CMemoryPoolAllocator@@IAEPAXK@Z
-  - ?AttachJobQueue@CWorkerThread@@QAEXPAVCWorkerThreadJobQueue@@@Z
-  - ?Cancel@CWorkerThreadJob@@QAEXXZ
-  - ?CheckNode@CLockList@@UAEHQAX@Z
-  - ?CleanQueue@CWorkerThreadJobQueue@@QAEXXZ
-  - ?Cleanup@CBlobConfig@@AAEXXZ
-  - ?Cleanup@CModuleFileExtConfig@@IAEXXZ
-  - ?Cleanup@CModuleMultiStringConfig@@IAEXXZ
-  - ?Cleanup@CModuleStringConfig@@AAEXXZ
-  - ?Close@CFile@@QAEJXZ
-  - ?Count@CLockList@@QAEKXZ
-  - ?Create@CFile@@QAEJPBGKKKK@Z
-  - ?Create@CSystemThread@@QAEEXZ
-  - ?CreateInstance@CMemoryAllocator@@SGPAV1@W4_POOL_TYPE@@K@Z
-  - ?CreateInstance@CMemoryPoolAllocator@@SGPAV1@W4_POOL_TYPE@@KKK@Z
-  - ?CreatePool@CWorkerThreadPool@@QAEEXZ
-  - ?CreateThreads@CWorkerThreadPool@@QAEEK@Z
-  - ?CreateWIRP@CFile@@QAEJPBGKKKK@Z
-  - ?Delete@CFile@@QAEJXZ
-  - ?Delete@CFileExtension@@QAEEPBGK@Z
-  - ?Delete@CStrList@@QAEEPBG@Z
-  - ?DeleteAll@CList@@UAEXXZ
-  - ?DeleteAll@CLockList@@UAEXXZ
-  - ?DeleteNode@CContextList@@MAEXPAX@Z
-  - ?DeleteNode@CList@@UAEXPAX@Z
-  - ?DeleteNode@CModuleConfigList@@MAEXPAX@Z
-  - ?DeleteNode@CStrList@@EAEXPAU_STR_LIST_NODE@1@@Z
-  - ?DisableWriteProtectFromCR0@@YGXPAPAX@Z
-  - ?DoIt@CWorkerThreadJob@@QAEJXZ
-  - ?EntryPoint@CSystemThread@@KGXPAX@Z
-  - ?Find@CContextList@@QAEPAVCContext@@K@Z
-  - ?Find@CContextList@@QAEPAVCContext@@PAX@Z
-  - ?Find@CFileExtension@@QAEPAU_STR_LIST_NODE@CStrList@@PBGK@Z
-  - ?Find@CModuleConfigList@@QAEPAVCModuleConfig@@K@Z
-  - ?Find@CStrList@@QAEPAU_STR_LIST_NODE@1@PBG@Z
-  - ?FindNode@CContextList@@IAEPAXPAX@Z
-  - ?FindPartiallyAndAllMatch@CStrList@@QAEPAU_STR_LIST_NODE@1@PBG@Z
-  - ?First@CList@@UAEPAXXZ
-  - ?First@CLockList@@UAEPAXXZ
-  - ?Free@CMemoryAllocator@@UAEXPAX@Z
-  - ?Free@CMemoryPoolAllocator@@UAEXPAX@Z
-  - ?GetAttributes@CFile@@QAEKXZ
-  - ?GetBasicInfomration@CFile@@IAEJXZ
-  - ?GetBlobCofig@CContext@@UAEJKPAXPAK@Z
-  - ?GetCategory@CContext@@QAEKXZ
-  - ?GetData@CBlobConfig@@QAEHPAXPAK@Z
-  - ?GetData@CModuleFileExtConfig@@QAEHPAGPAK@Z
-  - ?GetData@CModuleFileExtConfig@@QAEPAVCFileExtension@@XZ
-  - ?GetData@CModuleFlagConfig@@QAEKXZ
-  - ?GetData@CModuleMultiStringConfig@@QAEHPAGPAK@Z
-  - ?GetData@CModuleMultiStringConfig@@QAEPAVCStrList@@XZ
-  - ?GetData@CModuleStringConfig@@QAEPAGXZ
-  - ?GetData@CStrList@@QAEEPAGPAK@Z
-  - ?GetDataType@CModuleConfig@@QAEKXZ
-  - ?GetEngineContext@CContext@@QAEPAXXZ
-  - ?GetFileExtensionConfig@CContext@@QAEPAVCFileExtension@@K@Z
-  - ?GetFileExtensionConfig@CContext@@UAEJKPAGPAK@Z
-  - ?GetFileSize@CFile@@QAEJPAT_LARGE_INTEGER@@@Z
-  - ?GetFlagConfig@CContext@@UAEJKPAK@Z
-  - ?GetID@CModuleConfig@@QAEKXZ
-  - ?GetJob@CWorkerThreadJobQueue@@QAEPAVCWorkerThreadJob@@XZ
-  - ?GetLength@CModuleStringConfig@@QAEKXZ
-  - ?GetLinkContext@CContext@@QAEPAXXZ
-  - ?GetLogFlag@CDebugLog@@QAEKXZ
-  - ?GetModuleId@CModuleConfig@@QAEKXZ
-  - ?GetMultiStringConfig@CContext@@QAEPAVCStrList@@K@Z
-  - ?GetMultiStringConfig@CContext@@UAEJKPAGPAK@Z
-  - ?GetOneThreadTEB@CWorkerThreadPool@@QAEPAU_ETHREAD@@XZ
-  - ?GetReportCallBackRoutine@CContext@@QAEKXZ
-  - ?GetSize@CBlobConfig@@QAEKXZ
-  - ?GetStringConfig@CContext@@QAEPAGK@Z
-  - ?GetStringConfig@CContext@@UAEJKPAGPAK@Z
-  - ?GetThreadCount@CWorkerThreadPool@@QAEKXZ
-  - ?GetThreadID@CSystemThread@@QAEKXZ
-  - ?GetType@CContext@@QAEKXZ
-  - ?GetUserParameter@CContext@@QAEKXZ
-  - ?InitializeBlobConfig@CContext@@QAEHKPAXK@Z
-  - ?InitializeFileExtensionConfig@CContext@@QAEHKPBG@Z
-  - ?InitializeFlagConfig@CContext@@QAEHKK@Z
-  - ?InitializeMultiStringConfig@CContext@@QAEHKPBG@Z
-  - ?InitializeStringConfig@CContext@@QAEHKPBG@Z
-  - ?Insert@CList@@UAEXQAXE@Z
-  - ?Insert@CLockList@@UAEXQAXE@Z
-  - ?InsertAfter@CList@@UAEXPAX0@Z
-  - ?InsertBefore@CList@@UAEXPAX0@Z
-  - ?Instance@CWorkerThreadPool@@SGPAV1@XZ
-  - ?IsEmpty@CList@@UAEEXZ
-  - ?IsEmpty@CLockList@@UAEEXZ
-  - ?IsExceedLimitation@CMemoryPoolAllocator@@IAEEK@Z
-  - ?IsFull@CLockList@@QBEEXZ
-  - ?IsInExclusionList@CExclusionExtConfig@@QAEEPBG@Z
-  - ?IsInExclusionList@CExclusionFileNameConfig@@QAEEPBG@Z
-  - ?IsInExclusionList@CExclusionFilePathConfig@@QAEEPBG@Z
-  - ?IsInExclusionList@CExclusionFolderConfig@@QAEEPBG@Z
-  - ?IsInExclusionList@CExclusionRegistryConfig@@QAEEPBG@Z
-  - ?IsOpened@CFile@@QAEEXZ
-  - ?IsTerminated@CWorkerThreadPool@@QAEEXZ
-  - ?IsValid@CMemoryAllocator@@UAEEXZ
-  - ?IsValid@CMemoryPoolAllocator@@UAEEXZ
-  - ?IsValid@IMemoryAllocator@@UAEEXZ
-  - ?IsWorkerThread@CWorkerThreadPool@@QAEEK@Z
-  - ?JobFunction@CUserFuncAdapterJob@@MAEXXZ
-  - ?JobQueue@CWorkerThreadPool@@QAEAAVCWorkerThreadJobQueue@@XZ
-  - ?Limit@CLockList@@QAEKXZ
-  - ?MatchAllExtensions@CFileExtension@@QAEEXZ
-  - ?MatchNoExtensions@CFileExtension@@QAEEXZ
-  - ?MergeLeft@CMemoryPoolAllocator@@IAEPAXPAX@Z
-  - ?MergeRight@CMemoryPoolAllocator@@IAEPAXPAX@Z
-  - ?NeedDelete@CWorkerThreadJob@@QAEEXZ
-  - ?NeedDeleteWhenFinish@CWorkerThreadJob@@QAEXE@Z
-  - ?NewNode@CList@@UAEPAXXZ
-  - ?NewNode@CStrList@@EAEPAXXZ
-  - ?NewNodeVariant@CList@@IAEPAXK@Z
-  - ?Next@CList@@UBEPAXQAX@Z
-  - ?Next@CLockList@@UBEPAXQAX@Z
-  - ?NextPool@CMemoryPoolAllocator@@QAEPAV1@XZ
-  - ?NotityTerminate@CWorkerThread@@QAEXXZ
-  - ?PostJobToWorkerThread@CWorkerThreadPool@@QAEJP6GXPAX@Z0E@Z
-  - ?Pulse@CKEvent@@QAEJJE@Z
-  - ?QueueJob@CWorkerThreadJobQueue@@QAEEPAVCWorkerThreadJob@@@Z
-  - ?QueueJobItem@CWorkerThreadPool@@QAEJPAVCWorkerThreadJob@@@Z
-  - ?RCMInstance@CWorkerThreadPool@@SGPAV1@XZ
-  - ?Read@CFile@@QAEJPADKPAK@Z
-  - ?ReferenceCount@CContext@@QAEAAKXZ
-  - ?Release@CLockEvent@@QAEXXZ
-  - ?Remove@CContextList@@UAEEQAX@Z
-  - ?Remove@CList@@UAEEQAX@Z
-  - ?Remove@CLockList@@UAEEQAX@Z
-  - ?RemoveHead@CList@@UAEPAXXZ
-  - ?RemoveHead@CLockList@@UAEPAXXZ
-  - ?RemoveTail@CList@@UAEPAXXZ
-  - ?RemoveTail@CLockList@@UAEPAXXZ
-  - ?Reset@CKEvent@@QAEXXZ
-  - ?RestoreCR0@@YGXPAX@Z
-  - ?Run@CAutoUpdateConfigThread@@UAEXXZ
-  - ?Run@CWorkerThread@@UAEXXZ
-  - ?SeekToEnd@CFile@@QAEJXZ
-  - ?Set@CKEvent@@QAEJJE@Z
-  - ?SetAttributes@CFile@@QAEJK@Z
-  - ?SetBlobCofig@CContext@@UAEJKPAXK@Z
-  - ?SetData@CBlobConfig@@QAEHPAXK@Z
-  - ?SetData@CModuleFileExtConfig@@QAEHPBG@Z
-  - ?SetData@CModuleFlagConfig@@QAEHK@Z
-  - ?SetData@CModuleMultiStringConfig@@QAEHPBG@Z
-  - ?SetData@CModuleStringConfig@@QAEHPBG@Z
-  - ?SetEngineContext@CContext@@QAEXPAX@Z
-  - ?SetFileExtensionConfig@CContext@@UAEJKPBG@Z
-  - ?SetFlagConfig@CContext@@UAEJKK@Z
-  - ?SetLinkContext@CContext@@QAEXPAX@Z
-  - ?SetLogFlag@CDebugLog@@QAEEK@Z
-  - ?SetMatchAllExtensions@CFileExtension@@QAEXE@Z
-  - ?SetMatchNoExtensions@CFileExtension@@QAEXE@Z
-  - ?SetMultiStringConfig@CContext@@UAEJKPBG@Z
-  - ?SetNewJobItemEvent@CWorkerThreadJobQueue@@QAEXXZ
-  - ?SetPriority@CSystemThread@@QAEXK@Z
-  - ?SetStopUse@CContext@@QAEXXZ
-  - ?SetStringConfig@CContext@@UAEJKPBG@Z
-  - ?Setup@CSystemThread@@MAEXXZ
-  - ?StopUse@CContext@@QAEHXZ
-  - ?TearDown@CSystemThread@@MAEXXZ
-  - ?Terminate@CSystemThread@@QAEXE@Z
-  - ?Terminate@CWorkerThreadPool@@QAEEXZ
-  - ?TmExceptionFilter@@YGJPAU_EXCEPTION_POINTERS@@@Z
-  - ?Wait@CKEvent@@QAEJPAT_LARGE_INTEGER@@E@Z
-  - ?WaitFinish@CWorkerThreadJob@@QAEXXZ
-  - ?WaitNewJobAvailable@CWorkerThreadJobQueue@@QAEEXZ
-  - ?Write@CDebugLog@@QAAXPBDZZ
-  - ?Write@CFile@@QAEJPADKPAT_LARGE_INTEGER@@PAK@Z
-  - ?WriteSystemInformation@CDebugLog@@QAEXXZ
-  - ?WriteSystemStringInformation@CDebugLog@@IAEXPBG@Z
-  - ?WriteToFile@CDebugLog@@IAEXPADK@Z
-  - ?_pNonPagedAllocator@@3PAVCMemoryAllocator@@A
-  - ?_pPagedAllocator@@3PAVCMemoryAllocator@@A
-  - ?m_lpInstance@CWorkerThreadPool@@1PAV1@A
-  - ?m_lpRCMInstance@CWorkerThreadPool@@1PAV1@A
-  - _DeInitKmLPC@0
-  - _GetModuleInfoByAddress@8
-  - _GetModuleInfoByModuleName@8
-  - _InitKmLPC@0
-  - _KmCallUm@8
-  - _MapMem@12
-  - _ModGetExportProcAddress@8
-  - _ModLoadDLLToBuffer@4
-  - _ModLoadModule@8
-  - _ModUnLoadModule@4
-  - _NormalizeFileName@4
-  - _NormalizeFullNtPathToDosName@4
-  - _TmCommConfigRoutine@4
-  - _UnMapMem@8
-  - _UtilGetFileObjectForProcessByEPROC@8
-  - _UtilGetProcessName@12
-  - _UtilGetSystemTime@4
-  - _UtilIoSetFileInfo@24
-  - _UtilIopCreateFileIRP@40
-  - _UtilKeGetLowFileDevice@16
-  - _UtilQueryKeyValue@24
-  - _UtilVolumeDeviceToDosName@8
-  - _UtilWaitValueChangeToZero@8
-  - _UtilWriteVersionToRegistry@8
-  - _UtilbuildDynamicDiskMappingTable@0
-  - __UtilDosPathNameToNtPathName@12
-  ImportedFunctions:
-  - KeEnterCriticalRegion
-  - KeGetCurrentThread
-  - KeLeaveCriticalRegion
-  - ExReleaseFastMutexUnsafe
-  - wcsncpy
-  - memcpy
-  - wcsrchr
-  - KeSetEvent
-  - KePulseEvent
-  - KeClearEvent
-  - KeInitializeSemaphore
-  - KeWaitForSingleObject
-  - DbgPrint
-  - KeReleaseSemaphore
-  - RtlSubAuthoritySid
-  - RtlInitializeSid
-  - ExAllocatePoolWithTag
-  - RtlLengthRequiredSid
-  - ExFreePoolWithTag
-  - RtlSetDaclSecurityDescriptor
-  - RtlCreateSecurityDescriptor
-  - RtlAddAccessAllowedAce
-  - RtlCreateAcl
-  - ObfDereferenceObject
-  - ZwSetEvent
-  - ZwClose
-  - KeUnstackDetachProcess
-  - ZwRequestWaitReplyPort
-  - memmove
-  - KeStackAttachProcess
-  - ZwConnectPort
-  - RtlInitUnicodeString
-  - ZwCreateSection
-  - ZwWaitForSingleObject
-  - ZwOpenEvent
-  - ObfReferenceObject
-  - IoGetCurrentProcess
-  - memset
-  - MmIsAddressValid
-  - ZwWriteFile
-  - ZwReadFile
-  - ZwQueryInformationFile
-  - ZwSetInformationFile
-  - ZwCreateFile
-  - swprintf
-  - towupper
-  - _wcsnicmp
-  - KeInitializeEvent
-  - _snprintf
-  - PsGetCurrentProcessId
-  - RtlTimeToTimeFields
-  - ExSystemTimeToLocalTime
-  - KeQuerySystemTime
-  - ZwCreateKey
-  - ZwCreateEvent
-  - KeWaitForMultipleObjects
-  - ObReferenceObjectByHandle
-  - ZwNotifyChangeKey
-  - PsGetCurrentThreadId
-  - _vsnprintf
-  - MmMapLockedPagesSpecifyCache
-  - MmBuildMdlForNonPagedPool
-  - MmCreateMdl
-  - MmUnmapLockedPages
-  - KeSetPriorityThread
-  - PsTerminateSystemThread
-  - PsCreateSystemThread
-  - KeNumberProcessors
-  - ZwQuerySystemInformation
-  - ZwQueryDirectoryFile
-  - ZwOpenDirectoryObject
-  - ZwQueryDirectoryObject
-  - ZwDuplicateObject
-  - ZwOpenKey
-  - ZwEnumerateKey
-  - ZwEnumerateValueKey
-  - ZwQueryValueKey
-  - ZwDeleteValueKey
-  - ZwDeleteKey
-  - ExGetPreviousMode
-  - ExAcquireFastMutexUnsafe
-  - ObOpenObjectByPointer
-  - PsProcessType
-  - ZwOpenProcess
-  - ZwQueryKey
-  - ZwSetValueKey
-  - IoFreeIrp
-  - IoBuildAsynchronousFsdRequest
-  - ProbeForWrite
-  - KeBugCheckEx
-  - RtlImageNtHeader
-  - _stricmp
-  - _strnicmp
-  - RtlQueryRegistryValues
-  - RtlAppendUnicodeToString
-  - KeDelayExecutionThread
-  - mbstowcs
-  - ZwQuerySymbolicLinkObject
-  - ZwOpenSymbolicLinkObject
-  - RtlEqualUnicodeString
-  - IoFileObjectType
-  - IoCreateFile
-  - IofCallDriver
-  - IoAllocateIrp
-  - IoFreeMdl
-  - IoAllocateMdl
-  - PsGetVersion
-  - MmGetSystemRoutineAddress
-  - RtlCompareMemory
-  - RtlCopyUnicodeString
-  - RtlAppendUnicodeStringToString
-  - IofCompleteRequest
-  - ExEventObjectType
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - IoCreateSymbolicLink
-  - ProbeForRead
-  - IoGetDeviceObjectPointer
-  - ExAllocatePool
-  - RtlUpperChar
-  - RtlCompareUnicodeString
-  - PsLookupProcessByProcessId
-  - strncpy
-  - KeServiceDescriptorTable
-  - NtOpenProcess
-  - ObReferenceObjectByPointer
-  - MmSectionObjectType
-  - ObQueryNameString
-  - ObOpenObjectByName
-  - NtQueryInformationProcess
-  - _snwprintf
-  - RtlAnsiStringToUnicodeString
-  - KeAddSystemServiceTable
-  - ZwQueryObject
-  - ZwQuerySecurityObject
-  - ObInsertObject
-  - _allrem
-  - IoReleaseVpbSpinLock
-  - IoAcquireVpbSpinLock
-  - SeCreateAccessState
-  - IoGetFileObjectGenericMapping
-  - ObCreateObject
-  - KeTickCount
-  - RtlUnwind
-  - ZwSetSecurityObject
-  - IoDeviceObjectType
-  - IoCreateDevice
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetSaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - RtlLengthSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - SeExports
-  - IoIsWdmVersionAvailable
-  - RtlLengthSid
-  - wcschr
-  - RtlAbsoluteToSelfRelativeSD
-  - RtlFreeUnicodeString
-  - ZwTerminateProcess
-  - _purecall
-  - ClassInitialize
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=TW, ST=Taiwan, L=Taipei, O=Trend Micro, Inc., OU=Digital ID Class
-        3 , Microsoft Software Validation v2, OU=RD, CN=Trend Micro, Inc.
-      ValidFrom: '2008-01-16 00:00:00'
-      ValidTo: '2011-02-16 23:59:59'
-      Signature: 5a693868cea6ba49064b801a0d9e12887a37cbb92cca2950cc5e99c2df9aec5697422e67cd042836daf09a09e739f625255841fed1ec9657cb8b3edc08c55c302574cbdb3f7de2798ed769d766402619b48041f9d90f8c904488788412b1c632055e1afc4a5bbac642cb626bd20fece0feaa6cf9b287887788cf64586309a14a644b5f0595c0ddcb7d789831faedb48451e40e342da4ccbc38a5e992e57e7ce5328d531a8c68e61f9dc9be65605c1bedf3358579000b91a19b3be388bac36b58ca76b72358bd8e74e0a7b08b0587bb7a29758c01af40b80e8e72c76abd3a2babfe7c1ed6e7b1cd9b0221a605062b6d9d0ceb57e0eb305fdc5eb5bf6ea442f4c9
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 645212f783f4d7aba3555729e99ce065
-      Version: 3
-      TBS:
-        MD5: e00f0a38c65f7c0b9f19b97448d6a0e3
-        SHA1: 91c033a2f289418c4101654dceacef1b25bb55d0
-        SHA256: 38b3fcbdb734b0e3439f3c9a3c4c1712091f577d2b616d41224137faf7ba7c86
-        SHA384: d3a0e6ebbe1b8a4847fa56fa62a48d76fc223870a66d30de9ce77fe5ff4ac0eeb84644ab4b67a7c4638ce79dec03a62d
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 645212f783f4d7aba3555729e99ce065
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: fd5680b44e33c644adb2a11aaf9c107b
-    SHA1: 797adadf7d576be425cefa156494b0e490b2fc81
-    SHA256: bf0ee0f8675bb1fbe955bd5eedb7f49b38a8af2e99a9f101d826baf830fe6c55
-  Sections:
-    .text:
-      Entropy: 6.647148674525195
-      Virtual Size: '0x174e7'
-    .rdata:
-      Entropy: 4.6801307561668075
-      Virtual Size: '0x1214'
-    .data:
-      Entropy: 3.627718081283959
-      Virtual Size: '0x1538'
-    PAGE:
-      Entropy: 6.260964789476646
-      Virtual Size: '0x13d3'
-    .edata:
-      Entropy: 5.7951531802596055
-      Virtual Size: '0x40fd'
-    INIT:
-      Entropy: 5.631009289583387
-      Virtual Size: '0x104c'
-    .rsrc:
-      Entropy: 3.385545301360153
-      Virtual Size: '0x498'
-    .reloc:
-      Entropy: 6.379725750908649
-      Virtual Size: '0x1796'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2008-07-22 06:53:20'
-  Imphash: ef102e058f6b88af0d66d26236257706
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: TmComm.sys
-  MD5: 42132c7a755064f94314b01afb80e73c
-  SHA1: 3e790c4e893513566916c76a677b0f98bd7334dd
-  SHA256: 62f5e13b2edc00128716cb93e6a9eddffea67ce83d2bb426f18f5be08ead89e0
-  Authentihash:
-    MD5: 37dd516b2406b4e5d95e260886230437
-    SHA1: 95e72a3ba11c83d127302e8327b2fe9580a61e3f
-    SHA256: a553ba125adf00a769718d5cd26ed1a59b5e397956ebc6163973b10fe8c58214
-  Description: TrendMicro Common Module
-  Company: Trend Micro Inc.
-  InternalName: TmComm.sys
-  OriginalFilename: TmComm.sys
-  FileVersion: 7.0.0.1099
-  Product: Trend Micro Eyes
-  ProductVersion: '7.0'
-  Copyright: Copyright  (C)  2016 Trend Micro Incorporated. All rights reserved.
-  MachineType: I386
-  Imports:
-  - ntoskrnl.exe
-  - CLASSPNP.SYS
-  - HAL.dll
-  ExportedFunctions:
-  - ??0CAutoUpdateConfigThread@@QAE@ABV0@@Z
-  - ??0CAutoUpdateConfigThread@@QAE@PAU_UNICODE_STRING@@P6GX0PAX@Z1@Z
-  - ??0CBlobConfig@@QAE@ABV0@@Z
-  - ??0CBlobConfig@@QAE@K@Z
-  - ??0CContext@@QAE@ABV0@@Z
-  - ??0CContext@@QAE@KP6GJPAU_EVENT_REPORT@@PAXPAU_TMCE_REPORT@@PAU_TMCE_FEEDBACK@@@Z1K@Z
-  - ??0CContextList@@QAE@ABV0@@Z
-  - ??0CContextList@@QAE@KPAVIMemoryAllocator@@@Z
-  - ??0CDebugLog@@QAE@ABV0@@Z
-  - ??0CDebugLog@@QAE@PBG@Z
-  - ??0CDebugLogEx@@QAE@ABV0@@Z
-  - ??0CDebugLogEx@@QAE@K@Z
-  - ??0CDelayLoadThread@@QAE@ABV0@@Z
-  - ??0CDelayLoadThread@@QAE@XZ
-  - ??0CExclusionExtConfig@@QAE@ABV0@@Z
-  - ??0CExclusionExtConfig@@QAE@KKE@Z
-  - ??0CExclusionFileNameConfig@@QAE@ABV0@@Z
-  - ??0CExclusionFileNameConfig@@QAE@KK@Z
-  - ??0CExclusionFilePathConfig@@QAE@ABV0@@Z
-  - ??0CExclusionFilePathConfig@@QAE@KK@Z
-  - ??0CExclusionFolderConfig@@QAE@ABV0@@Z
-  - ??0CExclusionFolderConfig@@QAE@KK@Z
-  - ??0CExclusionRegistryConfig@@QAE@ABV0@@Z
-  - ??0CExclusionRegistryConfig@@QAE@KK@Z
-  - ??0CFile@@QAE@ABV0@@Z
-  - ??0CFile@@QAE@E@Z
-  - ??0CFileExtension@@QAE@ABV0@@Z
-  - ??0CFileExtension@@QAE@KEEPAVIMemoryAllocator@@@Z
-  - ??0CInclusionExtConfig@@QAE@ABV0@@Z
-  - ??0CInclusionExtConfig@@QAE@KKE@Z
-  - ??0CInclusionFileNameConfig@@QAE@ABV0@@Z
-  - ??0CInclusionFileNameConfig@@QAE@KK@Z
-  - ??0CInclusionFilePathConfig@@QAE@ABV0@@Z
-  - ??0CInclusionFilePathConfig@@QAE@KK@Z
-  - ??0CInclusionFolderConfig@@QAE@ABV0@@Z
-  - ??0CInclusionFolderConfig@@QAE@KK@Z
-  - ??0CKEvent@@QAE@ABV0@@Z
-  - ??0CKEvent@@QAE@W4_EVENT_TYPE@@E@Z
-  - ??0CList@@QAE@ABV0@@Z
-  - ??0CList@@QAE@KPAVIMemoryAllocator@@@Z
-  - ??0CLockEvent@@QAE@ABV0@@Z
-  - ??0CLockEvent@@QAE@XZ
-  - ??0CLockList@@QAE@ABV0@@Z
-  - ??0CLockList@@QAE@KKPAVIMemoryAllocator@@@Z
-  - ??0CMemoryAllocator@@IAE@W4_POOL_TYPE@@K@Z
-  - ??0CMemoryAllocator@@QAE@ABV0@@Z
-  - ??0CMemoryPoolAllocator@@IAE@W4_POOL_TYPE@@KKK@Z
-  - ??0CMemoryPoolAllocator@@QAE@ABV0@@Z
-  - ??0CModuleConfig@@QAE@ABV0@@Z
-  - ??0CModuleConfig@@QAE@XZ
-  - ??0CModuleConfigList@@QAE@ABV0@@Z
-  - ??0CModuleConfigList@@QAE@KPAVIMemoryAllocator@@@Z
-  - ??0CModuleFileExtConfig@@QAE@ABV0@@Z
-  - ??0CModuleFileExtConfig@@QAE@KKE@Z
-  - ??0CModuleFlagConfig@@QAE@ABV0@@Z
-  - ??0CModuleFlagConfig@@QAE@K@Z
-  - ??0CModuleMultiStringConfig@@QAE@ABV0@@Z
-  - ??0CModuleMultiStringConfig@@QAE@KK@Z
-  - ??0CModuleStringConfig@@QAE@ABV0@@Z
-  - ??0CModuleStringConfig@@QAE@K@Z
-  - ??0CNoLockList@@QAE@ABV0@@Z
-  - ??0CNoLockList@@QAE@KKPAVIMemoryAllocator@@@Z
-  - ??0CSmartLock@@QAE@AAVCLockEvent@@@Z
-  - ??0CSmartLock@@QAE@XZ
-  - ??0CSmartReference@@QAE@AAJ@Z
-  - ??0CSmartReference@@QAE@AAK@Z
-  - ??0CSmartResource@@QAE@AAVCResource@@E@Z
-  - ??0CStrList@@QAE@ABV0@@Z
-  - ??0CStrList@@QAE@KPAVIMemoryAllocator@@@Z
-  - ??0CSystemThread@@QAE@ABV0@@Z
-  - ??0CSystemThread@@QAE@K@Z
-  - ??0CUserFuncAdapterJob@@QAE@ABV0@@Z
-  - ??0CUserFuncAdapterJob@@QAE@P6GXPAX@Z01@Z
-  - ??0CWorkerThread@@IAE@PAVCWorkerThreadJobQueue@@@Z
-  - ??0CWorkerThread@@QAE@ABV0@@Z
-  - ??0CWorkerThreadJob@@QAE@ABV0@@Z
-  - ??0CWorkerThreadJob@@QAE@E@Z
-  - ??0CWorkerThreadJobQueue@@QAE@ABV0@@Z
-  - ??0CWorkerThreadJobQueue@@QAE@K@Z
-  - ??0CWorkerThreadPool@@QAE@ABV0@@Z
-  - ??0CWorkerThreadPool@@QAE@K@Z
-  - ??0CWorkerThreadPoolEx@@QAE@ABV0@@Z
-  - ??0CWorkerThreadPoolEx@@QAE@KK@Z
-  - ??0IMemoryAllocator@@QAE@ABV0@@Z
-  - ??0IMemoryAllocator@@QAE@XZ
-  - ??1CAutoUpdateConfigThread@@UAE@XZ
-  - ??1CBlobConfig@@UAE@XZ
-  - ??1CContext@@UAE@XZ
-  - ??1CContextList@@UAE@XZ
-  - ??1CDebugLog@@UAE@XZ
-  - ??1CDebugLogEx@@UAE@XZ
-  - ??1CDelayLoadThread@@UAE@XZ
-  - ??1CExclusionExtConfig@@UAE@XZ
-  - ??1CExclusionFileNameConfig@@UAE@XZ
-  - ??1CExclusionFilePathConfig@@UAE@XZ
-  - ??1CExclusionFolderConfig@@UAE@XZ
-  - ??1CExclusionRegistryConfig@@UAE@XZ
-  - ??1CFile@@UAE@XZ
-  - ??1CFileExtension@@UAE@XZ
-  - ??1CInclusionExtConfig@@UAE@XZ
-  - ??1CInclusionFileNameConfig@@UAE@XZ
-  - ??1CInclusionFilePathConfig@@UAE@XZ
-  - ??1CInclusionFolderConfig@@UAE@XZ
-  - ??1CKEvent@@UAE@XZ
-  - ??1CList@@UAE@XZ
-  - ??1CLockEvent@@UAE@XZ
-  - ??1CLockList@@UAE@XZ
-  - ??1CMemoryAllocator@@UAE@XZ
-  - ??1CMemoryPoolAllocator@@UAE@XZ
-  - ??1CModuleConfig@@UAE@XZ
-  - ??1CModuleConfigList@@UAE@XZ
-  - ??1CModuleFileExtConfig@@UAE@XZ
-  - ??1CModuleFlagConfig@@UAE@XZ
-  - ??1CModuleMultiStringConfig@@UAE@XZ
-  - ??1CModuleStringConfig@@UAE@XZ
-  - ??1CNoLockList@@UAE@XZ
-  - ??1CSmartLock@@QAE@XZ
-  - ??1CSmartReference@@QAE@XZ
-  - ??1CSmartResource@@QAE@XZ
-  - ??1CStrList@@UAE@XZ
-  - ??1CSystemThread@@UAE@XZ
-  - ??1CUserFuncAdapterJob@@UAE@XZ
-  - ??1CWorkerThread@@UAE@XZ
-  - ??1CWorkerThreadJob@@UAE@XZ
-  - ??1CWorkerThreadJobQueue@@UAE@XZ
-  - ??1CWorkerThreadPool@@UAE@XZ
-  - ??1CWorkerThreadPoolEx@@UAE@XZ
-  - ??1IMemoryAllocator@@UAE@XZ
-  - ??2@YAPAXIPAVIMemoryAllocator@@PBDK@Z
-  - ??2CMemoryAllocator@@SGPAXI@Z
-  - ??2CMemoryPoolAllocator@@SGPAXI@Z
-  - ??3@YAXPAX@Z
-  - ??3@YAXPAXI@Z
-  - ??3IMemoryAllocator@@SGXPAX@Z
-  - ??4CAutoUpdateConfigThread@@QAEAAV0@ABV0@@Z
-  - ??4CBlobConfig@@QAEAAV0@ABV0@@Z
-  - ??4CContext@@QAEAAV0@ABV0@@Z
-  - ??4CDebugLog@@QAEAAV0@ABV0@@Z
-  - ??4CDebugLogEx@@QAEAAV0@ABV0@@Z
-  - ??4CDelayLoadThread@@QAEAAV0@ABV0@@Z
-  - ??4CFile@@QAEAAV0@ABV0@@Z
-  - ??4CKEvent@@QAEAAV0@ABV0@@Z
-  - ??4CLockEvent@@QAEAAV0@ABV0@@Z
-  - ??4CMemoryAllocator@@QAEAAV0@ABV0@@Z
-  - ??4CMemoryPoolAllocator@@QAEAAV0@ABV0@@Z
-  - ??4CModuleConfig@@QAEAAV0@ABV0@@Z
-  - ??4CModuleFlagConfig@@QAEAAV0@ABV0@@Z
-  - ??4CModuleStringConfig@@QAEAAV0@ABV0@@Z
-  - ??4CSmartLock@@QAEAAV0@ABV0@@Z
-  - ??4CSmartLock@@QAEABV0@AAVCLockEvent@@@Z
-  - ??4CSmartResource@@QAEAAV0@ABV0@@Z
-  - ??4CSystemThread@@QAEAAV0@ABV0@@Z
-  - ??4CUserFuncAdapterJob@@QAEAAV0@ABV0@@Z
-  - ??4CWorkerThread@@QAEAAV0@ABV0@@Z
-  - ??4CWorkerThreadJob@@QAEAAV0@ABV0@@Z
-  - ??4IMemoryAllocator@@QAEAAV0@ABV0@@Z
-  - ??_7CAutoUpdateConfigThread@@6B@
-  - ??_7CBlobConfig@@6B@
-  - ??_7CContext@@6B@
-  - ??_7CContextList@@6B@
-  - ??_7CDebugLog@@6B@
-  - ??_7CDebugLogEx@@6B@
-  - ??_7CDelayLoadThread@@6B@
-  - ??_7CExclusionExtConfig@@6B@
-  - ??_7CExclusionFileNameConfig@@6B@
-  - ??_7CExclusionFilePathConfig@@6B@
-  - ??_7CExclusionFolderConfig@@6B@
-  - ??_7CExclusionRegistryConfig@@6B@
-  - ??_7CFile@@6B@
-  - ??_7CFileExtension@@6B@
-  - ??_7CInclusionExtConfig@@6B@
-  - ??_7CInclusionFileNameConfig@@6B@
-  - ??_7CInclusionFilePathConfig@@6B@
-  - ??_7CInclusionFolderConfig@@6B@
-  - ??_7CKEvent@@6B@
-  - ??_7CList@@6B@
-  - ??_7CLockEvent@@6B@
-  - ??_7CLockList@@6B@
-  - ??_7CMemoryAllocator@@6B@
-  - ??_7CMemoryPoolAllocator@@6B@
-  - ??_7CModuleConfig@@6B@
-  - ??_7CModuleConfigList@@6B@
-  - ??_7CModuleFileExtConfig@@6B@
-  - ??_7CModuleFlagConfig@@6B@
-  - ??_7CModuleMultiStringConfig@@6B@
-  - ??_7CModuleStringConfig@@6B@
-  - ??_7CNoLockList@@6B@
-  - ??_7CStrList@@6B@
-  - ??_7CSystemThread@@6B@
-  - ??_7CUserFuncAdapterJob@@6B@
-  - ??_7CWorkerThread@@6B@
-  - ??_7CWorkerThreadJob@@6B@
-  - ??_7CWorkerThreadJobQueue@@6B@
-  - ??_7CWorkerThreadPool@@6B@
-  - ??_7CWorkerThreadPoolEx@@6B@
-  - ??_7IMemoryAllocator@@6B@
-  - ??_FCContextList@@QAEXXZ
-  - ??_FCFile@@QAEXXZ
-  - ??_FCFileExtension@@QAEXXZ
-  - ??_FCModuleConfigList@@QAEXXZ
-  - ??_FCStrList@@QAEXXZ
-  - ??_FCSystemThread@@QAEXXZ
-  - ??_FCWorkerThread@@QAEXXZ
-  - ??_FCWorkerThreadJob@@QAEXXZ
-  - ??_FCWorkerThreadJobQueue@@QAEXXZ
-  - ??_U@YAPAXIPAVIMemoryAllocator@@PBDK@Z
-  - ??_V@YAXPAX@Z
-  - ?Acquire@CLockEvent@@QAEXXZ
-  - ?Add@CContextList@@QAEEPAVCContext@@@Z
-  - ?Add@CFileExtension@@QAEEPBGK@Z
-  - ?Add@CModuleConfigList@@QAEEPAVCModuleConfig@@@Z
-  - ?Add@CStrList@@QAEEPBG@Z
-  - ?AddNode@CLockList@@UAEEQAXE@Z
-  - ?AddNode@CNoLockList@@UAEEQAXE@Z
-  - ?Alloc@CMemoryAllocator@@UAEPAXKPBDK@Z
-  - ?Alloc@CMemoryPoolAllocator@@UAEPAXKPBDK@Z
-  - ?AllocBlock@CMemoryPoolAllocator@@IAEPAXK@Z
-  - ?AttachJobQueue@CWorkerThread@@QAEXPAVCWorkerThreadJobQueue@@@Z
-  - ?Cancel@CWorkerThreadJob@@QAEXXZ
-  - ?CheckNode@CLockList@@UAEHQAX@Z
-  - ?CheckNode@CNoLockList@@UAEHQAX@Z
-  - ?CleanQueue@CWorkerThreadJobQueue@@QAEXXZ
-  - ?Cleanup@CBlobConfig@@AAEXXZ
-  - ?Cleanup@CModuleFileExtConfig@@IAEXXZ
-  - ?Cleanup@CModuleMultiStringConfig@@IAEXXZ
-  - ?Cleanup@CModuleStringConfig@@AAEXXZ
-  - ?Close@CFile@@QAEJXZ
-  - ?Count@CLockList@@QAEKXZ
-  - ?Count@CNoLockList@@QAEKXZ
-  - ?Create@CFile@@QAEJPBGKKKK@Z
-  - ?Create@CSystemThread@@QAEEXZ
-  - ?CreateInstance@CMemoryAllocator@@SGPAV1@W4_POOL_TYPE@@K@Z
-  - ?CreateInstance@CMemoryPoolAllocator@@SGPAV1@W4_POOL_TYPE@@KKK@Z
-  - ?CreatePool@CWorkerThreadPool@@QAEEXZ
-  - ?CreatePool@CWorkerThreadPoolEx@@QAEEXZ
-  - ?CreateThreads@CWorkerThreadPool@@QAEEK@Z
-  - ?CreateThreads@CWorkerThreadPoolEx@@QAEEK@Z
-  - ?CreateWIRP@CFile@@QAEJPBGKKKK@Z
-  - ?Delete@CFile@@QAEJXZ
-  - ?Delete@CFileExtension@@QAEEPBGK@Z
-  - ?Delete@CStrList@@QAEEPBG@Z
-  - ?DeleteAll@CList@@UAEXXZ
-  - ?DeleteAll@CLockList@@UAEXXZ
-  - ?DeleteAll@CNoLockList@@UAEXXZ
-  - ?DeleteNode@CContextList@@MAEXPAX@Z
-  - ?DeleteNode@CList@@UAEXPAX@Z
-  - ?DeleteNode@CModuleConfigList@@MAEXPAX@Z
-  - ?DeleteNode@CStrList@@EAEXPAU_STR_LIST_NODE@1@@Z
-  - ?DisableWriteProtectFromCR0@@YGXPAPAX@Z
-  - ?DoIt@CWorkerThreadJob@@QAEJXZ
-  - ?EntryPoint@CSystemThread@@KGXPAX@Z
-  - ?Find@CContextList@@QAEPAVCContext@@K@Z
-  - ?Find@CContextList@@QAEPAVCContext@@PAX@Z
-  - ?Find@CFileExtension@@QAEPAU_STR_LIST_NODE@CStrList@@PBGK@Z
-  - ?Find@CModuleConfigList@@QAEPAVCModuleConfig@@K@Z
-  - ?Find@CStrList@@QAEPAU_STR_LIST_NODE@1@PBG@Z
-  - ?FindNode@CContextList@@IAEPAXPAX@Z
-  - ?FindPartiallyAndAllMatch@CStrList@@QAEPAU_STR_LIST_NODE@1@PBG@Z
-  - ?FinishFunction@CUserFuncAdapterJob@@MAEXXZ
-  - ?FinishIt@CWorkerThreadJob@@QAEJXZ
-  - ?First@CList@@UAEPAXXZ
-  - ?First@CLockList@@UAEPAXXZ
-  - ?First@CNoLockList@@UAEPAXXZ
-  - ?Free@CMemoryAllocator@@UAEXPAX@Z
-  - ?Free@CMemoryPoolAllocator@@UAEXPAX@Z
-  - ?GetAttributes@CFile@@QAEKXZ
-  - ?GetBasicInfomration@CFile@@IAEJXZ
-  - ?GetBlobCofig@CContext@@UAEJKPAXPAK@Z
-  - ?GetCategory@CContext@@QAEKXZ
-  - ?GetData@CBlobConfig@@QAEHPAXPAK@Z
-  - ?GetData@CModuleFileExtConfig@@QAEHPAGPAK@Z
-  - ?GetData@CModuleFileExtConfig@@QAEPAVCFileExtension@@XZ
-  - ?GetData@CModuleFlagConfig@@QAEKXZ
-  - ?GetData@CModuleMultiStringConfig@@QAEHPAGPAK@Z
-  - ?GetData@CModuleMultiStringConfig@@QAEPAVCStrList@@XZ
-  - ?GetData@CModuleStringConfig@@QAEPAGXZ
-  - ?GetData@CStrList@@QAEEPAGPAK@Z
-  - ?GetDataType@CModuleConfig@@QAEKXZ
-  - ?GetEngineContext@CContext@@QAEPAXXZ
-  - ?GetFileExtensionConfig@CContext@@QAEPAVCFileExtension@@K@Z
-  - ?GetFileExtensionConfig@CContext@@UAEJKPAGPAK@Z
-  - ?GetFileSize@CFile@@QAEJPAT_LARGE_INTEGER@@@Z
-  - ?GetFileSizeWIRP@CFile@@QAEJPAT_LARGE_INTEGER@@@Z
-  - ?GetFlagConfig@CContext@@UAEJKPAK@Z
-  - ?GetID@CModuleConfig@@QAEKXZ
-  - ?GetJob@CWorkerThreadJobQueue@@QAEPAVCWorkerThreadJob@@XZ
-  - ?GetLength@CModuleStringConfig@@QAEKXZ
-  - ?GetLinkContext@CContext@@QAEPAXXZ
-  - ?GetLogFlag@CDebugLog@@QAEKXZ
-  - ?GetLogFlag@CDebugLogEx@@QAEKXZ
-  - ?GetModuleId@CModuleConfig@@QAEKXZ
-  - ?GetMultiStringConfig@CContext@@QAEPAVCStrList@@K@Z
-  - ?GetMultiStringConfig@CContext@@UAEJKPAGPAK@Z
-  - ?GetOneThreadTEB@CWorkerThreadPool@@QAEPAU_ETHREAD@@XZ
-  - ?GetOneThreadTEB@CWorkerThreadPool@@QAEPAU_KTHREAD@@XZ
-  - ?GetOneThreadTEB@CWorkerThreadPoolEx@@QAEPAU_ETHREAD@@XZ
-  - ?GetOneThreadTEB@CWorkerThreadPoolEx@@QAEPAU_KTHREAD@@XZ
-  - ?GetReportCallBackRoutine@CContext@@QAEKXZ
-  - ?GetSize@CBlobConfig@@QAEKXZ
-  - ?GetStringConfig@CContext@@QAEPAGK@Z
-  - ?GetStringConfig@CContext@@UAEJKPAGPAK@Z
-  - ?GetThreadCount@CWorkerThreadPool@@QAEKXZ
-  - ?GetThreadCount@CWorkerThreadPoolEx@@QAEKXZ
-  - ?GetThreadID@CSystemThread@@QAEKXZ
-  - ?GetType@CContext@@QAEKXZ
-  - ?GetUserParameter@CContext@@QAEKXZ
-  - ?InitProcMon@CDebugLogEx@@IAEXXZ
-  - ?InitializeBlobConfig@CContext@@QAEHKPAXK@Z
-  - ?InitializeFileExtensionConfig@CContext@@QAEHKPBG@Z
-  - ?InitializeFlagConfig@CContext@@QAEHKK@Z
-  - ?InitializeMultiStringConfig@CContext@@QAEHKPBG@Z
-  - ?InitializeStringConfig@CContext@@QAEHKPBG@Z
-  - ?Insert@CList@@UAEXQAXE@Z
-  - ?Insert@CLockList@@UAEXQAXE@Z
-  - ?Insert@CNoLockList@@UAEXQAXE@Z
-  - ?InsertAfter@CList@@UAEXPAX0@Z
-  - ?InsertBefore@CList@@UAEXPAX0@Z
-  - ?Instance@CWorkerThreadPool@@SGPAV1@XZ
-  - ?IsEmpty@CList@@UAEEXZ
-  - ?IsEmpty@CLockList@@UAEEXZ
-  - ?IsEmpty@CNoLockList@@UAEEXZ
-  - ?IsExceedLimitation@CMemoryPoolAllocator@@IAEEK@Z
-  - ?IsFull@CLockList@@QBEEXZ
-  - ?IsFull@CNoLockList@@QBEEXZ
-  - ?IsInExclusionList@CExclusionExtConfig@@QAEEPBG@Z
-  - ?IsInExclusionList@CExclusionFileNameConfig@@QAEEPBG@Z
-  - ?IsInExclusionList@CExclusionFilePathConfig@@QAEEPBG@Z
-  - ?IsInExclusionList@CExclusionFolderConfig@@QAEEPBG@Z
-  - ?IsInExclusionList@CExclusionRegistryConfig@@QAEEPBG@Z
-  - ?IsInInclusionList@CInclusionExtConfig@@QAEEPBG@Z
-  - ?IsInInclusionList@CInclusionFileNameConfig@@QAEEPBG@Z
-  - ?IsInInclusionList@CInclusionFilePathConfig@@QAEEPBG@Z
-  - ?IsInInclusionList@CInclusionFolderConfig@@QAEEPBG@Z
-  - ?IsOpened@CFile@@QAEEXZ
-  - ?IsTerminated@CWorkerThreadPool@@QAEEXZ
-  - ?IsTerminated@CWorkerThreadPoolEx@@QAEEXZ
-  - ?IsValid@CMemoryAllocator@@UAEEXZ
-  - ?IsValid@CMemoryPoolAllocator@@UAEEXZ
-  - ?IsValid@IMemoryAllocator@@UAEEXZ
-  - ?IsWorkerThread@CWorkerThreadPool@@QAEEK@Z
-  - ?IsWorkerThread@CWorkerThreadPoolEx@@QAEEK@Z
-  - ?JobFunction@CUserFuncAdapterJob@@MAEXXZ
-  - ?JobQueue@CWorkerThreadPool@@QAEAAVCWorkerThreadJobQueue@@XZ
-  - ?JobQueue@CWorkerThreadPoolEx@@QAEAAVCWorkerThreadJobQueue@@XZ
-  - ?Limit@CLockList@@QAEKXZ
-  - ?Limit@CNoLockList@@QAEKXZ
-  - ?MatchAllExtensions@CFileExtension@@QAEEXZ
-  - ?MatchNoExtensions@CFileExtension@@QAEEXZ
-  - ?MergeLeft@CMemoryPoolAllocator@@IAEPAXPAX@Z
-  - ?MergeRight@CMemoryPoolAllocator@@IAEPAXPAX@Z
-  - ?NeedDelete@CWorkerThreadJob@@QAEEXZ
-  - ?NeedDeleteWhenFinish@CWorkerThreadJob@@QAEXE@Z
-  - ?NewNode@CList@@UAEPAXXZ
-  - ?NewNode@CStrList@@EAEPAXXZ
-  - ?NewNodeVariant@CList@@IAEPAXK@Z
-  - ?Next@CList@@UBEPAXQAX@Z
-  - ?Next@CLockList@@UBEPAXQAX@Z
-  - ?Next@CNoLockList@@UBEPAXQAX@Z
-  - ?NextPool@CMemoryPoolAllocator@@QAEPAV1@XZ
-  - ?NotityTerminate@CWorkerThread@@QAEXXZ
-  - ?PostJobToWorkerThread@CWorkerThreadPool@@QAEJP6GXPAX@Z0E@Z
-  - ?PostJobToWorkerThread@CWorkerThreadPoolEx@@QAEJP6GXPAX@Z0E1@Z
-  - ?Pulse@CKEvent@@QAEJJE@Z
-  - ?QueueJob@CWorkerThreadJobQueue@@QAEEPAVCWorkerThreadJob@@@Z
-  - ?QueueJobItem@CWorkerThreadPool@@QAEJPAVCWorkerThreadJob@@@Z
-  - ?QueueJobItem@CWorkerThreadPoolEx@@QAEJPAVCWorkerThreadJob@@@Z
-  - ?RCMInstance@CWorkerThreadPool@@SGPAV1@XZ
-  - ?Read@CFile@@QAEJPADKPAK@Z
-  - ?ReadWIRP@CFile@@QAEJPADKPAK@Z
-  - ?ReferenceCount@CContext@@QAEAAKXZ
-  - ?Release@CLockEvent@@QAEXXZ
-  - ?Remove@CContextList@@UAEEQAX@Z
-  - ?Remove@CList@@UAEEQAX@Z
-  - ?Remove@CLockList@@UAEEQAX@Z
-  - ?Remove@CNoLockList@@UAEEQAX@Z
-  - ?RemoveHead@CList@@UAEPAXXZ
-  - ?RemoveHead@CLockList@@UAEPAXXZ
-  - ?RemoveHead@CNoLockList@@UAEPAXXZ
-  - ?RemoveTail@CList@@UAEPAXXZ
-  - ?RemoveTail@CLockList@@UAEPAXXZ
-  - ?RemoveTail@CNoLockList@@UAEPAXXZ
-  - ?Reset@CKEvent@@QAEXXZ
-  - ?ResetData@CInclusionExtConfig@@QAEXXZ
-  - ?ResetData@CInclusionFileNameConfig@@QAEXXZ
-  - ?ResetData@CInclusionFilePathConfig@@QAEXXZ
-  - ?ResetData@CInclusionFolderConfig@@QAEXXZ
-  - ?RestoreCR0@@YGXPAX@Z
-  - ?Run@CAutoUpdateConfigThread@@UAEXXZ
-  - ?Run@CDelayLoadThread@@UAEXXZ
-  - ?Run@CWorkerThread@@UAEXXZ
-  - ?SeekToEnd@CFile@@QAEJXZ
-  - ?Set@CKEvent@@QAEJJE@Z
-  - ?SetAttributes@CFile@@QAEJK@Z
-  - ?SetBlobCofig@CContext@@UAEJKPAXK@Z
-  - ?SetData@CBlobConfig@@QAEHPAXK@Z
-  - ?SetData@CModuleFileExtConfig@@QAEHPBG@Z
-  - ?SetData@CModuleFlagConfig@@QAEHK@Z
-  - ?SetData@CModuleMultiStringConfig@@QAEHPBGK@Z
-  - ?SetData@CModuleStringConfig@@QAEHPBG@Z
-  - ?SetEngineContext@CContext@@QAEXPAX@Z
-  - ?SetFileExtensionConfig@CContext@@UAEJKPBG@Z
-  - ?SetFlagConfig@CContext@@UAEJKK@Z
-  - ?SetLinkContext@CContext@@QAEXPAX@Z
-  - ?SetLogFlag@CDebugLog@@QAEEK@Z
-  - ?SetLogFlag@CDebugLogEx@@QAEEK@Z
-  - ?SetMatchAllExtensions@CFileExtension@@QAEXE@Z
-  - ?SetMatchNoExtensions@CFileExtension@@QAEXE@Z
-  - ?SetMultiStringConfig@CContext@@UAEJKPBG@Z
-  - ?SetNewJobItemEvent@CWorkerThreadJobQueue@@QAEXXZ
-  - ?SetPriority@CSystemThread@@QAEXK@Z
-  - ?SetStopUse@CContext@@QAEXXZ
-  - ?SetStringConfig@CContext@@UAEJKPBG@Z
-  - ?Setup@CSystemThread@@MAEXXZ
-  - ?StopUse@CContext@@QAEHXZ
-  - ?TearDown@CSystemThread@@MAEXXZ
-  - ?Terminate@CSystemThread@@QAEXE@Z
-  - ?Terminate@CWorkerThreadPool@@QAEEXZ
-  - ?Terminate@CWorkerThreadPoolEx@@QAEEXZ
-  - ?TmExceptionFilter@@YGJPAU_EXCEPTION_POINTERS@@@Z
-  - ?Wait@CKEvent@@QAEJPAT_LARGE_INTEGER@@E@Z
-  - ?WaitFinish@CWorkerThreadJob@@QAEXXZ
-  - ?WaitForInit@CDelayLoadThread@@QAEEXZ
-  - ?WaitForLoad@CDelayLoadThread@@QAEEXZ
-  - ?WaitNewJobAvailable@CWorkerThreadJobQueue@@QAEEXZ
-  - ?WaitQueueEmpty@CWorkerThreadJobQueue@@QAEXXZ
-  - ?Write@CDebugLog@@QAAXPBDZZ
-  - ?Write@CDebugLogEx@@QAAXPBDZZ
-  - ?Write@CFile@@QAEJPADKPAT_LARGE_INTEGER@@PAK@Z
-  - ?WriteDataToFile@CDebugLogEx@@IAEXPADK@Z
-  - ?WriteDataToProcMonW@CDebugLogEx@@IAEXPAD@Z
-  - ?WriteSystemInformation@CDebugLog@@QAEXXZ
-  - ?WriteSystemInformation@CDebugLogEx@@QAEXXZ
-  - ?WriteSystemStringInformation@CDebugLog@@IAEXPBG@Z
-  - ?WriteSystemStringInformation@CDebugLogEx@@IAEXPBG@Z
-  - ?WriteToFile@CDebugLog@@IAEXPADK@Z
-  - ?WriteToProcMonW@CDebugLogEx@@IAEXPAU_UNICODE_STRING@@@Z
-  - ?_pNonPagedAllocator@@3PAVCMemoryAllocator@@A
-  - ?_pPagedAllocator@@3PAVCMemoryAllocator@@A
-  - ?m_lpInstance@CWorkerThreadPool@@1PAV1@A
-  - ?m_lpRCMInstance@CWorkerThreadPool@@1PAV1@A
-  - _AllocFullFileName@8
-  - _DeInitKm2UmCommunication@0
-  - _DeInitKmLPC@0
-  - _DuplicateFullFileName@4
-  - _FreeFullFileName@4
-  - _GetKm2UmMode@0
-  - _GetModuleInfoByAddress@8
-  - _GetModuleInfoByModuleName@8
-  - _InitKm2UmCommunication@8
-  - _InitKmLPC@0
-  - _IsVerifierCodeCheckFlagOn@0
-  - _IsWindows8_1_update@4
-  - _KmCallUm@8
-  - _KmCallUmByLPC@8
-  - _KmCallUmEx@12
-  - _KmCleanupCommPortAPIs@0
-  - _KmGetUmInitProcess@0
-  - _KmSetBackupCommPortAPIs@4
-  - _KmSetCommPortAPIs@4
-  - _ModGetExportProcAddress@8
-  - _ModLoadDLLToBuffer@4
-  - _ModLoadDLLToBufferWithImageSize@8
-  - _ModLoadModule@8
-  - _ModUnLoadModule@4
-  - _NormalizeFileName@4
-  - _NormalizeFullNtPathToDosName@4
-  - _TmCommConfigRoutine@4
-  - _UtilAddDeviceInDriveTable@4
-  - _UtilAddReparsePointMapping@8
-  - _UtilCleanFileReadOnly@4
-  - _UtilCloseExclusiveHandle@12
-  - _UtilCreateDosFileName@8
-  - _UtilDeleteFileForce@4
-  - _UtilGetDeviceObjectName@8
-  - _UtilGetFileNameFromFileObject@4
-  - _UtilGetFileObjectForProcessByEPROC@8
-  - _UtilGetFileObjectFromFileName@12
-  - _UtilGetProcessName@12
-  - _UtilGetSystemDirectory@4
-  - _UtilGetSystemDirectoryEx@0
-  - _UtilGetSystemDirectoryLength@0
-  - _UtilGetSystemTime@4
-  - _UtilIoSetFileInfo@24
-  - _UtilIopCreateFileIRP@40
-  - _UtilKeGetLowFileDevice@16
-  - _UtilModuleIATHook@24
-  - _UtilModuleIATUnHook@8
-  - _UtilPostJobToWorkerThread@12
-  - _UtilQueryExclusiveHandle@12
-  - _UtilQueryKeyValue@24
-  - _UtilRemoveDeviceFromDriveTable@4
-  - _UtilVolumeDeviceToDosName@8
-  - _UtilWaitValueChangeToZero@8
-  - _UtilWriteVersionToRegistry@8
-  - _UtilbuildDynamicDiskMappingTable@0
-  - _UtlWriteBinValueKeyToRegistry@16
-  - _ValidateAddressWithSize@20
-  - __ResetProtectFromClose@4
-  - __UtilDosPathNameToNtPathName@12
-  ImportedFunctions:
-  - ExAcquireFastMutexUnsafe
-  - ExReleaseFastMutexUnsafe
-  - ProbeForRead
-  - ProbeForWrite
-  - ExAcquireResourceSharedLite
-  - ExAcquireResourceExclusiveLite
-  - ExReleaseResourceLite
-  - MmProbeAndLockPages
-  - MmUnlockPages
-  - MmMapLockedPagesSpecifyCache
-  - IoAllocateMdl
-  - IoFreeMdl
-  - IoGetCurrentProcess
-  - ObfReferenceObject
-  - ObfDereferenceObject
-  - ZwClose
-  - ZwCreateSection
-  - ZwOpenSection
-  - ZwMapViewOfSection
-  - ZwUnmapViewOfSection
-  - ZwOpenEvent
-  - KePulseEvent
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - ObOpenObjectByPointer
-  - ZwAllocateVirtualMemory
-  - ZwFreeVirtualMemory
-  - ZwSetEvent
-  - _allmul
-  - memcpy
-  - memset
-  - PsProcessType
-  - wcsncpy
-  - wcsrchr
-  - RtlUnicodeStringToInteger
-  - ZwWaitForSingleObject
-  - ZwRequestWaitReplyPort
-  - ZwConnectPort
-  - swprintf
-  - RtlCopyUnicodeString
-  - DbgPrint
-  - KeDelayExecutionThread
-  - KeQuerySystemTime
-  - ExAllocatePoolWithTag
-  - PsGetVersion
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ObReferenceObjectByHandle
-  - PsGetCurrentProcessId
-  - ZwCreateEvent
-  - ExEventObjectType
-  - SeCaptureSubjectContext
-  - SeReleaseSubjectContext
-  - SeAccessCheck
-  - ObGetObjectSecurity
-  - ObReleaseObjectSecurity
-  - PsGetProcessExitTime
-  - PsThreadType
-  - MmSectionObjectType
-  - RtlCreateSecurityDescriptor
-  - RtlSetDaclSecurityDescriptor
-  - KeInitializeSemaphore
-  - KeReleaseSemaphore
-  - RtlCreateAcl
-  - RtlAddAccessAllowedAce
-  - RtlLengthRequiredSid
-  - RtlInitializeSid
-  - RtlSubAuthoritySid
-  - ExGetPreviousMode
-  - _wcsnicmp
-  - PsSetCreateProcessNotifyRoutine
-  - ZwQueryInformationProcess
-  - PsLookupProcessByProcessId
-  - ZwOpenDirectoryObject
-  - MmIsAddressValid
-  - ExInitializeResourceLite
-  - ExDeleteResourceLite
-  - ZwCreateFile
-  - ZwQueryInformationFile
-  - ZwSetInformationFile
-  - ZwReadFile
-  - ZwWriteFile
-  - towupper
-  - MmGetSystemRoutineAddress
-  - ObReferenceObjectByPointer
-  - ObQueryNameString
-  - MmHighestUserAddress
-  - _snprintf
-  - _vsnprintf
-  - RtlInitAnsiString
-  - RtlAnsiStringToUnicodeString
-  - RtlFreeUnicodeString
-  - RtlTimeToTimeFields
-  - KeWaitForMultipleObjects
-  - ExSystemTimeToLocalTime
-  - ZwCreateKey
-  - PsGetCurrentThreadId
-  - ZwDeviceIoControlFile
-  - ZwNotifyChangeKey
-  - ZwOpenFile
-  - ExFreePoolWithTag
-  - mbstowcs
-  - _stricmp
-  - IoGetDeviceObjectPointer
-  - RtlImageNtHeader
-  - ZwQuerySystemInformation
-  - _strnicmp
-  - RtlCompareUnicodeString
-  - RtlCompareMemory
-  - MmBuildMdlForNonPagedPool
-  - IoAllocateIrp
-  - IofCallDriver
-  - IoFreeIrp
-  - RtlUpperChar
-  - ObReferenceObjectByName
-  - IoFileObjectType
-  - IoDriverObjectType
-  - IoBuildDeviceIoControlRequest
-  - IoCreateFile
-  - RtlEqualUnicodeString
-  - RtlAppendUnicodeStringToString
-  - RtlUpcaseUnicodeChar
-  - _snwprintf
-  - strncpy
-  - NtOpenProcess
-  - NtQueryInformationProcess
-  - PsIsThreadTerminating
-  - ObOpenObjectByName
-  - KeServiceDescriptorTable
-  - KeAddSystemServiceTable
-  - KeSetPriorityThread
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - KeNumberProcessors
-  - RtlLengthSecurityDescriptor
-  - ZwOpenKey
-  - ZwDeleteKey
-  - ZwDeleteValueKey
-  - ZwEnumerateKey
-  - ZwEnumerateValueKey
-  - ZwQueryKey
-  - ZwQueryValueKey
-  - ZwSetValueKey
-  - ZwTerminateProcess
-  - ZwOpenProcess
-  - ZwQuerySecurityObject
-  - ZwSetSecurityObject
-  - ZwQueryDirectoryObject
-  - ZwQueryDirectoryFile
-  - _allrem
-  - RtlAppendUnicodeToString
-  - ZwFsControlFile
-  - ObInsertObject
-  - strrchr
-  - wcschr
-  - wcsncmp
-  - RtlQueryRegistryValues
-  - IoBuildAsynchronousFsdRequest
-  - ZwOpenSymbolicLinkObject
-  - ZwQuerySymbolicLinkObject
-  - RtlUpcaseUnicodeString
-  - NtClose
-  - ZwSetInformationObject
-  - SeQueryAuthenticationIdToken
-  - MmSystemRangeStart
-  - IoGetFileObjectGenericMapping
-  - ObCreateObject
-  - SeCreateAccessState
-  - IoAcquireVpbSpinLock
-  - IoReleaseVpbSpinLock
-  - wcstombs
-  - strncat
-  - wcsncat
-  - RtlUnicodeStringToAnsiString
-  - RtlFreeAnsiString
-  - wcsstr
-  - ExAllocatePool
-  - ExInterlockedPopEntrySList
-  - IoBuildSynchronousFsdRequest
-  - IoGetStackLimits
-  - IoGetDeviceInterfaces
-  - IoRegisterPlugPlayNotification
-  - IoUnregisterPlugPlayNotification
-  - IoGetConfigurationInformation
-  - FsRtlIsNameInExpression
-  - RtlUnwind
-  - IoDeviceObjectType
-  - IoCreateDevice
-  - RtlGetOwnerSecurityDescriptor
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetSaclSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - RtlLengthSid
-  - SeExports
-  - IoIsWdmVersionAvailable
-  - RtlAbsoluteToSelfRelativeSD
-  - KeWaitForSingleObject
-  - KeLeaveCriticalRegion
-  - KeBugCheckEx
-  - KeEnterCriticalRegion
-  - KeSetEvent
-  - KeClearEvent
-  - KeInitializeEvent
-  - RtlInitUnicodeString
-  - KeGetCurrentThread
-  - memmove
-  - ZwQueryVolumeInformationFile
-  - _purecall
-  - ClassInitialize
-  - KeRaiseIrqlToDpcLevel
-  - KfAcquireSpinLock
-  - KeGetCurrentIrql
-  - ExReleaseFastMutex
-  - ExAcquireFastMutex
-  - KfLowerIrql
-  - KfRaiseIrql
-  - KfReleaseSpinLock
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO
-        SHA,1 Time Stamping Signer
-      ValidFrom: '2015-12-31 00:00:00'
-      ValidTo: '2019-07-09 18:40:36'
-      Signature: ba332440408c7cdb589fb36098b2f5c031feeb1f6e50f60ae0e4e681ad2687a2dffdb3daf473f300fb291b891b153edb6b52932bc4ac3981d73c67579a3936e028089ae3394f9b89097f7bc5617f598932250a6aae1a3ef0a227a8b6c3b887f7160448413d5cd8ec9f4d203104d965a1edcd690753163ddd36020a88eb40e506300bb8164bdcefbc5509ffc63e122e76b3dcce42eff97657e1b70a054098589a5d711693718c6581ea6ff389f7fb73adb4e7bfd98e6faa0b4f25f3b8e1d5dd75986881f8aac0d180c2c4c43989c1f6c99e6cd774f9d997f84fc29a0acd5e8ff819e9e0a59fc4f09221e62d7925c922f9c3f03a8457ad3a16f46394101d5dd0c6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1688f039255e638e69143907e6330b
-      Version: 3
-      TBS:
-        MD5: 0179e8ddeebaf8998fec419d65cdf13d
-        SHA1: 34c724c3369f2da8c25b591808962f66f10bde28
-        SHA256: 35b0bac11602847aaab65fb35199d3c8976cde3ccf7e061b130177c712cbd92f
-        SHA384: 85f2e758b5480eb225ae42777ed339de71da458c1d40677c0fb6ef8e560e42764a577335e4839b5342061c31ee837b6e
-    - Subject: C=TW, ST=Taiwan, L=Taipei, O=Trend Micro, Inc., CN=Trend Micro, Inc.
-      ValidFrom: '2016-03-29 00:00:00'
-      ValidTo: '2017-06-28 23:59:59'
-      Signature: 27351697f046d1d43fe306dff30b83e7a404e3e6431c1e06829c558d99eb3f21776021e3e1bd4e485aba08b89bb0972f23daa471d7b432a44a591270f9a838f13dbda32ee936c0df792cff8c493e1f27b2282b3d896ae7b4155ca1a50bf7111f3f4bbbe11f17cfe5d49c0589c210966ef7e567153e802d2e783ff498c59585598d9d3e93273d1e81c07ce85c0cfb24834d448c3930120f1686bd472d916ac8f9475acfdb27be8528311f668d71dfc132a0ff62df7baa575a0cc732b3de003beca214954d4d97cf9511b9329eccbb7b716675b31e543a43570080dffce3fc8ca8fbb17d954b9678e2d0c1e1710a5cf03952a687fede59dcba3bf98900f9934f12
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 774d49c5649436de6bf3190a67eedcdf
-      Version: 3
-      TBS:
-        MD5: b3ca7d6b821d8e3432b29874980af55e
-        SHA1: 618d7e55a24c1d8b65a0bcce79120c5e3b13fa4d
-        SHA256: c645c6a7dc7243a4a3f78a6569c029401a7bda8bc4732ce7198d9f21f19b12fa
-        SHA384: a215ae468847498103234ed023774ba72f8d35f82f2fef5ca8521f020e7ea9c1f2df2a312743bff5fa65747b0760ec59
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 774d49c5649436de6bf3190a67eedcdf
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 15c4587da185e00df2f0c96851dcc38c
-    SHA1: d11202ca48859e8c148a964c6e4871cf1affc82d
-    SHA256: 625832d0b9c8d6aef127c177634d2f29f994e6ed52ae7b78e592bc13316aa347
-  Sections:
-    .text:
-      Entropy: 6.788341267413328
-      Virtual Size: '0x37b48'
-    .rdata:
-      Entropy: 5.099573225002653
-      Virtual Size: '0x22d4'
-    .data:
-      Entropy: 4.2951074095764055
-      Virtual Size: '0x33fc'
-    PAGE:
-      Entropy: 6.287788165734512
-      Virtual Size: '0x15da'
-    .edata:
-      Entropy: 5.808478975586355
-      Virtual Size: '0x5635'
-    INIT:
-      Entropy: 5.720292552820918
-      Virtual Size: '0x1692'
-    .rsrc:
-      Entropy: 3.3517885149092943
-      Virtual Size: '0x560'
-    .reloc:
-      Entropy: 6.788646623912156
-      Virtual Size: '0x3310'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2016-08-01 21:01:01'
-  Imphash: 88380fdfc880da4da407c38f34fe8a3c
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: TmComm.sys
-  MD5: f51065667fb127cf6de984daea2f6b24
-  SHA1: 1768fb2b4796f624fa52b95dfdfbfb922ac21019
-  SHA256: 654c5ba47f74008c8f49cbb97988017eec8c898adc3bb851bc6e1fdf9dcf54ad
-  Authentihash:
-    MD5: 671205c31cc873b793bd9922b8c2594e
-    SHA1: d8dea3a091ef24abd0cee37b74a6e6bf8dccea23
-    SHA256: 9bea1a92c747c203cd3e370f422ed6023787817a5495385e5ca473ef59396a2e
-  Description: TrendMicro Common Module
-  Company: Trend Micro Inc.
-  InternalName: TmComm.sys
-  OriginalFilename: TmComm.sys
-  FileVersion: 6.0.0.1072
-  Product: Trend Micro Eyes
-  ProductVersion: '6.0'
-  Copyright: Copyright (C) 2013 Trend Micro Incorporated. All rights reserved.
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions:
-  - ??0CAutoUpdateConfigThread@@QEAA@AEBV0@@Z
-  - ??0CAutoUpdateConfigThread@@QEAA@PEAU_UNICODE_STRING@@P6AX0PEAX@Z1@Z
-  - ??0CBlobConfig@@QEAA@AEBV0@@Z
-  - ??0CBlobConfig@@QEAA@K@Z
-  - ??0CContext@@QEAA@AEBV0@@Z
-  - ??0CContext@@QEAA@KP6AJPEAU_EVENT_REPORT@@PEAXPEAU_TMCE_REPORT@@PEAU_TMCE_FEEDBACK@@@Z1K@Z
-  - ??0CContextList@@QEAA@AEBV0@@Z
-  - ??0CContextList@@QEAA@KPEAVIMemoryAllocator@@@Z
-  - ??0CDebugLog@@QEAA@AEBV0@@Z
-  - ??0CDebugLog@@QEAA@PEBG@Z
-  - ??0CDebugLogEx@@QEAA@AEBV0@@Z
-  - ??0CDebugLogEx@@QEAA@K@Z
-  - ??0CDelayLoadThread@@QEAA@AEBV0@@Z
-  - ??0CDelayLoadThread@@QEAA@XZ
-  - ??0CExclusionExtConfig@@QEAA@AEBV0@@Z
-  - ??0CExclusionExtConfig@@QEAA@KKE@Z
-  - ??0CExclusionFileNameConfig@@QEAA@AEBV0@@Z
-  - ??0CExclusionFileNameConfig@@QEAA@KK@Z
-  - ??0CExclusionFilePathConfig@@QEAA@AEBV0@@Z
-  - ??0CExclusionFilePathConfig@@QEAA@KK@Z
-  - ??0CExclusionFolderConfig@@QEAA@AEBV0@@Z
-  - ??0CExclusionFolderConfig@@QEAA@KK@Z
-  - ??0CExclusionRegistryConfig@@QEAA@AEBV0@@Z
-  - ??0CExclusionRegistryConfig@@QEAA@KK@Z
-  - ??0CFile@@QEAA@AEBV0@@Z
-  - ??0CFile@@QEAA@E@Z
-  - ??0CFileExtension@@QEAA@AEBV0@@Z
-  - ??0CFileExtension@@QEAA@KEEPEAVIMemoryAllocator@@@Z
-  - ??0CInclusionExtConfig@@QEAA@AEBV0@@Z
-  - ??0CInclusionExtConfig@@QEAA@KKE@Z
-  - ??0CInclusionFileNameConfig@@QEAA@AEBV0@@Z
-  - ??0CInclusionFileNameConfig@@QEAA@KK@Z
-  - ??0CInclusionFilePathConfig@@QEAA@AEBV0@@Z
-  - ??0CInclusionFilePathConfig@@QEAA@KK@Z
-  - ??0CInclusionFolderConfig@@QEAA@AEBV0@@Z
-  - ??0CInclusionFolderConfig@@QEAA@KK@Z
-  - ??0CKEvent@@QEAA@AEBV0@@Z
-  - ??0CKEvent@@QEAA@W4_EVENT_TYPE@@E@Z
-  - ??0CList@@QEAA@AEBV0@@Z
-  - ??0CList@@QEAA@KPEAVIMemoryAllocator@@@Z
-  - ??0CLockEvent@@QEAA@AEBV0@@Z
-  - ??0CLockEvent@@QEAA@XZ
-  - ??0CLockList@@QEAA@AEBV0@@Z
-  - ??0CLockList@@QEAA@KKPEAVIMemoryAllocator@@@Z
-  - ??0CMemoryAllocator@@IEAA@W4_POOL_TYPE@@K@Z
-  - ??0CMemoryAllocator@@QEAA@AEBV0@@Z
-  - ??0CMemoryPoolAllocator@@IEAA@W4_POOL_TYPE@@_K1K@Z
-  - ??0CMemoryPoolAllocator@@QEAA@AEBV0@@Z
-  - ??0CModuleConfig@@QEAA@AEBV0@@Z
-  - ??0CModuleConfig@@QEAA@XZ
-  - ??0CModuleConfigList@@QEAA@AEBV0@@Z
-  - ??0CModuleConfigList@@QEAA@KPEAVIMemoryAllocator@@@Z
-  - ??0CModuleFileExtConfig@@QEAA@AEBV0@@Z
-  - ??0CModuleFileExtConfig@@QEAA@KKE@Z
-  - ??0CModuleFlagConfig@@QEAA@AEBV0@@Z
-  - ??0CModuleFlagConfig@@QEAA@K@Z
-  - ??0CModuleMultiStringConfig@@QEAA@AEBV0@@Z
-  - ??0CModuleMultiStringConfig@@QEAA@KK@Z
-  - ??0CModuleStringConfig@@QEAA@AEBV0@@Z
-  - ??0CModuleStringConfig@@QEAA@K@Z
-  - ??0CNoLockList@@QEAA@AEBV0@@Z
-  - ??0CNoLockList@@QEAA@KKPEAVIMemoryAllocator@@@Z
-  - ??0CSmartLock@@QEAA@AEAVCLockEvent@@@Z
-  - ??0CSmartLock@@QEAA@XZ
-  - ??0CSmartReference@@QEAA@AEAJ@Z
-  - ??0CSmartReference@@QEAA@AEAK@Z
-  - ??0CSmartResource@@QEAA@AEAVCResource@@E@Z
-  - ??0CStrList@@QEAA@AEBV0@@Z
-  - ??0CStrList@@QEAA@KPEAVIMemoryAllocator@@@Z
-  - ??0CSystemThread@@QEAA@AEBV0@@Z
-  - ??0CSystemThread@@QEAA@K@Z
-  - ??0CUserFuncAdapterJob@@QEAA@AEBV0@@Z
-  - ??0CUserFuncAdapterJob@@QEAA@P6AXPEAX@Z01@Z
-  - ??0CWorkerThread@@IEAA@PEAVCWorkerThreadJobQueue@@@Z
-  - ??0CWorkerThread@@QEAA@AEBV0@@Z
-  - ??0CWorkerThreadJob@@QEAA@AEBV0@@Z
-  - ??0CWorkerThreadJob@@QEAA@E@Z
-  - ??0CWorkerThreadJobQueue@@QEAA@AEBV0@@Z
-  - ??0CWorkerThreadJobQueue@@QEAA@K@Z
-  - ??0CWorkerThreadPool@@QEAA@AEBV0@@Z
-  - ??0CWorkerThreadPool@@QEAA@K@Z
-  - ??0CWorkerThreadPoolEx@@QEAA@AEBV0@@Z
-  - ??0CWorkerThreadPoolEx@@QEAA@KK@Z
-  - ??0IMemoryAllocator@@QEAA@AEBV0@@Z
-  - ??0IMemoryAllocator@@QEAA@XZ
-  - ??1CAutoUpdateConfigThread@@UEAA@XZ
-  - ??1CBlobConfig@@UEAA@XZ
-  - ??1CContext@@UEAA@XZ
-  - ??1CContextList@@UEAA@XZ
-  - ??1CDebugLog@@UEAA@XZ
-  - ??1CDebugLogEx@@UEAA@XZ
-  - ??1CDelayLoadThread@@UEAA@XZ
-  - ??1CExclusionExtConfig@@UEAA@XZ
-  - ??1CExclusionFileNameConfig@@UEAA@XZ
-  - ??1CExclusionFilePathConfig@@UEAA@XZ
-  - ??1CExclusionFolderConfig@@UEAA@XZ
-  - ??1CExclusionRegistryConfig@@UEAA@XZ
-  - ??1CFile@@UEAA@XZ
-  - ??1CFileExtension@@UEAA@XZ
-  - ??1CInclusionExtConfig@@UEAA@XZ
-  - ??1CInclusionFileNameConfig@@UEAA@XZ
-  - ??1CInclusionFilePathConfig@@UEAA@XZ
-  - ??1CInclusionFolderConfig@@UEAA@XZ
-  - ??1CKEvent@@UEAA@XZ
-  - ??1CList@@UEAA@XZ
-  - ??1CLockEvent@@UEAA@XZ
-  - ??1CLockList@@UEAA@XZ
-  - ??1CMemoryAllocator@@UEAA@XZ
-  - ??1CMemoryPoolAllocator@@UEAA@XZ
-  - ??1CModuleConfig@@UEAA@XZ
-  - ??1CModuleConfigList@@UEAA@XZ
-  - ??1CModuleFileExtConfig@@UEAA@XZ
-  - ??1CModuleFlagConfig@@UEAA@XZ
-  - ??1CModuleMultiStringConfig@@UEAA@XZ
-  - ??1CModuleStringConfig@@UEAA@XZ
-  - ??1CNoLockList@@UEAA@XZ
-  - ??1CSmartLock@@QEAA@XZ
-  - ??1CSmartReference@@QEAA@XZ
-  - ??1CSmartResource@@QEAA@XZ
-  - ??1CStrList@@UEAA@XZ
-  - ??1CSystemThread@@UEAA@XZ
-  - ??1CUserFuncAdapterJob@@UEAA@XZ
-  - ??1CWorkerThread@@UEAA@XZ
-  - ??1CWorkerThreadJob@@UEAA@XZ
-  - ??1CWorkerThreadJobQueue@@UEAA@XZ
-  - ??1CWorkerThreadPool@@UEAA@XZ
-  - ??1CWorkerThreadPoolEx@@UEAA@XZ
-  - ??1IMemoryAllocator@@UEAA@XZ
-  - ??2@YAPEAX_KPEAVIMemoryAllocator@@PEBDK@Z
-  - ??2CMemoryAllocator@@SAPEAX_K@Z
-  - ??2CMemoryPoolAllocator@@SAPEAX_K@Z
-  - ??3@YAXPEAX@Z
-  - ??3IMemoryAllocator@@SAXPEAX@Z
-  - ??4CAutoUpdateConfigThread@@QEAAAEAV0@AEBV0@@Z
-  - ??4CBlobConfig@@QEAAAEAV0@AEBV0@@Z
-  - ??4CContext@@QEAAAEAV0@AEBV0@@Z
-  - ??4CDebugLog@@QEAAAEAV0@AEBV0@@Z
-  - ??4CDebugLogEx@@QEAAAEAV0@AEBV0@@Z
-  - ??4CDelayLoadThread@@QEAAAEAV0@AEBV0@@Z
-  - ??4CFile@@QEAAAEAV0@AEBV0@@Z
-  - ??4CKEvent@@QEAAAEAV0@AEBV0@@Z
-  - ??4CLockEvent@@QEAAAEAV0@AEBV0@@Z
-  - ??4CMemoryAllocator@@QEAAAEAV0@AEBV0@@Z
-  - ??4CMemoryPoolAllocator@@QEAAAEAV0@AEBV0@@Z
-  - ??4CModuleConfig@@QEAAAEAV0@AEBV0@@Z
-  - ??4CModuleFlagConfig@@QEAAAEAV0@AEBV0@@Z
-  - ??4CModuleStringConfig@@QEAAAEAV0@AEBV0@@Z
-  - ??4CSmartLock@@QEAAAEAV0@AEBV0@@Z
-  - ??4CSmartLock@@QEAAAEBV0@AEAVCLockEvent@@@Z
-  - ??4CSmartResource@@QEAAAEAV0@AEBV0@@Z
-  - ??4CSystemThread@@QEAAAEAV0@AEBV0@@Z
-  - ??4CUserFuncAdapterJob@@QEAAAEAV0@AEBV0@@Z
-  - ??4CWorkerThread@@QEAAAEAV0@AEBV0@@Z
-  - ??4CWorkerThreadJob@@QEAAAEAV0@AEBV0@@Z
-  - ??4IMemoryAllocator@@QEAAAEAV0@AEBV0@@Z
-  - ??_7CAutoUpdateConfigThread@@6B@
-  - ??_7CBlobConfig@@6B@
-  - ??_7CContext@@6B@
-  - ??_7CContextList@@6B@
-  - ??_7CDebugLog@@6B@
-  - ??_7CDebugLogEx@@6B@
-  - ??_7CDelayLoadThread@@6B@
-  - ??_7CExclusionExtConfig@@6B@
-  - ??_7CExclusionFileNameConfig@@6B@
-  - ??_7CExclusionFilePathConfig@@6B@
-  - ??_7CExclusionFolderConfig@@6B@
-  - ??_7CExclusionRegistryConfig@@6B@
-  - ??_7CFile@@6B@
-  - ??_7CFileExtension@@6B@
-  - ??_7CInclusionExtConfig@@6B@
-  - ??_7CInclusionFileNameConfig@@6B@
-  - ??_7CInclusionFilePathConfig@@6B@
-  - ??_7CInclusionFolderConfig@@6B@
-  - ??_7CKEvent@@6B@
-  - ??_7CList@@6B@
-  - ??_7CLockEvent@@6B@
-  - ??_7CLockList@@6B@
-  - ??_7CMemoryAllocator@@6B@
-  - ??_7CMemoryPoolAllocator@@6B@
-  - ??_7CModuleConfig@@6B@
-  - ??_7CModuleConfigList@@6B@
-  - ??_7CModuleFileExtConfig@@6B@
-  - ??_7CModuleFlagConfig@@6B@
-  - ??_7CModuleMultiStringConfig@@6B@
-  - ??_7CModuleStringConfig@@6B@
-  - ??_7CNoLockList@@6B@
-  - ??_7CStrList@@6B@
-  - ??_7CSystemThread@@6B@
-  - ??_7CUserFuncAdapterJob@@6B@
-  - ??_7CWorkerThread@@6B@
-  - ??_7CWorkerThreadJob@@6B@
-  - ??_7CWorkerThreadJobQueue@@6B@
-  - ??_7CWorkerThreadPool@@6B@
-  - ??_7CWorkerThreadPoolEx@@6B@
-  - ??_7IMemoryAllocator@@6B@
-  - ??_FCContextList@@QEAAXXZ
-  - ??_FCFile@@QEAAXXZ
-  - ??_FCFileExtension@@QEAAXXZ
-  - ??_FCModuleConfigList@@QEAAXXZ
-  - ??_FCStrList@@QEAAXXZ
-  - ??_FCSystemThread@@QEAAXXZ
-  - ??_FCWorkerThread@@QEAAXXZ
-  - ??_FCWorkerThreadJob@@QEAAXXZ
-  - ??_FCWorkerThreadJobQueue@@QEAAXXZ
-  - ??_U@YAPEAX_KPEAVIMemoryAllocator@@PEBDK@Z
-  - ??_V@YAXPEAX@Z
-  - ?Acquire@CLockEvent@@QEAAXXZ
-  - ?Add@CContextList@@QEAAEPEAVCContext@@@Z
-  - ?Add@CFileExtension@@QEAAEPEBGK@Z
-  - ?Add@CModuleConfigList@@QEAAEPEAVCModuleConfig@@@Z
-  - ?Add@CStrList@@QEAAEPEBG@Z
-  - ?AddNode@CLockList@@UEAAEQEAXE@Z
-  - ?AddNode@CNoLockList@@UEAAEQEAXE@Z
-  - ?Alloc@CMemoryAllocator@@UEAAPEAX_KPEBDK@Z
-  - ?Alloc@CMemoryPoolAllocator@@UEAAPEAX_KPEBDK@Z
-  - ?AllocBlock@CMemoryPoolAllocator@@IEAAPEAX_K@Z
-  - ?AttachJobQueue@CWorkerThread@@QEAAXPEAVCWorkerThreadJobQueue@@@Z
-  - ?Cancel@CWorkerThreadJob@@QEAAXXZ
-  - ?CheckNode@CLockList@@UEAAHQEAX@Z
-  - ?CheckNode@CNoLockList@@UEAAHQEAX@Z
-  - ?CleanQueue@CWorkerThreadJobQueue@@QEAAXXZ
-  - ?Cleanup@CBlobConfig@@AEAAXXZ
-  - ?Cleanup@CModuleFileExtConfig@@IEAAXXZ
-  - ?Cleanup@CModuleMultiStringConfig@@IEAAXXZ
-  - ?Cleanup@CModuleStringConfig@@AEAAXXZ
-  - ?Close@CFile@@QEAAJXZ
-  - ?Count@CLockList@@QEAAKXZ
-  - ?Count@CNoLockList@@QEAAKXZ
-  - ?Create@CFile@@QEAAJPEBGKKKK@Z
-  - ?Create@CSystemThread@@QEAAEXZ
-  - ?CreateInstance@CMemoryAllocator@@SAPEAV1@W4_POOL_TYPE@@K@Z
-  - ?CreateInstance@CMemoryPoolAllocator@@SAPEAV1@W4_POOL_TYPE@@_K1K@Z
-  - ?CreatePool@CWorkerThreadPool@@QEAAEXZ
-  - ?CreatePool@CWorkerThreadPoolEx@@QEAAEXZ
-  - ?CreateThreads@CWorkerThreadPool@@QEAAEK@Z
-  - ?CreateThreads@CWorkerThreadPoolEx@@QEAAEK@Z
-  - ?CreateWIRP@CFile@@QEAAJPEBGKKKK@Z
-  - ?Delete@CFile@@QEAAJXZ
-  - ?Delete@CFileExtension@@QEAAEPEBGK@Z
-  - ?Delete@CStrList@@QEAAEPEBG@Z
-  - ?DeleteAll@CList@@UEAAXXZ
-  - ?DeleteAll@CLockList@@UEAAXXZ
-  - ?DeleteAll@CNoLockList@@UEAAXXZ
-  - ?DeleteNode@CContextList@@MEAAXPEAX@Z
-  - ?DeleteNode@CList@@UEAAXPEAX@Z
-  - ?DeleteNode@CModuleConfigList@@MEAAXPEAX@Z
-  - ?DeleteNode@CStrList@@EEAAXPEAU_STR_LIST_NODE@1@@Z
-  - ?DisableWriteProtectFromCR0@@YAXPEAPEAX@Z
-  - ?DoIt@CWorkerThreadJob@@QEAAJXZ
-  - ?EntryPoint@CSystemThread@@KAXPEAX@Z
-  - ?Find@CContextList@@QEAAPEAVCContext@@K@Z
-  - ?Find@CContextList@@QEAAPEAVCContext@@PEAX@Z
-  - ?Find@CFileExtension@@QEAAPEAU_STR_LIST_NODE@CStrList@@PEBGK@Z
-  - ?Find@CModuleConfigList@@QEAAPEAVCModuleConfig@@K@Z
-  - ?Find@CStrList@@QEAAPEAU_STR_LIST_NODE@1@PEBG@Z
-  - ?FindNode@CContextList@@IEAAPEAXPEAX@Z
-  - ?FindPartiallyAndAllMatch@CStrList@@QEAAPEAU_STR_LIST_NODE@1@PEBG@Z
-  - ?FinishFunction@CUserFuncAdapterJob@@MEAAXXZ
-  - ?FinishIt@CWorkerThreadJob@@QEAAJXZ
-  - ?First@CList@@UEAAPEAXXZ
-  - ?First@CLockList@@UEAAPEAXXZ
-  - ?First@CNoLockList@@UEAAPEAXXZ
-  - ?Free@CMemoryAllocator@@UEAAXPEAX@Z
-  - ?Free@CMemoryPoolAllocator@@UEAAXPEAX@Z
-  - ?GetAttributes@CFile@@QEAAKXZ
-  - ?GetBasicInfomration@CFile@@IEAAJXZ
-  - ?GetBlobCofig@CContext@@UEAAJKPEAXPEAK@Z
-  - ?GetCategory@CContext@@QEAAKXZ
-  - ?GetData@CBlobConfig@@QEAAHPEAXPEAK@Z
-  - ?GetData@CModuleFileExtConfig@@QEAAHPEAGPEAK@Z
-  - ?GetData@CModuleFileExtConfig@@QEAAPEAVCFileExtension@@XZ
-  - ?GetData@CModuleFlagConfig@@QEAAKXZ
-  - ?GetData@CModuleMultiStringConfig@@QEAAHPEAGPEAK@Z
-  - ?GetData@CModuleMultiStringConfig@@QEAAPEAVCStrList@@XZ
-  - ?GetData@CModuleStringConfig@@QEAAPEAGXZ
-  - ?GetData@CStrList@@QEAAEPEAGPEAK@Z
-  - ?GetDataType@CModuleConfig@@QEAAKXZ
-  - ?GetEngineContext@CContext@@QEAAPEAXXZ
-  - ?GetFileExtensionConfig@CContext@@QEAAPEAVCFileExtension@@K@Z
-  - ?GetFileExtensionConfig@CContext@@UEAAJKPEAGPEAK@Z
-  - ?GetFileSize@CFile@@QEAAJPEAT_LARGE_INTEGER@@@Z
-  - ?GetFlagConfig@CContext@@UEAAJKPEAK@Z
-  - ?GetID@CModuleConfig@@QEAAKXZ
-  - ?GetJob@CWorkerThreadJobQueue@@QEAAPEAVCWorkerThreadJob@@XZ
-  - ?GetLength@CModuleStringConfig@@QEAAKXZ
-  - ?GetLinkContext@CContext@@QEAAPEAXXZ
-  - ?GetLogFlag@CDebugLog@@QEAAKXZ
-  - ?GetLogFlag@CDebugLogEx@@QEAAKXZ
-  - ?GetModuleId@CModuleConfig@@QEAAKXZ
-  - ?GetMultiStringConfig@CContext@@QEAAPEAVCStrList@@K@Z
-  - ?GetMultiStringConfig@CContext@@UEAAJKPEAGPEAK@Z
-  - ?GetOneThreadTEB@CWorkerThreadPool@@QEAAPEAU_ETHREAD@@XZ
-  - ?GetOneThreadTEB@CWorkerThreadPool@@QEAAPEAU_KTHREAD@@XZ
-  - ?GetOneThreadTEB@CWorkerThreadPoolEx@@QEAAPEAU_ETHREAD@@XZ
-  - ?GetOneThreadTEB@CWorkerThreadPoolEx@@QEAAPEAU_KTHREAD@@XZ
-  - ?GetReportCallBackRoutine@CContext@@QEAA_KXZ
-  - ?GetSize@CBlobConfig@@QEAAKXZ
-  - ?GetStringConfig@CContext@@QEAAPEAGK@Z
-  - ?GetStringConfig@CContext@@UEAAJKPEAGPEAK@Z
-  - ?GetThreadCount@CWorkerThreadPool@@QEAAKXZ
-  - ?GetThreadCount@CWorkerThreadPoolEx@@QEAAKXZ
-  - ?GetThreadID@CSystemThread@@QEAA_KXZ
-  - ?GetType@CContext@@QEAAKXZ
-  - ?GetUserParameter@CContext@@QEAA_KXZ
-  - ?InitProcMon@CDebugLogEx@@IEAAXXZ
-  - ?InitializeBlobConfig@CContext@@QEAAHKPEAXK@Z
-  - ?InitializeFileExtensionConfig@CContext@@QEAAHKPEBG@Z
-  - ?InitializeFlagConfig@CContext@@QEAAHKK@Z
-  - ?InitializeMultiStringConfig@CContext@@QEAAHKPEBG@Z
-  - ?InitializeStringConfig@CContext@@QEAAHKPEBG@Z
-  - ?Insert@CList@@UEAAXQEAXE@Z
-  - ?Insert@CLockList@@UEAAXQEAXE@Z
-  - ?Insert@CNoLockList@@UEAAXQEAXE@Z
-  - ?InsertAfter@CList@@UEAAXPEAX0@Z
-  - ?InsertBefore@CList@@UEAAXPEAX0@Z
-  - ?Instance@CWorkerThreadPool@@SAPEAV1@XZ
-  - ?IsEmpty@CList@@UEAAEXZ
-  - ?IsEmpty@CLockList@@UEAAEXZ
-  - ?IsEmpty@CNoLockList@@UEAAEXZ
-  - ?IsExceedLimitation@CMemoryPoolAllocator@@IEAAEK@Z
-  - ?IsFull@CLockList@@QEBAEXZ
-  - ?IsFull@CNoLockList@@QEBAEXZ
-  - ?IsInExclusionList@CExclusionExtConfig@@QEAAEPEBG@Z
-  - ?IsInExclusionList@CExclusionFileNameConfig@@QEAAEPEBG@Z
-  - ?IsInExclusionList@CExclusionFilePathConfig@@QEAAEPEBG@Z
-  - ?IsInExclusionList@CExclusionFolderConfig@@QEAAEPEBG@Z
-  - ?IsInExclusionList@CExclusionRegistryConfig@@QEAAEPEBG@Z
-  - ?IsInInclusionList@CInclusionExtConfig@@QEAAEPEBG@Z
-  - ?IsInInclusionList@CInclusionFileNameConfig@@QEAAEPEBG@Z
-  - ?IsInInclusionList@CInclusionFilePathConfig@@QEAAEPEBG@Z
-  - ?IsInInclusionList@CInclusionFolderConfig@@QEAAEPEBG@Z
-  - ?IsOpened@CFile@@QEAAEXZ
-  - ?IsTerminated@CWorkerThreadPool@@QEAAEXZ
-  - ?IsTerminated@CWorkerThreadPoolEx@@QEAAEXZ
-  - ?IsValid@CMemoryAllocator@@UEAAEXZ
-  - ?IsValid@CMemoryPoolAllocator@@UEAAEXZ
-  - ?IsValid@IMemoryAllocator@@UEAAEXZ
-  - ?IsWorkerThread@CWorkerThreadPool@@QEAAE_K@Z
-  - ?IsWorkerThread@CWorkerThreadPoolEx@@QEAAE_K@Z
-  - ?JobFunction@CUserFuncAdapterJob@@MEAAXXZ
-  - ?JobQueue@CWorkerThreadPool@@QEAAAEAVCWorkerThreadJobQueue@@XZ
-  - ?JobQueue@CWorkerThreadPoolEx@@QEAAAEAVCWorkerThreadJobQueue@@XZ
-  - ?Limit@CLockList@@QEAAKXZ
-  - ?Limit@CNoLockList@@QEAAKXZ
-  - ?MatchAllExtensions@CFileExtension@@QEAAEXZ
-  - ?MatchNoExtensions@CFileExtension@@QEAAEXZ
-  - ?MergeLeft@CMemoryPoolAllocator@@IEAAPEAXPEAX@Z
-  - ?MergeRight@CMemoryPoolAllocator@@IEAAPEAXPEAX@Z
-  - ?NeedDelete@CWorkerThreadJob@@QEAAEXZ
-  - ?NeedDeleteWhenFinish@CWorkerThreadJob@@QEAAXE@Z
-  - ?NewNode@CList@@UEAAPEAXXZ
-  - ?NewNode@CStrList@@EEAAPEAXXZ
-  - ?NewNodeVariant@CList@@IEAAPEAXK@Z
-  - ?Next@CList@@UEBAPEAXQEAX@Z
-  - ?Next@CLockList@@UEBAPEAXQEAX@Z
-  - ?Next@CNoLockList@@UEBAPEAXQEAX@Z
-  - ?NextPool@CMemoryPoolAllocator@@QEAAPEAV1@XZ
-  - ?NotityTerminate@CWorkerThread@@QEAAXXZ
-  - ?PostJobToWorkerThread@CWorkerThreadPool@@QEAAJP6AXPEAX@Z0E@Z
-  - ?PostJobToWorkerThread@CWorkerThreadPoolEx@@QEAAJP6AXPEAX@Z0E1@Z
-  - ?Pulse@CKEvent@@QEAAJJE@Z
-  - ?QueueJob@CWorkerThreadJobQueue@@QEAAEPEAVCWorkerThreadJob@@@Z
-  - ?QueueJobItem@CWorkerThreadPool@@QEAAJPEAVCWorkerThreadJob@@@Z
-  - ?QueueJobItem@CWorkerThreadPoolEx@@QEAAJPEAVCWorkerThreadJob@@@Z
-  - ?RCMInstance@CWorkerThreadPool@@SAPEAV1@XZ
-  - ?Read@CFile@@QEAAJPEADKPEAK@Z
-  - ?ReadWIRP@CFile@@QEAAJPEADKPEAK@Z
-  - ?ReferenceCount@CContext@@QEAAAEAKXZ
-  - ?Release@CLockEvent@@QEAAXXZ
-  - ?Remove@CContextList@@UEAAEQEAX@Z
-  - ?Remove@CList@@UEAAEQEAX@Z
-  - ?Remove@CLockList@@UEAAEQEAX@Z
-  - ?Remove@CNoLockList@@UEAAEQEAX@Z
-  - ?RemoveHead@CList@@UEAAPEAXXZ
-  - ?RemoveHead@CLockList@@UEAAPEAXXZ
-  - ?RemoveHead@CNoLockList@@UEAAPEAXXZ
-  - ?RemoveTail@CList@@UEAAPEAXXZ
-  - ?RemoveTail@CLockList@@UEAAPEAXXZ
-  - ?RemoveTail@CNoLockList@@UEAAPEAXXZ
-  - ?Reset@CKEvent@@QEAAXXZ
-  - ?ResetData@CInclusionExtConfig@@QEAAXXZ
-  - ?ResetData@CInclusionFileNameConfig@@QEAAXXZ
-  - ?ResetData@CInclusionFilePathConfig@@QEAAXXZ
-  - ?ResetData@CInclusionFolderConfig@@QEAAXXZ
-  - ?RestoreCR0@@YAXPEAX@Z
-  - ?Run@CAutoUpdateConfigThread@@UEAAXXZ
-  - ?Run@CDelayLoadThread@@UEAAXXZ
-  - ?Run@CWorkerThread@@UEAAXXZ
-  - ?SeekToEnd@CFile@@QEAAJXZ
-  - ?Set@CKEvent@@QEAAJJE@Z
-  - ?SetAttributes@CFile@@QEAAJK@Z
-  - ?SetBlobCofig@CContext@@UEAAJKPEAXK@Z
-  - ?SetData@CBlobConfig@@QEAAHPEAXK@Z
-  - ?SetData@CModuleFileExtConfig@@QEAAHPEBG@Z
-  - ?SetData@CModuleFlagConfig@@QEAAHK@Z
-  - ?SetData@CModuleMultiStringConfig@@QEAAHPEBGK@Z
-  - ?SetData@CModuleStringConfig@@QEAAHPEBG@Z
-  - ?SetEngineContext@CContext@@QEAAXPEAX@Z
-  - ?SetFileExtensionConfig@CContext@@UEAAJKPEBG@Z
-  - ?SetFlagConfig@CContext@@UEAAJKK@Z
-  - ?SetLinkContext@CContext@@QEAAXPEAX@Z
-  - ?SetLogFlag@CDebugLog@@QEAAEK@Z
-  - ?SetLogFlag@CDebugLogEx@@QEAAEK@Z
-  - ?SetMatchAllExtensions@CFileExtension@@QEAAXE@Z
-  - ?SetMatchNoExtensions@CFileExtension@@QEAAXE@Z
-  - ?SetMultiStringConfig@CContext@@UEAAJKPEBG@Z
-  - ?SetNewJobItemEvent@CWorkerThreadJobQueue@@QEAAXXZ
-  - ?SetPriority@CSystemThread@@QEAAXK@Z
-  - ?SetStopUse@CContext@@QEAAXXZ
-  - ?SetStringConfig@CContext@@UEAAJKPEBG@Z
-  - ?Setup@CSystemThread@@MEAAXXZ
-  - ?StopUse@CContext@@QEAAHXZ
-  - ?TearDown@CSystemThread@@MEAAXXZ
-  - ?Terminate@CSystemThread@@QEAAXE@Z
-  - ?Terminate@CWorkerThreadPool@@QEAAEXZ
-  - ?Terminate@CWorkerThreadPoolEx@@QEAAEXZ
-  - ?TmExceptionFilter@@YAJPEAU_EXCEPTION_POINTERS@@@Z
-  - ?Wait@CKEvent@@QEAAJPEAT_LARGE_INTEGER@@E@Z
-  - ?WaitFinish@CWorkerThreadJob@@QEAAXXZ
-  - ?WaitForInit@CDelayLoadThread@@QEAAEXZ
-  - ?WaitForLoad@CDelayLoadThread@@QEAAEXZ
-  - ?WaitNewJobAvailable@CWorkerThreadJobQueue@@QEAAEXZ
-  - ?WaitQueueEmpty@CWorkerThreadJobQueue@@QEAAXXZ
-  - ?Write@CDebugLog@@QEAAXPEBDZZ
-  - ?Write@CDebugLogEx@@QEAAXPEBDZZ
-  - ?Write@CFile@@QEAAJPEADKPEAT_LARGE_INTEGER@@PEAK@Z
-  - ?WriteDataToFile@CDebugLogEx@@IEAAXPEADK@Z
-  - ?WriteDataToProcMonW@CDebugLogEx@@IEAAXPEAD@Z
-  - ?WriteSystemInformation@CDebugLog@@QEAAXXZ
-  - ?WriteSystemInformation@CDebugLogEx@@QEAAXXZ
-  - ?WriteSystemStringInformation@CDebugLog@@IEAAXPEBG@Z
-  - ?WriteSystemStringInformation@CDebugLogEx@@IEAAXPEBG@Z
-  - ?WriteToFile@CDebugLog@@IEAAXPEADK@Z
-  - ?WriteToProcMonW@CDebugLogEx@@IEAAXPEAU_UNICODE_STRING@@@Z
-  - ?_pNonPagedAllocator@@3PEAVCMemoryAllocator@@EA
-  - ?_pPagedAllocator@@3PEAVCMemoryAllocator@@EA
-  - ?m_lpInstance@CWorkerThreadPool@@1PEAV1@EA
-  - ?m_lpRCMInstance@CWorkerThreadPool@@1PEAV1@EA
-  - DeInitKm2UmCommunication
-  - DeInitKmLPC
-  - DuplicateFullFileName
-  - FreeFullFileName
-  - GetKm2UmMode
-  - GetModuleInfoByAddress
-  - GetModuleInfoByModuleName
-  - InitKm2UmCommunication
-  - InitKmLPC
-  - KmCallUm
-  - KmCallUmByLPC
-  - KmCallUmEx
-  - KmCleanupCommPortAPIs
-  - KmGetUmInitProcess
-  - KmSetCommPortAPIs
-  - ModGetExportProcAddress
-  - ModLoadDLLToBuffer
-  - ModLoadDLLToBufferWithImageSize
-  - ModLoadModule
-  - ModUnLoadModule
-  - NormalizeFileName
-  - NormalizeFullNtPathToDosName
-  - TmCommConfigRoutine
-  - UtilAddDeviceInDriveTable
-  - UtilAddReparsePointMapping
-  - UtilCleanFileReadOnly
-  - UtilCreateDosFileName
-  - UtilDeleteFileForce
-  - UtilGetDeviceObjectName
-  - UtilGetFileNameFromFileObject
-  - UtilGetFileObjectForProcessByEPROC
-  - UtilGetFileObjectFromFileName
-  - UtilGetProcessName
-  - UtilGetSystemDirectory
-  - UtilGetSystemDirectoryEx
-  - UtilGetSystemDirectoryLength
-  - UtilGetSystemTime
-  - UtilIoSetFileInfo
-  - UtilIopCreateFileIRP
-  - UtilKeGetLowFileDevice
-  - UtilModuleIATHook
-  - UtilModuleIATUnHook
-  - UtilPostJobToWorkerThread
-  - UtilQueryKeyValue
-  - UtilRemoveDeviceFromDriveTable
-  - UtilVolumeDeviceToDosName
-  - UtilWaitValueChangeToZero
-  - UtilWriteVersionToRegistry
-  - UtilbuildDynamicDiskMappingTable
-  - UtlWriteBinValueKeyToRegistry
-  - ValidateAddressWithSize
-  - _UtilDosPathNameToNtPathName
-  ImportedFunctions:
-  - KeLeaveCriticalRegion
-  - wcsncpy
-  - KeEnterCriticalRegion
-  - ExAcquireFastMutexUnsafe
-  - wcsrchr
-  - ExAcquireResourceSharedLite
-  - ExReleaseResourceLite
-  - _purecall
-  - ZwOpenEvent
-  - ZwConnectPort
-  - KeClearEvent
-  - PsProcessType
-  - ExFreePoolWithTag
-  - RtlInitUnicodeString
-  - KeSetEvent
-  - ProbeForWrite
-  - KeUnstackDetachProcess
-  - ZwRequestWaitReplyPort
-  - ZwWaitForSingleObject
-  - DbgBreakPoint
-  - ZwSetEvent
-  - IoGetCurrentProcess
-  - ZwFreeVirtualMemory
-  - ZwClose
-  - ObfReferenceObject
-  - ObfDereferenceObject
-  - RtlUnicodeStringToInteger
-  - ZwCreateSection
-  - ObOpenObjectByPointer
-  - KeStackAttachProcess
-  - KePulseEvent
-  - ZwAllocateVirtualMemory
-  - ObGetObjectSecurity
-  - SeAccessCheck
-  - SeReleaseSubjectContext
-  - SeCaptureSubjectContext
-  - PsThreadType
-  - ObReleaseObjectSecurity
-  - PsGetProcessExitTime
-  - MmSectionObjectType
-  - DbgPrint
-  - ExDeleteResourceLite
-  - ExInitializeResourceLite
-  - ZwReadFile
-  - swprintf
-  - ZwSetInformationFile
-  - ZwCreateFile
-  - ZwQueryInformationFile
-  - ZwWriteFile
-  - _wcsnicmp
-  - towupper
-  - ExAllocatePoolWithTag
-  - KeInitializeEvent
-  - ZwCreateEvent
-  - ZwCreateKey
-  - RtlAnsiStringToUnicodeString
-  - ZwNotifyChangeKey
-  - RtlInitAnsiString
-  - _snprintf
-  - RtlFreeUnicodeString
-  - ExSystemTimeToLocalTime
-  - _vsnprintf
-  - ObReferenceObjectByHandle
-  - RtlTimeToTimeFields
-  - ZwDeviceIoControlFile
-  - PsGetCurrentThreadId
-  - PsGetCurrentProcessId
-  - KeWaitForMultipleObjects
-  - RtlEqualUnicodeString
-  - RtlAppendUnicodeStringToString
-  - RtlCopyUnicodeString
-  - RtlUpcaseUnicodeChar
-  - KeWaitForSingleObject
-  - KeSetPriorityThread
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - MmIsAddressValid
-  - KeDelayExecutionThread
-  - KeNumberProcessors
-  - PsLookupProcessByProcessId
-  - PsSetCreateProcessNotifyRoutine
-  - ZwOpenDirectoryObject
-  - ZwQueryInformationProcess
-  - ExGetPreviousMode
-  - NtSetInformationFile
-  - ZwDeleteValueKey
-  - ZwSetValueKey
-  - ZwQuerySystemInformation
-  - NtQueryInformationFile
-  - IoFileObjectType
-  - ZwQueryValueKey
-  - ZwQueryDirectoryFile
-  - NtCreateFile
-  - ZwEnumerateValueKey
-  - ZwQueryDirectoryObject
-  - ZwDuplicateObject
-  - ZwOpenProcess
-  - ZwTerminateProcess
-  - ZwDeleteKey
-  - ZwEnumerateKey
-  - ZwQueryKey
-  - ZwOpenKey
-  - ExReleaseFastMutexUnsafe
-  - _stricmp
-  - _strnicmp
-  - mbstowcs
-  - ProbeForRead
-  - _snwprintf
-  - ZwQuerySymbolicLinkObject
-  - ZwMapViewOfSection
-  - MmGetSystemRoutineAddress
-  - RtlAppendUnicodeToString
-  - IoCreateFile
-  - RtlQueryRegistryValues
-  - MmBuildMdlForNonPagedPool
-  - ZwOpenSymbolicLinkObject
-  - IoFreeMdl
-  - ObQueryNameString
-  - ZwUnmapViewOfSection
-  - NtClose
-  - IoFreeIrp
-  - PsGetVersion
-  - IoAllocateIrp
-  - RtlCompareMemory
-  - MmUnlockPages
-  - ZwOpenFile
-  - wcsncmp
-  - RtlImageNtHeader
-  - IoAllocateMdl
-  - IofCallDriver
-  - ZwQueryVolumeInformationFile
-  - ObReferenceObjectByPointer
-  - IoBuildDeviceIoControlRequest
-  - ZwOpenSection
-  - RtlSubAuthoritySid
-  - RtlLengthRequiredSid
-  - ExReleaseFastMutex
-  - ExAcquireFastMutex
-  - RtlCreateAcl
-  - RtlSetDaclSecurityDescriptor
-  - RtlAddAccessAllowedAce
-  - KeInitializeSemaphore
-  - KeReleaseSemaphore
-  - RtlInitializeSid
-  - RtlCreateSecurityDescriptor
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - ExEventObjectType
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoGetDeviceObjectPointer
-  - strncpy
-  - NtOpenProcess
-  - ObInsertObject
-  - IoAcquireVpbSpinLock
-  - SeCreateAccessState
-  - IoGetFileObjectGenericMapping
-  - ObCreateObject
-  - IoReleaseVpbSpinLock
-  - wcschr
-  - strncat
-  - RtlUnicodeStringToAnsiString
-  - wcsncat
-  - RtlFreeAnsiString
-  - wcstombs
-  - IoGetConfigurationInformation
-  - IoRegisterPlugPlayNotification
-  - RtlUpcaseUnicodeString
-  - IoGetStackLimits
-  - IoBuildSynchronousFsdRequest
-  - KeReleaseSpinLock
-  - ExpInterlockedPopEntrySList
-  - FsRtlIsNameInExpression
-  - wcsstr
-  - ExAllocatePool
-  - IoUnregisterPlugPlayNotification
-  - MmProbeAndLockPages
-  - RtlCompareUnicodeString
-  - IoGetDeviceInterfaces
-  - DbgPrintEx
-  - KeAcquireSpinLockRaiseToDpc
-  - KeBugCheckEx
-  - IoCreateDevice
-  - ZwSetSecurityObject
-  - IoDeviceObjectType
-  - RtlLengthSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - RtlAbsoluteToSelfRelativeSD
-  - IoIsWdmVersionAvailable
-  - SeExports
-  - RtlLengthSid
-  - RtlGetSaclSecurityDescriptor
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - MmSystemRangeStart
-  - ExAcquireResourceExclusiveLite
-  - __C_specific_handler
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO
-        Time Stamping Signer
-      ValidFrom: '2010-05-10 00:00:00'
-      ValidTo: '2015-05-10 23:59:59'
-      Signature: c8fb63f80b75752c3af1f213a72db6a31a9cad0107d3348e77e0c26eae025d484fa4d221b636fd2a35437c6bdf80870b15f0763200b4ceb567a42f2f201b9c549e833f1f5f149562820f2241221f70b3f3f742de6c51cd4bf821ac9b3b8cb1e5e6288fce2a8af9aa524d8c5b77ba4d5a58dbbb6a04cc521e9de228370ebbe70e91c7f8dbf18198ebcd37b30eab65d362ec3aa576eb13a83593c92e0a01ecc0e8cc3d7eb6ebe2c1ecd3149282668750dcfd5097acb34a767306c486113ab35f4304526feab3d074364ccaf11b7984377063ad74b9aa0ef398b08608ebdbe01f8c10f239649bae4f0a2c928a4f18b591e58d1a935f1faef1a6f02e97d0d2f62b3c
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 478a8efb59e1d83f0ce142d2a28707be
-      Version: 3
-      TBS:
-        MD5: f13ede9179075999ef7f856ec31e364b
-        SHA1: 2f09867166e6107e17808317f5c8d4ee157f45bc
-        SHA256: 089a2c4c6ac7432020acdb65c33bf39130da6f37c002ba79128bd4c94e4fa101
-        SHA384: 67be6d358f4ecd0726163603a404db9d78c340951d43fd608482cd89a2de7f9566f0ce45f8222f420003157cb266b939
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-09-30 00:00:00'
-      ValidTo: '2014-01-01 23:59:59'
-      Signature: aedd211d5f8f807ad25209eadb6ed25d8be8c21b6904be51a5010e59fa37d174a3eedced89742b62d5a6bf4fad361754f013e0a345d24c26cbe26da21fd01e7a070fb6b37b6f5068a2e931b3b7997d8070a0a7de0b1ea4fff34d811bdd20c91cc4afcff18ffad9da95f0ecdc5cbfe88c5a3e7ab0a3eb59437411e09b1a6af36f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4d6290e58c54f0f1eb17341a1310e6a4
-      Version: 3
-      TBS:
-        MD5: b7d8444a70054990435f35a5630df5e1
-        SHA1: 4678c6e4a8787a8e6ed2bce8792b122f6c08afd8
-        SHA256: 0a8b4b359ea7890b358e56e436e9cfc6f32b037b2599b597ca7f7a80d475ec98
-        SHA384: ab21ee23bcdcf6f6066fb964d61467419ca8c0f3ad0b3fa2be4db6ed6af1cdff066b27d1988551c75836f22eddffef1f
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=TW, ST=Taiwan, L=Taipei, O=Trend Micro, Inc., OU=Digital ID Class
-        3 , Microsoft Software Validation v2, CN=Trend Micro, Inc.
-      ValidFrom: '2013-01-17 00:00:00'
-      ValidTo: '2014-03-18 23:59:59'
-      Signature: 65c7e1e0f4051179852b819153b528c88db47ef50e897cd8ce0d03a7cc2dc896c89790410182186fecaf9da5c317bf57b5038311c10c2ec5ddb5c18165a7e92f92a6f39c042262126c714337a7c528041a04679217c1475a30231c967ca63b4430ccea52fe4f16fabb5c454d2aa8cdde347b8beaa973d76b3f9ba99d2597939a33d67ec4abc3974ef3792b8bc90d092cce62309d205129bbcbd3554382f24b2911b4904b09e7f52f24f2cc5a52fa49f3a163c32fde076e917301f22dd45d643b95319bae922bc861e5a8f90d4dd72603c7b1ea0229eca869ab8d086ae5286baeba9b99a12856dc1d3cd9f6d9da4b8d5a85896ba4587d8eba506a4fbba4a7bb49
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1a9d178ad334acdf47c8a0d15bb50e6e
-      Version: 3
-      TBS:
-        MD5: 685d99029d38a9d263ea82cd02a49f6c
-        SHA1: 93464d8f54b4ee7caf22ca1db15a4211e0d3c79e
-        SHA256: 894991f1477dff88c7c0707531073bb59483750bcad672fc388179affca07aa9
-        SHA384: e1e5526fbf2108b827717adc49e251251bb8d43a578cd1796da78fcb26c1757b2779616c46e05caf593c2c5046ac60b4
-    Signer:
-    - SerialNumber: 1a9d178ad334acdf47c8a0d15bb50e6e
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: bbb76ea1d539dce2f6450c28c119dfc4
-    SHA1: 93937617f04f056cdde3a44129645289bbf68c00
-    SHA256: 559177f9f73571b4f376e356741cfbedbb9806f57e0a1a70cb6b8dd57b8d83fa
-  Sections:
-    .text:
-      Entropy: 6.422836072266523
-      Virtual Size: '0x2f9e8'
-    .rdata:
-      Entropy: 3.4057499319194284
-      Virtual Size: '0x5ed4'
-    .data:
-      Entropy: 3.371340799515363
-      Virtual Size: '0x2d78'
-    .pdata:
-      Entropy: 5.344142440054196
-      Virtual Size: '0x225c'
-    PAGE:
-      Entropy: 6.227607991130914
-      Virtual Size: '0x19f7'
-    .edata:
-      Entropy: 5.801919096006544
-      Virtual Size: '0x56da'
-    INIT:
-      Entropy: 5.227774256657284
-      Virtual Size: '0x177a'
-    .rsrc:
-      Entropy: 3.3972982299255308
-      Virtual Size: '0x758'
-    .reloc:
-      Entropy: 3.7667938810500683
-      Virtual Size: '0x76e'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2013-09-27 20:56:05'
-  Imphash: d8101af81fd826b492ced1994ebd3268
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: TmComm.sys
-  MD5: a31246180e61140ad7ff9dd7edf1f6a1
-  SHA1: fe0afc6dd03a9bd7f6e673cc6b4af2266737e3d1
-  SHA256: 6ffdde6bc6784c13c601442e47157062941c47015891e7139c2aaba676ab59cc
-  Authentihash:
-    MD5: 9da7d62145d6f4c104da27b797fabc4c
-    SHA1: 597144e2c01496c32aeed3277f8619c229de17b4
-    SHA256: d3227dc2e8f83258810cf43719f02a8d52648eb17939fddd79fd70155a47305d
-  Description: TrendMicro Common Module NoTrap Build
-  Company: Trend Micro Inc.
-  InternalName: TmComm.sys
-  OriginalFilename: TmComm.sys
-  FileVersion: 5.0.0.1104
-  Product: Trend Micro Eyes
-  ProductVersion: '5.0'
-  Copyright: Copyright (C) 2005-2011 Trend Micro Incorporated. All rights reserved.
-  MachineType: I386
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  - CLASSPNP.SYS
-  - SCSIPORT.SYS
-  ExportedFunctions:
-  - ??0CAutoUpdateConfigThread@@QAE@ABV0@@Z
-  - ??0CAutoUpdateConfigThread@@QAE@PAU_UNICODE_STRING@@P6GX0PAX@Z1@Z
-  - ??0CBlobConfig@@QAE@ABV0@@Z
-  - ??0CBlobConfig@@QAE@K@Z
-  - ??0CContext@@QAE@ABV0@@Z
-  - ??0CContext@@QAE@KP6GJPAU_EVENT_REPORT@@PAXPAU_TMCE_REPORT@@PAU_TMCE_FEEDBACK@@@Z1K@Z
-  - ??0CContextList@@QAE@ABV0@@Z
-  - ??0CContextList@@QAE@KPAVIMemoryAllocator@@@Z
-  - ??0CDebugLog@@QAE@ABV0@@Z
-  - ??0CDebugLog@@QAE@PBG@Z
-  - ??0CDelayLoadThread@@QAE@ABV0@@Z
-  - ??0CDelayLoadThread@@QAE@XZ
-  - ??0CExclusionExtConfig@@QAE@ABV0@@Z
-  - ??0CExclusionExtConfig@@QAE@KKE@Z
-  - ??0CExclusionFileNameConfig@@QAE@ABV0@@Z
-  - ??0CExclusionFileNameConfig@@QAE@KK@Z
-  - ??0CExclusionFilePathConfig@@QAE@ABV0@@Z
-  - ??0CExclusionFilePathConfig@@QAE@KK@Z
-  - ??0CExclusionFolderConfig@@QAE@ABV0@@Z
-  - ??0CExclusionFolderConfig@@QAE@KK@Z
-  - ??0CExclusionRegistryConfig@@QAE@ABV0@@Z
-  - ??0CExclusionRegistryConfig@@QAE@KK@Z
-  - ??0CFile@@QAE@ABV0@@Z
-  - ??0CFile@@QAE@E@Z
-  - ??0CFileExtension@@QAE@ABV0@@Z
-  - ??0CFileExtension@@QAE@KEEPAVIMemoryAllocator@@@Z
-  - ??0CKEvent@@QAE@ABV0@@Z
-  - ??0CKEvent@@QAE@W4_EVENT_TYPE@@E@Z
-  - ??0CList@@QAE@ABV0@@Z
-  - ??0CList@@QAE@KPAVIMemoryAllocator@@@Z
-  - ??0CLockEvent@@QAE@ABV0@@Z
-  - ??0CLockEvent@@QAE@XZ
-  - ??0CLockList@@QAE@ABV0@@Z
-  - ??0CLockList@@QAE@KKPAVIMemoryAllocator@@@Z
-  - ??0CMemoryAllocator@@IAE@W4_POOL_TYPE@@K@Z
-  - ??0CMemoryAllocator@@QAE@ABV0@@Z
-  - ??0CMemoryPoolAllocator@@IAE@W4_POOL_TYPE@@KKK@Z
-  - ??0CMemoryPoolAllocator@@QAE@ABV0@@Z
-  - ??0CModuleConfig@@QAE@ABV0@@Z
-  - ??0CModuleConfig@@QAE@XZ
-  - ??0CModuleConfigList@@QAE@ABV0@@Z
-  - ??0CModuleConfigList@@QAE@KPAVIMemoryAllocator@@@Z
-  - ??0CModuleFileExtConfig@@QAE@ABV0@@Z
-  - ??0CModuleFileExtConfig@@QAE@KKE@Z
-  - ??0CModuleFlagConfig@@QAE@ABV0@@Z
-  - ??0CModuleFlagConfig@@QAE@K@Z
-  - ??0CModuleMultiStringConfig@@QAE@ABV0@@Z
-  - ??0CModuleMultiStringConfig@@QAE@KK@Z
-  - ??0CModuleStringConfig@@QAE@ABV0@@Z
-  - ??0CModuleStringConfig@@QAE@K@Z
-  - ??0CNoLockList@@QAE@ABV0@@Z
-  - ??0CNoLockList@@QAE@KKPAVIMemoryAllocator@@@Z
-  - ??0CSmartLock@@QAE@AAVCLockEvent@@@Z
-  - ??0CSmartLock@@QAE@XZ
-  - ??0CSmartReference@@QAE@AAJ@Z
-  - ??0CSmartReference@@QAE@AAK@Z
-  - ??0CSmartResource@@QAE@AAVCResource@@E@Z
-  - ??0CStrList@@QAE@ABV0@@Z
-  - ??0CStrList@@QAE@KPAVIMemoryAllocator@@@Z
-  - ??0CSystemThread@@QAE@ABV0@@Z
-  - ??0CSystemThread@@QAE@K@Z
-  - ??0CUserFuncAdapterJob@@QAE@ABV0@@Z
-  - ??0CUserFuncAdapterJob@@QAE@P6GXPAX@Z0@Z
-  - ??0CWorkerThread@@IAE@PAVCWorkerThreadJobQueue@@@Z
-  - ??0CWorkerThread@@QAE@ABV0@@Z
-  - ??0CWorkerThreadJob@@QAE@ABV0@@Z
-  - ??0CWorkerThreadJob@@QAE@E@Z
-  - ??0CWorkerThreadJobQueue@@QAE@ABV0@@Z
-  - ??0CWorkerThreadJobQueue@@QAE@K@Z
-  - ??0CWorkerThreadPool@@QAE@ABV0@@Z
-  - ??0CWorkerThreadPool@@QAE@K@Z
-  - ??0IMemoryAllocator@@QAE@ABV0@@Z
-  - ??0IMemoryAllocator@@QAE@XZ
-  - ??1CAutoUpdateConfigThread@@UAE@XZ
-  - ??1CBlobConfig@@UAE@XZ
-  - ??1CContext@@UAE@XZ
-  - ??1CContextList@@UAE@XZ
-  - ??1CDebugLog@@UAE@XZ
-  - ??1CDelayLoadThread@@UAE@XZ
-  - ??1CExclusionExtConfig@@UAE@XZ
-  - ??1CExclusionFileNameConfig@@UAE@XZ
-  - ??1CExclusionFilePathConfig@@UAE@XZ
-  - ??1CExclusionFolderConfig@@UAE@XZ
-  - ??1CExclusionRegistryConfig@@UAE@XZ
-  - ??1CFile@@UAE@XZ
-  - ??1CFileExtension@@UAE@XZ
-  - ??1CKEvent@@UAE@XZ
-  - ??1CList@@UAE@XZ
-  - ??1CLockEvent@@UAE@XZ
-  - ??1CLockList@@UAE@XZ
-  - ??1CMemoryAllocator@@UAE@XZ
-  - ??1CMemoryPoolAllocator@@UAE@XZ
-  - ??1CModuleConfig@@UAE@XZ
-  - ??1CModuleConfigList@@UAE@XZ
-  - ??1CModuleFileExtConfig@@UAE@XZ
-  - ??1CModuleFlagConfig@@UAE@XZ
-  - ??1CModuleMultiStringConfig@@UAE@XZ
-  - ??1CModuleStringConfig@@UAE@XZ
-  - ??1CNoLockList@@UAE@XZ
-  - ??1CSmartLock@@QAE@XZ
-  - ??1CSmartReference@@QAE@XZ
-  - ??1CSmartResource@@QAE@XZ
-  - ??1CStrList@@UAE@XZ
-  - ??1CSystemThread@@UAE@XZ
-  - ??1CUserFuncAdapterJob@@UAE@XZ
-  - ??1CWorkerThread@@UAE@XZ
-  - ??1CWorkerThreadJob@@UAE@XZ
-  - ??1CWorkerThreadJobQueue@@UAE@XZ
-  - ??1CWorkerThreadPool@@UAE@XZ
-  - ??1IMemoryAllocator@@UAE@XZ
-  - ??2@YAPAXIPAVIMemoryAllocator@@PBDK@Z
-  - ??2CMemoryAllocator@@SGPAXI@Z
-  - ??2CMemoryPoolAllocator@@SGPAXI@Z
-  - ??3@YAXPAX@Z
-  - ??3IMemoryAllocator@@SGXPAX@Z
-  - ??4CAutoUpdateConfigThread@@QAEAAV0@ABV0@@Z
-  - ??4CBlobConfig@@QAEAAV0@ABV0@@Z
-  - ??4CContext@@QAEAAV0@ABV0@@Z
-  - ??4CDebugLog@@QAEAAV0@ABV0@@Z
-  - ??4CDelayLoadThread@@QAEAAV0@ABV0@@Z
-  - ??4CFile@@QAEAAV0@ABV0@@Z
-  - ??4CKEvent@@QAEAAV0@ABV0@@Z
-  - ??4CLockEvent@@QAEAAV0@ABV0@@Z
-  - ??4CMemoryAllocator@@QAEAAV0@ABV0@@Z
-  - ??4CMemoryPoolAllocator@@QAEAAV0@ABV0@@Z
-  - ??4CModuleConfig@@QAEAAV0@ABV0@@Z
-  - ??4CModuleFlagConfig@@QAEAAV0@ABV0@@Z
-  - ??4CModuleStringConfig@@QAEAAV0@ABV0@@Z
-  - ??4CSmartLock@@QAEAAV0@ABV0@@Z
-  - ??4CSmartLock@@QAEABV0@AAVCLockEvent@@@Z
-  - ??4CSmartResource@@QAEAAV0@ABV0@@Z
-  - ??4CSystemThread@@QAEAAV0@ABV0@@Z
-  - ??4CUserFuncAdapterJob@@QAEAAV0@ABV0@@Z
-  - ??4CWorkerThread@@QAEAAV0@ABV0@@Z
-  - ??4CWorkerThreadJob@@QAEAAV0@ABV0@@Z
-  - ??4IMemoryAllocator@@QAEAAV0@ABV0@@Z
-  - ??_7CAutoUpdateConfigThread@@6B@
-  - ??_7CBlobConfig@@6B@
-  - ??_7CContext@@6B@
-  - ??_7CContextList@@6B@
-  - ??_7CDebugLog@@6B@
-  - ??_7CDelayLoadThread@@6B@
-  - ??_7CExclusionExtConfig@@6B@
-  - ??_7CExclusionFileNameConfig@@6B@
-  - ??_7CExclusionFilePathConfig@@6B@
-  - ??_7CExclusionFolderConfig@@6B@
-  - ??_7CExclusionRegistryConfig@@6B@
-  - ??_7CFile@@6B@
-  - ??_7CFileExtension@@6B@
-  - ??_7CKEvent@@6B@
-  - ??_7CList@@6B@
-  - ??_7CLockEvent@@6B@
-  - ??_7CLockList@@6B@
-  - ??_7CMemoryAllocator@@6B@
-  - ??_7CMemoryPoolAllocator@@6B@
-  - ??_7CModuleConfig@@6B@
-  - ??_7CModuleConfigList@@6B@
-  - ??_7CModuleFileExtConfig@@6B@
-  - ??_7CModuleFlagConfig@@6B@
-  - ??_7CModuleMultiStringConfig@@6B@
-  - ??_7CModuleStringConfig@@6B@
-  - ??_7CNoLockList@@6B@
-  - ??_7CStrList@@6B@
-  - ??_7CSystemThread@@6B@
-  - ??_7CUserFuncAdapterJob@@6B@
-  - ??_7CWorkerThread@@6B@
-  - ??_7CWorkerThreadJob@@6B@
-  - ??_7CWorkerThreadJobQueue@@6B@
-  - ??_7CWorkerThreadPool@@6B@
-  - ??_7IMemoryAllocator@@6B@
-  - ??_FCContextList@@QAEXXZ
-  - ??_FCFile@@QAEXXZ
-  - ??_FCFileExtension@@QAEXXZ
-  - ??_FCModuleConfigList@@QAEXXZ
-  - ??_FCStrList@@QAEXXZ
-  - ??_FCSystemThread@@QAEXXZ
-  - ??_FCWorkerThread@@QAEXXZ
-  - ??_FCWorkerThreadJob@@QAEXXZ
-  - ??_FCWorkerThreadJobQueue@@QAEXXZ
-  - ??_U@YAPAXIPAVIMemoryAllocator@@PBDK@Z
-  - ??_V@YAXPAX@Z
-  - ?Acquire@CLockEvent@@QAEXXZ
-  - ?Add@CContextList@@QAEEPAVCContext@@@Z
-  - ?Add@CFileExtension@@QAEEPBGK@Z
-  - ?Add@CModuleConfigList@@QAEEPAVCModuleConfig@@@Z
-  - ?Add@CStrList@@QAEEPBG@Z
-  - ?AddNode@CLockList@@UAEEQAXE@Z
-  - ?AddNode@CNoLockList@@UAEEQAXE@Z
-  - ?Alloc@CMemoryAllocator@@UAEPAXKPBDK@Z
-  - ?Alloc@CMemoryPoolAllocator@@UAEPAXKPBDK@Z
-  - ?AllocBlock@CMemoryPoolAllocator@@IAEPAXK@Z
-  - ?AttachJobQueue@CWorkerThread@@QAEXPAVCWorkerThreadJobQueue@@@Z
-  - ?Cancel@CWorkerThreadJob@@QAEXXZ
-  - ?CheckNode@CLockList@@UAEHQAX@Z
-  - ?CheckNode@CNoLockList@@UAEHQAX@Z
-  - ?CleanQueue@CWorkerThreadJobQueue@@QAEXXZ
-  - ?Cleanup@CBlobConfig@@AAEXXZ
-  - ?Cleanup@CModuleFileExtConfig@@IAEXXZ
-  - ?Cleanup@CModuleMultiStringConfig@@IAEXXZ
-  - ?Cleanup@CModuleStringConfig@@AAEXXZ
-  - ?Close@CFile@@QAEJXZ
-  - ?Count@CLockList@@QAEKXZ
-  - ?Count@CNoLockList@@QAEKXZ
-  - ?Create@CFile@@QAEJPBGKKKK@Z
-  - ?Create@CSystemThread@@QAEEXZ
-  - ?CreateInstance@CMemoryAllocator@@SGPAV1@W4_POOL_TYPE@@K@Z
-  - ?CreateInstance@CMemoryPoolAllocator@@SGPAV1@W4_POOL_TYPE@@KKK@Z
-  - ?CreatePool@CWorkerThreadPool@@QAEEXZ
-  - ?CreateThreads@CWorkerThreadPool@@QAEEK@Z
-  - ?CreateWIRP@CFile@@QAEJPBGKKKK@Z
-  - ?Delete@CFile@@QAEJXZ
-  - ?Delete@CFileExtension@@QAEEPBGK@Z
-  - ?Delete@CStrList@@QAEEPBG@Z
-  - ?DeleteAll@CList@@UAEXXZ
-  - ?DeleteAll@CLockList@@UAEXXZ
-  - ?DeleteAll@CNoLockList@@UAEXXZ
-  - ?DeleteNode@CContextList@@MAEXPAX@Z
-  - ?DeleteNode@CList@@UAEXPAX@Z
-  - ?DeleteNode@CModuleConfigList@@MAEXPAX@Z
-  - ?DeleteNode@CStrList@@EAEXPAU_STR_LIST_NODE@1@@Z
-  - ?DisableWriteProtectFromCR0@@YGXPAPAX@Z
-  - ?DoIt@CWorkerThreadJob@@QAEJXZ
-  - ?EntryPoint@CSystemThread@@KGXPAX@Z
-  - ?Find@CContextList@@QAEPAVCContext@@K@Z
-  - ?Find@CContextList@@QAEPAVCContext@@PAX@Z
-  - ?Find@CFileExtension@@QAEPAU_STR_LIST_NODE@CStrList@@PBGK@Z
-  - ?Find@CModuleConfigList@@QAEPAVCModuleConfig@@K@Z
-  - ?Find@CStrList@@QAEPAU_STR_LIST_NODE@1@PBG@Z
-  - ?FindNode@CContextList@@IAEPAXPAX@Z
-  - ?FindPartiallyAndAllMatch@CStrList@@QAEPAU_STR_LIST_NODE@1@PBG@Z
-  - ?First@CList@@UAEPAXXZ
-  - ?First@CLockList@@UAEPAXXZ
-  - ?First@CNoLockList@@UAEPAXXZ
-  - ?Free@CMemoryAllocator@@UAEXPAX@Z
-  - ?Free@CMemoryPoolAllocator@@UAEXPAX@Z
-  - ?GetAttributes@CFile@@QAEKXZ
-  - ?GetBasicInfomration@CFile@@IAEJXZ
-  - ?GetBlobCofig@CContext@@UAEJKPAXPAK@Z
-  - ?GetCategory@CContext@@QAEKXZ
-  - ?GetData@CBlobConfig@@QAEHPAXPAK@Z
-  - ?GetData@CModuleFileExtConfig@@QAEHPAGPAK@Z
-  - ?GetData@CModuleFileExtConfig@@QAEPAVCFileExtension@@XZ
-  - ?GetData@CModuleFlagConfig@@QAEKXZ
-  - ?GetData@CModuleMultiStringConfig@@QAEHPAGPAK@Z
-  - ?GetData@CModuleMultiStringConfig@@QAEPAVCStrList@@XZ
-  - ?GetData@CModuleStringConfig@@QAEPAGXZ
-  - ?GetData@CStrList@@QAEEPAGPAK@Z
-  - ?GetDataType@CModuleConfig@@QAEKXZ
-  - ?GetEngineContext@CContext@@QAEPAXXZ
-  - ?GetFileExtensionConfig@CContext@@QAEPAVCFileExtension@@K@Z
-  - ?GetFileExtensionConfig@CContext@@UAEJKPAGPAK@Z
-  - ?GetFileSize@CFile@@QAEJPAT_LARGE_INTEGER@@@Z
-  - ?GetFlagConfig@CContext@@UAEJKPAK@Z
-  - ?GetID@CModuleConfig@@QAEKXZ
-  - ?GetJob@CWorkerThreadJobQueue@@QAEPAVCWorkerThreadJob@@XZ
-  - ?GetLength@CModuleStringConfig@@QAEKXZ
-  - ?GetLinkContext@CContext@@QAEPAXXZ
-  - ?GetLogFlag@CDebugLog@@QAEKXZ
-  - ?GetModuleId@CModuleConfig@@QAEKXZ
-  - ?GetMultiStringConfig@CContext@@QAEPAVCStrList@@K@Z
-  - ?GetMultiStringConfig@CContext@@UAEJKPAGPAK@Z
-  - ?GetOneThreadTEB@CWorkerThreadPool@@QAEPAU_ETHREAD@@XZ
-  - ?GetReportCallBackRoutine@CContext@@QAEKXZ
-  - ?GetSize@CBlobConfig@@QAEKXZ
-  - ?GetStringConfig@CContext@@QAEPAGK@Z
-  - ?GetStringConfig@CContext@@UAEJKPAGPAK@Z
-  - ?GetThreadCount@CWorkerThreadPool@@QAEKXZ
-  - ?GetThreadID@CSystemThread@@QAEKXZ
-  - ?GetType@CContext@@QAEKXZ
-  - ?GetUserParameter@CContext@@QAEKXZ
-  - ?InitializeBlobConfig@CContext@@QAEHKPAXK@Z
-  - ?InitializeFileExtensionConfig@CContext@@QAEHKPBG@Z
-  - ?InitializeFlagConfig@CContext@@QAEHKK@Z
-  - ?InitializeMultiStringConfig@CContext@@QAEHKPBG@Z
-  - ?InitializeStringConfig@CContext@@QAEHKPBG@Z
-  - ?Insert@CList@@UAEXQAXE@Z
-  - ?Insert@CLockList@@UAEXQAXE@Z
-  - ?Insert@CNoLockList@@UAEXQAXE@Z
-  - ?InsertAfter@CList@@UAEXPAX0@Z
-  - ?InsertBefore@CList@@UAEXPAX0@Z
-  - ?Instance@CWorkerThreadPool@@SGPAV1@XZ
-  - ?IsEmpty@CList@@UAEEXZ
-  - ?IsEmpty@CLockList@@UAEEXZ
-  - ?IsEmpty@CNoLockList@@UAEEXZ
-  - ?IsExceedLimitation@CMemoryPoolAllocator@@IAEEK@Z
-  - ?IsFull@CLockList@@QBEEXZ
-  - ?IsFull@CNoLockList@@QBEEXZ
-  - ?IsInExclusionList@CExclusionExtConfig@@QAEEPBG@Z
-  - ?IsInExclusionList@CExclusionFileNameConfig@@QAEEPBG@Z
-  - ?IsInExclusionList@CExclusionFilePathConfig@@QAEEPBG@Z
-  - ?IsInExclusionList@CExclusionFolderConfig@@QAEEPBG@Z
-  - ?IsInExclusionList@CExclusionRegistryConfig@@QAEEPBG@Z
-  - ?IsOpened@CFile@@QAEEXZ
-  - ?IsTerminated@CWorkerThreadPool@@QAEEXZ
-  - ?IsValid@CMemoryAllocator@@UAEEXZ
-  - ?IsValid@CMemoryPoolAllocator@@UAEEXZ
-  - ?IsValid@IMemoryAllocator@@UAEEXZ
-  - ?IsWorkerThread@CWorkerThreadPool@@QAEEK@Z
-  - ?JobFunction@CUserFuncAdapterJob@@MAEXXZ
-  - ?JobQueue@CWorkerThreadPool@@QAEAAVCWorkerThreadJobQueue@@XZ
-  - ?Limit@CLockList@@QAEKXZ
-  - ?Limit@CNoLockList@@QAEKXZ
-  - ?MatchAllExtensions@CFileExtension@@QAEEXZ
-  - ?MatchNoExtensions@CFileExtension@@QAEEXZ
-  - ?MergeLeft@CMemoryPoolAllocator@@IAEPAXPAX@Z
-  - ?MergeRight@CMemoryPoolAllocator@@IAEPAXPAX@Z
-  - ?NeedDelete@CWorkerThreadJob@@QAEEXZ
-  - ?NeedDeleteWhenFinish@CWorkerThreadJob@@QAEXE@Z
-  - ?NewNode@CList@@UAEPAXXZ
-  - ?NewNode@CStrList@@EAEPAXXZ
-  - ?NewNodeVariant@CList@@IAEPAXK@Z
-  - ?Next@CList@@UBEPAXQAX@Z
-  - ?Next@CLockList@@UBEPAXQAX@Z
-  - ?Next@CNoLockList@@UBEPAXQAX@Z
-  - ?NextPool@CMemoryPoolAllocator@@QAEPAV1@XZ
-  - ?NotityTerminate@CWorkerThread@@QAEXXZ
-  - ?PostJobToWorkerThread@CWorkerThreadPool@@QAEJP6GXPAX@Z0E@Z
-  - ?Pulse@CKEvent@@QAEJJE@Z
-  - ?QueueJob@CWorkerThreadJobQueue@@QAEEPAVCWorkerThreadJob@@@Z
-  - ?QueueJobItem@CWorkerThreadPool@@QAEJPAVCWorkerThreadJob@@@Z
-  - ?RCMInstance@CWorkerThreadPool@@SGPAV1@XZ
-  - ?Read@CFile@@QAEJPADKPAK@Z
-  - ?ReferenceCount@CContext@@QAEAAKXZ
-  - ?Release@CLockEvent@@QAEXXZ
-  - ?Remove@CContextList@@UAEEQAX@Z
-  - ?Remove@CList@@UAEEQAX@Z
-  - ?Remove@CLockList@@UAEEQAX@Z
-  - ?Remove@CNoLockList@@UAEEQAX@Z
-  - ?RemoveHead@CList@@UAEPAXXZ
-  - ?RemoveHead@CLockList@@UAEPAXXZ
-  - ?RemoveHead@CNoLockList@@UAEPAXXZ
-  - ?RemoveTail@CList@@UAEPAXXZ
-  - ?RemoveTail@CLockList@@UAEPAXXZ
-  - ?RemoveTail@CNoLockList@@UAEPAXXZ
-  - ?Reset@CKEvent@@QAEXXZ
-  - ?RestoreCR0@@YGXPAX@Z
-  - ?Run@CAutoUpdateConfigThread@@UAEXXZ
-  - ?Run@CDelayLoadThread@@UAEXXZ
-  - ?Run@CWorkerThread@@UAEXXZ
-  - ?SeekToEnd@CFile@@QAEJXZ
-  - ?Set@CKEvent@@QAEJJE@Z
-  - ?SetAttributes@CFile@@QAEJK@Z
-  - ?SetBlobCofig@CContext@@UAEJKPAXK@Z
-  - ?SetData@CBlobConfig@@QAEHPAXK@Z
-  - ?SetData@CModuleFileExtConfig@@QAEHPBG@Z
-  - ?SetData@CModuleFlagConfig@@QAEHK@Z
-  - ?SetData@CModuleMultiStringConfig@@QAEHPBG@Z
-  - ?SetData@CModuleStringConfig@@QAEHPBG@Z
-  - ?SetEngineContext@CContext@@QAEXPAX@Z
-  - ?SetFileExtensionConfig@CContext@@UAEJKPBG@Z
-  - ?SetFlagConfig@CContext@@UAEJKK@Z
-  - ?SetLinkContext@CContext@@QAEXPAX@Z
-  - ?SetLogFlag@CDebugLog@@QAEEK@Z
-  - ?SetMatchAllExtensions@CFileExtension@@QAEXE@Z
-  - ?SetMatchNoExtensions@CFileExtension@@QAEXE@Z
-  - ?SetMultiStringConfig@CContext@@UAEJKPBG@Z
-  - ?SetNewJobItemEvent@CWorkerThreadJobQueue@@QAEXXZ
-  - ?SetPriority@CSystemThread@@QAEXK@Z
-  - ?SetStopUse@CContext@@QAEXXZ
-  - ?SetStringConfig@CContext@@UAEJKPBG@Z
-  - ?Setup@CSystemThread@@MAEXXZ
-  - ?StopUse@CContext@@QAEHXZ
-  - ?TearDown@CSystemThread@@MAEXXZ
-  - ?Terminate@CSystemThread@@QAEXE@Z
-  - ?Terminate@CWorkerThreadPool@@QAEEXZ
-  - ?TmExceptionFilter@@YGJPAU_EXCEPTION_POINTERS@@@Z
-  - ?Wait@CKEvent@@QAEJPAT_LARGE_INTEGER@@E@Z
-  - ?WaitFinish@CWorkerThreadJob@@QAEXXZ
-  - ?WaitForReady@CDelayLoadThread@@QAEEXZ
-  - ?WaitNewJobAvailable@CWorkerThreadJobQueue@@QAEEXZ
-  - ?Write@CDebugLog@@QAAXPBDZZ
-  - ?Write@CFile@@QAEJPADKPAT_LARGE_INTEGER@@PAK@Z
-  - ?WriteSystemInformation@CDebugLog@@QAEXXZ
-  - ?WriteSystemStringInformation@CDebugLog@@IAEXPBG@Z
-  - ?WriteToFile@CDebugLog@@IAEXPADK@Z
-  - ?_pNonPagedAllocator@@3PAVCMemoryAllocator@@A
-  - ?_pPagedAllocator@@3PAVCMemoryAllocator@@A
-  - ?m_lpInstance@CWorkerThreadPool@@1PAV1@A
-  - ?m_lpRCMInstance@CWorkerThreadPool@@1PAV1@A
-  - _DeInitKmLPC@0
-  - _GetModuleInfoByAddress@8
-  - _GetModuleInfoByModuleName@8
-  - _InitKmLPC@0
-  - _KmCallUm@8
-  - _KmCallUmEx@12
-  - _ModGetExportProcAddress@8
-  - _ModLoadDLLToBuffer@4
-  - _ModLoadDLLToBufferWithImageSize@8
-  - _ModLoadModule@8
-  - _ModUnLoadModule@4
-  - _NormalizeFileName@4
-  - _NormalizeFullNtPathToDosName@4
-  - _TmCommConfigRoutine@4
-  - _UtilAddDeviceInDriveTable@4
-  - _UtilCleanFileReadOnly@4
-  - _UtilDeleteFileForce@4
-  - _UtilGetFileObjectForProcessByEPROC@8
-  - _UtilGetFileObjectFromFileName@12
-  - _UtilGetProcessName@12
-  - _UtilGetSystemDirectory@4
-  - _UtilGetSystemTime@4
-  - _UtilIoSetFileInfo@24
-  - _UtilIopCreateFileIRP@40
-  - _UtilKeGetLowFileDevice@16
-  - _UtilModuleIATHook@24
-  - _UtilModuleIATUnHook@8
-  - _UtilQueryKeyValue@24
-  - _UtilRemoveDeviceFromDriveTable@4
-  - _UtilVolumeDeviceToDosName@8
-  - _UtilWaitValueChangeToZero@8
-  - _UtilWriteVersionToRegistry@8
-  - _UtilbuildDynamicDiskMappingTable@0
-  - __UtilDosPathNameToNtPathName@12
-  ImportedFunctions:
-  - KeWaitForSingleObject
-  - KeReleaseSemaphore
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - RtlSubAuthoritySid
-  - RtlInitializeSid
-  - ExAllocatePoolWithTag
-  - RtlLengthRequiredSid
-  - ExFreePoolWithTag
-  - RtlSetDaclSecurityDescriptor
-  - RtlCreateSecurityDescriptor
-  - RtlAddAccessAllowedAce
-  - RtlCreateAcl
-  - ObfDereferenceObject
-  - ZwSetEvent
-  - ZwClose
-  - ZwRequestWaitReplyPort
-  - ProbeForWrite
-  - ZwFreeVirtualMemory
-  - ZwAllocateVirtualMemory
-  - ObOpenObjectByPointer
-  - PsProcessType
-  - memmove
-  - ZwConnectPort
-  - RtlInitUnicodeString
-  - RtlUnicodeStringToInteger
-  - ZwCreateSection
-  - ZwWaitForSingleObject
-  - ZwOpenEvent
-  - ObfReferenceObject
-  - IoGetCurrentProcess
-  - PsGetProcessExitTime
-  - MmSectionObjectType
-  - DbgPrint
-  - memset
-  - MmIsAddressValid
-  - ExInitializeResourceLite
-  - ExDeleteResourceLite
-  - ZwWriteFile
-  - ZwReadFile
-  - ZwQueryInformationFile
-  - ZwSetInformationFile
-  - ZwCreateFile
-  - swprintf
-  - towupper
-  - _wcsnicmp
-  - KeInitializeEvent
-  - _snprintf
-  - PsGetCurrentProcessId
-  - RtlTimeToTimeFields
-  - ExSystemTimeToLocalTime
-  - KeQuerySystemTime
-  - ZwCreateKey
-  - ZwCreateEvent
-  - KeWaitForMultipleObjects
-  - ObReferenceObjectByHandle
-  - ZwNotifyChangeKey
-  - PsGetCurrentThreadId
-  - _vsnprintf
-  - KeSetPriorityThread
-  - PsTerminateSystemThread
-  - PsCreateSystemThread
-  - KeNumberProcessors
-  - ZwQueryInformationProcess
-  - PsLookupProcessByProcessId
-  - KeDelayExecutionThread
-  - ZwOpenDirectoryObject
-  - PsSetCreateProcessNotifyRoutine
-  - ZwQuerySystemInformation
-  - ZwQueryDirectoryFile
-  - ZwQueryDirectoryObject
-  - ZwDuplicateObject
-  - ZwOpenKey
-  - ZwEnumerateKey
-  - ZwEnumerateValueKey
-  - ZwQueryValueKey
-  - ZwDeleteValueKey
-  - ZwDeleteKey
-  - ExGetPreviousMode
-  - ZwTerminateProcess
-  - ZwOpenProcess
-  - ZwQueryKey
-  - ZwSetValueKey
-  - MmHighestUserAddress
-  - IoFreeIrp
-  - IoFreeMdl
-  - MmUnlockPages
-  - KeInitializeSemaphore
-  - _strnicmp
-  - RtlQueryRegistryValues
-  - RtlAppendUnicodeToString
-  - mbstowcs
-  - ZwQuerySymbolicLinkObject
-  - ZwOpenSymbolicLinkObject
-  - NtClose
-  - ZwSetInformationObject
-  - _stricmp
-  - ZwUnmapViewOfSection
-  - ZwMapViewOfSection
-  - ZwOpenFile
-  - RtlEqualUnicodeString
-  - IoFileObjectType
-  - IoCreateFile
-  - IofCallDriver
-  - IoAllocateIrp
-  - MmBuildMdlForNonPagedPool
-  - IoAllocateMdl
-  - ProbeForRead
-  - PsGetVersion
-  - MmGetSystemRoutineAddress
-  - RtlCopyUnicodeString
-  - RtlCompareMemory
-  - _snwprintf
-  - RtlImageNtHeader
-  - RtlFreeUnicodeString
-  - RtlAnsiStringToUnicodeString
-  - RtlInitAnsiString
-  - strrchr
-  - ZwQueryVolumeInformationFile
-  - ObReferenceObjectByPointer
-  - ObQueryNameString
-  - IoBuildDeviceIoControlRequest
-  - IofCompleteRequest
-  - ExEventObjectType
-  - _allmul
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - IoCreateSymbolicLink
-  - IoGetDeviceObjectPointer
-  - RtlUpperChar
-  - RtlCompareUnicodeString
-  - strncpy
-  - KeServiceDescriptorTable
-  - NtOpenProcess
-  - ObOpenObjectByName
-  - IoDriverObjectType
-  - RtlAppendUnicodeStringToString
-  - NtQueryInformationProcess
-  - PsIsThreadTerminating
-  - PsThreadType
-  - KeAddSystemServiceTable
-  - ZwQueryObject
-  - ZwQuerySecurityObject
-  - ObInsertObject
-  - _allrem
-  - IoReleaseVpbSpinLock
-  - IoAcquireVpbSpinLock
-  - SeCreateAccessState
-  - IoGetFileObjectGenericMapping
-  - RtlUpcaseUnicodeString
-  - ObCreateObject
-  - _allshr
-  - MmUnmapIoSpace
-  - MmGetPhysicalAddress
-  - MmFreeContiguousMemory
-  - MmAllocateContiguousMemory
-  - MmMapIoSpace
-  - KeTickCount
-  - KeBugCheckEx
-  - RtlUnwind
-  - KeClearEvent
-  - KePulseEvent
-  - KeSetEvent
-  - wcsrchr
-  - memcpy
-  - ZwSetSecurityObject
-  - IoDeviceObjectType
-  - IoCreateDevice
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetSaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - RtlLengthSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - SeExports
-  - IoIsWdmVersionAvailable
-  - RtlLengthSid
-  - wcschr
-  - RtlAbsoluteToSelfRelativeSD
-  - wcsncpy
-  - ExReleaseResourceLite
-  - ExAcquireResourceExclusiveLite
-  - ExAcquireResourceSharedLite
-  - ExReleaseFastMutexUnsafe
-  - KeLeaveCriticalRegion
-  - KeEnterCriticalRegion
-  - ExAcquireFastMutexUnsafe
-  - _purecall
-  - IoBuildAsynchronousFsdRequest
-  - KeGetCurrentThread
-  - KeRaiseIrqlToDpcLevel
-  - KfLowerIrql
-  - ExReleaseFastMutex
-  - ExAcquireFastMutex
-  - ClassInitialize
-  - ScsiPortReadPortBufferUshort
-  - ScsiPortReadPortUchar
-  - ScsiPortWritePortUchar
-  - ScsiPortStallExecution
-  - ScsiPortWritePortBufferUshort
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-09-30 00:00:00'
-      ValidTo: '2014-01-01 23:59:59'
-      Signature: aedd211d5f8f807ad25209eadb6ed25d8be8c21b6904be51a5010e59fa37d174a3eedced89742b62d5a6bf4fad361754f013e0a345d24c26cbe26da21fd01e7a070fb6b37b6f5068a2e931b3b7997d8070a0a7de0b1ea4fff34d811bdd20c91cc4afcff18ffad9da95f0ecdc5cbfe88c5a3e7ab0a3eb59437411e09b1a6af36f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4d6290e58c54f0f1eb17341a1310e6a4
-      Version: 3
-      TBS:
-        MD5: b7d8444a70054990435f35a5630df5e1
-        SHA1: 4678c6e4a8787a8e6ed2bce8792b122f6c08afd8
-        SHA256: 0a8b4b359ea7890b358e56e436e9cfc6f32b037b2599b597ca7f7a80d475ec98
-        SHA384: ab21ee23bcdcf6f6066fb964d61467419ca8c0f3ad0b3fa2be4db6ed6af1cdff066b27d1988551c75836f22eddffef1f
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=TW, ST=Taiwan, L=Taipei, O=Trend Micro, Inc., OU=Digital ID Class
-        3 , Microsoft Software Validation v2, OU=RD, CN=Trend Micro, Inc.
-      ValidFrom: '2011-01-31 00:00:00'
-      ValidTo: '2012-02-16 23:59:59'
-      Signature: 5ae5a2abcc8bbf832dd651a0cb396ee5af87305e67d20288d6d830699286ce0b1b3ec77c732d80564e6a482461bda52329dc301ec6286011fe60413c97f4207bf675a71460365e9d917b19d7b5e7c49ff035a5488f8fc703a61512b1588cb6fc8ceef0f6353d47c66a5edbef40e53197431ada77acef71cca7db0dbaa88d02355af0a62a7901e91bc8c59ad48b4ecfd67f137023601c308691ad14d6859c9d6b28c6a3e15314e55832cea94793436a5610bbe5f0901cedc6796c9ca53b5d55f79974cd6be7093bba119675614c1654139096e506c3fb92460d45879bdbc196bd833ae4dc31da6e14130df14a20c05615db7ea7e25aa0fe59801ec30a56501e56
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 24e3d70b86ed54d0b22c3450b960984e
-      Version: 3
-      TBS:
-        MD5: 8ddf6d6623a3f10024af513804bb606d
-        SHA1: 4daedaec405b6dfefce005517e230b2419ad08bc
-        SHA256: 54894db2dab64a4991b4deab1a3415d4ea0d9905711af3b67242a0568d799b95
-        SHA384: 86d5ea29e277816e49909c8dc8a7771ade2a556ded900951402c72b4b892570cd6bc43f790716c492c07579919c366be
-    Signer:
-    - SerialNumber: 24e3d70b86ed54d0b22c3450b960984e
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: b096b1994ceb1d288d734b2bd59137d7
-    SHA1: a9cb9331ae0ecb82e617ff09fe40796ab093035e
-    SHA256: 0a5393cf21980cb34b6c35c2fe034fa52f56cd502b9bb49398d04d555bc5cc8f
-  Sections:
-    .text:
-      Entropy: 6.637129922851107
-      Virtual Size: '0x22ba5'
-    .rdata:
-      Entropy: 4.761454035310139
-      Virtual Size: '0x1714'
-    .data:
-      Entropy: 5.079351030694088
-      Virtual Size: '0x236c'
-    PAGE:
-      Entropy: 6.246612764915399
-      Virtual Size: '0x13dd'
-    .edata:
-      Entropy: 5.836296202788555
-      Virtual Size: '0x46c0'
-    INIT:
-      Entropy: 5.65752465779162
-      Virtual Size: '0x14a0'
-    .rsrc:
-      Entropy: 3.3462893643061093
-      Virtual Size: '0x4c8'
-    .reloc:
-      Entropy: 6.4411864426675525
-      Virtual Size: '0x224c'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2011-06-20 22:08:35'
-  Imphash: 8418ac0d7aaa9015794e55ea54733342
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: TmComm.sys
-  MD5: 569676d3d45b0964ac6dd0815be8ff8c
-  SHA1: 58b31fb2b623bd2c5d5c8c49b657a14a674664a4
-  SHA256: 76e807b6c0214e66455f09a8de8faad40b738982ca84470f0043de0290449524
-  Authentihash:
-    MD5: 6d3193458659666e4c86ec1b9fb06bf9
-    SHA1: ef123d041e10d8a0b22786f6e471d0c18bc13167
-    SHA256: 83a67b544982a2fd1484af752cc4ab2f6c0b50cb3c9dba60b888c2c2e37d1036
-  Description: TrendMicro Common Module
-  Company: Trend Micro Inc.
-  InternalName: TmComm.sys
-  OriginalFilename: TmComm.sys
-  FileVersion: 6.20.0.1008
-  Product: Trend Micro Eyes
-  ProductVersion: '6.20'
-  Copyright: Copyright (C) 2013 Trend Micro Incorporated. All rights reserved.
-  MachineType: I386
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  - CLASSPNP.SYS
-  ExportedFunctions:
-  - ??0CAutoUpdateConfigThread@@QAE@ABV0@@Z
-  - ??0CAutoUpdateConfigThread@@QAE@PAU_UNICODE_STRING@@P6GX0PAX@Z1@Z
-  - ??0CBlobConfig@@QAE@ABV0@@Z
-  - ??0CBlobConfig@@QAE@K@Z
-  - ??0CContext@@QAE@ABV0@@Z
-  - ??0CContext@@QAE@KP6GJPAU_EVENT_REPORT@@PAXPAU_TMCE_REPORT@@PAU_TMCE_FEEDBACK@@@Z1K@Z
-  - ??0CContextList@@QAE@ABV0@@Z
-  - ??0CContextList@@QAE@KPAVIMemoryAllocator@@@Z
-  - ??0CDebugLog@@QAE@ABV0@@Z
-  - ??0CDebugLog@@QAE@PBG@Z
-  - ??0CDebugLogEx@@QAE@ABV0@@Z
-  - ??0CDebugLogEx@@QAE@K@Z
-  - ??0CDelayLoadThread@@QAE@ABV0@@Z
-  - ??0CDelayLoadThread@@QAE@XZ
-  - ??0CExclusionExtConfig@@QAE@ABV0@@Z
-  - ??0CExclusionExtConfig@@QAE@KKE@Z
-  - ??0CExclusionFileNameConfig@@QAE@ABV0@@Z
-  - ??0CExclusionFileNameConfig@@QAE@KK@Z
-  - ??0CExclusionFilePathConfig@@QAE@ABV0@@Z
-  - ??0CExclusionFilePathConfig@@QAE@KK@Z
-  - ??0CExclusionFolderConfig@@QAE@ABV0@@Z
-  - ??0CExclusionFolderConfig@@QAE@KK@Z
-  - ??0CExclusionRegistryConfig@@QAE@ABV0@@Z
-  - ??0CExclusionRegistryConfig@@QAE@KK@Z
-  - ??0CFile@@QAE@ABV0@@Z
-  - ??0CFile@@QAE@E@Z
-  - ??0CFileExtension@@QAE@ABV0@@Z
-  - ??0CFileExtension@@QAE@KEEPAVIMemoryAllocator@@@Z
-  - ??0CInclusionExtConfig@@QAE@ABV0@@Z
-  - ??0CInclusionExtConfig@@QAE@KKE@Z
-  - ??0CInclusionFileNameConfig@@QAE@ABV0@@Z
-  - ??0CInclusionFileNameConfig@@QAE@KK@Z
-  - ??0CInclusionFilePathConfig@@QAE@ABV0@@Z
-  - ??0CInclusionFilePathConfig@@QAE@KK@Z
-  - ??0CInclusionFolderConfig@@QAE@ABV0@@Z
-  - ??0CInclusionFolderConfig@@QAE@KK@Z
-  - ??0CKEvent@@QAE@ABV0@@Z
-  - ??0CKEvent@@QAE@W4_EVENT_TYPE@@E@Z
-  - ??0CList@@QAE@ABV0@@Z
-  - ??0CList@@QAE@KPAVIMemoryAllocator@@@Z
-  - ??0CLockEvent@@QAE@ABV0@@Z
-  - ??0CLockEvent@@QAE@XZ
-  - ??0CLockList@@QAE@ABV0@@Z
-  - ??0CLockList@@QAE@KKPAVIMemoryAllocator@@@Z
-  - ??0CMemoryAllocator@@IAE@W4_POOL_TYPE@@K@Z
-  - ??0CMemoryAllocator@@QAE@ABV0@@Z
-  - ??0CMemoryPoolAllocator@@IAE@W4_POOL_TYPE@@KKK@Z
-  - ??0CMemoryPoolAllocator@@QAE@ABV0@@Z
-  - ??0CModuleConfig@@QAE@ABV0@@Z
-  - ??0CModuleConfig@@QAE@XZ
-  - ??0CModuleConfigList@@QAE@ABV0@@Z
-  - ??0CModuleConfigList@@QAE@KPAVIMemoryAllocator@@@Z
-  - ??0CModuleFileExtConfig@@QAE@ABV0@@Z
-  - ??0CModuleFileExtConfig@@QAE@KKE@Z
-  - ??0CModuleFlagConfig@@QAE@ABV0@@Z
-  - ??0CModuleFlagConfig@@QAE@K@Z
-  - ??0CModuleMultiStringConfig@@QAE@ABV0@@Z
-  - ??0CModuleMultiStringConfig@@QAE@KK@Z
-  - ??0CModuleStringConfig@@QAE@ABV0@@Z
-  - ??0CModuleStringConfig@@QAE@K@Z
-  - ??0CNoLockList@@QAE@ABV0@@Z
-  - ??0CNoLockList@@QAE@KKPAVIMemoryAllocator@@@Z
-  - ??0CSmartLock@@QAE@AAVCLockEvent@@@Z
-  - ??0CSmartLock@@QAE@XZ
-  - ??0CSmartReference@@QAE@AAJ@Z
-  - ??0CSmartReference@@QAE@AAK@Z
-  - ??0CSmartResource@@QAE@AAVCResource@@E@Z
-  - ??0CStrList@@QAE@ABV0@@Z
-  - ??0CStrList@@QAE@KPAVIMemoryAllocator@@@Z
-  - ??0CSystemThread@@QAE@ABV0@@Z
-  - ??0CSystemThread@@QAE@K@Z
-  - ??0CUserFuncAdapterJob@@QAE@ABV0@@Z
-  - ??0CUserFuncAdapterJob@@QAE@P6GXPAX@Z01@Z
-  - ??0CWorkerThread@@IAE@PAVCWorkerThreadJobQueue@@@Z
-  - ??0CWorkerThread@@QAE@ABV0@@Z
-  - ??0CWorkerThreadJob@@QAE@ABV0@@Z
-  - ??0CWorkerThreadJob@@QAE@E@Z
-  - ??0CWorkerThreadJobQueue@@QAE@ABV0@@Z
-  - ??0CWorkerThreadJobQueue@@QAE@K@Z
-  - ??0CWorkerThreadPool@@QAE@ABV0@@Z
-  - ??0CWorkerThreadPool@@QAE@K@Z
-  - ??0CWorkerThreadPoolEx@@QAE@ABV0@@Z
-  - ??0CWorkerThreadPoolEx@@QAE@KK@Z
-  - ??0IMemoryAllocator@@QAE@ABV0@@Z
-  - ??0IMemoryAllocator@@QAE@XZ
-  - ??1CAutoUpdateConfigThread@@UAE@XZ
-  - ??1CBlobConfig@@UAE@XZ
-  - ??1CContext@@UAE@XZ
-  - ??1CContextList@@UAE@XZ
-  - ??1CDebugLog@@UAE@XZ
-  - ??1CDebugLogEx@@UAE@XZ
-  - ??1CDelayLoadThread@@UAE@XZ
-  - ??1CExclusionExtConfig@@UAE@XZ
-  - ??1CExclusionFileNameConfig@@UAE@XZ
-  - ??1CExclusionFilePathConfig@@UAE@XZ
-  - ??1CExclusionFolderConfig@@UAE@XZ
-  - ??1CExclusionRegistryConfig@@UAE@XZ
-  - ??1CFile@@UAE@XZ
-  - ??1CFileExtension@@UAE@XZ
-  - ??1CInclusionExtConfig@@UAE@XZ
-  - ??1CInclusionFileNameConfig@@UAE@XZ
-  - ??1CInclusionFilePathConfig@@UAE@XZ
-  - ??1CInclusionFolderConfig@@UAE@XZ
-  - ??1CKEvent@@UAE@XZ
-  - ??1CList@@UAE@XZ
-  - ??1CLockEvent@@UAE@XZ
-  - ??1CLockList@@UAE@XZ
-  - ??1CMemoryAllocator@@UAE@XZ
-  - ??1CMemoryPoolAllocator@@UAE@XZ
-  - ??1CModuleConfig@@UAE@XZ
-  - ??1CModuleConfigList@@UAE@XZ
-  - ??1CModuleFileExtConfig@@UAE@XZ
-  - ??1CModuleFlagConfig@@UAE@XZ
-  - ??1CModuleMultiStringConfig@@UAE@XZ
-  - ??1CModuleStringConfig@@UAE@XZ
-  - ??1CNoLockList@@UAE@XZ
-  - ??1CSmartLock@@QAE@XZ
-  - ??1CSmartReference@@QAE@XZ
-  - ??1CSmartResource@@QAE@XZ
-  - ??1CStrList@@UAE@XZ
-  - ??1CSystemThread@@UAE@XZ
-  - ??1CUserFuncAdapterJob@@UAE@XZ
-  - ??1CWorkerThread@@UAE@XZ
-  - ??1CWorkerThreadJob@@UAE@XZ
-  - ??1CWorkerThreadJobQueue@@UAE@XZ
-  - ??1CWorkerThreadPool@@UAE@XZ
-  - ??1CWorkerThreadPoolEx@@UAE@XZ
-  - ??1IMemoryAllocator@@UAE@XZ
-  - ??2@YAPAXIPAVIMemoryAllocator@@PBDK@Z
-  - ??2CMemoryAllocator@@SGPAXI@Z
-  - ??2CMemoryPoolAllocator@@SGPAXI@Z
-  - ??3@YAXPAX@Z
-  - ??3IMemoryAllocator@@SGXPAX@Z
-  - ??4CAutoUpdateConfigThread@@QAEAAV0@ABV0@@Z
-  - ??4CBlobConfig@@QAEAAV0@ABV0@@Z
-  - ??4CContext@@QAEAAV0@ABV0@@Z
-  - ??4CDebugLog@@QAEAAV0@ABV0@@Z
-  - ??4CDebugLogEx@@QAEAAV0@ABV0@@Z
-  - ??4CDelayLoadThread@@QAEAAV0@ABV0@@Z
-  - ??4CFile@@QAEAAV0@ABV0@@Z
-  - ??4CKEvent@@QAEAAV0@ABV0@@Z
-  - ??4CLockEvent@@QAEAAV0@ABV0@@Z
-  - ??4CMemoryAllocator@@QAEAAV0@ABV0@@Z
-  - ??4CMemoryPoolAllocator@@QAEAAV0@ABV0@@Z
-  - ??4CModuleConfig@@QAEAAV0@ABV0@@Z
-  - ??4CModuleFlagConfig@@QAEAAV0@ABV0@@Z
-  - ??4CModuleStringConfig@@QAEAAV0@ABV0@@Z
-  - ??4CSmartLock@@QAEAAV0@ABV0@@Z
-  - ??4CSmartLock@@QAEABV0@AAVCLockEvent@@@Z
-  - ??4CSmartResource@@QAEAAV0@ABV0@@Z
-  - ??4CSystemThread@@QAEAAV0@ABV0@@Z
-  - ??4CUserFuncAdapterJob@@QAEAAV0@ABV0@@Z
-  - ??4CWorkerThread@@QAEAAV0@ABV0@@Z
-  - ??4CWorkerThreadJob@@QAEAAV0@ABV0@@Z
-  - ??4IMemoryAllocator@@QAEAAV0@ABV0@@Z
-  - ??_7CAutoUpdateConfigThread@@6B@
-  - ??_7CBlobConfig@@6B@
-  - ??_7CContext@@6B@
-  - ??_7CContextList@@6B@
-  - ??_7CDebugLog@@6B@
-  - ??_7CDebugLogEx@@6B@
-  - ??_7CDelayLoadThread@@6B@
-  - ??_7CExclusionExtConfig@@6B@
-  - ??_7CExclusionFileNameConfig@@6B@
-  - ??_7CExclusionFilePathConfig@@6B@
-  - ??_7CExclusionFolderConfig@@6B@
-  - ??_7CExclusionRegistryConfig@@6B@
-  - ??_7CFile@@6B@
-  - ??_7CFileExtension@@6B@
-  - ??_7CInclusionExtConfig@@6B@
-  - ??_7CInclusionFileNameConfig@@6B@
-  - ??_7CInclusionFilePathConfig@@6B@
-  - ??_7CInclusionFolderConfig@@6B@
-  - ??_7CKEvent@@6B@
-  - ??_7CList@@6B@
-  - ??_7CLockEvent@@6B@
-  - ??_7CLockList@@6B@
-  - ??_7CMemoryAllocator@@6B@
-  - ??_7CMemoryPoolAllocator@@6B@
-  - ??_7CModuleConfig@@6B@
-  - ??_7CModuleConfigList@@6B@
-  - ??_7CModuleFileExtConfig@@6B@
-  - ??_7CModuleFlagConfig@@6B@
-  - ??_7CModuleMultiStringConfig@@6B@
-  - ??_7CModuleStringConfig@@6B@
-  - ??_7CNoLockList@@6B@
-  - ??_7CStrList@@6B@
-  - ??_7CSystemThread@@6B@
-  - ??_7CUserFuncAdapterJob@@6B@
-  - ??_7CWorkerThread@@6B@
-  - ??_7CWorkerThreadJob@@6B@
-  - ??_7CWorkerThreadJobQueue@@6B@
-  - ??_7CWorkerThreadPool@@6B@
-  - ??_7CWorkerThreadPoolEx@@6B@
-  - ??_7IMemoryAllocator@@6B@
-  - ??_FCContextList@@QAEXXZ
-  - ??_FCFile@@QAEXXZ
-  - ??_FCFileExtension@@QAEXXZ
-  - ??_FCModuleConfigList@@QAEXXZ
-  - ??_FCStrList@@QAEXXZ
-  - ??_FCSystemThread@@QAEXXZ
-  - ??_FCWorkerThread@@QAEXXZ
-  - ??_FCWorkerThreadJob@@QAEXXZ
-  - ??_FCWorkerThreadJobQueue@@QAEXXZ
-  - ??_U@YAPAXIPAVIMemoryAllocator@@PBDK@Z
-  - ??_V@YAXPAX@Z
-  - ?Acquire@CLockEvent@@QAEXXZ
-  - ?Add@CContextList@@QAEEPAVCContext@@@Z
-  - ?Add@CFileExtension@@QAEEPBGK@Z
-  - ?Add@CModuleConfigList@@QAEEPAVCModuleConfig@@@Z
-  - ?Add@CStrList@@QAEEPBG@Z
-  - ?AddNode@CLockList@@UAEEQAXE@Z
-  - ?AddNode@CNoLockList@@UAEEQAXE@Z
-  - ?Alloc@CMemoryAllocator@@UAEPAXKPBDK@Z
-  - ?Alloc@CMemoryPoolAllocator@@UAEPAXKPBDK@Z
-  - ?AllocBlock@CMemoryPoolAllocator@@IAEPAXK@Z
-  - ?AttachJobQueue@CWorkerThread@@QAEXPAVCWorkerThreadJobQueue@@@Z
-  - ?Cancel@CWorkerThreadJob@@QAEXXZ
-  - ?CheckNode@CLockList@@UAEHQAX@Z
-  - ?CheckNode@CNoLockList@@UAEHQAX@Z
-  - ?CleanQueue@CWorkerThreadJobQueue@@QAEXXZ
-  - ?Cleanup@CBlobConfig@@AAEXXZ
-  - ?Cleanup@CModuleFileExtConfig@@IAEXXZ
-  - ?Cleanup@CModuleMultiStringConfig@@IAEXXZ
-  - ?Cleanup@CModuleStringConfig@@AAEXXZ
-  - ?Close@CFile@@QAEJXZ
-  - ?Count@CLockList@@QAEKXZ
-  - ?Count@CNoLockList@@QAEKXZ
-  - ?Create@CFile@@QAEJPBGKKKK@Z
-  - ?Create@CSystemThread@@QAEEXZ
-  - ?CreateInstance@CMemoryAllocator@@SGPAV1@W4_POOL_TYPE@@K@Z
-  - ?CreateInstance@CMemoryPoolAllocator@@SGPAV1@W4_POOL_TYPE@@KKK@Z
-  - ?CreatePool@CWorkerThreadPool@@QAEEXZ
-  - ?CreatePool@CWorkerThreadPoolEx@@QAEEXZ
-  - ?CreateThreads@CWorkerThreadPool@@QAEEK@Z
-  - ?CreateThreads@CWorkerThreadPoolEx@@QAEEK@Z
-  - ?CreateWIRP@CFile@@QAEJPBGKKKK@Z
-  - ?Delete@CFile@@QAEJXZ
-  - ?Delete@CFileExtension@@QAEEPBGK@Z
-  - ?Delete@CStrList@@QAEEPBG@Z
-  - ?DeleteAll@CList@@UAEXXZ
-  - ?DeleteAll@CLockList@@UAEXXZ
-  - ?DeleteAll@CNoLockList@@UAEXXZ
-  - ?DeleteNode@CContextList@@MAEXPAX@Z
-  - ?DeleteNode@CList@@UAEXPAX@Z
-  - ?DeleteNode@CModuleConfigList@@MAEXPAX@Z
-  - ?DeleteNode@CStrList@@EAEXPAU_STR_LIST_NODE@1@@Z
-  - ?DisableWriteProtectFromCR0@@YGXPAPAX@Z
-  - ?DoIt@CWorkerThreadJob@@QAEJXZ
-  - ?EntryPoint@CSystemThread@@KGXPAX@Z
-  - ?Find@CContextList@@QAEPAVCContext@@K@Z
-  - ?Find@CContextList@@QAEPAVCContext@@PAX@Z
-  - ?Find@CFileExtension@@QAEPAU_STR_LIST_NODE@CStrList@@PBGK@Z
-  - ?Find@CModuleConfigList@@QAEPAVCModuleConfig@@K@Z
-  - ?Find@CStrList@@QAEPAU_STR_LIST_NODE@1@PBG@Z
-  - ?FindNode@CContextList@@IAEPAXPAX@Z
-  - ?FindPartiallyAndAllMatch@CStrList@@QAEPAU_STR_LIST_NODE@1@PBG@Z
-  - ?FinishFunction@CUserFuncAdapterJob@@MAEXXZ
-  - ?FinishIt@CWorkerThreadJob@@QAEJXZ
-  - ?First@CList@@UAEPAXXZ
-  - ?First@CLockList@@UAEPAXXZ
-  - ?First@CNoLockList@@UAEPAXXZ
-  - ?Free@CMemoryAllocator@@UAEXPAX@Z
-  - ?Free@CMemoryPoolAllocator@@UAEXPAX@Z
-  - ?GetAttributes@CFile@@QAEKXZ
-  - ?GetBasicInfomration@CFile@@IAEJXZ
-  - ?GetBlobCofig@CContext@@UAEJKPAXPAK@Z
-  - ?GetCategory@CContext@@QAEKXZ
-  - ?GetData@CBlobConfig@@QAEHPAXPAK@Z
-  - ?GetData@CModuleFileExtConfig@@QAEHPAGPAK@Z
-  - ?GetData@CModuleFileExtConfig@@QAEPAVCFileExtension@@XZ
-  - ?GetData@CModuleFlagConfig@@QAEKXZ
-  - ?GetData@CModuleMultiStringConfig@@QAEHPAGPAK@Z
-  - ?GetData@CModuleMultiStringConfig@@QAEPAVCStrList@@XZ
-  - ?GetData@CModuleStringConfig@@QAEPAGXZ
-  - ?GetData@CStrList@@QAEEPAGPAK@Z
-  - ?GetDataType@CModuleConfig@@QAEKXZ
-  - ?GetEngineContext@CContext@@QAEPAXXZ
-  - ?GetFileExtensionConfig@CContext@@QAEPAVCFileExtension@@K@Z
-  - ?GetFileExtensionConfig@CContext@@UAEJKPAGPAK@Z
-  - ?GetFileSize@CFile@@QAEJPAT_LARGE_INTEGER@@@Z
-  - ?GetFileSizeWIRP@CFile@@QAEJPAT_LARGE_INTEGER@@@Z
-  - ?GetFlagConfig@CContext@@UAEJKPAK@Z
-  - ?GetID@CModuleConfig@@QAEKXZ
-  - ?GetJob@CWorkerThreadJobQueue@@QAEPAVCWorkerThreadJob@@XZ
-  - ?GetLength@CModuleStringConfig@@QAEKXZ
-  - ?GetLinkContext@CContext@@QAEPAXXZ
-  - ?GetLogFlag@CDebugLog@@QAEKXZ
-  - ?GetLogFlag@CDebugLogEx@@QAEKXZ
-  - ?GetModuleId@CModuleConfig@@QAEKXZ
-  - ?GetMultiStringConfig@CContext@@QAEPAVCStrList@@K@Z
-  - ?GetMultiStringConfig@CContext@@UAEJKPAGPAK@Z
-  - ?GetOneThreadTEB@CWorkerThreadPool@@QAEPAU_ETHREAD@@XZ
-  - ?GetOneThreadTEB@CWorkerThreadPool@@QAEPAU_KTHREAD@@XZ
-  - ?GetOneThreadTEB@CWorkerThreadPoolEx@@QAEPAU_ETHREAD@@XZ
-  - ?GetOneThreadTEB@CWorkerThreadPoolEx@@QAEPAU_KTHREAD@@XZ
-  - ?GetReportCallBackRoutine@CContext@@QAEKXZ
-  - ?GetSize@CBlobConfig@@QAEKXZ
-  - ?GetStringConfig@CContext@@QAEPAGK@Z
-  - ?GetStringConfig@CContext@@UAEJKPAGPAK@Z
-  - ?GetThreadCount@CWorkerThreadPool@@QAEKXZ
-  - ?GetThreadCount@CWorkerThreadPoolEx@@QAEKXZ
-  - ?GetThreadID@CSystemThread@@QAEKXZ
-  - ?GetType@CContext@@QAEKXZ
-  - ?GetUserParameter@CContext@@QAEKXZ
-  - ?InitProcMon@CDebugLogEx@@IAEXXZ
-  - ?InitializeBlobConfig@CContext@@QAEHKPAXK@Z
-  - ?InitializeFileExtensionConfig@CContext@@QAEHKPBG@Z
-  - ?InitializeFlagConfig@CContext@@QAEHKK@Z
-  - ?InitializeMultiStringConfig@CContext@@QAEHKPBG@Z
-  - ?InitializeStringConfig@CContext@@QAEHKPBG@Z
-  - ?Insert@CList@@UAEXQAXE@Z
-  - ?Insert@CLockList@@UAEXQAXE@Z
-  - ?Insert@CNoLockList@@UAEXQAXE@Z
-  - ?InsertAfter@CList@@UAEXPAX0@Z
-  - ?InsertBefore@CList@@UAEXPAX0@Z
-  - ?Instance@CWorkerThreadPool@@SGPAV1@XZ
-  - ?IsEmpty@CList@@UAEEXZ
-  - ?IsEmpty@CLockList@@UAEEXZ
-  - ?IsEmpty@CNoLockList@@UAEEXZ
-  - ?IsExceedLimitation@CMemoryPoolAllocator@@IAEEK@Z
-  - ?IsFull@CLockList@@QBEEXZ
-  - ?IsFull@CNoLockList@@QBEEXZ
-  - ?IsInExclusionList@CExclusionExtConfig@@QAEEPBG@Z
-  - ?IsInExclusionList@CExclusionFileNameConfig@@QAEEPBG@Z
-  - ?IsInExclusionList@CExclusionFilePathConfig@@QAEEPBG@Z
-  - ?IsInExclusionList@CExclusionFolderConfig@@QAEEPBG@Z
-  - ?IsInExclusionList@CExclusionRegistryConfig@@QAEEPBG@Z
-  - ?IsInInclusionList@CInclusionExtConfig@@QAEEPBG@Z
-  - ?IsInInclusionList@CInclusionFileNameConfig@@QAEEPBG@Z
-  - ?IsInInclusionList@CInclusionFilePathConfig@@QAEEPBG@Z
-  - ?IsInInclusionList@CInclusionFolderConfig@@QAEEPBG@Z
-  - ?IsOpened@CFile@@QAEEXZ
-  - ?IsTerminated@CWorkerThreadPool@@QAEEXZ
-  - ?IsTerminated@CWorkerThreadPoolEx@@QAEEXZ
-  - ?IsValid@CMemoryAllocator@@UAEEXZ
-  - ?IsValid@CMemoryPoolAllocator@@UAEEXZ
-  - ?IsValid@IMemoryAllocator@@UAEEXZ
-  - ?IsWorkerThread@CWorkerThreadPool@@QAEEK@Z
-  - ?IsWorkerThread@CWorkerThreadPoolEx@@QAEEK@Z
-  - ?JobFunction@CUserFuncAdapterJob@@MAEXXZ
-  - ?JobQueue@CWorkerThreadPool@@QAEAAVCWorkerThreadJobQueue@@XZ
-  - ?JobQueue@CWorkerThreadPoolEx@@QAEAAVCWorkerThreadJobQueue@@XZ
-  - ?Limit@CLockList@@QAEKXZ
-  - ?Limit@CNoLockList@@QAEKXZ
-  - ?MatchAllExtensions@CFileExtension@@QAEEXZ
-  - ?MatchNoExtensions@CFileExtension@@QAEEXZ
-  - ?MergeLeft@CMemoryPoolAllocator@@IAEPAXPAX@Z
-  - ?MergeRight@CMemoryPoolAllocator@@IAEPAXPAX@Z
-  - ?NeedDelete@CWorkerThreadJob@@QAEEXZ
-  - ?NeedDeleteWhenFinish@CWorkerThreadJob@@QAEXE@Z
-  - ?NewNode@CList@@UAEPAXXZ
-  - ?NewNode@CStrList@@EAEPAXXZ
-  - ?NewNodeVariant@CList@@IAEPAXK@Z
-  - ?Next@CList@@UBEPAXQAX@Z
-  - ?Next@CLockList@@UBEPAXQAX@Z
-  - ?Next@CNoLockList@@UBEPAXQAX@Z
-  - ?NextPool@CMemoryPoolAllocator@@QAEPAV1@XZ
-  - ?NotityTerminate@CWorkerThread@@QAEXXZ
-  - ?PostJobToWorkerThread@CWorkerThreadPool@@QAEJP6GXPAX@Z0E@Z
-  - ?PostJobToWorkerThread@CWorkerThreadPoolEx@@QAEJP6GXPAX@Z0E1@Z
-  - ?Pulse@CKEvent@@QAEJJE@Z
-  - ?QueueJob@CWorkerThreadJobQueue@@QAEEPAVCWorkerThreadJob@@@Z
-  - ?QueueJobItem@CWorkerThreadPool@@QAEJPAVCWorkerThreadJob@@@Z
-  - ?QueueJobItem@CWorkerThreadPoolEx@@QAEJPAVCWorkerThreadJob@@@Z
-  - ?RCMInstance@CWorkerThreadPool@@SGPAV1@XZ
-  - ?Read@CFile@@QAEJPADKPAK@Z
-  - ?ReadWIRP@CFile@@QAEJPADKPAK@Z
-  - ?ReferenceCount@CContext@@QAEAAKXZ
-  - ?Release@CLockEvent@@QAEXXZ
-  - ?Remove@CContextList@@UAEEQAX@Z
-  - ?Remove@CList@@UAEEQAX@Z
-  - ?Remove@CLockList@@UAEEQAX@Z
-  - ?Remove@CNoLockList@@UAEEQAX@Z
-  - ?RemoveHead@CList@@UAEPAXXZ
-  - ?RemoveHead@CLockList@@UAEPAXXZ
-  - ?RemoveHead@CNoLockList@@UAEPAXXZ
-  - ?RemoveTail@CList@@UAEPAXXZ
-  - ?RemoveTail@CLockList@@UAEPAXXZ
-  - ?RemoveTail@CNoLockList@@UAEPAXXZ
-  - ?Reset@CKEvent@@QAEXXZ
-  - ?ResetData@CInclusionExtConfig@@QAEXXZ
-  - ?ResetData@CInclusionFileNameConfig@@QAEXXZ
-  - ?ResetData@CInclusionFilePathConfig@@QAEXXZ
-  - ?ResetData@CInclusionFolderConfig@@QAEXXZ
-  - ?RestoreCR0@@YGXPAX@Z
-  - ?Run@CAutoUpdateConfigThread@@UAEXXZ
-  - ?Run@CDelayLoadThread@@UAEXXZ
-  - ?Run@CWorkerThread@@UAEXXZ
-  - ?SeekToEnd@CFile@@QAEJXZ
-  - ?Set@CKEvent@@QAEJJE@Z
-  - ?SetAttributes@CFile@@QAEJK@Z
-  - ?SetBlobCofig@CContext@@UAEJKPAXK@Z
-  - ?SetData@CBlobConfig@@QAEHPAXK@Z
-  - ?SetData@CModuleFileExtConfig@@QAEHPBG@Z
-  - ?SetData@CModuleFlagConfig@@QAEHK@Z
-  - ?SetData@CModuleMultiStringConfig@@QAEHPBGK@Z
-  - ?SetData@CModuleStringConfig@@QAEHPBG@Z
-  - ?SetEngineContext@CContext@@QAEXPAX@Z
-  - ?SetFileExtensionConfig@CContext@@UAEJKPBG@Z
-  - ?SetFlagConfig@CContext@@UAEJKK@Z
-  - ?SetLinkContext@CContext@@QAEXPAX@Z
-  - ?SetLogFlag@CDebugLog@@QAEEK@Z
-  - ?SetLogFlag@CDebugLogEx@@QAEEK@Z
-  - ?SetMatchAllExtensions@CFileExtension@@QAEXE@Z
-  - ?SetMatchNoExtensions@CFileExtension@@QAEXE@Z
-  - ?SetMultiStringConfig@CContext@@UAEJKPBG@Z
-  - ?SetNewJobItemEvent@CWorkerThreadJobQueue@@QAEXXZ
-  - ?SetPriority@CSystemThread@@QAEXK@Z
-  - ?SetStopUse@CContext@@QAEXXZ
-  - ?SetStringConfig@CContext@@UAEJKPBG@Z
-  - ?Setup@CSystemThread@@MAEXXZ
-  - ?StopUse@CContext@@QAEHXZ
-  - ?TearDown@CSystemThread@@MAEXXZ
-  - ?Terminate@CSystemThread@@QAEXE@Z
-  - ?Terminate@CWorkerThreadPool@@QAEEXZ
-  - ?Terminate@CWorkerThreadPoolEx@@QAEEXZ
-  - ?TmExceptionFilter@@YGJPAU_EXCEPTION_POINTERS@@@Z
-  - ?Wait@CKEvent@@QAEJPAT_LARGE_INTEGER@@E@Z
-  - ?WaitFinish@CWorkerThreadJob@@QAEXXZ
-  - ?WaitForInit@CDelayLoadThread@@QAEEXZ
-  - ?WaitForLoad@CDelayLoadThread@@QAEEXZ
-  - ?WaitNewJobAvailable@CWorkerThreadJobQueue@@QAEEXZ
-  - ?WaitQueueEmpty@CWorkerThreadJobQueue@@QAEXXZ
-  - ?Write@CDebugLog@@QAAXPBDZZ
-  - ?Write@CDebugLogEx@@QAAXPBDZZ
-  - ?Write@CFile@@QAEJPADKPAT_LARGE_INTEGER@@PAK@Z
-  - ?WriteDataToFile@CDebugLogEx@@IAEXPADK@Z
-  - ?WriteDataToProcMonW@CDebugLogEx@@IAEXPAD@Z
-  - ?WriteSystemInformation@CDebugLog@@QAEXXZ
-  - ?WriteSystemInformation@CDebugLogEx@@QAEXXZ
-  - ?WriteSystemStringInformation@CDebugLog@@IAEXPBG@Z
-  - ?WriteSystemStringInformation@CDebugLogEx@@IAEXPBG@Z
-  - ?WriteToFile@CDebugLog@@IAEXPADK@Z
-  - ?WriteToProcMonW@CDebugLogEx@@IAEXPAU_UNICODE_STRING@@@Z
-  - ?_pNonPagedAllocator@@3PAVCMemoryAllocator@@A
-  - ?_pPagedAllocator@@3PAVCMemoryAllocator@@A
-  - ?m_lpInstance@CWorkerThreadPool@@1PAV1@A
-  - ?m_lpRCMInstance@CWorkerThreadPool@@1PAV1@A
-  - _DeInitKm2UmCommunication@0
-  - _DeInitKmLPC@0
-  - _DuplicateFullFileName@4
-  - _FreeFullFileName@4
-  - _GetKm2UmMode@0
-  - _GetModuleInfoByAddress@8
-  - _GetModuleInfoByModuleName@8
-  - _InitKm2UmCommunication@8
-  - _InitKmLPC@0
-  - _KmCallUm@8
-  - _KmCallUmByLPC@8
-  - _KmCallUmEx@12
-  - _KmCleanupCommPortAPIs@0
-  - _KmGetUmInitProcess@0
-  - _KmSetCommPortAPIs@4
-  - _ModGetExportProcAddress@8
-  - _ModLoadDLLToBuffer@4
-  - _ModLoadDLLToBufferWithImageSize@8
-  - _ModLoadModule@8
-  - _ModUnLoadModule@4
-  - _NormalizeFileName@4
-  - _NormalizeFullNtPathToDosName@4
-  - _TmCommConfigRoutine@4
-  - _UtilAddDeviceInDriveTable@4
-  - _UtilAddReparsePointMapping@8
-  - _UtilCleanFileReadOnly@4
-  - _UtilCreateDosFileName@8
-  - _UtilDeleteFileForce@4
-  - _UtilGetDeviceObjectName@8
-  - _UtilGetFileNameFromFileObject@4
-  - _UtilGetFileObjectForProcessByEPROC@8
-  - _UtilGetFileObjectFromFileName@12
-  - _UtilGetProcessName@12
-  - _UtilGetSystemDirectory@4
-  - _UtilGetSystemDirectoryEx@0
-  - _UtilGetSystemDirectoryLength@0
-  - _UtilGetSystemTime@4
-  - _UtilIoSetFileInfo@24
-  - _UtilIopCreateFileIRP@40
-  - _UtilKeGetLowFileDevice@16
-  - _UtilModuleIATHook@24
-  - _UtilModuleIATUnHook@8
-  - _UtilPostJobToWorkerThread@12
-  - _UtilQueryKeyValue@24
-  - _UtilRemoveDeviceFromDriveTable@4
-  - _UtilVolumeDeviceToDosName@8
-  - _UtilWaitValueChangeToZero@8
-  - _UtilWriteVersionToRegistry@8
-  - _UtilbuildDynamicDiskMappingTable@0
-  - _UtlWriteBinValueKeyToRegistry@16
-  - _ValidateAddressWithSize@20
-  - __UtilDosPathNameToNtPathName@12
-  ImportedFunctions:
-  - wcsrchr
-  - KeSetEvent
-  - KePulseEvent
-  - KeClearEvent
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - ObfDereferenceObject
-  - ZwSetEvent
-  - ZwClose
-  - ZwConnectPort
-  - RtlInitUnicodeString
-  - RtlUnicodeStringToInteger
-  - ZwCreateSection
-  - ZwWaitForSingleObject
-  - ZwOpenEvent
-  - IoGetCurrentProcess
-  - ObfReferenceObject
-  - DbgBreakPoint
-  - ZwRequestWaitReplyPort
-  - ExFreePoolWithTag
-  - ProbeForWrite
-  - ZwFreeVirtualMemory
-  - ZwAllocateVirtualMemory
-  - ObOpenObjectByPointer
-  - PsProcessType
-  - memmove
-  - PsGetProcessExitTime
-  - MmSectionObjectType
-  - PsThreadType
-  - ObReleaseObjectSecurity
-  - SeReleaseSubjectContext
-  - SeAccessCheck
-  - SeCaptureSubjectContext
-  - ObGetObjectSecurity
-  - DbgPrint
-  - memset
-  - MmIsAddressValid
-  - ExInitializeResourceLite
-  - ExDeleteResourceLite
-  - ZwWriteFile
-  - ZwReadFile
-  - ZwQueryInformationFile
-  - ZwSetInformationFile
-  - ZwCreateFile
-  - swprintf
-  - towupper
-  - _wcsnicmp
-  - ExAllocatePoolWithTag
-  - KeInitializeEvent
-  - _snprintf
-  - PsGetCurrentProcessId
-  - RtlTimeToTimeFields
-  - ExSystemTimeToLocalTime
-  - KeQuerySystemTime
-  - PsGetCurrentThreadId
-  - RtlInitAnsiString
-  - ZwDeviceIoControlFile
-  - ZwCreateKey
-  - ZwCreateEvent
-  - KeWaitForMultipleObjects
-  - ObReferenceObjectByHandle
-  - ZwNotifyChangeKey
-  - _vsnprintf
-  - RtlFreeUnicodeString
-  - RtlAnsiStringToUnicodeString
-  - RtlEqualUnicodeString
-  - RtlAppendUnicodeStringToString
-  - RtlCopyUnicodeString
-  - RtlUpcaseUnicodeChar
-  - KeWaitForSingleObject
-  - KeSetPriorityThread
-  - PsTerminateSystemThread
-  - PsCreateSystemThread
-  - KeDelayExecutionThread
-  - KeNumberProcessors
-  - ZwQueryInformationProcess
-  - PsLookupProcessByProcessId
-  - ZwOpenDirectoryObject
-  - PsSetCreateProcessNotifyRoutine
-  - ZwQuerySystemInformation
-  - ZwQueryDirectoryFile
-  - ZwQueryDirectoryObject
-  - ZwDuplicateObject
-  - ZwOpenKey
-  - ZwEnumerateKey
-  - ZwEnumerateValueKey
-  - ZwQueryValueKey
-  - ZwDeleteValueKey
-  - ZwDeleteKey
-  - ExGetPreviousMode
-  - ZwTerminateProcess
-  - ZwOpenProcess
-  - ZwQueryKey
-  - ZwSetValueKey
-  - IoFileObjectType
-  - _allrem
-  - memcpy
-  - IoFreeIrp
-  - IoFreeMdl
-  - MmUnlockPages
-  - IoBuildAsynchronousFsdRequest
-  - _strnicmp
-  - _purecall
-  - RtlAppendUnicodeToString
-  - mbstowcs
-  - ZwQuerySymbolicLinkObject
-  - ZwOpenSymbolicLinkObject
-  - NtClose
-  - ObQueryNameString
-  - MmGetSystemRoutineAddress
-  - ZwSetInformationObject
-  - _stricmp
-  - ZwUnmapViewOfSection
-  - ZwMapViewOfSection
-  - ZwOpenFile
-  - IoCreateFile
-  - IofCallDriver
-  - IoAllocateIrp
-  - MmBuildMdlForNonPagedPool
-  - IoAllocateMdl
-  - ProbeForRead
-  - PsGetVersion
-  - RtlCompareMemory
-  - _snwprintf
-  - MmSystemRangeStart
-  - RtlImageNtHeader
-  - wcsncmp
-  - strrchr
-  - ZwQueryVolumeInformationFile
-  - ObReferenceObjectByPointer
-  - IoBuildDeviceIoControlRequest
-  - ZwOpenSection
-  - _allmul
-  - KeReleaseSemaphore
-  - RtlLengthRequiredSid
-  - RtlInitializeSid
-  - RtlSubAuthoritySid
-  - RtlSetDaclSecurityDescriptor
-  - RtlCreateSecurityDescriptor
-  - RtlAddAccessAllowedAce
-  - RtlCreateAcl
-  - KeInitializeSemaphore
-  - IofCompleteRequest
-  - ExEventObjectType
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - IoCreateSymbolicLink
-  - IoGetDeviceObjectPointer
-  - RtlUpperChar
-  - ObReferenceObjectByName
-  - IoDriverObjectType
-  - RtlCompareUnicodeString
-  - strncpy
-  - KeServiceDescriptorTable
-  - NtOpenProcess
-  - ObOpenObjectByName
-  - NtQueryInformationProcess
-  - PsIsThreadTerminating
-  - KeAddSystemServiceTable
-  - ZwQueryObject
-  - ZwQuerySecurityObject
-  - ObInsertObject
-  - IoReleaseVpbSpinLock
-  - IoAcquireVpbSpinLock
-  - SeCreateAccessState
-  - IoGetFileObjectGenericMapping
-  - ObCreateObject
-  - _allshr
-  - ExInterlockedPopEntrySList
-  - IoGetStackLimits
-  - IoBuildSynchronousFsdRequest
-  - wcsstr
-  - RtlUpcaseUnicodeString
-  - IoUnregisterPlugPlayNotification
-  - FsRtlIsNameInExpression
-  - IoGetConfigurationInformation
-  - MmProbeAndLockPages
-  - IoGetDeviceInterfaces
-  - IoRegisterPlugPlayNotification
-  - ExAllocatePool
-  - RtlFreeAnsiString
-  - RtlUnicodeStringToAnsiString
-  - strncat
-  - wcschr
-  - wcsncat
-  - wcstombs
-  - KeTickCount
-  - KeBugCheckEx
-  - RtlUnwind
-  - wcsncpy
-  - ExReleaseResourceLite
-  - ExAcquireResourceExclusiveLite
-  - ExAcquireResourceSharedLite
-  - ExReleaseFastMutexUnsafe
-  - KeLeaveCriticalRegion
-  - KeEnterCriticalRegion
-  - MmHighestUserAddress
-  - ExAcquireFastMutexUnsafe
-  - ZwSetSecurityObject
-  - IoDeviceObjectType
-  - IoCreateDevice
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetSaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - RtlLengthSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - SeExports
-  - IoIsWdmVersionAvailable
-  - RtlLengthSid
-  - RtlAbsoluteToSelfRelativeSD
-  - RtlQueryRegistryValues
-  - KeGetCurrentThread
-  - KfAcquireSpinLock
-  - KfReleaseSpinLock
-  - KeRaiseIrqlToDpcLevel
-  - KfLowerIrql
-  - ExAcquireFastMutex
-  - ExReleaseFastMutex
-  - KeGetCurrentIrql
-  - KfRaiseIrql
-  - ClassInitialize
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO
-        Time Stamping Signer
-      ValidFrom: '2010-05-10 00:00:00'
-      ValidTo: '2015-05-10 23:59:59'
-      Signature: c8fb63f80b75752c3af1f213a72db6a31a9cad0107d3348e77e0c26eae025d484fa4d221b636fd2a35437c6bdf80870b15f0763200b4ceb567a42f2f201b9c549e833f1f5f149562820f2241221f70b3f3f742de6c51cd4bf821ac9b3b8cb1e5e6288fce2a8af9aa524d8c5b77ba4d5a58dbbb6a04cc521e9de228370ebbe70e91c7f8dbf18198ebcd37b30eab65d362ec3aa576eb13a83593c92e0a01ecc0e8cc3d7eb6ebe2c1ecd3149282668750dcfd5097acb34a767306c486113ab35f4304526feab3d074364ccaf11b7984377063ad74b9aa0ef398b08608ebdbe01f8c10f239649bae4f0a2c928a4f18b591e58d1a935f1faef1a6f02e97d0d2f62b3c
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 478a8efb59e1d83f0ce142d2a28707be
-      Version: 3
-      TBS:
-        MD5: f13ede9179075999ef7f856ec31e364b
-        SHA1: 2f09867166e6107e17808317f5c8d4ee157f45bc
-        SHA256: 089a2c4c6ac7432020acdb65c33bf39130da6f37c002ba79128bd4c94e4fa101
-        SHA384: 67be6d358f4ecd0726163603a404db9d78c340951d43fd608482cd89a2de7f9566f0ce45f8222f420003157cb266b939
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-09-30 00:00:00'
-      ValidTo: '2014-01-01 23:59:59'
-      Signature: aedd211d5f8f807ad25209eadb6ed25d8be8c21b6904be51a5010e59fa37d174a3eedced89742b62d5a6bf4fad361754f013e0a345d24c26cbe26da21fd01e7a070fb6b37b6f5068a2e931b3b7997d8070a0a7de0b1ea4fff34d811bdd20c91cc4afcff18ffad9da95f0ecdc5cbfe88c5a3e7ab0a3eb59437411e09b1a6af36f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4d6290e58c54f0f1eb17341a1310e6a4
-      Version: 3
-      TBS:
-        MD5: b7d8444a70054990435f35a5630df5e1
-        SHA1: 4678c6e4a8787a8e6ed2bce8792b122f6c08afd8
-        SHA256: 0a8b4b359ea7890b358e56e436e9cfc6f32b037b2599b597ca7f7a80d475ec98
-        SHA384: ab21ee23bcdcf6f6066fb964d61467419ca8c0f3ad0b3fa2be4db6ed6af1cdff066b27d1988551c75836f22eddffef1f
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=TW, ST=Taiwan, L=Taipei, O=Trend Micro, Inc., OU=Digital ID Class
-        3 , Microsoft Software Validation v2, CN=Trend Micro, Inc.
-      ValidFrom: '2013-01-17 00:00:00'
-      ValidTo: '2014-03-18 23:59:59'
-      Signature: 65c7e1e0f4051179852b819153b528c88db47ef50e897cd8ce0d03a7cc2dc896c89790410182186fecaf9da5c317bf57b5038311c10c2ec5ddb5c18165a7e92f92a6f39c042262126c714337a7c528041a04679217c1475a30231c967ca63b4430ccea52fe4f16fabb5c454d2aa8cdde347b8beaa973d76b3f9ba99d2597939a33d67ec4abc3974ef3792b8bc90d092cce62309d205129bbcbd3554382f24b2911b4904b09e7f52f24f2cc5a52fa49f3a163c32fde076e917301f22dd45d643b95319bae922bc861e5a8f90d4dd72603c7b1ea0229eca869ab8d086ae5286baeba9b99a12856dc1d3cd9f6d9da4b8d5a85896ba4587d8eba506a4fbba4a7bb49
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1a9d178ad334acdf47c8a0d15bb50e6e
-      Version: 3
-      TBS:
-        MD5: 685d99029d38a9d263ea82cd02a49f6c
-        SHA1: 93464d8f54b4ee7caf22ca1db15a4211e0d3c79e
-        SHA256: 894991f1477dff88c7c0707531073bb59483750bcad672fc388179affca07aa9
-        SHA384: e1e5526fbf2108b827717adc49e251251bb8d43a578cd1796da78fcb26c1757b2779616c46e05caf593c2c5046ac60b4
-    Signer:
-    - SerialNumber: 1a9d178ad334acdf47c8a0d15bb50e6e
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: db8673928b63031dda3b7e6b364d7157
-    SHA1: c7c04144287b50a964c97c1c0c43c141d3b53037
-    SHA256: 70cca01aa262b7adf0baef899d17c4cbd896bf51543e6b22d4175db6bd26a838
-  Sections:
-    .text:
-      Entropy: 6.681098559035461
-      Virtual Size: '0x34f82'
-    .rdata:
-      Entropy: 4.936666287226947
-      Virtual Size: '0x242c'
-    .data:
-      Entropy: 4.553306241675414
-      Virtual Size: '0x3014'
-    PAGE:
-      Entropy: 6.272967726994635
-      Virtual Size: '0x13dd'
-    .edata:
-      Entropy: 5.845224532240377
-      Virtual Size: '0x551f'
-    INIT:
-      Entropy: 5.617734341199324
-      Virtual Size: '0x168c'
-    .rsrc:
-      Entropy: 3.4065016479078656
-      Virtual Size: '0x760'
-    .reloc:
-      Entropy: 6.578578500694431
-      Virtual Size: '0x329e'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2013-12-09 05:00:06'
-  Imphash: 1de2e6e58f6b19c4ec9ad6ca9fce5c14
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: TmComm.sys
-  MD5: df9953fa93e1793456a8d428ba7e5700
-  SHA1: 8db4376a86bd2164513c178a578a0bf8d90e7292
-  SHA256: 7837cb350338c4958968d06b105466da6518f5bb522a6e70e87c0cad85128408
-  Authentihash:
-    MD5: 33de043781d74ef12f02411b9944186e
-    SHA1: a405bb5d0ca4862f40a0f9eadce8ef068f421004
-    SHA256: d74599ab8960f16e8026dcd564c5407956444c46c3dea6b38b1c243fbbbdc517
-  Description: TrendMicro Common Module
-  Company: Trend Micro Inc.
-  InternalName: TmComm.sys
-  OriginalFilename: TmComm.sys
-  FileVersion: 6.60.0.1056
-  Product: Trend Micro Eyes
-  ProductVersion: '6.60'
-  Copyright: Copyright (C) 2016 Trend Micro Incorporated. All rights reserved.
-  MachineType: I386
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  - CLASSPNP.SYS
-  ExportedFunctions:
-  - ??0CAutoUpdateConfigThread@@QAE@ABV0@@Z
-  - ??0CAutoUpdateConfigThread@@QAE@PAU_UNICODE_STRING@@P6GX0PAX@Z1@Z
-  - ??0CBlobConfig@@QAE@ABV0@@Z
-  - ??0CBlobConfig@@QAE@K@Z
-  - ??0CContext@@QAE@ABV0@@Z
-  - ??0CContext@@QAE@KP6GJPAU_EVENT_REPORT@@PAXPAU_TMCE_REPORT@@PAU_TMCE_FEEDBACK@@@Z1K@Z
-  - ??0CContextList@@QAE@ABV0@@Z
-  - ??0CContextList@@QAE@KPAVIMemoryAllocator@@@Z
-  - ??0CDebugLog@@QAE@ABV0@@Z
-  - ??0CDebugLog@@QAE@PBG@Z
-  - ??0CDebugLogEx@@QAE@ABV0@@Z
-  - ??0CDebugLogEx@@QAE@K@Z
-  - ??0CDelayLoadThread@@QAE@ABV0@@Z
-  - ??0CDelayLoadThread@@QAE@XZ
-  - ??0CExclusionExtConfig@@QAE@ABV0@@Z
-  - ??0CExclusionExtConfig@@QAE@KKE@Z
-  - ??0CExclusionFileNameConfig@@QAE@ABV0@@Z
-  - ??0CExclusionFileNameConfig@@QAE@KK@Z
-  - ??0CExclusionFilePathConfig@@QAE@ABV0@@Z
-  - ??0CExclusionFilePathConfig@@QAE@KK@Z
-  - ??0CExclusionFolderConfig@@QAE@ABV0@@Z
-  - ??0CExclusionFolderConfig@@QAE@KK@Z
-  - ??0CExclusionRegistryConfig@@QAE@ABV0@@Z
-  - ??0CExclusionRegistryConfig@@QAE@KK@Z
-  - ??0CFile@@QAE@ABV0@@Z
-  - ??0CFile@@QAE@E@Z
-  - ??0CFileExtension@@QAE@ABV0@@Z
-  - ??0CFileExtension@@QAE@KEEPAVIMemoryAllocator@@@Z
-  - ??0CInclusionExtConfig@@QAE@ABV0@@Z
-  - ??0CInclusionExtConfig@@QAE@KKE@Z
-  - ??0CInclusionFileNameConfig@@QAE@ABV0@@Z
-  - ??0CInclusionFileNameConfig@@QAE@KK@Z
-  - ??0CInclusionFilePathConfig@@QAE@ABV0@@Z
-  - ??0CInclusionFilePathConfig@@QAE@KK@Z
-  - ??0CInclusionFolderConfig@@QAE@ABV0@@Z
-  - ??0CInclusionFolderConfig@@QAE@KK@Z
-  - ??0CKEvent@@QAE@ABV0@@Z
-  - ??0CKEvent@@QAE@W4_EVENT_TYPE@@E@Z
-  - ??0CList@@QAE@ABV0@@Z
-  - ??0CList@@QAE@KPAVIMemoryAllocator@@@Z
-  - ??0CLockEvent@@QAE@ABV0@@Z
-  - ??0CLockEvent@@QAE@XZ
-  - ??0CLockList@@QAE@ABV0@@Z
-  - ??0CLockList@@QAE@KKPAVIMemoryAllocator@@@Z
-  - ??0CMemoryAllocator@@IAE@W4_POOL_TYPE@@K@Z
-  - ??0CMemoryAllocator@@QAE@ABV0@@Z
-  - ??0CMemoryPoolAllocator@@IAE@W4_POOL_TYPE@@KKK@Z
-  - ??0CMemoryPoolAllocator@@QAE@ABV0@@Z
-  - ??0CModuleConfig@@QAE@ABV0@@Z
-  - ??0CModuleConfig@@QAE@XZ
-  - ??0CModuleConfigList@@QAE@ABV0@@Z
-  - ??0CModuleConfigList@@QAE@KPAVIMemoryAllocator@@@Z
-  - ??0CModuleFileExtConfig@@QAE@ABV0@@Z
-  - ??0CModuleFileExtConfig@@QAE@KKE@Z
-  - ??0CModuleFlagConfig@@QAE@ABV0@@Z
-  - ??0CModuleFlagConfig@@QAE@K@Z
-  - ??0CModuleMultiStringConfig@@QAE@ABV0@@Z
-  - ??0CModuleMultiStringConfig@@QAE@KK@Z
-  - ??0CModuleStringConfig@@QAE@ABV0@@Z
-  - ??0CModuleStringConfig@@QAE@K@Z
-  - ??0CNoLockList@@QAE@ABV0@@Z
-  - ??0CNoLockList@@QAE@KKPAVIMemoryAllocator@@@Z
-  - ??0CSmartLock@@QAE@AAVCLockEvent@@@Z
-  - ??0CSmartLock@@QAE@XZ
-  - ??0CSmartReference@@QAE@AAJ@Z
-  - ??0CSmartReference@@QAE@AAK@Z
-  - ??0CSmartResource@@QAE@AAVCResource@@E@Z
-  - ??0CStrList@@QAE@ABV0@@Z
-  - ??0CStrList@@QAE@KPAVIMemoryAllocator@@@Z
-  - ??0CSystemThread@@QAE@ABV0@@Z
-  - ??0CSystemThread@@QAE@K@Z
-  - ??0CUserFuncAdapterJob@@QAE@ABV0@@Z
-  - ??0CUserFuncAdapterJob@@QAE@P6GXPAX@Z01@Z
-  - ??0CWorkerThread@@IAE@PAVCWorkerThreadJobQueue@@@Z
-  - ??0CWorkerThread@@QAE@ABV0@@Z
-  - ??0CWorkerThreadJob@@QAE@ABV0@@Z
-  - ??0CWorkerThreadJob@@QAE@E@Z
-  - ??0CWorkerThreadJobQueue@@QAE@ABV0@@Z
-  - ??0CWorkerThreadJobQueue@@QAE@K@Z
-  - ??0CWorkerThreadPool@@QAE@ABV0@@Z
-  - ??0CWorkerThreadPool@@QAE@K@Z
-  - ??0CWorkerThreadPoolEx@@QAE@ABV0@@Z
-  - ??0CWorkerThreadPoolEx@@QAE@KK@Z
-  - ??0IMemoryAllocator@@QAE@ABV0@@Z
-  - ??0IMemoryAllocator@@QAE@XZ
-  - ??1CAutoUpdateConfigThread@@UAE@XZ
-  - ??1CBlobConfig@@UAE@XZ
-  - ??1CContext@@UAE@XZ
-  - ??1CContextList@@UAE@XZ
-  - ??1CDebugLog@@UAE@XZ
-  - ??1CDebugLogEx@@UAE@XZ
-  - ??1CDelayLoadThread@@UAE@XZ
-  - ??1CExclusionExtConfig@@UAE@XZ
-  - ??1CExclusionFileNameConfig@@UAE@XZ
-  - ??1CExclusionFilePathConfig@@UAE@XZ
-  - ??1CExclusionFolderConfig@@UAE@XZ
-  - ??1CExclusionRegistryConfig@@UAE@XZ
-  - ??1CFile@@UAE@XZ
-  - ??1CFileExtension@@UAE@XZ
-  - ??1CInclusionExtConfig@@UAE@XZ
-  - ??1CInclusionFileNameConfig@@UAE@XZ
-  - ??1CInclusionFilePathConfig@@UAE@XZ
-  - ??1CInclusionFolderConfig@@UAE@XZ
-  - ??1CKEvent@@UAE@XZ
-  - ??1CList@@UAE@XZ
-  - ??1CLockEvent@@UAE@XZ
-  - ??1CLockList@@UAE@XZ
-  - ??1CMemoryAllocator@@UAE@XZ
-  - ??1CMemoryPoolAllocator@@UAE@XZ
-  - ??1CModuleConfig@@UAE@XZ
-  - ??1CModuleConfigList@@UAE@XZ
-  - ??1CModuleFileExtConfig@@UAE@XZ
-  - ??1CModuleFlagConfig@@UAE@XZ
-  - ??1CModuleMultiStringConfig@@UAE@XZ
-  - ??1CModuleStringConfig@@UAE@XZ
-  - ??1CNoLockList@@UAE@XZ
-  - ??1CSmartLock@@QAE@XZ
-  - ??1CSmartReference@@QAE@XZ
-  - ??1CSmartResource@@QAE@XZ
-  - ??1CStrList@@UAE@XZ
-  - ??1CSystemThread@@UAE@XZ
-  - ??1CUserFuncAdapterJob@@UAE@XZ
-  - ??1CWorkerThread@@UAE@XZ
-  - ??1CWorkerThreadJob@@UAE@XZ
-  - ??1CWorkerThreadJobQueue@@UAE@XZ
-  - ??1CWorkerThreadPool@@UAE@XZ
-  - ??1CWorkerThreadPoolEx@@UAE@XZ
-  - ??1IMemoryAllocator@@UAE@XZ
-  - ??2@YAPAXIPAVIMemoryAllocator@@PBDK@Z
-  - ??2CMemoryAllocator@@SGPAXI@Z
-  - ??2CMemoryPoolAllocator@@SGPAXI@Z
-  - ??3@YAXPAX@Z
-  - ??3IMemoryAllocator@@SGXPAX@Z
-  - ??4CAutoUpdateConfigThread@@QAEAAV0@ABV0@@Z
-  - ??4CBlobConfig@@QAEAAV0@ABV0@@Z
-  - ??4CContext@@QAEAAV0@ABV0@@Z
-  - ??4CDebugLog@@QAEAAV0@ABV0@@Z
-  - ??4CDebugLogEx@@QAEAAV0@ABV0@@Z
-  - ??4CDelayLoadThread@@QAEAAV0@ABV0@@Z
-  - ??4CFile@@QAEAAV0@ABV0@@Z
-  - ??4CKEvent@@QAEAAV0@ABV0@@Z
-  - ??4CLockEvent@@QAEAAV0@ABV0@@Z
-  - ??4CMemoryAllocator@@QAEAAV0@ABV0@@Z
-  - ??4CMemoryPoolAllocator@@QAEAAV0@ABV0@@Z
-  - ??4CModuleConfig@@QAEAAV0@ABV0@@Z
-  - ??4CModuleFlagConfig@@QAEAAV0@ABV0@@Z
-  - ??4CModuleStringConfig@@QAEAAV0@ABV0@@Z
-  - ??4CSmartLock@@QAEAAV0@ABV0@@Z
-  - ??4CSmartLock@@QAEABV0@AAVCLockEvent@@@Z
-  - ??4CSmartResource@@QAEAAV0@ABV0@@Z
-  - ??4CSystemThread@@QAEAAV0@ABV0@@Z
-  - ??4CUserFuncAdapterJob@@QAEAAV0@ABV0@@Z
-  - ??4CWorkerThread@@QAEAAV0@ABV0@@Z
-  - ??4CWorkerThreadJob@@QAEAAV0@ABV0@@Z
-  - ??4IMemoryAllocator@@QAEAAV0@ABV0@@Z
-  - ??_7CAutoUpdateConfigThread@@6B@
-  - ??_7CBlobConfig@@6B@
-  - ??_7CContext@@6B@
-  - ??_7CContextList@@6B@
-  - ??_7CDebugLog@@6B@
-  - ??_7CDebugLogEx@@6B@
-  - ??_7CDelayLoadThread@@6B@
-  - ??_7CExclusionExtConfig@@6B@
-  - ??_7CExclusionFileNameConfig@@6B@
-  - ??_7CExclusionFilePathConfig@@6B@
-  - ??_7CExclusionFolderConfig@@6B@
-  - ??_7CExclusionRegistryConfig@@6B@
-  - ??_7CFile@@6B@
-  - ??_7CFileExtension@@6B@
-  - ??_7CInclusionExtConfig@@6B@
-  - ??_7CInclusionFileNameConfig@@6B@
-  - ??_7CInclusionFilePathConfig@@6B@
-  - ??_7CInclusionFolderConfig@@6B@
-  - ??_7CKEvent@@6B@
-  - ??_7CList@@6B@
-  - ??_7CLockEvent@@6B@
-  - ??_7CLockList@@6B@
-  - ??_7CMemoryAllocator@@6B@
-  - ??_7CMemoryPoolAllocator@@6B@
-  - ??_7CModuleConfig@@6B@
-  - ??_7CModuleConfigList@@6B@
-  - ??_7CModuleFileExtConfig@@6B@
-  - ??_7CModuleFlagConfig@@6B@
-  - ??_7CModuleMultiStringConfig@@6B@
-  - ??_7CModuleStringConfig@@6B@
-  - ??_7CNoLockList@@6B@
-  - ??_7CStrList@@6B@
-  - ??_7CSystemThread@@6B@
-  - ??_7CUserFuncAdapterJob@@6B@
-  - ??_7CWorkerThread@@6B@
-  - ??_7CWorkerThreadJob@@6B@
-  - ??_7CWorkerThreadJobQueue@@6B@
-  - ??_7CWorkerThreadPool@@6B@
-  - ??_7CWorkerThreadPoolEx@@6B@
-  - ??_7IMemoryAllocator@@6B@
-  - ??_FCContextList@@QAEXXZ
-  - ??_FCFile@@QAEXXZ
-  - ??_FCFileExtension@@QAEXXZ
-  - ??_FCModuleConfigList@@QAEXXZ
-  - ??_FCStrList@@QAEXXZ
-  - ??_FCSystemThread@@QAEXXZ
-  - ??_FCWorkerThread@@QAEXXZ
-  - ??_FCWorkerThreadJob@@QAEXXZ
-  - ??_FCWorkerThreadJobQueue@@QAEXXZ
-  - ??_U@YAPAXIPAVIMemoryAllocator@@PBDK@Z
-  - ??_V@YAXPAX@Z
-  - ?Acquire@CLockEvent@@QAEXXZ
-  - ?Add@CContextList@@QAEEPAVCContext@@@Z
-  - ?Add@CFileExtension@@QAEEPBGK@Z
-  - ?Add@CModuleConfigList@@QAEEPAVCModuleConfig@@@Z
-  - ?Add@CStrList@@QAEEPBG@Z
-  - ?AddNode@CLockList@@UAEEQAXE@Z
-  - ?AddNode@CNoLockList@@UAEEQAXE@Z
-  - ?Alloc@CMemoryAllocator@@UAEPAXKPBDK@Z
-  - ?Alloc@CMemoryPoolAllocator@@UAEPAXKPBDK@Z
-  - ?AllocBlock@CMemoryPoolAllocator@@IAEPAXK@Z
-  - ?AttachJobQueue@CWorkerThread@@QAEXPAVCWorkerThreadJobQueue@@@Z
-  - ?Cancel@CWorkerThreadJob@@QAEXXZ
-  - ?CheckNode@CLockList@@UAEHQAX@Z
-  - ?CheckNode@CNoLockList@@UAEHQAX@Z
-  - ?CleanQueue@CWorkerThreadJobQueue@@QAEXXZ
-  - ?Cleanup@CBlobConfig@@AAEXXZ
-  - ?Cleanup@CModuleFileExtConfig@@IAEXXZ
-  - ?Cleanup@CModuleMultiStringConfig@@IAEXXZ
-  - ?Cleanup@CModuleStringConfig@@AAEXXZ
-  - ?Close@CFile@@QAEJXZ
-  - ?Count@CLockList@@QAEKXZ
-  - ?Count@CNoLockList@@QAEKXZ
-  - ?Create@CFile@@QAEJPBGKKKK@Z
-  - ?Create@CSystemThread@@QAEEXZ
-  - ?CreateInstance@CMemoryAllocator@@SGPAV1@W4_POOL_TYPE@@K@Z
-  - ?CreateInstance@CMemoryPoolAllocator@@SGPAV1@W4_POOL_TYPE@@KKK@Z
-  - ?CreatePool@CWorkerThreadPool@@QAEEXZ
-  - ?CreatePool@CWorkerThreadPoolEx@@QAEEXZ
-  - ?CreateThreads@CWorkerThreadPool@@QAEEK@Z
-  - ?CreateThreads@CWorkerThreadPoolEx@@QAEEK@Z
-  - ?CreateWIRP@CFile@@QAEJPBGKKKK@Z
-  - ?Delete@CFile@@QAEJXZ
-  - ?Delete@CFileExtension@@QAEEPBGK@Z
-  - ?Delete@CStrList@@QAEEPBG@Z
-  - ?DeleteAll@CList@@UAEXXZ
-  - ?DeleteAll@CLockList@@UAEXXZ
-  - ?DeleteAll@CNoLockList@@UAEXXZ
-  - ?DeleteNode@CContextList@@MAEXPAX@Z
-  - ?DeleteNode@CList@@UAEXPAX@Z
-  - ?DeleteNode@CModuleConfigList@@MAEXPAX@Z
-  - ?DeleteNode@CStrList@@EAEXPAU_STR_LIST_NODE@1@@Z
-  - ?DisableWriteProtectFromCR0@@YGXPAPAX@Z
-  - ?DoIt@CWorkerThreadJob@@QAEJXZ
-  - ?EntryPoint@CSystemThread@@KGXPAX@Z
-  - ?Find@CContextList@@QAEPAVCContext@@K@Z
-  - ?Find@CContextList@@QAEPAVCContext@@PAX@Z
-  - ?Find@CFileExtension@@QAEPAU_STR_LIST_NODE@CStrList@@PBGK@Z
-  - ?Find@CModuleConfigList@@QAEPAVCModuleConfig@@K@Z
-  - ?Find@CStrList@@QAEPAU_STR_LIST_NODE@1@PBG@Z
-  - ?FindNode@CContextList@@IAEPAXPAX@Z
-  - ?FindPartiallyAndAllMatch@CStrList@@QAEPAU_STR_LIST_NODE@1@PBG@Z
-  - ?FinishFunction@CUserFuncAdapterJob@@MAEXXZ
-  - ?FinishIt@CWorkerThreadJob@@QAEJXZ
-  - ?First@CList@@UAEPAXXZ
-  - ?First@CLockList@@UAEPAXXZ
-  - ?First@CNoLockList@@UAEPAXXZ
-  - ?Free@CMemoryAllocator@@UAEXPAX@Z
-  - ?Free@CMemoryPoolAllocator@@UAEXPAX@Z
-  - ?GetAttributes@CFile@@QAEKXZ
-  - ?GetBasicInfomration@CFile@@IAEJXZ
-  - ?GetBlobCofig@CContext@@UAEJKPAXPAK@Z
-  - ?GetCategory@CContext@@QAEKXZ
-  - ?GetData@CBlobConfig@@QAEHPAXPAK@Z
-  - ?GetData@CModuleFileExtConfig@@QAEHPAGPAK@Z
-  - ?GetData@CModuleFileExtConfig@@QAEPAVCFileExtension@@XZ
-  - ?GetData@CModuleFlagConfig@@QAEKXZ
-  - ?GetData@CModuleMultiStringConfig@@QAEHPAGPAK@Z
-  - ?GetData@CModuleMultiStringConfig@@QAEPAVCStrList@@XZ
-  - ?GetData@CModuleStringConfig@@QAEPAGXZ
-  - ?GetData@CStrList@@QAEEPAGPAK@Z
-  - ?GetDataType@CModuleConfig@@QAEKXZ
-  - ?GetEngineContext@CContext@@QAEPAXXZ
-  - ?GetFileExtensionConfig@CContext@@QAEPAVCFileExtension@@K@Z
-  - ?GetFileExtensionConfig@CContext@@UAEJKPAGPAK@Z
-  - ?GetFileSize@CFile@@QAEJPAT_LARGE_INTEGER@@@Z
-  - ?GetFileSizeWIRP@CFile@@QAEJPAT_LARGE_INTEGER@@@Z
-  - ?GetFlagConfig@CContext@@UAEJKPAK@Z
-  - ?GetID@CModuleConfig@@QAEKXZ
-  - ?GetJob@CWorkerThreadJobQueue@@QAEPAVCWorkerThreadJob@@XZ
-  - ?GetLength@CModuleStringConfig@@QAEKXZ
-  - ?GetLinkContext@CContext@@QAEPAXXZ
-  - ?GetLogFlag@CDebugLog@@QAEKXZ
-  - ?GetLogFlag@CDebugLogEx@@QAEKXZ
-  - ?GetModuleId@CModuleConfig@@QAEKXZ
-  - ?GetMultiStringConfig@CContext@@QAEPAVCStrList@@K@Z
-  - ?GetMultiStringConfig@CContext@@UAEJKPAGPAK@Z
-  - ?GetOneThreadTEB@CWorkerThreadPool@@QAEPAU_ETHREAD@@XZ
-  - ?GetOneThreadTEB@CWorkerThreadPool@@QAEPAU_KTHREAD@@XZ
-  - ?GetOneThreadTEB@CWorkerThreadPoolEx@@QAEPAU_ETHREAD@@XZ
-  - ?GetOneThreadTEB@CWorkerThreadPoolEx@@QAEPAU_KTHREAD@@XZ
-  - ?GetReportCallBackRoutine@CContext@@QAEKXZ
-  - ?GetSize@CBlobConfig@@QAEKXZ
-  - ?GetStringConfig@CContext@@QAEPAGK@Z
-  - ?GetStringConfig@CContext@@UAEJKPAGPAK@Z
-  - ?GetThreadCount@CWorkerThreadPool@@QAEKXZ
-  - ?GetThreadCount@CWorkerThreadPoolEx@@QAEKXZ
-  - ?GetThreadID@CSystemThread@@QAEKXZ
-  - ?GetType@CContext@@QAEKXZ
-  - ?GetUserParameter@CContext@@QAEKXZ
-  - ?InitProcMon@CDebugLogEx@@IAEXXZ
-  - ?InitializeBlobConfig@CContext@@QAEHKPAXK@Z
-  - ?InitializeFileExtensionConfig@CContext@@QAEHKPBG@Z
-  - ?InitializeFlagConfig@CContext@@QAEHKK@Z
-  - ?InitializeMultiStringConfig@CContext@@QAEHKPBG@Z
-  - ?InitializeStringConfig@CContext@@QAEHKPBG@Z
-  - ?Insert@CList@@UAEXQAXE@Z
-  - ?Insert@CLockList@@UAEXQAXE@Z
-  - ?Insert@CNoLockList@@UAEXQAXE@Z
-  - ?InsertAfter@CList@@UAEXPAX0@Z
-  - ?InsertBefore@CList@@UAEXPAX0@Z
-  - ?Instance@CWorkerThreadPool@@SGPAV1@XZ
-  - ?IsEmpty@CList@@UAEEXZ
-  - ?IsEmpty@CLockList@@UAEEXZ
-  - ?IsEmpty@CNoLockList@@UAEEXZ
-  - ?IsExceedLimitation@CMemoryPoolAllocator@@IAEEK@Z
-  - ?IsFull@CLockList@@QBEEXZ
-  - ?IsFull@CNoLockList@@QBEEXZ
-  - ?IsInExclusionList@CExclusionExtConfig@@QAEEPBG@Z
-  - ?IsInExclusionList@CExclusionFileNameConfig@@QAEEPBG@Z
-  - ?IsInExclusionList@CExclusionFilePathConfig@@QAEEPBG@Z
-  - ?IsInExclusionList@CExclusionFolderConfig@@QAEEPBG@Z
-  - ?IsInExclusionList@CExclusionRegistryConfig@@QAEEPBG@Z
-  - ?IsInInclusionList@CInclusionExtConfig@@QAEEPBG@Z
-  - ?IsInInclusionList@CInclusionFileNameConfig@@QAEEPBG@Z
-  - ?IsInInclusionList@CInclusionFilePathConfig@@QAEEPBG@Z
-  - ?IsInInclusionList@CInclusionFolderConfig@@QAEEPBG@Z
-  - ?IsOpened@CFile@@QAEEXZ
-  - ?IsTerminated@CWorkerThreadPool@@QAEEXZ
-  - ?IsTerminated@CWorkerThreadPoolEx@@QAEEXZ
-  - ?IsValid@CMemoryAllocator@@UAEEXZ
-  - ?IsValid@CMemoryPoolAllocator@@UAEEXZ
-  - ?IsValid@IMemoryAllocator@@UAEEXZ
-  - ?IsWorkerThread@CWorkerThreadPool@@QAEEK@Z
-  - ?IsWorkerThread@CWorkerThreadPoolEx@@QAEEK@Z
-  - ?JobFunction@CUserFuncAdapterJob@@MAEXXZ
-  - ?JobQueue@CWorkerThreadPool@@QAEAAVCWorkerThreadJobQueue@@XZ
-  - ?JobQueue@CWorkerThreadPoolEx@@QAEAAVCWorkerThreadJobQueue@@XZ
-  - ?Limit@CLockList@@QAEKXZ
-  - ?Limit@CNoLockList@@QAEKXZ
-  - ?MatchAllExtensions@CFileExtension@@QAEEXZ
-  - ?MatchNoExtensions@CFileExtension@@QAEEXZ
-  - ?MergeLeft@CMemoryPoolAllocator@@IAEPAXPAX@Z
-  - ?MergeRight@CMemoryPoolAllocator@@IAEPAXPAX@Z
-  - ?NeedDelete@CWorkerThreadJob@@QAEEXZ
-  - ?NeedDeleteWhenFinish@CWorkerThreadJob@@QAEXE@Z
-  - ?NewNode@CList@@UAEPAXXZ
-  - ?NewNode@CStrList@@EAEPAXXZ
-  - ?NewNodeVariant@CList@@IAEPAXK@Z
-  - ?Next@CList@@UBEPAXQAX@Z
-  - ?Next@CLockList@@UBEPAXQAX@Z
-  - ?Next@CNoLockList@@UBEPAXQAX@Z
-  - ?NextPool@CMemoryPoolAllocator@@QAEPAV1@XZ
-  - ?NotityTerminate@CWorkerThread@@QAEXXZ
-  - ?PostJobToWorkerThread@CWorkerThreadPool@@QAEJP6GXPAX@Z0E@Z
-  - ?PostJobToWorkerThread@CWorkerThreadPoolEx@@QAEJP6GXPAX@Z0E1@Z
-  - ?Pulse@CKEvent@@QAEJJE@Z
-  - ?QueueJob@CWorkerThreadJobQueue@@QAEEPAVCWorkerThreadJob@@@Z
-  - ?QueueJobItem@CWorkerThreadPool@@QAEJPAVCWorkerThreadJob@@@Z
-  - ?QueueJobItem@CWorkerThreadPoolEx@@QAEJPAVCWorkerThreadJob@@@Z
-  - ?RCMInstance@CWorkerThreadPool@@SGPAV1@XZ
-  - ?Read@CFile@@QAEJPADKPAK@Z
-  - ?ReadWIRP@CFile@@QAEJPADKPAK@Z
-  - ?ReferenceCount@CContext@@QAEAAKXZ
-  - ?Release@CLockEvent@@QAEXXZ
-  - ?Remove@CContextList@@UAEEQAX@Z
-  - ?Remove@CList@@UAEEQAX@Z
-  - ?Remove@CLockList@@UAEEQAX@Z
-  - ?Remove@CNoLockList@@UAEEQAX@Z
-  - ?RemoveHead@CList@@UAEPAXXZ
-  - ?RemoveHead@CLockList@@UAEPAXXZ
-  - ?RemoveHead@CNoLockList@@UAEPAXXZ
-  - ?RemoveTail@CList@@UAEPAXXZ
-  - ?RemoveTail@CLockList@@UAEPAXXZ
-  - ?RemoveTail@CNoLockList@@UAEPAXXZ
-  - ?Reset@CKEvent@@QAEXXZ
-  - ?ResetData@CInclusionExtConfig@@QAEXXZ
-  - ?ResetData@CInclusionFileNameConfig@@QAEXXZ
-  - ?ResetData@CInclusionFilePathConfig@@QAEXXZ
-  - ?ResetData@CInclusionFolderConfig@@QAEXXZ
-  - ?RestoreCR0@@YGXPAX@Z
-  - ?Run@CAutoUpdateConfigThread@@UAEXXZ
-  - ?Run@CDelayLoadThread@@UAEXXZ
-  - ?Run@CWorkerThread@@UAEXXZ
-  - ?SeekToEnd@CFile@@QAEJXZ
-  - ?Set@CKEvent@@QAEJJE@Z
-  - ?SetAttributes@CFile@@QAEJK@Z
-  - ?SetBlobCofig@CContext@@UAEJKPAXK@Z
-  - ?SetData@CBlobConfig@@QAEHPAXK@Z
-  - ?SetData@CModuleFileExtConfig@@QAEHPBG@Z
-  - ?SetData@CModuleFlagConfig@@QAEHK@Z
-  - ?SetData@CModuleMultiStringConfig@@QAEHPBGK@Z
-  - ?SetData@CModuleStringConfig@@QAEHPBG@Z
-  - ?SetEngineContext@CContext@@QAEXPAX@Z
-  - ?SetFileExtensionConfig@CContext@@UAEJKPBG@Z
-  - ?SetFlagConfig@CContext@@UAEJKK@Z
-  - ?SetLinkContext@CContext@@QAEXPAX@Z
-  - ?SetLogFlag@CDebugLog@@QAEEK@Z
-  - ?SetLogFlag@CDebugLogEx@@QAEEK@Z
-  - ?SetMatchAllExtensions@CFileExtension@@QAEXE@Z
-  - ?SetMatchNoExtensions@CFileExtension@@QAEXE@Z
-  - ?SetMultiStringConfig@CContext@@UAEJKPBG@Z
-  - ?SetNewJobItemEvent@CWorkerThreadJobQueue@@QAEXXZ
-  - ?SetPriority@CSystemThread@@QAEXK@Z
-  - ?SetStopUse@CContext@@QAEXXZ
-  - ?SetStringConfig@CContext@@UAEJKPBG@Z
-  - ?Setup@CSystemThread@@MAEXXZ
-  - ?StopUse@CContext@@QAEHXZ
-  - ?TearDown@CSystemThread@@MAEXXZ
-  - ?Terminate@CSystemThread@@QAEXE@Z
-  - ?Terminate@CWorkerThreadPool@@QAEEXZ
-  - ?Terminate@CWorkerThreadPoolEx@@QAEEXZ
-  - ?TmExceptionFilter@@YGJPAU_EXCEPTION_POINTERS@@@Z
-  - ?Wait@CKEvent@@QAEJPAT_LARGE_INTEGER@@E@Z
-  - ?WaitFinish@CWorkerThreadJob@@QAEXXZ
-  - ?WaitForInit@CDelayLoadThread@@QAEEXZ
-  - ?WaitForLoad@CDelayLoadThread@@QAEEXZ
-  - ?WaitNewJobAvailable@CWorkerThreadJobQueue@@QAEEXZ
-  - ?WaitQueueEmpty@CWorkerThreadJobQueue@@QAEXXZ
-  - ?Write@CDebugLog@@QAAXPBDZZ
-  - ?Write@CDebugLogEx@@QAAXPBDZZ
-  - ?Write@CFile@@QAEJPADKPAT_LARGE_INTEGER@@PAK@Z
-  - ?WriteDataToFile@CDebugLogEx@@IAEXPADK@Z
-  - ?WriteDataToProcMonW@CDebugLogEx@@IAEXPAD@Z
-  - ?WriteSystemInformation@CDebugLog@@QAEXXZ
-  - ?WriteSystemInformation@CDebugLogEx@@QAEXXZ
-  - ?WriteSystemStringInformation@CDebugLog@@IAEXPBG@Z
-  - ?WriteSystemStringInformation@CDebugLogEx@@IAEXPBG@Z
-  - ?WriteToFile@CDebugLog@@IAEXPADK@Z
-  - ?WriteToProcMonW@CDebugLogEx@@IAEXPAU_UNICODE_STRING@@@Z
-  - ?_pNonPagedAllocator@@3PAVCMemoryAllocator@@A
-  - ?_pPagedAllocator@@3PAVCMemoryAllocator@@A
-  - ?m_lpInstance@CWorkerThreadPool@@1PAV1@A
-  - ?m_lpRCMInstance@CWorkerThreadPool@@1PAV1@A
-  - _DeInitKm2UmCommunication@0
-  - _DeInitKmLPC@0
-  - _DuplicateFullFileName@4
-  - _FreeFullFileName@4
-  - _GetKm2UmMode@0
-  - _GetModuleInfoByAddress@8
-  - _GetModuleInfoByModuleName@8
-  - _InitKm2UmCommunication@8
-  - _InitKmLPC@0
-  - _IsVerifierCodeCheckFlagOn@0
-  - _IsWindows8_1_update@4
-  - _KmCallUm@8
-  - _KmCallUmByLPC@8
-  - _KmCallUmEx@12
-  - _KmCleanupCommPortAPIs@0
-  - _KmGetUmInitProcess@0
-  - _KmSetCommPortAPIs@4
-  - _ModGetExportProcAddress@8
-  - _ModLoadDLLToBuffer@4
-  - _ModLoadDLLToBufferWithImageSize@8
-  - _ModLoadModule@8
-  - _ModUnLoadModule@4
-  - _NormalizeFileName@4
-  - _NormalizeFullNtPathToDosName@4
-  - _TmCommConfigRoutine@4
-  - _UtilAddDeviceInDriveTable@4
-  - _UtilAddReparsePointMapping@8
-  - _UtilCleanFileReadOnly@4
-  - _UtilCloseExclusiveHandle@12
-  - _UtilCreateDosFileName@8
-  - _UtilDeleteFileForce@4
-  - _UtilGetDeviceObjectName@8
-  - _UtilGetFileNameFromFileObject@4
-  - _UtilGetFileObjectForProcessByEPROC@8
-  - _UtilGetFileObjectFromFileName@12
-  - _UtilGetProcessName@12
-  - _UtilGetSystemDirectory@4
-  - _UtilGetSystemDirectoryEx@0
-  - _UtilGetSystemDirectoryLength@0
-  - _UtilGetSystemTime@4
-  - _UtilIoSetFileInfo@24
-  - _UtilIopCreateFileIRP@40
-  - _UtilKeGetLowFileDevice@16
-  - _UtilModuleIATHook@24
-  - _UtilModuleIATUnHook@8
-  - _UtilPostJobToWorkerThread@12
-  - _UtilQueryExclusiveHandle@12
-  - _UtilQueryKeyValue@24
-  - _UtilRemoveDeviceFromDriveTable@4
-  - _UtilVolumeDeviceToDosName@8
-  - _UtilWaitValueChangeToZero@8
-  - _UtilWriteVersionToRegistry@8
-  - _UtilbuildDynamicDiskMappingTable@0
-  - _UtlWriteBinValueKeyToRegistry@16
-  - _ValidateAddressWithSize@20
-  - __ResetProtectFromClose@4
-  - __UtilDosPathNameToNtPathName@12
-  ImportedFunctions:
-  - wcsrchr
-  - KeSetEvent
-  - KePulseEvent
-  - KeClearEvent
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - ObfDereferenceObject
-  - ZwSetEvent
-  - ZwClose
-  - ZwConnectPort
-  - RtlInitUnicodeString
-  - RtlUnicodeStringToInteger
-  - ZwCreateSection
-  - ZwWaitForSingleObject
-  - ZwOpenEvent
-  - IoGetCurrentProcess
-  - ObfReferenceObject
-  - DbgBreakPoint
-  - ZwRequestWaitReplyPort
-  - ExFreePoolWithTag
-  - ProbeForWrite
-  - ZwFreeVirtualMemory
-  - ZwAllocateVirtualMemory
-  - ObOpenObjectByPointer
-  - PsProcessType
-  - memmove
-  - PsGetProcessExitTime
-  - MmSectionObjectType
-  - PsThreadType
-  - MmGetSystemRoutineAddress
-  - ObReleaseObjectSecurity
-  - SeReleaseSubjectContext
-  - SeAccessCheck
-  - SeCaptureSubjectContext
-  - ObGetObjectSecurity
-  - DbgPrint
-  - memset
-  - MmIsAddressValid
-  - ExInitializeResourceLite
-  - ExDeleteResourceLite
-  - ZwWriteFile
-  - ZwReadFile
-  - ZwQueryInformationFile
-  - ZwSetInformationFile
-  - ZwCreateFile
-  - swprintf
-  - towupper
-  - _wcsnicmp
-  - ExAllocatePoolWithTag
-  - KeInitializeEvent
-  - _snprintf
-  - PsGetCurrentProcessId
-  - RtlTimeToTimeFields
-  - ExSystemTimeToLocalTime
-  - KeQuerySystemTime
-  - PsGetCurrentThreadId
-  - RtlInitAnsiString
-  - ZwDeviceIoControlFile
-  - ZwCreateKey
-  - ZwCreateEvent
-  - KeWaitForMultipleObjects
-  - ObReferenceObjectByHandle
-  - ZwNotifyChangeKey
-  - _vsnprintf
-  - RtlFreeUnicodeString
-  - RtlAnsiStringToUnicodeString
-  - RtlEqualUnicodeString
-  - RtlAppendUnicodeStringToString
-  - RtlCopyUnicodeString
-  - RtlUpcaseUnicodeChar
-  - ExGetPreviousMode
-  - KeWaitForSingleObject
-  - KeSetPriorityThread
-  - PsTerminateSystemThread
-  - PsCreateSystemThread
-  - KeDelayExecutionThread
-  - KeNumberProcessors
-  - ZwQueryInformationProcess
-  - PsLookupProcessByProcessId
-  - ZwOpenDirectoryObject
-  - PsSetCreateProcessNotifyRoutine
-  - ZwQuerySystemInformation
-  - ZwQueryDirectoryFile
-  - ZwQueryDirectoryObject
-  - ZwDuplicateObject
-  - ZwOpenKey
-  - ZwEnumerateKey
-  - ZwEnumerateValueKey
-  - ZwQueryValueKey
-  - ZwDeleteValueKey
-  - ZwDeleteKey
-  - ZwTerminateProcess
-  - ZwOpenProcess
-  - ZwQueryKey
-  - ZwSetValueKey
-  - IoFileObjectType
-  - _allrem
-  - memcpy
-  - ZwSetSecurityObject
-  - RtlLengthSecurityDescriptor
-  - MmHighestUserAddress
-  - IoFreeIrp
-  - IoFreeMdl
-  - _purecall
-  - IoBuildAsynchronousFsdRequest
-  - _strnicmp
-  - RtlQueryRegistryValues
-  - RtlAppendUnicodeToString
-  - mbstowcs
-  - ZwQuerySymbolicLinkObject
-  - ZwOpenSymbolicLinkObject
-  - NtClose
-  - ObQueryNameString
-  - ZwSetInformationObject
-  - _stricmp
-  - ZwUnmapViewOfSection
-  - ZwMapViewOfSection
-  - ZwOpenFile
-  - IoCreateFile
-  - IofCallDriver
-  - IoAllocateIrp
-  - MmBuildMdlForNonPagedPool
-  - IoAllocateMdl
-  - ProbeForRead
-  - PsGetVersion
-  - RtlImageNtHeader
-  - RtlCompareMemory
-  - RtlUpcaseUnicodeString
-  - _snwprintf
-  - MmSystemRangeStart
-  - wcsncmp
-  - RtlCompareUnicodeString
-  - strrchr
-  - ZwQueryVolumeInformationFile
-  - ObReferenceObjectByPointer
-  - IoBuildDeviceIoControlRequest
-  - ZwOpenSection
-  - _allmul
-  - KeReleaseSemaphore
-  - RtlLengthRequiredSid
-  - RtlInitializeSid
-  - RtlSubAuthoritySid
-  - RtlSetDaclSecurityDescriptor
-  - RtlCreateSecurityDescriptor
-  - RtlAddAccessAllowedAce
-  - RtlCreateAcl
-  - KeInitializeSemaphore
-  - IofCompleteRequest
-  - ExEventObjectType
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - IoCreateSymbolicLink
-  - IoGetDeviceObjectPointer
-  - RtlUpperChar
-  - ObReferenceObjectByName
-  - IoDriverObjectType
-  - strncpy
-  - KeServiceDescriptorTable
-  - NtOpenProcess
-  - ObOpenObjectByName
-  - NtQueryInformationProcess
-  - PsIsThreadTerminating
-  - KeAddSystemServiceTable
-  - ZwQueryObject
-  - ZwFsControlFile
-  - ObInsertObject
-  - IoReleaseVpbSpinLock
-  - IoAcquireVpbSpinLock
-  - SeCreateAccessState
-  - IoGetFileObjectGenericMapping
-  - ObCreateObject
-  - _allshr
-  - ExInterlockedPopEntrySList
-  - IoGetStackLimits
-  - IoBuildSynchronousFsdRequest
-  - wcsstr
-  - IoUnregisterPlugPlayNotification
-  - FsRtlIsNameInExpression
-  - IoGetConfigurationInformation
-  - MmProbeAndLockPages
-  - IoGetDeviceInterfaces
-  - IoRegisterPlugPlayNotification
-  - ExAllocatePool
-  - RtlFreeAnsiString
-  - RtlUnicodeStringToAnsiString
-  - strncat
-  - wcschr
-  - wcsncat
-  - wcstombs
-  - KeTickCount
-  - KeBugCheckEx
-  - RtlUnwind
-  - wcsncpy
-  - ExReleaseResourceLite
-  - ExAcquireResourceExclusiveLite
-  - ExAcquireResourceSharedLite
-  - ExReleaseFastMutexUnsafe
-  - KeLeaveCriticalRegion
-  - KeEnterCriticalRegion
-  - ZwQuerySecurityObject
-  - ExAcquireFastMutexUnsafe
-  - IoDeviceObjectType
-  - IoCreateDevice
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetSaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - SeExports
-  - IoIsWdmVersionAvailable
-  - RtlLengthSid
-  - RtlAbsoluteToSelfRelativeSD
-  - MmUnlockPages
-  - KeGetCurrentThread
-  - KfAcquireSpinLock
-  - KfReleaseSpinLock
-  - KeRaiseIrqlToDpcLevel
-  - KfLowerIrql
-  - ExAcquireFastMutex
-  - ExReleaseFastMutex
-  - KeGetCurrentIrql
-  - KfRaiseIrql
-  - ClassInitialize
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO
-        SHA,1 Time Stamping Signer
-      ValidFrom: '2015-12-31 00:00:00'
-      ValidTo: '2019-07-09 18:40:36'
-      Signature: ba332440408c7cdb589fb36098b2f5c031feeb1f6e50f60ae0e4e681ad2687a2dffdb3daf473f300fb291b891b153edb6b52932bc4ac3981d73c67579a3936e028089ae3394f9b89097f7bc5617f598932250a6aae1a3ef0a227a8b6c3b887f7160448413d5cd8ec9f4d203104d965a1edcd690753163ddd36020a88eb40e506300bb8164bdcefbc5509ffc63e122e76b3dcce42eff97657e1b70a054098589a5d711693718c6581ea6ff389f7fb73adb4e7bfd98e6faa0b4f25f3b8e1d5dd75986881f8aac0d180c2c4c43989c1f6c99e6cd774f9d997f84fc29a0acd5e8ff819e9e0a59fc4f09221e62d7925c922f9c3f03a8457ad3a16f46394101d5dd0c6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1688f039255e638e69143907e6330b
-      Version: 3
-      TBS:
-        MD5: 0179e8ddeebaf8998fec419d65cdf13d
-        SHA1: 34c724c3369f2da8c25b591808962f66f10bde28
-        SHA256: 35b0bac11602847aaab65fb35199d3c8976cde3ccf7e061b130177c712cbd92f
-        SHA384: 85f2e758b5480eb225ae42777ed339de71da458c1d40677c0fb6ef8e560e42764a577335e4839b5342061c31ee837b6e
-    - Subject: C=TW, ST=Taiwan, L=Taipei, O=Trend Micro, Inc., CN=Trend Micro, Inc.
-      ValidFrom: '2016-03-29 00:00:00'
-      ValidTo: '2017-06-28 23:59:59'
-      Signature: 27351697f046d1d43fe306dff30b83e7a404e3e6431c1e06829c558d99eb3f21776021e3e1bd4e485aba08b89bb0972f23daa471d7b432a44a591270f9a838f13dbda32ee936c0df792cff8c493e1f27b2282b3d896ae7b4155ca1a50bf7111f3f4bbbe11f17cfe5d49c0589c210966ef7e567153e802d2e783ff498c59585598d9d3e93273d1e81c07ce85c0cfb24834d448c3930120f1686bd472d916ac8f9475acfdb27be8528311f668d71dfc132a0ff62df7baa575a0cc732b3de003beca214954d4d97cf9511b9329eccbb7b716675b31e543a43570080dffce3fc8ca8fbb17d954b9678e2d0c1e1710a5cf03952a687fede59dcba3bf98900f9934f12
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 774d49c5649436de6bf3190a67eedcdf
-      Version: 3
-      TBS:
-        MD5: b3ca7d6b821d8e3432b29874980af55e
-        SHA1: 618d7e55a24c1d8b65a0bcce79120c5e3b13fa4d
-        SHA256: c645c6a7dc7243a4a3f78a6569c029401a7bda8bc4732ce7198d9f21f19b12fa
-        SHA384: a215ae468847498103234ed023774ba72f8d35f82f2fef5ca8521f020e7ea9c1f2df2a312743bff5fa65747b0760ec59
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 774d49c5649436de6bf3190a67eedcdf
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: c060a624a43f3a4972ee081f9209e4d3
-    SHA1: e630bbef7195d2e1c16d683b8f18c182aef98dc7
-    SHA256: b574f3894ffb1b628c20191e085a4ada2a5f0eb04ea86a3a1ddc1d9fffd22f99
-  Sections:
-    .text:
-      Entropy: 6.673561666527176
-      Virtual Size: '0x38cae'
-    .rdata:
-      Entropy: 4.979849623381759
-      Virtual Size: '0x245c'
-    .data:
-      Entropy: 4.14651912575915
-      Virtual Size: '0x33c8'
-    PAGE:
-      Entropy: 6.277515265606626
-      Virtual Size: '0x13dd'
-    .edata:
-      Entropy: 5.8225858614570685
-      Virtual Size: '0x55d9'
-    INIT:
-      Entropy: 5.690208258374318
-      Virtual Size: '0x16a2'
-    .rsrc:
-      Entropy: 3.3994669099172996
-      Virtual Size: '0x760'
-    .reloc:
-      Entropy: 6.591495714645472
-      Virtual Size: '0x35fa'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2016-08-12 00:50:21'
-  Imphash: 5f4063ab963abff76d0d83d239697e36
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: TmComm.sys
-  MD5: 58a92520dda53166e322118ee0503364
-  SHA1: d2be76e79741454b4611675b58446e10fc3d0c6c
-  SHA256: 7c731c0ea7f28671ab7787800db69739ea5cd6be16ea21045b4580cf95cbf73b
-  Authentihash:
-    MD5: 7311c7bcd55dd7a769f43b480c1978d8
-    SHA1: 390bd5d395784a675a3b62929407a4f83e0bcc87
-    SHA256: 2175f4289f3bae19b058e5a4f590c200bede255cd2716dfb054d5e0840f70359
-  Description: TrendMicro Common Module
-  Company: Trend Micro Inc.
-  InternalName: TmComm.sys
-  OriginalFilename: TmComm.sys
-  FileVersion: 6.70.0.1129
-  Product: Trend Micro Eyes
-  ProductVersion: '6.70'
-  Copyright: Copyright  (C)  2020 Trend Micro Incorporated. All rights reserved.
-  MachineType: I386
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  - CLASSPNP.SYS
-  ExportedFunctions:
-  - ??0CAutoUpdateConfigThread@@QAE@ABV0@@Z
-  - ??0CAutoUpdateConfigThread@@QAE@PAU_UNICODE_STRING@@P6GX0PAX@Z1@Z
-  - ??0CBlobConfig@@QAE@ABV0@@Z
-  - ??0CBlobConfig@@QAE@K@Z
-  - ??0CContext@@QAE@ABV0@@Z
-  - ??0CContext@@QAE@KP6GJPAU_EVENT_REPORT@@PAXPAU_TMCE_REPORT@@PAU_TMCE_FEEDBACK@@@Z1K@Z
-  - ??0CContextList@@QAE@ABV0@@Z
-  - ??0CContextList@@QAE@KPAVIMemoryAllocator@@@Z
-  - ??0CDebugLog@@QAE@ABV0@@Z
-  - ??0CDebugLog@@QAE@PBG@Z
-  - ??0CDebugLogEx@@QAE@ABV0@@Z
-  - ??0CDebugLogEx@@QAE@K@Z
-  - ??0CDelayLoadThread@@QAE@ABV0@@Z
-  - ??0CDelayLoadThread@@QAE@XZ
-  - ??0CExclusionExtConfig@@QAE@ABV0@@Z
-  - ??0CExclusionExtConfig@@QAE@KKE@Z
-  - ??0CExclusionFileNameConfig@@QAE@ABV0@@Z
-  - ??0CExclusionFileNameConfig@@QAE@KK@Z
-  - ??0CExclusionFilePathConfig@@QAE@ABV0@@Z
-  - ??0CExclusionFilePathConfig@@QAE@KK@Z
-  - ??0CExclusionFolderConfig@@QAE@ABV0@@Z
-  - ??0CExclusionFolderConfig@@QAE@KK@Z
-  - ??0CExclusionRegistryConfig@@QAE@ABV0@@Z
-  - ??0CExclusionRegistryConfig@@QAE@KK@Z
-  - ??0CFile@@QAE@ABV0@@Z
-  - ??0CFile@@QAE@E@Z
-  - ??0CFileExtension@@QAE@ABV0@@Z
-  - ??0CFileExtension@@QAE@KEEPAVIMemoryAllocator@@@Z
-  - ??0CInclusionExtConfig@@QAE@ABV0@@Z
-  - ??0CInclusionExtConfig@@QAE@KKE@Z
-  - ??0CInclusionFileNameConfig@@QAE@ABV0@@Z
-  - ??0CInclusionFileNameConfig@@QAE@KK@Z
-  - ??0CInclusionFilePathConfig@@QAE@ABV0@@Z
-  - ??0CInclusionFilePathConfig@@QAE@KK@Z
-  - ??0CInclusionFolderConfig@@QAE@ABV0@@Z
-  - ??0CInclusionFolderConfig@@QAE@KK@Z
-  - ??0CKEvent@@QAE@ABV0@@Z
-  - ??0CKEvent@@QAE@W4_EVENT_TYPE@@E@Z
-  - ??0CList@@QAE@ABV0@@Z
-  - ??0CList@@QAE@KPAVIMemoryAllocator@@@Z
-  - ??0CLockEvent@@QAE@ABV0@@Z
-  - ??0CLockEvent@@QAE@XZ
-  - ??0CLockList@@QAE@ABV0@@Z
-  - ??0CLockList@@QAE@KKPAVIMemoryAllocator@@@Z
-  - ??0CMemoryAllocator@@IAE@W4_POOL_TYPE@@K@Z
-  - ??0CMemoryAllocator@@QAE@ABV0@@Z
-  - ??0CMemoryPoolAllocator@@IAE@W4_POOL_TYPE@@KKK@Z
-  - ??0CMemoryPoolAllocator@@QAE@ABV0@@Z
-  - ??0CModuleConfig@@QAE@ABV0@@Z
-  - ??0CModuleConfig@@QAE@XZ
-  - ??0CModuleConfigList@@QAE@ABV0@@Z
-  - ??0CModuleConfigList@@QAE@KPAVIMemoryAllocator@@@Z
-  - ??0CModuleFileExtConfig@@QAE@ABV0@@Z
-  - ??0CModuleFileExtConfig@@QAE@KKE@Z
-  - ??0CModuleFlagConfig@@QAE@ABV0@@Z
-  - ??0CModuleFlagConfig@@QAE@K@Z
-  - ??0CModuleMultiStringConfig@@QAE@ABV0@@Z
-  - ??0CModuleMultiStringConfig@@QAE@KK@Z
-  - ??0CModuleStringConfig@@QAE@ABV0@@Z
-  - ??0CModuleStringConfig@@QAE@K@Z
-  - ??0CNoLockList@@QAE@ABV0@@Z
-  - ??0CNoLockList@@QAE@KKPAVIMemoryAllocator@@@Z
-  - ??0CSmartLock@@QAE@AAVCLockEvent@@@Z
-  - ??0CSmartLock@@QAE@XZ
-  - ??0CSmartReference@@QAE@AAJ@Z
-  - ??0CSmartReference@@QAE@AAK@Z
-  - ??0CSmartResource@@QAE@AAVCResource@@E@Z
-  - ??0CStrList@@QAE@ABV0@@Z
-  - ??0CStrList@@QAE@KPAVIMemoryAllocator@@@Z
-  - ??0CSystemThread@@QAE@ABV0@@Z
-  - ??0CSystemThread@@QAE@K@Z
-  - ??0CUserFuncAdapterJob@@QAE@ABV0@@Z
-  - ??0CUserFuncAdapterJob@@QAE@P6GXPAX@Z01@Z
-  - ??0CWorkerThread@@IAE@PAVCWorkerThreadJobQueue@@@Z
-  - ??0CWorkerThread@@QAE@ABV0@@Z
-  - ??0CWorkerThreadJob@@QAE@ABV0@@Z
-  - ??0CWorkerThreadJob@@QAE@E@Z
-  - ??0CWorkerThreadJobQueue@@QAE@ABV0@@Z
-  - ??0CWorkerThreadJobQueue@@QAE@K@Z
-  - ??0CWorkerThreadPool@@QAE@ABV0@@Z
-  - ??0CWorkerThreadPool@@QAE@K@Z
-  - ??0CWorkerThreadPoolEx@@QAE@ABV0@@Z
-  - ??0CWorkerThreadPoolEx@@QAE@KK@Z
-  - ??0IMemoryAllocator@@QAE@ABV0@@Z
-  - ??0IMemoryAllocator@@QAE@XZ
-  - ??1CAutoUpdateConfigThread@@UAE@XZ
-  - ??1CBlobConfig@@UAE@XZ
-  - ??1CContext@@UAE@XZ
-  - ??1CContextList@@UAE@XZ
-  - ??1CDebugLog@@UAE@XZ
-  - ??1CDebugLogEx@@UAE@XZ
-  - ??1CDelayLoadThread@@UAE@XZ
-  - ??1CExclusionExtConfig@@UAE@XZ
-  - ??1CExclusionFileNameConfig@@UAE@XZ
-  - ??1CExclusionFilePathConfig@@UAE@XZ
-  - ??1CExclusionFolderConfig@@UAE@XZ
-  - ??1CExclusionRegistryConfig@@UAE@XZ
-  - ??1CFile@@UAE@XZ
-  - ??1CFileExtension@@UAE@XZ
-  - ??1CInclusionExtConfig@@UAE@XZ
-  - ??1CInclusionFileNameConfig@@UAE@XZ
-  - ??1CInclusionFilePathConfig@@UAE@XZ
-  - ??1CInclusionFolderConfig@@UAE@XZ
-  - ??1CKEvent@@UAE@XZ
-  - ??1CList@@UAE@XZ
-  - ??1CLockEvent@@UAE@XZ
-  - ??1CLockList@@UAE@XZ
-  - ??1CMemoryAllocator@@UAE@XZ
-  - ??1CMemoryPoolAllocator@@UAE@XZ
-  - ??1CModuleConfig@@UAE@XZ
-  - ??1CModuleConfigList@@UAE@XZ
-  - ??1CModuleFileExtConfig@@UAE@XZ
-  - ??1CModuleFlagConfig@@UAE@XZ
-  - ??1CModuleMultiStringConfig@@UAE@XZ
-  - ??1CModuleStringConfig@@UAE@XZ
-  - ??1CNoLockList@@UAE@XZ
-  - ??1CSmartLock@@QAE@XZ
-  - ??1CSmartReference@@QAE@XZ
-  - ??1CSmartResource@@QAE@XZ
-  - ??1CStrList@@UAE@XZ
-  - ??1CSystemThread@@UAE@XZ
-  - ??1CUserFuncAdapterJob@@UAE@XZ
-  - ??1CWorkerThread@@UAE@XZ
-  - ??1CWorkerThreadJob@@UAE@XZ
-  - ??1CWorkerThreadJobQueue@@UAE@XZ
-  - ??1CWorkerThreadPool@@UAE@XZ
-  - ??1CWorkerThreadPoolEx@@UAE@XZ
-  - ??1IMemoryAllocator@@UAE@XZ
-  - ??2@YAPAXIPAVIMemoryAllocator@@PBDK@Z
-  - ??2CMemoryAllocator@@SGPAXI@Z
-  - ??2CMemoryPoolAllocator@@SGPAXI@Z
-  - ??3@YAXPAX@Z
-  - ??3IMemoryAllocator@@SGXPAX@Z
-  - ??4CAutoUpdateConfigThread@@QAEAAV0@ABV0@@Z
-  - ??4CBlobConfig@@QAEAAV0@ABV0@@Z
-  - ??4CContext@@QAEAAV0@ABV0@@Z
-  - ??4CDebugLog@@QAEAAV0@ABV0@@Z
-  - ??4CDebugLogEx@@QAEAAV0@ABV0@@Z
-  - ??4CDelayLoadThread@@QAEAAV0@ABV0@@Z
-  - ??4CFile@@QAEAAV0@ABV0@@Z
-  - ??4CKEvent@@QAEAAV0@ABV0@@Z
-  - ??4CLockEvent@@QAEAAV0@ABV0@@Z
-  - ??4CMemoryAllocator@@QAEAAV0@ABV0@@Z
-  - ??4CMemoryPoolAllocator@@QAEAAV0@ABV0@@Z
-  - ??4CModuleConfig@@QAEAAV0@ABV0@@Z
-  - ??4CModuleFlagConfig@@QAEAAV0@ABV0@@Z
-  - ??4CModuleStringConfig@@QAEAAV0@ABV0@@Z
-  - ??4CSmartLock@@QAEAAV0@ABV0@@Z
-  - ??4CSmartLock@@QAEABV0@AAVCLockEvent@@@Z
-  - ??4CSmartResource@@QAEAAV0@ABV0@@Z
-  - ??4CSystemThread@@QAEAAV0@ABV0@@Z
-  - ??4CUserFuncAdapterJob@@QAEAAV0@ABV0@@Z
-  - ??4CWorkerThread@@QAEAAV0@ABV0@@Z
-  - ??4CWorkerThreadJob@@QAEAAV0@ABV0@@Z
-  - ??4IMemoryAllocator@@QAEAAV0@ABV0@@Z
-  - ??_7CAutoUpdateConfigThread@@6B@
-  - ??_7CBlobConfig@@6B@
-  - ??_7CContext@@6B@
-  - ??_7CContextList@@6B@
-  - ??_7CDebugLog@@6B@
-  - ??_7CDebugLogEx@@6B@
-  - ??_7CDelayLoadThread@@6B@
-  - ??_7CExclusionExtConfig@@6B@
-  - ??_7CExclusionFileNameConfig@@6B@
-  - ??_7CExclusionFilePathConfig@@6B@
-  - ??_7CExclusionFolderConfig@@6B@
-  - ??_7CExclusionRegistryConfig@@6B@
-  - ??_7CFile@@6B@
-  - ??_7CFileExtension@@6B@
-  - ??_7CInclusionExtConfig@@6B@
-  - ??_7CInclusionFileNameConfig@@6B@
-  - ??_7CInclusionFilePathConfig@@6B@
-  - ??_7CInclusionFolderConfig@@6B@
-  - ??_7CKEvent@@6B@
-  - ??_7CList@@6B@
-  - ??_7CLockEvent@@6B@
-  - ??_7CLockList@@6B@
-  - ??_7CMemoryAllocator@@6B@
-  - ??_7CMemoryPoolAllocator@@6B@
-  - ??_7CModuleConfig@@6B@
-  - ??_7CModuleConfigList@@6B@
-  - ??_7CModuleFileExtConfig@@6B@
-  - ??_7CModuleFlagConfig@@6B@
-  - ??_7CModuleMultiStringConfig@@6B@
-  - ??_7CModuleStringConfig@@6B@
-  - ??_7CNoLockList@@6B@
-  - ??_7CStrList@@6B@
-  - ??_7CSystemThread@@6B@
-  - ??_7CUserFuncAdapterJob@@6B@
-  - ??_7CWorkerThread@@6B@
-  - ??_7CWorkerThreadJob@@6B@
-  - ??_7CWorkerThreadJobQueue@@6B@
-  - ??_7CWorkerThreadPool@@6B@
-  - ??_7CWorkerThreadPoolEx@@6B@
-  - ??_7IMemoryAllocator@@6B@
-  - ??_FCContextList@@QAEXXZ
-  - ??_FCFile@@QAEXXZ
-  - ??_FCFileExtension@@QAEXXZ
-  - ??_FCModuleConfigList@@QAEXXZ
-  - ??_FCStrList@@QAEXXZ
-  - ??_FCSystemThread@@QAEXXZ
-  - ??_FCWorkerThread@@QAEXXZ
-  - ??_FCWorkerThreadJob@@QAEXXZ
-  - ??_FCWorkerThreadJobQueue@@QAEXXZ
-  - ??_U@YAPAXIPAVIMemoryAllocator@@PBDK@Z
-  - ??_V@YAXPAX@Z
-  - ?Acquire@CLockEvent@@QAEXXZ
-  - ?Add@CContextList@@QAEEPAVCContext@@@Z
-  - ?Add@CFileExtension@@QAEEPBGK@Z
-  - ?Add@CModuleConfigList@@QAEEPAVCModuleConfig@@@Z
-  - ?Add@CStrList@@QAEEPBG@Z
-  - ?AddNode@CLockList@@UAEEQAXE@Z
-  - ?AddNode@CNoLockList@@UAEEQAXE@Z
-  - ?Alloc@CMemoryAllocator@@UAEPAXKPBDK@Z
-  - ?Alloc@CMemoryPoolAllocator@@UAEPAXKPBDK@Z
-  - ?AllocBlock@CMemoryPoolAllocator@@IAEPAXK@Z
-  - ?AttachJobQueue@CWorkerThread@@QAEXPAVCWorkerThreadJobQueue@@@Z
-  - ?Cancel@CWorkerThreadJob@@QAEXXZ
-  - ?CheckNode@CLockList@@UAEHQAX@Z
-  - ?CheckNode@CNoLockList@@UAEHQAX@Z
-  - ?CleanQueue@CWorkerThreadJobQueue@@QAEXXZ
-  - ?Cleanup@CBlobConfig@@AAEXXZ
-  - ?Cleanup@CModuleFileExtConfig@@IAEXXZ
-  - ?Cleanup@CModuleMultiStringConfig@@IAEXXZ
-  - ?Cleanup@CModuleStringConfig@@AAEXXZ
-  - ?Close@CFile@@QAEJXZ
-  - ?Count@CLockList@@QAEKXZ
-  - ?Count@CNoLockList@@QAEKXZ
-  - ?Create@CFile@@QAEJPBGKKKK@Z
-  - ?Create@CSystemThread@@QAEEXZ
-  - ?CreateInstance@CMemoryAllocator@@SGPAV1@W4_POOL_TYPE@@K@Z
-  - ?CreateInstance@CMemoryPoolAllocator@@SGPAV1@W4_POOL_TYPE@@KKK@Z
-  - ?CreatePool@CWorkerThreadPool@@QAEEXZ
-  - ?CreatePool@CWorkerThreadPoolEx@@QAEEXZ
-  - ?CreateThreads@CWorkerThreadPool@@QAEEK@Z
-  - ?CreateThreads@CWorkerThreadPoolEx@@QAEEK@Z
-  - ?CreateWIRP@CFile@@QAEJPBGKKKK@Z
-  - ?Delete@CFile@@QAEJXZ
-  - ?Delete@CFileExtension@@QAEEPBGK@Z
-  - ?Delete@CStrList@@QAEEPBG@Z
-  - ?DeleteAll@CList@@UAEXXZ
-  - ?DeleteAll@CLockList@@UAEXXZ
-  - ?DeleteAll@CNoLockList@@UAEXXZ
-  - ?DeleteNode@CContextList@@MAEXPAX@Z
-  - ?DeleteNode@CList@@UAEXPAX@Z
-  - ?DeleteNode@CModuleConfigList@@MAEXPAX@Z
-  - ?DeleteNode@CStrList@@EAEXPAU_STR_LIST_NODE@1@@Z
-  - ?DisableWriteProtectFromCR0@@YGXPAPAX@Z
-  - ?DoIt@CWorkerThreadJob@@QAEJXZ
-  - ?EntryPoint@CSystemThread@@KGXPAX@Z
-  - ?Find@CContextList@@QAEPAVCContext@@K@Z
-  - ?Find@CContextList@@QAEPAVCContext@@PAX@Z
-  - ?Find@CFileExtension@@QAEPAU_STR_LIST_NODE@CStrList@@PBGK@Z
-  - ?Find@CModuleConfigList@@QAEPAVCModuleConfig@@K@Z
-  - ?Find@CStrList@@QAEPAU_STR_LIST_NODE@1@PBG@Z
-  - ?FindNode@CContextList@@IAEPAXPAX@Z
-  - ?FindPartiallyAndAllMatch@CStrList@@QAEPAU_STR_LIST_NODE@1@PBG@Z
-  - ?FinishFunction@CUserFuncAdapterJob@@MAEXXZ
-  - ?FinishIt@CWorkerThreadJob@@QAEJXZ
-  - ?First@CList@@UAEPAXXZ
-  - ?First@CLockList@@UAEPAXXZ
-  - ?First@CNoLockList@@UAEPAXXZ
-  - ?Free@CMemoryAllocator@@UAEXPAX@Z
-  - ?Free@CMemoryPoolAllocator@@UAEXPAX@Z
-  - ?GetAttributes@CFile@@QAEKXZ
-  - ?GetBasicInfomration@CFile@@IAEJXZ
-  - ?GetBlobCofig@CContext@@UAEJKPAXPAK@Z
-  - ?GetCategory@CContext@@QAEKXZ
-  - ?GetData@CBlobConfig@@QAEHPAXPAK@Z
-  - ?GetData@CModuleFileExtConfig@@QAEHPAGPAK@Z
-  - ?GetData@CModuleFileExtConfig@@QAEPAVCFileExtension@@XZ
-  - ?GetData@CModuleFlagConfig@@QAEKXZ
-  - ?GetData@CModuleMultiStringConfig@@QAEHPAGPAK@Z
-  - ?GetData@CModuleMultiStringConfig@@QAEPAVCStrList@@XZ
-  - ?GetData@CModuleStringConfig@@QAEPAGXZ
-  - ?GetData@CStrList@@QAEEPAGPAK@Z
-  - ?GetDataType@CModuleConfig@@QAEKXZ
-  - ?GetEngineContext@CContext@@QAEPAXXZ
-  - ?GetFileExtensionConfig@CContext@@QAEPAVCFileExtension@@K@Z
-  - ?GetFileExtensionConfig@CContext@@UAEJKPAGPAK@Z
-  - ?GetFileSize@CFile@@QAEJPAT_LARGE_INTEGER@@@Z
-  - ?GetFileSizeWIRP@CFile@@QAEJPAT_LARGE_INTEGER@@@Z
-  - ?GetFlagConfig@CContext@@UAEJKPAK@Z
-  - ?GetID@CModuleConfig@@QAEKXZ
-  - ?GetJob@CWorkerThreadJobQueue@@QAEPAVCWorkerThreadJob@@XZ
-  - ?GetLength@CModuleStringConfig@@QAEKXZ
-  - ?GetLinkContext@CContext@@QAEPAXXZ
-  - ?GetLogFlag@CDebugLog@@QAEKXZ
-  - ?GetLogFlag@CDebugLogEx@@QAEKXZ
-  - ?GetModuleId@CModuleConfig@@QAEKXZ
-  - ?GetMultiStringConfig@CContext@@QAEPAVCStrList@@K@Z
-  - ?GetMultiStringConfig@CContext@@UAEJKPAGPAK@Z
-  - ?GetOneThreadTEB@CWorkerThreadPool@@QAEPAU_ETHREAD@@XZ
-  - ?GetOneThreadTEB@CWorkerThreadPool@@QAEPAU_KTHREAD@@XZ
-  - ?GetOneThreadTEB@CWorkerThreadPoolEx@@QAEPAU_ETHREAD@@XZ
-  - ?GetOneThreadTEB@CWorkerThreadPoolEx@@QAEPAU_KTHREAD@@XZ
-  - ?GetReportCallBackRoutine@CContext@@QAEKXZ
-  - ?GetSize@CBlobConfig@@QAEKXZ
-  - ?GetStringConfig@CContext@@QAEPAGK@Z
-  - ?GetStringConfig@CContext@@UAEJKPAGPAK@Z
-  - ?GetThreadCount@CWorkerThreadPool@@QAEKXZ
-  - ?GetThreadCount@CWorkerThreadPoolEx@@QAEKXZ
-  - ?GetThreadID@CSystemThread@@QAEKXZ
-  - ?GetType@CContext@@QAEKXZ
-  - ?GetUserParameter@CContext@@QAEKXZ
-  - ?InitProcMon@CDebugLogEx@@IAEXXZ
-  - ?InitializeBlobConfig@CContext@@QAEHKPAXK@Z
-  - ?InitializeFileExtensionConfig@CContext@@QAEHKPBG@Z
-  - ?InitializeFlagConfig@CContext@@QAEHKK@Z
-  - ?InitializeMultiStringConfig@CContext@@QAEHKPBG@Z
-  - ?InitializeStringConfig@CContext@@QAEHKPBG@Z
-  - ?Insert@CList@@UAEXQAXE@Z
-  - ?Insert@CLockList@@UAEXQAXE@Z
-  - ?Insert@CNoLockList@@UAEXQAXE@Z
-  - ?InsertAfter@CList@@UAEXPAX0@Z
-  - ?InsertBefore@CList@@UAEXPAX0@Z
-  - ?Instance@CWorkerThreadPool@@SGPAV1@XZ
-  - ?IsEmpty@CList@@UAEEXZ
-  - ?IsEmpty@CLockList@@UAEEXZ
-  - ?IsEmpty@CNoLockList@@UAEEXZ
-  - ?IsExceedLimitation@CMemoryPoolAllocator@@IAEEK@Z
-  - ?IsFull@CLockList@@QBEEXZ
-  - ?IsFull@CNoLockList@@QBEEXZ
-  - ?IsInExclusionList@CExclusionExtConfig@@QAEEPBG@Z
-  - ?IsInExclusionList@CExclusionFileNameConfig@@QAEEPBG@Z
-  - ?IsInExclusionList@CExclusionFilePathConfig@@QAEEPBG@Z
-  - ?IsInExclusionList@CExclusionFolderConfig@@QAEEPBG@Z
-  - ?IsInExclusionList@CExclusionRegistryConfig@@QAEEPBG@Z
-  - ?IsInInclusionList@CInclusionExtConfig@@QAEEPBG@Z
-  - ?IsInInclusionList@CInclusionFileNameConfig@@QAEEPBG@Z
-  - ?IsInInclusionList@CInclusionFilePathConfig@@QAEEPBG@Z
-  - ?IsInInclusionList@CInclusionFolderConfig@@QAEEPBG@Z
-  - ?IsOpened@CFile@@QAEEXZ
-  - ?IsTerminated@CWorkerThreadPool@@QAEEXZ
-  - ?IsTerminated@CWorkerThreadPoolEx@@QAEEXZ
-  - ?IsValid@CMemoryAllocator@@UAEEXZ
-  - ?IsValid@CMemoryPoolAllocator@@UAEEXZ
-  - ?IsValid@IMemoryAllocator@@UAEEXZ
-  - ?IsWorkerThread@CWorkerThreadPool@@QAEEK@Z
-  - ?IsWorkerThread@CWorkerThreadPoolEx@@QAEEK@Z
-  - ?JobFunction@CUserFuncAdapterJob@@MAEXXZ
-  - ?JobQueue@CWorkerThreadPool@@QAEAAVCWorkerThreadJobQueue@@XZ
-  - ?JobQueue@CWorkerThreadPoolEx@@QAEAAVCWorkerThreadJobQueue@@XZ
-  - ?Limit@CLockList@@QAEKXZ
-  - ?Limit@CNoLockList@@QAEKXZ
-  - ?MatchAllExtensions@CFileExtension@@QAEEXZ
-  - ?MatchNoExtensions@CFileExtension@@QAEEXZ
-  - ?MergeLeft@CMemoryPoolAllocator@@IAEPAXPAX@Z
-  - ?MergeRight@CMemoryPoolAllocator@@IAEPAXPAX@Z
-  - ?NeedDelete@CWorkerThreadJob@@QAEEXZ
-  - ?NeedDeleteWhenFinish@CWorkerThreadJob@@QAEXE@Z
-  - ?NewNode@CList@@UAEPAXXZ
-  - ?NewNode@CStrList@@EAEPAXXZ
-  - ?NewNodeVariant@CList@@IAEPAXK@Z
-  - ?Next@CList@@UBEPAXQAX@Z
-  - ?Next@CLockList@@UBEPAXQAX@Z
-  - ?Next@CNoLockList@@UBEPAXQAX@Z
-  - ?NextPool@CMemoryPoolAllocator@@QAEPAV1@XZ
-  - ?NotityTerminate@CWorkerThread@@QAEXXZ
-  - ?PostJobToWorkerThread@CWorkerThreadPool@@QAEJP6GXPAX@Z0E@Z
-  - ?PostJobToWorkerThread@CWorkerThreadPoolEx@@QAEJP6GXPAX@Z0E1@Z
-  - ?Pulse@CKEvent@@QAEJJE@Z
-  - ?QueueJob@CWorkerThreadJobQueue@@QAEEPAVCWorkerThreadJob@@@Z
-  - ?QueueJobItem@CWorkerThreadPool@@QAEJPAVCWorkerThreadJob@@@Z
-  - ?QueueJobItem@CWorkerThreadPoolEx@@QAEJPAVCWorkerThreadJob@@@Z
-  - ?RCMInstance@CWorkerThreadPool@@SGPAV1@XZ
-  - ?Read@CFile@@QAEJPADKPAK@Z
-  - ?ReadWIRP@CFile@@QAEJPADKPAK@Z
-  - ?ReferenceCount@CContext@@QAEAAKXZ
-  - ?Release@CLockEvent@@QAEXXZ
-  - ?Remove@CContextList@@UAEEQAX@Z
-  - ?Remove@CList@@UAEEQAX@Z
-  - ?Remove@CLockList@@UAEEQAX@Z
-  - ?Remove@CNoLockList@@UAEEQAX@Z
-  - ?RemoveHead@CList@@UAEPAXXZ
-  - ?RemoveHead@CLockList@@UAEPAXXZ
-  - ?RemoveHead@CNoLockList@@UAEPAXXZ
-  - ?RemoveTail@CList@@UAEPAXXZ
-  - ?RemoveTail@CLockList@@UAEPAXXZ
-  - ?RemoveTail@CNoLockList@@UAEPAXXZ
-  - ?Reset@CKEvent@@QAEXXZ
-  - ?ResetData@CInclusionExtConfig@@QAEXXZ
-  - ?ResetData@CInclusionFileNameConfig@@QAEXXZ
-  - ?ResetData@CInclusionFilePathConfig@@QAEXXZ
-  - ?ResetData@CInclusionFolderConfig@@QAEXXZ
-  - ?RestoreCR0@@YGXPAX@Z
-  - ?Run@CAutoUpdateConfigThread@@UAEXXZ
-  - ?Run@CDelayLoadThread@@UAEXXZ
-  - ?Run@CWorkerThread@@UAEXXZ
-  - ?SeekToEnd@CFile@@QAEJXZ
-  - ?Set@CKEvent@@QAEJJE@Z
-  - ?SetAttributes@CFile@@QAEJK@Z
-  - ?SetBlobCofig@CContext@@UAEJKPAXK@Z
-  - ?SetData@CBlobConfig@@QAEHPAXK@Z
-  - ?SetData@CModuleFileExtConfig@@QAEHPBG@Z
-  - ?SetData@CModuleFlagConfig@@QAEHK@Z
-  - ?SetData@CModuleMultiStringConfig@@QAEHPBGK@Z
-  - ?SetData@CModuleStringConfig@@QAEHPBG@Z
-  - ?SetEngineContext@CContext@@QAEXPAX@Z
-  - ?SetFileExtensionConfig@CContext@@UAEJKPBG@Z
-  - ?SetFlagConfig@CContext@@UAEJKK@Z
-  - ?SetLinkContext@CContext@@QAEXPAX@Z
-  - ?SetLogFlag@CDebugLog@@QAEEK@Z
-  - ?SetLogFlag@CDebugLogEx@@QAEEK@Z
-  - ?SetMatchAllExtensions@CFileExtension@@QAEXE@Z
-  - ?SetMatchNoExtensions@CFileExtension@@QAEXE@Z
-  - ?SetMultiStringConfig@CContext@@UAEJKPBG@Z
-  - ?SetNewJobItemEvent@CWorkerThreadJobQueue@@QAEXXZ
-  - ?SetPriority@CSystemThread@@QAEXK@Z
-  - ?SetStopUse@CContext@@QAEXXZ
-  - ?SetStringConfig@CContext@@UAEJKPBG@Z
-  - ?Setup@CSystemThread@@MAEXXZ
-  - ?StopUse@CContext@@QAEHXZ
-  - ?TearDown@CSystemThread@@MAEXXZ
-  - ?Terminate@CSystemThread@@QAEXE@Z
-  - ?Terminate@CWorkerThreadPool@@QAEEXZ
-  - ?Terminate@CWorkerThreadPoolEx@@QAEEXZ
-  - ?TmExceptionFilter@@YGJPAU_EXCEPTION_POINTERS@@@Z
-  - ?Wait@CKEvent@@QAEJPAT_LARGE_INTEGER@@E@Z
-  - ?WaitFinish@CWorkerThreadJob@@QAEXXZ
-  - ?WaitForInit@CDelayLoadThread@@QAEEXZ
-  - ?WaitForLoad@CDelayLoadThread@@QAEEXZ
-  - ?WaitNewJobAvailable@CWorkerThreadJobQueue@@QAEEXZ
-  - ?WaitQueueEmpty@CWorkerThreadJobQueue@@QAEXXZ
-  - ?Write@CDebugLog@@QAAXPBDZZ
-  - ?Write@CDebugLogEx@@QAAXPBDZZ
-  - ?Write@CFile@@QAEJPADKPAT_LARGE_INTEGER@@PAK@Z
-  - ?WriteDataToFile@CDebugLogEx@@IAEXPADK@Z
-  - ?WriteDataToProcMonW@CDebugLogEx@@IAEXPAD@Z
-  - ?WriteSystemInformation@CDebugLog@@QAEXXZ
-  - ?WriteSystemInformation@CDebugLogEx@@QAEXXZ
-  - ?WriteSystemStringInformation@CDebugLog@@IAEXPBG@Z
-  - ?WriteSystemStringInformation@CDebugLogEx@@IAEXPBG@Z
-  - ?WriteToFile@CDebugLog@@IAEXPADK@Z
-  - ?WriteToProcMonW@CDebugLogEx@@IAEXPAU_UNICODE_STRING@@@Z
-  - ?_pNonPagedAllocator@@3PAVCMemoryAllocator@@A
-  - ?_pPagedAllocator@@3PAVCMemoryAllocator@@A
-  - ?m_lpInstance@CWorkerThreadPool@@1PAV1@A
-  - ?m_lpRCMInstance@CWorkerThreadPool@@1PAV1@A
-  - _DeInitKm2UmCommunication@0
-  - _DeInitKmLPC@0
-  - _DuplicateFullFileName@4
-  - _FreeFullFileName@4
-  - _GetFileVersionOfNtoskrnl@16
-  - _GetKm2UmMode@0
-  - _GetModuleInfoByAddress@8
-  - _GetModuleInfoByModuleName@8
-  - _InitKm2UmCommunication@8
-  - _InitKmLPC@0
-  - _IsWindows8_1_update@4
-  - _KmCallUm@8
-  - _KmCallUmByLPC@8
-  - _KmCallUmEx@12
-  - _KmCleanupCommPortAPIs@0
-  - _KmGetUmInitProcess@0
-  - _KmSetCommPortAPIs@4
-  - _ModGetExportProcAddress@8
-  - _ModLoadDLLToBuffer@4
-  - _ModLoadDLLToBufferWithImageSize@8
-  - _ModLoadModule@8
-  - _ModUnLoadModule@4
-  - _NormalizeFileName1@8
-  - _NormalizeFileName@4
-  - _NormalizeFullNtPathToDosName1@8
-  - _NormalizeFullNtPathToDosName@4
-  - _TmCommConfigRoutine@4
-  - _UtilAddDeviceInDriveTable@4
-  - _UtilAddReparsePointMapping@8
-  - _UtilCleanFileReadOnly@4
-  - _UtilCloseExclusiveHandle@12
-  - _UtilCreateDosFileName@8
-  - _UtilDeleteFileForce@4
-  - _UtilGetDeviceObjectName@8
-  - _UtilGetFileNameFromFileObject@4
-  - _UtilGetFileObjectForProcessByEPROC@8
-  - _UtilGetFileObjectFromFileName@12
-  - _UtilGetProcessName@12
-  - _UtilGetSystemDirectory@4
-  - _UtilGetSystemDirectoryEx@0
-  - _UtilGetSystemDirectoryLength@0
-  - _UtilGetSystemTime@4
-  - _UtilIoSetFileInfo@24
-  - _UtilIopCreateFileIRP@40
-  - _UtilKeGetLowFileDevice@16
-  - _UtilModuleIATHook@24
-  - _UtilModuleIATUnHook@8
-  - _UtilPostJobToWorkerThread@12
-  - _UtilQueryExclusiveHandle@12
-  - _UtilQueryKeyValue@24
-  - _UtilRemoveDeviceFromDriveTable@4
-  - _UtilVolumeDeviceToDosName@8
-  - _UtilWaitValueChangeToZero@8
-  - _UtilWriteVersionToRegistry@8
-  - _UtilbuildDynamicDiskMappingTable@0
-  - _UtlWriteBinValueKeyToRegistry@16
-  - _ValidateAddressWithSize@20
-  - __ResetProtectFromClose@4
-  - __UtilDosPathNameToNtPathName@12
-  ImportedFunctions:
-  - KePulseEvent
-  - KeClearEvent
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - ObfDereferenceObject
-  - ZwSetEvent
-  - ZwClose
-  - ZwConnectPort
-  - RtlInitUnicodeString
-  - RtlUnicodeStringToInteger
-  - ZwCreateSection
-  - ZwWaitForSingleObject
-  - ZwOpenEvent
-  - IoGetCurrentProcess
-  - ObfReferenceObject
-  - DbgBreakPoint
-  - ZwRequestWaitReplyPort
-  - ExFreePoolWithTag
-  - ProbeForWrite
-  - ZwFreeVirtualMemory
-  - ZwAllocateVirtualMemory
-  - ObOpenObjectByPointer
-  - PsProcessType
-  - memmove
-  - PsGetProcessExitTime
-  - MmSectionObjectType
-  - PsThreadType
-  - ObReleaseObjectSecurity
-  - SeReleaseSubjectContext
-  - SeAccessCheck
-  - SeCaptureSubjectContext
-  - ObGetObjectSecurity
-  - DbgPrint
-  - memset
-  - MmIsAddressValid
-  - ExInitializeResourceLite
-  - ExDeleteResourceLite
-  - ZwWriteFile
-  - ZwReadFile
-  - ZwQueryInformationFile
-  - ZwSetInformationFile
-  - ZwCreateFile
-  - swprintf
-  - towupper
-  - _wcsnicmp
-  - ExAllocatePoolWithTag
-  - KeInitializeEvent
-  - _snprintf
-  - PsGetCurrentProcessId
-  - RtlTimeToTimeFields
-  - ExSystemTimeToLocalTime
-  - KeQuerySystemTime
-  - PsGetCurrentThreadId
-  - RtlInitAnsiString
-  - ZwDeviceIoControlFile
-  - ZwCreateKey
-  - ZwCreateEvent
-  - KeWaitForMultipleObjects
-  - ObReferenceObjectByHandle
-  - ZwNotifyChangeKey
-  - _vsnprintf
-  - RtlFreeUnicodeString
-  - RtlAnsiStringToUnicodeString
-  - RtlEqualUnicodeString
-  - RtlAppendUnicodeStringToString
-  - RtlCopyUnicodeString
-  - RtlUpcaseUnicodeChar
-  - RtlPrefixUnicodeString
-  - ExGetPreviousMode
-  - KeWaitForSingleObject
-  - KeSetPriorityThread
-  - PsTerminateSystemThread
-  - PsCreateSystemThread
-  - KeDelayExecutionThread
-  - KeNumberProcessors
-  - ZwQueryInformationProcess
-  - PsLookupProcessByProcessId
-  - ZwOpenDirectoryObject
-  - PsSetCreateProcessNotifyRoutine
-  - ZwQuerySystemInformation
-  - ZwQueryDirectoryFile
-  - ZwQueryDirectoryObject
-  - ZwOpenKey
-  - ZwEnumerateKey
-  - ZwEnumerateValueKey
-  - ZwQueryValueKey
-  - ZwDeleteValueKey
-  - ZwDeleteKey
-  - ZwTerminateProcess
-  - ZwOpenProcess
-  - ZwQueryKey
-  - ZwSetValueKey
-  - IoFileObjectType
-  - KeSetEvent
-  - ZwQuerySecurityObject
-  - ZwSetSecurityObject
-  - RtlLengthSecurityDescriptor
-  - MmHighestUserAddress
-  - IoFreeIrp
-  - _purecall
-  - MmUnlockPages
-  - IoBuildAsynchronousFsdRequest
-  - _strnicmp
-  - RtlQueryRegistryValues
-  - RtlAppendUnicodeToString
-  - mbstowcs
-  - ZwQuerySymbolicLinkObject
-  - ZwOpenSymbolicLinkObject
-  - NtClose
-  - ObQueryNameString
-  - MmGetSystemRoutineAddress
-  - ZwSetInformationObject
-  - _stricmp
-  - ZwUnmapViewOfSection
-  - ZwMapViewOfSection
-  - ZwOpenFile
-  - IoCreateFile
-  - IofCallDriver
-  - IoAllocateIrp
-  - MmBuildMdlForNonPagedPool
-  - IoAllocateMdl
-  - ProbeForRead
-  - PsGetVersion
-  - RtlImageNtHeader
-  - RtlCompareMemory
-  - RtlUpcaseUnicodeString
-  - _snwprintf
-  - MmSystemRangeStart
-  - wcsncmp
-  - strrchr
-  - ZwQueryVolumeInformationFile
-  - ObReferenceObjectByPointer
-  - IoBuildDeviceIoControlRequest
-  - ZwOpenSection
-  - _allmul
-  - KeReleaseSemaphore
-  - RtlLengthRequiredSid
-  - RtlInitializeSid
-  - RtlSubAuthoritySid
-  - RtlSetDaclSecurityDescriptor
-  - RtlCreateSecurityDescriptor
-  - RtlAddAccessAllowedAce
-  - RtlCreateAcl
-  - KeInitializeSemaphore
-  - IoGetDeviceObjectPointer
-  - IofCompleteRequest
-  - ExEventObjectType
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - IoCreateSymbolicLink
-  - RtlUpperChar
-  - ObReferenceObjectByName
-  - IoDriverObjectType
-  - RtlCompareUnicodeString
-  - strncpy
-  - KeServiceDescriptorTable
-  - NtOpenProcess
-  - ObOpenObjectByName
-  - NtQueryInformationProcess
-  - PsIsThreadTerminating
-  - KeAddSystemServiceTable
-  - ZwFsControlFile
-  - ObInsertObject
-  - IoReleaseVpbSpinLock
-  - IoAcquireVpbSpinLock
-  - SeCreateAccessState
-  - IoGetFileObjectGenericMapping
-  - ObCreateObject
-  - _allshr
-  - ExInterlockedPopEntrySList
-  - IoGetStackLimits
-  - IoBuildSynchronousFsdRequest
-  - wcsstr
-  - IoUnregisterPlugPlayNotification
-  - FsRtlIsNameInExpression
-  - IoGetConfigurationInformation
-  - MmProbeAndLockPages
-  - IoGetDeviceInterfaces
-  - IoRegisterPlugPlayNotification
-  - ExAllocatePool
-  - wcschr
-  - KeTickCount
-  - KeBugCheckEx
-  - RtlUnwind
-  - wcsrchr
-  - memcpy
-  - wcsncpy
-  - ExReleaseResourceLite
-  - ExAcquireResourceExclusiveLite
-  - ExAcquireResourceSharedLite
-  - ExReleaseFastMutexUnsafe
-  - KeLeaveCriticalRegion
-  - KeEnterCriticalRegion
-  - _allrem
-  - ExAcquireFastMutexUnsafe
-  - IoDeviceObjectType
-  - IoCreateDevice
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetSaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - SeExports
-  - IoIsWdmVersionAvailable
-  - RtlLengthSid
-  - RtlAbsoluteToSelfRelativeSD
-  - IoFreeMdl
-  - KeGetCurrentThread
-  - KfAcquireSpinLock
-  - KfReleaseSpinLock
-  - KeRaiseIrqlToDpcLevel
-  - KfLowerIrql
-  - KeAcquireQueuedSpinLock
-  - KeReleaseQueuedSpinLock
-  - ExAcquireFastMutex
-  - ExReleaseFastMutex
-  - KeGetCurrentIrql
-  - KfRaiseIrql
-  - ClassInitialize
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: ??=TW, ??=Private Organization, serialNumber=23310837, C=TW, ST=Taipei
-        City, L=Daan District, O=Trend Micro, Inc., CN=Trend Micro, Inc.
-      ValidFrom: '2020-08-07 00:00:00'
-      ValidTo: '2021-04-15 12:00:00'
-      Signature: 578aa329d98f23e576b6937a3146ca65f1ec8da04b5ec5f4c499436cfe710be5660f7c864950d9276a6dfdd2341048e6fe4f51044e7fce164f3b9203035bc3d311991685fbce0d90a4c7b2b511d0d3ba37b3558eae76db3ab30f4a2ef102faad1820e26b5fcbc216b368980655de80fe7177f9f1a80c75e4a0a21451a59c86986e5348318da4d295e8d02520fa674ce89756903b25521b5ad358f8328c5591a9702494cc24e340418dbcf08ef06214a8e90c4836dc6f8465fd59385bd56407d83bfc8a633e8125c523ff23dd8c669169848668d5aefe059ee5091e1776ec4686efd0d6ccee0e0bea5922ee41fb36e63d5704633f85115f9584926bdb708a9edb
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0f6146af9397c7fa04b13c2d0279a1ba
-      Version: 3
-      TBS:
-        MD5: df4ab4b67a0e9b1f9ec4a1ad9ea6052a
-        SHA1: dc1d0c4be3072afed8b0739a21b87b14292815e0
-        SHA256: 9c8450b3fa641a421a545e7e4fa7e1bcb657db4796bef147312c44b7a1b5ffe0
-        SHA384: 696022742c9e2b0213ef1a2c2a42e430a4a0823e7a2e8a5561fa6398964bf70ce95a4847da78efc56e17f75a9ddbd105
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA
-      ValidFrom: '2012-04-18 12:00:00'
-      ValidTo: '2027-04-18 12:00:00'
-      Signature: 9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0dd0e3374ac95bdbfa6b434b2a48ec06
-      Version: 3
-      TBS:
-        MD5: f92649915476229b093c211c2b18e6c4
-        SHA1: 2d54c16a8f8b69ccdea48d0603c132f547a5cf75
-        SHA256: 2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
-        SHA384: 511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 0f6146af9397c7fa04b13c2d0279a1ba
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 8ae6b3a63d3444e617eba17c3a93979e
-    SHA1: 3cc95db9109125c87a3cb737bbe371034d9c3ade
-    SHA256: 118d8d8e4d2d1ce80640e7b28300dd41389daf9bdbdc6ad2e9fefcde4aab7ad2
-  Sections:
-    .text:
-      Entropy: 6.673511290910388
-      Virtual Size: '0x35248'
-    .rdata:
-      Entropy: 4.891769477584015
-      Virtual Size: '0x240c'
-    .data:
-      Entropy: 3.895955816940672
-      Virtual Size: '0x3610'
-    PAGE:
-      Entropy: 6.270493563310339
-      Virtual Size: '0x13dd'
-    .edata:
-      Entropy: 5.846384752625249
-      Virtual Size: '0x5624'
-    INIT:
-      Entropy: 5.53026630517678
-      Virtual Size: '0x1668'
-    .rsrc:
-      Entropy: 3.3704580316008417
-      Virtual Size: '0x568'
-    .reloc:
-      Entropy: 6.518002036355309
-      Virtual Size: '0x36c8'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2020-08-25 02:07:39'
-  Imphash: 31907ffcac211e27136b14bb2f442070
-  LoadsDespiteHVCI: 'TRUE'
-- Filename: TmComm.sys
-  MD5: 4c6d311e0b13c4f469f717db4ab4d0e7
-  SHA1: 6da2dd8a0b4c0e09a04613bbabfc07c0b848ec77
-  SHA256: 80a59ca71fc20961ccafc0686051e86ae4afbbd4578cb26ad4570b9207651085
-  Authentihash:
-    MD5: 8dfae750a79d89ab846e49f1f587a361
-    SHA1: 1d11a90b1d32a812a7dd36a886254d446cdd823a
-    SHA256: af45d91fefd4dfffda0ce70957a542b68775368432e52d20dfdf0fc159495c7f
-  Description: TrendMicro Common Module
-  Company: Trend Micro Inc.
-  InternalName: TmComm.sys
-  OriginalFilename: TmComm.sys
-  FileVersion: 5.50.0.1091
-  Product: Trend Micro Eyes
-  ProductVersion: '5.50'
-  Copyright: Copyright (C) 2013 Trend Micro Incorporated. All rights reserved.
-  MachineType: I386
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  - CLASSPNP.SYS
-  ExportedFunctions:
-  - ??0CAutoUpdateConfigThread@@QAE@ABV0@@Z
-  - ??0CAutoUpdateConfigThread@@QAE@PAU_UNICODE_STRING@@P6GX0PAX@Z1@Z
-  - ??0CBlobConfig@@QAE@ABV0@@Z
-  - ??0CBlobConfig@@QAE@K@Z
-  - ??0CContext@@QAE@ABV0@@Z
-  - ??0CContext@@QAE@KP6GJPAU_EVENT_REPORT@@PAXPAU_TMCE_REPORT@@PAU_TMCE_FEEDBACK@@@Z1K@Z
-  - ??0CContextList@@QAE@ABV0@@Z
-  - ??0CContextList@@QAE@KPAVIMemoryAllocator@@@Z
-  - ??0CDebugLog@@QAE@ABV0@@Z
-  - ??0CDebugLog@@QAE@PBG@Z
-  - ??0CDelayLoadThread@@QAE@ABV0@@Z
-  - ??0CDelayLoadThread@@QAE@XZ
-  - ??0CExclusionExtConfig@@QAE@ABV0@@Z
-  - ??0CExclusionExtConfig@@QAE@KKE@Z
-  - ??0CExclusionFileNameConfig@@QAE@ABV0@@Z
-  - ??0CExclusionFileNameConfig@@QAE@KK@Z
-  - ??0CExclusionFilePathConfig@@QAE@ABV0@@Z
-  - ??0CExclusionFilePathConfig@@QAE@KK@Z
-  - ??0CExclusionFolderConfig@@QAE@ABV0@@Z
-  - ??0CExclusionFolderConfig@@QAE@KK@Z
-  - ??0CExclusionRegistryConfig@@QAE@ABV0@@Z
-  - ??0CExclusionRegistryConfig@@QAE@KK@Z
-  - ??0CFile@@QAE@ABV0@@Z
-  - ??0CFile@@QAE@E@Z
-  - ??0CFileExtension@@QAE@ABV0@@Z
-  - ??0CFileExtension@@QAE@KEEPAVIMemoryAllocator@@@Z
-  - ??0CInclusionExtConfig@@QAE@ABV0@@Z
-  - ??0CInclusionExtConfig@@QAE@KKE@Z
-  - ??0CInclusionFileNameConfig@@QAE@ABV0@@Z
-  - ??0CInclusionFileNameConfig@@QAE@KK@Z
-  - ??0CInclusionFilePathConfig@@QAE@ABV0@@Z
-  - ??0CInclusionFilePathConfig@@QAE@KK@Z
-  - ??0CInclusionFolderConfig@@QAE@ABV0@@Z
-  - ??0CInclusionFolderConfig@@QAE@KK@Z
-  - ??0CKEvent@@QAE@ABV0@@Z
-  - ??0CKEvent@@QAE@W4_EVENT_TYPE@@E@Z
-  - ??0CList@@QAE@ABV0@@Z
-  - ??0CList@@QAE@KPAVIMemoryAllocator@@@Z
-  - ??0CLockEvent@@QAE@ABV0@@Z
-  - ??0CLockEvent@@QAE@XZ
-  - ??0CLockList@@QAE@ABV0@@Z
-  - ??0CLockList@@QAE@KKPAVIMemoryAllocator@@@Z
-  - ??0CMemoryAllocator@@IAE@W4_POOL_TYPE@@K@Z
-  - ??0CMemoryAllocator@@QAE@ABV0@@Z
-  - ??0CMemoryPoolAllocator@@IAE@W4_POOL_TYPE@@KKK@Z
-  - ??0CMemoryPoolAllocator@@QAE@ABV0@@Z
-  - ??0CModuleConfig@@QAE@ABV0@@Z
-  - ??0CModuleConfig@@QAE@XZ
-  - ??0CModuleConfigList@@QAE@ABV0@@Z
-  - ??0CModuleConfigList@@QAE@KPAVIMemoryAllocator@@@Z
-  - ??0CModuleFileExtConfig@@QAE@ABV0@@Z
-  - ??0CModuleFileExtConfig@@QAE@KKE@Z
-  - ??0CModuleFlagConfig@@QAE@ABV0@@Z
-  - ??0CModuleFlagConfig@@QAE@K@Z
-  - ??0CModuleMultiStringConfig@@QAE@ABV0@@Z
-  - ??0CModuleMultiStringConfig@@QAE@KK@Z
-  - ??0CModuleStringConfig@@QAE@ABV0@@Z
-  - ??0CModuleStringConfig@@QAE@K@Z
-  - ??0CNoLockList@@QAE@ABV0@@Z
-  - ??0CNoLockList@@QAE@KKPAVIMemoryAllocator@@@Z
-  - ??0CSmartLock@@QAE@AAVCLockEvent@@@Z
-  - ??0CSmartLock@@QAE@XZ
-  - ??0CSmartReference@@QAE@AAJ@Z
-  - ??0CSmartReference@@QAE@AAK@Z
-  - ??0CSmartResource@@QAE@AAVCResource@@E@Z
-  - ??0CStrList@@QAE@ABV0@@Z
-  - ??0CStrList@@QAE@KPAVIMemoryAllocator@@@Z
-  - ??0CSystemThread@@QAE@ABV0@@Z
-  - ??0CSystemThread@@QAE@K@Z
-  - ??0CUserFuncAdapterJob@@QAE@ABV0@@Z
-  - ??0CUserFuncAdapterJob@@QAE@P6GXPAX@Z0@Z
-  - ??0CWorkerThread@@IAE@PAVCWorkerThreadJobQueue@@@Z
-  - ??0CWorkerThread@@QAE@ABV0@@Z
-  - ??0CWorkerThreadJob@@QAE@ABV0@@Z
-  - ??0CWorkerThreadJob@@QAE@E@Z
-  - ??0CWorkerThreadJobQueue@@QAE@ABV0@@Z
-  - ??0CWorkerThreadJobQueue@@QAE@K@Z
-  - ??0CWorkerThreadPool@@QAE@ABV0@@Z
-  - ??0CWorkerThreadPool@@QAE@K@Z
-  - ??0IMemoryAllocator@@QAE@ABV0@@Z
-  - ??0IMemoryAllocator@@QAE@XZ
-  - ??1CAutoUpdateConfigThread@@UAE@XZ
-  - ??1CBlobConfig@@UAE@XZ
-  - ??1CContext@@UAE@XZ
-  - ??1CContextList@@UAE@XZ
-  - ??1CDebugLog@@UAE@XZ
-  - ??1CDelayLoadThread@@UAE@XZ
-  - ??1CExclusionExtConfig@@UAE@XZ
-  - ??1CExclusionFileNameConfig@@UAE@XZ
-  - ??1CExclusionFilePathConfig@@UAE@XZ
-  - ??1CExclusionFolderConfig@@UAE@XZ
-  - ??1CExclusionRegistryConfig@@UAE@XZ
-  - ??1CFile@@UAE@XZ
-  - ??1CFileExtension@@UAE@XZ
-  - ??1CInclusionExtConfig@@UAE@XZ
-  - ??1CInclusionFileNameConfig@@UAE@XZ
-  - ??1CInclusionFilePathConfig@@UAE@XZ
-  - ??1CInclusionFolderConfig@@UAE@XZ
-  - ??1CKEvent@@UAE@XZ
-  - ??1CList@@UAE@XZ
-  - ??1CLockEvent@@UAE@XZ
-  - ??1CLockList@@UAE@XZ
-  - ??1CMemoryAllocator@@UAE@XZ
-  - ??1CMemoryPoolAllocator@@UAE@XZ
-  - ??1CModuleConfig@@UAE@XZ
-  - ??1CModuleConfigList@@UAE@XZ
-  - ??1CModuleFileExtConfig@@UAE@XZ
-  - ??1CModuleFlagConfig@@UAE@XZ
-  - ??1CModuleMultiStringConfig@@UAE@XZ
-  - ??1CModuleStringConfig@@UAE@XZ
-  - ??1CNoLockList@@UAE@XZ
-  - ??1CSmartLock@@QAE@XZ
-  - ??1CSmartReference@@QAE@XZ
-  - ??1CSmartResource@@QAE@XZ
-  - ??1CStrList@@UAE@XZ
-  - ??1CSystemThread@@UAE@XZ
-  - ??1CUserFuncAdapterJob@@UAE@XZ
-  - ??1CWorkerThread@@UAE@XZ
-  - ??1CWorkerThreadJob@@UAE@XZ
-  - ??1CWorkerThreadJobQueue@@UAE@XZ
-  - ??1CWorkerThreadPool@@UAE@XZ
-  - ??1IMemoryAllocator@@UAE@XZ
-  - ??2@YAPAXIPAVIMemoryAllocator@@PBDK@Z
-  - ??2CMemoryAllocator@@SGPAXI@Z
-  - ??2CMemoryPoolAllocator@@SGPAXI@Z
-  - ??3@YAXPAX@Z
-  - ??3IMemoryAllocator@@SGXPAX@Z
-  - ??4CAutoUpdateConfigThread@@QAEAAV0@ABV0@@Z
-  - ??4CBlobConfig@@QAEAAV0@ABV0@@Z
-  - ??4CContext@@QAEAAV0@ABV0@@Z
-  - ??4CDebugLog@@QAEAAV0@ABV0@@Z
-  - ??4CDelayLoadThread@@QAEAAV0@ABV0@@Z
-  - ??4CFile@@QAEAAV0@ABV0@@Z
-  - ??4CKEvent@@QAEAAV0@ABV0@@Z
-  - ??4CLockEvent@@QAEAAV0@ABV0@@Z
-  - ??4CMemoryAllocator@@QAEAAV0@ABV0@@Z
-  - ??4CMemoryPoolAllocator@@QAEAAV0@ABV0@@Z
-  - ??4CModuleConfig@@QAEAAV0@ABV0@@Z
-  - ??4CModuleFlagConfig@@QAEAAV0@ABV0@@Z
-  - ??4CModuleStringConfig@@QAEAAV0@ABV0@@Z
-  - ??4CSmartLock@@QAEAAV0@ABV0@@Z
-  - ??4CSmartLock@@QAEABV0@AAVCLockEvent@@@Z
-  - ??4CSmartResource@@QAEAAV0@ABV0@@Z
-  - ??4CSystemThread@@QAEAAV0@ABV0@@Z
-  - ??4CUserFuncAdapterJob@@QAEAAV0@ABV0@@Z
-  - ??4CWorkerThread@@QAEAAV0@ABV0@@Z
-  - ??4CWorkerThreadJob@@QAEAAV0@ABV0@@Z
-  - ??4IMemoryAllocator@@QAEAAV0@ABV0@@Z
-  - ??_7CAutoUpdateConfigThread@@6B@
-  - ??_7CBlobConfig@@6B@
-  - ??_7CContext@@6B@
-  - ??_7CContextList@@6B@
-  - ??_7CDebugLog@@6B@
-  - ??_7CDelayLoadThread@@6B@
-  - ??_7CExclusionExtConfig@@6B@
-  - ??_7CExclusionFileNameConfig@@6B@
-  - ??_7CExclusionFilePathConfig@@6B@
-  - ??_7CExclusionFolderConfig@@6B@
-  - ??_7CExclusionRegistryConfig@@6B@
-  - ??_7CFile@@6B@
-  - ??_7CFileExtension@@6B@
-  - ??_7CInclusionExtConfig@@6B@
-  - ??_7CInclusionFileNameConfig@@6B@
-  - ??_7CInclusionFilePathConfig@@6B@
-  - ??_7CInclusionFolderConfig@@6B@
-  - ??_7CKEvent@@6B@
-  - ??_7CList@@6B@
-  - ??_7CLockEvent@@6B@
-  - ??_7CLockList@@6B@
-  - ??_7CMemoryAllocator@@6B@
-  - ??_7CMemoryPoolAllocator@@6B@
-  - ??_7CModuleConfig@@6B@
-  - ??_7CModuleConfigList@@6B@
-  - ??_7CModuleFileExtConfig@@6B@
-  - ??_7CModuleFlagConfig@@6B@
-  - ??_7CModuleMultiStringConfig@@6B@
-  - ??_7CModuleStringConfig@@6B@
-  - ??_7CNoLockList@@6B@
-  - ??_7CStrList@@6B@
-  - ??_7CSystemThread@@6B@
-  - ??_7CUserFuncAdapterJob@@6B@
-  - ??_7CWorkerThread@@6B@
-  - ??_7CWorkerThreadJob@@6B@
-  - ??_7CWorkerThreadJobQueue@@6B@
-  - ??_7CWorkerThreadPool@@6B@
-  - ??_7IMemoryAllocator@@6B@
-  - ??_FCContextList@@QAEXXZ
-  - ??_FCFile@@QAEXXZ
-  - ??_FCFileExtension@@QAEXXZ
-  - ??_FCModuleConfigList@@QAEXXZ
-  - ??_FCStrList@@QAEXXZ
-  - ??_FCSystemThread@@QAEXXZ
-  - ??_FCWorkerThread@@QAEXXZ
-  - ??_FCWorkerThreadJob@@QAEXXZ
-  - ??_FCWorkerThreadJobQueue@@QAEXXZ
-  - ??_U@YAPAXIPAVIMemoryAllocator@@PBDK@Z
-  - ??_V@YAXPAX@Z
-  - ?Acquire@CLockEvent@@QAEXXZ
-  - ?Add@CContextList@@QAEEPAVCContext@@@Z
-  - ?Add@CFileExtension@@QAEEPBGK@Z
-  - ?Add@CModuleConfigList@@QAEEPAVCModuleConfig@@@Z
-  - ?Add@CStrList@@QAEEPBG@Z
-  - ?AddNode@CLockList@@UAEEQAXE@Z
-  - ?AddNode@CNoLockList@@UAEEQAXE@Z
-  - ?Alloc@CMemoryAllocator@@UAEPAXKPBDK@Z
-  - ?Alloc@CMemoryPoolAllocator@@UAEPAXKPBDK@Z
-  - ?AllocBlock@CMemoryPoolAllocator@@IAEPAXK@Z
-  - ?AttachJobQueue@CWorkerThread@@QAEXPAVCWorkerThreadJobQueue@@@Z
-  - ?Cancel@CWorkerThreadJob@@QAEXXZ
-  - ?CheckNode@CLockList@@UAEHQAX@Z
-  - ?CheckNode@CNoLockList@@UAEHQAX@Z
-  - ?CleanQueue@CWorkerThreadJobQueue@@QAEXXZ
-  - ?Cleanup@CBlobConfig@@AAEXXZ
-  - ?Cleanup@CModuleFileExtConfig@@IAEXXZ
-  - ?Cleanup@CModuleMultiStringConfig@@IAEXXZ
-  - ?Cleanup@CModuleStringConfig@@AAEXXZ
-  - ?Close@CFile@@QAEJXZ
-  - ?Count@CLockList@@QAEKXZ
-  - ?Count@CNoLockList@@QAEKXZ
-  - ?Create@CFile@@QAEJPBGKKKK@Z
-  - ?Create@CSystemThread@@QAEEXZ
-  - ?CreateInstance@CMemoryAllocator@@SGPAV1@W4_POOL_TYPE@@K@Z
-  - ?CreateInstance@CMemoryPoolAllocator@@SGPAV1@W4_POOL_TYPE@@KKK@Z
-  - ?CreatePool@CWorkerThreadPool@@QAEEXZ
-  - ?CreateThreads@CWorkerThreadPool@@QAEEK@Z
-  - ?CreateWIRP@CFile@@QAEJPBGKKKK@Z
-  - ?Delete@CFile@@QAEJXZ
-  - ?Delete@CFileExtension@@QAEEPBGK@Z
-  - ?Delete@CStrList@@QAEEPBG@Z
-  - ?DeleteAll@CList@@UAEXXZ
-  - ?DeleteAll@CLockList@@UAEXXZ
-  - ?DeleteAll@CNoLockList@@UAEXXZ
-  - ?DeleteNode@CContextList@@MAEXPAX@Z
-  - ?DeleteNode@CList@@UAEXPAX@Z
-  - ?DeleteNode@CModuleConfigList@@MAEXPAX@Z
-  - ?DeleteNode@CStrList@@EAEXPAU_STR_LIST_NODE@1@@Z
-  - ?DisableWriteProtectFromCR0@@YGXPAPAX@Z
-  - ?DoIt@CWorkerThreadJob@@QAEJXZ
-  - ?EntryPoint@CSystemThread@@KGXPAX@Z
-  - ?Find@CContextList@@QAEPAVCContext@@K@Z
-  - ?Find@CContextList@@QAEPAVCContext@@PAX@Z
-  - ?Find@CFileExtension@@QAEPAU_STR_LIST_NODE@CStrList@@PBGK@Z
-  - ?Find@CModuleConfigList@@QAEPAVCModuleConfig@@K@Z
-  - ?Find@CStrList@@QAEPAU_STR_LIST_NODE@1@PBG@Z
-  - ?FindNode@CContextList@@IAEPAXPAX@Z
-  - ?FindPartiallyAndAllMatch@CStrList@@QAEPAU_STR_LIST_NODE@1@PBG@Z
-  - ?First@CList@@UAEPAXXZ
-  - ?First@CLockList@@UAEPAXXZ
-  - ?First@CNoLockList@@UAEPAXXZ
-  - ?Free@CMemoryAllocator@@UAEXPAX@Z
-  - ?Free@CMemoryPoolAllocator@@UAEXPAX@Z
-  - ?GetAttributes@CFile@@QAEKXZ
-  - ?GetBasicInfomration@CFile@@IAEJXZ
-  - ?GetBlobCofig@CContext@@UAEJKPAXPAK@Z
-  - ?GetCategory@CContext@@QAEKXZ
-  - ?GetData@CBlobConfig@@QAEHPAXPAK@Z
-  - ?GetData@CModuleFileExtConfig@@QAEHPAGPAK@Z
-  - ?GetData@CModuleFileExtConfig@@QAEPAVCFileExtension@@XZ
-  - ?GetData@CModuleFlagConfig@@QAEKXZ
-  - ?GetData@CModuleMultiStringConfig@@QAEHPAGPAK@Z
-  - ?GetData@CModuleMultiStringConfig@@QAEPAVCStrList@@XZ
-  - ?GetData@CModuleStringConfig@@QAEPAGXZ
-  - ?GetData@CStrList@@QAEEPAGPAK@Z
-  - ?GetDataType@CModuleConfig@@QAEKXZ
-  - ?GetEngineContext@CContext@@QAEPAXXZ
-  - ?GetFileExtensionConfig@CContext@@QAEPAVCFileExtension@@K@Z
-  - ?GetFileExtensionConfig@CContext@@UAEJKPAGPAK@Z
-  - ?GetFileSize@CFile@@QAEJPAT_LARGE_INTEGER@@@Z
-  - ?GetFlagConfig@CContext@@UAEJKPAK@Z
-  - ?GetID@CModuleConfig@@QAEKXZ
-  - ?GetJob@CWorkerThreadJobQueue@@QAEPAVCWorkerThreadJob@@XZ
-  - ?GetLength@CModuleStringConfig@@QAEKXZ
-  - ?GetLinkContext@CContext@@QAEPAXXZ
-  - ?GetLogFlag@CDebugLog@@QAEKXZ
-  - ?GetModuleId@CModuleConfig@@QAEKXZ
-  - ?GetMultiStringConfig@CContext@@QAEPAVCStrList@@K@Z
-  - ?GetMultiStringConfig@CContext@@UAEJKPAGPAK@Z
-  - ?GetOneThreadTEB@CWorkerThreadPool@@QAEPAU_ETHREAD@@XZ
-  - ?GetReportCallBackRoutine@CContext@@QAEKXZ
-  - ?GetSize@CBlobConfig@@QAEKXZ
-  - ?GetStringConfig@CContext@@QAEPAGK@Z
-  - ?GetStringConfig@CContext@@UAEJKPAGPAK@Z
-  - ?GetThreadCount@CWorkerThreadPool@@QAEKXZ
-  - ?GetThreadID@CSystemThread@@QAEKXZ
-  - ?GetType@CContext@@QAEKXZ
-  - ?GetUserParameter@CContext@@QAEKXZ
-  - ?InitializeBlobConfig@CContext@@QAEHKPAXK@Z
-  - ?InitializeFileExtensionConfig@CContext@@QAEHKPBG@Z
-  - ?InitializeFlagConfig@CContext@@QAEHKK@Z
-  - ?InitializeMultiStringConfig@CContext@@QAEHKPBG@Z
-  - ?InitializeStringConfig@CContext@@QAEHKPBG@Z
-  - ?Insert@CList@@UAEXQAXE@Z
-  - ?Insert@CLockList@@UAEXQAXE@Z
-  - ?Insert@CNoLockList@@UAEXQAXE@Z
-  - ?InsertAfter@CList@@UAEXPAX0@Z
-  - ?InsertBefore@CList@@UAEXPAX0@Z
-  - ?Instance@CWorkerThreadPool@@SGPAV1@XZ
-  - ?IsEmpty@CList@@UAEEXZ
-  - ?IsEmpty@CLockList@@UAEEXZ
-  - ?IsEmpty@CNoLockList@@UAEEXZ
-  - ?IsExceedLimitation@CMemoryPoolAllocator@@IAEEK@Z
-  - ?IsFull@CLockList@@QBEEXZ
-  - ?IsFull@CNoLockList@@QBEEXZ
-  - ?IsInExclusionList@CExclusionExtConfig@@QAEEPBG@Z
-  - ?IsInExclusionList@CExclusionFileNameConfig@@QAEEPBG@Z
-  - ?IsInExclusionList@CExclusionFilePathConfig@@QAEEPBG@Z
-  - ?IsInExclusionList@CExclusionFolderConfig@@QAEEPBG@Z
-  - ?IsInExclusionList@CExclusionRegistryConfig@@QAEEPBG@Z
-  - ?IsInInclusionList@CInclusionExtConfig@@QAEEPBG@Z
-  - ?IsInInclusionList@CInclusionFileNameConfig@@QAEEPBG@Z
-  - ?IsInInclusionList@CInclusionFilePathConfig@@QAEEPBG@Z
-  - ?IsInInclusionList@CInclusionFolderConfig@@QAEEPBG@Z
-  - ?IsOpened@CFile@@QAEEXZ
-  - ?IsTerminated@CWorkerThreadPool@@QAEEXZ
-  - ?IsValid@CMemoryAllocator@@UAEEXZ
-  - ?IsValid@CMemoryPoolAllocator@@UAEEXZ
-  - ?IsValid@IMemoryAllocator@@UAEEXZ
-  - ?IsWorkerThread@CWorkerThreadPool@@QAEEK@Z
-  - ?JobFunction@CUserFuncAdapterJob@@MAEXXZ
-  - ?JobQueue@CWorkerThreadPool@@QAEAAVCWorkerThreadJobQueue@@XZ
-  - ?Limit@CLockList@@QAEKXZ
-  - ?Limit@CNoLockList@@QAEKXZ
-  - ?MatchAllExtensions@CFileExtension@@QAEEXZ
-  - ?MatchNoExtensions@CFileExtension@@QAEEXZ
-  - ?MergeLeft@CMemoryPoolAllocator@@IAEPAXPAX@Z
-  - ?MergeRight@CMemoryPoolAllocator@@IAEPAXPAX@Z
-  - ?NeedDelete@CWorkerThreadJob@@QAEEXZ
-  - ?NeedDeleteWhenFinish@CWorkerThreadJob@@QAEXE@Z
-  - ?NewNode@CList@@UAEPAXXZ
-  - ?NewNode@CStrList@@EAEPAXXZ
-  - ?NewNodeVariant@CList@@IAEPAXK@Z
-  - ?Next@CList@@UBEPAXQAX@Z
-  - ?Next@CLockList@@UBEPAXQAX@Z
-  - ?Next@CNoLockList@@UBEPAXQAX@Z
-  - ?NextPool@CMemoryPoolAllocator@@QAEPAV1@XZ
-  - ?NotityTerminate@CWorkerThread@@QAEXXZ
-  - ?PostJobToWorkerThread@CWorkerThreadPool@@QAEJP6GXPAX@Z0E@Z
-  - ?Pulse@CKEvent@@QAEJJE@Z
-  - ?QueueJob@CWorkerThreadJobQueue@@QAEEPAVCWorkerThreadJob@@@Z
-  - ?QueueJobItem@CWorkerThreadPool@@QAEJPAVCWorkerThreadJob@@@Z
-  - ?RCMInstance@CWorkerThreadPool@@SGPAV1@XZ
-  - ?Read@CFile@@QAEJPADKPAK@Z
-  - ?ReferenceCount@CContext@@QAEAAKXZ
-  - ?Release@CLockEvent@@QAEXXZ
-  - ?Remove@CContextList@@UAEEQAX@Z
-  - ?Remove@CList@@UAEEQAX@Z
-  - ?Remove@CLockList@@UAEEQAX@Z
-  - ?Remove@CNoLockList@@UAEEQAX@Z
-  - ?RemoveHead@CList@@UAEPAXXZ
-  - ?RemoveHead@CLockList@@UAEPAXXZ
-  - ?RemoveHead@CNoLockList@@UAEPAXXZ
-  - ?RemoveTail@CList@@UAEPAXXZ
-  - ?RemoveTail@CLockList@@UAEPAXXZ
-  - ?RemoveTail@CNoLockList@@UAEPAXXZ
-  - ?Reset@CKEvent@@QAEXXZ
-  - ?ResetData@CInclusionExtConfig@@QAEXXZ
-  - ?ResetData@CInclusionFileNameConfig@@QAEXXZ
-  - ?ResetData@CInclusionFilePathConfig@@QAEXXZ
-  - ?ResetData@CInclusionFolderConfig@@QAEXXZ
-  - ?RestoreCR0@@YGXPAX@Z
-  - ?Run@CAutoUpdateConfigThread@@UAEXXZ
-  - ?Run@CDelayLoadThread@@UAEXXZ
-  - ?Run@CWorkerThread@@UAEXXZ
-  - ?SeekToEnd@CFile@@QAEJXZ
-  - ?Set@CKEvent@@QAEJJE@Z
-  - ?SetAttributes@CFile@@QAEJK@Z
-  - ?SetBlobCofig@CContext@@UAEJKPAXK@Z
-  - ?SetData@CBlobConfig@@QAEHPAXK@Z
-  - ?SetData@CModuleFileExtConfig@@QAEHPBG@Z
-  - ?SetData@CModuleFlagConfig@@QAEHK@Z
-  - ?SetData@CModuleMultiStringConfig@@QAEHPBGK@Z
-  - ?SetData@CModuleStringConfig@@QAEHPBG@Z
-  - ?SetEngineContext@CContext@@QAEXPAX@Z
-  - ?SetFileExtensionConfig@CContext@@UAEJKPBG@Z
-  - ?SetFlagConfig@CContext@@UAEJKK@Z
-  - ?SetLinkContext@CContext@@QAEXPAX@Z
-  - ?SetLogFlag@CDebugLog@@QAEEK@Z
-  - ?SetMatchAllExtensions@CFileExtension@@QAEXE@Z
-  - ?SetMatchNoExtensions@CFileExtension@@QAEXE@Z
-  - ?SetMultiStringConfig@CContext@@UAEJKPBG@Z
-  - ?SetNewJobItemEvent@CWorkerThreadJobQueue@@QAEXXZ
-  - ?SetPriority@CSystemThread@@QAEXK@Z
-  - ?SetStopUse@CContext@@QAEXXZ
-  - ?SetStringConfig@CContext@@UAEJKPBG@Z
-  - ?Setup@CSystemThread@@MAEXXZ
-  - ?StopUse@CContext@@QAEHXZ
-  - ?TearDown@CSystemThread@@MAEXXZ
-  - ?Terminate@CSystemThread@@QAEXE@Z
-  - ?Terminate@CWorkerThreadPool@@QAEEXZ
-  - ?TmExceptionFilter@@YGJPAU_EXCEPTION_POINTERS@@@Z
-  - ?Wait@CKEvent@@QAEJPAT_LARGE_INTEGER@@E@Z
-  - ?WaitFinish@CWorkerThreadJob@@QAEXXZ
-  - ?WaitForInit@CDelayLoadThread@@QAEEXZ
-  - ?WaitForLoad@CDelayLoadThread@@QAEEXZ
-  - ?WaitNewJobAvailable@CWorkerThreadJobQueue@@QAEEXZ
-  - ?Write@CDebugLog@@QAAXPBDZZ
-  - ?Write@CFile@@QAEJPADKPAT_LARGE_INTEGER@@PAK@Z
-  - ?WriteSystemInformation@CDebugLog@@QAEXXZ
-  - ?WriteSystemStringInformation@CDebugLog@@IAEXPBG@Z
-  - ?WriteToFile@CDebugLog@@IAEXPADK@Z
-  - ?_pNonPagedAllocator@@3PAVCMemoryAllocator@@A
-  - ?_pPagedAllocator@@3PAVCMemoryAllocator@@A
-  - ?m_lpInstance@CWorkerThreadPool@@1PAV1@A
-  - ?m_lpRCMInstance@CWorkerThreadPool@@1PAV1@A
-  - _DeInitKmLPC@0
-  - _GetModuleInfoByAddress@8
-  - _GetModuleInfoByModuleName@8
-  - _InitKmLPC@0
-  - _KmCallUm@8
-  - _KmCallUmEx@12
-  - _ModGetExportProcAddress@8
-  - _ModLoadDLLToBuffer@4
-  - _ModLoadDLLToBufferWithImageSize@8
-  - _ModLoadModule@8
-  - _ModUnLoadModule@4
-  - _NormalizeFileName@4
-  - _NormalizeFullNtPathToDosName@4
-  - _TmCommConfigRoutine@4
-  - _UtilAddDeviceInDriveTable@4
-  - _UtilCleanFileReadOnly@4
-  - _UtilDeleteFileForce@4
-  - _UtilGetFileObjectForProcessByEPROC@8
-  - _UtilGetFileObjectFromFileName@12
-  - _UtilGetProcessName@12
-  - _UtilGetSystemDirectory@4
-  - _UtilGetSystemDirectoryEx@0
-  - _UtilGetSystemDirectoryLength@0
-  - _UtilGetSystemTime@4
-  - _UtilIoSetFileInfo@24
-  - _UtilIopCreateFileIRP@40
-  - _UtilKeGetLowFileDevice@16
-  - _UtilModuleIATHook@24
-  - _UtilModuleIATUnHook@8
-  - _UtilQueryKeyValue@24
-  - _UtilRemoveDeviceFromDriveTable@4
-  - _UtilVolumeDeviceToDosName@8
-  - _UtilWaitValueChangeToZero@8
-  - _UtilWriteVersionToRegistry@8
-  - _UtilbuildDynamicDiskMappingTable@0
-  - _UtlWriteBinValueKeyToRegistry@16
-  - __UtilDosPathNameToNtPathName@12
-  ImportedFunctions:
-  - wcsrchr
-  - KeSetEvent
-  - KePulseEvent
-  - KeClearEvent
-  - KeInitializeSemaphore
-  - KeWaitForSingleObject
-  - KeReleaseSemaphore
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - RtlSubAuthoritySid
-  - RtlInitializeSid
-  - ExAllocatePoolWithTag
-  - RtlLengthRequiredSid
-  - ExFreePoolWithTag
-  - RtlSetDaclSecurityDescriptor
-  - RtlCreateSecurityDescriptor
-  - RtlAddAccessAllowedAce
-  - RtlCreateAcl
-  - ObfDereferenceObject
-  - ZwSetEvent
-  - ZwClose
-  - ZwRequestWaitReplyPort
-  - ProbeForWrite
-  - ZwFreeVirtualMemory
-  - ZwAllocateVirtualMemory
-  - ObOpenObjectByPointer
-  - PsProcessType
-  - memmove
-  - ZwConnectPort
-  - RtlInitUnicodeString
-  - RtlUnicodeStringToInteger
-  - ZwCreateSection
-  - ZwWaitForSingleObject
-  - ZwOpenEvent
-  - ObfReferenceObject
-  - IoGetCurrentProcess
-  - DbgBreakPoint
-  - PsGetProcessExitTime
-  - MmSectionObjectType
-  - PsThreadType
-  - DbgPrint
-  - memset
-  - MmIsAddressValid
-  - ExInitializeResourceLite
-  - ExDeleteResourceLite
-  - ZwWriteFile
-  - ZwReadFile
-  - ZwQueryInformationFile
-  - ZwSetInformationFile
-  - ZwCreateFile
-  - swprintf
-  - towupper
-  - _wcsnicmp
-  - KeInitializeEvent
-  - _snprintf
-  - PsGetCurrentProcessId
-  - RtlTimeToTimeFields
-  - ExSystemTimeToLocalTime
-  - KeQuerySystemTime
-  - ZwCreateKey
-  - ZwCreateEvent
-  - KeWaitForMultipleObjects
-  - ObReferenceObjectByHandle
-  - ZwNotifyChangeKey
-  - PsGetCurrentThreadId
-  - _vsnprintf
-  - KeSetPriorityThread
-  - PsTerminateSystemThread
-  - PsCreateSystemThread
-  - KeNumberProcessors
-  - ZwQueryInformationProcess
-  - PsLookupProcessByProcessId
-  - KeDelayExecutionThread
-  - ZwOpenDirectoryObject
-  - PsSetCreateProcessNotifyRoutine
-  - ZwQuerySystemInformation
-  - ZwQueryDirectoryFile
-  - ZwQueryDirectoryObject
-  - ZwDuplicateObject
-  - ZwOpenKey
-  - ZwEnumerateKey
-  - ZwEnumerateValueKey
-  - ZwQueryValueKey
-  - ZwDeleteValueKey
-  - ZwDeleteKey
-  - ExGetPreviousMode
-  - ZwTerminateProcess
-  - ZwOpenProcess
-  - ZwQueryKey
-  - ZwSetValueKey
-  - MmHighestUserAddress
-  - IoFreeIrp
-  - memcpy
-  - MmUnlockPages
-  - IoBuildAsynchronousFsdRequest
-  - _strnicmp
-  - RtlQueryRegistryValues
-  - RtlAppendUnicodeToString
-  - _purecall
-  - ZwQuerySymbolicLinkObject
-  - ZwOpenSymbolicLinkObject
-  - NtClose
-  - ZwSetInformationObject
-  - _stricmp
-  - ZwUnmapViewOfSection
-  - ZwMapViewOfSection
-  - ZwOpenFile
-  - RtlEqualUnicodeString
-  - IoFileObjectType
-  - IoCreateFile
-  - IofCallDriver
-  - IoAllocateIrp
-  - MmBuildMdlForNonPagedPool
-  - IoAllocateMdl
-  - ProbeForRead
-  - PsGetVersion
-  - MmGetSystemRoutineAddress
-  - RtlCopyUnicodeString
-  - RtlCompareMemory
-  - _snwprintf
-  - RtlImageNtHeader
-  - RtlFreeUnicodeString
-  - RtlAnsiStringToUnicodeString
-  - RtlInitAnsiString
-  - strrchr
-  - ZwQueryVolumeInformationFile
-  - ObReferenceObjectByPointer
-  - ObQueryNameString
-  - IoBuildDeviceIoControlRequest
-  - IofCompleteRequest
-  - ExEventObjectType
-  - _allmul
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - IoCreateSymbolicLink
-  - IoGetDeviceObjectPointer
-  - RtlUpperChar
-  - RtlCompareUnicodeString
-  - strncpy
-  - KeServiceDescriptorTable
-  - NtOpenProcess
-  - ObOpenObjectByName
-  - IoDriverObjectType
-  - RtlAppendUnicodeStringToString
-  - strncmp
-  - NtQueryInformationProcess
-  - IoThreadToProcess
-  - PsIsThreadTerminating
-  - KeAddSystemServiceTable
-  - ZwQueryObject
-  - ZwQuerySecurityObject
-  - ObInsertObject
-  - _allrem
-  - IoReleaseVpbSpinLock
-  - IoAcquireVpbSpinLock
-  - SeCreateAccessState
-  - IoGetFileObjectGenericMapping
-  - RtlUpcaseUnicodeString
-  - ObCreateObject
-  - _allshr
-  - ExInterlockedPopEntrySList
-  - IoGetStackLimits
-  - IoBuildSynchronousFsdRequest
-  - MmSystemRangeStart
-  - wcsstr
-  - IoUnregisterPlugPlayNotification
-  - FsRtlIsNameInExpression
-  - IoGetConfigurationInformation
-  - MmProbeAndLockPages
-  - IoGetDeviceInterfaces
-  - IoRegisterPlugPlayNotification
-  - ExAllocatePool
-  - RtlFreeAnsiString
-  - RtlUnicodeStringToAnsiString
-  - strncat
-  - wcschr
-  - wcsncat
-  - wcstombs
-  - KeTickCount
-  - KeBugCheckEx
-  - RtlUnwind
-  - wcsncpy
-  - ExReleaseResourceLite
-  - ExAcquireResourceExclusiveLite
-  - ExAcquireResourceSharedLite
-  - ExReleaseFastMutexUnsafe
-  - KeLeaveCriticalRegion
-  - KeEnterCriticalRegion
-  - IoFreeMdl
-  - ExAcquireFastMutexUnsafe
-  - ZwSetSecurityObject
-  - IoDeviceObjectType
-  - IoCreateDevice
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetSaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - RtlLengthSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - SeExports
-  - IoIsWdmVersionAvailable
-  - RtlLengthSid
-  - RtlAbsoluteToSelfRelativeSD
-  - mbstowcs
-  - KeGetCurrentThread
-  - KfAcquireSpinLock
-  - KfReleaseSpinLock
-  - KeRaiseIrqlToDpcLevel
-  - KfLowerIrql
-  - KeGetCurrentIrql
-  - ExAcquireFastMutex
-  - ExReleaseFastMutex
-  - KfRaiseIrql
-  - ClassInitialize
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO
-        Time Stamping Signer
-      ValidFrom: '2010-05-10 00:00:00'
-      ValidTo: '2015-05-10 23:59:59'
-      Signature: c8fb63f80b75752c3af1f213a72db6a31a9cad0107d3348e77e0c26eae025d484fa4d221b636fd2a35437c6bdf80870b15f0763200b4ceb567a42f2f201b9c549e833f1f5f149562820f2241221f70b3f3f742de6c51cd4bf821ac9b3b8cb1e5e6288fce2a8af9aa524d8c5b77ba4d5a58dbbb6a04cc521e9de228370ebbe70e91c7f8dbf18198ebcd37b30eab65d362ec3aa576eb13a83593c92e0a01ecc0e8cc3d7eb6ebe2c1ecd3149282668750dcfd5097acb34a767306c486113ab35f4304526feab3d074364ccaf11b7984377063ad74b9aa0ef398b08608ebdbe01f8c10f239649bae4f0a2c928a4f18b591e58d1a935f1faef1a6f02e97d0d2f62b3c
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 478a8efb59e1d83f0ce142d2a28707be
-      Version: 3
-      TBS:
-        MD5: f13ede9179075999ef7f856ec31e364b
-        SHA1: 2f09867166e6107e17808317f5c8d4ee157f45bc
-        SHA256: 089a2c4c6ac7432020acdb65c33bf39130da6f37c002ba79128bd4c94e4fa101
-        SHA384: 67be6d358f4ecd0726163603a404db9d78c340951d43fd608482cd89a2de7f9566f0ce45f8222f420003157cb266b939
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-09-30 00:00:00'
-      ValidTo: '2014-01-01 23:59:59'
-      Signature: aedd211d5f8f807ad25209eadb6ed25d8be8c21b6904be51a5010e59fa37d174a3eedced89742b62d5a6bf4fad361754f013e0a345d24c26cbe26da21fd01e7a070fb6b37b6f5068a2e931b3b7997d8070a0a7de0b1ea4fff34d811bdd20c91cc4afcff18ffad9da95f0ecdc5cbfe88c5a3e7ab0a3eb59437411e09b1a6af36f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4d6290e58c54f0f1eb17341a1310e6a4
-      Version: 3
-      TBS:
-        MD5: b7d8444a70054990435f35a5630df5e1
-        SHA1: 4678c6e4a8787a8e6ed2bce8792b122f6c08afd8
-        SHA256: 0a8b4b359ea7890b358e56e436e9cfc6f32b037b2599b597ca7f7a80d475ec98
-        SHA384: ab21ee23bcdcf6f6066fb964d61467419ca8c0f3ad0b3fa2be4db6ed6af1cdff066b27d1988551c75836f22eddffef1f
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=TW, ST=Taiwan, L=Taipei, O=Trend Micro, Inc., OU=Digital ID Class
-        3 , Microsoft Software Validation v2, CN=Trend Micro, Inc.
-      ValidFrom: '2013-01-17 00:00:00'
-      ValidTo: '2014-03-18 23:59:59'
-      Signature: 65c7e1e0f4051179852b819153b528c88db47ef50e897cd8ce0d03a7cc2dc896c89790410182186fecaf9da5c317bf57b5038311c10c2ec5ddb5c18165a7e92f92a6f39c042262126c714337a7c528041a04679217c1475a30231c967ca63b4430ccea52fe4f16fabb5c454d2aa8cdde347b8beaa973d76b3f9ba99d2597939a33d67ec4abc3974ef3792b8bc90d092cce62309d205129bbcbd3554382f24b2911b4904b09e7f52f24f2cc5a52fa49f3a163c32fde076e917301f22dd45d643b95319bae922bc861e5a8f90d4dd72603c7b1ea0229eca869ab8d086ae5286baeba9b99a12856dc1d3cd9f6d9da4b8d5a85896ba4587d8eba506a4fbba4a7bb49
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1a9d178ad334acdf47c8a0d15bb50e6e
-      Version: 3
-      TBS:
-        MD5: 685d99029d38a9d263ea82cd02a49f6c
-        SHA1: 93464d8f54b4ee7caf22ca1db15a4211e0d3c79e
-        SHA256: 894991f1477dff88c7c0707531073bb59483750bcad672fc388179affca07aa9
-        SHA384: e1e5526fbf2108b827717adc49e251251bb8d43a578cd1796da78fcb26c1757b2779616c46e05caf593c2c5046ac60b4
-    Signer:
-    - SerialNumber: 1a9d178ad334acdf47c8a0d15bb50e6e
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 01697b3eff62a3013d7497c38b3d0912
-    SHA1: 92ba287f9a361cd285dec165334bbe382f84fbdf
-    SHA256: f63b567f5dd45b44a7a0d5177f8f6afad21bc8fb958ff75651ad3c55956f9008
-  Sections:
-    .text:
-      Entropy: 6.659355150585429
-      Virtual Size: '0x2f4ea'
-    .rdata:
-      Entropy: 4.941878386974578
-      Virtual Size: '0x222c'
-    .data:
-      Entropy: 4.467965598104597
-      Virtual Size: '0x2994'
-    PAGE:
-      Entropy: 6.2490971863519
-      Virtual Size: '0x13dd'
-    .edata:
-      Entropy: 5.856804490247286
-      Virtual Size: '0x4c13'
-    INIT:
-      Entropy: 5.700073457087385
-      Virtual Size: '0x15b2'
-    .rsrc:
-      Entropy: 3.406112394615697
-      Virtual Size: '0x758'
-    .reloc:
-      Entropy: 6.5624235881747826
-      Virtual Size: '0x2c98'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2013-09-02 01:57:59'
-  Imphash: 084b99aebda8a13e4f774a2ced272e85
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: TmComm.sys
-  MD5: 1db988eb9ac5f99756c33b91830a9cf6
-  SHA1: 4471935df0e68fe149425703b66f1efca3d82168
-  SHA256: 818e396595d08d724666803cd29dac566dc7db23bf50e9919d04b33afa988c01
-  Authentihash:
-    MD5: a134546e7fd28a27327fd6e4c7ddad9e
-    SHA1: 3f0972132e791e4b24c6a390633aff670afd7ccc
-    SHA256: 3912c38f4c09b107ee9bbb60f43a8193d6bacf00bfb3b59b7b146d76594797cf
-  Description: TrendMicro Common Module
-  Company: Trend Micro Inc.
-  InternalName: TmComm.sys
-  OriginalFilename: TmComm.sys
-  FileVersion: 7.30.0.1078
-  Product: Trend Micro Eyes
-  ProductVersion: '7.30'
-  Copyright: Copyright  (C)  2017 Trend Micro Incorporated. All rights reserved.
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions:
-  - ??0CAutoUpdateConfigThread@@QEAA@AEBV0@@Z
-  - ??0CAutoUpdateConfigThread@@QEAA@PEAU_UNICODE_STRING@@P6AX0PEAX@Z1@Z
-  - ??0CBlobConfig@@QEAA@AEBV0@@Z
-  - ??0CBlobConfig@@QEAA@K@Z
-  - ??0CContext@@QEAA@AEBV0@@Z
-  - ??0CContext@@QEAA@KP6AJPEAU_EVENT_REPORT@@PEAXPEAU_TMCE_REPORT@@PEAU_TMCE_FEEDBACK@@@Z1K@Z
-  - ??0CContextList@@QEAA@AEBV0@@Z
-  - ??0CContextList@@QEAA@KPEAVIMemoryAllocator@@@Z
-  - ??0CDebugLog@@QEAA@AEBV0@@Z
-  - ??0CDebugLog@@QEAA@PEBG@Z
-  - ??0CDebugLogEx@@QEAA@AEBV0@@Z
-  - ??0CDebugLogEx@@QEAA@K@Z
-  - ??0CDelayLoadThread@@QEAA@AEBV0@@Z
-  - ??0CDelayLoadThread@@QEAA@XZ
-  - ??0CExclusionExtConfig@@QEAA@AEBV0@@Z
-  - ??0CExclusionExtConfig@@QEAA@KKE@Z
-  - ??0CExclusionFileNameConfig@@QEAA@AEBV0@@Z
-  - ??0CExclusionFileNameConfig@@QEAA@KK@Z
-  - ??0CExclusionFilePathConfig@@QEAA@AEBV0@@Z
-  - ??0CExclusionFilePathConfig@@QEAA@KK@Z
-  - ??0CExclusionFolderConfig@@QEAA@AEBV0@@Z
-  - ??0CExclusionFolderConfig@@QEAA@KK@Z
-  - ??0CExclusionRegistryConfig@@QEAA@AEBV0@@Z
-  - ??0CExclusionRegistryConfig@@QEAA@KK@Z
-  - ??0CFile@@QEAA@AEBV0@@Z
-  - ??0CFile@@QEAA@E@Z
-  - ??0CFileExtension@@QEAA@AEBV0@@Z
-  - ??0CFileExtension@@QEAA@KEEPEAVIMemoryAllocator@@@Z
-  - ??0CInclusionExtConfig@@QEAA@AEBV0@@Z
-  - ??0CInclusionExtConfig@@QEAA@KKE@Z
-  - ??0CInclusionFileNameConfig@@QEAA@AEBV0@@Z
-  - ??0CInclusionFileNameConfig@@QEAA@KK@Z
-  - ??0CInclusionFilePathConfig@@QEAA@AEBV0@@Z
-  - ??0CInclusionFilePathConfig@@QEAA@KK@Z
-  - ??0CInclusionFolderConfig@@QEAA@AEBV0@@Z
-  - ??0CInclusionFolderConfig@@QEAA@KK@Z
-  - ??0CKEvent@@QEAA@AEBV0@@Z
-  - ??0CKEvent@@QEAA@W4_EVENT_TYPE@@E@Z
-  - ??0CList@@QEAA@AEBV0@@Z
-  - ??0CList@@QEAA@KPEAVIMemoryAllocator@@@Z
-  - ??0CLockEvent@@QEAA@AEBV0@@Z
-  - ??0CLockEvent@@QEAA@XZ
-  - ??0CLockList@@QEAA@AEBV0@@Z
-  - ??0CLockList@@QEAA@KKPEAVIMemoryAllocator@@@Z
-  - ??0CMemoryAllocator@@IEAA@W4_POOL_TYPE@@K@Z
-  - ??0CMemoryAllocator@@QEAA@AEBV0@@Z
-  - ??0CMemoryPoolAllocator@@IEAA@W4_POOL_TYPE@@_K1K@Z
-  - ??0CMemoryPoolAllocator@@QEAA@AEBV0@@Z
-  - ??0CModuleConfig@@QEAA@AEBV0@@Z
-  - ??0CModuleConfig@@QEAA@XZ
-  - ??0CModuleConfigList@@QEAA@AEBV0@@Z
-  - ??0CModuleConfigList@@QEAA@KPEAVIMemoryAllocator@@@Z
-  - ??0CModuleFileExtConfig@@QEAA@AEBV0@@Z
-  - ??0CModuleFileExtConfig@@QEAA@KKE@Z
-  - ??0CModuleFlagConfig@@QEAA@AEBV0@@Z
-  - ??0CModuleFlagConfig@@QEAA@K@Z
-  - ??0CModuleMultiStringConfig@@QEAA@AEBV0@@Z
-  - ??0CModuleMultiStringConfig@@QEAA@KK@Z
-  - ??0CModuleStringConfig@@QEAA@AEBV0@@Z
-  - ??0CModuleStringConfig@@QEAA@K@Z
-  - ??0CNoLockList@@QEAA@AEBV0@@Z
-  - ??0CNoLockList@@QEAA@KKPEAVIMemoryAllocator@@@Z
-  - ??0CSmartLock@@QEAA@AEAVCLockEvent@@@Z
-  - ??0CSmartLock@@QEAA@XZ
-  - ??0CSmartReference@@QEAA@AEAJ@Z
-  - ??0CSmartReference@@QEAA@AEAK@Z
-  - ??0CSmartResource@@QEAA@AEAVCResource@@E@Z
-  - ??0CStrList@@QEAA@AEBV0@@Z
-  - ??0CStrList@@QEAA@KPEAVIMemoryAllocator@@@Z
-  - ??0CSystemThread@@QEAA@AEBV0@@Z
-  - ??0CSystemThread@@QEAA@K@Z
-  - ??0CUserFuncAdapterJob@@QEAA@AEBV0@@Z
-  - ??0CUserFuncAdapterJob@@QEAA@P6AXPEAX@Z01@Z
-  - ??0CWorkerThread@@IEAA@PEAVCWorkerThreadJobQueue@@@Z
-  - ??0CWorkerThread@@QEAA@AEBV0@@Z
-  - ??0CWorkerThreadJob@@QEAA@AEBV0@@Z
-  - ??0CWorkerThreadJob@@QEAA@E@Z
-  - ??0CWorkerThreadJobQueue@@QEAA@AEBV0@@Z
-  - ??0CWorkerThreadJobQueue@@QEAA@K@Z
-  - ??0CWorkerThreadPool@@QEAA@AEBV0@@Z
-  - ??0CWorkerThreadPool@@QEAA@K@Z
-  - ??0CWorkerThreadPoolEx@@QEAA@AEBV0@@Z
-  - ??0CWorkerThreadPoolEx@@QEAA@KK@Z
-  - ??0IMemoryAllocator@@QEAA@AEBV0@@Z
-  - ??0IMemoryAllocator@@QEAA@XZ
-  - ??1CAutoUpdateConfigThread@@UEAA@XZ
-  - ??1CBlobConfig@@UEAA@XZ
-  - ??1CContext@@UEAA@XZ
-  - ??1CContextList@@UEAA@XZ
-  - ??1CDebugLog@@UEAA@XZ
-  - ??1CDebugLogEx@@UEAA@XZ
-  - ??1CDelayLoadThread@@UEAA@XZ
-  - ??1CExclusionExtConfig@@UEAA@XZ
-  - ??1CExclusionFileNameConfig@@UEAA@XZ
-  - ??1CExclusionFilePathConfig@@UEAA@XZ
-  - ??1CExclusionFolderConfig@@UEAA@XZ
-  - ??1CExclusionRegistryConfig@@UEAA@XZ
-  - ??1CFile@@UEAA@XZ
-  - ??1CFileExtension@@UEAA@XZ
-  - ??1CInclusionExtConfig@@UEAA@XZ
-  - ??1CInclusionFileNameConfig@@UEAA@XZ
-  - ??1CInclusionFilePathConfig@@UEAA@XZ
-  - ??1CInclusionFolderConfig@@UEAA@XZ
-  - ??1CKEvent@@UEAA@XZ
-  - ??1CList@@UEAA@XZ
-  - ??1CLockEvent@@UEAA@XZ
-  - ??1CLockList@@UEAA@XZ
-  - ??1CMemoryAllocator@@UEAA@XZ
-  - ??1CMemoryPoolAllocator@@UEAA@XZ
-  - ??1CModuleConfig@@UEAA@XZ
-  - ??1CModuleConfigList@@UEAA@XZ
-  - ??1CModuleFileExtConfig@@UEAA@XZ
-  - ??1CModuleFlagConfig@@UEAA@XZ
-  - ??1CModuleMultiStringConfig@@UEAA@XZ
-  - ??1CModuleStringConfig@@UEAA@XZ
-  - ??1CNoLockList@@UEAA@XZ
-  - ??1CSmartLock@@QEAA@XZ
-  - ??1CSmartReference@@QEAA@XZ
-  - ??1CSmartResource@@QEAA@XZ
-  - ??1CStrList@@UEAA@XZ
-  - ??1CSystemThread@@UEAA@XZ
-  - ??1CUserFuncAdapterJob@@UEAA@XZ
-  - ??1CWorkerThread@@UEAA@XZ
-  - ??1CWorkerThreadJob@@UEAA@XZ
-  - ??1CWorkerThreadJobQueue@@UEAA@XZ
-  - ??1CWorkerThreadPool@@UEAA@XZ
-  - ??1CWorkerThreadPoolEx@@UEAA@XZ
-  - ??1IMemoryAllocator@@UEAA@XZ
-  - ??2@YAPEAX_KPEAVIMemoryAllocator@@PEBDK@Z
-  - ??2CMemoryAllocator@@SAPEAX_K@Z
-  - ??2CMemoryPoolAllocator@@SAPEAX_K@Z
-  - ??3@YAXPEAX@Z
-  - ??3@YAXPEAX_K@Z
-  - ??3IMemoryAllocator@@SAXPEAX@Z
-  - ??4CAutoUpdateConfigThread@@QEAAAEAV0@AEBV0@@Z
-  - ??4CBlobConfig@@QEAAAEAV0@AEBV0@@Z
-  - ??4CContext@@QEAAAEAV0@AEBV0@@Z
-  - ??4CDebugLog@@QEAAAEAV0@AEBV0@@Z
-  - ??4CDebugLogEx@@QEAAAEAV0@AEBV0@@Z
-  - ??4CDelayLoadThread@@QEAAAEAV0@AEBV0@@Z
-  - ??4CFile@@QEAAAEAV0@AEBV0@@Z
-  - ??4CKEvent@@QEAAAEAV0@AEBV0@@Z
-  - ??4CLockEvent@@QEAAAEAV0@AEBV0@@Z
-  - ??4CMemoryAllocator@@QEAAAEAV0@AEBV0@@Z
-  - ??4CMemoryPoolAllocator@@QEAAAEAV0@AEBV0@@Z
-  - ??4CModuleConfig@@QEAAAEAV0@AEBV0@@Z
-  - ??4CModuleFlagConfig@@QEAAAEAV0@AEBV0@@Z
-  - ??4CModuleStringConfig@@QEAAAEAV0@AEBV0@@Z
-  - ??4CSmartLock@@QEAAAEAV0@AEBV0@@Z
-  - ??4CSmartLock@@QEAAAEBV0@AEAVCLockEvent@@@Z
-  - ??4CSmartResource@@QEAAAEAV0@AEBV0@@Z
-  - ??4CSystemThread@@QEAAAEAV0@AEBV0@@Z
-  - ??4CUserFuncAdapterJob@@QEAAAEAV0@AEBV0@@Z
-  - ??4CWorkerThread@@QEAAAEAV0@AEBV0@@Z
-  - ??4CWorkerThreadJob@@QEAAAEAV0@AEBV0@@Z
-  - ??4IMemoryAllocator@@QEAAAEAV0@AEBV0@@Z
-  - ??_7CAutoUpdateConfigThread@@6B@
-  - ??_7CBlobConfig@@6B@
-  - ??_7CContext@@6B@
-  - ??_7CContextList@@6B@
-  - ??_7CDebugLog@@6B@
-  - ??_7CDebugLogEx@@6B@
-  - ??_7CDelayLoadThread@@6B@
-  - ??_7CExclusionExtConfig@@6B@
-  - ??_7CExclusionFileNameConfig@@6B@
-  - ??_7CExclusionFilePathConfig@@6B@
-  - ??_7CExclusionFolderConfig@@6B@
-  - ??_7CExclusionRegistryConfig@@6B@
-  - ??_7CFile@@6B@
-  - ??_7CFileExtension@@6B@
-  - ??_7CInclusionExtConfig@@6B@
-  - ??_7CInclusionFileNameConfig@@6B@
-  - ??_7CInclusionFilePathConfig@@6B@
-  - ??_7CInclusionFolderConfig@@6B@
-  - ??_7CKEvent@@6B@
-  - ??_7CList@@6B@
-  - ??_7CLockEvent@@6B@
-  - ??_7CLockList@@6B@
-  - ??_7CMemoryAllocator@@6B@
-  - ??_7CMemoryPoolAllocator@@6B@
-  - ??_7CModuleConfig@@6B@
-  - ??_7CModuleConfigList@@6B@
-  - ??_7CModuleFileExtConfig@@6B@
-  - ??_7CModuleFlagConfig@@6B@
-  - ??_7CModuleMultiStringConfig@@6B@
-  - ??_7CModuleStringConfig@@6B@
-  - ??_7CNoLockList@@6B@
-  - ??_7CStrList@@6B@
-  - ??_7CSystemThread@@6B@
-  - ??_7CUserFuncAdapterJob@@6B@
-  - ??_7CWorkerThread@@6B@
-  - ??_7CWorkerThreadJob@@6B@
-  - ??_7CWorkerThreadJobQueue@@6B@
-  - ??_7CWorkerThreadPool@@6B@
-  - ??_7CWorkerThreadPoolEx@@6B@
-  - ??_7IMemoryAllocator@@6B@
-  - ??_FCContextList@@QEAAXXZ
-  - ??_FCFile@@QEAAXXZ
-  - ??_FCFileExtension@@QEAAXXZ
-  - ??_FCModuleConfigList@@QEAAXXZ
-  - ??_FCStrList@@QEAAXXZ
-  - ??_FCSystemThread@@QEAAXXZ
-  - ??_FCWorkerThread@@QEAAXXZ
-  - ??_FCWorkerThreadJob@@QEAAXXZ
-  - ??_FCWorkerThreadJobQueue@@QEAAXXZ
-  - ??_U@YAPEAX_KPEAVIMemoryAllocator@@PEBDK@Z
-  - ??_V@YAXPEAX@Z
-  - ??_V@YAXPEAX_K@Z
-  - ?Acquire@CLockEvent@@QEAAXXZ
-  - ?Add@CContextList@@QEAAEPEAVCContext@@@Z
-  - ?Add@CFileExtension@@QEAAEPEBGK@Z
-  - ?Add@CModuleConfigList@@QEAAEPEAVCModuleConfig@@@Z
-  - ?Add@CStrList@@QEAAEPEBG@Z
-  - ?AddNode@CLockList@@UEAAEQEAXE@Z
-  - ?AddNode@CNoLockList@@UEAAEQEAXE@Z
-  - ?Alloc@CMemoryAllocator@@UEAAPEAX_KPEBDK@Z
-  - ?Alloc@CMemoryPoolAllocator@@UEAAPEAX_KPEBDK@Z
-  - ?AllocBlock@CMemoryPoolAllocator@@IEAAPEAX_K@Z
-  - ?AttachJobQueue@CWorkerThread@@QEAAXPEAVCWorkerThreadJobQueue@@@Z
-  - ?Cancel@CWorkerThreadJob@@QEAAXXZ
-  - ?CheckNode@CLockList@@UEAAHQEAX@Z
-  - ?CheckNode@CNoLockList@@UEAAHQEAX@Z
-  - ?CleanQueue@CWorkerThreadJobQueue@@QEAAXXZ
-  - ?Cleanup@CBlobConfig@@AEAAXXZ
-  - ?Cleanup@CModuleFileExtConfig@@IEAAXXZ
-  - ?Cleanup@CModuleMultiStringConfig@@IEAAXXZ
-  - ?Cleanup@CModuleStringConfig@@AEAAXXZ
-  - ?Close@CFile@@QEAAJXZ
-  - ?Count@CLockList@@QEAAKXZ
-  - ?Count@CNoLockList@@QEAAKXZ
-  - ?Create@CFile@@QEAAJPEBGKKKK@Z
-  - ?Create@CSystemThread@@QEAAEXZ
-  - ?CreateInstance@CMemoryAllocator@@SAPEAV1@W4_POOL_TYPE@@K@Z
-  - ?CreateInstance@CMemoryPoolAllocator@@SAPEAV1@W4_POOL_TYPE@@_K1K@Z
-  - ?CreatePool@CWorkerThreadPool@@QEAAEXZ
-  - ?CreatePool@CWorkerThreadPoolEx@@QEAAEXZ
-  - ?CreateThreads@CWorkerThreadPool@@QEAAEK@Z
-  - ?CreateThreads@CWorkerThreadPoolEx@@QEAAEK@Z
-  - ?CreateWIRP@CFile@@QEAAJPEBGKKKK@Z
-  - ?Delete@CFile@@QEAAJXZ
-  - ?Delete@CFileExtension@@QEAAEPEBGK@Z
-  - ?Delete@CStrList@@QEAAEPEBG@Z
-  - ?DeleteAll@CList@@UEAAXXZ
-  - ?DeleteAll@CLockList@@UEAAXXZ
-  - ?DeleteAll@CNoLockList@@UEAAXXZ
-  - ?DeleteNode@CContextList@@MEAAXPEAX@Z
-  - ?DeleteNode@CList@@UEAAXPEAX@Z
-  - ?DeleteNode@CModuleConfigList@@MEAAXPEAX@Z
-  - ?DeleteNode@CStrList@@EEAAXPEAU_STR_LIST_NODE@1@@Z
-  - ?DisableWriteProtectFromCR0@@YAXPEAPEAX@Z
-  - ?DoIt@CWorkerThreadJob@@QEAAJXZ
-  - ?EntryPoint@CSystemThread@@KAXPEAX@Z
-  - ?Find@CContextList@@QEAAPEAVCContext@@K@Z
-  - ?Find@CContextList@@QEAAPEAVCContext@@PEAX@Z
-  - ?Find@CFileExtension@@QEAAPEAU_STR_LIST_NODE@CStrList@@PEBGK@Z
-  - ?Find@CModuleConfigList@@QEAAPEAVCModuleConfig@@K@Z
-  - ?Find@CStrList@@QEAAPEAU_STR_LIST_NODE@1@PEBG@Z
-  - ?FindNode@CContextList@@IEAAPEAXPEAX@Z
-  - ?FindPartiallyAndAllMatch@CStrList@@QEAAPEAU_STR_LIST_NODE@1@PEBG@Z
-  - ?FinishFunction@CUserFuncAdapterJob@@MEAAXXZ
-  - ?FinishIt@CWorkerThreadJob@@QEAAJXZ
-  - ?First@CList@@UEAAPEAXXZ
-  - ?First@CLockList@@UEAAPEAXXZ
-  - ?First@CNoLockList@@UEAAPEAXXZ
-  - ?Free@CMemoryAllocator@@UEAAXPEAX@Z
-  - ?Free@CMemoryPoolAllocator@@UEAAXPEAX@Z
-  - ?GetAttributes@CFile@@QEAAKXZ
-  - ?GetBasicInfomration@CFile@@IEAAJXZ
-  - ?GetBlobCofig@CContext@@UEAAJKPEAXPEAK@Z
-  - ?GetCategory@CContext@@QEAAKXZ
-  - ?GetData@CBlobConfig@@QEAAHPEAXPEAK@Z
-  - ?GetData@CModuleFileExtConfig@@QEAAHPEAGPEAK@Z
-  - ?GetData@CModuleFileExtConfig@@QEAAPEAVCFileExtension@@XZ
-  - ?GetData@CModuleFlagConfig@@QEAAKXZ
-  - ?GetData@CModuleMultiStringConfig@@QEAAHPEAGPEAK@Z
-  - ?GetData@CModuleMultiStringConfig@@QEAAPEAVCStrList@@XZ
-  - ?GetData@CModuleStringConfig@@QEAAPEAGXZ
-  - ?GetData@CStrList@@QEAAEPEAGPEAK@Z
-  - ?GetDataType@CModuleConfig@@QEAAKXZ
-  - ?GetEngineContext@CContext@@QEAAPEAXXZ
-  - ?GetFileExtensionConfig@CContext@@QEAAPEAVCFileExtension@@K@Z
-  - ?GetFileExtensionConfig@CContext@@UEAAJKPEAGPEAK@Z
-  - ?GetFileSize@CFile@@QEAAJPEAT_LARGE_INTEGER@@@Z
-  - ?GetFileSizeWIRP@CFile@@QEAAJPEAT_LARGE_INTEGER@@@Z
-  - ?GetFlagConfig@CContext@@UEAAJKPEAK@Z
-  - ?GetID@CModuleConfig@@QEAAKXZ
-  - ?GetJob@CWorkerThreadJobQueue@@QEAAPEAVCWorkerThreadJob@@XZ
-  - ?GetLength@CModuleStringConfig@@QEAAKXZ
-  - ?GetLinkContext@CContext@@QEAAPEAXXZ
-  - ?GetLogFlag@CDebugLog@@QEAAKXZ
-  - ?GetLogFlag@CDebugLogEx@@QEAAKXZ
-  - ?GetModuleId@CModuleConfig@@QEAAKXZ
-  - ?GetMultiStringConfig@CContext@@QEAAPEAVCStrList@@K@Z
-  - ?GetMultiStringConfig@CContext@@UEAAJKPEAGPEAK@Z
-  - ?GetOneThreadTEB@CWorkerThreadPool@@QEAAPEAU_ETHREAD@@XZ
-  - ?GetOneThreadTEB@CWorkerThreadPool@@QEAAPEAU_KTHREAD@@XZ
-  - ?GetOneThreadTEB@CWorkerThreadPoolEx@@QEAAPEAU_ETHREAD@@XZ
-  - ?GetOneThreadTEB@CWorkerThreadPoolEx@@QEAAPEAU_KTHREAD@@XZ
-  - ?GetReportCallBackRoutine@CContext@@QEAA_KXZ
-  - ?GetSize@CBlobConfig@@QEAAKXZ
-  - ?GetStringConfig@CContext@@QEAAPEAGK@Z
-  - ?GetStringConfig@CContext@@UEAAJKPEAGPEAK@Z
-  - ?GetThreadCount@CWorkerThreadPool@@QEAAKXZ
-  - ?GetThreadCount@CWorkerThreadPoolEx@@QEAAKXZ
-  - ?GetThreadID@CSystemThread@@QEAA_KXZ
-  - ?GetType@CContext@@QEAAKXZ
-  - ?GetUserParameter@CContext@@QEAA_KXZ
-  - ?InitProcMon@CDebugLogEx@@IEAAXXZ
-  - ?InitializeBlobConfig@CContext@@QEAAHKPEAXK@Z
-  - ?InitializeFileExtensionConfig@CContext@@QEAAHKPEBG@Z
-  - ?InitializeFlagConfig@CContext@@QEAAHKK@Z
-  - ?InitializeMultiStringConfig@CContext@@QEAAHKPEBG@Z
-  - ?InitializeStringConfig@CContext@@QEAAHKPEBG@Z
-  - ?Insert@CList@@UEAAXQEAXE@Z
-  - ?Insert@CLockList@@UEAAXQEAXE@Z
-  - ?Insert@CNoLockList@@UEAAXQEAXE@Z
-  - ?InsertAfter@CList@@UEAAXPEAX0@Z
-  - ?InsertBefore@CList@@UEAAXPEAX0@Z
-  - ?Instance@CWorkerThreadPool@@SAPEAV1@XZ
-  - ?IsEmpty@CList@@UEAAEXZ
-  - ?IsEmpty@CLockList@@UEAAEXZ
-  - ?IsEmpty@CNoLockList@@UEAAEXZ
-  - ?IsExceedLimitation@CMemoryPoolAllocator@@IEAAEK@Z
-  - ?IsFull@CLockList@@QEBAEXZ
-  - ?IsFull@CNoLockList@@QEBAEXZ
-  - ?IsInExclusionList@CExclusionExtConfig@@QEAAEPEBG@Z
-  - ?IsInExclusionList@CExclusionFileNameConfig@@QEAAEPEBG@Z
-  - ?IsInExclusionList@CExclusionFilePathConfig@@QEAAEPEBG@Z
-  - ?IsInExclusionList@CExclusionFolderConfig@@QEAAEPEBG@Z
-  - ?IsInExclusionList@CExclusionRegistryConfig@@QEAAEPEBG@Z
-  - ?IsInInclusionList@CInclusionExtConfig@@QEAAEPEBG@Z
-  - ?IsInInclusionList@CInclusionFileNameConfig@@QEAAEPEBG@Z
-  - ?IsInInclusionList@CInclusionFilePathConfig@@QEAAEPEBG@Z
-  - ?IsInInclusionList@CInclusionFolderConfig@@QEAAEPEBG@Z
-  - ?IsOpened@CFile@@QEAAEXZ
-  - ?IsTerminated@CWorkerThreadPool@@QEAAEXZ
-  - ?IsTerminated@CWorkerThreadPoolEx@@QEAAEXZ
-  - ?IsValid@CMemoryAllocator@@UEAAEXZ
-  - ?IsValid@CMemoryPoolAllocator@@UEAAEXZ
-  - ?IsValid@IMemoryAllocator@@UEAAEXZ
-  - ?IsWorkerThread@CWorkerThreadPool@@QEAAE_K@Z
-  - ?IsWorkerThread@CWorkerThreadPoolEx@@QEAAE_K@Z
-  - ?JobFunction@CUserFuncAdapterJob@@MEAAXXZ
-  - ?JobQueue@CWorkerThreadPool@@QEAAAEAVCWorkerThreadJobQueue@@XZ
-  - ?JobQueue@CWorkerThreadPoolEx@@QEAAAEAVCWorkerThreadJobQueue@@XZ
-  - ?Limit@CLockList@@QEAAKXZ
-  - ?Limit@CNoLockList@@QEAAKXZ
-  - ?MatchAllExtensions@CFileExtension@@QEAAEXZ
-  - ?MatchNoExtensions@CFileExtension@@QEAAEXZ
-  - ?MergeLeft@CMemoryPoolAllocator@@IEAAPEAXPEAX@Z
-  - ?MergeRight@CMemoryPoolAllocator@@IEAAPEAXPEAX@Z
-  - ?NeedDelete@CWorkerThreadJob@@QEAAEXZ
-  - ?NeedDeleteWhenFinish@CWorkerThreadJob@@QEAAXE@Z
-  - ?NewNode@CList@@UEAAPEAXXZ
-  - ?NewNode@CStrList@@EEAAPEAXXZ
-  - ?NewNodeVariant@CList@@IEAAPEAXK@Z
-  - ?Next@CList@@UEBAPEAXQEAX@Z
-  - ?Next@CLockList@@UEBAPEAXQEAX@Z
-  - ?Next@CNoLockList@@UEBAPEAXQEAX@Z
-  - ?NextPool@CMemoryPoolAllocator@@QEAAPEAV1@XZ
-  - ?NotityTerminate@CWorkerThread@@QEAAXXZ
-  - ?PostJobToWorkerThread@CWorkerThreadPool@@QEAAJP6AXPEAX@Z0E@Z
-  - ?PostJobToWorkerThread@CWorkerThreadPoolEx@@QEAAJP6AXPEAX@Z0E1@Z
-  - ?Pulse@CKEvent@@QEAAJJE@Z
-  - ?QueueJob@CWorkerThreadJobQueue@@QEAAEPEAVCWorkerThreadJob@@@Z
-  - ?QueueJobItem@CWorkerThreadPool@@QEAAJPEAVCWorkerThreadJob@@@Z
-  - ?QueueJobItem@CWorkerThreadPoolEx@@QEAAJPEAVCWorkerThreadJob@@@Z
-  - ?RCMInstance@CWorkerThreadPool@@SAPEAV1@XZ
-  - ?Read@CFile@@QEAAJPEADKPEAK@Z
-  - ?ReadWIRP@CFile@@QEAAJPEADKPEAK@Z
-  - ?ReferenceCount@CContext@@QEAAAEAKXZ
-  - ?Release@CLockEvent@@QEAAXXZ
-  - ?Remove@CContextList@@UEAAEQEAX@Z
-  - ?Remove@CList@@UEAAEQEAX@Z
-  - ?Remove@CLockList@@UEAAEQEAX@Z
-  - ?Remove@CNoLockList@@UEAAEQEAX@Z
-  - ?RemoveHead@CList@@UEAAPEAXXZ
-  - ?RemoveHead@CLockList@@UEAAPEAXXZ
-  - ?RemoveHead@CNoLockList@@UEAAPEAXXZ
-  - ?RemoveTail@CList@@UEAAPEAXXZ
-  - ?RemoveTail@CLockList@@UEAAPEAXXZ
-  - ?RemoveTail@CNoLockList@@UEAAPEAXXZ
-  - ?Reset@CKEvent@@QEAAXXZ
-  - ?ResetData@CInclusionExtConfig@@QEAAXXZ
-  - ?ResetData@CInclusionFileNameConfig@@QEAAXXZ
-  - ?ResetData@CInclusionFilePathConfig@@QEAAXXZ
-  - ?ResetData@CInclusionFolderConfig@@QEAAXXZ
-  - ?RestoreCR0@@YAXPEAX@Z
-  - ?Run@CAutoUpdateConfigThread@@UEAAXXZ
-  - ?Run@CDelayLoadThread@@UEAAXXZ
-  - ?Run@CWorkerThread@@UEAAXXZ
-  - ?SeekToEnd@CFile@@QEAAJXZ
-  - ?Set@CKEvent@@QEAAJJE@Z
-  - ?SetAttributes@CFile@@QEAAJK@Z
-  - ?SetBlobCofig@CContext@@UEAAJKPEAXK@Z
-  - ?SetData@CBlobConfig@@QEAAHPEAXK@Z
-  - ?SetData@CModuleFileExtConfig@@QEAAHPEBG@Z
-  - ?SetData@CModuleFlagConfig@@QEAAHK@Z
-  - ?SetData@CModuleMultiStringConfig@@QEAAHPEBGK@Z
-  - ?SetData@CModuleStringConfig@@QEAAHPEBG@Z
-  - ?SetEngineContext@CContext@@QEAAXPEAX@Z
-  - ?SetFileExtensionConfig@CContext@@UEAAJKPEBG@Z
-  - ?SetFlagConfig@CContext@@UEAAJKK@Z
-  - ?SetLinkContext@CContext@@QEAAXPEAX@Z
-  - ?SetLogFlag@CDebugLog@@QEAAEK@Z
-  - ?SetLogFlag@CDebugLogEx@@QEAAEK@Z
-  - ?SetMatchAllExtensions@CFileExtension@@QEAAXE@Z
-  - ?SetMatchNoExtensions@CFileExtension@@QEAAXE@Z
-  - ?SetMultiStringConfig@CContext@@UEAAJKPEBG@Z
-  - ?SetNewJobItemEvent@CWorkerThreadJobQueue@@QEAAXXZ
-  - ?SetPriority@CSystemThread@@QEAAXK@Z
-  - ?SetStopUse@CContext@@QEAAXXZ
-  - ?SetStringConfig@CContext@@UEAAJKPEBG@Z
-  - ?Setup@CSystemThread@@MEAAXXZ
-  - ?StopUse@CContext@@QEAAHXZ
-  - ?TearDown@CSystemThread@@MEAAXXZ
-  - ?Terminate@CSystemThread@@QEAAXE@Z
-  - ?Terminate@CWorkerThreadPool@@QEAAEXZ
-  - ?Terminate@CWorkerThreadPoolEx@@QEAAEXZ
-  - ?TmExceptionFilter@@YAJPEAU_EXCEPTION_POINTERS@@@Z
-  - ?Wait@CKEvent@@QEAAJPEAT_LARGE_INTEGER@@E@Z
-  - ?WaitFinish@CWorkerThreadJob@@QEAAXXZ
-  - ?WaitForInit@CDelayLoadThread@@QEAAEXZ
-  - ?WaitForLoad@CDelayLoadThread@@QEAAEXZ
-  - ?WaitNewJobAvailable@CWorkerThreadJobQueue@@QEAAEXZ
-  - ?WaitQueueEmpty@CWorkerThreadJobQueue@@QEAAXXZ
-  - ?Write@CDebugLog@@QEAAXPEBDZZ
-  - ?Write@CDebugLogEx@@QEAAXPEBDZZ
-  - ?Write@CFile@@QEAAJPEADKPEAT_LARGE_INTEGER@@PEAK@Z
-  - ?WriteDataToFile@CDebugLogEx@@IEAAXPEADK@Z
-  - ?WriteDataToProcMonW@CDebugLogEx@@IEAAXPEAD@Z
-  - ?WriteSystemInformation@CDebugLog@@QEAAXXZ
-  - ?WriteSystemInformation@CDebugLogEx@@QEAAXXZ
-  - ?WriteSystemStringInformation@CDebugLog@@IEAAXPEBG@Z
-  - ?WriteSystemStringInformation@CDebugLogEx@@IEAAXPEBG@Z
-  - ?WriteToFile@CDebugLog@@IEAAXPEADK@Z
-  - ?WriteToProcMonW@CDebugLogEx@@IEAAXPEAU_UNICODE_STRING@@@Z
-  - ?_pNonPagedAllocator@@3PEAVCMemoryAllocator@@EA
-  - ?_pPagedAllocator@@3PEAVCMemoryAllocator@@EA
-  - ?m_lpInstance@CWorkerThreadPool@@1PEAV1@EA
-  - ?m_lpRCMInstance@CWorkerThreadPool@@1PEAV1@EA
-  - AllocFullFileName
-  - DeInitKm2UmCommunication
-  - DeInitKmLPC
-  - DuplicateFullFileName
-  - FreeFullFileName
-  - GetKm2UmMode
-  - GetModuleInfoByAddress
-  - GetModuleInfoByModuleName
-  - InitKm2UmCommunication
-  - InitKmLPC
-  - IsVerifierCodeCheckFlagOn
-  - IsWindows8_1_update
-  - KmCallUm
-  - KmCallUmByLPC
-  - KmCallUmEx
-  - KmCleanupCommPortAPIs
-  - KmGetUmInitProcess
-  - KmSetBackupCommPortAPIs
-  - KmSetCommPortAPIs
-  - ModGetExportProcAddress
-  - ModLoadDLLToBuffer
-  - ModLoadDLLToBufferWithImageSize
-  - ModLoadModule
-  - ModUnLoadModule
-  - NormalizeFileName
-  - NormalizeFullNtPathToDosName
-  - TmCommConfigRoutine
-  - UtilAddDeviceInDriveTable
-  - UtilAddReparsePointMapping
-  - UtilCleanFileReadOnly
-  - UtilCloseExclusiveHandle
-  - UtilCreateDosFileName
-  - UtilDeleteFileForce
-  - UtilGetDeviceObjectName
-  - UtilGetFileNameFromFileObject
-  - UtilGetFileObjectForProcessByEPROC
-  - UtilGetFileObjectFromFileName
-  - UtilGetProcessName
-  - UtilGetSystemDirectory
-  - UtilGetSystemDirectoryEx
-  - UtilGetSystemDirectoryLength
-  - UtilGetSystemTime
-  - UtilIoSetFileInfo
-  - UtilIopCreateFileIRP
-  - UtilKeGetLowFileDevice
-  - UtilModuleIATHook
-  - UtilModuleIATUnHook
-  - UtilPostJobToWorkerThread
-  - UtilQueryExclusiveHandle
-  - UtilQueryKeyValue
-  - UtilRemoveDeviceFromDriveTable
-  - UtilVolumeDeviceToDosName
-  - UtilWaitValueChangeToZero
-  - UtilWriteVersionToRegistry
-  - UtilbuildDynamicDiskMappingTable
-  - UtlWriteBinValueKeyToRegistry
-  - ValidateAddressWithSize
-  - _ResetProtectFromClose
-  - _UtilDosPathNameToNtPathName
-  ImportedFunctions:
-  - RtlInitUnicodeString
-  - KeInitializeEvent
-  - KeClearEvent
-  - KeSetEvent
-  - KeEnterCriticalRegion
-  - KeLeaveCriticalRegion
-  - KeWaitForSingleObject
-  - ExFreePoolWithTag
-  - ExAcquireFastMutexUnsafe
-  - ExReleaseFastMutexUnsafe
-  - ProbeForRead
-  - ProbeForWrite
-  - ExAcquireResourceSharedLite
-  - ExAcquireResourceExclusiveLite
-  - ExReleaseResourceLite
-  - MmProbeAndLockPages
-  - MmUnlockPages
-  - MmMapLockedPagesSpecifyCache
-  - IoAllocateMdl
-  - IoFreeMdl
-  - IoGetCurrentProcess
-  - ObfReferenceObject
-  - ObfDereferenceObject
-  - ZwClose
-  - ZwCreateSection
-  - ZwOpenSection
-  - ZwMapViewOfSection
-  - ZwUnmapViewOfSection
-  - ZwOpenEvent
-  - KePulseEvent
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - ObOpenObjectByPointer
-  - ZwAllocateVirtualMemory
-  - ZwFreeVirtualMemory
-  - ZwSetEvent
-  - __C_specific_handler
-  - PsProcessType
-  - wcslen
-  - wcsncpy
-  - wcsrchr
-  - RtlUnicodeStringToInteger
-  - ZwWaitForSingleObject
-  - ZwRequestWaitReplyPort
-  - ZwConnectPort
-  - _stricmp
-  - ExAllocatePoolWithTag
-  - MmIsAddressValid
-  - RtlImageNtHeader
-  - ZwQuerySystemInformation
-  - SeCaptureSubjectContext
-  - SeReleaseSubjectContext
-  - SeAccessCheck
-  - ObGetObjectSecurity
-  - ObReleaseObjectSecurity
-  - PsGetProcessExitTime
-  - PsThreadType
-  - MmSectionObjectType
-  - RtlCreateSecurityDescriptor
-  - RtlSetDaclSecurityDescriptor
-  - KeInitializeSemaphore
-  - KeReleaseSemaphore
-  - ExAcquireFastMutex
-  - ExReleaseFastMutex
-  - RtlCreateAcl
-  - RtlAddAccessAllowedAce
-  - RtlLengthRequiredSid
-  - RtlInitializeSid
-  - RtlSubAuthoritySid
-  - KeDelayExecutionThread
-  - ExGetPreviousMode
-  - DbgPrint
-  - swprintf
-  - RtlCopyUnicodeString
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ObReferenceObjectByHandle
-  - PsGetCurrentProcessId
-  - ZwCreateEvent
-  - ExEventObjectType
-  - _wcsnicmp
-  - PsSetCreateProcessNotifyRoutine
-  - ZwQueryInformationProcess
-  - PsLookupProcessByProcessId
-  - ZwOpenDirectoryObject
-  - ExInitializeResourceLite
-  - ExDeleteResourceLite
-  - ZwCreateFile
-  - ZwQueryInformationFile
-  - ZwSetInformationFile
-  - ZwReadFile
-  - ZwWriteFile
-  - towupper
-  - MmGetSystemRoutineAddress
-  - ObReferenceObjectByPointer
-  - PsGetCurrentThreadId
-  - ObQueryNameString
-  - PsGetVersion
-  - _snprintf
-  - _vsnprintf
-  - RtlInitAnsiString
-  - wcscat
-  - RtlFreeUnicodeString
-  - RtlTimeToTimeFields
-  - KeWaitForMultipleObjects
-  - ExSystemTimeToLocalTime
-  - ZwCreateKey
-  - ZwDeviceIoControlFile
-  - ZwNotifyChangeKey
-  - ZwOpenFile
-  - ZwQueryVolumeInformationFile
-  - mbstowcs
-  - IoGetDeviceObjectPointer
-  - IoBuildDeviceIoControlRequest
-  - IofCallDriver
-  - IoCreateFile
-  - RtlEqualUnicodeString
-  - RtlAppendUnicodeStringToString
-  - RtlUpcaseUnicodeChar
-  - _snwprintf
-  - strlen
-  - _strnicmp
-  - strncpy
-  - NtOpenProcess
-  - NtQueryInformationProcess
-  - ObOpenObjectByName
-  - KeSetPriorityThread
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - KeNumberProcessors
-  - RtlLengthSecurityDescriptor
-  - ZwOpenKey
-  - ZwDeleteKey
-  - ZwDeleteValueKey
-  - ZwEnumerateKey
-  - ZwEnumerateValueKey
-  - ZwQueryKey
-  - ZwQueryValueKey
-  - ZwSetValueKey
-  - ZwTerminateProcess
-  - ZwOpenProcess
-  - ZwDuplicateObject
-  - ZwQuerySecurityObject
-  - ZwSetSecurityObject
-  - ZwQueryDirectoryObject
-  - ZwQueryDirectoryFile
-  - NtCreateFile
-  - NtQueryInformationFile
-  - NtSetInformationFile
-  - IoFileObjectType
-  - ObInsertObject
-  - wcschr
-  - wcsncmp
-  - RtlQueryRegistryValues
-  - RtlAppendUnicodeToString
-  - RtlCompareMemory
-  - MmBuildMdlForNonPagedPool
-  - IoAllocateIrp
-  - IoFreeIrp
-  - ZwOpenSymbolicLinkObject
-  - ZwQuerySymbolicLinkObject
-  - RtlUpcaseUnicodeString
-  - NtClose
-  - ZwSetInformationObject
-  - SeQueryAuthenticationIdToken
-  - MmSystemRangeStart
-  - IoGetFileObjectGenericMapping
-  - ObCreateObject
-  - SeCreateAccessState
-  - IoAcquireVpbSpinLock
-  - IoReleaseVpbSpinLock
-  - wcstombs
-  - strncat
-  - wcsncat
-  - RtlUnicodeStringToAnsiString
-  - RtlFreeAnsiString
-  - strcpy
-  - wcsstr
-  - RtlCompareUnicodeString
-  - DbgPrintEx
-  - KeAcquireSpinLockRaiseToDpc
-  - KeReleaseSpinLock
-  - ExAllocatePool
-  - ExpInterlockedPopEntrySList
-  - IoBuildSynchronousFsdRequest
-  - IoGetStackLimits
-  - IoGetDeviceInterfaces
-  - IoRegisterPlugPlayNotification
-  - IoUnregisterPlugPlayNotification
-  - IoGetConfigurationInformation
-  - FsRtlIsNameInExpression
-  - IoDeviceObjectType
-  - IoCreateDevice
-  - RtlGetOwnerSecurityDescriptor
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetSaclSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - RtlLengthSid
-  - SeExports
-  - IoIsWdmVersionAvailable
-  - RtlAbsoluteToSelfRelativeSD
-  - RtlAnsiStringToUnicodeString
-  - _purecall
-  - KeBugCheckEx
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=TW, ST=Taiwan, L=Taipei, O=Trend Micro, Inc., CN=Trend Micro, Inc.
-      ValidFrom: '2017-04-27 00:00:00'
-      ValidTo: '2018-07-16 23:59:59'
-      Signature: f3b20c020c826fd9e2629408ffc97c9e245959d1050c9ce7708069d366d26af191812e16fce674eaca0d8f05b2a796280831737299800d2bfe0071efecf655117b7952a4d7c0701b97de034a1d42e928fd1a2082b081f9d22e9d39af3233cf05c1e61ae1f8fbfec872e78d9a0b29b4f147f1a053d1757a824601df2bb07c75c591fe7efbaf0021764b90cd446f85f80d14bc2cd42c83edfa7d2510f8f94c82d1b3ea999b1cff9093291977c7e996dc32904d3934f167077684ff76aa5327654a0bd7223d9d67657b47c5b46012dca6723d89e7fa051b3380d0c4977b9df537e75da3186ab149b27c089715a01bd695f408f7ded66bfbe920d27a6f6a7d4cc8b3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 497c4fad471540e6e453d0cafb155740
-      Version: 3
-      TBS:
-        MD5: 78eaa337666217b1c16a9a0ebd0b8434
-        SHA1: ff9cb835e78f6185eed4372096c3bae53b17d18d
-        SHA256: 1c0d9746725e176b4a7c2852878f14d7587f58e65d346bc1247f1c8ee6374250
-        SHA384: ffe3c75b860679a5de399c7d2c2844dbfac51d5d8581e24648d208daba1e4bed5c867808e02dc8d7cb3df1d4b2b53d10
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 497c4fad471540e6e453d0cafb155740
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 9700ee6a34ba2b25ddc817d1a0743be8
-    SHA1: 80283ee3a81f182a56da60791555c7a5ac734e1c
-    SHA256: 7f352214a0d86b5a789492b8c5d18b8bb5fe7ec7145b883dbf27d6f1bc31a950
-  Sections:
-    .text:
-      Entropy: 5.8822700666798164
-      Virtual Size: '0x524a5'
-    .rdata:
-      Entropy: 3.449251383676487
-      Virtual Size: '0x613c'
-    .data:
-      Entropy: 4.67387466557381
-      Virtual Size: '0x3374'
-    .pdata:
-      Entropy: 5.5605287206429175
-      Virtual Size: '0x3aa4'
-    .gfids:
-      Entropy: 2.0
-      Virtual Size: '0x4'
-    PAGE:
-      Entropy: 6.3105687250220335
-      Virtual Size: '0x1ae4'
-    .edata:
-      Entropy: 5.838691747338806
-      Virtual Size: '0x5834'
-    INIT:
-      Entropy: 5.344290242092717
-      Virtual Size: '0x18a6'
-    .rsrc:
-      Entropy: 3.381417586542839
-      Virtual Size: '0x568'
-    .reloc:
-      Entropy: 5.319305863516213
-      Virtual Size: '0x4c8'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2017-10-02 04:43:25'
-  Imphash: 234f0978e7f2aa0beb9501ff53d94e5b
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: TmComm.sys
-  MD5: f33c3f08536f988aac84d72d83b139a6
-  SHA1: 07f60b2b0e56cb15aad3ca8a96d9fe3a91491329
-  SHA256: 89108a15f009b285db4ef94250b889d5b11b96b4aa7b190784a6d1396e893e10
-  Authentihash:
-    MD5: 9c5ecf2cf0ba2a3297f9677d514c2a39
-    SHA1: 01df70bdb08dda678118d4449b6171fe387b5d0c
-    SHA256: 35a7be9b0cde8c3d409a472a320541df070d7af6008e6458a05947f2591da9b5
-  Description: TrendMicro Common Module
-  Company: Trend Micro Inc.
-  InternalName: TmComm.sys
-  OriginalFilename: TmComm.sys
-  FileVersion: 5.50.0.1070
-  Product: Trend Micro Eyes
-  ProductVersion: '5.50'
-  Copyright: Copyright (C) 2002 - 2012 Trend Micro Incorporated. All rights reserved.
-  MachineType: I386
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  - CLASSPNP.SYS
-  ExportedFunctions:
-  - ??0CAutoUpdateConfigThread@@QAE@ABV0@@Z
-  - ??0CAutoUpdateConfigThread@@QAE@PAU_UNICODE_STRING@@P6GX0PAX@Z1@Z
-  - ??0CBlobConfig@@QAE@ABV0@@Z
-  - ??0CBlobConfig@@QAE@K@Z
-  - ??0CContext@@QAE@ABV0@@Z
-  - ??0CContext@@QAE@KP6GJPAU_EVENT_REPORT@@PAXPAU_TMCE_REPORT@@PAU_TMCE_FEEDBACK@@@Z1K@Z
-  - ??0CContextList@@QAE@ABV0@@Z
-  - ??0CContextList@@QAE@KPAVIMemoryAllocator@@@Z
-  - ??0CDebugLog@@QAE@ABV0@@Z
-  - ??0CDebugLog@@QAE@PBG@Z
-  - ??0CDelayLoadThread@@QAE@ABV0@@Z
-  - ??0CDelayLoadThread@@QAE@XZ
-  - ??0CExclusionExtConfig@@QAE@ABV0@@Z
-  - ??0CExclusionExtConfig@@QAE@KKE@Z
-  - ??0CExclusionFileNameConfig@@QAE@ABV0@@Z
-  - ??0CExclusionFileNameConfig@@QAE@KK@Z
-  - ??0CExclusionFilePathConfig@@QAE@ABV0@@Z
-  - ??0CExclusionFilePathConfig@@QAE@KK@Z
-  - ??0CExclusionFolderConfig@@QAE@ABV0@@Z
-  - ??0CExclusionFolderConfig@@QAE@KK@Z
-  - ??0CExclusionRegistryConfig@@QAE@ABV0@@Z
-  - ??0CExclusionRegistryConfig@@QAE@KK@Z
-  - ??0CFile@@QAE@ABV0@@Z
-  - ??0CFile@@QAE@E@Z
-  - ??0CFileExtension@@QAE@ABV0@@Z
-  - ??0CFileExtension@@QAE@KEEPAVIMemoryAllocator@@@Z
-  - ??0CInclusionExtConfig@@QAE@ABV0@@Z
-  - ??0CInclusionExtConfig@@QAE@KKE@Z
-  - ??0CInclusionFileNameConfig@@QAE@ABV0@@Z
-  - ??0CInclusionFileNameConfig@@QAE@KK@Z
-  - ??0CInclusionFilePathConfig@@QAE@ABV0@@Z
-  - ??0CInclusionFilePathConfig@@QAE@KK@Z
-  - ??0CInclusionFolderConfig@@QAE@ABV0@@Z
-  - ??0CInclusionFolderConfig@@QAE@KK@Z
-  - ??0CKEvent@@QAE@ABV0@@Z
-  - ??0CKEvent@@QAE@W4_EVENT_TYPE@@E@Z
-  - ??0CList@@QAE@ABV0@@Z
-  - ??0CList@@QAE@KPAVIMemoryAllocator@@@Z
-  - ??0CLockEvent@@QAE@ABV0@@Z
-  - ??0CLockEvent@@QAE@XZ
-  - ??0CLockList@@QAE@ABV0@@Z
-  - ??0CLockList@@QAE@KKPAVIMemoryAllocator@@@Z
-  - ??0CMemoryAllocator@@IAE@W4_POOL_TYPE@@K@Z
-  - ??0CMemoryAllocator@@QAE@ABV0@@Z
-  - ??0CMemoryPoolAllocator@@IAE@W4_POOL_TYPE@@KKK@Z
-  - ??0CMemoryPoolAllocator@@QAE@ABV0@@Z
-  - ??0CModuleConfig@@QAE@ABV0@@Z
-  - ??0CModuleConfig@@QAE@XZ
-  - ??0CModuleConfigList@@QAE@ABV0@@Z
-  - ??0CModuleConfigList@@QAE@KPAVIMemoryAllocator@@@Z
-  - ??0CModuleFileExtConfig@@QAE@ABV0@@Z
-  - ??0CModuleFileExtConfig@@QAE@KKE@Z
-  - ??0CModuleFlagConfig@@QAE@ABV0@@Z
-  - ??0CModuleFlagConfig@@QAE@K@Z
-  - ??0CModuleMultiStringConfig@@QAE@ABV0@@Z
-  - ??0CModuleMultiStringConfig@@QAE@KK@Z
-  - ??0CModuleStringConfig@@QAE@ABV0@@Z
-  - ??0CModuleStringConfig@@QAE@K@Z
-  - ??0CNoLockList@@QAE@ABV0@@Z
-  - ??0CNoLockList@@QAE@KKPAVIMemoryAllocator@@@Z
-  - ??0CSmartLock@@QAE@AAVCLockEvent@@@Z
-  - ??0CSmartLock@@QAE@XZ
-  - ??0CSmartReference@@QAE@AAJ@Z
-  - ??0CSmartReference@@QAE@AAK@Z
-  - ??0CSmartResource@@QAE@AAVCResource@@E@Z
-  - ??0CStrList@@QAE@ABV0@@Z
-  - ??0CStrList@@QAE@KPAVIMemoryAllocator@@@Z
-  - ??0CSystemThread@@QAE@ABV0@@Z
-  - ??0CSystemThread@@QAE@K@Z
-  - ??0CUserFuncAdapterJob@@QAE@ABV0@@Z
-  - ??0CUserFuncAdapterJob@@QAE@P6GXPAX@Z0@Z
-  - ??0CWorkerThread@@IAE@PAVCWorkerThreadJobQueue@@@Z
-  - ??0CWorkerThread@@QAE@ABV0@@Z
-  - ??0CWorkerThreadJob@@QAE@ABV0@@Z
-  - ??0CWorkerThreadJob@@QAE@E@Z
-  - ??0CWorkerThreadJobQueue@@QAE@ABV0@@Z
-  - ??0CWorkerThreadJobQueue@@QAE@K@Z
-  - ??0CWorkerThreadPool@@QAE@ABV0@@Z
-  - ??0CWorkerThreadPool@@QAE@K@Z
-  - ??0IMemoryAllocator@@QAE@ABV0@@Z
-  - ??0IMemoryAllocator@@QAE@XZ
-  - ??1CAutoUpdateConfigThread@@UAE@XZ
-  - ??1CBlobConfig@@UAE@XZ
-  - ??1CContext@@UAE@XZ
-  - ??1CContextList@@UAE@XZ
-  - ??1CDebugLog@@UAE@XZ
-  - ??1CDelayLoadThread@@UAE@XZ
-  - ??1CExclusionExtConfig@@UAE@XZ
-  - ??1CExclusionFileNameConfig@@UAE@XZ
-  - ??1CExclusionFilePathConfig@@UAE@XZ
-  - ??1CExclusionFolderConfig@@UAE@XZ
-  - ??1CExclusionRegistryConfig@@UAE@XZ
-  - ??1CFile@@UAE@XZ
-  - ??1CFileExtension@@UAE@XZ
-  - ??1CInclusionExtConfig@@UAE@XZ
-  - ??1CInclusionFileNameConfig@@UAE@XZ
-  - ??1CInclusionFilePathConfig@@UAE@XZ
-  - ??1CInclusionFolderConfig@@UAE@XZ
-  - ??1CKEvent@@UAE@XZ
-  - ??1CList@@UAE@XZ
-  - ??1CLockEvent@@UAE@XZ
-  - ??1CLockList@@UAE@XZ
-  - ??1CMemoryAllocator@@UAE@XZ
-  - ??1CMemoryPoolAllocator@@UAE@XZ
-  - ??1CModuleConfig@@UAE@XZ
-  - ??1CModuleConfigList@@UAE@XZ
-  - ??1CModuleFileExtConfig@@UAE@XZ
-  - ??1CModuleFlagConfig@@UAE@XZ
-  - ??1CModuleMultiStringConfig@@UAE@XZ
-  - ??1CModuleStringConfig@@UAE@XZ
-  - ??1CNoLockList@@UAE@XZ
-  - ??1CSmartLock@@QAE@XZ
-  - ??1CSmartReference@@QAE@XZ
-  - ??1CSmartResource@@QAE@XZ
-  - ??1CStrList@@UAE@XZ
-  - ??1CSystemThread@@UAE@XZ
-  - ??1CUserFuncAdapterJob@@UAE@XZ
-  - ??1CWorkerThread@@UAE@XZ
-  - ??1CWorkerThreadJob@@UAE@XZ
-  - ??1CWorkerThreadJobQueue@@UAE@XZ
-  - ??1CWorkerThreadPool@@UAE@XZ
-  - ??1IMemoryAllocator@@UAE@XZ
-  - ??2@YAPAXIPAVIMemoryAllocator@@PBDK@Z
-  - ??2CMemoryAllocator@@SGPAXI@Z
-  - ??2CMemoryPoolAllocator@@SGPAXI@Z
-  - ??3@YAXPAX@Z
-  - ??3IMemoryAllocator@@SGXPAX@Z
-  - ??4CAutoUpdateConfigThread@@QAEAAV0@ABV0@@Z
-  - ??4CBlobConfig@@QAEAAV0@ABV0@@Z
-  - ??4CContext@@QAEAAV0@ABV0@@Z
-  - ??4CDebugLog@@QAEAAV0@ABV0@@Z
-  - ??4CDelayLoadThread@@QAEAAV0@ABV0@@Z
-  - ??4CFile@@QAEAAV0@ABV0@@Z
-  - ??4CKEvent@@QAEAAV0@ABV0@@Z
-  - ??4CLockEvent@@QAEAAV0@ABV0@@Z
-  - ??4CMemoryAllocator@@QAEAAV0@ABV0@@Z
-  - ??4CMemoryPoolAllocator@@QAEAAV0@ABV0@@Z
-  - ??4CModuleConfig@@QAEAAV0@ABV0@@Z
-  - ??4CModuleFlagConfig@@QAEAAV0@ABV0@@Z
-  - ??4CModuleStringConfig@@QAEAAV0@ABV0@@Z
-  - ??4CSmartLock@@QAEAAV0@ABV0@@Z
-  - ??4CSmartLock@@QAEABV0@AAVCLockEvent@@@Z
-  - ??4CSmartResource@@QAEAAV0@ABV0@@Z
-  - ??4CSystemThread@@QAEAAV0@ABV0@@Z
-  - ??4CUserFuncAdapterJob@@QAEAAV0@ABV0@@Z
-  - ??4CWorkerThread@@QAEAAV0@ABV0@@Z
-  - ??4CWorkerThreadJob@@QAEAAV0@ABV0@@Z
-  - ??4IMemoryAllocator@@QAEAAV0@ABV0@@Z
-  - ??_7CAutoUpdateConfigThread@@6B@
-  - ??_7CBlobConfig@@6B@
-  - ??_7CContext@@6B@
-  - ??_7CContextList@@6B@
-  - ??_7CDebugLog@@6B@
-  - ??_7CDelayLoadThread@@6B@
-  - ??_7CExclusionExtConfig@@6B@
-  - ??_7CExclusionFileNameConfig@@6B@
-  - ??_7CExclusionFilePathConfig@@6B@
-  - ??_7CExclusionFolderConfig@@6B@
-  - ??_7CExclusionRegistryConfig@@6B@
-  - ??_7CFile@@6B@
-  - ??_7CFileExtension@@6B@
-  - ??_7CInclusionExtConfig@@6B@
-  - ??_7CInclusionFileNameConfig@@6B@
-  - ??_7CInclusionFilePathConfig@@6B@
-  - ??_7CInclusionFolderConfig@@6B@
-  - ??_7CKEvent@@6B@
-  - ??_7CList@@6B@
-  - ??_7CLockEvent@@6B@
-  - ??_7CLockList@@6B@
-  - ??_7CMemoryAllocator@@6B@
-  - ??_7CMemoryPoolAllocator@@6B@
-  - ??_7CModuleConfig@@6B@
-  - ??_7CModuleConfigList@@6B@
-  - ??_7CModuleFileExtConfig@@6B@
-  - ??_7CModuleFlagConfig@@6B@
-  - ??_7CModuleMultiStringConfig@@6B@
-  - ??_7CModuleStringConfig@@6B@
-  - ??_7CNoLockList@@6B@
-  - ??_7CStrList@@6B@
-  - ??_7CSystemThread@@6B@
-  - ??_7CUserFuncAdapterJob@@6B@
-  - ??_7CWorkerThread@@6B@
-  - ??_7CWorkerThreadJob@@6B@
-  - ??_7CWorkerThreadJobQueue@@6B@
-  - ??_7CWorkerThreadPool@@6B@
-  - ??_7IMemoryAllocator@@6B@
-  - ??_FCContextList@@QAEXXZ
-  - ??_FCFile@@QAEXXZ
-  - ??_FCFileExtension@@QAEXXZ
-  - ??_FCModuleConfigList@@QAEXXZ
-  - ??_FCStrList@@QAEXXZ
-  - ??_FCSystemThread@@QAEXXZ
-  - ??_FCWorkerThread@@QAEXXZ
-  - ??_FCWorkerThreadJob@@QAEXXZ
-  - ??_FCWorkerThreadJobQueue@@QAEXXZ
-  - ??_U@YAPAXIPAVIMemoryAllocator@@PBDK@Z
-  - ??_V@YAXPAX@Z
-  - ?Acquire@CLockEvent@@QAEXXZ
-  - ?Add@CContextList@@QAEEPAVCContext@@@Z
-  - ?Add@CFileExtension@@QAEEPBGK@Z
-  - ?Add@CModuleConfigList@@QAEEPAVCModuleConfig@@@Z
-  - ?Add@CStrList@@QAEEPBG@Z
-  - ?AddNode@CLockList@@UAEEQAXE@Z
-  - ?AddNode@CNoLockList@@UAEEQAXE@Z
-  - ?Alloc@CMemoryAllocator@@UAEPAXKPBDK@Z
-  - ?Alloc@CMemoryPoolAllocator@@UAEPAXKPBDK@Z
-  - ?AllocBlock@CMemoryPoolAllocator@@IAEPAXK@Z
-  - ?AttachJobQueue@CWorkerThread@@QAEXPAVCWorkerThreadJobQueue@@@Z
-  - ?Cancel@CWorkerThreadJob@@QAEXXZ
-  - ?CheckNode@CLockList@@UAEHQAX@Z
-  - ?CheckNode@CNoLockList@@UAEHQAX@Z
-  - ?CleanQueue@CWorkerThreadJobQueue@@QAEXXZ
-  - ?Cleanup@CBlobConfig@@AAEXXZ
-  - ?Cleanup@CModuleFileExtConfig@@IAEXXZ
-  - ?Cleanup@CModuleMultiStringConfig@@IAEXXZ
-  - ?Cleanup@CModuleStringConfig@@AAEXXZ
-  - ?Close@CFile@@QAEJXZ
-  - ?Count@CLockList@@QAEKXZ
-  - ?Count@CNoLockList@@QAEKXZ
-  - ?Create@CFile@@QAEJPBGKKKK@Z
-  - ?Create@CSystemThread@@QAEEXZ
-  - ?CreateInstance@CMemoryAllocator@@SGPAV1@W4_POOL_TYPE@@K@Z
-  - ?CreateInstance@CMemoryPoolAllocator@@SGPAV1@W4_POOL_TYPE@@KKK@Z
-  - ?CreatePool@CWorkerThreadPool@@QAEEXZ
-  - ?CreateThreads@CWorkerThreadPool@@QAEEK@Z
-  - ?CreateWIRP@CFile@@QAEJPBGKKKK@Z
-  - ?Delete@CFile@@QAEJXZ
-  - ?Delete@CFileExtension@@QAEEPBGK@Z
-  - ?Delete@CStrList@@QAEEPBG@Z
-  - ?DeleteAll@CList@@UAEXXZ
-  - ?DeleteAll@CLockList@@UAEXXZ
-  - ?DeleteAll@CNoLockList@@UAEXXZ
-  - ?DeleteNode@CContextList@@MAEXPAX@Z
-  - ?DeleteNode@CList@@UAEXPAX@Z
-  - ?DeleteNode@CModuleConfigList@@MAEXPAX@Z
-  - ?DeleteNode@CStrList@@EAEXPAU_STR_LIST_NODE@1@@Z
-  - ?DisableWriteProtectFromCR0@@YGXPAPAX@Z
-  - ?DoIt@CWorkerThreadJob@@QAEJXZ
-  - ?EntryPoint@CSystemThread@@KGXPAX@Z
-  - ?Find@CContextList@@QAEPAVCContext@@K@Z
-  - ?Find@CContextList@@QAEPAVCContext@@PAX@Z
-  - ?Find@CFileExtension@@QAEPAU_STR_LIST_NODE@CStrList@@PBGK@Z
-  - ?Find@CModuleConfigList@@QAEPAVCModuleConfig@@K@Z
-  - ?Find@CStrList@@QAEPAU_STR_LIST_NODE@1@PBG@Z
-  - ?FindNode@CContextList@@IAEPAXPAX@Z
-  - ?FindPartiallyAndAllMatch@CStrList@@QAEPAU_STR_LIST_NODE@1@PBG@Z
-  - ?First@CList@@UAEPAXXZ
-  - ?First@CLockList@@UAEPAXXZ
-  - ?First@CNoLockList@@UAEPAXXZ
-  - ?Free@CMemoryAllocator@@UAEXPAX@Z
-  - ?Free@CMemoryPoolAllocator@@UAEXPAX@Z
-  - ?GetAttributes@CFile@@QAEKXZ
-  - ?GetBasicInfomration@CFile@@IAEJXZ
-  - ?GetBlobCofig@CContext@@UAEJKPAXPAK@Z
-  - ?GetCategory@CContext@@QAEKXZ
-  - ?GetData@CBlobConfig@@QAEHPAXPAK@Z
-  - ?GetData@CModuleFileExtConfig@@QAEHPAGPAK@Z
-  - ?GetData@CModuleFileExtConfig@@QAEPAVCFileExtension@@XZ
-  - ?GetData@CModuleFlagConfig@@QAEKXZ
-  - ?GetData@CModuleMultiStringConfig@@QAEHPAGPAK@Z
-  - ?GetData@CModuleMultiStringConfig@@QAEPAVCStrList@@XZ
-  - ?GetData@CModuleStringConfig@@QAEPAGXZ
-  - ?GetData@CStrList@@QAEEPAGPAK@Z
-  - ?GetDataType@CModuleConfig@@QAEKXZ
-  - ?GetEngineContext@CContext@@QAEPAXXZ
-  - ?GetFileExtensionConfig@CContext@@QAEPAVCFileExtension@@K@Z
-  - ?GetFileExtensionConfig@CContext@@UAEJKPAGPAK@Z
-  - ?GetFileSize@CFile@@QAEJPAT_LARGE_INTEGER@@@Z
-  - ?GetFlagConfig@CContext@@UAEJKPAK@Z
-  - ?GetID@CModuleConfig@@QAEKXZ
-  - ?GetJob@CWorkerThreadJobQueue@@QAEPAVCWorkerThreadJob@@XZ
-  - ?GetLength@CModuleStringConfig@@QAEKXZ
-  - ?GetLinkContext@CContext@@QAEPAXXZ
-  - ?GetLogFlag@CDebugLog@@QAEKXZ
-  - ?GetModuleId@CModuleConfig@@QAEKXZ
-  - ?GetMultiStringConfig@CContext@@QAEPAVCStrList@@K@Z
-  - ?GetMultiStringConfig@CContext@@UAEJKPAGPAK@Z
-  - ?GetOneThreadTEB@CWorkerThreadPool@@QAEPAU_ETHREAD@@XZ
-  - ?GetReportCallBackRoutine@CContext@@QAEKXZ
-  - ?GetSize@CBlobConfig@@QAEKXZ
-  - ?GetStringConfig@CContext@@QAEPAGK@Z
-  - ?GetStringConfig@CContext@@UAEJKPAGPAK@Z
-  - ?GetThreadCount@CWorkerThreadPool@@QAEKXZ
-  - ?GetThreadID@CSystemThread@@QAEKXZ
-  - ?GetType@CContext@@QAEKXZ
-  - ?GetUserParameter@CContext@@QAEKXZ
-  - ?InitializeBlobConfig@CContext@@QAEHKPAXK@Z
-  - ?InitializeFileExtensionConfig@CContext@@QAEHKPBG@Z
-  - ?InitializeFlagConfig@CContext@@QAEHKK@Z
-  - ?InitializeMultiStringConfig@CContext@@QAEHKPBG@Z
-  - ?InitializeStringConfig@CContext@@QAEHKPBG@Z
-  - ?Insert@CList@@UAEXQAXE@Z
-  - ?Insert@CLockList@@UAEXQAXE@Z
-  - ?Insert@CNoLockList@@UAEXQAXE@Z
-  - ?InsertAfter@CList@@UAEXPAX0@Z
-  - ?InsertBefore@CList@@UAEXPAX0@Z
-  - ?Instance@CWorkerThreadPool@@SGPAV1@XZ
-  - ?IsEmpty@CList@@UAEEXZ
-  - ?IsEmpty@CLockList@@UAEEXZ
-  - ?IsEmpty@CNoLockList@@UAEEXZ
-  - ?IsExceedLimitation@CMemoryPoolAllocator@@IAEEK@Z
-  - ?IsFull@CLockList@@QBEEXZ
-  - ?IsFull@CNoLockList@@QBEEXZ
-  - ?IsInExclusionList@CExclusionExtConfig@@QAEEPBG@Z
-  - ?IsInExclusionList@CExclusionFileNameConfig@@QAEEPBG@Z
-  - ?IsInExclusionList@CExclusionFilePathConfig@@QAEEPBG@Z
-  - ?IsInExclusionList@CExclusionFolderConfig@@QAEEPBG@Z
-  - ?IsInExclusionList@CExclusionRegistryConfig@@QAEEPBG@Z
-  - ?IsInInclusionList@CInclusionExtConfig@@QAEEPBG@Z
-  - ?IsInInclusionList@CInclusionFileNameConfig@@QAEEPBG@Z
-  - ?IsInInclusionList@CInclusionFilePathConfig@@QAEEPBG@Z
-  - ?IsInInclusionList@CInclusionFolderConfig@@QAEEPBG@Z
-  - ?IsOpened@CFile@@QAEEXZ
-  - ?IsTerminated@CWorkerThreadPool@@QAEEXZ
-  - ?IsValid@CMemoryAllocator@@UAEEXZ
-  - ?IsValid@CMemoryPoolAllocator@@UAEEXZ
-  - ?IsValid@IMemoryAllocator@@UAEEXZ
-  - ?IsWorkerThread@CWorkerThreadPool@@QAEEK@Z
-  - ?JobFunction@CUserFuncAdapterJob@@MAEXXZ
-  - ?JobQueue@CWorkerThreadPool@@QAEAAVCWorkerThreadJobQueue@@XZ
-  - ?Limit@CLockList@@QAEKXZ
-  - ?Limit@CNoLockList@@QAEKXZ
-  - ?MatchAllExtensions@CFileExtension@@QAEEXZ
-  - ?MatchNoExtensions@CFileExtension@@QAEEXZ
-  - ?MergeLeft@CMemoryPoolAllocator@@IAEPAXPAX@Z
-  - ?MergeRight@CMemoryPoolAllocator@@IAEPAXPAX@Z
-  - ?NeedDelete@CWorkerThreadJob@@QAEEXZ
-  - ?NeedDeleteWhenFinish@CWorkerThreadJob@@QAEXE@Z
-  - ?NewNode@CList@@UAEPAXXZ
-  - ?NewNode@CStrList@@EAEPAXXZ
-  - ?NewNodeVariant@CList@@IAEPAXK@Z
-  - ?Next@CList@@UBEPAXQAX@Z
-  - ?Next@CLockList@@UBEPAXQAX@Z
-  - ?Next@CNoLockList@@UBEPAXQAX@Z
-  - ?NextPool@CMemoryPoolAllocator@@QAEPAV1@XZ
-  - ?NotityTerminate@CWorkerThread@@QAEXXZ
-  - ?PostJobToWorkerThread@CWorkerThreadPool@@QAEJP6GXPAX@Z0E@Z
-  - ?Pulse@CKEvent@@QAEJJE@Z
-  - ?QueueJob@CWorkerThreadJobQueue@@QAEEPAVCWorkerThreadJob@@@Z
-  - ?QueueJobItem@CWorkerThreadPool@@QAEJPAVCWorkerThreadJob@@@Z
-  - ?RCMInstance@CWorkerThreadPool@@SGPAV1@XZ
-  - ?Read@CFile@@QAEJPADKPAK@Z
-  - ?ReferenceCount@CContext@@QAEAAKXZ
-  - ?Release@CLockEvent@@QAEXXZ
-  - ?Remove@CContextList@@UAEEQAX@Z
-  - ?Remove@CList@@UAEEQAX@Z
-  - ?Remove@CLockList@@UAEEQAX@Z
-  - ?Remove@CNoLockList@@UAEEQAX@Z
-  - ?RemoveHead@CList@@UAEPAXXZ
-  - ?RemoveHead@CLockList@@UAEPAXXZ
-  - ?RemoveHead@CNoLockList@@UAEPAXXZ
-  - ?RemoveTail@CList@@UAEPAXXZ
-  - ?RemoveTail@CLockList@@UAEPAXXZ
-  - ?RemoveTail@CNoLockList@@UAEPAXXZ
-  - ?Reset@CKEvent@@QAEXXZ
-  - ?ResetData@CInclusionExtConfig@@QAEXXZ
-  - ?ResetData@CInclusionFileNameConfig@@QAEXXZ
-  - ?ResetData@CInclusionFilePathConfig@@QAEXXZ
-  - ?ResetData@CInclusionFolderConfig@@QAEXXZ
-  - ?RestoreCR0@@YGXPAX@Z
-  - ?Run@CAutoUpdateConfigThread@@UAEXXZ
-  - ?Run@CDelayLoadThread@@UAEXXZ
-  - ?Run@CWorkerThread@@UAEXXZ
-  - ?SeekToEnd@CFile@@QAEJXZ
-  - ?Set@CKEvent@@QAEJJE@Z
-  - ?SetAttributes@CFile@@QAEJK@Z
-  - ?SetBlobCofig@CContext@@UAEJKPAXK@Z
-  - ?SetData@CBlobConfig@@QAEHPAXK@Z
-  - ?SetData@CModuleFileExtConfig@@QAEHPBG@Z
-  - ?SetData@CModuleFlagConfig@@QAEHK@Z
-  - ?SetData@CModuleMultiStringConfig@@QAEHPBGK@Z
-  - ?SetData@CModuleStringConfig@@QAEHPBG@Z
-  - ?SetEngineContext@CContext@@QAEXPAX@Z
-  - ?SetFileExtensionConfig@CContext@@UAEJKPBG@Z
-  - ?SetFlagConfig@CContext@@UAEJKK@Z
-  - ?SetLinkContext@CContext@@QAEXPAX@Z
-  - ?SetLogFlag@CDebugLog@@QAEEK@Z
-  - ?SetMatchAllExtensions@CFileExtension@@QAEXE@Z
-  - ?SetMatchNoExtensions@CFileExtension@@QAEXE@Z
-  - ?SetMultiStringConfig@CContext@@UAEJKPBG@Z
-  - ?SetNewJobItemEvent@CWorkerThreadJobQueue@@QAEXXZ
-  - ?SetPriority@CSystemThread@@QAEXK@Z
-  - ?SetStopUse@CContext@@QAEXXZ
-  - ?SetStringConfig@CContext@@UAEJKPBG@Z
-  - ?Setup@CSystemThread@@MAEXXZ
-  - ?StopUse@CContext@@QAEHXZ
-  - ?TearDown@CSystemThread@@MAEXXZ
-  - ?Terminate@CSystemThread@@QAEXE@Z
-  - ?Terminate@CWorkerThreadPool@@QAEEXZ
-  - ?TmExceptionFilter@@YGJPAU_EXCEPTION_POINTERS@@@Z
-  - ?Wait@CKEvent@@QAEJPAT_LARGE_INTEGER@@E@Z
-  - ?WaitFinish@CWorkerThreadJob@@QAEXXZ
-  - ?WaitForInit@CDelayLoadThread@@QAEEXZ
-  - ?WaitForLoad@CDelayLoadThread@@QAEEXZ
-  - ?WaitNewJobAvailable@CWorkerThreadJobQueue@@QAEEXZ
-  - ?Write@CDebugLog@@QAAXPBDZZ
-  - ?Write@CFile@@QAEJPADKPAT_LARGE_INTEGER@@PAK@Z
-  - ?WriteSystemInformation@CDebugLog@@QAEXXZ
-  - ?WriteSystemStringInformation@CDebugLog@@IAEXPBG@Z
-  - ?WriteToFile@CDebugLog@@IAEXPADK@Z
-  - ?_pNonPagedAllocator@@3PAVCMemoryAllocator@@A
-  - ?_pPagedAllocator@@3PAVCMemoryAllocator@@A
-  - ?m_lpInstance@CWorkerThreadPool@@1PAV1@A
-  - ?m_lpRCMInstance@CWorkerThreadPool@@1PAV1@A
-  - _DeInitKmLPC@0
-  - _GetModuleInfoByAddress@8
-  - _GetModuleInfoByModuleName@8
-  - _InitKmLPC@0
-  - _KmCallUm@8
-  - _KmCallUmEx@12
-  - _ModGetExportProcAddress@8
-  - _ModLoadDLLToBuffer@4
-  - _ModLoadDLLToBufferWithImageSize@8
-  - _ModLoadModule@8
-  - _ModUnLoadModule@4
-  - _NormalizeFileName@4
-  - _NormalizeFullNtPathToDosName@4
-  - _TmCommConfigRoutine@4
-  - _UtilAddDeviceInDriveTable@4
-  - _UtilCleanFileReadOnly@4
-  - _UtilDeleteFileForce@4
-  - _UtilGetFileObjectForProcessByEPROC@8
-  - _UtilGetFileObjectFromFileName@12
-  - _UtilGetProcessName@12
-  - _UtilGetSystemDirectory@4
-  - _UtilGetSystemDirectoryEx@0
-  - _UtilGetSystemDirectoryLength@0
-  - _UtilGetSystemTime@4
-  - _UtilIoSetFileInfo@24
-  - _UtilIopCreateFileIRP@40
-  - _UtilKeGetLowFileDevice@16
-  - _UtilModuleIATHook@24
-  - _UtilModuleIATUnHook@8
-  - _UtilQueryKeyValue@24
-  - _UtilRemoveDeviceFromDriveTable@4
-  - _UtilVolumeDeviceToDosName@8
-  - _UtilWaitValueChangeToZero@8
-  - _UtilWriteVersionToRegistry@8
-  - _UtilbuildDynamicDiskMappingTable@0
-  - _UtlWriteBinValueKeyToRegistry@16
-  - __UtilDosPathNameToNtPathName@12
-  ImportedFunctions:
-  - wcsrchr
-  - KeSetEvent
-  - KePulseEvent
-  - KeClearEvent
-  - KeInitializeSemaphore
-  - KeWaitForSingleObject
-  - KeReleaseSemaphore
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - RtlSubAuthoritySid
-  - RtlInitializeSid
-  - ExAllocatePoolWithTag
-  - RtlLengthRequiredSid
-  - ExFreePoolWithTag
-  - RtlSetDaclSecurityDescriptor
-  - RtlCreateSecurityDescriptor
-  - RtlAddAccessAllowedAce
-  - RtlCreateAcl
-  - ObfDereferenceObject
-  - ZwSetEvent
-  - ZwClose
-  - ZwRequestWaitReplyPort
-  - ProbeForWrite
-  - ZwFreeVirtualMemory
-  - ZwAllocateVirtualMemory
-  - ObOpenObjectByPointer
-  - PsProcessType
-  - memmove
-  - ZwConnectPort
-  - RtlInitUnicodeString
-  - RtlUnicodeStringToInteger
-  - ZwCreateSection
-  - ZwWaitForSingleObject
-  - ZwOpenEvent
-  - ObfReferenceObject
-  - IoGetCurrentProcess
-  - DbgBreakPoint
-  - PsGetProcessExitTime
-  - MmSectionObjectType
-  - PsThreadType
-  - DbgPrint
-  - memset
-  - MmIsAddressValid
-  - ExInitializeResourceLite
-  - ExDeleteResourceLite
-  - ZwWriteFile
-  - ZwReadFile
-  - ZwQueryInformationFile
-  - ZwSetInformationFile
-  - ZwCreateFile
-  - swprintf
-  - towupper
-  - _wcsnicmp
-  - KeInitializeEvent
-  - _snprintf
-  - PsGetCurrentProcessId
-  - RtlTimeToTimeFields
-  - ExSystemTimeToLocalTime
-  - KeQuerySystemTime
-  - ZwCreateKey
-  - ZwCreateEvent
-  - KeWaitForMultipleObjects
-  - ObReferenceObjectByHandle
-  - ZwNotifyChangeKey
-  - PsGetCurrentThreadId
-  - _vsnprintf
-  - KeSetPriorityThread
-  - PsTerminateSystemThread
-  - PsCreateSystemThread
-  - KeNumberProcessors
-  - ZwQueryInformationProcess
-  - PsLookupProcessByProcessId
-  - KeDelayExecutionThread
-  - ZwOpenDirectoryObject
-  - PsSetCreateProcessNotifyRoutine
-  - ZwQuerySystemInformation
-  - ZwQueryDirectoryFile
-  - ZwQueryDirectoryObject
-  - ZwDuplicateObject
-  - ZwOpenKey
-  - ZwEnumerateKey
-  - ZwEnumerateValueKey
-  - ZwQueryValueKey
-  - ZwDeleteValueKey
-  - ZwDeleteKey
-  - ExGetPreviousMode
-  - ZwTerminateProcess
-  - ZwOpenProcess
-  - ZwQueryKey
-  - ZwSetValueKey
-  - MmHighestUserAddress
-  - memcpy
-  - IoFreeMdl
-  - MmUnlockPages
-  - IoBuildAsynchronousFsdRequest
-  - _strnicmp
-  - RtlQueryRegistryValues
-  - RtlAppendUnicodeToString
-  - _purecall
-  - ZwQuerySymbolicLinkObject
-  - ZwOpenSymbolicLinkObject
-  - NtClose
-  - ZwSetInformationObject
-  - _stricmp
-  - ZwUnmapViewOfSection
-  - ZwMapViewOfSection
-  - ZwOpenFile
-  - RtlEqualUnicodeString
-  - IoFileObjectType
-  - IoCreateFile
-  - IofCallDriver
-  - IoAllocateIrp
-  - MmBuildMdlForNonPagedPool
-  - IoAllocateMdl
-  - ProbeForRead
-  - PsGetVersion
-  - MmGetSystemRoutineAddress
-  - RtlCopyUnicodeString
-  - RtlCompareMemory
-  - _snwprintf
-  - RtlImageNtHeader
-  - RtlFreeUnicodeString
-  - RtlAnsiStringToUnicodeString
-  - RtlInitAnsiString
-  - strrchr
-  - ZwQueryVolumeInformationFile
-  - ObReferenceObjectByPointer
-  - ObQueryNameString
-  - IoBuildDeviceIoControlRequest
-  - IofCompleteRequest
-  - ExEventObjectType
-  - _allmul
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - IoCreateSymbolicLink
-  - IoGetDeviceObjectPointer
-  - RtlUpperChar
-  - RtlCompareUnicodeString
-  - strncpy
-  - KeServiceDescriptorTable
-  - NtOpenProcess
-  - ObOpenObjectByName
-  - IoDriverObjectType
-  - RtlAppendUnicodeStringToString
-  - strncmp
-  - NtQueryInformationProcess
-  - PsIsThreadTerminating
-  - KeAddSystemServiceTable
-  - ZwQueryObject
-  - ZwQuerySecurityObject
-  - ObInsertObject
-  - _allrem
-  - IoReleaseVpbSpinLock
-  - IoAcquireVpbSpinLock
-  - SeCreateAccessState
-  - IoGetFileObjectGenericMapping
-  - RtlUpcaseUnicodeString
-  - ObCreateObject
-  - _allshr
-  - ExInterlockedPopEntrySList
-  - IoGetStackLimits
-  - IoBuildSynchronousFsdRequest
-  - MmSystemRangeStart
-  - IoUnregisterPlugPlayNotification
-  - FsRtlIsNameInExpression
-  - wcsstr
-  - IoGetConfigurationInformation
-  - MmProbeAndLockPages
-  - IoGetDeviceInterfaces
-  - IoRegisterPlugPlayNotification
-  - ExAllocatePool
-  - RtlFreeAnsiString
-  - RtlUnicodeStringToAnsiString
-  - strncat
-  - wcschr
-  - wcsncat
-  - wcstombs
-  - KeTickCount
-  - KeBugCheckEx
-  - RtlUnwind
-  - wcsncpy
-  - ExReleaseResourceLite
-  - ExAcquireResourceExclusiveLite
-  - ExAcquireResourceSharedLite
-  - ExReleaseFastMutexUnsafe
-  - KeLeaveCriticalRegion
-  - KeEnterCriticalRegion
-  - IoFreeIrp
-  - ExAcquireFastMutexUnsafe
-  - ZwSetSecurityObject
-  - IoDeviceObjectType
-  - IoCreateDevice
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetSaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - RtlLengthSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - SeExports
-  - IoIsWdmVersionAvailable
-  - RtlLengthSid
-  - RtlAbsoluteToSelfRelativeSD
-  - mbstowcs
-  - KeGetCurrentThread
-  - KfAcquireSpinLock
-  - KfReleaseSpinLock
-  - KeRaiseIrqlToDpcLevel
-  - KfLowerIrql
-  - KeGetCurrentIrql
-  - ExAcquireFastMutex
-  - ExReleaseFastMutex
-  - KfRaiseIrql
-  - ClassInitialize
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G3
-      ValidFrom: '2012-05-01 00:00:00'
-      ValidTo: '2012-12-31 23:59:59'
-      Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
-      Version: 3
-      TBS:
-        MD5: e6d820afb23af20a65cf0b03247ea05e
-        SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
-        SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
-        SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-09-30 00:00:00'
-      ValidTo: '2014-01-01 23:59:59'
-      Signature: aedd211d5f8f807ad25209eadb6ed25d8be8c21b6904be51a5010e59fa37d174a3eedced89742b62d5a6bf4fad361754f013e0a345d24c26cbe26da21fd01e7a070fb6b37b6f5068a2e931b3b7997d8070a0a7de0b1ea4fff34d811bdd20c91cc4afcff18ffad9da95f0ecdc5cbfe88c5a3e7ab0a3eb59437411e09b1a6af36f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4d6290e58c54f0f1eb17341a1310e6a4
-      Version: 3
-      TBS:
-        MD5: b7d8444a70054990435f35a5630df5e1
-        SHA1: 4678c6e4a8787a8e6ed2bce8792b122f6c08afd8
-        SHA256: 0a8b4b359ea7890b358e56e436e9cfc6f32b037b2599b597ca7f7a80d475ec98
-        SHA384: ab21ee23bcdcf6f6066fb964d61467419ca8c0f3ad0b3fa2be4db6ed6af1cdff066b27d1988551c75836f22eddffef1f
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=TW, ST=Taiwan, L=Taipei, O=Trend Micro, Inc., OU=Digital ID Class
-        3 , Microsoft Software Validation v2, OU=RD, CN=Trend Micro, Inc.
-      ValidFrom: '2011-12-27 00:00:00'
-      ValidTo: '2013-02-15 23:59:59'
-      Signature: 840ba0fc35187fe2edc7b17c101fd2bf035bbad8f3de048e250741e96a3f4ecee86f1f065ea76f2f8f430a13a75ff3eab29a8b11a13006d27bf3173fa49aabf9cef98fc4554f1732317c4b821c740eb58a91977d85e86574dd712718b15d24f7eb88b6d4520aef788478e1ef8cebd7fff06fadbc87ca6ca2b77da85be3c30b4d590bcb8945a0acfa013f89073933494d9c465c0036280a5af39f6802e60bd175a2603366dd935cb3458b1791411a06b6e5f38e3171de4238051c79b33117cb94674d0625c402bdfb0f99b80625dc0f827911c6c11263884a4e41d1abf60070ad46b7296e19e1cfcda7304a650d7a814319cc11e5a947e82b2d00a169e798b871
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 6326c00ead256b6837eeb29b5ee84720
-      Version: 3
-      TBS:
-        MD5: 11b208a45459069f827186fe81c6badd
-        SHA1: 456356986e8ecbb7b05e4617d37cb8cd69ce4969
-        SHA256: 4a0336d7ffa5db42ece4b342e1244f5c2bd0681827f68f847d99195c83740145
-        SHA384: 8a5edd0f475b19f4667fde62ee69bbe81a130ddad07ff7cbeb16d4bd9bddd3aa1e59f2469cc15c01e8889e01b048778d
-    Signer:
-    - SerialNumber: 6326c00ead256b6837eeb29b5ee84720
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 03cc0cf6cc93ab1faa8dd44481e28703
-    SHA1: 7c749d49c0677c330200d6fcd0e2da5232be0970
-    SHA256: 8ff0549239941077a9cfd73a1d1e0ca0a20d4df41e2b9d249e6115f9bc1857b4
-  Sections:
-    .text:
-      Entropy: 6.640278777992944
-      Virtual Size: '0x2e632'
-    .rdata:
-      Entropy: 4.944965611858398
-      Virtual Size: '0x21cc'
-    .data:
-      Entropy: 4.752398010085138
-      Virtual Size: '0x284c'
-    PAGE:
-      Entropy: 6.209235765554683
-      Virtual Size: '0x13dd'
-    .edata:
-      Entropy: 5.856149581174012
-      Virtual Size: '0x4c13'
-    INIT:
-      Entropy: 5.699401851367913
-      Virtual Size: '0x159a'
-    .rsrc:
-      Entropy: 3.4097409019231013
-      Virtual Size: '0x780'
-    .reloc:
-      Entropy: 6.547529823822407
-      Virtual Size: '0x2c08'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2012-11-13 04:31:52'
-  Imphash: 8add42784f4693f421d85a2bcbadc620
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: TmComm.sys
-  MD5: 46edb648c1b5c3abd76bd5e912dac026
-  SHA1: 3f43412c563889a5f5350f415f7040a71cc25221
-  SHA256: 97b32ddf83f75637e3ba934df117081dd6a1c57d47a4c9700d35e736da11d5bd
-  Authentihash:
-    MD5: 24d18871ef8362a3fc2296f859f34793
-    SHA1: fcd9d88abae49a60c462fdfb0cca8f1d105eb3b1
-    SHA256: 92bb92314ad69e9d118df55924ddab76b983029f1eae7739bbb098c6bea86ca1
-  Description: TrendMicro Common Module
-  Company: Trend Micro Inc.
-  InternalName: TmComm.sys
-  OriginalFilename: TmComm.sys
-  FileVersion: 5.50.0.1070
-  Product: Trend Micro Eyes
-  ProductVersion: '5.50'
-  Copyright: Copyright (C) 2002 - 2012 Trend Micro Incorporated. All rights reserved.
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions:
-  - ??0CAutoUpdateConfigThread@@QEAA@AEBV0@@Z
-  - ??0CAutoUpdateConfigThread@@QEAA@PEAU_UNICODE_STRING@@P6AX0PEAX@Z1@Z
-  - ??0CBlobConfig@@QEAA@AEBV0@@Z
-  - ??0CBlobConfig@@QEAA@K@Z
-  - ??0CContext@@QEAA@AEBV0@@Z
-  - ??0CContext@@QEAA@KP6AJPEAU_EVENT_REPORT@@PEAXPEAU_TMCE_REPORT@@PEAU_TMCE_FEEDBACK@@@Z1K@Z
-  - ??0CContextList@@QEAA@AEBV0@@Z
-  - ??0CContextList@@QEAA@KPEAVIMemoryAllocator@@@Z
-  - ??0CDebugLog@@QEAA@AEBV0@@Z
-  - ??0CDebugLog@@QEAA@PEBG@Z
-  - ??0CDelayLoadThread@@QEAA@AEBV0@@Z
-  - ??0CDelayLoadThread@@QEAA@XZ
-  - ??0CExclusionExtConfig@@QEAA@AEBV0@@Z
-  - ??0CExclusionExtConfig@@QEAA@KKE@Z
-  - ??0CExclusionFileNameConfig@@QEAA@AEBV0@@Z
-  - ??0CExclusionFileNameConfig@@QEAA@KK@Z
-  - ??0CExclusionFilePathConfig@@QEAA@AEBV0@@Z
-  - ??0CExclusionFilePathConfig@@QEAA@KK@Z
-  - ??0CExclusionFolderConfig@@QEAA@AEBV0@@Z
-  - ??0CExclusionFolderConfig@@QEAA@KK@Z
-  - ??0CExclusionRegistryConfig@@QEAA@AEBV0@@Z
-  - ??0CExclusionRegistryConfig@@QEAA@KK@Z
-  - ??0CFile@@QEAA@AEBV0@@Z
-  - ??0CFile@@QEAA@E@Z
-  - ??0CFileExtension@@QEAA@AEBV0@@Z
-  - ??0CFileExtension@@QEAA@KEEPEAVIMemoryAllocator@@@Z
-  - ??0CInclusionExtConfig@@QEAA@AEBV0@@Z
-  - ??0CInclusionExtConfig@@QEAA@KKE@Z
-  - ??0CInclusionFileNameConfig@@QEAA@AEBV0@@Z
-  - ??0CInclusionFileNameConfig@@QEAA@KK@Z
-  - ??0CInclusionFilePathConfig@@QEAA@AEBV0@@Z
-  - ??0CInclusionFilePathConfig@@QEAA@KK@Z
-  - ??0CInclusionFolderConfig@@QEAA@AEBV0@@Z
-  - ??0CInclusionFolderConfig@@QEAA@KK@Z
-  - ??0CKEvent@@QEAA@AEBV0@@Z
-  - ??0CKEvent@@QEAA@W4_EVENT_TYPE@@E@Z
-  - ??0CList@@QEAA@AEBV0@@Z
-  - ??0CList@@QEAA@KPEAVIMemoryAllocator@@@Z
-  - ??0CLockEvent@@QEAA@AEBV0@@Z
-  - ??0CLockEvent@@QEAA@XZ
-  - ??0CLockList@@QEAA@AEBV0@@Z
-  - ??0CLockList@@QEAA@KKPEAVIMemoryAllocator@@@Z
-  - ??0CMemoryAllocator@@IEAA@W4_POOL_TYPE@@K@Z
-  - ??0CMemoryAllocator@@QEAA@AEBV0@@Z
-  - ??0CMemoryPoolAllocator@@IEAA@W4_POOL_TYPE@@_K1K@Z
-  - ??0CMemoryPoolAllocator@@QEAA@AEBV0@@Z
-  - ??0CModuleConfig@@QEAA@AEBV0@@Z
-  - ??0CModuleConfig@@QEAA@XZ
-  - ??0CModuleConfigList@@QEAA@AEBV0@@Z
-  - ??0CModuleConfigList@@QEAA@KPEAVIMemoryAllocator@@@Z
-  - ??0CModuleFileExtConfig@@QEAA@AEBV0@@Z
-  - ??0CModuleFileExtConfig@@QEAA@KKE@Z
-  - ??0CModuleFlagConfig@@QEAA@AEBV0@@Z
-  - ??0CModuleFlagConfig@@QEAA@K@Z
-  - ??0CModuleMultiStringConfig@@QEAA@AEBV0@@Z
-  - ??0CModuleMultiStringConfig@@QEAA@KK@Z
-  - ??0CModuleStringConfig@@QEAA@AEBV0@@Z
-  - ??0CModuleStringConfig@@QEAA@K@Z
-  - ??0CNoLockList@@QEAA@AEBV0@@Z
-  - ??0CNoLockList@@QEAA@KKPEAVIMemoryAllocator@@@Z
-  - ??0CSmartLock@@QEAA@AEAVCLockEvent@@@Z
-  - ??0CSmartLock@@QEAA@XZ
-  - ??0CSmartReference@@QEAA@AEAJ@Z
-  - ??0CSmartReference@@QEAA@AEAK@Z
-  - ??0CSmartResource@@QEAA@AEAVCResource@@E@Z
-  - ??0CStrList@@QEAA@AEBV0@@Z
-  - ??0CStrList@@QEAA@KPEAVIMemoryAllocator@@@Z
-  - ??0CSystemThread@@QEAA@AEBV0@@Z
-  - ??0CSystemThread@@QEAA@K@Z
-  - ??0CUserFuncAdapterJob@@QEAA@AEBV0@@Z
-  - ??0CUserFuncAdapterJob@@QEAA@P6AXPEAX@Z0@Z
-  - ??0CWorkerThread@@IEAA@PEAVCWorkerThreadJobQueue@@@Z
-  - ??0CWorkerThread@@QEAA@AEBV0@@Z
-  - ??0CWorkerThreadJob@@QEAA@AEBV0@@Z
-  - ??0CWorkerThreadJob@@QEAA@E@Z
-  - ??0CWorkerThreadJobQueue@@QEAA@AEBV0@@Z
-  - ??0CWorkerThreadJobQueue@@QEAA@K@Z
-  - ??0CWorkerThreadPool@@QEAA@AEBV0@@Z
-  - ??0CWorkerThreadPool@@QEAA@K@Z
-  - ??0IMemoryAllocator@@QEAA@AEBV0@@Z
-  - ??0IMemoryAllocator@@QEAA@XZ
-  - ??1CAutoUpdateConfigThread@@UEAA@XZ
-  - ??1CBlobConfig@@UEAA@XZ
-  - ??1CContext@@UEAA@XZ
-  - ??1CContextList@@UEAA@XZ
-  - ??1CDebugLog@@UEAA@XZ
-  - ??1CDelayLoadThread@@UEAA@XZ
-  - ??1CExclusionExtConfig@@UEAA@XZ
-  - ??1CExclusionFileNameConfig@@UEAA@XZ
-  - ??1CExclusionFilePathConfig@@UEAA@XZ
-  - ??1CExclusionFolderConfig@@UEAA@XZ
-  - ??1CExclusionRegistryConfig@@UEAA@XZ
-  - ??1CFile@@UEAA@XZ
-  - ??1CFileExtension@@UEAA@XZ
-  - ??1CInclusionExtConfig@@UEAA@XZ
-  - ??1CInclusionFileNameConfig@@UEAA@XZ
-  - ??1CInclusionFilePathConfig@@UEAA@XZ
-  - ??1CInclusionFolderConfig@@UEAA@XZ
-  - ??1CKEvent@@UEAA@XZ
-  - ??1CList@@UEAA@XZ
-  - ??1CLockEvent@@UEAA@XZ
-  - ??1CLockList@@UEAA@XZ
-  - ??1CMemoryAllocator@@UEAA@XZ
-  - ??1CMemoryPoolAllocator@@UEAA@XZ
-  - ??1CModuleConfig@@UEAA@XZ
-  - ??1CModuleConfigList@@UEAA@XZ
-  - ??1CModuleFileExtConfig@@UEAA@XZ
-  - ??1CModuleFlagConfig@@UEAA@XZ
-  - ??1CModuleMultiStringConfig@@UEAA@XZ
-  - ??1CModuleStringConfig@@UEAA@XZ
-  - ??1CNoLockList@@UEAA@XZ
-  - ??1CSmartLock@@QEAA@XZ
-  - ??1CSmartReference@@QEAA@XZ
-  - ??1CSmartResource@@QEAA@XZ
-  - ??1CStrList@@UEAA@XZ
-  - ??1CSystemThread@@UEAA@XZ
-  - ??1CUserFuncAdapterJob@@UEAA@XZ
-  - ??1CWorkerThread@@UEAA@XZ
-  - ??1CWorkerThreadJob@@UEAA@XZ
-  - ??1CWorkerThreadJobQueue@@UEAA@XZ
-  - ??1CWorkerThreadPool@@UEAA@XZ
-  - ??1IMemoryAllocator@@UEAA@XZ
-  - ??2@YAPEAX_KPEAVIMemoryAllocator@@PEBDK@Z
-  - ??2CMemoryAllocator@@SAPEAX_K@Z
-  - ??2CMemoryPoolAllocator@@SAPEAX_K@Z
-  - ??3@YAXPEAX@Z
-  - ??3IMemoryAllocator@@SAXPEAX@Z
-  - ??4CAutoUpdateConfigThread@@QEAAAEAV0@AEBV0@@Z
-  - ??4CBlobConfig@@QEAAAEAV0@AEBV0@@Z
-  - ??4CContext@@QEAAAEAV0@AEBV0@@Z
-  - ??4CDebugLog@@QEAAAEAV0@AEBV0@@Z
-  - ??4CDelayLoadThread@@QEAAAEAV0@AEBV0@@Z
-  - ??4CFile@@QEAAAEAV0@AEBV0@@Z
-  - ??4CKEvent@@QEAAAEAV0@AEBV0@@Z
-  - ??4CLockEvent@@QEAAAEAV0@AEBV0@@Z
-  - ??4CMemoryAllocator@@QEAAAEAV0@AEBV0@@Z
-  - ??4CMemoryPoolAllocator@@QEAAAEAV0@AEBV0@@Z
-  - ??4CModuleConfig@@QEAAAEAV0@AEBV0@@Z
-  - ??4CModuleFlagConfig@@QEAAAEAV0@AEBV0@@Z
-  - ??4CModuleStringConfig@@QEAAAEAV0@AEBV0@@Z
-  - ??4CSmartLock@@QEAAAEAV0@AEBV0@@Z
-  - ??4CSmartLock@@QEAAAEBV0@AEAVCLockEvent@@@Z
-  - ??4CSmartResource@@QEAAAEAV0@AEBV0@@Z
-  - ??4CSystemThread@@QEAAAEAV0@AEBV0@@Z
-  - ??4CUserFuncAdapterJob@@QEAAAEAV0@AEBV0@@Z
-  - ??4CWorkerThread@@QEAAAEAV0@AEBV0@@Z
-  - ??4CWorkerThreadJob@@QEAAAEAV0@AEBV0@@Z
-  - ??4IMemoryAllocator@@QEAAAEAV0@AEBV0@@Z
-  - ??_7CAutoUpdateConfigThread@@6B@
-  - ??_7CBlobConfig@@6B@
-  - ??_7CContext@@6B@
-  - ??_7CContextList@@6B@
-  - ??_7CDebugLog@@6B@
-  - ??_7CDelayLoadThread@@6B@
-  - ??_7CExclusionExtConfig@@6B@
-  - ??_7CExclusionFileNameConfig@@6B@
-  - ??_7CExclusionFilePathConfig@@6B@
-  - ??_7CExclusionFolderConfig@@6B@
-  - ??_7CExclusionRegistryConfig@@6B@
-  - ??_7CFile@@6B@
-  - ??_7CFileExtension@@6B@
-  - ??_7CInclusionExtConfig@@6B@
-  - ??_7CInclusionFileNameConfig@@6B@
-  - ??_7CInclusionFilePathConfig@@6B@
-  - ??_7CInclusionFolderConfig@@6B@
-  - ??_7CKEvent@@6B@
-  - ??_7CList@@6B@
-  - ??_7CLockEvent@@6B@
-  - ??_7CLockList@@6B@
-  - ??_7CMemoryAllocator@@6B@
-  - ??_7CMemoryPoolAllocator@@6B@
-  - ??_7CModuleConfig@@6B@
-  - ??_7CModuleConfigList@@6B@
-  - ??_7CModuleFileExtConfig@@6B@
-  - ??_7CModuleFlagConfig@@6B@
-  - ??_7CModuleMultiStringConfig@@6B@
-  - ??_7CModuleStringConfig@@6B@
-  - ??_7CNoLockList@@6B@
-  - ??_7CStrList@@6B@
-  - ??_7CSystemThread@@6B@
-  - ??_7CUserFuncAdapterJob@@6B@
-  - ??_7CWorkerThread@@6B@
-  - ??_7CWorkerThreadJob@@6B@
-  - ??_7CWorkerThreadJobQueue@@6B@
-  - ??_7CWorkerThreadPool@@6B@
-  - ??_7IMemoryAllocator@@6B@
-  - ??_FCContextList@@QEAAXXZ
-  - ??_FCFile@@QEAAXXZ
-  - ??_FCFileExtension@@QEAAXXZ
-  - ??_FCModuleConfigList@@QEAAXXZ
-  - ??_FCStrList@@QEAAXXZ
-  - ??_FCSystemThread@@QEAAXXZ
-  - ??_FCWorkerThread@@QEAAXXZ
-  - ??_FCWorkerThreadJob@@QEAAXXZ
-  - ??_FCWorkerThreadJobQueue@@QEAAXXZ
-  - ??_U@YAPEAX_KPEAVIMemoryAllocator@@PEBDK@Z
-  - ??_V@YAXPEAX@Z
-  - ?Acquire@CLockEvent@@QEAAXXZ
-  - ?Add@CContextList@@QEAAEPEAVCContext@@@Z
-  - ?Add@CFileExtension@@QEAAEPEBGK@Z
-  - ?Add@CModuleConfigList@@QEAAEPEAVCModuleConfig@@@Z
-  - ?Add@CStrList@@QEAAEPEBG@Z
-  - ?AddNode@CLockList@@UEAAEQEAXE@Z
-  - ?AddNode@CNoLockList@@UEAAEQEAXE@Z
-  - ?Alloc@CMemoryAllocator@@UEAAPEAX_KPEBDK@Z
-  - ?Alloc@CMemoryPoolAllocator@@UEAAPEAX_KPEBDK@Z
-  - ?AllocBlock@CMemoryPoolAllocator@@IEAAPEAX_K@Z
-  - ?AttachJobQueue@CWorkerThread@@QEAAXPEAVCWorkerThreadJobQueue@@@Z
-  - ?Cancel@CWorkerThreadJob@@QEAAXXZ
-  - ?CheckNode@CLockList@@UEAAHQEAX@Z
-  - ?CheckNode@CNoLockList@@UEAAHQEAX@Z
-  - ?CleanQueue@CWorkerThreadJobQueue@@QEAAXXZ
-  - ?Cleanup@CBlobConfig@@AEAAXXZ
-  - ?Cleanup@CModuleFileExtConfig@@IEAAXXZ
-  - ?Cleanup@CModuleMultiStringConfig@@IEAAXXZ
-  - ?Cleanup@CModuleStringConfig@@AEAAXXZ
-  - ?Close@CFile@@QEAAJXZ
-  - ?Count@CLockList@@QEAAKXZ
-  - ?Count@CNoLockList@@QEAAKXZ
-  - ?Create@CFile@@QEAAJPEBGKKKK@Z
-  - ?Create@CSystemThread@@QEAAEXZ
-  - ?CreateInstance@CMemoryAllocator@@SAPEAV1@W4_POOL_TYPE@@K@Z
-  - ?CreateInstance@CMemoryPoolAllocator@@SAPEAV1@W4_POOL_TYPE@@_K1K@Z
-  - ?CreatePool@CWorkerThreadPool@@QEAAEXZ
-  - ?CreateThreads@CWorkerThreadPool@@QEAAEK@Z
-  - ?CreateWIRP@CFile@@QEAAJPEBGKKKK@Z
-  - ?Delete@CFile@@QEAAJXZ
-  - ?Delete@CFileExtension@@QEAAEPEBGK@Z
-  - ?Delete@CStrList@@QEAAEPEBG@Z
-  - ?DeleteAll@CList@@UEAAXXZ
-  - ?DeleteAll@CLockList@@UEAAXXZ
-  - ?DeleteAll@CNoLockList@@UEAAXXZ
-  - ?DeleteNode@CContextList@@MEAAXPEAX@Z
-  - ?DeleteNode@CList@@UEAAXPEAX@Z
-  - ?DeleteNode@CModuleConfigList@@MEAAXPEAX@Z
-  - ?DeleteNode@CStrList@@EEAAXPEAU_STR_LIST_NODE@1@@Z
-  - ?DisableWriteProtectFromCR0@@YAXPEAPEAX@Z
-  - ?DoIt@CWorkerThreadJob@@QEAAJXZ
-  - ?EntryPoint@CSystemThread@@KAXPEAX@Z
-  - ?Find@CContextList@@QEAAPEAVCContext@@K@Z
-  - ?Find@CContextList@@QEAAPEAVCContext@@PEAX@Z
-  - ?Find@CFileExtension@@QEAAPEAU_STR_LIST_NODE@CStrList@@PEBGK@Z
-  - ?Find@CModuleConfigList@@QEAAPEAVCModuleConfig@@K@Z
-  - ?Find@CStrList@@QEAAPEAU_STR_LIST_NODE@1@PEBG@Z
-  - ?FindNode@CContextList@@IEAAPEAXPEAX@Z
-  - ?FindPartiallyAndAllMatch@CStrList@@QEAAPEAU_STR_LIST_NODE@1@PEBG@Z
-  - ?First@CList@@UEAAPEAXXZ
-  - ?First@CLockList@@UEAAPEAXXZ
-  - ?First@CNoLockList@@UEAAPEAXXZ
-  - ?Free@CMemoryAllocator@@UEAAXPEAX@Z
-  - ?Free@CMemoryPoolAllocator@@UEAAXPEAX@Z
-  - ?GetAttributes@CFile@@QEAAKXZ
-  - ?GetBasicInfomration@CFile@@IEAAJXZ
-  - ?GetBlobCofig@CContext@@UEAAJKPEAXPEAK@Z
-  - ?GetCategory@CContext@@QEAAKXZ
-  - ?GetData@CBlobConfig@@QEAAHPEAXPEAK@Z
-  - ?GetData@CModuleFileExtConfig@@QEAAHPEAGPEAK@Z
-  - ?GetData@CModuleFileExtConfig@@QEAAPEAVCFileExtension@@XZ
-  - ?GetData@CModuleFlagConfig@@QEAAKXZ
-  - ?GetData@CModuleMultiStringConfig@@QEAAHPEAGPEAK@Z
-  - ?GetData@CModuleMultiStringConfig@@QEAAPEAVCStrList@@XZ
-  - ?GetData@CModuleStringConfig@@QEAAPEAGXZ
-  - ?GetData@CStrList@@QEAAEPEAGPEAK@Z
-  - ?GetDataType@CModuleConfig@@QEAAKXZ
-  - ?GetEngineContext@CContext@@QEAAPEAXXZ
-  - ?GetFileExtensionConfig@CContext@@QEAAPEAVCFileExtension@@K@Z
-  - ?GetFileExtensionConfig@CContext@@UEAAJKPEAGPEAK@Z
-  - ?GetFileSize@CFile@@QEAAJPEAT_LARGE_INTEGER@@@Z
-  - ?GetFlagConfig@CContext@@UEAAJKPEAK@Z
-  - ?GetID@CModuleConfig@@QEAAKXZ
-  - ?GetJob@CWorkerThreadJobQueue@@QEAAPEAVCWorkerThreadJob@@XZ
-  - ?GetLength@CModuleStringConfig@@QEAAKXZ
-  - ?GetLinkContext@CContext@@QEAAPEAXXZ
-  - ?GetLogFlag@CDebugLog@@QEAAKXZ
-  - ?GetModuleId@CModuleConfig@@QEAAKXZ
-  - ?GetMultiStringConfig@CContext@@QEAAPEAVCStrList@@K@Z
-  - ?GetMultiStringConfig@CContext@@UEAAJKPEAGPEAK@Z
-  - ?GetOneThreadTEB@CWorkerThreadPool@@QEAAPEAU_ETHREAD@@XZ
-  - ?GetReportCallBackRoutine@CContext@@QEAA_KXZ
-  - ?GetSize@CBlobConfig@@QEAAKXZ
-  - ?GetStringConfig@CContext@@QEAAPEAGK@Z
-  - ?GetStringConfig@CContext@@UEAAJKPEAGPEAK@Z
-  - ?GetThreadCount@CWorkerThreadPool@@QEAAKXZ
-  - ?GetThreadID@CSystemThread@@QEAA_KXZ
-  - ?GetType@CContext@@QEAAKXZ
-  - ?GetUserParameter@CContext@@QEAA_KXZ
-  - ?InitializeBlobConfig@CContext@@QEAAHKPEAXK@Z
-  - ?InitializeFileExtensionConfig@CContext@@QEAAHKPEBG@Z
-  - ?InitializeFlagConfig@CContext@@QEAAHKK@Z
-  - ?InitializeMultiStringConfig@CContext@@QEAAHKPEBG@Z
-  - ?InitializeStringConfig@CContext@@QEAAHKPEBG@Z
-  - ?Insert@CList@@UEAAXQEAXE@Z
-  - ?Insert@CLockList@@UEAAXQEAXE@Z
-  - ?Insert@CNoLockList@@UEAAXQEAXE@Z
-  - ?InsertAfter@CList@@UEAAXPEAX0@Z
-  - ?InsertBefore@CList@@UEAAXPEAX0@Z
-  - ?Instance@CWorkerThreadPool@@SAPEAV1@XZ
-  - ?IsEmpty@CList@@UEAAEXZ
-  - ?IsEmpty@CLockList@@UEAAEXZ
-  - ?IsEmpty@CNoLockList@@UEAAEXZ
-  - ?IsExceedLimitation@CMemoryPoolAllocator@@IEAAEK@Z
-  - ?IsFull@CLockList@@QEBAEXZ
-  - ?IsFull@CNoLockList@@QEBAEXZ
-  - ?IsInExclusionList@CExclusionExtConfig@@QEAAEPEBG@Z
-  - ?IsInExclusionList@CExclusionFileNameConfig@@QEAAEPEBG@Z
-  - ?IsInExclusionList@CExclusionFilePathConfig@@QEAAEPEBG@Z
-  - ?IsInExclusionList@CExclusionFolderConfig@@QEAAEPEBG@Z
-  - ?IsInExclusionList@CExclusionRegistryConfig@@QEAAEPEBG@Z
-  - ?IsInInclusionList@CInclusionExtConfig@@QEAAEPEBG@Z
-  - ?IsInInclusionList@CInclusionFileNameConfig@@QEAAEPEBG@Z
-  - ?IsInInclusionList@CInclusionFilePathConfig@@QEAAEPEBG@Z
-  - ?IsInInclusionList@CInclusionFolderConfig@@QEAAEPEBG@Z
-  - ?IsOpened@CFile@@QEAAEXZ
-  - ?IsTerminated@CWorkerThreadPool@@QEAAEXZ
-  - ?IsValid@CMemoryAllocator@@UEAAEXZ
-  - ?IsValid@CMemoryPoolAllocator@@UEAAEXZ
-  - ?IsValid@IMemoryAllocator@@UEAAEXZ
-  - ?IsWorkerThread@CWorkerThreadPool@@QEAAE_K@Z
-  - ?JobFunction@CUserFuncAdapterJob@@MEAAXXZ
-  - ?JobQueue@CWorkerThreadPool@@QEAAAEAVCWorkerThreadJobQueue@@XZ
-  - ?Limit@CLockList@@QEAAKXZ
-  - ?Limit@CNoLockList@@QEAAKXZ
-  - ?MatchAllExtensions@CFileExtension@@QEAAEXZ
-  - ?MatchNoExtensions@CFileExtension@@QEAAEXZ
-  - ?MergeLeft@CMemoryPoolAllocator@@IEAAPEAXPEAX@Z
-  - ?MergeRight@CMemoryPoolAllocator@@IEAAPEAXPEAX@Z
-  - ?NeedDelete@CWorkerThreadJob@@QEAAEXZ
-  - ?NeedDeleteWhenFinish@CWorkerThreadJob@@QEAAXE@Z
-  - ?NewNode@CList@@UEAAPEAXXZ
-  - ?NewNode@CStrList@@EEAAPEAXXZ
-  - ?NewNodeVariant@CList@@IEAAPEAXK@Z
-  - ?Next@CList@@UEBAPEAXQEAX@Z
-  - ?Next@CLockList@@UEBAPEAXQEAX@Z
-  - ?Next@CNoLockList@@UEBAPEAXQEAX@Z
-  - ?NextPool@CMemoryPoolAllocator@@QEAAPEAV1@XZ
-  - ?NotityTerminate@CWorkerThread@@QEAAXXZ
-  - ?PostJobToWorkerThread@CWorkerThreadPool@@QEAAJP6AXPEAX@Z0E@Z
-  - ?Pulse@CKEvent@@QEAAJJE@Z
-  - ?QueueJob@CWorkerThreadJobQueue@@QEAAEPEAVCWorkerThreadJob@@@Z
-  - ?QueueJobItem@CWorkerThreadPool@@QEAAJPEAVCWorkerThreadJob@@@Z
-  - ?RCMInstance@CWorkerThreadPool@@SAPEAV1@XZ
-  - ?Read@CFile@@QEAAJPEADKPEAK@Z
-  - ?ReferenceCount@CContext@@QEAAAEAKXZ
-  - ?Release@CLockEvent@@QEAAXXZ
-  - ?Remove@CContextList@@UEAAEQEAX@Z
-  - ?Remove@CList@@UEAAEQEAX@Z
-  - ?Remove@CLockList@@UEAAEQEAX@Z
-  - ?Remove@CNoLockList@@UEAAEQEAX@Z
-  - ?RemoveHead@CList@@UEAAPEAXXZ
-  - ?RemoveHead@CLockList@@UEAAPEAXXZ
-  - ?RemoveHead@CNoLockList@@UEAAPEAXXZ
-  - ?RemoveTail@CList@@UEAAPEAXXZ
-  - ?RemoveTail@CLockList@@UEAAPEAXXZ
-  - ?RemoveTail@CNoLockList@@UEAAPEAXXZ
-  - ?Reset@CKEvent@@QEAAXXZ
-  - ?ResetData@CInclusionExtConfig@@QEAAXXZ
-  - ?ResetData@CInclusionFileNameConfig@@QEAAXXZ
-  - ?ResetData@CInclusionFilePathConfig@@QEAAXXZ
-  - ?ResetData@CInclusionFolderConfig@@QEAAXXZ
-  - ?RestoreCR0@@YAXPEAX@Z
-  - ?Run@CAutoUpdateConfigThread@@UEAAXXZ
-  - ?Run@CDelayLoadThread@@UEAAXXZ
-  - ?Run@CWorkerThread@@UEAAXXZ
-  - ?SeekToEnd@CFile@@QEAAJXZ
-  - ?Set@CKEvent@@QEAAJJE@Z
-  - ?SetAttributes@CFile@@QEAAJK@Z
-  - ?SetBlobCofig@CContext@@UEAAJKPEAXK@Z
-  - ?SetData@CBlobConfig@@QEAAHPEAXK@Z
-  - ?SetData@CModuleFileExtConfig@@QEAAHPEBG@Z
-  - ?SetData@CModuleFlagConfig@@QEAAHK@Z
-  - ?SetData@CModuleMultiStringConfig@@QEAAHPEBGK@Z
-  - ?SetData@CModuleStringConfig@@QEAAHPEBG@Z
-  - ?SetEngineContext@CContext@@QEAAXPEAX@Z
-  - ?SetFileExtensionConfig@CContext@@UEAAJKPEBG@Z
-  - ?SetFlagConfig@CContext@@UEAAJKK@Z
-  - ?SetLinkContext@CContext@@QEAAXPEAX@Z
-  - ?SetLogFlag@CDebugLog@@QEAAEK@Z
-  - ?SetMatchAllExtensions@CFileExtension@@QEAAXE@Z
-  - ?SetMatchNoExtensions@CFileExtension@@QEAAXE@Z
-  - ?SetMultiStringConfig@CContext@@UEAAJKPEBG@Z
-  - ?SetNewJobItemEvent@CWorkerThreadJobQueue@@QEAAXXZ
-  - ?SetPriority@CSystemThread@@QEAAXK@Z
-  - ?SetStopUse@CContext@@QEAAXXZ
-  - ?SetStringConfig@CContext@@UEAAJKPEBG@Z
-  - ?Setup@CSystemThread@@MEAAXXZ
-  - ?StopUse@CContext@@QEAAHXZ
-  - ?TearDown@CSystemThread@@MEAAXXZ
-  - ?Terminate@CSystemThread@@QEAAXE@Z
-  - ?Terminate@CWorkerThreadPool@@QEAAEXZ
-  - ?TmExceptionFilter@@YAJPEAU_EXCEPTION_POINTERS@@@Z
-  - ?Wait@CKEvent@@QEAAJPEAT_LARGE_INTEGER@@E@Z
-  - ?WaitFinish@CWorkerThreadJob@@QEAAXXZ
-  - ?WaitForInit@CDelayLoadThread@@QEAAEXZ
-  - ?WaitForLoad@CDelayLoadThread@@QEAAEXZ
-  - ?WaitNewJobAvailable@CWorkerThreadJobQueue@@QEAAEXZ
-  - ?Write@CDebugLog@@QEAAXPEBDZZ
-  - ?Write@CFile@@QEAAJPEADKPEAT_LARGE_INTEGER@@PEAK@Z
-  - ?WriteSystemInformation@CDebugLog@@QEAAXXZ
-  - ?WriteSystemStringInformation@CDebugLog@@IEAAXPEBG@Z
-  - ?WriteToFile@CDebugLog@@IEAAXPEADK@Z
-  - ?_pNonPagedAllocator@@3PEAVCMemoryAllocator@@EA
-  - ?_pPagedAllocator@@3PEAVCMemoryAllocator@@EA
-  - ?m_lpInstance@CWorkerThreadPool@@1PEAV1@EA
-  - ?m_lpRCMInstance@CWorkerThreadPool@@1PEAV1@EA
-  - DeInitKmLPC
-  - GetModuleInfoByAddress
-  - GetModuleInfoByModuleName
-  - InitKmLPC
-  - KmCallUm
-  - KmCallUmEx
-  - ModGetExportProcAddress
-  - ModLoadDLLToBuffer
-  - ModLoadDLLToBufferWithImageSize
-  - ModLoadModule
-  - ModUnLoadModule
-  - NormalizeFileName
-  - NormalizeFullNtPathToDosName
-  - TmCommConfigRoutine
-  - UtilAddDeviceInDriveTable
-  - UtilDeleteFileForce
-  - UtilGetFileObjectForProcessByEPROC
-  - UtilGetFileObjectFromFileName
-  - UtilGetProcessName
-  - UtilGetSystemDirectory
-  - UtilGetSystemDirectoryEx
-  - UtilGetSystemDirectoryLength
-  - UtilGetSystemTime
-  - UtilIoSetFileInfo
-  - UtilIopCreateFileIRP
-  - UtilKeGetLowFileDevice
-  - UtilModuleIATHook
-  - UtilModuleIATUnHook
-  - UtilQueryKeyValue
-  - UtilRemoveDeviceFromDriveTable
-  - UtilVolumeDeviceToDosName
-  - UtilWaitValueChangeToZero
-  - UtilWriteVersionToRegistry
-  - UtilbuildDynamicDiskMappingTable
-  - UtlWriteBinValueKeyToRegistry
-  - _UtilDosPathNameToNtPathName
-  ImportedFunctions:
-  - KeLeaveCriticalRegion
-  - wcsncpy
-  - KeEnterCriticalRegion
-  - ExAcquireFastMutexUnsafe
-  - wcsrchr
-  - ExAcquireResourceSharedLite
-  - ExReleaseResourceLite
-  - _purecall
-  - ZwOpenEvent
-  - RtlSubAuthoritySid
-  - RtlLengthRequiredSid
-  - ZwConnectPort
-  - ExAllocatePoolWithTag
-  - KeClearEvent
-  - PsProcessType
-  - ExFreePoolWithTag
-  - ExReleaseFastMutex
-  - ExAcquireFastMutex
-  - RtlCreateAcl
-  - RtlSetDaclSecurityDescriptor
-  - RtlInitUnicodeString
-  - KeSetEvent
-  - ProbeForWrite
-  - KeUnstackDetachProcess
-  - RtlAddAccessAllowedAce
-  - ZwRequestWaitReplyPort
-  - ZwWaitForSingleObject
-  - DbgBreakPoint
-  - ZwSetEvent
-  - IoGetCurrentProcess
-  - ZwFreeVirtualMemory
-  - ZwClose
-  - KeInitializeSemaphore
-  - KeWaitForSingleObject
-  - KeReleaseSemaphore
-  - RtlInitializeSid
-  - ObfReferenceObject
-  - ObfDereferenceObject
-  - RtlUnicodeStringToInteger
-  - ZwCreateSection
-  - ObOpenObjectByPointer
-  - KeStackAttachProcess
-  - RtlCreateSecurityDescriptor
-  - KePulseEvent
-  - ZwAllocateVirtualMemory
-  - PsThreadType
-  - PsGetProcessExitTime
-  - MmSectionObjectType
-  - DbgPrint
-  - ExDeleteResourceLite
-  - ExInitializeResourceLite
-  - ZwReadFile
-  - swprintf
-  - ZwSetInformationFile
-  - ZwCreateFile
-  - ZwQueryInformationFile
-  - ZwWriteFile
-  - _wcsnicmp
-  - towupper
-  - KeInitializeEvent
-  - ZwCreateEvent
-  - ZwCreateKey
-  - ZwNotifyChangeKey
-  - _snprintf
-  - ExSystemTimeToLocalTime
-  - _vsnprintf
-  - ObReferenceObjectByHandle
-  - RtlTimeToTimeFields
-  - PsGetCurrentThreadId
-  - PsGetCurrentProcessId
-  - MmIsAddressValid
-  - KeWaitForMultipleObjects
-  - KeSetPriorityThread
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - KeNumberProcessors
-  - PsLookupProcessByProcessId
-  - PsSetCreateProcessNotifyRoutine
-  - ZwOpenDirectoryObject
-  - KeDelayExecutionThread
-  - ZwQueryInformationProcess
-  - ExGetPreviousMode
-  - ExReleaseFastMutexUnsafe
-  - ZwQuerySystemInformation
-  - ZwQueryValueKey
-  - ZwOpenKey
-  - _stricmp
-  - _strnicmp
-  - mbstowcs
-  - ProbeForRead
-  - _snwprintf
-  - ZwQuerySymbolicLinkObject
-  - ZwMapViewOfSection
-  - MmGetSystemRoutineAddress
-  - RtlAppendUnicodeToString
-  - IoCreateFile
-  - RtlQueryRegistryValues
-  - RtlEqualUnicodeString
-  - MmBuildMdlForNonPagedPool
-  - ZwOpenSymbolicLinkObject
-  - IoFreeMdl
-  - RtlFreeUnicodeString
-  - IoFileObjectType
-  - ZwUnmapViewOfSection
-  - NtClose
-  - IoFreeIrp
-  - PsGetVersion
-  - IoAllocateIrp
-  - RtlCopyUnicodeString
-  - ZwOpenFile
-  - RtlImageNtHeader
-  - IoAllocateMdl
-  - IofCallDriver
-  - ZwQueryVolumeInformationFile
-  - ObQueryNameString
-  - ObReferenceObjectByPointer
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - ExEventObjectType
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoGetDeviceObjectPointer
-  - ObInsertObject
-  - IoAcquireVpbSpinLock
-  - SeCreateAccessState
-  - IoGetFileObjectGenericMapping
-  - ObCreateObject
-  - IoReleaseVpbSpinLock
-  - KeBugCheckEx
-  - IoCreateDevice
-  - ZwSetSecurityObject
-  - IoDeviceObjectType
-  - RtlLengthSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - RtlAbsoluteToSelfRelativeSD
-  - IoIsWdmVersionAvailable
-  - SeExports
-  - wcschr
-  - RtlLengthSid
-  - RtlGetSaclSecurityDescriptor
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - ZwSetValueKey
-  - ExAcquireResourceExclusiveLite
-  - __C_specific_handler
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G3
-      ValidFrom: '2012-05-01 00:00:00'
-      ValidTo: '2012-12-31 23:59:59'
-      Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
-      Version: 3
-      TBS:
-        MD5: e6d820afb23af20a65cf0b03247ea05e
-        SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
-        SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
-        SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-09-30 00:00:00'
-      ValidTo: '2014-01-01 23:59:59'
-      Signature: aedd211d5f8f807ad25209eadb6ed25d8be8c21b6904be51a5010e59fa37d174a3eedced89742b62d5a6bf4fad361754f013e0a345d24c26cbe26da21fd01e7a070fb6b37b6f5068a2e931b3b7997d8070a0a7de0b1ea4fff34d811bdd20c91cc4afcff18ffad9da95f0ecdc5cbfe88c5a3e7ab0a3eb59437411e09b1a6af36f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4d6290e58c54f0f1eb17341a1310e6a4
-      Version: 3
-      TBS:
-        MD5: b7d8444a70054990435f35a5630df5e1
-        SHA1: 4678c6e4a8787a8e6ed2bce8792b122f6c08afd8
-        SHA256: 0a8b4b359ea7890b358e56e436e9cfc6f32b037b2599b597ca7f7a80d475ec98
-        SHA384: ab21ee23bcdcf6f6066fb964d61467419ca8c0f3ad0b3fa2be4db6ed6af1cdff066b27d1988551c75836f22eddffef1f
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=TW, ST=Taiwan, L=Taipei, O=Trend Micro, Inc., OU=Digital ID Class
-        3 , Microsoft Software Validation v2, OU=RD, CN=Trend Micro, Inc.
-      ValidFrom: '2011-12-27 00:00:00'
-      ValidTo: '2013-02-15 23:59:59'
-      Signature: 840ba0fc35187fe2edc7b17c101fd2bf035bbad8f3de048e250741e96a3f4ecee86f1f065ea76f2f8f430a13a75ff3eab29a8b11a13006d27bf3173fa49aabf9cef98fc4554f1732317c4b821c740eb58a91977d85e86574dd712718b15d24f7eb88b6d4520aef788478e1ef8cebd7fff06fadbc87ca6ca2b77da85be3c30b4d590bcb8945a0acfa013f89073933494d9c465c0036280a5af39f6802e60bd175a2603366dd935cb3458b1791411a06b6e5f38e3171de4238051c79b33117cb94674d0625c402bdfb0f99b80625dc0f827911c6c11263884a4e41d1abf60070ad46b7296e19e1cfcda7304a650d7a814319cc11e5a947e82b2d00a169e798b871
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 6326c00ead256b6837eeb29b5ee84720
-      Version: 3
-      TBS:
-        MD5: 11b208a45459069f827186fe81c6badd
-        SHA1: 456356986e8ecbb7b05e4617d37cb8cd69ce4969
-        SHA256: 4a0336d7ffa5db42ece4b342e1244f5c2bd0681827f68f847d99195c83740145
-        SHA384: 8a5edd0f475b19f4667fde62ee69bbe81a130ddad07ff7cbeb16d4bd9bddd3aa1e59f2469cc15c01e8889e01b048778d
-    Signer:
-    - SerialNumber: 6326c00ead256b6837eeb29b5ee84720
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 758d7e589c3ed9801189755eeacb7853
-    SHA1: 3489d3411a9549281a52875dd5b15c14d16fe035
-    SHA256: 41392221145207e9cc769dfaeda0bfa63ee6babeb2d86771a48cc97bd0ab89c0
-  Sections:
-    .text:
-      Entropy: 6.305973111298038
-      Virtual Size: '0x1a864'
-    .rdata:
-      Entropy: 4.370773855713886
-      Virtual Size: '0x21e0'
-    .data:
-      Entropy: 3.694464494190871
-      Virtual Size: '0x1f79'
-    .pdata:
-      Entropy: 5.062004283964308
-      Virtual Size: '0x1794'
-    PAGE:
-      Entropy: 6.209864470131033
-      Virtual Size: '0x19f7'
-    .edata:
-      Entropy: 5.761030423743034
-      Virtual Size: '0x4de7'
-    INIT:
-      Entropy: 5.276807727813277
-      Virtual Size: '0x1168'
-    .rsrc:
-      Entropy: 3.4111757391638116
-      Virtual Size: '0x780'
-    .reloc:
-      Entropy: 3.755788581312189
-      Virtual Size: '0x578'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2012-11-13 04:31:43'
-  Imphash: 3c91d549b68e320924bcde3856993e87
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: TmComm.sys
-  MD5: 2ddd3c0e23bc0fd63702910c597298b4
-  SHA1: 3fd7fda9c7dfdb2a845c39971572bd090bee3b1d
-  SHA256: a8027daa6facf1ff81405daf6763249e9acf232a1a191b6bf106711630e6188e
-  Authentihash:
-    MD5: 007d2afd1aa5ebcd3cfa447087156319
-    SHA1: a3e23bd4ea435781eb394581ac3fa1fe27e074ec
-    SHA256: 886b28af7d2907a61720da0b6ea5d88a9a8512ceb120e88889f3fedd6bf313b4
-  Description: TrendMicro Common Module
-  Company: Trend Micro Inc.
-  InternalName: TmComm.sys
-  OriginalFilename: TmComm.sys
-  FileVersion: 2.5.0.1121
-  Product: AEGIS
-  ProductVersion: '2.5'
-  Copyright: Copyright (C) 2005-2008 Trend Micro Incorporated. All rights reserved.
-  MachineType: I386
-  Imports:
-  - ntoskrnl.exe
-  - CLASSPNP.SYS
-  ExportedFunctions:
-  - ??0CAutoUpdateConfigThread@@QAE@ABV0@@Z
-  - ??0CAutoUpdateConfigThread@@QAE@PAU_UNICODE_STRING@@P6GX0PAX@Z1@Z
-  - ??0CBlobConfig@@QAE@ABV0@@Z
-  - ??0CBlobConfig@@QAE@K@Z
-  - ??0CContext@@QAE@ABV0@@Z
-  - ??0CContext@@QAE@KP6GJPAU_EVENT_REPORT@@PAXPAU_TMCE_REPORT@@PAU_TMCE_FEEDBACK@@@Z1K@Z
-  - ??0CContextList@@QAE@ABV0@@Z
-  - ??0CContextList@@QAE@KPAVIMemoryAllocator@@@Z
-  - ??0CDebugLog@@QAE@ABV0@@Z
-  - ??0CDebugLog@@QAE@PBG@Z
-  - ??0CExclusionExtConfig@@QAE@ABV0@@Z
-  - ??0CExclusionExtConfig@@QAE@KKE@Z
-  - ??0CExclusionFileNameConfig@@QAE@ABV0@@Z
-  - ??0CExclusionFileNameConfig@@QAE@KK@Z
-  - ??0CExclusionFilePathConfig@@QAE@ABV0@@Z
-  - ??0CExclusionFilePathConfig@@QAE@KK@Z
-  - ??0CExclusionFolderConfig@@QAE@ABV0@@Z
-  - ??0CExclusionFolderConfig@@QAE@KK@Z
-  - ??0CExclusionRegistryConfig@@QAE@ABV0@@Z
-  - ??0CExclusionRegistryConfig@@QAE@KK@Z
-  - ??0CFile@@QAE@ABV0@@Z
-  - ??0CFile@@QAE@E@Z
-  - ??0CFileExtension@@QAE@ABV0@@Z
-  - ??0CFileExtension@@QAE@KEEPAVIMemoryAllocator@@@Z
-  - ??0CKEvent@@QAE@ABV0@@Z
-  - ??0CKEvent@@QAE@W4_EVENT_TYPE@@E@Z
-  - ??0CList@@QAE@ABV0@@Z
-  - ??0CList@@QAE@KPAVIMemoryAllocator@@@Z
-  - ??0CLockEvent@@QAE@ABV0@@Z
-  - ??0CLockEvent@@QAE@XZ
-  - ??0CLockList@@QAE@ABV0@@Z
-  - ??0CLockList@@QAE@KKPAVIMemoryAllocator@@@Z
-  - ??0CMemoryAllocator@@IAE@W4_POOL_TYPE@@K@Z
-  - ??0CMemoryAllocator@@QAE@ABV0@@Z
-  - ??0CMemoryPoolAllocator@@IAE@W4_POOL_TYPE@@KKK@Z
-  - ??0CMemoryPoolAllocator@@QAE@ABV0@@Z
-  - ??0CModuleConfig@@QAE@ABV0@@Z
-  - ??0CModuleConfig@@QAE@XZ
-  - ??0CModuleConfigList@@QAE@ABV0@@Z
-  - ??0CModuleConfigList@@QAE@KPAVIMemoryAllocator@@@Z
-  - ??0CModuleFileExtConfig@@QAE@ABV0@@Z
-  - ??0CModuleFileExtConfig@@QAE@KKE@Z
-  - ??0CModuleFlagConfig@@QAE@ABV0@@Z
-  - ??0CModuleFlagConfig@@QAE@K@Z
-  - ??0CModuleMultiStringConfig@@QAE@ABV0@@Z
-  - ??0CModuleMultiStringConfig@@QAE@KK@Z
-  - ??0CModuleStringConfig@@QAE@ABV0@@Z
-  - ??0CModuleStringConfig@@QAE@K@Z
-  - ??0CSmartLock@@QAE@AAVCLockEvent@@@Z
-  - ??0CSmartLock@@QAE@XZ
-  - ??0CSmartReference@@QAE@AAJ@Z
-  - ??0CSmartReference@@QAE@AAK@Z
-  - ??0CStrList@@QAE@ABV0@@Z
-  - ??0CStrList@@QAE@KPAVIMemoryAllocator@@@Z
-  - ??0CSystemThread@@QAE@ABV0@@Z
-  - ??0CSystemThread@@QAE@K@Z
-  - ??0CUserFuncAdapterJob@@QAE@ABV0@@Z
-  - ??0CUserFuncAdapterJob@@QAE@P6GXPAX@Z0@Z
-  - ??0CWorkerThread@@IAE@PAVCWorkerThreadJobQueue@@@Z
-  - ??0CWorkerThread@@QAE@ABV0@@Z
-  - ??0CWorkerThreadJob@@QAE@ABV0@@Z
-  - ??0CWorkerThreadJob@@QAE@E@Z
-  - ??0CWorkerThreadJobQueue@@QAE@ABV0@@Z
-  - ??0CWorkerThreadJobQueue@@QAE@K@Z
-  - ??0CWorkerThreadPool@@QAE@ABV0@@Z
-  - ??0CWorkerThreadPool@@QAE@K@Z
-  - ??0IMemoryAllocator@@QAE@ABV0@@Z
-  - ??0IMemoryAllocator@@QAE@XZ
-  - ??1CAutoUpdateConfigThread@@UAE@XZ
-  - ??1CBlobConfig@@UAE@XZ
-  - ??1CContext@@UAE@XZ
-  - ??1CContextList@@UAE@XZ
-  - ??1CDebugLog@@UAE@XZ
-  - ??1CExclusionExtConfig@@UAE@XZ
-  - ??1CExclusionFileNameConfig@@UAE@XZ
-  - ??1CExclusionFilePathConfig@@UAE@XZ
-  - ??1CExclusionFolderConfig@@UAE@XZ
-  - ??1CExclusionRegistryConfig@@UAE@XZ
-  - ??1CFile@@UAE@XZ
-  - ??1CFileExtension@@UAE@XZ
-  - ??1CKEvent@@UAE@XZ
-  - ??1CList@@UAE@XZ
-  - ??1CLockEvent@@UAE@XZ
-  - ??1CLockList@@UAE@XZ
-  - ??1CMemoryAllocator@@UAE@XZ
-  - ??1CMemoryPoolAllocator@@UAE@XZ
-  - ??1CModuleConfig@@UAE@XZ
-  - ??1CModuleConfigList@@UAE@XZ
-  - ??1CModuleFileExtConfig@@UAE@XZ
-  - ??1CModuleFlagConfig@@UAE@XZ
-  - ??1CModuleMultiStringConfig@@UAE@XZ
-  - ??1CModuleStringConfig@@UAE@XZ
-  - ??1CSmartLock@@QAE@XZ
-  - ??1CSmartReference@@QAE@XZ
-  - ??1CStrList@@UAE@XZ
-  - ??1CSystemThread@@UAE@XZ
-  - ??1CUserFuncAdapterJob@@UAE@XZ
-  - ??1CWorkerThread@@UAE@XZ
-  - ??1CWorkerThreadJob@@UAE@XZ
-  - ??1CWorkerThreadJobQueue@@UAE@XZ
-  - ??1CWorkerThreadPool@@UAE@XZ
-  - ??1IMemoryAllocator@@UAE@XZ
-  - ??2@YAPAXIPAVIMemoryAllocator@@PBDK@Z
-  - ??2CMemoryAllocator@@SGPAXI@Z
-  - ??2CMemoryPoolAllocator@@SGPAXI@Z
-  - ??3@YAXPAX@Z
-  - ??3IMemoryAllocator@@SGXPAX@Z
-  - ??4CAutoUpdateConfigThread@@QAEAAV0@ABV0@@Z
-  - ??4CBlobConfig@@QAEAAV0@ABV0@@Z
-  - ??4CContext@@QAEAAV0@ABV0@@Z
-  - ??4CDebugLog@@QAEAAV0@ABV0@@Z
-  - ??4CFile@@QAEAAV0@ABV0@@Z
-  - ??4CKEvent@@QAEAAV0@ABV0@@Z
-  - ??4CLockEvent@@QAEAAV0@ABV0@@Z
-  - ??4CMemoryAllocator@@QAEAAV0@ABV0@@Z
-  - ??4CMemoryPoolAllocator@@QAEAAV0@ABV0@@Z
-  - ??4CModuleConfig@@QAEAAV0@ABV0@@Z
-  - ??4CModuleFlagConfig@@QAEAAV0@ABV0@@Z
-  - ??4CModuleStringConfig@@QAEAAV0@ABV0@@Z
-  - ??4CSmartLock@@QAEAAV0@ABV0@@Z
-  - ??4CSmartLock@@QAEABV0@AAVCLockEvent@@@Z
-  - ??4CSystemThread@@QAEAAV0@ABV0@@Z
-  - ??4CUserFuncAdapterJob@@QAEAAV0@ABV0@@Z
-  - ??4CWorkerThread@@QAEAAV0@ABV0@@Z
-  - ??4CWorkerThreadJob@@QAEAAV0@ABV0@@Z
-  - ??4IMemoryAllocator@@QAEAAV0@ABV0@@Z
-  - ??_7CAutoUpdateConfigThread@@6B@
-  - ??_7CBlobConfig@@6B@
-  - ??_7CContext@@6B@
-  - ??_7CContextList@@6B@
-  - ??_7CDebugLog@@6B@
-  - ??_7CExclusionExtConfig@@6B@
-  - ??_7CExclusionFileNameConfig@@6B@
-  - ??_7CExclusionFilePathConfig@@6B@
-  - ??_7CExclusionFolderConfig@@6B@
-  - ??_7CExclusionRegistryConfig@@6B@
-  - ??_7CFile@@6B@
-  - ??_7CFileExtension@@6B@
-  - ??_7CKEvent@@6B@
-  - ??_7CList@@6B@
-  - ??_7CLockEvent@@6B@
-  - ??_7CLockList@@6B@
-  - ??_7CMemoryAllocator@@6B@
-  - ??_7CMemoryPoolAllocator@@6B@
-  - ??_7CModuleConfig@@6B@
-  - ??_7CModuleConfigList@@6B@
-  - ??_7CModuleFileExtConfig@@6B@
-  - ??_7CModuleFlagConfig@@6B@
-  - ??_7CModuleMultiStringConfig@@6B@
-  - ??_7CModuleStringConfig@@6B@
-  - ??_7CStrList@@6B@
-  - ??_7CSystemThread@@6B@
-  - ??_7CUserFuncAdapterJob@@6B@
-  - ??_7CWorkerThread@@6B@
-  - ??_7CWorkerThreadJob@@6B@
-  - ??_7CWorkerThreadJobQueue@@6B@
-  - ??_7CWorkerThreadPool@@6B@
-  - ??_7IMemoryAllocator@@6B@
-  - ??_FCContextList@@QAEXXZ
-  - ??_FCFile@@QAEXXZ
-  - ??_FCFileExtension@@QAEXXZ
-  - ??_FCModuleConfigList@@QAEXXZ
-  - ??_FCStrList@@QAEXXZ
-  - ??_FCSystemThread@@QAEXXZ
-  - ??_FCWorkerThread@@QAEXXZ
-  - ??_FCWorkerThreadJob@@QAEXXZ
-  - ??_FCWorkerThreadJobQueue@@QAEXXZ
-  - ??_U@YAPAXIPAVIMemoryAllocator@@PBDK@Z
-  - ??_V@YAXPAX@Z
-  - ?Acquire@CLockEvent@@QAEXXZ
-  - ?Add@CContextList@@QAEEPAVCContext@@@Z
-  - ?Add@CFileExtension@@QAEEPBGK@Z
-  - ?Add@CModuleConfigList@@QAEEPAVCModuleConfig@@@Z
-  - ?Add@CStrList@@QAEEPBG@Z
-  - ?Alloc@CMemoryAllocator@@UAEPAXKPBDK@Z
-  - ?Alloc@CMemoryPoolAllocator@@UAEPAXKPBDK@Z
-  - ?AllocBlock@CMemoryPoolAllocator@@IAEPAXK@Z
-  - ?AttachJobQueue@CWorkerThread@@QAEXPAVCWorkerThreadJobQueue@@@Z
-  - ?Cancel@CWorkerThreadJob@@QAEXXZ
-  - ?CheckNode@CLockList@@UAEHQAX@Z
-  - ?CleanQueue@CWorkerThreadJobQueue@@QAEXXZ
-  - ?Cleanup@CBlobConfig@@AAEXXZ
-  - ?Cleanup@CModuleFileExtConfig@@IAEXXZ
-  - ?Cleanup@CModuleMultiStringConfig@@IAEXXZ
-  - ?Cleanup@CModuleStringConfig@@AAEXXZ
-  - ?Close@CFile@@QAEJXZ
-  - ?Count@CLockList@@QAEKXZ
-  - ?Create@CFile@@QAEJPBGKKKK@Z
-  - ?Create@CSystemThread@@QAEEXZ
-  - ?CreateInstance@CMemoryAllocator@@SGPAV1@W4_POOL_TYPE@@K@Z
-  - ?CreateInstance@CMemoryPoolAllocator@@SGPAV1@W4_POOL_TYPE@@KKK@Z
-  - ?CreatePool@CWorkerThreadPool@@QAEEXZ
-  - ?CreateThreads@CWorkerThreadPool@@QAEEK@Z
-  - ?CreateWIRP@CFile@@QAEJPBGKKKK@Z
-  - ?Delete@CFile@@QAEJXZ
-  - ?Delete@CFileExtension@@QAEEPBGK@Z
-  - ?Delete@CStrList@@QAEEPBG@Z
-  - ?DeleteAll@CList@@UAEXXZ
-  - ?DeleteAll@CLockList@@UAEXXZ
-  - ?DeleteNode@CContextList@@MAEXPAX@Z
-  - ?DeleteNode@CList@@UAEXPAX@Z
-  - ?DeleteNode@CModuleConfigList@@MAEXPAX@Z
-  - ?DeleteNode@CStrList@@EAEXPAU_STR_LIST_NODE@1@@Z
-  - ?DisableWriteProtectFromCR0@@YGXPAPAX@Z
-  - ?DoIt@CWorkerThreadJob@@QAEJXZ
-  - ?EntryPoint@CSystemThread@@KGXPAX@Z
-  - ?Find@CContextList@@QAEPAVCContext@@K@Z
-  - ?Find@CContextList@@QAEPAVCContext@@PAX@Z
-  - ?Find@CFileExtension@@QAEPAU_STR_LIST_NODE@CStrList@@PBGK@Z
-  - ?Find@CModuleConfigList@@QAEPAVCModuleConfig@@K@Z
-  - ?Find@CStrList@@QAEPAU_STR_LIST_NODE@1@PBG@Z
-  - ?FindNode@CContextList@@IAEPAXPAX@Z
-  - ?FindPartiallyAndAllMatch@CStrList@@QAEPAU_STR_LIST_NODE@1@PBG@Z
-  - ?First@CList@@UAEPAXXZ
-  - ?First@CLockList@@UAEPAXXZ
-  - ?Free@CMemoryAllocator@@UAEXPAX@Z
-  - ?Free@CMemoryPoolAllocator@@UAEXPAX@Z
-  - ?GetAttributes@CFile@@QAEKXZ
-  - ?GetBasicInfomration@CFile@@IAEJXZ
-  - ?GetBlobCofig@CContext@@UAEJKPAXPAK@Z
-  - ?GetCategory@CContext@@QAEKXZ
-  - ?GetData@CBlobConfig@@QAEHPAXPAK@Z
-  - ?GetData@CModuleFileExtConfig@@QAEHPAGPAK@Z
-  - ?GetData@CModuleFileExtConfig@@QAEPAVCFileExtension@@XZ
-  - ?GetData@CModuleFlagConfig@@QAEKXZ
-  - ?GetData@CModuleMultiStringConfig@@QAEHPAGPAK@Z
-  - ?GetData@CModuleMultiStringConfig@@QAEPAVCStrList@@XZ
-  - ?GetData@CModuleStringConfig@@QAEPAGXZ
-  - ?GetData@CStrList@@QAEEPAGPAK@Z
-  - ?GetDataType@CModuleConfig@@QAEKXZ
-  - ?GetEngineContext@CContext@@QAEPAXXZ
-  - ?GetFileExtensionConfig@CContext@@QAEPAVCFileExtension@@K@Z
-  - ?GetFileExtensionConfig@CContext@@UAEJKPAGPAK@Z
-  - ?GetFileSize@CFile@@QAEJPAT_LARGE_INTEGER@@@Z
-  - ?GetFlagConfig@CContext@@UAEJKPAK@Z
-  - ?GetID@CModuleConfig@@QAEKXZ
-  - ?GetJob@CWorkerThreadJobQueue@@QAEPAVCWorkerThreadJob@@XZ
-  - ?GetLength@CModuleStringConfig@@QAEKXZ
-  - ?GetLinkContext@CContext@@QAEPAXXZ
-  - ?GetLogFlag@CDebugLog@@QAEKXZ
-  - ?GetModuleId@CModuleConfig@@QAEKXZ
-  - ?GetMultiStringConfig@CContext@@QAEPAVCStrList@@K@Z
-  - ?GetMultiStringConfig@CContext@@UAEJKPAGPAK@Z
-  - ?GetOneThreadTEB@CWorkerThreadPool@@QAEPAU_ETHREAD@@XZ
-  - ?GetReportCallBackRoutine@CContext@@QAEKXZ
-  - ?GetSize@CBlobConfig@@QAEKXZ
-  - ?GetStringConfig@CContext@@QAEPAGK@Z
-  - ?GetStringConfig@CContext@@UAEJKPAGPAK@Z
-  - ?GetThreadCount@CWorkerThreadPool@@QAEKXZ
-  - ?GetThreadID@CSystemThread@@QAEKXZ
-  - ?GetType@CContext@@QAEKXZ
-  - ?GetUserParameter@CContext@@QAEKXZ
-  - ?InitializeBlobConfig@CContext@@QAEHKPAXK@Z
-  - ?InitializeFileExtensionConfig@CContext@@QAEHKPBG@Z
-  - ?InitializeFlagConfig@CContext@@QAEHKK@Z
-  - ?InitializeMultiStringConfig@CContext@@QAEHKPBG@Z
-  - ?InitializeStringConfig@CContext@@QAEHKPBG@Z
-  - ?Insert@CList@@UAEXQAXE@Z
-  - ?Insert@CLockList@@UAEXQAXE@Z
-  - ?InsertAfter@CList@@UAEXPAX0@Z
-  - ?InsertBefore@CList@@UAEXPAX0@Z
-  - ?InsertEx@CLockList@@UAEEQAXE@Z
-  - ?Instance@CWorkerThreadPool@@SGPAV1@XZ
-  - ?IsEmpty@CList@@UAEEXZ
-  - ?IsEmpty@CLockList@@UAEEXZ
-  - ?IsExceedLimitation@CMemoryPoolAllocator@@IAEEK@Z
-  - ?IsFull@CLockList@@QBEEXZ
-  - ?IsInExclusionList@CExclusionExtConfig@@QAEEPBG@Z
-  - ?IsInExclusionList@CExclusionFileNameConfig@@QAEEPBG@Z
-  - ?IsInExclusionList@CExclusionFilePathConfig@@QAEEPBG@Z
-  - ?IsInExclusionList@CExclusionFolderConfig@@QAEEPBG@Z
-  - ?IsInExclusionList@CExclusionRegistryConfig@@QAEEPBG@Z
-  - ?IsOpened@CFile@@QAEEXZ
-  - ?IsTerminated@CWorkerThreadPool@@QAEEXZ
-  - ?IsValid@CMemoryAllocator@@UAEEXZ
-  - ?IsValid@CMemoryPoolAllocator@@UAEEXZ
-  - ?IsValid@IMemoryAllocator@@UAEEXZ
-  - ?IsWorkerThread@CWorkerThreadPool@@QAEEK@Z
-  - ?JobFunction@CUserFuncAdapterJob@@MAEXXZ
-  - ?JobQueue@CWorkerThreadPool@@QAEAAVCWorkerThreadJobQueue@@XZ
-  - ?Limit@CLockList@@QAEKXZ
-  - ?MatchAllExtensions@CFileExtension@@QAEEXZ
-  - ?MatchNoExtensions@CFileExtension@@QAEEXZ
-  - ?MergeLeft@CMemoryPoolAllocator@@IAEPAXPAX@Z
-  - ?MergeRight@CMemoryPoolAllocator@@IAEPAXPAX@Z
-  - ?NeedDelete@CWorkerThreadJob@@QAEEXZ
-  - ?NeedDeleteWhenFinish@CWorkerThreadJob@@QAEXE@Z
-  - ?NewNode@CList@@UAEPAXXZ
-  - ?NewNode@CStrList@@EAEPAXXZ
-  - ?NewNodeVariant@CList@@IAEPAXK@Z
-  - ?Next@CList@@UBEPAXQAX@Z
-  - ?Next@CLockList@@UBEPAXQAX@Z
-  - ?NextPool@CMemoryPoolAllocator@@QAEPAV1@XZ
-  - ?NotityTerminate@CWorkerThread@@QAEXXZ
-  - ?PostJobToWorkerThread@CWorkerThreadPool@@QAEJP6GXPAX@Z0E@Z
-  - ?Pulse@CKEvent@@QAEJJE@Z
-  - ?QueueJob@CWorkerThreadJobQueue@@QAEEPAVCWorkerThreadJob@@@Z
-  - ?QueueJobItem@CWorkerThreadPool@@QAEJPAVCWorkerThreadJob@@@Z
-  - ?RCMInstance@CWorkerThreadPool@@SGPAV1@XZ
-  - ?Read@CFile@@QAEJPADKPAK@Z
-  - ?ReferenceCount@CContext@@QAEAAKXZ
-  - ?Release@CLockEvent@@QAEXXZ
-  - ?Remove@CContextList@@UAEEQAX@Z
-  - ?Remove@CList@@UAEEQAX@Z
-  - ?Remove@CLockList@@UAEEQAX@Z
-  - ?RemoveHead@CList@@UAEPAXXZ
-  - ?RemoveHead@CLockList@@UAEPAXXZ
-  - ?RemoveTail@CList@@UAEPAXXZ
-  - ?RemoveTail@CLockList@@UAEPAXXZ
-  - ?Reset@CKEvent@@QAEXXZ
-  - ?RestoreCR0@@YGXPAX@Z
-  - ?Run@CAutoUpdateConfigThread@@UAEXXZ
-  - ?Run@CWorkerThread@@UAEXXZ
-  - ?SeekToEnd@CFile@@QAEJXZ
-  - ?Set@CKEvent@@QAEJJE@Z
-  - ?SetAttributes@CFile@@QAEJK@Z
-  - ?SetBlobCofig@CContext@@UAEJKPAXK@Z
-  - ?SetData@CBlobConfig@@QAEHPAXK@Z
-  - ?SetData@CModuleFileExtConfig@@QAEHPBG@Z
-  - ?SetData@CModuleFlagConfig@@QAEHK@Z
-  - ?SetData@CModuleMultiStringConfig@@QAEHPBG@Z
-  - ?SetData@CModuleStringConfig@@QAEHPBG@Z
-  - ?SetEngineContext@CContext@@QAEXPAX@Z
-  - ?SetFileExtensionConfig@CContext@@UAEJKPBG@Z
-  - ?SetFlagConfig@CContext@@UAEJKK@Z
-  - ?SetLinkContext@CContext@@QAEXPAX@Z
-  - ?SetLogFlag@CDebugLog@@QAEEK@Z
-  - ?SetMatchAllExtensions@CFileExtension@@QAEXE@Z
-  - ?SetMatchNoExtensions@CFileExtension@@QAEXE@Z
-  - ?SetMultiStringConfig@CContext@@UAEJKPBG@Z
-  - ?SetNewJobItemEvent@CWorkerThreadJobQueue@@QAEXXZ
-  - ?SetPriority@CSystemThread@@QAEXK@Z
-  - ?SetStopUse@CContext@@QAEXXZ
-  - ?SetStringConfig@CContext@@UAEJKPBG@Z
-  - ?Setup@CSystemThread@@MAEXXZ
-  - ?StopUse@CContext@@QAEHXZ
-  - ?TearDown@CSystemThread@@MAEXXZ
-  - ?Terminate@CSystemThread@@QAEXE@Z
-  - ?Terminate@CWorkerThreadPool@@QAEEXZ
-  - ?TmExceptionFilter@@YGJPAU_EXCEPTION_POINTERS@@@Z
-  - ?Wait@CKEvent@@QAEJPAT_LARGE_INTEGER@@E@Z
-  - ?WaitFinish@CWorkerThreadJob@@QAEXXZ
-  - ?WaitNewJobAvailable@CWorkerThreadJobQueue@@QAEEXZ
-  - ?Write@CDebugLog@@QAAXPBDZZ
-  - ?Write@CFile@@QAEJPADKPAT_LARGE_INTEGER@@PAK@Z
-  - ?WriteSystemInformation@CDebugLog@@QAEXXZ
-  - ?WriteSystemStringInformation@CDebugLog@@IAEXPBG@Z
-  - ?WriteToFile@CDebugLog@@IAEXPADK@Z
-  - ?_pNonPagedAllocator@@3PAVCMemoryAllocator@@A
-  - ?_pPagedAllocator@@3PAVCMemoryAllocator@@A
-  - ?m_lpInstance@CWorkerThreadPool@@1PAV1@A
-  - ?m_lpRCMInstance@CWorkerThreadPool@@1PAV1@A
-  - _DeInitKmLPC@0
-  - _GetModuleInfoByAddress@8
-  - _GetModuleInfoByModuleName@8
-  - _InitKmLPC@0
-  - _KmCallUm@8
-  - _MapMem@12
-  - _ModGetExportProcAddress@8
-  - _ModLoadDLLToBuffer@4
-  - _ModLoadModule@8
-  - _ModUnLoadModule@4
-  - _NormalizeFileName@4
-  - _NormalizeFullNtPathToDosName@4
-  - _TmCommConfigRoutine@4
-  - _UnMapMem@8
-  - _UtilGetFileObjectForProcessByEPROC@8
-  - _UtilGetProcessName@12
-  - _UtilGetSystemTime@4
-  - _UtilIoSetFileInfo@24
-  - _UtilIopCreateFileIRP@40
-  - _UtilKeGetLowFileDevice@16
-  - _UtilQueryKeyValue@24
-  - _UtilVolumeDeviceToDosName@8
-  - _UtilWaitValueChangeToZero@8
-  - _UtilWriteVersionToRegistry@8
-  - _UtilbuildDynamicDiskMappingTable@0
-  - __UtilDosPathNameToNtPathName@12
-  ImportedFunctions:
-  - KeEnterCriticalRegion
-  - KeGetCurrentThread
-  - KeLeaveCriticalRegion
-  - ExReleaseFastMutexUnsafe
-  - wcsncpy
-  - memcpy
-  - wcsrchr
-  - KeSetEvent
-  - KePulseEvent
-  - KeClearEvent
-  - KeInitializeSemaphore
-  - KeWaitForSingleObject
-  - DbgPrint
-  - KeReleaseSemaphore
-  - RtlSubAuthoritySid
-  - RtlInitializeSid
-  - ExAllocatePoolWithTag
-  - RtlLengthRequiredSid
-  - ExFreePoolWithTag
-  - RtlSetDaclSecurityDescriptor
-  - RtlCreateSecurityDescriptor
-  - RtlAddAccessAllowedAce
-  - RtlCreateAcl
-  - ObfDereferenceObject
-  - ZwSetEvent
-  - ZwClose
-  - KeUnstackDetachProcess
-  - ZwRequestWaitReplyPort
-  - memmove
-  - KeStackAttachProcess
-  - ZwConnectPort
-  - RtlInitUnicodeString
-  - ZwCreateSection
-  - ZwWaitForSingleObject
-  - ZwOpenEvent
-  - ObfReferenceObject
-  - IoGetCurrentProcess
-  - memset
-  - MmIsAddressValid
-  - ZwWriteFile
-  - ZwReadFile
-  - ZwQueryInformationFile
-  - ZwSetInformationFile
-  - ZwCreateFile
-  - swprintf
-  - towupper
-  - _wcsnicmp
-  - KeInitializeEvent
-  - _snprintf
-  - PsGetCurrentProcessId
-  - RtlTimeToTimeFields
-  - ExSystemTimeToLocalTime
-  - KeQuerySystemTime
-  - ZwCreateKey
-  - ZwCreateEvent
-  - KeWaitForMultipleObjects
-  - ObReferenceObjectByHandle
-  - ZwNotifyChangeKey
-  - PsGetCurrentThreadId
-  - _vsnprintf
-  - MmMapLockedPagesSpecifyCache
-  - MmBuildMdlForNonPagedPool
-  - MmCreateMdl
-  - MmUnmapLockedPages
-  - KeSetPriorityThread
-  - PsTerminateSystemThread
-  - PsCreateSystemThread
-  - KeNumberProcessors
-  - ZwQuerySystemInformation
-  - ZwQueryDirectoryFile
-  - ZwOpenDirectoryObject
-  - ZwQueryDirectoryObject
-  - ZwDuplicateObject
-  - ZwOpenKey
-  - ZwEnumerateKey
-  - ZwEnumerateValueKey
-  - ZwQueryValueKey
-  - ZwDeleteValueKey
-  - ZwDeleteKey
-  - ExGetPreviousMode
-  - ExAcquireFastMutexUnsafe
-  - ObOpenObjectByPointer
-  - PsProcessType
-  - ZwOpenProcess
-  - ZwQueryKey
-  - ZwSetValueKey
-  - IoFreeIrp
-  - IoBuildAsynchronousFsdRequest
-  - ProbeForWrite
-  - _stricmp
-  - RtlImageNtHeader
-  - _strnicmp
-  - RtlQueryRegistryValues
-  - RtlAppendUnicodeToString
-  - KeDelayExecutionThread
-  - mbstowcs
-  - ZwQuerySymbolicLinkObject
-  - ZwOpenSymbolicLinkObject
-  - RtlEqualUnicodeString
-  - IoFileObjectType
-  - IoCreateFile
-  - IofCallDriver
-  - IoAllocateIrp
-  - IoFreeMdl
-  - IoAllocateMdl
-  - PsGetVersion
-  - MmGetSystemRoutineAddress
-  - RtlCompareMemory
-  - RtlCopyUnicodeString
-  - KeBugCheckEx
-  - RtlAppendUnicodeStringToString
-  - IofCompleteRequest
-  - ExEventObjectType
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - IoCreateSymbolicLink
-  - ProbeForRead
-  - IoGetDeviceObjectPointer
-  - ExAllocatePool
-  - RtlUpperChar
-  - RtlCompareUnicodeString
-  - PsLookupProcessByProcessId
-  - strncpy
-  - KeServiceDescriptorTable
-  - NtOpenProcess
-  - ObReferenceObjectByPointer
-  - MmSectionObjectType
-  - ObQueryNameString
-  - ObOpenObjectByName
-  - NtQueryInformationProcess
-  - _snwprintf
-  - RtlAnsiStringToUnicodeString
-  - KeAddSystemServiceTable
-  - ZwQueryObject
-  - ZwQuerySecurityObject
-  - ObInsertObject
-  - _allrem
-  - IoReleaseVpbSpinLock
-  - IoAcquireVpbSpinLock
-  - SeCreateAccessState
-  - IoGetFileObjectGenericMapping
-  - ObCreateObject
-  - KeTickCount
-  - RtlUnwind
-  - ZwSetSecurityObject
-  - IoDeviceObjectType
-  - IoCreateDevice
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetSaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - RtlLengthSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - SeExports
-  - IoIsWdmVersionAvailable
-  - RtlLengthSid
-  - wcschr
-  - RtlAbsoluteToSelfRelativeSD
-  - RtlFreeUnicodeString
-  - ZwTerminateProcess
-  - _purecall
-  - ClassInitialize
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=TW, ST=Taiwan, L=Taipei, O=Trend Micro, Inc., OU=Digital ID Class
-        3 , Microsoft Software Validation v2, OU=RD, CN=Trend Micro, Inc.
-      ValidFrom: '2008-01-16 00:00:00'
-      ValidTo: '2011-02-16 23:59:59'
-      Signature: 5a693868cea6ba49064b801a0d9e12887a37cbb92cca2950cc5e99c2df9aec5697422e67cd042836daf09a09e739f625255841fed1ec9657cb8b3edc08c55c302574cbdb3f7de2798ed769d766402619b48041f9d90f8c904488788412b1c632055e1afc4a5bbac642cb626bd20fece0feaa6cf9b287887788cf64586309a14a644b5f0595c0ddcb7d789831faedb48451e40e342da4ccbc38a5e992e57e7ce5328d531a8c68e61f9dc9be65605c1bedf3358579000b91a19b3be388bac36b58ca76b72358bd8e74e0a7b08b0587bb7a29758c01af40b80e8e72c76abd3a2babfe7c1ed6e7b1cd9b0221a605062b6d9d0ceb57e0eb305fdc5eb5bf6ea442f4c9
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 645212f783f4d7aba3555729e99ce065
-      Version: 3
-      TBS:
-        MD5: e00f0a38c65f7c0b9f19b97448d6a0e3
-        SHA1: 91c033a2f289418c4101654dceacef1b25bb55d0
-        SHA256: 38b3fcbdb734b0e3439f3c9a3c4c1712091f577d2b616d41224137faf7ba7c86
-        SHA384: d3a0e6ebbe1b8a4847fa56fa62a48d76fc223870a66d30de9ce77fe5ff4ac0eeb84644ab4b67a7c4638ce79dec03a62d
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 645212f783f4d7aba3555729e99ce065
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: fd5680b44e33c644adb2a11aaf9c107b
-    SHA1: 797adadf7d576be425cefa156494b0e490b2fc81
-    SHA256: bf0ee0f8675bb1fbe955bd5eedb7f49b38a8af2e99a9f101d826baf830fe6c55
-  Sections:
-    .text:
-      Entropy: 6.6478031768375745
-      Virtual Size: '0x17825'
-    .rdata:
-      Entropy: 4.7004676283988225
-      Virtual Size: '0x1264'
-    .data:
-      Entropy: 3.6386414949123287
-      Virtual Size: '0x1540'
-    PAGE:
-      Entropy: 6.26271001272151
-      Virtual Size: '0x13d3'
-    .edata:
-      Entropy: 5.78968591064354
-      Virtual Size: '0x4127'
-    INIT:
-      Entropy: 5.628599099939535
-      Virtual Size: '0x104c'
-    .rsrc:
-      Entropy: 3.379624116145044
-      Virtual Size: '0x498'
-    .reloc:
-      Entropy: 6.408585235130312
-      Virtual Size: '0x17d2'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2008-10-27 22:11:08'
-  Imphash: beb40a1e9d5c89308d1c56958ddac27d
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: TmComm.sys
-  MD5: 3e4a1384a27013ab7b767a88b8a1bd34
-  SHA1: ae344c123ef6d206235f2a8448d07f86433db5a6
-  SHA256: a903f329b70f0078197cb7683aae1bb432eaf58572fe572f7cb4bc2080042d7e
-  Authentihash:
-    MD5: 32f1d8b0fca32fd72a762cfa58870978
-    SHA1: aef6765d5e4281854562e8e88cc09f5571ab17bc
-    SHA256: 2ffbb534c73106a2879d5a9d4ad3436c8d3ab8ac6aa8b217e26a6492fa1d16d0
-  Description: TrendMicro Common Module
-  Company: Trend Micro Inc.
-  InternalName: TmComm.sys
-  OriginalFilename: TmComm.sys
-  FileVersion: 1.6.0.1052
-  Product: ActiveClean
-  ProductVersion: '1.6'
-  Copyright: Copyright (C) 2005-2007 Trend Micro Incorporated. All rights reserved.
-  MachineType: I386
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions:
-  - ??0CAutoUpdateConfigThread@@QAE@ABV0@@Z
-  - ??0CAutoUpdateConfigThread@@QAE@PAU_UNICODE_STRING@@P6GX0PAX@Z1@Z
-  - ??0CContext@@QAE@ABV0@@Z
-  - ??0CContext@@QAE@KP6GXPAU_TMCE_EVENT_REPORT@@PAX@Z1@Z
-  - ??0CContextList@@QAE@ABV0@@Z
-  - ??0CContextList@@QAE@KPAVIMemoryAllocator@@@Z
-  - ??0CDebugLog@@QAE@ABV0@@Z
-  - ??0CDebugLog@@QAE@PBG@Z
-  - ??0CFile@@QAE@ABV0@@Z
-  - ??0CFile@@QAE@E@Z
-  - ??0CFileExtension@@QAE@ABV0@@Z
-  - ??0CFileExtension@@QAE@KEEPAVIMemoryAllocator@@@Z
-  - ??0CKEvent@@QAE@ABV0@@Z
-  - ??0CKEvent@@QAE@W4_EVENT_TYPE@@E@Z
-  - ??0CList@@QAE@ABV0@@Z
-  - ??0CList@@QAE@KPAVIMemoryAllocator@@@Z
-  - ??0CLockEvent@@QAE@ABV0@@Z
-  - ??0CLockEvent@@QAE@XZ
-  - ??0CLockList@@QAE@ABV0@@Z
-  - ??0CLockList@@QAE@KKPAVIMemoryAllocator@@@Z
-  - ??0CMemoryAllocator@@IAE@W4_POOL_TYPE@@K@Z
-  - ??0CMemoryAllocator@@QAE@ABV0@@Z
-  - ??0CMemoryPoolAllocator@@IAE@W4_POOL_TYPE@@KKK@Z
-  - ??0CMemoryPoolAllocator@@QAE@ABV0@@Z
-  - ??0CModuleConfig@@QAE@ABV0@@Z
-  - ??0CModuleConfig@@QAE@XZ
-  - ??0CModuleConfigList@@QAE@ABV0@@Z
-  - ??0CModuleConfigList@@QAE@KPAVIMemoryAllocator@@@Z
-  - ??0CModuleFileExtConfig@@QAE@ABV0@@Z
-  - ??0CModuleFileExtConfig@@QAE@K@Z
-  - ??0CModuleFlagConfig@@QAE@ABV0@@Z
-  - ??0CModuleFlagConfig@@QAE@K@Z
-  - ??0CModuleMultiStringConfig@@QAE@ABV0@@Z
-  - ??0CModuleMultiStringConfig@@QAE@K@Z
-  - ??0CModuleStringConfig@@QAE@ABV0@@Z
-  - ??0CModuleStringConfig@@QAE@K@Z
-  - ??0CSmartLock@@QAE@AAVCLockEvent@@@Z
-  - ??0CSmartLock@@QAE@XZ
-  - ??0CSmartReference@@QAE@AAJ@Z
-  - ??0CSmartReference@@QAE@AAK@Z
-  - ??0CStrList@@QAE@ABV0@@Z
-  - ??0CStrList@@QAE@KPAVIMemoryAllocator@@@Z
-  - ??0CSystemThread@@QAE@ABV0@@Z
-  - ??0CSystemThread@@QAE@K@Z
-  - ??0CUserFuncAdapterJob@@QAE@ABV0@@Z
-  - ??0CUserFuncAdapterJob@@QAE@P6GXPAX@Z0@Z
-  - ??0CWorkerThread@@IAE@PAVCWorkerThreadJobQueue@@@Z
-  - ??0CWorkerThread@@QAE@ABV0@@Z
-  - ??0CWorkerThreadJob@@QAE@ABV0@@Z
-  - ??0CWorkerThreadJob@@QAE@E@Z
-  - ??0CWorkerThreadJobQueue@@QAE@ABV0@@Z
-  - ??0CWorkerThreadJobQueue@@QAE@K@Z
-  - ??0CWorkerThreadPool@@QAE@ABV0@@Z
-  - ??0CWorkerThreadPool@@QAE@K@Z
-  - ??0IMemoryAllocator@@QAE@ABV0@@Z
-  - ??0IMemoryAllocator@@QAE@XZ
-  - ??1CAutoUpdateConfigThread@@UAE@XZ
-  - ??1CContext@@UAE@XZ
-  - ??1CContextList@@UAE@XZ
-  - ??1CDebugLog@@UAE@XZ
-  - ??1CFile@@UAE@XZ
-  - ??1CFileExtension@@UAE@XZ
-  - ??1CKEvent@@UAE@XZ
-  - ??1CList@@UAE@XZ
-  - ??1CLockEvent@@UAE@XZ
-  - ??1CLockList@@UAE@XZ
-  - ??1CMemoryAllocator@@UAE@XZ
-  - ??1CMemoryPoolAllocator@@UAE@XZ
-  - ??1CModuleConfig@@UAE@XZ
-  - ??1CModuleConfigList@@UAE@XZ
-  - ??1CModuleFileExtConfig@@UAE@XZ
-  - ??1CModuleFlagConfig@@UAE@XZ
-  - ??1CModuleMultiStringConfig@@UAE@XZ
-  - ??1CModuleStringConfig@@UAE@XZ
-  - ??1CSmartLock@@QAE@XZ
-  - ??1CSmartReference@@QAE@XZ
-  - ??1CStrList@@UAE@XZ
-  - ??1CSystemThread@@UAE@XZ
-  - ??1CUserFuncAdapterJob@@UAE@XZ
-  - ??1CWorkerThread@@UAE@XZ
-  - ??1CWorkerThreadJob@@UAE@XZ
-  - ??1CWorkerThreadJobQueue@@UAE@XZ
-  - ??1CWorkerThreadPool@@UAE@XZ
-  - ??1IMemoryAllocator@@UAE@XZ
-  - ??2@YAPAXIPAVIMemoryAllocator@@PBDK@Z
-  - ??2CMemoryAllocator@@SGPAXI@Z
-  - ??2CMemoryPoolAllocator@@SGPAXI@Z
-  - ??3@YAXPAX@Z
-  - ??3IMemoryAllocator@@SGXPAX@Z
-  - ??4CAutoUpdateConfigThread@@QAEAAV0@ABV0@@Z
-  - ??4CContext@@QAEAAV0@ABV0@@Z
-  - ??4CDebugLog@@QAEAAV0@ABV0@@Z
-  - ??4CFile@@QAEAAV0@ABV0@@Z
-  - ??4CKEvent@@QAEAAV0@ABV0@@Z
-  - ??4CLockEvent@@QAEAAV0@ABV0@@Z
-  - ??4CMemoryAllocator@@QAEAAV0@ABV0@@Z
-  - ??4CMemoryPoolAllocator@@QAEAAV0@ABV0@@Z
-  - ??4CModuleConfig@@QAEAAV0@ABV0@@Z
-  - ??4CModuleFlagConfig@@QAEAAV0@ABV0@@Z
-  - ??4CModuleStringConfig@@QAEAAV0@ABV0@@Z
-  - ??4CSmartLock@@QAEAAV0@ABV0@@Z
-  - ??4CSmartLock@@QAEABV0@AAVCLockEvent@@@Z
-  - ??4CSystemThread@@QAEAAV0@ABV0@@Z
-  - ??4CUserFuncAdapterJob@@QAEAAV0@ABV0@@Z
-  - ??4CWorkerThread@@QAEAAV0@ABV0@@Z
-  - ??4CWorkerThreadJob@@QAEAAV0@ABV0@@Z
-  - ??4IMemoryAllocator@@QAEAAV0@ABV0@@Z
-  - ??_7CAutoUpdateConfigThread@@6B@
-  - ??_7CContext@@6B@
-  - ??_7CContextList@@6B@
-  - ??_7CDebugLog@@6B@
-  - ??_7CFile@@6B@
-  - ??_7CFileExtension@@6B@
-  - ??_7CKEvent@@6B@
-  - ??_7CList@@6B@
-  - ??_7CLockEvent@@6B@
-  - ??_7CLockList@@6B@
-  - ??_7CMemoryAllocator@@6B@
-  - ??_7CMemoryPoolAllocator@@6B@
-  - ??_7CModuleConfig@@6B@
-  - ??_7CModuleConfigList@@6B@
-  - ??_7CModuleFileExtConfig@@6B@
-  - ??_7CModuleFlagConfig@@6B@
-  - ??_7CModuleMultiStringConfig@@6B@
-  - ??_7CModuleStringConfig@@6B@
-  - ??_7CStrList@@6B@
-  - ??_7CSystemThread@@6B@
-  - ??_7CUserFuncAdapterJob@@6B@
-  - ??_7CWorkerThread@@6B@
-  - ??_7CWorkerThreadJob@@6B@
-  - ??_7CWorkerThreadJobQueue@@6B@
-  - ??_7CWorkerThreadPool@@6B@
-  - ??_7IMemoryAllocator@@6B@
-  - ??_FCContextList@@QAEXXZ
-  - ??_FCFile@@QAEXXZ
-  - ??_FCFileExtension@@QAEXXZ
-  - ??_FCModuleConfigList@@QAEXXZ
-  - ??_FCStrList@@QAEXXZ
-  - ??_FCSystemThread@@QAEXXZ
-  - ??_FCWorkerThread@@QAEXXZ
-  - ??_FCWorkerThreadJob@@QAEXXZ
-  - ??_FCWorkerThreadJobQueue@@QAEXXZ
-  - ??_U@YAPAXIPAVIMemoryAllocator@@PBDK@Z
-  - ??_V@YAXPAX@Z
-  - ?Acquire@CLockEvent@@QAEXXZ
-  - ?Add@CContextList@@QAEEPAVCContext@@@Z
-  - ?Add@CFileExtension@@QAEEPBGK@Z
-  - ?Add@CModuleConfigList@@QAEEPAVCModuleConfig@@@Z
-  - ?Add@CStrList@@QAEEPBG@Z
-  - ?Alloc@CMemoryAllocator@@UAEPAXKPBDK@Z
-  - ?Alloc@CMemoryPoolAllocator@@UAEPAXKPBDK@Z
-  - ?AllocBlock@CMemoryPoolAllocator@@IAEPAXK@Z
-  - ?AttachJobQueue@CWorkerThread@@QAEXPAVCWorkerThreadJobQueue@@@Z
-  - ?Cancel@CWorkerThreadJob@@QAEXXZ
-  - ?CleanQueue@CWorkerThreadJobQueue@@QAEXXZ
-  - ?Cleanup@CModuleFileExtConfig@@AAEXXZ
-  - ?Cleanup@CModuleMultiStringConfig@@AAEXXZ
-  - ?Cleanup@CModuleStringConfig@@AAEXXZ
-  - ?Close@CFile@@QAEJXZ
-  - ?Count@CLockList@@QAEKXZ
-  - ?Create@CFile@@QAEJPBGKKKK@Z
-  - ?Create@CSystemThread@@QAEEXZ
-  - ?CreateInstance@CMemoryAllocator@@SGPAV1@W4_POOL_TYPE@@K@Z
-  - ?CreateInstance@CMemoryPoolAllocator@@SGPAV1@W4_POOL_TYPE@@KKK@Z
-  - ?CreatePool@CWorkerThreadPool@@QAEEXZ
-  - ?CreateThreads@CWorkerThreadPool@@QAEEK@Z
-  - ?Delete@CFile@@QAEJXZ
-  - ?Delete@CFileExtension@@QAEEPBGK@Z
-  - ?Delete@CStrList@@QAEEPBG@Z
-  - ?DeleteAll@CList@@UAEXXZ
-  - ?DeleteAll@CLockList@@UAEXXZ
-  - ?DeleteNode@CContextList@@MAEXPAX@Z
-  - ?DeleteNode@CList@@UAEXPAX@Z
-  - ?DeleteNode@CModuleConfigList@@MAEXPAX@Z
-  - ?DeleteNode@CStrList@@EAEXPAU_STR_LIST_NODE@1@@Z
-  - ?DoIt@CWorkerThreadJob@@QAEJXZ
-  - ?EntryPoint@CSystemThread@@KGXPAX@Z
-  - ?Find@CContextList@@QAEPAVCContext@@K@Z
-  - ?Find@CContextList@@QAEPAVCContext@@PAX@Z
-  - ?Find@CFileExtension@@QAEPAU_STR_LIST_NODE@CStrList@@PBGK@Z
-  - ?Find@CModuleConfigList@@QAEPAVCModuleConfig@@K@Z
-  - ?Find@CStrList@@QAEPAU_STR_LIST_NODE@1@PBG@Z
-  - ?FindNode@CContextList@@IAEPAXPAX@Z
-  - ?FindPartiallyAndAllMatch@CStrList@@QAEPAU_STR_LIST_NODE@1@PBG@Z
-  - ?First@CList@@UAEPAXXZ
-  - ?First@CLockList@@UAEPAXXZ
-  - ?Free@CMemoryAllocator@@UAEXPAX@Z
-  - ?Free@CMemoryPoolAllocator@@UAEXPAX@Z
-  - ?GetAttributes@CFile@@QAEKXZ
-  - ?GetBasicInfomration@CFile@@IAEJXZ
-  - ?GetCategory@CContext@@QAEKXZ
-  - ?GetCatetory@CModuleConfig@@QAEKXZ
-  - ?GetData@CModuleFileExtConfig@@QAEHPAGPAK@Z
-  - ?GetData@CModuleFileExtConfig@@QAEPAVCFileExtension@@XZ
-  - ?GetData@CModuleFlagConfig@@QAEKXZ
-  - ?GetData@CModuleMultiStringConfig@@QAEHPAGPAK@Z
-  - ?GetData@CModuleMultiStringConfig@@QAEPAVCStrList@@XZ
-  - ?GetData@CModuleStringConfig@@QAEPAGXZ
-  - ?GetData@CStrList@@QAEEPAGPAK@Z
-  - ?GetFileExtensionConfig@CContext@@QAEPAVCFileExtension@@K@Z
-  - ?GetFileExtensionConfig@CContext@@UAEHKPAGPAK@Z
-  - ?GetFileSize@CFile@@QAEJPAT_LARGE_INTEGER@@@Z
-  - ?GetFlagConfig@CContext@@UAEHKPAK@Z
-  - ?GetID@CModuleConfig@@QAEKXZ
-  - ?GetJob@CWorkerThreadJobQueue@@QAEPAVCWorkerThreadJob@@XZ
-  - ?GetLength@CModuleStringConfig@@QAEKXZ
-  - ?GetLinkContext@CContext@@QAEPAXXZ
-  - ?GetLogFlag@CDebugLog@@QAEKXZ
-  - ?GetMultiStringConfig@CContext@@QAEPAVCStrList@@K@Z
-  - ?GetMultiStringConfig@CContext@@UAEHKPAGPAK@Z
-  - ?GetOneThreadTEB@CWorkerThreadPool@@QAEPAU_ETHREAD@@XZ
-  - ?GetReportCallBackRoutine@CContext@@QAEKXZ
-  - ?GetStringConfig@CContext@@QAEPAGK@Z
-  - ?GetStringConfig@CContext@@UAEHKPAGPAK@Z
-  - ?GetThreadCount@CWorkerThreadPool@@QAEKXZ
-  - ?GetThreadID@CSystemThread@@QAEKXZ
-  - ?GetType@CContext@@QAEKXZ
-  - ?GetType@CModuleConfig@@QAEKXZ
-  - ?GetUserParameter@CContext@@QAEKXZ
-  - ?InitializeFileExtensionConfig@CContext@@QAEHKPBG@Z
-  - ?InitializeFlagConfig@CContext@@QAEHKK@Z
-  - ?InitializeMultiStringConfig@CContext@@QAEHKPBG@Z
-  - ?InitializeStringConfig@CContext@@QAEHKPBG@Z
-  - ?Insert@CList@@UAEXQAXE@Z
-  - ?Insert@CLockList@@UAEXQAXE@Z
-  - ?InsertAfter@CList@@UAEXPAX0@Z
-  - ?InsertBefore@CList@@UAEXPAX0@Z
-  - ?Instance@CWorkerThreadPool@@SGPAV1@XZ
-  - ?IsEmpty@CList@@UAEEXZ
-  - ?IsEmpty@CLockList@@UAEEXZ
-  - ?IsExceedLimitation@CMemoryPoolAllocator@@IAEEK@Z
-  - ?IsFull@CLockList@@QBEEXZ
-  - ?IsOpened@CFile@@QAEEXZ
-  - ?IsTerminated@CWorkerThreadPool@@QAEEXZ
-  - ?IsValid@CMemoryAllocator@@UAEEXZ
-  - ?IsValid@CMemoryPoolAllocator@@UAEEXZ
-  - ?IsValid@IMemoryAllocator@@UAEEXZ
-  - ?IsWorkerThread@CWorkerThreadPool@@QAEEK@Z
-  - ?JobFunction@CUserFuncAdapterJob@@MAEXXZ
-  - ?JobQueue@CWorkerThreadPool@@QAEAAVCWorkerThreadJobQueue@@XZ
-  - ?Limit@CLockList@@QAEKXZ
-  - ?MatchAllExtensions@CFileExtension@@QAEEXZ
-  - ?MatchNoExtensions@CFileExtension@@QAEEXZ
-  - ?MergeLeft@CMemoryPoolAllocator@@IAEPAXPAX@Z
-  - ?MergeRight@CMemoryPoolAllocator@@IAEPAXPAX@Z
-  - ?NeedDelete@CWorkerThreadJob@@QAEEXZ
-  - ?NeedDeleteWhenFinish@CWorkerThreadJob@@QAEXE@Z
-  - ?NewNode@CList@@UAEPAXXZ
-  - ?NewNode@CStrList@@EAEPAXXZ
-  - ?NewNodeVariant@CList@@IAEPAXK@Z
-  - ?Next@CList@@UBEPAXQAX@Z
-  - ?Next@CLockList@@UBEPAXQAX@Z
-  - ?NextPool@CMemoryPoolAllocator@@QAEPAV1@XZ
-  - ?NotityTerminate@CWorkerThread@@QAEXXZ
-  - ?PostJobToWorkerThread@CWorkerThreadPool@@QAEJP6GXPAX@Z0E@Z
-  - ?Pulse@CKEvent@@QAEJJE@Z
-  - ?QueueJob@CWorkerThreadJobQueue@@QAEEPAVCWorkerThreadJob@@@Z
-  - ?QueueJobItem@CWorkerThreadPool@@QAEJPAVCWorkerThreadJob@@@Z
-  - ?Read@CFile@@QAEJPADKPAK@Z
-  - ?ReferenceCount@CContext@@QAEAAKXZ
-  - ?Release@CLockEvent@@QAEXXZ
-  - ?Remove@CContextList@@UAEEQAX@Z
-  - ?Remove@CList@@UAEEQAX@Z
-  - ?Remove@CLockList@@UAEEQAX@Z
-  - ?RemoveHead@CList@@UAEPAXXZ
-  - ?RemoveHead@CLockList@@UAEPAXXZ
-  - ?RemoveTail@CList@@UAEPAXXZ
-  - ?RemoveTail@CLockList@@UAEPAXXZ
-  - ?Reset@CKEvent@@QAEXXZ
-  - ?Run@CAutoUpdateConfigThread@@UAEXXZ
-  - ?Run@CWorkerThread@@UAEXXZ
-  - ?SeekToEnd@CFile@@QAEJXZ
-  - ?Set@CKEvent@@QAEJJE@Z
-  - ?SetAttributes@CFile@@QAEJK@Z
-  - ?SetData@CModuleFileExtConfig@@QAEHPBG@Z
-  - ?SetData@CModuleFlagConfig@@QAEHK@Z
-  - ?SetData@CModuleMultiStringConfig@@QAEHPBG@Z
-  - ?SetData@CModuleStringConfig@@QAEHPBG@Z
-  - ?SetFileExtensionConfig@CContext@@UAEHKPBG@Z
-  - ?SetFlagConfig@CContext@@UAEHKK@Z
-  - ?SetLinkContext@CContext@@QAEXPAX@Z
-  - ?SetLogFlag@CDebugLog@@QAEEK@Z
-  - ?SetMatchAllExtensions@CFileExtension@@QAEXE@Z
-  - ?SetMatchNoExtensions@CFileExtension@@QAEXE@Z
-  - ?SetMultiStringConfig@CContext@@UAEHKPBG@Z
-  - ?SetNewJobItemEvent@CWorkerThreadJobQueue@@QAEXXZ
-  - ?SetPriority@CSystemThread@@QAEXK@Z
-  - ?SetStopUse@CContext@@QAEXXZ
-  - ?SetStringConfig@CContext@@UAEHKPBG@Z
-  - ?Setup@CSystemThread@@MAEXXZ
-  - ?StopUse@CContext@@QAEHXZ
-  - ?TearDown@CSystemThread@@MAEXXZ
-  - ?Terminate@CSystemThread@@QAEXE@Z
-  - ?Terminate@CWorkerThreadPool@@QAEEXZ
-  - ?TmExceptionFilter@@YGJPAU_EXCEPTION_POINTERS@@@Z
-  - ?Wait@CKEvent@@QAEJPAT_LARGE_INTEGER@@E@Z
-  - ?WaitFinish@CWorkerThreadJob@@QAEXXZ
-  - ?WaitNewJobAvailable@CWorkerThreadJobQueue@@QAEEXZ
-  - ?Write@CDebugLog@@QAAXPBDZZ
-  - ?Write@CFile@@QAEJPADKPAT_LARGE_INTEGER@@PAK@Z
-  - ?WriteSystemInformation@CDebugLog@@QAEXXZ
-  - ?WriteSystemStringInformation@CDebugLog@@IAEXPBG@Z
-  - ?WriteToFile@CDebugLog@@IAEXPADK@Z
-  - ?_pNonPagedAllocator@@3PAVCMemoryAllocator@@A
-  - ?_pPagedAllocator@@3PAVCMemoryAllocator@@A
-  - ?m_lpInstance@CWorkerThreadPool@@1PAV1@A
-  - _GetModuleInfoByAddress@8
-  - _GetModuleInfoByModuleName@8
-  - _MapMem@12
-  - _ModGetExportProcAddress@8
-  - _ModLoadDLLToBuffer@4
-  - _ModLoadModule@8
-  - _ModUnLoadModule@4
-  - _TmCommConfigRoutine@4
-  - _UnMapMem@8
-  - _UtilGetProcessName@8
-  - _UtilGetSystemTime@4
-  - _UtilIoSetFileInfo@24
-  - _UtilIopCreateFileIRP@40
-  - _UtilKeGetLowFileDevice@16
-  - _UtilQueryKeyValue@24
-  - _UtilVolumeDeviceToDosName@8
-  - _UtilWaitValueChangeToZero@8
-  - _UtilWriteVersionToRegistry@8
-  ImportedFunctions:
-  - KeInitializeEvent
-  - _purecall
-  - ExAcquireFastMutexUnsafe
-  - KeEnterCriticalRegion
-  - KeGetCurrentThread
-  - KeLeaveCriticalRegion
-  - ExReleaseFastMutexUnsafe
-  - wcsncpy
-  - KeSetEvent
-  - KePulseEvent
-  - KeClearEvent
-  - IofCompleteRequest
-  - ZwClose
-  - KeDelayExecutionThread
-  - ObfDereferenceObject
-  - ObReferenceObjectByHandle
-  - ExEventObjectType
-  - ZwCreateEvent
-  - RtlInitUnicodeString
-  - swprintf
-  - KeQuerySystemTime
-  - KeWaitForSingleObject
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - IoCreateSymbolicLink
-  - RtlCopyUnicodeString
-  - ProbeForWrite
-  - ProbeForRead
-  - ExGetPreviousMode
-  - DbgPrint
-  - memset
-  - MmIsAddressValid
-  - ZwWriteFile
-  - ZwReadFile
-  - ZwQueryInformationFile
-  - ZwSetInformationFile
-  - ZwCreateFile
-  - towupper
-  - _wcsnicmp
-  - memcpy
-  - sprintf
-  - PsGetCurrentProcessId
-  - IoGetCurrentProcess
-  - RtlTimeToTimeFields
-  - ExSystemTimeToLocalTime
-  - ZwCreateKey
-  - KeWaitForMultipleObjects
-  - ZwNotifyChangeKey
-  - PsGetCurrentThreadId
-  - vsprintf
-  - MmMapLockedPagesSpecifyCache
-  - MmBuildMdlForNonPagedPool
-  - MmCreateMdl
-  - ExFreePoolWithTag
-  - MmUnmapLockedPages
-  - ExAllocatePoolWithTag
-  - RtlImageNtHeader
-  - mbstowcs
-  - _stricmp
-  - ZwQuerySystemInformation
-  - IoGetDeviceObjectPointer
-  - KeServiceDescriptorTable
-  - KeSetPriorityThread
-  - PsTerminateSystemThread
-  - PsCreateSystemThread
-  - KeNumberProcessors
-  - ZwQueryDirectoryFile
-  - ZwOpenDirectoryObject
-  - ZwQueryDirectoryObject
-  - ZwDuplicateObject
-  - ZwOpenKey
-  - ZwEnumerateKey
-  - ZwEnumerateValueKey
-  - ZwQueryValueKey
-  - ZwDeleteValueKey
-  - ZwDeleteKey
-  - ZwQueryKey
-  - ZwSetValueKey
-  - ZwQuerySecurityObject
-  - ObInsertObject
-  - IoFileObjectType
-  - _allrem
-  - PsLookupProcessByProcessId
-  - strncpy
-  - NtOpenProcess
-  - ObOpenObjectByPointer
-  - PsProcessType
-  - ObReferenceObjectByPointer
-  - KeUnstackDetachProcess
-  - MmSectionObjectType
-  - KeStackAttachProcess
-  - ObQueryNameString
-  - ObOpenObjectByName
-  - RtlAppendUnicodeStringToString
-  - NtQueryInformationProcess
-  - RtlAnsiStringToUnicodeString
-  - _strnicmp
-  - RtlQueryRegistryValues
-  - RtlAppendUnicodeToString
-  - ZwQuerySymbolicLinkObject
-  - ZwOpenSymbolicLinkObject
-  - RtlEqualUnicodeString
-  - IoCreateFile
-  - IoFreeIrp
-  - IoReleaseVpbSpinLock
-  - IoAcquireVpbSpinLock
-  - IofCallDriver
-  - SeCreateAccessState
-  - IoGetFileObjectGenericMapping
-  - ObCreateObject
-  - IoAllocateIrp
-  - IoFreeMdl
-  - IoAllocateMdl
-  - PsGetVersion
-  - MmGetSystemRoutineAddress
-  - KeTickCount
-  - KeBugCheckEx
-  - ZwSetSecurityObject
-  - IoDeviceObjectType
-  - IoCreateDevice
-  - RtlUnwind
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetSaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - _snwprintf
-  - RtlLengthSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - SeExports
-  - IoIsWdmVersionAvailable
-  - RtlAddAccessAllowedAce
-  - RtlLengthSid
-  - wcschr
-  - RtlAbsoluteToSelfRelativeSD
-  - RtlSetDaclSecurityDescriptor
-  - RtlCreateSecurityDescriptor
-  - RtlFreeUnicodeString
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2008-12-03 23:59:59'
-      Signature: 877870da4e5201205be079c98230c4fdb91996bd9100c3bdcdcdc6f40ed8fff94dc033623011c5f5741bd492de5f9c2013b17c45be50cd83e7801783a72793671346fbcab8984103cc9b515b058b7fa86ff31b501b242ef2698d6c22f7bbca1695ed0c74c06877d9eb996287c17390f889747a23aba3987b97b1f78f29714d2e751b4841daf0b50d2054d677a097826369fd09cf8af075bb099bd9f91155269a6132be7a02b07b86bea2c38b222c78d13576bc92735cf9b9e64c150a23cce4d2d4342e4940153c0f607a24c6a566ef96cf70eb3ee7f40d7edcd17ca3767169c19c4f47303521b1a2af1a623c2bd98eaa2a077bd818b35c7be29da56ffe3c89ad
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0de92bf0d4d82988183205095e9a7688
-      Version: 3
-      TBS:
-        MD5: 45c204b8a20f6abb0188d2d38a3fb0c9
-        SHA1: cdf3a3c5c2eda4c29621f30fd3154f9f8c765739
-        SHA256: e32839dddc0f4ed2474efaf37f59d46db400c700fd19533cb0895a111124bc77
-        SHA384: ee9c75832cb252218b3201619852209df490d2ef7a5f7a28afdb37f1c1dd56f4604898838e558f615b1c798d4a488223
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=TW, ST=Taiwan, L=Taipei, O=Trend Micro, Inc., OU=Digital ID Class
-        3 , Microsoft Software Validation v2, OU=RD, CN=Trend Micro, Inc.
-      ValidFrom: '2006-01-20 00:00:00'
-      ValidTo: '2007-02-14 23:59:59'
-      Signature: 1cac25cad86c51f4576b3418ffcb10db11a2c24511d265ae343a6ea1cbd451223028151c63d1d75b95464083978c405a14fba8d2a2832c631a4c627cba1c9a2e957c381e24aa49cde6d45788e3ad48f0525db52080a83c55fb558cab104f1a3f9fd24fd3b2875132c02e709bd81cb750bc0f498267b1c28f9187eb63f7ac8217947b0275175dab5b8b6b57f8f785e38a38e851a0ec096eab530b219e9e9c5c2460ac97d5977cc90ab4cd9fcfd02b79b4099f099fb81910c680ff181f6c9baaf33fb128b18ee7939f45e537191e2f202fc358aed24b37a0d669a024cdb8630c99390e248e2907c25e5c9ca75008e0f915cfd5388cc889e6335e85de06a5e7fe97
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 681ce312057f03f206153b679ec06cb9
-      Version: 3
-      TBS:
-        MD5: 190c4a172b309e1a6c672bef0dc442a3
-        SHA1: 0ef8720411ec5275234f4db0aedb0415bf63a45f
-        SHA256: dc9eb159ce2b994bb915ae48f8c38d16a54e1db0cc158ec9b0ff71041a1c73eb
-        SHA384: ac482274816fcb062d883896039ae2659f67612cd4b9aa289ccbc28d949b0c16f6622f03aae1fbcdc4b9aeff216f40b7
-    Signer:
-    - SerialNumber: 681ce312057f03f206153b679ec06cb9
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: ff2bc468594df99870a9307d5333053d
-    SHA1: 9f3851edc3496cf5959366adf6f791fc32b797bb
-    SHA256: 6086e316a4760ea6d1f73fa8682dd0c2a3111dca50bc01d10e7fd3ec249ec8c8
-  Sections:
-    .text:
-      Entropy: 6.563438799635112
-      Virtual Size: '0xecd3'
-    .rdata:
-      Entropy: 4.708176627227074
-      Virtual Size: '0xf14'
-    .data:
-      Entropy: 2.3615129599002604
-      Virtual Size: '0xa08'
-    PAGE:
-      Entropy: 6.251571950480721
-      Virtual Size: '0x13ac'
-    .edata:
-      Entropy: 5.713739669407665
-      Virtual Size: '0x378d'
-    INIT:
-      Entropy: 5.5819159173403365
-      Virtual Size: '0xdd6'
-    .rsrc:
-      Entropy: 3.3891505677436533
-      Virtual Size: '0x4a0'
-    .reloc:
-      Entropy: 6.309665717791699
-      Virtual Size: '0x1002'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2007-01-24 02:45:21'
-  Imphash: 5713a0c2b363c49706fa0e60151511a8
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: TmComm.sys
-  MD5: f65e545771fd922693f0ec68b2141012
-  SHA1: 850f15fd67d9177a50f3efef07a805b9613f50d6
-  SHA256: adc10de960f40fa9f6e28449748250fa9ddfd331115b77a79809a50c606753ee
-  Authentihash:
-    MD5: 18831ebdbd1eb06f09fe812e958dd2e0
-    SHA1: 5d39543a15234f7d472d5d9132bd0d0faa7cdcd3
-    SHA256: c264c3d71a57a5dff031d74bd2f6ef715eff603cc8078df123e862603e096be4
-  Description: TrendMicro Common Module
-  Company: Trend Micro Inc.
-  InternalName: TmComm.sys
-  OriginalFilename: TmComm.sys
-  FileVersion: 2.2.0.1016
-  Product: AEGIS
-  ProductVersion: '2.2'
-  Copyright: Copyright (C) 2005-2008 Trend Micro Incorporated. All rights reserved.
-  MachineType: I386
-  Imports:
-  - ntoskrnl.exe
-  - CLASSPNP.SYS
-  ExportedFunctions:
-  - ??0CAutoUpdateConfigThread@@QAE@ABV0@@Z
-  - ??0CAutoUpdateConfigThread@@QAE@PAU_UNICODE_STRING@@P6GX0PAX@Z1@Z
-  - ??0CBlobConfig@@QAE@ABV0@@Z
-  - ??0CBlobConfig@@QAE@K@Z
-  - ??0CContext@@QAE@ABV0@@Z
-  - ??0CContext@@QAE@KP6GJPAU_EVENT_REPORT@@PAXPAU_TMCE_REPORT@@PAU_TMCE_FEEDBACK@@@Z1K@Z
-  - ??0CContextList@@QAE@ABV0@@Z
-  - ??0CContextList@@QAE@KPAVIMemoryAllocator@@@Z
-  - ??0CDebugLog@@QAE@ABV0@@Z
-  - ??0CDebugLog@@QAE@PBG@Z
-  - ??0CExclusionExtConfig@@QAE@ABV0@@Z
-  - ??0CExclusionExtConfig@@QAE@KKE@Z
-  - ??0CExclusionFileNameConfig@@QAE@ABV0@@Z
-  - ??0CExclusionFileNameConfig@@QAE@KK@Z
-  - ??0CExclusionFilePathConfig@@QAE@ABV0@@Z
-  - ??0CExclusionFilePathConfig@@QAE@KK@Z
-  - ??0CExclusionFolderConfig@@QAE@ABV0@@Z
-  - ??0CExclusionFolderConfig@@QAE@KK@Z
-  - ??0CExclusionRegistryConfig@@QAE@ABV0@@Z
-  - ??0CExclusionRegistryConfig@@QAE@KK@Z
-  - ??0CFile@@QAE@ABV0@@Z
-  - ??0CFile@@QAE@E@Z
-  - ??0CFileExtension@@QAE@ABV0@@Z
-  - ??0CFileExtension@@QAE@KEEPAVIMemoryAllocator@@@Z
-  - ??0CKEvent@@QAE@ABV0@@Z
-  - ??0CKEvent@@QAE@W4_EVENT_TYPE@@E@Z
-  - ??0CList@@QAE@ABV0@@Z
-  - ??0CList@@QAE@KPAVIMemoryAllocator@@@Z
-  - ??0CLockEvent@@QAE@ABV0@@Z
-  - ??0CLockEvent@@QAE@XZ
-  - ??0CLockList@@QAE@ABV0@@Z
-  - ??0CLockList@@QAE@KKPAVIMemoryAllocator@@@Z
-  - ??0CMemoryAllocator@@IAE@W4_POOL_TYPE@@K@Z
-  - ??0CMemoryAllocator@@QAE@ABV0@@Z
-  - ??0CMemoryPoolAllocator@@IAE@W4_POOL_TYPE@@KKK@Z
-  - ??0CMemoryPoolAllocator@@QAE@ABV0@@Z
-  - ??0CModuleConfig@@QAE@ABV0@@Z
-  - ??0CModuleConfig@@QAE@XZ
-  - ??0CModuleConfigList@@QAE@ABV0@@Z
-  - ??0CModuleConfigList@@QAE@KPAVIMemoryAllocator@@@Z
-  - ??0CModuleFileExtConfig@@QAE@ABV0@@Z
-  - ??0CModuleFileExtConfig@@QAE@KKE@Z
-  - ??0CModuleFlagConfig@@QAE@ABV0@@Z
-  - ??0CModuleFlagConfig@@QAE@K@Z
-  - ??0CModuleMultiStringConfig@@QAE@ABV0@@Z
-  - ??0CModuleMultiStringConfig@@QAE@KK@Z
-  - ??0CModuleStringConfig@@QAE@ABV0@@Z
-  - ??0CModuleStringConfig@@QAE@K@Z
-  - ??0CSmartLock@@QAE@AAVCLockEvent@@@Z
-  - ??0CSmartLock@@QAE@XZ
-  - ??0CSmartReference@@QAE@AAJ@Z
-  - ??0CSmartReference@@QAE@AAK@Z
-  - ??0CStrList@@QAE@ABV0@@Z
-  - ??0CStrList@@QAE@KPAVIMemoryAllocator@@@Z
-  - ??0CSystemThread@@QAE@ABV0@@Z
-  - ??0CSystemThread@@QAE@K@Z
-  - ??0CUserFuncAdapterJob@@QAE@ABV0@@Z
-  - ??0CUserFuncAdapterJob@@QAE@P6GXPAX@Z0@Z
-  - ??0CWorkerThread@@IAE@PAVCWorkerThreadJobQueue@@@Z
-  - ??0CWorkerThread@@QAE@ABV0@@Z
-  - ??0CWorkerThreadJob@@QAE@ABV0@@Z
-  - ??0CWorkerThreadJob@@QAE@E@Z
-  - ??0CWorkerThreadJobQueue@@QAE@ABV0@@Z
-  - ??0CWorkerThreadJobQueue@@QAE@K@Z
-  - ??0CWorkerThreadPool@@QAE@ABV0@@Z
-  - ??0CWorkerThreadPool@@QAE@K@Z
-  - ??0IMemoryAllocator@@QAE@ABV0@@Z
-  - ??0IMemoryAllocator@@QAE@XZ
-  - ??1CAutoUpdateConfigThread@@UAE@XZ
-  - ??1CBlobConfig@@UAE@XZ
-  - ??1CContext@@UAE@XZ
-  - ??1CContextList@@UAE@XZ
-  - ??1CDebugLog@@UAE@XZ
-  - ??1CExclusionExtConfig@@UAE@XZ
-  - ??1CExclusionFileNameConfig@@UAE@XZ
-  - ??1CExclusionFilePathConfig@@UAE@XZ
-  - ??1CExclusionFolderConfig@@UAE@XZ
-  - ??1CExclusionRegistryConfig@@UAE@XZ
-  - ??1CFile@@UAE@XZ
-  - ??1CFileExtension@@UAE@XZ
-  - ??1CKEvent@@UAE@XZ
-  - ??1CList@@UAE@XZ
-  - ??1CLockEvent@@UAE@XZ
-  - ??1CLockList@@UAE@XZ
-  - ??1CMemoryAllocator@@UAE@XZ
-  - ??1CMemoryPoolAllocator@@UAE@XZ
-  - ??1CModuleConfig@@UAE@XZ
-  - ??1CModuleConfigList@@UAE@XZ
-  - ??1CModuleFileExtConfig@@UAE@XZ
-  - ??1CModuleFlagConfig@@UAE@XZ
-  - ??1CModuleMultiStringConfig@@UAE@XZ
-  - ??1CModuleStringConfig@@UAE@XZ
-  - ??1CSmartLock@@QAE@XZ
-  - ??1CSmartReference@@QAE@XZ
-  - ??1CStrList@@UAE@XZ
-  - ??1CSystemThread@@UAE@XZ
-  - ??1CUserFuncAdapterJob@@UAE@XZ
-  - ??1CWorkerThread@@UAE@XZ
-  - ??1CWorkerThreadJob@@UAE@XZ
-  - ??1CWorkerThreadJobQueue@@UAE@XZ
-  - ??1CWorkerThreadPool@@UAE@XZ
-  - ??1IMemoryAllocator@@UAE@XZ
-  - ??2@YAPAXIPAVIMemoryAllocator@@PBDK@Z
-  - ??2CMemoryAllocator@@SGPAXI@Z
-  - ??2CMemoryPoolAllocator@@SGPAXI@Z
-  - ??3@YAXPAX@Z
-  - ??3IMemoryAllocator@@SGXPAX@Z
-  - ??4CAutoUpdateConfigThread@@QAEAAV0@ABV0@@Z
-  - ??4CBlobConfig@@QAEAAV0@ABV0@@Z
-  - ??4CContext@@QAEAAV0@ABV0@@Z
-  - ??4CDebugLog@@QAEAAV0@ABV0@@Z
-  - ??4CFile@@QAEAAV0@ABV0@@Z
-  - ??4CKEvent@@QAEAAV0@ABV0@@Z
-  - ??4CLockEvent@@QAEAAV0@ABV0@@Z
-  - ??4CMemoryAllocator@@QAEAAV0@ABV0@@Z
-  - ??4CMemoryPoolAllocator@@QAEAAV0@ABV0@@Z
-  - ??4CModuleConfig@@QAEAAV0@ABV0@@Z
-  - ??4CModuleFlagConfig@@QAEAAV0@ABV0@@Z
-  - ??4CModuleStringConfig@@QAEAAV0@ABV0@@Z
-  - ??4CSmartLock@@QAEAAV0@ABV0@@Z
-  - ??4CSmartLock@@QAEABV0@AAVCLockEvent@@@Z
-  - ??4CSystemThread@@QAEAAV0@ABV0@@Z
-  - ??4CUserFuncAdapterJob@@QAEAAV0@ABV0@@Z
-  - ??4CWorkerThread@@QAEAAV0@ABV0@@Z
-  - ??4CWorkerThreadJob@@QAEAAV0@ABV0@@Z
-  - ??4IMemoryAllocator@@QAEAAV0@ABV0@@Z
-  - ??_7CAutoUpdateConfigThread@@6B@
-  - ??_7CBlobConfig@@6B@
-  - ??_7CContext@@6B@
-  - ??_7CContextList@@6B@
-  - ??_7CDebugLog@@6B@
-  - ??_7CExclusionExtConfig@@6B@
-  - ??_7CExclusionFileNameConfig@@6B@
-  - ??_7CExclusionFilePathConfig@@6B@
-  - ??_7CExclusionFolderConfig@@6B@
-  - ??_7CExclusionRegistryConfig@@6B@
-  - ??_7CFile@@6B@
-  - ??_7CFileExtension@@6B@
-  - ??_7CKEvent@@6B@
-  - ??_7CList@@6B@
-  - ??_7CLockEvent@@6B@
-  - ??_7CLockList@@6B@
-  - ??_7CMemoryAllocator@@6B@
-  - ??_7CMemoryPoolAllocator@@6B@
-  - ??_7CModuleConfig@@6B@
-  - ??_7CModuleConfigList@@6B@
-  - ??_7CModuleFileExtConfig@@6B@
-  - ??_7CModuleFlagConfig@@6B@
-  - ??_7CModuleMultiStringConfig@@6B@
-  - ??_7CModuleStringConfig@@6B@
-  - ??_7CStrList@@6B@
-  - ??_7CSystemThread@@6B@
-  - ??_7CUserFuncAdapterJob@@6B@
-  - ??_7CWorkerThread@@6B@
-  - ??_7CWorkerThreadJob@@6B@
-  - ??_7CWorkerThreadJobQueue@@6B@
-  - ??_7CWorkerThreadPool@@6B@
-  - ??_7IMemoryAllocator@@6B@
-  - ??_FCContextList@@QAEXXZ
-  - ??_FCFile@@QAEXXZ
-  - ??_FCFileExtension@@QAEXXZ
-  - ??_FCModuleConfigList@@QAEXXZ
-  - ??_FCStrList@@QAEXXZ
-  - ??_FCSystemThread@@QAEXXZ
-  - ??_FCWorkerThread@@QAEXXZ
-  - ??_FCWorkerThreadJob@@QAEXXZ
-  - ??_FCWorkerThreadJobQueue@@QAEXXZ
-  - ??_U@YAPAXIPAVIMemoryAllocator@@PBDK@Z
-  - ??_V@YAXPAX@Z
-  - ?Acquire@CLockEvent@@QAEXXZ
-  - ?Add@CContextList@@QAEEPAVCContext@@@Z
-  - ?Add@CFileExtension@@QAEEPBGK@Z
-  - ?Add@CModuleConfigList@@QAEEPAVCModuleConfig@@@Z
-  - ?Add@CStrList@@QAEEPBG@Z
-  - ?Alloc@CMemoryAllocator@@UAEPAXKPBDK@Z
-  - ?Alloc@CMemoryPoolAllocator@@UAEPAXKPBDK@Z
-  - ?AllocBlock@CMemoryPoolAllocator@@IAEPAXK@Z
-  - ?AttachJobQueue@CWorkerThread@@QAEXPAVCWorkerThreadJobQueue@@@Z
-  - ?Cancel@CWorkerThreadJob@@QAEXXZ
-  - ?CheckNode@CLockList@@UAEHQAX@Z
-  - ?CleanQueue@CWorkerThreadJobQueue@@QAEXXZ
-  - ?Cleanup@CBlobConfig@@AAEXXZ
-  - ?Cleanup@CModuleFileExtConfig@@IAEXXZ
-  - ?Cleanup@CModuleMultiStringConfig@@IAEXXZ
-  - ?Cleanup@CModuleStringConfig@@AAEXXZ
-  - ?Close@CFile@@QAEJXZ
-  - ?Count@CLockList@@QAEKXZ
-  - ?Create@CFile@@QAEJPBGKKKK@Z
-  - ?Create@CSystemThread@@QAEEXZ
-  - ?CreateInstance@CMemoryAllocator@@SGPAV1@W4_POOL_TYPE@@K@Z
-  - ?CreateInstance@CMemoryPoolAllocator@@SGPAV1@W4_POOL_TYPE@@KKK@Z
-  - ?CreatePool@CWorkerThreadPool@@QAEEXZ
-  - ?CreateThreads@CWorkerThreadPool@@QAEEK@Z
-  - ?CreateWIRP@CFile@@QAEJPBGKKKK@Z
-  - ?Delete@CFile@@QAEJXZ
-  - ?Delete@CFileExtension@@QAEEPBGK@Z
-  - ?Delete@CStrList@@QAEEPBG@Z
-  - ?DeleteAll@CList@@UAEXXZ
-  - ?DeleteAll@CLockList@@UAEXXZ
-  - ?DeleteNode@CContextList@@MAEXPAX@Z
-  - ?DeleteNode@CList@@UAEXPAX@Z
-  - ?DeleteNode@CModuleConfigList@@MAEXPAX@Z
-  - ?DeleteNode@CStrList@@EAEXPAU_STR_LIST_NODE@1@@Z
-  - ?DisableWriteProtectFromCR0@@YGXPAPAX@Z
-  - ?DoIt@CWorkerThreadJob@@QAEJXZ
-  - ?EntryPoint@CSystemThread@@KGXPAX@Z
-  - ?Find@CContextList@@QAEPAVCContext@@K@Z
-  - ?Find@CContextList@@QAEPAVCContext@@PAX@Z
-  - ?Find@CFileExtension@@QAEPAU_STR_LIST_NODE@CStrList@@PBGK@Z
-  - ?Find@CModuleConfigList@@QAEPAVCModuleConfig@@K@Z
-  - ?Find@CStrList@@QAEPAU_STR_LIST_NODE@1@PBG@Z
-  - ?FindNode@CContextList@@IAEPAXPAX@Z
-  - ?FindPartiallyAndAllMatch@CStrList@@QAEPAU_STR_LIST_NODE@1@PBG@Z
-  - ?First@CList@@UAEPAXXZ
-  - ?First@CLockList@@UAEPAXXZ
-  - ?Free@CMemoryAllocator@@UAEXPAX@Z
-  - ?Free@CMemoryPoolAllocator@@UAEXPAX@Z
-  - ?GetAttributes@CFile@@QAEKXZ
-  - ?GetBasicInfomration@CFile@@IAEJXZ
-  - ?GetBlobCofig@CContext@@UAEJKPAXPAK@Z
-  - ?GetCategory@CContext@@QAEKXZ
-  - ?GetData@CBlobConfig@@QAEHPAXPAK@Z
-  - ?GetData@CModuleFileExtConfig@@QAEHPAGPAK@Z
-  - ?GetData@CModuleFileExtConfig@@QAEPAVCFileExtension@@XZ
-  - ?GetData@CModuleFlagConfig@@QAEKXZ
-  - ?GetData@CModuleMultiStringConfig@@QAEHPAGPAK@Z
-  - ?GetData@CModuleMultiStringConfig@@QAEPAVCStrList@@XZ
-  - ?GetData@CModuleStringConfig@@QAEPAGXZ
-  - ?GetData@CStrList@@QAEEPAGPAK@Z
-  - ?GetDataType@CModuleConfig@@QAEKXZ
-  - ?GetEngineContext@CContext@@QAEPAXXZ
-  - ?GetFileExtensionConfig@CContext@@QAEPAVCFileExtension@@K@Z
-  - ?GetFileExtensionConfig@CContext@@UAEJKPAGPAK@Z
-  - ?GetFileSize@CFile@@QAEJPAT_LARGE_INTEGER@@@Z
-  - ?GetFlagConfig@CContext@@UAEJKPAK@Z
-  - ?GetID@CModuleConfig@@QAEKXZ
-  - ?GetJob@CWorkerThreadJobQueue@@QAEPAVCWorkerThreadJob@@XZ
-  - ?GetLength@CModuleStringConfig@@QAEKXZ
-  - ?GetLinkContext@CContext@@QAEPAXXZ
-  - ?GetLogFlag@CDebugLog@@QAEKXZ
-  - ?GetModuleId@CModuleConfig@@QAEKXZ
-  - ?GetMultiStringConfig@CContext@@QAEPAVCStrList@@K@Z
-  - ?GetMultiStringConfig@CContext@@UAEJKPAGPAK@Z
-  - ?GetOneThreadTEB@CWorkerThreadPool@@QAEPAU_ETHREAD@@XZ
-  - ?GetReportCallBackRoutine@CContext@@QAEKXZ
-  - ?GetSize@CBlobConfig@@QAEKXZ
-  - ?GetStringConfig@CContext@@QAEPAGK@Z
-  - ?GetStringConfig@CContext@@UAEJKPAGPAK@Z
-  - ?GetThreadCount@CWorkerThreadPool@@QAEKXZ
-  - ?GetThreadID@CSystemThread@@QAEKXZ
-  - ?GetType@CContext@@QAEKXZ
-  - ?GetUserParameter@CContext@@QAEKXZ
-  - ?InitializeBlobConfig@CContext@@QAEHKPAXK@Z
-  - ?InitializeFileExtensionConfig@CContext@@QAEHKPBG@Z
-  - ?InitializeFlagConfig@CContext@@QAEHKK@Z
-  - ?InitializeMultiStringConfig@CContext@@QAEHKPBG@Z
-  - ?InitializeStringConfig@CContext@@QAEHKPBG@Z
-  - ?Insert@CList@@UAEXQAXE@Z
-  - ?Insert@CLockList@@UAEXQAXE@Z
-  - ?InsertAfter@CList@@UAEXPAX0@Z
-  - ?InsertBefore@CList@@UAEXPAX0@Z
-  - ?Instance@CWorkerThreadPool@@SGPAV1@XZ
-  - ?IsEmpty@CList@@UAEEXZ
-  - ?IsEmpty@CLockList@@UAEEXZ
-  - ?IsExceedLimitation@CMemoryPoolAllocator@@IAEEK@Z
-  - ?IsFull@CLockList@@QBEEXZ
-  - ?IsInExclusionList@CExclusionExtConfig@@QAEEPBG@Z
-  - ?IsInExclusionList@CExclusionFileNameConfig@@QAEEPBG@Z
-  - ?IsInExclusionList@CExclusionFilePathConfig@@QAEEPBG@Z
-  - ?IsInExclusionList@CExclusionFolderConfig@@QAEEPBG@Z
-  - ?IsInExclusionList@CExclusionRegistryConfig@@QAEEPBG@Z
-  - ?IsOpened@CFile@@QAEEXZ
-  - ?IsTerminated@CWorkerThreadPool@@QAEEXZ
-  - ?IsValid@CMemoryAllocator@@UAEEXZ
-  - ?IsValid@CMemoryPoolAllocator@@UAEEXZ
-  - ?IsValid@IMemoryAllocator@@UAEEXZ
-  - ?IsWorkerThread@CWorkerThreadPool@@QAEEK@Z
-  - ?JobFunction@CUserFuncAdapterJob@@MAEXXZ
-  - ?JobQueue@CWorkerThreadPool@@QAEAAVCWorkerThreadJobQueue@@XZ
-  - ?Limit@CLockList@@QAEKXZ
-  - ?MatchAllExtensions@CFileExtension@@QAEEXZ
-  - ?MatchNoExtensions@CFileExtension@@QAEEXZ
-  - ?MergeLeft@CMemoryPoolAllocator@@IAEPAXPAX@Z
-  - ?MergeRight@CMemoryPoolAllocator@@IAEPAXPAX@Z
-  - ?NeedDelete@CWorkerThreadJob@@QAEEXZ
-  - ?NeedDeleteWhenFinish@CWorkerThreadJob@@QAEXE@Z
-  - ?NewNode@CList@@UAEPAXXZ
-  - ?NewNode@CStrList@@EAEPAXXZ
-  - ?NewNodeVariant@CList@@IAEPAXK@Z
-  - ?Next@CList@@UBEPAXQAX@Z
-  - ?Next@CLockList@@UBEPAXQAX@Z
-  - ?NextPool@CMemoryPoolAllocator@@QAEPAV1@XZ
-  - ?NotityTerminate@CWorkerThread@@QAEXXZ
-  - ?PostJobToWorkerThread@CWorkerThreadPool@@QAEJP6GXPAX@Z0E@Z
-  - ?Pulse@CKEvent@@QAEJJE@Z
-  - ?QueueJob@CWorkerThreadJobQueue@@QAEEPAVCWorkerThreadJob@@@Z
-  - ?QueueJobItem@CWorkerThreadPool@@QAEJPAVCWorkerThreadJob@@@Z
-  - ?RCMInstance@CWorkerThreadPool@@SGPAV1@XZ
-  - ?Read@CFile@@QAEJPADKPAK@Z
-  - ?ReferenceCount@CContext@@QAEAAKXZ
-  - ?Release@CLockEvent@@QAEXXZ
-  - ?Remove@CContextList@@UAEEQAX@Z
-  - ?Remove@CList@@UAEEQAX@Z
-  - ?Remove@CLockList@@UAEEQAX@Z
-  - ?RemoveHead@CList@@UAEPAXXZ
-  - ?RemoveHead@CLockList@@UAEPAXXZ
-  - ?RemoveTail@CList@@UAEPAXXZ
-  - ?RemoveTail@CLockList@@UAEPAXXZ
-  - ?Reset@CKEvent@@QAEXXZ
-  - ?RestoreCR0@@YGXPAX@Z
-  - ?Run@CAutoUpdateConfigThread@@UAEXXZ
-  - ?Run@CWorkerThread@@UAEXXZ
-  - ?SeekToEnd@CFile@@QAEJXZ
-  - ?Set@CKEvent@@QAEJJE@Z
-  - ?SetAttributes@CFile@@QAEJK@Z
-  - ?SetBlobCofig@CContext@@UAEJKPAXK@Z
-  - ?SetData@CBlobConfig@@QAEHPAXK@Z
-  - ?SetData@CModuleFileExtConfig@@QAEHPBG@Z
-  - ?SetData@CModuleFlagConfig@@QAEHK@Z
-  - ?SetData@CModuleMultiStringConfig@@QAEHPBG@Z
-  - ?SetData@CModuleStringConfig@@QAEHPBG@Z
-  - ?SetEngineContext@CContext@@QAEXPAX@Z
-  - ?SetFileExtensionConfig@CContext@@UAEJKPBG@Z
-  - ?SetFlagConfig@CContext@@UAEJKK@Z
-  - ?SetLinkContext@CContext@@QAEXPAX@Z
-  - ?SetLogFlag@CDebugLog@@QAEEK@Z
-  - ?SetMatchAllExtensions@CFileExtension@@QAEXE@Z
-  - ?SetMatchNoExtensions@CFileExtension@@QAEXE@Z
-  - ?SetMultiStringConfig@CContext@@UAEJKPBG@Z
-  - ?SetNewJobItemEvent@CWorkerThreadJobQueue@@QAEXXZ
-  - ?SetPriority@CSystemThread@@QAEXK@Z
-  - ?SetStopUse@CContext@@QAEXXZ
-  - ?SetStringConfig@CContext@@UAEJKPBG@Z
-  - ?Setup@CSystemThread@@MAEXXZ
-  - ?StopUse@CContext@@QAEHXZ
-  - ?TearDown@CSystemThread@@MAEXXZ
-  - ?Terminate@CSystemThread@@QAEXE@Z
-  - ?Terminate@CWorkerThreadPool@@QAEEXZ
-  - ?TmExceptionFilter@@YGJPAU_EXCEPTION_POINTERS@@@Z
-  - ?Wait@CKEvent@@QAEJPAT_LARGE_INTEGER@@E@Z
-  - ?WaitFinish@CWorkerThreadJob@@QAEXXZ
-  - ?WaitNewJobAvailable@CWorkerThreadJobQueue@@QAEEXZ
-  - ?Write@CDebugLog@@QAAXPBDZZ
-  - ?Write@CFile@@QAEJPADKPAT_LARGE_INTEGER@@PAK@Z
-  - ?WriteSystemInformation@CDebugLog@@QAEXXZ
-  - ?WriteSystemStringInformation@CDebugLog@@IAEXPBG@Z
-  - ?WriteToFile@CDebugLog@@IAEXPADK@Z
-  - ?_pNonPagedAllocator@@3PAVCMemoryAllocator@@A
-  - ?_pPagedAllocator@@3PAVCMemoryAllocator@@A
-  - ?m_lpInstance@CWorkerThreadPool@@1PAV1@A
-  - ?m_lpRCMInstance@CWorkerThreadPool@@1PAV1@A
-  - _DeInitKmLPC@0
-  - _GetModuleInfoByAddress@8
-  - _GetModuleInfoByModuleName@8
-  - _InitKmLPC@0
-  - _KmCallUm@8
-  - _MapMem@12
-  - _ModGetExportProcAddress@8
-  - _ModLoadDLLToBuffer@4
-  - _ModLoadModule@8
-  - _ModUnLoadModule@4
-  - _TmCommConfigRoutine@4
-  - _UnMapMem@8
-  - _UtilGetProcessName@12
-  - _UtilGetSystemTime@4
-  - _UtilIoSetFileInfo@24
-  - _UtilIopCreateFileIRP@40
-  - _UtilKeGetLowFileDevice@16
-  - _UtilQueryKeyValue@24
-  - _UtilVolumeDeviceToDosName@8
-  - _UtilWaitValueChangeToZero@8
-  - _UtilWriteVersionToRegistry@8
-  ImportedFunctions:
-  - KeEnterCriticalRegion
-  - KeGetCurrentThread
-  - KeLeaveCriticalRegion
-  - ExReleaseFastMutexUnsafe
-  - wcsncpy
-  - memcpy
-  - wcsrchr
-  - KeSetEvent
-  - KePulseEvent
-  - KeClearEvent
-  - IofCompleteRequest
-  - ZwClose
-  - KeDelayExecutionThread
-  - ObfDereferenceObject
-  - ObReferenceObjectByHandle
-  - ExEventObjectType
-  - ZwCreateEvent
-  - RtlInitUnicodeString
-  - swprintf
-  - KeQuerySystemTime
-  - KeWaitForSingleObject
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - IoCreateSymbolicLink
-  - DbgPrint
-  - RtlCopyUnicodeString
-  - ProbeForWrite
-  - ProbeForRead
-  - ExGetPreviousMode
-  - memset
-  - MmIsAddressValid
-  - ZwWriteFile
-  - ZwReadFile
-  - ZwQueryInformationFile
-  - ZwSetInformationFile
-  - ZwCreateFile
-  - towupper
-  - _wcsnicmp
-  - _snprintf
-  - PsGetCurrentProcessId
-  - IoGetCurrentProcess
-  - RtlTimeToTimeFields
-  - ExSystemTimeToLocalTime
-  - ZwCreateKey
-  - KeInitializeEvent
-  - KeWaitForMultipleObjects
-  - ZwNotifyChangeKey
-  - PsGetCurrentThreadId
-  - _vsnprintf
-  - MmMapLockedPagesSpecifyCache
-  - MmBuildMdlForNonPagedPool
-  - MmCreateMdl
-  - ExFreePoolWithTag
-  - MmUnmapLockedPages
-  - ExAllocatePoolWithTag
-  - RtlImageNtHeader
-  - mbstowcs
-  - _stricmp
-  - ZwQuerySystemInformation
-  - IoGetDeviceObjectPointer
-  - KeServiceDescriptorTable
-  - KeAddSystemServiceTable
-  - _strnicmp
-  - PsLookupProcessByProcessId
-  - KeUnstackDetachProcess
-  - KeStackAttachProcess
-  - ZwQueryObject
-  - ZwDuplicateObject
-  - ZwOpenProcess
-  - KeSetPriorityThread
-  - PsTerminateSystemThread
-  - PsCreateSystemThread
-  - KeNumberProcessors
-  - ZwQueryDirectoryFile
-  - ZwOpenDirectoryObject
-  - ZwQueryDirectoryObject
-  - IoFreeIrp
-  - IoFreeMdl
-  - IofCallDriver
-  - ExAcquireFastMutexUnsafe
-  - IoAllocateIrp
-  - IoFileObjectType
-  - ZwOpenKey
-  - ZwEnumerateKey
-  - ZwEnumerateValueKey
-  - ZwQueryValueKey
-  - ZwDeleteValueKey
-  - ZwDeleteKey
-  - ZwQueryKey
-  - ZwSetValueKey
-  - ZwQuerySecurityObject
-  - ObInsertObject
-  - _allrem
-  - strncpy
-  - NtOpenProcess
-  - ObOpenObjectByPointer
-  - PsProcessType
-  - ObReferenceObjectByPointer
-  - MmSectionObjectType
-  - ObQueryNameString
-  - ObOpenObjectByName
-  - RtlAppendUnicodeStringToString
-  - ObfReferenceObject
-  - NtQueryInformationProcess
-  - _snwprintf
-  - RtlAnsiStringToUnicodeString
-  - IoBuildAsynchronousFsdRequest
-  - KeBugCheckEx
-  - RtlQueryRegistryValues
-  - RtlAppendUnicodeToString
-  - ZwQuerySymbolicLinkObject
-  - ZwOpenSymbolicLinkObject
-  - RtlEqualUnicodeString
-  - IoCreateFile
-  - PsGetVersion
-  - MmGetSystemRoutineAddress
-  - RtlCompareMemory
-  - IoReleaseVpbSpinLock
-  - IoAcquireVpbSpinLock
-  - SeCreateAccessState
-  - IoGetFileObjectGenericMapping
-  - ObCreateObject
-  - KeInitializeSemaphore
-  - KeReleaseSemaphore
-  - RtlSubAuthoritySid
-  - RtlInitializeSid
-  - RtlLengthRequiredSid
-  - RtlSetDaclSecurityDescriptor
-  - RtlCreateSecurityDescriptor
-  - RtlAddAccessAllowedAce
-  - RtlCreateAcl
-  - ZwSetEvent
-  - ZwRequestWaitReplyPort
-  - memmove
-  - ZwConnectPort
-  - ZwCreateSection
-  - ZwWaitForSingleObject
-  - ZwOpenEvent
-  - ExAllocatePool
-  - RtlUpperChar
-  - RtlCompareUnicodeString
-  - KeTickCount
-  - ZwSetSecurityObject
-  - IoDeviceObjectType
-  - IoCreateDevice
-  - RtlUnwind
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetSaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - RtlLengthSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - SeExports
-  - IoIsWdmVersionAvailable
-  - RtlLengthSid
-  - wcschr
-  - RtlAbsoluteToSelfRelativeSD
-  - RtlFreeUnicodeString
-  - IoAllocateMdl
-  - _purecall
-  - ClassInitialize
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=TW, ST=Taiwan, L=Taipei, O=Trend Micro, Inc., OU=Digital ID Class
-        3 , Microsoft Software Validation v2, OU=RD, CN=Trend Micro, Inc.
-      ValidFrom: '2008-01-16 00:00:00'
-      ValidTo: '2011-02-16 23:59:59'
-      Signature: 5a693868cea6ba49064b801a0d9e12887a37cbb92cca2950cc5e99c2df9aec5697422e67cd042836daf09a09e739f625255841fed1ec9657cb8b3edc08c55c302574cbdb3f7de2798ed769d766402619b48041f9d90f8c904488788412b1c632055e1afc4a5bbac642cb626bd20fece0feaa6cf9b287887788cf64586309a14a644b5f0595c0ddcb7d789831faedb48451e40e342da4ccbc38a5e992e57e7ce5328d531a8c68e61f9dc9be65605c1bedf3358579000b91a19b3be388bac36b58ca76b72358bd8e74e0a7b08b0587bb7a29758c01af40b80e8e72c76abd3a2babfe7c1ed6e7b1cd9b0221a605062b6d9d0ceb57e0eb305fdc5eb5bf6ea442f4c9
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 645212f783f4d7aba3555729e99ce065
-      Version: 3
-      TBS:
-        MD5: e00f0a38c65f7c0b9f19b97448d6a0e3
-        SHA1: 91c033a2f289418c4101654dceacef1b25bb55d0
-        SHA256: 38b3fcbdb734b0e3439f3c9a3c4c1712091f577d2b616d41224137faf7ba7c86
-        SHA384: d3a0e6ebbe1b8a4847fa56fa62a48d76fc223870a66d30de9ce77fe5ff4ac0eeb84644ab4b67a7c4638ce79dec03a62d
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 645212f783f4d7aba3555729e99ce065
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: f3b2261013f63e56fe626e4a998cf6d6
-    SHA1: 00900236e6ee2030bce66466405b490a1eb8233b
-    SHA256: 5bd5c40161e8e3231529247638ab7bb2ece6068a416e3bf775c9bde68138f458
-  Sections:
-    .text:
-      Entropy: 6.611141212755658
-      Virtual Size: '0x16412'
-    .rdata:
-      Entropy: 4.809141722841255
-      Virtual Size: '0x1104'
-    .data:
-      Entropy: 1.5135609179459095
-      Virtual Size: '0x14f4'
-    PAGE:
-      Entropy: 6.243880711573033
-      Virtual Size: '0x13d3'
-    .edata:
-      Entropy: 5.794718485434606
-      Virtual Size: '0x402b'
-    INIT:
-      Entropy: 5.674755033880664
-      Virtual Size: '0x1032'
-    .rsrc:
-      Entropy: 3.39699693513827
-      Virtual Size: '0x490'
-    .reloc:
-      Entropy: 6.434544685125248
-      Virtual Size: '0x16c4'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2008-04-01 05:02:16'
-  Imphash: 202a0f2f992ec379e2876776ae9de661
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: TmComm.sys
-  MD5: 9af5ae780b6a9ea485fa15f28ddb20a7
-  SHA1: 6a60c5dc7d881ddb5d6fe954f10b8aa10d214e72
-  SHA256: b773511fdb2e370dec042530910a905472fcc2558eb108b246fd3200171b04d3
-  Authentihash:
-    MD5: c168260fa4a9a401b55e3b4c5962fa27
-    SHA1: dac9b99363ccff7b11a53bf98bcaf64f41b66d77
-    SHA256: 45624a7469927b999cce153ff0074f675a8c062c5afa3f0c688b6124874ca27a
-  Description: TrendMicro Common Module
-  Company: Trend Micro Inc.
-  InternalName: TmComm.sys
-  OriginalFilename: TmComm.sys
-  FileVersion: 7.30.0.1065
-  Product: Trend Micro Eyes
-  ProductVersion: '7.30'
-  Copyright: Copyright  (C)  2017 Trend Micro Incorporated. All rights reserved.
-  MachineType: I386
-  Imports:
-  - ntoskrnl.exe
-  - CLASSPNP.SYS
-  - HAL.dll
-  ExportedFunctions:
-  - ??0CAutoUpdateConfigThread@@QAE@ABV0@@Z
-  - ??0CAutoUpdateConfigThread@@QAE@PAU_UNICODE_STRING@@P6GX0PAX@Z1@Z
-  - ??0CBlobConfig@@QAE@ABV0@@Z
-  - ??0CBlobConfig@@QAE@K@Z
-  - ??0CContext@@QAE@ABV0@@Z
-  - ??0CContext@@QAE@KP6GJPAU_EVENT_REPORT@@PAXPAU_TMCE_REPORT@@PAU_TMCE_FEEDBACK@@@Z1K@Z
-  - ??0CContextList@@QAE@ABV0@@Z
-  - ??0CContextList@@QAE@KPAVIMemoryAllocator@@@Z
-  - ??0CDebugLog@@QAE@ABV0@@Z
-  - ??0CDebugLog@@QAE@PBG@Z
-  - ??0CDebugLogEx@@QAE@ABV0@@Z
-  - ??0CDebugLogEx@@QAE@K@Z
-  - ??0CDelayLoadThread@@QAE@ABV0@@Z
-  - ??0CDelayLoadThread@@QAE@XZ
-  - ??0CExclusionExtConfig@@QAE@ABV0@@Z
-  - ??0CExclusionExtConfig@@QAE@KKE@Z
-  - ??0CExclusionFileNameConfig@@QAE@ABV0@@Z
-  - ??0CExclusionFileNameConfig@@QAE@KK@Z
-  - ??0CExclusionFilePathConfig@@QAE@ABV0@@Z
-  - ??0CExclusionFilePathConfig@@QAE@KK@Z
-  - ??0CExclusionFolderConfig@@QAE@ABV0@@Z
-  - ??0CExclusionFolderConfig@@QAE@KK@Z
-  - ??0CExclusionRegistryConfig@@QAE@ABV0@@Z
-  - ??0CExclusionRegistryConfig@@QAE@KK@Z
-  - ??0CFile@@QAE@ABV0@@Z
-  - ??0CFile@@QAE@E@Z
-  - ??0CFileExtension@@QAE@ABV0@@Z
-  - ??0CFileExtension@@QAE@KEEPAVIMemoryAllocator@@@Z
-  - ??0CInclusionExtConfig@@QAE@ABV0@@Z
-  - ??0CInclusionExtConfig@@QAE@KKE@Z
-  - ??0CInclusionFileNameConfig@@QAE@ABV0@@Z
-  - ??0CInclusionFileNameConfig@@QAE@KK@Z
-  - ??0CInclusionFilePathConfig@@QAE@ABV0@@Z
-  - ??0CInclusionFilePathConfig@@QAE@KK@Z
-  - ??0CInclusionFolderConfig@@QAE@ABV0@@Z
-  - ??0CInclusionFolderConfig@@QAE@KK@Z
-  - ??0CKEvent@@QAE@ABV0@@Z
-  - ??0CKEvent@@QAE@W4_EVENT_TYPE@@E@Z
-  - ??0CList@@QAE@ABV0@@Z
-  - ??0CList@@QAE@KPAVIMemoryAllocator@@@Z
-  - ??0CLockEvent@@QAE@ABV0@@Z
-  - ??0CLockEvent@@QAE@XZ
-  - ??0CLockList@@QAE@ABV0@@Z
-  - ??0CLockList@@QAE@KKPAVIMemoryAllocator@@@Z
-  - ??0CMemoryAllocator@@IAE@W4_POOL_TYPE@@K@Z
-  - ??0CMemoryAllocator@@QAE@ABV0@@Z
-  - ??0CMemoryPoolAllocator@@IAE@W4_POOL_TYPE@@KKK@Z
-  - ??0CMemoryPoolAllocator@@QAE@ABV0@@Z
-  - ??0CModuleConfig@@QAE@ABV0@@Z
-  - ??0CModuleConfig@@QAE@XZ
-  - ??0CModuleConfigList@@QAE@ABV0@@Z
-  - ??0CModuleConfigList@@QAE@KPAVIMemoryAllocator@@@Z
-  - ??0CModuleFileExtConfig@@QAE@ABV0@@Z
-  - ??0CModuleFileExtConfig@@QAE@KKE@Z
-  - ??0CModuleFlagConfig@@QAE@ABV0@@Z
-  - ??0CModuleFlagConfig@@QAE@K@Z
-  - ??0CModuleMultiStringConfig@@QAE@ABV0@@Z
-  - ??0CModuleMultiStringConfig@@QAE@KK@Z
-  - ??0CModuleStringConfig@@QAE@ABV0@@Z
-  - ??0CModuleStringConfig@@QAE@K@Z
-  - ??0CNoLockList@@QAE@ABV0@@Z
-  - ??0CNoLockList@@QAE@KKPAVIMemoryAllocator@@@Z
-  - ??0CSmartLock@@QAE@AAVCLockEvent@@@Z
-  - ??0CSmartLock@@QAE@XZ
-  - ??0CSmartReference@@QAE@AAJ@Z
-  - ??0CSmartReference@@QAE@AAK@Z
-  - ??0CSmartResource@@QAE@AAVCResource@@E@Z
-  - ??0CStrList@@QAE@ABV0@@Z
-  - ??0CStrList@@QAE@KPAVIMemoryAllocator@@@Z
-  - ??0CSystemThread@@QAE@ABV0@@Z
-  - ??0CSystemThread@@QAE@K@Z
-  - ??0CUserFuncAdapterJob@@QAE@ABV0@@Z
-  - ??0CUserFuncAdapterJob@@QAE@P6GXPAX@Z01@Z
-  - ??0CWorkerThread@@IAE@PAVCWorkerThreadJobQueue@@@Z
-  - ??0CWorkerThread@@QAE@ABV0@@Z
-  - ??0CWorkerThreadJob@@QAE@ABV0@@Z
-  - ??0CWorkerThreadJob@@QAE@E@Z
-  - ??0CWorkerThreadJobQueue@@QAE@ABV0@@Z
-  - ??0CWorkerThreadJobQueue@@QAE@K@Z
-  - ??0CWorkerThreadPool@@QAE@ABV0@@Z
-  - ??0CWorkerThreadPool@@QAE@K@Z
-  - ??0CWorkerThreadPoolEx@@QAE@ABV0@@Z
-  - ??0CWorkerThreadPoolEx@@QAE@KK@Z
-  - ??0IMemoryAllocator@@QAE@ABV0@@Z
-  - ??0IMemoryAllocator@@QAE@XZ
-  - ??1CAutoUpdateConfigThread@@UAE@XZ
-  - ??1CBlobConfig@@UAE@XZ
-  - ??1CContext@@UAE@XZ
-  - ??1CContextList@@UAE@XZ
-  - ??1CDebugLog@@UAE@XZ
-  - ??1CDebugLogEx@@UAE@XZ
-  - ??1CDelayLoadThread@@UAE@XZ
-  - ??1CExclusionExtConfig@@UAE@XZ
-  - ??1CExclusionFileNameConfig@@UAE@XZ
-  - ??1CExclusionFilePathConfig@@UAE@XZ
-  - ??1CExclusionFolderConfig@@UAE@XZ
-  - ??1CExclusionRegistryConfig@@UAE@XZ
-  - ??1CFile@@UAE@XZ
-  - ??1CFileExtension@@UAE@XZ
-  - ??1CInclusionExtConfig@@UAE@XZ
-  - ??1CInclusionFileNameConfig@@UAE@XZ
-  - ??1CInclusionFilePathConfig@@UAE@XZ
-  - ??1CInclusionFolderConfig@@UAE@XZ
-  - ??1CKEvent@@UAE@XZ
-  - ??1CList@@UAE@XZ
-  - ??1CLockEvent@@UAE@XZ
-  - ??1CLockList@@UAE@XZ
-  - ??1CMemoryAllocator@@UAE@XZ
-  - ??1CMemoryPoolAllocator@@UAE@XZ
-  - ??1CModuleConfig@@UAE@XZ
-  - ??1CModuleConfigList@@UAE@XZ
-  - ??1CModuleFileExtConfig@@UAE@XZ
-  - ??1CModuleFlagConfig@@UAE@XZ
-  - ??1CModuleMultiStringConfig@@UAE@XZ
-  - ??1CModuleStringConfig@@UAE@XZ
-  - ??1CNoLockList@@UAE@XZ
-  - ??1CSmartLock@@QAE@XZ
-  - ??1CSmartReference@@QAE@XZ
-  - ??1CSmartResource@@QAE@XZ
-  - ??1CStrList@@UAE@XZ
-  - ??1CSystemThread@@UAE@XZ
-  - ??1CUserFuncAdapterJob@@UAE@XZ
-  - ??1CWorkerThread@@UAE@XZ
-  - ??1CWorkerThreadJob@@UAE@XZ
-  - ??1CWorkerThreadJobQueue@@UAE@XZ
-  - ??1CWorkerThreadPool@@UAE@XZ
-  - ??1CWorkerThreadPoolEx@@UAE@XZ
-  - ??1IMemoryAllocator@@UAE@XZ
-  - ??2@YAPAXIPAVIMemoryAllocator@@PBDK@Z
-  - ??2CMemoryAllocator@@SGPAXI@Z
-  - ??2CMemoryPoolAllocator@@SGPAXI@Z
-  - ??3@YAXPAX@Z
-  - ??3@YAXPAXI@Z
-  - ??3IMemoryAllocator@@SGXPAX@Z
-  - ??4CAutoUpdateConfigThread@@QAEAAV0@ABV0@@Z
-  - ??4CBlobConfig@@QAEAAV0@ABV0@@Z
-  - ??4CContext@@QAEAAV0@ABV0@@Z
-  - ??4CDebugLog@@QAEAAV0@ABV0@@Z
-  - ??4CDebugLogEx@@QAEAAV0@ABV0@@Z
-  - ??4CDelayLoadThread@@QAEAAV0@ABV0@@Z
-  - ??4CFile@@QAEAAV0@ABV0@@Z
-  - ??4CKEvent@@QAEAAV0@ABV0@@Z
-  - ??4CLockEvent@@QAEAAV0@ABV0@@Z
-  - ??4CMemoryAllocator@@QAEAAV0@ABV0@@Z
-  - ??4CMemoryPoolAllocator@@QAEAAV0@ABV0@@Z
-  - ??4CModuleConfig@@QAEAAV0@ABV0@@Z
-  - ??4CModuleFlagConfig@@QAEAAV0@ABV0@@Z
-  - ??4CModuleStringConfig@@QAEAAV0@ABV0@@Z
-  - ??4CSmartLock@@QAEAAV0@ABV0@@Z
-  - ??4CSmartLock@@QAEABV0@AAVCLockEvent@@@Z
-  - ??4CSmartResource@@QAEAAV0@ABV0@@Z
-  - ??4CSystemThread@@QAEAAV0@ABV0@@Z
-  - ??4CUserFuncAdapterJob@@QAEAAV0@ABV0@@Z
-  - ??4CWorkerThread@@QAEAAV0@ABV0@@Z
-  - ??4CWorkerThreadJob@@QAEAAV0@ABV0@@Z
-  - ??4IMemoryAllocator@@QAEAAV0@ABV0@@Z
-  - ??_7CAutoUpdateConfigThread@@6B@
-  - ??_7CBlobConfig@@6B@
-  - ??_7CContext@@6B@
-  - ??_7CContextList@@6B@
-  - ??_7CDebugLog@@6B@
-  - ??_7CDebugLogEx@@6B@
-  - ??_7CDelayLoadThread@@6B@
-  - ??_7CExclusionExtConfig@@6B@
-  - ??_7CExclusionFileNameConfig@@6B@
-  - ??_7CExclusionFilePathConfig@@6B@
-  - ??_7CExclusionFolderConfig@@6B@
-  - ??_7CExclusionRegistryConfig@@6B@
-  - ??_7CFile@@6B@
-  - ??_7CFileExtension@@6B@
-  - ??_7CInclusionExtConfig@@6B@
-  - ??_7CInclusionFileNameConfig@@6B@
-  - ??_7CInclusionFilePathConfig@@6B@
-  - ??_7CInclusionFolderConfig@@6B@
-  - ??_7CKEvent@@6B@
-  - ??_7CList@@6B@
-  - ??_7CLockEvent@@6B@
-  - ??_7CLockList@@6B@
-  - ??_7CMemoryAllocator@@6B@
-  - ??_7CMemoryPoolAllocator@@6B@
-  - ??_7CModuleConfig@@6B@
-  - ??_7CModuleConfigList@@6B@
-  - ??_7CModuleFileExtConfig@@6B@
-  - ??_7CModuleFlagConfig@@6B@
-  - ??_7CModuleMultiStringConfig@@6B@
-  - ??_7CModuleStringConfig@@6B@
-  - ??_7CNoLockList@@6B@
-  - ??_7CStrList@@6B@
-  - ??_7CSystemThread@@6B@
-  - ??_7CUserFuncAdapterJob@@6B@
-  - ??_7CWorkerThread@@6B@
-  - ??_7CWorkerThreadJob@@6B@
-  - ??_7CWorkerThreadJobQueue@@6B@
-  - ??_7CWorkerThreadPool@@6B@
-  - ??_7CWorkerThreadPoolEx@@6B@
-  - ??_7IMemoryAllocator@@6B@
-  - ??_FCContextList@@QAEXXZ
-  - ??_FCFile@@QAEXXZ
-  - ??_FCFileExtension@@QAEXXZ
-  - ??_FCModuleConfigList@@QAEXXZ
-  - ??_FCStrList@@QAEXXZ
-  - ??_FCSystemThread@@QAEXXZ
-  - ??_FCWorkerThread@@QAEXXZ
-  - ??_FCWorkerThreadJob@@QAEXXZ
-  - ??_FCWorkerThreadJobQueue@@QAEXXZ
-  - ??_U@YAPAXIPAVIMemoryAllocator@@PBDK@Z
-  - ??_V@YAXPAX@Z
-  - ?Acquire@CLockEvent@@QAEXXZ
-  - ?Add@CContextList@@QAEEPAVCContext@@@Z
-  - ?Add@CFileExtension@@QAEEPBGK@Z
-  - ?Add@CModuleConfigList@@QAEEPAVCModuleConfig@@@Z
-  - ?Add@CStrList@@QAEEPBG@Z
-  - ?AddNode@CLockList@@UAEEQAXE@Z
-  - ?AddNode@CNoLockList@@UAEEQAXE@Z
-  - ?Alloc@CMemoryAllocator@@UAEPAXKPBDK@Z
-  - ?Alloc@CMemoryPoolAllocator@@UAEPAXKPBDK@Z
-  - ?AllocBlock@CMemoryPoolAllocator@@IAEPAXK@Z
-  - ?AttachJobQueue@CWorkerThread@@QAEXPAVCWorkerThreadJobQueue@@@Z
-  - ?Cancel@CWorkerThreadJob@@QAEXXZ
-  - ?CheckNode@CLockList@@UAEHQAX@Z
-  - ?CheckNode@CNoLockList@@UAEHQAX@Z
-  - ?CleanQueue@CWorkerThreadJobQueue@@QAEXXZ
-  - ?Cleanup@CBlobConfig@@AAEXXZ
-  - ?Cleanup@CModuleFileExtConfig@@IAEXXZ
-  - ?Cleanup@CModuleMultiStringConfig@@IAEXXZ
-  - ?Cleanup@CModuleStringConfig@@AAEXXZ
-  - ?Close@CFile@@QAEJXZ
-  - ?Count@CLockList@@QAEKXZ
-  - ?Count@CNoLockList@@QAEKXZ
-  - ?Create@CFile@@QAEJPBGKKKK@Z
-  - ?Create@CSystemThread@@QAEEXZ
-  - ?CreateInstance@CMemoryAllocator@@SGPAV1@W4_POOL_TYPE@@K@Z
-  - ?CreateInstance@CMemoryPoolAllocator@@SGPAV1@W4_POOL_TYPE@@KKK@Z
-  - ?CreatePool@CWorkerThreadPool@@QAEEXZ
-  - ?CreatePool@CWorkerThreadPoolEx@@QAEEXZ
-  - ?CreateThreads@CWorkerThreadPool@@QAEEK@Z
-  - ?CreateThreads@CWorkerThreadPoolEx@@QAEEK@Z
-  - ?CreateWIRP@CFile@@QAEJPBGKKKK@Z
-  - ?Delete@CFile@@QAEJXZ
-  - ?Delete@CFileExtension@@QAEEPBGK@Z
-  - ?Delete@CStrList@@QAEEPBG@Z
-  - ?DeleteAll@CList@@UAEXXZ
-  - ?DeleteAll@CLockList@@UAEXXZ
-  - ?DeleteAll@CNoLockList@@UAEXXZ
-  - ?DeleteNode@CContextList@@MAEXPAX@Z
-  - ?DeleteNode@CList@@UAEXPAX@Z
-  - ?DeleteNode@CModuleConfigList@@MAEXPAX@Z
-  - ?DeleteNode@CStrList@@EAEXPAU_STR_LIST_NODE@1@@Z
-  - ?DisableWriteProtectFromCR0@@YGXPAPAX@Z
-  - ?DoIt@CWorkerThreadJob@@QAEJXZ
-  - ?EntryPoint@CSystemThread@@KGXPAX@Z
-  - ?Find@CContextList@@QAEPAVCContext@@K@Z
-  - ?Find@CContextList@@QAEPAVCContext@@PAX@Z
-  - ?Find@CFileExtension@@QAEPAU_STR_LIST_NODE@CStrList@@PBGK@Z
-  - ?Find@CModuleConfigList@@QAEPAVCModuleConfig@@K@Z
-  - ?Find@CStrList@@QAEPAU_STR_LIST_NODE@1@PBG@Z
-  - ?FindNode@CContextList@@IAEPAXPAX@Z
-  - ?FindPartiallyAndAllMatch@CStrList@@QAEPAU_STR_LIST_NODE@1@PBG@Z
-  - ?FinishFunction@CUserFuncAdapterJob@@MAEXXZ
-  - ?FinishIt@CWorkerThreadJob@@QAEJXZ
-  - ?First@CList@@UAEPAXXZ
-  - ?First@CLockList@@UAEPAXXZ
-  - ?First@CNoLockList@@UAEPAXXZ
-  - ?Free@CMemoryAllocator@@UAEXPAX@Z
-  - ?Free@CMemoryPoolAllocator@@UAEXPAX@Z
-  - ?GetAttributes@CFile@@QAEKXZ
-  - ?GetBasicInfomration@CFile@@IAEJXZ
-  - ?GetBlobCofig@CContext@@UAEJKPAXPAK@Z
-  - ?GetCategory@CContext@@QAEKXZ
-  - ?GetData@CBlobConfig@@QAEHPAXPAK@Z
-  - ?GetData@CModuleFileExtConfig@@QAEHPAGPAK@Z
-  - ?GetData@CModuleFileExtConfig@@QAEPAVCFileExtension@@XZ
-  - ?GetData@CModuleFlagConfig@@QAEKXZ
-  - ?GetData@CModuleMultiStringConfig@@QAEHPAGPAK@Z
-  - ?GetData@CModuleMultiStringConfig@@QAEPAVCStrList@@XZ
-  - ?GetData@CModuleStringConfig@@QAEPAGXZ
-  - ?GetData@CStrList@@QAEEPAGPAK@Z
-  - ?GetDataType@CModuleConfig@@QAEKXZ
-  - ?GetEngineContext@CContext@@QAEPAXXZ
-  - ?GetFileExtensionConfig@CContext@@QAEPAVCFileExtension@@K@Z
-  - ?GetFileExtensionConfig@CContext@@UAEJKPAGPAK@Z
-  - ?GetFileSize@CFile@@QAEJPAT_LARGE_INTEGER@@@Z
-  - ?GetFileSizeWIRP@CFile@@QAEJPAT_LARGE_INTEGER@@@Z
-  - ?GetFlagConfig@CContext@@UAEJKPAK@Z
-  - ?GetID@CModuleConfig@@QAEKXZ
-  - ?GetJob@CWorkerThreadJobQueue@@QAEPAVCWorkerThreadJob@@XZ
-  - ?GetLength@CModuleStringConfig@@QAEKXZ
-  - ?GetLinkContext@CContext@@QAEPAXXZ
-  - ?GetLogFlag@CDebugLog@@QAEKXZ
-  - ?GetLogFlag@CDebugLogEx@@QAEKXZ
-  - ?GetModuleId@CModuleConfig@@QAEKXZ
-  - ?GetMultiStringConfig@CContext@@QAEPAVCStrList@@K@Z
-  - ?GetMultiStringConfig@CContext@@UAEJKPAGPAK@Z
-  - ?GetOneThreadTEB@CWorkerThreadPool@@QAEPAU_ETHREAD@@XZ
-  - ?GetOneThreadTEB@CWorkerThreadPool@@QAEPAU_KTHREAD@@XZ
-  - ?GetOneThreadTEB@CWorkerThreadPoolEx@@QAEPAU_ETHREAD@@XZ
-  - ?GetOneThreadTEB@CWorkerThreadPoolEx@@QAEPAU_KTHREAD@@XZ
-  - ?GetReportCallBackRoutine@CContext@@QAEKXZ
-  - ?GetSize@CBlobConfig@@QAEKXZ
-  - ?GetStringConfig@CContext@@QAEPAGK@Z
-  - ?GetStringConfig@CContext@@UAEJKPAGPAK@Z
-  - ?GetThreadCount@CWorkerThreadPool@@QAEKXZ
-  - ?GetThreadCount@CWorkerThreadPoolEx@@QAEKXZ
-  - ?GetThreadID@CSystemThread@@QAEKXZ
-  - ?GetType@CContext@@QAEKXZ
-  - ?GetUserParameter@CContext@@QAEKXZ
-  - ?InitProcMon@CDebugLogEx@@IAEXXZ
-  - ?InitializeBlobConfig@CContext@@QAEHKPAXK@Z
-  - ?InitializeFileExtensionConfig@CContext@@QAEHKPBG@Z
-  - ?InitializeFlagConfig@CContext@@QAEHKK@Z
-  - ?InitializeMultiStringConfig@CContext@@QAEHKPBG@Z
-  - ?InitializeStringConfig@CContext@@QAEHKPBG@Z
-  - ?Insert@CList@@UAEXQAXE@Z
-  - ?Insert@CLockList@@UAEXQAXE@Z
-  - ?Insert@CNoLockList@@UAEXQAXE@Z
-  - ?InsertAfter@CList@@UAEXPAX0@Z
-  - ?InsertBefore@CList@@UAEXPAX0@Z
-  - ?Instance@CWorkerThreadPool@@SGPAV1@XZ
-  - ?IsEmpty@CList@@UAEEXZ
-  - ?IsEmpty@CLockList@@UAEEXZ
-  - ?IsEmpty@CNoLockList@@UAEEXZ
-  - ?IsExceedLimitation@CMemoryPoolAllocator@@IAEEK@Z
-  - ?IsFull@CLockList@@QBEEXZ
-  - ?IsFull@CNoLockList@@QBEEXZ
-  - ?IsInExclusionList@CExclusionExtConfig@@QAEEPBG@Z
-  - ?IsInExclusionList@CExclusionFileNameConfig@@QAEEPBG@Z
-  - ?IsInExclusionList@CExclusionFilePathConfig@@QAEEPBG@Z
-  - ?IsInExclusionList@CExclusionFolderConfig@@QAEEPBG@Z
-  - ?IsInExclusionList@CExclusionRegistryConfig@@QAEEPBG@Z
-  - ?IsInInclusionList@CInclusionExtConfig@@QAEEPBG@Z
-  - ?IsInInclusionList@CInclusionFileNameConfig@@QAEEPBG@Z
-  - ?IsInInclusionList@CInclusionFilePathConfig@@QAEEPBG@Z
-  - ?IsInInclusionList@CInclusionFolderConfig@@QAEEPBG@Z
-  - ?IsOpened@CFile@@QAEEXZ
-  - ?IsTerminated@CWorkerThreadPool@@QAEEXZ
-  - ?IsTerminated@CWorkerThreadPoolEx@@QAEEXZ
-  - ?IsValid@CMemoryAllocator@@UAEEXZ
-  - ?IsValid@CMemoryPoolAllocator@@UAEEXZ
-  - ?IsValid@IMemoryAllocator@@UAEEXZ
-  - ?IsWorkerThread@CWorkerThreadPool@@QAEEK@Z
-  - ?IsWorkerThread@CWorkerThreadPoolEx@@QAEEK@Z
-  - ?JobFunction@CUserFuncAdapterJob@@MAEXXZ
-  - ?JobQueue@CWorkerThreadPool@@QAEAAVCWorkerThreadJobQueue@@XZ
-  - ?JobQueue@CWorkerThreadPoolEx@@QAEAAVCWorkerThreadJobQueue@@XZ
-  - ?Limit@CLockList@@QAEKXZ
-  - ?Limit@CNoLockList@@QAEKXZ
-  - ?MatchAllExtensions@CFileExtension@@QAEEXZ
-  - ?MatchNoExtensions@CFileExtension@@QAEEXZ
-  - ?MergeLeft@CMemoryPoolAllocator@@IAEPAXPAX@Z
-  - ?MergeRight@CMemoryPoolAllocator@@IAEPAXPAX@Z
-  - ?NeedDelete@CWorkerThreadJob@@QAEEXZ
-  - ?NeedDeleteWhenFinish@CWorkerThreadJob@@QAEXE@Z
-  - ?NewNode@CList@@UAEPAXXZ
-  - ?NewNode@CStrList@@EAEPAXXZ
-  - ?NewNodeVariant@CList@@IAEPAXK@Z
-  - ?Next@CList@@UBEPAXQAX@Z
-  - ?Next@CLockList@@UBEPAXQAX@Z
-  - ?Next@CNoLockList@@UBEPAXQAX@Z
-  - ?NextPool@CMemoryPoolAllocator@@QAEPAV1@XZ
-  - ?NotityTerminate@CWorkerThread@@QAEXXZ
-  - ?PostJobToWorkerThread@CWorkerThreadPool@@QAEJP6GXPAX@Z0E@Z
-  - ?PostJobToWorkerThread@CWorkerThreadPoolEx@@QAEJP6GXPAX@Z0E1@Z
-  - ?Pulse@CKEvent@@QAEJJE@Z
-  - ?QueueJob@CWorkerThreadJobQueue@@QAEEPAVCWorkerThreadJob@@@Z
-  - ?QueueJobItem@CWorkerThreadPool@@QAEJPAVCWorkerThreadJob@@@Z
-  - ?QueueJobItem@CWorkerThreadPoolEx@@QAEJPAVCWorkerThreadJob@@@Z
-  - ?RCMInstance@CWorkerThreadPool@@SGPAV1@XZ
-  - ?Read@CFile@@QAEJPADKPAK@Z
-  - ?ReadWIRP@CFile@@QAEJPADKPAK@Z
-  - ?ReferenceCount@CContext@@QAEAAKXZ
-  - ?Release@CLockEvent@@QAEXXZ
-  - ?Remove@CContextList@@UAEEQAX@Z
-  - ?Remove@CList@@UAEEQAX@Z
-  - ?Remove@CLockList@@UAEEQAX@Z
-  - ?Remove@CNoLockList@@UAEEQAX@Z
-  - ?RemoveHead@CList@@UAEPAXXZ
-  - ?RemoveHead@CLockList@@UAEPAXXZ
-  - ?RemoveHead@CNoLockList@@UAEPAXXZ
-  - ?RemoveTail@CList@@UAEPAXXZ
-  - ?RemoveTail@CLockList@@UAEPAXXZ
-  - ?RemoveTail@CNoLockList@@UAEPAXXZ
-  - ?Reset@CKEvent@@QAEXXZ
-  - ?ResetData@CInclusionExtConfig@@QAEXXZ
-  - ?ResetData@CInclusionFileNameConfig@@QAEXXZ
-  - ?ResetData@CInclusionFilePathConfig@@QAEXXZ
-  - ?ResetData@CInclusionFolderConfig@@QAEXXZ
-  - ?RestoreCR0@@YGXPAX@Z
-  - ?Run@CAutoUpdateConfigThread@@UAEXXZ
-  - ?Run@CDelayLoadThread@@UAEXXZ
-  - ?Run@CWorkerThread@@UAEXXZ
-  - ?SeekToEnd@CFile@@QAEJXZ
-  - ?Set@CKEvent@@QAEJJE@Z
-  - ?SetAttributes@CFile@@QAEJK@Z
-  - ?SetBlobCofig@CContext@@UAEJKPAXK@Z
-  - ?SetData@CBlobConfig@@QAEHPAXK@Z
-  - ?SetData@CModuleFileExtConfig@@QAEHPBG@Z
-  - ?SetData@CModuleFlagConfig@@QAEHK@Z
-  - ?SetData@CModuleMultiStringConfig@@QAEHPBGK@Z
-  - ?SetData@CModuleStringConfig@@QAEHPBG@Z
-  - ?SetEngineContext@CContext@@QAEXPAX@Z
-  - ?SetFileExtensionConfig@CContext@@UAEJKPBG@Z
-  - ?SetFlagConfig@CContext@@UAEJKK@Z
-  - ?SetLinkContext@CContext@@QAEXPAX@Z
-  - ?SetLogFlag@CDebugLog@@QAEEK@Z
-  - ?SetLogFlag@CDebugLogEx@@QAEEK@Z
-  - ?SetMatchAllExtensions@CFileExtension@@QAEXE@Z
-  - ?SetMatchNoExtensions@CFileExtension@@QAEXE@Z
-  - ?SetMultiStringConfig@CContext@@UAEJKPBG@Z
-  - ?SetNewJobItemEvent@CWorkerThreadJobQueue@@QAEXXZ
-  - ?SetPriority@CSystemThread@@QAEXK@Z
-  - ?SetStopUse@CContext@@QAEXXZ
-  - ?SetStringConfig@CContext@@UAEJKPBG@Z
-  - ?Setup@CSystemThread@@MAEXXZ
-  - ?StopUse@CContext@@QAEHXZ
-  - ?TearDown@CSystemThread@@MAEXXZ
-  - ?Terminate@CSystemThread@@QAEXE@Z
-  - ?Terminate@CWorkerThreadPool@@QAEEXZ
-  - ?Terminate@CWorkerThreadPoolEx@@QAEEXZ
-  - ?TmExceptionFilter@@YGJPAU_EXCEPTION_POINTERS@@@Z
-  - ?Wait@CKEvent@@QAEJPAT_LARGE_INTEGER@@E@Z
-  - ?WaitFinish@CWorkerThreadJob@@QAEXXZ
-  - ?WaitForInit@CDelayLoadThread@@QAEEXZ
-  - ?WaitForLoad@CDelayLoadThread@@QAEEXZ
-  - ?WaitNewJobAvailable@CWorkerThreadJobQueue@@QAEEXZ
-  - ?WaitQueueEmpty@CWorkerThreadJobQueue@@QAEXXZ
-  - ?Write@CDebugLog@@QAAXPBDZZ
-  - ?Write@CDebugLogEx@@QAAXPBDZZ
-  - ?Write@CFile@@QAEJPADKPAT_LARGE_INTEGER@@PAK@Z
-  - ?WriteDataToFile@CDebugLogEx@@IAEXPADK@Z
-  - ?WriteDataToProcMonW@CDebugLogEx@@IAEXPAD@Z
-  - ?WriteSystemInformation@CDebugLog@@QAEXXZ
-  - ?WriteSystemInformation@CDebugLogEx@@QAEXXZ
-  - ?WriteSystemStringInformation@CDebugLog@@IAEXPBG@Z
-  - ?WriteSystemStringInformation@CDebugLogEx@@IAEXPBG@Z
-  - ?WriteToFile@CDebugLog@@IAEXPADK@Z
-  - ?WriteToProcMonW@CDebugLogEx@@IAEXPAU_UNICODE_STRING@@@Z
-  - ?_pNonPagedAllocator@@3PAVCMemoryAllocator@@A
-  - ?_pPagedAllocator@@3PAVCMemoryAllocator@@A
-  - ?m_lpInstance@CWorkerThreadPool@@1PAV1@A
-  - ?m_lpRCMInstance@CWorkerThreadPool@@1PAV1@A
-  - _AllocFullFileName@8
-  - _DeInitKm2UmCommunication@0
-  - _DeInitKmLPC@0
-  - _DuplicateFullFileName@4
-  - _FreeFullFileName@4
-  - _GetKm2UmMode@0
-  - _GetModuleInfoByAddress@8
-  - _GetModuleInfoByModuleName@8
-  - _InitKm2UmCommunication@8
-  - _InitKmLPC@0
-  - _IsVerifierCodeCheckFlagOn@0
-  - _IsWindows8_1_update@4
-  - _KmCallUm@8
-  - _KmCallUmByLPC@8
-  - _KmCallUmEx@12
-  - _KmCleanupCommPortAPIs@0
-  - _KmGetUmInitProcess@0
-  - _KmSetBackupCommPortAPIs@4
-  - _KmSetCommPortAPIs@4
-  - _ModGetExportProcAddress@8
-  - _ModLoadDLLToBuffer@4
-  - _ModLoadDLLToBufferWithImageSize@8
-  - _ModLoadModule@8
-  - _ModUnLoadModule@4
-  - _NormalizeFileName@4
-  - _NormalizeFullNtPathToDosName@4
-  - _TmCommConfigRoutine@4
-  - _UtilAddDeviceInDriveTable@4
-  - _UtilAddReparsePointMapping@8
-  - _UtilCleanFileReadOnly@4
-  - _UtilCloseExclusiveHandle@12
-  - _UtilCreateDosFileName@8
-  - _UtilDeleteFileForce@4
-  - _UtilGetDeviceObjectName@8
-  - _UtilGetFileNameFromFileObject@4
-  - _UtilGetFileObjectForProcessByEPROC@8
-  - _UtilGetFileObjectFromFileName@12
-  - _UtilGetProcessName@12
-  - _UtilGetSystemDirectory@4
-  - _UtilGetSystemDirectoryEx@0
-  - _UtilGetSystemDirectoryLength@0
-  - _UtilGetSystemTime@4
-  - _UtilIoSetFileInfo@24
-  - _UtilIopCreateFileIRP@40
-  - _UtilKeGetLowFileDevice@16
-  - _UtilModuleIATHook@24
-  - _UtilModuleIATUnHook@8
-  - _UtilPostJobToWorkerThread@12
-  - _UtilQueryExclusiveHandle@12
-  - _UtilQueryKeyValue@24
-  - _UtilRemoveDeviceFromDriveTable@4
-  - _UtilVolumeDeviceToDosName@8
-  - _UtilWaitValueChangeToZero@8
-  - _UtilWriteVersionToRegistry@8
-  - _UtilbuildDynamicDiskMappingTable@0
-  - _UtlWriteBinValueKeyToRegistry@16
-  - _ValidateAddressWithSize@20
-  - __ResetProtectFromClose@4
-  - __UtilDosPathNameToNtPathName@12
-  ImportedFunctions:
-  - ExAcquireFastMutexUnsafe
-  - ExReleaseFastMutexUnsafe
-  - ProbeForRead
-  - ProbeForWrite
-  - ExAcquireResourceSharedLite
-  - ExAcquireResourceExclusiveLite
-  - ExReleaseResourceLite
-  - MmProbeAndLockPages
-  - MmUnlockPages
-  - MmMapLockedPagesSpecifyCache
-  - IoAllocateMdl
-  - IoFreeMdl
-  - IoGetCurrentProcess
-  - ObfReferenceObject
-  - ObfDereferenceObject
-  - ZwClose
-  - ZwCreateSection
-  - ZwOpenSection
-  - ZwMapViewOfSection
-  - ZwUnmapViewOfSection
-  - ZwOpenEvent
-  - KePulseEvent
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - ObOpenObjectByPointer
-  - ZwAllocateVirtualMemory
-  - ZwFreeVirtualMemory
-  - ZwSetEvent
-  - _allmul
-  - memcpy
-  - memset
-  - PsProcessType
-  - wcsncpy
-  - wcsrchr
-  - RtlUnicodeStringToInteger
-  - ZwWaitForSingleObject
-  - ZwRequestWaitReplyPort
-  - ZwConnectPort
-  - _stricmp
-  - ExAllocatePoolWithTag
-  - MmIsAddressValid
-  - RtlImageNtHeader
-  - ZwQuerySystemInformation
-  - swprintf
-  - RtlCopyUnicodeString
-  - DbgPrint
-  - KeDelayExecutionThread
-  - KeQuerySystemTime
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ObReferenceObjectByHandle
-  - PsGetCurrentProcessId
-  - ZwCreateEvent
-  - ExEventObjectType
-  - PsThreadType
-  - MmSectionObjectType
-  - SeCaptureSubjectContext
-  - SeReleaseSubjectContext
-  - SeAccessCheck
-  - ObGetObjectSecurity
-  - ObReleaseObjectSecurity
-  - PsGetProcessExitTime
-  - RtlCreateSecurityDescriptor
-  - RtlSetDaclSecurityDescriptor
-  - KeInitializeSemaphore
-  - KeReleaseSemaphore
-  - RtlCreateAcl
-  - RtlAddAccessAllowedAce
-  - RtlLengthRequiredSid
-  - RtlInitializeSid
-  - RtlSubAuthoritySid
-  - ExGetPreviousMode
-  - _wcsnicmp
-  - PsSetCreateProcessNotifyRoutine
-  - ZwQueryInformationProcess
-  - PsLookupProcessByProcessId
-  - ZwOpenDirectoryObject
-  - ExInitializeResourceLite
-  - ExDeleteResourceLite
-  - ZwCreateFile
-  - ZwQueryInformationFile
-  - ZwSetInformationFile
-  - ZwReadFile
-  - ZwWriteFile
-  - towupper
-  - MmGetSystemRoutineAddress
-  - ObReferenceObjectByPointer
-  - ObQueryNameString
-  - MmHighestUserAddress
-  - PsGetVersion
-  - _snprintf
-  - _vsnprintf
-  - RtlInitAnsiString
-  - RtlAnsiStringToUnicodeString
-  - RtlFreeUnicodeString
-  - RtlTimeToTimeFields
-  - KeWaitForMultipleObjects
-  - ExSystemTimeToLocalTime
-  - ExFreePoolWithTag
-  - PsGetCurrentThreadId
-  - ZwDeviceIoControlFile
-  - ZwNotifyChangeKey
-  - ZwOpenFile
-  - ZwQueryVolumeInformationFile
-  - mbstowcs
-  - IoGetDeviceObjectPointer
-  - _strnicmp
-  - RtlCompareUnicodeString
-  - RtlCompareMemory
-  - MmBuildMdlForNonPagedPool
-  - IoAllocateIrp
-  - IofCallDriver
-  - IoFreeIrp
-  - RtlUpperChar
-  - ObReferenceObjectByName
-  - IoFileObjectType
-  - IoDriverObjectType
-  - IoBuildDeviceIoControlRequest
-  - IoCreateFile
-  - RtlEqualUnicodeString
-  - RtlAppendUnicodeStringToString
-  - RtlUpcaseUnicodeChar
-  - _snwprintf
-  - strncpy
-  - NtOpenProcess
-  - NtQueryInformationProcess
-  - PsIsThreadTerminating
-  - ObOpenObjectByName
-  - KeServiceDescriptorTable
-  - KeAddSystemServiceTable
-  - KeSetPriorityThread
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - KeNumberProcessors
-  - RtlLengthSecurityDescriptor
-  - ZwOpenKey
-  - ZwDeleteKey
-  - ZwDeleteValueKey
-  - ZwEnumerateKey
-  - ZwEnumerateValueKey
-  - ZwQueryKey
-  - ZwQueryValueKey
-  - ZwSetValueKey
-  - ZwTerminateProcess
-  - ZwOpenProcess
-  - ZwQuerySecurityObject
-  - ZwSetSecurityObject
-  - ZwQueryDirectoryObject
-  - ZwQueryDirectoryFile
-  - _allrem
-  - RtlAppendUnicodeToString
-  - ZwFsControlFile
-  - ObInsertObject
-  - strrchr
-  - wcschr
-  - wcsncmp
-  - RtlQueryRegistryValues
-  - IoBuildAsynchronousFsdRequest
-  - ZwOpenSymbolicLinkObject
-  - ZwQuerySymbolicLinkObject
-  - RtlUpcaseUnicodeString
-  - NtClose
-  - ZwSetInformationObject
-  - SeQueryAuthenticationIdToken
-  - MmSystemRangeStart
-  - IoGetFileObjectGenericMapping
-  - ObCreateObject
-  - SeCreateAccessState
-  - IoAcquireVpbSpinLock
-  - IoReleaseVpbSpinLock
-  - wcstombs
-  - strncat
-  - wcsncat
-  - RtlUnicodeStringToAnsiString
-  - RtlFreeAnsiString
-  - wcsstr
-  - ExAllocatePool
-  - ExInterlockedPopEntrySList
-  - IoBuildSynchronousFsdRequest
-  - IoGetStackLimits
-  - IoGetDeviceInterfaces
-  - IoRegisterPlugPlayNotification
-  - IoUnregisterPlugPlayNotification
-  - IoGetConfigurationInformation
-  - FsRtlIsNameInExpression
-  - RtlUnwind
-  - IoDeviceObjectType
-  - IoCreateDevice
-  - RtlGetOwnerSecurityDescriptor
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetSaclSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - RtlLengthSid
-  - SeExports
-  - IoIsWdmVersionAvailable
-  - RtlAbsoluteToSelfRelativeSD
-  - KeWaitForSingleObject
-  - KeLeaveCriticalRegion
-  - KeBugCheckEx
-  - KeEnterCriticalRegion
-  - KeSetEvent
-  - KeClearEvent
-  - KeInitializeEvent
-  - RtlInitUnicodeString
-  - KeGetCurrentThread
-  - memmove
-  - ZwCreateKey
-  - _purecall
-  - ClassInitialize
-  - KeRaiseIrqlToDpcLevel
-  - KfAcquireSpinLock
-  - KeGetCurrentIrql
-  - ExReleaseFastMutex
-  - ExAcquireFastMutex
-  - KfLowerIrql
-  - KfRaiseIrql
-  - KfReleaseSpinLock
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=TW, ST=Taiwan, L=Taipei, O=Trend Micro, Inc., CN=Trend Micro, Inc.
-      ValidFrom: '2017-04-27 00:00:00'
-      ValidTo: '2018-07-16 23:59:59'
-      Signature: f3b20c020c826fd9e2629408ffc97c9e245959d1050c9ce7708069d366d26af191812e16fce674eaca0d8f05b2a796280831737299800d2bfe0071efecf655117b7952a4d7c0701b97de034a1d42e928fd1a2082b081f9d22e9d39af3233cf05c1e61ae1f8fbfec872e78d9a0b29b4f147f1a053d1757a824601df2bb07c75c591fe7efbaf0021764b90cd446f85f80d14bc2cd42c83edfa7d2510f8f94c82d1b3ea999b1cff9093291977c7e996dc32904d3934f167077684ff76aa5327654a0bd7223d9d67657b47c5b46012dca6723d89e7fa051b3380d0c4977b9df537e75da3186ab149b27c089715a01bd695f408f7ded66bfbe920d27a6f6a7d4cc8b3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 497c4fad471540e6e453d0cafb155740
-      Version: 3
-      TBS:
-        MD5: 78eaa337666217b1c16a9a0ebd0b8434
-        SHA1: ff9cb835e78f6185eed4372096c3bae53b17d18d
-        SHA256: 1c0d9746725e176b4a7c2852878f14d7587f58e65d346bc1247f1c8ee6374250
-        SHA384: ffe3c75b860679a5de399c7d2c2844dbfac51d5d8581e24648d208daba1e4bed5c867808e02dc8d7cb3df1d4b2b53d10
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 497c4fad471540e6e453d0cafb155740
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 638421ba9c7c3d1243f119fd6a9e4bd0
-    SHA1: 0073bd94451b7cbc3b7814b6df5c45c61f99016b
-    SHA256: 0dd9eaf41e836f6a7165b1443ea778563dcd126fa15e4561b54bc6bdae0a6d01
-  Sections:
-    .text:
-      Entropy: 6.776237694128123
-      Virtual Size: '0x39e34'
-    .rdata:
-      Entropy: 5.132175114810313
-      Virtual Size: '0x22e4'
-    .data:
-      Entropy: 4.285337611072111
-      Virtual Size: '0x34e4'
-    PAGE:
-      Entropy: 6.307017606433121
-      Virtual Size: '0x15da'
-    .edata:
-      Entropy: 5.835621349465566
-      Virtual Size: '0x5635'
-    INIT:
-      Entropy: 5.724503523166839
-      Virtual Size: '0x1692'
-    .rsrc:
-      Entropy: 3.385539994882901
-      Virtual Size: '0x568'
-    .reloc:
-      Entropy: 6.795234137948534
-      Virtual Size: '0x3600'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2017-07-12 21:24:09'
-  Imphash: db62897eb9d2098e988f830159c04c82
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: TmComm.sys
-  MD5: 09927915aba84c8acd91efdaac674b86
-  SHA1: b304cb10c88ddd8461bad429ebfd2fd1b809ac2b
-  SHA256: bcfc2c9883e6c1b8429be44cc4db988a9eecb544988fbd756d18cfca6201876f
-  Authentihash:
-    MD5: d1f83eec944debf86cb97352d63f8fd3
-    SHA1: 923910c609673b7ffb23a0c3cd9d33aedd69607a
-    SHA256: 6bdf465db8860c80051d4d1b9db1c3153ab65c252f9500b85efc56d255b4cb1d
-  Description: TrendMicro Common Module
-  Company: Trend Micro Inc.
-  InternalName: TmComm.sys
-  OriginalFilename: TmComm.sys
-  FileVersion: 7.30.0.1049
-  Product: Trend Micro Eyes
-  ProductVersion: '7.30'
-  Copyright: Copyright  (C)  2017 Trend Micro Incorporated. All rights reserved.
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions:
-  - ??0CAutoUpdateConfigThread@@QEAA@AEBV0@@Z
-  - ??0CAutoUpdateConfigThread@@QEAA@PEAU_UNICODE_STRING@@P6AX0PEAX@Z1@Z
-  - ??0CBlobConfig@@QEAA@AEBV0@@Z
-  - ??0CBlobConfig@@QEAA@K@Z
-  - ??0CContext@@QEAA@AEBV0@@Z
-  - ??0CContext@@QEAA@KP6AJPEAU_EVENT_REPORT@@PEAXPEAU_TMCE_REPORT@@PEAU_TMCE_FEEDBACK@@@Z1K@Z
-  - ??0CContextList@@QEAA@AEBV0@@Z
-  - ??0CContextList@@QEAA@KPEAVIMemoryAllocator@@@Z
-  - ??0CDebugLog@@QEAA@AEBV0@@Z
-  - ??0CDebugLog@@QEAA@PEBG@Z
-  - ??0CDebugLogEx@@QEAA@AEBV0@@Z
-  - ??0CDebugLogEx@@QEAA@K@Z
-  - ??0CDelayLoadThread@@QEAA@AEBV0@@Z
-  - ??0CDelayLoadThread@@QEAA@XZ
-  - ??0CExclusionExtConfig@@QEAA@AEBV0@@Z
-  - ??0CExclusionExtConfig@@QEAA@KKE@Z
-  - ??0CExclusionFileNameConfig@@QEAA@AEBV0@@Z
-  - ??0CExclusionFileNameConfig@@QEAA@KK@Z
-  - ??0CExclusionFilePathConfig@@QEAA@AEBV0@@Z
-  - ??0CExclusionFilePathConfig@@QEAA@KK@Z
-  - ??0CExclusionFolderConfig@@QEAA@AEBV0@@Z
-  - ??0CExclusionFolderConfig@@QEAA@KK@Z
-  - ??0CExclusionRegistryConfig@@QEAA@AEBV0@@Z
-  - ??0CExclusionRegistryConfig@@QEAA@KK@Z
-  - ??0CFile@@QEAA@AEBV0@@Z
-  - ??0CFile@@QEAA@E@Z
-  - ??0CFileExtension@@QEAA@AEBV0@@Z
-  - ??0CFileExtension@@QEAA@KEEPEAVIMemoryAllocator@@@Z
-  - ??0CInclusionExtConfig@@QEAA@AEBV0@@Z
-  - ??0CInclusionExtConfig@@QEAA@KKE@Z
-  - ??0CInclusionFileNameConfig@@QEAA@AEBV0@@Z
-  - ??0CInclusionFileNameConfig@@QEAA@KK@Z
-  - ??0CInclusionFilePathConfig@@QEAA@AEBV0@@Z
-  - ??0CInclusionFilePathConfig@@QEAA@KK@Z
-  - ??0CInclusionFolderConfig@@QEAA@AEBV0@@Z
-  - ??0CInclusionFolderConfig@@QEAA@KK@Z
-  - ??0CKEvent@@QEAA@AEBV0@@Z
-  - ??0CKEvent@@QEAA@W4_EVENT_TYPE@@E@Z
-  - ??0CList@@QEAA@AEBV0@@Z
-  - ??0CList@@QEAA@KPEAVIMemoryAllocator@@@Z
-  - ??0CLockEvent@@QEAA@AEBV0@@Z
-  - ??0CLockEvent@@QEAA@XZ
-  - ??0CLockList@@QEAA@AEBV0@@Z
-  - ??0CLockList@@QEAA@KKPEAVIMemoryAllocator@@@Z
-  - ??0CMemoryAllocator@@IEAA@W4_POOL_TYPE@@K@Z
-  - ??0CMemoryAllocator@@QEAA@AEBV0@@Z
-  - ??0CMemoryPoolAllocator@@IEAA@W4_POOL_TYPE@@_K1K@Z
-  - ??0CMemoryPoolAllocator@@QEAA@AEBV0@@Z
-  - ??0CModuleConfig@@QEAA@AEBV0@@Z
-  - ??0CModuleConfig@@QEAA@XZ
-  - ??0CModuleConfigList@@QEAA@AEBV0@@Z
-  - ??0CModuleConfigList@@QEAA@KPEAVIMemoryAllocator@@@Z
-  - ??0CModuleFileExtConfig@@QEAA@AEBV0@@Z
-  - ??0CModuleFileExtConfig@@QEAA@KKE@Z
-  - ??0CModuleFlagConfig@@QEAA@AEBV0@@Z
-  - ??0CModuleFlagConfig@@QEAA@K@Z
-  - ??0CModuleMultiStringConfig@@QEAA@AEBV0@@Z
-  - ??0CModuleMultiStringConfig@@QEAA@KK@Z
-  - ??0CModuleStringConfig@@QEAA@AEBV0@@Z
-  - ??0CModuleStringConfig@@QEAA@K@Z
-  - ??0CNoLockList@@QEAA@AEBV0@@Z
-  - ??0CNoLockList@@QEAA@KKPEAVIMemoryAllocator@@@Z
-  - ??0CSmartLock@@QEAA@AEAVCLockEvent@@@Z
-  - ??0CSmartLock@@QEAA@XZ
-  - ??0CSmartReference@@QEAA@AEAJ@Z
-  - ??0CSmartReference@@QEAA@AEAK@Z
-  - ??0CSmartResource@@QEAA@AEAVCResource@@E@Z
-  - ??0CStrList@@QEAA@AEBV0@@Z
-  - ??0CStrList@@QEAA@KPEAVIMemoryAllocator@@@Z
-  - ??0CSystemThread@@QEAA@AEBV0@@Z
-  - ??0CSystemThread@@QEAA@K@Z
-  - ??0CUserFuncAdapterJob@@QEAA@AEBV0@@Z
-  - ??0CUserFuncAdapterJob@@QEAA@P6AXPEAX@Z01@Z
-  - ??0CWorkerThread@@IEAA@PEAVCWorkerThreadJobQueue@@@Z
-  - ??0CWorkerThread@@QEAA@AEBV0@@Z
-  - ??0CWorkerThreadJob@@QEAA@AEBV0@@Z
-  - ??0CWorkerThreadJob@@QEAA@E@Z
-  - ??0CWorkerThreadJobQueue@@QEAA@AEBV0@@Z
-  - ??0CWorkerThreadJobQueue@@QEAA@K@Z
-  - ??0CWorkerThreadPool@@QEAA@AEBV0@@Z
-  - ??0CWorkerThreadPool@@QEAA@K@Z
-  - ??0CWorkerThreadPoolEx@@QEAA@AEBV0@@Z
-  - ??0CWorkerThreadPoolEx@@QEAA@KK@Z
-  - ??0IMemoryAllocator@@QEAA@AEBV0@@Z
-  - ??0IMemoryAllocator@@QEAA@XZ
-  - ??1CAutoUpdateConfigThread@@UEAA@XZ
-  - ??1CBlobConfig@@UEAA@XZ
-  - ??1CContext@@UEAA@XZ
-  - ??1CContextList@@UEAA@XZ
-  - ??1CDebugLog@@UEAA@XZ
-  - ??1CDebugLogEx@@UEAA@XZ
-  - ??1CDelayLoadThread@@UEAA@XZ
-  - ??1CExclusionExtConfig@@UEAA@XZ
-  - ??1CExclusionFileNameConfig@@UEAA@XZ
-  - ??1CExclusionFilePathConfig@@UEAA@XZ
-  - ??1CExclusionFolderConfig@@UEAA@XZ
-  - ??1CExclusionRegistryConfig@@UEAA@XZ
-  - ??1CFile@@UEAA@XZ
-  - ??1CFileExtension@@UEAA@XZ
-  - ??1CInclusionExtConfig@@UEAA@XZ
-  - ??1CInclusionFileNameConfig@@UEAA@XZ
-  - ??1CInclusionFilePathConfig@@UEAA@XZ
-  - ??1CInclusionFolderConfig@@UEAA@XZ
-  - ??1CKEvent@@UEAA@XZ
-  - ??1CList@@UEAA@XZ
-  - ??1CLockEvent@@UEAA@XZ
-  - ??1CLockList@@UEAA@XZ
-  - ??1CMemoryAllocator@@UEAA@XZ
-  - ??1CMemoryPoolAllocator@@UEAA@XZ
-  - ??1CModuleConfig@@UEAA@XZ
-  - ??1CModuleConfigList@@UEAA@XZ
-  - ??1CModuleFileExtConfig@@UEAA@XZ
-  - ??1CModuleFlagConfig@@UEAA@XZ
-  - ??1CModuleMultiStringConfig@@UEAA@XZ
-  - ??1CModuleStringConfig@@UEAA@XZ
-  - ??1CNoLockList@@UEAA@XZ
-  - ??1CSmartLock@@QEAA@XZ
-  - ??1CSmartReference@@QEAA@XZ
-  - ??1CSmartResource@@QEAA@XZ
-  - ??1CStrList@@UEAA@XZ
-  - ??1CSystemThread@@UEAA@XZ
-  - ??1CUserFuncAdapterJob@@UEAA@XZ
-  - ??1CWorkerThread@@UEAA@XZ
-  - ??1CWorkerThreadJob@@UEAA@XZ
-  - ??1CWorkerThreadJobQueue@@UEAA@XZ
-  - ??1CWorkerThreadPool@@UEAA@XZ
-  - ??1CWorkerThreadPoolEx@@UEAA@XZ
-  - ??1IMemoryAllocator@@UEAA@XZ
-  - ??2@YAPEAX_KPEAVIMemoryAllocator@@PEBDK@Z
-  - ??2CMemoryAllocator@@SAPEAX_K@Z
-  - ??2CMemoryPoolAllocator@@SAPEAX_K@Z
-  - ??3@YAXPEAX@Z
-  - ??3@YAXPEAX_K@Z
-  - ??3IMemoryAllocator@@SAXPEAX@Z
-  - ??4CAutoUpdateConfigThread@@QEAAAEAV0@AEBV0@@Z
-  - ??4CBlobConfig@@QEAAAEAV0@AEBV0@@Z
-  - ??4CContext@@QEAAAEAV0@AEBV0@@Z
-  - ??4CDebugLog@@QEAAAEAV0@AEBV0@@Z
-  - ??4CDebugLogEx@@QEAAAEAV0@AEBV0@@Z
-  - ??4CDelayLoadThread@@QEAAAEAV0@AEBV0@@Z
-  - ??4CFile@@QEAAAEAV0@AEBV0@@Z
-  - ??4CKEvent@@QEAAAEAV0@AEBV0@@Z
-  - ??4CLockEvent@@QEAAAEAV0@AEBV0@@Z
-  - ??4CMemoryAllocator@@QEAAAEAV0@AEBV0@@Z
-  - ??4CMemoryPoolAllocator@@QEAAAEAV0@AEBV0@@Z
-  - ??4CModuleConfig@@QEAAAEAV0@AEBV0@@Z
-  - ??4CModuleFlagConfig@@QEAAAEAV0@AEBV0@@Z
-  - ??4CModuleStringConfig@@QEAAAEAV0@AEBV0@@Z
-  - ??4CSmartLock@@QEAAAEAV0@AEBV0@@Z
-  - ??4CSmartLock@@QEAAAEBV0@AEAVCLockEvent@@@Z
-  - ??4CSmartResource@@QEAAAEAV0@AEBV0@@Z
-  - ??4CSystemThread@@QEAAAEAV0@AEBV0@@Z
-  - ??4CUserFuncAdapterJob@@QEAAAEAV0@AEBV0@@Z
-  - ??4CWorkerThread@@QEAAAEAV0@AEBV0@@Z
-  - ??4CWorkerThreadJob@@QEAAAEAV0@AEBV0@@Z
-  - ??4IMemoryAllocator@@QEAAAEAV0@AEBV0@@Z
-  - ??_7CAutoUpdateConfigThread@@6B@
-  - ??_7CBlobConfig@@6B@
-  - ??_7CContext@@6B@
-  - ??_7CContextList@@6B@
-  - ??_7CDebugLog@@6B@
-  - ??_7CDebugLogEx@@6B@
-  - ??_7CDelayLoadThread@@6B@
-  - ??_7CExclusionExtConfig@@6B@
-  - ??_7CExclusionFileNameConfig@@6B@
-  - ??_7CExclusionFilePathConfig@@6B@
-  - ??_7CExclusionFolderConfig@@6B@
-  - ??_7CExclusionRegistryConfig@@6B@
-  - ??_7CFile@@6B@
-  - ??_7CFileExtension@@6B@
-  - ??_7CInclusionExtConfig@@6B@
-  - ??_7CInclusionFileNameConfig@@6B@
-  - ??_7CInclusionFilePathConfig@@6B@
-  - ??_7CInclusionFolderConfig@@6B@
-  - ??_7CKEvent@@6B@
-  - ??_7CList@@6B@
-  - ??_7CLockEvent@@6B@
-  - ??_7CLockList@@6B@
-  - ??_7CMemoryAllocator@@6B@
-  - ??_7CMemoryPoolAllocator@@6B@
-  - ??_7CModuleConfig@@6B@
-  - ??_7CModuleConfigList@@6B@
-  - ??_7CModuleFileExtConfig@@6B@
-  - ??_7CModuleFlagConfig@@6B@
-  - ??_7CModuleMultiStringConfig@@6B@
-  - ??_7CModuleStringConfig@@6B@
-  - ??_7CNoLockList@@6B@
-  - ??_7CStrList@@6B@
-  - ??_7CSystemThread@@6B@
-  - ??_7CUserFuncAdapterJob@@6B@
-  - ??_7CWorkerThread@@6B@
-  - ??_7CWorkerThreadJob@@6B@
-  - ??_7CWorkerThreadJobQueue@@6B@
-  - ??_7CWorkerThreadPool@@6B@
-  - ??_7CWorkerThreadPoolEx@@6B@
-  - ??_7IMemoryAllocator@@6B@
-  - ??_FCContextList@@QEAAXXZ
-  - ??_FCFile@@QEAAXXZ
-  - ??_FCFileExtension@@QEAAXXZ
-  - ??_FCModuleConfigList@@QEAAXXZ
-  - ??_FCStrList@@QEAAXXZ
-  - ??_FCSystemThread@@QEAAXXZ
-  - ??_FCWorkerThread@@QEAAXXZ
-  - ??_FCWorkerThreadJob@@QEAAXXZ
-  - ??_FCWorkerThreadJobQueue@@QEAAXXZ
-  - ??_U@YAPEAX_KPEAVIMemoryAllocator@@PEBDK@Z
-  - ??_V@YAXPEAX@Z
-  - ??_V@YAXPEAX_K@Z
-  - ?Acquire@CLockEvent@@QEAAXXZ
-  - ?Add@CContextList@@QEAAEPEAVCContext@@@Z
-  - ?Add@CFileExtension@@QEAAEPEBGK@Z
-  - ?Add@CModuleConfigList@@QEAAEPEAVCModuleConfig@@@Z
-  - ?Add@CStrList@@QEAAEPEBG@Z
-  - ?AddNode@CLockList@@UEAAEQEAXE@Z
-  - ?AddNode@CNoLockList@@UEAAEQEAXE@Z
-  - ?Alloc@CMemoryAllocator@@UEAAPEAX_KPEBDK@Z
-  - ?Alloc@CMemoryPoolAllocator@@UEAAPEAX_KPEBDK@Z
-  - ?AllocBlock@CMemoryPoolAllocator@@IEAAPEAX_K@Z
-  - ?AttachJobQueue@CWorkerThread@@QEAAXPEAVCWorkerThreadJobQueue@@@Z
-  - ?Cancel@CWorkerThreadJob@@QEAAXXZ
-  - ?CheckNode@CLockList@@UEAAHQEAX@Z
-  - ?CheckNode@CNoLockList@@UEAAHQEAX@Z
-  - ?CleanQueue@CWorkerThreadJobQueue@@QEAAXXZ
-  - ?Cleanup@CBlobConfig@@AEAAXXZ
-  - ?Cleanup@CModuleFileExtConfig@@IEAAXXZ
-  - ?Cleanup@CModuleMultiStringConfig@@IEAAXXZ
-  - ?Cleanup@CModuleStringConfig@@AEAAXXZ
-  - ?Close@CFile@@QEAAJXZ
-  - ?Count@CLockList@@QEAAKXZ
-  - ?Count@CNoLockList@@QEAAKXZ
-  - ?Create@CFile@@QEAAJPEBGKKKK@Z
-  - ?Create@CSystemThread@@QEAAEXZ
-  - ?CreateInstance@CMemoryAllocator@@SAPEAV1@W4_POOL_TYPE@@K@Z
-  - ?CreateInstance@CMemoryPoolAllocator@@SAPEAV1@W4_POOL_TYPE@@_K1K@Z
-  - ?CreatePool@CWorkerThreadPool@@QEAAEXZ
-  - ?CreatePool@CWorkerThreadPoolEx@@QEAAEXZ
-  - ?CreateThreads@CWorkerThreadPool@@QEAAEK@Z
-  - ?CreateThreads@CWorkerThreadPoolEx@@QEAAEK@Z
-  - ?CreateWIRP@CFile@@QEAAJPEBGKKKK@Z
-  - ?Delete@CFile@@QEAAJXZ
-  - ?Delete@CFileExtension@@QEAAEPEBGK@Z
-  - ?Delete@CStrList@@QEAAEPEBG@Z
-  - ?DeleteAll@CList@@UEAAXXZ
-  - ?DeleteAll@CLockList@@UEAAXXZ
-  - ?DeleteAll@CNoLockList@@UEAAXXZ
-  - ?DeleteNode@CContextList@@MEAAXPEAX@Z
-  - ?DeleteNode@CList@@UEAAXPEAX@Z
-  - ?DeleteNode@CModuleConfigList@@MEAAXPEAX@Z
-  - ?DeleteNode@CStrList@@EEAAXPEAU_STR_LIST_NODE@1@@Z
-  - ?DisableWriteProtectFromCR0@@YAXPEAPEAX@Z
-  - ?DoIt@CWorkerThreadJob@@QEAAJXZ
-  - ?EntryPoint@CSystemThread@@KAXPEAX@Z
-  - ?Find@CContextList@@QEAAPEAVCContext@@K@Z
-  - ?Find@CContextList@@QEAAPEAVCContext@@PEAX@Z
-  - ?Find@CFileExtension@@QEAAPEAU_STR_LIST_NODE@CStrList@@PEBGK@Z
-  - ?Find@CModuleConfigList@@QEAAPEAVCModuleConfig@@K@Z
-  - ?Find@CStrList@@QEAAPEAU_STR_LIST_NODE@1@PEBG@Z
-  - ?FindNode@CContextList@@IEAAPEAXPEAX@Z
-  - ?FindPartiallyAndAllMatch@CStrList@@QEAAPEAU_STR_LIST_NODE@1@PEBG@Z
-  - ?FinishFunction@CUserFuncAdapterJob@@MEAAXXZ
-  - ?FinishIt@CWorkerThreadJob@@QEAAJXZ
-  - ?First@CList@@UEAAPEAXXZ
-  - ?First@CLockList@@UEAAPEAXXZ
-  - ?First@CNoLockList@@UEAAPEAXXZ
-  - ?Free@CMemoryAllocator@@UEAAXPEAX@Z
-  - ?Free@CMemoryPoolAllocator@@UEAAXPEAX@Z
-  - ?GetAttributes@CFile@@QEAAKXZ
-  - ?GetBasicInfomration@CFile@@IEAAJXZ
-  - ?GetBlobCofig@CContext@@UEAAJKPEAXPEAK@Z
-  - ?GetCategory@CContext@@QEAAKXZ
-  - ?GetData@CBlobConfig@@QEAAHPEAXPEAK@Z
-  - ?GetData@CModuleFileExtConfig@@QEAAHPEAGPEAK@Z
-  - ?GetData@CModuleFileExtConfig@@QEAAPEAVCFileExtension@@XZ
-  - ?GetData@CModuleFlagConfig@@QEAAKXZ
-  - ?GetData@CModuleMultiStringConfig@@QEAAHPEAGPEAK@Z
-  - ?GetData@CModuleMultiStringConfig@@QEAAPEAVCStrList@@XZ
-  - ?GetData@CModuleStringConfig@@QEAAPEAGXZ
-  - ?GetData@CStrList@@QEAAEPEAGPEAK@Z
-  - ?GetDataType@CModuleConfig@@QEAAKXZ
-  - ?GetEngineContext@CContext@@QEAAPEAXXZ
-  - ?GetFileExtensionConfig@CContext@@QEAAPEAVCFileExtension@@K@Z
-  - ?GetFileExtensionConfig@CContext@@UEAAJKPEAGPEAK@Z
-  - ?GetFileSize@CFile@@QEAAJPEAT_LARGE_INTEGER@@@Z
-  - ?GetFileSizeWIRP@CFile@@QEAAJPEAT_LARGE_INTEGER@@@Z
-  - ?GetFlagConfig@CContext@@UEAAJKPEAK@Z
-  - ?GetID@CModuleConfig@@QEAAKXZ
-  - ?GetJob@CWorkerThreadJobQueue@@QEAAPEAVCWorkerThreadJob@@XZ
-  - ?GetLength@CModuleStringConfig@@QEAAKXZ
-  - ?GetLinkContext@CContext@@QEAAPEAXXZ
-  - ?GetLogFlag@CDebugLog@@QEAAKXZ
-  - ?GetLogFlag@CDebugLogEx@@QEAAKXZ
-  - ?GetModuleId@CModuleConfig@@QEAAKXZ
-  - ?GetMultiStringConfig@CContext@@QEAAPEAVCStrList@@K@Z
-  - ?GetMultiStringConfig@CContext@@UEAAJKPEAGPEAK@Z
-  - ?GetOneThreadTEB@CWorkerThreadPool@@QEAAPEAU_ETHREAD@@XZ
-  - ?GetOneThreadTEB@CWorkerThreadPool@@QEAAPEAU_KTHREAD@@XZ
-  - ?GetOneThreadTEB@CWorkerThreadPoolEx@@QEAAPEAU_ETHREAD@@XZ
-  - ?GetOneThreadTEB@CWorkerThreadPoolEx@@QEAAPEAU_KTHREAD@@XZ
-  - ?GetReportCallBackRoutine@CContext@@QEAA_KXZ
-  - ?GetSize@CBlobConfig@@QEAAKXZ
-  - ?GetStringConfig@CContext@@QEAAPEAGK@Z
-  - ?GetStringConfig@CContext@@UEAAJKPEAGPEAK@Z
-  - ?GetThreadCount@CWorkerThreadPool@@QEAAKXZ
-  - ?GetThreadCount@CWorkerThreadPoolEx@@QEAAKXZ
-  - ?GetThreadID@CSystemThread@@QEAA_KXZ
-  - ?GetType@CContext@@QEAAKXZ
-  - ?GetUserParameter@CContext@@QEAA_KXZ
-  - ?InitProcMon@CDebugLogEx@@IEAAXXZ
-  - ?InitializeBlobConfig@CContext@@QEAAHKPEAXK@Z
-  - ?InitializeFileExtensionConfig@CContext@@QEAAHKPEBG@Z
-  - ?InitializeFlagConfig@CContext@@QEAAHKK@Z
-  - ?InitializeMultiStringConfig@CContext@@QEAAHKPEBG@Z
-  - ?InitializeStringConfig@CContext@@QEAAHKPEBG@Z
-  - ?Insert@CList@@UEAAXQEAXE@Z
-  - ?Insert@CLockList@@UEAAXQEAXE@Z
-  - ?Insert@CNoLockList@@UEAAXQEAXE@Z
-  - ?InsertAfter@CList@@UEAAXPEAX0@Z
-  - ?InsertBefore@CList@@UEAAXPEAX0@Z
-  - ?Instance@CWorkerThreadPool@@SAPEAV1@XZ
-  - ?IsEmpty@CList@@UEAAEXZ
-  - ?IsEmpty@CLockList@@UEAAEXZ
-  - ?IsEmpty@CNoLockList@@UEAAEXZ
-  - ?IsExceedLimitation@CMemoryPoolAllocator@@IEAAEK@Z
-  - ?IsFull@CLockList@@QEBAEXZ
-  - ?IsFull@CNoLockList@@QEBAEXZ
-  - ?IsInExclusionList@CExclusionExtConfig@@QEAAEPEBG@Z
-  - ?IsInExclusionList@CExclusionFileNameConfig@@QEAAEPEBG@Z
-  - ?IsInExclusionList@CExclusionFilePathConfig@@QEAAEPEBG@Z
-  - ?IsInExclusionList@CExclusionFolderConfig@@QEAAEPEBG@Z
-  - ?IsInExclusionList@CExclusionRegistryConfig@@QEAAEPEBG@Z
-  - ?IsInInclusionList@CInclusionExtConfig@@QEAAEPEBG@Z
-  - ?IsInInclusionList@CInclusionFileNameConfig@@QEAAEPEBG@Z
-  - ?IsInInclusionList@CInclusionFilePathConfig@@QEAAEPEBG@Z
-  - ?IsInInclusionList@CInclusionFolderConfig@@QEAAEPEBG@Z
-  - ?IsOpened@CFile@@QEAAEXZ
-  - ?IsTerminated@CWorkerThreadPool@@QEAAEXZ
-  - ?IsTerminated@CWorkerThreadPoolEx@@QEAAEXZ
-  - ?IsValid@CMemoryAllocator@@UEAAEXZ
-  - ?IsValid@CMemoryPoolAllocator@@UEAAEXZ
-  - ?IsValid@IMemoryAllocator@@UEAAEXZ
-  - ?IsWorkerThread@CWorkerThreadPool@@QEAAE_K@Z
-  - ?IsWorkerThread@CWorkerThreadPoolEx@@QEAAE_K@Z
-  - ?JobFunction@CUserFuncAdapterJob@@MEAAXXZ
-  - ?JobQueue@CWorkerThreadPool@@QEAAAEAVCWorkerThreadJobQueue@@XZ
-  - ?JobQueue@CWorkerThreadPoolEx@@QEAAAEAVCWorkerThreadJobQueue@@XZ
-  - ?Limit@CLockList@@QEAAKXZ
-  - ?Limit@CNoLockList@@QEAAKXZ
-  - ?MatchAllExtensions@CFileExtension@@QEAAEXZ
-  - ?MatchNoExtensions@CFileExtension@@QEAAEXZ
-  - ?MergeLeft@CMemoryPoolAllocator@@IEAAPEAXPEAX@Z
-  - ?MergeRight@CMemoryPoolAllocator@@IEAAPEAXPEAX@Z
-  - ?NeedDelete@CWorkerThreadJob@@QEAAEXZ
-  - ?NeedDeleteWhenFinish@CWorkerThreadJob@@QEAAXE@Z
-  - ?NewNode@CList@@UEAAPEAXXZ
-  - ?NewNode@CStrList@@EEAAPEAXXZ
-  - ?NewNodeVariant@CList@@IEAAPEAXK@Z
-  - ?Next@CList@@UEBAPEAXQEAX@Z
-  - ?Next@CLockList@@UEBAPEAXQEAX@Z
-  - ?Next@CNoLockList@@UEBAPEAXQEAX@Z
-  - ?NextPool@CMemoryPoolAllocator@@QEAAPEAV1@XZ
-  - ?NotityTerminate@CWorkerThread@@QEAAXXZ
-  - ?PostJobToWorkerThread@CWorkerThreadPool@@QEAAJP6AXPEAX@Z0E@Z
-  - ?PostJobToWorkerThread@CWorkerThreadPoolEx@@QEAAJP6AXPEAX@Z0E1@Z
-  - ?Pulse@CKEvent@@QEAAJJE@Z
-  - ?QueueJob@CWorkerThreadJobQueue@@QEAAEPEAVCWorkerThreadJob@@@Z
-  - ?QueueJobItem@CWorkerThreadPool@@QEAAJPEAVCWorkerThreadJob@@@Z
-  - ?QueueJobItem@CWorkerThreadPoolEx@@QEAAJPEAVCWorkerThreadJob@@@Z
-  - ?RCMInstance@CWorkerThreadPool@@SAPEAV1@XZ
-  - ?Read@CFile@@QEAAJPEADKPEAK@Z
-  - ?ReadWIRP@CFile@@QEAAJPEADKPEAK@Z
-  - ?ReferenceCount@CContext@@QEAAAEAKXZ
-  - ?Release@CLockEvent@@QEAAXXZ
-  - ?Remove@CContextList@@UEAAEQEAX@Z
-  - ?Remove@CList@@UEAAEQEAX@Z
-  - ?Remove@CLockList@@UEAAEQEAX@Z
-  - ?Remove@CNoLockList@@UEAAEQEAX@Z
-  - ?RemoveHead@CList@@UEAAPEAXXZ
-  - ?RemoveHead@CLockList@@UEAAPEAXXZ
-  - ?RemoveHead@CNoLockList@@UEAAPEAXXZ
-  - ?RemoveTail@CList@@UEAAPEAXXZ
-  - ?RemoveTail@CLockList@@UEAAPEAXXZ
-  - ?RemoveTail@CNoLockList@@UEAAPEAXXZ
-  - ?Reset@CKEvent@@QEAAXXZ
-  - ?ResetData@CInclusionExtConfig@@QEAAXXZ
-  - ?ResetData@CInclusionFileNameConfig@@QEAAXXZ
-  - ?ResetData@CInclusionFilePathConfig@@QEAAXXZ
-  - ?ResetData@CInclusionFolderConfig@@QEAAXXZ
-  - ?RestoreCR0@@YAXPEAX@Z
-  - ?Run@CAutoUpdateConfigThread@@UEAAXXZ
-  - ?Run@CDelayLoadThread@@UEAAXXZ
-  - ?Run@CWorkerThread@@UEAAXXZ
-  - ?SeekToEnd@CFile@@QEAAJXZ
-  - ?Set@CKEvent@@QEAAJJE@Z
-  - ?SetAttributes@CFile@@QEAAJK@Z
-  - ?SetBlobCofig@CContext@@UEAAJKPEAXK@Z
-  - ?SetData@CBlobConfig@@QEAAHPEAXK@Z
-  - ?SetData@CModuleFileExtConfig@@QEAAHPEBG@Z
-  - ?SetData@CModuleFlagConfig@@QEAAHK@Z
-  - ?SetData@CModuleMultiStringConfig@@QEAAHPEBGK@Z
-  - ?SetData@CModuleStringConfig@@QEAAHPEBG@Z
-  - ?SetEngineContext@CContext@@QEAAXPEAX@Z
-  - ?SetFileExtensionConfig@CContext@@UEAAJKPEBG@Z
-  - ?SetFlagConfig@CContext@@UEAAJKK@Z
-  - ?SetLinkContext@CContext@@QEAAXPEAX@Z
-  - ?SetLogFlag@CDebugLog@@QEAAEK@Z
-  - ?SetLogFlag@CDebugLogEx@@QEAAEK@Z
-  - ?SetMatchAllExtensions@CFileExtension@@QEAAXE@Z
-  - ?SetMatchNoExtensions@CFileExtension@@QEAAXE@Z
-  - ?SetMultiStringConfig@CContext@@UEAAJKPEBG@Z
-  - ?SetNewJobItemEvent@CWorkerThreadJobQueue@@QEAAXXZ
-  - ?SetPriority@CSystemThread@@QEAAXK@Z
-  - ?SetStopUse@CContext@@QEAAXXZ
-  - ?SetStringConfig@CContext@@UEAAJKPEBG@Z
-  - ?Setup@CSystemThread@@MEAAXXZ
-  - ?StopUse@CContext@@QEAAHXZ
-  - ?TearDown@CSystemThread@@MEAAXXZ
-  - ?Terminate@CSystemThread@@QEAAXE@Z
-  - ?Terminate@CWorkerThreadPool@@QEAAEXZ
-  - ?Terminate@CWorkerThreadPoolEx@@QEAAEXZ
-  - ?TmExceptionFilter@@YAJPEAU_EXCEPTION_POINTERS@@@Z
-  - ?Wait@CKEvent@@QEAAJPEAT_LARGE_INTEGER@@E@Z
-  - ?WaitFinish@CWorkerThreadJob@@QEAAXXZ
-  - ?WaitForInit@CDelayLoadThread@@QEAAEXZ
-  - ?WaitForLoad@CDelayLoadThread@@QEAAEXZ
-  - ?WaitNewJobAvailable@CWorkerThreadJobQueue@@QEAAEXZ
-  - ?WaitQueueEmpty@CWorkerThreadJobQueue@@QEAAXXZ
-  - ?Write@CDebugLog@@QEAAXPEBDZZ
-  - ?Write@CDebugLogEx@@QEAAXPEBDZZ
-  - ?Write@CFile@@QEAAJPEADKPEAT_LARGE_INTEGER@@PEAK@Z
-  - ?WriteDataToFile@CDebugLogEx@@IEAAXPEADK@Z
-  - ?WriteDataToProcMonW@CDebugLogEx@@IEAAXPEAD@Z
-  - ?WriteSystemInformation@CDebugLog@@QEAAXXZ
-  - ?WriteSystemInformation@CDebugLogEx@@QEAAXXZ
-  - ?WriteSystemStringInformation@CDebugLog@@IEAAXPEBG@Z
-  - ?WriteSystemStringInformation@CDebugLogEx@@IEAAXPEBG@Z
-  - ?WriteToFile@CDebugLog@@IEAAXPEADK@Z
-  - ?WriteToProcMonW@CDebugLogEx@@IEAAXPEAU_UNICODE_STRING@@@Z
-  - ?_pNonPagedAllocator@@3PEAVCMemoryAllocator@@EA
-  - ?_pPagedAllocator@@3PEAVCMemoryAllocator@@EA
-  - ?m_lpInstance@CWorkerThreadPool@@1PEAV1@EA
-  - ?m_lpRCMInstance@CWorkerThreadPool@@1PEAV1@EA
-  - AllocFullFileName
-  - DeInitKm2UmCommunication
-  - DeInitKmLPC
-  - DuplicateFullFileName
-  - FreeFullFileName
-  - GetKm2UmMode
-  - GetModuleInfoByAddress
-  - GetModuleInfoByModuleName
-  - InitKm2UmCommunication
-  - InitKmLPC
-  - IsVerifierCodeCheckFlagOn
-  - IsWindows8_1_update
-  - KmCallUm
-  - KmCallUmByLPC
-  - KmCallUmEx
-  - KmCleanupCommPortAPIs
-  - KmGetUmInitProcess
-  - KmSetBackupCommPortAPIs
-  - KmSetCommPortAPIs
-  - ModGetExportProcAddress
-  - ModLoadDLLToBuffer
-  - ModLoadDLLToBufferWithImageSize
-  - ModLoadModule
-  - ModUnLoadModule
-  - NormalizeFileName
-  - NormalizeFullNtPathToDosName
-  - TmCommConfigRoutine
-  - UtilAddDeviceInDriveTable
-  - UtilAddReparsePointMapping
-  - UtilCleanFileReadOnly
-  - UtilCloseExclusiveHandle
-  - UtilCreateDosFileName
-  - UtilDeleteFileForce
-  - UtilGetDeviceObjectName
-  - UtilGetFileNameFromFileObject
-  - UtilGetFileObjectForProcessByEPROC
-  - UtilGetFileObjectFromFileName
-  - UtilGetProcessName
-  - UtilGetSystemDirectory
-  - UtilGetSystemDirectoryEx
-  - UtilGetSystemDirectoryLength
-  - UtilGetSystemTime
-  - UtilIoSetFileInfo
-  - UtilIopCreateFileIRP
-  - UtilKeGetLowFileDevice
-  - UtilModuleIATHook
-  - UtilModuleIATUnHook
-  - UtilPostJobToWorkerThread
-  - UtilQueryExclusiveHandle
-  - UtilQueryKeyValue
-  - UtilRemoveDeviceFromDriveTable
-  - UtilVolumeDeviceToDosName
-  - UtilWaitValueChangeToZero
-  - UtilWriteVersionToRegistry
-  - UtilbuildDynamicDiskMappingTable
-  - UtlWriteBinValueKeyToRegistry
-  - ValidateAddressWithSize
-  - _ResetProtectFromClose
-  - _UtilDosPathNameToNtPathName
-  ImportedFunctions:
-  - RtlInitUnicodeString
-  - KeInitializeEvent
-  - KeClearEvent
-  - KeSetEvent
-  - KeEnterCriticalRegion
-  - KeLeaveCriticalRegion
-  - KeWaitForSingleObject
-  - ExFreePoolWithTag
-  - ExAcquireFastMutexUnsafe
-  - ExReleaseFastMutexUnsafe
-  - ProbeForRead
-  - ProbeForWrite
-  - ExAcquireResourceSharedLite
-  - ExAcquireResourceExclusiveLite
-  - ExReleaseResourceLite
-  - MmProbeAndLockPages
-  - MmUnlockPages
-  - MmMapLockedPagesSpecifyCache
-  - IoAllocateMdl
-  - IoFreeMdl
-  - IoGetCurrentProcess
-  - ObfReferenceObject
-  - ObfDereferenceObject
-  - ZwClose
-  - ZwCreateSection
-  - ZwOpenSection
-  - ZwMapViewOfSection
-  - ZwUnmapViewOfSection
-  - ZwOpenEvent
-  - KePulseEvent
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - ObOpenObjectByPointer
-  - ZwAllocateVirtualMemory
-  - ZwFreeVirtualMemory
-  - ZwSetEvent
-  - __C_specific_handler
-  - PsProcessType
-  - wcslen
-  - wcsncpy
-  - wcsrchr
-  - RtlUnicodeStringToInteger
-  - ZwWaitForSingleObject
-  - ZwRequestWaitReplyPort
-  - ZwConnectPort
-  - _stricmp
-  - ExAllocatePoolWithTag
-  - MmIsAddressValid
-  - RtlImageNtHeader
-  - ZwQuerySystemInformation
-  - SeCaptureSubjectContext
-  - SeReleaseSubjectContext
-  - SeAccessCheck
-  - ObGetObjectSecurity
-  - ObReleaseObjectSecurity
-  - PsGetProcessExitTime
-  - PsThreadType
-  - MmSectionObjectType
-  - RtlCreateSecurityDescriptor
-  - RtlSetDaclSecurityDescriptor
-  - KeInitializeSemaphore
-  - KeReleaseSemaphore
-  - ExAcquireFastMutex
-  - ExReleaseFastMutex
-  - RtlCreateAcl
-  - RtlAddAccessAllowedAce
-  - RtlLengthRequiredSid
-  - RtlInitializeSid
-  - RtlSubAuthoritySid
-  - KeDelayExecutionThread
-  - ExGetPreviousMode
-  - DbgPrint
-  - swprintf
-  - RtlCopyUnicodeString
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ObReferenceObjectByHandle
-  - PsGetCurrentProcessId
-  - ZwCreateEvent
-  - ExEventObjectType
-  - _wcsnicmp
-  - PsSetCreateProcessNotifyRoutine
-  - ZwQueryInformationProcess
-  - PsLookupProcessByProcessId
-  - ZwOpenDirectoryObject
-  - ExInitializeResourceLite
-  - ExDeleteResourceLite
-  - ZwCreateFile
-  - ZwQueryInformationFile
-  - ZwSetInformationFile
-  - ZwReadFile
-  - ZwWriteFile
-  - towupper
-  - MmGetSystemRoutineAddress
-  - ObReferenceObjectByPointer
-  - PsGetCurrentThreadId
-  - ObQueryNameString
-  - PsGetVersion
-  - _snprintf
-  - _vsnprintf
-  - RtlInitAnsiString
-  - wcscat
-  - RtlFreeUnicodeString
-  - RtlTimeToTimeFields
-  - KeWaitForMultipleObjects
-  - ExSystemTimeToLocalTime
-  - ZwCreateKey
-  - ZwDeviceIoControlFile
-  - ZwNotifyChangeKey
-  - ZwOpenFile
-  - ZwQueryVolumeInformationFile
-  - mbstowcs
-  - IoGetDeviceObjectPointer
-  - IoBuildDeviceIoControlRequest
-  - IofCallDriver
-  - IoCreateFile
-  - RtlEqualUnicodeString
-  - RtlAppendUnicodeStringToString
-  - RtlUpcaseUnicodeChar
-  - _snwprintf
-  - strlen
-  - _strnicmp
-  - strncpy
-  - NtOpenProcess
-  - NtQueryInformationProcess
-  - ObOpenObjectByName
-  - KeSetPriorityThread
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - KeNumberProcessors
-  - RtlLengthSecurityDescriptor
-  - ZwOpenKey
-  - ZwDeleteKey
-  - ZwDeleteValueKey
-  - ZwEnumerateKey
-  - ZwEnumerateValueKey
-  - ZwQueryKey
-  - ZwQueryValueKey
-  - ZwSetValueKey
-  - ZwTerminateProcess
-  - ZwOpenProcess
-  - ZwDuplicateObject
-  - ZwQuerySecurityObject
-  - ZwSetSecurityObject
-  - ZwQueryDirectoryObject
-  - ZwQueryDirectoryFile
-  - NtCreateFile
-  - NtQueryInformationFile
-  - NtSetInformationFile
-  - IoFileObjectType
-  - ObInsertObject
-  - wcschr
-  - wcsncmp
-  - RtlQueryRegistryValues
-  - RtlAppendUnicodeToString
-  - RtlCompareMemory
-  - MmBuildMdlForNonPagedPool
-  - IoAllocateIrp
-  - IoFreeIrp
-  - ZwOpenSymbolicLinkObject
-  - ZwQuerySymbolicLinkObject
-  - RtlUpcaseUnicodeString
-  - NtClose
-  - ZwSetInformationObject
-  - SeQueryAuthenticationIdToken
-  - MmSystemRangeStart
-  - IoGetFileObjectGenericMapping
-  - ObCreateObject
-  - SeCreateAccessState
-  - IoAcquireVpbSpinLock
-  - IoReleaseVpbSpinLock
-  - wcstombs
-  - strncat
-  - wcsncat
-  - RtlUnicodeStringToAnsiString
-  - RtlFreeAnsiString
-  - strcpy
-  - wcsstr
-  - RtlCompareUnicodeString
-  - DbgPrintEx
-  - KeAcquireSpinLockRaiseToDpc
-  - KeReleaseSpinLock
-  - ExAllocatePool
-  - ExpInterlockedPopEntrySList
-  - IoBuildSynchronousFsdRequest
-  - IoGetStackLimits
-  - IoGetDeviceInterfaces
-  - IoRegisterPlugPlayNotification
-  - IoUnregisterPlugPlayNotification
-  - IoGetConfigurationInformation
-  - FsRtlIsNameInExpression
-  - IoDeviceObjectType
-  - IoCreateDevice
-  - RtlGetOwnerSecurityDescriptor
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetSaclSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - RtlLengthSid
-  - SeExports
-  - IoIsWdmVersionAvailable
-  - RtlAbsoluteToSelfRelativeSD
-  - RtlAnsiStringToUnicodeString
-  - _purecall
-  - KeBugCheckEx
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=TW, ST=Taiwan, L=Taipei, O=Trend Micro, Inc., CN=Trend Micro, Inc.
-      ValidFrom: '2017-04-27 00:00:00'
-      ValidTo: '2018-07-16 23:59:59'
-      Signature: f3b20c020c826fd9e2629408ffc97c9e245959d1050c9ce7708069d366d26af191812e16fce674eaca0d8f05b2a796280831737299800d2bfe0071efecf655117b7952a4d7c0701b97de034a1d42e928fd1a2082b081f9d22e9d39af3233cf05c1e61ae1f8fbfec872e78d9a0b29b4f147f1a053d1757a824601df2bb07c75c591fe7efbaf0021764b90cd446f85f80d14bc2cd42c83edfa7d2510f8f94c82d1b3ea999b1cff9093291977c7e996dc32904d3934f167077684ff76aa5327654a0bd7223d9d67657b47c5b46012dca6723d89e7fa051b3380d0c4977b9df537e75da3186ab149b27c089715a01bd695f408f7ded66bfbe920d27a6f6a7d4cc8b3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 497c4fad471540e6e453d0cafb155740
-      Version: 3
-      TBS:
-        MD5: 78eaa337666217b1c16a9a0ebd0b8434
-        SHA1: ff9cb835e78f6185eed4372096c3bae53b17d18d
-        SHA256: 1c0d9746725e176b4a7c2852878f14d7587f58e65d346bc1247f1c8ee6374250
-        SHA384: ffe3c75b860679a5de399c7d2c2844dbfac51d5d8581e24648d208daba1e4bed5c867808e02dc8d7cb3df1d4b2b53d10
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 497c4fad471540e6e453d0cafb155740
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 9700ee6a34ba2b25ddc817d1a0743be8
-    SHA1: 80283ee3a81f182a56da60791555c7a5ac734e1c
-    SHA256: 7f352214a0d86b5a789492b8c5d18b8bb5fe7ec7145b883dbf27d6f1bc31a950
-  Sections:
-    .text:
-      Entropy: 5.8826477605363685
-      Virtual Size: '0x523a5'
-    .rdata:
-      Entropy: 3.453137760228661
-      Virtual Size: '0x613c'
-    .data:
-      Entropy: 4.680027676315811
-      Virtual Size: '0x3374'
-    .pdata:
-      Entropy: 5.561862756093369
-      Virtual Size: '0x3ab0'
-    .gfids:
-      Entropy: 1.5
-      Virtual Size: '0x4'
-    PAGE:
-      Entropy: 6.309932854876349
-      Virtual Size: '0x1ae4'
-    .edata:
-      Entropy: 5.84096094271657
-      Virtual Size: '0x5834'
-    INIT:
-      Entropy: 5.34434036674121
-      Virtual Size: '0x18a6'
-    .rsrc:
-      Entropy: 3.387419528283944
-      Virtual Size: '0x568'
-    .reloc:
-      Entropy: 5.319305863516213
-      Virtual Size: '0x4c8'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2017-05-18 04:55:14'
-  Imphash: 234f0978e7f2aa0beb9501ff53d94e5b
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: TmComm.sys
-  MD5: 113056ec5c679b6f74c9556339ebf962
-  SHA1: e7d8fc86b90f75864b7e2415235e17df4d85ee31
-  SHA256: c082514317bf80a2f5129d84a5a55e411a95e32d03a4df1274537704c80e41dd
-  Authentihash:
-    MD5: df0c799f44b29f166c1457111f1e2e44
-    SHA1: 8f304036c7dc0ba138cba81a45a8b0f9336231d4
-    SHA256: 13002b14aa6e63dc7117e2969d038beb009dbd6093a4590c6913b426d773dea3
-  Description: TrendMicro Common Module
-  Company: Trend Micro Inc.
-  InternalName: TmComm.sys
-  OriginalFilename: TmComm.sys
-  FileVersion: 6.60.0.1084
-  Product: Trend Micro Eyes
-  ProductVersion: '6.60'
-  Copyright: Copyright  (C)  2020 Trend Micro Incorporated. All rights reserved.
-  MachineType: I386
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  - CLASSPNP.SYS
-  ExportedFunctions:
-  - ??0CAutoUpdateConfigThread@@QAE@ABV0@@Z
-  - ??0CAutoUpdateConfigThread@@QAE@PAU_UNICODE_STRING@@P6GX0PAX@Z1@Z
-  - ??0CBlobConfig@@QAE@ABV0@@Z
-  - ??0CBlobConfig@@QAE@K@Z
-  - ??0CContext@@QAE@ABV0@@Z
-  - ??0CContext@@QAE@KP6GJPAU_EVENT_REPORT@@PAXPAU_TMCE_REPORT@@PAU_TMCE_FEEDBACK@@@Z1K@Z
-  - ??0CContextList@@QAE@ABV0@@Z
-  - ??0CContextList@@QAE@KPAVIMemoryAllocator@@@Z
-  - ??0CDebugLog@@QAE@ABV0@@Z
-  - ??0CDebugLog@@QAE@PBG@Z
-  - ??0CDebugLogEx@@QAE@ABV0@@Z
-  - ??0CDebugLogEx@@QAE@K@Z
-  - ??0CDelayLoadThread@@QAE@ABV0@@Z
-  - ??0CDelayLoadThread@@QAE@XZ
-  - ??0CExclusionExtConfig@@QAE@ABV0@@Z
-  - ??0CExclusionExtConfig@@QAE@KKE@Z
-  - ??0CExclusionFileNameConfig@@QAE@ABV0@@Z
-  - ??0CExclusionFileNameConfig@@QAE@KK@Z
-  - ??0CExclusionFilePathConfig@@QAE@ABV0@@Z
-  - ??0CExclusionFilePathConfig@@QAE@KK@Z
-  - ??0CExclusionFolderConfig@@QAE@ABV0@@Z
-  - ??0CExclusionFolderConfig@@QAE@KK@Z
-  - ??0CExclusionRegistryConfig@@QAE@ABV0@@Z
-  - ??0CExclusionRegistryConfig@@QAE@KK@Z
-  - ??0CFile@@QAE@ABV0@@Z
-  - ??0CFile@@QAE@E@Z
-  - ??0CFileExtension@@QAE@ABV0@@Z
-  - ??0CFileExtension@@QAE@KEEPAVIMemoryAllocator@@@Z
-  - ??0CInclusionExtConfig@@QAE@ABV0@@Z
-  - ??0CInclusionExtConfig@@QAE@KKE@Z
-  - ??0CInclusionFileNameConfig@@QAE@ABV0@@Z
-  - ??0CInclusionFileNameConfig@@QAE@KK@Z
-  - ??0CInclusionFilePathConfig@@QAE@ABV0@@Z
-  - ??0CInclusionFilePathConfig@@QAE@KK@Z
-  - ??0CInclusionFolderConfig@@QAE@ABV0@@Z
-  - ??0CInclusionFolderConfig@@QAE@KK@Z
-  - ??0CKEvent@@QAE@ABV0@@Z
-  - ??0CKEvent@@QAE@W4_EVENT_TYPE@@E@Z
-  - ??0CList@@QAE@ABV0@@Z
-  - ??0CList@@QAE@KPAVIMemoryAllocator@@@Z
-  - ??0CLockEvent@@QAE@ABV0@@Z
-  - ??0CLockEvent@@QAE@XZ
-  - ??0CLockList@@QAE@ABV0@@Z
-  - ??0CLockList@@QAE@KKPAVIMemoryAllocator@@@Z
-  - ??0CMemoryAllocator@@IAE@W4_POOL_TYPE@@K@Z
-  - ??0CMemoryAllocator@@QAE@ABV0@@Z
-  - ??0CMemoryPoolAllocator@@IAE@W4_POOL_TYPE@@KKK@Z
-  - ??0CMemoryPoolAllocator@@QAE@ABV0@@Z
-  - ??0CModuleConfig@@QAE@ABV0@@Z
-  - ??0CModuleConfig@@QAE@XZ
-  - ??0CModuleConfigList@@QAE@ABV0@@Z
-  - ??0CModuleConfigList@@QAE@KPAVIMemoryAllocator@@@Z
-  - ??0CModuleFileExtConfig@@QAE@ABV0@@Z
-  - ??0CModuleFileExtConfig@@QAE@KKE@Z
-  - ??0CModuleFlagConfig@@QAE@ABV0@@Z
-  - ??0CModuleFlagConfig@@QAE@K@Z
-  - ??0CModuleMultiStringConfig@@QAE@ABV0@@Z
-  - ??0CModuleMultiStringConfig@@QAE@KK@Z
-  - ??0CModuleStringConfig@@QAE@ABV0@@Z
-  - ??0CModuleStringConfig@@QAE@K@Z
-  - ??0CNoLockList@@QAE@ABV0@@Z
-  - ??0CNoLockList@@QAE@KKPAVIMemoryAllocator@@@Z
-  - ??0CSmartLock@@QAE@AAVCLockEvent@@@Z
-  - ??0CSmartLock@@QAE@XZ
-  - ??0CSmartReference@@QAE@AAJ@Z
-  - ??0CSmartReference@@QAE@AAK@Z
-  - ??0CSmartResource@@QAE@AAVCResource@@E@Z
-  - ??0CStrList@@QAE@ABV0@@Z
-  - ??0CStrList@@QAE@KPAVIMemoryAllocator@@@Z
-  - ??0CSystemThread@@QAE@ABV0@@Z
-  - ??0CSystemThread@@QAE@K@Z
-  - ??0CUserFuncAdapterJob@@QAE@ABV0@@Z
-  - ??0CUserFuncAdapterJob@@QAE@P6GXPAX@Z01@Z
-  - ??0CWorkerThread@@IAE@PAVCWorkerThreadJobQueue@@@Z
-  - ??0CWorkerThread@@QAE@ABV0@@Z
-  - ??0CWorkerThreadJob@@QAE@ABV0@@Z
-  - ??0CWorkerThreadJob@@QAE@E@Z
-  - ??0CWorkerThreadJobQueue@@QAE@ABV0@@Z
-  - ??0CWorkerThreadJobQueue@@QAE@K@Z
-  - ??0CWorkerThreadPool@@QAE@ABV0@@Z
-  - ??0CWorkerThreadPool@@QAE@K@Z
-  - ??0CWorkerThreadPoolEx@@QAE@ABV0@@Z
-  - ??0CWorkerThreadPoolEx@@QAE@KK@Z
-  - ??0IMemoryAllocator@@QAE@ABV0@@Z
-  - ??0IMemoryAllocator@@QAE@XZ
-  - ??1CAutoUpdateConfigThread@@UAE@XZ
-  - ??1CBlobConfig@@UAE@XZ
-  - ??1CContext@@UAE@XZ
-  - ??1CContextList@@UAE@XZ
-  - ??1CDebugLog@@UAE@XZ
-  - ??1CDebugLogEx@@UAE@XZ
-  - ??1CDelayLoadThread@@UAE@XZ
-  - ??1CExclusionExtConfig@@UAE@XZ
-  - ??1CExclusionFileNameConfig@@UAE@XZ
-  - ??1CExclusionFilePathConfig@@UAE@XZ
-  - ??1CExclusionFolderConfig@@UAE@XZ
-  - ??1CExclusionRegistryConfig@@UAE@XZ
-  - ??1CFile@@UAE@XZ
-  - ??1CFileExtension@@UAE@XZ
-  - ??1CInclusionExtConfig@@UAE@XZ
-  - ??1CInclusionFileNameConfig@@UAE@XZ
-  - ??1CInclusionFilePathConfig@@UAE@XZ
-  - ??1CInclusionFolderConfig@@UAE@XZ
-  - ??1CKEvent@@UAE@XZ
-  - ??1CList@@UAE@XZ
-  - ??1CLockEvent@@UAE@XZ
-  - ??1CLockList@@UAE@XZ
-  - ??1CMemoryAllocator@@UAE@XZ
-  - ??1CMemoryPoolAllocator@@UAE@XZ
-  - ??1CModuleConfig@@UAE@XZ
-  - ??1CModuleConfigList@@UAE@XZ
-  - ??1CModuleFileExtConfig@@UAE@XZ
-  - ??1CModuleFlagConfig@@UAE@XZ
-  - ??1CModuleMultiStringConfig@@UAE@XZ
-  - ??1CModuleStringConfig@@UAE@XZ
-  - ??1CNoLockList@@UAE@XZ
-  - ??1CSmartLock@@QAE@XZ
-  - ??1CSmartReference@@QAE@XZ
-  - ??1CSmartResource@@QAE@XZ
-  - ??1CStrList@@UAE@XZ
-  - ??1CSystemThread@@UAE@XZ
-  - ??1CUserFuncAdapterJob@@UAE@XZ
-  - ??1CWorkerThread@@UAE@XZ
-  - ??1CWorkerThreadJob@@UAE@XZ
-  - ??1CWorkerThreadJobQueue@@UAE@XZ
-  - ??1CWorkerThreadPool@@UAE@XZ
-  - ??1CWorkerThreadPoolEx@@UAE@XZ
-  - ??1IMemoryAllocator@@UAE@XZ
-  - ??2@YAPAXIPAVIMemoryAllocator@@PBDK@Z
-  - ??2CMemoryAllocator@@SGPAXI@Z
-  - ??2CMemoryPoolAllocator@@SGPAXI@Z
-  - ??3@YAXPAX@Z
-  - ??3IMemoryAllocator@@SGXPAX@Z
-  - ??4CAutoUpdateConfigThread@@QAEAAV0@ABV0@@Z
-  - ??4CBlobConfig@@QAEAAV0@ABV0@@Z
-  - ??4CContext@@QAEAAV0@ABV0@@Z
-  - ??4CDebugLog@@QAEAAV0@ABV0@@Z
-  - ??4CDebugLogEx@@QAEAAV0@ABV0@@Z
-  - ??4CDelayLoadThread@@QAEAAV0@ABV0@@Z
-  - ??4CFile@@QAEAAV0@ABV0@@Z
-  - ??4CKEvent@@QAEAAV0@ABV0@@Z
-  - ??4CLockEvent@@QAEAAV0@ABV0@@Z
-  - ??4CMemoryAllocator@@QAEAAV0@ABV0@@Z
-  - ??4CMemoryPoolAllocator@@QAEAAV0@ABV0@@Z
-  - ??4CModuleConfig@@QAEAAV0@ABV0@@Z
-  - ??4CModuleFlagConfig@@QAEAAV0@ABV0@@Z
-  - ??4CModuleStringConfig@@QAEAAV0@ABV0@@Z
-  - ??4CSmartLock@@QAEAAV0@ABV0@@Z
-  - ??4CSmartLock@@QAEABV0@AAVCLockEvent@@@Z
-  - ??4CSmartResource@@QAEAAV0@ABV0@@Z
-  - ??4CSystemThread@@QAEAAV0@ABV0@@Z
-  - ??4CUserFuncAdapterJob@@QAEAAV0@ABV0@@Z
-  - ??4CWorkerThread@@QAEAAV0@ABV0@@Z
-  - ??4CWorkerThreadJob@@QAEAAV0@ABV0@@Z
-  - ??4IMemoryAllocator@@QAEAAV0@ABV0@@Z
-  - ??_7CAutoUpdateConfigThread@@6B@
-  - ??_7CBlobConfig@@6B@
-  - ??_7CContext@@6B@
-  - ??_7CContextList@@6B@
-  - ??_7CDebugLog@@6B@
-  - ??_7CDebugLogEx@@6B@
-  - ??_7CDelayLoadThread@@6B@
-  - ??_7CExclusionExtConfig@@6B@
-  - ??_7CExclusionFileNameConfig@@6B@
-  - ??_7CExclusionFilePathConfig@@6B@
-  - ??_7CExclusionFolderConfig@@6B@
-  - ??_7CExclusionRegistryConfig@@6B@
-  - ??_7CFile@@6B@
-  - ??_7CFileExtension@@6B@
-  - ??_7CInclusionExtConfig@@6B@
-  - ??_7CInclusionFileNameConfig@@6B@
-  - ??_7CInclusionFilePathConfig@@6B@
-  - ??_7CInclusionFolderConfig@@6B@
-  - ??_7CKEvent@@6B@
-  - ??_7CList@@6B@
-  - ??_7CLockEvent@@6B@
-  - ??_7CLockList@@6B@
-  - ??_7CMemoryAllocator@@6B@
-  - ??_7CMemoryPoolAllocator@@6B@
-  - ??_7CModuleConfig@@6B@
-  - ??_7CModuleConfigList@@6B@
-  - ??_7CModuleFileExtConfig@@6B@
-  - ??_7CModuleFlagConfig@@6B@
-  - ??_7CModuleMultiStringConfig@@6B@
-  - ??_7CModuleStringConfig@@6B@
-  - ??_7CNoLockList@@6B@
-  - ??_7CStrList@@6B@
-  - ??_7CSystemThread@@6B@
-  - ??_7CUserFuncAdapterJob@@6B@
-  - ??_7CWorkerThread@@6B@
-  - ??_7CWorkerThreadJob@@6B@
-  - ??_7CWorkerThreadJobQueue@@6B@
-  - ??_7CWorkerThreadPool@@6B@
-  - ??_7CWorkerThreadPoolEx@@6B@
-  - ??_7IMemoryAllocator@@6B@
-  - ??_FCContextList@@QAEXXZ
-  - ??_FCFile@@QAEXXZ
-  - ??_FCFileExtension@@QAEXXZ
-  - ??_FCModuleConfigList@@QAEXXZ
-  - ??_FCStrList@@QAEXXZ
-  - ??_FCSystemThread@@QAEXXZ
-  - ??_FCWorkerThread@@QAEXXZ
-  - ??_FCWorkerThreadJob@@QAEXXZ
-  - ??_FCWorkerThreadJobQueue@@QAEXXZ
-  - ??_U@YAPAXIPAVIMemoryAllocator@@PBDK@Z
-  - ??_V@YAXPAX@Z
-  - ?Acquire@CLockEvent@@QAEXXZ
-  - ?Add@CContextList@@QAEEPAVCContext@@@Z
-  - ?Add@CFileExtension@@QAEEPBGK@Z
-  - ?Add@CModuleConfigList@@QAEEPAVCModuleConfig@@@Z
-  - ?Add@CStrList@@QAEEPBG@Z
-  - ?AddNode@CLockList@@UAEEQAXE@Z
-  - ?AddNode@CNoLockList@@UAEEQAXE@Z
-  - ?Alloc@CMemoryAllocator@@UAEPAXKPBDK@Z
-  - ?Alloc@CMemoryPoolAllocator@@UAEPAXKPBDK@Z
-  - ?AllocBlock@CMemoryPoolAllocator@@IAEPAXK@Z
-  - ?AttachJobQueue@CWorkerThread@@QAEXPAVCWorkerThreadJobQueue@@@Z
-  - ?Cancel@CWorkerThreadJob@@QAEXXZ
-  - ?CheckNode@CLockList@@UAEHQAX@Z
-  - ?CheckNode@CNoLockList@@UAEHQAX@Z
-  - ?CleanQueue@CWorkerThreadJobQueue@@QAEXXZ
-  - ?Cleanup@CBlobConfig@@AAEXXZ
-  - ?Cleanup@CModuleFileExtConfig@@IAEXXZ
-  - ?Cleanup@CModuleMultiStringConfig@@IAEXXZ
-  - ?Cleanup@CModuleStringConfig@@AAEXXZ
-  - ?Close@CFile@@QAEJXZ
-  - ?Count@CLockList@@QAEKXZ
-  - ?Count@CNoLockList@@QAEKXZ
-  - ?Create@CFile@@QAEJPBGKKKK@Z
-  - ?Create@CSystemThread@@QAEEXZ
-  - ?CreateInstance@CMemoryAllocator@@SGPAV1@W4_POOL_TYPE@@K@Z
-  - ?CreateInstance@CMemoryPoolAllocator@@SGPAV1@W4_POOL_TYPE@@KKK@Z
-  - ?CreatePool@CWorkerThreadPool@@QAEEXZ
-  - ?CreatePool@CWorkerThreadPoolEx@@QAEEXZ
-  - ?CreateThreads@CWorkerThreadPool@@QAEEK@Z
-  - ?CreateThreads@CWorkerThreadPoolEx@@QAEEK@Z
-  - ?CreateWIRP@CFile@@QAEJPBGKKKK@Z
-  - ?Delete@CFile@@QAEJXZ
-  - ?Delete@CFileExtension@@QAEEPBGK@Z
-  - ?Delete@CStrList@@QAEEPBG@Z
-  - ?DeleteAll@CList@@UAEXXZ
-  - ?DeleteAll@CLockList@@UAEXXZ
-  - ?DeleteAll@CNoLockList@@UAEXXZ
-  - ?DeleteNode@CContextList@@MAEXPAX@Z
-  - ?DeleteNode@CList@@UAEXPAX@Z
-  - ?DeleteNode@CModuleConfigList@@MAEXPAX@Z
-  - ?DeleteNode@CStrList@@EAEXPAU_STR_LIST_NODE@1@@Z
-  - ?DisableWriteProtectFromCR0@@YGXPAPAX@Z
-  - ?DoIt@CWorkerThreadJob@@QAEJXZ
-  - ?EntryPoint@CSystemThread@@KGXPAX@Z
-  - ?Find@CContextList@@QAEPAVCContext@@K@Z
-  - ?Find@CContextList@@QAEPAVCContext@@PAX@Z
-  - ?Find@CFileExtension@@QAEPAU_STR_LIST_NODE@CStrList@@PBGK@Z
-  - ?Find@CModuleConfigList@@QAEPAVCModuleConfig@@K@Z
-  - ?Find@CStrList@@QAEPAU_STR_LIST_NODE@1@PBG@Z
-  - ?FindNode@CContextList@@IAEPAXPAX@Z
-  - ?FindPartiallyAndAllMatch@CStrList@@QAEPAU_STR_LIST_NODE@1@PBG@Z
-  - ?FinishFunction@CUserFuncAdapterJob@@MAEXXZ
-  - ?FinishIt@CWorkerThreadJob@@QAEJXZ
-  - ?First@CList@@UAEPAXXZ
-  - ?First@CLockList@@UAEPAXXZ
-  - ?First@CNoLockList@@UAEPAXXZ
-  - ?Free@CMemoryAllocator@@UAEXPAX@Z
-  - ?Free@CMemoryPoolAllocator@@UAEXPAX@Z
-  - ?GetAttributes@CFile@@QAEKXZ
-  - ?GetBasicInfomration@CFile@@IAEJXZ
-  - ?GetBlobCofig@CContext@@UAEJKPAXPAK@Z
-  - ?GetCategory@CContext@@QAEKXZ
-  - ?GetData@CBlobConfig@@QAEHPAXPAK@Z
-  - ?GetData@CModuleFileExtConfig@@QAEHPAGPAK@Z
-  - ?GetData@CModuleFileExtConfig@@QAEPAVCFileExtension@@XZ
-  - ?GetData@CModuleFlagConfig@@QAEKXZ
-  - ?GetData@CModuleMultiStringConfig@@QAEHPAGPAK@Z
-  - ?GetData@CModuleMultiStringConfig@@QAEPAVCStrList@@XZ
-  - ?GetData@CModuleStringConfig@@QAEPAGXZ
-  - ?GetData@CStrList@@QAEEPAGPAK@Z
-  - ?GetDataType@CModuleConfig@@QAEKXZ
-  - ?GetEngineContext@CContext@@QAEPAXXZ
-  - ?GetFileExtensionConfig@CContext@@QAEPAVCFileExtension@@K@Z
-  - ?GetFileExtensionConfig@CContext@@UAEJKPAGPAK@Z
-  - ?GetFileSize@CFile@@QAEJPAT_LARGE_INTEGER@@@Z
-  - ?GetFileSizeWIRP@CFile@@QAEJPAT_LARGE_INTEGER@@@Z
-  - ?GetFlagConfig@CContext@@UAEJKPAK@Z
-  - ?GetID@CModuleConfig@@QAEKXZ
-  - ?GetJob@CWorkerThreadJobQueue@@QAEPAVCWorkerThreadJob@@XZ
-  - ?GetLength@CModuleStringConfig@@QAEKXZ
-  - ?GetLinkContext@CContext@@QAEPAXXZ
-  - ?GetLogFlag@CDebugLog@@QAEKXZ
-  - ?GetLogFlag@CDebugLogEx@@QAEKXZ
-  - ?GetModuleId@CModuleConfig@@QAEKXZ
-  - ?GetMultiStringConfig@CContext@@QAEPAVCStrList@@K@Z
-  - ?GetMultiStringConfig@CContext@@UAEJKPAGPAK@Z
-  - ?GetOneThreadTEB@CWorkerThreadPool@@QAEPAU_ETHREAD@@XZ
-  - ?GetOneThreadTEB@CWorkerThreadPool@@QAEPAU_KTHREAD@@XZ
-  - ?GetOneThreadTEB@CWorkerThreadPoolEx@@QAEPAU_ETHREAD@@XZ
-  - ?GetOneThreadTEB@CWorkerThreadPoolEx@@QAEPAU_KTHREAD@@XZ
-  - ?GetReportCallBackRoutine@CContext@@QAEKXZ
-  - ?GetSize@CBlobConfig@@QAEKXZ
-  - ?GetStringConfig@CContext@@QAEPAGK@Z
-  - ?GetStringConfig@CContext@@UAEJKPAGPAK@Z
-  - ?GetThreadCount@CWorkerThreadPool@@QAEKXZ
-  - ?GetThreadCount@CWorkerThreadPoolEx@@QAEKXZ
-  - ?GetThreadID@CSystemThread@@QAEKXZ
-  - ?GetType@CContext@@QAEKXZ
-  - ?GetUserParameter@CContext@@QAEKXZ
-  - ?InitProcMon@CDebugLogEx@@IAEXXZ
-  - ?InitializeBlobConfig@CContext@@QAEHKPAXK@Z
-  - ?InitializeFileExtensionConfig@CContext@@QAEHKPBG@Z
-  - ?InitializeFlagConfig@CContext@@QAEHKK@Z
-  - ?InitializeMultiStringConfig@CContext@@QAEHKPBG@Z
-  - ?InitializeStringConfig@CContext@@QAEHKPBG@Z
-  - ?Insert@CList@@UAEXQAXE@Z
-  - ?Insert@CLockList@@UAEXQAXE@Z
-  - ?Insert@CNoLockList@@UAEXQAXE@Z
-  - ?InsertAfter@CList@@UAEXPAX0@Z
-  - ?InsertBefore@CList@@UAEXPAX0@Z
-  - ?Instance@CWorkerThreadPool@@SGPAV1@XZ
-  - ?IsEmpty@CList@@UAEEXZ
-  - ?IsEmpty@CLockList@@UAEEXZ
-  - ?IsEmpty@CNoLockList@@UAEEXZ
-  - ?IsExceedLimitation@CMemoryPoolAllocator@@IAEEK@Z
-  - ?IsFull@CLockList@@QBEEXZ
-  - ?IsFull@CNoLockList@@QBEEXZ
-  - ?IsInExclusionList@CExclusionExtConfig@@QAEEPBG@Z
-  - ?IsInExclusionList@CExclusionFileNameConfig@@QAEEPBG@Z
-  - ?IsInExclusionList@CExclusionFilePathConfig@@QAEEPBG@Z
-  - ?IsInExclusionList@CExclusionFolderConfig@@QAEEPBG@Z
-  - ?IsInExclusionList@CExclusionRegistryConfig@@QAEEPBG@Z
-  - ?IsInInclusionList@CInclusionExtConfig@@QAEEPBG@Z
-  - ?IsInInclusionList@CInclusionFileNameConfig@@QAEEPBG@Z
-  - ?IsInInclusionList@CInclusionFilePathConfig@@QAEEPBG@Z
-  - ?IsInInclusionList@CInclusionFolderConfig@@QAEEPBG@Z
-  - ?IsOpened@CFile@@QAEEXZ
-  - ?IsTerminated@CWorkerThreadPool@@QAEEXZ
-  - ?IsTerminated@CWorkerThreadPoolEx@@QAEEXZ
-  - ?IsValid@CMemoryAllocator@@UAEEXZ
-  - ?IsValid@CMemoryPoolAllocator@@UAEEXZ
-  - ?IsValid@IMemoryAllocator@@UAEEXZ
-  - ?IsWorkerThread@CWorkerThreadPool@@QAEEK@Z
-  - ?IsWorkerThread@CWorkerThreadPoolEx@@QAEEK@Z
-  - ?JobFunction@CUserFuncAdapterJob@@MAEXXZ
-  - ?JobQueue@CWorkerThreadPool@@QAEAAVCWorkerThreadJobQueue@@XZ
-  - ?JobQueue@CWorkerThreadPoolEx@@QAEAAVCWorkerThreadJobQueue@@XZ
-  - ?Limit@CLockList@@QAEKXZ
-  - ?Limit@CNoLockList@@QAEKXZ
-  - ?MatchAllExtensions@CFileExtension@@QAEEXZ
-  - ?MatchNoExtensions@CFileExtension@@QAEEXZ
-  - ?MergeLeft@CMemoryPoolAllocator@@IAEPAXPAX@Z
-  - ?MergeRight@CMemoryPoolAllocator@@IAEPAXPAX@Z
-  - ?NeedDelete@CWorkerThreadJob@@QAEEXZ
-  - ?NeedDeleteWhenFinish@CWorkerThreadJob@@QAEXE@Z
-  - ?NewNode@CList@@UAEPAXXZ
-  - ?NewNode@CStrList@@EAEPAXXZ
-  - ?NewNodeVariant@CList@@IAEPAXK@Z
-  - ?Next@CList@@UBEPAXQAX@Z
-  - ?Next@CLockList@@UBEPAXQAX@Z
-  - ?Next@CNoLockList@@UBEPAXQAX@Z
-  - ?NextPool@CMemoryPoolAllocator@@QAEPAV1@XZ
-  - ?NotityTerminate@CWorkerThread@@QAEXXZ
-  - ?PostJobToWorkerThread@CWorkerThreadPool@@QAEJP6GXPAX@Z0E@Z
-  - ?PostJobToWorkerThread@CWorkerThreadPoolEx@@QAEJP6GXPAX@Z0E1@Z
-  - ?Pulse@CKEvent@@QAEJJE@Z
-  - ?QueueJob@CWorkerThreadJobQueue@@QAEEPAVCWorkerThreadJob@@@Z
-  - ?QueueJobItem@CWorkerThreadPool@@QAEJPAVCWorkerThreadJob@@@Z
-  - ?QueueJobItem@CWorkerThreadPoolEx@@QAEJPAVCWorkerThreadJob@@@Z
-  - ?RCMInstance@CWorkerThreadPool@@SGPAV1@XZ
-  - ?Read@CFile@@QAEJPADKPAK@Z
-  - ?ReadWIRP@CFile@@QAEJPADKPAK@Z
-  - ?ReferenceCount@CContext@@QAEAAKXZ
-  - ?Release@CLockEvent@@QAEXXZ
-  - ?Remove@CContextList@@UAEEQAX@Z
-  - ?Remove@CList@@UAEEQAX@Z
-  - ?Remove@CLockList@@UAEEQAX@Z
-  - ?Remove@CNoLockList@@UAEEQAX@Z
-  - ?RemoveHead@CList@@UAEPAXXZ
-  - ?RemoveHead@CLockList@@UAEPAXXZ
-  - ?RemoveHead@CNoLockList@@UAEPAXXZ
-  - ?RemoveTail@CList@@UAEPAXXZ
-  - ?RemoveTail@CLockList@@UAEPAXXZ
-  - ?RemoveTail@CNoLockList@@UAEPAXXZ
-  - ?Reset@CKEvent@@QAEXXZ
-  - ?ResetData@CInclusionExtConfig@@QAEXXZ
-  - ?ResetData@CInclusionFileNameConfig@@QAEXXZ
-  - ?ResetData@CInclusionFilePathConfig@@QAEXXZ
-  - ?ResetData@CInclusionFolderConfig@@QAEXXZ
-  - ?RestoreCR0@@YGXPAX@Z
-  - ?Run@CAutoUpdateConfigThread@@UAEXXZ
-  - ?Run@CDelayLoadThread@@UAEXXZ
-  - ?Run@CWorkerThread@@UAEXXZ
-  - ?SeekToEnd@CFile@@QAEJXZ
-  - ?Set@CKEvent@@QAEJJE@Z
-  - ?SetAttributes@CFile@@QAEJK@Z
-  - ?SetBlobCofig@CContext@@UAEJKPAXK@Z
-  - ?SetData@CBlobConfig@@QAEHPAXK@Z
-  - ?SetData@CModuleFileExtConfig@@QAEHPBG@Z
-  - ?SetData@CModuleFlagConfig@@QAEHK@Z
-  - ?SetData@CModuleMultiStringConfig@@QAEHPBGK@Z
-  - ?SetData@CModuleStringConfig@@QAEHPBG@Z
-  - ?SetEngineContext@CContext@@QAEXPAX@Z
-  - ?SetFileExtensionConfig@CContext@@UAEJKPBG@Z
-  - ?SetFlagConfig@CContext@@UAEJKK@Z
-  - ?SetLinkContext@CContext@@QAEXPAX@Z
-  - ?SetLogFlag@CDebugLog@@QAEEK@Z
-  - ?SetLogFlag@CDebugLogEx@@QAEEK@Z
-  - ?SetMatchAllExtensions@CFileExtension@@QAEXE@Z
-  - ?SetMatchNoExtensions@CFileExtension@@QAEXE@Z
-  - ?SetMultiStringConfig@CContext@@UAEJKPBG@Z
-  - ?SetNewJobItemEvent@CWorkerThreadJobQueue@@QAEXXZ
-  - ?SetPriority@CSystemThread@@QAEXK@Z
-  - ?SetStopUse@CContext@@QAEXXZ
-  - ?SetStringConfig@CContext@@UAEJKPBG@Z
-  - ?Setup@CSystemThread@@MAEXXZ
-  - ?StopUse@CContext@@QAEHXZ
-  - ?TearDown@CSystemThread@@MAEXXZ
-  - ?Terminate@CSystemThread@@QAEXE@Z
-  - ?Terminate@CWorkerThreadPool@@QAEEXZ
-  - ?Terminate@CWorkerThreadPoolEx@@QAEEXZ
-  - ?TmExceptionFilter@@YGJPAU_EXCEPTION_POINTERS@@@Z
-  - ?Wait@CKEvent@@QAEJPAT_LARGE_INTEGER@@E@Z
-  - ?WaitFinish@CWorkerThreadJob@@QAEXXZ
-  - ?WaitForInit@CDelayLoadThread@@QAEEXZ
-  - ?WaitForLoad@CDelayLoadThread@@QAEEXZ
-  - ?WaitNewJobAvailable@CWorkerThreadJobQueue@@QAEEXZ
-  - ?WaitQueueEmpty@CWorkerThreadJobQueue@@QAEXXZ
-  - ?Write@CDebugLog@@QAAXPBDZZ
-  - ?Write@CDebugLogEx@@QAAXPBDZZ
-  - ?Write@CFile@@QAEJPADKPAT_LARGE_INTEGER@@PAK@Z
-  - ?WriteDataToFile@CDebugLogEx@@IAEXPADK@Z
-  - ?WriteDataToProcMonW@CDebugLogEx@@IAEXPAD@Z
-  - ?WriteSystemInformation@CDebugLog@@QAEXXZ
-  - ?WriteSystemInformation@CDebugLogEx@@QAEXXZ
-  - ?WriteSystemStringInformation@CDebugLog@@IAEXPBG@Z
-  - ?WriteSystemStringInformation@CDebugLogEx@@IAEXPBG@Z
-  - ?WriteToFile@CDebugLog@@IAEXPADK@Z
-  - ?WriteToProcMonW@CDebugLogEx@@IAEXPAU_UNICODE_STRING@@@Z
-  - ?_pNonPagedAllocator@@3PAVCMemoryAllocator@@A
-  - ?_pPagedAllocator@@3PAVCMemoryAllocator@@A
-  - ?m_lpInstance@CWorkerThreadPool@@1PAV1@A
-  - ?m_lpRCMInstance@CWorkerThreadPool@@1PAV1@A
-  - _DeInitKm2UmCommunication@0
-  - _DeInitKmLPC@0
-  - _DuplicateFullFileName@4
-  - _FreeFullFileName@4
-  - _GetFileVersionOfNtoskrnl@16
-  - _GetKm2UmMode@0
-  - _GetModuleInfoByAddress@8
-  - _GetModuleInfoByModuleName@8
-  - _InitKm2UmCommunication@8
-  - _InitKmLPC@0
-  - _IsWindows8_1_update@4
-  - _KmCallUm@8
-  - _KmCallUmByLPC@8
-  - _KmCallUmEx@12
-  - _KmCleanupCommPortAPIs@0
-  - _KmGetUmInitProcess@0
-  - _KmSetCommPortAPIs@4
-  - _ModGetExportProcAddress@8
-  - _ModLoadDLLToBuffer@4
-  - _ModLoadDLLToBufferWithImageSize@8
-  - _ModLoadModule@8
-  - _ModUnLoadModule@4
-  - _NormalizeFileName@4
-  - _NormalizeFullNtPathToDosName@4
-  - _TmCommConfigRoutine@4
-  - _UtilAddDeviceInDriveTable@4
-  - _UtilAddReparsePointMapping@8
-  - _UtilCleanFileReadOnly@4
-  - _UtilCloseExclusiveHandle@12
-  - _UtilCreateDosFileName@8
-  - _UtilDeleteFileForce@4
-  - _UtilGetDeviceObjectName@8
-  - _UtilGetFileNameFromFileObject@4
-  - _UtilGetFileObjectForProcessByEPROC@8
-  - _UtilGetFileObjectFromFileName@12
-  - _UtilGetProcessName@12
-  - _UtilGetSystemDirectory@4
-  - _UtilGetSystemDirectoryEx@0
-  - _UtilGetSystemDirectoryLength@0
-  - _UtilGetSystemTime@4
-  - _UtilIoSetFileInfo@24
-  - _UtilIopCreateFileIRP@40
-  - _UtilKeGetLowFileDevice@16
-  - _UtilModuleIATHook@24
-  - _UtilModuleIATUnHook@8
-  - _UtilPostJobToWorkerThread@12
-  - _UtilQueryExclusiveHandle@12
-  - _UtilQueryKeyValue@24
-  - _UtilRemoveDeviceFromDriveTable@4
-  - _UtilVolumeDeviceToDosName@8
-  - _UtilWaitValueChangeToZero@8
-  - _UtilWriteVersionToRegistry@8
-  - _UtilbuildDynamicDiskMappingTable@0
-  - _UtlWriteBinValueKeyToRegistry@16
-  - _ValidateAddressWithSize@20
-  - __ResetProtectFromClose@4
-  - __UtilDosPathNameToNtPathName@12
-  ImportedFunctions:
-  - KePulseEvent
-  - KeClearEvent
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - ObfDereferenceObject
-  - ZwSetEvent
-  - ZwClose
-  - ZwConnectPort
-  - RtlInitUnicodeString
-  - RtlUnicodeStringToInteger
-  - ZwCreateSection
-  - ZwWaitForSingleObject
-  - ZwOpenEvent
-  - IoGetCurrentProcess
-  - ObfReferenceObject
-  - DbgBreakPoint
-  - ZwRequestWaitReplyPort
-  - ExFreePoolWithTag
-  - ProbeForWrite
-  - ZwFreeVirtualMemory
-  - ZwAllocateVirtualMemory
-  - ObOpenObjectByPointer
-  - PsProcessType
-  - memmove
-  - PsGetProcessExitTime
-  - MmSectionObjectType
-  - PsThreadType
-  - MmGetSystemRoutineAddress
-  - ObReleaseObjectSecurity
-  - SeReleaseSubjectContext
-  - SeAccessCheck
-  - SeCaptureSubjectContext
-  - ObGetObjectSecurity
-  - DbgPrint
-  - memset
-  - MmIsAddressValid
-  - ExInitializeResourceLite
-  - ExDeleteResourceLite
-  - ZwWriteFile
-  - ZwReadFile
-  - ZwQueryInformationFile
-  - ZwSetInformationFile
-  - ZwCreateFile
-  - swprintf
-  - towupper
-  - _wcsnicmp
-  - ExAllocatePoolWithTag
-  - KeInitializeEvent
-  - _snprintf
-  - PsGetCurrentProcessId
-  - RtlTimeToTimeFields
-  - ExSystemTimeToLocalTime
-  - KeQuerySystemTime
-  - PsGetCurrentThreadId
-  - RtlInitAnsiString
-  - ZwDeviceIoControlFile
-  - ZwCreateKey
-  - ZwCreateEvent
-  - KeWaitForMultipleObjects
-  - ObReferenceObjectByHandle
-  - ZwNotifyChangeKey
-  - _vsnprintf
-  - RtlFreeUnicodeString
-  - RtlAnsiStringToUnicodeString
-  - RtlEqualUnicodeString
-  - RtlAppendUnicodeStringToString
-  - RtlCopyUnicodeString
-  - RtlUpcaseUnicodeChar
-  - ExGetPreviousMode
-  - KeWaitForSingleObject
-  - KeSetPriorityThread
-  - PsTerminateSystemThread
-  - PsCreateSystemThread
-  - KeDelayExecutionThread
-  - KeNumberProcessors
-  - ZwQueryInformationProcess
-  - PsLookupProcessByProcessId
-  - ZwOpenDirectoryObject
-  - PsSetCreateProcessNotifyRoutine
-  - ZwQuerySystemInformation
-  - ZwQueryDirectoryFile
-  - ZwQueryDirectoryObject
-  - ZwDuplicateObject
-  - ZwOpenKey
-  - ZwEnumerateKey
-  - ZwEnumerateValueKey
-  - ZwQueryValueKey
-  - ZwDeleteValueKey
-  - ZwDeleteKey
-  - ZwTerminateProcess
-  - ZwOpenProcess
-  - ZwQueryKey
-  - ZwSetValueKey
-  - IoFileObjectType
-  - KeSetEvent
-  - ZwQuerySecurityObject
-  - ZwSetSecurityObject
-  - RtlLengthSecurityDescriptor
-  - MmHighestUserAddress
-  - IoFreeIrp
-  - _purecall
-  - MmUnlockPages
-  - IoBuildAsynchronousFsdRequest
-  - _strnicmp
-  - RtlQueryRegistryValues
-  - RtlAppendUnicodeToString
-  - mbstowcs
-  - ZwQuerySymbolicLinkObject
-  - ZwOpenSymbolicLinkObject
-  - NtClose
-  - ObQueryNameString
-  - ZwSetInformationObject
-  - _stricmp
-  - ZwUnmapViewOfSection
-  - ZwMapViewOfSection
-  - ZwOpenFile
-  - IoCreateFile
-  - IofCallDriver
-  - IoAllocateIrp
-  - MmBuildMdlForNonPagedPool
-  - IoAllocateMdl
-  - ProbeForRead
-  - PsGetVersion
-  - RtlImageNtHeader
-  - RtlCompareMemory
-  - RtlUpcaseUnicodeString
-  - _snwprintf
-  - MmSystemRangeStart
-  - wcsncmp
-  - RtlCompareUnicodeString
-  - strrchr
-  - ZwQueryVolumeInformationFile
-  - ObReferenceObjectByPointer
-  - IoBuildDeviceIoControlRequest
-  - ZwOpenSection
-  - _allmul
-  - KeReleaseSemaphore
-  - RtlLengthRequiredSid
-  - RtlInitializeSid
-  - RtlSubAuthoritySid
-  - RtlSetDaclSecurityDescriptor
-  - RtlCreateSecurityDescriptor
-  - RtlAddAccessAllowedAce
-  - RtlCreateAcl
-  - KeInitializeSemaphore
-  - IoGetDeviceObjectPointer
-  - IofCompleteRequest
-  - ExEventObjectType
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - IoCreateSymbolicLink
-  - RtlUpperChar
-  - ObReferenceObjectByName
-  - IoDriverObjectType
-  - strncpy
-  - KeServiceDescriptorTable
-  - NtOpenProcess
-  - ObOpenObjectByName
-  - NtQueryInformationProcess
-  - PsIsThreadTerminating
-  - KeAddSystemServiceTable
-  - ZwQueryObject
-  - ZwFsControlFile
-  - ObInsertObject
-  - IoReleaseVpbSpinLock
-  - IoAcquireVpbSpinLock
-  - SeCreateAccessState
-  - IoGetFileObjectGenericMapping
-  - ObCreateObject
-  - _allshr
-  - ExInterlockedPopEntrySList
-  - IoGetStackLimits
-  - IoBuildSynchronousFsdRequest
-  - wcsstr
-  - IoUnregisterPlugPlayNotification
-  - FsRtlIsNameInExpression
-  - IoGetConfigurationInformation
-  - MmProbeAndLockPages
-  - IoGetDeviceInterfaces
-  - IoRegisterPlugPlayNotification
-  - ExAllocatePool
-  - wcschr
-  - KeTickCount
-  - KeBugCheckEx
-  - RtlUnwind
-  - wcsrchr
-  - memcpy
-  - wcsncpy
-  - ExReleaseResourceLite
-  - ExAcquireResourceExclusiveLite
-  - ExAcquireResourceSharedLite
-  - ExReleaseFastMutexUnsafe
-  - KeLeaveCriticalRegion
-  - KeEnterCriticalRegion
-  - _allrem
-  - ExAcquireFastMutexUnsafe
-  - IoDeviceObjectType
-  - IoCreateDevice
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetSaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - SeExports
-  - IoIsWdmVersionAvailable
-  - RtlLengthSid
-  - RtlAbsoluteToSelfRelativeSD
-  - IoFreeMdl
-  - KeGetCurrentThread
-  - KfAcquireSpinLock
-  - KfReleaseSpinLock
-  - KeRaiseIrqlToDpcLevel
-  - KfLowerIrql
-  - KeAcquireQueuedSpinLock
-  - KeReleaseQueuedSpinLock
-  - ExAcquireFastMutex
-  - ExReleaseFastMutex
-  - KeGetCurrentIrql
-  - KfRaiseIrql
-  - ClassInitialize
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=TW, L=Taipei, O=Trend Micro, Inc., OU=Taipei, TW, CN=Trend Micro,
-        Inc.
-      ValidFrom: '2019-07-12 00:00:00'
-      ValidTo: '2020-07-10 12:00:00'
-      Signature: 5c08ae5d586a4751195382d6889dc2fc500e7c39c641e1a58def8d923e12b754e2cc35720cc8d3d29382980debf7d98fcc17d764187126dd07c134fdbb96dd44fe8a40195df6f6acd1881fa5ba2921dadceb3f64422344672834813916bbdf317533cf6aaf3317d78197d7d6c560ad681de135f39e2d4ad345b7fe491162660a5462c6075fd725382df1e6e6bc3a4c443be778f79b07f181082e38150ca28ab932f99e4bc4185dc5b3b6edf22c187fdfd84e23a21e7da1989837f43b89aa172e6b34dbcb297bffd511a1d1c100b25e0e921f622a0845e23317f9fec83659ca21c241800683e0dd66ce4d042a8aefc4142b5923a6fa93ee72c48e8dc04c13b4b0
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ea0fe4dfb74cc64bc32143103c27c8b
-      Version: 3
-      TBS:
-        MD5: e93e004baa6013b41135ac0648e29d5b
-        SHA1: dc91e26674d4b627319c700d3ebb1a6cf83d358e
-        SHA256: 0d20335edb166a303411548471bee6f301c8b4f7f7e453d09c15303de2c888d7
-        SHA384: 5e0130ee64e28e6366fcf0ca8a126b3f7e06eec60b8a46ac90dbfa858aac8f0c1a9cce248a606fdf9a98eae98dd5d887
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
-      Version: 3
-      TBS:
-        MD5: 829995f702421dea833a24fb2c7f4442
-        SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
-        SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
-        SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 0ea0fe4dfb74cc64bc32143103c27c8b
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 8ae6b3a63d3444e617eba17c3a93979e
-    SHA1: 3cc95db9109125c87a3cb737bbe371034d9c3ade
-    SHA256: 118d8d8e4d2d1ce80640e7b28300dd41389daf9bdbdc6ad2e9fefcde4aab7ad2
-  Sections:
-    .text:
-      Entropy: 6.674077726621015
-      Virtual Size: '0x355ca'
-    .rdata:
-      Entropy: 4.891820584938996
-      Virtual Size: '0x23dc'
-    .data:
-      Entropy: 3.899869327051466
-      Virtual Size: '0x35f8'
-    PAGE:
-      Entropy: 6.276023697743035
-      Virtual Size: '0x13dd'
-    .edata:
-      Entropy: 5.839764121834591
-      Virtual Size: '0x55d9'
-    INIT:
-      Entropy: 5.540833069832532
-      Virtual Size: '0x1676'
-    .rsrc:
-      Entropy: 3.368081864049287
-      Virtual Size: '0x568'
-    .reloc:
-      Entropy: 6.521676719817061
-      Virtual Size: '0x3704'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2020-06-28 23:59:05'
-  Imphash: 74cc5d779ee7dbc9f389bab9dcccac50
-  LoadsDespiteHVCI: 'TRUE'
-- Filename: TmComm.sys
-  MD5: c42caa9cdcc50c01cb2fed985a03fe23
-  SHA1: b3c111d7192cfa8824e5c9b7c0660c37978025d6
-  SHA256: c9014b03866bf37faa8fdb16b6af7cfec976aaef179fd5797d0c0bf8079d3a8c
-  Authentihash:
-    MD5: eee43fab6af4ff34b0c35892e7765798
-    SHA1: a8baa1f52375ab24150d0cba4c62a4b0f5080ef4
-    SHA256: 81c301c77dbfff44567165139e9a5ee3af2aee838298451c7075dc6e1aae489f
-  Description: TrendMicro Common Module
-  Company: Trend Micro Inc.
-  InternalName: TmComm.sys
-  OriginalFilename: TmComm.sys
-  FileVersion: 2.0.0.1118
-  Product: AEGIS
-  ProductVersion: '2.0'
-  Copyright: Copyright (C) 2005-2007 Trend Micro Incorporated. All rights reserved.
-  MachineType: I386
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions:
-  - ??0CAutoUpdateConfigThread@@QAE@ABV0@@Z
-  - ??0CAutoUpdateConfigThread@@QAE@PAU_UNICODE_STRING@@P6GX0PAX@Z1@Z
-  - ??0CBlobConfig@@QAE@ABV0@@Z
-  - ??0CBlobConfig@@QAE@K@Z
-  - ??0CContext@@QAE@ABV0@@Z
-  - ??0CContext@@QAE@KP6GJPAU_EVENT_REPORT@@PAXPAU_TMCE_REPORT@@PAU_TMCE_FEEDBACK@@@Z1K@Z
-  - ??0CContextList@@QAE@ABV0@@Z
-  - ??0CContextList@@QAE@KPAVIMemoryAllocator@@@Z
-  - ??0CDebugLog@@QAE@ABV0@@Z
-  - ??0CDebugLog@@QAE@PBG@Z
-  - ??0CExclusionExtConfig@@QAE@ABV0@@Z
-  - ??0CExclusionExtConfig@@QAE@KKE@Z
-  - ??0CExclusionFileNameConfig@@QAE@ABV0@@Z
-  - ??0CExclusionFileNameConfig@@QAE@KK@Z
-  - ??0CExclusionFilePathConfig@@QAE@ABV0@@Z
-  - ??0CExclusionFilePathConfig@@QAE@KK@Z
-  - ??0CExclusionFolderConfig@@QAE@ABV0@@Z
-  - ??0CExclusionFolderConfig@@QAE@KK@Z
-  - ??0CExclusionRegistryConfig@@QAE@ABV0@@Z
-  - ??0CExclusionRegistryConfig@@QAE@KK@Z
-  - ??0CFile@@QAE@ABV0@@Z
-  - ??0CFile@@QAE@E@Z
-  - ??0CFileExtension@@QAE@ABV0@@Z
-  - ??0CFileExtension@@QAE@KEEPAVIMemoryAllocator@@@Z
-  - ??0CKEvent@@QAE@ABV0@@Z
-  - ??0CKEvent@@QAE@W4_EVENT_TYPE@@E@Z
-  - ??0CList@@QAE@ABV0@@Z
-  - ??0CList@@QAE@KPAVIMemoryAllocator@@@Z
-  - ??0CLockEvent@@QAE@ABV0@@Z
-  - ??0CLockEvent@@QAE@XZ
-  - ??0CLockList@@QAE@ABV0@@Z
-  - ??0CLockList@@QAE@KKPAVIMemoryAllocator@@@Z
-  - ??0CMemoryAllocator@@IAE@W4_POOL_TYPE@@K@Z
-  - ??0CMemoryAllocator@@QAE@ABV0@@Z
-  - ??0CMemoryPoolAllocator@@IAE@W4_POOL_TYPE@@KKK@Z
-  - ??0CMemoryPoolAllocator@@QAE@ABV0@@Z
-  - ??0CModuleConfig@@QAE@ABV0@@Z
-  - ??0CModuleConfig@@QAE@XZ
-  - ??0CModuleConfigList@@QAE@ABV0@@Z
-  - ??0CModuleConfigList@@QAE@KPAVIMemoryAllocator@@@Z
-  - ??0CModuleFileExtConfig@@QAE@ABV0@@Z
-  - ??0CModuleFileExtConfig@@QAE@KKE@Z
-  - ??0CModuleFlagConfig@@QAE@ABV0@@Z
-  - ??0CModuleFlagConfig@@QAE@K@Z
-  - ??0CModuleMultiStringConfig@@QAE@ABV0@@Z
-  - ??0CModuleMultiStringConfig@@QAE@KK@Z
-  - ??0CModuleStringConfig@@QAE@ABV0@@Z
-  - ??0CModuleStringConfig@@QAE@K@Z
-  - ??0CSmartLock@@QAE@AAVCLockEvent@@@Z
-  - ??0CSmartLock@@QAE@XZ
-  - ??0CSmartReference@@QAE@AAJ@Z
-  - ??0CSmartReference@@QAE@AAK@Z
-  - ??0CStrList@@QAE@ABV0@@Z
-  - ??0CStrList@@QAE@KPAVIMemoryAllocator@@@Z
-  - ??0CSystemThread@@QAE@ABV0@@Z
-  - ??0CSystemThread@@QAE@K@Z
-  - ??0CUserFuncAdapterJob@@QAE@ABV0@@Z
-  - ??0CUserFuncAdapterJob@@QAE@P6GXPAX@Z0@Z
-  - ??0CWorkerThread@@IAE@PAVCWorkerThreadJobQueue@@@Z
-  - ??0CWorkerThread@@QAE@ABV0@@Z
-  - ??0CWorkerThreadJob@@QAE@ABV0@@Z
-  - ??0CWorkerThreadJob@@QAE@E@Z
-  - ??0CWorkerThreadJobQueue@@QAE@ABV0@@Z
-  - ??0CWorkerThreadJobQueue@@QAE@K@Z
-  - ??0CWorkerThreadPool@@QAE@ABV0@@Z
-  - ??0CWorkerThreadPool@@QAE@K@Z
-  - ??0IMemoryAllocator@@QAE@ABV0@@Z
-  - ??0IMemoryAllocator@@QAE@XZ
-  - ??1CAutoUpdateConfigThread@@UAE@XZ
-  - ??1CBlobConfig@@UAE@XZ
-  - ??1CContext@@UAE@XZ
-  - ??1CContextList@@UAE@XZ
-  - ??1CDebugLog@@UAE@XZ
-  - ??1CExclusionExtConfig@@UAE@XZ
-  - ??1CExclusionFileNameConfig@@UAE@XZ
-  - ??1CExclusionFilePathConfig@@UAE@XZ
-  - ??1CExclusionFolderConfig@@UAE@XZ
-  - ??1CExclusionRegistryConfig@@UAE@XZ
-  - ??1CFile@@UAE@XZ
-  - ??1CFileExtension@@UAE@XZ
-  - ??1CKEvent@@UAE@XZ
-  - ??1CList@@UAE@XZ
-  - ??1CLockEvent@@UAE@XZ
-  - ??1CLockList@@UAE@XZ
-  - ??1CMemoryAllocator@@UAE@XZ
-  - ??1CMemoryPoolAllocator@@UAE@XZ
-  - ??1CModuleConfig@@UAE@XZ
-  - ??1CModuleConfigList@@UAE@XZ
-  - ??1CModuleFileExtConfig@@UAE@XZ
-  - ??1CModuleFlagConfig@@UAE@XZ
-  - ??1CModuleMultiStringConfig@@UAE@XZ
-  - ??1CModuleStringConfig@@UAE@XZ
-  - ??1CSmartLock@@QAE@XZ
-  - ??1CSmartReference@@QAE@XZ
-  - ??1CStrList@@UAE@XZ
-  - ??1CSystemThread@@UAE@XZ
-  - ??1CUserFuncAdapterJob@@UAE@XZ
-  - ??1CWorkerThread@@UAE@XZ
-  - ??1CWorkerThreadJob@@UAE@XZ
-  - ??1CWorkerThreadJobQueue@@UAE@XZ
-  - ??1CWorkerThreadPool@@UAE@XZ
-  - ??1IMemoryAllocator@@UAE@XZ
-  - ??2@YAPAXIPAVIMemoryAllocator@@PBDK@Z
-  - ??2CMemoryAllocator@@SGPAXI@Z
-  - ??2CMemoryPoolAllocator@@SGPAXI@Z
-  - ??3@YAXPAX@Z
-  - ??3IMemoryAllocator@@SGXPAX@Z
-  - ??4CAutoUpdateConfigThread@@QAEAAV0@ABV0@@Z
-  - ??4CBlobConfig@@QAEAAV0@ABV0@@Z
-  - ??4CContext@@QAEAAV0@ABV0@@Z
-  - ??4CDebugLog@@QAEAAV0@ABV0@@Z
-  - ??4CFile@@QAEAAV0@ABV0@@Z
-  - ??4CKEvent@@QAEAAV0@ABV0@@Z
-  - ??4CLockEvent@@QAEAAV0@ABV0@@Z
-  - ??4CMemoryAllocator@@QAEAAV0@ABV0@@Z
-  - ??4CMemoryPoolAllocator@@QAEAAV0@ABV0@@Z
-  - ??4CModuleConfig@@QAEAAV0@ABV0@@Z
-  - ??4CModuleFlagConfig@@QAEAAV0@ABV0@@Z
-  - ??4CModuleStringConfig@@QAEAAV0@ABV0@@Z
-  - ??4CSmartLock@@QAEAAV0@ABV0@@Z
-  - ??4CSmartLock@@QAEABV0@AAVCLockEvent@@@Z
-  - ??4CSystemThread@@QAEAAV0@ABV0@@Z
-  - ??4CUserFuncAdapterJob@@QAEAAV0@ABV0@@Z
-  - ??4CWorkerThread@@QAEAAV0@ABV0@@Z
-  - ??4CWorkerThreadJob@@QAEAAV0@ABV0@@Z
-  - ??4IMemoryAllocator@@QAEAAV0@ABV0@@Z
-  - ??_7CAutoUpdateConfigThread@@6B@
-  - ??_7CBlobConfig@@6B@
-  - ??_7CContext@@6B@
-  - ??_7CContextList@@6B@
-  - ??_7CDebugLog@@6B@
-  - ??_7CExclusionExtConfig@@6B@
-  - ??_7CExclusionFileNameConfig@@6B@
-  - ??_7CExclusionFilePathConfig@@6B@
-  - ??_7CExclusionFolderConfig@@6B@
-  - ??_7CExclusionRegistryConfig@@6B@
-  - ??_7CFile@@6B@
-  - ??_7CFileExtension@@6B@
-  - ??_7CKEvent@@6B@
-  - ??_7CList@@6B@
-  - ??_7CLockEvent@@6B@
-  - ??_7CLockList@@6B@
-  - ??_7CMemoryAllocator@@6B@
-  - ??_7CMemoryPoolAllocator@@6B@
-  - ??_7CModuleConfig@@6B@
-  - ??_7CModuleConfigList@@6B@
-  - ??_7CModuleFileExtConfig@@6B@
-  - ??_7CModuleFlagConfig@@6B@
-  - ??_7CModuleMultiStringConfig@@6B@
-  - ??_7CModuleStringConfig@@6B@
-  - ??_7CStrList@@6B@
-  - ??_7CSystemThread@@6B@
-  - ??_7CUserFuncAdapterJob@@6B@
-  - ??_7CWorkerThread@@6B@
-  - ??_7CWorkerThreadJob@@6B@
-  - ??_7CWorkerThreadJobQueue@@6B@
-  - ??_7CWorkerThreadPool@@6B@
-  - ??_7IMemoryAllocator@@6B@
-  - ??_FCContextList@@QAEXXZ
-  - ??_FCFile@@QAEXXZ
-  - ??_FCFileExtension@@QAEXXZ
-  - ??_FCModuleConfigList@@QAEXXZ
-  - ??_FCStrList@@QAEXXZ
-  - ??_FCSystemThread@@QAEXXZ
-  - ??_FCWorkerThread@@QAEXXZ
-  - ??_FCWorkerThreadJob@@QAEXXZ
-  - ??_FCWorkerThreadJobQueue@@QAEXXZ
-  - ??_U@YAPAXIPAVIMemoryAllocator@@PBDK@Z
-  - ??_V@YAXPAX@Z
-  - ?Acquire@CLockEvent@@QAEXXZ
-  - ?Add@CContextList@@QAEEPAVCContext@@@Z
-  - ?Add@CFileExtension@@QAEEPBGK@Z
-  - ?Add@CModuleConfigList@@QAEEPAVCModuleConfig@@@Z
-  - ?Add@CStrList@@QAEEPBG@Z
-  - ?Alloc@CMemoryAllocator@@UAEPAXKPBDK@Z
-  - ?Alloc@CMemoryPoolAllocator@@UAEPAXKPBDK@Z
-  - ?AllocBlock@CMemoryPoolAllocator@@IAEPAXK@Z
-  - ?AttachJobQueue@CWorkerThread@@QAEXPAVCWorkerThreadJobQueue@@@Z
-  - ?Cancel@CWorkerThreadJob@@QAEXXZ
-  - ?CheckNode@CLockList@@UAEHQAX@Z
-  - ?CleanQueue@CWorkerThreadJobQueue@@QAEXXZ
-  - ?Cleanup@CBlobConfig@@AAEXXZ
-  - ?Cleanup@CModuleFileExtConfig@@IAEXXZ
-  - ?Cleanup@CModuleMultiStringConfig@@IAEXXZ
-  - ?Cleanup@CModuleStringConfig@@AAEXXZ
-  - ?Close@CFile@@QAEJXZ
-  - ?Count@CLockList@@QAEKXZ
-  - ?Create@CFile@@QAEJPBGKKKK@Z
-  - ?Create@CSystemThread@@QAEEXZ
-  - ?CreateInstance@CMemoryAllocator@@SGPAV1@W4_POOL_TYPE@@K@Z
-  - ?CreateInstance@CMemoryPoolAllocator@@SGPAV1@W4_POOL_TYPE@@KKK@Z
-  - ?CreatePool@CWorkerThreadPool@@QAEEXZ
-  - ?CreateThreads@CWorkerThreadPool@@QAEEK@Z
-  - ?Delete@CFile@@QAEJXZ
-  - ?Delete@CFileExtension@@QAEEPBGK@Z
-  - ?Delete@CStrList@@QAEEPBG@Z
-  - ?DeleteAll@CList@@UAEXXZ
-  - ?DeleteAll@CLockList@@UAEXXZ
-  - ?DeleteNode@CContextList@@MAEXPAX@Z
-  - ?DeleteNode@CList@@UAEXPAX@Z
-  - ?DeleteNode@CModuleConfigList@@MAEXPAX@Z
-  - ?DeleteNode@CStrList@@EAEXPAU_STR_LIST_NODE@1@@Z
-  - ?DisableWriteProtectFromCR0@@YGXPAPAX@Z
-  - ?DoIt@CWorkerThreadJob@@QAEJXZ
-  - ?EntryPoint@CSystemThread@@KGXPAX@Z
-  - ?Find@CContextList@@QAEPAVCContext@@K@Z
-  - ?Find@CContextList@@QAEPAVCContext@@PAX@Z
-  - ?Find@CFileExtension@@QAEPAU_STR_LIST_NODE@CStrList@@PBGK@Z
-  - ?Find@CModuleConfigList@@QAEPAVCModuleConfig@@K@Z
-  - ?Find@CStrList@@QAEPAU_STR_LIST_NODE@1@PBG@Z
-  - ?FindNode@CContextList@@IAEPAXPAX@Z
-  - ?FindPartiallyAndAllMatch@CStrList@@QAEPAU_STR_LIST_NODE@1@PBG@Z
-  - ?First@CList@@UAEPAXXZ
-  - ?First@CLockList@@UAEPAXXZ
-  - ?Free@CMemoryAllocator@@UAEXPAX@Z
-  - ?Free@CMemoryPoolAllocator@@UAEXPAX@Z
-  - ?GetAttributes@CFile@@QAEKXZ
-  - ?GetBasicInfomration@CFile@@IAEJXZ
-  - ?GetBlobCofig@CContext@@UAEJKPAXPAK@Z
-  - ?GetCategory@CContext@@QAEKXZ
-  - ?GetData@CBlobConfig@@QAEHPAXPAK@Z
-  - ?GetData@CModuleFileExtConfig@@QAEHPAGPAK@Z
-  - ?GetData@CModuleFileExtConfig@@QAEPAVCFileExtension@@XZ
-  - ?GetData@CModuleFlagConfig@@QAEKXZ
-  - ?GetData@CModuleMultiStringConfig@@QAEHPAGPAK@Z
-  - ?GetData@CModuleMultiStringConfig@@QAEPAVCStrList@@XZ
-  - ?GetData@CModuleStringConfig@@QAEPAGXZ
-  - ?GetData@CStrList@@QAEEPAGPAK@Z
-  - ?GetDataType@CModuleConfig@@QAEKXZ
-  - ?GetEngineContext@CContext@@QAEPAXXZ
-  - ?GetFileExtensionConfig@CContext@@QAEPAVCFileExtension@@K@Z
-  - ?GetFileExtensionConfig@CContext@@UAEJKPAGPAK@Z
-  - ?GetFileSize@CFile@@QAEJPAT_LARGE_INTEGER@@@Z
-  - ?GetFlagConfig@CContext@@UAEJKPAK@Z
-  - ?GetID@CModuleConfig@@QAEKXZ
-  - ?GetJob@CWorkerThreadJobQueue@@QAEPAVCWorkerThreadJob@@XZ
-  - ?GetLength@CModuleStringConfig@@QAEKXZ
-  - ?GetLinkContext@CContext@@QAEPAXXZ
-  - ?GetLogFlag@CDebugLog@@QAEKXZ
-  - ?GetModuleId@CModuleConfig@@QAEKXZ
-  - ?GetMultiStringConfig@CContext@@QAEPAVCStrList@@K@Z
-  - ?GetMultiStringConfig@CContext@@UAEJKPAGPAK@Z
-  - ?GetOneThreadTEB@CWorkerThreadPool@@QAEPAU_ETHREAD@@XZ
-  - ?GetReportCallBackRoutine@CContext@@QAEKXZ
-  - ?GetSize@CBlobConfig@@QAEKXZ
-  - ?GetStringConfig@CContext@@QAEPAGK@Z
-  - ?GetStringConfig@CContext@@UAEJKPAGPAK@Z
-  - ?GetThreadCount@CWorkerThreadPool@@QAEKXZ
-  - ?GetThreadID@CSystemThread@@QAEKXZ
-  - ?GetType@CContext@@QAEKXZ
-  - ?GetUserParameter@CContext@@QAEKXZ
-  - ?InitializeBlobConfig@CContext@@QAEHKPAXK@Z
-  - ?InitializeFileExtensionConfig@CContext@@QAEHKPBG@Z
-  - ?InitializeFlagConfig@CContext@@QAEHKK@Z
-  - ?InitializeMultiStringConfig@CContext@@QAEHKPBG@Z
-  - ?InitializeStringConfig@CContext@@QAEHKPBG@Z
-  - ?Insert@CList@@UAEXQAXE@Z
-  - ?Insert@CLockList@@UAEXQAXE@Z
-  - ?InsertAfter@CList@@UAEXPAX0@Z
-  - ?InsertBefore@CList@@UAEXPAX0@Z
-  - ?Instance@CWorkerThreadPool@@SGPAV1@XZ
-  - ?IsEmpty@CList@@UAEEXZ
-  - ?IsEmpty@CLockList@@UAEEXZ
-  - ?IsExceedLimitation@CMemoryPoolAllocator@@IAEEK@Z
-  - ?IsFull@CLockList@@QBEEXZ
-  - ?IsInExclusionList@CExclusionExtConfig@@QAEEPBG@Z
-  - ?IsInExclusionList@CExclusionFileNameConfig@@QAEEPBG@Z
-  - ?IsInExclusionList@CExclusionFilePathConfig@@QAEEPBG@Z
-  - ?IsInExclusionList@CExclusionFolderConfig@@QAEEPBG@Z
-  - ?IsInExclusionList@CExclusionRegistryConfig@@QAEEPBG@Z
-  - ?IsOpened@CFile@@QAEEXZ
-  - ?IsTerminated@CWorkerThreadPool@@QAEEXZ
-  - ?IsValid@CMemoryAllocator@@UAEEXZ
-  - ?IsValid@CMemoryPoolAllocator@@UAEEXZ
-  - ?IsValid@IMemoryAllocator@@UAEEXZ
-  - ?IsWorkerThread@CWorkerThreadPool@@QAEEK@Z
-  - ?JobFunction@CUserFuncAdapterJob@@MAEXXZ
-  - ?JobQueue@CWorkerThreadPool@@QAEAAVCWorkerThreadJobQueue@@XZ
-  - ?Limit@CLockList@@QAEKXZ
-  - ?MatchAllExtensions@CFileExtension@@QAEEXZ
-  - ?MatchNoExtensions@CFileExtension@@QAEEXZ
-  - ?MergeLeft@CMemoryPoolAllocator@@IAEPAXPAX@Z
-  - ?MergeRight@CMemoryPoolAllocator@@IAEPAXPAX@Z
-  - ?NeedDelete@CWorkerThreadJob@@QAEEXZ
-  - ?NeedDeleteWhenFinish@CWorkerThreadJob@@QAEXE@Z
-  - ?NewNode@CList@@UAEPAXXZ
-  - ?NewNode@CStrList@@EAEPAXXZ
-  - ?NewNodeVariant@CList@@IAEPAXK@Z
-  - ?Next@CList@@UBEPAXQAX@Z
-  - ?Next@CLockList@@UBEPAXQAX@Z
-  - ?NextPool@CMemoryPoolAllocator@@QAEPAV1@XZ
-  - ?NotityTerminate@CWorkerThread@@QAEXXZ
-  - ?PostJobToWorkerThread@CWorkerThreadPool@@QAEJP6GXPAX@Z0E@Z
-  - ?Pulse@CKEvent@@QAEJJE@Z
-  - ?QueueJob@CWorkerThreadJobQueue@@QAEEPAVCWorkerThreadJob@@@Z
-  - ?QueueJobItem@CWorkerThreadPool@@QAEJPAVCWorkerThreadJob@@@Z
-  - ?RCMInstance@CWorkerThreadPool@@SGPAV1@XZ
-  - ?Read@CFile@@QAEJPADKPAK@Z
-  - ?ReferenceCount@CContext@@QAEAAKXZ
-  - ?Release@CLockEvent@@QAEXXZ
-  - ?Remove@CContextList@@UAEEQAX@Z
-  - ?Remove@CList@@UAEEQAX@Z
-  - ?Remove@CLockList@@UAEEQAX@Z
-  - ?RemoveHead@CList@@UAEPAXXZ
-  - ?RemoveHead@CLockList@@UAEPAXXZ
-  - ?RemoveTail@CList@@UAEPAXXZ
-  - ?RemoveTail@CLockList@@UAEPAXXZ
-  - ?Reset@CKEvent@@QAEXXZ
-  - ?RestoreCR0@@YGXPAX@Z
-  - ?Run@CAutoUpdateConfigThread@@UAEXXZ
-  - ?Run@CWorkerThread@@UAEXXZ
-  - ?SeekToEnd@CFile@@QAEJXZ
-  - ?Set@CKEvent@@QAEJJE@Z
-  - ?SetAttributes@CFile@@QAEJK@Z
-  - ?SetBlobCofig@CContext@@UAEJKPAXK@Z
-  - ?SetData@CBlobConfig@@QAEHPAXK@Z
-  - ?SetData@CModuleFileExtConfig@@QAEHPBG@Z
-  - ?SetData@CModuleFlagConfig@@QAEHK@Z
-  - ?SetData@CModuleMultiStringConfig@@QAEHPBG@Z
-  - ?SetData@CModuleStringConfig@@QAEHPBG@Z
-  - ?SetEngineContext@CContext@@QAEXPAX@Z
-  - ?SetFileExtensionConfig@CContext@@UAEJKPBG@Z
-  - ?SetFlagConfig@CContext@@UAEJKK@Z
-  - ?SetLinkContext@CContext@@QAEXPAX@Z
-  - ?SetLogFlag@CDebugLog@@QAEEK@Z
-  - ?SetMatchAllExtensions@CFileExtension@@QAEXE@Z
-  - ?SetMatchNoExtensions@CFileExtension@@QAEXE@Z
-  - ?SetMultiStringConfig@CContext@@UAEJKPBG@Z
-  - ?SetNewJobItemEvent@CWorkerThreadJobQueue@@QAEXXZ
-  - ?SetPriority@CSystemThread@@QAEXK@Z
-  - ?SetStopUse@CContext@@QAEXXZ
-  - ?SetStringConfig@CContext@@UAEJKPBG@Z
-  - ?Setup@CSystemThread@@MAEXXZ
-  - ?StopUse@CContext@@QAEHXZ
-  - ?TearDown@CSystemThread@@MAEXXZ
-  - ?Terminate@CSystemThread@@QAEXE@Z
-  - ?Terminate@CWorkerThreadPool@@QAEEXZ
-  - ?TmExceptionFilter@@YGJPAU_EXCEPTION_POINTERS@@@Z
-  - ?Wait@CKEvent@@QAEJPAT_LARGE_INTEGER@@E@Z
-  - ?WaitFinish@CWorkerThreadJob@@QAEXXZ
-  - ?WaitNewJobAvailable@CWorkerThreadJobQueue@@QAEEXZ
-  - ?Write@CDebugLog@@QAAXPBDZZ
-  - ?Write@CFile@@QAEJPADKPAT_LARGE_INTEGER@@PAK@Z
-  - ?WriteSystemInformation@CDebugLog@@QAEXXZ
-  - ?WriteSystemStringInformation@CDebugLog@@IAEXPBG@Z
-  - ?WriteToFile@CDebugLog@@IAEXPADK@Z
-  - ?_pNonPagedAllocator@@3PAVCMemoryAllocator@@A
-  - ?_pPagedAllocator@@3PAVCMemoryAllocator@@A
-  - ?m_lpInstance@CWorkerThreadPool@@1PAV1@A
-  - ?m_lpRCMInstance@CWorkerThreadPool@@1PAV1@A
-  - _DeInitKmLPC@0
-  - _GetModuleInfoByAddress@8
-  - _GetModuleInfoByModuleName@8
-  - _InitKmLPC@0
-  - _KmCallUm@8
-  - _MapMem@12
-  - _ModGetExportProcAddress@8
-  - _ModLoadDLLToBuffer@4
-  - _ModLoadModule@8
-  - _ModUnLoadModule@4
-  - _TmCommConfigRoutine@4
-  - _UnMapMem@8
-  - _UtilGetProcessName@12
-  - _UtilGetSystemTime@4
-  - _UtilIoSetFileInfo@24
-  - _UtilIopCreateFileIRP@40
-  - _UtilKeGetLowFileDevice@16
-  - _UtilQueryKeyValue@24
-  - _UtilVolumeDeviceToDosName@8
-  - _UtilWaitValueChangeToZero@8
-  - _UtilWriteVersionToRegistry@8
-  ImportedFunctions:
-  - _purecall
-  - ExAcquireFastMutexUnsafe
-  - KeEnterCriticalRegion
-  - KeGetCurrentThread
-  - KeLeaveCriticalRegion
-  - ExReleaseFastMutexUnsafe
-  - wcsncpy
-  - memcpy
-  - wcsrchr
-  - KeSetEvent
-  - KePulseEvent
-  - KeClearEvent
-  - IofCompleteRequest
-  - ZwClose
-  - KeDelayExecutionThread
-  - ObfDereferenceObject
-  - ObReferenceObjectByHandle
-  - ExEventObjectType
-  - ZwCreateEvent
-  - RtlInitUnicodeString
-  - swprintf
-  - KeQuerySystemTime
-  - KeWaitForSingleObject
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - IoCreateSymbolicLink
-  - DbgPrint
-  - RtlCopyUnicodeString
-  - ProbeForWrite
-  - ProbeForRead
-  - ExGetPreviousMode
-  - memset
-  - MmIsAddressValid
-  - ZwWriteFile
-  - ZwReadFile
-  - ZwQueryInformationFile
-  - ZwSetInformationFile
-  - ZwCreateFile
-  - towupper
-  - _wcsnicmp
-  - _snprintf
-  - PsGetCurrentProcessId
-  - IoGetCurrentProcess
-  - RtlTimeToTimeFields
-  - ExSystemTimeToLocalTime
-  - ZwCreateKey
-  - KeInitializeEvent
-  - KeWaitForMultipleObjects
-  - ZwNotifyChangeKey
-  - PsGetCurrentThreadId
-  - _vsnprintf
-  - MmMapLockedPagesSpecifyCache
-  - MmBuildMdlForNonPagedPool
-  - MmCreateMdl
-  - ExFreePoolWithTag
-  - MmUnmapLockedPages
-  - ExAllocatePoolWithTag
-  - RtlImageNtHeader
-  - mbstowcs
-  - _stricmp
-  - ZwQuerySystemInformation
-  - IoGetDeviceObjectPointer
-  - KeServiceDescriptorTable
-  - KeAddSystemServiceTable
-  - _strnicmp
-  - PsLookupProcessByProcessId
-  - KeUnstackDetachProcess
-  - KeStackAttachProcess
-  - ZwQueryObject
-  - ZwDuplicateObject
-  - ZwOpenProcess
-  - KeSetPriorityThread
-  - PsTerminateSystemThread
-  - PsCreateSystemThread
-  - KeNumberProcessors
-  - ZwQueryDirectoryFile
-  - ZwOpenDirectoryObject
-  - ZwQueryDirectoryObject
-  - IoFreeIrp
-  - IoFreeMdl
-  - IofCallDriver
-  - IoAllocateMdl
-  - IoAllocateIrp
-  - IoFileObjectType
-  - ZwOpenKey
-  - ZwEnumerateKey
-  - ZwEnumerateValueKey
-  - ZwQueryValueKey
-  - ZwDeleteValueKey
-  - ZwDeleteKey
-  - ZwQueryKey
-  - ZwSetValueKey
-  - ZwQuerySecurityObject
-  - ObInsertObject
-  - _allrem
-  - strncpy
-  - NtOpenProcess
-  - ObOpenObjectByPointer
-  - PsProcessType
-  - ObReferenceObjectByPointer
-  - MmSectionObjectType
-  - ObQueryNameString
-  - ObOpenObjectByName
-  - RtlAppendUnicodeStringToString
-  - ObfReferenceObject
-  - NtQueryInformationProcess
-  - _snwprintf
-  - RtlAnsiStringToUnicodeString
-  - RtlQueryRegistryValues
-  - RtlAppendUnicodeToString
-  - ZwQuerySymbolicLinkObject
-  - ZwOpenSymbolicLinkObject
-  - RtlEqualUnicodeString
-  - IoCreateFile
-  - PsGetVersion
-  - MmGetSystemRoutineAddress
-  - RtlCompareMemory
-  - IoReleaseVpbSpinLock
-  - IoAcquireVpbSpinLock
-  - SeCreateAccessState
-  - IoGetFileObjectGenericMapping
-  - ObCreateObject
-  - KeInitializeSemaphore
-  - KeReleaseSemaphore
-  - RtlSubAuthoritySid
-  - RtlInitializeSid
-  - RtlLengthRequiredSid
-  - RtlSetDaclSecurityDescriptor
-  - RtlCreateSecurityDescriptor
-  - RtlAddAccessAllowedAce
-  - RtlCreateAcl
-  - ZwSetEvent
-  - ZwRequestWaitReplyPort
-  - memmove
-  - ZwConnectPort
-  - ZwCreateSection
-  - ZwWaitForSingleObject
-  - ZwOpenEvent
-  - ExAllocatePool
-  - KeBugCheckEx
-  - RtlUpperChar
-  - RtlCompareUnicodeString
-  - KeTickCount
-  - ZwSetSecurityObject
-  - IoDeviceObjectType
-  - IoCreateDevice
-  - RtlUnwind
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetSaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - RtlLengthSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - SeExports
-  - IoIsWdmVersionAvailable
-  - RtlLengthSid
-  - wcschr
-  - RtlAbsoluteToSelfRelativeSD
-  - RtlFreeUnicodeString
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=TW, ST=Taiwan, L=Taipei, O=Trend Micro, Inc., OU=Digital ID Class
-        3 , Microsoft Software Validation v2, OU=RD, CN=Trend Micro, Inc.
-      ValidFrom: '2007-01-30 00:00:00'
-      ValidTo: '2008-02-15 23:59:59'
-      Signature: ad2b4e7b5257d4923230029228ae497edd7f8fb5694b021ef1e8a7dbc6c11f7302b8f8d07e7364296d45081c37e0a861df51e62a158847d4925dc5b78da837b24edcd18e671ff0ccbe56e7327437091db3a24e4f471c45cac3916132d2e9b721410b24e83b89779e73b6fef1f026cf155587e0610f872a87321afab6c53ec7a2cfe2048b5928b919e56223762d9c5ce4e2f09ee9a3a6933fb3453a4c808a41a47d245e1ddc951f57ee62ef636ff79e061ce084668d58f3a9f4e1b839af75204b203b7d827b037f3ebc19383e69c6540a780b75d6d22d5e05614665cfa12ca2fe65146d9d684c5a3377c79acc86723943bc522064ac4b545e1a13e88ee4b6fe76
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 225c8b52640584163ec1835017ded781
-      Version: 3
-      TBS:
-        MD5: 1be2a89d67bb40c5a169d9e31c1a85af
-        SHA1: 626dfc9caa0b9c229d6327683e87e36da2f30a3d
-        SHA256: bb4688ce8067e75a34458bff65e0bf0fd213b3e9416108aabb410d305495dc77
-        SHA384: 2e653f784f09ea4b4d116e8eb0bcca663a00e56c644ae68fca89e33a7942ad6abf294c304faf9a651e167e53a7d3efc7
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 225c8b52640584163ec1835017ded781
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: f2d5f582fbb201fc40e2d789cdbc267f
-    SHA1: ff1bf61fd8d7e4cee5a99e78b45d53aafac5a2f1
-    SHA256: 10914edfdb5d97a4c14914cb4f058fc65f31e3b700fa9fe31ad4fcc1dc74cc1d
-  Sections:
-    .text:
-      Entropy: 6.620073654305084
-      Virtual Size: '0x1578c'
-    .rdata:
-      Entropy: 4.841249633294921
-      Virtual Size: '0x1104'
-    .data:
-      Entropy: 1.5135702595033218
-      Virtual Size: '0x14f4'
-    PAGE:
-      Entropy: 6.22827180514407
-      Virtual Size: '0x13d3'
-    .edata:
-      Entropy: 5.790090125317036
-      Virtual Size: '0x4000'
-    INIT:
-      Entropy: 5.6705606908323976
-      Virtual Size: '0xfd2'
-    .rsrc:
-      Entropy: 3.388798265244797
-      Virtual Size: '0x490'
-    .reloc:
-      Entropy: 6.40160183656787
-      Virtual Size: '0x1626'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2007-09-05 04:57:07'
-  Imphash: cbf26c6e8cf7e294bda273e7026a2789
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: TmComm.sys
-  MD5: d79b8b7bed8d30387c22663b24e8c191
-  SHA1: af5b7556706e09ee9e74ee2e87eab5c0a49d2d35
-  SHA256: d783ace822f8fe4e25d5387e5dd249cb72e62f62079023216dc436f1853a150f
-  Authentihash:
-    MD5: ab680a8ed6b727bb2a4e27d124191b89
-    SHA1: 62fe5d3ebcd192fcf985f2e3a27c214051ecf854
-    SHA256: 44120b712e4b5ef3b302f03b7aa61f9f6fe6820d966addbcc43d8e09402e5906
-  Description: TrendMicro Common Module
-  Company: Trend Micro Inc.
-  InternalName: TmComm.sys
-  OriginalFilename: TmComm.sys
-  FileVersion: 5.50.0.1033
-  Product: Trend Micro Eyes
-  ProductVersion: '5.50'
-  Copyright: Copyright (C) 2002 - 2012 Trend Micro Incorporated. All rights reserved.
-  MachineType: I386
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  - CLASSPNP.SYS
-  ExportedFunctions:
-  - ??0CAutoUpdateConfigThread@@QAE@ABV0@@Z
-  - ??0CAutoUpdateConfigThread@@QAE@PAU_UNICODE_STRING@@P6GX0PAX@Z1@Z
-  - ??0CBlobConfig@@QAE@ABV0@@Z
-  - ??0CBlobConfig@@QAE@K@Z
-  - ??0CContext@@QAE@ABV0@@Z
-  - ??0CContext@@QAE@KP6GJPAU_EVENT_REPORT@@PAXPAU_TMCE_REPORT@@PAU_TMCE_FEEDBACK@@@Z1K@Z
-  - ??0CContextList@@QAE@ABV0@@Z
-  - ??0CContextList@@QAE@KPAVIMemoryAllocator@@@Z
-  - ??0CDebugLog@@QAE@ABV0@@Z
-  - ??0CDebugLog@@QAE@PBG@Z
-  - ??0CDelayLoadThread@@QAE@ABV0@@Z
-  - ??0CDelayLoadThread@@QAE@XZ
-  - ??0CExclusionExtConfig@@QAE@ABV0@@Z
-  - ??0CExclusionExtConfig@@QAE@KKE@Z
-  - ??0CExclusionFileNameConfig@@QAE@ABV0@@Z
-  - ??0CExclusionFileNameConfig@@QAE@KK@Z
-  - ??0CExclusionFilePathConfig@@QAE@ABV0@@Z
-  - ??0CExclusionFilePathConfig@@QAE@KK@Z
-  - ??0CExclusionFolderConfig@@QAE@ABV0@@Z
-  - ??0CExclusionFolderConfig@@QAE@KK@Z
-  - ??0CExclusionRegistryConfig@@QAE@ABV0@@Z
-  - ??0CExclusionRegistryConfig@@QAE@KK@Z
-  - ??0CFile@@QAE@ABV0@@Z
-  - ??0CFile@@QAE@E@Z
-  - ??0CFileExtension@@QAE@ABV0@@Z
-  - ??0CFileExtension@@QAE@KEEPAVIMemoryAllocator@@@Z
-  - ??0CInclusionExtConfig@@QAE@ABV0@@Z
-  - ??0CInclusionExtConfig@@QAE@KKE@Z
-  - ??0CInclusionFileNameConfig@@QAE@ABV0@@Z
-  - ??0CInclusionFileNameConfig@@QAE@KK@Z
-  - ??0CInclusionFilePathConfig@@QAE@ABV0@@Z
-  - ??0CInclusionFilePathConfig@@QAE@KK@Z
-  - ??0CInclusionFolderConfig@@QAE@ABV0@@Z
-  - ??0CInclusionFolderConfig@@QAE@KK@Z
-  - ??0CKEvent@@QAE@ABV0@@Z
-  - ??0CKEvent@@QAE@W4_EVENT_TYPE@@E@Z
-  - ??0CList@@QAE@ABV0@@Z
-  - ??0CList@@QAE@KPAVIMemoryAllocator@@@Z
-  - ??0CLockEvent@@QAE@ABV0@@Z
-  - ??0CLockEvent@@QAE@XZ
-  - ??0CLockList@@QAE@ABV0@@Z
-  - ??0CLockList@@QAE@KKPAVIMemoryAllocator@@@Z
-  - ??0CMemoryAllocator@@IAE@W4_POOL_TYPE@@K@Z
-  - ??0CMemoryAllocator@@QAE@ABV0@@Z
-  - ??0CMemoryPoolAllocator@@IAE@W4_POOL_TYPE@@KKK@Z
-  - ??0CMemoryPoolAllocator@@QAE@ABV0@@Z
-  - ??0CModuleConfig@@QAE@ABV0@@Z
-  - ??0CModuleConfig@@QAE@XZ
-  - ??0CModuleConfigList@@QAE@ABV0@@Z
-  - ??0CModuleConfigList@@QAE@KPAVIMemoryAllocator@@@Z
-  - ??0CModuleFileExtConfig@@QAE@ABV0@@Z
-  - ??0CModuleFileExtConfig@@QAE@KKE@Z
-  - ??0CModuleFlagConfig@@QAE@ABV0@@Z
-  - ??0CModuleFlagConfig@@QAE@K@Z
-  - ??0CModuleMultiStringConfig@@QAE@ABV0@@Z
-  - ??0CModuleMultiStringConfig@@QAE@KK@Z
-  - ??0CModuleStringConfig@@QAE@ABV0@@Z
-  - ??0CModuleStringConfig@@QAE@K@Z
-  - ??0CNoLockList@@QAE@ABV0@@Z
-  - ??0CNoLockList@@QAE@KKPAVIMemoryAllocator@@@Z
-  - ??0CSmartLock@@QAE@AAVCLockEvent@@@Z
-  - ??0CSmartLock@@QAE@XZ
-  - ??0CSmartReference@@QAE@AAJ@Z
-  - ??0CSmartReference@@QAE@AAK@Z
-  - ??0CSmartResource@@QAE@AAVCResource@@E@Z
-  - ??0CStrList@@QAE@ABV0@@Z
-  - ??0CStrList@@QAE@KPAVIMemoryAllocator@@@Z
-  - ??0CSystemThread@@QAE@ABV0@@Z
-  - ??0CSystemThread@@QAE@K@Z
-  - ??0CUserFuncAdapterJob@@QAE@ABV0@@Z
-  - ??0CUserFuncAdapterJob@@QAE@P6GXPAX@Z0@Z
-  - ??0CWorkerThread@@IAE@PAVCWorkerThreadJobQueue@@@Z
-  - ??0CWorkerThread@@QAE@ABV0@@Z
-  - ??0CWorkerThreadJob@@QAE@ABV0@@Z
-  - ??0CWorkerThreadJob@@QAE@E@Z
-  - ??0CWorkerThreadJobQueue@@QAE@ABV0@@Z
-  - ??0CWorkerThreadJobQueue@@QAE@K@Z
-  - ??0CWorkerThreadPool@@QAE@ABV0@@Z
-  - ??0CWorkerThreadPool@@QAE@K@Z
-  - ??0IMemoryAllocator@@QAE@ABV0@@Z
-  - ??0IMemoryAllocator@@QAE@XZ
-  - ??1CAutoUpdateConfigThread@@UAE@XZ
-  - ??1CBlobConfig@@UAE@XZ
-  - ??1CContext@@UAE@XZ
-  - ??1CContextList@@UAE@XZ
-  - ??1CDebugLog@@UAE@XZ
-  - ??1CDelayLoadThread@@UAE@XZ
-  - ??1CExclusionExtConfig@@UAE@XZ
-  - ??1CExclusionFileNameConfig@@UAE@XZ
-  - ??1CExclusionFilePathConfig@@UAE@XZ
-  - ??1CExclusionFolderConfig@@UAE@XZ
-  - ??1CExclusionRegistryConfig@@UAE@XZ
-  - ??1CFile@@UAE@XZ
-  - ??1CFileExtension@@UAE@XZ
-  - ??1CInclusionExtConfig@@UAE@XZ
-  - ??1CInclusionFileNameConfig@@UAE@XZ
-  - ??1CInclusionFilePathConfig@@UAE@XZ
-  - ??1CInclusionFolderConfig@@UAE@XZ
-  - ??1CKEvent@@UAE@XZ
-  - ??1CList@@UAE@XZ
-  - ??1CLockEvent@@UAE@XZ
-  - ??1CLockList@@UAE@XZ
-  - ??1CMemoryAllocator@@UAE@XZ
-  - ??1CMemoryPoolAllocator@@UAE@XZ
-  - ??1CModuleConfig@@UAE@XZ
-  - ??1CModuleConfigList@@UAE@XZ
-  - ??1CModuleFileExtConfig@@UAE@XZ
-  - ??1CModuleFlagConfig@@UAE@XZ
-  - ??1CModuleMultiStringConfig@@UAE@XZ
-  - ??1CModuleStringConfig@@UAE@XZ
-  - ??1CNoLockList@@UAE@XZ
-  - ??1CSmartLock@@QAE@XZ
-  - ??1CSmartReference@@QAE@XZ
-  - ??1CSmartResource@@QAE@XZ
-  - ??1CStrList@@UAE@XZ
-  - ??1CSystemThread@@UAE@XZ
-  - ??1CUserFuncAdapterJob@@UAE@XZ
-  - ??1CWorkerThread@@UAE@XZ
-  - ??1CWorkerThreadJob@@UAE@XZ
-  - ??1CWorkerThreadJobQueue@@UAE@XZ
-  - ??1CWorkerThreadPool@@UAE@XZ
-  - ??1IMemoryAllocator@@UAE@XZ
-  - ??2@YAPAXIPAVIMemoryAllocator@@PBDK@Z
-  - ??2CMemoryAllocator@@SGPAXI@Z
-  - ??2CMemoryPoolAllocator@@SGPAXI@Z
-  - ??3@YAXPAX@Z
-  - ??3IMemoryAllocator@@SGXPAX@Z
-  - ??4CAutoUpdateConfigThread@@QAEAAV0@ABV0@@Z
-  - ??4CBlobConfig@@QAEAAV0@ABV0@@Z
-  - ??4CContext@@QAEAAV0@ABV0@@Z
-  - ??4CDebugLog@@QAEAAV0@ABV0@@Z
-  - ??4CDelayLoadThread@@QAEAAV0@ABV0@@Z
-  - ??4CFile@@QAEAAV0@ABV0@@Z
-  - ??4CKEvent@@QAEAAV0@ABV0@@Z
-  - ??4CLockEvent@@QAEAAV0@ABV0@@Z
-  - ??4CMemoryAllocator@@QAEAAV0@ABV0@@Z
-  - ??4CMemoryPoolAllocator@@QAEAAV0@ABV0@@Z
-  - ??4CModuleConfig@@QAEAAV0@ABV0@@Z
-  - ??4CModuleFlagConfig@@QAEAAV0@ABV0@@Z
-  - ??4CModuleStringConfig@@QAEAAV0@ABV0@@Z
-  - ??4CSmartLock@@QAEAAV0@ABV0@@Z
-  - ??4CSmartLock@@QAEABV0@AAVCLockEvent@@@Z
-  - ??4CSmartResource@@QAEAAV0@ABV0@@Z
-  - ??4CSystemThread@@QAEAAV0@ABV0@@Z
-  - ??4CUserFuncAdapterJob@@QAEAAV0@ABV0@@Z
-  - ??4CWorkerThread@@QAEAAV0@ABV0@@Z
-  - ??4CWorkerThreadJob@@QAEAAV0@ABV0@@Z
-  - ??4IMemoryAllocator@@QAEAAV0@ABV0@@Z
-  - ??_7CAutoUpdateConfigThread@@6B@
-  - ??_7CBlobConfig@@6B@
-  - ??_7CContext@@6B@
-  - ??_7CContextList@@6B@
-  - ??_7CDebugLog@@6B@
-  - ??_7CDelayLoadThread@@6B@
-  - ??_7CExclusionExtConfig@@6B@
-  - ??_7CExclusionFileNameConfig@@6B@
-  - ??_7CExclusionFilePathConfig@@6B@
-  - ??_7CExclusionFolderConfig@@6B@
-  - ??_7CExclusionRegistryConfig@@6B@
-  - ??_7CFile@@6B@
-  - ??_7CFileExtension@@6B@
-  - ??_7CInclusionExtConfig@@6B@
-  - ??_7CInclusionFileNameConfig@@6B@
-  - ??_7CInclusionFilePathConfig@@6B@
-  - ??_7CInclusionFolderConfig@@6B@
-  - ??_7CKEvent@@6B@
-  - ??_7CList@@6B@
-  - ??_7CLockEvent@@6B@
-  - ??_7CLockList@@6B@
-  - ??_7CMemoryAllocator@@6B@
-  - ??_7CMemoryPoolAllocator@@6B@
-  - ??_7CModuleConfig@@6B@
-  - ??_7CModuleConfigList@@6B@
-  - ??_7CModuleFileExtConfig@@6B@
-  - ??_7CModuleFlagConfig@@6B@
-  - ??_7CModuleMultiStringConfig@@6B@
-  - ??_7CModuleStringConfig@@6B@
-  - ??_7CNoLockList@@6B@
-  - ??_7CStrList@@6B@
-  - ??_7CSystemThread@@6B@
-  - ??_7CUserFuncAdapterJob@@6B@
-  - ??_7CWorkerThread@@6B@
-  - ??_7CWorkerThreadJob@@6B@
-  - ??_7CWorkerThreadJobQueue@@6B@
-  - ??_7CWorkerThreadPool@@6B@
-  - ??_7IMemoryAllocator@@6B@
-  - ??_FCContextList@@QAEXXZ
-  - ??_FCFile@@QAEXXZ
-  - ??_FCFileExtension@@QAEXXZ
-  - ??_FCModuleConfigList@@QAEXXZ
-  - ??_FCStrList@@QAEXXZ
-  - ??_FCSystemThread@@QAEXXZ
-  - ??_FCWorkerThread@@QAEXXZ
-  - ??_FCWorkerThreadJob@@QAEXXZ
-  - ??_FCWorkerThreadJobQueue@@QAEXXZ
-  - ??_U@YAPAXIPAVIMemoryAllocator@@PBDK@Z
-  - ??_V@YAXPAX@Z
-  - ?Acquire@CLockEvent@@QAEXXZ
-  - ?Add@CContextList@@QAEEPAVCContext@@@Z
-  - ?Add@CFileExtension@@QAEEPBGK@Z
-  - ?Add@CModuleConfigList@@QAEEPAVCModuleConfig@@@Z
-  - ?Add@CStrList@@QAEEPBG@Z
-  - ?AddNode@CLockList@@UAEEQAXE@Z
-  - ?AddNode@CNoLockList@@UAEEQAXE@Z
-  - ?Alloc@CMemoryAllocator@@UAEPAXKPBDK@Z
-  - ?Alloc@CMemoryPoolAllocator@@UAEPAXKPBDK@Z
-  - ?AllocBlock@CMemoryPoolAllocator@@IAEPAXK@Z
-  - ?AttachJobQueue@CWorkerThread@@QAEXPAVCWorkerThreadJobQueue@@@Z
-  - ?Cancel@CWorkerThreadJob@@QAEXXZ
-  - ?CheckNode@CLockList@@UAEHQAX@Z
-  - ?CheckNode@CNoLockList@@UAEHQAX@Z
-  - ?CleanQueue@CWorkerThreadJobQueue@@QAEXXZ
-  - ?Cleanup@CBlobConfig@@AAEXXZ
-  - ?Cleanup@CModuleFileExtConfig@@IAEXXZ
-  - ?Cleanup@CModuleMultiStringConfig@@IAEXXZ
-  - ?Cleanup@CModuleStringConfig@@AAEXXZ
-  - ?Close@CFile@@QAEJXZ
-  - ?Count@CLockList@@QAEKXZ
-  - ?Count@CNoLockList@@QAEKXZ
-  - ?Create@CFile@@QAEJPBGKKKK@Z
-  - ?Create@CSystemThread@@QAEEXZ
-  - ?CreateInstance@CMemoryAllocator@@SGPAV1@W4_POOL_TYPE@@K@Z
-  - ?CreateInstance@CMemoryPoolAllocator@@SGPAV1@W4_POOL_TYPE@@KKK@Z
-  - ?CreatePool@CWorkerThreadPool@@QAEEXZ
-  - ?CreateThreads@CWorkerThreadPool@@QAEEK@Z
-  - ?CreateWIRP@CFile@@QAEJPBGKKKK@Z
-  - ?Delete@CFile@@QAEJXZ
-  - ?Delete@CFileExtension@@QAEEPBGK@Z
-  - ?Delete@CStrList@@QAEEPBG@Z
-  - ?DeleteAll@CList@@UAEXXZ
-  - ?DeleteAll@CLockList@@UAEXXZ
-  - ?DeleteAll@CNoLockList@@UAEXXZ
-  - ?DeleteNode@CContextList@@MAEXPAX@Z
-  - ?DeleteNode@CList@@UAEXPAX@Z
-  - ?DeleteNode@CModuleConfigList@@MAEXPAX@Z
-  - ?DeleteNode@CStrList@@EAEXPAU_STR_LIST_NODE@1@@Z
-  - ?DisableWriteProtectFromCR0@@YGXPAPAX@Z
-  - ?DoIt@CWorkerThreadJob@@QAEJXZ
-  - ?EntryPoint@CSystemThread@@KGXPAX@Z
-  - ?Find@CContextList@@QAEPAVCContext@@K@Z
-  - ?Find@CContextList@@QAEPAVCContext@@PAX@Z
-  - ?Find@CFileExtension@@QAEPAU_STR_LIST_NODE@CStrList@@PBGK@Z
-  - ?Find@CModuleConfigList@@QAEPAVCModuleConfig@@K@Z
-  - ?Find@CStrList@@QAEPAU_STR_LIST_NODE@1@PBG@Z
-  - ?FindNode@CContextList@@IAEPAXPAX@Z
-  - ?FindPartiallyAndAllMatch@CStrList@@QAEPAU_STR_LIST_NODE@1@PBG@Z
-  - ?First@CList@@UAEPAXXZ
-  - ?First@CLockList@@UAEPAXXZ
-  - ?First@CNoLockList@@UAEPAXXZ
-  - ?Free@CMemoryAllocator@@UAEXPAX@Z
-  - ?Free@CMemoryPoolAllocator@@UAEXPAX@Z
-  - ?GetAttributes@CFile@@QAEKXZ
-  - ?GetBasicInfomration@CFile@@IAEJXZ
-  - ?GetBlobCofig@CContext@@UAEJKPAXPAK@Z
-  - ?GetCategory@CContext@@QAEKXZ
-  - ?GetData@CBlobConfig@@QAEHPAXPAK@Z
-  - ?GetData@CModuleFileExtConfig@@QAEHPAGPAK@Z
-  - ?GetData@CModuleFileExtConfig@@QAEPAVCFileExtension@@XZ
-  - ?GetData@CModuleFlagConfig@@QAEKXZ
-  - ?GetData@CModuleMultiStringConfig@@QAEHPAGPAK@Z
-  - ?GetData@CModuleMultiStringConfig@@QAEPAVCStrList@@XZ
-  - ?GetData@CModuleStringConfig@@QAEPAGXZ
-  - ?GetData@CStrList@@QAEEPAGPAK@Z
-  - ?GetDataType@CModuleConfig@@QAEKXZ
-  - ?GetEngineContext@CContext@@QAEPAXXZ
-  - ?GetFileExtensionConfig@CContext@@QAEPAVCFileExtension@@K@Z
-  - ?GetFileExtensionConfig@CContext@@UAEJKPAGPAK@Z
-  - ?GetFileSize@CFile@@QAEJPAT_LARGE_INTEGER@@@Z
-  - ?GetFlagConfig@CContext@@UAEJKPAK@Z
-  - ?GetID@CModuleConfig@@QAEKXZ
-  - ?GetJob@CWorkerThreadJobQueue@@QAEPAVCWorkerThreadJob@@XZ
-  - ?GetLength@CModuleStringConfig@@QAEKXZ
-  - ?GetLinkContext@CContext@@QAEPAXXZ
-  - ?GetLogFlag@CDebugLog@@QAEKXZ
-  - ?GetModuleId@CModuleConfig@@QAEKXZ
-  - ?GetMultiStringConfig@CContext@@QAEPAVCStrList@@K@Z
-  - ?GetMultiStringConfig@CContext@@UAEJKPAGPAK@Z
-  - ?GetOneThreadTEB@CWorkerThreadPool@@QAEPAU_ETHREAD@@XZ
-  - ?GetReportCallBackRoutine@CContext@@QAEKXZ
-  - ?GetSize@CBlobConfig@@QAEKXZ
-  - ?GetStringConfig@CContext@@QAEPAGK@Z
-  - ?GetStringConfig@CContext@@UAEJKPAGPAK@Z
-  - ?GetThreadCount@CWorkerThreadPool@@QAEKXZ
-  - ?GetThreadID@CSystemThread@@QAEKXZ
-  - ?GetType@CContext@@QAEKXZ
-  - ?GetUserParameter@CContext@@QAEKXZ
-  - ?InitializeBlobConfig@CContext@@QAEHKPAXK@Z
-  - ?InitializeFileExtensionConfig@CContext@@QAEHKPBG@Z
-  - ?InitializeFlagConfig@CContext@@QAEHKK@Z
-  - ?InitializeMultiStringConfig@CContext@@QAEHKPBG@Z
-  - ?InitializeStringConfig@CContext@@QAEHKPBG@Z
-  - ?Insert@CList@@UAEXQAXE@Z
-  - ?Insert@CLockList@@UAEXQAXE@Z
-  - ?Insert@CNoLockList@@UAEXQAXE@Z
-  - ?InsertAfter@CList@@UAEXPAX0@Z
-  - ?InsertBefore@CList@@UAEXPAX0@Z
-  - ?Instance@CWorkerThreadPool@@SGPAV1@XZ
-  - ?IsEmpty@CList@@UAEEXZ
-  - ?IsEmpty@CLockList@@UAEEXZ
-  - ?IsEmpty@CNoLockList@@UAEEXZ
-  - ?IsExceedLimitation@CMemoryPoolAllocator@@IAEEK@Z
-  - ?IsFull@CLockList@@QBEEXZ
-  - ?IsFull@CNoLockList@@QBEEXZ
-  - ?IsInExclusionList@CExclusionExtConfig@@QAEEPBG@Z
-  - ?IsInExclusionList@CExclusionFileNameConfig@@QAEEPBG@Z
-  - ?IsInExclusionList@CExclusionFilePathConfig@@QAEEPBG@Z
-  - ?IsInExclusionList@CExclusionFolderConfig@@QAEEPBG@Z
-  - ?IsInExclusionList@CExclusionRegistryConfig@@QAEEPBG@Z
-  - ?IsInInclusionList@CInclusionExtConfig@@QAEEPBG@Z
-  - ?IsInInclusionList@CInclusionFileNameConfig@@QAEEPBG@Z
-  - ?IsInInclusionList@CInclusionFilePathConfig@@QAEEPBG@Z
-  - ?IsInInclusionList@CInclusionFolderConfig@@QAEEPBG@Z
-  - ?IsOpened@CFile@@QAEEXZ
-  - ?IsTerminated@CWorkerThreadPool@@QAEEXZ
-  - ?IsValid@CMemoryAllocator@@UAEEXZ
-  - ?IsValid@CMemoryPoolAllocator@@UAEEXZ
-  - ?IsValid@IMemoryAllocator@@UAEEXZ
-  - ?IsWorkerThread@CWorkerThreadPool@@QAEEK@Z
-  - ?JobFunction@CUserFuncAdapterJob@@MAEXXZ
-  - ?JobQueue@CWorkerThreadPool@@QAEAAVCWorkerThreadJobQueue@@XZ
-  - ?Limit@CLockList@@QAEKXZ
-  - ?Limit@CNoLockList@@QAEKXZ
-  - ?MatchAllExtensions@CFileExtension@@QAEEXZ
-  - ?MatchNoExtensions@CFileExtension@@QAEEXZ
-  - ?MergeLeft@CMemoryPoolAllocator@@IAEPAXPAX@Z
-  - ?MergeRight@CMemoryPoolAllocator@@IAEPAXPAX@Z
-  - ?NeedDelete@CWorkerThreadJob@@QAEEXZ
-  - ?NeedDeleteWhenFinish@CWorkerThreadJob@@QAEXE@Z
-  - ?NewNode@CList@@UAEPAXXZ
-  - ?NewNode@CStrList@@EAEPAXXZ
-  - ?NewNodeVariant@CList@@IAEPAXK@Z
-  - ?Next@CList@@UBEPAXQAX@Z
-  - ?Next@CLockList@@UBEPAXQAX@Z
-  - ?Next@CNoLockList@@UBEPAXQAX@Z
-  - ?NextPool@CMemoryPoolAllocator@@QAEPAV1@XZ
-  - ?NotityTerminate@CWorkerThread@@QAEXXZ
-  - ?PostJobToWorkerThread@CWorkerThreadPool@@QAEJP6GXPAX@Z0E@Z
-  - ?Pulse@CKEvent@@QAEJJE@Z
-  - ?QueueJob@CWorkerThreadJobQueue@@QAEEPAVCWorkerThreadJob@@@Z
-  - ?QueueJobItem@CWorkerThreadPool@@QAEJPAVCWorkerThreadJob@@@Z
-  - ?RCMInstance@CWorkerThreadPool@@SGPAV1@XZ
-  - ?Read@CFile@@QAEJPADKPAK@Z
-  - ?ReferenceCount@CContext@@QAEAAKXZ
-  - ?Release@CLockEvent@@QAEXXZ
-  - ?Remove@CContextList@@UAEEQAX@Z
-  - ?Remove@CList@@UAEEQAX@Z
-  - ?Remove@CLockList@@UAEEQAX@Z
-  - ?Remove@CNoLockList@@UAEEQAX@Z
-  - ?RemoveHead@CList@@UAEPAXXZ
-  - ?RemoveHead@CLockList@@UAEPAXXZ
-  - ?RemoveHead@CNoLockList@@UAEPAXXZ
-  - ?RemoveTail@CList@@UAEPAXXZ
-  - ?RemoveTail@CLockList@@UAEPAXXZ
-  - ?RemoveTail@CNoLockList@@UAEPAXXZ
-  - ?Reset@CKEvent@@QAEXXZ
-  - ?ResetData@CInclusionExtConfig@@QAEXXZ
-  - ?ResetData@CInclusionFileNameConfig@@QAEXXZ
-  - ?ResetData@CInclusionFilePathConfig@@QAEXXZ
-  - ?ResetData@CInclusionFolderConfig@@QAEXXZ
-  - ?RestoreCR0@@YGXPAX@Z
-  - ?Run@CAutoUpdateConfigThread@@UAEXXZ
-  - ?Run@CDelayLoadThread@@UAEXXZ
-  - ?Run@CWorkerThread@@UAEXXZ
-  - ?SeekToEnd@CFile@@QAEJXZ
-  - ?Set@CKEvent@@QAEJJE@Z
-  - ?SetAttributes@CFile@@QAEJK@Z
-  - ?SetBlobCofig@CContext@@UAEJKPAXK@Z
-  - ?SetData@CBlobConfig@@QAEHPAXK@Z
-  - ?SetData@CModuleFileExtConfig@@QAEHPBG@Z
-  - ?SetData@CModuleFlagConfig@@QAEHK@Z
-  - ?SetData@CModuleMultiStringConfig@@QAEHPBGK@Z
-  - ?SetData@CModuleStringConfig@@QAEHPBG@Z
-  - ?SetEngineContext@CContext@@QAEXPAX@Z
-  - ?SetFileExtensionConfig@CContext@@UAEJKPBG@Z
-  - ?SetFlagConfig@CContext@@UAEJKK@Z
-  - ?SetLinkContext@CContext@@QAEXPAX@Z
-  - ?SetLogFlag@CDebugLog@@QAEEK@Z
-  - ?SetMatchAllExtensions@CFileExtension@@QAEXE@Z
-  - ?SetMatchNoExtensions@CFileExtension@@QAEXE@Z
-  - ?SetMultiStringConfig@CContext@@UAEJKPBG@Z
-  - ?SetNewJobItemEvent@CWorkerThreadJobQueue@@QAEXXZ
-  - ?SetPriority@CSystemThread@@QAEXK@Z
-  - ?SetStopUse@CContext@@QAEXXZ
-  - ?SetStringConfig@CContext@@UAEJKPBG@Z
-  - ?Setup@CSystemThread@@MAEXXZ
-  - ?StopUse@CContext@@QAEHXZ
-  - ?TearDown@CSystemThread@@MAEXXZ
-  - ?Terminate@CSystemThread@@QAEXE@Z
-  - ?Terminate@CWorkerThreadPool@@QAEEXZ
-  - ?TmExceptionFilter@@YGJPAU_EXCEPTION_POINTERS@@@Z
-  - ?Wait@CKEvent@@QAEJPAT_LARGE_INTEGER@@E@Z
-  - ?WaitFinish@CWorkerThreadJob@@QAEXXZ
-  - ?WaitForInit@CDelayLoadThread@@QAEEXZ
-  - ?WaitForLoad@CDelayLoadThread@@QAEEXZ
-  - ?WaitNewJobAvailable@CWorkerThreadJobQueue@@QAEEXZ
-  - ?Write@CDebugLog@@QAAXPBDZZ
-  - ?Write@CFile@@QAEJPADKPAT_LARGE_INTEGER@@PAK@Z
-  - ?WriteSystemInformation@CDebugLog@@QAEXXZ
-  - ?WriteSystemStringInformation@CDebugLog@@IAEXPBG@Z
-  - ?WriteToFile@CDebugLog@@IAEXPADK@Z
-  - ?_pNonPagedAllocator@@3PAVCMemoryAllocator@@A
-  - ?_pPagedAllocator@@3PAVCMemoryAllocator@@A
-  - ?m_lpInstance@CWorkerThreadPool@@1PAV1@A
-  - ?m_lpRCMInstance@CWorkerThreadPool@@1PAV1@A
-  - _DeInitKmLPC@0
-  - _GetModuleInfoByAddress@8
-  - _GetModuleInfoByModuleName@8
-  - _InitKmLPC@0
-  - _KmCallUm@8
-  - _KmCallUmEx@12
-  - _ModGetExportProcAddress@8
-  - _ModLoadDLLToBuffer@4
-  - _ModLoadDLLToBufferWithImageSize@8
-  - _ModLoadModule@8
-  - _ModUnLoadModule@4
-  - _NormalizeFileName@4
-  - _NormalizeFullNtPathToDosName@4
-  - _TmCommConfigRoutine@4
-  - _UtilAddDeviceInDriveTable@4
-  - _UtilCleanFileReadOnly@4
-  - _UtilDeleteFileForce@4
-  - _UtilGetFileObjectForProcessByEPROC@8
-  - _UtilGetFileObjectFromFileName@12
-  - _UtilGetProcessName@12
-  - _UtilGetSystemDirectory@4
-  - _UtilGetSystemDirectoryEx@0
-  - _UtilGetSystemDirectoryLength@0
-  - _UtilGetSystemTime@4
-  - _UtilIoSetFileInfo@24
-  - _UtilIopCreateFileIRP@40
-  - _UtilKeGetLowFileDevice@16
-  - _UtilModuleIATHook@24
-  - _UtilModuleIATUnHook@8
-  - _UtilQueryKeyValue@24
-  - _UtilRemoveDeviceFromDriveTable@4
-  - _UtilVolumeDeviceToDosName@8
-  - _UtilWaitValueChangeToZero@8
-  - _UtilWriteVersionToRegistry@8
-  - _UtilbuildDynamicDiskMappingTable@0
-  - _UtlWriteBinValueKeyToRegistry@16
-  - __UtilDosPathNameToNtPathName@12
-  ImportedFunctions:
-  - wcsrchr
-  - KeSetEvent
-  - KePulseEvent
-  - KeClearEvent
-  - KeInitializeSemaphore
-  - KeWaitForSingleObject
-  - KeReleaseSemaphore
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - RtlSubAuthoritySid
-  - RtlInitializeSid
-  - ExAllocatePoolWithTag
-  - RtlLengthRequiredSid
-  - ExFreePoolWithTag
-  - RtlSetDaclSecurityDescriptor
-  - RtlCreateSecurityDescriptor
-  - RtlAddAccessAllowedAce
-  - RtlCreateAcl
-  - ObfDereferenceObject
-  - ZwSetEvent
-  - ZwClose
-  - ZwRequestWaitReplyPort
-  - ProbeForWrite
-  - ZwFreeVirtualMemory
-  - ZwAllocateVirtualMemory
-  - ObOpenObjectByPointer
-  - PsProcessType
-  - memmove
-  - ZwConnectPort
-  - RtlInitUnicodeString
-  - RtlUnicodeStringToInteger
-  - ZwCreateSection
-  - ZwWaitForSingleObject
-  - ZwOpenEvent
-  - ObfReferenceObject
-  - IoGetCurrentProcess
-  - DbgBreakPoint
-  - PsGetProcessExitTime
-  - MmSectionObjectType
-  - DbgPrint
-  - memset
-  - MmIsAddressValid
-  - ExInitializeResourceLite
-  - ExDeleteResourceLite
-  - ZwWriteFile
-  - ZwReadFile
-  - ZwQueryInformationFile
-  - ZwSetInformationFile
-  - ZwCreateFile
-  - swprintf
-  - towupper
-  - _wcsnicmp
-  - KeInitializeEvent
-  - _snprintf
-  - PsGetCurrentProcessId
-  - RtlTimeToTimeFields
-  - ExSystemTimeToLocalTime
-  - KeQuerySystemTime
-  - ZwCreateKey
-  - ZwCreateEvent
-  - KeWaitForMultipleObjects
-  - ObReferenceObjectByHandle
-  - ZwNotifyChangeKey
-  - PsGetCurrentThreadId
-  - _vsnprintf
-  - KeSetPriorityThread
-  - PsTerminateSystemThread
-  - PsCreateSystemThread
-  - KeNumberProcessors
-  - ZwQueryInformationProcess
-  - PsLookupProcessByProcessId
-  - KeDelayExecutionThread
-  - ZwOpenDirectoryObject
-  - PsSetCreateProcessNotifyRoutine
-  - ZwQuerySystemInformation
-  - ZwQueryDirectoryFile
-  - ZwQueryDirectoryObject
-  - ZwDuplicateObject
-  - ZwOpenKey
-  - ZwEnumerateKey
-  - ZwEnumerateValueKey
-  - ZwQueryValueKey
-  - ZwDeleteValueKey
-  - ZwDeleteKey
-  - ExGetPreviousMode
-  - ZwTerminateProcess
-  - ZwOpenProcess
-  - ZwQueryKey
-  - ZwSetValueKey
-  - MmHighestUserAddress
-  - IoFreeIrp
-  - memcpy
-  - MmUnlockPages
-  - IoBuildAsynchronousFsdRequest
-  - _strnicmp
-  - RtlQueryRegistryValues
-  - RtlAppendUnicodeToString
-  - mbstowcs
-  - _purecall
-  - ZwOpenSymbolicLinkObject
-  - NtClose
-  - ZwSetInformationObject
-  - _stricmp
-  - ZwUnmapViewOfSection
-  - ZwMapViewOfSection
-  - ZwOpenFile
-  - RtlEqualUnicodeString
-  - IoFileObjectType
-  - IoCreateFile
-  - IofCallDriver
-  - IoAllocateIrp
-  - MmBuildMdlForNonPagedPool
-  - IoAllocateMdl
-  - ProbeForRead
-  - PsGetVersion
-  - MmGetSystemRoutineAddress
-  - RtlCopyUnicodeString
-  - RtlCompareMemory
-  - _snwprintf
-  - RtlImageNtHeader
-  - RtlFreeUnicodeString
-  - RtlAnsiStringToUnicodeString
-  - RtlInitAnsiString
-  - strrchr
-  - ZwQueryVolumeInformationFile
-  - ObReferenceObjectByPointer
-  - ObQueryNameString
-  - IoBuildDeviceIoControlRequest
-  - IofCompleteRequest
-  - ExEventObjectType
-  - _allmul
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - IoCreateSymbolicLink
-  - IoGetDeviceObjectPointer
-  - RtlUpperChar
-  - RtlCompareUnicodeString
-  - strncpy
-  - KeServiceDescriptorTable
-  - NtOpenProcess
-  - ObOpenObjectByName
-  - IoDriverObjectType
-  - RtlAppendUnicodeStringToString
-  - strncmp
-  - NtQueryInformationProcess
-  - PsIsThreadTerminating
-  - PsThreadType
-  - KeAddSystemServiceTable
-  - ZwQueryObject
-  - ZwQuerySecurityObject
-  - ObInsertObject
-  - _allrem
-  - IoReleaseVpbSpinLock
-  - IoAcquireVpbSpinLock
-  - SeCreateAccessState
-  - IoGetFileObjectGenericMapping
-  - RtlUpcaseUnicodeString
-  - ObCreateObject
-  - _allshr
-  - ExInterlockedPopEntrySList
-  - IoGetStackLimits
-  - IoBuildSynchronousFsdRequest
-  - MmSystemRangeStart
-  - IoUnregisterPlugPlayNotification
-  - FsRtlIsNameInExpression
-  - wcsstr
-  - IoGetConfigurationInformation
-  - MmProbeAndLockPages
-  - IoGetDeviceInterfaces
-  - IoRegisterPlugPlayNotification
-  - ExAllocatePool
-  - RtlFreeAnsiString
-  - RtlUnicodeStringToAnsiString
-  - strncat
-  - wcschr
-  - wcsncat
-  - KeCancelTimer
-  - KeSetTimerEx
-  - KeInitializeTimer
-  - wcstombs
-  - KeTickCount
-  - KeBugCheckEx
-  - RtlUnwind
-  - wcsncpy
-  - ExReleaseResourceLite
-  - ExAcquireResourceExclusiveLite
-  - ExAcquireResourceSharedLite
-  - ExReleaseFastMutexUnsafe
-  - KeLeaveCriticalRegion
-  - KeEnterCriticalRegion
-  - IoFreeMdl
-  - ExAcquireFastMutexUnsafe
-  - ZwSetSecurityObject
-  - IoDeviceObjectType
-  - IoCreateDevice
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetSaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - RtlLengthSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - SeExports
-  - IoIsWdmVersionAvailable
-  - RtlLengthSid
-  - RtlAbsoluteToSelfRelativeSD
-  - ZwQuerySymbolicLinkObject
-  - KeGetCurrentThread
-  - KfAcquireSpinLock
-  - KfReleaseSpinLock
-  - KeRaiseIrqlToDpcLevel
-  - KfLowerIrql
-  - KeGetCurrentIrql
-  - ExAcquireFastMutex
-  - ExReleaseFastMutex
-  - KfRaiseIrql
-  - ClassInitialize
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G3
-      ValidFrom: '2012-05-01 00:00:00'
-      ValidTo: '2012-12-31 23:59:59'
-      Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
-      Version: 3
-      TBS:
-        MD5: e6d820afb23af20a65cf0b03247ea05e
-        SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
-        SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
-        SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-09-30 00:00:00'
-      ValidTo: '2014-01-01 23:59:59'
-      Signature: aedd211d5f8f807ad25209eadb6ed25d8be8c21b6904be51a5010e59fa37d174a3eedced89742b62d5a6bf4fad361754f013e0a345d24c26cbe26da21fd01e7a070fb6b37b6f5068a2e931b3b7997d8070a0a7de0b1ea4fff34d811bdd20c91cc4afcff18ffad9da95f0ecdc5cbfe88c5a3e7ab0a3eb59437411e09b1a6af36f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4d6290e58c54f0f1eb17341a1310e6a4
-      Version: 3
-      TBS:
-        MD5: b7d8444a70054990435f35a5630df5e1
-        SHA1: 4678c6e4a8787a8e6ed2bce8792b122f6c08afd8
-        SHA256: 0a8b4b359ea7890b358e56e436e9cfc6f32b037b2599b597ca7f7a80d475ec98
-        SHA384: ab21ee23bcdcf6f6066fb964d61467419ca8c0f3ad0b3fa2be4db6ed6af1cdff066b27d1988551c75836f22eddffef1f
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=TW, ST=Taiwan, L=Taipei, O=Trend Micro, Inc., OU=Digital ID Class
-        3 , Microsoft Software Validation v2, OU=RD, CN=Trend Micro, Inc.
-      ValidFrom: '2011-12-27 00:00:00'
-      ValidTo: '2013-02-15 23:59:59'
-      Signature: 840ba0fc35187fe2edc7b17c101fd2bf035bbad8f3de048e250741e96a3f4ecee86f1f065ea76f2f8f430a13a75ff3eab29a8b11a13006d27bf3173fa49aabf9cef98fc4554f1732317c4b821c740eb58a91977d85e86574dd712718b15d24f7eb88b6d4520aef788478e1ef8cebd7fff06fadbc87ca6ca2b77da85be3c30b4d590bcb8945a0acfa013f89073933494d9c465c0036280a5af39f6802e60bd175a2603366dd935cb3458b1791411a06b6e5f38e3171de4238051c79b33117cb94674d0625c402bdfb0f99b80625dc0f827911c6c11263884a4e41d1abf60070ad46b7296e19e1cfcda7304a650d7a814319cc11e5a947e82b2d00a169e798b871
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 6326c00ead256b6837eeb29b5ee84720
-      Version: 3
-      TBS:
-        MD5: 11b208a45459069f827186fe81c6badd
-        SHA1: 456356986e8ecbb7b05e4617d37cb8cd69ce4969
-        SHA256: 4a0336d7ffa5db42ece4b342e1244f5c2bd0681827f68f847d99195c83740145
-        SHA384: 8a5edd0f475b19f4667fde62ee69bbe81a130ddad07ff7cbeb16d4bd9bddd3aa1e59f2469cc15c01e8889e01b048778d
-    Signer:
-    - SerialNumber: 6326c00ead256b6837eeb29b5ee84720
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 03cc0cf6cc93ab1faa8dd44481e28703
-    SHA1: 7c749d49c0677c330200d6fcd0e2da5232be0970
-    SHA256: 8ff0549239941077a9cfd73a1d1e0ca0a20d4df41e2b9d249e6115f9bc1857b4
-  Sections:
-    .text:
-      Entropy: 6.6583207542592655
-      Virtual Size: '0x2e594'
-    .rdata:
-      Entropy: 4.705135847053364
-      Virtual Size: '0x1cec'
-    .data:
-      Entropy: 4.493079171005889
-      Virtual Size: '0x271c'
-    PAGE:
-      Entropy: 6.211668374305894
-      Virtual Size: '0x13dd'
-    .edata:
-      Entropy: 5.851455994455444
-      Virtual Size: '0x4c13'
-    INIT:
-      Entropy: 5.69306663400132
-      Virtual Size: '0x15da'
-    .rsrc:
-      Entropy: 3.4183381525203025
-      Virtual Size: '0x778'
-    .reloc:
-      Entropy: 6.567369227688049
-      Virtual Size: '0x2b36'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2012-06-05 01:36:19'
-  Imphash: 2e9ef79ea88178e29516dfa435a58900
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: TmComm.sys
-  MD5: e28ce623e3e5fa1d2fe16c721efad4c2
-  SHA1: 4cd5bf02edf6883a08dfed7702267612e21ed56e
-  SHA256: dbc604b4e01362a3e51357af4a87686834fe913852a4e0a8c0d4c1a0f7d076ed
-  Authentihash:
-    MD5: ae1b6ea856ae1be7cf1929618e5d78ad
-    SHA1: 93d07ce0258ae8595833b8c5c6aee14b1a210405
-    SHA256: 6d6fe20c9f7ccfe723bf7feecb5acf773a85cb61286452dc4001589f82b1a424
-  Description: TrendMicro Common Module
-  Company: Trend Micro Inc.
-  InternalName: TmComm.sys
-  OriginalFilename: TmComm.sys
-  FileVersion: 6.50.0.1041
-  Product: Trend Micro Eyes
-  ProductVersion: '6.50'
-  Copyright: Copyright (C) 2014 Trend Micro Incorporated. All rights reserved.
-  MachineType: I386
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  - CLASSPNP.SYS
-  ExportedFunctions:
-  - ??0CAutoUpdateConfigThread@@QAE@ABV0@@Z
-  - ??0CAutoUpdateConfigThread@@QAE@PAU_UNICODE_STRING@@P6GX0PAX@Z1@Z
-  - ??0CBlobConfig@@QAE@ABV0@@Z
-  - ??0CBlobConfig@@QAE@K@Z
-  - ??0CContext@@QAE@ABV0@@Z
-  - ??0CContext@@QAE@KP6GJPAU_EVENT_REPORT@@PAXPAU_TMCE_REPORT@@PAU_TMCE_FEEDBACK@@@Z1K@Z
-  - ??0CContextList@@QAE@ABV0@@Z
-  - ??0CContextList@@QAE@KPAVIMemoryAllocator@@@Z
-  - ??0CDebugLog@@QAE@ABV0@@Z
-  - ??0CDebugLog@@QAE@PBG@Z
-  - ??0CDebugLogEx@@QAE@ABV0@@Z
-  - ??0CDebugLogEx@@QAE@K@Z
-  - ??0CDelayLoadThread@@QAE@ABV0@@Z
-  - ??0CDelayLoadThread@@QAE@XZ
-  - ??0CExclusionExtConfig@@QAE@ABV0@@Z
-  - ??0CExclusionExtConfig@@QAE@KKE@Z
-  - ??0CExclusionFileNameConfig@@QAE@ABV0@@Z
-  - ??0CExclusionFileNameConfig@@QAE@KK@Z
-  - ??0CExclusionFilePathConfig@@QAE@ABV0@@Z
-  - ??0CExclusionFilePathConfig@@QAE@KK@Z
-  - ??0CExclusionFolderConfig@@QAE@ABV0@@Z
-  - ??0CExclusionFolderConfig@@QAE@KK@Z
-  - ??0CExclusionRegistryConfig@@QAE@ABV0@@Z
-  - ??0CExclusionRegistryConfig@@QAE@KK@Z
-  - ??0CFile@@QAE@ABV0@@Z
-  - ??0CFile@@QAE@E@Z
-  - ??0CFileExtension@@QAE@ABV0@@Z
-  - ??0CFileExtension@@QAE@KEEPAVIMemoryAllocator@@@Z
-  - ??0CInclusionExtConfig@@QAE@ABV0@@Z
-  - ??0CInclusionExtConfig@@QAE@KKE@Z
-  - ??0CInclusionFileNameConfig@@QAE@ABV0@@Z
-  - ??0CInclusionFileNameConfig@@QAE@KK@Z
-  - ??0CInclusionFilePathConfig@@QAE@ABV0@@Z
-  - ??0CInclusionFilePathConfig@@QAE@KK@Z
-  - ??0CInclusionFolderConfig@@QAE@ABV0@@Z
-  - ??0CInclusionFolderConfig@@QAE@KK@Z
-  - ??0CKEvent@@QAE@ABV0@@Z
-  - ??0CKEvent@@QAE@W4_EVENT_TYPE@@E@Z
-  - ??0CList@@QAE@ABV0@@Z
-  - ??0CList@@QAE@KPAVIMemoryAllocator@@@Z
-  - ??0CLockEvent@@QAE@ABV0@@Z
-  - ??0CLockEvent@@QAE@XZ
-  - ??0CLockList@@QAE@ABV0@@Z
-  - ??0CLockList@@QAE@KKPAVIMemoryAllocator@@@Z
-  - ??0CMemoryAllocator@@IAE@W4_POOL_TYPE@@K@Z
-  - ??0CMemoryAllocator@@QAE@ABV0@@Z
-  - ??0CMemoryPoolAllocator@@IAE@W4_POOL_TYPE@@KKK@Z
-  - ??0CMemoryPoolAllocator@@QAE@ABV0@@Z
-  - ??0CModuleConfig@@QAE@ABV0@@Z
-  - ??0CModuleConfig@@QAE@XZ
-  - ??0CModuleConfigList@@QAE@ABV0@@Z
-  - ??0CModuleConfigList@@QAE@KPAVIMemoryAllocator@@@Z
-  - ??0CModuleFileExtConfig@@QAE@ABV0@@Z
-  - ??0CModuleFileExtConfig@@QAE@KKE@Z
-  - ??0CModuleFlagConfig@@QAE@ABV0@@Z
-  - ??0CModuleFlagConfig@@QAE@K@Z
-  - ??0CModuleMultiStringConfig@@QAE@ABV0@@Z
-  - ??0CModuleMultiStringConfig@@QAE@KK@Z
-  - ??0CModuleStringConfig@@QAE@ABV0@@Z
-  - ??0CModuleStringConfig@@QAE@K@Z
-  - ??0CNoLockList@@QAE@ABV0@@Z
-  - ??0CNoLockList@@QAE@KKPAVIMemoryAllocator@@@Z
-  - ??0CSmartLock@@QAE@AAVCLockEvent@@@Z
-  - ??0CSmartLock@@QAE@XZ
-  - ??0CSmartReference@@QAE@AAJ@Z
-  - ??0CSmartReference@@QAE@AAK@Z
-  - ??0CSmartResource@@QAE@AAVCResource@@E@Z
-  - ??0CStrList@@QAE@ABV0@@Z
-  - ??0CStrList@@QAE@KPAVIMemoryAllocator@@@Z
-  - ??0CSystemThread@@QAE@ABV0@@Z
-  - ??0CSystemThread@@QAE@K@Z
-  - ??0CUserFuncAdapterJob@@QAE@ABV0@@Z
-  - ??0CUserFuncAdapterJob@@QAE@P6GXPAX@Z01@Z
-  - ??0CWorkerThread@@IAE@PAVCWorkerThreadJobQueue@@@Z
-  - ??0CWorkerThread@@QAE@ABV0@@Z
-  - ??0CWorkerThreadJob@@QAE@ABV0@@Z
-  - ??0CWorkerThreadJob@@QAE@E@Z
-  - ??0CWorkerThreadJobQueue@@QAE@ABV0@@Z
-  - ??0CWorkerThreadJobQueue@@QAE@K@Z
-  - ??0CWorkerThreadPool@@QAE@ABV0@@Z
-  - ??0CWorkerThreadPool@@QAE@K@Z
-  - ??0CWorkerThreadPoolEx@@QAE@ABV0@@Z
-  - ??0CWorkerThreadPoolEx@@QAE@KK@Z
-  - ??0IMemoryAllocator@@QAE@ABV0@@Z
-  - ??0IMemoryAllocator@@QAE@XZ
-  - ??1CAutoUpdateConfigThread@@UAE@XZ
-  - ??1CBlobConfig@@UAE@XZ
-  - ??1CContext@@UAE@XZ
-  - ??1CContextList@@UAE@XZ
-  - ??1CDebugLog@@UAE@XZ
-  - ??1CDebugLogEx@@UAE@XZ
-  - ??1CDelayLoadThread@@UAE@XZ
-  - ??1CExclusionExtConfig@@UAE@XZ
-  - ??1CExclusionFileNameConfig@@UAE@XZ
-  - ??1CExclusionFilePathConfig@@UAE@XZ
-  - ??1CExclusionFolderConfig@@UAE@XZ
-  - ??1CExclusionRegistryConfig@@UAE@XZ
-  - ??1CFile@@UAE@XZ
-  - ??1CFileExtension@@UAE@XZ
-  - ??1CInclusionExtConfig@@UAE@XZ
-  - ??1CInclusionFileNameConfig@@UAE@XZ
-  - ??1CInclusionFilePathConfig@@UAE@XZ
-  - ??1CInclusionFolderConfig@@UAE@XZ
-  - ??1CKEvent@@UAE@XZ
-  - ??1CList@@UAE@XZ
-  - ??1CLockEvent@@UAE@XZ
-  - ??1CLockList@@UAE@XZ
-  - ??1CMemoryAllocator@@UAE@XZ
-  - ??1CMemoryPoolAllocator@@UAE@XZ
-  - ??1CModuleConfig@@UAE@XZ
-  - ??1CModuleConfigList@@UAE@XZ
-  - ??1CModuleFileExtConfig@@UAE@XZ
-  - ??1CModuleFlagConfig@@UAE@XZ
-  - ??1CModuleMultiStringConfig@@UAE@XZ
-  - ??1CModuleStringConfig@@UAE@XZ
-  - ??1CNoLockList@@UAE@XZ
-  - ??1CSmartLock@@QAE@XZ
-  - ??1CSmartReference@@QAE@XZ
-  - ??1CSmartResource@@QAE@XZ
-  - ??1CStrList@@UAE@XZ
-  - ??1CSystemThread@@UAE@XZ
-  - ??1CUserFuncAdapterJob@@UAE@XZ
-  - ??1CWorkerThread@@UAE@XZ
-  - ??1CWorkerThreadJob@@UAE@XZ
-  - ??1CWorkerThreadJobQueue@@UAE@XZ
-  - ??1CWorkerThreadPool@@UAE@XZ
-  - ??1CWorkerThreadPoolEx@@UAE@XZ
-  - ??1IMemoryAllocator@@UAE@XZ
-  - ??2@YAPAXIPAVIMemoryAllocator@@PBDK@Z
-  - ??2CMemoryAllocator@@SGPAXI@Z
-  - ??2CMemoryPoolAllocator@@SGPAXI@Z
-  - ??3@YAXPAX@Z
-  - ??3IMemoryAllocator@@SGXPAX@Z
-  - ??4CAutoUpdateConfigThread@@QAEAAV0@ABV0@@Z
-  - ??4CBlobConfig@@QAEAAV0@ABV0@@Z
-  - ??4CContext@@QAEAAV0@ABV0@@Z
-  - ??4CDebugLog@@QAEAAV0@ABV0@@Z
-  - ??4CDebugLogEx@@QAEAAV0@ABV0@@Z
-  - ??4CDelayLoadThread@@QAEAAV0@ABV0@@Z
-  - ??4CFile@@QAEAAV0@ABV0@@Z
-  - ??4CKEvent@@QAEAAV0@ABV0@@Z
-  - ??4CLockEvent@@QAEAAV0@ABV0@@Z
-  - ??4CMemoryAllocator@@QAEAAV0@ABV0@@Z
-  - ??4CMemoryPoolAllocator@@QAEAAV0@ABV0@@Z
-  - ??4CModuleConfig@@QAEAAV0@ABV0@@Z
-  - ??4CModuleFlagConfig@@QAEAAV0@ABV0@@Z
-  - ??4CModuleStringConfig@@QAEAAV0@ABV0@@Z
-  - ??4CSmartLock@@QAEAAV0@ABV0@@Z
-  - ??4CSmartLock@@QAEABV0@AAVCLockEvent@@@Z
-  - ??4CSmartResource@@QAEAAV0@ABV0@@Z
-  - ??4CSystemThread@@QAEAAV0@ABV0@@Z
-  - ??4CUserFuncAdapterJob@@QAEAAV0@ABV0@@Z
-  - ??4CWorkerThread@@QAEAAV0@ABV0@@Z
-  - ??4CWorkerThreadJob@@QAEAAV0@ABV0@@Z
-  - ??4IMemoryAllocator@@QAEAAV0@ABV0@@Z
-  - ??_7CAutoUpdateConfigThread@@6B@
-  - ??_7CBlobConfig@@6B@
-  - ??_7CContext@@6B@
-  - ??_7CContextList@@6B@
-  - ??_7CDebugLog@@6B@
-  - ??_7CDebugLogEx@@6B@
-  - ??_7CDelayLoadThread@@6B@
-  - ??_7CExclusionExtConfig@@6B@
-  - ??_7CExclusionFileNameConfig@@6B@
-  - ??_7CExclusionFilePathConfig@@6B@
-  - ??_7CExclusionFolderConfig@@6B@
-  - ??_7CExclusionRegistryConfig@@6B@
-  - ??_7CFile@@6B@
-  - ??_7CFileExtension@@6B@
-  - ??_7CInclusionExtConfig@@6B@
-  - ??_7CInclusionFileNameConfig@@6B@
-  - ??_7CInclusionFilePathConfig@@6B@
-  - ??_7CInclusionFolderConfig@@6B@
-  - ??_7CKEvent@@6B@
-  - ??_7CList@@6B@
-  - ??_7CLockEvent@@6B@
-  - ??_7CLockList@@6B@
-  - ??_7CMemoryAllocator@@6B@
-  - ??_7CMemoryPoolAllocator@@6B@
-  - ??_7CModuleConfig@@6B@
-  - ??_7CModuleConfigList@@6B@
-  - ??_7CModuleFileExtConfig@@6B@
-  - ??_7CModuleFlagConfig@@6B@
-  - ??_7CModuleMultiStringConfig@@6B@
-  - ??_7CModuleStringConfig@@6B@
-  - ??_7CNoLockList@@6B@
-  - ??_7CStrList@@6B@
-  - ??_7CSystemThread@@6B@
-  - ??_7CUserFuncAdapterJob@@6B@
-  - ??_7CWorkerThread@@6B@
-  - ??_7CWorkerThreadJob@@6B@
-  - ??_7CWorkerThreadJobQueue@@6B@
-  - ??_7CWorkerThreadPool@@6B@
-  - ??_7CWorkerThreadPoolEx@@6B@
-  - ??_7IMemoryAllocator@@6B@
-  - ??_FCContextList@@QAEXXZ
-  - ??_FCFile@@QAEXXZ
-  - ??_FCFileExtension@@QAEXXZ
-  - ??_FCModuleConfigList@@QAEXXZ
-  - ??_FCStrList@@QAEXXZ
-  - ??_FCSystemThread@@QAEXXZ
-  - ??_FCWorkerThread@@QAEXXZ
-  - ??_FCWorkerThreadJob@@QAEXXZ
-  - ??_FCWorkerThreadJobQueue@@QAEXXZ
-  - ??_U@YAPAXIPAVIMemoryAllocator@@PBDK@Z
-  - ??_V@YAXPAX@Z
-  - ?Acquire@CLockEvent@@QAEXXZ
-  - ?Add@CContextList@@QAEEPAVCContext@@@Z
-  - ?Add@CFileExtension@@QAEEPBGK@Z
-  - ?Add@CModuleConfigList@@QAEEPAVCModuleConfig@@@Z
-  - ?Add@CStrList@@QAEEPBG@Z
-  - ?AddNode@CLockList@@UAEEQAXE@Z
-  - ?AddNode@CNoLockList@@UAEEQAXE@Z
-  - ?Alloc@CMemoryAllocator@@UAEPAXKPBDK@Z
-  - ?Alloc@CMemoryPoolAllocator@@UAEPAXKPBDK@Z
-  - ?AllocBlock@CMemoryPoolAllocator@@IAEPAXK@Z
-  - ?AttachJobQueue@CWorkerThread@@QAEXPAVCWorkerThreadJobQueue@@@Z
-  - ?Cancel@CWorkerThreadJob@@QAEXXZ
-  - ?CheckNode@CLockList@@UAEHQAX@Z
-  - ?CheckNode@CNoLockList@@UAEHQAX@Z
-  - ?CleanQueue@CWorkerThreadJobQueue@@QAEXXZ
-  - ?Cleanup@CBlobConfig@@AAEXXZ
-  - ?Cleanup@CModuleFileExtConfig@@IAEXXZ
-  - ?Cleanup@CModuleMultiStringConfig@@IAEXXZ
-  - ?Cleanup@CModuleStringConfig@@AAEXXZ
-  - ?Close@CFile@@QAEJXZ
-  - ?Count@CLockList@@QAEKXZ
-  - ?Count@CNoLockList@@QAEKXZ
-  - ?Create@CFile@@QAEJPBGKKKK@Z
-  - ?Create@CSystemThread@@QAEEXZ
-  - ?CreateInstance@CMemoryAllocator@@SGPAV1@W4_POOL_TYPE@@K@Z
-  - ?CreateInstance@CMemoryPoolAllocator@@SGPAV1@W4_POOL_TYPE@@KKK@Z
-  - ?CreatePool@CWorkerThreadPool@@QAEEXZ
-  - ?CreatePool@CWorkerThreadPoolEx@@QAEEXZ
-  - ?CreateThreads@CWorkerThreadPool@@QAEEK@Z
-  - ?CreateThreads@CWorkerThreadPoolEx@@QAEEK@Z
-  - ?CreateWIRP@CFile@@QAEJPBGKKKK@Z
-  - ?Delete@CFile@@QAEJXZ
-  - ?Delete@CFileExtension@@QAEEPBGK@Z
-  - ?Delete@CStrList@@QAEEPBG@Z
-  - ?DeleteAll@CList@@UAEXXZ
-  - ?DeleteAll@CLockList@@UAEXXZ
-  - ?DeleteAll@CNoLockList@@UAEXXZ
-  - ?DeleteNode@CContextList@@MAEXPAX@Z
-  - ?DeleteNode@CList@@UAEXPAX@Z
-  - ?DeleteNode@CModuleConfigList@@MAEXPAX@Z
-  - ?DeleteNode@CStrList@@EAEXPAU_STR_LIST_NODE@1@@Z
-  - ?DisableWriteProtectFromCR0@@YGXPAPAX@Z
-  - ?DoIt@CWorkerThreadJob@@QAEJXZ
-  - ?EntryPoint@CSystemThread@@KGXPAX@Z
-  - ?Find@CContextList@@QAEPAVCContext@@K@Z
-  - ?Find@CContextList@@QAEPAVCContext@@PAX@Z
-  - ?Find@CFileExtension@@QAEPAU_STR_LIST_NODE@CStrList@@PBGK@Z
-  - ?Find@CModuleConfigList@@QAEPAVCModuleConfig@@K@Z
-  - ?Find@CStrList@@QAEPAU_STR_LIST_NODE@1@PBG@Z
-  - ?FindNode@CContextList@@IAEPAXPAX@Z
-  - ?FindPartiallyAndAllMatch@CStrList@@QAEPAU_STR_LIST_NODE@1@PBG@Z
-  - ?FinishFunction@CUserFuncAdapterJob@@MAEXXZ
-  - ?FinishIt@CWorkerThreadJob@@QAEJXZ
-  - ?First@CList@@UAEPAXXZ
-  - ?First@CLockList@@UAEPAXXZ
-  - ?First@CNoLockList@@UAEPAXXZ
-  - ?Free@CMemoryAllocator@@UAEXPAX@Z
-  - ?Free@CMemoryPoolAllocator@@UAEXPAX@Z
-  - ?GetAttributes@CFile@@QAEKXZ
-  - ?GetBasicInfomration@CFile@@IAEJXZ
-  - ?GetBlobCofig@CContext@@UAEJKPAXPAK@Z
-  - ?GetCategory@CContext@@QAEKXZ
-  - ?GetData@CBlobConfig@@QAEHPAXPAK@Z
-  - ?GetData@CModuleFileExtConfig@@QAEHPAGPAK@Z
-  - ?GetData@CModuleFileExtConfig@@QAEPAVCFileExtension@@XZ
-  - ?GetData@CModuleFlagConfig@@QAEKXZ
-  - ?GetData@CModuleMultiStringConfig@@QAEHPAGPAK@Z
-  - ?GetData@CModuleMultiStringConfig@@QAEPAVCStrList@@XZ
-  - ?GetData@CModuleStringConfig@@QAEPAGXZ
-  - ?GetData@CStrList@@QAEEPAGPAK@Z
-  - ?GetDataType@CModuleConfig@@QAEKXZ
-  - ?GetEngineContext@CContext@@QAEPAXXZ
-  - ?GetFileExtensionConfig@CContext@@QAEPAVCFileExtension@@K@Z
-  - ?GetFileExtensionConfig@CContext@@UAEJKPAGPAK@Z
-  - ?GetFileSize@CFile@@QAEJPAT_LARGE_INTEGER@@@Z
-  - ?GetFileSizeWIRP@CFile@@QAEJPAT_LARGE_INTEGER@@@Z
-  - ?GetFlagConfig@CContext@@UAEJKPAK@Z
-  - ?GetID@CModuleConfig@@QAEKXZ
-  - ?GetJob@CWorkerThreadJobQueue@@QAEPAVCWorkerThreadJob@@XZ
-  - ?GetLength@CModuleStringConfig@@QAEKXZ
-  - ?GetLinkContext@CContext@@QAEPAXXZ
-  - ?GetLogFlag@CDebugLog@@QAEKXZ
-  - ?GetLogFlag@CDebugLogEx@@QAEKXZ
-  - ?GetModuleId@CModuleConfig@@QAEKXZ
-  - ?GetMultiStringConfig@CContext@@QAEPAVCStrList@@K@Z
-  - ?GetMultiStringConfig@CContext@@UAEJKPAGPAK@Z
-  - ?GetOneThreadTEB@CWorkerThreadPool@@QAEPAU_ETHREAD@@XZ
-  - ?GetOneThreadTEB@CWorkerThreadPool@@QAEPAU_KTHREAD@@XZ
-  - ?GetOneThreadTEB@CWorkerThreadPoolEx@@QAEPAU_ETHREAD@@XZ
-  - ?GetOneThreadTEB@CWorkerThreadPoolEx@@QAEPAU_KTHREAD@@XZ
-  - ?GetReportCallBackRoutine@CContext@@QAEKXZ
-  - ?GetSize@CBlobConfig@@QAEKXZ
-  - ?GetStringConfig@CContext@@QAEPAGK@Z
-  - ?GetStringConfig@CContext@@UAEJKPAGPAK@Z
-  - ?GetThreadCount@CWorkerThreadPool@@QAEKXZ
-  - ?GetThreadCount@CWorkerThreadPoolEx@@QAEKXZ
-  - ?GetThreadID@CSystemThread@@QAEKXZ
-  - ?GetType@CContext@@QAEKXZ
-  - ?GetUserParameter@CContext@@QAEKXZ
-  - ?InitProcMon@CDebugLogEx@@IAEXXZ
-  - ?InitializeBlobConfig@CContext@@QAEHKPAXK@Z
-  - ?InitializeFileExtensionConfig@CContext@@QAEHKPBG@Z
-  - ?InitializeFlagConfig@CContext@@QAEHKK@Z
-  - ?InitializeMultiStringConfig@CContext@@QAEHKPBG@Z
-  - ?InitializeStringConfig@CContext@@QAEHKPBG@Z
-  - ?Insert@CList@@UAEXQAXE@Z
-  - ?Insert@CLockList@@UAEXQAXE@Z
-  - ?Insert@CNoLockList@@UAEXQAXE@Z
-  - ?InsertAfter@CList@@UAEXPAX0@Z
-  - ?InsertBefore@CList@@UAEXPAX0@Z
-  - ?Instance@CWorkerThreadPool@@SGPAV1@XZ
-  - ?IsEmpty@CList@@UAEEXZ
-  - ?IsEmpty@CLockList@@UAEEXZ
-  - ?IsEmpty@CNoLockList@@UAEEXZ
-  - ?IsExceedLimitation@CMemoryPoolAllocator@@IAEEK@Z
-  - ?IsFull@CLockList@@QBEEXZ
-  - ?IsFull@CNoLockList@@QBEEXZ
-  - ?IsInExclusionList@CExclusionExtConfig@@QAEEPBG@Z
-  - ?IsInExclusionList@CExclusionFileNameConfig@@QAEEPBG@Z
-  - ?IsInExclusionList@CExclusionFilePathConfig@@QAEEPBG@Z
-  - ?IsInExclusionList@CExclusionFolderConfig@@QAEEPBG@Z
-  - ?IsInExclusionList@CExclusionRegistryConfig@@QAEEPBG@Z
-  - ?IsInInclusionList@CInclusionExtConfig@@QAEEPBG@Z
-  - ?IsInInclusionList@CInclusionFileNameConfig@@QAEEPBG@Z
-  - ?IsInInclusionList@CInclusionFilePathConfig@@QAEEPBG@Z
-  - ?IsInInclusionList@CInclusionFolderConfig@@QAEEPBG@Z
-  - ?IsOpened@CFile@@QAEEXZ
-  - ?IsTerminated@CWorkerThreadPool@@QAEEXZ
-  - ?IsTerminated@CWorkerThreadPoolEx@@QAEEXZ
-  - ?IsValid@CMemoryAllocator@@UAEEXZ
-  - ?IsValid@CMemoryPoolAllocator@@UAEEXZ
-  - ?IsValid@IMemoryAllocator@@UAEEXZ
-  - ?IsWorkerThread@CWorkerThreadPool@@QAEEK@Z
-  - ?IsWorkerThread@CWorkerThreadPoolEx@@QAEEK@Z
-  - ?JobFunction@CUserFuncAdapterJob@@MAEXXZ
-  - ?JobQueue@CWorkerThreadPool@@QAEAAVCWorkerThreadJobQueue@@XZ
-  - ?JobQueue@CWorkerThreadPoolEx@@QAEAAVCWorkerThreadJobQueue@@XZ
-  - ?Limit@CLockList@@QAEKXZ
-  - ?Limit@CNoLockList@@QAEKXZ
-  - ?MatchAllExtensions@CFileExtension@@QAEEXZ
-  - ?MatchNoExtensions@CFileExtension@@QAEEXZ
-  - ?MergeLeft@CMemoryPoolAllocator@@IAEPAXPAX@Z
-  - ?MergeRight@CMemoryPoolAllocator@@IAEPAXPAX@Z
-  - ?NeedDelete@CWorkerThreadJob@@QAEEXZ
-  - ?NeedDeleteWhenFinish@CWorkerThreadJob@@QAEXE@Z
-  - ?NewNode@CList@@UAEPAXXZ
-  - ?NewNode@CStrList@@EAEPAXXZ
-  - ?NewNodeVariant@CList@@IAEPAXK@Z
-  - ?Next@CList@@UBEPAXQAX@Z
-  - ?Next@CLockList@@UBEPAXQAX@Z
-  - ?Next@CNoLockList@@UBEPAXQAX@Z
-  - ?NextPool@CMemoryPoolAllocator@@QAEPAV1@XZ
-  - ?NotityTerminate@CWorkerThread@@QAEXXZ
-  - ?PostJobToWorkerThread@CWorkerThreadPool@@QAEJP6GXPAX@Z0E@Z
-  - ?PostJobToWorkerThread@CWorkerThreadPoolEx@@QAEJP6GXPAX@Z0E1@Z
-  - ?Pulse@CKEvent@@QAEJJE@Z
-  - ?QueueJob@CWorkerThreadJobQueue@@QAEEPAVCWorkerThreadJob@@@Z
-  - ?QueueJobItem@CWorkerThreadPool@@QAEJPAVCWorkerThreadJob@@@Z
-  - ?QueueJobItem@CWorkerThreadPoolEx@@QAEJPAVCWorkerThreadJob@@@Z
-  - ?RCMInstance@CWorkerThreadPool@@SGPAV1@XZ
-  - ?Read@CFile@@QAEJPADKPAK@Z
-  - ?ReadWIRP@CFile@@QAEJPADKPAK@Z
-  - ?ReferenceCount@CContext@@QAEAAKXZ
-  - ?Release@CLockEvent@@QAEXXZ
-  - ?Remove@CContextList@@UAEEQAX@Z
-  - ?Remove@CList@@UAEEQAX@Z
-  - ?Remove@CLockList@@UAEEQAX@Z
-  - ?Remove@CNoLockList@@UAEEQAX@Z
-  - ?RemoveHead@CList@@UAEPAXXZ
-  - ?RemoveHead@CLockList@@UAEPAXXZ
-  - ?RemoveHead@CNoLockList@@UAEPAXXZ
-  - ?RemoveTail@CList@@UAEPAXXZ
-  - ?RemoveTail@CLockList@@UAEPAXXZ
-  - ?RemoveTail@CNoLockList@@UAEPAXXZ
-  - ?Reset@CKEvent@@QAEXXZ
-  - ?ResetData@CInclusionExtConfig@@QAEXXZ
-  - ?ResetData@CInclusionFileNameConfig@@QAEXXZ
-  - ?ResetData@CInclusionFilePathConfig@@QAEXXZ
-  - ?ResetData@CInclusionFolderConfig@@QAEXXZ
-  - ?RestoreCR0@@YGXPAX@Z
-  - ?Run@CAutoUpdateConfigThread@@UAEXXZ
-  - ?Run@CDelayLoadThread@@UAEXXZ
-  - ?Run@CWorkerThread@@UAEXXZ
-  - ?SeekToEnd@CFile@@QAEJXZ
-  - ?Set@CKEvent@@QAEJJE@Z
-  - ?SetAttributes@CFile@@QAEJK@Z
-  - ?SetBlobCofig@CContext@@UAEJKPAXK@Z
-  - ?SetData@CBlobConfig@@QAEHPAXK@Z
-  - ?SetData@CModuleFileExtConfig@@QAEHPBG@Z
-  - ?SetData@CModuleFlagConfig@@QAEHK@Z
-  - ?SetData@CModuleMultiStringConfig@@QAEHPBGK@Z
-  - ?SetData@CModuleStringConfig@@QAEHPBG@Z
-  - ?SetEngineContext@CContext@@QAEXPAX@Z
-  - ?SetFileExtensionConfig@CContext@@UAEJKPBG@Z
-  - ?SetFlagConfig@CContext@@UAEJKK@Z
-  - ?SetLinkContext@CContext@@QAEXPAX@Z
-  - ?SetLogFlag@CDebugLog@@QAEEK@Z
-  - ?SetLogFlag@CDebugLogEx@@QAEEK@Z
-  - ?SetMatchAllExtensions@CFileExtension@@QAEXE@Z
-  - ?SetMatchNoExtensions@CFileExtension@@QAEXE@Z
-  - ?SetMultiStringConfig@CContext@@UAEJKPBG@Z
-  - ?SetNewJobItemEvent@CWorkerThreadJobQueue@@QAEXXZ
-  - ?SetPriority@CSystemThread@@QAEXK@Z
-  - ?SetStopUse@CContext@@QAEXXZ
-  - ?SetStringConfig@CContext@@UAEJKPBG@Z
-  - ?Setup@CSystemThread@@MAEXXZ
-  - ?StopUse@CContext@@QAEHXZ
-  - ?TearDown@CSystemThread@@MAEXXZ
-  - ?Terminate@CSystemThread@@QAEXE@Z
-  - ?Terminate@CWorkerThreadPool@@QAEEXZ
-  - ?Terminate@CWorkerThreadPoolEx@@QAEEXZ
-  - ?TmExceptionFilter@@YGJPAU_EXCEPTION_POINTERS@@@Z
-  - ?Wait@CKEvent@@QAEJPAT_LARGE_INTEGER@@E@Z
-  - ?WaitFinish@CWorkerThreadJob@@QAEXXZ
-  - ?WaitForInit@CDelayLoadThread@@QAEEXZ
-  - ?WaitForLoad@CDelayLoadThread@@QAEEXZ
-  - ?WaitNewJobAvailable@CWorkerThreadJobQueue@@QAEEXZ
-  - ?WaitQueueEmpty@CWorkerThreadJobQueue@@QAEXXZ
-  - ?Write@CDebugLog@@QAAXPBDZZ
-  - ?Write@CDebugLogEx@@QAAXPBDZZ
-  - ?Write@CFile@@QAEJPADKPAT_LARGE_INTEGER@@PAK@Z
-  - ?WriteDataToFile@CDebugLogEx@@IAEXPADK@Z
-  - ?WriteDataToProcMonW@CDebugLogEx@@IAEXPAD@Z
-  - ?WriteSystemInformation@CDebugLog@@QAEXXZ
-  - ?WriteSystemInformation@CDebugLogEx@@QAEXXZ
-  - ?WriteSystemStringInformation@CDebugLog@@IAEXPBG@Z
-  - ?WriteSystemStringInformation@CDebugLogEx@@IAEXPBG@Z
-  - ?WriteToFile@CDebugLog@@IAEXPADK@Z
-  - ?WriteToProcMonW@CDebugLogEx@@IAEXPAU_UNICODE_STRING@@@Z
-  - ?_pNonPagedAllocator@@3PAVCMemoryAllocator@@A
-  - ?_pPagedAllocator@@3PAVCMemoryAllocator@@A
-  - ?m_lpInstance@CWorkerThreadPool@@1PAV1@A
-  - ?m_lpRCMInstance@CWorkerThreadPool@@1PAV1@A
-  - _DeInitKm2UmCommunication@0
-  - _DeInitKmLPC@0
-  - _DuplicateFullFileName@4
-  - _FreeFullFileName@4
-  - _GetKm2UmMode@0
-  - _GetModuleInfoByAddress@8
-  - _GetModuleInfoByModuleName@8
-  - _InitKm2UmCommunication@8
-  - _InitKmLPC@0
-  - _IsWindows8_1_update@4
-  - _KmCallUm@8
-  - _KmCallUmByLPC@8
-  - _KmCallUmEx@12
-  - _KmCleanupCommPortAPIs@0
-  - _KmGetUmInitProcess@0
-  - _KmSetCommPortAPIs@4
-  - _ModGetExportProcAddress@8
-  - _ModLoadDLLToBuffer@4
-  - _ModLoadDLLToBufferWithImageSize@8
-  - _ModLoadModule@8
-  - _ModUnLoadModule@4
-  - _NormalizeFileName@4
-  - _NormalizeFullNtPathToDosName@4
-  - _TmCommConfigRoutine@4
-  - _UtilAddDeviceInDriveTable@4
-  - _UtilAddReparsePointMapping@8
-  - _UtilCleanFileReadOnly@4
-  - _UtilCreateDosFileName@8
-  - _UtilDeleteFileForce@4
-  - _UtilGetDeviceObjectName@8
-  - _UtilGetFileNameFromFileObject@4
-  - _UtilGetFileObjectForProcessByEPROC@8
-  - _UtilGetFileObjectFromFileName@12
-  - _UtilGetProcessName@12
-  - _UtilGetSystemDirectory@4
-  - _UtilGetSystemDirectoryEx@0
-  - _UtilGetSystemDirectoryLength@0
-  - _UtilGetSystemTime@4
-  - _UtilIoSetFileInfo@24
-  - _UtilIopCreateFileIRP@40
-  - _UtilKeGetLowFileDevice@16
-  - _UtilModuleIATHook@24
-  - _UtilModuleIATUnHook@8
-  - _UtilPostJobToWorkerThread@12
-  - _UtilQueryKeyValue@24
-  - _UtilRemoveDeviceFromDriveTable@4
-  - _UtilVolumeDeviceToDosName@8
-  - _UtilWaitValueChangeToZero@8
-  - _UtilWriteVersionToRegistry@8
-  - _UtilbuildDynamicDiskMappingTable@0
-  - _UtlWriteBinValueKeyToRegistry@16
-  - _ValidateAddressWithSize@20
-  - __UtilDosPathNameToNtPathName@12
-  ImportedFunctions:
-  - wcsrchr
-  - KeSetEvent
-  - KePulseEvent
-  - KeClearEvent
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - ObfDereferenceObject
-  - ZwSetEvent
-  - ZwClose
-  - ZwConnectPort
-  - RtlInitUnicodeString
-  - RtlUnicodeStringToInteger
-  - ZwCreateSection
-  - ZwWaitForSingleObject
-  - ZwOpenEvent
-  - IoGetCurrentProcess
-  - ObfReferenceObject
-  - DbgBreakPoint
-  - ZwRequestWaitReplyPort
-  - ExFreePoolWithTag
-  - ProbeForWrite
-  - ZwFreeVirtualMemory
-  - ZwAllocateVirtualMemory
-  - ObOpenObjectByPointer
-  - PsProcessType
-  - memmove
-  - PsGetProcessExitTime
-  - MmSectionObjectType
-  - PsThreadType
-  - ObReleaseObjectSecurity
-  - SeReleaseSubjectContext
-  - SeAccessCheck
-  - SeCaptureSubjectContext
-  - ObGetObjectSecurity
-  - DbgPrint
-  - memset
-  - MmIsAddressValid
-  - ExInitializeResourceLite
-  - ExDeleteResourceLite
-  - ZwWriteFile
-  - ZwReadFile
-  - ZwQueryInformationFile
-  - ZwSetInformationFile
-  - ZwCreateFile
-  - swprintf
-  - towupper
-  - _wcsnicmp
-  - ExAllocatePoolWithTag
-  - KeInitializeEvent
-  - _snprintf
-  - PsGetCurrentProcessId
-  - RtlTimeToTimeFields
-  - ExSystemTimeToLocalTime
-  - KeQuerySystemTime
-  - PsGetCurrentThreadId
-  - RtlInitAnsiString
-  - ZwDeviceIoControlFile
-  - ZwCreateKey
-  - ZwCreateEvent
-  - KeWaitForMultipleObjects
-  - ObReferenceObjectByHandle
-  - ZwNotifyChangeKey
-  - _vsnprintf
-  - RtlFreeUnicodeString
-  - RtlAnsiStringToUnicodeString
-  - RtlEqualUnicodeString
-  - RtlAppendUnicodeStringToString
-  - RtlCopyUnicodeString
-  - RtlUpcaseUnicodeChar
-  - KeWaitForSingleObject
-  - KeSetPriorityThread
-  - PsTerminateSystemThread
-  - PsCreateSystemThread
-  - KeDelayExecutionThread
-  - KeNumberProcessors
-  - ZwQueryInformationProcess
-  - PsLookupProcessByProcessId
-  - ZwOpenDirectoryObject
-  - PsSetCreateProcessNotifyRoutine
-  - ZwQuerySystemInformation
-  - ZwQueryDirectoryFile
-  - ZwQueryDirectoryObject
-  - ZwDuplicateObject
-  - ZwOpenKey
-  - ZwEnumerateKey
-  - ZwEnumerateValueKey
-  - ZwQueryValueKey
-  - ZwDeleteValueKey
-  - ZwDeleteKey
-  - ExGetPreviousMode
-  - ZwTerminateProcess
-  - ZwOpenProcess
-  - ZwQueryKey
-  - ZwSetValueKey
-  - IoFileObjectType
-  - _allrem
-  - ZwQuerySecurityObject
-  - memcpy
-  - RtlLengthSecurityDescriptor
-  - MmHighestUserAddress
-  - IoFreeIrp
-  - IoFreeMdl
-  - MmUnlockPages
-  - _purecall
-  - _strnicmp
-  - RtlQueryRegistryValues
-  - RtlAppendUnicodeToString
-  - mbstowcs
-  - ZwQuerySymbolicLinkObject
-  - ZwOpenSymbolicLinkObject
-  - NtClose
-  - ObQueryNameString
-  - MmGetSystemRoutineAddress
-  - ZwSetInformationObject
-  - _stricmp
-  - ZwUnmapViewOfSection
-  - ZwMapViewOfSection
-  - ZwOpenFile
-  - IoCreateFile
-  - IofCallDriver
-  - IoAllocateIrp
-  - MmBuildMdlForNonPagedPool
-  - IoAllocateMdl
-  - ProbeForRead
-  - PsGetVersion
-  - RtlImageNtHeader
-  - RtlCompareMemory
-  - _snwprintf
-  - MmSystemRangeStart
-  - wcsncmp
-  - strrchr
-  - ZwQueryVolumeInformationFile
-  - ObReferenceObjectByPointer
-  - IoBuildDeviceIoControlRequest
-  - ZwOpenSection
-  - _allmul
-  - KeReleaseSemaphore
-  - RtlLengthRequiredSid
-  - RtlInitializeSid
-  - RtlSubAuthoritySid
-  - RtlSetDaclSecurityDescriptor
-  - RtlCreateSecurityDescriptor
-  - RtlAddAccessAllowedAce
-  - RtlCreateAcl
-  - KeInitializeSemaphore
-  - IofCompleteRequest
-  - ExEventObjectType
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - IoCreateSymbolicLink
-  - IoGetDeviceObjectPointer
-  - RtlUpperChar
-  - ObReferenceObjectByName
-  - IoDriverObjectType
-  - RtlCompareUnicodeString
-  - strncpy
-  - KeServiceDescriptorTable
-  - NtOpenProcess
-  - ObOpenObjectByName
-  - NtQueryInformationProcess
-  - PsIsThreadTerminating
-  - KeAddSystemServiceTable
-  - ZwQueryObject
-  - ZwFsControlFile
-  - ObInsertObject
-  - IoReleaseVpbSpinLock
-  - IoAcquireVpbSpinLock
-  - SeCreateAccessState
-  - IoGetFileObjectGenericMapping
-  - ObCreateObject
-  - _allshr
-  - ExInterlockedPopEntrySList
-  - IoGetStackLimits
-  - IoBuildSynchronousFsdRequest
-  - wcsstr
-  - RtlUpcaseUnicodeString
-  - IoUnregisterPlugPlayNotification
-  - FsRtlIsNameInExpression
-  - IoGetConfigurationInformation
-  - MmProbeAndLockPages
-  - IoGetDeviceInterfaces
-  - IoRegisterPlugPlayNotification
-  - ExAllocatePool
-  - RtlFreeAnsiString
-  - RtlUnicodeStringToAnsiString
-  - strncat
-  - wcschr
-  - wcsncat
-  - wcstombs
-  - KeTickCount
-  - KeBugCheckEx
-  - RtlUnwind
-  - wcsncpy
-  - ExReleaseResourceLite
-  - ExAcquireResourceExclusiveLite
-  - ExAcquireResourceSharedLite
-  - ExReleaseFastMutexUnsafe
-  - KeLeaveCriticalRegion
-  - KeEnterCriticalRegion
-  - ZwSetSecurityObject
-  - ExAcquireFastMutexUnsafe
-  - IoDeviceObjectType
-  - IoCreateDevice
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetSaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - SeExports
-  - IoIsWdmVersionAvailable
-  - RtlLengthSid
-  - RtlAbsoluteToSelfRelativeSD
-  - IoBuildAsynchronousFsdRequest
-  - KeGetCurrentThread
-  - KfAcquireSpinLock
-  - KfReleaseSpinLock
-  - KeRaiseIrqlToDpcLevel
-  - KfLowerIrql
-  - ExAcquireFastMutex
-  - ExReleaseFastMutex
-  - KeGetCurrentIrql
-  - KfRaiseIrql
-  - ClassInitialize
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO
-        Time Stamping Signer
-      ValidFrom: '2010-05-10 00:00:00'
-      ValidTo: '2015-05-10 23:59:59'
-      Signature: c8fb63f80b75752c3af1f213a72db6a31a9cad0107d3348e77e0c26eae025d484fa4d221b636fd2a35437c6bdf80870b15f0763200b4ceb567a42f2f201b9c549e833f1f5f149562820f2241221f70b3f3f742de6c51cd4bf821ac9b3b8cb1e5e6288fce2a8af9aa524d8c5b77ba4d5a58dbbb6a04cc521e9de228370ebbe70e91c7f8dbf18198ebcd37b30eab65d362ec3aa576eb13a83593c92e0a01ecc0e8cc3d7eb6ebe2c1ecd3149282668750dcfd5097acb34a767306c486113ab35f4304526feab3d074364ccaf11b7984377063ad74b9aa0ef398b08608ebdbe01f8c10f239649bae4f0a2c928a4f18b591e58d1a935f1faef1a6f02e97d0d2f62b3c
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 478a8efb59e1d83f0ce142d2a28707be
-      Version: 3
-      TBS:
-        MD5: f13ede9179075999ef7f856ec31e364b
-        SHA1: 2f09867166e6107e17808317f5c8d4ee157f45bc
-        SHA256: 089a2c4c6ac7432020acdb65c33bf39130da6f37c002ba79128bd4c94e4fa101
-        SHA384: 67be6d358f4ecd0726163603a404db9d78c340951d43fd608482cd89a2de7f9566f0ce45f8222f420003157cb266b939
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=TW, ST=Taiwan, L=Taipei, O=Trend Micro, Inc., OU=Digital ID Class
-        3 , Microsoft Software Validation v2, CN=Trend Micro, Inc.
-      ValidFrom: '2014-02-07 00:00:00'
-      ValidTo: '2015-04-08 23:59:59'
-      Signature: 95676d657200d1a91b1629ed0bb118cc53bbacd5393d361300de6c1107b5007664bf846a75e03f5f4c9d6d9882cbb744621deee429f37c0695f829dace5b0f44309bdaa5a132dfbd8161e0a490752ecc340e7ae1c40c01c2029b7d8c0ecc9a717843e22a7a7232b64dfdec2f1312a6fd514a59d27eb2486dc5e9cbe7aa1ea6e21598f06bbd3faf3c37073e2f363b4133336ecb536a7735f53ddd666509cef465ae1c5e01a23b674a7bf4a8835c3ddd85168f84ff5c63a1685a15939bc0c7e5dd92bc95e41a0fd443d384e328be7374e95e28230365a7489d114009911ecee502afe8dbcdb44055df9b59feebc6d05eeffba205a4d62574936463bb05f79b5be4
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 5bb307b9e6fbf0c0fd40f5772d1ad8e3
-      Version: 3
-      TBS:
-        MD5: e8f93ae74cc54a00e4278f92c46c42e9
-        SHA1: 1e2d3a7e0be7d05f35ede330e922292e6ffa1a0c
-        SHA256: 9d5606f127dc9d395d41a511d41831b7fff0954458d6c2d09297e25d2a44671f
-        SHA384: f95ca91d5422848535963f417a3c14867d65e77c13653ff430af0f7219eed7085ecf35a810930f731369e02b325c059f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 5bb307b9e6fbf0c0fd40f5772d1ad8e3
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: c060a624a43f3a4972ee081f9209e4d3
-    SHA1: e630bbef7195d2e1c16d683b8f18c182aef98dc7
-    SHA256: b574f3894ffb1b628c20191e085a4ada2a5f0eb04ea86a3a1ddc1d9fffd22f99
-  Sections:
-    .text:
-      Entropy: 6.684315861221468
-      Virtual Size: '0x37376'
-    .rdata:
-      Entropy: 4.965780948690118
-      Virtual Size: '0x242c'
-    .data:
-      Entropy: 4.587939809496467
-      Virtual Size: '0x3000'
-    PAGE:
-      Entropy: 6.291603080402883
-      Virtual Size: '0x13dd'
-    .edata:
-      Entropy: 5.835213314323085
-      Virtual Size: '0x5540'
-    INIT:
-      Entropy: 5.650775218389838
-      Virtual Size: '0x16a2'
-    .rsrc:
-      Entropy: 3.4011474091653793
-      Virtual Size: '0x760'
-    .reloc:
-      Entropy: 6.581452060997828
-      Virtual Size: '0x346c'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2014-07-14 01:39:00'
-  Imphash: 9915439d37f385dbffc72bf835f3ee02
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: TmComm.sys
-  MD5: 62eed4173c566a248531fb6f20a5900d
-  SHA1: 0e60414750c48676d7aa9c9ec81c0a3b3a4d53d0
-  SHA256: e3eff841ea0f2786e5e0fed2744c0829719ad711fc9258eeaf81ed65a52a8918
-  Authentihash:
-    MD5: 8b3b8e708437670247e2e8af98e9c269
-    SHA1: c9fd7be77bad0db66831c5fdaef66d96574ae2e4
-    SHA256: d33fe3bbcdf1ef7e42faf4ac81d7da3a6451eb67b477e78b75506b0df21cf598
-  Description: TrendMicro Common Module
-  Company: Trend Micro Inc.
-  InternalName: TmComm.sys
-  OriginalFilename: TmComm.sys
-  FileVersion: 7.0.0.1101
-  Product: Trend Micro Eyes
-  ProductVersion: '7.0'
-  Copyright: Copyright  (C)  2016 Trend Micro Incorporated. All rights reserved.
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions:
-  - ??0CAutoUpdateConfigThread@@QEAA@AEBV0@@Z
-  - ??0CAutoUpdateConfigThread@@QEAA@PEAU_UNICODE_STRING@@P6AX0PEAX@Z1@Z
-  - ??0CBlobConfig@@QEAA@AEBV0@@Z
-  - ??0CBlobConfig@@QEAA@K@Z
-  - ??0CContext@@QEAA@AEBV0@@Z
-  - ??0CContext@@QEAA@KP6AJPEAU_EVENT_REPORT@@PEAXPEAU_TMCE_REPORT@@PEAU_TMCE_FEEDBACK@@@Z1K@Z
-  - ??0CContextList@@QEAA@AEBV0@@Z
-  - ??0CContextList@@QEAA@KPEAVIMemoryAllocator@@@Z
-  - ??0CDebugLog@@QEAA@AEBV0@@Z
-  - ??0CDebugLog@@QEAA@PEBG@Z
-  - ??0CDebugLogEx@@QEAA@AEBV0@@Z
-  - ??0CDebugLogEx@@QEAA@K@Z
-  - ??0CDelayLoadThread@@QEAA@AEBV0@@Z
-  - ??0CDelayLoadThread@@QEAA@XZ
-  - ??0CExclusionExtConfig@@QEAA@AEBV0@@Z
-  - ??0CExclusionExtConfig@@QEAA@KKE@Z
-  - ??0CExclusionFileNameConfig@@QEAA@AEBV0@@Z
-  - ??0CExclusionFileNameConfig@@QEAA@KK@Z
-  - ??0CExclusionFilePathConfig@@QEAA@AEBV0@@Z
-  - ??0CExclusionFilePathConfig@@QEAA@KK@Z
-  - ??0CExclusionFolderConfig@@QEAA@AEBV0@@Z
-  - ??0CExclusionFolderConfig@@QEAA@KK@Z
-  - ??0CExclusionRegistryConfig@@QEAA@AEBV0@@Z
-  - ??0CExclusionRegistryConfig@@QEAA@KK@Z
-  - ??0CFile@@QEAA@AEBV0@@Z
-  - ??0CFile@@QEAA@E@Z
-  - ??0CFileExtension@@QEAA@AEBV0@@Z
-  - ??0CFileExtension@@QEAA@KEEPEAVIMemoryAllocator@@@Z
-  - ??0CInclusionExtConfig@@QEAA@AEBV0@@Z
-  - ??0CInclusionExtConfig@@QEAA@KKE@Z
-  - ??0CInclusionFileNameConfig@@QEAA@AEBV0@@Z
-  - ??0CInclusionFileNameConfig@@QEAA@KK@Z
-  - ??0CInclusionFilePathConfig@@QEAA@AEBV0@@Z
-  - ??0CInclusionFilePathConfig@@QEAA@KK@Z
-  - ??0CInclusionFolderConfig@@QEAA@AEBV0@@Z
-  - ??0CInclusionFolderConfig@@QEAA@KK@Z
-  - ??0CKEvent@@QEAA@AEBV0@@Z
-  - ??0CKEvent@@QEAA@W4_EVENT_TYPE@@E@Z
-  - ??0CList@@QEAA@AEBV0@@Z
-  - ??0CList@@QEAA@KPEAVIMemoryAllocator@@@Z
-  - ??0CLockEvent@@QEAA@AEBV0@@Z
-  - ??0CLockEvent@@QEAA@XZ
-  - ??0CLockList@@QEAA@AEBV0@@Z
-  - ??0CLockList@@QEAA@KKPEAVIMemoryAllocator@@@Z
-  - ??0CMemoryAllocator@@IEAA@W4_POOL_TYPE@@K@Z
-  - ??0CMemoryAllocator@@QEAA@AEBV0@@Z
-  - ??0CMemoryPoolAllocator@@IEAA@W4_POOL_TYPE@@_K1K@Z
-  - ??0CMemoryPoolAllocator@@QEAA@AEBV0@@Z
-  - ??0CModuleConfig@@QEAA@AEBV0@@Z
-  - ??0CModuleConfig@@QEAA@XZ
-  - ??0CModuleConfigList@@QEAA@AEBV0@@Z
-  - ??0CModuleConfigList@@QEAA@KPEAVIMemoryAllocator@@@Z
-  - ??0CModuleFileExtConfig@@QEAA@AEBV0@@Z
-  - ??0CModuleFileExtConfig@@QEAA@KKE@Z
-  - ??0CModuleFlagConfig@@QEAA@AEBV0@@Z
-  - ??0CModuleFlagConfig@@QEAA@K@Z
-  - ??0CModuleMultiStringConfig@@QEAA@AEBV0@@Z
-  - ??0CModuleMultiStringConfig@@QEAA@KK@Z
-  - ??0CModuleStringConfig@@QEAA@AEBV0@@Z
-  - ??0CModuleStringConfig@@QEAA@K@Z
-  - ??0CNoLockList@@QEAA@AEBV0@@Z
-  - ??0CNoLockList@@QEAA@KKPEAVIMemoryAllocator@@@Z
-  - ??0CSmartLock@@QEAA@AEAVCLockEvent@@@Z
-  - ??0CSmartLock@@QEAA@XZ
-  - ??0CSmartReference@@QEAA@AEAJ@Z
-  - ??0CSmartReference@@QEAA@AEAK@Z
-  - ??0CSmartResource@@QEAA@AEAVCResource@@E@Z
-  - ??0CStrList@@QEAA@AEBV0@@Z
-  - ??0CStrList@@QEAA@KPEAVIMemoryAllocator@@@Z
-  - ??0CSystemThread@@QEAA@AEBV0@@Z
-  - ??0CSystemThread@@QEAA@K@Z
-  - ??0CUserFuncAdapterJob@@QEAA@AEBV0@@Z
-  - ??0CUserFuncAdapterJob@@QEAA@P6AXPEAX@Z01@Z
-  - ??0CWorkerThread@@IEAA@PEAVCWorkerThreadJobQueue@@@Z
-  - ??0CWorkerThread@@QEAA@AEBV0@@Z
-  - ??0CWorkerThreadJob@@QEAA@AEBV0@@Z
-  - ??0CWorkerThreadJob@@QEAA@E@Z
-  - ??0CWorkerThreadJobQueue@@QEAA@AEBV0@@Z
-  - ??0CWorkerThreadJobQueue@@QEAA@K@Z
-  - ??0CWorkerThreadPool@@QEAA@AEBV0@@Z
-  - ??0CWorkerThreadPool@@QEAA@K@Z
-  - ??0CWorkerThreadPoolEx@@QEAA@AEBV0@@Z
-  - ??0CWorkerThreadPoolEx@@QEAA@KK@Z
-  - ??0IMemoryAllocator@@QEAA@AEBV0@@Z
-  - ??0IMemoryAllocator@@QEAA@XZ
-  - ??1CAutoUpdateConfigThread@@UEAA@XZ
-  - ??1CBlobConfig@@UEAA@XZ
-  - ??1CContext@@UEAA@XZ
-  - ??1CContextList@@UEAA@XZ
-  - ??1CDebugLog@@UEAA@XZ
-  - ??1CDebugLogEx@@UEAA@XZ
-  - ??1CDelayLoadThread@@UEAA@XZ
-  - ??1CExclusionExtConfig@@UEAA@XZ
-  - ??1CExclusionFileNameConfig@@UEAA@XZ
-  - ??1CExclusionFilePathConfig@@UEAA@XZ
-  - ??1CExclusionFolderConfig@@UEAA@XZ
-  - ??1CExclusionRegistryConfig@@UEAA@XZ
-  - ??1CFile@@UEAA@XZ
-  - ??1CFileExtension@@UEAA@XZ
-  - ??1CInclusionExtConfig@@UEAA@XZ
-  - ??1CInclusionFileNameConfig@@UEAA@XZ
-  - ??1CInclusionFilePathConfig@@UEAA@XZ
-  - ??1CInclusionFolderConfig@@UEAA@XZ
-  - ??1CKEvent@@UEAA@XZ
-  - ??1CList@@UEAA@XZ
-  - ??1CLockEvent@@UEAA@XZ
-  - ??1CLockList@@UEAA@XZ
-  - ??1CMemoryAllocator@@UEAA@XZ
-  - ??1CMemoryPoolAllocator@@UEAA@XZ
-  - ??1CModuleConfig@@UEAA@XZ
-  - ??1CModuleConfigList@@UEAA@XZ
-  - ??1CModuleFileExtConfig@@UEAA@XZ
-  - ??1CModuleFlagConfig@@UEAA@XZ
-  - ??1CModuleMultiStringConfig@@UEAA@XZ
-  - ??1CModuleStringConfig@@UEAA@XZ
-  - ??1CNoLockList@@UEAA@XZ
-  - ??1CSmartLock@@QEAA@XZ
-  - ??1CSmartReference@@QEAA@XZ
-  - ??1CSmartResource@@QEAA@XZ
-  - ??1CStrList@@UEAA@XZ
-  - ??1CSystemThread@@UEAA@XZ
-  - ??1CUserFuncAdapterJob@@UEAA@XZ
-  - ??1CWorkerThread@@UEAA@XZ
-  - ??1CWorkerThreadJob@@UEAA@XZ
-  - ??1CWorkerThreadJobQueue@@UEAA@XZ
-  - ??1CWorkerThreadPool@@UEAA@XZ
-  - ??1CWorkerThreadPoolEx@@UEAA@XZ
-  - ??1IMemoryAllocator@@UEAA@XZ
-  - ??2@YAPEAX_KPEAVIMemoryAllocator@@PEBDK@Z
-  - ??2CMemoryAllocator@@SAPEAX_K@Z
-  - ??2CMemoryPoolAllocator@@SAPEAX_K@Z
-  - ??3@YAXPEAX@Z
-  - ??3@YAXPEAX_K@Z
-  - ??3IMemoryAllocator@@SAXPEAX@Z
-  - ??4CAutoUpdateConfigThread@@QEAAAEAV0@AEBV0@@Z
-  - ??4CBlobConfig@@QEAAAEAV0@AEBV0@@Z
-  - ??4CContext@@QEAAAEAV0@AEBV0@@Z
-  - ??4CDebugLog@@QEAAAEAV0@AEBV0@@Z
-  - ??4CDebugLogEx@@QEAAAEAV0@AEBV0@@Z
-  - ??4CDelayLoadThread@@QEAAAEAV0@AEBV0@@Z
-  - ??4CFile@@QEAAAEAV0@AEBV0@@Z
-  - ??4CKEvent@@QEAAAEAV0@AEBV0@@Z
-  - ??4CLockEvent@@QEAAAEAV0@AEBV0@@Z
-  - ??4CMemoryAllocator@@QEAAAEAV0@AEBV0@@Z
-  - ??4CMemoryPoolAllocator@@QEAAAEAV0@AEBV0@@Z
-  - ??4CModuleConfig@@QEAAAEAV0@AEBV0@@Z
-  - ??4CModuleFlagConfig@@QEAAAEAV0@AEBV0@@Z
-  - ??4CModuleStringConfig@@QEAAAEAV0@AEBV0@@Z
-  - ??4CSmartLock@@QEAAAEAV0@AEBV0@@Z
-  - ??4CSmartLock@@QEAAAEBV0@AEAVCLockEvent@@@Z
-  - ??4CSmartResource@@QEAAAEAV0@AEBV0@@Z
-  - ??4CSystemThread@@QEAAAEAV0@AEBV0@@Z
-  - ??4CUserFuncAdapterJob@@QEAAAEAV0@AEBV0@@Z
-  - ??4CWorkerThread@@QEAAAEAV0@AEBV0@@Z
-  - ??4CWorkerThreadJob@@QEAAAEAV0@AEBV0@@Z
-  - ??4IMemoryAllocator@@QEAAAEAV0@AEBV0@@Z
-  - ??_7CAutoUpdateConfigThread@@6B@
-  - ??_7CBlobConfig@@6B@
-  - ??_7CContext@@6B@
-  - ??_7CContextList@@6B@
-  - ??_7CDebugLog@@6B@
-  - ??_7CDebugLogEx@@6B@
-  - ??_7CDelayLoadThread@@6B@
-  - ??_7CExclusionExtConfig@@6B@
-  - ??_7CExclusionFileNameConfig@@6B@
-  - ??_7CExclusionFilePathConfig@@6B@
-  - ??_7CExclusionFolderConfig@@6B@
-  - ??_7CExclusionRegistryConfig@@6B@
-  - ??_7CFile@@6B@
-  - ??_7CFileExtension@@6B@
-  - ??_7CInclusionExtConfig@@6B@
-  - ??_7CInclusionFileNameConfig@@6B@
-  - ??_7CInclusionFilePathConfig@@6B@
-  - ??_7CInclusionFolderConfig@@6B@
-  - ??_7CKEvent@@6B@
-  - ??_7CList@@6B@
-  - ??_7CLockEvent@@6B@
-  - ??_7CLockList@@6B@
-  - ??_7CMemoryAllocator@@6B@
-  - ??_7CMemoryPoolAllocator@@6B@
-  - ??_7CModuleConfig@@6B@
-  - ??_7CModuleConfigList@@6B@
-  - ??_7CModuleFileExtConfig@@6B@
-  - ??_7CModuleFlagConfig@@6B@
-  - ??_7CModuleMultiStringConfig@@6B@
-  - ??_7CModuleStringConfig@@6B@
-  - ??_7CNoLockList@@6B@
-  - ??_7CStrList@@6B@
-  - ??_7CSystemThread@@6B@
-  - ??_7CUserFuncAdapterJob@@6B@
-  - ??_7CWorkerThread@@6B@
-  - ??_7CWorkerThreadJob@@6B@
-  - ??_7CWorkerThreadJobQueue@@6B@
-  - ??_7CWorkerThreadPool@@6B@
-  - ??_7CWorkerThreadPoolEx@@6B@
-  - ??_7IMemoryAllocator@@6B@
-  - ??_FCContextList@@QEAAXXZ
-  - ??_FCFile@@QEAAXXZ
-  - ??_FCFileExtension@@QEAAXXZ
-  - ??_FCModuleConfigList@@QEAAXXZ
-  - ??_FCStrList@@QEAAXXZ
-  - ??_FCSystemThread@@QEAAXXZ
-  - ??_FCWorkerThread@@QEAAXXZ
-  - ??_FCWorkerThreadJob@@QEAAXXZ
-  - ??_FCWorkerThreadJobQueue@@QEAAXXZ
-  - ??_U@YAPEAX_KPEAVIMemoryAllocator@@PEBDK@Z
-  - ??_V@YAXPEAX@Z
-  - ??_V@YAXPEAX_K@Z
-  - ?Acquire@CLockEvent@@QEAAXXZ
-  - ?Add@CContextList@@QEAAEPEAVCContext@@@Z
-  - ?Add@CFileExtension@@QEAAEPEBGK@Z
-  - ?Add@CModuleConfigList@@QEAAEPEAVCModuleConfig@@@Z
-  - ?Add@CStrList@@QEAAEPEBG@Z
-  - ?AddNode@CLockList@@UEAAEQEAXE@Z
-  - ?AddNode@CNoLockList@@UEAAEQEAXE@Z
-  - ?Alloc@CMemoryAllocator@@UEAAPEAX_KPEBDK@Z
-  - ?Alloc@CMemoryPoolAllocator@@UEAAPEAX_KPEBDK@Z
-  - ?AllocBlock@CMemoryPoolAllocator@@IEAAPEAX_K@Z
-  - ?AttachJobQueue@CWorkerThread@@QEAAXPEAVCWorkerThreadJobQueue@@@Z
-  - ?Cancel@CWorkerThreadJob@@QEAAXXZ
-  - ?CheckNode@CLockList@@UEAAHQEAX@Z
-  - ?CheckNode@CNoLockList@@UEAAHQEAX@Z
-  - ?CleanQueue@CWorkerThreadJobQueue@@QEAAXXZ
-  - ?Cleanup@CBlobConfig@@AEAAXXZ
-  - ?Cleanup@CModuleFileExtConfig@@IEAAXXZ
-  - ?Cleanup@CModuleMultiStringConfig@@IEAAXXZ
-  - ?Cleanup@CModuleStringConfig@@AEAAXXZ
-  - ?Close@CFile@@QEAAJXZ
-  - ?Count@CLockList@@QEAAKXZ
-  - ?Count@CNoLockList@@QEAAKXZ
-  - ?Create@CFile@@QEAAJPEBGKKKK@Z
-  - ?Create@CSystemThread@@QEAAEXZ
-  - ?CreateInstance@CMemoryAllocator@@SAPEAV1@W4_POOL_TYPE@@K@Z
-  - ?CreateInstance@CMemoryPoolAllocator@@SAPEAV1@W4_POOL_TYPE@@_K1K@Z
-  - ?CreatePool@CWorkerThreadPool@@QEAAEXZ
-  - ?CreatePool@CWorkerThreadPoolEx@@QEAAEXZ
-  - ?CreateThreads@CWorkerThreadPool@@QEAAEK@Z
-  - ?CreateThreads@CWorkerThreadPoolEx@@QEAAEK@Z
-  - ?CreateWIRP@CFile@@QEAAJPEBGKKKK@Z
-  - ?Delete@CFile@@QEAAJXZ
-  - ?Delete@CFileExtension@@QEAAEPEBGK@Z
-  - ?Delete@CStrList@@QEAAEPEBG@Z
-  - ?DeleteAll@CList@@UEAAXXZ
-  - ?DeleteAll@CLockList@@UEAAXXZ
-  - ?DeleteAll@CNoLockList@@UEAAXXZ
-  - ?DeleteNode@CContextList@@MEAAXPEAX@Z
-  - ?DeleteNode@CList@@UEAAXPEAX@Z
-  - ?DeleteNode@CModuleConfigList@@MEAAXPEAX@Z
-  - ?DeleteNode@CStrList@@EEAAXPEAU_STR_LIST_NODE@1@@Z
-  - ?DisableWriteProtectFromCR0@@YAXPEAPEAX@Z
-  - ?DoIt@CWorkerThreadJob@@QEAAJXZ
-  - ?EntryPoint@CSystemThread@@KAXPEAX@Z
-  - ?Find@CContextList@@QEAAPEAVCContext@@K@Z
-  - ?Find@CContextList@@QEAAPEAVCContext@@PEAX@Z
-  - ?Find@CFileExtension@@QEAAPEAU_STR_LIST_NODE@CStrList@@PEBGK@Z
-  - ?Find@CModuleConfigList@@QEAAPEAVCModuleConfig@@K@Z
-  - ?Find@CStrList@@QEAAPEAU_STR_LIST_NODE@1@PEBG@Z
-  - ?FindNode@CContextList@@IEAAPEAXPEAX@Z
-  - ?FindPartiallyAndAllMatch@CStrList@@QEAAPEAU_STR_LIST_NODE@1@PEBG@Z
-  - ?FinishFunction@CUserFuncAdapterJob@@MEAAXXZ
-  - ?FinishIt@CWorkerThreadJob@@QEAAJXZ
-  - ?First@CList@@UEAAPEAXXZ
-  - ?First@CLockList@@UEAAPEAXXZ
-  - ?First@CNoLockList@@UEAAPEAXXZ
-  - ?Free@CMemoryAllocator@@UEAAXPEAX@Z
-  - ?Free@CMemoryPoolAllocator@@UEAAXPEAX@Z
-  - ?GetAttributes@CFile@@QEAAKXZ
-  - ?GetBasicInfomration@CFile@@IEAAJXZ
-  - ?GetBlobCofig@CContext@@UEAAJKPEAXPEAK@Z
-  - ?GetCategory@CContext@@QEAAKXZ
-  - ?GetData@CBlobConfig@@QEAAHPEAXPEAK@Z
-  - ?GetData@CModuleFileExtConfig@@QEAAHPEAGPEAK@Z
-  - ?GetData@CModuleFileExtConfig@@QEAAPEAVCFileExtension@@XZ
-  - ?GetData@CModuleFlagConfig@@QEAAKXZ
-  - ?GetData@CModuleMultiStringConfig@@QEAAHPEAGPEAK@Z
-  - ?GetData@CModuleMultiStringConfig@@QEAAPEAVCStrList@@XZ
-  - ?GetData@CModuleStringConfig@@QEAAPEAGXZ
-  - ?GetData@CStrList@@QEAAEPEAGPEAK@Z
-  - ?GetDataType@CModuleConfig@@QEAAKXZ
-  - ?GetEngineContext@CContext@@QEAAPEAXXZ
-  - ?GetFileExtensionConfig@CContext@@QEAAPEAVCFileExtension@@K@Z
-  - ?GetFileExtensionConfig@CContext@@UEAAJKPEAGPEAK@Z
-  - ?GetFileSize@CFile@@QEAAJPEAT_LARGE_INTEGER@@@Z
-  - ?GetFileSizeWIRP@CFile@@QEAAJPEAT_LARGE_INTEGER@@@Z
-  - ?GetFlagConfig@CContext@@UEAAJKPEAK@Z
-  - ?GetID@CModuleConfig@@QEAAKXZ
-  - ?GetJob@CWorkerThreadJobQueue@@QEAAPEAVCWorkerThreadJob@@XZ
-  - ?GetLength@CModuleStringConfig@@QEAAKXZ
-  - ?GetLinkContext@CContext@@QEAAPEAXXZ
-  - ?GetLogFlag@CDebugLog@@QEAAKXZ
-  - ?GetLogFlag@CDebugLogEx@@QEAAKXZ
-  - ?GetModuleId@CModuleConfig@@QEAAKXZ
-  - ?GetMultiStringConfig@CContext@@QEAAPEAVCStrList@@K@Z
-  - ?GetMultiStringConfig@CContext@@UEAAJKPEAGPEAK@Z
-  - ?GetOneThreadTEB@CWorkerThreadPool@@QEAAPEAU_ETHREAD@@XZ
-  - ?GetOneThreadTEB@CWorkerThreadPool@@QEAAPEAU_KTHREAD@@XZ
-  - ?GetOneThreadTEB@CWorkerThreadPoolEx@@QEAAPEAU_ETHREAD@@XZ
-  - ?GetOneThreadTEB@CWorkerThreadPoolEx@@QEAAPEAU_KTHREAD@@XZ
-  - ?GetReportCallBackRoutine@CContext@@QEAA_KXZ
-  - ?GetSize@CBlobConfig@@QEAAKXZ
-  - ?GetStringConfig@CContext@@QEAAPEAGK@Z
-  - ?GetStringConfig@CContext@@UEAAJKPEAGPEAK@Z
-  - ?GetThreadCount@CWorkerThreadPool@@QEAAKXZ
-  - ?GetThreadCount@CWorkerThreadPoolEx@@QEAAKXZ
-  - ?GetThreadID@CSystemThread@@QEAA_KXZ
-  - ?GetType@CContext@@QEAAKXZ
-  - ?GetUserParameter@CContext@@QEAA_KXZ
-  - ?InitProcMon@CDebugLogEx@@IEAAXXZ
-  - ?InitializeBlobConfig@CContext@@QEAAHKPEAXK@Z
-  - ?InitializeFileExtensionConfig@CContext@@QEAAHKPEBG@Z
-  - ?InitializeFlagConfig@CContext@@QEAAHKK@Z
-  - ?InitializeMultiStringConfig@CContext@@QEAAHKPEBG@Z
-  - ?InitializeStringConfig@CContext@@QEAAHKPEBG@Z
-  - ?Insert@CList@@UEAAXQEAXE@Z
-  - ?Insert@CLockList@@UEAAXQEAXE@Z
-  - ?Insert@CNoLockList@@UEAAXQEAXE@Z
-  - ?InsertAfter@CList@@UEAAXPEAX0@Z
-  - ?InsertBefore@CList@@UEAAXPEAX0@Z
-  - ?Instance@CWorkerThreadPool@@SAPEAV1@XZ
-  - ?IsEmpty@CList@@UEAAEXZ
-  - ?IsEmpty@CLockList@@UEAAEXZ
-  - ?IsEmpty@CNoLockList@@UEAAEXZ
-  - ?IsExceedLimitation@CMemoryPoolAllocator@@IEAAEK@Z
-  - ?IsFull@CLockList@@QEBAEXZ
-  - ?IsFull@CNoLockList@@QEBAEXZ
-  - ?IsInExclusionList@CExclusionExtConfig@@QEAAEPEBG@Z
-  - ?IsInExclusionList@CExclusionFileNameConfig@@QEAAEPEBG@Z
-  - ?IsInExclusionList@CExclusionFilePathConfig@@QEAAEPEBG@Z
-  - ?IsInExclusionList@CExclusionFolderConfig@@QEAAEPEBG@Z
-  - ?IsInExclusionList@CExclusionRegistryConfig@@QEAAEPEBG@Z
-  - ?IsInInclusionList@CInclusionExtConfig@@QEAAEPEBG@Z
-  - ?IsInInclusionList@CInclusionFileNameConfig@@QEAAEPEBG@Z
-  - ?IsInInclusionList@CInclusionFilePathConfig@@QEAAEPEBG@Z
-  - ?IsInInclusionList@CInclusionFolderConfig@@QEAAEPEBG@Z
-  - ?IsOpened@CFile@@QEAAEXZ
-  - ?IsTerminated@CWorkerThreadPool@@QEAAEXZ
-  - ?IsTerminated@CWorkerThreadPoolEx@@QEAAEXZ
-  - ?IsValid@CMemoryAllocator@@UEAAEXZ
-  - ?IsValid@CMemoryPoolAllocator@@UEAAEXZ
-  - ?IsValid@IMemoryAllocator@@UEAAEXZ
-  - ?IsWorkerThread@CWorkerThreadPool@@QEAAE_K@Z
-  - ?IsWorkerThread@CWorkerThreadPoolEx@@QEAAE_K@Z
-  - ?JobFunction@CUserFuncAdapterJob@@MEAAXXZ
-  - ?JobQueue@CWorkerThreadPool@@QEAAAEAVCWorkerThreadJobQueue@@XZ
-  - ?JobQueue@CWorkerThreadPoolEx@@QEAAAEAVCWorkerThreadJobQueue@@XZ
-  - ?Limit@CLockList@@QEAAKXZ
-  - ?Limit@CNoLockList@@QEAAKXZ
-  - ?MatchAllExtensions@CFileExtension@@QEAAEXZ
-  - ?MatchNoExtensions@CFileExtension@@QEAAEXZ
-  - ?MergeLeft@CMemoryPoolAllocator@@IEAAPEAXPEAX@Z
-  - ?MergeRight@CMemoryPoolAllocator@@IEAAPEAXPEAX@Z
-  - ?NeedDelete@CWorkerThreadJob@@QEAAEXZ
-  - ?NeedDeleteWhenFinish@CWorkerThreadJob@@QEAAXE@Z
-  - ?NewNode@CList@@UEAAPEAXXZ
-  - ?NewNode@CStrList@@EEAAPEAXXZ
-  - ?NewNodeVariant@CList@@IEAAPEAXK@Z
-  - ?Next@CList@@UEBAPEAXQEAX@Z
-  - ?Next@CLockList@@UEBAPEAXQEAX@Z
-  - ?Next@CNoLockList@@UEBAPEAXQEAX@Z
-  - ?NextPool@CMemoryPoolAllocator@@QEAAPEAV1@XZ
-  - ?NotityTerminate@CWorkerThread@@QEAAXXZ
-  - ?PostJobToWorkerThread@CWorkerThreadPool@@QEAAJP6AXPEAX@Z0E@Z
-  - ?PostJobToWorkerThread@CWorkerThreadPoolEx@@QEAAJP6AXPEAX@Z0E1@Z
-  - ?Pulse@CKEvent@@QEAAJJE@Z
-  - ?QueueJob@CWorkerThreadJobQueue@@QEAAEPEAVCWorkerThreadJob@@@Z
-  - ?QueueJobItem@CWorkerThreadPool@@QEAAJPEAVCWorkerThreadJob@@@Z
-  - ?QueueJobItem@CWorkerThreadPoolEx@@QEAAJPEAVCWorkerThreadJob@@@Z
-  - ?RCMInstance@CWorkerThreadPool@@SAPEAV1@XZ
-  - ?Read@CFile@@QEAAJPEADKPEAK@Z
-  - ?ReadWIRP@CFile@@QEAAJPEADKPEAK@Z
-  - ?ReferenceCount@CContext@@QEAAAEAKXZ
-  - ?Release@CLockEvent@@QEAAXXZ
-  - ?Remove@CContextList@@UEAAEQEAX@Z
-  - ?Remove@CList@@UEAAEQEAX@Z
-  - ?Remove@CLockList@@UEAAEQEAX@Z
-  - ?Remove@CNoLockList@@UEAAEQEAX@Z
-  - ?RemoveHead@CList@@UEAAPEAXXZ
-  - ?RemoveHead@CLockList@@UEAAPEAXXZ
-  - ?RemoveHead@CNoLockList@@UEAAPEAXXZ
-  - ?RemoveTail@CList@@UEAAPEAXXZ
-  - ?RemoveTail@CLockList@@UEAAPEAXXZ
-  - ?RemoveTail@CNoLockList@@UEAAPEAXXZ
-  - ?Reset@CKEvent@@QEAAXXZ
-  - ?ResetData@CInclusionExtConfig@@QEAAXXZ
-  - ?ResetData@CInclusionFileNameConfig@@QEAAXXZ
-  - ?ResetData@CInclusionFilePathConfig@@QEAAXXZ
-  - ?ResetData@CInclusionFolderConfig@@QEAAXXZ
-  - ?RestoreCR0@@YAXPEAX@Z
-  - ?Run@CAutoUpdateConfigThread@@UEAAXXZ
-  - ?Run@CDelayLoadThread@@UEAAXXZ
-  - ?Run@CWorkerThread@@UEAAXXZ
-  - ?SeekToEnd@CFile@@QEAAJXZ
-  - ?Set@CKEvent@@QEAAJJE@Z
-  - ?SetAttributes@CFile@@QEAAJK@Z
-  - ?SetBlobCofig@CContext@@UEAAJKPEAXK@Z
-  - ?SetData@CBlobConfig@@QEAAHPEAXK@Z
-  - ?SetData@CModuleFileExtConfig@@QEAAHPEBG@Z
-  - ?SetData@CModuleFlagConfig@@QEAAHK@Z
-  - ?SetData@CModuleMultiStringConfig@@QEAAHPEBGK@Z
-  - ?SetData@CModuleStringConfig@@QEAAHPEBG@Z
-  - ?SetEngineContext@CContext@@QEAAXPEAX@Z
-  - ?SetFileExtensionConfig@CContext@@UEAAJKPEBG@Z
-  - ?SetFlagConfig@CContext@@UEAAJKK@Z
-  - ?SetLinkContext@CContext@@QEAAXPEAX@Z
-  - ?SetLogFlag@CDebugLog@@QEAAEK@Z
-  - ?SetLogFlag@CDebugLogEx@@QEAAEK@Z
-  - ?SetMatchAllExtensions@CFileExtension@@QEAAXE@Z
-  - ?SetMatchNoExtensions@CFileExtension@@QEAAXE@Z
-  - ?SetMultiStringConfig@CContext@@UEAAJKPEBG@Z
-  - ?SetNewJobItemEvent@CWorkerThreadJobQueue@@QEAAXXZ
-  - ?SetPriority@CSystemThread@@QEAAXK@Z
-  - ?SetStopUse@CContext@@QEAAXXZ
-  - ?SetStringConfig@CContext@@UEAAJKPEBG@Z
-  - ?Setup@CSystemThread@@MEAAXXZ
-  - ?StopUse@CContext@@QEAAHXZ
-  - ?TearDown@CSystemThread@@MEAAXXZ
-  - ?Terminate@CSystemThread@@QEAAXE@Z
-  - ?Terminate@CWorkerThreadPool@@QEAAEXZ
-  - ?Terminate@CWorkerThreadPoolEx@@QEAAEXZ
-  - ?TmExceptionFilter@@YAJPEAU_EXCEPTION_POINTERS@@@Z
-  - ?Wait@CKEvent@@QEAAJPEAT_LARGE_INTEGER@@E@Z
-  - ?WaitFinish@CWorkerThreadJob@@QEAAXXZ
-  - ?WaitForInit@CDelayLoadThread@@QEAAEXZ
-  - ?WaitForLoad@CDelayLoadThread@@QEAAEXZ
-  - ?WaitNewJobAvailable@CWorkerThreadJobQueue@@QEAAEXZ
-  - ?WaitQueueEmpty@CWorkerThreadJobQueue@@QEAAXXZ
-  - ?Write@CDebugLog@@QEAAXPEBDZZ
-  - ?Write@CDebugLogEx@@QEAAXPEBDZZ
-  - ?Write@CFile@@QEAAJPEADKPEAT_LARGE_INTEGER@@PEAK@Z
-  - ?WriteDataToFile@CDebugLogEx@@IEAAXPEADK@Z
-  - ?WriteDataToProcMonW@CDebugLogEx@@IEAAXPEAD@Z
-  - ?WriteSystemInformation@CDebugLog@@QEAAXXZ
-  - ?WriteSystemInformation@CDebugLogEx@@QEAAXXZ
-  - ?WriteSystemStringInformation@CDebugLog@@IEAAXPEBG@Z
-  - ?WriteSystemStringInformation@CDebugLogEx@@IEAAXPEBG@Z
-  - ?WriteToFile@CDebugLog@@IEAAXPEADK@Z
-  - ?WriteToProcMonW@CDebugLogEx@@IEAAXPEAU_UNICODE_STRING@@@Z
-  - ?_pNonPagedAllocator@@3PEAVCMemoryAllocator@@EA
-  - ?_pPagedAllocator@@3PEAVCMemoryAllocator@@EA
-  - ?m_lpInstance@CWorkerThreadPool@@1PEAV1@EA
-  - ?m_lpRCMInstance@CWorkerThreadPool@@1PEAV1@EA
-  - AllocFullFileName
-  - DeInitKm2UmCommunication
-  - DeInitKmLPC
-  - DuplicateFullFileName
-  - FreeFullFileName
-  - GetKm2UmMode
-  - GetModuleInfoByAddress
-  - GetModuleInfoByModuleName
-  - InitKm2UmCommunication
-  - InitKmLPC
-  - IsVerifierCodeCheckFlagOn
-  - IsWindows8_1_update
-  - KmCallUm
-  - KmCallUmByLPC
-  - KmCallUmEx
-  - KmCleanupCommPortAPIs
-  - KmGetUmInitProcess
-  - KmSetBackupCommPortAPIs
-  - KmSetCommPortAPIs
-  - ModGetExportProcAddress
-  - ModLoadDLLToBuffer
-  - ModLoadDLLToBufferWithImageSize
-  - ModLoadModule
-  - ModUnLoadModule
-  - NormalizeFileName
-  - NormalizeFullNtPathToDosName
-  - TmCommConfigRoutine
-  - UtilAddDeviceInDriveTable
-  - UtilAddReparsePointMapping
-  - UtilCleanFileReadOnly
-  - UtilCloseExclusiveHandle
-  - UtilCreateDosFileName
-  - UtilDeleteFileForce
-  - UtilGetDeviceObjectName
-  - UtilGetFileNameFromFileObject
-  - UtilGetFileObjectForProcessByEPROC
-  - UtilGetFileObjectFromFileName
-  - UtilGetProcessName
-  - UtilGetSystemDirectory
-  - UtilGetSystemDirectoryEx
-  - UtilGetSystemDirectoryLength
-  - UtilGetSystemTime
-  - UtilIoSetFileInfo
-  - UtilIopCreateFileIRP
-  - UtilKeGetLowFileDevice
-  - UtilModuleIATHook
-  - UtilModuleIATUnHook
-  - UtilPostJobToWorkerThread
-  - UtilQueryExclusiveHandle
-  - UtilQueryKeyValue
-  - UtilRemoveDeviceFromDriveTable
-  - UtilVolumeDeviceToDosName
-  - UtilWaitValueChangeToZero
-  - UtilWriteVersionToRegistry
-  - UtilbuildDynamicDiskMappingTable
-  - UtlWriteBinValueKeyToRegistry
-  - ValidateAddressWithSize
-  - _ResetProtectFromClose
-  - _UtilDosPathNameToNtPathName
-  ImportedFunctions:
-  - RtlInitUnicodeString
-  - KeInitializeEvent
-  - KeClearEvent
-  - KeSetEvent
-  - KeEnterCriticalRegion
-  - KeLeaveCriticalRegion
-  - KeWaitForSingleObject
-  - ExFreePoolWithTag
-  - ExAcquireFastMutexUnsafe
-  - ExReleaseFastMutexUnsafe
-  - ProbeForRead
-  - ProbeForWrite
-  - ExAcquireResourceSharedLite
-  - ExAcquireResourceExclusiveLite
-  - ExReleaseResourceLite
-  - MmProbeAndLockPages
-  - MmUnlockPages
-  - MmMapLockedPagesSpecifyCache
-  - IoAllocateMdl
-  - IoFreeMdl
-  - IoGetCurrentProcess
-  - ObfReferenceObject
-  - ObfDereferenceObject
-  - ZwClose
-  - ZwCreateSection
-  - ZwOpenSection
-  - ZwMapViewOfSection
-  - ZwUnmapViewOfSection
-  - ZwOpenEvent
-  - KePulseEvent
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - ObOpenObjectByPointer
-  - ZwAllocateVirtualMemory
-  - ZwFreeVirtualMemory
-  - ZwSetEvent
-  - __C_specific_handler
-  - PsProcessType
-  - wcslen
-  - wcsncpy
-  - wcsrchr
-  - RtlUnicodeStringToInteger
-  - ZwWaitForSingleObject
-  - ZwRequestWaitReplyPort
-  - ZwConnectPort
-  - SeCaptureSubjectContext
-  - SeReleaseSubjectContext
-  - SeAccessCheck
-  - ObGetObjectSecurity
-  - ObReleaseObjectSecurity
-  - PsGetProcessExitTime
-  - PsThreadType
-  - MmSectionObjectType
-  - RtlCreateSecurityDescriptor
-  - RtlSetDaclSecurityDescriptor
-  - KeInitializeSemaphore
-  - KeReleaseSemaphore
-  - ExAllocatePoolWithTag
-  - ExAcquireFastMutex
-  - ExReleaseFastMutex
-  - RtlCreateAcl
-  - RtlAddAccessAllowedAce
-  - RtlLengthRequiredSid
-  - RtlInitializeSid
-  - RtlSubAuthoritySid
-  - KeDelayExecutionThread
-  - ExGetPreviousMode
-  - DbgPrint
-  - swprintf
-  - RtlCopyUnicodeString
-  - PsGetVersion
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ObReferenceObjectByHandle
-  - PsGetCurrentProcessId
-  - ZwCreateEvent
-  - ExEventObjectType
-  - _wcsnicmp
-  - PsSetCreateProcessNotifyRoutine
-  - ZwQueryInformationProcess
-  - PsLookupProcessByProcessId
-  - ZwOpenDirectoryObject
-  - ExInitializeResourceLite
-  - ExDeleteResourceLite
-  - ZwCreateFile
-  - ZwQueryInformationFile
-  - ZwSetInformationFile
-  - ZwReadFile
-  - ZwWriteFile
-  - towupper
-  - MmGetSystemRoutineAddress
-  - ObReferenceObjectByPointer
-  - MmIsAddressValid
-  - PsGetCurrentThreadId
-  - ObQueryNameString
-  - _snprintf
-  - _vsnprintf
-  - RtlInitAnsiString
-  - RtlAnsiStringToUnicodeString
-  - RtlFreeUnicodeString
-  - RtlTimeToTimeFields
-  - KeWaitForMultipleObjects
-  - ExSystemTimeToLocalTime
-  - wcscat
-  - ZwDeviceIoControlFile
-  - ZwNotifyChangeKey
-  - ZwOpenFile
-  - ZwQueryVolumeInformationFile
-  - mbstowcs
-  - _stricmp
-  - IoGetDeviceObjectPointer
-  - RtlImageNtHeader
-  - ZwQuerySystemInformation
-  - IoBuildDeviceIoControlRequest
-  - IofCallDriver
-  - IoCreateFile
-  - RtlEqualUnicodeString
-  - RtlAppendUnicodeStringToString
-  - RtlUpcaseUnicodeChar
-  - _snwprintf
-  - strlen
-  - _strnicmp
-  - strncpy
-  - NtOpenProcess
-  - NtQueryInformationProcess
-  - ObOpenObjectByName
-  - KeSetPriorityThread
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - KeNumberProcessors
-  - RtlLengthSecurityDescriptor
-  - ZwOpenKey
-  - ZwDeleteKey
-  - ZwDeleteValueKey
-  - ZwEnumerateKey
-  - ZwEnumerateValueKey
-  - ZwQueryKey
-  - ZwQueryValueKey
-  - ZwSetValueKey
-  - ZwTerminateProcess
-  - ZwOpenProcess
-  - ZwDuplicateObject
-  - ZwQuerySecurityObject
-  - ZwSetSecurityObject
-  - ZwQueryDirectoryObject
-  - ZwQueryDirectoryFile
-  - NtCreateFile
-  - NtQueryInformationFile
-  - NtSetInformationFile
-  - IoFileObjectType
-  - ObInsertObject
-  - wcschr
-  - wcsncmp
-  - RtlQueryRegistryValues
-  - RtlAppendUnicodeToString
-  - RtlCompareMemory
-  - MmBuildMdlForNonPagedPool
-  - IoAllocateIrp
-  - IoFreeIrp
-  - ZwOpenSymbolicLinkObject
-  - ZwQuerySymbolicLinkObject
-  - RtlUpcaseUnicodeString
-  - NtClose
-  - ZwSetInformationObject
-  - SeQueryAuthenticationIdToken
-  - MmSystemRangeStart
-  - IoGetFileObjectGenericMapping
-  - ObCreateObject
-  - SeCreateAccessState
-  - IoAcquireVpbSpinLock
-  - IoReleaseVpbSpinLock
-  - wcstombs
-  - strncat
-  - wcsncat
-  - RtlUnicodeStringToAnsiString
-  - RtlFreeAnsiString
-  - strcpy
-  - wcsstr
-  - RtlCompareUnicodeString
-  - DbgPrintEx
-  - KeAcquireSpinLockRaiseToDpc
-  - KeReleaseSpinLock
-  - ExAllocatePool
-  - ExpInterlockedPopEntrySList
-  - IoBuildSynchronousFsdRequest
-  - IoGetStackLimits
-  - IoGetDeviceInterfaces
-  - IoRegisterPlugPlayNotification
-  - IoUnregisterPlugPlayNotification
-  - IoGetConfigurationInformation
-  - FsRtlIsNameInExpression
-  - IoDeviceObjectType
-  - IoCreateDevice
-  - RtlGetOwnerSecurityDescriptor
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetSaclSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - RtlLengthSid
-  - SeExports
-  - IoIsWdmVersionAvailable
-  - RtlAbsoluteToSelfRelativeSD
-  - ZwCreateKey
-  - _purecall
-  - KeBugCheckEx
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO
-        SHA,1 Time Stamping Signer
-      ValidFrom: '2015-12-31 00:00:00'
-      ValidTo: '2019-07-09 18:40:36'
-      Signature: ba332440408c7cdb589fb36098b2f5c031feeb1f6e50f60ae0e4e681ad2687a2dffdb3daf473f300fb291b891b153edb6b52932bc4ac3981d73c67579a3936e028089ae3394f9b89097f7bc5617f598932250a6aae1a3ef0a227a8b6c3b887f7160448413d5cd8ec9f4d203104d965a1edcd690753163ddd36020a88eb40e506300bb8164bdcefbc5509ffc63e122e76b3dcce42eff97657e1b70a054098589a5d711693718c6581ea6ff389f7fb73adb4e7bfd98e6faa0b4f25f3b8e1d5dd75986881f8aac0d180c2c4c43989c1f6c99e6cd774f9d997f84fc29a0acd5e8ff819e9e0a59fc4f09221e62d7925c922f9c3f03a8457ad3a16f46394101d5dd0c6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1688f039255e638e69143907e6330b
-      Version: 3
-      TBS:
-        MD5: 0179e8ddeebaf8998fec419d65cdf13d
-        SHA1: 34c724c3369f2da8c25b591808962f66f10bde28
-        SHA256: 35b0bac11602847aaab65fb35199d3c8976cde3ccf7e061b130177c712cbd92f
-        SHA384: 85f2e758b5480eb225ae42777ed339de71da458c1d40677c0fb6ef8e560e42764a577335e4839b5342061c31ee837b6e
-    - Subject: C=TW, ST=Taiwan, L=Taipei, O=Trend Micro, Inc., CN=Trend Micro, Inc.
-      ValidFrom: '2016-03-29 00:00:00'
-      ValidTo: '2017-06-28 23:59:59'
-      Signature: 27351697f046d1d43fe306dff30b83e7a404e3e6431c1e06829c558d99eb3f21776021e3e1bd4e485aba08b89bb0972f23daa471d7b432a44a591270f9a838f13dbda32ee936c0df792cff8c493e1f27b2282b3d896ae7b4155ca1a50bf7111f3f4bbbe11f17cfe5d49c0589c210966ef7e567153e802d2e783ff498c59585598d9d3e93273d1e81c07ce85c0cfb24834d448c3930120f1686bd472d916ac8f9475acfdb27be8528311f668d71dfc132a0ff62df7baa575a0cc732b3de003beca214954d4d97cf9511b9329eccbb7b716675b31e543a43570080dffce3fc8ca8fbb17d954b9678e2d0c1e1710a5cf03952a687fede59dcba3bf98900f9934f12
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 774d49c5649436de6bf3190a67eedcdf
-      Version: 3
-      TBS:
-        MD5: b3ca7d6b821d8e3432b29874980af55e
-        SHA1: 618d7e55a24c1d8b65a0bcce79120c5e3b13fa4d
-        SHA256: c645c6a7dc7243a4a3f78a6569c029401a7bda8bc4732ce7198d9f21f19b12fa
-        SHA384: a215ae468847498103234ed023774ba72f8d35f82f2fef5ca8521f020e7ea9c1f2df2a312743bff5fa65747b0760ec59
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 774d49c5649436de6bf3190a67eedcdf
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: f24ab92249f890976db4810956894104
-    SHA1: 5abe3da2e90de43df4ee61c89b8adb402176edb3
-    SHA256: da02581a92aa11134e23d9ee3cf7d60945700fec9b37c0a3365e2aebe68ec5b3
-  Sections:
-    .text:
-      Entropy: 5.863896005262586
-      Virtual Size: '0x4f325'
-    .rdata:
-      Entropy: 3.4279991805667236
-      Virtual Size: '0x6104'
-    .data:
-      Entropy: 4.655791914208071
-      Virtual Size: '0x325c'
-    .pdata:
-      Entropy: 5.512999023457541
-      Virtual Size: '0x3a2c'
-    PAGE:
-      Entropy: 6.291915046471805
-      Virtual Size: '0x1ae4'
-    .edata:
-      Entropy: 5.779142854207373
-      Virtual Size: '0x5834'
-    INIT:
-      Entropy: 5.341865740296962
-      Virtual Size: '0x18a6'
-    .rsrc:
-      Entropy: 3.3420109781941383
-      Virtual Size: '0x568'
-    .reloc:
-      Entropy: 5.322414751159131
-      Virtual Size: '0x4c8'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2016-08-22 19:36:21'
-  Imphash: 60805da513b95c3d18a93b988bdfb58f
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: TmComm.sys
-  MD5: 8cb2ffb8bb0bbf8cd0dd685611854637
-  SHA1: 3ca51b23f8562485820883e894b448413891183a
-  SHA256: e4d9f037411284e996a002b15b49bc227d085ee869ae1cd91ba54ff7c244f036
-  Authentihash:
-    MD5: cc40deb90f473e8cc92ba1440f546068
-    SHA1: 0a8f087ac86cb29b206c436f8b2ce58c7f43ec7d
-    SHA256: ab3e5217c5ec836a882d68a23b017de5b4f88328510e4bcb9564759926aec89f
-  Description: TrendMicro Common Module
-  Company: Trend Micro Inc.
-  InternalName: TmComm.sys
-  OriginalFilename: TmComm.sys
-  FileVersion: 6.50.0.1058
-  Product: Trend Micro Eyes
-  ProductVersion: '6.50'
-  Copyright: Copyright (C) 2015 Trend Micro Incorporated. All rights reserved.
-  MachineType: I386
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  - CLASSPNP.SYS
-  ExportedFunctions:
-  - ??0CAutoUpdateConfigThread@@QAE@ABV0@@Z
-  - ??0CAutoUpdateConfigThread@@QAE@PAU_UNICODE_STRING@@P6GX0PAX@Z1@Z
-  - ??0CBlobConfig@@QAE@ABV0@@Z
-  - ??0CBlobConfig@@QAE@K@Z
-  - ??0CContext@@QAE@ABV0@@Z
-  - ??0CContext@@QAE@KP6GJPAU_EVENT_REPORT@@PAXPAU_TMCE_REPORT@@PAU_TMCE_FEEDBACK@@@Z1K@Z
-  - ??0CContextList@@QAE@ABV0@@Z
-  - ??0CContextList@@QAE@KPAVIMemoryAllocator@@@Z
-  - ??0CDebugLog@@QAE@ABV0@@Z
-  - ??0CDebugLog@@QAE@PBG@Z
-  - ??0CDebugLogEx@@QAE@ABV0@@Z
-  - ??0CDebugLogEx@@QAE@K@Z
-  - ??0CDelayLoadThread@@QAE@ABV0@@Z
-  - ??0CDelayLoadThread@@QAE@XZ
-  - ??0CExclusionExtConfig@@QAE@ABV0@@Z
-  - ??0CExclusionExtConfig@@QAE@KKE@Z
-  - ??0CExclusionFileNameConfig@@QAE@ABV0@@Z
-  - ??0CExclusionFileNameConfig@@QAE@KK@Z
-  - ??0CExclusionFilePathConfig@@QAE@ABV0@@Z
-  - ??0CExclusionFilePathConfig@@QAE@KK@Z
-  - ??0CExclusionFolderConfig@@QAE@ABV0@@Z
-  - ??0CExclusionFolderConfig@@QAE@KK@Z
-  - ??0CExclusionRegistryConfig@@QAE@ABV0@@Z
-  - ??0CExclusionRegistryConfig@@QAE@KK@Z
-  - ??0CFile@@QAE@ABV0@@Z
-  - ??0CFile@@QAE@E@Z
-  - ??0CFileExtension@@QAE@ABV0@@Z
-  - ??0CFileExtension@@QAE@KEEPAVIMemoryAllocator@@@Z
-  - ??0CInclusionExtConfig@@QAE@ABV0@@Z
-  - ??0CInclusionExtConfig@@QAE@KKE@Z
-  - ??0CInclusionFileNameConfig@@QAE@ABV0@@Z
-  - ??0CInclusionFileNameConfig@@QAE@KK@Z
-  - ??0CInclusionFilePathConfig@@QAE@ABV0@@Z
-  - ??0CInclusionFilePathConfig@@QAE@KK@Z
-  - ??0CInclusionFolderConfig@@QAE@ABV0@@Z
-  - ??0CInclusionFolderConfig@@QAE@KK@Z
-  - ??0CKEvent@@QAE@ABV0@@Z
-  - ??0CKEvent@@QAE@W4_EVENT_TYPE@@E@Z
-  - ??0CList@@QAE@ABV0@@Z
-  - ??0CList@@QAE@KPAVIMemoryAllocator@@@Z
-  - ??0CLockEvent@@QAE@ABV0@@Z
-  - ??0CLockEvent@@QAE@XZ
-  - ??0CLockList@@QAE@ABV0@@Z
-  - ??0CLockList@@QAE@KKPAVIMemoryAllocator@@@Z
-  - ??0CMemoryAllocator@@IAE@W4_POOL_TYPE@@K@Z
-  - ??0CMemoryAllocator@@QAE@ABV0@@Z
-  - ??0CMemoryPoolAllocator@@IAE@W4_POOL_TYPE@@KKK@Z
-  - ??0CMemoryPoolAllocator@@QAE@ABV0@@Z
-  - ??0CModuleConfig@@QAE@ABV0@@Z
-  - ??0CModuleConfig@@QAE@XZ
-  - ??0CModuleConfigList@@QAE@ABV0@@Z
-  - ??0CModuleConfigList@@QAE@KPAVIMemoryAllocator@@@Z
-  - ??0CModuleFileExtConfig@@QAE@ABV0@@Z
-  - ??0CModuleFileExtConfig@@QAE@KKE@Z
-  - ??0CModuleFlagConfig@@QAE@ABV0@@Z
-  - ??0CModuleFlagConfig@@QAE@K@Z
-  - ??0CModuleMultiStringConfig@@QAE@ABV0@@Z
-  - ??0CModuleMultiStringConfig@@QAE@KK@Z
-  - ??0CModuleStringConfig@@QAE@ABV0@@Z
-  - ??0CModuleStringConfig@@QAE@K@Z
-  - ??0CNoLockList@@QAE@ABV0@@Z
-  - ??0CNoLockList@@QAE@KKPAVIMemoryAllocator@@@Z
-  - ??0CSmartLock@@QAE@AAVCLockEvent@@@Z
-  - ??0CSmartLock@@QAE@XZ
-  - ??0CSmartReference@@QAE@AAJ@Z
-  - ??0CSmartReference@@QAE@AAK@Z
-  - ??0CSmartResource@@QAE@AAVCResource@@E@Z
-  - ??0CStrList@@QAE@ABV0@@Z
-  - ??0CStrList@@QAE@KPAVIMemoryAllocator@@@Z
-  - ??0CSystemThread@@QAE@ABV0@@Z
-  - ??0CSystemThread@@QAE@K@Z
-  - ??0CUserFuncAdapterJob@@QAE@ABV0@@Z
-  - ??0CUserFuncAdapterJob@@QAE@P6GXPAX@Z01@Z
-  - ??0CWorkerThread@@IAE@PAVCWorkerThreadJobQueue@@@Z
-  - ??0CWorkerThread@@QAE@ABV0@@Z
-  - ??0CWorkerThreadJob@@QAE@ABV0@@Z
-  - ??0CWorkerThreadJob@@QAE@E@Z
-  - ??0CWorkerThreadJobQueue@@QAE@ABV0@@Z
-  - ??0CWorkerThreadJobQueue@@QAE@K@Z
-  - ??0CWorkerThreadPool@@QAE@ABV0@@Z
-  - ??0CWorkerThreadPool@@QAE@K@Z
-  - ??0CWorkerThreadPoolEx@@QAE@ABV0@@Z
-  - ??0CWorkerThreadPoolEx@@QAE@KK@Z
-  - ??0IMemoryAllocator@@QAE@ABV0@@Z
-  - ??0IMemoryAllocator@@QAE@XZ
-  - ??1CAutoUpdateConfigThread@@UAE@XZ
-  - ??1CBlobConfig@@UAE@XZ
-  - ??1CContext@@UAE@XZ
-  - ??1CContextList@@UAE@XZ
-  - ??1CDebugLog@@UAE@XZ
-  - ??1CDebugLogEx@@UAE@XZ
-  - ??1CDelayLoadThread@@UAE@XZ
-  - ??1CExclusionExtConfig@@UAE@XZ
-  - ??1CExclusionFileNameConfig@@UAE@XZ
-  - ??1CExclusionFilePathConfig@@UAE@XZ
-  - ??1CExclusionFolderConfig@@UAE@XZ
-  - ??1CExclusionRegistryConfig@@UAE@XZ
-  - ??1CFile@@UAE@XZ
-  - ??1CFileExtension@@UAE@XZ
-  - ??1CInclusionExtConfig@@UAE@XZ
-  - ??1CInclusionFileNameConfig@@UAE@XZ
-  - ??1CInclusionFilePathConfig@@UAE@XZ
-  - ??1CInclusionFolderConfig@@UAE@XZ
-  - ??1CKEvent@@UAE@XZ
-  - ??1CList@@UAE@XZ
-  - ??1CLockEvent@@UAE@XZ
-  - ??1CLockList@@UAE@XZ
-  - ??1CMemoryAllocator@@UAE@XZ
-  - ??1CMemoryPoolAllocator@@UAE@XZ
-  - ??1CModuleConfig@@UAE@XZ
-  - ??1CModuleConfigList@@UAE@XZ
-  - ??1CModuleFileExtConfig@@UAE@XZ
-  - ??1CModuleFlagConfig@@UAE@XZ
-  - ??1CModuleMultiStringConfig@@UAE@XZ
-  - ??1CModuleStringConfig@@UAE@XZ
-  - ??1CNoLockList@@UAE@XZ
-  - ??1CSmartLock@@QAE@XZ
-  - ??1CSmartReference@@QAE@XZ
-  - ??1CSmartResource@@QAE@XZ
-  - ??1CStrList@@UAE@XZ
-  - ??1CSystemThread@@UAE@XZ
-  - ??1CUserFuncAdapterJob@@UAE@XZ
-  - ??1CWorkerThread@@UAE@XZ
-  - ??1CWorkerThreadJob@@UAE@XZ
-  - ??1CWorkerThreadJobQueue@@UAE@XZ
-  - ??1CWorkerThreadPool@@UAE@XZ
-  - ??1CWorkerThreadPoolEx@@UAE@XZ
-  - ??1IMemoryAllocator@@UAE@XZ
-  - ??2@YAPAXIPAVIMemoryAllocator@@PBDK@Z
-  - ??2CMemoryAllocator@@SGPAXI@Z
-  - ??2CMemoryPoolAllocator@@SGPAXI@Z
-  - ??3@YAXPAX@Z
-  - ??3IMemoryAllocator@@SGXPAX@Z
-  - ??4CAutoUpdateConfigThread@@QAEAAV0@ABV0@@Z
-  - ??4CBlobConfig@@QAEAAV0@ABV0@@Z
-  - ??4CContext@@QAEAAV0@ABV0@@Z
-  - ??4CDebugLog@@QAEAAV0@ABV0@@Z
-  - ??4CDebugLogEx@@QAEAAV0@ABV0@@Z
-  - ??4CDelayLoadThread@@QAEAAV0@ABV0@@Z
-  - ??4CFile@@QAEAAV0@ABV0@@Z
-  - ??4CKEvent@@QAEAAV0@ABV0@@Z
-  - ??4CLockEvent@@QAEAAV0@ABV0@@Z
-  - ??4CMemoryAllocator@@QAEAAV0@ABV0@@Z
-  - ??4CMemoryPoolAllocator@@QAEAAV0@ABV0@@Z
-  - ??4CModuleConfig@@QAEAAV0@ABV0@@Z
-  - ??4CModuleFlagConfig@@QAEAAV0@ABV0@@Z
-  - ??4CModuleStringConfig@@QAEAAV0@ABV0@@Z
-  - ??4CSmartLock@@QAEAAV0@ABV0@@Z
-  - ??4CSmartLock@@QAEABV0@AAVCLockEvent@@@Z
-  - ??4CSmartResource@@QAEAAV0@ABV0@@Z
-  - ??4CSystemThread@@QAEAAV0@ABV0@@Z
-  - ??4CUserFuncAdapterJob@@QAEAAV0@ABV0@@Z
-  - ??4CWorkerThread@@QAEAAV0@ABV0@@Z
-  - ??4CWorkerThreadJob@@QAEAAV0@ABV0@@Z
-  - ??4IMemoryAllocator@@QAEAAV0@ABV0@@Z
-  - ??_7CAutoUpdateConfigThread@@6B@
-  - ??_7CBlobConfig@@6B@
-  - ??_7CContext@@6B@
-  - ??_7CContextList@@6B@
-  - ??_7CDebugLog@@6B@
-  - ??_7CDebugLogEx@@6B@
-  - ??_7CDelayLoadThread@@6B@
-  - ??_7CExclusionExtConfig@@6B@
-  - ??_7CExclusionFileNameConfig@@6B@
-  - ??_7CExclusionFilePathConfig@@6B@
-  - ??_7CExclusionFolderConfig@@6B@
-  - ??_7CExclusionRegistryConfig@@6B@
-  - ??_7CFile@@6B@
-  - ??_7CFileExtension@@6B@
-  - ??_7CInclusionExtConfig@@6B@
-  - ??_7CInclusionFileNameConfig@@6B@
-  - ??_7CInclusionFilePathConfig@@6B@
-  - ??_7CInclusionFolderConfig@@6B@
-  - ??_7CKEvent@@6B@
-  - ??_7CList@@6B@
-  - ??_7CLockEvent@@6B@
-  - ??_7CLockList@@6B@
-  - ??_7CMemoryAllocator@@6B@
-  - ??_7CMemoryPoolAllocator@@6B@
-  - ??_7CModuleConfig@@6B@
-  - ??_7CModuleConfigList@@6B@
-  - ??_7CModuleFileExtConfig@@6B@
-  - ??_7CModuleFlagConfig@@6B@
-  - ??_7CModuleMultiStringConfig@@6B@
-  - ??_7CModuleStringConfig@@6B@
-  - ??_7CNoLockList@@6B@
-  - ??_7CStrList@@6B@
-  - ??_7CSystemThread@@6B@
-  - ??_7CUserFuncAdapterJob@@6B@
-  - ??_7CWorkerThread@@6B@
-  - ??_7CWorkerThreadJob@@6B@
-  - ??_7CWorkerThreadJobQueue@@6B@
-  - ??_7CWorkerThreadPool@@6B@
-  - ??_7CWorkerThreadPoolEx@@6B@
-  - ??_7IMemoryAllocator@@6B@
-  - ??_FCContextList@@QAEXXZ
-  - ??_FCFile@@QAEXXZ
-  - ??_FCFileExtension@@QAEXXZ
-  - ??_FCModuleConfigList@@QAEXXZ
-  - ??_FCStrList@@QAEXXZ
-  - ??_FCSystemThread@@QAEXXZ
-  - ??_FCWorkerThread@@QAEXXZ
-  - ??_FCWorkerThreadJob@@QAEXXZ
-  - ??_FCWorkerThreadJobQueue@@QAEXXZ
-  - ??_U@YAPAXIPAVIMemoryAllocator@@PBDK@Z
-  - ??_V@YAXPAX@Z
-  - ?Acquire@CLockEvent@@QAEXXZ
-  - ?Add@CContextList@@QAEEPAVCContext@@@Z
-  - ?Add@CFileExtension@@QAEEPBGK@Z
-  - ?Add@CModuleConfigList@@QAEEPAVCModuleConfig@@@Z
-  - ?Add@CStrList@@QAEEPBG@Z
-  - ?AddNode@CLockList@@UAEEQAXE@Z
-  - ?AddNode@CNoLockList@@UAEEQAXE@Z
-  - ?Alloc@CMemoryAllocator@@UAEPAXKPBDK@Z
-  - ?Alloc@CMemoryPoolAllocator@@UAEPAXKPBDK@Z
-  - ?AllocBlock@CMemoryPoolAllocator@@IAEPAXK@Z
-  - ?AttachJobQueue@CWorkerThread@@QAEXPAVCWorkerThreadJobQueue@@@Z
-  - ?Cancel@CWorkerThreadJob@@QAEXXZ
-  - ?CheckNode@CLockList@@UAEHQAX@Z
-  - ?CheckNode@CNoLockList@@UAEHQAX@Z
-  - ?CleanQueue@CWorkerThreadJobQueue@@QAEXXZ
-  - ?Cleanup@CBlobConfig@@AAEXXZ
-  - ?Cleanup@CModuleFileExtConfig@@IAEXXZ
-  - ?Cleanup@CModuleMultiStringConfig@@IAEXXZ
-  - ?Cleanup@CModuleStringConfig@@AAEXXZ
-  - ?Close@CFile@@QAEJXZ
-  - ?Count@CLockList@@QAEKXZ
-  - ?Count@CNoLockList@@QAEKXZ
-  - ?Create@CFile@@QAEJPBGKKKK@Z
-  - ?Create@CSystemThread@@QAEEXZ
-  - ?CreateInstance@CMemoryAllocator@@SGPAV1@W4_POOL_TYPE@@K@Z
-  - ?CreateInstance@CMemoryPoolAllocator@@SGPAV1@W4_POOL_TYPE@@KKK@Z
-  - ?CreatePool@CWorkerThreadPool@@QAEEXZ
-  - ?CreatePool@CWorkerThreadPoolEx@@QAEEXZ
-  - ?CreateThreads@CWorkerThreadPool@@QAEEK@Z
-  - ?CreateThreads@CWorkerThreadPoolEx@@QAEEK@Z
-  - ?CreateWIRP@CFile@@QAEJPBGKKKK@Z
-  - ?Delete@CFile@@QAEJXZ
-  - ?Delete@CFileExtension@@QAEEPBGK@Z
-  - ?Delete@CStrList@@QAEEPBG@Z
-  - ?DeleteAll@CList@@UAEXXZ
-  - ?DeleteAll@CLockList@@UAEXXZ
-  - ?DeleteAll@CNoLockList@@UAEXXZ
-  - ?DeleteNode@CContextList@@MAEXPAX@Z
-  - ?DeleteNode@CList@@UAEXPAX@Z
-  - ?DeleteNode@CModuleConfigList@@MAEXPAX@Z
-  - ?DeleteNode@CStrList@@EAEXPAU_STR_LIST_NODE@1@@Z
-  - ?DisableWriteProtectFromCR0@@YGXPAPAX@Z
-  - ?DoIt@CWorkerThreadJob@@QAEJXZ
-  - ?EntryPoint@CSystemThread@@KGXPAX@Z
-  - ?Find@CContextList@@QAEPAVCContext@@K@Z
-  - ?Find@CContextList@@QAEPAVCContext@@PAX@Z
-  - ?Find@CFileExtension@@QAEPAU_STR_LIST_NODE@CStrList@@PBGK@Z
-  - ?Find@CModuleConfigList@@QAEPAVCModuleConfig@@K@Z
-  - ?Find@CStrList@@QAEPAU_STR_LIST_NODE@1@PBG@Z
-  - ?FindNode@CContextList@@IAEPAXPAX@Z
-  - ?FindPartiallyAndAllMatch@CStrList@@QAEPAU_STR_LIST_NODE@1@PBG@Z
-  - ?FinishFunction@CUserFuncAdapterJob@@MAEXXZ
-  - ?FinishIt@CWorkerThreadJob@@QAEJXZ
-  - ?First@CList@@UAEPAXXZ
-  - ?First@CLockList@@UAEPAXXZ
-  - ?First@CNoLockList@@UAEPAXXZ
-  - ?Free@CMemoryAllocator@@UAEXPAX@Z
-  - ?Free@CMemoryPoolAllocator@@UAEXPAX@Z
-  - ?GetAttributes@CFile@@QAEKXZ
-  - ?GetBasicInfomration@CFile@@IAEJXZ
-  - ?GetBlobCofig@CContext@@UAEJKPAXPAK@Z
-  - ?GetCategory@CContext@@QAEKXZ
-  - ?GetData@CBlobConfig@@QAEHPAXPAK@Z
-  - ?GetData@CModuleFileExtConfig@@QAEHPAGPAK@Z
-  - ?GetData@CModuleFileExtConfig@@QAEPAVCFileExtension@@XZ
-  - ?GetData@CModuleFlagConfig@@QAEKXZ
-  - ?GetData@CModuleMultiStringConfig@@QAEHPAGPAK@Z
-  - ?GetData@CModuleMultiStringConfig@@QAEPAVCStrList@@XZ
-  - ?GetData@CModuleStringConfig@@QAEPAGXZ
-  - ?GetData@CStrList@@QAEEPAGPAK@Z
-  - ?GetDataType@CModuleConfig@@QAEKXZ
-  - ?GetEngineContext@CContext@@QAEPAXXZ
-  - ?GetFileExtensionConfig@CContext@@QAEPAVCFileExtension@@K@Z
-  - ?GetFileExtensionConfig@CContext@@UAEJKPAGPAK@Z
-  - ?GetFileSize@CFile@@QAEJPAT_LARGE_INTEGER@@@Z
-  - ?GetFileSizeWIRP@CFile@@QAEJPAT_LARGE_INTEGER@@@Z
-  - ?GetFlagConfig@CContext@@UAEJKPAK@Z
-  - ?GetID@CModuleConfig@@QAEKXZ
-  - ?GetJob@CWorkerThreadJobQueue@@QAEPAVCWorkerThreadJob@@XZ
-  - ?GetLength@CModuleStringConfig@@QAEKXZ
-  - ?GetLinkContext@CContext@@QAEPAXXZ
-  - ?GetLogFlag@CDebugLog@@QAEKXZ
-  - ?GetLogFlag@CDebugLogEx@@QAEKXZ
-  - ?GetModuleId@CModuleConfig@@QAEKXZ
-  - ?GetMultiStringConfig@CContext@@QAEPAVCStrList@@K@Z
-  - ?GetMultiStringConfig@CContext@@UAEJKPAGPAK@Z
-  - ?GetOneThreadTEB@CWorkerThreadPool@@QAEPAU_ETHREAD@@XZ
-  - ?GetOneThreadTEB@CWorkerThreadPool@@QAEPAU_KTHREAD@@XZ
-  - ?GetOneThreadTEB@CWorkerThreadPoolEx@@QAEPAU_ETHREAD@@XZ
-  - ?GetOneThreadTEB@CWorkerThreadPoolEx@@QAEPAU_KTHREAD@@XZ
-  - ?GetReportCallBackRoutine@CContext@@QAEKXZ
-  - ?GetSize@CBlobConfig@@QAEKXZ
-  - ?GetStringConfig@CContext@@QAEPAGK@Z
-  - ?GetStringConfig@CContext@@UAEJKPAGPAK@Z
-  - ?GetThreadCount@CWorkerThreadPool@@QAEKXZ
-  - ?GetThreadCount@CWorkerThreadPoolEx@@QAEKXZ
-  - ?GetThreadID@CSystemThread@@QAEKXZ
-  - ?GetType@CContext@@QAEKXZ
-  - ?GetUserParameter@CContext@@QAEKXZ
-  - ?InitProcMon@CDebugLogEx@@IAEXXZ
-  - ?InitializeBlobConfig@CContext@@QAEHKPAXK@Z
-  - ?InitializeFileExtensionConfig@CContext@@QAEHKPBG@Z
-  - ?InitializeFlagConfig@CContext@@QAEHKK@Z
-  - ?InitializeMultiStringConfig@CContext@@QAEHKPBG@Z
-  - ?InitializeStringConfig@CContext@@QAEHKPBG@Z
-  - ?Insert@CList@@UAEXQAXE@Z
-  - ?Insert@CLockList@@UAEXQAXE@Z
-  - ?Insert@CNoLockList@@UAEXQAXE@Z
-  - ?InsertAfter@CList@@UAEXPAX0@Z
-  - ?InsertBefore@CList@@UAEXPAX0@Z
-  - ?Instance@CWorkerThreadPool@@SGPAV1@XZ
-  - ?IsEmpty@CList@@UAEEXZ
-  - ?IsEmpty@CLockList@@UAEEXZ
-  - ?IsEmpty@CNoLockList@@UAEEXZ
-  - ?IsExceedLimitation@CMemoryPoolAllocator@@IAEEK@Z
-  - ?IsFull@CLockList@@QBEEXZ
-  - ?IsFull@CNoLockList@@QBEEXZ
-  - ?IsInExclusionList@CExclusionExtConfig@@QAEEPBG@Z
-  - ?IsInExclusionList@CExclusionFileNameConfig@@QAEEPBG@Z
-  - ?IsInExclusionList@CExclusionFilePathConfig@@QAEEPBG@Z
-  - ?IsInExclusionList@CExclusionFolderConfig@@QAEEPBG@Z
-  - ?IsInExclusionList@CExclusionRegistryConfig@@QAEEPBG@Z
-  - ?IsInInclusionList@CInclusionExtConfig@@QAEEPBG@Z
-  - ?IsInInclusionList@CInclusionFileNameConfig@@QAEEPBG@Z
-  - ?IsInInclusionList@CInclusionFilePathConfig@@QAEEPBG@Z
-  - ?IsInInclusionList@CInclusionFolderConfig@@QAEEPBG@Z
-  - ?IsOpened@CFile@@QAEEXZ
-  - ?IsTerminated@CWorkerThreadPool@@QAEEXZ
-  - ?IsTerminated@CWorkerThreadPoolEx@@QAEEXZ
-  - ?IsValid@CMemoryAllocator@@UAEEXZ
-  - ?IsValid@CMemoryPoolAllocator@@UAEEXZ
-  - ?IsValid@IMemoryAllocator@@UAEEXZ
-  - ?IsWorkerThread@CWorkerThreadPool@@QAEEK@Z
-  - ?IsWorkerThread@CWorkerThreadPoolEx@@QAEEK@Z
-  - ?JobFunction@CUserFuncAdapterJob@@MAEXXZ
-  - ?JobQueue@CWorkerThreadPool@@QAEAAVCWorkerThreadJobQueue@@XZ
-  - ?JobQueue@CWorkerThreadPoolEx@@QAEAAVCWorkerThreadJobQueue@@XZ
-  - ?Limit@CLockList@@QAEKXZ
-  - ?Limit@CNoLockList@@QAEKXZ
-  - ?MatchAllExtensions@CFileExtension@@QAEEXZ
-  - ?MatchNoExtensions@CFileExtension@@QAEEXZ
-  - ?MergeLeft@CMemoryPoolAllocator@@IAEPAXPAX@Z
-  - ?MergeRight@CMemoryPoolAllocator@@IAEPAXPAX@Z
-  - ?NeedDelete@CWorkerThreadJob@@QAEEXZ
-  - ?NeedDeleteWhenFinish@CWorkerThreadJob@@QAEXE@Z
-  - ?NewNode@CList@@UAEPAXXZ
-  - ?NewNode@CStrList@@EAEPAXXZ
-  - ?NewNodeVariant@CList@@IAEPAXK@Z
-  - ?Next@CList@@UBEPAXQAX@Z
-  - ?Next@CLockList@@UBEPAXQAX@Z
-  - ?Next@CNoLockList@@UBEPAXQAX@Z
-  - ?NextPool@CMemoryPoolAllocator@@QAEPAV1@XZ
-  - ?NotityTerminate@CWorkerThread@@QAEXXZ
-  - ?PostJobToWorkerThread@CWorkerThreadPool@@QAEJP6GXPAX@Z0E@Z
-  - ?PostJobToWorkerThread@CWorkerThreadPoolEx@@QAEJP6GXPAX@Z0E1@Z
-  - ?Pulse@CKEvent@@QAEJJE@Z
-  - ?QueueJob@CWorkerThreadJobQueue@@QAEEPAVCWorkerThreadJob@@@Z
-  - ?QueueJobItem@CWorkerThreadPool@@QAEJPAVCWorkerThreadJob@@@Z
-  - ?QueueJobItem@CWorkerThreadPoolEx@@QAEJPAVCWorkerThreadJob@@@Z
-  - ?RCMInstance@CWorkerThreadPool@@SGPAV1@XZ
-  - ?Read@CFile@@QAEJPADKPAK@Z
-  - ?ReadWIRP@CFile@@QAEJPADKPAK@Z
-  - ?ReferenceCount@CContext@@QAEAAKXZ
-  - ?Release@CLockEvent@@QAEXXZ
-  - ?Remove@CContextList@@UAEEQAX@Z
-  - ?Remove@CList@@UAEEQAX@Z
-  - ?Remove@CLockList@@UAEEQAX@Z
-  - ?Remove@CNoLockList@@UAEEQAX@Z
-  - ?RemoveHead@CList@@UAEPAXXZ
-  - ?RemoveHead@CLockList@@UAEPAXXZ
-  - ?RemoveHead@CNoLockList@@UAEPAXXZ
-  - ?RemoveTail@CList@@UAEPAXXZ
-  - ?RemoveTail@CLockList@@UAEPAXXZ
-  - ?RemoveTail@CNoLockList@@UAEPAXXZ
-  - ?Reset@CKEvent@@QAEXXZ
-  - ?ResetData@CInclusionExtConfig@@QAEXXZ
-  - ?ResetData@CInclusionFileNameConfig@@QAEXXZ
-  - ?ResetData@CInclusionFilePathConfig@@QAEXXZ
-  - ?ResetData@CInclusionFolderConfig@@QAEXXZ
-  - ?RestoreCR0@@YGXPAX@Z
-  - ?Run@CAutoUpdateConfigThread@@UAEXXZ
-  - ?Run@CDelayLoadThread@@UAEXXZ
-  - ?Run@CWorkerThread@@UAEXXZ
-  - ?SeekToEnd@CFile@@QAEJXZ
-  - ?Set@CKEvent@@QAEJJE@Z
-  - ?SetAttributes@CFile@@QAEJK@Z
-  - ?SetBlobCofig@CContext@@UAEJKPAXK@Z
-  - ?SetData@CBlobConfig@@QAEHPAXK@Z
-  - ?SetData@CModuleFileExtConfig@@QAEHPBG@Z
-  - ?SetData@CModuleFlagConfig@@QAEHK@Z
-  - ?SetData@CModuleMultiStringConfig@@QAEHPBGK@Z
-  - ?SetData@CModuleStringConfig@@QAEHPBG@Z
-  - ?SetEngineContext@CContext@@QAEXPAX@Z
-  - ?SetFileExtensionConfig@CContext@@UAEJKPBG@Z
-  - ?SetFlagConfig@CContext@@UAEJKK@Z
-  - ?SetLinkContext@CContext@@QAEXPAX@Z
-  - ?SetLogFlag@CDebugLog@@QAEEK@Z
-  - ?SetLogFlag@CDebugLogEx@@QAEEK@Z
-  - ?SetMatchAllExtensions@CFileExtension@@QAEXE@Z
-  - ?SetMatchNoExtensions@CFileExtension@@QAEXE@Z
-  - ?SetMultiStringConfig@CContext@@UAEJKPBG@Z
-  - ?SetNewJobItemEvent@CWorkerThreadJobQueue@@QAEXXZ
-  - ?SetPriority@CSystemThread@@QAEXK@Z
-  - ?SetStopUse@CContext@@QAEXXZ
-  - ?SetStringConfig@CContext@@UAEJKPBG@Z
-  - ?Setup@CSystemThread@@MAEXXZ
-  - ?StopUse@CContext@@QAEHXZ
-  - ?TearDown@CSystemThread@@MAEXXZ
-  - ?Terminate@CSystemThread@@QAEXE@Z
-  - ?Terminate@CWorkerThreadPool@@QAEEXZ
-  - ?Terminate@CWorkerThreadPoolEx@@QAEEXZ
-  - ?TmExceptionFilter@@YGJPAU_EXCEPTION_POINTERS@@@Z
-  - ?Wait@CKEvent@@QAEJPAT_LARGE_INTEGER@@E@Z
-  - ?WaitFinish@CWorkerThreadJob@@QAEXXZ
-  - ?WaitForInit@CDelayLoadThread@@QAEEXZ
-  - ?WaitForLoad@CDelayLoadThread@@QAEEXZ
-  - ?WaitNewJobAvailable@CWorkerThreadJobQueue@@QAEEXZ
-  - ?WaitQueueEmpty@CWorkerThreadJobQueue@@QAEXXZ
-  - ?Write@CDebugLog@@QAAXPBDZZ
-  - ?Write@CDebugLogEx@@QAAXPBDZZ
-  - ?Write@CFile@@QAEJPADKPAT_LARGE_INTEGER@@PAK@Z
-  - ?WriteDataToFile@CDebugLogEx@@IAEXPADK@Z
-  - ?WriteDataToProcMonW@CDebugLogEx@@IAEXPAD@Z
-  - ?WriteSystemInformation@CDebugLog@@QAEXXZ
-  - ?WriteSystemInformation@CDebugLogEx@@QAEXXZ
-  - ?WriteSystemStringInformation@CDebugLog@@IAEXPBG@Z
-  - ?WriteSystemStringInformation@CDebugLogEx@@IAEXPBG@Z
-  - ?WriteToFile@CDebugLog@@IAEXPADK@Z
-  - ?WriteToProcMonW@CDebugLogEx@@IAEXPAU_UNICODE_STRING@@@Z
-  - ?_pNonPagedAllocator@@3PAVCMemoryAllocator@@A
-  - ?_pPagedAllocator@@3PAVCMemoryAllocator@@A
-  - ?m_lpInstance@CWorkerThreadPool@@1PAV1@A
-  - ?m_lpRCMInstance@CWorkerThreadPool@@1PAV1@A
-  - _DeInitKm2UmCommunication@0
-  - _DeInitKmLPC@0
-  - _DuplicateFullFileName@4
-  - _FreeFullFileName@4
-  - _GetKm2UmMode@0
-  - _GetModuleInfoByAddress@8
-  - _GetModuleInfoByModuleName@8
-  - _InitKm2UmCommunication@8
-  - _InitKmLPC@0
-  - _IsWindows8_1_update@4
-  - _KmCallUm@8
-  - _KmCallUmByLPC@8
-  - _KmCallUmEx@12
-  - _KmCleanupCommPortAPIs@0
-  - _KmGetUmInitProcess@0
-  - _KmSetCommPortAPIs@4
-  - _ModGetExportProcAddress@8
-  - _ModLoadDLLToBuffer@4
-  - _ModLoadDLLToBufferWithImageSize@8
-  - _ModLoadModule@8
-  - _ModUnLoadModule@4
-  - _NormalizeFileName@4
-  - _NormalizeFullNtPathToDosName@4
-  - _TmCommConfigRoutine@4
-  - _UtilAddDeviceInDriveTable@4
-  - _UtilAddReparsePointMapping@8
-  - _UtilCleanFileReadOnly@4
-  - _UtilCreateDosFileName@8
-  - _UtilDeleteFileForce@4
-  - _UtilGetDeviceObjectName@8
-  - _UtilGetFileNameFromFileObject@4
-  - _UtilGetFileObjectForProcessByEPROC@8
-  - _UtilGetFileObjectFromFileName@12
-  - _UtilGetProcessName@12
-  - _UtilGetSystemDirectory@4
-  - _UtilGetSystemDirectoryEx@0
-  - _UtilGetSystemDirectoryLength@0
-  - _UtilGetSystemTime@4
-  - _UtilIoSetFileInfo@24
-  - _UtilIopCreateFileIRP@40
-  - _UtilKeGetLowFileDevice@16
-  - _UtilModuleIATHook@24
-  - _UtilModuleIATUnHook@8
-  - _UtilPostJobToWorkerThread@12
-  - _UtilQueryKeyValue@24
-  - _UtilRemoveDeviceFromDriveTable@4
-  - _UtilVolumeDeviceToDosName@8
-  - _UtilWaitValueChangeToZero@8
-  - _UtilWriteVersionToRegistry@8
-  - _UtilbuildDynamicDiskMappingTable@0
-  - _UtlWriteBinValueKeyToRegistry@16
-  - _ValidateAddressWithSize@20
-  - __UtilDosPathNameToNtPathName@12
-  ImportedFunctions:
-  - wcsrchr
-  - KeSetEvent
-  - KePulseEvent
-  - KeClearEvent
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - ObfDereferenceObject
-  - ZwSetEvent
-  - ZwClose
-  - ZwConnectPort
-  - RtlInitUnicodeString
-  - RtlUnicodeStringToInteger
-  - ZwCreateSection
-  - ZwWaitForSingleObject
-  - ZwOpenEvent
-  - IoGetCurrentProcess
-  - ObfReferenceObject
-  - DbgBreakPoint
-  - ZwRequestWaitReplyPort
-  - ExFreePoolWithTag
-  - ProbeForWrite
-  - ZwFreeVirtualMemory
-  - ZwAllocateVirtualMemory
-  - ObOpenObjectByPointer
-  - PsProcessType
-  - memmove
-  - PsGetProcessExitTime
-  - MmSectionObjectType
-  - PsThreadType
-  - MmGetSystemRoutineAddress
-  - ObReleaseObjectSecurity
-  - SeReleaseSubjectContext
-  - SeAccessCheck
-  - SeCaptureSubjectContext
-  - ObGetObjectSecurity
-  - DbgPrint
-  - memset
-  - MmIsAddressValid
-  - ExInitializeResourceLite
-  - ExDeleteResourceLite
-  - ZwWriteFile
-  - ZwReadFile
-  - ZwQueryInformationFile
-  - ZwSetInformationFile
-  - ZwCreateFile
-  - swprintf
-  - towupper
-  - _wcsnicmp
-  - ExAllocatePoolWithTag
-  - KeInitializeEvent
-  - _snprintf
-  - PsGetCurrentProcessId
-  - RtlTimeToTimeFields
-  - ExSystemTimeToLocalTime
-  - KeQuerySystemTime
-  - PsGetCurrentThreadId
-  - RtlInitAnsiString
-  - ZwDeviceIoControlFile
-  - ZwCreateKey
-  - ZwCreateEvent
-  - KeWaitForMultipleObjects
-  - ObReferenceObjectByHandle
-  - ZwNotifyChangeKey
-  - _vsnprintf
-  - RtlFreeUnicodeString
-  - RtlAnsiStringToUnicodeString
-  - RtlEqualUnicodeString
-  - RtlAppendUnicodeStringToString
-  - RtlCopyUnicodeString
-  - RtlUpcaseUnicodeChar
-  - ExGetPreviousMode
-  - KeWaitForSingleObject
-  - KeSetPriorityThread
-  - PsTerminateSystemThread
-  - PsCreateSystemThread
-  - KeDelayExecutionThread
-  - KeNumberProcessors
-  - ZwQueryInformationProcess
-  - PsLookupProcessByProcessId
-  - ZwOpenDirectoryObject
-  - PsSetCreateProcessNotifyRoutine
-  - ZwQuerySystemInformation
-  - ZwQueryDirectoryFile
-  - ZwQueryDirectoryObject
-  - ZwDuplicateObject
-  - ZwOpenKey
-  - ZwEnumerateKey
-  - ZwEnumerateValueKey
-  - ZwQueryValueKey
-  - ZwDeleteValueKey
-  - ZwDeleteKey
-  - ZwTerminateProcess
-  - ZwOpenProcess
-  - ZwQueryKey
-  - ZwSetValueKey
-  - IoFileObjectType
-  - _allrem
-  - memcpy
-  - ZwSetSecurityObject
-  - RtlLengthSecurityDescriptor
-  - MmHighestUserAddress
-  - IoFreeIrp
-  - IoFreeMdl
-  - _purecall
-  - IoBuildAsynchronousFsdRequest
-  - _strnicmp
-  - RtlQueryRegistryValues
-  - RtlAppendUnicodeToString
-  - mbstowcs
-  - ZwQuerySymbolicLinkObject
-  - ZwOpenSymbolicLinkObject
-  - NtClose
-  - ObQueryNameString
-  - ZwSetInformationObject
-  - _stricmp
-  - ZwUnmapViewOfSection
-  - ZwMapViewOfSection
-  - ZwOpenFile
-  - IoCreateFile
-  - IofCallDriver
-  - IoAllocateIrp
-  - MmBuildMdlForNonPagedPool
-  - IoAllocateMdl
-  - ProbeForRead
-  - PsGetVersion
-  - RtlImageNtHeader
-  - RtlCompareMemory
-  - RtlUpcaseUnicodeString
-  - _snwprintf
-  - MmSystemRangeStart
-  - wcsncmp
-  - strrchr
-  - ZwQueryVolumeInformationFile
-  - ObReferenceObjectByPointer
-  - IoBuildDeviceIoControlRequest
-  - ZwOpenSection
-  - _allmul
-  - KeReleaseSemaphore
-  - RtlLengthRequiredSid
-  - RtlInitializeSid
-  - RtlSubAuthoritySid
-  - RtlSetDaclSecurityDescriptor
-  - RtlCreateSecurityDescriptor
-  - RtlAddAccessAllowedAce
-  - RtlCreateAcl
-  - KeInitializeSemaphore
-  - IofCompleteRequest
-  - ExEventObjectType
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - IoCreateSymbolicLink
-  - IoGetDeviceObjectPointer
-  - RtlUpperChar
-  - ObReferenceObjectByName
-  - IoDriverObjectType
-  - RtlCompareUnicodeString
-  - strncpy
-  - KeServiceDescriptorTable
-  - NtOpenProcess
-  - ObOpenObjectByName
-  - NtQueryInformationProcess
-  - PsIsThreadTerminating
-  - KeAddSystemServiceTable
-  - ZwQueryObject
-  - ZwFsControlFile
-  - ObInsertObject
-  - IoReleaseVpbSpinLock
-  - IoAcquireVpbSpinLock
-  - SeCreateAccessState
-  - IoGetFileObjectGenericMapping
-  - ObCreateObject
-  - _allshr
-  - ExInterlockedPopEntrySList
-  - IoGetStackLimits
-  - IoBuildSynchronousFsdRequest
-  - wcsstr
-  - IoUnregisterPlugPlayNotification
-  - FsRtlIsNameInExpression
-  - IoGetConfigurationInformation
-  - MmProbeAndLockPages
-  - IoGetDeviceInterfaces
-  - IoRegisterPlugPlayNotification
-  - ExAllocatePool
-  - RtlFreeAnsiString
-  - RtlUnicodeStringToAnsiString
-  - strncat
-  - wcschr
-  - wcsncat
-  - wcstombs
-  - KeTickCount
-  - KeBugCheckEx
-  - RtlUnwind
-  - wcsncpy
-  - ExReleaseResourceLite
-  - ExAcquireResourceExclusiveLite
-  - ExAcquireResourceSharedLite
-  - ExReleaseFastMutexUnsafe
-  - KeLeaveCriticalRegion
-  - KeEnterCriticalRegion
-  - ZwQuerySecurityObject
-  - ExAcquireFastMutexUnsafe
-  - IoDeviceObjectType
-  - IoCreateDevice
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetSaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - SeExports
-  - IoIsWdmVersionAvailable
-  - RtlLengthSid
-  - RtlAbsoluteToSelfRelativeSD
-  - MmUnlockPages
-  - KeGetCurrentThread
-  - KfAcquireSpinLock
-  - KfReleaseSpinLock
-  - KeRaiseIrqlToDpcLevel
-  - KfLowerIrql
-  - ExAcquireFastMutex
-  - ExReleaseFastMutex
-  - KeGetCurrentIrql
-  - KfRaiseIrql
-  - ClassInitialize
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO
-        Time Stamping Signer
-      ValidFrom: '2015-05-05 00:00:00'
-      ValidTo: '2015-12-31 23:59:59'
-      Signature: 0dbbad60111bb5f00dcce6483a7a3e0e33dc1cb9ead620fea34dd0cc764ee818d879dfd34f9a4264238a29728a3a6c66a63c3a17a8704565c673c3d0ce8954fbac690f58b019cb869f7eb97eeb5192bf9bddebd165f0257b887cdebda5c8b51451bcc081308a85387be679fe67559387fe4fe88d0eedf37292b5c289806dd159e31d0deab138ee039d0019a5ab219b79c3ccc23e687ebdc94d694db46451fbb22874e25389ce9dfaade2dbceab7b7e064474fd0aa3c9b7a730cd49d29264f122a6b828457479e9a7ce3b33f98350947d68c01d49c760787a3c6426d5befa0a6de41ee109538fa9c523acc79d614221f02c1671493b10af2c6f1ae631f114fd6c
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 009feac811b0f16247a5fc20d80523ace6
-      Version: 3
-      TBS:
-        MD5: b6aa9cf28bcfc9f07ec1069fb425ab61
-        SHA1: ca7a166fcd53878ba5a38d4cac37c63513cfc1fa
-        SHA256: 711394fc49f8948a831f687d42ced6b18514f57786ecc6cdbc3c3eb72e568a40
-        SHA384: ca01f9c9ed4e1ddff7126b7bbf618bc8132429886ca563f86655429e928739c621b9fdea6e04a623712cbb998c5c7d77
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=TW, ST=Taiwan, L=Taipei, O=Trend Micro, Inc., CN=Trend Micro, Inc.
-      ValidFrom: '2015-02-20 00:00:00'
-      ValidTo: '2016-05-21 23:59:59'
-      Signature: e480eb7f78216a855e34dbcb712d3879d6b1744c823c8e78c3661e55182a5c1f3a03686169393ef8778c893a49604a79769f5ba7156426c5431ae729a8dc5f8e22b14d124e46eff3f4f660552a57250a15e15d07ad548a02cddf8a204b5010be387a05b1019f618cf15078d80a809a7272b1822a63862c7db194f12697a786001ef630ac9d8bf9f5475191f327b8ed4839dff1ef65e5eb8f91379a66366451f99cb633848c57d4392096e6080fa327b23fc3834ad4f6043904d6c5aeb35454a265b3fda38167cffa8394f092a74bad1ea386f63b7baeb95271a97fc3bff0a2bc96a834f280a254d7170e5cc2830f3bd0649178f8b04514ecd1103753b1762902
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1519396ee230f02cad1fcfdb077a35f0
-      Version: 3
-      TBS:
-        MD5: 7e2a6f93403382b4ec42463426d0a4b5
-        SHA1: 62acc697c0e2dc37f3d37ab79751637346e051e2
-        SHA256: 3e9a51973a839e5bc6e81c886e085b777d08ce2b24f816b7552cf2c44e322d59
-        SHA384: e6206b8dc5d081bcf85545a545ebe91bb0c796b5b94bf0b915223440f73a2cea4ca0981d8da85ae07384918a1f7c927d
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 1519396ee230f02cad1fcfdb077a35f0
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: c060a624a43f3a4972ee081f9209e4d3
-    SHA1: e630bbef7195d2e1c16d683b8f18c182aef98dc7
-    SHA256: b574f3894ffb1b628c20191e085a4ada2a5f0eb04ea86a3a1ddc1d9fffd22f99
-  Sections:
-    .text:
-      Entropy: 6.6768648137671205
-      Virtual Size: '0x375c6'
-    .rdata:
-      Entropy: 5.004610458427527
-      Virtual Size: '0x242c'
-    .data:
-      Entropy: 4.354020614583572
-      Virtual Size: '0x314c'
-    PAGE:
-      Entropy: 6.301432032291849
-      Virtual Size: '0x13dd'
-    .edata:
-      Entropy: 5.81205169707919
-      Virtual Size: '0x5540'
-    INIT:
-      Entropy: 5.687168375595582
-      Virtual Size: '0x16a2'
-    .rsrc:
-      Entropy: 3.4082708252413982
-      Virtual Size: '0x760'
-    .reloc:
-      Entropy: 6.570450611341717
-      Virtual Size: '0x34f0'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2015-05-29 01:42:42'
-  Imphash: 92caaf6ebb43bbe61f3da8526172f776
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: TmComm.sys
-  MD5: 59f6320772a2e6b0b3587536be4cc022
-  SHA1: fc8fbd92f6e64682360885c188d1bdfbc14ca579
-  SHA256: ec5fac0b6bb267a2bd10fc80c8cca6718439d56e82e053d3ff799ce5f3475db5
-  Authentihash:
-    MD5: d47678b2b6a24ffb8778d44bb2245abf
-    SHA1: 27ac9d934e3a700c1d391cfbaecff8049a6ed97c
-    SHA256: cb21a13819bf295f34f5b34e3e566d25d880b045831e90ff610daf9e8b1f15cd
-  Description: TrendMicro Common Module
-  Company: Trend Micro Inc.
-  InternalName: TmComm.sys
-  OriginalFilename: TmComm.sys
-  FileVersion: 6.70.0.1078
-  Product: Trend Micro Eyes
-  ProductVersion: '6.70'
-  Copyright: Copyright (C) 2015 Trend Micro Incorporated. All rights reserved.
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions:
-  - ??0CAutoUpdateConfigThread@@QEAA@AEBV0@@Z
-  - ??0CAutoUpdateConfigThread@@QEAA@PEAU_UNICODE_STRING@@P6AX0PEAX@Z1@Z
-  - ??0CBlobConfig@@QEAA@AEBV0@@Z
-  - ??0CBlobConfig@@QEAA@K@Z
-  - ??0CContext@@QEAA@AEBV0@@Z
-  - ??0CContext@@QEAA@KP6AJPEAU_EVENT_REPORT@@PEAXPEAU_TMCE_REPORT@@PEAU_TMCE_FEEDBACK@@@Z1K@Z
-  - ??0CContextList@@QEAA@AEBV0@@Z
-  - ??0CContextList@@QEAA@KPEAVIMemoryAllocator@@@Z
-  - ??0CDebugLog@@QEAA@AEBV0@@Z
-  - ??0CDebugLog@@QEAA@PEBG@Z
-  - ??0CDebugLogEx@@QEAA@AEBV0@@Z
-  - ??0CDebugLogEx@@QEAA@K@Z
-  - ??0CDelayLoadThread@@QEAA@AEBV0@@Z
-  - ??0CDelayLoadThread@@QEAA@XZ
-  - ??0CExclusionExtConfig@@QEAA@AEBV0@@Z
-  - ??0CExclusionExtConfig@@QEAA@KKE@Z
-  - ??0CExclusionFileNameConfig@@QEAA@AEBV0@@Z
-  - ??0CExclusionFileNameConfig@@QEAA@KK@Z
-  - ??0CExclusionFilePathConfig@@QEAA@AEBV0@@Z
-  - ??0CExclusionFilePathConfig@@QEAA@KK@Z
-  - ??0CExclusionFolderConfig@@QEAA@AEBV0@@Z
-  - ??0CExclusionFolderConfig@@QEAA@KK@Z
-  - ??0CExclusionRegistryConfig@@QEAA@AEBV0@@Z
-  - ??0CExclusionRegistryConfig@@QEAA@KK@Z
-  - ??0CFile@@QEAA@AEBV0@@Z
-  - ??0CFile@@QEAA@E@Z
-  - ??0CFileExtension@@QEAA@AEBV0@@Z
-  - ??0CFileExtension@@QEAA@KEEPEAVIMemoryAllocator@@@Z
-  - ??0CInclusionExtConfig@@QEAA@AEBV0@@Z
-  - ??0CInclusionExtConfig@@QEAA@KKE@Z
-  - ??0CInclusionFileNameConfig@@QEAA@AEBV0@@Z
-  - ??0CInclusionFileNameConfig@@QEAA@KK@Z
-  - ??0CInclusionFilePathConfig@@QEAA@AEBV0@@Z
-  - ??0CInclusionFilePathConfig@@QEAA@KK@Z
-  - ??0CInclusionFolderConfig@@QEAA@AEBV0@@Z
-  - ??0CInclusionFolderConfig@@QEAA@KK@Z
-  - ??0CKEvent@@QEAA@AEBV0@@Z
-  - ??0CKEvent@@QEAA@W4_EVENT_TYPE@@E@Z
-  - ??0CList@@QEAA@AEBV0@@Z
-  - ??0CList@@QEAA@KPEAVIMemoryAllocator@@@Z
-  - ??0CLockEvent@@QEAA@AEBV0@@Z
-  - ??0CLockEvent@@QEAA@XZ
-  - ??0CLockList@@QEAA@AEBV0@@Z
-  - ??0CLockList@@QEAA@KKPEAVIMemoryAllocator@@@Z
-  - ??0CMemoryAllocator@@IEAA@W4_POOL_TYPE@@K@Z
-  - ??0CMemoryAllocator@@QEAA@AEBV0@@Z
-  - ??0CMemoryPoolAllocator@@IEAA@W4_POOL_TYPE@@_K1K@Z
-  - ??0CMemoryPoolAllocator@@QEAA@AEBV0@@Z
-  - ??0CModuleConfig@@QEAA@AEBV0@@Z
-  - ??0CModuleConfig@@QEAA@XZ
-  - ??0CModuleConfigList@@QEAA@AEBV0@@Z
-  - ??0CModuleConfigList@@QEAA@KPEAVIMemoryAllocator@@@Z
-  - ??0CModuleFileExtConfig@@QEAA@AEBV0@@Z
-  - ??0CModuleFileExtConfig@@QEAA@KKE@Z
-  - ??0CModuleFlagConfig@@QEAA@AEBV0@@Z
-  - ??0CModuleFlagConfig@@QEAA@K@Z
-  - ??0CModuleMultiStringConfig@@QEAA@AEBV0@@Z
-  - ??0CModuleMultiStringConfig@@QEAA@KK@Z
-  - ??0CModuleStringConfig@@QEAA@AEBV0@@Z
-  - ??0CModuleStringConfig@@QEAA@K@Z
-  - ??0CNoLockList@@QEAA@AEBV0@@Z
-  - ??0CNoLockList@@QEAA@KKPEAVIMemoryAllocator@@@Z
-  - ??0CSmartLock@@QEAA@AEAVCLockEvent@@@Z
-  - ??0CSmartLock@@QEAA@XZ
-  - ??0CSmartReference@@QEAA@AEAJ@Z
-  - ??0CSmartReference@@QEAA@AEAK@Z
-  - ??0CSmartResource@@QEAA@AEAVCResource@@E@Z
-  - ??0CStrList@@QEAA@AEBV0@@Z
-  - ??0CStrList@@QEAA@KPEAVIMemoryAllocator@@@Z
-  - ??0CSystemThread@@QEAA@AEBV0@@Z
-  - ??0CSystemThread@@QEAA@K@Z
-  - ??0CUserFuncAdapterJob@@QEAA@AEBV0@@Z
-  - ??0CUserFuncAdapterJob@@QEAA@P6AXPEAX@Z01@Z
-  - ??0CWorkerThread@@IEAA@PEAVCWorkerThreadJobQueue@@@Z
-  - ??0CWorkerThread@@QEAA@AEBV0@@Z
-  - ??0CWorkerThreadJob@@QEAA@AEBV0@@Z
-  - ??0CWorkerThreadJob@@QEAA@E@Z
-  - ??0CWorkerThreadJobQueue@@QEAA@AEBV0@@Z
-  - ??0CWorkerThreadJobQueue@@QEAA@K@Z
-  - ??0CWorkerThreadPool@@QEAA@AEBV0@@Z
-  - ??0CWorkerThreadPool@@QEAA@K@Z
-  - ??0CWorkerThreadPoolEx@@QEAA@AEBV0@@Z
-  - ??0CWorkerThreadPoolEx@@QEAA@KK@Z
-  - ??0IMemoryAllocator@@QEAA@AEBV0@@Z
-  - ??0IMemoryAllocator@@QEAA@XZ
-  - ??1CAutoUpdateConfigThread@@UEAA@XZ
-  - ??1CBlobConfig@@UEAA@XZ
-  - ??1CContext@@UEAA@XZ
-  - ??1CContextList@@UEAA@XZ
-  - ??1CDebugLog@@UEAA@XZ
-  - ??1CDebugLogEx@@UEAA@XZ
-  - ??1CDelayLoadThread@@UEAA@XZ
-  - ??1CExclusionExtConfig@@UEAA@XZ
-  - ??1CExclusionFileNameConfig@@UEAA@XZ
-  - ??1CExclusionFilePathConfig@@UEAA@XZ
-  - ??1CExclusionFolderConfig@@UEAA@XZ
-  - ??1CExclusionRegistryConfig@@UEAA@XZ
-  - ??1CFile@@UEAA@XZ
-  - ??1CFileExtension@@UEAA@XZ
-  - ??1CInclusionExtConfig@@UEAA@XZ
-  - ??1CInclusionFileNameConfig@@UEAA@XZ
-  - ??1CInclusionFilePathConfig@@UEAA@XZ
-  - ??1CInclusionFolderConfig@@UEAA@XZ
-  - ??1CKEvent@@UEAA@XZ
-  - ??1CList@@UEAA@XZ
-  - ??1CLockEvent@@UEAA@XZ
-  - ??1CLockList@@UEAA@XZ
-  - ??1CMemoryAllocator@@UEAA@XZ
-  - ??1CMemoryPoolAllocator@@UEAA@XZ
-  - ??1CModuleConfig@@UEAA@XZ
-  - ??1CModuleConfigList@@UEAA@XZ
-  - ??1CModuleFileExtConfig@@UEAA@XZ
-  - ??1CModuleFlagConfig@@UEAA@XZ
-  - ??1CModuleMultiStringConfig@@UEAA@XZ
-  - ??1CModuleStringConfig@@UEAA@XZ
-  - ??1CNoLockList@@UEAA@XZ
-  - ??1CSmartLock@@QEAA@XZ
-  - ??1CSmartReference@@QEAA@XZ
-  - ??1CSmartResource@@QEAA@XZ
-  - ??1CStrList@@UEAA@XZ
-  - ??1CSystemThread@@UEAA@XZ
-  - ??1CUserFuncAdapterJob@@UEAA@XZ
-  - ??1CWorkerThread@@UEAA@XZ
-  - ??1CWorkerThreadJob@@UEAA@XZ
-  - ??1CWorkerThreadJobQueue@@UEAA@XZ
-  - ??1CWorkerThreadPool@@UEAA@XZ
-  - ??1CWorkerThreadPoolEx@@UEAA@XZ
-  - ??1IMemoryAllocator@@UEAA@XZ
-  - ??2@YAPEAX_KPEAVIMemoryAllocator@@PEBDK@Z
-  - ??2CMemoryAllocator@@SAPEAX_K@Z
-  - ??2CMemoryPoolAllocator@@SAPEAX_K@Z
-  - ??3@YAXPEAX@Z
-  - ??3IMemoryAllocator@@SAXPEAX@Z
-  - ??4CAutoUpdateConfigThread@@QEAAAEAV0@AEBV0@@Z
-  - ??4CBlobConfig@@QEAAAEAV0@AEBV0@@Z
-  - ??4CContext@@QEAAAEAV0@AEBV0@@Z
-  - ??4CDebugLog@@QEAAAEAV0@AEBV0@@Z
-  - ??4CDebugLogEx@@QEAAAEAV0@AEBV0@@Z
-  - ??4CDelayLoadThread@@QEAAAEAV0@AEBV0@@Z
-  - ??4CFile@@QEAAAEAV0@AEBV0@@Z
-  - ??4CKEvent@@QEAAAEAV0@AEBV0@@Z
-  - ??4CLockEvent@@QEAAAEAV0@AEBV0@@Z
-  - ??4CMemoryAllocator@@QEAAAEAV0@AEBV0@@Z
-  - ??4CMemoryPoolAllocator@@QEAAAEAV0@AEBV0@@Z
-  - ??4CModuleConfig@@QEAAAEAV0@AEBV0@@Z
-  - ??4CModuleFlagConfig@@QEAAAEAV0@AEBV0@@Z
-  - ??4CModuleStringConfig@@QEAAAEAV0@AEBV0@@Z
-  - ??4CSmartLock@@QEAAAEAV0@AEBV0@@Z
-  - ??4CSmartLock@@QEAAAEBV0@AEAVCLockEvent@@@Z
-  - ??4CSmartResource@@QEAAAEAV0@AEBV0@@Z
-  - ??4CSystemThread@@QEAAAEAV0@AEBV0@@Z
-  - ??4CUserFuncAdapterJob@@QEAAAEAV0@AEBV0@@Z
-  - ??4CWorkerThread@@QEAAAEAV0@AEBV0@@Z
-  - ??4CWorkerThreadJob@@QEAAAEAV0@AEBV0@@Z
-  - ??4IMemoryAllocator@@QEAAAEAV0@AEBV0@@Z
-  - ??_7CAutoUpdateConfigThread@@6B@
-  - ??_7CBlobConfig@@6B@
-  - ??_7CContext@@6B@
-  - ??_7CContextList@@6B@
-  - ??_7CDebugLog@@6B@
-  - ??_7CDebugLogEx@@6B@
-  - ??_7CDelayLoadThread@@6B@
-  - ??_7CExclusionExtConfig@@6B@
-  - ??_7CExclusionFileNameConfig@@6B@
-  - ??_7CExclusionFilePathConfig@@6B@
-  - ??_7CExclusionFolderConfig@@6B@
-  - ??_7CExclusionRegistryConfig@@6B@
-  - ??_7CFile@@6B@
-  - ??_7CFileExtension@@6B@
-  - ??_7CInclusionExtConfig@@6B@
-  - ??_7CInclusionFileNameConfig@@6B@
-  - ??_7CInclusionFilePathConfig@@6B@
-  - ??_7CInclusionFolderConfig@@6B@
-  - ??_7CKEvent@@6B@
-  - ??_7CList@@6B@
-  - ??_7CLockEvent@@6B@
-  - ??_7CLockList@@6B@
-  - ??_7CMemoryAllocator@@6B@
-  - ??_7CMemoryPoolAllocator@@6B@
-  - ??_7CModuleConfig@@6B@
-  - ??_7CModuleConfigList@@6B@
-  - ??_7CModuleFileExtConfig@@6B@
-  - ??_7CModuleFlagConfig@@6B@
-  - ??_7CModuleMultiStringConfig@@6B@
-  - ??_7CModuleStringConfig@@6B@
-  - ??_7CNoLockList@@6B@
-  - ??_7CStrList@@6B@
-  - ??_7CSystemThread@@6B@
-  - ??_7CUserFuncAdapterJob@@6B@
-  - ??_7CWorkerThread@@6B@
-  - ??_7CWorkerThreadJob@@6B@
-  - ??_7CWorkerThreadJobQueue@@6B@
-  - ??_7CWorkerThreadPool@@6B@
-  - ??_7CWorkerThreadPoolEx@@6B@
-  - ??_7IMemoryAllocator@@6B@
-  - ??_FCContextList@@QEAAXXZ
-  - ??_FCFile@@QEAAXXZ
-  - ??_FCFileExtension@@QEAAXXZ
-  - ??_FCModuleConfigList@@QEAAXXZ
-  - ??_FCStrList@@QEAAXXZ
-  - ??_FCSystemThread@@QEAAXXZ
-  - ??_FCWorkerThread@@QEAAXXZ
-  - ??_FCWorkerThreadJob@@QEAAXXZ
-  - ??_FCWorkerThreadJobQueue@@QEAAXXZ
-  - ??_U@YAPEAX_KPEAVIMemoryAllocator@@PEBDK@Z
-  - ??_V@YAXPEAX@Z
-  - ?Acquire@CLockEvent@@QEAAXXZ
-  - ?Add@CContextList@@QEAAEPEAVCContext@@@Z
-  - ?Add@CFileExtension@@QEAAEPEBGK@Z
-  - ?Add@CModuleConfigList@@QEAAEPEAVCModuleConfig@@@Z
-  - ?Add@CStrList@@QEAAEPEBG@Z
-  - ?AddNode@CLockList@@UEAAEQEAXE@Z
-  - ?AddNode@CNoLockList@@UEAAEQEAXE@Z
-  - ?Alloc@CMemoryAllocator@@UEAAPEAX_KPEBDK@Z
-  - ?Alloc@CMemoryPoolAllocator@@UEAAPEAX_KPEBDK@Z
-  - ?AllocBlock@CMemoryPoolAllocator@@IEAAPEAX_K@Z
-  - ?AttachJobQueue@CWorkerThread@@QEAAXPEAVCWorkerThreadJobQueue@@@Z
-  - ?Cancel@CWorkerThreadJob@@QEAAXXZ
-  - ?CheckNode@CLockList@@UEAAHQEAX@Z
-  - ?CheckNode@CNoLockList@@UEAAHQEAX@Z
-  - ?CleanQueue@CWorkerThreadJobQueue@@QEAAXXZ
-  - ?Cleanup@CBlobConfig@@AEAAXXZ
-  - ?Cleanup@CModuleFileExtConfig@@IEAAXXZ
-  - ?Cleanup@CModuleMultiStringConfig@@IEAAXXZ
-  - ?Cleanup@CModuleStringConfig@@AEAAXXZ
-  - ?Close@CFile@@QEAAJXZ
-  - ?Count@CLockList@@QEAAKXZ
-  - ?Count@CNoLockList@@QEAAKXZ
-  - ?Create@CFile@@QEAAJPEBGKKKK@Z
-  - ?Create@CSystemThread@@QEAAEXZ
-  - ?CreateInstance@CMemoryAllocator@@SAPEAV1@W4_POOL_TYPE@@K@Z
-  - ?CreateInstance@CMemoryPoolAllocator@@SAPEAV1@W4_POOL_TYPE@@_K1K@Z
-  - ?CreatePool@CWorkerThreadPool@@QEAAEXZ
-  - ?CreatePool@CWorkerThreadPoolEx@@QEAAEXZ
-  - ?CreateThreads@CWorkerThreadPool@@QEAAEK@Z
-  - ?CreateThreads@CWorkerThreadPoolEx@@QEAAEK@Z
-  - ?CreateWIRP@CFile@@QEAAJPEBGKKKK@Z
-  - ?Delete@CFile@@QEAAJXZ
-  - ?Delete@CFileExtension@@QEAAEPEBGK@Z
-  - ?Delete@CStrList@@QEAAEPEBG@Z
-  - ?DeleteAll@CList@@UEAAXXZ
-  - ?DeleteAll@CLockList@@UEAAXXZ
-  - ?DeleteAll@CNoLockList@@UEAAXXZ
-  - ?DeleteNode@CContextList@@MEAAXPEAX@Z
-  - ?DeleteNode@CList@@UEAAXPEAX@Z
-  - ?DeleteNode@CModuleConfigList@@MEAAXPEAX@Z
-  - ?DeleteNode@CStrList@@EEAAXPEAU_STR_LIST_NODE@1@@Z
-  - ?DisableWriteProtectFromCR0@@YAXPEAPEAX@Z
-  - ?DoIt@CWorkerThreadJob@@QEAAJXZ
-  - ?EntryPoint@CSystemThread@@KAXPEAX@Z
-  - ?Find@CContextList@@QEAAPEAVCContext@@K@Z
-  - ?Find@CContextList@@QEAAPEAVCContext@@PEAX@Z
-  - ?Find@CFileExtension@@QEAAPEAU_STR_LIST_NODE@CStrList@@PEBGK@Z
-  - ?Find@CModuleConfigList@@QEAAPEAVCModuleConfig@@K@Z
-  - ?Find@CStrList@@QEAAPEAU_STR_LIST_NODE@1@PEBG@Z
-  - ?FindNode@CContextList@@IEAAPEAXPEAX@Z
-  - ?FindPartiallyAndAllMatch@CStrList@@QEAAPEAU_STR_LIST_NODE@1@PEBG@Z
-  - ?FinishFunction@CUserFuncAdapterJob@@MEAAXXZ
-  - ?FinishIt@CWorkerThreadJob@@QEAAJXZ
-  - ?First@CList@@UEAAPEAXXZ
-  - ?First@CLockList@@UEAAPEAXXZ
-  - ?First@CNoLockList@@UEAAPEAXXZ
-  - ?Free@CMemoryAllocator@@UEAAXPEAX@Z
-  - ?Free@CMemoryPoolAllocator@@UEAAXPEAX@Z
-  - ?GetAttributes@CFile@@QEAAKXZ
-  - ?GetBasicInfomration@CFile@@IEAAJXZ
-  - ?GetBlobCofig@CContext@@UEAAJKPEAXPEAK@Z
-  - ?GetCategory@CContext@@QEAAKXZ
-  - ?GetData@CBlobConfig@@QEAAHPEAXPEAK@Z
-  - ?GetData@CModuleFileExtConfig@@QEAAHPEAGPEAK@Z
-  - ?GetData@CModuleFileExtConfig@@QEAAPEAVCFileExtension@@XZ
-  - ?GetData@CModuleFlagConfig@@QEAAKXZ
-  - ?GetData@CModuleMultiStringConfig@@QEAAHPEAGPEAK@Z
-  - ?GetData@CModuleMultiStringConfig@@QEAAPEAVCStrList@@XZ
-  - ?GetData@CModuleStringConfig@@QEAAPEAGXZ
-  - ?GetData@CStrList@@QEAAEPEAGPEAK@Z
-  - ?GetDataType@CModuleConfig@@QEAAKXZ
-  - ?GetEngineContext@CContext@@QEAAPEAXXZ
-  - ?GetFileExtensionConfig@CContext@@QEAAPEAVCFileExtension@@K@Z
-  - ?GetFileExtensionConfig@CContext@@UEAAJKPEAGPEAK@Z
-  - ?GetFileSize@CFile@@QEAAJPEAT_LARGE_INTEGER@@@Z
-  - ?GetFileSizeWIRP@CFile@@QEAAJPEAT_LARGE_INTEGER@@@Z
-  - ?GetFlagConfig@CContext@@UEAAJKPEAK@Z
-  - ?GetID@CModuleConfig@@QEAAKXZ
-  - ?GetJob@CWorkerThreadJobQueue@@QEAAPEAVCWorkerThreadJob@@XZ
-  - ?GetLength@CModuleStringConfig@@QEAAKXZ
-  - ?GetLinkContext@CContext@@QEAAPEAXXZ
-  - ?GetLogFlag@CDebugLog@@QEAAKXZ
-  - ?GetLogFlag@CDebugLogEx@@QEAAKXZ
-  - ?GetModuleId@CModuleConfig@@QEAAKXZ
-  - ?GetMultiStringConfig@CContext@@QEAAPEAVCStrList@@K@Z
-  - ?GetMultiStringConfig@CContext@@UEAAJKPEAGPEAK@Z
-  - ?GetOneThreadTEB@CWorkerThreadPool@@QEAAPEAU_ETHREAD@@XZ
-  - ?GetOneThreadTEB@CWorkerThreadPool@@QEAAPEAU_KTHREAD@@XZ
-  - ?GetOneThreadTEB@CWorkerThreadPoolEx@@QEAAPEAU_ETHREAD@@XZ
-  - ?GetOneThreadTEB@CWorkerThreadPoolEx@@QEAAPEAU_KTHREAD@@XZ
-  - ?GetReportCallBackRoutine@CContext@@QEAA_KXZ
-  - ?GetSize@CBlobConfig@@QEAAKXZ
-  - ?GetStringConfig@CContext@@QEAAPEAGK@Z
-  - ?GetStringConfig@CContext@@UEAAJKPEAGPEAK@Z
-  - ?GetThreadCount@CWorkerThreadPool@@QEAAKXZ
-  - ?GetThreadCount@CWorkerThreadPoolEx@@QEAAKXZ
-  - ?GetThreadID@CSystemThread@@QEAA_KXZ
-  - ?GetType@CContext@@QEAAKXZ
-  - ?GetUserParameter@CContext@@QEAA_KXZ
-  - ?InitProcMon@CDebugLogEx@@IEAAXXZ
-  - ?InitializeBlobConfig@CContext@@QEAAHKPEAXK@Z
-  - ?InitializeFileExtensionConfig@CContext@@QEAAHKPEBG@Z
-  - ?InitializeFlagConfig@CContext@@QEAAHKK@Z
-  - ?InitializeMultiStringConfig@CContext@@QEAAHKPEBG@Z
-  - ?InitializeStringConfig@CContext@@QEAAHKPEBG@Z
-  - ?Insert@CList@@UEAAXQEAXE@Z
-  - ?Insert@CLockList@@UEAAXQEAXE@Z
-  - ?Insert@CNoLockList@@UEAAXQEAXE@Z
-  - ?InsertAfter@CList@@UEAAXPEAX0@Z
-  - ?InsertBefore@CList@@UEAAXPEAX0@Z
-  - ?Instance@CWorkerThreadPool@@SAPEAV1@XZ
-  - ?IsEmpty@CList@@UEAAEXZ
-  - ?IsEmpty@CLockList@@UEAAEXZ
-  - ?IsEmpty@CNoLockList@@UEAAEXZ
-  - ?IsExceedLimitation@CMemoryPoolAllocator@@IEAAEK@Z
-  - ?IsFull@CLockList@@QEBAEXZ
-  - ?IsFull@CNoLockList@@QEBAEXZ
-  - ?IsInExclusionList@CExclusionExtConfig@@QEAAEPEBG@Z
-  - ?IsInExclusionList@CExclusionFileNameConfig@@QEAAEPEBG@Z
-  - ?IsInExclusionList@CExclusionFilePathConfig@@QEAAEPEBG@Z
-  - ?IsInExclusionList@CExclusionFolderConfig@@QEAAEPEBG@Z
-  - ?IsInExclusionList@CExclusionRegistryConfig@@QEAAEPEBG@Z
-  - ?IsInInclusionList@CInclusionExtConfig@@QEAAEPEBG@Z
-  - ?IsInInclusionList@CInclusionFileNameConfig@@QEAAEPEBG@Z
-  - ?IsInInclusionList@CInclusionFilePathConfig@@QEAAEPEBG@Z
-  - ?IsInInclusionList@CInclusionFolderConfig@@QEAAEPEBG@Z
-  - ?IsOpened@CFile@@QEAAEXZ
-  - ?IsTerminated@CWorkerThreadPool@@QEAAEXZ
-  - ?IsTerminated@CWorkerThreadPoolEx@@QEAAEXZ
-  - ?IsValid@CMemoryAllocator@@UEAAEXZ
-  - ?IsValid@CMemoryPoolAllocator@@UEAAEXZ
-  - ?IsValid@IMemoryAllocator@@UEAAEXZ
-  - ?IsWorkerThread@CWorkerThreadPool@@QEAAE_K@Z
-  - ?IsWorkerThread@CWorkerThreadPoolEx@@QEAAE_K@Z
-  - ?JobFunction@CUserFuncAdapterJob@@MEAAXXZ
-  - ?JobQueue@CWorkerThreadPool@@QEAAAEAVCWorkerThreadJobQueue@@XZ
-  - ?JobQueue@CWorkerThreadPoolEx@@QEAAAEAVCWorkerThreadJobQueue@@XZ
-  - ?Limit@CLockList@@QEAAKXZ
-  - ?Limit@CNoLockList@@QEAAKXZ
-  - ?MatchAllExtensions@CFileExtension@@QEAAEXZ
-  - ?MatchNoExtensions@CFileExtension@@QEAAEXZ
-  - ?MergeLeft@CMemoryPoolAllocator@@IEAAPEAXPEAX@Z
-  - ?MergeRight@CMemoryPoolAllocator@@IEAAPEAXPEAX@Z
-  - ?NeedDelete@CWorkerThreadJob@@QEAAEXZ
-  - ?NeedDeleteWhenFinish@CWorkerThreadJob@@QEAAXE@Z
-  - ?NewNode@CList@@UEAAPEAXXZ
-  - ?NewNode@CStrList@@EEAAPEAXXZ
-  - ?NewNodeVariant@CList@@IEAAPEAXK@Z
-  - ?Next@CList@@UEBAPEAXQEAX@Z
-  - ?Next@CLockList@@UEBAPEAXQEAX@Z
-  - ?Next@CNoLockList@@UEBAPEAXQEAX@Z
-  - ?NextPool@CMemoryPoolAllocator@@QEAAPEAV1@XZ
-  - ?NotityTerminate@CWorkerThread@@QEAAXXZ
-  - ?PostJobToWorkerThread@CWorkerThreadPool@@QEAAJP6AXPEAX@Z0E@Z
-  - ?PostJobToWorkerThread@CWorkerThreadPoolEx@@QEAAJP6AXPEAX@Z0E1@Z
-  - ?Pulse@CKEvent@@QEAAJJE@Z
-  - ?QueueJob@CWorkerThreadJobQueue@@QEAAEPEAVCWorkerThreadJob@@@Z
-  - ?QueueJobItem@CWorkerThreadPool@@QEAAJPEAVCWorkerThreadJob@@@Z
-  - ?QueueJobItem@CWorkerThreadPoolEx@@QEAAJPEAVCWorkerThreadJob@@@Z
-  - ?RCMInstance@CWorkerThreadPool@@SAPEAV1@XZ
-  - ?Read@CFile@@QEAAJPEADKPEAK@Z
-  - ?ReadWIRP@CFile@@QEAAJPEADKPEAK@Z
-  - ?ReferenceCount@CContext@@QEAAAEAKXZ
-  - ?Release@CLockEvent@@QEAAXXZ
-  - ?Remove@CContextList@@UEAAEQEAX@Z
-  - ?Remove@CList@@UEAAEQEAX@Z
-  - ?Remove@CLockList@@UEAAEQEAX@Z
-  - ?Remove@CNoLockList@@UEAAEQEAX@Z
-  - ?RemoveHead@CList@@UEAAPEAXXZ
-  - ?RemoveHead@CLockList@@UEAAPEAXXZ
-  - ?RemoveHead@CNoLockList@@UEAAPEAXXZ
-  - ?RemoveTail@CList@@UEAAPEAXXZ
-  - ?RemoveTail@CLockList@@UEAAPEAXXZ
-  - ?RemoveTail@CNoLockList@@UEAAPEAXXZ
-  - ?Reset@CKEvent@@QEAAXXZ
-  - ?ResetData@CInclusionExtConfig@@QEAAXXZ
-  - ?ResetData@CInclusionFileNameConfig@@QEAAXXZ
-  - ?ResetData@CInclusionFilePathConfig@@QEAAXXZ
-  - ?ResetData@CInclusionFolderConfig@@QEAAXXZ
-  - ?RestoreCR0@@YAXPEAX@Z
-  - ?Run@CAutoUpdateConfigThread@@UEAAXXZ
-  - ?Run@CDelayLoadThread@@UEAAXXZ
-  - ?Run@CWorkerThread@@UEAAXXZ
-  - ?SeekToEnd@CFile@@QEAAJXZ
-  - ?Set@CKEvent@@QEAAJJE@Z
-  - ?SetAttributes@CFile@@QEAAJK@Z
-  - ?SetBlobCofig@CContext@@UEAAJKPEAXK@Z
-  - ?SetData@CBlobConfig@@QEAAHPEAXK@Z
-  - ?SetData@CModuleFileExtConfig@@QEAAHPEBG@Z
-  - ?SetData@CModuleFlagConfig@@QEAAHK@Z
-  - ?SetData@CModuleMultiStringConfig@@QEAAHPEBGK@Z
-  - ?SetData@CModuleStringConfig@@QEAAHPEBG@Z
-  - ?SetEngineContext@CContext@@QEAAXPEAX@Z
-  - ?SetFileExtensionConfig@CContext@@UEAAJKPEBG@Z
-  - ?SetFlagConfig@CContext@@UEAAJKK@Z
-  - ?SetLinkContext@CContext@@QEAAXPEAX@Z
-  - ?SetLogFlag@CDebugLog@@QEAAEK@Z
-  - ?SetLogFlag@CDebugLogEx@@QEAAEK@Z
-  - ?SetMatchAllExtensions@CFileExtension@@QEAAXE@Z
-  - ?SetMatchNoExtensions@CFileExtension@@QEAAXE@Z
-  - ?SetMultiStringConfig@CContext@@UEAAJKPEBG@Z
-  - ?SetNewJobItemEvent@CWorkerThreadJobQueue@@QEAAXXZ
-  - ?SetPriority@CSystemThread@@QEAAXK@Z
-  - ?SetStopUse@CContext@@QEAAXXZ
-  - ?SetStringConfig@CContext@@UEAAJKPEBG@Z
-  - ?Setup@CSystemThread@@MEAAXXZ
-  - ?StopUse@CContext@@QEAAHXZ
-  - ?TearDown@CSystemThread@@MEAAXXZ
-  - ?Terminate@CSystemThread@@QEAAXE@Z
-  - ?Terminate@CWorkerThreadPool@@QEAAEXZ
-  - ?Terminate@CWorkerThreadPoolEx@@QEAAEXZ
-  - ?TmExceptionFilter@@YAJPEAU_EXCEPTION_POINTERS@@@Z
-  - ?Wait@CKEvent@@QEAAJPEAT_LARGE_INTEGER@@E@Z
-  - ?WaitFinish@CWorkerThreadJob@@QEAAXXZ
-  - ?WaitForInit@CDelayLoadThread@@QEAAEXZ
-  - ?WaitForLoad@CDelayLoadThread@@QEAAEXZ
-  - ?WaitNewJobAvailable@CWorkerThreadJobQueue@@QEAAEXZ
-  - ?WaitQueueEmpty@CWorkerThreadJobQueue@@QEAAXXZ
-  - ?Write@CDebugLog@@QEAAXPEBDZZ
-  - ?Write@CDebugLogEx@@QEAAXPEBDZZ
-  - ?Write@CFile@@QEAAJPEADKPEAT_LARGE_INTEGER@@PEAK@Z
-  - ?WriteDataToFile@CDebugLogEx@@IEAAXPEADK@Z
-  - ?WriteDataToProcMonW@CDebugLogEx@@IEAAXPEAD@Z
-  - ?WriteSystemInformation@CDebugLog@@QEAAXXZ
-  - ?WriteSystemInformation@CDebugLogEx@@QEAAXXZ
-  - ?WriteSystemStringInformation@CDebugLog@@IEAAXPEBG@Z
-  - ?WriteSystemStringInformation@CDebugLogEx@@IEAAXPEBG@Z
-  - ?WriteToFile@CDebugLog@@IEAAXPEADK@Z
-  - ?WriteToProcMonW@CDebugLogEx@@IEAAXPEAU_UNICODE_STRING@@@Z
-  - ?_pNonPagedAllocator@@3PEAVCMemoryAllocator@@EA
-  - ?_pPagedAllocator@@3PEAVCMemoryAllocator@@EA
-  - ?m_lpInstance@CWorkerThreadPool@@1PEAV1@EA
-  - ?m_lpRCMInstance@CWorkerThreadPool@@1PEAV1@EA
-  - DeInitKm2UmCommunication
-  - DeInitKmLPC
-  - DuplicateFullFileName
-  - FreeFullFileName
-  - GetKm2UmMode
-  - GetModuleInfoByAddress
-  - GetModuleInfoByModuleName
-  - InitKm2UmCommunication
-  - InitKmLPC
-  - IsVerifierCodeCheckFlagOn
-  - IsWindows8_1_update
-  - KmCallUm
-  - KmCallUmByLPC
-  - KmCallUmEx
-  - KmCleanupCommPortAPIs
-  - KmGetUmInitProcess
-  - KmSetCommPortAPIs
-  - ModGetExportProcAddress
-  - ModLoadDLLToBuffer
-  - ModLoadDLLToBufferWithImageSize
-  - ModLoadModule
-  - ModUnLoadModule
-  - NormalizeFileName
-  - NormalizeFullNtPathToDosName
-  - TmCommConfigRoutine
-  - UtilAddDeviceInDriveTable
-  - UtilAddReparsePointMapping
-  - UtilCleanFileReadOnly
-  - UtilCloseExclusiveHandle
-  - UtilCreateDosFileName
-  - UtilDeleteFileForce
-  - UtilGetDeviceObjectName
-  - UtilGetFileNameFromFileObject
-  - UtilGetFileObjectForProcessByEPROC
-  - UtilGetFileObjectFromFileName
-  - UtilGetProcessName
-  - UtilGetSystemDirectory
-  - UtilGetSystemDirectoryEx
-  - UtilGetSystemDirectoryLength
-  - UtilGetSystemTime
-  - UtilIoSetFileInfo
-  - UtilIopCreateFileIRP
-  - UtilKeGetLowFileDevice
-  - UtilModuleIATHook
-  - UtilModuleIATUnHook
-  - UtilPostJobToWorkerThread
-  - UtilQueryExclusiveHandle
-  - UtilQueryKeyValue
-  - UtilRemoveDeviceFromDriveTable
-  - UtilVolumeDeviceToDosName
-  - UtilWaitValueChangeToZero
-  - UtilWriteVersionToRegistry
-  - UtilbuildDynamicDiskMappingTable
-  - UtlWriteBinValueKeyToRegistry
-  - ValidateAddressWithSize
-  - _ResetProtectFromClose
-  - _UtilDosPathNameToNtPathName
-  ImportedFunctions:
-  - KeLeaveCriticalRegion
-  - wcsncpy
-  - KeEnterCriticalRegion
-  - ExAcquireFastMutexUnsafe
-  - wcsrchr
-  - ExAcquireResourceSharedLite
-  - ExReleaseResourceLite
-  - _purecall
-  - ZwOpenEvent
-  - ZwConnectPort
-  - KeClearEvent
-  - PsProcessType
-  - ExFreePoolWithTag
-  - RtlInitUnicodeString
-  - KeSetEvent
-  - ProbeForWrite
-  - KeUnstackDetachProcess
-  - ZwRequestWaitReplyPort
-  - ZwWaitForSingleObject
-  - DbgBreakPoint
-  - ZwSetEvent
-  - IoGetCurrentProcess
-  - ZwFreeVirtualMemory
-  - ZwClose
-  - ObfReferenceObject
-  - ObfDereferenceObject
-  - RtlUnicodeStringToInteger
-  - ZwCreateSection
-  - ObOpenObjectByPointer
-  - KeStackAttachProcess
-  - KePulseEvent
-  - ZwAllocateVirtualMemory
-  - ObGetObjectSecurity
-  - SeAccessCheck
-  - SeReleaseSubjectContext
-  - SeCaptureSubjectContext
-  - PsThreadType
-  - ObReleaseObjectSecurity
-  - PsGetProcessExitTime
-  - MmSectionObjectType
-  - DbgPrint
-  - ExDeleteResourceLite
-  - ExInitializeResourceLite
-  - ZwReadFile
-  - swprintf
-  - ZwSetInformationFile
-  - ZwCreateFile
-  - ZwQueryInformationFile
-  - ZwWriteFile
-  - _wcsnicmp
-  - towupper
-  - ExAllocatePoolWithTag
-  - KeInitializeEvent
-  - ZwCreateEvent
-  - ZwCreateKey
-  - RtlAnsiStringToUnicodeString
-  - ZwNotifyChangeKey
-  - RtlInitAnsiString
-  - _snprintf
-  - RtlFreeUnicodeString
-  - ExSystemTimeToLocalTime
-  - _vsnprintf
-  - ObReferenceObjectByHandle
-  - RtlTimeToTimeFields
-  - ZwDeviceIoControlFile
-  - PsGetCurrentThreadId
-  - PsGetCurrentProcessId
-  - KeWaitForMultipleObjects
-  - ExGetPreviousMode
-  - RtlEqualUnicodeString
-  - RtlAppendUnicodeStringToString
-  - RtlCopyUnicodeString
-  - RtlUpcaseUnicodeChar
-  - KeWaitForSingleObject
-  - KeSetPriorityThread
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - MmIsAddressValid
-  - KeDelayExecutionThread
-  - KeNumberProcessors
-  - PsLookupProcessByProcessId
-  - PsSetCreateProcessNotifyRoutine
-  - ZwOpenDirectoryObject
-  - ZwQueryInformationProcess
-  - ZwQuerySecurityObject
-  - NtSetInformationFile
-  - ZwDeleteValueKey
-  - ZwSetValueKey
-  - ZwQuerySystemInformation
-  - NtQueryInformationFile
-  - IoFileObjectType
-  - ZwQueryValueKey
-  - ZwQueryDirectoryFile
-  - NtCreateFile
-  - ZwEnumerateValueKey
-  - RtlLengthSecurityDescriptor
-  - ZwQueryDirectoryObject
-  - ZwSetSecurityObject
-  - ZwDuplicateObject
-  - ZwOpenProcess
-  - ZwTerminateProcess
-  - ZwDeleteKey
-  - ExReleaseFastMutexUnsafe
-  - ZwQueryKey
-  - ZwOpenKey
-  - MmSystemRangeStart
-  - _stricmp
-  - _strnicmp
-  - mbstowcs
-  - ProbeForRead
-  - RtlUpcaseUnicodeString
-  - _snwprintf
-  - ZwQuerySymbolicLinkObject
-  - ZwMapViewOfSection
-  - MmGetSystemRoutineAddress
-  - RtlAppendUnicodeToString
-  - IoCreateFile
-  - RtlQueryRegistryValues
-  - MmBuildMdlForNonPagedPool
-  - ZwOpenSymbolicLinkObject
-  - IoFreeMdl
-  - ObQueryNameString
-  - ZwUnmapViewOfSection
-  - NtClose
-  - IoFreeIrp
-  - PsGetVersion
-  - IoAllocateIrp
-  - RtlCompareMemory
-  - MmUnlockPages
-  - ZwSetInformationObject
-  - ZwOpenFile
-  - wcsncmp
-  - RtlImageNtHeader
-  - IoAllocateMdl
-  - IofCallDriver
-  - ZwQueryVolumeInformationFile
-  - ObReferenceObjectByPointer
-  - IoBuildDeviceIoControlRequest
-  - ZwOpenSection
-  - RtlSubAuthoritySid
-  - RtlLengthRequiredSid
-  - ExReleaseFastMutex
-  - ExAcquireFastMutex
-  - RtlCreateAcl
-  - RtlSetDaclSecurityDescriptor
-  - RtlAddAccessAllowedAce
-  - KeInitializeSemaphore
-  - KeReleaseSemaphore
-  - RtlInitializeSid
-  - RtlCreateSecurityDescriptor
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - ExEventObjectType
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoGetDeviceObjectPointer
-  - ObOpenObjectByName
-  - NtQueryInformationProcess
-  - strncpy
-  - NtOpenProcess
-  - ObInsertObject
-  - IoAcquireVpbSpinLock
-  - SeCreateAccessState
-  - IoGetFileObjectGenericMapping
-  - ObCreateObject
-  - IoReleaseVpbSpinLock
-  - wcschr
-  - strncat
-  - RtlUnicodeStringToAnsiString
-  - wcsncat
-  - RtlFreeAnsiString
-  - wcstombs
-  - IoGetConfigurationInformation
-  - IoRegisterPlugPlayNotification
-  - IoGetStackLimits
-  - IoBuildSynchronousFsdRequest
-  - KeReleaseSpinLock
-  - ExpInterlockedPopEntrySList
-  - FsRtlIsNameInExpression
-  - wcsstr
-  - ExAllocatePool
-  - IoUnregisterPlugPlayNotification
-  - MmProbeAndLockPages
-  - RtlCompareUnicodeString
-  - IoGetDeviceInterfaces
-  - DbgPrintEx
-  - KeAcquireSpinLockRaiseToDpc
-  - KeBugCheckEx
-  - IoCreateDevice
-  - IoDeviceObjectType
-  - SeCaptureSecurityDescriptor
-  - RtlAbsoluteToSelfRelativeSD
-  - IoIsWdmVersionAvailable
-  - SeExports
-  - RtlLengthSid
-  - RtlGetSaclSecurityDescriptor
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - ZwEnumerateKey
-  - ExAcquireResourceExclusiveLite
-  - __C_specific_handler
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO
-        Time Stamping Signer
-      ValidFrom: '2015-05-05 00:00:00'
-      ValidTo: '2015-12-31 23:59:59'
-      Signature: 0dbbad60111bb5f00dcce6483a7a3e0e33dc1cb9ead620fea34dd0cc764ee818d879dfd34f9a4264238a29728a3a6c66a63c3a17a8704565c673c3d0ce8954fbac690f58b019cb869f7eb97eeb5192bf9bddebd165f0257b887cdebda5c8b51451bcc081308a85387be679fe67559387fe4fe88d0eedf37292b5c289806dd159e31d0deab138ee039d0019a5ab219b79c3ccc23e687ebdc94d694db46451fbb22874e25389ce9dfaade2dbceab7b7e064474fd0aa3c9b7a730cd49d29264f122a6b828457479e9a7ce3b33f98350947d68c01d49c760787a3c6426d5befa0a6de41ee109538fa9c523acc79d614221f02c1671493b10af2c6f1ae631f114fd6c
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 009feac811b0f16247a5fc20d80523ace6
-      Version: 3
-      TBS:
-        MD5: b6aa9cf28bcfc9f07ec1069fb425ab61
-        SHA1: ca7a166fcd53878ba5a38d4cac37c63513cfc1fa
-        SHA256: 711394fc49f8948a831f687d42ced6b18514f57786ecc6cdbc3c3eb72e568a40
-        SHA384: ca01f9c9ed4e1ddff7126b7bbf618bc8132429886ca563f86655429e928739c621b9fdea6e04a623712cbb998c5c7d77
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=TW, ST=Taiwan, L=Taipei, O=Trend Micro, Inc., CN=Trend Micro, Inc.
-      ValidFrom: '2015-02-20 00:00:00'
-      ValidTo: '2016-05-21 23:59:59'
-      Signature: e480eb7f78216a855e34dbcb712d3879d6b1744c823c8e78c3661e55182a5c1f3a03686169393ef8778c893a49604a79769f5ba7156426c5431ae729a8dc5f8e22b14d124e46eff3f4f660552a57250a15e15d07ad548a02cddf8a204b5010be387a05b1019f618cf15078d80a809a7272b1822a63862c7db194f12697a786001ef630ac9d8bf9f5475191f327b8ed4839dff1ef65e5eb8f91379a66366451f99cb633848c57d4392096e6080fa327b23fc3834ad4f6043904d6c5aeb35454a265b3fda38167cffa8394f092a74bad1ea386f63b7baeb95271a97fc3bff0a2bc96a834f280a254d7170e5cc2830f3bd0649178f8b04514ecd1103753b1762902
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1519396ee230f02cad1fcfdb077a35f0
-      Version: 3
-      TBS:
-        MD5: 7e2a6f93403382b4ec42463426d0a4b5
-        SHA1: 62acc697c0e2dc37f3d37ab79751637346e051e2
-        SHA256: 3e9a51973a839e5bc6e81c886e085b777d08ce2b24f816b7552cf2c44e322d59
-        SHA384: e6206b8dc5d081bcf85545a545ebe91bb0c796b5b94bf0b915223440f73a2cea4ca0981d8da85ae07384918a1f7c927d
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 1519396ee230f02cad1fcfdb077a35f0
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: c8ad68543dfad5dd6755280509f19422
-    SHA1: c69e969805de6ca1201e67409b7dcb005cfdc8b8
-    SHA256: 74a96f12a0a25d6abdf05628a4a1fad9c3f4fcb2db2b43549616e33071123a39
-  Sections:
-    .text:
-      Entropy: 6.4355501612921335
-      Virtual Size: '0x36608'
-    .rdata:
-      Entropy: 3.5104433986216437
-      Virtual Size: '0x6494'
-    .data:
-      Entropy: 3.2725110652235028
-      Virtual Size: '0x2fa8'
-    .pdata:
-      Entropy: 5.423893370757597
-      Virtual Size: '0x2694'
-    PAGE:
-      Entropy: 6.2202119132514815
-      Virtual Size: '0x19f7'
-    .edata:
-      Entropy: 5.836520600697436
-      Virtual Size: '0x57c1'
-    INIT:
-      Entropy: 5.298026666334914
-      Virtual Size: '0x17fe'
-    .rsrc:
-      Entropy: 3.409376014331317
-      Virtual Size: '0x760'
-    .reloc:
-      Entropy: 4.105722313144271
-      Virtual Size: '0x7e0'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2015-08-27 07:19:02'
-  Imphash: 5e4c9e685f9b7d77c90ff710972bb7dd
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: TmComm.sys
-  MD5: c006d1844f20b91d0ea52bf32d611f30
-  SHA1: 70258117b5efe65476f85143fd14fa0b7f148adb
-  SHA256: ecd07df7ad6fee9269a9e9429eb199bf3e24cf672aa1d013b7e8d90d75324566
-  Authentihash:
-    MD5: 893a04662ec3207278510b671992072d
-    SHA1: 61ec0fdef8d1c5248fab9a3cf0764b7be9ddea37
-    SHA256: 2c1b6a278ff90171a7472423a2626edcf75233aacac1bd7d1995716ef26f8dcf
-  Description: TrendMicro Common Module
-  Company: Trend Micro Inc.
-  InternalName: TmComm.sys
-  OriginalFilename: TmComm.sys
-  FileVersion: 7.0.0.1176
-  Product: Trend Micro Eyes
-  ProductVersion: '7.0'
-  Copyright: Copyright  (C)  2019 Trend Micro Incorporated. All rights reserved.
-  MachineType: I386
-  Imports:
-  - ntoskrnl.exe
-  - CLASSPNP.SYS
-  - HAL.dll
-  ExportedFunctions:
-  - ??0CAutoUpdateConfigThread@@QAE@ABV0@@Z
-  - ??0CAutoUpdateConfigThread@@QAE@PAU_UNICODE_STRING@@P6GX0PAX@Z1@Z
-  - ??0CBlobConfig@@QAE@ABV0@@Z
-  - ??0CBlobConfig@@QAE@K@Z
-  - ??0CContext@@QAE@ABV0@@Z
-  - ??0CContext@@QAE@KP6GJPAU_EVENT_REPORT@@PAXPAU_TMCE_REPORT@@PAU_TMCE_FEEDBACK@@@Z1K@Z
-  - ??0CContextList@@QAE@ABV0@@Z
-  - ??0CContextList@@QAE@KPAVIMemoryAllocator@@@Z
-  - ??0CDebugLog@@QAE@ABV0@@Z
-  - ??0CDebugLog@@QAE@PBG@Z
-  - ??0CDebugLogEx@@QAE@ABV0@@Z
-  - ??0CDebugLogEx@@QAE@K@Z
-  - ??0CDelayLoadThread@@QAE@ABV0@@Z
-  - ??0CDelayLoadThread@@QAE@XZ
-  - ??0CExclusionExtConfig@@QAE@ABV0@@Z
-  - ??0CExclusionExtConfig@@QAE@KKE@Z
-  - ??0CExclusionFileNameConfig@@QAE@ABV0@@Z
-  - ??0CExclusionFileNameConfig@@QAE@KK@Z
-  - ??0CExclusionFilePathConfig@@QAE@ABV0@@Z
-  - ??0CExclusionFilePathConfig@@QAE@KK@Z
-  - ??0CExclusionFolderConfig@@QAE@ABV0@@Z
-  - ??0CExclusionFolderConfig@@QAE@KK@Z
-  - ??0CExclusionRegistryConfig@@QAE@ABV0@@Z
-  - ??0CExclusionRegistryConfig@@QAE@KK@Z
-  - ??0CFile@@QAE@ABV0@@Z
-  - ??0CFile@@QAE@E@Z
-  - ??0CFileExtension@@QAE@ABV0@@Z
-  - ??0CFileExtension@@QAE@KEEPAVIMemoryAllocator@@@Z
-  - ??0CInclusionExtConfig@@QAE@ABV0@@Z
-  - ??0CInclusionExtConfig@@QAE@KKE@Z
-  - ??0CInclusionFileNameConfig@@QAE@ABV0@@Z
-  - ??0CInclusionFileNameConfig@@QAE@KK@Z
-  - ??0CInclusionFilePathConfig@@QAE@ABV0@@Z
-  - ??0CInclusionFilePathConfig@@QAE@KK@Z
-  - ??0CInclusionFolderConfig@@QAE@ABV0@@Z
-  - ??0CInclusionFolderConfig@@QAE@KK@Z
-  - ??0CKEvent@@QAE@ABV0@@Z
-  - ??0CKEvent@@QAE@W4_EVENT_TYPE@@E@Z
-  - ??0CList@@QAE@ABV0@@Z
-  - ??0CList@@QAE@KPAVIMemoryAllocator@@@Z
-  - ??0CLockEvent@@QAE@ABV0@@Z
-  - ??0CLockEvent@@QAE@XZ
-  - ??0CLockList@@QAE@ABV0@@Z
-  - ??0CLockList@@QAE@KKPAVIMemoryAllocator@@@Z
-  - ??0CMemoryAllocator@@IAE@W4_POOL_TYPE@@K@Z
-  - ??0CMemoryAllocator@@QAE@ABV0@@Z
-  - ??0CMemoryPoolAllocator@@IAE@W4_POOL_TYPE@@KKK@Z
-  - ??0CMemoryPoolAllocator@@QAE@ABV0@@Z
-  - ??0CModuleConfig@@QAE@ABV0@@Z
-  - ??0CModuleConfig@@QAE@XZ
-  - ??0CModuleConfigList@@QAE@ABV0@@Z
-  - ??0CModuleConfigList@@QAE@KPAVIMemoryAllocator@@@Z
-  - ??0CModuleFileExtConfig@@QAE@ABV0@@Z
-  - ??0CModuleFileExtConfig@@QAE@KKE@Z
-  - ??0CModuleFlagConfig@@QAE@ABV0@@Z
-  - ??0CModuleFlagConfig@@QAE@K@Z
-  - ??0CModuleMultiStringConfig@@QAE@ABV0@@Z
-  - ??0CModuleMultiStringConfig@@QAE@KK@Z
-  - ??0CModuleStringConfig@@QAE@ABV0@@Z
-  - ??0CModuleStringConfig@@QAE@K@Z
-  - ??0CNoLockList@@QAE@ABV0@@Z
-  - ??0CNoLockList@@QAE@KKPAVIMemoryAllocator@@@Z
-  - ??0CSmartLock@@QAE@AAVCLockEvent@@@Z
-  - ??0CSmartLock@@QAE@XZ
-  - ??0CSmartReference@@QAE@AAJ@Z
-  - ??0CSmartReference@@QAE@AAK@Z
-  - ??0CSmartResource@@QAE@AAVCResource@@E@Z
-  - ??0CStrList@@QAE@ABV0@@Z
-  - ??0CStrList@@QAE@KPAVIMemoryAllocator@@@Z
-  - ??0CSystemThread@@QAE@ABV0@@Z
-  - ??0CSystemThread@@QAE@K@Z
-  - ??0CUserFuncAdapterJob@@QAE@ABV0@@Z
-  - ??0CUserFuncAdapterJob@@QAE@P6GXPAX@Z01@Z
-  - ??0CWorkerThread@@IAE@PAVCWorkerThreadJobQueue@@@Z
-  - ??0CWorkerThread@@QAE@ABV0@@Z
-  - ??0CWorkerThreadJob@@QAE@ABV0@@Z
-  - ??0CWorkerThreadJob@@QAE@E@Z
-  - ??0CWorkerThreadJobQueue@@QAE@ABV0@@Z
-  - ??0CWorkerThreadJobQueue@@QAE@K@Z
-  - ??0CWorkerThreadPool@@QAE@ABV0@@Z
-  - ??0CWorkerThreadPool@@QAE@K@Z
-  - ??0CWorkerThreadPoolEx@@QAE@ABV0@@Z
-  - ??0CWorkerThreadPoolEx@@QAE@KK@Z
-  - ??0IMemoryAllocator@@QAE@ABV0@@Z
-  - ??0IMemoryAllocator@@QAE@XZ
-  - ??1CAutoUpdateConfigThread@@UAE@XZ
-  - ??1CBlobConfig@@UAE@XZ
-  - ??1CContext@@UAE@XZ
-  - ??1CContextList@@UAE@XZ
-  - ??1CDebugLog@@UAE@XZ
-  - ??1CDebugLogEx@@UAE@XZ
-  - ??1CDelayLoadThread@@UAE@XZ
-  - ??1CExclusionExtConfig@@UAE@XZ
-  - ??1CExclusionFileNameConfig@@UAE@XZ
-  - ??1CExclusionFilePathConfig@@UAE@XZ
-  - ??1CExclusionFolderConfig@@UAE@XZ
-  - ??1CExclusionRegistryConfig@@UAE@XZ
-  - ??1CFile@@UAE@XZ
-  - ??1CFileExtension@@UAE@XZ
-  - ??1CInclusionExtConfig@@UAE@XZ
-  - ??1CInclusionFileNameConfig@@UAE@XZ
-  - ??1CInclusionFilePathConfig@@UAE@XZ
-  - ??1CInclusionFolderConfig@@UAE@XZ
-  - ??1CKEvent@@UAE@XZ
-  - ??1CList@@UAE@XZ
-  - ??1CLockEvent@@UAE@XZ
-  - ??1CLockList@@UAE@XZ
-  - ??1CMemoryAllocator@@UAE@XZ
-  - ??1CMemoryPoolAllocator@@UAE@XZ
-  - ??1CModuleConfig@@UAE@XZ
-  - ??1CModuleConfigList@@UAE@XZ
-  - ??1CModuleFileExtConfig@@UAE@XZ
-  - ??1CModuleFlagConfig@@UAE@XZ
-  - ??1CModuleMultiStringConfig@@UAE@XZ
-  - ??1CModuleStringConfig@@UAE@XZ
-  - ??1CNoLockList@@UAE@XZ
-  - ??1CSmartLock@@QAE@XZ
-  - ??1CSmartReference@@QAE@XZ
-  - ??1CSmartResource@@QAE@XZ
-  - ??1CStrList@@UAE@XZ
-  - ??1CSystemThread@@UAE@XZ
-  - ??1CUserFuncAdapterJob@@UAE@XZ
-  - ??1CWorkerThread@@UAE@XZ
-  - ??1CWorkerThreadJob@@UAE@XZ
-  - ??1CWorkerThreadJobQueue@@UAE@XZ
-  - ??1CWorkerThreadPool@@UAE@XZ
-  - ??1CWorkerThreadPoolEx@@UAE@XZ
-  - ??1IMemoryAllocator@@UAE@XZ
-  - ??2@YAPAXIPAVIMemoryAllocator@@PBDK@Z
-  - ??2CMemoryAllocator@@SGPAXI@Z
-  - ??2CMemoryPoolAllocator@@SGPAXI@Z
-  - ??3@YAXPAX@Z
-  - ??3@YAXPAXI@Z
-  - ??3IMemoryAllocator@@SGXPAX@Z
-  - ??4CAutoUpdateConfigThread@@QAEAAV0@ABV0@@Z
-  - ??4CBlobConfig@@QAEAAV0@ABV0@@Z
-  - ??4CContext@@QAEAAV0@ABV0@@Z
-  - ??4CDebugLog@@QAEAAV0@ABV0@@Z
-  - ??4CDebugLogEx@@QAEAAV0@ABV0@@Z
-  - ??4CDelayLoadThread@@QAEAAV0@ABV0@@Z
-  - ??4CFile@@QAEAAV0@ABV0@@Z
-  - ??4CKEvent@@QAEAAV0@ABV0@@Z
-  - ??4CLockEvent@@QAEAAV0@ABV0@@Z
-  - ??4CMemoryAllocator@@QAEAAV0@ABV0@@Z
-  - ??4CMemoryPoolAllocator@@QAEAAV0@ABV0@@Z
-  - ??4CModuleConfig@@QAEAAV0@ABV0@@Z
-  - ??4CModuleFlagConfig@@QAEAAV0@ABV0@@Z
-  - ??4CModuleStringConfig@@QAEAAV0@ABV0@@Z
-  - ??4CSmartLock@@QAEAAV0@ABV0@@Z
-  - ??4CSmartLock@@QAEABV0@AAVCLockEvent@@@Z
-  - ??4CSmartResource@@QAEAAV0@ABV0@@Z
-  - ??4CSystemThread@@QAEAAV0@ABV0@@Z
-  - ??4CUserFuncAdapterJob@@QAEAAV0@ABV0@@Z
-  - ??4CWorkerThread@@QAEAAV0@ABV0@@Z
-  - ??4CWorkerThreadJob@@QAEAAV0@ABV0@@Z
-  - ??4IMemoryAllocator@@QAEAAV0@ABV0@@Z
-  - ??_7CAutoUpdateConfigThread@@6B@
-  - ??_7CBlobConfig@@6B@
-  - ??_7CContext@@6B@
-  - ??_7CContextList@@6B@
-  - ??_7CDebugLog@@6B@
-  - ??_7CDebugLogEx@@6B@
-  - ??_7CDelayLoadThread@@6B@
-  - ??_7CExclusionExtConfig@@6B@
-  - ??_7CExclusionFileNameConfig@@6B@
-  - ??_7CExclusionFilePathConfig@@6B@
-  - ??_7CExclusionFolderConfig@@6B@
-  - ??_7CExclusionRegistryConfig@@6B@
-  - ??_7CFile@@6B@
-  - ??_7CFileExtension@@6B@
-  - ??_7CInclusionExtConfig@@6B@
-  - ??_7CInclusionFileNameConfig@@6B@
-  - ??_7CInclusionFilePathConfig@@6B@
-  - ??_7CInclusionFolderConfig@@6B@
-  - ??_7CKEvent@@6B@
-  - ??_7CList@@6B@
-  - ??_7CLockEvent@@6B@
-  - ??_7CLockList@@6B@
-  - ??_7CMemoryAllocator@@6B@
-  - ??_7CMemoryPoolAllocator@@6B@
-  - ??_7CModuleConfig@@6B@
-  - ??_7CModuleConfigList@@6B@
-  - ??_7CModuleFileExtConfig@@6B@
-  - ??_7CModuleFlagConfig@@6B@
-  - ??_7CModuleMultiStringConfig@@6B@
-  - ??_7CModuleStringConfig@@6B@
-  - ??_7CNoLockList@@6B@
-  - ??_7CStrList@@6B@
-  - ??_7CSystemThread@@6B@
-  - ??_7CUserFuncAdapterJob@@6B@
-  - ??_7CWorkerThread@@6B@
-  - ??_7CWorkerThreadJob@@6B@
-  - ??_7CWorkerThreadJobQueue@@6B@
-  - ??_7CWorkerThreadPool@@6B@
-  - ??_7CWorkerThreadPoolEx@@6B@
-  - ??_7IMemoryAllocator@@6B@
-  - ??_FCContextList@@QAEXXZ
-  - ??_FCFile@@QAEXXZ
-  - ??_FCFileExtension@@QAEXXZ
-  - ??_FCModuleConfigList@@QAEXXZ
-  - ??_FCStrList@@QAEXXZ
-  - ??_FCSystemThread@@QAEXXZ
-  - ??_FCWorkerThread@@QAEXXZ
-  - ??_FCWorkerThreadJob@@QAEXXZ
-  - ??_FCWorkerThreadJobQueue@@QAEXXZ
-  - ??_U@YAPAXIPAVIMemoryAllocator@@PBDK@Z
-  - ??_V@YAXPAX@Z
-  - ?Acquire@CLockEvent@@QAEXXZ
-  - ?Add@CContextList@@QAEEPAVCContext@@@Z
-  - ?Add@CFileExtension@@QAEEPBGK@Z
-  - ?Add@CModuleConfigList@@QAEEPAVCModuleConfig@@@Z
-  - ?Add@CStrList@@QAEEPBG@Z
-  - ?AddNode@CLockList@@UAEEQAXE@Z
-  - ?AddNode@CNoLockList@@UAEEQAXE@Z
-  - ?Alloc@CMemoryAllocator@@UAEPAXKPBDK@Z
-  - ?Alloc@CMemoryPoolAllocator@@UAEPAXKPBDK@Z
-  - ?AllocBlock@CMemoryPoolAllocator@@IAEPAXK@Z
-  - ?AttachJobQueue@CWorkerThread@@QAEXPAVCWorkerThreadJobQueue@@@Z
-  - ?Cancel@CWorkerThreadJob@@QAEXXZ
-  - ?CheckNode@CLockList@@UAEHQAX@Z
-  - ?CheckNode@CNoLockList@@UAEHQAX@Z
-  - ?CleanQueue@CWorkerThreadJobQueue@@QAEXXZ
-  - ?Cleanup@CBlobConfig@@AAEXXZ
-  - ?Cleanup@CModuleFileExtConfig@@IAEXXZ
-  - ?Cleanup@CModuleMultiStringConfig@@IAEXXZ
-  - ?Cleanup@CModuleStringConfig@@AAEXXZ
-  - ?Close@CFile@@QAEJXZ
-  - ?Count@CLockList@@QAEKXZ
-  - ?Count@CNoLockList@@QAEKXZ
-  - ?Create@CFile@@QAEJPBGKKKK@Z
-  - ?Create@CSystemThread@@QAEEXZ
-  - ?CreateInstance@CMemoryAllocator@@SGPAV1@W4_POOL_TYPE@@K@Z
-  - ?CreateInstance@CMemoryPoolAllocator@@SGPAV1@W4_POOL_TYPE@@KKK@Z
-  - ?CreatePool@CWorkerThreadPool@@QAEEXZ
-  - ?CreatePool@CWorkerThreadPoolEx@@QAEEXZ
-  - ?CreateThreads@CWorkerThreadPool@@QAEEK@Z
-  - ?CreateThreads@CWorkerThreadPoolEx@@QAEEK@Z
-  - ?CreateWIRP@CFile@@QAEJPBGKKKK@Z
-  - ?Delete@CFile@@QAEJXZ
-  - ?Delete@CFileExtension@@QAEEPBGK@Z
-  - ?Delete@CStrList@@QAEEPBG@Z
-  - ?DeleteAll@CList@@UAEXXZ
-  - ?DeleteAll@CLockList@@UAEXXZ
-  - ?DeleteAll@CNoLockList@@UAEXXZ
-  - ?DeleteNode@CContextList@@MAEXPAX@Z
-  - ?DeleteNode@CList@@UAEXPAX@Z
-  - ?DeleteNode@CModuleConfigList@@MAEXPAX@Z
-  - ?DeleteNode@CStrList@@EAEXPAU_STR_LIST_NODE@1@@Z
-  - ?DisableWriteProtectFromCR0@@YGXPAPAX@Z
-  - ?DoIt@CWorkerThreadJob@@QAEJXZ
-  - ?EntryPoint@CSystemThread@@KGXPAX@Z
-  - ?Find@CContextList@@QAEPAVCContext@@K@Z
-  - ?Find@CContextList@@QAEPAVCContext@@PAX@Z
-  - ?Find@CFileExtension@@QAEPAU_STR_LIST_NODE@CStrList@@PBGK@Z
-  - ?Find@CModuleConfigList@@QAEPAVCModuleConfig@@K@Z
-  - ?Find@CStrList@@QAEPAU_STR_LIST_NODE@1@PBG@Z
-  - ?FindNode@CContextList@@IAEPAXPAX@Z
-  - ?FindPartiallyAndAllMatch@CStrList@@QAEPAU_STR_LIST_NODE@1@PBG@Z
-  - ?FinishFunction@CUserFuncAdapterJob@@MAEXXZ
-  - ?FinishIt@CWorkerThreadJob@@QAEJXZ
-  - ?First@CList@@UAEPAXXZ
-  - ?First@CLockList@@UAEPAXXZ
-  - ?First@CNoLockList@@UAEPAXXZ
-  - ?Free@CMemoryAllocator@@UAEXPAX@Z
-  - ?Free@CMemoryPoolAllocator@@UAEXPAX@Z
-  - ?GetAttributes@CFile@@QAEKXZ
-  - ?GetBasicInfomration@CFile@@IAEJXZ
-  - ?GetBlobCofig@CContext@@UAEJKPAXPAK@Z
-  - ?GetCategory@CContext@@QAEKXZ
-  - ?GetData@CBlobConfig@@QAEHPAXPAK@Z
-  - ?GetData@CModuleFileExtConfig@@QAEHPAGPAK@Z
-  - ?GetData@CModuleFileExtConfig@@QAEPAVCFileExtension@@XZ
-  - ?GetData@CModuleFlagConfig@@QAEKXZ
-  - ?GetData@CModuleMultiStringConfig@@QAEHPAGPAK@Z
-  - ?GetData@CModuleMultiStringConfig@@QAEPAVCStrList@@XZ
-  - ?GetData@CModuleStringConfig@@QAEPAGXZ
-  - ?GetData@CStrList@@QAEEPAGPAK@Z
-  - ?GetDataType@CModuleConfig@@QAEKXZ
-  - ?GetEngineContext@CContext@@QAEPAXXZ
-  - ?GetFileExtensionConfig@CContext@@QAEPAVCFileExtension@@K@Z
-  - ?GetFileExtensionConfig@CContext@@UAEJKPAGPAK@Z
-  - ?GetFileSize@CFile@@QAEJPAT_LARGE_INTEGER@@@Z
-  - ?GetFileSizeWIRP@CFile@@QAEJPAT_LARGE_INTEGER@@@Z
-  - ?GetFlagConfig@CContext@@UAEJKPAK@Z
-  - ?GetID@CModuleConfig@@QAEKXZ
-  - ?GetJob@CWorkerThreadJobQueue@@QAEPAVCWorkerThreadJob@@XZ
-  - ?GetLength@CModuleStringConfig@@QAEKXZ
-  - ?GetLinkContext@CContext@@QAEPAXXZ
-  - ?GetLogFlag@CDebugLog@@QAEKXZ
-  - ?GetLogFlag@CDebugLogEx@@QAEKXZ
-  - ?GetModuleId@CModuleConfig@@QAEKXZ
-  - ?GetMultiStringConfig@CContext@@QAEPAVCStrList@@K@Z
-  - ?GetMultiStringConfig@CContext@@UAEJKPAGPAK@Z
-  - ?GetOneThreadTEB@CWorkerThreadPool@@QAEPAU_ETHREAD@@XZ
-  - ?GetOneThreadTEB@CWorkerThreadPool@@QAEPAU_KTHREAD@@XZ
-  - ?GetOneThreadTEB@CWorkerThreadPoolEx@@QAEPAU_ETHREAD@@XZ
-  - ?GetOneThreadTEB@CWorkerThreadPoolEx@@QAEPAU_KTHREAD@@XZ
-  - ?GetReportCallBackRoutine@CContext@@QAEKXZ
-  - ?GetSize@CBlobConfig@@QAEKXZ
-  - ?GetStringConfig@CContext@@QAEPAGK@Z
-  - ?GetStringConfig@CContext@@UAEJKPAGPAK@Z
-  - ?GetThreadCount@CWorkerThreadPool@@QAEKXZ
-  - ?GetThreadCount@CWorkerThreadPoolEx@@QAEKXZ
-  - ?GetThreadID@CSystemThread@@QAEKXZ
-  - ?GetType@CContext@@QAEKXZ
-  - ?GetUserParameter@CContext@@QAEKXZ
-  - ?InitProcMon@CDebugLogEx@@IAEXXZ
-  - ?InitializeBlobConfig@CContext@@QAEHKPAXK@Z
-  - ?InitializeFileExtensionConfig@CContext@@QAEHKPBG@Z
-  - ?InitializeFlagConfig@CContext@@QAEHKK@Z
-  - ?InitializeMultiStringConfig@CContext@@QAEHKPBG@Z
-  - ?InitializeStringConfig@CContext@@QAEHKPBG@Z
-  - ?Insert@CList@@UAEXQAXE@Z
-  - ?Insert@CLockList@@UAEXQAXE@Z
-  - ?Insert@CNoLockList@@UAEXQAXE@Z
-  - ?InsertAfter@CList@@UAEXPAX0@Z
-  - ?InsertBefore@CList@@UAEXPAX0@Z
-  - ?Instance@CWorkerThreadPool@@SGPAV1@XZ
-  - ?IsEmpty@CList@@UAEEXZ
-  - ?IsEmpty@CLockList@@UAEEXZ
-  - ?IsEmpty@CNoLockList@@UAEEXZ
-  - ?IsExceedLimitation@CMemoryPoolAllocator@@IAEEK@Z
-  - ?IsFull@CLockList@@QBEEXZ
-  - ?IsFull@CNoLockList@@QBEEXZ
-  - ?IsInExclusionList@CExclusionExtConfig@@QAEEPBG@Z
-  - ?IsInExclusionList@CExclusionFileNameConfig@@QAEEPBG@Z
-  - ?IsInExclusionList@CExclusionFilePathConfig@@QAEEPBG@Z
-  - ?IsInExclusionList@CExclusionFolderConfig@@QAEEPBG@Z
-  - ?IsInExclusionList@CExclusionRegistryConfig@@QAEEPBG@Z
-  - ?IsInInclusionList@CInclusionExtConfig@@QAEEPBG@Z
-  - ?IsInInclusionList@CInclusionFileNameConfig@@QAEEPBG@Z
-  - ?IsInInclusionList@CInclusionFilePathConfig@@QAEEPBG@Z
-  - ?IsInInclusionList@CInclusionFolderConfig@@QAEEPBG@Z
-  - ?IsOpened@CFile@@QAEEXZ
-  - ?IsTerminated@CWorkerThreadPool@@QAEEXZ
-  - ?IsTerminated@CWorkerThreadPoolEx@@QAEEXZ
-  - ?IsValid@CMemoryAllocator@@UAEEXZ
-  - ?IsValid@CMemoryPoolAllocator@@UAEEXZ
-  - ?IsValid@IMemoryAllocator@@UAEEXZ
-  - ?IsWorkerThread@CWorkerThreadPool@@QAEEK@Z
-  - ?IsWorkerThread@CWorkerThreadPoolEx@@QAEEK@Z
-  - ?JobFunction@CUserFuncAdapterJob@@MAEXXZ
-  - ?JobQueue@CWorkerThreadPool@@QAEAAVCWorkerThreadJobQueue@@XZ
-  - ?JobQueue@CWorkerThreadPoolEx@@QAEAAVCWorkerThreadJobQueue@@XZ
-  - ?Limit@CLockList@@QAEKXZ
-  - ?Limit@CNoLockList@@QAEKXZ
-  - ?MatchAllExtensions@CFileExtension@@QAEEXZ
-  - ?MatchNoExtensions@CFileExtension@@QAEEXZ
-  - ?MergeLeft@CMemoryPoolAllocator@@IAEPAXPAX@Z
-  - ?MergeRight@CMemoryPoolAllocator@@IAEPAXPAX@Z
-  - ?NeedDelete@CWorkerThreadJob@@QAEEXZ
-  - ?NeedDeleteWhenFinish@CWorkerThreadJob@@QAEXE@Z
-  - ?NewNode@CList@@UAEPAXXZ
-  - ?NewNode@CStrList@@EAEPAXXZ
-  - ?NewNodeVariant@CList@@IAEPAXK@Z
-  - ?Next@CList@@UBEPAXQAX@Z
-  - ?Next@CLockList@@UBEPAXQAX@Z
-  - ?Next@CNoLockList@@UBEPAXQAX@Z
-  - ?NextPool@CMemoryPoolAllocator@@QAEPAV1@XZ
-  - ?NotityTerminate@CWorkerThread@@QAEXXZ
-  - ?PostJobToWorkerThread@CWorkerThreadPool@@QAEJP6GXPAX@Z0E@Z
-  - ?PostJobToWorkerThread@CWorkerThreadPoolEx@@QAEJP6GXPAX@Z0E1@Z
-  - ?Pulse@CKEvent@@QAEJJE@Z
-  - ?QueueJob@CWorkerThreadJobQueue@@QAEEPAVCWorkerThreadJob@@@Z
-  - ?QueueJobItem@CWorkerThreadPool@@QAEJPAVCWorkerThreadJob@@@Z
-  - ?QueueJobItem@CWorkerThreadPoolEx@@QAEJPAVCWorkerThreadJob@@@Z
-  - ?RCMInstance@CWorkerThreadPool@@SGPAV1@XZ
-  - ?Read@CFile@@QAEJPADKPAK@Z
-  - ?ReadWIRP@CFile@@QAEJPADKPAK@Z
-  - ?ReferenceCount@CContext@@QAEAAKXZ
-  - ?Release@CLockEvent@@QAEXXZ
-  - ?Remove@CContextList@@UAEEQAX@Z
-  - ?Remove@CList@@UAEEQAX@Z
-  - ?Remove@CLockList@@UAEEQAX@Z
-  - ?Remove@CNoLockList@@UAEEQAX@Z
-  - ?RemoveHead@CList@@UAEPAXXZ
-  - ?RemoveHead@CLockList@@UAEPAXXZ
-  - ?RemoveHead@CNoLockList@@UAEPAXXZ
-  - ?RemoveTail@CList@@UAEPAXXZ
-  - ?RemoveTail@CLockList@@UAEPAXXZ
-  - ?RemoveTail@CNoLockList@@UAEPAXXZ
-  - ?Reset@CKEvent@@QAEXXZ
-  - ?ResetData@CInclusionExtConfig@@QAEXXZ
-  - ?ResetData@CInclusionFileNameConfig@@QAEXXZ
-  - ?ResetData@CInclusionFilePathConfig@@QAEXXZ
-  - ?ResetData@CInclusionFolderConfig@@QAEXXZ
-  - ?RestoreCR0@@YGXPAX@Z
-  - ?Run@CAutoUpdateConfigThread@@UAEXXZ
-  - ?Run@CDelayLoadThread@@UAEXXZ
-  - ?Run@CWorkerThread@@UAEXXZ
-  - ?SeekToEnd@CFile@@QAEJXZ
-  - ?Set@CKEvent@@QAEJJE@Z
-  - ?SetAttributes@CFile@@QAEJK@Z
-  - ?SetBlobCofig@CContext@@UAEJKPAXK@Z
-  - ?SetData@CBlobConfig@@QAEHPAXK@Z
-  - ?SetData@CModuleFileExtConfig@@QAEHPBG@Z
-  - ?SetData@CModuleFlagConfig@@QAEHK@Z
-  - ?SetData@CModuleMultiStringConfig@@QAEHPBGK@Z
-  - ?SetData@CModuleStringConfig@@QAEHPBG@Z
-  - ?SetEngineContext@CContext@@QAEXPAX@Z
-  - ?SetFileExtensionConfig@CContext@@UAEJKPBG@Z
-  - ?SetFlagConfig@CContext@@UAEJKK@Z
-  - ?SetLinkContext@CContext@@QAEXPAX@Z
-  - ?SetLogFlag@CDebugLog@@QAEEK@Z
-  - ?SetLogFlag@CDebugLogEx@@QAEEK@Z
-  - ?SetMatchAllExtensions@CFileExtension@@QAEXE@Z
-  - ?SetMatchNoExtensions@CFileExtension@@QAEXE@Z
-  - ?SetMultiStringConfig@CContext@@UAEJKPBG@Z
-  - ?SetNewJobItemEvent@CWorkerThreadJobQueue@@QAEXXZ
-  - ?SetPriority@CSystemThread@@QAEXK@Z
-  - ?SetStopUse@CContext@@QAEXXZ
-  - ?SetStringConfig@CContext@@UAEJKPBG@Z
-  - ?Setup@CSystemThread@@MAEXXZ
-  - ?StopUse@CContext@@QAEHXZ
-  - ?TearDown@CSystemThread@@MAEXXZ
-  - ?Terminate@CSystemThread@@QAEXE@Z
-  - ?Terminate@CWorkerThreadPool@@QAEEXZ
-  - ?Terminate@CWorkerThreadPoolEx@@QAEEXZ
-  - ?TmExceptionFilter@@YGJPAU_EXCEPTION_POINTERS@@@Z
-  - ?Wait@CKEvent@@QAEJPAT_LARGE_INTEGER@@E@Z
-  - ?WaitFinish@CWorkerThreadJob@@QAEXXZ
-  - ?WaitForInit@CDelayLoadThread@@QAEEXZ
-  - ?WaitForLoad@CDelayLoadThread@@QAEEXZ
-  - ?WaitNewJobAvailable@CWorkerThreadJobQueue@@QAEEXZ
-  - ?WaitQueueEmpty@CWorkerThreadJobQueue@@QAEXXZ
-  - ?Write@CDebugLog@@QAAXPBDZZ
-  - ?Write@CDebugLogEx@@QAAXPBDZZ
-  - ?Write@CFile@@QAEJPADKPAT_LARGE_INTEGER@@PAK@Z
-  - ?WriteDataToFile@CDebugLogEx@@IAEXPADK@Z
-  - ?WriteDataToProcMonW@CDebugLogEx@@IAEXPAD@Z
-  - ?WriteSystemInformation@CDebugLog@@QAEXXZ
-  - ?WriteSystemInformation@CDebugLogEx@@QAEXXZ
-  - ?WriteSystemStringInformation@CDebugLog@@IAEXPBG@Z
-  - ?WriteSystemStringInformation@CDebugLogEx@@IAEXPBG@Z
-  - ?WriteToFile@CDebugLog@@IAEXPADK@Z
-  - ?WriteToProcMonW@CDebugLogEx@@IAEXPAU_UNICODE_STRING@@@Z
-  - ?_pNonPagedAllocator@@3PAVCMemoryAllocator@@A
-  - ?_pPagedAllocator@@3PAVCMemoryAllocator@@A
-  - ?m_lpInstance@CWorkerThreadPool@@1PAV1@A
-  - ?m_lpRCMInstance@CWorkerThreadPool@@1PAV1@A
-  - _AllocFullFileName@8
-  - _DeInitKm2UmCommunication@0
-  - _DeInitKmLPC@0
-  - _DuplicateFullFileName@4
-  - _FreeFullFileName@4
-  - _GetKm2UmMode@0
-  - _GetModuleInfoByAddress@8
-  - _GetModuleInfoByModuleName@8
-  - _InitKm2UmCommunication@8
-  - _InitKmLPC@0
-  - _IsVerifierCodeCheckFlagOn@0
-  - _IsWindows8_1_update@4
-  - _KmCallUm@8
-  - _KmCallUmByLPC@8
-  - _KmCallUmEx@12
-  - _KmCleanupCommPortAPIs@0
-  - _KmGetUmInitProcess@0
-  - _KmSetBackupCommPortAPIs@4
-  - _KmSetCommPortAPIs@4
-  - _ModGetExportProcAddress@8
-  - _ModLoadDLLToBuffer@4
-  - _ModLoadDLLToBufferWithImageSize@8
-  - _ModLoadModule@8
-  - _ModUnLoadModule@4
-  - _NormalizeFileName@4
-  - _NormalizeFullNtPathToDosName@4
-  - _TmCommConfigRoutine@4
-  - _UtilAddDeviceInDriveTable@4
-  - _UtilAddReparsePointMapping@8
-  - _UtilCleanFileReadOnly@4
-  - _UtilCloseExclusiveHandle@12
-  - _UtilCreateDosFileName@8
-  - _UtilDeleteFileForce@4
-  - _UtilGetDeviceObjectName@8
-  - _UtilGetFileNameFromFileObject@4
-  - _UtilGetFileObjectForProcessByEPROC@8
-  - _UtilGetFileObjectFromFileName@12
-  - _UtilGetProcessName@12
-  - _UtilGetSystemDirectory@4
-  - _UtilGetSystemDirectoryEx@0
-  - _UtilGetSystemDirectoryLength@0
-  - _UtilGetSystemTime@4
-  - _UtilIoSetFileInfo@24
-  - _UtilIopCreateFileIRP@40
-  - _UtilKeGetLowFileDevice@16
-  - _UtilModuleIATHook@24
-  - _UtilModuleIATUnHook@8
-  - _UtilPostJobToWorkerThread@12
-  - _UtilQueryExclusiveHandle@12
-  - _UtilQueryKeyValue@24
-  - _UtilRemoveDeviceFromDriveTable@4
-  - _UtilVolumeDeviceToDosName@8
-  - _UtilWaitValueChangeToZero@8
-  - _UtilWriteVersionToRegistry@8
-  - _UtilbuildDynamicDiskMappingTable@0
-  - _UtlWriteBinValueKeyToRegistry@16
-  - _ValidateAddressWithSize@20
-  - __ResetProtectFromClose@4
-  - __UtilDosPathNameToNtPathName@12
-  ImportedFunctions:
-  - ProbeForRead
-  - ProbeForWrite
-  - ExAcquireResourceSharedLite
-  - ExAcquireResourceExclusiveLite
-  - ExReleaseResourceLite
-  - MmProbeAndLockPages
-  - MmUnlockPages
-  - MmMapLockedPagesSpecifyCache
-  - IoAllocateMdl
-  - IoFreeMdl
-  - IoGetCurrentProcess
-  - ObfReferenceObject
-  - ObfDereferenceObject
-  - ZwClose
-  - ZwCreateSection
-  - ZwOpenSection
-  - ZwMapViewOfSection
-  - ZwUnmapViewOfSection
-  - ZwOpenEvent
-  - KePulseEvent
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - ObOpenObjectByPointer
-  - ZwAllocateVirtualMemory
-  - ZwFreeVirtualMemory
-  - ZwSetEvent
-  - _allmul
-  - memcpy
-  - memset
-  - PsProcessType
-  - wcsncpy
-  - wcsrchr
-  - RtlUnicodeStringToInteger
-  - ZwWaitForSingleObject
-  - ZwRequestWaitReplyPort
-  - ZwConnectPort
-  - swprintf
-  - RtlCopyUnicodeString
-  - DbgPrint
-  - KeDelayExecutionThread
-  - KeQuerySystemTime
-  - ExAllocatePoolWithTag
-  - ExInitializeResourceLite
-  - ExDeleteResourceLite
-  - PsGetVersion
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - IoGetDeviceObjectPointer
-  - ObReferenceObjectByHandle
-  - PsGetCurrentProcessId
-  - ZwCreateEvent
-  - ExEventObjectType
-  - MmSectionObjectType
-  - PsThreadType
-  - SeCaptureSubjectContext
-  - SeReleaseSubjectContext
-  - SeAccessCheck
-  - ObGetObjectSecurity
-  - ObReleaseObjectSecurity
-  - PsGetProcessExitTime
-  - RtlCreateSecurityDescriptor
-  - RtlSetDaclSecurityDescriptor
-  - KeInitializeSemaphore
-  - KeReleaseSemaphore
-  - RtlCreateAcl
-  - RtlAddAccessAllowedAce
-  - RtlLengthRequiredSid
-  - RtlInitializeSid
-  - RtlSubAuthoritySid
-  - ExGetPreviousMode
-  - _wcsnicmp
-  - PsSetCreateProcessNotifyRoutine
-  - ZwQueryInformationProcess
-  - PsLookupProcessByProcessId
-  - ZwOpenDirectoryObject
-  - MmIsAddressValid
-  - ZwCreateFile
-  - ZwQueryInformationFile
-  - ZwSetInformationFile
-  - ZwReadFile
-  - ZwWriteFile
-  - towupper
-  - MmGetSystemRoutineAddress
-  - ObReferenceObjectByPointer
-  - ObQueryNameString
-  - MmHighestUserAddress
-  - _snprintf
-  - _vsnprintf
-  - RtlInitAnsiString
-  - RtlAnsiStringToUnicodeString
-  - RtlFreeUnicodeString
-  - RtlTimeToTimeFields
-  - KeWaitForMultipleObjects
-  - ExSystemTimeToLocalTime
-  - ZwCreateKey
-  - PsGetCurrentThreadId
-  - ZwDeviceIoControlFile
-  - ZwNotifyChangeKey
-  - ExReleaseFastMutexUnsafe
-  - ZwQueryVolumeInformationFile
-  - mbstowcs
-  - _stricmp
-  - RtlImageNtHeader
-  - ZwQuerySystemInformation
-  - _strnicmp
-  - RtlCompareUnicodeString
-  - RtlCompareMemory
-  - MmBuildMdlForNonPagedPool
-  - IoAllocateIrp
-  - IofCallDriver
-  - IoFreeIrp
-  - RtlUpperChar
-  - ObReferenceObjectByName
-  - IoFileObjectType
-  - IoDriverObjectType
-  - IoBuildDeviceIoControlRequest
-  - IoCreateFile
-  - RtlEqualUnicodeString
-  - RtlAppendUnicodeStringToString
-  - RtlUpcaseUnicodeChar
-  - RtlPrefixUnicodeString
-  - _snwprintf
-  - strncpy
-  - NtOpenProcess
-  - NtQueryInformationProcess
-  - PsIsThreadTerminating
-  - ObOpenObjectByName
-  - KeServiceDescriptorTable
-  - KeAddSystemServiceTable
-  - KeSetPriorityThread
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - KeNumberProcessors
-  - RtlLengthSecurityDescriptor
-  - ZwOpenKey
-  - ZwDeleteKey
-  - ZwDeleteValueKey
-  - ZwEnumerateKey
-  - ZwEnumerateValueKey
-  - ZwQueryKey
-  - ZwQueryValueKey
-  - ZwSetValueKey
-  - ZwTerminateProcess
-  - ZwOpenProcess
-  - ZwQuerySecurityObject
-  - ZwSetSecurityObject
-  - ZwQueryDirectoryObject
-  - ZwQueryDirectoryFile
-  - _allrem
-  - RtlAppendUnicodeToString
-  - ZwFsControlFile
-  - ObInsertObject
-  - strrchr
-  - wcschr
-  - wcsncmp
-  - RtlQueryRegistryValues
-  - IoBuildAsynchronousFsdRequest
-  - ZwOpenSymbolicLinkObject
-  - ZwQuerySymbolicLinkObject
-  - RtlUpcaseUnicodeString
-  - NtClose
-  - ZwSetInformationObject
-  - SeQueryAuthenticationIdToken
-  - MmSystemRangeStart
-  - IoGetFileObjectGenericMapping
-  - ObCreateObject
-  - SeCreateAccessState
-  - IoAcquireVpbSpinLock
-  - IoReleaseVpbSpinLock
-  - wcstombs
-  - strncat
-  - wcsncat
-  - RtlUnicodeStringToAnsiString
-  - RtlFreeAnsiString
-  - wcsstr
-  - ExAllocatePool
-  - ExInterlockedPopEntrySList
-  - IoBuildSynchronousFsdRequest
-  - IoGetStackLimits
-  - IoGetDeviceInterfaces
-  - IoRegisterPlugPlayNotification
-  - IoUnregisterPlugPlayNotification
-  - IoGetConfigurationInformation
-  - FsRtlIsNameInExpression
-  - RtlUnwind
-  - IoDeviceObjectType
-  - IoCreateDevice
-  - RtlGetOwnerSecurityDescriptor
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetSaclSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - RtlLengthSid
-  - SeExports
-  - IoIsWdmVersionAvailable
-  - RtlAbsoluteToSelfRelativeSD
-  - ExAcquireFastMutexUnsafe
-  - ExFreePoolWithTag
-  - KeBugCheckEx
-  - KeWaitForSingleObject
-  - KeLeaveCriticalRegion
-  - KeEnterCriticalRegion
-  - KeSetEvent
-  - KeClearEvent
-  - KeInitializeEvent
-  - RtlInitUnicodeString
-  - KeGetCurrentThread
-  - memmove
-  - ZwOpenFile
-  - _purecall
-  - ClassInitialize
-  - KfRaiseIrql
-  - KeReleaseQueuedSpinLock
-  - KeAcquireQueuedSpinLock
-  - KfAcquireSpinLock
-  - KfLowerIrql
-  - KeGetCurrentIrql
-  - ExReleaseFastMutex
-  - ExAcquireFastMutex
-  - KeRaiseIrqlToDpcLevel
-  - KfReleaseSpinLock
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=TW, L=Taipei, O=Trend Micro, Inc., OU=Taipei, TW, CN=Trend Micro,
-        Inc.
-      ValidFrom: '2019-07-12 00:00:00'
-      ValidTo: '2020-07-10 12:00:00'
-      Signature: 5c08ae5d586a4751195382d6889dc2fc500e7c39c641e1a58def8d923e12b754e2cc35720cc8d3d29382980debf7d98fcc17d764187126dd07c134fdbb96dd44fe8a40195df6f6acd1881fa5ba2921dadceb3f64422344672834813916bbdf317533cf6aaf3317d78197d7d6c560ad681de135f39e2d4ad345b7fe491162660a5462c6075fd725382df1e6e6bc3a4c443be778f79b07f181082e38150ca28ab932f99e4bc4185dc5b3b6edf22c187fdfd84e23a21e7da1989837f43b89aa172e6b34dbcb297bffd511a1d1c100b25e0e921f622a0845e23317f9fec83659ca21c241800683e0dd66ce4d042a8aefc4142b5923a6fa93ee72c48e8dc04c13b4b0
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ea0fe4dfb74cc64bc32143103c27c8b
-      Version: 3
-      TBS:
-        MD5: e93e004baa6013b41135ac0648e29d5b
-        SHA1: dc91e26674d4b627319c700d3ebb1a6cf83d358e
-        SHA256: 0d20335edb166a303411548471bee6f301c8b4f7f7e453d09c15303de2c888d7
-        SHA384: 5e0130ee64e28e6366fcf0ca8a126b3f7e06eec60b8a46ac90dbfa858aac8f0c1a9cce248a606fdf9a98eae98dd5d887
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
-      Version: 3
-      TBS:
-        MD5: 829995f702421dea833a24fb2c7f4442
-        SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
-        SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
-        SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
-    Signer:
-    - SerialNumber: 0ea0fe4dfb74cc64bc32143103c27c8b
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 43b6bdf46f2eed0061a488cd8b6e0417
-    SHA1: 92e68f440af273e47d6e42c6cfeb27de0069e8eb
-    SHA256: fb37cac37cea05fdfdf6006b40bf804d46870e037ac1c836014bb9613c2256a0
-  Sections:
-    .text:
-      Entropy: 6.773538420139162
-      Virtual Size: '0x39746'
-    .rdata:
-      Entropy: 5.122447142288969
-      Virtual Size: '0x22f4'
-    .data:
-      Entropy: 4.298114547131317
-      Virtual Size: '0x3444'
-    PAGE:
-      Entropy: 6.2892805988471245
-      Virtual Size: '0x15da'
-    .edata:
-      Entropy: 5.836862891614327
-      Virtual Size: '0x5635'
-    INIT:
-      Entropy: 5.722338444534344
-      Virtual Size: '0x16ec'
-    .rsrc:
-      Entropy: 3.3520242145445915
-      Virtual Size: '0x568'
-    .reloc:
-      Entropy: 6.787941917403422
-      Virtual Size: '0x3554'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2019-10-25 05:13:45'
-  Imphash: 64d934652c680b7759f6e75d05ee3072
-  LoadsDespiteHVCI: 'TRUE'
-- Filename: TmComm.sys
-  MD5: 949ef0df929a71d6cc77494dfcb1ddeb
-  SHA1: a34adabde63514e1916713a588905c4019f83efb
-  SHA256: ed2f33452ec32830ffef2d5dc832985db9600c306ed890c47f3f33ccbb335c39
-  Authentihash:
-    MD5: aa72488d023f12e4252ac8c34499bc3c
-    SHA1: f3beb6685e5b2a2492d1da242c6e1e15a32b1c4f
-    SHA256: a4a7794cdb933d71f57cf9f31188c1152bdc9fc429e17a84c4f639942965311d
-  Description: TrendMicro Common Module
-  Company: Trend Micro Inc.
-  InternalName: TmComm.sys
-  OriginalFilename: TmComm.sys
-  FileVersion: 2.80.0.1063
-  Product: Trend Micro AEGIS
-  ProductVersion: '2.80'
-  Copyright: Copyright (C) 2005-2009 Trend Micro Incorporated. All rights reserved.
-  MachineType: I386
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  - CLASSPNP.SYS
-  ExportedFunctions:
-  - ??0CAutoUpdateConfigThread@@QAE@ABV0@@Z
-  - ??0CAutoUpdateConfigThread@@QAE@PAU_UNICODE_STRING@@P6GX0PAX@Z1@Z
-  - ??0CBlobConfig@@QAE@ABV0@@Z
-  - ??0CBlobConfig@@QAE@K@Z
-  - ??0CContext@@QAE@ABV0@@Z
-  - ??0CContext@@QAE@KP6GJPAU_EVENT_REPORT@@PAXPAU_TMCE_REPORT@@PAU_TMCE_FEEDBACK@@@Z1K@Z
-  - ??0CContextList@@QAE@ABV0@@Z
-  - ??0CContextList@@QAE@KPAVIMemoryAllocator@@@Z
-  - ??0CDebugLog@@QAE@ABV0@@Z
-  - ??0CDebugLog@@QAE@PBG@Z
-  - ??0CExclusionExtConfig@@QAE@ABV0@@Z
-  - ??0CExclusionExtConfig@@QAE@KKE@Z
-  - ??0CExclusionFileNameConfig@@QAE@ABV0@@Z
-  - ??0CExclusionFileNameConfig@@QAE@KK@Z
-  - ??0CExclusionFilePathConfig@@QAE@ABV0@@Z
-  - ??0CExclusionFilePathConfig@@QAE@KK@Z
-  - ??0CExclusionFolderConfig@@QAE@ABV0@@Z
-  - ??0CExclusionFolderConfig@@QAE@KK@Z
-  - ??0CExclusionRegistryConfig@@QAE@ABV0@@Z
-  - ??0CExclusionRegistryConfig@@QAE@KK@Z
-  - ??0CFile@@QAE@ABV0@@Z
-  - ??0CFile@@QAE@E@Z
-  - ??0CFileExtension@@QAE@ABV0@@Z
-  - ??0CFileExtension@@QAE@KEEPAVIMemoryAllocator@@@Z
-  - ??0CKEvent@@QAE@ABV0@@Z
-  - ??0CKEvent@@QAE@W4_EVENT_TYPE@@E@Z
-  - ??0CList@@QAE@ABV0@@Z
-  - ??0CList@@QAE@KPAVIMemoryAllocator@@@Z
-  - ??0CLockEvent@@QAE@ABV0@@Z
-  - ??0CLockEvent@@QAE@XZ
-  - ??0CLockList@@QAE@ABV0@@Z
-  - ??0CLockList@@QAE@KKPAVIMemoryAllocator@@@Z
-  - ??0CMemoryAllocator@@IAE@W4_POOL_TYPE@@K@Z
-  - ??0CMemoryAllocator@@QAE@ABV0@@Z
-  - ??0CMemoryPoolAllocator@@IAE@W4_POOL_TYPE@@KKK@Z
-  - ??0CMemoryPoolAllocator@@QAE@ABV0@@Z
-  - ??0CModuleConfig@@QAE@ABV0@@Z
-  - ??0CModuleConfig@@QAE@XZ
-  - ??0CModuleConfigList@@QAE@ABV0@@Z
-  - ??0CModuleConfigList@@QAE@KPAVIMemoryAllocator@@@Z
-  - ??0CModuleFileExtConfig@@QAE@ABV0@@Z
-  - ??0CModuleFileExtConfig@@QAE@KKE@Z
-  - ??0CModuleFlagConfig@@QAE@ABV0@@Z
-  - ??0CModuleFlagConfig@@QAE@K@Z
-  - ??0CModuleMultiStringConfig@@QAE@ABV0@@Z
-  - ??0CModuleMultiStringConfig@@QAE@KK@Z
-  - ??0CModuleStringConfig@@QAE@ABV0@@Z
-  - ??0CModuleStringConfig@@QAE@K@Z
-  - ??0CSmartLock@@QAE@AAVCLockEvent@@@Z
-  - ??0CSmartLock@@QAE@XZ
-  - ??0CSmartReference@@QAE@AAJ@Z
-  - ??0CSmartReference@@QAE@AAK@Z
-  - ??0CStrList@@QAE@ABV0@@Z
-  - ??0CStrList@@QAE@KPAVIMemoryAllocator@@@Z
-  - ??0CSystemThread@@QAE@ABV0@@Z
-  - ??0CSystemThread@@QAE@K@Z
-  - ??0CUserFuncAdapterJob@@QAE@ABV0@@Z
-  - ??0CUserFuncAdapterJob@@QAE@P6GXPAX@Z0@Z
-  - ??0CWorkerThread@@IAE@PAVCWorkerThreadJobQueue@@@Z
-  - ??0CWorkerThread@@QAE@ABV0@@Z
-  - ??0CWorkerThreadJob@@QAE@ABV0@@Z
-  - ??0CWorkerThreadJob@@QAE@E@Z
-  - ??0CWorkerThreadJobQueue@@QAE@ABV0@@Z
-  - ??0CWorkerThreadJobQueue@@QAE@K@Z
-  - ??0CWorkerThreadPool@@QAE@ABV0@@Z
-  - ??0CWorkerThreadPool@@QAE@K@Z
-  - ??0IMemoryAllocator@@QAE@ABV0@@Z
-  - ??0IMemoryAllocator@@QAE@XZ
-  - ??1CAutoUpdateConfigThread@@UAE@XZ
-  - ??1CBlobConfig@@UAE@XZ
-  - ??1CContext@@UAE@XZ
-  - ??1CContextList@@UAE@XZ
-  - ??1CDebugLog@@UAE@XZ
-  - ??1CExclusionExtConfig@@UAE@XZ
-  - ??1CExclusionFileNameConfig@@UAE@XZ
-  - ??1CExclusionFilePathConfig@@UAE@XZ
-  - ??1CExclusionFolderConfig@@UAE@XZ
-  - ??1CExclusionRegistryConfig@@UAE@XZ
-  - ??1CFile@@UAE@XZ
-  - ??1CFileExtension@@UAE@XZ
-  - ??1CKEvent@@UAE@XZ
-  - ??1CList@@UAE@XZ
-  - ??1CLockEvent@@UAE@XZ
-  - ??1CLockList@@UAE@XZ
-  - ??1CMemoryAllocator@@UAE@XZ
-  - ??1CMemoryPoolAllocator@@UAE@XZ
-  - ??1CModuleConfig@@UAE@XZ
-  - ??1CModuleConfigList@@UAE@XZ
-  - ??1CModuleFileExtConfig@@UAE@XZ
-  - ??1CModuleFlagConfig@@UAE@XZ
-  - ??1CModuleMultiStringConfig@@UAE@XZ
-  - ??1CModuleStringConfig@@UAE@XZ
-  - ??1CSmartLock@@QAE@XZ
-  - ??1CSmartReference@@QAE@XZ
-  - ??1CStrList@@UAE@XZ
-  - ??1CSystemThread@@UAE@XZ
-  - ??1CUserFuncAdapterJob@@UAE@XZ
-  - ??1CWorkerThread@@UAE@XZ
-  - ??1CWorkerThreadJob@@UAE@XZ
-  - ??1CWorkerThreadJobQueue@@UAE@XZ
-  - ??1CWorkerThreadPool@@UAE@XZ
-  - ??1IMemoryAllocator@@UAE@XZ
-  - ??2@YAPAXIPAVIMemoryAllocator@@PBDK@Z
-  - ??2CMemoryAllocator@@SGPAXI@Z
-  - ??2CMemoryPoolAllocator@@SGPAXI@Z
-  - ??3@YAXPAX@Z
-  - ??3IMemoryAllocator@@SGXPAX@Z
-  - ??4CAutoUpdateConfigThread@@QAEAAV0@ABV0@@Z
-  - ??4CBlobConfig@@QAEAAV0@ABV0@@Z
-  - ??4CContext@@QAEAAV0@ABV0@@Z
-  - ??4CDebugLog@@QAEAAV0@ABV0@@Z
-  - ??4CFile@@QAEAAV0@ABV0@@Z
-  - ??4CKEvent@@QAEAAV0@ABV0@@Z
-  - ??4CLockEvent@@QAEAAV0@ABV0@@Z
-  - ??4CMemoryAllocator@@QAEAAV0@ABV0@@Z
-  - ??4CMemoryPoolAllocator@@QAEAAV0@ABV0@@Z
-  - ??4CModuleConfig@@QAEAAV0@ABV0@@Z
-  - ??4CModuleFlagConfig@@QAEAAV0@ABV0@@Z
-  - ??4CModuleStringConfig@@QAEAAV0@ABV0@@Z
-  - ??4CSmartLock@@QAEAAV0@ABV0@@Z
-  - ??4CSmartLock@@QAEABV0@AAVCLockEvent@@@Z
-  - ??4CSystemThread@@QAEAAV0@ABV0@@Z
-  - ??4CUserFuncAdapterJob@@QAEAAV0@ABV0@@Z
-  - ??4CWorkerThread@@QAEAAV0@ABV0@@Z
-  - ??4CWorkerThreadJob@@QAEAAV0@ABV0@@Z
-  - ??4IMemoryAllocator@@QAEAAV0@ABV0@@Z
-  - ??_7CAutoUpdateConfigThread@@6B@
-  - ??_7CBlobConfig@@6B@
-  - ??_7CContext@@6B@
-  - ??_7CContextList@@6B@
-  - ??_7CDebugLog@@6B@
-  - ??_7CExclusionExtConfig@@6B@
-  - ??_7CExclusionFileNameConfig@@6B@
-  - ??_7CExclusionFilePathConfig@@6B@
-  - ??_7CExclusionFolderConfig@@6B@
-  - ??_7CExclusionRegistryConfig@@6B@
-  - ??_7CFile@@6B@
-  - ??_7CFileExtension@@6B@
-  - ??_7CKEvent@@6B@
-  - ??_7CList@@6B@
-  - ??_7CLockEvent@@6B@
-  - ??_7CLockList@@6B@
-  - ??_7CMemoryAllocator@@6B@
-  - ??_7CMemoryPoolAllocator@@6B@
-  - ??_7CModuleConfig@@6B@
-  - ??_7CModuleConfigList@@6B@
-  - ??_7CModuleFileExtConfig@@6B@
-  - ??_7CModuleFlagConfig@@6B@
-  - ??_7CModuleMultiStringConfig@@6B@
-  - ??_7CModuleStringConfig@@6B@
-  - ??_7CStrList@@6B@
-  - ??_7CSystemThread@@6B@
-  - ??_7CUserFuncAdapterJob@@6B@
-  - ??_7CWorkerThread@@6B@
-  - ??_7CWorkerThreadJob@@6B@
-  - ??_7CWorkerThreadJobQueue@@6B@
-  - ??_7CWorkerThreadPool@@6B@
-  - ??_7IMemoryAllocator@@6B@
-  - ??_FCContextList@@QAEXXZ
-  - ??_FCFile@@QAEXXZ
-  - ??_FCFileExtension@@QAEXXZ
-  - ??_FCModuleConfigList@@QAEXXZ
-  - ??_FCStrList@@QAEXXZ
-  - ??_FCSystemThread@@QAEXXZ
-  - ??_FCWorkerThread@@QAEXXZ
-  - ??_FCWorkerThreadJob@@QAEXXZ
-  - ??_FCWorkerThreadJobQueue@@QAEXXZ
-  - ??_U@YAPAXIPAVIMemoryAllocator@@PBDK@Z
-  - ??_V@YAXPAX@Z
-  - ?Acquire@CLockEvent@@QAEXXZ
-  - ?Add@CContextList@@QAEEPAVCContext@@@Z
-  - ?Add@CFileExtension@@QAEEPBGK@Z
-  - ?Add@CModuleConfigList@@QAEEPAVCModuleConfig@@@Z
-  - ?Add@CStrList@@QAEEPBG@Z
-  - ?AddNode@CLockList@@UAEEQAXE@Z
-  - ?Alloc@CMemoryAllocator@@UAEPAXKPBDK@Z
-  - ?Alloc@CMemoryPoolAllocator@@UAEPAXKPBDK@Z
-  - ?AllocBlock@CMemoryPoolAllocator@@IAEPAXK@Z
-  - ?AttachJobQueue@CWorkerThread@@QAEXPAVCWorkerThreadJobQueue@@@Z
-  - ?Cancel@CWorkerThreadJob@@QAEXXZ
-  - ?CheckNode@CLockList@@UAEHQAX@Z
-  - ?CleanQueue@CWorkerThreadJobQueue@@QAEXXZ
-  - ?Cleanup@CBlobConfig@@AAEXXZ
-  - ?Cleanup@CModuleFileExtConfig@@IAEXXZ
-  - ?Cleanup@CModuleMultiStringConfig@@IAEXXZ
-  - ?Cleanup@CModuleStringConfig@@AAEXXZ
-  - ?Close@CFile@@QAEJXZ
-  - ?Count@CLockList@@QAEKXZ
-  - ?Create@CFile@@QAEJPBGKKKK@Z
-  - ?Create@CSystemThread@@QAEEXZ
-  - ?CreateInstance@CMemoryAllocator@@SGPAV1@W4_POOL_TYPE@@K@Z
-  - ?CreateInstance@CMemoryPoolAllocator@@SGPAV1@W4_POOL_TYPE@@KKK@Z
-  - ?CreatePool@CWorkerThreadPool@@QAEEXZ
-  - ?CreateThreads@CWorkerThreadPool@@QAEEK@Z
-  - ?CreateWIRP@CFile@@QAEJPBGKKKK@Z
-  - ?Delete@CFile@@QAEJXZ
-  - ?Delete@CFileExtension@@QAEEPBGK@Z
-  - ?Delete@CStrList@@QAEEPBG@Z
-  - ?DeleteAll@CList@@UAEXXZ
-  - ?DeleteAll@CLockList@@UAEXXZ
-  - ?DeleteNode@CContextList@@MAEXPAX@Z
-  - ?DeleteNode@CList@@UAEXPAX@Z
-  - ?DeleteNode@CModuleConfigList@@MAEXPAX@Z
-  - ?DeleteNode@CStrList@@EAEXPAU_STR_LIST_NODE@1@@Z
-  - ?DisableWriteProtectFromCR0@@YGXPAPAX@Z
-  - ?DoIt@CWorkerThreadJob@@QAEJXZ
-  - ?EntryPoint@CSystemThread@@KGXPAX@Z
-  - ?Find@CContextList@@QAEPAVCContext@@K@Z
-  - ?Find@CContextList@@QAEPAVCContext@@PAX@Z
-  - ?Find@CFileExtension@@QAEPAU_STR_LIST_NODE@CStrList@@PBGK@Z
-  - ?Find@CModuleConfigList@@QAEPAVCModuleConfig@@K@Z
-  - ?Find@CStrList@@QAEPAU_STR_LIST_NODE@1@PBG@Z
-  - ?FindNode@CContextList@@IAEPAXPAX@Z
-  - ?FindPartiallyAndAllMatch@CStrList@@QAEPAU_STR_LIST_NODE@1@PBG@Z
-  - ?First@CList@@UAEPAXXZ
-  - ?First@CLockList@@UAEPAXXZ
-  - ?Free@CMemoryAllocator@@UAEXPAX@Z
-  - ?Free@CMemoryPoolAllocator@@UAEXPAX@Z
-  - ?GetAttributes@CFile@@QAEKXZ
-  - ?GetBasicInfomration@CFile@@IAEJXZ
-  - ?GetBlobCofig@CContext@@UAEJKPAXPAK@Z
-  - ?GetCategory@CContext@@QAEKXZ
-  - ?GetData@CBlobConfig@@QAEHPAXPAK@Z
-  - ?GetData@CModuleFileExtConfig@@QAEHPAGPAK@Z
-  - ?GetData@CModuleFileExtConfig@@QAEPAVCFileExtension@@XZ
-  - ?GetData@CModuleFlagConfig@@QAEKXZ
-  - ?GetData@CModuleMultiStringConfig@@QAEHPAGPAK@Z
-  - ?GetData@CModuleMultiStringConfig@@QAEPAVCStrList@@XZ
-  - ?GetData@CModuleStringConfig@@QAEPAGXZ
-  - ?GetData@CStrList@@QAEEPAGPAK@Z
-  - ?GetDataType@CModuleConfig@@QAEKXZ
-  - ?GetEngineContext@CContext@@QAEPAXXZ
-  - ?GetFBCallBackRoutine@CContext@@QAEKXZ
-  - ?GetFileExtensionConfig@CContext@@QAEPAVCFileExtension@@K@Z
-  - ?GetFileExtensionConfig@CContext@@UAEJKPAGPAK@Z
-  - ?GetFileSize@CFile@@QAEJPAT_LARGE_INTEGER@@@Z
-  - ?GetFlagConfig@CContext@@UAEJKPAK@Z
-  - ?GetID@CModuleConfig@@QAEKXZ
-  - ?GetJob@CWorkerThreadJobQueue@@QAEPAVCWorkerThreadJob@@XZ
-  - ?GetLength@CModuleStringConfig@@QAEKXZ
-  - ?GetLinkContext@CContext@@QAEPAXXZ
-  - ?GetLogFlag@CDebugLog@@QAEKXZ
-  - ?GetModuleId@CModuleConfig@@QAEKXZ
-  - ?GetMultiStringConfig@CContext@@QAEPAVCStrList@@K@Z
-  - ?GetMultiStringConfig@CContext@@UAEJKPAGPAK@Z
-  - ?GetOneThreadTEB@CWorkerThreadPool@@QAEPAU_ETHREAD@@XZ
-  - ?GetReportCallBackRoutine@CContext@@QAEKXZ
-  - ?GetSize@CBlobConfig@@QAEKXZ
-  - ?GetStringConfig@CContext@@QAEPAGK@Z
-  - ?GetStringConfig@CContext@@UAEJKPAGPAK@Z
-  - ?GetThreadCount@CWorkerThreadPool@@QAEKXZ
-  - ?GetThreadID@CSystemThread@@QAEKXZ
-  - ?GetType@CContext@@QAEKXZ
-  - ?GetUserParameter@CContext@@QAEKXZ
-  - ?InitializeBlobConfig@CContext@@QAEHKPAXK@Z
-  - ?InitializeFileExtensionConfig@CContext@@QAEHKPBG@Z
-  - ?InitializeFlagConfig@CContext@@QAEHKK@Z
-  - ?InitializeMultiStringConfig@CContext@@QAEHKPBG@Z
-  - ?InitializeStringConfig@CContext@@QAEHKPBG@Z
-  - ?Insert@CList@@UAEXQAXE@Z
-  - ?Insert@CLockList@@UAEXQAXE@Z
-  - ?InsertAfter@CList@@UAEXPAX0@Z
-  - ?InsertBefore@CList@@UAEXPAX0@Z
-  - ?Instance@CWorkerThreadPool@@SGPAV1@XZ
-  - ?IsEmpty@CList@@UAEEXZ
-  - ?IsEmpty@CLockList@@UAEEXZ
-  - ?IsExceedLimitation@CMemoryPoolAllocator@@IAEEK@Z
-  - ?IsFull@CLockList@@QBEEXZ
-  - ?IsInExclusionList@CExclusionExtConfig@@QAEEPBG@Z
-  - ?IsInExclusionList@CExclusionFileNameConfig@@QAEEPBG@Z
-  - ?IsInExclusionList@CExclusionFilePathConfig@@QAEEPBG@Z
-  - ?IsInExclusionList@CExclusionFolderConfig@@QAEEPBG@Z
-  - ?IsInExclusionList@CExclusionRegistryConfig@@QAEEPBG@Z
-  - ?IsOpened@CFile@@QAEEXZ
-  - ?IsTerminated@CWorkerThreadPool@@QAEEXZ
-  - ?IsValid@CMemoryAllocator@@UAEEXZ
-  - ?IsValid@CMemoryPoolAllocator@@UAEEXZ
-  - ?IsValid@IMemoryAllocator@@UAEEXZ
-  - ?IsWorkerThread@CWorkerThreadPool@@QAEEK@Z
-  - ?JobFunction@CUserFuncAdapterJob@@MAEXXZ
-  - ?JobQueue@CWorkerThreadPool@@QAEAAVCWorkerThreadJobQueue@@XZ
-  - ?Limit@CLockList@@QAEKXZ
-  - ?MatchAllExtensions@CFileExtension@@QAEEXZ
-  - ?MatchNoExtensions@CFileExtension@@QAEEXZ
-  - ?MergeLeft@CMemoryPoolAllocator@@IAEPAXPAX@Z
-  - ?MergeRight@CMemoryPoolAllocator@@IAEPAXPAX@Z
-  - ?NeedDelete@CWorkerThreadJob@@QAEEXZ
-  - ?NeedDeleteWhenFinish@CWorkerThreadJob@@QAEXE@Z
-  - ?NewNode@CList@@UAEPAXXZ
-  - ?NewNode@CStrList@@EAEPAXXZ
-  - ?NewNodeVariant@CList@@IAEPAXK@Z
-  - ?Next@CList@@UBEPAXQAX@Z
-  - ?Next@CLockList@@UBEPAXQAX@Z
-  - ?NextPool@CMemoryPoolAllocator@@QAEPAV1@XZ
-  - ?NotityTerminate@CWorkerThread@@QAEXXZ
-  - ?PostJobToWorkerThread@CWorkerThreadPool@@QAEJP6GXPAX@Z0E@Z
-  - ?Pulse@CKEvent@@QAEJJE@Z
-  - ?QueueJob@CWorkerThreadJobQueue@@QAEEPAVCWorkerThreadJob@@@Z
-  - ?QueueJobItem@CWorkerThreadPool@@QAEJPAVCWorkerThreadJob@@@Z
-  - ?RCMInstance@CWorkerThreadPool@@SGPAV1@XZ
-  - ?Read@CFile@@QAEJPADKPAK@Z
-  - ?ReferenceCount@CContext@@QAEAAKXZ
-  - ?Release@CLockEvent@@QAEXXZ
-  - ?Remove@CContextList@@UAEEQAX@Z
-  - ?Remove@CList@@UAEEQAX@Z
-  - ?Remove@CLockList@@UAEEQAX@Z
-  - ?RemoveHead@CList@@UAEPAXXZ
-  - ?RemoveHead@CLockList@@UAEPAXXZ
-  - ?RemoveTail@CList@@UAEPAXXZ
-  - ?RemoveTail@CLockList@@UAEPAXXZ
-  - ?Reset@CKEvent@@QAEXXZ
-  - ?RestoreCR0@@YGXPAX@Z
-  - ?Run@CAutoUpdateConfigThread@@UAEXXZ
-  - ?Run@CWorkerThread@@UAEXXZ
-  - ?SeekToEnd@CFile@@QAEJXZ
-  - ?Set@CKEvent@@QAEJJE@Z
-  - ?SetAttributes@CFile@@QAEJK@Z
-  - ?SetBlobCofig@CContext@@UAEJKPAXK@Z
-  - ?SetData@CBlobConfig@@QAEHPAXK@Z
-  - ?SetData@CModuleFileExtConfig@@QAEHPBG@Z
-  - ?SetData@CModuleFlagConfig@@QAEHK@Z
-  - ?SetData@CModuleMultiStringConfig@@QAEHPBG@Z
-  - ?SetData@CModuleStringConfig@@QAEHPBG@Z
-  - ?SetEngineContext@CContext@@QAEXPAX@Z
-  - ?SetFileExtensionConfig@CContext@@UAEJKPBG@Z
-  - ?SetFlagConfig@CContext@@UAEJKK@Z
-  - ?SetLinkContext@CContext@@QAEXPAX@Z
-  - ?SetLogFlag@CDebugLog@@QAEEK@Z
-  - ?SetMatchAllExtensions@CFileExtension@@QAEXE@Z
-  - ?SetMatchNoExtensions@CFileExtension@@QAEXE@Z
-  - ?SetMultiStringConfig@CContext@@UAEJKPBG@Z
-  - ?SetNewJobItemEvent@CWorkerThreadJobQueue@@QAEXXZ
-  - ?SetPriority@CSystemThread@@QAEXK@Z
-  - ?SetStopUse@CContext@@QAEXXZ
-  - ?SetStringConfig@CContext@@UAEJKPBG@Z
-  - ?Setup@CSystemThread@@MAEXXZ
-  - ?StopUse@CContext@@QAEHXZ
-  - ?TearDown@CSystemThread@@MAEXXZ
-  - ?Terminate@CSystemThread@@QAEXE@Z
-  - ?Terminate@CWorkerThreadPool@@QAEEXZ
-  - ?TmExceptionFilter@@YGJPAU_EXCEPTION_POINTERS@@@Z
-  - ?Wait@CKEvent@@QAEJPAT_LARGE_INTEGER@@E@Z
-  - ?WaitFinish@CWorkerThreadJob@@QAEXXZ
-  - ?WaitNewJobAvailable@CWorkerThreadJobQueue@@QAEEXZ
-  - ?Write@CDebugLog@@QAAXPBDZZ
-  - ?Write@CFile@@QAEJPADKPAT_LARGE_INTEGER@@PAK@Z
-  - ?WriteSystemInformation@CDebugLog@@QAEXXZ
-  - ?WriteSystemStringInformation@CDebugLog@@IAEXPBG@Z
-  - ?WriteToFile@CDebugLog@@IAEXPADK@Z
-  - ?_pNonPagedAllocator@@3PAVCMemoryAllocator@@A
-  - ?_pPagedAllocator@@3PAVCMemoryAllocator@@A
-  - ?m_lpInstance@CWorkerThreadPool@@1PAV1@A
-  - ?m_lpRCMInstance@CWorkerThreadPool@@1PAV1@A
-  - _DeInitKmLPC@0
-  - _GetModuleInfoByAddress@8
-  - _GetModuleInfoByModuleName@8
-  - _InitKmLPC@0
-  - _KmCallUm@8
-  - _ModGetExportProcAddress@8
-  - _ModLoadDLLToBuffer@4
-  - _ModLoadModule@8
-  - _ModUnLoadModule@4
-  - _NormalizeFileName@4
-  - _NormalizeFullNtPathToDosName@4
-  - _TmCommConfigRoutine@4
-  - _UtilCleanFileReadOnly@4
-  - _UtilDeleteFileForce@4
-  - _UtilGetFileObjectForProcessByEPROC@8
-  - _UtilGetFileObjectFromFileName@12
-  - _UtilGetProcessName@12
-  - _UtilGetSystemTime@4
-  - _UtilIoSetFileInfo@24
-  - _UtilIopCreateFileIRP@40
-  - _UtilKeGetLowFileDevice@16
-  - _UtilModuleIATHook@24
-  - _UtilModuleIATUnHook@8
-  - _UtilQueryKeyValue@24
-  - _UtilVolumeDeviceToDosName@8
-  - _UtilWaitValueChangeToZero@8
-  - _UtilWriteVersionToRegistry@8
-  - _UtilbuildDynamicDiskMappingTable@0
-  - __UtilDosPathNameToNtPathName@12
-  ImportedFunctions:
-  - ExReleaseFastMutexUnsafe
-  - wcsncpy
-  - memcpy
-  - wcsrchr
-  - KeSetEvent
-  - KePulseEvent
-  - KeClearEvent
-  - KeInitializeSemaphore
-  - KeWaitForSingleObject
-  - DbgPrint
-  - KeReleaseSemaphore
-  - RtlSubAuthoritySid
-  - RtlInitializeSid
-  - ExAllocatePoolWithTag
-  - RtlLengthRequiredSid
-  - ExFreePoolWithTag
-  - RtlSetDaclSecurityDescriptor
-  - RtlCreateSecurityDescriptor
-  - RtlAddAccessAllowedAce
-  - RtlCreateAcl
-  - ObfDereferenceObject
-  - ZwSetEvent
-  - ZwClose
-  - KeUnstackDetachProcess
-  - ZwRequestWaitReplyPort
-  - memmove
-  - KeStackAttachProcess
-  - ZwConnectPort
-  - RtlInitUnicodeString
-  - ZwCreateSection
-  - ZwWaitForSingleObject
-  - ZwOpenEvent
-  - ObfReferenceObject
-  - IoGetCurrentProcess
-  - memset
-  - MmIsAddressValid
-  - ZwWriteFile
-  - ZwReadFile
-  - ZwQueryInformationFile
-  - ZwSetInformationFile
-  - ZwCreateFile
-  - swprintf
-  - towupper
-  - _wcsnicmp
-  - KeInitializeEvent
-  - _snprintf
-  - PsGetCurrentProcessId
-  - RtlTimeToTimeFields
-  - ExSystemTimeToLocalTime
-  - KeQuerySystemTime
-  - ZwCreateKey
-  - ZwCreateEvent
-  - KeWaitForMultipleObjects
-  - ObReferenceObjectByHandle
-  - ZwNotifyChangeKey
-  - PsGetCurrentThreadId
-  - _vsnprintf
-  - KeSetPriorityThread
-  - PsTerminateSystemThread
-  - PsCreateSystemThread
-  - KeNumberProcessors
-  - ZwQuerySystemInformation
-  - ZwQueryDirectoryFile
-  - ZwOpenDirectoryObject
-  - ZwQueryDirectoryObject
-  - ZwDuplicateObject
-  - ZwOpenKey
-  - ZwEnumerateKey
-  - ZwEnumerateValueKey
-  - ZwQueryValueKey
-  - ZwDeleteValueKey
-  - ZwDeleteKey
-  - ExGetPreviousMode
-  - ZwTerminateProcess
-  - KeLeaveCriticalRegion
-  - PsProcessType
-  - ZwOpenProcess
-  - ZwQueryKey
-  - ZwSetValueKey
-  - IoFreeIrp
-  - _purecall
-  - MmUnlockPages
-  - IoBuildAsynchronousFsdRequest
-  - ProbeForWrite
-  - _strnicmp
-  - RtlQueryRegistryValues
-  - RtlAppendUnicodeToString
-  - KeDelayExecutionThread
-  - mbstowcs
-  - ZwQuerySymbolicLinkObject
-  - ZwOpenSymbolicLinkObject
-  - NtClose
-  - ZwSetInformationObject
-  - _stricmp
-  - ZwUnmapViewOfSection
-  - ZwMapViewOfSection
-  - ZwOpenFile
-  - RtlEqualUnicodeString
-  - IoFileObjectType
-  - IoCreateFile
-  - IofCallDriver
-  - IoAllocateIrp
-  - MmBuildMdlForNonPagedPool
-  - IoAllocateMdl
-  - PsGetVersion
-  - MmGetSystemRoutineAddress
-  - RtlCompareMemory
-  - RtlCopyUnicodeString
-  - RtlImageNtHeader
-  - PsLookupProcessByProcessId
-  - RtlFreeUnicodeString
-  - RtlAnsiStringToUnicodeString
-  - RtlInitAnsiString
-  - strrchr
-  - KeBugCheckEx
-  - RtlAppendUnicodeStringToString
-  - IofCompleteRequest
-  - ExEventObjectType
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - IoCreateSymbolicLink
-  - ProbeForRead
-  - IoGetDeviceObjectPointer
-  - RtlUpperChar
-  - RtlCompareUnicodeString
-  - strncpy
-  - KeServiceDescriptorTable
-  - NtOpenProcess
-  - ObReferenceObjectByPointer
-  - MmSectionObjectType
-  - ObQueryNameString
-  - ObOpenObjectByName
-  - IoDriverObjectType
-  - NtQueryInformationProcess
-  - _snwprintf
-  - KeAddSystemServiceTable
-  - ZwQueryObject
-  - ZwQuerySecurityObject
-  - ObInsertObject
-  - _allrem
-  - IoReleaseVpbSpinLock
-  - IoAcquireVpbSpinLock
-  - SeCreateAccessState
-  - IoGetFileObjectGenericMapping
-  - ObCreateObject
-  - KeTickCount
-  - RtlUnwind
-  - KeEnterCriticalRegion
-  - ObOpenObjectByPointer
-  - ExAcquireFastMutexUnsafe
-  - ZwSetSecurityObject
-  - IoDeviceObjectType
-  - IoCreateDevice
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetSaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - RtlLengthSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - SeExports
-  - IoIsWdmVersionAvailable
-  - RtlLengthSid
-  - wcschr
-  - RtlAbsoluteToSelfRelativeSD
-  - IoFreeMdl
-  - KeGetCurrentThread
-  - KfLowerIrql
-  - KeRaiseIrqlToDpcLevel
-  - ClassInitialize
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=TW, ST=Taiwan, L=Taipei, O=Trend Micro, Inc., OU=Digital ID Class
-        3 , Microsoft Software Validation v2, OU=RD, CN=Trend Micro, Inc.
-      ValidFrom: '2008-01-16 00:00:00'
-      ValidTo: '2011-02-16 23:59:59'
-      Signature: 5a693868cea6ba49064b801a0d9e12887a37cbb92cca2950cc5e99c2df9aec5697422e67cd042836daf09a09e739f625255841fed1ec9657cb8b3edc08c55c302574cbdb3f7de2798ed769d766402619b48041f9d90f8c904488788412b1c632055e1afc4a5bbac642cb626bd20fece0feaa6cf9b287887788cf64586309a14a644b5f0595c0ddcb7d789831faedb48451e40e342da4ccbc38a5e992e57e7ce5328d531a8c68e61f9dc9be65605c1bedf3358579000b91a19b3be388bac36b58ca76b72358bd8e74e0a7b08b0587bb7a29758c01af40b80e8e72c76abd3a2babfe7c1ed6e7b1cd9b0221a605062b6d9d0ceb57e0eb305fdc5eb5bf6ea442f4c9
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 645212f783f4d7aba3555729e99ce065
-      Version: 3
-      TBS:
-        MD5: e00f0a38c65f7c0b9f19b97448d6a0e3
-        SHA1: 91c033a2f289418c4101654dceacef1b25bb55d0
-        SHA256: 38b3fcbdb734b0e3439f3c9a3c4c1712091f577d2b616d41224137faf7ba7c86
-        SHA384: d3a0e6ebbe1b8a4847fa56fa62a48d76fc223870a66d30de9ce77fe5ff4ac0eeb84644ab4b67a7c4638ce79dec03a62d
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 645212f783f4d7aba3555729e99ce065
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 2c7538db9e2150b157db62468368078c
-    SHA1: 1a6a54134b5ce1388022fe473d7c6e62378f141f
-    SHA256: 959224dcc6d4785f77422ee227d14464e7b63c0f034b04c474ee3b9ef658eaeb
-  Sections:
-    .text:
-      Entropy: 6.635135458762093
-      Virtual Size: '0x1a503'
-    .rdata:
-      Entropy: 4.677702259472289
-      Virtual Size: '0x13bc'
-    .data:
-      Entropy: 3.931329302873345
-      Virtual Size: '0x16b4'
-    PAGE:
-      Entropy: 6.237052175474803
-      Virtual Size: '0x13dd'
-    .edata:
-      Entropy: 5.745177150203967
-      Virtual Size: '0x41dd'
-    INIT:
-      Entropy: 5.626152938599922
-      Virtual Size: '0x10f8'
-    .rsrc:
-      Entropy: 3.4038881368671845
-      Virtual Size: '0x4b0'
-    .reloc:
-      Entropy: 6.395300918196204
-      Virtual Size: '0x1b14'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2009-07-06 00:10:25'
-  Imphash: fa084cdc36f03f1aeddaa3450e2781b1
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: TmComm.sys
-  MD5: d6b259b2dfe80bdf4d026063accd752c
-  SHA1: 0adc1320421f02f2324e764aa344018758514436
-  SHA256: ee3ff12943ced401e2b6df9e66e8a0be8e449fa9326cab241f471b2d8ffefdd7
-  Authentihash:
-    MD5: 451feb7fca0b5d5816babd65d34074c4
-    SHA1: 84913e5e61158fa8ff45dffb4e60cd589a9e69a9
-    SHA256: 03192bacd96989bad4181609295764f61a86d2ec9f7918a90a219e674ae3097f
-  Description: TrendMicro Common Module
-  Company: Trend Micro Inc.
-  InternalName: TmComm.sys
-  OriginalFilename: TmComm.sys
-  FileVersion: 7.0.0.1099
-  Product: Trend Micro Eyes
-  ProductVersion: '7.0'
-  Copyright: Copyright  (C)  2016 Trend Micro Incorporated. All rights reserved.
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions:
-  - ??0CAutoUpdateConfigThread@@QEAA@AEBV0@@Z
-  - ??0CAutoUpdateConfigThread@@QEAA@PEAU_UNICODE_STRING@@P6AX0PEAX@Z1@Z
-  - ??0CBlobConfig@@QEAA@AEBV0@@Z
-  - ??0CBlobConfig@@QEAA@K@Z
-  - ??0CContext@@QEAA@AEBV0@@Z
-  - ??0CContext@@QEAA@KP6AJPEAU_EVENT_REPORT@@PEAXPEAU_TMCE_REPORT@@PEAU_TMCE_FEEDBACK@@@Z1K@Z
-  - ??0CContextList@@QEAA@AEBV0@@Z
-  - ??0CContextList@@QEAA@KPEAVIMemoryAllocator@@@Z
-  - ??0CDebugLog@@QEAA@AEBV0@@Z
-  - ??0CDebugLog@@QEAA@PEBG@Z
-  - ??0CDebugLogEx@@QEAA@AEBV0@@Z
-  - ??0CDebugLogEx@@QEAA@K@Z
-  - ??0CDelayLoadThread@@QEAA@AEBV0@@Z
-  - ??0CDelayLoadThread@@QEAA@XZ
-  - ??0CExclusionExtConfig@@QEAA@AEBV0@@Z
-  - ??0CExclusionExtConfig@@QEAA@KKE@Z
-  - ??0CExclusionFileNameConfig@@QEAA@AEBV0@@Z
-  - ??0CExclusionFileNameConfig@@QEAA@KK@Z
-  - ??0CExclusionFilePathConfig@@QEAA@AEBV0@@Z
-  - ??0CExclusionFilePathConfig@@QEAA@KK@Z
-  - ??0CExclusionFolderConfig@@QEAA@AEBV0@@Z
-  - ??0CExclusionFolderConfig@@QEAA@KK@Z
-  - ??0CExclusionRegistryConfig@@QEAA@AEBV0@@Z
-  - ??0CExclusionRegistryConfig@@QEAA@KK@Z
-  - ??0CFile@@QEAA@AEBV0@@Z
-  - ??0CFile@@QEAA@E@Z
-  - ??0CFileExtension@@QEAA@AEBV0@@Z
-  - ??0CFileExtension@@QEAA@KEEPEAVIMemoryAllocator@@@Z
-  - ??0CInclusionExtConfig@@QEAA@AEBV0@@Z
-  - ??0CInclusionExtConfig@@QEAA@KKE@Z
-  - ??0CInclusionFileNameConfig@@QEAA@AEBV0@@Z
-  - ??0CInclusionFileNameConfig@@QEAA@KK@Z
-  - ??0CInclusionFilePathConfig@@QEAA@AEBV0@@Z
-  - ??0CInclusionFilePathConfig@@QEAA@KK@Z
-  - ??0CInclusionFolderConfig@@QEAA@AEBV0@@Z
-  - ??0CInclusionFolderConfig@@QEAA@KK@Z
-  - ??0CKEvent@@QEAA@AEBV0@@Z
-  - ??0CKEvent@@QEAA@W4_EVENT_TYPE@@E@Z
-  - ??0CList@@QEAA@AEBV0@@Z
-  - ??0CList@@QEAA@KPEAVIMemoryAllocator@@@Z
-  - ??0CLockEvent@@QEAA@AEBV0@@Z
-  - ??0CLockEvent@@QEAA@XZ
-  - ??0CLockList@@QEAA@AEBV0@@Z
-  - ??0CLockList@@QEAA@KKPEAVIMemoryAllocator@@@Z
-  - ??0CMemoryAllocator@@IEAA@W4_POOL_TYPE@@K@Z
-  - ??0CMemoryAllocator@@QEAA@AEBV0@@Z
-  - ??0CMemoryPoolAllocator@@IEAA@W4_POOL_TYPE@@_K1K@Z
-  - ??0CMemoryPoolAllocator@@QEAA@AEBV0@@Z
-  - ??0CModuleConfig@@QEAA@AEBV0@@Z
-  - ??0CModuleConfig@@QEAA@XZ
-  - ??0CModuleConfigList@@QEAA@AEBV0@@Z
-  - ??0CModuleConfigList@@QEAA@KPEAVIMemoryAllocator@@@Z
-  - ??0CModuleFileExtConfig@@QEAA@AEBV0@@Z
-  - ??0CModuleFileExtConfig@@QEAA@KKE@Z
-  - ??0CModuleFlagConfig@@QEAA@AEBV0@@Z
-  - ??0CModuleFlagConfig@@QEAA@K@Z
-  - ??0CModuleMultiStringConfig@@QEAA@AEBV0@@Z
-  - ??0CModuleMultiStringConfig@@QEAA@KK@Z
-  - ??0CModuleStringConfig@@QEAA@AEBV0@@Z
-  - ??0CModuleStringConfig@@QEAA@K@Z
-  - ??0CNoLockList@@QEAA@AEBV0@@Z
-  - ??0CNoLockList@@QEAA@KKPEAVIMemoryAllocator@@@Z
-  - ??0CSmartLock@@QEAA@AEAVCLockEvent@@@Z
-  - ??0CSmartLock@@QEAA@XZ
-  - ??0CSmartReference@@QEAA@AEAJ@Z
-  - ??0CSmartReference@@QEAA@AEAK@Z
-  - ??0CSmartResource@@QEAA@AEAVCResource@@E@Z
-  - ??0CStrList@@QEAA@AEBV0@@Z
-  - ??0CStrList@@QEAA@KPEAVIMemoryAllocator@@@Z
-  - ??0CSystemThread@@QEAA@AEBV0@@Z
-  - ??0CSystemThread@@QEAA@K@Z
-  - ??0CUserFuncAdapterJob@@QEAA@AEBV0@@Z
-  - ??0CUserFuncAdapterJob@@QEAA@P6AXPEAX@Z01@Z
-  - ??0CWorkerThread@@IEAA@PEAVCWorkerThreadJobQueue@@@Z
-  - ??0CWorkerThread@@QEAA@AEBV0@@Z
-  - ??0CWorkerThreadJob@@QEAA@AEBV0@@Z
-  - ??0CWorkerThreadJob@@QEAA@E@Z
-  - ??0CWorkerThreadJobQueue@@QEAA@AEBV0@@Z
-  - ??0CWorkerThreadJobQueue@@QEAA@K@Z
-  - ??0CWorkerThreadPool@@QEAA@AEBV0@@Z
-  - ??0CWorkerThreadPool@@QEAA@K@Z
-  - ??0CWorkerThreadPoolEx@@QEAA@AEBV0@@Z
-  - ??0CWorkerThreadPoolEx@@QEAA@KK@Z
-  - ??0IMemoryAllocator@@QEAA@AEBV0@@Z
-  - ??0IMemoryAllocator@@QEAA@XZ
-  - ??1CAutoUpdateConfigThread@@UEAA@XZ
-  - ??1CBlobConfig@@UEAA@XZ
-  - ??1CContext@@UEAA@XZ
-  - ??1CContextList@@UEAA@XZ
-  - ??1CDebugLog@@UEAA@XZ
-  - ??1CDebugLogEx@@UEAA@XZ
-  - ??1CDelayLoadThread@@UEAA@XZ
-  - ??1CExclusionExtConfig@@UEAA@XZ
-  - ??1CExclusionFileNameConfig@@UEAA@XZ
-  - ??1CExclusionFilePathConfig@@UEAA@XZ
-  - ??1CExclusionFolderConfig@@UEAA@XZ
-  - ??1CExclusionRegistryConfig@@UEAA@XZ
-  - ??1CFile@@UEAA@XZ
-  - ??1CFileExtension@@UEAA@XZ
-  - ??1CInclusionExtConfig@@UEAA@XZ
-  - ??1CInclusionFileNameConfig@@UEAA@XZ
-  - ??1CInclusionFilePathConfig@@UEAA@XZ
-  - ??1CInclusionFolderConfig@@UEAA@XZ
-  - ??1CKEvent@@UEAA@XZ
-  - ??1CList@@UEAA@XZ
-  - ??1CLockEvent@@UEAA@XZ
-  - ??1CLockList@@UEAA@XZ
-  - ??1CMemoryAllocator@@UEAA@XZ
-  - ??1CMemoryPoolAllocator@@UEAA@XZ
-  - ??1CModuleConfig@@UEAA@XZ
-  - ??1CModuleConfigList@@UEAA@XZ
-  - ??1CModuleFileExtConfig@@UEAA@XZ
-  - ??1CModuleFlagConfig@@UEAA@XZ
-  - ??1CModuleMultiStringConfig@@UEAA@XZ
-  - ??1CModuleStringConfig@@UEAA@XZ
-  - ??1CNoLockList@@UEAA@XZ
-  - ??1CSmartLock@@QEAA@XZ
-  - ??1CSmartReference@@QEAA@XZ
-  - ??1CSmartResource@@QEAA@XZ
-  - ??1CStrList@@UEAA@XZ
-  - ??1CSystemThread@@UEAA@XZ
-  - ??1CUserFuncAdapterJob@@UEAA@XZ
-  - ??1CWorkerThread@@UEAA@XZ
-  - ??1CWorkerThreadJob@@UEAA@XZ
-  - ??1CWorkerThreadJobQueue@@UEAA@XZ
-  - ??1CWorkerThreadPool@@UEAA@XZ
-  - ??1CWorkerThreadPoolEx@@UEAA@XZ
-  - ??1IMemoryAllocator@@UEAA@XZ
-  - ??2@YAPEAX_KPEAVIMemoryAllocator@@PEBDK@Z
-  - ??2CMemoryAllocator@@SAPEAX_K@Z
-  - ??2CMemoryPoolAllocator@@SAPEAX_K@Z
-  - ??3@YAXPEAX@Z
-  - ??3@YAXPEAX_K@Z
-  - ??3IMemoryAllocator@@SAXPEAX@Z
-  - ??4CAutoUpdateConfigThread@@QEAAAEAV0@AEBV0@@Z
-  - ??4CBlobConfig@@QEAAAEAV0@AEBV0@@Z
-  - ??4CContext@@QEAAAEAV0@AEBV0@@Z
-  - ??4CDebugLog@@QEAAAEAV0@AEBV0@@Z
-  - ??4CDebugLogEx@@QEAAAEAV0@AEBV0@@Z
-  - ??4CDelayLoadThread@@QEAAAEAV0@AEBV0@@Z
-  - ??4CFile@@QEAAAEAV0@AEBV0@@Z
-  - ??4CKEvent@@QEAAAEAV0@AEBV0@@Z
-  - ??4CLockEvent@@QEAAAEAV0@AEBV0@@Z
-  - ??4CMemoryAllocator@@QEAAAEAV0@AEBV0@@Z
-  - ??4CMemoryPoolAllocator@@QEAAAEAV0@AEBV0@@Z
-  - ??4CModuleConfig@@QEAAAEAV0@AEBV0@@Z
-  - ??4CModuleFlagConfig@@QEAAAEAV0@AEBV0@@Z
-  - ??4CModuleStringConfig@@QEAAAEAV0@AEBV0@@Z
-  - ??4CSmartLock@@QEAAAEAV0@AEBV0@@Z
-  - ??4CSmartLock@@QEAAAEBV0@AEAVCLockEvent@@@Z
-  - ??4CSmartResource@@QEAAAEAV0@AEBV0@@Z
-  - ??4CSystemThread@@QEAAAEAV0@AEBV0@@Z
-  - ??4CUserFuncAdapterJob@@QEAAAEAV0@AEBV0@@Z
-  - ??4CWorkerThread@@QEAAAEAV0@AEBV0@@Z
-  - ??4CWorkerThreadJob@@QEAAAEAV0@AEBV0@@Z
-  - ??4IMemoryAllocator@@QEAAAEAV0@AEBV0@@Z
-  - ??_7CAutoUpdateConfigThread@@6B@
-  - ??_7CBlobConfig@@6B@
-  - ??_7CContext@@6B@
-  - ??_7CContextList@@6B@
-  - ??_7CDebugLog@@6B@
-  - ??_7CDebugLogEx@@6B@
-  - ??_7CDelayLoadThread@@6B@
-  - ??_7CExclusionExtConfig@@6B@
-  - ??_7CExclusionFileNameConfig@@6B@
-  - ??_7CExclusionFilePathConfig@@6B@
-  - ??_7CExclusionFolderConfig@@6B@
-  - ??_7CExclusionRegistryConfig@@6B@
-  - ??_7CFile@@6B@
-  - ??_7CFileExtension@@6B@
-  - ??_7CInclusionExtConfig@@6B@
-  - ??_7CInclusionFileNameConfig@@6B@
-  - ??_7CInclusionFilePathConfig@@6B@
-  - ??_7CInclusionFolderConfig@@6B@
-  - ??_7CKEvent@@6B@
-  - ??_7CList@@6B@
-  - ??_7CLockEvent@@6B@
-  - ??_7CLockList@@6B@
-  - ??_7CMemoryAllocator@@6B@
-  - ??_7CMemoryPoolAllocator@@6B@
-  - ??_7CModuleConfig@@6B@
-  - ??_7CModuleConfigList@@6B@
-  - ??_7CModuleFileExtConfig@@6B@
-  - ??_7CModuleFlagConfig@@6B@
-  - ??_7CModuleMultiStringConfig@@6B@
-  - ??_7CModuleStringConfig@@6B@
-  - ??_7CNoLockList@@6B@
-  - ??_7CStrList@@6B@
-  - ??_7CSystemThread@@6B@
-  - ??_7CUserFuncAdapterJob@@6B@
-  - ??_7CWorkerThread@@6B@
-  - ??_7CWorkerThreadJob@@6B@
-  - ??_7CWorkerThreadJobQueue@@6B@
-  - ??_7CWorkerThreadPool@@6B@
-  - ??_7CWorkerThreadPoolEx@@6B@
-  - ??_7IMemoryAllocator@@6B@
-  - ??_FCContextList@@QEAAXXZ
-  - ??_FCFile@@QEAAXXZ
-  - ??_FCFileExtension@@QEAAXXZ
-  - ??_FCModuleConfigList@@QEAAXXZ
-  - ??_FCStrList@@QEAAXXZ
-  - ??_FCSystemThread@@QEAAXXZ
-  - ??_FCWorkerThread@@QEAAXXZ
-  - ??_FCWorkerThreadJob@@QEAAXXZ
-  - ??_FCWorkerThreadJobQueue@@QEAAXXZ
-  - ??_U@YAPEAX_KPEAVIMemoryAllocator@@PEBDK@Z
-  - ??_V@YAXPEAX@Z
-  - ??_V@YAXPEAX_K@Z
-  - ?Acquire@CLockEvent@@QEAAXXZ
-  - ?Add@CContextList@@QEAAEPEAVCContext@@@Z
-  - ?Add@CFileExtension@@QEAAEPEBGK@Z
-  - ?Add@CModuleConfigList@@QEAAEPEAVCModuleConfig@@@Z
-  - ?Add@CStrList@@QEAAEPEBG@Z
-  - ?AddNode@CLockList@@UEAAEQEAXE@Z
-  - ?AddNode@CNoLockList@@UEAAEQEAXE@Z
-  - ?Alloc@CMemoryAllocator@@UEAAPEAX_KPEBDK@Z
-  - ?Alloc@CMemoryPoolAllocator@@UEAAPEAX_KPEBDK@Z
-  - ?AllocBlock@CMemoryPoolAllocator@@IEAAPEAX_K@Z
-  - ?AttachJobQueue@CWorkerThread@@QEAAXPEAVCWorkerThreadJobQueue@@@Z
-  - ?Cancel@CWorkerThreadJob@@QEAAXXZ
-  - ?CheckNode@CLockList@@UEAAHQEAX@Z
-  - ?CheckNode@CNoLockList@@UEAAHQEAX@Z
-  - ?CleanQueue@CWorkerThreadJobQueue@@QEAAXXZ
-  - ?Cleanup@CBlobConfig@@AEAAXXZ
-  - ?Cleanup@CModuleFileExtConfig@@IEAAXXZ
-  - ?Cleanup@CModuleMultiStringConfig@@IEAAXXZ
-  - ?Cleanup@CModuleStringConfig@@AEAAXXZ
-  - ?Close@CFile@@QEAAJXZ
-  - ?Count@CLockList@@QEAAKXZ
-  - ?Count@CNoLockList@@QEAAKXZ
-  - ?Create@CFile@@QEAAJPEBGKKKK@Z
-  - ?Create@CSystemThread@@QEAAEXZ
-  - ?CreateInstance@CMemoryAllocator@@SAPEAV1@W4_POOL_TYPE@@K@Z
-  - ?CreateInstance@CMemoryPoolAllocator@@SAPEAV1@W4_POOL_TYPE@@_K1K@Z
-  - ?CreatePool@CWorkerThreadPool@@QEAAEXZ
-  - ?CreatePool@CWorkerThreadPoolEx@@QEAAEXZ
-  - ?CreateThreads@CWorkerThreadPool@@QEAAEK@Z
-  - ?CreateThreads@CWorkerThreadPoolEx@@QEAAEK@Z
-  - ?CreateWIRP@CFile@@QEAAJPEBGKKKK@Z
-  - ?Delete@CFile@@QEAAJXZ
-  - ?Delete@CFileExtension@@QEAAEPEBGK@Z
-  - ?Delete@CStrList@@QEAAEPEBG@Z
-  - ?DeleteAll@CList@@UEAAXXZ
-  - ?DeleteAll@CLockList@@UEAAXXZ
-  - ?DeleteAll@CNoLockList@@UEAAXXZ
-  - ?DeleteNode@CContextList@@MEAAXPEAX@Z
-  - ?DeleteNode@CList@@UEAAXPEAX@Z
-  - ?DeleteNode@CModuleConfigList@@MEAAXPEAX@Z
-  - ?DeleteNode@CStrList@@EEAAXPEAU_STR_LIST_NODE@1@@Z
-  - ?DisableWriteProtectFromCR0@@YAXPEAPEAX@Z
-  - ?DoIt@CWorkerThreadJob@@QEAAJXZ
-  - ?EntryPoint@CSystemThread@@KAXPEAX@Z
-  - ?Find@CContextList@@QEAAPEAVCContext@@K@Z
-  - ?Find@CContextList@@QEAAPEAVCContext@@PEAX@Z
-  - ?Find@CFileExtension@@QEAAPEAU_STR_LIST_NODE@CStrList@@PEBGK@Z
-  - ?Find@CModuleConfigList@@QEAAPEAVCModuleConfig@@K@Z
-  - ?Find@CStrList@@QEAAPEAU_STR_LIST_NODE@1@PEBG@Z
-  - ?FindNode@CContextList@@IEAAPEAXPEAX@Z
-  - ?FindPartiallyAndAllMatch@CStrList@@QEAAPEAU_STR_LIST_NODE@1@PEBG@Z
-  - ?FinishFunction@CUserFuncAdapterJob@@MEAAXXZ
-  - ?FinishIt@CWorkerThreadJob@@QEAAJXZ
-  - ?First@CList@@UEAAPEAXXZ
-  - ?First@CLockList@@UEAAPEAXXZ
-  - ?First@CNoLockList@@UEAAPEAXXZ
-  - ?Free@CMemoryAllocator@@UEAAXPEAX@Z
-  - ?Free@CMemoryPoolAllocator@@UEAAXPEAX@Z
-  - ?GetAttributes@CFile@@QEAAKXZ
-  - ?GetBasicInfomration@CFile@@IEAAJXZ
-  - ?GetBlobCofig@CContext@@UEAAJKPEAXPEAK@Z
-  - ?GetCategory@CContext@@QEAAKXZ
-  - ?GetData@CBlobConfig@@QEAAHPEAXPEAK@Z
-  - ?GetData@CModuleFileExtConfig@@QEAAHPEAGPEAK@Z
-  - ?GetData@CModuleFileExtConfig@@QEAAPEAVCFileExtension@@XZ
-  - ?GetData@CModuleFlagConfig@@QEAAKXZ
-  - ?GetData@CModuleMultiStringConfig@@QEAAHPEAGPEAK@Z
-  - ?GetData@CModuleMultiStringConfig@@QEAAPEAVCStrList@@XZ
-  - ?GetData@CModuleStringConfig@@QEAAPEAGXZ
-  - ?GetData@CStrList@@QEAAEPEAGPEAK@Z
-  - ?GetDataType@CModuleConfig@@QEAAKXZ
-  - ?GetEngineContext@CContext@@QEAAPEAXXZ
-  - ?GetFileExtensionConfig@CContext@@QEAAPEAVCFileExtension@@K@Z
-  - ?GetFileExtensionConfig@CContext@@UEAAJKPEAGPEAK@Z
-  - ?GetFileSize@CFile@@QEAAJPEAT_LARGE_INTEGER@@@Z
-  - ?GetFileSizeWIRP@CFile@@QEAAJPEAT_LARGE_INTEGER@@@Z
-  - ?GetFlagConfig@CContext@@UEAAJKPEAK@Z
-  - ?GetID@CModuleConfig@@QEAAKXZ
-  - ?GetJob@CWorkerThreadJobQueue@@QEAAPEAVCWorkerThreadJob@@XZ
-  - ?GetLength@CModuleStringConfig@@QEAAKXZ
-  - ?GetLinkContext@CContext@@QEAAPEAXXZ
-  - ?GetLogFlag@CDebugLog@@QEAAKXZ
-  - ?GetLogFlag@CDebugLogEx@@QEAAKXZ
-  - ?GetModuleId@CModuleConfig@@QEAAKXZ
-  - ?GetMultiStringConfig@CContext@@QEAAPEAVCStrList@@K@Z
-  - ?GetMultiStringConfig@CContext@@UEAAJKPEAGPEAK@Z
-  - ?GetOneThreadTEB@CWorkerThreadPool@@QEAAPEAU_ETHREAD@@XZ
-  - ?GetOneThreadTEB@CWorkerThreadPool@@QEAAPEAU_KTHREAD@@XZ
-  - ?GetOneThreadTEB@CWorkerThreadPoolEx@@QEAAPEAU_ETHREAD@@XZ
-  - ?GetOneThreadTEB@CWorkerThreadPoolEx@@QEAAPEAU_KTHREAD@@XZ
-  - ?GetReportCallBackRoutine@CContext@@QEAA_KXZ
-  - ?GetSize@CBlobConfig@@QEAAKXZ
-  - ?GetStringConfig@CContext@@QEAAPEAGK@Z
-  - ?GetStringConfig@CContext@@UEAAJKPEAGPEAK@Z
-  - ?GetThreadCount@CWorkerThreadPool@@QEAAKXZ
-  - ?GetThreadCount@CWorkerThreadPoolEx@@QEAAKXZ
-  - ?GetThreadID@CSystemThread@@QEAA_KXZ
-  - ?GetType@CContext@@QEAAKXZ
-  - ?GetUserParameter@CContext@@QEAA_KXZ
-  - ?InitProcMon@CDebugLogEx@@IEAAXXZ
-  - ?InitializeBlobConfig@CContext@@QEAAHKPEAXK@Z
-  - ?InitializeFileExtensionConfig@CContext@@QEAAHKPEBG@Z
-  - ?InitializeFlagConfig@CContext@@QEAAHKK@Z
-  - ?InitializeMultiStringConfig@CContext@@QEAAHKPEBG@Z
-  - ?InitializeStringConfig@CContext@@QEAAHKPEBG@Z
-  - ?Insert@CList@@UEAAXQEAXE@Z
-  - ?Insert@CLockList@@UEAAXQEAXE@Z
-  - ?Insert@CNoLockList@@UEAAXQEAXE@Z
-  - ?InsertAfter@CList@@UEAAXPEAX0@Z
-  - ?InsertBefore@CList@@UEAAXPEAX0@Z
-  - ?Instance@CWorkerThreadPool@@SAPEAV1@XZ
-  - ?IsEmpty@CList@@UEAAEXZ
-  - ?IsEmpty@CLockList@@UEAAEXZ
-  - ?IsEmpty@CNoLockList@@UEAAEXZ
-  - ?IsExceedLimitation@CMemoryPoolAllocator@@IEAAEK@Z
-  - ?IsFull@CLockList@@QEBAEXZ
-  - ?IsFull@CNoLockList@@QEBAEXZ
-  - ?IsInExclusionList@CExclusionExtConfig@@QEAAEPEBG@Z
-  - ?IsInExclusionList@CExclusionFileNameConfig@@QEAAEPEBG@Z
-  - ?IsInExclusionList@CExclusionFilePathConfig@@QEAAEPEBG@Z
-  - ?IsInExclusionList@CExclusionFolderConfig@@QEAAEPEBG@Z
-  - ?IsInExclusionList@CExclusionRegistryConfig@@QEAAEPEBG@Z
-  - ?IsInInclusionList@CInclusionExtConfig@@QEAAEPEBG@Z
-  - ?IsInInclusionList@CInclusionFileNameConfig@@QEAAEPEBG@Z
-  - ?IsInInclusionList@CInclusionFilePathConfig@@QEAAEPEBG@Z
-  - ?IsInInclusionList@CInclusionFolderConfig@@QEAAEPEBG@Z
-  - ?IsOpened@CFile@@QEAAEXZ
-  - ?IsTerminated@CWorkerThreadPool@@QEAAEXZ
-  - ?IsTerminated@CWorkerThreadPoolEx@@QEAAEXZ
-  - ?IsValid@CMemoryAllocator@@UEAAEXZ
-  - ?IsValid@CMemoryPoolAllocator@@UEAAEXZ
-  - ?IsValid@IMemoryAllocator@@UEAAEXZ
-  - ?IsWorkerThread@CWorkerThreadPool@@QEAAE_K@Z
-  - ?IsWorkerThread@CWorkerThreadPoolEx@@QEAAE_K@Z
-  - ?JobFunction@CUserFuncAdapterJob@@MEAAXXZ
-  - ?JobQueue@CWorkerThreadPool@@QEAAAEAVCWorkerThreadJobQueue@@XZ
-  - ?JobQueue@CWorkerThreadPoolEx@@QEAAAEAVCWorkerThreadJobQueue@@XZ
-  - ?Limit@CLockList@@QEAAKXZ
-  - ?Limit@CNoLockList@@QEAAKXZ
-  - ?MatchAllExtensions@CFileExtension@@QEAAEXZ
-  - ?MatchNoExtensions@CFileExtension@@QEAAEXZ
-  - ?MergeLeft@CMemoryPoolAllocator@@IEAAPEAXPEAX@Z
-  - ?MergeRight@CMemoryPoolAllocator@@IEAAPEAXPEAX@Z
-  - ?NeedDelete@CWorkerThreadJob@@QEAAEXZ
-  - ?NeedDeleteWhenFinish@CWorkerThreadJob@@QEAAXE@Z
-  - ?NewNode@CList@@UEAAPEAXXZ
-  - ?NewNode@CStrList@@EEAAPEAXXZ
-  - ?NewNodeVariant@CList@@IEAAPEAXK@Z
-  - ?Next@CList@@UEBAPEAXQEAX@Z
-  - ?Next@CLockList@@UEBAPEAXQEAX@Z
-  - ?Next@CNoLockList@@UEBAPEAXQEAX@Z
-  - ?NextPool@CMemoryPoolAllocator@@QEAAPEAV1@XZ
-  - ?NotityTerminate@CWorkerThread@@QEAAXXZ
-  - ?PostJobToWorkerThread@CWorkerThreadPool@@QEAAJP6AXPEAX@Z0E@Z
-  - ?PostJobToWorkerThread@CWorkerThreadPoolEx@@QEAAJP6AXPEAX@Z0E1@Z
-  - ?Pulse@CKEvent@@QEAAJJE@Z
-  - ?QueueJob@CWorkerThreadJobQueue@@QEAAEPEAVCWorkerThreadJob@@@Z
-  - ?QueueJobItem@CWorkerThreadPool@@QEAAJPEAVCWorkerThreadJob@@@Z
-  - ?QueueJobItem@CWorkerThreadPoolEx@@QEAAJPEAVCWorkerThreadJob@@@Z
-  - ?RCMInstance@CWorkerThreadPool@@SAPEAV1@XZ
-  - ?Read@CFile@@QEAAJPEADKPEAK@Z
-  - ?ReadWIRP@CFile@@QEAAJPEADKPEAK@Z
-  - ?ReferenceCount@CContext@@QEAAAEAKXZ
-  - ?Release@CLockEvent@@QEAAXXZ
-  - ?Remove@CContextList@@UEAAEQEAX@Z
-  - ?Remove@CList@@UEAAEQEAX@Z
-  - ?Remove@CLockList@@UEAAEQEAX@Z
-  - ?Remove@CNoLockList@@UEAAEQEAX@Z
-  - ?RemoveHead@CList@@UEAAPEAXXZ
-  - ?RemoveHead@CLockList@@UEAAPEAXXZ
-  - ?RemoveHead@CNoLockList@@UEAAPEAXXZ
-  - ?RemoveTail@CList@@UEAAPEAXXZ
-  - ?RemoveTail@CLockList@@UEAAPEAXXZ
-  - ?RemoveTail@CNoLockList@@UEAAPEAXXZ
-  - ?Reset@CKEvent@@QEAAXXZ
-  - ?ResetData@CInclusionExtConfig@@QEAAXXZ
-  - ?ResetData@CInclusionFileNameConfig@@QEAAXXZ
-  - ?ResetData@CInclusionFilePathConfig@@QEAAXXZ
-  - ?ResetData@CInclusionFolderConfig@@QEAAXXZ
-  - ?RestoreCR0@@YAXPEAX@Z
-  - ?Run@CAutoUpdateConfigThread@@UEAAXXZ
-  - ?Run@CDelayLoadThread@@UEAAXXZ
-  - ?Run@CWorkerThread@@UEAAXXZ
-  - ?SeekToEnd@CFile@@QEAAJXZ
-  - ?Set@CKEvent@@QEAAJJE@Z
-  - ?SetAttributes@CFile@@QEAAJK@Z
-  - ?SetBlobCofig@CContext@@UEAAJKPEAXK@Z
-  - ?SetData@CBlobConfig@@QEAAHPEAXK@Z
-  - ?SetData@CModuleFileExtConfig@@QEAAHPEBG@Z
-  - ?SetData@CModuleFlagConfig@@QEAAHK@Z
-  - ?SetData@CModuleMultiStringConfig@@QEAAHPEBGK@Z
-  - ?SetData@CModuleStringConfig@@QEAAHPEBG@Z
-  - ?SetEngineContext@CContext@@QEAAXPEAX@Z
-  - ?SetFileExtensionConfig@CContext@@UEAAJKPEBG@Z
-  - ?SetFlagConfig@CContext@@UEAAJKK@Z
-  - ?SetLinkContext@CContext@@QEAAXPEAX@Z
-  - ?SetLogFlag@CDebugLog@@QEAAEK@Z
-  - ?SetLogFlag@CDebugLogEx@@QEAAEK@Z
-  - ?SetMatchAllExtensions@CFileExtension@@QEAAXE@Z
-  - ?SetMatchNoExtensions@CFileExtension@@QEAAXE@Z
-  - ?SetMultiStringConfig@CContext@@UEAAJKPEBG@Z
-  - ?SetNewJobItemEvent@CWorkerThreadJobQueue@@QEAAXXZ
-  - ?SetPriority@CSystemThread@@QEAAXK@Z
-  - ?SetStopUse@CContext@@QEAAXXZ
-  - ?SetStringConfig@CContext@@UEAAJKPEBG@Z
-  - ?Setup@CSystemThread@@MEAAXXZ
-  - ?StopUse@CContext@@QEAAHXZ
-  - ?TearDown@CSystemThread@@MEAAXXZ
-  - ?Terminate@CSystemThread@@QEAAXE@Z
-  - ?Terminate@CWorkerThreadPool@@QEAAEXZ
-  - ?Terminate@CWorkerThreadPoolEx@@QEAAEXZ
-  - ?TmExceptionFilter@@YAJPEAU_EXCEPTION_POINTERS@@@Z
-  - ?Wait@CKEvent@@QEAAJPEAT_LARGE_INTEGER@@E@Z
-  - ?WaitFinish@CWorkerThreadJob@@QEAAXXZ
-  - ?WaitForInit@CDelayLoadThread@@QEAAEXZ
-  - ?WaitForLoad@CDelayLoadThread@@QEAAEXZ
-  - ?WaitNewJobAvailable@CWorkerThreadJobQueue@@QEAAEXZ
-  - ?WaitQueueEmpty@CWorkerThreadJobQueue@@QEAAXXZ
-  - ?Write@CDebugLog@@QEAAXPEBDZZ
-  - ?Write@CDebugLogEx@@QEAAXPEBDZZ
-  - ?Write@CFile@@QEAAJPEADKPEAT_LARGE_INTEGER@@PEAK@Z
-  - ?WriteDataToFile@CDebugLogEx@@IEAAXPEADK@Z
-  - ?WriteDataToProcMonW@CDebugLogEx@@IEAAXPEAD@Z
-  - ?WriteSystemInformation@CDebugLog@@QEAAXXZ
-  - ?WriteSystemInformation@CDebugLogEx@@QEAAXXZ
-  - ?WriteSystemStringInformation@CDebugLog@@IEAAXPEBG@Z
-  - ?WriteSystemStringInformation@CDebugLogEx@@IEAAXPEBG@Z
-  - ?WriteToFile@CDebugLog@@IEAAXPEADK@Z
-  - ?WriteToProcMonW@CDebugLogEx@@IEAAXPEAU_UNICODE_STRING@@@Z
-  - ?_pNonPagedAllocator@@3PEAVCMemoryAllocator@@EA
-  - ?_pPagedAllocator@@3PEAVCMemoryAllocator@@EA
-  - ?m_lpInstance@CWorkerThreadPool@@1PEAV1@EA
-  - ?m_lpRCMInstance@CWorkerThreadPool@@1PEAV1@EA
-  - AllocFullFileName
-  - DeInitKm2UmCommunication
-  - DeInitKmLPC
-  - DuplicateFullFileName
-  - FreeFullFileName
-  - GetKm2UmMode
-  - GetModuleInfoByAddress
-  - GetModuleInfoByModuleName
-  - InitKm2UmCommunication
-  - InitKmLPC
-  - IsVerifierCodeCheckFlagOn
-  - IsWindows8_1_update
-  - KmCallUm
-  - KmCallUmByLPC
-  - KmCallUmEx
-  - KmCleanupCommPortAPIs
-  - KmGetUmInitProcess
-  - KmSetBackupCommPortAPIs
-  - KmSetCommPortAPIs
-  - ModGetExportProcAddress
-  - ModLoadDLLToBuffer
-  - ModLoadDLLToBufferWithImageSize
-  - ModLoadModule
-  - ModUnLoadModule
-  - NormalizeFileName
-  - NormalizeFullNtPathToDosName
-  - TmCommConfigRoutine
-  - UtilAddDeviceInDriveTable
-  - UtilAddReparsePointMapping
-  - UtilCleanFileReadOnly
-  - UtilCloseExclusiveHandle
-  - UtilCreateDosFileName
-  - UtilDeleteFileForce
-  - UtilGetDeviceObjectName
-  - UtilGetFileNameFromFileObject
-  - UtilGetFileObjectForProcessByEPROC
-  - UtilGetFileObjectFromFileName
-  - UtilGetProcessName
-  - UtilGetSystemDirectory
-  - UtilGetSystemDirectoryEx
-  - UtilGetSystemDirectoryLength
-  - UtilGetSystemTime
-  - UtilIoSetFileInfo
-  - UtilIopCreateFileIRP
-  - UtilKeGetLowFileDevice
-  - UtilModuleIATHook
-  - UtilModuleIATUnHook
-  - UtilPostJobToWorkerThread
-  - UtilQueryExclusiveHandle
-  - UtilQueryKeyValue
-  - UtilRemoveDeviceFromDriveTable
-  - UtilVolumeDeviceToDosName
-  - UtilWaitValueChangeToZero
-  - UtilWriteVersionToRegistry
-  - UtilbuildDynamicDiskMappingTable
-  - UtlWriteBinValueKeyToRegistry
-  - ValidateAddressWithSize
-  - _ResetProtectFromClose
-  - _UtilDosPathNameToNtPathName
-  ImportedFunctions:
-  - RtlInitUnicodeString
-  - KeInitializeEvent
-  - KeClearEvent
-  - KeSetEvent
-  - KeEnterCriticalRegion
-  - KeLeaveCriticalRegion
-  - KeWaitForSingleObject
-  - ExFreePoolWithTag
-  - ExAcquireFastMutexUnsafe
-  - ExReleaseFastMutexUnsafe
-  - ProbeForRead
-  - ProbeForWrite
-  - ExAcquireResourceSharedLite
-  - ExAcquireResourceExclusiveLite
-  - ExReleaseResourceLite
-  - MmProbeAndLockPages
-  - MmUnlockPages
-  - MmMapLockedPagesSpecifyCache
-  - IoAllocateMdl
-  - IoFreeMdl
-  - IoGetCurrentProcess
-  - ObfReferenceObject
-  - ObfDereferenceObject
-  - ZwClose
-  - ZwCreateSection
-  - ZwOpenSection
-  - ZwMapViewOfSection
-  - ZwUnmapViewOfSection
-  - ZwOpenEvent
-  - KePulseEvent
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - ObOpenObjectByPointer
-  - ZwAllocateVirtualMemory
-  - ZwFreeVirtualMemory
-  - ZwSetEvent
-  - __C_specific_handler
-  - PsProcessType
-  - wcslen
-  - wcsncpy
-  - wcsrchr
-  - RtlUnicodeStringToInteger
-  - ZwWaitForSingleObject
-  - ZwRequestWaitReplyPort
-  - ZwConnectPort
-  - SeCaptureSubjectContext
-  - SeReleaseSubjectContext
-  - SeAccessCheck
-  - ObGetObjectSecurity
-  - ObReleaseObjectSecurity
-  - PsGetProcessExitTime
-  - PsThreadType
-  - MmSectionObjectType
-  - RtlCreateSecurityDescriptor
-  - RtlSetDaclSecurityDescriptor
-  - KeInitializeSemaphore
-  - KeReleaseSemaphore
-  - ExAllocatePoolWithTag
-  - ExAcquireFastMutex
-  - ExReleaseFastMutex
-  - RtlCreateAcl
-  - RtlAddAccessAllowedAce
-  - RtlLengthRequiredSid
-  - RtlInitializeSid
-  - RtlSubAuthoritySid
-  - KeDelayExecutionThread
-  - ExGetPreviousMode
-  - DbgPrint
-  - swprintf
-  - RtlCopyUnicodeString
-  - PsGetVersion
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ObReferenceObjectByHandle
-  - PsGetCurrentProcessId
-  - ZwCreateEvent
-  - ExEventObjectType
-  - _wcsnicmp
-  - PsSetCreateProcessNotifyRoutine
-  - ZwQueryInformationProcess
-  - PsLookupProcessByProcessId
-  - ZwOpenDirectoryObject
-  - ExInitializeResourceLite
-  - ExDeleteResourceLite
-  - ZwCreateFile
-  - ZwQueryInformationFile
-  - ZwSetInformationFile
-  - ZwReadFile
-  - ZwWriteFile
-  - towupper
-  - MmGetSystemRoutineAddress
-  - ObReferenceObjectByPointer
-  - MmIsAddressValid
-  - PsGetCurrentThreadId
-  - ObQueryNameString
-  - _snprintf
-  - _vsnprintf
-  - RtlInitAnsiString
-  - RtlAnsiStringToUnicodeString
-  - RtlFreeUnicodeString
-  - RtlTimeToTimeFields
-  - KeWaitForMultipleObjects
-  - ExSystemTimeToLocalTime
-  - wcscat
-  - ZwDeviceIoControlFile
-  - ZwNotifyChangeKey
-  - ZwOpenFile
-  - ZwQueryVolumeInformationFile
-  - mbstowcs
-  - _stricmp
-  - IoGetDeviceObjectPointer
-  - RtlImageNtHeader
-  - ZwQuerySystemInformation
-  - IoBuildDeviceIoControlRequest
-  - IofCallDriver
-  - IoCreateFile
-  - RtlEqualUnicodeString
-  - RtlAppendUnicodeStringToString
-  - RtlUpcaseUnicodeChar
-  - _snwprintf
-  - strlen
-  - _strnicmp
-  - strncpy
-  - NtOpenProcess
-  - NtQueryInformationProcess
-  - ObOpenObjectByName
-  - KeSetPriorityThread
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - KeNumberProcessors
-  - RtlLengthSecurityDescriptor
-  - ZwOpenKey
-  - ZwDeleteKey
-  - ZwDeleteValueKey
-  - ZwEnumerateKey
-  - ZwEnumerateValueKey
-  - ZwQueryKey
-  - ZwQueryValueKey
-  - ZwSetValueKey
-  - ZwTerminateProcess
-  - ZwOpenProcess
-  - ZwDuplicateObject
-  - ZwQuerySecurityObject
-  - ZwSetSecurityObject
-  - ZwQueryDirectoryObject
-  - ZwQueryDirectoryFile
-  - NtCreateFile
-  - NtQueryInformationFile
-  - NtSetInformationFile
-  - IoFileObjectType
-  - ObInsertObject
-  - wcschr
-  - wcsncmp
-  - RtlQueryRegistryValues
-  - RtlAppendUnicodeToString
-  - RtlCompareMemory
-  - MmBuildMdlForNonPagedPool
-  - IoAllocateIrp
-  - IoFreeIrp
-  - ZwOpenSymbolicLinkObject
-  - ZwQuerySymbolicLinkObject
-  - RtlUpcaseUnicodeString
-  - NtClose
-  - ZwSetInformationObject
-  - SeQueryAuthenticationIdToken
-  - MmSystemRangeStart
-  - IoGetFileObjectGenericMapping
-  - ObCreateObject
-  - SeCreateAccessState
-  - IoAcquireVpbSpinLock
-  - IoReleaseVpbSpinLock
-  - wcstombs
-  - strncat
-  - wcsncat
-  - RtlUnicodeStringToAnsiString
-  - RtlFreeAnsiString
-  - strcpy
-  - wcsstr
-  - RtlCompareUnicodeString
-  - DbgPrintEx
-  - KeAcquireSpinLockRaiseToDpc
-  - KeReleaseSpinLock
-  - ExAllocatePool
-  - ExpInterlockedPopEntrySList
-  - IoBuildSynchronousFsdRequest
-  - IoGetStackLimits
-  - IoGetDeviceInterfaces
-  - IoRegisterPlugPlayNotification
-  - IoUnregisterPlugPlayNotification
-  - IoGetConfigurationInformation
-  - FsRtlIsNameInExpression
-  - IoDeviceObjectType
-  - IoCreateDevice
-  - RtlGetOwnerSecurityDescriptor
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetSaclSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - RtlLengthSid
-  - SeExports
-  - IoIsWdmVersionAvailable
-  - RtlAbsoluteToSelfRelativeSD
-  - ZwCreateKey
-  - _purecall
-  - KeBugCheckEx
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO
-        SHA,1 Time Stamping Signer
-      ValidFrom: '2015-12-31 00:00:00'
-      ValidTo: '2019-07-09 18:40:36'
-      Signature: ba332440408c7cdb589fb36098b2f5c031feeb1f6e50f60ae0e4e681ad2687a2dffdb3daf473f300fb291b891b153edb6b52932bc4ac3981d73c67579a3936e028089ae3394f9b89097f7bc5617f598932250a6aae1a3ef0a227a8b6c3b887f7160448413d5cd8ec9f4d203104d965a1edcd690753163ddd36020a88eb40e506300bb8164bdcefbc5509ffc63e122e76b3dcce42eff97657e1b70a054098589a5d711693718c6581ea6ff389f7fb73adb4e7bfd98e6faa0b4f25f3b8e1d5dd75986881f8aac0d180c2c4c43989c1f6c99e6cd774f9d997f84fc29a0acd5e8ff819e9e0a59fc4f09221e62d7925c922f9c3f03a8457ad3a16f46394101d5dd0c6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1688f039255e638e69143907e6330b
-      Version: 3
-      TBS:
-        MD5: 0179e8ddeebaf8998fec419d65cdf13d
-        SHA1: 34c724c3369f2da8c25b591808962f66f10bde28
-        SHA256: 35b0bac11602847aaab65fb35199d3c8976cde3ccf7e061b130177c712cbd92f
-        SHA384: 85f2e758b5480eb225ae42777ed339de71da458c1d40677c0fb6ef8e560e42764a577335e4839b5342061c31ee837b6e
-    - Subject: C=TW, ST=Taiwan, L=Taipei, O=Trend Micro, Inc., CN=Trend Micro, Inc.
-      ValidFrom: '2016-03-29 00:00:00'
-      ValidTo: '2017-06-28 23:59:59'
-      Signature: 27351697f046d1d43fe306dff30b83e7a404e3e6431c1e06829c558d99eb3f21776021e3e1bd4e485aba08b89bb0972f23daa471d7b432a44a591270f9a838f13dbda32ee936c0df792cff8c493e1f27b2282b3d896ae7b4155ca1a50bf7111f3f4bbbe11f17cfe5d49c0589c210966ef7e567153e802d2e783ff498c59585598d9d3e93273d1e81c07ce85c0cfb24834d448c3930120f1686bd472d916ac8f9475acfdb27be8528311f668d71dfc132a0ff62df7baa575a0cc732b3de003beca214954d4d97cf9511b9329eccbb7b716675b31e543a43570080dffce3fc8ca8fbb17d954b9678e2d0c1e1710a5cf03952a687fede59dcba3bf98900f9934f12
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 774d49c5649436de6bf3190a67eedcdf
-      Version: 3
-      TBS:
-        MD5: b3ca7d6b821d8e3432b29874980af55e
-        SHA1: 618d7e55a24c1d8b65a0bcce79120c5e3b13fa4d
-        SHA256: c645c6a7dc7243a4a3f78a6569c029401a7bda8bc4732ce7198d9f21f19b12fa
-        SHA384: a215ae468847498103234ed023774ba72f8d35f82f2fef5ca8521f020e7ea9c1f2df2a312743bff5fa65747b0760ec59
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 774d49c5649436de6bf3190a67eedcdf
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: f24ab92249f890976db4810956894104
-    SHA1: 5abe3da2e90de43df4ee61c89b8adb402176edb3
-    SHA256: da02581a92aa11134e23d9ee3cf7d60945700fec9b37c0a3365e2aebe68ec5b3
-  Sections:
-    .text:
-      Entropy: 5.86389192642893
-      Virtual Size: '0x4f325'
-    .rdata:
-      Entropy: 3.427567442847141
-      Virtual Size: '0x6104'
-    .data:
-      Entropy: 4.655791914208071
-      Virtual Size: '0x325c'
-    .pdata:
-      Entropy: 5.512999023457541
-      Virtual Size: '0x3a2c'
-    PAGE:
-      Entropy: 6.291915046471805
-      Virtual Size: '0x1ae4'
-    .edata:
-      Entropy: 5.779149360804799
-      Virtual Size: '0x5834'
-    INIT:
-      Entropy: 5.341865740296962
-      Virtual Size: '0x18a6'
-    .rsrc:
-      Entropy: 3.355484856716838
-      Virtual Size: '0x560'
-    .reloc:
-      Entropy: 5.322414751159131
-      Virtual Size: '0x4c8'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2016-08-01 21:07:52'
-  Imphash: 60805da513b95c3d18a93b988bdfb58f
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: TmComm.sys
-  MD5: 996ded363410dfd38af50c76bd5b4fbc
-  SHA1: d7597d27eeb2658a7c7362193f4e5c813c5013e5
-  SHA256: fca10cde7d331b7f614118682d834d46125a65888e97bd9fda2df3f15797166c
-  Authentihash:
-    MD5: 8668e5f58ae2a95ada7f83f280974cba
-    SHA1: 0ad65356dae97eebd80c059e1ee1ec39c8119b95
-    SHA256: 683f0af364f8a19f81d2e095e17de6d403ba3672bdf4a1caf601bca5b57454df
-  Description: TrendMicro Common Module
-  Company: Trend Micro Inc.
-  InternalName: TmComm.sys
-  OriginalFilename: TmComm.sys
-  FileVersion: 6.70.0.1129
-  Product: Trend Micro Eyes
-  ProductVersion: '6.70'
-  Copyright: Copyright  (C)  2020 Trend Micro Incorporated. All rights reserved.
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions:
-  - ??0CAutoUpdateConfigThread@@QEAA@AEBV0@@Z
-  - ??0CAutoUpdateConfigThread@@QEAA@PEAU_UNICODE_STRING@@P6AX0PEAX@Z1@Z
-  - ??0CBlobConfig@@QEAA@AEBV0@@Z
-  - ??0CBlobConfig@@QEAA@K@Z
-  - ??0CContext@@QEAA@AEBV0@@Z
-  - ??0CContext@@QEAA@KP6AJPEAU_EVENT_REPORT@@PEAXPEAU_TMCE_REPORT@@PEAU_TMCE_FEEDBACK@@@Z1K@Z
-  - ??0CContextList@@QEAA@AEBV0@@Z
-  - ??0CContextList@@QEAA@KPEAVIMemoryAllocator@@@Z
-  - ??0CDebugLog@@QEAA@AEBV0@@Z
-  - ??0CDebugLog@@QEAA@PEBG@Z
-  - ??0CDebugLogEx@@QEAA@AEBV0@@Z
-  - ??0CDebugLogEx@@QEAA@K@Z
-  - ??0CDelayLoadThread@@QEAA@AEBV0@@Z
-  - ??0CDelayLoadThread@@QEAA@XZ
-  - ??0CExclusionExtConfig@@QEAA@AEBV0@@Z
-  - ??0CExclusionExtConfig@@QEAA@KKE@Z
-  - ??0CExclusionFileNameConfig@@QEAA@AEBV0@@Z
-  - ??0CExclusionFileNameConfig@@QEAA@KK@Z
-  - ??0CExclusionFilePathConfig@@QEAA@AEBV0@@Z
-  - ??0CExclusionFilePathConfig@@QEAA@KK@Z
-  - ??0CExclusionFolderConfig@@QEAA@AEBV0@@Z
-  - ??0CExclusionFolderConfig@@QEAA@KK@Z
-  - ??0CExclusionRegistryConfig@@QEAA@AEBV0@@Z
-  - ??0CExclusionRegistryConfig@@QEAA@KK@Z
-  - ??0CFile@@QEAA@AEBV0@@Z
-  - ??0CFile@@QEAA@E@Z
-  - ??0CFileExtension@@QEAA@AEBV0@@Z
-  - ??0CFileExtension@@QEAA@KEEPEAVIMemoryAllocator@@@Z
-  - ??0CInclusionExtConfig@@QEAA@AEBV0@@Z
-  - ??0CInclusionExtConfig@@QEAA@KKE@Z
-  - ??0CInclusionFileNameConfig@@QEAA@AEBV0@@Z
-  - ??0CInclusionFileNameConfig@@QEAA@KK@Z
-  - ??0CInclusionFilePathConfig@@QEAA@AEBV0@@Z
-  - ??0CInclusionFilePathConfig@@QEAA@KK@Z
-  - ??0CInclusionFolderConfig@@QEAA@AEBV0@@Z
-  - ??0CInclusionFolderConfig@@QEAA@KK@Z
-  - ??0CKEvent@@QEAA@AEBV0@@Z
-  - ??0CKEvent@@QEAA@W4_EVENT_TYPE@@E@Z
-  - ??0CList@@QEAA@AEBV0@@Z
-  - ??0CList@@QEAA@KPEAVIMemoryAllocator@@@Z
-  - ??0CLockEvent@@QEAA@AEBV0@@Z
-  - ??0CLockEvent@@QEAA@XZ
-  - ??0CLockList@@QEAA@AEBV0@@Z
-  - ??0CLockList@@QEAA@KKPEAVIMemoryAllocator@@@Z
-  - ??0CMemoryAllocator@@IEAA@W4_POOL_TYPE@@K@Z
-  - ??0CMemoryAllocator@@QEAA@AEBV0@@Z
-  - ??0CMemoryPoolAllocator@@IEAA@W4_POOL_TYPE@@_K1K@Z
-  - ??0CMemoryPoolAllocator@@QEAA@AEBV0@@Z
-  - ??0CModuleConfig@@QEAA@AEBV0@@Z
-  - ??0CModuleConfig@@QEAA@XZ
-  - ??0CModuleConfigList@@QEAA@AEBV0@@Z
-  - ??0CModuleConfigList@@QEAA@KPEAVIMemoryAllocator@@@Z
-  - ??0CModuleFileExtConfig@@QEAA@AEBV0@@Z
-  - ??0CModuleFileExtConfig@@QEAA@KKE@Z
-  - ??0CModuleFlagConfig@@QEAA@AEBV0@@Z
-  - ??0CModuleFlagConfig@@QEAA@K@Z
-  - ??0CModuleMultiStringConfig@@QEAA@AEBV0@@Z
-  - ??0CModuleMultiStringConfig@@QEAA@KK@Z
-  - ??0CModuleStringConfig@@QEAA@AEBV0@@Z
-  - ??0CModuleStringConfig@@QEAA@K@Z
-  - ??0CNoLockList@@QEAA@AEBV0@@Z
-  - ??0CNoLockList@@QEAA@KKPEAVIMemoryAllocator@@@Z
-  - ??0CSmartLock@@QEAA@AEAVCLockEvent@@@Z
-  - ??0CSmartLock@@QEAA@XZ
-  - ??0CSmartReference@@QEAA@AEAJ@Z
-  - ??0CSmartReference@@QEAA@AEAK@Z
-  - ??0CSmartResource@@QEAA@AEAVCResource@@E@Z
-  - ??0CStrList@@QEAA@AEBV0@@Z
-  - ??0CStrList@@QEAA@KPEAVIMemoryAllocator@@@Z
-  - ??0CSystemThread@@QEAA@AEBV0@@Z
-  - ??0CSystemThread@@QEAA@K@Z
-  - ??0CUserFuncAdapterJob@@QEAA@AEBV0@@Z
-  - ??0CUserFuncAdapterJob@@QEAA@P6AXPEAX@Z01@Z
-  - ??0CWorkerThread@@IEAA@PEAVCWorkerThreadJobQueue@@@Z
-  - ??0CWorkerThread@@QEAA@AEBV0@@Z
-  - ??0CWorkerThreadJob@@QEAA@AEBV0@@Z
-  - ??0CWorkerThreadJob@@QEAA@E@Z
-  - ??0CWorkerThreadJobQueue@@QEAA@AEBV0@@Z
-  - ??0CWorkerThreadJobQueue@@QEAA@K@Z
-  - ??0CWorkerThreadPool@@QEAA@AEBV0@@Z
-  - ??0CWorkerThreadPool@@QEAA@K@Z
-  - ??0CWorkerThreadPoolEx@@QEAA@AEBV0@@Z
-  - ??0CWorkerThreadPoolEx@@QEAA@KK@Z
-  - ??0IMemoryAllocator@@QEAA@AEBV0@@Z
-  - ??0IMemoryAllocator@@QEAA@XZ
-  - ??1CAutoUpdateConfigThread@@UEAA@XZ
-  - ??1CBlobConfig@@UEAA@XZ
-  - ??1CContext@@UEAA@XZ
-  - ??1CContextList@@UEAA@XZ
-  - ??1CDebugLog@@UEAA@XZ
-  - ??1CDebugLogEx@@UEAA@XZ
-  - ??1CDelayLoadThread@@UEAA@XZ
-  - ??1CExclusionExtConfig@@UEAA@XZ
-  - ??1CExclusionFileNameConfig@@UEAA@XZ
-  - ??1CExclusionFilePathConfig@@UEAA@XZ
-  - ??1CExclusionFolderConfig@@UEAA@XZ
-  - ??1CExclusionRegistryConfig@@UEAA@XZ
-  - ??1CFile@@UEAA@XZ
-  - ??1CFileExtension@@UEAA@XZ
-  - ??1CInclusionExtConfig@@UEAA@XZ
-  - ??1CInclusionFileNameConfig@@UEAA@XZ
-  - ??1CInclusionFilePathConfig@@UEAA@XZ
-  - ??1CInclusionFolderConfig@@UEAA@XZ
-  - ??1CKEvent@@UEAA@XZ
-  - ??1CList@@UEAA@XZ
-  - ??1CLockEvent@@UEAA@XZ
-  - ??1CLockList@@UEAA@XZ
-  - ??1CMemoryAllocator@@UEAA@XZ
-  - ??1CMemoryPoolAllocator@@UEAA@XZ
-  - ??1CModuleConfig@@UEAA@XZ
-  - ??1CModuleConfigList@@UEAA@XZ
-  - ??1CModuleFileExtConfig@@UEAA@XZ
-  - ??1CModuleFlagConfig@@UEAA@XZ
-  - ??1CModuleMultiStringConfig@@UEAA@XZ
-  - ??1CModuleStringConfig@@UEAA@XZ
-  - ??1CNoLockList@@UEAA@XZ
-  - ??1CSmartLock@@QEAA@XZ
-  - ??1CSmartReference@@QEAA@XZ
-  - ??1CSmartResource@@QEAA@XZ
-  - ??1CStrList@@UEAA@XZ
-  - ??1CSystemThread@@UEAA@XZ
-  - ??1CUserFuncAdapterJob@@UEAA@XZ
-  - ??1CWorkerThread@@UEAA@XZ
-  - ??1CWorkerThreadJob@@UEAA@XZ
-  - ??1CWorkerThreadJobQueue@@UEAA@XZ
-  - ??1CWorkerThreadPool@@UEAA@XZ
-  - ??1CWorkerThreadPoolEx@@UEAA@XZ
-  - ??1IMemoryAllocator@@UEAA@XZ
-  - ??2@YAPEAX_KPEAVIMemoryAllocator@@PEBDK@Z
-  - ??2CMemoryAllocator@@SAPEAX_K@Z
-  - ??2CMemoryPoolAllocator@@SAPEAX_K@Z
-  - ??3@YAXPEAX@Z
-  - ??3IMemoryAllocator@@SAXPEAX@Z
-  - ??4CAutoUpdateConfigThread@@QEAAAEAV0@AEBV0@@Z
-  - ??4CBlobConfig@@QEAAAEAV0@AEBV0@@Z
-  - ??4CContext@@QEAAAEAV0@AEBV0@@Z
-  - ??4CDebugLog@@QEAAAEAV0@AEBV0@@Z
-  - ??4CDebugLogEx@@QEAAAEAV0@AEBV0@@Z
-  - ??4CDelayLoadThread@@QEAAAEAV0@AEBV0@@Z
-  - ??4CFile@@QEAAAEAV0@AEBV0@@Z
-  - ??4CKEvent@@QEAAAEAV0@AEBV0@@Z
-  - ??4CLockEvent@@QEAAAEAV0@AEBV0@@Z
-  - ??4CMemoryAllocator@@QEAAAEAV0@AEBV0@@Z
-  - ??4CMemoryPoolAllocator@@QEAAAEAV0@AEBV0@@Z
-  - ??4CModuleConfig@@QEAAAEAV0@AEBV0@@Z
-  - ??4CModuleFlagConfig@@QEAAAEAV0@AEBV0@@Z
-  - ??4CModuleStringConfig@@QEAAAEAV0@AEBV0@@Z
-  - ??4CSmartLock@@QEAAAEAV0@AEBV0@@Z
-  - ??4CSmartLock@@QEAAAEBV0@AEAVCLockEvent@@@Z
-  - ??4CSmartResource@@QEAAAEAV0@AEBV0@@Z
-  - ??4CSystemThread@@QEAAAEAV0@AEBV0@@Z
-  - ??4CUserFuncAdapterJob@@QEAAAEAV0@AEBV0@@Z
-  - ??4CWorkerThread@@QEAAAEAV0@AEBV0@@Z
-  - ??4CWorkerThreadJob@@QEAAAEAV0@AEBV0@@Z
-  - ??4IMemoryAllocator@@QEAAAEAV0@AEBV0@@Z
-  - ??_7CAutoUpdateConfigThread@@6B@
-  - ??_7CBlobConfig@@6B@
-  - ??_7CContext@@6B@
-  - ??_7CContextList@@6B@
-  - ??_7CDebugLog@@6B@
-  - ??_7CDebugLogEx@@6B@
-  - ??_7CDelayLoadThread@@6B@
-  - ??_7CExclusionExtConfig@@6B@
-  - ??_7CExclusionFileNameConfig@@6B@
-  - ??_7CExclusionFilePathConfig@@6B@
-  - ??_7CExclusionFolderConfig@@6B@
-  - ??_7CExclusionRegistryConfig@@6B@
-  - ??_7CFile@@6B@
-  - ??_7CFileExtension@@6B@
-  - ??_7CInclusionExtConfig@@6B@
-  - ??_7CInclusionFileNameConfig@@6B@
-  - ??_7CInclusionFilePathConfig@@6B@
-  - ??_7CInclusionFolderConfig@@6B@
-  - ??_7CKEvent@@6B@
-  - ??_7CList@@6B@
-  - ??_7CLockEvent@@6B@
-  - ??_7CLockList@@6B@
-  - ??_7CMemoryAllocator@@6B@
-  - ??_7CMemoryPoolAllocator@@6B@
-  - ??_7CModuleConfig@@6B@
-  - ??_7CModuleConfigList@@6B@
-  - ??_7CModuleFileExtConfig@@6B@
-  - ??_7CModuleFlagConfig@@6B@
-  - ??_7CModuleMultiStringConfig@@6B@
-  - ??_7CModuleStringConfig@@6B@
-  - ??_7CNoLockList@@6B@
-  - ??_7CStrList@@6B@
-  - ??_7CSystemThread@@6B@
-  - ??_7CUserFuncAdapterJob@@6B@
-  - ??_7CWorkerThread@@6B@
-  - ??_7CWorkerThreadJob@@6B@
-  - ??_7CWorkerThreadJobQueue@@6B@
-  - ??_7CWorkerThreadPool@@6B@
-  - ??_7CWorkerThreadPoolEx@@6B@
-  - ??_7IMemoryAllocator@@6B@
-  - ??_FCContextList@@QEAAXXZ
-  - ??_FCFile@@QEAAXXZ
-  - ??_FCFileExtension@@QEAAXXZ
-  - ??_FCModuleConfigList@@QEAAXXZ
-  - ??_FCStrList@@QEAAXXZ
-  - ??_FCSystemThread@@QEAAXXZ
-  - ??_FCWorkerThread@@QEAAXXZ
-  - ??_FCWorkerThreadJob@@QEAAXXZ
-  - ??_FCWorkerThreadJobQueue@@QEAAXXZ
-  - ??_U@YAPEAX_KPEAVIMemoryAllocator@@PEBDK@Z
-  - ??_V@YAXPEAX@Z
-  - ?Acquire@CLockEvent@@QEAAXXZ
-  - ?Add@CContextList@@QEAAEPEAVCContext@@@Z
-  - ?Add@CFileExtension@@QEAAEPEBGK@Z
-  - ?Add@CModuleConfigList@@QEAAEPEAVCModuleConfig@@@Z
-  - ?Add@CStrList@@QEAAEPEBG@Z
-  - ?AddNode@CLockList@@UEAAEQEAXE@Z
-  - ?AddNode@CNoLockList@@UEAAEQEAXE@Z
-  - ?Alloc@CMemoryAllocator@@UEAAPEAX_KPEBDK@Z
-  - ?Alloc@CMemoryPoolAllocator@@UEAAPEAX_KPEBDK@Z
-  - ?AllocBlock@CMemoryPoolAllocator@@IEAAPEAX_K@Z
-  - ?AttachJobQueue@CWorkerThread@@QEAAXPEAVCWorkerThreadJobQueue@@@Z
-  - ?Cancel@CWorkerThreadJob@@QEAAXXZ
-  - ?CheckNode@CLockList@@UEAAHQEAX@Z
-  - ?CheckNode@CNoLockList@@UEAAHQEAX@Z
-  - ?CleanQueue@CWorkerThreadJobQueue@@QEAAXXZ
-  - ?Cleanup@CBlobConfig@@AEAAXXZ
-  - ?Cleanup@CModuleFileExtConfig@@IEAAXXZ
-  - ?Cleanup@CModuleMultiStringConfig@@IEAAXXZ
-  - ?Cleanup@CModuleStringConfig@@AEAAXXZ
-  - ?Close@CFile@@QEAAJXZ
-  - ?Count@CLockList@@QEAAKXZ
-  - ?Count@CNoLockList@@QEAAKXZ
-  - ?Create@CFile@@QEAAJPEBGKKKK@Z
-  - ?Create@CSystemThread@@QEAAEXZ
-  - ?CreateInstance@CMemoryAllocator@@SAPEAV1@W4_POOL_TYPE@@K@Z
-  - ?CreateInstance@CMemoryPoolAllocator@@SAPEAV1@W4_POOL_TYPE@@_K1K@Z
-  - ?CreatePool@CWorkerThreadPool@@QEAAEXZ
-  - ?CreatePool@CWorkerThreadPoolEx@@QEAAEXZ
-  - ?CreateThreads@CWorkerThreadPool@@QEAAEK@Z
-  - ?CreateThreads@CWorkerThreadPoolEx@@QEAAEK@Z
-  - ?CreateWIRP@CFile@@QEAAJPEBGKKKK@Z
-  - ?Delete@CFile@@QEAAJXZ
-  - ?Delete@CFileExtension@@QEAAEPEBGK@Z
-  - ?Delete@CStrList@@QEAAEPEBG@Z
-  - ?DeleteAll@CList@@UEAAXXZ
-  - ?DeleteAll@CLockList@@UEAAXXZ
-  - ?DeleteAll@CNoLockList@@UEAAXXZ
-  - ?DeleteNode@CContextList@@MEAAXPEAX@Z
-  - ?DeleteNode@CList@@UEAAXPEAX@Z
-  - ?DeleteNode@CModuleConfigList@@MEAAXPEAX@Z
-  - ?DeleteNode@CStrList@@EEAAXPEAU_STR_LIST_NODE@1@@Z
-  - ?DisableWriteProtectFromCR0@@YAXPEAPEAX@Z
-  - ?DoIt@CWorkerThreadJob@@QEAAJXZ
-  - ?EntryPoint@CSystemThread@@KAXPEAX@Z
-  - ?Find@CContextList@@QEAAPEAVCContext@@K@Z
-  - ?Find@CContextList@@QEAAPEAVCContext@@PEAX@Z
-  - ?Find@CFileExtension@@QEAAPEAU_STR_LIST_NODE@CStrList@@PEBGK@Z
-  - ?Find@CModuleConfigList@@QEAAPEAVCModuleConfig@@K@Z
-  - ?Find@CStrList@@QEAAPEAU_STR_LIST_NODE@1@PEBG@Z
-  - ?FindNode@CContextList@@IEAAPEAXPEAX@Z
-  - ?FindPartiallyAndAllMatch@CStrList@@QEAAPEAU_STR_LIST_NODE@1@PEBG@Z
-  - ?FinishFunction@CUserFuncAdapterJob@@MEAAXXZ
-  - ?FinishIt@CWorkerThreadJob@@QEAAJXZ
-  - ?First@CList@@UEAAPEAXXZ
-  - ?First@CLockList@@UEAAPEAXXZ
-  - ?First@CNoLockList@@UEAAPEAXXZ
-  - ?Free@CMemoryAllocator@@UEAAXPEAX@Z
-  - ?Free@CMemoryPoolAllocator@@UEAAXPEAX@Z
-  - ?GetAttributes@CFile@@QEAAKXZ
-  - ?GetBasicInfomration@CFile@@IEAAJXZ
-  - ?GetBlobCofig@CContext@@UEAAJKPEAXPEAK@Z
-  - ?GetCategory@CContext@@QEAAKXZ
-  - ?GetData@CBlobConfig@@QEAAHPEAXPEAK@Z
-  - ?GetData@CModuleFileExtConfig@@QEAAHPEAGPEAK@Z
-  - ?GetData@CModuleFileExtConfig@@QEAAPEAVCFileExtension@@XZ
-  - ?GetData@CModuleFlagConfig@@QEAAKXZ
-  - ?GetData@CModuleMultiStringConfig@@QEAAHPEAGPEAK@Z
-  - ?GetData@CModuleMultiStringConfig@@QEAAPEAVCStrList@@XZ
-  - ?GetData@CModuleStringConfig@@QEAAPEAGXZ
-  - ?GetData@CStrList@@QEAAEPEAGPEAK@Z
-  - ?GetDataType@CModuleConfig@@QEAAKXZ
-  - ?GetEngineContext@CContext@@QEAAPEAXXZ
-  - ?GetFileExtensionConfig@CContext@@QEAAPEAVCFileExtension@@K@Z
-  - ?GetFileExtensionConfig@CContext@@UEAAJKPEAGPEAK@Z
-  - ?GetFileSize@CFile@@QEAAJPEAT_LARGE_INTEGER@@@Z
-  - ?GetFileSizeWIRP@CFile@@QEAAJPEAT_LARGE_INTEGER@@@Z
-  - ?GetFlagConfig@CContext@@UEAAJKPEAK@Z
-  - ?GetID@CModuleConfig@@QEAAKXZ
-  - ?GetJob@CWorkerThreadJobQueue@@QEAAPEAVCWorkerThreadJob@@XZ
-  - ?GetLength@CModuleStringConfig@@QEAAKXZ
-  - ?GetLinkContext@CContext@@QEAAPEAXXZ
-  - ?GetLogFlag@CDebugLog@@QEAAKXZ
-  - ?GetLogFlag@CDebugLogEx@@QEAAKXZ
-  - ?GetModuleId@CModuleConfig@@QEAAKXZ
-  - ?GetMultiStringConfig@CContext@@QEAAPEAVCStrList@@K@Z
-  - ?GetMultiStringConfig@CContext@@UEAAJKPEAGPEAK@Z
-  - ?GetOneThreadTEB@CWorkerThreadPool@@QEAAPEAU_ETHREAD@@XZ
-  - ?GetOneThreadTEB@CWorkerThreadPool@@QEAAPEAU_KTHREAD@@XZ
-  - ?GetOneThreadTEB@CWorkerThreadPoolEx@@QEAAPEAU_ETHREAD@@XZ
-  - ?GetOneThreadTEB@CWorkerThreadPoolEx@@QEAAPEAU_KTHREAD@@XZ
-  - ?GetReportCallBackRoutine@CContext@@QEAA_KXZ
-  - ?GetSize@CBlobConfig@@QEAAKXZ
-  - ?GetStringConfig@CContext@@QEAAPEAGK@Z
-  - ?GetStringConfig@CContext@@UEAAJKPEAGPEAK@Z
-  - ?GetThreadCount@CWorkerThreadPool@@QEAAKXZ
-  - ?GetThreadCount@CWorkerThreadPoolEx@@QEAAKXZ
-  - ?GetThreadID@CSystemThread@@QEAA_KXZ
-  - ?GetType@CContext@@QEAAKXZ
-  - ?GetUserParameter@CContext@@QEAA_KXZ
-  - ?InitProcMon@CDebugLogEx@@IEAAXXZ
-  - ?InitializeBlobConfig@CContext@@QEAAHKPEAXK@Z
-  - ?InitializeFileExtensionConfig@CContext@@QEAAHKPEBG@Z
-  - ?InitializeFlagConfig@CContext@@QEAAHKK@Z
-  - ?InitializeMultiStringConfig@CContext@@QEAAHKPEBG@Z
-  - ?InitializeStringConfig@CContext@@QEAAHKPEBG@Z
-  - ?Insert@CList@@UEAAXQEAXE@Z
-  - ?Insert@CLockList@@UEAAXQEAXE@Z
-  - ?Insert@CNoLockList@@UEAAXQEAXE@Z
-  - ?InsertAfter@CList@@UEAAXPEAX0@Z
-  - ?InsertBefore@CList@@UEAAXPEAX0@Z
-  - ?Instance@CWorkerThreadPool@@SAPEAV1@XZ
-  - ?IsEmpty@CList@@UEAAEXZ
-  - ?IsEmpty@CLockList@@UEAAEXZ
-  - ?IsEmpty@CNoLockList@@UEAAEXZ
-  - ?IsExceedLimitation@CMemoryPoolAllocator@@IEAAEK@Z
-  - ?IsFull@CLockList@@QEBAEXZ
-  - ?IsFull@CNoLockList@@QEBAEXZ
-  - ?IsInExclusionList@CExclusionExtConfig@@QEAAEPEBG@Z
-  - ?IsInExclusionList@CExclusionFileNameConfig@@QEAAEPEBG@Z
-  - ?IsInExclusionList@CExclusionFilePathConfig@@QEAAEPEBG@Z
-  - ?IsInExclusionList@CExclusionFolderConfig@@QEAAEPEBG@Z
-  - ?IsInExclusionList@CExclusionRegistryConfig@@QEAAEPEBG@Z
-  - ?IsInInclusionList@CInclusionExtConfig@@QEAAEPEBG@Z
-  - ?IsInInclusionList@CInclusionFileNameConfig@@QEAAEPEBG@Z
-  - ?IsInInclusionList@CInclusionFilePathConfig@@QEAAEPEBG@Z
-  - ?IsInInclusionList@CInclusionFolderConfig@@QEAAEPEBG@Z
-  - ?IsOpened@CFile@@QEAAEXZ
-  - ?IsTerminated@CWorkerThreadPool@@QEAAEXZ
-  - ?IsTerminated@CWorkerThreadPoolEx@@QEAAEXZ
-  - ?IsValid@CMemoryAllocator@@UEAAEXZ
-  - ?IsValid@CMemoryPoolAllocator@@UEAAEXZ
-  - ?IsValid@IMemoryAllocator@@UEAAEXZ
-  - ?IsWorkerThread@CWorkerThreadPool@@QEAAE_K@Z
-  - ?IsWorkerThread@CWorkerThreadPoolEx@@QEAAE_K@Z
-  - ?JobFunction@CUserFuncAdapterJob@@MEAAXXZ
-  - ?JobQueue@CWorkerThreadPool@@QEAAAEAVCWorkerThreadJobQueue@@XZ
-  - ?JobQueue@CWorkerThreadPoolEx@@QEAAAEAVCWorkerThreadJobQueue@@XZ
-  - ?Limit@CLockList@@QEAAKXZ
-  - ?Limit@CNoLockList@@QEAAKXZ
-  - ?MatchAllExtensions@CFileExtension@@QEAAEXZ
-  - ?MatchNoExtensions@CFileExtension@@QEAAEXZ
-  - ?MergeLeft@CMemoryPoolAllocator@@IEAAPEAXPEAX@Z
-  - ?MergeRight@CMemoryPoolAllocator@@IEAAPEAXPEAX@Z
-  - ?NeedDelete@CWorkerThreadJob@@QEAAEXZ
-  - ?NeedDeleteWhenFinish@CWorkerThreadJob@@QEAAXE@Z
-  - ?NewNode@CList@@UEAAPEAXXZ
-  - ?NewNode@CStrList@@EEAAPEAXXZ
-  - ?NewNodeVariant@CList@@IEAAPEAXK@Z
-  - ?Next@CList@@UEBAPEAXQEAX@Z
-  - ?Next@CLockList@@UEBAPEAXQEAX@Z
-  - ?Next@CNoLockList@@UEBAPEAXQEAX@Z
-  - ?NextPool@CMemoryPoolAllocator@@QEAAPEAV1@XZ
-  - ?NotityTerminate@CWorkerThread@@QEAAXXZ
-  - ?PostJobToWorkerThread@CWorkerThreadPool@@QEAAJP6AXPEAX@Z0E@Z
-  - ?PostJobToWorkerThread@CWorkerThreadPoolEx@@QEAAJP6AXPEAX@Z0E1@Z
-  - ?Pulse@CKEvent@@QEAAJJE@Z
-  - ?QueueJob@CWorkerThreadJobQueue@@QEAAEPEAVCWorkerThreadJob@@@Z
-  - ?QueueJobItem@CWorkerThreadPool@@QEAAJPEAVCWorkerThreadJob@@@Z
-  - ?QueueJobItem@CWorkerThreadPoolEx@@QEAAJPEAVCWorkerThreadJob@@@Z
-  - ?RCMInstance@CWorkerThreadPool@@SAPEAV1@XZ
-  - ?Read@CFile@@QEAAJPEADKPEAK@Z
-  - ?ReadWIRP@CFile@@QEAAJPEADKPEAK@Z
-  - ?ReferenceCount@CContext@@QEAAAEAKXZ
-  - ?Release@CLockEvent@@QEAAXXZ
-  - ?Remove@CContextList@@UEAAEQEAX@Z
-  - ?Remove@CList@@UEAAEQEAX@Z
-  - ?Remove@CLockList@@UEAAEQEAX@Z
-  - ?Remove@CNoLockList@@UEAAEQEAX@Z
-  - ?RemoveHead@CList@@UEAAPEAXXZ
-  - ?RemoveHead@CLockList@@UEAAPEAXXZ
-  - ?RemoveHead@CNoLockList@@UEAAPEAXXZ
-  - ?RemoveTail@CList@@UEAAPEAXXZ
-  - ?RemoveTail@CLockList@@UEAAPEAXXZ
-  - ?RemoveTail@CNoLockList@@UEAAPEAXXZ
-  - ?Reset@CKEvent@@QEAAXXZ
-  - ?ResetData@CInclusionExtConfig@@QEAAXXZ
-  - ?ResetData@CInclusionFileNameConfig@@QEAAXXZ
-  - ?ResetData@CInclusionFilePathConfig@@QEAAXXZ
-  - ?ResetData@CInclusionFolderConfig@@QEAAXXZ
-  - ?RestoreCR0@@YAXPEAX@Z
-  - ?Run@CAutoUpdateConfigThread@@UEAAXXZ
-  - ?Run@CDelayLoadThread@@UEAAXXZ
-  - ?Run@CWorkerThread@@UEAAXXZ
-  - ?SeekToEnd@CFile@@QEAAJXZ
-  - ?Set@CKEvent@@QEAAJJE@Z
-  - ?SetAttributes@CFile@@QEAAJK@Z
-  - ?SetBlobCofig@CContext@@UEAAJKPEAXK@Z
-  - ?SetData@CBlobConfig@@QEAAHPEAXK@Z
-  - ?SetData@CModuleFileExtConfig@@QEAAHPEBG@Z
-  - ?SetData@CModuleFlagConfig@@QEAAHK@Z
-  - ?SetData@CModuleMultiStringConfig@@QEAAHPEBGK@Z
-  - ?SetData@CModuleStringConfig@@QEAAHPEBG@Z
-  - ?SetEngineContext@CContext@@QEAAXPEAX@Z
-  - ?SetFileExtensionConfig@CContext@@UEAAJKPEBG@Z
-  - ?SetFlagConfig@CContext@@UEAAJKK@Z
-  - ?SetLinkContext@CContext@@QEAAXPEAX@Z
-  - ?SetLogFlag@CDebugLog@@QEAAEK@Z
-  - ?SetLogFlag@CDebugLogEx@@QEAAEK@Z
-  - ?SetMatchAllExtensions@CFileExtension@@QEAAXE@Z
-  - ?SetMatchNoExtensions@CFileExtension@@QEAAXE@Z
-  - ?SetMultiStringConfig@CContext@@UEAAJKPEBG@Z
-  - ?SetNewJobItemEvent@CWorkerThreadJobQueue@@QEAAXXZ
-  - ?SetPriority@CSystemThread@@QEAAXK@Z
-  - ?SetStopUse@CContext@@QEAAXXZ
-  - ?SetStringConfig@CContext@@UEAAJKPEBG@Z
-  - ?Setup@CSystemThread@@MEAAXXZ
-  - ?StopUse@CContext@@QEAAHXZ
-  - ?TearDown@CSystemThread@@MEAAXXZ
-  - ?Terminate@CSystemThread@@QEAAXE@Z
-  - ?Terminate@CWorkerThreadPool@@QEAAEXZ
-  - ?Terminate@CWorkerThreadPoolEx@@QEAAEXZ
-  - ?TmExceptionFilter@@YAJPEAU_EXCEPTION_POINTERS@@@Z
-  - ?Wait@CKEvent@@QEAAJPEAT_LARGE_INTEGER@@E@Z
-  - ?WaitFinish@CWorkerThreadJob@@QEAAXXZ
-  - ?WaitForInit@CDelayLoadThread@@QEAAEXZ
-  - ?WaitForLoad@CDelayLoadThread@@QEAAEXZ
-  - ?WaitNewJobAvailable@CWorkerThreadJobQueue@@QEAAEXZ
-  - ?WaitQueueEmpty@CWorkerThreadJobQueue@@QEAAXXZ
-  - ?Write@CDebugLog@@QEAAXPEBDZZ
-  - ?Write@CDebugLogEx@@QEAAXPEBDZZ
-  - ?Write@CFile@@QEAAJPEADKPEAT_LARGE_INTEGER@@PEAK@Z
-  - ?WriteDataToFile@CDebugLogEx@@IEAAXPEADK@Z
-  - ?WriteDataToProcMonW@CDebugLogEx@@IEAAXPEAD@Z
-  - ?WriteSystemInformation@CDebugLog@@QEAAXXZ
-  - ?WriteSystemInformation@CDebugLogEx@@QEAAXXZ
-  - ?WriteSystemStringInformation@CDebugLog@@IEAAXPEBG@Z
-  - ?WriteSystemStringInformation@CDebugLogEx@@IEAAXPEBG@Z
-  - ?WriteToFile@CDebugLog@@IEAAXPEADK@Z
-  - ?WriteToProcMonW@CDebugLogEx@@IEAAXPEAU_UNICODE_STRING@@@Z
-  - ?_pNonPagedAllocator@@3PEAVCMemoryAllocator@@EA
-  - ?_pPagedAllocator@@3PEAVCMemoryAllocator@@EA
-  - ?m_lpInstance@CWorkerThreadPool@@1PEAV1@EA
-  - ?m_lpRCMInstance@CWorkerThreadPool@@1PEAV1@EA
-  - DeInitKm2UmCommunication
-  - DeInitKmLPC
-  - DuplicateFullFileName
-  - FreeFullFileName
-  - GetFileVersionOfNtoskrnl
-  - GetKm2UmMode
-  - GetModuleInfoByAddress
-  - GetModuleInfoByModuleName
-  - InitKm2UmCommunication
-  - InitKmLPC
-  - IsWindows8_1_update
-  - KmCallUm
-  - KmCallUmByLPC
-  - KmCallUmEx
-  - KmCleanupCommPortAPIs
-  - KmGetUmInitProcess
-  - KmSetCommPortAPIs
-  - ModGetExportProcAddress
-  - ModLoadDLLToBuffer
-  - ModLoadDLLToBufferWithImageSize
-  - ModLoadModule
-  - ModUnLoadModule
-  - NormalizeFileName
-  - NormalizeFileName1
-  - NormalizeFullNtPathToDosName
-  - NormalizeFullNtPathToDosName1
-  - TmCommConfigRoutine
-  - UtilAddDeviceInDriveTable
-  - UtilAddReparsePointMapping
-  - UtilCleanFileReadOnly
-  - UtilCloseExclusiveHandle
-  - UtilCreateDosFileName
-  - UtilDeleteFileForce
-  - UtilGetDeviceObjectName
-  - UtilGetFileNameFromFileObject
-  - UtilGetFileObjectForProcessByEPROC
-  - UtilGetFileObjectFromFileName
-  - UtilGetProcessName
-  - UtilGetSystemDirectory
-  - UtilGetSystemDirectoryEx
-  - UtilGetSystemDirectoryLength
-  - UtilGetSystemTime
-  - UtilIoSetFileInfo
-  - UtilIopCreateFileIRP
-  - UtilKeGetLowFileDevice
-  - UtilModuleIATHook
-  - UtilModuleIATUnHook
-  - UtilPostJobToWorkerThread
-  - UtilQueryExclusiveHandle
-  - UtilQueryKeyValue
-  - UtilRemoveDeviceFromDriveTable
-  - UtilVolumeDeviceToDosName
-  - UtilWaitValueChangeToZero
-  - UtilWriteVersionToRegistry
-  - UtilbuildDynamicDiskMappingTable
-  - UtlWriteBinValueKeyToRegistry
-  - ValidateAddressWithSize
-  - _ResetProtectFromClose
-  - _UtilDosPathNameToNtPathName
-  ImportedFunctions:
-  - KeLeaveCriticalRegion
-  - wcsncpy
-  - KeEnterCriticalRegion
-  - ExAcquireFastMutexUnsafe
-  - wcsrchr
-  - ExAcquireResourceSharedLite
-  - ExReleaseResourceLite
-  - _purecall
-  - ZwOpenEvent
-  - ZwConnectPort
-  - KeClearEvent
-  - PsProcessType
-  - ExFreePoolWithTag
-  - RtlInitUnicodeString
-  - KeSetEvent
-  - ProbeForWrite
-  - KeUnstackDetachProcess
-  - ZwRequestWaitReplyPort
-  - ZwWaitForSingleObject
-  - DbgBreakPoint
-  - ZwSetEvent
-  - IoGetCurrentProcess
-  - ZwFreeVirtualMemory
-  - ZwClose
-  - ObfReferenceObject
-  - ObfDereferenceObject
-  - RtlUnicodeStringToInteger
-  - ZwCreateSection
-  - ObOpenObjectByPointer
-  - KeStackAttachProcess
-  - KePulseEvent
-  - ZwAllocateVirtualMemory
-  - ObGetObjectSecurity
-  - SeAccessCheck
-  - SeReleaseSubjectContext
-  - SeCaptureSubjectContext
-  - PsThreadType
-  - ObReleaseObjectSecurity
-  - PsGetProcessExitTime
-  - MmSectionObjectType
-  - DbgPrint
-  - ExDeleteResourceLite
-  - ExInitializeResourceLite
-  - ZwReadFile
-  - swprintf
-  - ZwSetInformationFile
-  - ZwCreateFile
-  - ZwQueryInformationFile
-  - ZwWriteFile
-  - _wcsnicmp
-  - towupper
-  - ExAllocatePoolWithTag
-  - KeInitializeEvent
-  - ZwCreateEvent
-  - ZwCreateKey
-  - RtlAnsiStringToUnicodeString
-  - ZwNotifyChangeKey
-  - RtlInitAnsiString
-  - _snprintf
-  - RtlFreeUnicodeString
-  - ExSystemTimeToLocalTime
-  - _vsnprintf
-  - ObReferenceObjectByHandle
-  - RtlTimeToTimeFields
-  - ZwDeviceIoControlFile
-  - PsGetCurrentThreadId
-  - PsGetCurrentProcessId
-  - KeWaitForMultipleObjects
-  - ExGetPreviousMode
-  - RtlEqualUnicodeString
-  - RtlPrefixUnicodeString
-  - RtlAppendUnicodeStringToString
-  - RtlCopyUnicodeString
-  - RtlUpcaseUnicodeChar
-  - KeWaitForSingleObject
-  - KeSetPriorityThread
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - MmIsAddressValid
-  - KeDelayExecutionThread
-  - KeNumberProcessors
-  - PsLookupProcessByProcessId
-  - PsSetCreateProcessNotifyRoutine
-  - ZwOpenDirectoryObject
-  - ZwQueryInformationProcess
-  - ZwQuerySecurityObject
-  - NtSetInformationFile
-  - ZwDeleteValueKey
-  - ZwSetValueKey
-  - ZwQuerySystemInformation
-  - NtQueryInformationFile
-  - IoFileObjectType
-  - ZwQueryValueKey
-  - ZwQueryDirectoryFile
-  - NtCreateFile
-  - ZwEnumerateValueKey
-  - RtlLengthSecurityDescriptor
-  - ZwQueryDirectoryObject
-  - ZwSetSecurityObject
-  - ZwDuplicateObject
-  - ZwOpenProcess
-  - ExReleaseFastMutexUnsafe
-  - ZwDeleteKey
-  - ZwEnumerateKey
-  - ZwQueryKey
-  - ZwOpenKey
-  - MmSystemRangeStart
-  - _stricmp
-  - _strnicmp
-  - mbstowcs
-  - ProbeForRead
-  - RtlUpcaseUnicodeString
-  - _snwprintf
-  - ZwQuerySymbolicLinkObject
-  - ZwMapViewOfSection
-  - MmGetSystemRoutineAddress
-  - RtlAppendUnicodeToString
-  - IoCreateFile
-  - RtlQueryRegistryValues
-  - MmBuildMdlForNonPagedPool
-  - ZwOpenSymbolicLinkObject
-  - IoFreeMdl
-  - ObQueryNameString
-  - ZwUnmapViewOfSection
-  - NtClose
-  - IoFreeIrp
-  - PsGetVersion
-  - IoAllocateIrp
-  - RtlCompareMemory
-  - MmUnlockPages
-  - ZwSetInformationObject
-  - ZwOpenFile
-  - wcsncmp
-  - RtlImageNtHeader
-  - IoAllocateMdl
-  - IofCallDriver
-  - ZwQueryVolumeInformationFile
-  - ObReferenceObjectByPointer
-  - IoBuildDeviceIoControlRequest
-  - ZwOpenSection
-  - RtlSubAuthoritySid
-  - RtlLengthRequiredSid
-  - ExReleaseFastMutex
-  - ExAcquireFastMutex
-  - RtlCreateAcl
-  - RtlSetDaclSecurityDescriptor
-  - RtlAddAccessAllowedAce
-  - KeInitializeSemaphore
-  - KeReleaseSemaphore
-  - RtlInitializeSid
-  - RtlCreateSecurityDescriptor
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - IoGetDeviceObjectPointer
-  - ExEventObjectType
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - ObOpenObjectByName
-  - NtQueryInformationProcess
-  - strncpy
-  - NtOpenProcess
-  - ObInsertObject
-  - IoAcquireVpbSpinLock
-  - SeCreateAccessState
-  - IoGetFileObjectGenericMapping
-  - ObCreateObject
-  - KeAcquireQueuedSpinLock
-  - KeReleaseQueuedSpinLock
-  - IoReleaseVpbSpinLock
-  - wcschr
-  - IoGetConfigurationInformation
-  - IoRegisterPlugPlayNotification
-  - IoGetStackLimits
-  - IoBuildSynchronousFsdRequest
-  - KeReleaseSpinLock
-  - ExpInterlockedPopEntrySList
-  - FsRtlIsNameInExpression
-  - wcsstr
-  - ExAllocatePool
-  - IoUnregisterPlugPlayNotification
-  - MmProbeAndLockPages
-  - RtlCompareUnicodeString
-  - IoGetDeviceInterfaces
-  - KeAcquireSpinLockRaiseToDpc
-  - KeBugCheckEx
-  - IoCreateDevice
-  - IoDeviceObjectType
-  - SeCaptureSecurityDescriptor
-  - RtlAbsoluteToSelfRelativeSD
-  - IoIsWdmVersionAvailable
-  - SeExports
-  - RtlLengthSid
-  - RtlGetSaclSecurityDescriptor
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - ZwTerminateProcess
-  - ExAcquireResourceExclusiveLite
-  - __C_specific_handler
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: ??=TW, ??=Private Organization, serialNumber=23310837, C=TW, ST=Taipei
-        City, L=Daan District, O=Trend Micro, Inc., CN=Trend Micro, Inc.
-      ValidFrom: '2020-08-07 00:00:00'
-      ValidTo: '2021-04-15 12:00:00'
-      Signature: 578aa329d98f23e576b6937a3146ca65f1ec8da04b5ec5f4c499436cfe710be5660f7c864950d9276a6dfdd2341048e6fe4f51044e7fce164f3b9203035bc3d311991685fbce0d90a4c7b2b511d0d3ba37b3558eae76db3ab30f4a2ef102faad1820e26b5fcbc216b368980655de80fe7177f9f1a80c75e4a0a21451a59c86986e5348318da4d295e8d02520fa674ce89756903b25521b5ad358f8328c5591a9702494cc24e340418dbcf08ef06214a8e90c4836dc6f8465fd59385bd56407d83bfc8a633e8125c523ff23dd8c669169848668d5aefe059ee5091e1776ec4686efd0d6ccee0e0bea5922ee41fb36e63d5704633f85115f9584926bdb708a9edb
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0f6146af9397c7fa04b13c2d0279a1ba
-      Version: 3
-      TBS:
-        MD5: df4ab4b67a0e9b1f9ec4a1ad9ea6052a
-        SHA1: dc1d0c4be3072afed8b0739a21b87b14292815e0
-        SHA256: 9c8450b3fa641a421a545e7e4fa7e1bcb657db4796bef147312c44b7a1b5ffe0
-        SHA384: 696022742c9e2b0213ef1a2c2a42e430a4a0823e7a2e8a5561fa6398964bf70ce95a4847da78efc56e17f75a9ddbd105
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA
-      ValidFrom: '2012-04-18 12:00:00'
-      ValidTo: '2027-04-18 12:00:00'
-      Signature: 9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0dd0e3374ac95bdbfa6b434b2a48ec06
-      Version: 3
-      TBS:
-        MD5: f92649915476229b093c211c2b18e6c4
-        SHA1: 2d54c16a8f8b69ccdea48d0603c132f547a5cf75
-        SHA256: 2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
-        SHA384: 511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 0f6146af9397c7fa04b13c2d0279a1ba
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: f4be961fdf2f7511374b1df8df43f982
-    SHA1: 548170450c7a94ed3369b8ea52224efc6207e53e
-    SHA256: afb90f23e79bf9a8d2b7c8cfe6668b65edca751317215ad400d3240b652eea37
-  Sections:
-    .text:
-      Entropy: 6.421875720834917
-      Virtual Size: '0x31c80'
-    .rdata:
-      Entropy: 3.428597518720569
-      Virtual Size: '0x6128'
-    .data:
-      Entropy: 2.99098009328391
-      Virtual Size: '0x35a8'
-    .pdata:
-      Entropy: 5.394401211716848
-      Virtual Size: '0x23f4'
-    PAGE:
-      Entropy: 6.21184090044214
-      Virtual Size: '0x19f7'
-    .edata:
-      Entropy: 5.770740565962119
-      Virtual Size: '0x5805'
-    INIT:
-      Entropy: 5.299636747033507
-      Virtual Size: '0x17d2'
-    .rsrc:
-      Entropy: 3.3710034705474916
-      Virtual Size: '0x568'
-    .reloc:
-      Entropy: 4.0313065892955455
-      Virtual Size: '0x7be'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2020-08-25 02:07:44'
-  Imphash: fbcdb079e9c13a82f98b79bb6ce86175
-  LoadsDespiteHVCI: 'TRUE'
-- Filename: TmComm.sys
-  MD5: 148bd10da8c8d64928a213c7bf1f2fca
-  SHA1: dfd801b6c2715f5525f8ffb38e3396a5ad9b831d
-  SHA256: fda93c6e41212e86af07f57ca95db841161f00b08dae6304a51b467056e56280
-  Authentihash:
-    MD5: 4fdf46c89a0eb3a5482552a69bd4e21e
-    SHA1: 1a45053380feb519b9388c513b8867b0b40d8b8b
-    SHA256: ef0dbc4c4735f30e96e16375b18c2f5fa58e15ef60d17786e39e616a4438e264
-  Description: TrendMicro Common Module
-  Company: Trend Micro Inc.
-  InternalName: TmComm.sys
-  OriginalFilename: TmComm.sys
-  FileVersion: 6.70.0.1117
-  Product: Trend Micro Eyes
-  ProductVersion: '6.70'
-  Copyright: Copyright  (C)  2019 Trend Micro Incorporated. All rights reserved.
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions:
-  - ??0CAutoUpdateConfigThread@@QEAA@AEBV0@@Z
-  - ??0CAutoUpdateConfigThread@@QEAA@PEAU_UNICODE_STRING@@P6AX0PEAX@Z1@Z
-  - ??0CBlobConfig@@QEAA@AEBV0@@Z
-  - ??0CBlobConfig@@QEAA@K@Z
-  - ??0CContext@@QEAA@AEBV0@@Z
-  - ??0CContext@@QEAA@KP6AJPEAU_EVENT_REPORT@@PEAXPEAU_TMCE_REPORT@@PEAU_TMCE_FEEDBACK@@@Z1K@Z
-  - ??0CContextList@@QEAA@AEBV0@@Z
-  - ??0CContextList@@QEAA@KPEAVIMemoryAllocator@@@Z
-  - ??0CDebugLog@@QEAA@AEBV0@@Z
-  - ??0CDebugLog@@QEAA@PEBG@Z
-  - ??0CDebugLogEx@@QEAA@AEBV0@@Z
-  - ??0CDebugLogEx@@QEAA@K@Z
-  - ??0CDelayLoadThread@@QEAA@AEBV0@@Z
-  - ??0CDelayLoadThread@@QEAA@XZ
-  - ??0CExclusionExtConfig@@QEAA@AEBV0@@Z
-  - ??0CExclusionExtConfig@@QEAA@KKE@Z
-  - ??0CExclusionFileNameConfig@@QEAA@AEBV0@@Z
-  - ??0CExclusionFileNameConfig@@QEAA@KK@Z
-  - ??0CExclusionFilePathConfig@@QEAA@AEBV0@@Z
-  - ??0CExclusionFilePathConfig@@QEAA@KK@Z
-  - ??0CExclusionFolderConfig@@QEAA@AEBV0@@Z
-  - ??0CExclusionFolderConfig@@QEAA@KK@Z
-  - ??0CExclusionRegistryConfig@@QEAA@AEBV0@@Z
-  - ??0CExclusionRegistryConfig@@QEAA@KK@Z
-  - ??0CFile@@QEAA@AEBV0@@Z
-  - ??0CFile@@QEAA@E@Z
-  - ??0CFileExtension@@QEAA@AEBV0@@Z
-  - ??0CFileExtension@@QEAA@KEEPEAVIMemoryAllocator@@@Z
-  - ??0CInclusionExtConfig@@QEAA@AEBV0@@Z
-  - ??0CInclusionExtConfig@@QEAA@KKE@Z
-  - ??0CInclusionFileNameConfig@@QEAA@AEBV0@@Z
-  - ??0CInclusionFileNameConfig@@QEAA@KK@Z
-  - ??0CInclusionFilePathConfig@@QEAA@AEBV0@@Z
-  - ??0CInclusionFilePathConfig@@QEAA@KK@Z
-  - ??0CInclusionFolderConfig@@QEAA@AEBV0@@Z
-  - ??0CInclusionFolderConfig@@QEAA@KK@Z
-  - ??0CKEvent@@QEAA@AEBV0@@Z
-  - ??0CKEvent@@QEAA@W4_EVENT_TYPE@@E@Z
-  - ??0CList@@QEAA@AEBV0@@Z
-  - ??0CList@@QEAA@KPEAVIMemoryAllocator@@@Z
-  - ??0CLockEvent@@QEAA@AEBV0@@Z
-  - ??0CLockEvent@@QEAA@XZ
-  - ??0CLockList@@QEAA@AEBV0@@Z
-  - ??0CLockList@@QEAA@KKPEAVIMemoryAllocator@@@Z
-  - ??0CMemoryAllocator@@IEAA@W4_POOL_TYPE@@K@Z
-  - ??0CMemoryAllocator@@QEAA@AEBV0@@Z
-  - ??0CMemoryPoolAllocator@@IEAA@W4_POOL_TYPE@@_K1K@Z
-  - ??0CMemoryPoolAllocator@@QEAA@AEBV0@@Z
-  - ??0CModuleConfig@@QEAA@AEBV0@@Z
-  - ??0CModuleConfig@@QEAA@XZ
-  - ??0CModuleConfigList@@QEAA@AEBV0@@Z
-  - ??0CModuleConfigList@@QEAA@KPEAVIMemoryAllocator@@@Z
-  - ??0CModuleFileExtConfig@@QEAA@AEBV0@@Z
-  - ??0CModuleFileExtConfig@@QEAA@KKE@Z
-  - ??0CModuleFlagConfig@@QEAA@AEBV0@@Z
-  - ??0CModuleFlagConfig@@QEAA@K@Z
-  - ??0CModuleMultiStringConfig@@QEAA@AEBV0@@Z
-  - ??0CModuleMultiStringConfig@@QEAA@KK@Z
-  - ??0CModuleStringConfig@@QEAA@AEBV0@@Z
-  - ??0CModuleStringConfig@@QEAA@K@Z
-  - ??0CNoLockList@@QEAA@AEBV0@@Z
-  - ??0CNoLockList@@QEAA@KKPEAVIMemoryAllocator@@@Z
-  - ??0CSmartLock@@QEAA@AEAVCLockEvent@@@Z
-  - ??0CSmartLock@@QEAA@XZ
-  - ??0CSmartReference@@QEAA@AEAJ@Z
-  - ??0CSmartReference@@QEAA@AEAK@Z
-  - ??0CSmartResource@@QEAA@AEAVCResource@@E@Z
-  - ??0CStrList@@QEAA@AEBV0@@Z
-  - ??0CStrList@@QEAA@KPEAVIMemoryAllocator@@@Z
-  - ??0CSystemThread@@QEAA@AEBV0@@Z
-  - ??0CSystemThread@@QEAA@K@Z
-  - ??0CUserFuncAdapterJob@@QEAA@AEBV0@@Z
-  - ??0CUserFuncAdapterJob@@QEAA@P6AXPEAX@Z01@Z
-  - ??0CWorkerThread@@IEAA@PEAVCWorkerThreadJobQueue@@@Z
-  - ??0CWorkerThread@@QEAA@AEBV0@@Z
-  - ??0CWorkerThreadJob@@QEAA@AEBV0@@Z
-  - ??0CWorkerThreadJob@@QEAA@E@Z
-  - ??0CWorkerThreadJobQueue@@QEAA@AEBV0@@Z
-  - ??0CWorkerThreadJobQueue@@QEAA@K@Z
-  - ??0CWorkerThreadPool@@QEAA@AEBV0@@Z
-  - ??0CWorkerThreadPool@@QEAA@K@Z
-  - ??0CWorkerThreadPoolEx@@QEAA@AEBV0@@Z
-  - ??0CWorkerThreadPoolEx@@QEAA@KK@Z
-  - ??0IMemoryAllocator@@QEAA@AEBV0@@Z
-  - ??0IMemoryAllocator@@QEAA@XZ
-  - ??1CAutoUpdateConfigThread@@UEAA@XZ
-  - ??1CBlobConfig@@UEAA@XZ
-  - ??1CContext@@UEAA@XZ
-  - ??1CContextList@@UEAA@XZ
-  - ??1CDebugLog@@UEAA@XZ
-  - ??1CDebugLogEx@@UEAA@XZ
-  - ??1CDelayLoadThread@@UEAA@XZ
-  - ??1CExclusionExtConfig@@UEAA@XZ
-  - ??1CExclusionFileNameConfig@@UEAA@XZ
-  - ??1CExclusionFilePathConfig@@UEAA@XZ
-  - ??1CExclusionFolderConfig@@UEAA@XZ
-  - ??1CExclusionRegistryConfig@@UEAA@XZ
-  - ??1CFile@@UEAA@XZ
-  - ??1CFileExtension@@UEAA@XZ
-  - ??1CInclusionExtConfig@@UEAA@XZ
-  - ??1CInclusionFileNameConfig@@UEAA@XZ
-  - ??1CInclusionFilePathConfig@@UEAA@XZ
-  - ??1CInclusionFolderConfig@@UEAA@XZ
-  - ??1CKEvent@@UEAA@XZ
-  - ??1CList@@UEAA@XZ
-  - ??1CLockEvent@@UEAA@XZ
-  - ??1CLockList@@UEAA@XZ
-  - ??1CMemoryAllocator@@UEAA@XZ
-  - ??1CMemoryPoolAllocator@@UEAA@XZ
-  - ??1CModuleConfig@@UEAA@XZ
-  - ??1CModuleConfigList@@UEAA@XZ
-  - ??1CModuleFileExtConfig@@UEAA@XZ
-  - ??1CModuleFlagConfig@@UEAA@XZ
-  - ??1CModuleMultiStringConfig@@UEAA@XZ
-  - ??1CModuleStringConfig@@UEAA@XZ
-  - ??1CNoLockList@@UEAA@XZ
-  - ??1CSmartLock@@QEAA@XZ
-  - ??1CSmartReference@@QEAA@XZ
-  - ??1CSmartResource@@QEAA@XZ
-  - ??1CStrList@@UEAA@XZ
-  - ??1CSystemThread@@UEAA@XZ
-  - ??1CUserFuncAdapterJob@@UEAA@XZ
-  - ??1CWorkerThread@@UEAA@XZ
-  - ??1CWorkerThreadJob@@UEAA@XZ
-  - ??1CWorkerThreadJobQueue@@UEAA@XZ
-  - ??1CWorkerThreadPool@@UEAA@XZ
-  - ??1CWorkerThreadPoolEx@@UEAA@XZ
-  - ??1IMemoryAllocator@@UEAA@XZ
-  - ??2@YAPEAX_KPEAVIMemoryAllocator@@PEBDK@Z
-  - ??2CMemoryAllocator@@SAPEAX_K@Z
-  - ??2CMemoryPoolAllocator@@SAPEAX_K@Z
-  - ??3@YAXPEAX@Z
-  - ??3IMemoryAllocator@@SAXPEAX@Z
-  - ??4CAutoUpdateConfigThread@@QEAAAEAV0@AEBV0@@Z
-  - ??4CBlobConfig@@QEAAAEAV0@AEBV0@@Z
-  - ??4CContext@@QEAAAEAV0@AEBV0@@Z
-  - ??4CDebugLog@@QEAAAEAV0@AEBV0@@Z
-  - ??4CDebugLogEx@@QEAAAEAV0@AEBV0@@Z
-  - ??4CDelayLoadThread@@QEAAAEAV0@AEBV0@@Z
-  - ??4CFile@@QEAAAEAV0@AEBV0@@Z
-  - ??4CKEvent@@QEAAAEAV0@AEBV0@@Z
-  - ??4CLockEvent@@QEAAAEAV0@AEBV0@@Z
-  - ??4CMemoryAllocator@@QEAAAEAV0@AEBV0@@Z
-  - ??4CMemoryPoolAllocator@@QEAAAEAV0@AEBV0@@Z
-  - ??4CModuleConfig@@QEAAAEAV0@AEBV0@@Z
-  - ??4CModuleFlagConfig@@QEAAAEAV0@AEBV0@@Z
-  - ??4CModuleStringConfig@@QEAAAEAV0@AEBV0@@Z
-  - ??4CSmartLock@@QEAAAEAV0@AEBV0@@Z
-  - ??4CSmartLock@@QEAAAEBV0@AEAVCLockEvent@@@Z
-  - ??4CSmartResource@@QEAAAEAV0@AEBV0@@Z
-  - ??4CSystemThread@@QEAAAEAV0@AEBV0@@Z
-  - ??4CUserFuncAdapterJob@@QEAAAEAV0@AEBV0@@Z
-  - ??4CWorkerThread@@QEAAAEAV0@AEBV0@@Z
-  - ??4CWorkerThreadJob@@QEAAAEAV0@AEBV0@@Z
-  - ??4IMemoryAllocator@@QEAAAEAV0@AEBV0@@Z
-  - ??_7CAutoUpdateConfigThread@@6B@
-  - ??_7CBlobConfig@@6B@
-  - ??_7CContext@@6B@
-  - ??_7CContextList@@6B@
-  - ??_7CDebugLog@@6B@
-  - ??_7CDebugLogEx@@6B@
-  - ??_7CDelayLoadThread@@6B@
-  - ??_7CExclusionExtConfig@@6B@
-  - ??_7CExclusionFileNameConfig@@6B@
-  - ??_7CExclusionFilePathConfig@@6B@
-  - ??_7CExclusionFolderConfig@@6B@
-  - ??_7CExclusionRegistryConfig@@6B@
-  - ??_7CFile@@6B@
-  - ??_7CFileExtension@@6B@
-  - ??_7CInclusionExtConfig@@6B@
-  - ??_7CInclusionFileNameConfig@@6B@
-  - ??_7CInclusionFilePathConfig@@6B@
-  - ??_7CInclusionFolderConfig@@6B@
-  - ??_7CKEvent@@6B@
-  - ??_7CList@@6B@
-  - ??_7CLockEvent@@6B@
-  - ??_7CLockList@@6B@
-  - ??_7CMemoryAllocator@@6B@
-  - ??_7CMemoryPoolAllocator@@6B@
-  - ??_7CModuleConfig@@6B@
-  - ??_7CModuleConfigList@@6B@
-  - ??_7CModuleFileExtConfig@@6B@
-  - ??_7CModuleFlagConfig@@6B@
-  - ??_7CModuleMultiStringConfig@@6B@
-  - ??_7CModuleStringConfig@@6B@
-  - ??_7CNoLockList@@6B@
-  - ??_7CStrList@@6B@
-  - ??_7CSystemThread@@6B@
-  - ??_7CUserFuncAdapterJob@@6B@
-  - ??_7CWorkerThread@@6B@
-  - ??_7CWorkerThreadJob@@6B@
-  - ??_7CWorkerThreadJobQueue@@6B@
-  - ??_7CWorkerThreadPool@@6B@
-  - ??_7CWorkerThreadPoolEx@@6B@
-  - ??_7IMemoryAllocator@@6B@
-  - ??_FCContextList@@QEAAXXZ
-  - ??_FCFile@@QEAAXXZ
-  - ??_FCFileExtension@@QEAAXXZ
-  - ??_FCModuleConfigList@@QEAAXXZ
-  - ??_FCStrList@@QEAAXXZ
-  - ??_FCSystemThread@@QEAAXXZ
-  - ??_FCWorkerThread@@QEAAXXZ
-  - ??_FCWorkerThreadJob@@QEAAXXZ
-  - ??_FCWorkerThreadJobQueue@@QEAAXXZ
-  - ??_U@YAPEAX_KPEAVIMemoryAllocator@@PEBDK@Z
-  - ??_V@YAXPEAX@Z
-  - ?Acquire@CLockEvent@@QEAAXXZ
-  - ?Add@CContextList@@QEAAEPEAVCContext@@@Z
-  - ?Add@CFileExtension@@QEAAEPEBGK@Z
-  - ?Add@CModuleConfigList@@QEAAEPEAVCModuleConfig@@@Z
-  - ?Add@CStrList@@QEAAEPEBG@Z
-  - ?AddNode@CLockList@@UEAAEQEAXE@Z
-  - ?AddNode@CNoLockList@@UEAAEQEAXE@Z
-  - ?Alloc@CMemoryAllocator@@UEAAPEAX_KPEBDK@Z
-  - ?Alloc@CMemoryPoolAllocator@@UEAAPEAX_KPEBDK@Z
-  - ?AllocBlock@CMemoryPoolAllocator@@IEAAPEAX_K@Z
-  - ?AttachJobQueue@CWorkerThread@@QEAAXPEAVCWorkerThreadJobQueue@@@Z
-  - ?Cancel@CWorkerThreadJob@@QEAAXXZ
-  - ?CheckNode@CLockList@@UEAAHQEAX@Z
-  - ?CheckNode@CNoLockList@@UEAAHQEAX@Z
-  - ?CleanQueue@CWorkerThreadJobQueue@@QEAAXXZ
-  - ?Cleanup@CBlobConfig@@AEAAXXZ
-  - ?Cleanup@CModuleFileExtConfig@@IEAAXXZ
-  - ?Cleanup@CModuleMultiStringConfig@@IEAAXXZ
-  - ?Cleanup@CModuleStringConfig@@AEAAXXZ
-  - ?Close@CFile@@QEAAJXZ
-  - ?Count@CLockList@@QEAAKXZ
-  - ?Count@CNoLockList@@QEAAKXZ
-  - ?Create@CFile@@QEAAJPEBGKKKK@Z
-  - ?Create@CSystemThread@@QEAAEXZ
-  - ?CreateInstance@CMemoryAllocator@@SAPEAV1@W4_POOL_TYPE@@K@Z
-  - ?CreateInstance@CMemoryPoolAllocator@@SAPEAV1@W4_POOL_TYPE@@_K1K@Z
-  - ?CreatePool@CWorkerThreadPool@@QEAAEXZ
-  - ?CreatePool@CWorkerThreadPoolEx@@QEAAEXZ
-  - ?CreateThreads@CWorkerThreadPool@@QEAAEK@Z
-  - ?CreateThreads@CWorkerThreadPoolEx@@QEAAEK@Z
-  - ?CreateWIRP@CFile@@QEAAJPEBGKKKK@Z
-  - ?Delete@CFile@@QEAAJXZ
-  - ?Delete@CFileExtension@@QEAAEPEBGK@Z
-  - ?Delete@CStrList@@QEAAEPEBG@Z
-  - ?DeleteAll@CList@@UEAAXXZ
-  - ?DeleteAll@CLockList@@UEAAXXZ
-  - ?DeleteAll@CNoLockList@@UEAAXXZ
-  - ?DeleteNode@CContextList@@MEAAXPEAX@Z
-  - ?DeleteNode@CList@@UEAAXPEAX@Z
-  - ?DeleteNode@CModuleConfigList@@MEAAXPEAX@Z
-  - ?DeleteNode@CStrList@@EEAAXPEAU_STR_LIST_NODE@1@@Z
-  - ?DisableWriteProtectFromCR0@@YAXPEAPEAX@Z
-  - ?DoIt@CWorkerThreadJob@@QEAAJXZ
-  - ?EntryPoint@CSystemThread@@KAXPEAX@Z
-  - ?Find@CContextList@@QEAAPEAVCContext@@K@Z
-  - ?Find@CContextList@@QEAAPEAVCContext@@PEAX@Z
-  - ?Find@CFileExtension@@QEAAPEAU_STR_LIST_NODE@CStrList@@PEBGK@Z
-  - ?Find@CModuleConfigList@@QEAAPEAVCModuleConfig@@K@Z
-  - ?Find@CStrList@@QEAAPEAU_STR_LIST_NODE@1@PEBG@Z
-  - ?FindNode@CContextList@@IEAAPEAXPEAX@Z
-  - ?FindPartiallyAndAllMatch@CStrList@@QEAAPEAU_STR_LIST_NODE@1@PEBG@Z
-  - ?FinishFunction@CUserFuncAdapterJob@@MEAAXXZ
-  - ?FinishIt@CWorkerThreadJob@@QEAAJXZ
-  - ?First@CList@@UEAAPEAXXZ
-  - ?First@CLockList@@UEAAPEAXXZ
-  - ?First@CNoLockList@@UEAAPEAXXZ
-  - ?Free@CMemoryAllocator@@UEAAXPEAX@Z
-  - ?Free@CMemoryPoolAllocator@@UEAAXPEAX@Z
-  - ?GetAttributes@CFile@@QEAAKXZ
-  - ?GetBasicInfomration@CFile@@IEAAJXZ
-  - ?GetBlobCofig@CContext@@UEAAJKPEAXPEAK@Z
-  - ?GetCategory@CContext@@QEAAKXZ
-  - ?GetData@CBlobConfig@@QEAAHPEAXPEAK@Z
-  - ?GetData@CModuleFileExtConfig@@QEAAHPEAGPEAK@Z
-  - ?GetData@CModuleFileExtConfig@@QEAAPEAVCFileExtension@@XZ
-  - ?GetData@CModuleFlagConfig@@QEAAKXZ
-  - ?GetData@CModuleMultiStringConfig@@QEAAHPEAGPEAK@Z
-  - ?GetData@CModuleMultiStringConfig@@QEAAPEAVCStrList@@XZ
-  - ?GetData@CModuleStringConfig@@QEAAPEAGXZ
-  - ?GetData@CStrList@@QEAAEPEAGPEAK@Z
-  - ?GetDataType@CModuleConfig@@QEAAKXZ
-  - ?GetEngineContext@CContext@@QEAAPEAXXZ
-  - ?GetFileExtensionConfig@CContext@@QEAAPEAVCFileExtension@@K@Z
-  - ?GetFileExtensionConfig@CContext@@UEAAJKPEAGPEAK@Z
-  - ?GetFileSize@CFile@@QEAAJPEAT_LARGE_INTEGER@@@Z
-  - ?GetFileSizeWIRP@CFile@@QEAAJPEAT_LARGE_INTEGER@@@Z
-  - ?GetFlagConfig@CContext@@UEAAJKPEAK@Z
-  - ?GetID@CModuleConfig@@QEAAKXZ
-  - ?GetJob@CWorkerThreadJobQueue@@QEAAPEAVCWorkerThreadJob@@XZ
-  - ?GetLength@CModuleStringConfig@@QEAAKXZ
-  - ?GetLinkContext@CContext@@QEAAPEAXXZ
-  - ?GetLogFlag@CDebugLog@@QEAAKXZ
-  - ?GetLogFlag@CDebugLogEx@@QEAAKXZ
-  - ?GetModuleId@CModuleConfig@@QEAAKXZ
-  - ?GetMultiStringConfig@CContext@@QEAAPEAVCStrList@@K@Z
-  - ?GetMultiStringConfig@CContext@@UEAAJKPEAGPEAK@Z
-  - ?GetOneThreadTEB@CWorkerThreadPool@@QEAAPEAU_ETHREAD@@XZ
-  - ?GetOneThreadTEB@CWorkerThreadPool@@QEAAPEAU_KTHREAD@@XZ
-  - ?GetOneThreadTEB@CWorkerThreadPoolEx@@QEAAPEAU_ETHREAD@@XZ
-  - ?GetOneThreadTEB@CWorkerThreadPoolEx@@QEAAPEAU_KTHREAD@@XZ
-  - ?GetReportCallBackRoutine@CContext@@QEAA_KXZ
-  - ?GetSize@CBlobConfig@@QEAAKXZ
-  - ?GetStringConfig@CContext@@QEAAPEAGK@Z
-  - ?GetStringConfig@CContext@@UEAAJKPEAGPEAK@Z
-  - ?GetThreadCount@CWorkerThreadPool@@QEAAKXZ
-  - ?GetThreadCount@CWorkerThreadPoolEx@@QEAAKXZ
-  - ?GetThreadID@CSystemThread@@QEAA_KXZ
-  - ?GetType@CContext@@QEAAKXZ
-  - ?GetUserParameter@CContext@@QEAA_KXZ
-  - ?InitProcMon@CDebugLogEx@@IEAAXXZ
-  - ?InitializeBlobConfig@CContext@@QEAAHKPEAXK@Z
-  - ?InitializeFileExtensionConfig@CContext@@QEAAHKPEBG@Z
-  - ?InitializeFlagConfig@CContext@@QEAAHKK@Z
-  - ?InitializeMultiStringConfig@CContext@@QEAAHKPEBG@Z
-  - ?InitializeStringConfig@CContext@@QEAAHKPEBG@Z
-  - ?Insert@CList@@UEAAXQEAXE@Z
-  - ?Insert@CLockList@@UEAAXQEAXE@Z
-  - ?Insert@CNoLockList@@UEAAXQEAXE@Z
-  - ?InsertAfter@CList@@UEAAXPEAX0@Z
-  - ?InsertBefore@CList@@UEAAXPEAX0@Z
-  - ?Instance@CWorkerThreadPool@@SAPEAV1@XZ
-  - ?IsEmpty@CList@@UEAAEXZ
-  - ?IsEmpty@CLockList@@UEAAEXZ
-  - ?IsEmpty@CNoLockList@@UEAAEXZ
-  - ?IsExceedLimitation@CMemoryPoolAllocator@@IEAAEK@Z
-  - ?IsFull@CLockList@@QEBAEXZ
-  - ?IsFull@CNoLockList@@QEBAEXZ
-  - ?IsInExclusionList@CExclusionExtConfig@@QEAAEPEBG@Z
-  - ?IsInExclusionList@CExclusionFileNameConfig@@QEAAEPEBG@Z
-  - ?IsInExclusionList@CExclusionFilePathConfig@@QEAAEPEBG@Z
-  - ?IsInExclusionList@CExclusionFolderConfig@@QEAAEPEBG@Z
-  - ?IsInExclusionList@CExclusionRegistryConfig@@QEAAEPEBG@Z
-  - ?IsInInclusionList@CInclusionExtConfig@@QEAAEPEBG@Z
-  - ?IsInInclusionList@CInclusionFileNameConfig@@QEAAEPEBG@Z
-  - ?IsInInclusionList@CInclusionFilePathConfig@@QEAAEPEBG@Z
-  - ?IsInInclusionList@CInclusionFolderConfig@@QEAAEPEBG@Z
-  - ?IsOpened@CFile@@QEAAEXZ
-  - ?IsTerminated@CWorkerThreadPool@@QEAAEXZ
-  - ?IsTerminated@CWorkerThreadPoolEx@@QEAAEXZ
-  - ?IsValid@CMemoryAllocator@@UEAAEXZ
-  - ?IsValid@CMemoryPoolAllocator@@UEAAEXZ
-  - ?IsValid@IMemoryAllocator@@UEAAEXZ
-  - ?IsWorkerThread@CWorkerThreadPool@@QEAAE_K@Z
-  - ?IsWorkerThread@CWorkerThreadPoolEx@@QEAAE_K@Z
-  - ?JobFunction@CUserFuncAdapterJob@@MEAAXXZ
-  - ?JobQueue@CWorkerThreadPool@@QEAAAEAVCWorkerThreadJobQueue@@XZ
-  - ?JobQueue@CWorkerThreadPoolEx@@QEAAAEAVCWorkerThreadJobQueue@@XZ
-  - ?Limit@CLockList@@QEAAKXZ
-  - ?Limit@CNoLockList@@QEAAKXZ
-  - ?MatchAllExtensions@CFileExtension@@QEAAEXZ
-  - ?MatchNoExtensions@CFileExtension@@QEAAEXZ
-  - ?MergeLeft@CMemoryPoolAllocator@@IEAAPEAXPEAX@Z
-  - ?MergeRight@CMemoryPoolAllocator@@IEAAPEAXPEAX@Z
-  - ?NeedDelete@CWorkerThreadJob@@QEAAEXZ
-  - ?NeedDeleteWhenFinish@CWorkerThreadJob@@QEAAXE@Z
-  - ?NewNode@CList@@UEAAPEAXXZ
-  - ?NewNode@CStrList@@EEAAPEAXXZ
-  - ?NewNodeVariant@CList@@IEAAPEAXK@Z
-  - ?Next@CList@@UEBAPEAXQEAX@Z
-  - ?Next@CLockList@@UEBAPEAXQEAX@Z
-  - ?Next@CNoLockList@@UEBAPEAXQEAX@Z
-  - ?NextPool@CMemoryPoolAllocator@@QEAAPEAV1@XZ
-  - ?NotityTerminate@CWorkerThread@@QEAAXXZ
-  - ?PostJobToWorkerThread@CWorkerThreadPool@@QEAAJP6AXPEAX@Z0E@Z
-  - ?PostJobToWorkerThread@CWorkerThreadPoolEx@@QEAAJP6AXPEAX@Z0E1@Z
-  - ?Pulse@CKEvent@@QEAAJJE@Z
-  - ?QueueJob@CWorkerThreadJobQueue@@QEAAEPEAVCWorkerThreadJob@@@Z
-  - ?QueueJobItem@CWorkerThreadPool@@QEAAJPEAVCWorkerThreadJob@@@Z
-  - ?QueueJobItem@CWorkerThreadPoolEx@@QEAAJPEAVCWorkerThreadJob@@@Z
-  - ?RCMInstance@CWorkerThreadPool@@SAPEAV1@XZ
-  - ?Read@CFile@@QEAAJPEADKPEAK@Z
-  - ?ReadWIRP@CFile@@QEAAJPEADKPEAK@Z
-  - ?ReferenceCount@CContext@@QEAAAEAKXZ
-  - ?Release@CLockEvent@@QEAAXXZ
-  - ?Remove@CContextList@@UEAAEQEAX@Z
-  - ?Remove@CList@@UEAAEQEAX@Z
-  - ?Remove@CLockList@@UEAAEQEAX@Z
-  - ?Remove@CNoLockList@@UEAAEQEAX@Z
-  - ?RemoveHead@CList@@UEAAPEAXXZ
-  - ?RemoveHead@CLockList@@UEAAPEAXXZ
-  - ?RemoveHead@CNoLockList@@UEAAPEAXXZ
-  - ?RemoveTail@CList@@UEAAPEAXXZ
-  - ?RemoveTail@CLockList@@UEAAPEAXXZ
-  - ?RemoveTail@CNoLockList@@UEAAPEAXXZ
-  - ?Reset@CKEvent@@QEAAXXZ
-  - ?ResetData@CInclusionExtConfig@@QEAAXXZ
-  - ?ResetData@CInclusionFileNameConfig@@QEAAXXZ
-  - ?ResetData@CInclusionFilePathConfig@@QEAAXXZ
-  - ?ResetData@CInclusionFolderConfig@@QEAAXXZ
-  - ?RestoreCR0@@YAXPEAX@Z
-  - ?Run@CAutoUpdateConfigThread@@UEAAXXZ
-  - ?Run@CDelayLoadThread@@UEAAXXZ
-  - ?Run@CWorkerThread@@UEAAXXZ
-  - ?SeekToEnd@CFile@@QEAAJXZ
-  - ?Set@CKEvent@@QEAAJJE@Z
-  - ?SetAttributes@CFile@@QEAAJK@Z
-  - ?SetBlobCofig@CContext@@UEAAJKPEAXK@Z
-  - ?SetData@CBlobConfig@@QEAAHPEAXK@Z
-  - ?SetData@CModuleFileExtConfig@@QEAAHPEBG@Z
-  - ?SetData@CModuleFlagConfig@@QEAAHK@Z
-  - ?SetData@CModuleMultiStringConfig@@QEAAHPEBGK@Z
-  - ?SetData@CModuleStringConfig@@QEAAHPEBG@Z
-  - ?SetEngineContext@CContext@@QEAAXPEAX@Z
-  - ?SetFileExtensionConfig@CContext@@UEAAJKPEBG@Z
-  - ?SetFlagConfig@CContext@@UEAAJKK@Z
-  - ?SetLinkContext@CContext@@QEAAXPEAX@Z
-  - ?SetLogFlag@CDebugLog@@QEAAEK@Z
-  - ?SetLogFlag@CDebugLogEx@@QEAAEK@Z
-  - ?SetMatchAllExtensions@CFileExtension@@QEAAXE@Z
-  - ?SetMatchNoExtensions@CFileExtension@@QEAAXE@Z
-  - ?SetMultiStringConfig@CContext@@UEAAJKPEBG@Z
-  - ?SetNewJobItemEvent@CWorkerThreadJobQueue@@QEAAXXZ
-  - ?SetPriority@CSystemThread@@QEAAXK@Z
-  - ?SetStopUse@CContext@@QEAAXXZ
-  - ?SetStringConfig@CContext@@UEAAJKPEBG@Z
-  - ?Setup@CSystemThread@@MEAAXXZ
-  - ?StopUse@CContext@@QEAAHXZ
-  - ?TearDown@CSystemThread@@MEAAXXZ
-  - ?Terminate@CSystemThread@@QEAAXE@Z
-  - ?Terminate@CWorkerThreadPool@@QEAAEXZ
-  - ?Terminate@CWorkerThreadPoolEx@@QEAAEXZ
-  - ?TmExceptionFilter@@YAJPEAU_EXCEPTION_POINTERS@@@Z
-  - ?Wait@CKEvent@@QEAAJPEAT_LARGE_INTEGER@@E@Z
-  - ?WaitFinish@CWorkerThreadJob@@QEAAXXZ
-  - ?WaitForInit@CDelayLoadThread@@QEAAEXZ
-  - ?WaitForLoad@CDelayLoadThread@@QEAAEXZ
-  - ?WaitNewJobAvailable@CWorkerThreadJobQueue@@QEAAEXZ
-  - ?WaitQueueEmpty@CWorkerThreadJobQueue@@QEAAXXZ
-  - ?Write@CDebugLog@@QEAAXPEBDZZ
-  - ?Write@CDebugLogEx@@QEAAXPEBDZZ
-  - ?Write@CFile@@QEAAJPEADKPEAT_LARGE_INTEGER@@PEAK@Z
-  - ?WriteDataToFile@CDebugLogEx@@IEAAXPEADK@Z
-  - ?WriteDataToProcMonW@CDebugLogEx@@IEAAXPEAD@Z
-  - ?WriteSystemInformation@CDebugLog@@QEAAXXZ
-  - ?WriteSystemInformation@CDebugLogEx@@QEAAXXZ
-  - ?WriteSystemStringInformation@CDebugLog@@IEAAXPEBG@Z
-  - ?WriteSystemStringInformation@CDebugLogEx@@IEAAXPEBG@Z
-  - ?WriteToFile@CDebugLog@@IEAAXPEADK@Z
-  - ?WriteToProcMonW@CDebugLogEx@@IEAAXPEAU_UNICODE_STRING@@@Z
-  - ?_pNonPagedAllocator@@3PEAVCMemoryAllocator@@EA
-  - ?_pPagedAllocator@@3PEAVCMemoryAllocator@@EA
-  - ?m_lpInstance@CWorkerThreadPool@@1PEAV1@EA
-  - ?m_lpRCMInstance@CWorkerThreadPool@@1PEAV1@EA
-  - DeInitKm2UmCommunication
-  - DeInitKmLPC
-  - DuplicateFullFileName
-  - FreeFullFileName
-  - GetKm2UmMode
-  - GetModuleInfoByAddress
-  - GetModuleInfoByModuleName
-  - InitKm2UmCommunication
-  - InitKmLPC
-  - IsVerifierCodeCheckFlagOn
-  - IsWindows8_1_update
-  - KmCallUm
-  - KmCallUmByLPC
-  - KmCallUmEx
-  - KmCleanupCommPortAPIs
-  - KmGetUmInitProcess
-  - KmSetCommPortAPIs
-  - ModGetExportProcAddress
-  - ModLoadDLLToBuffer
-  - ModLoadDLLToBufferWithImageSize
-  - ModLoadModule
-  - ModUnLoadModule
-  - NormalizeFileName
-  - NormalizeFullNtPathToDosName
-  - TmCommConfigRoutine
-  - UtilAddDeviceInDriveTable
-  - UtilAddReparsePointMapping
-  - UtilCleanFileReadOnly
-  - UtilCloseExclusiveHandle
-  - UtilCreateDosFileName
-  - UtilDeleteFileForce
-  - UtilGetDeviceObjectName
-  - UtilGetFileNameFromFileObject
-  - UtilGetFileObjectForProcessByEPROC
-  - UtilGetFileObjectFromFileName
-  - UtilGetProcessName
-  - UtilGetSystemDirectory
-  - UtilGetSystemDirectoryEx
-  - UtilGetSystemDirectoryLength
-  - UtilGetSystemTime
-  - UtilIoSetFileInfo
-  - UtilIopCreateFileIRP
-  - UtilKeGetLowFileDevice
-  - UtilModuleIATHook
-  - UtilModuleIATUnHook
-  - UtilPostJobToWorkerThread
-  - UtilQueryExclusiveHandle
-  - UtilQueryKeyValue
-  - UtilRemoveDeviceFromDriveTable
-  - UtilVolumeDeviceToDosName
-  - UtilWaitValueChangeToZero
-  - UtilWriteVersionToRegistry
-  - UtilbuildDynamicDiskMappingTable
-  - UtlWriteBinValueKeyToRegistry
-  - ValidateAddressWithSize
-  - _ResetProtectFromClose
-  - _UtilDosPathNameToNtPathName
-  ImportedFunctions:
-  - KeLeaveCriticalRegion
-  - wcsncpy
-  - KeEnterCriticalRegion
-  - ExAcquireFastMutexUnsafe
-  - wcsrchr
-  - ExAcquireResourceSharedLite
-  - ExReleaseResourceLite
-  - _purecall
-  - ZwOpenEvent
-  - ZwConnectPort
-  - KeClearEvent
-  - PsProcessType
-  - ExFreePoolWithTag
-  - RtlInitUnicodeString
-  - KeSetEvent
-  - ProbeForWrite
-  - KeUnstackDetachProcess
-  - ZwRequestWaitReplyPort
-  - ZwWaitForSingleObject
-  - DbgBreakPoint
-  - ZwSetEvent
-  - IoGetCurrentProcess
-  - ZwFreeVirtualMemory
-  - ZwClose
-  - ObfReferenceObject
-  - ObfDereferenceObject
-  - RtlUnicodeStringToInteger
-  - ZwCreateSection
-  - ObOpenObjectByPointer
-  - KeStackAttachProcess
-  - KePulseEvent
-  - ZwAllocateVirtualMemory
-  - ObGetObjectSecurity
-  - SeAccessCheck
-  - SeReleaseSubjectContext
-  - SeCaptureSubjectContext
-  - PsThreadType
-  - ObReleaseObjectSecurity
-  - PsGetProcessExitTime
-  - MmSectionObjectType
-  - DbgPrint
-  - ExDeleteResourceLite
-  - ExInitializeResourceLite
-  - ZwReadFile
-  - swprintf
-  - ZwSetInformationFile
-  - ZwCreateFile
-  - ZwQueryInformationFile
-  - ZwWriteFile
-  - _wcsnicmp
-  - towupper
-  - ExAllocatePoolWithTag
-  - KeInitializeEvent
-  - ZwCreateEvent
-  - ZwCreateKey
-  - RtlAnsiStringToUnicodeString
-  - ZwNotifyChangeKey
-  - RtlInitAnsiString
-  - _snprintf
-  - RtlFreeUnicodeString
-  - ExSystemTimeToLocalTime
-  - _vsnprintf
-  - ObReferenceObjectByHandle
-  - RtlTimeToTimeFields
-  - ZwDeviceIoControlFile
-  - PsGetCurrentThreadId
-  - PsGetCurrentProcessId
-  - KeWaitForMultipleObjects
-  - ExGetPreviousMode
-  - RtlEqualUnicodeString
-  - RtlPrefixUnicodeString
-  - RtlAppendUnicodeStringToString
-  - RtlCopyUnicodeString
-  - RtlUpcaseUnicodeChar
-  - KeWaitForSingleObject
-  - KeSetPriorityThread
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - MmIsAddressValid
-  - KeDelayExecutionThread
-  - KeNumberProcessors
-  - PsLookupProcessByProcessId
-  - PsSetCreateProcessNotifyRoutine
-  - ZwOpenDirectoryObject
-  - ZwQueryInformationProcess
-  - ZwQuerySecurityObject
-  - NtSetInformationFile
-  - ZwDeleteValueKey
-  - ZwSetValueKey
-  - ZwQuerySystemInformation
-  - NtQueryInformationFile
-  - IoFileObjectType
-  - ZwQueryValueKey
-  - ZwQueryDirectoryFile
-  - NtCreateFile
-  - ZwEnumerateValueKey
-  - RtlLengthSecurityDescriptor
-  - ZwQueryDirectoryObject
-  - ZwSetSecurityObject
-  - ZwDuplicateObject
-  - ZwOpenProcess
-  - ZwTerminateProcess
-  - ExReleaseFastMutexUnsafe
-  - ZwEnumerateKey
-  - ZwQueryKey
-  - ZwOpenKey
-  - MmSystemRangeStart
-  - _stricmp
-  - _strnicmp
-  - mbstowcs
-  - ProbeForRead
-  - RtlUpcaseUnicodeString
-  - _snwprintf
-  - ZwQuerySymbolicLinkObject
-  - ZwMapViewOfSection
-  - MmGetSystemRoutineAddress
-  - RtlAppendUnicodeToString
-  - IoCreateFile
-  - RtlQueryRegistryValues
-  - MmBuildMdlForNonPagedPool
-  - ZwOpenSymbolicLinkObject
-  - IoFreeMdl
-  - ObQueryNameString
-  - ZwUnmapViewOfSection
-  - NtClose
-  - IoFreeIrp
-  - PsGetVersion
-  - IoAllocateIrp
-  - RtlCompareMemory
-  - MmUnlockPages
-  - ZwSetInformationObject
-  - ZwOpenFile
-  - wcsncmp
-  - RtlImageNtHeader
-  - IoAllocateMdl
-  - IofCallDriver
-  - ZwQueryVolumeInformationFile
-  - ObReferenceObjectByPointer
-  - IoBuildDeviceIoControlRequest
-  - ZwOpenSection
-  - RtlSubAuthoritySid
-  - RtlLengthRequiredSid
-  - ExReleaseFastMutex
-  - ExAcquireFastMutex
-  - RtlCreateAcl
-  - RtlSetDaclSecurityDescriptor
-  - RtlAddAccessAllowedAce
-  - KeInitializeSemaphore
-  - KeReleaseSemaphore
-  - RtlInitializeSid
-  - RtlCreateSecurityDescriptor
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - IoGetDeviceObjectPointer
-  - ExEventObjectType
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - ObOpenObjectByName
-  - NtQueryInformationProcess
-  - strncpy
-  - NtOpenProcess
-  - ObInsertObject
-  - IoAcquireVpbSpinLock
-  - SeCreateAccessState
-  - IoGetFileObjectGenericMapping
-  - ObCreateObject
-  - KeAcquireQueuedSpinLock
-  - KeReleaseQueuedSpinLock
-  - IoReleaseVpbSpinLock
-  - wcschr
-  - strncat
-  - RtlUnicodeStringToAnsiString
-  - wcsncat
-  - RtlFreeAnsiString
-  - wcstombs
-  - IoGetConfigurationInformation
-  - IoRegisterPlugPlayNotification
-  - IoGetStackLimits
-  - IoBuildSynchronousFsdRequest
-  - KeReleaseSpinLock
-  - ExpInterlockedPopEntrySList
-  - FsRtlIsNameInExpression
-  - wcsstr
-  - ExAllocatePool
-  - IoUnregisterPlugPlayNotification
-  - MmProbeAndLockPages
-  - RtlCompareUnicodeString
-  - IoGetDeviceInterfaces
-  - KeAcquireSpinLockRaiseToDpc
-  - KeBugCheckEx
-  - IoCreateDevice
-  - IoDeviceObjectType
-  - SeCaptureSecurityDescriptor
-  - RtlAbsoluteToSelfRelativeSD
-  - IoIsWdmVersionAvailable
-  - SeExports
-  - RtlLengthSid
-  - RtlGetSaclSecurityDescriptor
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - ZwDeleteKey
-  - ExAcquireResourceExclusiveLite
-  - __C_specific_handler
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=TW, L=Taipei, O=Trend Micro, Inc., CN=Trend Micro, Inc.
-      ValidFrom: '2018-05-22 00:00:00'
-      ValidTo: '2019-07-16 23:59:59'
-      Signature: f51f3f5ad8cfb51aee3156e1761cf440c448eda8ccacbc48cda1a43f3478a66508bf41a9080e901c134a5d067db2b1175f7352e2b1212a89b0860a46d610412556c2edc049b661d682b418501a89b1e8334ef89be22cc41286eb88be9d529466c5f7455be0a55046c78a77c839524125351d8468b822584925a1466f81e631794b8bfb9f3844b8249cfa8b4fc5ab102cfe61dc182a24fcd1eb15043d98615a5fe574a64af3c9f83621fd4f74be0cce77fa3a7fc5d17b07bbbb034163dbc573be495ebc59b7ea9f4bfde65cb16125195ac4cf2d9d4a50c8c3bcf120cd3b26a5194c0672dd1349fe432df6c6afcc4f82700df8f899dbf035a70c8b294466bf3ae6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 60d927b542b7d1147fb2f0c4b9c1bbb2
-      Version: 3
-      TBS:
-        MD5: 869d63236005004b14196f1446676514
-        SHA1: 5ab0ae52f86a1af51af5a3421d581cc4899f1ccf
-        SHA256: 55c2a996787daba322e26cfeb97216d96f9b0d12fd89b075c3a544f31c9930bd
-        SHA384: 1799b5cca24b4a3007253673705c146a5f8bb1fddf90d567096825eb269e24bb269b73873c48fc371dc7354fb5fdf48e
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 60d927b542b7d1147fb2f0c4b9c1bbb2
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 10609f326d2f94c82a36fc64676533d8
-    SHA1: 2a6eaf986eff3455a32fb6a20ceb7c3ffe70bf41
-    SHA256: b61ea91d46738a0387b4bbfb7c154f3a1881c8cab9360fd8eb85e1dd8c5d386c
-  Sections:
-    .text:
-      Entropy: 6.439439842109969
-      Virtual Size: '0x37a64'
-    .rdata:
-      Entropy: 3.491900069223922
-      Virtual Size: '0x652c'
-    .data:
-      Entropy: 2.985170552740368
-      Virtual Size: '0x3368'
-    .pdata:
-      Entropy: 5.427305321577433
-      Virtual Size: '0x26d0'
-    PAGE:
-      Entropy: 6.21670690194111
-      Virtual Size: '0x19f7'
-    .edata:
-      Entropy: 5.839278075199654
-      Virtual Size: '0x57c1'
-    INIT:
-      Entropy: 5.253186423913903
-      Virtual Size: '0x184e'
-    .rsrc:
-      Entropy: 3.3743739268039503
-      Virtual Size: '0x568'
-    .reloc:
-      Entropy: 4.092946145413326
-      Virtual Size: '0x7f6'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2019-04-26 02:43:26'
-  Imphash: 3ac083b0ee2b752436a8a1532179f032
-  LoadsDespiteHVCI: 'FALSE'
-Tags:
-- TmComm.sys
+-   Filename: TmComm.sys
+    MD5: 34686a4b10f239d781772e9e94486c1a
+    SHA1: 8a922499f7a1b978555b46c30f90de1339760c74
+    SHA256: 0909005d625866ef8ccd8ae8af5745a469f4f70561b644d6e38b80bccb53eb06
+    Authentihash:
+        MD5: ebd5f8589975be817ecd3c281055d4a7
+        SHA1: ebd74b4fecfb48c28cdf11f123e0364c9e9852ea
+        SHA256: 66539655171ddff02d8134241c58a53de3faa6467db7be14131e04b99ef33cee
+    Description: TrendMicro Common Module
+    Company: Trend Micro Inc.
+    InternalName: TmComm.sys
+    OriginalFilename: TmComm.sys
+    FileVersion: 6.70.0.1106
+    Product: Trend Micro Eyes
+    ProductVersion: '6.70'
+    Copyright: Copyright  (C)  2017 Trend Micro Incorporated. All rights reserved.
+    MachineType: I386
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    - CLASSPNP.SYS
+    ExportedFunctions:
+    - ??0CAutoUpdateConfigThread@@QAE@ABV0@@Z
+    - ??0CAutoUpdateConfigThread@@QAE@PAU_UNICODE_STRING@@P6GX0PAX@Z1@Z
+    - ??0CBlobConfig@@QAE@ABV0@@Z
+    - ??0CBlobConfig@@QAE@K@Z
+    - ??0CContext@@QAE@ABV0@@Z
+    - ??0CContext@@QAE@KP6GJPAU_EVENT_REPORT@@PAXPAU_TMCE_REPORT@@PAU_TMCE_FEEDBACK@@@Z1K@Z
+    - ??0CContextList@@QAE@ABV0@@Z
+    - ??0CContextList@@QAE@KPAVIMemoryAllocator@@@Z
+    - ??0CDebugLog@@QAE@ABV0@@Z
+    - ??0CDebugLog@@QAE@PBG@Z
+    - ??0CDebugLogEx@@QAE@ABV0@@Z
+    - ??0CDebugLogEx@@QAE@K@Z
+    - ??0CDelayLoadThread@@QAE@ABV0@@Z
+    - ??0CDelayLoadThread@@QAE@XZ
+    - ??0CExclusionExtConfig@@QAE@ABV0@@Z
+    - ??0CExclusionExtConfig@@QAE@KKE@Z
+    - ??0CExclusionFileNameConfig@@QAE@ABV0@@Z
+    - ??0CExclusionFileNameConfig@@QAE@KK@Z
+    - ??0CExclusionFilePathConfig@@QAE@ABV0@@Z
+    - ??0CExclusionFilePathConfig@@QAE@KK@Z
+    - ??0CExclusionFolderConfig@@QAE@ABV0@@Z
+    - ??0CExclusionFolderConfig@@QAE@KK@Z
+    - ??0CExclusionRegistryConfig@@QAE@ABV0@@Z
+    - ??0CExclusionRegistryConfig@@QAE@KK@Z
+    - ??0CFile@@QAE@ABV0@@Z
+    - ??0CFile@@QAE@E@Z
+    - ??0CFileExtension@@QAE@ABV0@@Z
+    - ??0CFileExtension@@QAE@KEEPAVIMemoryAllocator@@@Z
+    - ??0CInclusionExtConfig@@QAE@ABV0@@Z
+    - ??0CInclusionExtConfig@@QAE@KKE@Z
+    - ??0CInclusionFileNameConfig@@QAE@ABV0@@Z
+    - ??0CInclusionFileNameConfig@@QAE@KK@Z
+    - ??0CInclusionFilePathConfig@@QAE@ABV0@@Z
+    - ??0CInclusionFilePathConfig@@QAE@KK@Z
+    - ??0CInclusionFolderConfig@@QAE@ABV0@@Z
+    - ??0CInclusionFolderConfig@@QAE@KK@Z
+    - ??0CKEvent@@QAE@ABV0@@Z
+    - ??0CKEvent@@QAE@W4_EVENT_TYPE@@E@Z
+    - ??0CList@@QAE@ABV0@@Z
+    - ??0CList@@QAE@KPAVIMemoryAllocator@@@Z
+    - ??0CLockEvent@@QAE@ABV0@@Z
+    - ??0CLockEvent@@QAE@XZ
+    - ??0CLockList@@QAE@ABV0@@Z
+    - ??0CLockList@@QAE@KKPAVIMemoryAllocator@@@Z
+    - ??0CMemoryAllocator@@IAE@W4_POOL_TYPE@@K@Z
+    - ??0CMemoryAllocator@@QAE@ABV0@@Z
+    - ??0CMemoryPoolAllocator@@IAE@W4_POOL_TYPE@@KKK@Z
+    - ??0CMemoryPoolAllocator@@QAE@ABV0@@Z
+    - ??0CModuleConfig@@QAE@ABV0@@Z
+    - ??0CModuleConfig@@QAE@XZ
+    - ??0CModuleConfigList@@QAE@ABV0@@Z
+    - ??0CModuleConfigList@@QAE@KPAVIMemoryAllocator@@@Z
+    - ??0CModuleFileExtConfig@@QAE@ABV0@@Z
+    - ??0CModuleFileExtConfig@@QAE@KKE@Z
+    - ??0CModuleFlagConfig@@QAE@ABV0@@Z
+    - ??0CModuleFlagConfig@@QAE@K@Z
+    - ??0CModuleMultiStringConfig@@QAE@ABV0@@Z
+    - ??0CModuleMultiStringConfig@@QAE@KK@Z
+    - ??0CModuleStringConfig@@QAE@ABV0@@Z
+    - ??0CModuleStringConfig@@QAE@K@Z
+    - ??0CNoLockList@@QAE@ABV0@@Z
+    - ??0CNoLockList@@QAE@KKPAVIMemoryAllocator@@@Z
+    - ??0CSmartLock@@QAE@AAVCLockEvent@@@Z
+    - ??0CSmartLock@@QAE@XZ
+    - ??0CSmartReference@@QAE@AAJ@Z
+    - ??0CSmartReference@@QAE@AAK@Z
+    - ??0CSmartResource@@QAE@AAVCResource@@E@Z
+    - ??0CStrList@@QAE@ABV0@@Z
+    - ??0CStrList@@QAE@KPAVIMemoryAllocator@@@Z
+    - ??0CSystemThread@@QAE@ABV0@@Z
+    - ??0CSystemThread@@QAE@K@Z
+    - ??0CUserFuncAdapterJob@@QAE@ABV0@@Z
+    - ??0CUserFuncAdapterJob@@QAE@P6GXPAX@Z01@Z
+    - ??0CWorkerThread@@IAE@PAVCWorkerThreadJobQueue@@@Z
+    - ??0CWorkerThread@@QAE@ABV0@@Z
+    - ??0CWorkerThreadJob@@QAE@ABV0@@Z
+    - ??0CWorkerThreadJob@@QAE@E@Z
+    - ??0CWorkerThreadJobQueue@@QAE@ABV0@@Z
+    - ??0CWorkerThreadJobQueue@@QAE@K@Z
+    - ??0CWorkerThreadPool@@QAE@ABV0@@Z
+    - ??0CWorkerThreadPool@@QAE@K@Z
+    - ??0CWorkerThreadPoolEx@@QAE@ABV0@@Z
+    - ??0CWorkerThreadPoolEx@@QAE@KK@Z
+    - ??0IMemoryAllocator@@QAE@ABV0@@Z
+    - ??0IMemoryAllocator@@QAE@XZ
+    - ??1CAutoUpdateConfigThread@@UAE@XZ
+    - ??1CBlobConfig@@UAE@XZ
+    - ??1CContext@@UAE@XZ
+    - ??1CContextList@@UAE@XZ
+    - ??1CDebugLog@@UAE@XZ
+    - ??1CDebugLogEx@@UAE@XZ
+    - ??1CDelayLoadThread@@UAE@XZ
+    - ??1CExclusionExtConfig@@UAE@XZ
+    - ??1CExclusionFileNameConfig@@UAE@XZ
+    - ??1CExclusionFilePathConfig@@UAE@XZ
+    - ??1CExclusionFolderConfig@@UAE@XZ
+    - ??1CExclusionRegistryConfig@@UAE@XZ
+    - ??1CFile@@UAE@XZ
+    - ??1CFileExtension@@UAE@XZ
+    - ??1CInclusionExtConfig@@UAE@XZ
+    - ??1CInclusionFileNameConfig@@UAE@XZ
+    - ??1CInclusionFilePathConfig@@UAE@XZ
+    - ??1CInclusionFolderConfig@@UAE@XZ
+    - ??1CKEvent@@UAE@XZ
+    - ??1CList@@UAE@XZ
+    - ??1CLockEvent@@UAE@XZ
+    - ??1CLockList@@UAE@XZ
+    - ??1CMemoryAllocator@@UAE@XZ
+    - ??1CMemoryPoolAllocator@@UAE@XZ
+    - ??1CModuleConfig@@UAE@XZ
+    - ??1CModuleConfigList@@UAE@XZ
+    - ??1CModuleFileExtConfig@@UAE@XZ
+    - ??1CModuleFlagConfig@@UAE@XZ
+    - ??1CModuleMultiStringConfig@@UAE@XZ
+    - ??1CModuleStringConfig@@UAE@XZ
+    - ??1CNoLockList@@UAE@XZ
+    - ??1CSmartLock@@QAE@XZ
+    - ??1CSmartReference@@QAE@XZ
+    - ??1CSmartResource@@QAE@XZ
+    - ??1CStrList@@UAE@XZ
+    - ??1CSystemThread@@UAE@XZ
+    - ??1CUserFuncAdapterJob@@UAE@XZ
+    - ??1CWorkerThread@@UAE@XZ
+    - ??1CWorkerThreadJob@@UAE@XZ
+    - ??1CWorkerThreadJobQueue@@UAE@XZ
+    - ??1CWorkerThreadPool@@UAE@XZ
+    - ??1CWorkerThreadPoolEx@@UAE@XZ
+    - ??1IMemoryAllocator@@UAE@XZ
+    - ??2@YAPAXIPAVIMemoryAllocator@@PBDK@Z
+    - ??2CMemoryAllocator@@SGPAXI@Z
+    - ??2CMemoryPoolAllocator@@SGPAXI@Z
+    - ??3@YAXPAX@Z
+    - ??3IMemoryAllocator@@SGXPAX@Z
+    - ??4CAutoUpdateConfigThread@@QAEAAV0@ABV0@@Z
+    - ??4CBlobConfig@@QAEAAV0@ABV0@@Z
+    - ??4CContext@@QAEAAV0@ABV0@@Z
+    - ??4CDebugLog@@QAEAAV0@ABV0@@Z
+    - ??4CDebugLogEx@@QAEAAV0@ABV0@@Z
+    - ??4CDelayLoadThread@@QAEAAV0@ABV0@@Z
+    - ??4CFile@@QAEAAV0@ABV0@@Z
+    - ??4CKEvent@@QAEAAV0@ABV0@@Z
+    - ??4CLockEvent@@QAEAAV0@ABV0@@Z
+    - ??4CMemoryAllocator@@QAEAAV0@ABV0@@Z
+    - ??4CMemoryPoolAllocator@@QAEAAV0@ABV0@@Z
+    - ??4CModuleConfig@@QAEAAV0@ABV0@@Z
+    - ??4CModuleFlagConfig@@QAEAAV0@ABV0@@Z
+    - ??4CModuleStringConfig@@QAEAAV0@ABV0@@Z
+    - ??4CSmartLock@@QAEAAV0@ABV0@@Z
+    - ??4CSmartLock@@QAEABV0@AAVCLockEvent@@@Z
+    - ??4CSmartResource@@QAEAAV0@ABV0@@Z
+    - ??4CSystemThread@@QAEAAV0@ABV0@@Z
+    - ??4CUserFuncAdapterJob@@QAEAAV0@ABV0@@Z
+    - ??4CWorkerThread@@QAEAAV0@ABV0@@Z
+    - ??4CWorkerThreadJob@@QAEAAV0@ABV0@@Z
+    - ??4IMemoryAllocator@@QAEAAV0@ABV0@@Z
+    - ??_7CAutoUpdateConfigThread@@6B@
+    - ??_7CBlobConfig@@6B@
+    - ??_7CContext@@6B@
+    - ??_7CContextList@@6B@
+    - ??_7CDebugLog@@6B@
+    - ??_7CDebugLogEx@@6B@
+    - ??_7CDelayLoadThread@@6B@
+    - ??_7CExclusionExtConfig@@6B@
+    - ??_7CExclusionFileNameConfig@@6B@
+    - ??_7CExclusionFilePathConfig@@6B@
+    - ??_7CExclusionFolderConfig@@6B@
+    - ??_7CExclusionRegistryConfig@@6B@
+    - ??_7CFile@@6B@
+    - ??_7CFileExtension@@6B@
+    - ??_7CInclusionExtConfig@@6B@
+    - ??_7CInclusionFileNameConfig@@6B@
+    - ??_7CInclusionFilePathConfig@@6B@
+    - ??_7CInclusionFolderConfig@@6B@
+    - ??_7CKEvent@@6B@
+    - ??_7CList@@6B@
+    - ??_7CLockEvent@@6B@
+    - ??_7CLockList@@6B@
+    - ??_7CMemoryAllocator@@6B@
+    - ??_7CMemoryPoolAllocator@@6B@
+    - ??_7CModuleConfig@@6B@
+    - ??_7CModuleConfigList@@6B@
+    - ??_7CModuleFileExtConfig@@6B@
+    - ??_7CModuleFlagConfig@@6B@
+    - ??_7CModuleMultiStringConfig@@6B@
+    - ??_7CModuleStringConfig@@6B@
+    - ??_7CNoLockList@@6B@
+    - ??_7CStrList@@6B@
+    - ??_7CSystemThread@@6B@
+    - ??_7CUserFuncAdapterJob@@6B@
+    - ??_7CWorkerThread@@6B@
+    - ??_7CWorkerThreadJob@@6B@
+    - ??_7CWorkerThreadJobQueue@@6B@
+    - ??_7CWorkerThreadPool@@6B@
+    - ??_7CWorkerThreadPoolEx@@6B@
+    - ??_7IMemoryAllocator@@6B@
+    - ??_FCContextList@@QAEXXZ
+    - ??_FCFile@@QAEXXZ
+    - ??_FCFileExtension@@QAEXXZ
+    - ??_FCModuleConfigList@@QAEXXZ
+    - ??_FCStrList@@QAEXXZ
+    - ??_FCSystemThread@@QAEXXZ
+    - ??_FCWorkerThread@@QAEXXZ
+    - ??_FCWorkerThreadJob@@QAEXXZ
+    - ??_FCWorkerThreadJobQueue@@QAEXXZ
+    - ??_U@YAPAXIPAVIMemoryAllocator@@PBDK@Z
+    - ??_V@YAXPAX@Z
+    - ?Acquire@CLockEvent@@QAEXXZ
+    - ?Add@CContextList@@QAEEPAVCContext@@@Z
+    - ?Add@CFileExtension@@QAEEPBGK@Z
+    - ?Add@CModuleConfigList@@QAEEPAVCModuleConfig@@@Z
+    - ?Add@CStrList@@QAEEPBG@Z
+    - ?AddNode@CLockList@@UAEEQAXE@Z
+    - ?AddNode@CNoLockList@@UAEEQAXE@Z
+    - ?Alloc@CMemoryAllocator@@UAEPAXKPBDK@Z
+    - ?Alloc@CMemoryPoolAllocator@@UAEPAXKPBDK@Z
+    - ?AllocBlock@CMemoryPoolAllocator@@IAEPAXK@Z
+    - ?AttachJobQueue@CWorkerThread@@QAEXPAVCWorkerThreadJobQueue@@@Z
+    - ?Cancel@CWorkerThreadJob@@QAEXXZ
+    - ?CheckNode@CLockList@@UAEHQAX@Z
+    - ?CheckNode@CNoLockList@@UAEHQAX@Z
+    - ?CleanQueue@CWorkerThreadJobQueue@@QAEXXZ
+    - ?Cleanup@CBlobConfig@@AAEXXZ
+    - ?Cleanup@CModuleFileExtConfig@@IAEXXZ
+    - ?Cleanup@CModuleMultiStringConfig@@IAEXXZ
+    - ?Cleanup@CModuleStringConfig@@AAEXXZ
+    - ?Close@CFile@@QAEJXZ
+    - ?Count@CLockList@@QAEKXZ
+    - ?Count@CNoLockList@@QAEKXZ
+    - ?Create@CFile@@QAEJPBGKKKK@Z
+    - ?Create@CSystemThread@@QAEEXZ
+    - ?CreateInstance@CMemoryAllocator@@SGPAV1@W4_POOL_TYPE@@K@Z
+    - ?CreateInstance@CMemoryPoolAllocator@@SGPAV1@W4_POOL_TYPE@@KKK@Z
+    - ?CreatePool@CWorkerThreadPool@@QAEEXZ
+    - ?CreatePool@CWorkerThreadPoolEx@@QAEEXZ
+    - ?CreateThreads@CWorkerThreadPool@@QAEEK@Z
+    - ?CreateThreads@CWorkerThreadPoolEx@@QAEEK@Z
+    - ?CreateWIRP@CFile@@QAEJPBGKKKK@Z
+    - ?Delete@CFile@@QAEJXZ
+    - ?Delete@CFileExtension@@QAEEPBGK@Z
+    - ?Delete@CStrList@@QAEEPBG@Z
+    - ?DeleteAll@CList@@UAEXXZ
+    - ?DeleteAll@CLockList@@UAEXXZ
+    - ?DeleteAll@CNoLockList@@UAEXXZ
+    - ?DeleteNode@CContextList@@MAEXPAX@Z
+    - ?DeleteNode@CList@@UAEXPAX@Z
+    - ?DeleteNode@CModuleConfigList@@MAEXPAX@Z
+    - ?DeleteNode@CStrList@@EAEXPAU_STR_LIST_NODE@1@@Z
+    - ?DisableWriteProtectFromCR0@@YGXPAPAX@Z
+    - ?DoIt@CWorkerThreadJob@@QAEJXZ
+    - ?EntryPoint@CSystemThread@@KGXPAX@Z
+    - ?Find@CContextList@@QAEPAVCContext@@K@Z
+    - ?Find@CContextList@@QAEPAVCContext@@PAX@Z
+    - ?Find@CFileExtension@@QAEPAU_STR_LIST_NODE@CStrList@@PBGK@Z
+    - ?Find@CModuleConfigList@@QAEPAVCModuleConfig@@K@Z
+    - ?Find@CStrList@@QAEPAU_STR_LIST_NODE@1@PBG@Z
+    - ?FindNode@CContextList@@IAEPAXPAX@Z
+    - ?FindPartiallyAndAllMatch@CStrList@@QAEPAU_STR_LIST_NODE@1@PBG@Z
+    - ?FinishFunction@CUserFuncAdapterJob@@MAEXXZ
+    - ?FinishIt@CWorkerThreadJob@@QAEJXZ
+    - ?First@CList@@UAEPAXXZ
+    - ?First@CLockList@@UAEPAXXZ
+    - ?First@CNoLockList@@UAEPAXXZ
+    - ?Free@CMemoryAllocator@@UAEXPAX@Z
+    - ?Free@CMemoryPoolAllocator@@UAEXPAX@Z
+    - ?GetAttributes@CFile@@QAEKXZ
+    - ?GetBasicInfomration@CFile@@IAEJXZ
+    - ?GetBlobCofig@CContext@@UAEJKPAXPAK@Z
+    - ?GetCategory@CContext@@QAEKXZ
+    - ?GetData@CBlobConfig@@QAEHPAXPAK@Z
+    - ?GetData@CModuleFileExtConfig@@QAEHPAGPAK@Z
+    - ?GetData@CModuleFileExtConfig@@QAEPAVCFileExtension@@XZ
+    - ?GetData@CModuleFlagConfig@@QAEKXZ
+    - ?GetData@CModuleMultiStringConfig@@QAEHPAGPAK@Z
+    - ?GetData@CModuleMultiStringConfig@@QAEPAVCStrList@@XZ
+    - ?GetData@CModuleStringConfig@@QAEPAGXZ
+    - ?GetData@CStrList@@QAEEPAGPAK@Z
+    - ?GetDataType@CModuleConfig@@QAEKXZ
+    - ?GetEngineContext@CContext@@QAEPAXXZ
+    - ?GetFileExtensionConfig@CContext@@QAEPAVCFileExtension@@K@Z
+    - ?GetFileExtensionConfig@CContext@@UAEJKPAGPAK@Z
+    - ?GetFileSize@CFile@@QAEJPAT_LARGE_INTEGER@@@Z
+    - ?GetFileSizeWIRP@CFile@@QAEJPAT_LARGE_INTEGER@@@Z
+    - ?GetFlagConfig@CContext@@UAEJKPAK@Z
+    - ?GetID@CModuleConfig@@QAEKXZ
+    - ?GetJob@CWorkerThreadJobQueue@@QAEPAVCWorkerThreadJob@@XZ
+    - ?GetLength@CModuleStringConfig@@QAEKXZ
+    - ?GetLinkContext@CContext@@QAEPAXXZ
+    - ?GetLogFlag@CDebugLog@@QAEKXZ
+    - ?GetLogFlag@CDebugLogEx@@QAEKXZ
+    - ?GetModuleId@CModuleConfig@@QAEKXZ
+    - ?GetMultiStringConfig@CContext@@QAEPAVCStrList@@K@Z
+    - ?GetMultiStringConfig@CContext@@UAEJKPAGPAK@Z
+    - ?GetOneThreadTEB@CWorkerThreadPool@@QAEPAU_ETHREAD@@XZ
+    - ?GetOneThreadTEB@CWorkerThreadPool@@QAEPAU_KTHREAD@@XZ
+    - ?GetOneThreadTEB@CWorkerThreadPoolEx@@QAEPAU_ETHREAD@@XZ
+    - ?GetOneThreadTEB@CWorkerThreadPoolEx@@QAEPAU_KTHREAD@@XZ
+    - ?GetReportCallBackRoutine@CContext@@QAEKXZ
+    - ?GetSize@CBlobConfig@@QAEKXZ
+    - ?GetStringConfig@CContext@@QAEPAGK@Z
+    - ?GetStringConfig@CContext@@UAEJKPAGPAK@Z
+    - ?GetThreadCount@CWorkerThreadPool@@QAEKXZ
+    - ?GetThreadCount@CWorkerThreadPoolEx@@QAEKXZ
+    - ?GetThreadID@CSystemThread@@QAEKXZ
+    - ?GetType@CContext@@QAEKXZ
+    - ?GetUserParameter@CContext@@QAEKXZ
+    - ?InitProcMon@CDebugLogEx@@IAEXXZ
+    - ?InitializeBlobConfig@CContext@@QAEHKPAXK@Z
+    - ?InitializeFileExtensionConfig@CContext@@QAEHKPBG@Z
+    - ?InitializeFlagConfig@CContext@@QAEHKK@Z
+    - ?InitializeMultiStringConfig@CContext@@QAEHKPBG@Z
+    - ?InitializeStringConfig@CContext@@QAEHKPBG@Z
+    - ?Insert@CList@@UAEXQAXE@Z
+    - ?Insert@CLockList@@UAEXQAXE@Z
+    - ?Insert@CNoLockList@@UAEXQAXE@Z
+    - ?InsertAfter@CList@@UAEXPAX0@Z
+    - ?InsertBefore@CList@@UAEXPAX0@Z
+    - ?Instance@CWorkerThreadPool@@SGPAV1@XZ
+    - ?IsEmpty@CList@@UAEEXZ
+    - ?IsEmpty@CLockList@@UAEEXZ
+    - ?IsEmpty@CNoLockList@@UAEEXZ
+    - ?IsExceedLimitation@CMemoryPoolAllocator@@IAEEK@Z
+    - ?IsFull@CLockList@@QBEEXZ
+    - ?IsFull@CNoLockList@@QBEEXZ
+    - ?IsInExclusionList@CExclusionExtConfig@@QAEEPBG@Z
+    - ?IsInExclusionList@CExclusionFileNameConfig@@QAEEPBG@Z
+    - ?IsInExclusionList@CExclusionFilePathConfig@@QAEEPBG@Z
+    - ?IsInExclusionList@CExclusionFolderConfig@@QAEEPBG@Z
+    - ?IsInExclusionList@CExclusionRegistryConfig@@QAEEPBG@Z
+    - ?IsInInclusionList@CInclusionExtConfig@@QAEEPBG@Z
+    - ?IsInInclusionList@CInclusionFileNameConfig@@QAEEPBG@Z
+    - ?IsInInclusionList@CInclusionFilePathConfig@@QAEEPBG@Z
+    - ?IsInInclusionList@CInclusionFolderConfig@@QAEEPBG@Z
+    - ?IsOpened@CFile@@QAEEXZ
+    - ?IsTerminated@CWorkerThreadPool@@QAEEXZ
+    - ?IsTerminated@CWorkerThreadPoolEx@@QAEEXZ
+    - ?IsValid@CMemoryAllocator@@UAEEXZ
+    - ?IsValid@CMemoryPoolAllocator@@UAEEXZ
+    - ?IsValid@IMemoryAllocator@@UAEEXZ
+    - ?IsWorkerThread@CWorkerThreadPool@@QAEEK@Z
+    - ?IsWorkerThread@CWorkerThreadPoolEx@@QAEEK@Z
+    - ?JobFunction@CUserFuncAdapterJob@@MAEXXZ
+    - ?JobQueue@CWorkerThreadPool@@QAEAAVCWorkerThreadJobQueue@@XZ
+    - ?JobQueue@CWorkerThreadPoolEx@@QAEAAVCWorkerThreadJobQueue@@XZ
+    - ?Limit@CLockList@@QAEKXZ
+    - ?Limit@CNoLockList@@QAEKXZ
+    - ?MatchAllExtensions@CFileExtension@@QAEEXZ
+    - ?MatchNoExtensions@CFileExtension@@QAEEXZ
+    - ?MergeLeft@CMemoryPoolAllocator@@IAEPAXPAX@Z
+    - ?MergeRight@CMemoryPoolAllocator@@IAEPAXPAX@Z
+    - ?NeedDelete@CWorkerThreadJob@@QAEEXZ
+    - ?NeedDeleteWhenFinish@CWorkerThreadJob@@QAEXE@Z
+    - ?NewNode@CList@@UAEPAXXZ
+    - ?NewNode@CStrList@@EAEPAXXZ
+    - ?NewNodeVariant@CList@@IAEPAXK@Z
+    - ?Next@CList@@UBEPAXQAX@Z
+    - ?Next@CLockList@@UBEPAXQAX@Z
+    - ?Next@CNoLockList@@UBEPAXQAX@Z
+    - ?NextPool@CMemoryPoolAllocator@@QAEPAV1@XZ
+    - ?NotityTerminate@CWorkerThread@@QAEXXZ
+    - ?PostJobToWorkerThread@CWorkerThreadPool@@QAEJP6GXPAX@Z0E@Z
+    - ?PostJobToWorkerThread@CWorkerThreadPoolEx@@QAEJP6GXPAX@Z0E1@Z
+    - ?Pulse@CKEvent@@QAEJJE@Z
+    - ?QueueJob@CWorkerThreadJobQueue@@QAEEPAVCWorkerThreadJob@@@Z
+    - ?QueueJobItem@CWorkerThreadPool@@QAEJPAVCWorkerThreadJob@@@Z
+    - ?QueueJobItem@CWorkerThreadPoolEx@@QAEJPAVCWorkerThreadJob@@@Z
+    - ?RCMInstance@CWorkerThreadPool@@SGPAV1@XZ
+    - ?Read@CFile@@QAEJPADKPAK@Z
+    - ?ReadWIRP@CFile@@QAEJPADKPAK@Z
+    - ?ReferenceCount@CContext@@QAEAAKXZ
+    - ?Release@CLockEvent@@QAEXXZ
+    - ?Remove@CContextList@@UAEEQAX@Z
+    - ?Remove@CList@@UAEEQAX@Z
+    - ?Remove@CLockList@@UAEEQAX@Z
+    - ?Remove@CNoLockList@@UAEEQAX@Z
+    - ?RemoveHead@CList@@UAEPAXXZ
+    - ?RemoveHead@CLockList@@UAEPAXXZ
+    - ?RemoveHead@CNoLockList@@UAEPAXXZ
+    - ?RemoveTail@CList@@UAEPAXXZ
+    - ?RemoveTail@CLockList@@UAEPAXXZ
+    - ?RemoveTail@CNoLockList@@UAEPAXXZ
+    - ?Reset@CKEvent@@QAEXXZ
+    - ?ResetData@CInclusionExtConfig@@QAEXXZ
+    - ?ResetData@CInclusionFileNameConfig@@QAEXXZ
+    - ?ResetData@CInclusionFilePathConfig@@QAEXXZ
+    - ?ResetData@CInclusionFolderConfig@@QAEXXZ
+    - ?RestoreCR0@@YGXPAX@Z
+    - ?Run@CAutoUpdateConfigThread@@UAEXXZ
+    - ?Run@CDelayLoadThread@@UAEXXZ
+    - ?Run@CWorkerThread@@UAEXXZ
+    - ?SeekToEnd@CFile@@QAEJXZ
+    - ?Set@CKEvent@@QAEJJE@Z
+    - ?SetAttributes@CFile@@QAEJK@Z
+    - ?SetBlobCofig@CContext@@UAEJKPAXK@Z
+    - ?SetData@CBlobConfig@@QAEHPAXK@Z
+    - ?SetData@CModuleFileExtConfig@@QAEHPBG@Z
+    - ?SetData@CModuleFlagConfig@@QAEHK@Z
+    - ?SetData@CModuleMultiStringConfig@@QAEHPBGK@Z
+    - ?SetData@CModuleStringConfig@@QAEHPBG@Z
+    - ?SetEngineContext@CContext@@QAEXPAX@Z
+    - ?SetFileExtensionConfig@CContext@@UAEJKPBG@Z
+    - ?SetFlagConfig@CContext@@UAEJKK@Z
+    - ?SetLinkContext@CContext@@QAEXPAX@Z
+    - ?SetLogFlag@CDebugLog@@QAEEK@Z
+    - ?SetLogFlag@CDebugLogEx@@QAEEK@Z
+    - ?SetMatchAllExtensions@CFileExtension@@QAEXE@Z
+    - ?SetMatchNoExtensions@CFileExtension@@QAEXE@Z
+    - ?SetMultiStringConfig@CContext@@UAEJKPBG@Z
+    - ?SetNewJobItemEvent@CWorkerThreadJobQueue@@QAEXXZ
+    - ?SetPriority@CSystemThread@@QAEXK@Z
+    - ?SetStopUse@CContext@@QAEXXZ
+    - ?SetStringConfig@CContext@@UAEJKPBG@Z
+    - ?Setup@CSystemThread@@MAEXXZ
+    - ?StopUse@CContext@@QAEHXZ
+    - ?TearDown@CSystemThread@@MAEXXZ
+    - ?Terminate@CSystemThread@@QAEXE@Z
+    - ?Terminate@CWorkerThreadPool@@QAEEXZ
+    - ?Terminate@CWorkerThreadPoolEx@@QAEEXZ
+    - ?TmExceptionFilter@@YGJPAU_EXCEPTION_POINTERS@@@Z
+    - ?Wait@CKEvent@@QAEJPAT_LARGE_INTEGER@@E@Z
+    - ?WaitFinish@CWorkerThreadJob@@QAEXXZ
+    - ?WaitForInit@CDelayLoadThread@@QAEEXZ
+    - ?WaitForLoad@CDelayLoadThread@@QAEEXZ
+    - ?WaitNewJobAvailable@CWorkerThreadJobQueue@@QAEEXZ
+    - ?WaitQueueEmpty@CWorkerThreadJobQueue@@QAEXXZ
+    - ?Write@CDebugLog@@QAAXPBDZZ
+    - ?Write@CDebugLogEx@@QAAXPBDZZ
+    - ?Write@CFile@@QAEJPADKPAT_LARGE_INTEGER@@PAK@Z
+    - ?WriteDataToFile@CDebugLogEx@@IAEXPADK@Z
+    - ?WriteDataToProcMonW@CDebugLogEx@@IAEXPAD@Z
+    - ?WriteSystemInformation@CDebugLog@@QAEXXZ
+    - ?WriteSystemInformation@CDebugLogEx@@QAEXXZ
+    - ?WriteSystemStringInformation@CDebugLog@@IAEXPBG@Z
+    - ?WriteSystemStringInformation@CDebugLogEx@@IAEXPBG@Z
+    - ?WriteToFile@CDebugLog@@IAEXPADK@Z
+    - ?WriteToProcMonW@CDebugLogEx@@IAEXPAU_UNICODE_STRING@@@Z
+    - ?_pNonPagedAllocator@@3PAVCMemoryAllocator@@A
+    - ?_pPagedAllocator@@3PAVCMemoryAllocator@@A
+    - ?m_lpInstance@CWorkerThreadPool@@1PAV1@A
+    - ?m_lpRCMInstance@CWorkerThreadPool@@1PAV1@A
+    - _DeInitKm2UmCommunication@0
+    - _DeInitKmLPC@0
+    - _DuplicateFullFileName@4
+    - _FreeFullFileName@4
+    - _GetKm2UmMode@0
+    - _GetModuleInfoByAddress@8
+    - _GetModuleInfoByModuleName@8
+    - _InitKm2UmCommunication@8
+    - _InitKmLPC@0
+    - _IsVerifierCodeCheckFlagOn@0
+    - _IsWindows8_1_update@4
+    - _KmCallUm@8
+    - _KmCallUmByLPC@8
+    - _KmCallUmEx@12
+    - _KmCleanupCommPortAPIs@0
+    - _KmGetUmInitProcess@0
+    - _KmSetCommPortAPIs@4
+    - _ModGetExportProcAddress@8
+    - _ModLoadDLLToBuffer@4
+    - _ModLoadDLLToBufferWithImageSize@8
+    - _ModLoadModule@8
+    - _ModUnLoadModule@4
+    - _NormalizeFileName@4
+    - _NormalizeFullNtPathToDosName@4
+    - _TmCommConfigRoutine@4
+    - _UtilAddDeviceInDriveTable@4
+    - _UtilAddReparsePointMapping@8
+    - _UtilCleanFileReadOnly@4
+    - _UtilCloseExclusiveHandle@12
+    - _UtilCreateDosFileName@8
+    - _UtilDeleteFileForce@4
+    - _UtilGetDeviceObjectName@8
+    - _UtilGetFileNameFromFileObject@4
+    - _UtilGetFileObjectForProcessByEPROC@8
+    - _UtilGetFileObjectFromFileName@12
+    - _UtilGetProcessName@12
+    - _UtilGetSystemDirectory@4
+    - _UtilGetSystemDirectoryEx@0
+    - _UtilGetSystemDirectoryLength@0
+    - _UtilGetSystemTime@4
+    - _UtilIoSetFileInfo@24
+    - _UtilIopCreateFileIRP@40
+    - _UtilKeGetLowFileDevice@16
+    - _UtilModuleIATHook@24
+    - _UtilModuleIATUnHook@8
+    - _UtilPostJobToWorkerThread@12
+    - _UtilQueryExclusiveHandle@12
+    - _UtilQueryKeyValue@24
+    - _UtilRemoveDeviceFromDriveTable@4
+    - _UtilVolumeDeviceToDosName@8
+    - _UtilWaitValueChangeToZero@8
+    - _UtilWriteVersionToRegistry@8
+    - _UtilbuildDynamicDiskMappingTable@0
+    - _UtlWriteBinValueKeyToRegistry@16
+    - _ValidateAddressWithSize@20
+    - __ResetProtectFromClose@4
+    - __UtilDosPathNameToNtPathName@12
+    ImportedFunctions:
+    - wcsrchr
+    - KeSetEvent
+    - KePulseEvent
+    - KeClearEvent
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - ObfDereferenceObject
+    - ZwSetEvent
+    - ZwClose
+    - ZwConnectPort
+    - RtlInitUnicodeString
+    - RtlUnicodeStringToInteger
+    - ZwCreateSection
+    - ZwWaitForSingleObject
+    - ZwOpenEvent
+    - IoGetCurrentProcess
+    - ObfReferenceObject
+    - DbgBreakPoint
+    - ZwRequestWaitReplyPort
+    - ExFreePoolWithTag
+    - ProbeForWrite
+    - ZwFreeVirtualMemory
+    - ZwAllocateVirtualMemory
+    - ObOpenObjectByPointer
+    - PsProcessType
+    - memmove
+    - PsGetProcessExitTime
+    - MmSectionObjectType
+    - PsThreadType
+    - ObReleaseObjectSecurity
+    - SeReleaseSubjectContext
+    - SeAccessCheck
+    - SeCaptureSubjectContext
+    - ObGetObjectSecurity
+    - DbgPrint
+    - memset
+    - MmIsAddressValid
+    - ExInitializeResourceLite
+    - ExDeleteResourceLite
+    - ZwWriteFile
+    - ZwReadFile
+    - ZwQueryInformationFile
+    - ZwSetInformationFile
+    - ZwCreateFile
+    - swprintf
+    - towupper
+    - _wcsnicmp
+    - ExAllocatePoolWithTag
+    - KeInitializeEvent
+    - _snprintf
+    - PsGetCurrentProcessId
+    - RtlTimeToTimeFields
+    - ExSystemTimeToLocalTime
+    - KeQuerySystemTime
+    - PsGetCurrentThreadId
+    - RtlInitAnsiString
+    - ZwDeviceIoControlFile
+    - ZwCreateKey
+    - ZwCreateEvent
+    - KeWaitForMultipleObjects
+    - ObReferenceObjectByHandle
+    - ZwNotifyChangeKey
+    - _vsnprintf
+    - RtlFreeUnicodeString
+    - RtlAnsiStringToUnicodeString
+    - RtlEqualUnicodeString
+    - RtlAppendUnicodeStringToString
+    - RtlCopyUnicodeString
+    - RtlUpcaseUnicodeChar
+    - ExGetPreviousMode
+    - KeWaitForSingleObject
+    - KeSetPriorityThread
+    - PsTerminateSystemThread
+    - PsCreateSystemThread
+    - KeDelayExecutionThread
+    - KeNumberProcessors
+    - ZwQueryInformationProcess
+    - PsLookupProcessByProcessId
+    - ZwOpenDirectoryObject
+    - PsSetCreateProcessNotifyRoutine
+    - ZwQuerySystemInformation
+    - ZwQueryDirectoryFile
+    - ZwQueryDirectoryObject
+    - ZwOpenKey
+    - ZwEnumerateKey
+    - ZwEnumerateValueKey
+    - ZwQueryValueKey
+    - ZwDeleteValueKey
+    - ZwDeleteKey
+    - ZwTerminateProcess
+    - ZwOpenProcess
+    - ZwQueryKey
+    - ZwSetValueKey
+    - IoFileObjectType
+    - _allrem
+    - ZwQuerySecurityObject
+    - memcpy
+    - RtlLengthSecurityDescriptor
+    - MmHighestUserAddress
+    - IoFreeIrp
+    - IoFreeMdl
+    - _purecall
+    - IoBuildAsynchronousFsdRequest
+    - _strnicmp
+    - RtlQueryRegistryValues
+    - RtlAppendUnicodeToString
+    - mbstowcs
+    - ZwQuerySymbolicLinkObject
+    - ZwOpenSymbolicLinkObject
+    - NtClose
+    - ObQueryNameString
+    - MmGetSystemRoutineAddress
+    - ZwSetInformationObject
+    - _stricmp
+    - ZwUnmapViewOfSection
+    - ZwMapViewOfSection
+    - ZwOpenFile
+    - IoCreateFile
+    - IofCallDriver
+    - IoAllocateIrp
+    - MmBuildMdlForNonPagedPool
+    - IoAllocateMdl
+    - ProbeForRead
+    - PsGetVersion
+    - RtlImageNtHeader
+    - RtlCompareMemory
+    - RtlUpcaseUnicodeString
+    - _snwprintf
+    - MmSystemRangeStart
+    - wcsncmp
+    - strrchr
+    - ZwQueryVolumeInformationFile
+    - ObReferenceObjectByPointer
+    - IoBuildDeviceIoControlRequest
+    - ZwOpenSection
+    - _allmul
+    - KeReleaseSemaphore
+    - RtlLengthRequiredSid
+    - RtlInitializeSid
+    - RtlSubAuthoritySid
+    - RtlSetDaclSecurityDescriptor
+    - RtlCreateSecurityDescriptor
+    - RtlAddAccessAllowedAce
+    - RtlCreateAcl
+    - KeInitializeSemaphore
+    - IofCompleteRequest
+    - ExEventObjectType
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - IoCreateSymbolicLink
+    - IoGetDeviceObjectPointer
+    - RtlUpperChar
+    - ObReferenceObjectByName
+    - IoDriverObjectType
+    - RtlCompareUnicodeString
+    - strncpy
+    - KeServiceDescriptorTable
+    - NtOpenProcess
+    - ObOpenObjectByName
+    - NtQueryInformationProcess
+    - PsIsThreadTerminating
+    - KeAddSystemServiceTable
+    - ZwFsControlFile
+    - ObInsertObject
+    - IoReleaseVpbSpinLock
+    - IoAcquireVpbSpinLock
+    - SeCreateAccessState
+    - IoGetFileObjectGenericMapping
+    - ObCreateObject
+    - _allshr
+    - ExInterlockedPopEntrySList
+    - IoGetStackLimits
+    - IoBuildSynchronousFsdRequest
+    - wcsstr
+    - IoUnregisterPlugPlayNotification
+    - FsRtlIsNameInExpression
+    - IoGetConfigurationInformation
+    - MmProbeAndLockPages
+    - IoGetDeviceInterfaces
+    - IoRegisterPlugPlayNotification
+    - ExAllocatePool
+    - RtlFreeAnsiString
+    - RtlUnicodeStringToAnsiString
+    - strncat
+    - wcschr
+    - wcsncat
+    - wcstombs
+    - KeTickCount
+    - KeBugCheckEx
+    - RtlUnwind
+    - wcsncpy
+    - ExReleaseResourceLite
+    - ExAcquireResourceExclusiveLite
+    - ExAcquireResourceSharedLite
+    - ExReleaseFastMutexUnsafe
+    - KeLeaveCriticalRegion
+    - KeEnterCriticalRegion
+    - ZwSetSecurityObject
+    - ExAcquireFastMutexUnsafe
+    - IoDeviceObjectType
+    - IoCreateDevice
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetSaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - SeExports
+    - IoIsWdmVersionAvailable
+    - RtlLengthSid
+    - RtlAbsoluteToSelfRelativeSD
+    - MmUnlockPages
+    - KeGetCurrentThread
+    - KfAcquireSpinLock
+    - KfReleaseSpinLock
+    - KeRaiseIrqlToDpcLevel
+    - KfLowerIrql
+    - ExAcquireFastMutex
+    - ExReleaseFastMutex
+    - KeGetCurrentIrql
+    - KfRaiseIrql
+    - ClassInitialize
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=TW, ST=Taiwan, L=Taipei, O=Trend Micro, Inc., CN=Trend Micro,
+                Inc.
+            ValidFrom: '2017-04-27 00:00:00'
+            ValidTo: '2018-07-16 23:59:59'
+            Signature: f3b20c020c826fd9e2629408ffc97c9e245959d1050c9ce7708069d366d26af191812e16fce674eaca0d8f05b2a796280831737299800d2bfe0071efecf655117b7952a4d7c0701b97de034a1d42e928fd1a2082b081f9d22e9d39af3233cf05c1e61ae1f8fbfec872e78d9a0b29b4f147f1a053d1757a824601df2bb07c75c591fe7efbaf0021764b90cd446f85f80d14bc2cd42c83edfa7d2510f8f94c82d1b3ea999b1cff9093291977c7e996dc32904d3934f167077684ff76aa5327654a0bd7223d9d67657b47c5b46012dca6723d89e7fa051b3380d0c4977b9df537e75da3186ab149b27c089715a01bd695f408f7ded66bfbe920d27a6f6a7d4cc8b3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 497c4fad471540e6e453d0cafb155740
+            Version: 3
+            TBS:
+                MD5: 78eaa337666217b1c16a9a0ebd0b8434
+                SHA1: ff9cb835e78f6185eed4372096c3bae53b17d18d
+                SHA256: 1c0d9746725e176b4a7c2852878f14d7587f58e65d346bc1247f1c8ee6374250
+                SHA384: ffe3c75b860679a5de399c7d2c2844dbfac51d5d8581e24648d208daba1e4bed5c867808e02dc8d7cb3df1d4b2b53d10
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 497c4fad471540e6e453d0cafb155740
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 5b33b237bab6e0b50320054616983177
+        SHA1: 754c63349a54279bb01f24974f9faf6da8294d27
+        SHA256: 001d9e469d2c4160f8fbff1c0aee013e72881cffb568910a2c1473a17bf858b2
+    Sections:
+        .text:
+            Entropy: 6.662649939393341
+            Virtual Size: '0x38f22'
+        .rdata:
+            Entropy: 4.963258624077191
+            Virtual Size: '0x248c'
+        .data:
+            Entropy: 3.9418695125202508
+            Virtual Size: '0x34e8'
+        PAGE:
+            Entropy: 6.28472017483133
+            Virtual Size: '0x13dd'
+        .edata:
+            Entropy: 5.824573239851714
+            Virtual Size: '0x55d9'
+        INIT:
+            Entropy: 5.686422415916716
+            Virtual Size: '0x1676'
+        .rsrc:
+            Entropy: 3.3664663839402515
+            Virtual Size: '0x568'
+        .reloc:
+            Entropy: 6.584816287075715
+            Virtual Size: '0x368a'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2017-10-16 04:19:20'
+    Imphash: 383be1d728b0be96be1b810a131705ee
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: TmComm.sys
+    MD5: 28d6b138adc174a86c0f6248d8a88275
+    SHA1: 8ac5703e67c3e6e0585cb8dbb86d196c5362f9bb
+    SHA256: 12eda8b65ed8c1d80464a0c535ea099dffdb4981c134294cb0fa424efc85ee56
+    Authentihash:
+        MD5: 53dc04de7603508de1788cc4cfcbf35f
+        SHA1: b9b4d64e4c97b88e7258994f542c0ac84e934554
+        SHA256: cf0855a8517be550b08a981bfacf90f245791cd70620868a241f1b1e2d8dfd89
+    Description: TrendMicro Common Module
+    Company: Trend Micro Inc.
+    InternalName: TmComm.sys
+    OriginalFilename: TmComm.sys
+    FileVersion: 6.70.0.1121
+    Product: Trend Micro Eyes
+    ProductVersion: '6.70'
+    Copyright: Copyright  (C)  2019 Trend Micro Incorporated. All rights reserved.
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions:
+    - ??0CAutoUpdateConfigThread@@QEAA@AEBV0@@Z
+    - ??0CAutoUpdateConfigThread@@QEAA@PEAU_UNICODE_STRING@@P6AX0PEAX@Z1@Z
+    - ??0CBlobConfig@@QEAA@AEBV0@@Z
+    - ??0CBlobConfig@@QEAA@K@Z
+    - ??0CContext@@QEAA@AEBV0@@Z
+    - ??0CContext@@QEAA@KP6AJPEAU_EVENT_REPORT@@PEAXPEAU_TMCE_REPORT@@PEAU_TMCE_FEEDBACK@@@Z1K@Z
+    - ??0CContextList@@QEAA@AEBV0@@Z
+    - ??0CContextList@@QEAA@KPEAVIMemoryAllocator@@@Z
+    - ??0CDebugLog@@QEAA@AEBV0@@Z
+    - ??0CDebugLog@@QEAA@PEBG@Z
+    - ??0CDebugLogEx@@QEAA@AEBV0@@Z
+    - ??0CDebugLogEx@@QEAA@K@Z
+    - ??0CDelayLoadThread@@QEAA@AEBV0@@Z
+    - ??0CDelayLoadThread@@QEAA@XZ
+    - ??0CExclusionExtConfig@@QEAA@AEBV0@@Z
+    - ??0CExclusionExtConfig@@QEAA@KKE@Z
+    - ??0CExclusionFileNameConfig@@QEAA@AEBV0@@Z
+    - ??0CExclusionFileNameConfig@@QEAA@KK@Z
+    - ??0CExclusionFilePathConfig@@QEAA@AEBV0@@Z
+    - ??0CExclusionFilePathConfig@@QEAA@KK@Z
+    - ??0CExclusionFolderConfig@@QEAA@AEBV0@@Z
+    - ??0CExclusionFolderConfig@@QEAA@KK@Z
+    - ??0CExclusionRegistryConfig@@QEAA@AEBV0@@Z
+    - ??0CExclusionRegistryConfig@@QEAA@KK@Z
+    - ??0CFile@@QEAA@AEBV0@@Z
+    - ??0CFile@@QEAA@E@Z
+    - ??0CFileExtension@@QEAA@AEBV0@@Z
+    - ??0CFileExtension@@QEAA@KEEPEAVIMemoryAllocator@@@Z
+    - ??0CInclusionExtConfig@@QEAA@AEBV0@@Z
+    - ??0CInclusionExtConfig@@QEAA@KKE@Z
+    - ??0CInclusionFileNameConfig@@QEAA@AEBV0@@Z
+    - ??0CInclusionFileNameConfig@@QEAA@KK@Z
+    - ??0CInclusionFilePathConfig@@QEAA@AEBV0@@Z
+    - ??0CInclusionFilePathConfig@@QEAA@KK@Z
+    - ??0CInclusionFolderConfig@@QEAA@AEBV0@@Z
+    - ??0CInclusionFolderConfig@@QEAA@KK@Z
+    - ??0CKEvent@@QEAA@AEBV0@@Z
+    - ??0CKEvent@@QEAA@W4_EVENT_TYPE@@E@Z
+    - ??0CList@@QEAA@AEBV0@@Z
+    - ??0CList@@QEAA@KPEAVIMemoryAllocator@@@Z
+    - ??0CLockEvent@@QEAA@AEBV0@@Z
+    - ??0CLockEvent@@QEAA@XZ
+    - ??0CLockList@@QEAA@AEBV0@@Z
+    - ??0CLockList@@QEAA@KKPEAVIMemoryAllocator@@@Z
+    - ??0CMemoryAllocator@@IEAA@W4_POOL_TYPE@@K@Z
+    - ??0CMemoryAllocator@@QEAA@AEBV0@@Z
+    - ??0CMemoryPoolAllocator@@IEAA@W4_POOL_TYPE@@_K1K@Z
+    - ??0CMemoryPoolAllocator@@QEAA@AEBV0@@Z
+    - ??0CModuleConfig@@QEAA@AEBV0@@Z
+    - ??0CModuleConfig@@QEAA@XZ
+    - ??0CModuleConfigList@@QEAA@AEBV0@@Z
+    - ??0CModuleConfigList@@QEAA@KPEAVIMemoryAllocator@@@Z
+    - ??0CModuleFileExtConfig@@QEAA@AEBV0@@Z
+    - ??0CModuleFileExtConfig@@QEAA@KKE@Z
+    - ??0CModuleFlagConfig@@QEAA@AEBV0@@Z
+    - ??0CModuleFlagConfig@@QEAA@K@Z
+    - ??0CModuleMultiStringConfig@@QEAA@AEBV0@@Z
+    - ??0CModuleMultiStringConfig@@QEAA@KK@Z
+    - ??0CModuleStringConfig@@QEAA@AEBV0@@Z
+    - ??0CModuleStringConfig@@QEAA@K@Z
+    - ??0CNoLockList@@QEAA@AEBV0@@Z
+    - ??0CNoLockList@@QEAA@KKPEAVIMemoryAllocator@@@Z
+    - ??0CSmartLock@@QEAA@AEAVCLockEvent@@@Z
+    - ??0CSmartLock@@QEAA@XZ
+    - ??0CSmartReference@@QEAA@AEAJ@Z
+    - ??0CSmartReference@@QEAA@AEAK@Z
+    - ??0CSmartResource@@QEAA@AEAVCResource@@E@Z
+    - ??0CStrList@@QEAA@AEBV0@@Z
+    - ??0CStrList@@QEAA@KPEAVIMemoryAllocator@@@Z
+    - ??0CSystemThread@@QEAA@AEBV0@@Z
+    - ??0CSystemThread@@QEAA@K@Z
+    - ??0CUserFuncAdapterJob@@QEAA@AEBV0@@Z
+    - ??0CUserFuncAdapterJob@@QEAA@P6AXPEAX@Z01@Z
+    - ??0CWorkerThread@@IEAA@PEAVCWorkerThreadJobQueue@@@Z
+    - ??0CWorkerThread@@QEAA@AEBV0@@Z
+    - ??0CWorkerThreadJob@@QEAA@AEBV0@@Z
+    - ??0CWorkerThreadJob@@QEAA@E@Z
+    - ??0CWorkerThreadJobQueue@@QEAA@AEBV0@@Z
+    - ??0CWorkerThreadJobQueue@@QEAA@K@Z
+    - ??0CWorkerThreadPool@@QEAA@AEBV0@@Z
+    - ??0CWorkerThreadPool@@QEAA@K@Z
+    - ??0CWorkerThreadPoolEx@@QEAA@AEBV0@@Z
+    - ??0CWorkerThreadPoolEx@@QEAA@KK@Z
+    - ??0IMemoryAllocator@@QEAA@AEBV0@@Z
+    - ??0IMemoryAllocator@@QEAA@XZ
+    - ??1CAutoUpdateConfigThread@@UEAA@XZ
+    - ??1CBlobConfig@@UEAA@XZ
+    - ??1CContext@@UEAA@XZ
+    - ??1CContextList@@UEAA@XZ
+    - ??1CDebugLog@@UEAA@XZ
+    - ??1CDebugLogEx@@UEAA@XZ
+    - ??1CDelayLoadThread@@UEAA@XZ
+    - ??1CExclusionExtConfig@@UEAA@XZ
+    - ??1CExclusionFileNameConfig@@UEAA@XZ
+    - ??1CExclusionFilePathConfig@@UEAA@XZ
+    - ??1CExclusionFolderConfig@@UEAA@XZ
+    - ??1CExclusionRegistryConfig@@UEAA@XZ
+    - ??1CFile@@UEAA@XZ
+    - ??1CFileExtension@@UEAA@XZ
+    - ??1CInclusionExtConfig@@UEAA@XZ
+    - ??1CInclusionFileNameConfig@@UEAA@XZ
+    - ??1CInclusionFilePathConfig@@UEAA@XZ
+    - ??1CInclusionFolderConfig@@UEAA@XZ
+    - ??1CKEvent@@UEAA@XZ
+    - ??1CList@@UEAA@XZ
+    - ??1CLockEvent@@UEAA@XZ
+    - ??1CLockList@@UEAA@XZ
+    - ??1CMemoryAllocator@@UEAA@XZ
+    - ??1CMemoryPoolAllocator@@UEAA@XZ
+    - ??1CModuleConfig@@UEAA@XZ
+    - ??1CModuleConfigList@@UEAA@XZ
+    - ??1CModuleFileExtConfig@@UEAA@XZ
+    - ??1CModuleFlagConfig@@UEAA@XZ
+    - ??1CModuleMultiStringConfig@@UEAA@XZ
+    - ??1CModuleStringConfig@@UEAA@XZ
+    - ??1CNoLockList@@UEAA@XZ
+    - ??1CSmartLock@@QEAA@XZ
+    - ??1CSmartReference@@QEAA@XZ
+    - ??1CSmartResource@@QEAA@XZ
+    - ??1CStrList@@UEAA@XZ
+    - ??1CSystemThread@@UEAA@XZ
+    - ??1CUserFuncAdapterJob@@UEAA@XZ
+    - ??1CWorkerThread@@UEAA@XZ
+    - ??1CWorkerThreadJob@@UEAA@XZ
+    - ??1CWorkerThreadJobQueue@@UEAA@XZ
+    - ??1CWorkerThreadPool@@UEAA@XZ
+    - ??1CWorkerThreadPoolEx@@UEAA@XZ
+    - ??1IMemoryAllocator@@UEAA@XZ
+    - ??2@YAPEAX_KPEAVIMemoryAllocator@@PEBDK@Z
+    - ??2CMemoryAllocator@@SAPEAX_K@Z
+    - ??2CMemoryPoolAllocator@@SAPEAX_K@Z
+    - ??3@YAXPEAX@Z
+    - ??3IMemoryAllocator@@SAXPEAX@Z
+    - ??4CAutoUpdateConfigThread@@QEAAAEAV0@AEBV0@@Z
+    - ??4CBlobConfig@@QEAAAEAV0@AEBV0@@Z
+    - ??4CContext@@QEAAAEAV0@AEBV0@@Z
+    - ??4CDebugLog@@QEAAAEAV0@AEBV0@@Z
+    - ??4CDebugLogEx@@QEAAAEAV0@AEBV0@@Z
+    - ??4CDelayLoadThread@@QEAAAEAV0@AEBV0@@Z
+    - ??4CFile@@QEAAAEAV0@AEBV0@@Z
+    - ??4CKEvent@@QEAAAEAV0@AEBV0@@Z
+    - ??4CLockEvent@@QEAAAEAV0@AEBV0@@Z
+    - ??4CMemoryAllocator@@QEAAAEAV0@AEBV0@@Z
+    - ??4CMemoryPoolAllocator@@QEAAAEAV0@AEBV0@@Z
+    - ??4CModuleConfig@@QEAAAEAV0@AEBV0@@Z
+    - ??4CModuleFlagConfig@@QEAAAEAV0@AEBV0@@Z
+    - ??4CModuleStringConfig@@QEAAAEAV0@AEBV0@@Z
+    - ??4CSmartLock@@QEAAAEAV0@AEBV0@@Z
+    - ??4CSmartLock@@QEAAAEBV0@AEAVCLockEvent@@@Z
+    - ??4CSmartResource@@QEAAAEAV0@AEBV0@@Z
+    - ??4CSystemThread@@QEAAAEAV0@AEBV0@@Z
+    - ??4CUserFuncAdapterJob@@QEAAAEAV0@AEBV0@@Z
+    - ??4CWorkerThread@@QEAAAEAV0@AEBV0@@Z
+    - ??4CWorkerThreadJob@@QEAAAEAV0@AEBV0@@Z
+    - ??4IMemoryAllocator@@QEAAAEAV0@AEBV0@@Z
+    - ??_7CAutoUpdateConfigThread@@6B@
+    - ??_7CBlobConfig@@6B@
+    - ??_7CContext@@6B@
+    - ??_7CContextList@@6B@
+    - ??_7CDebugLog@@6B@
+    - ??_7CDebugLogEx@@6B@
+    - ??_7CDelayLoadThread@@6B@
+    - ??_7CExclusionExtConfig@@6B@
+    - ??_7CExclusionFileNameConfig@@6B@
+    - ??_7CExclusionFilePathConfig@@6B@
+    - ??_7CExclusionFolderConfig@@6B@
+    - ??_7CExclusionRegistryConfig@@6B@
+    - ??_7CFile@@6B@
+    - ??_7CFileExtension@@6B@
+    - ??_7CInclusionExtConfig@@6B@
+    - ??_7CInclusionFileNameConfig@@6B@
+    - ??_7CInclusionFilePathConfig@@6B@
+    - ??_7CInclusionFolderConfig@@6B@
+    - ??_7CKEvent@@6B@
+    - ??_7CList@@6B@
+    - ??_7CLockEvent@@6B@
+    - ??_7CLockList@@6B@
+    - ??_7CMemoryAllocator@@6B@
+    - ??_7CMemoryPoolAllocator@@6B@
+    - ??_7CModuleConfig@@6B@
+    - ??_7CModuleConfigList@@6B@
+    - ??_7CModuleFileExtConfig@@6B@
+    - ??_7CModuleFlagConfig@@6B@
+    - ??_7CModuleMultiStringConfig@@6B@
+    - ??_7CModuleStringConfig@@6B@
+    - ??_7CNoLockList@@6B@
+    - ??_7CStrList@@6B@
+    - ??_7CSystemThread@@6B@
+    - ??_7CUserFuncAdapterJob@@6B@
+    - ??_7CWorkerThread@@6B@
+    - ??_7CWorkerThreadJob@@6B@
+    - ??_7CWorkerThreadJobQueue@@6B@
+    - ??_7CWorkerThreadPool@@6B@
+    - ??_7CWorkerThreadPoolEx@@6B@
+    - ??_7IMemoryAllocator@@6B@
+    - ??_FCContextList@@QEAAXXZ
+    - ??_FCFile@@QEAAXXZ
+    - ??_FCFileExtension@@QEAAXXZ
+    - ??_FCModuleConfigList@@QEAAXXZ
+    - ??_FCStrList@@QEAAXXZ
+    - ??_FCSystemThread@@QEAAXXZ
+    - ??_FCWorkerThread@@QEAAXXZ
+    - ??_FCWorkerThreadJob@@QEAAXXZ
+    - ??_FCWorkerThreadJobQueue@@QEAAXXZ
+    - ??_U@YAPEAX_KPEAVIMemoryAllocator@@PEBDK@Z
+    - ??_V@YAXPEAX@Z
+    - ?Acquire@CLockEvent@@QEAAXXZ
+    - ?Add@CContextList@@QEAAEPEAVCContext@@@Z
+    - ?Add@CFileExtension@@QEAAEPEBGK@Z
+    - ?Add@CModuleConfigList@@QEAAEPEAVCModuleConfig@@@Z
+    - ?Add@CStrList@@QEAAEPEBG@Z
+    - ?AddNode@CLockList@@UEAAEQEAXE@Z
+    - ?AddNode@CNoLockList@@UEAAEQEAXE@Z
+    - ?Alloc@CMemoryAllocator@@UEAAPEAX_KPEBDK@Z
+    - ?Alloc@CMemoryPoolAllocator@@UEAAPEAX_KPEBDK@Z
+    - ?AllocBlock@CMemoryPoolAllocator@@IEAAPEAX_K@Z
+    - ?AttachJobQueue@CWorkerThread@@QEAAXPEAVCWorkerThreadJobQueue@@@Z
+    - ?Cancel@CWorkerThreadJob@@QEAAXXZ
+    - ?CheckNode@CLockList@@UEAAHQEAX@Z
+    - ?CheckNode@CNoLockList@@UEAAHQEAX@Z
+    - ?CleanQueue@CWorkerThreadJobQueue@@QEAAXXZ
+    - ?Cleanup@CBlobConfig@@AEAAXXZ
+    - ?Cleanup@CModuleFileExtConfig@@IEAAXXZ
+    - ?Cleanup@CModuleMultiStringConfig@@IEAAXXZ
+    - ?Cleanup@CModuleStringConfig@@AEAAXXZ
+    - ?Close@CFile@@QEAAJXZ
+    - ?Count@CLockList@@QEAAKXZ
+    - ?Count@CNoLockList@@QEAAKXZ
+    - ?Create@CFile@@QEAAJPEBGKKKK@Z
+    - ?Create@CSystemThread@@QEAAEXZ
+    - ?CreateInstance@CMemoryAllocator@@SAPEAV1@W4_POOL_TYPE@@K@Z
+    - ?CreateInstance@CMemoryPoolAllocator@@SAPEAV1@W4_POOL_TYPE@@_K1K@Z
+    - ?CreatePool@CWorkerThreadPool@@QEAAEXZ
+    - ?CreatePool@CWorkerThreadPoolEx@@QEAAEXZ
+    - ?CreateThreads@CWorkerThreadPool@@QEAAEK@Z
+    - ?CreateThreads@CWorkerThreadPoolEx@@QEAAEK@Z
+    - ?CreateWIRP@CFile@@QEAAJPEBGKKKK@Z
+    - ?Delete@CFile@@QEAAJXZ
+    - ?Delete@CFileExtension@@QEAAEPEBGK@Z
+    - ?Delete@CStrList@@QEAAEPEBG@Z
+    - ?DeleteAll@CList@@UEAAXXZ
+    - ?DeleteAll@CLockList@@UEAAXXZ
+    - ?DeleteAll@CNoLockList@@UEAAXXZ
+    - ?DeleteNode@CContextList@@MEAAXPEAX@Z
+    - ?DeleteNode@CList@@UEAAXPEAX@Z
+    - ?DeleteNode@CModuleConfigList@@MEAAXPEAX@Z
+    - ?DeleteNode@CStrList@@EEAAXPEAU_STR_LIST_NODE@1@@Z
+    - ?DisableWriteProtectFromCR0@@YAXPEAPEAX@Z
+    - ?DoIt@CWorkerThreadJob@@QEAAJXZ
+    - ?EntryPoint@CSystemThread@@KAXPEAX@Z
+    - ?Find@CContextList@@QEAAPEAVCContext@@K@Z
+    - ?Find@CContextList@@QEAAPEAVCContext@@PEAX@Z
+    - ?Find@CFileExtension@@QEAAPEAU_STR_LIST_NODE@CStrList@@PEBGK@Z
+    - ?Find@CModuleConfigList@@QEAAPEAVCModuleConfig@@K@Z
+    - ?Find@CStrList@@QEAAPEAU_STR_LIST_NODE@1@PEBG@Z
+    - ?FindNode@CContextList@@IEAAPEAXPEAX@Z
+    - ?FindPartiallyAndAllMatch@CStrList@@QEAAPEAU_STR_LIST_NODE@1@PEBG@Z
+    - ?FinishFunction@CUserFuncAdapterJob@@MEAAXXZ
+    - ?FinishIt@CWorkerThreadJob@@QEAAJXZ
+    - ?First@CList@@UEAAPEAXXZ
+    - ?First@CLockList@@UEAAPEAXXZ
+    - ?First@CNoLockList@@UEAAPEAXXZ
+    - ?Free@CMemoryAllocator@@UEAAXPEAX@Z
+    - ?Free@CMemoryPoolAllocator@@UEAAXPEAX@Z
+    - ?GetAttributes@CFile@@QEAAKXZ
+    - ?GetBasicInfomration@CFile@@IEAAJXZ
+    - ?GetBlobCofig@CContext@@UEAAJKPEAXPEAK@Z
+    - ?GetCategory@CContext@@QEAAKXZ
+    - ?GetData@CBlobConfig@@QEAAHPEAXPEAK@Z
+    - ?GetData@CModuleFileExtConfig@@QEAAHPEAGPEAK@Z
+    - ?GetData@CModuleFileExtConfig@@QEAAPEAVCFileExtension@@XZ
+    - ?GetData@CModuleFlagConfig@@QEAAKXZ
+    - ?GetData@CModuleMultiStringConfig@@QEAAHPEAGPEAK@Z
+    - ?GetData@CModuleMultiStringConfig@@QEAAPEAVCStrList@@XZ
+    - ?GetData@CModuleStringConfig@@QEAAPEAGXZ
+    - ?GetData@CStrList@@QEAAEPEAGPEAK@Z
+    - ?GetDataType@CModuleConfig@@QEAAKXZ
+    - ?GetEngineContext@CContext@@QEAAPEAXXZ
+    - ?GetFileExtensionConfig@CContext@@QEAAPEAVCFileExtension@@K@Z
+    - ?GetFileExtensionConfig@CContext@@UEAAJKPEAGPEAK@Z
+    - ?GetFileSize@CFile@@QEAAJPEAT_LARGE_INTEGER@@@Z
+    - ?GetFileSizeWIRP@CFile@@QEAAJPEAT_LARGE_INTEGER@@@Z
+    - ?GetFlagConfig@CContext@@UEAAJKPEAK@Z
+    - ?GetID@CModuleConfig@@QEAAKXZ
+    - ?GetJob@CWorkerThreadJobQueue@@QEAAPEAVCWorkerThreadJob@@XZ
+    - ?GetLength@CModuleStringConfig@@QEAAKXZ
+    - ?GetLinkContext@CContext@@QEAAPEAXXZ
+    - ?GetLogFlag@CDebugLog@@QEAAKXZ
+    - ?GetLogFlag@CDebugLogEx@@QEAAKXZ
+    - ?GetModuleId@CModuleConfig@@QEAAKXZ
+    - ?GetMultiStringConfig@CContext@@QEAAPEAVCStrList@@K@Z
+    - ?GetMultiStringConfig@CContext@@UEAAJKPEAGPEAK@Z
+    - ?GetOneThreadTEB@CWorkerThreadPool@@QEAAPEAU_ETHREAD@@XZ
+    - ?GetOneThreadTEB@CWorkerThreadPool@@QEAAPEAU_KTHREAD@@XZ
+    - ?GetOneThreadTEB@CWorkerThreadPoolEx@@QEAAPEAU_ETHREAD@@XZ
+    - ?GetOneThreadTEB@CWorkerThreadPoolEx@@QEAAPEAU_KTHREAD@@XZ
+    - ?GetReportCallBackRoutine@CContext@@QEAA_KXZ
+    - ?GetSize@CBlobConfig@@QEAAKXZ
+    - ?GetStringConfig@CContext@@QEAAPEAGK@Z
+    - ?GetStringConfig@CContext@@UEAAJKPEAGPEAK@Z
+    - ?GetThreadCount@CWorkerThreadPool@@QEAAKXZ
+    - ?GetThreadCount@CWorkerThreadPoolEx@@QEAAKXZ
+    - ?GetThreadID@CSystemThread@@QEAA_KXZ
+    - ?GetType@CContext@@QEAAKXZ
+    - ?GetUserParameter@CContext@@QEAA_KXZ
+    - ?InitProcMon@CDebugLogEx@@IEAAXXZ
+    - ?InitializeBlobConfig@CContext@@QEAAHKPEAXK@Z
+    - ?InitializeFileExtensionConfig@CContext@@QEAAHKPEBG@Z
+    - ?InitializeFlagConfig@CContext@@QEAAHKK@Z
+    - ?InitializeMultiStringConfig@CContext@@QEAAHKPEBG@Z
+    - ?InitializeStringConfig@CContext@@QEAAHKPEBG@Z
+    - ?Insert@CList@@UEAAXQEAXE@Z
+    - ?Insert@CLockList@@UEAAXQEAXE@Z
+    - ?Insert@CNoLockList@@UEAAXQEAXE@Z
+    - ?InsertAfter@CList@@UEAAXPEAX0@Z
+    - ?InsertBefore@CList@@UEAAXPEAX0@Z
+    - ?Instance@CWorkerThreadPool@@SAPEAV1@XZ
+    - ?IsEmpty@CList@@UEAAEXZ
+    - ?IsEmpty@CLockList@@UEAAEXZ
+    - ?IsEmpty@CNoLockList@@UEAAEXZ
+    - ?IsExceedLimitation@CMemoryPoolAllocator@@IEAAEK@Z
+    - ?IsFull@CLockList@@QEBAEXZ
+    - ?IsFull@CNoLockList@@QEBAEXZ
+    - ?IsInExclusionList@CExclusionExtConfig@@QEAAEPEBG@Z
+    - ?IsInExclusionList@CExclusionFileNameConfig@@QEAAEPEBG@Z
+    - ?IsInExclusionList@CExclusionFilePathConfig@@QEAAEPEBG@Z
+    - ?IsInExclusionList@CExclusionFolderConfig@@QEAAEPEBG@Z
+    - ?IsInExclusionList@CExclusionRegistryConfig@@QEAAEPEBG@Z
+    - ?IsInInclusionList@CInclusionExtConfig@@QEAAEPEBG@Z
+    - ?IsInInclusionList@CInclusionFileNameConfig@@QEAAEPEBG@Z
+    - ?IsInInclusionList@CInclusionFilePathConfig@@QEAAEPEBG@Z
+    - ?IsInInclusionList@CInclusionFolderConfig@@QEAAEPEBG@Z
+    - ?IsOpened@CFile@@QEAAEXZ
+    - ?IsTerminated@CWorkerThreadPool@@QEAAEXZ
+    - ?IsTerminated@CWorkerThreadPoolEx@@QEAAEXZ
+    - ?IsValid@CMemoryAllocator@@UEAAEXZ
+    - ?IsValid@CMemoryPoolAllocator@@UEAAEXZ
+    - ?IsValid@IMemoryAllocator@@UEAAEXZ
+    - ?IsWorkerThread@CWorkerThreadPool@@QEAAE_K@Z
+    - ?IsWorkerThread@CWorkerThreadPoolEx@@QEAAE_K@Z
+    - ?JobFunction@CUserFuncAdapterJob@@MEAAXXZ
+    - ?JobQueue@CWorkerThreadPool@@QEAAAEAVCWorkerThreadJobQueue@@XZ
+    - ?JobQueue@CWorkerThreadPoolEx@@QEAAAEAVCWorkerThreadJobQueue@@XZ
+    - ?Limit@CLockList@@QEAAKXZ
+    - ?Limit@CNoLockList@@QEAAKXZ
+    - ?MatchAllExtensions@CFileExtension@@QEAAEXZ
+    - ?MatchNoExtensions@CFileExtension@@QEAAEXZ
+    - ?MergeLeft@CMemoryPoolAllocator@@IEAAPEAXPEAX@Z
+    - ?MergeRight@CMemoryPoolAllocator@@IEAAPEAXPEAX@Z
+    - ?NeedDelete@CWorkerThreadJob@@QEAAEXZ
+    - ?NeedDeleteWhenFinish@CWorkerThreadJob@@QEAAXE@Z
+    - ?NewNode@CList@@UEAAPEAXXZ
+    - ?NewNode@CStrList@@EEAAPEAXXZ
+    - ?NewNodeVariant@CList@@IEAAPEAXK@Z
+    - ?Next@CList@@UEBAPEAXQEAX@Z
+    - ?Next@CLockList@@UEBAPEAXQEAX@Z
+    - ?Next@CNoLockList@@UEBAPEAXQEAX@Z
+    - ?NextPool@CMemoryPoolAllocator@@QEAAPEAV1@XZ
+    - ?NotityTerminate@CWorkerThread@@QEAAXXZ
+    - ?PostJobToWorkerThread@CWorkerThreadPool@@QEAAJP6AXPEAX@Z0E@Z
+    - ?PostJobToWorkerThread@CWorkerThreadPoolEx@@QEAAJP6AXPEAX@Z0E1@Z
+    - ?Pulse@CKEvent@@QEAAJJE@Z
+    - ?QueueJob@CWorkerThreadJobQueue@@QEAAEPEAVCWorkerThreadJob@@@Z
+    - ?QueueJobItem@CWorkerThreadPool@@QEAAJPEAVCWorkerThreadJob@@@Z
+    - ?QueueJobItem@CWorkerThreadPoolEx@@QEAAJPEAVCWorkerThreadJob@@@Z
+    - ?RCMInstance@CWorkerThreadPool@@SAPEAV1@XZ
+    - ?Read@CFile@@QEAAJPEADKPEAK@Z
+    - ?ReadWIRP@CFile@@QEAAJPEADKPEAK@Z
+    - ?ReferenceCount@CContext@@QEAAAEAKXZ
+    - ?Release@CLockEvent@@QEAAXXZ
+    - ?Remove@CContextList@@UEAAEQEAX@Z
+    - ?Remove@CList@@UEAAEQEAX@Z
+    - ?Remove@CLockList@@UEAAEQEAX@Z
+    - ?Remove@CNoLockList@@UEAAEQEAX@Z
+    - ?RemoveHead@CList@@UEAAPEAXXZ
+    - ?RemoveHead@CLockList@@UEAAPEAXXZ
+    - ?RemoveHead@CNoLockList@@UEAAPEAXXZ
+    - ?RemoveTail@CList@@UEAAPEAXXZ
+    - ?RemoveTail@CLockList@@UEAAPEAXXZ
+    - ?RemoveTail@CNoLockList@@UEAAPEAXXZ
+    - ?Reset@CKEvent@@QEAAXXZ
+    - ?ResetData@CInclusionExtConfig@@QEAAXXZ
+    - ?ResetData@CInclusionFileNameConfig@@QEAAXXZ
+    - ?ResetData@CInclusionFilePathConfig@@QEAAXXZ
+    - ?ResetData@CInclusionFolderConfig@@QEAAXXZ
+    - ?RestoreCR0@@YAXPEAX@Z
+    - ?Run@CAutoUpdateConfigThread@@UEAAXXZ
+    - ?Run@CDelayLoadThread@@UEAAXXZ
+    - ?Run@CWorkerThread@@UEAAXXZ
+    - ?SeekToEnd@CFile@@QEAAJXZ
+    - ?Set@CKEvent@@QEAAJJE@Z
+    - ?SetAttributes@CFile@@QEAAJK@Z
+    - ?SetBlobCofig@CContext@@UEAAJKPEAXK@Z
+    - ?SetData@CBlobConfig@@QEAAHPEAXK@Z
+    - ?SetData@CModuleFileExtConfig@@QEAAHPEBG@Z
+    - ?SetData@CModuleFlagConfig@@QEAAHK@Z
+    - ?SetData@CModuleMultiStringConfig@@QEAAHPEBGK@Z
+    - ?SetData@CModuleStringConfig@@QEAAHPEBG@Z
+    - ?SetEngineContext@CContext@@QEAAXPEAX@Z
+    - ?SetFileExtensionConfig@CContext@@UEAAJKPEBG@Z
+    - ?SetFlagConfig@CContext@@UEAAJKK@Z
+    - ?SetLinkContext@CContext@@QEAAXPEAX@Z
+    - ?SetLogFlag@CDebugLog@@QEAAEK@Z
+    - ?SetLogFlag@CDebugLogEx@@QEAAEK@Z
+    - ?SetMatchAllExtensions@CFileExtension@@QEAAXE@Z
+    - ?SetMatchNoExtensions@CFileExtension@@QEAAXE@Z
+    - ?SetMultiStringConfig@CContext@@UEAAJKPEBG@Z
+    - ?SetNewJobItemEvent@CWorkerThreadJobQueue@@QEAAXXZ
+    - ?SetPriority@CSystemThread@@QEAAXK@Z
+    - ?SetStopUse@CContext@@QEAAXXZ
+    - ?SetStringConfig@CContext@@UEAAJKPEBG@Z
+    - ?Setup@CSystemThread@@MEAAXXZ
+    - ?StopUse@CContext@@QEAAHXZ
+    - ?TearDown@CSystemThread@@MEAAXXZ
+    - ?Terminate@CSystemThread@@QEAAXE@Z
+    - ?Terminate@CWorkerThreadPool@@QEAAEXZ
+    - ?Terminate@CWorkerThreadPoolEx@@QEAAEXZ
+    - ?TmExceptionFilter@@YAJPEAU_EXCEPTION_POINTERS@@@Z
+    - ?Wait@CKEvent@@QEAAJPEAT_LARGE_INTEGER@@E@Z
+    - ?WaitFinish@CWorkerThreadJob@@QEAAXXZ
+    - ?WaitForInit@CDelayLoadThread@@QEAAEXZ
+    - ?WaitForLoad@CDelayLoadThread@@QEAAEXZ
+    - ?WaitNewJobAvailable@CWorkerThreadJobQueue@@QEAAEXZ
+    - ?WaitQueueEmpty@CWorkerThreadJobQueue@@QEAAXXZ
+    - ?Write@CDebugLog@@QEAAXPEBDZZ
+    - ?Write@CDebugLogEx@@QEAAXPEBDZZ
+    - ?Write@CFile@@QEAAJPEADKPEAT_LARGE_INTEGER@@PEAK@Z
+    - ?WriteDataToFile@CDebugLogEx@@IEAAXPEADK@Z
+    - ?WriteDataToProcMonW@CDebugLogEx@@IEAAXPEAD@Z
+    - ?WriteSystemInformation@CDebugLog@@QEAAXXZ
+    - ?WriteSystemInformation@CDebugLogEx@@QEAAXXZ
+    - ?WriteSystemStringInformation@CDebugLog@@IEAAXPEBG@Z
+    - ?WriteSystemStringInformation@CDebugLogEx@@IEAAXPEBG@Z
+    - ?WriteToFile@CDebugLog@@IEAAXPEADK@Z
+    - ?WriteToProcMonW@CDebugLogEx@@IEAAXPEAU_UNICODE_STRING@@@Z
+    - ?_pNonPagedAllocator@@3PEAVCMemoryAllocator@@EA
+    - ?_pPagedAllocator@@3PEAVCMemoryAllocator@@EA
+    - ?m_lpInstance@CWorkerThreadPool@@1PEAV1@EA
+    - ?m_lpRCMInstance@CWorkerThreadPool@@1PEAV1@EA
+    - DeInitKm2UmCommunication
+    - DeInitKmLPC
+    - DuplicateFullFileName
+    - FreeFullFileName
+    - GetKm2UmMode
+    - GetModuleInfoByAddress
+    - GetModuleInfoByModuleName
+    - InitKm2UmCommunication
+    - InitKmLPC
+    - IsVerifierCodeCheckFlagOn
+    - IsWindows8_1_update
+    - KmCallUm
+    - KmCallUmByLPC
+    - KmCallUmEx
+    - KmCleanupCommPortAPIs
+    - KmGetUmInitProcess
+    - KmSetCommPortAPIs
+    - ModGetExportProcAddress
+    - ModLoadDLLToBuffer
+    - ModLoadDLLToBufferWithImageSize
+    - ModLoadModule
+    - ModUnLoadModule
+    - NormalizeFileName
+    - NormalizeFullNtPathToDosName
+    - TmCommConfigRoutine
+    - UtilAddDeviceInDriveTable
+    - UtilAddReparsePointMapping
+    - UtilCleanFileReadOnly
+    - UtilCloseExclusiveHandle
+    - UtilCreateDosFileName
+    - UtilDeleteFileForce
+    - UtilGetDeviceObjectName
+    - UtilGetFileNameFromFileObject
+    - UtilGetFileObjectForProcessByEPROC
+    - UtilGetFileObjectFromFileName
+    - UtilGetProcessName
+    - UtilGetSystemDirectory
+    - UtilGetSystemDirectoryEx
+    - UtilGetSystemDirectoryLength
+    - UtilGetSystemTime
+    - UtilIoSetFileInfo
+    - UtilIopCreateFileIRP
+    - UtilKeGetLowFileDevice
+    - UtilModuleIATHook
+    - UtilModuleIATUnHook
+    - UtilPostJobToWorkerThread
+    - UtilQueryExclusiveHandle
+    - UtilQueryKeyValue
+    - UtilRemoveDeviceFromDriveTable
+    - UtilVolumeDeviceToDosName
+    - UtilWaitValueChangeToZero
+    - UtilWriteVersionToRegistry
+    - UtilbuildDynamicDiskMappingTable
+    - UtlWriteBinValueKeyToRegistry
+    - ValidateAddressWithSize
+    - _ResetProtectFromClose
+    - _UtilDosPathNameToNtPathName
+    ImportedFunctions:
+    - KeLeaveCriticalRegion
+    - wcsncpy
+    - KeEnterCriticalRegion
+    - ExAcquireFastMutexUnsafe
+    - wcsrchr
+    - ExAcquireResourceSharedLite
+    - ExReleaseResourceLite
+    - _purecall
+    - ZwOpenEvent
+    - ZwConnectPort
+    - KeClearEvent
+    - PsProcessType
+    - ExFreePoolWithTag
+    - RtlInitUnicodeString
+    - KeSetEvent
+    - ProbeForWrite
+    - KeUnstackDetachProcess
+    - ZwRequestWaitReplyPort
+    - ZwWaitForSingleObject
+    - DbgBreakPoint
+    - ZwSetEvent
+    - IoGetCurrentProcess
+    - ZwFreeVirtualMemory
+    - ZwClose
+    - ObfReferenceObject
+    - ObfDereferenceObject
+    - RtlUnicodeStringToInteger
+    - ZwCreateSection
+    - ObOpenObjectByPointer
+    - KeStackAttachProcess
+    - KePulseEvent
+    - ZwAllocateVirtualMemory
+    - ObGetObjectSecurity
+    - SeAccessCheck
+    - SeReleaseSubjectContext
+    - SeCaptureSubjectContext
+    - PsThreadType
+    - ObReleaseObjectSecurity
+    - PsGetProcessExitTime
+    - MmSectionObjectType
+    - DbgPrint
+    - ExDeleteResourceLite
+    - ExInitializeResourceLite
+    - ZwReadFile
+    - swprintf
+    - ZwSetInformationFile
+    - ZwCreateFile
+    - ZwQueryInformationFile
+    - ZwWriteFile
+    - _wcsnicmp
+    - towupper
+    - ExAllocatePoolWithTag
+    - KeInitializeEvent
+    - ZwCreateEvent
+    - ZwCreateKey
+    - RtlAnsiStringToUnicodeString
+    - ZwNotifyChangeKey
+    - RtlInitAnsiString
+    - _snprintf
+    - RtlFreeUnicodeString
+    - ExSystemTimeToLocalTime
+    - _vsnprintf
+    - ObReferenceObjectByHandle
+    - RtlTimeToTimeFields
+    - ZwDeviceIoControlFile
+    - PsGetCurrentThreadId
+    - PsGetCurrentProcessId
+    - KeWaitForMultipleObjects
+    - ExGetPreviousMode
+    - RtlEqualUnicodeString
+    - RtlPrefixUnicodeString
+    - RtlAppendUnicodeStringToString
+    - RtlCopyUnicodeString
+    - RtlUpcaseUnicodeChar
+    - KeWaitForSingleObject
+    - KeSetPriorityThread
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - MmIsAddressValid
+    - KeDelayExecutionThread
+    - KeNumberProcessors
+    - PsLookupProcessByProcessId
+    - PsSetCreateProcessNotifyRoutine
+    - ZwOpenDirectoryObject
+    - ZwQueryInformationProcess
+    - ZwQuerySecurityObject
+    - NtSetInformationFile
+    - ZwDeleteValueKey
+    - ZwSetValueKey
+    - ZwQuerySystemInformation
+    - NtQueryInformationFile
+    - IoFileObjectType
+    - ZwQueryValueKey
+    - ZwQueryDirectoryFile
+    - NtCreateFile
+    - ZwEnumerateValueKey
+    - RtlLengthSecurityDescriptor
+    - ZwQueryDirectoryObject
+    - ZwSetSecurityObject
+    - ZwDuplicateObject
+    - ZwOpenProcess
+    - ZwTerminateProcess
+    - ExReleaseFastMutexUnsafe
+    - ZwEnumerateKey
+    - ZwQueryKey
+    - ZwOpenKey
+    - MmSystemRangeStart
+    - _stricmp
+    - _strnicmp
+    - mbstowcs
+    - ProbeForRead
+    - RtlUpcaseUnicodeString
+    - _snwprintf
+    - ZwQuerySymbolicLinkObject
+    - ZwMapViewOfSection
+    - MmGetSystemRoutineAddress
+    - RtlAppendUnicodeToString
+    - IoCreateFile
+    - RtlQueryRegistryValues
+    - MmBuildMdlForNonPagedPool
+    - ZwOpenSymbolicLinkObject
+    - IoFreeMdl
+    - ObQueryNameString
+    - ZwUnmapViewOfSection
+    - NtClose
+    - IoFreeIrp
+    - PsGetVersion
+    - IoAllocateIrp
+    - RtlCompareMemory
+    - MmUnlockPages
+    - ZwSetInformationObject
+    - ZwOpenFile
+    - wcsncmp
+    - RtlImageNtHeader
+    - IoAllocateMdl
+    - IofCallDriver
+    - ZwQueryVolumeInformationFile
+    - ObReferenceObjectByPointer
+    - IoBuildDeviceIoControlRequest
+    - ZwOpenSection
+    - RtlSubAuthoritySid
+    - RtlLengthRequiredSid
+    - ExReleaseFastMutex
+    - ExAcquireFastMutex
+    - RtlCreateAcl
+    - RtlSetDaclSecurityDescriptor
+    - RtlAddAccessAllowedAce
+    - KeInitializeSemaphore
+    - KeReleaseSemaphore
+    - RtlInitializeSid
+    - RtlCreateSecurityDescriptor
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - IoGetDeviceObjectPointer
+    - ExEventObjectType
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - ObOpenObjectByName
+    - NtQueryInformationProcess
+    - strncpy
+    - NtOpenProcess
+    - ObInsertObject
+    - IoAcquireVpbSpinLock
+    - SeCreateAccessState
+    - IoGetFileObjectGenericMapping
+    - ObCreateObject
+    - KeAcquireQueuedSpinLock
+    - KeReleaseQueuedSpinLock
+    - IoReleaseVpbSpinLock
+    - wcschr
+    - strncat
+    - RtlUnicodeStringToAnsiString
+    - wcsncat
+    - RtlFreeAnsiString
+    - wcstombs
+    - IoGetConfigurationInformation
+    - IoRegisterPlugPlayNotification
+    - IoGetStackLimits
+    - IoBuildSynchronousFsdRequest
+    - KeReleaseSpinLock
+    - ExpInterlockedPopEntrySList
+    - FsRtlIsNameInExpression
+    - wcsstr
+    - ExAllocatePool
+    - IoUnregisterPlugPlayNotification
+    - MmProbeAndLockPages
+    - RtlCompareUnicodeString
+    - IoGetDeviceInterfaces
+    - KeAcquireSpinLockRaiseToDpc
+    - KeBugCheckEx
+    - IoCreateDevice
+    - IoDeviceObjectType
+    - SeCaptureSecurityDescriptor
+    - RtlAbsoluteToSelfRelativeSD
+    - IoIsWdmVersionAvailable
+    - SeExports
+    - RtlLengthSid
+    - RtlGetSaclSecurityDescriptor
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - ZwDeleteKey
+    - ExAcquireResourceExclusiveLite
+    - __C_specific_handler
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=TW, L=Taipei, O=Trend Micro, Inc., OU=Taipei, TW, CN=Trend
+                Micro, Inc.
+            ValidFrom: '2019-07-12 00:00:00'
+            ValidTo: '2020-07-10 12:00:00'
+            Signature: 5c08ae5d586a4751195382d6889dc2fc500e7c39c641e1a58def8d923e12b754e2cc35720cc8d3d29382980debf7d98fcc17d764187126dd07c134fdbb96dd44fe8a40195df6f6acd1881fa5ba2921dadceb3f64422344672834813916bbdf317533cf6aaf3317d78197d7d6c560ad681de135f39e2d4ad345b7fe491162660a5462c6075fd725382df1e6e6bc3a4c443be778f79b07f181082e38150ca28ab932f99e4bc4185dc5b3b6edf22c187fdfd84e23a21e7da1989837f43b89aa172e6b34dbcb297bffd511a1d1c100b25e0e921f622a0845e23317f9fec83659ca21c241800683e0dd66ce4d042a8aefc4142b5923a6fa93ee72c48e8dc04c13b4b0
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ea0fe4dfb74cc64bc32143103c27c8b
+            Version: 3
+            TBS:
+                MD5: e93e004baa6013b41135ac0648e29d5b
+                SHA1: dc91e26674d4b627319c700d3ebb1a6cf83d358e
+                SHA256: 0d20335edb166a303411548471bee6f301c8b4f7f7e453d09c15303de2c888d7
+                SHA384: 5e0130ee64e28e6366fcf0ca8a126b3f7e06eec60b8a46ac90dbfa858aac8f0c1a9cce248a606fdf9a98eae98dd5d887
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
+            Version: 3
+            TBS:
+                MD5: 829995f702421dea833a24fb2c7f4442
+                SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
+                SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
+                SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 0ea0fe4dfb74cc64bc32143103c27c8b
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 10609f326d2f94c82a36fc64676533d8
+        SHA1: 2a6eaf986eff3455a32fb6a20ceb7c3ffe70bf41
+        SHA256: b61ea91d46738a0387b4bbfb7c154f3a1881c8cab9360fd8eb85e1dd8c5d386c
+    Sections:
+        .text:
+            Entropy: 6.4384140721471494
+            Virtual Size: '0x37d64'
+        .rdata:
+            Entropy: 3.501299855418845
+            Virtual Size: '0x653c'
+        .data:
+            Entropy: 2.9889621727595177
+            Virtual Size: '0x3368'
+        .pdata:
+            Entropy: 5.427687917987517
+            Virtual Size: '0x26e8'
+        PAGE:
+            Entropy: 6.219135155974678
+            Virtual Size: '0x19f7'
+        .edata:
+            Entropy: 5.841180995766783
+            Virtual Size: '0x57c1'
+        INIT:
+            Entropy: 5.252864983862473
+            Virtual Size: '0x184e'
+        .rsrc:
+            Entropy: 3.371630723469513
+            Virtual Size: '0x568'
+        .reloc:
+            Entropy: 4.092946145413326
+            Virtual Size: '0x7f6'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2019-11-24 20:59:46'
+    Imphash: 3ac083b0ee2b752436a8a1532179f032
+    LoadsDespiteHVCI: 'TRUE'
+-   Filename: TmComm.sys
+    MD5: e3aaa0c1c3a5e99eb9970ebe4b5a3183
+    SHA1: 8fafd70bae94bbc22786c9328ee9126fed54dbae
+    SHA256: 1c1251784e6f61525d0082882a969cb8a0c5d5359be22f5a73e3b0cd38b51687
+    Authentihash:
+        MD5: 257904eecb49998ecad8b3d2acee8344
+        SHA1: 7f7110dcca30c2110d31f5a875305d52dac0db49
+        SHA256: 3847a1ed764ba25361a1748761fd9a1cbb65e42db00094f8ad6def9ac5da4116
+    Description: TrendMicro Common Module
+    Company: Trend Micro Inc.
+    InternalName: TmComm.sys
+    OriginalFilename: TmComm.sys
+    FileVersion: 5.50.0.1124
+    Product: Trend Micro Eyes
+    ProductVersion: '5.50'
+    Copyright: Copyright (C) 2015 Trend Micro Incorporated. All rights reserved.
+    MachineType: I386
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    - CLASSPNP.SYS
+    ExportedFunctions:
+    - ??0CAutoUpdateConfigThread@@QAE@ABV0@@Z
+    - ??0CAutoUpdateConfigThread@@QAE@PAU_UNICODE_STRING@@P6GX0PAX@Z1@Z
+    - ??0CBlobConfig@@QAE@ABV0@@Z
+    - ??0CBlobConfig@@QAE@K@Z
+    - ??0CContext@@QAE@ABV0@@Z
+    - ??0CContext@@QAE@KP6GJPAU_EVENT_REPORT@@PAXPAU_TMCE_REPORT@@PAU_TMCE_FEEDBACK@@@Z1K@Z
+    - ??0CContextList@@QAE@ABV0@@Z
+    - ??0CContextList@@QAE@KPAVIMemoryAllocator@@@Z
+    - ??0CDebugLog@@QAE@ABV0@@Z
+    - ??0CDebugLog@@QAE@PBG@Z
+    - ??0CDelayLoadThread@@QAE@ABV0@@Z
+    - ??0CDelayLoadThread@@QAE@XZ
+    - ??0CExclusionExtConfig@@QAE@ABV0@@Z
+    - ??0CExclusionExtConfig@@QAE@KKE@Z
+    - ??0CExclusionFileNameConfig@@QAE@ABV0@@Z
+    - ??0CExclusionFileNameConfig@@QAE@KK@Z
+    - ??0CExclusionFilePathConfig@@QAE@ABV0@@Z
+    - ??0CExclusionFilePathConfig@@QAE@KK@Z
+    - ??0CExclusionFolderConfig@@QAE@ABV0@@Z
+    - ??0CExclusionFolderConfig@@QAE@KK@Z
+    - ??0CExclusionRegistryConfig@@QAE@ABV0@@Z
+    - ??0CExclusionRegistryConfig@@QAE@KK@Z
+    - ??0CFile@@QAE@ABV0@@Z
+    - ??0CFile@@QAE@E@Z
+    - ??0CFileExtension@@QAE@ABV0@@Z
+    - ??0CFileExtension@@QAE@KEEPAVIMemoryAllocator@@@Z
+    - ??0CInclusionExtConfig@@QAE@ABV0@@Z
+    - ??0CInclusionExtConfig@@QAE@KKE@Z
+    - ??0CInclusionFileNameConfig@@QAE@ABV0@@Z
+    - ??0CInclusionFileNameConfig@@QAE@KK@Z
+    - ??0CInclusionFilePathConfig@@QAE@ABV0@@Z
+    - ??0CInclusionFilePathConfig@@QAE@KK@Z
+    - ??0CInclusionFolderConfig@@QAE@ABV0@@Z
+    - ??0CInclusionFolderConfig@@QAE@KK@Z
+    - ??0CKEvent@@QAE@ABV0@@Z
+    - ??0CKEvent@@QAE@W4_EVENT_TYPE@@E@Z
+    - ??0CList@@QAE@ABV0@@Z
+    - ??0CList@@QAE@KPAVIMemoryAllocator@@@Z
+    - ??0CLockEvent@@QAE@ABV0@@Z
+    - ??0CLockEvent@@QAE@XZ
+    - ??0CLockList@@QAE@ABV0@@Z
+    - ??0CLockList@@QAE@KKPAVIMemoryAllocator@@@Z
+    - ??0CMemoryAllocator@@IAE@W4_POOL_TYPE@@K@Z
+    - ??0CMemoryAllocator@@QAE@ABV0@@Z
+    - ??0CMemoryPoolAllocator@@IAE@W4_POOL_TYPE@@KKK@Z
+    - ??0CMemoryPoolAllocator@@QAE@ABV0@@Z
+    - ??0CModuleConfig@@QAE@ABV0@@Z
+    - ??0CModuleConfig@@QAE@XZ
+    - ??0CModuleConfigList@@QAE@ABV0@@Z
+    - ??0CModuleConfigList@@QAE@KPAVIMemoryAllocator@@@Z
+    - ??0CModuleFileExtConfig@@QAE@ABV0@@Z
+    - ??0CModuleFileExtConfig@@QAE@KKE@Z
+    - ??0CModuleFlagConfig@@QAE@ABV0@@Z
+    - ??0CModuleFlagConfig@@QAE@K@Z
+    - ??0CModuleMultiStringConfig@@QAE@ABV0@@Z
+    - ??0CModuleMultiStringConfig@@QAE@KK@Z
+    - ??0CModuleStringConfig@@QAE@ABV0@@Z
+    - ??0CModuleStringConfig@@QAE@K@Z
+    - ??0CNoLockList@@QAE@ABV0@@Z
+    - ??0CNoLockList@@QAE@KKPAVIMemoryAllocator@@@Z
+    - ??0CSmartLock@@QAE@AAVCLockEvent@@@Z
+    - ??0CSmartLock@@QAE@XZ
+    - ??0CSmartReference@@QAE@AAJ@Z
+    - ??0CSmartReference@@QAE@AAK@Z
+    - ??0CSmartResource@@QAE@AAVCResource@@E@Z
+    - ??0CStrList@@QAE@ABV0@@Z
+    - ??0CStrList@@QAE@KPAVIMemoryAllocator@@@Z
+    - ??0CSystemThread@@QAE@ABV0@@Z
+    - ??0CSystemThread@@QAE@K@Z
+    - ??0CUserFuncAdapterJob@@QAE@ABV0@@Z
+    - ??0CUserFuncAdapterJob@@QAE@P6GXPAX@Z0@Z
+    - ??0CWorkerThread@@IAE@PAVCWorkerThreadJobQueue@@@Z
+    - ??0CWorkerThread@@QAE@ABV0@@Z
+    - ??0CWorkerThreadJob@@QAE@ABV0@@Z
+    - ??0CWorkerThreadJob@@QAE@E@Z
+    - ??0CWorkerThreadJobQueue@@QAE@ABV0@@Z
+    - ??0CWorkerThreadJobQueue@@QAE@K@Z
+    - ??0CWorkerThreadPool@@QAE@ABV0@@Z
+    - ??0CWorkerThreadPool@@QAE@K@Z
+    - ??0IMemoryAllocator@@QAE@ABV0@@Z
+    - ??0IMemoryAllocator@@QAE@XZ
+    - ??1CAutoUpdateConfigThread@@UAE@XZ
+    - ??1CBlobConfig@@UAE@XZ
+    - ??1CContext@@UAE@XZ
+    - ??1CContextList@@UAE@XZ
+    - ??1CDebugLog@@UAE@XZ
+    - ??1CDelayLoadThread@@UAE@XZ
+    - ??1CExclusionExtConfig@@UAE@XZ
+    - ??1CExclusionFileNameConfig@@UAE@XZ
+    - ??1CExclusionFilePathConfig@@UAE@XZ
+    - ??1CExclusionFolderConfig@@UAE@XZ
+    - ??1CExclusionRegistryConfig@@UAE@XZ
+    - ??1CFile@@UAE@XZ
+    - ??1CFileExtension@@UAE@XZ
+    - ??1CInclusionExtConfig@@UAE@XZ
+    - ??1CInclusionFileNameConfig@@UAE@XZ
+    - ??1CInclusionFilePathConfig@@UAE@XZ
+    - ??1CInclusionFolderConfig@@UAE@XZ
+    - ??1CKEvent@@UAE@XZ
+    - ??1CList@@UAE@XZ
+    - ??1CLockEvent@@UAE@XZ
+    - ??1CLockList@@UAE@XZ
+    - ??1CMemoryAllocator@@UAE@XZ
+    - ??1CMemoryPoolAllocator@@UAE@XZ
+    - ??1CModuleConfig@@UAE@XZ
+    - ??1CModuleConfigList@@UAE@XZ
+    - ??1CModuleFileExtConfig@@UAE@XZ
+    - ??1CModuleFlagConfig@@UAE@XZ
+    - ??1CModuleMultiStringConfig@@UAE@XZ
+    - ??1CModuleStringConfig@@UAE@XZ
+    - ??1CNoLockList@@UAE@XZ
+    - ??1CSmartLock@@QAE@XZ
+    - ??1CSmartReference@@QAE@XZ
+    - ??1CSmartResource@@QAE@XZ
+    - ??1CStrList@@UAE@XZ
+    - ??1CSystemThread@@UAE@XZ
+    - ??1CUserFuncAdapterJob@@UAE@XZ
+    - ??1CWorkerThread@@UAE@XZ
+    - ??1CWorkerThreadJob@@UAE@XZ
+    - ??1CWorkerThreadJobQueue@@UAE@XZ
+    - ??1CWorkerThreadPool@@UAE@XZ
+    - ??1IMemoryAllocator@@UAE@XZ
+    - ??2@YAPAXIPAVIMemoryAllocator@@PBDK@Z
+    - ??2CMemoryAllocator@@SGPAXI@Z
+    - ??2CMemoryPoolAllocator@@SGPAXI@Z
+    - ??3@YAXPAX@Z
+    - ??3IMemoryAllocator@@SGXPAX@Z
+    - ??4CAutoUpdateConfigThread@@QAEAAV0@ABV0@@Z
+    - ??4CBlobConfig@@QAEAAV0@ABV0@@Z
+    - ??4CContext@@QAEAAV0@ABV0@@Z
+    - ??4CDebugLog@@QAEAAV0@ABV0@@Z
+    - ??4CDelayLoadThread@@QAEAAV0@ABV0@@Z
+    - ??4CFile@@QAEAAV0@ABV0@@Z
+    - ??4CKEvent@@QAEAAV0@ABV0@@Z
+    - ??4CLockEvent@@QAEAAV0@ABV0@@Z
+    - ??4CMemoryAllocator@@QAEAAV0@ABV0@@Z
+    - ??4CMemoryPoolAllocator@@QAEAAV0@ABV0@@Z
+    - ??4CModuleConfig@@QAEAAV0@ABV0@@Z
+    - ??4CModuleFlagConfig@@QAEAAV0@ABV0@@Z
+    - ??4CModuleStringConfig@@QAEAAV0@ABV0@@Z
+    - ??4CSmartLock@@QAEAAV0@ABV0@@Z
+    - ??4CSmartLock@@QAEABV0@AAVCLockEvent@@@Z
+    - ??4CSmartResource@@QAEAAV0@ABV0@@Z
+    - ??4CSystemThread@@QAEAAV0@ABV0@@Z
+    - ??4CUserFuncAdapterJob@@QAEAAV0@ABV0@@Z
+    - ??4CWorkerThread@@QAEAAV0@ABV0@@Z
+    - ??4CWorkerThreadJob@@QAEAAV0@ABV0@@Z
+    - ??4IMemoryAllocator@@QAEAAV0@ABV0@@Z
+    - ??_7CAutoUpdateConfigThread@@6B@
+    - ??_7CBlobConfig@@6B@
+    - ??_7CContext@@6B@
+    - ??_7CContextList@@6B@
+    - ??_7CDebugLog@@6B@
+    - ??_7CDelayLoadThread@@6B@
+    - ??_7CExclusionExtConfig@@6B@
+    - ??_7CExclusionFileNameConfig@@6B@
+    - ??_7CExclusionFilePathConfig@@6B@
+    - ??_7CExclusionFolderConfig@@6B@
+    - ??_7CExclusionRegistryConfig@@6B@
+    - ??_7CFile@@6B@
+    - ??_7CFileExtension@@6B@
+    - ??_7CInclusionExtConfig@@6B@
+    - ??_7CInclusionFileNameConfig@@6B@
+    - ??_7CInclusionFilePathConfig@@6B@
+    - ??_7CInclusionFolderConfig@@6B@
+    - ??_7CKEvent@@6B@
+    - ??_7CList@@6B@
+    - ??_7CLockEvent@@6B@
+    - ??_7CLockList@@6B@
+    - ??_7CMemoryAllocator@@6B@
+    - ??_7CMemoryPoolAllocator@@6B@
+    - ??_7CModuleConfig@@6B@
+    - ??_7CModuleConfigList@@6B@
+    - ??_7CModuleFileExtConfig@@6B@
+    - ??_7CModuleFlagConfig@@6B@
+    - ??_7CModuleMultiStringConfig@@6B@
+    - ??_7CModuleStringConfig@@6B@
+    - ??_7CNoLockList@@6B@
+    - ??_7CStrList@@6B@
+    - ??_7CSystemThread@@6B@
+    - ??_7CUserFuncAdapterJob@@6B@
+    - ??_7CWorkerThread@@6B@
+    - ??_7CWorkerThreadJob@@6B@
+    - ??_7CWorkerThreadJobQueue@@6B@
+    - ??_7CWorkerThreadPool@@6B@
+    - ??_7IMemoryAllocator@@6B@
+    - ??_FCContextList@@QAEXXZ
+    - ??_FCFile@@QAEXXZ
+    - ??_FCFileExtension@@QAEXXZ
+    - ??_FCModuleConfigList@@QAEXXZ
+    - ??_FCStrList@@QAEXXZ
+    - ??_FCSystemThread@@QAEXXZ
+    - ??_FCWorkerThread@@QAEXXZ
+    - ??_FCWorkerThreadJob@@QAEXXZ
+    - ??_FCWorkerThreadJobQueue@@QAEXXZ
+    - ??_U@YAPAXIPAVIMemoryAllocator@@PBDK@Z
+    - ??_V@YAXPAX@Z
+    - ?Acquire@CLockEvent@@QAEXXZ
+    - ?Add@CContextList@@QAEEPAVCContext@@@Z
+    - ?Add@CFileExtension@@QAEEPBGK@Z
+    - ?Add@CModuleConfigList@@QAEEPAVCModuleConfig@@@Z
+    - ?Add@CStrList@@QAEEPBG@Z
+    - ?AddNode@CLockList@@UAEEQAXE@Z
+    - ?AddNode@CNoLockList@@UAEEQAXE@Z
+    - ?Alloc@CMemoryAllocator@@UAEPAXKPBDK@Z
+    - ?Alloc@CMemoryPoolAllocator@@UAEPAXKPBDK@Z
+    - ?AllocBlock@CMemoryPoolAllocator@@IAEPAXK@Z
+    - ?AttachJobQueue@CWorkerThread@@QAEXPAVCWorkerThreadJobQueue@@@Z
+    - ?Cancel@CWorkerThreadJob@@QAEXXZ
+    - ?CheckNode@CLockList@@UAEHQAX@Z
+    - ?CheckNode@CNoLockList@@UAEHQAX@Z
+    - ?CleanQueue@CWorkerThreadJobQueue@@QAEXXZ
+    - ?Cleanup@CBlobConfig@@AAEXXZ
+    - ?Cleanup@CModuleFileExtConfig@@IAEXXZ
+    - ?Cleanup@CModuleMultiStringConfig@@IAEXXZ
+    - ?Cleanup@CModuleStringConfig@@AAEXXZ
+    - ?Close@CFile@@QAEJXZ
+    - ?Count@CLockList@@QAEKXZ
+    - ?Count@CNoLockList@@QAEKXZ
+    - ?Create@CFile@@QAEJPBGKKKK@Z
+    - ?Create@CSystemThread@@QAEEXZ
+    - ?CreateInstance@CMemoryAllocator@@SGPAV1@W4_POOL_TYPE@@K@Z
+    - ?CreateInstance@CMemoryPoolAllocator@@SGPAV1@W4_POOL_TYPE@@KKK@Z
+    - ?CreatePool@CWorkerThreadPool@@QAEEXZ
+    - ?CreateThreads@CWorkerThreadPool@@QAEEK@Z
+    - ?CreateWIRP@CFile@@QAEJPBGKKKK@Z
+    - ?Delete@CFile@@QAEJXZ
+    - ?Delete@CFileExtension@@QAEEPBGK@Z
+    - ?Delete@CStrList@@QAEEPBG@Z
+    - ?DeleteAll@CList@@UAEXXZ
+    - ?DeleteAll@CLockList@@UAEXXZ
+    - ?DeleteAll@CNoLockList@@UAEXXZ
+    - ?DeleteNode@CContextList@@MAEXPAX@Z
+    - ?DeleteNode@CList@@UAEXPAX@Z
+    - ?DeleteNode@CModuleConfigList@@MAEXPAX@Z
+    - ?DeleteNode@CStrList@@EAEXPAU_STR_LIST_NODE@1@@Z
+    - ?DisableWriteProtectFromCR0@@YGXPAPAX@Z
+    - ?DoIt@CWorkerThreadJob@@QAEJXZ
+    - ?EntryPoint@CSystemThread@@KGXPAX@Z
+    - ?Find@CContextList@@QAEPAVCContext@@K@Z
+    - ?Find@CContextList@@QAEPAVCContext@@PAX@Z
+    - ?Find@CFileExtension@@QAEPAU_STR_LIST_NODE@CStrList@@PBGK@Z
+    - ?Find@CModuleConfigList@@QAEPAVCModuleConfig@@K@Z
+    - ?Find@CStrList@@QAEPAU_STR_LIST_NODE@1@PBG@Z
+    - ?FindNode@CContextList@@IAEPAXPAX@Z
+    - ?FindPartiallyAndAllMatch@CStrList@@QAEPAU_STR_LIST_NODE@1@PBG@Z
+    - ?First@CList@@UAEPAXXZ
+    - ?First@CLockList@@UAEPAXXZ
+    - ?First@CNoLockList@@UAEPAXXZ
+    - ?Free@CMemoryAllocator@@UAEXPAX@Z
+    - ?Free@CMemoryPoolAllocator@@UAEXPAX@Z
+    - ?GetAttributes@CFile@@QAEKXZ
+    - ?GetBasicInfomration@CFile@@IAEJXZ
+    - ?GetBlobCofig@CContext@@UAEJKPAXPAK@Z
+    - ?GetCategory@CContext@@QAEKXZ
+    - ?GetData@CBlobConfig@@QAEHPAXPAK@Z
+    - ?GetData@CModuleFileExtConfig@@QAEHPAGPAK@Z
+    - ?GetData@CModuleFileExtConfig@@QAEPAVCFileExtension@@XZ
+    - ?GetData@CModuleFlagConfig@@QAEKXZ
+    - ?GetData@CModuleMultiStringConfig@@QAEHPAGPAK@Z
+    - ?GetData@CModuleMultiStringConfig@@QAEPAVCStrList@@XZ
+    - ?GetData@CModuleStringConfig@@QAEPAGXZ
+    - ?GetData@CStrList@@QAEEPAGPAK@Z
+    - ?GetDataType@CModuleConfig@@QAEKXZ
+    - ?GetEngineContext@CContext@@QAEPAXXZ
+    - ?GetFileExtensionConfig@CContext@@QAEPAVCFileExtension@@K@Z
+    - ?GetFileExtensionConfig@CContext@@UAEJKPAGPAK@Z
+    - ?GetFileSize@CFile@@QAEJPAT_LARGE_INTEGER@@@Z
+    - ?GetFileSizeWIRP@CFile@@QAEJPAT_LARGE_INTEGER@@@Z
+    - ?GetFlagConfig@CContext@@UAEJKPAK@Z
+    - ?GetID@CModuleConfig@@QAEKXZ
+    - ?GetJob@CWorkerThreadJobQueue@@QAEPAVCWorkerThreadJob@@XZ
+    - ?GetLength@CModuleStringConfig@@QAEKXZ
+    - ?GetLinkContext@CContext@@QAEPAXXZ
+    - ?GetLogFlag@CDebugLog@@QAEKXZ
+    - ?GetModuleId@CModuleConfig@@QAEKXZ
+    - ?GetMultiStringConfig@CContext@@QAEPAVCStrList@@K@Z
+    - ?GetMultiStringConfig@CContext@@UAEJKPAGPAK@Z
+    - ?GetOneThreadTEB@CWorkerThreadPool@@QAEPAU_ETHREAD@@XZ
+    - ?GetReportCallBackRoutine@CContext@@QAEKXZ
+    - ?GetSize@CBlobConfig@@QAEKXZ
+    - ?GetStringConfig@CContext@@QAEPAGK@Z
+    - ?GetStringConfig@CContext@@UAEJKPAGPAK@Z
+    - ?GetThreadCount@CWorkerThreadPool@@QAEKXZ
+    - ?GetThreadID@CSystemThread@@QAEKXZ
+    - ?GetType@CContext@@QAEKXZ
+    - ?GetUserParameter@CContext@@QAEKXZ
+    - ?InitializeBlobConfig@CContext@@QAEHKPAXK@Z
+    - ?InitializeFileExtensionConfig@CContext@@QAEHKPBG@Z
+    - ?InitializeFlagConfig@CContext@@QAEHKK@Z
+    - ?InitializeMultiStringConfig@CContext@@QAEHKPBG@Z
+    - ?InitializeStringConfig@CContext@@QAEHKPBG@Z
+    - ?Insert@CList@@UAEXQAXE@Z
+    - ?Insert@CLockList@@UAEXQAXE@Z
+    - ?Insert@CNoLockList@@UAEXQAXE@Z
+    - ?InsertAfter@CList@@UAEXPAX0@Z
+    - ?InsertBefore@CList@@UAEXPAX0@Z
+    - ?Instance@CWorkerThreadPool@@SGPAV1@XZ
+    - ?IsEmpty@CList@@UAEEXZ
+    - ?IsEmpty@CLockList@@UAEEXZ
+    - ?IsEmpty@CNoLockList@@UAEEXZ
+    - ?IsExceedLimitation@CMemoryPoolAllocator@@IAEEK@Z
+    - ?IsFull@CLockList@@QBEEXZ
+    - ?IsFull@CNoLockList@@QBEEXZ
+    - ?IsInExclusionList@CExclusionExtConfig@@QAEEPBG@Z
+    - ?IsInExclusionList@CExclusionFileNameConfig@@QAEEPBG@Z
+    - ?IsInExclusionList@CExclusionFilePathConfig@@QAEEPBG@Z
+    - ?IsInExclusionList@CExclusionFolderConfig@@QAEEPBG@Z
+    - ?IsInExclusionList@CExclusionRegistryConfig@@QAEEPBG@Z
+    - ?IsInInclusionList@CInclusionExtConfig@@QAEEPBG@Z
+    - ?IsInInclusionList@CInclusionFileNameConfig@@QAEEPBG@Z
+    - ?IsInInclusionList@CInclusionFilePathConfig@@QAEEPBG@Z
+    - ?IsInInclusionList@CInclusionFolderConfig@@QAEEPBG@Z
+    - ?IsOpened@CFile@@QAEEXZ
+    - ?IsTerminated@CWorkerThreadPool@@QAEEXZ
+    - ?IsValid@CMemoryAllocator@@UAEEXZ
+    - ?IsValid@CMemoryPoolAllocator@@UAEEXZ
+    - ?IsValid@IMemoryAllocator@@UAEEXZ
+    - ?IsWorkerThread@CWorkerThreadPool@@QAEEK@Z
+    - ?JobFunction@CUserFuncAdapterJob@@MAEXXZ
+    - ?JobQueue@CWorkerThreadPool@@QAEAAVCWorkerThreadJobQueue@@XZ
+    - ?Limit@CLockList@@QAEKXZ
+    - ?Limit@CNoLockList@@QAEKXZ
+    - ?MatchAllExtensions@CFileExtension@@QAEEXZ
+    - ?MatchNoExtensions@CFileExtension@@QAEEXZ
+    - ?MergeLeft@CMemoryPoolAllocator@@IAEPAXPAX@Z
+    - ?MergeRight@CMemoryPoolAllocator@@IAEPAXPAX@Z
+    - ?NeedDelete@CWorkerThreadJob@@QAEEXZ
+    - ?NeedDeleteWhenFinish@CWorkerThreadJob@@QAEXE@Z
+    - ?NewNode@CList@@UAEPAXXZ
+    - ?NewNode@CStrList@@EAEPAXXZ
+    - ?NewNodeVariant@CList@@IAEPAXK@Z
+    - ?Next@CList@@UBEPAXQAX@Z
+    - ?Next@CLockList@@UBEPAXQAX@Z
+    - ?Next@CNoLockList@@UBEPAXQAX@Z
+    - ?NextPool@CMemoryPoolAllocator@@QAEPAV1@XZ
+    - ?NotityTerminate@CWorkerThread@@QAEXXZ
+    - ?PostJobToWorkerThread@CWorkerThreadPool@@QAEJP6GXPAX@Z0E@Z
+    - ?Pulse@CKEvent@@QAEJJE@Z
+    - ?QueueJob@CWorkerThreadJobQueue@@QAEEPAVCWorkerThreadJob@@@Z
+    - ?QueueJobItem@CWorkerThreadPool@@QAEJPAVCWorkerThreadJob@@@Z
+    - ?RCMInstance@CWorkerThreadPool@@SGPAV1@XZ
+    - ?Read@CFile@@QAEJPADKPAK@Z
+    - ?ReadWIRP@CFile@@QAEJPADKPAK@Z
+    - ?ReferenceCount@CContext@@QAEAAKXZ
+    - ?Release@CLockEvent@@QAEXXZ
+    - ?Remove@CContextList@@UAEEQAX@Z
+    - ?Remove@CList@@UAEEQAX@Z
+    - ?Remove@CLockList@@UAEEQAX@Z
+    - ?Remove@CNoLockList@@UAEEQAX@Z
+    - ?RemoveHead@CList@@UAEPAXXZ
+    - ?RemoveHead@CLockList@@UAEPAXXZ
+    - ?RemoveHead@CNoLockList@@UAEPAXXZ
+    - ?RemoveTail@CList@@UAEPAXXZ
+    - ?RemoveTail@CLockList@@UAEPAXXZ
+    - ?RemoveTail@CNoLockList@@UAEPAXXZ
+    - ?Reset@CKEvent@@QAEXXZ
+    - ?ResetData@CInclusionExtConfig@@QAEXXZ
+    - ?ResetData@CInclusionFileNameConfig@@QAEXXZ
+    - ?ResetData@CInclusionFilePathConfig@@QAEXXZ
+    - ?ResetData@CInclusionFolderConfig@@QAEXXZ
+    - ?RestoreCR0@@YGXPAX@Z
+    - ?Run@CAutoUpdateConfigThread@@UAEXXZ
+    - ?Run@CDelayLoadThread@@UAEXXZ
+    - ?Run@CWorkerThread@@UAEXXZ
+    - ?SeekToEnd@CFile@@QAEJXZ
+    - ?Set@CKEvent@@QAEJJE@Z
+    - ?SetAttributes@CFile@@QAEJK@Z
+    - ?SetBlobCofig@CContext@@UAEJKPAXK@Z
+    - ?SetData@CBlobConfig@@QAEHPAXK@Z
+    - ?SetData@CModuleFileExtConfig@@QAEHPBG@Z
+    - ?SetData@CModuleFlagConfig@@QAEHK@Z
+    - ?SetData@CModuleMultiStringConfig@@QAEHPBGK@Z
+    - ?SetData@CModuleStringConfig@@QAEHPBG@Z
+    - ?SetEngineContext@CContext@@QAEXPAX@Z
+    - ?SetFileExtensionConfig@CContext@@UAEJKPBG@Z
+    - ?SetFlagConfig@CContext@@UAEJKK@Z
+    - ?SetLinkContext@CContext@@QAEXPAX@Z
+    - ?SetLogFlag@CDebugLog@@QAEEK@Z
+    - ?SetMatchAllExtensions@CFileExtension@@QAEXE@Z
+    - ?SetMatchNoExtensions@CFileExtension@@QAEXE@Z
+    - ?SetMultiStringConfig@CContext@@UAEJKPBG@Z
+    - ?SetNewJobItemEvent@CWorkerThreadJobQueue@@QAEXXZ
+    - ?SetPriority@CSystemThread@@QAEXK@Z
+    - ?SetStopUse@CContext@@QAEXXZ
+    - ?SetStringConfig@CContext@@UAEJKPBG@Z
+    - ?Setup@CSystemThread@@MAEXXZ
+    - ?StopUse@CContext@@QAEHXZ
+    - ?TearDown@CSystemThread@@MAEXXZ
+    - ?Terminate@CSystemThread@@QAEXE@Z
+    - ?Terminate@CWorkerThreadPool@@QAEEXZ
+    - ?TmExceptionFilter@@YGJPAU_EXCEPTION_POINTERS@@@Z
+    - ?Wait@CKEvent@@QAEJPAT_LARGE_INTEGER@@E@Z
+    - ?WaitFinish@CWorkerThreadJob@@QAEXXZ
+    - ?WaitForInit@CDelayLoadThread@@QAEEXZ
+    - ?WaitForLoad@CDelayLoadThread@@QAEEXZ
+    - ?WaitNewJobAvailable@CWorkerThreadJobQueue@@QAEEXZ
+    - ?Write@CDebugLog@@QAAXPBDZZ
+    - ?Write@CFile@@QAEJPADKPAT_LARGE_INTEGER@@PAK@Z
+    - ?WriteSystemInformation@CDebugLog@@QAEXXZ
+    - ?WriteSystemStringInformation@CDebugLog@@IAEXPBG@Z
+    - ?WriteToFile@CDebugLog@@IAEXPADK@Z
+    - ?_pNonPagedAllocator@@3PAVCMemoryAllocator@@A
+    - ?_pPagedAllocator@@3PAVCMemoryAllocator@@A
+    - ?m_lpInstance@CWorkerThreadPool@@1PAV1@A
+    - ?m_lpRCMInstance@CWorkerThreadPool@@1PAV1@A
+    - _DeInitKmLPC@0
+    - _GetModuleInfoByAddress@8
+    - _GetModuleInfoByModuleName@8
+    - _InitKmLPC@0
+    - _IsVerifierCodeCheckFlagOn@0
+    - _IsWindows8_1_update@4
+    - _KmCallUm@8
+    - _KmCallUmEx@12
+    - _ModGetExportProcAddress@8
+    - _ModLoadDLLToBuffer@4
+    - _ModLoadDLLToBufferWithImageSize@8
+    - _ModLoadModule@8
+    - _ModUnLoadModule@4
+    - _NormalizeFileName@4
+    - _NormalizeFullNtPathToDosName@4
+    - _TmCommConfigRoutine@4
+    - _UtilAddDeviceInDriveTable@4
+    - _UtilCleanFileReadOnly@4
+    - _UtilDeleteFileForce@4
+    - _UtilGetFileObjectForProcessByEPROC@8
+    - _UtilGetFileObjectFromFileName@12
+    - _UtilGetProcessName@12
+    - _UtilGetSystemDirectory@4
+    - _UtilGetSystemDirectoryEx@0
+    - _UtilGetSystemDirectoryLength@0
+    - _UtilGetSystemTime@4
+    - _UtilIoSetFileInfo@24
+    - _UtilIopCreateFileIRP@40
+    - _UtilKeGetLowFileDevice@16
+    - _UtilModuleIATHook@24
+    - _UtilModuleIATUnHook@8
+    - _UtilQueryKeyValue@24
+    - _UtilRemoveDeviceFromDriveTable@4
+    - _UtilVolumeDeviceToDosName@8
+    - _UtilWaitValueChangeToZero@8
+    - _UtilWriteVersionToRegistry@8
+    - _UtilbuildDynamicDiskMappingTable@0
+    - _UtlWriteBinValueKeyToRegistry@16
+    - __UtilDosPathNameToNtPathName@12
+    ImportedFunctions:
+    - wcsrchr
+    - KeSetEvent
+    - KePulseEvent
+    - KeClearEvent
+    - KeInitializeSemaphore
+    - KeWaitForSingleObject
+    - KeReleaseSemaphore
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - RtlSubAuthoritySid
+    - RtlInitializeSid
+    - ExAllocatePoolWithTag
+    - RtlLengthRequiredSid
+    - ExFreePoolWithTag
+    - RtlSetDaclSecurityDescriptor
+    - RtlCreateSecurityDescriptor
+    - RtlAddAccessAllowedAce
+    - RtlCreateAcl
+    - ObfDereferenceObject
+    - ZwSetEvent
+    - ZwClose
+    - ZwRequestWaitReplyPort
+    - ProbeForWrite
+    - ZwFreeVirtualMemory
+    - ZwAllocateVirtualMemory
+    - ObOpenObjectByPointer
+    - PsProcessType
+    - memmove
+    - ZwConnectPort
+    - RtlInitUnicodeString
+    - RtlUnicodeStringToInteger
+    - ZwCreateSection
+    - ZwWaitForSingleObject
+    - ZwOpenEvent
+    - ObfReferenceObject
+    - IoGetCurrentProcess
+    - DbgBreakPoint
+    - PsGetProcessExitTime
+    - MmSectionObjectType
+    - PsThreadType
+    - MmGetSystemRoutineAddress
+    - DbgPrint
+    - memset
+    - MmIsAddressValid
+    - ExInitializeResourceLite
+    - ExDeleteResourceLite
+    - ZwWriteFile
+    - ZwReadFile
+    - ZwQueryInformationFile
+    - ZwSetInformationFile
+    - ZwCreateFile
+    - swprintf
+    - towupper
+    - _wcsnicmp
+    - KeInitializeEvent
+    - _snprintf
+    - PsGetCurrentProcessId
+    - RtlTimeToTimeFields
+    - ExSystemTimeToLocalTime
+    - KeQuerySystemTime
+    - ZwCreateKey
+    - ZwCreateEvent
+    - KeWaitForMultipleObjects
+    - ObReferenceObjectByHandle
+    - ZwNotifyChangeKey
+    - PsGetCurrentThreadId
+    - _vsnprintf
+    - KeSetPriorityThread
+    - PsTerminateSystemThread
+    - PsCreateSystemThread
+    - KeNumberProcessors
+    - ZwQueryInformationProcess
+    - PsLookupProcessByProcessId
+    - KeDelayExecutionThread
+    - ZwOpenDirectoryObject
+    - PsSetCreateProcessNotifyRoutine
+    - ZwQuerySystemInformation
+    - ZwQueryDirectoryFile
+    - ZwQueryDirectoryObject
+    - ZwDuplicateObject
+    - ZwOpenKey
+    - ZwEnumerateKey
+    - ZwEnumerateValueKey
+    - ZwQueryValueKey
+    - ZwDeleteValueKey
+    - ZwDeleteKey
+    - ExGetPreviousMode
+    - ZwTerminateProcess
+    - ZwOpenProcess
+    - ZwQueryKey
+    - ZwSetValueKey
+    - IoFileObjectType
+    - memcpy
+    - ZwQuerySecurityObject
+    - ZwSetSecurityObject
+    - RtlLengthSecurityDescriptor
+    - MmHighestUserAddress
+    - IoFreeIrp
+    - _purecall
+    - MmUnlockPages
+    - IoBuildAsynchronousFsdRequest
+    - _strnicmp
+    - RtlQueryRegistryValues
+    - RtlAppendUnicodeToString
+    - mbstowcs
+    - ZwQuerySymbolicLinkObject
+    - ZwOpenSymbolicLinkObject
+    - NtClose
+    - ZwSetInformationObject
+    - _stricmp
+    - ZwUnmapViewOfSection
+    - ZwMapViewOfSection
+    - ZwOpenFile
+    - RtlEqualUnicodeString
+    - IoCreateFile
+    - IofCallDriver
+    - IoAllocateIrp
+    - MmBuildMdlForNonPagedPool
+    - IoAllocateMdl
+    - ProbeForRead
+    - PsGetVersion
+    - RtlCopyUnicodeString
+    - RtlFreeUnicodeString
+    - RtlCompareMemory
+    - RtlUpcaseUnicodeString
+    - _snwprintf
+    - RtlImageNtHeader
+    - RtlAnsiStringToUnicodeString
+    - RtlInitAnsiString
+    - strrchr
+    - ZwQueryVolumeInformationFile
+    - ObReferenceObjectByPointer
+    - ObQueryNameString
+    - IoBuildDeviceIoControlRequest
+    - IofCompleteRequest
+    - ExEventObjectType
+    - _allmul
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - IoCreateSymbolicLink
+    - IoGetDeviceObjectPointer
+    - RtlUpperChar
+    - RtlCompareUnicodeString
+    - strncpy
+    - KeServiceDescriptorTable
+    - NtOpenProcess
+    - ObOpenObjectByName
+    - IoDriverObjectType
+    - RtlAppendUnicodeStringToString
+    - NtQueryInformationProcess
+    - IoThreadToProcess
+    - PsIsThreadTerminating
+    - KeAddSystemServiceTable
+    - ZwQueryObject
+    - ObInsertObject
+    - IoReleaseVpbSpinLock
+    - IoAcquireVpbSpinLock
+    - SeCreateAccessState
+    - IoGetFileObjectGenericMapping
+    - ObCreateObject
+    - _allshr
+    - ExInterlockedPopEntrySList
+    - IoGetStackLimits
+    - IoBuildSynchronousFsdRequest
+    - MmSystemRangeStart
+    - wcsstr
+    - IoUnregisterPlugPlayNotification
+    - FsRtlIsNameInExpression
+    - IoGetConfigurationInformation
+    - MmProbeAndLockPages
+    - IoGetDeviceInterfaces
+    - IoRegisterPlugPlayNotification
+    - ExAllocatePool
+    - RtlFreeAnsiString
+    - RtlUnicodeStringToAnsiString
+    - strncat
+    - wcschr
+    - wcsncat
+    - wcstombs
+    - KeTickCount
+    - KeBugCheckEx
+    - RtlUnwind
+    - wcsncpy
+    - ExReleaseResourceLite
+    - ExAcquireResourceExclusiveLite
+    - ExAcquireResourceSharedLite
+    - ExReleaseFastMutexUnsafe
+    - KeLeaveCriticalRegion
+    - KeEnterCriticalRegion
+    - _allrem
+    - ExAcquireFastMutexUnsafe
+    - IoDeviceObjectType
+    - IoCreateDevice
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetSaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - SeExports
+    - IoIsWdmVersionAvailable
+    - RtlLengthSid
+    - RtlAbsoluteToSelfRelativeSD
+    - IoFreeMdl
+    - KeGetCurrentThread
+    - KfAcquireSpinLock
+    - KfReleaseSpinLock
+    - KeRaiseIrqlToDpcLevel
+    - KfLowerIrql
+    - KeGetCurrentIrql
+    - ExAcquireFastMutex
+    - ExReleaseFastMutex
+    - KfRaiseIrql
+    - ClassInitialize
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited,
+                CN=COMODO Time Stamping Signer
+            ValidFrom: '2015-05-05 00:00:00'
+            ValidTo: '2015-12-31 23:59:59'
+            Signature: 0dbbad60111bb5f00dcce6483a7a3e0e33dc1cb9ead620fea34dd0cc764ee818d879dfd34f9a4264238a29728a3a6c66a63c3a17a8704565c673c3d0ce8954fbac690f58b019cb869f7eb97eeb5192bf9bddebd165f0257b887cdebda5c8b51451bcc081308a85387be679fe67559387fe4fe88d0eedf37292b5c289806dd159e31d0deab138ee039d0019a5ab219b79c3ccc23e687ebdc94d694db46451fbb22874e25389ce9dfaade2dbceab7b7e064474fd0aa3c9b7a730cd49d29264f122a6b828457479e9a7ce3b33f98350947d68c01d49c760787a3c6426d5befa0a6de41ee109538fa9c523acc79d614221f02c1671493b10af2c6f1ae631f114fd6c
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 009feac811b0f16247a5fc20d80523ace6
+            Version: 3
+            TBS:
+                MD5: b6aa9cf28bcfc9f07ec1069fb425ab61
+                SHA1: ca7a166fcd53878ba5a38d4cac37c63513cfc1fa
+                SHA256: 711394fc49f8948a831f687d42ced6b18514f57786ecc6cdbc3c3eb72e568a40
+                SHA384: ca01f9c9ed4e1ddff7126b7bbf618bc8132429886ca563f86655429e928739c621b9fdea6e04a623712cbb998c5c7d77
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=TW, ST=Taiwan, L=Taipei, O=Trend Micro, Inc., CN=Trend Micro,
+                Inc.
+            ValidFrom: '2015-02-20 00:00:00'
+            ValidTo: '2016-05-21 23:59:59'
+            Signature: e480eb7f78216a855e34dbcb712d3879d6b1744c823c8e78c3661e55182a5c1f3a03686169393ef8778c893a49604a79769f5ba7156426c5431ae729a8dc5f8e22b14d124e46eff3f4f660552a57250a15e15d07ad548a02cddf8a204b5010be387a05b1019f618cf15078d80a809a7272b1822a63862c7db194f12697a786001ef630ac9d8bf9f5475191f327b8ed4839dff1ef65e5eb8f91379a66366451f99cb633848c57d4392096e6080fa327b23fc3834ad4f6043904d6c5aeb35454a265b3fda38167cffa8394f092a74bad1ea386f63b7baeb95271a97fc3bff0a2bc96a834f280a254d7170e5cc2830f3bd0649178f8b04514ecd1103753b1762902
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1519396ee230f02cad1fcfdb077a35f0
+            Version: 3
+            TBS:
+                MD5: 7e2a6f93403382b4ec42463426d0a4b5
+                SHA1: 62acc697c0e2dc37f3d37ab79751637346e051e2
+                SHA256: 3e9a51973a839e5bc6e81c886e085b777d08ce2b24f816b7552cf2c44e322d59
+                SHA384: e6206b8dc5d081bcf85545a545ebe91bb0c796b5b94bf0b915223440f73a2cea4ca0981d8da85ae07384918a1f7c927d
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 1519396ee230f02cad1fcfdb077a35f0
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: baada9343cbaf3c9fea4ef77c7273bfb
+        SHA1: 4c6b0ced9400f041538de6302dd3259a0e3e067c
+        SHA256: 4eb67ab524a9d7f44e010b8a29c08d68801262325b6d99adabb130d91438ebd3
+    Sections:
+        .text:
+            Entropy: 6.661606033507545
+            Virtual Size: '0x31e92'
+        .rdata:
+            Entropy: 4.998706327691213
+            Virtual Size: '0x21ec'
+        .data:
+            Entropy: 4.223344984970605
+            Virtual Size: '0x2b0c'
+        PAGE:
+            Entropy: 6.251000686256479
+            Virtual Size: '0x13dd'
+        .edata:
+            Entropy: 5.864036559426088
+            Virtual Size: '0x4cc0'
+        INIT:
+            Entropy: 5.649089582615812
+            Virtual Size: '0x15a4'
+        .rsrc:
+            Entropy: 3.3955059754786987
+            Virtual Size: '0x760'
+        .reloc:
+            Entropy: 6.563142165769885
+            Virtual Size: '0x2ec2'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2015-12-03 06:29:37'
+    Imphash: f43aa654b4bfb882a0af098ad3f899e9
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: TmComm.sys
+    MD5: 5a615f4641287e5e88968f5455627d45
+    SHA1: dcfeca5e883a084e89ecd734c4528b922a1099b9
+    SHA256: 2afdb3278a7b57466a103024aef9ff7f41c73a19bab843a8ebf3d3c4d4e82b30
+    Authentihash:
+        MD5: f9170d67a08b1a8f4e283615b4400773
+        SHA1: e1e0a986b99795fa8c40328c5a01b5b8cbb9ca34
+        SHA256: dd54115ef08b107691425e4c0bf94dc0ae7c522fba60a0ce3f574ebf4f5dbc5a
+    Description: TrendMicro Common Module
+    Company: Trend Micro Inc.
+    InternalName: TmComm.sys
+    OriginalFilename: TmComm.sys
+    FileVersion: 6.70.0.1098
+    Product: Trend Micro Eyes
+    ProductVersion: '6.70'
+    Copyright: Copyright (C) 2016 Trend Micro Incorporated. All rights reserved.
+    MachineType: I386
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    - CLASSPNP.SYS
+    ExportedFunctions:
+    - ??0CAutoUpdateConfigThread@@QAE@ABV0@@Z
+    - ??0CAutoUpdateConfigThread@@QAE@PAU_UNICODE_STRING@@P6GX0PAX@Z1@Z
+    - ??0CBlobConfig@@QAE@ABV0@@Z
+    - ??0CBlobConfig@@QAE@K@Z
+    - ??0CContext@@QAE@ABV0@@Z
+    - ??0CContext@@QAE@KP6GJPAU_EVENT_REPORT@@PAXPAU_TMCE_REPORT@@PAU_TMCE_FEEDBACK@@@Z1K@Z
+    - ??0CContextList@@QAE@ABV0@@Z
+    - ??0CContextList@@QAE@KPAVIMemoryAllocator@@@Z
+    - ??0CDebugLog@@QAE@ABV0@@Z
+    - ??0CDebugLog@@QAE@PBG@Z
+    - ??0CDebugLogEx@@QAE@ABV0@@Z
+    - ??0CDebugLogEx@@QAE@K@Z
+    - ??0CDelayLoadThread@@QAE@ABV0@@Z
+    - ??0CDelayLoadThread@@QAE@XZ
+    - ??0CExclusionExtConfig@@QAE@ABV0@@Z
+    - ??0CExclusionExtConfig@@QAE@KKE@Z
+    - ??0CExclusionFileNameConfig@@QAE@ABV0@@Z
+    - ??0CExclusionFileNameConfig@@QAE@KK@Z
+    - ??0CExclusionFilePathConfig@@QAE@ABV0@@Z
+    - ??0CExclusionFilePathConfig@@QAE@KK@Z
+    - ??0CExclusionFolderConfig@@QAE@ABV0@@Z
+    - ??0CExclusionFolderConfig@@QAE@KK@Z
+    - ??0CExclusionRegistryConfig@@QAE@ABV0@@Z
+    - ??0CExclusionRegistryConfig@@QAE@KK@Z
+    - ??0CFile@@QAE@ABV0@@Z
+    - ??0CFile@@QAE@E@Z
+    - ??0CFileExtension@@QAE@ABV0@@Z
+    - ??0CFileExtension@@QAE@KEEPAVIMemoryAllocator@@@Z
+    - ??0CInclusionExtConfig@@QAE@ABV0@@Z
+    - ??0CInclusionExtConfig@@QAE@KKE@Z
+    - ??0CInclusionFileNameConfig@@QAE@ABV0@@Z
+    - ??0CInclusionFileNameConfig@@QAE@KK@Z
+    - ??0CInclusionFilePathConfig@@QAE@ABV0@@Z
+    - ??0CInclusionFilePathConfig@@QAE@KK@Z
+    - ??0CInclusionFolderConfig@@QAE@ABV0@@Z
+    - ??0CInclusionFolderConfig@@QAE@KK@Z
+    - ??0CKEvent@@QAE@ABV0@@Z
+    - ??0CKEvent@@QAE@W4_EVENT_TYPE@@E@Z
+    - ??0CList@@QAE@ABV0@@Z
+    - ??0CList@@QAE@KPAVIMemoryAllocator@@@Z
+    - ??0CLockEvent@@QAE@ABV0@@Z
+    - ??0CLockEvent@@QAE@XZ
+    - ??0CLockList@@QAE@ABV0@@Z
+    - ??0CLockList@@QAE@KKPAVIMemoryAllocator@@@Z
+    - ??0CMemoryAllocator@@IAE@W4_POOL_TYPE@@K@Z
+    - ??0CMemoryAllocator@@QAE@ABV0@@Z
+    - ??0CMemoryPoolAllocator@@IAE@W4_POOL_TYPE@@KKK@Z
+    - ??0CMemoryPoolAllocator@@QAE@ABV0@@Z
+    - ??0CModuleConfig@@QAE@ABV0@@Z
+    - ??0CModuleConfig@@QAE@XZ
+    - ??0CModuleConfigList@@QAE@ABV0@@Z
+    - ??0CModuleConfigList@@QAE@KPAVIMemoryAllocator@@@Z
+    - ??0CModuleFileExtConfig@@QAE@ABV0@@Z
+    - ??0CModuleFileExtConfig@@QAE@KKE@Z
+    - ??0CModuleFlagConfig@@QAE@ABV0@@Z
+    - ??0CModuleFlagConfig@@QAE@K@Z
+    - ??0CModuleMultiStringConfig@@QAE@ABV0@@Z
+    - ??0CModuleMultiStringConfig@@QAE@KK@Z
+    - ??0CModuleStringConfig@@QAE@ABV0@@Z
+    - ??0CModuleStringConfig@@QAE@K@Z
+    - ??0CNoLockList@@QAE@ABV0@@Z
+    - ??0CNoLockList@@QAE@KKPAVIMemoryAllocator@@@Z
+    - ??0CSmartLock@@QAE@AAVCLockEvent@@@Z
+    - ??0CSmartLock@@QAE@XZ
+    - ??0CSmartReference@@QAE@AAJ@Z
+    - ??0CSmartReference@@QAE@AAK@Z
+    - ??0CSmartResource@@QAE@AAVCResource@@E@Z
+    - ??0CStrList@@QAE@ABV0@@Z
+    - ??0CStrList@@QAE@KPAVIMemoryAllocator@@@Z
+    - ??0CSystemThread@@QAE@ABV0@@Z
+    - ??0CSystemThread@@QAE@K@Z
+    - ??0CUserFuncAdapterJob@@QAE@ABV0@@Z
+    - ??0CUserFuncAdapterJob@@QAE@P6GXPAX@Z01@Z
+    - ??0CWorkerThread@@IAE@PAVCWorkerThreadJobQueue@@@Z
+    - ??0CWorkerThread@@QAE@ABV0@@Z
+    - ??0CWorkerThreadJob@@QAE@ABV0@@Z
+    - ??0CWorkerThreadJob@@QAE@E@Z
+    - ??0CWorkerThreadJobQueue@@QAE@ABV0@@Z
+    - ??0CWorkerThreadJobQueue@@QAE@K@Z
+    - ??0CWorkerThreadPool@@QAE@ABV0@@Z
+    - ??0CWorkerThreadPool@@QAE@K@Z
+    - ??0CWorkerThreadPoolEx@@QAE@ABV0@@Z
+    - ??0CWorkerThreadPoolEx@@QAE@KK@Z
+    - ??0IMemoryAllocator@@QAE@ABV0@@Z
+    - ??0IMemoryAllocator@@QAE@XZ
+    - ??1CAutoUpdateConfigThread@@UAE@XZ
+    - ??1CBlobConfig@@UAE@XZ
+    - ??1CContext@@UAE@XZ
+    - ??1CContextList@@UAE@XZ
+    - ??1CDebugLog@@UAE@XZ
+    - ??1CDebugLogEx@@UAE@XZ
+    - ??1CDelayLoadThread@@UAE@XZ
+    - ??1CExclusionExtConfig@@UAE@XZ
+    - ??1CExclusionFileNameConfig@@UAE@XZ
+    - ??1CExclusionFilePathConfig@@UAE@XZ
+    - ??1CExclusionFolderConfig@@UAE@XZ
+    - ??1CExclusionRegistryConfig@@UAE@XZ
+    - ??1CFile@@UAE@XZ
+    - ??1CFileExtension@@UAE@XZ
+    - ??1CInclusionExtConfig@@UAE@XZ
+    - ??1CInclusionFileNameConfig@@UAE@XZ
+    - ??1CInclusionFilePathConfig@@UAE@XZ
+    - ??1CInclusionFolderConfig@@UAE@XZ
+    - ??1CKEvent@@UAE@XZ
+    - ??1CList@@UAE@XZ
+    - ??1CLockEvent@@UAE@XZ
+    - ??1CLockList@@UAE@XZ
+    - ??1CMemoryAllocator@@UAE@XZ
+    - ??1CMemoryPoolAllocator@@UAE@XZ
+    - ??1CModuleConfig@@UAE@XZ
+    - ??1CModuleConfigList@@UAE@XZ
+    - ??1CModuleFileExtConfig@@UAE@XZ
+    - ??1CModuleFlagConfig@@UAE@XZ
+    - ??1CModuleMultiStringConfig@@UAE@XZ
+    - ??1CModuleStringConfig@@UAE@XZ
+    - ??1CNoLockList@@UAE@XZ
+    - ??1CSmartLock@@QAE@XZ
+    - ??1CSmartReference@@QAE@XZ
+    - ??1CSmartResource@@QAE@XZ
+    - ??1CStrList@@UAE@XZ
+    - ??1CSystemThread@@UAE@XZ
+    - ??1CUserFuncAdapterJob@@UAE@XZ
+    - ??1CWorkerThread@@UAE@XZ
+    - ??1CWorkerThreadJob@@UAE@XZ
+    - ??1CWorkerThreadJobQueue@@UAE@XZ
+    - ??1CWorkerThreadPool@@UAE@XZ
+    - ??1CWorkerThreadPoolEx@@UAE@XZ
+    - ??1IMemoryAllocator@@UAE@XZ
+    - ??2@YAPAXIPAVIMemoryAllocator@@PBDK@Z
+    - ??2CMemoryAllocator@@SGPAXI@Z
+    - ??2CMemoryPoolAllocator@@SGPAXI@Z
+    - ??3@YAXPAX@Z
+    - ??3IMemoryAllocator@@SGXPAX@Z
+    - ??4CAutoUpdateConfigThread@@QAEAAV0@ABV0@@Z
+    - ??4CBlobConfig@@QAEAAV0@ABV0@@Z
+    - ??4CContext@@QAEAAV0@ABV0@@Z
+    - ??4CDebugLog@@QAEAAV0@ABV0@@Z
+    - ??4CDebugLogEx@@QAEAAV0@ABV0@@Z
+    - ??4CDelayLoadThread@@QAEAAV0@ABV0@@Z
+    - ??4CFile@@QAEAAV0@ABV0@@Z
+    - ??4CKEvent@@QAEAAV0@ABV0@@Z
+    - ??4CLockEvent@@QAEAAV0@ABV0@@Z
+    - ??4CMemoryAllocator@@QAEAAV0@ABV0@@Z
+    - ??4CMemoryPoolAllocator@@QAEAAV0@ABV0@@Z
+    - ??4CModuleConfig@@QAEAAV0@ABV0@@Z
+    - ??4CModuleFlagConfig@@QAEAAV0@ABV0@@Z
+    - ??4CModuleStringConfig@@QAEAAV0@ABV0@@Z
+    - ??4CSmartLock@@QAEAAV0@ABV0@@Z
+    - ??4CSmartLock@@QAEABV0@AAVCLockEvent@@@Z
+    - ??4CSmartResource@@QAEAAV0@ABV0@@Z
+    - ??4CSystemThread@@QAEAAV0@ABV0@@Z
+    - ??4CUserFuncAdapterJob@@QAEAAV0@ABV0@@Z
+    - ??4CWorkerThread@@QAEAAV0@ABV0@@Z
+    - ??4CWorkerThreadJob@@QAEAAV0@ABV0@@Z
+    - ??4IMemoryAllocator@@QAEAAV0@ABV0@@Z
+    - ??_7CAutoUpdateConfigThread@@6B@
+    - ??_7CBlobConfig@@6B@
+    - ??_7CContext@@6B@
+    - ??_7CContextList@@6B@
+    - ??_7CDebugLog@@6B@
+    - ??_7CDebugLogEx@@6B@
+    - ??_7CDelayLoadThread@@6B@
+    - ??_7CExclusionExtConfig@@6B@
+    - ??_7CExclusionFileNameConfig@@6B@
+    - ??_7CExclusionFilePathConfig@@6B@
+    - ??_7CExclusionFolderConfig@@6B@
+    - ??_7CExclusionRegistryConfig@@6B@
+    - ??_7CFile@@6B@
+    - ??_7CFileExtension@@6B@
+    - ??_7CInclusionExtConfig@@6B@
+    - ??_7CInclusionFileNameConfig@@6B@
+    - ??_7CInclusionFilePathConfig@@6B@
+    - ??_7CInclusionFolderConfig@@6B@
+    - ??_7CKEvent@@6B@
+    - ??_7CList@@6B@
+    - ??_7CLockEvent@@6B@
+    - ??_7CLockList@@6B@
+    - ??_7CMemoryAllocator@@6B@
+    - ??_7CMemoryPoolAllocator@@6B@
+    - ??_7CModuleConfig@@6B@
+    - ??_7CModuleConfigList@@6B@
+    - ??_7CModuleFileExtConfig@@6B@
+    - ??_7CModuleFlagConfig@@6B@
+    - ??_7CModuleMultiStringConfig@@6B@
+    - ??_7CModuleStringConfig@@6B@
+    - ??_7CNoLockList@@6B@
+    - ??_7CStrList@@6B@
+    - ??_7CSystemThread@@6B@
+    - ??_7CUserFuncAdapterJob@@6B@
+    - ??_7CWorkerThread@@6B@
+    - ??_7CWorkerThreadJob@@6B@
+    - ??_7CWorkerThreadJobQueue@@6B@
+    - ??_7CWorkerThreadPool@@6B@
+    - ??_7CWorkerThreadPoolEx@@6B@
+    - ??_7IMemoryAllocator@@6B@
+    - ??_FCContextList@@QAEXXZ
+    - ??_FCFile@@QAEXXZ
+    - ??_FCFileExtension@@QAEXXZ
+    - ??_FCModuleConfigList@@QAEXXZ
+    - ??_FCStrList@@QAEXXZ
+    - ??_FCSystemThread@@QAEXXZ
+    - ??_FCWorkerThread@@QAEXXZ
+    - ??_FCWorkerThreadJob@@QAEXXZ
+    - ??_FCWorkerThreadJobQueue@@QAEXXZ
+    - ??_U@YAPAXIPAVIMemoryAllocator@@PBDK@Z
+    - ??_V@YAXPAX@Z
+    - ?Acquire@CLockEvent@@QAEXXZ
+    - ?Add@CContextList@@QAEEPAVCContext@@@Z
+    - ?Add@CFileExtension@@QAEEPBGK@Z
+    - ?Add@CModuleConfigList@@QAEEPAVCModuleConfig@@@Z
+    - ?Add@CStrList@@QAEEPBG@Z
+    - ?AddNode@CLockList@@UAEEQAXE@Z
+    - ?AddNode@CNoLockList@@UAEEQAXE@Z
+    - ?Alloc@CMemoryAllocator@@UAEPAXKPBDK@Z
+    - ?Alloc@CMemoryPoolAllocator@@UAEPAXKPBDK@Z
+    - ?AllocBlock@CMemoryPoolAllocator@@IAEPAXK@Z
+    - ?AttachJobQueue@CWorkerThread@@QAEXPAVCWorkerThreadJobQueue@@@Z
+    - ?Cancel@CWorkerThreadJob@@QAEXXZ
+    - ?CheckNode@CLockList@@UAEHQAX@Z
+    - ?CheckNode@CNoLockList@@UAEHQAX@Z
+    - ?CleanQueue@CWorkerThreadJobQueue@@QAEXXZ
+    - ?Cleanup@CBlobConfig@@AAEXXZ
+    - ?Cleanup@CModuleFileExtConfig@@IAEXXZ
+    - ?Cleanup@CModuleMultiStringConfig@@IAEXXZ
+    - ?Cleanup@CModuleStringConfig@@AAEXXZ
+    - ?Close@CFile@@QAEJXZ
+    - ?Count@CLockList@@QAEKXZ
+    - ?Count@CNoLockList@@QAEKXZ
+    - ?Create@CFile@@QAEJPBGKKKK@Z
+    - ?Create@CSystemThread@@QAEEXZ
+    - ?CreateInstance@CMemoryAllocator@@SGPAV1@W4_POOL_TYPE@@K@Z
+    - ?CreateInstance@CMemoryPoolAllocator@@SGPAV1@W4_POOL_TYPE@@KKK@Z
+    - ?CreatePool@CWorkerThreadPool@@QAEEXZ
+    - ?CreatePool@CWorkerThreadPoolEx@@QAEEXZ
+    - ?CreateThreads@CWorkerThreadPool@@QAEEK@Z
+    - ?CreateThreads@CWorkerThreadPoolEx@@QAEEK@Z
+    - ?CreateWIRP@CFile@@QAEJPBGKKKK@Z
+    - ?Delete@CFile@@QAEJXZ
+    - ?Delete@CFileExtension@@QAEEPBGK@Z
+    - ?Delete@CStrList@@QAEEPBG@Z
+    - ?DeleteAll@CList@@UAEXXZ
+    - ?DeleteAll@CLockList@@UAEXXZ
+    - ?DeleteAll@CNoLockList@@UAEXXZ
+    - ?DeleteNode@CContextList@@MAEXPAX@Z
+    - ?DeleteNode@CList@@UAEXPAX@Z
+    - ?DeleteNode@CModuleConfigList@@MAEXPAX@Z
+    - ?DeleteNode@CStrList@@EAEXPAU_STR_LIST_NODE@1@@Z
+    - ?DisableWriteProtectFromCR0@@YGXPAPAX@Z
+    - ?DoIt@CWorkerThreadJob@@QAEJXZ
+    - ?EntryPoint@CSystemThread@@KGXPAX@Z
+    - ?Find@CContextList@@QAEPAVCContext@@K@Z
+    - ?Find@CContextList@@QAEPAVCContext@@PAX@Z
+    - ?Find@CFileExtension@@QAEPAU_STR_LIST_NODE@CStrList@@PBGK@Z
+    - ?Find@CModuleConfigList@@QAEPAVCModuleConfig@@K@Z
+    - ?Find@CStrList@@QAEPAU_STR_LIST_NODE@1@PBG@Z
+    - ?FindNode@CContextList@@IAEPAXPAX@Z
+    - ?FindPartiallyAndAllMatch@CStrList@@QAEPAU_STR_LIST_NODE@1@PBG@Z
+    - ?FinishFunction@CUserFuncAdapterJob@@MAEXXZ
+    - ?FinishIt@CWorkerThreadJob@@QAEJXZ
+    - ?First@CList@@UAEPAXXZ
+    - ?First@CLockList@@UAEPAXXZ
+    - ?First@CNoLockList@@UAEPAXXZ
+    - ?Free@CMemoryAllocator@@UAEXPAX@Z
+    - ?Free@CMemoryPoolAllocator@@UAEXPAX@Z
+    - ?GetAttributes@CFile@@QAEKXZ
+    - ?GetBasicInfomration@CFile@@IAEJXZ
+    - ?GetBlobCofig@CContext@@UAEJKPAXPAK@Z
+    - ?GetCategory@CContext@@QAEKXZ
+    - ?GetData@CBlobConfig@@QAEHPAXPAK@Z
+    - ?GetData@CModuleFileExtConfig@@QAEHPAGPAK@Z
+    - ?GetData@CModuleFileExtConfig@@QAEPAVCFileExtension@@XZ
+    - ?GetData@CModuleFlagConfig@@QAEKXZ
+    - ?GetData@CModuleMultiStringConfig@@QAEHPAGPAK@Z
+    - ?GetData@CModuleMultiStringConfig@@QAEPAVCStrList@@XZ
+    - ?GetData@CModuleStringConfig@@QAEPAGXZ
+    - ?GetData@CStrList@@QAEEPAGPAK@Z
+    - ?GetDataType@CModuleConfig@@QAEKXZ
+    - ?GetEngineContext@CContext@@QAEPAXXZ
+    - ?GetFileExtensionConfig@CContext@@QAEPAVCFileExtension@@K@Z
+    - ?GetFileExtensionConfig@CContext@@UAEJKPAGPAK@Z
+    - ?GetFileSize@CFile@@QAEJPAT_LARGE_INTEGER@@@Z
+    - ?GetFileSizeWIRP@CFile@@QAEJPAT_LARGE_INTEGER@@@Z
+    - ?GetFlagConfig@CContext@@UAEJKPAK@Z
+    - ?GetID@CModuleConfig@@QAEKXZ
+    - ?GetJob@CWorkerThreadJobQueue@@QAEPAVCWorkerThreadJob@@XZ
+    - ?GetLength@CModuleStringConfig@@QAEKXZ
+    - ?GetLinkContext@CContext@@QAEPAXXZ
+    - ?GetLogFlag@CDebugLog@@QAEKXZ
+    - ?GetLogFlag@CDebugLogEx@@QAEKXZ
+    - ?GetModuleId@CModuleConfig@@QAEKXZ
+    - ?GetMultiStringConfig@CContext@@QAEPAVCStrList@@K@Z
+    - ?GetMultiStringConfig@CContext@@UAEJKPAGPAK@Z
+    - ?GetOneThreadTEB@CWorkerThreadPool@@QAEPAU_ETHREAD@@XZ
+    - ?GetOneThreadTEB@CWorkerThreadPool@@QAEPAU_KTHREAD@@XZ
+    - ?GetOneThreadTEB@CWorkerThreadPoolEx@@QAEPAU_ETHREAD@@XZ
+    - ?GetOneThreadTEB@CWorkerThreadPoolEx@@QAEPAU_KTHREAD@@XZ
+    - ?GetReportCallBackRoutine@CContext@@QAEKXZ
+    - ?GetSize@CBlobConfig@@QAEKXZ
+    - ?GetStringConfig@CContext@@QAEPAGK@Z
+    - ?GetStringConfig@CContext@@UAEJKPAGPAK@Z
+    - ?GetThreadCount@CWorkerThreadPool@@QAEKXZ
+    - ?GetThreadCount@CWorkerThreadPoolEx@@QAEKXZ
+    - ?GetThreadID@CSystemThread@@QAEKXZ
+    - ?GetType@CContext@@QAEKXZ
+    - ?GetUserParameter@CContext@@QAEKXZ
+    - ?InitProcMon@CDebugLogEx@@IAEXXZ
+    - ?InitializeBlobConfig@CContext@@QAEHKPAXK@Z
+    - ?InitializeFileExtensionConfig@CContext@@QAEHKPBG@Z
+    - ?InitializeFlagConfig@CContext@@QAEHKK@Z
+    - ?InitializeMultiStringConfig@CContext@@QAEHKPBG@Z
+    - ?InitializeStringConfig@CContext@@QAEHKPBG@Z
+    - ?Insert@CList@@UAEXQAXE@Z
+    - ?Insert@CLockList@@UAEXQAXE@Z
+    - ?Insert@CNoLockList@@UAEXQAXE@Z
+    - ?InsertAfter@CList@@UAEXPAX0@Z
+    - ?InsertBefore@CList@@UAEXPAX0@Z
+    - ?Instance@CWorkerThreadPool@@SGPAV1@XZ
+    - ?IsEmpty@CList@@UAEEXZ
+    - ?IsEmpty@CLockList@@UAEEXZ
+    - ?IsEmpty@CNoLockList@@UAEEXZ
+    - ?IsExceedLimitation@CMemoryPoolAllocator@@IAEEK@Z
+    - ?IsFull@CLockList@@QBEEXZ
+    - ?IsFull@CNoLockList@@QBEEXZ
+    - ?IsInExclusionList@CExclusionExtConfig@@QAEEPBG@Z
+    - ?IsInExclusionList@CExclusionFileNameConfig@@QAEEPBG@Z
+    - ?IsInExclusionList@CExclusionFilePathConfig@@QAEEPBG@Z
+    - ?IsInExclusionList@CExclusionFolderConfig@@QAEEPBG@Z
+    - ?IsInExclusionList@CExclusionRegistryConfig@@QAEEPBG@Z
+    - ?IsInInclusionList@CInclusionExtConfig@@QAEEPBG@Z
+    - ?IsInInclusionList@CInclusionFileNameConfig@@QAEEPBG@Z
+    - ?IsInInclusionList@CInclusionFilePathConfig@@QAEEPBG@Z
+    - ?IsInInclusionList@CInclusionFolderConfig@@QAEEPBG@Z
+    - ?IsOpened@CFile@@QAEEXZ
+    - ?IsTerminated@CWorkerThreadPool@@QAEEXZ
+    - ?IsTerminated@CWorkerThreadPoolEx@@QAEEXZ
+    - ?IsValid@CMemoryAllocator@@UAEEXZ
+    - ?IsValid@CMemoryPoolAllocator@@UAEEXZ
+    - ?IsValid@IMemoryAllocator@@UAEEXZ
+    - ?IsWorkerThread@CWorkerThreadPool@@QAEEK@Z
+    - ?IsWorkerThread@CWorkerThreadPoolEx@@QAEEK@Z
+    - ?JobFunction@CUserFuncAdapterJob@@MAEXXZ
+    - ?JobQueue@CWorkerThreadPool@@QAEAAVCWorkerThreadJobQueue@@XZ
+    - ?JobQueue@CWorkerThreadPoolEx@@QAEAAVCWorkerThreadJobQueue@@XZ
+    - ?Limit@CLockList@@QAEKXZ
+    - ?Limit@CNoLockList@@QAEKXZ
+    - ?MatchAllExtensions@CFileExtension@@QAEEXZ
+    - ?MatchNoExtensions@CFileExtension@@QAEEXZ
+    - ?MergeLeft@CMemoryPoolAllocator@@IAEPAXPAX@Z
+    - ?MergeRight@CMemoryPoolAllocator@@IAEPAXPAX@Z
+    - ?NeedDelete@CWorkerThreadJob@@QAEEXZ
+    - ?NeedDeleteWhenFinish@CWorkerThreadJob@@QAEXE@Z
+    - ?NewNode@CList@@UAEPAXXZ
+    - ?NewNode@CStrList@@EAEPAXXZ
+    - ?NewNodeVariant@CList@@IAEPAXK@Z
+    - ?Next@CList@@UBEPAXQAX@Z
+    - ?Next@CLockList@@UBEPAXQAX@Z
+    - ?Next@CNoLockList@@UBEPAXQAX@Z
+    - ?NextPool@CMemoryPoolAllocator@@QAEPAV1@XZ
+    - ?NotityTerminate@CWorkerThread@@QAEXXZ
+    - ?PostJobToWorkerThread@CWorkerThreadPool@@QAEJP6GXPAX@Z0E@Z
+    - ?PostJobToWorkerThread@CWorkerThreadPoolEx@@QAEJP6GXPAX@Z0E1@Z
+    - ?Pulse@CKEvent@@QAEJJE@Z
+    - ?QueueJob@CWorkerThreadJobQueue@@QAEEPAVCWorkerThreadJob@@@Z
+    - ?QueueJobItem@CWorkerThreadPool@@QAEJPAVCWorkerThreadJob@@@Z
+    - ?QueueJobItem@CWorkerThreadPoolEx@@QAEJPAVCWorkerThreadJob@@@Z
+    - ?RCMInstance@CWorkerThreadPool@@SGPAV1@XZ
+    - ?Read@CFile@@QAEJPADKPAK@Z
+    - ?ReadWIRP@CFile@@QAEJPADKPAK@Z
+    - ?ReferenceCount@CContext@@QAEAAKXZ
+    - ?Release@CLockEvent@@QAEXXZ
+    - ?Remove@CContextList@@UAEEQAX@Z
+    - ?Remove@CList@@UAEEQAX@Z
+    - ?Remove@CLockList@@UAEEQAX@Z
+    - ?Remove@CNoLockList@@UAEEQAX@Z
+    - ?RemoveHead@CList@@UAEPAXXZ
+    - ?RemoveHead@CLockList@@UAEPAXXZ
+    - ?RemoveHead@CNoLockList@@UAEPAXXZ
+    - ?RemoveTail@CList@@UAEPAXXZ
+    - ?RemoveTail@CLockList@@UAEPAXXZ
+    - ?RemoveTail@CNoLockList@@UAEPAXXZ
+    - ?Reset@CKEvent@@QAEXXZ
+    - ?ResetData@CInclusionExtConfig@@QAEXXZ
+    - ?ResetData@CInclusionFileNameConfig@@QAEXXZ
+    - ?ResetData@CInclusionFilePathConfig@@QAEXXZ
+    - ?ResetData@CInclusionFolderConfig@@QAEXXZ
+    - ?RestoreCR0@@YGXPAX@Z
+    - ?Run@CAutoUpdateConfigThread@@UAEXXZ
+    - ?Run@CDelayLoadThread@@UAEXXZ
+    - ?Run@CWorkerThread@@UAEXXZ
+    - ?SeekToEnd@CFile@@QAEJXZ
+    - ?Set@CKEvent@@QAEJJE@Z
+    - ?SetAttributes@CFile@@QAEJK@Z
+    - ?SetBlobCofig@CContext@@UAEJKPAXK@Z
+    - ?SetData@CBlobConfig@@QAEHPAXK@Z
+    - ?SetData@CModuleFileExtConfig@@QAEHPBG@Z
+    - ?SetData@CModuleFlagConfig@@QAEHK@Z
+    - ?SetData@CModuleMultiStringConfig@@QAEHPBGK@Z
+    - ?SetData@CModuleStringConfig@@QAEHPBG@Z
+    - ?SetEngineContext@CContext@@QAEXPAX@Z
+    - ?SetFileExtensionConfig@CContext@@UAEJKPBG@Z
+    - ?SetFlagConfig@CContext@@UAEJKK@Z
+    - ?SetLinkContext@CContext@@QAEXPAX@Z
+    - ?SetLogFlag@CDebugLog@@QAEEK@Z
+    - ?SetLogFlag@CDebugLogEx@@QAEEK@Z
+    - ?SetMatchAllExtensions@CFileExtension@@QAEXE@Z
+    - ?SetMatchNoExtensions@CFileExtension@@QAEXE@Z
+    - ?SetMultiStringConfig@CContext@@UAEJKPBG@Z
+    - ?SetNewJobItemEvent@CWorkerThreadJobQueue@@QAEXXZ
+    - ?SetPriority@CSystemThread@@QAEXK@Z
+    - ?SetStopUse@CContext@@QAEXXZ
+    - ?SetStringConfig@CContext@@UAEJKPBG@Z
+    - ?Setup@CSystemThread@@MAEXXZ
+    - ?StopUse@CContext@@QAEHXZ
+    - ?TearDown@CSystemThread@@MAEXXZ
+    - ?Terminate@CSystemThread@@QAEXE@Z
+    - ?Terminate@CWorkerThreadPool@@QAEEXZ
+    - ?Terminate@CWorkerThreadPoolEx@@QAEEXZ
+    - ?TmExceptionFilter@@YGJPAU_EXCEPTION_POINTERS@@@Z
+    - ?Wait@CKEvent@@QAEJPAT_LARGE_INTEGER@@E@Z
+    - ?WaitFinish@CWorkerThreadJob@@QAEXXZ
+    - ?WaitForInit@CDelayLoadThread@@QAEEXZ
+    - ?WaitForLoad@CDelayLoadThread@@QAEEXZ
+    - ?WaitNewJobAvailable@CWorkerThreadJobQueue@@QAEEXZ
+    - ?WaitQueueEmpty@CWorkerThreadJobQueue@@QAEXXZ
+    - ?Write@CDebugLog@@QAAXPBDZZ
+    - ?Write@CDebugLogEx@@QAAXPBDZZ
+    - ?Write@CFile@@QAEJPADKPAT_LARGE_INTEGER@@PAK@Z
+    - ?WriteDataToFile@CDebugLogEx@@IAEXPADK@Z
+    - ?WriteDataToProcMonW@CDebugLogEx@@IAEXPAD@Z
+    - ?WriteSystemInformation@CDebugLog@@QAEXXZ
+    - ?WriteSystemInformation@CDebugLogEx@@QAEXXZ
+    - ?WriteSystemStringInformation@CDebugLog@@IAEXPBG@Z
+    - ?WriteSystemStringInformation@CDebugLogEx@@IAEXPBG@Z
+    - ?WriteToFile@CDebugLog@@IAEXPADK@Z
+    - ?WriteToProcMonW@CDebugLogEx@@IAEXPAU_UNICODE_STRING@@@Z
+    - ?_pNonPagedAllocator@@3PAVCMemoryAllocator@@A
+    - ?_pPagedAllocator@@3PAVCMemoryAllocator@@A
+    - ?m_lpInstance@CWorkerThreadPool@@1PAV1@A
+    - ?m_lpRCMInstance@CWorkerThreadPool@@1PAV1@A
+    - _DeInitKm2UmCommunication@0
+    - _DeInitKmLPC@0
+    - _DuplicateFullFileName@4
+    - _FreeFullFileName@4
+    - _GetKm2UmMode@0
+    - _GetModuleInfoByAddress@8
+    - _GetModuleInfoByModuleName@8
+    - _InitKm2UmCommunication@8
+    - _InitKmLPC@0
+    - _IsVerifierCodeCheckFlagOn@0
+    - _IsWindows8_1_update@4
+    - _KmCallUm@8
+    - _KmCallUmByLPC@8
+    - _KmCallUmEx@12
+    - _KmCleanupCommPortAPIs@0
+    - _KmGetUmInitProcess@0
+    - _KmSetCommPortAPIs@4
+    - _ModGetExportProcAddress@8
+    - _ModLoadDLLToBuffer@4
+    - _ModLoadDLLToBufferWithImageSize@8
+    - _ModLoadModule@8
+    - _ModUnLoadModule@4
+    - _NormalizeFileName@4
+    - _NormalizeFullNtPathToDosName@4
+    - _TmCommConfigRoutine@4
+    - _UtilAddDeviceInDriveTable@4
+    - _UtilAddReparsePointMapping@8
+    - _UtilCleanFileReadOnly@4
+    - _UtilCloseExclusiveHandle@12
+    - _UtilCreateDosFileName@8
+    - _UtilDeleteFileForce@4
+    - _UtilGetDeviceObjectName@8
+    - _UtilGetFileNameFromFileObject@4
+    - _UtilGetFileObjectForProcessByEPROC@8
+    - _UtilGetFileObjectFromFileName@12
+    - _UtilGetProcessName@12
+    - _UtilGetSystemDirectory@4
+    - _UtilGetSystemDirectoryEx@0
+    - _UtilGetSystemDirectoryLength@0
+    - _UtilGetSystemTime@4
+    - _UtilIoSetFileInfo@24
+    - _UtilIopCreateFileIRP@40
+    - _UtilKeGetLowFileDevice@16
+    - _UtilModuleIATHook@24
+    - _UtilModuleIATUnHook@8
+    - _UtilPostJobToWorkerThread@12
+    - _UtilQueryExclusiveHandle@12
+    - _UtilQueryKeyValue@24
+    - _UtilRemoveDeviceFromDriveTable@4
+    - _UtilVolumeDeviceToDosName@8
+    - _UtilWaitValueChangeToZero@8
+    - _UtilWriteVersionToRegistry@8
+    - _UtilbuildDynamicDiskMappingTable@0
+    - _UtlWriteBinValueKeyToRegistry@16
+    - _ValidateAddressWithSize@20
+    - __ResetProtectFromClose@4
+    - __UtilDosPathNameToNtPathName@12
+    ImportedFunctions:
+    - wcsrchr
+    - KeSetEvent
+    - KePulseEvent
+    - KeClearEvent
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - ObfDereferenceObject
+    - ZwSetEvent
+    - ZwClose
+    - ZwConnectPort
+    - RtlInitUnicodeString
+    - RtlUnicodeStringToInteger
+    - ZwCreateSection
+    - ZwWaitForSingleObject
+    - ZwOpenEvent
+    - IoGetCurrentProcess
+    - ObfReferenceObject
+    - DbgBreakPoint
+    - ZwRequestWaitReplyPort
+    - ExFreePoolWithTag
+    - ProbeForWrite
+    - ZwFreeVirtualMemory
+    - ZwAllocateVirtualMemory
+    - ObOpenObjectByPointer
+    - PsProcessType
+    - memmove
+    - PsGetProcessExitTime
+    - MmSectionObjectType
+    - PsThreadType
+    - ObReleaseObjectSecurity
+    - SeReleaseSubjectContext
+    - SeAccessCheck
+    - SeCaptureSubjectContext
+    - ObGetObjectSecurity
+    - DbgPrint
+    - memset
+    - MmIsAddressValid
+    - ExInitializeResourceLite
+    - ExDeleteResourceLite
+    - ZwWriteFile
+    - ZwReadFile
+    - ZwQueryInformationFile
+    - ZwSetInformationFile
+    - ZwCreateFile
+    - swprintf
+    - towupper
+    - _wcsnicmp
+    - ExAllocatePoolWithTag
+    - KeInitializeEvent
+    - _snprintf
+    - PsGetCurrentProcessId
+    - RtlTimeToTimeFields
+    - ExSystemTimeToLocalTime
+    - KeQuerySystemTime
+    - PsGetCurrentThreadId
+    - RtlInitAnsiString
+    - ZwDeviceIoControlFile
+    - ZwCreateKey
+    - ZwCreateEvent
+    - KeWaitForMultipleObjects
+    - ObReferenceObjectByHandle
+    - ZwNotifyChangeKey
+    - _vsnprintf
+    - RtlFreeUnicodeString
+    - RtlAnsiStringToUnicodeString
+    - RtlEqualUnicodeString
+    - RtlAppendUnicodeStringToString
+    - RtlCopyUnicodeString
+    - RtlUpcaseUnicodeChar
+    - ExGetPreviousMode
+    - KeWaitForSingleObject
+    - KeSetPriorityThread
+    - PsTerminateSystemThread
+    - PsCreateSystemThread
+    - KeDelayExecutionThread
+    - KeNumberProcessors
+    - ZwQueryInformationProcess
+    - PsLookupProcessByProcessId
+    - ZwOpenDirectoryObject
+    - PsSetCreateProcessNotifyRoutine
+    - ZwQuerySystemInformation
+    - ZwQueryDirectoryFile
+    - ZwQueryDirectoryObject
+    - ZwOpenKey
+    - ZwEnumerateKey
+    - ZwEnumerateValueKey
+    - ZwQueryValueKey
+    - ZwDeleteValueKey
+    - ZwDeleteKey
+    - ZwTerminateProcess
+    - ZwOpenProcess
+    - ZwQueryKey
+    - ZwSetValueKey
+    - IoFileObjectType
+    - _allrem
+    - ZwQuerySecurityObject
+    - memcpy
+    - RtlLengthSecurityDescriptor
+    - MmHighestUserAddress
+    - IoFreeIrp
+    - IoFreeMdl
+    - _purecall
+    - IoBuildAsynchronousFsdRequest
+    - _strnicmp
+    - RtlQueryRegistryValues
+    - RtlAppendUnicodeToString
+    - mbstowcs
+    - ZwQuerySymbolicLinkObject
+    - ZwOpenSymbolicLinkObject
+    - NtClose
+    - ObQueryNameString
+    - MmGetSystemRoutineAddress
+    - ZwSetInformationObject
+    - _stricmp
+    - ZwUnmapViewOfSection
+    - ZwMapViewOfSection
+    - ZwOpenFile
+    - IoCreateFile
+    - IofCallDriver
+    - IoAllocateIrp
+    - MmBuildMdlForNonPagedPool
+    - IoAllocateMdl
+    - ProbeForRead
+    - PsGetVersion
+    - RtlImageNtHeader
+    - RtlCompareMemory
+    - RtlUpcaseUnicodeString
+    - _snwprintf
+    - MmSystemRangeStart
+    - wcsncmp
+    - strrchr
+    - ZwQueryVolumeInformationFile
+    - ObReferenceObjectByPointer
+    - IoBuildDeviceIoControlRequest
+    - ZwOpenSection
+    - _allmul
+    - KeReleaseSemaphore
+    - RtlLengthRequiredSid
+    - RtlInitializeSid
+    - RtlSubAuthoritySid
+    - RtlSetDaclSecurityDescriptor
+    - RtlCreateSecurityDescriptor
+    - RtlAddAccessAllowedAce
+    - RtlCreateAcl
+    - KeInitializeSemaphore
+    - IofCompleteRequest
+    - ExEventObjectType
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - IoCreateSymbolicLink
+    - IoGetDeviceObjectPointer
+    - RtlUpperChar
+    - ObReferenceObjectByName
+    - IoDriverObjectType
+    - RtlCompareUnicodeString
+    - strncpy
+    - KeServiceDescriptorTable
+    - NtOpenProcess
+    - ObOpenObjectByName
+    - NtQueryInformationProcess
+    - PsIsThreadTerminating
+    - KeAddSystemServiceTable
+    - ZwFsControlFile
+    - ObInsertObject
+    - IoReleaseVpbSpinLock
+    - IoAcquireVpbSpinLock
+    - SeCreateAccessState
+    - IoGetFileObjectGenericMapping
+    - ObCreateObject
+    - _allshr
+    - ExInterlockedPopEntrySList
+    - IoGetStackLimits
+    - IoBuildSynchronousFsdRequest
+    - wcsstr
+    - IoUnregisterPlugPlayNotification
+    - FsRtlIsNameInExpression
+    - IoGetConfigurationInformation
+    - MmProbeAndLockPages
+    - IoGetDeviceInterfaces
+    - IoRegisterPlugPlayNotification
+    - ExAllocatePool
+    - RtlFreeAnsiString
+    - RtlUnicodeStringToAnsiString
+    - strncat
+    - wcschr
+    - wcsncat
+    - wcstombs
+    - KeTickCount
+    - KeBugCheckEx
+    - RtlUnwind
+    - wcsncpy
+    - ExReleaseResourceLite
+    - ExAcquireResourceExclusiveLite
+    - ExAcquireResourceSharedLite
+    - ExReleaseFastMutexUnsafe
+    - KeLeaveCriticalRegion
+    - KeEnterCriticalRegion
+    - ZwSetSecurityObject
+    - ExAcquireFastMutexUnsafe
+    - IoDeviceObjectType
+    - IoCreateDevice
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetSaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - SeExports
+    - IoIsWdmVersionAvailable
+    - RtlLengthSid
+    - RtlAbsoluteToSelfRelativeSD
+    - MmUnlockPages
+    - KeGetCurrentThread
+    - KfAcquireSpinLock
+    - KfReleaseSpinLock
+    - KeRaiseIrqlToDpcLevel
+    - KfLowerIrql
+    - ExAcquireFastMutex
+    - ExReleaseFastMutex
+    - KeGetCurrentIrql
+    - KfRaiseIrql
+    - ClassInitialize
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited,
+                CN=COMODO SHA,1 Time Stamping Signer
+            ValidFrom: '2015-12-31 00:00:00'
+            ValidTo: '2019-07-09 18:40:36'
+            Signature: ba332440408c7cdb589fb36098b2f5c031feeb1f6e50f60ae0e4e681ad2687a2dffdb3daf473f300fb291b891b153edb6b52932bc4ac3981d73c67579a3936e028089ae3394f9b89097f7bc5617f598932250a6aae1a3ef0a227a8b6c3b887f7160448413d5cd8ec9f4d203104d965a1edcd690753163ddd36020a88eb40e506300bb8164bdcefbc5509ffc63e122e76b3dcce42eff97657e1b70a054098589a5d711693718c6581ea6ff389f7fb73adb4e7bfd98e6faa0b4f25f3b8e1d5dd75986881f8aac0d180c2c4c43989c1f6c99e6cd774f9d997f84fc29a0acd5e8ff819e9e0a59fc4f09221e62d7925c922f9c3f03a8457ad3a16f46394101d5dd0c6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1688f039255e638e69143907e6330b
+            Version: 3
+            TBS:
+                MD5: 0179e8ddeebaf8998fec419d65cdf13d
+                SHA1: 34c724c3369f2da8c25b591808962f66f10bde28
+                SHA256: 35b0bac11602847aaab65fb35199d3c8976cde3ccf7e061b130177c712cbd92f
+                SHA384: 85f2e758b5480eb225ae42777ed339de71da458c1d40677c0fb6ef8e560e42764a577335e4839b5342061c31ee837b6e
+        -   Subject: C=TW, ST=Taiwan, L=Taipei, O=Trend Micro, Inc., CN=Trend Micro,
+                Inc.
+            ValidFrom: '2016-03-29 00:00:00'
+            ValidTo: '2017-06-28 23:59:59'
+            Signature: 27351697f046d1d43fe306dff30b83e7a404e3e6431c1e06829c558d99eb3f21776021e3e1bd4e485aba08b89bb0972f23daa471d7b432a44a591270f9a838f13dbda32ee936c0df792cff8c493e1f27b2282b3d896ae7b4155ca1a50bf7111f3f4bbbe11f17cfe5d49c0589c210966ef7e567153e802d2e783ff498c59585598d9d3e93273d1e81c07ce85c0cfb24834d448c3930120f1686bd472d916ac8f9475acfdb27be8528311f668d71dfc132a0ff62df7baa575a0cc732b3de003beca214954d4d97cf9511b9329eccbb7b716675b31e543a43570080dffce3fc8ca8fbb17d954b9678e2d0c1e1710a5cf03952a687fede59dcba3bf98900f9934f12
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 774d49c5649436de6bf3190a67eedcdf
+            Version: 3
+            TBS:
+                MD5: b3ca7d6b821d8e3432b29874980af55e
+                SHA1: 618d7e55a24c1d8b65a0bcce79120c5e3b13fa4d
+                SHA256: c645c6a7dc7243a4a3f78a6569c029401a7bda8bc4732ce7198d9f21f19b12fa
+                SHA384: a215ae468847498103234ed023774ba72f8d35f82f2fef5ca8521f020e7ea9c1f2df2a312743bff5fa65747b0760ec59
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 774d49c5649436de6bf3190a67eedcdf
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 5b33b237bab6e0b50320054616983177
+        SHA1: 754c63349a54279bb01f24974f9faf6da8294d27
+        SHA256: 001d9e469d2c4160f8fbff1c0aee013e72881cffb568910a2c1473a17bf858b2
+    Sections:
+        .text:
+            Entropy: 6.67281466246844
+            Virtual Size: '0x38a9a'
+        .rdata:
+            Entropy: 4.975276040199546
+            Virtual Size: '0x249c'
+        .data:
+            Entropy: 4.1443020667665955
+            Virtual Size: '0x33c0'
+        PAGE:
+            Entropy: 6.286415053446689
+            Virtual Size: '0x13dd'
+        .edata:
+            Entropy: 5.8231443718271825
+            Virtual Size: '0x55d9'
+        INIT:
+            Entropy: 5.688321491488638
+            Virtual Size: '0x1676'
+        .rsrc:
+            Entropy: 3.4184273855348146
+            Virtual Size: '0x758'
+        .reloc:
+            Entropy: 6.578935622303867
+            Virtual Size: '0x35d6'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2016-08-04 03:27:03'
+    Imphash: 383be1d728b0be96be1b810a131705ee
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: TmComm.sys
+    MD5: 85e606523ce390f7fcd8370d5f4b812a
+    SHA1: 55c64235d223baeb8577a2445fdaa6bedcde23db
+    SHA256: 385485e643aa611e97ceae6590c6a8c47155886123dbb9de1e704d0d1624d039
+    Authentihash:
+        MD5: 438eb42132c6fb062033d6effb62813c
+        SHA1: e6c39b401e841e2351a9daa07b85abf679636f89
+        SHA256: 3ed3d54fb8222d861785f0d7e71d6223278fbf4d0baa335a54813087d7c3674e
+    Description: TrendMicro Common Module
+    Company: Trend Micro Inc.
+    InternalName: TmComm.sys
+    OriginalFilename: TmComm.sys
+    FileVersion: 7.30.0.1065
+    Product: Trend Micro Eyes
+    ProductVersion: '7.30'
+    Copyright: Copyright  (C)  2017 Trend Micro Incorporated. All rights reserved.
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions:
+    - ??0CAutoUpdateConfigThread@@QEAA@AEBV0@@Z
+    - ??0CAutoUpdateConfigThread@@QEAA@PEAU_UNICODE_STRING@@P6AX0PEAX@Z1@Z
+    - ??0CBlobConfig@@QEAA@AEBV0@@Z
+    - ??0CBlobConfig@@QEAA@K@Z
+    - ??0CContext@@QEAA@AEBV0@@Z
+    - ??0CContext@@QEAA@KP6AJPEAU_EVENT_REPORT@@PEAXPEAU_TMCE_REPORT@@PEAU_TMCE_FEEDBACK@@@Z1K@Z
+    - ??0CContextList@@QEAA@AEBV0@@Z
+    - ??0CContextList@@QEAA@KPEAVIMemoryAllocator@@@Z
+    - ??0CDebugLog@@QEAA@AEBV0@@Z
+    - ??0CDebugLog@@QEAA@PEBG@Z
+    - ??0CDebugLogEx@@QEAA@AEBV0@@Z
+    - ??0CDebugLogEx@@QEAA@K@Z
+    - ??0CDelayLoadThread@@QEAA@AEBV0@@Z
+    - ??0CDelayLoadThread@@QEAA@XZ
+    - ??0CExclusionExtConfig@@QEAA@AEBV0@@Z
+    - ??0CExclusionExtConfig@@QEAA@KKE@Z
+    - ??0CExclusionFileNameConfig@@QEAA@AEBV0@@Z
+    - ??0CExclusionFileNameConfig@@QEAA@KK@Z
+    - ??0CExclusionFilePathConfig@@QEAA@AEBV0@@Z
+    - ??0CExclusionFilePathConfig@@QEAA@KK@Z
+    - ??0CExclusionFolderConfig@@QEAA@AEBV0@@Z
+    - ??0CExclusionFolderConfig@@QEAA@KK@Z
+    - ??0CExclusionRegistryConfig@@QEAA@AEBV0@@Z
+    - ??0CExclusionRegistryConfig@@QEAA@KK@Z
+    - ??0CFile@@QEAA@AEBV0@@Z
+    - ??0CFile@@QEAA@E@Z
+    - ??0CFileExtension@@QEAA@AEBV0@@Z
+    - ??0CFileExtension@@QEAA@KEEPEAVIMemoryAllocator@@@Z
+    - ??0CInclusionExtConfig@@QEAA@AEBV0@@Z
+    - ??0CInclusionExtConfig@@QEAA@KKE@Z
+    - ??0CInclusionFileNameConfig@@QEAA@AEBV0@@Z
+    - ??0CInclusionFileNameConfig@@QEAA@KK@Z
+    - ??0CInclusionFilePathConfig@@QEAA@AEBV0@@Z
+    - ??0CInclusionFilePathConfig@@QEAA@KK@Z
+    - ??0CInclusionFolderConfig@@QEAA@AEBV0@@Z
+    - ??0CInclusionFolderConfig@@QEAA@KK@Z
+    - ??0CKEvent@@QEAA@AEBV0@@Z
+    - ??0CKEvent@@QEAA@W4_EVENT_TYPE@@E@Z
+    - ??0CList@@QEAA@AEBV0@@Z
+    - ??0CList@@QEAA@KPEAVIMemoryAllocator@@@Z
+    - ??0CLockEvent@@QEAA@AEBV0@@Z
+    - ??0CLockEvent@@QEAA@XZ
+    - ??0CLockList@@QEAA@AEBV0@@Z
+    - ??0CLockList@@QEAA@KKPEAVIMemoryAllocator@@@Z
+    - ??0CMemoryAllocator@@IEAA@W4_POOL_TYPE@@K@Z
+    - ??0CMemoryAllocator@@QEAA@AEBV0@@Z
+    - ??0CMemoryPoolAllocator@@IEAA@W4_POOL_TYPE@@_K1K@Z
+    - ??0CMemoryPoolAllocator@@QEAA@AEBV0@@Z
+    - ??0CModuleConfig@@QEAA@AEBV0@@Z
+    - ??0CModuleConfig@@QEAA@XZ
+    - ??0CModuleConfigList@@QEAA@AEBV0@@Z
+    - ??0CModuleConfigList@@QEAA@KPEAVIMemoryAllocator@@@Z
+    - ??0CModuleFileExtConfig@@QEAA@AEBV0@@Z
+    - ??0CModuleFileExtConfig@@QEAA@KKE@Z
+    - ??0CModuleFlagConfig@@QEAA@AEBV0@@Z
+    - ??0CModuleFlagConfig@@QEAA@K@Z
+    - ??0CModuleMultiStringConfig@@QEAA@AEBV0@@Z
+    - ??0CModuleMultiStringConfig@@QEAA@KK@Z
+    - ??0CModuleStringConfig@@QEAA@AEBV0@@Z
+    - ??0CModuleStringConfig@@QEAA@K@Z
+    - ??0CNoLockList@@QEAA@AEBV0@@Z
+    - ??0CNoLockList@@QEAA@KKPEAVIMemoryAllocator@@@Z
+    - ??0CSmartLock@@QEAA@AEAVCLockEvent@@@Z
+    - ??0CSmartLock@@QEAA@XZ
+    - ??0CSmartReference@@QEAA@AEAJ@Z
+    - ??0CSmartReference@@QEAA@AEAK@Z
+    - ??0CSmartResource@@QEAA@AEAVCResource@@E@Z
+    - ??0CStrList@@QEAA@AEBV0@@Z
+    - ??0CStrList@@QEAA@KPEAVIMemoryAllocator@@@Z
+    - ??0CSystemThread@@QEAA@AEBV0@@Z
+    - ??0CSystemThread@@QEAA@K@Z
+    - ??0CUserFuncAdapterJob@@QEAA@AEBV0@@Z
+    - ??0CUserFuncAdapterJob@@QEAA@P6AXPEAX@Z01@Z
+    - ??0CWorkerThread@@IEAA@PEAVCWorkerThreadJobQueue@@@Z
+    - ??0CWorkerThread@@QEAA@AEBV0@@Z
+    - ??0CWorkerThreadJob@@QEAA@AEBV0@@Z
+    - ??0CWorkerThreadJob@@QEAA@E@Z
+    - ??0CWorkerThreadJobQueue@@QEAA@AEBV0@@Z
+    - ??0CWorkerThreadJobQueue@@QEAA@K@Z
+    - ??0CWorkerThreadPool@@QEAA@AEBV0@@Z
+    - ??0CWorkerThreadPool@@QEAA@K@Z
+    - ??0CWorkerThreadPoolEx@@QEAA@AEBV0@@Z
+    - ??0CWorkerThreadPoolEx@@QEAA@KK@Z
+    - ??0IMemoryAllocator@@QEAA@AEBV0@@Z
+    - ??0IMemoryAllocator@@QEAA@XZ
+    - ??1CAutoUpdateConfigThread@@UEAA@XZ
+    - ??1CBlobConfig@@UEAA@XZ
+    - ??1CContext@@UEAA@XZ
+    - ??1CContextList@@UEAA@XZ
+    - ??1CDebugLog@@UEAA@XZ
+    - ??1CDebugLogEx@@UEAA@XZ
+    - ??1CDelayLoadThread@@UEAA@XZ
+    - ??1CExclusionExtConfig@@UEAA@XZ
+    - ??1CExclusionFileNameConfig@@UEAA@XZ
+    - ??1CExclusionFilePathConfig@@UEAA@XZ
+    - ??1CExclusionFolderConfig@@UEAA@XZ
+    - ??1CExclusionRegistryConfig@@UEAA@XZ
+    - ??1CFile@@UEAA@XZ
+    - ??1CFileExtension@@UEAA@XZ
+    - ??1CInclusionExtConfig@@UEAA@XZ
+    - ??1CInclusionFileNameConfig@@UEAA@XZ
+    - ??1CInclusionFilePathConfig@@UEAA@XZ
+    - ??1CInclusionFolderConfig@@UEAA@XZ
+    - ??1CKEvent@@UEAA@XZ
+    - ??1CList@@UEAA@XZ
+    - ??1CLockEvent@@UEAA@XZ
+    - ??1CLockList@@UEAA@XZ
+    - ??1CMemoryAllocator@@UEAA@XZ
+    - ??1CMemoryPoolAllocator@@UEAA@XZ
+    - ??1CModuleConfig@@UEAA@XZ
+    - ??1CModuleConfigList@@UEAA@XZ
+    - ??1CModuleFileExtConfig@@UEAA@XZ
+    - ??1CModuleFlagConfig@@UEAA@XZ
+    - ??1CModuleMultiStringConfig@@UEAA@XZ
+    - ??1CModuleStringConfig@@UEAA@XZ
+    - ??1CNoLockList@@UEAA@XZ
+    - ??1CSmartLock@@QEAA@XZ
+    - ??1CSmartReference@@QEAA@XZ
+    - ??1CSmartResource@@QEAA@XZ
+    - ??1CStrList@@UEAA@XZ
+    - ??1CSystemThread@@UEAA@XZ
+    - ??1CUserFuncAdapterJob@@UEAA@XZ
+    - ??1CWorkerThread@@UEAA@XZ
+    - ??1CWorkerThreadJob@@UEAA@XZ
+    - ??1CWorkerThreadJobQueue@@UEAA@XZ
+    - ??1CWorkerThreadPool@@UEAA@XZ
+    - ??1CWorkerThreadPoolEx@@UEAA@XZ
+    - ??1IMemoryAllocator@@UEAA@XZ
+    - ??2@YAPEAX_KPEAVIMemoryAllocator@@PEBDK@Z
+    - ??2CMemoryAllocator@@SAPEAX_K@Z
+    - ??2CMemoryPoolAllocator@@SAPEAX_K@Z
+    - ??3@YAXPEAX@Z
+    - ??3@YAXPEAX_K@Z
+    - ??3IMemoryAllocator@@SAXPEAX@Z
+    - ??4CAutoUpdateConfigThread@@QEAAAEAV0@AEBV0@@Z
+    - ??4CBlobConfig@@QEAAAEAV0@AEBV0@@Z
+    - ??4CContext@@QEAAAEAV0@AEBV0@@Z
+    - ??4CDebugLog@@QEAAAEAV0@AEBV0@@Z
+    - ??4CDebugLogEx@@QEAAAEAV0@AEBV0@@Z
+    - ??4CDelayLoadThread@@QEAAAEAV0@AEBV0@@Z
+    - ??4CFile@@QEAAAEAV0@AEBV0@@Z
+    - ??4CKEvent@@QEAAAEAV0@AEBV0@@Z
+    - ??4CLockEvent@@QEAAAEAV0@AEBV0@@Z
+    - ??4CMemoryAllocator@@QEAAAEAV0@AEBV0@@Z
+    - ??4CMemoryPoolAllocator@@QEAAAEAV0@AEBV0@@Z
+    - ??4CModuleConfig@@QEAAAEAV0@AEBV0@@Z
+    - ??4CModuleFlagConfig@@QEAAAEAV0@AEBV0@@Z
+    - ??4CModuleStringConfig@@QEAAAEAV0@AEBV0@@Z
+    - ??4CSmartLock@@QEAAAEAV0@AEBV0@@Z
+    - ??4CSmartLock@@QEAAAEBV0@AEAVCLockEvent@@@Z
+    - ??4CSmartResource@@QEAAAEAV0@AEBV0@@Z
+    - ??4CSystemThread@@QEAAAEAV0@AEBV0@@Z
+    - ??4CUserFuncAdapterJob@@QEAAAEAV0@AEBV0@@Z
+    - ??4CWorkerThread@@QEAAAEAV0@AEBV0@@Z
+    - ??4CWorkerThreadJob@@QEAAAEAV0@AEBV0@@Z
+    - ??4IMemoryAllocator@@QEAAAEAV0@AEBV0@@Z
+    - ??_7CAutoUpdateConfigThread@@6B@
+    - ??_7CBlobConfig@@6B@
+    - ??_7CContext@@6B@
+    - ??_7CContextList@@6B@
+    - ??_7CDebugLog@@6B@
+    - ??_7CDebugLogEx@@6B@
+    - ??_7CDelayLoadThread@@6B@
+    - ??_7CExclusionExtConfig@@6B@
+    - ??_7CExclusionFileNameConfig@@6B@
+    - ??_7CExclusionFilePathConfig@@6B@
+    - ??_7CExclusionFolderConfig@@6B@
+    - ??_7CExclusionRegistryConfig@@6B@
+    - ??_7CFile@@6B@
+    - ??_7CFileExtension@@6B@
+    - ??_7CInclusionExtConfig@@6B@
+    - ??_7CInclusionFileNameConfig@@6B@
+    - ??_7CInclusionFilePathConfig@@6B@
+    - ??_7CInclusionFolderConfig@@6B@
+    - ??_7CKEvent@@6B@
+    - ??_7CList@@6B@
+    - ??_7CLockEvent@@6B@
+    - ??_7CLockList@@6B@
+    - ??_7CMemoryAllocator@@6B@
+    - ??_7CMemoryPoolAllocator@@6B@
+    - ??_7CModuleConfig@@6B@
+    - ??_7CModuleConfigList@@6B@
+    - ??_7CModuleFileExtConfig@@6B@
+    - ??_7CModuleFlagConfig@@6B@
+    - ??_7CModuleMultiStringConfig@@6B@
+    - ??_7CModuleStringConfig@@6B@
+    - ??_7CNoLockList@@6B@
+    - ??_7CStrList@@6B@
+    - ??_7CSystemThread@@6B@
+    - ??_7CUserFuncAdapterJob@@6B@
+    - ??_7CWorkerThread@@6B@
+    - ??_7CWorkerThreadJob@@6B@
+    - ??_7CWorkerThreadJobQueue@@6B@
+    - ??_7CWorkerThreadPool@@6B@
+    - ??_7CWorkerThreadPoolEx@@6B@
+    - ??_7IMemoryAllocator@@6B@
+    - ??_FCContextList@@QEAAXXZ
+    - ??_FCFile@@QEAAXXZ
+    - ??_FCFileExtension@@QEAAXXZ
+    - ??_FCModuleConfigList@@QEAAXXZ
+    - ??_FCStrList@@QEAAXXZ
+    - ??_FCSystemThread@@QEAAXXZ
+    - ??_FCWorkerThread@@QEAAXXZ
+    - ??_FCWorkerThreadJob@@QEAAXXZ
+    - ??_FCWorkerThreadJobQueue@@QEAAXXZ
+    - ??_U@YAPEAX_KPEAVIMemoryAllocator@@PEBDK@Z
+    - ??_V@YAXPEAX@Z
+    - ??_V@YAXPEAX_K@Z
+    - ?Acquire@CLockEvent@@QEAAXXZ
+    - ?Add@CContextList@@QEAAEPEAVCContext@@@Z
+    - ?Add@CFileExtension@@QEAAEPEBGK@Z
+    - ?Add@CModuleConfigList@@QEAAEPEAVCModuleConfig@@@Z
+    - ?Add@CStrList@@QEAAEPEBG@Z
+    - ?AddNode@CLockList@@UEAAEQEAXE@Z
+    - ?AddNode@CNoLockList@@UEAAEQEAXE@Z
+    - ?Alloc@CMemoryAllocator@@UEAAPEAX_KPEBDK@Z
+    - ?Alloc@CMemoryPoolAllocator@@UEAAPEAX_KPEBDK@Z
+    - ?AllocBlock@CMemoryPoolAllocator@@IEAAPEAX_K@Z
+    - ?AttachJobQueue@CWorkerThread@@QEAAXPEAVCWorkerThreadJobQueue@@@Z
+    - ?Cancel@CWorkerThreadJob@@QEAAXXZ
+    - ?CheckNode@CLockList@@UEAAHQEAX@Z
+    - ?CheckNode@CNoLockList@@UEAAHQEAX@Z
+    - ?CleanQueue@CWorkerThreadJobQueue@@QEAAXXZ
+    - ?Cleanup@CBlobConfig@@AEAAXXZ
+    - ?Cleanup@CModuleFileExtConfig@@IEAAXXZ
+    - ?Cleanup@CModuleMultiStringConfig@@IEAAXXZ
+    - ?Cleanup@CModuleStringConfig@@AEAAXXZ
+    - ?Close@CFile@@QEAAJXZ
+    - ?Count@CLockList@@QEAAKXZ
+    - ?Count@CNoLockList@@QEAAKXZ
+    - ?Create@CFile@@QEAAJPEBGKKKK@Z
+    - ?Create@CSystemThread@@QEAAEXZ
+    - ?CreateInstance@CMemoryAllocator@@SAPEAV1@W4_POOL_TYPE@@K@Z
+    - ?CreateInstance@CMemoryPoolAllocator@@SAPEAV1@W4_POOL_TYPE@@_K1K@Z
+    - ?CreatePool@CWorkerThreadPool@@QEAAEXZ
+    - ?CreatePool@CWorkerThreadPoolEx@@QEAAEXZ
+    - ?CreateThreads@CWorkerThreadPool@@QEAAEK@Z
+    - ?CreateThreads@CWorkerThreadPoolEx@@QEAAEK@Z
+    - ?CreateWIRP@CFile@@QEAAJPEBGKKKK@Z
+    - ?Delete@CFile@@QEAAJXZ
+    - ?Delete@CFileExtension@@QEAAEPEBGK@Z
+    - ?Delete@CStrList@@QEAAEPEBG@Z
+    - ?DeleteAll@CList@@UEAAXXZ
+    - ?DeleteAll@CLockList@@UEAAXXZ
+    - ?DeleteAll@CNoLockList@@UEAAXXZ
+    - ?DeleteNode@CContextList@@MEAAXPEAX@Z
+    - ?DeleteNode@CList@@UEAAXPEAX@Z
+    - ?DeleteNode@CModuleConfigList@@MEAAXPEAX@Z
+    - ?DeleteNode@CStrList@@EEAAXPEAU_STR_LIST_NODE@1@@Z
+    - ?DisableWriteProtectFromCR0@@YAXPEAPEAX@Z
+    - ?DoIt@CWorkerThreadJob@@QEAAJXZ
+    - ?EntryPoint@CSystemThread@@KAXPEAX@Z
+    - ?Find@CContextList@@QEAAPEAVCContext@@K@Z
+    - ?Find@CContextList@@QEAAPEAVCContext@@PEAX@Z
+    - ?Find@CFileExtension@@QEAAPEAU_STR_LIST_NODE@CStrList@@PEBGK@Z
+    - ?Find@CModuleConfigList@@QEAAPEAVCModuleConfig@@K@Z
+    - ?Find@CStrList@@QEAAPEAU_STR_LIST_NODE@1@PEBG@Z
+    - ?FindNode@CContextList@@IEAAPEAXPEAX@Z
+    - ?FindPartiallyAndAllMatch@CStrList@@QEAAPEAU_STR_LIST_NODE@1@PEBG@Z
+    - ?FinishFunction@CUserFuncAdapterJob@@MEAAXXZ
+    - ?FinishIt@CWorkerThreadJob@@QEAAJXZ
+    - ?First@CList@@UEAAPEAXXZ
+    - ?First@CLockList@@UEAAPEAXXZ
+    - ?First@CNoLockList@@UEAAPEAXXZ
+    - ?Free@CMemoryAllocator@@UEAAXPEAX@Z
+    - ?Free@CMemoryPoolAllocator@@UEAAXPEAX@Z
+    - ?GetAttributes@CFile@@QEAAKXZ
+    - ?GetBasicInfomration@CFile@@IEAAJXZ
+    - ?GetBlobCofig@CContext@@UEAAJKPEAXPEAK@Z
+    - ?GetCategory@CContext@@QEAAKXZ
+    - ?GetData@CBlobConfig@@QEAAHPEAXPEAK@Z
+    - ?GetData@CModuleFileExtConfig@@QEAAHPEAGPEAK@Z
+    - ?GetData@CModuleFileExtConfig@@QEAAPEAVCFileExtension@@XZ
+    - ?GetData@CModuleFlagConfig@@QEAAKXZ
+    - ?GetData@CModuleMultiStringConfig@@QEAAHPEAGPEAK@Z
+    - ?GetData@CModuleMultiStringConfig@@QEAAPEAVCStrList@@XZ
+    - ?GetData@CModuleStringConfig@@QEAAPEAGXZ
+    - ?GetData@CStrList@@QEAAEPEAGPEAK@Z
+    - ?GetDataType@CModuleConfig@@QEAAKXZ
+    - ?GetEngineContext@CContext@@QEAAPEAXXZ
+    - ?GetFileExtensionConfig@CContext@@QEAAPEAVCFileExtension@@K@Z
+    - ?GetFileExtensionConfig@CContext@@UEAAJKPEAGPEAK@Z
+    - ?GetFileSize@CFile@@QEAAJPEAT_LARGE_INTEGER@@@Z
+    - ?GetFileSizeWIRP@CFile@@QEAAJPEAT_LARGE_INTEGER@@@Z
+    - ?GetFlagConfig@CContext@@UEAAJKPEAK@Z
+    - ?GetID@CModuleConfig@@QEAAKXZ
+    - ?GetJob@CWorkerThreadJobQueue@@QEAAPEAVCWorkerThreadJob@@XZ
+    - ?GetLength@CModuleStringConfig@@QEAAKXZ
+    - ?GetLinkContext@CContext@@QEAAPEAXXZ
+    - ?GetLogFlag@CDebugLog@@QEAAKXZ
+    - ?GetLogFlag@CDebugLogEx@@QEAAKXZ
+    - ?GetModuleId@CModuleConfig@@QEAAKXZ
+    - ?GetMultiStringConfig@CContext@@QEAAPEAVCStrList@@K@Z
+    - ?GetMultiStringConfig@CContext@@UEAAJKPEAGPEAK@Z
+    - ?GetOneThreadTEB@CWorkerThreadPool@@QEAAPEAU_ETHREAD@@XZ
+    - ?GetOneThreadTEB@CWorkerThreadPool@@QEAAPEAU_KTHREAD@@XZ
+    - ?GetOneThreadTEB@CWorkerThreadPoolEx@@QEAAPEAU_ETHREAD@@XZ
+    - ?GetOneThreadTEB@CWorkerThreadPoolEx@@QEAAPEAU_KTHREAD@@XZ
+    - ?GetReportCallBackRoutine@CContext@@QEAA_KXZ
+    - ?GetSize@CBlobConfig@@QEAAKXZ
+    - ?GetStringConfig@CContext@@QEAAPEAGK@Z
+    - ?GetStringConfig@CContext@@UEAAJKPEAGPEAK@Z
+    - ?GetThreadCount@CWorkerThreadPool@@QEAAKXZ
+    - ?GetThreadCount@CWorkerThreadPoolEx@@QEAAKXZ
+    - ?GetThreadID@CSystemThread@@QEAA_KXZ
+    - ?GetType@CContext@@QEAAKXZ
+    - ?GetUserParameter@CContext@@QEAA_KXZ
+    - ?InitProcMon@CDebugLogEx@@IEAAXXZ
+    - ?InitializeBlobConfig@CContext@@QEAAHKPEAXK@Z
+    - ?InitializeFileExtensionConfig@CContext@@QEAAHKPEBG@Z
+    - ?InitializeFlagConfig@CContext@@QEAAHKK@Z
+    - ?InitializeMultiStringConfig@CContext@@QEAAHKPEBG@Z
+    - ?InitializeStringConfig@CContext@@QEAAHKPEBG@Z
+    - ?Insert@CList@@UEAAXQEAXE@Z
+    - ?Insert@CLockList@@UEAAXQEAXE@Z
+    - ?Insert@CNoLockList@@UEAAXQEAXE@Z
+    - ?InsertAfter@CList@@UEAAXPEAX0@Z
+    - ?InsertBefore@CList@@UEAAXPEAX0@Z
+    - ?Instance@CWorkerThreadPool@@SAPEAV1@XZ
+    - ?IsEmpty@CList@@UEAAEXZ
+    - ?IsEmpty@CLockList@@UEAAEXZ
+    - ?IsEmpty@CNoLockList@@UEAAEXZ
+    - ?IsExceedLimitation@CMemoryPoolAllocator@@IEAAEK@Z
+    - ?IsFull@CLockList@@QEBAEXZ
+    - ?IsFull@CNoLockList@@QEBAEXZ
+    - ?IsInExclusionList@CExclusionExtConfig@@QEAAEPEBG@Z
+    - ?IsInExclusionList@CExclusionFileNameConfig@@QEAAEPEBG@Z
+    - ?IsInExclusionList@CExclusionFilePathConfig@@QEAAEPEBG@Z
+    - ?IsInExclusionList@CExclusionFolderConfig@@QEAAEPEBG@Z
+    - ?IsInExclusionList@CExclusionRegistryConfig@@QEAAEPEBG@Z
+    - ?IsInInclusionList@CInclusionExtConfig@@QEAAEPEBG@Z
+    - ?IsInInclusionList@CInclusionFileNameConfig@@QEAAEPEBG@Z
+    - ?IsInInclusionList@CInclusionFilePathConfig@@QEAAEPEBG@Z
+    - ?IsInInclusionList@CInclusionFolderConfig@@QEAAEPEBG@Z
+    - ?IsOpened@CFile@@QEAAEXZ
+    - ?IsTerminated@CWorkerThreadPool@@QEAAEXZ
+    - ?IsTerminated@CWorkerThreadPoolEx@@QEAAEXZ
+    - ?IsValid@CMemoryAllocator@@UEAAEXZ
+    - ?IsValid@CMemoryPoolAllocator@@UEAAEXZ
+    - ?IsValid@IMemoryAllocator@@UEAAEXZ
+    - ?IsWorkerThread@CWorkerThreadPool@@QEAAE_K@Z
+    - ?IsWorkerThread@CWorkerThreadPoolEx@@QEAAE_K@Z
+    - ?JobFunction@CUserFuncAdapterJob@@MEAAXXZ
+    - ?JobQueue@CWorkerThreadPool@@QEAAAEAVCWorkerThreadJobQueue@@XZ
+    - ?JobQueue@CWorkerThreadPoolEx@@QEAAAEAVCWorkerThreadJobQueue@@XZ
+    - ?Limit@CLockList@@QEAAKXZ
+    - ?Limit@CNoLockList@@QEAAKXZ
+    - ?MatchAllExtensions@CFileExtension@@QEAAEXZ
+    - ?MatchNoExtensions@CFileExtension@@QEAAEXZ
+    - ?MergeLeft@CMemoryPoolAllocator@@IEAAPEAXPEAX@Z
+    - ?MergeRight@CMemoryPoolAllocator@@IEAAPEAXPEAX@Z
+    - ?NeedDelete@CWorkerThreadJob@@QEAAEXZ
+    - ?NeedDeleteWhenFinish@CWorkerThreadJob@@QEAAXE@Z
+    - ?NewNode@CList@@UEAAPEAXXZ
+    - ?NewNode@CStrList@@EEAAPEAXXZ
+    - ?NewNodeVariant@CList@@IEAAPEAXK@Z
+    - ?Next@CList@@UEBAPEAXQEAX@Z
+    - ?Next@CLockList@@UEBAPEAXQEAX@Z
+    - ?Next@CNoLockList@@UEBAPEAXQEAX@Z
+    - ?NextPool@CMemoryPoolAllocator@@QEAAPEAV1@XZ
+    - ?NotityTerminate@CWorkerThread@@QEAAXXZ
+    - ?PostJobToWorkerThread@CWorkerThreadPool@@QEAAJP6AXPEAX@Z0E@Z
+    - ?PostJobToWorkerThread@CWorkerThreadPoolEx@@QEAAJP6AXPEAX@Z0E1@Z
+    - ?Pulse@CKEvent@@QEAAJJE@Z
+    - ?QueueJob@CWorkerThreadJobQueue@@QEAAEPEAVCWorkerThreadJob@@@Z
+    - ?QueueJobItem@CWorkerThreadPool@@QEAAJPEAVCWorkerThreadJob@@@Z
+    - ?QueueJobItem@CWorkerThreadPoolEx@@QEAAJPEAVCWorkerThreadJob@@@Z
+    - ?RCMInstance@CWorkerThreadPool@@SAPEAV1@XZ
+    - ?Read@CFile@@QEAAJPEADKPEAK@Z
+    - ?ReadWIRP@CFile@@QEAAJPEADKPEAK@Z
+    - ?ReferenceCount@CContext@@QEAAAEAKXZ
+    - ?Release@CLockEvent@@QEAAXXZ
+    - ?Remove@CContextList@@UEAAEQEAX@Z
+    - ?Remove@CList@@UEAAEQEAX@Z
+    - ?Remove@CLockList@@UEAAEQEAX@Z
+    - ?Remove@CNoLockList@@UEAAEQEAX@Z
+    - ?RemoveHead@CList@@UEAAPEAXXZ
+    - ?RemoveHead@CLockList@@UEAAPEAXXZ
+    - ?RemoveHead@CNoLockList@@UEAAPEAXXZ
+    - ?RemoveTail@CList@@UEAAPEAXXZ
+    - ?RemoveTail@CLockList@@UEAAPEAXXZ
+    - ?RemoveTail@CNoLockList@@UEAAPEAXXZ
+    - ?Reset@CKEvent@@QEAAXXZ
+    - ?ResetData@CInclusionExtConfig@@QEAAXXZ
+    - ?ResetData@CInclusionFileNameConfig@@QEAAXXZ
+    - ?ResetData@CInclusionFilePathConfig@@QEAAXXZ
+    - ?ResetData@CInclusionFolderConfig@@QEAAXXZ
+    - ?RestoreCR0@@YAXPEAX@Z
+    - ?Run@CAutoUpdateConfigThread@@UEAAXXZ
+    - ?Run@CDelayLoadThread@@UEAAXXZ
+    - ?Run@CWorkerThread@@UEAAXXZ
+    - ?SeekToEnd@CFile@@QEAAJXZ
+    - ?Set@CKEvent@@QEAAJJE@Z
+    - ?SetAttributes@CFile@@QEAAJK@Z
+    - ?SetBlobCofig@CContext@@UEAAJKPEAXK@Z
+    - ?SetData@CBlobConfig@@QEAAHPEAXK@Z
+    - ?SetData@CModuleFileExtConfig@@QEAAHPEBG@Z
+    - ?SetData@CModuleFlagConfig@@QEAAHK@Z
+    - ?SetData@CModuleMultiStringConfig@@QEAAHPEBGK@Z
+    - ?SetData@CModuleStringConfig@@QEAAHPEBG@Z
+    - ?SetEngineContext@CContext@@QEAAXPEAX@Z
+    - ?SetFileExtensionConfig@CContext@@UEAAJKPEBG@Z
+    - ?SetFlagConfig@CContext@@UEAAJKK@Z
+    - ?SetLinkContext@CContext@@QEAAXPEAX@Z
+    - ?SetLogFlag@CDebugLog@@QEAAEK@Z
+    - ?SetLogFlag@CDebugLogEx@@QEAAEK@Z
+    - ?SetMatchAllExtensions@CFileExtension@@QEAAXE@Z
+    - ?SetMatchNoExtensions@CFileExtension@@QEAAXE@Z
+    - ?SetMultiStringConfig@CContext@@UEAAJKPEBG@Z
+    - ?SetNewJobItemEvent@CWorkerThreadJobQueue@@QEAAXXZ
+    - ?SetPriority@CSystemThread@@QEAAXK@Z
+    - ?SetStopUse@CContext@@QEAAXXZ
+    - ?SetStringConfig@CContext@@UEAAJKPEBG@Z
+    - ?Setup@CSystemThread@@MEAAXXZ
+    - ?StopUse@CContext@@QEAAHXZ
+    - ?TearDown@CSystemThread@@MEAAXXZ
+    - ?Terminate@CSystemThread@@QEAAXE@Z
+    - ?Terminate@CWorkerThreadPool@@QEAAEXZ
+    - ?Terminate@CWorkerThreadPoolEx@@QEAAEXZ
+    - ?TmExceptionFilter@@YAJPEAU_EXCEPTION_POINTERS@@@Z
+    - ?Wait@CKEvent@@QEAAJPEAT_LARGE_INTEGER@@E@Z
+    - ?WaitFinish@CWorkerThreadJob@@QEAAXXZ
+    - ?WaitForInit@CDelayLoadThread@@QEAAEXZ
+    - ?WaitForLoad@CDelayLoadThread@@QEAAEXZ
+    - ?WaitNewJobAvailable@CWorkerThreadJobQueue@@QEAAEXZ
+    - ?WaitQueueEmpty@CWorkerThreadJobQueue@@QEAAXXZ
+    - ?Write@CDebugLog@@QEAAXPEBDZZ
+    - ?Write@CDebugLogEx@@QEAAXPEBDZZ
+    - ?Write@CFile@@QEAAJPEADKPEAT_LARGE_INTEGER@@PEAK@Z
+    - ?WriteDataToFile@CDebugLogEx@@IEAAXPEADK@Z
+    - ?WriteDataToProcMonW@CDebugLogEx@@IEAAXPEAD@Z
+    - ?WriteSystemInformation@CDebugLog@@QEAAXXZ
+    - ?WriteSystemInformation@CDebugLogEx@@QEAAXXZ
+    - ?WriteSystemStringInformation@CDebugLog@@IEAAXPEBG@Z
+    - ?WriteSystemStringInformation@CDebugLogEx@@IEAAXPEBG@Z
+    - ?WriteToFile@CDebugLog@@IEAAXPEADK@Z
+    - ?WriteToProcMonW@CDebugLogEx@@IEAAXPEAU_UNICODE_STRING@@@Z
+    - ?_pNonPagedAllocator@@3PEAVCMemoryAllocator@@EA
+    - ?_pPagedAllocator@@3PEAVCMemoryAllocator@@EA
+    - ?m_lpInstance@CWorkerThreadPool@@1PEAV1@EA
+    - ?m_lpRCMInstance@CWorkerThreadPool@@1PEAV1@EA
+    - AllocFullFileName
+    - DeInitKm2UmCommunication
+    - DeInitKmLPC
+    - DuplicateFullFileName
+    - FreeFullFileName
+    - GetKm2UmMode
+    - GetModuleInfoByAddress
+    - GetModuleInfoByModuleName
+    - InitKm2UmCommunication
+    - InitKmLPC
+    - IsVerifierCodeCheckFlagOn
+    - IsWindows8_1_update
+    - KmCallUm
+    - KmCallUmByLPC
+    - KmCallUmEx
+    - KmCleanupCommPortAPIs
+    - KmGetUmInitProcess
+    - KmSetBackupCommPortAPIs
+    - KmSetCommPortAPIs
+    - ModGetExportProcAddress
+    - ModLoadDLLToBuffer
+    - ModLoadDLLToBufferWithImageSize
+    - ModLoadModule
+    - ModUnLoadModule
+    - NormalizeFileName
+    - NormalizeFullNtPathToDosName
+    - TmCommConfigRoutine
+    - UtilAddDeviceInDriveTable
+    - UtilAddReparsePointMapping
+    - UtilCleanFileReadOnly
+    - UtilCloseExclusiveHandle
+    - UtilCreateDosFileName
+    - UtilDeleteFileForce
+    - UtilGetDeviceObjectName
+    - UtilGetFileNameFromFileObject
+    - UtilGetFileObjectForProcessByEPROC
+    - UtilGetFileObjectFromFileName
+    - UtilGetProcessName
+    - UtilGetSystemDirectory
+    - UtilGetSystemDirectoryEx
+    - UtilGetSystemDirectoryLength
+    - UtilGetSystemTime
+    - UtilIoSetFileInfo
+    - UtilIopCreateFileIRP
+    - UtilKeGetLowFileDevice
+    - UtilModuleIATHook
+    - UtilModuleIATUnHook
+    - UtilPostJobToWorkerThread
+    - UtilQueryExclusiveHandle
+    - UtilQueryKeyValue
+    - UtilRemoveDeviceFromDriveTable
+    - UtilVolumeDeviceToDosName
+    - UtilWaitValueChangeToZero
+    - UtilWriteVersionToRegistry
+    - UtilbuildDynamicDiskMappingTable
+    - UtlWriteBinValueKeyToRegistry
+    - ValidateAddressWithSize
+    - _ResetProtectFromClose
+    - _UtilDosPathNameToNtPathName
+    ImportedFunctions:
+    - RtlInitUnicodeString
+    - KeInitializeEvent
+    - KeClearEvent
+    - KeSetEvent
+    - KeEnterCriticalRegion
+    - KeLeaveCriticalRegion
+    - KeWaitForSingleObject
+    - ExFreePoolWithTag
+    - ExAcquireFastMutexUnsafe
+    - ExReleaseFastMutexUnsafe
+    - ProbeForRead
+    - ProbeForWrite
+    - ExAcquireResourceSharedLite
+    - ExAcquireResourceExclusiveLite
+    - ExReleaseResourceLite
+    - MmProbeAndLockPages
+    - MmUnlockPages
+    - MmMapLockedPagesSpecifyCache
+    - IoAllocateMdl
+    - IoFreeMdl
+    - IoGetCurrentProcess
+    - ObfReferenceObject
+    - ObfDereferenceObject
+    - ZwClose
+    - ZwCreateSection
+    - ZwOpenSection
+    - ZwMapViewOfSection
+    - ZwUnmapViewOfSection
+    - ZwOpenEvent
+    - KePulseEvent
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - ObOpenObjectByPointer
+    - ZwAllocateVirtualMemory
+    - ZwFreeVirtualMemory
+    - ZwSetEvent
+    - __C_specific_handler
+    - PsProcessType
+    - wcslen
+    - wcsncpy
+    - wcsrchr
+    - RtlUnicodeStringToInteger
+    - ZwWaitForSingleObject
+    - ZwRequestWaitReplyPort
+    - ZwConnectPort
+    - _stricmp
+    - ExAllocatePoolWithTag
+    - MmIsAddressValid
+    - RtlImageNtHeader
+    - ZwQuerySystemInformation
+    - SeCaptureSubjectContext
+    - SeReleaseSubjectContext
+    - SeAccessCheck
+    - ObGetObjectSecurity
+    - ObReleaseObjectSecurity
+    - PsGetProcessExitTime
+    - PsThreadType
+    - MmSectionObjectType
+    - RtlCreateSecurityDescriptor
+    - RtlSetDaclSecurityDescriptor
+    - KeInitializeSemaphore
+    - KeReleaseSemaphore
+    - ExAcquireFastMutex
+    - ExReleaseFastMutex
+    - RtlCreateAcl
+    - RtlAddAccessAllowedAce
+    - RtlLengthRequiredSid
+    - RtlInitializeSid
+    - RtlSubAuthoritySid
+    - KeDelayExecutionThread
+    - ExGetPreviousMode
+    - DbgPrint
+    - swprintf
+    - RtlCopyUnicodeString
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - ObReferenceObjectByHandle
+    - PsGetCurrentProcessId
+    - ZwCreateEvent
+    - ExEventObjectType
+    - _wcsnicmp
+    - PsSetCreateProcessNotifyRoutine
+    - ZwQueryInformationProcess
+    - PsLookupProcessByProcessId
+    - ZwOpenDirectoryObject
+    - ExInitializeResourceLite
+    - ExDeleteResourceLite
+    - ZwCreateFile
+    - ZwQueryInformationFile
+    - ZwSetInformationFile
+    - ZwReadFile
+    - ZwWriteFile
+    - towupper
+    - MmGetSystemRoutineAddress
+    - ObReferenceObjectByPointer
+    - PsGetCurrentThreadId
+    - ObQueryNameString
+    - PsGetVersion
+    - _snprintf
+    - _vsnprintf
+    - RtlInitAnsiString
+    - wcscat
+    - RtlFreeUnicodeString
+    - RtlTimeToTimeFields
+    - KeWaitForMultipleObjects
+    - ExSystemTimeToLocalTime
+    - ZwCreateKey
+    - ZwDeviceIoControlFile
+    - ZwNotifyChangeKey
+    - ZwOpenFile
+    - ZwQueryVolumeInformationFile
+    - mbstowcs
+    - IoGetDeviceObjectPointer
+    - IoBuildDeviceIoControlRequest
+    - IofCallDriver
+    - IoCreateFile
+    - RtlEqualUnicodeString
+    - RtlAppendUnicodeStringToString
+    - RtlUpcaseUnicodeChar
+    - _snwprintf
+    - strlen
+    - _strnicmp
+    - strncpy
+    - NtOpenProcess
+    - NtQueryInformationProcess
+    - ObOpenObjectByName
+    - KeSetPriorityThread
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - KeNumberProcessors
+    - RtlLengthSecurityDescriptor
+    - ZwOpenKey
+    - ZwDeleteKey
+    - ZwDeleteValueKey
+    - ZwEnumerateKey
+    - ZwEnumerateValueKey
+    - ZwQueryKey
+    - ZwQueryValueKey
+    - ZwSetValueKey
+    - ZwTerminateProcess
+    - ZwOpenProcess
+    - ZwDuplicateObject
+    - ZwQuerySecurityObject
+    - ZwSetSecurityObject
+    - ZwQueryDirectoryObject
+    - ZwQueryDirectoryFile
+    - NtCreateFile
+    - NtQueryInformationFile
+    - NtSetInformationFile
+    - IoFileObjectType
+    - ObInsertObject
+    - wcschr
+    - wcsncmp
+    - RtlQueryRegistryValues
+    - RtlAppendUnicodeToString
+    - RtlCompareMemory
+    - MmBuildMdlForNonPagedPool
+    - IoAllocateIrp
+    - IoFreeIrp
+    - ZwOpenSymbolicLinkObject
+    - ZwQuerySymbolicLinkObject
+    - RtlUpcaseUnicodeString
+    - NtClose
+    - ZwSetInformationObject
+    - SeQueryAuthenticationIdToken
+    - MmSystemRangeStart
+    - IoGetFileObjectGenericMapping
+    - ObCreateObject
+    - SeCreateAccessState
+    - IoAcquireVpbSpinLock
+    - IoReleaseVpbSpinLock
+    - wcstombs
+    - strncat
+    - wcsncat
+    - RtlUnicodeStringToAnsiString
+    - RtlFreeAnsiString
+    - strcpy
+    - wcsstr
+    - RtlCompareUnicodeString
+    - DbgPrintEx
+    - KeAcquireSpinLockRaiseToDpc
+    - KeReleaseSpinLock
+    - ExAllocatePool
+    - ExpInterlockedPopEntrySList
+    - IoBuildSynchronousFsdRequest
+    - IoGetStackLimits
+    - IoGetDeviceInterfaces
+    - IoRegisterPlugPlayNotification
+    - IoUnregisterPlugPlayNotification
+    - IoGetConfigurationInformation
+    - FsRtlIsNameInExpression
+    - IoDeviceObjectType
+    - IoCreateDevice
+    - RtlGetOwnerSecurityDescriptor
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetSaclSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - RtlLengthSid
+    - SeExports
+    - IoIsWdmVersionAvailable
+    - RtlAbsoluteToSelfRelativeSD
+    - RtlAnsiStringToUnicodeString
+    - _purecall
+    - KeBugCheckEx
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=TW, ST=Taiwan, L=Taipei, O=Trend Micro, Inc., CN=Trend Micro,
+                Inc.
+            ValidFrom: '2017-04-27 00:00:00'
+            ValidTo: '2018-07-16 23:59:59'
+            Signature: f3b20c020c826fd9e2629408ffc97c9e245959d1050c9ce7708069d366d26af191812e16fce674eaca0d8f05b2a796280831737299800d2bfe0071efecf655117b7952a4d7c0701b97de034a1d42e928fd1a2082b081f9d22e9d39af3233cf05c1e61ae1f8fbfec872e78d9a0b29b4f147f1a053d1757a824601df2bb07c75c591fe7efbaf0021764b90cd446f85f80d14bc2cd42c83edfa7d2510f8f94c82d1b3ea999b1cff9093291977c7e996dc32904d3934f167077684ff76aa5327654a0bd7223d9d67657b47c5b46012dca6723d89e7fa051b3380d0c4977b9df537e75da3186ab149b27c089715a01bd695f408f7ded66bfbe920d27a6f6a7d4cc8b3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 497c4fad471540e6e453d0cafb155740
+            Version: 3
+            TBS:
+                MD5: 78eaa337666217b1c16a9a0ebd0b8434
+                SHA1: ff9cb835e78f6185eed4372096c3bae53b17d18d
+                SHA256: 1c0d9746725e176b4a7c2852878f14d7587f58e65d346bc1247f1c8ee6374250
+                SHA384: ffe3c75b860679a5de399c7d2c2844dbfac51d5d8581e24648d208daba1e4bed5c867808e02dc8d7cb3df1d4b2b53d10
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 497c4fad471540e6e453d0cafb155740
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 9700ee6a34ba2b25ddc817d1a0743be8
+        SHA1: 80283ee3a81f182a56da60791555c7a5ac734e1c
+        SHA256: 7f352214a0d86b5a789492b8c5d18b8bb5fe7ec7145b883dbf27d6f1bc31a950
+    Sections:
+        .text:
+            Entropy: 5.882716454664285
+            Virtual Size: '0x52425'
+        .rdata:
+            Entropy: 3.4552608819028907
+            Virtual Size: '0x613c'
+        .data:
+            Entropy: 4.6804019792119735
+            Virtual Size: '0x3374'
+        .pdata:
+            Entropy: 5.561589432085414
+            Virtual Size: '0x3ab0'
+        .gfids:
+            Entropy: 2.0
+            Virtual Size: '0x4'
+        PAGE:
+            Entropy: 6.308406037999558
+            Virtual Size: '0x1ae4'
+        .edata:
+            Entropy: 5.84084380733241
+            Virtual Size: '0x5834'
+        INIT:
+            Entropy: 5.34434036674121
+            Virtual Size: '0x18a6'
+        .rsrc:
+            Entropy: 3.3891280022554757
+            Virtual Size: '0x568'
+        .reloc:
+            Entropy: 5.319305863516213
+            Virtual Size: '0x4c8'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2017-07-12 21:23:02'
+    Imphash: 234f0978e7f2aa0beb9501ff53d94e5b
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: TmComm.sys
+    MD5: 6e25148bb384469f3d5386dc5217548a
+    SHA1: dbf6e72c08824fe49c29b7660c9965c37d983e93
+    SHA256: 3c4207c90c97733fae2a08679d63fbbe94dfcf96fdfdf88406aa7ab3f80ea78f
+    Authentihash:
+        MD5: 2778b2480e305bca99547b921a96ede5
+        SHA1: 69044e94c725b1536c4f721b5a0cd9816581c745
+        SHA256: eb14c5db8307488809897be13c66ef02941f6020f9c34a9664db92a00d551f4a
+    Description: TrendMicro Common Module
+    Company: Trend Micro Inc.
+    InternalName: TmComm.sys
+    OriginalFilename: TmComm.sys
+    FileVersion: 6.70.0.1128
+    Product: Trend Micro Eyes
+    ProductVersion: '6.70'
+    Copyright: Copyright  (C)  2020 Trend Micro Incorporated. All rights reserved.
+    MachineType: I386
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    - CLASSPNP.SYS
+    ExportedFunctions:
+    - ??0CAutoUpdateConfigThread@@QAE@ABV0@@Z
+    - ??0CAutoUpdateConfigThread@@QAE@PAU_UNICODE_STRING@@P6GX0PAX@Z1@Z
+    - ??0CBlobConfig@@QAE@ABV0@@Z
+    - ??0CBlobConfig@@QAE@K@Z
+    - ??0CContext@@QAE@ABV0@@Z
+    - ??0CContext@@QAE@KP6GJPAU_EVENT_REPORT@@PAXPAU_TMCE_REPORT@@PAU_TMCE_FEEDBACK@@@Z1K@Z
+    - ??0CContextList@@QAE@ABV0@@Z
+    - ??0CContextList@@QAE@KPAVIMemoryAllocator@@@Z
+    - ??0CDebugLog@@QAE@ABV0@@Z
+    - ??0CDebugLog@@QAE@PBG@Z
+    - ??0CDebugLogEx@@QAE@ABV0@@Z
+    - ??0CDebugLogEx@@QAE@K@Z
+    - ??0CDelayLoadThread@@QAE@ABV0@@Z
+    - ??0CDelayLoadThread@@QAE@XZ
+    - ??0CExclusionExtConfig@@QAE@ABV0@@Z
+    - ??0CExclusionExtConfig@@QAE@KKE@Z
+    - ??0CExclusionFileNameConfig@@QAE@ABV0@@Z
+    - ??0CExclusionFileNameConfig@@QAE@KK@Z
+    - ??0CExclusionFilePathConfig@@QAE@ABV0@@Z
+    - ??0CExclusionFilePathConfig@@QAE@KK@Z
+    - ??0CExclusionFolderConfig@@QAE@ABV0@@Z
+    - ??0CExclusionFolderConfig@@QAE@KK@Z
+    - ??0CExclusionRegistryConfig@@QAE@ABV0@@Z
+    - ??0CExclusionRegistryConfig@@QAE@KK@Z
+    - ??0CFile@@QAE@ABV0@@Z
+    - ??0CFile@@QAE@E@Z
+    - ??0CFileExtension@@QAE@ABV0@@Z
+    - ??0CFileExtension@@QAE@KEEPAVIMemoryAllocator@@@Z
+    - ??0CInclusionExtConfig@@QAE@ABV0@@Z
+    - ??0CInclusionExtConfig@@QAE@KKE@Z
+    - ??0CInclusionFileNameConfig@@QAE@ABV0@@Z
+    - ??0CInclusionFileNameConfig@@QAE@KK@Z
+    - ??0CInclusionFilePathConfig@@QAE@ABV0@@Z
+    - ??0CInclusionFilePathConfig@@QAE@KK@Z
+    - ??0CInclusionFolderConfig@@QAE@ABV0@@Z
+    - ??0CInclusionFolderConfig@@QAE@KK@Z
+    - ??0CKEvent@@QAE@ABV0@@Z
+    - ??0CKEvent@@QAE@W4_EVENT_TYPE@@E@Z
+    - ??0CList@@QAE@ABV0@@Z
+    - ??0CList@@QAE@KPAVIMemoryAllocator@@@Z
+    - ??0CLockEvent@@QAE@ABV0@@Z
+    - ??0CLockEvent@@QAE@XZ
+    - ??0CLockList@@QAE@ABV0@@Z
+    - ??0CLockList@@QAE@KKPAVIMemoryAllocator@@@Z
+    - ??0CMemoryAllocator@@IAE@W4_POOL_TYPE@@K@Z
+    - ??0CMemoryAllocator@@QAE@ABV0@@Z
+    - ??0CMemoryPoolAllocator@@IAE@W4_POOL_TYPE@@KKK@Z
+    - ??0CMemoryPoolAllocator@@QAE@ABV0@@Z
+    - ??0CModuleConfig@@QAE@ABV0@@Z
+    - ??0CModuleConfig@@QAE@XZ
+    - ??0CModuleConfigList@@QAE@ABV0@@Z
+    - ??0CModuleConfigList@@QAE@KPAVIMemoryAllocator@@@Z
+    - ??0CModuleFileExtConfig@@QAE@ABV0@@Z
+    - ??0CModuleFileExtConfig@@QAE@KKE@Z
+    - ??0CModuleFlagConfig@@QAE@ABV0@@Z
+    - ??0CModuleFlagConfig@@QAE@K@Z
+    - ??0CModuleMultiStringConfig@@QAE@ABV0@@Z
+    - ??0CModuleMultiStringConfig@@QAE@KK@Z
+    - ??0CModuleStringConfig@@QAE@ABV0@@Z
+    - ??0CModuleStringConfig@@QAE@K@Z
+    - ??0CNoLockList@@QAE@ABV0@@Z
+    - ??0CNoLockList@@QAE@KKPAVIMemoryAllocator@@@Z
+    - ??0CSmartLock@@QAE@AAVCLockEvent@@@Z
+    - ??0CSmartLock@@QAE@XZ
+    - ??0CSmartReference@@QAE@AAJ@Z
+    - ??0CSmartReference@@QAE@AAK@Z
+    - ??0CSmartResource@@QAE@AAVCResource@@E@Z
+    - ??0CStrList@@QAE@ABV0@@Z
+    - ??0CStrList@@QAE@KPAVIMemoryAllocator@@@Z
+    - ??0CSystemThread@@QAE@ABV0@@Z
+    - ??0CSystemThread@@QAE@K@Z
+    - ??0CUserFuncAdapterJob@@QAE@ABV0@@Z
+    - ??0CUserFuncAdapterJob@@QAE@P6GXPAX@Z01@Z
+    - ??0CWorkerThread@@IAE@PAVCWorkerThreadJobQueue@@@Z
+    - ??0CWorkerThread@@QAE@ABV0@@Z
+    - ??0CWorkerThreadJob@@QAE@ABV0@@Z
+    - ??0CWorkerThreadJob@@QAE@E@Z
+    - ??0CWorkerThreadJobQueue@@QAE@ABV0@@Z
+    - ??0CWorkerThreadJobQueue@@QAE@K@Z
+    - ??0CWorkerThreadPool@@QAE@ABV0@@Z
+    - ??0CWorkerThreadPool@@QAE@K@Z
+    - ??0CWorkerThreadPoolEx@@QAE@ABV0@@Z
+    - ??0CWorkerThreadPoolEx@@QAE@KK@Z
+    - ??0IMemoryAllocator@@QAE@ABV0@@Z
+    - ??0IMemoryAllocator@@QAE@XZ
+    - ??1CAutoUpdateConfigThread@@UAE@XZ
+    - ??1CBlobConfig@@UAE@XZ
+    - ??1CContext@@UAE@XZ
+    - ??1CContextList@@UAE@XZ
+    - ??1CDebugLog@@UAE@XZ
+    - ??1CDebugLogEx@@UAE@XZ
+    - ??1CDelayLoadThread@@UAE@XZ
+    - ??1CExclusionExtConfig@@UAE@XZ
+    - ??1CExclusionFileNameConfig@@UAE@XZ
+    - ??1CExclusionFilePathConfig@@UAE@XZ
+    - ??1CExclusionFolderConfig@@UAE@XZ
+    - ??1CExclusionRegistryConfig@@UAE@XZ
+    - ??1CFile@@UAE@XZ
+    - ??1CFileExtension@@UAE@XZ
+    - ??1CInclusionExtConfig@@UAE@XZ
+    - ??1CInclusionFileNameConfig@@UAE@XZ
+    - ??1CInclusionFilePathConfig@@UAE@XZ
+    - ??1CInclusionFolderConfig@@UAE@XZ
+    - ??1CKEvent@@UAE@XZ
+    - ??1CList@@UAE@XZ
+    - ??1CLockEvent@@UAE@XZ
+    - ??1CLockList@@UAE@XZ
+    - ??1CMemoryAllocator@@UAE@XZ
+    - ??1CMemoryPoolAllocator@@UAE@XZ
+    - ??1CModuleConfig@@UAE@XZ
+    - ??1CModuleConfigList@@UAE@XZ
+    - ??1CModuleFileExtConfig@@UAE@XZ
+    - ??1CModuleFlagConfig@@UAE@XZ
+    - ??1CModuleMultiStringConfig@@UAE@XZ
+    - ??1CModuleStringConfig@@UAE@XZ
+    - ??1CNoLockList@@UAE@XZ
+    - ??1CSmartLock@@QAE@XZ
+    - ??1CSmartReference@@QAE@XZ
+    - ??1CSmartResource@@QAE@XZ
+    - ??1CStrList@@UAE@XZ
+    - ??1CSystemThread@@UAE@XZ
+    - ??1CUserFuncAdapterJob@@UAE@XZ
+    - ??1CWorkerThread@@UAE@XZ
+    - ??1CWorkerThreadJob@@UAE@XZ
+    - ??1CWorkerThreadJobQueue@@UAE@XZ
+    - ??1CWorkerThreadPool@@UAE@XZ
+    - ??1CWorkerThreadPoolEx@@UAE@XZ
+    - ??1IMemoryAllocator@@UAE@XZ
+    - ??2@YAPAXIPAVIMemoryAllocator@@PBDK@Z
+    - ??2CMemoryAllocator@@SGPAXI@Z
+    - ??2CMemoryPoolAllocator@@SGPAXI@Z
+    - ??3@YAXPAX@Z
+    - ??3IMemoryAllocator@@SGXPAX@Z
+    - ??4CAutoUpdateConfigThread@@QAEAAV0@ABV0@@Z
+    - ??4CBlobConfig@@QAEAAV0@ABV0@@Z
+    - ??4CContext@@QAEAAV0@ABV0@@Z
+    - ??4CDebugLog@@QAEAAV0@ABV0@@Z
+    - ??4CDebugLogEx@@QAEAAV0@ABV0@@Z
+    - ??4CDelayLoadThread@@QAEAAV0@ABV0@@Z
+    - ??4CFile@@QAEAAV0@ABV0@@Z
+    - ??4CKEvent@@QAEAAV0@ABV0@@Z
+    - ??4CLockEvent@@QAEAAV0@ABV0@@Z
+    - ??4CMemoryAllocator@@QAEAAV0@ABV0@@Z
+    - ??4CMemoryPoolAllocator@@QAEAAV0@ABV0@@Z
+    - ??4CModuleConfig@@QAEAAV0@ABV0@@Z
+    - ??4CModuleFlagConfig@@QAEAAV0@ABV0@@Z
+    - ??4CModuleStringConfig@@QAEAAV0@ABV0@@Z
+    - ??4CSmartLock@@QAEAAV0@ABV0@@Z
+    - ??4CSmartLock@@QAEABV0@AAVCLockEvent@@@Z
+    - ??4CSmartResource@@QAEAAV0@ABV0@@Z
+    - ??4CSystemThread@@QAEAAV0@ABV0@@Z
+    - ??4CUserFuncAdapterJob@@QAEAAV0@ABV0@@Z
+    - ??4CWorkerThread@@QAEAAV0@ABV0@@Z
+    - ??4CWorkerThreadJob@@QAEAAV0@ABV0@@Z
+    - ??4IMemoryAllocator@@QAEAAV0@ABV0@@Z
+    - ??_7CAutoUpdateConfigThread@@6B@
+    - ??_7CBlobConfig@@6B@
+    - ??_7CContext@@6B@
+    - ??_7CContextList@@6B@
+    - ??_7CDebugLog@@6B@
+    - ??_7CDebugLogEx@@6B@
+    - ??_7CDelayLoadThread@@6B@
+    - ??_7CExclusionExtConfig@@6B@
+    - ??_7CExclusionFileNameConfig@@6B@
+    - ??_7CExclusionFilePathConfig@@6B@
+    - ??_7CExclusionFolderConfig@@6B@
+    - ??_7CExclusionRegistryConfig@@6B@
+    - ??_7CFile@@6B@
+    - ??_7CFileExtension@@6B@
+    - ??_7CInclusionExtConfig@@6B@
+    - ??_7CInclusionFileNameConfig@@6B@
+    - ??_7CInclusionFilePathConfig@@6B@
+    - ??_7CInclusionFolderConfig@@6B@
+    - ??_7CKEvent@@6B@
+    - ??_7CList@@6B@
+    - ??_7CLockEvent@@6B@
+    - ??_7CLockList@@6B@
+    - ??_7CMemoryAllocator@@6B@
+    - ??_7CMemoryPoolAllocator@@6B@
+    - ??_7CModuleConfig@@6B@
+    - ??_7CModuleConfigList@@6B@
+    - ??_7CModuleFileExtConfig@@6B@
+    - ??_7CModuleFlagConfig@@6B@
+    - ??_7CModuleMultiStringConfig@@6B@
+    - ??_7CModuleStringConfig@@6B@
+    - ??_7CNoLockList@@6B@
+    - ??_7CStrList@@6B@
+    - ??_7CSystemThread@@6B@
+    - ??_7CUserFuncAdapterJob@@6B@
+    - ??_7CWorkerThread@@6B@
+    - ??_7CWorkerThreadJob@@6B@
+    - ??_7CWorkerThreadJobQueue@@6B@
+    - ??_7CWorkerThreadPool@@6B@
+    - ??_7CWorkerThreadPoolEx@@6B@
+    - ??_7IMemoryAllocator@@6B@
+    - ??_FCContextList@@QAEXXZ
+    - ??_FCFile@@QAEXXZ
+    - ??_FCFileExtension@@QAEXXZ
+    - ??_FCModuleConfigList@@QAEXXZ
+    - ??_FCStrList@@QAEXXZ
+    - ??_FCSystemThread@@QAEXXZ
+    - ??_FCWorkerThread@@QAEXXZ
+    - ??_FCWorkerThreadJob@@QAEXXZ
+    - ??_FCWorkerThreadJobQueue@@QAEXXZ
+    - ??_U@YAPAXIPAVIMemoryAllocator@@PBDK@Z
+    - ??_V@YAXPAX@Z
+    - ?Acquire@CLockEvent@@QAEXXZ
+    - ?Add@CContextList@@QAEEPAVCContext@@@Z
+    - ?Add@CFileExtension@@QAEEPBGK@Z
+    - ?Add@CModuleConfigList@@QAEEPAVCModuleConfig@@@Z
+    - ?Add@CStrList@@QAEEPBG@Z
+    - ?AddNode@CLockList@@UAEEQAXE@Z
+    - ?AddNode@CNoLockList@@UAEEQAXE@Z
+    - ?Alloc@CMemoryAllocator@@UAEPAXKPBDK@Z
+    - ?Alloc@CMemoryPoolAllocator@@UAEPAXKPBDK@Z
+    - ?AllocBlock@CMemoryPoolAllocator@@IAEPAXK@Z
+    - ?AttachJobQueue@CWorkerThread@@QAEXPAVCWorkerThreadJobQueue@@@Z
+    - ?Cancel@CWorkerThreadJob@@QAEXXZ
+    - ?CheckNode@CLockList@@UAEHQAX@Z
+    - ?CheckNode@CNoLockList@@UAEHQAX@Z
+    - ?CleanQueue@CWorkerThreadJobQueue@@QAEXXZ
+    - ?Cleanup@CBlobConfig@@AAEXXZ
+    - ?Cleanup@CModuleFileExtConfig@@IAEXXZ
+    - ?Cleanup@CModuleMultiStringConfig@@IAEXXZ
+    - ?Cleanup@CModuleStringConfig@@AAEXXZ
+    - ?Close@CFile@@QAEJXZ
+    - ?Count@CLockList@@QAEKXZ
+    - ?Count@CNoLockList@@QAEKXZ
+    - ?Create@CFile@@QAEJPBGKKKK@Z
+    - ?Create@CSystemThread@@QAEEXZ
+    - ?CreateInstance@CMemoryAllocator@@SGPAV1@W4_POOL_TYPE@@K@Z
+    - ?CreateInstance@CMemoryPoolAllocator@@SGPAV1@W4_POOL_TYPE@@KKK@Z
+    - ?CreatePool@CWorkerThreadPool@@QAEEXZ
+    - ?CreatePool@CWorkerThreadPoolEx@@QAEEXZ
+    - ?CreateThreads@CWorkerThreadPool@@QAEEK@Z
+    - ?CreateThreads@CWorkerThreadPoolEx@@QAEEK@Z
+    - ?CreateWIRP@CFile@@QAEJPBGKKKK@Z
+    - ?Delete@CFile@@QAEJXZ
+    - ?Delete@CFileExtension@@QAEEPBGK@Z
+    - ?Delete@CStrList@@QAEEPBG@Z
+    - ?DeleteAll@CList@@UAEXXZ
+    - ?DeleteAll@CLockList@@UAEXXZ
+    - ?DeleteAll@CNoLockList@@UAEXXZ
+    - ?DeleteNode@CContextList@@MAEXPAX@Z
+    - ?DeleteNode@CList@@UAEXPAX@Z
+    - ?DeleteNode@CModuleConfigList@@MAEXPAX@Z
+    - ?DeleteNode@CStrList@@EAEXPAU_STR_LIST_NODE@1@@Z
+    - ?DisableWriteProtectFromCR0@@YGXPAPAX@Z
+    - ?DoIt@CWorkerThreadJob@@QAEJXZ
+    - ?EntryPoint@CSystemThread@@KGXPAX@Z
+    - ?Find@CContextList@@QAEPAVCContext@@K@Z
+    - ?Find@CContextList@@QAEPAVCContext@@PAX@Z
+    - ?Find@CFileExtension@@QAEPAU_STR_LIST_NODE@CStrList@@PBGK@Z
+    - ?Find@CModuleConfigList@@QAEPAVCModuleConfig@@K@Z
+    - ?Find@CStrList@@QAEPAU_STR_LIST_NODE@1@PBG@Z
+    - ?FindNode@CContextList@@IAEPAXPAX@Z
+    - ?FindPartiallyAndAllMatch@CStrList@@QAEPAU_STR_LIST_NODE@1@PBG@Z
+    - ?FinishFunction@CUserFuncAdapterJob@@MAEXXZ
+    - ?FinishIt@CWorkerThreadJob@@QAEJXZ
+    - ?First@CList@@UAEPAXXZ
+    - ?First@CLockList@@UAEPAXXZ
+    - ?First@CNoLockList@@UAEPAXXZ
+    - ?Free@CMemoryAllocator@@UAEXPAX@Z
+    - ?Free@CMemoryPoolAllocator@@UAEXPAX@Z
+    - ?GetAttributes@CFile@@QAEKXZ
+    - ?GetBasicInfomration@CFile@@IAEJXZ
+    - ?GetBlobCofig@CContext@@UAEJKPAXPAK@Z
+    - ?GetCategory@CContext@@QAEKXZ
+    - ?GetData@CBlobConfig@@QAEHPAXPAK@Z
+    - ?GetData@CModuleFileExtConfig@@QAEHPAGPAK@Z
+    - ?GetData@CModuleFileExtConfig@@QAEPAVCFileExtension@@XZ
+    - ?GetData@CModuleFlagConfig@@QAEKXZ
+    - ?GetData@CModuleMultiStringConfig@@QAEHPAGPAK@Z
+    - ?GetData@CModuleMultiStringConfig@@QAEPAVCStrList@@XZ
+    - ?GetData@CModuleStringConfig@@QAEPAGXZ
+    - ?GetData@CStrList@@QAEEPAGPAK@Z
+    - ?GetDataType@CModuleConfig@@QAEKXZ
+    - ?GetEngineContext@CContext@@QAEPAXXZ
+    - ?GetFileExtensionConfig@CContext@@QAEPAVCFileExtension@@K@Z
+    - ?GetFileExtensionConfig@CContext@@UAEJKPAGPAK@Z
+    - ?GetFileSize@CFile@@QAEJPAT_LARGE_INTEGER@@@Z
+    - ?GetFileSizeWIRP@CFile@@QAEJPAT_LARGE_INTEGER@@@Z
+    - ?GetFlagConfig@CContext@@UAEJKPAK@Z
+    - ?GetID@CModuleConfig@@QAEKXZ
+    - ?GetJob@CWorkerThreadJobQueue@@QAEPAVCWorkerThreadJob@@XZ
+    - ?GetLength@CModuleStringConfig@@QAEKXZ
+    - ?GetLinkContext@CContext@@QAEPAXXZ
+    - ?GetLogFlag@CDebugLog@@QAEKXZ
+    - ?GetLogFlag@CDebugLogEx@@QAEKXZ
+    - ?GetModuleId@CModuleConfig@@QAEKXZ
+    - ?GetMultiStringConfig@CContext@@QAEPAVCStrList@@K@Z
+    - ?GetMultiStringConfig@CContext@@UAEJKPAGPAK@Z
+    - ?GetOneThreadTEB@CWorkerThreadPool@@QAEPAU_ETHREAD@@XZ
+    - ?GetOneThreadTEB@CWorkerThreadPool@@QAEPAU_KTHREAD@@XZ
+    - ?GetOneThreadTEB@CWorkerThreadPoolEx@@QAEPAU_ETHREAD@@XZ
+    - ?GetOneThreadTEB@CWorkerThreadPoolEx@@QAEPAU_KTHREAD@@XZ
+    - ?GetReportCallBackRoutine@CContext@@QAEKXZ
+    - ?GetSize@CBlobConfig@@QAEKXZ
+    - ?GetStringConfig@CContext@@QAEPAGK@Z
+    - ?GetStringConfig@CContext@@UAEJKPAGPAK@Z
+    - ?GetThreadCount@CWorkerThreadPool@@QAEKXZ
+    - ?GetThreadCount@CWorkerThreadPoolEx@@QAEKXZ
+    - ?GetThreadID@CSystemThread@@QAEKXZ
+    - ?GetType@CContext@@QAEKXZ
+    - ?GetUserParameter@CContext@@QAEKXZ
+    - ?InitProcMon@CDebugLogEx@@IAEXXZ
+    - ?InitializeBlobConfig@CContext@@QAEHKPAXK@Z
+    - ?InitializeFileExtensionConfig@CContext@@QAEHKPBG@Z
+    - ?InitializeFlagConfig@CContext@@QAEHKK@Z
+    - ?InitializeMultiStringConfig@CContext@@QAEHKPBG@Z
+    - ?InitializeStringConfig@CContext@@QAEHKPBG@Z
+    - ?Insert@CList@@UAEXQAXE@Z
+    - ?Insert@CLockList@@UAEXQAXE@Z
+    - ?Insert@CNoLockList@@UAEXQAXE@Z
+    - ?InsertAfter@CList@@UAEXPAX0@Z
+    - ?InsertBefore@CList@@UAEXPAX0@Z
+    - ?Instance@CWorkerThreadPool@@SGPAV1@XZ
+    - ?IsEmpty@CList@@UAEEXZ
+    - ?IsEmpty@CLockList@@UAEEXZ
+    - ?IsEmpty@CNoLockList@@UAEEXZ
+    - ?IsExceedLimitation@CMemoryPoolAllocator@@IAEEK@Z
+    - ?IsFull@CLockList@@QBEEXZ
+    - ?IsFull@CNoLockList@@QBEEXZ
+    - ?IsInExclusionList@CExclusionExtConfig@@QAEEPBG@Z
+    - ?IsInExclusionList@CExclusionFileNameConfig@@QAEEPBG@Z
+    - ?IsInExclusionList@CExclusionFilePathConfig@@QAEEPBG@Z
+    - ?IsInExclusionList@CExclusionFolderConfig@@QAEEPBG@Z
+    - ?IsInExclusionList@CExclusionRegistryConfig@@QAEEPBG@Z
+    - ?IsInInclusionList@CInclusionExtConfig@@QAEEPBG@Z
+    - ?IsInInclusionList@CInclusionFileNameConfig@@QAEEPBG@Z
+    - ?IsInInclusionList@CInclusionFilePathConfig@@QAEEPBG@Z
+    - ?IsInInclusionList@CInclusionFolderConfig@@QAEEPBG@Z
+    - ?IsOpened@CFile@@QAEEXZ
+    - ?IsTerminated@CWorkerThreadPool@@QAEEXZ
+    - ?IsTerminated@CWorkerThreadPoolEx@@QAEEXZ
+    - ?IsValid@CMemoryAllocator@@UAEEXZ
+    - ?IsValid@CMemoryPoolAllocator@@UAEEXZ
+    - ?IsValid@IMemoryAllocator@@UAEEXZ
+    - ?IsWorkerThread@CWorkerThreadPool@@QAEEK@Z
+    - ?IsWorkerThread@CWorkerThreadPoolEx@@QAEEK@Z
+    - ?JobFunction@CUserFuncAdapterJob@@MAEXXZ
+    - ?JobQueue@CWorkerThreadPool@@QAEAAVCWorkerThreadJobQueue@@XZ
+    - ?JobQueue@CWorkerThreadPoolEx@@QAEAAVCWorkerThreadJobQueue@@XZ
+    - ?Limit@CLockList@@QAEKXZ
+    - ?Limit@CNoLockList@@QAEKXZ
+    - ?MatchAllExtensions@CFileExtension@@QAEEXZ
+    - ?MatchNoExtensions@CFileExtension@@QAEEXZ
+    - ?MergeLeft@CMemoryPoolAllocator@@IAEPAXPAX@Z
+    - ?MergeRight@CMemoryPoolAllocator@@IAEPAXPAX@Z
+    - ?NeedDelete@CWorkerThreadJob@@QAEEXZ
+    - ?NeedDeleteWhenFinish@CWorkerThreadJob@@QAEXE@Z
+    - ?NewNode@CList@@UAEPAXXZ
+    - ?NewNode@CStrList@@EAEPAXXZ
+    - ?NewNodeVariant@CList@@IAEPAXK@Z
+    - ?Next@CList@@UBEPAXQAX@Z
+    - ?Next@CLockList@@UBEPAXQAX@Z
+    - ?Next@CNoLockList@@UBEPAXQAX@Z
+    - ?NextPool@CMemoryPoolAllocator@@QAEPAV1@XZ
+    - ?NotityTerminate@CWorkerThread@@QAEXXZ
+    - ?PostJobToWorkerThread@CWorkerThreadPool@@QAEJP6GXPAX@Z0E@Z
+    - ?PostJobToWorkerThread@CWorkerThreadPoolEx@@QAEJP6GXPAX@Z0E1@Z
+    - ?Pulse@CKEvent@@QAEJJE@Z
+    - ?QueueJob@CWorkerThreadJobQueue@@QAEEPAVCWorkerThreadJob@@@Z
+    - ?QueueJobItem@CWorkerThreadPool@@QAEJPAVCWorkerThreadJob@@@Z
+    - ?QueueJobItem@CWorkerThreadPoolEx@@QAEJPAVCWorkerThreadJob@@@Z
+    - ?RCMInstance@CWorkerThreadPool@@SGPAV1@XZ
+    - ?Read@CFile@@QAEJPADKPAK@Z
+    - ?ReadWIRP@CFile@@QAEJPADKPAK@Z
+    - ?ReferenceCount@CContext@@QAEAAKXZ
+    - ?Release@CLockEvent@@QAEXXZ
+    - ?Remove@CContextList@@UAEEQAX@Z
+    - ?Remove@CList@@UAEEQAX@Z
+    - ?Remove@CLockList@@UAEEQAX@Z
+    - ?Remove@CNoLockList@@UAEEQAX@Z
+    - ?RemoveHead@CList@@UAEPAXXZ
+    - ?RemoveHead@CLockList@@UAEPAXXZ
+    - ?RemoveHead@CNoLockList@@UAEPAXXZ
+    - ?RemoveTail@CList@@UAEPAXXZ
+    - ?RemoveTail@CLockList@@UAEPAXXZ
+    - ?RemoveTail@CNoLockList@@UAEPAXXZ
+    - ?Reset@CKEvent@@QAEXXZ
+    - ?ResetData@CInclusionExtConfig@@QAEXXZ
+    - ?ResetData@CInclusionFileNameConfig@@QAEXXZ
+    - ?ResetData@CInclusionFilePathConfig@@QAEXXZ
+    - ?ResetData@CInclusionFolderConfig@@QAEXXZ
+    - ?RestoreCR0@@YGXPAX@Z
+    - ?Run@CAutoUpdateConfigThread@@UAEXXZ
+    - ?Run@CDelayLoadThread@@UAEXXZ
+    - ?Run@CWorkerThread@@UAEXXZ
+    - ?SeekToEnd@CFile@@QAEJXZ
+    - ?Set@CKEvent@@QAEJJE@Z
+    - ?SetAttributes@CFile@@QAEJK@Z
+    - ?SetBlobCofig@CContext@@UAEJKPAXK@Z
+    - ?SetData@CBlobConfig@@QAEHPAXK@Z
+    - ?SetData@CModuleFileExtConfig@@QAEHPBG@Z
+    - ?SetData@CModuleFlagConfig@@QAEHK@Z
+    - ?SetData@CModuleMultiStringConfig@@QAEHPBGK@Z
+    - ?SetData@CModuleStringConfig@@QAEHPBG@Z
+    - ?SetEngineContext@CContext@@QAEXPAX@Z
+    - ?SetFileExtensionConfig@CContext@@UAEJKPBG@Z
+    - ?SetFlagConfig@CContext@@UAEJKK@Z
+    - ?SetLinkContext@CContext@@QAEXPAX@Z
+    - ?SetLogFlag@CDebugLog@@QAEEK@Z
+    - ?SetLogFlag@CDebugLogEx@@QAEEK@Z
+    - ?SetMatchAllExtensions@CFileExtension@@QAEXE@Z
+    - ?SetMatchNoExtensions@CFileExtension@@QAEXE@Z
+    - ?SetMultiStringConfig@CContext@@UAEJKPBG@Z
+    - ?SetNewJobItemEvent@CWorkerThreadJobQueue@@QAEXXZ
+    - ?SetPriority@CSystemThread@@QAEXK@Z
+    - ?SetStopUse@CContext@@QAEXXZ
+    - ?SetStringConfig@CContext@@UAEJKPBG@Z
+    - ?Setup@CSystemThread@@MAEXXZ
+    - ?StopUse@CContext@@QAEHXZ
+    - ?TearDown@CSystemThread@@MAEXXZ
+    - ?Terminate@CSystemThread@@QAEXE@Z
+    - ?Terminate@CWorkerThreadPool@@QAEEXZ
+    - ?Terminate@CWorkerThreadPoolEx@@QAEEXZ
+    - ?TmExceptionFilter@@YGJPAU_EXCEPTION_POINTERS@@@Z
+    - ?Wait@CKEvent@@QAEJPAT_LARGE_INTEGER@@E@Z
+    - ?WaitFinish@CWorkerThreadJob@@QAEXXZ
+    - ?WaitForInit@CDelayLoadThread@@QAEEXZ
+    - ?WaitForLoad@CDelayLoadThread@@QAEEXZ
+    - ?WaitNewJobAvailable@CWorkerThreadJobQueue@@QAEEXZ
+    - ?WaitQueueEmpty@CWorkerThreadJobQueue@@QAEXXZ
+    - ?Write@CDebugLog@@QAAXPBDZZ
+    - ?Write@CDebugLogEx@@QAAXPBDZZ
+    - ?Write@CFile@@QAEJPADKPAT_LARGE_INTEGER@@PAK@Z
+    - ?WriteDataToFile@CDebugLogEx@@IAEXPADK@Z
+    - ?WriteDataToProcMonW@CDebugLogEx@@IAEXPAD@Z
+    - ?WriteSystemInformation@CDebugLog@@QAEXXZ
+    - ?WriteSystemInformation@CDebugLogEx@@QAEXXZ
+    - ?WriteSystemStringInformation@CDebugLog@@IAEXPBG@Z
+    - ?WriteSystemStringInformation@CDebugLogEx@@IAEXPBG@Z
+    - ?WriteToFile@CDebugLog@@IAEXPADK@Z
+    - ?WriteToProcMonW@CDebugLogEx@@IAEXPAU_UNICODE_STRING@@@Z
+    - ?_pNonPagedAllocator@@3PAVCMemoryAllocator@@A
+    - ?_pPagedAllocator@@3PAVCMemoryAllocator@@A
+    - ?m_lpInstance@CWorkerThreadPool@@1PAV1@A
+    - ?m_lpRCMInstance@CWorkerThreadPool@@1PAV1@A
+    - _DeInitKm2UmCommunication@0
+    - _DeInitKmLPC@0
+    - _DuplicateFullFileName@4
+    - _FreeFullFileName@4
+    - _GetFileVersionOfNtoskrnl@16
+    - _GetKm2UmMode@0
+    - _GetModuleInfoByAddress@8
+    - _GetModuleInfoByModuleName@8
+    - _InitKm2UmCommunication@8
+    - _InitKmLPC@0
+    - _IsWindows8_1_update@4
+    - _KmCallUm@8
+    - _KmCallUmByLPC@8
+    - _KmCallUmEx@12
+    - _KmCleanupCommPortAPIs@0
+    - _KmGetUmInitProcess@0
+    - _KmSetCommPortAPIs@4
+    - _ModGetExportProcAddress@8
+    - _ModLoadDLLToBuffer@4
+    - _ModLoadDLLToBufferWithImageSize@8
+    - _ModLoadModule@8
+    - _ModUnLoadModule@4
+    - _NormalizeFileName@4
+    - _NormalizeFullNtPathToDosName@4
+    - _TmCommConfigRoutine@4
+    - _UtilAddDeviceInDriveTable@4
+    - _UtilAddReparsePointMapping@8
+    - _UtilCleanFileReadOnly@4
+    - _UtilCloseExclusiveHandle@12
+    - _UtilCreateDosFileName@8
+    - _UtilDeleteFileForce@4
+    - _UtilGetDeviceObjectName@8
+    - _UtilGetFileNameFromFileObject@4
+    - _UtilGetFileObjectForProcessByEPROC@8
+    - _UtilGetFileObjectFromFileName@12
+    - _UtilGetProcessName@12
+    - _UtilGetSystemDirectory@4
+    - _UtilGetSystemDirectoryEx@0
+    - _UtilGetSystemDirectoryLength@0
+    - _UtilGetSystemTime@4
+    - _UtilIoSetFileInfo@24
+    - _UtilIopCreateFileIRP@40
+    - _UtilKeGetLowFileDevice@16
+    - _UtilModuleIATHook@24
+    - _UtilModuleIATUnHook@8
+    - _UtilPostJobToWorkerThread@12
+    - _UtilQueryExclusiveHandle@12
+    - _UtilQueryKeyValue@24
+    - _UtilRemoveDeviceFromDriveTable@4
+    - _UtilVolumeDeviceToDosName@8
+    - _UtilWaitValueChangeToZero@8
+    - _UtilWriteVersionToRegistry@8
+    - _UtilbuildDynamicDiskMappingTable@0
+    - _UtlWriteBinValueKeyToRegistry@16
+    - _ValidateAddressWithSize@20
+    - __ResetProtectFromClose@4
+    - __UtilDosPathNameToNtPathName@12
+    ImportedFunctions:
+    - KePulseEvent
+    - KeClearEvent
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - ObfDereferenceObject
+    - ZwSetEvent
+    - ZwClose
+    - ZwConnectPort
+    - RtlInitUnicodeString
+    - RtlUnicodeStringToInteger
+    - ZwCreateSection
+    - ZwWaitForSingleObject
+    - ZwOpenEvent
+    - IoGetCurrentProcess
+    - ObfReferenceObject
+    - DbgBreakPoint
+    - ZwRequestWaitReplyPort
+    - ExFreePoolWithTag
+    - ProbeForWrite
+    - ZwFreeVirtualMemory
+    - ZwAllocateVirtualMemory
+    - ObOpenObjectByPointer
+    - PsProcessType
+    - memmove
+    - PsGetProcessExitTime
+    - MmSectionObjectType
+    - PsThreadType
+    - ObReleaseObjectSecurity
+    - SeReleaseSubjectContext
+    - SeAccessCheck
+    - SeCaptureSubjectContext
+    - ObGetObjectSecurity
+    - DbgPrint
+    - memset
+    - MmIsAddressValid
+    - ExInitializeResourceLite
+    - ExDeleteResourceLite
+    - ZwWriteFile
+    - ZwReadFile
+    - ZwQueryInformationFile
+    - ZwSetInformationFile
+    - ZwCreateFile
+    - swprintf
+    - towupper
+    - _wcsnicmp
+    - ExAllocatePoolWithTag
+    - KeInitializeEvent
+    - _snprintf
+    - PsGetCurrentProcessId
+    - RtlTimeToTimeFields
+    - ExSystemTimeToLocalTime
+    - KeQuerySystemTime
+    - PsGetCurrentThreadId
+    - RtlInitAnsiString
+    - ZwDeviceIoControlFile
+    - ZwCreateKey
+    - ZwCreateEvent
+    - KeWaitForMultipleObjects
+    - ObReferenceObjectByHandle
+    - ZwNotifyChangeKey
+    - _vsnprintf
+    - RtlFreeUnicodeString
+    - RtlAnsiStringToUnicodeString
+    - RtlEqualUnicodeString
+    - RtlAppendUnicodeStringToString
+    - RtlCopyUnicodeString
+    - RtlUpcaseUnicodeChar
+    - RtlPrefixUnicodeString
+    - ExGetPreviousMode
+    - KeWaitForSingleObject
+    - KeSetPriorityThread
+    - PsTerminateSystemThread
+    - PsCreateSystemThread
+    - KeDelayExecutionThread
+    - KeNumberProcessors
+    - ZwQueryInformationProcess
+    - PsLookupProcessByProcessId
+    - ZwOpenDirectoryObject
+    - PsSetCreateProcessNotifyRoutine
+    - ZwQuerySystemInformation
+    - ZwQueryDirectoryFile
+    - ZwQueryDirectoryObject
+    - ZwOpenKey
+    - ZwEnumerateKey
+    - ZwEnumerateValueKey
+    - ZwQueryValueKey
+    - ZwDeleteValueKey
+    - ZwDeleteKey
+    - ZwTerminateProcess
+    - ZwOpenProcess
+    - ZwQueryKey
+    - ZwSetValueKey
+    - IoFileObjectType
+    - KeSetEvent
+    - ZwQuerySecurityObject
+    - ZwSetSecurityObject
+    - RtlLengthSecurityDescriptor
+    - MmHighestUserAddress
+    - IoFreeIrp
+    - _purecall
+    - MmUnlockPages
+    - IoBuildAsynchronousFsdRequest
+    - _strnicmp
+    - RtlQueryRegistryValues
+    - RtlAppendUnicodeToString
+    - mbstowcs
+    - ZwQuerySymbolicLinkObject
+    - ZwOpenSymbolicLinkObject
+    - NtClose
+    - ObQueryNameString
+    - MmGetSystemRoutineAddress
+    - ZwSetInformationObject
+    - _stricmp
+    - ZwUnmapViewOfSection
+    - ZwMapViewOfSection
+    - ZwOpenFile
+    - IoCreateFile
+    - IofCallDriver
+    - IoAllocateIrp
+    - MmBuildMdlForNonPagedPool
+    - IoAllocateMdl
+    - ProbeForRead
+    - PsGetVersion
+    - RtlImageNtHeader
+    - RtlCompareMemory
+    - RtlUpcaseUnicodeString
+    - _snwprintf
+    - MmSystemRangeStart
+    - wcsncmp
+    - strrchr
+    - ZwQueryVolumeInformationFile
+    - ObReferenceObjectByPointer
+    - IoBuildDeviceIoControlRequest
+    - ZwOpenSection
+    - _allmul
+    - KeReleaseSemaphore
+    - RtlLengthRequiredSid
+    - RtlInitializeSid
+    - RtlSubAuthoritySid
+    - RtlSetDaclSecurityDescriptor
+    - RtlCreateSecurityDescriptor
+    - RtlAddAccessAllowedAce
+    - RtlCreateAcl
+    - KeInitializeSemaphore
+    - IoGetDeviceObjectPointer
+    - IofCompleteRequest
+    - ExEventObjectType
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - IoCreateSymbolicLink
+    - RtlUpperChar
+    - ObReferenceObjectByName
+    - IoDriverObjectType
+    - RtlCompareUnicodeString
+    - strncpy
+    - KeServiceDescriptorTable
+    - NtOpenProcess
+    - ObOpenObjectByName
+    - NtQueryInformationProcess
+    - PsIsThreadTerminating
+    - KeAddSystemServiceTable
+    - ZwFsControlFile
+    - ObInsertObject
+    - IoReleaseVpbSpinLock
+    - IoAcquireVpbSpinLock
+    - SeCreateAccessState
+    - IoGetFileObjectGenericMapping
+    - ObCreateObject
+    - _allshr
+    - ExInterlockedPopEntrySList
+    - IoGetStackLimits
+    - IoBuildSynchronousFsdRequest
+    - wcsstr
+    - IoUnregisterPlugPlayNotification
+    - FsRtlIsNameInExpression
+    - IoGetConfigurationInformation
+    - MmProbeAndLockPages
+    - IoGetDeviceInterfaces
+    - IoRegisterPlugPlayNotification
+    - ExAllocatePool
+    - wcschr
+    - KeTickCount
+    - KeBugCheckEx
+    - RtlUnwind
+    - wcsrchr
+    - memcpy
+    - wcsncpy
+    - ExReleaseResourceLite
+    - ExAcquireResourceExclusiveLite
+    - ExAcquireResourceSharedLite
+    - ExReleaseFastMutexUnsafe
+    - KeLeaveCriticalRegion
+    - KeEnterCriticalRegion
+    - _allrem
+    - ExAcquireFastMutexUnsafe
+    - IoDeviceObjectType
+    - IoCreateDevice
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetSaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - SeExports
+    - IoIsWdmVersionAvailable
+    - RtlLengthSid
+    - RtlAbsoluteToSelfRelativeSD
+    - IoFreeMdl
+    - KeGetCurrentThread
+    - KfAcquireSpinLock
+    - KfReleaseSpinLock
+    - KeRaiseIrqlToDpcLevel
+    - KfLowerIrql
+    - KeAcquireQueuedSpinLock
+    - KeReleaseQueuedSpinLock
+    - ExAcquireFastMutex
+    - ExReleaseFastMutex
+    - KeGetCurrentIrql
+    - KfRaiseIrql
+    - ClassInitialize
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=TW, L=Taipei, O=Trend Micro, Inc., OU=Taipei, TW, CN=Trend
+                Micro, Inc.
+            ValidFrom: '2019-07-12 00:00:00'
+            ValidTo: '2020-07-10 12:00:00'
+            Signature: 5c08ae5d586a4751195382d6889dc2fc500e7c39c641e1a58def8d923e12b754e2cc35720cc8d3d29382980debf7d98fcc17d764187126dd07c134fdbb96dd44fe8a40195df6f6acd1881fa5ba2921dadceb3f64422344672834813916bbdf317533cf6aaf3317d78197d7d6c560ad681de135f39e2d4ad345b7fe491162660a5462c6075fd725382df1e6e6bc3a4c443be778f79b07f181082e38150ca28ab932f99e4bc4185dc5b3b6edf22c187fdfd84e23a21e7da1989837f43b89aa172e6b34dbcb297bffd511a1d1c100b25e0e921f622a0845e23317f9fec83659ca21c241800683e0dd66ce4d042a8aefc4142b5923a6fa93ee72c48e8dc04c13b4b0
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ea0fe4dfb74cc64bc32143103c27c8b
+            Version: 3
+            TBS:
+                MD5: e93e004baa6013b41135ac0648e29d5b
+                SHA1: dc91e26674d4b627319c700d3ebb1a6cf83d358e
+                SHA256: 0d20335edb166a303411548471bee6f301c8b4f7f7e453d09c15303de2c888d7
+                SHA384: 5e0130ee64e28e6366fcf0ca8a126b3f7e06eec60b8a46ac90dbfa858aac8f0c1a9cce248a606fdf9a98eae98dd5d887
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
+            Version: 3
+            TBS:
+                MD5: 829995f702421dea833a24fb2c7f4442
+                SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
+                SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
+                SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 0ea0fe4dfb74cc64bc32143103c27c8b
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 8ae6b3a63d3444e617eba17c3a93979e
+        SHA1: 3cc95db9109125c87a3cb737bbe371034d9c3ade
+        SHA256: 118d8d8e4d2d1ce80640e7b28300dd41389daf9bdbdc6ad2e9fefcde4aab7ad2
+    Sections:
+        .text:
+            Entropy: 6.674088172403195
+            Virtual Size: '0x3521e'
+        .rdata:
+            Entropy: 4.891713204478538
+            Virtual Size: '0x240c'
+        .data:
+            Entropy: 3.902683274701683
+            Virtual Size: '0x3610'
+        PAGE:
+            Entropy: 6.269350000242081
+            Virtual Size: '0x13dd'
+        .edata:
+            Entropy: 5.844064311160178
+            Virtual Size: '0x55d9'
+        INIT:
+            Entropy: 5.530415320687985
+            Virtual Size: '0x1668'
+        .rsrc:
+            Entropy: 3.3690890151354242
+            Virtual Size: '0x568'
+        .reloc:
+            Entropy: 6.508397535267547
+            Virtual Size: '0x36c6'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2020-06-22 02:26:17'
+    Imphash: 31907ffcac211e27136b14bb2f442070
+    LoadsDespiteHVCI: 'TRUE'
+-   Filename: TmComm.sys
+    MD5: ad866d83b4f0391aecceb4e507011831
+    SHA1: 2cc70b772b42e0208f345c7c70d78f7536812f99
+    SHA256: 3e1d47a497babbfd1c83905777b517ec87c65742bee7eb57a2273eca825d2272
+    Authentihash:
+        MD5: 9242d88e9b533ca214638aadacfb515a
+        SHA1: 9892893a2a7d2a458ee795eeee065f64d4f6e3c4
+        SHA256: 6ad7bdf11a7ce7296a06eb4f14091df84fafdb04413e714f09f9ea6c686a1323
+    Description: TrendMicro Common Module
+    Company: Trend Micro Inc.
+    InternalName: TmComm.sys
+    OriginalFilename: TmComm.sys
+    FileVersion: 5.0.0.1113
+    Product: Trend Micro Eyes
+    ProductVersion: '5.0'
+    Copyright: Copyright (C) 2005-2011 Trend Micro Incorporated. All rights reserved.
+    MachineType: I386
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    - CLASSPNP.SYS
+    - SCSIPORT.SYS
+    ExportedFunctions:
+    - ??0CAutoUpdateConfigThread@@QAE@ABV0@@Z
+    - ??0CAutoUpdateConfigThread@@QAE@PAU_UNICODE_STRING@@P6GX0PAX@Z1@Z
+    - ??0CBlobConfig@@QAE@ABV0@@Z
+    - ??0CBlobConfig@@QAE@K@Z
+    - ??0CContext@@QAE@ABV0@@Z
+    - ??0CContext@@QAE@KP6GJPAU_EVENT_REPORT@@PAXPAU_TMCE_REPORT@@PAU_TMCE_FEEDBACK@@@Z1K@Z
+    - ??0CContextList@@QAE@ABV0@@Z
+    - ??0CContextList@@QAE@KPAVIMemoryAllocator@@@Z
+    - ??0CDebugLog@@QAE@ABV0@@Z
+    - ??0CDebugLog@@QAE@PBG@Z
+    - ??0CDelayLoadThread@@QAE@ABV0@@Z
+    - ??0CDelayLoadThread@@QAE@XZ
+    - ??0CExclusionExtConfig@@QAE@ABV0@@Z
+    - ??0CExclusionExtConfig@@QAE@KKE@Z
+    - ??0CExclusionFileNameConfig@@QAE@ABV0@@Z
+    - ??0CExclusionFileNameConfig@@QAE@KK@Z
+    - ??0CExclusionFilePathConfig@@QAE@ABV0@@Z
+    - ??0CExclusionFilePathConfig@@QAE@KK@Z
+    - ??0CExclusionFolderConfig@@QAE@ABV0@@Z
+    - ??0CExclusionFolderConfig@@QAE@KK@Z
+    - ??0CExclusionRegistryConfig@@QAE@ABV0@@Z
+    - ??0CExclusionRegistryConfig@@QAE@KK@Z
+    - ??0CFile@@QAE@ABV0@@Z
+    - ??0CFile@@QAE@E@Z
+    - ??0CFileExtension@@QAE@ABV0@@Z
+    - ??0CFileExtension@@QAE@KEEPAVIMemoryAllocator@@@Z
+    - ??0CKEvent@@QAE@ABV0@@Z
+    - ??0CKEvent@@QAE@W4_EVENT_TYPE@@E@Z
+    - ??0CList@@QAE@ABV0@@Z
+    - ??0CList@@QAE@KPAVIMemoryAllocator@@@Z
+    - ??0CLockEvent@@QAE@ABV0@@Z
+    - ??0CLockEvent@@QAE@XZ
+    - ??0CLockList@@QAE@ABV0@@Z
+    - ??0CLockList@@QAE@KKPAVIMemoryAllocator@@@Z
+    - ??0CMemoryAllocator@@IAE@W4_POOL_TYPE@@K@Z
+    - ??0CMemoryAllocator@@QAE@ABV0@@Z
+    - ??0CMemoryPoolAllocator@@IAE@W4_POOL_TYPE@@KKK@Z
+    - ??0CMemoryPoolAllocator@@QAE@ABV0@@Z
+    - ??0CModuleConfig@@QAE@ABV0@@Z
+    - ??0CModuleConfig@@QAE@XZ
+    - ??0CModuleConfigList@@QAE@ABV0@@Z
+    - ??0CModuleConfigList@@QAE@KPAVIMemoryAllocator@@@Z
+    - ??0CModuleFileExtConfig@@QAE@ABV0@@Z
+    - ??0CModuleFileExtConfig@@QAE@KKE@Z
+    - ??0CModuleFlagConfig@@QAE@ABV0@@Z
+    - ??0CModuleFlagConfig@@QAE@K@Z
+    - ??0CModuleMultiStringConfig@@QAE@ABV0@@Z
+    - ??0CModuleMultiStringConfig@@QAE@KK@Z
+    - ??0CModuleStringConfig@@QAE@ABV0@@Z
+    - ??0CModuleStringConfig@@QAE@K@Z
+    - ??0CNoLockList@@QAE@ABV0@@Z
+    - ??0CNoLockList@@QAE@KKPAVIMemoryAllocator@@@Z
+    - ??0CSmartLock@@QAE@AAVCLockEvent@@@Z
+    - ??0CSmartLock@@QAE@XZ
+    - ??0CSmartReference@@QAE@AAJ@Z
+    - ??0CSmartReference@@QAE@AAK@Z
+    - ??0CSmartResource@@QAE@AAVCResource@@E@Z
+    - ??0CStrList@@QAE@ABV0@@Z
+    - ??0CStrList@@QAE@KPAVIMemoryAllocator@@@Z
+    - ??0CSystemThread@@QAE@ABV0@@Z
+    - ??0CSystemThread@@QAE@K@Z
+    - ??0CUserFuncAdapterJob@@QAE@ABV0@@Z
+    - ??0CUserFuncAdapterJob@@QAE@P6GXPAX@Z0@Z
+    - ??0CWorkerThread@@IAE@PAVCWorkerThreadJobQueue@@@Z
+    - ??0CWorkerThread@@QAE@ABV0@@Z
+    - ??0CWorkerThreadJob@@QAE@ABV0@@Z
+    - ??0CWorkerThreadJob@@QAE@E@Z
+    - ??0CWorkerThreadJobQueue@@QAE@ABV0@@Z
+    - ??0CWorkerThreadJobQueue@@QAE@K@Z
+    - ??0CWorkerThreadPool@@QAE@ABV0@@Z
+    - ??0CWorkerThreadPool@@QAE@K@Z
+    - ??0IMemoryAllocator@@QAE@ABV0@@Z
+    - ??0IMemoryAllocator@@QAE@XZ
+    - ??1CAutoUpdateConfigThread@@UAE@XZ
+    - ??1CBlobConfig@@UAE@XZ
+    - ??1CContext@@UAE@XZ
+    - ??1CContextList@@UAE@XZ
+    - ??1CDebugLog@@UAE@XZ
+    - ??1CDelayLoadThread@@UAE@XZ
+    - ??1CExclusionExtConfig@@UAE@XZ
+    - ??1CExclusionFileNameConfig@@UAE@XZ
+    - ??1CExclusionFilePathConfig@@UAE@XZ
+    - ??1CExclusionFolderConfig@@UAE@XZ
+    - ??1CExclusionRegistryConfig@@UAE@XZ
+    - ??1CFile@@UAE@XZ
+    - ??1CFileExtension@@UAE@XZ
+    - ??1CKEvent@@UAE@XZ
+    - ??1CList@@UAE@XZ
+    - ??1CLockEvent@@UAE@XZ
+    - ??1CLockList@@UAE@XZ
+    - ??1CMemoryAllocator@@UAE@XZ
+    - ??1CMemoryPoolAllocator@@UAE@XZ
+    - ??1CModuleConfig@@UAE@XZ
+    - ??1CModuleConfigList@@UAE@XZ
+    - ??1CModuleFileExtConfig@@UAE@XZ
+    - ??1CModuleFlagConfig@@UAE@XZ
+    - ??1CModuleMultiStringConfig@@UAE@XZ
+    - ??1CModuleStringConfig@@UAE@XZ
+    - ??1CNoLockList@@UAE@XZ
+    - ??1CSmartLock@@QAE@XZ
+    - ??1CSmartReference@@QAE@XZ
+    - ??1CSmartResource@@QAE@XZ
+    - ??1CStrList@@UAE@XZ
+    - ??1CSystemThread@@UAE@XZ
+    - ??1CUserFuncAdapterJob@@UAE@XZ
+    - ??1CWorkerThread@@UAE@XZ
+    - ??1CWorkerThreadJob@@UAE@XZ
+    - ??1CWorkerThreadJobQueue@@UAE@XZ
+    - ??1CWorkerThreadPool@@UAE@XZ
+    - ??1IMemoryAllocator@@UAE@XZ
+    - ??2@YAPAXIPAVIMemoryAllocator@@PBDK@Z
+    - ??2CMemoryAllocator@@SGPAXI@Z
+    - ??2CMemoryPoolAllocator@@SGPAXI@Z
+    - ??3@YAXPAX@Z
+    - ??3IMemoryAllocator@@SGXPAX@Z
+    - ??4CAutoUpdateConfigThread@@QAEAAV0@ABV0@@Z
+    - ??4CBlobConfig@@QAEAAV0@ABV0@@Z
+    - ??4CContext@@QAEAAV0@ABV0@@Z
+    - ??4CDebugLog@@QAEAAV0@ABV0@@Z
+    - ??4CDelayLoadThread@@QAEAAV0@ABV0@@Z
+    - ??4CFile@@QAEAAV0@ABV0@@Z
+    - ??4CKEvent@@QAEAAV0@ABV0@@Z
+    - ??4CLockEvent@@QAEAAV0@ABV0@@Z
+    - ??4CMemoryAllocator@@QAEAAV0@ABV0@@Z
+    - ??4CMemoryPoolAllocator@@QAEAAV0@ABV0@@Z
+    - ??4CModuleConfig@@QAEAAV0@ABV0@@Z
+    - ??4CModuleFlagConfig@@QAEAAV0@ABV0@@Z
+    - ??4CModuleStringConfig@@QAEAAV0@ABV0@@Z
+    - ??4CSmartLock@@QAEAAV0@ABV0@@Z
+    - ??4CSmartLock@@QAEABV0@AAVCLockEvent@@@Z
+    - ??4CSmartResource@@QAEAAV0@ABV0@@Z
+    - ??4CSystemThread@@QAEAAV0@ABV0@@Z
+    - ??4CUserFuncAdapterJob@@QAEAAV0@ABV0@@Z
+    - ??4CWorkerThread@@QAEAAV0@ABV0@@Z
+    - ??4CWorkerThreadJob@@QAEAAV0@ABV0@@Z
+    - ??4IMemoryAllocator@@QAEAAV0@ABV0@@Z
+    - ??_7CAutoUpdateConfigThread@@6B@
+    - ??_7CBlobConfig@@6B@
+    - ??_7CContext@@6B@
+    - ??_7CContextList@@6B@
+    - ??_7CDebugLog@@6B@
+    - ??_7CDelayLoadThread@@6B@
+    - ??_7CExclusionExtConfig@@6B@
+    - ??_7CExclusionFileNameConfig@@6B@
+    - ??_7CExclusionFilePathConfig@@6B@
+    - ??_7CExclusionFolderConfig@@6B@
+    - ??_7CExclusionRegistryConfig@@6B@
+    - ??_7CFile@@6B@
+    - ??_7CFileExtension@@6B@
+    - ??_7CKEvent@@6B@
+    - ??_7CList@@6B@
+    - ??_7CLockEvent@@6B@
+    - ??_7CLockList@@6B@
+    - ??_7CMemoryAllocator@@6B@
+    - ??_7CMemoryPoolAllocator@@6B@
+    - ??_7CModuleConfig@@6B@
+    - ??_7CModuleConfigList@@6B@
+    - ??_7CModuleFileExtConfig@@6B@
+    - ??_7CModuleFlagConfig@@6B@
+    - ??_7CModuleMultiStringConfig@@6B@
+    - ??_7CModuleStringConfig@@6B@
+    - ??_7CNoLockList@@6B@
+    - ??_7CStrList@@6B@
+    - ??_7CSystemThread@@6B@
+    - ??_7CUserFuncAdapterJob@@6B@
+    - ??_7CWorkerThread@@6B@
+    - ??_7CWorkerThreadJob@@6B@
+    - ??_7CWorkerThreadJobQueue@@6B@
+    - ??_7CWorkerThreadPool@@6B@
+    - ??_7IMemoryAllocator@@6B@
+    - ??_FCContextList@@QAEXXZ
+    - ??_FCFile@@QAEXXZ
+    - ??_FCFileExtension@@QAEXXZ
+    - ??_FCModuleConfigList@@QAEXXZ
+    - ??_FCStrList@@QAEXXZ
+    - ??_FCSystemThread@@QAEXXZ
+    - ??_FCWorkerThread@@QAEXXZ
+    - ??_FCWorkerThreadJob@@QAEXXZ
+    - ??_FCWorkerThreadJobQueue@@QAEXXZ
+    - ??_U@YAPAXIPAVIMemoryAllocator@@PBDK@Z
+    - ??_V@YAXPAX@Z
+    - ?Acquire@CLockEvent@@QAEXXZ
+    - ?Add@CContextList@@QAEEPAVCContext@@@Z
+    - ?Add@CFileExtension@@QAEEPBGK@Z
+    - ?Add@CModuleConfigList@@QAEEPAVCModuleConfig@@@Z
+    - ?Add@CStrList@@QAEEPBG@Z
+    - ?AddNode@CLockList@@UAEEQAXE@Z
+    - ?AddNode@CNoLockList@@UAEEQAXE@Z
+    - ?Alloc@CMemoryAllocator@@UAEPAXKPBDK@Z
+    - ?Alloc@CMemoryPoolAllocator@@UAEPAXKPBDK@Z
+    - ?AllocBlock@CMemoryPoolAllocator@@IAEPAXK@Z
+    - ?AttachJobQueue@CWorkerThread@@QAEXPAVCWorkerThreadJobQueue@@@Z
+    - ?Cancel@CWorkerThreadJob@@QAEXXZ
+    - ?CheckNode@CLockList@@UAEHQAX@Z
+    - ?CheckNode@CNoLockList@@UAEHQAX@Z
+    - ?CleanQueue@CWorkerThreadJobQueue@@QAEXXZ
+    - ?Cleanup@CBlobConfig@@AAEXXZ
+    - ?Cleanup@CModuleFileExtConfig@@IAEXXZ
+    - ?Cleanup@CModuleMultiStringConfig@@IAEXXZ
+    - ?Cleanup@CModuleStringConfig@@AAEXXZ
+    - ?Close@CFile@@QAEJXZ
+    - ?Count@CLockList@@QAEKXZ
+    - ?Count@CNoLockList@@QAEKXZ
+    - ?Create@CFile@@QAEJPBGKKKK@Z
+    - ?Create@CSystemThread@@QAEEXZ
+    - ?CreateInstance@CMemoryAllocator@@SGPAV1@W4_POOL_TYPE@@K@Z
+    - ?CreateInstance@CMemoryPoolAllocator@@SGPAV1@W4_POOL_TYPE@@KKK@Z
+    - ?CreatePool@CWorkerThreadPool@@QAEEXZ
+    - ?CreateThreads@CWorkerThreadPool@@QAEEK@Z
+    - ?CreateWIRP@CFile@@QAEJPBGKKKK@Z
+    - ?Delete@CFile@@QAEJXZ
+    - ?Delete@CFileExtension@@QAEEPBGK@Z
+    - ?Delete@CStrList@@QAEEPBG@Z
+    - ?DeleteAll@CList@@UAEXXZ
+    - ?DeleteAll@CLockList@@UAEXXZ
+    - ?DeleteAll@CNoLockList@@UAEXXZ
+    - ?DeleteNode@CContextList@@MAEXPAX@Z
+    - ?DeleteNode@CList@@UAEXPAX@Z
+    - ?DeleteNode@CModuleConfigList@@MAEXPAX@Z
+    - ?DeleteNode@CStrList@@EAEXPAU_STR_LIST_NODE@1@@Z
+    - ?DisableWriteProtectFromCR0@@YGXPAPAX@Z
+    - ?DoIt@CWorkerThreadJob@@QAEJXZ
+    - ?EntryPoint@CSystemThread@@KGXPAX@Z
+    - ?Find@CContextList@@QAEPAVCContext@@K@Z
+    - ?Find@CContextList@@QAEPAVCContext@@PAX@Z
+    - ?Find@CFileExtension@@QAEPAU_STR_LIST_NODE@CStrList@@PBGK@Z
+    - ?Find@CModuleConfigList@@QAEPAVCModuleConfig@@K@Z
+    - ?Find@CStrList@@QAEPAU_STR_LIST_NODE@1@PBG@Z
+    - ?FindNode@CContextList@@IAEPAXPAX@Z
+    - ?FindPartiallyAndAllMatch@CStrList@@QAEPAU_STR_LIST_NODE@1@PBG@Z
+    - ?First@CList@@UAEPAXXZ
+    - ?First@CLockList@@UAEPAXXZ
+    - ?First@CNoLockList@@UAEPAXXZ
+    - ?Free@CMemoryAllocator@@UAEXPAX@Z
+    - ?Free@CMemoryPoolAllocator@@UAEXPAX@Z
+    - ?GetAttributes@CFile@@QAEKXZ
+    - ?GetBasicInfomration@CFile@@IAEJXZ
+    - ?GetBlobCofig@CContext@@UAEJKPAXPAK@Z
+    - ?GetCategory@CContext@@QAEKXZ
+    - ?GetData@CBlobConfig@@QAEHPAXPAK@Z
+    - ?GetData@CModuleFileExtConfig@@QAEHPAGPAK@Z
+    - ?GetData@CModuleFileExtConfig@@QAEPAVCFileExtension@@XZ
+    - ?GetData@CModuleFlagConfig@@QAEKXZ
+    - ?GetData@CModuleMultiStringConfig@@QAEHPAGPAK@Z
+    - ?GetData@CModuleMultiStringConfig@@QAEPAVCStrList@@XZ
+    - ?GetData@CModuleStringConfig@@QAEPAGXZ
+    - ?GetData@CStrList@@QAEEPAGPAK@Z
+    - ?GetDataType@CModuleConfig@@QAEKXZ
+    - ?GetEngineContext@CContext@@QAEPAXXZ
+    - ?GetFileExtensionConfig@CContext@@QAEPAVCFileExtension@@K@Z
+    - ?GetFileExtensionConfig@CContext@@UAEJKPAGPAK@Z
+    - ?GetFileSize@CFile@@QAEJPAT_LARGE_INTEGER@@@Z
+    - ?GetFlagConfig@CContext@@UAEJKPAK@Z
+    - ?GetID@CModuleConfig@@QAEKXZ
+    - ?GetJob@CWorkerThreadJobQueue@@QAEPAVCWorkerThreadJob@@XZ
+    - ?GetLength@CModuleStringConfig@@QAEKXZ
+    - ?GetLinkContext@CContext@@QAEPAXXZ
+    - ?GetLogFlag@CDebugLog@@QAEKXZ
+    - ?GetModuleId@CModuleConfig@@QAEKXZ
+    - ?GetMultiStringConfig@CContext@@QAEPAVCStrList@@K@Z
+    - ?GetMultiStringConfig@CContext@@UAEJKPAGPAK@Z
+    - ?GetOneThreadTEB@CWorkerThreadPool@@QAEPAU_ETHREAD@@XZ
+    - ?GetReportCallBackRoutine@CContext@@QAEKXZ
+    - ?GetSize@CBlobConfig@@QAEKXZ
+    - ?GetStringConfig@CContext@@QAEPAGK@Z
+    - ?GetStringConfig@CContext@@UAEJKPAGPAK@Z
+    - ?GetThreadCount@CWorkerThreadPool@@QAEKXZ
+    - ?GetThreadID@CSystemThread@@QAEKXZ
+    - ?GetType@CContext@@QAEKXZ
+    - ?GetUserParameter@CContext@@QAEKXZ
+    - ?InitializeBlobConfig@CContext@@QAEHKPAXK@Z
+    - ?InitializeFileExtensionConfig@CContext@@QAEHKPBG@Z
+    - ?InitializeFlagConfig@CContext@@QAEHKK@Z
+    - ?InitializeMultiStringConfig@CContext@@QAEHKPBG@Z
+    - ?InitializeStringConfig@CContext@@QAEHKPBG@Z
+    - ?Insert@CList@@UAEXQAXE@Z
+    - ?Insert@CLockList@@UAEXQAXE@Z
+    - ?Insert@CNoLockList@@UAEXQAXE@Z
+    - ?InsertAfter@CList@@UAEXPAX0@Z
+    - ?InsertBefore@CList@@UAEXPAX0@Z
+    - ?Instance@CWorkerThreadPool@@SGPAV1@XZ
+    - ?IsEmpty@CList@@UAEEXZ
+    - ?IsEmpty@CLockList@@UAEEXZ
+    - ?IsEmpty@CNoLockList@@UAEEXZ
+    - ?IsExceedLimitation@CMemoryPoolAllocator@@IAEEK@Z
+    - ?IsFull@CLockList@@QBEEXZ
+    - ?IsFull@CNoLockList@@QBEEXZ
+    - ?IsInExclusionList@CExclusionExtConfig@@QAEEPBG@Z
+    - ?IsInExclusionList@CExclusionFileNameConfig@@QAEEPBG@Z
+    - ?IsInExclusionList@CExclusionFilePathConfig@@QAEEPBG@Z
+    - ?IsInExclusionList@CExclusionFolderConfig@@QAEEPBG@Z
+    - ?IsInExclusionList@CExclusionRegistryConfig@@QAEEPBG@Z
+    - ?IsOpened@CFile@@QAEEXZ
+    - ?IsTerminated@CWorkerThreadPool@@QAEEXZ
+    - ?IsValid@CMemoryAllocator@@UAEEXZ
+    - ?IsValid@CMemoryPoolAllocator@@UAEEXZ
+    - ?IsValid@IMemoryAllocator@@UAEEXZ
+    - ?IsWorkerThread@CWorkerThreadPool@@QAEEK@Z
+    - ?JobFunction@CUserFuncAdapterJob@@MAEXXZ
+    - ?JobQueue@CWorkerThreadPool@@QAEAAVCWorkerThreadJobQueue@@XZ
+    - ?Limit@CLockList@@QAEKXZ
+    - ?Limit@CNoLockList@@QAEKXZ
+    - ?MatchAllExtensions@CFileExtension@@QAEEXZ
+    - ?MatchNoExtensions@CFileExtension@@QAEEXZ
+    - ?MergeLeft@CMemoryPoolAllocator@@IAEPAXPAX@Z
+    - ?MergeRight@CMemoryPoolAllocator@@IAEPAXPAX@Z
+    - ?NeedDelete@CWorkerThreadJob@@QAEEXZ
+    - ?NeedDeleteWhenFinish@CWorkerThreadJob@@QAEXE@Z
+    - ?NewNode@CList@@UAEPAXXZ
+    - ?NewNode@CStrList@@EAEPAXXZ
+    - ?NewNodeVariant@CList@@IAEPAXK@Z
+    - ?Next@CList@@UBEPAXQAX@Z
+    - ?Next@CLockList@@UBEPAXQAX@Z
+    - ?Next@CNoLockList@@UBEPAXQAX@Z
+    - ?NextPool@CMemoryPoolAllocator@@QAEPAV1@XZ
+    - ?NotityTerminate@CWorkerThread@@QAEXXZ
+    - ?PostJobToWorkerThread@CWorkerThreadPool@@QAEJP6GXPAX@Z0E@Z
+    - ?Pulse@CKEvent@@QAEJJE@Z
+    - ?QueueJob@CWorkerThreadJobQueue@@QAEEPAVCWorkerThreadJob@@@Z
+    - ?QueueJobItem@CWorkerThreadPool@@QAEJPAVCWorkerThreadJob@@@Z
+    - ?RCMInstance@CWorkerThreadPool@@SGPAV1@XZ
+    - ?Read@CFile@@QAEJPADKPAK@Z
+    - ?ReferenceCount@CContext@@QAEAAKXZ
+    - ?Release@CLockEvent@@QAEXXZ
+    - ?Remove@CContextList@@UAEEQAX@Z
+    - ?Remove@CList@@UAEEQAX@Z
+    - ?Remove@CLockList@@UAEEQAX@Z
+    - ?Remove@CNoLockList@@UAEEQAX@Z
+    - ?RemoveHead@CList@@UAEPAXXZ
+    - ?RemoveHead@CLockList@@UAEPAXXZ
+    - ?RemoveHead@CNoLockList@@UAEPAXXZ
+    - ?RemoveTail@CList@@UAEPAXXZ
+    - ?RemoveTail@CLockList@@UAEPAXXZ
+    - ?RemoveTail@CNoLockList@@UAEPAXXZ
+    - ?Reset@CKEvent@@QAEXXZ
+    - ?RestoreCR0@@YGXPAX@Z
+    - ?Run@CAutoUpdateConfigThread@@UAEXXZ
+    - ?Run@CDelayLoadThread@@UAEXXZ
+    - ?Run@CWorkerThread@@UAEXXZ
+    - ?SeekToEnd@CFile@@QAEJXZ
+    - ?Set@CKEvent@@QAEJJE@Z
+    - ?SetAttributes@CFile@@QAEJK@Z
+    - ?SetBlobCofig@CContext@@UAEJKPAXK@Z
+    - ?SetData@CBlobConfig@@QAEHPAXK@Z
+    - ?SetData@CModuleFileExtConfig@@QAEHPBG@Z
+    - ?SetData@CModuleFlagConfig@@QAEHK@Z
+    - ?SetData@CModuleMultiStringConfig@@QAEHPBG@Z
+    - ?SetData@CModuleStringConfig@@QAEHPBG@Z
+    - ?SetEngineContext@CContext@@QAEXPAX@Z
+    - ?SetFileExtensionConfig@CContext@@UAEJKPBG@Z
+    - ?SetFlagConfig@CContext@@UAEJKK@Z
+    - ?SetLinkContext@CContext@@QAEXPAX@Z
+    - ?SetLogFlag@CDebugLog@@QAEEK@Z
+    - ?SetMatchAllExtensions@CFileExtension@@QAEXE@Z
+    - ?SetMatchNoExtensions@CFileExtension@@QAEXE@Z
+    - ?SetMultiStringConfig@CContext@@UAEJKPBG@Z
+    - ?SetNewJobItemEvent@CWorkerThreadJobQueue@@QAEXXZ
+    - ?SetPriority@CSystemThread@@QAEXK@Z
+    - ?SetStopUse@CContext@@QAEXXZ
+    - ?SetStringConfig@CContext@@UAEJKPBG@Z
+    - ?Setup@CSystemThread@@MAEXXZ
+    - ?StopUse@CContext@@QAEHXZ
+    - ?TearDown@CSystemThread@@MAEXXZ
+    - ?Terminate@CSystemThread@@QAEXE@Z
+    - ?Terminate@CWorkerThreadPool@@QAEEXZ
+    - ?TmExceptionFilter@@YGJPAU_EXCEPTION_POINTERS@@@Z
+    - ?Wait@CKEvent@@QAEJPAT_LARGE_INTEGER@@E@Z
+    - ?WaitFinish@CWorkerThreadJob@@QAEXXZ
+    - ?WaitForReady@CDelayLoadThread@@QAEEXZ
+    - ?WaitNewJobAvailable@CWorkerThreadJobQueue@@QAEEXZ
+    - ?Write@CDebugLog@@QAAXPBDZZ
+    - ?Write@CFile@@QAEJPADKPAT_LARGE_INTEGER@@PAK@Z
+    - ?WriteSystemInformation@CDebugLog@@QAEXXZ
+    - ?WriteSystemStringInformation@CDebugLog@@IAEXPBG@Z
+    - ?WriteToFile@CDebugLog@@IAEXPADK@Z
+    - ?_pNonPagedAllocator@@3PAVCMemoryAllocator@@A
+    - ?_pPagedAllocator@@3PAVCMemoryAllocator@@A
+    - ?m_lpInstance@CWorkerThreadPool@@1PAV1@A
+    - ?m_lpRCMInstance@CWorkerThreadPool@@1PAV1@A
+    - _DeInitKmLPC@0
+    - _GetModuleInfoByAddress@8
+    - _GetModuleInfoByModuleName@8
+    - _InitKmLPC@0
+    - _KmCallUm@8
+    - _KmCallUmEx@12
+    - _ModGetExportProcAddress@8
+    - _ModLoadDLLToBuffer@4
+    - _ModLoadDLLToBufferWithImageSize@8
+    - _ModLoadModule@8
+    - _ModUnLoadModule@4
+    - _NormalizeFileName@4
+    - _NormalizeFullNtPathToDosName@4
+    - _TmCommConfigRoutine@4
+    - _UtilAddDeviceInDriveTable@4
+    - _UtilCleanFileReadOnly@4
+    - _UtilDeleteFileForce@4
+    - _UtilGetFileObjectForProcessByEPROC@8
+    - _UtilGetFileObjectFromFileName@12
+    - _UtilGetProcessName@12
+    - _UtilGetSystemDirectory@4
+    - _UtilGetSystemTime@4
+    - _UtilIoSetFileInfo@24
+    - _UtilIopCreateFileIRP@40
+    - _UtilKeGetLowFileDevice@16
+    - _UtilModuleIATHook@24
+    - _UtilModuleIATUnHook@8
+    - _UtilQueryKeyValue@24
+    - _UtilRemoveDeviceFromDriveTable@4
+    - _UtilVolumeDeviceToDosName@8
+    - _UtilWaitValueChangeToZero@8
+    - _UtilWriteVersionToRegistry@8
+    - _UtilbuildDynamicDiskMappingTable@0
+    - __UtilDosPathNameToNtPathName@12
+    ImportedFunctions:
+    - KeWaitForSingleObject
+    - KeReleaseSemaphore
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - RtlSubAuthoritySid
+    - RtlInitializeSid
+    - ExAllocatePoolWithTag
+    - RtlLengthRequiredSid
+    - ExFreePoolWithTag
+    - RtlSetDaclSecurityDescriptor
+    - RtlCreateSecurityDescriptor
+    - RtlAddAccessAllowedAce
+    - RtlCreateAcl
+    - ObfDereferenceObject
+    - ZwSetEvent
+    - ZwClose
+    - ZwRequestWaitReplyPort
+    - ProbeForWrite
+    - ZwFreeVirtualMemory
+    - ZwAllocateVirtualMemory
+    - ObOpenObjectByPointer
+    - PsProcessType
+    - memmove
+    - ZwConnectPort
+    - RtlInitUnicodeString
+    - RtlUnicodeStringToInteger
+    - ZwCreateSection
+    - ZwWaitForSingleObject
+    - ZwOpenEvent
+    - ObfReferenceObject
+    - IoGetCurrentProcess
+    - DbgBreakPoint
+    - PsGetProcessExitTime
+    - MmSectionObjectType
+    - DbgPrint
+    - memset
+    - MmIsAddressValid
+    - ExInitializeResourceLite
+    - ExDeleteResourceLite
+    - ZwWriteFile
+    - ZwReadFile
+    - ZwQueryInformationFile
+    - ZwSetInformationFile
+    - ZwCreateFile
+    - swprintf
+    - towupper
+    - _wcsnicmp
+    - KeInitializeEvent
+    - _snprintf
+    - PsGetCurrentProcessId
+    - RtlTimeToTimeFields
+    - ExSystemTimeToLocalTime
+    - KeQuerySystemTime
+    - ZwCreateKey
+    - ZwCreateEvent
+    - KeWaitForMultipleObjects
+    - ObReferenceObjectByHandle
+    - ZwNotifyChangeKey
+    - PsGetCurrentThreadId
+    - _vsnprintf
+    - KeSetPriorityThread
+    - PsTerminateSystemThread
+    - PsCreateSystemThread
+    - KeNumberProcessors
+    - ZwQueryInformationProcess
+    - PsLookupProcessByProcessId
+    - KeDelayExecutionThread
+    - ZwOpenDirectoryObject
+    - PsSetCreateProcessNotifyRoutine
+    - ZwQuerySystemInformation
+    - ZwQueryDirectoryFile
+    - ZwQueryDirectoryObject
+    - ZwDuplicateObject
+    - ZwOpenKey
+    - ZwEnumerateKey
+    - ZwEnumerateValueKey
+    - ZwQueryValueKey
+    - ZwDeleteValueKey
+    - ZwDeleteKey
+    - ExGetPreviousMode
+    - ZwTerminateProcess
+    - ZwOpenProcess
+    - ZwQueryKey
+    - ZwSetValueKey
+    - MmHighestUserAddress
+    - IoFreeIrp
+    - IoFreeMdl
+    - MmUnlockPages
+    - KeInitializeSemaphore
+    - _strnicmp
+    - RtlQueryRegistryValues
+    - RtlAppendUnicodeToString
+    - mbstowcs
+    - ZwQuerySymbolicLinkObject
+    - ZwOpenSymbolicLinkObject
+    - NtClose
+    - ZwSetInformationObject
+    - _stricmp
+    - ZwUnmapViewOfSection
+    - ZwMapViewOfSection
+    - ZwOpenFile
+    - RtlEqualUnicodeString
+    - IoFileObjectType
+    - IoCreateFile
+    - IofCallDriver
+    - IoAllocateIrp
+    - MmBuildMdlForNonPagedPool
+    - IoAllocateMdl
+    - ProbeForRead
+    - PsGetVersion
+    - MmGetSystemRoutineAddress
+    - RtlCopyUnicodeString
+    - RtlCompareMemory
+    - _snwprintf
+    - RtlImageNtHeader
+    - RtlFreeUnicodeString
+    - RtlAnsiStringToUnicodeString
+    - RtlInitAnsiString
+    - strrchr
+    - ZwQueryVolumeInformationFile
+    - ObReferenceObjectByPointer
+    - ObQueryNameString
+    - IoBuildDeviceIoControlRequest
+    - IofCompleteRequest
+    - ExEventObjectType
+    - _allmul
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - IoCreateSymbolicLink
+    - IoGetDeviceObjectPointer
+    - RtlUpperChar
+    - RtlCompareUnicodeString
+    - strncpy
+    - KeServiceDescriptorTable
+    - NtOpenProcess
+    - ObOpenObjectByName
+    - IoDriverObjectType
+    - RtlAppendUnicodeStringToString
+    - NtQueryInformationProcess
+    - PsIsThreadTerminating
+    - PsThreadType
+    - KeAddSystemServiceTable
+    - ZwQueryObject
+    - ZwQuerySecurityObject
+    - ObInsertObject
+    - _allrem
+    - IoReleaseVpbSpinLock
+    - IoAcquireVpbSpinLock
+    - SeCreateAccessState
+    - IoGetFileObjectGenericMapping
+    - RtlUpcaseUnicodeString
+    - ObCreateObject
+    - _allshr
+    - MmUnmapIoSpace
+    - MmGetPhysicalAddress
+    - MmFreeContiguousMemory
+    - MmAllocateContiguousMemory
+    - MmMapIoSpace
+    - KeTickCount
+    - KeBugCheckEx
+    - RtlUnwind
+    - KeClearEvent
+    - KePulseEvent
+    - KeSetEvent
+    - wcsrchr
+    - memcpy
+    - ZwSetSecurityObject
+    - IoDeviceObjectType
+    - IoCreateDevice
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetSaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - RtlLengthSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - SeExports
+    - IoIsWdmVersionAvailable
+    - RtlLengthSid
+    - wcschr
+    - RtlAbsoluteToSelfRelativeSD
+    - wcsncpy
+    - ExReleaseResourceLite
+    - ExAcquireResourceExclusiveLite
+    - ExAcquireResourceSharedLite
+    - ExReleaseFastMutexUnsafe
+    - KeLeaveCriticalRegion
+    - KeEnterCriticalRegion
+    - ExAcquireFastMutexUnsafe
+    - _purecall
+    - IoBuildAsynchronousFsdRequest
+    - KeGetCurrentThread
+    - KeRaiseIrqlToDpcLevel
+    - KfLowerIrql
+    - ExReleaseFastMutex
+    - ExAcquireFastMutex
+    - ClassInitialize
+    - ScsiPortReadPortBufferUshort
+    - ScsiPortReadPortUchar
+    - ScsiPortWritePortUchar
+    - ScsiPortStallExecution
+    - ScsiPortWritePortBufferUshort
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-09-30 00:00:00'
+            ValidTo: '2014-01-01 23:59:59'
+            Signature: aedd211d5f8f807ad25209eadb6ed25d8be8c21b6904be51a5010e59fa37d174a3eedced89742b62d5a6bf4fad361754f013e0a345d24c26cbe26da21fd01e7a070fb6b37b6f5068a2e931b3b7997d8070a0a7de0b1ea4fff34d811bdd20c91cc4afcff18ffad9da95f0ecdc5cbfe88c5a3e7ab0a3eb59437411e09b1a6af36f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4d6290e58c54f0f1eb17341a1310e6a4
+            Version: 3
+            TBS:
+                MD5: b7d8444a70054990435f35a5630df5e1
+                SHA1: 4678c6e4a8787a8e6ed2bce8792b122f6c08afd8
+                SHA256: 0a8b4b359ea7890b358e56e436e9cfc6f32b037b2599b597ca7f7a80d475ec98
+                SHA384: ab21ee23bcdcf6f6066fb964d61467419ca8c0f3ad0b3fa2be4db6ed6af1cdff066b27d1988551c75836f22eddffef1f
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=TW, ST=Taiwan, L=Taipei, O=Trend Micro, Inc., OU=Digital ID
+                Class 3 , Microsoft Software Validation v2, OU=RD, CN=Trend Micro,
+                Inc.
+            ValidFrom: '2011-01-31 00:00:00'
+            ValidTo: '2012-02-16 23:59:59'
+            Signature: 5ae5a2abcc8bbf832dd651a0cb396ee5af87305e67d20288d6d830699286ce0b1b3ec77c732d80564e6a482461bda52329dc301ec6286011fe60413c97f4207bf675a71460365e9d917b19d7b5e7c49ff035a5488f8fc703a61512b1588cb6fc8ceef0f6353d47c66a5edbef40e53197431ada77acef71cca7db0dbaa88d02355af0a62a7901e91bc8c59ad48b4ecfd67f137023601c308691ad14d6859c9d6b28c6a3e15314e55832cea94793436a5610bbe5f0901cedc6796c9ca53b5d55f79974cd6be7093bba119675614c1654139096e506c3fb92460d45879bdbc196bd833ae4dc31da6e14130df14a20c05615db7ea7e25aa0fe59801ec30a56501e56
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 24e3d70b86ed54d0b22c3450b960984e
+            Version: 3
+            TBS:
+                MD5: 8ddf6d6623a3f10024af513804bb606d
+                SHA1: 4daedaec405b6dfefce005517e230b2419ad08bc
+                SHA256: 54894db2dab64a4991b4deab1a3415d4ea0d9905711af3b67242a0568d799b95
+                SHA384: 86d5ea29e277816e49909c8dc8a7771ade2a556ded900951402c72b4b892570cd6bc43f790716c492c07579919c366be
+        Signer:
+        -   SerialNumber: 24e3d70b86ed54d0b22c3450b960984e
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 14f57f14bfadf8c2853ed049e6fe2971
+        SHA1: 318505d62e83e79bc68d918520aa260b537e69c8
+        SHA256: 426a0d423024b210c562a0b5b34161f67c5dbac0e8fd1ff5c7b273951f8efa37
+    Sections:
+        .text:
+            Entropy: 6.649557799549049
+            Virtual Size: '0x237db'
+        .rdata:
+            Entropy: 4.669618105240397
+            Virtual Size: '0x1a3c'
+        .data:
+            Entropy: 5.090706639524749
+            Virtual Size: '0x237c'
+        PAGE:
+            Entropy: 6.242163007320506
+            Virtual Size: '0x13dd'
+        .edata:
+            Entropy: 5.840991995219009
+            Virtual Size: '0x46c0'
+        INIT:
+            Entropy: 5.693019686156264
+            Virtual Size: '0x14b4'
+        .rsrc:
+            Entropy: 3.3612414595115774
+            Virtual Size: '0x4b0'
+        .reloc:
+            Entropy: 6.456848462956811
+            Virtual Size: '0x2378'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2011-07-27 20:25:40'
+    Imphash: 8ed3fbdefcc1982cd7decc40ace9d2e7
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: TmComm.sys
+    MD5: dd9596c18818288845423c68f3f39800
+    SHA1: fb1570b4865083dfce1fcff2bd72e9e1b03cead5
+    SHA256: 3fa6379951f08ed3cb87eeba9cf0c5f5e1d0317dcfcf003b810df9d795eeb73e
+    Authentihash:
+        MD5: ad490c2e1c6e3f31f1cd1073b03bb866
+        SHA1: a2c557dd6ee13783291800be7a6d28af2bc051a4
+        SHA256: 5b08743c8e1de8343ab0a0d453ca76487c6a438608c68c2b2921ea2c2a92821c
+    Description: TrendMicro Common Module
+    Company: Trend Micro Inc.
+    InternalName: TmComm.sys
+    OriginalFilename: TmComm.sys
+    FileVersion: 2.80.0.1077
+    Product: Trend Micro AEGIS
+    ProductVersion: '2.80'
+    Copyright: Copyright (C) 2005-2009 Trend Micro Incorporated. All rights reserved.
+    MachineType: I386
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    - CLASSPNP.SYS
+    ExportedFunctions:
+    - ??0CAutoUpdateConfigThread@@QAE@ABV0@@Z
+    - ??0CAutoUpdateConfigThread@@QAE@PAU_UNICODE_STRING@@P6GX0PAX@Z1@Z
+    - ??0CBlobConfig@@QAE@ABV0@@Z
+    - ??0CBlobConfig@@QAE@K@Z
+    - ??0CContext@@QAE@ABV0@@Z
+    - ??0CContext@@QAE@KP6GJPAU_EVENT_REPORT@@PAXPAU_TMCE_REPORT@@PAU_TMCE_FEEDBACK@@@Z1K@Z
+    - ??0CContextList@@QAE@ABV0@@Z
+    - ??0CContextList@@QAE@KPAVIMemoryAllocator@@@Z
+    - ??0CDebugLog@@QAE@ABV0@@Z
+    - ??0CDebugLog@@QAE@PBG@Z
+    - ??0CExclusionExtConfig@@QAE@ABV0@@Z
+    - ??0CExclusionExtConfig@@QAE@KKE@Z
+    - ??0CExclusionFileNameConfig@@QAE@ABV0@@Z
+    - ??0CExclusionFileNameConfig@@QAE@KK@Z
+    - ??0CExclusionFilePathConfig@@QAE@ABV0@@Z
+    - ??0CExclusionFilePathConfig@@QAE@KK@Z
+    - ??0CExclusionFolderConfig@@QAE@ABV0@@Z
+    - ??0CExclusionFolderConfig@@QAE@KK@Z
+    - ??0CExclusionRegistryConfig@@QAE@ABV0@@Z
+    - ??0CExclusionRegistryConfig@@QAE@KK@Z
+    - ??0CFile@@QAE@ABV0@@Z
+    - ??0CFile@@QAE@E@Z
+    - ??0CFileExtension@@QAE@ABV0@@Z
+    - ??0CFileExtension@@QAE@KEEPAVIMemoryAllocator@@@Z
+    - ??0CKEvent@@QAE@ABV0@@Z
+    - ??0CKEvent@@QAE@W4_EVENT_TYPE@@E@Z
+    - ??0CList@@QAE@ABV0@@Z
+    - ??0CList@@QAE@KPAVIMemoryAllocator@@@Z
+    - ??0CLockEvent@@QAE@ABV0@@Z
+    - ??0CLockEvent@@QAE@XZ
+    - ??0CLockList@@QAE@ABV0@@Z
+    - ??0CLockList@@QAE@KKPAVIMemoryAllocator@@@Z
+    - ??0CMemoryAllocator@@IAE@W4_POOL_TYPE@@K@Z
+    - ??0CMemoryAllocator@@QAE@ABV0@@Z
+    - ??0CMemoryPoolAllocator@@IAE@W4_POOL_TYPE@@KKK@Z
+    - ??0CMemoryPoolAllocator@@QAE@ABV0@@Z
+    - ??0CModuleConfig@@QAE@ABV0@@Z
+    - ??0CModuleConfig@@QAE@XZ
+    - ??0CModuleConfigList@@QAE@ABV0@@Z
+    - ??0CModuleConfigList@@QAE@KPAVIMemoryAllocator@@@Z
+    - ??0CModuleFileExtConfig@@QAE@ABV0@@Z
+    - ??0CModuleFileExtConfig@@QAE@KKE@Z
+    - ??0CModuleFlagConfig@@QAE@ABV0@@Z
+    - ??0CModuleFlagConfig@@QAE@K@Z
+    - ??0CModuleMultiStringConfig@@QAE@ABV0@@Z
+    - ??0CModuleMultiStringConfig@@QAE@KK@Z
+    - ??0CModuleStringConfig@@QAE@ABV0@@Z
+    - ??0CModuleStringConfig@@QAE@K@Z
+    - ??0CSmartLock@@QAE@AAVCLockEvent@@@Z
+    - ??0CSmartLock@@QAE@XZ
+    - ??0CSmartReference@@QAE@AAJ@Z
+    - ??0CSmartReference@@QAE@AAK@Z
+    - ??0CStrList@@QAE@ABV0@@Z
+    - ??0CStrList@@QAE@KPAVIMemoryAllocator@@@Z
+    - ??0CSystemThread@@QAE@ABV0@@Z
+    - ??0CSystemThread@@QAE@K@Z
+    - ??0CUserFuncAdapterJob@@QAE@ABV0@@Z
+    - ??0CUserFuncAdapterJob@@QAE@P6GXPAX@Z0@Z
+    - ??0CWorkerThread@@IAE@PAVCWorkerThreadJobQueue@@@Z
+    - ??0CWorkerThread@@QAE@ABV0@@Z
+    - ??0CWorkerThreadJob@@QAE@ABV0@@Z
+    - ??0CWorkerThreadJob@@QAE@E@Z
+    - ??0CWorkerThreadJobQueue@@QAE@ABV0@@Z
+    - ??0CWorkerThreadJobQueue@@QAE@K@Z
+    - ??0CWorkerThreadPool@@QAE@ABV0@@Z
+    - ??0CWorkerThreadPool@@QAE@K@Z
+    - ??0IMemoryAllocator@@QAE@ABV0@@Z
+    - ??0IMemoryAllocator@@QAE@XZ
+    - ??1CAutoUpdateConfigThread@@UAE@XZ
+    - ??1CBlobConfig@@UAE@XZ
+    - ??1CContext@@UAE@XZ
+    - ??1CContextList@@UAE@XZ
+    - ??1CDebugLog@@UAE@XZ
+    - ??1CExclusionExtConfig@@UAE@XZ
+    - ??1CExclusionFileNameConfig@@UAE@XZ
+    - ??1CExclusionFilePathConfig@@UAE@XZ
+    - ??1CExclusionFolderConfig@@UAE@XZ
+    - ??1CExclusionRegistryConfig@@UAE@XZ
+    - ??1CFile@@UAE@XZ
+    - ??1CFileExtension@@UAE@XZ
+    - ??1CKEvent@@UAE@XZ
+    - ??1CList@@UAE@XZ
+    - ??1CLockEvent@@UAE@XZ
+    - ??1CLockList@@UAE@XZ
+    - ??1CMemoryAllocator@@UAE@XZ
+    - ??1CMemoryPoolAllocator@@UAE@XZ
+    - ??1CModuleConfig@@UAE@XZ
+    - ??1CModuleConfigList@@UAE@XZ
+    - ??1CModuleFileExtConfig@@UAE@XZ
+    - ??1CModuleFlagConfig@@UAE@XZ
+    - ??1CModuleMultiStringConfig@@UAE@XZ
+    - ??1CModuleStringConfig@@UAE@XZ
+    - ??1CSmartLock@@QAE@XZ
+    - ??1CSmartReference@@QAE@XZ
+    - ??1CStrList@@UAE@XZ
+    - ??1CSystemThread@@UAE@XZ
+    - ??1CUserFuncAdapterJob@@UAE@XZ
+    - ??1CWorkerThread@@UAE@XZ
+    - ??1CWorkerThreadJob@@UAE@XZ
+    - ??1CWorkerThreadJobQueue@@UAE@XZ
+    - ??1CWorkerThreadPool@@UAE@XZ
+    - ??1IMemoryAllocator@@UAE@XZ
+    - ??2@YAPAXIPAVIMemoryAllocator@@PBDK@Z
+    - ??2CMemoryAllocator@@SGPAXI@Z
+    - ??2CMemoryPoolAllocator@@SGPAXI@Z
+    - ??3@YAXPAX@Z
+    - ??3IMemoryAllocator@@SGXPAX@Z
+    - ??4CAutoUpdateConfigThread@@QAEAAV0@ABV0@@Z
+    - ??4CBlobConfig@@QAEAAV0@ABV0@@Z
+    - ??4CContext@@QAEAAV0@ABV0@@Z
+    - ??4CDebugLog@@QAEAAV0@ABV0@@Z
+    - ??4CFile@@QAEAAV0@ABV0@@Z
+    - ??4CKEvent@@QAEAAV0@ABV0@@Z
+    - ??4CLockEvent@@QAEAAV0@ABV0@@Z
+    - ??4CMemoryAllocator@@QAEAAV0@ABV0@@Z
+    - ??4CMemoryPoolAllocator@@QAEAAV0@ABV0@@Z
+    - ??4CModuleConfig@@QAEAAV0@ABV0@@Z
+    - ??4CModuleFlagConfig@@QAEAAV0@ABV0@@Z
+    - ??4CModuleStringConfig@@QAEAAV0@ABV0@@Z
+    - ??4CSmartLock@@QAEAAV0@ABV0@@Z
+    - ??4CSmartLock@@QAEABV0@AAVCLockEvent@@@Z
+    - ??4CSystemThread@@QAEAAV0@ABV0@@Z
+    - ??4CUserFuncAdapterJob@@QAEAAV0@ABV0@@Z
+    - ??4CWorkerThread@@QAEAAV0@ABV0@@Z
+    - ??4CWorkerThreadJob@@QAEAAV0@ABV0@@Z
+    - ??4IMemoryAllocator@@QAEAAV0@ABV0@@Z
+    - ??_7CAutoUpdateConfigThread@@6B@
+    - ??_7CBlobConfig@@6B@
+    - ??_7CContext@@6B@
+    - ??_7CContextList@@6B@
+    - ??_7CDebugLog@@6B@
+    - ??_7CExclusionExtConfig@@6B@
+    - ??_7CExclusionFileNameConfig@@6B@
+    - ??_7CExclusionFilePathConfig@@6B@
+    - ??_7CExclusionFolderConfig@@6B@
+    - ??_7CExclusionRegistryConfig@@6B@
+    - ??_7CFile@@6B@
+    - ??_7CFileExtension@@6B@
+    - ??_7CKEvent@@6B@
+    - ??_7CList@@6B@
+    - ??_7CLockEvent@@6B@
+    - ??_7CLockList@@6B@
+    - ??_7CMemoryAllocator@@6B@
+    - ??_7CMemoryPoolAllocator@@6B@
+    - ??_7CModuleConfig@@6B@
+    - ??_7CModuleConfigList@@6B@
+    - ??_7CModuleFileExtConfig@@6B@
+    - ??_7CModuleFlagConfig@@6B@
+    - ??_7CModuleMultiStringConfig@@6B@
+    - ??_7CModuleStringConfig@@6B@
+    - ??_7CStrList@@6B@
+    - ??_7CSystemThread@@6B@
+    - ??_7CUserFuncAdapterJob@@6B@
+    - ??_7CWorkerThread@@6B@
+    - ??_7CWorkerThreadJob@@6B@
+    - ??_7CWorkerThreadJobQueue@@6B@
+    - ??_7CWorkerThreadPool@@6B@
+    - ??_7IMemoryAllocator@@6B@
+    - ??_FCContextList@@QAEXXZ
+    - ??_FCFile@@QAEXXZ
+    - ??_FCFileExtension@@QAEXXZ
+    - ??_FCModuleConfigList@@QAEXXZ
+    - ??_FCStrList@@QAEXXZ
+    - ??_FCSystemThread@@QAEXXZ
+    - ??_FCWorkerThread@@QAEXXZ
+    - ??_FCWorkerThreadJob@@QAEXXZ
+    - ??_FCWorkerThreadJobQueue@@QAEXXZ
+    - ??_U@YAPAXIPAVIMemoryAllocator@@PBDK@Z
+    - ??_V@YAXPAX@Z
+    - ?Acquire@CLockEvent@@QAEXXZ
+    - ?Add@CContextList@@QAEEPAVCContext@@@Z
+    - ?Add@CFileExtension@@QAEEPBGK@Z
+    - ?Add@CModuleConfigList@@QAEEPAVCModuleConfig@@@Z
+    - ?Add@CStrList@@QAEEPBG@Z
+    - ?AddNode@CLockList@@UAEEQAXE@Z
+    - ?Alloc@CMemoryAllocator@@UAEPAXKPBDK@Z
+    - ?Alloc@CMemoryPoolAllocator@@UAEPAXKPBDK@Z
+    - ?AllocBlock@CMemoryPoolAllocator@@IAEPAXK@Z
+    - ?AttachJobQueue@CWorkerThread@@QAEXPAVCWorkerThreadJobQueue@@@Z
+    - ?Cancel@CWorkerThreadJob@@QAEXXZ
+    - ?CheckNode@CLockList@@UAEHQAX@Z
+    - ?CleanQueue@CWorkerThreadJobQueue@@QAEXXZ
+    - ?Cleanup@CBlobConfig@@AAEXXZ
+    - ?Cleanup@CModuleFileExtConfig@@IAEXXZ
+    - ?Cleanup@CModuleMultiStringConfig@@IAEXXZ
+    - ?Cleanup@CModuleStringConfig@@AAEXXZ
+    - ?Close@CFile@@QAEJXZ
+    - ?Count@CLockList@@QAEKXZ
+    - ?Create@CFile@@QAEJPBGKKKK@Z
+    - ?Create@CSystemThread@@QAEEXZ
+    - ?CreateInstance@CMemoryAllocator@@SGPAV1@W4_POOL_TYPE@@K@Z
+    - ?CreateInstance@CMemoryPoolAllocator@@SGPAV1@W4_POOL_TYPE@@KKK@Z
+    - ?CreatePool@CWorkerThreadPool@@QAEEXZ
+    - ?CreateThreads@CWorkerThreadPool@@QAEEK@Z
+    - ?CreateWIRP@CFile@@QAEJPBGKKKK@Z
+    - ?Delete@CFile@@QAEJXZ
+    - ?Delete@CFileExtension@@QAEEPBGK@Z
+    - ?Delete@CStrList@@QAEEPBG@Z
+    - ?DeleteAll@CList@@UAEXXZ
+    - ?DeleteAll@CLockList@@UAEXXZ
+    - ?DeleteNode@CContextList@@MAEXPAX@Z
+    - ?DeleteNode@CList@@UAEXPAX@Z
+    - ?DeleteNode@CModuleConfigList@@MAEXPAX@Z
+    - ?DeleteNode@CStrList@@EAEXPAU_STR_LIST_NODE@1@@Z
+    - ?DisableWriteProtectFromCR0@@YGXPAPAX@Z
+    - ?DoIt@CWorkerThreadJob@@QAEJXZ
+    - ?EntryPoint@CSystemThread@@KGXPAX@Z
+    - ?Find@CContextList@@QAEPAVCContext@@K@Z
+    - ?Find@CContextList@@QAEPAVCContext@@PAX@Z
+    - ?Find@CFileExtension@@QAEPAU_STR_LIST_NODE@CStrList@@PBGK@Z
+    - ?Find@CModuleConfigList@@QAEPAVCModuleConfig@@K@Z
+    - ?Find@CStrList@@QAEPAU_STR_LIST_NODE@1@PBG@Z
+    - ?FindNode@CContextList@@IAEPAXPAX@Z
+    - ?FindPartiallyAndAllMatch@CStrList@@QAEPAU_STR_LIST_NODE@1@PBG@Z
+    - ?First@CList@@UAEPAXXZ
+    - ?First@CLockList@@UAEPAXXZ
+    - ?Free@CMemoryAllocator@@UAEXPAX@Z
+    - ?Free@CMemoryPoolAllocator@@UAEXPAX@Z
+    - ?GetAttributes@CFile@@QAEKXZ
+    - ?GetBasicInfomration@CFile@@IAEJXZ
+    - ?GetBlobCofig@CContext@@UAEJKPAXPAK@Z
+    - ?GetCategory@CContext@@QAEKXZ
+    - ?GetData@CBlobConfig@@QAEHPAXPAK@Z
+    - ?GetData@CModuleFileExtConfig@@QAEHPAGPAK@Z
+    - ?GetData@CModuleFileExtConfig@@QAEPAVCFileExtension@@XZ
+    - ?GetData@CModuleFlagConfig@@QAEKXZ
+    - ?GetData@CModuleMultiStringConfig@@QAEHPAGPAK@Z
+    - ?GetData@CModuleMultiStringConfig@@QAEPAVCStrList@@XZ
+    - ?GetData@CModuleStringConfig@@QAEPAGXZ
+    - ?GetData@CStrList@@QAEEPAGPAK@Z
+    - ?GetDataType@CModuleConfig@@QAEKXZ
+    - ?GetEngineContext@CContext@@QAEPAXXZ
+    - ?GetFBCallBackRoutine@CContext@@QAEKXZ
+    - ?GetFileExtensionConfig@CContext@@QAEPAVCFileExtension@@K@Z
+    - ?GetFileExtensionConfig@CContext@@UAEJKPAGPAK@Z
+    - ?GetFileSize@CFile@@QAEJPAT_LARGE_INTEGER@@@Z
+    - ?GetFlagConfig@CContext@@UAEJKPAK@Z
+    - ?GetID@CModuleConfig@@QAEKXZ
+    - ?GetJob@CWorkerThreadJobQueue@@QAEPAVCWorkerThreadJob@@XZ
+    - ?GetLength@CModuleStringConfig@@QAEKXZ
+    - ?GetLinkContext@CContext@@QAEPAXXZ
+    - ?GetLogFlag@CDebugLog@@QAEKXZ
+    - ?GetModuleId@CModuleConfig@@QAEKXZ
+    - ?GetMultiStringConfig@CContext@@QAEPAVCStrList@@K@Z
+    - ?GetMultiStringConfig@CContext@@UAEJKPAGPAK@Z
+    - ?GetOneThreadTEB@CWorkerThreadPool@@QAEPAU_ETHREAD@@XZ
+    - ?GetReportCallBackRoutine@CContext@@QAEKXZ
+    - ?GetSize@CBlobConfig@@QAEKXZ
+    - ?GetStringConfig@CContext@@QAEPAGK@Z
+    - ?GetStringConfig@CContext@@UAEJKPAGPAK@Z
+    - ?GetThreadCount@CWorkerThreadPool@@QAEKXZ
+    - ?GetThreadID@CSystemThread@@QAEKXZ
+    - ?GetType@CContext@@QAEKXZ
+    - ?GetUserParameter@CContext@@QAEKXZ
+    - ?InitializeBlobConfig@CContext@@QAEHKPAXK@Z
+    - ?InitializeFileExtensionConfig@CContext@@QAEHKPBG@Z
+    - ?InitializeFlagConfig@CContext@@QAEHKK@Z
+    - ?InitializeMultiStringConfig@CContext@@QAEHKPBG@Z
+    - ?InitializeStringConfig@CContext@@QAEHKPBG@Z
+    - ?Insert@CList@@UAEXQAXE@Z
+    - ?Insert@CLockList@@UAEXQAXE@Z
+    - ?InsertAfter@CList@@UAEXPAX0@Z
+    - ?InsertBefore@CList@@UAEXPAX0@Z
+    - ?Instance@CWorkerThreadPool@@SGPAV1@XZ
+    - ?IsEmpty@CList@@UAEEXZ
+    - ?IsEmpty@CLockList@@UAEEXZ
+    - ?IsExceedLimitation@CMemoryPoolAllocator@@IAEEK@Z
+    - ?IsFull@CLockList@@QBEEXZ
+    - ?IsInExclusionList@CExclusionExtConfig@@QAEEPBG@Z
+    - ?IsInExclusionList@CExclusionFileNameConfig@@QAEEPBG@Z
+    - ?IsInExclusionList@CExclusionFilePathConfig@@QAEEPBG@Z
+    - ?IsInExclusionList@CExclusionFolderConfig@@QAEEPBG@Z
+    - ?IsInExclusionList@CExclusionRegistryConfig@@QAEEPBG@Z
+    - ?IsOpened@CFile@@QAEEXZ
+    - ?IsTerminated@CWorkerThreadPool@@QAEEXZ
+    - ?IsValid@CMemoryAllocator@@UAEEXZ
+    - ?IsValid@CMemoryPoolAllocator@@UAEEXZ
+    - ?IsValid@IMemoryAllocator@@UAEEXZ
+    - ?IsWorkerThread@CWorkerThreadPool@@QAEEK@Z
+    - ?JobFunction@CUserFuncAdapterJob@@MAEXXZ
+    - ?JobQueue@CWorkerThreadPool@@QAEAAVCWorkerThreadJobQueue@@XZ
+    - ?Limit@CLockList@@QAEKXZ
+    - ?MatchAllExtensions@CFileExtension@@QAEEXZ
+    - ?MatchNoExtensions@CFileExtension@@QAEEXZ
+    - ?MergeLeft@CMemoryPoolAllocator@@IAEPAXPAX@Z
+    - ?MergeRight@CMemoryPoolAllocator@@IAEPAXPAX@Z
+    - ?NeedDelete@CWorkerThreadJob@@QAEEXZ
+    - ?NeedDeleteWhenFinish@CWorkerThreadJob@@QAEXE@Z
+    - ?NewNode@CList@@UAEPAXXZ
+    - ?NewNode@CStrList@@EAEPAXXZ
+    - ?NewNodeVariant@CList@@IAEPAXK@Z
+    - ?Next@CList@@UBEPAXQAX@Z
+    - ?Next@CLockList@@UBEPAXQAX@Z
+    - ?NextPool@CMemoryPoolAllocator@@QAEPAV1@XZ
+    - ?NotityTerminate@CWorkerThread@@QAEXXZ
+    - ?PostJobToWorkerThread@CWorkerThreadPool@@QAEJP6GXPAX@Z0E@Z
+    - ?Pulse@CKEvent@@QAEJJE@Z
+    - ?QueueJob@CWorkerThreadJobQueue@@QAEEPAVCWorkerThreadJob@@@Z
+    - ?QueueJobItem@CWorkerThreadPool@@QAEJPAVCWorkerThreadJob@@@Z
+    - ?RCMInstance@CWorkerThreadPool@@SGPAV1@XZ
+    - ?Read@CFile@@QAEJPADKPAK@Z
+    - ?ReferenceCount@CContext@@QAEAAKXZ
+    - ?Release@CLockEvent@@QAEXXZ
+    - ?Remove@CContextList@@UAEEQAX@Z
+    - ?Remove@CList@@UAEEQAX@Z
+    - ?Remove@CLockList@@UAEEQAX@Z
+    - ?RemoveHead@CList@@UAEPAXXZ
+    - ?RemoveHead@CLockList@@UAEPAXXZ
+    - ?RemoveTail@CList@@UAEPAXXZ
+    - ?RemoveTail@CLockList@@UAEPAXXZ
+    - ?Reset@CKEvent@@QAEXXZ
+    - ?RestoreCR0@@YGXPAX@Z
+    - ?Run@CAutoUpdateConfigThread@@UAEXXZ
+    - ?Run@CWorkerThread@@UAEXXZ
+    - ?SeekToEnd@CFile@@QAEJXZ
+    - ?Set@CKEvent@@QAEJJE@Z
+    - ?SetAttributes@CFile@@QAEJK@Z
+    - ?SetBlobCofig@CContext@@UAEJKPAXK@Z
+    - ?SetData@CBlobConfig@@QAEHPAXK@Z
+    - ?SetData@CModuleFileExtConfig@@QAEHPBG@Z
+    - ?SetData@CModuleFlagConfig@@QAEHK@Z
+    - ?SetData@CModuleMultiStringConfig@@QAEHPBG@Z
+    - ?SetData@CModuleStringConfig@@QAEHPBG@Z
+    - ?SetEngineContext@CContext@@QAEXPAX@Z
+    - ?SetFileExtensionConfig@CContext@@UAEJKPBG@Z
+    - ?SetFlagConfig@CContext@@UAEJKK@Z
+    - ?SetLinkContext@CContext@@QAEXPAX@Z
+    - ?SetLogFlag@CDebugLog@@QAEEK@Z
+    - ?SetMatchAllExtensions@CFileExtension@@QAEXE@Z
+    - ?SetMatchNoExtensions@CFileExtension@@QAEXE@Z
+    - ?SetMultiStringConfig@CContext@@UAEJKPBG@Z
+    - ?SetNewJobItemEvent@CWorkerThreadJobQueue@@QAEXXZ
+    - ?SetPriority@CSystemThread@@QAEXK@Z
+    - ?SetStopUse@CContext@@QAEXXZ
+    - ?SetStringConfig@CContext@@UAEJKPBG@Z
+    - ?Setup@CSystemThread@@MAEXXZ
+    - ?StopUse@CContext@@QAEHXZ
+    - ?TearDown@CSystemThread@@MAEXXZ
+    - ?Terminate@CSystemThread@@QAEXE@Z
+    - ?Terminate@CWorkerThreadPool@@QAEEXZ
+    - ?TmExceptionFilter@@YGJPAU_EXCEPTION_POINTERS@@@Z
+    - ?Wait@CKEvent@@QAEJPAT_LARGE_INTEGER@@E@Z
+    - ?WaitFinish@CWorkerThreadJob@@QAEXXZ
+    - ?WaitNewJobAvailable@CWorkerThreadJobQueue@@QAEEXZ
+    - ?Write@CDebugLog@@QAAXPBDZZ
+    - ?Write@CFile@@QAEJPADKPAT_LARGE_INTEGER@@PAK@Z
+    - ?WriteSystemInformation@CDebugLog@@QAEXXZ
+    - ?WriteSystemStringInformation@CDebugLog@@IAEXPBG@Z
+    - ?WriteToFile@CDebugLog@@IAEXPADK@Z
+    - ?_pNonPagedAllocator@@3PAVCMemoryAllocator@@A
+    - ?_pPagedAllocator@@3PAVCMemoryAllocator@@A
+    - ?m_lpInstance@CWorkerThreadPool@@1PAV1@A
+    - ?m_lpRCMInstance@CWorkerThreadPool@@1PAV1@A
+    - _DeInitKmLPC@0
+    - _GetModuleInfoByAddress@8
+    - _GetModuleInfoByModuleName@8
+    - _InitKmLPC@0
+    - _KmCallUm@8
+    - _ModGetExportProcAddress@8
+    - _ModLoadDLLToBuffer@4
+    - _ModLoadModule@8
+    - _ModUnLoadModule@4
+    - _NormalizeFileName@4
+    - _NormalizeFullNtPathToDosName@4
+    - _TmCommConfigRoutine@4
+    - _UtilCleanFileReadOnly@4
+    - _UtilDeleteFileForce@4
+    - _UtilGetFileObjectForProcessByEPROC@8
+    - _UtilGetFileObjectFromFileName@12
+    - _UtilGetProcessName@12
+    - _UtilGetSystemTime@4
+    - _UtilIoSetFileInfo@24
+    - _UtilIopCreateFileIRP@40
+    - _UtilKeGetLowFileDevice@16
+    - _UtilModuleIATHook@24
+    - _UtilModuleIATUnHook@8
+    - _UtilQueryKeyValue@24
+    - _UtilVolumeDeviceToDosName@8
+    - _UtilWaitValueChangeToZero@8
+    - _UtilWriteVersionToRegistry@8
+    - _UtilbuildDynamicDiskMappingTable@0
+    - __UtilDosPathNameToNtPathName@12
+    ImportedFunctions:
+    - ExReleaseFastMutexUnsafe
+    - wcsncpy
+    - memcpy
+    - wcsrchr
+    - KeSetEvent
+    - KePulseEvent
+    - KeClearEvent
+    - KeInitializeSemaphore
+    - KeWaitForSingleObject
+    - DbgPrint
+    - KeReleaseSemaphore
+    - RtlSubAuthoritySid
+    - RtlInitializeSid
+    - ExAllocatePoolWithTag
+    - RtlLengthRequiredSid
+    - ExFreePoolWithTag
+    - RtlSetDaclSecurityDescriptor
+    - RtlCreateSecurityDescriptor
+    - RtlAddAccessAllowedAce
+    - RtlCreateAcl
+    - ObfDereferenceObject
+    - ZwSetEvent
+    - ZwClose
+    - KeUnstackDetachProcess
+    - ZwRequestWaitReplyPort
+    - memmove
+    - KeStackAttachProcess
+    - ZwConnectPort
+    - RtlInitUnicodeString
+    - ZwCreateSection
+    - ZwWaitForSingleObject
+    - ZwOpenEvent
+    - ObfReferenceObject
+    - IoGetCurrentProcess
+    - memset
+    - MmIsAddressValid
+    - ZwWriteFile
+    - ZwReadFile
+    - ZwQueryInformationFile
+    - ZwSetInformationFile
+    - ZwCreateFile
+    - swprintf
+    - towupper
+    - _wcsnicmp
+    - KeInitializeEvent
+    - _snprintf
+    - PsGetCurrentProcessId
+    - RtlTimeToTimeFields
+    - ExSystemTimeToLocalTime
+    - KeQuerySystemTime
+    - ZwCreateKey
+    - ZwCreateEvent
+    - KeWaitForMultipleObjects
+    - ObReferenceObjectByHandle
+    - ZwNotifyChangeKey
+    - PsGetCurrentThreadId
+    - _vsnprintf
+    - KeSetPriorityThread
+    - PsTerminateSystemThread
+    - PsCreateSystemThread
+    - KeNumberProcessors
+    - ZwQuerySystemInformation
+    - ZwQueryDirectoryFile
+    - ZwOpenDirectoryObject
+    - ZwQueryDirectoryObject
+    - ZwDuplicateObject
+    - ZwOpenKey
+    - ZwEnumerateKey
+    - ZwEnumerateValueKey
+    - ZwQueryValueKey
+    - ZwDeleteValueKey
+    - ZwDeleteKey
+    - ExGetPreviousMode
+    - ZwTerminateProcess
+    - ObOpenObjectByPointer
+    - PsProcessType
+    - KeLeaveCriticalRegion
+    - ZwQueryKey
+    - ZwSetValueKey
+    - MmHighestUserAddress
+    - IoFreeIrp
+    - IoFreeMdl
+    - MmUnlockPages
+    - _purecall
+    - ProbeForWrite
+    - _strnicmp
+    - RtlQueryRegistryValues
+    - RtlAppendUnicodeToString
+    - KeDelayExecutionThread
+    - mbstowcs
+    - ZwQuerySymbolicLinkObject
+    - ZwOpenSymbolicLinkObject
+    - NtClose
+    - ZwSetInformationObject
+    - _stricmp
+    - ZwUnmapViewOfSection
+    - ZwMapViewOfSection
+    - ZwOpenFile
+    - RtlEqualUnicodeString
+    - IoFileObjectType
+    - IoCreateFile
+    - IofCallDriver
+    - IoAllocateIrp
+    - PsGetVersion
+    - MmGetSystemRoutineAddress
+    - RtlCompareMemory
+    - RtlCopyUnicodeString
+    - RtlImageNtHeader
+    - PsLookupProcessByProcessId
+    - RtlFreeUnicodeString
+    - RtlAnsiStringToUnicodeString
+    - RtlInitAnsiString
+    - strrchr
+    - KeBugCheckEx
+    - RtlAppendUnicodeStringToString
+    - IofCompleteRequest
+    - ExEventObjectType
+    - _allmul
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - IoCreateSymbolicLink
+    - ProbeForRead
+    - IoGetDeviceObjectPointer
+    - MmBuildMdlForNonPagedPool
+    - IoAllocateMdl
+    - RtlUpperChar
+    - RtlCompareUnicodeString
+    - strncpy
+    - KeServiceDescriptorTable
+    - NtOpenProcess
+    - ObReferenceObjectByPointer
+    - MmSectionObjectType
+    - ObQueryNameString
+    - ObOpenObjectByName
+    - IoDriverObjectType
+    - NtQueryInformationProcess
+    - _snwprintf
+    - ZwAllocateVirtualMemory
+    - ZwFreeVirtualMemory
+    - KeAddSystemServiceTable
+    - ZwQueryObject
+    - ZwQuerySecurityObject
+    - ObInsertObject
+    - _allrem
+    - IoBuildDeviceIoControlRequest
+    - IoReleaseVpbSpinLock
+    - IoAcquireVpbSpinLock
+    - SeCreateAccessState
+    - IoGetFileObjectGenericMapping
+    - ObCreateObject
+    - _allshr
+    - KeTickCount
+    - RtlUnwind
+    - KeEnterCriticalRegion
+    - ZwOpenProcess
+    - ExAcquireFastMutexUnsafe
+    - ZwSetSecurityObject
+    - IoDeviceObjectType
+    - IoCreateDevice
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetSaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - RtlLengthSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - SeExports
+    - IoIsWdmVersionAvailable
+    - RtlLengthSid
+    - wcschr
+    - RtlAbsoluteToSelfRelativeSD
+    - IoBuildAsynchronousFsdRequest
+    - KeGetCurrentThread
+    - KfLowerIrql
+    - KeRaiseIrqlToDpcLevel
+    - ClassInitialize
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=TW, ST=Taiwan, L=Taipei, O=Trend Micro, Inc., OU=Digital ID
+                Class 3 , Microsoft Software Validation v2, OU=RD, CN=Trend Micro,
+                Inc.
+            ValidFrom: '2008-01-16 00:00:00'
+            ValidTo: '2011-02-16 23:59:59'
+            Signature: 5a693868cea6ba49064b801a0d9e12887a37cbb92cca2950cc5e99c2df9aec5697422e67cd042836daf09a09e739f625255841fed1ec9657cb8b3edc08c55c302574cbdb3f7de2798ed769d766402619b48041f9d90f8c904488788412b1c632055e1afc4a5bbac642cb626bd20fece0feaa6cf9b287887788cf64586309a14a644b5f0595c0ddcb7d789831faedb48451e40e342da4ccbc38a5e992e57e7ce5328d531a8c68e61f9dc9be65605c1bedf3358579000b91a19b3be388bac36b58ca76b72358bd8e74e0a7b08b0587bb7a29758c01af40b80e8e72c76abd3a2babfe7c1ed6e7b1cd9b0221a605062b6d9d0ceb57e0eb305fdc5eb5bf6ea442f4c9
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 645212f783f4d7aba3555729e99ce065
+            Version: 3
+            TBS:
+                MD5: e00f0a38c65f7c0b9f19b97448d6a0e3
+                SHA1: 91c033a2f289418c4101654dceacef1b25bb55d0
+                SHA256: 38b3fcbdb734b0e3439f3c9a3c4c1712091f577d2b616d41224137faf7ba7c86
+                SHA384: d3a0e6ebbe1b8a4847fa56fa62a48d76fc223870a66d30de9ce77fe5ff4ac0eeb84644ab4b67a7c4638ce79dec03a62d
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 645212f783f4d7aba3555729e99ce065
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 76921aba04baecd2d45f9dfe4dcc990b
+        SHA1: 67b5d031a35a5f2585df570a51ec645d2afa7d42
+        SHA256: 6bea33a3d3886f3e61db7639abe45fc5e80ab3d1ee18b40248b0816c17f32433
+    Sections:
+        .text:
+            Entropy: 6.638788655632177
+            Virtual Size: '0x1af23'
+        .rdata:
+            Entropy: 4.634666729330959
+            Virtual Size: '0x144c'
+        .data:
+            Entropy: 3.9446075307325157
+            Virtual Size: '0x16bc'
+        PAGE:
+            Entropy: 6.243598029174851
+            Virtual Size: '0x13dd'
+        .edata:
+            Entropy: 5.749935609745734
+            Virtual Size: '0x41dd'
+        INIT:
+            Entropy: 5.631772594207243
+            Virtual Size: '0x118c'
+        .rsrc:
+            Entropy: 3.4004517599515784
+            Virtual Size: '0x4b0'
+        .reloc:
+            Entropy: 6.410366991109568
+            Virtual Size: '0x1b90'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2009-11-01 22:13:22'
+    Imphash: 6903b92e7760c5d7f7c181b64eb13176
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: TmComm.sys
+    MD5: 3e796eb95aca7e620d6a0c2118d6871b
+    SHA1: dc6e62dbde5869a6adc92253fff6326b6af5c8d4
+    SHA256: 478d855b648ef4501d3b08b3b10e94076ac67546b0ce86b454324f1bf9a78aa0
+    Authentihash:
+        MD5: 3d01509bec77747dea890e23147245ca
+        SHA1: 3dab396397670007e1d04f9497a7d4d6244d0cb7
+        SHA256: c032e2abdf4f07ba42ce4559e6413387becbebb0a43c287b6d367dbb33bde751
+    Description: TrendMicro Common Module
+    Company: Trend Micro Inc.
+    InternalName: TmComm.sys
+    OriginalFilename: TmComm.sys
+    FileVersion: 6.60.0.1082
+    Product: Trend Micro Eyes
+    ProductVersion: '6.60'
+    Copyright: Copyright  (C)  2019 Trend Micro Incorporated. All rights reserved.
+    MachineType: I386
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    - CLASSPNP.SYS
+    ExportedFunctions:
+    - ??0CAutoUpdateConfigThread@@QAE@ABV0@@Z
+    - ??0CAutoUpdateConfigThread@@QAE@PAU_UNICODE_STRING@@P6GX0PAX@Z1@Z
+    - ??0CBlobConfig@@QAE@ABV0@@Z
+    - ??0CBlobConfig@@QAE@K@Z
+    - ??0CContext@@QAE@ABV0@@Z
+    - ??0CContext@@QAE@KP6GJPAU_EVENT_REPORT@@PAXPAU_TMCE_REPORT@@PAU_TMCE_FEEDBACK@@@Z1K@Z
+    - ??0CContextList@@QAE@ABV0@@Z
+    - ??0CContextList@@QAE@KPAVIMemoryAllocator@@@Z
+    - ??0CDebugLog@@QAE@ABV0@@Z
+    - ??0CDebugLog@@QAE@PBG@Z
+    - ??0CDebugLogEx@@QAE@ABV0@@Z
+    - ??0CDebugLogEx@@QAE@K@Z
+    - ??0CDelayLoadThread@@QAE@ABV0@@Z
+    - ??0CDelayLoadThread@@QAE@XZ
+    - ??0CExclusionExtConfig@@QAE@ABV0@@Z
+    - ??0CExclusionExtConfig@@QAE@KKE@Z
+    - ??0CExclusionFileNameConfig@@QAE@ABV0@@Z
+    - ??0CExclusionFileNameConfig@@QAE@KK@Z
+    - ??0CExclusionFilePathConfig@@QAE@ABV0@@Z
+    - ??0CExclusionFilePathConfig@@QAE@KK@Z
+    - ??0CExclusionFolderConfig@@QAE@ABV0@@Z
+    - ??0CExclusionFolderConfig@@QAE@KK@Z
+    - ??0CExclusionRegistryConfig@@QAE@ABV0@@Z
+    - ??0CExclusionRegistryConfig@@QAE@KK@Z
+    - ??0CFile@@QAE@ABV0@@Z
+    - ??0CFile@@QAE@E@Z
+    - ??0CFileExtension@@QAE@ABV0@@Z
+    - ??0CFileExtension@@QAE@KEEPAVIMemoryAllocator@@@Z
+    - ??0CInclusionExtConfig@@QAE@ABV0@@Z
+    - ??0CInclusionExtConfig@@QAE@KKE@Z
+    - ??0CInclusionFileNameConfig@@QAE@ABV0@@Z
+    - ??0CInclusionFileNameConfig@@QAE@KK@Z
+    - ??0CInclusionFilePathConfig@@QAE@ABV0@@Z
+    - ??0CInclusionFilePathConfig@@QAE@KK@Z
+    - ??0CInclusionFolderConfig@@QAE@ABV0@@Z
+    - ??0CInclusionFolderConfig@@QAE@KK@Z
+    - ??0CKEvent@@QAE@ABV0@@Z
+    - ??0CKEvent@@QAE@W4_EVENT_TYPE@@E@Z
+    - ??0CList@@QAE@ABV0@@Z
+    - ??0CList@@QAE@KPAVIMemoryAllocator@@@Z
+    - ??0CLockEvent@@QAE@ABV0@@Z
+    - ??0CLockEvent@@QAE@XZ
+    - ??0CLockList@@QAE@ABV0@@Z
+    - ??0CLockList@@QAE@KKPAVIMemoryAllocator@@@Z
+    - ??0CMemoryAllocator@@IAE@W4_POOL_TYPE@@K@Z
+    - ??0CMemoryAllocator@@QAE@ABV0@@Z
+    - ??0CMemoryPoolAllocator@@IAE@W4_POOL_TYPE@@KKK@Z
+    - ??0CMemoryPoolAllocator@@QAE@ABV0@@Z
+    - ??0CModuleConfig@@QAE@ABV0@@Z
+    - ??0CModuleConfig@@QAE@XZ
+    - ??0CModuleConfigList@@QAE@ABV0@@Z
+    - ??0CModuleConfigList@@QAE@KPAVIMemoryAllocator@@@Z
+    - ??0CModuleFileExtConfig@@QAE@ABV0@@Z
+    - ??0CModuleFileExtConfig@@QAE@KKE@Z
+    - ??0CModuleFlagConfig@@QAE@ABV0@@Z
+    - ??0CModuleFlagConfig@@QAE@K@Z
+    - ??0CModuleMultiStringConfig@@QAE@ABV0@@Z
+    - ??0CModuleMultiStringConfig@@QAE@KK@Z
+    - ??0CModuleStringConfig@@QAE@ABV0@@Z
+    - ??0CModuleStringConfig@@QAE@K@Z
+    - ??0CNoLockList@@QAE@ABV0@@Z
+    - ??0CNoLockList@@QAE@KKPAVIMemoryAllocator@@@Z
+    - ??0CSmartLock@@QAE@AAVCLockEvent@@@Z
+    - ??0CSmartLock@@QAE@XZ
+    - ??0CSmartReference@@QAE@AAJ@Z
+    - ??0CSmartReference@@QAE@AAK@Z
+    - ??0CSmartResource@@QAE@AAVCResource@@E@Z
+    - ??0CStrList@@QAE@ABV0@@Z
+    - ??0CStrList@@QAE@KPAVIMemoryAllocator@@@Z
+    - ??0CSystemThread@@QAE@ABV0@@Z
+    - ??0CSystemThread@@QAE@K@Z
+    - ??0CUserFuncAdapterJob@@QAE@ABV0@@Z
+    - ??0CUserFuncAdapterJob@@QAE@P6GXPAX@Z01@Z
+    - ??0CWorkerThread@@IAE@PAVCWorkerThreadJobQueue@@@Z
+    - ??0CWorkerThread@@QAE@ABV0@@Z
+    - ??0CWorkerThreadJob@@QAE@ABV0@@Z
+    - ??0CWorkerThreadJob@@QAE@E@Z
+    - ??0CWorkerThreadJobQueue@@QAE@ABV0@@Z
+    - ??0CWorkerThreadJobQueue@@QAE@K@Z
+    - ??0CWorkerThreadPool@@QAE@ABV0@@Z
+    - ??0CWorkerThreadPool@@QAE@K@Z
+    - ??0CWorkerThreadPoolEx@@QAE@ABV0@@Z
+    - ??0CWorkerThreadPoolEx@@QAE@KK@Z
+    - ??0IMemoryAllocator@@QAE@ABV0@@Z
+    - ??0IMemoryAllocator@@QAE@XZ
+    - ??1CAutoUpdateConfigThread@@UAE@XZ
+    - ??1CBlobConfig@@UAE@XZ
+    - ??1CContext@@UAE@XZ
+    - ??1CContextList@@UAE@XZ
+    - ??1CDebugLog@@UAE@XZ
+    - ??1CDebugLogEx@@UAE@XZ
+    - ??1CDelayLoadThread@@UAE@XZ
+    - ??1CExclusionExtConfig@@UAE@XZ
+    - ??1CExclusionFileNameConfig@@UAE@XZ
+    - ??1CExclusionFilePathConfig@@UAE@XZ
+    - ??1CExclusionFolderConfig@@UAE@XZ
+    - ??1CExclusionRegistryConfig@@UAE@XZ
+    - ??1CFile@@UAE@XZ
+    - ??1CFileExtension@@UAE@XZ
+    - ??1CInclusionExtConfig@@UAE@XZ
+    - ??1CInclusionFileNameConfig@@UAE@XZ
+    - ??1CInclusionFilePathConfig@@UAE@XZ
+    - ??1CInclusionFolderConfig@@UAE@XZ
+    - ??1CKEvent@@UAE@XZ
+    - ??1CList@@UAE@XZ
+    - ??1CLockEvent@@UAE@XZ
+    - ??1CLockList@@UAE@XZ
+    - ??1CMemoryAllocator@@UAE@XZ
+    - ??1CMemoryPoolAllocator@@UAE@XZ
+    - ??1CModuleConfig@@UAE@XZ
+    - ??1CModuleConfigList@@UAE@XZ
+    - ??1CModuleFileExtConfig@@UAE@XZ
+    - ??1CModuleFlagConfig@@UAE@XZ
+    - ??1CModuleMultiStringConfig@@UAE@XZ
+    - ??1CModuleStringConfig@@UAE@XZ
+    - ??1CNoLockList@@UAE@XZ
+    - ??1CSmartLock@@QAE@XZ
+    - ??1CSmartReference@@QAE@XZ
+    - ??1CSmartResource@@QAE@XZ
+    - ??1CStrList@@UAE@XZ
+    - ??1CSystemThread@@UAE@XZ
+    - ??1CUserFuncAdapterJob@@UAE@XZ
+    - ??1CWorkerThread@@UAE@XZ
+    - ??1CWorkerThreadJob@@UAE@XZ
+    - ??1CWorkerThreadJobQueue@@UAE@XZ
+    - ??1CWorkerThreadPool@@UAE@XZ
+    - ??1CWorkerThreadPoolEx@@UAE@XZ
+    - ??1IMemoryAllocator@@UAE@XZ
+    - ??2@YAPAXIPAVIMemoryAllocator@@PBDK@Z
+    - ??2CMemoryAllocator@@SGPAXI@Z
+    - ??2CMemoryPoolAllocator@@SGPAXI@Z
+    - ??3@YAXPAX@Z
+    - ??3IMemoryAllocator@@SGXPAX@Z
+    - ??4CAutoUpdateConfigThread@@QAEAAV0@ABV0@@Z
+    - ??4CBlobConfig@@QAEAAV0@ABV0@@Z
+    - ??4CContext@@QAEAAV0@ABV0@@Z
+    - ??4CDebugLog@@QAEAAV0@ABV0@@Z
+    - ??4CDebugLogEx@@QAEAAV0@ABV0@@Z
+    - ??4CDelayLoadThread@@QAEAAV0@ABV0@@Z
+    - ??4CFile@@QAEAAV0@ABV0@@Z
+    - ??4CKEvent@@QAEAAV0@ABV0@@Z
+    - ??4CLockEvent@@QAEAAV0@ABV0@@Z
+    - ??4CMemoryAllocator@@QAEAAV0@ABV0@@Z
+    - ??4CMemoryPoolAllocator@@QAEAAV0@ABV0@@Z
+    - ??4CModuleConfig@@QAEAAV0@ABV0@@Z
+    - ??4CModuleFlagConfig@@QAEAAV0@ABV0@@Z
+    - ??4CModuleStringConfig@@QAEAAV0@ABV0@@Z
+    - ??4CSmartLock@@QAEAAV0@ABV0@@Z
+    - ??4CSmartLock@@QAEABV0@AAVCLockEvent@@@Z
+    - ??4CSmartResource@@QAEAAV0@ABV0@@Z
+    - ??4CSystemThread@@QAEAAV0@ABV0@@Z
+    - ??4CUserFuncAdapterJob@@QAEAAV0@ABV0@@Z
+    - ??4CWorkerThread@@QAEAAV0@ABV0@@Z
+    - ??4CWorkerThreadJob@@QAEAAV0@ABV0@@Z
+    - ??4IMemoryAllocator@@QAEAAV0@ABV0@@Z
+    - ??_7CAutoUpdateConfigThread@@6B@
+    - ??_7CBlobConfig@@6B@
+    - ??_7CContext@@6B@
+    - ??_7CContextList@@6B@
+    - ??_7CDebugLog@@6B@
+    - ??_7CDebugLogEx@@6B@
+    - ??_7CDelayLoadThread@@6B@
+    - ??_7CExclusionExtConfig@@6B@
+    - ??_7CExclusionFileNameConfig@@6B@
+    - ??_7CExclusionFilePathConfig@@6B@
+    - ??_7CExclusionFolderConfig@@6B@
+    - ??_7CExclusionRegistryConfig@@6B@
+    - ??_7CFile@@6B@
+    - ??_7CFileExtension@@6B@
+    - ??_7CInclusionExtConfig@@6B@
+    - ??_7CInclusionFileNameConfig@@6B@
+    - ??_7CInclusionFilePathConfig@@6B@
+    - ??_7CInclusionFolderConfig@@6B@
+    - ??_7CKEvent@@6B@
+    - ??_7CList@@6B@
+    - ??_7CLockEvent@@6B@
+    - ??_7CLockList@@6B@
+    - ??_7CMemoryAllocator@@6B@
+    - ??_7CMemoryPoolAllocator@@6B@
+    - ??_7CModuleConfig@@6B@
+    - ??_7CModuleConfigList@@6B@
+    - ??_7CModuleFileExtConfig@@6B@
+    - ??_7CModuleFlagConfig@@6B@
+    - ??_7CModuleMultiStringConfig@@6B@
+    - ??_7CModuleStringConfig@@6B@
+    - ??_7CNoLockList@@6B@
+    - ??_7CStrList@@6B@
+    - ??_7CSystemThread@@6B@
+    - ??_7CUserFuncAdapterJob@@6B@
+    - ??_7CWorkerThread@@6B@
+    - ??_7CWorkerThreadJob@@6B@
+    - ??_7CWorkerThreadJobQueue@@6B@
+    - ??_7CWorkerThreadPool@@6B@
+    - ??_7CWorkerThreadPoolEx@@6B@
+    - ??_7IMemoryAllocator@@6B@
+    - ??_FCContextList@@QAEXXZ
+    - ??_FCFile@@QAEXXZ
+    - ??_FCFileExtension@@QAEXXZ
+    - ??_FCModuleConfigList@@QAEXXZ
+    - ??_FCStrList@@QAEXXZ
+    - ??_FCSystemThread@@QAEXXZ
+    - ??_FCWorkerThread@@QAEXXZ
+    - ??_FCWorkerThreadJob@@QAEXXZ
+    - ??_FCWorkerThreadJobQueue@@QAEXXZ
+    - ??_U@YAPAXIPAVIMemoryAllocator@@PBDK@Z
+    - ??_V@YAXPAX@Z
+    - ?Acquire@CLockEvent@@QAEXXZ
+    - ?Add@CContextList@@QAEEPAVCContext@@@Z
+    - ?Add@CFileExtension@@QAEEPBGK@Z
+    - ?Add@CModuleConfigList@@QAEEPAVCModuleConfig@@@Z
+    - ?Add@CStrList@@QAEEPBG@Z
+    - ?AddNode@CLockList@@UAEEQAXE@Z
+    - ?AddNode@CNoLockList@@UAEEQAXE@Z
+    - ?Alloc@CMemoryAllocator@@UAEPAXKPBDK@Z
+    - ?Alloc@CMemoryPoolAllocator@@UAEPAXKPBDK@Z
+    - ?AllocBlock@CMemoryPoolAllocator@@IAEPAXK@Z
+    - ?AttachJobQueue@CWorkerThread@@QAEXPAVCWorkerThreadJobQueue@@@Z
+    - ?Cancel@CWorkerThreadJob@@QAEXXZ
+    - ?CheckNode@CLockList@@UAEHQAX@Z
+    - ?CheckNode@CNoLockList@@UAEHQAX@Z
+    - ?CleanQueue@CWorkerThreadJobQueue@@QAEXXZ
+    - ?Cleanup@CBlobConfig@@AAEXXZ
+    - ?Cleanup@CModuleFileExtConfig@@IAEXXZ
+    - ?Cleanup@CModuleMultiStringConfig@@IAEXXZ
+    - ?Cleanup@CModuleStringConfig@@AAEXXZ
+    - ?Close@CFile@@QAEJXZ
+    - ?Count@CLockList@@QAEKXZ
+    - ?Count@CNoLockList@@QAEKXZ
+    - ?Create@CFile@@QAEJPBGKKKK@Z
+    - ?Create@CSystemThread@@QAEEXZ
+    - ?CreateInstance@CMemoryAllocator@@SGPAV1@W4_POOL_TYPE@@K@Z
+    - ?CreateInstance@CMemoryPoolAllocator@@SGPAV1@W4_POOL_TYPE@@KKK@Z
+    - ?CreatePool@CWorkerThreadPool@@QAEEXZ
+    - ?CreatePool@CWorkerThreadPoolEx@@QAEEXZ
+    - ?CreateThreads@CWorkerThreadPool@@QAEEK@Z
+    - ?CreateThreads@CWorkerThreadPoolEx@@QAEEK@Z
+    - ?CreateWIRP@CFile@@QAEJPBGKKKK@Z
+    - ?Delete@CFile@@QAEJXZ
+    - ?Delete@CFileExtension@@QAEEPBGK@Z
+    - ?Delete@CStrList@@QAEEPBG@Z
+    - ?DeleteAll@CList@@UAEXXZ
+    - ?DeleteAll@CLockList@@UAEXXZ
+    - ?DeleteAll@CNoLockList@@UAEXXZ
+    - ?DeleteNode@CContextList@@MAEXPAX@Z
+    - ?DeleteNode@CList@@UAEXPAX@Z
+    - ?DeleteNode@CModuleConfigList@@MAEXPAX@Z
+    - ?DeleteNode@CStrList@@EAEXPAU_STR_LIST_NODE@1@@Z
+    - ?DisableWriteProtectFromCR0@@YGXPAPAX@Z
+    - ?DoIt@CWorkerThreadJob@@QAEJXZ
+    - ?EntryPoint@CSystemThread@@KGXPAX@Z
+    - ?Find@CContextList@@QAEPAVCContext@@K@Z
+    - ?Find@CContextList@@QAEPAVCContext@@PAX@Z
+    - ?Find@CFileExtension@@QAEPAU_STR_LIST_NODE@CStrList@@PBGK@Z
+    - ?Find@CModuleConfigList@@QAEPAVCModuleConfig@@K@Z
+    - ?Find@CStrList@@QAEPAU_STR_LIST_NODE@1@PBG@Z
+    - ?FindNode@CContextList@@IAEPAXPAX@Z
+    - ?FindPartiallyAndAllMatch@CStrList@@QAEPAU_STR_LIST_NODE@1@PBG@Z
+    - ?FinishFunction@CUserFuncAdapterJob@@MAEXXZ
+    - ?FinishIt@CWorkerThreadJob@@QAEJXZ
+    - ?First@CList@@UAEPAXXZ
+    - ?First@CLockList@@UAEPAXXZ
+    - ?First@CNoLockList@@UAEPAXXZ
+    - ?Free@CMemoryAllocator@@UAEXPAX@Z
+    - ?Free@CMemoryPoolAllocator@@UAEXPAX@Z
+    - ?GetAttributes@CFile@@QAEKXZ
+    - ?GetBasicInfomration@CFile@@IAEJXZ
+    - ?GetBlobCofig@CContext@@UAEJKPAXPAK@Z
+    - ?GetCategory@CContext@@QAEKXZ
+    - ?GetData@CBlobConfig@@QAEHPAXPAK@Z
+    - ?GetData@CModuleFileExtConfig@@QAEHPAGPAK@Z
+    - ?GetData@CModuleFileExtConfig@@QAEPAVCFileExtension@@XZ
+    - ?GetData@CModuleFlagConfig@@QAEKXZ
+    - ?GetData@CModuleMultiStringConfig@@QAEHPAGPAK@Z
+    - ?GetData@CModuleMultiStringConfig@@QAEPAVCStrList@@XZ
+    - ?GetData@CModuleStringConfig@@QAEPAGXZ
+    - ?GetData@CStrList@@QAEEPAGPAK@Z
+    - ?GetDataType@CModuleConfig@@QAEKXZ
+    - ?GetEngineContext@CContext@@QAEPAXXZ
+    - ?GetFileExtensionConfig@CContext@@QAEPAVCFileExtension@@K@Z
+    - ?GetFileExtensionConfig@CContext@@UAEJKPAGPAK@Z
+    - ?GetFileSize@CFile@@QAEJPAT_LARGE_INTEGER@@@Z
+    - ?GetFileSizeWIRP@CFile@@QAEJPAT_LARGE_INTEGER@@@Z
+    - ?GetFlagConfig@CContext@@UAEJKPAK@Z
+    - ?GetID@CModuleConfig@@QAEKXZ
+    - ?GetJob@CWorkerThreadJobQueue@@QAEPAVCWorkerThreadJob@@XZ
+    - ?GetLength@CModuleStringConfig@@QAEKXZ
+    - ?GetLinkContext@CContext@@QAEPAXXZ
+    - ?GetLogFlag@CDebugLog@@QAEKXZ
+    - ?GetLogFlag@CDebugLogEx@@QAEKXZ
+    - ?GetModuleId@CModuleConfig@@QAEKXZ
+    - ?GetMultiStringConfig@CContext@@QAEPAVCStrList@@K@Z
+    - ?GetMultiStringConfig@CContext@@UAEJKPAGPAK@Z
+    - ?GetOneThreadTEB@CWorkerThreadPool@@QAEPAU_ETHREAD@@XZ
+    - ?GetOneThreadTEB@CWorkerThreadPool@@QAEPAU_KTHREAD@@XZ
+    - ?GetOneThreadTEB@CWorkerThreadPoolEx@@QAEPAU_ETHREAD@@XZ
+    - ?GetOneThreadTEB@CWorkerThreadPoolEx@@QAEPAU_KTHREAD@@XZ
+    - ?GetReportCallBackRoutine@CContext@@QAEKXZ
+    - ?GetSize@CBlobConfig@@QAEKXZ
+    - ?GetStringConfig@CContext@@QAEPAGK@Z
+    - ?GetStringConfig@CContext@@UAEJKPAGPAK@Z
+    - ?GetThreadCount@CWorkerThreadPool@@QAEKXZ
+    - ?GetThreadCount@CWorkerThreadPoolEx@@QAEKXZ
+    - ?GetThreadID@CSystemThread@@QAEKXZ
+    - ?GetType@CContext@@QAEKXZ
+    - ?GetUserParameter@CContext@@QAEKXZ
+    - ?InitProcMon@CDebugLogEx@@IAEXXZ
+    - ?InitializeBlobConfig@CContext@@QAEHKPAXK@Z
+    - ?InitializeFileExtensionConfig@CContext@@QAEHKPBG@Z
+    - ?InitializeFlagConfig@CContext@@QAEHKK@Z
+    - ?InitializeMultiStringConfig@CContext@@QAEHKPBG@Z
+    - ?InitializeStringConfig@CContext@@QAEHKPBG@Z
+    - ?Insert@CList@@UAEXQAXE@Z
+    - ?Insert@CLockList@@UAEXQAXE@Z
+    - ?Insert@CNoLockList@@UAEXQAXE@Z
+    - ?InsertAfter@CList@@UAEXPAX0@Z
+    - ?InsertBefore@CList@@UAEXPAX0@Z
+    - ?Instance@CWorkerThreadPool@@SGPAV1@XZ
+    - ?IsEmpty@CList@@UAEEXZ
+    - ?IsEmpty@CLockList@@UAEEXZ
+    - ?IsEmpty@CNoLockList@@UAEEXZ
+    - ?IsExceedLimitation@CMemoryPoolAllocator@@IAEEK@Z
+    - ?IsFull@CLockList@@QBEEXZ
+    - ?IsFull@CNoLockList@@QBEEXZ
+    - ?IsInExclusionList@CExclusionExtConfig@@QAEEPBG@Z
+    - ?IsInExclusionList@CExclusionFileNameConfig@@QAEEPBG@Z
+    - ?IsInExclusionList@CExclusionFilePathConfig@@QAEEPBG@Z
+    - ?IsInExclusionList@CExclusionFolderConfig@@QAEEPBG@Z
+    - ?IsInExclusionList@CExclusionRegistryConfig@@QAEEPBG@Z
+    - ?IsInInclusionList@CInclusionExtConfig@@QAEEPBG@Z
+    - ?IsInInclusionList@CInclusionFileNameConfig@@QAEEPBG@Z
+    - ?IsInInclusionList@CInclusionFilePathConfig@@QAEEPBG@Z
+    - ?IsInInclusionList@CInclusionFolderConfig@@QAEEPBG@Z
+    - ?IsOpened@CFile@@QAEEXZ
+    - ?IsTerminated@CWorkerThreadPool@@QAEEXZ
+    - ?IsTerminated@CWorkerThreadPoolEx@@QAEEXZ
+    - ?IsValid@CMemoryAllocator@@UAEEXZ
+    - ?IsValid@CMemoryPoolAllocator@@UAEEXZ
+    - ?IsValid@IMemoryAllocator@@UAEEXZ
+    - ?IsWorkerThread@CWorkerThreadPool@@QAEEK@Z
+    - ?IsWorkerThread@CWorkerThreadPoolEx@@QAEEK@Z
+    - ?JobFunction@CUserFuncAdapterJob@@MAEXXZ
+    - ?JobQueue@CWorkerThreadPool@@QAEAAVCWorkerThreadJobQueue@@XZ
+    - ?JobQueue@CWorkerThreadPoolEx@@QAEAAVCWorkerThreadJobQueue@@XZ
+    - ?Limit@CLockList@@QAEKXZ
+    - ?Limit@CNoLockList@@QAEKXZ
+    - ?MatchAllExtensions@CFileExtension@@QAEEXZ
+    - ?MatchNoExtensions@CFileExtension@@QAEEXZ
+    - ?MergeLeft@CMemoryPoolAllocator@@IAEPAXPAX@Z
+    - ?MergeRight@CMemoryPoolAllocator@@IAEPAXPAX@Z
+    - ?NeedDelete@CWorkerThreadJob@@QAEEXZ
+    - ?NeedDeleteWhenFinish@CWorkerThreadJob@@QAEXE@Z
+    - ?NewNode@CList@@UAEPAXXZ
+    - ?NewNode@CStrList@@EAEPAXXZ
+    - ?NewNodeVariant@CList@@IAEPAXK@Z
+    - ?Next@CList@@UBEPAXQAX@Z
+    - ?Next@CLockList@@UBEPAXQAX@Z
+    - ?Next@CNoLockList@@UBEPAXQAX@Z
+    - ?NextPool@CMemoryPoolAllocator@@QAEPAV1@XZ
+    - ?NotityTerminate@CWorkerThread@@QAEXXZ
+    - ?PostJobToWorkerThread@CWorkerThreadPool@@QAEJP6GXPAX@Z0E@Z
+    - ?PostJobToWorkerThread@CWorkerThreadPoolEx@@QAEJP6GXPAX@Z0E1@Z
+    - ?Pulse@CKEvent@@QAEJJE@Z
+    - ?QueueJob@CWorkerThreadJobQueue@@QAEEPAVCWorkerThreadJob@@@Z
+    - ?QueueJobItem@CWorkerThreadPool@@QAEJPAVCWorkerThreadJob@@@Z
+    - ?QueueJobItem@CWorkerThreadPoolEx@@QAEJPAVCWorkerThreadJob@@@Z
+    - ?RCMInstance@CWorkerThreadPool@@SGPAV1@XZ
+    - ?Read@CFile@@QAEJPADKPAK@Z
+    - ?ReadWIRP@CFile@@QAEJPADKPAK@Z
+    - ?ReferenceCount@CContext@@QAEAAKXZ
+    - ?Release@CLockEvent@@QAEXXZ
+    - ?Remove@CContextList@@UAEEQAX@Z
+    - ?Remove@CList@@UAEEQAX@Z
+    - ?Remove@CLockList@@UAEEQAX@Z
+    - ?Remove@CNoLockList@@UAEEQAX@Z
+    - ?RemoveHead@CList@@UAEPAXXZ
+    - ?RemoveHead@CLockList@@UAEPAXXZ
+    - ?RemoveHead@CNoLockList@@UAEPAXXZ
+    - ?RemoveTail@CList@@UAEPAXXZ
+    - ?RemoveTail@CLockList@@UAEPAXXZ
+    - ?RemoveTail@CNoLockList@@UAEPAXXZ
+    - ?Reset@CKEvent@@QAEXXZ
+    - ?ResetData@CInclusionExtConfig@@QAEXXZ
+    - ?ResetData@CInclusionFileNameConfig@@QAEXXZ
+    - ?ResetData@CInclusionFilePathConfig@@QAEXXZ
+    - ?ResetData@CInclusionFolderConfig@@QAEXXZ
+    - ?RestoreCR0@@YGXPAX@Z
+    - ?Run@CAutoUpdateConfigThread@@UAEXXZ
+    - ?Run@CDelayLoadThread@@UAEXXZ
+    - ?Run@CWorkerThread@@UAEXXZ
+    - ?SeekToEnd@CFile@@QAEJXZ
+    - ?Set@CKEvent@@QAEJJE@Z
+    - ?SetAttributes@CFile@@QAEJK@Z
+    - ?SetBlobCofig@CContext@@UAEJKPAXK@Z
+    - ?SetData@CBlobConfig@@QAEHPAXK@Z
+    - ?SetData@CModuleFileExtConfig@@QAEHPBG@Z
+    - ?SetData@CModuleFlagConfig@@QAEHK@Z
+    - ?SetData@CModuleMultiStringConfig@@QAEHPBGK@Z
+    - ?SetData@CModuleStringConfig@@QAEHPBG@Z
+    - ?SetEngineContext@CContext@@QAEXPAX@Z
+    - ?SetFileExtensionConfig@CContext@@UAEJKPBG@Z
+    - ?SetFlagConfig@CContext@@UAEJKK@Z
+    - ?SetLinkContext@CContext@@QAEXPAX@Z
+    - ?SetLogFlag@CDebugLog@@QAEEK@Z
+    - ?SetLogFlag@CDebugLogEx@@QAEEK@Z
+    - ?SetMatchAllExtensions@CFileExtension@@QAEXE@Z
+    - ?SetMatchNoExtensions@CFileExtension@@QAEXE@Z
+    - ?SetMultiStringConfig@CContext@@UAEJKPBG@Z
+    - ?SetNewJobItemEvent@CWorkerThreadJobQueue@@QAEXXZ
+    - ?SetPriority@CSystemThread@@QAEXK@Z
+    - ?SetStopUse@CContext@@QAEXXZ
+    - ?SetStringConfig@CContext@@UAEJKPBG@Z
+    - ?Setup@CSystemThread@@MAEXXZ
+    - ?StopUse@CContext@@QAEHXZ
+    - ?TearDown@CSystemThread@@MAEXXZ
+    - ?Terminate@CSystemThread@@QAEXE@Z
+    - ?Terminate@CWorkerThreadPool@@QAEEXZ
+    - ?Terminate@CWorkerThreadPoolEx@@QAEEXZ
+    - ?TmExceptionFilter@@YGJPAU_EXCEPTION_POINTERS@@@Z
+    - ?Wait@CKEvent@@QAEJPAT_LARGE_INTEGER@@E@Z
+    - ?WaitFinish@CWorkerThreadJob@@QAEXXZ
+    - ?WaitForInit@CDelayLoadThread@@QAEEXZ
+    - ?WaitForLoad@CDelayLoadThread@@QAEEXZ
+    - ?WaitNewJobAvailable@CWorkerThreadJobQueue@@QAEEXZ
+    - ?WaitQueueEmpty@CWorkerThreadJobQueue@@QAEXXZ
+    - ?Write@CDebugLog@@QAAXPBDZZ
+    - ?Write@CDebugLogEx@@QAAXPBDZZ
+    - ?Write@CFile@@QAEJPADKPAT_LARGE_INTEGER@@PAK@Z
+    - ?WriteDataToFile@CDebugLogEx@@IAEXPADK@Z
+    - ?WriteDataToProcMonW@CDebugLogEx@@IAEXPAD@Z
+    - ?WriteSystemInformation@CDebugLog@@QAEXXZ
+    - ?WriteSystemInformation@CDebugLogEx@@QAEXXZ
+    - ?WriteSystemStringInformation@CDebugLog@@IAEXPBG@Z
+    - ?WriteSystemStringInformation@CDebugLogEx@@IAEXPBG@Z
+    - ?WriteToFile@CDebugLog@@IAEXPADK@Z
+    - ?WriteToProcMonW@CDebugLogEx@@IAEXPAU_UNICODE_STRING@@@Z
+    - ?_pNonPagedAllocator@@3PAVCMemoryAllocator@@A
+    - ?_pPagedAllocator@@3PAVCMemoryAllocator@@A
+    - ?m_lpInstance@CWorkerThreadPool@@1PAV1@A
+    - ?m_lpRCMInstance@CWorkerThreadPool@@1PAV1@A
+    - _DeInitKm2UmCommunication@0
+    - _DeInitKmLPC@0
+    - _DuplicateFullFileName@4
+    - _FreeFullFileName@4
+    - _GetFileVersionOfNtoskrnl@16
+    - _GetKm2UmMode@0
+    - _GetModuleInfoByAddress@8
+    - _GetModuleInfoByModuleName@8
+    - _InitKm2UmCommunication@8
+    - _InitKmLPC@0
+    - _IsVerifierCodeCheckFlagOn@0
+    - _IsWindows8_1_update@4
+    - _KmCallUm@8
+    - _KmCallUmByLPC@8
+    - _KmCallUmEx@12
+    - _KmCleanupCommPortAPIs@0
+    - _KmGetUmInitProcess@0
+    - _KmSetCommPortAPIs@4
+    - _ModGetExportProcAddress@8
+    - _ModLoadDLLToBuffer@4
+    - _ModLoadDLLToBufferWithImageSize@8
+    - _ModLoadModule@8
+    - _ModUnLoadModule@4
+    - _NormalizeFileName@4
+    - _NormalizeFullNtPathToDosName@4
+    - _TmCommConfigRoutine@4
+    - _UtilAddDeviceInDriveTable@4
+    - _UtilAddReparsePointMapping@8
+    - _UtilCleanFileReadOnly@4
+    - _UtilCloseExclusiveHandle@12
+    - _UtilCreateDosFileName@8
+    - _UtilDeleteFileForce@4
+    - _UtilGetDeviceObjectName@8
+    - _UtilGetFileNameFromFileObject@4
+    - _UtilGetFileObjectForProcessByEPROC@8
+    - _UtilGetFileObjectFromFileName@12
+    - _UtilGetProcessName@12
+    - _UtilGetSystemDirectory@4
+    - _UtilGetSystemDirectoryEx@0
+    - _UtilGetSystemDirectoryLength@0
+    - _UtilGetSystemTime@4
+    - _UtilIoSetFileInfo@24
+    - _UtilIopCreateFileIRP@40
+    - _UtilKeGetLowFileDevice@16
+    - _UtilModuleIATHook@24
+    - _UtilModuleIATUnHook@8
+    - _UtilPostJobToWorkerThread@12
+    - _UtilQueryExclusiveHandle@12
+    - _UtilQueryKeyValue@24
+    - _UtilRemoveDeviceFromDriveTable@4
+    - _UtilVolumeDeviceToDosName@8
+    - _UtilWaitValueChangeToZero@8
+    - _UtilWriteVersionToRegistry@8
+    - _UtilbuildDynamicDiskMappingTable@0
+    - _UtlWriteBinValueKeyToRegistry@16
+    - _ValidateAddressWithSize@20
+    - __ResetProtectFromClose@4
+    - __UtilDosPathNameToNtPathName@12
+    ImportedFunctions:
+    - KePulseEvent
+    - KeClearEvent
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - ObfDereferenceObject
+    - ZwSetEvent
+    - ZwClose
+    - ZwConnectPort
+    - RtlInitUnicodeString
+    - RtlUnicodeStringToInteger
+    - ZwCreateSection
+    - ZwWaitForSingleObject
+    - ZwOpenEvent
+    - IoGetCurrentProcess
+    - ObfReferenceObject
+    - DbgBreakPoint
+    - ZwRequestWaitReplyPort
+    - ExFreePoolWithTag
+    - ProbeForWrite
+    - ZwFreeVirtualMemory
+    - ZwAllocateVirtualMemory
+    - ObOpenObjectByPointer
+    - PsProcessType
+    - memmove
+    - PsGetProcessExitTime
+    - MmSectionObjectType
+    - PsThreadType
+    - MmGetSystemRoutineAddress
+    - ObReleaseObjectSecurity
+    - SeReleaseSubjectContext
+    - SeAccessCheck
+    - SeCaptureSubjectContext
+    - ObGetObjectSecurity
+    - DbgPrint
+    - memset
+    - MmIsAddressValid
+    - ExInitializeResourceLite
+    - ExDeleteResourceLite
+    - ZwWriteFile
+    - ZwReadFile
+    - ZwQueryInformationFile
+    - ZwSetInformationFile
+    - ZwCreateFile
+    - swprintf
+    - towupper
+    - _wcsnicmp
+    - ExAllocatePoolWithTag
+    - KeInitializeEvent
+    - _snprintf
+    - PsGetCurrentProcessId
+    - RtlTimeToTimeFields
+    - ExSystemTimeToLocalTime
+    - KeQuerySystemTime
+    - PsGetCurrentThreadId
+    - RtlInitAnsiString
+    - ZwDeviceIoControlFile
+    - ZwCreateKey
+    - ZwCreateEvent
+    - KeWaitForMultipleObjects
+    - ObReferenceObjectByHandle
+    - ZwNotifyChangeKey
+    - _vsnprintf
+    - RtlFreeUnicodeString
+    - RtlAnsiStringToUnicodeString
+    - RtlEqualUnicodeString
+    - RtlAppendUnicodeStringToString
+    - RtlCopyUnicodeString
+    - RtlUpcaseUnicodeChar
+    - ExGetPreviousMode
+    - KeWaitForSingleObject
+    - KeSetPriorityThread
+    - PsTerminateSystemThread
+    - PsCreateSystemThread
+    - KeDelayExecutionThread
+    - KeNumberProcessors
+    - ZwQueryInformationProcess
+    - PsLookupProcessByProcessId
+    - ZwOpenDirectoryObject
+    - PsSetCreateProcessNotifyRoutine
+    - ZwQuerySystemInformation
+    - ZwQueryDirectoryFile
+    - ZwQueryDirectoryObject
+    - ZwDuplicateObject
+    - ZwOpenKey
+    - ZwEnumerateKey
+    - ZwEnumerateValueKey
+    - ZwQueryValueKey
+    - ZwDeleteValueKey
+    - ZwDeleteKey
+    - ZwTerminateProcess
+    - ZwOpenProcess
+    - ZwQueryKey
+    - ZwSetValueKey
+    - IoFileObjectType
+    - _allrem
+    - KeSetEvent
+    - ZwSetSecurityObject
+    - RtlLengthSecurityDescriptor
+    - MmHighestUserAddress
+    - IoFreeIrp
+    - _purecall
+    - MmUnlockPages
+    - IoBuildAsynchronousFsdRequest
+    - _strnicmp
+    - RtlQueryRegistryValues
+    - RtlAppendUnicodeToString
+    - mbstowcs
+    - ZwQuerySymbolicLinkObject
+    - ZwOpenSymbolicLinkObject
+    - NtClose
+    - ObQueryNameString
+    - ZwSetInformationObject
+    - _stricmp
+    - ZwUnmapViewOfSection
+    - ZwMapViewOfSection
+    - ZwOpenFile
+    - IoCreateFile
+    - IofCallDriver
+    - IoAllocateIrp
+    - MmBuildMdlForNonPagedPool
+    - IoAllocateMdl
+    - ProbeForRead
+    - PsGetVersion
+    - RtlImageNtHeader
+    - RtlCompareMemory
+    - RtlUpcaseUnicodeString
+    - _snwprintf
+    - MmSystemRangeStart
+    - wcsncmp
+    - RtlCompareUnicodeString
+    - strrchr
+    - ZwQueryVolumeInformationFile
+    - ObReferenceObjectByPointer
+    - IoBuildDeviceIoControlRequest
+    - ZwOpenSection
+    - _allmul
+    - KeReleaseSemaphore
+    - RtlLengthRequiredSid
+    - RtlInitializeSid
+    - RtlSubAuthoritySid
+    - RtlSetDaclSecurityDescriptor
+    - RtlCreateSecurityDescriptor
+    - RtlAddAccessAllowedAce
+    - RtlCreateAcl
+    - KeInitializeSemaphore
+    - IoGetDeviceObjectPointer
+    - IofCompleteRequest
+    - ExEventObjectType
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - IoCreateSymbolicLink
+    - RtlUpperChar
+    - ObReferenceObjectByName
+    - IoDriverObjectType
+    - strncpy
+    - KeServiceDescriptorTable
+    - NtOpenProcess
+    - ObOpenObjectByName
+    - NtQueryInformationProcess
+    - PsIsThreadTerminating
+    - KeAddSystemServiceTable
+    - ZwQueryObject
+    - ZwFsControlFile
+    - ObInsertObject
+    - IoReleaseVpbSpinLock
+    - IoAcquireVpbSpinLock
+    - SeCreateAccessState
+    - IoGetFileObjectGenericMapping
+    - ObCreateObject
+    - _allshr
+    - ExInterlockedPopEntrySList
+    - IoGetStackLimits
+    - IoBuildSynchronousFsdRequest
+    - wcsstr
+    - IoUnregisterPlugPlayNotification
+    - FsRtlIsNameInExpression
+    - IoGetConfigurationInformation
+    - MmProbeAndLockPages
+    - IoGetDeviceInterfaces
+    - IoRegisterPlugPlayNotification
+    - ExAllocatePool
+    - RtlFreeAnsiString
+    - RtlUnicodeStringToAnsiString
+    - strncat
+    - wcschr
+    - wcsncat
+    - wcstombs
+    - KeTickCount
+    - KeBugCheckEx
+    - RtlUnwind
+    - wcsrchr
+    - memcpy
+    - wcsncpy
+    - ExReleaseResourceLite
+    - ExAcquireResourceExclusiveLite
+    - ExAcquireResourceSharedLite
+    - ExReleaseFastMutexUnsafe
+    - KeLeaveCriticalRegion
+    - KeEnterCriticalRegion
+    - ZwQuerySecurityObject
+    - ExAcquireFastMutexUnsafe
+    - IoDeviceObjectType
+    - IoCreateDevice
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetSaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - SeExports
+    - IoIsWdmVersionAvailable
+    - RtlLengthSid
+    - RtlAbsoluteToSelfRelativeSD
+    - IoFreeMdl
+    - KeGetCurrentThread
+    - KfAcquireSpinLock
+    - KfReleaseSpinLock
+    - KeRaiseIrqlToDpcLevel
+    - KfLowerIrql
+    - KeAcquireQueuedSpinLock
+    - KeReleaseQueuedSpinLock
+    - ExAcquireFastMutex
+    - ExReleaseFastMutex
+    - KeGetCurrentIrql
+    - KfRaiseIrql
+    - ClassInitialize
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=TW, L=Taipei, O=Trend Micro, Inc., OU=Taipei, TW, CN=Trend
+                Micro, Inc.
+            ValidFrom: '2019-07-12 00:00:00'
+            ValidTo: '2020-07-10 12:00:00'
+            Signature: 5c08ae5d586a4751195382d6889dc2fc500e7c39c641e1a58def8d923e12b754e2cc35720cc8d3d29382980debf7d98fcc17d764187126dd07c134fdbb96dd44fe8a40195df6f6acd1881fa5ba2921dadceb3f64422344672834813916bbdf317533cf6aaf3317d78197d7d6c560ad681de135f39e2d4ad345b7fe491162660a5462c6075fd725382df1e6e6bc3a4c443be778f79b07f181082e38150ca28ab932f99e4bc4185dc5b3b6edf22c187fdfd84e23a21e7da1989837f43b89aa172e6b34dbcb297bffd511a1d1c100b25e0e921f622a0845e23317f9fec83659ca21c241800683e0dd66ce4d042a8aefc4142b5923a6fa93ee72c48e8dc04c13b4b0
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ea0fe4dfb74cc64bc32143103c27c8b
+            Version: 3
+            TBS:
+                MD5: e93e004baa6013b41135ac0648e29d5b
+                SHA1: dc91e26674d4b627319c700d3ebb1a6cf83d358e
+                SHA256: 0d20335edb166a303411548471bee6f301c8b4f7f7e453d09c15303de2c888d7
+                SHA384: 5e0130ee64e28e6366fcf0ca8a126b3f7e06eec60b8a46ac90dbfa858aac8f0c1a9cce248a606fdf9a98eae98dd5d887
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
+            Version: 3
+            TBS:
+                MD5: 829995f702421dea833a24fb2c7f4442
+                SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
+                SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
+                SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 0ea0fe4dfb74cc64bc32143103c27c8b
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 5b33b237bab6e0b50320054616983177
+        SHA1: 754c63349a54279bb01f24974f9faf6da8294d27
+        SHA256: 001d9e469d2c4160f8fbff1c0aee013e72881cffb568910a2c1473a17bf858b2
+    Sections:
+        .text:
+            Entropy: 6.684999852122335
+            Virtual Size: '0x3a766'
+        .rdata:
+            Entropy: 4.984299070312925
+            Virtual Size: '0x247c'
+        .data:
+            Entropy: 3.9442152039569094
+            Virtual Size: '0x3500'
+        PAGE:
+            Entropy: 6.263191974939595
+            Virtual Size: '0x13dd'
+        .edata:
+            Entropy: 5.855274627420937
+            Virtual Size: '0x5600'
+        INIT:
+            Entropy: 5.688648408179323
+            Virtual Size: '0x16de'
+        .rsrc:
+            Entropy: 3.3796752140702377
+            Virtual Size: '0x568'
+        .reloc:
+            Entropy: 6.625578074091372
+            Virtual Size: '0x381c'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2019-11-18 03:29:47'
+    Imphash: 9b3ad85a76080f989d24cd89da90175a
+    LoadsDespiteHVCI: 'TRUE'
+-   Filename: TmComm.sys
+    MD5: f4b7b84a6828d2f9205b55cf8cfc7742
+    SHA1: e835776e0dc68c994dd18e8628454520156c93e3
+    SHA256: 4bc0921ffd4acc865525d3faf98961e8decc5aec4974552cbbf2ae8d5a569de4
+    Authentihash:
+        MD5: 0fe42b5332d879959e93066779cac8e5
+        SHA1: 06c69146793ba18827da747ce0f0a5a13cc4399f
+        SHA256: 1f642b5e76572b80684d15bf48bb6e2b6d2743171280ab50502284808a515904
+    Description: TrendMicro Common Module
+    Company: Trend Micro Inc.
+    InternalName: TmComm.sys
+    OriginalFilename: TmComm.sys
+    FileVersion: 3.20.0.1012
+    Product: Trend Micro AEGIS
+    ProductVersion: '3.20'
+    Copyright: Copyright (C) 2005-2010 Trend Micro Incorporated. All rights reserved.
+    MachineType: I386
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    - CLASSPNP.SYS
+    ExportedFunctions:
+    - ??0CAutoUpdateConfigThread@@QAE@ABV0@@Z
+    - ??0CAutoUpdateConfigThread@@QAE@PAU_UNICODE_STRING@@P6GX0PAX@Z1@Z
+    - ??0CBlobConfig@@QAE@ABV0@@Z
+    - ??0CBlobConfig@@QAE@K@Z
+    - ??0CContext@@QAE@ABV0@@Z
+    - ??0CContext@@QAE@KP6GJPAU_EVENT_REPORT@@PAXPAU_TMCE_REPORT@@PAU_TMCE_FEEDBACK@@@Z1K@Z
+    - ??0CContextList@@QAE@ABV0@@Z
+    - ??0CContextList@@QAE@KPAVIMemoryAllocator@@@Z
+    - ??0CDebugLog@@QAE@ABV0@@Z
+    - ??0CDebugLog@@QAE@PBG@Z
+    - ??0CExclusionExtConfig@@QAE@ABV0@@Z
+    - ??0CExclusionExtConfig@@QAE@KKE@Z
+    - ??0CExclusionFileNameConfig@@QAE@ABV0@@Z
+    - ??0CExclusionFileNameConfig@@QAE@KK@Z
+    - ??0CExclusionFilePathConfig@@QAE@ABV0@@Z
+    - ??0CExclusionFilePathConfig@@QAE@KK@Z
+    - ??0CExclusionFolderConfig@@QAE@ABV0@@Z
+    - ??0CExclusionFolderConfig@@QAE@KK@Z
+    - ??0CExclusionRegistryConfig@@QAE@ABV0@@Z
+    - ??0CExclusionRegistryConfig@@QAE@KK@Z
+    - ??0CFile@@QAE@ABV0@@Z
+    - ??0CFile@@QAE@E@Z
+    - ??0CFileExtension@@QAE@ABV0@@Z
+    - ??0CFileExtension@@QAE@KEEPAVIMemoryAllocator@@@Z
+    - ??0CKEvent@@QAE@ABV0@@Z
+    - ??0CKEvent@@QAE@W4_EVENT_TYPE@@E@Z
+    - ??0CList@@QAE@ABV0@@Z
+    - ??0CList@@QAE@KPAVIMemoryAllocator@@@Z
+    - ??0CLockEvent@@QAE@ABV0@@Z
+    - ??0CLockEvent@@QAE@XZ
+    - ??0CLockList@@QAE@ABV0@@Z
+    - ??0CLockList@@QAE@KKPAVIMemoryAllocator@@@Z
+    - ??0CMemoryAllocator@@IAE@W4_POOL_TYPE@@K@Z
+    - ??0CMemoryAllocator@@QAE@ABV0@@Z
+    - ??0CMemoryPoolAllocator@@IAE@W4_POOL_TYPE@@KKK@Z
+    - ??0CMemoryPoolAllocator@@QAE@ABV0@@Z
+    - ??0CModuleConfig@@QAE@ABV0@@Z
+    - ??0CModuleConfig@@QAE@XZ
+    - ??0CModuleConfigList@@QAE@ABV0@@Z
+    - ??0CModuleConfigList@@QAE@KPAVIMemoryAllocator@@@Z
+    - ??0CModuleFileExtConfig@@QAE@ABV0@@Z
+    - ??0CModuleFileExtConfig@@QAE@KKE@Z
+    - ??0CModuleFlagConfig@@QAE@ABV0@@Z
+    - ??0CModuleFlagConfig@@QAE@K@Z
+    - ??0CModuleMultiStringConfig@@QAE@ABV0@@Z
+    - ??0CModuleMultiStringConfig@@QAE@KK@Z
+    - ??0CModuleStringConfig@@QAE@ABV0@@Z
+    - ??0CModuleStringConfig@@QAE@K@Z
+    - ??0CSmartLock@@QAE@AAVCLockEvent@@@Z
+    - ??0CSmartLock@@QAE@XZ
+    - ??0CSmartReference@@QAE@AAJ@Z
+    - ??0CSmartReference@@QAE@AAK@Z
+    - ??0CStrList@@QAE@ABV0@@Z
+    - ??0CStrList@@QAE@KPAVIMemoryAllocator@@@Z
+    - ??0CSystemThread@@QAE@ABV0@@Z
+    - ??0CSystemThread@@QAE@K@Z
+    - ??0CUserFuncAdapterJob@@QAE@ABV0@@Z
+    - ??0CUserFuncAdapterJob@@QAE@P6GXPAX@Z0@Z
+    - ??0CWorkerThread@@IAE@PAVCWorkerThreadJobQueue@@@Z
+    - ??0CWorkerThread@@QAE@ABV0@@Z
+    - ??0CWorkerThreadJob@@QAE@ABV0@@Z
+    - ??0CWorkerThreadJob@@QAE@E@Z
+    - ??0CWorkerThreadJobQueue@@QAE@ABV0@@Z
+    - ??0CWorkerThreadJobQueue@@QAE@K@Z
+    - ??0CWorkerThreadPool@@QAE@ABV0@@Z
+    - ??0CWorkerThreadPool@@QAE@K@Z
+    - ??0IMemoryAllocator@@QAE@ABV0@@Z
+    - ??0IMemoryAllocator@@QAE@XZ
+    - ??1CAutoUpdateConfigThread@@UAE@XZ
+    - ??1CBlobConfig@@UAE@XZ
+    - ??1CContext@@UAE@XZ
+    - ??1CContextList@@UAE@XZ
+    - ??1CDebugLog@@UAE@XZ
+    - ??1CExclusionExtConfig@@UAE@XZ
+    - ??1CExclusionFileNameConfig@@UAE@XZ
+    - ??1CExclusionFilePathConfig@@UAE@XZ
+    - ??1CExclusionFolderConfig@@UAE@XZ
+    - ??1CExclusionRegistryConfig@@UAE@XZ
+    - ??1CFile@@UAE@XZ
+    - ??1CFileExtension@@UAE@XZ
+    - ??1CKEvent@@UAE@XZ
+    - ??1CList@@UAE@XZ
+    - ??1CLockEvent@@UAE@XZ
+    - ??1CLockList@@UAE@XZ
+    - ??1CMemoryAllocator@@UAE@XZ
+    - ??1CMemoryPoolAllocator@@UAE@XZ
+    - ??1CModuleConfig@@UAE@XZ
+    - ??1CModuleConfigList@@UAE@XZ
+    - ??1CModuleFileExtConfig@@UAE@XZ
+    - ??1CModuleFlagConfig@@UAE@XZ
+    - ??1CModuleMultiStringConfig@@UAE@XZ
+    - ??1CModuleStringConfig@@UAE@XZ
+    - ??1CSmartLock@@QAE@XZ
+    - ??1CSmartReference@@QAE@XZ
+    - ??1CStrList@@UAE@XZ
+    - ??1CSystemThread@@UAE@XZ
+    - ??1CUserFuncAdapterJob@@UAE@XZ
+    - ??1CWorkerThread@@UAE@XZ
+    - ??1CWorkerThreadJob@@UAE@XZ
+    - ??1CWorkerThreadJobQueue@@UAE@XZ
+    - ??1CWorkerThreadPool@@UAE@XZ
+    - ??1IMemoryAllocator@@UAE@XZ
+    - ??2@YAPAXIPAVIMemoryAllocator@@PBDK@Z
+    - ??2CMemoryAllocator@@SGPAXI@Z
+    - ??2CMemoryPoolAllocator@@SGPAXI@Z
+    - ??3@YAXPAX@Z
+    - ??3IMemoryAllocator@@SGXPAX@Z
+    - ??4CAutoUpdateConfigThread@@QAEAAV0@ABV0@@Z
+    - ??4CBlobConfig@@QAEAAV0@ABV0@@Z
+    - ??4CContext@@QAEAAV0@ABV0@@Z
+    - ??4CDebugLog@@QAEAAV0@ABV0@@Z
+    - ??4CFile@@QAEAAV0@ABV0@@Z
+    - ??4CKEvent@@QAEAAV0@ABV0@@Z
+    - ??4CLockEvent@@QAEAAV0@ABV0@@Z
+    - ??4CMemoryAllocator@@QAEAAV0@ABV0@@Z
+    - ??4CMemoryPoolAllocator@@QAEAAV0@ABV0@@Z
+    - ??4CModuleConfig@@QAEAAV0@ABV0@@Z
+    - ??4CModuleFlagConfig@@QAEAAV0@ABV0@@Z
+    - ??4CModuleStringConfig@@QAEAAV0@ABV0@@Z
+    - ??4CSmartLock@@QAEAAV0@ABV0@@Z
+    - ??4CSmartLock@@QAEABV0@AAVCLockEvent@@@Z
+    - ??4CSystemThread@@QAEAAV0@ABV0@@Z
+    - ??4CUserFuncAdapterJob@@QAEAAV0@ABV0@@Z
+    - ??4CWorkerThread@@QAEAAV0@ABV0@@Z
+    - ??4CWorkerThreadJob@@QAEAAV0@ABV0@@Z
+    - ??4IMemoryAllocator@@QAEAAV0@ABV0@@Z
+    - ??_7CAutoUpdateConfigThread@@6B@
+    - ??_7CBlobConfig@@6B@
+    - ??_7CContext@@6B@
+    - ??_7CContextList@@6B@
+    - ??_7CDebugLog@@6B@
+    - ??_7CExclusionExtConfig@@6B@
+    - ??_7CExclusionFileNameConfig@@6B@
+    - ??_7CExclusionFilePathConfig@@6B@
+    - ??_7CExclusionFolderConfig@@6B@
+    - ??_7CExclusionRegistryConfig@@6B@
+    - ??_7CFile@@6B@
+    - ??_7CFileExtension@@6B@
+    - ??_7CKEvent@@6B@
+    - ??_7CList@@6B@
+    - ??_7CLockEvent@@6B@
+    - ??_7CLockList@@6B@
+    - ??_7CMemoryAllocator@@6B@
+    - ??_7CMemoryPoolAllocator@@6B@
+    - ??_7CModuleConfig@@6B@
+    - ??_7CModuleConfigList@@6B@
+    - ??_7CModuleFileExtConfig@@6B@
+    - ??_7CModuleFlagConfig@@6B@
+    - ??_7CModuleMultiStringConfig@@6B@
+    - ??_7CModuleStringConfig@@6B@
+    - ??_7CStrList@@6B@
+    - ??_7CSystemThread@@6B@
+    - ??_7CUserFuncAdapterJob@@6B@
+    - ??_7CWorkerThread@@6B@
+    - ??_7CWorkerThreadJob@@6B@
+    - ??_7CWorkerThreadJobQueue@@6B@
+    - ??_7CWorkerThreadPool@@6B@
+    - ??_7IMemoryAllocator@@6B@
+    - ??_FCContextList@@QAEXXZ
+    - ??_FCFile@@QAEXXZ
+    - ??_FCFileExtension@@QAEXXZ
+    - ??_FCModuleConfigList@@QAEXXZ
+    - ??_FCStrList@@QAEXXZ
+    - ??_FCSystemThread@@QAEXXZ
+    - ??_FCWorkerThread@@QAEXXZ
+    - ??_FCWorkerThreadJob@@QAEXXZ
+    - ??_FCWorkerThreadJobQueue@@QAEXXZ
+    - ??_U@YAPAXIPAVIMemoryAllocator@@PBDK@Z
+    - ??_V@YAXPAX@Z
+    - ?Acquire@CLockEvent@@QAEXXZ
+    - ?Add@CContextList@@QAEEPAVCContext@@@Z
+    - ?Add@CFileExtension@@QAEEPBGK@Z
+    - ?Add@CModuleConfigList@@QAEEPAVCModuleConfig@@@Z
+    - ?Add@CStrList@@QAEEPBG@Z
+    - ?AddNode@CLockList@@UAEEQAXE@Z
+    - ?Alloc@CMemoryAllocator@@UAEPAXKPBDK@Z
+    - ?Alloc@CMemoryPoolAllocator@@UAEPAXKPBDK@Z
+    - ?AllocBlock@CMemoryPoolAllocator@@IAEPAXK@Z
+    - ?AttachJobQueue@CWorkerThread@@QAEXPAVCWorkerThreadJobQueue@@@Z
+    - ?Cancel@CWorkerThreadJob@@QAEXXZ
+    - ?CheckNode@CLockList@@UAEHQAX@Z
+    - ?CleanQueue@CWorkerThreadJobQueue@@QAEXXZ
+    - ?Cleanup@CBlobConfig@@AAEXXZ
+    - ?Cleanup@CModuleFileExtConfig@@IAEXXZ
+    - ?Cleanup@CModuleMultiStringConfig@@IAEXXZ
+    - ?Cleanup@CModuleStringConfig@@AAEXXZ
+    - ?Close@CFile@@QAEJXZ
+    - ?Count@CLockList@@QAEKXZ
+    - ?Create@CFile@@QAEJPBGKKKK@Z
+    - ?Create@CSystemThread@@QAEEXZ
+    - ?CreateInstance@CMemoryAllocator@@SGPAV1@W4_POOL_TYPE@@K@Z
+    - ?CreateInstance@CMemoryPoolAllocator@@SGPAV1@W4_POOL_TYPE@@KKK@Z
+    - ?CreatePool@CWorkerThreadPool@@QAEEXZ
+    - ?CreateThreads@CWorkerThreadPool@@QAEEK@Z
+    - ?CreateWIRP@CFile@@QAEJPBGKKKK@Z
+    - ?Delete@CFile@@QAEJXZ
+    - ?Delete@CFileExtension@@QAEEPBGK@Z
+    - ?Delete@CStrList@@QAEEPBG@Z
+    - ?DeleteAll@CList@@UAEXXZ
+    - ?DeleteAll@CLockList@@UAEXXZ
+    - ?DeleteNode@CContextList@@MAEXPAX@Z
+    - ?DeleteNode@CList@@UAEXPAX@Z
+    - ?DeleteNode@CModuleConfigList@@MAEXPAX@Z
+    - ?DeleteNode@CStrList@@EAEXPAU_STR_LIST_NODE@1@@Z
+    - ?DisableWriteProtectFromCR0@@YGXPAPAX@Z
+    - ?DoIt@CWorkerThreadJob@@QAEJXZ
+    - ?EntryPoint@CSystemThread@@KGXPAX@Z
+    - ?Find@CContextList@@QAEPAVCContext@@K@Z
+    - ?Find@CContextList@@QAEPAVCContext@@PAX@Z
+    - ?Find@CFileExtension@@QAEPAU_STR_LIST_NODE@CStrList@@PBGK@Z
+    - ?Find@CModuleConfigList@@QAEPAVCModuleConfig@@K@Z
+    - ?Find@CStrList@@QAEPAU_STR_LIST_NODE@1@PBG@Z
+    - ?FindNode@CContextList@@IAEPAXPAX@Z
+    - ?FindPartiallyAndAllMatch@CStrList@@QAEPAU_STR_LIST_NODE@1@PBG@Z
+    - ?First@CList@@UAEPAXXZ
+    - ?First@CLockList@@UAEPAXXZ
+    - ?Free@CMemoryAllocator@@UAEXPAX@Z
+    - ?Free@CMemoryPoolAllocator@@UAEXPAX@Z
+    - ?GetAttributes@CFile@@QAEKXZ
+    - ?GetBasicInfomration@CFile@@IAEJXZ
+    - ?GetBlobCofig@CContext@@UAEJKPAXPAK@Z
+    - ?GetCategory@CContext@@QAEKXZ
+    - ?GetData@CBlobConfig@@QAEHPAXPAK@Z
+    - ?GetData@CModuleFileExtConfig@@QAEHPAGPAK@Z
+    - ?GetData@CModuleFileExtConfig@@QAEPAVCFileExtension@@XZ
+    - ?GetData@CModuleFlagConfig@@QAEKXZ
+    - ?GetData@CModuleMultiStringConfig@@QAEHPAGPAK@Z
+    - ?GetData@CModuleMultiStringConfig@@QAEPAVCStrList@@XZ
+    - ?GetData@CModuleStringConfig@@QAEPAGXZ
+    - ?GetData@CStrList@@QAEEPAGPAK@Z
+    - ?GetDataType@CModuleConfig@@QAEKXZ
+    - ?GetEngineContext@CContext@@QAEPAXXZ
+    - ?GetFileExtensionConfig@CContext@@QAEPAVCFileExtension@@K@Z
+    - ?GetFileExtensionConfig@CContext@@UAEJKPAGPAK@Z
+    - ?GetFileSize@CFile@@QAEJPAT_LARGE_INTEGER@@@Z
+    - ?GetFlagConfig@CContext@@UAEJKPAK@Z
+    - ?GetID@CModuleConfig@@QAEKXZ
+    - ?GetJob@CWorkerThreadJobQueue@@QAEPAVCWorkerThreadJob@@XZ
+    - ?GetLength@CModuleStringConfig@@QAEKXZ
+    - ?GetLinkContext@CContext@@QAEPAXXZ
+    - ?GetLogFlag@CDebugLog@@QAEKXZ
+    - ?GetModuleId@CModuleConfig@@QAEKXZ
+    - ?GetMultiStringConfig@CContext@@QAEPAVCStrList@@K@Z
+    - ?GetMultiStringConfig@CContext@@UAEJKPAGPAK@Z
+    - ?GetOneThreadTEB@CWorkerThreadPool@@QAEPAU_ETHREAD@@XZ
+    - ?GetReportCallBackRoutine@CContext@@QAEKXZ
+    - ?GetSize@CBlobConfig@@QAEKXZ
+    - ?GetStringConfig@CContext@@QAEPAGK@Z
+    - ?GetStringConfig@CContext@@UAEJKPAGPAK@Z
+    - ?GetThreadCount@CWorkerThreadPool@@QAEKXZ
+    - ?GetThreadID@CSystemThread@@QAEKXZ
+    - ?GetType@CContext@@QAEKXZ
+    - ?GetUserParameter@CContext@@QAEKXZ
+    - ?InitializeBlobConfig@CContext@@QAEHKPAXK@Z
+    - ?InitializeFileExtensionConfig@CContext@@QAEHKPBG@Z
+    - ?InitializeFlagConfig@CContext@@QAEHKK@Z
+    - ?InitializeMultiStringConfig@CContext@@QAEHKPBG@Z
+    - ?InitializeStringConfig@CContext@@QAEHKPBG@Z
+    - ?Insert@CList@@UAEXQAXE@Z
+    - ?Insert@CLockList@@UAEXQAXE@Z
+    - ?InsertAfter@CList@@UAEXPAX0@Z
+    - ?InsertBefore@CList@@UAEXPAX0@Z
+    - ?Instance@CWorkerThreadPool@@SGPAV1@XZ
+    - ?IsEmpty@CList@@UAEEXZ
+    - ?IsEmpty@CLockList@@UAEEXZ
+    - ?IsExceedLimitation@CMemoryPoolAllocator@@IAEEK@Z
+    - ?IsFull@CLockList@@QBEEXZ
+    - ?IsInExclusionList@CExclusionExtConfig@@QAEEPBG@Z
+    - ?IsInExclusionList@CExclusionFileNameConfig@@QAEEPBG@Z
+    - ?IsInExclusionList@CExclusionFilePathConfig@@QAEEPBG@Z
+    - ?IsInExclusionList@CExclusionFolderConfig@@QAEEPBG@Z
+    - ?IsInExclusionList@CExclusionRegistryConfig@@QAEEPBG@Z
+    - ?IsOpened@CFile@@QAEEXZ
+    - ?IsTerminated@CWorkerThreadPool@@QAEEXZ
+    - ?IsValid@CMemoryAllocator@@UAEEXZ
+    - ?IsValid@CMemoryPoolAllocator@@UAEEXZ
+    - ?IsValid@IMemoryAllocator@@UAEEXZ
+    - ?IsWorkerThread@CWorkerThreadPool@@QAEEK@Z
+    - ?JobFunction@CUserFuncAdapterJob@@MAEXXZ
+    - ?JobQueue@CWorkerThreadPool@@QAEAAVCWorkerThreadJobQueue@@XZ
+    - ?Limit@CLockList@@QAEKXZ
+    - ?MatchAllExtensions@CFileExtension@@QAEEXZ
+    - ?MatchNoExtensions@CFileExtension@@QAEEXZ
+    - ?MergeLeft@CMemoryPoolAllocator@@IAEPAXPAX@Z
+    - ?MergeRight@CMemoryPoolAllocator@@IAEPAXPAX@Z
+    - ?NeedDelete@CWorkerThreadJob@@QAEEXZ
+    - ?NeedDeleteWhenFinish@CWorkerThreadJob@@QAEXE@Z
+    - ?NewNode@CList@@UAEPAXXZ
+    - ?NewNode@CStrList@@EAEPAXXZ
+    - ?NewNodeVariant@CList@@IAEPAXK@Z
+    - ?Next@CList@@UBEPAXQAX@Z
+    - ?Next@CLockList@@UBEPAXQAX@Z
+    - ?NextPool@CMemoryPoolAllocator@@QAEPAV1@XZ
+    - ?NotityTerminate@CWorkerThread@@QAEXXZ
+    - ?PostJobToWorkerThread@CWorkerThreadPool@@QAEJP6GXPAX@Z0E@Z
+    - ?Pulse@CKEvent@@QAEJJE@Z
+    - ?QueueJob@CWorkerThreadJobQueue@@QAEEPAVCWorkerThreadJob@@@Z
+    - ?QueueJobItem@CWorkerThreadPool@@QAEJPAVCWorkerThreadJob@@@Z
+    - ?RCMInstance@CWorkerThreadPool@@SGPAV1@XZ
+    - ?Read@CFile@@QAEJPADKPAK@Z
+    - ?ReferenceCount@CContext@@QAEAAKXZ
+    - ?Release@CLockEvent@@QAEXXZ
+    - ?Remove@CContextList@@UAEEQAX@Z
+    - ?Remove@CList@@UAEEQAX@Z
+    - ?Remove@CLockList@@UAEEQAX@Z
+    - ?RemoveHead@CList@@UAEPAXXZ
+    - ?RemoveHead@CLockList@@UAEPAXXZ
+    - ?RemoveTail@CList@@UAEPAXXZ
+    - ?RemoveTail@CLockList@@UAEPAXXZ
+    - ?Reset@CKEvent@@QAEXXZ
+    - ?RestoreCR0@@YGXPAX@Z
+    - ?Run@CAutoUpdateConfigThread@@UAEXXZ
+    - ?Run@CWorkerThread@@UAEXXZ
+    - ?SeekToEnd@CFile@@QAEJXZ
+    - ?Set@CKEvent@@QAEJJE@Z
+    - ?SetAttributes@CFile@@QAEJK@Z
+    - ?SetBlobCofig@CContext@@UAEJKPAXK@Z
+    - ?SetData@CBlobConfig@@QAEHPAXK@Z
+    - ?SetData@CModuleFileExtConfig@@QAEHPBG@Z
+    - ?SetData@CModuleFlagConfig@@QAEHK@Z
+    - ?SetData@CModuleMultiStringConfig@@QAEHPBG@Z
+    - ?SetData@CModuleStringConfig@@QAEHPBG@Z
+    - ?SetEngineContext@CContext@@QAEXPAX@Z
+    - ?SetFileExtensionConfig@CContext@@UAEJKPBG@Z
+    - ?SetFlagConfig@CContext@@UAEJKK@Z
+    - ?SetLinkContext@CContext@@QAEXPAX@Z
+    - ?SetLogFlag@CDebugLog@@QAEEK@Z
+    - ?SetMatchAllExtensions@CFileExtension@@QAEXE@Z
+    - ?SetMatchNoExtensions@CFileExtension@@QAEXE@Z
+    - ?SetMultiStringConfig@CContext@@UAEJKPBG@Z
+    - ?SetNewJobItemEvent@CWorkerThreadJobQueue@@QAEXXZ
+    - ?SetPriority@CSystemThread@@QAEXK@Z
+    - ?SetStopUse@CContext@@QAEXXZ
+    - ?SetStringConfig@CContext@@UAEJKPBG@Z
+    - ?Setup@CSystemThread@@MAEXXZ
+    - ?StopUse@CContext@@QAEHXZ
+    - ?TearDown@CSystemThread@@MAEXXZ
+    - ?Terminate@CSystemThread@@QAEXE@Z
+    - ?Terminate@CWorkerThreadPool@@QAEEXZ
+    - ?TmExceptionFilter@@YGJPAU_EXCEPTION_POINTERS@@@Z
+    - ?Wait@CKEvent@@QAEJPAT_LARGE_INTEGER@@E@Z
+    - ?WaitFinish@CWorkerThreadJob@@QAEXXZ
+    - ?WaitNewJobAvailable@CWorkerThreadJobQueue@@QAEEXZ
+    - ?Write@CDebugLog@@QAAXPBDZZ
+    - ?Write@CFile@@QAEJPADKPAT_LARGE_INTEGER@@PAK@Z
+    - ?WriteSystemInformation@CDebugLog@@QAEXXZ
+    - ?WriteSystemStringInformation@CDebugLog@@IAEXPBG@Z
+    - ?WriteToFile@CDebugLog@@IAEXPADK@Z
+    - ?_pNonPagedAllocator@@3PAVCMemoryAllocator@@A
+    - ?_pPagedAllocator@@3PAVCMemoryAllocator@@A
+    - ?m_lpInstance@CWorkerThreadPool@@1PAV1@A
+    - ?m_lpRCMInstance@CWorkerThreadPool@@1PAV1@A
+    - _DeInitKmLPC@0
+    - _GetModuleInfoByAddress@8
+    - _GetModuleInfoByModuleName@8
+    - _InitKmLPC@0
+    - _KmCallUm@8
+    - _MapMem@12
+    - _ModGetExportProcAddress@8
+    - _ModLoadDLLToBuffer@4
+    - _ModLoadDLLToBufferWithImageSize@8
+    - _ModLoadModule@8
+    - _ModUnLoadModule@4
+    - _NormalizeFileName@4
+    - _NormalizeFullNtPathToDosName@4
+    - _TmCommConfigRoutine@4
+    - _UnMapMem@8
+    - _UtilCleanFileReadOnly@4
+    - _UtilDeleteFileForce@4
+    - _UtilGetFileObjectForProcessByEPROC@8
+    - _UtilGetFileObjectFromFileName@12
+    - _UtilGetProcessName@12
+    - _UtilGetSystemTime@4
+    - _UtilIoSetFileInfo@24
+    - _UtilIopCreateFileIRP@40
+    - _UtilKeGetLowFileDevice@16
+    - _UtilModuleIATHook@24
+    - _UtilModuleIATUnHook@8
+    - _UtilQueryKeyValue@24
+    - _UtilVolumeDeviceToDosName@8
+    - _UtilWaitValueChangeToZero@8
+    - _UtilWriteVersionToRegistry@8
+    - _UtilbuildDynamicDiskMappingTable@0
+    - __UtilDosPathNameToNtPathName@12
+    ImportedFunctions:
+    - ExReleaseFastMutexUnsafe
+    - wcsncpy
+    - memcpy
+    - wcsrchr
+    - KeSetEvent
+    - KePulseEvent
+    - KeClearEvent
+    - KeInitializeSemaphore
+    - KeWaitForSingleObject
+    - KeReleaseSemaphore
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - RtlSubAuthoritySid
+    - RtlInitializeSid
+    - ExAllocatePoolWithTag
+    - RtlLengthRequiredSid
+    - ExFreePoolWithTag
+    - RtlSetDaclSecurityDescriptor
+    - RtlCreateSecurityDescriptor
+    - RtlAddAccessAllowedAce
+    - RtlCreateAcl
+    - ObfDereferenceObject
+    - ZwSetEvent
+    - ZwClose
+    - ZwRequestWaitReplyPort
+    - ProbeForWrite
+    - ZwFreeVirtualMemory
+    - ZwAllocateVirtualMemory
+    - ObOpenObjectByPointer
+    - PsProcessType
+    - memmove
+    - ZwConnectPort
+    - RtlInitUnicodeString
+    - RtlUnicodeStringToInteger
+    - ZwCreateSection
+    - ZwWaitForSingleObject
+    - ZwOpenEvent
+    - ObfReferenceObject
+    - IoGetCurrentProcess
+    - PsGetProcessExitTime
+    - DbgPrint
+    - memset
+    - MmIsAddressValid
+    - ZwWriteFile
+    - ZwReadFile
+    - ZwQueryInformationFile
+    - ZwSetInformationFile
+    - ZwCreateFile
+    - swprintf
+    - towupper
+    - _wcsnicmp
+    - KeInitializeEvent
+    - _snprintf
+    - PsGetCurrentProcessId
+    - RtlTimeToTimeFields
+    - ExSystemTimeToLocalTime
+    - KeQuerySystemTime
+    - ZwCreateKey
+    - ZwCreateEvent
+    - KeWaitForMultipleObjects
+    - ObReferenceObjectByHandle
+    - ZwNotifyChangeKey
+    - PsGetCurrentThreadId
+    - _vsnprintf
+    - MmMapLockedPagesSpecifyCache
+    - MmBuildMdlForNonPagedPool
+    - MmCreateMdl
+    - MmUnmapLockedPages
+    - KeSetPriorityThread
+    - PsTerminateSystemThread
+    - PsCreateSystemThread
+    - KeNumberProcessors
+    - ZwQuerySystemInformation
+    - ZwQueryDirectoryFile
+    - ZwOpenDirectoryObject
+    - ZwQueryDirectoryObject
+    - ZwDuplicateObject
+    - ZwOpenKey
+    - KeLeaveCriticalRegion
+    - ZwEnumerateValueKey
+    - ZwQueryValueKey
+    - ZwDeleteValueKey
+    - ZwDeleteKey
+    - ExGetPreviousMode
+    - ZwTerminateProcess
+    - _purecall
+    - ZwQueryKey
+    - ZwSetValueKey
+    - IoFreeIrp
+    - IoFreeMdl
+    - MmUnlockPages
+    - IoBuildAsynchronousFsdRequest
+    - _strnicmp
+    - RtlQueryRegistryValues
+    - RtlAppendUnicodeToString
+    - KeDelayExecutionThread
+    - mbstowcs
+    - ZwQuerySymbolicLinkObject
+    - ZwOpenSymbolicLinkObject
+    - NtClose
+    - PsLookupProcessByProcessId
+    - ZwSetInformationObject
+    - _stricmp
+    - ZwUnmapViewOfSection
+    - ZwMapViewOfSection
+    - ZwOpenFile
+    - RtlEqualUnicodeString
+    - IoFileObjectType
+    - IoCreateFile
+    - IofCallDriver
+    - IoAllocateIrp
+    - IoAllocateMdl
+    - ProbeForRead
+    - PsGetVersion
+    - MmGetSystemRoutineAddress
+    - RtlCopyUnicodeString
+    - RtlCompareMemory
+    - _snwprintf
+    - RtlImageNtHeader
+    - RtlFreeUnicodeString
+    - RtlAnsiStringToUnicodeString
+    - RtlInitAnsiString
+    - strrchr
+    - KeBugCheckEx
+    - RtlAppendUnicodeStringToString
+    - ZwQueryVolumeInformationFile
+    - ObReferenceObjectByPointer
+    - ObQueryNameString
+    - IofCompleteRequest
+    - ExEventObjectType
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - IoCreateSymbolicLink
+    - IoGetDeviceObjectPointer
+    - RtlUpperChar
+    - RtlCompareUnicodeString
+    - strncpy
+    - KeServiceDescriptorTable
+    - NtOpenProcess
+    - MmSectionObjectType
+    - ObOpenObjectByName
+    - IoDriverObjectType
+    - NtQueryInformationProcess
+    - KeAddSystemServiceTable
+    - ZwQueryObject
+    - ZwQuerySecurityObject
+    - ObInsertObject
+    - _allrem
+    - IoReleaseVpbSpinLock
+    - IoAcquireVpbSpinLock
+    - SeCreateAccessState
+    - IoGetFileObjectGenericMapping
+    - ObCreateObject
+    - KeTickCount
+    - RtlUnwind
+    - KeEnterCriticalRegion
+    - ZwEnumerateKey
+    - ExAcquireFastMutexUnsafe
+    - ZwSetSecurityObject
+    - IoDeviceObjectType
+    - IoCreateDevice
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetSaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - RtlLengthSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - SeExports
+    - IoIsWdmVersionAvailable
+    - RtlLengthSid
+    - wcschr
+    - RtlAbsoluteToSelfRelativeSD
+    - ZwOpenProcess
+    - KeGetCurrentThread
+    - KfLowerIrql
+    - KeRaiseIrqlToDpcLevel
+    - ClassInitialize
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=TW, ST=Taiwan, L=Taipei, O=Trend Micro, Inc., OU=Digital ID
+                Class 3 , Microsoft Software Validation v2, OU=RD, CN=Trend Micro,
+                Inc.
+            ValidFrom: '2008-01-16 00:00:00'
+            ValidTo: '2011-02-16 23:59:59'
+            Signature: 5a693868cea6ba49064b801a0d9e12887a37cbb92cca2950cc5e99c2df9aec5697422e67cd042836daf09a09e739f625255841fed1ec9657cb8b3edc08c55c302574cbdb3f7de2798ed769d766402619b48041f9d90f8c904488788412b1c632055e1afc4a5bbac642cb626bd20fece0feaa6cf9b287887788cf64586309a14a644b5f0595c0ddcb7d789831faedb48451e40e342da4ccbc38a5e992e57e7ce5328d531a8c68e61f9dc9be65605c1bedf3358579000b91a19b3be388bac36b58ca76b72358bd8e74e0a7b08b0587bb7a29758c01af40b80e8e72c76abd3a2babfe7c1ed6e7b1cd9b0221a605062b6d9d0ceb57e0eb305fdc5eb5bf6ea442f4c9
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 645212f783f4d7aba3555729e99ce065
+            Version: 3
+            TBS:
+                MD5: e00f0a38c65f7c0b9f19b97448d6a0e3
+                SHA1: 91c033a2f289418c4101654dceacef1b25bb55d0
+                SHA256: 38b3fcbdb734b0e3439f3c9a3c4c1712091f577d2b616d41224137faf7ba7c86
+                SHA384: d3a0e6ebbe1b8a4847fa56fa62a48d76fc223870a66d30de9ce77fe5ff4ac0eeb84644ab4b67a7c4638ce79dec03a62d
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 645212f783f4d7aba3555729e99ce065
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: df8a25ecde66c4d7d7b6be099c7b9b67
+        SHA1: c723f9aa149d1ded440fe119ee6dccabdb9f5c1c
+        SHA256: 353de968d66434d82e17dad93d2565f57228bd75935707cf356b3a1cc6e55df2
+    Sections:
+        .text:
+            Entropy: 6.653371338957767
+            Virtual Size: '0x1c041'
+        .rdata:
+            Entropy: 4.685387628366295
+            Virtual Size: '0x1504'
+        .data:
+            Entropy: 4.775148100931776
+            Virtual Size: '0x20d0'
+        PAGE:
+            Entropy: 6.262363907801653
+            Virtual Size: '0x13dd'
+        .edata:
+            Entropy: 5.773141863953021
+            Virtual Size: '0x4204'
+        INIT:
+            Entropy: 5.711791309479314
+            Virtual Size: '0x11e0'
+        .rsrc:
+            Entropy: 3.3952563288801993
+            Virtual Size: '0x4b0'
+        .reloc:
+            Entropy: 6.406852082339942
+            Virtual Size: '0x1c9a'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2010-02-08 02:56:46'
+    Imphash: 0ebd5902a82ddfef8ed96678c1573a7b
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: TmComm.sys
+    MD5: 29122f970a9e766ef01a73e0616d68b3
+    SHA1: 432fa24e0ce4b3673113c90b34d6e52dc7bac471
+    SHA256: 4e37592a2a415f520438330c32cfbdbd6af594deef5290b2fa4b9722b898ff69
+    Authentihash:
+        MD5: 84cb997d2380df8ee2ac77eacdb2d9f7
+        SHA1: c8c6a98f592d7255d12b7a6c3d7f5bf5c4a34b50
+        SHA256: 62d1ca62fb251b1eeda5d2577719414e6e26d4afdc5f3df3faf3b35de5cb9506
+    Description: TrendMicro Common Module
+    Company: Trend Micro Inc.
+    InternalName: TmComm.sys
+    OriginalFilename: TmComm.sys
+    FileVersion: 6.70.0.1140
+    Product: Trend Micro Eyes
+    ProductVersion: '6.70'
+    Copyright: Copyright  (C)  2021 Trend Micro Incorporated. All rights reserved.
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions:
+    - ??0CAutoUpdateConfigThread@@QEAA@AEBV0@@Z
+    - ??0CAutoUpdateConfigThread@@QEAA@PEAU_UNICODE_STRING@@P6AX0PEAX@Z1@Z
+    - ??0CBlobConfig@@QEAA@AEBV0@@Z
+    - ??0CBlobConfig@@QEAA@K@Z
+    - ??0CContext@@QEAA@AEBV0@@Z
+    - ??0CContext@@QEAA@KP6AJPEAU_EVENT_REPORT@@PEAXPEAU_TMCE_REPORT@@PEAU_TMCE_FEEDBACK@@@Z1K@Z
+    - ??0CContextList@@QEAA@AEBV0@@Z
+    - ??0CContextList@@QEAA@KPEAVIMemoryAllocator@@@Z
+    - ??0CDebugLog@@QEAA@AEBV0@@Z
+    - ??0CDebugLog@@QEAA@PEBG@Z
+    - ??0CDebugLogEx@@QEAA@AEBV0@@Z
+    - ??0CDebugLogEx@@QEAA@K@Z
+    - ??0CDelayLoadThread@@QEAA@AEBV0@@Z
+    - ??0CDelayLoadThread@@QEAA@XZ
+    - ??0CExclusionExtConfig@@QEAA@AEBV0@@Z
+    - ??0CExclusionExtConfig@@QEAA@KKE@Z
+    - ??0CExclusionFileNameConfig@@QEAA@AEBV0@@Z
+    - ??0CExclusionFileNameConfig@@QEAA@KK@Z
+    - ??0CExclusionFilePathConfig@@QEAA@AEBV0@@Z
+    - ??0CExclusionFilePathConfig@@QEAA@KK@Z
+    - ??0CExclusionFolderConfig@@QEAA@AEBV0@@Z
+    - ??0CExclusionFolderConfig@@QEAA@KK@Z
+    - ??0CExclusionRegistryConfig@@QEAA@AEBV0@@Z
+    - ??0CExclusionRegistryConfig@@QEAA@KK@Z
+    - ??0CFile@@QEAA@AEBV0@@Z
+    - ??0CFile@@QEAA@E@Z
+    - ??0CFileExtension@@QEAA@AEBV0@@Z
+    - ??0CFileExtension@@QEAA@KEEPEAVIMemoryAllocator@@@Z
+    - ??0CInclusionExtConfig@@QEAA@AEBV0@@Z
+    - ??0CInclusionExtConfig@@QEAA@KKE@Z
+    - ??0CInclusionFileNameConfig@@QEAA@AEBV0@@Z
+    - ??0CInclusionFileNameConfig@@QEAA@KK@Z
+    - ??0CInclusionFilePathConfig@@QEAA@AEBV0@@Z
+    - ??0CInclusionFilePathConfig@@QEAA@KK@Z
+    - ??0CInclusionFolderConfig@@QEAA@AEBV0@@Z
+    - ??0CInclusionFolderConfig@@QEAA@KK@Z
+    - ??0CKEvent@@QEAA@AEBV0@@Z
+    - ??0CKEvent@@QEAA@W4_EVENT_TYPE@@E@Z
+    - ??0CList@@QEAA@AEBV0@@Z
+    - ??0CList@@QEAA@KPEAVIMemoryAllocator@@@Z
+    - ??0CLockEvent@@QEAA@AEBV0@@Z
+    - ??0CLockEvent@@QEAA@XZ
+    - ??0CLockList@@QEAA@AEBV0@@Z
+    - ??0CLockList@@QEAA@KKPEAVIMemoryAllocator@@@Z
+    - ??0CMemoryAllocator@@IEAA@W4_POOL_TYPE@@K@Z
+    - ??0CMemoryAllocator@@QEAA@AEBV0@@Z
+    - ??0CMemoryPoolAllocator@@IEAA@W4_POOL_TYPE@@_K1K@Z
+    - ??0CMemoryPoolAllocator@@QEAA@AEBV0@@Z
+    - ??0CModuleConfig@@QEAA@AEBV0@@Z
+    - ??0CModuleConfig@@QEAA@XZ
+    - ??0CModuleConfigList@@QEAA@AEBV0@@Z
+    - ??0CModuleConfigList@@QEAA@KPEAVIMemoryAllocator@@@Z
+    - ??0CModuleFileExtConfig@@QEAA@AEBV0@@Z
+    - ??0CModuleFileExtConfig@@QEAA@KKE@Z
+    - ??0CModuleFlagConfig@@QEAA@AEBV0@@Z
+    - ??0CModuleFlagConfig@@QEAA@K@Z
+    - ??0CModuleMultiStringConfig@@QEAA@AEBV0@@Z
+    - ??0CModuleMultiStringConfig@@QEAA@KK@Z
+    - ??0CModuleStringConfig@@QEAA@AEBV0@@Z
+    - ??0CModuleStringConfig@@QEAA@K@Z
+    - ??0CNoLockList@@QEAA@AEBV0@@Z
+    - ??0CNoLockList@@QEAA@KKPEAVIMemoryAllocator@@@Z
+    - ??0CSmartLock@@QEAA@AEAVCLockEvent@@@Z
+    - ??0CSmartLock@@QEAA@XZ
+    - ??0CSmartReference@@QEAA@AEAJ@Z
+    - ??0CSmartReference@@QEAA@AEAK@Z
+    - ??0CSmartResource@@QEAA@AEAVCResource@@E@Z
+    - ??0CStrList@@QEAA@AEBV0@@Z
+    - ??0CStrList@@QEAA@KPEAVIMemoryAllocator@@@Z
+    - ??0CSystemThread@@QEAA@AEBV0@@Z
+    - ??0CSystemThread@@QEAA@K@Z
+    - ??0CUserFuncAdapterJob@@QEAA@AEBV0@@Z
+    - ??0CUserFuncAdapterJob@@QEAA@P6AXPEAX@Z01@Z
+    - ??0CWorkerThread@@IEAA@PEAVCWorkerThreadJobQueue@@@Z
+    - ??0CWorkerThread@@QEAA@AEBV0@@Z
+    - ??0CWorkerThreadJob@@QEAA@AEBV0@@Z
+    - ??0CWorkerThreadJob@@QEAA@E@Z
+    - ??0CWorkerThreadJobQueue@@QEAA@AEBV0@@Z
+    - ??0CWorkerThreadJobQueue@@QEAA@K@Z
+    - ??0CWorkerThreadPool@@QEAA@AEBV0@@Z
+    - ??0CWorkerThreadPool@@QEAA@K@Z
+    - ??0CWorkerThreadPoolEx@@QEAA@AEBV0@@Z
+    - ??0CWorkerThreadPoolEx@@QEAA@KK@Z
+    - ??0IMemoryAllocator@@QEAA@AEBV0@@Z
+    - ??0IMemoryAllocator@@QEAA@XZ
+    - ??1CAutoUpdateConfigThread@@UEAA@XZ
+    - ??1CBlobConfig@@UEAA@XZ
+    - ??1CContext@@UEAA@XZ
+    - ??1CContextList@@UEAA@XZ
+    - ??1CDebugLog@@UEAA@XZ
+    - ??1CDebugLogEx@@UEAA@XZ
+    - ??1CDelayLoadThread@@UEAA@XZ
+    - ??1CExclusionExtConfig@@UEAA@XZ
+    - ??1CExclusionFileNameConfig@@UEAA@XZ
+    - ??1CExclusionFilePathConfig@@UEAA@XZ
+    - ??1CExclusionFolderConfig@@UEAA@XZ
+    - ??1CExclusionRegistryConfig@@UEAA@XZ
+    - ??1CFile@@UEAA@XZ
+    - ??1CFileExtension@@UEAA@XZ
+    - ??1CInclusionExtConfig@@UEAA@XZ
+    - ??1CInclusionFileNameConfig@@UEAA@XZ
+    - ??1CInclusionFilePathConfig@@UEAA@XZ
+    - ??1CInclusionFolderConfig@@UEAA@XZ
+    - ??1CKEvent@@UEAA@XZ
+    - ??1CList@@UEAA@XZ
+    - ??1CLockEvent@@UEAA@XZ
+    - ??1CLockList@@UEAA@XZ
+    - ??1CMemoryAllocator@@UEAA@XZ
+    - ??1CMemoryPoolAllocator@@UEAA@XZ
+    - ??1CModuleConfig@@UEAA@XZ
+    - ??1CModuleConfigList@@UEAA@XZ
+    - ??1CModuleFileExtConfig@@UEAA@XZ
+    - ??1CModuleFlagConfig@@UEAA@XZ
+    - ??1CModuleMultiStringConfig@@UEAA@XZ
+    - ??1CModuleStringConfig@@UEAA@XZ
+    - ??1CNoLockList@@UEAA@XZ
+    - ??1CSmartLock@@QEAA@XZ
+    - ??1CSmartReference@@QEAA@XZ
+    - ??1CSmartResource@@QEAA@XZ
+    - ??1CStrList@@UEAA@XZ
+    - ??1CSystemThread@@UEAA@XZ
+    - ??1CUserFuncAdapterJob@@UEAA@XZ
+    - ??1CWorkerThread@@UEAA@XZ
+    - ??1CWorkerThreadJob@@UEAA@XZ
+    - ??1CWorkerThreadJobQueue@@UEAA@XZ
+    - ??1CWorkerThreadPool@@UEAA@XZ
+    - ??1CWorkerThreadPoolEx@@UEAA@XZ
+    - ??1IMemoryAllocator@@UEAA@XZ
+    - ??2@YAPEAX_KPEAVIMemoryAllocator@@PEBDK@Z
+    - ??2CMemoryAllocator@@SAPEAX_K@Z
+    - ??2CMemoryPoolAllocator@@SAPEAX_K@Z
+    - ??3@YAXPEAX@Z
+    - ??3IMemoryAllocator@@SAXPEAX@Z
+    - ??4CAutoUpdateConfigThread@@QEAAAEAV0@AEBV0@@Z
+    - ??4CBlobConfig@@QEAAAEAV0@AEBV0@@Z
+    - ??4CContext@@QEAAAEAV0@AEBV0@@Z
+    - ??4CDebugLog@@QEAAAEAV0@AEBV0@@Z
+    - ??4CDebugLogEx@@QEAAAEAV0@AEBV0@@Z
+    - ??4CDelayLoadThread@@QEAAAEAV0@AEBV0@@Z
+    - ??4CFile@@QEAAAEAV0@AEBV0@@Z
+    - ??4CKEvent@@QEAAAEAV0@AEBV0@@Z
+    - ??4CLockEvent@@QEAAAEAV0@AEBV0@@Z
+    - ??4CMemoryAllocator@@QEAAAEAV0@AEBV0@@Z
+    - ??4CMemoryPoolAllocator@@QEAAAEAV0@AEBV0@@Z
+    - ??4CModuleConfig@@QEAAAEAV0@AEBV0@@Z
+    - ??4CModuleFlagConfig@@QEAAAEAV0@AEBV0@@Z
+    - ??4CModuleStringConfig@@QEAAAEAV0@AEBV0@@Z
+    - ??4CSmartLock@@QEAAAEAV0@AEBV0@@Z
+    - ??4CSmartLock@@QEAAAEBV0@AEAVCLockEvent@@@Z
+    - ??4CSmartResource@@QEAAAEAV0@AEBV0@@Z
+    - ??4CSystemThread@@QEAAAEAV0@AEBV0@@Z
+    - ??4CUserFuncAdapterJob@@QEAAAEAV0@AEBV0@@Z
+    - ??4CWorkerThread@@QEAAAEAV0@AEBV0@@Z
+    - ??4CWorkerThreadJob@@QEAAAEAV0@AEBV0@@Z
+    - ??4IMemoryAllocator@@QEAAAEAV0@AEBV0@@Z
+    - ??_7CAutoUpdateConfigThread@@6B@
+    - ??_7CBlobConfig@@6B@
+    - ??_7CContext@@6B@
+    - ??_7CContextList@@6B@
+    - ??_7CDebugLog@@6B@
+    - ??_7CDebugLogEx@@6B@
+    - ??_7CDelayLoadThread@@6B@
+    - ??_7CExclusionExtConfig@@6B@
+    - ??_7CExclusionFileNameConfig@@6B@
+    - ??_7CExclusionFilePathConfig@@6B@
+    - ??_7CExclusionFolderConfig@@6B@
+    - ??_7CExclusionRegistryConfig@@6B@
+    - ??_7CFile@@6B@
+    - ??_7CFileExtension@@6B@
+    - ??_7CInclusionExtConfig@@6B@
+    - ??_7CInclusionFileNameConfig@@6B@
+    - ??_7CInclusionFilePathConfig@@6B@
+    - ??_7CInclusionFolderConfig@@6B@
+    - ??_7CKEvent@@6B@
+    - ??_7CList@@6B@
+    - ??_7CLockEvent@@6B@
+    - ??_7CLockList@@6B@
+    - ??_7CMemoryAllocator@@6B@
+    - ??_7CMemoryPoolAllocator@@6B@
+    - ??_7CModuleConfig@@6B@
+    - ??_7CModuleConfigList@@6B@
+    - ??_7CModuleFileExtConfig@@6B@
+    - ??_7CModuleFlagConfig@@6B@
+    - ??_7CModuleMultiStringConfig@@6B@
+    - ??_7CModuleStringConfig@@6B@
+    - ??_7CNoLockList@@6B@
+    - ??_7CStrList@@6B@
+    - ??_7CSystemThread@@6B@
+    - ??_7CUserFuncAdapterJob@@6B@
+    - ??_7CWorkerThread@@6B@
+    - ??_7CWorkerThreadJob@@6B@
+    - ??_7CWorkerThreadJobQueue@@6B@
+    - ??_7CWorkerThreadPool@@6B@
+    - ??_7CWorkerThreadPoolEx@@6B@
+    - ??_7IMemoryAllocator@@6B@
+    - ??_FCContextList@@QEAAXXZ
+    - ??_FCFile@@QEAAXXZ
+    - ??_FCFileExtension@@QEAAXXZ
+    - ??_FCModuleConfigList@@QEAAXXZ
+    - ??_FCStrList@@QEAAXXZ
+    - ??_FCSystemThread@@QEAAXXZ
+    - ??_FCWorkerThread@@QEAAXXZ
+    - ??_FCWorkerThreadJob@@QEAAXXZ
+    - ??_FCWorkerThreadJobQueue@@QEAAXXZ
+    - ??_U@YAPEAX_KPEAVIMemoryAllocator@@PEBDK@Z
+    - ??_V@YAXPEAX@Z
+    - ?Acquire@CLockEvent@@QEAAXXZ
+    - ?Add@CContextList@@QEAAEPEAVCContext@@@Z
+    - ?Add@CFileExtension@@QEAAEPEBGK@Z
+    - ?Add@CModuleConfigList@@QEAAEPEAVCModuleConfig@@@Z
+    - ?Add@CStrList@@QEAAEPEBG@Z
+    - ?AddNode@CLockList@@UEAAEQEAXE@Z
+    - ?AddNode@CNoLockList@@UEAAEQEAXE@Z
+    - ?Alloc@CMemoryAllocator@@UEAAPEAX_KPEBDK@Z
+    - ?Alloc@CMemoryPoolAllocator@@UEAAPEAX_KPEBDK@Z
+    - ?AllocBlock@CMemoryPoolAllocator@@IEAAPEAX_K@Z
+    - ?AttachJobQueue@CWorkerThread@@QEAAXPEAVCWorkerThreadJobQueue@@@Z
+    - ?Cancel@CWorkerThreadJob@@QEAAXXZ
+    - ?CheckNode@CLockList@@UEAAHQEAX@Z
+    - ?CheckNode@CNoLockList@@UEAAHQEAX@Z
+    - ?CleanQueue@CWorkerThreadJobQueue@@QEAAXXZ
+    - ?Cleanup@CBlobConfig@@AEAAXXZ
+    - ?Cleanup@CModuleFileExtConfig@@IEAAXXZ
+    - ?Cleanup@CModuleMultiStringConfig@@IEAAXXZ
+    - ?Cleanup@CModuleStringConfig@@AEAAXXZ
+    - ?Close@CFile@@QEAAJXZ
+    - ?Count@CLockList@@QEAAKXZ
+    - ?Count@CNoLockList@@QEAAKXZ
+    - ?Create@CFile@@QEAAJPEBGKKKK@Z
+    - ?Create@CSystemThread@@QEAAEXZ
+    - ?CreateInstance@CMemoryAllocator@@SAPEAV1@W4_POOL_TYPE@@K@Z
+    - ?CreateInstance@CMemoryPoolAllocator@@SAPEAV1@W4_POOL_TYPE@@_K1K@Z
+    - ?CreatePool@CWorkerThreadPool@@QEAAEXZ
+    - ?CreatePool@CWorkerThreadPoolEx@@QEAAEXZ
+    - ?CreateThreads@CWorkerThreadPool@@QEAAEK@Z
+    - ?CreateThreads@CWorkerThreadPoolEx@@QEAAEK@Z
+    - ?CreateWIRP@CFile@@QEAAJPEBGKKKK@Z
+    - ?Delete@CFile@@QEAAJXZ
+    - ?Delete@CFileExtension@@QEAAEPEBGK@Z
+    - ?Delete@CStrList@@QEAAEPEBG@Z
+    - ?DeleteAll@CList@@UEAAXXZ
+    - ?DeleteAll@CLockList@@UEAAXXZ
+    - ?DeleteAll@CNoLockList@@UEAAXXZ
+    - ?DeleteNode@CContextList@@MEAAXPEAX@Z
+    - ?DeleteNode@CList@@UEAAXPEAX@Z
+    - ?DeleteNode@CModuleConfigList@@MEAAXPEAX@Z
+    - ?DeleteNode@CStrList@@EEAAXPEAU_STR_LIST_NODE@1@@Z
+    - ?DisableWriteProtectFromCR0@@YAXPEAPEAX@Z
+    - ?DoIt@CWorkerThreadJob@@QEAAJXZ
+    - ?EntryPoint@CSystemThread@@KAXPEAX@Z
+    - ?Find@CContextList@@QEAAPEAVCContext@@K@Z
+    - ?Find@CContextList@@QEAAPEAVCContext@@PEAX@Z
+    - ?Find@CFileExtension@@QEAAPEAU_STR_LIST_NODE@CStrList@@PEBGK@Z
+    - ?Find@CModuleConfigList@@QEAAPEAVCModuleConfig@@K@Z
+    - ?Find@CStrList@@QEAAPEAU_STR_LIST_NODE@1@PEBG@Z
+    - ?FindNode@CContextList@@IEAAPEAXPEAX@Z
+    - ?FindPartiallyAndAllMatch@CStrList@@QEAAPEAU_STR_LIST_NODE@1@PEBG@Z
+    - ?FinishFunction@CUserFuncAdapterJob@@MEAAXXZ
+    - ?FinishIt@CWorkerThreadJob@@QEAAJXZ
+    - ?First@CList@@UEAAPEAXXZ
+    - ?First@CLockList@@UEAAPEAXXZ
+    - ?First@CNoLockList@@UEAAPEAXXZ
+    - ?Free@CMemoryAllocator@@UEAAXPEAX@Z
+    - ?Free@CMemoryPoolAllocator@@UEAAXPEAX@Z
+    - ?GetAttributes@CFile@@QEAAKXZ
+    - ?GetBasicInfomration@CFile@@IEAAJXZ
+    - ?GetBlobCofig@CContext@@UEAAJKPEAXPEAK@Z
+    - ?GetCategory@CContext@@QEAAKXZ
+    - ?GetData@CBlobConfig@@QEAAHPEAXPEAK@Z
+    - ?GetData@CModuleFileExtConfig@@QEAAHPEAGPEAK@Z
+    - ?GetData@CModuleFileExtConfig@@QEAAPEAVCFileExtension@@XZ
+    - ?GetData@CModuleFlagConfig@@QEAAKXZ
+    - ?GetData@CModuleMultiStringConfig@@QEAAHPEAGPEAK@Z
+    - ?GetData@CModuleMultiStringConfig@@QEAAPEAVCStrList@@XZ
+    - ?GetData@CModuleStringConfig@@QEAAPEAGXZ
+    - ?GetData@CStrList@@QEAAEPEAGPEAK@Z
+    - ?GetDataType@CModuleConfig@@QEAAKXZ
+    - ?GetEngineContext@CContext@@QEAAPEAXXZ
+    - ?GetFileExtensionConfig@CContext@@QEAAPEAVCFileExtension@@K@Z
+    - ?GetFileExtensionConfig@CContext@@UEAAJKPEAGPEAK@Z
+    - ?GetFileSize@CFile@@QEAAJPEAT_LARGE_INTEGER@@@Z
+    - ?GetFileSizeWIRP@CFile@@QEAAJPEAT_LARGE_INTEGER@@@Z
+    - ?GetFlagConfig@CContext@@UEAAJKPEAK@Z
+    - ?GetID@CModuleConfig@@QEAAKXZ
+    - ?GetJob@CWorkerThreadJobQueue@@QEAAPEAVCWorkerThreadJob@@XZ
+    - ?GetLength@CModuleStringConfig@@QEAAKXZ
+    - ?GetLinkContext@CContext@@QEAAPEAXXZ
+    - ?GetLogFlag@CDebugLog@@QEAAKXZ
+    - ?GetLogFlag@CDebugLogEx@@QEAAKXZ
+    - ?GetModuleId@CModuleConfig@@QEAAKXZ
+    - ?GetMultiStringConfig@CContext@@QEAAPEAVCStrList@@K@Z
+    - ?GetMultiStringConfig@CContext@@UEAAJKPEAGPEAK@Z
+    - ?GetOneThreadTEB@CWorkerThreadPool@@QEAAPEAU_ETHREAD@@XZ
+    - ?GetOneThreadTEB@CWorkerThreadPool@@QEAAPEAU_KTHREAD@@XZ
+    - ?GetOneThreadTEB@CWorkerThreadPoolEx@@QEAAPEAU_ETHREAD@@XZ
+    - ?GetOneThreadTEB@CWorkerThreadPoolEx@@QEAAPEAU_KTHREAD@@XZ
+    - ?GetReportCallBackRoutine@CContext@@QEAA_KXZ
+    - ?GetSize@CBlobConfig@@QEAAKXZ
+    - ?GetStringConfig@CContext@@QEAAPEAGK@Z
+    - ?GetStringConfig@CContext@@UEAAJKPEAGPEAK@Z
+    - ?GetThreadCount@CWorkerThreadPool@@QEAAKXZ
+    - ?GetThreadCount@CWorkerThreadPoolEx@@QEAAKXZ
+    - ?GetThreadID@CSystemThread@@QEAA_KXZ
+    - ?GetType@CContext@@QEAAKXZ
+    - ?GetUserParameter@CContext@@QEAA_KXZ
+    - ?InitProcMon@CDebugLogEx@@IEAAXXZ
+    - ?InitializeBlobConfig@CContext@@QEAAHKPEAXK@Z
+    - ?InitializeFileExtensionConfig@CContext@@QEAAHKPEBG@Z
+    - ?InitializeFlagConfig@CContext@@QEAAHKK@Z
+    - ?InitializeMultiStringConfig@CContext@@QEAAHKPEBG@Z
+    - ?InitializeStringConfig@CContext@@QEAAHKPEBG@Z
+    - ?Insert@CList@@UEAAXQEAXE@Z
+    - ?Insert@CLockList@@UEAAXQEAXE@Z
+    - ?Insert@CNoLockList@@UEAAXQEAXE@Z
+    - ?InsertAfter@CList@@UEAAXPEAX0@Z
+    - ?InsertBefore@CList@@UEAAXPEAX0@Z
+    - ?Instance@CWorkerThreadPool@@SAPEAV1@XZ
+    - ?IsEmpty@CList@@UEAAEXZ
+    - ?IsEmpty@CLockList@@UEAAEXZ
+    - ?IsEmpty@CNoLockList@@UEAAEXZ
+    - ?IsExceedLimitation@CMemoryPoolAllocator@@IEAAEK@Z
+    - ?IsFull@CLockList@@QEBAEXZ
+    - ?IsFull@CNoLockList@@QEBAEXZ
+    - ?IsInExclusionList@CExclusionExtConfig@@QEAAEPEBG@Z
+    - ?IsInExclusionList@CExclusionFileNameConfig@@QEAAEPEBG@Z
+    - ?IsInExclusionList@CExclusionFilePathConfig@@QEAAEPEBG@Z
+    - ?IsInExclusionList@CExclusionFolderConfig@@QEAAEPEBG@Z
+    - ?IsInExclusionList@CExclusionRegistryConfig@@QEAAEPEBG@Z
+    - ?IsInInclusionList@CInclusionExtConfig@@QEAAEPEBG@Z
+    - ?IsInInclusionList@CInclusionFileNameConfig@@QEAAEPEBG@Z
+    - ?IsInInclusionList@CInclusionFilePathConfig@@QEAAEPEBG@Z
+    - ?IsInInclusionList@CInclusionFolderConfig@@QEAAEPEBG@Z
+    - ?IsOpened@CFile@@QEAAEXZ
+    - ?IsTerminated@CWorkerThreadPool@@QEAAEXZ
+    - ?IsTerminated@CWorkerThreadPoolEx@@QEAAEXZ
+    - ?IsValid@CMemoryAllocator@@UEAAEXZ
+    - ?IsValid@CMemoryPoolAllocator@@UEAAEXZ
+    - ?IsValid@IMemoryAllocator@@UEAAEXZ
+    - ?IsWorkerThread@CWorkerThreadPool@@QEAAE_K@Z
+    - ?IsWorkerThread@CWorkerThreadPoolEx@@QEAAE_K@Z
+    - ?JobFunction@CUserFuncAdapterJob@@MEAAXXZ
+    - ?JobQueue@CWorkerThreadPool@@QEAAAEAVCWorkerThreadJobQueue@@XZ
+    - ?JobQueue@CWorkerThreadPoolEx@@QEAAAEAVCWorkerThreadJobQueue@@XZ
+    - ?Limit@CLockList@@QEAAKXZ
+    - ?Limit@CNoLockList@@QEAAKXZ
+    - ?MatchAllExtensions@CFileExtension@@QEAAEXZ
+    - ?MatchNoExtensions@CFileExtension@@QEAAEXZ
+    - ?MergeLeft@CMemoryPoolAllocator@@IEAAPEAXPEAX@Z
+    - ?MergeRight@CMemoryPoolAllocator@@IEAAPEAXPEAX@Z
+    - ?NeedDelete@CWorkerThreadJob@@QEAAEXZ
+    - ?NeedDeleteWhenFinish@CWorkerThreadJob@@QEAAXE@Z
+    - ?NewNode@CList@@UEAAPEAXXZ
+    - ?NewNode@CStrList@@EEAAPEAXXZ
+    - ?NewNodeVariant@CList@@IEAAPEAXK@Z
+    - ?Next@CList@@UEBAPEAXQEAX@Z
+    - ?Next@CLockList@@UEBAPEAXQEAX@Z
+    - ?Next@CNoLockList@@UEBAPEAXQEAX@Z
+    - ?NextPool@CMemoryPoolAllocator@@QEAAPEAV1@XZ
+    - ?NotityTerminate@CWorkerThread@@QEAAXXZ
+    - ?PostJobToWorkerThread@CWorkerThreadPool@@QEAAJP6AXPEAX@Z0E@Z
+    - ?PostJobToWorkerThread@CWorkerThreadPoolEx@@QEAAJP6AXPEAX@Z0E1@Z
+    - ?Pulse@CKEvent@@QEAAJJE@Z
+    - ?QueueJob@CWorkerThreadJobQueue@@QEAAEPEAVCWorkerThreadJob@@@Z
+    - ?QueueJobItem@CWorkerThreadPool@@QEAAJPEAVCWorkerThreadJob@@@Z
+    - ?QueueJobItem@CWorkerThreadPoolEx@@QEAAJPEAVCWorkerThreadJob@@@Z
+    - ?RCMInstance@CWorkerThreadPool@@SAPEAV1@XZ
+    - ?Read@CFile@@QEAAJPEADKPEAK@Z
+    - ?ReadWIRP@CFile@@QEAAJPEADKPEAK@Z
+    - ?ReferenceCount@CContext@@QEAAAEAKXZ
+    - ?Release@CLockEvent@@QEAAXXZ
+    - ?Remove@CContextList@@UEAAEQEAX@Z
+    - ?Remove@CList@@UEAAEQEAX@Z
+    - ?Remove@CLockList@@UEAAEQEAX@Z
+    - ?Remove@CNoLockList@@UEAAEQEAX@Z
+    - ?RemoveHead@CList@@UEAAPEAXXZ
+    - ?RemoveHead@CLockList@@UEAAPEAXXZ
+    - ?RemoveHead@CNoLockList@@UEAAPEAXXZ
+    - ?RemoveTail@CList@@UEAAPEAXXZ
+    - ?RemoveTail@CLockList@@UEAAPEAXXZ
+    - ?RemoveTail@CNoLockList@@UEAAPEAXXZ
+    - ?Reset@CKEvent@@QEAAXXZ
+    - ?ResetData@CInclusionExtConfig@@QEAAXXZ
+    - ?ResetData@CInclusionFileNameConfig@@QEAAXXZ
+    - ?ResetData@CInclusionFilePathConfig@@QEAAXXZ
+    - ?ResetData@CInclusionFolderConfig@@QEAAXXZ
+    - ?RestoreCR0@@YAXPEAX@Z
+    - ?Run@CAutoUpdateConfigThread@@UEAAXXZ
+    - ?Run@CDelayLoadThread@@UEAAXXZ
+    - ?Run@CWorkerThread@@UEAAXXZ
+    - ?SeekToEnd@CFile@@QEAAJXZ
+    - ?Set@CKEvent@@QEAAJJE@Z
+    - ?SetAttributes@CFile@@QEAAJK@Z
+    - ?SetBlobCofig@CContext@@UEAAJKPEAXK@Z
+    - ?SetData@CBlobConfig@@QEAAHPEAXK@Z
+    - ?SetData@CModuleFileExtConfig@@QEAAHPEBG@Z
+    - ?SetData@CModuleFlagConfig@@QEAAHK@Z
+    - ?SetData@CModuleMultiStringConfig@@QEAAHPEBGK@Z
+    - ?SetData@CModuleStringConfig@@QEAAHPEBG@Z
+    - ?SetEngineContext@CContext@@QEAAXPEAX@Z
+    - ?SetFileExtensionConfig@CContext@@UEAAJKPEBG@Z
+    - ?SetFlagConfig@CContext@@UEAAJKK@Z
+    - ?SetLinkContext@CContext@@QEAAXPEAX@Z
+    - ?SetLogFlag@CDebugLog@@QEAAEK@Z
+    - ?SetLogFlag@CDebugLogEx@@QEAAEK@Z
+    - ?SetMatchAllExtensions@CFileExtension@@QEAAXE@Z
+    - ?SetMatchNoExtensions@CFileExtension@@QEAAXE@Z
+    - ?SetMultiStringConfig@CContext@@UEAAJKPEBG@Z
+    - ?SetNewJobItemEvent@CWorkerThreadJobQueue@@QEAAXXZ
+    - ?SetPriority@CSystemThread@@QEAAXK@Z
+    - ?SetStopUse@CContext@@QEAAXXZ
+    - ?SetStringConfig@CContext@@UEAAJKPEBG@Z
+    - ?Setup@CSystemThread@@MEAAXXZ
+    - ?StopUse@CContext@@QEAAHXZ
+    - ?TearDown@CSystemThread@@MEAAXXZ
+    - ?Terminate@CSystemThread@@QEAAXE@Z
+    - ?Terminate@CWorkerThreadPool@@QEAAEXZ
+    - ?Terminate@CWorkerThreadPoolEx@@QEAAEXZ
+    - ?TmExceptionFilter@@YAJPEAU_EXCEPTION_POINTERS@@@Z
+    - ?Wait@CKEvent@@QEAAJPEAT_LARGE_INTEGER@@E@Z
+    - ?WaitFinish@CWorkerThreadJob@@QEAAXXZ
+    - ?WaitForInit@CDelayLoadThread@@QEAAEXZ
+    - ?WaitForLoad@CDelayLoadThread@@QEAAEXZ
+    - ?WaitNewJobAvailable@CWorkerThreadJobQueue@@QEAAEXZ
+    - ?WaitQueueEmpty@CWorkerThreadJobQueue@@QEAAXXZ
+    - ?Write@CDebugLog@@QEAAXPEBDZZ
+    - ?Write@CDebugLogEx@@QEAAXPEBDZZ
+    - ?Write@CFile@@QEAAJPEADKPEAT_LARGE_INTEGER@@PEAK@Z
+    - ?WriteDataToFile@CDebugLogEx@@IEAAXPEADK@Z
+    - ?WriteDataToProcMonW@CDebugLogEx@@IEAAXPEAD@Z
+    - ?WriteSystemInformation@CDebugLog@@QEAAXXZ
+    - ?WriteSystemInformation@CDebugLogEx@@QEAAXXZ
+    - ?WriteSystemStringInformation@CDebugLog@@IEAAXPEBG@Z
+    - ?WriteSystemStringInformation@CDebugLogEx@@IEAAXPEBG@Z
+    - ?WriteToFile@CDebugLog@@IEAAXPEADK@Z
+    - ?WriteToProcMonW@CDebugLogEx@@IEAAXPEAU_UNICODE_STRING@@@Z
+    - ?_pNonPagedAllocator@@3PEAVCMemoryAllocator@@EA
+    - ?_pPagedAllocator@@3PEAVCMemoryAllocator@@EA
+    - ?m_lpInstance@CWorkerThreadPool@@1PEAV1@EA
+    - ?m_lpRCMInstance@CWorkerThreadPool@@1PEAV1@EA
+    - DeInitKm2UmCommunication
+    - DeInitKmLPC
+    - DuplicateFullFileName
+    - FreeFullFileName
+    - GetFileVersionOfNtoskrnl
+    - GetKm2UmMode
+    - GetModuleInfoByAddress
+    - GetModuleInfoByModuleName
+    - InitKm2UmCommunication
+    - InitKmLPC
+    - IsWindows8_1_update
+    - KmCallUm
+    - KmCallUmByLPC
+    - KmCallUmEx
+    - KmCleanupCommPortAPIs
+    - KmGetUmInitProcess
+    - KmSetCommPortAPIs
+    - ModGetExportProcAddress
+    - ModLoadDLLToBuffer
+    - ModLoadDLLToBufferWithImageSize
+    - ModLoadModule
+    - ModUnLoadModule
+    - NormalizeFileName
+    - NormalizeFileName1
+    - NormalizeFullNtPathToDosName
+    - NormalizeFullNtPathToDosName1
+    - TmCommConfigRoutine
+    - UtilAddDeviceInDriveTable
+    - UtilAddReparsePointMapping
+    - UtilCleanFileReadOnly
+    - UtilCloseExclusiveHandle
+    - UtilCreateDosFileName
+    - UtilDeleteFileForce
+    - UtilGetDeviceObjectName
+    - UtilGetFileNameFromFileObject
+    - UtilGetFileObjectForProcessByEPROC
+    - UtilGetFileObjectFromFileName
+    - UtilGetProcessName
+    - UtilGetSystemDirectory
+    - UtilGetSystemDirectoryEx
+    - UtilGetSystemDirectoryLength
+    - UtilGetSystemTime
+    - UtilIoSetFileInfo
+    - UtilIopCreateFileIRP
+    - UtilKeGetLowFileDevice
+    - UtilModuleIATHook
+    - UtilModuleIATUnHook
+    - UtilPostJobToWorkerThread
+    - UtilQueryExclusiveHandle
+    - UtilQueryKeyValue
+    - UtilRemoveDeviceFromDriveTable
+    - UtilVolumeDeviceToDosName
+    - UtilWaitValueChangeToZero
+    - UtilWriteVersionToRegistry
+    - UtilbuildDynamicDiskMappingTable
+    - UtlWriteBinValueKeyToRegistry
+    - ValidateAddressWithSize
+    - _ResetProtectFromClose
+    - _UtilDosPathNameToNtPathName
+    ImportedFunctions:
+    - KeLeaveCriticalRegion
+    - wcsncpy
+    - KeEnterCriticalRegion
+    - ExAcquireFastMutexUnsafe
+    - wcsrchr
+    - ExAcquireResourceSharedLite
+    - ExReleaseResourceLite
+    - _purecall
+    - ZwOpenEvent
+    - ZwConnectPort
+    - KeClearEvent
+    - PsProcessType
+    - ExFreePoolWithTag
+    - RtlInitUnicodeString
+    - KeSetEvent
+    - ProbeForWrite
+    - KeUnstackDetachProcess
+    - ZwRequestWaitReplyPort
+    - ZwWaitForSingleObject
+    - DbgBreakPoint
+    - ZwSetEvent
+    - IoGetCurrentProcess
+    - ZwFreeVirtualMemory
+    - ZwClose
+    - ObfReferenceObject
+    - ObfDereferenceObject
+    - RtlUnicodeStringToInteger
+    - ZwCreateSection
+    - ObOpenObjectByPointer
+    - KeStackAttachProcess
+    - KePulseEvent
+    - ZwAllocateVirtualMemory
+    - ObGetObjectSecurity
+    - SeAccessCheck
+    - SeReleaseSubjectContext
+    - SeCaptureSubjectContext
+    - PsThreadType
+    - ObReleaseObjectSecurity
+    - PsGetProcessExitTime
+    - MmSectionObjectType
+    - DbgPrint
+    - ExDeleteResourceLite
+    - ExInitializeResourceLite
+    - ZwReadFile
+    - swprintf
+    - ZwSetInformationFile
+    - ZwCreateFile
+    - ZwQueryInformationFile
+    - ZwWriteFile
+    - _wcsnicmp
+    - towupper
+    - ExAllocatePoolWithTag
+    - KeInitializeEvent
+    - ZwCreateEvent
+    - ZwCreateKey
+    - RtlAnsiStringToUnicodeString
+    - ZwNotifyChangeKey
+    - RtlInitAnsiString
+    - _snprintf
+    - RtlFreeUnicodeString
+    - ExSystemTimeToLocalTime
+    - _vsnprintf
+    - ObReferenceObjectByHandle
+    - RtlTimeToTimeFields
+    - ZwDeviceIoControlFile
+    - PsGetCurrentThreadId
+    - PsGetCurrentProcessId
+    - KeWaitForMultipleObjects
+    - ExGetPreviousMode
+    - RtlEqualUnicodeString
+    - RtlPrefixUnicodeString
+    - RtlAppendUnicodeStringToString
+    - RtlCopyUnicodeString
+    - RtlUpcaseUnicodeChar
+    - KeWaitForSingleObject
+    - KeSetPriorityThread
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - MmIsAddressValid
+    - KeDelayExecutionThread
+    - KeNumberProcessors
+    - PsLookupProcessByProcessId
+    - PsSetCreateProcessNotifyRoutine
+    - ZwOpenDirectoryObject
+    - ZwQueryInformationProcess
+    - ZwQuerySecurityObject
+    - NtSetInformationFile
+    - ZwDeleteValueKey
+    - ZwSetValueKey
+    - ZwQuerySystemInformation
+    - NtQueryInformationFile
+    - IoFileObjectType
+    - ZwQueryValueKey
+    - ZwQueryDirectoryFile
+    - NtCreateFile
+    - ZwEnumerateValueKey
+    - RtlLengthSecurityDescriptor
+    - ZwQueryDirectoryObject
+    - ZwSetSecurityObject
+    - ZwDuplicateObject
+    - ZwOpenProcess
+    - ExReleaseFastMutexUnsafe
+    - ZwDeleteKey
+    - ZwEnumerateKey
+    - ZwQueryKey
+    - ZwOpenKey
+    - MmSystemRangeStart
+    - _stricmp
+    - _strnicmp
+    - mbstowcs
+    - ProbeForRead
+    - RtlUpcaseUnicodeString
+    - _snwprintf
+    - ZwQuerySymbolicLinkObject
+    - ZwMapViewOfSection
+    - MmGetSystemRoutineAddress
+    - RtlAppendUnicodeToString
+    - IoCreateFile
+    - RtlQueryRegistryValues
+    - MmBuildMdlForNonPagedPool
+    - ZwOpenSymbolicLinkObject
+    - IoFreeMdl
+    - ObQueryNameString
+    - ZwUnmapViewOfSection
+    - NtClose
+    - IoFreeIrp
+    - PsGetVersion
+    - IoAllocateIrp
+    - RtlCompareMemory
+    - MmUnlockPages
+    - ZwSetInformationObject
+    - ZwOpenFile
+    - wcsncmp
+    - RtlImageNtHeader
+    - IoAllocateMdl
+    - IofCallDriver
+    - ZwQueryVolumeInformationFile
+    - ObReferenceObjectByPointer
+    - IoBuildDeviceIoControlRequest
+    - ZwOpenSection
+    - RtlSubAuthoritySid
+    - RtlLengthRequiredSid
+    - ExReleaseFastMutex
+    - ExAcquireFastMutex
+    - RtlCreateAcl
+    - RtlSetDaclSecurityDescriptor
+    - RtlAddAccessAllowedAce
+    - KeInitializeSemaphore
+    - KeReleaseSemaphore
+    - RtlInitializeSid
+    - RtlCreateSecurityDescriptor
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - IoGetDeviceObjectPointer
+    - ExEventObjectType
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - ObOpenObjectByName
+    - NtQueryInformationProcess
+    - strncpy
+    - NtOpenProcess
+    - ObInsertObject
+    - IoAcquireVpbSpinLock
+    - SeCreateAccessState
+    - IoGetFileObjectGenericMapping
+    - ObCreateObject
+    - KeAcquireQueuedSpinLock
+    - KeReleaseQueuedSpinLock
+    - IoReleaseVpbSpinLock
+    - wcschr
+    - IoGetConfigurationInformation
+    - IoRegisterPlugPlayNotification
+    - IoGetStackLimits
+    - IoBuildSynchronousFsdRequest
+    - KeReleaseSpinLock
+    - ExpInterlockedPopEntrySList
+    - FsRtlIsNameInExpression
+    - wcsstr
+    - ExAllocatePool
+    - IoUnregisterPlugPlayNotification
+    - MmProbeAndLockPages
+    - RtlCompareUnicodeString
+    - IoGetDeviceInterfaces
+    - KeAcquireSpinLockRaiseToDpc
+    - KeBugCheckEx
+    - IoCreateDevice
+    - IoDeviceObjectType
+    - SeCaptureSecurityDescriptor
+    - RtlAbsoluteToSelfRelativeSD
+    - IoIsWdmVersionAvailable
+    - SeExports
+    - RtlLengthSid
+    - RtlGetSaclSecurityDescriptor
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - ZwTerminateProcess
+    - ExAcquireResourceExclusiveLite
+    - __C_specific_handler
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Hardware Compatibility Publisher
+            ValidFrom: '2020-12-15 22:15:33'
+            ValidTo: '2021-12-02 22:15:33'
+            Signature: 0d2d53cd15a8feddcb17e2df1bf7dc1aef21e98c6cd220f58b593824849c134a0f1add59ce42ef80ddf47860273013604d9568ec5894a797bd4e571432a9aaf10ab04dd1c038b26ab7c5ca3a9c88d009267fab56254525546a0a055fb37b9cd8029c7d501809fc8b11482c7a4347b3ad29f35427c9570e87117db52cc94864259274b9e2e758f918a3af1fdb9f9d40ffa3ae2e2ae012fb97a436258642a2a4223dc6690db88103a6e5220646bd8afb3d12eb894ac28b527396a1965408487f6ab878b3c474b8c960842861ae8e799a3d2a8d6f918f50f8e26bb1ed6ced47be36e447574e8568582964ff31cd288b9c7f8d7e6a46d6c3d92f5c101fe1522a720c
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 33000000b5213fca1e4aa03de40000000000b5
+            Version: 3
+            TBS:
+                MD5: a0dd89c33c4973bf6758331e200fb6de
+                SHA1: 65ff7fa429c0f08f8a8bf30509e8ca2919d9edb5
+                SHA256: 29a7b646af062aee3bf37d1ba190211365116db7d7aa4cb87ba268843262ae47
+                SHA384: a7ac729302762483ea304ff2660a2ce2f5fa67cbbfc3f6df32a8feafa3852812c9bb8f7050140079aad1dec8119ee88e
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2012
+            ValidFrom: '2012-04-18 23:48:38'
+            ValidTo: '2027-04-18 23:58:38'
+            Signature: 5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 610baac1000000000009
+            Version: 3
+            TBS:
+                MD5: a569061297e8e824767dbc3184a69bea
+                SHA1: adbb26a587a8f44b4fccaecb306f980d1c55a150
+                SHA256: cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46
+                SHA384: e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba
+        Signer:
+        -   SerialNumber: 33000000b5213fca1e4aa03de40000000000b5
+            Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2012
+            Version: 1
+    RichPEHeaderHash:
+        MD5: f4be961fdf2f7511374b1df8df43f982
+        SHA1: 548170450c7a94ed3369b8ea52224efc6207e53e
+        SHA256: afb90f23e79bf9a8d2b7c8cfe6668b65edca751317215ad400d3240b652eea37
+    Sections:
+        .text:
+            Entropy: 6.427114198273594
+            Virtual Size: '0x31f90'
+        .rdata:
+            Entropy: 3.4418936111862846
+            Virtual Size: '0x6140'
+        .data:
+            Entropy: 2.99098009328391
+            Virtual Size: '0x35a8'
+        .pdata:
+            Entropy: 5.377672795247099
+            Virtual Size: '0x23f4'
+        PAGE:
+            Entropy: 6.214710688570614
+            Virtual Size: '0x19f7'
+        .edata:
+            Entropy: 5.7715931789036965
+            Virtual Size: '0x5805'
+        INIT:
+            Entropy: 5.299636747033507
+            Virtual Size: '0x17d2'
+        .rsrc:
+            Entropy: 3.364607601829167
+            Virtual Size: '0x568'
+        .reloc:
+            Entropy: 4.0313065892955455
+            Virtual Size: '0x7be'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2021-06-17 20:32:14'
+    Imphash: fbcdb079e9c13a82f98b79bb6ce86175
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: TmComm.sys
+    MD5: 8580165a2803591e007380db9097bbcc
+    SHA1: 5a55c227ca13e9373b87f1ef6534533c7ce1f4fb
+    SHA256: 5027fce41ed60906a0e76b97c95c2a5a83d57a2d1cd42de232a21f26c0d58e48
+    Authentihash:
+        MD5: 01266e09667dd8822e9895786c7802b5
+        SHA1: 7e52c3e0861290dd0d7e8807a6f6cfd52b7ab5c2
+        SHA256: 5e71106ee81d050e30afd84cade4ef4a581d70130477aa1e34549e6de50cde87
+    Description: TrendMicro Common Module
+    Company: Trend Micro Inc.
+    InternalName: TmComm.sys
+    OriginalFilename: TmComm.sys
+    FileVersion: 5.50.0.1047
+    Product: Trend Micro Eyes
+    ProductVersion: '5.50'
+    Copyright: Copyright (C) 2002 - 2012 Trend Micro Incorporated. All rights reserved.
+    MachineType: I386
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    - CLASSPNP.SYS
+    ExportedFunctions:
+    - ??0CAutoUpdateConfigThread@@QAE@ABV0@@Z
+    - ??0CAutoUpdateConfigThread@@QAE@PAU_UNICODE_STRING@@P6GX0PAX@Z1@Z
+    - ??0CBlobConfig@@QAE@ABV0@@Z
+    - ??0CBlobConfig@@QAE@K@Z
+    - ??0CContext@@QAE@ABV0@@Z
+    - ??0CContext@@QAE@KP6GJPAU_EVENT_REPORT@@PAXPAU_TMCE_REPORT@@PAU_TMCE_FEEDBACK@@@Z1K@Z
+    - ??0CContextList@@QAE@ABV0@@Z
+    - ??0CContextList@@QAE@KPAVIMemoryAllocator@@@Z
+    - ??0CDebugLog@@QAE@ABV0@@Z
+    - ??0CDebugLog@@QAE@PBG@Z
+    - ??0CDelayLoadThread@@QAE@ABV0@@Z
+    - ??0CDelayLoadThread@@QAE@XZ
+    - ??0CExclusionExtConfig@@QAE@ABV0@@Z
+    - ??0CExclusionExtConfig@@QAE@KKE@Z
+    - ??0CExclusionFileNameConfig@@QAE@ABV0@@Z
+    - ??0CExclusionFileNameConfig@@QAE@KK@Z
+    - ??0CExclusionFilePathConfig@@QAE@ABV0@@Z
+    - ??0CExclusionFilePathConfig@@QAE@KK@Z
+    - ??0CExclusionFolderConfig@@QAE@ABV0@@Z
+    - ??0CExclusionFolderConfig@@QAE@KK@Z
+    - ??0CExclusionRegistryConfig@@QAE@ABV0@@Z
+    - ??0CExclusionRegistryConfig@@QAE@KK@Z
+    - ??0CFile@@QAE@ABV0@@Z
+    - ??0CFile@@QAE@E@Z
+    - ??0CFileExtension@@QAE@ABV0@@Z
+    - ??0CFileExtension@@QAE@KEEPAVIMemoryAllocator@@@Z
+    - ??0CInclusionExtConfig@@QAE@ABV0@@Z
+    - ??0CInclusionExtConfig@@QAE@KKE@Z
+    - ??0CInclusionFileNameConfig@@QAE@ABV0@@Z
+    - ??0CInclusionFileNameConfig@@QAE@KK@Z
+    - ??0CInclusionFilePathConfig@@QAE@ABV0@@Z
+    - ??0CInclusionFilePathConfig@@QAE@KK@Z
+    - ??0CInclusionFolderConfig@@QAE@ABV0@@Z
+    - ??0CInclusionFolderConfig@@QAE@KK@Z
+    - ??0CKEvent@@QAE@ABV0@@Z
+    - ??0CKEvent@@QAE@W4_EVENT_TYPE@@E@Z
+    - ??0CList@@QAE@ABV0@@Z
+    - ??0CList@@QAE@KPAVIMemoryAllocator@@@Z
+    - ??0CLockEvent@@QAE@ABV0@@Z
+    - ??0CLockEvent@@QAE@XZ
+    - ??0CLockList@@QAE@ABV0@@Z
+    - ??0CLockList@@QAE@KKPAVIMemoryAllocator@@@Z
+    - ??0CMemoryAllocator@@IAE@W4_POOL_TYPE@@K@Z
+    - ??0CMemoryAllocator@@QAE@ABV0@@Z
+    - ??0CMemoryPoolAllocator@@IAE@W4_POOL_TYPE@@KKK@Z
+    - ??0CMemoryPoolAllocator@@QAE@ABV0@@Z
+    - ??0CModuleConfig@@QAE@ABV0@@Z
+    - ??0CModuleConfig@@QAE@XZ
+    - ??0CModuleConfigList@@QAE@ABV0@@Z
+    - ??0CModuleConfigList@@QAE@KPAVIMemoryAllocator@@@Z
+    - ??0CModuleFileExtConfig@@QAE@ABV0@@Z
+    - ??0CModuleFileExtConfig@@QAE@KKE@Z
+    - ??0CModuleFlagConfig@@QAE@ABV0@@Z
+    - ??0CModuleFlagConfig@@QAE@K@Z
+    - ??0CModuleMultiStringConfig@@QAE@ABV0@@Z
+    - ??0CModuleMultiStringConfig@@QAE@KK@Z
+    - ??0CModuleStringConfig@@QAE@ABV0@@Z
+    - ??0CModuleStringConfig@@QAE@K@Z
+    - ??0CNoLockList@@QAE@ABV0@@Z
+    - ??0CNoLockList@@QAE@KKPAVIMemoryAllocator@@@Z
+    - ??0CSmartLock@@QAE@AAVCLockEvent@@@Z
+    - ??0CSmartLock@@QAE@XZ
+    - ??0CSmartReference@@QAE@AAJ@Z
+    - ??0CSmartReference@@QAE@AAK@Z
+    - ??0CSmartResource@@QAE@AAVCResource@@E@Z
+    - ??0CStrList@@QAE@ABV0@@Z
+    - ??0CStrList@@QAE@KPAVIMemoryAllocator@@@Z
+    - ??0CSystemThread@@QAE@ABV0@@Z
+    - ??0CSystemThread@@QAE@K@Z
+    - ??0CUserFuncAdapterJob@@QAE@ABV0@@Z
+    - ??0CUserFuncAdapterJob@@QAE@P6GXPAX@Z0@Z
+    - ??0CWorkerThread@@IAE@PAVCWorkerThreadJobQueue@@@Z
+    - ??0CWorkerThread@@QAE@ABV0@@Z
+    - ??0CWorkerThreadJob@@QAE@ABV0@@Z
+    - ??0CWorkerThreadJob@@QAE@E@Z
+    - ??0CWorkerThreadJobQueue@@QAE@ABV0@@Z
+    - ??0CWorkerThreadJobQueue@@QAE@K@Z
+    - ??0CWorkerThreadPool@@QAE@ABV0@@Z
+    - ??0CWorkerThreadPool@@QAE@K@Z
+    - ??0IMemoryAllocator@@QAE@ABV0@@Z
+    - ??0IMemoryAllocator@@QAE@XZ
+    - ??1CAutoUpdateConfigThread@@UAE@XZ
+    - ??1CBlobConfig@@UAE@XZ
+    - ??1CContext@@UAE@XZ
+    - ??1CContextList@@UAE@XZ
+    - ??1CDebugLog@@UAE@XZ
+    - ??1CDelayLoadThread@@UAE@XZ
+    - ??1CExclusionExtConfig@@UAE@XZ
+    - ??1CExclusionFileNameConfig@@UAE@XZ
+    - ??1CExclusionFilePathConfig@@UAE@XZ
+    - ??1CExclusionFolderConfig@@UAE@XZ
+    - ??1CExclusionRegistryConfig@@UAE@XZ
+    - ??1CFile@@UAE@XZ
+    - ??1CFileExtension@@UAE@XZ
+    - ??1CInclusionExtConfig@@UAE@XZ
+    - ??1CInclusionFileNameConfig@@UAE@XZ
+    - ??1CInclusionFilePathConfig@@UAE@XZ
+    - ??1CInclusionFolderConfig@@UAE@XZ
+    - ??1CKEvent@@UAE@XZ
+    - ??1CList@@UAE@XZ
+    - ??1CLockEvent@@UAE@XZ
+    - ??1CLockList@@UAE@XZ
+    - ??1CMemoryAllocator@@UAE@XZ
+    - ??1CMemoryPoolAllocator@@UAE@XZ
+    - ??1CModuleConfig@@UAE@XZ
+    - ??1CModuleConfigList@@UAE@XZ
+    - ??1CModuleFileExtConfig@@UAE@XZ
+    - ??1CModuleFlagConfig@@UAE@XZ
+    - ??1CModuleMultiStringConfig@@UAE@XZ
+    - ??1CModuleStringConfig@@UAE@XZ
+    - ??1CNoLockList@@UAE@XZ
+    - ??1CSmartLock@@QAE@XZ
+    - ??1CSmartReference@@QAE@XZ
+    - ??1CSmartResource@@QAE@XZ
+    - ??1CStrList@@UAE@XZ
+    - ??1CSystemThread@@UAE@XZ
+    - ??1CUserFuncAdapterJob@@UAE@XZ
+    - ??1CWorkerThread@@UAE@XZ
+    - ??1CWorkerThreadJob@@UAE@XZ
+    - ??1CWorkerThreadJobQueue@@UAE@XZ
+    - ??1CWorkerThreadPool@@UAE@XZ
+    - ??1IMemoryAllocator@@UAE@XZ
+    - ??2@YAPAXIPAVIMemoryAllocator@@PBDK@Z
+    - ??2CMemoryAllocator@@SGPAXI@Z
+    - ??2CMemoryPoolAllocator@@SGPAXI@Z
+    - ??3@YAXPAX@Z
+    - ??3IMemoryAllocator@@SGXPAX@Z
+    - ??4CAutoUpdateConfigThread@@QAEAAV0@ABV0@@Z
+    - ??4CBlobConfig@@QAEAAV0@ABV0@@Z
+    - ??4CContext@@QAEAAV0@ABV0@@Z
+    - ??4CDebugLog@@QAEAAV0@ABV0@@Z
+    - ??4CDelayLoadThread@@QAEAAV0@ABV0@@Z
+    - ??4CFile@@QAEAAV0@ABV0@@Z
+    - ??4CKEvent@@QAEAAV0@ABV0@@Z
+    - ??4CLockEvent@@QAEAAV0@ABV0@@Z
+    - ??4CMemoryAllocator@@QAEAAV0@ABV0@@Z
+    - ??4CMemoryPoolAllocator@@QAEAAV0@ABV0@@Z
+    - ??4CModuleConfig@@QAEAAV0@ABV0@@Z
+    - ??4CModuleFlagConfig@@QAEAAV0@ABV0@@Z
+    - ??4CModuleStringConfig@@QAEAAV0@ABV0@@Z
+    - ??4CSmartLock@@QAEAAV0@ABV0@@Z
+    - ??4CSmartLock@@QAEABV0@AAVCLockEvent@@@Z
+    - ??4CSmartResource@@QAEAAV0@ABV0@@Z
+    - ??4CSystemThread@@QAEAAV0@ABV0@@Z
+    - ??4CUserFuncAdapterJob@@QAEAAV0@ABV0@@Z
+    - ??4CWorkerThread@@QAEAAV0@ABV0@@Z
+    - ??4CWorkerThreadJob@@QAEAAV0@ABV0@@Z
+    - ??4IMemoryAllocator@@QAEAAV0@ABV0@@Z
+    - ??_7CAutoUpdateConfigThread@@6B@
+    - ??_7CBlobConfig@@6B@
+    - ??_7CContext@@6B@
+    - ??_7CContextList@@6B@
+    - ??_7CDebugLog@@6B@
+    - ??_7CDelayLoadThread@@6B@
+    - ??_7CExclusionExtConfig@@6B@
+    - ??_7CExclusionFileNameConfig@@6B@
+    - ??_7CExclusionFilePathConfig@@6B@
+    - ??_7CExclusionFolderConfig@@6B@
+    - ??_7CExclusionRegistryConfig@@6B@
+    - ??_7CFile@@6B@
+    - ??_7CFileExtension@@6B@
+    - ??_7CInclusionExtConfig@@6B@
+    - ??_7CInclusionFileNameConfig@@6B@
+    - ??_7CInclusionFilePathConfig@@6B@
+    - ??_7CInclusionFolderConfig@@6B@
+    - ??_7CKEvent@@6B@
+    - ??_7CList@@6B@
+    - ??_7CLockEvent@@6B@
+    - ??_7CLockList@@6B@
+    - ??_7CMemoryAllocator@@6B@
+    - ??_7CMemoryPoolAllocator@@6B@
+    - ??_7CModuleConfig@@6B@
+    - ??_7CModuleConfigList@@6B@
+    - ??_7CModuleFileExtConfig@@6B@
+    - ??_7CModuleFlagConfig@@6B@
+    - ??_7CModuleMultiStringConfig@@6B@
+    - ??_7CModuleStringConfig@@6B@
+    - ??_7CNoLockList@@6B@
+    - ??_7CStrList@@6B@
+    - ??_7CSystemThread@@6B@
+    - ??_7CUserFuncAdapterJob@@6B@
+    - ??_7CWorkerThread@@6B@
+    - ??_7CWorkerThreadJob@@6B@
+    - ??_7CWorkerThreadJobQueue@@6B@
+    - ??_7CWorkerThreadPool@@6B@
+    - ??_7IMemoryAllocator@@6B@
+    - ??_FCContextList@@QAEXXZ
+    - ??_FCFile@@QAEXXZ
+    - ??_FCFileExtension@@QAEXXZ
+    - ??_FCModuleConfigList@@QAEXXZ
+    - ??_FCStrList@@QAEXXZ
+    - ??_FCSystemThread@@QAEXXZ
+    - ??_FCWorkerThread@@QAEXXZ
+    - ??_FCWorkerThreadJob@@QAEXXZ
+    - ??_FCWorkerThreadJobQueue@@QAEXXZ
+    - ??_U@YAPAXIPAVIMemoryAllocator@@PBDK@Z
+    - ??_V@YAXPAX@Z
+    - ?Acquire@CLockEvent@@QAEXXZ
+    - ?Add@CContextList@@QAEEPAVCContext@@@Z
+    - ?Add@CFileExtension@@QAEEPBGK@Z
+    - ?Add@CModuleConfigList@@QAEEPAVCModuleConfig@@@Z
+    - ?Add@CStrList@@QAEEPBG@Z
+    - ?AddNode@CLockList@@UAEEQAXE@Z
+    - ?AddNode@CNoLockList@@UAEEQAXE@Z
+    - ?Alloc@CMemoryAllocator@@UAEPAXKPBDK@Z
+    - ?Alloc@CMemoryPoolAllocator@@UAEPAXKPBDK@Z
+    - ?AllocBlock@CMemoryPoolAllocator@@IAEPAXK@Z
+    - ?AttachJobQueue@CWorkerThread@@QAEXPAVCWorkerThreadJobQueue@@@Z
+    - ?Cancel@CWorkerThreadJob@@QAEXXZ
+    - ?CheckNode@CLockList@@UAEHQAX@Z
+    - ?CheckNode@CNoLockList@@UAEHQAX@Z
+    - ?CleanQueue@CWorkerThreadJobQueue@@QAEXXZ
+    - ?Cleanup@CBlobConfig@@AAEXXZ
+    - ?Cleanup@CModuleFileExtConfig@@IAEXXZ
+    - ?Cleanup@CModuleMultiStringConfig@@IAEXXZ
+    - ?Cleanup@CModuleStringConfig@@AAEXXZ
+    - ?Close@CFile@@QAEJXZ
+    - ?Count@CLockList@@QAEKXZ
+    - ?Count@CNoLockList@@QAEKXZ
+    - ?Create@CFile@@QAEJPBGKKKK@Z
+    - ?Create@CSystemThread@@QAEEXZ
+    - ?CreateInstance@CMemoryAllocator@@SGPAV1@W4_POOL_TYPE@@K@Z
+    - ?CreateInstance@CMemoryPoolAllocator@@SGPAV1@W4_POOL_TYPE@@KKK@Z
+    - ?CreatePool@CWorkerThreadPool@@QAEEXZ
+    - ?CreateThreads@CWorkerThreadPool@@QAEEK@Z
+    - ?CreateWIRP@CFile@@QAEJPBGKKKK@Z
+    - ?Delete@CFile@@QAEJXZ
+    - ?Delete@CFileExtension@@QAEEPBGK@Z
+    - ?Delete@CStrList@@QAEEPBG@Z
+    - ?DeleteAll@CList@@UAEXXZ
+    - ?DeleteAll@CLockList@@UAEXXZ
+    - ?DeleteAll@CNoLockList@@UAEXXZ
+    - ?DeleteNode@CContextList@@MAEXPAX@Z
+    - ?DeleteNode@CList@@UAEXPAX@Z
+    - ?DeleteNode@CModuleConfigList@@MAEXPAX@Z
+    - ?DeleteNode@CStrList@@EAEXPAU_STR_LIST_NODE@1@@Z
+    - ?DisableWriteProtectFromCR0@@YGXPAPAX@Z
+    - ?DoIt@CWorkerThreadJob@@QAEJXZ
+    - ?EntryPoint@CSystemThread@@KGXPAX@Z
+    - ?Find@CContextList@@QAEPAVCContext@@K@Z
+    - ?Find@CContextList@@QAEPAVCContext@@PAX@Z
+    - ?Find@CFileExtension@@QAEPAU_STR_LIST_NODE@CStrList@@PBGK@Z
+    - ?Find@CModuleConfigList@@QAEPAVCModuleConfig@@K@Z
+    - ?Find@CStrList@@QAEPAU_STR_LIST_NODE@1@PBG@Z
+    - ?FindNode@CContextList@@IAEPAXPAX@Z
+    - ?FindPartiallyAndAllMatch@CStrList@@QAEPAU_STR_LIST_NODE@1@PBG@Z
+    - ?First@CList@@UAEPAXXZ
+    - ?First@CLockList@@UAEPAXXZ
+    - ?First@CNoLockList@@UAEPAXXZ
+    - ?Free@CMemoryAllocator@@UAEXPAX@Z
+    - ?Free@CMemoryPoolAllocator@@UAEXPAX@Z
+    - ?GetAttributes@CFile@@QAEKXZ
+    - ?GetBasicInfomration@CFile@@IAEJXZ
+    - ?GetBlobCofig@CContext@@UAEJKPAXPAK@Z
+    - ?GetCategory@CContext@@QAEKXZ
+    - ?GetData@CBlobConfig@@QAEHPAXPAK@Z
+    - ?GetData@CModuleFileExtConfig@@QAEHPAGPAK@Z
+    - ?GetData@CModuleFileExtConfig@@QAEPAVCFileExtension@@XZ
+    - ?GetData@CModuleFlagConfig@@QAEKXZ
+    - ?GetData@CModuleMultiStringConfig@@QAEHPAGPAK@Z
+    - ?GetData@CModuleMultiStringConfig@@QAEPAVCStrList@@XZ
+    - ?GetData@CModuleStringConfig@@QAEPAGXZ
+    - ?GetData@CStrList@@QAEEPAGPAK@Z
+    - ?GetDataType@CModuleConfig@@QAEKXZ
+    - ?GetEngineContext@CContext@@QAEPAXXZ
+    - ?GetFileExtensionConfig@CContext@@QAEPAVCFileExtension@@K@Z
+    - ?GetFileExtensionConfig@CContext@@UAEJKPAGPAK@Z
+    - ?GetFileSize@CFile@@QAEJPAT_LARGE_INTEGER@@@Z
+    - ?GetFlagConfig@CContext@@UAEJKPAK@Z
+    - ?GetID@CModuleConfig@@QAEKXZ
+    - ?GetJob@CWorkerThreadJobQueue@@QAEPAVCWorkerThreadJob@@XZ
+    - ?GetLength@CModuleStringConfig@@QAEKXZ
+    - ?GetLinkContext@CContext@@QAEPAXXZ
+    - ?GetLogFlag@CDebugLog@@QAEKXZ
+    - ?GetModuleId@CModuleConfig@@QAEKXZ
+    - ?GetMultiStringConfig@CContext@@QAEPAVCStrList@@K@Z
+    - ?GetMultiStringConfig@CContext@@UAEJKPAGPAK@Z
+    - ?GetOneThreadTEB@CWorkerThreadPool@@QAEPAU_ETHREAD@@XZ
+    - ?GetReportCallBackRoutine@CContext@@QAEKXZ
+    - ?GetSize@CBlobConfig@@QAEKXZ
+    - ?GetStringConfig@CContext@@QAEPAGK@Z
+    - ?GetStringConfig@CContext@@UAEJKPAGPAK@Z
+    - ?GetThreadCount@CWorkerThreadPool@@QAEKXZ
+    - ?GetThreadID@CSystemThread@@QAEKXZ
+    - ?GetType@CContext@@QAEKXZ
+    - ?GetUserParameter@CContext@@QAEKXZ
+    - ?InitializeBlobConfig@CContext@@QAEHKPAXK@Z
+    - ?InitializeFileExtensionConfig@CContext@@QAEHKPBG@Z
+    - ?InitializeFlagConfig@CContext@@QAEHKK@Z
+    - ?InitializeMultiStringConfig@CContext@@QAEHKPBG@Z
+    - ?InitializeStringConfig@CContext@@QAEHKPBG@Z
+    - ?Insert@CList@@UAEXQAXE@Z
+    - ?Insert@CLockList@@UAEXQAXE@Z
+    - ?Insert@CNoLockList@@UAEXQAXE@Z
+    - ?InsertAfter@CList@@UAEXPAX0@Z
+    - ?InsertBefore@CList@@UAEXPAX0@Z
+    - ?Instance@CWorkerThreadPool@@SGPAV1@XZ
+    - ?IsEmpty@CList@@UAEEXZ
+    - ?IsEmpty@CLockList@@UAEEXZ
+    - ?IsEmpty@CNoLockList@@UAEEXZ
+    - ?IsExceedLimitation@CMemoryPoolAllocator@@IAEEK@Z
+    - ?IsFull@CLockList@@QBEEXZ
+    - ?IsFull@CNoLockList@@QBEEXZ
+    - ?IsInExclusionList@CExclusionExtConfig@@QAEEPBG@Z
+    - ?IsInExclusionList@CExclusionFileNameConfig@@QAEEPBG@Z
+    - ?IsInExclusionList@CExclusionFilePathConfig@@QAEEPBG@Z
+    - ?IsInExclusionList@CExclusionFolderConfig@@QAEEPBG@Z
+    - ?IsInExclusionList@CExclusionRegistryConfig@@QAEEPBG@Z
+    - ?IsInInclusionList@CInclusionExtConfig@@QAEEPBG@Z
+    - ?IsInInclusionList@CInclusionFileNameConfig@@QAEEPBG@Z
+    - ?IsInInclusionList@CInclusionFilePathConfig@@QAEEPBG@Z
+    - ?IsInInclusionList@CInclusionFolderConfig@@QAEEPBG@Z
+    - ?IsOpened@CFile@@QAEEXZ
+    - ?IsTerminated@CWorkerThreadPool@@QAEEXZ
+    - ?IsValid@CMemoryAllocator@@UAEEXZ
+    - ?IsValid@CMemoryPoolAllocator@@UAEEXZ
+    - ?IsValid@IMemoryAllocator@@UAEEXZ
+    - ?IsWorkerThread@CWorkerThreadPool@@QAEEK@Z
+    - ?JobFunction@CUserFuncAdapterJob@@MAEXXZ
+    - ?JobQueue@CWorkerThreadPool@@QAEAAVCWorkerThreadJobQueue@@XZ
+    - ?Limit@CLockList@@QAEKXZ
+    - ?Limit@CNoLockList@@QAEKXZ
+    - ?MatchAllExtensions@CFileExtension@@QAEEXZ
+    - ?MatchNoExtensions@CFileExtension@@QAEEXZ
+    - ?MergeLeft@CMemoryPoolAllocator@@IAEPAXPAX@Z
+    - ?MergeRight@CMemoryPoolAllocator@@IAEPAXPAX@Z
+    - ?NeedDelete@CWorkerThreadJob@@QAEEXZ
+    - ?NeedDeleteWhenFinish@CWorkerThreadJob@@QAEXE@Z
+    - ?NewNode@CList@@UAEPAXXZ
+    - ?NewNode@CStrList@@EAEPAXXZ
+    - ?NewNodeVariant@CList@@IAEPAXK@Z
+    - ?Next@CList@@UBEPAXQAX@Z
+    - ?Next@CLockList@@UBEPAXQAX@Z
+    - ?Next@CNoLockList@@UBEPAXQAX@Z
+    - ?NextPool@CMemoryPoolAllocator@@QAEPAV1@XZ
+    - ?NotityTerminate@CWorkerThread@@QAEXXZ
+    - ?PostJobToWorkerThread@CWorkerThreadPool@@QAEJP6GXPAX@Z0E@Z
+    - ?Pulse@CKEvent@@QAEJJE@Z
+    - ?QueueJob@CWorkerThreadJobQueue@@QAEEPAVCWorkerThreadJob@@@Z
+    - ?QueueJobItem@CWorkerThreadPool@@QAEJPAVCWorkerThreadJob@@@Z
+    - ?RCMInstance@CWorkerThreadPool@@SGPAV1@XZ
+    - ?Read@CFile@@QAEJPADKPAK@Z
+    - ?ReferenceCount@CContext@@QAEAAKXZ
+    - ?Release@CLockEvent@@QAEXXZ
+    - ?Remove@CContextList@@UAEEQAX@Z
+    - ?Remove@CList@@UAEEQAX@Z
+    - ?Remove@CLockList@@UAEEQAX@Z
+    - ?Remove@CNoLockList@@UAEEQAX@Z
+    - ?RemoveHead@CList@@UAEPAXXZ
+    - ?RemoveHead@CLockList@@UAEPAXXZ
+    - ?RemoveHead@CNoLockList@@UAEPAXXZ
+    - ?RemoveTail@CList@@UAEPAXXZ
+    - ?RemoveTail@CLockList@@UAEPAXXZ
+    - ?RemoveTail@CNoLockList@@UAEPAXXZ
+    - ?Reset@CKEvent@@QAEXXZ
+    - ?ResetData@CInclusionExtConfig@@QAEXXZ
+    - ?ResetData@CInclusionFileNameConfig@@QAEXXZ
+    - ?ResetData@CInclusionFilePathConfig@@QAEXXZ
+    - ?ResetData@CInclusionFolderConfig@@QAEXXZ
+    - ?RestoreCR0@@YGXPAX@Z
+    - ?Run@CAutoUpdateConfigThread@@UAEXXZ
+    - ?Run@CDelayLoadThread@@UAEXXZ
+    - ?Run@CWorkerThread@@UAEXXZ
+    - ?SeekToEnd@CFile@@QAEJXZ
+    - ?Set@CKEvent@@QAEJJE@Z
+    - ?SetAttributes@CFile@@QAEJK@Z
+    - ?SetBlobCofig@CContext@@UAEJKPAXK@Z
+    - ?SetData@CBlobConfig@@QAEHPAXK@Z
+    - ?SetData@CModuleFileExtConfig@@QAEHPBG@Z
+    - ?SetData@CModuleFlagConfig@@QAEHK@Z
+    - ?SetData@CModuleMultiStringConfig@@QAEHPBGK@Z
+    - ?SetData@CModuleStringConfig@@QAEHPBG@Z
+    - ?SetEngineContext@CContext@@QAEXPAX@Z
+    - ?SetFileExtensionConfig@CContext@@UAEJKPBG@Z
+    - ?SetFlagConfig@CContext@@UAEJKK@Z
+    - ?SetLinkContext@CContext@@QAEXPAX@Z
+    - ?SetLogFlag@CDebugLog@@QAEEK@Z
+    - ?SetMatchAllExtensions@CFileExtension@@QAEXE@Z
+    - ?SetMatchNoExtensions@CFileExtension@@QAEXE@Z
+    - ?SetMultiStringConfig@CContext@@UAEJKPBG@Z
+    - ?SetNewJobItemEvent@CWorkerThreadJobQueue@@QAEXXZ
+    - ?SetPriority@CSystemThread@@QAEXK@Z
+    - ?SetStopUse@CContext@@QAEXXZ
+    - ?SetStringConfig@CContext@@UAEJKPBG@Z
+    - ?Setup@CSystemThread@@MAEXXZ
+    - ?StopUse@CContext@@QAEHXZ
+    - ?TearDown@CSystemThread@@MAEXXZ
+    - ?Terminate@CSystemThread@@QAEXE@Z
+    - ?Terminate@CWorkerThreadPool@@QAEEXZ
+    - ?TmExceptionFilter@@YGJPAU_EXCEPTION_POINTERS@@@Z
+    - ?Wait@CKEvent@@QAEJPAT_LARGE_INTEGER@@E@Z
+    - ?WaitFinish@CWorkerThreadJob@@QAEXXZ
+    - ?WaitForInit@CDelayLoadThread@@QAEEXZ
+    - ?WaitForLoad@CDelayLoadThread@@QAEEXZ
+    - ?WaitNewJobAvailable@CWorkerThreadJobQueue@@QAEEXZ
+    - ?Write@CDebugLog@@QAAXPBDZZ
+    - ?Write@CFile@@QAEJPADKPAT_LARGE_INTEGER@@PAK@Z
+    - ?WriteSystemInformation@CDebugLog@@QAEXXZ
+    - ?WriteSystemStringInformation@CDebugLog@@IAEXPBG@Z
+    - ?WriteToFile@CDebugLog@@IAEXPADK@Z
+    - ?_pNonPagedAllocator@@3PAVCMemoryAllocator@@A
+    - ?_pPagedAllocator@@3PAVCMemoryAllocator@@A
+    - ?m_lpInstance@CWorkerThreadPool@@1PAV1@A
+    - ?m_lpRCMInstance@CWorkerThreadPool@@1PAV1@A
+    - _DeInitKmLPC@0
+    - _GetModuleInfoByAddress@8
+    - _GetModuleInfoByModuleName@8
+    - _InitKmLPC@0
+    - _KmCallUm@8
+    - _KmCallUmEx@12
+    - _ModGetExportProcAddress@8
+    - _ModLoadDLLToBuffer@4
+    - _ModLoadDLLToBufferWithImageSize@8
+    - _ModLoadModule@8
+    - _ModUnLoadModule@4
+    - _NormalizeFileName@4
+    - _NormalizeFullNtPathToDosName@4
+    - _TmCommConfigRoutine@4
+    - _UtilAddDeviceInDriveTable@4
+    - _UtilCleanFileReadOnly@4
+    - _UtilDeleteFileForce@4
+    - _UtilGetFileObjectForProcessByEPROC@8
+    - _UtilGetFileObjectFromFileName@12
+    - _UtilGetProcessName@12
+    - _UtilGetSystemDirectory@4
+    - _UtilGetSystemDirectoryEx@0
+    - _UtilGetSystemDirectoryLength@0
+    - _UtilGetSystemTime@4
+    - _UtilIoSetFileInfo@24
+    - _UtilIopCreateFileIRP@40
+    - _UtilKeGetLowFileDevice@16
+    - _UtilModuleIATHook@24
+    - _UtilModuleIATUnHook@8
+    - _UtilQueryKeyValue@24
+    - _UtilRemoveDeviceFromDriveTable@4
+    - _UtilVolumeDeviceToDosName@8
+    - _UtilWaitValueChangeToZero@8
+    - _UtilWriteVersionToRegistry@8
+    - _UtilbuildDynamicDiskMappingTable@0
+    - _UtlWriteBinValueKeyToRegistry@16
+    - __UtilDosPathNameToNtPathName@12
+    ImportedFunctions:
+    - wcsrchr
+    - KeSetEvent
+    - KePulseEvent
+    - KeClearEvent
+    - KeInitializeSemaphore
+    - KeWaitForSingleObject
+    - KeReleaseSemaphore
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - RtlSubAuthoritySid
+    - RtlInitializeSid
+    - ExAllocatePoolWithTag
+    - RtlLengthRequiredSid
+    - ExFreePoolWithTag
+    - RtlSetDaclSecurityDescriptor
+    - RtlCreateSecurityDescriptor
+    - RtlAddAccessAllowedAce
+    - RtlCreateAcl
+    - ObfDereferenceObject
+    - ZwSetEvent
+    - ZwClose
+    - ZwRequestWaitReplyPort
+    - ProbeForWrite
+    - ZwFreeVirtualMemory
+    - ZwAllocateVirtualMemory
+    - ObOpenObjectByPointer
+    - PsProcessType
+    - memmove
+    - ZwConnectPort
+    - RtlInitUnicodeString
+    - RtlUnicodeStringToInteger
+    - ZwCreateSection
+    - ZwWaitForSingleObject
+    - ZwOpenEvent
+    - ObfReferenceObject
+    - IoGetCurrentProcess
+    - DbgBreakPoint
+    - PsGetProcessExitTime
+    - MmSectionObjectType
+    - DbgPrint
+    - memset
+    - MmIsAddressValid
+    - ExInitializeResourceLite
+    - ExDeleteResourceLite
+    - ZwWriteFile
+    - ZwReadFile
+    - ZwQueryInformationFile
+    - ZwSetInformationFile
+    - ZwCreateFile
+    - swprintf
+    - towupper
+    - _wcsnicmp
+    - KeInitializeEvent
+    - _snprintf
+    - PsGetCurrentProcessId
+    - RtlTimeToTimeFields
+    - ExSystemTimeToLocalTime
+    - KeQuerySystemTime
+    - ZwCreateKey
+    - ZwCreateEvent
+    - KeWaitForMultipleObjects
+    - ObReferenceObjectByHandle
+    - ZwNotifyChangeKey
+    - PsGetCurrentThreadId
+    - _vsnprintf
+    - KeSetPriorityThread
+    - PsTerminateSystemThread
+    - PsCreateSystemThread
+    - KeNumberProcessors
+    - ZwQueryInformationProcess
+    - PsLookupProcessByProcessId
+    - KeDelayExecutionThread
+    - ZwOpenDirectoryObject
+    - PsSetCreateProcessNotifyRoutine
+    - ZwQuerySystemInformation
+    - ZwQueryDirectoryFile
+    - ZwQueryDirectoryObject
+    - ZwDuplicateObject
+    - ZwOpenKey
+    - ZwEnumerateKey
+    - ZwEnumerateValueKey
+    - ZwQueryValueKey
+    - ZwDeleteValueKey
+    - ZwDeleteKey
+    - ExGetPreviousMode
+    - ZwTerminateProcess
+    - ZwOpenProcess
+    - ZwQueryKey
+    - ZwSetValueKey
+    - MmHighestUserAddress
+    - IoFreeIrp
+    - memcpy
+    - MmUnlockPages
+    - IoBuildAsynchronousFsdRequest
+    - _strnicmp
+    - RtlQueryRegistryValues
+    - RtlAppendUnicodeToString
+    - mbstowcs
+    - _purecall
+    - ZwOpenSymbolicLinkObject
+    - NtClose
+    - ZwSetInformationObject
+    - _stricmp
+    - ZwUnmapViewOfSection
+    - ZwMapViewOfSection
+    - ZwOpenFile
+    - RtlEqualUnicodeString
+    - IoFileObjectType
+    - IoCreateFile
+    - IofCallDriver
+    - IoAllocateIrp
+    - MmBuildMdlForNonPagedPool
+    - IoAllocateMdl
+    - ProbeForRead
+    - PsGetVersion
+    - MmGetSystemRoutineAddress
+    - RtlCopyUnicodeString
+    - RtlCompareMemory
+    - _snwprintf
+    - RtlImageNtHeader
+    - RtlFreeUnicodeString
+    - RtlAnsiStringToUnicodeString
+    - RtlInitAnsiString
+    - strrchr
+    - ZwQueryVolumeInformationFile
+    - ObReferenceObjectByPointer
+    - ObQueryNameString
+    - IoBuildDeviceIoControlRequest
+    - IofCompleteRequest
+    - ExEventObjectType
+    - _allmul
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - IoCreateSymbolicLink
+    - IoGetDeviceObjectPointer
+    - RtlUpperChar
+    - RtlCompareUnicodeString
+    - strncpy
+    - KeServiceDescriptorTable
+    - NtOpenProcess
+    - ObOpenObjectByName
+    - IoDriverObjectType
+    - RtlAppendUnicodeStringToString
+    - strncmp
+    - NtQueryInformationProcess
+    - PsIsThreadTerminating
+    - PsThreadType
+    - KeAddSystemServiceTable
+    - ZwQueryObject
+    - ZwQuerySecurityObject
+    - ObInsertObject
+    - _allrem
+    - IoReleaseVpbSpinLock
+    - IoAcquireVpbSpinLock
+    - SeCreateAccessState
+    - IoGetFileObjectGenericMapping
+    - RtlUpcaseUnicodeString
+    - ObCreateObject
+    - _allshr
+    - ExInterlockedPopEntrySList
+    - IoGetStackLimits
+    - IoBuildSynchronousFsdRequest
+    - MmSystemRangeStart
+    - IoUnregisterPlugPlayNotification
+    - FsRtlIsNameInExpression
+    - wcsstr
+    - IoGetConfigurationInformation
+    - MmProbeAndLockPages
+    - IoGetDeviceInterfaces
+    - IoRegisterPlugPlayNotification
+    - ExAllocatePool
+    - RtlFreeAnsiString
+    - RtlUnicodeStringToAnsiString
+    - strncat
+    - wcschr
+    - wcsncat
+    - wcstombs
+    - KeTickCount
+    - KeBugCheckEx
+    - RtlUnwind
+    - wcsncpy
+    - ExReleaseResourceLite
+    - ExAcquireResourceExclusiveLite
+    - ExAcquireResourceSharedLite
+    - ExReleaseFastMutexUnsafe
+    - KeLeaveCriticalRegion
+    - KeEnterCriticalRegion
+    - IoFreeMdl
+    - ExAcquireFastMutexUnsafe
+    - ZwSetSecurityObject
+    - IoDeviceObjectType
+    - IoCreateDevice
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetSaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - RtlLengthSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - SeExports
+    - IoIsWdmVersionAvailable
+    - RtlLengthSid
+    - RtlAbsoluteToSelfRelativeSD
+    - ZwQuerySymbolicLinkObject
+    - KeGetCurrentThread
+    - KfAcquireSpinLock
+    - KfReleaseSpinLock
+    - KeRaiseIrqlToDpcLevel
+    - KfLowerIrql
+    - KeGetCurrentIrql
+    - ExAcquireFastMutex
+    - ExReleaseFastMutex
+    - KfRaiseIrql
+    - ClassInitialize
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G3
+            ValidFrom: '2012-05-01 00:00:00'
+            ValidTo: '2012-12-31 23:59:59'
+            Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
+            Version: 3
+            TBS:
+                MD5: e6d820afb23af20a65cf0b03247ea05e
+                SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
+                SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
+                SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-09-30 00:00:00'
+            ValidTo: '2014-01-01 23:59:59'
+            Signature: aedd211d5f8f807ad25209eadb6ed25d8be8c21b6904be51a5010e59fa37d174a3eedced89742b62d5a6bf4fad361754f013e0a345d24c26cbe26da21fd01e7a070fb6b37b6f5068a2e931b3b7997d8070a0a7de0b1ea4fff34d811bdd20c91cc4afcff18ffad9da95f0ecdc5cbfe88c5a3e7ab0a3eb59437411e09b1a6af36f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4d6290e58c54f0f1eb17341a1310e6a4
+            Version: 3
+            TBS:
+                MD5: b7d8444a70054990435f35a5630df5e1
+                SHA1: 4678c6e4a8787a8e6ed2bce8792b122f6c08afd8
+                SHA256: 0a8b4b359ea7890b358e56e436e9cfc6f32b037b2599b597ca7f7a80d475ec98
+                SHA384: ab21ee23bcdcf6f6066fb964d61467419ca8c0f3ad0b3fa2be4db6ed6af1cdff066b27d1988551c75836f22eddffef1f
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=TW, ST=Taiwan, L=Taipei, O=Trend Micro, Inc., OU=Digital ID
+                Class 3 , Microsoft Software Validation v2, OU=RD, CN=Trend Micro,
+                Inc.
+            ValidFrom: '2011-12-27 00:00:00'
+            ValidTo: '2013-02-15 23:59:59'
+            Signature: 840ba0fc35187fe2edc7b17c101fd2bf035bbad8f3de048e250741e96a3f4ecee86f1f065ea76f2f8f430a13a75ff3eab29a8b11a13006d27bf3173fa49aabf9cef98fc4554f1732317c4b821c740eb58a91977d85e86574dd712718b15d24f7eb88b6d4520aef788478e1ef8cebd7fff06fadbc87ca6ca2b77da85be3c30b4d590bcb8945a0acfa013f89073933494d9c465c0036280a5af39f6802e60bd175a2603366dd935cb3458b1791411a06b6e5f38e3171de4238051c79b33117cb94674d0625c402bdfb0f99b80625dc0f827911c6c11263884a4e41d1abf60070ad46b7296e19e1cfcda7304a650d7a814319cc11e5a947e82b2d00a169e798b871
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 6326c00ead256b6837eeb29b5ee84720
+            Version: 3
+            TBS:
+                MD5: 11b208a45459069f827186fe81c6badd
+                SHA1: 456356986e8ecbb7b05e4617d37cb8cd69ce4969
+                SHA256: 4a0336d7ffa5db42ece4b342e1244f5c2bd0681827f68f847d99195c83740145
+                SHA384: 8a5edd0f475b19f4667fde62ee69bbe81a130ddad07ff7cbeb16d4bd9bddd3aa1e59f2469cc15c01e8889e01b048778d
+        Signer:
+        -   SerialNumber: 6326c00ead256b6837eeb29b5ee84720
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 03cc0cf6cc93ab1faa8dd44481e28703
+        SHA1: 7c749d49c0677c330200d6fcd0e2da5232be0970
+        SHA256: 8ff0549239941077a9cfd73a1d1e0ca0a20d4df41e2b9d249e6115f9bc1857b4
+    Sections:
+        .text:
+            Entropy: 6.660946608051692
+            Virtual Size: '0x2e408'
+        .rdata:
+            Entropy: 4.709860073342209
+            Virtual Size: '0x1cec'
+        .data:
+            Entropy: 4.4959420211886885
+            Virtual Size: '0x271c'
+        PAGE:
+            Entropy: 6.210709607609148
+            Virtual Size: '0x13dd'
+        .edata:
+            Entropy: 5.854662933678954
+            Virtual Size: '0x4c13'
+        INIT:
+            Entropy: 5.701929107824438
+            Virtual Size: '0x159a'
+        .rsrc:
+            Entropy: 3.4202040685324873
+            Virtual Size: '0x778'
+        .reloc:
+            Entropy: 6.549466447440598
+            Virtual Size: '0x2b5c'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2012-08-02 03:35:11'
+    Imphash: e9077c03c44a511c2c8eaf5bad9ab90b
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: TmComm.sys
+    MD5: 085d3423f3c12a17119920f1a293ab4d
+    SHA1: d3daa971580b9f94002f7257de44fcef13bb1673
+    SHA256: 5192ec4501d0fe0b1c8f7bf9b778f7524a7a70a26bbbb66e5dab8480f6fdbb8b
+    Authentihash:
+        MD5: 037efb773500b55fa774ab62ef60838c
+        SHA1: 9b1bc87c26d4a75e929ba54b88d32909d3cc6e5a
+        SHA256: 2e37c0e580bf6f0514af985b1581fef3d66b845aeefa790c625964512a911659
+    Description: TrendMicro Common Module
+    Company: Trend Micro Inc.
+    InternalName: TmComm.sys
+    OriginalFilename: TmComm.sys
+    FileVersion: 6.70.0.1073
+    Product: Trend Micro Eyes
+    ProductVersion: '6.70'
+    Copyright: Copyright (C) 2015 Trend Micro Incorporated. All rights reserved.
+    MachineType: I386
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    - CLASSPNP.SYS
+    ExportedFunctions:
+    - ??0CAutoUpdateConfigThread@@QAE@ABV0@@Z
+    - ??0CAutoUpdateConfigThread@@QAE@PAU_UNICODE_STRING@@P6GX0PAX@Z1@Z
+    - ??0CBlobConfig@@QAE@ABV0@@Z
+    - ??0CBlobConfig@@QAE@K@Z
+    - ??0CContext@@QAE@ABV0@@Z
+    - ??0CContext@@QAE@KP6GJPAU_EVENT_REPORT@@PAXPAU_TMCE_REPORT@@PAU_TMCE_FEEDBACK@@@Z1K@Z
+    - ??0CContextList@@QAE@ABV0@@Z
+    - ??0CContextList@@QAE@KPAVIMemoryAllocator@@@Z
+    - ??0CDebugLog@@QAE@ABV0@@Z
+    - ??0CDebugLog@@QAE@PBG@Z
+    - ??0CDebugLogEx@@QAE@ABV0@@Z
+    - ??0CDebugLogEx@@QAE@K@Z
+    - ??0CDelayLoadThread@@QAE@ABV0@@Z
+    - ??0CDelayLoadThread@@QAE@XZ
+    - ??0CExclusionExtConfig@@QAE@ABV0@@Z
+    - ??0CExclusionExtConfig@@QAE@KKE@Z
+    - ??0CExclusionFileNameConfig@@QAE@ABV0@@Z
+    - ??0CExclusionFileNameConfig@@QAE@KK@Z
+    - ??0CExclusionFilePathConfig@@QAE@ABV0@@Z
+    - ??0CExclusionFilePathConfig@@QAE@KK@Z
+    - ??0CExclusionFolderConfig@@QAE@ABV0@@Z
+    - ??0CExclusionFolderConfig@@QAE@KK@Z
+    - ??0CExclusionRegistryConfig@@QAE@ABV0@@Z
+    - ??0CExclusionRegistryConfig@@QAE@KK@Z
+    - ??0CFile@@QAE@ABV0@@Z
+    - ??0CFile@@QAE@E@Z
+    - ??0CFileExtension@@QAE@ABV0@@Z
+    - ??0CFileExtension@@QAE@KEEPAVIMemoryAllocator@@@Z
+    - ??0CInclusionExtConfig@@QAE@ABV0@@Z
+    - ??0CInclusionExtConfig@@QAE@KKE@Z
+    - ??0CInclusionFileNameConfig@@QAE@ABV0@@Z
+    - ??0CInclusionFileNameConfig@@QAE@KK@Z
+    - ??0CInclusionFilePathConfig@@QAE@ABV0@@Z
+    - ??0CInclusionFilePathConfig@@QAE@KK@Z
+    - ??0CInclusionFolderConfig@@QAE@ABV0@@Z
+    - ??0CInclusionFolderConfig@@QAE@KK@Z
+    - ??0CKEvent@@QAE@ABV0@@Z
+    - ??0CKEvent@@QAE@W4_EVENT_TYPE@@E@Z
+    - ??0CList@@QAE@ABV0@@Z
+    - ??0CList@@QAE@KPAVIMemoryAllocator@@@Z
+    - ??0CLockEvent@@QAE@ABV0@@Z
+    - ??0CLockEvent@@QAE@XZ
+    - ??0CLockList@@QAE@ABV0@@Z
+    - ??0CLockList@@QAE@KKPAVIMemoryAllocator@@@Z
+    - ??0CMemoryAllocator@@IAE@W4_POOL_TYPE@@K@Z
+    - ??0CMemoryAllocator@@QAE@ABV0@@Z
+    - ??0CMemoryPoolAllocator@@IAE@W4_POOL_TYPE@@KKK@Z
+    - ??0CMemoryPoolAllocator@@QAE@ABV0@@Z
+    - ??0CModuleConfig@@QAE@ABV0@@Z
+    - ??0CModuleConfig@@QAE@XZ
+    - ??0CModuleConfigList@@QAE@ABV0@@Z
+    - ??0CModuleConfigList@@QAE@KPAVIMemoryAllocator@@@Z
+    - ??0CModuleFileExtConfig@@QAE@ABV0@@Z
+    - ??0CModuleFileExtConfig@@QAE@KKE@Z
+    - ??0CModuleFlagConfig@@QAE@ABV0@@Z
+    - ??0CModuleFlagConfig@@QAE@K@Z
+    - ??0CModuleMultiStringConfig@@QAE@ABV0@@Z
+    - ??0CModuleMultiStringConfig@@QAE@KK@Z
+    - ??0CModuleStringConfig@@QAE@ABV0@@Z
+    - ??0CModuleStringConfig@@QAE@K@Z
+    - ??0CNoLockList@@QAE@ABV0@@Z
+    - ??0CNoLockList@@QAE@KKPAVIMemoryAllocator@@@Z
+    - ??0CSmartLock@@QAE@AAVCLockEvent@@@Z
+    - ??0CSmartLock@@QAE@XZ
+    - ??0CSmartReference@@QAE@AAJ@Z
+    - ??0CSmartReference@@QAE@AAK@Z
+    - ??0CSmartResource@@QAE@AAVCResource@@E@Z
+    - ??0CStrList@@QAE@ABV0@@Z
+    - ??0CStrList@@QAE@KPAVIMemoryAllocator@@@Z
+    - ??0CSystemThread@@QAE@ABV0@@Z
+    - ??0CSystemThread@@QAE@K@Z
+    - ??0CUserFuncAdapterJob@@QAE@ABV0@@Z
+    - ??0CUserFuncAdapterJob@@QAE@P6GXPAX@Z01@Z
+    - ??0CWorkerThread@@IAE@PAVCWorkerThreadJobQueue@@@Z
+    - ??0CWorkerThread@@QAE@ABV0@@Z
+    - ??0CWorkerThreadJob@@QAE@ABV0@@Z
+    - ??0CWorkerThreadJob@@QAE@E@Z
+    - ??0CWorkerThreadJobQueue@@QAE@ABV0@@Z
+    - ??0CWorkerThreadJobQueue@@QAE@K@Z
+    - ??0CWorkerThreadPool@@QAE@ABV0@@Z
+    - ??0CWorkerThreadPool@@QAE@K@Z
+    - ??0CWorkerThreadPoolEx@@QAE@ABV0@@Z
+    - ??0CWorkerThreadPoolEx@@QAE@KK@Z
+    - ??0IMemoryAllocator@@QAE@ABV0@@Z
+    - ??0IMemoryAllocator@@QAE@XZ
+    - ??1CAutoUpdateConfigThread@@UAE@XZ
+    - ??1CBlobConfig@@UAE@XZ
+    - ??1CContext@@UAE@XZ
+    - ??1CContextList@@UAE@XZ
+    - ??1CDebugLog@@UAE@XZ
+    - ??1CDebugLogEx@@UAE@XZ
+    - ??1CDelayLoadThread@@UAE@XZ
+    - ??1CExclusionExtConfig@@UAE@XZ
+    - ??1CExclusionFileNameConfig@@UAE@XZ
+    - ??1CExclusionFilePathConfig@@UAE@XZ
+    - ??1CExclusionFolderConfig@@UAE@XZ
+    - ??1CExclusionRegistryConfig@@UAE@XZ
+    - ??1CFile@@UAE@XZ
+    - ??1CFileExtension@@UAE@XZ
+    - ??1CInclusionExtConfig@@UAE@XZ
+    - ??1CInclusionFileNameConfig@@UAE@XZ
+    - ??1CInclusionFilePathConfig@@UAE@XZ
+    - ??1CInclusionFolderConfig@@UAE@XZ
+    - ??1CKEvent@@UAE@XZ
+    - ??1CList@@UAE@XZ
+    - ??1CLockEvent@@UAE@XZ
+    - ??1CLockList@@UAE@XZ
+    - ??1CMemoryAllocator@@UAE@XZ
+    - ??1CMemoryPoolAllocator@@UAE@XZ
+    - ??1CModuleConfig@@UAE@XZ
+    - ??1CModuleConfigList@@UAE@XZ
+    - ??1CModuleFileExtConfig@@UAE@XZ
+    - ??1CModuleFlagConfig@@UAE@XZ
+    - ??1CModuleMultiStringConfig@@UAE@XZ
+    - ??1CModuleStringConfig@@UAE@XZ
+    - ??1CNoLockList@@UAE@XZ
+    - ??1CSmartLock@@QAE@XZ
+    - ??1CSmartReference@@QAE@XZ
+    - ??1CSmartResource@@QAE@XZ
+    - ??1CStrList@@UAE@XZ
+    - ??1CSystemThread@@UAE@XZ
+    - ??1CUserFuncAdapterJob@@UAE@XZ
+    - ??1CWorkerThread@@UAE@XZ
+    - ??1CWorkerThreadJob@@UAE@XZ
+    - ??1CWorkerThreadJobQueue@@UAE@XZ
+    - ??1CWorkerThreadPool@@UAE@XZ
+    - ??1CWorkerThreadPoolEx@@UAE@XZ
+    - ??1IMemoryAllocator@@UAE@XZ
+    - ??2@YAPAXIPAVIMemoryAllocator@@PBDK@Z
+    - ??2CMemoryAllocator@@SGPAXI@Z
+    - ??2CMemoryPoolAllocator@@SGPAXI@Z
+    - ??3@YAXPAX@Z
+    - ??3IMemoryAllocator@@SGXPAX@Z
+    - ??4CAutoUpdateConfigThread@@QAEAAV0@ABV0@@Z
+    - ??4CBlobConfig@@QAEAAV0@ABV0@@Z
+    - ??4CContext@@QAEAAV0@ABV0@@Z
+    - ??4CDebugLog@@QAEAAV0@ABV0@@Z
+    - ??4CDebugLogEx@@QAEAAV0@ABV0@@Z
+    - ??4CDelayLoadThread@@QAEAAV0@ABV0@@Z
+    - ??4CFile@@QAEAAV0@ABV0@@Z
+    - ??4CKEvent@@QAEAAV0@ABV0@@Z
+    - ??4CLockEvent@@QAEAAV0@ABV0@@Z
+    - ??4CMemoryAllocator@@QAEAAV0@ABV0@@Z
+    - ??4CMemoryPoolAllocator@@QAEAAV0@ABV0@@Z
+    - ??4CModuleConfig@@QAEAAV0@ABV0@@Z
+    - ??4CModuleFlagConfig@@QAEAAV0@ABV0@@Z
+    - ??4CModuleStringConfig@@QAEAAV0@ABV0@@Z
+    - ??4CSmartLock@@QAEAAV0@ABV0@@Z
+    - ??4CSmartLock@@QAEABV0@AAVCLockEvent@@@Z
+    - ??4CSmartResource@@QAEAAV0@ABV0@@Z
+    - ??4CSystemThread@@QAEAAV0@ABV0@@Z
+    - ??4CUserFuncAdapterJob@@QAEAAV0@ABV0@@Z
+    - ??4CWorkerThread@@QAEAAV0@ABV0@@Z
+    - ??4CWorkerThreadJob@@QAEAAV0@ABV0@@Z
+    - ??4IMemoryAllocator@@QAEAAV0@ABV0@@Z
+    - ??_7CAutoUpdateConfigThread@@6B@
+    - ??_7CBlobConfig@@6B@
+    - ??_7CContext@@6B@
+    - ??_7CContextList@@6B@
+    - ??_7CDebugLog@@6B@
+    - ??_7CDebugLogEx@@6B@
+    - ??_7CDelayLoadThread@@6B@
+    - ??_7CExclusionExtConfig@@6B@
+    - ??_7CExclusionFileNameConfig@@6B@
+    - ??_7CExclusionFilePathConfig@@6B@
+    - ??_7CExclusionFolderConfig@@6B@
+    - ??_7CExclusionRegistryConfig@@6B@
+    - ??_7CFile@@6B@
+    - ??_7CFileExtension@@6B@
+    - ??_7CInclusionExtConfig@@6B@
+    - ??_7CInclusionFileNameConfig@@6B@
+    - ??_7CInclusionFilePathConfig@@6B@
+    - ??_7CInclusionFolderConfig@@6B@
+    - ??_7CKEvent@@6B@
+    - ??_7CList@@6B@
+    - ??_7CLockEvent@@6B@
+    - ??_7CLockList@@6B@
+    - ??_7CMemoryAllocator@@6B@
+    - ??_7CMemoryPoolAllocator@@6B@
+    - ??_7CModuleConfig@@6B@
+    - ??_7CModuleConfigList@@6B@
+    - ??_7CModuleFileExtConfig@@6B@
+    - ??_7CModuleFlagConfig@@6B@
+    - ??_7CModuleMultiStringConfig@@6B@
+    - ??_7CModuleStringConfig@@6B@
+    - ??_7CNoLockList@@6B@
+    - ??_7CStrList@@6B@
+    - ??_7CSystemThread@@6B@
+    - ??_7CUserFuncAdapterJob@@6B@
+    - ??_7CWorkerThread@@6B@
+    - ??_7CWorkerThreadJob@@6B@
+    - ??_7CWorkerThreadJobQueue@@6B@
+    - ??_7CWorkerThreadPool@@6B@
+    - ??_7CWorkerThreadPoolEx@@6B@
+    - ??_7IMemoryAllocator@@6B@
+    - ??_FCContextList@@QAEXXZ
+    - ??_FCFile@@QAEXXZ
+    - ??_FCFileExtension@@QAEXXZ
+    - ??_FCModuleConfigList@@QAEXXZ
+    - ??_FCStrList@@QAEXXZ
+    - ??_FCSystemThread@@QAEXXZ
+    - ??_FCWorkerThread@@QAEXXZ
+    - ??_FCWorkerThreadJob@@QAEXXZ
+    - ??_FCWorkerThreadJobQueue@@QAEXXZ
+    - ??_U@YAPAXIPAVIMemoryAllocator@@PBDK@Z
+    - ??_V@YAXPAX@Z
+    - ?Acquire@CLockEvent@@QAEXXZ
+    - ?Add@CContextList@@QAEEPAVCContext@@@Z
+    - ?Add@CFileExtension@@QAEEPBGK@Z
+    - ?Add@CModuleConfigList@@QAEEPAVCModuleConfig@@@Z
+    - ?Add@CStrList@@QAEEPBG@Z
+    - ?AddNode@CLockList@@UAEEQAXE@Z
+    - ?AddNode@CNoLockList@@UAEEQAXE@Z
+    - ?Alloc@CMemoryAllocator@@UAEPAXKPBDK@Z
+    - ?Alloc@CMemoryPoolAllocator@@UAEPAXKPBDK@Z
+    - ?AllocBlock@CMemoryPoolAllocator@@IAEPAXK@Z
+    - ?AttachJobQueue@CWorkerThread@@QAEXPAVCWorkerThreadJobQueue@@@Z
+    - ?Cancel@CWorkerThreadJob@@QAEXXZ
+    - ?CheckNode@CLockList@@UAEHQAX@Z
+    - ?CheckNode@CNoLockList@@UAEHQAX@Z
+    - ?CleanQueue@CWorkerThreadJobQueue@@QAEXXZ
+    - ?Cleanup@CBlobConfig@@AAEXXZ
+    - ?Cleanup@CModuleFileExtConfig@@IAEXXZ
+    - ?Cleanup@CModuleMultiStringConfig@@IAEXXZ
+    - ?Cleanup@CModuleStringConfig@@AAEXXZ
+    - ?Close@CFile@@QAEJXZ
+    - ?Count@CLockList@@QAEKXZ
+    - ?Count@CNoLockList@@QAEKXZ
+    - ?Create@CFile@@QAEJPBGKKKK@Z
+    - ?Create@CSystemThread@@QAEEXZ
+    - ?CreateInstance@CMemoryAllocator@@SGPAV1@W4_POOL_TYPE@@K@Z
+    - ?CreateInstance@CMemoryPoolAllocator@@SGPAV1@W4_POOL_TYPE@@KKK@Z
+    - ?CreatePool@CWorkerThreadPool@@QAEEXZ
+    - ?CreatePool@CWorkerThreadPoolEx@@QAEEXZ
+    - ?CreateThreads@CWorkerThreadPool@@QAEEK@Z
+    - ?CreateThreads@CWorkerThreadPoolEx@@QAEEK@Z
+    - ?CreateWIRP@CFile@@QAEJPBGKKKK@Z
+    - ?Delete@CFile@@QAEJXZ
+    - ?Delete@CFileExtension@@QAEEPBGK@Z
+    - ?Delete@CStrList@@QAEEPBG@Z
+    - ?DeleteAll@CList@@UAEXXZ
+    - ?DeleteAll@CLockList@@UAEXXZ
+    - ?DeleteAll@CNoLockList@@UAEXXZ
+    - ?DeleteNode@CContextList@@MAEXPAX@Z
+    - ?DeleteNode@CList@@UAEXPAX@Z
+    - ?DeleteNode@CModuleConfigList@@MAEXPAX@Z
+    - ?DeleteNode@CStrList@@EAEXPAU_STR_LIST_NODE@1@@Z
+    - ?DisableWriteProtectFromCR0@@YGXPAPAX@Z
+    - ?DoIt@CWorkerThreadJob@@QAEJXZ
+    - ?EntryPoint@CSystemThread@@KGXPAX@Z
+    - ?Find@CContextList@@QAEPAVCContext@@K@Z
+    - ?Find@CContextList@@QAEPAVCContext@@PAX@Z
+    - ?Find@CFileExtension@@QAEPAU_STR_LIST_NODE@CStrList@@PBGK@Z
+    - ?Find@CModuleConfigList@@QAEPAVCModuleConfig@@K@Z
+    - ?Find@CStrList@@QAEPAU_STR_LIST_NODE@1@PBG@Z
+    - ?FindNode@CContextList@@IAEPAXPAX@Z
+    - ?FindPartiallyAndAllMatch@CStrList@@QAEPAU_STR_LIST_NODE@1@PBG@Z
+    - ?FinishFunction@CUserFuncAdapterJob@@MAEXXZ
+    - ?FinishIt@CWorkerThreadJob@@QAEJXZ
+    - ?First@CList@@UAEPAXXZ
+    - ?First@CLockList@@UAEPAXXZ
+    - ?First@CNoLockList@@UAEPAXXZ
+    - ?Free@CMemoryAllocator@@UAEXPAX@Z
+    - ?Free@CMemoryPoolAllocator@@UAEXPAX@Z
+    - ?GetAttributes@CFile@@QAEKXZ
+    - ?GetBasicInfomration@CFile@@IAEJXZ
+    - ?GetBlobCofig@CContext@@UAEJKPAXPAK@Z
+    - ?GetCategory@CContext@@QAEKXZ
+    - ?GetData@CBlobConfig@@QAEHPAXPAK@Z
+    - ?GetData@CModuleFileExtConfig@@QAEHPAGPAK@Z
+    - ?GetData@CModuleFileExtConfig@@QAEPAVCFileExtension@@XZ
+    - ?GetData@CModuleFlagConfig@@QAEKXZ
+    - ?GetData@CModuleMultiStringConfig@@QAEHPAGPAK@Z
+    - ?GetData@CModuleMultiStringConfig@@QAEPAVCStrList@@XZ
+    - ?GetData@CModuleStringConfig@@QAEPAGXZ
+    - ?GetData@CStrList@@QAEEPAGPAK@Z
+    - ?GetDataType@CModuleConfig@@QAEKXZ
+    - ?GetEngineContext@CContext@@QAEPAXXZ
+    - ?GetFileExtensionConfig@CContext@@QAEPAVCFileExtension@@K@Z
+    - ?GetFileExtensionConfig@CContext@@UAEJKPAGPAK@Z
+    - ?GetFileSize@CFile@@QAEJPAT_LARGE_INTEGER@@@Z
+    - ?GetFileSizeWIRP@CFile@@QAEJPAT_LARGE_INTEGER@@@Z
+    - ?GetFlagConfig@CContext@@UAEJKPAK@Z
+    - ?GetID@CModuleConfig@@QAEKXZ
+    - ?GetJob@CWorkerThreadJobQueue@@QAEPAVCWorkerThreadJob@@XZ
+    - ?GetLength@CModuleStringConfig@@QAEKXZ
+    - ?GetLinkContext@CContext@@QAEPAXXZ
+    - ?GetLogFlag@CDebugLog@@QAEKXZ
+    - ?GetLogFlag@CDebugLogEx@@QAEKXZ
+    - ?GetModuleId@CModuleConfig@@QAEKXZ
+    - ?GetMultiStringConfig@CContext@@QAEPAVCStrList@@K@Z
+    - ?GetMultiStringConfig@CContext@@UAEJKPAGPAK@Z
+    - ?GetOneThreadTEB@CWorkerThreadPool@@QAEPAU_ETHREAD@@XZ
+    - ?GetOneThreadTEB@CWorkerThreadPool@@QAEPAU_KTHREAD@@XZ
+    - ?GetOneThreadTEB@CWorkerThreadPoolEx@@QAEPAU_ETHREAD@@XZ
+    - ?GetOneThreadTEB@CWorkerThreadPoolEx@@QAEPAU_KTHREAD@@XZ
+    - ?GetReportCallBackRoutine@CContext@@QAEKXZ
+    - ?GetSize@CBlobConfig@@QAEKXZ
+    - ?GetStringConfig@CContext@@QAEPAGK@Z
+    - ?GetStringConfig@CContext@@UAEJKPAGPAK@Z
+    - ?GetThreadCount@CWorkerThreadPool@@QAEKXZ
+    - ?GetThreadCount@CWorkerThreadPoolEx@@QAEKXZ
+    - ?GetThreadID@CSystemThread@@QAEKXZ
+    - ?GetType@CContext@@QAEKXZ
+    - ?GetUserParameter@CContext@@QAEKXZ
+    - ?InitProcMon@CDebugLogEx@@IAEXXZ
+    - ?InitializeBlobConfig@CContext@@QAEHKPAXK@Z
+    - ?InitializeFileExtensionConfig@CContext@@QAEHKPBG@Z
+    - ?InitializeFlagConfig@CContext@@QAEHKK@Z
+    - ?InitializeMultiStringConfig@CContext@@QAEHKPBG@Z
+    - ?InitializeStringConfig@CContext@@QAEHKPBG@Z
+    - ?Insert@CList@@UAEXQAXE@Z
+    - ?Insert@CLockList@@UAEXQAXE@Z
+    - ?Insert@CNoLockList@@UAEXQAXE@Z
+    - ?InsertAfter@CList@@UAEXPAX0@Z
+    - ?InsertBefore@CList@@UAEXPAX0@Z
+    - ?Instance@CWorkerThreadPool@@SGPAV1@XZ
+    - ?IsEmpty@CList@@UAEEXZ
+    - ?IsEmpty@CLockList@@UAEEXZ
+    - ?IsEmpty@CNoLockList@@UAEEXZ
+    - ?IsExceedLimitation@CMemoryPoolAllocator@@IAEEK@Z
+    - ?IsFull@CLockList@@QBEEXZ
+    - ?IsFull@CNoLockList@@QBEEXZ
+    - ?IsInExclusionList@CExclusionExtConfig@@QAEEPBG@Z
+    - ?IsInExclusionList@CExclusionFileNameConfig@@QAEEPBG@Z
+    - ?IsInExclusionList@CExclusionFilePathConfig@@QAEEPBG@Z
+    - ?IsInExclusionList@CExclusionFolderConfig@@QAEEPBG@Z
+    - ?IsInExclusionList@CExclusionRegistryConfig@@QAEEPBG@Z
+    - ?IsInInclusionList@CInclusionExtConfig@@QAEEPBG@Z
+    - ?IsInInclusionList@CInclusionFileNameConfig@@QAEEPBG@Z
+    - ?IsInInclusionList@CInclusionFilePathConfig@@QAEEPBG@Z
+    - ?IsInInclusionList@CInclusionFolderConfig@@QAEEPBG@Z
+    - ?IsOpened@CFile@@QAEEXZ
+    - ?IsTerminated@CWorkerThreadPool@@QAEEXZ
+    - ?IsTerminated@CWorkerThreadPoolEx@@QAEEXZ
+    - ?IsValid@CMemoryAllocator@@UAEEXZ
+    - ?IsValid@CMemoryPoolAllocator@@UAEEXZ
+    - ?IsValid@IMemoryAllocator@@UAEEXZ
+    - ?IsWorkerThread@CWorkerThreadPool@@QAEEK@Z
+    - ?IsWorkerThread@CWorkerThreadPoolEx@@QAEEK@Z
+    - ?JobFunction@CUserFuncAdapterJob@@MAEXXZ
+    - ?JobQueue@CWorkerThreadPool@@QAEAAVCWorkerThreadJobQueue@@XZ
+    - ?JobQueue@CWorkerThreadPoolEx@@QAEAAVCWorkerThreadJobQueue@@XZ
+    - ?Limit@CLockList@@QAEKXZ
+    - ?Limit@CNoLockList@@QAEKXZ
+    - ?MatchAllExtensions@CFileExtension@@QAEEXZ
+    - ?MatchNoExtensions@CFileExtension@@QAEEXZ
+    - ?MergeLeft@CMemoryPoolAllocator@@IAEPAXPAX@Z
+    - ?MergeRight@CMemoryPoolAllocator@@IAEPAXPAX@Z
+    - ?NeedDelete@CWorkerThreadJob@@QAEEXZ
+    - ?NeedDeleteWhenFinish@CWorkerThreadJob@@QAEXE@Z
+    - ?NewNode@CList@@UAEPAXXZ
+    - ?NewNode@CStrList@@EAEPAXXZ
+    - ?NewNodeVariant@CList@@IAEPAXK@Z
+    - ?Next@CList@@UBEPAXQAX@Z
+    - ?Next@CLockList@@UBEPAXQAX@Z
+    - ?Next@CNoLockList@@UBEPAXQAX@Z
+    - ?NextPool@CMemoryPoolAllocator@@QAEPAV1@XZ
+    - ?NotityTerminate@CWorkerThread@@QAEXXZ
+    - ?PostJobToWorkerThread@CWorkerThreadPool@@QAEJP6GXPAX@Z0E@Z
+    - ?PostJobToWorkerThread@CWorkerThreadPoolEx@@QAEJP6GXPAX@Z0E1@Z
+    - ?Pulse@CKEvent@@QAEJJE@Z
+    - ?QueueJob@CWorkerThreadJobQueue@@QAEEPAVCWorkerThreadJob@@@Z
+    - ?QueueJobItem@CWorkerThreadPool@@QAEJPAVCWorkerThreadJob@@@Z
+    - ?QueueJobItem@CWorkerThreadPoolEx@@QAEJPAVCWorkerThreadJob@@@Z
+    - ?RCMInstance@CWorkerThreadPool@@SGPAV1@XZ
+    - ?Read@CFile@@QAEJPADKPAK@Z
+    - ?ReadWIRP@CFile@@QAEJPADKPAK@Z
+    - ?ReferenceCount@CContext@@QAEAAKXZ
+    - ?Release@CLockEvent@@QAEXXZ
+    - ?Remove@CContextList@@UAEEQAX@Z
+    - ?Remove@CList@@UAEEQAX@Z
+    - ?Remove@CLockList@@UAEEQAX@Z
+    - ?Remove@CNoLockList@@UAEEQAX@Z
+    - ?RemoveHead@CList@@UAEPAXXZ
+    - ?RemoveHead@CLockList@@UAEPAXXZ
+    - ?RemoveHead@CNoLockList@@UAEPAXXZ
+    - ?RemoveTail@CList@@UAEPAXXZ
+    - ?RemoveTail@CLockList@@UAEPAXXZ
+    - ?RemoveTail@CNoLockList@@UAEPAXXZ
+    - ?Reset@CKEvent@@QAEXXZ
+    - ?ResetData@CInclusionExtConfig@@QAEXXZ
+    - ?ResetData@CInclusionFileNameConfig@@QAEXXZ
+    - ?ResetData@CInclusionFilePathConfig@@QAEXXZ
+    - ?ResetData@CInclusionFolderConfig@@QAEXXZ
+    - ?RestoreCR0@@YGXPAX@Z
+    - ?Run@CAutoUpdateConfigThread@@UAEXXZ
+    - ?Run@CDelayLoadThread@@UAEXXZ
+    - ?Run@CWorkerThread@@UAEXXZ
+    - ?SeekToEnd@CFile@@QAEJXZ
+    - ?Set@CKEvent@@QAEJJE@Z
+    - ?SetAttributes@CFile@@QAEJK@Z
+    - ?SetBlobCofig@CContext@@UAEJKPAXK@Z
+    - ?SetData@CBlobConfig@@QAEHPAXK@Z
+    - ?SetData@CModuleFileExtConfig@@QAEHPBG@Z
+    - ?SetData@CModuleFlagConfig@@QAEHK@Z
+    - ?SetData@CModuleMultiStringConfig@@QAEHPBGK@Z
+    - ?SetData@CModuleStringConfig@@QAEHPBG@Z
+    - ?SetEngineContext@CContext@@QAEXPAX@Z
+    - ?SetFileExtensionConfig@CContext@@UAEJKPBG@Z
+    - ?SetFlagConfig@CContext@@UAEJKK@Z
+    - ?SetLinkContext@CContext@@QAEXPAX@Z
+    - ?SetLogFlag@CDebugLog@@QAEEK@Z
+    - ?SetLogFlag@CDebugLogEx@@QAEEK@Z
+    - ?SetMatchAllExtensions@CFileExtension@@QAEXE@Z
+    - ?SetMatchNoExtensions@CFileExtension@@QAEXE@Z
+    - ?SetMultiStringConfig@CContext@@UAEJKPBG@Z
+    - ?SetNewJobItemEvent@CWorkerThreadJobQueue@@QAEXXZ
+    - ?SetPriority@CSystemThread@@QAEXK@Z
+    - ?SetStopUse@CContext@@QAEXXZ
+    - ?SetStringConfig@CContext@@UAEJKPBG@Z
+    - ?Setup@CSystemThread@@MAEXXZ
+    - ?StopUse@CContext@@QAEHXZ
+    - ?TearDown@CSystemThread@@MAEXXZ
+    - ?Terminate@CSystemThread@@QAEXE@Z
+    - ?Terminate@CWorkerThreadPool@@QAEEXZ
+    - ?Terminate@CWorkerThreadPoolEx@@QAEEXZ
+    - ?TmExceptionFilter@@YGJPAU_EXCEPTION_POINTERS@@@Z
+    - ?Wait@CKEvent@@QAEJPAT_LARGE_INTEGER@@E@Z
+    - ?WaitFinish@CWorkerThreadJob@@QAEXXZ
+    - ?WaitForInit@CDelayLoadThread@@QAEEXZ
+    - ?WaitForLoad@CDelayLoadThread@@QAEEXZ
+    - ?WaitNewJobAvailable@CWorkerThreadJobQueue@@QAEEXZ
+    - ?WaitQueueEmpty@CWorkerThreadJobQueue@@QAEXXZ
+    - ?Write@CDebugLog@@QAAXPBDZZ
+    - ?Write@CDebugLogEx@@QAAXPBDZZ
+    - ?Write@CFile@@QAEJPADKPAT_LARGE_INTEGER@@PAK@Z
+    - ?WriteDataToFile@CDebugLogEx@@IAEXPADK@Z
+    - ?WriteDataToProcMonW@CDebugLogEx@@IAEXPAD@Z
+    - ?WriteSystemInformation@CDebugLog@@QAEXXZ
+    - ?WriteSystemInformation@CDebugLogEx@@QAEXXZ
+    - ?WriteSystemStringInformation@CDebugLog@@IAEXPBG@Z
+    - ?WriteSystemStringInformation@CDebugLogEx@@IAEXPBG@Z
+    - ?WriteToFile@CDebugLog@@IAEXPADK@Z
+    - ?WriteToProcMonW@CDebugLogEx@@IAEXPAU_UNICODE_STRING@@@Z
+    - ?_pNonPagedAllocator@@3PAVCMemoryAllocator@@A
+    - ?_pPagedAllocator@@3PAVCMemoryAllocator@@A
+    - ?m_lpInstance@CWorkerThreadPool@@1PAV1@A
+    - ?m_lpRCMInstance@CWorkerThreadPool@@1PAV1@A
+    - _DeInitKm2UmCommunication@0
+    - _DeInitKmLPC@0
+    - _DuplicateFullFileName@4
+    - _FreeFullFileName@4
+    - _GetKm2UmMode@0
+    - _GetModuleInfoByAddress@8
+    - _GetModuleInfoByModuleName@8
+    - _InitKm2UmCommunication@8
+    - _InitKmLPC@0
+    - _IsVerifierCodeCheckFlagOn@0
+    - _IsWindows8_1_update@4
+    - _KmCallUm@8
+    - _KmCallUmByLPC@8
+    - _KmCallUmEx@12
+    - _KmCleanupCommPortAPIs@0
+    - _KmGetUmInitProcess@0
+    - _KmSetCommPortAPIs@4
+    - _ModGetExportProcAddress@8
+    - _ModLoadDLLToBuffer@4
+    - _ModLoadDLLToBufferWithImageSize@8
+    - _ModLoadModule@8
+    - _ModUnLoadModule@4
+    - _NormalizeFileName@4
+    - _NormalizeFullNtPathToDosName@4
+    - _TmCommConfigRoutine@4
+    - _UtilAddDeviceInDriveTable@4
+    - _UtilAddReparsePointMapping@8
+    - _UtilCleanFileReadOnly@4
+    - _UtilCloseExclusiveHandle@12
+    - _UtilCreateDosFileName@8
+    - _UtilDeleteFileForce@4
+    - _UtilGetDeviceObjectName@8
+    - _UtilGetFileNameFromFileObject@4
+    - _UtilGetFileObjectForProcessByEPROC@8
+    - _UtilGetFileObjectFromFileName@12
+    - _UtilGetProcessName@12
+    - _UtilGetSystemDirectory@4
+    - _UtilGetSystemDirectoryEx@0
+    - _UtilGetSystemDirectoryLength@0
+    - _UtilGetSystemTime@4
+    - _UtilIoSetFileInfo@24
+    - _UtilIopCreateFileIRP@40
+    - _UtilKeGetLowFileDevice@16
+    - _UtilModuleIATHook@24
+    - _UtilModuleIATUnHook@8
+    - _UtilPostJobToWorkerThread@12
+    - _UtilQueryExclusiveHandle@12
+    - _UtilQueryKeyValue@24
+    - _UtilRemoveDeviceFromDriveTable@4
+    - _UtilVolumeDeviceToDosName@8
+    - _UtilWaitValueChangeToZero@8
+    - _UtilWriteVersionToRegistry@8
+    - _UtilbuildDynamicDiskMappingTable@0
+    - _UtlWriteBinValueKeyToRegistry@16
+    - _ValidateAddressWithSize@20
+    - __ResetProtectFromClose@4
+    - __UtilDosPathNameToNtPathName@12
+    ImportedFunctions:
+    - wcsrchr
+    - KeSetEvent
+    - KePulseEvent
+    - KeClearEvent
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - ObfDereferenceObject
+    - ZwSetEvent
+    - ZwClose
+    - ZwConnectPort
+    - RtlInitUnicodeString
+    - RtlUnicodeStringToInteger
+    - ZwCreateSection
+    - ZwWaitForSingleObject
+    - ZwOpenEvent
+    - IoGetCurrentProcess
+    - ObfReferenceObject
+    - DbgBreakPoint
+    - ZwRequestWaitReplyPort
+    - ExFreePoolWithTag
+    - ProbeForWrite
+    - ZwFreeVirtualMemory
+    - ZwAllocateVirtualMemory
+    - ObOpenObjectByPointer
+    - PsProcessType
+    - memmove
+    - PsGetProcessExitTime
+    - MmSectionObjectType
+    - PsThreadType
+    - ObReleaseObjectSecurity
+    - SeReleaseSubjectContext
+    - SeAccessCheck
+    - SeCaptureSubjectContext
+    - ObGetObjectSecurity
+    - DbgPrint
+    - memset
+    - MmIsAddressValid
+    - ExInitializeResourceLite
+    - ExDeleteResourceLite
+    - ZwWriteFile
+    - ZwReadFile
+    - ZwQueryInformationFile
+    - ZwSetInformationFile
+    - ZwCreateFile
+    - swprintf
+    - towupper
+    - _wcsnicmp
+    - ExAllocatePoolWithTag
+    - KeInitializeEvent
+    - _snprintf
+    - PsGetCurrentProcessId
+    - RtlTimeToTimeFields
+    - ExSystemTimeToLocalTime
+    - KeQuerySystemTime
+    - PsGetCurrentThreadId
+    - RtlInitAnsiString
+    - ZwDeviceIoControlFile
+    - ZwCreateKey
+    - ZwCreateEvent
+    - KeWaitForMultipleObjects
+    - ObReferenceObjectByHandle
+    - ZwNotifyChangeKey
+    - _vsnprintf
+    - RtlFreeUnicodeString
+    - RtlAnsiStringToUnicodeString
+    - RtlEqualUnicodeString
+    - RtlAppendUnicodeStringToString
+    - RtlCopyUnicodeString
+    - RtlUpcaseUnicodeChar
+    - ExGetPreviousMode
+    - KeWaitForSingleObject
+    - KeSetPriorityThread
+    - PsTerminateSystemThread
+    - PsCreateSystemThread
+    - KeDelayExecutionThread
+    - KeNumberProcessors
+    - ZwQueryInformationProcess
+    - PsLookupProcessByProcessId
+    - ZwOpenDirectoryObject
+    - PsSetCreateProcessNotifyRoutine
+    - ZwQuerySystemInformation
+    - ZwQueryDirectoryFile
+    - ZwQueryDirectoryObject
+    - ZwOpenKey
+    - ZwEnumerateKey
+    - ZwEnumerateValueKey
+    - ZwQueryValueKey
+    - ZwDeleteValueKey
+    - ZwDeleteKey
+    - ZwTerminateProcess
+    - ZwOpenProcess
+    - ZwQueryKey
+    - ZwSetValueKey
+    - IoFileObjectType
+    - _allrem
+    - ZwQuerySecurityObject
+    - memcpy
+    - RtlLengthSecurityDescriptor
+    - MmHighestUserAddress
+    - IoFreeIrp
+    - IoFreeMdl
+    - _purecall
+    - IoBuildAsynchronousFsdRequest
+    - _strnicmp
+    - RtlQueryRegistryValues
+    - RtlAppendUnicodeToString
+    - mbstowcs
+    - ZwQuerySymbolicLinkObject
+    - ZwOpenSymbolicLinkObject
+    - NtClose
+    - ObQueryNameString
+    - MmGetSystemRoutineAddress
+    - ZwSetInformationObject
+    - _stricmp
+    - ZwUnmapViewOfSection
+    - ZwMapViewOfSection
+    - ZwOpenFile
+    - IoCreateFile
+    - IofCallDriver
+    - IoAllocateIrp
+    - MmBuildMdlForNonPagedPool
+    - IoAllocateMdl
+    - ProbeForRead
+    - PsGetVersion
+    - RtlImageNtHeader
+    - RtlCompareMemory
+    - RtlUpcaseUnicodeString
+    - _snwprintf
+    - MmSystemRangeStart
+    - wcsncmp
+    - strrchr
+    - ZwQueryVolumeInformationFile
+    - ObReferenceObjectByPointer
+    - IoBuildDeviceIoControlRequest
+    - ZwOpenSection
+    - _allmul
+    - KeReleaseSemaphore
+    - RtlLengthRequiredSid
+    - RtlInitializeSid
+    - RtlSubAuthoritySid
+    - RtlSetDaclSecurityDescriptor
+    - RtlCreateSecurityDescriptor
+    - RtlAddAccessAllowedAce
+    - RtlCreateAcl
+    - KeInitializeSemaphore
+    - IofCompleteRequest
+    - ExEventObjectType
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - IoCreateSymbolicLink
+    - IoGetDeviceObjectPointer
+    - RtlUpperChar
+    - ObReferenceObjectByName
+    - IoDriverObjectType
+    - RtlCompareUnicodeString
+    - strncpy
+    - KeServiceDescriptorTable
+    - NtOpenProcess
+    - ObOpenObjectByName
+    - NtQueryInformationProcess
+    - PsIsThreadTerminating
+    - KeAddSystemServiceTable
+    - ZwFsControlFile
+    - ObInsertObject
+    - IoReleaseVpbSpinLock
+    - IoAcquireVpbSpinLock
+    - SeCreateAccessState
+    - IoGetFileObjectGenericMapping
+    - ObCreateObject
+    - _allshr
+    - ExInterlockedPopEntrySList
+    - IoGetStackLimits
+    - IoBuildSynchronousFsdRequest
+    - wcsstr
+    - IoUnregisterPlugPlayNotification
+    - FsRtlIsNameInExpression
+    - IoGetConfigurationInformation
+    - MmProbeAndLockPages
+    - IoGetDeviceInterfaces
+    - IoRegisterPlugPlayNotification
+    - ExAllocatePool
+    - RtlFreeAnsiString
+    - RtlUnicodeStringToAnsiString
+    - strncat
+    - wcschr
+    - wcsncat
+    - wcstombs
+    - KeTickCount
+    - KeBugCheckEx
+    - RtlUnwind
+    - wcsncpy
+    - ExReleaseResourceLite
+    - ExAcquireResourceExclusiveLite
+    - ExAcquireResourceSharedLite
+    - ExReleaseFastMutexUnsafe
+    - KeLeaveCriticalRegion
+    - KeEnterCriticalRegion
+    - ZwSetSecurityObject
+    - ExAcquireFastMutexUnsafe
+    - IoDeviceObjectType
+    - IoCreateDevice
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetSaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - SeExports
+    - IoIsWdmVersionAvailable
+    - RtlLengthSid
+    - RtlAbsoluteToSelfRelativeSD
+    - MmUnlockPages
+    - KeGetCurrentThread
+    - KfAcquireSpinLock
+    - KfReleaseSpinLock
+    - KeRaiseIrqlToDpcLevel
+    - KfLowerIrql
+    - ExAcquireFastMutex
+    - ExReleaseFastMutex
+    - KeGetCurrentIrql
+    - KfRaiseIrql
+    - ClassInitialize
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited,
+                CN=COMODO Time Stamping Signer
+            ValidFrom: '2015-05-05 00:00:00'
+            ValidTo: '2015-12-31 23:59:59'
+            Signature: 0dbbad60111bb5f00dcce6483a7a3e0e33dc1cb9ead620fea34dd0cc764ee818d879dfd34f9a4264238a29728a3a6c66a63c3a17a8704565c673c3d0ce8954fbac690f58b019cb869f7eb97eeb5192bf9bddebd165f0257b887cdebda5c8b51451bcc081308a85387be679fe67559387fe4fe88d0eedf37292b5c289806dd159e31d0deab138ee039d0019a5ab219b79c3ccc23e687ebdc94d694db46451fbb22874e25389ce9dfaade2dbceab7b7e064474fd0aa3c9b7a730cd49d29264f122a6b828457479e9a7ce3b33f98350947d68c01d49c760787a3c6426d5befa0a6de41ee109538fa9c523acc79d614221f02c1671493b10af2c6f1ae631f114fd6c
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 009feac811b0f16247a5fc20d80523ace6
+            Version: 3
+            TBS:
+                MD5: b6aa9cf28bcfc9f07ec1069fb425ab61
+                SHA1: ca7a166fcd53878ba5a38d4cac37c63513cfc1fa
+                SHA256: 711394fc49f8948a831f687d42ced6b18514f57786ecc6cdbc3c3eb72e568a40
+                SHA384: ca01f9c9ed4e1ddff7126b7bbf618bc8132429886ca563f86655429e928739c621b9fdea6e04a623712cbb998c5c7d77
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=TW, ST=Taiwan, L=Taipei, O=Trend Micro, Inc., CN=Trend Micro,
+                Inc.
+            ValidFrom: '2015-02-20 00:00:00'
+            ValidTo: '2016-05-21 23:59:59'
+            Signature: e480eb7f78216a855e34dbcb712d3879d6b1744c823c8e78c3661e55182a5c1f3a03686169393ef8778c893a49604a79769f5ba7156426c5431ae729a8dc5f8e22b14d124e46eff3f4f660552a57250a15e15d07ad548a02cddf8a204b5010be387a05b1019f618cf15078d80a809a7272b1822a63862c7db194f12697a786001ef630ac9d8bf9f5475191f327b8ed4839dff1ef65e5eb8f91379a66366451f99cb633848c57d4392096e6080fa327b23fc3834ad4f6043904d6c5aeb35454a265b3fda38167cffa8394f092a74bad1ea386f63b7baeb95271a97fc3bff0a2bc96a834f280a254d7170e5cc2830f3bd0649178f8b04514ecd1103753b1762902
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1519396ee230f02cad1fcfdb077a35f0
+            Version: 3
+            TBS:
+                MD5: 7e2a6f93403382b4ec42463426d0a4b5
+                SHA1: 62acc697c0e2dc37f3d37ab79751637346e051e2
+                SHA256: 3e9a51973a839e5bc6e81c886e085b777d08ce2b24f816b7552cf2c44e322d59
+                SHA384: e6206b8dc5d081bcf85545a545ebe91bb0c796b5b94bf0b915223440f73a2cea4ca0981d8da85ae07384918a1f7c927d
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 1519396ee230f02cad1fcfdb077a35f0
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 5b33b237bab6e0b50320054616983177
+        SHA1: 754c63349a54279bb01f24974f9faf6da8294d27
+        SHA256: 001d9e469d2c4160f8fbff1c0aee013e72881cffb568910a2c1473a17bf858b2
+    Sections:
+        .text:
+            Entropy: 6.67128338092209
+            Virtual Size: '0x3846a'
+        .rdata:
+            Entropy: 4.982309760035619
+            Virtual Size: '0x249c'
+        .data:
+            Entropy: 4.3753627367754016
+            Virtual Size: '0x3180'
+        PAGE:
+            Entropy: 6.29167790866865
+            Virtual Size: '0x13dd'
+        .edata:
+            Entropy: 5.826712241683845
+            Virtual Size: '0x55d9'
+        INIT:
+            Entropy: 5.683406925828227
+            Virtual Size: '0x1676'
+        .rsrc:
+            Entropy: 3.40997749366868
+            Virtual Size: '0x760'
+        .reloc:
+            Entropy: 6.584936952359539
+            Virtual Size: '0x35ce'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2015-07-16 05:25:16'
+    Imphash: 383be1d728b0be96be1b810a131705ee
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: TmComm.sys
+    MD5: 08bac71557df8a9b1381c8c165f64520
+    SHA1: 891c8d482e23222498022845a6b349fe1a186bcc
+    SHA256: 61befeef14783eb0fed679fca179d2f5c33eb2dcbd40980669ca2ebeb3bf11cf
+    Authentihash:
+        MD5: cfb84fad4e23da054656c41b09c8c467
+        SHA1: 4dad9e501ec85acd2b405eca3fc1e5787d64ab34
+        SHA256: 14cfe7b4f7572aa3434ac5dd458a35f286538b34734cf7a310fb7bcba209921c
+    Description: TrendMicro Common Module
+    Company: Trend Micro Inc.
+    InternalName: TmComm.sys
+    OriginalFilename: TmComm.sys
+    FileVersion: 2.5.0.1106
+    Product: AEGIS
+    ProductVersion: '2.5'
+    Copyright: Copyright (C) 2005-2008 Trend Micro Incorporated. All rights reserved.
+    MachineType: I386
+    Imports:
+    - ntoskrnl.exe
+    - CLASSPNP.SYS
+    ExportedFunctions:
+    - ??0CAutoUpdateConfigThread@@QAE@ABV0@@Z
+    - ??0CAutoUpdateConfigThread@@QAE@PAU_UNICODE_STRING@@P6GX0PAX@Z1@Z
+    - ??0CBlobConfig@@QAE@ABV0@@Z
+    - ??0CBlobConfig@@QAE@K@Z
+    - ??0CContext@@QAE@ABV0@@Z
+    - ??0CContext@@QAE@KP6GJPAU_EVENT_REPORT@@PAXPAU_TMCE_REPORT@@PAU_TMCE_FEEDBACK@@@Z1K@Z
+    - ??0CContextList@@QAE@ABV0@@Z
+    - ??0CContextList@@QAE@KPAVIMemoryAllocator@@@Z
+    - ??0CDebugLog@@QAE@ABV0@@Z
+    - ??0CDebugLog@@QAE@PBG@Z
+    - ??0CExclusionExtConfig@@QAE@ABV0@@Z
+    - ??0CExclusionExtConfig@@QAE@KKE@Z
+    - ??0CExclusionFileNameConfig@@QAE@ABV0@@Z
+    - ??0CExclusionFileNameConfig@@QAE@KK@Z
+    - ??0CExclusionFilePathConfig@@QAE@ABV0@@Z
+    - ??0CExclusionFilePathConfig@@QAE@KK@Z
+    - ??0CExclusionFolderConfig@@QAE@ABV0@@Z
+    - ??0CExclusionFolderConfig@@QAE@KK@Z
+    - ??0CExclusionRegistryConfig@@QAE@ABV0@@Z
+    - ??0CExclusionRegistryConfig@@QAE@KK@Z
+    - ??0CFile@@QAE@ABV0@@Z
+    - ??0CFile@@QAE@E@Z
+    - ??0CFileExtension@@QAE@ABV0@@Z
+    - ??0CFileExtension@@QAE@KEEPAVIMemoryAllocator@@@Z
+    - ??0CKEvent@@QAE@ABV0@@Z
+    - ??0CKEvent@@QAE@W4_EVENT_TYPE@@E@Z
+    - ??0CList@@QAE@ABV0@@Z
+    - ??0CList@@QAE@KPAVIMemoryAllocator@@@Z
+    - ??0CLockEvent@@QAE@ABV0@@Z
+    - ??0CLockEvent@@QAE@XZ
+    - ??0CLockList@@QAE@ABV0@@Z
+    - ??0CLockList@@QAE@KKPAVIMemoryAllocator@@@Z
+    - ??0CMemoryAllocator@@IAE@W4_POOL_TYPE@@K@Z
+    - ??0CMemoryAllocator@@QAE@ABV0@@Z
+    - ??0CMemoryPoolAllocator@@IAE@W4_POOL_TYPE@@KKK@Z
+    - ??0CMemoryPoolAllocator@@QAE@ABV0@@Z
+    - ??0CModuleConfig@@QAE@ABV0@@Z
+    - ??0CModuleConfig@@QAE@XZ
+    - ??0CModuleConfigList@@QAE@ABV0@@Z
+    - ??0CModuleConfigList@@QAE@KPAVIMemoryAllocator@@@Z
+    - ??0CModuleFileExtConfig@@QAE@ABV0@@Z
+    - ??0CModuleFileExtConfig@@QAE@KKE@Z
+    - ??0CModuleFlagConfig@@QAE@ABV0@@Z
+    - ??0CModuleFlagConfig@@QAE@K@Z
+    - ??0CModuleMultiStringConfig@@QAE@ABV0@@Z
+    - ??0CModuleMultiStringConfig@@QAE@KK@Z
+    - ??0CModuleStringConfig@@QAE@ABV0@@Z
+    - ??0CModuleStringConfig@@QAE@K@Z
+    - ??0CSmartLock@@QAE@AAVCLockEvent@@@Z
+    - ??0CSmartLock@@QAE@XZ
+    - ??0CSmartReference@@QAE@AAJ@Z
+    - ??0CSmartReference@@QAE@AAK@Z
+    - ??0CStrList@@QAE@ABV0@@Z
+    - ??0CStrList@@QAE@KPAVIMemoryAllocator@@@Z
+    - ??0CSystemThread@@QAE@ABV0@@Z
+    - ??0CSystemThread@@QAE@K@Z
+    - ??0CUserFuncAdapterJob@@QAE@ABV0@@Z
+    - ??0CUserFuncAdapterJob@@QAE@P6GXPAX@Z0@Z
+    - ??0CWorkerThread@@IAE@PAVCWorkerThreadJobQueue@@@Z
+    - ??0CWorkerThread@@QAE@ABV0@@Z
+    - ??0CWorkerThreadJob@@QAE@ABV0@@Z
+    - ??0CWorkerThreadJob@@QAE@E@Z
+    - ??0CWorkerThreadJobQueue@@QAE@ABV0@@Z
+    - ??0CWorkerThreadJobQueue@@QAE@K@Z
+    - ??0CWorkerThreadPool@@QAE@ABV0@@Z
+    - ??0CWorkerThreadPool@@QAE@K@Z
+    - ??0IMemoryAllocator@@QAE@ABV0@@Z
+    - ??0IMemoryAllocator@@QAE@XZ
+    - ??1CAutoUpdateConfigThread@@UAE@XZ
+    - ??1CBlobConfig@@UAE@XZ
+    - ??1CContext@@UAE@XZ
+    - ??1CContextList@@UAE@XZ
+    - ??1CDebugLog@@UAE@XZ
+    - ??1CExclusionExtConfig@@UAE@XZ
+    - ??1CExclusionFileNameConfig@@UAE@XZ
+    - ??1CExclusionFilePathConfig@@UAE@XZ
+    - ??1CExclusionFolderConfig@@UAE@XZ
+    - ??1CExclusionRegistryConfig@@UAE@XZ
+    - ??1CFile@@UAE@XZ
+    - ??1CFileExtension@@UAE@XZ
+    - ??1CKEvent@@UAE@XZ
+    - ??1CList@@UAE@XZ
+    - ??1CLockEvent@@UAE@XZ
+    - ??1CLockList@@UAE@XZ
+    - ??1CMemoryAllocator@@UAE@XZ
+    - ??1CMemoryPoolAllocator@@UAE@XZ
+    - ??1CModuleConfig@@UAE@XZ
+    - ??1CModuleConfigList@@UAE@XZ
+    - ??1CModuleFileExtConfig@@UAE@XZ
+    - ??1CModuleFlagConfig@@UAE@XZ
+    - ??1CModuleMultiStringConfig@@UAE@XZ
+    - ??1CModuleStringConfig@@UAE@XZ
+    - ??1CSmartLock@@QAE@XZ
+    - ??1CSmartReference@@QAE@XZ
+    - ??1CStrList@@UAE@XZ
+    - ??1CSystemThread@@UAE@XZ
+    - ??1CUserFuncAdapterJob@@UAE@XZ
+    - ??1CWorkerThread@@UAE@XZ
+    - ??1CWorkerThreadJob@@UAE@XZ
+    - ??1CWorkerThreadJobQueue@@UAE@XZ
+    - ??1CWorkerThreadPool@@UAE@XZ
+    - ??1IMemoryAllocator@@UAE@XZ
+    - ??2@YAPAXIPAVIMemoryAllocator@@PBDK@Z
+    - ??2CMemoryAllocator@@SGPAXI@Z
+    - ??2CMemoryPoolAllocator@@SGPAXI@Z
+    - ??3@YAXPAX@Z
+    - ??3IMemoryAllocator@@SGXPAX@Z
+    - ??4CAutoUpdateConfigThread@@QAEAAV0@ABV0@@Z
+    - ??4CBlobConfig@@QAEAAV0@ABV0@@Z
+    - ??4CContext@@QAEAAV0@ABV0@@Z
+    - ??4CDebugLog@@QAEAAV0@ABV0@@Z
+    - ??4CFile@@QAEAAV0@ABV0@@Z
+    - ??4CKEvent@@QAEAAV0@ABV0@@Z
+    - ??4CLockEvent@@QAEAAV0@ABV0@@Z
+    - ??4CMemoryAllocator@@QAEAAV0@ABV0@@Z
+    - ??4CMemoryPoolAllocator@@QAEAAV0@ABV0@@Z
+    - ??4CModuleConfig@@QAEAAV0@ABV0@@Z
+    - ??4CModuleFlagConfig@@QAEAAV0@ABV0@@Z
+    - ??4CModuleStringConfig@@QAEAAV0@ABV0@@Z
+    - ??4CSmartLock@@QAEAAV0@ABV0@@Z
+    - ??4CSmartLock@@QAEABV0@AAVCLockEvent@@@Z
+    - ??4CSystemThread@@QAEAAV0@ABV0@@Z
+    - ??4CUserFuncAdapterJob@@QAEAAV0@ABV0@@Z
+    - ??4CWorkerThread@@QAEAAV0@ABV0@@Z
+    - ??4CWorkerThreadJob@@QAEAAV0@ABV0@@Z
+    - ??4IMemoryAllocator@@QAEAAV0@ABV0@@Z
+    - ??_7CAutoUpdateConfigThread@@6B@
+    - ??_7CBlobConfig@@6B@
+    - ??_7CContext@@6B@
+    - ??_7CContextList@@6B@
+    - ??_7CDebugLog@@6B@
+    - ??_7CExclusionExtConfig@@6B@
+    - ??_7CExclusionFileNameConfig@@6B@
+    - ??_7CExclusionFilePathConfig@@6B@
+    - ??_7CExclusionFolderConfig@@6B@
+    - ??_7CExclusionRegistryConfig@@6B@
+    - ??_7CFile@@6B@
+    - ??_7CFileExtension@@6B@
+    - ??_7CKEvent@@6B@
+    - ??_7CList@@6B@
+    - ??_7CLockEvent@@6B@
+    - ??_7CLockList@@6B@
+    - ??_7CMemoryAllocator@@6B@
+    - ??_7CMemoryPoolAllocator@@6B@
+    - ??_7CModuleConfig@@6B@
+    - ??_7CModuleConfigList@@6B@
+    - ??_7CModuleFileExtConfig@@6B@
+    - ??_7CModuleFlagConfig@@6B@
+    - ??_7CModuleMultiStringConfig@@6B@
+    - ??_7CModuleStringConfig@@6B@
+    - ??_7CStrList@@6B@
+    - ??_7CSystemThread@@6B@
+    - ??_7CUserFuncAdapterJob@@6B@
+    - ??_7CWorkerThread@@6B@
+    - ??_7CWorkerThreadJob@@6B@
+    - ??_7CWorkerThreadJobQueue@@6B@
+    - ??_7CWorkerThreadPool@@6B@
+    - ??_7IMemoryAllocator@@6B@
+    - ??_FCContextList@@QAEXXZ
+    - ??_FCFile@@QAEXXZ
+    - ??_FCFileExtension@@QAEXXZ
+    - ??_FCModuleConfigList@@QAEXXZ
+    - ??_FCStrList@@QAEXXZ
+    - ??_FCSystemThread@@QAEXXZ
+    - ??_FCWorkerThread@@QAEXXZ
+    - ??_FCWorkerThreadJob@@QAEXXZ
+    - ??_FCWorkerThreadJobQueue@@QAEXXZ
+    - ??_U@YAPAXIPAVIMemoryAllocator@@PBDK@Z
+    - ??_V@YAXPAX@Z
+    - ?Acquire@CLockEvent@@QAEXXZ
+    - ?Add@CContextList@@QAEEPAVCContext@@@Z
+    - ?Add@CFileExtension@@QAEEPBGK@Z
+    - ?Add@CModuleConfigList@@QAEEPAVCModuleConfig@@@Z
+    - ?Add@CStrList@@QAEEPBG@Z
+    - ?Alloc@CMemoryAllocator@@UAEPAXKPBDK@Z
+    - ?Alloc@CMemoryPoolAllocator@@UAEPAXKPBDK@Z
+    - ?AllocBlock@CMemoryPoolAllocator@@IAEPAXK@Z
+    - ?AttachJobQueue@CWorkerThread@@QAEXPAVCWorkerThreadJobQueue@@@Z
+    - ?Cancel@CWorkerThreadJob@@QAEXXZ
+    - ?CheckNode@CLockList@@UAEHQAX@Z
+    - ?CleanQueue@CWorkerThreadJobQueue@@QAEXXZ
+    - ?Cleanup@CBlobConfig@@AAEXXZ
+    - ?Cleanup@CModuleFileExtConfig@@IAEXXZ
+    - ?Cleanup@CModuleMultiStringConfig@@IAEXXZ
+    - ?Cleanup@CModuleStringConfig@@AAEXXZ
+    - ?Close@CFile@@QAEJXZ
+    - ?Count@CLockList@@QAEKXZ
+    - ?Create@CFile@@QAEJPBGKKKK@Z
+    - ?Create@CSystemThread@@QAEEXZ
+    - ?CreateInstance@CMemoryAllocator@@SGPAV1@W4_POOL_TYPE@@K@Z
+    - ?CreateInstance@CMemoryPoolAllocator@@SGPAV1@W4_POOL_TYPE@@KKK@Z
+    - ?CreatePool@CWorkerThreadPool@@QAEEXZ
+    - ?CreateThreads@CWorkerThreadPool@@QAEEK@Z
+    - ?CreateWIRP@CFile@@QAEJPBGKKKK@Z
+    - ?Delete@CFile@@QAEJXZ
+    - ?Delete@CFileExtension@@QAEEPBGK@Z
+    - ?Delete@CStrList@@QAEEPBG@Z
+    - ?DeleteAll@CList@@UAEXXZ
+    - ?DeleteAll@CLockList@@UAEXXZ
+    - ?DeleteNode@CContextList@@MAEXPAX@Z
+    - ?DeleteNode@CList@@UAEXPAX@Z
+    - ?DeleteNode@CModuleConfigList@@MAEXPAX@Z
+    - ?DeleteNode@CStrList@@EAEXPAU_STR_LIST_NODE@1@@Z
+    - ?DisableWriteProtectFromCR0@@YGXPAPAX@Z
+    - ?DoIt@CWorkerThreadJob@@QAEJXZ
+    - ?EntryPoint@CSystemThread@@KGXPAX@Z
+    - ?Find@CContextList@@QAEPAVCContext@@K@Z
+    - ?Find@CContextList@@QAEPAVCContext@@PAX@Z
+    - ?Find@CFileExtension@@QAEPAU_STR_LIST_NODE@CStrList@@PBGK@Z
+    - ?Find@CModuleConfigList@@QAEPAVCModuleConfig@@K@Z
+    - ?Find@CStrList@@QAEPAU_STR_LIST_NODE@1@PBG@Z
+    - ?FindNode@CContextList@@IAEPAXPAX@Z
+    - ?FindPartiallyAndAllMatch@CStrList@@QAEPAU_STR_LIST_NODE@1@PBG@Z
+    - ?First@CList@@UAEPAXXZ
+    - ?First@CLockList@@UAEPAXXZ
+    - ?Free@CMemoryAllocator@@UAEXPAX@Z
+    - ?Free@CMemoryPoolAllocator@@UAEXPAX@Z
+    - ?GetAttributes@CFile@@QAEKXZ
+    - ?GetBasicInfomration@CFile@@IAEJXZ
+    - ?GetBlobCofig@CContext@@UAEJKPAXPAK@Z
+    - ?GetCategory@CContext@@QAEKXZ
+    - ?GetData@CBlobConfig@@QAEHPAXPAK@Z
+    - ?GetData@CModuleFileExtConfig@@QAEHPAGPAK@Z
+    - ?GetData@CModuleFileExtConfig@@QAEPAVCFileExtension@@XZ
+    - ?GetData@CModuleFlagConfig@@QAEKXZ
+    - ?GetData@CModuleMultiStringConfig@@QAEHPAGPAK@Z
+    - ?GetData@CModuleMultiStringConfig@@QAEPAVCStrList@@XZ
+    - ?GetData@CModuleStringConfig@@QAEPAGXZ
+    - ?GetData@CStrList@@QAEEPAGPAK@Z
+    - ?GetDataType@CModuleConfig@@QAEKXZ
+    - ?GetEngineContext@CContext@@QAEPAXXZ
+    - ?GetFileExtensionConfig@CContext@@QAEPAVCFileExtension@@K@Z
+    - ?GetFileExtensionConfig@CContext@@UAEJKPAGPAK@Z
+    - ?GetFileSize@CFile@@QAEJPAT_LARGE_INTEGER@@@Z
+    - ?GetFlagConfig@CContext@@UAEJKPAK@Z
+    - ?GetID@CModuleConfig@@QAEKXZ
+    - ?GetJob@CWorkerThreadJobQueue@@QAEPAVCWorkerThreadJob@@XZ
+    - ?GetLength@CModuleStringConfig@@QAEKXZ
+    - ?GetLinkContext@CContext@@QAEPAXXZ
+    - ?GetLogFlag@CDebugLog@@QAEKXZ
+    - ?GetModuleId@CModuleConfig@@QAEKXZ
+    - ?GetMultiStringConfig@CContext@@QAEPAVCStrList@@K@Z
+    - ?GetMultiStringConfig@CContext@@UAEJKPAGPAK@Z
+    - ?GetOneThreadTEB@CWorkerThreadPool@@QAEPAU_ETHREAD@@XZ
+    - ?GetReportCallBackRoutine@CContext@@QAEKXZ
+    - ?GetSize@CBlobConfig@@QAEKXZ
+    - ?GetStringConfig@CContext@@QAEPAGK@Z
+    - ?GetStringConfig@CContext@@UAEJKPAGPAK@Z
+    - ?GetThreadCount@CWorkerThreadPool@@QAEKXZ
+    - ?GetThreadID@CSystemThread@@QAEKXZ
+    - ?GetType@CContext@@QAEKXZ
+    - ?GetUserParameter@CContext@@QAEKXZ
+    - ?InitializeBlobConfig@CContext@@QAEHKPAXK@Z
+    - ?InitializeFileExtensionConfig@CContext@@QAEHKPBG@Z
+    - ?InitializeFlagConfig@CContext@@QAEHKK@Z
+    - ?InitializeMultiStringConfig@CContext@@QAEHKPBG@Z
+    - ?InitializeStringConfig@CContext@@QAEHKPBG@Z
+    - ?Insert@CList@@UAEXQAXE@Z
+    - ?Insert@CLockList@@UAEXQAXE@Z
+    - ?InsertAfter@CList@@UAEXPAX0@Z
+    - ?InsertBefore@CList@@UAEXPAX0@Z
+    - ?Instance@CWorkerThreadPool@@SGPAV1@XZ
+    - ?IsEmpty@CList@@UAEEXZ
+    - ?IsEmpty@CLockList@@UAEEXZ
+    - ?IsExceedLimitation@CMemoryPoolAllocator@@IAEEK@Z
+    - ?IsFull@CLockList@@QBEEXZ
+    - ?IsInExclusionList@CExclusionExtConfig@@QAEEPBG@Z
+    - ?IsInExclusionList@CExclusionFileNameConfig@@QAEEPBG@Z
+    - ?IsInExclusionList@CExclusionFilePathConfig@@QAEEPBG@Z
+    - ?IsInExclusionList@CExclusionFolderConfig@@QAEEPBG@Z
+    - ?IsInExclusionList@CExclusionRegistryConfig@@QAEEPBG@Z
+    - ?IsOpened@CFile@@QAEEXZ
+    - ?IsTerminated@CWorkerThreadPool@@QAEEXZ
+    - ?IsValid@CMemoryAllocator@@UAEEXZ
+    - ?IsValid@CMemoryPoolAllocator@@UAEEXZ
+    - ?IsValid@IMemoryAllocator@@UAEEXZ
+    - ?IsWorkerThread@CWorkerThreadPool@@QAEEK@Z
+    - ?JobFunction@CUserFuncAdapterJob@@MAEXXZ
+    - ?JobQueue@CWorkerThreadPool@@QAEAAVCWorkerThreadJobQueue@@XZ
+    - ?Limit@CLockList@@QAEKXZ
+    - ?MatchAllExtensions@CFileExtension@@QAEEXZ
+    - ?MatchNoExtensions@CFileExtension@@QAEEXZ
+    - ?MergeLeft@CMemoryPoolAllocator@@IAEPAXPAX@Z
+    - ?MergeRight@CMemoryPoolAllocator@@IAEPAXPAX@Z
+    - ?NeedDelete@CWorkerThreadJob@@QAEEXZ
+    - ?NeedDeleteWhenFinish@CWorkerThreadJob@@QAEXE@Z
+    - ?NewNode@CList@@UAEPAXXZ
+    - ?NewNode@CStrList@@EAEPAXXZ
+    - ?NewNodeVariant@CList@@IAEPAXK@Z
+    - ?Next@CList@@UBEPAXQAX@Z
+    - ?Next@CLockList@@UBEPAXQAX@Z
+    - ?NextPool@CMemoryPoolAllocator@@QAEPAV1@XZ
+    - ?NotityTerminate@CWorkerThread@@QAEXXZ
+    - ?PostJobToWorkerThread@CWorkerThreadPool@@QAEJP6GXPAX@Z0E@Z
+    - ?Pulse@CKEvent@@QAEJJE@Z
+    - ?QueueJob@CWorkerThreadJobQueue@@QAEEPAVCWorkerThreadJob@@@Z
+    - ?QueueJobItem@CWorkerThreadPool@@QAEJPAVCWorkerThreadJob@@@Z
+    - ?RCMInstance@CWorkerThreadPool@@SGPAV1@XZ
+    - ?Read@CFile@@QAEJPADKPAK@Z
+    - ?ReferenceCount@CContext@@QAEAAKXZ
+    - ?Release@CLockEvent@@QAEXXZ
+    - ?Remove@CContextList@@UAEEQAX@Z
+    - ?Remove@CList@@UAEEQAX@Z
+    - ?Remove@CLockList@@UAEEQAX@Z
+    - ?RemoveHead@CList@@UAEPAXXZ
+    - ?RemoveHead@CLockList@@UAEPAXXZ
+    - ?RemoveTail@CList@@UAEPAXXZ
+    - ?RemoveTail@CLockList@@UAEPAXXZ
+    - ?Reset@CKEvent@@QAEXXZ
+    - ?RestoreCR0@@YGXPAX@Z
+    - ?Run@CAutoUpdateConfigThread@@UAEXXZ
+    - ?Run@CWorkerThread@@UAEXXZ
+    - ?SeekToEnd@CFile@@QAEJXZ
+    - ?Set@CKEvent@@QAEJJE@Z
+    - ?SetAttributes@CFile@@QAEJK@Z
+    - ?SetBlobCofig@CContext@@UAEJKPAXK@Z
+    - ?SetData@CBlobConfig@@QAEHPAXK@Z
+    - ?SetData@CModuleFileExtConfig@@QAEHPBG@Z
+    - ?SetData@CModuleFlagConfig@@QAEHK@Z
+    - ?SetData@CModuleMultiStringConfig@@QAEHPBG@Z
+    - ?SetData@CModuleStringConfig@@QAEHPBG@Z
+    - ?SetEngineContext@CContext@@QAEXPAX@Z
+    - ?SetFileExtensionConfig@CContext@@UAEJKPBG@Z
+    - ?SetFlagConfig@CContext@@UAEJKK@Z
+    - ?SetLinkContext@CContext@@QAEXPAX@Z
+    - ?SetLogFlag@CDebugLog@@QAEEK@Z
+    - ?SetMatchAllExtensions@CFileExtension@@QAEXE@Z
+    - ?SetMatchNoExtensions@CFileExtension@@QAEXE@Z
+    - ?SetMultiStringConfig@CContext@@UAEJKPBG@Z
+    - ?SetNewJobItemEvent@CWorkerThreadJobQueue@@QAEXXZ
+    - ?SetPriority@CSystemThread@@QAEXK@Z
+    - ?SetStopUse@CContext@@QAEXXZ
+    - ?SetStringConfig@CContext@@UAEJKPBG@Z
+    - ?Setup@CSystemThread@@MAEXXZ
+    - ?StopUse@CContext@@QAEHXZ
+    - ?TearDown@CSystemThread@@MAEXXZ
+    - ?Terminate@CSystemThread@@QAEXE@Z
+    - ?Terminate@CWorkerThreadPool@@QAEEXZ
+    - ?TmExceptionFilter@@YGJPAU_EXCEPTION_POINTERS@@@Z
+    - ?Wait@CKEvent@@QAEJPAT_LARGE_INTEGER@@E@Z
+    - ?WaitFinish@CWorkerThreadJob@@QAEXXZ
+    - ?WaitNewJobAvailable@CWorkerThreadJobQueue@@QAEEXZ
+    - ?Write@CDebugLog@@QAAXPBDZZ
+    - ?Write@CFile@@QAEJPADKPAT_LARGE_INTEGER@@PAK@Z
+    - ?WriteSystemInformation@CDebugLog@@QAEXXZ
+    - ?WriteSystemStringInformation@CDebugLog@@IAEXPBG@Z
+    - ?WriteToFile@CDebugLog@@IAEXPADK@Z
+    - ?_pNonPagedAllocator@@3PAVCMemoryAllocator@@A
+    - ?_pPagedAllocator@@3PAVCMemoryAllocator@@A
+    - ?m_lpInstance@CWorkerThreadPool@@1PAV1@A
+    - ?m_lpRCMInstance@CWorkerThreadPool@@1PAV1@A
+    - _DeInitKmLPC@0
+    - _GetModuleInfoByAddress@8
+    - _GetModuleInfoByModuleName@8
+    - _InitKmLPC@0
+    - _KmCallUm@8
+    - _MapMem@12
+    - _ModGetExportProcAddress@8
+    - _ModLoadDLLToBuffer@4
+    - _ModLoadModule@8
+    - _ModUnLoadModule@4
+    - _NormalizeFileName@4
+    - _NormalizeFullNtPathToDosName@4
+    - _TmCommConfigRoutine@4
+    - _UnMapMem@8
+    - _UtilGetFileObjectForProcessByEPROC@8
+    - _UtilGetProcessName@12
+    - _UtilGetSystemTime@4
+    - _UtilIoSetFileInfo@24
+    - _UtilIopCreateFileIRP@40
+    - _UtilKeGetLowFileDevice@16
+    - _UtilQueryKeyValue@24
+    - _UtilVolumeDeviceToDosName@8
+    - _UtilWaitValueChangeToZero@8
+    - _UtilWriteVersionToRegistry@8
+    - _UtilbuildDynamicDiskMappingTable@0
+    - __UtilDosPathNameToNtPathName@12
+    ImportedFunctions:
+    - KeEnterCriticalRegion
+    - KeGetCurrentThread
+    - KeLeaveCriticalRegion
+    - ExReleaseFastMutexUnsafe
+    - wcsncpy
+    - memcpy
+    - wcsrchr
+    - KeSetEvent
+    - KePulseEvent
+    - KeClearEvent
+    - KeInitializeSemaphore
+    - KeWaitForSingleObject
+    - DbgPrint
+    - KeReleaseSemaphore
+    - RtlSubAuthoritySid
+    - RtlInitializeSid
+    - ExAllocatePoolWithTag
+    - RtlLengthRequiredSid
+    - ExFreePoolWithTag
+    - RtlSetDaclSecurityDescriptor
+    - RtlCreateSecurityDescriptor
+    - RtlAddAccessAllowedAce
+    - RtlCreateAcl
+    - ObfDereferenceObject
+    - ZwSetEvent
+    - ZwClose
+    - KeUnstackDetachProcess
+    - ZwRequestWaitReplyPort
+    - memmove
+    - KeStackAttachProcess
+    - ZwConnectPort
+    - RtlInitUnicodeString
+    - ZwCreateSection
+    - ZwWaitForSingleObject
+    - ZwOpenEvent
+    - ObfReferenceObject
+    - IoGetCurrentProcess
+    - memset
+    - MmIsAddressValid
+    - ZwWriteFile
+    - ZwReadFile
+    - ZwQueryInformationFile
+    - ZwSetInformationFile
+    - ZwCreateFile
+    - swprintf
+    - towupper
+    - _wcsnicmp
+    - KeInitializeEvent
+    - _snprintf
+    - PsGetCurrentProcessId
+    - RtlTimeToTimeFields
+    - ExSystemTimeToLocalTime
+    - KeQuerySystemTime
+    - ZwCreateKey
+    - ZwCreateEvent
+    - KeWaitForMultipleObjects
+    - ObReferenceObjectByHandle
+    - ZwNotifyChangeKey
+    - PsGetCurrentThreadId
+    - _vsnprintf
+    - MmMapLockedPagesSpecifyCache
+    - MmBuildMdlForNonPagedPool
+    - MmCreateMdl
+    - MmUnmapLockedPages
+    - KeSetPriorityThread
+    - PsTerminateSystemThread
+    - PsCreateSystemThread
+    - KeNumberProcessors
+    - ZwQuerySystemInformation
+    - ZwQueryDirectoryFile
+    - ZwOpenDirectoryObject
+    - ZwQueryDirectoryObject
+    - ZwDuplicateObject
+    - ZwOpenKey
+    - ZwEnumerateKey
+    - ZwEnumerateValueKey
+    - ZwQueryValueKey
+    - ZwDeleteValueKey
+    - ZwDeleteKey
+    - ExGetPreviousMode
+    - ExAcquireFastMutexUnsafe
+    - ObOpenObjectByPointer
+    - PsProcessType
+    - ZwOpenProcess
+    - ZwQueryKey
+    - ZwSetValueKey
+    - IoFreeIrp
+    - IoBuildAsynchronousFsdRequest
+    - ProbeForWrite
+    - KeBugCheckEx
+    - RtlImageNtHeader
+    - _stricmp
+    - _strnicmp
+    - RtlQueryRegistryValues
+    - RtlAppendUnicodeToString
+    - KeDelayExecutionThread
+    - mbstowcs
+    - ZwQuerySymbolicLinkObject
+    - ZwOpenSymbolicLinkObject
+    - RtlEqualUnicodeString
+    - IoFileObjectType
+    - IoCreateFile
+    - IofCallDriver
+    - IoAllocateIrp
+    - IoFreeMdl
+    - IoAllocateMdl
+    - PsGetVersion
+    - MmGetSystemRoutineAddress
+    - RtlCompareMemory
+    - RtlCopyUnicodeString
+    - RtlAppendUnicodeStringToString
+    - IofCompleteRequest
+    - ExEventObjectType
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - IoCreateSymbolicLink
+    - ProbeForRead
+    - IoGetDeviceObjectPointer
+    - ExAllocatePool
+    - RtlUpperChar
+    - RtlCompareUnicodeString
+    - PsLookupProcessByProcessId
+    - strncpy
+    - KeServiceDescriptorTable
+    - NtOpenProcess
+    - ObReferenceObjectByPointer
+    - MmSectionObjectType
+    - ObQueryNameString
+    - ObOpenObjectByName
+    - NtQueryInformationProcess
+    - _snwprintf
+    - RtlAnsiStringToUnicodeString
+    - KeAddSystemServiceTable
+    - ZwQueryObject
+    - ZwQuerySecurityObject
+    - ObInsertObject
+    - _allrem
+    - IoReleaseVpbSpinLock
+    - IoAcquireVpbSpinLock
+    - SeCreateAccessState
+    - IoGetFileObjectGenericMapping
+    - ObCreateObject
+    - KeTickCount
+    - RtlUnwind
+    - ZwSetSecurityObject
+    - IoDeviceObjectType
+    - IoCreateDevice
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetSaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - RtlLengthSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - SeExports
+    - IoIsWdmVersionAvailable
+    - RtlLengthSid
+    - wcschr
+    - RtlAbsoluteToSelfRelativeSD
+    - RtlFreeUnicodeString
+    - ZwTerminateProcess
+    - _purecall
+    - ClassInitialize
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=TW, ST=Taiwan, L=Taipei, O=Trend Micro, Inc., OU=Digital ID
+                Class 3 , Microsoft Software Validation v2, OU=RD, CN=Trend Micro,
+                Inc.
+            ValidFrom: '2008-01-16 00:00:00'
+            ValidTo: '2011-02-16 23:59:59'
+            Signature: 5a693868cea6ba49064b801a0d9e12887a37cbb92cca2950cc5e99c2df9aec5697422e67cd042836daf09a09e739f625255841fed1ec9657cb8b3edc08c55c302574cbdb3f7de2798ed769d766402619b48041f9d90f8c904488788412b1c632055e1afc4a5bbac642cb626bd20fece0feaa6cf9b287887788cf64586309a14a644b5f0595c0ddcb7d789831faedb48451e40e342da4ccbc38a5e992e57e7ce5328d531a8c68e61f9dc9be65605c1bedf3358579000b91a19b3be388bac36b58ca76b72358bd8e74e0a7b08b0587bb7a29758c01af40b80e8e72c76abd3a2babfe7c1ed6e7b1cd9b0221a605062b6d9d0ceb57e0eb305fdc5eb5bf6ea442f4c9
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 645212f783f4d7aba3555729e99ce065
+            Version: 3
+            TBS:
+                MD5: e00f0a38c65f7c0b9f19b97448d6a0e3
+                SHA1: 91c033a2f289418c4101654dceacef1b25bb55d0
+                SHA256: 38b3fcbdb734b0e3439f3c9a3c4c1712091f577d2b616d41224137faf7ba7c86
+                SHA384: d3a0e6ebbe1b8a4847fa56fa62a48d76fc223870a66d30de9ce77fe5ff4ac0eeb84644ab4b67a7c4638ce79dec03a62d
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 645212f783f4d7aba3555729e99ce065
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: fd5680b44e33c644adb2a11aaf9c107b
+        SHA1: 797adadf7d576be425cefa156494b0e490b2fc81
+        SHA256: bf0ee0f8675bb1fbe955bd5eedb7f49b38a8af2e99a9f101d826baf830fe6c55
+    Sections:
+        .text:
+            Entropy: 6.647148674525195
+            Virtual Size: '0x174e7'
+        .rdata:
+            Entropy: 4.6801307561668075
+            Virtual Size: '0x1214'
+        .data:
+            Entropy: 3.627718081283959
+            Virtual Size: '0x1538'
+        PAGE:
+            Entropy: 6.260964789476646
+            Virtual Size: '0x13d3'
+        .edata:
+            Entropy: 5.7951531802596055
+            Virtual Size: '0x40fd'
+        INIT:
+            Entropy: 5.631009289583387
+            Virtual Size: '0x104c'
+        .rsrc:
+            Entropy: 3.385545301360153
+            Virtual Size: '0x498'
+        .reloc:
+            Entropy: 6.379725750908649
+            Virtual Size: '0x1796'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2008-07-22 06:53:20'
+    Imphash: ef102e058f6b88af0d66d26236257706
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: TmComm.sys
+    MD5: 42132c7a755064f94314b01afb80e73c
+    SHA1: 3e790c4e893513566916c76a677b0f98bd7334dd
+    SHA256: 62f5e13b2edc00128716cb93e6a9eddffea67ce83d2bb426f18f5be08ead89e0
+    Authentihash:
+        MD5: 37dd516b2406b4e5d95e260886230437
+        SHA1: 95e72a3ba11c83d127302e8327b2fe9580a61e3f
+        SHA256: a553ba125adf00a769718d5cd26ed1a59b5e397956ebc6163973b10fe8c58214
+    Description: TrendMicro Common Module
+    Company: Trend Micro Inc.
+    InternalName: TmComm.sys
+    OriginalFilename: TmComm.sys
+    FileVersion: 7.0.0.1099
+    Product: Trend Micro Eyes
+    ProductVersion: '7.0'
+    Copyright: Copyright  (C)  2016 Trend Micro Incorporated. All rights reserved.
+    MachineType: I386
+    Imports:
+    - ntoskrnl.exe
+    - CLASSPNP.SYS
+    - HAL.dll
+    ExportedFunctions:
+    - ??0CAutoUpdateConfigThread@@QAE@ABV0@@Z
+    - ??0CAutoUpdateConfigThread@@QAE@PAU_UNICODE_STRING@@P6GX0PAX@Z1@Z
+    - ??0CBlobConfig@@QAE@ABV0@@Z
+    - ??0CBlobConfig@@QAE@K@Z
+    - ??0CContext@@QAE@ABV0@@Z
+    - ??0CContext@@QAE@KP6GJPAU_EVENT_REPORT@@PAXPAU_TMCE_REPORT@@PAU_TMCE_FEEDBACK@@@Z1K@Z
+    - ??0CContextList@@QAE@ABV0@@Z
+    - ??0CContextList@@QAE@KPAVIMemoryAllocator@@@Z
+    - ??0CDebugLog@@QAE@ABV0@@Z
+    - ??0CDebugLog@@QAE@PBG@Z
+    - ??0CDebugLogEx@@QAE@ABV0@@Z
+    - ??0CDebugLogEx@@QAE@K@Z
+    - ??0CDelayLoadThread@@QAE@ABV0@@Z
+    - ??0CDelayLoadThread@@QAE@XZ
+    - ??0CExclusionExtConfig@@QAE@ABV0@@Z
+    - ??0CExclusionExtConfig@@QAE@KKE@Z
+    - ??0CExclusionFileNameConfig@@QAE@ABV0@@Z
+    - ??0CExclusionFileNameConfig@@QAE@KK@Z
+    - ??0CExclusionFilePathConfig@@QAE@ABV0@@Z
+    - ??0CExclusionFilePathConfig@@QAE@KK@Z
+    - ??0CExclusionFolderConfig@@QAE@ABV0@@Z
+    - ??0CExclusionFolderConfig@@QAE@KK@Z
+    - ??0CExclusionRegistryConfig@@QAE@ABV0@@Z
+    - ??0CExclusionRegistryConfig@@QAE@KK@Z
+    - ??0CFile@@QAE@ABV0@@Z
+    - ??0CFile@@QAE@E@Z
+    - ??0CFileExtension@@QAE@ABV0@@Z
+    - ??0CFileExtension@@QAE@KEEPAVIMemoryAllocator@@@Z
+    - ??0CInclusionExtConfig@@QAE@ABV0@@Z
+    - ??0CInclusionExtConfig@@QAE@KKE@Z
+    - ??0CInclusionFileNameConfig@@QAE@ABV0@@Z
+    - ??0CInclusionFileNameConfig@@QAE@KK@Z
+    - ??0CInclusionFilePathConfig@@QAE@ABV0@@Z
+    - ??0CInclusionFilePathConfig@@QAE@KK@Z
+    - ??0CInclusionFolderConfig@@QAE@ABV0@@Z
+    - ??0CInclusionFolderConfig@@QAE@KK@Z
+    - ??0CKEvent@@QAE@ABV0@@Z
+    - ??0CKEvent@@QAE@W4_EVENT_TYPE@@E@Z
+    - ??0CList@@QAE@ABV0@@Z
+    - ??0CList@@QAE@KPAVIMemoryAllocator@@@Z
+    - ??0CLockEvent@@QAE@ABV0@@Z
+    - ??0CLockEvent@@QAE@XZ
+    - ??0CLockList@@QAE@ABV0@@Z
+    - ??0CLockList@@QAE@KKPAVIMemoryAllocator@@@Z
+    - ??0CMemoryAllocator@@IAE@W4_POOL_TYPE@@K@Z
+    - ??0CMemoryAllocator@@QAE@ABV0@@Z
+    - ??0CMemoryPoolAllocator@@IAE@W4_POOL_TYPE@@KKK@Z
+    - ??0CMemoryPoolAllocator@@QAE@ABV0@@Z
+    - ??0CModuleConfig@@QAE@ABV0@@Z
+    - ??0CModuleConfig@@QAE@XZ
+    - ??0CModuleConfigList@@QAE@ABV0@@Z
+    - ??0CModuleConfigList@@QAE@KPAVIMemoryAllocator@@@Z
+    - ??0CModuleFileExtConfig@@QAE@ABV0@@Z
+    - ??0CModuleFileExtConfig@@QAE@KKE@Z
+    - ??0CModuleFlagConfig@@QAE@ABV0@@Z
+    - ??0CModuleFlagConfig@@QAE@K@Z
+    - ??0CModuleMultiStringConfig@@QAE@ABV0@@Z
+    - ??0CModuleMultiStringConfig@@QAE@KK@Z
+    - ??0CModuleStringConfig@@QAE@ABV0@@Z
+    - ??0CModuleStringConfig@@QAE@K@Z
+    - ??0CNoLockList@@QAE@ABV0@@Z
+    - ??0CNoLockList@@QAE@KKPAVIMemoryAllocator@@@Z
+    - ??0CSmartLock@@QAE@AAVCLockEvent@@@Z
+    - ??0CSmartLock@@QAE@XZ
+    - ??0CSmartReference@@QAE@AAJ@Z
+    - ??0CSmartReference@@QAE@AAK@Z
+    - ??0CSmartResource@@QAE@AAVCResource@@E@Z
+    - ??0CStrList@@QAE@ABV0@@Z
+    - ??0CStrList@@QAE@KPAVIMemoryAllocator@@@Z
+    - ??0CSystemThread@@QAE@ABV0@@Z
+    - ??0CSystemThread@@QAE@K@Z
+    - ??0CUserFuncAdapterJob@@QAE@ABV0@@Z
+    - ??0CUserFuncAdapterJob@@QAE@P6GXPAX@Z01@Z
+    - ??0CWorkerThread@@IAE@PAVCWorkerThreadJobQueue@@@Z
+    - ??0CWorkerThread@@QAE@ABV0@@Z
+    - ??0CWorkerThreadJob@@QAE@ABV0@@Z
+    - ??0CWorkerThreadJob@@QAE@E@Z
+    - ??0CWorkerThreadJobQueue@@QAE@ABV0@@Z
+    - ??0CWorkerThreadJobQueue@@QAE@K@Z
+    - ??0CWorkerThreadPool@@QAE@ABV0@@Z
+    - ??0CWorkerThreadPool@@QAE@K@Z
+    - ??0CWorkerThreadPoolEx@@QAE@ABV0@@Z
+    - ??0CWorkerThreadPoolEx@@QAE@KK@Z
+    - ??0IMemoryAllocator@@QAE@ABV0@@Z
+    - ??0IMemoryAllocator@@QAE@XZ
+    - ??1CAutoUpdateConfigThread@@UAE@XZ
+    - ??1CBlobConfig@@UAE@XZ
+    - ??1CContext@@UAE@XZ
+    - ??1CContextList@@UAE@XZ
+    - ??1CDebugLog@@UAE@XZ
+    - ??1CDebugLogEx@@UAE@XZ
+    - ??1CDelayLoadThread@@UAE@XZ
+    - ??1CExclusionExtConfig@@UAE@XZ
+    - ??1CExclusionFileNameConfig@@UAE@XZ
+    - ??1CExclusionFilePathConfig@@UAE@XZ
+    - ??1CExclusionFolderConfig@@UAE@XZ
+    - ??1CExclusionRegistryConfig@@UAE@XZ
+    - ??1CFile@@UAE@XZ
+    - ??1CFileExtension@@UAE@XZ
+    - ??1CInclusionExtConfig@@UAE@XZ
+    - ??1CInclusionFileNameConfig@@UAE@XZ
+    - ??1CInclusionFilePathConfig@@UAE@XZ
+    - ??1CInclusionFolderConfig@@UAE@XZ
+    - ??1CKEvent@@UAE@XZ
+    - ??1CList@@UAE@XZ
+    - ??1CLockEvent@@UAE@XZ
+    - ??1CLockList@@UAE@XZ
+    - ??1CMemoryAllocator@@UAE@XZ
+    - ??1CMemoryPoolAllocator@@UAE@XZ
+    - ??1CModuleConfig@@UAE@XZ
+    - ??1CModuleConfigList@@UAE@XZ
+    - ??1CModuleFileExtConfig@@UAE@XZ
+    - ??1CModuleFlagConfig@@UAE@XZ
+    - ??1CModuleMultiStringConfig@@UAE@XZ
+    - ??1CModuleStringConfig@@UAE@XZ
+    - ??1CNoLockList@@UAE@XZ
+    - ??1CSmartLock@@QAE@XZ
+    - ??1CSmartReference@@QAE@XZ
+    - ??1CSmartResource@@QAE@XZ
+    - ??1CStrList@@UAE@XZ
+    - ??1CSystemThread@@UAE@XZ
+    - ??1CUserFuncAdapterJob@@UAE@XZ
+    - ??1CWorkerThread@@UAE@XZ
+    - ??1CWorkerThreadJob@@UAE@XZ
+    - ??1CWorkerThreadJobQueue@@UAE@XZ
+    - ??1CWorkerThreadPool@@UAE@XZ
+    - ??1CWorkerThreadPoolEx@@UAE@XZ
+    - ??1IMemoryAllocator@@UAE@XZ
+    - ??2@YAPAXIPAVIMemoryAllocator@@PBDK@Z
+    - ??2CMemoryAllocator@@SGPAXI@Z
+    - ??2CMemoryPoolAllocator@@SGPAXI@Z
+    - ??3@YAXPAX@Z
+    - ??3@YAXPAXI@Z
+    - ??3IMemoryAllocator@@SGXPAX@Z
+    - ??4CAutoUpdateConfigThread@@QAEAAV0@ABV0@@Z
+    - ??4CBlobConfig@@QAEAAV0@ABV0@@Z
+    - ??4CContext@@QAEAAV0@ABV0@@Z
+    - ??4CDebugLog@@QAEAAV0@ABV0@@Z
+    - ??4CDebugLogEx@@QAEAAV0@ABV0@@Z
+    - ??4CDelayLoadThread@@QAEAAV0@ABV0@@Z
+    - ??4CFile@@QAEAAV0@ABV0@@Z
+    - ??4CKEvent@@QAEAAV0@ABV0@@Z
+    - ??4CLockEvent@@QAEAAV0@ABV0@@Z
+    - ??4CMemoryAllocator@@QAEAAV0@ABV0@@Z
+    - ??4CMemoryPoolAllocator@@QAEAAV0@ABV0@@Z
+    - ??4CModuleConfig@@QAEAAV0@ABV0@@Z
+    - ??4CModuleFlagConfig@@QAEAAV0@ABV0@@Z
+    - ??4CModuleStringConfig@@QAEAAV0@ABV0@@Z
+    - ??4CSmartLock@@QAEAAV0@ABV0@@Z
+    - ??4CSmartLock@@QAEABV0@AAVCLockEvent@@@Z
+    - ??4CSmartResource@@QAEAAV0@ABV0@@Z
+    - ??4CSystemThread@@QAEAAV0@ABV0@@Z
+    - ??4CUserFuncAdapterJob@@QAEAAV0@ABV0@@Z
+    - ??4CWorkerThread@@QAEAAV0@ABV0@@Z
+    - ??4CWorkerThreadJob@@QAEAAV0@ABV0@@Z
+    - ??4IMemoryAllocator@@QAEAAV0@ABV0@@Z
+    - ??_7CAutoUpdateConfigThread@@6B@
+    - ??_7CBlobConfig@@6B@
+    - ??_7CContext@@6B@
+    - ??_7CContextList@@6B@
+    - ??_7CDebugLog@@6B@
+    - ??_7CDebugLogEx@@6B@
+    - ??_7CDelayLoadThread@@6B@
+    - ??_7CExclusionExtConfig@@6B@
+    - ??_7CExclusionFileNameConfig@@6B@
+    - ??_7CExclusionFilePathConfig@@6B@
+    - ??_7CExclusionFolderConfig@@6B@
+    - ??_7CExclusionRegistryConfig@@6B@
+    - ??_7CFile@@6B@
+    - ??_7CFileExtension@@6B@
+    - ??_7CInclusionExtConfig@@6B@
+    - ??_7CInclusionFileNameConfig@@6B@
+    - ??_7CInclusionFilePathConfig@@6B@
+    - ??_7CInclusionFolderConfig@@6B@
+    - ??_7CKEvent@@6B@
+    - ??_7CList@@6B@
+    - ??_7CLockEvent@@6B@
+    - ??_7CLockList@@6B@
+    - ??_7CMemoryAllocator@@6B@
+    - ??_7CMemoryPoolAllocator@@6B@
+    - ??_7CModuleConfig@@6B@
+    - ??_7CModuleConfigList@@6B@
+    - ??_7CModuleFileExtConfig@@6B@
+    - ??_7CModuleFlagConfig@@6B@
+    - ??_7CModuleMultiStringConfig@@6B@
+    - ??_7CModuleStringConfig@@6B@
+    - ??_7CNoLockList@@6B@
+    - ??_7CStrList@@6B@
+    - ??_7CSystemThread@@6B@
+    - ??_7CUserFuncAdapterJob@@6B@
+    - ??_7CWorkerThread@@6B@
+    - ??_7CWorkerThreadJob@@6B@
+    - ??_7CWorkerThreadJobQueue@@6B@
+    - ??_7CWorkerThreadPool@@6B@
+    - ??_7CWorkerThreadPoolEx@@6B@
+    - ??_7IMemoryAllocator@@6B@
+    - ??_FCContextList@@QAEXXZ
+    - ??_FCFile@@QAEXXZ
+    - ??_FCFileExtension@@QAEXXZ
+    - ??_FCModuleConfigList@@QAEXXZ
+    - ??_FCStrList@@QAEXXZ
+    - ??_FCSystemThread@@QAEXXZ
+    - ??_FCWorkerThread@@QAEXXZ
+    - ??_FCWorkerThreadJob@@QAEXXZ
+    - ??_FCWorkerThreadJobQueue@@QAEXXZ
+    - ??_U@YAPAXIPAVIMemoryAllocator@@PBDK@Z
+    - ??_V@YAXPAX@Z
+    - ?Acquire@CLockEvent@@QAEXXZ
+    - ?Add@CContextList@@QAEEPAVCContext@@@Z
+    - ?Add@CFileExtension@@QAEEPBGK@Z
+    - ?Add@CModuleConfigList@@QAEEPAVCModuleConfig@@@Z
+    - ?Add@CStrList@@QAEEPBG@Z
+    - ?AddNode@CLockList@@UAEEQAXE@Z
+    - ?AddNode@CNoLockList@@UAEEQAXE@Z
+    - ?Alloc@CMemoryAllocator@@UAEPAXKPBDK@Z
+    - ?Alloc@CMemoryPoolAllocator@@UAEPAXKPBDK@Z
+    - ?AllocBlock@CMemoryPoolAllocator@@IAEPAXK@Z
+    - ?AttachJobQueue@CWorkerThread@@QAEXPAVCWorkerThreadJobQueue@@@Z
+    - ?Cancel@CWorkerThreadJob@@QAEXXZ
+    - ?CheckNode@CLockList@@UAEHQAX@Z
+    - ?CheckNode@CNoLockList@@UAEHQAX@Z
+    - ?CleanQueue@CWorkerThreadJobQueue@@QAEXXZ
+    - ?Cleanup@CBlobConfig@@AAEXXZ
+    - ?Cleanup@CModuleFileExtConfig@@IAEXXZ
+    - ?Cleanup@CModuleMultiStringConfig@@IAEXXZ
+    - ?Cleanup@CModuleStringConfig@@AAEXXZ
+    - ?Close@CFile@@QAEJXZ
+    - ?Count@CLockList@@QAEKXZ
+    - ?Count@CNoLockList@@QAEKXZ
+    - ?Create@CFile@@QAEJPBGKKKK@Z
+    - ?Create@CSystemThread@@QAEEXZ
+    - ?CreateInstance@CMemoryAllocator@@SGPAV1@W4_POOL_TYPE@@K@Z
+    - ?CreateInstance@CMemoryPoolAllocator@@SGPAV1@W4_POOL_TYPE@@KKK@Z
+    - ?CreatePool@CWorkerThreadPool@@QAEEXZ
+    - ?CreatePool@CWorkerThreadPoolEx@@QAEEXZ
+    - ?CreateThreads@CWorkerThreadPool@@QAEEK@Z
+    - ?CreateThreads@CWorkerThreadPoolEx@@QAEEK@Z
+    - ?CreateWIRP@CFile@@QAEJPBGKKKK@Z
+    - ?Delete@CFile@@QAEJXZ
+    - ?Delete@CFileExtension@@QAEEPBGK@Z
+    - ?Delete@CStrList@@QAEEPBG@Z
+    - ?DeleteAll@CList@@UAEXXZ
+    - ?DeleteAll@CLockList@@UAEXXZ
+    - ?DeleteAll@CNoLockList@@UAEXXZ
+    - ?DeleteNode@CContextList@@MAEXPAX@Z
+    - ?DeleteNode@CList@@UAEXPAX@Z
+    - ?DeleteNode@CModuleConfigList@@MAEXPAX@Z
+    - ?DeleteNode@CStrList@@EAEXPAU_STR_LIST_NODE@1@@Z
+    - ?DisableWriteProtectFromCR0@@YGXPAPAX@Z
+    - ?DoIt@CWorkerThreadJob@@QAEJXZ
+    - ?EntryPoint@CSystemThread@@KGXPAX@Z
+    - ?Find@CContextList@@QAEPAVCContext@@K@Z
+    - ?Find@CContextList@@QAEPAVCContext@@PAX@Z
+    - ?Find@CFileExtension@@QAEPAU_STR_LIST_NODE@CStrList@@PBGK@Z
+    - ?Find@CModuleConfigList@@QAEPAVCModuleConfig@@K@Z
+    - ?Find@CStrList@@QAEPAU_STR_LIST_NODE@1@PBG@Z
+    - ?FindNode@CContextList@@IAEPAXPAX@Z
+    - ?FindPartiallyAndAllMatch@CStrList@@QAEPAU_STR_LIST_NODE@1@PBG@Z
+    - ?FinishFunction@CUserFuncAdapterJob@@MAEXXZ
+    - ?FinishIt@CWorkerThreadJob@@QAEJXZ
+    - ?First@CList@@UAEPAXXZ
+    - ?First@CLockList@@UAEPAXXZ
+    - ?First@CNoLockList@@UAEPAXXZ
+    - ?Free@CMemoryAllocator@@UAEXPAX@Z
+    - ?Free@CMemoryPoolAllocator@@UAEXPAX@Z
+    - ?GetAttributes@CFile@@QAEKXZ
+    - ?GetBasicInfomration@CFile@@IAEJXZ
+    - ?GetBlobCofig@CContext@@UAEJKPAXPAK@Z
+    - ?GetCategory@CContext@@QAEKXZ
+    - ?GetData@CBlobConfig@@QAEHPAXPAK@Z
+    - ?GetData@CModuleFileExtConfig@@QAEHPAGPAK@Z
+    - ?GetData@CModuleFileExtConfig@@QAEPAVCFileExtension@@XZ
+    - ?GetData@CModuleFlagConfig@@QAEKXZ
+    - ?GetData@CModuleMultiStringConfig@@QAEHPAGPAK@Z
+    - ?GetData@CModuleMultiStringConfig@@QAEPAVCStrList@@XZ
+    - ?GetData@CModuleStringConfig@@QAEPAGXZ
+    - ?GetData@CStrList@@QAEEPAGPAK@Z
+    - ?GetDataType@CModuleConfig@@QAEKXZ
+    - ?GetEngineContext@CContext@@QAEPAXXZ
+    - ?GetFileExtensionConfig@CContext@@QAEPAVCFileExtension@@K@Z
+    - ?GetFileExtensionConfig@CContext@@UAEJKPAGPAK@Z
+    - ?GetFileSize@CFile@@QAEJPAT_LARGE_INTEGER@@@Z
+    - ?GetFileSizeWIRP@CFile@@QAEJPAT_LARGE_INTEGER@@@Z
+    - ?GetFlagConfig@CContext@@UAEJKPAK@Z
+    - ?GetID@CModuleConfig@@QAEKXZ
+    - ?GetJob@CWorkerThreadJobQueue@@QAEPAVCWorkerThreadJob@@XZ
+    - ?GetLength@CModuleStringConfig@@QAEKXZ
+    - ?GetLinkContext@CContext@@QAEPAXXZ
+    - ?GetLogFlag@CDebugLog@@QAEKXZ
+    - ?GetLogFlag@CDebugLogEx@@QAEKXZ
+    - ?GetModuleId@CModuleConfig@@QAEKXZ
+    - ?GetMultiStringConfig@CContext@@QAEPAVCStrList@@K@Z
+    - ?GetMultiStringConfig@CContext@@UAEJKPAGPAK@Z
+    - ?GetOneThreadTEB@CWorkerThreadPool@@QAEPAU_ETHREAD@@XZ
+    - ?GetOneThreadTEB@CWorkerThreadPool@@QAEPAU_KTHREAD@@XZ
+    - ?GetOneThreadTEB@CWorkerThreadPoolEx@@QAEPAU_ETHREAD@@XZ
+    - ?GetOneThreadTEB@CWorkerThreadPoolEx@@QAEPAU_KTHREAD@@XZ
+    - ?GetReportCallBackRoutine@CContext@@QAEKXZ
+    - ?GetSize@CBlobConfig@@QAEKXZ
+    - ?GetStringConfig@CContext@@QAEPAGK@Z
+    - ?GetStringConfig@CContext@@UAEJKPAGPAK@Z
+    - ?GetThreadCount@CWorkerThreadPool@@QAEKXZ
+    - ?GetThreadCount@CWorkerThreadPoolEx@@QAEKXZ
+    - ?GetThreadID@CSystemThread@@QAEKXZ
+    - ?GetType@CContext@@QAEKXZ
+    - ?GetUserParameter@CContext@@QAEKXZ
+    - ?InitProcMon@CDebugLogEx@@IAEXXZ
+    - ?InitializeBlobConfig@CContext@@QAEHKPAXK@Z
+    - ?InitializeFileExtensionConfig@CContext@@QAEHKPBG@Z
+    - ?InitializeFlagConfig@CContext@@QAEHKK@Z
+    - ?InitializeMultiStringConfig@CContext@@QAEHKPBG@Z
+    - ?InitializeStringConfig@CContext@@QAEHKPBG@Z
+    - ?Insert@CList@@UAEXQAXE@Z
+    - ?Insert@CLockList@@UAEXQAXE@Z
+    - ?Insert@CNoLockList@@UAEXQAXE@Z
+    - ?InsertAfter@CList@@UAEXPAX0@Z
+    - ?InsertBefore@CList@@UAEXPAX0@Z
+    - ?Instance@CWorkerThreadPool@@SGPAV1@XZ
+    - ?IsEmpty@CList@@UAEEXZ
+    - ?IsEmpty@CLockList@@UAEEXZ
+    - ?IsEmpty@CNoLockList@@UAEEXZ
+    - ?IsExceedLimitation@CMemoryPoolAllocator@@IAEEK@Z
+    - ?IsFull@CLockList@@QBEEXZ
+    - ?IsFull@CNoLockList@@QBEEXZ
+    - ?IsInExclusionList@CExclusionExtConfig@@QAEEPBG@Z
+    - ?IsInExclusionList@CExclusionFileNameConfig@@QAEEPBG@Z
+    - ?IsInExclusionList@CExclusionFilePathConfig@@QAEEPBG@Z
+    - ?IsInExclusionList@CExclusionFolderConfig@@QAEEPBG@Z
+    - ?IsInExclusionList@CExclusionRegistryConfig@@QAEEPBG@Z
+    - ?IsInInclusionList@CInclusionExtConfig@@QAEEPBG@Z
+    - ?IsInInclusionList@CInclusionFileNameConfig@@QAEEPBG@Z
+    - ?IsInInclusionList@CInclusionFilePathConfig@@QAEEPBG@Z
+    - ?IsInInclusionList@CInclusionFolderConfig@@QAEEPBG@Z
+    - ?IsOpened@CFile@@QAEEXZ
+    - ?IsTerminated@CWorkerThreadPool@@QAEEXZ
+    - ?IsTerminated@CWorkerThreadPoolEx@@QAEEXZ
+    - ?IsValid@CMemoryAllocator@@UAEEXZ
+    - ?IsValid@CMemoryPoolAllocator@@UAEEXZ
+    - ?IsValid@IMemoryAllocator@@UAEEXZ
+    - ?IsWorkerThread@CWorkerThreadPool@@QAEEK@Z
+    - ?IsWorkerThread@CWorkerThreadPoolEx@@QAEEK@Z
+    - ?JobFunction@CUserFuncAdapterJob@@MAEXXZ
+    - ?JobQueue@CWorkerThreadPool@@QAEAAVCWorkerThreadJobQueue@@XZ
+    - ?JobQueue@CWorkerThreadPoolEx@@QAEAAVCWorkerThreadJobQueue@@XZ
+    - ?Limit@CLockList@@QAEKXZ
+    - ?Limit@CNoLockList@@QAEKXZ
+    - ?MatchAllExtensions@CFileExtension@@QAEEXZ
+    - ?MatchNoExtensions@CFileExtension@@QAEEXZ
+    - ?MergeLeft@CMemoryPoolAllocator@@IAEPAXPAX@Z
+    - ?MergeRight@CMemoryPoolAllocator@@IAEPAXPAX@Z
+    - ?NeedDelete@CWorkerThreadJob@@QAEEXZ
+    - ?NeedDeleteWhenFinish@CWorkerThreadJob@@QAEXE@Z
+    - ?NewNode@CList@@UAEPAXXZ
+    - ?NewNode@CStrList@@EAEPAXXZ
+    - ?NewNodeVariant@CList@@IAEPAXK@Z
+    - ?Next@CList@@UBEPAXQAX@Z
+    - ?Next@CLockList@@UBEPAXQAX@Z
+    - ?Next@CNoLockList@@UBEPAXQAX@Z
+    - ?NextPool@CMemoryPoolAllocator@@QAEPAV1@XZ
+    - ?NotityTerminate@CWorkerThread@@QAEXXZ
+    - ?PostJobToWorkerThread@CWorkerThreadPool@@QAEJP6GXPAX@Z0E@Z
+    - ?PostJobToWorkerThread@CWorkerThreadPoolEx@@QAEJP6GXPAX@Z0E1@Z
+    - ?Pulse@CKEvent@@QAEJJE@Z
+    - ?QueueJob@CWorkerThreadJobQueue@@QAEEPAVCWorkerThreadJob@@@Z
+    - ?QueueJobItem@CWorkerThreadPool@@QAEJPAVCWorkerThreadJob@@@Z
+    - ?QueueJobItem@CWorkerThreadPoolEx@@QAEJPAVCWorkerThreadJob@@@Z
+    - ?RCMInstance@CWorkerThreadPool@@SGPAV1@XZ
+    - ?Read@CFile@@QAEJPADKPAK@Z
+    - ?ReadWIRP@CFile@@QAEJPADKPAK@Z
+    - ?ReferenceCount@CContext@@QAEAAKXZ
+    - ?Release@CLockEvent@@QAEXXZ
+    - ?Remove@CContextList@@UAEEQAX@Z
+    - ?Remove@CList@@UAEEQAX@Z
+    - ?Remove@CLockList@@UAEEQAX@Z
+    - ?Remove@CNoLockList@@UAEEQAX@Z
+    - ?RemoveHead@CList@@UAEPAXXZ
+    - ?RemoveHead@CLockList@@UAEPAXXZ
+    - ?RemoveHead@CNoLockList@@UAEPAXXZ
+    - ?RemoveTail@CList@@UAEPAXXZ
+    - ?RemoveTail@CLockList@@UAEPAXXZ
+    - ?RemoveTail@CNoLockList@@UAEPAXXZ
+    - ?Reset@CKEvent@@QAEXXZ
+    - ?ResetData@CInclusionExtConfig@@QAEXXZ
+    - ?ResetData@CInclusionFileNameConfig@@QAEXXZ
+    - ?ResetData@CInclusionFilePathConfig@@QAEXXZ
+    - ?ResetData@CInclusionFolderConfig@@QAEXXZ
+    - ?RestoreCR0@@YGXPAX@Z
+    - ?Run@CAutoUpdateConfigThread@@UAEXXZ
+    - ?Run@CDelayLoadThread@@UAEXXZ
+    - ?Run@CWorkerThread@@UAEXXZ
+    - ?SeekToEnd@CFile@@QAEJXZ
+    - ?Set@CKEvent@@QAEJJE@Z
+    - ?SetAttributes@CFile@@QAEJK@Z
+    - ?SetBlobCofig@CContext@@UAEJKPAXK@Z
+    - ?SetData@CBlobConfig@@QAEHPAXK@Z
+    - ?SetData@CModuleFileExtConfig@@QAEHPBG@Z
+    - ?SetData@CModuleFlagConfig@@QAEHK@Z
+    - ?SetData@CModuleMultiStringConfig@@QAEHPBGK@Z
+    - ?SetData@CModuleStringConfig@@QAEHPBG@Z
+    - ?SetEngineContext@CContext@@QAEXPAX@Z
+    - ?SetFileExtensionConfig@CContext@@UAEJKPBG@Z
+    - ?SetFlagConfig@CContext@@UAEJKK@Z
+    - ?SetLinkContext@CContext@@QAEXPAX@Z
+    - ?SetLogFlag@CDebugLog@@QAEEK@Z
+    - ?SetLogFlag@CDebugLogEx@@QAEEK@Z
+    - ?SetMatchAllExtensions@CFileExtension@@QAEXE@Z
+    - ?SetMatchNoExtensions@CFileExtension@@QAEXE@Z
+    - ?SetMultiStringConfig@CContext@@UAEJKPBG@Z
+    - ?SetNewJobItemEvent@CWorkerThreadJobQueue@@QAEXXZ
+    - ?SetPriority@CSystemThread@@QAEXK@Z
+    - ?SetStopUse@CContext@@QAEXXZ
+    - ?SetStringConfig@CContext@@UAEJKPBG@Z
+    - ?Setup@CSystemThread@@MAEXXZ
+    - ?StopUse@CContext@@QAEHXZ
+    - ?TearDown@CSystemThread@@MAEXXZ
+    - ?Terminate@CSystemThread@@QAEXE@Z
+    - ?Terminate@CWorkerThreadPool@@QAEEXZ
+    - ?Terminate@CWorkerThreadPoolEx@@QAEEXZ
+    - ?TmExceptionFilter@@YGJPAU_EXCEPTION_POINTERS@@@Z
+    - ?Wait@CKEvent@@QAEJPAT_LARGE_INTEGER@@E@Z
+    - ?WaitFinish@CWorkerThreadJob@@QAEXXZ
+    - ?WaitForInit@CDelayLoadThread@@QAEEXZ
+    - ?WaitForLoad@CDelayLoadThread@@QAEEXZ
+    - ?WaitNewJobAvailable@CWorkerThreadJobQueue@@QAEEXZ
+    - ?WaitQueueEmpty@CWorkerThreadJobQueue@@QAEXXZ
+    - ?Write@CDebugLog@@QAAXPBDZZ
+    - ?Write@CDebugLogEx@@QAAXPBDZZ
+    - ?Write@CFile@@QAEJPADKPAT_LARGE_INTEGER@@PAK@Z
+    - ?WriteDataToFile@CDebugLogEx@@IAEXPADK@Z
+    - ?WriteDataToProcMonW@CDebugLogEx@@IAEXPAD@Z
+    - ?WriteSystemInformation@CDebugLog@@QAEXXZ
+    - ?WriteSystemInformation@CDebugLogEx@@QAEXXZ
+    - ?WriteSystemStringInformation@CDebugLog@@IAEXPBG@Z
+    - ?WriteSystemStringInformation@CDebugLogEx@@IAEXPBG@Z
+    - ?WriteToFile@CDebugLog@@IAEXPADK@Z
+    - ?WriteToProcMonW@CDebugLogEx@@IAEXPAU_UNICODE_STRING@@@Z
+    - ?_pNonPagedAllocator@@3PAVCMemoryAllocator@@A
+    - ?_pPagedAllocator@@3PAVCMemoryAllocator@@A
+    - ?m_lpInstance@CWorkerThreadPool@@1PAV1@A
+    - ?m_lpRCMInstance@CWorkerThreadPool@@1PAV1@A
+    - _AllocFullFileName@8
+    - _DeInitKm2UmCommunication@0
+    - _DeInitKmLPC@0
+    - _DuplicateFullFileName@4
+    - _FreeFullFileName@4
+    - _GetKm2UmMode@0
+    - _GetModuleInfoByAddress@8
+    - _GetModuleInfoByModuleName@8
+    - _InitKm2UmCommunication@8
+    - _InitKmLPC@0
+    - _IsVerifierCodeCheckFlagOn@0
+    - _IsWindows8_1_update@4
+    - _KmCallUm@8
+    - _KmCallUmByLPC@8
+    - _KmCallUmEx@12
+    - _KmCleanupCommPortAPIs@0
+    - _KmGetUmInitProcess@0
+    - _KmSetBackupCommPortAPIs@4
+    - _KmSetCommPortAPIs@4
+    - _ModGetExportProcAddress@8
+    - _ModLoadDLLToBuffer@4
+    - _ModLoadDLLToBufferWithImageSize@8
+    - _ModLoadModule@8
+    - _ModUnLoadModule@4
+    - _NormalizeFileName@4
+    - _NormalizeFullNtPathToDosName@4
+    - _TmCommConfigRoutine@4
+    - _UtilAddDeviceInDriveTable@4
+    - _UtilAddReparsePointMapping@8
+    - _UtilCleanFileReadOnly@4
+    - _UtilCloseExclusiveHandle@12
+    - _UtilCreateDosFileName@8
+    - _UtilDeleteFileForce@4
+    - _UtilGetDeviceObjectName@8
+    - _UtilGetFileNameFromFileObject@4
+    - _UtilGetFileObjectForProcessByEPROC@8
+    - _UtilGetFileObjectFromFileName@12
+    - _UtilGetProcessName@12
+    - _UtilGetSystemDirectory@4
+    - _UtilGetSystemDirectoryEx@0
+    - _UtilGetSystemDirectoryLength@0
+    - _UtilGetSystemTime@4
+    - _UtilIoSetFileInfo@24
+    - _UtilIopCreateFileIRP@40
+    - _UtilKeGetLowFileDevice@16
+    - _UtilModuleIATHook@24
+    - _UtilModuleIATUnHook@8
+    - _UtilPostJobToWorkerThread@12
+    - _UtilQueryExclusiveHandle@12
+    - _UtilQueryKeyValue@24
+    - _UtilRemoveDeviceFromDriveTable@4
+    - _UtilVolumeDeviceToDosName@8
+    - _UtilWaitValueChangeToZero@8
+    - _UtilWriteVersionToRegistry@8
+    - _UtilbuildDynamicDiskMappingTable@0
+    - _UtlWriteBinValueKeyToRegistry@16
+    - _ValidateAddressWithSize@20
+    - __ResetProtectFromClose@4
+    - __UtilDosPathNameToNtPathName@12
+    ImportedFunctions:
+    - ExAcquireFastMutexUnsafe
+    - ExReleaseFastMutexUnsafe
+    - ProbeForRead
+    - ProbeForWrite
+    - ExAcquireResourceSharedLite
+    - ExAcquireResourceExclusiveLite
+    - ExReleaseResourceLite
+    - MmProbeAndLockPages
+    - MmUnlockPages
+    - MmMapLockedPagesSpecifyCache
+    - IoAllocateMdl
+    - IoFreeMdl
+    - IoGetCurrentProcess
+    - ObfReferenceObject
+    - ObfDereferenceObject
+    - ZwClose
+    - ZwCreateSection
+    - ZwOpenSection
+    - ZwMapViewOfSection
+    - ZwUnmapViewOfSection
+    - ZwOpenEvent
+    - KePulseEvent
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - ObOpenObjectByPointer
+    - ZwAllocateVirtualMemory
+    - ZwFreeVirtualMemory
+    - ZwSetEvent
+    - _allmul
+    - memcpy
+    - memset
+    - PsProcessType
+    - wcsncpy
+    - wcsrchr
+    - RtlUnicodeStringToInteger
+    - ZwWaitForSingleObject
+    - ZwRequestWaitReplyPort
+    - ZwConnectPort
+    - swprintf
+    - RtlCopyUnicodeString
+    - DbgPrint
+    - KeDelayExecutionThread
+    - KeQuerySystemTime
+    - ExAllocatePoolWithTag
+    - PsGetVersion
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - ObReferenceObjectByHandle
+    - PsGetCurrentProcessId
+    - ZwCreateEvent
+    - ExEventObjectType
+    - SeCaptureSubjectContext
+    - SeReleaseSubjectContext
+    - SeAccessCheck
+    - ObGetObjectSecurity
+    - ObReleaseObjectSecurity
+    - PsGetProcessExitTime
+    - PsThreadType
+    - MmSectionObjectType
+    - RtlCreateSecurityDescriptor
+    - RtlSetDaclSecurityDescriptor
+    - KeInitializeSemaphore
+    - KeReleaseSemaphore
+    - RtlCreateAcl
+    - RtlAddAccessAllowedAce
+    - RtlLengthRequiredSid
+    - RtlInitializeSid
+    - RtlSubAuthoritySid
+    - ExGetPreviousMode
+    - _wcsnicmp
+    - PsSetCreateProcessNotifyRoutine
+    - ZwQueryInformationProcess
+    - PsLookupProcessByProcessId
+    - ZwOpenDirectoryObject
+    - MmIsAddressValid
+    - ExInitializeResourceLite
+    - ExDeleteResourceLite
+    - ZwCreateFile
+    - ZwQueryInformationFile
+    - ZwSetInformationFile
+    - ZwReadFile
+    - ZwWriteFile
+    - towupper
+    - MmGetSystemRoutineAddress
+    - ObReferenceObjectByPointer
+    - ObQueryNameString
+    - MmHighestUserAddress
+    - _snprintf
+    - _vsnprintf
+    - RtlInitAnsiString
+    - RtlAnsiStringToUnicodeString
+    - RtlFreeUnicodeString
+    - RtlTimeToTimeFields
+    - KeWaitForMultipleObjects
+    - ExSystemTimeToLocalTime
+    - ZwCreateKey
+    - PsGetCurrentThreadId
+    - ZwDeviceIoControlFile
+    - ZwNotifyChangeKey
+    - ZwOpenFile
+    - ExFreePoolWithTag
+    - mbstowcs
+    - _stricmp
+    - IoGetDeviceObjectPointer
+    - RtlImageNtHeader
+    - ZwQuerySystemInformation
+    - _strnicmp
+    - RtlCompareUnicodeString
+    - RtlCompareMemory
+    - MmBuildMdlForNonPagedPool
+    - IoAllocateIrp
+    - IofCallDriver
+    - IoFreeIrp
+    - RtlUpperChar
+    - ObReferenceObjectByName
+    - IoFileObjectType
+    - IoDriverObjectType
+    - IoBuildDeviceIoControlRequest
+    - IoCreateFile
+    - RtlEqualUnicodeString
+    - RtlAppendUnicodeStringToString
+    - RtlUpcaseUnicodeChar
+    - _snwprintf
+    - strncpy
+    - NtOpenProcess
+    - NtQueryInformationProcess
+    - PsIsThreadTerminating
+    - ObOpenObjectByName
+    - KeServiceDescriptorTable
+    - KeAddSystemServiceTable
+    - KeSetPriorityThread
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - KeNumberProcessors
+    - RtlLengthSecurityDescriptor
+    - ZwOpenKey
+    - ZwDeleteKey
+    - ZwDeleteValueKey
+    - ZwEnumerateKey
+    - ZwEnumerateValueKey
+    - ZwQueryKey
+    - ZwQueryValueKey
+    - ZwSetValueKey
+    - ZwTerminateProcess
+    - ZwOpenProcess
+    - ZwQuerySecurityObject
+    - ZwSetSecurityObject
+    - ZwQueryDirectoryObject
+    - ZwQueryDirectoryFile
+    - _allrem
+    - RtlAppendUnicodeToString
+    - ZwFsControlFile
+    - ObInsertObject
+    - strrchr
+    - wcschr
+    - wcsncmp
+    - RtlQueryRegistryValues
+    - IoBuildAsynchronousFsdRequest
+    - ZwOpenSymbolicLinkObject
+    - ZwQuerySymbolicLinkObject
+    - RtlUpcaseUnicodeString
+    - NtClose
+    - ZwSetInformationObject
+    - SeQueryAuthenticationIdToken
+    - MmSystemRangeStart
+    - IoGetFileObjectGenericMapping
+    - ObCreateObject
+    - SeCreateAccessState
+    - IoAcquireVpbSpinLock
+    - IoReleaseVpbSpinLock
+    - wcstombs
+    - strncat
+    - wcsncat
+    - RtlUnicodeStringToAnsiString
+    - RtlFreeAnsiString
+    - wcsstr
+    - ExAllocatePool
+    - ExInterlockedPopEntrySList
+    - IoBuildSynchronousFsdRequest
+    - IoGetStackLimits
+    - IoGetDeviceInterfaces
+    - IoRegisterPlugPlayNotification
+    - IoUnregisterPlugPlayNotification
+    - IoGetConfigurationInformation
+    - FsRtlIsNameInExpression
+    - RtlUnwind
+    - IoDeviceObjectType
+    - IoCreateDevice
+    - RtlGetOwnerSecurityDescriptor
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetSaclSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - RtlLengthSid
+    - SeExports
+    - IoIsWdmVersionAvailable
+    - RtlAbsoluteToSelfRelativeSD
+    - KeWaitForSingleObject
+    - KeLeaveCriticalRegion
+    - KeBugCheckEx
+    - KeEnterCriticalRegion
+    - KeSetEvent
+    - KeClearEvent
+    - KeInitializeEvent
+    - RtlInitUnicodeString
+    - KeGetCurrentThread
+    - memmove
+    - ZwQueryVolumeInformationFile
+    - _purecall
+    - ClassInitialize
+    - KeRaiseIrqlToDpcLevel
+    - KfAcquireSpinLock
+    - KeGetCurrentIrql
+    - ExReleaseFastMutex
+    - ExAcquireFastMutex
+    - KfLowerIrql
+    - KfRaiseIrql
+    - KfReleaseSpinLock
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited,
+                CN=COMODO SHA,1 Time Stamping Signer
+            ValidFrom: '2015-12-31 00:00:00'
+            ValidTo: '2019-07-09 18:40:36'
+            Signature: ba332440408c7cdb589fb36098b2f5c031feeb1f6e50f60ae0e4e681ad2687a2dffdb3daf473f300fb291b891b153edb6b52932bc4ac3981d73c67579a3936e028089ae3394f9b89097f7bc5617f598932250a6aae1a3ef0a227a8b6c3b887f7160448413d5cd8ec9f4d203104d965a1edcd690753163ddd36020a88eb40e506300bb8164bdcefbc5509ffc63e122e76b3dcce42eff97657e1b70a054098589a5d711693718c6581ea6ff389f7fb73adb4e7bfd98e6faa0b4f25f3b8e1d5dd75986881f8aac0d180c2c4c43989c1f6c99e6cd774f9d997f84fc29a0acd5e8ff819e9e0a59fc4f09221e62d7925c922f9c3f03a8457ad3a16f46394101d5dd0c6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1688f039255e638e69143907e6330b
+            Version: 3
+            TBS:
+                MD5: 0179e8ddeebaf8998fec419d65cdf13d
+                SHA1: 34c724c3369f2da8c25b591808962f66f10bde28
+                SHA256: 35b0bac11602847aaab65fb35199d3c8976cde3ccf7e061b130177c712cbd92f
+                SHA384: 85f2e758b5480eb225ae42777ed339de71da458c1d40677c0fb6ef8e560e42764a577335e4839b5342061c31ee837b6e
+        -   Subject: C=TW, ST=Taiwan, L=Taipei, O=Trend Micro, Inc., CN=Trend Micro,
+                Inc.
+            ValidFrom: '2016-03-29 00:00:00'
+            ValidTo: '2017-06-28 23:59:59'
+            Signature: 27351697f046d1d43fe306dff30b83e7a404e3e6431c1e06829c558d99eb3f21776021e3e1bd4e485aba08b89bb0972f23daa471d7b432a44a591270f9a838f13dbda32ee936c0df792cff8c493e1f27b2282b3d896ae7b4155ca1a50bf7111f3f4bbbe11f17cfe5d49c0589c210966ef7e567153e802d2e783ff498c59585598d9d3e93273d1e81c07ce85c0cfb24834d448c3930120f1686bd472d916ac8f9475acfdb27be8528311f668d71dfc132a0ff62df7baa575a0cc732b3de003beca214954d4d97cf9511b9329eccbb7b716675b31e543a43570080dffce3fc8ca8fbb17d954b9678e2d0c1e1710a5cf03952a687fede59dcba3bf98900f9934f12
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 774d49c5649436de6bf3190a67eedcdf
+            Version: 3
+            TBS:
+                MD5: b3ca7d6b821d8e3432b29874980af55e
+                SHA1: 618d7e55a24c1d8b65a0bcce79120c5e3b13fa4d
+                SHA256: c645c6a7dc7243a4a3f78a6569c029401a7bda8bc4732ce7198d9f21f19b12fa
+                SHA384: a215ae468847498103234ed023774ba72f8d35f82f2fef5ca8521f020e7ea9c1f2df2a312743bff5fa65747b0760ec59
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 774d49c5649436de6bf3190a67eedcdf
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 15c4587da185e00df2f0c96851dcc38c
+        SHA1: d11202ca48859e8c148a964c6e4871cf1affc82d
+        SHA256: 625832d0b9c8d6aef127c177634d2f29f994e6ed52ae7b78e592bc13316aa347
+    Sections:
+        .text:
+            Entropy: 6.788341267413328
+            Virtual Size: '0x37b48'
+        .rdata:
+            Entropy: 5.099573225002653
+            Virtual Size: '0x22d4'
+        .data:
+            Entropy: 4.2951074095764055
+            Virtual Size: '0x33fc'
+        PAGE:
+            Entropy: 6.287788165734512
+            Virtual Size: '0x15da'
+        .edata:
+            Entropy: 5.808478975586355
+            Virtual Size: '0x5635'
+        INIT:
+            Entropy: 5.720292552820918
+            Virtual Size: '0x1692'
+        .rsrc:
+            Entropy: 3.3517885149092943
+            Virtual Size: '0x560'
+        .reloc:
+            Entropy: 6.788646623912156
+            Virtual Size: '0x3310'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2016-08-01 21:01:01'
+    Imphash: 88380fdfc880da4da407c38f34fe8a3c
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: TmComm.sys
+    MD5: f51065667fb127cf6de984daea2f6b24
+    SHA1: 1768fb2b4796f624fa52b95dfdfbfb922ac21019
+    SHA256: 654c5ba47f74008c8f49cbb97988017eec8c898adc3bb851bc6e1fdf9dcf54ad
+    Authentihash:
+        MD5: 671205c31cc873b793bd9922b8c2594e
+        SHA1: d8dea3a091ef24abd0cee37b74a6e6bf8dccea23
+        SHA256: 9bea1a92c747c203cd3e370f422ed6023787817a5495385e5ca473ef59396a2e
+    Description: TrendMicro Common Module
+    Company: Trend Micro Inc.
+    InternalName: TmComm.sys
+    OriginalFilename: TmComm.sys
+    FileVersion: 6.0.0.1072
+    Product: Trend Micro Eyes
+    ProductVersion: '6.0'
+    Copyright: Copyright (C) 2013 Trend Micro Incorporated. All rights reserved.
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions:
+    - ??0CAutoUpdateConfigThread@@QEAA@AEBV0@@Z
+    - ??0CAutoUpdateConfigThread@@QEAA@PEAU_UNICODE_STRING@@P6AX0PEAX@Z1@Z
+    - ??0CBlobConfig@@QEAA@AEBV0@@Z
+    - ??0CBlobConfig@@QEAA@K@Z
+    - ??0CContext@@QEAA@AEBV0@@Z
+    - ??0CContext@@QEAA@KP6AJPEAU_EVENT_REPORT@@PEAXPEAU_TMCE_REPORT@@PEAU_TMCE_FEEDBACK@@@Z1K@Z
+    - ??0CContextList@@QEAA@AEBV0@@Z
+    - ??0CContextList@@QEAA@KPEAVIMemoryAllocator@@@Z
+    - ??0CDebugLog@@QEAA@AEBV0@@Z
+    - ??0CDebugLog@@QEAA@PEBG@Z
+    - ??0CDebugLogEx@@QEAA@AEBV0@@Z
+    - ??0CDebugLogEx@@QEAA@K@Z
+    - ??0CDelayLoadThread@@QEAA@AEBV0@@Z
+    - ??0CDelayLoadThread@@QEAA@XZ
+    - ??0CExclusionExtConfig@@QEAA@AEBV0@@Z
+    - ??0CExclusionExtConfig@@QEAA@KKE@Z
+    - ??0CExclusionFileNameConfig@@QEAA@AEBV0@@Z
+    - ??0CExclusionFileNameConfig@@QEAA@KK@Z
+    - ??0CExclusionFilePathConfig@@QEAA@AEBV0@@Z
+    - ??0CExclusionFilePathConfig@@QEAA@KK@Z
+    - ??0CExclusionFolderConfig@@QEAA@AEBV0@@Z
+    - ??0CExclusionFolderConfig@@QEAA@KK@Z
+    - ??0CExclusionRegistryConfig@@QEAA@AEBV0@@Z
+    - ??0CExclusionRegistryConfig@@QEAA@KK@Z
+    - ??0CFile@@QEAA@AEBV0@@Z
+    - ??0CFile@@QEAA@E@Z
+    - ??0CFileExtension@@QEAA@AEBV0@@Z
+    - ??0CFileExtension@@QEAA@KEEPEAVIMemoryAllocator@@@Z
+    - ??0CInclusionExtConfig@@QEAA@AEBV0@@Z
+    - ??0CInclusionExtConfig@@QEAA@KKE@Z
+    - ??0CInclusionFileNameConfig@@QEAA@AEBV0@@Z
+    - ??0CInclusionFileNameConfig@@QEAA@KK@Z
+    - ??0CInclusionFilePathConfig@@QEAA@AEBV0@@Z
+    - ??0CInclusionFilePathConfig@@QEAA@KK@Z
+    - ??0CInclusionFolderConfig@@QEAA@AEBV0@@Z
+    - ??0CInclusionFolderConfig@@QEAA@KK@Z
+    - ??0CKEvent@@QEAA@AEBV0@@Z
+    - ??0CKEvent@@QEAA@W4_EVENT_TYPE@@E@Z
+    - ??0CList@@QEAA@AEBV0@@Z
+    - ??0CList@@QEAA@KPEAVIMemoryAllocator@@@Z
+    - ??0CLockEvent@@QEAA@AEBV0@@Z
+    - ??0CLockEvent@@QEAA@XZ
+    - ??0CLockList@@QEAA@AEBV0@@Z
+    - ??0CLockList@@QEAA@KKPEAVIMemoryAllocator@@@Z
+    - ??0CMemoryAllocator@@IEAA@W4_POOL_TYPE@@K@Z
+    - ??0CMemoryAllocator@@QEAA@AEBV0@@Z
+    - ??0CMemoryPoolAllocator@@IEAA@W4_POOL_TYPE@@_K1K@Z
+    - ??0CMemoryPoolAllocator@@QEAA@AEBV0@@Z
+    - ??0CModuleConfig@@QEAA@AEBV0@@Z
+    - ??0CModuleConfig@@QEAA@XZ
+    - ??0CModuleConfigList@@QEAA@AEBV0@@Z
+    - ??0CModuleConfigList@@QEAA@KPEAVIMemoryAllocator@@@Z
+    - ??0CModuleFileExtConfig@@QEAA@AEBV0@@Z
+    - ??0CModuleFileExtConfig@@QEAA@KKE@Z
+    - ??0CModuleFlagConfig@@QEAA@AEBV0@@Z
+    - ??0CModuleFlagConfig@@QEAA@K@Z
+    - ??0CModuleMultiStringConfig@@QEAA@AEBV0@@Z
+    - ??0CModuleMultiStringConfig@@QEAA@KK@Z
+    - ??0CModuleStringConfig@@QEAA@AEBV0@@Z
+    - ??0CModuleStringConfig@@QEAA@K@Z
+    - ??0CNoLockList@@QEAA@AEBV0@@Z
+    - ??0CNoLockList@@QEAA@KKPEAVIMemoryAllocator@@@Z
+    - ??0CSmartLock@@QEAA@AEAVCLockEvent@@@Z
+    - ??0CSmartLock@@QEAA@XZ
+    - ??0CSmartReference@@QEAA@AEAJ@Z
+    - ??0CSmartReference@@QEAA@AEAK@Z
+    - ??0CSmartResource@@QEAA@AEAVCResource@@E@Z
+    - ??0CStrList@@QEAA@AEBV0@@Z
+    - ??0CStrList@@QEAA@KPEAVIMemoryAllocator@@@Z
+    - ??0CSystemThread@@QEAA@AEBV0@@Z
+    - ??0CSystemThread@@QEAA@K@Z
+    - ??0CUserFuncAdapterJob@@QEAA@AEBV0@@Z
+    - ??0CUserFuncAdapterJob@@QEAA@P6AXPEAX@Z01@Z
+    - ??0CWorkerThread@@IEAA@PEAVCWorkerThreadJobQueue@@@Z
+    - ??0CWorkerThread@@QEAA@AEBV0@@Z
+    - ??0CWorkerThreadJob@@QEAA@AEBV0@@Z
+    - ??0CWorkerThreadJob@@QEAA@E@Z
+    - ??0CWorkerThreadJobQueue@@QEAA@AEBV0@@Z
+    - ??0CWorkerThreadJobQueue@@QEAA@K@Z
+    - ??0CWorkerThreadPool@@QEAA@AEBV0@@Z
+    - ??0CWorkerThreadPool@@QEAA@K@Z
+    - ??0CWorkerThreadPoolEx@@QEAA@AEBV0@@Z
+    - ??0CWorkerThreadPoolEx@@QEAA@KK@Z
+    - ??0IMemoryAllocator@@QEAA@AEBV0@@Z
+    - ??0IMemoryAllocator@@QEAA@XZ
+    - ??1CAutoUpdateConfigThread@@UEAA@XZ
+    - ??1CBlobConfig@@UEAA@XZ
+    - ??1CContext@@UEAA@XZ
+    - ??1CContextList@@UEAA@XZ
+    - ??1CDebugLog@@UEAA@XZ
+    - ??1CDebugLogEx@@UEAA@XZ
+    - ??1CDelayLoadThread@@UEAA@XZ
+    - ??1CExclusionExtConfig@@UEAA@XZ
+    - ??1CExclusionFileNameConfig@@UEAA@XZ
+    - ??1CExclusionFilePathConfig@@UEAA@XZ
+    - ??1CExclusionFolderConfig@@UEAA@XZ
+    - ??1CExclusionRegistryConfig@@UEAA@XZ
+    - ??1CFile@@UEAA@XZ
+    - ??1CFileExtension@@UEAA@XZ
+    - ??1CInclusionExtConfig@@UEAA@XZ
+    - ??1CInclusionFileNameConfig@@UEAA@XZ
+    - ??1CInclusionFilePathConfig@@UEAA@XZ
+    - ??1CInclusionFolderConfig@@UEAA@XZ
+    - ??1CKEvent@@UEAA@XZ
+    - ??1CList@@UEAA@XZ
+    - ??1CLockEvent@@UEAA@XZ
+    - ??1CLockList@@UEAA@XZ
+    - ??1CMemoryAllocator@@UEAA@XZ
+    - ??1CMemoryPoolAllocator@@UEAA@XZ
+    - ??1CModuleConfig@@UEAA@XZ
+    - ??1CModuleConfigList@@UEAA@XZ
+    - ??1CModuleFileExtConfig@@UEAA@XZ
+    - ??1CModuleFlagConfig@@UEAA@XZ
+    - ??1CModuleMultiStringConfig@@UEAA@XZ
+    - ??1CModuleStringConfig@@UEAA@XZ
+    - ??1CNoLockList@@UEAA@XZ
+    - ??1CSmartLock@@QEAA@XZ
+    - ??1CSmartReference@@QEAA@XZ
+    - ??1CSmartResource@@QEAA@XZ
+    - ??1CStrList@@UEAA@XZ
+    - ??1CSystemThread@@UEAA@XZ
+    - ??1CUserFuncAdapterJob@@UEAA@XZ
+    - ??1CWorkerThread@@UEAA@XZ
+    - ??1CWorkerThreadJob@@UEAA@XZ
+    - ??1CWorkerThreadJobQueue@@UEAA@XZ
+    - ??1CWorkerThreadPool@@UEAA@XZ
+    - ??1CWorkerThreadPoolEx@@UEAA@XZ
+    - ??1IMemoryAllocator@@UEAA@XZ
+    - ??2@YAPEAX_KPEAVIMemoryAllocator@@PEBDK@Z
+    - ??2CMemoryAllocator@@SAPEAX_K@Z
+    - ??2CMemoryPoolAllocator@@SAPEAX_K@Z
+    - ??3@YAXPEAX@Z
+    - ??3IMemoryAllocator@@SAXPEAX@Z
+    - ??4CAutoUpdateConfigThread@@QEAAAEAV0@AEBV0@@Z
+    - ??4CBlobConfig@@QEAAAEAV0@AEBV0@@Z
+    - ??4CContext@@QEAAAEAV0@AEBV0@@Z
+    - ??4CDebugLog@@QEAAAEAV0@AEBV0@@Z
+    - ??4CDebugLogEx@@QEAAAEAV0@AEBV0@@Z
+    - ??4CDelayLoadThread@@QEAAAEAV0@AEBV0@@Z
+    - ??4CFile@@QEAAAEAV0@AEBV0@@Z
+    - ??4CKEvent@@QEAAAEAV0@AEBV0@@Z
+    - ??4CLockEvent@@QEAAAEAV0@AEBV0@@Z
+    - ??4CMemoryAllocator@@QEAAAEAV0@AEBV0@@Z
+    - ??4CMemoryPoolAllocator@@QEAAAEAV0@AEBV0@@Z
+    - ??4CModuleConfig@@QEAAAEAV0@AEBV0@@Z
+    - ??4CModuleFlagConfig@@QEAAAEAV0@AEBV0@@Z
+    - ??4CModuleStringConfig@@QEAAAEAV0@AEBV0@@Z
+    - ??4CSmartLock@@QEAAAEAV0@AEBV0@@Z
+    - ??4CSmartLock@@QEAAAEBV0@AEAVCLockEvent@@@Z
+    - ??4CSmartResource@@QEAAAEAV0@AEBV0@@Z
+    - ??4CSystemThread@@QEAAAEAV0@AEBV0@@Z
+    - ??4CUserFuncAdapterJob@@QEAAAEAV0@AEBV0@@Z
+    - ??4CWorkerThread@@QEAAAEAV0@AEBV0@@Z
+    - ??4CWorkerThreadJob@@QEAAAEAV0@AEBV0@@Z
+    - ??4IMemoryAllocator@@QEAAAEAV0@AEBV0@@Z
+    - ??_7CAutoUpdateConfigThread@@6B@
+    - ??_7CBlobConfig@@6B@
+    - ??_7CContext@@6B@
+    - ??_7CContextList@@6B@
+    - ??_7CDebugLog@@6B@
+    - ??_7CDebugLogEx@@6B@
+    - ??_7CDelayLoadThread@@6B@
+    - ??_7CExclusionExtConfig@@6B@
+    - ??_7CExclusionFileNameConfig@@6B@
+    - ??_7CExclusionFilePathConfig@@6B@
+    - ??_7CExclusionFolderConfig@@6B@
+    - ??_7CExclusionRegistryConfig@@6B@
+    - ??_7CFile@@6B@
+    - ??_7CFileExtension@@6B@
+    - ??_7CInclusionExtConfig@@6B@
+    - ??_7CInclusionFileNameConfig@@6B@
+    - ??_7CInclusionFilePathConfig@@6B@
+    - ??_7CInclusionFolderConfig@@6B@
+    - ??_7CKEvent@@6B@
+    - ??_7CList@@6B@
+    - ??_7CLockEvent@@6B@
+    - ??_7CLockList@@6B@
+    - ??_7CMemoryAllocator@@6B@
+    - ??_7CMemoryPoolAllocator@@6B@
+    - ??_7CModuleConfig@@6B@
+    - ??_7CModuleConfigList@@6B@
+    - ??_7CModuleFileExtConfig@@6B@
+    - ??_7CModuleFlagConfig@@6B@
+    - ??_7CModuleMultiStringConfig@@6B@
+    - ??_7CModuleStringConfig@@6B@
+    - ??_7CNoLockList@@6B@
+    - ??_7CStrList@@6B@
+    - ??_7CSystemThread@@6B@
+    - ??_7CUserFuncAdapterJob@@6B@
+    - ??_7CWorkerThread@@6B@
+    - ??_7CWorkerThreadJob@@6B@
+    - ??_7CWorkerThreadJobQueue@@6B@
+    - ??_7CWorkerThreadPool@@6B@
+    - ??_7CWorkerThreadPoolEx@@6B@
+    - ??_7IMemoryAllocator@@6B@
+    - ??_FCContextList@@QEAAXXZ
+    - ??_FCFile@@QEAAXXZ
+    - ??_FCFileExtension@@QEAAXXZ
+    - ??_FCModuleConfigList@@QEAAXXZ
+    - ??_FCStrList@@QEAAXXZ
+    - ??_FCSystemThread@@QEAAXXZ
+    - ??_FCWorkerThread@@QEAAXXZ
+    - ??_FCWorkerThreadJob@@QEAAXXZ
+    - ??_FCWorkerThreadJobQueue@@QEAAXXZ
+    - ??_U@YAPEAX_KPEAVIMemoryAllocator@@PEBDK@Z
+    - ??_V@YAXPEAX@Z
+    - ?Acquire@CLockEvent@@QEAAXXZ
+    - ?Add@CContextList@@QEAAEPEAVCContext@@@Z
+    - ?Add@CFileExtension@@QEAAEPEBGK@Z
+    - ?Add@CModuleConfigList@@QEAAEPEAVCModuleConfig@@@Z
+    - ?Add@CStrList@@QEAAEPEBG@Z
+    - ?AddNode@CLockList@@UEAAEQEAXE@Z
+    - ?AddNode@CNoLockList@@UEAAEQEAXE@Z
+    - ?Alloc@CMemoryAllocator@@UEAAPEAX_KPEBDK@Z
+    - ?Alloc@CMemoryPoolAllocator@@UEAAPEAX_KPEBDK@Z
+    - ?AllocBlock@CMemoryPoolAllocator@@IEAAPEAX_K@Z
+    - ?AttachJobQueue@CWorkerThread@@QEAAXPEAVCWorkerThreadJobQueue@@@Z
+    - ?Cancel@CWorkerThreadJob@@QEAAXXZ
+    - ?CheckNode@CLockList@@UEAAHQEAX@Z
+    - ?CheckNode@CNoLockList@@UEAAHQEAX@Z
+    - ?CleanQueue@CWorkerThreadJobQueue@@QEAAXXZ
+    - ?Cleanup@CBlobConfig@@AEAAXXZ
+    - ?Cleanup@CModuleFileExtConfig@@IEAAXXZ
+    - ?Cleanup@CModuleMultiStringConfig@@IEAAXXZ
+    - ?Cleanup@CModuleStringConfig@@AEAAXXZ
+    - ?Close@CFile@@QEAAJXZ
+    - ?Count@CLockList@@QEAAKXZ
+    - ?Count@CNoLockList@@QEAAKXZ
+    - ?Create@CFile@@QEAAJPEBGKKKK@Z
+    - ?Create@CSystemThread@@QEAAEXZ
+    - ?CreateInstance@CMemoryAllocator@@SAPEAV1@W4_POOL_TYPE@@K@Z
+    - ?CreateInstance@CMemoryPoolAllocator@@SAPEAV1@W4_POOL_TYPE@@_K1K@Z
+    - ?CreatePool@CWorkerThreadPool@@QEAAEXZ
+    - ?CreatePool@CWorkerThreadPoolEx@@QEAAEXZ
+    - ?CreateThreads@CWorkerThreadPool@@QEAAEK@Z
+    - ?CreateThreads@CWorkerThreadPoolEx@@QEAAEK@Z
+    - ?CreateWIRP@CFile@@QEAAJPEBGKKKK@Z
+    - ?Delete@CFile@@QEAAJXZ
+    - ?Delete@CFileExtension@@QEAAEPEBGK@Z
+    - ?Delete@CStrList@@QEAAEPEBG@Z
+    - ?DeleteAll@CList@@UEAAXXZ
+    - ?DeleteAll@CLockList@@UEAAXXZ
+    - ?DeleteAll@CNoLockList@@UEAAXXZ
+    - ?DeleteNode@CContextList@@MEAAXPEAX@Z
+    - ?DeleteNode@CList@@UEAAXPEAX@Z
+    - ?DeleteNode@CModuleConfigList@@MEAAXPEAX@Z
+    - ?DeleteNode@CStrList@@EEAAXPEAU_STR_LIST_NODE@1@@Z
+    - ?DisableWriteProtectFromCR0@@YAXPEAPEAX@Z
+    - ?DoIt@CWorkerThreadJob@@QEAAJXZ
+    - ?EntryPoint@CSystemThread@@KAXPEAX@Z
+    - ?Find@CContextList@@QEAAPEAVCContext@@K@Z
+    - ?Find@CContextList@@QEAAPEAVCContext@@PEAX@Z
+    - ?Find@CFileExtension@@QEAAPEAU_STR_LIST_NODE@CStrList@@PEBGK@Z
+    - ?Find@CModuleConfigList@@QEAAPEAVCModuleConfig@@K@Z
+    - ?Find@CStrList@@QEAAPEAU_STR_LIST_NODE@1@PEBG@Z
+    - ?FindNode@CContextList@@IEAAPEAXPEAX@Z
+    - ?FindPartiallyAndAllMatch@CStrList@@QEAAPEAU_STR_LIST_NODE@1@PEBG@Z
+    - ?FinishFunction@CUserFuncAdapterJob@@MEAAXXZ
+    - ?FinishIt@CWorkerThreadJob@@QEAAJXZ
+    - ?First@CList@@UEAAPEAXXZ
+    - ?First@CLockList@@UEAAPEAXXZ
+    - ?First@CNoLockList@@UEAAPEAXXZ
+    - ?Free@CMemoryAllocator@@UEAAXPEAX@Z
+    - ?Free@CMemoryPoolAllocator@@UEAAXPEAX@Z
+    - ?GetAttributes@CFile@@QEAAKXZ
+    - ?GetBasicInfomration@CFile@@IEAAJXZ
+    - ?GetBlobCofig@CContext@@UEAAJKPEAXPEAK@Z
+    - ?GetCategory@CContext@@QEAAKXZ
+    - ?GetData@CBlobConfig@@QEAAHPEAXPEAK@Z
+    - ?GetData@CModuleFileExtConfig@@QEAAHPEAGPEAK@Z
+    - ?GetData@CModuleFileExtConfig@@QEAAPEAVCFileExtension@@XZ
+    - ?GetData@CModuleFlagConfig@@QEAAKXZ
+    - ?GetData@CModuleMultiStringConfig@@QEAAHPEAGPEAK@Z
+    - ?GetData@CModuleMultiStringConfig@@QEAAPEAVCStrList@@XZ
+    - ?GetData@CModuleStringConfig@@QEAAPEAGXZ
+    - ?GetData@CStrList@@QEAAEPEAGPEAK@Z
+    - ?GetDataType@CModuleConfig@@QEAAKXZ
+    - ?GetEngineContext@CContext@@QEAAPEAXXZ
+    - ?GetFileExtensionConfig@CContext@@QEAAPEAVCFileExtension@@K@Z
+    - ?GetFileExtensionConfig@CContext@@UEAAJKPEAGPEAK@Z
+    - ?GetFileSize@CFile@@QEAAJPEAT_LARGE_INTEGER@@@Z
+    - ?GetFlagConfig@CContext@@UEAAJKPEAK@Z
+    - ?GetID@CModuleConfig@@QEAAKXZ
+    - ?GetJob@CWorkerThreadJobQueue@@QEAAPEAVCWorkerThreadJob@@XZ
+    - ?GetLength@CModuleStringConfig@@QEAAKXZ
+    - ?GetLinkContext@CContext@@QEAAPEAXXZ
+    - ?GetLogFlag@CDebugLog@@QEAAKXZ
+    - ?GetLogFlag@CDebugLogEx@@QEAAKXZ
+    - ?GetModuleId@CModuleConfig@@QEAAKXZ
+    - ?GetMultiStringConfig@CContext@@QEAAPEAVCStrList@@K@Z
+    - ?GetMultiStringConfig@CContext@@UEAAJKPEAGPEAK@Z
+    - ?GetOneThreadTEB@CWorkerThreadPool@@QEAAPEAU_ETHREAD@@XZ
+    - ?GetOneThreadTEB@CWorkerThreadPool@@QEAAPEAU_KTHREAD@@XZ
+    - ?GetOneThreadTEB@CWorkerThreadPoolEx@@QEAAPEAU_ETHREAD@@XZ
+    - ?GetOneThreadTEB@CWorkerThreadPoolEx@@QEAAPEAU_KTHREAD@@XZ
+    - ?GetReportCallBackRoutine@CContext@@QEAA_KXZ
+    - ?GetSize@CBlobConfig@@QEAAKXZ
+    - ?GetStringConfig@CContext@@QEAAPEAGK@Z
+    - ?GetStringConfig@CContext@@UEAAJKPEAGPEAK@Z
+    - ?GetThreadCount@CWorkerThreadPool@@QEAAKXZ
+    - ?GetThreadCount@CWorkerThreadPoolEx@@QEAAKXZ
+    - ?GetThreadID@CSystemThread@@QEAA_KXZ
+    - ?GetType@CContext@@QEAAKXZ
+    - ?GetUserParameter@CContext@@QEAA_KXZ
+    - ?InitProcMon@CDebugLogEx@@IEAAXXZ
+    - ?InitializeBlobConfig@CContext@@QEAAHKPEAXK@Z
+    - ?InitializeFileExtensionConfig@CContext@@QEAAHKPEBG@Z
+    - ?InitializeFlagConfig@CContext@@QEAAHKK@Z
+    - ?InitializeMultiStringConfig@CContext@@QEAAHKPEBG@Z
+    - ?InitializeStringConfig@CContext@@QEAAHKPEBG@Z
+    - ?Insert@CList@@UEAAXQEAXE@Z
+    - ?Insert@CLockList@@UEAAXQEAXE@Z
+    - ?Insert@CNoLockList@@UEAAXQEAXE@Z
+    - ?InsertAfter@CList@@UEAAXPEAX0@Z
+    - ?InsertBefore@CList@@UEAAXPEAX0@Z
+    - ?Instance@CWorkerThreadPool@@SAPEAV1@XZ
+    - ?IsEmpty@CList@@UEAAEXZ
+    - ?IsEmpty@CLockList@@UEAAEXZ
+    - ?IsEmpty@CNoLockList@@UEAAEXZ
+    - ?IsExceedLimitation@CMemoryPoolAllocator@@IEAAEK@Z
+    - ?IsFull@CLockList@@QEBAEXZ
+    - ?IsFull@CNoLockList@@QEBAEXZ
+    - ?IsInExclusionList@CExclusionExtConfig@@QEAAEPEBG@Z
+    - ?IsInExclusionList@CExclusionFileNameConfig@@QEAAEPEBG@Z
+    - ?IsInExclusionList@CExclusionFilePathConfig@@QEAAEPEBG@Z
+    - ?IsInExclusionList@CExclusionFolderConfig@@QEAAEPEBG@Z
+    - ?IsInExclusionList@CExclusionRegistryConfig@@QEAAEPEBG@Z
+    - ?IsInInclusionList@CInclusionExtConfig@@QEAAEPEBG@Z
+    - ?IsInInclusionList@CInclusionFileNameConfig@@QEAAEPEBG@Z
+    - ?IsInInclusionList@CInclusionFilePathConfig@@QEAAEPEBG@Z
+    - ?IsInInclusionList@CInclusionFolderConfig@@QEAAEPEBG@Z
+    - ?IsOpened@CFile@@QEAAEXZ
+    - ?IsTerminated@CWorkerThreadPool@@QEAAEXZ
+    - ?IsTerminated@CWorkerThreadPoolEx@@QEAAEXZ
+    - ?IsValid@CMemoryAllocator@@UEAAEXZ
+    - ?IsValid@CMemoryPoolAllocator@@UEAAEXZ
+    - ?IsValid@IMemoryAllocator@@UEAAEXZ
+    - ?IsWorkerThread@CWorkerThreadPool@@QEAAE_K@Z
+    - ?IsWorkerThread@CWorkerThreadPoolEx@@QEAAE_K@Z
+    - ?JobFunction@CUserFuncAdapterJob@@MEAAXXZ
+    - ?JobQueue@CWorkerThreadPool@@QEAAAEAVCWorkerThreadJobQueue@@XZ
+    - ?JobQueue@CWorkerThreadPoolEx@@QEAAAEAVCWorkerThreadJobQueue@@XZ
+    - ?Limit@CLockList@@QEAAKXZ
+    - ?Limit@CNoLockList@@QEAAKXZ
+    - ?MatchAllExtensions@CFileExtension@@QEAAEXZ
+    - ?MatchNoExtensions@CFileExtension@@QEAAEXZ
+    - ?MergeLeft@CMemoryPoolAllocator@@IEAAPEAXPEAX@Z
+    - ?MergeRight@CMemoryPoolAllocator@@IEAAPEAXPEAX@Z
+    - ?NeedDelete@CWorkerThreadJob@@QEAAEXZ
+    - ?NeedDeleteWhenFinish@CWorkerThreadJob@@QEAAXE@Z
+    - ?NewNode@CList@@UEAAPEAXXZ
+    - ?NewNode@CStrList@@EEAAPEAXXZ
+    - ?NewNodeVariant@CList@@IEAAPEAXK@Z
+    - ?Next@CList@@UEBAPEAXQEAX@Z
+    - ?Next@CLockList@@UEBAPEAXQEAX@Z
+    - ?Next@CNoLockList@@UEBAPEAXQEAX@Z
+    - ?NextPool@CMemoryPoolAllocator@@QEAAPEAV1@XZ
+    - ?NotityTerminate@CWorkerThread@@QEAAXXZ
+    - ?PostJobToWorkerThread@CWorkerThreadPool@@QEAAJP6AXPEAX@Z0E@Z
+    - ?PostJobToWorkerThread@CWorkerThreadPoolEx@@QEAAJP6AXPEAX@Z0E1@Z
+    - ?Pulse@CKEvent@@QEAAJJE@Z
+    - ?QueueJob@CWorkerThreadJobQueue@@QEAAEPEAVCWorkerThreadJob@@@Z
+    - ?QueueJobItem@CWorkerThreadPool@@QEAAJPEAVCWorkerThreadJob@@@Z
+    - ?QueueJobItem@CWorkerThreadPoolEx@@QEAAJPEAVCWorkerThreadJob@@@Z
+    - ?RCMInstance@CWorkerThreadPool@@SAPEAV1@XZ
+    - ?Read@CFile@@QEAAJPEADKPEAK@Z
+    - ?ReadWIRP@CFile@@QEAAJPEADKPEAK@Z
+    - ?ReferenceCount@CContext@@QEAAAEAKXZ
+    - ?Release@CLockEvent@@QEAAXXZ
+    - ?Remove@CContextList@@UEAAEQEAX@Z
+    - ?Remove@CList@@UEAAEQEAX@Z
+    - ?Remove@CLockList@@UEAAEQEAX@Z
+    - ?Remove@CNoLockList@@UEAAEQEAX@Z
+    - ?RemoveHead@CList@@UEAAPEAXXZ
+    - ?RemoveHead@CLockList@@UEAAPEAXXZ
+    - ?RemoveHead@CNoLockList@@UEAAPEAXXZ
+    - ?RemoveTail@CList@@UEAAPEAXXZ
+    - ?RemoveTail@CLockList@@UEAAPEAXXZ
+    - ?RemoveTail@CNoLockList@@UEAAPEAXXZ
+    - ?Reset@CKEvent@@QEAAXXZ
+    - ?ResetData@CInclusionExtConfig@@QEAAXXZ
+    - ?ResetData@CInclusionFileNameConfig@@QEAAXXZ
+    - ?ResetData@CInclusionFilePathConfig@@QEAAXXZ
+    - ?ResetData@CInclusionFolderConfig@@QEAAXXZ
+    - ?RestoreCR0@@YAXPEAX@Z
+    - ?Run@CAutoUpdateConfigThread@@UEAAXXZ
+    - ?Run@CDelayLoadThread@@UEAAXXZ
+    - ?Run@CWorkerThread@@UEAAXXZ
+    - ?SeekToEnd@CFile@@QEAAJXZ
+    - ?Set@CKEvent@@QEAAJJE@Z
+    - ?SetAttributes@CFile@@QEAAJK@Z
+    - ?SetBlobCofig@CContext@@UEAAJKPEAXK@Z
+    - ?SetData@CBlobConfig@@QEAAHPEAXK@Z
+    - ?SetData@CModuleFileExtConfig@@QEAAHPEBG@Z
+    - ?SetData@CModuleFlagConfig@@QEAAHK@Z
+    - ?SetData@CModuleMultiStringConfig@@QEAAHPEBGK@Z
+    - ?SetData@CModuleStringConfig@@QEAAHPEBG@Z
+    - ?SetEngineContext@CContext@@QEAAXPEAX@Z
+    - ?SetFileExtensionConfig@CContext@@UEAAJKPEBG@Z
+    - ?SetFlagConfig@CContext@@UEAAJKK@Z
+    - ?SetLinkContext@CContext@@QEAAXPEAX@Z
+    - ?SetLogFlag@CDebugLog@@QEAAEK@Z
+    - ?SetLogFlag@CDebugLogEx@@QEAAEK@Z
+    - ?SetMatchAllExtensions@CFileExtension@@QEAAXE@Z
+    - ?SetMatchNoExtensions@CFileExtension@@QEAAXE@Z
+    - ?SetMultiStringConfig@CContext@@UEAAJKPEBG@Z
+    - ?SetNewJobItemEvent@CWorkerThreadJobQueue@@QEAAXXZ
+    - ?SetPriority@CSystemThread@@QEAAXK@Z
+    - ?SetStopUse@CContext@@QEAAXXZ
+    - ?SetStringConfig@CContext@@UEAAJKPEBG@Z
+    - ?Setup@CSystemThread@@MEAAXXZ
+    - ?StopUse@CContext@@QEAAHXZ
+    - ?TearDown@CSystemThread@@MEAAXXZ
+    - ?Terminate@CSystemThread@@QEAAXE@Z
+    - ?Terminate@CWorkerThreadPool@@QEAAEXZ
+    - ?Terminate@CWorkerThreadPoolEx@@QEAAEXZ
+    - ?TmExceptionFilter@@YAJPEAU_EXCEPTION_POINTERS@@@Z
+    - ?Wait@CKEvent@@QEAAJPEAT_LARGE_INTEGER@@E@Z
+    - ?WaitFinish@CWorkerThreadJob@@QEAAXXZ
+    - ?WaitForInit@CDelayLoadThread@@QEAAEXZ
+    - ?WaitForLoad@CDelayLoadThread@@QEAAEXZ
+    - ?WaitNewJobAvailable@CWorkerThreadJobQueue@@QEAAEXZ
+    - ?WaitQueueEmpty@CWorkerThreadJobQueue@@QEAAXXZ
+    - ?Write@CDebugLog@@QEAAXPEBDZZ
+    - ?Write@CDebugLogEx@@QEAAXPEBDZZ
+    - ?Write@CFile@@QEAAJPEADKPEAT_LARGE_INTEGER@@PEAK@Z
+    - ?WriteDataToFile@CDebugLogEx@@IEAAXPEADK@Z
+    - ?WriteDataToProcMonW@CDebugLogEx@@IEAAXPEAD@Z
+    - ?WriteSystemInformation@CDebugLog@@QEAAXXZ
+    - ?WriteSystemInformation@CDebugLogEx@@QEAAXXZ
+    - ?WriteSystemStringInformation@CDebugLog@@IEAAXPEBG@Z
+    - ?WriteSystemStringInformation@CDebugLogEx@@IEAAXPEBG@Z
+    - ?WriteToFile@CDebugLog@@IEAAXPEADK@Z
+    - ?WriteToProcMonW@CDebugLogEx@@IEAAXPEAU_UNICODE_STRING@@@Z
+    - ?_pNonPagedAllocator@@3PEAVCMemoryAllocator@@EA
+    - ?_pPagedAllocator@@3PEAVCMemoryAllocator@@EA
+    - ?m_lpInstance@CWorkerThreadPool@@1PEAV1@EA
+    - ?m_lpRCMInstance@CWorkerThreadPool@@1PEAV1@EA
+    - DeInitKm2UmCommunication
+    - DeInitKmLPC
+    - DuplicateFullFileName
+    - FreeFullFileName
+    - GetKm2UmMode
+    - GetModuleInfoByAddress
+    - GetModuleInfoByModuleName
+    - InitKm2UmCommunication
+    - InitKmLPC
+    - KmCallUm
+    - KmCallUmByLPC
+    - KmCallUmEx
+    - KmCleanupCommPortAPIs
+    - KmGetUmInitProcess
+    - KmSetCommPortAPIs
+    - ModGetExportProcAddress
+    - ModLoadDLLToBuffer
+    - ModLoadDLLToBufferWithImageSize
+    - ModLoadModule
+    - ModUnLoadModule
+    - NormalizeFileName
+    - NormalizeFullNtPathToDosName
+    - TmCommConfigRoutine
+    - UtilAddDeviceInDriveTable
+    - UtilAddReparsePointMapping
+    - UtilCleanFileReadOnly
+    - UtilCreateDosFileName
+    - UtilDeleteFileForce
+    - UtilGetDeviceObjectName
+    - UtilGetFileNameFromFileObject
+    - UtilGetFileObjectForProcessByEPROC
+    - UtilGetFileObjectFromFileName
+    - UtilGetProcessName
+    - UtilGetSystemDirectory
+    - UtilGetSystemDirectoryEx
+    - UtilGetSystemDirectoryLength
+    - UtilGetSystemTime
+    - UtilIoSetFileInfo
+    - UtilIopCreateFileIRP
+    - UtilKeGetLowFileDevice
+    - UtilModuleIATHook
+    - UtilModuleIATUnHook
+    - UtilPostJobToWorkerThread
+    - UtilQueryKeyValue
+    - UtilRemoveDeviceFromDriveTable
+    - UtilVolumeDeviceToDosName
+    - UtilWaitValueChangeToZero
+    - UtilWriteVersionToRegistry
+    - UtilbuildDynamicDiskMappingTable
+    - UtlWriteBinValueKeyToRegistry
+    - ValidateAddressWithSize
+    - _UtilDosPathNameToNtPathName
+    ImportedFunctions:
+    - KeLeaveCriticalRegion
+    - wcsncpy
+    - KeEnterCriticalRegion
+    - ExAcquireFastMutexUnsafe
+    - wcsrchr
+    - ExAcquireResourceSharedLite
+    - ExReleaseResourceLite
+    - _purecall
+    - ZwOpenEvent
+    - ZwConnectPort
+    - KeClearEvent
+    - PsProcessType
+    - ExFreePoolWithTag
+    - RtlInitUnicodeString
+    - KeSetEvent
+    - ProbeForWrite
+    - KeUnstackDetachProcess
+    - ZwRequestWaitReplyPort
+    - ZwWaitForSingleObject
+    - DbgBreakPoint
+    - ZwSetEvent
+    - IoGetCurrentProcess
+    - ZwFreeVirtualMemory
+    - ZwClose
+    - ObfReferenceObject
+    - ObfDereferenceObject
+    - RtlUnicodeStringToInteger
+    - ZwCreateSection
+    - ObOpenObjectByPointer
+    - KeStackAttachProcess
+    - KePulseEvent
+    - ZwAllocateVirtualMemory
+    - ObGetObjectSecurity
+    - SeAccessCheck
+    - SeReleaseSubjectContext
+    - SeCaptureSubjectContext
+    - PsThreadType
+    - ObReleaseObjectSecurity
+    - PsGetProcessExitTime
+    - MmSectionObjectType
+    - DbgPrint
+    - ExDeleteResourceLite
+    - ExInitializeResourceLite
+    - ZwReadFile
+    - swprintf
+    - ZwSetInformationFile
+    - ZwCreateFile
+    - ZwQueryInformationFile
+    - ZwWriteFile
+    - _wcsnicmp
+    - towupper
+    - ExAllocatePoolWithTag
+    - KeInitializeEvent
+    - ZwCreateEvent
+    - ZwCreateKey
+    - RtlAnsiStringToUnicodeString
+    - ZwNotifyChangeKey
+    - RtlInitAnsiString
+    - _snprintf
+    - RtlFreeUnicodeString
+    - ExSystemTimeToLocalTime
+    - _vsnprintf
+    - ObReferenceObjectByHandle
+    - RtlTimeToTimeFields
+    - ZwDeviceIoControlFile
+    - PsGetCurrentThreadId
+    - PsGetCurrentProcessId
+    - KeWaitForMultipleObjects
+    - RtlEqualUnicodeString
+    - RtlAppendUnicodeStringToString
+    - RtlCopyUnicodeString
+    - RtlUpcaseUnicodeChar
+    - KeWaitForSingleObject
+    - KeSetPriorityThread
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - MmIsAddressValid
+    - KeDelayExecutionThread
+    - KeNumberProcessors
+    - PsLookupProcessByProcessId
+    - PsSetCreateProcessNotifyRoutine
+    - ZwOpenDirectoryObject
+    - ZwQueryInformationProcess
+    - ExGetPreviousMode
+    - NtSetInformationFile
+    - ZwDeleteValueKey
+    - ZwSetValueKey
+    - ZwQuerySystemInformation
+    - NtQueryInformationFile
+    - IoFileObjectType
+    - ZwQueryValueKey
+    - ZwQueryDirectoryFile
+    - NtCreateFile
+    - ZwEnumerateValueKey
+    - ZwQueryDirectoryObject
+    - ZwDuplicateObject
+    - ZwOpenProcess
+    - ZwTerminateProcess
+    - ZwDeleteKey
+    - ZwEnumerateKey
+    - ZwQueryKey
+    - ZwOpenKey
+    - ExReleaseFastMutexUnsafe
+    - _stricmp
+    - _strnicmp
+    - mbstowcs
+    - ProbeForRead
+    - _snwprintf
+    - ZwQuerySymbolicLinkObject
+    - ZwMapViewOfSection
+    - MmGetSystemRoutineAddress
+    - RtlAppendUnicodeToString
+    - IoCreateFile
+    - RtlQueryRegistryValues
+    - MmBuildMdlForNonPagedPool
+    - ZwOpenSymbolicLinkObject
+    - IoFreeMdl
+    - ObQueryNameString
+    - ZwUnmapViewOfSection
+    - NtClose
+    - IoFreeIrp
+    - PsGetVersion
+    - IoAllocateIrp
+    - RtlCompareMemory
+    - MmUnlockPages
+    - ZwOpenFile
+    - wcsncmp
+    - RtlImageNtHeader
+    - IoAllocateMdl
+    - IofCallDriver
+    - ZwQueryVolumeInformationFile
+    - ObReferenceObjectByPointer
+    - IoBuildDeviceIoControlRequest
+    - ZwOpenSection
+    - RtlSubAuthoritySid
+    - RtlLengthRequiredSid
+    - ExReleaseFastMutex
+    - ExAcquireFastMutex
+    - RtlCreateAcl
+    - RtlSetDaclSecurityDescriptor
+    - RtlAddAccessAllowedAce
+    - KeInitializeSemaphore
+    - KeReleaseSemaphore
+    - RtlInitializeSid
+    - RtlCreateSecurityDescriptor
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - ExEventObjectType
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoGetDeviceObjectPointer
+    - strncpy
+    - NtOpenProcess
+    - ObInsertObject
+    - IoAcquireVpbSpinLock
+    - SeCreateAccessState
+    - IoGetFileObjectGenericMapping
+    - ObCreateObject
+    - IoReleaseVpbSpinLock
+    - wcschr
+    - strncat
+    - RtlUnicodeStringToAnsiString
+    - wcsncat
+    - RtlFreeAnsiString
+    - wcstombs
+    - IoGetConfigurationInformation
+    - IoRegisterPlugPlayNotification
+    - RtlUpcaseUnicodeString
+    - IoGetStackLimits
+    - IoBuildSynchronousFsdRequest
+    - KeReleaseSpinLock
+    - ExpInterlockedPopEntrySList
+    - FsRtlIsNameInExpression
+    - wcsstr
+    - ExAllocatePool
+    - IoUnregisterPlugPlayNotification
+    - MmProbeAndLockPages
+    - RtlCompareUnicodeString
+    - IoGetDeviceInterfaces
+    - DbgPrintEx
+    - KeAcquireSpinLockRaiseToDpc
+    - KeBugCheckEx
+    - IoCreateDevice
+    - ZwSetSecurityObject
+    - IoDeviceObjectType
+    - RtlLengthSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - RtlAbsoluteToSelfRelativeSD
+    - IoIsWdmVersionAvailable
+    - SeExports
+    - RtlLengthSid
+    - RtlGetSaclSecurityDescriptor
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - MmSystemRangeStart
+    - ExAcquireResourceExclusiveLite
+    - __C_specific_handler
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited,
+                CN=COMODO Time Stamping Signer
+            ValidFrom: '2010-05-10 00:00:00'
+            ValidTo: '2015-05-10 23:59:59'
+            Signature: c8fb63f80b75752c3af1f213a72db6a31a9cad0107d3348e77e0c26eae025d484fa4d221b636fd2a35437c6bdf80870b15f0763200b4ceb567a42f2f201b9c549e833f1f5f149562820f2241221f70b3f3f742de6c51cd4bf821ac9b3b8cb1e5e6288fce2a8af9aa524d8c5b77ba4d5a58dbbb6a04cc521e9de228370ebbe70e91c7f8dbf18198ebcd37b30eab65d362ec3aa576eb13a83593c92e0a01ecc0e8cc3d7eb6ebe2c1ecd3149282668750dcfd5097acb34a767306c486113ab35f4304526feab3d074364ccaf11b7984377063ad74b9aa0ef398b08608ebdbe01f8c10f239649bae4f0a2c928a4f18b591e58d1a935f1faef1a6f02e97d0d2f62b3c
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 478a8efb59e1d83f0ce142d2a28707be
+            Version: 3
+            TBS:
+                MD5: f13ede9179075999ef7f856ec31e364b
+                SHA1: 2f09867166e6107e17808317f5c8d4ee157f45bc
+                SHA256: 089a2c4c6ac7432020acdb65c33bf39130da6f37c002ba79128bd4c94e4fa101
+                SHA384: 67be6d358f4ecd0726163603a404db9d78c340951d43fd608482cd89a2de7f9566f0ce45f8222f420003157cb266b939
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-09-30 00:00:00'
+            ValidTo: '2014-01-01 23:59:59'
+            Signature: aedd211d5f8f807ad25209eadb6ed25d8be8c21b6904be51a5010e59fa37d174a3eedced89742b62d5a6bf4fad361754f013e0a345d24c26cbe26da21fd01e7a070fb6b37b6f5068a2e931b3b7997d8070a0a7de0b1ea4fff34d811bdd20c91cc4afcff18ffad9da95f0ecdc5cbfe88c5a3e7ab0a3eb59437411e09b1a6af36f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4d6290e58c54f0f1eb17341a1310e6a4
+            Version: 3
+            TBS:
+                MD5: b7d8444a70054990435f35a5630df5e1
+                SHA1: 4678c6e4a8787a8e6ed2bce8792b122f6c08afd8
+                SHA256: 0a8b4b359ea7890b358e56e436e9cfc6f32b037b2599b597ca7f7a80d475ec98
+                SHA384: ab21ee23bcdcf6f6066fb964d61467419ca8c0f3ad0b3fa2be4db6ed6af1cdff066b27d1988551c75836f22eddffef1f
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=TW, ST=Taiwan, L=Taipei, O=Trend Micro, Inc., OU=Digital ID
+                Class 3 , Microsoft Software Validation v2, CN=Trend Micro, Inc.
+            ValidFrom: '2013-01-17 00:00:00'
+            ValidTo: '2014-03-18 23:59:59'
+            Signature: 65c7e1e0f4051179852b819153b528c88db47ef50e897cd8ce0d03a7cc2dc896c89790410182186fecaf9da5c317bf57b5038311c10c2ec5ddb5c18165a7e92f92a6f39c042262126c714337a7c528041a04679217c1475a30231c967ca63b4430ccea52fe4f16fabb5c454d2aa8cdde347b8beaa973d76b3f9ba99d2597939a33d67ec4abc3974ef3792b8bc90d092cce62309d205129bbcbd3554382f24b2911b4904b09e7f52f24f2cc5a52fa49f3a163c32fde076e917301f22dd45d643b95319bae922bc861e5a8f90d4dd72603c7b1ea0229eca869ab8d086ae5286baeba9b99a12856dc1d3cd9f6d9da4b8d5a85896ba4587d8eba506a4fbba4a7bb49
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1a9d178ad334acdf47c8a0d15bb50e6e
+            Version: 3
+            TBS:
+                MD5: 685d99029d38a9d263ea82cd02a49f6c
+                SHA1: 93464d8f54b4ee7caf22ca1db15a4211e0d3c79e
+                SHA256: 894991f1477dff88c7c0707531073bb59483750bcad672fc388179affca07aa9
+                SHA384: e1e5526fbf2108b827717adc49e251251bb8d43a578cd1796da78fcb26c1757b2779616c46e05caf593c2c5046ac60b4
+        Signer:
+        -   SerialNumber: 1a9d178ad334acdf47c8a0d15bb50e6e
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: bbb76ea1d539dce2f6450c28c119dfc4
+        SHA1: 93937617f04f056cdde3a44129645289bbf68c00
+        SHA256: 559177f9f73571b4f376e356741cfbedbb9806f57e0a1a70cb6b8dd57b8d83fa
+    Sections:
+        .text:
+            Entropy: 6.422836072266523
+            Virtual Size: '0x2f9e8'
+        .rdata:
+            Entropy: 3.4057499319194284
+            Virtual Size: '0x5ed4'
+        .data:
+            Entropy: 3.371340799515363
+            Virtual Size: '0x2d78'
+        .pdata:
+            Entropy: 5.344142440054196
+            Virtual Size: '0x225c'
+        PAGE:
+            Entropy: 6.227607991130914
+            Virtual Size: '0x19f7'
+        .edata:
+            Entropy: 5.801919096006544
+            Virtual Size: '0x56da'
+        INIT:
+            Entropy: 5.227774256657284
+            Virtual Size: '0x177a'
+        .rsrc:
+            Entropy: 3.3972982299255308
+            Virtual Size: '0x758'
+        .reloc:
+            Entropy: 3.7667938810500683
+            Virtual Size: '0x76e'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2013-09-27 20:56:05'
+    Imphash: d8101af81fd826b492ced1994ebd3268
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: TmComm.sys
+    MD5: a31246180e61140ad7ff9dd7edf1f6a1
+    SHA1: fe0afc6dd03a9bd7f6e673cc6b4af2266737e3d1
+    SHA256: 6ffdde6bc6784c13c601442e47157062941c47015891e7139c2aaba676ab59cc
+    Authentihash:
+        MD5: 9da7d62145d6f4c104da27b797fabc4c
+        SHA1: 597144e2c01496c32aeed3277f8619c229de17b4
+        SHA256: d3227dc2e8f83258810cf43719f02a8d52648eb17939fddd79fd70155a47305d
+    Description: TrendMicro Common Module NoTrap Build
+    Company: Trend Micro Inc.
+    InternalName: TmComm.sys
+    OriginalFilename: TmComm.sys
+    FileVersion: 5.0.0.1104
+    Product: Trend Micro Eyes
+    ProductVersion: '5.0'
+    Copyright: Copyright (C) 2005-2011 Trend Micro Incorporated. All rights reserved.
+    MachineType: I386
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    - CLASSPNP.SYS
+    - SCSIPORT.SYS
+    ExportedFunctions:
+    - ??0CAutoUpdateConfigThread@@QAE@ABV0@@Z
+    - ??0CAutoUpdateConfigThread@@QAE@PAU_UNICODE_STRING@@P6GX0PAX@Z1@Z
+    - ??0CBlobConfig@@QAE@ABV0@@Z
+    - ??0CBlobConfig@@QAE@K@Z
+    - ??0CContext@@QAE@ABV0@@Z
+    - ??0CContext@@QAE@KP6GJPAU_EVENT_REPORT@@PAXPAU_TMCE_REPORT@@PAU_TMCE_FEEDBACK@@@Z1K@Z
+    - ??0CContextList@@QAE@ABV0@@Z
+    - ??0CContextList@@QAE@KPAVIMemoryAllocator@@@Z
+    - ??0CDebugLog@@QAE@ABV0@@Z
+    - ??0CDebugLog@@QAE@PBG@Z
+    - ??0CDelayLoadThread@@QAE@ABV0@@Z
+    - ??0CDelayLoadThread@@QAE@XZ
+    - ??0CExclusionExtConfig@@QAE@ABV0@@Z
+    - ??0CExclusionExtConfig@@QAE@KKE@Z
+    - ??0CExclusionFileNameConfig@@QAE@ABV0@@Z
+    - ??0CExclusionFileNameConfig@@QAE@KK@Z
+    - ??0CExclusionFilePathConfig@@QAE@ABV0@@Z
+    - ??0CExclusionFilePathConfig@@QAE@KK@Z
+    - ??0CExclusionFolderConfig@@QAE@ABV0@@Z
+    - ??0CExclusionFolderConfig@@QAE@KK@Z
+    - ??0CExclusionRegistryConfig@@QAE@ABV0@@Z
+    - ??0CExclusionRegistryConfig@@QAE@KK@Z
+    - ??0CFile@@QAE@ABV0@@Z
+    - ??0CFile@@QAE@E@Z
+    - ??0CFileExtension@@QAE@ABV0@@Z
+    - ??0CFileExtension@@QAE@KEEPAVIMemoryAllocator@@@Z
+    - ??0CKEvent@@QAE@ABV0@@Z
+    - ??0CKEvent@@QAE@W4_EVENT_TYPE@@E@Z
+    - ??0CList@@QAE@ABV0@@Z
+    - ??0CList@@QAE@KPAVIMemoryAllocator@@@Z
+    - ??0CLockEvent@@QAE@ABV0@@Z
+    - ??0CLockEvent@@QAE@XZ
+    - ??0CLockList@@QAE@ABV0@@Z
+    - ??0CLockList@@QAE@KKPAVIMemoryAllocator@@@Z
+    - ??0CMemoryAllocator@@IAE@W4_POOL_TYPE@@K@Z
+    - ??0CMemoryAllocator@@QAE@ABV0@@Z
+    - ??0CMemoryPoolAllocator@@IAE@W4_POOL_TYPE@@KKK@Z
+    - ??0CMemoryPoolAllocator@@QAE@ABV0@@Z
+    - ??0CModuleConfig@@QAE@ABV0@@Z
+    - ??0CModuleConfig@@QAE@XZ
+    - ??0CModuleConfigList@@QAE@ABV0@@Z
+    - ??0CModuleConfigList@@QAE@KPAVIMemoryAllocator@@@Z
+    - ??0CModuleFileExtConfig@@QAE@ABV0@@Z
+    - ??0CModuleFileExtConfig@@QAE@KKE@Z
+    - ??0CModuleFlagConfig@@QAE@ABV0@@Z
+    - ??0CModuleFlagConfig@@QAE@K@Z
+    - ??0CModuleMultiStringConfig@@QAE@ABV0@@Z
+    - ??0CModuleMultiStringConfig@@QAE@KK@Z
+    - ??0CModuleStringConfig@@QAE@ABV0@@Z
+    - ??0CModuleStringConfig@@QAE@K@Z
+    - ??0CNoLockList@@QAE@ABV0@@Z
+    - ??0CNoLockList@@QAE@KKPAVIMemoryAllocator@@@Z
+    - ??0CSmartLock@@QAE@AAVCLockEvent@@@Z
+    - ??0CSmartLock@@QAE@XZ
+    - ??0CSmartReference@@QAE@AAJ@Z
+    - ??0CSmartReference@@QAE@AAK@Z
+    - ??0CSmartResource@@QAE@AAVCResource@@E@Z
+    - ??0CStrList@@QAE@ABV0@@Z
+    - ??0CStrList@@QAE@KPAVIMemoryAllocator@@@Z
+    - ??0CSystemThread@@QAE@ABV0@@Z
+    - ??0CSystemThread@@QAE@K@Z
+    - ??0CUserFuncAdapterJob@@QAE@ABV0@@Z
+    - ??0CUserFuncAdapterJob@@QAE@P6GXPAX@Z0@Z
+    - ??0CWorkerThread@@IAE@PAVCWorkerThreadJobQueue@@@Z
+    - ??0CWorkerThread@@QAE@ABV0@@Z
+    - ??0CWorkerThreadJob@@QAE@ABV0@@Z
+    - ??0CWorkerThreadJob@@QAE@E@Z
+    - ??0CWorkerThreadJobQueue@@QAE@ABV0@@Z
+    - ??0CWorkerThreadJobQueue@@QAE@K@Z
+    - ??0CWorkerThreadPool@@QAE@ABV0@@Z
+    - ??0CWorkerThreadPool@@QAE@K@Z
+    - ??0IMemoryAllocator@@QAE@ABV0@@Z
+    - ??0IMemoryAllocator@@QAE@XZ
+    - ??1CAutoUpdateConfigThread@@UAE@XZ
+    - ??1CBlobConfig@@UAE@XZ
+    - ??1CContext@@UAE@XZ
+    - ??1CContextList@@UAE@XZ
+    - ??1CDebugLog@@UAE@XZ
+    - ??1CDelayLoadThread@@UAE@XZ
+    - ??1CExclusionExtConfig@@UAE@XZ
+    - ??1CExclusionFileNameConfig@@UAE@XZ
+    - ??1CExclusionFilePathConfig@@UAE@XZ
+    - ??1CExclusionFolderConfig@@UAE@XZ
+    - ??1CExclusionRegistryConfig@@UAE@XZ
+    - ??1CFile@@UAE@XZ
+    - ??1CFileExtension@@UAE@XZ
+    - ??1CKEvent@@UAE@XZ
+    - ??1CList@@UAE@XZ
+    - ??1CLockEvent@@UAE@XZ
+    - ??1CLockList@@UAE@XZ
+    - ??1CMemoryAllocator@@UAE@XZ
+    - ??1CMemoryPoolAllocator@@UAE@XZ
+    - ??1CModuleConfig@@UAE@XZ
+    - ??1CModuleConfigList@@UAE@XZ
+    - ??1CModuleFileExtConfig@@UAE@XZ
+    - ??1CModuleFlagConfig@@UAE@XZ
+    - ??1CModuleMultiStringConfig@@UAE@XZ
+    - ??1CModuleStringConfig@@UAE@XZ
+    - ??1CNoLockList@@UAE@XZ
+    - ??1CSmartLock@@QAE@XZ
+    - ??1CSmartReference@@QAE@XZ
+    - ??1CSmartResource@@QAE@XZ
+    - ??1CStrList@@UAE@XZ
+    - ??1CSystemThread@@UAE@XZ
+    - ??1CUserFuncAdapterJob@@UAE@XZ
+    - ??1CWorkerThread@@UAE@XZ
+    - ??1CWorkerThreadJob@@UAE@XZ
+    - ??1CWorkerThreadJobQueue@@UAE@XZ
+    - ??1CWorkerThreadPool@@UAE@XZ
+    - ??1IMemoryAllocator@@UAE@XZ
+    - ??2@YAPAXIPAVIMemoryAllocator@@PBDK@Z
+    - ??2CMemoryAllocator@@SGPAXI@Z
+    - ??2CMemoryPoolAllocator@@SGPAXI@Z
+    - ??3@YAXPAX@Z
+    - ??3IMemoryAllocator@@SGXPAX@Z
+    - ??4CAutoUpdateConfigThread@@QAEAAV0@ABV0@@Z
+    - ??4CBlobConfig@@QAEAAV0@ABV0@@Z
+    - ??4CContext@@QAEAAV0@ABV0@@Z
+    - ??4CDebugLog@@QAEAAV0@ABV0@@Z
+    - ??4CDelayLoadThread@@QAEAAV0@ABV0@@Z
+    - ??4CFile@@QAEAAV0@ABV0@@Z
+    - ??4CKEvent@@QAEAAV0@ABV0@@Z
+    - ??4CLockEvent@@QAEAAV0@ABV0@@Z
+    - ??4CMemoryAllocator@@QAEAAV0@ABV0@@Z
+    - ??4CMemoryPoolAllocator@@QAEAAV0@ABV0@@Z
+    - ??4CModuleConfig@@QAEAAV0@ABV0@@Z
+    - ??4CModuleFlagConfig@@QAEAAV0@ABV0@@Z
+    - ??4CModuleStringConfig@@QAEAAV0@ABV0@@Z
+    - ??4CSmartLock@@QAEAAV0@ABV0@@Z
+    - ??4CSmartLock@@QAEABV0@AAVCLockEvent@@@Z
+    - ??4CSmartResource@@QAEAAV0@ABV0@@Z
+    - ??4CSystemThread@@QAEAAV0@ABV0@@Z
+    - ??4CUserFuncAdapterJob@@QAEAAV0@ABV0@@Z
+    - ??4CWorkerThread@@QAEAAV0@ABV0@@Z
+    - ??4CWorkerThreadJob@@QAEAAV0@ABV0@@Z
+    - ??4IMemoryAllocator@@QAEAAV0@ABV0@@Z
+    - ??_7CAutoUpdateConfigThread@@6B@
+    - ??_7CBlobConfig@@6B@
+    - ??_7CContext@@6B@
+    - ??_7CContextList@@6B@
+    - ??_7CDebugLog@@6B@
+    - ??_7CDelayLoadThread@@6B@
+    - ??_7CExclusionExtConfig@@6B@
+    - ??_7CExclusionFileNameConfig@@6B@
+    - ??_7CExclusionFilePathConfig@@6B@
+    - ??_7CExclusionFolderConfig@@6B@
+    - ??_7CExclusionRegistryConfig@@6B@
+    - ??_7CFile@@6B@
+    - ??_7CFileExtension@@6B@
+    - ??_7CKEvent@@6B@
+    - ??_7CList@@6B@
+    - ??_7CLockEvent@@6B@
+    - ??_7CLockList@@6B@
+    - ??_7CMemoryAllocator@@6B@
+    - ??_7CMemoryPoolAllocator@@6B@
+    - ??_7CModuleConfig@@6B@
+    - ??_7CModuleConfigList@@6B@
+    - ??_7CModuleFileExtConfig@@6B@
+    - ??_7CModuleFlagConfig@@6B@
+    - ??_7CModuleMultiStringConfig@@6B@
+    - ??_7CModuleStringConfig@@6B@
+    - ??_7CNoLockList@@6B@
+    - ??_7CStrList@@6B@
+    - ??_7CSystemThread@@6B@
+    - ??_7CUserFuncAdapterJob@@6B@
+    - ??_7CWorkerThread@@6B@
+    - ??_7CWorkerThreadJob@@6B@
+    - ??_7CWorkerThreadJobQueue@@6B@
+    - ??_7CWorkerThreadPool@@6B@
+    - ??_7IMemoryAllocator@@6B@
+    - ??_FCContextList@@QAEXXZ
+    - ??_FCFile@@QAEXXZ
+    - ??_FCFileExtension@@QAEXXZ
+    - ??_FCModuleConfigList@@QAEXXZ
+    - ??_FCStrList@@QAEXXZ
+    - ??_FCSystemThread@@QAEXXZ
+    - ??_FCWorkerThread@@QAEXXZ
+    - ??_FCWorkerThreadJob@@QAEXXZ
+    - ??_FCWorkerThreadJobQueue@@QAEXXZ
+    - ??_U@YAPAXIPAVIMemoryAllocator@@PBDK@Z
+    - ??_V@YAXPAX@Z
+    - ?Acquire@CLockEvent@@QAEXXZ
+    - ?Add@CContextList@@QAEEPAVCContext@@@Z
+    - ?Add@CFileExtension@@QAEEPBGK@Z
+    - ?Add@CModuleConfigList@@QAEEPAVCModuleConfig@@@Z
+    - ?Add@CStrList@@QAEEPBG@Z
+    - ?AddNode@CLockList@@UAEEQAXE@Z
+    - ?AddNode@CNoLockList@@UAEEQAXE@Z
+    - ?Alloc@CMemoryAllocator@@UAEPAXKPBDK@Z
+    - ?Alloc@CMemoryPoolAllocator@@UAEPAXKPBDK@Z
+    - ?AllocBlock@CMemoryPoolAllocator@@IAEPAXK@Z
+    - ?AttachJobQueue@CWorkerThread@@QAEXPAVCWorkerThreadJobQueue@@@Z
+    - ?Cancel@CWorkerThreadJob@@QAEXXZ
+    - ?CheckNode@CLockList@@UAEHQAX@Z
+    - ?CheckNode@CNoLockList@@UAEHQAX@Z
+    - ?CleanQueue@CWorkerThreadJobQueue@@QAEXXZ
+    - ?Cleanup@CBlobConfig@@AAEXXZ
+    - ?Cleanup@CModuleFileExtConfig@@IAEXXZ
+    - ?Cleanup@CModuleMultiStringConfig@@IAEXXZ
+    - ?Cleanup@CModuleStringConfig@@AAEXXZ
+    - ?Close@CFile@@QAEJXZ
+    - ?Count@CLockList@@QAEKXZ
+    - ?Count@CNoLockList@@QAEKXZ
+    - ?Create@CFile@@QAEJPBGKKKK@Z
+    - ?Create@CSystemThread@@QAEEXZ
+    - ?CreateInstance@CMemoryAllocator@@SGPAV1@W4_POOL_TYPE@@K@Z
+    - ?CreateInstance@CMemoryPoolAllocator@@SGPAV1@W4_POOL_TYPE@@KKK@Z
+    - ?CreatePool@CWorkerThreadPool@@QAEEXZ
+    - ?CreateThreads@CWorkerThreadPool@@QAEEK@Z
+    - ?CreateWIRP@CFile@@QAEJPBGKKKK@Z
+    - ?Delete@CFile@@QAEJXZ
+    - ?Delete@CFileExtension@@QAEEPBGK@Z
+    - ?Delete@CStrList@@QAEEPBG@Z
+    - ?DeleteAll@CList@@UAEXXZ
+    - ?DeleteAll@CLockList@@UAEXXZ
+    - ?DeleteAll@CNoLockList@@UAEXXZ
+    - ?DeleteNode@CContextList@@MAEXPAX@Z
+    - ?DeleteNode@CList@@UAEXPAX@Z
+    - ?DeleteNode@CModuleConfigList@@MAEXPAX@Z
+    - ?DeleteNode@CStrList@@EAEXPAU_STR_LIST_NODE@1@@Z
+    - ?DisableWriteProtectFromCR0@@YGXPAPAX@Z
+    - ?DoIt@CWorkerThreadJob@@QAEJXZ
+    - ?EntryPoint@CSystemThread@@KGXPAX@Z
+    - ?Find@CContextList@@QAEPAVCContext@@K@Z
+    - ?Find@CContextList@@QAEPAVCContext@@PAX@Z
+    - ?Find@CFileExtension@@QAEPAU_STR_LIST_NODE@CStrList@@PBGK@Z
+    - ?Find@CModuleConfigList@@QAEPAVCModuleConfig@@K@Z
+    - ?Find@CStrList@@QAEPAU_STR_LIST_NODE@1@PBG@Z
+    - ?FindNode@CContextList@@IAEPAXPAX@Z
+    - ?FindPartiallyAndAllMatch@CStrList@@QAEPAU_STR_LIST_NODE@1@PBG@Z
+    - ?First@CList@@UAEPAXXZ
+    - ?First@CLockList@@UAEPAXXZ
+    - ?First@CNoLockList@@UAEPAXXZ
+    - ?Free@CMemoryAllocator@@UAEXPAX@Z
+    - ?Free@CMemoryPoolAllocator@@UAEXPAX@Z
+    - ?GetAttributes@CFile@@QAEKXZ
+    - ?GetBasicInfomration@CFile@@IAEJXZ
+    - ?GetBlobCofig@CContext@@UAEJKPAXPAK@Z
+    - ?GetCategory@CContext@@QAEKXZ
+    - ?GetData@CBlobConfig@@QAEHPAXPAK@Z
+    - ?GetData@CModuleFileExtConfig@@QAEHPAGPAK@Z
+    - ?GetData@CModuleFileExtConfig@@QAEPAVCFileExtension@@XZ
+    - ?GetData@CModuleFlagConfig@@QAEKXZ
+    - ?GetData@CModuleMultiStringConfig@@QAEHPAGPAK@Z
+    - ?GetData@CModuleMultiStringConfig@@QAEPAVCStrList@@XZ
+    - ?GetData@CModuleStringConfig@@QAEPAGXZ
+    - ?GetData@CStrList@@QAEEPAGPAK@Z
+    - ?GetDataType@CModuleConfig@@QAEKXZ
+    - ?GetEngineContext@CContext@@QAEPAXXZ
+    - ?GetFileExtensionConfig@CContext@@QAEPAVCFileExtension@@K@Z
+    - ?GetFileExtensionConfig@CContext@@UAEJKPAGPAK@Z
+    - ?GetFileSize@CFile@@QAEJPAT_LARGE_INTEGER@@@Z
+    - ?GetFlagConfig@CContext@@UAEJKPAK@Z
+    - ?GetID@CModuleConfig@@QAEKXZ
+    - ?GetJob@CWorkerThreadJobQueue@@QAEPAVCWorkerThreadJob@@XZ
+    - ?GetLength@CModuleStringConfig@@QAEKXZ
+    - ?GetLinkContext@CContext@@QAEPAXXZ
+    - ?GetLogFlag@CDebugLog@@QAEKXZ
+    - ?GetModuleId@CModuleConfig@@QAEKXZ
+    - ?GetMultiStringConfig@CContext@@QAEPAVCStrList@@K@Z
+    - ?GetMultiStringConfig@CContext@@UAEJKPAGPAK@Z
+    - ?GetOneThreadTEB@CWorkerThreadPool@@QAEPAU_ETHREAD@@XZ
+    - ?GetReportCallBackRoutine@CContext@@QAEKXZ
+    - ?GetSize@CBlobConfig@@QAEKXZ
+    - ?GetStringConfig@CContext@@QAEPAGK@Z
+    - ?GetStringConfig@CContext@@UAEJKPAGPAK@Z
+    - ?GetThreadCount@CWorkerThreadPool@@QAEKXZ
+    - ?GetThreadID@CSystemThread@@QAEKXZ
+    - ?GetType@CContext@@QAEKXZ
+    - ?GetUserParameter@CContext@@QAEKXZ
+    - ?InitializeBlobConfig@CContext@@QAEHKPAXK@Z
+    - ?InitializeFileExtensionConfig@CContext@@QAEHKPBG@Z
+    - ?InitializeFlagConfig@CContext@@QAEHKK@Z
+    - ?InitializeMultiStringConfig@CContext@@QAEHKPBG@Z
+    - ?InitializeStringConfig@CContext@@QAEHKPBG@Z
+    - ?Insert@CList@@UAEXQAXE@Z
+    - ?Insert@CLockList@@UAEXQAXE@Z
+    - ?Insert@CNoLockList@@UAEXQAXE@Z
+    - ?InsertAfter@CList@@UAEXPAX0@Z
+    - ?InsertBefore@CList@@UAEXPAX0@Z
+    - ?Instance@CWorkerThreadPool@@SGPAV1@XZ
+    - ?IsEmpty@CList@@UAEEXZ
+    - ?IsEmpty@CLockList@@UAEEXZ
+    - ?IsEmpty@CNoLockList@@UAEEXZ
+    - ?IsExceedLimitation@CMemoryPoolAllocator@@IAEEK@Z
+    - ?IsFull@CLockList@@QBEEXZ
+    - ?IsFull@CNoLockList@@QBEEXZ
+    - ?IsInExclusionList@CExclusionExtConfig@@QAEEPBG@Z
+    - ?IsInExclusionList@CExclusionFileNameConfig@@QAEEPBG@Z
+    - ?IsInExclusionList@CExclusionFilePathConfig@@QAEEPBG@Z
+    - ?IsInExclusionList@CExclusionFolderConfig@@QAEEPBG@Z
+    - ?IsInExclusionList@CExclusionRegistryConfig@@QAEEPBG@Z
+    - ?IsOpened@CFile@@QAEEXZ
+    - ?IsTerminated@CWorkerThreadPool@@QAEEXZ
+    - ?IsValid@CMemoryAllocator@@UAEEXZ
+    - ?IsValid@CMemoryPoolAllocator@@UAEEXZ
+    - ?IsValid@IMemoryAllocator@@UAEEXZ
+    - ?IsWorkerThread@CWorkerThreadPool@@QAEEK@Z
+    - ?JobFunction@CUserFuncAdapterJob@@MAEXXZ
+    - ?JobQueue@CWorkerThreadPool@@QAEAAVCWorkerThreadJobQueue@@XZ
+    - ?Limit@CLockList@@QAEKXZ
+    - ?Limit@CNoLockList@@QAEKXZ
+    - ?MatchAllExtensions@CFileExtension@@QAEEXZ
+    - ?MatchNoExtensions@CFileExtension@@QAEEXZ
+    - ?MergeLeft@CMemoryPoolAllocator@@IAEPAXPAX@Z
+    - ?MergeRight@CMemoryPoolAllocator@@IAEPAXPAX@Z
+    - ?NeedDelete@CWorkerThreadJob@@QAEEXZ
+    - ?NeedDeleteWhenFinish@CWorkerThreadJob@@QAEXE@Z
+    - ?NewNode@CList@@UAEPAXXZ
+    - ?NewNode@CStrList@@EAEPAXXZ
+    - ?NewNodeVariant@CList@@IAEPAXK@Z
+    - ?Next@CList@@UBEPAXQAX@Z
+    - ?Next@CLockList@@UBEPAXQAX@Z
+    - ?Next@CNoLockList@@UBEPAXQAX@Z
+    - ?NextPool@CMemoryPoolAllocator@@QAEPAV1@XZ
+    - ?NotityTerminate@CWorkerThread@@QAEXXZ
+    - ?PostJobToWorkerThread@CWorkerThreadPool@@QAEJP6GXPAX@Z0E@Z
+    - ?Pulse@CKEvent@@QAEJJE@Z
+    - ?QueueJob@CWorkerThreadJobQueue@@QAEEPAVCWorkerThreadJob@@@Z
+    - ?QueueJobItem@CWorkerThreadPool@@QAEJPAVCWorkerThreadJob@@@Z
+    - ?RCMInstance@CWorkerThreadPool@@SGPAV1@XZ
+    - ?Read@CFile@@QAEJPADKPAK@Z
+    - ?ReferenceCount@CContext@@QAEAAKXZ
+    - ?Release@CLockEvent@@QAEXXZ
+    - ?Remove@CContextList@@UAEEQAX@Z
+    - ?Remove@CList@@UAEEQAX@Z
+    - ?Remove@CLockList@@UAEEQAX@Z
+    - ?Remove@CNoLockList@@UAEEQAX@Z
+    - ?RemoveHead@CList@@UAEPAXXZ
+    - ?RemoveHead@CLockList@@UAEPAXXZ
+    - ?RemoveHead@CNoLockList@@UAEPAXXZ
+    - ?RemoveTail@CList@@UAEPAXXZ
+    - ?RemoveTail@CLockList@@UAEPAXXZ
+    - ?RemoveTail@CNoLockList@@UAEPAXXZ
+    - ?Reset@CKEvent@@QAEXXZ
+    - ?RestoreCR0@@YGXPAX@Z
+    - ?Run@CAutoUpdateConfigThread@@UAEXXZ
+    - ?Run@CDelayLoadThread@@UAEXXZ
+    - ?Run@CWorkerThread@@UAEXXZ
+    - ?SeekToEnd@CFile@@QAEJXZ
+    - ?Set@CKEvent@@QAEJJE@Z
+    - ?SetAttributes@CFile@@QAEJK@Z
+    - ?SetBlobCofig@CContext@@UAEJKPAXK@Z
+    - ?SetData@CBlobConfig@@QAEHPAXK@Z
+    - ?SetData@CModuleFileExtConfig@@QAEHPBG@Z
+    - ?SetData@CModuleFlagConfig@@QAEHK@Z
+    - ?SetData@CModuleMultiStringConfig@@QAEHPBG@Z
+    - ?SetData@CModuleStringConfig@@QAEHPBG@Z
+    - ?SetEngineContext@CContext@@QAEXPAX@Z
+    - ?SetFileExtensionConfig@CContext@@UAEJKPBG@Z
+    - ?SetFlagConfig@CContext@@UAEJKK@Z
+    - ?SetLinkContext@CContext@@QAEXPAX@Z
+    - ?SetLogFlag@CDebugLog@@QAEEK@Z
+    - ?SetMatchAllExtensions@CFileExtension@@QAEXE@Z
+    - ?SetMatchNoExtensions@CFileExtension@@QAEXE@Z
+    - ?SetMultiStringConfig@CContext@@UAEJKPBG@Z
+    - ?SetNewJobItemEvent@CWorkerThreadJobQueue@@QAEXXZ
+    - ?SetPriority@CSystemThread@@QAEXK@Z
+    - ?SetStopUse@CContext@@QAEXXZ
+    - ?SetStringConfig@CContext@@UAEJKPBG@Z
+    - ?Setup@CSystemThread@@MAEXXZ
+    - ?StopUse@CContext@@QAEHXZ
+    - ?TearDown@CSystemThread@@MAEXXZ
+    - ?Terminate@CSystemThread@@QAEXE@Z
+    - ?Terminate@CWorkerThreadPool@@QAEEXZ
+    - ?TmExceptionFilter@@YGJPAU_EXCEPTION_POINTERS@@@Z
+    - ?Wait@CKEvent@@QAEJPAT_LARGE_INTEGER@@E@Z
+    - ?WaitFinish@CWorkerThreadJob@@QAEXXZ
+    - ?WaitForReady@CDelayLoadThread@@QAEEXZ
+    - ?WaitNewJobAvailable@CWorkerThreadJobQueue@@QAEEXZ
+    - ?Write@CDebugLog@@QAAXPBDZZ
+    - ?Write@CFile@@QAEJPADKPAT_LARGE_INTEGER@@PAK@Z
+    - ?WriteSystemInformation@CDebugLog@@QAEXXZ
+    - ?WriteSystemStringInformation@CDebugLog@@IAEXPBG@Z
+    - ?WriteToFile@CDebugLog@@IAEXPADK@Z
+    - ?_pNonPagedAllocator@@3PAVCMemoryAllocator@@A
+    - ?_pPagedAllocator@@3PAVCMemoryAllocator@@A
+    - ?m_lpInstance@CWorkerThreadPool@@1PAV1@A
+    - ?m_lpRCMInstance@CWorkerThreadPool@@1PAV1@A
+    - _DeInitKmLPC@0
+    - _GetModuleInfoByAddress@8
+    - _GetModuleInfoByModuleName@8
+    - _InitKmLPC@0
+    - _KmCallUm@8
+    - _KmCallUmEx@12
+    - _ModGetExportProcAddress@8
+    - _ModLoadDLLToBuffer@4
+    - _ModLoadDLLToBufferWithImageSize@8
+    - _ModLoadModule@8
+    - _ModUnLoadModule@4
+    - _NormalizeFileName@4
+    - _NormalizeFullNtPathToDosName@4
+    - _TmCommConfigRoutine@4
+    - _UtilAddDeviceInDriveTable@4
+    - _UtilCleanFileReadOnly@4
+    - _UtilDeleteFileForce@4
+    - _UtilGetFileObjectForProcessByEPROC@8
+    - _UtilGetFileObjectFromFileName@12
+    - _UtilGetProcessName@12
+    - _UtilGetSystemDirectory@4
+    - _UtilGetSystemTime@4
+    - _UtilIoSetFileInfo@24
+    - _UtilIopCreateFileIRP@40
+    - _UtilKeGetLowFileDevice@16
+    - _UtilModuleIATHook@24
+    - _UtilModuleIATUnHook@8
+    - _UtilQueryKeyValue@24
+    - _UtilRemoveDeviceFromDriveTable@4
+    - _UtilVolumeDeviceToDosName@8
+    - _UtilWaitValueChangeToZero@8
+    - _UtilWriteVersionToRegistry@8
+    - _UtilbuildDynamicDiskMappingTable@0
+    - __UtilDosPathNameToNtPathName@12
+    ImportedFunctions:
+    - KeWaitForSingleObject
+    - KeReleaseSemaphore
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - RtlSubAuthoritySid
+    - RtlInitializeSid
+    - ExAllocatePoolWithTag
+    - RtlLengthRequiredSid
+    - ExFreePoolWithTag
+    - RtlSetDaclSecurityDescriptor
+    - RtlCreateSecurityDescriptor
+    - RtlAddAccessAllowedAce
+    - RtlCreateAcl
+    - ObfDereferenceObject
+    - ZwSetEvent
+    - ZwClose
+    - ZwRequestWaitReplyPort
+    - ProbeForWrite
+    - ZwFreeVirtualMemory
+    - ZwAllocateVirtualMemory
+    - ObOpenObjectByPointer
+    - PsProcessType
+    - memmove
+    - ZwConnectPort
+    - RtlInitUnicodeString
+    - RtlUnicodeStringToInteger
+    - ZwCreateSection
+    - ZwWaitForSingleObject
+    - ZwOpenEvent
+    - ObfReferenceObject
+    - IoGetCurrentProcess
+    - PsGetProcessExitTime
+    - MmSectionObjectType
+    - DbgPrint
+    - memset
+    - MmIsAddressValid
+    - ExInitializeResourceLite
+    - ExDeleteResourceLite
+    - ZwWriteFile
+    - ZwReadFile
+    - ZwQueryInformationFile
+    - ZwSetInformationFile
+    - ZwCreateFile
+    - swprintf
+    - towupper
+    - _wcsnicmp
+    - KeInitializeEvent
+    - _snprintf
+    - PsGetCurrentProcessId
+    - RtlTimeToTimeFields
+    - ExSystemTimeToLocalTime
+    - KeQuerySystemTime
+    - ZwCreateKey
+    - ZwCreateEvent
+    - KeWaitForMultipleObjects
+    - ObReferenceObjectByHandle
+    - ZwNotifyChangeKey
+    - PsGetCurrentThreadId
+    - _vsnprintf
+    - KeSetPriorityThread
+    - PsTerminateSystemThread
+    - PsCreateSystemThread
+    - KeNumberProcessors
+    - ZwQueryInformationProcess
+    - PsLookupProcessByProcessId
+    - KeDelayExecutionThread
+    - ZwOpenDirectoryObject
+    - PsSetCreateProcessNotifyRoutine
+    - ZwQuerySystemInformation
+    - ZwQueryDirectoryFile
+    - ZwQueryDirectoryObject
+    - ZwDuplicateObject
+    - ZwOpenKey
+    - ZwEnumerateKey
+    - ZwEnumerateValueKey
+    - ZwQueryValueKey
+    - ZwDeleteValueKey
+    - ZwDeleteKey
+    - ExGetPreviousMode
+    - ZwTerminateProcess
+    - ZwOpenProcess
+    - ZwQueryKey
+    - ZwSetValueKey
+    - MmHighestUserAddress
+    - IoFreeIrp
+    - IoFreeMdl
+    - MmUnlockPages
+    - KeInitializeSemaphore
+    - _strnicmp
+    - RtlQueryRegistryValues
+    - RtlAppendUnicodeToString
+    - mbstowcs
+    - ZwQuerySymbolicLinkObject
+    - ZwOpenSymbolicLinkObject
+    - NtClose
+    - ZwSetInformationObject
+    - _stricmp
+    - ZwUnmapViewOfSection
+    - ZwMapViewOfSection
+    - ZwOpenFile
+    - RtlEqualUnicodeString
+    - IoFileObjectType
+    - IoCreateFile
+    - IofCallDriver
+    - IoAllocateIrp
+    - MmBuildMdlForNonPagedPool
+    - IoAllocateMdl
+    - ProbeForRead
+    - PsGetVersion
+    - MmGetSystemRoutineAddress
+    - RtlCopyUnicodeString
+    - RtlCompareMemory
+    - _snwprintf
+    - RtlImageNtHeader
+    - RtlFreeUnicodeString
+    - RtlAnsiStringToUnicodeString
+    - RtlInitAnsiString
+    - strrchr
+    - ZwQueryVolumeInformationFile
+    - ObReferenceObjectByPointer
+    - ObQueryNameString
+    - IoBuildDeviceIoControlRequest
+    - IofCompleteRequest
+    - ExEventObjectType
+    - _allmul
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - IoCreateSymbolicLink
+    - IoGetDeviceObjectPointer
+    - RtlUpperChar
+    - RtlCompareUnicodeString
+    - strncpy
+    - KeServiceDescriptorTable
+    - NtOpenProcess
+    - ObOpenObjectByName
+    - IoDriverObjectType
+    - RtlAppendUnicodeStringToString
+    - NtQueryInformationProcess
+    - PsIsThreadTerminating
+    - PsThreadType
+    - KeAddSystemServiceTable
+    - ZwQueryObject
+    - ZwQuerySecurityObject
+    - ObInsertObject
+    - _allrem
+    - IoReleaseVpbSpinLock
+    - IoAcquireVpbSpinLock
+    - SeCreateAccessState
+    - IoGetFileObjectGenericMapping
+    - RtlUpcaseUnicodeString
+    - ObCreateObject
+    - _allshr
+    - MmUnmapIoSpace
+    - MmGetPhysicalAddress
+    - MmFreeContiguousMemory
+    - MmAllocateContiguousMemory
+    - MmMapIoSpace
+    - KeTickCount
+    - KeBugCheckEx
+    - RtlUnwind
+    - KeClearEvent
+    - KePulseEvent
+    - KeSetEvent
+    - wcsrchr
+    - memcpy
+    - ZwSetSecurityObject
+    - IoDeviceObjectType
+    - IoCreateDevice
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetSaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - RtlLengthSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - SeExports
+    - IoIsWdmVersionAvailable
+    - RtlLengthSid
+    - wcschr
+    - RtlAbsoluteToSelfRelativeSD
+    - wcsncpy
+    - ExReleaseResourceLite
+    - ExAcquireResourceExclusiveLite
+    - ExAcquireResourceSharedLite
+    - ExReleaseFastMutexUnsafe
+    - KeLeaveCriticalRegion
+    - KeEnterCriticalRegion
+    - ExAcquireFastMutexUnsafe
+    - _purecall
+    - IoBuildAsynchronousFsdRequest
+    - KeGetCurrentThread
+    - KeRaiseIrqlToDpcLevel
+    - KfLowerIrql
+    - ExReleaseFastMutex
+    - ExAcquireFastMutex
+    - ClassInitialize
+    - ScsiPortReadPortBufferUshort
+    - ScsiPortReadPortUchar
+    - ScsiPortWritePortUchar
+    - ScsiPortStallExecution
+    - ScsiPortWritePortBufferUshort
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-09-30 00:00:00'
+            ValidTo: '2014-01-01 23:59:59'
+            Signature: aedd211d5f8f807ad25209eadb6ed25d8be8c21b6904be51a5010e59fa37d174a3eedced89742b62d5a6bf4fad361754f013e0a345d24c26cbe26da21fd01e7a070fb6b37b6f5068a2e931b3b7997d8070a0a7de0b1ea4fff34d811bdd20c91cc4afcff18ffad9da95f0ecdc5cbfe88c5a3e7ab0a3eb59437411e09b1a6af36f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4d6290e58c54f0f1eb17341a1310e6a4
+            Version: 3
+            TBS:
+                MD5: b7d8444a70054990435f35a5630df5e1
+                SHA1: 4678c6e4a8787a8e6ed2bce8792b122f6c08afd8
+                SHA256: 0a8b4b359ea7890b358e56e436e9cfc6f32b037b2599b597ca7f7a80d475ec98
+                SHA384: ab21ee23bcdcf6f6066fb964d61467419ca8c0f3ad0b3fa2be4db6ed6af1cdff066b27d1988551c75836f22eddffef1f
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=TW, ST=Taiwan, L=Taipei, O=Trend Micro, Inc., OU=Digital ID
+                Class 3 , Microsoft Software Validation v2, OU=RD, CN=Trend Micro,
+                Inc.
+            ValidFrom: '2011-01-31 00:00:00'
+            ValidTo: '2012-02-16 23:59:59'
+            Signature: 5ae5a2abcc8bbf832dd651a0cb396ee5af87305e67d20288d6d830699286ce0b1b3ec77c732d80564e6a482461bda52329dc301ec6286011fe60413c97f4207bf675a71460365e9d917b19d7b5e7c49ff035a5488f8fc703a61512b1588cb6fc8ceef0f6353d47c66a5edbef40e53197431ada77acef71cca7db0dbaa88d02355af0a62a7901e91bc8c59ad48b4ecfd67f137023601c308691ad14d6859c9d6b28c6a3e15314e55832cea94793436a5610bbe5f0901cedc6796c9ca53b5d55f79974cd6be7093bba119675614c1654139096e506c3fb92460d45879bdbc196bd833ae4dc31da6e14130df14a20c05615db7ea7e25aa0fe59801ec30a56501e56
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 24e3d70b86ed54d0b22c3450b960984e
+            Version: 3
+            TBS:
+                MD5: 8ddf6d6623a3f10024af513804bb606d
+                SHA1: 4daedaec405b6dfefce005517e230b2419ad08bc
+                SHA256: 54894db2dab64a4991b4deab1a3415d4ea0d9905711af3b67242a0568d799b95
+                SHA384: 86d5ea29e277816e49909c8dc8a7771ade2a556ded900951402c72b4b892570cd6bc43f790716c492c07579919c366be
+        Signer:
+        -   SerialNumber: 24e3d70b86ed54d0b22c3450b960984e
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: b096b1994ceb1d288d734b2bd59137d7
+        SHA1: a9cb9331ae0ecb82e617ff09fe40796ab093035e
+        SHA256: 0a5393cf21980cb34b6c35c2fe034fa52f56cd502b9bb49398d04d555bc5cc8f
+    Sections:
+        .text:
+            Entropy: 6.637129922851107
+            Virtual Size: '0x22ba5'
+        .rdata:
+            Entropy: 4.761454035310139
+            Virtual Size: '0x1714'
+        .data:
+            Entropy: 5.079351030694088
+            Virtual Size: '0x236c'
+        PAGE:
+            Entropy: 6.246612764915399
+            Virtual Size: '0x13dd'
+        .edata:
+            Entropy: 5.836296202788555
+            Virtual Size: '0x46c0'
+        INIT:
+            Entropy: 5.65752465779162
+            Virtual Size: '0x14a0'
+        .rsrc:
+            Entropy: 3.3462893643061093
+            Virtual Size: '0x4c8'
+        .reloc:
+            Entropy: 6.4411864426675525
+            Virtual Size: '0x224c'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2011-06-20 22:08:35'
+    Imphash: 8418ac0d7aaa9015794e55ea54733342
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: TmComm.sys
+    MD5: 569676d3d45b0964ac6dd0815be8ff8c
+    SHA1: 58b31fb2b623bd2c5d5c8c49b657a14a674664a4
+    SHA256: 76e807b6c0214e66455f09a8de8faad40b738982ca84470f0043de0290449524
+    Authentihash:
+        MD5: 6d3193458659666e4c86ec1b9fb06bf9
+        SHA1: ef123d041e10d8a0b22786f6e471d0c18bc13167
+        SHA256: 83a67b544982a2fd1484af752cc4ab2f6c0b50cb3c9dba60b888c2c2e37d1036
+    Description: TrendMicro Common Module
+    Company: Trend Micro Inc.
+    InternalName: TmComm.sys
+    OriginalFilename: TmComm.sys
+    FileVersion: 6.20.0.1008
+    Product: Trend Micro Eyes
+    ProductVersion: '6.20'
+    Copyright: Copyright (C) 2013 Trend Micro Incorporated. All rights reserved.
+    MachineType: I386
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    - CLASSPNP.SYS
+    ExportedFunctions:
+    - ??0CAutoUpdateConfigThread@@QAE@ABV0@@Z
+    - ??0CAutoUpdateConfigThread@@QAE@PAU_UNICODE_STRING@@P6GX0PAX@Z1@Z
+    - ??0CBlobConfig@@QAE@ABV0@@Z
+    - ??0CBlobConfig@@QAE@K@Z
+    - ??0CContext@@QAE@ABV0@@Z
+    - ??0CContext@@QAE@KP6GJPAU_EVENT_REPORT@@PAXPAU_TMCE_REPORT@@PAU_TMCE_FEEDBACK@@@Z1K@Z
+    - ??0CContextList@@QAE@ABV0@@Z
+    - ??0CContextList@@QAE@KPAVIMemoryAllocator@@@Z
+    - ??0CDebugLog@@QAE@ABV0@@Z
+    - ??0CDebugLog@@QAE@PBG@Z
+    - ??0CDebugLogEx@@QAE@ABV0@@Z
+    - ??0CDebugLogEx@@QAE@K@Z
+    - ??0CDelayLoadThread@@QAE@ABV0@@Z
+    - ??0CDelayLoadThread@@QAE@XZ
+    - ??0CExclusionExtConfig@@QAE@ABV0@@Z
+    - ??0CExclusionExtConfig@@QAE@KKE@Z
+    - ??0CExclusionFileNameConfig@@QAE@ABV0@@Z
+    - ??0CExclusionFileNameConfig@@QAE@KK@Z
+    - ??0CExclusionFilePathConfig@@QAE@ABV0@@Z
+    - ??0CExclusionFilePathConfig@@QAE@KK@Z
+    - ??0CExclusionFolderConfig@@QAE@ABV0@@Z
+    - ??0CExclusionFolderConfig@@QAE@KK@Z
+    - ??0CExclusionRegistryConfig@@QAE@ABV0@@Z
+    - ??0CExclusionRegistryConfig@@QAE@KK@Z
+    - ??0CFile@@QAE@ABV0@@Z
+    - ??0CFile@@QAE@E@Z
+    - ??0CFileExtension@@QAE@ABV0@@Z
+    - ??0CFileExtension@@QAE@KEEPAVIMemoryAllocator@@@Z
+    - ??0CInclusionExtConfig@@QAE@ABV0@@Z
+    - ??0CInclusionExtConfig@@QAE@KKE@Z
+    - ??0CInclusionFileNameConfig@@QAE@ABV0@@Z
+    - ??0CInclusionFileNameConfig@@QAE@KK@Z
+    - ??0CInclusionFilePathConfig@@QAE@ABV0@@Z
+    - ??0CInclusionFilePathConfig@@QAE@KK@Z
+    - ??0CInclusionFolderConfig@@QAE@ABV0@@Z
+    - ??0CInclusionFolderConfig@@QAE@KK@Z
+    - ??0CKEvent@@QAE@ABV0@@Z
+    - ??0CKEvent@@QAE@W4_EVENT_TYPE@@E@Z
+    - ??0CList@@QAE@ABV0@@Z
+    - ??0CList@@QAE@KPAVIMemoryAllocator@@@Z
+    - ??0CLockEvent@@QAE@ABV0@@Z
+    - ??0CLockEvent@@QAE@XZ
+    - ??0CLockList@@QAE@ABV0@@Z
+    - ??0CLockList@@QAE@KKPAVIMemoryAllocator@@@Z
+    - ??0CMemoryAllocator@@IAE@W4_POOL_TYPE@@K@Z
+    - ??0CMemoryAllocator@@QAE@ABV0@@Z
+    - ??0CMemoryPoolAllocator@@IAE@W4_POOL_TYPE@@KKK@Z
+    - ??0CMemoryPoolAllocator@@QAE@ABV0@@Z
+    - ??0CModuleConfig@@QAE@ABV0@@Z
+    - ??0CModuleConfig@@QAE@XZ
+    - ??0CModuleConfigList@@QAE@ABV0@@Z
+    - ??0CModuleConfigList@@QAE@KPAVIMemoryAllocator@@@Z
+    - ??0CModuleFileExtConfig@@QAE@ABV0@@Z
+    - ??0CModuleFileExtConfig@@QAE@KKE@Z
+    - ??0CModuleFlagConfig@@QAE@ABV0@@Z
+    - ??0CModuleFlagConfig@@QAE@K@Z
+    - ??0CModuleMultiStringConfig@@QAE@ABV0@@Z
+    - ??0CModuleMultiStringConfig@@QAE@KK@Z
+    - ??0CModuleStringConfig@@QAE@ABV0@@Z
+    - ??0CModuleStringConfig@@QAE@K@Z
+    - ??0CNoLockList@@QAE@ABV0@@Z
+    - ??0CNoLockList@@QAE@KKPAVIMemoryAllocator@@@Z
+    - ??0CSmartLock@@QAE@AAVCLockEvent@@@Z
+    - ??0CSmartLock@@QAE@XZ
+    - ??0CSmartReference@@QAE@AAJ@Z
+    - ??0CSmartReference@@QAE@AAK@Z
+    - ??0CSmartResource@@QAE@AAVCResource@@E@Z
+    - ??0CStrList@@QAE@ABV0@@Z
+    - ??0CStrList@@QAE@KPAVIMemoryAllocator@@@Z
+    - ??0CSystemThread@@QAE@ABV0@@Z
+    - ??0CSystemThread@@QAE@K@Z
+    - ??0CUserFuncAdapterJob@@QAE@ABV0@@Z
+    - ??0CUserFuncAdapterJob@@QAE@P6GXPAX@Z01@Z
+    - ??0CWorkerThread@@IAE@PAVCWorkerThreadJobQueue@@@Z
+    - ??0CWorkerThread@@QAE@ABV0@@Z
+    - ??0CWorkerThreadJob@@QAE@ABV0@@Z
+    - ??0CWorkerThreadJob@@QAE@E@Z
+    - ??0CWorkerThreadJobQueue@@QAE@ABV0@@Z
+    - ??0CWorkerThreadJobQueue@@QAE@K@Z
+    - ??0CWorkerThreadPool@@QAE@ABV0@@Z
+    - ??0CWorkerThreadPool@@QAE@K@Z
+    - ??0CWorkerThreadPoolEx@@QAE@ABV0@@Z
+    - ??0CWorkerThreadPoolEx@@QAE@KK@Z
+    - ??0IMemoryAllocator@@QAE@ABV0@@Z
+    - ??0IMemoryAllocator@@QAE@XZ
+    - ??1CAutoUpdateConfigThread@@UAE@XZ
+    - ??1CBlobConfig@@UAE@XZ
+    - ??1CContext@@UAE@XZ
+    - ??1CContextList@@UAE@XZ
+    - ??1CDebugLog@@UAE@XZ
+    - ??1CDebugLogEx@@UAE@XZ
+    - ??1CDelayLoadThread@@UAE@XZ
+    - ??1CExclusionExtConfig@@UAE@XZ
+    - ??1CExclusionFileNameConfig@@UAE@XZ
+    - ??1CExclusionFilePathConfig@@UAE@XZ
+    - ??1CExclusionFolderConfig@@UAE@XZ
+    - ??1CExclusionRegistryConfig@@UAE@XZ
+    - ??1CFile@@UAE@XZ
+    - ??1CFileExtension@@UAE@XZ
+    - ??1CInclusionExtConfig@@UAE@XZ
+    - ??1CInclusionFileNameConfig@@UAE@XZ
+    - ??1CInclusionFilePathConfig@@UAE@XZ
+    - ??1CInclusionFolderConfig@@UAE@XZ
+    - ??1CKEvent@@UAE@XZ
+    - ??1CList@@UAE@XZ
+    - ??1CLockEvent@@UAE@XZ
+    - ??1CLockList@@UAE@XZ
+    - ??1CMemoryAllocator@@UAE@XZ
+    - ??1CMemoryPoolAllocator@@UAE@XZ
+    - ??1CModuleConfig@@UAE@XZ
+    - ??1CModuleConfigList@@UAE@XZ
+    - ??1CModuleFileExtConfig@@UAE@XZ
+    - ??1CModuleFlagConfig@@UAE@XZ
+    - ??1CModuleMultiStringConfig@@UAE@XZ
+    - ??1CModuleStringConfig@@UAE@XZ
+    - ??1CNoLockList@@UAE@XZ
+    - ??1CSmartLock@@QAE@XZ
+    - ??1CSmartReference@@QAE@XZ
+    - ??1CSmartResource@@QAE@XZ
+    - ??1CStrList@@UAE@XZ
+    - ??1CSystemThread@@UAE@XZ
+    - ??1CUserFuncAdapterJob@@UAE@XZ
+    - ??1CWorkerThread@@UAE@XZ
+    - ??1CWorkerThreadJob@@UAE@XZ
+    - ??1CWorkerThreadJobQueue@@UAE@XZ
+    - ??1CWorkerThreadPool@@UAE@XZ
+    - ??1CWorkerThreadPoolEx@@UAE@XZ
+    - ??1IMemoryAllocator@@UAE@XZ
+    - ??2@YAPAXIPAVIMemoryAllocator@@PBDK@Z
+    - ??2CMemoryAllocator@@SGPAXI@Z
+    - ??2CMemoryPoolAllocator@@SGPAXI@Z
+    - ??3@YAXPAX@Z
+    - ??3IMemoryAllocator@@SGXPAX@Z
+    - ??4CAutoUpdateConfigThread@@QAEAAV0@ABV0@@Z
+    - ??4CBlobConfig@@QAEAAV0@ABV0@@Z
+    - ??4CContext@@QAEAAV0@ABV0@@Z
+    - ??4CDebugLog@@QAEAAV0@ABV0@@Z
+    - ??4CDebugLogEx@@QAEAAV0@ABV0@@Z
+    - ??4CDelayLoadThread@@QAEAAV0@ABV0@@Z
+    - ??4CFile@@QAEAAV0@ABV0@@Z
+    - ??4CKEvent@@QAEAAV0@ABV0@@Z
+    - ??4CLockEvent@@QAEAAV0@ABV0@@Z
+    - ??4CMemoryAllocator@@QAEAAV0@ABV0@@Z
+    - ??4CMemoryPoolAllocator@@QAEAAV0@ABV0@@Z
+    - ??4CModuleConfig@@QAEAAV0@ABV0@@Z
+    - ??4CModuleFlagConfig@@QAEAAV0@ABV0@@Z
+    - ??4CModuleStringConfig@@QAEAAV0@ABV0@@Z
+    - ??4CSmartLock@@QAEAAV0@ABV0@@Z
+    - ??4CSmartLock@@QAEABV0@AAVCLockEvent@@@Z
+    - ??4CSmartResource@@QAEAAV0@ABV0@@Z
+    - ??4CSystemThread@@QAEAAV0@ABV0@@Z
+    - ??4CUserFuncAdapterJob@@QAEAAV0@ABV0@@Z
+    - ??4CWorkerThread@@QAEAAV0@ABV0@@Z
+    - ??4CWorkerThreadJob@@QAEAAV0@ABV0@@Z
+    - ??4IMemoryAllocator@@QAEAAV0@ABV0@@Z
+    - ??_7CAutoUpdateConfigThread@@6B@
+    - ??_7CBlobConfig@@6B@
+    - ??_7CContext@@6B@
+    - ??_7CContextList@@6B@
+    - ??_7CDebugLog@@6B@
+    - ??_7CDebugLogEx@@6B@
+    - ??_7CDelayLoadThread@@6B@
+    - ??_7CExclusionExtConfig@@6B@
+    - ??_7CExclusionFileNameConfig@@6B@
+    - ??_7CExclusionFilePathConfig@@6B@
+    - ??_7CExclusionFolderConfig@@6B@
+    - ??_7CExclusionRegistryConfig@@6B@
+    - ??_7CFile@@6B@
+    - ??_7CFileExtension@@6B@
+    - ??_7CInclusionExtConfig@@6B@
+    - ??_7CInclusionFileNameConfig@@6B@
+    - ??_7CInclusionFilePathConfig@@6B@
+    - ??_7CInclusionFolderConfig@@6B@
+    - ??_7CKEvent@@6B@
+    - ??_7CList@@6B@
+    - ??_7CLockEvent@@6B@
+    - ??_7CLockList@@6B@
+    - ??_7CMemoryAllocator@@6B@
+    - ??_7CMemoryPoolAllocator@@6B@
+    - ??_7CModuleConfig@@6B@
+    - ??_7CModuleConfigList@@6B@
+    - ??_7CModuleFileExtConfig@@6B@
+    - ??_7CModuleFlagConfig@@6B@
+    - ??_7CModuleMultiStringConfig@@6B@
+    - ??_7CModuleStringConfig@@6B@
+    - ??_7CNoLockList@@6B@
+    - ??_7CStrList@@6B@
+    - ??_7CSystemThread@@6B@
+    - ??_7CUserFuncAdapterJob@@6B@
+    - ??_7CWorkerThread@@6B@
+    - ??_7CWorkerThreadJob@@6B@
+    - ??_7CWorkerThreadJobQueue@@6B@
+    - ??_7CWorkerThreadPool@@6B@
+    - ??_7CWorkerThreadPoolEx@@6B@
+    - ??_7IMemoryAllocator@@6B@
+    - ??_FCContextList@@QAEXXZ
+    - ??_FCFile@@QAEXXZ
+    - ??_FCFileExtension@@QAEXXZ
+    - ??_FCModuleConfigList@@QAEXXZ
+    - ??_FCStrList@@QAEXXZ
+    - ??_FCSystemThread@@QAEXXZ
+    - ??_FCWorkerThread@@QAEXXZ
+    - ??_FCWorkerThreadJob@@QAEXXZ
+    - ??_FCWorkerThreadJobQueue@@QAEXXZ
+    - ??_U@YAPAXIPAVIMemoryAllocator@@PBDK@Z
+    - ??_V@YAXPAX@Z
+    - ?Acquire@CLockEvent@@QAEXXZ
+    - ?Add@CContextList@@QAEEPAVCContext@@@Z
+    - ?Add@CFileExtension@@QAEEPBGK@Z
+    - ?Add@CModuleConfigList@@QAEEPAVCModuleConfig@@@Z
+    - ?Add@CStrList@@QAEEPBG@Z
+    - ?AddNode@CLockList@@UAEEQAXE@Z
+    - ?AddNode@CNoLockList@@UAEEQAXE@Z
+    - ?Alloc@CMemoryAllocator@@UAEPAXKPBDK@Z
+    - ?Alloc@CMemoryPoolAllocator@@UAEPAXKPBDK@Z
+    - ?AllocBlock@CMemoryPoolAllocator@@IAEPAXK@Z
+    - ?AttachJobQueue@CWorkerThread@@QAEXPAVCWorkerThreadJobQueue@@@Z
+    - ?Cancel@CWorkerThreadJob@@QAEXXZ
+    - ?CheckNode@CLockList@@UAEHQAX@Z
+    - ?CheckNode@CNoLockList@@UAEHQAX@Z
+    - ?CleanQueue@CWorkerThreadJobQueue@@QAEXXZ
+    - ?Cleanup@CBlobConfig@@AAEXXZ
+    - ?Cleanup@CModuleFileExtConfig@@IAEXXZ
+    - ?Cleanup@CModuleMultiStringConfig@@IAEXXZ
+    - ?Cleanup@CModuleStringConfig@@AAEXXZ
+    - ?Close@CFile@@QAEJXZ
+    - ?Count@CLockList@@QAEKXZ
+    - ?Count@CNoLockList@@QAEKXZ
+    - ?Create@CFile@@QAEJPBGKKKK@Z
+    - ?Create@CSystemThread@@QAEEXZ
+    - ?CreateInstance@CMemoryAllocator@@SGPAV1@W4_POOL_TYPE@@K@Z
+    - ?CreateInstance@CMemoryPoolAllocator@@SGPAV1@W4_POOL_TYPE@@KKK@Z
+    - ?CreatePool@CWorkerThreadPool@@QAEEXZ
+    - ?CreatePool@CWorkerThreadPoolEx@@QAEEXZ
+    - ?CreateThreads@CWorkerThreadPool@@QAEEK@Z
+    - ?CreateThreads@CWorkerThreadPoolEx@@QAEEK@Z
+    - ?CreateWIRP@CFile@@QAEJPBGKKKK@Z
+    - ?Delete@CFile@@QAEJXZ
+    - ?Delete@CFileExtension@@QAEEPBGK@Z
+    - ?Delete@CStrList@@QAEEPBG@Z
+    - ?DeleteAll@CList@@UAEXXZ
+    - ?DeleteAll@CLockList@@UAEXXZ
+    - ?DeleteAll@CNoLockList@@UAEXXZ
+    - ?DeleteNode@CContextList@@MAEXPAX@Z
+    - ?DeleteNode@CList@@UAEXPAX@Z
+    - ?DeleteNode@CModuleConfigList@@MAEXPAX@Z
+    - ?DeleteNode@CStrList@@EAEXPAU_STR_LIST_NODE@1@@Z
+    - ?DisableWriteProtectFromCR0@@YGXPAPAX@Z
+    - ?DoIt@CWorkerThreadJob@@QAEJXZ
+    - ?EntryPoint@CSystemThread@@KGXPAX@Z
+    - ?Find@CContextList@@QAEPAVCContext@@K@Z
+    - ?Find@CContextList@@QAEPAVCContext@@PAX@Z
+    - ?Find@CFileExtension@@QAEPAU_STR_LIST_NODE@CStrList@@PBGK@Z
+    - ?Find@CModuleConfigList@@QAEPAVCModuleConfig@@K@Z
+    - ?Find@CStrList@@QAEPAU_STR_LIST_NODE@1@PBG@Z
+    - ?FindNode@CContextList@@IAEPAXPAX@Z
+    - ?FindPartiallyAndAllMatch@CStrList@@QAEPAU_STR_LIST_NODE@1@PBG@Z
+    - ?FinishFunction@CUserFuncAdapterJob@@MAEXXZ
+    - ?FinishIt@CWorkerThreadJob@@QAEJXZ
+    - ?First@CList@@UAEPAXXZ
+    - ?First@CLockList@@UAEPAXXZ
+    - ?First@CNoLockList@@UAEPAXXZ
+    - ?Free@CMemoryAllocator@@UAEXPAX@Z
+    - ?Free@CMemoryPoolAllocator@@UAEXPAX@Z
+    - ?GetAttributes@CFile@@QAEKXZ
+    - ?GetBasicInfomration@CFile@@IAEJXZ
+    - ?GetBlobCofig@CContext@@UAEJKPAXPAK@Z
+    - ?GetCategory@CContext@@QAEKXZ
+    - ?GetData@CBlobConfig@@QAEHPAXPAK@Z
+    - ?GetData@CModuleFileExtConfig@@QAEHPAGPAK@Z
+    - ?GetData@CModuleFileExtConfig@@QAEPAVCFileExtension@@XZ
+    - ?GetData@CModuleFlagConfig@@QAEKXZ
+    - ?GetData@CModuleMultiStringConfig@@QAEHPAGPAK@Z
+    - ?GetData@CModuleMultiStringConfig@@QAEPAVCStrList@@XZ
+    - ?GetData@CModuleStringConfig@@QAEPAGXZ
+    - ?GetData@CStrList@@QAEEPAGPAK@Z
+    - ?GetDataType@CModuleConfig@@QAEKXZ
+    - ?GetEngineContext@CContext@@QAEPAXXZ
+    - ?GetFileExtensionConfig@CContext@@QAEPAVCFileExtension@@K@Z
+    - ?GetFileExtensionConfig@CContext@@UAEJKPAGPAK@Z
+    - ?GetFileSize@CFile@@QAEJPAT_LARGE_INTEGER@@@Z
+    - ?GetFileSizeWIRP@CFile@@QAEJPAT_LARGE_INTEGER@@@Z
+    - ?GetFlagConfig@CContext@@UAEJKPAK@Z
+    - ?GetID@CModuleConfig@@QAEKXZ
+    - ?GetJob@CWorkerThreadJobQueue@@QAEPAVCWorkerThreadJob@@XZ
+    - ?GetLength@CModuleStringConfig@@QAEKXZ
+    - ?GetLinkContext@CContext@@QAEPAXXZ
+    - ?GetLogFlag@CDebugLog@@QAEKXZ
+    - ?GetLogFlag@CDebugLogEx@@QAEKXZ
+    - ?GetModuleId@CModuleConfig@@QAEKXZ
+    - ?GetMultiStringConfig@CContext@@QAEPAVCStrList@@K@Z
+    - ?GetMultiStringConfig@CContext@@UAEJKPAGPAK@Z
+    - ?GetOneThreadTEB@CWorkerThreadPool@@QAEPAU_ETHREAD@@XZ
+    - ?GetOneThreadTEB@CWorkerThreadPool@@QAEPAU_KTHREAD@@XZ
+    - ?GetOneThreadTEB@CWorkerThreadPoolEx@@QAEPAU_ETHREAD@@XZ
+    - ?GetOneThreadTEB@CWorkerThreadPoolEx@@QAEPAU_KTHREAD@@XZ
+    - ?GetReportCallBackRoutine@CContext@@QAEKXZ
+    - ?GetSize@CBlobConfig@@QAEKXZ
+    - ?GetStringConfig@CContext@@QAEPAGK@Z
+    - ?GetStringConfig@CContext@@UAEJKPAGPAK@Z
+    - ?GetThreadCount@CWorkerThreadPool@@QAEKXZ
+    - ?GetThreadCount@CWorkerThreadPoolEx@@QAEKXZ
+    - ?GetThreadID@CSystemThread@@QAEKXZ
+    - ?GetType@CContext@@QAEKXZ
+    - ?GetUserParameter@CContext@@QAEKXZ
+    - ?InitProcMon@CDebugLogEx@@IAEXXZ
+    - ?InitializeBlobConfig@CContext@@QAEHKPAXK@Z
+    - ?InitializeFileExtensionConfig@CContext@@QAEHKPBG@Z
+    - ?InitializeFlagConfig@CContext@@QAEHKK@Z
+    - ?InitializeMultiStringConfig@CContext@@QAEHKPBG@Z
+    - ?InitializeStringConfig@CContext@@QAEHKPBG@Z
+    - ?Insert@CList@@UAEXQAXE@Z
+    - ?Insert@CLockList@@UAEXQAXE@Z
+    - ?Insert@CNoLockList@@UAEXQAXE@Z
+    - ?InsertAfter@CList@@UAEXPAX0@Z
+    - ?InsertBefore@CList@@UAEXPAX0@Z
+    - ?Instance@CWorkerThreadPool@@SGPAV1@XZ
+    - ?IsEmpty@CList@@UAEEXZ
+    - ?IsEmpty@CLockList@@UAEEXZ
+    - ?IsEmpty@CNoLockList@@UAEEXZ
+    - ?IsExceedLimitation@CMemoryPoolAllocator@@IAEEK@Z
+    - ?IsFull@CLockList@@QBEEXZ
+    - ?IsFull@CNoLockList@@QBEEXZ
+    - ?IsInExclusionList@CExclusionExtConfig@@QAEEPBG@Z
+    - ?IsInExclusionList@CExclusionFileNameConfig@@QAEEPBG@Z
+    - ?IsInExclusionList@CExclusionFilePathConfig@@QAEEPBG@Z
+    - ?IsInExclusionList@CExclusionFolderConfig@@QAEEPBG@Z
+    - ?IsInExclusionList@CExclusionRegistryConfig@@QAEEPBG@Z
+    - ?IsInInclusionList@CInclusionExtConfig@@QAEEPBG@Z
+    - ?IsInInclusionList@CInclusionFileNameConfig@@QAEEPBG@Z
+    - ?IsInInclusionList@CInclusionFilePathConfig@@QAEEPBG@Z
+    - ?IsInInclusionList@CInclusionFolderConfig@@QAEEPBG@Z
+    - ?IsOpened@CFile@@QAEEXZ
+    - ?IsTerminated@CWorkerThreadPool@@QAEEXZ
+    - ?IsTerminated@CWorkerThreadPoolEx@@QAEEXZ
+    - ?IsValid@CMemoryAllocator@@UAEEXZ
+    - ?IsValid@CMemoryPoolAllocator@@UAEEXZ
+    - ?IsValid@IMemoryAllocator@@UAEEXZ
+    - ?IsWorkerThread@CWorkerThreadPool@@QAEEK@Z
+    - ?IsWorkerThread@CWorkerThreadPoolEx@@QAEEK@Z
+    - ?JobFunction@CUserFuncAdapterJob@@MAEXXZ
+    - ?JobQueue@CWorkerThreadPool@@QAEAAVCWorkerThreadJobQueue@@XZ
+    - ?JobQueue@CWorkerThreadPoolEx@@QAEAAVCWorkerThreadJobQueue@@XZ
+    - ?Limit@CLockList@@QAEKXZ
+    - ?Limit@CNoLockList@@QAEKXZ
+    - ?MatchAllExtensions@CFileExtension@@QAEEXZ
+    - ?MatchNoExtensions@CFileExtension@@QAEEXZ
+    - ?MergeLeft@CMemoryPoolAllocator@@IAEPAXPAX@Z
+    - ?MergeRight@CMemoryPoolAllocator@@IAEPAXPAX@Z
+    - ?NeedDelete@CWorkerThreadJob@@QAEEXZ
+    - ?NeedDeleteWhenFinish@CWorkerThreadJob@@QAEXE@Z
+    - ?NewNode@CList@@UAEPAXXZ
+    - ?NewNode@CStrList@@EAEPAXXZ
+    - ?NewNodeVariant@CList@@IAEPAXK@Z
+    - ?Next@CList@@UBEPAXQAX@Z
+    - ?Next@CLockList@@UBEPAXQAX@Z
+    - ?Next@CNoLockList@@UBEPAXQAX@Z
+    - ?NextPool@CMemoryPoolAllocator@@QAEPAV1@XZ
+    - ?NotityTerminate@CWorkerThread@@QAEXXZ
+    - ?PostJobToWorkerThread@CWorkerThreadPool@@QAEJP6GXPAX@Z0E@Z
+    - ?PostJobToWorkerThread@CWorkerThreadPoolEx@@QAEJP6GXPAX@Z0E1@Z
+    - ?Pulse@CKEvent@@QAEJJE@Z
+    - ?QueueJob@CWorkerThreadJobQueue@@QAEEPAVCWorkerThreadJob@@@Z
+    - ?QueueJobItem@CWorkerThreadPool@@QAEJPAVCWorkerThreadJob@@@Z
+    - ?QueueJobItem@CWorkerThreadPoolEx@@QAEJPAVCWorkerThreadJob@@@Z
+    - ?RCMInstance@CWorkerThreadPool@@SGPAV1@XZ
+    - ?Read@CFile@@QAEJPADKPAK@Z
+    - ?ReadWIRP@CFile@@QAEJPADKPAK@Z
+    - ?ReferenceCount@CContext@@QAEAAKXZ
+    - ?Release@CLockEvent@@QAEXXZ
+    - ?Remove@CContextList@@UAEEQAX@Z
+    - ?Remove@CList@@UAEEQAX@Z
+    - ?Remove@CLockList@@UAEEQAX@Z
+    - ?Remove@CNoLockList@@UAEEQAX@Z
+    - ?RemoveHead@CList@@UAEPAXXZ
+    - ?RemoveHead@CLockList@@UAEPAXXZ
+    - ?RemoveHead@CNoLockList@@UAEPAXXZ
+    - ?RemoveTail@CList@@UAEPAXXZ
+    - ?RemoveTail@CLockList@@UAEPAXXZ
+    - ?RemoveTail@CNoLockList@@UAEPAXXZ
+    - ?Reset@CKEvent@@QAEXXZ
+    - ?ResetData@CInclusionExtConfig@@QAEXXZ
+    - ?ResetData@CInclusionFileNameConfig@@QAEXXZ
+    - ?ResetData@CInclusionFilePathConfig@@QAEXXZ
+    - ?ResetData@CInclusionFolderConfig@@QAEXXZ
+    - ?RestoreCR0@@YGXPAX@Z
+    - ?Run@CAutoUpdateConfigThread@@UAEXXZ
+    - ?Run@CDelayLoadThread@@UAEXXZ
+    - ?Run@CWorkerThread@@UAEXXZ
+    - ?SeekToEnd@CFile@@QAEJXZ
+    - ?Set@CKEvent@@QAEJJE@Z
+    - ?SetAttributes@CFile@@QAEJK@Z
+    - ?SetBlobCofig@CContext@@UAEJKPAXK@Z
+    - ?SetData@CBlobConfig@@QAEHPAXK@Z
+    - ?SetData@CModuleFileExtConfig@@QAEHPBG@Z
+    - ?SetData@CModuleFlagConfig@@QAEHK@Z
+    - ?SetData@CModuleMultiStringConfig@@QAEHPBGK@Z
+    - ?SetData@CModuleStringConfig@@QAEHPBG@Z
+    - ?SetEngineContext@CContext@@QAEXPAX@Z
+    - ?SetFileExtensionConfig@CContext@@UAEJKPBG@Z
+    - ?SetFlagConfig@CContext@@UAEJKK@Z
+    - ?SetLinkContext@CContext@@QAEXPAX@Z
+    - ?SetLogFlag@CDebugLog@@QAEEK@Z
+    - ?SetLogFlag@CDebugLogEx@@QAEEK@Z
+    - ?SetMatchAllExtensions@CFileExtension@@QAEXE@Z
+    - ?SetMatchNoExtensions@CFileExtension@@QAEXE@Z
+    - ?SetMultiStringConfig@CContext@@UAEJKPBG@Z
+    - ?SetNewJobItemEvent@CWorkerThreadJobQueue@@QAEXXZ
+    - ?SetPriority@CSystemThread@@QAEXK@Z
+    - ?SetStopUse@CContext@@QAEXXZ
+    - ?SetStringConfig@CContext@@UAEJKPBG@Z
+    - ?Setup@CSystemThread@@MAEXXZ
+    - ?StopUse@CContext@@QAEHXZ
+    - ?TearDown@CSystemThread@@MAEXXZ
+    - ?Terminate@CSystemThread@@QAEXE@Z
+    - ?Terminate@CWorkerThreadPool@@QAEEXZ
+    - ?Terminate@CWorkerThreadPoolEx@@QAEEXZ
+    - ?TmExceptionFilter@@YGJPAU_EXCEPTION_POINTERS@@@Z
+    - ?Wait@CKEvent@@QAEJPAT_LARGE_INTEGER@@E@Z
+    - ?WaitFinish@CWorkerThreadJob@@QAEXXZ
+    - ?WaitForInit@CDelayLoadThread@@QAEEXZ
+    - ?WaitForLoad@CDelayLoadThread@@QAEEXZ
+    - ?WaitNewJobAvailable@CWorkerThreadJobQueue@@QAEEXZ
+    - ?WaitQueueEmpty@CWorkerThreadJobQueue@@QAEXXZ
+    - ?Write@CDebugLog@@QAAXPBDZZ
+    - ?Write@CDebugLogEx@@QAAXPBDZZ
+    - ?Write@CFile@@QAEJPADKPAT_LARGE_INTEGER@@PAK@Z
+    - ?WriteDataToFile@CDebugLogEx@@IAEXPADK@Z
+    - ?WriteDataToProcMonW@CDebugLogEx@@IAEXPAD@Z
+    - ?WriteSystemInformation@CDebugLog@@QAEXXZ
+    - ?WriteSystemInformation@CDebugLogEx@@QAEXXZ
+    - ?WriteSystemStringInformation@CDebugLog@@IAEXPBG@Z
+    - ?WriteSystemStringInformation@CDebugLogEx@@IAEXPBG@Z
+    - ?WriteToFile@CDebugLog@@IAEXPADK@Z
+    - ?WriteToProcMonW@CDebugLogEx@@IAEXPAU_UNICODE_STRING@@@Z
+    - ?_pNonPagedAllocator@@3PAVCMemoryAllocator@@A
+    - ?_pPagedAllocator@@3PAVCMemoryAllocator@@A
+    - ?m_lpInstance@CWorkerThreadPool@@1PAV1@A
+    - ?m_lpRCMInstance@CWorkerThreadPool@@1PAV1@A
+    - _DeInitKm2UmCommunication@0
+    - _DeInitKmLPC@0
+    - _DuplicateFullFileName@4
+    - _FreeFullFileName@4
+    - _GetKm2UmMode@0
+    - _GetModuleInfoByAddress@8
+    - _GetModuleInfoByModuleName@8
+    - _InitKm2UmCommunication@8
+    - _InitKmLPC@0
+    - _KmCallUm@8
+    - _KmCallUmByLPC@8
+    - _KmCallUmEx@12
+    - _KmCleanupCommPortAPIs@0
+    - _KmGetUmInitProcess@0
+    - _KmSetCommPortAPIs@4
+    - _ModGetExportProcAddress@8
+    - _ModLoadDLLToBuffer@4
+    - _ModLoadDLLToBufferWithImageSize@8
+    - _ModLoadModule@8
+    - _ModUnLoadModule@4
+    - _NormalizeFileName@4
+    - _NormalizeFullNtPathToDosName@4
+    - _TmCommConfigRoutine@4
+    - _UtilAddDeviceInDriveTable@4
+    - _UtilAddReparsePointMapping@8
+    - _UtilCleanFileReadOnly@4
+    - _UtilCreateDosFileName@8
+    - _UtilDeleteFileForce@4
+    - _UtilGetDeviceObjectName@8
+    - _UtilGetFileNameFromFileObject@4
+    - _UtilGetFileObjectForProcessByEPROC@8
+    - _UtilGetFileObjectFromFileName@12
+    - _UtilGetProcessName@12
+    - _UtilGetSystemDirectory@4
+    - _UtilGetSystemDirectoryEx@0
+    - _UtilGetSystemDirectoryLength@0
+    - _UtilGetSystemTime@4
+    - _UtilIoSetFileInfo@24
+    - _UtilIopCreateFileIRP@40
+    - _UtilKeGetLowFileDevice@16
+    - _UtilModuleIATHook@24
+    - _UtilModuleIATUnHook@8
+    - _UtilPostJobToWorkerThread@12
+    - _UtilQueryKeyValue@24
+    - _UtilRemoveDeviceFromDriveTable@4
+    - _UtilVolumeDeviceToDosName@8
+    - _UtilWaitValueChangeToZero@8
+    - _UtilWriteVersionToRegistry@8
+    - _UtilbuildDynamicDiskMappingTable@0
+    - _UtlWriteBinValueKeyToRegistry@16
+    - _ValidateAddressWithSize@20
+    - __UtilDosPathNameToNtPathName@12
+    ImportedFunctions:
+    - wcsrchr
+    - KeSetEvent
+    - KePulseEvent
+    - KeClearEvent
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - ObfDereferenceObject
+    - ZwSetEvent
+    - ZwClose
+    - ZwConnectPort
+    - RtlInitUnicodeString
+    - RtlUnicodeStringToInteger
+    - ZwCreateSection
+    - ZwWaitForSingleObject
+    - ZwOpenEvent
+    - IoGetCurrentProcess
+    - ObfReferenceObject
+    - DbgBreakPoint
+    - ZwRequestWaitReplyPort
+    - ExFreePoolWithTag
+    - ProbeForWrite
+    - ZwFreeVirtualMemory
+    - ZwAllocateVirtualMemory
+    - ObOpenObjectByPointer
+    - PsProcessType
+    - memmove
+    - PsGetProcessExitTime
+    - MmSectionObjectType
+    - PsThreadType
+    - ObReleaseObjectSecurity
+    - SeReleaseSubjectContext
+    - SeAccessCheck
+    - SeCaptureSubjectContext
+    - ObGetObjectSecurity
+    - DbgPrint
+    - memset
+    - MmIsAddressValid
+    - ExInitializeResourceLite
+    - ExDeleteResourceLite
+    - ZwWriteFile
+    - ZwReadFile
+    - ZwQueryInformationFile
+    - ZwSetInformationFile
+    - ZwCreateFile
+    - swprintf
+    - towupper
+    - _wcsnicmp
+    - ExAllocatePoolWithTag
+    - KeInitializeEvent
+    - _snprintf
+    - PsGetCurrentProcessId
+    - RtlTimeToTimeFields
+    - ExSystemTimeToLocalTime
+    - KeQuerySystemTime
+    - PsGetCurrentThreadId
+    - RtlInitAnsiString
+    - ZwDeviceIoControlFile
+    - ZwCreateKey
+    - ZwCreateEvent
+    - KeWaitForMultipleObjects
+    - ObReferenceObjectByHandle
+    - ZwNotifyChangeKey
+    - _vsnprintf
+    - RtlFreeUnicodeString
+    - RtlAnsiStringToUnicodeString
+    - RtlEqualUnicodeString
+    - RtlAppendUnicodeStringToString
+    - RtlCopyUnicodeString
+    - RtlUpcaseUnicodeChar
+    - KeWaitForSingleObject
+    - KeSetPriorityThread
+    - PsTerminateSystemThread
+    - PsCreateSystemThread
+    - KeDelayExecutionThread
+    - KeNumberProcessors
+    - ZwQueryInformationProcess
+    - PsLookupProcessByProcessId
+    - ZwOpenDirectoryObject
+    - PsSetCreateProcessNotifyRoutine
+    - ZwQuerySystemInformation
+    - ZwQueryDirectoryFile
+    - ZwQueryDirectoryObject
+    - ZwDuplicateObject
+    - ZwOpenKey
+    - ZwEnumerateKey
+    - ZwEnumerateValueKey
+    - ZwQueryValueKey
+    - ZwDeleteValueKey
+    - ZwDeleteKey
+    - ExGetPreviousMode
+    - ZwTerminateProcess
+    - ZwOpenProcess
+    - ZwQueryKey
+    - ZwSetValueKey
+    - IoFileObjectType
+    - _allrem
+    - memcpy
+    - IoFreeIrp
+    - IoFreeMdl
+    - MmUnlockPages
+    - IoBuildAsynchronousFsdRequest
+    - _strnicmp
+    - _purecall
+    - RtlAppendUnicodeToString
+    - mbstowcs
+    - ZwQuerySymbolicLinkObject
+    - ZwOpenSymbolicLinkObject
+    - NtClose
+    - ObQueryNameString
+    - MmGetSystemRoutineAddress
+    - ZwSetInformationObject
+    - _stricmp
+    - ZwUnmapViewOfSection
+    - ZwMapViewOfSection
+    - ZwOpenFile
+    - IoCreateFile
+    - IofCallDriver
+    - IoAllocateIrp
+    - MmBuildMdlForNonPagedPool
+    - IoAllocateMdl
+    - ProbeForRead
+    - PsGetVersion
+    - RtlCompareMemory
+    - _snwprintf
+    - MmSystemRangeStart
+    - RtlImageNtHeader
+    - wcsncmp
+    - strrchr
+    - ZwQueryVolumeInformationFile
+    - ObReferenceObjectByPointer
+    - IoBuildDeviceIoControlRequest
+    - ZwOpenSection
+    - _allmul
+    - KeReleaseSemaphore
+    - RtlLengthRequiredSid
+    - RtlInitializeSid
+    - RtlSubAuthoritySid
+    - RtlSetDaclSecurityDescriptor
+    - RtlCreateSecurityDescriptor
+    - RtlAddAccessAllowedAce
+    - RtlCreateAcl
+    - KeInitializeSemaphore
+    - IofCompleteRequest
+    - ExEventObjectType
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - IoCreateSymbolicLink
+    - IoGetDeviceObjectPointer
+    - RtlUpperChar
+    - ObReferenceObjectByName
+    - IoDriverObjectType
+    - RtlCompareUnicodeString
+    - strncpy
+    - KeServiceDescriptorTable
+    - NtOpenProcess
+    - ObOpenObjectByName
+    - NtQueryInformationProcess
+    - PsIsThreadTerminating
+    - KeAddSystemServiceTable
+    - ZwQueryObject
+    - ZwQuerySecurityObject
+    - ObInsertObject
+    - IoReleaseVpbSpinLock
+    - IoAcquireVpbSpinLock
+    - SeCreateAccessState
+    - IoGetFileObjectGenericMapping
+    - ObCreateObject
+    - _allshr
+    - ExInterlockedPopEntrySList
+    - IoGetStackLimits
+    - IoBuildSynchronousFsdRequest
+    - wcsstr
+    - RtlUpcaseUnicodeString
+    - IoUnregisterPlugPlayNotification
+    - FsRtlIsNameInExpression
+    - IoGetConfigurationInformation
+    - MmProbeAndLockPages
+    - IoGetDeviceInterfaces
+    - IoRegisterPlugPlayNotification
+    - ExAllocatePool
+    - RtlFreeAnsiString
+    - RtlUnicodeStringToAnsiString
+    - strncat
+    - wcschr
+    - wcsncat
+    - wcstombs
+    - KeTickCount
+    - KeBugCheckEx
+    - RtlUnwind
+    - wcsncpy
+    - ExReleaseResourceLite
+    - ExAcquireResourceExclusiveLite
+    - ExAcquireResourceSharedLite
+    - ExReleaseFastMutexUnsafe
+    - KeLeaveCriticalRegion
+    - KeEnterCriticalRegion
+    - MmHighestUserAddress
+    - ExAcquireFastMutexUnsafe
+    - ZwSetSecurityObject
+    - IoDeviceObjectType
+    - IoCreateDevice
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetSaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - RtlLengthSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - SeExports
+    - IoIsWdmVersionAvailable
+    - RtlLengthSid
+    - RtlAbsoluteToSelfRelativeSD
+    - RtlQueryRegistryValues
+    - KeGetCurrentThread
+    - KfAcquireSpinLock
+    - KfReleaseSpinLock
+    - KeRaiseIrqlToDpcLevel
+    - KfLowerIrql
+    - ExAcquireFastMutex
+    - ExReleaseFastMutex
+    - KeGetCurrentIrql
+    - KfRaiseIrql
+    - ClassInitialize
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited,
+                CN=COMODO Time Stamping Signer
+            ValidFrom: '2010-05-10 00:00:00'
+            ValidTo: '2015-05-10 23:59:59'
+            Signature: c8fb63f80b75752c3af1f213a72db6a31a9cad0107d3348e77e0c26eae025d484fa4d221b636fd2a35437c6bdf80870b15f0763200b4ceb567a42f2f201b9c549e833f1f5f149562820f2241221f70b3f3f742de6c51cd4bf821ac9b3b8cb1e5e6288fce2a8af9aa524d8c5b77ba4d5a58dbbb6a04cc521e9de228370ebbe70e91c7f8dbf18198ebcd37b30eab65d362ec3aa576eb13a83593c92e0a01ecc0e8cc3d7eb6ebe2c1ecd3149282668750dcfd5097acb34a767306c486113ab35f4304526feab3d074364ccaf11b7984377063ad74b9aa0ef398b08608ebdbe01f8c10f239649bae4f0a2c928a4f18b591e58d1a935f1faef1a6f02e97d0d2f62b3c
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 478a8efb59e1d83f0ce142d2a28707be
+            Version: 3
+            TBS:
+                MD5: f13ede9179075999ef7f856ec31e364b
+                SHA1: 2f09867166e6107e17808317f5c8d4ee157f45bc
+                SHA256: 089a2c4c6ac7432020acdb65c33bf39130da6f37c002ba79128bd4c94e4fa101
+                SHA384: 67be6d358f4ecd0726163603a404db9d78c340951d43fd608482cd89a2de7f9566f0ce45f8222f420003157cb266b939
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-09-30 00:00:00'
+            ValidTo: '2014-01-01 23:59:59'
+            Signature: aedd211d5f8f807ad25209eadb6ed25d8be8c21b6904be51a5010e59fa37d174a3eedced89742b62d5a6bf4fad361754f013e0a345d24c26cbe26da21fd01e7a070fb6b37b6f5068a2e931b3b7997d8070a0a7de0b1ea4fff34d811bdd20c91cc4afcff18ffad9da95f0ecdc5cbfe88c5a3e7ab0a3eb59437411e09b1a6af36f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4d6290e58c54f0f1eb17341a1310e6a4
+            Version: 3
+            TBS:
+                MD5: b7d8444a70054990435f35a5630df5e1
+                SHA1: 4678c6e4a8787a8e6ed2bce8792b122f6c08afd8
+                SHA256: 0a8b4b359ea7890b358e56e436e9cfc6f32b037b2599b597ca7f7a80d475ec98
+                SHA384: ab21ee23bcdcf6f6066fb964d61467419ca8c0f3ad0b3fa2be4db6ed6af1cdff066b27d1988551c75836f22eddffef1f
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=TW, ST=Taiwan, L=Taipei, O=Trend Micro, Inc., OU=Digital ID
+                Class 3 , Microsoft Software Validation v2, CN=Trend Micro, Inc.
+            ValidFrom: '2013-01-17 00:00:00'
+            ValidTo: '2014-03-18 23:59:59'
+            Signature: 65c7e1e0f4051179852b819153b528c88db47ef50e897cd8ce0d03a7cc2dc896c89790410182186fecaf9da5c317bf57b5038311c10c2ec5ddb5c18165a7e92f92a6f39c042262126c714337a7c528041a04679217c1475a30231c967ca63b4430ccea52fe4f16fabb5c454d2aa8cdde347b8beaa973d76b3f9ba99d2597939a33d67ec4abc3974ef3792b8bc90d092cce62309d205129bbcbd3554382f24b2911b4904b09e7f52f24f2cc5a52fa49f3a163c32fde076e917301f22dd45d643b95319bae922bc861e5a8f90d4dd72603c7b1ea0229eca869ab8d086ae5286baeba9b99a12856dc1d3cd9f6d9da4b8d5a85896ba4587d8eba506a4fbba4a7bb49
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1a9d178ad334acdf47c8a0d15bb50e6e
+            Version: 3
+            TBS:
+                MD5: 685d99029d38a9d263ea82cd02a49f6c
+                SHA1: 93464d8f54b4ee7caf22ca1db15a4211e0d3c79e
+                SHA256: 894991f1477dff88c7c0707531073bb59483750bcad672fc388179affca07aa9
+                SHA384: e1e5526fbf2108b827717adc49e251251bb8d43a578cd1796da78fcb26c1757b2779616c46e05caf593c2c5046ac60b4
+        Signer:
+        -   SerialNumber: 1a9d178ad334acdf47c8a0d15bb50e6e
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: db8673928b63031dda3b7e6b364d7157
+        SHA1: c7c04144287b50a964c97c1c0c43c141d3b53037
+        SHA256: 70cca01aa262b7adf0baef899d17c4cbd896bf51543e6b22d4175db6bd26a838
+    Sections:
+        .text:
+            Entropy: 6.681098559035461
+            Virtual Size: '0x34f82'
+        .rdata:
+            Entropy: 4.936666287226947
+            Virtual Size: '0x242c'
+        .data:
+            Entropy: 4.553306241675414
+            Virtual Size: '0x3014'
+        PAGE:
+            Entropy: 6.272967726994635
+            Virtual Size: '0x13dd'
+        .edata:
+            Entropy: 5.845224532240377
+            Virtual Size: '0x551f'
+        INIT:
+            Entropy: 5.617734341199324
+            Virtual Size: '0x168c'
+        .rsrc:
+            Entropy: 3.4065016479078656
+            Virtual Size: '0x760'
+        .reloc:
+            Entropy: 6.578578500694431
+            Virtual Size: '0x329e'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2013-12-09 05:00:06'
+    Imphash: 1de2e6e58f6b19c4ec9ad6ca9fce5c14
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: TmComm.sys
+    MD5: df9953fa93e1793456a8d428ba7e5700
+    SHA1: 8db4376a86bd2164513c178a578a0bf8d90e7292
+    SHA256: 7837cb350338c4958968d06b105466da6518f5bb522a6e70e87c0cad85128408
+    Authentihash:
+        MD5: 33de043781d74ef12f02411b9944186e
+        SHA1: a405bb5d0ca4862f40a0f9eadce8ef068f421004
+        SHA256: d74599ab8960f16e8026dcd564c5407956444c46c3dea6b38b1c243fbbbdc517
+    Description: TrendMicro Common Module
+    Company: Trend Micro Inc.
+    InternalName: TmComm.sys
+    OriginalFilename: TmComm.sys
+    FileVersion: 6.60.0.1056
+    Product: Trend Micro Eyes
+    ProductVersion: '6.60'
+    Copyright: Copyright (C) 2016 Trend Micro Incorporated. All rights reserved.
+    MachineType: I386
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    - CLASSPNP.SYS
+    ExportedFunctions:
+    - ??0CAutoUpdateConfigThread@@QAE@ABV0@@Z
+    - ??0CAutoUpdateConfigThread@@QAE@PAU_UNICODE_STRING@@P6GX0PAX@Z1@Z
+    - ??0CBlobConfig@@QAE@ABV0@@Z
+    - ??0CBlobConfig@@QAE@K@Z
+    - ??0CContext@@QAE@ABV0@@Z
+    - ??0CContext@@QAE@KP6GJPAU_EVENT_REPORT@@PAXPAU_TMCE_REPORT@@PAU_TMCE_FEEDBACK@@@Z1K@Z
+    - ??0CContextList@@QAE@ABV0@@Z
+    - ??0CContextList@@QAE@KPAVIMemoryAllocator@@@Z
+    - ??0CDebugLog@@QAE@ABV0@@Z
+    - ??0CDebugLog@@QAE@PBG@Z
+    - ??0CDebugLogEx@@QAE@ABV0@@Z
+    - ??0CDebugLogEx@@QAE@K@Z
+    - ??0CDelayLoadThread@@QAE@ABV0@@Z
+    - ??0CDelayLoadThread@@QAE@XZ
+    - ??0CExclusionExtConfig@@QAE@ABV0@@Z
+    - ??0CExclusionExtConfig@@QAE@KKE@Z
+    - ??0CExclusionFileNameConfig@@QAE@ABV0@@Z
+    - ??0CExclusionFileNameConfig@@QAE@KK@Z
+    - ??0CExclusionFilePathConfig@@QAE@ABV0@@Z
+    - ??0CExclusionFilePathConfig@@QAE@KK@Z
+    - ??0CExclusionFolderConfig@@QAE@ABV0@@Z
+    - ??0CExclusionFolderConfig@@QAE@KK@Z
+    - ??0CExclusionRegistryConfig@@QAE@ABV0@@Z
+    - ??0CExclusionRegistryConfig@@QAE@KK@Z
+    - ??0CFile@@QAE@ABV0@@Z
+    - ??0CFile@@QAE@E@Z
+    - ??0CFileExtension@@QAE@ABV0@@Z
+    - ??0CFileExtension@@QAE@KEEPAVIMemoryAllocator@@@Z
+    - ??0CInclusionExtConfig@@QAE@ABV0@@Z
+    - ??0CInclusionExtConfig@@QAE@KKE@Z
+    - ??0CInclusionFileNameConfig@@QAE@ABV0@@Z
+    - ??0CInclusionFileNameConfig@@QAE@KK@Z
+    - ??0CInclusionFilePathConfig@@QAE@ABV0@@Z
+    - ??0CInclusionFilePathConfig@@QAE@KK@Z
+    - ??0CInclusionFolderConfig@@QAE@ABV0@@Z
+    - ??0CInclusionFolderConfig@@QAE@KK@Z
+    - ??0CKEvent@@QAE@ABV0@@Z
+    - ??0CKEvent@@QAE@W4_EVENT_TYPE@@E@Z
+    - ??0CList@@QAE@ABV0@@Z
+    - ??0CList@@QAE@KPAVIMemoryAllocator@@@Z
+    - ??0CLockEvent@@QAE@ABV0@@Z
+    - ??0CLockEvent@@QAE@XZ
+    - ??0CLockList@@QAE@ABV0@@Z
+    - ??0CLockList@@QAE@KKPAVIMemoryAllocator@@@Z
+    - ??0CMemoryAllocator@@IAE@W4_POOL_TYPE@@K@Z
+    - ??0CMemoryAllocator@@QAE@ABV0@@Z
+    - ??0CMemoryPoolAllocator@@IAE@W4_POOL_TYPE@@KKK@Z
+    - ??0CMemoryPoolAllocator@@QAE@ABV0@@Z
+    - ??0CModuleConfig@@QAE@ABV0@@Z
+    - ??0CModuleConfig@@QAE@XZ
+    - ??0CModuleConfigList@@QAE@ABV0@@Z
+    - ??0CModuleConfigList@@QAE@KPAVIMemoryAllocator@@@Z
+    - ??0CModuleFileExtConfig@@QAE@ABV0@@Z
+    - ??0CModuleFileExtConfig@@QAE@KKE@Z
+    - ??0CModuleFlagConfig@@QAE@ABV0@@Z
+    - ??0CModuleFlagConfig@@QAE@K@Z
+    - ??0CModuleMultiStringConfig@@QAE@ABV0@@Z
+    - ??0CModuleMultiStringConfig@@QAE@KK@Z
+    - ??0CModuleStringConfig@@QAE@ABV0@@Z
+    - ??0CModuleStringConfig@@QAE@K@Z
+    - ??0CNoLockList@@QAE@ABV0@@Z
+    - ??0CNoLockList@@QAE@KKPAVIMemoryAllocator@@@Z
+    - ??0CSmartLock@@QAE@AAVCLockEvent@@@Z
+    - ??0CSmartLock@@QAE@XZ
+    - ??0CSmartReference@@QAE@AAJ@Z
+    - ??0CSmartReference@@QAE@AAK@Z
+    - ??0CSmartResource@@QAE@AAVCResource@@E@Z
+    - ??0CStrList@@QAE@ABV0@@Z
+    - ??0CStrList@@QAE@KPAVIMemoryAllocator@@@Z
+    - ??0CSystemThread@@QAE@ABV0@@Z
+    - ??0CSystemThread@@QAE@K@Z
+    - ??0CUserFuncAdapterJob@@QAE@ABV0@@Z
+    - ??0CUserFuncAdapterJob@@QAE@P6GXPAX@Z01@Z
+    - ??0CWorkerThread@@IAE@PAVCWorkerThreadJobQueue@@@Z
+    - ??0CWorkerThread@@QAE@ABV0@@Z
+    - ??0CWorkerThreadJob@@QAE@ABV0@@Z
+    - ??0CWorkerThreadJob@@QAE@E@Z
+    - ??0CWorkerThreadJobQueue@@QAE@ABV0@@Z
+    - ??0CWorkerThreadJobQueue@@QAE@K@Z
+    - ??0CWorkerThreadPool@@QAE@ABV0@@Z
+    - ??0CWorkerThreadPool@@QAE@K@Z
+    - ??0CWorkerThreadPoolEx@@QAE@ABV0@@Z
+    - ??0CWorkerThreadPoolEx@@QAE@KK@Z
+    - ??0IMemoryAllocator@@QAE@ABV0@@Z
+    - ??0IMemoryAllocator@@QAE@XZ
+    - ??1CAutoUpdateConfigThread@@UAE@XZ
+    - ??1CBlobConfig@@UAE@XZ
+    - ??1CContext@@UAE@XZ
+    - ??1CContextList@@UAE@XZ
+    - ??1CDebugLog@@UAE@XZ
+    - ??1CDebugLogEx@@UAE@XZ
+    - ??1CDelayLoadThread@@UAE@XZ
+    - ??1CExclusionExtConfig@@UAE@XZ
+    - ??1CExclusionFileNameConfig@@UAE@XZ
+    - ??1CExclusionFilePathConfig@@UAE@XZ
+    - ??1CExclusionFolderConfig@@UAE@XZ
+    - ??1CExclusionRegistryConfig@@UAE@XZ
+    - ??1CFile@@UAE@XZ
+    - ??1CFileExtension@@UAE@XZ
+    - ??1CInclusionExtConfig@@UAE@XZ
+    - ??1CInclusionFileNameConfig@@UAE@XZ
+    - ??1CInclusionFilePathConfig@@UAE@XZ
+    - ??1CInclusionFolderConfig@@UAE@XZ
+    - ??1CKEvent@@UAE@XZ
+    - ??1CList@@UAE@XZ
+    - ??1CLockEvent@@UAE@XZ
+    - ??1CLockList@@UAE@XZ
+    - ??1CMemoryAllocator@@UAE@XZ
+    - ??1CMemoryPoolAllocator@@UAE@XZ
+    - ??1CModuleConfig@@UAE@XZ
+    - ??1CModuleConfigList@@UAE@XZ
+    - ??1CModuleFileExtConfig@@UAE@XZ
+    - ??1CModuleFlagConfig@@UAE@XZ
+    - ??1CModuleMultiStringConfig@@UAE@XZ
+    - ??1CModuleStringConfig@@UAE@XZ
+    - ??1CNoLockList@@UAE@XZ
+    - ??1CSmartLock@@QAE@XZ
+    - ??1CSmartReference@@QAE@XZ
+    - ??1CSmartResource@@QAE@XZ
+    - ??1CStrList@@UAE@XZ
+    - ??1CSystemThread@@UAE@XZ
+    - ??1CUserFuncAdapterJob@@UAE@XZ
+    - ??1CWorkerThread@@UAE@XZ
+    - ??1CWorkerThreadJob@@UAE@XZ
+    - ??1CWorkerThreadJobQueue@@UAE@XZ
+    - ??1CWorkerThreadPool@@UAE@XZ
+    - ??1CWorkerThreadPoolEx@@UAE@XZ
+    - ??1IMemoryAllocator@@UAE@XZ
+    - ??2@YAPAXIPAVIMemoryAllocator@@PBDK@Z
+    - ??2CMemoryAllocator@@SGPAXI@Z
+    - ??2CMemoryPoolAllocator@@SGPAXI@Z
+    - ??3@YAXPAX@Z
+    - ??3IMemoryAllocator@@SGXPAX@Z
+    - ??4CAutoUpdateConfigThread@@QAEAAV0@ABV0@@Z
+    - ??4CBlobConfig@@QAEAAV0@ABV0@@Z
+    - ??4CContext@@QAEAAV0@ABV0@@Z
+    - ??4CDebugLog@@QAEAAV0@ABV0@@Z
+    - ??4CDebugLogEx@@QAEAAV0@ABV0@@Z
+    - ??4CDelayLoadThread@@QAEAAV0@ABV0@@Z
+    - ??4CFile@@QAEAAV0@ABV0@@Z
+    - ??4CKEvent@@QAEAAV0@ABV0@@Z
+    - ??4CLockEvent@@QAEAAV0@ABV0@@Z
+    - ??4CMemoryAllocator@@QAEAAV0@ABV0@@Z
+    - ??4CMemoryPoolAllocator@@QAEAAV0@ABV0@@Z
+    - ??4CModuleConfig@@QAEAAV0@ABV0@@Z
+    - ??4CModuleFlagConfig@@QAEAAV0@ABV0@@Z
+    - ??4CModuleStringConfig@@QAEAAV0@ABV0@@Z
+    - ??4CSmartLock@@QAEAAV0@ABV0@@Z
+    - ??4CSmartLock@@QAEABV0@AAVCLockEvent@@@Z
+    - ??4CSmartResource@@QAEAAV0@ABV0@@Z
+    - ??4CSystemThread@@QAEAAV0@ABV0@@Z
+    - ??4CUserFuncAdapterJob@@QAEAAV0@ABV0@@Z
+    - ??4CWorkerThread@@QAEAAV0@ABV0@@Z
+    - ??4CWorkerThreadJob@@QAEAAV0@ABV0@@Z
+    - ??4IMemoryAllocator@@QAEAAV0@ABV0@@Z
+    - ??_7CAutoUpdateConfigThread@@6B@
+    - ??_7CBlobConfig@@6B@
+    - ??_7CContext@@6B@
+    - ??_7CContextList@@6B@
+    - ??_7CDebugLog@@6B@
+    - ??_7CDebugLogEx@@6B@
+    - ??_7CDelayLoadThread@@6B@
+    - ??_7CExclusionExtConfig@@6B@
+    - ??_7CExclusionFileNameConfig@@6B@
+    - ??_7CExclusionFilePathConfig@@6B@
+    - ??_7CExclusionFolderConfig@@6B@
+    - ??_7CExclusionRegistryConfig@@6B@
+    - ??_7CFile@@6B@
+    - ??_7CFileExtension@@6B@
+    - ??_7CInclusionExtConfig@@6B@
+    - ??_7CInclusionFileNameConfig@@6B@
+    - ??_7CInclusionFilePathConfig@@6B@
+    - ??_7CInclusionFolderConfig@@6B@
+    - ??_7CKEvent@@6B@
+    - ??_7CList@@6B@
+    - ??_7CLockEvent@@6B@
+    - ??_7CLockList@@6B@
+    - ??_7CMemoryAllocator@@6B@
+    - ??_7CMemoryPoolAllocator@@6B@
+    - ??_7CModuleConfig@@6B@
+    - ??_7CModuleConfigList@@6B@
+    - ??_7CModuleFileExtConfig@@6B@
+    - ??_7CModuleFlagConfig@@6B@
+    - ??_7CModuleMultiStringConfig@@6B@
+    - ??_7CModuleStringConfig@@6B@
+    - ??_7CNoLockList@@6B@
+    - ??_7CStrList@@6B@
+    - ??_7CSystemThread@@6B@
+    - ??_7CUserFuncAdapterJob@@6B@
+    - ??_7CWorkerThread@@6B@
+    - ??_7CWorkerThreadJob@@6B@
+    - ??_7CWorkerThreadJobQueue@@6B@
+    - ??_7CWorkerThreadPool@@6B@
+    - ??_7CWorkerThreadPoolEx@@6B@
+    - ??_7IMemoryAllocator@@6B@
+    - ??_FCContextList@@QAEXXZ
+    - ??_FCFile@@QAEXXZ
+    - ??_FCFileExtension@@QAEXXZ
+    - ??_FCModuleConfigList@@QAEXXZ
+    - ??_FCStrList@@QAEXXZ
+    - ??_FCSystemThread@@QAEXXZ
+    - ??_FCWorkerThread@@QAEXXZ
+    - ??_FCWorkerThreadJob@@QAEXXZ
+    - ??_FCWorkerThreadJobQueue@@QAEXXZ
+    - ??_U@YAPAXIPAVIMemoryAllocator@@PBDK@Z
+    - ??_V@YAXPAX@Z
+    - ?Acquire@CLockEvent@@QAEXXZ
+    - ?Add@CContextList@@QAEEPAVCContext@@@Z
+    - ?Add@CFileExtension@@QAEEPBGK@Z
+    - ?Add@CModuleConfigList@@QAEEPAVCModuleConfig@@@Z
+    - ?Add@CStrList@@QAEEPBG@Z
+    - ?AddNode@CLockList@@UAEEQAXE@Z
+    - ?AddNode@CNoLockList@@UAEEQAXE@Z
+    - ?Alloc@CMemoryAllocator@@UAEPAXKPBDK@Z
+    - ?Alloc@CMemoryPoolAllocator@@UAEPAXKPBDK@Z
+    - ?AllocBlock@CMemoryPoolAllocator@@IAEPAXK@Z
+    - ?AttachJobQueue@CWorkerThread@@QAEXPAVCWorkerThreadJobQueue@@@Z
+    - ?Cancel@CWorkerThreadJob@@QAEXXZ
+    - ?CheckNode@CLockList@@UAEHQAX@Z
+    - ?CheckNode@CNoLockList@@UAEHQAX@Z
+    - ?CleanQueue@CWorkerThreadJobQueue@@QAEXXZ
+    - ?Cleanup@CBlobConfig@@AAEXXZ
+    - ?Cleanup@CModuleFileExtConfig@@IAEXXZ
+    - ?Cleanup@CModuleMultiStringConfig@@IAEXXZ
+    - ?Cleanup@CModuleStringConfig@@AAEXXZ
+    - ?Close@CFile@@QAEJXZ
+    - ?Count@CLockList@@QAEKXZ
+    - ?Count@CNoLockList@@QAEKXZ
+    - ?Create@CFile@@QAEJPBGKKKK@Z
+    - ?Create@CSystemThread@@QAEEXZ
+    - ?CreateInstance@CMemoryAllocator@@SGPAV1@W4_POOL_TYPE@@K@Z
+    - ?CreateInstance@CMemoryPoolAllocator@@SGPAV1@W4_POOL_TYPE@@KKK@Z
+    - ?CreatePool@CWorkerThreadPool@@QAEEXZ
+    - ?CreatePool@CWorkerThreadPoolEx@@QAEEXZ
+    - ?CreateThreads@CWorkerThreadPool@@QAEEK@Z
+    - ?CreateThreads@CWorkerThreadPoolEx@@QAEEK@Z
+    - ?CreateWIRP@CFile@@QAEJPBGKKKK@Z
+    - ?Delete@CFile@@QAEJXZ
+    - ?Delete@CFileExtension@@QAEEPBGK@Z
+    - ?Delete@CStrList@@QAEEPBG@Z
+    - ?DeleteAll@CList@@UAEXXZ
+    - ?DeleteAll@CLockList@@UAEXXZ
+    - ?DeleteAll@CNoLockList@@UAEXXZ
+    - ?DeleteNode@CContextList@@MAEXPAX@Z
+    - ?DeleteNode@CList@@UAEXPAX@Z
+    - ?DeleteNode@CModuleConfigList@@MAEXPAX@Z
+    - ?DeleteNode@CStrList@@EAEXPAU_STR_LIST_NODE@1@@Z
+    - ?DisableWriteProtectFromCR0@@YGXPAPAX@Z
+    - ?DoIt@CWorkerThreadJob@@QAEJXZ
+    - ?EntryPoint@CSystemThread@@KGXPAX@Z
+    - ?Find@CContextList@@QAEPAVCContext@@K@Z
+    - ?Find@CContextList@@QAEPAVCContext@@PAX@Z
+    - ?Find@CFileExtension@@QAEPAU_STR_LIST_NODE@CStrList@@PBGK@Z
+    - ?Find@CModuleConfigList@@QAEPAVCModuleConfig@@K@Z
+    - ?Find@CStrList@@QAEPAU_STR_LIST_NODE@1@PBG@Z
+    - ?FindNode@CContextList@@IAEPAXPAX@Z
+    - ?FindPartiallyAndAllMatch@CStrList@@QAEPAU_STR_LIST_NODE@1@PBG@Z
+    - ?FinishFunction@CUserFuncAdapterJob@@MAEXXZ
+    - ?FinishIt@CWorkerThreadJob@@QAEJXZ
+    - ?First@CList@@UAEPAXXZ
+    - ?First@CLockList@@UAEPAXXZ
+    - ?First@CNoLockList@@UAEPAXXZ
+    - ?Free@CMemoryAllocator@@UAEXPAX@Z
+    - ?Free@CMemoryPoolAllocator@@UAEXPAX@Z
+    - ?GetAttributes@CFile@@QAEKXZ
+    - ?GetBasicInfomration@CFile@@IAEJXZ
+    - ?GetBlobCofig@CContext@@UAEJKPAXPAK@Z
+    - ?GetCategory@CContext@@QAEKXZ
+    - ?GetData@CBlobConfig@@QAEHPAXPAK@Z
+    - ?GetData@CModuleFileExtConfig@@QAEHPAGPAK@Z
+    - ?GetData@CModuleFileExtConfig@@QAEPAVCFileExtension@@XZ
+    - ?GetData@CModuleFlagConfig@@QAEKXZ
+    - ?GetData@CModuleMultiStringConfig@@QAEHPAGPAK@Z
+    - ?GetData@CModuleMultiStringConfig@@QAEPAVCStrList@@XZ
+    - ?GetData@CModuleStringConfig@@QAEPAGXZ
+    - ?GetData@CStrList@@QAEEPAGPAK@Z
+    - ?GetDataType@CModuleConfig@@QAEKXZ
+    - ?GetEngineContext@CContext@@QAEPAXXZ
+    - ?GetFileExtensionConfig@CContext@@QAEPAVCFileExtension@@K@Z
+    - ?GetFileExtensionConfig@CContext@@UAEJKPAGPAK@Z
+    - ?GetFileSize@CFile@@QAEJPAT_LARGE_INTEGER@@@Z
+    - ?GetFileSizeWIRP@CFile@@QAEJPAT_LARGE_INTEGER@@@Z
+    - ?GetFlagConfig@CContext@@UAEJKPAK@Z
+    - ?GetID@CModuleConfig@@QAEKXZ
+    - ?GetJob@CWorkerThreadJobQueue@@QAEPAVCWorkerThreadJob@@XZ
+    - ?GetLength@CModuleStringConfig@@QAEKXZ
+    - ?GetLinkContext@CContext@@QAEPAXXZ
+    - ?GetLogFlag@CDebugLog@@QAEKXZ
+    - ?GetLogFlag@CDebugLogEx@@QAEKXZ
+    - ?GetModuleId@CModuleConfig@@QAEKXZ
+    - ?GetMultiStringConfig@CContext@@QAEPAVCStrList@@K@Z
+    - ?GetMultiStringConfig@CContext@@UAEJKPAGPAK@Z
+    - ?GetOneThreadTEB@CWorkerThreadPool@@QAEPAU_ETHREAD@@XZ
+    - ?GetOneThreadTEB@CWorkerThreadPool@@QAEPAU_KTHREAD@@XZ
+    - ?GetOneThreadTEB@CWorkerThreadPoolEx@@QAEPAU_ETHREAD@@XZ
+    - ?GetOneThreadTEB@CWorkerThreadPoolEx@@QAEPAU_KTHREAD@@XZ
+    - ?GetReportCallBackRoutine@CContext@@QAEKXZ
+    - ?GetSize@CBlobConfig@@QAEKXZ
+    - ?GetStringConfig@CContext@@QAEPAGK@Z
+    - ?GetStringConfig@CContext@@UAEJKPAGPAK@Z
+    - ?GetThreadCount@CWorkerThreadPool@@QAEKXZ
+    - ?GetThreadCount@CWorkerThreadPoolEx@@QAEKXZ
+    - ?GetThreadID@CSystemThread@@QAEKXZ
+    - ?GetType@CContext@@QAEKXZ
+    - ?GetUserParameter@CContext@@QAEKXZ
+    - ?InitProcMon@CDebugLogEx@@IAEXXZ
+    - ?InitializeBlobConfig@CContext@@QAEHKPAXK@Z
+    - ?InitializeFileExtensionConfig@CContext@@QAEHKPBG@Z
+    - ?InitializeFlagConfig@CContext@@QAEHKK@Z
+    - ?InitializeMultiStringConfig@CContext@@QAEHKPBG@Z
+    - ?InitializeStringConfig@CContext@@QAEHKPBG@Z
+    - ?Insert@CList@@UAEXQAXE@Z
+    - ?Insert@CLockList@@UAEXQAXE@Z
+    - ?Insert@CNoLockList@@UAEXQAXE@Z
+    - ?InsertAfter@CList@@UAEXPAX0@Z
+    - ?InsertBefore@CList@@UAEXPAX0@Z
+    - ?Instance@CWorkerThreadPool@@SGPAV1@XZ
+    - ?IsEmpty@CList@@UAEEXZ
+    - ?IsEmpty@CLockList@@UAEEXZ
+    - ?IsEmpty@CNoLockList@@UAEEXZ
+    - ?IsExceedLimitation@CMemoryPoolAllocator@@IAEEK@Z
+    - ?IsFull@CLockList@@QBEEXZ
+    - ?IsFull@CNoLockList@@QBEEXZ
+    - ?IsInExclusionList@CExclusionExtConfig@@QAEEPBG@Z
+    - ?IsInExclusionList@CExclusionFileNameConfig@@QAEEPBG@Z
+    - ?IsInExclusionList@CExclusionFilePathConfig@@QAEEPBG@Z
+    - ?IsInExclusionList@CExclusionFolderConfig@@QAEEPBG@Z
+    - ?IsInExclusionList@CExclusionRegistryConfig@@QAEEPBG@Z
+    - ?IsInInclusionList@CInclusionExtConfig@@QAEEPBG@Z
+    - ?IsInInclusionList@CInclusionFileNameConfig@@QAEEPBG@Z
+    - ?IsInInclusionList@CInclusionFilePathConfig@@QAEEPBG@Z
+    - ?IsInInclusionList@CInclusionFolderConfig@@QAEEPBG@Z
+    - ?IsOpened@CFile@@QAEEXZ
+    - ?IsTerminated@CWorkerThreadPool@@QAEEXZ
+    - ?IsTerminated@CWorkerThreadPoolEx@@QAEEXZ
+    - ?IsValid@CMemoryAllocator@@UAEEXZ
+    - ?IsValid@CMemoryPoolAllocator@@UAEEXZ
+    - ?IsValid@IMemoryAllocator@@UAEEXZ
+    - ?IsWorkerThread@CWorkerThreadPool@@QAEEK@Z
+    - ?IsWorkerThread@CWorkerThreadPoolEx@@QAEEK@Z
+    - ?JobFunction@CUserFuncAdapterJob@@MAEXXZ
+    - ?JobQueue@CWorkerThreadPool@@QAEAAVCWorkerThreadJobQueue@@XZ
+    - ?JobQueue@CWorkerThreadPoolEx@@QAEAAVCWorkerThreadJobQueue@@XZ
+    - ?Limit@CLockList@@QAEKXZ
+    - ?Limit@CNoLockList@@QAEKXZ
+    - ?MatchAllExtensions@CFileExtension@@QAEEXZ
+    - ?MatchNoExtensions@CFileExtension@@QAEEXZ
+    - ?MergeLeft@CMemoryPoolAllocator@@IAEPAXPAX@Z
+    - ?MergeRight@CMemoryPoolAllocator@@IAEPAXPAX@Z
+    - ?NeedDelete@CWorkerThreadJob@@QAEEXZ
+    - ?NeedDeleteWhenFinish@CWorkerThreadJob@@QAEXE@Z
+    - ?NewNode@CList@@UAEPAXXZ
+    - ?NewNode@CStrList@@EAEPAXXZ
+    - ?NewNodeVariant@CList@@IAEPAXK@Z
+    - ?Next@CList@@UBEPAXQAX@Z
+    - ?Next@CLockList@@UBEPAXQAX@Z
+    - ?Next@CNoLockList@@UBEPAXQAX@Z
+    - ?NextPool@CMemoryPoolAllocator@@QAEPAV1@XZ
+    - ?NotityTerminate@CWorkerThread@@QAEXXZ
+    - ?PostJobToWorkerThread@CWorkerThreadPool@@QAEJP6GXPAX@Z0E@Z
+    - ?PostJobToWorkerThread@CWorkerThreadPoolEx@@QAEJP6GXPAX@Z0E1@Z
+    - ?Pulse@CKEvent@@QAEJJE@Z
+    - ?QueueJob@CWorkerThreadJobQueue@@QAEEPAVCWorkerThreadJob@@@Z
+    - ?QueueJobItem@CWorkerThreadPool@@QAEJPAVCWorkerThreadJob@@@Z
+    - ?QueueJobItem@CWorkerThreadPoolEx@@QAEJPAVCWorkerThreadJob@@@Z
+    - ?RCMInstance@CWorkerThreadPool@@SGPAV1@XZ
+    - ?Read@CFile@@QAEJPADKPAK@Z
+    - ?ReadWIRP@CFile@@QAEJPADKPAK@Z
+    - ?ReferenceCount@CContext@@QAEAAKXZ
+    - ?Release@CLockEvent@@QAEXXZ
+    - ?Remove@CContextList@@UAEEQAX@Z
+    - ?Remove@CList@@UAEEQAX@Z
+    - ?Remove@CLockList@@UAEEQAX@Z
+    - ?Remove@CNoLockList@@UAEEQAX@Z
+    - ?RemoveHead@CList@@UAEPAXXZ
+    - ?RemoveHead@CLockList@@UAEPAXXZ
+    - ?RemoveHead@CNoLockList@@UAEPAXXZ
+    - ?RemoveTail@CList@@UAEPAXXZ
+    - ?RemoveTail@CLockList@@UAEPAXXZ
+    - ?RemoveTail@CNoLockList@@UAEPAXXZ
+    - ?Reset@CKEvent@@QAEXXZ
+    - ?ResetData@CInclusionExtConfig@@QAEXXZ
+    - ?ResetData@CInclusionFileNameConfig@@QAEXXZ
+    - ?ResetData@CInclusionFilePathConfig@@QAEXXZ
+    - ?ResetData@CInclusionFolderConfig@@QAEXXZ
+    - ?RestoreCR0@@YGXPAX@Z
+    - ?Run@CAutoUpdateConfigThread@@UAEXXZ
+    - ?Run@CDelayLoadThread@@UAEXXZ
+    - ?Run@CWorkerThread@@UAEXXZ
+    - ?SeekToEnd@CFile@@QAEJXZ
+    - ?Set@CKEvent@@QAEJJE@Z
+    - ?SetAttributes@CFile@@QAEJK@Z
+    - ?SetBlobCofig@CContext@@UAEJKPAXK@Z
+    - ?SetData@CBlobConfig@@QAEHPAXK@Z
+    - ?SetData@CModuleFileExtConfig@@QAEHPBG@Z
+    - ?SetData@CModuleFlagConfig@@QAEHK@Z
+    - ?SetData@CModuleMultiStringConfig@@QAEHPBGK@Z
+    - ?SetData@CModuleStringConfig@@QAEHPBG@Z
+    - ?SetEngineContext@CContext@@QAEXPAX@Z
+    - ?SetFileExtensionConfig@CContext@@UAEJKPBG@Z
+    - ?SetFlagConfig@CContext@@UAEJKK@Z
+    - ?SetLinkContext@CContext@@QAEXPAX@Z
+    - ?SetLogFlag@CDebugLog@@QAEEK@Z
+    - ?SetLogFlag@CDebugLogEx@@QAEEK@Z
+    - ?SetMatchAllExtensions@CFileExtension@@QAEXE@Z
+    - ?SetMatchNoExtensions@CFileExtension@@QAEXE@Z
+    - ?SetMultiStringConfig@CContext@@UAEJKPBG@Z
+    - ?SetNewJobItemEvent@CWorkerThreadJobQueue@@QAEXXZ
+    - ?SetPriority@CSystemThread@@QAEXK@Z
+    - ?SetStopUse@CContext@@QAEXXZ
+    - ?SetStringConfig@CContext@@UAEJKPBG@Z
+    - ?Setup@CSystemThread@@MAEXXZ
+    - ?StopUse@CContext@@QAEHXZ
+    - ?TearDown@CSystemThread@@MAEXXZ
+    - ?Terminate@CSystemThread@@QAEXE@Z
+    - ?Terminate@CWorkerThreadPool@@QAEEXZ
+    - ?Terminate@CWorkerThreadPoolEx@@QAEEXZ
+    - ?TmExceptionFilter@@YGJPAU_EXCEPTION_POINTERS@@@Z
+    - ?Wait@CKEvent@@QAEJPAT_LARGE_INTEGER@@E@Z
+    - ?WaitFinish@CWorkerThreadJob@@QAEXXZ
+    - ?WaitForInit@CDelayLoadThread@@QAEEXZ
+    - ?WaitForLoad@CDelayLoadThread@@QAEEXZ
+    - ?WaitNewJobAvailable@CWorkerThreadJobQueue@@QAEEXZ
+    - ?WaitQueueEmpty@CWorkerThreadJobQueue@@QAEXXZ
+    - ?Write@CDebugLog@@QAAXPBDZZ
+    - ?Write@CDebugLogEx@@QAAXPBDZZ
+    - ?Write@CFile@@QAEJPADKPAT_LARGE_INTEGER@@PAK@Z
+    - ?WriteDataToFile@CDebugLogEx@@IAEXPADK@Z
+    - ?WriteDataToProcMonW@CDebugLogEx@@IAEXPAD@Z
+    - ?WriteSystemInformation@CDebugLog@@QAEXXZ
+    - ?WriteSystemInformation@CDebugLogEx@@QAEXXZ
+    - ?WriteSystemStringInformation@CDebugLog@@IAEXPBG@Z
+    - ?WriteSystemStringInformation@CDebugLogEx@@IAEXPBG@Z
+    - ?WriteToFile@CDebugLog@@IAEXPADK@Z
+    - ?WriteToProcMonW@CDebugLogEx@@IAEXPAU_UNICODE_STRING@@@Z
+    - ?_pNonPagedAllocator@@3PAVCMemoryAllocator@@A
+    - ?_pPagedAllocator@@3PAVCMemoryAllocator@@A
+    - ?m_lpInstance@CWorkerThreadPool@@1PAV1@A
+    - ?m_lpRCMInstance@CWorkerThreadPool@@1PAV1@A
+    - _DeInitKm2UmCommunication@0
+    - _DeInitKmLPC@0
+    - _DuplicateFullFileName@4
+    - _FreeFullFileName@4
+    - _GetKm2UmMode@0
+    - _GetModuleInfoByAddress@8
+    - _GetModuleInfoByModuleName@8
+    - _InitKm2UmCommunication@8
+    - _InitKmLPC@0
+    - _IsVerifierCodeCheckFlagOn@0
+    - _IsWindows8_1_update@4
+    - _KmCallUm@8
+    - _KmCallUmByLPC@8
+    - _KmCallUmEx@12
+    - _KmCleanupCommPortAPIs@0
+    - _KmGetUmInitProcess@0
+    - _KmSetCommPortAPIs@4
+    - _ModGetExportProcAddress@8
+    - _ModLoadDLLToBuffer@4
+    - _ModLoadDLLToBufferWithImageSize@8
+    - _ModLoadModule@8
+    - _ModUnLoadModule@4
+    - _NormalizeFileName@4
+    - _NormalizeFullNtPathToDosName@4
+    - _TmCommConfigRoutine@4
+    - _UtilAddDeviceInDriveTable@4
+    - _UtilAddReparsePointMapping@8
+    - _UtilCleanFileReadOnly@4
+    - _UtilCloseExclusiveHandle@12
+    - _UtilCreateDosFileName@8
+    - _UtilDeleteFileForce@4
+    - _UtilGetDeviceObjectName@8
+    - _UtilGetFileNameFromFileObject@4
+    - _UtilGetFileObjectForProcessByEPROC@8
+    - _UtilGetFileObjectFromFileName@12
+    - _UtilGetProcessName@12
+    - _UtilGetSystemDirectory@4
+    - _UtilGetSystemDirectoryEx@0
+    - _UtilGetSystemDirectoryLength@0
+    - _UtilGetSystemTime@4
+    - _UtilIoSetFileInfo@24
+    - _UtilIopCreateFileIRP@40
+    - _UtilKeGetLowFileDevice@16
+    - _UtilModuleIATHook@24
+    - _UtilModuleIATUnHook@8
+    - _UtilPostJobToWorkerThread@12
+    - _UtilQueryExclusiveHandle@12
+    - _UtilQueryKeyValue@24
+    - _UtilRemoveDeviceFromDriveTable@4
+    - _UtilVolumeDeviceToDosName@8
+    - _UtilWaitValueChangeToZero@8
+    - _UtilWriteVersionToRegistry@8
+    - _UtilbuildDynamicDiskMappingTable@0
+    - _UtlWriteBinValueKeyToRegistry@16
+    - _ValidateAddressWithSize@20
+    - __ResetProtectFromClose@4
+    - __UtilDosPathNameToNtPathName@12
+    ImportedFunctions:
+    - wcsrchr
+    - KeSetEvent
+    - KePulseEvent
+    - KeClearEvent
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - ObfDereferenceObject
+    - ZwSetEvent
+    - ZwClose
+    - ZwConnectPort
+    - RtlInitUnicodeString
+    - RtlUnicodeStringToInteger
+    - ZwCreateSection
+    - ZwWaitForSingleObject
+    - ZwOpenEvent
+    - IoGetCurrentProcess
+    - ObfReferenceObject
+    - DbgBreakPoint
+    - ZwRequestWaitReplyPort
+    - ExFreePoolWithTag
+    - ProbeForWrite
+    - ZwFreeVirtualMemory
+    - ZwAllocateVirtualMemory
+    - ObOpenObjectByPointer
+    - PsProcessType
+    - memmove
+    - PsGetProcessExitTime
+    - MmSectionObjectType
+    - PsThreadType
+    - MmGetSystemRoutineAddress
+    - ObReleaseObjectSecurity
+    - SeReleaseSubjectContext
+    - SeAccessCheck
+    - SeCaptureSubjectContext
+    - ObGetObjectSecurity
+    - DbgPrint
+    - memset
+    - MmIsAddressValid
+    - ExInitializeResourceLite
+    - ExDeleteResourceLite
+    - ZwWriteFile
+    - ZwReadFile
+    - ZwQueryInformationFile
+    - ZwSetInformationFile
+    - ZwCreateFile
+    - swprintf
+    - towupper
+    - _wcsnicmp
+    - ExAllocatePoolWithTag
+    - KeInitializeEvent
+    - _snprintf
+    - PsGetCurrentProcessId
+    - RtlTimeToTimeFields
+    - ExSystemTimeToLocalTime
+    - KeQuerySystemTime
+    - PsGetCurrentThreadId
+    - RtlInitAnsiString
+    - ZwDeviceIoControlFile
+    - ZwCreateKey
+    - ZwCreateEvent
+    - KeWaitForMultipleObjects
+    - ObReferenceObjectByHandle
+    - ZwNotifyChangeKey
+    - _vsnprintf
+    - RtlFreeUnicodeString
+    - RtlAnsiStringToUnicodeString
+    - RtlEqualUnicodeString
+    - RtlAppendUnicodeStringToString
+    - RtlCopyUnicodeString
+    - RtlUpcaseUnicodeChar
+    - ExGetPreviousMode
+    - KeWaitForSingleObject
+    - KeSetPriorityThread
+    - PsTerminateSystemThread
+    - PsCreateSystemThread
+    - KeDelayExecutionThread
+    - KeNumberProcessors
+    - ZwQueryInformationProcess
+    - PsLookupProcessByProcessId
+    - ZwOpenDirectoryObject
+    - PsSetCreateProcessNotifyRoutine
+    - ZwQuerySystemInformation
+    - ZwQueryDirectoryFile
+    - ZwQueryDirectoryObject
+    - ZwDuplicateObject
+    - ZwOpenKey
+    - ZwEnumerateKey
+    - ZwEnumerateValueKey
+    - ZwQueryValueKey
+    - ZwDeleteValueKey
+    - ZwDeleteKey
+    - ZwTerminateProcess
+    - ZwOpenProcess
+    - ZwQueryKey
+    - ZwSetValueKey
+    - IoFileObjectType
+    - _allrem
+    - memcpy
+    - ZwSetSecurityObject
+    - RtlLengthSecurityDescriptor
+    - MmHighestUserAddress
+    - IoFreeIrp
+    - IoFreeMdl
+    - _purecall
+    - IoBuildAsynchronousFsdRequest
+    - _strnicmp
+    - RtlQueryRegistryValues
+    - RtlAppendUnicodeToString
+    - mbstowcs
+    - ZwQuerySymbolicLinkObject
+    - ZwOpenSymbolicLinkObject
+    - NtClose
+    - ObQueryNameString
+    - ZwSetInformationObject
+    - _stricmp
+    - ZwUnmapViewOfSection
+    - ZwMapViewOfSection
+    - ZwOpenFile
+    - IoCreateFile
+    - IofCallDriver
+    - IoAllocateIrp
+    - MmBuildMdlForNonPagedPool
+    - IoAllocateMdl
+    - ProbeForRead
+    - PsGetVersion
+    - RtlImageNtHeader
+    - RtlCompareMemory
+    - RtlUpcaseUnicodeString
+    - _snwprintf
+    - MmSystemRangeStart
+    - wcsncmp
+    - RtlCompareUnicodeString
+    - strrchr
+    - ZwQueryVolumeInformationFile
+    - ObReferenceObjectByPointer
+    - IoBuildDeviceIoControlRequest
+    - ZwOpenSection
+    - _allmul
+    - KeReleaseSemaphore
+    - RtlLengthRequiredSid
+    - RtlInitializeSid
+    - RtlSubAuthoritySid
+    - RtlSetDaclSecurityDescriptor
+    - RtlCreateSecurityDescriptor
+    - RtlAddAccessAllowedAce
+    - RtlCreateAcl
+    - KeInitializeSemaphore
+    - IofCompleteRequest
+    - ExEventObjectType
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - IoCreateSymbolicLink
+    - IoGetDeviceObjectPointer
+    - RtlUpperChar
+    - ObReferenceObjectByName
+    - IoDriverObjectType
+    - strncpy
+    - KeServiceDescriptorTable
+    - NtOpenProcess
+    - ObOpenObjectByName
+    - NtQueryInformationProcess
+    - PsIsThreadTerminating
+    - KeAddSystemServiceTable
+    - ZwQueryObject
+    - ZwFsControlFile
+    - ObInsertObject
+    - IoReleaseVpbSpinLock
+    - IoAcquireVpbSpinLock
+    - SeCreateAccessState
+    - IoGetFileObjectGenericMapping
+    - ObCreateObject
+    - _allshr
+    - ExInterlockedPopEntrySList
+    - IoGetStackLimits
+    - IoBuildSynchronousFsdRequest
+    - wcsstr
+    - IoUnregisterPlugPlayNotification
+    - FsRtlIsNameInExpression
+    - IoGetConfigurationInformation
+    - MmProbeAndLockPages
+    - IoGetDeviceInterfaces
+    - IoRegisterPlugPlayNotification
+    - ExAllocatePool
+    - RtlFreeAnsiString
+    - RtlUnicodeStringToAnsiString
+    - strncat
+    - wcschr
+    - wcsncat
+    - wcstombs
+    - KeTickCount
+    - KeBugCheckEx
+    - RtlUnwind
+    - wcsncpy
+    - ExReleaseResourceLite
+    - ExAcquireResourceExclusiveLite
+    - ExAcquireResourceSharedLite
+    - ExReleaseFastMutexUnsafe
+    - KeLeaveCriticalRegion
+    - KeEnterCriticalRegion
+    - ZwQuerySecurityObject
+    - ExAcquireFastMutexUnsafe
+    - IoDeviceObjectType
+    - IoCreateDevice
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetSaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - SeExports
+    - IoIsWdmVersionAvailable
+    - RtlLengthSid
+    - RtlAbsoluteToSelfRelativeSD
+    - MmUnlockPages
+    - KeGetCurrentThread
+    - KfAcquireSpinLock
+    - KfReleaseSpinLock
+    - KeRaiseIrqlToDpcLevel
+    - KfLowerIrql
+    - ExAcquireFastMutex
+    - ExReleaseFastMutex
+    - KeGetCurrentIrql
+    - KfRaiseIrql
+    - ClassInitialize
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited,
+                CN=COMODO SHA,1 Time Stamping Signer
+            ValidFrom: '2015-12-31 00:00:00'
+            ValidTo: '2019-07-09 18:40:36'
+            Signature: ba332440408c7cdb589fb36098b2f5c031feeb1f6e50f60ae0e4e681ad2687a2dffdb3daf473f300fb291b891b153edb6b52932bc4ac3981d73c67579a3936e028089ae3394f9b89097f7bc5617f598932250a6aae1a3ef0a227a8b6c3b887f7160448413d5cd8ec9f4d203104d965a1edcd690753163ddd36020a88eb40e506300bb8164bdcefbc5509ffc63e122e76b3dcce42eff97657e1b70a054098589a5d711693718c6581ea6ff389f7fb73adb4e7bfd98e6faa0b4f25f3b8e1d5dd75986881f8aac0d180c2c4c43989c1f6c99e6cd774f9d997f84fc29a0acd5e8ff819e9e0a59fc4f09221e62d7925c922f9c3f03a8457ad3a16f46394101d5dd0c6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1688f039255e638e69143907e6330b
+            Version: 3
+            TBS:
+                MD5: 0179e8ddeebaf8998fec419d65cdf13d
+                SHA1: 34c724c3369f2da8c25b591808962f66f10bde28
+                SHA256: 35b0bac11602847aaab65fb35199d3c8976cde3ccf7e061b130177c712cbd92f
+                SHA384: 85f2e758b5480eb225ae42777ed339de71da458c1d40677c0fb6ef8e560e42764a577335e4839b5342061c31ee837b6e
+        -   Subject: C=TW, ST=Taiwan, L=Taipei, O=Trend Micro, Inc., CN=Trend Micro,
+                Inc.
+            ValidFrom: '2016-03-29 00:00:00'
+            ValidTo: '2017-06-28 23:59:59'
+            Signature: 27351697f046d1d43fe306dff30b83e7a404e3e6431c1e06829c558d99eb3f21776021e3e1bd4e485aba08b89bb0972f23daa471d7b432a44a591270f9a838f13dbda32ee936c0df792cff8c493e1f27b2282b3d896ae7b4155ca1a50bf7111f3f4bbbe11f17cfe5d49c0589c210966ef7e567153e802d2e783ff498c59585598d9d3e93273d1e81c07ce85c0cfb24834d448c3930120f1686bd472d916ac8f9475acfdb27be8528311f668d71dfc132a0ff62df7baa575a0cc732b3de003beca214954d4d97cf9511b9329eccbb7b716675b31e543a43570080dffce3fc8ca8fbb17d954b9678e2d0c1e1710a5cf03952a687fede59dcba3bf98900f9934f12
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 774d49c5649436de6bf3190a67eedcdf
+            Version: 3
+            TBS:
+                MD5: b3ca7d6b821d8e3432b29874980af55e
+                SHA1: 618d7e55a24c1d8b65a0bcce79120c5e3b13fa4d
+                SHA256: c645c6a7dc7243a4a3f78a6569c029401a7bda8bc4732ce7198d9f21f19b12fa
+                SHA384: a215ae468847498103234ed023774ba72f8d35f82f2fef5ca8521f020e7ea9c1f2df2a312743bff5fa65747b0760ec59
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 774d49c5649436de6bf3190a67eedcdf
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: c060a624a43f3a4972ee081f9209e4d3
+        SHA1: e630bbef7195d2e1c16d683b8f18c182aef98dc7
+        SHA256: b574f3894ffb1b628c20191e085a4ada2a5f0eb04ea86a3a1ddc1d9fffd22f99
+    Sections:
+        .text:
+            Entropy: 6.673561666527176
+            Virtual Size: '0x38cae'
+        .rdata:
+            Entropy: 4.979849623381759
+            Virtual Size: '0x245c'
+        .data:
+            Entropy: 4.14651912575915
+            Virtual Size: '0x33c8'
+        PAGE:
+            Entropy: 6.277515265606626
+            Virtual Size: '0x13dd'
+        .edata:
+            Entropy: 5.8225858614570685
+            Virtual Size: '0x55d9'
+        INIT:
+            Entropy: 5.690208258374318
+            Virtual Size: '0x16a2'
+        .rsrc:
+            Entropy: 3.3994669099172996
+            Virtual Size: '0x760'
+        .reloc:
+            Entropy: 6.591495714645472
+            Virtual Size: '0x35fa'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2016-08-12 00:50:21'
+    Imphash: 5f4063ab963abff76d0d83d239697e36
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: TmComm.sys
+    MD5: 58a92520dda53166e322118ee0503364
+    SHA1: d2be76e79741454b4611675b58446e10fc3d0c6c
+    SHA256: 7c731c0ea7f28671ab7787800db69739ea5cd6be16ea21045b4580cf95cbf73b
+    Authentihash:
+        MD5: 7311c7bcd55dd7a769f43b480c1978d8
+        SHA1: 390bd5d395784a675a3b62929407a4f83e0bcc87
+        SHA256: 2175f4289f3bae19b058e5a4f590c200bede255cd2716dfb054d5e0840f70359
+    Description: TrendMicro Common Module
+    Company: Trend Micro Inc.
+    InternalName: TmComm.sys
+    OriginalFilename: TmComm.sys
+    FileVersion: 6.70.0.1129
+    Product: Trend Micro Eyes
+    ProductVersion: '6.70'
+    Copyright: Copyright  (C)  2020 Trend Micro Incorporated. All rights reserved.
+    MachineType: I386
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    - CLASSPNP.SYS
+    ExportedFunctions:
+    - ??0CAutoUpdateConfigThread@@QAE@ABV0@@Z
+    - ??0CAutoUpdateConfigThread@@QAE@PAU_UNICODE_STRING@@P6GX0PAX@Z1@Z
+    - ??0CBlobConfig@@QAE@ABV0@@Z
+    - ??0CBlobConfig@@QAE@K@Z
+    - ??0CContext@@QAE@ABV0@@Z
+    - ??0CContext@@QAE@KP6GJPAU_EVENT_REPORT@@PAXPAU_TMCE_REPORT@@PAU_TMCE_FEEDBACK@@@Z1K@Z
+    - ??0CContextList@@QAE@ABV0@@Z
+    - ??0CContextList@@QAE@KPAVIMemoryAllocator@@@Z
+    - ??0CDebugLog@@QAE@ABV0@@Z
+    - ??0CDebugLog@@QAE@PBG@Z
+    - ??0CDebugLogEx@@QAE@ABV0@@Z
+    - ??0CDebugLogEx@@QAE@K@Z
+    - ??0CDelayLoadThread@@QAE@ABV0@@Z
+    - ??0CDelayLoadThread@@QAE@XZ
+    - ??0CExclusionExtConfig@@QAE@ABV0@@Z
+    - ??0CExclusionExtConfig@@QAE@KKE@Z
+    - ??0CExclusionFileNameConfig@@QAE@ABV0@@Z
+    - ??0CExclusionFileNameConfig@@QAE@KK@Z
+    - ??0CExclusionFilePathConfig@@QAE@ABV0@@Z
+    - ??0CExclusionFilePathConfig@@QAE@KK@Z
+    - ??0CExclusionFolderConfig@@QAE@ABV0@@Z
+    - ??0CExclusionFolderConfig@@QAE@KK@Z
+    - ??0CExclusionRegistryConfig@@QAE@ABV0@@Z
+    - ??0CExclusionRegistryConfig@@QAE@KK@Z
+    - ??0CFile@@QAE@ABV0@@Z
+    - ??0CFile@@QAE@E@Z
+    - ??0CFileExtension@@QAE@ABV0@@Z
+    - ??0CFileExtension@@QAE@KEEPAVIMemoryAllocator@@@Z
+    - ??0CInclusionExtConfig@@QAE@ABV0@@Z
+    - ??0CInclusionExtConfig@@QAE@KKE@Z
+    - ??0CInclusionFileNameConfig@@QAE@ABV0@@Z
+    - ??0CInclusionFileNameConfig@@QAE@KK@Z
+    - ??0CInclusionFilePathConfig@@QAE@ABV0@@Z
+    - ??0CInclusionFilePathConfig@@QAE@KK@Z
+    - ??0CInclusionFolderConfig@@QAE@ABV0@@Z
+    - ??0CInclusionFolderConfig@@QAE@KK@Z
+    - ??0CKEvent@@QAE@ABV0@@Z
+    - ??0CKEvent@@QAE@W4_EVENT_TYPE@@E@Z
+    - ??0CList@@QAE@ABV0@@Z
+    - ??0CList@@QAE@KPAVIMemoryAllocator@@@Z
+    - ??0CLockEvent@@QAE@ABV0@@Z
+    - ??0CLockEvent@@QAE@XZ
+    - ??0CLockList@@QAE@ABV0@@Z
+    - ??0CLockList@@QAE@KKPAVIMemoryAllocator@@@Z
+    - ??0CMemoryAllocator@@IAE@W4_POOL_TYPE@@K@Z
+    - ??0CMemoryAllocator@@QAE@ABV0@@Z
+    - ??0CMemoryPoolAllocator@@IAE@W4_POOL_TYPE@@KKK@Z
+    - ??0CMemoryPoolAllocator@@QAE@ABV0@@Z
+    - ??0CModuleConfig@@QAE@ABV0@@Z
+    - ??0CModuleConfig@@QAE@XZ
+    - ??0CModuleConfigList@@QAE@ABV0@@Z
+    - ??0CModuleConfigList@@QAE@KPAVIMemoryAllocator@@@Z
+    - ??0CModuleFileExtConfig@@QAE@ABV0@@Z
+    - ??0CModuleFileExtConfig@@QAE@KKE@Z
+    - ??0CModuleFlagConfig@@QAE@ABV0@@Z
+    - ??0CModuleFlagConfig@@QAE@K@Z
+    - ??0CModuleMultiStringConfig@@QAE@ABV0@@Z
+    - ??0CModuleMultiStringConfig@@QAE@KK@Z
+    - ??0CModuleStringConfig@@QAE@ABV0@@Z
+    - ??0CModuleStringConfig@@QAE@K@Z
+    - ??0CNoLockList@@QAE@ABV0@@Z
+    - ??0CNoLockList@@QAE@KKPAVIMemoryAllocator@@@Z
+    - ??0CSmartLock@@QAE@AAVCLockEvent@@@Z
+    - ??0CSmartLock@@QAE@XZ
+    - ??0CSmartReference@@QAE@AAJ@Z
+    - ??0CSmartReference@@QAE@AAK@Z
+    - ??0CSmartResource@@QAE@AAVCResource@@E@Z
+    - ??0CStrList@@QAE@ABV0@@Z
+    - ??0CStrList@@QAE@KPAVIMemoryAllocator@@@Z
+    - ??0CSystemThread@@QAE@ABV0@@Z
+    - ??0CSystemThread@@QAE@K@Z
+    - ??0CUserFuncAdapterJob@@QAE@ABV0@@Z
+    - ??0CUserFuncAdapterJob@@QAE@P6GXPAX@Z01@Z
+    - ??0CWorkerThread@@IAE@PAVCWorkerThreadJobQueue@@@Z
+    - ??0CWorkerThread@@QAE@ABV0@@Z
+    - ??0CWorkerThreadJob@@QAE@ABV0@@Z
+    - ??0CWorkerThreadJob@@QAE@E@Z
+    - ??0CWorkerThreadJobQueue@@QAE@ABV0@@Z
+    - ??0CWorkerThreadJobQueue@@QAE@K@Z
+    - ??0CWorkerThreadPool@@QAE@ABV0@@Z
+    - ??0CWorkerThreadPool@@QAE@K@Z
+    - ??0CWorkerThreadPoolEx@@QAE@ABV0@@Z
+    - ??0CWorkerThreadPoolEx@@QAE@KK@Z
+    - ??0IMemoryAllocator@@QAE@ABV0@@Z
+    - ??0IMemoryAllocator@@QAE@XZ
+    - ??1CAutoUpdateConfigThread@@UAE@XZ
+    - ??1CBlobConfig@@UAE@XZ
+    - ??1CContext@@UAE@XZ
+    - ??1CContextList@@UAE@XZ
+    - ??1CDebugLog@@UAE@XZ
+    - ??1CDebugLogEx@@UAE@XZ
+    - ??1CDelayLoadThread@@UAE@XZ
+    - ??1CExclusionExtConfig@@UAE@XZ
+    - ??1CExclusionFileNameConfig@@UAE@XZ
+    - ??1CExclusionFilePathConfig@@UAE@XZ
+    - ??1CExclusionFolderConfig@@UAE@XZ
+    - ??1CExclusionRegistryConfig@@UAE@XZ
+    - ??1CFile@@UAE@XZ
+    - ??1CFileExtension@@UAE@XZ
+    - ??1CInclusionExtConfig@@UAE@XZ
+    - ??1CInclusionFileNameConfig@@UAE@XZ
+    - ??1CInclusionFilePathConfig@@UAE@XZ
+    - ??1CInclusionFolderConfig@@UAE@XZ
+    - ??1CKEvent@@UAE@XZ
+    - ??1CList@@UAE@XZ
+    - ??1CLockEvent@@UAE@XZ
+    - ??1CLockList@@UAE@XZ
+    - ??1CMemoryAllocator@@UAE@XZ
+    - ??1CMemoryPoolAllocator@@UAE@XZ
+    - ??1CModuleConfig@@UAE@XZ
+    - ??1CModuleConfigList@@UAE@XZ
+    - ??1CModuleFileExtConfig@@UAE@XZ
+    - ??1CModuleFlagConfig@@UAE@XZ
+    - ??1CModuleMultiStringConfig@@UAE@XZ
+    - ??1CModuleStringConfig@@UAE@XZ
+    - ??1CNoLockList@@UAE@XZ
+    - ??1CSmartLock@@QAE@XZ
+    - ??1CSmartReference@@QAE@XZ
+    - ??1CSmartResource@@QAE@XZ
+    - ??1CStrList@@UAE@XZ
+    - ??1CSystemThread@@UAE@XZ
+    - ??1CUserFuncAdapterJob@@UAE@XZ
+    - ??1CWorkerThread@@UAE@XZ
+    - ??1CWorkerThreadJob@@UAE@XZ
+    - ??1CWorkerThreadJobQueue@@UAE@XZ
+    - ??1CWorkerThreadPool@@UAE@XZ
+    - ??1CWorkerThreadPoolEx@@UAE@XZ
+    - ??1IMemoryAllocator@@UAE@XZ
+    - ??2@YAPAXIPAVIMemoryAllocator@@PBDK@Z
+    - ??2CMemoryAllocator@@SGPAXI@Z
+    - ??2CMemoryPoolAllocator@@SGPAXI@Z
+    - ??3@YAXPAX@Z
+    - ??3IMemoryAllocator@@SGXPAX@Z
+    - ??4CAutoUpdateConfigThread@@QAEAAV0@ABV0@@Z
+    - ??4CBlobConfig@@QAEAAV0@ABV0@@Z
+    - ??4CContext@@QAEAAV0@ABV0@@Z
+    - ??4CDebugLog@@QAEAAV0@ABV0@@Z
+    - ??4CDebugLogEx@@QAEAAV0@ABV0@@Z
+    - ??4CDelayLoadThread@@QAEAAV0@ABV0@@Z
+    - ??4CFile@@QAEAAV0@ABV0@@Z
+    - ??4CKEvent@@QAEAAV0@ABV0@@Z
+    - ??4CLockEvent@@QAEAAV0@ABV0@@Z
+    - ??4CMemoryAllocator@@QAEAAV0@ABV0@@Z
+    - ??4CMemoryPoolAllocator@@QAEAAV0@ABV0@@Z
+    - ??4CModuleConfig@@QAEAAV0@ABV0@@Z
+    - ??4CModuleFlagConfig@@QAEAAV0@ABV0@@Z
+    - ??4CModuleStringConfig@@QAEAAV0@ABV0@@Z
+    - ??4CSmartLock@@QAEAAV0@ABV0@@Z
+    - ??4CSmartLock@@QAEABV0@AAVCLockEvent@@@Z
+    - ??4CSmartResource@@QAEAAV0@ABV0@@Z
+    - ??4CSystemThread@@QAEAAV0@ABV0@@Z
+    - ??4CUserFuncAdapterJob@@QAEAAV0@ABV0@@Z
+    - ??4CWorkerThread@@QAEAAV0@ABV0@@Z
+    - ??4CWorkerThreadJob@@QAEAAV0@ABV0@@Z
+    - ??4IMemoryAllocator@@QAEAAV0@ABV0@@Z
+    - ??_7CAutoUpdateConfigThread@@6B@
+    - ??_7CBlobConfig@@6B@
+    - ??_7CContext@@6B@
+    - ??_7CContextList@@6B@
+    - ??_7CDebugLog@@6B@
+    - ??_7CDebugLogEx@@6B@
+    - ??_7CDelayLoadThread@@6B@
+    - ??_7CExclusionExtConfig@@6B@
+    - ??_7CExclusionFileNameConfig@@6B@
+    - ??_7CExclusionFilePathConfig@@6B@
+    - ??_7CExclusionFolderConfig@@6B@
+    - ??_7CExclusionRegistryConfig@@6B@
+    - ??_7CFile@@6B@
+    - ??_7CFileExtension@@6B@
+    - ??_7CInclusionExtConfig@@6B@
+    - ??_7CInclusionFileNameConfig@@6B@
+    - ??_7CInclusionFilePathConfig@@6B@
+    - ??_7CInclusionFolderConfig@@6B@
+    - ??_7CKEvent@@6B@
+    - ??_7CList@@6B@
+    - ??_7CLockEvent@@6B@
+    - ??_7CLockList@@6B@
+    - ??_7CMemoryAllocator@@6B@
+    - ??_7CMemoryPoolAllocator@@6B@
+    - ??_7CModuleConfig@@6B@
+    - ??_7CModuleConfigList@@6B@
+    - ??_7CModuleFileExtConfig@@6B@
+    - ??_7CModuleFlagConfig@@6B@
+    - ??_7CModuleMultiStringConfig@@6B@
+    - ??_7CModuleStringConfig@@6B@
+    - ??_7CNoLockList@@6B@
+    - ??_7CStrList@@6B@
+    - ??_7CSystemThread@@6B@
+    - ??_7CUserFuncAdapterJob@@6B@
+    - ??_7CWorkerThread@@6B@
+    - ??_7CWorkerThreadJob@@6B@
+    - ??_7CWorkerThreadJobQueue@@6B@
+    - ??_7CWorkerThreadPool@@6B@
+    - ??_7CWorkerThreadPoolEx@@6B@
+    - ??_7IMemoryAllocator@@6B@
+    - ??_FCContextList@@QAEXXZ
+    - ??_FCFile@@QAEXXZ
+    - ??_FCFileExtension@@QAEXXZ
+    - ??_FCModuleConfigList@@QAEXXZ
+    - ??_FCStrList@@QAEXXZ
+    - ??_FCSystemThread@@QAEXXZ
+    - ??_FCWorkerThread@@QAEXXZ
+    - ??_FCWorkerThreadJob@@QAEXXZ
+    - ??_FCWorkerThreadJobQueue@@QAEXXZ
+    - ??_U@YAPAXIPAVIMemoryAllocator@@PBDK@Z
+    - ??_V@YAXPAX@Z
+    - ?Acquire@CLockEvent@@QAEXXZ
+    - ?Add@CContextList@@QAEEPAVCContext@@@Z
+    - ?Add@CFileExtension@@QAEEPBGK@Z
+    - ?Add@CModuleConfigList@@QAEEPAVCModuleConfig@@@Z
+    - ?Add@CStrList@@QAEEPBG@Z
+    - ?AddNode@CLockList@@UAEEQAXE@Z
+    - ?AddNode@CNoLockList@@UAEEQAXE@Z
+    - ?Alloc@CMemoryAllocator@@UAEPAXKPBDK@Z
+    - ?Alloc@CMemoryPoolAllocator@@UAEPAXKPBDK@Z
+    - ?AllocBlock@CMemoryPoolAllocator@@IAEPAXK@Z
+    - ?AttachJobQueue@CWorkerThread@@QAEXPAVCWorkerThreadJobQueue@@@Z
+    - ?Cancel@CWorkerThreadJob@@QAEXXZ
+    - ?CheckNode@CLockList@@UAEHQAX@Z
+    - ?CheckNode@CNoLockList@@UAEHQAX@Z
+    - ?CleanQueue@CWorkerThreadJobQueue@@QAEXXZ
+    - ?Cleanup@CBlobConfig@@AAEXXZ
+    - ?Cleanup@CModuleFileExtConfig@@IAEXXZ
+    - ?Cleanup@CModuleMultiStringConfig@@IAEXXZ
+    - ?Cleanup@CModuleStringConfig@@AAEXXZ
+    - ?Close@CFile@@QAEJXZ
+    - ?Count@CLockList@@QAEKXZ
+    - ?Count@CNoLockList@@QAEKXZ
+    - ?Create@CFile@@QAEJPBGKKKK@Z
+    - ?Create@CSystemThread@@QAEEXZ
+    - ?CreateInstance@CMemoryAllocator@@SGPAV1@W4_POOL_TYPE@@K@Z
+    - ?CreateInstance@CMemoryPoolAllocator@@SGPAV1@W4_POOL_TYPE@@KKK@Z
+    - ?CreatePool@CWorkerThreadPool@@QAEEXZ
+    - ?CreatePool@CWorkerThreadPoolEx@@QAEEXZ
+    - ?CreateThreads@CWorkerThreadPool@@QAEEK@Z
+    - ?CreateThreads@CWorkerThreadPoolEx@@QAEEK@Z
+    - ?CreateWIRP@CFile@@QAEJPBGKKKK@Z
+    - ?Delete@CFile@@QAEJXZ
+    - ?Delete@CFileExtension@@QAEEPBGK@Z
+    - ?Delete@CStrList@@QAEEPBG@Z
+    - ?DeleteAll@CList@@UAEXXZ
+    - ?DeleteAll@CLockList@@UAEXXZ
+    - ?DeleteAll@CNoLockList@@UAEXXZ
+    - ?DeleteNode@CContextList@@MAEXPAX@Z
+    - ?DeleteNode@CList@@UAEXPAX@Z
+    - ?DeleteNode@CModuleConfigList@@MAEXPAX@Z
+    - ?DeleteNode@CStrList@@EAEXPAU_STR_LIST_NODE@1@@Z
+    - ?DisableWriteProtectFromCR0@@YGXPAPAX@Z
+    - ?DoIt@CWorkerThreadJob@@QAEJXZ
+    - ?EntryPoint@CSystemThread@@KGXPAX@Z
+    - ?Find@CContextList@@QAEPAVCContext@@K@Z
+    - ?Find@CContextList@@QAEPAVCContext@@PAX@Z
+    - ?Find@CFileExtension@@QAEPAU_STR_LIST_NODE@CStrList@@PBGK@Z
+    - ?Find@CModuleConfigList@@QAEPAVCModuleConfig@@K@Z
+    - ?Find@CStrList@@QAEPAU_STR_LIST_NODE@1@PBG@Z
+    - ?FindNode@CContextList@@IAEPAXPAX@Z
+    - ?FindPartiallyAndAllMatch@CStrList@@QAEPAU_STR_LIST_NODE@1@PBG@Z
+    - ?FinishFunction@CUserFuncAdapterJob@@MAEXXZ
+    - ?FinishIt@CWorkerThreadJob@@QAEJXZ
+    - ?First@CList@@UAEPAXXZ
+    - ?First@CLockList@@UAEPAXXZ
+    - ?First@CNoLockList@@UAEPAXXZ
+    - ?Free@CMemoryAllocator@@UAEXPAX@Z
+    - ?Free@CMemoryPoolAllocator@@UAEXPAX@Z
+    - ?GetAttributes@CFile@@QAEKXZ
+    - ?GetBasicInfomration@CFile@@IAEJXZ
+    - ?GetBlobCofig@CContext@@UAEJKPAXPAK@Z
+    - ?GetCategory@CContext@@QAEKXZ
+    - ?GetData@CBlobConfig@@QAEHPAXPAK@Z
+    - ?GetData@CModuleFileExtConfig@@QAEHPAGPAK@Z
+    - ?GetData@CModuleFileExtConfig@@QAEPAVCFileExtension@@XZ
+    - ?GetData@CModuleFlagConfig@@QAEKXZ
+    - ?GetData@CModuleMultiStringConfig@@QAEHPAGPAK@Z
+    - ?GetData@CModuleMultiStringConfig@@QAEPAVCStrList@@XZ
+    - ?GetData@CModuleStringConfig@@QAEPAGXZ
+    - ?GetData@CStrList@@QAEEPAGPAK@Z
+    - ?GetDataType@CModuleConfig@@QAEKXZ
+    - ?GetEngineContext@CContext@@QAEPAXXZ
+    - ?GetFileExtensionConfig@CContext@@QAEPAVCFileExtension@@K@Z
+    - ?GetFileExtensionConfig@CContext@@UAEJKPAGPAK@Z
+    - ?GetFileSize@CFile@@QAEJPAT_LARGE_INTEGER@@@Z
+    - ?GetFileSizeWIRP@CFile@@QAEJPAT_LARGE_INTEGER@@@Z
+    - ?GetFlagConfig@CContext@@UAEJKPAK@Z
+    - ?GetID@CModuleConfig@@QAEKXZ
+    - ?GetJob@CWorkerThreadJobQueue@@QAEPAVCWorkerThreadJob@@XZ
+    - ?GetLength@CModuleStringConfig@@QAEKXZ
+    - ?GetLinkContext@CContext@@QAEPAXXZ
+    - ?GetLogFlag@CDebugLog@@QAEKXZ
+    - ?GetLogFlag@CDebugLogEx@@QAEKXZ
+    - ?GetModuleId@CModuleConfig@@QAEKXZ
+    - ?GetMultiStringConfig@CContext@@QAEPAVCStrList@@K@Z
+    - ?GetMultiStringConfig@CContext@@UAEJKPAGPAK@Z
+    - ?GetOneThreadTEB@CWorkerThreadPool@@QAEPAU_ETHREAD@@XZ
+    - ?GetOneThreadTEB@CWorkerThreadPool@@QAEPAU_KTHREAD@@XZ
+    - ?GetOneThreadTEB@CWorkerThreadPoolEx@@QAEPAU_ETHREAD@@XZ
+    - ?GetOneThreadTEB@CWorkerThreadPoolEx@@QAEPAU_KTHREAD@@XZ
+    - ?GetReportCallBackRoutine@CContext@@QAEKXZ
+    - ?GetSize@CBlobConfig@@QAEKXZ
+    - ?GetStringConfig@CContext@@QAEPAGK@Z
+    - ?GetStringConfig@CContext@@UAEJKPAGPAK@Z
+    - ?GetThreadCount@CWorkerThreadPool@@QAEKXZ
+    - ?GetThreadCount@CWorkerThreadPoolEx@@QAEKXZ
+    - ?GetThreadID@CSystemThread@@QAEKXZ
+    - ?GetType@CContext@@QAEKXZ
+    - ?GetUserParameter@CContext@@QAEKXZ
+    - ?InitProcMon@CDebugLogEx@@IAEXXZ
+    - ?InitializeBlobConfig@CContext@@QAEHKPAXK@Z
+    - ?InitializeFileExtensionConfig@CContext@@QAEHKPBG@Z
+    - ?InitializeFlagConfig@CContext@@QAEHKK@Z
+    - ?InitializeMultiStringConfig@CContext@@QAEHKPBG@Z
+    - ?InitializeStringConfig@CContext@@QAEHKPBG@Z
+    - ?Insert@CList@@UAEXQAXE@Z
+    - ?Insert@CLockList@@UAEXQAXE@Z
+    - ?Insert@CNoLockList@@UAEXQAXE@Z
+    - ?InsertAfter@CList@@UAEXPAX0@Z
+    - ?InsertBefore@CList@@UAEXPAX0@Z
+    - ?Instance@CWorkerThreadPool@@SGPAV1@XZ
+    - ?IsEmpty@CList@@UAEEXZ
+    - ?IsEmpty@CLockList@@UAEEXZ
+    - ?IsEmpty@CNoLockList@@UAEEXZ
+    - ?IsExceedLimitation@CMemoryPoolAllocator@@IAEEK@Z
+    - ?IsFull@CLockList@@QBEEXZ
+    - ?IsFull@CNoLockList@@QBEEXZ
+    - ?IsInExclusionList@CExclusionExtConfig@@QAEEPBG@Z
+    - ?IsInExclusionList@CExclusionFileNameConfig@@QAEEPBG@Z
+    - ?IsInExclusionList@CExclusionFilePathConfig@@QAEEPBG@Z
+    - ?IsInExclusionList@CExclusionFolderConfig@@QAEEPBG@Z
+    - ?IsInExclusionList@CExclusionRegistryConfig@@QAEEPBG@Z
+    - ?IsInInclusionList@CInclusionExtConfig@@QAEEPBG@Z
+    - ?IsInInclusionList@CInclusionFileNameConfig@@QAEEPBG@Z
+    - ?IsInInclusionList@CInclusionFilePathConfig@@QAEEPBG@Z
+    - ?IsInInclusionList@CInclusionFolderConfig@@QAEEPBG@Z
+    - ?IsOpened@CFile@@QAEEXZ
+    - ?IsTerminated@CWorkerThreadPool@@QAEEXZ
+    - ?IsTerminated@CWorkerThreadPoolEx@@QAEEXZ
+    - ?IsValid@CMemoryAllocator@@UAEEXZ
+    - ?IsValid@CMemoryPoolAllocator@@UAEEXZ
+    - ?IsValid@IMemoryAllocator@@UAEEXZ
+    - ?IsWorkerThread@CWorkerThreadPool@@QAEEK@Z
+    - ?IsWorkerThread@CWorkerThreadPoolEx@@QAEEK@Z
+    - ?JobFunction@CUserFuncAdapterJob@@MAEXXZ
+    - ?JobQueue@CWorkerThreadPool@@QAEAAVCWorkerThreadJobQueue@@XZ
+    - ?JobQueue@CWorkerThreadPoolEx@@QAEAAVCWorkerThreadJobQueue@@XZ
+    - ?Limit@CLockList@@QAEKXZ
+    - ?Limit@CNoLockList@@QAEKXZ
+    - ?MatchAllExtensions@CFileExtension@@QAEEXZ
+    - ?MatchNoExtensions@CFileExtension@@QAEEXZ
+    - ?MergeLeft@CMemoryPoolAllocator@@IAEPAXPAX@Z
+    - ?MergeRight@CMemoryPoolAllocator@@IAEPAXPAX@Z
+    - ?NeedDelete@CWorkerThreadJob@@QAEEXZ
+    - ?NeedDeleteWhenFinish@CWorkerThreadJob@@QAEXE@Z
+    - ?NewNode@CList@@UAEPAXXZ
+    - ?NewNode@CStrList@@EAEPAXXZ
+    - ?NewNodeVariant@CList@@IAEPAXK@Z
+    - ?Next@CList@@UBEPAXQAX@Z
+    - ?Next@CLockList@@UBEPAXQAX@Z
+    - ?Next@CNoLockList@@UBEPAXQAX@Z
+    - ?NextPool@CMemoryPoolAllocator@@QAEPAV1@XZ
+    - ?NotityTerminate@CWorkerThread@@QAEXXZ
+    - ?PostJobToWorkerThread@CWorkerThreadPool@@QAEJP6GXPAX@Z0E@Z
+    - ?PostJobToWorkerThread@CWorkerThreadPoolEx@@QAEJP6GXPAX@Z0E1@Z
+    - ?Pulse@CKEvent@@QAEJJE@Z
+    - ?QueueJob@CWorkerThreadJobQueue@@QAEEPAVCWorkerThreadJob@@@Z
+    - ?QueueJobItem@CWorkerThreadPool@@QAEJPAVCWorkerThreadJob@@@Z
+    - ?QueueJobItem@CWorkerThreadPoolEx@@QAEJPAVCWorkerThreadJob@@@Z
+    - ?RCMInstance@CWorkerThreadPool@@SGPAV1@XZ
+    - ?Read@CFile@@QAEJPADKPAK@Z
+    - ?ReadWIRP@CFile@@QAEJPADKPAK@Z
+    - ?ReferenceCount@CContext@@QAEAAKXZ
+    - ?Release@CLockEvent@@QAEXXZ
+    - ?Remove@CContextList@@UAEEQAX@Z
+    - ?Remove@CList@@UAEEQAX@Z
+    - ?Remove@CLockList@@UAEEQAX@Z
+    - ?Remove@CNoLockList@@UAEEQAX@Z
+    - ?RemoveHead@CList@@UAEPAXXZ
+    - ?RemoveHead@CLockList@@UAEPAXXZ
+    - ?RemoveHead@CNoLockList@@UAEPAXXZ
+    - ?RemoveTail@CList@@UAEPAXXZ
+    - ?RemoveTail@CLockList@@UAEPAXXZ
+    - ?RemoveTail@CNoLockList@@UAEPAXXZ
+    - ?Reset@CKEvent@@QAEXXZ
+    - ?ResetData@CInclusionExtConfig@@QAEXXZ
+    - ?ResetData@CInclusionFileNameConfig@@QAEXXZ
+    - ?ResetData@CInclusionFilePathConfig@@QAEXXZ
+    - ?ResetData@CInclusionFolderConfig@@QAEXXZ
+    - ?RestoreCR0@@YGXPAX@Z
+    - ?Run@CAutoUpdateConfigThread@@UAEXXZ
+    - ?Run@CDelayLoadThread@@UAEXXZ
+    - ?Run@CWorkerThread@@UAEXXZ
+    - ?SeekToEnd@CFile@@QAEJXZ
+    - ?Set@CKEvent@@QAEJJE@Z
+    - ?SetAttributes@CFile@@QAEJK@Z
+    - ?SetBlobCofig@CContext@@UAEJKPAXK@Z
+    - ?SetData@CBlobConfig@@QAEHPAXK@Z
+    - ?SetData@CModuleFileExtConfig@@QAEHPBG@Z
+    - ?SetData@CModuleFlagConfig@@QAEHK@Z
+    - ?SetData@CModuleMultiStringConfig@@QAEHPBGK@Z
+    - ?SetData@CModuleStringConfig@@QAEHPBG@Z
+    - ?SetEngineContext@CContext@@QAEXPAX@Z
+    - ?SetFileExtensionConfig@CContext@@UAEJKPBG@Z
+    - ?SetFlagConfig@CContext@@UAEJKK@Z
+    - ?SetLinkContext@CContext@@QAEXPAX@Z
+    - ?SetLogFlag@CDebugLog@@QAEEK@Z
+    - ?SetLogFlag@CDebugLogEx@@QAEEK@Z
+    - ?SetMatchAllExtensions@CFileExtension@@QAEXE@Z
+    - ?SetMatchNoExtensions@CFileExtension@@QAEXE@Z
+    - ?SetMultiStringConfig@CContext@@UAEJKPBG@Z
+    - ?SetNewJobItemEvent@CWorkerThreadJobQueue@@QAEXXZ
+    - ?SetPriority@CSystemThread@@QAEXK@Z
+    - ?SetStopUse@CContext@@QAEXXZ
+    - ?SetStringConfig@CContext@@UAEJKPBG@Z
+    - ?Setup@CSystemThread@@MAEXXZ
+    - ?StopUse@CContext@@QAEHXZ
+    - ?TearDown@CSystemThread@@MAEXXZ
+    - ?Terminate@CSystemThread@@QAEXE@Z
+    - ?Terminate@CWorkerThreadPool@@QAEEXZ
+    - ?Terminate@CWorkerThreadPoolEx@@QAEEXZ
+    - ?TmExceptionFilter@@YGJPAU_EXCEPTION_POINTERS@@@Z
+    - ?Wait@CKEvent@@QAEJPAT_LARGE_INTEGER@@E@Z
+    - ?WaitFinish@CWorkerThreadJob@@QAEXXZ
+    - ?WaitForInit@CDelayLoadThread@@QAEEXZ
+    - ?WaitForLoad@CDelayLoadThread@@QAEEXZ
+    - ?WaitNewJobAvailable@CWorkerThreadJobQueue@@QAEEXZ
+    - ?WaitQueueEmpty@CWorkerThreadJobQueue@@QAEXXZ
+    - ?Write@CDebugLog@@QAAXPBDZZ
+    - ?Write@CDebugLogEx@@QAAXPBDZZ
+    - ?Write@CFile@@QAEJPADKPAT_LARGE_INTEGER@@PAK@Z
+    - ?WriteDataToFile@CDebugLogEx@@IAEXPADK@Z
+    - ?WriteDataToProcMonW@CDebugLogEx@@IAEXPAD@Z
+    - ?WriteSystemInformation@CDebugLog@@QAEXXZ
+    - ?WriteSystemInformation@CDebugLogEx@@QAEXXZ
+    - ?WriteSystemStringInformation@CDebugLog@@IAEXPBG@Z
+    - ?WriteSystemStringInformation@CDebugLogEx@@IAEXPBG@Z
+    - ?WriteToFile@CDebugLog@@IAEXPADK@Z
+    - ?WriteToProcMonW@CDebugLogEx@@IAEXPAU_UNICODE_STRING@@@Z
+    - ?_pNonPagedAllocator@@3PAVCMemoryAllocator@@A
+    - ?_pPagedAllocator@@3PAVCMemoryAllocator@@A
+    - ?m_lpInstance@CWorkerThreadPool@@1PAV1@A
+    - ?m_lpRCMInstance@CWorkerThreadPool@@1PAV1@A
+    - _DeInitKm2UmCommunication@0
+    - _DeInitKmLPC@0
+    - _DuplicateFullFileName@4
+    - _FreeFullFileName@4
+    - _GetFileVersionOfNtoskrnl@16
+    - _GetKm2UmMode@0
+    - _GetModuleInfoByAddress@8
+    - _GetModuleInfoByModuleName@8
+    - _InitKm2UmCommunication@8
+    - _InitKmLPC@0
+    - _IsWindows8_1_update@4
+    - _KmCallUm@8
+    - _KmCallUmByLPC@8
+    - _KmCallUmEx@12
+    - _KmCleanupCommPortAPIs@0
+    - _KmGetUmInitProcess@0
+    - _KmSetCommPortAPIs@4
+    - _ModGetExportProcAddress@8
+    - _ModLoadDLLToBuffer@4
+    - _ModLoadDLLToBufferWithImageSize@8
+    - _ModLoadModule@8
+    - _ModUnLoadModule@4
+    - _NormalizeFileName1@8
+    - _NormalizeFileName@4
+    - _NormalizeFullNtPathToDosName1@8
+    - _NormalizeFullNtPathToDosName@4
+    - _TmCommConfigRoutine@4
+    - _UtilAddDeviceInDriveTable@4
+    - _UtilAddReparsePointMapping@8
+    - _UtilCleanFileReadOnly@4
+    - _UtilCloseExclusiveHandle@12
+    - _UtilCreateDosFileName@8
+    - _UtilDeleteFileForce@4
+    - _UtilGetDeviceObjectName@8
+    - _UtilGetFileNameFromFileObject@4
+    - _UtilGetFileObjectForProcessByEPROC@8
+    - _UtilGetFileObjectFromFileName@12
+    - _UtilGetProcessName@12
+    - _UtilGetSystemDirectory@4
+    - _UtilGetSystemDirectoryEx@0
+    - _UtilGetSystemDirectoryLength@0
+    - _UtilGetSystemTime@4
+    - _UtilIoSetFileInfo@24
+    - _UtilIopCreateFileIRP@40
+    - _UtilKeGetLowFileDevice@16
+    - _UtilModuleIATHook@24
+    - _UtilModuleIATUnHook@8
+    - _UtilPostJobToWorkerThread@12
+    - _UtilQueryExclusiveHandle@12
+    - _UtilQueryKeyValue@24
+    - _UtilRemoveDeviceFromDriveTable@4
+    - _UtilVolumeDeviceToDosName@8
+    - _UtilWaitValueChangeToZero@8
+    - _UtilWriteVersionToRegistry@8
+    - _UtilbuildDynamicDiskMappingTable@0
+    - _UtlWriteBinValueKeyToRegistry@16
+    - _ValidateAddressWithSize@20
+    - __ResetProtectFromClose@4
+    - __UtilDosPathNameToNtPathName@12
+    ImportedFunctions:
+    - KePulseEvent
+    - KeClearEvent
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - ObfDereferenceObject
+    - ZwSetEvent
+    - ZwClose
+    - ZwConnectPort
+    - RtlInitUnicodeString
+    - RtlUnicodeStringToInteger
+    - ZwCreateSection
+    - ZwWaitForSingleObject
+    - ZwOpenEvent
+    - IoGetCurrentProcess
+    - ObfReferenceObject
+    - DbgBreakPoint
+    - ZwRequestWaitReplyPort
+    - ExFreePoolWithTag
+    - ProbeForWrite
+    - ZwFreeVirtualMemory
+    - ZwAllocateVirtualMemory
+    - ObOpenObjectByPointer
+    - PsProcessType
+    - memmove
+    - PsGetProcessExitTime
+    - MmSectionObjectType
+    - PsThreadType
+    - ObReleaseObjectSecurity
+    - SeReleaseSubjectContext
+    - SeAccessCheck
+    - SeCaptureSubjectContext
+    - ObGetObjectSecurity
+    - DbgPrint
+    - memset
+    - MmIsAddressValid
+    - ExInitializeResourceLite
+    - ExDeleteResourceLite
+    - ZwWriteFile
+    - ZwReadFile
+    - ZwQueryInformationFile
+    - ZwSetInformationFile
+    - ZwCreateFile
+    - swprintf
+    - towupper
+    - _wcsnicmp
+    - ExAllocatePoolWithTag
+    - KeInitializeEvent
+    - _snprintf
+    - PsGetCurrentProcessId
+    - RtlTimeToTimeFields
+    - ExSystemTimeToLocalTime
+    - KeQuerySystemTime
+    - PsGetCurrentThreadId
+    - RtlInitAnsiString
+    - ZwDeviceIoControlFile
+    - ZwCreateKey
+    - ZwCreateEvent
+    - KeWaitForMultipleObjects
+    - ObReferenceObjectByHandle
+    - ZwNotifyChangeKey
+    - _vsnprintf
+    - RtlFreeUnicodeString
+    - RtlAnsiStringToUnicodeString
+    - RtlEqualUnicodeString
+    - RtlAppendUnicodeStringToString
+    - RtlCopyUnicodeString
+    - RtlUpcaseUnicodeChar
+    - RtlPrefixUnicodeString
+    - ExGetPreviousMode
+    - KeWaitForSingleObject
+    - KeSetPriorityThread
+    - PsTerminateSystemThread
+    - PsCreateSystemThread
+    - KeDelayExecutionThread
+    - KeNumberProcessors
+    - ZwQueryInformationProcess
+    - PsLookupProcessByProcessId
+    - ZwOpenDirectoryObject
+    - PsSetCreateProcessNotifyRoutine
+    - ZwQuerySystemInformation
+    - ZwQueryDirectoryFile
+    - ZwQueryDirectoryObject
+    - ZwOpenKey
+    - ZwEnumerateKey
+    - ZwEnumerateValueKey
+    - ZwQueryValueKey
+    - ZwDeleteValueKey
+    - ZwDeleteKey
+    - ZwTerminateProcess
+    - ZwOpenProcess
+    - ZwQueryKey
+    - ZwSetValueKey
+    - IoFileObjectType
+    - KeSetEvent
+    - ZwQuerySecurityObject
+    - ZwSetSecurityObject
+    - RtlLengthSecurityDescriptor
+    - MmHighestUserAddress
+    - IoFreeIrp
+    - _purecall
+    - MmUnlockPages
+    - IoBuildAsynchronousFsdRequest
+    - _strnicmp
+    - RtlQueryRegistryValues
+    - RtlAppendUnicodeToString
+    - mbstowcs
+    - ZwQuerySymbolicLinkObject
+    - ZwOpenSymbolicLinkObject
+    - NtClose
+    - ObQueryNameString
+    - MmGetSystemRoutineAddress
+    - ZwSetInformationObject
+    - _stricmp
+    - ZwUnmapViewOfSection
+    - ZwMapViewOfSection
+    - ZwOpenFile
+    - IoCreateFile
+    - IofCallDriver
+    - IoAllocateIrp
+    - MmBuildMdlForNonPagedPool
+    - IoAllocateMdl
+    - ProbeForRead
+    - PsGetVersion
+    - RtlImageNtHeader
+    - RtlCompareMemory
+    - RtlUpcaseUnicodeString
+    - _snwprintf
+    - MmSystemRangeStart
+    - wcsncmp
+    - strrchr
+    - ZwQueryVolumeInformationFile
+    - ObReferenceObjectByPointer
+    - IoBuildDeviceIoControlRequest
+    - ZwOpenSection
+    - _allmul
+    - KeReleaseSemaphore
+    - RtlLengthRequiredSid
+    - RtlInitializeSid
+    - RtlSubAuthoritySid
+    - RtlSetDaclSecurityDescriptor
+    - RtlCreateSecurityDescriptor
+    - RtlAddAccessAllowedAce
+    - RtlCreateAcl
+    - KeInitializeSemaphore
+    - IoGetDeviceObjectPointer
+    - IofCompleteRequest
+    - ExEventObjectType
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - IoCreateSymbolicLink
+    - RtlUpperChar
+    - ObReferenceObjectByName
+    - IoDriverObjectType
+    - RtlCompareUnicodeString
+    - strncpy
+    - KeServiceDescriptorTable
+    - NtOpenProcess
+    - ObOpenObjectByName
+    - NtQueryInformationProcess
+    - PsIsThreadTerminating
+    - KeAddSystemServiceTable
+    - ZwFsControlFile
+    - ObInsertObject
+    - IoReleaseVpbSpinLock
+    - IoAcquireVpbSpinLock
+    - SeCreateAccessState
+    - IoGetFileObjectGenericMapping
+    - ObCreateObject
+    - _allshr
+    - ExInterlockedPopEntrySList
+    - IoGetStackLimits
+    - IoBuildSynchronousFsdRequest
+    - wcsstr
+    - IoUnregisterPlugPlayNotification
+    - FsRtlIsNameInExpression
+    - IoGetConfigurationInformation
+    - MmProbeAndLockPages
+    - IoGetDeviceInterfaces
+    - IoRegisterPlugPlayNotification
+    - ExAllocatePool
+    - wcschr
+    - KeTickCount
+    - KeBugCheckEx
+    - RtlUnwind
+    - wcsrchr
+    - memcpy
+    - wcsncpy
+    - ExReleaseResourceLite
+    - ExAcquireResourceExclusiveLite
+    - ExAcquireResourceSharedLite
+    - ExReleaseFastMutexUnsafe
+    - KeLeaveCriticalRegion
+    - KeEnterCriticalRegion
+    - _allrem
+    - ExAcquireFastMutexUnsafe
+    - IoDeviceObjectType
+    - IoCreateDevice
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetSaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - SeExports
+    - IoIsWdmVersionAvailable
+    - RtlLengthSid
+    - RtlAbsoluteToSelfRelativeSD
+    - IoFreeMdl
+    - KeGetCurrentThread
+    - KfAcquireSpinLock
+    - KfReleaseSpinLock
+    - KeRaiseIrqlToDpcLevel
+    - KfLowerIrql
+    - KeAcquireQueuedSpinLock
+    - KeReleaseQueuedSpinLock
+    - ExAcquireFastMutex
+    - ExReleaseFastMutex
+    - KeGetCurrentIrql
+    - KfRaiseIrql
+    - ClassInitialize
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: ??=TW, ??=Private Organization, serialNumber=23310837, C=TW,
+                ST=Taipei City, L=Daan District, O=Trend Micro, Inc., CN=Trend Micro,
+                Inc.
+            ValidFrom: '2020-08-07 00:00:00'
+            ValidTo: '2021-04-15 12:00:00'
+            Signature: 578aa329d98f23e576b6937a3146ca65f1ec8da04b5ec5f4c499436cfe710be5660f7c864950d9276a6dfdd2341048e6fe4f51044e7fce164f3b9203035bc3d311991685fbce0d90a4c7b2b511d0d3ba37b3558eae76db3ab30f4a2ef102faad1820e26b5fcbc216b368980655de80fe7177f9f1a80c75e4a0a21451a59c86986e5348318da4d295e8d02520fa674ce89756903b25521b5ad358f8328c5591a9702494cc24e340418dbcf08ef06214a8e90c4836dc6f8465fd59385bd56407d83bfc8a633e8125c523ff23dd8c669169848668d5aefe059ee5091e1776ec4686efd0d6ccee0e0bea5922ee41fb36e63d5704633f85115f9584926bdb708a9edb
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0f6146af9397c7fa04b13c2d0279a1ba
+            Version: 3
+            TBS:
+                MD5: df4ab4b67a0e9b1f9ec4a1ad9ea6052a
+                SHA1: dc1d0c4be3072afed8b0739a21b87b14292815e0
+                SHA256: 9c8450b3fa641a421a545e7e4fa7e1bcb657db4796bef147312c44b7a1b5ffe0
+                SHA384: 696022742c9e2b0213ef1a2c2a42e430a4a0823e7a2e8a5561fa6398964bf70ce95a4847da78efc56e17f75a9ddbd105
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA
+            ValidFrom: '2012-04-18 12:00:00'
+            ValidTo: '2027-04-18 12:00:00'
+            Signature: 9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0dd0e3374ac95bdbfa6b434b2a48ec06
+            Version: 3
+            TBS:
+                MD5: f92649915476229b093c211c2b18e6c4
+                SHA1: 2d54c16a8f8b69ccdea48d0603c132f547a5cf75
+                SHA256: 2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
+                SHA384: 511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 0f6146af9397c7fa04b13c2d0279a1ba
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 8ae6b3a63d3444e617eba17c3a93979e
+        SHA1: 3cc95db9109125c87a3cb737bbe371034d9c3ade
+        SHA256: 118d8d8e4d2d1ce80640e7b28300dd41389daf9bdbdc6ad2e9fefcde4aab7ad2
+    Sections:
+        .text:
+            Entropy: 6.673511290910388
+            Virtual Size: '0x35248'
+        .rdata:
+            Entropy: 4.891769477584015
+            Virtual Size: '0x240c'
+        .data:
+            Entropy: 3.895955816940672
+            Virtual Size: '0x3610'
+        PAGE:
+            Entropy: 6.270493563310339
+            Virtual Size: '0x13dd'
+        .edata:
+            Entropy: 5.846384752625249
+            Virtual Size: '0x5624'
+        INIT:
+            Entropy: 5.53026630517678
+            Virtual Size: '0x1668'
+        .rsrc:
+            Entropy: 3.3704580316008417
+            Virtual Size: '0x568'
+        .reloc:
+            Entropy: 6.518002036355309
+            Virtual Size: '0x36c8'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2020-08-25 02:07:39'
+    Imphash: 31907ffcac211e27136b14bb2f442070
+    LoadsDespiteHVCI: 'TRUE'
+-   Filename: TmComm.sys
+    MD5: 4c6d311e0b13c4f469f717db4ab4d0e7
+    SHA1: 6da2dd8a0b4c0e09a04613bbabfc07c0b848ec77
+    SHA256: 80a59ca71fc20961ccafc0686051e86ae4afbbd4578cb26ad4570b9207651085
+    Authentihash:
+        MD5: 8dfae750a79d89ab846e49f1f587a361
+        SHA1: 1d11a90b1d32a812a7dd36a886254d446cdd823a
+        SHA256: af45d91fefd4dfffda0ce70957a542b68775368432e52d20dfdf0fc159495c7f
+    Description: TrendMicro Common Module
+    Company: Trend Micro Inc.
+    InternalName: TmComm.sys
+    OriginalFilename: TmComm.sys
+    FileVersion: 5.50.0.1091
+    Product: Trend Micro Eyes
+    ProductVersion: '5.50'
+    Copyright: Copyright (C) 2013 Trend Micro Incorporated. All rights reserved.
+    MachineType: I386
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    - CLASSPNP.SYS
+    ExportedFunctions:
+    - ??0CAutoUpdateConfigThread@@QAE@ABV0@@Z
+    - ??0CAutoUpdateConfigThread@@QAE@PAU_UNICODE_STRING@@P6GX0PAX@Z1@Z
+    - ??0CBlobConfig@@QAE@ABV0@@Z
+    - ??0CBlobConfig@@QAE@K@Z
+    - ??0CContext@@QAE@ABV0@@Z
+    - ??0CContext@@QAE@KP6GJPAU_EVENT_REPORT@@PAXPAU_TMCE_REPORT@@PAU_TMCE_FEEDBACK@@@Z1K@Z
+    - ??0CContextList@@QAE@ABV0@@Z
+    - ??0CContextList@@QAE@KPAVIMemoryAllocator@@@Z
+    - ??0CDebugLog@@QAE@ABV0@@Z
+    - ??0CDebugLog@@QAE@PBG@Z
+    - ??0CDelayLoadThread@@QAE@ABV0@@Z
+    - ??0CDelayLoadThread@@QAE@XZ
+    - ??0CExclusionExtConfig@@QAE@ABV0@@Z
+    - ??0CExclusionExtConfig@@QAE@KKE@Z
+    - ??0CExclusionFileNameConfig@@QAE@ABV0@@Z
+    - ??0CExclusionFileNameConfig@@QAE@KK@Z
+    - ??0CExclusionFilePathConfig@@QAE@ABV0@@Z
+    - ??0CExclusionFilePathConfig@@QAE@KK@Z
+    - ??0CExclusionFolderConfig@@QAE@ABV0@@Z
+    - ??0CExclusionFolderConfig@@QAE@KK@Z
+    - ??0CExclusionRegistryConfig@@QAE@ABV0@@Z
+    - ??0CExclusionRegistryConfig@@QAE@KK@Z
+    - ??0CFile@@QAE@ABV0@@Z
+    - ??0CFile@@QAE@E@Z
+    - ??0CFileExtension@@QAE@ABV0@@Z
+    - ??0CFileExtension@@QAE@KEEPAVIMemoryAllocator@@@Z
+    - ??0CInclusionExtConfig@@QAE@ABV0@@Z
+    - ??0CInclusionExtConfig@@QAE@KKE@Z
+    - ??0CInclusionFileNameConfig@@QAE@ABV0@@Z
+    - ??0CInclusionFileNameConfig@@QAE@KK@Z
+    - ??0CInclusionFilePathConfig@@QAE@ABV0@@Z
+    - ??0CInclusionFilePathConfig@@QAE@KK@Z
+    - ??0CInclusionFolderConfig@@QAE@ABV0@@Z
+    - ??0CInclusionFolderConfig@@QAE@KK@Z
+    - ??0CKEvent@@QAE@ABV0@@Z
+    - ??0CKEvent@@QAE@W4_EVENT_TYPE@@E@Z
+    - ??0CList@@QAE@ABV0@@Z
+    - ??0CList@@QAE@KPAVIMemoryAllocator@@@Z
+    - ??0CLockEvent@@QAE@ABV0@@Z
+    - ??0CLockEvent@@QAE@XZ
+    - ??0CLockList@@QAE@ABV0@@Z
+    - ??0CLockList@@QAE@KKPAVIMemoryAllocator@@@Z
+    - ??0CMemoryAllocator@@IAE@W4_POOL_TYPE@@K@Z
+    - ??0CMemoryAllocator@@QAE@ABV0@@Z
+    - ??0CMemoryPoolAllocator@@IAE@W4_POOL_TYPE@@KKK@Z
+    - ??0CMemoryPoolAllocator@@QAE@ABV0@@Z
+    - ??0CModuleConfig@@QAE@ABV0@@Z
+    - ??0CModuleConfig@@QAE@XZ
+    - ??0CModuleConfigList@@QAE@ABV0@@Z
+    - ??0CModuleConfigList@@QAE@KPAVIMemoryAllocator@@@Z
+    - ??0CModuleFileExtConfig@@QAE@ABV0@@Z
+    - ??0CModuleFileExtConfig@@QAE@KKE@Z
+    - ??0CModuleFlagConfig@@QAE@ABV0@@Z
+    - ??0CModuleFlagConfig@@QAE@K@Z
+    - ??0CModuleMultiStringConfig@@QAE@ABV0@@Z
+    - ??0CModuleMultiStringConfig@@QAE@KK@Z
+    - ??0CModuleStringConfig@@QAE@ABV0@@Z
+    - ??0CModuleStringConfig@@QAE@K@Z
+    - ??0CNoLockList@@QAE@ABV0@@Z
+    - ??0CNoLockList@@QAE@KKPAVIMemoryAllocator@@@Z
+    - ??0CSmartLock@@QAE@AAVCLockEvent@@@Z
+    - ??0CSmartLock@@QAE@XZ
+    - ??0CSmartReference@@QAE@AAJ@Z
+    - ??0CSmartReference@@QAE@AAK@Z
+    - ??0CSmartResource@@QAE@AAVCResource@@E@Z
+    - ??0CStrList@@QAE@ABV0@@Z
+    - ??0CStrList@@QAE@KPAVIMemoryAllocator@@@Z
+    - ??0CSystemThread@@QAE@ABV0@@Z
+    - ??0CSystemThread@@QAE@K@Z
+    - ??0CUserFuncAdapterJob@@QAE@ABV0@@Z
+    - ??0CUserFuncAdapterJob@@QAE@P6GXPAX@Z0@Z
+    - ??0CWorkerThread@@IAE@PAVCWorkerThreadJobQueue@@@Z
+    - ??0CWorkerThread@@QAE@ABV0@@Z
+    - ??0CWorkerThreadJob@@QAE@ABV0@@Z
+    - ??0CWorkerThreadJob@@QAE@E@Z
+    - ??0CWorkerThreadJobQueue@@QAE@ABV0@@Z
+    - ??0CWorkerThreadJobQueue@@QAE@K@Z
+    - ??0CWorkerThreadPool@@QAE@ABV0@@Z
+    - ??0CWorkerThreadPool@@QAE@K@Z
+    - ??0IMemoryAllocator@@QAE@ABV0@@Z
+    - ??0IMemoryAllocator@@QAE@XZ
+    - ??1CAutoUpdateConfigThread@@UAE@XZ
+    - ??1CBlobConfig@@UAE@XZ
+    - ??1CContext@@UAE@XZ
+    - ??1CContextList@@UAE@XZ
+    - ??1CDebugLog@@UAE@XZ
+    - ??1CDelayLoadThread@@UAE@XZ
+    - ??1CExclusionExtConfig@@UAE@XZ
+    - ??1CExclusionFileNameConfig@@UAE@XZ
+    - ??1CExclusionFilePathConfig@@UAE@XZ
+    - ??1CExclusionFolderConfig@@UAE@XZ
+    - ??1CExclusionRegistryConfig@@UAE@XZ
+    - ??1CFile@@UAE@XZ
+    - ??1CFileExtension@@UAE@XZ
+    - ??1CInclusionExtConfig@@UAE@XZ
+    - ??1CInclusionFileNameConfig@@UAE@XZ
+    - ??1CInclusionFilePathConfig@@UAE@XZ
+    - ??1CInclusionFolderConfig@@UAE@XZ
+    - ??1CKEvent@@UAE@XZ
+    - ??1CList@@UAE@XZ
+    - ??1CLockEvent@@UAE@XZ
+    - ??1CLockList@@UAE@XZ
+    - ??1CMemoryAllocator@@UAE@XZ
+    - ??1CMemoryPoolAllocator@@UAE@XZ
+    - ??1CModuleConfig@@UAE@XZ
+    - ??1CModuleConfigList@@UAE@XZ
+    - ??1CModuleFileExtConfig@@UAE@XZ
+    - ??1CModuleFlagConfig@@UAE@XZ
+    - ??1CModuleMultiStringConfig@@UAE@XZ
+    - ??1CModuleStringConfig@@UAE@XZ
+    - ??1CNoLockList@@UAE@XZ
+    - ??1CSmartLock@@QAE@XZ
+    - ??1CSmartReference@@QAE@XZ
+    - ??1CSmartResource@@QAE@XZ
+    - ??1CStrList@@UAE@XZ
+    - ??1CSystemThread@@UAE@XZ
+    - ??1CUserFuncAdapterJob@@UAE@XZ
+    - ??1CWorkerThread@@UAE@XZ
+    - ??1CWorkerThreadJob@@UAE@XZ
+    - ??1CWorkerThreadJobQueue@@UAE@XZ
+    - ??1CWorkerThreadPool@@UAE@XZ
+    - ??1IMemoryAllocator@@UAE@XZ
+    - ??2@YAPAXIPAVIMemoryAllocator@@PBDK@Z
+    - ??2CMemoryAllocator@@SGPAXI@Z
+    - ??2CMemoryPoolAllocator@@SGPAXI@Z
+    - ??3@YAXPAX@Z
+    - ??3IMemoryAllocator@@SGXPAX@Z
+    - ??4CAutoUpdateConfigThread@@QAEAAV0@ABV0@@Z
+    - ??4CBlobConfig@@QAEAAV0@ABV0@@Z
+    - ??4CContext@@QAEAAV0@ABV0@@Z
+    - ??4CDebugLog@@QAEAAV0@ABV0@@Z
+    - ??4CDelayLoadThread@@QAEAAV0@ABV0@@Z
+    - ??4CFile@@QAEAAV0@ABV0@@Z
+    - ??4CKEvent@@QAEAAV0@ABV0@@Z
+    - ??4CLockEvent@@QAEAAV0@ABV0@@Z
+    - ??4CMemoryAllocator@@QAEAAV0@ABV0@@Z
+    - ??4CMemoryPoolAllocator@@QAEAAV0@ABV0@@Z
+    - ??4CModuleConfig@@QAEAAV0@ABV0@@Z
+    - ??4CModuleFlagConfig@@QAEAAV0@ABV0@@Z
+    - ??4CModuleStringConfig@@QAEAAV0@ABV0@@Z
+    - ??4CSmartLock@@QAEAAV0@ABV0@@Z
+    - ??4CSmartLock@@QAEABV0@AAVCLockEvent@@@Z
+    - ??4CSmartResource@@QAEAAV0@ABV0@@Z
+    - ??4CSystemThread@@QAEAAV0@ABV0@@Z
+    - ??4CUserFuncAdapterJob@@QAEAAV0@ABV0@@Z
+    - ??4CWorkerThread@@QAEAAV0@ABV0@@Z
+    - ??4CWorkerThreadJob@@QAEAAV0@ABV0@@Z
+    - ??4IMemoryAllocator@@QAEAAV0@ABV0@@Z
+    - ??_7CAutoUpdateConfigThread@@6B@
+    - ??_7CBlobConfig@@6B@
+    - ??_7CContext@@6B@
+    - ??_7CContextList@@6B@
+    - ??_7CDebugLog@@6B@
+    - ??_7CDelayLoadThread@@6B@
+    - ??_7CExclusionExtConfig@@6B@
+    - ??_7CExclusionFileNameConfig@@6B@
+    - ??_7CExclusionFilePathConfig@@6B@
+    - ??_7CExclusionFolderConfig@@6B@
+    - ??_7CExclusionRegistryConfig@@6B@
+    - ??_7CFile@@6B@
+    - ??_7CFileExtension@@6B@
+    - ??_7CInclusionExtConfig@@6B@
+    - ??_7CInclusionFileNameConfig@@6B@
+    - ??_7CInclusionFilePathConfig@@6B@
+    - ??_7CInclusionFolderConfig@@6B@
+    - ??_7CKEvent@@6B@
+    - ??_7CList@@6B@
+    - ??_7CLockEvent@@6B@
+    - ??_7CLockList@@6B@
+    - ??_7CMemoryAllocator@@6B@
+    - ??_7CMemoryPoolAllocator@@6B@
+    - ??_7CModuleConfig@@6B@
+    - ??_7CModuleConfigList@@6B@
+    - ??_7CModuleFileExtConfig@@6B@
+    - ??_7CModuleFlagConfig@@6B@
+    - ??_7CModuleMultiStringConfig@@6B@
+    - ??_7CModuleStringConfig@@6B@
+    - ??_7CNoLockList@@6B@
+    - ??_7CStrList@@6B@
+    - ??_7CSystemThread@@6B@
+    - ??_7CUserFuncAdapterJob@@6B@
+    - ??_7CWorkerThread@@6B@
+    - ??_7CWorkerThreadJob@@6B@
+    - ??_7CWorkerThreadJobQueue@@6B@
+    - ??_7CWorkerThreadPool@@6B@
+    - ??_7IMemoryAllocator@@6B@
+    - ??_FCContextList@@QAEXXZ
+    - ??_FCFile@@QAEXXZ
+    - ??_FCFileExtension@@QAEXXZ
+    - ??_FCModuleConfigList@@QAEXXZ
+    - ??_FCStrList@@QAEXXZ
+    - ??_FCSystemThread@@QAEXXZ
+    - ??_FCWorkerThread@@QAEXXZ
+    - ??_FCWorkerThreadJob@@QAEXXZ
+    - ??_FCWorkerThreadJobQueue@@QAEXXZ
+    - ??_U@YAPAXIPAVIMemoryAllocator@@PBDK@Z
+    - ??_V@YAXPAX@Z
+    - ?Acquire@CLockEvent@@QAEXXZ
+    - ?Add@CContextList@@QAEEPAVCContext@@@Z
+    - ?Add@CFileExtension@@QAEEPBGK@Z
+    - ?Add@CModuleConfigList@@QAEEPAVCModuleConfig@@@Z
+    - ?Add@CStrList@@QAEEPBG@Z
+    - ?AddNode@CLockList@@UAEEQAXE@Z
+    - ?AddNode@CNoLockList@@UAEEQAXE@Z
+    - ?Alloc@CMemoryAllocator@@UAEPAXKPBDK@Z
+    - ?Alloc@CMemoryPoolAllocator@@UAEPAXKPBDK@Z
+    - ?AllocBlock@CMemoryPoolAllocator@@IAEPAXK@Z
+    - ?AttachJobQueue@CWorkerThread@@QAEXPAVCWorkerThreadJobQueue@@@Z
+    - ?Cancel@CWorkerThreadJob@@QAEXXZ
+    - ?CheckNode@CLockList@@UAEHQAX@Z
+    - ?CheckNode@CNoLockList@@UAEHQAX@Z
+    - ?CleanQueue@CWorkerThreadJobQueue@@QAEXXZ
+    - ?Cleanup@CBlobConfig@@AAEXXZ
+    - ?Cleanup@CModuleFileExtConfig@@IAEXXZ
+    - ?Cleanup@CModuleMultiStringConfig@@IAEXXZ
+    - ?Cleanup@CModuleStringConfig@@AAEXXZ
+    - ?Close@CFile@@QAEJXZ
+    - ?Count@CLockList@@QAEKXZ
+    - ?Count@CNoLockList@@QAEKXZ
+    - ?Create@CFile@@QAEJPBGKKKK@Z
+    - ?Create@CSystemThread@@QAEEXZ
+    - ?CreateInstance@CMemoryAllocator@@SGPAV1@W4_POOL_TYPE@@K@Z
+    - ?CreateInstance@CMemoryPoolAllocator@@SGPAV1@W4_POOL_TYPE@@KKK@Z
+    - ?CreatePool@CWorkerThreadPool@@QAEEXZ
+    - ?CreateThreads@CWorkerThreadPool@@QAEEK@Z
+    - ?CreateWIRP@CFile@@QAEJPBGKKKK@Z
+    - ?Delete@CFile@@QAEJXZ
+    - ?Delete@CFileExtension@@QAEEPBGK@Z
+    - ?Delete@CStrList@@QAEEPBG@Z
+    - ?DeleteAll@CList@@UAEXXZ
+    - ?DeleteAll@CLockList@@UAEXXZ
+    - ?DeleteAll@CNoLockList@@UAEXXZ
+    - ?DeleteNode@CContextList@@MAEXPAX@Z
+    - ?DeleteNode@CList@@UAEXPAX@Z
+    - ?DeleteNode@CModuleConfigList@@MAEXPAX@Z
+    - ?DeleteNode@CStrList@@EAEXPAU_STR_LIST_NODE@1@@Z
+    - ?DisableWriteProtectFromCR0@@YGXPAPAX@Z
+    - ?DoIt@CWorkerThreadJob@@QAEJXZ
+    - ?EntryPoint@CSystemThread@@KGXPAX@Z
+    - ?Find@CContextList@@QAEPAVCContext@@K@Z
+    - ?Find@CContextList@@QAEPAVCContext@@PAX@Z
+    - ?Find@CFileExtension@@QAEPAU_STR_LIST_NODE@CStrList@@PBGK@Z
+    - ?Find@CModuleConfigList@@QAEPAVCModuleConfig@@K@Z
+    - ?Find@CStrList@@QAEPAU_STR_LIST_NODE@1@PBG@Z
+    - ?FindNode@CContextList@@IAEPAXPAX@Z
+    - ?FindPartiallyAndAllMatch@CStrList@@QAEPAU_STR_LIST_NODE@1@PBG@Z
+    - ?First@CList@@UAEPAXXZ
+    - ?First@CLockList@@UAEPAXXZ
+    - ?First@CNoLockList@@UAEPAXXZ
+    - ?Free@CMemoryAllocator@@UAEXPAX@Z
+    - ?Free@CMemoryPoolAllocator@@UAEXPAX@Z
+    - ?GetAttributes@CFile@@QAEKXZ
+    - ?GetBasicInfomration@CFile@@IAEJXZ
+    - ?GetBlobCofig@CContext@@UAEJKPAXPAK@Z
+    - ?GetCategory@CContext@@QAEKXZ
+    - ?GetData@CBlobConfig@@QAEHPAXPAK@Z
+    - ?GetData@CModuleFileExtConfig@@QAEHPAGPAK@Z
+    - ?GetData@CModuleFileExtConfig@@QAEPAVCFileExtension@@XZ
+    - ?GetData@CModuleFlagConfig@@QAEKXZ
+    - ?GetData@CModuleMultiStringConfig@@QAEHPAGPAK@Z
+    - ?GetData@CModuleMultiStringConfig@@QAEPAVCStrList@@XZ
+    - ?GetData@CModuleStringConfig@@QAEPAGXZ
+    - ?GetData@CStrList@@QAEEPAGPAK@Z
+    - ?GetDataType@CModuleConfig@@QAEKXZ
+    - ?GetEngineContext@CContext@@QAEPAXXZ
+    - ?GetFileExtensionConfig@CContext@@QAEPAVCFileExtension@@K@Z
+    - ?GetFileExtensionConfig@CContext@@UAEJKPAGPAK@Z
+    - ?GetFileSize@CFile@@QAEJPAT_LARGE_INTEGER@@@Z
+    - ?GetFlagConfig@CContext@@UAEJKPAK@Z
+    - ?GetID@CModuleConfig@@QAEKXZ
+    - ?GetJob@CWorkerThreadJobQueue@@QAEPAVCWorkerThreadJob@@XZ
+    - ?GetLength@CModuleStringConfig@@QAEKXZ
+    - ?GetLinkContext@CContext@@QAEPAXXZ
+    - ?GetLogFlag@CDebugLog@@QAEKXZ
+    - ?GetModuleId@CModuleConfig@@QAEKXZ
+    - ?GetMultiStringConfig@CContext@@QAEPAVCStrList@@K@Z
+    - ?GetMultiStringConfig@CContext@@UAEJKPAGPAK@Z
+    - ?GetOneThreadTEB@CWorkerThreadPool@@QAEPAU_ETHREAD@@XZ
+    - ?GetReportCallBackRoutine@CContext@@QAEKXZ
+    - ?GetSize@CBlobConfig@@QAEKXZ
+    - ?GetStringConfig@CContext@@QAEPAGK@Z
+    - ?GetStringConfig@CContext@@UAEJKPAGPAK@Z
+    - ?GetThreadCount@CWorkerThreadPool@@QAEKXZ
+    - ?GetThreadID@CSystemThread@@QAEKXZ
+    - ?GetType@CContext@@QAEKXZ
+    - ?GetUserParameter@CContext@@QAEKXZ
+    - ?InitializeBlobConfig@CContext@@QAEHKPAXK@Z
+    - ?InitializeFileExtensionConfig@CContext@@QAEHKPBG@Z
+    - ?InitializeFlagConfig@CContext@@QAEHKK@Z
+    - ?InitializeMultiStringConfig@CContext@@QAEHKPBG@Z
+    - ?InitializeStringConfig@CContext@@QAEHKPBG@Z
+    - ?Insert@CList@@UAEXQAXE@Z
+    - ?Insert@CLockList@@UAEXQAXE@Z
+    - ?Insert@CNoLockList@@UAEXQAXE@Z
+    - ?InsertAfter@CList@@UAEXPAX0@Z
+    - ?InsertBefore@CList@@UAEXPAX0@Z
+    - ?Instance@CWorkerThreadPool@@SGPAV1@XZ
+    - ?IsEmpty@CList@@UAEEXZ
+    - ?IsEmpty@CLockList@@UAEEXZ
+    - ?IsEmpty@CNoLockList@@UAEEXZ
+    - ?IsExceedLimitation@CMemoryPoolAllocator@@IAEEK@Z
+    - ?IsFull@CLockList@@QBEEXZ
+    - ?IsFull@CNoLockList@@QBEEXZ
+    - ?IsInExclusionList@CExclusionExtConfig@@QAEEPBG@Z
+    - ?IsInExclusionList@CExclusionFileNameConfig@@QAEEPBG@Z
+    - ?IsInExclusionList@CExclusionFilePathConfig@@QAEEPBG@Z
+    - ?IsInExclusionList@CExclusionFolderConfig@@QAEEPBG@Z
+    - ?IsInExclusionList@CExclusionRegistryConfig@@QAEEPBG@Z
+    - ?IsInInclusionList@CInclusionExtConfig@@QAEEPBG@Z
+    - ?IsInInclusionList@CInclusionFileNameConfig@@QAEEPBG@Z
+    - ?IsInInclusionList@CInclusionFilePathConfig@@QAEEPBG@Z
+    - ?IsInInclusionList@CInclusionFolderConfig@@QAEEPBG@Z
+    - ?IsOpened@CFile@@QAEEXZ
+    - ?IsTerminated@CWorkerThreadPool@@QAEEXZ
+    - ?IsValid@CMemoryAllocator@@UAEEXZ
+    - ?IsValid@CMemoryPoolAllocator@@UAEEXZ
+    - ?IsValid@IMemoryAllocator@@UAEEXZ
+    - ?IsWorkerThread@CWorkerThreadPool@@QAEEK@Z
+    - ?JobFunction@CUserFuncAdapterJob@@MAEXXZ
+    - ?JobQueue@CWorkerThreadPool@@QAEAAVCWorkerThreadJobQueue@@XZ
+    - ?Limit@CLockList@@QAEKXZ
+    - ?Limit@CNoLockList@@QAEKXZ
+    - ?MatchAllExtensions@CFileExtension@@QAEEXZ
+    - ?MatchNoExtensions@CFileExtension@@QAEEXZ
+    - ?MergeLeft@CMemoryPoolAllocator@@IAEPAXPAX@Z
+    - ?MergeRight@CMemoryPoolAllocator@@IAEPAXPAX@Z
+    - ?NeedDelete@CWorkerThreadJob@@QAEEXZ
+    - ?NeedDeleteWhenFinish@CWorkerThreadJob@@QAEXE@Z
+    - ?NewNode@CList@@UAEPAXXZ
+    - ?NewNode@CStrList@@EAEPAXXZ
+    - ?NewNodeVariant@CList@@IAEPAXK@Z
+    - ?Next@CList@@UBEPAXQAX@Z
+    - ?Next@CLockList@@UBEPAXQAX@Z
+    - ?Next@CNoLockList@@UBEPAXQAX@Z
+    - ?NextPool@CMemoryPoolAllocator@@QAEPAV1@XZ
+    - ?NotityTerminate@CWorkerThread@@QAEXXZ
+    - ?PostJobToWorkerThread@CWorkerThreadPool@@QAEJP6GXPAX@Z0E@Z
+    - ?Pulse@CKEvent@@QAEJJE@Z
+    - ?QueueJob@CWorkerThreadJobQueue@@QAEEPAVCWorkerThreadJob@@@Z
+    - ?QueueJobItem@CWorkerThreadPool@@QAEJPAVCWorkerThreadJob@@@Z
+    - ?RCMInstance@CWorkerThreadPool@@SGPAV1@XZ
+    - ?Read@CFile@@QAEJPADKPAK@Z
+    - ?ReferenceCount@CContext@@QAEAAKXZ
+    - ?Release@CLockEvent@@QAEXXZ
+    - ?Remove@CContextList@@UAEEQAX@Z
+    - ?Remove@CList@@UAEEQAX@Z
+    - ?Remove@CLockList@@UAEEQAX@Z
+    - ?Remove@CNoLockList@@UAEEQAX@Z
+    - ?RemoveHead@CList@@UAEPAXXZ
+    - ?RemoveHead@CLockList@@UAEPAXXZ
+    - ?RemoveHead@CNoLockList@@UAEPAXXZ
+    - ?RemoveTail@CList@@UAEPAXXZ
+    - ?RemoveTail@CLockList@@UAEPAXXZ
+    - ?RemoveTail@CNoLockList@@UAEPAXXZ
+    - ?Reset@CKEvent@@QAEXXZ
+    - ?ResetData@CInclusionExtConfig@@QAEXXZ
+    - ?ResetData@CInclusionFileNameConfig@@QAEXXZ
+    - ?ResetData@CInclusionFilePathConfig@@QAEXXZ
+    - ?ResetData@CInclusionFolderConfig@@QAEXXZ
+    - ?RestoreCR0@@YGXPAX@Z
+    - ?Run@CAutoUpdateConfigThread@@UAEXXZ
+    - ?Run@CDelayLoadThread@@UAEXXZ
+    - ?Run@CWorkerThread@@UAEXXZ
+    - ?SeekToEnd@CFile@@QAEJXZ
+    - ?Set@CKEvent@@QAEJJE@Z
+    - ?SetAttributes@CFile@@QAEJK@Z
+    - ?SetBlobCofig@CContext@@UAEJKPAXK@Z
+    - ?SetData@CBlobConfig@@QAEHPAXK@Z
+    - ?SetData@CModuleFileExtConfig@@QAEHPBG@Z
+    - ?SetData@CModuleFlagConfig@@QAEHK@Z
+    - ?SetData@CModuleMultiStringConfig@@QAEHPBGK@Z
+    - ?SetData@CModuleStringConfig@@QAEHPBG@Z
+    - ?SetEngineContext@CContext@@QAEXPAX@Z
+    - ?SetFileExtensionConfig@CContext@@UAEJKPBG@Z
+    - ?SetFlagConfig@CContext@@UAEJKK@Z
+    - ?SetLinkContext@CContext@@QAEXPAX@Z
+    - ?SetLogFlag@CDebugLog@@QAEEK@Z
+    - ?SetMatchAllExtensions@CFileExtension@@QAEXE@Z
+    - ?SetMatchNoExtensions@CFileExtension@@QAEXE@Z
+    - ?SetMultiStringConfig@CContext@@UAEJKPBG@Z
+    - ?SetNewJobItemEvent@CWorkerThreadJobQueue@@QAEXXZ
+    - ?SetPriority@CSystemThread@@QAEXK@Z
+    - ?SetStopUse@CContext@@QAEXXZ
+    - ?SetStringConfig@CContext@@UAEJKPBG@Z
+    - ?Setup@CSystemThread@@MAEXXZ
+    - ?StopUse@CContext@@QAEHXZ
+    - ?TearDown@CSystemThread@@MAEXXZ
+    - ?Terminate@CSystemThread@@QAEXE@Z
+    - ?Terminate@CWorkerThreadPool@@QAEEXZ
+    - ?TmExceptionFilter@@YGJPAU_EXCEPTION_POINTERS@@@Z
+    - ?Wait@CKEvent@@QAEJPAT_LARGE_INTEGER@@E@Z
+    - ?WaitFinish@CWorkerThreadJob@@QAEXXZ
+    - ?WaitForInit@CDelayLoadThread@@QAEEXZ
+    - ?WaitForLoad@CDelayLoadThread@@QAEEXZ
+    - ?WaitNewJobAvailable@CWorkerThreadJobQueue@@QAEEXZ
+    - ?Write@CDebugLog@@QAAXPBDZZ
+    - ?Write@CFile@@QAEJPADKPAT_LARGE_INTEGER@@PAK@Z
+    - ?WriteSystemInformation@CDebugLog@@QAEXXZ
+    - ?WriteSystemStringInformation@CDebugLog@@IAEXPBG@Z
+    - ?WriteToFile@CDebugLog@@IAEXPADK@Z
+    - ?_pNonPagedAllocator@@3PAVCMemoryAllocator@@A
+    - ?_pPagedAllocator@@3PAVCMemoryAllocator@@A
+    - ?m_lpInstance@CWorkerThreadPool@@1PAV1@A
+    - ?m_lpRCMInstance@CWorkerThreadPool@@1PAV1@A
+    - _DeInitKmLPC@0
+    - _GetModuleInfoByAddress@8
+    - _GetModuleInfoByModuleName@8
+    - _InitKmLPC@0
+    - _KmCallUm@8
+    - _KmCallUmEx@12
+    - _ModGetExportProcAddress@8
+    - _ModLoadDLLToBuffer@4
+    - _ModLoadDLLToBufferWithImageSize@8
+    - _ModLoadModule@8
+    - _ModUnLoadModule@4
+    - _NormalizeFileName@4
+    - _NormalizeFullNtPathToDosName@4
+    - _TmCommConfigRoutine@4
+    - _UtilAddDeviceInDriveTable@4
+    - _UtilCleanFileReadOnly@4
+    - _UtilDeleteFileForce@4
+    - _UtilGetFileObjectForProcessByEPROC@8
+    - _UtilGetFileObjectFromFileName@12
+    - _UtilGetProcessName@12
+    - _UtilGetSystemDirectory@4
+    - _UtilGetSystemDirectoryEx@0
+    - _UtilGetSystemDirectoryLength@0
+    - _UtilGetSystemTime@4
+    - _UtilIoSetFileInfo@24
+    - _UtilIopCreateFileIRP@40
+    - _UtilKeGetLowFileDevice@16
+    - _UtilModuleIATHook@24
+    - _UtilModuleIATUnHook@8
+    - _UtilQueryKeyValue@24
+    - _UtilRemoveDeviceFromDriveTable@4
+    - _UtilVolumeDeviceToDosName@8
+    - _UtilWaitValueChangeToZero@8
+    - _UtilWriteVersionToRegistry@8
+    - _UtilbuildDynamicDiskMappingTable@0
+    - _UtlWriteBinValueKeyToRegistry@16
+    - __UtilDosPathNameToNtPathName@12
+    ImportedFunctions:
+    - wcsrchr
+    - KeSetEvent
+    - KePulseEvent
+    - KeClearEvent
+    - KeInitializeSemaphore
+    - KeWaitForSingleObject
+    - KeReleaseSemaphore
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - RtlSubAuthoritySid
+    - RtlInitializeSid
+    - ExAllocatePoolWithTag
+    - RtlLengthRequiredSid
+    - ExFreePoolWithTag
+    - RtlSetDaclSecurityDescriptor
+    - RtlCreateSecurityDescriptor
+    - RtlAddAccessAllowedAce
+    - RtlCreateAcl
+    - ObfDereferenceObject
+    - ZwSetEvent
+    - ZwClose
+    - ZwRequestWaitReplyPort
+    - ProbeForWrite
+    - ZwFreeVirtualMemory
+    - ZwAllocateVirtualMemory
+    - ObOpenObjectByPointer
+    - PsProcessType
+    - memmove
+    - ZwConnectPort
+    - RtlInitUnicodeString
+    - RtlUnicodeStringToInteger
+    - ZwCreateSection
+    - ZwWaitForSingleObject
+    - ZwOpenEvent
+    - ObfReferenceObject
+    - IoGetCurrentProcess
+    - DbgBreakPoint
+    - PsGetProcessExitTime
+    - MmSectionObjectType
+    - PsThreadType
+    - DbgPrint
+    - memset
+    - MmIsAddressValid
+    - ExInitializeResourceLite
+    - ExDeleteResourceLite
+    - ZwWriteFile
+    - ZwReadFile
+    - ZwQueryInformationFile
+    - ZwSetInformationFile
+    - ZwCreateFile
+    - swprintf
+    - towupper
+    - _wcsnicmp
+    - KeInitializeEvent
+    - _snprintf
+    - PsGetCurrentProcessId
+    - RtlTimeToTimeFields
+    - ExSystemTimeToLocalTime
+    - KeQuerySystemTime
+    - ZwCreateKey
+    - ZwCreateEvent
+    - KeWaitForMultipleObjects
+    - ObReferenceObjectByHandle
+    - ZwNotifyChangeKey
+    - PsGetCurrentThreadId
+    - _vsnprintf
+    - KeSetPriorityThread
+    - PsTerminateSystemThread
+    - PsCreateSystemThread
+    - KeNumberProcessors
+    - ZwQueryInformationProcess
+    - PsLookupProcessByProcessId
+    - KeDelayExecutionThread
+    - ZwOpenDirectoryObject
+    - PsSetCreateProcessNotifyRoutine
+    - ZwQuerySystemInformation
+    - ZwQueryDirectoryFile
+    - ZwQueryDirectoryObject
+    - ZwDuplicateObject
+    - ZwOpenKey
+    - ZwEnumerateKey
+    - ZwEnumerateValueKey
+    - ZwQueryValueKey
+    - ZwDeleteValueKey
+    - ZwDeleteKey
+    - ExGetPreviousMode
+    - ZwTerminateProcess
+    - ZwOpenProcess
+    - ZwQueryKey
+    - ZwSetValueKey
+    - MmHighestUserAddress
+    - IoFreeIrp
+    - memcpy
+    - MmUnlockPages
+    - IoBuildAsynchronousFsdRequest
+    - _strnicmp
+    - RtlQueryRegistryValues
+    - RtlAppendUnicodeToString
+    - _purecall
+    - ZwQuerySymbolicLinkObject
+    - ZwOpenSymbolicLinkObject
+    - NtClose
+    - ZwSetInformationObject
+    - _stricmp
+    - ZwUnmapViewOfSection
+    - ZwMapViewOfSection
+    - ZwOpenFile
+    - RtlEqualUnicodeString
+    - IoFileObjectType
+    - IoCreateFile
+    - IofCallDriver
+    - IoAllocateIrp
+    - MmBuildMdlForNonPagedPool
+    - IoAllocateMdl
+    - ProbeForRead
+    - PsGetVersion
+    - MmGetSystemRoutineAddress
+    - RtlCopyUnicodeString
+    - RtlCompareMemory
+    - _snwprintf
+    - RtlImageNtHeader
+    - RtlFreeUnicodeString
+    - RtlAnsiStringToUnicodeString
+    - RtlInitAnsiString
+    - strrchr
+    - ZwQueryVolumeInformationFile
+    - ObReferenceObjectByPointer
+    - ObQueryNameString
+    - IoBuildDeviceIoControlRequest
+    - IofCompleteRequest
+    - ExEventObjectType
+    - _allmul
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - IoCreateSymbolicLink
+    - IoGetDeviceObjectPointer
+    - RtlUpperChar
+    - RtlCompareUnicodeString
+    - strncpy
+    - KeServiceDescriptorTable
+    - NtOpenProcess
+    - ObOpenObjectByName
+    - IoDriverObjectType
+    - RtlAppendUnicodeStringToString
+    - strncmp
+    - NtQueryInformationProcess
+    - IoThreadToProcess
+    - PsIsThreadTerminating
+    - KeAddSystemServiceTable
+    - ZwQueryObject
+    - ZwQuerySecurityObject
+    - ObInsertObject
+    - _allrem
+    - IoReleaseVpbSpinLock
+    - IoAcquireVpbSpinLock
+    - SeCreateAccessState
+    - IoGetFileObjectGenericMapping
+    - RtlUpcaseUnicodeString
+    - ObCreateObject
+    - _allshr
+    - ExInterlockedPopEntrySList
+    - IoGetStackLimits
+    - IoBuildSynchronousFsdRequest
+    - MmSystemRangeStart
+    - wcsstr
+    - IoUnregisterPlugPlayNotification
+    - FsRtlIsNameInExpression
+    - IoGetConfigurationInformation
+    - MmProbeAndLockPages
+    - IoGetDeviceInterfaces
+    - IoRegisterPlugPlayNotification
+    - ExAllocatePool
+    - RtlFreeAnsiString
+    - RtlUnicodeStringToAnsiString
+    - strncat
+    - wcschr
+    - wcsncat
+    - wcstombs
+    - KeTickCount
+    - KeBugCheckEx
+    - RtlUnwind
+    - wcsncpy
+    - ExReleaseResourceLite
+    - ExAcquireResourceExclusiveLite
+    - ExAcquireResourceSharedLite
+    - ExReleaseFastMutexUnsafe
+    - KeLeaveCriticalRegion
+    - KeEnterCriticalRegion
+    - IoFreeMdl
+    - ExAcquireFastMutexUnsafe
+    - ZwSetSecurityObject
+    - IoDeviceObjectType
+    - IoCreateDevice
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetSaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - RtlLengthSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - SeExports
+    - IoIsWdmVersionAvailable
+    - RtlLengthSid
+    - RtlAbsoluteToSelfRelativeSD
+    - mbstowcs
+    - KeGetCurrentThread
+    - KfAcquireSpinLock
+    - KfReleaseSpinLock
+    - KeRaiseIrqlToDpcLevel
+    - KfLowerIrql
+    - KeGetCurrentIrql
+    - ExAcquireFastMutex
+    - ExReleaseFastMutex
+    - KfRaiseIrql
+    - ClassInitialize
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited,
+                CN=COMODO Time Stamping Signer
+            ValidFrom: '2010-05-10 00:00:00'
+            ValidTo: '2015-05-10 23:59:59'
+            Signature: c8fb63f80b75752c3af1f213a72db6a31a9cad0107d3348e77e0c26eae025d484fa4d221b636fd2a35437c6bdf80870b15f0763200b4ceb567a42f2f201b9c549e833f1f5f149562820f2241221f70b3f3f742de6c51cd4bf821ac9b3b8cb1e5e6288fce2a8af9aa524d8c5b77ba4d5a58dbbb6a04cc521e9de228370ebbe70e91c7f8dbf18198ebcd37b30eab65d362ec3aa576eb13a83593c92e0a01ecc0e8cc3d7eb6ebe2c1ecd3149282668750dcfd5097acb34a767306c486113ab35f4304526feab3d074364ccaf11b7984377063ad74b9aa0ef398b08608ebdbe01f8c10f239649bae4f0a2c928a4f18b591e58d1a935f1faef1a6f02e97d0d2f62b3c
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 478a8efb59e1d83f0ce142d2a28707be
+            Version: 3
+            TBS:
+                MD5: f13ede9179075999ef7f856ec31e364b
+                SHA1: 2f09867166e6107e17808317f5c8d4ee157f45bc
+                SHA256: 089a2c4c6ac7432020acdb65c33bf39130da6f37c002ba79128bd4c94e4fa101
+                SHA384: 67be6d358f4ecd0726163603a404db9d78c340951d43fd608482cd89a2de7f9566f0ce45f8222f420003157cb266b939
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-09-30 00:00:00'
+            ValidTo: '2014-01-01 23:59:59'
+            Signature: aedd211d5f8f807ad25209eadb6ed25d8be8c21b6904be51a5010e59fa37d174a3eedced89742b62d5a6bf4fad361754f013e0a345d24c26cbe26da21fd01e7a070fb6b37b6f5068a2e931b3b7997d8070a0a7de0b1ea4fff34d811bdd20c91cc4afcff18ffad9da95f0ecdc5cbfe88c5a3e7ab0a3eb59437411e09b1a6af36f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4d6290e58c54f0f1eb17341a1310e6a4
+            Version: 3
+            TBS:
+                MD5: b7d8444a70054990435f35a5630df5e1
+                SHA1: 4678c6e4a8787a8e6ed2bce8792b122f6c08afd8
+                SHA256: 0a8b4b359ea7890b358e56e436e9cfc6f32b037b2599b597ca7f7a80d475ec98
+                SHA384: ab21ee23bcdcf6f6066fb964d61467419ca8c0f3ad0b3fa2be4db6ed6af1cdff066b27d1988551c75836f22eddffef1f
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=TW, ST=Taiwan, L=Taipei, O=Trend Micro, Inc., OU=Digital ID
+                Class 3 , Microsoft Software Validation v2, CN=Trend Micro, Inc.
+            ValidFrom: '2013-01-17 00:00:00'
+            ValidTo: '2014-03-18 23:59:59'
+            Signature: 65c7e1e0f4051179852b819153b528c88db47ef50e897cd8ce0d03a7cc2dc896c89790410182186fecaf9da5c317bf57b5038311c10c2ec5ddb5c18165a7e92f92a6f39c042262126c714337a7c528041a04679217c1475a30231c967ca63b4430ccea52fe4f16fabb5c454d2aa8cdde347b8beaa973d76b3f9ba99d2597939a33d67ec4abc3974ef3792b8bc90d092cce62309d205129bbcbd3554382f24b2911b4904b09e7f52f24f2cc5a52fa49f3a163c32fde076e917301f22dd45d643b95319bae922bc861e5a8f90d4dd72603c7b1ea0229eca869ab8d086ae5286baeba9b99a12856dc1d3cd9f6d9da4b8d5a85896ba4587d8eba506a4fbba4a7bb49
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1a9d178ad334acdf47c8a0d15bb50e6e
+            Version: 3
+            TBS:
+                MD5: 685d99029d38a9d263ea82cd02a49f6c
+                SHA1: 93464d8f54b4ee7caf22ca1db15a4211e0d3c79e
+                SHA256: 894991f1477dff88c7c0707531073bb59483750bcad672fc388179affca07aa9
+                SHA384: e1e5526fbf2108b827717adc49e251251bb8d43a578cd1796da78fcb26c1757b2779616c46e05caf593c2c5046ac60b4
+        Signer:
+        -   SerialNumber: 1a9d178ad334acdf47c8a0d15bb50e6e
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 01697b3eff62a3013d7497c38b3d0912
+        SHA1: 92ba287f9a361cd285dec165334bbe382f84fbdf
+        SHA256: f63b567f5dd45b44a7a0d5177f8f6afad21bc8fb958ff75651ad3c55956f9008
+    Sections:
+        .text:
+            Entropy: 6.659355150585429
+            Virtual Size: '0x2f4ea'
+        .rdata:
+            Entropy: 4.941878386974578
+            Virtual Size: '0x222c'
+        .data:
+            Entropy: 4.467965598104597
+            Virtual Size: '0x2994'
+        PAGE:
+            Entropy: 6.2490971863519
+            Virtual Size: '0x13dd'
+        .edata:
+            Entropy: 5.856804490247286
+            Virtual Size: '0x4c13'
+        INIT:
+            Entropy: 5.700073457087385
+            Virtual Size: '0x15b2'
+        .rsrc:
+            Entropy: 3.406112394615697
+            Virtual Size: '0x758'
+        .reloc:
+            Entropy: 6.5624235881747826
+            Virtual Size: '0x2c98'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2013-09-02 01:57:59'
+    Imphash: 084b99aebda8a13e4f774a2ced272e85
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: TmComm.sys
+    MD5: 1db988eb9ac5f99756c33b91830a9cf6
+    SHA1: 4471935df0e68fe149425703b66f1efca3d82168
+    SHA256: 818e396595d08d724666803cd29dac566dc7db23bf50e9919d04b33afa988c01
+    Authentihash:
+        MD5: a134546e7fd28a27327fd6e4c7ddad9e
+        SHA1: 3f0972132e791e4b24c6a390633aff670afd7ccc
+        SHA256: 3912c38f4c09b107ee9bbb60f43a8193d6bacf00bfb3b59b7b146d76594797cf
+    Description: TrendMicro Common Module
+    Company: Trend Micro Inc.
+    InternalName: TmComm.sys
+    OriginalFilename: TmComm.sys
+    FileVersion: 7.30.0.1078
+    Product: Trend Micro Eyes
+    ProductVersion: '7.30'
+    Copyright: Copyright  (C)  2017 Trend Micro Incorporated. All rights reserved.
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions:
+    - ??0CAutoUpdateConfigThread@@QEAA@AEBV0@@Z
+    - ??0CAutoUpdateConfigThread@@QEAA@PEAU_UNICODE_STRING@@P6AX0PEAX@Z1@Z
+    - ??0CBlobConfig@@QEAA@AEBV0@@Z
+    - ??0CBlobConfig@@QEAA@K@Z
+    - ??0CContext@@QEAA@AEBV0@@Z
+    - ??0CContext@@QEAA@KP6AJPEAU_EVENT_REPORT@@PEAXPEAU_TMCE_REPORT@@PEAU_TMCE_FEEDBACK@@@Z1K@Z
+    - ??0CContextList@@QEAA@AEBV0@@Z
+    - ??0CContextList@@QEAA@KPEAVIMemoryAllocator@@@Z
+    - ??0CDebugLog@@QEAA@AEBV0@@Z
+    - ??0CDebugLog@@QEAA@PEBG@Z
+    - ??0CDebugLogEx@@QEAA@AEBV0@@Z
+    - ??0CDebugLogEx@@QEAA@K@Z
+    - ??0CDelayLoadThread@@QEAA@AEBV0@@Z
+    - ??0CDelayLoadThread@@QEAA@XZ
+    - ??0CExclusionExtConfig@@QEAA@AEBV0@@Z
+    - ??0CExclusionExtConfig@@QEAA@KKE@Z
+    - ??0CExclusionFileNameConfig@@QEAA@AEBV0@@Z
+    - ??0CExclusionFileNameConfig@@QEAA@KK@Z
+    - ??0CExclusionFilePathConfig@@QEAA@AEBV0@@Z
+    - ??0CExclusionFilePathConfig@@QEAA@KK@Z
+    - ??0CExclusionFolderConfig@@QEAA@AEBV0@@Z
+    - ??0CExclusionFolderConfig@@QEAA@KK@Z
+    - ??0CExclusionRegistryConfig@@QEAA@AEBV0@@Z
+    - ??0CExclusionRegistryConfig@@QEAA@KK@Z
+    - ??0CFile@@QEAA@AEBV0@@Z
+    - ??0CFile@@QEAA@E@Z
+    - ??0CFileExtension@@QEAA@AEBV0@@Z
+    - ??0CFileExtension@@QEAA@KEEPEAVIMemoryAllocator@@@Z
+    - ??0CInclusionExtConfig@@QEAA@AEBV0@@Z
+    - ??0CInclusionExtConfig@@QEAA@KKE@Z
+    - ??0CInclusionFileNameConfig@@QEAA@AEBV0@@Z
+    - ??0CInclusionFileNameConfig@@QEAA@KK@Z
+    - ??0CInclusionFilePathConfig@@QEAA@AEBV0@@Z
+    - ??0CInclusionFilePathConfig@@QEAA@KK@Z
+    - ??0CInclusionFolderConfig@@QEAA@AEBV0@@Z
+    - ??0CInclusionFolderConfig@@QEAA@KK@Z
+    - ??0CKEvent@@QEAA@AEBV0@@Z
+    - ??0CKEvent@@QEAA@W4_EVENT_TYPE@@E@Z
+    - ??0CList@@QEAA@AEBV0@@Z
+    - ??0CList@@QEAA@KPEAVIMemoryAllocator@@@Z
+    - ??0CLockEvent@@QEAA@AEBV0@@Z
+    - ??0CLockEvent@@QEAA@XZ
+    - ??0CLockList@@QEAA@AEBV0@@Z
+    - ??0CLockList@@QEAA@KKPEAVIMemoryAllocator@@@Z
+    - ??0CMemoryAllocator@@IEAA@W4_POOL_TYPE@@K@Z
+    - ??0CMemoryAllocator@@QEAA@AEBV0@@Z
+    - ??0CMemoryPoolAllocator@@IEAA@W4_POOL_TYPE@@_K1K@Z
+    - ??0CMemoryPoolAllocator@@QEAA@AEBV0@@Z
+    - ??0CModuleConfig@@QEAA@AEBV0@@Z
+    - ??0CModuleConfig@@QEAA@XZ
+    - ??0CModuleConfigList@@QEAA@AEBV0@@Z
+    - ??0CModuleConfigList@@QEAA@KPEAVIMemoryAllocator@@@Z
+    - ??0CModuleFileExtConfig@@QEAA@AEBV0@@Z
+    - ??0CModuleFileExtConfig@@QEAA@KKE@Z
+    - ??0CModuleFlagConfig@@QEAA@AEBV0@@Z
+    - ??0CModuleFlagConfig@@QEAA@K@Z
+    - ??0CModuleMultiStringConfig@@QEAA@AEBV0@@Z
+    - ??0CModuleMultiStringConfig@@QEAA@KK@Z
+    - ??0CModuleStringConfig@@QEAA@AEBV0@@Z
+    - ??0CModuleStringConfig@@QEAA@K@Z
+    - ??0CNoLockList@@QEAA@AEBV0@@Z
+    - ??0CNoLockList@@QEAA@KKPEAVIMemoryAllocator@@@Z
+    - ??0CSmartLock@@QEAA@AEAVCLockEvent@@@Z
+    - ??0CSmartLock@@QEAA@XZ
+    - ??0CSmartReference@@QEAA@AEAJ@Z
+    - ??0CSmartReference@@QEAA@AEAK@Z
+    - ??0CSmartResource@@QEAA@AEAVCResource@@E@Z
+    - ??0CStrList@@QEAA@AEBV0@@Z
+    - ??0CStrList@@QEAA@KPEAVIMemoryAllocator@@@Z
+    - ??0CSystemThread@@QEAA@AEBV0@@Z
+    - ??0CSystemThread@@QEAA@K@Z
+    - ??0CUserFuncAdapterJob@@QEAA@AEBV0@@Z
+    - ??0CUserFuncAdapterJob@@QEAA@P6AXPEAX@Z01@Z
+    - ??0CWorkerThread@@IEAA@PEAVCWorkerThreadJobQueue@@@Z
+    - ??0CWorkerThread@@QEAA@AEBV0@@Z
+    - ??0CWorkerThreadJob@@QEAA@AEBV0@@Z
+    - ??0CWorkerThreadJob@@QEAA@E@Z
+    - ??0CWorkerThreadJobQueue@@QEAA@AEBV0@@Z
+    - ??0CWorkerThreadJobQueue@@QEAA@K@Z
+    - ??0CWorkerThreadPool@@QEAA@AEBV0@@Z
+    - ??0CWorkerThreadPool@@QEAA@K@Z
+    - ??0CWorkerThreadPoolEx@@QEAA@AEBV0@@Z
+    - ??0CWorkerThreadPoolEx@@QEAA@KK@Z
+    - ??0IMemoryAllocator@@QEAA@AEBV0@@Z
+    - ??0IMemoryAllocator@@QEAA@XZ
+    - ??1CAutoUpdateConfigThread@@UEAA@XZ
+    - ??1CBlobConfig@@UEAA@XZ
+    - ??1CContext@@UEAA@XZ
+    - ??1CContextList@@UEAA@XZ
+    - ??1CDebugLog@@UEAA@XZ
+    - ??1CDebugLogEx@@UEAA@XZ
+    - ??1CDelayLoadThread@@UEAA@XZ
+    - ??1CExclusionExtConfig@@UEAA@XZ
+    - ??1CExclusionFileNameConfig@@UEAA@XZ
+    - ??1CExclusionFilePathConfig@@UEAA@XZ
+    - ??1CExclusionFolderConfig@@UEAA@XZ
+    - ??1CExclusionRegistryConfig@@UEAA@XZ
+    - ??1CFile@@UEAA@XZ
+    - ??1CFileExtension@@UEAA@XZ
+    - ??1CInclusionExtConfig@@UEAA@XZ
+    - ??1CInclusionFileNameConfig@@UEAA@XZ
+    - ??1CInclusionFilePathConfig@@UEAA@XZ
+    - ??1CInclusionFolderConfig@@UEAA@XZ
+    - ??1CKEvent@@UEAA@XZ
+    - ??1CList@@UEAA@XZ
+    - ??1CLockEvent@@UEAA@XZ
+    - ??1CLockList@@UEAA@XZ
+    - ??1CMemoryAllocator@@UEAA@XZ
+    - ??1CMemoryPoolAllocator@@UEAA@XZ
+    - ??1CModuleConfig@@UEAA@XZ
+    - ??1CModuleConfigList@@UEAA@XZ
+    - ??1CModuleFileExtConfig@@UEAA@XZ
+    - ??1CModuleFlagConfig@@UEAA@XZ
+    - ??1CModuleMultiStringConfig@@UEAA@XZ
+    - ??1CModuleStringConfig@@UEAA@XZ
+    - ??1CNoLockList@@UEAA@XZ
+    - ??1CSmartLock@@QEAA@XZ
+    - ??1CSmartReference@@QEAA@XZ
+    - ??1CSmartResource@@QEAA@XZ
+    - ??1CStrList@@UEAA@XZ
+    - ??1CSystemThread@@UEAA@XZ
+    - ??1CUserFuncAdapterJob@@UEAA@XZ
+    - ??1CWorkerThread@@UEAA@XZ
+    - ??1CWorkerThreadJob@@UEAA@XZ
+    - ??1CWorkerThreadJobQueue@@UEAA@XZ
+    - ??1CWorkerThreadPool@@UEAA@XZ
+    - ??1CWorkerThreadPoolEx@@UEAA@XZ
+    - ??1IMemoryAllocator@@UEAA@XZ
+    - ??2@YAPEAX_KPEAVIMemoryAllocator@@PEBDK@Z
+    - ??2CMemoryAllocator@@SAPEAX_K@Z
+    - ??2CMemoryPoolAllocator@@SAPEAX_K@Z
+    - ??3@YAXPEAX@Z
+    - ??3@YAXPEAX_K@Z
+    - ??3IMemoryAllocator@@SAXPEAX@Z
+    - ??4CAutoUpdateConfigThread@@QEAAAEAV0@AEBV0@@Z
+    - ??4CBlobConfig@@QEAAAEAV0@AEBV0@@Z
+    - ??4CContext@@QEAAAEAV0@AEBV0@@Z
+    - ??4CDebugLog@@QEAAAEAV0@AEBV0@@Z
+    - ??4CDebugLogEx@@QEAAAEAV0@AEBV0@@Z
+    - ??4CDelayLoadThread@@QEAAAEAV0@AEBV0@@Z
+    - ??4CFile@@QEAAAEAV0@AEBV0@@Z
+    - ??4CKEvent@@QEAAAEAV0@AEBV0@@Z
+    - ??4CLockEvent@@QEAAAEAV0@AEBV0@@Z
+    - ??4CMemoryAllocator@@QEAAAEAV0@AEBV0@@Z
+    - ??4CMemoryPoolAllocator@@QEAAAEAV0@AEBV0@@Z
+    - ??4CModuleConfig@@QEAAAEAV0@AEBV0@@Z
+    - ??4CModuleFlagConfig@@QEAAAEAV0@AEBV0@@Z
+    - ??4CModuleStringConfig@@QEAAAEAV0@AEBV0@@Z
+    - ??4CSmartLock@@QEAAAEAV0@AEBV0@@Z
+    - ??4CSmartLock@@QEAAAEBV0@AEAVCLockEvent@@@Z
+    - ??4CSmartResource@@QEAAAEAV0@AEBV0@@Z
+    - ??4CSystemThread@@QEAAAEAV0@AEBV0@@Z
+    - ??4CUserFuncAdapterJob@@QEAAAEAV0@AEBV0@@Z
+    - ??4CWorkerThread@@QEAAAEAV0@AEBV0@@Z
+    - ??4CWorkerThreadJob@@QEAAAEAV0@AEBV0@@Z
+    - ??4IMemoryAllocator@@QEAAAEAV0@AEBV0@@Z
+    - ??_7CAutoUpdateConfigThread@@6B@
+    - ??_7CBlobConfig@@6B@
+    - ??_7CContext@@6B@
+    - ??_7CContextList@@6B@
+    - ??_7CDebugLog@@6B@
+    - ??_7CDebugLogEx@@6B@
+    - ??_7CDelayLoadThread@@6B@
+    - ??_7CExclusionExtConfig@@6B@
+    - ??_7CExclusionFileNameConfig@@6B@
+    - ??_7CExclusionFilePathConfig@@6B@
+    - ??_7CExclusionFolderConfig@@6B@
+    - ??_7CExclusionRegistryConfig@@6B@
+    - ??_7CFile@@6B@
+    - ??_7CFileExtension@@6B@
+    - ??_7CInclusionExtConfig@@6B@
+    - ??_7CInclusionFileNameConfig@@6B@
+    - ??_7CInclusionFilePathConfig@@6B@
+    - ??_7CInclusionFolderConfig@@6B@
+    - ??_7CKEvent@@6B@
+    - ??_7CList@@6B@
+    - ??_7CLockEvent@@6B@
+    - ??_7CLockList@@6B@
+    - ??_7CMemoryAllocator@@6B@
+    - ??_7CMemoryPoolAllocator@@6B@
+    - ??_7CModuleConfig@@6B@
+    - ??_7CModuleConfigList@@6B@
+    - ??_7CModuleFileExtConfig@@6B@
+    - ??_7CModuleFlagConfig@@6B@
+    - ??_7CModuleMultiStringConfig@@6B@
+    - ??_7CModuleStringConfig@@6B@
+    - ??_7CNoLockList@@6B@
+    - ??_7CStrList@@6B@
+    - ??_7CSystemThread@@6B@
+    - ??_7CUserFuncAdapterJob@@6B@
+    - ??_7CWorkerThread@@6B@
+    - ??_7CWorkerThreadJob@@6B@
+    - ??_7CWorkerThreadJobQueue@@6B@
+    - ??_7CWorkerThreadPool@@6B@
+    - ??_7CWorkerThreadPoolEx@@6B@
+    - ??_7IMemoryAllocator@@6B@
+    - ??_FCContextList@@QEAAXXZ
+    - ??_FCFile@@QEAAXXZ
+    - ??_FCFileExtension@@QEAAXXZ
+    - ??_FCModuleConfigList@@QEAAXXZ
+    - ??_FCStrList@@QEAAXXZ
+    - ??_FCSystemThread@@QEAAXXZ
+    - ??_FCWorkerThread@@QEAAXXZ
+    - ??_FCWorkerThreadJob@@QEAAXXZ
+    - ??_FCWorkerThreadJobQueue@@QEAAXXZ
+    - ??_U@YAPEAX_KPEAVIMemoryAllocator@@PEBDK@Z
+    - ??_V@YAXPEAX@Z
+    - ??_V@YAXPEAX_K@Z
+    - ?Acquire@CLockEvent@@QEAAXXZ
+    - ?Add@CContextList@@QEAAEPEAVCContext@@@Z
+    - ?Add@CFileExtension@@QEAAEPEBGK@Z
+    - ?Add@CModuleConfigList@@QEAAEPEAVCModuleConfig@@@Z
+    - ?Add@CStrList@@QEAAEPEBG@Z
+    - ?AddNode@CLockList@@UEAAEQEAXE@Z
+    - ?AddNode@CNoLockList@@UEAAEQEAXE@Z
+    - ?Alloc@CMemoryAllocator@@UEAAPEAX_KPEBDK@Z
+    - ?Alloc@CMemoryPoolAllocator@@UEAAPEAX_KPEBDK@Z
+    - ?AllocBlock@CMemoryPoolAllocator@@IEAAPEAX_K@Z
+    - ?AttachJobQueue@CWorkerThread@@QEAAXPEAVCWorkerThreadJobQueue@@@Z
+    - ?Cancel@CWorkerThreadJob@@QEAAXXZ
+    - ?CheckNode@CLockList@@UEAAHQEAX@Z
+    - ?CheckNode@CNoLockList@@UEAAHQEAX@Z
+    - ?CleanQueue@CWorkerThreadJobQueue@@QEAAXXZ
+    - ?Cleanup@CBlobConfig@@AEAAXXZ
+    - ?Cleanup@CModuleFileExtConfig@@IEAAXXZ
+    - ?Cleanup@CModuleMultiStringConfig@@IEAAXXZ
+    - ?Cleanup@CModuleStringConfig@@AEAAXXZ
+    - ?Close@CFile@@QEAAJXZ
+    - ?Count@CLockList@@QEAAKXZ
+    - ?Count@CNoLockList@@QEAAKXZ
+    - ?Create@CFile@@QEAAJPEBGKKKK@Z
+    - ?Create@CSystemThread@@QEAAEXZ
+    - ?CreateInstance@CMemoryAllocator@@SAPEAV1@W4_POOL_TYPE@@K@Z
+    - ?CreateInstance@CMemoryPoolAllocator@@SAPEAV1@W4_POOL_TYPE@@_K1K@Z
+    - ?CreatePool@CWorkerThreadPool@@QEAAEXZ
+    - ?CreatePool@CWorkerThreadPoolEx@@QEAAEXZ
+    - ?CreateThreads@CWorkerThreadPool@@QEAAEK@Z
+    - ?CreateThreads@CWorkerThreadPoolEx@@QEAAEK@Z
+    - ?CreateWIRP@CFile@@QEAAJPEBGKKKK@Z
+    - ?Delete@CFile@@QEAAJXZ
+    - ?Delete@CFileExtension@@QEAAEPEBGK@Z
+    - ?Delete@CStrList@@QEAAEPEBG@Z
+    - ?DeleteAll@CList@@UEAAXXZ
+    - ?DeleteAll@CLockList@@UEAAXXZ
+    - ?DeleteAll@CNoLockList@@UEAAXXZ
+    - ?DeleteNode@CContextList@@MEAAXPEAX@Z
+    - ?DeleteNode@CList@@UEAAXPEAX@Z
+    - ?DeleteNode@CModuleConfigList@@MEAAXPEAX@Z
+    - ?DeleteNode@CStrList@@EEAAXPEAU_STR_LIST_NODE@1@@Z
+    - ?DisableWriteProtectFromCR0@@YAXPEAPEAX@Z
+    - ?DoIt@CWorkerThreadJob@@QEAAJXZ
+    - ?EntryPoint@CSystemThread@@KAXPEAX@Z
+    - ?Find@CContextList@@QEAAPEAVCContext@@K@Z
+    - ?Find@CContextList@@QEAAPEAVCContext@@PEAX@Z
+    - ?Find@CFileExtension@@QEAAPEAU_STR_LIST_NODE@CStrList@@PEBGK@Z
+    - ?Find@CModuleConfigList@@QEAAPEAVCModuleConfig@@K@Z
+    - ?Find@CStrList@@QEAAPEAU_STR_LIST_NODE@1@PEBG@Z
+    - ?FindNode@CContextList@@IEAAPEAXPEAX@Z
+    - ?FindPartiallyAndAllMatch@CStrList@@QEAAPEAU_STR_LIST_NODE@1@PEBG@Z
+    - ?FinishFunction@CUserFuncAdapterJob@@MEAAXXZ
+    - ?FinishIt@CWorkerThreadJob@@QEAAJXZ
+    - ?First@CList@@UEAAPEAXXZ
+    - ?First@CLockList@@UEAAPEAXXZ
+    - ?First@CNoLockList@@UEAAPEAXXZ
+    - ?Free@CMemoryAllocator@@UEAAXPEAX@Z
+    - ?Free@CMemoryPoolAllocator@@UEAAXPEAX@Z
+    - ?GetAttributes@CFile@@QEAAKXZ
+    - ?GetBasicInfomration@CFile@@IEAAJXZ
+    - ?GetBlobCofig@CContext@@UEAAJKPEAXPEAK@Z
+    - ?GetCategory@CContext@@QEAAKXZ
+    - ?GetData@CBlobConfig@@QEAAHPEAXPEAK@Z
+    - ?GetData@CModuleFileExtConfig@@QEAAHPEAGPEAK@Z
+    - ?GetData@CModuleFileExtConfig@@QEAAPEAVCFileExtension@@XZ
+    - ?GetData@CModuleFlagConfig@@QEAAKXZ
+    - ?GetData@CModuleMultiStringConfig@@QEAAHPEAGPEAK@Z
+    - ?GetData@CModuleMultiStringConfig@@QEAAPEAVCStrList@@XZ
+    - ?GetData@CModuleStringConfig@@QEAAPEAGXZ
+    - ?GetData@CStrList@@QEAAEPEAGPEAK@Z
+    - ?GetDataType@CModuleConfig@@QEAAKXZ
+    - ?GetEngineContext@CContext@@QEAAPEAXXZ
+    - ?GetFileExtensionConfig@CContext@@QEAAPEAVCFileExtension@@K@Z
+    - ?GetFileExtensionConfig@CContext@@UEAAJKPEAGPEAK@Z
+    - ?GetFileSize@CFile@@QEAAJPEAT_LARGE_INTEGER@@@Z
+    - ?GetFileSizeWIRP@CFile@@QEAAJPEAT_LARGE_INTEGER@@@Z
+    - ?GetFlagConfig@CContext@@UEAAJKPEAK@Z
+    - ?GetID@CModuleConfig@@QEAAKXZ
+    - ?GetJob@CWorkerThreadJobQueue@@QEAAPEAVCWorkerThreadJob@@XZ
+    - ?GetLength@CModuleStringConfig@@QEAAKXZ
+    - ?GetLinkContext@CContext@@QEAAPEAXXZ
+    - ?GetLogFlag@CDebugLog@@QEAAKXZ
+    - ?GetLogFlag@CDebugLogEx@@QEAAKXZ
+    - ?GetModuleId@CModuleConfig@@QEAAKXZ
+    - ?GetMultiStringConfig@CContext@@QEAAPEAVCStrList@@K@Z
+    - ?GetMultiStringConfig@CContext@@UEAAJKPEAGPEAK@Z
+    - ?GetOneThreadTEB@CWorkerThreadPool@@QEAAPEAU_ETHREAD@@XZ
+    - ?GetOneThreadTEB@CWorkerThreadPool@@QEAAPEAU_KTHREAD@@XZ
+    - ?GetOneThreadTEB@CWorkerThreadPoolEx@@QEAAPEAU_ETHREAD@@XZ
+    - ?GetOneThreadTEB@CWorkerThreadPoolEx@@QEAAPEAU_KTHREAD@@XZ
+    - ?GetReportCallBackRoutine@CContext@@QEAA_KXZ
+    - ?GetSize@CBlobConfig@@QEAAKXZ
+    - ?GetStringConfig@CContext@@QEAAPEAGK@Z
+    - ?GetStringConfig@CContext@@UEAAJKPEAGPEAK@Z
+    - ?GetThreadCount@CWorkerThreadPool@@QEAAKXZ
+    - ?GetThreadCount@CWorkerThreadPoolEx@@QEAAKXZ
+    - ?GetThreadID@CSystemThread@@QEAA_KXZ
+    - ?GetType@CContext@@QEAAKXZ
+    - ?GetUserParameter@CContext@@QEAA_KXZ
+    - ?InitProcMon@CDebugLogEx@@IEAAXXZ
+    - ?InitializeBlobConfig@CContext@@QEAAHKPEAXK@Z
+    - ?InitializeFileExtensionConfig@CContext@@QEAAHKPEBG@Z
+    - ?InitializeFlagConfig@CContext@@QEAAHKK@Z
+    - ?InitializeMultiStringConfig@CContext@@QEAAHKPEBG@Z
+    - ?InitializeStringConfig@CContext@@QEAAHKPEBG@Z
+    - ?Insert@CList@@UEAAXQEAXE@Z
+    - ?Insert@CLockList@@UEAAXQEAXE@Z
+    - ?Insert@CNoLockList@@UEAAXQEAXE@Z
+    - ?InsertAfter@CList@@UEAAXPEAX0@Z
+    - ?InsertBefore@CList@@UEAAXPEAX0@Z
+    - ?Instance@CWorkerThreadPool@@SAPEAV1@XZ
+    - ?IsEmpty@CList@@UEAAEXZ
+    - ?IsEmpty@CLockList@@UEAAEXZ
+    - ?IsEmpty@CNoLockList@@UEAAEXZ
+    - ?IsExceedLimitation@CMemoryPoolAllocator@@IEAAEK@Z
+    - ?IsFull@CLockList@@QEBAEXZ
+    - ?IsFull@CNoLockList@@QEBAEXZ
+    - ?IsInExclusionList@CExclusionExtConfig@@QEAAEPEBG@Z
+    - ?IsInExclusionList@CExclusionFileNameConfig@@QEAAEPEBG@Z
+    - ?IsInExclusionList@CExclusionFilePathConfig@@QEAAEPEBG@Z
+    - ?IsInExclusionList@CExclusionFolderConfig@@QEAAEPEBG@Z
+    - ?IsInExclusionList@CExclusionRegistryConfig@@QEAAEPEBG@Z
+    - ?IsInInclusionList@CInclusionExtConfig@@QEAAEPEBG@Z
+    - ?IsInInclusionList@CInclusionFileNameConfig@@QEAAEPEBG@Z
+    - ?IsInInclusionList@CInclusionFilePathConfig@@QEAAEPEBG@Z
+    - ?IsInInclusionList@CInclusionFolderConfig@@QEAAEPEBG@Z
+    - ?IsOpened@CFile@@QEAAEXZ
+    - ?IsTerminated@CWorkerThreadPool@@QEAAEXZ
+    - ?IsTerminated@CWorkerThreadPoolEx@@QEAAEXZ
+    - ?IsValid@CMemoryAllocator@@UEAAEXZ
+    - ?IsValid@CMemoryPoolAllocator@@UEAAEXZ
+    - ?IsValid@IMemoryAllocator@@UEAAEXZ
+    - ?IsWorkerThread@CWorkerThreadPool@@QEAAE_K@Z
+    - ?IsWorkerThread@CWorkerThreadPoolEx@@QEAAE_K@Z
+    - ?JobFunction@CUserFuncAdapterJob@@MEAAXXZ
+    - ?JobQueue@CWorkerThreadPool@@QEAAAEAVCWorkerThreadJobQueue@@XZ
+    - ?JobQueue@CWorkerThreadPoolEx@@QEAAAEAVCWorkerThreadJobQueue@@XZ
+    - ?Limit@CLockList@@QEAAKXZ
+    - ?Limit@CNoLockList@@QEAAKXZ
+    - ?MatchAllExtensions@CFileExtension@@QEAAEXZ
+    - ?MatchNoExtensions@CFileExtension@@QEAAEXZ
+    - ?MergeLeft@CMemoryPoolAllocator@@IEAAPEAXPEAX@Z
+    - ?MergeRight@CMemoryPoolAllocator@@IEAAPEAXPEAX@Z
+    - ?NeedDelete@CWorkerThreadJob@@QEAAEXZ
+    - ?NeedDeleteWhenFinish@CWorkerThreadJob@@QEAAXE@Z
+    - ?NewNode@CList@@UEAAPEAXXZ
+    - ?NewNode@CStrList@@EEAAPEAXXZ
+    - ?NewNodeVariant@CList@@IEAAPEAXK@Z
+    - ?Next@CList@@UEBAPEAXQEAX@Z
+    - ?Next@CLockList@@UEBAPEAXQEAX@Z
+    - ?Next@CNoLockList@@UEBAPEAXQEAX@Z
+    - ?NextPool@CMemoryPoolAllocator@@QEAAPEAV1@XZ
+    - ?NotityTerminate@CWorkerThread@@QEAAXXZ
+    - ?PostJobToWorkerThread@CWorkerThreadPool@@QEAAJP6AXPEAX@Z0E@Z
+    - ?PostJobToWorkerThread@CWorkerThreadPoolEx@@QEAAJP6AXPEAX@Z0E1@Z
+    - ?Pulse@CKEvent@@QEAAJJE@Z
+    - ?QueueJob@CWorkerThreadJobQueue@@QEAAEPEAVCWorkerThreadJob@@@Z
+    - ?QueueJobItem@CWorkerThreadPool@@QEAAJPEAVCWorkerThreadJob@@@Z
+    - ?QueueJobItem@CWorkerThreadPoolEx@@QEAAJPEAVCWorkerThreadJob@@@Z
+    - ?RCMInstance@CWorkerThreadPool@@SAPEAV1@XZ
+    - ?Read@CFile@@QEAAJPEADKPEAK@Z
+    - ?ReadWIRP@CFile@@QEAAJPEADKPEAK@Z
+    - ?ReferenceCount@CContext@@QEAAAEAKXZ
+    - ?Release@CLockEvent@@QEAAXXZ
+    - ?Remove@CContextList@@UEAAEQEAX@Z
+    - ?Remove@CList@@UEAAEQEAX@Z
+    - ?Remove@CLockList@@UEAAEQEAX@Z
+    - ?Remove@CNoLockList@@UEAAEQEAX@Z
+    - ?RemoveHead@CList@@UEAAPEAXXZ
+    - ?RemoveHead@CLockList@@UEAAPEAXXZ
+    - ?RemoveHead@CNoLockList@@UEAAPEAXXZ
+    - ?RemoveTail@CList@@UEAAPEAXXZ
+    - ?RemoveTail@CLockList@@UEAAPEAXXZ
+    - ?RemoveTail@CNoLockList@@UEAAPEAXXZ
+    - ?Reset@CKEvent@@QEAAXXZ
+    - ?ResetData@CInclusionExtConfig@@QEAAXXZ
+    - ?ResetData@CInclusionFileNameConfig@@QEAAXXZ
+    - ?ResetData@CInclusionFilePathConfig@@QEAAXXZ
+    - ?ResetData@CInclusionFolderConfig@@QEAAXXZ
+    - ?RestoreCR0@@YAXPEAX@Z
+    - ?Run@CAutoUpdateConfigThread@@UEAAXXZ
+    - ?Run@CDelayLoadThread@@UEAAXXZ
+    - ?Run@CWorkerThread@@UEAAXXZ
+    - ?SeekToEnd@CFile@@QEAAJXZ
+    - ?Set@CKEvent@@QEAAJJE@Z
+    - ?SetAttributes@CFile@@QEAAJK@Z
+    - ?SetBlobCofig@CContext@@UEAAJKPEAXK@Z
+    - ?SetData@CBlobConfig@@QEAAHPEAXK@Z
+    - ?SetData@CModuleFileExtConfig@@QEAAHPEBG@Z
+    - ?SetData@CModuleFlagConfig@@QEAAHK@Z
+    - ?SetData@CModuleMultiStringConfig@@QEAAHPEBGK@Z
+    - ?SetData@CModuleStringConfig@@QEAAHPEBG@Z
+    - ?SetEngineContext@CContext@@QEAAXPEAX@Z
+    - ?SetFileExtensionConfig@CContext@@UEAAJKPEBG@Z
+    - ?SetFlagConfig@CContext@@UEAAJKK@Z
+    - ?SetLinkContext@CContext@@QEAAXPEAX@Z
+    - ?SetLogFlag@CDebugLog@@QEAAEK@Z
+    - ?SetLogFlag@CDebugLogEx@@QEAAEK@Z
+    - ?SetMatchAllExtensions@CFileExtension@@QEAAXE@Z
+    - ?SetMatchNoExtensions@CFileExtension@@QEAAXE@Z
+    - ?SetMultiStringConfig@CContext@@UEAAJKPEBG@Z
+    - ?SetNewJobItemEvent@CWorkerThreadJobQueue@@QEAAXXZ
+    - ?SetPriority@CSystemThread@@QEAAXK@Z
+    - ?SetStopUse@CContext@@QEAAXXZ
+    - ?SetStringConfig@CContext@@UEAAJKPEBG@Z
+    - ?Setup@CSystemThread@@MEAAXXZ
+    - ?StopUse@CContext@@QEAAHXZ
+    - ?TearDown@CSystemThread@@MEAAXXZ
+    - ?Terminate@CSystemThread@@QEAAXE@Z
+    - ?Terminate@CWorkerThreadPool@@QEAAEXZ
+    - ?Terminate@CWorkerThreadPoolEx@@QEAAEXZ
+    - ?TmExceptionFilter@@YAJPEAU_EXCEPTION_POINTERS@@@Z
+    - ?Wait@CKEvent@@QEAAJPEAT_LARGE_INTEGER@@E@Z
+    - ?WaitFinish@CWorkerThreadJob@@QEAAXXZ
+    - ?WaitForInit@CDelayLoadThread@@QEAAEXZ
+    - ?WaitForLoad@CDelayLoadThread@@QEAAEXZ
+    - ?WaitNewJobAvailable@CWorkerThreadJobQueue@@QEAAEXZ
+    - ?WaitQueueEmpty@CWorkerThreadJobQueue@@QEAAXXZ
+    - ?Write@CDebugLog@@QEAAXPEBDZZ
+    - ?Write@CDebugLogEx@@QEAAXPEBDZZ
+    - ?Write@CFile@@QEAAJPEADKPEAT_LARGE_INTEGER@@PEAK@Z
+    - ?WriteDataToFile@CDebugLogEx@@IEAAXPEADK@Z
+    - ?WriteDataToProcMonW@CDebugLogEx@@IEAAXPEAD@Z
+    - ?WriteSystemInformation@CDebugLog@@QEAAXXZ
+    - ?WriteSystemInformation@CDebugLogEx@@QEAAXXZ
+    - ?WriteSystemStringInformation@CDebugLog@@IEAAXPEBG@Z
+    - ?WriteSystemStringInformation@CDebugLogEx@@IEAAXPEBG@Z
+    - ?WriteToFile@CDebugLog@@IEAAXPEADK@Z
+    - ?WriteToProcMonW@CDebugLogEx@@IEAAXPEAU_UNICODE_STRING@@@Z
+    - ?_pNonPagedAllocator@@3PEAVCMemoryAllocator@@EA
+    - ?_pPagedAllocator@@3PEAVCMemoryAllocator@@EA
+    - ?m_lpInstance@CWorkerThreadPool@@1PEAV1@EA
+    - ?m_lpRCMInstance@CWorkerThreadPool@@1PEAV1@EA
+    - AllocFullFileName
+    - DeInitKm2UmCommunication
+    - DeInitKmLPC
+    - DuplicateFullFileName
+    - FreeFullFileName
+    - GetKm2UmMode
+    - GetModuleInfoByAddress
+    - GetModuleInfoByModuleName
+    - InitKm2UmCommunication
+    - InitKmLPC
+    - IsVerifierCodeCheckFlagOn
+    - IsWindows8_1_update
+    - KmCallUm
+    - KmCallUmByLPC
+    - KmCallUmEx
+    - KmCleanupCommPortAPIs
+    - KmGetUmInitProcess
+    - KmSetBackupCommPortAPIs
+    - KmSetCommPortAPIs
+    - ModGetExportProcAddress
+    - ModLoadDLLToBuffer
+    - ModLoadDLLToBufferWithImageSize
+    - ModLoadModule
+    - ModUnLoadModule
+    - NormalizeFileName
+    - NormalizeFullNtPathToDosName
+    - TmCommConfigRoutine
+    - UtilAddDeviceInDriveTable
+    - UtilAddReparsePointMapping
+    - UtilCleanFileReadOnly
+    - UtilCloseExclusiveHandle
+    - UtilCreateDosFileName
+    - UtilDeleteFileForce
+    - UtilGetDeviceObjectName
+    - UtilGetFileNameFromFileObject
+    - UtilGetFileObjectForProcessByEPROC
+    - UtilGetFileObjectFromFileName
+    - UtilGetProcessName
+    - UtilGetSystemDirectory
+    - UtilGetSystemDirectoryEx
+    - UtilGetSystemDirectoryLength
+    - UtilGetSystemTime
+    - UtilIoSetFileInfo
+    - UtilIopCreateFileIRP
+    - UtilKeGetLowFileDevice
+    - UtilModuleIATHook
+    - UtilModuleIATUnHook
+    - UtilPostJobToWorkerThread
+    - UtilQueryExclusiveHandle
+    - UtilQueryKeyValue
+    - UtilRemoveDeviceFromDriveTable
+    - UtilVolumeDeviceToDosName
+    - UtilWaitValueChangeToZero
+    - UtilWriteVersionToRegistry
+    - UtilbuildDynamicDiskMappingTable
+    - UtlWriteBinValueKeyToRegistry
+    - ValidateAddressWithSize
+    - _ResetProtectFromClose
+    - _UtilDosPathNameToNtPathName
+    ImportedFunctions:
+    - RtlInitUnicodeString
+    - KeInitializeEvent
+    - KeClearEvent
+    - KeSetEvent
+    - KeEnterCriticalRegion
+    - KeLeaveCriticalRegion
+    - KeWaitForSingleObject
+    - ExFreePoolWithTag
+    - ExAcquireFastMutexUnsafe
+    - ExReleaseFastMutexUnsafe
+    - ProbeForRead
+    - ProbeForWrite
+    - ExAcquireResourceSharedLite
+    - ExAcquireResourceExclusiveLite
+    - ExReleaseResourceLite
+    - MmProbeAndLockPages
+    - MmUnlockPages
+    - MmMapLockedPagesSpecifyCache
+    - IoAllocateMdl
+    - IoFreeMdl
+    - IoGetCurrentProcess
+    - ObfReferenceObject
+    - ObfDereferenceObject
+    - ZwClose
+    - ZwCreateSection
+    - ZwOpenSection
+    - ZwMapViewOfSection
+    - ZwUnmapViewOfSection
+    - ZwOpenEvent
+    - KePulseEvent
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - ObOpenObjectByPointer
+    - ZwAllocateVirtualMemory
+    - ZwFreeVirtualMemory
+    - ZwSetEvent
+    - __C_specific_handler
+    - PsProcessType
+    - wcslen
+    - wcsncpy
+    - wcsrchr
+    - RtlUnicodeStringToInteger
+    - ZwWaitForSingleObject
+    - ZwRequestWaitReplyPort
+    - ZwConnectPort
+    - _stricmp
+    - ExAllocatePoolWithTag
+    - MmIsAddressValid
+    - RtlImageNtHeader
+    - ZwQuerySystemInformation
+    - SeCaptureSubjectContext
+    - SeReleaseSubjectContext
+    - SeAccessCheck
+    - ObGetObjectSecurity
+    - ObReleaseObjectSecurity
+    - PsGetProcessExitTime
+    - PsThreadType
+    - MmSectionObjectType
+    - RtlCreateSecurityDescriptor
+    - RtlSetDaclSecurityDescriptor
+    - KeInitializeSemaphore
+    - KeReleaseSemaphore
+    - ExAcquireFastMutex
+    - ExReleaseFastMutex
+    - RtlCreateAcl
+    - RtlAddAccessAllowedAce
+    - RtlLengthRequiredSid
+    - RtlInitializeSid
+    - RtlSubAuthoritySid
+    - KeDelayExecutionThread
+    - ExGetPreviousMode
+    - DbgPrint
+    - swprintf
+    - RtlCopyUnicodeString
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - ObReferenceObjectByHandle
+    - PsGetCurrentProcessId
+    - ZwCreateEvent
+    - ExEventObjectType
+    - _wcsnicmp
+    - PsSetCreateProcessNotifyRoutine
+    - ZwQueryInformationProcess
+    - PsLookupProcessByProcessId
+    - ZwOpenDirectoryObject
+    - ExInitializeResourceLite
+    - ExDeleteResourceLite
+    - ZwCreateFile
+    - ZwQueryInformationFile
+    - ZwSetInformationFile
+    - ZwReadFile
+    - ZwWriteFile
+    - towupper
+    - MmGetSystemRoutineAddress
+    - ObReferenceObjectByPointer
+    - PsGetCurrentThreadId
+    - ObQueryNameString
+    - PsGetVersion
+    - _snprintf
+    - _vsnprintf
+    - RtlInitAnsiString
+    - wcscat
+    - RtlFreeUnicodeString
+    - RtlTimeToTimeFields
+    - KeWaitForMultipleObjects
+    - ExSystemTimeToLocalTime
+    - ZwCreateKey
+    - ZwDeviceIoControlFile
+    - ZwNotifyChangeKey
+    - ZwOpenFile
+    - ZwQueryVolumeInformationFile
+    - mbstowcs
+    - IoGetDeviceObjectPointer
+    - IoBuildDeviceIoControlRequest
+    - IofCallDriver
+    - IoCreateFile
+    - RtlEqualUnicodeString
+    - RtlAppendUnicodeStringToString
+    - RtlUpcaseUnicodeChar
+    - _snwprintf
+    - strlen
+    - _strnicmp
+    - strncpy
+    - NtOpenProcess
+    - NtQueryInformationProcess
+    - ObOpenObjectByName
+    - KeSetPriorityThread
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - KeNumberProcessors
+    - RtlLengthSecurityDescriptor
+    - ZwOpenKey
+    - ZwDeleteKey
+    - ZwDeleteValueKey
+    - ZwEnumerateKey
+    - ZwEnumerateValueKey
+    - ZwQueryKey
+    - ZwQueryValueKey
+    - ZwSetValueKey
+    - ZwTerminateProcess
+    - ZwOpenProcess
+    - ZwDuplicateObject
+    - ZwQuerySecurityObject
+    - ZwSetSecurityObject
+    - ZwQueryDirectoryObject
+    - ZwQueryDirectoryFile
+    - NtCreateFile
+    - NtQueryInformationFile
+    - NtSetInformationFile
+    - IoFileObjectType
+    - ObInsertObject
+    - wcschr
+    - wcsncmp
+    - RtlQueryRegistryValues
+    - RtlAppendUnicodeToString
+    - RtlCompareMemory
+    - MmBuildMdlForNonPagedPool
+    - IoAllocateIrp
+    - IoFreeIrp
+    - ZwOpenSymbolicLinkObject
+    - ZwQuerySymbolicLinkObject
+    - RtlUpcaseUnicodeString
+    - NtClose
+    - ZwSetInformationObject
+    - SeQueryAuthenticationIdToken
+    - MmSystemRangeStart
+    - IoGetFileObjectGenericMapping
+    - ObCreateObject
+    - SeCreateAccessState
+    - IoAcquireVpbSpinLock
+    - IoReleaseVpbSpinLock
+    - wcstombs
+    - strncat
+    - wcsncat
+    - RtlUnicodeStringToAnsiString
+    - RtlFreeAnsiString
+    - strcpy
+    - wcsstr
+    - RtlCompareUnicodeString
+    - DbgPrintEx
+    - KeAcquireSpinLockRaiseToDpc
+    - KeReleaseSpinLock
+    - ExAllocatePool
+    - ExpInterlockedPopEntrySList
+    - IoBuildSynchronousFsdRequest
+    - IoGetStackLimits
+    - IoGetDeviceInterfaces
+    - IoRegisterPlugPlayNotification
+    - IoUnregisterPlugPlayNotification
+    - IoGetConfigurationInformation
+    - FsRtlIsNameInExpression
+    - IoDeviceObjectType
+    - IoCreateDevice
+    - RtlGetOwnerSecurityDescriptor
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetSaclSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - RtlLengthSid
+    - SeExports
+    - IoIsWdmVersionAvailable
+    - RtlAbsoluteToSelfRelativeSD
+    - RtlAnsiStringToUnicodeString
+    - _purecall
+    - KeBugCheckEx
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=TW, ST=Taiwan, L=Taipei, O=Trend Micro, Inc., CN=Trend Micro,
+                Inc.
+            ValidFrom: '2017-04-27 00:00:00'
+            ValidTo: '2018-07-16 23:59:59'
+            Signature: f3b20c020c826fd9e2629408ffc97c9e245959d1050c9ce7708069d366d26af191812e16fce674eaca0d8f05b2a796280831737299800d2bfe0071efecf655117b7952a4d7c0701b97de034a1d42e928fd1a2082b081f9d22e9d39af3233cf05c1e61ae1f8fbfec872e78d9a0b29b4f147f1a053d1757a824601df2bb07c75c591fe7efbaf0021764b90cd446f85f80d14bc2cd42c83edfa7d2510f8f94c82d1b3ea999b1cff9093291977c7e996dc32904d3934f167077684ff76aa5327654a0bd7223d9d67657b47c5b46012dca6723d89e7fa051b3380d0c4977b9df537e75da3186ab149b27c089715a01bd695f408f7ded66bfbe920d27a6f6a7d4cc8b3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 497c4fad471540e6e453d0cafb155740
+            Version: 3
+            TBS:
+                MD5: 78eaa337666217b1c16a9a0ebd0b8434
+                SHA1: ff9cb835e78f6185eed4372096c3bae53b17d18d
+                SHA256: 1c0d9746725e176b4a7c2852878f14d7587f58e65d346bc1247f1c8ee6374250
+                SHA384: ffe3c75b860679a5de399c7d2c2844dbfac51d5d8581e24648d208daba1e4bed5c867808e02dc8d7cb3df1d4b2b53d10
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 497c4fad471540e6e453d0cafb155740
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 9700ee6a34ba2b25ddc817d1a0743be8
+        SHA1: 80283ee3a81f182a56da60791555c7a5ac734e1c
+        SHA256: 7f352214a0d86b5a789492b8c5d18b8bb5fe7ec7145b883dbf27d6f1bc31a950
+    Sections:
+        .text:
+            Entropy: 5.8822700666798164
+            Virtual Size: '0x524a5'
+        .rdata:
+            Entropy: 3.449251383676487
+            Virtual Size: '0x613c'
+        .data:
+            Entropy: 4.67387466557381
+            Virtual Size: '0x3374'
+        .pdata:
+            Entropy: 5.5605287206429175
+            Virtual Size: '0x3aa4'
+        .gfids:
+            Entropy: 2.0
+            Virtual Size: '0x4'
+        PAGE:
+            Entropy: 6.3105687250220335
+            Virtual Size: '0x1ae4'
+        .edata:
+            Entropy: 5.838691747338806
+            Virtual Size: '0x5834'
+        INIT:
+            Entropy: 5.344290242092717
+            Virtual Size: '0x18a6'
+        .rsrc:
+            Entropy: 3.381417586542839
+            Virtual Size: '0x568'
+        .reloc:
+            Entropy: 5.319305863516213
+            Virtual Size: '0x4c8'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2017-10-02 04:43:25'
+    Imphash: 234f0978e7f2aa0beb9501ff53d94e5b
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: TmComm.sys
+    MD5: f33c3f08536f988aac84d72d83b139a6
+    SHA1: 07f60b2b0e56cb15aad3ca8a96d9fe3a91491329
+    SHA256: 89108a15f009b285db4ef94250b889d5b11b96b4aa7b190784a6d1396e893e10
+    Authentihash:
+        MD5: 9c5ecf2cf0ba2a3297f9677d514c2a39
+        SHA1: 01df70bdb08dda678118d4449b6171fe387b5d0c
+        SHA256: 35a7be9b0cde8c3d409a472a320541df070d7af6008e6458a05947f2591da9b5
+    Description: TrendMicro Common Module
+    Company: Trend Micro Inc.
+    InternalName: TmComm.sys
+    OriginalFilename: TmComm.sys
+    FileVersion: 5.50.0.1070
+    Product: Trend Micro Eyes
+    ProductVersion: '5.50'
+    Copyright: Copyright (C) 2002 - 2012 Trend Micro Incorporated. All rights reserved.
+    MachineType: I386
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    - CLASSPNP.SYS
+    ExportedFunctions:
+    - ??0CAutoUpdateConfigThread@@QAE@ABV0@@Z
+    - ??0CAutoUpdateConfigThread@@QAE@PAU_UNICODE_STRING@@P6GX0PAX@Z1@Z
+    - ??0CBlobConfig@@QAE@ABV0@@Z
+    - ??0CBlobConfig@@QAE@K@Z
+    - ??0CContext@@QAE@ABV0@@Z
+    - ??0CContext@@QAE@KP6GJPAU_EVENT_REPORT@@PAXPAU_TMCE_REPORT@@PAU_TMCE_FEEDBACK@@@Z1K@Z
+    - ??0CContextList@@QAE@ABV0@@Z
+    - ??0CContextList@@QAE@KPAVIMemoryAllocator@@@Z
+    - ??0CDebugLog@@QAE@ABV0@@Z
+    - ??0CDebugLog@@QAE@PBG@Z
+    - ??0CDelayLoadThread@@QAE@ABV0@@Z
+    - ??0CDelayLoadThread@@QAE@XZ
+    - ??0CExclusionExtConfig@@QAE@ABV0@@Z
+    - ??0CExclusionExtConfig@@QAE@KKE@Z
+    - ??0CExclusionFileNameConfig@@QAE@ABV0@@Z
+    - ??0CExclusionFileNameConfig@@QAE@KK@Z
+    - ??0CExclusionFilePathConfig@@QAE@ABV0@@Z
+    - ??0CExclusionFilePathConfig@@QAE@KK@Z
+    - ??0CExclusionFolderConfig@@QAE@ABV0@@Z
+    - ??0CExclusionFolderConfig@@QAE@KK@Z
+    - ??0CExclusionRegistryConfig@@QAE@ABV0@@Z
+    - ??0CExclusionRegistryConfig@@QAE@KK@Z
+    - ??0CFile@@QAE@ABV0@@Z
+    - ??0CFile@@QAE@E@Z
+    - ??0CFileExtension@@QAE@ABV0@@Z
+    - ??0CFileExtension@@QAE@KEEPAVIMemoryAllocator@@@Z
+    - ??0CInclusionExtConfig@@QAE@ABV0@@Z
+    - ??0CInclusionExtConfig@@QAE@KKE@Z
+    - ??0CInclusionFileNameConfig@@QAE@ABV0@@Z
+    - ??0CInclusionFileNameConfig@@QAE@KK@Z
+    - ??0CInclusionFilePathConfig@@QAE@ABV0@@Z
+    - ??0CInclusionFilePathConfig@@QAE@KK@Z
+    - ??0CInclusionFolderConfig@@QAE@ABV0@@Z
+    - ??0CInclusionFolderConfig@@QAE@KK@Z
+    - ??0CKEvent@@QAE@ABV0@@Z
+    - ??0CKEvent@@QAE@W4_EVENT_TYPE@@E@Z
+    - ??0CList@@QAE@ABV0@@Z
+    - ??0CList@@QAE@KPAVIMemoryAllocator@@@Z
+    - ??0CLockEvent@@QAE@ABV0@@Z
+    - ??0CLockEvent@@QAE@XZ
+    - ??0CLockList@@QAE@ABV0@@Z
+    - ??0CLockList@@QAE@KKPAVIMemoryAllocator@@@Z
+    - ??0CMemoryAllocator@@IAE@W4_POOL_TYPE@@K@Z
+    - ??0CMemoryAllocator@@QAE@ABV0@@Z
+    - ??0CMemoryPoolAllocator@@IAE@W4_POOL_TYPE@@KKK@Z
+    - ??0CMemoryPoolAllocator@@QAE@ABV0@@Z
+    - ??0CModuleConfig@@QAE@ABV0@@Z
+    - ??0CModuleConfig@@QAE@XZ
+    - ??0CModuleConfigList@@QAE@ABV0@@Z
+    - ??0CModuleConfigList@@QAE@KPAVIMemoryAllocator@@@Z
+    - ??0CModuleFileExtConfig@@QAE@ABV0@@Z
+    - ??0CModuleFileExtConfig@@QAE@KKE@Z
+    - ??0CModuleFlagConfig@@QAE@ABV0@@Z
+    - ??0CModuleFlagConfig@@QAE@K@Z
+    - ??0CModuleMultiStringConfig@@QAE@ABV0@@Z
+    - ??0CModuleMultiStringConfig@@QAE@KK@Z
+    - ??0CModuleStringConfig@@QAE@ABV0@@Z
+    - ??0CModuleStringConfig@@QAE@K@Z
+    - ??0CNoLockList@@QAE@ABV0@@Z
+    - ??0CNoLockList@@QAE@KKPAVIMemoryAllocator@@@Z
+    - ??0CSmartLock@@QAE@AAVCLockEvent@@@Z
+    - ??0CSmartLock@@QAE@XZ
+    - ??0CSmartReference@@QAE@AAJ@Z
+    - ??0CSmartReference@@QAE@AAK@Z
+    - ??0CSmartResource@@QAE@AAVCResource@@E@Z
+    - ??0CStrList@@QAE@ABV0@@Z
+    - ??0CStrList@@QAE@KPAVIMemoryAllocator@@@Z
+    - ??0CSystemThread@@QAE@ABV0@@Z
+    - ??0CSystemThread@@QAE@K@Z
+    - ??0CUserFuncAdapterJob@@QAE@ABV0@@Z
+    - ??0CUserFuncAdapterJob@@QAE@P6GXPAX@Z0@Z
+    - ??0CWorkerThread@@IAE@PAVCWorkerThreadJobQueue@@@Z
+    - ??0CWorkerThread@@QAE@ABV0@@Z
+    - ??0CWorkerThreadJob@@QAE@ABV0@@Z
+    - ??0CWorkerThreadJob@@QAE@E@Z
+    - ??0CWorkerThreadJobQueue@@QAE@ABV0@@Z
+    - ??0CWorkerThreadJobQueue@@QAE@K@Z
+    - ??0CWorkerThreadPool@@QAE@ABV0@@Z
+    - ??0CWorkerThreadPool@@QAE@K@Z
+    - ??0IMemoryAllocator@@QAE@ABV0@@Z
+    - ??0IMemoryAllocator@@QAE@XZ
+    - ??1CAutoUpdateConfigThread@@UAE@XZ
+    - ??1CBlobConfig@@UAE@XZ
+    - ??1CContext@@UAE@XZ
+    - ??1CContextList@@UAE@XZ
+    - ??1CDebugLog@@UAE@XZ
+    - ??1CDelayLoadThread@@UAE@XZ
+    - ??1CExclusionExtConfig@@UAE@XZ
+    - ??1CExclusionFileNameConfig@@UAE@XZ
+    - ??1CExclusionFilePathConfig@@UAE@XZ
+    - ??1CExclusionFolderConfig@@UAE@XZ
+    - ??1CExclusionRegistryConfig@@UAE@XZ
+    - ??1CFile@@UAE@XZ
+    - ??1CFileExtension@@UAE@XZ
+    - ??1CInclusionExtConfig@@UAE@XZ
+    - ??1CInclusionFileNameConfig@@UAE@XZ
+    - ??1CInclusionFilePathConfig@@UAE@XZ
+    - ??1CInclusionFolderConfig@@UAE@XZ
+    - ??1CKEvent@@UAE@XZ
+    - ??1CList@@UAE@XZ
+    - ??1CLockEvent@@UAE@XZ
+    - ??1CLockList@@UAE@XZ
+    - ??1CMemoryAllocator@@UAE@XZ
+    - ??1CMemoryPoolAllocator@@UAE@XZ
+    - ??1CModuleConfig@@UAE@XZ
+    - ??1CModuleConfigList@@UAE@XZ
+    - ??1CModuleFileExtConfig@@UAE@XZ
+    - ??1CModuleFlagConfig@@UAE@XZ
+    - ??1CModuleMultiStringConfig@@UAE@XZ
+    - ??1CModuleStringConfig@@UAE@XZ
+    - ??1CNoLockList@@UAE@XZ
+    - ??1CSmartLock@@QAE@XZ
+    - ??1CSmartReference@@QAE@XZ
+    - ??1CSmartResource@@QAE@XZ
+    - ??1CStrList@@UAE@XZ
+    - ??1CSystemThread@@UAE@XZ
+    - ??1CUserFuncAdapterJob@@UAE@XZ
+    - ??1CWorkerThread@@UAE@XZ
+    - ??1CWorkerThreadJob@@UAE@XZ
+    - ??1CWorkerThreadJobQueue@@UAE@XZ
+    - ??1CWorkerThreadPool@@UAE@XZ
+    - ??1IMemoryAllocator@@UAE@XZ
+    - ??2@YAPAXIPAVIMemoryAllocator@@PBDK@Z
+    - ??2CMemoryAllocator@@SGPAXI@Z
+    - ??2CMemoryPoolAllocator@@SGPAXI@Z
+    - ??3@YAXPAX@Z
+    - ??3IMemoryAllocator@@SGXPAX@Z
+    - ??4CAutoUpdateConfigThread@@QAEAAV0@ABV0@@Z
+    - ??4CBlobConfig@@QAEAAV0@ABV0@@Z
+    - ??4CContext@@QAEAAV0@ABV0@@Z
+    - ??4CDebugLog@@QAEAAV0@ABV0@@Z
+    - ??4CDelayLoadThread@@QAEAAV0@ABV0@@Z
+    - ??4CFile@@QAEAAV0@ABV0@@Z
+    - ??4CKEvent@@QAEAAV0@ABV0@@Z
+    - ??4CLockEvent@@QAEAAV0@ABV0@@Z
+    - ??4CMemoryAllocator@@QAEAAV0@ABV0@@Z
+    - ??4CMemoryPoolAllocator@@QAEAAV0@ABV0@@Z
+    - ??4CModuleConfig@@QAEAAV0@ABV0@@Z
+    - ??4CModuleFlagConfig@@QAEAAV0@ABV0@@Z
+    - ??4CModuleStringConfig@@QAEAAV0@ABV0@@Z
+    - ??4CSmartLock@@QAEAAV0@ABV0@@Z
+    - ??4CSmartLock@@QAEABV0@AAVCLockEvent@@@Z
+    - ??4CSmartResource@@QAEAAV0@ABV0@@Z
+    - ??4CSystemThread@@QAEAAV0@ABV0@@Z
+    - ??4CUserFuncAdapterJob@@QAEAAV0@ABV0@@Z
+    - ??4CWorkerThread@@QAEAAV0@ABV0@@Z
+    - ??4CWorkerThreadJob@@QAEAAV0@ABV0@@Z
+    - ??4IMemoryAllocator@@QAEAAV0@ABV0@@Z
+    - ??_7CAutoUpdateConfigThread@@6B@
+    - ??_7CBlobConfig@@6B@
+    - ??_7CContext@@6B@
+    - ??_7CContextList@@6B@
+    - ??_7CDebugLog@@6B@
+    - ??_7CDelayLoadThread@@6B@
+    - ??_7CExclusionExtConfig@@6B@
+    - ??_7CExclusionFileNameConfig@@6B@
+    - ??_7CExclusionFilePathConfig@@6B@
+    - ??_7CExclusionFolderConfig@@6B@
+    - ??_7CExclusionRegistryConfig@@6B@
+    - ??_7CFile@@6B@
+    - ??_7CFileExtension@@6B@
+    - ??_7CInclusionExtConfig@@6B@
+    - ??_7CInclusionFileNameConfig@@6B@
+    - ??_7CInclusionFilePathConfig@@6B@
+    - ??_7CInclusionFolderConfig@@6B@
+    - ??_7CKEvent@@6B@
+    - ??_7CList@@6B@
+    - ??_7CLockEvent@@6B@
+    - ??_7CLockList@@6B@
+    - ??_7CMemoryAllocator@@6B@
+    - ??_7CMemoryPoolAllocator@@6B@
+    - ??_7CModuleConfig@@6B@
+    - ??_7CModuleConfigList@@6B@
+    - ??_7CModuleFileExtConfig@@6B@
+    - ??_7CModuleFlagConfig@@6B@
+    - ??_7CModuleMultiStringConfig@@6B@
+    - ??_7CModuleStringConfig@@6B@
+    - ??_7CNoLockList@@6B@
+    - ??_7CStrList@@6B@
+    - ??_7CSystemThread@@6B@
+    - ??_7CUserFuncAdapterJob@@6B@
+    - ??_7CWorkerThread@@6B@
+    - ??_7CWorkerThreadJob@@6B@
+    - ??_7CWorkerThreadJobQueue@@6B@
+    - ??_7CWorkerThreadPool@@6B@
+    - ??_7IMemoryAllocator@@6B@
+    - ??_FCContextList@@QAEXXZ
+    - ??_FCFile@@QAEXXZ
+    - ??_FCFileExtension@@QAEXXZ
+    - ??_FCModuleConfigList@@QAEXXZ
+    - ??_FCStrList@@QAEXXZ
+    - ??_FCSystemThread@@QAEXXZ
+    - ??_FCWorkerThread@@QAEXXZ
+    - ??_FCWorkerThreadJob@@QAEXXZ
+    - ??_FCWorkerThreadJobQueue@@QAEXXZ
+    - ??_U@YAPAXIPAVIMemoryAllocator@@PBDK@Z
+    - ??_V@YAXPAX@Z
+    - ?Acquire@CLockEvent@@QAEXXZ
+    - ?Add@CContextList@@QAEEPAVCContext@@@Z
+    - ?Add@CFileExtension@@QAEEPBGK@Z
+    - ?Add@CModuleConfigList@@QAEEPAVCModuleConfig@@@Z
+    - ?Add@CStrList@@QAEEPBG@Z
+    - ?AddNode@CLockList@@UAEEQAXE@Z
+    - ?AddNode@CNoLockList@@UAEEQAXE@Z
+    - ?Alloc@CMemoryAllocator@@UAEPAXKPBDK@Z
+    - ?Alloc@CMemoryPoolAllocator@@UAEPAXKPBDK@Z
+    - ?AllocBlock@CMemoryPoolAllocator@@IAEPAXK@Z
+    - ?AttachJobQueue@CWorkerThread@@QAEXPAVCWorkerThreadJobQueue@@@Z
+    - ?Cancel@CWorkerThreadJob@@QAEXXZ
+    - ?CheckNode@CLockList@@UAEHQAX@Z
+    - ?CheckNode@CNoLockList@@UAEHQAX@Z
+    - ?CleanQueue@CWorkerThreadJobQueue@@QAEXXZ
+    - ?Cleanup@CBlobConfig@@AAEXXZ
+    - ?Cleanup@CModuleFileExtConfig@@IAEXXZ
+    - ?Cleanup@CModuleMultiStringConfig@@IAEXXZ
+    - ?Cleanup@CModuleStringConfig@@AAEXXZ
+    - ?Close@CFile@@QAEJXZ
+    - ?Count@CLockList@@QAEKXZ
+    - ?Count@CNoLockList@@QAEKXZ
+    - ?Create@CFile@@QAEJPBGKKKK@Z
+    - ?Create@CSystemThread@@QAEEXZ
+    - ?CreateInstance@CMemoryAllocator@@SGPAV1@W4_POOL_TYPE@@K@Z
+    - ?CreateInstance@CMemoryPoolAllocator@@SGPAV1@W4_POOL_TYPE@@KKK@Z
+    - ?CreatePool@CWorkerThreadPool@@QAEEXZ
+    - ?CreateThreads@CWorkerThreadPool@@QAEEK@Z
+    - ?CreateWIRP@CFile@@QAEJPBGKKKK@Z
+    - ?Delete@CFile@@QAEJXZ
+    - ?Delete@CFileExtension@@QAEEPBGK@Z
+    - ?Delete@CStrList@@QAEEPBG@Z
+    - ?DeleteAll@CList@@UAEXXZ
+    - ?DeleteAll@CLockList@@UAEXXZ
+    - ?DeleteAll@CNoLockList@@UAEXXZ
+    - ?DeleteNode@CContextList@@MAEXPAX@Z
+    - ?DeleteNode@CList@@UAEXPAX@Z
+    - ?DeleteNode@CModuleConfigList@@MAEXPAX@Z
+    - ?DeleteNode@CStrList@@EAEXPAU_STR_LIST_NODE@1@@Z
+    - ?DisableWriteProtectFromCR0@@YGXPAPAX@Z
+    - ?DoIt@CWorkerThreadJob@@QAEJXZ
+    - ?EntryPoint@CSystemThread@@KGXPAX@Z
+    - ?Find@CContextList@@QAEPAVCContext@@K@Z
+    - ?Find@CContextList@@QAEPAVCContext@@PAX@Z
+    - ?Find@CFileExtension@@QAEPAU_STR_LIST_NODE@CStrList@@PBGK@Z
+    - ?Find@CModuleConfigList@@QAEPAVCModuleConfig@@K@Z
+    - ?Find@CStrList@@QAEPAU_STR_LIST_NODE@1@PBG@Z
+    - ?FindNode@CContextList@@IAEPAXPAX@Z
+    - ?FindPartiallyAndAllMatch@CStrList@@QAEPAU_STR_LIST_NODE@1@PBG@Z
+    - ?First@CList@@UAEPAXXZ
+    - ?First@CLockList@@UAEPAXXZ
+    - ?First@CNoLockList@@UAEPAXXZ
+    - ?Free@CMemoryAllocator@@UAEXPAX@Z
+    - ?Free@CMemoryPoolAllocator@@UAEXPAX@Z
+    - ?GetAttributes@CFile@@QAEKXZ
+    - ?GetBasicInfomration@CFile@@IAEJXZ
+    - ?GetBlobCofig@CContext@@UAEJKPAXPAK@Z
+    - ?GetCategory@CContext@@QAEKXZ
+    - ?GetData@CBlobConfig@@QAEHPAXPAK@Z
+    - ?GetData@CModuleFileExtConfig@@QAEHPAGPAK@Z
+    - ?GetData@CModuleFileExtConfig@@QAEPAVCFileExtension@@XZ
+    - ?GetData@CModuleFlagConfig@@QAEKXZ
+    - ?GetData@CModuleMultiStringConfig@@QAEHPAGPAK@Z
+    - ?GetData@CModuleMultiStringConfig@@QAEPAVCStrList@@XZ
+    - ?GetData@CModuleStringConfig@@QAEPAGXZ
+    - ?GetData@CStrList@@QAEEPAGPAK@Z
+    - ?GetDataType@CModuleConfig@@QAEKXZ
+    - ?GetEngineContext@CContext@@QAEPAXXZ
+    - ?GetFileExtensionConfig@CContext@@QAEPAVCFileExtension@@K@Z
+    - ?GetFileExtensionConfig@CContext@@UAEJKPAGPAK@Z
+    - ?GetFileSize@CFile@@QAEJPAT_LARGE_INTEGER@@@Z
+    - ?GetFlagConfig@CContext@@UAEJKPAK@Z
+    - ?GetID@CModuleConfig@@QAEKXZ
+    - ?GetJob@CWorkerThreadJobQueue@@QAEPAVCWorkerThreadJob@@XZ
+    - ?GetLength@CModuleStringConfig@@QAEKXZ
+    - ?GetLinkContext@CContext@@QAEPAXXZ
+    - ?GetLogFlag@CDebugLog@@QAEKXZ
+    - ?GetModuleId@CModuleConfig@@QAEKXZ
+    - ?GetMultiStringConfig@CContext@@QAEPAVCStrList@@K@Z
+    - ?GetMultiStringConfig@CContext@@UAEJKPAGPAK@Z
+    - ?GetOneThreadTEB@CWorkerThreadPool@@QAEPAU_ETHREAD@@XZ
+    - ?GetReportCallBackRoutine@CContext@@QAEKXZ
+    - ?GetSize@CBlobConfig@@QAEKXZ
+    - ?GetStringConfig@CContext@@QAEPAGK@Z
+    - ?GetStringConfig@CContext@@UAEJKPAGPAK@Z
+    - ?GetThreadCount@CWorkerThreadPool@@QAEKXZ
+    - ?GetThreadID@CSystemThread@@QAEKXZ
+    - ?GetType@CContext@@QAEKXZ
+    - ?GetUserParameter@CContext@@QAEKXZ
+    - ?InitializeBlobConfig@CContext@@QAEHKPAXK@Z
+    - ?InitializeFileExtensionConfig@CContext@@QAEHKPBG@Z
+    - ?InitializeFlagConfig@CContext@@QAEHKK@Z
+    - ?InitializeMultiStringConfig@CContext@@QAEHKPBG@Z
+    - ?InitializeStringConfig@CContext@@QAEHKPBG@Z
+    - ?Insert@CList@@UAEXQAXE@Z
+    - ?Insert@CLockList@@UAEXQAXE@Z
+    - ?Insert@CNoLockList@@UAEXQAXE@Z
+    - ?InsertAfter@CList@@UAEXPAX0@Z
+    - ?InsertBefore@CList@@UAEXPAX0@Z
+    - ?Instance@CWorkerThreadPool@@SGPAV1@XZ
+    - ?IsEmpty@CList@@UAEEXZ
+    - ?IsEmpty@CLockList@@UAEEXZ
+    - ?IsEmpty@CNoLockList@@UAEEXZ
+    - ?IsExceedLimitation@CMemoryPoolAllocator@@IAEEK@Z
+    - ?IsFull@CLockList@@QBEEXZ
+    - ?IsFull@CNoLockList@@QBEEXZ
+    - ?IsInExclusionList@CExclusionExtConfig@@QAEEPBG@Z
+    - ?IsInExclusionList@CExclusionFileNameConfig@@QAEEPBG@Z
+    - ?IsInExclusionList@CExclusionFilePathConfig@@QAEEPBG@Z
+    - ?IsInExclusionList@CExclusionFolderConfig@@QAEEPBG@Z
+    - ?IsInExclusionList@CExclusionRegistryConfig@@QAEEPBG@Z
+    - ?IsInInclusionList@CInclusionExtConfig@@QAEEPBG@Z
+    - ?IsInInclusionList@CInclusionFileNameConfig@@QAEEPBG@Z
+    - ?IsInInclusionList@CInclusionFilePathConfig@@QAEEPBG@Z
+    - ?IsInInclusionList@CInclusionFolderConfig@@QAEEPBG@Z
+    - ?IsOpened@CFile@@QAEEXZ
+    - ?IsTerminated@CWorkerThreadPool@@QAEEXZ
+    - ?IsValid@CMemoryAllocator@@UAEEXZ
+    - ?IsValid@CMemoryPoolAllocator@@UAEEXZ
+    - ?IsValid@IMemoryAllocator@@UAEEXZ
+    - ?IsWorkerThread@CWorkerThreadPool@@QAEEK@Z
+    - ?JobFunction@CUserFuncAdapterJob@@MAEXXZ
+    - ?JobQueue@CWorkerThreadPool@@QAEAAVCWorkerThreadJobQueue@@XZ
+    - ?Limit@CLockList@@QAEKXZ
+    - ?Limit@CNoLockList@@QAEKXZ
+    - ?MatchAllExtensions@CFileExtension@@QAEEXZ
+    - ?MatchNoExtensions@CFileExtension@@QAEEXZ
+    - ?MergeLeft@CMemoryPoolAllocator@@IAEPAXPAX@Z
+    - ?MergeRight@CMemoryPoolAllocator@@IAEPAXPAX@Z
+    - ?NeedDelete@CWorkerThreadJob@@QAEEXZ
+    - ?NeedDeleteWhenFinish@CWorkerThreadJob@@QAEXE@Z
+    - ?NewNode@CList@@UAEPAXXZ
+    - ?NewNode@CStrList@@EAEPAXXZ
+    - ?NewNodeVariant@CList@@IAEPAXK@Z
+    - ?Next@CList@@UBEPAXQAX@Z
+    - ?Next@CLockList@@UBEPAXQAX@Z
+    - ?Next@CNoLockList@@UBEPAXQAX@Z
+    - ?NextPool@CMemoryPoolAllocator@@QAEPAV1@XZ
+    - ?NotityTerminate@CWorkerThread@@QAEXXZ
+    - ?PostJobToWorkerThread@CWorkerThreadPool@@QAEJP6GXPAX@Z0E@Z
+    - ?Pulse@CKEvent@@QAEJJE@Z
+    - ?QueueJob@CWorkerThreadJobQueue@@QAEEPAVCWorkerThreadJob@@@Z
+    - ?QueueJobItem@CWorkerThreadPool@@QAEJPAVCWorkerThreadJob@@@Z
+    - ?RCMInstance@CWorkerThreadPool@@SGPAV1@XZ
+    - ?Read@CFile@@QAEJPADKPAK@Z
+    - ?ReferenceCount@CContext@@QAEAAKXZ
+    - ?Release@CLockEvent@@QAEXXZ
+    - ?Remove@CContextList@@UAEEQAX@Z
+    - ?Remove@CList@@UAEEQAX@Z
+    - ?Remove@CLockList@@UAEEQAX@Z
+    - ?Remove@CNoLockList@@UAEEQAX@Z
+    - ?RemoveHead@CList@@UAEPAXXZ
+    - ?RemoveHead@CLockList@@UAEPAXXZ
+    - ?RemoveHead@CNoLockList@@UAEPAXXZ
+    - ?RemoveTail@CList@@UAEPAXXZ
+    - ?RemoveTail@CLockList@@UAEPAXXZ
+    - ?RemoveTail@CNoLockList@@UAEPAXXZ
+    - ?Reset@CKEvent@@QAEXXZ
+    - ?ResetData@CInclusionExtConfig@@QAEXXZ
+    - ?ResetData@CInclusionFileNameConfig@@QAEXXZ
+    - ?ResetData@CInclusionFilePathConfig@@QAEXXZ
+    - ?ResetData@CInclusionFolderConfig@@QAEXXZ
+    - ?RestoreCR0@@YGXPAX@Z
+    - ?Run@CAutoUpdateConfigThread@@UAEXXZ
+    - ?Run@CDelayLoadThread@@UAEXXZ
+    - ?Run@CWorkerThread@@UAEXXZ
+    - ?SeekToEnd@CFile@@QAEJXZ
+    - ?Set@CKEvent@@QAEJJE@Z
+    - ?SetAttributes@CFile@@QAEJK@Z
+    - ?SetBlobCofig@CContext@@UAEJKPAXK@Z
+    - ?SetData@CBlobConfig@@QAEHPAXK@Z
+    - ?SetData@CModuleFileExtConfig@@QAEHPBG@Z
+    - ?SetData@CModuleFlagConfig@@QAEHK@Z
+    - ?SetData@CModuleMultiStringConfig@@QAEHPBGK@Z
+    - ?SetData@CModuleStringConfig@@QAEHPBG@Z
+    - ?SetEngineContext@CContext@@QAEXPAX@Z
+    - ?SetFileExtensionConfig@CContext@@UAEJKPBG@Z
+    - ?SetFlagConfig@CContext@@UAEJKK@Z
+    - ?SetLinkContext@CContext@@QAEXPAX@Z
+    - ?SetLogFlag@CDebugLog@@QAEEK@Z
+    - ?SetMatchAllExtensions@CFileExtension@@QAEXE@Z
+    - ?SetMatchNoExtensions@CFileExtension@@QAEXE@Z
+    - ?SetMultiStringConfig@CContext@@UAEJKPBG@Z
+    - ?SetNewJobItemEvent@CWorkerThreadJobQueue@@QAEXXZ
+    - ?SetPriority@CSystemThread@@QAEXK@Z
+    - ?SetStopUse@CContext@@QAEXXZ
+    - ?SetStringConfig@CContext@@UAEJKPBG@Z
+    - ?Setup@CSystemThread@@MAEXXZ
+    - ?StopUse@CContext@@QAEHXZ
+    - ?TearDown@CSystemThread@@MAEXXZ
+    - ?Terminate@CSystemThread@@QAEXE@Z
+    - ?Terminate@CWorkerThreadPool@@QAEEXZ
+    - ?TmExceptionFilter@@YGJPAU_EXCEPTION_POINTERS@@@Z
+    - ?Wait@CKEvent@@QAEJPAT_LARGE_INTEGER@@E@Z
+    - ?WaitFinish@CWorkerThreadJob@@QAEXXZ
+    - ?WaitForInit@CDelayLoadThread@@QAEEXZ
+    - ?WaitForLoad@CDelayLoadThread@@QAEEXZ
+    - ?WaitNewJobAvailable@CWorkerThreadJobQueue@@QAEEXZ
+    - ?Write@CDebugLog@@QAAXPBDZZ
+    - ?Write@CFile@@QAEJPADKPAT_LARGE_INTEGER@@PAK@Z
+    - ?WriteSystemInformation@CDebugLog@@QAEXXZ
+    - ?WriteSystemStringInformation@CDebugLog@@IAEXPBG@Z
+    - ?WriteToFile@CDebugLog@@IAEXPADK@Z
+    - ?_pNonPagedAllocator@@3PAVCMemoryAllocator@@A
+    - ?_pPagedAllocator@@3PAVCMemoryAllocator@@A
+    - ?m_lpInstance@CWorkerThreadPool@@1PAV1@A
+    - ?m_lpRCMInstance@CWorkerThreadPool@@1PAV1@A
+    - _DeInitKmLPC@0
+    - _GetModuleInfoByAddress@8
+    - _GetModuleInfoByModuleName@8
+    - _InitKmLPC@0
+    - _KmCallUm@8
+    - _KmCallUmEx@12
+    - _ModGetExportProcAddress@8
+    - _ModLoadDLLToBuffer@4
+    - _ModLoadDLLToBufferWithImageSize@8
+    - _ModLoadModule@8
+    - _ModUnLoadModule@4
+    - _NormalizeFileName@4
+    - _NormalizeFullNtPathToDosName@4
+    - _TmCommConfigRoutine@4
+    - _UtilAddDeviceInDriveTable@4
+    - _UtilCleanFileReadOnly@4
+    - _UtilDeleteFileForce@4
+    - _UtilGetFileObjectForProcessByEPROC@8
+    - _UtilGetFileObjectFromFileName@12
+    - _UtilGetProcessName@12
+    - _UtilGetSystemDirectory@4
+    - _UtilGetSystemDirectoryEx@0
+    - _UtilGetSystemDirectoryLength@0
+    - _UtilGetSystemTime@4
+    - _UtilIoSetFileInfo@24
+    - _UtilIopCreateFileIRP@40
+    - _UtilKeGetLowFileDevice@16
+    - _UtilModuleIATHook@24
+    - _UtilModuleIATUnHook@8
+    - _UtilQueryKeyValue@24
+    - _UtilRemoveDeviceFromDriveTable@4
+    - _UtilVolumeDeviceToDosName@8
+    - _UtilWaitValueChangeToZero@8
+    - _UtilWriteVersionToRegistry@8
+    - _UtilbuildDynamicDiskMappingTable@0
+    - _UtlWriteBinValueKeyToRegistry@16
+    - __UtilDosPathNameToNtPathName@12
+    ImportedFunctions:
+    - wcsrchr
+    - KeSetEvent
+    - KePulseEvent
+    - KeClearEvent
+    - KeInitializeSemaphore
+    - KeWaitForSingleObject
+    - KeReleaseSemaphore
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - RtlSubAuthoritySid
+    - RtlInitializeSid
+    - ExAllocatePoolWithTag
+    - RtlLengthRequiredSid
+    - ExFreePoolWithTag
+    - RtlSetDaclSecurityDescriptor
+    - RtlCreateSecurityDescriptor
+    - RtlAddAccessAllowedAce
+    - RtlCreateAcl
+    - ObfDereferenceObject
+    - ZwSetEvent
+    - ZwClose
+    - ZwRequestWaitReplyPort
+    - ProbeForWrite
+    - ZwFreeVirtualMemory
+    - ZwAllocateVirtualMemory
+    - ObOpenObjectByPointer
+    - PsProcessType
+    - memmove
+    - ZwConnectPort
+    - RtlInitUnicodeString
+    - RtlUnicodeStringToInteger
+    - ZwCreateSection
+    - ZwWaitForSingleObject
+    - ZwOpenEvent
+    - ObfReferenceObject
+    - IoGetCurrentProcess
+    - DbgBreakPoint
+    - PsGetProcessExitTime
+    - MmSectionObjectType
+    - PsThreadType
+    - DbgPrint
+    - memset
+    - MmIsAddressValid
+    - ExInitializeResourceLite
+    - ExDeleteResourceLite
+    - ZwWriteFile
+    - ZwReadFile
+    - ZwQueryInformationFile
+    - ZwSetInformationFile
+    - ZwCreateFile
+    - swprintf
+    - towupper
+    - _wcsnicmp
+    - KeInitializeEvent
+    - _snprintf
+    - PsGetCurrentProcessId
+    - RtlTimeToTimeFields
+    - ExSystemTimeToLocalTime
+    - KeQuerySystemTime
+    - ZwCreateKey
+    - ZwCreateEvent
+    - KeWaitForMultipleObjects
+    - ObReferenceObjectByHandle
+    - ZwNotifyChangeKey
+    - PsGetCurrentThreadId
+    - _vsnprintf
+    - KeSetPriorityThread
+    - PsTerminateSystemThread
+    - PsCreateSystemThread
+    - KeNumberProcessors
+    - ZwQueryInformationProcess
+    - PsLookupProcessByProcessId
+    - KeDelayExecutionThread
+    - ZwOpenDirectoryObject
+    - PsSetCreateProcessNotifyRoutine
+    - ZwQuerySystemInformation
+    - ZwQueryDirectoryFile
+    - ZwQueryDirectoryObject
+    - ZwDuplicateObject
+    - ZwOpenKey
+    - ZwEnumerateKey
+    - ZwEnumerateValueKey
+    - ZwQueryValueKey
+    - ZwDeleteValueKey
+    - ZwDeleteKey
+    - ExGetPreviousMode
+    - ZwTerminateProcess
+    - ZwOpenProcess
+    - ZwQueryKey
+    - ZwSetValueKey
+    - MmHighestUserAddress
+    - memcpy
+    - IoFreeMdl
+    - MmUnlockPages
+    - IoBuildAsynchronousFsdRequest
+    - _strnicmp
+    - RtlQueryRegistryValues
+    - RtlAppendUnicodeToString
+    - _purecall
+    - ZwQuerySymbolicLinkObject
+    - ZwOpenSymbolicLinkObject
+    - NtClose
+    - ZwSetInformationObject
+    - _stricmp
+    - ZwUnmapViewOfSection
+    - ZwMapViewOfSection
+    - ZwOpenFile
+    - RtlEqualUnicodeString
+    - IoFileObjectType
+    - IoCreateFile
+    - IofCallDriver
+    - IoAllocateIrp
+    - MmBuildMdlForNonPagedPool
+    - IoAllocateMdl
+    - ProbeForRead
+    - PsGetVersion
+    - MmGetSystemRoutineAddress
+    - RtlCopyUnicodeString
+    - RtlCompareMemory
+    - _snwprintf
+    - RtlImageNtHeader
+    - RtlFreeUnicodeString
+    - RtlAnsiStringToUnicodeString
+    - RtlInitAnsiString
+    - strrchr
+    - ZwQueryVolumeInformationFile
+    - ObReferenceObjectByPointer
+    - ObQueryNameString
+    - IoBuildDeviceIoControlRequest
+    - IofCompleteRequest
+    - ExEventObjectType
+    - _allmul
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - IoCreateSymbolicLink
+    - IoGetDeviceObjectPointer
+    - RtlUpperChar
+    - RtlCompareUnicodeString
+    - strncpy
+    - KeServiceDescriptorTable
+    - NtOpenProcess
+    - ObOpenObjectByName
+    - IoDriverObjectType
+    - RtlAppendUnicodeStringToString
+    - strncmp
+    - NtQueryInformationProcess
+    - PsIsThreadTerminating
+    - KeAddSystemServiceTable
+    - ZwQueryObject
+    - ZwQuerySecurityObject
+    - ObInsertObject
+    - _allrem
+    - IoReleaseVpbSpinLock
+    - IoAcquireVpbSpinLock
+    - SeCreateAccessState
+    - IoGetFileObjectGenericMapping
+    - RtlUpcaseUnicodeString
+    - ObCreateObject
+    - _allshr
+    - ExInterlockedPopEntrySList
+    - IoGetStackLimits
+    - IoBuildSynchronousFsdRequest
+    - MmSystemRangeStart
+    - IoUnregisterPlugPlayNotification
+    - FsRtlIsNameInExpression
+    - wcsstr
+    - IoGetConfigurationInformation
+    - MmProbeAndLockPages
+    - IoGetDeviceInterfaces
+    - IoRegisterPlugPlayNotification
+    - ExAllocatePool
+    - RtlFreeAnsiString
+    - RtlUnicodeStringToAnsiString
+    - strncat
+    - wcschr
+    - wcsncat
+    - wcstombs
+    - KeTickCount
+    - KeBugCheckEx
+    - RtlUnwind
+    - wcsncpy
+    - ExReleaseResourceLite
+    - ExAcquireResourceExclusiveLite
+    - ExAcquireResourceSharedLite
+    - ExReleaseFastMutexUnsafe
+    - KeLeaveCriticalRegion
+    - KeEnterCriticalRegion
+    - IoFreeIrp
+    - ExAcquireFastMutexUnsafe
+    - ZwSetSecurityObject
+    - IoDeviceObjectType
+    - IoCreateDevice
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetSaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - RtlLengthSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - SeExports
+    - IoIsWdmVersionAvailable
+    - RtlLengthSid
+    - RtlAbsoluteToSelfRelativeSD
+    - mbstowcs
+    - KeGetCurrentThread
+    - KfAcquireSpinLock
+    - KfReleaseSpinLock
+    - KeRaiseIrqlToDpcLevel
+    - KfLowerIrql
+    - KeGetCurrentIrql
+    - ExAcquireFastMutex
+    - ExReleaseFastMutex
+    - KfRaiseIrql
+    - ClassInitialize
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G3
+            ValidFrom: '2012-05-01 00:00:00'
+            ValidTo: '2012-12-31 23:59:59'
+            Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
+            Version: 3
+            TBS:
+                MD5: e6d820afb23af20a65cf0b03247ea05e
+                SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
+                SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
+                SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-09-30 00:00:00'
+            ValidTo: '2014-01-01 23:59:59'
+            Signature: aedd211d5f8f807ad25209eadb6ed25d8be8c21b6904be51a5010e59fa37d174a3eedced89742b62d5a6bf4fad361754f013e0a345d24c26cbe26da21fd01e7a070fb6b37b6f5068a2e931b3b7997d8070a0a7de0b1ea4fff34d811bdd20c91cc4afcff18ffad9da95f0ecdc5cbfe88c5a3e7ab0a3eb59437411e09b1a6af36f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4d6290e58c54f0f1eb17341a1310e6a4
+            Version: 3
+            TBS:
+                MD5: b7d8444a70054990435f35a5630df5e1
+                SHA1: 4678c6e4a8787a8e6ed2bce8792b122f6c08afd8
+                SHA256: 0a8b4b359ea7890b358e56e436e9cfc6f32b037b2599b597ca7f7a80d475ec98
+                SHA384: ab21ee23bcdcf6f6066fb964d61467419ca8c0f3ad0b3fa2be4db6ed6af1cdff066b27d1988551c75836f22eddffef1f
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=TW, ST=Taiwan, L=Taipei, O=Trend Micro, Inc., OU=Digital ID
+                Class 3 , Microsoft Software Validation v2, OU=RD, CN=Trend Micro,
+                Inc.
+            ValidFrom: '2011-12-27 00:00:00'
+            ValidTo: '2013-02-15 23:59:59'
+            Signature: 840ba0fc35187fe2edc7b17c101fd2bf035bbad8f3de048e250741e96a3f4ecee86f1f065ea76f2f8f430a13a75ff3eab29a8b11a13006d27bf3173fa49aabf9cef98fc4554f1732317c4b821c740eb58a91977d85e86574dd712718b15d24f7eb88b6d4520aef788478e1ef8cebd7fff06fadbc87ca6ca2b77da85be3c30b4d590bcb8945a0acfa013f89073933494d9c465c0036280a5af39f6802e60bd175a2603366dd935cb3458b1791411a06b6e5f38e3171de4238051c79b33117cb94674d0625c402bdfb0f99b80625dc0f827911c6c11263884a4e41d1abf60070ad46b7296e19e1cfcda7304a650d7a814319cc11e5a947e82b2d00a169e798b871
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 6326c00ead256b6837eeb29b5ee84720
+            Version: 3
+            TBS:
+                MD5: 11b208a45459069f827186fe81c6badd
+                SHA1: 456356986e8ecbb7b05e4617d37cb8cd69ce4969
+                SHA256: 4a0336d7ffa5db42ece4b342e1244f5c2bd0681827f68f847d99195c83740145
+                SHA384: 8a5edd0f475b19f4667fde62ee69bbe81a130ddad07ff7cbeb16d4bd9bddd3aa1e59f2469cc15c01e8889e01b048778d
+        Signer:
+        -   SerialNumber: 6326c00ead256b6837eeb29b5ee84720
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 03cc0cf6cc93ab1faa8dd44481e28703
+        SHA1: 7c749d49c0677c330200d6fcd0e2da5232be0970
+        SHA256: 8ff0549239941077a9cfd73a1d1e0ca0a20d4df41e2b9d249e6115f9bc1857b4
+    Sections:
+        .text:
+            Entropy: 6.640278777992944
+            Virtual Size: '0x2e632'
+        .rdata:
+            Entropy: 4.944965611858398
+            Virtual Size: '0x21cc'
+        .data:
+            Entropy: 4.752398010085138
+            Virtual Size: '0x284c'
+        PAGE:
+            Entropy: 6.209235765554683
+            Virtual Size: '0x13dd'
+        .edata:
+            Entropy: 5.856149581174012
+            Virtual Size: '0x4c13'
+        INIT:
+            Entropy: 5.699401851367913
+            Virtual Size: '0x159a'
+        .rsrc:
+            Entropy: 3.4097409019231013
+            Virtual Size: '0x780'
+        .reloc:
+            Entropy: 6.547529823822407
+            Virtual Size: '0x2c08'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2012-11-13 04:31:52'
+    Imphash: 8add42784f4693f421d85a2bcbadc620
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: TmComm.sys
+    MD5: 46edb648c1b5c3abd76bd5e912dac026
+    SHA1: 3f43412c563889a5f5350f415f7040a71cc25221
+    SHA256: 97b32ddf83f75637e3ba934df117081dd6a1c57d47a4c9700d35e736da11d5bd
+    Authentihash:
+        MD5: 24d18871ef8362a3fc2296f859f34793
+        SHA1: fcd9d88abae49a60c462fdfb0cca8f1d105eb3b1
+        SHA256: 92bb92314ad69e9d118df55924ddab76b983029f1eae7739bbb098c6bea86ca1
+    Description: TrendMicro Common Module
+    Company: Trend Micro Inc.
+    InternalName: TmComm.sys
+    OriginalFilename: TmComm.sys
+    FileVersion: 5.50.0.1070
+    Product: Trend Micro Eyes
+    ProductVersion: '5.50'
+    Copyright: Copyright (C) 2002 - 2012 Trend Micro Incorporated. All rights reserved.
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions:
+    - ??0CAutoUpdateConfigThread@@QEAA@AEBV0@@Z
+    - ??0CAutoUpdateConfigThread@@QEAA@PEAU_UNICODE_STRING@@P6AX0PEAX@Z1@Z
+    - ??0CBlobConfig@@QEAA@AEBV0@@Z
+    - ??0CBlobConfig@@QEAA@K@Z
+    - ??0CContext@@QEAA@AEBV0@@Z
+    - ??0CContext@@QEAA@KP6AJPEAU_EVENT_REPORT@@PEAXPEAU_TMCE_REPORT@@PEAU_TMCE_FEEDBACK@@@Z1K@Z
+    - ??0CContextList@@QEAA@AEBV0@@Z
+    - ??0CContextList@@QEAA@KPEAVIMemoryAllocator@@@Z
+    - ??0CDebugLog@@QEAA@AEBV0@@Z
+    - ??0CDebugLog@@QEAA@PEBG@Z
+    - ??0CDelayLoadThread@@QEAA@AEBV0@@Z
+    - ??0CDelayLoadThread@@QEAA@XZ
+    - ??0CExclusionExtConfig@@QEAA@AEBV0@@Z
+    - ??0CExclusionExtConfig@@QEAA@KKE@Z
+    - ??0CExclusionFileNameConfig@@QEAA@AEBV0@@Z
+    - ??0CExclusionFileNameConfig@@QEAA@KK@Z
+    - ??0CExclusionFilePathConfig@@QEAA@AEBV0@@Z
+    - ??0CExclusionFilePathConfig@@QEAA@KK@Z
+    - ??0CExclusionFolderConfig@@QEAA@AEBV0@@Z
+    - ??0CExclusionFolderConfig@@QEAA@KK@Z
+    - ??0CExclusionRegistryConfig@@QEAA@AEBV0@@Z
+    - ??0CExclusionRegistryConfig@@QEAA@KK@Z
+    - ??0CFile@@QEAA@AEBV0@@Z
+    - ??0CFile@@QEAA@E@Z
+    - ??0CFileExtension@@QEAA@AEBV0@@Z
+    - ??0CFileExtension@@QEAA@KEEPEAVIMemoryAllocator@@@Z
+    - ??0CInclusionExtConfig@@QEAA@AEBV0@@Z
+    - ??0CInclusionExtConfig@@QEAA@KKE@Z
+    - ??0CInclusionFileNameConfig@@QEAA@AEBV0@@Z
+    - ??0CInclusionFileNameConfig@@QEAA@KK@Z
+    - ??0CInclusionFilePathConfig@@QEAA@AEBV0@@Z
+    - ??0CInclusionFilePathConfig@@QEAA@KK@Z
+    - ??0CInclusionFolderConfig@@QEAA@AEBV0@@Z
+    - ??0CInclusionFolderConfig@@QEAA@KK@Z
+    - ??0CKEvent@@QEAA@AEBV0@@Z
+    - ??0CKEvent@@QEAA@W4_EVENT_TYPE@@E@Z
+    - ??0CList@@QEAA@AEBV0@@Z
+    - ??0CList@@QEAA@KPEAVIMemoryAllocator@@@Z
+    - ??0CLockEvent@@QEAA@AEBV0@@Z
+    - ??0CLockEvent@@QEAA@XZ
+    - ??0CLockList@@QEAA@AEBV0@@Z
+    - ??0CLockList@@QEAA@KKPEAVIMemoryAllocator@@@Z
+    - ??0CMemoryAllocator@@IEAA@W4_POOL_TYPE@@K@Z
+    - ??0CMemoryAllocator@@QEAA@AEBV0@@Z
+    - ??0CMemoryPoolAllocator@@IEAA@W4_POOL_TYPE@@_K1K@Z
+    - ??0CMemoryPoolAllocator@@QEAA@AEBV0@@Z
+    - ??0CModuleConfig@@QEAA@AEBV0@@Z
+    - ??0CModuleConfig@@QEAA@XZ
+    - ??0CModuleConfigList@@QEAA@AEBV0@@Z
+    - ??0CModuleConfigList@@QEAA@KPEAVIMemoryAllocator@@@Z
+    - ??0CModuleFileExtConfig@@QEAA@AEBV0@@Z
+    - ??0CModuleFileExtConfig@@QEAA@KKE@Z
+    - ??0CModuleFlagConfig@@QEAA@AEBV0@@Z
+    - ??0CModuleFlagConfig@@QEAA@K@Z
+    - ??0CModuleMultiStringConfig@@QEAA@AEBV0@@Z
+    - ??0CModuleMultiStringConfig@@QEAA@KK@Z
+    - ??0CModuleStringConfig@@QEAA@AEBV0@@Z
+    - ??0CModuleStringConfig@@QEAA@K@Z
+    - ??0CNoLockList@@QEAA@AEBV0@@Z
+    - ??0CNoLockList@@QEAA@KKPEAVIMemoryAllocator@@@Z
+    - ??0CSmartLock@@QEAA@AEAVCLockEvent@@@Z
+    - ??0CSmartLock@@QEAA@XZ
+    - ??0CSmartReference@@QEAA@AEAJ@Z
+    - ??0CSmartReference@@QEAA@AEAK@Z
+    - ??0CSmartResource@@QEAA@AEAVCResource@@E@Z
+    - ??0CStrList@@QEAA@AEBV0@@Z
+    - ??0CStrList@@QEAA@KPEAVIMemoryAllocator@@@Z
+    - ??0CSystemThread@@QEAA@AEBV0@@Z
+    - ??0CSystemThread@@QEAA@K@Z
+    - ??0CUserFuncAdapterJob@@QEAA@AEBV0@@Z
+    - ??0CUserFuncAdapterJob@@QEAA@P6AXPEAX@Z0@Z
+    - ??0CWorkerThread@@IEAA@PEAVCWorkerThreadJobQueue@@@Z
+    - ??0CWorkerThread@@QEAA@AEBV0@@Z
+    - ??0CWorkerThreadJob@@QEAA@AEBV0@@Z
+    - ??0CWorkerThreadJob@@QEAA@E@Z
+    - ??0CWorkerThreadJobQueue@@QEAA@AEBV0@@Z
+    - ??0CWorkerThreadJobQueue@@QEAA@K@Z
+    - ??0CWorkerThreadPool@@QEAA@AEBV0@@Z
+    - ??0CWorkerThreadPool@@QEAA@K@Z
+    - ??0IMemoryAllocator@@QEAA@AEBV0@@Z
+    - ??0IMemoryAllocator@@QEAA@XZ
+    - ??1CAutoUpdateConfigThread@@UEAA@XZ
+    - ??1CBlobConfig@@UEAA@XZ
+    - ??1CContext@@UEAA@XZ
+    - ??1CContextList@@UEAA@XZ
+    - ??1CDebugLog@@UEAA@XZ
+    - ??1CDelayLoadThread@@UEAA@XZ
+    - ??1CExclusionExtConfig@@UEAA@XZ
+    - ??1CExclusionFileNameConfig@@UEAA@XZ
+    - ??1CExclusionFilePathConfig@@UEAA@XZ
+    - ??1CExclusionFolderConfig@@UEAA@XZ
+    - ??1CExclusionRegistryConfig@@UEAA@XZ
+    - ??1CFile@@UEAA@XZ
+    - ??1CFileExtension@@UEAA@XZ
+    - ??1CInclusionExtConfig@@UEAA@XZ
+    - ??1CInclusionFileNameConfig@@UEAA@XZ
+    - ??1CInclusionFilePathConfig@@UEAA@XZ
+    - ??1CInclusionFolderConfig@@UEAA@XZ
+    - ??1CKEvent@@UEAA@XZ
+    - ??1CList@@UEAA@XZ
+    - ??1CLockEvent@@UEAA@XZ
+    - ??1CLockList@@UEAA@XZ
+    - ??1CMemoryAllocator@@UEAA@XZ
+    - ??1CMemoryPoolAllocator@@UEAA@XZ
+    - ??1CModuleConfig@@UEAA@XZ
+    - ??1CModuleConfigList@@UEAA@XZ
+    - ??1CModuleFileExtConfig@@UEAA@XZ
+    - ??1CModuleFlagConfig@@UEAA@XZ
+    - ??1CModuleMultiStringConfig@@UEAA@XZ
+    - ??1CModuleStringConfig@@UEAA@XZ
+    - ??1CNoLockList@@UEAA@XZ
+    - ??1CSmartLock@@QEAA@XZ
+    - ??1CSmartReference@@QEAA@XZ
+    - ??1CSmartResource@@QEAA@XZ
+    - ??1CStrList@@UEAA@XZ
+    - ??1CSystemThread@@UEAA@XZ
+    - ??1CUserFuncAdapterJob@@UEAA@XZ
+    - ??1CWorkerThread@@UEAA@XZ
+    - ??1CWorkerThreadJob@@UEAA@XZ
+    - ??1CWorkerThreadJobQueue@@UEAA@XZ
+    - ??1CWorkerThreadPool@@UEAA@XZ
+    - ??1IMemoryAllocator@@UEAA@XZ
+    - ??2@YAPEAX_KPEAVIMemoryAllocator@@PEBDK@Z
+    - ??2CMemoryAllocator@@SAPEAX_K@Z
+    - ??2CMemoryPoolAllocator@@SAPEAX_K@Z
+    - ??3@YAXPEAX@Z
+    - ??3IMemoryAllocator@@SAXPEAX@Z
+    - ??4CAutoUpdateConfigThread@@QEAAAEAV0@AEBV0@@Z
+    - ??4CBlobConfig@@QEAAAEAV0@AEBV0@@Z
+    - ??4CContext@@QEAAAEAV0@AEBV0@@Z
+    - ??4CDebugLog@@QEAAAEAV0@AEBV0@@Z
+    - ??4CDelayLoadThread@@QEAAAEAV0@AEBV0@@Z
+    - ??4CFile@@QEAAAEAV0@AEBV0@@Z
+    - ??4CKEvent@@QEAAAEAV0@AEBV0@@Z
+    - ??4CLockEvent@@QEAAAEAV0@AEBV0@@Z
+    - ??4CMemoryAllocator@@QEAAAEAV0@AEBV0@@Z
+    - ??4CMemoryPoolAllocator@@QEAAAEAV0@AEBV0@@Z
+    - ??4CModuleConfig@@QEAAAEAV0@AEBV0@@Z
+    - ??4CModuleFlagConfig@@QEAAAEAV0@AEBV0@@Z
+    - ??4CModuleStringConfig@@QEAAAEAV0@AEBV0@@Z
+    - ??4CSmartLock@@QEAAAEAV0@AEBV0@@Z
+    - ??4CSmartLock@@QEAAAEBV0@AEAVCLockEvent@@@Z
+    - ??4CSmartResource@@QEAAAEAV0@AEBV0@@Z
+    - ??4CSystemThread@@QEAAAEAV0@AEBV0@@Z
+    - ??4CUserFuncAdapterJob@@QEAAAEAV0@AEBV0@@Z
+    - ??4CWorkerThread@@QEAAAEAV0@AEBV0@@Z
+    - ??4CWorkerThreadJob@@QEAAAEAV0@AEBV0@@Z
+    - ??4IMemoryAllocator@@QEAAAEAV0@AEBV0@@Z
+    - ??_7CAutoUpdateConfigThread@@6B@
+    - ??_7CBlobConfig@@6B@
+    - ??_7CContext@@6B@
+    - ??_7CContextList@@6B@
+    - ??_7CDebugLog@@6B@
+    - ??_7CDelayLoadThread@@6B@
+    - ??_7CExclusionExtConfig@@6B@
+    - ??_7CExclusionFileNameConfig@@6B@
+    - ??_7CExclusionFilePathConfig@@6B@
+    - ??_7CExclusionFolderConfig@@6B@
+    - ??_7CExclusionRegistryConfig@@6B@
+    - ??_7CFile@@6B@
+    - ??_7CFileExtension@@6B@
+    - ??_7CInclusionExtConfig@@6B@
+    - ??_7CInclusionFileNameConfig@@6B@
+    - ??_7CInclusionFilePathConfig@@6B@
+    - ??_7CInclusionFolderConfig@@6B@
+    - ??_7CKEvent@@6B@
+    - ??_7CList@@6B@
+    - ??_7CLockEvent@@6B@
+    - ??_7CLockList@@6B@
+    - ??_7CMemoryAllocator@@6B@
+    - ??_7CMemoryPoolAllocator@@6B@
+    - ??_7CModuleConfig@@6B@
+    - ??_7CModuleConfigList@@6B@
+    - ??_7CModuleFileExtConfig@@6B@
+    - ??_7CModuleFlagConfig@@6B@
+    - ??_7CModuleMultiStringConfig@@6B@
+    - ??_7CModuleStringConfig@@6B@
+    - ??_7CNoLockList@@6B@
+    - ??_7CStrList@@6B@
+    - ??_7CSystemThread@@6B@
+    - ??_7CUserFuncAdapterJob@@6B@
+    - ??_7CWorkerThread@@6B@
+    - ??_7CWorkerThreadJob@@6B@
+    - ??_7CWorkerThreadJobQueue@@6B@
+    - ??_7CWorkerThreadPool@@6B@
+    - ??_7IMemoryAllocator@@6B@
+    - ??_FCContextList@@QEAAXXZ
+    - ??_FCFile@@QEAAXXZ
+    - ??_FCFileExtension@@QEAAXXZ
+    - ??_FCModuleConfigList@@QEAAXXZ
+    - ??_FCStrList@@QEAAXXZ
+    - ??_FCSystemThread@@QEAAXXZ
+    - ??_FCWorkerThread@@QEAAXXZ
+    - ??_FCWorkerThreadJob@@QEAAXXZ
+    - ??_FCWorkerThreadJobQueue@@QEAAXXZ
+    - ??_U@YAPEAX_KPEAVIMemoryAllocator@@PEBDK@Z
+    - ??_V@YAXPEAX@Z
+    - ?Acquire@CLockEvent@@QEAAXXZ
+    - ?Add@CContextList@@QEAAEPEAVCContext@@@Z
+    - ?Add@CFileExtension@@QEAAEPEBGK@Z
+    - ?Add@CModuleConfigList@@QEAAEPEAVCModuleConfig@@@Z
+    - ?Add@CStrList@@QEAAEPEBG@Z
+    - ?AddNode@CLockList@@UEAAEQEAXE@Z
+    - ?AddNode@CNoLockList@@UEAAEQEAXE@Z
+    - ?Alloc@CMemoryAllocator@@UEAAPEAX_KPEBDK@Z
+    - ?Alloc@CMemoryPoolAllocator@@UEAAPEAX_KPEBDK@Z
+    - ?AllocBlock@CMemoryPoolAllocator@@IEAAPEAX_K@Z
+    - ?AttachJobQueue@CWorkerThread@@QEAAXPEAVCWorkerThreadJobQueue@@@Z
+    - ?Cancel@CWorkerThreadJob@@QEAAXXZ
+    - ?CheckNode@CLockList@@UEAAHQEAX@Z
+    - ?CheckNode@CNoLockList@@UEAAHQEAX@Z
+    - ?CleanQueue@CWorkerThreadJobQueue@@QEAAXXZ
+    - ?Cleanup@CBlobConfig@@AEAAXXZ
+    - ?Cleanup@CModuleFileExtConfig@@IEAAXXZ
+    - ?Cleanup@CModuleMultiStringConfig@@IEAAXXZ
+    - ?Cleanup@CModuleStringConfig@@AEAAXXZ
+    - ?Close@CFile@@QEAAJXZ
+    - ?Count@CLockList@@QEAAKXZ
+    - ?Count@CNoLockList@@QEAAKXZ
+    - ?Create@CFile@@QEAAJPEBGKKKK@Z
+    - ?Create@CSystemThread@@QEAAEXZ
+    - ?CreateInstance@CMemoryAllocator@@SAPEAV1@W4_POOL_TYPE@@K@Z
+    - ?CreateInstance@CMemoryPoolAllocator@@SAPEAV1@W4_POOL_TYPE@@_K1K@Z
+    - ?CreatePool@CWorkerThreadPool@@QEAAEXZ
+    - ?CreateThreads@CWorkerThreadPool@@QEAAEK@Z
+    - ?CreateWIRP@CFile@@QEAAJPEBGKKKK@Z
+    - ?Delete@CFile@@QEAAJXZ
+    - ?Delete@CFileExtension@@QEAAEPEBGK@Z
+    - ?Delete@CStrList@@QEAAEPEBG@Z
+    - ?DeleteAll@CList@@UEAAXXZ
+    - ?DeleteAll@CLockList@@UEAAXXZ
+    - ?DeleteAll@CNoLockList@@UEAAXXZ
+    - ?DeleteNode@CContextList@@MEAAXPEAX@Z
+    - ?DeleteNode@CList@@UEAAXPEAX@Z
+    - ?DeleteNode@CModuleConfigList@@MEAAXPEAX@Z
+    - ?DeleteNode@CStrList@@EEAAXPEAU_STR_LIST_NODE@1@@Z
+    - ?DisableWriteProtectFromCR0@@YAXPEAPEAX@Z
+    - ?DoIt@CWorkerThreadJob@@QEAAJXZ
+    - ?EntryPoint@CSystemThread@@KAXPEAX@Z
+    - ?Find@CContextList@@QEAAPEAVCContext@@K@Z
+    - ?Find@CContextList@@QEAAPEAVCContext@@PEAX@Z
+    - ?Find@CFileExtension@@QEAAPEAU_STR_LIST_NODE@CStrList@@PEBGK@Z
+    - ?Find@CModuleConfigList@@QEAAPEAVCModuleConfig@@K@Z
+    - ?Find@CStrList@@QEAAPEAU_STR_LIST_NODE@1@PEBG@Z
+    - ?FindNode@CContextList@@IEAAPEAXPEAX@Z
+    - ?FindPartiallyAndAllMatch@CStrList@@QEAAPEAU_STR_LIST_NODE@1@PEBG@Z
+    - ?First@CList@@UEAAPEAXXZ
+    - ?First@CLockList@@UEAAPEAXXZ
+    - ?First@CNoLockList@@UEAAPEAXXZ
+    - ?Free@CMemoryAllocator@@UEAAXPEAX@Z
+    - ?Free@CMemoryPoolAllocator@@UEAAXPEAX@Z
+    - ?GetAttributes@CFile@@QEAAKXZ
+    - ?GetBasicInfomration@CFile@@IEAAJXZ
+    - ?GetBlobCofig@CContext@@UEAAJKPEAXPEAK@Z
+    - ?GetCategory@CContext@@QEAAKXZ
+    - ?GetData@CBlobConfig@@QEAAHPEAXPEAK@Z
+    - ?GetData@CModuleFileExtConfig@@QEAAHPEAGPEAK@Z
+    - ?GetData@CModuleFileExtConfig@@QEAAPEAVCFileExtension@@XZ
+    - ?GetData@CModuleFlagConfig@@QEAAKXZ
+    - ?GetData@CModuleMultiStringConfig@@QEAAHPEAGPEAK@Z
+    - ?GetData@CModuleMultiStringConfig@@QEAAPEAVCStrList@@XZ
+    - ?GetData@CModuleStringConfig@@QEAAPEAGXZ
+    - ?GetData@CStrList@@QEAAEPEAGPEAK@Z
+    - ?GetDataType@CModuleConfig@@QEAAKXZ
+    - ?GetEngineContext@CContext@@QEAAPEAXXZ
+    - ?GetFileExtensionConfig@CContext@@QEAAPEAVCFileExtension@@K@Z
+    - ?GetFileExtensionConfig@CContext@@UEAAJKPEAGPEAK@Z
+    - ?GetFileSize@CFile@@QEAAJPEAT_LARGE_INTEGER@@@Z
+    - ?GetFlagConfig@CContext@@UEAAJKPEAK@Z
+    - ?GetID@CModuleConfig@@QEAAKXZ
+    - ?GetJob@CWorkerThreadJobQueue@@QEAAPEAVCWorkerThreadJob@@XZ
+    - ?GetLength@CModuleStringConfig@@QEAAKXZ
+    - ?GetLinkContext@CContext@@QEAAPEAXXZ
+    - ?GetLogFlag@CDebugLog@@QEAAKXZ
+    - ?GetModuleId@CModuleConfig@@QEAAKXZ
+    - ?GetMultiStringConfig@CContext@@QEAAPEAVCStrList@@K@Z
+    - ?GetMultiStringConfig@CContext@@UEAAJKPEAGPEAK@Z
+    - ?GetOneThreadTEB@CWorkerThreadPool@@QEAAPEAU_ETHREAD@@XZ
+    - ?GetReportCallBackRoutine@CContext@@QEAA_KXZ
+    - ?GetSize@CBlobConfig@@QEAAKXZ
+    - ?GetStringConfig@CContext@@QEAAPEAGK@Z
+    - ?GetStringConfig@CContext@@UEAAJKPEAGPEAK@Z
+    - ?GetThreadCount@CWorkerThreadPool@@QEAAKXZ
+    - ?GetThreadID@CSystemThread@@QEAA_KXZ
+    - ?GetType@CContext@@QEAAKXZ
+    - ?GetUserParameter@CContext@@QEAA_KXZ
+    - ?InitializeBlobConfig@CContext@@QEAAHKPEAXK@Z
+    - ?InitializeFileExtensionConfig@CContext@@QEAAHKPEBG@Z
+    - ?InitializeFlagConfig@CContext@@QEAAHKK@Z
+    - ?InitializeMultiStringConfig@CContext@@QEAAHKPEBG@Z
+    - ?InitializeStringConfig@CContext@@QEAAHKPEBG@Z
+    - ?Insert@CList@@UEAAXQEAXE@Z
+    - ?Insert@CLockList@@UEAAXQEAXE@Z
+    - ?Insert@CNoLockList@@UEAAXQEAXE@Z
+    - ?InsertAfter@CList@@UEAAXPEAX0@Z
+    - ?InsertBefore@CList@@UEAAXPEAX0@Z
+    - ?Instance@CWorkerThreadPool@@SAPEAV1@XZ
+    - ?IsEmpty@CList@@UEAAEXZ
+    - ?IsEmpty@CLockList@@UEAAEXZ
+    - ?IsEmpty@CNoLockList@@UEAAEXZ
+    - ?IsExceedLimitation@CMemoryPoolAllocator@@IEAAEK@Z
+    - ?IsFull@CLockList@@QEBAEXZ
+    - ?IsFull@CNoLockList@@QEBAEXZ
+    - ?IsInExclusionList@CExclusionExtConfig@@QEAAEPEBG@Z
+    - ?IsInExclusionList@CExclusionFileNameConfig@@QEAAEPEBG@Z
+    - ?IsInExclusionList@CExclusionFilePathConfig@@QEAAEPEBG@Z
+    - ?IsInExclusionList@CExclusionFolderConfig@@QEAAEPEBG@Z
+    - ?IsInExclusionList@CExclusionRegistryConfig@@QEAAEPEBG@Z
+    - ?IsInInclusionList@CInclusionExtConfig@@QEAAEPEBG@Z
+    - ?IsInInclusionList@CInclusionFileNameConfig@@QEAAEPEBG@Z
+    - ?IsInInclusionList@CInclusionFilePathConfig@@QEAAEPEBG@Z
+    - ?IsInInclusionList@CInclusionFolderConfig@@QEAAEPEBG@Z
+    - ?IsOpened@CFile@@QEAAEXZ
+    - ?IsTerminated@CWorkerThreadPool@@QEAAEXZ
+    - ?IsValid@CMemoryAllocator@@UEAAEXZ
+    - ?IsValid@CMemoryPoolAllocator@@UEAAEXZ
+    - ?IsValid@IMemoryAllocator@@UEAAEXZ
+    - ?IsWorkerThread@CWorkerThreadPool@@QEAAE_K@Z
+    - ?JobFunction@CUserFuncAdapterJob@@MEAAXXZ
+    - ?JobQueue@CWorkerThreadPool@@QEAAAEAVCWorkerThreadJobQueue@@XZ
+    - ?Limit@CLockList@@QEAAKXZ
+    - ?Limit@CNoLockList@@QEAAKXZ
+    - ?MatchAllExtensions@CFileExtension@@QEAAEXZ
+    - ?MatchNoExtensions@CFileExtension@@QEAAEXZ
+    - ?MergeLeft@CMemoryPoolAllocator@@IEAAPEAXPEAX@Z
+    - ?MergeRight@CMemoryPoolAllocator@@IEAAPEAXPEAX@Z
+    - ?NeedDelete@CWorkerThreadJob@@QEAAEXZ
+    - ?NeedDeleteWhenFinish@CWorkerThreadJob@@QEAAXE@Z
+    - ?NewNode@CList@@UEAAPEAXXZ
+    - ?NewNode@CStrList@@EEAAPEAXXZ
+    - ?NewNodeVariant@CList@@IEAAPEAXK@Z
+    - ?Next@CList@@UEBAPEAXQEAX@Z
+    - ?Next@CLockList@@UEBAPEAXQEAX@Z
+    - ?Next@CNoLockList@@UEBAPEAXQEAX@Z
+    - ?NextPool@CMemoryPoolAllocator@@QEAAPEAV1@XZ
+    - ?NotityTerminate@CWorkerThread@@QEAAXXZ
+    - ?PostJobToWorkerThread@CWorkerThreadPool@@QEAAJP6AXPEAX@Z0E@Z
+    - ?Pulse@CKEvent@@QEAAJJE@Z
+    - ?QueueJob@CWorkerThreadJobQueue@@QEAAEPEAVCWorkerThreadJob@@@Z
+    - ?QueueJobItem@CWorkerThreadPool@@QEAAJPEAVCWorkerThreadJob@@@Z
+    - ?RCMInstance@CWorkerThreadPool@@SAPEAV1@XZ
+    - ?Read@CFile@@QEAAJPEADKPEAK@Z
+    - ?ReferenceCount@CContext@@QEAAAEAKXZ
+    - ?Release@CLockEvent@@QEAAXXZ
+    - ?Remove@CContextList@@UEAAEQEAX@Z
+    - ?Remove@CList@@UEAAEQEAX@Z
+    - ?Remove@CLockList@@UEAAEQEAX@Z
+    - ?Remove@CNoLockList@@UEAAEQEAX@Z
+    - ?RemoveHead@CList@@UEAAPEAXXZ
+    - ?RemoveHead@CLockList@@UEAAPEAXXZ
+    - ?RemoveHead@CNoLockList@@UEAAPEAXXZ
+    - ?RemoveTail@CList@@UEAAPEAXXZ
+    - ?RemoveTail@CLockList@@UEAAPEAXXZ
+    - ?RemoveTail@CNoLockList@@UEAAPEAXXZ
+    - ?Reset@CKEvent@@QEAAXXZ
+    - ?ResetData@CInclusionExtConfig@@QEAAXXZ
+    - ?ResetData@CInclusionFileNameConfig@@QEAAXXZ
+    - ?ResetData@CInclusionFilePathConfig@@QEAAXXZ
+    - ?ResetData@CInclusionFolderConfig@@QEAAXXZ
+    - ?RestoreCR0@@YAXPEAX@Z
+    - ?Run@CAutoUpdateConfigThread@@UEAAXXZ
+    - ?Run@CDelayLoadThread@@UEAAXXZ
+    - ?Run@CWorkerThread@@UEAAXXZ
+    - ?SeekToEnd@CFile@@QEAAJXZ
+    - ?Set@CKEvent@@QEAAJJE@Z
+    - ?SetAttributes@CFile@@QEAAJK@Z
+    - ?SetBlobCofig@CContext@@UEAAJKPEAXK@Z
+    - ?SetData@CBlobConfig@@QEAAHPEAXK@Z
+    - ?SetData@CModuleFileExtConfig@@QEAAHPEBG@Z
+    - ?SetData@CModuleFlagConfig@@QEAAHK@Z
+    - ?SetData@CModuleMultiStringConfig@@QEAAHPEBGK@Z
+    - ?SetData@CModuleStringConfig@@QEAAHPEBG@Z
+    - ?SetEngineContext@CContext@@QEAAXPEAX@Z
+    - ?SetFileExtensionConfig@CContext@@UEAAJKPEBG@Z
+    - ?SetFlagConfig@CContext@@UEAAJKK@Z
+    - ?SetLinkContext@CContext@@QEAAXPEAX@Z
+    - ?SetLogFlag@CDebugLog@@QEAAEK@Z
+    - ?SetMatchAllExtensions@CFileExtension@@QEAAXE@Z
+    - ?SetMatchNoExtensions@CFileExtension@@QEAAXE@Z
+    - ?SetMultiStringConfig@CContext@@UEAAJKPEBG@Z
+    - ?SetNewJobItemEvent@CWorkerThreadJobQueue@@QEAAXXZ
+    - ?SetPriority@CSystemThread@@QEAAXK@Z
+    - ?SetStopUse@CContext@@QEAAXXZ
+    - ?SetStringConfig@CContext@@UEAAJKPEBG@Z
+    - ?Setup@CSystemThread@@MEAAXXZ
+    - ?StopUse@CContext@@QEAAHXZ
+    - ?TearDown@CSystemThread@@MEAAXXZ
+    - ?Terminate@CSystemThread@@QEAAXE@Z
+    - ?Terminate@CWorkerThreadPool@@QEAAEXZ
+    - ?TmExceptionFilter@@YAJPEAU_EXCEPTION_POINTERS@@@Z
+    - ?Wait@CKEvent@@QEAAJPEAT_LARGE_INTEGER@@E@Z
+    - ?WaitFinish@CWorkerThreadJob@@QEAAXXZ
+    - ?WaitForInit@CDelayLoadThread@@QEAAEXZ
+    - ?WaitForLoad@CDelayLoadThread@@QEAAEXZ
+    - ?WaitNewJobAvailable@CWorkerThreadJobQueue@@QEAAEXZ
+    - ?Write@CDebugLog@@QEAAXPEBDZZ
+    - ?Write@CFile@@QEAAJPEADKPEAT_LARGE_INTEGER@@PEAK@Z
+    - ?WriteSystemInformation@CDebugLog@@QEAAXXZ
+    - ?WriteSystemStringInformation@CDebugLog@@IEAAXPEBG@Z
+    - ?WriteToFile@CDebugLog@@IEAAXPEADK@Z
+    - ?_pNonPagedAllocator@@3PEAVCMemoryAllocator@@EA
+    - ?_pPagedAllocator@@3PEAVCMemoryAllocator@@EA
+    - ?m_lpInstance@CWorkerThreadPool@@1PEAV1@EA
+    - ?m_lpRCMInstance@CWorkerThreadPool@@1PEAV1@EA
+    - DeInitKmLPC
+    - GetModuleInfoByAddress
+    - GetModuleInfoByModuleName
+    - InitKmLPC
+    - KmCallUm
+    - KmCallUmEx
+    - ModGetExportProcAddress
+    - ModLoadDLLToBuffer
+    - ModLoadDLLToBufferWithImageSize
+    - ModLoadModule
+    - ModUnLoadModule
+    - NormalizeFileName
+    - NormalizeFullNtPathToDosName
+    - TmCommConfigRoutine
+    - UtilAddDeviceInDriveTable
+    - UtilDeleteFileForce
+    - UtilGetFileObjectForProcessByEPROC
+    - UtilGetFileObjectFromFileName
+    - UtilGetProcessName
+    - UtilGetSystemDirectory
+    - UtilGetSystemDirectoryEx
+    - UtilGetSystemDirectoryLength
+    - UtilGetSystemTime
+    - UtilIoSetFileInfo
+    - UtilIopCreateFileIRP
+    - UtilKeGetLowFileDevice
+    - UtilModuleIATHook
+    - UtilModuleIATUnHook
+    - UtilQueryKeyValue
+    - UtilRemoveDeviceFromDriveTable
+    - UtilVolumeDeviceToDosName
+    - UtilWaitValueChangeToZero
+    - UtilWriteVersionToRegistry
+    - UtilbuildDynamicDiskMappingTable
+    - UtlWriteBinValueKeyToRegistry
+    - _UtilDosPathNameToNtPathName
+    ImportedFunctions:
+    - KeLeaveCriticalRegion
+    - wcsncpy
+    - KeEnterCriticalRegion
+    - ExAcquireFastMutexUnsafe
+    - wcsrchr
+    - ExAcquireResourceSharedLite
+    - ExReleaseResourceLite
+    - _purecall
+    - ZwOpenEvent
+    - RtlSubAuthoritySid
+    - RtlLengthRequiredSid
+    - ZwConnectPort
+    - ExAllocatePoolWithTag
+    - KeClearEvent
+    - PsProcessType
+    - ExFreePoolWithTag
+    - ExReleaseFastMutex
+    - ExAcquireFastMutex
+    - RtlCreateAcl
+    - RtlSetDaclSecurityDescriptor
+    - RtlInitUnicodeString
+    - KeSetEvent
+    - ProbeForWrite
+    - KeUnstackDetachProcess
+    - RtlAddAccessAllowedAce
+    - ZwRequestWaitReplyPort
+    - ZwWaitForSingleObject
+    - DbgBreakPoint
+    - ZwSetEvent
+    - IoGetCurrentProcess
+    - ZwFreeVirtualMemory
+    - ZwClose
+    - KeInitializeSemaphore
+    - KeWaitForSingleObject
+    - KeReleaseSemaphore
+    - RtlInitializeSid
+    - ObfReferenceObject
+    - ObfDereferenceObject
+    - RtlUnicodeStringToInteger
+    - ZwCreateSection
+    - ObOpenObjectByPointer
+    - KeStackAttachProcess
+    - RtlCreateSecurityDescriptor
+    - KePulseEvent
+    - ZwAllocateVirtualMemory
+    - PsThreadType
+    - PsGetProcessExitTime
+    - MmSectionObjectType
+    - DbgPrint
+    - ExDeleteResourceLite
+    - ExInitializeResourceLite
+    - ZwReadFile
+    - swprintf
+    - ZwSetInformationFile
+    - ZwCreateFile
+    - ZwQueryInformationFile
+    - ZwWriteFile
+    - _wcsnicmp
+    - towupper
+    - KeInitializeEvent
+    - ZwCreateEvent
+    - ZwCreateKey
+    - ZwNotifyChangeKey
+    - _snprintf
+    - ExSystemTimeToLocalTime
+    - _vsnprintf
+    - ObReferenceObjectByHandle
+    - RtlTimeToTimeFields
+    - PsGetCurrentThreadId
+    - PsGetCurrentProcessId
+    - MmIsAddressValid
+    - KeWaitForMultipleObjects
+    - KeSetPriorityThread
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - KeNumberProcessors
+    - PsLookupProcessByProcessId
+    - PsSetCreateProcessNotifyRoutine
+    - ZwOpenDirectoryObject
+    - KeDelayExecutionThread
+    - ZwQueryInformationProcess
+    - ExGetPreviousMode
+    - ExReleaseFastMutexUnsafe
+    - ZwQuerySystemInformation
+    - ZwQueryValueKey
+    - ZwOpenKey
+    - _stricmp
+    - _strnicmp
+    - mbstowcs
+    - ProbeForRead
+    - _snwprintf
+    - ZwQuerySymbolicLinkObject
+    - ZwMapViewOfSection
+    - MmGetSystemRoutineAddress
+    - RtlAppendUnicodeToString
+    - IoCreateFile
+    - RtlQueryRegistryValues
+    - RtlEqualUnicodeString
+    - MmBuildMdlForNonPagedPool
+    - ZwOpenSymbolicLinkObject
+    - IoFreeMdl
+    - RtlFreeUnicodeString
+    - IoFileObjectType
+    - ZwUnmapViewOfSection
+    - NtClose
+    - IoFreeIrp
+    - PsGetVersion
+    - IoAllocateIrp
+    - RtlCopyUnicodeString
+    - ZwOpenFile
+    - RtlImageNtHeader
+    - IoAllocateMdl
+    - IofCallDriver
+    - ZwQueryVolumeInformationFile
+    - ObQueryNameString
+    - ObReferenceObjectByPointer
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - ExEventObjectType
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoGetDeviceObjectPointer
+    - ObInsertObject
+    - IoAcquireVpbSpinLock
+    - SeCreateAccessState
+    - IoGetFileObjectGenericMapping
+    - ObCreateObject
+    - IoReleaseVpbSpinLock
+    - KeBugCheckEx
+    - IoCreateDevice
+    - ZwSetSecurityObject
+    - IoDeviceObjectType
+    - RtlLengthSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - RtlAbsoluteToSelfRelativeSD
+    - IoIsWdmVersionAvailable
+    - SeExports
+    - wcschr
+    - RtlLengthSid
+    - RtlGetSaclSecurityDescriptor
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - ZwSetValueKey
+    - ExAcquireResourceExclusiveLite
+    - __C_specific_handler
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G3
+            ValidFrom: '2012-05-01 00:00:00'
+            ValidTo: '2012-12-31 23:59:59'
+            Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
+            Version: 3
+            TBS:
+                MD5: e6d820afb23af20a65cf0b03247ea05e
+                SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
+                SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
+                SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-09-30 00:00:00'
+            ValidTo: '2014-01-01 23:59:59'
+            Signature: aedd211d5f8f807ad25209eadb6ed25d8be8c21b6904be51a5010e59fa37d174a3eedced89742b62d5a6bf4fad361754f013e0a345d24c26cbe26da21fd01e7a070fb6b37b6f5068a2e931b3b7997d8070a0a7de0b1ea4fff34d811bdd20c91cc4afcff18ffad9da95f0ecdc5cbfe88c5a3e7ab0a3eb59437411e09b1a6af36f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4d6290e58c54f0f1eb17341a1310e6a4
+            Version: 3
+            TBS:
+                MD5: b7d8444a70054990435f35a5630df5e1
+                SHA1: 4678c6e4a8787a8e6ed2bce8792b122f6c08afd8
+                SHA256: 0a8b4b359ea7890b358e56e436e9cfc6f32b037b2599b597ca7f7a80d475ec98
+                SHA384: ab21ee23bcdcf6f6066fb964d61467419ca8c0f3ad0b3fa2be4db6ed6af1cdff066b27d1988551c75836f22eddffef1f
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=TW, ST=Taiwan, L=Taipei, O=Trend Micro, Inc., OU=Digital ID
+                Class 3 , Microsoft Software Validation v2, OU=RD, CN=Trend Micro,
+                Inc.
+            ValidFrom: '2011-12-27 00:00:00'
+            ValidTo: '2013-02-15 23:59:59'
+            Signature: 840ba0fc35187fe2edc7b17c101fd2bf035bbad8f3de048e250741e96a3f4ecee86f1f065ea76f2f8f430a13a75ff3eab29a8b11a13006d27bf3173fa49aabf9cef98fc4554f1732317c4b821c740eb58a91977d85e86574dd712718b15d24f7eb88b6d4520aef788478e1ef8cebd7fff06fadbc87ca6ca2b77da85be3c30b4d590bcb8945a0acfa013f89073933494d9c465c0036280a5af39f6802e60bd175a2603366dd935cb3458b1791411a06b6e5f38e3171de4238051c79b33117cb94674d0625c402bdfb0f99b80625dc0f827911c6c11263884a4e41d1abf60070ad46b7296e19e1cfcda7304a650d7a814319cc11e5a947e82b2d00a169e798b871
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 6326c00ead256b6837eeb29b5ee84720
+            Version: 3
+            TBS:
+                MD5: 11b208a45459069f827186fe81c6badd
+                SHA1: 456356986e8ecbb7b05e4617d37cb8cd69ce4969
+                SHA256: 4a0336d7ffa5db42ece4b342e1244f5c2bd0681827f68f847d99195c83740145
+                SHA384: 8a5edd0f475b19f4667fde62ee69bbe81a130ddad07ff7cbeb16d4bd9bddd3aa1e59f2469cc15c01e8889e01b048778d
+        Signer:
+        -   SerialNumber: 6326c00ead256b6837eeb29b5ee84720
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 758d7e589c3ed9801189755eeacb7853
+        SHA1: 3489d3411a9549281a52875dd5b15c14d16fe035
+        SHA256: 41392221145207e9cc769dfaeda0bfa63ee6babeb2d86771a48cc97bd0ab89c0
+    Sections:
+        .text:
+            Entropy: 6.305973111298038
+            Virtual Size: '0x1a864'
+        .rdata:
+            Entropy: 4.370773855713886
+            Virtual Size: '0x21e0'
+        .data:
+            Entropy: 3.694464494190871
+            Virtual Size: '0x1f79'
+        .pdata:
+            Entropy: 5.062004283964308
+            Virtual Size: '0x1794'
+        PAGE:
+            Entropy: 6.209864470131033
+            Virtual Size: '0x19f7'
+        .edata:
+            Entropy: 5.761030423743034
+            Virtual Size: '0x4de7'
+        INIT:
+            Entropy: 5.276807727813277
+            Virtual Size: '0x1168'
+        .rsrc:
+            Entropy: 3.4111757391638116
+            Virtual Size: '0x780'
+        .reloc:
+            Entropy: 3.755788581312189
+            Virtual Size: '0x578'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2012-11-13 04:31:43'
+    Imphash: 3c91d549b68e320924bcde3856993e87
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: TmComm.sys
+    MD5: 2ddd3c0e23bc0fd63702910c597298b4
+    SHA1: 3fd7fda9c7dfdb2a845c39971572bd090bee3b1d
+    SHA256: a8027daa6facf1ff81405daf6763249e9acf232a1a191b6bf106711630e6188e
+    Authentihash:
+        MD5: 007d2afd1aa5ebcd3cfa447087156319
+        SHA1: a3e23bd4ea435781eb394581ac3fa1fe27e074ec
+        SHA256: 886b28af7d2907a61720da0b6ea5d88a9a8512ceb120e88889f3fedd6bf313b4
+    Description: TrendMicro Common Module
+    Company: Trend Micro Inc.
+    InternalName: TmComm.sys
+    OriginalFilename: TmComm.sys
+    FileVersion: 2.5.0.1121
+    Product: AEGIS
+    ProductVersion: '2.5'
+    Copyright: Copyright (C) 2005-2008 Trend Micro Incorporated. All rights reserved.
+    MachineType: I386
+    Imports:
+    - ntoskrnl.exe
+    - CLASSPNP.SYS
+    ExportedFunctions:
+    - ??0CAutoUpdateConfigThread@@QAE@ABV0@@Z
+    - ??0CAutoUpdateConfigThread@@QAE@PAU_UNICODE_STRING@@P6GX0PAX@Z1@Z
+    - ??0CBlobConfig@@QAE@ABV0@@Z
+    - ??0CBlobConfig@@QAE@K@Z
+    - ??0CContext@@QAE@ABV0@@Z
+    - ??0CContext@@QAE@KP6GJPAU_EVENT_REPORT@@PAXPAU_TMCE_REPORT@@PAU_TMCE_FEEDBACK@@@Z1K@Z
+    - ??0CContextList@@QAE@ABV0@@Z
+    - ??0CContextList@@QAE@KPAVIMemoryAllocator@@@Z
+    - ??0CDebugLog@@QAE@ABV0@@Z
+    - ??0CDebugLog@@QAE@PBG@Z
+    - ??0CExclusionExtConfig@@QAE@ABV0@@Z
+    - ??0CExclusionExtConfig@@QAE@KKE@Z
+    - ??0CExclusionFileNameConfig@@QAE@ABV0@@Z
+    - ??0CExclusionFileNameConfig@@QAE@KK@Z
+    - ??0CExclusionFilePathConfig@@QAE@ABV0@@Z
+    - ??0CExclusionFilePathConfig@@QAE@KK@Z
+    - ??0CExclusionFolderConfig@@QAE@ABV0@@Z
+    - ??0CExclusionFolderConfig@@QAE@KK@Z
+    - ??0CExclusionRegistryConfig@@QAE@ABV0@@Z
+    - ??0CExclusionRegistryConfig@@QAE@KK@Z
+    - ??0CFile@@QAE@ABV0@@Z
+    - ??0CFile@@QAE@E@Z
+    - ??0CFileExtension@@QAE@ABV0@@Z
+    - ??0CFileExtension@@QAE@KEEPAVIMemoryAllocator@@@Z
+    - ??0CKEvent@@QAE@ABV0@@Z
+    - ??0CKEvent@@QAE@W4_EVENT_TYPE@@E@Z
+    - ??0CList@@QAE@ABV0@@Z
+    - ??0CList@@QAE@KPAVIMemoryAllocator@@@Z
+    - ??0CLockEvent@@QAE@ABV0@@Z
+    - ??0CLockEvent@@QAE@XZ
+    - ??0CLockList@@QAE@ABV0@@Z
+    - ??0CLockList@@QAE@KKPAVIMemoryAllocator@@@Z
+    - ??0CMemoryAllocator@@IAE@W4_POOL_TYPE@@K@Z
+    - ??0CMemoryAllocator@@QAE@ABV0@@Z
+    - ??0CMemoryPoolAllocator@@IAE@W4_POOL_TYPE@@KKK@Z
+    - ??0CMemoryPoolAllocator@@QAE@ABV0@@Z
+    - ??0CModuleConfig@@QAE@ABV0@@Z
+    - ??0CModuleConfig@@QAE@XZ
+    - ??0CModuleConfigList@@QAE@ABV0@@Z
+    - ??0CModuleConfigList@@QAE@KPAVIMemoryAllocator@@@Z
+    - ??0CModuleFileExtConfig@@QAE@ABV0@@Z
+    - ??0CModuleFileExtConfig@@QAE@KKE@Z
+    - ??0CModuleFlagConfig@@QAE@ABV0@@Z
+    - ??0CModuleFlagConfig@@QAE@K@Z
+    - ??0CModuleMultiStringConfig@@QAE@ABV0@@Z
+    - ??0CModuleMultiStringConfig@@QAE@KK@Z
+    - ??0CModuleStringConfig@@QAE@ABV0@@Z
+    - ??0CModuleStringConfig@@QAE@K@Z
+    - ??0CSmartLock@@QAE@AAVCLockEvent@@@Z
+    - ??0CSmartLock@@QAE@XZ
+    - ??0CSmartReference@@QAE@AAJ@Z
+    - ??0CSmartReference@@QAE@AAK@Z
+    - ??0CStrList@@QAE@ABV0@@Z
+    - ??0CStrList@@QAE@KPAVIMemoryAllocator@@@Z
+    - ??0CSystemThread@@QAE@ABV0@@Z
+    - ??0CSystemThread@@QAE@K@Z
+    - ??0CUserFuncAdapterJob@@QAE@ABV0@@Z
+    - ??0CUserFuncAdapterJob@@QAE@P6GXPAX@Z0@Z
+    - ??0CWorkerThread@@IAE@PAVCWorkerThreadJobQueue@@@Z
+    - ??0CWorkerThread@@QAE@ABV0@@Z
+    - ??0CWorkerThreadJob@@QAE@ABV0@@Z
+    - ??0CWorkerThreadJob@@QAE@E@Z
+    - ??0CWorkerThreadJobQueue@@QAE@ABV0@@Z
+    - ??0CWorkerThreadJobQueue@@QAE@K@Z
+    - ??0CWorkerThreadPool@@QAE@ABV0@@Z
+    - ??0CWorkerThreadPool@@QAE@K@Z
+    - ??0IMemoryAllocator@@QAE@ABV0@@Z
+    - ??0IMemoryAllocator@@QAE@XZ
+    - ??1CAutoUpdateConfigThread@@UAE@XZ
+    - ??1CBlobConfig@@UAE@XZ
+    - ??1CContext@@UAE@XZ
+    - ??1CContextList@@UAE@XZ
+    - ??1CDebugLog@@UAE@XZ
+    - ??1CExclusionExtConfig@@UAE@XZ
+    - ??1CExclusionFileNameConfig@@UAE@XZ
+    - ??1CExclusionFilePathConfig@@UAE@XZ
+    - ??1CExclusionFolderConfig@@UAE@XZ
+    - ??1CExclusionRegistryConfig@@UAE@XZ
+    - ??1CFile@@UAE@XZ
+    - ??1CFileExtension@@UAE@XZ
+    - ??1CKEvent@@UAE@XZ
+    - ??1CList@@UAE@XZ
+    - ??1CLockEvent@@UAE@XZ
+    - ??1CLockList@@UAE@XZ
+    - ??1CMemoryAllocator@@UAE@XZ
+    - ??1CMemoryPoolAllocator@@UAE@XZ
+    - ??1CModuleConfig@@UAE@XZ
+    - ??1CModuleConfigList@@UAE@XZ
+    - ??1CModuleFileExtConfig@@UAE@XZ
+    - ??1CModuleFlagConfig@@UAE@XZ
+    - ??1CModuleMultiStringConfig@@UAE@XZ
+    - ??1CModuleStringConfig@@UAE@XZ
+    - ??1CSmartLock@@QAE@XZ
+    - ??1CSmartReference@@QAE@XZ
+    - ??1CStrList@@UAE@XZ
+    - ??1CSystemThread@@UAE@XZ
+    - ??1CUserFuncAdapterJob@@UAE@XZ
+    - ??1CWorkerThread@@UAE@XZ
+    - ??1CWorkerThreadJob@@UAE@XZ
+    - ??1CWorkerThreadJobQueue@@UAE@XZ
+    - ??1CWorkerThreadPool@@UAE@XZ
+    - ??1IMemoryAllocator@@UAE@XZ
+    - ??2@YAPAXIPAVIMemoryAllocator@@PBDK@Z
+    - ??2CMemoryAllocator@@SGPAXI@Z
+    - ??2CMemoryPoolAllocator@@SGPAXI@Z
+    - ??3@YAXPAX@Z
+    - ??3IMemoryAllocator@@SGXPAX@Z
+    - ??4CAutoUpdateConfigThread@@QAEAAV0@ABV0@@Z
+    - ??4CBlobConfig@@QAEAAV0@ABV0@@Z
+    - ??4CContext@@QAEAAV0@ABV0@@Z
+    - ??4CDebugLog@@QAEAAV0@ABV0@@Z
+    - ??4CFile@@QAEAAV0@ABV0@@Z
+    - ??4CKEvent@@QAEAAV0@ABV0@@Z
+    - ??4CLockEvent@@QAEAAV0@ABV0@@Z
+    - ??4CMemoryAllocator@@QAEAAV0@ABV0@@Z
+    - ??4CMemoryPoolAllocator@@QAEAAV0@ABV0@@Z
+    - ??4CModuleConfig@@QAEAAV0@ABV0@@Z
+    - ??4CModuleFlagConfig@@QAEAAV0@ABV0@@Z
+    - ??4CModuleStringConfig@@QAEAAV0@ABV0@@Z
+    - ??4CSmartLock@@QAEAAV0@ABV0@@Z
+    - ??4CSmartLock@@QAEABV0@AAVCLockEvent@@@Z
+    - ??4CSystemThread@@QAEAAV0@ABV0@@Z
+    - ??4CUserFuncAdapterJob@@QAEAAV0@ABV0@@Z
+    - ??4CWorkerThread@@QAEAAV0@ABV0@@Z
+    - ??4CWorkerThreadJob@@QAEAAV0@ABV0@@Z
+    - ??4IMemoryAllocator@@QAEAAV0@ABV0@@Z
+    - ??_7CAutoUpdateConfigThread@@6B@
+    - ??_7CBlobConfig@@6B@
+    - ??_7CContext@@6B@
+    - ??_7CContextList@@6B@
+    - ??_7CDebugLog@@6B@
+    - ??_7CExclusionExtConfig@@6B@
+    - ??_7CExclusionFileNameConfig@@6B@
+    - ??_7CExclusionFilePathConfig@@6B@
+    - ??_7CExclusionFolderConfig@@6B@
+    - ??_7CExclusionRegistryConfig@@6B@
+    - ??_7CFile@@6B@
+    - ??_7CFileExtension@@6B@
+    - ??_7CKEvent@@6B@
+    - ??_7CList@@6B@
+    - ??_7CLockEvent@@6B@
+    - ??_7CLockList@@6B@
+    - ??_7CMemoryAllocator@@6B@
+    - ??_7CMemoryPoolAllocator@@6B@
+    - ??_7CModuleConfig@@6B@
+    - ??_7CModuleConfigList@@6B@
+    - ??_7CModuleFileExtConfig@@6B@
+    - ??_7CModuleFlagConfig@@6B@
+    - ??_7CModuleMultiStringConfig@@6B@
+    - ??_7CModuleStringConfig@@6B@
+    - ??_7CStrList@@6B@
+    - ??_7CSystemThread@@6B@
+    - ??_7CUserFuncAdapterJob@@6B@
+    - ??_7CWorkerThread@@6B@
+    - ??_7CWorkerThreadJob@@6B@
+    - ??_7CWorkerThreadJobQueue@@6B@
+    - ??_7CWorkerThreadPool@@6B@
+    - ??_7IMemoryAllocator@@6B@
+    - ??_FCContextList@@QAEXXZ
+    - ??_FCFile@@QAEXXZ
+    - ??_FCFileExtension@@QAEXXZ
+    - ??_FCModuleConfigList@@QAEXXZ
+    - ??_FCStrList@@QAEXXZ
+    - ??_FCSystemThread@@QAEXXZ
+    - ??_FCWorkerThread@@QAEXXZ
+    - ??_FCWorkerThreadJob@@QAEXXZ
+    - ??_FCWorkerThreadJobQueue@@QAEXXZ
+    - ??_U@YAPAXIPAVIMemoryAllocator@@PBDK@Z
+    - ??_V@YAXPAX@Z
+    - ?Acquire@CLockEvent@@QAEXXZ
+    - ?Add@CContextList@@QAEEPAVCContext@@@Z
+    - ?Add@CFileExtension@@QAEEPBGK@Z
+    - ?Add@CModuleConfigList@@QAEEPAVCModuleConfig@@@Z
+    - ?Add@CStrList@@QAEEPBG@Z
+    - ?Alloc@CMemoryAllocator@@UAEPAXKPBDK@Z
+    - ?Alloc@CMemoryPoolAllocator@@UAEPAXKPBDK@Z
+    - ?AllocBlock@CMemoryPoolAllocator@@IAEPAXK@Z
+    - ?AttachJobQueue@CWorkerThread@@QAEXPAVCWorkerThreadJobQueue@@@Z
+    - ?Cancel@CWorkerThreadJob@@QAEXXZ
+    - ?CheckNode@CLockList@@UAEHQAX@Z
+    - ?CleanQueue@CWorkerThreadJobQueue@@QAEXXZ
+    - ?Cleanup@CBlobConfig@@AAEXXZ
+    - ?Cleanup@CModuleFileExtConfig@@IAEXXZ
+    - ?Cleanup@CModuleMultiStringConfig@@IAEXXZ
+    - ?Cleanup@CModuleStringConfig@@AAEXXZ
+    - ?Close@CFile@@QAEJXZ
+    - ?Count@CLockList@@QAEKXZ
+    - ?Create@CFile@@QAEJPBGKKKK@Z
+    - ?Create@CSystemThread@@QAEEXZ
+    - ?CreateInstance@CMemoryAllocator@@SGPAV1@W4_POOL_TYPE@@K@Z
+    - ?CreateInstance@CMemoryPoolAllocator@@SGPAV1@W4_POOL_TYPE@@KKK@Z
+    - ?CreatePool@CWorkerThreadPool@@QAEEXZ
+    - ?CreateThreads@CWorkerThreadPool@@QAEEK@Z
+    - ?CreateWIRP@CFile@@QAEJPBGKKKK@Z
+    - ?Delete@CFile@@QAEJXZ
+    - ?Delete@CFileExtension@@QAEEPBGK@Z
+    - ?Delete@CStrList@@QAEEPBG@Z
+    - ?DeleteAll@CList@@UAEXXZ
+    - ?DeleteAll@CLockList@@UAEXXZ
+    - ?DeleteNode@CContextList@@MAEXPAX@Z
+    - ?DeleteNode@CList@@UAEXPAX@Z
+    - ?DeleteNode@CModuleConfigList@@MAEXPAX@Z
+    - ?DeleteNode@CStrList@@EAEXPAU_STR_LIST_NODE@1@@Z
+    - ?DisableWriteProtectFromCR0@@YGXPAPAX@Z
+    - ?DoIt@CWorkerThreadJob@@QAEJXZ
+    - ?EntryPoint@CSystemThread@@KGXPAX@Z
+    - ?Find@CContextList@@QAEPAVCContext@@K@Z
+    - ?Find@CContextList@@QAEPAVCContext@@PAX@Z
+    - ?Find@CFileExtension@@QAEPAU_STR_LIST_NODE@CStrList@@PBGK@Z
+    - ?Find@CModuleConfigList@@QAEPAVCModuleConfig@@K@Z
+    - ?Find@CStrList@@QAEPAU_STR_LIST_NODE@1@PBG@Z
+    - ?FindNode@CContextList@@IAEPAXPAX@Z
+    - ?FindPartiallyAndAllMatch@CStrList@@QAEPAU_STR_LIST_NODE@1@PBG@Z
+    - ?First@CList@@UAEPAXXZ
+    - ?First@CLockList@@UAEPAXXZ
+    - ?Free@CMemoryAllocator@@UAEXPAX@Z
+    - ?Free@CMemoryPoolAllocator@@UAEXPAX@Z
+    - ?GetAttributes@CFile@@QAEKXZ
+    - ?GetBasicInfomration@CFile@@IAEJXZ
+    - ?GetBlobCofig@CContext@@UAEJKPAXPAK@Z
+    - ?GetCategory@CContext@@QAEKXZ
+    - ?GetData@CBlobConfig@@QAEHPAXPAK@Z
+    - ?GetData@CModuleFileExtConfig@@QAEHPAGPAK@Z
+    - ?GetData@CModuleFileExtConfig@@QAEPAVCFileExtension@@XZ
+    - ?GetData@CModuleFlagConfig@@QAEKXZ
+    - ?GetData@CModuleMultiStringConfig@@QAEHPAGPAK@Z
+    - ?GetData@CModuleMultiStringConfig@@QAEPAVCStrList@@XZ
+    - ?GetData@CModuleStringConfig@@QAEPAGXZ
+    - ?GetData@CStrList@@QAEEPAGPAK@Z
+    - ?GetDataType@CModuleConfig@@QAEKXZ
+    - ?GetEngineContext@CContext@@QAEPAXXZ
+    - ?GetFileExtensionConfig@CContext@@QAEPAVCFileExtension@@K@Z
+    - ?GetFileExtensionConfig@CContext@@UAEJKPAGPAK@Z
+    - ?GetFileSize@CFile@@QAEJPAT_LARGE_INTEGER@@@Z
+    - ?GetFlagConfig@CContext@@UAEJKPAK@Z
+    - ?GetID@CModuleConfig@@QAEKXZ
+    - ?GetJob@CWorkerThreadJobQueue@@QAEPAVCWorkerThreadJob@@XZ
+    - ?GetLength@CModuleStringConfig@@QAEKXZ
+    - ?GetLinkContext@CContext@@QAEPAXXZ
+    - ?GetLogFlag@CDebugLog@@QAEKXZ
+    - ?GetModuleId@CModuleConfig@@QAEKXZ
+    - ?GetMultiStringConfig@CContext@@QAEPAVCStrList@@K@Z
+    - ?GetMultiStringConfig@CContext@@UAEJKPAGPAK@Z
+    - ?GetOneThreadTEB@CWorkerThreadPool@@QAEPAU_ETHREAD@@XZ
+    - ?GetReportCallBackRoutine@CContext@@QAEKXZ
+    - ?GetSize@CBlobConfig@@QAEKXZ
+    - ?GetStringConfig@CContext@@QAEPAGK@Z
+    - ?GetStringConfig@CContext@@UAEJKPAGPAK@Z
+    - ?GetThreadCount@CWorkerThreadPool@@QAEKXZ
+    - ?GetThreadID@CSystemThread@@QAEKXZ
+    - ?GetType@CContext@@QAEKXZ
+    - ?GetUserParameter@CContext@@QAEKXZ
+    - ?InitializeBlobConfig@CContext@@QAEHKPAXK@Z
+    - ?InitializeFileExtensionConfig@CContext@@QAEHKPBG@Z
+    - ?InitializeFlagConfig@CContext@@QAEHKK@Z
+    - ?InitializeMultiStringConfig@CContext@@QAEHKPBG@Z
+    - ?InitializeStringConfig@CContext@@QAEHKPBG@Z
+    - ?Insert@CList@@UAEXQAXE@Z
+    - ?Insert@CLockList@@UAEXQAXE@Z
+    - ?InsertAfter@CList@@UAEXPAX0@Z
+    - ?InsertBefore@CList@@UAEXPAX0@Z
+    - ?InsertEx@CLockList@@UAEEQAXE@Z
+    - ?Instance@CWorkerThreadPool@@SGPAV1@XZ
+    - ?IsEmpty@CList@@UAEEXZ
+    - ?IsEmpty@CLockList@@UAEEXZ
+    - ?IsExceedLimitation@CMemoryPoolAllocator@@IAEEK@Z
+    - ?IsFull@CLockList@@QBEEXZ
+    - ?IsInExclusionList@CExclusionExtConfig@@QAEEPBG@Z
+    - ?IsInExclusionList@CExclusionFileNameConfig@@QAEEPBG@Z
+    - ?IsInExclusionList@CExclusionFilePathConfig@@QAEEPBG@Z
+    - ?IsInExclusionList@CExclusionFolderConfig@@QAEEPBG@Z
+    - ?IsInExclusionList@CExclusionRegistryConfig@@QAEEPBG@Z
+    - ?IsOpened@CFile@@QAEEXZ
+    - ?IsTerminated@CWorkerThreadPool@@QAEEXZ
+    - ?IsValid@CMemoryAllocator@@UAEEXZ
+    - ?IsValid@CMemoryPoolAllocator@@UAEEXZ
+    - ?IsValid@IMemoryAllocator@@UAEEXZ
+    - ?IsWorkerThread@CWorkerThreadPool@@QAEEK@Z
+    - ?JobFunction@CUserFuncAdapterJob@@MAEXXZ
+    - ?JobQueue@CWorkerThreadPool@@QAEAAVCWorkerThreadJobQueue@@XZ
+    - ?Limit@CLockList@@QAEKXZ
+    - ?MatchAllExtensions@CFileExtension@@QAEEXZ
+    - ?MatchNoExtensions@CFileExtension@@QAEEXZ
+    - ?MergeLeft@CMemoryPoolAllocator@@IAEPAXPAX@Z
+    - ?MergeRight@CMemoryPoolAllocator@@IAEPAXPAX@Z
+    - ?NeedDelete@CWorkerThreadJob@@QAEEXZ
+    - ?NeedDeleteWhenFinish@CWorkerThreadJob@@QAEXE@Z
+    - ?NewNode@CList@@UAEPAXXZ
+    - ?NewNode@CStrList@@EAEPAXXZ
+    - ?NewNodeVariant@CList@@IAEPAXK@Z
+    - ?Next@CList@@UBEPAXQAX@Z
+    - ?Next@CLockList@@UBEPAXQAX@Z
+    - ?NextPool@CMemoryPoolAllocator@@QAEPAV1@XZ
+    - ?NotityTerminate@CWorkerThread@@QAEXXZ
+    - ?PostJobToWorkerThread@CWorkerThreadPool@@QAEJP6GXPAX@Z0E@Z
+    - ?Pulse@CKEvent@@QAEJJE@Z
+    - ?QueueJob@CWorkerThreadJobQueue@@QAEEPAVCWorkerThreadJob@@@Z
+    - ?QueueJobItem@CWorkerThreadPool@@QAEJPAVCWorkerThreadJob@@@Z
+    - ?RCMInstance@CWorkerThreadPool@@SGPAV1@XZ
+    - ?Read@CFile@@QAEJPADKPAK@Z
+    - ?ReferenceCount@CContext@@QAEAAKXZ
+    - ?Release@CLockEvent@@QAEXXZ
+    - ?Remove@CContextList@@UAEEQAX@Z
+    - ?Remove@CList@@UAEEQAX@Z
+    - ?Remove@CLockList@@UAEEQAX@Z
+    - ?RemoveHead@CList@@UAEPAXXZ
+    - ?RemoveHead@CLockList@@UAEPAXXZ
+    - ?RemoveTail@CList@@UAEPAXXZ
+    - ?RemoveTail@CLockList@@UAEPAXXZ
+    - ?Reset@CKEvent@@QAEXXZ
+    - ?RestoreCR0@@YGXPAX@Z
+    - ?Run@CAutoUpdateConfigThread@@UAEXXZ
+    - ?Run@CWorkerThread@@UAEXXZ
+    - ?SeekToEnd@CFile@@QAEJXZ
+    - ?Set@CKEvent@@QAEJJE@Z
+    - ?SetAttributes@CFile@@QAEJK@Z
+    - ?SetBlobCofig@CContext@@UAEJKPAXK@Z
+    - ?SetData@CBlobConfig@@QAEHPAXK@Z
+    - ?SetData@CModuleFileExtConfig@@QAEHPBG@Z
+    - ?SetData@CModuleFlagConfig@@QAEHK@Z
+    - ?SetData@CModuleMultiStringConfig@@QAEHPBG@Z
+    - ?SetData@CModuleStringConfig@@QAEHPBG@Z
+    - ?SetEngineContext@CContext@@QAEXPAX@Z
+    - ?SetFileExtensionConfig@CContext@@UAEJKPBG@Z
+    - ?SetFlagConfig@CContext@@UAEJKK@Z
+    - ?SetLinkContext@CContext@@QAEXPAX@Z
+    - ?SetLogFlag@CDebugLog@@QAEEK@Z
+    - ?SetMatchAllExtensions@CFileExtension@@QAEXE@Z
+    - ?SetMatchNoExtensions@CFileExtension@@QAEXE@Z
+    - ?SetMultiStringConfig@CContext@@UAEJKPBG@Z
+    - ?SetNewJobItemEvent@CWorkerThreadJobQueue@@QAEXXZ
+    - ?SetPriority@CSystemThread@@QAEXK@Z
+    - ?SetStopUse@CContext@@QAEXXZ
+    - ?SetStringConfig@CContext@@UAEJKPBG@Z
+    - ?Setup@CSystemThread@@MAEXXZ
+    - ?StopUse@CContext@@QAEHXZ
+    - ?TearDown@CSystemThread@@MAEXXZ
+    - ?Terminate@CSystemThread@@QAEXE@Z
+    - ?Terminate@CWorkerThreadPool@@QAEEXZ
+    - ?TmExceptionFilter@@YGJPAU_EXCEPTION_POINTERS@@@Z
+    - ?Wait@CKEvent@@QAEJPAT_LARGE_INTEGER@@E@Z
+    - ?WaitFinish@CWorkerThreadJob@@QAEXXZ
+    - ?WaitNewJobAvailable@CWorkerThreadJobQueue@@QAEEXZ
+    - ?Write@CDebugLog@@QAAXPBDZZ
+    - ?Write@CFile@@QAEJPADKPAT_LARGE_INTEGER@@PAK@Z
+    - ?WriteSystemInformation@CDebugLog@@QAEXXZ
+    - ?WriteSystemStringInformation@CDebugLog@@IAEXPBG@Z
+    - ?WriteToFile@CDebugLog@@IAEXPADK@Z
+    - ?_pNonPagedAllocator@@3PAVCMemoryAllocator@@A
+    - ?_pPagedAllocator@@3PAVCMemoryAllocator@@A
+    - ?m_lpInstance@CWorkerThreadPool@@1PAV1@A
+    - ?m_lpRCMInstance@CWorkerThreadPool@@1PAV1@A
+    - _DeInitKmLPC@0
+    - _GetModuleInfoByAddress@8
+    - _GetModuleInfoByModuleName@8
+    - _InitKmLPC@0
+    - _KmCallUm@8
+    - _MapMem@12
+    - _ModGetExportProcAddress@8
+    - _ModLoadDLLToBuffer@4
+    - _ModLoadModule@8
+    - _ModUnLoadModule@4
+    - _NormalizeFileName@4
+    - _NormalizeFullNtPathToDosName@4
+    - _TmCommConfigRoutine@4
+    - _UnMapMem@8
+    - _UtilGetFileObjectForProcessByEPROC@8
+    - _UtilGetProcessName@12
+    - _UtilGetSystemTime@4
+    - _UtilIoSetFileInfo@24
+    - _UtilIopCreateFileIRP@40
+    - _UtilKeGetLowFileDevice@16
+    - _UtilQueryKeyValue@24
+    - _UtilVolumeDeviceToDosName@8
+    - _UtilWaitValueChangeToZero@8
+    - _UtilWriteVersionToRegistry@8
+    - _UtilbuildDynamicDiskMappingTable@0
+    - __UtilDosPathNameToNtPathName@12
+    ImportedFunctions:
+    - KeEnterCriticalRegion
+    - KeGetCurrentThread
+    - KeLeaveCriticalRegion
+    - ExReleaseFastMutexUnsafe
+    - wcsncpy
+    - memcpy
+    - wcsrchr
+    - KeSetEvent
+    - KePulseEvent
+    - KeClearEvent
+    - KeInitializeSemaphore
+    - KeWaitForSingleObject
+    - DbgPrint
+    - KeReleaseSemaphore
+    - RtlSubAuthoritySid
+    - RtlInitializeSid
+    - ExAllocatePoolWithTag
+    - RtlLengthRequiredSid
+    - ExFreePoolWithTag
+    - RtlSetDaclSecurityDescriptor
+    - RtlCreateSecurityDescriptor
+    - RtlAddAccessAllowedAce
+    - RtlCreateAcl
+    - ObfDereferenceObject
+    - ZwSetEvent
+    - ZwClose
+    - KeUnstackDetachProcess
+    - ZwRequestWaitReplyPort
+    - memmove
+    - KeStackAttachProcess
+    - ZwConnectPort
+    - RtlInitUnicodeString
+    - ZwCreateSection
+    - ZwWaitForSingleObject
+    - ZwOpenEvent
+    - ObfReferenceObject
+    - IoGetCurrentProcess
+    - memset
+    - MmIsAddressValid
+    - ZwWriteFile
+    - ZwReadFile
+    - ZwQueryInformationFile
+    - ZwSetInformationFile
+    - ZwCreateFile
+    - swprintf
+    - towupper
+    - _wcsnicmp
+    - KeInitializeEvent
+    - _snprintf
+    - PsGetCurrentProcessId
+    - RtlTimeToTimeFields
+    - ExSystemTimeToLocalTime
+    - KeQuerySystemTime
+    - ZwCreateKey
+    - ZwCreateEvent
+    - KeWaitForMultipleObjects
+    - ObReferenceObjectByHandle
+    - ZwNotifyChangeKey
+    - PsGetCurrentThreadId
+    - _vsnprintf
+    - MmMapLockedPagesSpecifyCache
+    - MmBuildMdlForNonPagedPool
+    - MmCreateMdl
+    - MmUnmapLockedPages
+    - KeSetPriorityThread
+    - PsTerminateSystemThread
+    - PsCreateSystemThread
+    - KeNumberProcessors
+    - ZwQuerySystemInformation
+    - ZwQueryDirectoryFile
+    - ZwOpenDirectoryObject
+    - ZwQueryDirectoryObject
+    - ZwDuplicateObject
+    - ZwOpenKey
+    - ZwEnumerateKey
+    - ZwEnumerateValueKey
+    - ZwQueryValueKey
+    - ZwDeleteValueKey
+    - ZwDeleteKey
+    - ExGetPreviousMode
+    - ExAcquireFastMutexUnsafe
+    - ObOpenObjectByPointer
+    - PsProcessType
+    - ZwOpenProcess
+    - ZwQueryKey
+    - ZwSetValueKey
+    - IoFreeIrp
+    - IoBuildAsynchronousFsdRequest
+    - ProbeForWrite
+    - _stricmp
+    - RtlImageNtHeader
+    - _strnicmp
+    - RtlQueryRegistryValues
+    - RtlAppendUnicodeToString
+    - KeDelayExecutionThread
+    - mbstowcs
+    - ZwQuerySymbolicLinkObject
+    - ZwOpenSymbolicLinkObject
+    - RtlEqualUnicodeString
+    - IoFileObjectType
+    - IoCreateFile
+    - IofCallDriver
+    - IoAllocateIrp
+    - IoFreeMdl
+    - IoAllocateMdl
+    - PsGetVersion
+    - MmGetSystemRoutineAddress
+    - RtlCompareMemory
+    - RtlCopyUnicodeString
+    - KeBugCheckEx
+    - RtlAppendUnicodeStringToString
+    - IofCompleteRequest
+    - ExEventObjectType
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - IoCreateSymbolicLink
+    - ProbeForRead
+    - IoGetDeviceObjectPointer
+    - ExAllocatePool
+    - RtlUpperChar
+    - RtlCompareUnicodeString
+    - PsLookupProcessByProcessId
+    - strncpy
+    - KeServiceDescriptorTable
+    - NtOpenProcess
+    - ObReferenceObjectByPointer
+    - MmSectionObjectType
+    - ObQueryNameString
+    - ObOpenObjectByName
+    - NtQueryInformationProcess
+    - _snwprintf
+    - RtlAnsiStringToUnicodeString
+    - KeAddSystemServiceTable
+    - ZwQueryObject
+    - ZwQuerySecurityObject
+    - ObInsertObject
+    - _allrem
+    - IoReleaseVpbSpinLock
+    - IoAcquireVpbSpinLock
+    - SeCreateAccessState
+    - IoGetFileObjectGenericMapping
+    - ObCreateObject
+    - KeTickCount
+    - RtlUnwind
+    - ZwSetSecurityObject
+    - IoDeviceObjectType
+    - IoCreateDevice
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetSaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - RtlLengthSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - SeExports
+    - IoIsWdmVersionAvailable
+    - RtlLengthSid
+    - wcschr
+    - RtlAbsoluteToSelfRelativeSD
+    - RtlFreeUnicodeString
+    - ZwTerminateProcess
+    - _purecall
+    - ClassInitialize
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=TW, ST=Taiwan, L=Taipei, O=Trend Micro, Inc., OU=Digital ID
+                Class 3 , Microsoft Software Validation v2, OU=RD, CN=Trend Micro,
+                Inc.
+            ValidFrom: '2008-01-16 00:00:00'
+            ValidTo: '2011-02-16 23:59:59'
+            Signature: 5a693868cea6ba49064b801a0d9e12887a37cbb92cca2950cc5e99c2df9aec5697422e67cd042836daf09a09e739f625255841fed1ec9657cb8b3edc08c55c302574cbdb3f7de2798ed769d766402619b48041f9d90f8c904488788412b1c632055e1afc4a5bbac642cb626bd20fece0feaa6cf9b287887788cf64586309a14a644b5f0595c0ddcb7d789831faedb48451e40e342da4ccbc38a5e992e57e7ce5328d531a8c68e61f9dc9be65605c1bedf3358579000b91a19b3be388bac36b58ca76b72358bd8e74e0a7b08b0587bb7a29758c01af40b80e8e72c76abd3a2babfe7c1ed6e7b1cd9b0221a605062b6d9d0ceb57e0eb305fdc5eb5bf6ea442f4c9
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 645212f783f4d7aba3555729e99ce065
+            Version: 3
+            TBS:
+                MD5: e00f0a38c65f7c0b9f19b97448d6a0e3
+                SHA1: 91c033a2f289418c4101654dceacef1b25bb55d0
+                SHA256: 38b3fcbdb734b0e3439f3c9a3c4c1712091f577d2b616d41224137faf7ba7c86
+                SHA384: d3a0e6ebbe1b8a4847fa56fa62a48d76fc223870a66d30de9ce77fe5ff4ac0eeb84644ab4b67a7c4638ce79dec03a62d
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 645212f783f4d7aba3555729e99ce065
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: fd5680b44e33c644adb2a11aaf9c107b
+        SHA1: 797adadf7d576be425cefa156494b0e490b2fc81
+        SHA256: bf0ee0f8675bb1fbe955bd5eedb7f49b38a8af2e99a9f101d826baf830fe6c55
+    Sections:
+        .text:
+            Entropy: 6.6478031768375745
+            Virtual Size: '0x17825'
+        .rdata:
+            Entropy: 4.7004676283988225
+            Virtual Size: '0x1264'
+        .data:
+            Entropy: 3.6386414949123287
+            Virtual Size: '0x1540'
+        PAGE:
+            Entropy: 6.26271001272151
+            Virtual Size: '0x13d3'
+        .edata:
+            Entropy: 5.78968591064354
+            Virtual Size: '0x4127'
+        INIT:
+            Entropy: 5.628599099939535
+            Virtual Size: '0x104c'
+        .rsrc:
+            Entropy: 3.379624116145044
+            Virtual Size: '0x498'
+        .reloc:
+            Entropy: 6.408585235130312
+            Virtual Size: '0x17d2'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2008-10-27 22:11:08'
+    Imphash: beb40a1e9d5c89308d1c56958ddac27d
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: TmComm.sys
+    MD5: 3e4a1384a27013ab7b767a88b8a1bd34
+    SHA1: ae344c123ef6d206235f2a8448d07f86433db5a6
+    SHA256: a903f329b70f0078197cb7683aae1bb432eaf58572fe572f7cb4bc2080042d7e
+    Authentihash:
+        MD5: 32f1d8b0fca32fd72a762cfa58870978
+        SHA1: aef6765d5e4281854562e8e88cc09f5571ab17bc
+        SHA256: 2ffbb534c73106a2879d5a9d4ad3436c8d3ab8ac6aa8b217e26a6492fa1d16d0
+    Description: TrendMicro Common Module
+    Company: Trend Micro Inc.
+    InternalName: TmComm.sys
+    OriginalFilename: TmComm.sys
+    FileVersion: 1.6.0.1052
+    Product: ActiveClean
+    ProductVersion: '1.6'
+    Copyright: Copyright (C) 2005-2007 Trend Micro Incorporated. All rights reserved.
+    MachineType: I386
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions:
+    - ??0CAutoUpdateConfigThread@@QAE@ABV0@@Z
+    - ??0CAutoUpdateConfigThread@@QAE@PAU_UNICODE_STRING@@P6GX0PAX@Z1@Z
+    - ??0CContext@@QAE@ABV0@@Z
+    - ??0CContext@@QAE@KP6GXPAU_TMCE_EVENT_REPORT@@PAX@Z1@Z
+    - ??0CContextList@@QAE@ABV0@@Z
+    - ??0CContextList@@QAE@KPAVIMemoryAllocator@@@Z
+    - ??0CDebugLog@@QAE@ABV0@@Z
+    - ??0CDebugLog@@QAE@PBG@Z
+    - ??0CFile@@QAE@ABV0@@Z
+    - ??0CFile@@QAE@E@Z
+    - ??0CFileExtension@@QAE@ABV0@@Z
+    - ??0CFileExtension@@QAE@KEEPAVIMemoryAllocator@@@Z
+    - ??0CKEvent@@QAE@ABV0@@Z
+    - ??0CKEvent@@QAE@W4_EVENT_TYPE@@E@Z
+    - ??0CList@@QAE@ABV0@@Z
+    - ??0CList@@QAE@KPAVIMemoryAllocator@@@Z
+    - ??0CLockEvent@@QAE@ABV0@@Z
+    - ??0CLockEvent@@QAE@XZ
+    - ??0CLockList@@QAE@ABV0@@Z
+    - ??0CLockList@@QAE@KKPAVIMemoryAllocator@@@Z
+    - ??0CMemoryAllocator@@IAE@W4_POOL_TYPE@@K@Z
+    - ??0CMemoryAllocator@@QAE@ABV0@@Z
+    - ??0CMemoryPoolAllocator@@IAE@W4_POOL_TYPE@@KKK@Z
+    - ??0CMemoryPoolAllocator@@QAE@ABV0@@Z
+    - ??0CModuleConfig@@QAE@ABV0@@Z
+    - ??0CModuleConfig@@QAE@XZ
+    - ??0CModuleConfigList@@QAE@ABV0@@Z
+    - ??0CModuleConfigList@@QAE@KPAVIMemoryAllocator@@@Z
+    - ??0CModuleFileExtConfig@@QAE@ABV0@@Z
+    - ??0CModuleFileExtConfig@@QAE@K@Z
+    - ??0CModuleFlagConfig@@QAE@ABV0@@Z
+    - ??0CModuleFlagConfig@@QAE@K@Z
+    - ??0CModuleMultiStringConfig@@QAE@ABV0@@Z
+    - ??0CModuleMultiStringConfig@@QAE@K@Z
+    - ??0CModuleStringConfig@@QAE@ABV0@@Z
+    - ??0CModuleStringConfig@@QAE@K@Z
+    - ??0CSmartLock@@QAE@AAVCLockEvent@@@Z
+    - ??0CSmartLock@@QAE@XZ
+    - ??0CSmartReference@@QAE@AAJ@Z
+    - ??0CSmartReference@@QAE@AAK@Z
+    - ??0CStrList@@QAE@ABV0@@Z
+    - ??0CStrList@@QAE@KPAVIMemoryAllocator@@@Z
+    - ??0CSystemThread@@QAE@ABV0@@Z
+    - ??0CSystemThread@@QAE@K@Z
+    - ??0CUserFuncAdapterJob@@QAE@ABV0@@Z
+    - ??0CUserFuncAdapterJob@@QAE@P6GXPAX@Z0@Z
+    - ??0CWorkerThread@@IAE@PAVCWorkerThreadJobQueue@@@Z
+    - ??0CWorkerThread@@QAE@ABV0@@Z
+    - ??0CWorkerThreadJob@@QAE@ABV0@@Z
+    - ??0CWorkerThreadJob@@QAE@E@Z
+    - ??0CWorkerThreadJobQueue@@QAE@ABV0@@Z
+    - ??0CWorkerThreadJobQueue@@QAE@K@Z
+    - ??0CWorkerThreadPool@@QAE@ABV0@@Z
+    - ??0CWorkerThreadPool@@QAE@K@Z
+    - ??0IMemoryAllocator@@QAE@ABV0@@Z
+    - ??0IMemoryAllocator@@QAE@XZ
+    - ??1CAutoUpdateConfigThread@@UAE@XZ
+    - ??1CContext@@UAE@XZ
+    - ??1CContextList@@UAE@XZ
+    - ??1CDebugLog@@UAE@XZ
+    - ??1CFile@@UAE@XZ
+    - ??1CFileExtension@@UAE@XZ
+    - ??1CKEvent@@UAE@XZ
+    - ??1CList@@UAE@XZ
+    - ??1CLockEvent@@UAE@XZ
+    - ??1CLockList@@UAE@XZ
+    - ??1CMemoryAllocator@@UAE@XZ
+    - ??1CMemoryPoolAllocator@@UAE@XZ
+    - ??1CModuleConfig@@UAE@XZ
+    - ??1CModuleConfigList@@UAE@XZ
+    - ??1CModuleFileExtConfig@@UAE@XZ
+    - ??1CModuleFlagConfig@@UAE@XZ
+    - ??1CModuleMultiStringConfig@@UAE@XZ
+    - ??1CModuleStringConfig@@UAE@XZ
+    - ??1CSmartLock@@QAE@XZ
+    - ??1CSmartReference@@QAE@XZ
+    - ??1CStrList@@UAE@XZ
+    - ??1CSystemThread@@UAE@XZ
+    - ??1CUserFuncAdapterJob@@UAE@XZ
+    - ??1CWorkerThread@@UAE@XZ
+    - ??1CWorkerThreadJob@@UAE@XZ
+    - ??1CWorkerThreadJobQueue@@UAE@XZ
+    - ??1CWorkerThreadPool@@UAE@XZ
+    - ??1IMemoryAllocator@@UAE@XZ
+    - ??2@YAPAXIPAVIMemoryAllocator@@PBDK@Z
+    - ??2CMemoryAllocator@@SGPAXI@Z
+    - ??2CMemoryPoolAllocator@@SGPAXI@Z
+    - ??3@YAXPAX@Z
+    - ??3IMemoryAllocator@@SGXPAX@Z
+    - ??4CAutoUpdateConfigThread@@QAEAAV0@ABV0@@Z
+    - ??4CContext@@QAEAAV0@ABV0@@Z
+    - ??4CDebugLog@@QAEAAV0@ABV0@@Z
+    - ??4CFile@@QAEAAV0@ABV0@@Z
+    - ??4CKEvent@@QAEAAV0@ABV0@@Z
+    - ??4CLockEvent@@QAEAAV0@ABV0@@Z
+    - ??4CMemoryAllocator@@QAEAAV0@ABV0@@Z
+    - ??4CMemoryPoolAllocator@@QAEAAV0@ABV0@@Z
+    - ??4CModuleConfig@@QAEAAV0@ABV0@@Z
+    - ??4CModuleFlagConfig@@QAEAAV0@ABV0@@Z
+    - ??4CModuleStringConfig@@QAEAAV0@ABV0@@Z
+    - ??4CSmartLock@@QAEAAV0@ABV0@@Z
+    - ??4CSmartLock@@QAEABV0@AAVCLockEvent@@@Z
+    - ??4CSystemThread@@QAEAAV0@ABV0@@Z
+    - ??4CUserFuncAdapterJob@@QAEAAV0@ABV0@@Z
+    - ??4CWorkerThread@@QAEAAV0@ABV0@@Z
+    - ??4CWorkerThreadJob@@QAEAAV0@ABV0@@Z
+    - ??4IMemoryAllocator@@QAEAAV0@ABV0@@Z
+    - ??_7CAutoUpdateConfigThread@@6B@
+    - ??_7CContext@@6B@
+    - ??_7CContextList@@6B@
+    - ??_7CDebugLog@@6B@
+    - ??_7CFile@@6B@
+    - ??_7CFileExtension@@6B@
+    - ??_7CKEvent@@6B@
+    - ??_7CList@@6B@
+    - ??_7CLockEvent@@6B@
+    - ??_7CLockList@@6B@
+    - ??_7CMemoryAllocator@@6B@
+    - ??_7CMemoryPoolAllocator@@6B@
+    - ??_7CModuleConfig@@6B@
+    - ??_7CModuleConfigList@@6B@
+    - ??_7CModuleFileExtConfig@@6B@
+    - ??_7CModuleFlagConfig@@6B@
+    - ??_7CModuleMultiStringConfig@@6B@
+    - ??_7CModuleStringConfig@@6B@
+    - ??_7CStrList@@6B@
+    - ??_7CSystemThread@@6B@
+    - ??_7CUserFuncAdapterJob@@6B@
+    - ??_7CWorkerThread@@6B@
+    - ??_7CWorkerThreadJob@@6B@
+    - ??_7CWorkerThreadJobQueue@@6B@
+    - ??_7CWorkerThreadPool@@6B@
+    - ??_7IMemoryAllocator@@6B@
+    - ??_FCContextList@@QAEXXZ
+    - ??_FCFile@@QAEXXZ
+    - ??_FCFileExtension@@QAEXXZ
+    - ??_FCModuleConfigList@@QAEXXZ
+    - ??_FCStrList@@QAEXXZ
+    - ??_FCSystemThread@@QAEXXZ
+    - ??_FCWorkerThread@@QAEXXZ
+    - ??_FCWorkerThreadJob@@QAEXXZ
+    - ??_FCWorkerThreadJobQueue@@QAEXXZ
+    - ??_U@YAPAXIPAVIMemoryAllocator@@PBDK@Z
+    - ??_V@YAXPAX@Z
+    - ?Acquire@CLockEvent@@QAEXXZ
+    - ?Add@CContextList@@QAEEPAVCContext@@@Z
+    - ?Add@CFileExtension@@QAEEPBGK@Z
+    - ?Add@CModuleConfigList@@QAEEPAVCModuleConfig@@@Z
+    - ?Add@CStrList@@QAEEPBG@Z
+    - ?Alloc@CMemoryAllocator@@UAEPAXKPBDK@Z
+    - ?Alloc@CMemoryPoolAllocator@@UAEPAXKPBDK@Z
+    - ?AllocBlock@CMemoryPoolAllocator@@IAEPAXK@Z
+    - ?AttachJobQueue@CWorkerThread@@QAEXPAVCWorkerThreadJobQueue@@@Z
+    - ?Cancel@CWorkerThreadJob@@QAEXXZ
+    - ?CleanQueue@CWorkerThreadJobQueue@@QAEXXZ
+    - ?Cleanup@CModuleFileExtConfig@@AAEXXZ
+    - ?Cleanup@CModuleMultiStringConfig@@AAEXXZ
+    - ?Cleanup@CModuleStringConfig@@AAEXXZ
+    - ?Close@CFile@@QAEJXZ
+    - ?Count@CLockList@@QAEKXZ
+    - ?Create@CFile@@QAEJPBGKKKK@Z
+    - ?Create@CSystemThread@@QAEEXZ
+    - ?CreateInstance@CMemoryAllocator@@SGPAV1@W4_POOL_TYPE@@K@Z
+    - ?CreateInstance@CMemoryPoolAllocator@@SGPAV1@W4_POOL_TYPE@@KKK@Z
+    - ?CreatePool@CWorkerThreadPool@@QAEEXZ
+    - ?CreateThreads@CWorkerThreadPool@@QAEEK@Z
+    - ?Delete@CFile@@QAEJXZ
+    - ?Delete@CFileExtension@@QAEEPBGK@Z
+    - ?Delete@CStrList@@QAEEPBG@Z
+    - ?DeleteAll@CList@@UAEXXZ
+    - ?DeleteAll@CLockList@@UAEXXZ
+    - ?DeleteNode@CContextList@@MAEXPAX@Z
+    - ?DeleteNode@CList@@UAEXPAX@Z
+    - ?DeleteNode@CModuleConfigList@@MAEXPAX@Z
+    - ?DeleteNode@CStrList@@EAEXPAU_STR_LIST_NODE@1@@Z
+    - ?DoIt@CWorkerThreadJob@@QAEJXZ
+    - ?EntryPoint@CSystemThread@@KGXPAX@Z
+    - ?Find@CContextList@@QAEPAVCContext@@K@Z
+    - ?Find@CContextList@@QAEPAVCContext@@PAX@Z
+    - ?Find@CFileExtension@@QAEPAU_STR_LIST_NODE@CStrList@@PBGK@Z
+    - ?Find@CModuleConfigList@@QAEPAVCModuleConfig@@K@Z
+    - ?Find@CStrList@@QAEPAU_STR_LIST_NODE@1@PBG@Z
+    - ?FindNode@CContextList@@IAEPAXPAX@Z
+    - ?FindPartiallyAndAllMatch@CStrList@@QAEPAU_STR_LIST_NODE@1@PBG@Z
+    - ?First@CList@@UAEPAXXZ
+    - ?First@CLockList@@UAEPAXXZ
+    - ?Free@CMemoryAllocator@@UAEXPAX@Z
+    - ?Free@CMemoryPoolAllocator@@UAEXPAX@Z
+    - ?GetAttributes@CFile@@QAEKXZ
+    - ?GetBasicInfomration@CFile@@IAEJXZ
+    - ?GetCategory@CContext@@QAEKXZ
+    - ?GetCatetory@CModuleConfig@@QAEKXZ
+    - ?GetData@CModuleFileExtConfig@@QAEHPAGPAK@Z
+    - ?GetData@CModuleFileExtConfig@@QAEPAVCFileExtension@@XZ
+    - ?GetData@CModuleFlagConfig@@QAEKXZ
+    - ?GetData@CModuleMultiStringConfig@@QAEHPAGPAK@Z
+    - ?GetData@CModuleMultiStringConfig@@QAEPAVCStrList@@XZ
+    - ?GetData@CModuleStringConfig@@QAEPAGXZ
+    - ?GetData@CStrList@@QAEEPAGPAK@Z
+    - ?GetFileExtensionConfig@CContext@@QAEPAVCFileExtension@@K@Z
+    - ?GetFileExtensionConfig@CContext@@UAEHKPAGPAK@Z
+    - ?GetFileSize@CFile@@QAEJPAT_LARGE_INTEGER@@@Z
+    - ?GetFlagConfig@CContext@@UAEHKPAK@Z
+    - ?GetID@CModuleConfig@@QAEKXZ
+    - ?GetJob@CWorkerThreadJobQueue@@QAEPAVCWorkerThreadJob@@XZ
+    - ?GetLength@CModuleStringConfig@@QAEKXZ
+    - ?GetLinkContext@CContext@@QAEPAXXZ
+    - ?GetLogFlag@CDebugLog@@QAEKXZ
+    - ?GetMultiStringConfig@CContext@@QAEPAVCStrList@@K@Z
+    - ?GetMultiStringConfig@CContext@@UAEHKPAGPAK@Z
+    - ?GetOneThreadTEB@CWorkerThreadPool@@QAEPAU_ETHREAD@@XZ
+    - ?GetReportCallBackRoutine@CContext@@QAEKXZ
+    - ?GetStringConfig@CContext@@QAEPAGK@Z
+    - ?GetStringConfig@CContext@@UAEHKPAGPAK@Z
+    - ?GetThreadCount@CWorkerThreadPool@@QAEKXZ
+    - ?GetThreadID@CSystemThread@@QAEKXZ
+    - ?GetType@CContext@@QAEKXZ
+    - ?GetType@CModuleConfig@@QAEKXZ
+    - ?GetUserParameter@CContext@@QAEKXZ
+    - ?InitializeFileExtensionConfig@CContext@@QAEHKPBG@Z
+    - ?InitializeFlagConfig@CContext@@QAEHKK@Z
+    - ?InitializeMultiStringConfig@CContext@@QAEHKPBG@Z
+    - ?InitializeStringConfig@CContext@@QAEHKPBG@Z
+    - ?Insert@CList@@UAEXQAXE@Z
+    - ?Insert@CLockList@@UAEXQAXE@Z
+    - ?InsertAfter@CList@@UAEXPAX0@Z
+    - ?InsertBefore@CList@@UAEXPAX0@Z
+    - ?Instance@CWorkerThreadPool@@SGPAV1@XZ
+    - ?IsEmpty@CList@@UAEEXZ
+    - ?IsEmpty@CLockList@@UAEEXZ
+    - ?IsExceedLimitation@CMemoryPoolAllocator@@IAEEK@Z
+    - ?IsFull@CLockList@@QBEEXZ
+    - ?IsOpened@CFile@@QAEEXZ
+    - ?IsTerminated@CWorkerThreadPool@@QAEEXZ
+    - ?IsValid@CMemoryAllocator@@UAEEXZ
+    - ?IsValid@CMemoryPoolAllocator@@UAEEXZ
+    - ?IsValid@IMemoryAllocator@@UAEEXZ
+    - ?IsWorkerThread@CWorkerThreadPool@@QAEEK@Z
+    - ?JobFunction@CUserFuncAdapterJob@@MAEXXZ
+    - ?JobQueue@CWorkerThreadPool@@QAEAAVCWorkerThreadJobQueue@@XZ
+    - ?Limit@CLockList@@QAEKXZ
+    - ?MatchAllExtensions@CFileExtension@@QAEEXZ
+    - ?MatchNoExtensions@CFileExtension@@QAEEXZ
+    - ?MergeLeft@CMemoryPoolAllocator@@IAEPAXPAX@Z
+    - ?MergeRight@CMemoryPoolAllocator@@IAEPAXPAX@Z
+    - ?NeedDelete@CWorkerThreadJob@@QAEEXZ
+    - ?NeedDeleteWhenFinish@CWorkerThreadJob@@QAEXE@Z
+    - ?NewNode@CList@@UAEPAXXZ
+    - ?NewNode@CStrList@@EAEPAXXZ
+    - ?NewNodeVariant@CList@@IAEPAXK@Z
+    - ?Next@CList@@UBEPAXQAX@Z
+    - ?Next@CLockList@@UBEPAXQAX@Z
+    - ?NextPool@CMemoryPoolAllocator@@QAEPAV1@XZ
+    - ?NotityTerminate@CWorkerThread@@QAEXXZ
+    - ?PostJobToWorkerThread@CWorkerThreadPool@@QAEJP6GXPAX@Z0E@Z
+    - ?Pulse@CKEvent@@QAEJJE@Z
+    - ?QueueJob@CWorkerThreadJobQueue@@QAEEPAVCWorkerThreadJob@@@Z
+    - ?QueueJobItem@CWorkerThreadPool@@QAEJPAVCWorkerThreadJob@@@Z
+    - ?Read@CFile@@QAEJPADKPAK@Z
+    - ?ReferenceCount@CContext@@QAEAAKXZ
+    - ?Release@CLockEvent@@QAEXXZ
+    - ?Remove@CContextList@@UAEEQAX@Z
+    - ?Remove@CList@@UAEEQAX@Z
+    - ?Remove@CLockList@@UAEEQAX@Z
+    - ?RemoveHead@CList@@UAEPAXXZ
+    - ?RemoveHead@CLockList@@UAEPAXXZ
+    - ?RemoveTail@CList@@UAEPAXXZ
+    - ?RemoveTail@CLockList@@UAEPAXXZ
+    - ?Reset@CKEvent@@QAEXXZ
+    - ?Run@CAutoUpdateConfigThread@@UAEXXZ
+    - ?Run@CWorkerThread@@UAEXXZ
+    - ?SeekToEnd@CFile@@QAEJXZ
+    - ?Set@CKEvent@@QAEJJE@Z
+    - ?SetAttributes@CFile@@QAEJK@Z
+    - ?SetData@CModuleFileExtConfig@@QAEHPBG@Z
+    - ?SetData@CModuleFlagConfig@@QAEHK@Z
+    - ?SetData@CModuleMultiStringConfig@@QAEHPBG@Z
+    - ?SetData@CModuleStringConfig@@QAEHPBG@Z
+    - ?SetFileExtensionConfig@CContext@@UAEHKPBG@Z
+    - ?SetFlagConfig@CContext@@UAEHKK@Z
+    - ?SetLinkContext@CContext@@QAEXPAX@Z
+    - ?SetLogFlag@CDebugLog@@QAEEK@Z
+    - ?SetMatchAllExtensions@CFileExtension@@QAEXE@Z
+    - ?SetMatchNoExtensions@CFileExtension@@QAEXE@Z
+    - ?SetMultiStringConfig@CContext@@UAEHKPBG@Z
+    - ?SetNewJobItemEvent@CWorkerThreadJobQueue@@QAEXXZ
+    - ?SetPriority@CSystemThread@@QAEXK@Z
+    - ?SetStopUse@CContext@@QAEXXZ
+    - ?SetStringConfig@CContext@@UAEHKPBG@Z
+    - ?Setup@CSystemThread@@MAEXXZ
+    - ?StopUse@CContext@@QAEHXZ
+    - ?TearDown@CSystemThread@@MAEXXZ
+    - ?Terminate@CSystemThread@@QAEXE@Z
+    - ?Terminate@CWorkerThreadPool@@QAEEXZ
+    - ?TmExceptionFilter@@YGJPAU_EXCEPTION_POINTERS@@@Z
+    - ?Wait@CKEvent@@QAEJPAT_LARGE_INTEGER@@E@Z
+    - ?WaitFinish@CWorkerThreadJob@@QAEXXZ
+    - ?WaitNewJobAvailable@CWorkerThreadJobQueue@@QAEEXZ
+    - ?Write@CDebugLog@@QAAXPBDZZ
+    - ?Write@CFile@@QAEJPADKPAT_LARGE_INTEGER@@PAK@Z
+    - ?WriteSystemInformation@CDebugLog@@QAEXXZ
+    - ?WriteSystemStringInformation@CDebugLog@@IAEXPBG@Z
+    - ?WriteToFile@CDebugLog@@IAEXPADK@Z
+    - ?_pNonPagedAllocator@@3PAVCMemoryAllocator@@A
+    - ?_pPagedAllocator@@3PAVCMemoryAllocator@@A
+    - ?m_lpInstance@CWorkerThreadPool@@1PAV1@A
+    - _GetModuleInfoByAddress@8
+    - _GetModuleInfoByModuleName@8
+    - _MapMem@12
+    - _ModGetExportProcAddress@8
+    - _ModLoadDLLToBuffer@4
+    - _ModLoadModule@8
+    - _ModUnLoadModule@4
+    - _TmCommConfigRoutine@4
+    - _UnMapMem@8
+    - _UtilGetProcessName@8
+    - _UtilGetSystemTime@4
+    - _UtilIoSetFileInfo@24
+    - _UtilIopCreateFileIRP@40
+    - _UtilKeGetLowFileDevice@16
+    - _UtilQueryKeyValue@24
+    - _UtilVolumeDeviceToDosName@8
+    - _UtilWaitValueChangeToZero@8
+    - _UtilWriteVersionToRegistry@8
+    ImportedFunctions:
+    - KeInitializeEvent
+    - _purecall
+    - ExAcquireFastMutexUnsafe
+    - KeEnterCriticalRegion
+    - KeGetCurrentThread
+    - KeLeaveCriticalRegion
+    - ExReleaseFastMutexUnsafe
+    - wcsncpy
+    - KeSetEvent
+    - KePulseEvent
+    - KeClearEvent
+    - IofCompleteRequest
+    - ZwClose
+    - KeDelayExecutionThread
+    - ObfDereferenceObject
+    - ObReferenceObjectByHandle
+    - ExEventObjectType
+    - ZwCreateEvent
+    - RtlInitUnicodeString
+    - swprintf
+    - KeQuerySystemTime
+    - KeWaitForSingleObject
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - IoCreateSymbolicLink
+    - RtlCopyUnicodeString
+    - ProbeForWrite
+    - ProbeForRead
+    - ExGetPreviousMode
+    - DbgPrint
+    - memset
+    - MmIsAddressValid
+    - ZwWriteFile
+    - ZwReadFile
+    - ZwQueryInformationFile
+    - ZwSetInformationFile
+    - ZwCreateFile
+    - towupper
+    - _wcsnicmp
+    - memcpy
+    - sprintf
+    - PsGetCurrentProcessId
+    - IoGetCurrentProcess
+    - RtlTimeToTimeFields
+    - ExSystemTimeToLocalTime
+    - ZwCreateKey
+    - KeWaitForMultipleObjects
+    - ZwNotifyChangeKey
+    - PsGetCurrentThreadId
+    - vsprintf
+    - MmMapLockedPagesSpecifyCache
+    - MmBuildMdlForNonPagedPool
+    - MmCreateMdl
+    - ExFreePoolWithTag
+    - MmUnmapLockedPages
+    - ExAllocatePoolWithTag
+    - RtlImageNtHeader
+    - mbstowcs
+    - _stricmp
+    - ZwQuerySystemInformation
+    - IoGetDeviceObjectPointer
+    - KeServiceDescriptorTable
+    - KeSetPriorityThread
+    - PsTerminateSystemThread
+    - PsCreateSystemThread
+    - KeNumberProcessors
+    - ZwQueryDirectoryFile
+    - ZwOpenDirectoryObject
+    - ZwQueryDirectoryObject
+    - ZwDuplicateObject
+    - ZwOpenKey
+    - ZwEnumerateKey
+    - ZwEnumerateValueKey
+    - ZwQueryValueKey
+    - ZwDeleteValueKey
+    - ZwDeleteKey
+    - ZwQueryKey
+    - ZwSetValueKey
+    - ZwQuerySecurityObject
+    - ObInsertObject
+    - IoFileObjectType
+    - _allrem
+    - PsLookupProcessByProcessId
+    - strncpy
+    - NtOpenProcess
+    - ObOpenObjectByPointer
+    - PsProcessType
+    - ObReferenceObjectByPointer
+    - KeUnstackDetachProcess
+    - MmSectionObjectType
+    - KeStackAttachProcess
+    - ObQueryNameString
+    - ObOpenObjectByName
+    - RtlAppendUnicodeStringToString
+    - NtQueryInformationProcess
+    - RtlAnsiStringToUnicodeString
+    - _strnicmp
+    - RtlQueryRegistryValues
+    - RtlAppendUnicodeToString
+    - ZwQuerySymbolicLinkObject
+    - ZwOpenSymbolicLinkObject
+    - RtlEqualUnicodeString
+    - IoCreateFile
+    - IoFreeIrp
+    - IoReleaseVpbSpinLock
+    - IoAcquireVpbSpinLock
+    - IofCallDriver
+    - SeCreateAccessState
+    - IoGetFileObjectGenericMapping
+    - ObCreateObject
+    - IoAllocateIrp
+    - IoFreeMdl
+    - IoAllocateMdl
+    - PsGetVersion
+    - MmGetSystemRoutineAddress
+    - KeTickCount
+    - KeBugCheckEx
+    - ZwSetSecurityObject
+    - IoDeviceObjectType
+    - IoCreateDevice
+    - RtlUnwind
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetSaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - _snwprintf
+    - RtlLengthSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - SeExports
+    - IoIsWdmVersionAvailable
+    - RtlAddAccessAllowedAce
+    - RtlLengthSid
+    - wcschr
+    - RtlAbsoluteToSelfRelativeSD
+    - RtlSetDaclSecurityDescriptor
+    - RtlCreateSecurityDescriptor
+    - RtlFreeUnicodeString
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2008-12-03 23:59:59'
+            Signature: 877870da4e5201205be079c98230c4fdb91996bd9100c3bdcdcdc6f40ed8fff94dc033623011c5f5741bd492de5f9c2013b17c45be50cd83e7801783a72793671346fbcab8984103cc9b515b058b7fa86ff31b501b242ef2698d6c22f7bbca1695ed0c74c06877d9eb996287c17390f889747a23aba3987b97b1f78f29714d2e751b4841daf0b50d2054d677a097826369fd09cf8af075bb099bd9f91155269a6132be7a02b07b86bea2c38b222c78d13576bc92735cf9b9e64c150a23cce4d2d4342e4940153c0f607a24c6a566ef96cf70eb3ee7f40d7edcd17ca3767169c19c4f47303521b1a2af1a623c2bd98eaa2a077bd818b35c7be29da56ffe3c89ad
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0de92bf0d4d82988183205095e9a7688
+            Version: 3
+            TBS:
+                MD5: 45c204b8a20f6abb0188d2d38a3fb0c9
+                SHA1: cdf3a3c5c2eda4c29621f30fd3154f9f8c765739
+                SHA256: e32839dddc0f4ed2474efaf37f59d46db400c700fd19533cb0895a111124bc77
+                SHA384: ee9c75832cb252218b3201619852209df490d2ef7a5f7a28afdb37f1c1dd56f4604898838e558f615b1c798d4a488223
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=TW, ST=Taiwan, L=Taipei, O=Trend Micro, Inc., OU=Digital ID
+                Class 3 , Microsoft Software Validation v2, OU=RD, CN=Trend Micro,
+                Inc.
+            ValidFrom: '2006-01-20 00:00:00'
+            ValidTo: '2007-02-14 23:59:59'
+            Signature: 1cac25cad86c51f4576b3418ffcb10db11a2c24511d265ae343a6ea1cbd451223028151c63d1d75b95464083978c405a14fba8d2a2832c631a4c627cba1c9a2e957c381e24aa49cde6d45788e3ad48f0525db52080a83c55fb558cab104f1a3f9fd24fd3b2875132c02e709bd81cb750bc0f498267b1c28f9187eb63f7ac8217947b0275175dab5b8b6b57f8f785e38a38e851a0ec096eab530b219e9e9c5c2460ac97d5977cc90ab4cd9fcfd02b79b4099f099fb81910c680ff181f6c9baaf33fb128b18ee7939f45e537191e2f202fc358aed24b37a0d669a024cdb8630c99390e248e2907c25e5c9ca75008e0f915cfd5388cc889e6335e85de06a5e7fe97
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 681ce312057f03f206153b679ec06cb9
+            Version: 3
+            TBS:
+                MD5: 190c4a172b309e1a6c672bef0dc442a3
+                SHA1: 0ef8720411ec5275234f4db0aedb0415bf63a45f
+                SHA256: dc9eb159ce2b994bb915ae48f8c38d16a54e1db0cc158ec9b0ff71041a1c73eb
+                SHA384: ac482274816fcb062d883896039ae2659f67612cd4b9aa289ccbc28d949b0c16f6622f03aae1fbcdc4b9aeff216f40b7
+        Signer:
+        -   SerialNumber: 681ce312057f03f206153b679ec06cb9
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: ff2bc468594df99870a9307d5333053d
+        SHA1: 9f3851edc3496cf5959366adf6f791fc32b797bb
+        SHA256: 6086e316a4760ea6d1f73fa8682dd0c2a3111dca50bc01d10e7fd3ec249ec8c8
+    Sections:
+        .text:
+            Entropy: 6.563438799635112
+            Virtual Size: '0xecd3'
+        .rdata:
+            Entropy: 4.708176627227074
+            Virtual Size: '0xf14'
+        .data:
+            Entropy: 2.3615129599002604
+            Virtual Size: '0xa08'
+        PAGE:
+            Entropy: 6.251571950480721
+            Virtual Size: '0x13ac'
+        .edata:
+            Entropy: 5.713739669407665
+            Virtual Size: '0x378d'
+        INIT:
+            Entropy: 5.5819159173403365
+            Virtual Size: '0xdd6'
+        .rsrc:
+            Entropy: 3.3891505677436533
+            Virtual Size: '0x4a0'
+        .reloc:
+            Entropy: 6.309665717791699
+            Virtual Size: '0x1002'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2007-01-24 02:45:21'
+    Imphash: 5713a0c2b363c49706fa0e60151511a8
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: TmComm.sys
+    MD5: f65e545771fd922693f0ec68b2141012
+    SHA1: 850f15fd67d9177a50f3efef07a805b9613f50d6
+    SHA256: adc10de960f40fa9f6e28449748250fa9ddfd331115b77a79809a50c606753ee
+    Authentihash:
+        MD5: 18831ebdbd1eb06f09fe812e958dd2e0
+        SHA1: 5d39543a15234f7d472d5d9132bd0d0faa7cdcd3
+        SHA256: c264c3d71a57a5dff031d74bd2f6ef715eff603cc8078df123e862603e096be4
+    Description: TrendMicro Common Module
+    Company: Trend Micro Inc.
+    InternalName: TmComm.sys
+    OriginalFilename: TmComm.sys
+    FileVersion: 2.2.0.1016
+    Product: AEGIS
+    ProductVersion: '2.2'
+    Copyright: Copyright (C) 2005-2008 Trend Micro Incorporated. All rights reserved.
+    MachineType: I386
+    Imports:
+    - ntoskrnl.exe
+    - CLASSPNP.SYS
+    ExportedFunctions:
+    - ??0CAutoUpdateConfigThread@@QAE@ABV0@@Z
+    - ??0CAutoUpdateConfigThread@@QAE@PAU_UNICODE_STRING@@P6GX0PAX@Z1@Z
+    - ??0CBlobConfig@@QAE@ABV0@@Z
+    - ??0CBlobConfig@@QAE@K@Z
+    - ??0CContext@@QAE@ABV0@@Z
+    - ??0CContext@@QAE@KP6GJPAU_EVENT_REPORT@@PAXPAU_TMCE_REPORT@@PAU_TMCE_FEEDBACK@@@Z1K@Z
+    - ??0CContextList@@QAE@ABV0@@Z
+    - ??0CContextList@@QAE@KPAVIMemoryAllocator@@@Z
+    - ??0CDebugLog@@QAE@ABV0@@Z
+    - ??0CDebugLog@@QAE@PBG@Z
+    - ??0CExclusionExtConfig@@QAE@ABV0@@Z
+    - ??0CExclusionExtConfig@@QAE@KKE@Z
+    - ??0CExclusionFileNameConfig@@QAE@ABV0@@Z
+    - ??0CExclusionFileNameConfig@@QAE@KK@Z
+    - ??0CExclusionFilePathConfig@@QAE@ABV0@@Z
+    - ??0CExclusionFilePathConfig@@QAE@KK@Z
+    - ??0CExclusionFolderConfig@@QAE@ABV0@@Z
+    - ??0CExclusionFolderConfig@@QAE@KK@Z
+    - ??0CExclusionRegistryConfig@@QAE@ABV0@@Z
+    - ??0CExclusionRegistryConfig@@QAE@KK@Z
+    - ??0CFile@@QAE@ABV0@@Z
+    - ??0CFile@@QAE@E@Z
+    - ??0CFileExtension@@QAE@ABV0@@Z
+    - ??0CFileExtension@@QAE@KEEPAVIMemoryAllocator@@@Z
+    - ??0CKEvent@@QAE@ABV0@@Z
+    - ??0CKEvent@@QAE@W4_EVENT_TYPE@@E@Z
+    - ??0CList@@QAE@ABV0@@Z
+    - ??0CList@@QAE@KPAVIMemoryAllocator@@@Z
+    - ??0CLockEvent@@QAE@ABV0@@Z
+    - ??0CLockEvent@@QAE@XZ
+    - ??0CLockList@@QAE@ABV0@@Z
+    - ??0CLockList@@QAE@KKPAVIMemoryAllocator@@@Z
+    - ??0CMemoryAllocator@@IAE@W4_POOL_TYPE@@K@Z
+    - ??0CMemoryAllocator@@QAE@ABV0@@Z
+    - ??0CMemoryPoolAllocator@@IAE@W4_POOL_TYPE@@KKK@Z
+    - ??0CMemoryPoolAllocator@@QAE@ABV0@@Z
+    - ??0CModuleConfig@@QAE@ABV0@@Z
+    - ??0CModuleConfig@@QAE@XZ
+    - ??0CModuleConfigList@@QAE@ABV0@@Z
+    - ??0CModuleConfigList@@QAE@KPAVIMemoryAllocator@@@Z
+    - ??0CModuleFileExtConfig@@QAE@ABV0@@Z
+    - ??0CModuleFileExtConfig@@QAE@KKE@Z
+    - ??0CModuleFlagConfig@@QAE@ABV0@@Z
+    - ??0CModuleFlagConfig@@QAE@K@Z
+    - ??0CModuleMultiStringConfig@@QAE@ABV0@@Z
+    - ??0CModuleMultiStringConfig@@QAE@KK@Z
+    - ??0CModuleStringConfig@@QAE@ABV0@@Z
+    - ??0CModuleStringConfig@@QAE@K@Z
+    - ??0CSmartLock@@QAE@AAVCLockEvent@@@Z
+    - ??0CSmartLock@@QAE@XZ
+    - ??0CSmartReference@@QAE@AAJ@Z
+    - ??0CSmartReference@@QAE@AAK@Z
+    - ??0CStrList@@QAE@ABV0@@Z
+    - ??0CStrList@@QAE@KPAVIMemoryAllocator@@@Z
+    - ??0CSystemThread@@QAE@ABV0@@Z
+    - ??0CSystemThread@@QAE@K@Z
+    - ??0CUserFuncAdapterJob@@QAE@ABV0@@Z
+    - ??0CUserFuncAdapterJob@@QAE@P6GXPAX@Z0@Z
+    - ??0CWorkerThread@@IAE@PAVCWorkerThreadJobQueue@@@Z
+    - ??0CWorkerThread@@QAE@ABV0@@Z
+    - ??0CWorkerThreadJob@@QAE@ABV0@@Z
+    - ??0CWorkerThreadJob@@QAE@E@Z
+    - ??0CWorkerThreadJobQueue@@QAE@ABV0@@Z
+    - ??0CWorkerThreadJobQueue@@QAE@K@Z
+    - ??0CWorkerThreadPool@@QAE@ABV0@@Z
+    - ??0CWorkerThreadPool@@QAE@K@Z
+    - ??0IMemoryAllocator@@QAE@ABV0@@Z
+    - ??0IMemoryAllocator@@QAE@XZ
+    - ??1CAutoUpdateConfigThread@@UAE@XZ
+    - ??1CBlobConfig@@UAE@XZ
+    - ??1CContext@@UAE@XZ
+    - ??1CContextList@@UAE@XZ
+    - ??1CDebugLog@@UAE@XZ
+    - ??1CExclusionExtConfig@@UAE@XZ
+    - ??1CExclusionFileNameConfig@@UAE@XZ
+    - ??1CExclusionFilePathConfig@@UAE@XZ
+    - ??1CExclusionFolderConfig@@UAE@XZ
+    - ??1CExclusionRegistryConfig@@UAE@XZ
+    - ??1CFile@@UAE@XZ
+    - ??1CFileExtension@@UAE@XZ
+    - ??1CKEvent@@UAE@XZ
+    - ??1CList@@UAE@XZ
+    - ??1CLockEvent@@UAE@XZ
+    - ??1CLockList@@UAE@XZ
+    - ??1CMemoryAllocator@@UAE@XZ
+    - ??1CMemoryPoolAllocator@@UAE@XZ
+    - ??1CModuleConfig@@UAE@XZ
+    - ??1CModuleConfigList@@UAE@XZ
+    - ??1CModuleFileExtConfig@@UAE@XZ
+    - ??1CModuleFlagConfig@@UAE@XZ
+    - ??1CModuleMultiStringConfig@@UAE@XZ
+    - ??1CModuleStringConfig@@UAE@XZ
+    - ??1CSmartLock@@QAE@XZ
+    - ??1CSmartReference@@QAE@XZ
+    - ??1CStrList@@UAE@XZ
+    - ??1CSystemThread@@UAE@XZ
+    - ??1CUserFuncAdapterJob@@UAE@XZ
+    - ??1CWorkerThread@@UAE@XZ
+    - ??1CWorkerThreadJob@@UAE@XZ
+    - ??1CWorkerThreadJobQueue@@UAE@XZ
+    - ??1CWorkerThreadPool@@UAE@XZ
+    - ??1IMemoryAllocator@@UAE@XZ
+    - ??2@YAPAXIPAVIMemoryAllocator@@PBDK@Z
+    - ??2CMemoryAllocator@@SGPAXI@Z
+    - ??2CMemoryPoolAllocator@@SGPAXI@Z
+    - ??3@YAXPAX@Z
+    - ??3IMemoryAllocator@@SGXPAX@Z
+    - ??4CAutoUpdateConfigThread@@QAEAAV0@ABV0@@Z
+    - ??4CBlobConfig@@QAEAAV0@ABV0@@Z
+    - ??4CContext@@QAEAAV0@ABV0@@Z
+    - ??4CDebugLog@@QAEAAV0@ABV0@@Z
+    - ??4CFile@@QAEAAV0@ABV0@@Z
+    - ??4CKEvent@@QAEAAV0@ABV0@@Z
+    - ??4CLockEvent@@QAEAAV0@ABV0@@Z
+    - ??4CMemoryAllocator@@QAEAAV0@ABV0@@Z
+    - ??4CMemoryPoolAllocator@@QAEAAV0@ABV0@@Z
+    - ??4CModuleConfig@@QAEAAV0@ABV0@@Z
+    - ??4CModuleFlagConfig@@QAEAAV0@ABV0@@Z
+    - ??4CModuleStringConfig@@QAEAAV0@ABV0@@Z
+    - ??4CSmartLock@@QAEAAV0@ABV0@@Z
+    - ??4CSmartLock@@QAEABV0@AAVCLockEvent@@@Z
+    - ??4CSystemThread@@QAEAAV0@ABV0@@Z
+    - ??4CUserFuncAdapterJob@@QAEAAV0@ABV0@@Z
+    - ??4CWorkerThread@@QAEAAV0@ABV0@@Z
+    - ??4CWorkerThreadJob@@QAEAAV0@ABV0@@Z
+    - ??4IMemoryAllocator@@QAEAAV0@ABV0@@Z
+    - ??_7CAutoUpdateConfigThread@@6B@
+    - ??_7CBlobConfig@@6B@
+    - ??_7CContext@@6B@
+    - ??_7CContextList@@6B@
+    - ??_7CDebugLog@@6B@
+    - ??_7CExclusionExtConfig@@6B@
+    - ??_7CExclusionFileNameConfig@@6B@
+    - ??_7CExclusionFilePathConfig@@6B@
+    - ??_7CExclusionFolderConfig@@6B@
+    - ??_7CExclusionRegistryConfig@@6B@
+    - ??_7CFile@@6B@
+    - ??_7CFileExtension@@6B@
+    - ??_7CKEvent@@6B@
+    - ??_7CList@@6B@
+    - ??_7CLockEvent@@6B@
+    - ??_7CLockList@@6B@
+    - ??_7CMemoryAllocator@@6B@
+    - ??_7CMemoryPoolAllocator@@6B@
+    - ??_7CModuleConfig@@6B@
+    - ??_7CModuleConfigList@@6B@
+    - ??_7CModuleFileExtConfig@@6B@
+    - ??_7CModuleFlagConfig@@6B@
+    - ??_7CModuleMultiStringConfig@@6B@
+    - ??_7CModuleStringConfig@@6B@
+    - ??_7CStrList@@6B@
+    - ??_7CSystemThread@@6B@
+    - ??_7CUserFuncAdapterJob@@6B@
+    - ??_7CWorkerThread@@6B@
+    - ??_7CWorkerThreadJob@@6B@
+    - ??_7CWorkerThreadJobQueue@@6B@
+    - ??_7CWorkerThreadPool@@6B@
+    - ??_7IMemoryAllocator@@6B@
+    - ??_FCContextList@@QAEXXZ
+    - ??_FCFile@@QAEXXZ
+    - ??_FCFileExtension@@QAEXXZ
+    - ??_FCModuleConfigList@@QAEXXZ
+    - ??_FCStrList@@QAEXXZ
+    - ??_FCSystemThread@@QAEXXZ
+    - ??_FCWorkerThread@@QAEXXZ
+    - ??_FCWorkerThreadJob@@QAEXXZ
+    - ??_FCWorkerThreadJobQueue@@QAEXXZ
+    - ??_U@YAPAXIPAVIMemoryAllocator@@PBDK@Z
+    - ??_V@YAXPAX@Z
+    - ?Acquire@CLockEvent@@QAEXXZ
+    - ?Add@CContextList@@QAEEPAVCContext@@@Z
+    - ?Add@CFileExtension@@QAEEPBGK@Z
+    - ?Add@CModuleConfigList@@QAEEPAVCModuleConfig@@@Z
+    - ?Add@CStrList@@QAEEPBG@Z
+    - ?Alloc@CMemoryAllocator@@UAEPAXKPBDK@Z
+    - ?Alloc@CMemoryPoolAllocator@@UAEPAXKPBDK@Z
+    - ?AllocBlock@CMemoryPoolAllocator@@IAEPAXK@Z
+    - ?AttachJobQueue@CWorkerThread@@QAEXPAVCWorkerThreadJobQueue@@@Z
+    - ?Cancel@CWorkerThreadJob@@QAEXXZ
+    - ?CheckNode@CLockList@@UAEHQAX@Z
+    - ?CleanQueue@CWorkerThreadJobQueue@@QAEXXZ
+    - ?Cleanup@CBlobConfig@@AAEXXZ
+    - ?Cleanup@CModuleFileExtConfig@@IAEXXZ
+    - ?Cleanup@CModuleMultiStringConfig@@IAEXXZ
+    - ?Cleanup@CModuleStringConfig@@AAEXXZ
+    - ?Close@CFile@@QAEJXZ
+    - ?Count@CLockList@@QAEKXZ
+    - ?Create@CFile@@QAEJPBGKKKK@Z
+    - ?Create@CSystemThread@@QAEEXZ
+    - ?CreateInstance@CMemoryAllocator@@SGPAV1@W4_POOL_TYPE@@K@Z
+    - ?CreateInstance@CMemoryPoolAllocator@@SGPAV1@W4_POOL_TYPE@@KKK@Z
+    - ?CreatePool@CWorkerThreadPool@@QAEEXZ
+    - ?CreateThreads@CWorkerThreadPool@@QAEEK@Z
+    - ?CreateWIRP@CFile@@QAEJPBGKKKK@Z
+    - ?Delete@CFile@@QAEJXZ
+    - ?Delete@CFileExtension@@QAEEPBGK@Z
+    - ?Delete@CStrList@@QAEEPBG@Z
+    - ?DeleteAll@CList@@UAEXXZ
+    - ?DeleteAll@CLockList@@UAEXXZ
+    - ?DeleteNode@CContextList@@MAEXPAX@Z
+    - ?DeleteNode@CList@@UAEXPAX@Z
+    - ?DeleteNode@CModuleConfigList@@MAEXPAX@Z
+    - ?DeleteNode@CStrList@@EAEXPAU_STR_LIST_NODE@1@@Z
+    - ?DisableWriteProtectFromCR0@@YGXPAPAX@Z
+    - ?DoIt@CWorkerThreadJob@@QAEJXZ
+    - ?EntryPoint@CSystemThread@@KGXPAX@Z
+    - ?Find@CContextList@@QAEPAVCContext@@K@Z
+    - ?Find@CContextList@@QAEPAVCContext@@PAX@Z
+    - ?Find@CFileExtension@@QAEPAU_STR_LIST_NODE@CStrList@@PBGK@Z
+    - ?Find@CModuleConfigList@@QAEPAVCModuleConfig@@K@Z
+    - ?Find@CStrList@@QAEPAU_STR_LIST_NODE@1@PBG@Z
+    - ?FindNode@CContextList@@IAEPAXPAX@Z
+    - ?FindPartiallyAndAllMatch@CStrList@@QAEPAU_STR_LIST_NODE@1@PBG@Z
+    - ?First@CList@@UAEPAXXZ
+    - ?First@CLockList@@UAEPAXXZ
+    - ?Free@CMemoryAllocator@@UAEXPAX@Z
+    - ?Free@CMemoryPoolAllocator@@UAEXPAX@Z
+    - ?GetAttributes@CFile@@QAEKXZ
+    - ?GetBasicInfomration@CFile@@IAEJXZ
+    - ?GetBlobCofig@CContext@@UAEJKPAXPAK@Z
+    - ?GetCategory@CContext@@QAEKXZ
+    - ?GetData@CBlobConfig@@QAEHPAXPAK@Z
+    - ?GetData@CModuleFileExtConfig@@QAEHPAGPAK@Z
+    - ?GetData@CModuleFileExtConfig@@QAEPAVCFileExtension@@XZ
+    - ?GetData@CModuleFlagConfig@@QAEKXZ
+    - ?GetData@CModuleMultiStringConfig@@QAEHPAGPAK@Z
+    - ?GetData@CModuleMultiStringConfig@@QAEPAVCStrList@@XZ
+    - ?GetData@CModuleStringConfig@@QAEPAGXZ
+    - ?GetData@CStrList@@QAEEPAGPAK@Z
+    - ?GetDataType@CModuleConfig@@QAEKXZ
+    - ?GetEngineContext@CContext@@QAEPAXXZ
+    - ?GetFileExtensionConfig@CContext@@QAEPAVCFileExtension@@K@Z
+    - ?GetFileExtensionConfig@CContext@@UAEJKPAGPAK@Z
+    - ?GetFileSize@CFile@@QAEJPAT_LARGE_INTEGER@@@Z
+    - ?GetFlagConfig@CContext@@UAEJKPAK@Z
+    - ?GetID@CModuleConfig@@QAEKXZ
+    - ?GetJob@CWorkerThreadJobQueue@@QAEPAVCWorkerThreadJob@@XZ
+    - ?GetLength@CModuleStringConfig@@QAEKXZ
+    - ?GetLinkContext@CContext@@QAEPAXXZ
+    - ?GetLogFlag@CDebugLog@@QAEKXZ
+    - ?GetModuleId@CModuleConfig@@QAEKXZ
+    - ?GetMultiStringConfig@CContext@@QAEPAVCStrList@@K@Z
+    - ?GetMultiStringConfig@CContext@@UAEJKPAGPAK@Z
+    - ?GetOneThreadTEB@CWorkerThreadPool@@QAEPAU_ETHREAD@@XZ
+    - ?GetReportCallBackRoutine@CContext@@QAEKXZ
+    - ?GetSize@CBlobConfig@@QAEKXZ
+    - ?GetStringConfig@CContext@@QAEPAGK@Z
+    - ?GetStringConfig@CContext@@UAEJKPAGPAK@Z
+    - ?GetThreadCount@CWorkerThreadPool@@QAEKXZ
+    - ?GetThreadID@CSystemThread@@QAEKXZ
+    - ?GetType@CContext@@QAEKXZ
+    - ?GetUserParameter@CContext@@QAEKXZ
+    - ?InitializeBlobConfig@CContext@@QAEHKPAXK@Z
+    - ?InitializeFileExtensionConfig@CContext@@QAEHKPBG@Z
+    - ?InitializeFlagConfig@CContext@@QAEHKK@Z
+    - ?InitializeMultiStringConfig@CContext@@QAEHKPBG@Z
+    - ?InitializeStringConfig@CContext@@QAEHKPBG@Z
+    - ?Insert@CList@@UAEXQAXE@Z
+    - ?Insert@CLockList@@UAEXQAXE@Z
+    - ?InsertAfter@CList@@UAEXPAX0@Z
+    - ?InsertBefore@CList@@UAEXPAX0@Z
+    - ?Instance@CWorkerThreadPool@@SGPAV1@XZ
+    - ?IsEmpty@CList@@UAEEXZ
+    - ?IsEmpty@CLockList@@UAEEXZ
+    - ?IsExceedLimitation@CMemoryPoolAllocator@@IAEEK@Z
+    - ?IsFull@CLockList@@QBEEXZ
+    - ?IsInExclusionList@CExclusionExtConfig@@QAEEPBG@Z
+    - ?IsInExclusionList@CExclusionFileNameConfig@@QAEEPBG@Z
+    - ?IsInExclusionList@CExclusionFilePathConfig@@QAEEPBG@Z
+    - ?IsInExclusionList@CExclusionFolderConfig@@QAEEPBG@Z
+    - ?IsInExclusionList@CExclusionRegistryConfig@@QAEEPBG@Z
+    - ?IsOpened@CFile@@QAEEXZ
+    - ?IsTerminated@CWorkerThreadPool@@QAEEXZ
+    - ?IsValid@CMemoryAllocator@@UAEEXZ
+    - ?IsValid@CMemoryPoolAllocator@@UAEEXZ
+    - ?IsValid@IMemoryAllocator@@UAEEXZ
+    - ?IsWorkerThread@CWorkerThreadPool@@QAEEK@Z
+    - ?JobFunction@CUserFuncAdapterJob@@MAEXXZ
+    - ?JobQueue@CWorkerThreadPool@@QAEAAVCWorkerThreadJobQueue@@XZ
+    - ?Limit@CLockList@@QAEKXZ
+    - ?MatchAllExtensions@CFileExtension@@QAEEXZ
+    - ?MatchNoExtensions@CFileExtension@@QAEEXZ
+    - ?MergeLeft@CMemoryPoolAllocator@@IAEPAXPAX@Z
+    - ?MergeRight@CMemoryPoolAllocator@@IAEPAXPAX@Z
+    - ?NeedDelete@CWorkerThreadJob@@QAEEXZ
+    - ?NeedDeleteWhenFinish@CWorkerThreadJob@@QAEXE@Z
+    - ?NewNode@CList@@UAEPAXXZ
+    - ?NewNode@CStrList@@EAEPAXXZ
+    - ?NewNodeVariant@CList@@IAEPAXK@Z
+    - ?Next@CList@@UBEPAXQAX@Z
+    - ?Next@CLockList@@UBEPAXQAX@Z
+    - ?NextPool@CMemoryPoolAllocator@@QAEPAV1@XZ
+    - ?NotityTerminate@CWorkerThread@@QAEXXZ
+    - ?PostJobToWorkerThread@CWorkerThreadPool@@QAEJP6GXPAX@Z0E@Z
+    - ?Pulse@CKEvent@@QAEJJE@Z
+    - ?QueueJob@CWorkerThreadJobQueue@@QAEEPAVCWorkerThreadJob@@@Z
+    - ?QueueJobItem@CWorkerThreadPool@@QAEJPAVCWorkerThreadJob@@@Z
+    - ?RCMInstance@CWorkerThreadPool@@SGPAV1@XZ
+    - ?Read@CFile@@QAEJPADKPAK@Z
+    - ?ReferenceCount@CContext@@QAEAAKXZ
+    - ?Release@CLockEvent@@QAEXXZ
+    - ?Remove@CContextList@@UAEEQAX@Z
+    - ?Remove@CList@@UAEEQAX@Z
+    - ?Remove@CLockList@@UAEEQAX@Z
+    - ?RemoveHead@CList@@UAEPAXXZ
+    - ?RemoveHead@CLockList@@UAEPAXXZ
+    - ?RemoveTail@CList@@UAEPAXXZ
+    - ?RemoveTail@CLockList@@UAEPAXXZ
+    - ?Reset@CKEvent@@QAEXXZ
+    - ?RestoreCR0@@YGXPAX@Z
+    - ?Run@CAutoUpdateConfigThread@@UAEXXZ
+    - ?Run@CWorkerThread@@UAEXXZ
+    - ?SeekToEnd@CFile@@QAEJXZ
+    - ?Set@CKEvent@@QAEJJE@Z
+    - ?SetAttributes@CFile@@QAEJK@Z
+    - ?SetBlobCofig@CContext@@UAEJKPAXK@Z
+    - ?SetData@CBlobConfig@@QAEHPAXK@Z
+    - ?SetData@CModuleFileExtConfig@@QAEHPBG@Z
+    - ?SetData@CModuleFlagConfig@@QAEHK@Z
+    - ?SetData@CModuleMultiStringConfig@@QAEHPBG@Z
+    - ?SetData@CModuleStringConfig@@QAEHPBG@Z
+    - ?SetEngineContext@CContext@@QAEXPAX@Z
+    - ?SetFileExtensionConfig@CContext@@UAEJKPBG@Z
+    - ?SetFlagConfig@CContext@@UAEJKK@Z
+    - ?SetLinkContext@CContext@@QAEXPAX@Z
+    - ?SetLogFlag@CDebugLog@@QAEEK@Z
+    - ?SetMatchAllExtensions@CFileExtension@@QAEXE@Z
+    - ?SetMatchNoExtensions@CFileExtension@@QAEXE@Z
+    - ?SetMultiStringConfig@CContext@@UAEJKPBG@Z
+    - ?SetNewJobItemEvent@CWorkerThreadJobQueue@@QAEXXZ
+    - ?SetPriority@CSystemThread@@QAEXK@Z
+    - ?SetStopUse@CContext@@QAEXXZ
+    - ?SetStringConfig@CContext@@UAEJKPBG@Z
+    - ?Setup@CSystemThread@@MAEXXZ
+    - ?StopUse@CContext@@QAEHXZ
+    - ?TearDown@CSystemThread@@MAEXXZ
+    - ?Terminate@CSystemThread@@QAEXE@Z
+    - ?Terminate@CWorkerThreadPool@@QAEEXZ
+    - ?TmExceptionFilter@@YGJPAU_EXCEPTION_POINTERS@@@Z
+    - ?Wait@CKEvent@@QAEJPAT_LARGE_INTEGER@@E@Z
+    - ?WaitFinish@CWorkerThreadJob@@QAEXXZ
+    - ?WaitNewJobAvailable@CWorkerThreadJobQueue@@QAEEXZ
+    - ?Write@CDebugLog@@QAAXPBDZZ
+    - ?Write@CFile@@QAEJPADKPAT_LARGE_INTEGER@@PAK@Z
+    - ?WriteSystemInformation@CDebugLog@@QAEXXZ
+    - ?WriteSystemStringInformation@CDebugLog@@IAEXPBG@Z
+    - ?WriteToFile@CDebugLog@@IAEXPADK@Z
+    - ?_pNonPagedAllocator@@3PAVCMemoryAllocator@@A
+    - ?_pPagedAllocator@@3PAVCMemoryAllocator@@A
+    - ?m_lpInstance@CWorkerThreadPool@@1PAV1@A
+    - ?m_lpRCMInstance@CWorkerThreadPool@@1PAV1@A
+    - _DeInitKmLPC@0
+    - _GetModuleInfoByAddress@8
+    - _GetModuleInfoByModuleName@8
+    - _InitKmLPC@0
+    - _KmCallUm@8
+    - _MapMem@12
+    - _ModGetExportProcAddress@8
+    - _ModLoadDLLToBuffer@4
+    - _ModLoadModule@8
+    - _ModUnLoadModule@4
+    - _TmCommConfigRoutine@4
+    - _UnMapMem@8
+    - _UtilGetProcessName@12
+    - _UtilGetSystemTime@4
+    - _UtilIoSetFileInfo@24
+    - _UtilIopCreateFileIRP@40
+    - _UtilKeGetLowFileDevice@16
+    - _UtilQueryKeyValue@24
+    - _UtilVolumeDeviceToDosName@8
+    - _UtilWaitValueChangeToZero@8
+    - _UtilWriteVersionToRegistry@8
+    ImportedFunctions:
+    - KeEnterCriticalRegion
+    - KeGetCurrentThread
+    - KeLeaveCriticalRegion
+    - ExReleaseFastMutexUnsafe
+    - wcsncpy
+    - memcpy
+    - wcsrchr
+    - KeSetEvent
+    - KePulseEvent
+    - KeClearEvent
+    - IofCompleteRequest
+    - ZwClose
+    - KeDelayExecutionThread
+    - ObfDereferenceObject
+    - ObReferenceObjectByHandle
+    - ExEventObjectType
+    - ZwCreateEvent
+    - RtlInitUnicodeString
+    - swprintf
+    - KeQuerySystemTime
+    - KeWaitForSingleObject
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - IoCreateSymbolicLink
+    - DbgPrint
+    - RtlCopyUnicodeString
+    - ProbeForWrite
+    - ProbeForRead
+    - ExGetPreviousMode
+    - memset
+    - MmIsAddressValid
+    - ZwWriteFile
+    - ZwReadFile
+    - ZwQueryInformationFile
+    - ZwSetInformationFile
+    - ZwCreateFile
+    - towupper
+    - _wcsnicmp
+    - _snprintf
+    - PsGetCurrentProcessId
+    - IoGetCurrentProcess
+    - RtlTimeToTimeFields
+    - ExSystemTimeToLocalTime
+    - ZwCreateKey
+    - KeInitializeEvent
+    - KeWaitForMultipleObjects
+    - ZwNotifyChangeKey
+    - PsGetCurrentThreadId
+    - _vsnprintf
+    - MmMapLockedPagesSpecifyCache
+    - MmBuildMdlForNonPagedPool
+    - MmCreateMdl
+    - ExFreePoolWithTag
+    - MmUnmapLockedPages
+    - ExAllocatePoolWithTag
+    - RtlImageNtHeader
+    - mbstowcs
+    - _stricmp
+    - ZwQuerySystemInformation
+    - IoGetDeviceObjectPointer
+    - KeServiceDescriptorTable
+    - KeAddSystemServiceTable
+    - _strnicmp
+    - PsLookupProcessByProcessId
+    - KeUnstackDetachProcess
+    - KeStackAttachProcess
+    - ZwQueryObject
+    - ZwDuplicateObject
+    - ZwOpenProcess
+    - KeSetPriorityThread
+    - PsTerminateSystemThread
+    - PsCreateSystemThread
+    - KeNumberProcessors
+    - ZwQueryDirectoryFile
+    - ZwOpenDirectoryObject
+    - ZwQueryDirectoryObject
+    - IoFreeIrp
+    - IoFreeMdl
+    - IofCallDriver
+    - ExAcquireFastMutexUnsafe
+    - IoAllocateIrp
+    - IoFileObjectType
+    - ZwOpenKey
+    - ZwEnumerateKey
+    - ZwEnumerateValueKey
+    - ZwQueryValueKey
+    - ZwDeleteValueKey
+    - ZwDeleteKey
+    - ZwQueryKey
+    - ZwSetValueKey
+    - ZwQuerySecurityObject
+    - ObInsertObject
+    - _allrem
+    - strncpy
+    - NtOpenProcess
+    - ObOpenObjectByPointer
+    - PsProcessType
+    - ObReferenceObjectByPointer
+    - MmSectionObjectType
+    - ObQueryNameString
+    - ObOpenObjectByName
+    - RtlAppendUnicodeStringToString
+    - ObfReferenceObject
+    - NtQueryInformationProcess
+    - _snwprintf
+    - RtlAnsiStringToUnicodeString
+    - IoBuildAsynchronousFsdRequest
+    - KeBugCheckEx
+    - RtlQueryRegistryValues
+    - RtlAppendUnicodeToString
+    - ZwQuerySymbolicLinkObject
+    - ZwOpenSymbolicLinkObject
+    - RtlEqualUnicodeString
+    - IoCreateFile
+    - PsGetVersion
+    - MmGetSystemRoutineAddress
+    - RtlCompareMemory
+    - IoReleaseVpbSpinLock
+    - IoAcquireVpbSpinLock
+    - SeCreateAccessState
+    - IoGetFileObjectGenericMapping
+    - ObCreateObject
+    - KeInitializeSemaphore
+    - KeReleaseSemaphore
+    - RtlSubAuthoritySid
+    - RtlInitializeSid
+    - RtlLengthRequiredSid
+    - RtlSetDaclSecurityDescriptor
+    - RtlCreateSecurityDescriptor
+    - RtlAddAccessAllowedAce
+    - RtlCreateAcl
+    - ZwSetEvent
+    - ZwRequestWaitReplyPort
+    - memmove
+    - ZwConnectPort
+    - ZwCreateSection
+    - ZwWaitForSingleObject
+    - ZwOpenEvent
+    - ExAllocatePool
+    - RtlUpperChar
+    - RtlCompareUnicodeString
+    - KeTickCount
+    - ZwSetSecurityObject
+    - IoDeviceObjectType
+    - IoCreateDevice
+    - RtlUnwind
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetSaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - RtlLengthSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - SeExports
+    - IoIsWdmVersionAvailable
+    - RtlLengthSid
+    - wcschr
+    - RtlAbsoluteToSelfRelativeSD
+    - RtlFreeUnicodeString
+    - IoAllocateMdl
+    - _purecall
+    - ClassInitialize
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=TW, ST=Taiwan, L=Taipei, O=Trend Micro, Inc., OU=Digital ID
+                Class 3 , Microsoft Software Validation v2, OU=RD, CN=Trend Micro,
+                Inc.
+            ValidFrom: '2008-01-16 00:00:00'
+            ValidTo: '2011-02-16 23:59:59'
+            Signature: 5a693868cea6ba49064b801a0d9e12887a37cbb92cca2950cc5e99c2df9aec5697422e67cd042836daf09a09e739f625255841fed1ec9657cb8b3edc08c55c302574cbdb3f7de2798ed769d766402619b48041f9d90f8c904488788412b1c632055e1afc4a5bbac642cb626bd20fece0feaa6cf9b287887788cf64586309a14a644b5f0595c0ddcb7d789831faedb48451e40e342da4ccbc38a5e992e57e7ce5328d531a8c68e61f9dc9be65605c1bedf3358579000b91a19b3be388bac36b58ca76b72358bd8e74e0a7b08b0587bb7a29758c01af40b80e8e72c76abd3a2babfe7c1ed6e7b1cd9b0221a605062b6d9d0ceb57e0eb305fdc5eb5bf6ea442f4c9
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 645212f783f4d7aba3555729e99ce065
+            Version: 3
+            TBS:
+                MD5: e00f0a38c65f7c0b9f19b97448d6a0e3
+                SHA1: 91c033a2f289418c4101654dceacef1b25bb55d0
+                SHA256: 38b3fcbdb734b0e3439f3c9a3c4c1712091f577d2b616d41224137faf7ba7c86
+                SHA384: d3a0e6ebbe1b8a4847fa56fa62a48d76fc223870a66d30de9ce77fe5ff4ac0eeb84644ab4b67a7c4638ce79dec03a62d
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 645212f783f4d7aba3555729e99ce065
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: f3b2261013f63e56fe626e4a998cf6d6
+        SHA1: 00900236e6ee2030bce66466405b490a1eb8233b
+        SHA256: 5bd5c40161e8e3231529247638ab7bb2ece6068a416e3bf775c9bde68138f458
+    Sections:
+        .text:
+            Entropy: 6.611141212755658
+            Virtual Size: '0x16412'
+        .rdata:
+            Entropy: 4.809141722841255
+            Virtual Size: '0x1104'
+        .data:
+            Entropy: 1.5135609179459095
+            Virtual Size: '0x14f4'
+        PAGE:
+            Entropy: 6.243880711573033
+            Virtual Size: '0x13d3'
+        .edata:
+            Entropy: 5.794718485434606
+            Virtual Size: '0x402b'
+        INIT:
+            Entropy: 5.674755033880664
+            Virtual Size: '0x1032'
+        .rsrc:
+            Entropy: 3.39699693513827
+            Virtual Size: '0x490'
+        .reloc:
+            Entropy: 6.434544685125248
+            Virtual Size: '0x16c4'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2008-04-01 05:02:16'
+    Imphash: 202a0f2f992ec379e2876776ae9de661
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: TmComm.sys
+    MD5: 9af5ae780b6a9ea485fa15f28ddb20a7
+    SHA1: 6a60c5dc7d881ddb5d6fe954f10b8aa10d214e72
+    SHA256: b773511fdb2e370dec042530910a905472fcc2558eb108b246fd3200171b04d3
+    Authentihash:
+        MD5: c168260fa4a9a401b55e3b4c5962fa27
+        SHA1: dac9b99363ccff7b11a53bf98bcaf64f41b66d77
+        SHA256: 45624a7469927b999cce153ff0074f675a8c062c5afa3f0c688b6124874ca27a
+    Description: TrendMicro Common Module
+    Company: Trend Micro Inc.
+    InternalName: TmComm.sys
+    OriginalFilename: TmComm.sys
+    FileVersion: 7.30.0.1065
+    Product: Trend Micro Eyes
+    ProductVersion: '7.30'
+    Copyright: Copyright  (C)  2017 Trend Micro Incorporated. All rights reserved.
+    MachineType: I386
+    Imports:
+    - ntoskrnl.exe
+    - CLASSPNP.SYS
+    - HAL.dll
+    ExportedFunctions:
+    - ??0CAutoUpdateConfigThread@@QAE@ABV0@@Z
+    - ??0CAutoUpdateConfigThread@@QAE@PAU_UNICODE_STRING@@P6GX0PAX@Z1@Z
+    - ??0CBlobConfig@@QAE@ABV0@@Z
+    - ??0CBlobConfig@@QAE@K@Z
+    - ??0CContext@@QAE@ABV0@@Z
+    - ??0CContext@@QAE@KP6GJPAU_EVENT_REPORT@@PAXPAU_TMCE_REPORT@@PAU_TMCE_FEEDBACK@@@Z1K@Z
+    - ??0CContextList@@QAE@ABV0@@Z
+    - ??0CContextList@@QAE@KPAVIMemoryAllocator@@@Z
+    - ??0CDebugLog@@QAE@ABV0@@Z
+    - ??0CDebugLog@@QAE@PBG@Z
+    - ??0CDebugLogEx@@QAE@ABV0@@Z
+    - ??0CDebugLogEx@@QAE@K@Z
+    - ??0CDelayLoadThread@@QAE@ABV0@@Z
+    - ??0CDelayLoadThread@@QAE@XZ
+    - ??0CExclusionExtConfig@@QAE@ABV0@@Z
+    - ??0CExclusionExtConfig@@QAE@KKE@Z
+    - ??0CExclusionFileNameConfig@@QAE@ABV0@@Z
+    - ??0CExclusionFileNameConfig@@QAE@KK@Z
+    - ??0CExclusionFilePathConfig@@QAE@ABV0@@Z
+    - ??0CExclusionFilePathConfig@@QAE@KK@Z
+    - ??0CExclusionFolderConfig@@QAE@ABV0@@Z
+    - ??0CExclusionFolderConfig@@QAE@KK@Z
+    - ??0CExclusionRegistryConfig@@QAE@ABV0@@Z
+    - ??0CExclusionRegistryConfig@@QAE@KK@Z
+    - ??0CFile@@QAE@ABV0@@Z
+    - ??0CFile@@QAE@E@Z
+    - ??0CFileExtension@@QAE@ABV0@@Z
+    - ??0CFileExtension@@QAE@KEEPAVIMemoryAllocator@@@Z
+    - ??0CInclusionExtConfig@@QAE@ABV0@@Z
+    - ??0CInclusionExtConfig@@QAE@KKE@Z
+    - ??0CInclusionFileNameConfig@@QAE@ABV0@@Z
+    - ??0CInclusionFileNameConfig@@QAE@KK@Z
+    - ??0CInclusionFilePathConfig@@QAE@ABV0@@Z
+    - ??0CInclusionFilePathConfig@@QAE@KK@Z
+    - ??0CInclusionFolderConfig@@QAE@ABV0@@Z
+    - ??0CInclusionFolderConfig@@QAE@KK@Z
+    - ??0CKEvent@@QAE@ABV0@@Z
+    - ??0CKEvent@@QAE@W4_EVENT_TYPE@@E@Z
+    - ??0CList@@QAE@ABV0@@Z
+    - ??0CList@@QAE@KPAVIMemoryAllocator@@@Z
+    - ??0CLockEvent@@QAE@ABV0@@Z
+    - ??0CLockEvent@@QAE@XZ
+    - ??0CLockList@@QAE@ABV0@@Z
+    - ??0CLockList@@QAE@KKPAVIMemoryAllocator@@@Z
+    - ??0CMemoryAllocator@@IAE@W4_POOL_TYPE@@K@Z
+    - ??0CMemoryAllocator@@QAE@ABV0@@Z
+    - ??0CMemoryPoolAllocator@@IAE@W4_POOL_TYPE@@KKK@Z
+    - ??0CMemoryPoolAllocator@@QAE@ABV0@@Z
+    - ??0CModuleConfig@@QAE@ABV0@@Z
+    - ??0CModuleConfig@@QAE@XZ
+    - ??0CModuleConfigList@@QAE@ABV0@@Z
+    - ??0CModuleConfigList@@QAE@KPAVIMemoryAllocator@@@Z
+    - ??0CModuleFileExtConfig@@QAE@ABV0@@Z
+    - ??0CModuleFileExtConfig@@QAE@KKE@Z
+    - ??0CModuleFlagConfig@@QAE@ABV0@@Z
+    - ??0CModuleFlagConfig@@QAE@K@Z
+    - ??0CModuleMultiStringConfig@@QAE@ABV0@@Z
+    - ??0CModuleMultiStringConfig@@QAE@KK@Z
+    - ??0CModuleStringConfig@@QAE@ABV0@@Z
+    - ??0CModuleStringConfig@@QAE@K@Z
+    - ??0CNoLockList@@QAE@ABV0@@Z
+    - ??0CNoLockList@@QAE@KKPAVIMemoryAllocator@@@Z
+    - ??0CSmartLock@@QAE@AAVCLockEvent@@@Z
+    - ??0CSmartLock@@QAE@XZ
+    - ??0CSmartReference@@QAE@AAJ@Z
+    - ??0CSmartReference@@QAE@AAK@Z
+    - ??0CSmartResource@@QAE@AAVCResource@@E@Z
+    - ??0CStrList@@QAE@ABV0@@Z
+    - ??0CStrList@@QAE@KPAVIMemoryAllocator@@@Z
+    - ??0CSystemThread@@QAE@ABV0@@Z
+    - ??0CSystemThread@@QAE@K@Z
+    - ??0CUserFuncAdapterJob@@QAE@ABV0@@Z
+    - ??0CUserFuncAdapterJob@@QAE@P6GXPAX@Z01@Z
+    - ??0CWorkerThread@@IAE@PAVCWorkerThreadJobQueue@@@Z
+    - ??0CWorkerThread@@QAE@ABV0@@Z
+    - ??0CWorkerThreadJob@@QAE@ABV0@@Z
+    - ??0CWorkerThreadJob@@QAE@E@Z
+    - ??0CWorkerThreadJobQueue@@QAE@ABV0@@Z
+    - ??0CWorkerThreadJobQueue@@QAE@K@Z
+    - ??0CWorkerThreadPool@@QAE@ABV0@@Z
+    - ??0CWorkerThreadPool@@QAE@K@Z
+    - ??0CWorkerThreadPoolEx@@QAE@ABV0@@Z
+    - ??0CWorkerThreadPoolEx@@QAE@KK@Z
+    - ??0IMemoryAllocator@@QAE@ABV0@@Z
+    - ??0IMemoryAllocator@@QAE@XZ
+    - ??1CAutoUpdateConfigThread@@UAE@XZ
+    - ??1CBlobConfig@@UAE@XZ
+    - ??1CContext@@UAE@XZ
+    - ??1CContextList@@UAE@XZ
+    - ??1CDebugLog@@UAE@XZ
+    - ??1CDebugLogEx@@UAE@XZ
+    - ??1CDelayLoadThread@@UAE@XZ
+    - ??1CExclusionExtConfig@@UAE@XZ
+    - ??1CExclusionFileNameConfig@@UAE@XZ
+    - ??1CExclusionFilePathConfig@@UAE@XZ
+    - ??1CExclusionFolderConfig@@UAE@XZ
+    - ??1CExclusionRegistryConfig@@UAE@XZ
+    - ??1CFile@@UAE@XZ
+    - ??1CFileExtension@@UAE@XZ
+    - ??1CInclusionExtConfig@@UAE@XZ
+    - ??1CInclusionFileNameConfig@@UAE@XZ
+    - ??1CInclusionFilePathConfig@@UAE@XZ
+    - ??1CInclusionFolderConfig@@UAE@XZ
+    - ??1CKEvent@@UAE@XZ
+    - ??1CList@@UAE@XZ
+    - ??1CLockEvent@@UAE@XZ
+    - ??1CLockList@@UAE@XZ
+    - ??1CMemoryAllocator@@UAE@XZ
+    - ??1CMemoryPoolAllocator@@UAE@XZ
+    - ??1CModuleConfig@@UAE@XZ
+    - ??1CModuleConfigList@@UAE@XZ
+    - ??1CModuleFileExtConfig@@UAE@XZ
+    - ??1CModuleFlagConfig@@UAE@XZ
+    - ??1CModuleMultiStringConfig@@UAE@XZ
+    - ??1CModuleStringConfig@@UAE@XZ
+    - ??1CNoLockList@@UAE@XZ
+    - ??1CSmartLock@@QAE@XZ
+    - ??1CSmartReference@@QAE@XZ
+    - ??1CSmartResource@@QAE@XZ
+    - ??1CStrList@@UAE@XZ
+    - ??1CSystemThread@@UAE@XZ
+    - ??1CUserFuncAdapterJob@@UAE@XZ
+    - ??1CWorkerThread@@UAE@XZ
+    - ??1CWorkerThreadJob@@UAE@XZ
+    - ??1CWorkerThreadJobQueue@@UAE@XZ
+    - ??1CWorkerThreadPool@@UAE@XZ
+    - ??1CWorkerThreadPoolEx@@UAE@XZ
+    - ??1IMemoryAllocator@@UAE@XZ
+    - ??2@YAPAXIPAVIMemoryAllocator@@PBDK@Z
+    - ??2CMemoryAllocator@@SGPAXI@Z
+    - ??2CMemoryPoolAllocator@@SGPAXI@Z
+    - ??3@YAXPAX@Z
+    - ??3@YAXPAXI@Z
+    - ??3IMemoryAllocator@@SGXPAX@Z
+    - ??4CAutoUpdateConfigThread@@QAEAAV0@ABV0@@Z
+    - ??4CBlobConfig@@QAEAAV0@ABV0@@Z
+    - ??4CContext@@QAEAAV0@ABV0@@Z
+    - ??4CDebugLog@@QAEAAV0@ABV0@@Z
+    - ??4CDebugLogEx@@QAEAAV0@ABV0@@Z
+    - ??4CDelayLoadThread@@QAEAAV0@ABV0@@Z
+    - ??4CFile@@QAEAAV0@ABV0@@Z
+    - ??4CKEvent@@QAEAAV0@ABV0@@Z
+    - ??4CLockEvent@@QAEAAV0@ABV0@@Z
+    - ??4CMemoryAllocator@@QAEAAV0@ABV0@@Z
+    - ??4CMemoryPoolAllocator@@QAEAAV0@ABV0@@Z
+    - ??4CModuleConfig@@QAEAAV0@ABV0@@Z
+    - ??4CModuleFlagConfig@@QAEAAV0@ABV0@@Z
+    - ??4CModuleStringConfig@@QAEAAV0@ABV0@@Z
+    - ??4CSmartLock@@QAEAAV0@ABV0@@Z
+    - ??4CSmartLock@@QAEABV0@AAVCLockEvent@@@Z
+    - ??4CSmartResource@@QAEAAV0@ABV0@@Z
+    - ??4CSystemThread@@QAEAAV0@ABV0@@Z
+    - ??4CUserFuncAdapterJob@@QAEAAV0@ABV0@@Z
+    - ??4CWorkerThread@@QAEAAV0@ABV0@@Z
+    - ??4CWorkerThreadJob@@QAEAAV0@ABV0@@Z
+    - ??4IMemoryAllocator@@QAEAAV0@ABV0@@Z
+    - ??_7CAutoUpdateConfigThread@@6B@
+    - ??_7CBlobConfig@@6B@
+    - ??_7CContext@@6B@
+    - ??_7CContextList@@6B@
+    - ??_7CDebugLog@@6B@
+    - ??_7CDebugLogEx@@6B@
+    - ??_7CDelayLoadThread@@6B@
+    - ??_7CExclusionExtConfig@@6B@
+    - ??_7CExclusionFileNameConfig@@6B@
+    - ??_7CExclusionFilePathConfig@@6B@
+    - ??_7CExclusionFolderConfig@@6B@
+    - ??_7CExclusionRegistryConfig@@6B@
+    - ??_7CFile@@6B@
+    - ??_7CFileExtension@@6B@
+    - ??_7CInclusionExtConfig@@6B@
+    - ??_7CInclusionFileNameConfig@@6B@
+    - ??_7CInclusionFilePathConfig@@6B@
+    - ??_7CInclusionFolderConfig@@6B@
+    - ??_7CKEvent@@6B@
+    - ??_7CList@@6B@
+    - ??_7CLockEvent@@6B@
+    - ??_7CLockList@@6B@
+    - ??_7CMemoryAllocator@@6B@
+    - ??_7CMemoryPoolAllocator@@6B@
+    - ??_7CModuleConfig@@6B@
+    - ??_7CModuleConfigList@@6B@
+    - ??_7CModuleFileExtConfig@@6B@
+    - ??_7CModuleFlagConfig@@6B@
+    - ??_7CModuleMultiStringConfig@@6B@
+    - ??_7CModuleStringConfig@@6B@
+    - ??_7CNoLockList@@6B@
+    - ??_7CStrList@@6B@
+    - ??_7CSystemThread@@6B@
+    - ??_7CUserFuncAdapterJob@@6B@
+    - ??_7CWorkerThread@@6B@
+    - ??_7CWorkerThreadJob@@6B@
+    - ??_7CWorkerThreadJobQueue@@6B@
+    - ??_7CWorkerThreadPool@@6B@
+    - ??_7CWorkerThreadPoolEx@@6B@
+    - ??_7IMemoryAllocator@@6B@
+    - ??_FCContextList@@QAEXXZ
+    - ??_FCFile@@QAEXXZ
+    - ??_FCFileExtension@@QAEXXZ
+    - ??_FCModuleConfigList@@QAEXXZ
+    - ??_FCStrList@@QAEXXZ
+    - ??_FCSystemThread@@QAEXXZ
+    - ??_FCWorkerThread@@QAEXXZ
+    - ??_FCWorkerThreadJob@@QAEXXZ
+    - ??_FCWorkerThreadJobQueue@@QAEXXZ
+    - ??_U@YAPAXIPAVIMemoryAllocator@@PBDK@Z
+    - ??_V@YAXPAX@Z
+    - ?Acquire@CLockEvent@@QAEXXZ
+    - ?Add@CContextList@@QAEEPAVCContext@@@Z
+    - ?Add@CFileExtension@@QAEEPBGK@Z
+    - ?Add@CModuleConfigList@@QAEEPAVCModuleConfig@@@Z
+    - ?Add@CStrList@@QAEEPBG@Z
+    - ?AddNode@CLockList@@UAEEQAXE@Z
+    - ?AddNode@CNoLockList@@UAEEQAXE@Z
+    - ?Alloc@CMemoryAllocator@@UAEPAXKPBDK@Z
+    - ?Alloc@CMemoryPoolAllocator@@UAEPAXKPBDK@Z
+    - ?AllocBlock@CMemoryPoolAllocator@@IAEPAXK@Z
+    - ?AttachJobQueue@CWorkerThread@@QAEXPAVCWorkerThreadJobQueue@@@Z
+    - ?Cancel@CWorkerThreadJob@@QAEXXZ
+    - ?CheckNode@CLockList@@UAEHQAX@Z
+    - ?CheckNode@CNoLockList@@UAEHQAX@Z
+    - ?CleanQueue@CWorkerThreadJobQueue@@QAEXXZ
+    - ?Cleanup@CBlobConfig@@AAEXXZ
+    - ?Cleanup@CModuleFileExtConfig@@IAEXXZ
+    - ?Cleanup@CModuleMultiStringConfig@@IAEXXZ
+    - ?Cleanup@CModuleStringConfig@@AAEXXZ
+    - ?Close@CFile@@QAEJXZ
+    - ?Count@CLockList@@QAEKXZ
+    - ?Count@CNoLockList@@QAEKXZ
+    - ?Create@CFile@@QAEJPBGKKKK@Z
+    - ?Create@CSystemThread@@QAEEXZ
+    - ?CreateInstance@CMemoryAllocator@@SGPAV1@W4_POOL_TYPE@@K@Z
+    - ?CreateInstance@CMemoryPoolAllocator@@SGPAV1@W4_POOL_TYPE@@KKK@Z
+    - ?CreatePool@CWorkerThreadPool@@QAEEXZ
+    - ?CreatePool@CWorkerThreadPoolEx@@QAEEXZ
+    - ?CreateThreads@CWorkerThreadPool@@QAEEK@Z
+    - ?CreateThreads@CWorkerThreadPoolEx@@QAEEK@Z
+    - ?CreateWIRP@CFile@@QAEJPBGKKKK@Z
+    - ?Delete@CFile@@QAEJXZ
+    - ?Delete@CFileExtension@@QAEEPBGK@Z
+    - ?Delete@CStrList@@QAEEPBG@Z
+    - ?DeleteAll@CList@@UAEXXZ
+    - ?DeleteAll@CLockList@@UAEXXZ
+    - ?DeleteAll@CNoLockList@@UAEXXZ
+    - ?DeleteNode@CContextList@@MAEXPAX@Z
+    - ?DeleteNode@CList@@UAEXPAX@Z
+    - ?DeleteNode@CModuleConfigList@@MAEXPAX@Z
+    - ?DeleteNode@CStrList@@EAEXPAU_STR_LIST_NODE@1@@Z
+    - ?DisableWriteProtectFromCR0@@YGXPAPAX@Z
+    - ?DoIt@CWorkerThreadJob@@QAEJXZ
+    - ?EntryPoint@CSystemThread@@KGXPAX@Z
+    - ?Find@CContextList@@QAEPAVCContext@@K@Z
+    - ?Find@CContextList@@QAEPAVCContext@@PAX@Z
+    - ?Find@CFileExtension@@QAEPAU_STR_LIST_NODE@CStrList@@PBGK@Z
+    - ?Find@CModuleConfigList@@QAEPAVCModuleConfig@@K@Z
+    - ?Find@CStrList@@QAEPAU_STR_LIST_NODE@1@PBG@Z
+    - ?FindNode@CContextList@@IAEPAXPAX@Z
+    - ?FindPartiallyAndAllMatch@CStrList@@QAEPAU_STR_LIST_NODE@1@PBG@Z
+    - ?FinishFunction@CUserFuncAdapterJob@@MAEXXZ
+    - ?FinishIt@CWorkerThreadJob@@QAEJXZ
+    - ?First@CList@@UAEPAXXZ
+    - ?First@CLockList@@UAEPAXXZ
+    - ?First@CNoLockList@@UAEPAXXZ
+    - ?Free@CMemoryAllocator@@UAEXPAX@Z
+    - ?Free@CMemoryPoolAllocator@@UAEXPAX@Z
+    - ?GetAttributes@CFile@@QAEKXZ
+    - ?GetBasicInfomration@CFile@@IAEJXZ
+    - ?GetBlobCofig@CContext@@UAEJKPAXPAK@Z
+    - ?GetCategory@CContext@@QAEKXZ
+    - ?GetData@CBlobConfig@@QAEHPAXPAK@Z
+    - ?GetData@CModuleFileExtConfig@@QAEHPAGPAK@Z
+    - ?GetData@CModuleFileExtConfig@@QAEPAVCFileExtension@@XZ
+    - ?GetData@CModuleFlagConfig@@QAEKXZ
+    - ?GetData@CModuleMultiStringConfig@@QAEHPAGPAK@Z
+    - ?GetData@CModuleMultiStringConfig@@QAEPAVCStrList@@XZ
+    - ?GetData@CModuleStringConfig@@QAEPAGXZ
+    - ?GetData@CStrList@@QAEEPAGPAK@Z
+    - ?GetDataType@CModuleConfig@@QAEKXZ
+    - ?GetEngineContext@CContext@@QAEPAXXZ
+    - ?GetFileExtensionConfig@CContext@@QAEPAVCFileExtension@@K@Z
+    - ?GetFileExtensionConfig@CContext@@UAEJKPAGPAK@Z
+    - ?GetFileSize@CFile@@QAEJPAT_LARGE_INTEGER@@@Z
+    - ?GetFileSizeWIRP@CFile@@QAEJPAT_LARGE_INTEGER@@@Z
+    - ?GetFlagConfig@CContext@@UAEJKPAK@Z
+    - ?GetID@CModuleConfig@@QAEKXZ
+    - ?GetJob@CWorkerThreadJobQueue@@QAEPAVCWorkerThreadJob@@XZ
+    - ?GetLength@CModuleStringConfig@@QAEKXZ
+    - ?GetLinkContext@CContext@@QAEPAXXZ
+    - ?GetLogFlag@CDebugLog@@QAEKXZ
+    - ?GetLogFlag@CDebugLogEx@@QAEKXZ
+    - ?GetModuleId@CModuleConfig@@QAEKXZ
+    - ?GetMultiStringConfig@CContext@@QAEPAVCStrList@@K@Z
+    - ?GetMultiStringConfig@CContext@@UAEJKPAGPAK@Z
+    - ?GetOneThreadTEB@CWorkerThreadPool@@QAEPAU_ETHREAD@@XZ
+    - ?GetOneThreadTEB@CWorkerThreadPool@@QAEPAU_KTHREAD@@XZ
+    - ?GetOneThreadTEB@CWorkerThreadPoolEx@@QAEPAU_ETHREAD@@XZ
+    - ?GetOneThreadTEB@CWorkerThreadPoolEx@@QAEPAU_KTHREAD@@XZ
+    - ?GetReportCallBackRoutine@CContext@@QAEKXZ
+    - ?GetSize@CBlobConfig@@QAEKXZ
+    - ?GetStringConfig@CContext@@QAEPAGK@Z
+    - ?GetStringConfig@CContext@@UAEJKPAGPAK@Z
+    - ?GetThreadCount@CWorkerThreadPool@@QAEKXZ
+    - ?GetThreadCount@CWorkerThreadPoolEx@@QAEKXZ
+    - ?GetThreadID@CSystemThread@@QAEKXZ
+    - ?GetType@CContext@@QAEKXZ
+    - ?GetUserParameter@CContext@@QAEKXZ
+    - ?InitProcMon@CDebugLogEx@@IAEXXZ
+    - ?InitializeBlobConfig@CContext@@QAEHKPAXK@Z
+    - ?InitializeFileExtensionConfig@CContext@@QAEHKPBG@Z
+    - ?InitializeFlagConfig@CContext@@QAEHKK@Z
+    - ?InitializeMultiStringConfig@CContext@@QAEHKPBG@Z
+    - ?InitializeStringConfig@CContext@@QAEHKPBG@Z
+    - ?Insert@CList@@UAEXQAXE@Z
+    - ?Insert@CLockList@@UAEXQAXE@Z
+    - ?Insert@CNoLockList@@UAEXQAXE@Z
+    - ?InsertAfter@CList@@UAEXPAX0@Z
+    - ?InsertBefore@CList@@UAEXPAX0@Z
+    - ?Instance@CWorkerThreadPool@@SGPAV1@XZ
+    - ?IsEmpty@CList@@UAEEXZ
+    - ?IsEmpty@CLockList@@UAEEXZ
+    - ?IsEmpty@CNoLockList@@UAEEXZ
+    - ?IsExceedLimitation@CMemoryPoolAllocator@@IAEEK@Z
+    - ?IsFull@CLockList@@QBEEXZ
+    - ?IsFull@CNoLockList@@QBEEXZ
+    - ?IsInExclusionList@CExclusionExtConfig@@QAEEPBG@Z
+    - ?IsInExclusionList@CExclusionFileNameConfig@@QAEEPBG@Z
+    - ?IsInExclusionList@CExclusionFilePathConfig@@QAEEPBG@Z
+    - ?IsInExclusionList@CExclusionFolderConfig@@QAEEPBG@Z
+    - ?IsInExclusionList@CExclusionRegistryConfig@@QAEEPBG@Z
+    - ?IsInInclusionList@CInclusionExtConfig@@QAEEPBG@Z
+    - ?IsInInclusionList@CInclusionFileNameConfig@@QAEEPBG@Z
+    - ?IsInInclusionList@CInclusionFilePathConfig@@QAEEPBG@Z
+    - ?IsInInclusionList@CInclusionFolderConfig@@QAEEPBG@Z
+    - ?IsOpened@CFile@@QAEEXZ
+    - ?IsTerminated@CWorkerThreadPool@@QAEEXZ
+    - ?IsTerminated@CWorkerThreadPoolEx@@QAEEXZ
+    - ?IsValid@CMemoryAllocator@@UAEEXZ
+    - ?IsValid@CMemoryPoolAllocator@@UAEEXZ
+    - ?IsValid@IMemoryAllocator@@UAEEXZ
+    - ?IsWorkerThread@CWorkerThreadPool@@QAEEK@Z
+    - ?IsWorkerThread@CWorkerThreadPoolEx@@QAEEK@Z
+    - ?JobFunction@CUserFuncAdapterJob@@MAEXXZ
+    - ?JobQueue@CWorkerThreadPool@@QAEAAVCWorkerThreadJobQueue@@XZ
+    - ?JobQueue@CWorkerThreadPoolEx@@QAEAAVCWorkerThreadJobQueue@@XZ
+    - ?Limit@CLockList@@QAEKXZ
+    - ?Limit@CNoLockList@@QAEKXZ
+    - ?MatchAllExtensions@CFileExtension@@QAEEXZ
+    - ?MatchNoExtensions@CFileExtension@@QAEEXZ
+    - ?MergeLeft@CMemoryPoolAllocator@@IAEPAXPAX@Z
+    - ?MergeRight@CMemoryPoolAllocator@@IAEPAXPAX@Z
+    - ?NeedDelete@CWorkerThreadJob@@QAEEXZ
+    - ?NeedDeleteWhenFinish@CWorkerThreadJob@@QAEXE@Z
+    - ?NewNode@CList@@UAEPAXXZ
+    - ?NewNode@CStrList@@EAEPAXXZ
+    - ?NewNodeVariant@CList@@IAEPAXK@Z
+    - ?Next@CList@@UBEPAXQAX@Z
+    - ?Next@CLockList@@UBEPAXQAX@Z
+    - ?Next@CNoLockList@@UBEPAXQAX@Z
+    - ?NextPool@CMemoryPoolAllocator@@QAEPAV1@XZ
+    - ?NotityTerminate@CWorkerThread@@QAEXXZ
+    - ?PostJobToWorkerThread@CWorkerThreadPool@@QAEJP6GXPAX@Z0E@Z
+    - ?PostJobToWorkerThread@CWorkerThreadPoolEx@@QAEJP6GXPAX@Z0E1@Z
+    - ?Pulse@CKEvent@@QAEJJE@Z
+    - ?QueueJob@CWorkerThreadJobQueue@@QAEEPAVCWorkerThreadJob@@@Z
+    - ?QueueJobItem@CWorkerThreadPool@@QAEJPAVCWorkerThreadJob@@@Z
+    - ?QueueJobItem@CWorkerThreadPoolEx@@QAEJPAVCWorkerThreadJob@@@Z
+    - ?RCMInstance@CWorkerThreadPool@@SGPAV1@XZ
+    - ?Read@CFile@@QAEJPADKPAK@Z
+    - ?ReadWIRP@CFile@@QAEJPADKPAK@Z
+    - ?ReferenceCount@CContext@@QAEAAKXZ
+    - ?Release@CLockEvent@@QAEXXZ
+    - ?Remove@CContextList@@UAEEQAX@Z
+    - ?Remove@CList@@UAEEQAX@Z
+    - ?Remove@CLockList@@UAEEQAX@Z
+    - ?Remove@CNoLockList@@UAEEQAX@Z
+    - ?RemoveHead@CList@@UAEPAXXZ
+    - ?RemoveHead@CLockList@@UAEPAXXZ
+    - ?RemoveHead@CNoLockList@@UAEPAXXZ
+    - ?RemoveTail@CList@@UAEPAXXZ
+    - ?RemoveTail@CLockList@@UAEPAXXZ
+    - ?RemoveTail@CNoLockList@@UAEPAXXZ
+    - ?Reset@CKEvent@@QAEXXZ
+    - ?ResetData@CInclusionExtConfig@@QAEXXZ
+    - ?ResetData@CInclusionFileNameConfig@@QAEXXZ
+    - ?ResetData@CInclusionFilePathConfig@@QAEXXZ
+    - ?ResetData@CInclusionFolderConfig@@QAEXXZ
+    - ?RestoreCR0@@YGXPAX@Z
+    - ?Run@CAutoUpdateConfigThread@@UAEXXZ
+    - ?Run@CDelayLoadThread@@UAEXXZ
+    - ?Run@CWorkerThread@@UAEXXZ
+    - ?SeekToEnd@CFile@@QAEJXZ
+    - ?Set@CKEvent@@QAEJJE@Z
+    - ?SetAttributes@CFile@@QAEJK@Z
+    - ?SetBlobCofig@CContext@@UAEJKPAXK@Z
+    - ?SetData@CBlobConfig@@QAEHPAXK@Z
+    - ?SetData@CModuleFileExtConfig@@QAEHPBG@Z
+    - ?SetData@CModuleFlagConfig@@QAEHK@Z
+    - ?SetData@CModuleMultiStringConfig@@QAEHPBGK@Z
+    - ?SetData@CModuleStringConfig@@QAEHPBG@Z
+    - ?SetEngineContext@CContext@@QAEXPAX@Z
+    - ?SetFileExtensionConfig@CContext@@UAEJKPBG@Z
+    - ?SetFlagConfig@CContext@@UAEJKK@Z
+    - ?SetLinkContext@CContext@@QAEXPAX@Z
+    - ?SetLogFlag@CDebugLog@@QAEEK@Z
+    - ?SetLogFlag@CDebugLogEx@@QAEEK@Z
+    - ?SetMatchAllExtensions@CFileExtension@@QAEXE@Z
+    - ?SetMatchNoExtensions@CFileExtension@@QAEXE@Z
+    - ?SetMultiStringConfig@CContext@@UAEJKPBG@Z
+    - ?SetNewJobItemEvent@CWorkerThreadJobQueue@@QAEXXZ
+    - ?SetPriority@CSystemThread@@QAEXK@Z
+    - ?SetStopUse@CContext@@QAEXXZ
+    - ?SetStringConfig@CContext@@UAEJKPBG@Z
+    - ?Setup@CSystemThread@@MAEXXZ
+    - ?StopUse@CContext@@QAEHXZ
+    - ?TearDown@CSystemThread@@MAEXXZ
+    - ?Terminate@CSystemThread@@QAEXE@Z
+    - ?Terminate@CWorkerThreadPool@@QAEEXZ
+    - ?Terminate@CWorkerThreadPoolEx@@QAEEXZ
+    - ?TmExceptionFilter@@YGJPAU_EXCEPTION_POINTERS@@@Z
+    - ?Wait@CKEvent@@QAEJPAT_LARGE_INTEGER@@E@Z
+    - ?WaitFinish@CWorkerThreadJob@@QAEXXZ
+    - ?WaitForInit@CDelayLoadThread@@QAEEXZ
+    - ?WaitForLoad@CDelayLoadThread@@QAEEXZ
+    - ?WaitNewJobAvailable@CWorkerThreadJobQueue@@QAEEXZ
+    - ?WaitQueueEmpty@CWorkerThreadJobQueue@@QAEXXZ
+    - ?Write@CDebugLog@@QAAXPBDZZ
+    - ?Write@CDebugLogEx@@QAAXPBDZZ
+    - ?Write@CFile@@QAEJPADKPAT_LARGE_INTEGER@@PAK@Z
+    - ?WriteDataToFile@CDebugLogEx@@IAEXPADK@Z
+    - ?WriteDataToProcMonW@CDebugLogEx@@IAEXPAD@Z
+    - ?WriteSystemInformation@CDebugLog@@QAEXXZ
+    - ?WriteSystemInformation@CDebugLogEx@@QAEXXZ
+    - ?WriteSystemStringInformation@CDebugLog@@IAEXPBG@Z
+    - ?WriteSystemStringInformation@CDebugLogEx@@IAEXPBG@Z
+    - ?WriteToFile@CDebugLog@@IAEXPADK@Z
+    - ?WriteToProcMonW@CDebugLogEx@@IAEXPAU_UNICODE_STRING@@@Z
+    - ?_pNonPagedAllocator@@3PAVCMemoryAllocator@@A
+    - ?_pPagedAllocator@@3PAVCMemoryAllocator@@A
+    - ?m_lpInstance@CWorkerThreadPool@@1PAV1@A
+    - ?m_lpRCMInstance@CWorkerThreadPool@@1PAV1@A
+    - _AllocFullFileName@8
+    - _DeInitKm2UmCommunication@0
+    - _DeInitKmLPC@0
+    - _DuplicateFullFileName@4
+    - _FreeFullFileName@4
+    - _GetKm2UmMode@0
+    - _GetModuleInfoByAddress@8
+    - _GetModuleInfoByModuleName@8
+    - _InitKm2UmCommunication@8
+    - _InitKmLPC@0
+    - _IsVerifierCodeCheckFlagOn@0
+    - _IsWindows8_1_update@4
+    - _KmCallUm@8
+    - _KmCallUmByLPC@8
+    - _KmCallUmEx@12
+    - _KmCleanupCommPortAPIs@0
+    - _KmGetUmInitProcess@0
+    - _KmSetBackupCommPortAPIs@4
+    - _KmSetCommPortAPIs@4
+    - _ModGetExportProcAddress@8
+    - _ModLoadDLLToBuffer@4
+    - _ModLoadDLLToBufferWithImageSize@8
+    - _ModLoadModule@8
+    - _ModUnLoadModule@4
+    - _NormalizeFileName@4
+    - _NormalizeFullNtPathToDosName@4
+    - _TmCommConfigRoutine@4
+    - _UtilAddDeviceInDriveTable@4
+    - _UtilAddReparsePointMapping@8
+    - _UtilCleanFileReadOnly@4
+    - _UtilCloseExclusiveHandle@12
+    - _UtilCreateDosFileName@8
+    - _UtilDeleteFileForce@4
+    - _UtilGetDeviceObjectName@8
+    - _UtilGetFileNameFromFileObject@4
+    - _UtilGetFileObjectForProcessByEPROC@8
+    - _UtilGetFileObjectFromFileName@12
+    - _UtilGetProcessName@12
+    - _UtilGetSystemDirectory@4
+    - _UtilGetSystemDirectoryEx@0
+    - _UtilGetSystemDirectoryLength@0
+    - _UtilGetSystemTime@4
+    - _UtilIoSetFileInfo@24
+    - _UtilIopCreateFileIRP@40
+    - _UtilKeGetLowFileDevice@16
+    - _UtilModuleIATHook@24
+    - _UtilModuleIATUnHook@8
+    - _UtilPostJobToWorkerThread@12
+    - _UtilQueryExclusiveHandle@12
+    - _UtilQueryKeyValue@24
+    - _UtilRemoveDeviceFromDriveTable@4
+    - _UtilVolumeDeviceToDosName@8
+    - _UtilWaitValueChangeToZero@8
+    - _UtilWriteVersionToRegistry@8
+    - _UtilbuildDynamicDiskMappingTable@0
+    - _UtlWriteBinValueKeyToRegistry@16
+    - _ValidateAddressWithSize@20
+    - __ResetProtectFromClose@4
+    - __UtilDosPathNameToNtPathName@12
+    ImportedFunctions:
+    - ExAcquireFastMutexUnsafe
+    - ExReleaseFastMutexUnsafe
+    - ProbeForRead
+    - ProbeForWrite
+    - ExAcquireResourceSharedLite
+    - ExAcquireResourceExclusiveLite
+    - ExReleaseResourceLite
+    - MmProbeAndLockPages
+    - MmUnlockPages
+    - MmMapLockedPagesSpecifyCache
+    - IoAllocateMdl
+    - IoFreeMdl
+    - IoGetCurrentProcess
+    - ObfReferenceObject
+    - ObfDereferenceObject
+    - ZwClose
+    - ZwCreateSection
+    - ZwOpenSection
+    - ZwMapViewOfSection
+    - ZwUnmapViewOfSection
+    - ZwOpenEvent
+    - KePulseEvent
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - ObOpenObjectByPointer
+    - ZwAllocateVirtualMemory
+    - ZwFreeVirtualMemory
+    - ZwSetEvent
+    - _allmul
+    - memcpy
+    - memset
+    - PsProcessType
+    - wcsncpy
+    - wcsrchr
+    - RtlUnicodeStringToInteger
+    - ZwWaitForSingleObject
+    - ZwRequestWaitReplyPort
+    - ZwConnectPort
+    - _stricmp
+    - ExAllocatePoolWithTag
+    - MmIsAddressValid
+    - RtlImageNtHeader
+    - ZwQuerySystemInformation
+    - swprintf
+    - RtlCopyUnicodeString
+    - DbgPrint
+    - KeDelayExecutionThread
+    - KeQuerySystemTime
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - ObReferenceObjectByHandle
+    - PsGetCurrentProcessId
+    - ZwCreateEvent
+    - ExEventObjectType
+    - PsThreadType
+    - MmSectionObjectType
+    - SeCaptureSubjectContext
+    - SeReleaseSubjectContext
+    - SeAccessCheck
+    - ObGetObjectSecurity
+    - ObReleaseObjectSecurity
+    - PsGetProcessExitTime
+    - RtlCreateSecurityDescriptor
+    - RtlSetDaclSecurityDescriptor
+    - KeInitializeSemaphore
+    - KeReleaseSemaphore
+    - RtlCreateAcl
+    - RtlAddAccessAllowedAce
+    - RtlLengthRequiredSid
+    - RtlInitializeSid
+    - RtlSubAuthoritySid
+    - ExGetPreviousMode
+    - _wcsnicmp
+    - PsSetCreateProcessNotifyRoutine
+    - ZwQueryInformationProcess
+    - PsLookupProcessByProcessId
+    - ZwOpenDirectoryObject
+    - ExInitializeResourceLite
+    - ExDeleteResourceLite
+    - ZwCreateFile
+    - ZwQueryInformationFile
+    - ZwSetInformationFile
+    - ZwReadFile
+    - ZwWriteFile
+    - towupper
+    - MmGetSystemRoutineAddress
+    - ObReferenceObjectByPointer
+    - ObQueryNameString
+    - MmHighestUserAddress
+    - PsGetVersion
+    - _snprintf
+    - _vsnprintf
+    - RtlInitAnsiString
+    - RtlAnsiStringToUnicodeString
+    - RtlFreeUnicodeString
+    - RtlTimeToTimeFields
+    - KeWaitForMultipleObjects
+    - ExSystemTimeToLocalTime
+    - ExFreePoolWithTag
+    - PsGetCurrentThreadId
+    - ZwDeviceIoControlFile
+    - ZwNotifyChangeKey
+    - ZwOpenFile
+    - ZwQueryVolumeInformationFile
+    - mbstowcs
+    - IoGetDeviceObjectPointer
+    - _strnicmp
+    - RtlCompareUnicodeString
+    - RtlCompareMemory
+    - MmBuildMdlForNonPagedPool
+    - IoAllocateIrp
+    - IofCallDriver
+    - IoFreeIrp
+    - RtlUpperChar
+    - ObReferenceObjectByName
+    - IoFileObjectType
+    - IoDriverObjectType
+    - IoBuildDeviceIoControlRequest
+    - IoCreateFile
+    - RtlEqualUnicodeString
+    - RtlAppendUnicodeStringToString
+    - RtlUpcaseUnicodeChar
+    - _snwprintf
+    - strncpy
+    - NtOpenProcess
+    - NtQueryInformationProcess
+    - PsIsThreadTerminating
+    - ObOpenObjectByName
+    - KeServiceDescriptorTable
+    - KeAddSystemServiceTable
+    - KeSetPriorityThread
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - KeNumberProcessors
+    - RtlLengthSecurityDescriptor
+    - ZwOpenKey
+    - ZwDeleteKey
+    - ZwDeleteValueKey
+    - ZwEnumerateKey
+    - ZwEnumerateValueKey
+    - ZwQueryKey
+    - ZwQueryValueKey
+    - ZwSetValueKey
+    - ZwTerminateProcess
+    - ZwOpenProcess
+    - ZwQuerySecurityObject
+    - ZwSetSecurityObject
+    - ZwQueryDirectoryObject
+    - ZwQueryDirectoryFile
+    - _allrem
+    - RtlAppendUnicodeToString
+    - ZwFsControlFile
+    - ObInsertObject
+    - strrchr
+    - wcschr
+    - wcsncmp
+    - RtlQueryRegistryValues
+    - IoBuildAsynchronousFsdRequest
+    - ZwOpenSymbolicLinkObject
+    - ZwQuerySymbolicLinkObject
+    - RtlUpcaseUnicodeString
+    - NtClose
+    - ZwSetInformationObject
+    - SeQueryAuthenticationIdToken
+    - MmSystemRangeStart
+    - IoGetFileObjectGenericMapping
+    - ObCreateObject
+    - SeCreateAccessState
+    - IoAcquireVpbSpinLock
+    - IoReleaseVpbSpinLock
+    - wcstombs
+    - strncat
+    - wcsncat
+    - RtlUnicodeStringToAnsiString
+    - RtlFreeAnsiString
+    - wcsstr
+    - ExAllocatePool
+    - ExInterlockedPopEntrySList
+    - IoBuildSynchronousFsdRequest
+    - IoGetStackLimits
+    - IoGetDeviceInterfaces
+    - IoRegisterPlugPlayNotification
+    - IoUnregisterPlugPlayNotification
+    - IoGetConfigurationInformation
+    - FsRtlIsNameInExpression
+    - RtlUnwind
+    - IoDeviceObjectType
+    - IoCreateDevice
+    - RtlGetOwnerSecurityDescriptor
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetSaclSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - RtlLengthSid
+    - SeExports
+    - IoIsWdmVersionAvailable
+    - RtlAbsoluteToSelfRelativeSD
+    - KeWaitForSingleObject
+    - KeLeaveCriticalRegion
+    - KeBugCheckEx
+    - KeEnterCriticalRegion
+    - KeSetEvent
+    - KeClearEvent
+    - KeInitializeEvent
+    - RtlInitUnicodeString
+    - KeGetCurrentThread
+    - memmove
+    - ZwCreateKey
+    - _purecall
+    - ClassInitialize
+    - KeRaiseIrqlToDpcLevel
+    - KfAcquireSpinLock
+    - KeGetCurrentIrql
+    - ExReleaseFastMutex
+    - ExAcquireFastMutex
+    - KfLowerIrql
+    - KfRaiseIrql
+    - KfReleaseSpinLock
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=TW, ST=Taiwan, L=Taipei, O=Trend Micro, Inc., CN=Trend Micro,
+                Inc.
+            ValidFrom: '2017-04-27 00:00:00'
+            ValidTo: '2018-07-16 23:59:59'
+            Signature: f3b20c020c826fd9e2629408ffc97c9e245959d1050c9ce7708069d366d26af191812e16fce674eaca0d8f05b2a796280831737299800d2bfe0071efecf655117b7952a4d7c0701b97de034a1d42e928fd1a2082b081f9d22e9d39af3233cf05c1e61ae1f8fbfec872e78d9a0b29b4f147f1a053d1757a824601df2bb07c75c591fe7efbaf0021764b90cd446f85f80d14bc2cd42c83edfa7d2510f8f94c82d1b3ea999b1cff9093291977c7e996dc32904d3934f167077684ff76aa5327654a0bd7223d9d67657b47c5b46012dca6723d89e7fa051b3380d0c4977b9df537e75da3186ab149b27c089715a01bd695f408f7ded66bfbe920d27a6f6a7d4cc8b3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 497c4fad471540e6e453d0cafb155740
+            Version: 3
+            TBS:
+                MD5: 78eaa337666217b1c16a9a0ebd0b8434
+                SHA1: ff9cb835e78f6185eed4372096c3bae53b17d18d
+                SHA256: 1c0d9746725e176b4a7c2852878f14d7587f58e65d346bc1247f1c8ee6374250
+                SHA384: ffe3c75b860679a5de399c7d2c2844dbfac51d5d8581e24648d208daba1e4bed5c867808e02dc8d7cb3df1d4b2b53d10
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 497c4fad471540e6e453d0cafb155740
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 638421ba9c7c3d1243f119fd6a9e4bd0
+        SHA1: 0073bd94451b7cbc3b7814b6df5c45c61f99016b
+        SHA256: 0dd9eaf41e836f6a7165b1443ea778563dcd126fa15e4561b54bc6bdae0a6d01
+    Sections:
+        .text:
+            Entropy: 6.776237694128123
+            Virtual Size: '0x39e34'
+        .rdata:
+            Entropy: 5.132175114810313
+            Virtual Size: '0x22e4'
+        .data:
+            Entropy: 4.285337611072111
+            Virtual Size: '0x34e4'
+        PAGE:
+            Entropy: 6.307017606433121
+            Virtual Size: '0x15da'
+        .edata:
+            Entropy: 5.835621349465566
+            Virtual Size: '0x5635'
+        INIT:
+            Entropy: 5.724503523166839
+            Virtual Size: '0x1692'
+        .rsrc:
+            Entropy: 3.385539994882901
+            Virtual Size: '0x568'
+        .reloc:
+            Entropy: 6.795234137948534
+            Virtual Size: '0x3600'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2017-07-12 21:24:09'
+    Imphash: db62897eb9d2098e988f830159c04c82
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: TmComm.sys
+    MD5: 09927915aba84c8acd91efdaac674b86
+    SHA1: b304cb10c88ddd8461bad429ebfd2fd1b809ac2b
+    SHA256: bcfc2c9883e6c1b8429be44cc4db988a9eecb544988fbd756d18cfca6201876f
+    Authentihash:
+        MD5: d1f83eec944debf86cb97352d63f8fd3
+        SHA1: 923910c609673b7ffb23a0c3cd9d33aedd69607a
+        SHA256: 6bdf465db8860c80051d4d1b9db1c3153ab65c252f9500b85efc56d255b4cb1d
+    Description: TrendMicro Common Module
+    Company: Trend Micro Inc.
+    InternalName: TmComm.sys
+    OriginalFilename: TmComm.sys
+    FileVersion: 7.30.0.1049
+    Product: Trend Micro Eyes
+    ProductVersion: '7.30'
+    Copyright: Copyright  (C)  2017 Trend Micro Incorporated. All rights reserved.
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions:
+    - ??0CAutoUpdateConfigThread@@QEAA@AEBV0@@Z
+    - ??0CAutoUpdateConfigThread@@QEAA@PEAU_UNICODE_STRING@@P6AX0PEAX@Z1@Z
+    - ??0CBlobConfig@@QEAA@AEBV0@@Z
+    - ??0CBlobConfig@@QEAA@K@Z
+    - ??0CContext@@QEAA@AEBV0@@Z
+    - ??0CContext@@QEAA@KP6AJPEAU_EVENT_REPORT@@PEAXPEAU_TMCE_REPORT@@PEAU_TMCE_FEEDBACK@@@Z1K@Z
+    - ??0CContextList@@QEAA@AEBV0@@Z
+    - ??0CContextList@@QEAA@KPEAVIMemoryAllocator@@@Z
+    - ??0CDebugLog@@QEAA@AEBV0@@Z
+    - ??0CDebugLog@@QEAA@PEBG@Z
+    - ??0CDebugLogEx@@QEAA@AEBV0@@Z
+    - ??0CDebugLogEx@@QEAA@K@Z
+    - ??0CDelayLoadThread@@QEAA@AEBV0@@Z
+    - ??0CDelayLoadThread@@QEAA@XZ
+    - ??0CExclusionExtConfig@@QEAA@AEBV0@@Z
+    - ??0CExclusionExtConfig@@QEAA@KKE@Z
+    - ??0CExclusionFileNameConfig@@QEAA@AEBV0@@Z
+    - ??0CExclusionFileNameConfig@@QEAA@KK@Z
+    - ??0CExclusionFilePathConfig@@QEAA@AEBV0@@Z
+    - ??0CExclusionFilePathConfig@@QEAA@KK@Z
+    - ??0CExclusionFolderConfig@@QEAA@AEBV0@@Z
+    - ??0CExclusionFolderConfig@@QEAA@KK@Z
+    - ??0CExclusionRegistryConfig@@QEAA@AEBV0@@Z
+    - ??0CExclusionRegistryConfig@@QEAA@KK@Z
+    - ??0CFile@@QEAA@AEBV0@@Z
+    - ??0CFile@@QEAA@E@Z
+    - ??0CFileExtension@@QEAA@AEBV0@@Z
+    - ??0CFileExtension@@QEAA@KEEPEAVIMemoryAllocator@@@Z
+    - ??0CInclusionExtConfig@@QEAA@AEBV0@@Z
+    - ??0CInclusionExtConfig@@QEAA@KKE@Z
+    - ??0CInclusionFileNameConfig@@QEAA@AEBV0@@Z
+    - ??0CInclusionFileNameConfig@@QEAA@KK@Z
+    - ??0CInclusionFilePathConfig@@QEAA@AEBV0@@Z
+    - ??0CInclusionFilePathConfig@@QEAA@KK@Z
+    - ??0CInclusionFolderConfig@@QEAA@AEBV0@@Z
+    - ??0CInclusionFolderConfig@@QEAA@KK@Z
+    - ??0CKEvent@@QEAA@AEBV0@@Z
+    - ??0CKEvent@@QEAA@W4_EVENT_TYPE@@E@Z
+    - ??0CList@@QEAA@AEBV0@@Z
+    - ??0CList@@QEAA@KPEAVIMemoryAllocator@@@Z
+    - ??0CLockEvent@@QEAA@AEBV0@@Z
+    - ??0CLockEvent@@QEAA@XZ
+    - ??0CLockList@@QEAA@AEBV0@@Z
+    - ??0CLockList@@QEAA@KKPEAVIMemoryAllocator@@@Z
+    - ??0CMemoryAllocator@@IEAA@W4_POOL_TYPE@@K@Z
+    - ??0CMemoryAllocator@@QEAA@AEBV0@@Z
+    - ??0CMemoryPoolAllocator@@IEAA@W4_POOL_TYPE@@_K1K@Z
+    - ??0CMemoryPoolAllocator@@QEAA@AEBV0@@Z
+    - ??0CModuleConfig@@QEAA@AEBV0@@Z
+    - ??0CModuleConfig@@QEAA@XZ
+    - ??0CModuleConfigList@@QEAA@AEBV0@@Z
+    - ??0CModuleConfigList@@QEAA@KPEAVIMemoryAllocator@@@Z
+    - ??0CModuleFileExtConfig@@QEAA@AEBV0@@Z
+    - ??0CModuleFileExtConfig@@QEAA@KKE@Z
+    - ??0CModuleFlagConfig@@QEAA@AEBV0@@Z
+    - ??0CModuleFlagConfig@@QEAA@K@Z
+    - ??0CModuleMultiStringConfig@@QEAA@AEBV0@@Z
+    - ??0CModuleMultiStringConfig@@QEAA@KK@Z
+    - ??0CModuleStringConfig@@QEAA@AEBV0@@Z
+    - ??0CModuleStringConfig@@QEAA@K@Z
+    - ??0CNoLockList@@QEAA@AEBV0@@Z
+    - ??0CNoLockList@@QEAA@KKPEAVIMemoryAllocator@@@Z
+    - ??0CSmartLock@@QEAA@AEAVCLockEvent@@@Z
+    - ??0CSmartLock@@QEAA@XZ
+    - ??0CSmartReference@@QEAA@AEAJ@Z
+    - ??0CSmartReference@@QEAA@AEAK@Z
+    - ??0CSmartResource@@QEAA@AEAVCResource@@E@Z
+    - ??0CStrList@@QEAA@AEBV0@@Z
+    - ??0CStrList@@QEAA@KPEAVIMemoryAllocator@@@Z
+    - ??0CSystemThread@@QEAA@AEBV0@@Z
+    - ??0CSystemThread@@QEAA@K@Z
+    - ??0CUserFuncAdapterJob@@QEAA@AEBV0@@Z
+    - ??0CUserFuncAdapterJob@@QEAA@P6AXPEAX@Z01@Z
+    - ??0CWorkerThread@@IEAA@PEAVCWorkerThreadJobQueue@@@Z
+    - ??0CWorkerThread@@QEAA@AEBV0@@Z
+    - ??0CWorkerThreadJob@@QEAA@AEBV0@@Z
+    - ??0CWorkerThreadJob@@QEAA@E@Z
+    - ??0CWorkerThreadJobQueue@@QEAA@AEBV0@@Z
+    - ??0CWorkerThreadJobQueue@@QEAA@K@Z
+    - ??0CWorkerThreadPool@@QEAA@AEBV0@@Z
+    - ??0CWorkerThreadPool@@QEAA@K@Z
+    - ??0CWorkerThreadPoolEx@@QEAA@AEBV0@@Z
+    - ??0CWorkerThreadPoolEx@@QEAA@KK@Z
+    - ??0IMemoryAllocator@@QEAA@AEBV0@@Z
+    - ??0IMemoryAllocator@@QEAA@XZ
+    - ??1CAutoUpdateConfigThread@@UEAA@XZ
+    - ??1CBlobConfig@@UEAA@XZ
+    - ??1CContext@@UEAA@XZ
+    - ??1CContextList@@UEAA@XZ
+    - ??1CDebugLog@@UEAA@XZ
+    - ??1CDebugLogEx@@UEAA@XZ
+    - ??1CDelayLoadThread@@UEAA@XZ
+    - ??1CExclusionExtConfig@@UEAA@XZ
+    - ??1CExclusionFileNameConfig@@UEAA@XZ
+    - ??1CExclusionFilePathConfig@@UEAA@XZ
+    - ??1CExclusionFolderConfig@@UEAA@XZ
+    - ??1CExclusionRegistryConfig@@UEAA@XZ
+    - ??1CFile@@UEAA@XZ
+    - ??1CFileExtension@@UEAA@XZ
+    - ??1CInclusionExtConfig@@UEAA@XZ
+    - ??1CInclusionFileNameConfig@@UEAA@XZ
+    - ??1CInclusionFilePathConfig@@UEAA@XZ
+    - ??1CInclusionFolderConfig@@UEAA@XZ
+    - ??1CKEvent@@UEAA@XZ
+    - ??1CList@@UEAA@XZ
+    - ??1CLockEvent@@UEAA@XZ
+    - ??1CLockList@@UEAA@XZ
+    - ??1CMemoryAllocator@@UEAA@XZ
+    - ??1CMemoryPoolAllocator@@UEAA@XZ
+    - ??1CModuleConfig@@UEAA@XZ
+    - ??1CModuleConfigList@@UEAA@XZ
+    - ??1CModuleFileExtConfig@@UEAA@XZ
+    - ??1CModuleFlagConfig@@UEAA@XZ
+    - ??1CModuleMultiStringConfig@@UEAA@XZ
+    - ??1CModuleStringConfig@@UEAA@XZ
+    - ??1CNoLockList@@UEAA@XZ
+    - ??1CSmartLock@@QEAA@XZ
+    - ??1CSmartReference@@QEAA@XZ
+    - ??1CSmartResource@@QEAA@XZ
+    - ??1CStrList@@UEAA@XZ
+    - ??1CSystemThread@@UEAA@XZ
+    - ??1CUserFuncAdapterJob@@UEAA@XZ
+    - ??1CWorkerThread@@UEAA@XZ
+    - ??1CWorkerThreadJob@@UEAA@XZ
+    - ??1CWorkerThreadJobQueue@@UEAA@XZ
+    - ??1CWorkerThreadPool@@UEAA@XZ
+    - ??1CWorkerThreadPoolEx@@UEAA@XZ
+    - ??1IMemoryAllocator@@UEAA@XZ
+    - ??2@YAPEAX_KPEAVIMemoryAllocator@@PEBDK@Z
+    - ??2CMemoryAllocator@@SAPEAX_K@Z
+    - ??2CMemoryPoolAllocator@@SAPEAX_K@Z
+    - ??3@YAXPEAX@Z
+    - ??3@YAXPEAX_K@Z
+    - ??3IMemoryAllocator@@SAXPEAX@Z
+    - ??4CAutoUpdateConfigThread@@QEAAAEAV0@AEBV0@@Z
+    - ??4CBlobConfig@@QEAAAEAV0@AEBV0@@Z
+    - ??4CContext@@QEAAAEAV0@AEBV0@@Z
+    - ??4CDebugLog@@QEAAAEAV0@AEBV0@@Z
+    - ??4CDebugLogEx@@QEAAAEAV0@AEBV0@@Z
+    - ??4CDelayLoadThread@@QEAAAEAV0@AEBV0@@Z
+    - ??4CFile@@QEAAAEAV0@AEBV0@@Z
+    - ??4CKEvent@@QEAAAEAV0@AEBV0@@Z
+    - ??4CLockEvent@@QEAAAEAV0@AEBV0@@Z
+    - ??4CMemoryAllocator@@QEAAAEAV0@AEBV0@@Z
+    - ??4CMemoryPoolAllocator@@QEAAAEAV0@AEBV0@@Z
+    - ??4CModuleConfig@@QEAAAEAV0@AEBV0@@Z
+    - ??4CModuleFlagConfig@@QEAAAEAV0@AEBV0@@Z
+    - ??4CModuleStringConfig@@QEAAAEAV0@AEBV0@@Z
+    - ??4CSmartLock@@QEAAAEAV0@AEBV0@@Z
+    - ??4CSmartLock@@QEAAAEBV0@AEAVCLockEvent@@@Z
+    - ??4CSmartResource@@QEAAAEAV0@AEBV0@@Z
+    - ??4CSystemThread@@QEAAAEAV0@AEBV0@@Z
+    - ??4CUserFuncAdapterJob@@QEAAAEAV0@AEBV0@@Z
+    - ??4CWorkerThread@@QEAAAEAV0@AEBV0@@Z
+    - ??4CWorkerThreadJob@@QEAAAEAV0@AEBV0@@Z
+    - ??4IMemoryAllocator@@QEAAAEAV0@AEBV0@@Z
+    - ??_7CAutoUpdateConfigThread@@6B@
+    - ??_7CBlobConfig@@6B@
+    - ??_7CContext@@6B@
+    - ??_7CContextList@@6B@
+    - ??_7CDebugLog@@6B@
+    - ??_7CDebugLogEx@@6B@
+    - ??_7CDelayLoadThread@@6B@
+    - ??_7CExclusionExtConfig@@6B@
+    - ??_7CExclusionFileNameConfig@@6B@
+    - ??_7CExclusionFilePathConfig@@6B@
+    - ??_7CExclusionFolderConfig@@6B@
+    - ??_7CExclusionRegistryConfig@@6B@
+    - ??_7CFile@@6B@
+    - ??_7CFileExtension@@6B@
+    - ??_7CInclusionExtConfig@@6B@
+    - ??_7CInclusionFileNameConfig@@6B@
+    - ??_7CInclusionFilePathConfig@@6B@
+    - ??_7CInclusionFolderConfig@@6B@
+    - ??_7CKEvent@@6B@
+    - ??_7CList@@6B@
+    - ??_7CLockEvent@@6B@
+    - ??_7CLockList@@6B@
+    - ??_7CMemoryAllocator@@6B@
+    - ??_7CMemoryPoolAllocator@@6B@
+    - ??_7CModuleConfig@@6B@
+    - ??_7CModuleConfigList@@6B@
+    - ??_7CModuleFileExtConfig@@6B@
+    - ??_7CModuleFlagConfig@@6B@
+    - ??_7CModuleMultiStringConfig@@6B@
+    - ??_7CModuleStringConfig@@6B@
+    - ??_7CNoLockList@@6B@
+    - ??_7CStrList@@6B@
+    - ??_7CSystemThread@@6B@
+    - ??_7CUserFuncAdapterJob@@6B@
+    - ??_7CWorkerThread@@6B@
+    - ??_7CWorkerThreadJob@@6B@
+    - ??_7CWorkerThreadJobQueue@@6B@
+    - ??_7CWorkerThreadPool@@6B@
+    - ??_7CWorkerThreadPoolEx@@6B@
+    - ??_7IMemoryAllocator@@6B@
+    - ??_FCContextList@@QEAAXXZ
+    - ??_FCFile@@QEAAXXZ
+    - ??_FCFileExtension@@QEAAXXZ
+    - ??_FCModuleConfigList@@QEAAXXZ
+    - ??_FCStrList@@QEAAXXZ
+    - ??_FCSystemThread@@QEAAXXZ
+    - ??_FCWorkerThread@@QEAAXXZ
+    - ??_FCWorkerThreadJob@@QEAAXXZ
+    - ??_FCWorkerThreadJobQueue@@QEAAXXZ
+    - ??_U@YAPEAX_KPEAVIMemoryAllocator@@PEBDK@Z
+    - ??_V@YAXPEAX@Z
+    - ??_V@YAXPEAX_K@Z
+    - ?Acquire@CLockEvent@@QEAAXXZ
+    - ?Add@CContextList@@QEAAEPEAVCContext@@@Z
+    - ?Add@CFileExtension@@QEAAEPEBGK@Z
+    - ?Add@CModuleConfigList@@QEAAEPEAVCModuleConfig@@@Z
+    - ?Add@CStrList@@QEAAEPEBG@Z
+    - ?AddNode@CLockList@@UEAAEQEAXE@Z
+    - ?AddNode@CNoLockList@@UEAAEQEAXE@Z
+    - ?Alloc@CMemoryAllocator@@UEAAPEAX_KPEBDK@Z
+    - ?Alloc@CMemoryPoolAllocator@@UEAAPEAX_KPEBDK@Z
+    - ?AllocBlock@CMemoryPoolAllocator@@IEAAPEAX_K@Z
+    - ?AttachJobQueue@CWorkerThread@@QEAAXPEAVCWorkerThreadJobQueue@@@Z
+    - ?Cancel@CWorkerThreadJob@@QEAAXXZ
+    - ?CheckNode@CLockList@@UEAAHQEAX@Z
+    - ?CheckNode@CNoLockList@@UEAAHQEAX@Z
+    - ?CleanQueue@CWorkerThreadJobQueue@@QEAAXXZ
+    - ?Cleanup@CBlobConfig@@AEAAXXZ
+    - ?Cleanup@CModuleFileExtConfig@@IEAAXXZ
+    - ?Cleanup@CModuleMultiStringConfig@@IEAAXXZ
+    - ?Cleanup@CModuleStringConfig@@AEAAXXZ
+    - ?Close@CFile@@QEAAJXZ
+    - ?Count@CLockList@@QEAAKXZ
+    - ?Count@CNoLockList@@QEAAKXZ
+    - ?Create@CFile@@QEAAJPEBGKKKK@Z
+    - ?Create@CSystemThread@@QEAAEXZ
+    - ?CreateInstance@CMemoryAllocator@@SAPEAV1@W4_POOL_TYPE@@K@Z
+    - ?CreateInstance@CMemoryPoolAllocator@@SAPEAV1@W4_POOL_TYPE@@_K1K@Z
+    - ?CreatePool@CWorkerThreadPool@@QEAAEXZ
+    - ?CreatePool@CWorkerThreadPoolEx@@QEAAEXZ
+    - ?CreateThreads@CWorkerThreadPool@@QEAAEK@Z
+    - ?CreateThreads@CWorkerThreadPoolEx@@QEAAEK@Z
+    - ?CreateWIRP@CFile@@QEAAJPEBGKKKK@Z
+    - ?Delete@CFile@@QEAAJXZ
+    - ?Delete@CFileExtension@@QEAAEPEBGK@Z
+    - ?Delete@CStrList@@QEAAEPEBG@Z
+    - ?DeleteAll@CList@@UEAAXXZ
+    - ?DeleteAll@CLockList@@UEAAXXZ
+    - ?DeleteAll@CNoLockList@@UEAAXXZ
+    - ?DeleteNode@CContextList@@MEAAXPEAX@Z
+    - ?DeleteNode@CList@@UEAAXPEAX@Z
+    - ?DeleteNode@CModuleConfigList@@MEAAXPEAX@Z
+    - ?DeleteNode@CStrList@@EEAAXPEAU_STR_LIST_NODE@1@@Z
+    - ?DisableWriteProtectFromCR0@@YAXPEAPEAX@Z
+    - ?DoIt@CWorkerThreadJob@@QEAAJXZ
+    - ?EntryPoint@CSystemThread@@KAXPEAX@Z
+    - ?Find@CContextList@@QEAAPEAVCContext@@K@Z
+    - ?Find@CContextList@@QEAAPEAVCContext@@PEAX@Z
+    - ?Find@CFileExtension@@QEAAPEAU_STR_LIST_NODE@CStrList@@PEBGK@Z
+    - ?Find@CModuleConfigList@@QEAAPEAVCModuleConfig@@K@Z
+    - ?Find@CStrList@@QEAAPEAU_STR_LIST_NODE@1@PEBG@Z
+    - ?FindNode@CContextList@@IEAAPEAXPEAX@Z
+    - ?FindPartiallyAndAllMatch@CStrList@@QEAAPEAU_STR_LIST_NODE@1@PEBG@Z
+    - ?FinishFunction@CUserFuncAdapterJob@@MEAAXXZ
+    - ?FinishIt@CWorkerThreadJob@@QEAAJXZ
+    - ?First@CList@@UEAAPEAXXZ
+    - ?First@CLockList@@UEAAPEAXXZ
+    - ?First@CNoLockList@@UEAAPEAXXZ
+    - ?Free@CMemoryAllocator@@UEAAXPEAX@Z
+    - ?Free@CMemoryPoolAllocator@@UEAAXPEAX@Z
+    - ?GetAttributes@CFile@@QEAAKXZ
+    - ?GetBasicInfomration@CFile@@IEAAJXZ
+    - ?GetBlobCofig@CContext@@UEAAJKPEAXPEAK@Z
+    - ?GetCategory@CContext@@QEAAKXZ
+    - ?GetData@CBlobConfig@@QEAAHPEAXPEAK@Z
+    - ?GetData@CModuleFileExtConfig@@QEAAHPEAGPEAK@Z
+    - ?GetData@CModuleFileExtConfig@@QEAAPEAVCFileExtension@@XZ
+    - ?GetData@CModuleFlagConfig@@QEAAKXZ
+    - ?GetData@CModuleMultiStringConfig@@QEAAHPEAGPEAK@Z
+    - ?GetData@CModuleMultiStringConfig@@QEAAPEAVCStrList@@XZ
+    - ?GetData@CModuleStringConfig@@QEAAPEAGXZ
+    - ?GetData@CStrList@@QEAAEPEAGPEAK@Z
+    - ?GetDataType@CModuleConfig@@QEAAKXZ
+    - ?GetEngineContext@CContext@@QEAAPEAXXZ
+    - ?GetFileExtensionConfig@CContext@@QEAAPEAVCFileExtension@@K@Z
+    - ?GetFileExtensionConfig@CContext@@UEAAJKPEAGPEAK@Z
+    - ?GetFileSize@CFile@@QEAAJPEAT_LARGE_INTEGER@@@Z
+    - ?GetFileSizeWIRP@CFile@@QEAAJPEAT_LARGE_INTEGER@@@Z
+    - ?GetFlagConfig@CContext@@UEAAJKPEAK@Z
+    - ?GetID@CModuleConfig@@QEAAKXZ
+    - ?GetJob@CWorkerThreadJobQueue@@QEAAPEAVCWorkerThreadJob@@XZ
+    - ?GetLength@CModuleStringConfig@@QEAAKXZ
+    - ?GetLinkContext@CContext@@QEAAPEAXXZ
+    - ?GetLogFlag@CDebugLog@@QEAAKXZ
+    - ?GetLogFlag@CDebugLogEx@@QEAAKXZ
+    - ?GetModuleId@CModuleConfig@@QEAAKXZ
+    - ?GetMultiStringConfig@CContext@@QEAAPEAVCStrList@@K@Z
+    - ?GetMultiStringConfig@CContext@@UEAAJKPEAGPEAK@Z
+    - ?GetOneThreadTEB@CWorkerThreadPool@@QEAAPEAU_ETHREAD@@XZ
+    - ?GetOneThreadTEB@CWorkerThreadPool@@QEAAPEAU_KTHREAD@@XZ
+    - ?GetOneThreadTEB@CWorkerThreadPoolEx@@QEAAPEAU_ETHREAD@@XZ
+    - ?GetOneThreadTEB@CWorkerThreadPoolEx@@QEAAPEAU_KTHREAD@@XZ
+    - ?GetReportCallBackRoutine@CContext@@QEAA_KXZ
+    - ?GetSize@CBlobConfig@@QEAAKXZ
+    - ?GetStringConfig@CContext@@QEAAPEAGK@Z
+    - ?GetStringConfig@CContext@@UEAAJKPEAGPEAK@Z
+    - ?GetThreadCount@CWorkerThreadPool@@QEAAKXZ
+    - ?GetThreadCount@CWorkerThreadPoolEx@@QEAAKXZ
+    - ?GetThreadID@CSystemThread@@QEAA_KXZ
+    - ?GetType@CContext@@QEAAKXZ
+    - ?GetUserParameter@CContext@@QEAA_KXZ
+    - ?InitProcMon@CDebugLogEx@@IEAAXXZ
+    - ?InitializeBlobConfig@CContext@@QEAAHKPEAXK@Z
+    - ?InitializeFileExtensionConfig@CContext@@QEAAHKPEBG@Z
+    - ?InitializeFlagConfig@CContext@@QEAAHKK@Z
+    - ?InitializeMultiStringConfig@CContext@@QEAAHKPEBG@Z
+    - ?InitializeStringConfig@CContext@@QEAAHKPEBG@Z
+    - ?Insert@CList@@UEAAXQEAXE@Z
+    - ?Insert@CLockList@@UEAAXQEAXE@Z
+    - ?Insert@CNoLockList@@UEAAXQEAXE@Z
+    - ?InsertAfter@CList@@UEAAXPEAX0@Z
+    - ?InsertBefore@CList@@UEAAXPEAX0@Z
+    - ?Instance@CWorkerThreadPool@@SAPEAV1@XZ
+    - ?IsEmpty@CList@@UEAAEXZ
+    - ?IsEmpty@CLockList@@UEAAEXZ
+    - ?IsEmpty@CNoLockList@@UEAAEXZ
+    - ?IsExceedLimitation@CMemoryPoolAllocator@@IEAAEK@Z
+    - ?IsFull@CLockList@@QEBAEXZ
+    - ?IsFull@CNoLockList@@QEBAEXZ
+    - ?IsInExclusionList@CExclusionExtConfig@@QEAAEPEBG@Z
+    - ?IsInExclusionList@CExclusionFileNameConfig@@QEAAEPEBG@Z
+    - ?IsInExclusionList@CExclusionFilePathConfig@@QEAAEPEBG@Z
+    - ?IsInExclusionList@CExclusionFolderConfig@@QEAAEPEBG@Z
+    - ?IsInExclusionList@CExclusionRegistryConfig@@QEAAEPEBG@Z
+    - ?IsInInclusionList@CInclusionExtConfig@@QEAAEPEBG@Z
+    - ?IsInInclusionList@CInclusionFileNameConfig@@QEAAEPEBG@Z
+    - ?IsInInclusionList@CInclusionFilePathConfig@@QEAAEPEBG@Z
+    - ?IsInInclusionList@CInclusionFolderConfig@@QEAAEPEBG@Z
+    - ?IsOpened@CFile@@QEAAEXZ
+    - ?IsTerminated@CWorkerThreadPool@@QEAAEXZ
+    - ?IsTerminated@CWorkerThreadPoolEx@@QEAAEXZ
+    - ?IsValid@CMemoryAllocator@@UEAAEXZ
+    - ?IsValid@CMemoryPoolAllocator@@UEAAEXZ
+    - ?IsValid@IMemoryAllocator@@UEAAEXZ
+    - ?IsWorkerThread@CWorkerThreadPool@@QEAAE_K@Z
+    - ?IsWorkerThread@CWorkerThreadPoolEx@@QEAAE_K@Z
+    - ?JobFunction@CUserFuncAdapterJob@@MEAAXXZ
+    - ?JobQueue@CWorkerThreadPool@@QEAAAEAVCWorkerThreadJobQueue@@XZ
+    - ?JobQueue@CWorkerThreadPoolEx@@QEAAAEAVCWorkerThreadJobQueue@@XZ
+    - ?Limit@CLockList@@QEAAKXZ
+    - ?Limit@CNoLockList@@QEAAKXZ
+    - ?MatchAllExtensions@CFileExtension@@QEAAEXZ
+    - ?MatchNoExtensions@CFileExtension@@QEAAEXZ
+    - ?MergeLeft@CMemoryPoolAllocator@@IEAAPEAXPEAX@Z
+    - ?MergeRight@CMemoryPoolAllocator@@IEAAPEAXPEAX@Z
+    - ?NeedDelete@CWorkerThreadJob@@QEAAEXZ
+    - ?NeedDeleteWhenFinish@CWorkerThreadJob@@QEAAXE@Z
+    - ?NewNode@CList@@UEAAPEAXXZ
+    - ?NewNode@CStrList@@EEAAPEAXXZ
+    - ?NewNodeVariant@CList@@IEAAPEAXK@Z
+    - ?Next@CList@@UEBAPEAXQEAX@Z
+    - ?Next@CLockList@@UEBAPEAXQEAX@Z
+    - ?Next@CNoLockList@@UEBAPEAXQEAX@Z
+    - ?NextPool@CMemoryPoolAllocator@@QEAAPEAV1@XZ
+    - ?NotityTerminate@CWorkerThread@@QEAAXXZ
+    - ?PostJobToWorkerThread@CWorkerThreadPool@@QEAAJP6AXPEAX@Z0E@Z
+    - ?PostJobToWorkerThread@CWorkerThreadPoolEx@@QEAAJP6AXPEAX@Z0E1@Z
+    - ?Pulse@CKEvent@@QEAAJJE@Z
+    - ?QueueJob@CWorkerThreadJobQueue@@QEAAEPEAVCWorkerThreadJob@@@Z
+    - ?QueueJobItem@CWorkerThreadPool@@QEAAJPEAVCWorkerThreadJob@@@Z
+    - ?QueueJobItem@CWorkerThreadPoolEx@@QEAAJPEAVCWorkerThreadJob@@@Z
+    - ?RCMInstance@CWorkerThreadPool@@SAPEAV1@XZ
+    - ?Read@CFile@@QEAAJPEADKPEAK@Z
+    - ?ReadWIRP@CFile@@QEAAJPEADKPEAK@Z
+    - ?ReferenceCount@CContext@@QEAAAEAKXZ
+    - ?Release@CLockEvent@@QEAAXXZ
+    - ?Remove@CContextList@@UEAAEQEAX@Z
+    - ?Remove@CList@@UEAAEQEAX@Z
+    - ?Remove@CLockList@@UEAAEQEAX@Z
+    - ?Remove@CNoLockList@@UEAAEQEAX@Z
+    - ?RemoveHead@CList@@UEAAPEAXXZ
+    - ?RemoveHead@CLockList@@UEAAPEAXXZ
+    - ?RemoveHead@CNoLockList@@UEAAPEAXXZ
+    - ?RemoveTail@CList@@UEAAPEAXXZ
+    - ?RemoveTail@CLockList@@UEAAPEAXXZ
+    - ?RemoveTail@CNoLockList@@UEAAPEAXXZ
+    - ?Reset@CKEvent@@QEAAXXZ
+    - ?ResetData@CInclusionExtConfig@@QEAAXXZ
+    - ?ResetData@CInclusionFileNameConfig@@QEAAXXZ
+    - ?ResetData@CInclusionFilePathConfig@@QEAAXXZ
+    - ?ResetData@CInclusionFolderConfig@@QEAAXXZ
+    - ?RestoreCR0@@YAXPEAX@Z
+    - ?Run@CAutoUpdateConfigThread@@UEAAXXZ
+    - ?Run@CDelayLoadThread@@UEAAXXZ
+    - ?Run@CWorkerThread@@UEAAXXZ
+    - ?SeekToEnd@CFile@@QEAAJXZ
+    - ?Set@CKEvent@@QEAAJJE@Z
+    - ?SetAttributes@CFile@@QEAAJK@Z
+    - ?SetBlobCofig@CContext@@UEAAJKPEAXK@Z
+    - ?SetData@CBlobConfig@@QEAAHPEAXK@Z
+    - ?SetData@CModuleFileExtConfig@@QEAAHPEBG@Z
+    - ?SetData@CModuleFlagConfig@@QEAAHK@Z
+    - ?SetData@CModuleMultiStringConfig@@QEAAHPEBGK@Z
+    - ?SetData@CModuleStringConfig@@QEAAHPEBG@Z
+    - ?SetEngineContext@CContext@@QEAAXPEAX@Z
+    - ?SetFileExtensionConfig@CContext@@UEAAJKPEBG@Z
+    - ?SetFlagConfig@CContext@@UEAAJKK@Z
+    - ?SetLinkContext@CContext@@QEAAXPEAX@Z
+    - ?SetLogFlag@CDebugLog@@QEAAEK@Z
+    - ?SetLogFlag@CDebugLogEx@@QEAAEK@Z
+    - ?SetMatchAllExtensions@CFileExtension@@QEAAXE@Z
+    - ?SetMatchNoExtensions@CFileExtension@@QEAAXE@Z
+    - ?SetMultiStringConfig@CContext@@UEAAJKPEBG@Z
+    - ?SetNewJobItemEvent@CWorkerThreadJobQueue@@QEAAXXZ
+    - ?SetPriority@CSystemThread@@QEAAXK@Z
+    - ?SetStopUse@CContext@@QEAAXXZ
+    - ?SetStringConfig@CContext@@UEAAJKPEBG@Z
+    - ?Setup@CSystemThread@@MEAAXXZ
+    - ?StopUse@CContext@@QEAAHXZ
+    - ?TearDown@CSystemThread@@MEAAXXZ
+    - ?Terminate@CSystemThread@@QEAAXE@Z
+    - ?Terminate@CWorkerThreadPool@@QEAAEXZ
+    - ?Terminate@CWorkerThreadPoolEx@@QEAAEXZ
+    - ?TmExceptionFilter@@YAJPEAU_EXCEPTION_POINTERS@@@Z
+    - ?Wait@CKEvent@@QEAAJPEAT_LARGE_INTEGER@@E@Z
+    - ?WaitFinish@CWorkerThreadJob@@QEAAXXZ
+    - ?WaitForInit@CDelayLoadThread@@QEAAEXZ
+    - ?WaitForLoad@CDelayLoadThread@@QEAAEXZ
+    - ?WaitNewJobAvailable@CWorkerThreadJobQueue@@QEAAEXZ
+    - ?WaitQueueEmpty@CWorkerThreadJobQueue@@QEAAXXZ
+    - ?Write@CDebugLog@@QEAAXPEBDZZ
+    - ?Write@CDebugLogEx@@QEAAXPEBDZZ
+    - ?Write@CFile@@QEAAJPEADKPEAT_LARGE_INTEGER@@PEAK@Z
+    - ?WriteDataToFile@CDebugLogEx@@IEAAXPEADK@Z
+    - ?WriteDataToProcMonW@CDebugLogEx@@IEAAXPEAD@Z
+    - ?WriteSystemInformation@CDebugLog@@QEAAXXZ
+    - ?WriteSystemInformation@CDebugLogEx@@QEAAXXZ
+    - ?WriteSystemStringInformation@CDebugLog@@IEAAXPEBG@Z
+    - ?WriteSystemStringInformation@CDebugLogEx@@IEAAXPEBG@Z
+    - ?WriteToFile@CDebugLog@@IEAAXPEADK@Z
+    - ?WriteToProcMonW@CDebugLogEx@@IEAAXPEAU_UNICODE_STRING@@@Z
+    - ?_pNonPagedAllocator@@3PEAVCMemoryAllocator@@EA
+    - ?_pPagedAllocator@@3PEAVCMemoryAllocator@@EA
+    - ?m_lpInstance@CWorkerThreadPool@@1PEAV1@EA
+    - ?m_lpRCMInstance@CWorkerThreadPool@@1PEAV1@EA
+    - AllocFullFileName
+    - DeInitKm2UmCommunication
+    - DeInitKmLPC
+    - DuplicateFullFileName
+    - FreeFullFileName
+    - GetKm2UmMode
+    - GetModuleInfoByAddress
+    - GetModuleInfoByModuleName
+    - InitKm2UmCommunication
+    - InitKmLPC
+    - IsVerifierCodeCheckFlagOn
+    - IsWindows8_1_update
+    - KmCallUm
+    - KmCallUmByLPC
+    - KmCallUmEx
+    - KmCleanupCommPortAPIs
+    - KmGetUmInitProcess
+    - KmSetBackupCommPortAPIs
+    - KmSetCommPortAPIs
+    - ModGetExportProcAddress
+    - ModLoadDLLToBuffer
+    - ModLoadDLLToBufferWithImageSize
+    - ModLoadModule
+    - ModUnLoadModule
+    - NormalizeFileName
+    - NormalizeFullNtPathToDosName
+    - TmCommConfigRoutine
+    - UtilAddDeviceInDriveTable
+    - UtilAddReparsePointMapping
+    - UtilCleanFileReadOnly
+    - UtilCloseExclusiveHandle
+    - UtilCreateDosFileName
+    - UtilDeleteFileForce
+    - UtilGetDeviceObjectName
+    - UtilGetFileNameFromFileObject
+    - UtilGetFileObjectForProcessByEPROC
+    - UtilGetFileObjectFromFileName
+    - UtilGetProcessName
+    - UtilGetSystemDirectory
+    - UtilGetSystemDirectoryEx
+    - UtilGetSystemDirectoryLength
+    - UtilGetSystemTime
+    - UtilIoSetFileInfo
+    - UtilIopCreateFileIRP
+    - UtilKeGetLowFileDevice
+    - UtilModuleIATHook
+    - UtilModuleIATUnHook
+    - UtilPostJobToWorkerThread
+    - UtilQueryExclusiveHandle
+    - UtilQueryKeyValue
+    - UtilRemoveDeviceFromDriveTable
+    - UtilVolumeDeviceToDosName
+    - UtilWaitValueChangeToZero
+    - UtilWriteVersionToRegistry
+    - UtilbuildDynamicDiskMappingTable
+    - UtlWriteBinValueKeyToRegistry
+    - ValidateAddressWithSize
+    - _ResetProtectFromClose
+    - _UtilDosPathNameToNtPathName
+    ImportedFunctions:
+    - RtlInitUnicodeString
+    - KeInitializeEvent
+    - KeClearEvent
+    - KeSetEvent
+    - KeEnterCriticalRegion
+    - KeLeaveCriticalRegion
+    - KeWaitForSingleObject
+    - ExFreePoolWithTag
+    - ExAcquireFastMutexUnsafe
+    - ExReleaseFastMutexUnsafe
+    - ProbeForRead
+    - ProbeForWrite
+    - ExAcquireResourceSharedLite
+    - ExAcquireResourceExclusiveLite
+    - ExReleaseResourceLite
+    - MmProbeAndLockPages
+    - MmUnlockPages
+    - MmMapLockedPagesSpecifyCache
+    - IoAllocateMdl
+    - IoFreeMdl
+    - IoGetCurrentProcess
+    - ObfReferenceObject
+    - ObfDereferenceObject
+    - ZwClose
+    - ZwCreateSection
+    - ZwOpenSection
+    - ZwMapViewOfSection
+    - ZwUnmapViewOfSection
+    - ZwOpenEvent
+    - KePulseEvent
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - ObOpenObjectByPointer
+    - ZwAllocateVirtualMemory
+    - ZwFreeVirtualMemory
+    - ZwSetEvent
+    - __C_specific_handler
+    - PsProcessType
+    - wcslen
+    - wcsncpy
+    - wcsrchr
+    - RtlUnicodeStringToInteger
+    - ZwWaitForSingleObject
+    - ZwRequestWaitReplyPort
+    - ZwConnectPort
+    - _stricmp
+    - ExAllocatePoolWithTag
+    - MmIsAddressValid
+    - RtlImageNtHeader
+    - ZwQuerySystemInformation
+    - SeCaptureSubjectContext
+    - SeReleaseSubjectContext
+    - SeAccessCheck
+    - ObGetObjectSecurity
+    - ObReleaseObjectSecurity
+    - PsGetProcessExitTime
+    - PsThreadType
+    - MmSectionObjectType
+    - RtlCreateSecurityDescriptor
+    - RtlSetDaclSecurityDescriptor
+    - KeInitializeSemaphore
+    - KeReleaseSemaphore
+    - ExAcquireFastMutex
+    - ExReleaseFastMutex
+    - RtlCreateAcl
+    - RtlAddAccessAllowedAce
+    - RtlLengthRequiredSid
+    - RtlInitializeSid
+    - RtlSubAuthoritySid
+    - KeDelayExecutionThread
+    - ExGetPreviousMode
+    - DbgPrint
+    - swprintf
+    - RtlCopyUnicodeString
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - ObReferenceObjectByHandle
+    - PsGetCurrentProcessId
+    - ZwCreateEvent
+    - ExEventObjectType
+    - _wcsnicmp
+    - PsSetCreateProcessNotifyRoutine
+    - ZwQueryInformationProcess
+    - PsLookupProcessByProcessId
+    - ZwOpenDirectoryObject
+    - ExInitializeResourceLite
+    - ExDeleteResourceLite
+    - ZwCreateFile
+    - ZwQueryInformationFile
+    - ZwSetInformationFile
+    - ZwReadFile
+    - ZwWriteFile
+    - towupper
+    - MmGetSystemRoutineAddress
+    - ObReferenceObjectByPointer
+    - PsGetCurrentThreadId
+    - ObQueryNameString
+    - PsGetVersion
+    - _snprintf
+    - _vsnprintf
+    - RtlInitAnsiString
+    - wcscat
+    - RtlFreeUnicodeString
+    - RtlTimeToTimeFields
+    - KeWaitForMultipleObjects
+    - ExSystemTimeToLocalTime
+    - ZwCreateKey
+    - ZwDeviceIoControlFile
+    - ZwNotifyChangeKey
+    - ZwOpenFile
+    - ZwQueryVolumeInformationFile
+    - mbstowcs
+    - IoGetDeviceObjectPointer
+    - IoBuildDeviceIoControlRequest
+    - IofCallDriver
+    - IoCreateFile
+    - RtlEqualUnicodeString
+    - RtlAppendUnicodeStringToString
+    - RtlUpcaseUnicodeChar
+    - _snwprintf
+    - strlen
+    - _strnicmp
+    - strncpy
+    - NtOpenProcess
+    - NtQueryInformationProcess
+    - ObOpenObjectByName
+    - KeSetPriorityThread
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - KeNumberProcessors
+    - RtlLengthSecurityDescriptor
+    - ZwOpenKey
+    - ZwDeleteKey
+    - ZwDeleteValueKey
+    - ZwEnumerateKey
+    - ZwEnumerateValueKey
+    - ZwQueryKey
+    - ZwQueryValueKey
+    - ZwSetValueKey
+    - ZwTerminateProcess
+    - ZwOpenProcess
+    - ZwDuplicateObject
+    - ZwQuerySecurityObject
+    - ZwSetSecurityObject
+    - ZwQueryDirectoryObject
+    - ZwQueryDirectoryFile
+    - NtCreateFile
+    - NtQueryInformationFile
+    - NtSetInformationFile
+    - IoFileObjectType
+    - ObInsertObject
+    - wcschr
+    - wcsncmp
+    - RtlQueryRegistryValues
+    - RtlAppendUnicodeToString
+    - RtlCompareMemory
+    - MmBuildMdlForNonPagedPool
+    - IoAllocateIrp
+    - IoFreeIrp
+    - ZwOpenSymbolicLinkObject
+    - ZwQuerySymbolicLinkObject
+    - RtlUpcaseUnicodeString
+    - NtClose
+    - ZwSetInformationObject
+    - SeQueryAuthenticationIdToken
+    - MmSystemRangeStart
+    - IoGetFileObjectGenericMapping
+    - ObCreateObject
+    - SeCreateAccessState
+    - IoAcquireVpbSpinLock
+    - IoReleaseVpbSpinLock
+    - wcstombs
+    - strncat
+    - wcsncat
+    - RtlUnicodeStringToAnsiString
+    - RtlFreeAnsiString
+    - strcpy
+    - wcsstr
+    - RtlCompareUnicodeString
+    - DbgPrintEx
+    - KeAcquireSpinLockRaiseToDpc
+    - KeReleaseSpinLock
+    - ExAllocatePool
+    - ExpInterlockedPopEntrySList
+    - IoBuildSynchronousFsdRequest
+    - IoGetStackLimits
+    - IoGetDeviceInterfaces
+    - IoRegisterPlugPlayNotification
+    - IoUnregisterPlugPlayNotification
+    - IoGetConfigurationInformation
+    - FsRtlIsNameInExpression
+    - IoDeviceObjectType
+    - IoCreateDevice
+    - RtlGetOwnerSecurityDescriptor
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetSaclSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - RtlLengthSid
+    - SeExports
+    - IoIsWdmVersionAvailable
+    - RtlAbsoluteToSelfRelativeSD
+    - RtlAnsiStringToUnicodeString
+    - _purecall
+    - KeBugCheckEx
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=TW, ST=Taiwan, L=Taipei, O=Trend Micro, Inc., CN=Trend Micro,
+                Inc.
+            ValidFrom: '2017-04-27 00:00:00'
+            ValidTo: '2018-07-16 23:59:59'
+            Signature: f3b20c020c826fd9e2629408ffc97c9e245959d1050c9ce7708069d366d26af191812e16fce674eaca0d8f05b2a796280831737299800d2bfe0071efecf655117b7952a4d7c0701b97de034a1d42e928fd1a2082b081f9d22e9d39af3233cf05c1e61ae1f8fbfec872e78d9a0b29b4f147f1a053d1757a824601df2bb07c75c591fe7efbaf0021764b90cd446f85f80d14bc2cd42c83edfa7d2510f8f94c82d1b3ea999b1cff9093291977c7e996dc32904d3934f167077684ff76aa5327654a0bd7223d9d67657b47c5b46012dca6723d89e7fa051b3380d0c4977b9df537e75da3186ab149b27c089715a01bd695f408f7ded66bfbe920d27a6f6a7d4cc8b3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 497c4fad471540e6e453d0cafb155740
+            Version: 3
+            TBS:
+                MD5: 78eaa337666217b1c16a9a0ebd0b8434
+                SHA1: ff9cb835e78f6185eed4372096c3bae53b17d18d
+                SHA256: 1c0d9746725e176b4a7c2852878f14d7587f58e65d346bc1247f1c8ee6374250
+                SHA384: ffe3c75b860679a5de399c7d2c2844dbfac51d5d8581e24648d208daba1e4bed5c867808e02dc8d7cb3df1d4b2b53d10
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 497c4fad471540e6e453d0cafb155740
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 9700ee6a34ba2b25ddc817d1a0743be8
+        SHA1: 80283ee3a81f182a56da60791555c7a5ac734e1c
+        SHA256: 7f352214a0d86b5a789492b8c5d18b8bb5fe7ec7145b883dbf27d6f1bc31a950
+    Sections:
+        .text:
+            Entropy: 5.8826477605363685
+            Virtual Size: '0x523a5'
+        .rdata:
+            Entropy: 3.453137760228661
+            Virtual Size: '0x613c'
+        .data:
+            Entropy: 4.680027676315811
+            Virtual Size: '0x3374'
+        .pdata:
+            Entropy: 5.561862756093369
+            Virtual Size: '0x3ab0'
+        .gfids:
+            Entropy: 1.5
+            Virtual Size: '0x4'
+        PAGE:
+            Entropy: 6.309932854876349
+            Virtual Size: '0x1ae4'
+        .edata:
+            Entropy: 5.84096094271657
+            Virtual Size: '0x5834'
+        INIT:
+            Entropy: 5.34434036674121
+            Virtual Size: '0x18a6'
+        .rsrc:
+            Entropy: 3.387419528283944
+            Virtual Size: '0x568'
+        .reloc:
+            Entropy: 5.319305863516213
+            Virtual Size: '0x4c8'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2017-05-18 04:55:14'
+    Imphash: 234f0978e7f2aa0beb9501ff53d94e5b
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: TmComm.sys
+    MD5: 113056ec5c679b6f74c9556339ebf962
+    SHA1: e7d8fc86b90f75864b7e2415235e17df4d85ee31
+    SHA256: c082514317bf80a2f5129d84a5a55e411a95e32d03a4df1274537704c80e41dd
+    Authentihash:
+        MD5: df0c799f44b29f166c1457111f1e2e44
+        SHA1: 8f304036c7dc0ba138cba81a45a8b0f9336231d4
+        SHA256: 13002b14aa6e63dc7117e2969d038beb009dbd6093a4590c6913b426d773dea3
+    Description: TrendMicro Common Module
+    Company: Trend Micro Inc.
+    InternalName: TmComm.sys
+    OriginalFilename: TmComm.sys
+    FileVersion: 6.60.0.1084
+    Product: Trend Micro Eyes
+    ProductVersion: '6.60'
+    Copyright: Copyright  (C)  2020 Trend Micro Incorporated. All rights reserved.
+    MachineType: I386
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    - CLASSPNP.SYS
+    ExportedFunctions:
+    - ??0CAutoUpdateConfigThread@@QAE@ABV0@@Z
+    - ??0CAutoUpdateConfigThread@@QAE@PAU_UNICODE_STRING@@P6GX0PAX@Z1@Z
+    - ??0CBlobConfig@@QAE@ABV0@@Z
+    - ??0CBlobConfig@@QAE@K@Z
+    - ??0CContext@@QAE@ABV0@@Z
+    - ??0CContext@@QAE@KP6GJPAU_EVENT_REPORT@@PAXPAU_TMCE_REPORT@@PAU_TMCE_FEEDBACK@@@Z1K@Z
+    - ??0CContextList@@QAE@ABV0@@Z
+    - ??0CContextList@@QAE@KPAVIMemoryAllocator@@@Z
+    - ??0CDebugLog@@QAE@ABV0@@Z
+    - ??0CDebugLog@@QAE@PBG@Z
+    - ??0CDebugLogEx@@QAE@ABV0@@Z
+    - ??0CDebugLogEx@@QAE@K@Z
+    - ??0CDelayLoadThread@@QAE@ABV0@@Z
+    - ??0CDelayLoadThread@@QAE@XZ
+    - ??0CExclusionExtConfig@@QAE@ABV0@@Z
+    - ??0CExclusionExtConfig@@QAE@KKE@Z
+    - ??0CExclusionFileNameConfig@@QAE@ABV0@@Z
+    - ??0CExclusionFileNameConfig@@QAE@KK@Z
+    - ??0CExclusionFilePathConfig@@QAE@ABV0@@Z
+    - ??0CExclusionFilePathConfig@@QAE@KK@Z
+    - ??0CExclusionFolderConfig@@QAE@ABV0@@Z
+    - ??0CExclusionFolderConfig@@QAE@KK@Z
+    - ??0CExclusionRegistryConfig@@QAE@ABV0@@Z
+    - ??0CExclusionRegistryConfig@@QAE@KK@Z
+    - ??0CFile@@QAE@ABV0@@Z
+    - ??0CFile@@QAE@E@Z
+    - ??0CFileExtension@@QAE@ABV0@@Z
+    - ??0CFileExtension@@QAE@KEEPAVIMemoryAllocator@@@Z
+    - ??0CInclusionExtConfig@@QAE@ABV0@@Z
+    - ??0CInclusionExtConfig@@QAE@KKE@Z
+    - ??0CInclusionFileNameConfig@@QAE@ABV0@@Z
+    - ??0CInclusionFileNameConfig@@QAE@KK@Z
+    - ??0CInclusionFilePathConfig@@QAE@ABV0@@Z
+    - ??0CInclusionFilePathConfig@@QAE@KK@Z
+    - ??0CInclusionFolderConfig@@QAE@ABV0@@Z
+    - ??0CInclusionFolderConfig@@QAE@KK@Z
+    - ??0CKEvent@@QAE@ABV0@@Z
+    - ??0CKEvent@@QAE@W4_EVENT_TYPE@@E@Z
+    - ??0CList@@QAE@ABV0@@Z
+    - ??0CList@@QAE@KPAVIMemoryAllocator@@@Z
+    - ??0CLockEvent@@QAE@ABV0@@Z
+    - ??0CLockEvent@@QAE@XZ
+    - ??0CLockList@@QAE@ABV0@@Z
+    - ??0CLockList@@QAE@KKPAVIMemoryAllocator@@@Z
+    - ??0CMemoryAllocator@@IAE@W4_POOL_TYPE@@K@Z
+    - ??0CMemoryAllocator@@QAE@ABV0@@Z
+    - ??0CMemoryPoolAllocator@@IAE@W4_POOL_TYPE@@KKK@Z
+    - ??0CMemoryPoolAllocator@@QAE@ABV0@@Z
+    - ??0CModuleConfig@@QAE@ABV0@@Z
+    - ??0CModuleConfig@@QAE@XZ
+    - ??0CModuleConfigList@@QAE@ABV0@@Z
+    - ??0CModuleConfigList@@QAE@KPAVIMemoryAllocator@@@Z
+    - ??0CModuleFileExtConfig@@QAE@ABV0@@Z
+    - ??0CModuleFileExtConfig@@QAE@KKE@Z
+    - ??0CModuleFlagConfig@@QAE@ABV0@@Z
+    - ??0CModuleFlagConfig@@QAE@K@Z
+    - ??0CModuleMultiStringConfig@@QAE@ABV0@@Z
+    - ??0CModuleMultiStringConfig@@QAE@KK@Z
+    - ??0CModuleStringConfig@@QAE@ABV0@@Z
+    - ??0CModuleStringConfig@@QAE@K@Z
+    - ??0CNoLockList@@QAE@ABV0@@Z
+    - ??0CNoLockList@@QAE@KKPAVIMemoryAllocator@@@Z
+    - ??0CSmartLock@@QAE@AAVCLockEvent@@@Z
+    - ??0CSmartLock@@QAE@XZ
+    - ??0CSmartReference@@QAE@AAJ@Z
+    - ??0CSmartReference@@QAE@AAK@Z
+    - ??0CSmartResource@@QAE@AAVCResource@@E@Z
+    - ??0CStrList@@QAE@ABV0@@Z
+    - ??0CStrList@@QAE@KPAVIMemoryAllocator@@@Z
+    - ??0CSystemThread@@QAE@ABV0@@Z
+    - ??0CSystemThread@@QAE@K@Z
+    - ??0CUserFuncAdapterJob@@QAE@ABV0@@Z
+    - ??0CUserFuncAdapterJob@@QAE@P6GXPAX@Z01@Z
+    - ??0CWorkerThread@@IAE@PAVCWorkerThreadJobQueue@@@Z
+    - ??0CWorkerThread@@QAE@ABV0@@Z
+    - ??0CWorkerThreadJob@@QAE@ABV0@@Z
+    - ??0CWorkerThreadJob@@QAE@E@Z
+    - ??0CWorkerThreadJobQueue@@QAE@ABV0@@Z
+    - ??0CWorkerThreadJobQueue@@QAE@K@Z
+    - ??0CWorkerThreadPool@@QAE@ABV0@@Z
+    - ??0CWorkerThreadPool@@QAE@K@Z
+    - ??0CWorkerThreadPoolEx@@QAE@ABV0@@Z
+    - ??0CWorkerThreadPoolEx@@QAE@KK@Z
+    - ??0IMemoryAllocator@@QAE@ABV0@@Z
+    - ??0IMemoryAllocator@@QAE@XZ
+    - ??1CAutoUpdateConfigThread@@UAE@XZ
+    - ??1CBlobConfig@@UAE@XZ
+    - ??1CContext@@UAE@XZ
+    - ??1CContextList@@UAE@XZ
+    - ??1CDebugLog@@UAE@XZ
+    - ??1CDebugLogEx@@UAE@XZ
+    - ??1CDelayLoadThread@@UAE@XZ
+    - ??1CExclusionExtConfig@@UAE@XZ
+    - ??1CExclusionFileNameConfig@@UAE@XZ
+    - ??1CExclusionFilePathConfig@@UAE@XZ
+    - ??1CExclusionFolderConfig@@UAE@XZ
+    - ??1CExclusionRegistryConfig@@UAE@XZ
+    - ??1CFile@@UAE@XZ
+    - ??1CFileExtension@@UAE@XZ
+    - ??1CInclusionExtConfig@@UAE@XZ
+    - ??1CInclusionFileNameConfig@@UAE@XZ
+    - ??1CInclusionFilePathConfig@@UAE@XZ
+    - ??1CInclusionFolderConfig@@UAE@XZ
+    - ??1CKEvent@@UAE@XZ
+    - ??1CList@@UAE@XZ
+    - ??1CLockEvent@@UAE@XZ
+    - ??1CLockList@@UAE@XZ
+    - ??1CMemoryAllocator@@UAE@XZ
+    - ??1CMemoryPoolAllocator@@UAE@XZ
+    - ??1CModuleConfig@@UAE@XZ
+    - ??1CModuleConfigList@@UAE@XZ
+    - ??1CModuleFileExtConfig@@UAE@XZ
+    - ??1CModuleFlagConfig@@UAE@XZ
+    - ??1CModuleMultiStringConfig@@UAE@XZ
+    - ??1CModuleStringConfig@@UAE@XZ
+    - ??1CNoLockList@@UAE@XZ
+    - ??1CSmartLock@@QAE@XZ
+    - ??1CSmartReference@@QAE@XZ
+    - ??1CSmartResource@@QAE@XZ
+    - ??1CStrList@@UAE@XZ
+    - ??1CSystemThread@@UAE@XZ
+    - ??1CUserFuncAdapterJob@@UAE@XZ
+    - ??1CWorkerThread@@UAE@XZ
+    - ??1CWorkerThreadJob@@UAE@XZ
+    - ??1CWorkerThreadJobQueue@@UAE@XZ
+    - ??1CWorkerThreadPool@@UAE@XZ
+    - ??1CWorkerThreadPoolEx@@UAE@XZ
+    - ??1IMemoryAllocator@@UAE@XZ
+    - ??2@YAPAXIPAVIMemoryAllocator@@PBDK@Z
+    - ??2CMemoryAllocator@@SGPAXI@Z
+    - ??2CMemoryPoolAllocator@@SGPAXI@Z
+    - ??3@YAXPAX@Z
+    - ??3IMemoryAllocator@@SGXPAX@Z
+    - ??4CAutoUpdateConfigThread@@QAEAAV0@ABV0@@Z
+    - ??4CBlobConfig@@QAEAAV0@ABV0@@Z
+    - ??4CContext@@QAEAAV0@ABV0@@Z
+    - ??4CDebugLog@@QAEAAV0@ABV0@@Z
+    - ??4CDebugLogEx@@QAEAAV0@ABV0@@Z
+    - ??4CDelayLoadThread@@QAEAAV0@ABV0@@Z
+    - ??4CFile@@QAEAAV0@ABV0@@Z
+    - ??4CKEvent@@QAEAAV0@ABV0@@Z
+    - ??4CLockEvent@@QAEAAV0@ABV0@@Z
+    - ??4CMemoryAllocator@@QAEAAV0@ABV0@@Z
+    - ??4CMemoryPoolAllocator@@QAEAAV0@ABV0@@Z
+    - ??4CModuleConfig@@QAEAAV0@ABV0@@Z
+    - ??4CModuleFlagConfig@@QAEAAV0@ABV0@@Z
+    - ??4CModuleStringConfig@@QAEAAV0@ABV0@@Z
+    - ??4CSmartLock@@QAEAAV0@ABV0@@Z
+    - ??4CSmartLock@@QAEABV0@AAVCLockEvent@@@Z
+    - ??4CSmartResource@@QAEAAV0@ABV0@@Z
+    - ??4CSystemThread@@QAEAAV0@ABV0@@Z
+    - ??4CUserFuncAdapterJob@@QAEAAV0@ABV0@@Z
+    - ??4CWorkerThread@@QAEAAV0@ABV0@@Z
+    - ??4CWorkerThreadJob@@QAEAAV0@ABV0@@Z
+    - ??4IMemoryAllocator@@QAEAAV0@ABV0@@Z
+    - ??_7CAutoUpdateConfigThread@@6B@
+    - ??_7CBlobConfig@@6B@
+    - ??_7CContext@@6B@
+    - ??_7CContextList@@6B@
+    - ??_7CDebugLog@@6B@
+    - ??_7CDebugLogEx@@6B@
+    - ??_7CDelayLoadThread@@6B@
+    - ??_7CExclusionExtConfig@@6B@
+    - ??_7CExclusionFileNameConfig@@6B@
+    - ??_7CExclusionFilePathConfig@@6B@
+    - ??_7CExclusionFolderConfig@@6B@
+    - ??_7CExclusionRegistryConfig@@6B@
+    - ??_7CFile@@6B@
+    - ??_7CFileExtension@@6B@
+    - ??_7CInclusionExtConfig@@6B@
+    - ??_7CInclusionFileNameConfig@@6B@
+    - ??_7CInclusionFilePathConfig@@6B@
+    - ??_7CInclusionFolderConfig@@6B@
+    - ??_7CKEvent@@6B@
+    - ??_7CList@@6B@
+    - ??_7CLockEvent@@6B@
+    - ??_7CLockList@@6B@
+    - ??_7CMemoryAllocator@@6B@
+    - ??_7CMemoryPoolAllocator@@6B@
+    - ??_7CModuleConfig@@6B@
+    - ??_7CModuleConfigList@@6B@
+    - ??_7CModuleFileExtConfig@@6B@
+    - ??_7CModuleFlagConfig@@6B@
+    - ??_7CModuleMultiStringConfig@@6B@
+    - ??_7CModuleStringConfig@@6B@
+    - ??_7CNoLockList@@6B@
+    - ??_7CStrList@@6B@
+    - ??_7CSystemThread@@6B@
+    - ??_7CUserFuncAdapterJob@@6B@
+    - ??_7CWorkerThread@@6B@
+    - ??_7CWorkerThreadJob@@6B@
+    - ??_7CWorkerThreadJobQueue@@6B@
+    - ??_7CWorkerThreadPool@@6B@
+    - ??_7CWorkerThreadPoolEx@@6B@
+    - ??_7IMemoryAllocator@@6B@
+    - ??_FCContextList@@QAEXXZ
+    - ??_FCFile@@QAEXXZ
+    - ??_FCFileExtension@@QAEXXZ
+    - ??_FCModuleConfigList@@QAEXXZ
+    - ??_FCStrList@@QAEXXZ
+    - ??_FCSystemThread@@QAEXXZ
+    - ??_FCWorkerThread@@QAEXXZ
+    - ??_FCWorkerThreadJob@@QAEXXZ
+    - ??_FCWorkerThreadJobQueue@@QAEXXZ
+    - ??_U@YAPAXIPAVIMemoryAllocator@@PBDK@Z
+    - ??_V@YAXPAX@Z
+    - ?Acquire@CLockEvent@@QAEXXZ
+    - ?Add@CContextList@@QAEEPAVCContext@@@Z
+    - ?Add@CFileExtension@@QAEEPBGK@Z
+    - ?Add@CModuleConfigList@@QAEEPAVCModuleConfig@@@Z
+    - ?Add@CStrList@@QAEEPBG@Z
+    - ?AddNode@CLockList@@UAEEQAXE@Z
+    - ?AddNode@CNoLockList@@UAEEQAXE@Z
+    - ?Alloc@CMemoryAllocator@@UAEPAXKPBDK@Z
+    - ?Alloc@CMemoryPoolAllocator@@UAEPAXKPBDK@Z
+    - ?AllocBlock@CMemoryPoolAllocator@@IAEPAXK@Z
+    - ?AttachJobQueue@CWorkerThread@@QAEXPAVCWorkerThreadJobQueue@@@Z
+    - ?Cancel@CWorkerThreadJob@@QAEXXZ
+    - ?CheckNode@CLockList@@UAEHQAX@Z
+    - ?CheckNode@CNoLockList@@UAEHQAX@Z
+    - ?CleanQueue@CWorkerThreadJobQueue@@QAEXXZ
+    - ?Cleanup@CBlobConfig@@AAEXXZ
+    - ?Cleanup@CModuleFileExtConfig@@IAEXXZ
+    - ?Cleanup@CModuleMultiStringConfig@@IAEXXZ
+    - ?Cleanup@CModuleStringConfig@@AAEXXZ
+    - ?Close@CFile@@QAEJXZ
+    - ?Count@CLockList@@QAEKXZ
+    - ?Count@CNoLockList@@QAEKXZ
+    - ?Create@CFile@@QAEJPBGKKKK@Z
+    - ?Create@CSystemThread@@QAEEXZ
+    - ?CreateInstance@CMemoryAllocator@@SGPAV1@W4_POOL_TYPE@@K@Z
+    - ?CreateInstance@CMemoryPoolAllocator@@SGPAV1@W4_POOL_TYPE@@KKK@Z
+    - ?CreatePool@CWorkerThreadPool@@QAEEXZ
+    - ?CreatePool@CWorkerThreadPoolEx@@QAEEXZ
+    - ?CreateThreads@CWorkerThreadPool@@QAEEK@Z
+    - ?CreateThreads@CWorkerThreadPoolEx@@QAEEK@Z
+    - ?CreateWIRP@CFile@@QAEJPBGKKKK@Z
+    - ?Delete@CFile@@QAEJXZ
+    - ?Delete@CFileExtension@@QAEEPBGK@Z
+    - ?Delete@CStrList@@QAEEPBG@Z
+    - ?DeleteAll@CList@@UAEXXZ
+    - ?DeleteAll@CLockList@@UAEXXZ
+    - ?DeleteAll@CNoLockList@@UAEXXZ
+    - ?DeleteNode@CContextList@@MAEXPAX@Z
+    - ?DeleteNode@CList@@UAEXPAX@Z
+    - ?DeleteNode@CModuleConfigList@@MAEXPAX@Z
+    - ?DeleteNode@CStrList@@EAEXPAU_STR_LIST_NODE@1@@Z
+    - ?DisableWriteProtectFromCR0@@YGXPAPAX@Z
+    - ?DoIt@CWorkerThreadJob@@QAEJXZ
+    - ?EntryPoint@CSystemThread@@KGXPAX@Z
+    - ?Find@CContextList@@QAEPAVCContext@@K@Z
+    - ?Find@CContextList@@QAEPAVCContext@@PAX@Z
+    - ?Find@CFileExtension@@QAEPAU_STR_LIST_NODE@CStrList@@PBGK@Z
+    - ?Find@CModuleConfigList@@QAEPAVCModuleConfig@@K@Z
+    - ?Find@CStrList@@QAEPAU_STR_LIST_NODE@1@PBG@Z
+    - ?FindNode@CContextList@@IAEPAXPAX@Z
+    - ?FindPartiallyAndAllMatch@CStrList@@QAEPAU_STR_LIST_NODE@1@PBG@Z
+    - ?FinishFunction@CUserFuncAdapterJob@@MAEXXZ
+    - ?FinishIt@CWorkerThreadJob@@QAEJXZ
+    - ?First@CList@@UAEPAXXZ
+    - ?First@CLockList@@UAEPAXXZ
+    - ?First@CNoLockList@@UAEPAXXZ
+    - ?Free@CMemoryAllocator@@UAEXPAX@Z
+    - ?Free@CMemoryPoolAllocator@@UAEXPAX@Z
+    - ?GetAttributes@CFile@@QAEKXZ
+    - ?GetBasicInfomration@CFile@@IAEJXZ
+    - ?GetBlobCofig@CContext@@UAEJKPAXPAK@Z
+    - ?GetCategory@CContext@@QAEKXZ
+    - ?GetData@CBlobConfig@@QAEHPAXPAK@Z
+    - ?GetData@CModuleFileExtConfig@@QAEHPAGPAK@Z
+    - ?GetData@CModuleFileExtConfig@@QAEPAVCFileExtension@@XZ
+    - ?GetData@CModuleFlagConfig@@QAEKXZ
+    - ?GetData@CModuleMultiStringConfig@@QAEHPAGPAK@Z
+    - ?GetData@CModuleMultiStringConfig@@QAEPAVCStrList@@XZ
+    - ?GetData@CModuleStringConfig@@QAEPAGXZ
+    - ?GetData@CStrList@@QAEEPAGPAK@Z
+    - ?GetDataType@CModuleConfig@@QAEKXZ
+    - ?GetEngineContext@CContext@@QAEPAXXZ
+    - ?GetFileExtensionConfig@CContext@@QAEPAVCFileExtension@@K@Z
+    - ?GetFileExtensionConfig@CContext@@UAEJKPAGPAK@Z
+    - ?GetFileSize@CFile@@QAEJPAT_LARGE_INTEGER@@@Z
+    - ?GetFileSizeWIRP@CFile@@QAEJPAT_LARGE_INTEGER@@@Z
+    - ?GetFlagConfig@CContext@@UAEJKPAK@Z
+    - ?GetID@CModuleConfig@@QAEKXZ
+    - ?GetJob@CWorkerThreadJobQueue@@QAEPAVCWorkerThreadJob@@XZ
+    - ?GetLength@CModuleStringConfig@@QAEKXZ
+    - ?GetLinkContext@CContext@@QAEPAXXZ
+    - ?GetLogFlag@CDebugLog@@QAEKXZ
+    - ?GetLogFlag@CDebugLogEx@@QAEKXZ
+    - ?GetModuleId@CModuleConfig@@QAEKXZ
+    - ?GetMultiStringConfig@CContext@@QAEPAVCStrList@@K@Z
+    - ?GetMultiStringConfig@CContext@@UAEJKPAGPAK@Z
+    - ?GetOneThreadTEB@CWorkerThreadPool@@QAEPAU_ETHREAD@@XZ
+    - ?GetOneThreadTEB@CWorkerThreadPool@@QAEPAU_KTHREAD@@XZ
+    - ?GetOneThreadTEB@CWorkerThreadPoolEx@@QAEPAU_ETHREAD@@XZ
+    - ?GetOneThreadTEB@CWorkerThreadPoolEx@@QAEPAU_KTHREAD@@XZ
+    - ?GetReportCallBackRoutine@CContext@@QAEKXZ
+    - ?GetSize@CBlobConfig@@QAEKXZ
+    - ?GetStringConfig@CContext@@QAEPAGK@Z
+    - ?GetStringConfig@CContext@@UAEJKPAGPAK@Z
+    - ?GetThreadCount@CWorkerThreadPool@@QAEKXZ
+    - ?GetThreadCount@CWorkerThreadPoolEx@@QAEKXZ
+    - ?GetThreadID@CSystemThread@@QAEKXZ
+    - ?GetType@CContext@@QAEKXZ
+    - ?GetUserParameter@CContext@@QAEKXZ
+    - ?InitProcMon@CDebugLogEx@@IAEXXZ
+    - ?InitializeBlobConfig@CContext@@QAEHKPAXK@Z
+    - ?InitializeFileExtensionConfig@CContext@@QAEHKPBG@Z
+    - ?InitializeFlagConfig@CContext@@QAEHKK@Z
+    - ?InitializeMultiStringConfig@CContext@@QAEHKPBG@Z
+    - ?InitializeStringConfig@CContext@@QAEHKPBG@Z
+    - ?Insert@CList@@UAEXQAXE@Z
+    - ?Insert@CLockList@@UAEXQAXE@Z
+    - ?Insert@CNoLockList@@UAEXQAXE@Z
+    - ?InsertAfter@CList@@UAEXPAX0@Z
+    - ?InsertBefore@CList@@UAEXPAX0@Z
+    - ?Instance@CWorkerThreadPool@@SGPAV1@XZ
+    - ?IsEmpty@CList@@UAEEXZ
+    - ?IsEmpty@CLockList@@UAEEXZ
+    - ?IsEmpty@CNoLockList@@UAEEXZ
+    - ?IsExceedLimitation@CMemoryPoolAllocator@@IAEEK@Z
+    - ?IsFull@CLockList@@QBEEXZ
+    - ?IsFull@CNoLockList@@QBEEXZ
+    - ?IsInExclusionList@CExclusionExtConfig@@QAEEPBG@Z
+    - ?IsInExclusionList@CExclusionFileNameConfig@@QAEEPBG@Z
+    - ?IsInExclusionList@CExclusionFilePathConfig@@QAEEPBG@Z
+    - ?IsInExclusionList@CExclusionFolderConfig@@QAEEPBG@Z
+    - ?IsInExclusionList@CExclusionRegistryConfig@@QAEEPBG@Z
+    - ?IsInInclusionList@CInclusionExtConfig@@QAEEPBG@Z
+    - ?IsInInclusionList@CInclusionFileNameConfig@@QAEEPBG@Z
+    - ?IsInInclusionList@CInclusionFilePathConfig@@QAEEPBG@Z
+    - ?IsInInclusionList@CInclusionFolderConfig@@QAEEPBG@Z
+    - ?IsOpened@CFile@@QAEEXZ
+    - ?IsTerminated@CWorkerThreadPool@@QAEEXZ
+    - ?IsTerminated@CWorkerThreadPoolEx@@QAEEXZ
+    - ?IsValid@CMemoryAllocator@@UAEEXZ
+    - ?IsValid@CMemoryPoolAllocator@@UAEEXZ
+    - ?IsValid@IMemoryAllocator@@UAEEXZ
+    - ?IsWorkerThread@CWorkerThreadPool@@QAEEK@Z
+    - ?IsWorkerThread@CWorkerThreadPoolEx@@QAEEK@Z
+    - ?JobFunction@CUserFuncAdapterJob@@MAEXXZ
+    - ?JobQueue@CWorkerThreadPool@@QAEAAVCWorkerThreadJobQueue@@XZ
+    - ?JobQueue@CWorkerThreadPoolEx@@QAEAAVCWorkerThreadJobQueue@@XZ
+    - ?Limit@CLockList@@QAEKXZ
+    - ?Limit@CNoLockList@@QAEKXZ
+    - ?MatchAllExtensions@CFileExtension@@QAEEXZ
+    - ?MatchNoExtensions@CFileExtension@@QAEEXZ
+    - ?MergeLeft@CMemoryPoolAllocator@@IAEPAXPAX@Z
+    - ?MergeRight@CMemoryPoolAllocator@@IAEPAXPAX@Z
+    - ?NeedDelete@CWorkerThreadJob@@QAEEXZ
+    - ?NeedDeleteWhenFinish@CWorkerThreadJob@@QAEXE@Z
+    - ?NewNode@CList@@UAEPAXXZ
+    - ?NewNode@CStrList@@EAEPAXXZ
+    - ?NewNodeVariant@CList@@IAEPAXK@Z
+    - ?Next@CList@@UBEPAXQAX@Z
+    - ?Next@CLockList@@UBEPAXQAX@Z
+    - ?Next@CNoLockList@@UBEPAXQAX@Z
+    - ?NextPool@CMemoryPoolAllocator@@QAEPAV1@XZ
+    - ?NotityTerminate@CWorkerThread@@QAEXXZ
+    - ?PostJobToWorkerThread@CWorkerThreadPool@@QAEJP6GXPAX@Z0E@Z
+    - ?PostJobToWorkerThread@CWorkerThreadPoolEx@@QAEJP6GXPAX@Z0E1@Z
+    - ?Pulse@CKEvent@@QAEJJE@Z
+    - ?QueueJob@CWorkerThreadJobQueue@@QAEEPAVCWorkerThreadJob@@@Z
+    - ?QueueJobItem@CWorkerThreadPool@@QAEJPAVCWorkerThreadJob@@@Z
+    - ?QueueJobItem@CWorkerThreadPoolEx@@QAEJPAVCWorkerThreadJob@@@Z
+    - ?RCMInstance@CWorkerThreadPool@@SGPAV1@XZ
+    - ?Read@CFile@@QAEJPADKPAK@Z
+    - ?ReadWIRP@CFile@@QAEJPADKPAK@Z
+    - ?ReferenceCount@CContext@@QAEAAKXZ
+    - ?Release@CLockEvent@@QAEXXZ
+    - ?Remove@CContextList@@UAEEQAX@Z
+    - ?Remove@CList@@UAEEQAX@Z
+    - ?Remove@CLockList@@UAEEQAX@Z
+    - ?Remove@CNoLockList@@UAEEQAX@Z
+    - ?RemoveHead@CList@@UAEPAXXZ
+    - ?RemoveHead@CLockList@@UAEPAXXZ
+    - ?RemoveHead@CNoLockList@@UAEPAXXZ
+    - ?RemoveTail@CList@@UAEPAXXZ
+    - ?RemoveTail@CLockList@@UAEPAXXZ
+    - ?RemoveTail@CNoLockList@@UAEPAXXZ
+    - ?Reset@CKEvent@@QAEXXZ
+    - ?ResetData@CInclusionExtConfig@@QAEXXZ
+    - ?ResetData@CInclusionFileNameConfig@@QAEXXZ
+    - ?ResetData@CInclusionFilePathConfig@@QAEXXZ
+    - ?ResetData@CInclusionFolderConfig@@QAEXXZ
+    - ?RestoreCR0@@YGXPAX@Z
+    - ?Run@CAutoUpdateConfigThread@@UAEXXZ
+    - ?Run@CDelayLoadThread@@UAEXXZ
+    - ?Run@CWorkerThread@@UAEXXZ
+    - ?SeekToEnd@CFile@@QAEJXZ
+    - ?Set@CKEvent@@QAEJJE@Z
+    - ?SetAttributes@CFile@@QAEJK@Z
+    - ?SetBlobCofig@CContext@@UAEJKPAXK@Z
+    - ?SetData@CBlobConfig@@QAEHPAXK@Z
+    - ?SetData@CModuleFileExtConfig@@QAEHPBG@Z
+    - ?SetData@CModuleFlagConfig@@QAEHK@Z
+    - ?SetData@CModuleMultiStringConfig@@QAEHPBGK@Z
+    - ?SetData@CModuleStringConfig@@QAEHPBG@Z
+    - ?SetEngineContext@CContext@@QAEXPAX@Z
+    - ?SetFileExtensionConfig@CContext@@UAEJKPBG@Z
+    - ?SetFlagConfig@CContext@@UAEJKK@Z
+    - ?SetLinkContext@CContext@@QAEXPAX@Z
+    - ?SetLogFlag@CDebugLog@@QAEEK@Z
+    - ?SetLogFlag@CDebugLogEx@@QAEEK@Z
+    - ?SetMatchAllExtensions@CFileExtension@@QAEXE@Z
+    - ?SetMatchNoExtensions@CFileExtension@@QAEXE@Z
+    - ?SetMultiStringConfig@CContext@@UAEJKPBG@Z
+    - ?SetNewJobItemEvent@CWorkerThreadJobQueue@@QAEXXZ
+    - ?SetPriority@CSystemThread@@QAEXK@Z
+    - ?SetStopUse@CContext@@QAEXXZ
+    - ?SetStringConfig@CContext@@UAEJKPBG@Z
+    - ?Setup@CSystemThread@@MAEXXZ
+    - ?StopUse@CContext@@QAEHXZ
+    - ?TearDown@CSystemThread@@MAEXXZ
+    - ?Terminate@CSystemThread@@QAEXE@Z
+    - ?Terminate@CWorkerThreadPool@@QAEEXZ
+    - ?Terminate@CWorkerThreadPoolEx@@QAEEXZ
+    - ?TmExceptionFilter@@YGJPAU_EXCEPTION_POINTERS@@@Z
+    - ?Wait@CKEvent@@QAEJPAT_LARGE_INTEGER@@E@Z
+    - ?WaitFinish@CWorkerThreadJob@@QAEXXZ
+    - ?WaitForInit@CDelayLoadThread@@QAEEXZ
+    - ?WaitForLoad@CDelayLoadThread@@QAEEXZ
+    - ?WaitNewJobAvailable@CWorkerThreadJobQueue@@QAEEXZ
+    - ?WaitQueueEmpty@CWorkerThreadJobQueue@@QAEXXZ
+    - ?Write@CDebugLog@@QAAXPBDZZ
+    - ?Write@CDebugLogEx@@QAAXPBDZZ
+    - ?Write@CFile@@QAEJPADKPAT_LARGE_INTEGER@@PAK@Z
+    - ?WriteDataToFile@CDebugLogEx@@IAEXPADK@Z
+    - ?WriteDataToProcMonW@CDebugLogEx@@IAEXPAD@Z
+    - ?WriteSystemInformation@CDebugLog@@QAEXXZ
+    - ?WriteSystemInformation@CDebugLogEx@@QAEXXZ
+    - ?WriteSystemStringInformation@CDebugLog@@IAEXPBG@Z
+    - ?WriteSystemStringInformation@CDebugLogEx@@IAEXPBG@Z
+    - ?WriteToFile@CDebugLog@@IAEXPADK@Z
+    - ?WriteToProcMonW@CDebugLogEx@@IAEXPAU_UNICODE_STRING@@@Z
+    - ?_pNonPagedAllocator@@3PAVCMemoryAllocator@@A
+    - ?_pPagedAllocator@@3PAVCMemoryAllocator@@A
+    - ?m_lpInstance@CWorkerThreadPool@@1PAV1@A
+    - ?m_lpRCMInstance@CWorkerThreadPool@@1PAV1@A
+    - _DeInitKm2UmCommunication@0
+    - _DeInitKmLPC@0
+    - _DuplicateFullFileName@4
+    - _FreeFullFileName@4
+    - _GetFileVersionOfNtoskrnl@16
+    - _GetKm2UmMode@0
+    - _GetModuleInfoByAddress@8
+    - _GetModuleInfoByModuleName@8
+    - _InitKm2UmCommunication@8
+    - _InitKmLPC@0
+    - _IsWindows8_1_update@4
+    - _KmCallUm@8
+    - _KmCallUmByLPC@8
+    - _KmCallUmEx@12
+    - _KmCleanupCommPortAPIs@0
+    - _KmGetUmInitProcess@0
+    - _KmSetCommPortAPIs@4
+    - _ModGetExportProcAddress@8
+    - _ModLoadDLLToBuffer@4
+    - _ModLoadDLLToBufferWithImageSize@8
+    - _ModLoadModule@8
+    - _ModUnLoadModule@4
+    - _NormalizeFileName@4
+    - _NormalizeFullNtPathToDosName@4
+    - _TmCommConfigRoutine@4
+    - _UtilAddDeviceInDriveTable@4
+    - _UtilAddReparsePointMapping@8
+    - _UtilCleanFileReadOnly@4
+    - _UtilCloseExclusiveHandle@12
+    - _UtilCreateDosFileName@8
+    - _UtilDeleteFileForce@4
+    - _UtilGetDeviceObjectName@8
+    - _UtilGetFileNameFromFileObject@4
+    - _UtilGetFileObjectForProcessByEPROC@8
+    - _UtilGetFileObjectFromFileName@12
+    - _UtilGetProcessName@12
+    - _UtilGetSystemDirectory@4
+    - _UtilGetSystemDirectoryEx@0
+    - _UtilGetSystemDirectoryLength@0
+    - _UtilGetSystemTime@4
+    - _UtilIoSetFileInfo@24
+    - _UtilIopCreateFileIRP@40
+    - _UtilKeGetLowFileDevice@16
+    - _UtilModuleIATHook@24
+    - _UtilModuleIATUnHook@8
+    - _UtilPostJobToWorkerThread@12
+    - _UtilQueryExclusiveHandle@12
+    - _UtilQueryKeyValue@24
+    - _UtilRemoveDeviceFromDriveTable@4
+    - _UtilVolumeDeviceToDosName@8
+    - _UtilWaitValueChangeToZero@8
+    - _UtilWriteVersionToRegistry@8
+    - _UtilbuildDynamicDiskMappingTable@0
+    - _UtlWriteBinValueKeyToRegistry@16
+    - _ValidateAddressWithSize@20
+    - __ResetProtectFromClose@4
+    - __UtilDosPathNameToNtPathName@12
+    ImportedFunctions:
+    - KePulseEvent
+    - KeClearEvent
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - ObfDereferenceObject
+    - ZwSetEvent
+    - ZwClose
+    - ZwConnectPort
+    - RtlInitUnicodeString
+    - RtlUnicodeStringToInteger
+    - ZwCreateSection
+    - ZwWaitForSingleObject
+    - ZwOpenEvent
+    - IoGetCurrentProcess
+    - ObfReferenceObject
+    - DbgBreakPoint
+    - ZwRequestWaitReplyPort
+    - ExFreePoolWithTag
+    - ProbeForWrite
+    - ZwFreeVirtualMemory
+    - ZwAllocateVirtualMemory
+    - ObOpenObjectByPointer
+    - PsProcessType
+    - memmove
+    - PsGetProcessExitTime
+    - MmSectionObjectType
+    - PsThreadType
+    - MmGetSystemRoutineAddress
+    - ObReleaseObjectSecurity
+    - SeReleaseSubjectContext
+    - SeAccessCheck
+    - SeCaptureSubjectContext
+    - ObGetObjectSecurity
+    - DbgPrint
+    - memset
+    - MmIsAddressValid
+    - ExInitializeResourceLite
+    - ExDeleteResourceLite
+    - ZwWriteFile
+    - ZwReadFile
+    - ZwQueryInformationFile
+    - ZwSetInformationFile
+    - ZwCreateFile
+    - swprintf
+    - towupper
+    - _wcsnicmp
+    - ExAllocatePoolWithTag
+    - KeInitializeEvent
+    - _snprintf
+    - PsGetCurrentProcessId
+    - RtlTimeToTimeFields
+    - ExSystemTimeToLocalTime
+    - KeQuerySystemTime
+    - PsGetCurrentThreadId
+    - RtlInitAnsiString
+    - ZwDeviceIoControlFile
+    - ZwCreateKey
+    - ZwCreateEvent
+    - KeWaitForMultipleObjects
+    - ObReferenceObjectByHandle
+    - ZwNotifyChangeKey
+    - _vsnprintf
+    - RtlFreeUnicodeString
+    - RtlAnsiStringToUnicodeString
+    - RtlEqualUnicodeString
+    - RtlAppendUnicodeStringToString
+    - RtlCopyUnicodeString
+    - RtlUpcaseUnicodeChar
+    - ExGetPreviousMode
+    - KeWaitForSingleObject
+    - KeSetPriorityThread
+    - PsTerminateSystemThread
+    - PsCreateSystemThread
+    - KeDelayExecutionThread
+    - KeNumberProcessors
+    - ZwQueryInformationProcess
+    - PsLookupProcessByProcessId
+    - ZwOpenDirectoryObject
+    - PsSetCreateProcessNotifyRoutine
+    - ZwQuerySystemInformation
+    - ZwQueryDirectoryFile
+    - ZwQueryDirectoryObject
+    - ZwDuplicateObject
+    - ZwOpenKey
+    - ZwEnumerateKey
+    - ZwEnumerateValueKey
+    - ZwQueryValueKey
+    - ZwDeleteValueKey
+    - ZwDeleteKey
+    - ZwTerminateProcess
+    - ZwOpenProcess
+    - ZwQueryKey
+    - ZwSetValueKey
+    - IoFileObjectType
+    - KeSetEvent
+    - ZwQuerySecurityObject
+    - ZwSetSecurityObject
+    - RtlLengthSecurityDescriptor
+    - MmHighestUserAddress
+    - IoFreeIrp
+    - _purecall
+    - MmUnlockPages
+    - IoBuildAsynchronousFsdRequest
+    - _strnicmp
+    - RtlQueryRegistryValues
+    - RtlAppendUnicodeToString
+    - mbstowcs
+    - ZwQuerySymbolicLinkObject
+    - ZwOpenSymbolicLinkObject
+    - NtClose
+    - ObQueryNameString
+    - ZwSetInformationObject
+    - _stricmp
+    - ZwUnmapViewOfSection
+    - ZwMapViewOfSection
+    - ZwOpenFile
+    - IoCreateFile
+    - IofCallDriver
+    - IoAllocateIrp
+    - MmBuildMdlForNonPagedPool
+    - IoAllocateMdl
+    - ProbeForRead
+    - PsGetVersion
+    - RtlImageNtHeader
+    - RtlCompareMemory
+    - RtlUpcaseUnicodeString
+    - _snwprintf
+    - MmSystemRangeStart
+    - wcsncmp
+    - RtlCompareUnicodeString
+    - strrchr
+    - ZwQueryVolumeInformationFile
+    - ObReferenceObjectByPointer
+    - IoBuildDeviceIoControlRequest
+    - ZwOpenSection
+    - _allmul
+    - KeReleaseSemaphore
+    - RtlLengthRequiredSid
+    - RtlInitializeSid
+    - RtlSubAuthoritySid
+    - RtlSetDaclSecurityDescriptor
+    - RtlCreateSecurityDescriptor
+    - RtlAddAccessAllowedAce
+    - RtlCreateAcl
+    - KeInitializeSemaphore
+    - IoGetDeviceObjectPointer
+    - IofCompleteRequest
+    - ExEventObjectType
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - IoCreateSymbolicLink
+    - RtlUpperChar
+    - ObReferenceObjectByName
+    - IoDriverObjectType
+    - strncpy
+    - KeServiceDescriptorTable
+    - NtOpenProcess
+    - ObOpenObjectByName
+    - NtQueryInformationProcess
+    - PsIsThreadTerminating
+    - KeAddSystemServiceTable
+    - ZwQueryObject
+    - ZwFsControlFile
+    - ObInsertObject
+    - IoReleaseVpbSpinLock
+    - IoAcquireVpbSpinLock
+    - SeCreateAccessState
+    - IoGetFileObjectGenericMapping
+    - ObCreateObject
+    - _allshr
+    - ExInterlockedPopEntrySList
+    - IoGetStackLimits
+    - IoBuildSynchronousFsdRequest
+    - wcsstr
+    - IoUnregisterPlugPlayNotification
+    - FsRtlIsNameInExpression
+    - IoGetConfigurationInformation
+    - MmProbeAndLockPages
+    - IoGetDeviceInterfaces
+    - IoRegisterPlugPlayNotification
+    - ExAllocatePool
+    - wcschr
+    - KeTickCount
+    - KeBugCheckEx
+    - RtlUnwind
+    - wcsrchr
+    - memcpy
+    - wcsncpy
+    - ExReleaseResourceLite
+    - ExAcquireResourceExclusiveLite
+    - ExAcquireResourceSharedLite
+    - ExReleaseFastMutexUnsafe
+    - KeLeaveCriticalRegion
+    - KeEnterCriticalRegion
+    - _allrem
+    - ExAcquireFastMutexUnsafe
+    - IoDeviceObjectType
+    - IoCreateDevice
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetSaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - SeExports
+    - IoIsWdmVersionAvailable
+    - RtlLengthSid
+    - RtlAbsoluteToSelfRelativeSD
+    - IoFreeMdl
+    - KeGetCurrentThread
+    - KfAcquireSpinLock
+    - KfReleaseSpinLock
+    - KeRaiseIrqlToDpcLevel
+    - KfLowerIrql
+    - KeAcquireQueuedSpinLock
+    - KeReleaseQueuedSpinLock
+    - ExAcquireFastMutex
+    - ExReleaseFastMutex
+    - KeGetCurrentIrql
+    - KfRaiseIrql
+    - ClassInitialize
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=TW, L=Taipei, O=Trend Micro, Inc., OU=Taipei, TW, CN=Trend
+                Micro, Inc.
+            ValidFrom: '2019-07-12 00:00:00'
+            ValidTo: '2020-07-10 12:00:00'
+            Signature: 5c08ae5d586a4751195382d6889dc2fc500e7c39c641e1a58def8d923e12b754e2cc35720cc8d3d29382980debf7d98fcc17d764187126dd07c134fdbb96dd44fe8a40195df6f6acd1881fa5ba2921dadceb3f64422344672834813916bbdf317533cf6aaf3317d78197d7d6c560ad681de135f39e2d4ad345b7fe491162660a5462c6075fd725382df1e6e6bc3a4c443be778f79b07f181082e38150ca28ab932f99e4bc4185dc5b3b6edf22c187fdfd84e23a21e7da1989837f43b89aa172e6b34dbcb297bffd511a1d1c100b25e0e921f622a0845e23317f9fec83659ca21c241800683e0dd66ce4d042a8aefc4142b5923a6fa93ee72c48e8dc04c13b4b0
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ea0fe4dfb74cc64bc32143103c27c8b
+            Version: 3
+            TBS:
+                MD5: e93e004baa6013b41135ac0648e29d5b
+                SHA1: dc91e26674d4b627319c700d3ebb1a6cf83d358e
+                SHA256: 0d20335edb166a303411548471bee6f301c8b4f7f7e453d09c15303de2c888d7
+                SHA384: 5e0130ee64e28e6366fcf0ca8a126b3f7e06eec60b8a46ac90dbfa858aac8f0c1a9cce248a606fdf9a98eae98dd5d887
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
+            Version: 3
+            TBS:
+                MD5: 829995f702421dea833a24fb2c7f4442
+                SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
+                SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
+                SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 0ea0fe4dfb74cc64bc32143103c27c8b
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 8ae6b3a63d3444e617eba17c3a93979e
+        SHA1: 3cc95db9109125c87a3cb737bbe371034d9c3ade
+        SHA256: 118d8d8e4d2d1ce80640e7b28300dd41389daf9bdbdc6ad2e9fefcde4aab7ad2
+    Sections:
+        .text:
+            Entropy: 6.674077726621015
+            Virtual Size: '0x355ca'
+        .rdata:
+            Entropy: 4.891820584938996
+            Virtual Size: '0x23dc'
+        .data:
+            Entropy: 3.899869327051466
+            Virtual Size: '0x35f8'
+        PAGE:
+            Entropy: 6.276023697743035
+            Virtual Size: '0x13dd'
+        .edata:
+            Entropy: 5.839764121834591
+            Virtual Size: '0x55d9'
+        INIT:
+            Entropy: 5.540833069832532
+            Virtual Size: '0x1676'
+        .rsrc:
+            Entropy: 3.368081864049287
+            Virtual Size: '0x568'
+        .reloc:
+            Entropy: 6.521676719817061
+            Virtual Size: '0x3704'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2020-06-28 23:59:05'
+    Imphash: 74cc5d779ee7dbc9f389bab9dcccac50
+    LoadsDespiteHVCI: 'TRUE'
+-   Filename: TmComm.sys
+    MD5: c42caa9cdcc50c01cb2fed985a03fe23
+    SHA1: b3c111d7192cfa8824e5c9b7c0660c37978025d6
+    SHA256: c9014b03866bf37faa8fdb16b6af7cfec976aaef179fd5797d0c0bf8079d3a8c
+    Authentihash:
+        MD5: eee43fab6af4ff34b0c35892e7765798
+        SHA1: a8baa1f52375ab24150d0cba4c62a4b0f5080ef4
+        SHA256: 81c301c77dbfff44567165139e9a5ee3af2aee838298451c7075dc6e1aae489f
+    Description: TrendMicro Common Module
+    Company: Trend Micro Inc.
+    InternalName: TmComm.sys
+    OriginalFilename: TmComm.sys
+    FileVersion: 2.0.0.1118
+    Product: AEGIS
+    ProductVersion: '2.0'
+    Copyright: Copyright (C) 2005-2007 Trend Micro Incorporated. All rights reserved.
+    MachineType: I386
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions:
+    - ??0CAutoUpdateConfigThread@@QAE@ABV0@@Z
+    - ??0CAutoUpdateConfigThread@@QAE@PAU_UNICODE_STRING@@P6GX0PAX@Z1@Z
+    - ??0CBlobConfig@@QAE@ABV0@@Z
+    - ??0CBlobConfig@@QAE@K@Z
+    - ??0CContext@@QAE@ABV0@@Z
+    - ??0CContext@@QAE@KP6GJPAU_EVENT_REPORT@@PAXPAU_TMCE_REPORT@@PAU_TMCE_FEEDBACK@@@Z1K@Z
+    - ??0CContextList@@QAE@ABV0@@Z
+    - ??0CContextList@@QAE@KPAVIMemoryAllocator@@@Z
+    - ??0CDebugLog@@QAE@ABV0@@Z
+    - ??0CDebugLog@@QAE@PBG@Z
+    - ??0CExclusionExtConfig@@QAE@ABV0@@Z
+    - ??0CExclusionExtConfig@@QAE@KKE@Z
+    - ??0CExclusionFileNameConfig@@QAE@ABV0@@Z
+    - ??0CExclusionFileNameConfig@@QAE@KK@Z
+    - ??0CExclusionFilePathConfig@@QAE@ABV0@@Z
+    - ??0CExclusionFilePathConfig@@QAE@KK@Z
+    - ??0CExclusionFolderConfig@@QAE@ABV0@@Z
+    - ??0CExclusionFolderConfig@@QAE@KK@Z
+    - ??0CExclusionRegistryConfig@@QAE@ABV0@@Z
+    - ??0CExclusionRegistryConfig@@QAE@KK@Z
+    - ??0CFile@@QAE@ABV0@@Z
+    - ??0CFile@@QAE@E@Z
+    - ??0CFileExtension@@QAE@ABV0@@Z
+    - ??0CFileExtension@@QAE@KEEPAVIMemoryAllocator@@@Z
+    - ??0CKEvent@@QAE@ABV0@@Z
+    - ??0CKEvent@@QAE@W4_EVENT_TYPE@@E@Z
+    - ??0CList@@QAE@ABV0@@Z
+    - ??0CList@@QAE@KPAVIMemoryAllocator@@@Z
+    - ??0CLockEvent@@QAE@ABV0@@Z
+    - ??0CLockEvent@@QAE@XZ
+    - ??0CLockList@@QAE@ABV0@@Z
+    - ??0CLockList@@QAE@KKPAVIMemoryAllocator@@@Z
+    - ??0CMemoryAllocator@@IAE@W4_POOL_TYPE@@K@Z
+    - ??0CMemoryAllocator@@QAE@ABV0@@Z
+    - ??0CMemoryPoolAllocator@@IAE@W4_POOL_TYPE@@KKK@Z
+    - ??0CMemoryPoolAllocator@@QAE@ABV0@@Z
+    - ??0CModuleConfig@@QAE@ABV0@@Z
+    - ??0CModuleConfig@@QAE@XZ
+    - ??0CModuleConfigList@@QAE@ABV0@@Z
+    - ??0CModuleConfigList@@QAE@KPAVIMemoryAllocator@@@Z
+    - ??0CModuleFileExtConfig@@QAE@ABV0@@Z
+    - ??0CModuleFileExtConfig@@QAE@KKE@Z
+    - ??0CModuleFlagConfig@@QAE@ABV0@@Z
+    - ??0CModuleFlagConfig@@QAE@K@Z
+    - ??0CModuleMultiStringConfig@@QAE@ABV0@@Z
+    - ??0CModuleMultiStringConfig@@QAE@KK@Z
+    - ??0CModuleStringConfig@@QAE@ABV0@@Z
+    - ??0CModuleStringConfig@@QAE@K@Z
+    - ??0CSmartLock@@QAE@AAVCLockEvent@@@Z
+    - ??0CSmartLock@@QAE@XZ
+    - ??0CSmartReference@@QAE@AAJ@Z
+    - ??0CSmartReference@@QAE@AAK@Z
+    - ??0CStrList@@QAE@ABV0@@Z
+    - ??0CStrList@@QAE@KPAVIMemoryAllocator@@@Z
+    - ??0CSystemThread@@QAE@ABV0@@Z
+    - ??0CSystemThread@@QAE@K@Z
+    - ??0CUserFuncAdapterJob@@QAE@ABV0@@Z
+    - ??0CUserFuncAdapterJob@@QAE@P6GXPAX@Z0@Z
+    - ??0CWorkerThread@@IAE@PAVCWorkerThreadJobQueue@@@Z
+    - ??0CWorkerThread@@QAE@ABV0@@Z
+    - ??0CWorkerThreadJob@@QAE@ABV0@@Z
+    - ??0CWorkerThreadJob@@QAE@E@Z
+    - ??0CWorkerThreadJobQueue@@QAE@ABV0@@Z
+    - ??0CWorkerThreadJobQueue@@QAE@K@Z
+    - ??0CWorkerThreadPool@@QAE@ABV0@@Z
+    - ??0CWorkerThreadPool@@QAE@K@Z
+    - ??0IMemoryAllocator@@QAE@ABV0@@Z
+    - ??0IMemoryAllocator@@QAE@XZ
+    - ??1CAutoUpdateConfigThread@@UAE@XZ
+    - ??1CBlobConfig@@UAE@XZ
+    - ??1CContext@@UAE@XZ
+    - ??1CContextList@@UAE@XZ
+    - ??1CDebugLog@@UAE@XZ
+    - ??1CExclusionExtConfig@@UAE@XZ
+    - ??1CExclusionFileNameConfig@@UAE@XZ
+    - ??1CExclusionFilePathConfig@@UAE@XZ
+    - ??1CExclusionFolderConfig@@UAE@XZ
+    - ??1CExclusionRegistryConfig@@UAE@XZ
+    - ??1CFile@@UAE@XZ
+    - ??1CFileExtension@@UAE@XZ
+    - ??1CKEvent@@UAE@XZ
+    - ??1CList@@UAE@XZ
+    - ??1CLockEvent@@UAE@XZ
+    - ??1CLockList@@UAE@XZ
+    - ??1CMemoryAllocator@@UAE@XZ
+    - ??1CMemoryPoolAllocator@@UAE@XZ
+    - ??1CModuleConfig@@UAE@XZ
+    - ??1CModuleConfigList@@UAE@XZ
+    - ??1CModuleFileExtConfig@@UAE@XZ
+    - ??1CModuleFlagConfig@@UAE@XZ
+    - ??1CModuleMultiStringConfig@@UAE@XZ
+    - ??1CModuleStringConfig@@UAE@XZ
+    - ??1CSmartLock@@QAE@XZ
+    - ??1CSmartReference@@QAE@XZ
+    - ??1CStrList@@UAE@XZ
+    - ??1CSystemThread@@UAE@XZ
+    - ??1CUserFuncAdapterJob@@UAE@XZ
+    - ??1CWorkerThread@@UAE@XZ
+    - ??1CWorkerThreadJob@@UAE@XZ
+    - ??1CWorkerThreadJobQueue@@UAE@XZ
+    - ??1CWorkerThreadPool@@UAE@XZ
+    - ??1IMemoryAllocator@@UAE@XZ
+    - ??2@YAPAXIPAVIMemoryAllocator@@PBDK@Z
+    - ??2CMemoryAllocator@@SGPAXI@Z
+    - ??2CMemoryPoolAllocator@@SGPAXI@Z
+    - ??3@YAXPAX@Z
+    - ??3IMemoryAllocator@@SGXPAX@Z
+    - ??4CAutoUpdateConfigThread@@QAEAAV0@ABV0@@Z
+    - ??4CBlobConfig@@QAEAAV0@ABV0@@Z
+    - ??4CContext@@QAEAAV0@ABV0@@Z
+    - ??4CDebugLog@@QAEAAV0@ABV0@@Z
+    - ??4CFile@@QAEAAV0@ABV0@@Z
+    - ??4CKEvent@@QAEAAV0@ABV0@@Z
+    - ??4CLockEvent@@QAEAAV0@ABV0@@Z
+    - ??4CMemoryAllocator@@QAEAAV0@ABV0@@Z
+    - ??4CMemoryPoolAllocator@@QAEAAV0@ABV0@@Z
+    - ??4CModuleConfig@@QAEAAV0@ABV0@@Z
+    - ??4CModuleFlagConfig@@QAEAAV0@ABV0@@Z
+    - ??4CModuleStringConfig@@QAEAAV0@ABV0@@Z
+    - ??4CSmartLock@@QAEAAV0@ABV0@@Z
+    - ??4CSmartLock@@QAEABV0@AAVCLockEvent@@@Z
+    - ??4CSystemThread@@QAEAAV0@ABV0@@Z
+    - ??4CUserFuncAdapterJob@@QAEAAV0@ABV0@@Z
+    - ??4CWorkerThread@@QAEAAV0@ABV0@@Z
+    - ??4CWorkerThreadJob@@QAEAAV0@ABV0@@Z
+    - ??4IMemoryAllocator@@QAEAAV0@ABV0@@Z
+    - ??_7CAutoUpdateConfigThread@@6B@
+    - ??_7CBlobConfig@@6B@
+    - ??_7CContext@@6B@
+    - ??_7CContextList@@6B@
+    - ??_7CDebugLog@@6B@
+    - ??_7CExclusionExtConfig@@6B@
+    - ??_7CExclusionFileNameConfig@@6B@
+    - ??_7CExclusionFilePathConfig@@6B@
+    - ??_7CExclusionFolderConfig@@6B@
+    - ??_7CExclusionRegistryConfig@@6B@
+    - ??_7CFile@@6B@
+    - ??_7CFileExtension@@6B@
+    - ??_7CKEvent@@6B@
+    - ??_7CList@@6B@
+    - ??_7CLockEvent@@6B@
+    - ??_7CLockList@@6B@
+    - ??_7CMemoryAllocator@@6B@
+    - ??_7CMemoryPoolAllocator@@6B@
+    - ??_7CModuleConfig@@6B@
+    - ??_7CModuleConfigList@@6B@
+    - ??_7CModuleFileExtConfig@@6B@
+    - ??_7CModuleFlagConfig@@6B@
+    - ??_7CModuleMultiStringConfig@@6B@
+    - ??_7CModuleStringConfig@@6B@
+    - ??_7CStrList@@6B@
+    - ??_7CSystemThread@@6B@
+    - ??_7CUserFuncAdapterJob@@6B@
+    - ??_7CWorkerThread@@6B@
+    - ??_7CWorkerThreadJob@@6B@
+    - ??_7CWorkerThreadJobQueue@@6B@
+    - ??_7CWorkerThreadPool@@6B@
+    - ??_7IMemoryAllocator@@6B@
+    - ??_FCContextList@@QAEXXZ
+    - ??_FCFile@@QAEXXZ
+    - ??_FCFileExtension@@QAEXXZ
+    - ??_FCModuleConfigList@@QAEXXZ
+    - ??_FCStrList@@QAEXXZ
+    - ??_FCSystemThread@@QAEXXZ
+    - ??_FCWorkerThread@@QAEXXZ
+    - ??_FCWorkerThreadJob@@QAEXXZ
+    - ??_FCWorkerThreadJobQueue@@QAEXXZ
+    - ??_U@YAPAXIPAVIMemoryAllocator@@PBDK@Z
+    - ??_V@YAXPAX@Z
+    - ?Acquire@CLockEvent@@QAEXXZ
+    - ?Add@CContextList@@QAEEPAVCContext@@@Z
+    - ?Add@CFileExtension@@QAEEPBGK@Z
+    - ?Add@CModuleConfigList@@QAEEPAVCModuleConfig@@@Z
+    - ?Add@CStrList@@QAEEPBG@Z
+    - ?Alloc@CMemoryAllocator@@UAEPAXKPBDK@Z
+    - ?Alloc@CMemoryPoolAllocator@@UAEPAXKPBDK@Z
+    - ?AllocBlock@CMemoryPoolAllocator@@IAEPAXK@Z
+    - ?AttachJobQueue@CWorkerThread@@QAEXPAVCWorkerThreadJobQueue@@@Z
+    - ?Cancel@CWorkerThreadJob@@QAEXXZ
+    - ?CheckNode@CLockList@@UAEHQAX@Z
+    - ?CleanQueue@CWorkerThreadJobQueue@@QAEXXZ
+    - ?Cleanup@CBlobConfig@@AAEXXZ
+    - ?Cleanup@CModuleFileExtConfig@@IAEXXZ
+    - ?Cleanup@CModuleMultiStringConfig@@IAEXXZ
+    - ?Cleanup@CModuleStringConfig@@AAEXXZ
+    - ?Close@CFile@@QAEJXZ
+    - ?Count@CLockList@@QAEKXZ
+    - ?Create@CFile@@QAEJPBGKKKK@Z
+    - ?Create@CSystemThread@@QAEEXZ
+    - ?CreateInstance@CMemoryAllocator@@SGPAV1@W4_POOL_TYPE@@K@Z
+    - ?CreateInstance@CMemoryPoolAllocator@@SGPAV1@W4_POOL_TYPE@@KKK@Z
+    - ?CreatePool@CWorkerThreadPool@@QAEEXZ
+    - ?CreateThreads@CWorkerThreadPool@@QAEEK@Z
+    - ?Delete@CFile@@QAEJXZ
+    - ?Delete@CFileExtension@@QAEEPBGK@Z
+    - ?Delete@CStrList@@QAEEPBG@Z
+    - ?DeleteAll@CList@@UAEXXZ
+    - ?DeleteAll@CLockList@@UAEXXZ
+    - ?DeleteNode@CContextList@@MAEXPAX@Z
+    - ?DeleteNode@CList@@UAEXPAX@Z
+    - ?DeleteNode@CModuleConfigList@@MAEXPAX@Z
+    - ?DeleteNode@CStrList@@EAEXPAU_STR_LIST_NODE@1@@Z
+    - ?DisableWriteProtectFromCR0@@YGXPAPAX@Z
+    - ?DoIt@CWorkerThreadJob@@QAEJXZ
+    - ?EntryPoint@CSystemThread@@KGXPAX@Z
+    - ?Find@CContextList@@QAEPAVCContext@@K@Z
+    - ?Find@CContextList@@QAEPAVCContext@@PAX@Z
+    - ?Find@CFileExtension@@QAEPAU_STR_LIST_NODE@CStrList@@PBGK@Z
+    - ?Find@CModuleConfigList@@QAEPAVCModuleConfig@@K@Z
+    - ?Find@CStrList@@QAEPAU_STR_LIST_NODE@1@PBG@Z
+    - ?FindNode@CContextList@@IAEPAXPAX@Z
+    - ?FindPartiallyAndAllMatch@CStrList@@QAEPAU_STR_LIST_NODE@1@PBG@Z
+    - ?First@CList@@UAEPAXXZ
+    - ?First@CLockList@@UAEPAXXZ
+    - ?Free@CMemoryAllocator@@UAEXPAX@Z
+    - ?Free@CMemoryPoolAllocator@@UAEXPAX@Z
+    - ?GetAttributes@CFile@@QAEKXZ
+    - ?GetBasicInfomration@CFile@@IAEJXZ
+    - ?GetBlobCofig@CContext@@UAEJKPAXPAK@Z
+    - ?GetCategory@CContext@@QAEKXZ
+    - ?GetData@CBlobConfig@@QAEHPAXPAK@Z
+    - ?GetData@CModuleFileExtConfig@@QAEHPAGPAK@Z
+    - ?GetData@CModuleFileExtConfig@@QAEPAVCFileExtension@@XZ
+    - ?GetData@CModuleFlagConfig@@QAEKXZ
+    - ?GetData@CModuleMultiStringConfig@@QAEHPAGPAK@Z
+    - ?GetData@CModuleMultiStringConfig@@QAEPAVCStrList@@XZ
+    - ?GetData@CModuleStringConfig@@QAEPAGXZ
+    - ?GetData@CStrList@@QAEEPAGPAK@Z
+    - ?GetDataType@CModuleConfig@@QAEKXZ
+    - ?GetEngineContext@CContext@@QAEPAXXZ
+    - ?GetFileExtensionConfig@CContext@@QAEPAVCFileExtension@@K@Z
+    - ?GetFileExtensionConfig@CContext@@UAEJKPAGPAK@Z
+    - ?GetFileSize@CFile@@QAEJPAT_LARGE_INTEGER@@@Z
+    - ?GetFlagConfig@CContext@@UAEJKPAK@Z
+    - ?GetID@CModuleConfig@@QAEKXZ
+    - ?GetJob@CWorkerThreadJobQueue@@QAEPAVCWorkerThreadJob@@XZ
+    - ?GetLength@CModuleStringConfig@@QAEKXZ
+    - ?GetLinkContext@CContext@@QAEPAXXZ
+    - ?GetLogFlag@CDebugLog@@QAEKXZ
+    - ?GetModuleId@CModuleConfig@@QAEKXZ
+    - ?GetMultiStringConfig@CContext@@QAEPAVCStrList@@K@Z
+    - ?GetMultiStringConfig@CContext@@UAEJKPAGPAK@Z
+    - ?GetOneThreadTEB@CWorkerThreadPool@@QAEPAU_ETHREAD@@XZ
+    - ?GetReportCallBackRoutine@CContext@@QAEKXZ
+    - ?GetSize@CBlobConfig@@QAEKXZ
+    - ?GetStringConfig@CContext@@QAEPAGK@Z
+    - ?GetStringConfig@CContext@@UAEJKPAGPAK@Z
+    - ?GetThreadCount@CWorkerThreadPool@@QAEKXZ
+    - ?GetThreadID@CSystemThread@@QAEKXZ
+    - ?GetType@CContext@@QAEKXZ
+    - ?GetUserParameter@CContext@@QAEKXZ
+    - ?InitializeBlobConfig@CContext@@QAEHKPAXK@Z
+    - ?InitializeFileExtensionConfig@CContext@@QAEHKPBG@Z
+    - ?InitializeFlagConfig@CContext@@QAEHKK@Z
+    - ?InitializeMultiStringConfig@CContext@@QAEHKPBG@Z
+    - ?InitializeStringConfig@CContext@@QAEHKPBG@Z
+    - ?Insert@CList@@UAEXQAXE@Z
+    - ?Insert@CLockList@@UAEXQAXE@Z
+    - ?InsertAfter@CList@@UAEXPAX0@Z
+    - ?InsertBefore@CList@@UAEXPAX0@Z
+    - ?Instance@CWorkerThreadPool@@SGPAV1@XZ
+    - ?IsEmpty@CList@@UAEEXZ
+    - ?IsEmpty@CLockList@@UAEEXZ
+    - ?IsExceedLimitation@CMemoryPoolAllocator@@IAEEK@Z
+    - ?IsFull@CLockList@@QBEEXZ
+    - ?IsInExclusionList@CExclusionExtConfig@@QAEEPBG@Z
+    - ?IsInExclusionList@CExclusionFileNameConfig@@QAEEPBG@Z
+    - ?IsInExclusionList@CExclusionFilePathConfig@@QAEEPBG@Z
+    - ?IsInExclusionList@CExclusionFolderConfig@@QAEEPBG@Z
+    - ?IsInExclusionList@CExclusionRegistryConfig@@QAEEPBG@Z
+    - ?IsOpened@CFile@@QAEEXZ
+    - ?IsTerminated@CWorkerThreadPool@@QAEEXZ
+    - ?IsValid@CMemoryAllocator@@UAEEXZ
+    - ?IsValid@CMemoryPoolAllocator@@UAEEXZ
+    - ?IsValid@IMemoryAllocator@@UAEEXZ
+    - ?IsWorkerThread@CWorkerThreadPool@@QAEEK@Z
+    - ?JobFunction@CUserFuncAdapterJob@@MAEXXZ
+    - ?JobQueue@CWorkerThreadPool@@QAEAAVCWorkerThreadJobQueue@@XZ
+    - ?Limit@CLockList@@QAEKXZ
+    - ?MatchAllExtensions@CFileExtension@@QAEEXZ
+    - ?MatchNoExtensions@CFileExtension@@QAEEXZ
+    - ?MergeLeft@CMemoryPoolAllocator@@IAEPAXPAX@Z
+    - ?MergeRight@CMemoryPoolAllocator@@IAEPAXPAX@Z
+    - ?NeedDelete@CWorkerThreadJob@@QAEEXZ
+    - ?NeedDeleteWhenFinish@CWorkerThreadJob@@QAEXE@Z
+    - ?NewNode@CList@@UAEPAXXZ
+    - ?NewNode@CStrList@@EAEPAXXZ
+    - ?NewNodeVariant@CList@@IAEPAXK@Z
+    - ?Next@CList@@UBEPAXQAX@Z
+    - ?Next@CLockList@@UBEPAXQAX@Z
+    - ?NextPool@CMemoryPoolAllocator@@QAEPAV1@XZ
+    - ?NotityTerminate@CWorkerThread@@QAEXXZ
+    - ?PostJobToWorkerThread@CWorkerThreadPool@@QAEJP6GXPAX@Z0E@Z
+    - ?Pulse@CKEvent@@QAEJJE@Z
+    - ?QueueJob@CWorkerThreadJobQueue@@QAEEPAVCWorkerThreadJob@@@Z
+    - ?QueueJobItem@CWorkerThreadPool@@QAEJPAVCWorkerThreadJob@@@Z
+    - ?RCMInstance@CWorkerThreadPool@@SGPAV1@XZ
+    - ?Read@CFile@@QAEJPADKPAK@Z
+    - ?ReferenceCount@CContext@@QAEAAKXZ
+    - ?Release@CLockEvent@@QAEXXZ
+    - ?Remove@CContextList@@UAEEQAX@Z
+    - ?Remove@CList@@UAEEQAX@Z
+    - ?Remove@CLockList@@UAEEQAX@Z
+    - ?RemoveHead@CList@@UAEPAXXZ
+    - ?RemoveHead@CLockList@@UAEPAXXZ
+    - ?RemoveTail@CList@@UAEPAXXZ
+    - ?RemoveTail@CLockList@@UAEPAXXZ
+    - ?Reset@CKEvent@@QAEXXZ
+    - ?RestoreCR0@@YGXPAX@Z
+    - ?Run@CAutoUpdateConfigThread@@UAEXXZ
+    - ?Run@CWorkerThread@@UAEXXZ
+    - ?SeekToEnd@CFile@@QAEJXZ
+    - ?Set@CKEvent@@QAEJJE@Z
+    - ?SetAttributes@CFile@@QAEJK@Z
+    - ?SetBlobCofig@CContext@@UAEJKPAXK@Z
+    - ?SetData@CBlobConfig@@QAEHPAXK@Z
+    - ?SetData@CModuleFileExtConfig@@QAEHPBG@Z
+    - ?SetData@CModuleFlagConfig@@QAEHK@Z
+    - ?SetData@CModuleMultiStringConfig@@QAEHPBG@Z
+    - ?SetData@CModuleStringConfig@@QAEHPBG@Z
+    - ?SetEngineContext@CContext@@QAEXPAX@Z
+    - ?SetFileExtensionConfig@CContext@@UAEJKPBG@Z
+    - ?SetFlagConfig@CContext@@UAEJKK@Z
+    - ?SetLinkContext@CContext@@QAEXPAX@Z
+    - ?SetLogFlag@CDebugLog@@QAEEK@Z
+    - ?SetMatchAllExtensions@CFileExtension@@QAEXE@Z
+    - ?SetMatchNoExtensions@CFileExtension@@QAEXE@Z
+    - ?SetMultiStringConfig@CContext@@UAEJKPBG@Z
+    - ?SetNewJobItemEvent@CWorkerThreadJobQueue@@QAEXXZ
+    - ?SetPriority@CSystemThread@@QAEXK@Z
+    - ?SetStopUse@CContext@@QAEXXZ
+    - ?SetStringConfig@CContext@@UAEJKPBG@Z
+    - ?Setup@CSystemThread@@MAEXXZ
+    - ?StopUse@CContext@@QAEHXZ
+    - ?TearDown@CSystemThread@@MAEXXZ
+    - ?Terminate@CSystemThread@@QAEXE@Z
+    - ?Terminate@CWorkerThreadPool@@QAEEXZ
+    - ?TmExceptionFilter@@YGJPAU_EXCEPTION_POINTERS@@@Z
+    - ?Wait@CKEvent@@QAEJPAT_LARGE_INTEGER@@E@Z
+    - ?WaitFinish@CWorkerThreadJob@@QAEXXZ
+    - ?WaitNewJobAvailable@CWorkerThreadJobQueue@@QAEEXZ
+    - ?Write@CDebugLog@@QAAXPBDZZ
+    - ?Write@CFile@@QAEJPADKPAT_LARGE_INTEGER@@PAK@Z
+    - ?WriteSystemInformation@CDebugLog@@QAEXXZ
+    - ?WriteSystemStringInformation@CDebugLog@@IAEXPBG@Z
+    - ?WriteToFile@CDebugLog@@IAEXPADK@Z
+    - ?_pNonPagedAllocator@@3PAVCMemoryAllocator@@A
+    - ?_pPagedAllocator@@3PAVCMemoryAllocator@@A
+    - ?m_lpInstance@CWorkerThreadPool@@1PAV1@A
+    - ?m_lpRCMInstance@CWorkerThreadPool@@1PAV1@A
+    - _DeInitKmLPC@0
+    - _GetModuleInfoByAddress@8
+    - _GetModuleInfoByModuleName@8
+    - _InitKmLPC@0
+    - _KmCallUm@8
+    - _MapMem@12
+    - _ModGetExportProcAddress@8
+    - _ModLoadDLLToBuffer@4
+    - _ModLoadModule@8
+    - _ModUnLoadModule@4
+    - _TmCommConfigRoutine@4
+    - _UnMapMem@8
+    - _UtilGetProcessName@12
+    - _UtilGetSystemTime@4
+    - _UtilIoSetFileInfo@24
+    - _UtilIopCreateFileIRP@40
+    - _UtilKeGetLowFileDevice@16
+    - _UtilQueryKeyValue@24
+    - _UtilVolumeDeviceToDosName@8
+    - _UtilWaitValueChangeToZero@8
+    - _UtilWriteVersionToRegistry@8
+    ImportedFunctions:
+    - _purecall
+    - ExAcquireFastMutexUnsafe
+    - KeEnterCriticalRegion
+    - KeGetCurrentThread
+    - KeLeaveCriticalRegion
+    - ExReleaseFastMutexUnsafe
+    - wcsncpy
+    - memcpy
+    - wcsrchr
+    - KeSetEvent
+    - KePulseEvent
+    - KeClearEvent
+    - IofCompleteRequest
+    - ZwClose
+    - KeDelayExecutionThread
+    - ObfDereferenceObject
+    - ObReferenceObjectByHandle
+    - ExEventObjectType
+    - ZwCreateEvent
+    - RtlInitUnicodeString
+    - swprintf
+    - KeQuerySystemTime
+    - KeWaitForSingleObject
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - IoCreateSymbolicLink
+    - DbgPrint
+    - RtlCopyUnicodeString
+    - ProbeForWrite
+    - ProbeForRead
+    - ExGetPreviousMode
+    - memset
+    - MmIsAddressValid
+    - ZwWriteFile
+    - ZwReadFile
+    - ZwQueryInformationFile
+    - ZwSetInformationFile
+    - ZwCreateFile
+    - towupper
+    - _wcsnicmp
+    - _snprintf
+    - PsGetCurrentProcessId
+    - IoGetCurrentProcess
+    - RtlTimeToTimeFields
+    - ExSystemTimeToLocalTime
+    - ZwCreateKey
+    - KeInitializeEvent
+    - KeWaitForMultipleObjects
+    - ZwNotifyChangeKey
+    - PsGetCurrentThreadId
+    - _vsnprintf
+    - MmMapLockedPagesSpecifyCache
+    - MmBuildMdlForNonPagedPool
+    - MmCreateMdl
+    - ExFreePoolWithTag
+    - MmUnmapLockedPages
+    - ExAllocatePoolWithTag
+    - RtlImageNtHeader
+    - mbstowcs
+    - _stricmp
+    - ZwQuerySystemInformation
+    - IoGetDeviceObjectPointer
+    - KeServiceDescriptorTable
+    - KeAddSystemServiceTable
+    - _strnicmp
+    - PsLookupProcessByProcessId
+    - KeUnstackDetachProcess
+    - KeStackAttachProcess
+    - ZwQueryObject
+    - ZwDuplicateObject
+    - ZwOpenProcess
+    - KeSetPriorityThread
+    - PsTerminateSystemThread
+    - PsCreateSystemThread
+    - KeNumberProcessors
+    - ZwQueryDirectoryFile
+    - ZwOpenDirectoryObject
+    - ZwQueryDirectoryObject
+    - IoFreeIrp
+    - IoFreeMdl
+    - IofCallDriver
+    - IoAllocateMdl
+    - IoAllocateIrp
+    - IoFileObjectType
+    - ZwOpenKey
+    - ZwEnumerateKey
+    - ZwEnumerateValueKey
+    - ZwQueryValueKey
+    - ZwDeleteValueKey
+    - ZwDeleteKey
+    - ZwQueryKey
+    - ZwSetValueKey
+    - ZwQuerySecurityObject
+    - ObInsertObject
+    - _allrem
+    - strncpy
+    - NtOpenProcess
+    - ObOpenObjectByPointer
+    - PsProcessType
+    - ObReferenceObjectByPointer
+    - MmSectionObjectType
+    - ObQueryNameString
+    - ObOpenObjectByName
+    - RtlAppendUnicodeStringToString
+    - ObfReferenceObject
+    - NtQueryInformationProcess
+    - _snwprintf
+    - RtlAnsiStringToUnicodeString
+    - RtlQueryRegistryValues
+    - RtlAppendUnicodeToString
+    - ZwQuerySymbolicLinkObject
+    - ZwOpenSymbolicLinkObject
+    - RtlEqualUnicodeString
+    - IoCreateFile
+    - PsGetVersion
+    - MmGetSystemRoutineAddress
+    - RtlCompareMemory
+    - IoReleaseVpbSpinLock
+    - IoAcquireVpbSpinLock
+    - SeCreateAccessState
+    - IoGetFileObjectGenericMapping
+    - ObCreateObject
+    - KeInitializeSemaphore
+    - KeReleaseSemaphore
+    - RtlSubAuthoritySid
+    - RtlInitializeSid
+    - RtlLengthRequiredSid
+    - RtlSetDaclSecurityDescriptor
+    - RtlCreateSecurityDescriptor
+    - RtlAddAccessAllowedAce
+    - RtlCreateAcl
+    - ZwSetEvent
+    - ZwRequestWaitReplyPort
+    - memmove
+    - ZwConnectPort
+    - ZwCreateSection
+    - ZwWaitForSingleObject
+    - ZwOpenEvent
+    - ExAllocatePool
+    - KeBugCheckEx
+    - RtlUpperChar
+    - RtlCompareUnicodeString
+    - KeTickCount
+    - ZwSetSecurityObject
+    - IoDeviceObjectType
+    - IoCreateDevice
+    - RtlUnwind
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetSaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - RtlLengthSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - SeExports
+    - IoIsWdmVersionAvailable
+    - RtlLengthSid
+    - wcschr
+    - RtlAbsoluteToSelfRelativeSD
+    - RtlFreeUnicodeString
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=TW, ST=Taiwan, L=Taipei, O=Trend Micro, Inc., OU=Digital ID
+                Class 3 , Microsoft Software Validation v2, OU=RD, CN=Trend Micro,
+                Inc.
+            ValidFrom: '2007-01-30 00:00:00'
+            ValidTo: '2008-02-15 23:59:59'
+            Signature: ad2b4e7b5257d4923230029228ae497edd7f8fb5694b021ef1e8a7dbc6c11f7302b8f8d07e7364296d45081c37e0a861df51e62a158847d4925dc5b78da837b24edcd18e671ff0ccbe56e7327437091db3a24e4f471c45cac3916132d2e9b721410b24e83b89779e73b6fef1f026cf155587e0610f872a87321afab6c53ec7a2cfe2048b5928b919e56223762d9c5ce4e2f09ee9a3a6933fb3453a4c808a41a47d245e1ddc951f57ee62ef636ff79e061ce084668d58f3a9f4e1b839af75204b203b7d827b037f3ebc19383e69c6540a780b75d6d22d5e05614665cfa12ca2fe65146d9d684c5a3377c79acc86723943bc522064ac4b545e1a13e88ee4b6fe76
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 225c8b52640584163ec1835017ded781
+            Version: 3
+            TBS:
+                MD5: 1be2a89d67bb40c5a169d9e31c1a85af
+                SHA1: 626dfc9caa0b9c229d6327683e87e36da2f30a3d
+                SHA256: bb4688ce8067e75a34458bff65e0bf0fd213b3e9416108aabb410d305495dc77
+                SHA384: 2e653f784f09ea4b4d116e8eb0bcca663a00e56c644ae68fca89e33a7942ad6abf294c304faf9a651e167e53a7d3efc7
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 225c8b52640584163ec1835017ded781
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: f2d5f582fbb201fc40e2d789cdbc267f
+        SHA1: ff1bf61fd8d7e4cee5a99e78b45d53aafac5a2f1
+        SHA256: 10914edfdb5d97a4c14914cb4f058fc65f31e3b700fa9fe31ad4fcc1dc74cc1d
+    Sections:
+        .text:
+            Entropy: 6.620073654305084
+            Virtual Size: '0x1578c'
+        .rdata:
+            Entropy: 4.841249633294921
+            Virtual Size: '0x1104'
+        .data:
+            Entropy: 1.5135702595033218
+            Virtual Size: '0x14f4'
+        PAGE:
+            Entropy: 6.22827180514407
+            Virtual Size: '0x13d3'
+        .edata:
+            Entropy: 5.790090125317036
+            Virtual Size: '0x4000'
+        INIT:
+            Entropy: 5.6705606908323976
+            Virtual Size: '0xfd2'
+        .rsrc:
+            Entropy: 3.388798265244797
+            Virtual Size: '0x490'
+        .reloc:
+            Entropy: 6.40160183656787
+            Virtual Size: '0x1626'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2007-09-05 04:57:07'
+    Imphash: cbf26c6e8cf7e294bda273e7026a2789
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: TmComm.sys
+    MD5: d79b8b7bed8d30387c22663b24e8c191
+    SHA1: af5b7556706e09ee9e74ee2e87eab5c0a49d2d35
+    SHA256: d783ace822f8fe4e25d5387e5dd249cb72e62f62079023216dc436f1853a150f
+    Authentihash:
+        MD5: ab680a8ed6b727bb2a4e27d124191b89
+        SHA1: 62fe5d3ebcd192fcf985f2e3a27c214051ecf854
+        SHA256: 44120b712e4b5ef3b302f03b7aa61f9f6fe6820d966addbcc43d8e09402e5906
+    Description: TrendMicro Common Module
+    Company: Trend Micro Inc.
+    InternalName: TmComm.sys
+    OriginalFilename: TmComm.sys
+    FileVersion: 5.50.0.1033
+    Product: Trend Micro Eyes
+    ProductVersion: '5.50'
+    Copyright: Copyright (C) 2002 - 2012 Trend Micro Incorporated. All rights reserved.
+    MachineType: I386
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    - CLASSPNP.SYS
+    ExportedFunctions:
+    - ??0CAutoUpdateConfigThread@@QAE@ABV0@@Z
+    - ??0CAutoUpdateConfigThread@@QAE@PAU_UNICODE_STRING@@P6GX0PAX@Z1@Z
+    - ??0CBlobConfig@@QAE@ABV0@@Z
+    - ??0CBlobConfig@@QAE@K@Z
+    - ??0CContext@@QAE@ABV0@@Z
+    - ??0CContext@@QAE@KP6GJPAU_EVENT_REPORT@@PAXPAU_TMCE_REPORT@@PAU_TMCE_FEEDBACK@@@Z1K@Z
+    - ??0CContextList@@QAE@ABV0@@Z
+    - ??0CContextList@@QAE@KPAVIMemoryAllocator@@@Z
+    - ??0CDebugLog@@QAE@ABV0@@Z
+    - ??0CDebugLog@@QAE@PBG@Z
+    - ??0CDelayLoadThread@@QAE@ABV0@@Z
+    - ??0CDelayLoadThread@@QAE@XZ
+    - ??0CExclusionExtConfig@@QAE@ABV0@@Z
+    - ??0CExclusionExtConfig@@QAE@KKE@Z
+    - ??0CExclusionFileNameConfig@@QAE@ABV0@@Z
+    - ??0CExclusionFileNameConfig@@QAE@KK@Z
+    - ??0CExclusionFilePathConfig@@QAE@ABV0@@Z
+    - ??0CExclusionFilePathConfig@@QAE@KK@Z
+    - ??0CExclusionFolderConfig@@QAE@ABV0@@Z
+    - ??0CExclusionFolderConfig@@QAE@KK@Z
+    - ??0CExclusionRegistryConfig@@QAE@ABV0@@Z
+    - ??0CExclusionRegistryConfig@@QAE@KK@Z
+    - ??0CFile@@QAE@ABV0@@Z
+    - ??0CFile@@QAE@E@Z
+    - ??0CFileExtension@@QAE@ABV0@@Z
+    - ??0CFileExtension@@QAE@KEEPAVIMemoryAllocator@@@Z
+    - ??0CInclusionExtConfig@@QAE@ABV0@@Z
+    - ??0CInclusionExtConfig@@QAE@KKE@Z
+    - ??0CInclusionFileNameConfig@@QAE@ABV0@@Z
+    - ??0CInclusionFileNameConfig@@QAE@KK@Z
+    - ??0CInclusionFilePathConfig@@QAE@ABV0@@Z
+    - ??0CInclusionFilePathConfig@@QAE@KK@Z
+    - ??0CInclusionFolderConfig@@QAE@ABV0@@Z
+    - ??0CInclusionFolderConfig@@QAE@KK@Z
+    - ??0CKEvent@@QAE@ABV0@@Z
+    - ??0CKEvent@@QAE@W4_EVENT_TYPE@@E@Z
+    - ??0CList@@QAE@ABV0@@Z
+    - ??0CList@@QAE@KPAVIMemoryAllocator@@@Z
+    - ??0CLockEvent@@QAE@ABV0@@Z
+    - ??0CLockEvent@@QAE@XZ
+    - ??0CLockList@@QAE@ABV0@@Z
+    - ??0CLockList@@QAE@KKPAVIMemoryAllocator@@@Z
+    - ??0CMemoryAllocator@@IAE@W4_POOL_TYPE@@K@Z
+    - ??0CMemoryAllocator@@QAE@ABV0@@Z
+    - ??0CMemoryPoolAllocator@@IAE@W4_POOL_TYPE@@KKK@Z
+    - ??0CMemoryPoolAllocator@@QAE@ABV0@@Z
+    - ??0CModuleConfig@@QAE@ABV0@@Z
+    - ??0CModuleConfig@@QAE@XZ
+    - ??0CModuleConfigList@@QAE@ABV0@@Z
+    - ??0CModuleConfigList@@QAE@KPAVIMemoryAllocator@@@Z
+    - ??0CModuleFileExtConfig@@QAE@ABV0@@Z
+    - ??0CModuleFileExtConfig@@QAE@KKE@Z
+    - ??0CModuleFlagConfig@@QAE@ABV0@@Z
+    - ??0CModuleFlagConfig@@QAE@K@Z
+    - ??0CModuleMultiStringConfig@@QAE@ABV0@@Z
+    - ??0CModuleMultiStringConfig@@QAE@KK@Z
+    - ??0CModuleStringConfig@@QAE@ABV0@@Z
+    - ??0CModuleStringConfig@@QAE@K@Z
+    - ??0CNoLockList@@QAE@ABV0@@Z
+    - ??0CNoLockList@@QAE@KKPAVIMemoryAllocator@@@Z
+    - ??0CSmartLock@@QAE@AAVCLockEvent@@@Z
+    - ??0CSmartLock@@QAE@XZ
+    - ??0CSmartReference@@QAE@AAJ@Z
+    - ??0CSmartReference@@QAE@AAK@Z
+    - ??0CSmartResource@@QAE@AAVCResource@@E@Z
+    - ??0CStrList@@QAE@ABV0@@Z
+    - ??0CStrList@@QAE@KPAVIMemoryAllocator@@@Z
+    - ??0CSystemThread@@QAE@ABV0@@Z
+    - ??0CSystemThread@@QAE@K@Z
+    - ??0CUserFuncAdapterJob@@QAE@ABV0@@Z
+    - ??0CUserFuncAdapterJob@@QAE@P6GXPAX@Z0@Z
+    - ??0CWorkerThread@@IAE@PAVCWorkerThreadJobQueue@@@Z
+    - ??0CWorkerThread@@QAE@ABV0@@Z
+    - ??0CWorkerThreadJob@@QAE@ABV0@@Z
+    - ??0CWorkerThreadJob@@QAE@E@Z
+    - ??0CWorkerThreadJobQueue@@QAE@ABV0@@Z
+    - ??0CWorkerThreadJobQueue@@QAE@K@Z
+    - ??0CWorkerThreadPool@@QAE@ABV0@@Z
+    - ??0CWorkerThreadPool@@QAE@K@Z
+    - ??0IMemoryAllocator@@QAE@ABV0@@Z
+    - ??0IMemoryAllocator@@QAE@XZ
+    - ??1CAutoUpdateConfigThread@@UAE@XZ
+    - ??1CBlobConfig@@UAE@XZ
+    - ??1CContext@@UAE@XZ
+    - ??1CContextList@@UAE@XZ
+    - ??1CDebugLog@@UAE@XZ
+    - ??1CDelayLoadThread@@UAE@XZ
+    - ??1CExclusionExtConfig@@UAE@XZ
+    - ??1CExclusionFileNameConfig@@UAE@XZ
+    - ??1CExclusionFilePathConfig@@UAE@XZ
+    - ??1CExclusionFolderConfig@@UAE@XZ
+    - ??1CExclusionRegistryConfig@@UAE@XZ
+    - ??1CFile@@UAE@XZ
+    - ??1CFileExtension@@UAE@XZ
+    - ??1CInclusionExtConfig@@UAE@XZ
+    - ??1CInclusionFileNameConfig@@UAE@XZ
+    - ??1CInclusionFilePathConfig@@UAE@XZ
+    - ??1CInclusionFolderConfig@@UAE@XZ
+    - ??1CKEvent@@UAE@XZ
+    - ??1CList@@UAE@XZ
+    - ??1CLockEvent@@UAE@XZ
+    - ??1CLockList@@UAE@XZ
+    - ??1CMemoryAllocator@@UAE@XZ
+    - ??1CMemoryPoolAllocator@@UAE@XZ
+    - ??1CModuleConfig@@UAE@XZ
+    - ??1CModuleConfigList@@UAE@XZ
+    - ??1CModuleFileExtConfig@@UAE@XZ
+    - ??1CModuleFlagConfig@@UAE@XZ
+    - ??1CModuleMultiStringConfig@@UAE@XZ
+    - ??1CModuleStringConfig@@UAE@XZ
+    - ??1CNoLockList@@UAE@XZ
+    - ??1CSmartLock@@QAE@XZ
+    - ??1CSmartReference@@QAE@XZ
+    - ??1CSmartResource@@QAE@XZ
+    - ??1CStrList@@UAE@XZ
+    - ??1CSystemThread@@UAE@XZ
+    - ??1CUserFuncAdapterJob@@UAE@XZ
+    - ??1CWorkerThread@@UAE@XZ
+    - ??1CWorkerThreadJob@@UAE@XZ
+    - ??1CWorkerThreadJobQueue@@UAE@XZ
+    - ??1CWorkerThreadPool@@UAE@XZ
+    - ??1IMemoryAllocator@@UAE@XZ
+    - ??2@YAPAXIPAVIMemoryAllocator@@PBDK@Z
+    - ??2CMemoryAllocator@@SGPAXI@Z
+    - ??2CMemoryPoolAllocator@@SGPAXI@Z
+    - ??3@YAXPAX@Z
+    - ??3IMemoryAllocator@@SGXPAX@Z
+    - ??4CAutoUpdateConfigThread@@QAEAAV0@ABV0@@Z
+    - ??4CBlobConfig@@QAEAAV0@ABV0@@Z
+    - ??4CContext@@QAEAAV0@ABV0@@Z
+    - ??4CDebugLog@@QAEAAV0@ABV0@@Z
+    - ??4CDelayLoadThread@@QAEAAV0@ABV0@@Z
+    - ??4CFile@@QAEAAV0@ABV0@@Z
+    - ??4CKEvent@@QAEAAV0@ABV0@@Z
+    - ??4CLockEvent@@QAEAAV0@ABV0@@Z
+    - ??4CMemoryAllocator@@QAEAAV0@ABV0@@Z
+    - ??4CMemoryPoolAllocator@@QAEAAV0@ABV0@@Z
+    - ??4CModuleConfig@@QAEAAV0@ABV0@@Z
+    - ??4CModuleFlagConfig@@QAEAAV0@ABV0@@Z
+    - ??4CModuleStringConfig@@QAEAAV0@ABV0@@Z
+    - ??4CSmartLock@@QAEAAV0@ABV0@@Z
+    - ??4CSmartLock@@QAEABV0@AAVCLockEvent@@@Z
+    - ??4CSmartResource@@QAEAAV0@ABV0@@Z
+    - ??4CSystemThread@@QAEAAV0@ABV0@@Z
+    - ??4CUserFuncAdapterJob@@QAEAAV0@ABV0@@Z
+    - ??4CWorkerThread@@QAEAAV0@ABV0@@Z
+    - ??4CWorkerThreadJob@@QAEAAV0@ABV0@@Z
+    - ??4IMemoryAllocator@@QAEAAV0@ABV0@@Z
+    - ??_7CAutoUpdateConfigThread@@6B@
+    - ??_7CBlobConfig@@6B@
+    - ??_7CContext@@6B@
+    - ??_7CContextList@@6B@
+    - ??_7CDebugLog@@6B@
+    - ??_7CDelayLoadThread@@6B@
+    - ??_7CExclusionExtConfig@@6B@
+    - ??_7CExclusionFileNameConfig@@6B@
+    - ??_7CExclusionFilePathConfig@@6B@
+    - ??_7CExclusionFolderConfig@@6B@
+    - ??_7CExclusionRegistryConfig@@6B@
+    - ??_7CFile@@6B@
+    - ??_7CFileExtension@@6B@
+    - ??_7CInclusionExtConfig@@6B@
+    - ??_7CInclusionFileNameConfig@@6B@
+    - ??_7CInclusionFilePathConfig@@6B@
+    - ??_7CInclusionFolderConfig@@6B@
+    - ??_7CKEvent@@6B@
+    - ??_7CList@@6B@
+    - ??_7CLockEvent@@6B@
+    - ??_7CLockList@@6B@
+    - ??_7CMemoryAllocator@@6B@
+    - ??_7CMemoryPoolAllocator@@6B@
+    - ??_7CModuleConfig@@6B@
+    - ??_7CModuleConfigList@@6B@
+    - ??_7CModuleFileExtConfig@@6B@
+    - ??_7CModuleFlagConfig@@6B@
+    - ??_7CModuleMultiStringConfig@@6B@
+    - ??_7CModuleStringConfig@@6B@
+    - ??_7CNoLockList@@6B@
+    - ??_7CStrList@@6B@
+    - ??_7CSystemThread@@6B@
+    - ??_7CUserFuncAdapterJob@@6B@
+    - ??_7CWorkerThread@@6B@
+    - ??_7CWorkerThreadJob@@6B@
+    - ??_7CWorkerThreadJobQueue@@6B@
+    - ??_7CWorkerThreadPool@@6B@
+    - ??_7IMemoryAllocator@@6B@
+    - ??_FCContextList@@QAEXXZ
+    - ??_FCFile@@QAEXXZ
+    - ??_FCFileExtension@@QAEXXZ
+    - ??_FCModuleConfigList@@QAEXXZ
+    - ??_FCStrList@@QAEXXZ
+    - ??_FCSystemThread@@QAEXXZ
+    - ??_FCWorkerThread@@QAEXXZ
+    - ??_FCWorkerThreadJob@@QAEXXZ
+    - ??_FCWorkerThreadJobQueue@@QAEXXZ
+    - ??_U@YAPAXIPAVIMemoryAllocator@@PBDK@Z
+    - ??_V@YAXPAX@Z
+    - ?Acquire@CLockEvent@@QAEXXZ
+    - ?Add@CContextList@@QAEEPAVCContext@@@Z
+    - ?Add@CFileExtension@@QAEEPBGK@Z
+    - ?Add@CModuleConfigList@@QAEEPAVCModuleConfig@@@Z
+    - ?Add@CStrList@@QAEEPBG@Z
+    - ?AddNode@CLockList@@UAEEQAXE@Z
+    - ?AddNode@CNoLockList@@UAEEQAXE@Z
+    - ?Alloc@CMemoryAllocator@@UAEPAXKPBDK@Z
+    - ?Alloc@CMemoryPoolAllocator@@UAEPAXKPBDK@Z
+    - ?AllocBlock@CMemoryPoolAllocator@@IAEPAXK@Z
+    - ?AttachJobQueue@CWorkerThread@@QAEXPAVCWorkerThreadJobQueue@@@Z
+    - ?Cancel@CWorkerThreadJob@@QAEXXZ
+    - ?CheckNode@CLockList@@UAEHQAX@Z
+    - ?CheckNode@CNoLockList@@UAEHQAX@Z
+    - ?CleanQueue@CWorkerThreadJobQueue@@QAEXXZ
+    - ?Cleanup@CBlobConfig@@AAEXXZ
+    - ?Cleanup@CModuleFileExtConfig@@IAEXXZ
+    - ?Cleanup@CModuleMultiStringConfig@@IAEXXZ
+    - ?Cleanup@CModuleStringConfig@@AAEXXZ
+    - ?Close@CFile@@QAEJXZ
+    - ?Count@CLockList@@QAEKXZ
+    - ?Count@CNoLockList@@QAEKXZ
+    - ?Create@CFile@@QAEJPBGKKKK@Z
+    - ?Create@CSystemThread@@QAEEXZ
+    - ?CreateInstance@CMemoryAllocator@@SGPAV1@W4_POOL_TYPE@@K@Z
+    - ?CreateInstance@CMemoryPoolAllocator@@SGPAV1@W4_POOL_TYPE@@KKK@Z
+    - ?CreatePool@CWorkerThreadPool@@QAEEXZ
+    - ?CreateThreads@CWorkerThreadPool@@QAEEK@Z
+    - ?CreateWIRP@CFile@@QAEJPBGKKKK@Z
+    - ?Delete@CFile@@QAEJXZ
+    - ?Delete@CFileExtension@@QAEEPBGK@Z
+    - ?Delete@CStrList@@QAEEPBG@Z
+    - ?DeleteAll@CList@@UAEXXZ
+    - ?DeleteAll@CLockList@@UAEXXZ
+    - ?DeleteAll@CNoLockList@@UAEXXZ
+    - ?DeleteNode@CContextList@@MAEXPAX@Z
+    - ?DeleteNode@CList@@UAEXPAX@Z
+    - ?DeleteNode@CModuleConfigList@@MAEXPAX@Z
+    - ?DeleteNode@CStrList@@EAEXPAU_STR_LIST_NODE@1@@Z
+    - ?DisableWriteProtectFromCR0@@YGXPAPAX@Z
+    - ?DoIt@CWorkerThreadJob@@QAEJXZ
+    - ?EntryPoint@CSystemThread@@KGXPAX@Z
+    - ?Find@CContextList@@QAEPAVCContext@@K@Z
+    - ?Find@CContextList@@QAEPAVCContext@@PAX@Z
+    - ?Find@CFileExtension@@QAEPAU_STR_LIST_NODE@CStrList@@PBGK@Z
+    - ?Find@CModuleConfigList@@QAEPAVCModuleConfig@@K@Z
+    - ?Find@CStrList@@QAEPAU_STR_LIST_NODE@1@PBG@Z
+    - ?FindNode@CContextList@@IAEPAXPAX@Z
+    - ?FindPartiallyAndAllMatch@CStrList@@QAEPAU_STR_LIST_NODE@1@PBG@Z
+    - ?First@CList@@UAEPAXXZ
+    - ?First@CLockList@@UAEPAXXZ
+    - ?First@CNoLockList@@UAEPAXXZ
+    - ?Free@CMemoryAllocator@@UAEXPAX@Z
+    - ?Free@CMemoryPoolAllocator@@UAEXPAX@Z
+    - ?GetAttributes@CFile@@QAEKXZ
+    - ?GetBasicInfomration@CFile@@IAEJXZ
+    - ?GetBlobCofig@CContext@@UAEJKPAXPAK@Z
+    - ?GetCategory@CContext@@QAEKXZ
+    - ?GetData@CBlobConfig@@QAEHPAXPAK@Z
+    - ?GetData@CModuleFileExtConfig@@QAEHPAGPAK@Z
+    - ?GetData@CModuleFileExtConfig@@QAEPAVCFileExtension@@XZ
+    - ?GetData@CModuleFlagConfig@@QAEKXZ
+    - ?GetData@CModuleMultiStringConfig@@QAEHPAGPAK@Z
+    - ?GetData@CModuleMultiStringConfig@@QAEPAVCStrList@@XZ
+    - ?GetData@CModuleStringConfig@@QAEPAGXZ
+    - ?GetData@CStrList@@QAEEPAGPAK@Z
+    - ?GetDataType@CModuleConfig@@QAEKXZ
+    - ?GetEngineContext@CContext@@QAEPAXXZ
+    - ?GetFileExtensionConfig@CContext@@QAEPAVCFileExtension@@K@Z
+    - ?GetFileExtensionConfig@CContext@@UAEJKPAGPAK@Z
+    - ?GetFileSize@CFile@@QAEJPAT_LARGE_INTEGER@@@Z
+    - ?GetFlagConfig@CContext@@UAEJKPAK@Z
+    - ?GetID@CModuleConfig@@QAEKXZ
+    - ?GetJob@CWorkerThreadJobQueue@@QAEPAVCWorkerThreadJob@@XZ
+    - ?GetLength@CModuleStringConfig@@QAEKXZ
+    - ?GetLinkContext@CContext@@QAEPAXXZ
+    - ?GetLogFlag@CDebugLog@@QAEKXZ
+    - ?GetModuleId@CModuleConfig@@QAEKXZ
+    - ?GetMultiStringConfig@CContext@@QAEPAVCStrList@@K@Z
+    - ?GetMultiStringConfig@CContext@@UAEJKPAGPAK@Z
+    - ?GetOneThreadTEB@CWorkerThreadPool@@QAEPAU_ETHREAD@@XZ
+    - ?GetReportCallBackRoutine@CContext@@QAEKXZ
+    - ?GetSize@CBlobConfig@@QAEKXZ
+    - ?GetStringConfig@CContext@@QAEPAGK@Z
+    - ?GetStringConfig@CContext@@UAEJKPAGPAK@Z
+    - ?GetThreadCount@CWorkerThreadPool@@QAEKXZ
+    - ?GetThreadID@CSystemThread@@QAEKXZ
+    - ?GetType@CContext@@QAEKXZ
+    - ?GetUserParameter@CContext@@QAEKXZ
+    - ?InitializeBlobConfig@CContext@@QAEHKPAXK@Z
+    - ?InitializeFileExtensionConfig@CContext@@QAEHKPBG@Z
+    - ?InitializeFlagConfig@CContext@@QAEHKK@Z
+    - ?InitializeMultiStringConfig@CContext@@QAEHKPBG@Z
+    - ?InitializeStringConfig@CContext@@QAEHKPBG@Z
+    - ?Insert@CList@@UAEXQAXE@Z
+    - ?Insert@CLockList@@UAEXQAXE@Z
+    - ?Insert@CNoLockList@@UAEXQAXE@Z
+    - ?InsertAfter@CList@@UAEXPAX0@Z
+    - ?InsertBefore@CList@@UAEXPAX0@Z
+    - ?Instance@CWorkerThreadPool@@SGPAV1@XZ
+    - ?IsEmpty@CList@@UAEEXZ
+    - ?IsEmpty@CLockList@@UAEEXZ
+    - ?IsEmpty@CNoLockList@@UAEEXZ
+    - ?IsExceedLimitation@CMemoryPoolAllocator@@IAEEK@Z
+    - ?IsFull@CLockList@@QBEEXZ
+    - ?IsFull@CNoLockList@@QBEEXZ
+    - ?IsInExclusionList@CExclusionExtConfig@@QAEEPBG@Z
+    - ?IsInExclusionList@CExclusionFileNameConfig@@QAEEPBG@Z
+    - ?IsInExclusionList@CExclusionFilePathConfig@@QAEEPBG@Z
+    - ?IsInExclusionList@CExclusionFolderConfig@@QAEEPBG@Z
+    - ?IsInExclusionList@CExclusionRegistryConfig@@QAEEPBG@Z
+    - ?IsInInclusionList@CInclusionExtConfig@@QAEEPBG@Z
+    - ?IsInInclusionList@CInclusionFileNameConfig@@QAEEPBG@Z
+    - ?IsInInclusionList@CInclusionFilePathConfig@@QAEEPBG@Z
+    - ?IsInInclusionList@CInclusionFolderConfig@@QAEEPBG@Z
+    - ?IsOpened@CFile@@QAEEXZ
+    - ?IsTerminated@CWorkerThreadPool@@QAEEXZ
+    - ?IsValid@CMemoryAllocator@@UAEEXZ
+    - ?IsValid@CMemoryPoolAllocator@@UAEEXZ
+    - ?IsValid@IMemoryAllocator@@UAEEXZ
+    - ?IsWorkerThread@CWorkerThreadPool@@QAEEK@Z
+    - ?JobFunction@CUserFuncAdapterJob@@MAEXXZ
+    - ?JobQueue@CWorkerThreadPool@@QAEAAVCWorkerThreadJobQueue@@XZ
+    - ?Limit@CLockList@@QAEKXZ
+    - ?Limit@CNoLockList@@QAEKXZ
+    - ?MatchAllExtensions@CFileExtension@@QAEEXZ
+    - ?MatchNoExtensions@CFileExtension@@QAEEXZ
+    - ?MergeLeft@CMemoryPoolAllocator@@IAEPAXPAX@Z
+    - ?MergeRight@CMemoryPoolAllocator@@IAEPAXPAX@Z
+    - ?NeedDelete@CWorkerThreadJob@@QAEEXZ
+    - ?NeedDeleteWhenFinish@CWorkerThreadJob@@QAEXE@Z
+    - ?NewNode@CList@@UAEPAXXZ
+    - ?NewNode@CStrList@@EAEPAXXZ
+    - ?NewNodeVariant@CList@@IAEPAXK@Z
+    - ?Next@CList@@UBEPAXQAX@Z
+    - ?Next@CLockList@@UBEPAXQAX@Z
+    - ?Next@CNoLockList@@UBEPAXQAX@Z
+    - ?NextPool@CMemoryPoolAllocator@@QAEPAV1@XZ
+    - ?NotityTerminate@CWorkerThread@@QAEXXZ
+    - ?PostJobToWorkerThread@CWorkerThreadPool@@QAEJP6GXPAX@Z0E@Z
+    - ?Pulse@CKEvent@@QAEJJE@Z
+    - ?QueueJob@CWorkerThreadJobQueue@@QAEEPAVCWorkerThreadJob@@@Z
+    - ?QueueJobItem@CWorkerThreadPool@@QAEJPAVCWorkerThreadJob@@@Z
+    - ?RCMInstance@CWorkerThreadPool@@SGPAV1@XZ
+    - ?Read@CFile@@QAEJPADKPAK@Z
+    - ?ReferenceCount@CContext@@QAEAAKXZ
+    - ?Release@CLockEvent@@QAEXXZ
+    - ?Remove@CContextList@@UAEEQAX@Z
+    - ?Remove@CList@@UAEEQAX@Z
+    - ?Remove@CLockList@@UAEEQAX@Z
+    - ?Remove@CNoLockList@@UAEEQAX@Z
+    - ?RemoveHead@CList@@UAEPAXXZ
+    - ?RemoveHead@CLockList@@UAEPAXXZ
+    - ?RemoveHead@CNoLockList@@UAEPAXXZ
+    - ?RemoveTail@CList@@UAEPAXXZ
+    - ?RemoveTail@CLockList@@UAEPAXXZ
+    - ?RemoveTail@CNoLockList@@UAEPAXXZ
+    - ?Reset@CKEvent@@QAEXXZ
+    - ?ResetData@CInclusionExtConfig@@QAEXXZ
+    - ?ResetData@CInclusionFileNameConfig@@QAEXXZ
+    - ?ResetData@CInclusionFilePathConfig@@QAEXXZ
+    - ?ResetData@CInclusionFolderConfig@@QAEXXZ
+    - ?RestoreCR0@@YGXPAX@Z
+    - ?Run@CAutoUpdateConfigThread@@UAEXXZ
+    - ?Run@CDelayLoadThread@@UAEXXZ
+    - ?Run@CWorkerThread@@UAEXXZ
+    - ?SeekToEnd@CFile@@QAEJXZ
+    - ?Set@CKEvent@@QAEJJE@Z
+    - ?SetAttributes@CFile@@QAEJK@Z
+    - ?SetBlobCofig@CContext@@UAEJKPAXK@Z
+    - ?SetData@CBlobConfig@@QAEHPAXK@Z
+    - ?SetData@CModuleFileExtConfig@@QAEHPBG@Z
+    - ?SetData@CModuleFlagConfig@@QAEHK@Z
+    - ?SetData@CModuleMultiStringConfig@@QAEHPBGK@Z
+    - ?SetData@CModuleStringConfig@@QAEHPBG@Z
+    - ?SetEngineContext@CContext@@QAEXPAX@Z
+    - ?SetFileExtensionConfig@CContext@@UAEJKPBG@Z
+    - ?SetFlagConfig@CContext@@UAEJKK@Z
+    - ?SetLinkContext@CContext@@QAEXPAX@Z
+    - ?SetLogFlag@CDebugLog@@QAEEK@Z
+    - ?SetMatchAllExtensions@CFileExtension@@QAEXE@Z
+    - ?SetMatchNoExtensions@CFileExtension@@QAEXE@Z
+    - ?SetMultiStringConfig@CContext@@UAEJKPBG@Z
+    - ?SetNewJobItemEvent@CWorkerThreadJobQueue@@QAEXXZ
+    - ?SetPriority@CSystemThread@@QAEXK@Z
+    - ?SetStopUse@CContext@@QAEXXZ
+    - ?SetStringConfig@CContext@@UAEJKPBG@Z
+    - ?Setup@CSystemThread@@MAEXXZ
+    - ?StopUse@CContext@@QAEHXZ
+    - ?TearDown@CSystemThread@@MAEXXZ
+    - ?Terminate@CSystemThread@@QAEXE@Z
+    - ?Terminate@CWorkerThreadPool@@QAEEXZ
+    - ?TmExceptionFilter@@YGJPAU_EXCEPTION_POINTERS@@@Z
+    - ?Wait@CKEvent@@QAEJPAT_LARGE_INTEGER@@E@Z
+    - ?WaitFinish@CWorkerThreadJob@@QAEXXZ
+    - ?WaitForInit@CDelayLoadThread@@QAEEXZ
+    - ?WaitForLoad@CDelayLoadThread@@QAEEXZ
+    - ?WaitNewJobAvailable@CWorkerThreadJobQueue@@QAEEXZ
+    - ?Write@CDebugLog@@QAAXPBDZZ
+    - ?Write@CFile@@QAEJPADKPAT_LARGE_INTEGER@@PAK@Z
+    - ?WriteSystemInformation@CDebugLog@@QAEXXZ
+    - ?WriteSystemStringInformation@CDebugLog@@IAEXPBG@Z
+    - ?WriteToFile@CDebugLog@@IAEXPADK@Z
+    - ?_pNonPagedAllocator@@3PAVCMemoryAllocator@@A
+    - ?_pPagedAllocator@@3PAVCMemoryAllocator@@A
+    - ?m_lpInstance@CWorkerThreadPool@@1PAV1@A
+    - ?m_lpRCMInstance@CWorkerThreadPool@@1PAV1@A
+    - _DeInitKmLPC@0
+    - _GetModuleInfoByAddress@8
+    - _GetModuleInfoByModuleName@8
+    - _InitKmLPC@0
+    - _KmCallUm@8
+    - _KmCallUmEx@12
+    - _ModGetExportProcAddress@8
+    - _ModLoadDLLToBuffer@4
+    - _ModLoadDLLToBufferWithImageSize@8
+    - _ModLoadModule@8
+    - _ModUnLoadModule@4
+    - _NormalizeFileName@4
+    - _NormalizeFullNtPathToDosName@4
+    - _TmCommConfigRoutine@4
+    - _UtilAddDeviceInDriveTable@4
+    - _UtilCleanFileReadOnly@4
+    - _UtilDeleteFileForce@4
+    - _UtilGetFileObjectForProcessByEPROC@8
+    - _UtilGetFileObjectFromFileName@12
+    - _UtilGetProcessName@12
+    - _UtilGetSystemDirectory@4
+    - _UtilGetSystemDirectoryEx@0
+    - _UtilGetSystemDirectoryLength@0
+    - _UtilGetSystemTime@4
+    - _UtilIoSetFileInfo@24
+    - _UtilIopCreateFileIRP@40
+    - _UtilKeGetLowFileDevice@16
+    - _UtilModuleIATHook@24
+    - _UtilModuleIATUnHook@8
+    - _UtilQueryKeyValue@24
+    - _UtilRemoveDeviceFromDriveTable@4
+    - _UtilVolumeDeviceToDosName@8
+    - _UtilWaitValueChangeToZero@8
+    - _UtilWriteVersionToRegistry@8
+    - _UtilbuildDynamicDiskMappingTable@0
+    - _UtlWriteBinValueKeyToRegistry@16
+    - __UtilDosPathNameToNtPathName@12
+    ImportedFunctions:
+    - wcsrchr
+    - KeSetEvent
+    - KePulseEvent
+    - KeClearEvent
+    - KeInitializeSemaphore
+    - KeWaitForSingleObject
+    - KeReleaseSemaphore
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - RtlSubAuthoritySid
+    - RtlInitializeSid
+    - ExAllocatePoolWithTag
+    - RtlLengthRequiredSid
+    - ExFreePoolWithTag
+    - RtlSetDaclSecurityDescriptor
+    - RtlCreateSecurityDescriptor
+    - RtlAddAccessAllowedAce
+    - RtlCreateAcl
+    - ObfDereferenceObject
+    - ZwSetEvent
+    - ZwClose
+    - ZwRequestWaitReplyPort
+    - ProbeForWrite
+    - ZwFreeVirtualMemory
+    - ZwAllocateVirtualMemory
+    - ObOpenObjectByPointer
+    - PsProcessType
+    - memmove
+    - ZwConnectPort
+    - RtlInitUnicodeString
+    - RtlUnicodeStringToInteger
+    - ZwCreateSection
+    - ZwWaitForSingleObject
+    - ZwOpenEvent
+    - ObfReferenceObject
+    - IoGetCurrentProcess
+    - DbgBreakPoint
+    - PsGetProcessExitTime
+    - MmSectionObjectType
+    - DbgPrint
+    - memset
+    - MmIsAddressValid
+    - ExInitializeResourceLite
+    - ExDeleteResourceLite
+    - ZwWriteFile
+    - ZwReadFile
+    - ZwQueryInformationFile
+    - ZwSetInformationFile
+    - ZwCreateFile
+    - swprintf
+    - towupper
+    - _wcsnicmp
+    - KeInitializeEvent
+    - _snprintf
+    - PsGetCurrentProcessId
+    - RtlTimeToTimeFields
+    - ExSystemTimeToLocalTime
+    - KeQuerySystemTime
+    - ZwCreateKey
+    - ZwCreateEvent
+    - KeWaitForMultipleObjects
+    - ObReferenceObjectByHandle
+    - ZwNotifyChangeKey
+    - PsGetCurrentThreadId
+    - _vsnprintf
+    - KeSetPriorityThread
+    - PsTerminateSystemThread
+    - PsCreateSystemThread
+    - KeNumberProcessors
+    - ZwQueryInformationProcess
+    - PsLookupProcessByProcessId
+    - KeDelayExecutionThread
+    - ZwOpenDirectoryObject
+    - PsSetCreateProcessNotifyRoutine
+    - ZwQuerySystemInformation
+    - ZwQueryDirectoryFile
+    - ZwQueryDirectoryObject
+    - ZwDuplicateObject
+    - ZwOpenKey
+    - ZwEnumerateKey
+    - ZwEnumerateValueKey
+    - ZwQueryValueKey
+    - ZwDeleteValueKey
+    - ZwDeleteKey
+    - ExGetPreviousMode
+    - ZwTerminateProcess
+    - ZwOpenProcess
+    - ZwQueryKey
+    - ZwSetValueKey
+    - MmHighestUserAddress
+    - IoFreeIrp
+    - memcpy
+    - MmUnlockPages
+    - IoBuildAsynchronousFsdRequest
+    - _strnicmp
+    - RtlQueryRegistryValues
+    - RtlAppendUnicodeToString
+    - mbstowcs
+    - _purecall
+    - ZwOpenSymbolicLinkObject
+    - NtClose
+    - ZwSetInformationObject
+    - _stricmp
+    - ZwUnmapViewOfSection
+    - ZwMapViewOfSection
+    - ZwOpenFile
+    - RtlEqualUnicodeString
+    - IoFileObjectType
+    - IoCreateFile
+    - IofCallDriver
+    - IoAllocateIrp
+    - MmBuildMdlForNonPagedPool
+    - IoAllocateMdl
+    - ProbeForRead
+    - PsGetVersion
+    - MmGetSystemRoutineAddress
+    - RtlCopyUnicodeString
+    - RtlCompareMemory
+    - _snwprintf
+    - RtlImageNtHeader
+    - RtlFreeUnicodeString
+    - RtlAnsiStringToUnicodeString
+    - RtlInitAnsiString
+    - strrchr
+    - ZwQueryVolumeInformationFile
+    - ObReferenceObjectByPointer
+    - ObQueryNameString
+    - IoBuildDeviceIoControlRequest
+    - IofCompleteRequest
+    - ExEventObjectType
+    - _allmul
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - IoCreateSymbolicLink
+    - IoGetDeviceObjectPointer
+    - RtlUpperChar
+    - RtlCompareUnicodeString
+    - strncpy
+    - KeServiceDescriptorTable
+    - NtOpenProcess
+    - ObOpenObjectByName
+    - IoDriverObjectType
+    - RtlAppendUnicodeStringToString
+    - strncmp
+    - NtQueryInformationProcess
+    - PsIsThreadTerminating
+    - PsThreadType
+    - KeAddSystemServiceTable
+    - ZwQueryObject
+    - ZwQuerySecurityObject
+    - ObInsertObject
+    - _allrem
+    - IoReleaseVpbSpinLock
+    - IoAcquireVpbSpinLock
+    - SeCreateAccessState
+    - IoGetFileObjectGenericMapping
+    - RtlUpcaseUnicodeString
+    - ObCreateObject
+    - _allshr
+    - ExInterlockedPopEntrySList
+    - IoGetStackLimits
+    - IoBuildSynchronousFsdRequest
+    - MmSystemRangeStart
+    - IoUnregisterPlugPlayNotification
+    - FsRtlIsNameInExpression
+    - wcsstr
+    - IoGetConfigurationInformation
+    - MmProbeAndLockPages
+    - IoGetDeviceInterfaces
+    - IoRegisterPlugPlayNotification
+    - ExAllocatePool
+    - RtlFreeAnsiString
+    - RtlUnicodeStringToAnsiString
+    - strncat
+    - wcschr
+    - wcsncat
+    - KeCancelTimer
+    - KeSetTimerEx
+    - KeInitializeTimer
+    - wcstombs
+    - KeTickCount
+    - KeBugCheckEx
+    - RtlUnwind
+    - wcsncpy
+    - ExReleaseResourceLite
+    - ExAcquireResourceExclusiveLite
+    - ExAcquireResourceSharedLite
+    - ExReleaseFastMutexUnsafe
+    - KeLeaveCriticalRegion
+    - KeEnterCriticalRegion
+    - IoFreeMdl
+    - ExAcquireFastMutexUnsafe
+    - ZwSetSecurityObject
+    - IoDeviceObjectType
+    - IoCreateDevice
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetSaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - RtlLengthSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - SeExports
+    - IoIsWdmVersionAvailable
+    - RtlLengthSid
+    - RtlAbsoluteToSelfRelativeSD
+    - ZwQuerySymbolicLinkObject
+    - KeGetCurrentThread
+    - KfAcquireSpinLock
+    - KfReleaseSpinLock
+    - KeRaiseIrqlToDpcLevel
+    - KfLowerIrql
+    - KeGetCurrentIrql
+    - ExAcquireFastMutex
+    - ExReleaseFastMutex
+    - KfRaiseIrql
+    - ClassInitialize
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G3
+            ValidFrom: '2012-05-01 00:00:00'
+            ValidTo: '2012-12-31 23:59:59'
+            Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
+            Version: 3
+            TBS:
+                MD5: e6d820afb23af20a65cf0b03247ea05e
+                SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
+                SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
+                SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-09-30 00:00:00'
+            ValidTo: '2014-01-01 23:59:59'
+            Signature: aedd211d5f8f807ad25209eadb6ed25d8be8c21b6904be51a5010e59fa37d174a3eedced89742b62d5a6bf4fad361754f013e0a345d24c26cbe26da21fd01e7a070fb6b37b6f5068a2e931b3b7997d8070a0a7de0b1ea4fff34d811bdd20c91cc4afcff18ffad9da95f0ecdc5cbfe88c5a3e7ab0a3eb59437411e09b1a6af36f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4d6290e58c54f0f1eb17341a1310e6a4
+            Version: 3
+            TBS:
+                MD5: b7d8444a70054990435f35a5630df5e1
+                SHA1: 4678c6e4a8787a8e6ed2bce8792b122f6c08afd8
+                SHA256: 0a8b4b359ea7890b358e56e436e9cfc6f32b037b2599b597ca7f7a80d475ec98
+                SHA384: ab21ee23bcdcf6f6066fb964d61467419ca8c0f3ad0b3fa2be4db6ed6af1cdff066b27d1988551c75836f22eddffef1f
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=TW, ST=Taiwan, L=Taipei, O=Trend Micro, Inc., OU=Digital ID
+                Class 3 , Microsoft Software Validation v2, OU=RD, CN=Trend Micro,
+                Inc.
+            ValidFrom: '2011-12-27 00:00:00'
+            ValidTo: '2013-02-15 23:59:59'
+            Signature: 840ba0fc35187fe2edc7b17c101fd2bf035bbad8f3de048e250741e96a3f4ecee86f1f065ea76f2f8f430a13a75ff3eab29a8b11a13006d27bf3173fa49aabf9cef98fc4554f1732317c4b821c740eb58a91977d85e86574dd712718b15d24f7eb88b6d4520aef788478e1ef8cebd7fff06fadbc87ca6ca2b77da85be3c30b4d590bcb8945a0acfa013f89073933494d9c465c0036280a5af39f6802e60bd175a2603366dd935cb3458b1791411a06b6e5f38e3171de4238051c79b33117cb94674d0625c402bdfb0f99b80625dc0f827911c6c11263884a4e41d1abf60070ad46b7296e19e1cfcda7304a650d7a814319cc11e5a947e82b2d00a169e798b871
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 6326c00ead256b6837eeb29b5ee84720
+            Version: 3
+            TBS:
+                MD5: 11b208a45459069f827186fe81c6badd
+                SHA1: 456356986e8ecbb7b05e4617d37cb8cd69ce4969
+                SHA256: 4a0336d7ffa5db42ece4b342e1244f5c2bd0681827f68f847d99195c83740145
+                SHA384: 8a5edd0f475b19f4667fde62ee69bbe81a130ddad07ff7cbeb16d4bd9bddd3aa1e59f2469cc15c01e8889e01b048778d
+        Signer:
+        -   SerialNumber: 6326c00ead256b6837eeb29b5ee84720
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 03cc0cf6cc93ab1faa8dd44481e28703
+        SHA1: 7c749d49c0677c330200d6fcd0e2da5232be0970
+        SHA256: 8ff0549239941077a9cfd73a1d1e0ca0a20d4df41e2b9d249e6115f9bc1857b4
+    Sections:
+        .text:
+            Entropy: 6.6583207542592655
+            Virtual Size: '0x2e594'
+        .rdata:
+            Entropy: 4.705135847053364
+            Virtual Size: '0x1cec'
+        .data:
+            Entropy: 4.493079171005889
+            Virtual Size: '0x271c'
+        PAGE:
+            Entropy: 6.211668374305894
+            Virtual Size: '0x13dd'
+        .edata:
+            Entropy: 5.851455994455444
+            Virtual Size: '0x4c13'
+        INIT:
+            Entropy: 5.69306663400132
+            Virtual Size: '0x15da'
+        .rsrc:
+            Entropy: 3.4183381525203025
+            Virtual Size: '0x778'
+        .reloc:
+            Entropy: 6.567369227688049
+            Virtual Size: '0x2b36'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2012-06-05 01:36:19'
+    Imphash: 2e9ef79ea88178e29516dfa435a58900
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: TmComm.sys
+    MD5: e28ce623e3e5fa1d2fe16c721efad4c2
+    SHA1: 4cd5bf02edf6883a08dfed7702267612e21ed56e
+    SHA256: dbc604b4e01362a3e51357af4a87686834fe913852a4e0a8c0d4c1a0f7d076ed
+    Authentihash:
+        MD5: ae1b6ea856ae1be7cf1929618e5d78ad
+        SHA1: 93d07ce0258ae8595833b8c5c6aee14b1a210405
+        SHA256: 6d6fe20c9f7ccfe723bf7feecb5acf773a85cb61286452dc4001589f82b1a424
+    Description: TrendMicro Common Module
+    Company: Trend Micro Inc.
+    InternalName: TmComm.sys
+    OriginalFilename: TmComm.sys
+    FileVersion: 6.50.0.1041
+    Product: Trend Micro Eyes
+    ProductVersion: '6.50'
+    Copyright: Copyright (C) 2014 Trend Micro Incorporated. All rights reserved.
+    MachineType: I386
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    - CLASSPNP.SYS
+    ExportedFunctions:
+    - ??0CAutoUpdateConfigThread@@QAE@ABV0@@Z
+    - ??0CAutoUpdateConfigThread@@QAE@PAU_UNICODE_STRING@@P6GX0PAX@Z1@Z
+    - ??0CBlobConfig@@QAE@ABV0@@Z
+    - ??0CBlobConfig@@QAE@K@Z
+    - ??0CContext@@QAE@ABV0@@Z
+    - ??0CContext@@QAE@KP6GJPAU_EVENT_REPORT@@PAXPAU_TMCE_REPORT@@PAU_TMCE_FEEDBACK@@@Z1K@Z
+    - ??0CContextList@@QAE@ABV0@@Z
+    - ??0CContextList@@QAE@KPAVIMemoryAllocator@@@Z
+    - ??0CDebugLog@@QAE@ABV0@@Z
+    - ??0CDebugLog@@QAE@PBG@Z
+    - ??0CDebugLogEx@@QAE@ABV0@@Z
+    - ??0CDebugLogEx@@QAE@K@Z
+    - ??0CDelayLoadThread@@QAE@ABV0@@Z
+    - ??0CDelayLoadThread@@QAE@XZ
+    - ??0CExclusionExtConfig@@QAE@ABV0@@Z
+    - ??0CExclusionExtConfig@@QAE@KKE@Z
+    - ??0CExclusionFileNameConfig@@QAE@ABV0@@Z
+    - ??0CExclusionFileNameConfig@@QAE@KK@Z
+    - ??0CExclusionFilePathConfig@@QAE@ABV0@@Z
+    - ??0CExclusionFilePathConfig@@QAE@KK@Z
+    - ??0CExclusionFolderConfig@@QAE@ABV0@@Z
+    - ??0CExclusionFolderConfig@@QAE@KK@Z
+    - ??0CExclusionRegistryConfig@@QAE@ABV0@@Z
+    - ??0CExclusionRegistryConfig@@QAE@KK@Z
+    - ??0CFile@@QAE@ABV0@@Z
+    - ??0CFile@@QAE@E@Z
+    - ??0CFileExtension@@QAE@ABV0@@Z
+    - ??0CFileExtension@@QAE@KEEPAVIMemoryAllocator@@@Z
+    - ??0CInclusionExtConfig@@QAE@ABV0@@Z
+    - ??0CInclusionExtConfig@@QAE@KKE@Z
+    - ??0CInclusionFileNameConfig@@QAE@ABV0@@Z
+    - ??0CInclusionFileNameConfig@@QAE@KK@Z
+    - ??0CInclusionFilePathConfig@@QAE@ABV0@@Z
+    - ??0CInclusionFilePathConfig@@QAE@KK@Z
+    - ??0CInclusionFolderConfig@@QAE@ABV0@@Z
+    - ??0CInclusionFolderConfig@@QAE@KK@Z
+    - ??0CKEvent@@QAE@ABV0@@Z
+    - ??0CKEvent@@QAE@W4_EVENT_TYPE@@E@Z
+    - ??0CList@@QAE@ABV0@@Z
+    - ??0CList@@QAE@KPAVIMemoryAllocator@@@Z
+    - ??0CLockEvent@@QAE@ABV0@@Z
+    - ??0CLockEvent@@QAE@XZ
+    - ??0CLockList@@QAE@ABV0@@Z
+    - ??0CLockList@@QAE@KKPAVIMemoryAllocator@@@Z
+    - ??0CMemoryAllocator@@IAE@W4_POOL_TYPE@@K@Z
+    - ??0CMemoryAllocator@@QAE@ABV0@@Z
+    - ??0CMemoryPoolAllocator@@IAE@W4_POOL_TYPE@@KKK@Z
+    - ??0CMemoryPoolAllocator@@QAE@ABV0@@Z
+    - ??0CModuleConfig@@QAE@ABV0@@Z
+    - ??0CModuleConfig@@QAE@XZ
+    - ??0CModuleConfigList@@QAE@ABV0@@Z
+    - ??0CModuleConfigList@@QAE@KPAVIMemoryAllocator@@@Z
+    - ??0CModuleFileExtConfig@@QAE@ABV0@@Z
+    - ??0CModuleFileExtConfig@@QAE@KKE@Z
+    - ??0CModuleFlagConfig@@QAE@ABV0@@Z
+    - ??0CModuleFlagConfig@@QAE@K@Z
+    - ??0CModuleMultiStringConfig@@QAE@ABV0@@Z
+    - ??0CModuleMultiStringConfig@@QAE@KK@Z
+    - ??0CModuleStringConfig@@QAE@ABV0@@Z
+    - ??0CModuleStringConfig@@QAE@K@Z
+    - ??0CNoLockList@@QAE@ABV0@@Z
+    - ??0CNoLockList@@QAE@KKPAVIMemoryAllocator@@@Z
+    - ??0CSmartLock@@QAE@AAVCLockEvent@@@Z
+    - ??0CSmartLock@@QAE@XZ
+    - ??0CSmartReference@@QAE@AAJ@Z
+    - ??0CSmartReference@@QAE@AAK@Z
+    - ??0CSmartResource@@QAE@AAVCResource@@E@Z
+    - ??0CStrList@@QAE@ABV0@@Z
+    - ??0CStrList@@QAE@KPAVIMemoryAllocator@@@Z
+    - ??0CSystemThread@@QAE@ABV0@@Z
+    - ??0CSystemThread@@QAE@K@Z
+    - ??0CUserFuncAdapterJob@@QAE@ABV0@@Z
+    - ??0CUserFuncAdapterJob@@QAE@P6GXPAX@Z01@Z
+    - ??0CWorkerThread@@IAE@PAVCWorkerThreadJobQueue@@@Z
+    - ??0CWorkerThread@@QAE@ABV0@@Z
+    - ??0CWorkerThreadJob@@QAE@ABV0@@Z
+    - ??0CWorkerThreadJob@@QAE@E@Z
+    - ??0CWorkerThreadJobQueue@@QAE@ABV0@@Z
+    - ??0CWorkerThreadJobQueue@@QAE@K@Z
+    - ??0CWorkerThreadPool@@QAE@ABV0@@Z
+    - ??0CWorkerThreadPool@@QAE@K@Z
+    - ??0CWorkerThreadPoolEx@@QAE@ABV0@@Z
+    - ??0CWorkerThreadPoolEx@@QAE@KK@Z
+    - ??0IMemoryAllocator@@QAE@ABV0@@Z
+    - ??0IMemoryAllocator@@QAE@XZ
+    - ??1CAutoUpdateConfigThread@@UAE@XZ
+    - ??1CBlobConfig@@UAE@XZ
+    - ??1CContext@@UAE@XZ
+    - ??1CContextList@@UAE@XZ
+    - ??1CDebugLog@@UAE@XZ
+    - ??1CDebugLogEx@@UAE@XZ
+    - ??1CDelayLoadThread@@UAE@XZ
+    - ??1CExclusionExtConfig@@UAE@XZ
+    - ??1CExclusionFileNameConfig@@UAE@XZ
+    - ??1CExclusionFilePathConfig@@UAE@XZ
+    - ??1CExclusionFolderConfig@@UAE@XZ
+    - ??1CExclusionRegistryConfig@@UAE@XZ
+    - ??1CFile@@UAE@XZ
+    - ??1CFileExtension@@UAE@XZ
+    - ??1CInclusionExtConfig@@UAE@XZ
+    - ??1CInclusionFileNameConfig@@UAE@XZ
+    - ??1CInclusionFilePathConfig@@UAE@XZ
+    - ??1CInclusionFolderConfig@@UAE@XZ
+    - ??1CKEvent@@UAE@XZ
+    - ??1CList@@UAE@XZ
+    - ??1CLockEvent@@UAE@XZ
+    - ??1CLockList@@UAE@XZ
+    - ??1CMemoryAllocator@@UAE@XZ
+    - ??1CMemoryPoolAllocator@@UAE@XZ
+    - ??1CModuleConfig@@UAE@XZ
+    - ??1CModuleConfigList@@UAE@XZ
+    - ??1CModuleFileExtConfig@@UAE@XZ
+    - ??1CModuleFlagConfig@@UAE@XZ
+    - ??1CModuleMultiStringConfig@@UAE@XZ
+    - ??1CModuleStringConfig@@UAE@XZ
+    - ??1CNoLockList@@UAE@XZ
+    - ??1CSmartLock@@QAE@XZ
+    - ??1CSmartReference@@QAE@XZ
+    - ??1CSmartResource@@QAE@XZ
+    - ??1CStrList@@UAE@XZ
+    - ??1CSystemThread@@UAE@XZ
+    - ??1CUserFuncAdapterJob@@UAE@XZ
+    - ??1CWorkerThread@@UAE@XZ
+    - ??1CWorkerThreadJob@@UAE@XZ
+    - ??1CWorkerThreadJobQueue@@UAE@XZ
+    - ??1CWorkerThreadPool@@UAE@XZ
+    - ??1CWorkerThreadPoolEx@@UAE@XZ
+    - ??1IMemoryAllocator@@UAE@XZ
+    - ??2@YAPAXIPAVIMemoryAllocator@@PBDK@Z
+    - ??2CMemoryAllocator@@SGPAXI@Z
+    - ??2CMemoryPoolAllocator@@SGPAXI@Z
+    - ??3@YAXPAX@Z
+    - ??3IMemoryAllocator@@SGXPAX@Z
+    - ??4CAutoUpdateConfigThread@@QAEAAV0@ABV0@@Z
+    - ??4CBlobConfig@@QAEAAV0@ABV0@@Z
+    - ??4CContext@@QAEAAV0@ABV0@@Z
+    - ??4CDebugLog@@QAEAAV0@ABV0@@Z
+    - ??4CDebugLogEx@@QAEAAV0@ABV0@@Z
+    - ??4CDelayLoadThread@@QAEAAV0@ABV0@@Z
+    - ??4CFile@@QAEAAV0@ABV0@@Z
+    - ??4CKEvent@@QAEAAV0@ABV0@@Z
+    - ??4CLockEvent@@QAEAAV0@ABV0@@Z
+    - ??4CMemoryAllocator@@QAEAAV0@ABV0@@Z
+    - ??4CMemoryPoolAllocator@@QAEAAV0@ABV0@@Z
+    - ??4CModuleConfig@@QAEAAV0@ABV0@@Z
+    - ??4CModuleFlagConfig@@QAEAAV0@ABV0@@Z
+    - ??4CModuleStringConfig@@QAEAAV0@ABV0@@Z
+    - ??4CSmartLock@@QAEAAV0@ABV0@@Z
+    - ??4CSmartLock@@QAEABV0@AAVCLockEvent@@@Z
+    - ??4CSmartResource@@QAEAAV0@ABV0@@Z
+    - ??4CSystemThread@@QAEAAV0@ABV0@@Z
+    - ??4CUserFuncAdapterJob@@QAEAAV0@ABV0@@Z
+    - ??4CWorkerThread@@QAEAAV0@ABV0@@Z
+    - ??4CWorkerThreadJob@@QAEAAV0@ABV0@@Z
+    - ??4IMemoryAllocator@@QAEAAV0@ABV0@@Z
+    - ??_7CAutoUpdateConfigThread@@6B@
+    - ??_7CBlobConfig@@6B@
+    - ??_7CContext@@6B@
+    - ??_7CContextList@@6B@
+    - ??_7CDebugLog@@6B@
+    - ??_7CDebugLogEx@@6B@
+    - ??_7CDelayLoadThread@@6B@
+    - ??_7CExclusionExtConfig@@6B@
+    - ??_7CExclusionFileNameConfig@@6B@
+    - ??_7CExclusionFilePathConfig@@6B@
+    - ??_7CExclusionFolderConfig@@6B@
+    - ??_7CExclusionRegistryConfig@@6B@
+    - ??_7CFile@@6B@
+    - ??_7CFileExtension@@6B@
+    - ??_7CInclusionExtConfig@@6B@
+    - ??_7CInclusionFileNameConfig@@6B@
+    - ??_7CInclusionFilePathConfig@@6B@
+    - ??_7CInclusionFolderConfig@@6B@
+    - ??_7CKEvent@@6B@
+    - ??_7CList@@6B@
+    - ??_7CLockEvent@@6B@
+    - ??_7CLockList@@6B@
+    - ??_7CMemoryAllocator@@6B@
+    - ??_7CMemoryPoolAllocator@@6B@
+    - ??_7CModuleConfig@@6B@
+    - ??_7CModuleConfigList@@6B@
+    - ??_7CModuleFileExtConfig@@6B@
+    - ??_7CModuleFlagConfig@@6B@
+    - ??_7CModuleMultiStringConfig@@6B@
+    - ??_7CModuleStringConfig@@6B@
+    - ??_7CNoLockList@@6B@
+    - ??_7CStrList@@6B@
+    - ??_7CSystemThread@@6B@
+    - ??_7CUserFuncAdapterJob@@6B@
+    - ??_7CWorkerThread@@6B@
+    - ??_7CWorkerThreadJob@@6B@
+    - ??_7CWorkerThreadJobQueue@@6B@
+    - ??_7CWorkerThreadPool@@6B@
+    - ??_7CWorkerThreadPoolEx@@6B@
+    - ??_7IMemoryAllocator@@6B@
+    - ??_FCContextList@@QAEXXZ
+    - ??_FCFile@@QAEXXZ
+    - ??_FCFileExtension@@QAEXXZ
+    - ??_FCModuleConfigList@@QAEXXZ
+    - ??_FCStrList@@QAEXXZ
+    - ??_FCSystemThread@@QAEXXZ
+    - ??_FCWorkerThread@@QAEXXZ
+    - ??_FCWorkerThreadJob@@QAEXXZ
+    - ??_FCWorkerThreadJobQueue@@QAEXXZ
+    - ??_U@YAPAXIPAVIMemoryAllocator@@PBDK@Z
+    - ??_V@YAXPAX@Z
+    - ?Acquire@CLockEvent@@QAEXXZ
+    - ?Add@CContextList@@QAEEPAVCContext@@@Z
+    - ?Add@CFileExtension@@QAEEPBGK@Z
+    - ?Add@CModuleConfigList@@QAEEPAVCModuleConfig@@@Z
+    - ?Add@CStrList@@QAEEPBG@Z
+    - ?AddNode@CLockList@@UAEEQAXE@Z
+    - ?AddNode@CNoLockList@@UAEEQAXE@Z
+    - ?Alloc@CMemoryAllocator@@UAEPAXKPBDK@Z
+    - ?Alloc@CMemoryPoolAllocator@@UAEPAXKPBDK@Z
+    - ?AllocBlock@CMemoryPoolAllocator@@IAEPAXK@Z
+    - ?AttachJobQueue@CWorkerThread@@QAEXPAVCWorkerThreadJobQueue@@@Z
+    - ?Cancel@CWorkerThreadJob@@QAEXXZ
+    - ?CheckNode@CLockList@@UAEHQAX@Z
+    - ?CheckNode@CNoLockList@@UAEHQAX@Z
+    - ?CleanQueue@CWorkerThreadJobQueue@@QAEXXZ
+    - ?Cleanup@CBlobConfig@@AAEXXZ
+    - ?Cleanup@CModuleFileExtConfig@@IAEXXZ
+    - ?Cleanup@CModuleMultiStringConfig@@IAEXXZ
+    - ?Cleanup@CModuleStringConfig@@AAEXXZ
+    - ?Close@CFile@@QAEJXZ
+    - ?Count@CLockList@@QAEKXZ
+    - ?Count@CNoLockList@@QAEKXZ
+    - ?Create@CFile@@QAEJPBGKKKK@Z
+    - ?Create@CSystemThread@@QAEEXZ
+    - ?CreateInstance@CMemoryAllocator@@SGPAV1@W4_POOL_TYPE@@K@Z
+    - ?CreateInstance@CMemoryPoolAllocator@@SGPAV1@W4_POOL_TYPE@@KKK@Z
+    - ?CreatePool@CWorkerThreadPool@@QAEEXZ
+    - ?CreatePool@CWorkerThreadPoolEx@@QAEEXZ
+    - ?CreateThreads@CWorkerThreadPool@@QAEEK@Z
+    - ?CreateThreads@CWorkerThreadPoolEx@@QAEEK@Z
+    - ?CreateWIRP@CFile@@QAEJPBGKKKK@Z
+    - ?Delete@CFile@@QAEJXZ
+    - ?Delete@CFileExtension@@QAEEPBGK@Z
+    - ?Delete@CStrList@@QAEEPBG@Z
+    - ?DeleteAll@CList@@UAEXXZ
+    - ?DeleteAll@CLockList@@UAEXXZ
+    - ?DeleteAll@CNoLockList@@UAEXXZ
+    - ?DeleteNode@CContextList@@MAEXPAX@Z
+    - ?DeleteNode@CList@@UAEXPAX@Z
+    - ?DeleteNode@CModuleConfigList@@MAEXPAX@Z
+    - ?DeleteNode@CStrList@@EAEXPAU_STR_LIST_NODE@1@@Z
+    - ?DisableWriteProtectFromCR0@@YGXPAPAX@Z
+    - ?DoIt@CWorkerThreadJob@@QAEJXZ
+    - ?EntryPoint@CSystemThread@@KGXPAX@Z
+    - ?Find@CContextList@@QAEPAVCContext@@K@Z
+    - ?Find@CContextList@@QAEPAVCContext@@PAX@Z
+    - ?Find@CFileExtension@@QAEPAU_STR_LIST_NODE@CStrList@@PBGK@Z
+    - ?Find@CModuleConfigList@@QAEPAVCModuleConfig@@K@Z
+    - ?Find@CStrList@@QAEPAU_STR_LIST_NODE@1@PBG@Z
+    - ?FindNode@CContextList@@IAEPAXPAX@Z
+    - ?FindPartiallyAndAllMatch@CStrList@@QAEPAU_STR_LIST_NODE@1@PBG@Z
+    - ?FinishFunction@CUserFuncAdapterJob@@MAEXXZ
+    - ?FinishIt@CWorkerThreadJob@@QAEJXZ
+    - ?First@CList@@UAEPAXXZ
+    - ?First@CLockList@@UAEPAXXZ
+    - ?First@CNoLockList@@UAEPAXXZ
+    - ?Free@CMemoryAllocator@@UAEXPAX@Z
+    - ?Free@CMemoryPoolAllocator@@UAEXPAX@Z
+    - ?GetAttributes@CFile@@QAEKXZ
+    - ?GetBasicInfomration@CFile@@IAEJXZ
+    - ?GetBlobCofig@CContext@@UAEJKPAXPAK@Z
+    - ?GetCategory@CContext@@QAEKXZ
+    - ?GetData@CBlobConfig@@QAEHPAXPAK@Z
+    - ?GetData@CModuleFileExtConfig@@QAEHPAGPAK@Z
+    - ?GetData@CModuleFileExtConfig@@QAEPAVCFileExtension@@XZ
+    - ?GetData@CModuleFlagConfig@@QAEKXZ
+    - ?GetData@CModuleMultiStringConfig@@QAEHPAGPAK@Z
+    - ?GetData@CModuleMultiStringConfig@@QAEPAVCStrList@@XZ
+    - ?GetData@CModuleStringConfig@@QAEPAGXZ
+    - ?GetData@CStrList@@QAEEPAGPAK@Z
+    - ?GetDataType@CModuleConfig@@QAEKXZ
+    - ?GetEngineContext@CContext@@QAEPAXXZ
+    - ?GetFileExtensionConfig@CContext@@QAEPAVCFileExtension@@K@Z
+    - ?GetFileExtensionConfig@CContext@@UAEJKPAGPAK@Z
+    - ?GetFileSize@CFile@@QAEJPAT_LARGE_INTEGER@@@Z
+    - ?GetFileSizeWIRP@CFile@@QAEJPAT_LARGE_INTEGER@@@Z
+    - ?GetFlagConfig@CContext@@UAEJKPAK@Z
+    - ?GetID@CModuleConfig@@QAEKXZ
+    - ?GetJob@CWorkerThreadJobQueue@@QAEPAVCWorkerThreadJob@@XZ
+    - ?GetLength@CModuleStringConfig@@QAEKXZ
+    - ?GetLinkContext@CContext@@QAEPAXXZ
+    - ?GetLogFlag@CDebugLog@@QAEKXZ
+    - ?GetLogFlag@CDebugLogEx@@QAEKXZ
+    - ?GetModuleId@CModuleConfig@@QAEKXZ
+    - ?GetMultiStringConfig@CContext@@QAEPAVCStrList@@K@Z
+    - ?GetMultiStringConfig@CContext@@UAEJKPAGPAK@Z
+    - ?GetOneThreadTEB@CWorkerThreadPool@@QAEPAU_ETHREAD@@XZ
+    - ?GetOneThreadTEB@CWorkerThreadPool@@QAEPAU_KTHREAD@@XZ
+    - ?GetOneThreadTEB@CWorkerThreadPoolEx@@QAEPAU_ETHREAD@@XZ
+    - ?GetOneThreadTEB@CWorkerThreadPoolEx@@QAEPAU_KTHREAD@@XZ
+    - ?GetReportCallBackRoutine@CContext@@QAEKXZ
+    - ?GetSize@CBlobConfig@@QAEKXZ
+    - ?GetStringConfig@CContext@@QAEPAGK@Z
+    - ?GetStringConfig@CContext@@UAEJKPAGPAK@Z
+    - ?GetThreadCount@CWorkerThreadPool@@QAEKXZ
+    - ?GetThreadCount@CWorkerThreadPoolEx@@QAEKXZ
+    - ?GetThreadID@CSystemThread@@QAEKXZ
+    - ?GetType@CContext@@QAEKXZ
+    - ?GetUserParameter@CContext@@QAEKXZ
+    - ?InitProcMon@CDebugLogEx@@IAEXXZ
+    - ?InitializeBlobConfig@CContext@@QAEHKPAXK@Z
+    - ?InitializeFileExtensionConfig@CContext@@QAEHKPBG@Z
+    - ?InitializeFlagConfig@CContext@@QAEHKK@Z
+    - ?InitializeMultiStringConfig@CContext@@QAEHKPBG@Z
+    - ?InitializeStringConfig@CContext@@QAEHKPBG@Z
+    - ?Insert@CList@@UAEXQAXE@Z
+    - ?Insert@CLockList@@UAEXQAXE@Z
+    - ?Insert@CNoLockList@@UAEXQAXE@Z
+    - ?InsertAfter@CList@@UAEXPAX0@Z
+    - ?InsertBefore@CList@@UAEXPAX0@Z
+    - ?Instance@CWorkerThreadPool@@SGPAV1@XZ
+    - ?IsEmpty@CList@@UAEEXZ
+    - ?IsEmpty@CLockList@@UAEEXZ
+    - ?IsEmpty@CNoLockList@@UAEEXZ
+    - ?IsExceedLimitation@CMemoryPoolAllocator@@IAEEK@Z
+    - ?IsFull@CLockList@@QBEEXZ
+    - ?IsFull@CNoLockList@@QBEEXZ
+    - ?IsInExclusionList@CExclusionExtConfig@@QAEEPBG@Z
+    - ?IsInExclusionList@CExclusionFileNameConfig@@QAEEPBG@Z
+    - ?IsInExclusionList@CExclusionFilePathConfig@@QAEEPBG@Z
+    - ?IsInExclusionList@CExclusionFolderConfig@@QAEEPBG@Z
+    - ?IsInExclusionList@CExclusionRegistryConfig@@QAEEPBG@Z
+    - ?IsInInclusionList@CInclusionExtConfig@@QAEEPBG@Z
+    - ?IsInInclusionList@CInclusionFileNameConfig@@QAEEPBG@Z
+    - ?IsInInclusionList@CInclusionFilePathConfig@@QAEEPBG@Z
+    - ?IsInInclusionList@CInclusionFolderConfig@@QAEEPBG@Z
+    - ?IsOpened@CFile@@QAEEXZ
+    - ?IsTerminated@CWorkerThreadPool@@QAEEXZ
+    - ?IsTerminated@CWorkerThreadPoolEx@@QAEEXZ
+    - ?IsValid@CMemoryAllocator@@UAEEXZ
+    - ?IsValid@CMemoryPoolAllocator@@UAEEXZ
+    - ?IsValid@IMemoryAllocator@@UAEEXZ
+    - ?IsWorkerThread@CWorkerThreadPool@@QAEEK@Z
+    - ?IsWorkerThread@CWorkerThreadPoolEx@@QAEEK@Z
+    - ?JobFunction@CUserFuncAdapterJob@@MAEXXZ
+    - ?JobQueue@CWorkerThreadPool@@QAEAAVCWorkerThreadJobQueue@@XZ
+    - ?JobQueue@CWorkerThreadPoolEx@@QAEAAVCWorkerThreadJobQueue@@XZ
+    - ?Limit@CLockList@@QAEKXZ
+    - ?Limit@CNoLockList@@QAEKXZ
+    - ?MatchAllExtensions@CFileExtension@@QAEEXZ
+    - ?MatchNoExtensions@CFileExtension@@QAEEXZ
+    - ?MergeLeft@CMemoryPoolAllocator@@IAEPAXPAX@Z
+    - ?MergeRight@CMemoryPoolAllocator@@IAEPAXPAX@Z
+    - ?NeedDelete@CWorkerThreadJob@@QAEEXZ
+    - ?NeedDeleteWhenFinish@CWorkerThreadJob@@QAEXE@Z
+    - ?NewNode@CList@@UAEPAXXZ
+    - ?NewNode@CStrList@@EAEPAXXZ
+    - ?NewNodeVariant@CList@@IAEPAXK@Z
+    - ?Next@CList@@UBEPAXQAX@Z
+    - ?Next@CLockList@@UBEPAXQAX@Z
+    - ?Next@CNoLockList@@UBEPAXQAX@Z
+    - ?NextPool@CMemoryPoolAllocator@@QAEPAV1@XZ
+    - ?NotityTerminate@CWorkerThread@@QAEXXZ
+    - ?PostJobToWorkerThread@CWorkerThreadPool@@QAEJP6GXPAX@Z0E@Z
+    - ?PostJobToWorkerThread@CWorkerThreadPoolEx@@QAEJP6GXPAX@Z0E1@Z
+    - ?Pulse@CKEvent@@QAEJJE@Z
+    - ?QueueJob@CWorkerThreadJobQueue@@QAEEPAVCWorkerThreadJob@@@Z
+    - ?QueueJobItem@CWorkerThreadPool@@QAEJPAVCWorkerThreadJob@@@Z
+    - ?QueueJobItem@CWorkerThreadPoolEx@@QAEJPAVCWorkerThreadJob@@@Z
+    - ?RCMInstance@CWorkerThreadPool@@SGPAV1@XZ
+    - ?Read@CFile@@QAEJPADKPAK@Z
+    - ?ReadWIRP@CFile@@QAEJPADKPAK@Z
+    - ?ReferenceCount@CContext@@QAEAAKXZ
+    - ?Release@CLockEvent@@QAEXXZ
+    - ?Remove@CContextList@@UAEEQAX@Z
+    - ?Remove@CList@@UAEEQAX@Z
+    - ?Remove@CLockList@@UAEEQAX@Z
+    - ?Remove@CNoLockList@@UAEEQAX@Z
+    - ?RemoveHead@CList@@UAEPAXXZ
+    - ?RemoveHead@CLockList@@UAEPAXXZ
+    - ?RemoveHead@CNoLockList@@UAEPAXXZ
+    - ?RemoveTail@CList@@UAEPAXXZ
+    - ?RemoveTail@CLockList@@UAEPAXXZ
+    - ?RemoveTail@CNoLockList@@UAEPAXXZ
+    - ?Reset@CKEvent@@QAEXXZ
+    - ?ResetData@CInclusionExtConfig@@QAEXXZ
+    - ?ResetData@CInclusionFileNameConfig@@QAEXXZ
+    - ?ResetData@CInclusionFilePathConfig@@QAEXXZ
+    - ?ResetData@CInclusionFolderConfig@@QAEXXZ
+    - ?RestoreCR0@@YGXPAX@Z
+    - ?Run@CAutoUpdateConfigThread@@UAEXXZ
+    - ?Run@CDelayLoadThread@@UAEXXZ
+    - ?Run@CWorkerThread@@UAEXXZ
+    - ?SeekToEnd@CFile@@QAEJXZ
+    - ?Set@CKEvent@@QAEJJE@Z
+    - ?SetAttributes@CFile@@QAEJK@Z
+    - ?SetBlobCofig@CContext@@UAEJKPAXK@Z
+    - ?SetData@CBlobConfig@@QAEHPAXK@Z
+    - ?SetData@CModuleFileExtConfig@@QAEHPBG@Z
+    - ?SetData@CModuleFlagConfig@@QAEHK@Z
+    - ?SetData@CModuleMultiStringConfig@@QAEHPBGK@Z
+    - ?SetData@CModuleStringConfig@@QAEHPBG@Z
+    - ?SetEngineContext@CContext@@QAEXPAX@Z
+    - ?SetFileExtensionConfig@CContext@@UAEJKPBG@Z
+    - ?SetFlagConfig@CContext@@UAEJKK@Z
+    - ?SetLinkContext@CContext@@QAEXPAX@Z
+    - ?SetLogFlag@CDebugLog@@QAEEK@Z
+    - ?SetLogFlag@CDebugLogEx@@QAEEK@Z
+    - ?SetMatchAllExtensions@CFileExtension@@QAEXE@Z
+    - ?SetMatchNoExtensions@CFileExtension@@QAEXE@Z
+    - ?SetMultiStringConfig@CContext@@UAEJKPBG@Z
+    - ?SetNewJobItemEvent@CWorkerThreadJobQueue@@QAEXXZ
+    - ?SetPriority@CSystemThread@@QAEXK@Z
+    - ?SetStopUse@CContext@@QAEXXZ
+    - ?SetStringConfig@CContext@@UAEJKPBG@Z
+    - ?Setup@CSystemThread@@MAEXXZ
+    - ?StopUse@CContext@@QAEHXZ
+    - ?TearDown@CSystemThread@@MAEXXZ
+    - ?Terminate@CSystemThread@@QAEXE@Z
+    - ?Terminate@CWorkerThreadPool@@QAEEXZ
+    - ?Terminate@CWorkerThreadPoolEx@@QAEEXZ
+    - ?TmExceptionFilter@@YGJPAU_EXCEPTION_POINTERS@@@Z
+    - ?Wait@CKEvent@@QAEJPAT_LARGE_INTEGER@@E@Z
+    - ?WaitFinish@CWorkerThreadJob@@QAEXXZ
+    - ?WaitForInit@CDelayLoadThread@@QAEEXZ
+    - ?WaitForLoad@CDelayLoadThread@@QAEEXZ
+    - ?WaitNewJobAvailable@CWorkerThreadJobQueue@@QAEEXZ
+    - ?WaitQueueEmpty@CWorkerThreadJobQueue@@QAEXXZ
+    - ?Write@CDebugLog@@QAAXPBDZZ
+    - ?Write@CDebugLogEx@@QAAXPBDZZ
+    - ?Write@CFile@@QAEJPADKPAT_LARGE_INTEGER@@PAK@Z
+    - ?WriteDataToFile@CDebugLogEx@@IAEXPADK@Z
+    - ?WriteDataToProcMonW@CDebugLogEx@@IAEXPAD@Z
+    - ?WriteSystemInformation@CDebugLog@@QAEXXZ
+    - ?WriteSystemInformation@CDebugLogEx@@QAEXXZ
+    - ?WriteSystemStringInformation@CDebugLog@@IAEXPBG@Z
+    - ?WriteSystemStringInformation@CDebugLogEx@@IAEXPBG@Z
+    - ?WriteToFile@CDebugLog@@IAEXPADK@Z
+    - ?WriteToProcMonW@CDebugLogEx@@IAEXPAU_UNICODE_STRING@@@Z
+    - ?_pNonPagedAllocator@@3PAVCMemoryAllocator@@A
+    - ?_pPagedAllocator@@3PAVCMemoryAllocator@@A
+    - ?m_lpInstance@CWorkerThreadPool@@1PAV1@A
+    - ?m_lpRCMInstance@CWorkerThreadPool@@1PAV1@A
+    - _DeInitKm2UmCommunication@0
+    - _DeInitKmLPC@0
+    - _DuplicateFullFileName@4
+    - _FreeFullFileName@4
+    - _GetKm2UmMode@0
+    - _GetModuleInfoByAddress@8
+    - _GetModuleInfoByModuleName@8
+    - _InitKm2UmCommunication@8
+    - _InitKmLPC@0
+    - _IsWindows8_1_update@4
+    - _KmCallUm@8
+    - _KmCallUmByLPC@8
+    - _KmCallUmEx@12
+    - _KmCleanupCommPortAPIs@0
+    - _KmGetUmInitProcess@0
+    - _KmSetCommPortAPIs@4
+    - _ModGetExportProcAddress@8
+    - _ModLoadDLLToBuffer@4
+    - _ModLoadDLLToBufferWithImageSize@8
+    - _ModLoadModule@8
+    - _ModUnLoadModule@4
+    - _NormalizeFileName@4
+    - _NormalizeFullNtPathToDosName@4
+    - _TmCommConfigRoutine@4
+    - _UtilAddDeviceInDriveTable@4
+    - _UtilAddReparsePointMapping@8
+    - _UtilCleanFileReadOnly@4
+    - _UtilCreateDosFileName@8
+    - _UtilDeleteFileForce@4
+    - _UtilGetDeviceObjectName@8
+    - _UtilGetFileNameFromFileObject@4
+    - _UtilGetFileObjectForProcessByEPROC@8
+    - _UtilGetFileObjectFromFileName@12
+    - _UtilGetProcessName@12
+    - _UtilGetSystemDirectory@4
+    - _UtilGetSystemDirectoryEx@0
+    - _UtilGetSystemDirectoryLength@0
+    - _UtilGetSystemTime@4
+    - _UtilIoSetFileInfo@24
+    - _UtilIopCreateFileIRP@40
+    - _UtilKeGetLowFileDevice@16
+    - _UtilModuleIATHook@24
+    - _UtilModuleIATUnHook@8
+    - _UtilPostJobToWorkerThread@12
+    - _UtilQueryKeyValue@24
+    - _UtilRemoveDeviceFromDriveTable@4
+    - _UtilVolumeDeviceToDosName@8
+    - _UtilWaitValueChangeToZero@8
+    - _UtilWriteVersionToRegistry@8
+    - _UtilbuildDynamicDiskMappingTable@0
+    - _UtlWriteBinValueKeyToRegistry@16
+    - _ValidateAddressWithSize@20
+    - __UtilDosPathNameToNtPathName@12
+    ImportedFunctions:
+    - wcsrchr
+    - KeSetEvent
+    - KePulseEvent
+    - KeClearEvent
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - ObfDereferenceObject
+    - ZwSetEvent
+    - ZwClose
+    - ZwConnectPort
+    - RtlInitUnicodeString
+    - RtlUnicodeStringToInteger
+    - ZwCreateSection
+    - ZwWaitForSingleObject
+    - ZwOpenEvent
+    - IoGetCurrentProcess
+    - ObfReferenceObject
+    - DbgBreakPoint
+    - ZwRequestWaitReplyPort
+    - ExFreePoolWithTag
+    - ProbeForWrite
+    - ZwFreeVirtualMemory
+    - ZwAllocateVirtualMemory
+    - ObOpenObjectByPointer
+    - PsProcessType
+    - memmove
+    - PsGetProcessExitTime
+    - MmSectionObjectType
+    - PsThreadType
+    - ObReleaseObjectSecurity
+    - SeReleaseSubjectContext
+    - SeAccessCheck
+    - SeCaptureSubjectContext
+    - ObGetObjectSecurity
+    - DbgPrint
+    - memset
+    - MmIsAddressValid
+    - ExInitializeResourceLite
+    - ExDeleteResourceLite
+    - ZwWriteFile
+    - ZwReadFile
+    - ZwQueryInformationFile
+    - ZwSetInformationFile
+    - ZwCreateFile
+    - swprintf
+    - towupper
+    - _wcsnicmp
+    - ExAllocatePoolWithTag
+    - KeInitializeEvent
+    - _snprintf
+    - PsGetCurrentProcessId
+    - RtlTimeToTimeFields
+    - ExSystemTimeToLocalTime
+    - KeQuerySystemTime
+    - PsGetCurrentThreadId
+    - RtlInitAnsiString
+    - ZwDeviceIoControlFile
+    - ZwCreateKey
+    - ZwCreateEvent
+    - KeWaitForMultipleObjects
+    - ObReferenceObjectByHandle
+    - ZwNotifyChangeKey
+    - _vsnprintf
+    - RtlFreeUnicodeString
+    - RtlAnsiStringToUnicodeString
+    - RtlEqualUnicodeString
+    - RtlAppendUnicodeStringToString
+    - RtlCopyUnicodeString
+    - RtlUpcaseUnicodeChar
+    - KeWaitForSingleObject
+    - KeSetPriorityThread
+    - PsTerminateSystemThread
+    - PsCreateSystemThread
+    - KeDelayExecutionThread
+    - KeNumberProcessors
+    - ZwQueryInformationProcess
+    - PsLookupProcessByProcessId
+    - ZwOpenDirectoryObject
+    - PsSetCreateProcessNotifyRoutine
+    - ZwQuerySystemInformation
+    - ZwQueryDirectoryFile
+    - ZwQueryDirectoryObject
+    - ZwDuplicateObject
+    - ZwOpenKey
+    - ZwEnumerateKey
+    - ZwEnumerateValueKey
+    - ZwQueryValueKey
+    - ZwDeleteValueKey
+    - ZwDeleteKey
+    - ExGetPreviousMode
+    - ZwTerminateProcess
+    - ZwOpenProcess
+    - ZwQueryKey
+    - ZwSetValueKey
+    - IoFileObjectType
+    - _allrem
+    - ZwQuerySecurityObject
+    - memcpy
+    - RtlLengthSecurityDescriptor
+    - MmHighestUserAddress
+    - IoFreeIrp
+    - IoFreeMdl
+    - MmUnlockPages
+    - _purecall
+    - _strnicmp
+    - RtlQueryRegistryValues
+    - RtlAppendUnicodeToString
+    - mbstowcs
+    - ZwQuerySymbolicLinkObject
+    - ZwOpenSymbolicLinkObject
+    - NtClose
+    - ObQueryNameString
+    - MmGetSystemRoutineAddress
+    - ZwSetInformationObject
+    - _stricmp
+    - ZwUnmapViewOfSection
+    - ZwMapViewOfSection
+    - ZwOpenFile
+    - IoCreateFile
+    - IofCallDriver
+    - IoAllocateIrp
+    - MmBuildMdlForNonPagedPool
+    - IoAllocateMdl
+    - ProbeForRead
+    - PsGetVersion
+    - RtlImageNtHeader
+    - RtlCompareMemory
+    - _snwprintf
+    - MmSystemRangeStart
+    - wcsncmp
+    - strrchr
+    - ZwQueryVolumeInformationFile
+    - ObReferenceObjectByPointer
+    - IoBuildDeviceIoControlRequest
+    - ZwOpenSection
+    - _allmul
+    - KeReleaseSemaphore
+    - RtlLengthRequiredSid
+    - RtlInitializeSid
+    - RtlSubAuthoritySid
+    - RtlSetDaclSecurityDescriptor
+    - RtlCreateSecurityDescriptor
+    - RtlAddAccessAllowedAce
+    - RtlCreateAcl
+    - KeInitializeSemaphore
+    - IofCompleteRequest
+    - ExEventObjectType
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - IoCreateSymbolicLink
+    - IoGetDeviceObjectPointer
+    - RtlUpperChar
+    - ObReferenceObjectByName
+    - IoDriverObjectType
+    - RtlCompareUnicodeString
+    - strncpy
+    - KeServiceDescriptorTable
+    - NtOpenProcess
+    - ObOpenObjectByName
+    - NtQueryInformationProcess
+    - PsIsThreadTerminating
+    - KeAddSystemServiceTable
+    - ZwQueryObject
+    - ZwFsControlFile
+    - ObInsertObject
+    - IoReleaseVpbSpinLock
+    - IoAcquireVpbSpinLock
+    - SeCreateAccessState
+    - IoGetFileObjectGenericMapping
+    - ObCreateObject
+    - _allshr
+    - ExInterlockedPopEntrySList
+    - IoGetStackLimits
+    - IoBuildSynchronousFsdRequest
+    - wcsstr
+    - RtlUpcaseUnicodeString
+    - IoUnregisterPlugPlayNotification
+    - FsRtlIsNameInExpression
+    - IoGetConfigurationInformation
+    - MmProbeAndLockPages
+    - IoGetDeviceInterfaces
+    - IoRegisterPlugPlayNotification
+    - ExAllocatePool
+    - RtlFreeAnsiString
+    - RtlUnicodeStringToAnsiString
+    - strncat
+    - wcschr
+    - wcsncat
+    - wcstombs
+    - KeTickCount
+    - KeBugCheckEx
+    - RtlUnwind
+    - wcsncpy
+    - ExReleaseResourceLite
+    - ExAcquireResourceExclusiveLite
+    - ExAcquireResourceSharedLite
+    - ExReleaseFastMutexUnsafe
+    - KeLeaveCriticalRegion
+    - KeEnterCriticalRegion
+    - ZwSetSecurityObject
+    - ExAcquireFastMutexUnsafe
+    - IoDeviceObjectType
+    - IoCreateDevice
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetSaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - SeExports
+    - IoIsWdmVersionAvailable
+    - RtlLengthSid
+    - RtlAbsoluteToSelfRelativeSD
+    - IoBuildAsynchronousFsdRequest
+    - KeGetCurrentThread
+    - KfAcquireSpinLock
+    - KfReleaseSpinLock
+    - KeRaiseIrqlToDpcLevel
+    - KfLowerIrql
+    - ExAcquireFastMutex
+    - ExReleaseFastMutex
+    - KeGetCurrentIrql
+    - KfRaiseIrql
+    - ClassInitialize
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited,
+                CN=COMODO Time Stamping Signer
+            ValidFrom: '2010-05-10 00:00:00'
+            ValidTo: '2015-05-10 23:59:59'
+            Signature: c8fb63f80b75752c3af1f213a72db6a31a9cad0107d3348e77e0c26eae025d484fa4d221b636fd2a35437c6bdf80870b15f0763200b4ceb567a42f2f201b9c549e833f1f5f149562820f2241221f70b3f3f742de6c51cd4bf821ac9b3b8cb1e5e6288fce2a8af9aa524d8c5b77ba4d5a58dbbb6a04cc521e9de228370ebbe70e91c7f8dbf18198ebcd37b30eab65d362ec3aa576eb13a83593c92e0a01ecc0e8cc3d7eb6ebe2c1ecd3149282668750dcfd5097acb34a767306c486113ab35f4304526feab3d074364ccaf11b7984377063ad74b9aa0ef398b08608ebdbe01f8c10f239649bae4f0a2c928a4f18b591e58d1a935f1faef1a6f02e97d0d2f62b3c
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 478a8efb59e1d83f0ce142d2a28707be
+            Version: 3
+            TBS:
+                MD5: f13ede9179075999ef7f856ec31e364b
+                SHA1: 2f09867166e6107e17808317f5c8d4ee157f45bc
+                SHA256: 089a2c4c6ac7432020acdb65c33bf39130da6f37c002ba79128bd4c94e4fa101
+                SHA384: 67be6d358f4ecd0726163603a404db9d78c340951d43fd608482cd89a2de7f9566f0ce45f8222f420003157cb266b939
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=TW, ST=Taiwan, L=Taipei, O=Trend Micro, Inc., OU=Digital ID
+                Class 3 , Microsoft Software Validation v2, CN=Trend Micro, Inc.
+            ValidFrom: '2014-02-07 00:00:00'
+            ValidTo: '2015-04-08 23:59:59'
+            Signature: 95676d657200d1a91b1629ed0bb118cc53bbacd5393d361300de6c1107b5007664bf846a75e03f5f4c9d6d9882cbb744621deee429f37c0695f829dace5b0f44309bdaa5a132dfbd8161e0a490752ecc340e7ae1c40c01c2029b7d8c0ecc9a717843e22a7a7232b64dfdec2f1312a6fd514a59d27eb2486dc5e9cbe7aa1ea6e21598f06bbd3faf3c37073e2f363b4133336ecb536a7735f53ddd666509cef465ae1c5e01a23b674a7bf4a8835c3ddd85168f84ff5c63a1685a15939bc0c7e5dd92bc95e41a0fd443d384e328be7374e95e28230365a7489d114009911ecee502afe8dbcdb44055df9b59feebc6d05eeffba205a4d62574936463bb05f79b5be4
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 5bb307b9e6fbf0c0fd40f5772d1ad8e3
+            Version: 3
+            TBS:
+                MD5: e8f93ae74cc54a00e4278f92c46c42e9
+                SHA1: 1e2d3a7e0be7d05f35ede330e922292e6ffa1a0c
+                SHA256: 9d5606f127dc9d395d41a511d41831b7fff0954458d6c2d09297e25d2a44671f
+                SHA384: f95ca91d5422848535963f417a3c14867d65e77c13653ff430af0f7219eed7085ecf35a810930f731369e02b325c059f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 5bb307b9e6fbf0c0fd40f5772d1ad8e3
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: c060a624a43f3a4972ee081f9209e4d3
+        SHA1: e630bbef7195d2e1c16d683b8f18c182aef98dc7
+        SHA256: b574f3894ffb1b628c20191e085a4ada2a5f0eb04ea86a3a1ddc1d9fffd22f99
+    Sections:
+        .text:
+            Entropy: 6.684315861221468
+            Virtual Size: '0x37376'
+        .rdata:
+            Entropy: 4.965780948690118
+            Virtual Size: '0x242c'
+        .data:
+            Entropy: 4.587939809496467
+            Virtual Size: '0x3000'
+        PAGE:
+            Entropy: 6.291603080402883
+            Virtual Size: '0x13dd'
+        .edata:
+            Entropy: 5.835213314323085
+            Virtual Size: '0x5540'
+        INIT:
+            Entropy: 5.650775218389838
+            Virtual Size: '0x16a2'
+        .rsrc:
+            Entropy: 3.4011474091653793
+            Virtual Size: '0x760'
+        .reloc:
+            Entropy: 6.581452060997828
+            Virtual Size: '0x346c'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2014-07-14 01:39:00'
+    Imphash: 9915439d37f385dbffc72bf835f3ee02
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: TmComm.sys
+    MD5: 62eed4173c566a248531fb6f20a5900d
+    SHA1: 0e60414750c48676d7aa9c9ec81c0a3b3a4d53d0
+    SHA256: e3eff841ea0f2786e5e0fed2744c0829719ad711fc9258eeaf81ed65a52a8918
+    Authentihash:
+        MD5: 8b3b8e708437670247e2e8af98e9c269
+        SHA1: c9fd7be77bad0db66831c5fdaef66d96574ae2e4
+        SHA256: d33fe3bbcdf1ef7e42faf4ac81d7da3a6451eb67b477e78b75506b0df21cf598
+    Description: TrendMicro Common Module
+    Company: Trend Micro Inc.
+    InternalName: TmComm.sys
+    OriginalFilename: TmComm.sys
+    FileVersion: 7.0.0.1101
+    Product: Trend Micro Eyes
+    ProductVersion: '7.0'
+    Copyright: Copyright  (C)  2016 Trend Micro Incorporated. All rights reserved.
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions:
+    - ??0CAutoUpdateConfigThread@@QEAA@AEBV0@@Z
+    - ??0CAutoUpdateConfigThread@@QEAA@PEAU_UNICODE_STRING@@P6AX0PEAX@Z1@Z
+    - ??0CBlobConfig@@QEAA@AEBV0@@Z
+    - ??0CBlobConfig@@QEAA@K@Z
+    - ??0CContext@@QEAA@AEBV0@@Z
+    - ??0CContext@@QEAA@KP6AJPEAU_EVENT_REPORT@@PEAXPEAU_TMCE_REPORT@@PEAU_TMCE_FEEDBACK@@@Z1K@Z
+    - ??0CContextList@@QEAA@AEBV0@@Z
+    - ??0CContextList@@QEAA@KPEAVIMemoryAllocator@@@Z
+    - ??0CDebugLog@@QEAA@AEBV0@@Z
+    - ??0CDebugLog@@QEAA@PEBG@Z
+    - ??0CDebugLogEx@@QEAA@AEBV0@@Z
+    - ??0CDebugLogEx@@QEAA@K@Z
+    - ??0CDelayLoadThread@@QEAA@AEBV0@@Z
+    - ??0CDelayLoadThread@@QEAA@XZ
+    - ??0CExclusionExtConfig@@QEAA@AEBV0@@Z
+    - ??0CExclusionExtConfig@@QEAA@KKE@Z
+    - ??0CExclusionFileNameConfig@@QEAA@AEBV0@@Z
+    - ??0CExclusionFileNameConfig@@QEAA@KK@Z
+    - ??0CExclusionFilePathConfig@@QEAA@AEBV0@@Z
+    - ??0CExclusionFilePathConfig@@QEAA@KK@Z
+    - ??0CExclusionFolderConfig@@QEAA@AEBV0@@Z
+    - ??0CExclusionFolderConfig@@QEAA@KK@Z
+    - ??0CExclusionRegistryConfig@@QEAA@AEBV0@@Z
+    - ??0CExclusionRegistryConfig@@QEAA@KK@Z
+    - ??0CFile@@QEAA@AEBV0@@Z
+    - ??0CFile@@QEAA@E@Z
+    - ??0CFileExtension@@QEAA@AEBV0@@Z
+    - ??0CFileExtension@@QEAA@KEEPEAVIMemoryAllocator@@@Z
+    - ??0CInclusionExtConfig@@QEAA@AEBV0@@Z
+    - ??0CInclusionExtConfig@@QEAA@KKE@Z
+    - ??0CInclusionFileNameConfig@@QEAA@AEBV0@@Z
+    - ??0CInclusionFileNameConfig@@QEAA@KK@Z
+    - ??0CInclusionFilePathConfig@@QEAA@AEBV0@@Z
+    - ??0CInclusionFilePathConfig@@QEAA@KK@Z
+    - ??0CInclusionFolderConfig@@QEAA@AEBV0@@Z
+    - ??0CInclusionFolderConfig@@QEAA@KK@Z
+    - ??0CKEvent@@QEAA@AEBV0@@Z
+    - ??0CKEvent@@QEAA@W4_EVENT_TYPE@@E@Z
+    - ??0CList@@QEAA@AEBV0@@Z
+    - ??0CList@@QEAA@KPEAVIMemoryAllocator@@@Z
+    - ??0CLockEvent@@QEAA@AEBV0@@Z
+    - ??0CLockEvent@@QEAA@XZ
+    - ??0CLockList@@QEAA@AEBV0@@Z
+    - ??0CLockList@@QEAA@KKPEAVIMemoryAllocator@@@Z
+    - ??0CMemoryAllocator@@IEAA@W4_POOL_TYPE@@K@Z
+    - ??0CMemoryAllocator@@QEAA@AEBV0@@Z
+    - ??0CMemoryPoolAllocator@@IEAA@W4_POOL_TYPE@@_K1K@Z
+    - ??0CMemoryPoolAllocator@@QEAA@AEBV0@@Z
+    - ??0CModuleConfig@@QEAA@AEBV0@@Z
+    - ??0CModuleConfig@@QEAA@XZ
+    - ??0CModuleConfigList@@QEAA@AEBV0@@Z
+    - ??0CModuleConfigList@@QEAA@KPEAVIMemoryAllocator@@@Z
+    - ??0CModuleFileExtConfig@@QEAA@AEBV0@@Z
+    - ??0CModuleFileExtConfig@@QEAA@KKE@Z
+    - ??0CModuleFlagConfig@@QEAA@AEBV0@@Z
+    - ??0CModuleFlagConfig@@QEAA@K@Z
+    - ??0CModuleMultiStringConfig@@QEAA@AEBV0@@Z
+    - ??0CModuleMultiStringConfig@@QEAA@KK@Z
+    - ??0CModuleStringConfig@@QEAA@AEBV0@@Z
+    - ??0CModuleStringConfig@@QEAA@K@Z
+    - ??0CNoLockList@@QEAA@AEBV0@@Z
+    - ??0CNoLockList@@QEAA@KKPEAVIMemoryAllocator@@@Z
+    - ??0CSmartLock@@QEAA@AEAVCLockEvent@@@Z
+    - ??0CSmartLock@@QEAA@XZ
+    - ??0CSmartReference@@QEAA@AEAJ@Z
+    - ??0CSmartReference@@QEAA@AEAK@Z
+    - ??0CSmartResource@@QEAA@AEAVCResource@@E@Z
+    - ??0CStrList@@QEAA@AEBV0@@Z
+    - ??0CStrList@@QEAA@KPEAVIMemoryAllocator@@@Z
+    - ??0CSystemThread@@QEAA@AEBV0@@Z
+    - ??0CSystemThread@@QEAA@K@Z
+    - ??0CUserFuncAdapterJob@@QEAA@AEBV0@@Z
+    - ??0CUserFuncAdapterJob@@QEAA@P6AXPEAX@Z01@Z
+    - ??0CWorkerThread@@IEAA@PEAVCWorkerThreadJobQueue@@@Z
+    - ??0CWorkerThread@@QEAA@AEBV0@@Z
+    - ??0CWorkerThreadJob@@QEAA@AEBV0@@Z
+    - ??0CWorkerThreadJob@@QEAA@E@Z
+    - ??0CWorkerThreadJobQueue@@QEAA@AEBV0@@Z
+    - ??0CWorkerThreadJobQueue@@QEAA@K@Z
+    - ??0CWorkerThreadPool@@QEAA@AEBV0@@Z
+    - ??0CWorkerThreadPool@@QEAA@K@Z
+    - ??0CWorkerThreadPoolEx@@QEAA@AEBV0@@Z
+    - ??0CWorkerThreadPoolEx@@QEAA@KK@Z
+    - ??0IMemoryAllocator@@QEAA@AEBV0@@Z
+    - ??0IMemoryAllocator@@QEAA@XZ
+    - ??1CAutoUpdateConfigThread@@UEAA@XZ
+    - ??1CBlobConfig@@UEAA@XZ
+    - ??1CContext@@UEAA@XZ
+    - ??1CContextList@@UEAA@XZ
+    - ??1CDebugLog@@UEAA@XZ
+    - ??1CDebugLogEx@@UEAA@XZ
+    - ??1CDelayLoadThread@@UEAA@XZ
+    - ??1CExclusionExtConfig@@UEAA@XZ
+    - ??1CExclusionFileNameConfig@@UEAA@XZ
+    - ??1CExclusionFilePathConfig@@UEAA@XZ
+    - ??1CExclusionFolderConfig@@UEAA@XZ
+    - ??1CExclusionRegistryConfig@@UEAA@XZ
+    - ??1CFile@@UEAA@XZ
+    - ??1CFileExtension@@UEAA@XZ
+    - ??1CInclusionExtConfig@@UEAA@XZ
+    - ??1CInclusionFileNameConfig@@UEAA@XZ
+    - ??1CInclusionFilePathConfig@@UEAA@XZ
+    - ??1CInclusionFolderConfig@@UEAA@XZ
+    - ??1CKEvent@@UEAA@XZ
+    - ??1CList@@UEAA@XZ
+    - ??1CLockEvent@@UEAA@XZ
+    - ??1CLockList@@UEAA@XZ
+    - ??1CMemoryAllocator@@UEAA@XZ
+    - ??1CMemoryPoolAllocator@@UEAA@XZ
+    - ??1CModuleConfig@@UEAA@XZ
+    - ??1CModuleConfigList@@UEAA@XZ
+    - ??1CModuleFileExtConfig@@UEAA@XZ
+    - ??1CModuleFlagConfig@@UEAA@XZ
+    - ??1CModuleMultiStringConfig@@UEAA@XZ
+    - ??1CModuleStringConfig@@UEAA@XZ
+    - ??1CNoLockList@@UEAA@XZ
+    - ??1CSmartLock@@QEAA@XZ
+    - ??1CSmartReference@@QEAA@XZ
+    - ??1CSmartResource@@QEAA@XZ
+    - ??1CStrList@@UEAA@XZ
+    - ??1CSystemThread@@UEAA@XZ
+    - ??1CUserFuncAdapterJob@@UEAA@XZ
+    - ??1CWorkerThread@@UEAA@XZ
+    - ??1CWorkerThreadJob@@UEAA@XZ
+    - ??1CWorkerThreadJobQueue@@UEAA@XZ
+    - ??1CWorkerThreadPool@@UEAA@XZ
+    - ??1CWorkerThreadPoolEx@@UEAA@XZ
+    - ??1IMemoryAllocator@@UEAA@XZ
+    - ??2@YAPEAX_KPEAVIMemoryAllocator@@PEBDK@Z
+    - ??2CMemoryAllocator@@SAPEAX_K@Z
+    - ??2CMemoryPoolAllocator@@SAPEAX_K@Z
+    - ??3@YAXPEAX@Z
+    - ??3@YAXPEAX_K@Z
+    - ??3IMemoryAllocator@@SAXPEAX@Z
+    - ??4CAutoUpdateConfigThread@@QEAAAEAV0@AEBV0@@Z
+    - ??4CBlobConfig@@QEAAAEAV0@AEBV0@@Z
+    - ??4CContext@@QEAAAEAV0@AEBV0@@Z
+    - ??4CDebugLog@@QEAAAEAV0@AEBV0@@Z
+    - ??4CDebugLogEx@@QEAAAEAV0@AEBV0@@Z
+    - ??4CDelayLoadThread@@QEAAAEAV0@AEBV0@@Z
+    - ??4CFile@@QEAAAEAV0@AEBV0@@Z
+    - ??4CKEvent@@QEAAAEAV0@AEBV0@@Z
+    - ??4CLockEvent@@QEAAAEAV0@AEBV0@@Z
+    - ??4CMemoryAllocator@@QEAAAEAV0@AEBV0@@Z
+    - ??4CMemoryPoolAllocator@@QEAAAEAV0@AEBV0@@Z
+    - ??4CModuleConfig@@QEAAAEAV0@AEBV0@@Z
+    - ??4CModuleFlagConfig@@QEAAAEAV0@AEBV0@@Z
+    - ??4CModuleStringConfig@@QEAAAEAV0@AEBV0@@Z
+    - ??4CSmartLock@@QEAAAEAV0@AEBV0@@Z
+    - ??4CSmartLock@@QEAAAEBV0@AEAVCLockEvent@@@Z
+    - ??4CSmartResource@@QEAAAEAV0@AEBV0@@Z
+    - ??4CSystemThread@@QEAAAEAV0@AEBV0@@Z
+    - ??4CUserFuncAdapterJob@@QEAAAEAV0@AEBV0@@Z
+    - ??4CWorkerThread@@QEAAAEAV0@AEBV0@@Z
+    - ??4CWorkerThreadJob@@QEAAAEAV0@AEBV0@@Z
+    - ??4IMemoryAllocator@@QEAAAEAV0@AEBV0@@Z
+    - ??_7CAutoUpdateConfigThread@@6B@
+    - ??_7CBlobConfig@@6B@
+    - ??_7CContext@@6B@
+    - ??_7CContextList@@6B@
+    - ??_7CDebugLog@@6B@
+    - ??_7CDebugLogEx@@6B@
+    - ??_7CDelayLoadThread@@6B@
+    - ??_7CExclusionExtConfig@@6B@
+    - ??_7CExclusionFileNameConfig@@6B@
+    - ??_7CExclusionFilePathConfig@@6B@
+    - ??_7CExclusionFolderConfig@@6B@
+    - ??_7CExclusionRegistryConfig@@6B@
+    - ??_7CFile@@6B@
+    - ??_7CFileExtension@@6B@
+    - ??_7CInclusionExtConfig@@6B@
+    - ??_7CInclusionFileNameConfig@@6B@
+    - ??_7CInclusionFilePathConfig@@6B@
+    - ??_7CInclusionFolderConfig@@6B@
+    - ??_7CKEvent@@6B@
+    - ??_7CList@@6B@
+    - ??_7CLockEvent@@6B@
+    - ??_7CLockList@@6B@
+    - ??_7CMemoryAllocator@@6B@
+    - ??_7CMemoryPoolAllocator@@6B@
+    - ??_7CModuleConfig@@6B@
+    - ??_7CModuleConfigList@@6B@
+    - ??_7CModuleFileExtConfig@@6B@
+    - ??_7CModuleFlagConfig@@6B@
+    - ??_7CModuleMultiStringConfig@@6B@
+    - ??_7CModuleStringConfig@@6B@
+    - ??_7CNoLockList@@6B@
+    - ??_7CStrList@@6B@
+    - ??_7CSystemThread@@6B@
+    - ??_7CUserFuncAdapterJob@@6B@
+    - ??_7CWorkerThread@@6B@
+    - ??_7CWorkerThreadJob@@6B@
+    - ??_7CWorkerThreadJobQueue@@6B@
+    - ??_7CWorkerThreadPool@@6B@
+    - ??_7CWorkerThreadPoolEx@@6B@
+    - ??_7IMemoryAllocator@@6B@
+    - ??_FCContextList@@QEAAXXZ
+    - ??_FCFile@@QEAAXXZ
+    - ??_FCFileExtension@@QEAAXXZ
+    - ??_FCModuleConfigList@@QEAAXXZ
+    - ??_FCStrList@@QEAAXXZ
+    - ??_FCSystemThread@@QEAAXXZ
+    - ??_FCWorkerThread@@QEAAXXZ
+    - ??_FCWorkerThreadJob@@QEAAXXZ
+    - ??_FCWorkerThreadJobQueue@@QEAAXXZ
+    - ??_U@YAPEAX_KPEAVIMemoryAllocator@@PEBDK@Z
+    - ??_V@YAXPEAX@Z
+    - ??_V@YAXPEAX_K@Z
+    - ?Acquire@CLockEvent@@QEAAXXZ
+    - ?Add@CContextList@@QEAAEPEAVCContext@@@Z
+    - ?Add@CFileExtension@@QEAAEPEBGK@Z
+    - ?Add@CModuleConfigList@@QEAAEPEAVCModuleConfig@@@Z
+    - ?Add@CStrList@@QEAAEPEBG@Z
+    - ?AddNode@CLockList@@UEAAEQEAXE@Z
+    - ?AddNode@CNoLockList@@UEAAEQEAXE@Z
+    - ?Alloc@CMemoryAllocator@@UEAAPEAX_KPEBDK@Z
+    - ?Alloc@CMemoryPoolAllocator@@UEAAPEAX_KPEBDK@Z
+    - ?AllocBlock@CMemoryPoolAllocator@@IEAAPEAX_K@Z
+    - ?AttachJobQueue@CWorkerThread@@QEAAXPEAVCWorkerThreadJobQueue@@@Z
+    - ?Cancel@CWorkerThreadJob@@QEAAXXZ
+    - ?CheckNode@CLockList@@UEAAHQEAX@Z
+    - ?CheckNode@CNoLockList@@UEAAHQEAX@Z
+    - ?CleanQueue@CWorkerThreadJobQueue@@QEAAXXZ
+    - ?Cleanup@CBlobConfig@@AEAAXXZ
+    - ?Cleanup@CModuleFileExtConfig@@IEAAXXZ
+    - ?Cleanup@CModuleMultiStringConfig@@IEAAXXZ
+    - ?Cleanup@CModuleStringConfig@@AEAAXXZ
+    - ?Close@CFile@@QEAAJXZ
+    - ?Count@CLockList@@QEAAKXZ
+    - ?Count@CNoLockList@@QEAAKXZ
+    - ?Create@CFile@@QEAAJPEBGKKKK@Z
+    - ?Create@CSystemThread@@QEAAEXZ
+    - ?CreateInstance@CMemoryAllocator@@SAPEAV1@W4_POOL_TYPE@@K@Z
+    - ?CreateInstance@CMemoryPoolAllocator@@SAPEAV1@W4_POOL_TYPE@@_K1K@Z
+    - ?CreatePool@CWorkerThreadPool@@QEAAEXZ
+    - ?CreatePool@CWorkerThreadPoolEx@@QEAAEXZ
+    - ?CreateThreads@CWorkerThreadPool@@QEAAEK@Z
+    - ?CreateThreads@CWorkerThreadPoolEx@@QEAAEK@Z
+    - ?CreateWIRP@CFile@@QEAAJPEBGKKKK@Z
+    - ?Delete@CFile@@QEAAJXZ
+    - ?Delete@CFileExtension@@QEAAEPEBGK@Z
+    - ?Delete@CStrList@@QEAAEPEBG@Z
+    - ?DeleteAll@CList@@UEAAXXZ
+    - ?DeleteAll@CLockList@@UEAAXXZ
+    - ?DeleteAll@CNoLockList@@UEAAXXZ
+    - ?DeleteNode@CContextList@@MEAAXPEAX@Z
+    - ?DeleteNode@CList@@UEAAXPEAX@Z
+    - ?DeleteNode@CModuleConfigList@@MEAAXPEAX@Z
+    - ?DeleteNode@CStrList@@EEAAXPEAU_STR_LIST_NODE@1@@Z
+    - ?DisableWriteProtectFromCR0@@YAXPEAPEAX@Z
+    - ?DoIt@CWorkerThreadJob@@QEAAJXZ
+    - ?EntryPoint@CSystemThread@@KAXPEAX@Z
+    - ?Find@CContextList@@QEAAPEAVCContext@@K@Z
+    - ?Find@CContextList@@QEAAPEAVCContext@@PEAX@Z
+    - ?Find@CFileExtension@@QEAAPEAU_STR_LIST_NODE@CStrList@@PEBGK@Z
+    - ?Find@CModuleConfigList@@QEAAPEAVCModuleConfig@@K@Z
+    - ?Find@CStrList@@QEAAPEAU_STR_LIST_NODE@1@PEBG@Z
+    - ?FindNode@CContextList@@IEAAPEAXPEAX@Z
+    - ?FindPartiallyAndAllMatch@CStrList@@QEAAPEAU_STR_LIST_NODE@1@PEBG@Z
+    - ?FinishFunction@CUserFuncAdapterJob@@MEAAXXZ
+    - ?FinishIt@CWorkerThreadJob@@QEAAJXZ
+    - ?First@CList@@UEAAPEAXXZ
+    - ?First@CLockList@@UEAAPEAXXZ
+    - ?First@CNoLockList@@UEAAPEAXXZ
+    - ?Free@CMemoryAllocator@@UEAAXPEAX@Z
+    - ?Free@CMemoryPoolAllocator@@UEAAXPEAX@Z
+    - ?GetAttributes@CFile@@QEAAKXZ
+    - ?GetBasicInfomration@CFile@@IEAAJXZ
+    - ?GetBlobCofig@CContext@@UEAAJKPEAXPEAK@Z
+    - ?GetCategory@CContext@@QEAAKXZ
+    - ?GetData@CBlobConfig@@QEAAHPEAXPEAK@Z
+    - ?GetData@CModuleFileExtConfig@@QEAAHPEAGPEAK@Z
+    - ?GetData@CModuleFileExtConfig@@QEAAPEAVCFileExtension@@XZ
+    - ?GetData@CModuleFlagConfig@@QEAAKXZ
+    - ?GetData@CModuleMultiStringConfig@@QEAAHPEAGPEAK@Z
+    - ?GetData@CModuleMultiStringConfig@@QEAAPEAVCStrList@@XZ
+    - ?GetData@CModuleStringConfig@@QEAAPEAGXZ
+    - ?GetData@CStrList@@QEAAEPEAGPEAK@Z
+    - ?GetDataType@CModuleConfig@@QEAAKXZ
+    - ?GetEngineContext@CContext@@QEAAPEAXXZ
+    - ?GetFileExtensionConfig@CContext@@QEAAPEAVCFileExtension@@K@Z
+    - ?GetFileExtensionConfig@CContext@@UEAAJKPEAGPEAK@Z
+    - ?GetFileSize@CFile@@QEAAJPEAT_LARGE_INTEGER@@@Z
+    - ?GetFileSizeWIRP@CFile@@QEAAJPEAT_LARGE_INTEGER@@@Z
+    - ?GetFlagConfig@CContext@@UEAAJKPEAK@Z
+    - ?GetID@CModuleConfig@@QEAAKXZ
+    - ?GetJob@CWorkerThreadJobQueue@@QEAAPEAVCWorkerThreadJob@@XZ
+    - ?GetLength@CModuleStringConfig@@QEAAKXZ
+    - ?GetLinkContext@CContext@@QEAAPEAXXZ
+    - ?GetLogFlag@CDebugLog@@QEAAKXZ
+    - ?GetLogFlag@CDebugLogEx@@QEAAKXZ
+    - ?GetModuleId@CModuleConfig@@QEAAKXZ
+    - ?GetMultiStringConfig@CContext@@QEAAPEAVCStrList@@K@Z
+    - ?GetMultiStringConfig@CContext@@UEAAJKPEAGPEAK@Z
+    - ?GetOneThreadTEB@CWorkerThreadPool@@QEAAPEAU_ETHREAD@@XZ
+    - ?GetOneThreadTEB@CWorkerThreadPool@@QEAAPEAU_KTHREAD@@XZ
+    - ?GetOneThreadTEB@CWorkerThreadPoolEx@@QEAAPEAU_ETHREAD@@XZ
+    - ?GetOneThreadTEB@CWorkerThreadPoolEx@@QEAAPEAU_KTHREAD@@XZ
+    - ?GetReportCallBackRoutine@CContext@@QEAA_KXZ
+    - ?GetSize@CBlobConfig@@QEAAKXZ
+    - ?GetStringConfig@CContext@@QEAAPEAGK@Z
+    - ?GetStringConfig@CContext@@UEAAJKPEAGPEAK@Z
+    - ?GetThreadCount@CWorkerThreadPool@@QEAAKXZ
+    - ?GetThreadCount@CWorkerThreadPoolEx@@QEAAKXZ
+    - ?GetThreadID@CSystemThread@@QEAA_KXZ
+    - ?GetType@CContext@@QEAAKXZ
+    - ?GetUserParameter@CContext@@QEAA_KXZ
+    - ?InitProcMon@CDebugLogEx@@IEAAXXZ
+    - ?InitializeBlobConfig@CContext@@QEAAHKPEAXK@Z
+    - ?InitializeFileExtensionConfig@CContext@@QEAAHKPEBG@Z
+    - ?InitializeFlagConfig@CContext@@QEAAHKK@Z
+    - ?InitializeMultiStringConfig@CContext@@QEAAHKPEBG@Z
+    - ?InitializeStringConfig@CContext@@QEAAHKPEBG@Z
+    - ?Insert@CList@@UEAAXQEAXE@Z
+    - ?Insert@CLockList@@UEAAXQEAXE@Z
+    - ?Insert@CNoLockList@@UEAAXQEAXE@Z
+    - ?InsertAfter@CList@@UEAAXPEAX0@Z
+    - ?InsertBefore@CList@@UEAAXPEAX0@Z
+    - ?Instance@CWorkerThreadPool@@SAPEAV1@XZ
+    - ?IsEmpty@CList@@UEAAEXZ
+    - ?IsEmpty@CLockList@@UEAAEXZ
+    - ?IsEmpty@CNoLockList@@UEAAEXZ
+    - ?IsExceedLimitation@CMemoryPoolAllocator@@IEAAEK@Z
+    - ?IsFull@CLockList@@QEBAEXZ
+    - ?IsFull@CNoLockList@@QEBAEXZ
+    - ?IsInExclusionList@CExclusionExtConfig@@QEAAEPEBG@Z
+    - ?IsInExclusionList@CExclusionFileNameConfig@@QEAAEPEBG@Z
+    - ?IsInExclusionList@CExclusionFilePathConfig@@QEAAEPEBG@Z
+    - ?IsInExclusionList@CExclusionFolderConfig@@QEAAEPEBG@Z
+    - ?IsInExclusionList@CExclusionRegistryConfig@@QEAAEPEBG@Z
+    - ?IsInInclusionList@CInclusionExtConfig@@QEAAEPEBG@Z
+    - ?IsInInclusionList@CInclusionFileNameConfig@@QEAAEPEBG@Z
+    - ?IsInInclusionList@CInclusionFilePathConfig@@QEAAEPEBG@Z
+    - ?IsInInclusionList@CInclusionFolderConfig@@QEAAEPEBG@Z
+    - ?IsOpened@CFile@@QEAAEXZ
+    - ?IsTerminated@CWorkerThreadPool@@QEAAEXZ
+    - ?IsTerminated@CWorkerThreadPoolEx@@QEAAEXZ
+    - ?IsValid@CMemoryAllocator@@UEAAEXZ
+    - ?IsValid@CMemoryPoolAllocator@@UEAAEXZ
+    - ?IsValid@IMemoryAllocator@@UEAAEXZ
+    - ?IsWorkerThread@CWorkerThreadPool@@QEAAE_K@Z
+    - ?IsWorkerThread@CWorkerThreadPoolEx@@QEAAE_K@Z
+    - ?JobFunction@CUserFuncAdapterJob@@MEAAXXZ
+    - ?JobQueue@CWorkerThreadPool@@QEAAAEAVCWorkerThreadJobQueue@@XZ
+    - ?JobQueue@CWorkerThreadPoolEx@@QEAAAEAVCWorkerThreadJobQueue@@XZ
+    - ?Limit@CLockList@@QEAAKXZ
+    - ?Limit@CNoLockList@@QEAAKXZ
+    - ?MatchAllExtensions@CFileExtension@@QEAAEXZ
+    - ?MatchNoExtensions@CFileExtension@@QEAAEXZ
+    - ?MergeLeft@CMemoryPoolAllocator@@IEAAPEAXPEAX@Z
+    - ?MergeRight@CMemoryPoolAllocator@@IEAAPEAXPEAX@Z
+    - ?NeedDelete@CWorkerThreadJob@@QEAAEXZ
+    - ?NeedDeleteWhenFinish@CWorkerThreadJob@@QEAAXE@Z
+    - ?NewNode@CList@@UEAAPEAXXZ
+    - ?NewNode@CStrList@@EEAAPEAXXZ
+    - ?NewNodeVariant@CList@@IEAAPEAXK@Z
+    - ?Next@CList@@UEBAPEAXQEAX@Z
+    - ?Next@CLockList@@UEBAPEAXQEAX@Z
+    - ?Next@CNoLockList@@UEBAPEAXQEAX@Z
+    - ?NextPool@CMemoryPoolAllocator@@QEAAPEAV1@XZ
+    - ?NotityTerminate@CWorkerThread@@QEAAXXZ
+    - ?PostJobToWorkerThread@CWorkerThreadPool@@QEAAJP6AXPEAX@Z0E@Z
+    - ?PostJobToWorkerThread@CWorkerThreadPoolEx@@QEAAJP6AXPEAX@Z0E1@Z
+    - ?Pulse@CKEvent@@QEAAJJE@Z
+    - ?QueueJob@CWorkerThreadJobQueue@@QEAAEPEAVCWorkerThreadJob@@@Z
+    - ?QueueJobItem@CWorkerThreadPool@@QEAAJPEAVCWorkerThreadJob@@@Z
+    - ?QueueJobItem@CWorkerThreadPoolEx@@QEAAJPEAVCWorkerThreadJob@@@Z
+    - ?RCMInstance@CWorkerThreadPool@@SAPEAV1@XZ
+    - ?Read@CFile@@QEAAJPEADKPEAK@Z
+    - ?ReadWIRP@CFile@@QEAAJPEADKPEAK@Z
+    - ?ReferenceCount@CContext@@QEAAAEAKXZ
+    - ?Release@CLockEvent@@QEAAXXZ
+    - ?Remove@CContextList@@UEAAEQEAX@Z
+    - ?Remove@CList@@UEAAEQEAX@Z
+    - ?Remove@CLockList@@UEAAEQEAX@Z
+    - ?Remove@CNoLockList@@UEAAEQEAX@Z
+    - ?RemoveHead@CList@@UEAAPEAXXZ
+    - ?RemoveHead@CLockList@@UEAAPEAXXZ
+    - ?RemoveHead@CNoLockList@@UEAAPEAXXZ
+    - ?RemoveTail@CList@@UEAAPEAXXZ
+    - ?RemoveTail@CLockList@@UEAAPEAXXZ
+    - ?RemoveTail@CNoLockList@@UEAAPEAXXZ
+    - ?Reset@CKEvent@@QEAAXXZ
+    - ?ResetData@CInclusionExtConfig@@QEAAXXZ
+    - ?ResetData@CInclusionFileNameConfig@@QEAAXXZ
+    - ?ResetData@CInclusionFilePathConfig@@QEAAXXZ
+    - ?ResetData@CInclusionFolderConfig@@QEAAXXZ
+    - ?RestoreCR0@@YAXPEAX@Z
+    - ?Run@CAutoUpdateConfigThread@@UEAAXXZ
+    - ?Run@CDelayLoadThread@@UEAAXXZ
+    - ?Run@CWorkerThread@@UEAAXXZ
+    - ?SeekToEnd@CFile@@QEAAJXZ
+    - ?Set@CKEvent@@QEAAJJE@Z
+    - ?SetAttributes@CFile@@QEAAJK@Z
+    - ?SetBlobCofig@CContext@@UEAAJKPEAXK@Z
+    - ?SetData@CBlobConfig@@QEAAHPEAXK@Z
+    - ?SetData@CModuleFileExtConfig@@QEAAHPEBG@Z
+    - ?SetData@CModuleFlagConfig@@QEAAHK@Z
+    - ?SetData@CModuleMultiStringConfig@@QEAAHPEBGK@Z
+    - ?SetData@CModuleStringConfig@@QEAAHPEBG@Z
+    - ?SetEngineContext@CContext@@QEAAXPEAX@Z
+    - ?SetFileExtensionConfig@CContext@@UEAAJKPEBG@Z
+    - ?SetFlagConfig@CContext@@UEAAJKK@Z
+    - ?SetLinkContext@CContext@@QEAAXPEAX@Z
+    - ?SetLogFlag@CDebugLog@@QEAAEK@Z
+    - ?SetLogFlag@CDebugLogEx@@QEAAEK@Z
+    - ?SetMatchAllExtensions@CFileExtension@@QEAAXE@Z
+    - ?SetMatchNoExtensions@CFileExtension@@QEAAXE@Z
+    - ?SetMultiStringConfig@CContext@@UEAAJKPEBG@Z
+    - ?SetNewJobItemEvent@CWorkerThreadJobQueue@@QEAAXXZ
+    - ?SetPriority@CSystemThread@@QEAAXK@Z
+    - ?SetStopUse@CContext@@QEAAXXZ
+    - ?SetStringConfig@CContext@@UEAAJKPEBG@Z
+    - ?Setup@CSystemThread@@MEAAXXZ
+    - ?StopUse@CContext@@QEAAHXZ
+    - ?TearDown@CSystemThread@@MEAAXXZ
+    - ?Terminate@CSystemThread@@QEAAXE@Z
+    - ?Terminate@CWorkerThreadPool@@QEAAEXZ
+    - ?Terminate@CWorkerThreadPoolEx@@QEAAEXZ
+    - ?TmExceptionFilter@@YAJPEAU_EXCEPTION_POINTERS@@@Z
+    - ?Wait@CKEvent@@QEAAJPEAT_LARGE_INTEGER@@E@Z
+    - ?WaitFinish@CWorkerThreadJob@@QEAAXXZ
+    - ?WaitForInit@CDelayLoadThread@@QEAAEXZ
+    - ?WaitForLoad@CDelayLoadThread@@QEAAEXZ
+    - ?WaitNewJobAvailable@CWorkerThreadJobQueue@@QEAAEXZ
+    - ?WaitQueueEmpty@CWorkerThreadJobQueue@@QEAAXXZ
+    - ?Write@CDebugLog@@QEAAXPEBDZZ
+    - ?Write@CDebugLogEx@@QEAAXPEBDZZ
+    - ?Write@CFile@@QEAAJPEADKPEAT_LARGE_INTEGER@@PEAK@Z
+    - ?WriteDataToFile@CDebugLogEx@@IEAAXPEADK@Z
+    - ?WriteDataToProcMonW@CDebugLogEx@@IEAAXPEAD@Z
+    - ?WriteSystemInformation@CDebugLog@@QEAAXXZ
+    - ?WriteSystemInformation@CDebugLogEx@@QEAAXXZ
+    - ?WriteSystemStringInformation@CDebugLog@@IEAAXPEBG@Z
+    - ?WriteSystemStringInformation@CDebugLogEx@@IEAAXPEBG@Z
+    - ?WriteToFile@CDebugLog@@IEAAXPEADK@Z
+    - ?WriteToProcMonW@CDebugLogEx@@IEAAXPEAU_UNICODE_STRING@@@Z
+    - ?_pNonPagedAllocator@@3PEAVCMemoryAllocator@@EA
+    - ?_pPagedAllocator@@3PEAVCMemoryAllocator@@EA
+    - ?m_lpInstance@CWorkerThreadPool@@1PEAV1@EA
+    - ?m_lpRCMInstance@CWorkerThreadPool@@1PEAV1@EA
+    - AllocFullFileName
+    - DeInitKm2UmCommunication
+    - DeInitKmLPC
+    - DuplicateFullFileName
+    - FreeFullFileName
+    - GetKm2UmMode
+    - GetModuleInfoByAddress
+    - GetModuleInfoByModuleName
+    - InitKm2UmCommunication
+    - InitKmLPC
+    - IsVerifierCodeCheckFlagOn
+    - IsWindows8_1_update
+    - KmCallUm
+    - KmCallUmByLPC
+    - KmCallUmEx
+    - KmCleanupCommPortAPIs
+    - KmGetUmInitProcess
+    - KmSetBackupCommPortAPIs
+    - KmSetCommPortAPIs
+    - ModGetExportProcAddress
+    - ModLoadDLLToBuffer
+    - ModLoadDLLToBufferWithImageSize
+    - ModLoadModule
+    - ModUnLoadModule
+    - NormalizeFileName
+    - NormalizeFullNtPathToDosName
+    - TmCommConfigRoutine
+    - UtilAddDeviceInDriveTable
+    - UtilAddReparsePointMapping
+    - UtilCleanFileReadOnly
+    - UtilCloseExclusiveHandle
+    - UtilCreateDosFileName
+    - UtilDeleteFileForce
+    - UtilGetDeviceObjectName
+    - UtilGetFileNameFromFileObject
+    - UtilGetFileObjectForProcessByEPROC
+    - UtilGetFileObjectFromFileName
+    - UtilGetProcessName
+    - UtilGetSystemDirectory
+    - UtilGetSystemDirectoryEx
+    - UtilGetSystemDirectoryLength
+    - UtilGetSystemTime
+    - UtilIoSetFileInfo
+    - UtilIopCreateFileIRP
+    - UtilKeGetLowFileDevice
+    - UtilModuleIATHook
+    - UtilModuleIATUnHook
+    - UtilPostJobToWorkerThread
+    - UtilQueryExclusiveHandle
+    - UtilQueryKeyValue
+    - UtilRemoveDeviceFromDriveTable
+    - UtilVolumeDeviceToDosName
+    - UtilWaitValueChangeToZero
+    - UtilWriteVersionToRegistry
+    - UtilbuildDynamicDiskMappingTable
+    - UtlWriteBinValueKeyToRegistry
+    - ValidateAddressWithSize
+    - _ResetProtectFromClose
+    - _UtilDosPathNameToNtPathName
+    ImportedFunctions:
+    - RtlInitUnicodeString
+    - KeInitializeEvent
+    - KeClearEvent
+    - KeSetEvent
+    - KeEnterCriticalRegion
+    - KeLeaveCriticalRegion
+    - KeWaitForSingleObject
+    - ExFreePoolWithTag
+    - ExAcquireFastMutexUnsafe
+    - ExReleaseFastMutexUnsafe
+    - ProbeForRead
+    - ProbeForWrite
+    - ExAcquireResourceSharedLite
+    - ExAcquireResourceExclusiveLite
+    - ExReleaseResourceLite
+    - MmProbeAndLockPages
+    - MmUnlockPages
+    - MmMapLockedPagesSpecifyCache
+    - IoAllocateMdl
+    - IoFreeMdl
+    - IoGetCurrentProcess
+    - ObfReferenceObject
+    - ObfDereferenceObject
+    - ZwClose
+    - ZwCreateSection
+    - ZwOpenSection
+    - ZwMapViewOfSection
+    - ZwUnmapViewOfSection
+    - ZwOpenEvent
+    - KePulseEvent
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - ObOpenObjectByPointer
+    - ZwAllocateVirtualMemory
+    - ZwFreeVirtualMemory
+    - ZwSetEvent
+    - __C_specific_handler
+    - PsProcessType
+    - wcslen
+    - wcsncpy
+    - wcsrchr
+    - RtlUnicodeStringToInteger
+    - ZwWaitForSingleObject
+    - ZwRequestWaitReplyPort
+    - ZwConnectPort
+    - SeCaptureSubjectContext
+    - SeReleaseSubjectContext
+    - SeAccessCheck
+    - ObGetObjectSecurity
+    - ObReleaseObjectSecurity
+    - PsGetProcessExitTime
+    - PsThreadType
+    - MmSectionObjectType
+    - RtlCreateSecurityDescriptor
+    - RtlSetDaclSecurityDescriptor
+    - KeInitializeSemaphore
+    - KeReleaseSemaphore
+    - ExAllocatePoolWithTag
+    - ExAcquireFastMutex
+    - ExReleaseFastMutex
+    - RtlCreateAcl
+    - RtlAddAccessAllowedAce
+    - RtlLengthRequiredSid
+    - RtlInitializeSid
+    - RtlSubAuthoritySid
+    - KeDelayExecutionThread
+    - ExGetPreviousMode
+    - DbgPrint
+    - swprintf
+    - RtlCopyUnicodeString
+    - PsGetVersion
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - ObReferenceObjectByHandle
+    - PsGetCurrentProcessId
+    - ZwCreateEvent
+    - ExEventObjectType
+    - _wcsnicmp
+    - PsSetCreateProcessNotifyRoutine
+    - ZwQueryInformationProcess
+    - PsLookupProcessByProcessId
+    - ZwOpenDirectoryObject
+    - ExInitializeResourceLite
+    - ExDeleteResourceLite
+    - ZwCreateFile
+    - ZwQueryInformationFile
+    - ZwSetInformationFile
+    - ZwReadFile
+    - ZwWriteFile
+    - towupper
+    - MmGetSystemRoutineAddress
+    - ObReferenceObjectByPointer
+    - MmIsAddressValid
+    - PsGetCurrentThreadId
+    - ObQueryNameString
+    - _snprintf
+    - _vsnprintf
+    - RtlInitAnsiString
+    - RtlAnsiStringToUnicodeString
+    - RtlFreeUnicodeString
+    - RtlTimeToTimeFields
+    - KeWaitForMultipleObjects
+    - ExSystemTimeToLocalTime
+    - wcscat
+    - ZwDeviceIoControlFile
+    - ZwNotifyChangeKey
+    - ZwOpenFile
+    - ZwQueryVolumeInformationFile
+    - mbstowcs
+    - _stricmp
+    - IoGetDeviceObjectPointer
+    - RtlImageNtHeader
+    - ZwQuerySystemInformation
+    - IoBuildDeviceIoControlRequest
+    - IofCallDriver
+    - IoCreateFile
+    - RtlEqualUnicodeString
+    - RtlAppendUnicodeStringToString
+    - RtlUpcaseUnicodeChar
+    - _snwprintf
+    - strlen
+    - _strnicmp
+    - strncpy
+    - NtOpenProcess
+    - NtQueryInformationProcess
+    - ObOpenObjectByName
+    - KeSetPriorityThread
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - KeNumberProcessors
+    - RtlLengthSecurityDescriptor
+    - ZwOpenKey
+    - ZwDeleteKey
+    - ZwDeleteValueKey
+    - ZwEnumerateKey
+    - ZwEnumerateValueKey
+    - ZwQueryKey
+    - ZwQueryValueKey
+    - ZwSetValueKey
+    - ZwTerminateProcess
+    - ZwOpenProcess
+    - ZwDuplicateObject
+    - ZwQuerySecurityObject
+    - ZwSetSecurityObject
+    - ZwQueryDirectoryObject
+    - ZwQueryDirectoryFile
+    - NtCreateFile
+    - NtQueryInformationFile
+    - NtSetInformationFile
+    - IoFileObjectType
+    - ObInsertObject
+    - wcschr
+    - wcsncmp
+    - RtlQueryRegistryValues
+    - RtlAppendUnicodeToString
+    - RtlCompareMemory
+    - MmBuildMdlForNonPagedPool
+    - IoAllocateIrp
+    - IoFreeIrp
+    - ZwOpenSymbolicLinkObject
+    - ZwQuerySymbolicLinkObject
+    - RtlUpcaseUnicodeString
+    - NtClose
+    - ZwSetInformationObject
+    - SeQueryAuthenticationIdToken
+    - MmSystemRangeStart
+    - IoGetFileObjectGenericMapping
+    - ObCreateObject
+    - SeCreateAccessState
+    - IoAcquireVpbSpinLock
+    - IoReleaseVpbSpinLock
+    - wcstombs
+    - strncat
+    - wcsncat
+    - RtlUnicodeStringToAnsiString
+    - RtlFreeAnsiString
+    - strcpy
+    - wcsstr
+    - RtlCompareUnicodeString
+    - DbgPrintEx
+    - KeAcquireSpinLockRaiseToDpc
+    - KeReleaseSpinLock
+    - ExAllocatePool
+    - ExpInterlockedPopEntrySList
+    - IoBuildSynchronousFsdRequest
+    - IoGetStackLimits
+    - IoGetDeviceInterfaces
+    - IoRegisterPlugPlayNotification
+    - IoUnregisterPlugPlayNotification
+    - IoGetConfigurationInformation
+    - FsRtlIsNameInExpression
+    - IoDeviceObjectType
+    - IoCreateDevice
+    - RtlGetOwnerSecurityDescriptor
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetSaclSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - RtlLengthSid
+    - SeExports
+    - IoIsWdmVersionAvailable
+    - RtlAbsoluteToSelfRelativeSD
+    - ZwCreateKey
+    - _purecall
+    - KeBugCheckEx
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited,
+                CN=COMODO SHA,1 Time Stamping Signer
+            ValidFrom: '2015-12-31 00:00:00'
+            ValidTo: '2019-07-09 18:40:36'
+            Signature: ba332440408c7cdb589fb36098b2f5c031feeb1f6e50f60ae0e4e681ad2687a2dffdb3daf473f300fb291b891b153edb6b52932bc4ac3981d73c67579a3936e028089ae3394f9b89097f7bc5617f598932250a6aae1a3ef0a227a8b6c3b887f7160448413d5cd8ec9f4d203104d965a1edcd690753163ddd36020a88eb40e506300bb8164bdcefbc5509ffc63e122e76b3dcce42eff97657e1b70a054098589a5d711693718c6581ea6ff389f7fb73adb4e7bfd98e6faa0b4f25f3b8e1d5dd75986881f8aac0d180c2c4c43989c1f6c99e6cd774f9d997f84fc29a0acd5e8ff819e9e0a59fc4f09221e62d7925c922f9c3f03a8457ad3a16f46394101d5dd0c6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1688f039255e638e69143907e6330b
+            Version: 3
+            TBS:
+                MD5: 0179e8ddeebaf8998fec419d65cdf13d
+                SHA1: 34c724c3369f2da8c25b591808962f66f10bde28
+                SHA256: 35b0bac11602847aaab65fb35199d3c8976cde3ccf7e061b130177c712cbd92f
+                SHA384: 85f2e758b5480eb225ae42777ed339de71da458c1d40677c0fb6ef8e560e42764a577335e4839b5342061c31ee837b6e
+        -   Subject: C=TW, ST=Taiwan, L=Taipei, O=Trend Micro, Inc., CN=Trend Micro,
+                Inc.
+            ValidFrom: '2016-03-29 00:00:00'
+            ValidTo: '2017-06-28 23:59:59'
+            Signature: 27351697f046d1d43fe306dff30b83e7a404e3e6431c1e06829c558d99eb3f21776021e3e1bd4e485aba08b89bb0972f23daa471d7b432a44a591270f9a838f13dbda32ee936c0df792cff8c493e1f27b2282b3d896ae7b4155ca1a50bf7111f3f4bbbe11f17cfe5d49c0589c210966ef7e567153e802d2e783ff498c59585598d9d3e93273d1e81c07ce85c0cfb24834d448c3930120f1686bd472d916ac8f9475acfdb27be8528311f668d71dfc132a0ff62df7baa575a0cc732b3de003beca214954d4d97cf9511b9329eccbb7b716675b31e543a43570080dffce3fc8ca8fbb17d954b9678e2d0c1e1710a5cf03952a687fede59dcba3bf98900f9934f12
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 774d49c5649436de6bf3190a67eedcdf
+            Version: 3
+            TBS:
+                MD5: b3ca7d6b821d8e3432b29874980af55e
+                SHA1: 618d7e55a24c1d8b65a0bcce79120c5e3b13fa4d
+                SHA256: c645c6a7dc7243a4a3f78a6569c029401a7bda8bc4732ce7198d9f21f19b12fa
+                SHA384: a215ae468847498103234ed023774ba72f8d35f82f2fef5ca8521f020e7ea9c1f2df2a312743bff5fa65747b0760ec59
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 774d49c5649436de6bf3190a67eedcdf
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: f24ab92249f890976db4810956894104
+        SHA1: 5abe3da2e90de43df4ee61c89b8adb402176edb3
+        SHA256: da02581a92aa11134e23d9ee3cf7d60945700fec9b37c0a3365e2aebe68ec5b3
+    Sections:
+        .text:
+            Entropy: 5.863896005262586
+            Virtual Size: '0x4f325'
+        .rdata:
+            Entropy: 3.4279991805667236
+            Virtual Size: '0x6104'
+        .data:
+            Entropy: 4.655791914208071
+            Virtual Size: '0x325c'
+        .pdata:
+            Entropy: 5.512999023457541
+            Virtual Size: '0x3a2c'
+        PAGE:
+            Entropy: 6.291915046471805
+            Virtual Size: '0x1ae4'
+        .edata:
+            Entropy: 5.779142854207373
+            Virtual Size: '0x5834'
+        INIT:
+            Entropy: 5.341865740296962
+            Virtual Size: '0x18a6'
+        .rsrc:
+            Entropy: 3.3420109781941383
+            Virtual Size: '0x568'
+        .reloc:
+            Entropy: 5.322414751159131
+            Virtual Size: '0x4c8'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2016-08-22 19:36:21'
+    Imphash: 60805da513b95c3d18a93b988bdfb58f
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: TmComm.sys
+    MD5: 8cb2ffb8bb0bbf8cd0dd685611854637
+    SHA1: 3ca51b23f8562485820883e894b448413891183a
+    SHA256: e4d9f037411284e996a002b15b49bc227d085ee869ae1cd91ba54ff7c244f036
+    Authentihash:
+        MD5: cc40deb90f473e8cc92ba1440f546068
+        SHA1: 0a8f087ac86cb29b206c436f8b2ce58c7f43ec7d
+        SHA256: ab3e5217c5ec836a882d68a23b017de5b4f88328510e4bcb9564759926aec89f
+    Description: TrendMicro Common Module
+    Company: Trend Micro Inc.
+    InternalName: TmComm.sys
+    OriginalFilename: TmComm.sys
+    FileVersion: 6.50.0.1058
+    Product: Trend Micro Eyes
+    ProductVersion: '6.50'
+    Copyright: Copyright (C) 2015 Trend Micro Incorporated. All rights reserved.
+    MachineType: I386
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    - CLASSPNP.SYS
+    ExportedFunctions:
+    - ??0CAutoUpdateConfigThread@@QAE@ABV0@@Z
+    - ??0CAutoUpdateConfigThread@@QAE@PAU_UNICODE_STRING@@P6GX0PAX@Z1@Z
+    - ??0CBlobConfig@@QAE@ABV0@@Z
+    - ??0CBlobConfig@@QAE@K@Z
+    - ??0CContext@@QAE@ABV0@@Z
+    - ??0CContext@@QAE@KP6GJPAU_EVENT_REPORT@@PAXPAU_TMCE_REPORT@@PAU_TMCE_FEEDBACK@@@Z1K@Z
+    - ??0CContextList@@QAE@ABV0@@Z
+    - ??0CContextList@@QAE@KPAVIMemoryAllocator@@@Z
+    - ??0CDebugLog@@QAE@ABV0@@Z
+    - ??0CDebugLog@@QAE@PBG@Z
+    - ??0CDebugLogEx@@QAE@ABV0@@Z
+    - ??0CDebugLogEx@@QAE@K@Z
+    - ??0CDelayLoadThread@@QAE@ABV0@@Z
+    - ??0CDelayLoadThread@@QAE@XZ
+    - ??0CExclusionExtConfig@@QAE@ABV0@@Z
+    - ??0CExclusionExtConfig@@QAE@KKE@Z
+    - ??0CExclusionFileNameConfig@@QAE@ABV0@@Z
+    - ??0CExclusionFileNameConfig@@QAE@KK@Z
+    - ??0CExclusionFilePathConfig@@QAE@ABV0@@Z
+    - ??0CExclusionFilePathConfig@@QAE@KK@Z
+    - ??0CExclusionFolderConfig@@QAE@ABV0@@Z
+    - ??0CExclusionFolderConfig@@QAE@KK@Z
+    - ??0CExclusionRegistryConfig@@QAE@ABV0@@Z
+    - ??0CExclusionRegistryConfig@@QAE@KK@Z
+    - ??0CFile@@QAE@ABV0@@Z
+    - ??0CFile@@QAE@E@Z
+    - ??0CFileExtension@@QAE@ABV0@@Z
+    - ??0CFileExtension@@QAE@KEEPAVIMemoryAllocator@@@Z
+    - ??0CInclusionExtConfig@@QAE@ABV0@@Z
+    - ??0CInclusionExtConfig@@QAE@KKE@Z
+    - ??0CInclusionFileNameConfig@@QAE@ABV0@@Z
+    - ??0CInclusionFileNameConfig@@QAE@KK@Z
+    - ??0CInclusionFilePathConfig@@QAE@ABV0@@Z
+    - ??0CInclusionFilePathConfig@@QAE@KK@Z
+    - ??0CInclusionFolderConfig@@QAE@ABV0@@Z
+    - ??0CInclusionFolderConfig@@QAE@KK@Z
+    - ??0CKEvent@@QAE@ABV0@@Z
+    - ??0CKEvent@@QAE@W4_EVENT_TYPE@@E@Z
+    - ??0CList@@QAE@ABV0@@Z
+    - ??0CList@@QAE@KPAVIMemoryAllocator@@@Z
+    - ??0CLockEvent@@QAE@ABV0@@Z
+    - ??0CLockEvent@@QAE@XZ
+    - ??0CLockList@@QAE@ABV0@@Z
+    - ??0CLockList@@QAE@KKPAVIMemoryAllocator@@@Z
+    - ??0CMemoryAllocator@@IAE@W4_POOL_TYPE@@K@Z
+    - ??0CMemoryAllocator@@QAE@ABV0@@Z
+    - ??0CMemoryPoolAllocator@@IAE@W4_POOL_TYPE@@KKK@Z
+    - ??0CMemoryPoolAllocator@@QAE@ABV0@@Z
+    - ??0CModuleConfig@@QAE@ABV0@@Z
+    - ??0CModuleConfig@@QAE@XZ
+    - ??0CModuleConfigList@@QAE@ABV0@@Z
+    - ??0CModuleConfigList@@QAE@KPAVIMemoryAllocator@@@Z
+    - ??0CModuleFileExtConfig@@QAE@ABV0@@Z
+    - ??0CModuleFileExtConfig@@QAE@KKE@Z
+    - ??0CModuleFlagConfig@@QAE@ABV0@@Z
+    - ??0CModuleFlagConfig@@QAE@K@Z
+    - ??0CModuleMultiStringConfig@@QAE@ABV0@@Z
+    - ??0CModuleMultiStringConfig@@QAE@KK@Z
+    - ??0CModuleStringConfig@@QAE@ABV0@@Z
+    - ??0CModuleStringConfig@@QAE@K@Z
+    - ??0CNoLockList@@QAE@ABV0@@Z
+    - ??0CNoLockList@@QAE@KKPAVIMemoryAllocator@@@Z
+    - ??0CSmartLock@@QAE@AAVCLockEvent@@@Z
+    - ??0CSmartLock@@QAE@XZ
+    - ??0CSmartReference@@QAE@AAJ@Z
+    - ??0CSmartReference@@QAE@AAK@Z
+    - ??0CSmartResource@@QAE@AAVCResource@@E@Z
+    - ??0CStrList@@QAE@ABV0@@Z
+    - ??0CStrList@@QAE@KPAVIMemoryAllocator@@@Z
+    - ??0CSystemThread@@QAE@ABV0@@Z
+    - ??0CSystemThread@@QAE@K@Z
+    - ??0CUserFuncAdapterJob@@QAE@ABV0@@Z
+    - ??0CUserFuncAdapterJob@@QAE@P6GXPAX@Z01@Z
+    - ??0CWorkerThread@@IAE@PAVCWorkerThreadJobQueue@@@Z
+    - ??0CWorkerThread@@QAE@ABV0@@Z
+    - ??0CWorkerThreadJob@@QAE@ABV0@@Z
+    - ??0CWorkerThreadJob@@QAE@E@Z
+    - ??0CWorkerThreadJobQueue@@QAE@ABV0@@Z
+    - ??0CWorkerThreadJobQueue@@QAE@K@Z
+    - ??0CWorkerThreadPool@@QAE@ABV0@@Z
+    - ??0CWorkerThreadPool@@QAE@K@Z
+    - ??0CWorkerThreadPoolEx@@QAE@ABV0@@Z
+    - ??0CWorkerThreadPoolEx@@QAE@KK@Z
+    - ??0IMemoryAllocator@@QAE@ABV0@@Z
+    - ??0IMemoryAllocator@@QAE@XZ
+    - ??1CAutoUpdateConfigThread@@UAE@XZ
+    - ??1CBlobConfig@@UAE@XZ
+    - ??1CContext@@UAE@XZ
+    - ??1CContextList@@UAE@XZ
+    - ??1CDebugLog@@UAE@XZ
+    - ??1CDebugLogEx@@UAE@XZ
+    - ??1CDelayLoadThread@@UAE@XZ
+    - ??1CExclusionExtConfig@@UAE@XZ
+    - ??1CExclusionFileNameConfig@@UAE@XZ
+    - ??1CExclusionFilePathConfig@@UAE@XZ
+    - ??1CExclusionFolderConfig@@UAE@XZ
+    - ??1CExclusionRegistryConfig@@UAE@XZ
+    - ??1CFile@@UAE@XZ
+    - ??1CFileExtension@@UAE@XZ
+    - ??1CInclusionExtConfig@@UAE@XZ
+    - ??1CInclusionFileNameConfig@@UAE@XZ
+    - ??1CInclusionFilePathConfig@@UAE@XZ
+    - ??1CInclusionFolderConfig@@UAE@XZ
+    - ??1CKEvent@@UAE@XZ
+    - ??1CList@@UAE@XZ
+    - ??1CLockEvent@@UAE@XZ
+    - ??1CLockList@@UAE@XZ
+    - ??1CMemoryAllocator@@UAE@XZ
+    - ??1CMemoryPoolAllocator@@UAE@XZ
+    - ??1CModuleConfig@@UAE@XZ
+    - ??1CModuleConfigList@@UAE@XZ
+    - ??1CModuleFileExtConfig@@UAE@XZ
+    - ??1CModuleFlagConfig@@UAE@XZ
+    - ??1CModuleMultiStringConfig@@UAE@XZ
+    - ??1CModuleStringConfig@@UAE@XZ
+    - ??1CNoLockList@@UAE@XZ
+    - ??1CSmartLock@@QAE@XZ
+    - ??1CSmartReference@@QAE@XZ
+    - ??1CSmartResource@@QAE@XZ
+    - ??1CStrList@@UAE@XZ
+    - ??1CSystemThread@@UAE@XZ
+    - ??1CUserFuncAdapterJob@@UAE@XZ
+    - ??1CWorkerThread@@UAE@XZ
+    - ??1CWorkerThreadJob@@UAE@XZ
+    - ??1CWorkerThreadJobQueue@@UAE@XZ
+    - ??1CWorkerThreadPool@@UAE@XZ
+    - ??1CWorkerThreadPoolEx@@UAE@XZ
+    - ??1IMemoryAllocator@@UAE@XZ
+    - ??2@YAPAXIPAVIMemoryAllocator@@PBDK@Z
+    - ??2CMemoryAllocator@@SGPAXI@Z
+    - ??2CMemoryPoolAllocator@@SGPAXI@Z
+    - ??3@YAXPAX@Z
+    - ??3IMemoryAllocator@@SGXPAX@Z
+    - ??4CAutoUpdateConfigThread@@QAEAAV0@ABV0@@Z
+    - ??4CBlobConfig@@QAEAAV0@ABV0@@Z
+    - ??4CContext@@QAEAAV0@ABV0@@Z
+    - ??4CDebugLog@@QAEAAV0@ABV0@@Z
+    - ??4CDebugLogEx@@QAEAAV0@ABV0@@Z
+    - ??4CDelayLoadThread@@QAEAAV0@ABV0@@Z
+    - ??4CFile@@QAEAAV0@ABV0@@Z
+    - ??4CKEvent@@QAEAAV0@ABV0@@Z
+    - ??4CLockEvent@@QAEAAV0@ABV0@@Z
+    - ??4CMemoryAllocator@@QAEAAV0@ABV0@@Z
+    - ??4CMemoryPoolAllocator@@QAEAAV0@ABV0@@Z
+    - ??4CModuleConfig@@QAEAAV0@ABV0@@Z
+    - ??4CModuleFlagConfig@@QAEAAV0@ABV0@@Z
+    - ??4CModuleStringConfig@@QAEAAV0@ABV0@@Z
+    - ??4CSmartLock@@QAEAAV0@ABV0@@Z
+    - ??4CSmartLock@@QAEABV0@AAVCLockEvent@@@Z
+    - ??4CSmartResource@@QAEAAV0@ABV0@@Z
+    - ??4CSystemThread@@QAEAAV0@ABV0@@Z
+    - ??4CUserFuncAdapterJob@@QAEAAV0@ABV0@@Z
+    - ??4CWorkerThread@@QAEAAV0@ABV0@@Z
+    - ??4CWorkerThreadJob@@QAEAAV0@ABV0@@Z
+    - ??4IMemoryAllocator@@QAEAAV0@ABV0@@Z
+    - ??_7CAutoUpdateConfigThread@@6B@
+    - ??_7CBlobConfig@@6B@
+    - ??_7CContext@@6B@
+    - ??_7CContextList@@6B@
+    - ??_7CDebugLog@@6B@
+    - ??_7CDebugLogEx@@6B@
+    - ??_7CDelayLoadThread@@6B@
+    - ??_7CExclusionExtConfig@@6B@
+    - ??_7CExclusionFileNameConfig@@6B@
+    - ??_7CExclusionFilePathConfig@@6B@
+    - ??_7CExclusionFolderConfig@@6B@
+    - ??_7CExclusionRegistryConfig@@6B@
+    - ??_7CFile@@6B@
+    - ??_7CFileExtension@@6B@
+    - ??_7CInclusionExtConfig@@6B@
+    - ??_7CInclusionFileNameConfig@@6B@
+    - ??_7CInclusionFilePathConfig@@6B@
+    - ??_7CInclusionFolderConfig@@6B@
+    - ??_7CKEvent@@6B@
+    - ??_7CList@@6B@
+    - ??_7CLockEvent@@6B@
+    - ??_7CLockList@@6B@
+    - ??_7CMemoryAllocator@@6B@
+    - ??_7CMemoryPoolAllocator@@6B@
+    - ??_7CModuleConfig@@6B@
+    - ??_7CModuleConfigList@@6B@
+    - ??_7CModuleFileExtConfig@@6B@
+    - ??_7CModuleFlagConfig@@6B@
+    - ??_7CModuleMultiStringConfig@@6B@
+    - ??_7CModuleStringConfig@@6B@
+    - ??_7CNoLockList@@6B@
+    - ??_7CStrList@@6B@
+    - ??_7CSystemThread@@6B@
+    - ??_7CUserFuncAdapterJob@@6B@
+    - ??_7CWorkerThread@@6B@
+    - ??_7CWorkerThreadJob@@6B@
+    - ??_7CWorkerThreadJobQueue@@6B@
+    - ??_7CWorkerThreadPool@@6B@
+    - ??_7CWorkerThreadPoolEx@@6B@
+    - ??_7IMemoryAllocator@@6B@
+    - ??_FCContextList@@QAEXXZ
+    - ??_FCFile@@QAEXXZ
+    - ??_FCFileExtension@@QAEXXZ
+    - ??_FCModuleConfigList@@QAEXXZ
+    - ??_FCStrList@@QAEXXZ
+    - ??_FCSystemThread@@QAEXXZ
+    - ??_FCWorkerThread@@QAEXXZ
+    - ??_FCWorkerThreadJob@@QAEXXZ
+    - ??_FCWorkerThreadJobQueue@@QAEXXZ
+    - ??_U@YAPAXIPAVIMemoryAllocator@@PBDK@Z
+    - ??_V@YAXPAX@Z
+    - ?Acquire@CLockEvent@@QAEXXZ
+    - ?Add@CContextList@@QAEEPAVCContext@@@Z
+    - ?Add@CFileExtension@@QAEEPBGK@Z
+    - ?Add@CModuleConfigList@@QAEEPAVCModuleConfig@@@Z
+    - ?Add@CStrList@@QAEEPBG@Z
+    - ?AddNode@CLockList@@UAEEQAXE@Z
+    - ?AddNode@CNoLockList@@UAEEQAXE@Z
+    - ?Alloc@CMemoryAllocator@@UAEPAXKPBDK@Z
+    - ?Alloc@CMemoryPoolAllocator@@UAEPAXKPBDK@Z
+    - ?AllocBlock@CMemoryPoolAllocator@@IAEPAXK@Z
+    - ?AttachJobQueue@CWorkerThread@@QAEXPAVCWorkerThreadJobQueue@@@Z
+    - ?Cancel@CWorkerThreadJob@@QAEXXZ
+    - ?CheckNode@CLockList@@UAEHQAX@Z
+    - ?CheckNode@CNoLockList@@UAEHQAX@Z
+    - ?CleanQueue@CWorkerThreadJobQueue@@QAEXXZ
+    - ?Cleanup@CBlobConfig@@AAEXXZ
+    - ?Cleanup@CModuleFileExtConfig@@IAEXXZ
+    - ?Cleanup@CModuleMultiStringConfig@@IAEXXZ
+    - ?Cleanup@CModuleStringConfig@@AAEXXZ
+    - ?Close@CFile@@QAEJXZ
+    - ?Count@CLockList@@QAEKXZ
+    - ?Count@CNoLockList@@QAEKXZ
+    - ?Create@CFile@@QAEJPBGKKKK@Z
+    - ?Create@CSystemThread@@QAEEXZ
+    - ?CreateInstance@CMemoryAllocator@@SGPAV1@W4_POOL_TYPE@@K@Z
+    - ?CreateInstance@CMemoryPoolAllocator@@SGPAV1@W4_POOL_TYPE@@KKK@Z
+    - ?CreatePool@CWorkerThreadPool@@QAEEXZ
+    - ?CreatePool@CWorkerThreadPoolEx@@QAEEXZ
+    - ?CreateThreads@CWorkerThreadPool@@QAEEK@Z
+    - ?CreateThreads@CWorkerThreadPoolEx@@QAEEK@Z
+    - ?CreateWIRP@CFile@@QAEJPBGKKKK@Z
+    - ?Delete@CFile@@QAEJXZ
+    - ?Delete@CFileExtension@@QAEEPBGK@Z
+    - ?Delete@CStrList@@QAEEPBG@Z
+    - ?DeleteAll@CList@@UAEXXZ
+    - ?DeleteAll@CLockList@@UAEXXZ
+    - ?DeleteAll@CNoLockList@@UAEXXZ
+    - ?DeleteNode@CContextList@@MAEXPAX@Z
+    - ?DeleteNode@CList@@UAEXPAX@Z
+    - ?DeleteNode@CModuleConfigList@@MAEXPAX@Z
+    - ?DeleteNode@CStrList@@EAEXPAU_STR_LIST_NODE@1@@Z
+    - ?DisableWriteProtectFromCR0@@YGXPAPAX@Z
+    - ?DoIt@CWorkerThreadJob@@QAEJXZ
+    - ?EntryPoint@CSystemThread@@KGXPAX@Z
+    - ?Find@CContextList@@QAEPAVCContext@@K@Z
+    - ?Find@CContextList@@QAEPAVCContext@@PAX@Z
+    - ?Find@CFileExtension@@QAEPAU_STR_LIST_NODE@CStrList@@PBGK@Z
+    - ?Find@CModuleConfigList@@QAEPAVCModuleConfig@@K@Z
+    - ?Find@CStrList@@QAEPAU_STR_LIST_NODE@1@PBG@Z
+    - ?FindNode@CContextList@@IAEPAXPAX@Z
+    - ?FindPartiallyAndAllMatch@CStrList@@QAEPAU_STR_LIST_NODE@1@PBG@Z
+    - ?FinishFunction@CUserFuncAdapterJob@@MAEXXZ
+    - ?FinishIt@CWorkerThreadJob@@QAEJXZ
+    - ?First@CList@@UAEPAXXZ
+    - ?First@CLockList@@UAEPAXXZ
+    - ?First@CNoLockList@@UAEPAXXZ
+    - ?Free@CMemoryAllocator@@UAEXPAX@Z
+    - ?Free@CMemoryPoolAllocator@@UAEXPAX@Z
+    - ?GetAttributes@CFile@@QAEKXZ
+    - ?GetBasicInfomration@CFile@@IAEJXZ
+    - ?GetBlobCofig@CContext@@UAEJKPAXPAK@Z
+    - ?GetCategory@CContext@@QAEKXZ
+    - ?GetData@CBlobConfig@@QAEHPAXPAK@Z
+    - ?GetData@CModuleFileExtConfig@@QAEHPAGPAK@Z
+    - ?GetData@CModuleFileExtConfig@@QAEPAVCFileExtension@@XZ
+    - ?GetData@CModuleFlagConfig@@QAEKXZ
+    - ?GetData@CModuleMultiStringConfig@@QAEHPAGPAK@Z
+    - ?GetData@CModuleMultiStringConfig@@QAEPAVCStrList@@XZ
+    - ?GetData@CModuleStringConfig@@QAEPAGXZ
+    - ?GetData@CStrList@@QAEEPAGPAK@Z
+    - ?GetDataType@CModuleConfig@@QAEKXZ
+    - ?GetEngineContext@CContext@@QAEPAXXZ
+    - ?GetFileExtensionConfig@CContext@@QAEPAVCFileExtension@@K@Z
+    - ?GetFileExtensionConfig@CContext@@UAEJKPAGPAK@Z
+    - ?GetFileSize@CFile@@QAEJPAT_LARGE_INTEGER@@@Z
+    - ?GetFileSizeWIRP@CFile@@QAEJPAT_LARGE_INTEGER@@@Z
+    - ?GetFlagConfig@CContext@@UAEJKPAK@Z
+    - ?GetID@CModuleConfig@@QAEKXZ
+    - ?GetJob@CWorkerThreadJobQueue@@QAEPAVCWorkerThreadJob@@XZ
+    - ?GetLength@CModuleStringConfig@@QAEKXZ
+    - ?GetLinkContext@CContext@@QAEPAXXZ
+    - ?GetLogFlag@CDebugLog@@QAEKXZ
+    - ?GetLogFlag@CDebugLogEx@@QAEKXZ
+    - ?GetModuleId@CModuleConfig@@QAEKXZ
+    - ?GetMultiStringConfig@CContext@@QAEPAVCStrList@@K@Z
+    - ?GetMultiStringConfig@CContext@@UAEJKPAGPAK@Z
+    - ?GetOneThreadTEB@CWorkerThreadPool@@QAEPAU_ETHREAD@@XZ
+    - ?GetOneThreadTEB@CWorkerThreadPool@@QAEPAU_KTHREAD@@XZ
+    - ?GetOneThreadTEB@CWorkerThreadPoolEx@@QAEPAU_ETHREAD@@XZ
+    - ?GetOneThreadTEB@CWorkerThreadPoolEx@@QAEPAU_KTHREAD@@XZ
+    - ?GetReportCallBackRoutine@CContext@@QAEKXZ
+    - ?GetSize@CBlobConfig@@QAEKXZ
+    - ?GetStringConfig@CContext@@QAEPAGK@Z
+    - ?GetStringConfig@CContext@@UAEJKPAGPAK@Z
+    - ?GetThreadCount@CWorkerThreadPool@@QAEKXZ
+    - ?GetThreadCount@CWorkerThreadPoolEx@@QAEKXZ
+    - ?GetThreadID@CSystemThread@@QAEKXZ
+    - ?GetType@CContext@@QAEKXZ
+    - ?GetUserParameter@CContext@@QAEKXZ
+    - ?InitProcMon@CDebugLogEx@@IAEXXZ
+    - ?InitializeBlobConfig@CContext@@QAEHKPAXK@Z
+    - ?InitializeFileExtensionConfig@CContext@@QAEHKPBG@Z
+    - ?InitializeFlagConfig@CContext@@QAEHKK@Z
+    - ?InitializeMultiStringConfig@CContext@@QAEHKPBG@Z
+    - ?InitializeStringConfig@CContext@@QAEHKPBG@Z
+    - ?Insert@CList@@UAEXQAXE@Z
+    - ?Insert@CLockList@@UAEXQAXE@Z
+    - ?Insert@CNoLockList@@UAEXQAXE@Z
+    - ?InsertAfter@CList@@UAEXPAX0@Z
+    - ?InsertBefore@CList@@UAEXPAX0@Z
+    - ?Instance@CWorkerThreadPool@@SGPAV1@XZ
+    - ?IsEmpty@CList@@UAEEXZ
+    - ?IsEmpty@CLockList@@UAEEXZ
+    - ?IsEmpty@CNoLockList@@UAEEXZ
+    - ?IsExceedLimitation@CMemoryPoolAllocator@@IAEEK@Z
+    - ?IsFull@CLockList@@QBEEXZ
+    - ?IsFull@CNoLockList@@QBEEXZ
+    - ?IsInExclusionList@CExclusionExtConfig@@QAEEPBG@Z
+    - ?IsInExclusionList@CExclusionFileNameConfig@@QAEEPBG@Z
+    - ?IsInExclusionList@CExclusionFilePathConfig@@QAEEPBG@Z
+    - ?IsInExclusionList@CExclusionFolderConfig@@QAEEPBG@Z
+    - ?IsInExclusionList@CExclusionRegistryConfig@@QAEEPBG@Z
+    - ?IsInInclusionList@CInclusionExtConfig@@QAEEPBG@Z
+    - ?IsInInclusionList@CInclusionFileNameConfig@@QAEEPBG@Z
+    - ?IsInInclusionList@CInclusionFilePathConfig@@QAEEPBG@Z
+    - ?IsInInclusionList@CInclusionFolderConfig@@QAEEPBG@Z
+    - ?IsOpened@CFile@@QAEEXZ
+    - ?IsTerminated@CWorkerThreadPool@@QAEEXZ
+    - ?IsTerminated@CWorkerThreadPoolEx@@QAEEXZ
+    - ?IsValid@CMemoryAllocator@@UAEEXZ
+    - ?IsValid@CMemoryPoolAllocator@@UAEEXZ
+    - ?IsValid@IMemoryAllocator@@UAEEXZ
+    - ?IsWorkerThread@CWorkerThreadPool@@QAEEK@Z
+    - ?IsWorkerThread@CWorkerThreadPoolEx@@QAEEK@Z
+    - ?JobFunction@CUserFuncAdapterJob@@MAEXXZ
+    - ?JobQueue@CWorkerThreadPool@@QAEAAVCWorkerThreadJobQueue@@XZ
+    - ?JobQueue@CWorkerThreadPoolEx@@QAEAAVCWorkerThreadJobQueue@@XZ
+    - ?Limit@CLockList@@QAEKXZ
+    - ?Limit@CNoLockList@@QAEKXZ
+    - ?MatchAllExtensions@CFileExtension@@QAEEXZ
+    - ?MatchNoExtensions@CFileExtension@@QAEEXZ
+    - ?MergeLeft@CMemoryPoolAllocator@@IAEPAXPAX@Z
+    - ?MergeRight@CMemoryPoolAllocator@@IAEPAXPAX@Z
+    - ?NeedDelete@CWorkerThreadJob@@QAEEXZ
+    - ?NeedDeleteWhenFinish@CWorkerThreadJob@@QAEXE@Z
+    - ?NewNode@CList@@UAEPAXXZ
+    - ?NewNode@CStrList@@EAEPAXXZ
+    - ?NewNodeVariant@CList@@IAEPAXK@Z
+    - ?Next@CList@@UBEPAXQAX@Z
+    - ?Next@CLockList@@UBEPAXQAX@Z
+    - ?Next@CNoLockList@@UBEPAXQAX@Z
+    - ?NextPool@CMemoryPoolAllocator@@QAEPAV1@XZ
+    - ?NotityTerminate@CWorkerThread@@QAEXXZ
+    - ?PostJobToWorkerThread@CWorkerThreadPool@@QAEJP6GXPAX@Z0E@Z
+    - ?PostJobToWorkerThread@CWorkerThreadPoolEx@@QAEJP6GXPAX@Z0E1@Z
+    - ?Pulse@CKEvent@@QAEJJE@Z
+    - ?QueueJob@CWorkerThreadJobQueue@@QAEEPAVCWorkerThreadJob@@@Z
+    - ?QueueJobItem@CWorkerThreadPool@@QAEJPAVCWorkerThreadJob@@@Z
+    - ?QueueJobItem@CWorkerThreadPoolEx@@QAEJPAVCWorkerThreadJob@@@Z
+    - ?RCMInstance@CWorkerThreadPool@@SGPAV1@XZ
+    - ?Read@CFile@@QAEJPADKPAK@Z
+    - ?ReadWIRP@CFile@@QAEJPADKPAK@Z
+    - ?ReferenceCount@CContext@@QAEAAKXZ
+    - ?Release@CLockEvent@@QAEXXZ
+    - ?Remove@CContextList@@UAEEQAX@Z
+    - ?Remove@CList@@UAEEQAX@Z
+    - ?Remove@CLockList@@UAEEQAX@Z
+    - ?Remove@CNoLockList@@UAEEQAX@Z
+    - ?RemoveHead@CList@@UAEPAXXZ
+    - ?RemoveHead@CLockList@@UAEPAXXZ
+    - ?RemoveHead@CNoLockList@@UAEPAXXZ
+    - ?RemoveTail@CList@@UAEPAXXZ
+    - ?RemoveTail@CLockList@@UAEPAXXZ
+    - ?RemoveTail@CNoLockList@@UAEPAXXZ
+    - ?Reset@CKEvent@@QAEXXZ
+    - ?ResetData@CInclusionExtConfig@@QAEXXZ
+    - ?ResetData@CInclusionFileNameConfig@@QAEXXZ
+    - ?ResetData@CInclusionFilePathConfig@@QAEXXZ
+    - ?ResetData@CInclusionFolderConfig@@QAEXXZ
+    - ?RestoreCR0@@YGXPAX@Z
+    - ?Run@CAutoUpdateConfigThread@@UAEXXZ
+    - ?Run@CDelayLoadThread@@UAEXXZ
+    - ?Run@CWorkerThread@@UAEXXZ
+    - ?SeekToEnd@CFile@@QAEJXZ
+    - ?Set@CKEvent@@QAEJJE@Z
+    - ?SetAttributes@CFile@@QAEJK@Z
+    - ?SetBlobCofig@CContext@@UAEJKPAXK@Z
+    - ?SetData@CBlobConfig@@QAEHPAXK@Z
+    - ?SetData@CModuleFileExtConfig@@QAEHPBG@Z
+    - ?SetData@CModuleFlagConfig@@QAEHK@Z
+    - ?SetData@CModuleMultiStringConfig@@QAEHPBGK@Z
+    - ?SetData@CModuleStringConfig@@QAEHPBG@Z
+    - ?SetEngineContext@CContext@@QAEXPAX@Z
+    - ?SetFileExtensionConfig@CContext@@UAEJKPBG@Z
+    - ?SetFlagConfig@CContext@@UAEJKK@Z
+    - ?SetLinkContext@CContext@@QAEXPAX@Z
+    - ?SetLogFlag@CDebugLog@@QAEEK@Z
+    - ?SetLogFlag@CDebugLogEx@@QAEEK@Z
+    - ?SetMatchAllExtensions@CFileExtension@@QAEXE@Z
+    - ?SetMatchNoExtensions@CFileExtension@@QAEXE@Z
+    - ?SetMultiStringConfig@CContext@@UAEJKPBG@Z
+    - ?SetNewJobItemEvent@CWorkerThreadJobQueue@@QAEXXZ
+    - ?SetPriority@CSystemThread@@QAEXK@Z
+    - ?SetStopUse@CContext@@QAEXXZ
+    - ?SetStringConfig@CContext@@UAEJKPBG@Z
+    - ?Setup@CSystemThread@@MAEXXZ
+    - ?StopUse@CContext@@QAEHXZ
+    - ?TearDown@CSystemThread@@MAEXXZ
+    - ?Terminate@CSystemThread@@QAEXE@Z
+    - ?Terminate@CWorkerThreadPool@@QAEEXZ
+    - ?Terminate@CWorkerThreadPoolEx@@QAEEXZ
+    - ?TmExceptionFilter@@YGJPAU_EXCEPTION_POINTERS@@@Z
+    - ?Wait@CKEvent@@QAEJPAT_LARGE_INTEGER@@E@Z
+    - ?WaitFinish@CWorkerThreadJob@@QAEXXZ
+    - ?WaitForInit@CDelayLoadThread@@QAEEXZ
+    - ?WaitForLoad@CDelayLoadThread@@QAEEXZ
+    - ?WaitNewJobAvailable@CWorkerThreadJobQueue@@QAEEXZ
+    - ?WaitQueueEmpty@CWorkerThreadJobQueue@@QAEXXZ
+    - ?Write@CDebugLog@@QAAXPBDZZ
+    - ?Write@CDebugLogEx@@QAAXPBDZZ
+    - ?Write@CFile@@QAEJPADKPAT_LARGE_INTEGER@@PAK@Z
+    - ?WriteDataToFile@CDebugLogEx@@IAEXPADK@Z
+    - ?WriteDataToProcMonW@CDebugLogEx@@IAEXPAD@Z
+    - ?WriteSystemInformation@CDebugLog@@QAEXXZ
+    - ?WriteSystemInformation@CDebugLogEx@@QAEXXZ
+    - ?WriteSystemStringInformation@CDebugLog@@IAEXPBG@Z
+    - ?WriteSystemStringInformation@CDebugLogEx@@IAEXPBG@Z
+    - ?WriteToFile@CDebugLog@@IAEXPADK@Z
+    - ?WriteToProcMonW@CDebugLogEx@@IAEXPAU_UNICODE_STRING@@@Z
+    - ?_pNonPagedAllocator@@3PAVCMemoryAllocator@@A
+    - ?_pPagedAllocator@@3PAVCMemoryAllocator@@A
+    - ?m_lpInstance@CWorkerThreadPool@@1PAV1@A
+    - ?m_lpRCMInstance@CWorkerThreadPool@@1PAV1@A
+    - _DeInitKm2UmCommunication@0
+    - _DeInitKmLPC@0
+    - _DuplicateFullFileName@4
+    - _FreeFullFileName@4
+    - _GetKm2UmMode@0
+    - _GetModuleInfoByAddress@8
+    - _GetModuleInfoByModuleName@8
+    - _InitKm2UmCommunication@8
+    - _InitKmLPC@0
+    - _IsWindows8_1_update@4
+    - _KmCallUm@8
+    - _KmCallUmByLPC@8
+    - _KmCallUmEx@12
+    - _KmCleanupCommPortAPIs@0
+    - _KmGetUmInitProcess@0
+    - _KmSetCommPortAPIs@4
+    - _ModGetExportProcAddress@8
+    - _ModLoadDLLToBuffer@4
+    - _ModLoadDLLToBufferWithImageSize@8
+    - _ModLoadModule@8
+    - _ModUnLoadModule@4
+    - _NormalizeFileName@4
+    - _NormalizeFullNtPathToDosName@4
+    - _TmCommConfigRoutine@4
+    - _UtilAddDeviceInDriveTable@4
+    - _UtilAddReparsePointMapping@8
+    - _UtilCleanFileReadOnly@4
+    - _UtilCreateDosFileName@8
+    - _UtilDeleteFileForce@4
+    - _UtilGetDeviceObjectName@8
+    - _UtilGetFileNameFromFileObject@4
+    - _UtilGetFileObjectForProcessByEPROC@8
+    - _UtilGetFileObjectFromFileName@12
+    - _UtilGetProcessName@12
+    - _UtilGetSystemDirectory@4
+    - _UtilGetSystemDirectoryEx@0
+    - _UtilGetSystemDirectoryLength@0
+    - _UtilGetSystemTime@4
+    - _UtilIoSetFileInfo@24
+    - _UtilIopCreateFileIRP@40
+    - _UtilKeGetLowFileDevice@16
+    - _UtilModuleIATHook@24
+    - _UtilModuleIATUnHook@8
+    - _UtilPostJobToWorkerThread@12
+    - _UtilQueryKeyValue@24
+    - _UtilRemoveDeviceFromDriveTable@4
+    - _UtilVolumeDeviceToDosName@8
+    - _UtilWaitValueChangeToZero@8
+    - _UtilWriteVersionToRegistry@8
+    - _UtilbuildDynamicDiskMappingTable@0
+    - _UtlWriteBinValueKeyToRegistry@16
+    - _ValidateAddressWithSize@20
+    - __UtilDosPathNameToNtPathName@12
+    ImportedFunctions:
+    - wcsrchr
+    - KeSetEvent
+    - KePulseEvent
+    - KeClearEvent
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - ObfDereferenceObject
+    - ZwSetEvent
+    - ZwClose
+    - ZwConnectPort
+    - RtlInitUnicodeString
+    - RtlUnicodeStringToInteger
+    - ZwCreateSection
+    - ZwWaitForSingleObject
+    - ZwOpenEvent
+    - IoGetCurrentProcess
+    - ObfReferenceObject
+    - DbgBreakPoint
+    - ZwRequestWaitReplyPort
+    - ExFreePoolWithTag
+    - ProbeForWrite
+    - ZwFreeVirtualMemory
+    - ZwAllocateVirtualMemory
+    - ObOpenObjectByPointer
+    - PsProcessType
+    - memmove
+    - PsGetProcessExitTime
+    - MmSectionObjectType
+    - PsThreadType
+    - MmGetSystemRoutineAddress
+    - ObReleaseObjectSecurity
+    - SeReleaseSubjectContext
+    - SeAccessCheck
+    - SeCaptureSubjectContext
+    - ObGetObjectSecurity
+    - DbgPrint
+    - memset
+    - MmIsAddressValid
+    - ExInitializeResourceLite
+    - ExDeleteResourceLite
+    - ZwWriteFile
+    - ZwReadFile
+    - ZwQueryInformationFile
+    - ZwSetInformationFile
+    - ZwCreateFile
+    - swprintf
+    - towupper
+    - _wcsnicmp
+    - ExAllocatePoolWithTag
+    - KeInitializeEvent
+    - _snprintf
+    - PsGetCurrentProcessId
+    - RtlTimeToTimeFields
+    - ExSystemTimeToLocalTime
+    - KeQuerySystemTime
+    - PsGetCurrentThreadId
+    - RtlInitAnsiString
+    - ZwDeviceIoControlFile
+    - ZwCreateKey
+    - ZwCreateEvent
+    - KeWaitForMultipleObjects
+    - ObReferenceObjectByHandle
+    - ZwNotifyChangeKey
+    - _vsnprintf
+    - RtlFreeUnicodeString
+    - RtlAnsiStringToUnicodeString
+    - RtlEqualUnicodeString
+    - RtlAppendUnicodeStringToString
+    - RtlCopyUnicodeString
+    - RtlUpcaseUnicodeChar
+    - ExGetPreviousMode
+    - KeWaitForSingleObject
+    - KeSetPriorityThread
+    - PsTerminateSystemThread
+    - PsCreateSystemThread
+    - KeDelayExecutionThread
+    - KeNumberProcessors
+    - ZwQueryInformationProcess
+    - PsLookupProcessByProcessId
+    - ZwOpenDirectoryObject
+    - PsSetCreateProcessNotifyRoutine
+    - ZwQuerySystemInformation
+    - ZwQueryDirectoryFile
+    - ZwQueryDirectoryObject
+    - ZwDuplicateObject
+    - ZwOpenKey
+    - ZwEnumerateKey
+    - ZwEnumerateValueKey
+    - ZwQueryValueKey
+    - ZwDeleteValueKey
+    - ZwDeleteKey
+    - ZwTerminateProcess
+    - ZwOpenProcess
+    - ZwQueryKey
+    - ZwSetValueKey
+    - IoFileObjectType
+    - _allrem
+    - memcpy
+    - ZwSetSecurityObject
+    - RtlLengthSecurityDescriptor
+    - MmHighestUserAddress
+    - IoFreeIrp
+    - IoFreeMdl
+    - _purecall
+    - IoBuildAsynchronousFsdRequest
+    - _strnicmp
+    - RtlQueryRegistryValues
+    - RtlAppendUnicodeToString
+    - mbstowcs
+    - ZwQuerySymbolicLinkObject
+    - ZwOpenSymbolicLinkObject
+    - NtClose
+    - ObQueryNameString
+    - ZwSetInformationObject
+    - _stricmp
+    - ZwUnmapViewOfSection
+    - ZwMapViewOfSection
+    - ZwOpenFile
+    - IoCreateFile
+    - IofCallDriver
+    - IoAllocateIrp
+    - MmBuildMdlForNonPagedPool
+    - IoAllocateMdl
+    - ProbeForRead
+    - PsGetVersion
+    - RtlImageNtHeader
+    - RtlCompareMemory
+    - RtlUpcaseUnicodeString
+    - _snwprintf
+    - MmSystemRangeStart
+    - wcsncmp
+    - strrchr
+    - ZwQueryVolumeInformationFile
+    - ObReferenceObjectByPointer
+    - IoBuildDeviceIoControlRequest
+    - ZwOpenSection
+    - _allmul
+    - KeReleaseSemaphore
+    - RtlLengthRequiredSid
+    - RtlInitializeSid
+    - RtlSubAuthoritySid
+    - RtlSetDaclSecurityDescriptor
+    - RtlCreateSecurityDescriptor
+    - RtlAddAccessAllowedAce
+    - RtlCreateAcl
+    - KeInitializeSemaphore
+    - IofCompleteRequest
+    - ExEventObjectType
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - IoCreateSymbolicLink
+    - IoGetDeviceObjectPointer
+    - RtlUpperChar
+    - ObReferenceObjectByName
+    - IoDriverObjectType
+    - RtlCompareUnicodeString
+    - strncpy
+    - KeServiceDescriptorTable
+    - NtOpenProcess
+    - ObOpenObjectByName
+    - NtQueryInformationProcess
+    - PsIsThreadTerminating
+    - KeAddSystemServiceTable
+    - ZwQueryObject
+    - ZwFsControlFile
+    - ObInsertObject
+    - IoReleaseVpbSpinLock
+    - IoAcquireVpbSpinLock
+    - SeCreateAccessState
+    - IoGetFileObjectGenericMapping
+    - ObCreateObject
+    - _allshr
+    - ExInterlockedPopEntrySList
+    - IoGetStackLimits
+    - IoBuildSynchronousFsdRequest
+    - wcsstr
+    - IoUnregisterPlugPlayNotification
+    - FsRtlIsNameInExpression
+    - IoGetConfigurationInformation
+    - MmProbeAndLockPages
+    - IoGetDeviceInterfaces
+    - IoRegisterPlugPlayNotification
+    - ExAllocatePool
+    - RtlFreeAnsiString
+    - RtlUnicodeStringToAnsiString
+    - strncat
+    - wcschr
+    - wcsncat
+    - wcstombs
+    - KeTickCount
+    - KeBugCheckEx
+    - RtlUnwind
+    - wcsncpy
+    - ExReleaseResourceLite
+    - ExAcquireResourceExclusiveLite
+    - ExAcquireResourceSharedLite
+    - ExReleaseFastMutexUnsafe
+    - KeLeaveCriticalRegion
+    - KeEnterCriticalRegion
+    - ZwQuerySecurityObject
+    - ExAcquireFastMutexUnsafe
+    - IoDeviceObjectType
+    - IoCreateDevice
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetSaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - SeExports
+    - IoIsWdmVersionAvailable
+    - RtlLengthSid
+    - RtlAbsoluteToSelfRelativeSD
+    - MmUnlockPages
+    - KeGetCurrentThread
+    - KfAcquireSpinLock
+    - KfReleaseSpinLock
+    - KeRaiseIrqlToDpcLevel
+    - KfLowerIrql
+    - ExAcquireFastMutex
+    - ExReleaseFastMutex
+    - KeGetCurrentIrql
+    - KfRaiseIrql
+    - ClassInitialize
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited,
+                CN=COMODO Time Stamping Signer
+            ValidFrom: '2015-05-05 00:00:00'
+            ValidTo: '2015-12-31 23:59:59'
+            Signature: 0dbbad60111bb5f00dcce6483a7a3e0e33dc1cb9ead620fea34dd0cc764ee818d879dfd34f9a4264238a29728a3a6c66a63c3a17a8704565c673c3d0ce8954fbac690f58b019cb869f7eb97eeb5192bf9bddebd165f0257b887cdebda5c8b51451bcc081308a85387be679fe67559387fe4fe88d0eedf37292b5c289806dd159e31d0deab138ee039d0019a5ab219b79c3ccc23e687ebdc94d694db46451fbb22874e25389ce9dfaade2dbceab7b7e064474fd0aa3c9b7a730cd49d29264f122a6b828457479e9a7ce3b33f98350947d68c01d49c760787a3c6426d5befa0a6de41ee109538fa9c523acc79d614221f02c1671493b10af2c6f1ae631f114fd6c
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 009feac811b0f16247a5fc20d80523ace6
+            Version: 3
+            TBS:
+                MD5: b6aa9cf28bcfc9f07ec1069fb425ab61
+                SHA1: ca7a166fcd53878ba5a38d4cac37c63513cfc1fa
+                SHA256: 711394fc49f8948a831f687d42ced6b18514f57786ecc6cdbc3c3eb72e568a40
+                SHA384: ca01f9c9ed4e1ddff7126b7bbf618bc8132429886ca563f86655429e928739c621b9fdea6e04a623712cbb998c5c7d77
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=TW, ST=Taiwan, L=Taipei, O=Trend Micro, Inc., CN=Trend Micro,
+                Inc.
+            ValidFrom: '2015-02-20 00:00:00'
+            ValidTo: '2016-05-21 23:59:59'
+            Signature: e480eb7f78216a855e34dbcb712d3879d6b1744c823c8e78c3661e55182a5c1f3a03686169393ef8778c893a49604a79769f5ba7156426c5431ae729a8dc5f8e22b14d124e46eff3f4f660552a57250a15e15d07ad548a02cddf8a204b5010be387a05b1019f618cf15078d80a809a7272b1822a63862c7db194f12697a786001ef630ac9d8bf9f5475191f327b8ed4839dff1ef65e5eb8f91379a66366451f99cb633848c57d4392096e6080fa327b23fc3834ad4f6043904d6c5aeb35454a265b3fda38167cffa8394f092a74bad1ea386f63b7baeb95271a97fc3bff0a2bc96a834f280a254d7170e5cc2830f3bd0649178f8b04514ecd1103753b1762902
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1519396ee230f02cad1fcfdb077a35f0
+            Version: 3
+            TBS:
+                MD5: 7e2a6f93403382b4ec42463426d0a4b5
+                SHA1: 62acc697c0e2dc37f3d37ab79751637346e051e2
+                SHA256: 3e9a51973a839e5bc6e81c886e085b777d08ce2b24f816b7552cf2c44e322d59
+                SHA384: e6206b8dc5d081bcf85545a545ebe91bb0c796b5b94bf0b915223440f73a2cea4ca0981d8da85ae07384918a1f7c927d
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 1519396ee230f02cad1fcfdb077a35f0
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: c060a624a43f3a4972ee081f9209e4d3
+        SHA1: e630bbef7195d2e1c16d683b8f18c182aef98dc7
+        SHA256: b574f3894ffb1b628c20191e085a4ada2a5f0eb04ea86a3a1ddc1d9fffd22f99
+    Sections:
+        .text:
+            Entropy: 6.6768648137671205
+            Virtual Size: '0x375c6'
+        .rdata:
+            Entropy: 5.004610458427527
+            Virtual Size: '0x242c'
+        .data:
+            Entropy: 4.354020614583572
+            Virtual Size: '0x314c'
+        PAGE:
+            Entropy: 6.301432032291849
+            Virtual Size: '0x13dd'
+        .edata:
+            Entropy: 5.81205169707919
+            Virtual Size: '0x5540'
+        INIT:
+            Entropy: 5.687168375595582
+            Virtual Size: '0x16a2'
+        .rsrc:
+            Entropy: 3.4082708252413982
+            Virtual Size: '0x760'
+        .reloc:
+            Entropy: 6.570450611341717
+            Virtual Size: '0x34f0'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2015-05-29 01:42:42'
+    Imphash: 92caaf6ebb43bbe61f3da8526172f776
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: TmComm.sys
+    MD5: 59f6320772a2e6b0b3587536be4cc022
+    SHA1: fc8fbd92f6e64682360885c188d1bdfbc14ca579
+    SHA256: ec5fac0b6bb267a2bd10fc80c8cca6718439d56e82e053d3ff799ce5f3475db5
+    Authentihash:
+        MD5: d47678b2b6a24ffb8778d44bb2245abf
+        SHA1: 27ac9d934e3a700c1d391cfbaecff8049a6ed97c
+        SHA256: cb21a13819bf295f34f5b34e3e566d25d880b045831e90ff610daf9e8b1f15cd
+    Description: TrendMicro Common Module
+    Company: Trend Micro Inc.
+    InternalName: TmComm.sys
+    OriginalFilename: TmComm.sys
+    FileVersion: 6.70.0.1078
+    Product: Trend Micro Eyes
+    ProductVersion: '6.70'
+    Copyright: Copyright (C) 2015 Trend Micro Incorporated. All rights reserved.
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions:
+    - ??0CAutoUpdateConfigThread@@QEAA@AEBV0@@Z
+    - ??0CAutoUpdateConfigThread@@QEAA@PEAU_UNICODE_STRING@@P6AX0PEAX@Z1@Z
+    - ??0CBlobConfig@@QEAA@AEBV0@@Z
+    - ??0CBlobConfig@@QEAA@K@Z
+    - ??0CContext@@QEAA@AEBV0@@Z
+    - ??0CContext@@QEAA@KP6AJPEAU_EVENT_REPORT@@PEAXPEAU_TMCE_REPORT@@PEAU_TMCE_FEEDBACK@@@Z1K@Z
+    - ??0CContextList@@QEAA@AEBV0@@Z
+    - ??0CContextList@@QEAA@KPEAVIMemoryAllocator@@@Z
+    - ??0CDebugLog@@QEAA@AEBV0@@Z
+    - ??0CDebugLog@@QEAA@PEBG@Z
+    - ??0CDebugLogEx@@QEAA@AEBV0@@Z
+    - ??0CDebugLogEx@@QEAA@K@Z
+    - ??0CDelayLoadThread@@QEAA@AEBV0@@Z
+    - ??0CDelayLoadThread@@QEAA@XZ
+    - ??0CExclusionExtConfig@@QEAA@AEBV0@@Z
+    - ??0CExclusionExtConfig@@QEAA@KKE@Z
+    - ??0CExclusionFileNameConfig@@QEAA@AEBV0@@Z
+    - ??0CExclusionFileNameConfig@@QEAA@KK@Z
+    - ??0CExclusionFilePathConfig@@QEAA@AEBV0@@Z
+    - ??0CExclusionFilePathConfig@@QEAA@KK@Z
+    - ??0CExclusionFolderConfig@@QEAA@AEBV0@@Z
+    - ??0CExclusionFolderConfig@@QEAA@KK@Z
+    - ??0CExclusionRegistryConfig@@QEAA@AEBV0@@Z
+    - ??0CExclusionRegistryConfig@@QEAA@KK@Z
+    - ??0CFile@@QEAA@AEBV0@@Z
+    - ??0CFile@@QEAA@E@Z
+    - ??0CFileExtension@@QEAA@AEBV0@@Z
+    - ??0CFileExtension@@QEAA@KEEPEAVIMemoryAllocator@@@Z
+    - ??0CInclusionExtConfig@@QEAA@AEBV0@@Z
+    - ??0CInclusionExtConfig@@QEAA@KKE@Z
+    - ??0CInclusionFileNameConfig@@QEAA@AEBV0@@Z
+    - ??0CInclusionFileNameConfig@@QEAA@KK@Z
+    - ??0CInclusionFilePathConfig@@QEAA@AEBV0@@Z
+    - ??0CInclusionFilePathConfig@@QEAA@KK@Z
+    - ??0CInclusionFolderConfig@@QEAA@AEBV0@@Z
+    - ??0CInclusionFolderConfig@@QEAA@KK@Z
+    - ??0CKEvent@@QEAA@AEBV0@@Z
+    - ??0CKEvent@@QEAA@W4_EVENT_TYPE@@E@Z
+    - ??0CList@@QEAA@AEBV0@@Z
+    - ??0CList@@QEAA@KPEAVIMemoryAllocator@@@Z
+    - ??0CLockEvent@@QEAA@AEBV0@@Z
+    - ??0CLockEvent@@QEAA@XZ
+    - ??0CLockList@@QEAA@AEBV0@@Z
+    - ??0CLockList@@QEAA@KKPEAVIMemoryAllocator@@@Z
+    - ??0CMemoryAllocator@@IEAA@W4_POOL_TYPE@@K@Z
+    - ??0CMemoryAllocator@@QEAA@AEBV0@@Z
+    - ??0CMemoryPoolAllocator@@IEAA@W4_POOL_TYPE@@_K1K@Z
+    - ??0CMemoryPoolAllocator@@QEAA@AEBV0@@Z
+    - ??0CModuleConfig@@QEAA@AEBV0@@Z
+    - ??0CModuleConfig@@QEAA@XZ
+    - ??0CModuleConfigList@@QEAA@AEBV0@@Z
+    - ??0CModuleConfigList@@QEAA@KPEAVIMemoryAllocator@@@Z
+    - ??0CModuleFileExtConfig@@QEAA@AEBV0@@Z
+    - ??0CModuleFileExtConfig@@QEAA@KKE@Z
+    - ??0CModuleFlagConfig@@QEAA@AEBV0@@Z
+    - ??0CModuleFlagConfig@@QEAA@K@Z
+    - ??0CModuleMultiStringConfig@@QEAA@AEBV0@@Z
+    - ??0CModuleMultiStringConfig@@QEAA@KK@Z
+    - ??0CModuleStringConfig@@QEAA@AEBV0@@Z
+    - ??0CModuleStringConfig@@QEAA@K@Z
+    - ??0CNoLockList@@QEAA@AEBV0@@Z
+    - ??0CNoLockList@@QEAA@KKPEAVIMemoryAllocator@@@Z
+    - ??0CSmartLock@@QEAA@AEAVCLockEvent@@@Z
+    - ??0CSmartLock@@QEAA@XZ
+    - ??0CSmartReference@@QEAA@AEAJ@Z
+    - ??0CSmartReference@@QEAA@AEAK@Z
+    - ??0CSmartResource@@QEAA@AEAVCResource@@E@Z
+    - ??0CStrList@@QEAA@AEBV0@@Z
+    - ??0CStrList@@QEAA@KPEAVIMemoryAllocator@@@Z
+    - ??0CSystemThread@@QEAA@AEBV0@@Z
+    - ??0CSystemThread@@QEAA@K@Z
+    - ??0CUserFuncAdapterJob@@QEAA@AEBV0@@Z
+    - ??0CUserFuncAdapterJob@@QEAA@P6AXPEAX@Z01@Z
+    - ??0CWorkerThread@@IEAA@PEAVCWorkerThreadJobQueue@@@Z
+    - ??0CWorkerThread@@QEAA@AEBV0@@Z
+    - ??0CWorkerThreadJob@@QEAA@AEBV0@@Z
+    - ??0CWorkerThreadJob@@QEAA@E@Z
+    - ??0CWorkerThreadJobQueue@@QEAA@AEBV0@@Z
+    - ??0CWorkerThreadJobQueue@@QEAA@K@Z
+    - ??0CWorkerThreadPool@@QEAA@AEBV0@@Z
+    - ??0CWorkerThreadPool@@QEAA@K@Z
+    - ??0CWorkerThreadPoolEx@@QEAA@AEBV0@@Z
+    - ??0CWorkerThreadPoolEx@@QEAA@KK@Z
+    - ??0IMemoryAllocator@@QEAA@AEBV0@@Z
+    - ??0IMemoryAllocator@@QEAA@XZ
+    - ??1CAutoUpdateConfigThread@@UEAA@XZ
+    - ??1CBlobConfig@@UEAA@XZ
+    - ??1CContext@@UEAA@XZ
+    - ??1CContextList@@UEAA@XZ
+    - ??1CDebugLog@@UEAA@XZ
+    - ??1CDebugLogEx@@UEAA@XZ
+    - ??1CDelayLoadThread@@UEAA@XZ
+    - ??1CExclusionExtConfig@@UEAA@XZ
+    - ??1CExclusionFileNameConfig@@UEAA@XZ
+    - ??1CExclusionFilePathConfig@@UEAA@XZ
+    - ??1CExclusionFolderConfig@@UEAA@XZ
+    - ??1CExclusionRegistryConfig@@UEAA@XZ
+    - ??1CFile@@UEAA@XZ
+    - ??1CFileExtension@@UEAA@XZ
+    - ??1CInclusionExtConfig@@UEAA@XZ
+    - ??1CInclusionFileNameConfig@@UEAA@XZ
+    - ??1CInclusionFilePathConfig@@UEAA@XZ
+    - ??1CInclusionFolderConfig@@UEAA@XZ
+    - ??1CKEvent@@UEAA@XZ
+    - ??1CList@@UEAA@XZ
+    - ??1CLockEvent@@UEAA@XZ
+    - ??1CLockList@@UEAA@XZ
+    - ??1CMemoryAllocator@@UEAA@XZ
+    - ??1CMemoryPoolAllocator@@UEAA@XZ
+    - ??1CModuleConfig@@UEAA@XZ
+    - ??1CModuleConfigList@@UEAA@XZ
+    - ??1CModuleFileExtConfig@@UEAA@XZ
+    - ??1CModuleFlagConfig@@UEAA@XZ
+    - ??1CModuleMultiStringConfig@@UEAA@XZ
+    - ??1CModuleStringConfig@@UEAA@XZ
+    - ??1CNoLockList@@UEAA@XZ
+    - ??1CSmartLock@@QEAA@XZ
+    - ??1CSmartReference@@QEAA@XZ
+    - ??1CSmartResource@@QEAA@XZ
+    - ??1CStrList@@UEAA@XZ
+    - ??1CSystemThread@@UEAA@XZ
+    - ??1CUserFuncAdapterJob@@UEAA@XZ
+    - ??1CWorkerThread@@UEAA@XZ
+    - ??1CWorkerThreadJob@@UEAA@XZ
+    - ??1CWorkerThreadJobQueue@@UEAA@XZ
+    - ??1CWorkerThreadPool@@UEAA@XZ
+    - ??1CWorkerThreadPoolEx@@UEAA@XZ
+    - ??1IMemoryAllocator@@UEAA@XZ
+    - ??2@YAPEAX_KPEAVIMemoryAllocator@@PEBDK@Z
+    - ??2CMemoryAllocator@@SAPEAX_K@Z
+    - ??2CMemoryPoolAllocator@@SAPEAX_K@Z
+    - ??3@YAXPEAX@Z
+    - ??3IMemoryAllocator@@SAXPEAX@Z
+    - ??4CAutoUpdateConfigThread@@QEAAAEAV0@AEBV0@@Z
+    - ??4CBlobConfig@@QEAAAEAV0@AEBV0@@Z
+    - ??4CContext@@QEAAAEAV0@AEBV0@@Z
+    - ??4CDebugLog@@QEAAAEAV0@AEBV0@@Z
+    - ??4CDebugLogEx@@QEAAAEAV0@AEBV0@@Z
+    - ??4CDelayLoadThread@@QEAAAEAV0@AEBV0@@Z
+    - ??4CFile@@QEAAAEAV0@AEBV0@@Z
+    - ??4CKEvent@@QEAAAEAV0@AEBV0@@Z
+    - ??4CLockEvent@@QEAAAEAV0@AEBV0@@Z
+    - ??4CMemoryAllocator@@QEAAAEAV0@AEBV0@@Z
+    - ??4CMemoryPoolAllocator@@QEAAAEAV0@AEBV0@@Z
+    - ??4CModuleConfig@@QEAAAEAV0@AEBV0@@Z
+    - ??4CModuleFlagConfig@@QEAAAEAV0@AEBV0@@Z
+    - ??4CModuleStringConfig@@QEAAAEAV0@AEBV0@@Z
+    - ??4CSmartLock@@QEAAAEAV0@AEBV0@@Z
+    - ??4CSmartLock@@QEAAAEBV0@AEAVCLockEvent@@@Z
+    - ??4CSmartResource@@QEAAAEAV0@AEBV0@@Z
+    - ??4CSystemThread@@QEAAAEAV0@AEBV0@@Z
+    - ??4CUserFuncAdapterJob@@QEAAAEAV0@AEBV0@@Z
+    - ??4CWorkerThread@@QEAAAEAV0@AEBV0@@Z
+    - ??4CWorkerThreadJob@@QEAAAEAV0@AEBV0@@Z
+    - ??4IMemoryAllocator@@QEAAAEAV0@AEBV0@@Z
+    - ??_7CAutoUpdateConfigThread@@6B@
+    - ??_7CBlobConfig@@6B@
+    - ??_7CContext@@6B@
+    - ??_7CContextList@@6B@
+    - ??_7CDebugLog@@6B@
+    - ??_7CDebugLogEx@@6B@
+    - ??_7CDelayLoadThread@@6B@
+    - ??_7CExclusionExtConfig@@6B@
+    - ??_7CExclusionFileNameConfig@@6B@
+    - ??_7CExclusionFilePathConfig@@6B@
+    - ??_7CExclusionFolderConfig@@6B@
+    - ??_7CExclusionRegistryConfig@@6B@
+    - ??_7CFile@@6B@
+    - ??_7CFileExtension@@6B@
+    - ??_7CInclusionExtConfig@@6B@
+    - ??_7CInclusionFileNameConfig@@6B@
+    - ??_7CInclusionFilePathConfig@@6B@
+    - ??_7CInclusionFolderConfig@@6B@
+    - ??_7CKEvent@@6B@
+    - ??_7CList@@6B@
+    - ??_7CLockEvent@@6B@
+    - ??_7CLockList@@6B@
+    - ??_7CMemoryAllocator@@6B@
+    - ??_7CMemoryPoolAllocator@@6B@
+    - ??_7CModuleConfig@@6B@
+    - ??_7CModuleConfigList@@6B@
+    - ??_7CModuleFileExtConfig@@6B@
+    - ??_7CModuleFlagConfig@@6B@
+    - ??_7CModuleMultiStringConfig@@6B@
+    - ??_7CModuleStringConfig@@6B@
+    - ??_7CNoLockList@@6B@
+    - ??_7CStrList@@6B@
+    - ??_7CSystemThread@@6B@
+    - ??_7CUserFuncAdapterJob@@6B@
+    - ??_7CWorkerThread@@6B@
+    - ??_7CWorkerThreadJob@@6B@
+    - ??_7CWorkerThreadJobQueue@@6B@
+    - ??_7CWorkerThreadPool@@6B@
+    - ??_7CWorkerThreadPoolEx@@6B@
+    - ??_7IMemoryAllocator@@6B@
+    - ??_FCContextList@@QEAAXXZ
+    - ??_FCFile@@QEAAXXZ
+    - ??_FCFileExtension@@QEAAXXZ
+    - ??_FCModuleConfigList@@QEAAXXZ
+    - ??_FCStrList@@QEAAXXZ
+    - ??_FCSystemThread@@QEAAXXZ
+    - ??_FCWorkerThread@@QEAAXXZ
+    - ??_FCWorkerThreadJob@@QEAAXXZ
+    - ??_FCWorkerThreadJobQueue@@QEAAXXZ
+    - ??_U@YAPEAX_KPEAVIMemoryAllocator@@PEBDK@Z
+    - ??_V@YAXPEAX@Z
+    - ?Acquire@CLockEvent@@QEAAXXZ
+    - ?Add@CContextList@@QEAAEPEAVCContext@@@Z
+    - ?Add@CFileExtension@@QEAAEPEBGK@Z
+    - ?Add@CModuleConfigList@@QEAAEPEAVCModuleConfig@@@Z
+    - ?Add@CStrList@@QEAAEPEBG@Z
+    - ?AddNode@CLockList@@UEAAEQEAXE@Z
+    - ?AddNode@CNoLockList@@UEAAEQEAXE@Z
+    - ?Alloc@CMemoryAllocator@@UEAAPEAX_KPEBDK@Z
+    - ?Alloc@CMemoryPoolAllocator@@UEAAPEAX_KPEBDK@Z
+    - ?AllocBlock@CMemoryPoolAllocator@@IEAAPEAX_K@Z
+    - ?AttachJobQueue@CWorkerThread@@QEAAXPEAVCWorkerThreadJobQueue@@@Z
+    - ?Cancel@CWorkerThreadJob@@QEAAXXZ
+    - ?CheckNode@CLockList@@UEAAHQEAX@Z
+    - ?CheckNode@CNoLockList@@UEAAHQEAX@Z
+    - ?CleanQueue@CWorkerThreadJobQueue@@QEAAXXZ
+    - ?Cleanup@CBlobConfig@@AEAAXXZ
+    - ?Cleanup@CModuleFileExtConfig@@IEAAXXZ
+    - ?Cleanup@CModuleMultiStringConfig@@IEAAXXZ
+    - ?Cleanup@CModuleStringConfig@@AEAAXXZ
+    - ?Close@CFile@@QEAAJXZ
+    - ?Count@CLockList@@QEAAKXZ
+    - ?Count@CNoLockList@@QEAAKXZ
+    - ?Create@CFile@@QEAAJPEBGKKKK@Z
+    - ?Create@CSystemThread@@QEAAEXZ
+    - ?CreateInstance@CMemoryAllocator@@SAPEAV1@W4_POOL_TYPE@@K@Z
+    - ?CreateInstance@CMemoryPoolAllocator@@SAPEAV1@W4_POOL_TYPE@@_K1K@Z
+    - ?CreatePool@CWorkerThreadPool@@QEAAEXZ
+    - ?CreatePool@CWorkerThreadPoolEx@@QEAAEXZ
+    - ?CreateThreads@CWorkerThreadPool@@QEAAEK@Z
+    - ?CreateThreads@CWorkerThreadPoolEx@@QEAAEK@Z
+    - ?CreateWIRP@CFile@@QEAAJPEBGKKKK@Z
+    - ?Delete@CFile@@QEAAJXZ
+    - ?Delete@CFileExtension@@QEAAEPEBGK@Z
+    - ?Delete@CStrList@@QEAAEPEBG@Z
+    - ?DeleteAll@CList@@UEAAXXZ
+    - ?DeleteAll@CLockList@@UEAAXXZ
+    - ?DeleteAll@CNoLockList@@UEAAXXZ
+    - ?DeleteNode@CContextList@@MEAAXPEAX@Z
+    - ?DeleteNode@CList@@UEAAXPEAX@Z
+    - ?DeleteNode@CModuleConfigList@@MEAAXPEAX@Z
+    - ?DeleteNode@CStrList@@EEAAXPEAU_STR_LIST_NODE@1@@Z
+    - ?DisableWriteProtectFromCR0@@YAXPEAPEAX@Z
+    - ?DoIt@CWorkerThreadJob@@QEAAJXZ
+    - ?EntryPoint@CSystemThread@@KAXPEAX@Z
+    - ?Find@CContextList@@QEAAPEAVCContext@@K@Z
+    - ?Find@CContextList@@QEAAPEAVCContext@@PEAX@Z
+    - ?Find@CFileExtension@@QEAAPEAU_STR_LIST_NODE@CStrList@@PEBGK@Z
+    - ?Find@CModuleConfigList@@QEAAPEAVCModuleConfig@@K@Z
+    - ?Find@CStrList@@QEAAPEAU_STR_LIST_NODE@1@PEBG@Z
+    - ?FindNode@CContextList@@IEAAPEAXPEAX@Z
+    - ?FindPartiallyAndAllMatch@CStrList@@QEAAPEAU_STR_LIST_NODE@1@PEBG@Z
+    - ?FinishFunction@CUserFuncAdapterJob@@MEAAXXZ
+    - ?FinishIt@CWorkerThreadJob@@QEAAJXZ
+    - ?First@CList@@UEAAPEAXXZ
+    - ?First@CLockList@@UEAAPEAXXZ
+    - ?First@CNoLockList@@UEAAPEAXXZ
+    - ?Free@CMemoryAllocator@@UEAAXPEAX@Z
+    - ?Free@CMemoryPoolAllocator@@UEAAXPEAX@Z
+    - ?GetAttributes@CFile@@QEAAKXZ
+    - ?GetBasicInfomration@CFile@@IEAAJXZ
+    - ?GetBlobCofig@CContext@@UEAAJKPEAXPEAK@Z
+    - ?GetCategory@CContext@@QEAAKXZ
+    - ?GetData@CBlobConfig@@QEAAHPEAXPEAK@Z
+    - ?GetData@CModuleFileExtConfig@@QEAAHPEAGPEAK@Z
+    - ?GetData@CModuleFileExtConfig@@QEAAPEAVCFileExtension@@XZ
+    - ?GetData@CModuleFlagConfig@@QEAAKXZ
+    - ?GetData@CModuleMultiStringConfig@@QEAAHPEAGPEAK@Z
+    - ?GetData@CModuleMultiStringConfig@@QEAAPEAVCStrList@@XZ
+    - ?GetData@CModuleStringConfig@@QEAAPEAGXZ
+    - ?GetData@CStrList@@QEAAEPEAGPEAK@Z
+    - ?GetDataType@CModuleConfig@@QEAAKXZ
+    - ?GetEngineContext@CContext@@QEAAPEAXXZ
+    - ?GetFileExtensionConfig@CContext@@QEAAPEAVCFileExtension@@K@Z
+    - ?GetFileExtensionConfig@CContext@@UEAAJKPEAGPEAK@Z
+    - ?GetFileSize@CFile@@QEAAJPEAT_LARGE_INTEGER@@@Z
+    - ?GetFileSizeWIRP@CFile@@QEAAJPEAT_LARGE_INTEGER@@@Z
+    - ?GetFlagConfig@CContext@@UEAAJKPEAK@Z
+    - ?GetID@CModuleConfig@@QEAAKXZ
+    - ?GetJob@CWorkerThreadJobQueue@@QEAAPEAVCWorkerThreadJob@@XZ
+    - ?GetLength@CModuleStringConfig@@QEAAKXZ
+    - ?GetLinkContext@CContext@@QEAAPEAXXZ
+    - ?GetLogFlag@CDebugLog@@QEAAKXZ
+    - ?GetLogFlag@CDebugLogEx@@QEAAKXZ
+    - ?GetModuleId@CModuleConfig@@QEAAKXZ
+    - ?GetMultiStringConfig@CContext@@QEAAPEAVCStrList@@K@Z
+    - ?GetMultiStringConfig@CContext@@UEAAJKPEAGPEAK@Z
+    - ?GetOneThreadTEB@CWorkerThreadPool@@QEAAPEAU_ETHREAD@@XZ
+    - ?GetOneThreadTEB@CWorkerThreadPool@@QEAAPEAU_KTHREAD@@XZ
+    - ?GetOneThreadTEB@CWorkerThreadPoolEx@@QEAAPEAU_ETHREAD@@XZ
+    - ?GetOneThreadTEB@CWorkerThreadPoolEx@@QEAAPEAU_KTHREAD@@XZ
+    - ?GetReportCallBackRoutine@CContext@@QEAA_KXZ
+    - ?GetSize@CBlobConfig@@QEAAKXZ
+    - ?GetStringConfig@CContext@@QEAAPEAGK@Z
+    - ?GetStringConfig@CContext@@UEAAJKPEAGPEAK@Z
+    - ?GetThreadCount@CWorkerThreadPool@@QEAAKXZ
+    - ?GetThreadCount@CWorkerThreadPoolEx@@QEAAKXZ
+    - ?GetThreadID@CSystemThread@@QEAA_KXZ
+    - ?GetType@CContext@@QEAAKXZ
+    - ?GetUserParameter@CContext@@QEAA_KXZ
+    - ?InitProcMon@CDebugLogEx@@IEAAXXZ
+    - ?InitializeBlobConfig@CContext@@QEAAHKPEAXK@Z
+    - ?InitializeFileExtensionConfig@CContext@@QEAAHKPEBG@Z
+    - ?InitializeFlagConfig@CContext@@QEAAHKK@Z
+    - ?InitializeMultiStringConfig@CContext@@QEAAHKPEBG@Z
+    - ?InitializeStringConfig@CContext@@QEAAHKPEBG@Z
+    - ?Insert@CList@@UEAAXQEAXE@Z
+    - ?Insert@CLockList@@UEAAXQEAXE@Z
+    - ?Insert@CNoLockList@@UEAAXQEAXE@Z
+    - ?InsertAfter@CList@@UEAAXPEAX0@Z
+    - ?InsertBefore@CList@@UEAAXPEAX0@Z
+    - ?Instance@CWorkerThreadPool@@SAPEAV1@XZ
+    - ?IsEmpty@CList@@UEAAEXZ
+    - ?IsEmpty@CLockList@@UEAAEXZ
+    - ?IsEmpty@CNoLockList@@UEAAEXZ
+    - ?IsExceedLimitation@CMemoryPoolAllocator@@IEAAEK@Z
+    - ?IsFull@CLockList@@QEBAEXZ
+    - ?IsFull@CNoLockList@@QEBAEXZ
+    - ?IsInExclusionList@CExclusionExtConfig@@QEAAEPEBG@Z
+    - ?IsInExclusionList@CExclusionFileNameConfig@@QEAAEPEBG@Z
+    - ?IsInExclusionList@CExclusionFilePathConfig@@QEAAEPEBG@Z
+    - ?IsInExclusionList@CExclusionFolderConfig@@QEAAEPEBG@Z
+    - ?IsInExclusionList@CExclusionRegistryConfig@@QEAAEPEBG@Z
+    - ?IsInInclusionList@CInclusionExtConfig@@QEAAEPEBG@Z
+    - ?IsInInclusionList@CInclusionFileNameConfig@@QEAAEPEBG@Z
+    - ?IsInInclusionList@CInclusionFilePathConfig@@QEAAEPEBG@Z
+    - ?IsInInclusionList@CInclusionFolderConfig@@QEAAEPEBG@Z
+    - ?IsOpened@CFile@@QEAAEXZ
+    - ?IsTerminated@CWorkerThreadPool@@QEAAEXZ
+    - ?IsTerminated@CWorkerThreadPoolEx@@QEAAEXZ
+    - ?IsValid@CMemoryAllocator@@UEAAEXZ
+    - ?IsValid@CMemoryPoolAllocator@@UEAAEXZ
+    - ?IsValid@IMemoryAllocator@@UEAAEXZ
+    - ?IsWorkerThread@CWorkerThreadPool@@QEAAE_K@Z
+    - ?IsWorkerThread@CWorkerThreadPoolEx@@QEAAE_K@Z
+    - ?JobFunction@CUserFuncAdapterJob@@MEAAXXZ
+    - ?JobQueue@CWorkerThreadPool@@QEAAAEAVCWorkerThreadJobQueue@@XZ
+    - ?JobQueue@CWorkerThreadPoolEx@@QEAAAEAVCWorkerThreadJobQueue@@XZ
+    - ?Limit@CLockList@@QEAAKXZ
+    - ?Limit@CNoLockList@@QEAAKXZ
+    - ?MatchAllExtensions@CFileExtension@@QEAAEXZ
+    - ?MatchNoExtensions@CFileExtension@@QEAAEXZ
+    - ?MergeLeft@CMemoryPoolAllocator@@IEAAPEAXPEAX@Z
+    - ?MergeRight@CMemoryPoolAllocator@@IEAAPEAXPEAX@Z
+    - ?NeedDelete@CWorkerThreadJob@@QEAAEXZ
+    - ?NeedDeleteWhenFinish@CWorkerThreadJob@@QEAAXE@Z
+    - ?NewNode@CList@@UEAAPEAXXZ
+    - ?NewNode@CStrList@@EEAAPEAXXZ
+    - ?NewNodeVariant@CList@@IEAAPEAXK@Z
+    - ?Next@CList@@UEBAPEAXQEAX@Z
+    - ?Next@CLockList@@UEBAPEAXQEAX@Z
+    - ?Next@CNoLockList@@UEBAPEAXQEAX@Z
+    - ?NextPool@CMemoryPoolAllocator@@QEAAPEAV1@XZ
+    - ?NotityTerminate@CWorkerThread@@QEAAXXZ
+    - ?PostJobToWorkerThread@CWorkerThreadPool@@QEAAJP6AXPEAX@Z0E@Z
+    - ?PostJobToWorkerThread@CWorkerThreadPoolEx@@QEAAJP6AXPEAX@Z0E1@Z
+    - ?Pulse@CKEvent@@QEAAJJE@Z
+    - ?QueueJob@CWorkerThreadJobQueue@@QEAAEPEAVCWorkerThreadJob@@@Z
+    - ?QueueJobItem@CWorkerThreadPool@@QEAAJPEAVCWorkerThreadJob@@@Z
+    - ?QueueJobItem@CWorkerThreadPoolEx@@QEAAJPEAVCWorkerThreadJob@@@Z
+    - ?RCMInstance@CWorkerThreadPool@@SAPEAV1@XZ
+    - ?Read@CFile@@QEAAJPEADKPEAK@Z
+    - ?ReadWIRP@CFile@@QEAAJPEADKPEAK@Z
+    - ?ReferenceCount@CContext@@QEAAAEAKXZ
+    - ?Release@CLockEvent@@QEAAXXZ
+    - ?Remove@CContextList@@UEAAEQEAX@Z
+    - ?Remove@CList@@UEAAEQEAX@Z
+    - ?Remove@CLockList@@UEAAEQEAX@Z
+    - ?Remove@CNoLockList@@UEAAEQEAX@Z
+    - ?RemoveHead@CList@@UEAAPEAXXZ
+    - ?RemoveHead@CLockList@@UEAAPEAXXZ
+    - ?RemoveHead@CNoLockList@@UEAAPEAXXZ
+    - ?RemoveTail@CList@@UEAAPEAXXZ
+    - ?RemoveTail@CLockList@@UEAAPEAXXZ
+    - ?RemoveTail@CNoLockList@@UEAAPEAXXZ
+    - ?Reset@CKEvent@@QEAAXXZ
+    - ?ResetData@CInclusionExtConfig@@QEAAXXZ
+    - ?ResetData@CInclusionFileNameConfig@@QEAAXXZ
+    - ?ResetData@CInclusionFilePathConfig@@QEAAXXZ
+    - ?ResetData@CInclusionFolderConfig@@QEAAXXZ
+    - ?RestoreCR0@@YAXPEAX@Z
+    - ?Run@CAutoUpdateConfigThread@@UEAAXXZ
+    - ?Run@CDelayLoadThread@@UEAAXXZ
+    - ?Run@CWorkerThread@@UEAAXXZ
+    - ?SeekToEnd@CFile@@QEAAJXZ
+    - ?Set@CKEvent@@QEAAJJE@Z
+    - ?SetAttributes@CFile@@QEAAJK@Z
+    - ?SetBlobCofig@CContext@@UEAAJKPEAXK@Z
+    - ?SetData@CBlobConfig@@QEAAHPEAXK@Z
+    - ?SetData@CModuleFileExtConfig@@QEAAHPEBG@Z
+    - ?SetData@CModuleFlagConfig@@QEAAHK@Z
+    - ?SetData@CModuleMultiStringConfig@@QEAAHPEBGK@Z
+    - ?SetData@CModuleStringConfig@@QEAAHPEBG@Z
+    - ?SetEngineContext@CContext@@QEAAXPEAX@Z
+    - ?SetFileExtensionConfig@CContext@@UEAAJKPEBG@Z
+    - ?SetFlagConfig@CContext@@UEAAJKK@Z
+    - ?SetLinkContext@CContext@@QEAAXPEAX@Z
+    - ?SetLogFlag@CDebugLog@@QEAAEK@Z
+    - ?SetLogFlag@CDebugLogEx@@QEAAEK@Z
+    - ?SetMatchAllExtensions@CFileExtension@@QEAAXE@Z
+    - ?SetMatchNoExtensions@CFileExtension@@QEAAXE@Z
+    - ?SetMultiStringConfig@CContext@@UEAAJKPEBG@Z
+    - ?SetNewJobItemEvent@CWorkerThreadJobQueue@@QEAAXXZ
+    - ?SetPriority@CSystemThread@@QEAAXK@Z
+    - ?SetStopUse@CContext@@QEAAXXZ
+    - ?SetStringConfig@CContext@@UEAAJKPEBG@Z
+    - ?Setup@CSystemThread@@MEAAXXZ
+    - ?StopUse@CContext@@QEAAHXZ
+    - ?TearDown@CSystemThread@@MEAAXXZ
+    - ?Terminate@CSystemThread@@QEAAXE@Z
+    - ?Terminate@CWorkerThreadPool@@QEAAEXZ
+    - ?Terminate@CWorkerThreadPoolEx@@QEAAEXZ
+    - ?TmExceptionFilter@@YAJPEAU_EXCEPTION_POINTERS@@@Z
+    - ?Wait@CKEvent@@QEAAJPEAT_LARGE_INTEGER@@E@Z
+    - ?WaitFinish@CWorkerThreadJob@@QEAAXXZ
+    - ?WaitForInit@CDelayLoadThread@@QEAAEXZ
+    - ?WaitForLoad@CDelayLoadThread@@QEAAEXZ
+    - ?WaitNewJobAvailable@CWorkerThreadJobQueue@@QEAAEXZ
+    - ?WaitQueueEmpty@CWorkerThreadJobQueue@@QEAAXXZ
+    - ?Write@CDebugLog@@QEAAXPEBDZZ
+    - ?Write@CDebugLogEx@@QEAAXPEBDZZ
+    - ?Write@CFile@@QEAAJPEADKPEAT_LARGE_INTEGER@@PEAK@Z
+    - ?WriteDataToFile@CDebugLogEx@@IEAAXPEADK@Z
+    - ?WriteDataToProcMonW@CDebugLogEx@@IEAAXPEAD@Z
+    - ?WriteSystemInformation@CDebugLog@@QEAAXXZ
+    - ?WriteSystemInformation@CDebugLogEx@@QEAAXXZ
+    - ?WriteSystemStringInformation@CDebugLog@@IEAAXPEBG@Z
+    - ?WriteSystemStringInformation@CDebugLogEx@@IEAAXPEBG@Z
+    - ?WriteToFile@CDebugLog@@IEAAXPEADK@Z
+    - ?WriteToProcMonW@CDebugLogEx@@IEAAXPEAU_UNICODE_STRING@@@Z
+    - ?_pNonPagedAllocator@@3PEAVCMemoryAllocator@@EA
+    - ?_pPagedAllocator@@3PEAVCMemoryAllocator@@EA
+    - ?m_lpInstance@CWorkerThreadPool@@1PEAV1@EA
+    - ?m_lpRCMInstance@CWorkerThreadPool@@1PEAV1@EA
+    - DeInitKm2UmCommunication
+    - DeInitKmLPC
+    - DuplicateFullFileName
+    - FreeFullFileName
+    - GetKm2UmMode
+    - GetModuleInfoByAddress
+    - GetModuleInfoByModuleName
+    - InitKm2UmCommunication
+    - InitKmLPC
+    - IsVerifierCodeCheckFlagOn
+    - IsWindows8_1_update
+    - KmCallUm
+    - KmCallUmByLPC
+    - KmCallUmEx
+    - KmCleanupCommPortAPIs
+    - KmGetUmInitProcess
+    - KmSetCommPortAPIs
+    - ModGetExportProcAddress
+    - ModLoadDLLToBuffer
+    - ModLoadDLLToBufferWithImageSize
+    - ModLoadModule
+    - ModUnLoadModule
+    - NormalizeFileName
+    - NormalizeFullNtPathToDosName
+    - TmCommConfigRoutine
+    - UtilAddDeviceInDriveTable
+    - UtilAddReparsePointMapping
+    - UtilCleanFileReadOnly
+    - UtilCloseExclusiveHandle
+    - UtilCreateDosFileName
+    - UtilDeleteFileForce
+    - UtilGetDeviceObjectName
+    - UtilGetFileNameFromFileObject
+    - UtilGetFileObjectForProcessByEPROC
+    - UtilGetFileObjectFromFileName
+    - UtilGetProcessName
+    - UtilGetSystemDirectory
+    - UtilGetSystemDirectoryEx
+    - UtilGetSystemDirectoryLength
+    - UtilGetSystemTime
+    - UtilIoSetFileInfo
+    - UtilIopCreateFileIRP
+    - UtilKeGetLowFileDevice
+    - UtilModuleIATHook
+    - UtilModuleIATUnHook
+    - UtilPostJobToWorkerThread
+    - UtilQueryExclusiveHandle
+    - UtilQueryKeyValue
+    - UtilRemoveDeviceFromDriveTable
+    - UtilVolumeDeviceToDosName
+    - UtilWaitValueChangeToZero
+    - UtilWriteVersionToRegistry
+    - UtilbuildDynamicDiskMappingTable
+    - UtlWriteBinValueKeyToRegistry
+    - ValidateAddressWithSize
+    - _ResetProtectFromClose
+    - _UtilDosPathNameToNtPathName
+    ImportedFunctions:
+    - KeLeaveCriticalRegion
+    - wcsncpy
+    - KeEnterCriticalRegion
+    - ExAcquireFastMutexUnsafe
+    - wcsrchr
+    - ExAcquireResourceSharedLite
+    - ExReleaseResourceLite
+    - _purecall
+    - ZwOpenEvent
+    - ZwConnectPort
+    - KeClearEvent
+    - PsProcessType
+    - ExFreePoolWithTag
+    - RtlInitUnicodeString
+    - KeSetEvent
+    - ProbeForWrite
+    - KeUnstackDetachProcess
+    - ZwRequestWaitReplyPort
+    - ZwWaitForSingleObject
+    - DbgBreakPoint
+    - ZwSetEvent
+    - IoGetCurrentProcess
+    - ZwFreeVirtualMemory
+    - ZwClose
+    - ObfReferenceObject
+    - ObfDereferenceObject
+    - RtlUnicodeStringToInteger
+    - ZwCreateSection
+    - ObOpenObjectByPointer
+    - KeStackAttachProcess
+    - KePulseEvent
+    - ZwAllocateVirtualMemory
+    - ObGetObjectSecurity
+    - SeAccessCheck
+    - SeReleaseSubjectContext
+    - SeCaptureSubjectContext
+    - PsThreadType
+    - ObReleaseObjectSecurity
+    - PsGetProcessExitTime
+    - MmSectionObjectType
+    - DbgPrint
+    - ExDeleteResourceLite
+    - ExInitializeResourceLite
+    - ZwReadFile
+    - swprintf
+    - ZwSetInformationFile
+    - ZwCreateFile
+    - ZwQueryInformationFile
+    - ZwWriteFile
+    - _wcsnicmp
+    - towupper
+    - ExAllocatePoolWithTag
+    - KeInitializeEvent
+    - ZwCreateEvent
+    - ZwCreateKey
+    - RtlAnsiStringToUnicodeString
+    - ZwNotifyChangeKey
+    - RtlInitAnsiString
+    - _snprintf
+    - RtlFreeUnicodeString
+    - ExSystemTimeToLocalTime
+    - _vsnprintf
+    - ObReferenceObjectByHandle
+    - RtlTimeToTimeFields
+    - ZwDeviceIoControlFile
+    - PsGetCurrentThreadId
+    - PsGetCurrentProcessId
+    - KeWaitForMultipleObjects
+    - ExGetPreviousMode
+    - RtlEqualUnicodeString
+    - RtlAppendUnicodeStringToString
+    - RtlCopyUnicodeString
+    - RtlUpcaseUnicodeChar
+    - KeWaitForSingleObject
+    - KeSetPriorityThread
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - MmIsAddressValid
+    - KeDelayExecutionThread
+    - KeNumberProcessors
+    - PsLookupProcessByProcessId
+    - PsSetCreateProcessNotifyRoutine
+    - ZwOpenDirectoryObject
+    - ZwQueryInformationProcess
+    - ZwQuerySecurityObject
+    - NtSetInformationFile
+    - ZwDeleteValueKey
+    - ZwSetValueKey
+    - ZwQuerySystemInformation
+    - NtQueryInformationFile
+    - IoFileObjectType
+    - ZwQueryValueKey
+    - ZwQueryDirectoryFile
+    - NtCreateFile
+    - ZwEnumerateValueKey
+    - RtlLengthSecurityDescriptor
+    - ZwQueryDirectoryObject
+    - ZwSetSecurityObject
+    - ZwDuplicateObject
+    - ZwOpenProcess
+    - ZwTerminateProcess
+    - ZwDeleteKey
+    - ExReleaseFastMutexUnsafe
+    - ZwQueryKey
+    - ZwOpenKey
+    - MmSystemRangeStart
+    - _stricmp
+    - _strnicmp
+    - mbstowcs
+    - ProbeForRead
+    - RtlUpcaseUnicodeString
+    - _snwprintf
+    - ZwQuerySymbolicLinkObject
+    - ZwMapViewOfSection
+    - MmGetSystemRoutineAddress
+    - RtlAppendUnicodeToString
+    - IoCreateFile
+    - RtlQueryRegistryValues
+    - MmBuildMdlForNonPagedPool
+    - ZwOpenSymbolicLinkObject
+    - IoFreeMdl
+    - ObQueryNameString
+    - ZwUnmapViewOfSection
+    - NtClose
+    - IoFreeIrp
+    - PsGetVersion
+    - IoAllocateIrp
+    - RtlCompareMemory
+    - MmUnlockPages
+    - ZwSetInformationObject
+    - ZwOpenFile
+    - wcsncmp
+    - RtlImageNtHeader
+    - IoAllocateMdl
+    - IofCallDriver
+    - ZwQueryVolumeInformationFile
+    - ObReferenceObjectByPointer
+    - IoBuildDeviceIoControlRequest
+    - ZwOpenSection
+    - RtlSubAuthoritySid
+    - RtlLengthRequiredSid
+    - ExReleaseFastMutex
+    - ExAcquireFastMutex
+    - RtlCreateAcl
+    - RtlSetDaclSecurityDescriptor
+    - RtlAddAccessAllowedAce
+    - KeInitializeSemaphore
+    - KeReleaseSemaphore
+    - RtlInitializeSid
+    - RtlCreateSecurityDescriptor
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - ExEventObjectType
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoGetDeviceObjectPointer
+    - ObOpenObjectByName
+    - NtQueryInformationProcess
+    - strncpy
+    - NtOpenProcess
+    - ObInsertObject
+    - IoAcquireVpbSpinLock
+    - SeCreateAccessState
+    - IoGetFileObjectGenericMapping
+    - ObCreateObject
+    - IoReleaseVpbSpinLock
+    - wcschr
+    - strncat
+    - RtlUnicodeStringToAnsiString
+    - wcsncat
+    - RtlFreeAnsiString
+    - wcstombs
+    - IoGetConfigurationInformation
+    - IoRegisterPlugPlayNotification
+    - IoGetStackLimits
+    - IoBuildSynchronousFsdRequest
+    - KeReleaseSpinLock
+    - ExpInterlockedPopEntrySList
+    - FsRtlIsNameInExpression
+    - wcsstr
+    - ExAllocatePool
+    - IoUnregisterPlugPlayNotification
+    - MmProbeAndLockPages
+    - RtlCompareUnicodeString
+    - IoGetDeviceInterfaces
+    - DbgPrintEx
+    - KeAcquireSpinLockRaiseToDpc
+    - KeBugCheckEx
+    - IoCreateDevice
+    - IoDeviceObjectType
+    - SeCaptureSecurityDescriptor
+    - RtlAbsoluteToSelfRelativeSD
+    - IoIsWdmVersionAvailable
+    - SeExports
+    - RtlLengthSid
+    - RtlGetSaclSecurityDescriptor
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - ZwEnumerateKey
+    - ExAcquireResourceExclusiveLite
+    - __C_specific_handler
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited,
+                CN=COMODO Time Stamping Signer
+            ValidFrom: '2015-05-05 00:00:00'
+            ValidTo: '2015-12-31 23:59:59'
+            Signature: 0dbbad60111bb5f00dcce6483a7a3e0e33dc1cb9ead620fea34dd0cc764ee818d879dfd34f9a4264238a29728a3a6c66a63c3a17a8704565c673c3d0ce8954fbac690f58b019cb869f7eb97eeb5192bf9bddebd165f0257b887cdebda5c8b51451bcc081308a85387be679fe67559387fe4fe88d0eedf37292b5c289806dd159e31d0deab138ee039d0019a5ab219b79c3ccc23e687ebdc94d694db46451fbb22874e25389ce9dfaade2dbceab7b7e064474fd0aa3c9b7a730cd49d29264f122a6b828457479e9a7ce3b33f98350947d68c01d49c760787a3c6426d5befa0a6de41ee109538fa9c523acc79d614221f02c1671493b10af2c6f1ae631f114fd6c
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 009feac811b0f16247a5fc20d80523ace6
+            Version: 3
+            TBS:
+                MD5: b6aa9cf28bcfc9f07ec1069fb425ab61
+                SHA1: ca7a166fcd53878ba5a38d4cac37c63513cfc1fa
+                SHA256: 711394fc49f8948a831f687d42ced6b18514f57786ecc6cdbc3c3eb72e568a40
+                SHA384: ca01f9c9ed4e1ddff7126b7bbf618bc8132429886ca563f86655429e928739c621b9fdea6e04a623712cbb998c5c7d77
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=TW, ST=Taiwan, L=Taipei, O=Trend Micro, Inc., CN=Trend Micro,
+                Inc.
+            ValidFrom: '2015-02-20 00:00:00'
+            ValidTo: '2016-05-21 23:59:59'
+            Signature: e480eb7f78216a855e34dbcb712d3879d6b1744c823c8e78c3661e55182a5c1f3a03686169393ef8778c893a49604a79769f5ba7156426c5431ae729a8dc5f8e22b14d124e46eff3f4f660552a57250a15e15d07ad548a02cddf8a204b5010be387a05b1019f618cf15078d80a809a7272b1822a63862c7db194f12697a786001ef630ac9d8bf9f5475191f327b8ed4839dff1ef65e5eb8f91379a66366451f99cb633848c57d4392096e6080fa327b23fc3834ad4f6043904d6c5aeb35454a265b3fda38167cffa8394f092a74bad1ea386f63b7baeb95271a97fc3bff0a2bc96a834f280a254d7170e5cc2830f3bd0649178f8b04514ecd1103753b1762902
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1519396ee230f02cad1fcfdb077a35f0
+            Version: 3
+            TBS:
+                MD5: 7e2a6f93403382b4ec42463426d0a4b5
+                SHA1: 62acc697c0e2dc37f3d37ab79751637346e051e2
+                SHA256: 3e9a51973a839e5bc6e81c886e085b777d08ce2b24f816b7552cf2c44e322d59
+                SHA384: e6206b8dc5d081bcf85545a545ebe91bb0c796b5b94bf0b915223440f73a2cea4ca0981d8da85ae07384918a1f7c927d
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 1519396ee230f02cad1fcfdb077a35f0
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: c8ad68543dfad5dd6755280509f19422
+        SHA1: c69e969805de6ca1201e67409b7dcb005cfdc8b8
+        SHA256: 74a96f12a0a25d6abdf05628a4a1fad9c3f4fcb2db2b43549616e33071123a39
+    Sections:
+        .text:
+            Entropy: 6.4355501612921335
+            Virtual Size: '0x36608'
+        .rdata:
+            Entropy: 3.5104433986216437
+            Virtual Size: '0x6494'
+        .data:
+            Entropy: 3.2725110652235028
+            Virtual Size: '0x2fa8'
+        .pdata:
+            Entropy: 5.423893370757597
+            Virtual Size: '0x2694'
+        PAGE:
+            Entropy: 6.2202119132514815
+            Virtual Size: '0x19f7'
+        .edata:
+            Entropy: 5.836520600697436
+            Virtual Size: '0x57c1'
+        INIT:
+            Entropy: 5.298026666334914
+            Virtual Size: '0x17fe'
+        .rsrc:
+            Entropy: 3.409376014331317
+            Virtual Size: '0x760'
+        .reloc:
+            Entropy: 4.105722313144271
+            Virtual Size: '0x7e0'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2015-08-27 07:19:02'
+    Imphash: 5e4c9e685f9b7d77c90ff710972bb7dd
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: TmComm.sys
+    MD5: c006d1844f20b91d0ea52bf32d611f30
+    SHA1: 70258117b5efe65476f85143fd14fa0b7f148adb
+    SHA256: ecd07df7ad6fee9269a9e9429eb199bf3e24cf672aa1d013b7e8d90d75324566
+    Authentihash:
+        MD5: 893a04662ec3207278510b671992072d
+        SHA1: 61ec0fdef8d1c5248fab9a3cf0764b7be9ddea37
+        SHA256: 2c1b6a278ff90171a7472423a2626edcf75233aacac1bd7d1995716ef26f8dcf
+    Description: TrendMicro Common Module
+    Company: Trend Micro Inc.
+    InternalName: TmComm.sys
+    OriginalFilename: TmComm.sys
+    FileVersion: 7.0.0.1176
+    Product: Trend Micro Eyes
+    ProductVersion: '7.0'
+    Copyright: Copyright  (C)  2019 Trend Micro Incorporated. All rights reserved.
+    MachineType: I386
+    Imports:
+    - ntoskrnl.exe
+    - CLASSPNP.SYS
+    - HAL.dll
+    ExportedFunctions:
+    - ??0CAutoUpdateConfigThread@@QAE@ABV0@@Z
+    - ??0CAutoUpdateConfigThread@@QAE@PAU_UNICODE_STRING@@P6GX0PAX@Z1@Z
+    - ??0CBlobConfig@@QAE@ABV0@@Z
+    - ??0CBlobConfig@@QAE@K@Z
+    - ??0CContext@@QAE@ABV0@@Z
+    - ??0CContext@@QAE@KP6GJPAU_EVENT_REPORT@@PAXPAU_TMCE_REPORT@@PAU_TMCE_FEEDBACK@@@Z1K@Z
+    - ??0CContextList@@QAE@ABV0@@Z
+    - ??0CContextList@@QAE@KPAVIMemoryAllocator@@@Z
+    - ??0CDebugLog@@QAE@ABV0@@Z
+    - ??0CDebugLog@@QAE@PBG@Z
+    - ??0CDebugLogEx@@QAE@ABV0@@Z
+    - ??0CDebugLogEx@@QAE@K@Z
+    - ??0CDelayLoadThread@@QAE@ABV0@@Z
+    - ??0CDelayLoadThread@@QAE@XZ
+    - ??0CExclusionExtConfig@@QAE@ABV0@@Z
+    - ??0CExclusionExtConfig@@QAE@KKE@Z
+    - ??0CExclusionFileNameConfig@@QAE@ABV0@@Z
+    - ??0CExclusionFileNameConfig@@QAE@KK@Z
+    - ??0CExclusionFilePathConfig@@QAE@ABV0@@Z
+    - ??0CExclusionFilePathConfig@@QAE@KK@Z
+    - ??0CExclusionFolderConfig@@QAE@ABV0@@Z
+    - ??0CExclusionFolderConfig@@QAE@KK@Z
+    - ??0CExclusionRegistryConfig@@QAE@ABV0@@Z
+    - ??0CExclusionRegistryConfig@@QAE@KK@Z
+    - ??0CFile@@QAE@ABV0@@Z
+    - ??0CFile@@QAE@E@Z
+    - ??0CFileExtension@@QAE@ABV0@@Z
+    - ??0CFileExtension@@QAE@KEEPAVIMemoryAllocator@@@Z
+    - ??0CInclusionExtConfig@@QAE@ABV0@@Z
+    - ??0CInclusionExtConfig@@QAE@KKE@Z
+    - ??0CInclusionFileNameConfig@@QAE@ABV0@@Z
+    - ??0CInclusionFileNameConfig@@QAE@KK@Z
+    - ??0CInclusionFilePathConfig@@QAE@ABV0@@Z
+    - ??0CInclusionFilePathConfig@@QAE@KK@Z
+    - ??0CInclusionFolderConfig@@QAE@ABV0@@Z
+    - ??0CInclusionFolderConfig@@QAE@KK@Z
+    - ??0CKEvent@@QAE@ABV0@@Z
+    - ??0CKEvent@@QAE@W4_EVENT_TYPE@@E@Z
+    - ??0CList@@QAE@ABV0@@Z
+    - ??0CList@@QAE@KPAVIMemoryAllocator@@@Z
+    - ??0CLockEvent@@QAE@ABV0@@Z
+    - ??0CLockEvent@@QAE@XZ
+    - ??0CLockList@@QAE@ABV0@@Z
+    - ??0CLockList@@QAE@KKPAVIMemoryAllocator@@@Z
+    - ??0CMemoryAllocator@@IAE@W4_POOL_TYPE@@K@Z
+    - ??0CMemoryAllocator@@QAE@ABV0@@Z
+    - ??0CMemoryPoolAllocator@@IAE@W4_POOL_TYPE@@KKK@Z
+    - ??0CMemoryPoolAllocator@@QAE@ABV0@@Z
+    - ??0CModuleConfig@@QAE@ABV0@@Z
+    - ??0CModuleConfig@@QAE@XZ
+    - ??0CModuleConfigList@@QAE@ABV0@@Z
+    - ??0CModuleConfigList@@QAE@KPAVIMemoryAllocator@@@Z
+    - ??0CModuleFileExtConfig@@QAE@ABV0@@Z
+    - ??0CModuleFileExtConfig@@QAE@KKE@Z
+    - ??0CModuleFlagConfig@@QAE@ABV0@@Z
+    - ??0CModuleFlagConfig@@QAE@K@Z
+    - ??0CModuleMultiStringConfig@@QAE@ABV0@@Z
+    - ??0CModuleMultiStringConfig@@QAE@KK@Z
+    - ??0CModuleStringConfig@@QAE@ABV0@@Z
+    - ??0CModuleStringConfig@@QAE@K@Z
+    - ??0CNoLockList@@QAE@ABV0@@Z
+    - ??0CNoLockList@@QAE@KKPAVIMemoryAllocator@@@Z
+    - ??0CSmartLock@@QAE@AAVCLockEvent@@@Z
+    - ??0CSmartLock@@QAE@XZ
+    - ??0CSmartReference@@QAE@AAJ@Z
+    - ??0CSmartReference@@QAE@AAK@Z
+    - ??0CSmartResource@@QAE@AAVCResource@@E@Z
+    - ??0CStrList@@QAE@ABV0@@Z
+    - ??0CStrList@@QAE@KPAVIMemoryAllocator@@@Z
+    - ??0CSystemThread@@QAE@ABV0@@Z
+    - ??0CSystemThread@@QAE@K@Z
+    - ??0CUserFuncAdapterJob@@QAE@ABV0@@Z
+    - ??0CUserFuncAdapterJob@@QAE@P6GXPAX@Z01@Z
+    - ??0CWorkerThread@@IAE@PAVCWorkerThreadJobQueue@@@Z
+    - ??0CWorkerThread@@QAE@ABV0@@Z
+    - ??0CWorkerThreadJob@@QAE@ABV0@@Z
+    - ??0CWorkerThreadJob@@QAE@E@Z
+    - ??0CWorkerThreadJobQueue@@QAE@ABV0@@Z
+    - ??0CWorkerThreadJobQueue@@QAE@K@Z
+    - ??0CWorkerThreadPool@@QAE@ABV0@@Z
+    - ??0CWorkerThreadPool@@QAE@K@Z
+    - ??0CWorkerThreadPoolEx@@QAE@ABV0@@Z
+    - ??0CWorkerThreadPoolEx@@QAE@KK@Z
+    - ??0IMemoryAllocator@@QAE@ABV0@@Z
+    - ??0IMemoryAllocator@@QAE@XZ
+    - ??1CAutoUpdateConfigThread@@UAE@XZ
+    - ??1CBlobConfig@@UAE@XZ
+    - ??1CContext@@UAE@XZ
+    - ??1CContextList@@UAE@XZ
+    - ??1CDebugLog@@UAE@XZ
+    - ??1CDebugLogEx@@UAE@XZ
+    - ??1CDelayLoadThread@@UAE@XZ
+    - ??1CExclusionExtConfig@@UAE@XZ
+    - ??1CExclusionFileNameConfig@@UAE@XZ
+    - ??1CExclusionFilePathConfig@@UAE@XZ
+    - ??1CExclusionFolderConfig@@UAE@XZ
+    - ??1CExclusionRegistryConfig@@UAE@XZ
+    - ??1CFile@@UAE@XZ
+    - ??1CFileExtension@@UAE@XZ
+    - ??1CInclusionExtConfig@@UAE@XZ
+    - ??1CInclusionFileNameConfig@@UAE@XZ
+    - ??1CInclusionFilePathConfig@@UAE@XZ
+    - ??1CInclusionFolderConfig@@UAE@XZ
+    - ??1CKEvent@@UAE@XZ
+    - ??1CList@@UAE@XZ
+    - ??1CLockEvent@@UAE@XZ
+    - ??1CLockList@@UAE@XZ
+    - ??1CMemoryAllocator@@UAE@XZ
+    - ??1CMemoryPoolAllocator@@UAE@XZ
+    - ??1CModuleConfig@@UAE@XZ
+    - ??1CModuleConfigList@@UAE@XZ
+    - ??1CModuleFileExtConfig@@UAE@XZ
+    - ??1CModuleFlagConfig@@UAE@XZ
+    - ??1CModuleMultiStringConfig@@UAE@XZ
+    - ??1CModuleStringConfig@@UAE@XZ
+    - ??1CNoLockList@@UAE@XZ
+    - ??1CSmartLock@@QAE@XZ
+    - ??1CSmartReference@@QAE@XZ
+    - ??1CSmartResource@@QAE@XZ
+    - ??1CStrList@@UAE@XZ
+    - ??1CSystemThread@@UAE@XZ
+    - ??1CUserFuncAdapterJob@@UAE@XZ
+    - ??1CWorkerThread@@UAE@XZ
+    - ??1CWorkerThreadJob@@UAE@XZ
+    - ??1CWorkerThreadJobQueue@@UAE@XZ
+    - ??1CWorkerThreadPool@@UAE@XZ
+    - ??1CWorkerThreadPoolEx@@UAE@XZ
+    - ??1IMemoryAllocator@@UAE@XZ
+    - ??2@YAPAXIPAVIMemoryAllocator@@PBDK@Z
+    - ??2CMemoryAllocator@@SGPAXI@Z
+    - ??2CMemoryPoolAllocator@@SGPAXI@Z
+    - ??3@YAXPAX@Z
+    - ??3@YAXPAXI@Z
+    - ??3IMemoryAllocator@@SGXPAX@Z
+    - ??4CAutoUpdateConfigThread@@QAEAAV0@ABV0@@Z
+    - ??4CBlobConfig@@QAEAAV0@ABV0@@Z
+    - ??4CContext@@QAEAAV0@ABV0@@Z
+    - ??4CDebugLog@@QAEAAV0@ABV0@@Z
+    - ??4CDebugLogEx@@QAEAAV0@ABV0@@Z
+    - ??4CDelayLoadThread@@QAEAAV0@ABV0@@Z
+    - ??4CFile@@QAEAAV0@ABV0@@Z
+    - ??4CKEvent@@QAEAAV0@ABV0@@Z
+    - ??4CLockEvent@@QAEAAV0@ABV0@@Z
+    - ??4CMemoryAllocator@@QAEAAV0@ABV0@@Z
+    - ??4CMemoryPoolAllocator@@QAEAAV0@ABV0@@Z
+    - ??4CModuleConfig@@QAEAAV0@ABV0@@Z
+    - ??4CModuleFlagConfig@@QAEAAV0@ABV0@@Z
+    - ??4CModuleStringConfig@@QAEAAV0@ABV0@@Z
+    - ??4CSmartLock@@QAEAAV0@ABV0@@Z
+    - ??4CSmartLock@@QAEABV0@AAVCLockEvent@@@Z
+    - ??4CSmartResource@@QAEAAV0@ABV0@@Z
+    - ??4CSystemThread@@QAEAAV0@ABV0@@Z
+    - ??4CUserFuncAdapterJob@@QAEAAV0@ABV0@@Z
+    - ??4CWorkerThread@@QAEAAV0@ABV0@@Z
+    - ??4CWorkerThreadJob@@QAEAAV0@ABV0@@Z
+    - ??4IMemoryAllocator@@QAEAAV0@ABV0@@Z
+    - ??_7CAutoUpdateConfigThread@@6B@
+    - ??_7CBlobConfig@@6B@
+    - ??_7CContext@@6B@
+    - ??_7CContextList@@6B@
+    - ??_7CDebugLog@@6B@
+    - ??_7CDebugLogEx@@6B@
+    - ??_7CDelayLoadThread@@6B@
+    - ??_7CExclusionExtConfig@@6B@
+    - ??_7CExclusionFileNameConfig@@6B@
+    - ??_7CExclusionFilePathConfig@@6B@
+    - ??_7CExclusionFolderConfig@@6B@
+    - ??_7CExclusionRegistryConfig@@6B@
+    - ??_7CFile@@6B@
+    - ??_7CFileExtension@@6B@
+    - ??_7CInclusionExtConfig@@6B@
+    - ??_7CInclusionFileNameConfig@@6B@
+    - ??_7CInclusionFilePathConfig@@6B@
+    - ??_7CInclusionFolderConfig@@6B@
+    - ??_7CKEvent@@6B@
+    - ??_7CList@@6B@
+    - ??_7CLockEvent@@6B@
+    - ??_7CLockList@@6B@
+    - ??_7CMemoryAllocator@@6B@
+    - ??_7CMemoryPoolAllocator@@6B@
+    - ??_7CModuleConfig@@6B@
+    - ??_7CModuleConfigList@@6B@
+    - ??_7CModuleFileExtConfig@@6B@
+    - ??_7CModuleFlagConfig@@6B@
+    - ??_7CModuleMultiStringConfig@@6B@
+    - ??_7CModuleStringConfig@@6B@
+    - ??_7CNoLockList@@6B@
+    - ??_7CStrList@@6B@
+    - ??_7CSystemThread@@6B@
+    - ??_7CUserFuncAdapterJob@@6B@
+    - ??_7CWorkerThread@@6B@
+    - ??_7CWorkerThreadJob@@6B@
+    - ??_7CWorkerThreadJobQueue@@6B@
+    - ??_7CWorkerThreadPool@@6B@
+    - ??_7CWorkerThreadPoolEx@@6B@
+    - ??_7IMemoryAllocator@@6B@
+    - ??_FCContextList@@QAEXXZ
+    - ??_FCFile@@QAEXXZ
+    - ??_FCFileExtension@@QAEXXZ
+    - ??_FCModuleConfigList@@QAEXXZ
+    - ??_FCStrList@@QAEXXZ
+    - ??_FCSystemThread@@QAEXXZ
+    - ??_FCWorkerThread@@QAEXXZ
+    - ??_FCWorkerThreadJob@@QAEXXZ
+    - ??_FCWorkerThreadJobQueue@@QAEXXZ
+    - ??_U@YAPAXIPAVIMemoryAllocator@@PBDK@Z
+    - ??_V@YAXPAX@Z
+    - ?Acquire@CLockEvent@@QAEXXZ
+    - ?Add@CContextList@@QAEEPAVCContext@@@Z
+    - ?Add@CFileExtension@@QAEEPBGK@Z
+    - ?Add@CModuleConfigList@@QAEEPAVCModuleConfig@@@Z
+    - ?Add@CStrList@@QAEEPBG@Z
+    - ?AddNode@CLockList@@UAEEQAXE@Z
+    - ?AddNode@CNoLockList@@UAEEQAXE@Z
+    - ?Alloc@CMemoryAllocator@@UAEPAXKPBDK@Z
+    - ?Alloc@CMemoryPoolAllocator@@UAEPAXKPBDK@Z
+    - ?AllocBlock@CMemoryPoolAllocator@@IAEPAXK@Z
+    - ?AttachJobQueue@CWorkerThread@@QAEXPAVCWorkerThreadJobQueue@@@Z
+    - ?Cancel@CWorkerThreadJob@@QAEXXZ
+    - ?CheckNode@CLockList@@UAEHQAX@Z
+    - ?CheckNode@CNoLockList@@UAEHQAX@Z
+    - ?CleanQueue@CWorkerThreadJobQueue@@QAEXXZ
+    - ?Cleanup@CBlobConfig@@AAEXXZ
+    - ?Cleanup@CModuleFileExtConfig@@IAEXXZ
+    - ?Cleanup@CModuleMultiStringConfig@@IAEXXZ
+    - ?Cleanup@CModuleStringConfig@@AAEXXZ
+    - ?Close@CFile@@QAEJXZ
+    - ?Count@CLockList@@QAEKXZ
+    - ?Count@CNoLockList@@QAEKXZ
+    - ?Create@CFile@@QAEJPBGKKKK@Z
+    - ?Create@CSystemThread@@QAEEXZ
+    - ?CreateInstance@CMemoryAllocator@@SGPAV1@W4_POOL_TYPE@@K@Z
+    - ?CreateInstance@CMemoryPoolAllocator@@SGPAV1@W4_POOL_TYPE@@KKK@Z
+    - ?CreatePool@CWorkerThreadPool@@QAEEXZ
+    - ?CreatePool@CWorkerThreadPoolEx@@QAEEXZ
+    - ?CreateThreads@CWorkerThreadPool@@QAEEK@Z
+    - ?CreateThreads@CWorkerThreadPoolEx@@QAEEK@Z
+    - ?CreateWIRP@CFile@@QAEJPBGKKKK@Z
+    - ?Delete@CFile@@QAEJXZ
+    - ?Delete@CFileExtension@@QAEEPBGK@Z
+    - ?Delete@CStrList@@QAEEPBG@Z
+    - ?DeleteAll@CList@@UAEXXZ
+    - ?DeleteAll@CLockList@@UAEXXZ
+    - ?DeleteAll@CNoLockList@@UAEXXZ
+    - ?DeleteNode@CContextList@@MAEXPAX@Z
+    - ?DeleteNode@CList@@UAEXPAX@Z
+    - ?DeleteNode@CModuleConfigList@@MAEXPAX@Z
+    - ?DeleteNode@CStrList@@EAEXPAU_STR_LIST_NODE@1@@Z
+    - ?DisableWriteProtectFromCR0@@YGXPAPAX@Z
+    - ?DoIt@CWorkerThreadJob@@QAEJXZ
+    - ?EntryPoint@CSystemThread@@KGXPAX@Z
+    - ?Find@CContextList@@QAEPAVCContext@@K@Z
+    - ?Find@CContextList@@QAEPAVCContext@@PAX@Z
+    - ?Find@CFileExtension@@QAEPAU_STR_LIST_NODE@CStrList@@PBGK@Z
+    - ?Find@CModuleConfigList@@QAEPAVCModuleConfig@@K@Z
+    - ?Find@CStrList@@QAEPAU_STR_LIST_NODE@1@PBG@Z
+    - ?FindNode@CContextList@@IAEPAXPAX@Z
+    - ?FindPartiallyAndAllMatch@CStrList@@QAEPAU_STR_LIST_NODE@1@PBG@Z
+    - ?FinishFunction@CUserFuncAdapterJob@@MAEXXZ
+    - ?FinishIt@CWorkerThreadJob@@QAEJXZ
+    - ?First@CList@@UAEPAXXZ
+    - ?First@CLockList@@UAEPAXXZ
+    - ?First@CNoLockList@@UAEPAXXZ
+    - ?Free@CMemoryAllocator@@UAEXPAX@Z
+    - ?Free@CMemoryPoolAllocator@@UAEXPAX@Z
+    - ?GetAttributes@CFile@@QAEKXZ
+    - ?GetBasicInfomration@CFile@@IAEJXZ
+    - ?GetBlobCofig@CContext@@UAEJKPAXPAK@Z
+    - ?GetCategory@CContext@@QAEKXZ
+    - ?GetData@CBlobConfig@@QAEHPAXPAK@Z
+    - ?GetData@CModuleFileExtConfig@@QAEHPAGPAK@Z
+    - ?GetData@CModuleFileExtConfig@@QAEPAVCFileExtension@@XZ
+    - ?GetData@CModuleFlagConfig@@QAEKXZ
+    - ?GetData@CModuleMultiStringConfig@@QAEHPAGPAK@Z
+    - ?GetData@CModuleMultiStringConfig@@QAEPAVCStrList@@XZ
+    - ?GetData@CModuleStringConfig@@QAEPAGXZ
+    - ?GetData@CStrList@@QAEEPAGPAK@Z
+    - ?GetDataType@CModuleConfig@@QAEKXZ
+    - ?GetEngineContext@CContext@@QAEPAXXZ
+    - ?GetFileExtensionConfig@CContext@@QAEPAVCFileExtension@@K@Z
+    - ?GetFileExtensionConfig@CContext@@UAEJKPAGPAK@Z
+    - ?GetFileSize@CFile@@QAEJPAT_LARGE_INTEGER@@@Z
+    - ?GetFileSizeWIRP@CFile@@QAEJPAT_LARGE_INTEGER@@@Z
+    - ?GetFlagConfig@CContext@@UAEJKPAK@Z
+    - ?GetID@CModuleConfig@@QAEKXZ
+    - ?GetJob@CWorkerThreadJobQueue@@QAEPAVCWorkerThreadJob@@XZ
+    - ?GetLength@CModuleStringConfig@@QAEKXZ
+    - ?GetLinkContext@CContext@@QAEPAXXZ
+    - ?GetLogFlag@CDebugLog@@QAEKXZ
+    - ?GetLogFlag@CDebugLogEx@@QAEKXZ
+    - ?GetModuleId@CModuleConfig@@QAEKXZ
+    - ?GetMultiStringConfig@CContext@@QAEPAVCStrList@@K@Z
+    - ?GetMultiStringConfig@CContext@@UAEJKPAGPAK@Z
+    - ?GetOneThreadTEB@CWorkerThreadPool@@QAEPAU_ETHREAD@@XZ
+    - ?GetOneThreadTEB@CWorkerThreadPool@@QAEPAU_KTHREAD@@XZ
+    - ?GetOneThreadTEB@CWorkerThreadPoolEx@@QAEPAU_ETHREAD@@XZ
+    - ?GetOneThreadTEB@CWorkerThreadPoolEx@@QAEPAU_KTHREAD@@XZ
+    - ?GetReportCallBackRoutine@CContext@@QAEKXZ
+    - ?GetSize@CBlobConfig@@QAEKXZ
+    - ?GetStringConfig@CContext@@QAEPAGK@Z
+    - ?GetStringConfig@CContext@@UAEJKPAGPAK@Z
+    - ?GetThreadCount@CWorkerThreadPool@@QAEKXZ
+    - ?GetThreadCount@CWorkerThreadPoolEx@@QAEKXZ
+    - ?GetThreadID@CSystemThread@@QAEKXZ
+    - ?GetType@CContext@@QAEKXZ
+    - ?GetUserParameter@CContext@@QAEKXZ
+    - ?InitProcMon@CDebugLogEx@@IAEXXZ
+    - ?InitializeBlobConfig@CContext@@QAEHKPAXK@Z
+    - ?InitializeFileExtensionConfig@CContext@@QAEHKPBG@Z
+    - ?InitializeFlagConfig@CContext@@QAEHKK@Z
+    - ?InitializeMultiStringConfig@CContext@@QAEHKPBG@Z
+    - ?InitializeStringConfig@CContext@@QAEHKPBG@Z
+    - ?Insert@CList@@UAEXQAXE@Z
+    - ?Insert@CLockList@@UAEXQAXE@Z
+    - ?Insert@CNoLockList@@UAEXQAXE@Z
+    - ?InsertAfter@CList@@UAEXPAX0@Z
+    - ?InsertBefore@CList@@UAEXPAX0@Z
+    - ?Instance@CWorkerThreadPool@@SGPAV1@XZ
+    - ?IsEmpty@CList@@UAEEXZ
+    - ?IsEmpty@CLockList@@UAEEXZ
+    - ?IsEmpty@CNoLockList@@UAEEXZ
+    - ?IsExceedLimitation@CMemoryPoolAllocator@@IAEEK@Z
+    - ?IsFull@CLockList@@QBEEXZ
+    - ?IsFull@CNoLockList@@QBEEXZ
+    - ?IsInExclusionList@CExclusionExtConfig@@QAEEPBG@Z
+    - ?IsInExclusionList@CExclusionFileNameConfig@@QAEEPBG@Z
+    - ?IsInExclusionList@CExclusionFilePathConfig@@QAEEPBG@Z
+    - ?IsInExclusionList@CExclusionFolderConfig@@QAEEPBG@Z
+    - ?IsInExclusionList@CExclusionRegistryConfig@@QAEEPBG@Z
+    - ?IsInInclusionList@CInclusionExtConfig@@QAEEPBG@Z
+    - ?IsInInclusionList@CInclusionFileNameConfig@@QAEEPBG@Z
+    - ?IsInInclusionList@CInclusionFilePathConfig@@QAEEPBG@Z
+    - ?IsInInclusionList@CInclusionFolderConfig@@QAEEPBG@Z
+    - ?IsOpened@CFile@@QAEEXZ
+    - ?IsTerminated@CWorkerThreadPool@@QAEEXZ
+    - ?IsTerminated@CWorkerThreadPoolEx@@QAEEXZ
+    - ?IsValid@CMemoryAllocator@@UAEEXZ
+    - ?IsValid@CMemoryPoolAllocator@@UAEEXZ
+    - ?IsValid@IMemoryAllocator@@UAEEXZ
+    - ?IsWorkerThread@CWorkerThreadPool@@QAEEK@Z
+    - ?IsWorkerThread@CWorkerThreadPoolEx@@QAEEK@Z
+    - ?JobFunction@CUserFuncAdapterJob@@MAEXXZ
+    - ?JobQueue@CWorkerThreadPool@@QAEAAVCWorkerThreadJobQueue@@XZ
+    - ?JobQueue@CWorkerThreadPoolEx@@QAEAAVCWorkerThreadJobQueue@@XZ
+    - ?Limit@CLockList@@QAEKXZ
+    - ?Limit@CNoLockList@@QAEKXZ
+    - ?MatchAllExtensions@CFileExtension@@QAEEXZ
+    - ?MatchNoExtensions@CFileExtension@@QAEEXZ
+    - ?MergeLeft@CMemoryPoolAllocator@@IAEPAXPAX@Z
+    - ?MergeRight@CMemoryPoolAllocator@@IAEPAXPAX@Z
+    - ?NeedDelete@CWorkerThreadJob@@QAEEXZ
+    - ?NeedDeleteWhenFinish@CWorkerThreadJob@@QAEXE@Z
+    - ?NewNode@CList@@UAEPAXXZ
+    - ?NewNode@CStrList@@EAEPAXXZ
+    - ?NewNodeVariant@CList@@IAEPAXK@Z
+    - ?Next@CList@@UBEPAXQAX@Z
+    - ?Next@CLockList@@UBEPAXQAX@Z
+    - ?Next@CNoLockList@@UBEPAXQAX@Z
+    - ?NextPool@CMemoryPoolAllocator@@QAEPAV1@XZ
+    - ?NotityTerminate@CWorkerThread@@QAEXXZ
+    - ?PostJobToWorkerThread@CWorkerThreadPool@@QAEJP6GXPAX@Z0E@Z
+    - ?PostJobToWorkerThread@CWorkerThreadPoolEx@@QAEJP6GXPAX@Z0E1@Z
+    - ?Pulse@CKEvent@@QAEJJE@Z
+    - ?QueueJob@CWorkerThreadJobQueue@@QAEEPAVCWorkerThreadJob@@@Z
+    - ?QueueJobItem@CWorkerThreadPool@@QAEJPAVCWorkerThreadJob@@@Z
+    - ?QueueJobItem@CWorkerThreadPoolEx@@QAEJPAVCWorkerThreadJob@@@Z
+    - ?RCMInstance@CWorkerThreadPool@@SGPAV1@XZ
+    - ?Read@CFile@@QAEJPADKPAK@Z
+    - ?ReadWIRP@CFile@@QAEJPADKPAK@Z
+    - ?ReferenceCount@CContext@@QAEAAKXZ
+    - ?Release@CLockEvent@@QAEXXZ
+    - ?Remove@CContextList@@UAEEQAX@Z
+    - ?Remove@CList@@UAEEQAX@Z
+    - ?Remove@CLockList@@UAEEQAX@Z
+    - ?Remove@CNoLockList@@UAEEQAX@Z
+    - ?RemoveHead@CList@@UAEPAXXZ
+    - ?RemoveHead@CLockList@@UAEPAXXZ
+    - ?RemoveHead@CNoLockList@@UAEPAXXZ
+    - ?RemoveTail@CList@@UAEPAXXZ
+    - ?RemoveTail@CLockList@@UAEPAXXZ
+    - ?RemoveTail@CNoLockList@@UAEPAXXZ
+    - ?Reset@CKEvent@@QAEXXZ
+    - ?ResetData@CInclusionExtConfig@@QAEXXZ
+    - ?ResetData@CInclusionFileNameConfig@@QAEXXZ
+    - ?ResetData@CInclusionFilePathConfig@@QAEXXZ
+    - ?ResetData@CInclusionFolderConfig@@QAEXXZ
+    - ?RestoreCR0@@YGXPAX@Z
+    - ?Run@CAutoUpdateConfigThread@@UAEXXZ
+    - ?Run@CDelayLoadThread@@UAEXXZ
+    - ?Run@CWorkerThread@@UAEXXZ
+    - ?SeekToEnd@CFile@@QAEJXZ
+    - ?Set@CKEvent@@QAEJJE@Z
+    - ?SetAttributes@CFile@@QAEJK@Z
+    - ?SetBlobCofig@CContext@@UAEJKPAXK@Z
+    - ?SetData@CBlobConfig@@QAEHPAXK@Z
+    - ?SetData@CModuleFileExtConfig@@QAEHPBG@Z
+    - ?SetData@CModuleFlagConfig@@QAEHK@Z
+    - ?SetData@CModuleMultiStringConfig@@QAEHPBGK@Z
+    - ?SetData@CModuleStringConfig@@QAEHPBG@Z
+    - ?SetEngineContext@CContext@@QAEXPAX@Z
+    - ?SetFileExtensionConfig@CContext@@UAEJKPBG@Z
+    - ?SetFlagConfig@CContext@@UAEJKK@Z
+    - ?SetLinkContext@CContext@@QAEXPAX@Z
+    - ?SetLogFlag@CDebugLog@@QAEEK@Z
+    - ?SetLogFlag@CDebugLogEx@@QAEEK@Z
+    - ?SetMatchAllExtensions@CFileExtension@@QAEXE@Z
+    - ?SetMatchNoExtensions@CFileExtension@@QAEXE@Z
+    - ?SetMultiStringConfig@CContext@@UAEJKPBG@Z
+    - ?SetNewJobItemEvent@CWorkerThreadJobQueue@@QAEXXZ
+    - ?SetPriority@CSystemThread@@QAEXK@Z
+    - ?SetStopUse@CContext@@QAEXXZ
+    - ?SetStringConfig@CContext@@UAEJKPBG@Z
+    - ?Setup@CSystemThread@@MAEXXZ
+    - ?StopUse@CContext@@QAEHXZ
+    - ?TearDown@CSystemThread@@MAEXXZ
+    - ?Terminate@CSystemThread@@QAEXE@Z
+    - ?Terminate@CWorkerThreadPool@@QAEEXZ
+    - ?Terminate@CWorkerThreadPoolEx@@QAEEXZ
+    - ?TmExceptionFilter@@YGJPAU_EXCEPTION_POINTERS@@@Z
+    - ?Wait@CKEvent@@QAEJPAT_LARGE_INTEGER@@E@Z
+    - ?WaitFinish@CWorkerThreadJob@@QAEXXZ
+    - ?WaitForInit@CDelayLoadThread@@QAEEXZ
+    - ?WaitForLoad@CDelayLoadThread@@QAEEXZ
+    - ?WaitNewJobAvailable@CWorkerThreadJobQueue@@QAEEXZ
+    - ?WaitQueueEmpty@CWorkerThreadJobQueue@@QAEXXZ
+    - ?Write@CDebugLog@@QAAXPBDZZ
+    - ?Write@CDebugLogEx@@QAAXPBDZZ
+    - ?Write@CFile@@QAEJPADKPAT_LARGE_INTEGER@@PAK@Z
+    - ?WriteDataToFile@CDebugLogEx@@IAEXPADK@Z
+    - ?WriteDataToProcMonW@CDebugLogEx@@IAEXPAD@Z
+    - ?WriteSystemInformation@CDebugLog@@QAEXXZ
+    - ?WriteSystemInformation@CDebugLogEx@@QAEXXZ
+    - ?WriteSystemStringInformation@CDebugLog@@IAEXPBG@Z
+    - ?WriteSystemStringInformation@CDebugLogEx@@IAEXPBG@Z
+    - ?WriteToFile@CDebugLog@@IAEXPADK@Z
+    - ?WriteToProcMonW@CDebugLogEx@@IAEXPAU_UNICODE_STRING@@@Z
+    - ?_pNonPagedAllocator@@3PAVCMemoryAllocator@@A
+    - ?_pPagedAllocator@@3PAVCMemoryAllocator@@A
+    - ?m_lpInstance@CWorkerThreadPool@@1PAV1@A
+    - ?m_lpRCMInstance@CWorkerThreadPool@@1PAV1@A
+    - _AllocFullFileName@8
+    - _DeInitKm2UmCommunication@0
+    - _DeInitKmLPC@0
+    - _DuplicateFullFileName@4
+    - _FreeFullFileName@4
+    - _GetKm2UmMode@0
+    - _GetModuleInfoByAddress@8
+    - _GetModuleInfoByModuleName@8
+    - _InitKm2UmCommunication@8
+    - _InitKmLPC@0
+    - _IsVerifierCodeCheckFlagOn@0
+    - _IsWindows8_1_update@4
+    - _KmCallUm@8
+    - _KmCallUmByLPC@8
+    - _KmCallUmEx@12
+    - _KmCleanupCommPortAPIs@0
+    - _KmGetUmInitProcess@0
+    - _KmSetBackupCommPortAPIs@4
+    - _KmSetCommPortAPIs@4
+    - _ModGetExportProcAddress@8
+    - _ModLoadDLLToBuffer@4
+    - _ModLoadDLLToBufferWithImageSize@8
+    - _ModLoadModule@8
+    - _ModUnLoadModule@4
+    - _NormalizeFileName@4
+    - _NormalizeFullNtPathToDosName@4
+    - _TmCommConfigRoutine@4
+    - _UtilAddDeviceInDriveTable@4
+    - _UtilAddReparsePointMapping@8
+    - _UtilCleanFileReadOnly@4
+    - _UtilCloseExclusiveHandle@12
+    - _UtilCreateDosFileName@8
+    - _UtilDeleteFileForce@4
+    - _UtilGetDeviceObjectName@8
+    - _UtilGetFileNameFromFileObject@4
+    - _UtilGetFileObjectForProcessByEPROC@8
+    - _UtilGetFileObjectFromFileName@12
+    - _UtilGetProcessName@12
+    - _UtilGetSystemDirectory@4
+    - _UtilGetSystemDirectoryEx@0
+    - _UtilGetSystemDirectoryLength@0
+    - _UtilGetSystemTime@4
+    - _UtilIoSetFileInfo@24
+    - _UtilIopCreateFileIRP@40
+    - _UtilKeGetLowFileDevice@16
+    - _UtilModuleIATHook@24
+    - _UtilModuleIATUnHook@8
+    - _UtilPostJobToWorkerThread@12
+    - _UtilQueryExclusiveHandle@12
+    - _UtilQueryKeyValue@24
+    - _UtilRemoveDeviceFromDriveTable@4
+    - _UtilVolumeDeviceToDosName@8
+    - _UtilWaitValueChangeToZero@8
+    - _UtilWriteVersionToRegistry@8
+    - _UtilbuildDynamicDiskMappingTable@0
+    - _UtlWriteBinValueKeyToRegistry@16
+    - _ValidateAddressWithSize@20
+    - __ResetProtectFromClose@4
+    - __UtilDosPathNameToNtPathName@12
+    ImportedFunctions:
+    - ProbeForRead
+    - ProbeForWrite
+    - ExAcquireResourceSharedLite
+    - ExAcquireResourceExclusiveLite
+    - ExReleaseResourceLite
+    - MmProbeAndLockPages
+    - MmUnlockPages
+    - MmMapLockedPagesSpecifyCache
+    - IoAllocateMdl
+    - IoFreeMdl
+    - IoGetCurrentProcess
+    - ObfReferenceObject
+    - ObfDereferenceObject
+    - ZwClose
+    - ZwCreateSection
+    - ZwOpenSection
+    - ZwMapViewOfSection
+    - ZwUnmapViewOfSection
+    - ZwOpenEvent
+    - KePulseEvent
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - ObOpenObjectByPointer
+    - ZwAllocateVirtualMemory
+    - ZwFreeVirtualMemory
+    - ZwSetEvent
+    - _allmul
+    - memcpy
+    - memset
+    - PsProcessType
+    - wcsncpy
+    - wcsrchr
+    - RtlUnicodeStringToInteger
+    - ZwWaitForSingleObject
+    - ZwRequestWaitReplyPort
+    - ZwConnectPort
+    - swprintf
+    - RtlCopyUnicodeString
+    - DbgPrint
+    - KeDelayExecutionThread
+    - KeQuerySystemTime
+    - ExAllocatePoolWithTag
+    - ExInitializeResourceLite
+    - ExDeleteResourceLite
+    - PsGetVersion
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - IoGetDeviceObjectPointer
+    - ObReferenceObjectByHandle
+    - PsGetCurrentProcessId
+    - ZwCreateEvent
+    - ExEventObjectType
+    - MmSectionObjectType
+    - PsThreadType
+    - SeCaptureSubjectContext
+    - SeReleaseSubjectContext
+    - SeAccessCheck
+    - ObGetObjectSecurity
+    - ObReleaseObjectSecurity
+    - PsGetProcessExitTime
+    - RtlCreateSecurityDescriptor
+    - RtlSetDaclSecurityDescriptor
+    - KeInitializeSemaphore
+    - KeReleaseSemaphore
+    - RtlCreateAcl
+    - RtlAddAccessAllowedAce
+    - RtlLengthRequiredSid
+    - RtlInitializeSid
+    - RtlSubAuthoritySid
+    - ExGetPreviousMode
+    - _wcsnicmp
+    - PsSetCreateProcessNotifyRoutine
+    - ZwQueryInformationProcess
+    - PsLookupProcessByProcessId
+    - ZwOpenDirectoryObject
+    - MmIsAddressValid
+    - ZwCreateFile
+    - ZwQueryInformationFile
+    - ZwSetInformationFile
+    - ZwReadFile
+    - ZwWriteFile
+    - towupper
+    - MmGetSystemRoutineAddress
+    - ObReferenceObjectByPointer
+    - ObQueryNameString
+    - MmHighestUserAddress
+    - _snprintf
+    - _vsnprintf
+    - RtlInitAnsiString
+    - RtlAnsiStringToUnicodeString
+    - RtlFreeUnicodeString
+    - RtlTimeToTimeFields
+    - KeWaitForMultipleObjects
+    - ExSystemTimeToLocalTime
+    - ZwCreateKey
+    - PsGetCurrentThreadId
+    - ZwDeviceIoControlFile
+    - ZwNotifyChangeKey
+    - ExReleaseFastMutexUnsafe
+    - ZwQueryVolumeInformationFile
+    - mbstowcs
+    - _stricmp
+    - RtlImageNtHeader
+    - ZwQuerySystemInformation
+    - _strnicmp
+    - RtlCompareUnicodeString
+    - RtlCompareMemory
+    - MmBuildMdlForNonPagedPool
+    - IoAllocateIrp
+    - IofCallDriver
+    - IoFreeIrp
+    - RtlUpperChar
+    - ObReferenceObjectByName
+    - IoFileObjectType
+    - IoDriverObjectType
+    - IoBuildDeviceIoControlRequest
+    - IoCreateFile
+    - RtlEqualUnicodeString
+    - RtlAppendUnicodeStringToString
+    - RtlUpcaseUnicodeChar
+    - RtlPrefixUnicodeString
+    - _snwprintf
+    - strncpy
+    - NtOpenProcess
+    - NtQueryInformationProcess
+    - PsIsThreadTerminating
+    - ObOpenObjectByName
+    - KeServiceDescriptorTable
+    - KeAddSystemServiceTable
+    - KeSetPriorityThread
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - KeNumberProcessors
+    - RtlLengthSecurityDescriptor
+    - ZwOpenKey
+    - ZwDeleteKey
+    - ZwDeleteValueKey
+    - ZwEnumerateKey
+    - ZwEnumerateValueKey
+    - ZwQueryKey
+    - ZwQueryValueKey
+    - ZwSetValueKey
+    - ZwTerminateProcess
+    - ZwOpenProcess
+    - ZwQuerySecurityObject
+    - ZwSetSecurityObject
+    - ZwQueryDirectoryObject
+    - ZwQueryDirectoryFile
+    - _allrem
+    - RtlAppendUnicodeToString
+    - ZwFsControlFile
+    - ObInsertObject
+    - strrchr
+    - wcschr
+    - wcsncmp
+    - RtlQueryRegistryValues
+    - IoBuildAsynchronousFsdRequest
+    - ZwOpenSymbolicLinkObject
+    - ZwQuerySymbolicLinkObject
+    - RtlUpcaseUnicodeString
+    - NtClose
+    - ZwSetInformationObject
+    - SeQueryAuthenticationIdToken
+    - MmSystemRangeStart
+    - IoGetFileObjectGenericMapping
+    - ObCreateObject
+    - SeCreateAccessState
+    - IoAcquireVpbSpinLock
+    - IoReleaseVpbSpinLock
+    - wcstombs
+    - strncat
+    - wcsncat
+    - RtlUnicodeStringToAnsiString
+    - RtlFreeAnsiString
+    - wcsstr
+    - ExAllocatePool
+    - ExInterlockedPopEntrySList
+    - IoBuildSynchronousFsdRequest
+    - IoGetStackLimits
+    - IoGetDeviceInterfaces
+    - IoRegisterPlugPlayNotification
+    - IoUnregisterPlugPlayNotification
+    - IoGetConfigurationInformation
+    - FsRtlIsNameInExpression
+    - RtlUnwind
+    - IoDeviceObjectType
+    - IoCreateDevice
+    - RtlGetOwnerSecurityDescriptor
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetSaclSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - RtlLengthSid
+    - SeExports
+    - IoIsWdmVersionAvailable
+    - RtlAbsoluteToSelfRelativeSD
+    - ExAcquireFastMutexUnsafe
+    - ExFreePoolWithTag
+    - KeBugCheckEx
+    - KeWaitForSingleObject
+    - KeLeaveCriticalRegion
+    - KeEnterCriticalRegion
+    - KeSetEvent
+    - KeClearEvent
+    - KeInitializeEvent
+    - RtlInitUnicodeString
+    - KeGetCurrentThread
+    - memmove
+    - ZwOpenFile
+    - _purecall
+    - ClassInitialize
+    - KfRaiseIrql
+    - KeReleaseQueuedSpinLock
+    - KeAcquireQueuedSpinLock
+    - KfAcquireSpinLock
+    - KfLowerIrql
+    - KeGetCurrentIrql
+    - ExReleaseFastMutex
+    - ExAcquireFastMutex
+    - KeRaiseIrqlToDpcLevel
+    - KfReleaseSpinLock
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=TW, L=Taipei, O=Trend Micro, Inc., OU=Taipei, TW, CN=Trend
+                Micro, Inc.
+            ValidFrom: '2019-07-12 00:00:00'
+            ValidTo: '2020-07-10 12:00:00'
+            Signature: 5c08ae5d586a4751195382d6889dc2fc500e7c39c641e1a58def8d923e12b754e2cc35720cc8d3d29382980debf7d98fcc17d764187126dd07c134fdbb96dd44fe8a40195df6f6acd1881fa5ba2921dadceb3f64422344672834813916bbdf317533cf6aaf3317d78197d7d6c560ad681de135f39e2d4ad345b7fe491162660a5462c6075fd725382df1e6e6bc3a4c443be778f79b07f181082e38150ca28ab932f99e4bc4185dc5b3b6edf22c187fdfd84e23a21e7da1989837f43b89aa172e6b34dbcb297bffd511a1d1c100b25e0e921f622a0845e23317f9fec83659ca21c241800683e0dd66ce4d042a8aefc4142b5923a6fa93ee72c48e8dc04c13b4b0
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ea0fe4dfb74cc64bc32143103c27c8b
+            Version: 3
+            TBS:
+                MD5: e93e004baa6013b41135ac0648e29d5b
+                SHA1: dc91e26674d4b627319c700d3ebb1a6cf83d358e
+                SHA256: 0d20335edb166a303411548471bee6f301c8b4f7f7e453d09c15303de2c888d7
+                SHA384: 5e0130ee64e28e6366fcf0ca8a126b3f7e06eec60b8a46ac90dbfa858aac8f0c1a9cce248a606fdf9a98eae98dd5d887
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
+            Version: 3
+            TBS:
+                MD5: 829995f702421dea833a24fb2c7f4442
+                SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
+                SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
+                SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
+        Signer:
+        -   SerialNumber: 0ea0fe4dfb74cc64bc32143103c27c8b
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 43b6bdf46f2eed0061a488cd8b6e0417
+        SHA1: 92e68f440af273e47d6e42c6cfeb27de0069e8eb
+        SHA256: fb37cac37cea05fdfdf6006b40bf804d46870e037ac1c836014bb9613c2256a0
+    Sections:
+        .text:
+            Entropy: 6.773538420139162
+            Virtual Size: '0x39746'
+        .rdata:
+            Entropy: 5.122447142288969
+            Virtual Size: '0x22f4'
+        .data:
+            Entropy: 4.298114547131317
+            Virtual Size: '0x3444'
+        PAGE:
+            Entropy: 6.2892805988471245
+            Virtual Size: '0x15da'
+        .edata:
+            Entropy: 5.836862891614327
+            Virtual Size: '0x5635'
+        INIT:
+            Entropy: 5.722338444534344
+            Virtual Size: '0x16ec'
+        .rsrc:
+            Entropy: 3.3520242145445915
+            Virtual Size: '0x568'
+        .reloc:
+            Entropy: 6.787941917403422
+            Virtual Size: '0x3554'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2019-10-25 05:13:45'
+    Imphash: 64d934652c680b7759f6e75d05ee3072
+    LoadsDespiteHVCI: 'TRUE'
+-   Filename: TmComm.sys
+    MD5: 949ef0df929a71d6cc77494dfcb1ddeb
+    SHA1: a34adabde63514e1916713a588905c4019f83efb
+    SHA256: ed2f33452ec32830ffef2d5dc832985db9600c306ed890c47f3f33ccbb335c39
+    Authentihash:
+        MD5: aa72488d023f12e4252ac8c34499bc3c
+        SHA1: f3beb6685e5b2a2492d1da242c6e1e15a32b1c4f
+        SHA256: a4a7794cdb933d71f57cf9f31188c1152bdc9fc429e17a84c4f639942965311d
+    Description: TrendMicro Common Module
+    Company: Trend Micro Inc.
+    InternalName: TmComm.sys
+    OriginalFilename: TmComm.sys
+    FileVersion: 2.80.0.1063
+    Product: Trend Micro AEGIS
+    ProductVersion: '2.80'
+    Copyright: Copyright (C) 2005-2009 Trend Micro Incorporated. All rights reserved.
+    MachineType: I386
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    - CLASSPNP.SYS
+    ExportedFunctions:
+    - ??0CAutoUpdateConfigThread@@QAE@ABV0@@Z
+    - ??0CAutoUpdateConfigThread@@QAE@PAU_UNICODE_STRING@@P6GX0PAX@Z1@Z
+    - ??0CBlobConfig@@QAE@ABV0@@Z
+    - ??0CBlobConfig@@QAE@K@Z
+    - ??0CContext@@QAE@ABV0@@Z
+    - ??0CContext@@QAE@KP6GJPAU_EVENT_REPORT@@PAXPAU_TMCE_REPORT@@PAU_TMCE_FEEDBACK@@@Z1K@Z
+    - ??0CContextList@@QAE@ABV0@@Z
+    - ??0CContextList@@QAE@KPAVIMemoryAllocator@@@Z
+    - ??0CDebugLog@@QAE@ABV0@@Z
+    - ??0CDebugLog@@QAE@PBG@Z
+    - ??0CExclusionExtConfig@@QAE@ABV0@@Z
+    - ??0CExclusionExtConfig@@QAE@KKE@Z
+    - ??0CExclusionFileNameConfig@@QAE@ABV0@@Z
+    - ??0CExclusionFileNameConfig@@QAE@KK@Z
+    - ??0CExclusionFilePathConfig@@QAE@ABV0@@Z
+    - ??0CExclusionFilePathConfig@@QAE@KK@Z
+    - ??0CExclusionFolderConfig@@QAE@ABV0@@Z
+    - ??0CExclusionFolderConfig@@QAE@KK@Z
+    - ??0CExclusionRegistryConfig@@QAE@ABV0@@Z
+    - ??0CExclusionRegistryConfig@@QAE@KK@Z
+    - ??0CFile@@QAE@ABV0@@Z
+    - ??0CFile@@QAE@E@Z
+    - ??0CFileExtension@@QAE@ABV0@@Z
+    - ??0CFileExtension@@QAE@KEEPAVIMemoryAllocator@@@Z
+    - ??0CKEvent@@QAE@ABV0@@Z
+    - ??0CKEvent@@QAE@W4_EVENT_TYPE@@E@Z
+    - ??0CList@@QAE@ABV0@@Z
+    - ??0CList@@QAE@KPAVIMemoryAllocator@@@Z
+    - ??0CLockEvent@@QAE@ABV0@@Z
+    - ??0CLockEvent@@QAE@XZ
+    - ??0CLockList@@QAE@ABV0@@Z
+    - ??0CLockList@@QAE@KKPAVIMemoryAllocator@@@Z
+    - ??0CMemoryAllocator@@IAE@W4_POOL_TYPE@@K@Z
+    - ??0CMemoryAllocator@@QAE@ABV0@@Z
+    - ??0CMemoryPoolAllocator@@IAE@W4_POOL_TYPE@@KKK@Z
+    - ??0CMemoryPoolAllocator@@QAE@ABV0@@Z
+    - ??0CModuleConfig@@QAE@ABV0@@Z
+    - ??0CModuleConfig@@QAE@XZ
+    - ??0CModuleConfigList@@QAE@ABV0@@Z
+    - ??0CModuleConfigList@@QAE@KPAVIMemoryAllocator@@@Z
+    - ??0CModuleFileExtConfig@@QAE@ABV0@@Z
+    - ??0CModuleFileExtConfig@@QAE@KKE@Z
+    - ??0CModuleFlagConfig@@QAE@ABV0@@Z
+    - ??0CModuleFlagConfig@@QAE@K@Z
+    - ??0CModuleMultiStringConfig@@QAE@ABV0@@Z
+    - ??0CModuleMultiStringConfig@@QAE@KK@Z
+    - ??0CModuleStringConfig@@QAE@ABV0@@Z
+    - ??0CModuleStringConfig@@QAE@K@Z
+    - ??0CSmartLock@@QAE@AAVCLockEvent@@@Z
+    - ??0CSmartLock@@QAE@XZ
+    - ??0CSmartReference@@QAE@AAJ@Z
+    - ??0CSmartReference@@QAE@AAK@Z
+    - ??0CStrList@@QAE@ABV0@@Z
+    - ??0CStrList@@QAE@KPAVIMemoryAllocator@@@Z
+    - ??0CSystemThread@@QAE@ABV0@@Z
+    - ??0CSystemThread@@QAE@K@Z
+    - ??0CUserFuncAdapterJob@@QAE@ABV0@@Z
+    - ??0CUserFuncAdapterJob@@QAE@P6GXPAX@Z0@Z
+    - ??0CWorkerThread@@IAE@PAVCWorkerThreadJobQueue@@@Z
+    - ??0CWorkerThread@@QAE@ABV0@@Z
+    - ??0CWorkerThreadJob@@QAE@ABV0@@Z
+    - ??0CWorkerThreadJob@@QAE@E@Z
+    - ??0CWorkerThreadJobQueue@@QAE@ABV0@@Z
+    - ??0CWorkerThreadJobQueue@@QAE@K@Z
+    - ??0CWorkerThreadPool@@QAE@ABV0@@Z
+    - ??0CWorkerThreadPool@@QAE@K@Z
+    - ??0IMemoryAllocator@@QAE@ABV0@@Z
+    - ??0IMemoryAllocator@@QAE@XZ
+    - ??1CAutoUpdateConfigThread@@UAE@XZ
+    - ??1CBlobConfig@@UAE@XZ
+    - ??1CContext@@UAE@XZ
+    - ??1CContextList@@UAE@XZ
+    - ??1CDebugLog@@UAE@XZ
+    - ??1CExclusionExtConfig@@UAE@XZ
+    - ??1CExclusionFileNameConfig@@UAE@XZ
+    - ??1CExclusionFilePathConfig@@UAE@XZ
+    - ??1CExclusionFolderConfig@@UAE@XZ
+    - ??1CExclusionRegistryConfig@@UAE@XZ
+    - ??1CFile@@UAE@XZ
+    - ??1CFileExtension@@UAE@XZ
+    - ??1CKEvent@@UAE@XZ
+    - ??1CList@@UAE@XZ
+    - ??1CLockEvent@@UAE@XZ
+    - ??1CLockList@@UAE@XZ
+    - ??1CMemoryAllocator@@UAE@XZ
+    - ??1CMemoryPoolAllocator@@UAE@XZ
+    - ??1CModuleConfig@@UAE@XZ
+    - ??1CModuleConfigList@@UAE@XZ
+    - ??1CModuleFileExtConfig@@UAE@XZ
+    - ??1CModuleFlagConfig@@UAE@XZ
+    - ??1CModuleMultiStringConfig@@UAE@XZ
+    - ??1CModuleStringConfig@@UAE@XZ
+    - ??1CSmartLock@@QAE@XZ
+    - ??1CSmartReference@@QAE@XZ
+    - ??1CStrList@@UAE@XZ
+    - ??1CSystemThread@@UAE@XZ
+    - ??1CUserFuncAdapterJob@@UAE@XZ
+    - ??1CWorkerThread@@UAE@XZ
+    - ??1CWorkerThreadJob@@UAE@XZ
+    - ??1CWorkerThreadJobQueue@@UAE@XZ
+    - ??1CWorkerThreadPool@@UAE@XZ
+    - ??1IMemoryAllocator@@UAE@XZ
+    - ??2@YAPAXIPAVIMemoryAllocator@@PBDK@Z
+    - ??2CMemoryAllocator@@SGPAXI@Z
+    - ??2CMemoryPoolAllocator@@SGPAXI@Z
+    - ??3@YAXPAX@Z
+    - ??3IMemoryAllocator@@SGXPAX@Z
+    - ??4CAutoUpdateConfigThread@@QAEAAV0@ABV0@@Z
+    - ??4CBlobConfig@@QAEAAV0@ABV0@@Z
+    - ??4CContext@@QAEAAV0@ABV0@@Z
+    - ??4CDebugLog@@QAEAAV0@ABV0@@Z
+    - ??4CFile@@QAEAAV0@ABV0@@Z
+    - ??4CKEvent@@QAEAAV0@ABV0@@Z
+    - ??4CLockEvent@@QAEAAV0@ABV0@@Z
+    - ??4CMemoryAllocator@@QAEAAV0@ABV0@@Z
+    - ??4CMemoryPoolAllocator@@QAEAAV0@ABV0@@Z
+    - ??4CModuleConfig@@QAEAAV0@ABV0@@Z
+    - ??4CModuleFlagConfig@@QAEAAV0@ABV0@@Z
+    - ??4CModuleStringConfig@@QAEAAV0@ABV0@@Z
+    - ??4CSmartLock@@QAEAAV0@ABV0@@Z
+    - ??4CSmartLock@@QAEABV0@AAVCLockEvent@@@Z
+    - ??4CSystemThread@@QAEAAV0@ABV0@@Z
+    - ??4CUserFuncAdapterJob@@QAEAAV0@ABV0@@Z
+    - ??4CWorkerThread@@QAEAAV0@ABV0@@Z
+    - ??4CWorkerThreadJob@@QAEAAV0@ABV0@@Z
+    - ??4IMemoryAllocator@@QAEAAV0@ABV0@@Z
+    - ??_7CAutoUpdateConfigThread@@6B@
+    - ??_7CBlobConfig@@6B@
+    - ??_7CContext@@6B@
+    - ??_7CContextList@@6B@
+    - ??_7CDebugLog@@6B@
+    - ??_7CExclusionExtConfig@@6B@
+    - ??_7CExclusionFileNameConfig@@6B@
+    - ??_7CExclusionFilePathConfig@@6B@
+    - ??_7CExclusionFolderConfig@@6B@
+    - ??_7CExclusionRegistryConfig@@6B@
+    - ??_7CFile@@6B@
+    - ??_7CFileExtension@@6B@
+    - ??_7CKEvent@@6B@
+    - ??_7CList@@6B@
+    - ??_7CLockEvent@@6B@
+    - ??_7CLockList@@6B@
+    - ??_7CMemoryAllocator@@6B@
+    - ??_7CMemoryPoolAllocator@@6B@
+    - ??_7CModuleConfig@@6B@
+    - ??_7CModuleConfigList@@6B@
+    - ??_7CModuleFileExtConfig@@6B@
+    - ??_7CModuleFlagConfig@@6B@
+    - ??_7CModuleMultiStringConfig@@6B@
+    - ??_7CModuleStringConfig@@6B@
+    - ??_7CStrList@@6B@
+    - ??_7CSystemThread@@6B@
+    - ??_7CUserFuncAdapterJob@@6B@
+    - ??_7CWorkerThread@@6B@
+    - ??_7CWorkerThreadJob@@6B@
+    - ??_7CWorkerThreadJobQueue@@6B@
+    - ??_7CWorkerThreadPool@@6B@
+    - ??_7IMemoryAllocator@@6B@
+    - ??_FCContextList@@QAEXXZ
+    - ??_FCFile@@QAEXXZ
+    - ??_FCFileExtension@@QAEXXZ
+    - ??_FCModuleConfigList@@QAEXXZ
+    - ??_FCStrList@@QAEXXZ
+    - ??_FCSystemThread@@QAEXXZ
+    - ??_FCWorkerThread@@QAEXXZ
+    - ??_FCWorkerThreadJob@@QAEXXZ
+    - ??_FCWorkerThreadJobQueue@@QAEXXZ
+    - ??_U@YAPAXIPAVIMemoryAllocator@@PBDK@Z
+    - ??_V@YAXPAX@Z
+    - ?Acquire@CLockEvent@@QAEXXZ
+    - ?Add@CContextList@@QAEEPAVCContext@@@Z
+    - ?Add@CFileExtension@@QAEEPBGK@Z
+    - ?Add@CModuleConfigList@@QAEEPAVCModuleConfig@@@Z
+    - ?Add@CStrList@@QAEEPBG@Z
+    - ?AddNode@CLockList@@UAEEQAXE@Z
+    - ?Alloc@CMemoryAllocator@@UAEPAXKPBDK@Z
+    - ?Alloc@CMemoryPoolAllocator@@UAEPAXKPBDK@Z
+    - ?AllocBlock@CMemoryPoolAllocator@@IAEPAXK@Z
+    - ?AttachJobQueue@CWorkerThread@@QAEXPAVCWorkerThreadJobQueue@@@Z
+    - ?Cancel@CWorkerThreadJob@@QAEXXZ
+    - ?CheckNode@CLockList@@UAEHQAX@Z
+    - ?CleanQueue@CWorkerThreadJobQueue@@QAEXXZ
+    - ?Cleanup@CBlobConfig@@AAEXXZ
+    - ?Cleanup@CModuleFileExtConfig@@IAEXXZ
+    - ?Cleanup@CModuleMultiStringConfig@@IAEXXZ
+    - ?Cleanup@CModuleStringConfig@@AAEXXZ
+    - ?Close@CFile@@QAEJXZ
+    - ?Count@CLockList@@QAEKXZ
+    - ?Create@CFile@@QAEJPBGKKKK@Z
+    - ?Create@CSystemThread@@QAEEXZ
+    - ?CreateInstance@CMemoryAllocator@@SGPAV1@W4_POOL_TYPE@@K@Z
+    - ?CreateInstance@CMemoryPoolAllocator@@SGPAV1@W4_POOL_TYPE@@KKK@Z
+    - ?CreatePool@CWorkerThreadPool@@QAEEXZ
+    - ?CreateThreads@CWorkerThreadPool@@QAEEK@Z
+    - ?CreateWIRP@CFile@@QAEJPBGKKKK@Z
+    - ?Delete@CFile@@QAEJXZ
+    - ?Delete@CFileExtension@@QAEEPBGK@Z
+    - ?Delete@CStrList@@QAEEPBG@Z
+    - ?DeleteAll@CList@@UAEXXZ
+    - ?DeleteAll@CLockList@@UAEXXZ
+    - ?DeleteNode@CContextList@@MAEXPAX@Z
+    - ?DeleteNode@CList@@UAEXPAX@Z
+    - ?DeleteNode@CModuleConfigList@@MAEXPAX@Z
+    - ?DeleteNode@CStrList@@EAEXPAU_STR_LIST_NODE@1@@Z
+    - ?DisableWriteProtectFromCR0@@YGXPAPAX@Z
+    - ?DoIt@CWorkerThreadJob@@QAEJXZ
+    - ?EntryPoint@CSystemThread@@KGXPAX@Z
+    - ?Find@CContextList@@QAEPAVCContext@@K@Z
+    - ?Find@CContextList@@QAEPAVCContext@@PAX@Z
+    - ?Find@CFileExtension@@QAEPAU_STR_LIST_NODE@CStrList@@PBGK@Z
+    - ?Find@CModuleConfigList@@QAEPAVCModuleConfig@@K@Z
+    - ?Find@CStrList@@QAEPAU_STR_LIST_NODE@1@PBG@Z
+    - ?FindNode@CContextList@@IAEPAXPAX@Z
+    - ?FindPartiallyAndAllMatch@CStrList@@QAEPAU_STR_LIST_NODE@1@PBG@Z
+    - ?First@CList@@UAEPAXXZ
+    - ?First@CLockList@@UAEPAXXZ
+    - ?Free@CMemoryAllocator@@UAEXPAX@Z
+    - ?Free@CMemoryPoolAllocator@@UAEXPAX@Z
+    - ?GetAttributes@CFile@@QAEKXZ
+    - ?GetBasicInfomration@CFile@@IAEJXZ
+    - ?GetBlobCofig@CContext@@UAEJKPAXPAK@Z
+    - ?GetCategory@CContext@@QAEKXZ
+    - ?GetData@CBlobConfig@@QAEHPAXPAK@Z
+    - ?GetData@CModuleFileExtConfig@@QAEHPAGPAK@Z
+    - ?GetData@CModuleFileExtConfig@@QAEPAVCFileExtension@@XZ
+    - ?GetData@CModuleFlagConfig@@QAEKXZ
+    - ?GetData@CModuleMultiStringConfig@@QAEHPAGPAK@Z
+    - ?GetData@CModuleMultiStringConfig@@QAEPAVCStrList@@XZ
+    - ?GetData@CModuleStringConfig@@QAEPAGXZ
+    - ?GetData@CStrList@@QAEEPAGPAK@Z
+    - ?GetDataType@CModuleConfig@@QAEKXZ
+    - ?GetEngineContext@CContext@@QAEPAXXZ
+    - ?GetFBCallBackRoutine@CContext@@QAEKXZ
+    - ?GetFileExtensionConfig@CContext@@QAEPAVCFileExtension@@K@Z
+    - ?GetFileExtensionConfig@CContext@@UAEJKPAGPAK@Z
+    - ?GetFileSize@CFile@@QAEJPAT_LARGE_INTEGER@@@Z
+    - ?GetFlagConfig@CContext@@UAEJKPAK@Z
+    - ?GetID@CModuleConfig@@QAEKXZ
+    - ?GetJob@CWorkerThreadJobQueue@@QAEPAVCWorkerThreadJob@@XZ
+    - ?GetLength@CModuleStringConfig@@QAEKXZ
+    - ?GetLinkContext@CContext@@QAEPAXXZ
+    - ?GetLogFlag@CDebugLog@@QAEKXZ
+    - ?GetModuleId@CModuleConfig@@QAEKXZ
+    - ?GetMultiStringConfig@CContext@@QAEPAVCStrList@@K@Z
+    - ?GetMultiStringConfig@CContext@@UAEJKPAGPAK@Z
+    - ?GetOneThreadTEB@CWorkerThreadPool@@QAEPAU_ETHREAD@@XZ
+    - ?GetReportCallBackRoutine@CContext@@QAEKXZ
+    - ?GetSize@CBlobConfig@@QAEKXZ
+    - ?GetStringConfig@CContext@@QAEPAGK@Z
+    - ?GetStringConfig@CContext@@UAEJKPAGPAK@Z
+    - ?GetThreadCount@CWorkerThreadPool@@QAEKXZ
+    - ?GetThreadID@CSystemThread@@QAEKXZ
+    - ?GetType@CContext@@QAEKXZ
+    - ?GetUserParameter@CContext@@QAEKXZ
+    - ?InitializeBlobConfig@CContext@@QAEHKPAXK@Z
+    - ?InitializeFileExtensionConfig@CContext@@QAEHKPBG@Z
+    - ?InitializeFlagConfig@CContext@@QAEHKK@Z
+    - ?InitializeMultiStringConfig@CContext@@QAEHKPBG@Z
+    - ?InitializeStringConfig@CContext@@QAEHKPBG@Z
+    - ?Insert@CList@@UAEXQAXE@Z
+    - ?Insert@CLockList@@UAEXQAXE@Z
+    - ?InsertAfter@CList@@UAEXPAX0@Z
+    - ?InsertBefore@CList@@UAEXPAX0@Z
+    - ?Instance@CWorkerThreadPool@@SGPAV1@XZ
+    - ?IsEmpty@CList@@UAEEXZ
+    - ?IsEmpty@CLockList@@UAEEXZ
+    - ?IsExceedLimitation@CMemoryPoolAllocator@@IAEEK@Z
+    - ?IsFull@CLockList@@QBEEXZ
+    - ?IsInExclusionList@CExclusionExtConfig@@QAEEPBG@Z
+    - ?IsInExclusionList@CExclusionFileNameConfig@@QAEEPBG@Z
+    - ?IsInExclusionList@CExclusionFilePathConfig@@QAEEPBG@Z
+    - ?IsInExclusionList@CExclusionFolderConfig@@QAEEPBG@Z
+    - ?IsInExclusionList@CExclusionRegistryConfig@@QAEEPBG@Z
+    - ?IsOpened@CFile@@QAEEXZ
+    - ?IsTerminated@CWorkerThreadPool@@QAEEXZ
+    - ?IsValid@CMemoryAllocator@@UAEEXZ
+    - ?IsValid@CMemoryPoolAllocator@@UAEEXZ
+    - ?IsValid@IMemoryAllocator@@UAEEXZ
+    - ?IsWorkerThread@CWorkerThreadPool@@QAEEK@Z
+    - ?JobFunction@CUserFuncAdapterJob@@MAEXXZ
+    - ?JobQueue@CWorkerThreadPool@@QAEAAVCWorkerThreadJobQueue@@XZ
+    - ?Limit@CLockList@@QAEKXZ
+    - ?MatchAllExtensions@CFileExtension@@QAEEXZ
+    - ?MatchNoExtensions@CFileExtension@@QAEEXZ
+    - ?MergeLeft@CMemoryPoolAllocator@@IAEPAXPAX@Z
+    - ?MergeRight@CMemoryPoolAllocator@@IAEPAXPAX@Z
+    - ?NeedDelete@CWorkerThreadJob@@QAEEXZ
+    - ?NeedDeleteWhenFinish@CWorkerThreadJob@@QAEXE@Z
+    - ?NewNode@CList@@UAEPAXXZ
+    - ?NewNode@CStrList@@EAEPAXXZ
+    - ?NewNodeVariant@CList@@IAEPAXK@Z
+    - ?Next@CList@@UBEPAXQAX@Z
+    - ?Next@CLockList@@UBEPAXQAX@Z
+    - ?NextPool@CMemoryPoolAllocator@@QAEPAV1@XZ
+    - ?NotityTerminate@CWorkerThread@@QAEXXZ
+    - ?PostJobToWorkerThread@CWorkerThreadPool@@QAEJP6GXPAX@Z0E@Z
+    - ?Pulse@CKEvent@@QAEJJE@Z
+    - ?QueueJob@CWorkerThreadJobQueue@@QAEEPAVCWorkerThreadJob@@@Z
+    - ?QueueJobItem@CWorkerThreadPool@@QAEJPAVCWorkerThreadJob@@@Z
+    - ?RCMInstance@CWorkerThreadPool@@SGPAV1@XZ
+    - ?Read@CFile@@QAEJPADKPAK@Z
+    - ?ReferenceCount@CContext@@QAEAAKXZ
+    - ?Release@CLockEvent@@QAEXXZ
+    - ?Remove@CContextList@@UAEEQAX@Z
+    - ?Remove@CList@@UAEEQAX@Z
+    - ?Remove@CLockList@@UAEEQAX@Z
+    - ?RemoveHead@CList@@UAEPAXXZ
+    - ?RemoveHead@CLockList@@UAEPAXXZ
+    - ?RemoveTail@CList@@UAEPAXXZ
+    - ?RemoveTail@CLockList@@UAEPAXXZ
+    - ?Reset@CKEvent@@QAEXXZ
+    - ?RestoreCR0@@YGXPAX@Z
+    - ?Run@CAutoUpdateConfigThread@@UAEXXZ
+    - ?Run@CWorkerThread@@UAEXXZ
+    - ?SeekToEnd@CFile@@QAEJXZ
+    - ?Set@CKEvent@@QAEJJE@Z
+    - ?SetAttributes@CFile@@QAEJK@Z
+    - ?SetBlobCofig@CContext@@UAEJKPAXK@Z
+    - ?SetData@CBlobConfig@@QAEHPAXK@Z
+    - ?SetData@CModuleFileExtConfig@@QAEHPBG@Z
+    - ?SetData@CModuleFlagConfig@@QAEHK@Z
+    - ?SetData@CModuleMultiStringConfig@@QAEHPBG@Z
+    - ?SetData@CModuleStringConfig@@QAEHPBG@Z
+    - ?SetEngineContext@CContext@@QAEXPAX@Z
+    - ?SetFileExtensionConfig@CContext@@UAEJKPBG@Z
+    - ?SetFlagConfig@CContext@@UAEJKK@Z
+    - ?SetLinkContext@CContext@@QAEXPAX@Z
+    - ?SetLogFlag@CDebugLog@@QAEEK@Z
+    - ?SetMatchAllExtensions@CFileExtension@@QAEXE@Z
+    - ?SetMatchNoExtensions@CFileExtension@@QAEXE@Z
+    - ?SetMultiStringConfig@CContext@@UAEJKPBG@Z
+    - ?SetNewJobItemEvent@CWorkerThreadJobQueue@@QAEXXZ
+    - ?SetPriority@CSystemThread@@QAEXK@Z
+    - ?SetStopUse@CContext@@QAEXXZ
+    - ?SetStringConfig@CContext@@UAEJKPBG@Z
+    - ?Setup@CSystemThread@@MAEXXZ
+    - ?StopUse@CContext@@QAEHXZ
+    - ?TearDown@CSystemThread@@MAEXXZ
+    - ?Terminate@CSystemThread@@QAEXE@Z
+    - ?Terminate@CWorkerThreadPool@@QAEEXZ
+    - ?TmExceptionFilter@@YGJPAU_EXCEPTION_POINTERS@@@Z
+    - ?Wait@CKEvent@@QAEJPAT_LARGE_INTEGER@@E@Z
+    - ?WaitFinish@CWorkerThreadJob@@QAEXXZ
+    - ?WaitNewJobAvailable@CWorkerThreadJobQueue@@QAEEXZ
+    - ?Write@CDebugLog@@QAAXPBDZZ
+    - ?Write@CFile@@QAEJPADKPAT_LARGE_INTEGER@@PAK@Z
+    - ?WriteSystemInformation@CDebugLog@@QAEXXZ
+    - ?WriteSystemStringInformation@CDebugLog@@IAEXPBG@Z
+    - ?WriteToFile@CDebugLog@@IAEXPADK@Z
+    - ?_pNonPagedAllocator@@3PAVCMemoryAllocator@@A
+    - ?_pPagedAllocator@@3PAVCMemoryAllocator@@A
+    - ?m_lpInstance@CWorkerThreadPool@@1PAV1@A
+    - ?m_lpRCMInstance@CWorkerThreadPool@@1PAV1@A
+    - _DeInitKmLPC@0
+    - _GetModuleInfoByAddress@8
+    - _GetModuleInfoByModuleName@8
+    - _InitKmLPC@0
+    - _KmCallUm@8
+    - _ModGetExportProcAddress@8
+    - _ModLoadDLLToBuffer@4
+    - _ModLoadModule@8
+    - _ModUnLoadModule@4
+    - _NormalizeFileName@4
+    - _NormalizeFullNtPathToDosName@4
+    - _TmCommConfigRoutine@4
+    - _UtilCleanFileReadOnly@4
+    - _UtilDeleteFileForce@4
+    - _UtilGetFileObjectForProcessByEPROC@8
+    - _UtilGetFileObjectFromFileName@12
+    - _UtilGetProcessName@12
+    - _UtilGetSystemTime@4
+    - _UtilIoSetFileInfo@24
+    - _UtilIopCreateFileIRP@40
+    - _UtilKeGetLowFileDevice@16
+    - _UtilModuleIATHook@24
+    - _UtilModuleIATUnHook@8
+    - _UtilQueryKeyValue@24
+    - _UtilVolumeDeviceToDosName@8
+    - _UtilWaitValueChangeToZero@8
+    - _UtilWriteVersionToRegistry@8
+    - _UtilbuildDynamicDiskMappingTable@0
+    - __UtilDosPathNameToNtPathName@12
+    ImportedFunctions:
+    - ExReleaseFastMutexUnsafe
+    - wcsncpy
+    - memcpy
+    - wcsrchr
+    - KeSetEvent
+    - KePulseEvent
+    - KeClearEvent
+    - KeInitializeSemaphore
+    - KeWaitForSingleObject
+    - DbgPrint
+    - KeReleaseSemaphore
+    - RtlSubAuthoritySid
+    - RtlInitializeSid
+    - ExAllocatePoolWithTag
+    - RtlLengthRequiredSid
+    - ExFreePoolWithTag
+    - RtlSetDaclSecurityDescriptor
+    - RtlCreateSecurityDescriptor
+    - RtlAddAccessAllowedAce
+    - RtlCreateAcl
+    - ObfDereferenceObject
+    - ZwSetEvent
+    - ZwClose
+    - KeUnstackDetachProcess
+    - ZwRequestWaitReplyPort
+    - memmove
+    - KeStackAttachProcess
+    - ZwConnectPort
+    - RtlInitUnicodeString
+    - ZwCreateSection
+    - ZwWaitForSingleObject
+    - ZwOpenEvent
+    - ObfReferenceObject
+    - IoGetCurrentProcess
+    - memset
+    - MmIsAddressValid
+    - ZwWriteFile
+    - ZwReadFile
+    - ZwQueryInformationFile
+    - ZwSetInformationFile
+    - ZwCreateFile
+    - swprintf
+    - towupper
+    - _wcsnicmp
+    - KeInitializeEvent
+    - _snprintf
+    - PsGetCurrentProcessId
+    - RtlTimeToTimeFields
+    - ExSystemTimeToLocalTime
+    - KeQuerySystemTime
+    - ZwCreateKey
+    - ZwCreateEvent
+    - KeWaitForMultipleObjects
+    - ObReferenceObjectByHandle
+    - ZwNotifyChangeKey
+    - PsGetCurrentThreadId
+    - _vsnprintf
+    - KeSetPriorityThread
+    - PsTerminateSystemThread
+    - PsCreateSystemThread
+    - KeNumberProcessors
+    - ZwQuerySystemInformation
+    - ZwQueryDirectoryFile
+    - ZwOpenDirectoryObject
+    - ZwQueryDirectoryObject
+    - ZwDuplicateObject
+    - ZwOpenKey
+    - ZwEnumerateKey
+    - ZwEnumerateValueKey
+    - ZwQueryValueKey
+    - ZwDeleteValueKey
+    - ZwDeleteKey
+    - ExGetPreviousMode
+    - ZwTerminateProcess
+    - KeLeaveCriticalRegion
+    - PsProcessType
+    - ZwOpenProcess
+    - ZwQueryKey
+    - ZwSetValueKey
+    - IoFreeIrp
+    - _purecall
+    - MmUnlockPages
+    - IoBuildAsynchronousFsdRequest
+    - ProbeForWrite
+    - _strnicmp
+    - RtlQueryRegistryValues
+    - RtlAppendUnicodeToString
+    - KeDelayExecutionThread
+    - mbstowcs
+    - ZwQuerySymbolicLinkObject
+    - ZwOpenSymbolicLinkObject
+    - NtClose
+    - ZwSetInformationObject
+    - _stricmp
+    - ZwUnmapViewOfSection
+    - ZwMapViewOfSection
+    - ZwOpenFile
+    - RtlEqualUnicodeString
+    - IoFileObjectType
+    - IoCreateFile
+    - IofCallDriver
+    - IoAllocateIrp
+    - MmBuildMdlForNonPagedPool
+    - IoAllocateMdl
+    - PsGetVersion
+    - MmGetSystemRoutineAddress
+    - RtlCompareMemory
+    - RtlCopyUnicodeString
+    - RtlImageNtHeader
+    - PsLookupProcessByProcessId
+    - RtlFreeUnicodeString
+    - RtlAnsiStringToUnicodeString
+    - RtlInitAnsiString
+    - strrchr
+    - KeBugCheckEx
+    - RtlAppendUnicodeStringToString
+    - IofCompleteRequest
+    - ExEventObjectType
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - IoCreateSymbolicLink
+    - ProbeForRead
+    - IoGetDeviceObjectPointer
+    - RtlUpperChar
+    - RtlCompareUnicodeString
+    - strncpy
+    - KeServiceDescriptorTable
+    - NtOpenProcess
+    - ObReferenceObjectByPointer
+    - MmSectionObjectType
+    - ObQueryNameString
+    - ObOpenObjectByName
+    - IoDriverObjectType
+    - NtQueryInformationProcess
+    - _snwprintf
+    - KeAddSystemServiceTable
+    - ZwQueryObject
+    - ZwQuerySecurityObject
+    - ObInsertObject
+    - _allrem
+    - IoReleaseVpbSpinLock
+    - IoAcquireVpbSpinLock
+    - SeCreateAccessState
+    - IoGetFileObjectGenericMapping
+    - ObCreateObject
+    - KeTickCount
+    - RtlUnwind
+    - KeEnterCriticalRegion
+    - ObOpenObjectByPointer
+    - ExAcquireFastMutexUnsafe
+    - ZwSetSecurityObject
+    - IoDeviceObjectType
+    - IoCreateDevice
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetSaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - RtlLengthSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - SeExports
+    - IoIsWdmVersionAvailable
+    - RtlLengthSid
+    - wcschr
+    - RtlAbsoluteToSelfRelativeSD
+    - IoFreeMdl
+    - KeGetCurrentThread
+    - KfLowerIrql
+    - KeRaiseIrqlToDpcLevel
+    - ClassInitialize
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=TW, ST=Taiwan, L=Taipei, O=Trend Micro, Inc., OU=Digital ID
+                Class 3 , Microsoft Software Validation v2, OU=RD, CN=Trend Micro,
+                Inc.
+            ValidFrom: '2008-01-16 00:00:00'
+            ValidTo: '2011-02-16 23:59:59'
+            Signature: 5a693868cea6ba49064b801a0d9e12887a37cbb92cca2950cc5e99c2df9aec5697422e67cd042836daf09a09e739f625255841fed1ec9657cb8b3edc08c55c302574cbdb3f7de2798ed769d766402619b48041f9d90f8c904488788412b1c632055e1afc4a5bbac642cb626bd20fece0feaa6cf9b287887788cf64586309a14a644b5f0595c0ddcb7d789831faedb48451e40e342da4ccbc38a5e992e57e7ce5328d531a8c68e61f9dc9be65605c1bedf3358579000b91a19b3be388bac36b58ca76b72358bd8e74e0a7b08b0587bb7a29758c01af40b80e8e72c76abd3a2babfe7c1ed6e7b1cd9b0221a605062b6d9d0ceb57e0eb305fdc5eb5bf6ea442f4c9
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 645212f783f4d7aba3555729e99ce065
+            Version: 3
+            TBS:
+                MD5: e00f0a38c65f7c0b9f19b97448d6a0e3
+                SHA1: 91c033a2f289418c4101654dceacef1b25bb55d0
+                SHA256: 38b3fcbdb734b0e3439f3c9a3c4c1712091f577d2b616d41224137faf7ba7c86
+                SHA384: d3a0e6ebbe1b8a4847fa56fa62a48d76fc223870a66d30de9ce77fe5ff4ac0eeb84644ab4b67a7c4638ce79dec03a62d
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 645212f783f4d7aba3555729e99ce065
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 2c7538db9e2150b157db62468368078c
+        SHA1: 1a6a54134b5ce1388022fe473d7c6e62378f141f
+        SHA256: 959224dcc6d4785f77422ee227d14464e7b63c0f034b04c474ee3b9ef658eaeb
+    Sections:
+        .text:
+            Entropy: 6.635135458762093
+            Virtual Size: '0x1a503'
+        .rdata:
+            Entropy: 4.677702259472289
+            Virtual Size: '0x13bc'
+        .data:
+            Entropy: 3.931329302873345
+            Virtual Size: '0x16b4'
+        PAGE:
+            Entropy: 6.237052175474803
+            Virtual Size: '0x13dd'
+        .edata:
+            Entropy: 5.745177150203967
+            Virtual Size: '0x41dd'
+        INIT:
+            Entropy: 5.626152938599922
+            Virtual Size: '0x10f8'
+        .rsrc:
+            Entropy: 3.4038881368671845
+            Virtual Size: '0x4b0'
+        .reloc:
+            Entropy: 6.395300918196204
+            Virtual Size: '0x1b14'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2009-07-06 00:10:25'
+    Imphash: fa084cdc36f03f1aeddaa3450e2781b1
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: TmComm.sys
+    MD5: d6b259b2dfe80bdf4d026063accd752c
+    SHA1: 0adc1320421f02f2324e764aa344018758514436
+    SHA256: ee3ff12943ced401e2b6df9e66e8a0be8e449fa9326cab241f471b2d8ffefdd7
+    Authentihash:
+        MD5: 451feb7fca0b5d5816babd65d34074c4
+        SHA1: 84913e5e61158fa8ff45dffb4e60cd589a9e69a9
+        SHA256: 03192bacd96989bad4181609295764f61a86d2ec9f7918a90a219e674ae3097f
+    Description: TrendMicro Common Module
+    Company: Trend Micro Inc.
+    InternalName: TmComm.sys
+    OriginalFilename: TmComm.sys
+    FileVersion: 7.0.0.1099
+    Product: Trend Micro Eyes
+    ProductVersion: '7.0'
+    Copyright: Copyright  (C)  2016 Trend Micro Incorporated. All rights reserved.
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions:
+    - ??0CAutoUpdateConfigThread@@QEAA@AEBV0@@Z
+    - ??0CAutoUpdateConfigThread@@QEAA@PEAU_UNICODE_STRING@@P6AX0PEAX@Z1@Z
+    - ??0CBlobConfig@@QEAA@AEBV0@@Z
+    - ??0CBlobConfig@@QEAA@K@Z
+    - ??0CContext@@QEAA@AEBV0@@Z
+    - ??0CContext@@QEAA@KP6AJPEAU_EVENT_REPORT@@PEAXPEAU_TMCE_REPORT@@PEAU_TMCE_FEEDBACK@@@Z1K@Z
+    - ??0CContextList@@QEAA@AEBV0@@Z
+    - ??0CContextList@@QEAA@KPEAVIMemoryAllocator@@@Z
+    - ??0CDebugLog@@QEAA@AEBV0@@Z
+    - ??0CDebugLog@@QEAA@PEBG@Z
+    - ??0CDebugLogEx@@QEAA@AEBV0@@Z
+    - ??0CDebugLogEx@@QEAA@K@Z
+    - ??0CDelayLoadThread@@QEAA@AEBV0@@Z
+    - ??0CDelayLoadThread@@QEAA@XZ
+    - ??0CExclusionExtConfig@@QEAA@AEBV0@@Z
+    - ??0CExclusionExtConfig@@QEAA@KKE@Z
+    - ??0CExclusionFileNameConfig@@QEAA@AEBV0@@Z
+    - ??0CExclusionFileNameConfig@@QEAA@KK@Z
+    - ??0CExclusionFilePathConfig@@QEAA@AEBV0@@Z
+    - ??0CExclusionFilePathConfig@@QEAA@KK@Z
+    - ??0CExclusionFolderConfig@@QEAA@AEBV0@@Z
+    - ??0CExclusionFolderConfig@@QEAA@KK@Z
+    - ??0CExclusionRegistryConfig@@QEAA@AEBV0@@Z
+    - ??0CExclusionRegistryConfig@@QEAA@KK@Z
+    - ??0CFile@@QEAA@AEBV0@@Z
+    - ??0CFile@@QEAA@E@Z
+    - ??0CFileExtension@@QEAA@AEBV0@@Z
+    - ??0CFileExtension@@QEAA@KEEPEAVIMemoryAllocator@@@Z
+    - ??0CInclusionExtConfig@@QEAA@AEBV0@@Z
+    - ??0CInclusionExtConfig@@QEAA@KKE@Z
+    - ??0CInclusionFileNameConfig@@QEAA@AEBV0@@Z
+    - ??0CInclusionFileNameConfig@@QEAA@KK@Z
+    - ??0CInclusionFilePathConfig@@QEAA@AEBV0@@Z
+    - ??0CInclusionFilePathConfig@@QEAA@KK@Z
+    - ??0CInclusionFolderConfig@@QEAA@AEBV0@@Z
+    - ??0CInclusionFolderConfig@@QEAA@KK@Z
+    - ??0CKEvent@@QEAA@AEBV0@@Z
+    - ??0CKEvent@@QEAA@W4_EVENT_TYPE@@E@Z
+    - ??0CList@@QEAA@AEBV0@@Z
+    - ??0CList@@QEAA@KPEAVIMemoryAllocator@@@Z
+    - ??0CLockEvent@@QEAA@AEBV0@@Z
+    - ??0CLockEvent@@QEAA@XZ
+    - ??0CLockList@@QEAA@AEBV0@@Z
+    - ??0CLockList@@QEAA@KKPEAVIMemoryAllocator@@@Z
+    - ??0CMemoryAllocator@@IEAA@W4_POOL_TYPE@@K@Z
+    - ??0CMemoryAllocator@@QEAA@AEBV0@@Z
+    - ??0CMemoryPoolAllocator@@IEAA@W4_POOL_TYPE@@_K1K@Z
+    - ??0CMemoryPoolAllocator@@QEAA@AEBV0@@Z
+    - ??0CModuleConfig@@QEAA@AEBV0@@Z
+    - ??0CModuleConfig@@QEAA@XZ
+    - ??0CModuleConfigList@@QEAA@AEBV0@@Z
+    - ??0CModuleConfigList@@QEAA@KPEAVIMemoryAllocator@@@Z
+    - ??0CModuleFileExtConfig@@QEAA@AEBV0@@Z
+    - ??0CModuleFileExtConfig@@QEAA@KKE@Z
+    - ??0CModuleFlagConfig@@QEAA@AEBV0@@Z
+    - ??0CModuleFlagConfig@@QEAA@K@Z
+    - ??0CModuleMultiStringConfig@@QEAA@AEBV0@@Z
+    - ??0CModuleMultiStringConfig@@QEAA@KK@Z
+    - ??0CModuleStringConfig@@QEAA@AEBV0@@Z
+    - ??0CModuleStringConfig@@QEAA@K@Z
+    - ??0CNoLockList@@QEAA@AEBV0@@Z
+    - ??0CNoLockList@@QEAA@KKPEAVIMemoryAllocator@@@Z
+    - ??0CSmartLock@@QEAA@AEAVCLockEvent@@@Z
+    - ??0CSmartLock@@QEAA@XZ
+    - ??0CSmartReference@@QEAA@AEAJ@Z
+    - ??0CSmartReference@@QEAA@AEAK@Z
+    - ??0CSmartResource@@QEAA@AEAVCResource@@E@Z
+    - ??0CStrList@@QEAA@AEBV0@@Z
+    - ??0CStrList@@QEAA@KPEAVIMemoryAllocator@@@Z
+    - ??0CSystemThread@@QEAA@AEBV0@@Z
+    - ??0CSystemThread@@QEAA@K@Z
+    - ??0CUserFuncAdapterJob@@QEAA@AEBV0@@Z
+    - ??0CUserFuncAdapterJob@@QEAA@P6AXPEAX@Z01@Z
+    - ??0CWorkerThread@@IEAA@PEAVCWorkerThreadJobQueue@@@Z
+    - ??0CWorkerThread@@QEAA@AEBV0@@Z
+    - ??0CWorkerThreadJob@@QEAA@AEBV0@@Z
+    - ??0CWorkerThreadJob@@QEAA@E@Z
+    - ??0CWorkerThreadJobQueue@@QEAA@AEBV0@@Z
+    - ??0CWorkerThreadJobQueue@@QEAA@K@Z
+    - ??0CWorkerThreadPool@@QEAA@AEBV0@@Z
+    - ??0CWorkerThreadPool@@QEAA@K@Z
+    - ??0CWorkerThreadPoolEx@@QEAA@AEBV0@@Z
+    - ??0CWorkerThreadPoolEx@@QEAA@KK@Z
+    - ??0IMemoryAllocator@@QEAA@AEBV0@@Z
+    - ??0IMemoryAllocator@@QEAA@XZ
+    - ??1CAutoUpdateConfigThread@@UEAA@XZ
+    - ??1CBlobConfig@@UEAA@XZ
+    - ??1CContext@@UEAA@XZ
+    - ??1CContextList@@UEAA@XZ
+    - ??1CDebugLog@@UEAA@XZ
+    - ??1CDebugLogEx@@UEAA@XZ
+    - ??1CDelayLoadThread@@UEAA@XZ
+    - ??1CExclusionExtConfig@@UEAA@XZ
+    - ??1CExclusionFileNameConfig@@UEAA@XZ
+    - ??1CExclusionFilePathConfig@@UEAA@XZ
+    - ??1CExclusionFolderConfig@@UEAA@XZ
+    - ??1CExclusionRegistryConfig@@UEAA@XZ
+    - ??1CFile@@UEAA@XZ
+    - ??1CFileExtension@@UEAA@XZ
+    - ??1CInclusionExtConfig@@UEAA@XZ
+    - ??1CInclusionFileNameConfig@@UEAA@XZ
+    - ??1CInclusionFilePathConfig@@UEAA@XZ
+    - ??1CInclusionFolderConfig@@UEAA@XZ
+    - ??1CKEvent@@UEAA@XZ
+    - ??1CList@@UEAA@XZ
+    - ??1CLockEvent@@UEAA@XZ
+    - ??1CLockList@@UEAA@XZ
+    - ??1CMemoryAllocator@@UEAA@XZ
+    - ??1CMemoryPoolAllocator@@UEAA@XZ
+    - ??1CModuleConfig@@UEAA@XZ
+    - ??1CModuleConfigList@@UEAA@XZ
+    - ??1CModuleFileExtConfig@@UEAA@XZ
+    - ??1CModuleFlagConfig@@UEAA@XZ
+    - ??1CModuleMultiStringConfig@@UEAA@XZ
+    - ??1CModuleStringConfig@@UEAA@XZ
+    - ??1CNoLockList@@UEAA@XZ
+    - ??1CSmartLock@@QEAA@XZ
+    - ??1CSmartReference@@QEAA@XZ
+    - ??1CSmartResource@@QEAA@XZ
+    - ??1CStrList@@UEAA@XZ
+    - ??1CSystemThread@@UEAA@XZ
+    - ??1CUserFuncAdapterJob@@UEAA@XZ
+    - ??1CWorkerThread@@UEAA@XZ
+    - ??1CWorkerThreadJob@@UEAA@XZ
+    - ??1CWorkerThreadJobQueue@@UEAA@XZ
+    - ??1CWorkerThreadPool@@UEAA@XZ
+    - ??1CWorkerThreadPoolEx@@UEAA@XZ
+    - ??1IMemoryAllocator@@UEAA@XZ
+    - ??2@YAPEAX_KPEAVIMemoryAllocator@@PEBDK@Z
+    - ??2CMemoryAllocator@@SAPEAX_K@Z
+    - ??2CMemoryPoolAllocator@@SAPEAX_K@Z
+    - ??3@YAXPEAX@Z
+    - ??3@YAXPEAX_K@Z
+    - ??3IMemoryAllocator@@SAXPEAX@Z
+    - ??4CAutoUpdateConfigThread@@QEAAAEAV0@AEBV0@@Z
+    - ??4CBlobConfig@@QEAAAEAV0@AEBV0@@Z
+    - ??4CContext@@QEAAAEAV0@AEBV0@@Z
+    - ??4CDebugLog@@QEAAAEAV0@AEBV0@@Z
+    - ??4CDebugLogEx@@QEAAAEAV0@AEBV0@@Z
+    - ??4CDelayLoadThread@@QEAAAEAV0@AEBV0@@Z
+    - ??4CFile@@QEAAAEAV0@AEBV0@@Z
+    - ??4CKEvent@@QEAAAEAV0@AEBV0@@Z
+    - ??4CLockEvent@@QEAAAEAV0@AEBV0@@Z
+    - ??4CMemoryAllocator@@QEAAAEAV0@AEBV0@@Z
+    - ??4CMemoryPoolAllocator@@QEAAAEAV0@AEBV0@@Z
+    - ??4CModuleConfig@@QEAAAEAV0@AEBV0@@Z
+    - ??4CModuleFlagConfig@@QEAAAEAV0@AEBV0@@Z
+    - ??4CModuleStringConfig@@QEAAAEAV0@AEBV0@@Z
+    - ??4CSmartLock@@QEAAAEAV0@AEBV0@@Z
+    - ??4CSmartLock@@QEAAAEBV0@AEAVCLockEvent@@@Z
+    - ??4CSmartResource@@QEAAAEAV0@AEBV0@@Z
+    - ??4CSystemThread@@QEAAAEAV0@AEBV0@@Z
+    - ??4CUserFuncAdapterJob@@QEAAAEAV0@AEBV0@@Z
+    - ??4CWorkerThread@@QEAAAEAV0@AEBV0@@Z
+    - ??4CWorkerThreadJob@@QEAAAEAV0@AEBV0@@Z
+    - ??4IMemoryAllocator@@QEAAAEAV0@AEBV0@@Z
+    - ??_7CAutoUpdateConfigThread@@6B@
+    - ??_7CBlobConfig@@6B@
+    - ??_7CContext@@6B@
+    - ??_7CContextList@@6B@
+    - ??_7CDebugLog@@6B@
+    - ??_7CDebugLogEx@@6B@
+    - ??_7CDelayLoadThread@@6B@
+    - ??_7CExclusionExtConfig@@6B@
+    - ??_7CExclusionFileNameConfig@@6B@
+    - ??_7CExclusionFilePathConfig@@6B@
+    - ??_7CExclusionFolderConfig@@6B@
+    - ??_7CExclusionRegistryConfig@@6B@
+    - ??_7CFile@@6B@
+    - ??_7CFileExtension@@6B@
+    - ??_7CInclusionExtConfig@@6B@
+    - ??_7CInclusionFileNameConfig@@6B@
+    - ??_7CInclusionFilePathConfig@@6B@
+    - ??_7CInclusionFolderConfig@@6B@
+    - ??_7CKEvent@@6B@
+    - ??_7CList@@6B@
+    - ??_7CLockEvent@@6B@
+    - ??_7CLockList@@6B@
+    - ??_7CMemoryAllocator@@6B@
+    - ??_7CMemoryPoolAllocator@@6B@
+    - ??_7CModuleConfig@@6B@
+    - ??_7CModuleConfigList@@6B@
+    - ??_7CModuleFileExtConfig@@6B@
+    - ??_7CModuleFlagConfig@@6B@
+    - ??_7CModuleMultiStringConfig@@6B@
+    - ??_7CModuleStringConfig@@6B@
+    - ??_7CNoLockList@@6B@
+    - ??_7CStrList@@6B@
+    - ??_7CSystemThread@@6B@
+    - ??_7CUserFuncAdapterJob@@6B@
+    - ??_7CWorkerThread@@6B@
+    - ??_7CWorkerThreadJob@@6B@
+    - ??_7CWorkerThreadJobQueue@@6B@
+    - ??_7CWorkerThreadPool@@6B@
+    - ??_7CWorkerThreadPoolEx@@6B@
+    - ??_7IMemoryAllocator@@6B@
+    - ??_FCContextList@@QEAAXXZ
+    - ??_FCFile@@QEAAXXZ
+    - ??_FCFileExtension@@QEAAXXZ
+    - ??_FCModuleConfigList@@QEAAXXZ
+    - ??_FCStrList@@QEAAXXZ
+    - ??_FCSystemThread@@QEAAXXZ
+    - ??_FCWorkerThread@@QEAAXXZ
+    - ??_FCWorkerThreadJob@@QEAAXXZ
+    - ??_FCWorkerThreadJobQueue@@QEAAXXZ
+    - ??_U@YAPEAX_KPEAVIMemoryAllocator@@PEBDK@Z
+    - ??_V@YAXPEAX@Z
+    - ??_V@YAXPEAX_K@Z
+    - ?Acquire@CLockEvent@@QEAAXXZ
+    - ?Add@CContextList@@QEAAEPEAVCContext@@@Z
+    - ?Add@CFileExtension@@QEAAEPEBGK@Z
+    - ?Add@CModuleConfigList@@QEAAEPEAVCModuleConfig@@@Z
+    - ?Add@CStrList@@QEAAEPEBG@Z
+    - ?AddNode@CLockList@@UEAAEQEAXE@Z
+    - ?AddNode@CNoLockList@@UEAAEQEAXE@Z
+    - ?Alloc@CMemoryAllocator@@UEAAPEAX_KPEBDK@Z
+    - ?Alloc@CMemoryPoolAllocator@@UEAAPEAX_KPEBDK@Z
+    - ?AllocBlock@CMemoryPoolAllocator@@IEAAPEAX_K@Z
+    - ?AttachJobQueue@CWorkerThread@@QEAAXPEAVCWorkerThreadJobQueue@@@Z
+    - ?Cancel@CWorkerThreadJob@@QEAAXXZ
+    - ?CheckNode@CLockList@@UEAAHQEAX@Z
+    - ?CheckNode@CNoLockList@@UEAAHQEAX@Z
+    - ?CleanQueue@CWorkerThreadJobQueue@@QEAAXXZ
+    - ?Cleanup@CBlobConfig@@AEAAXXZ
+    - ?Cleanup@CModuleFileExtConfig@@IEAAXXZ
+    - ?Cleanup@CModuleMultiStringConfig@@IEAAXXZ
+    - ?Cleanup@CModuleStringConfig@@AEAAXXZ
+    - ?Close@CFile@@QEAAJXZ
+    - ?Count@CLockList@@QEAAKXZ
+    - ?Count@CNoLockList@@QEAAKXZ
+    - ?Create@CFile@@QEAAJPEBGKKKK@Z
+    - ?Create@CSystemThread@@QEAAEXZ
+    - ?CreateInstance@CMemoryAllocator@@SAPEAV1@W4_POOL_TYPE@@K@Z
+    - ?CreateInstance@CMemoryPoolAllocator@@SAPEAV1@W4_POOL_TYPE@@_K1K@Z
+    - ?CreatePool@CWorkerThreadPool@@QEAAEXZ
+    - ?CreatePool@CWorkerThreadPoolEx@@QEAAEXZ
+    - ?CreateThreads@CWorkerThreadPool@@QEAAEK@Z
+    - ?CreateThreads@CWorkerThreadPoolEx@@QEAAEK@Z
+    - ?CreateWIRP@CFile@@QEAAJPEBGKKKK@Z
+    - ?Delete@CFile@@QEAAJXZ
+    - ?Delete@CFileExtension@@QEAAEPEBGK@Z
+    - ?Delete@CStrList@@QEAAEPEBG@Z
+    - ?DeleteAll@CList@@UEAAXXZ
+    - ?DeleteAll@CLockList@@UEAAXXZ
+    - ?DeleteAll@CNoLockList@@UEAAXXZ
+    - ?DeleteNode@CContextList@@MEAAXPEAX@Z
+    - ?DeleteNode@CList@@UEAAXPEAX@Z
+    - ?DeleteNode@CModuleConfigList@@MEAAXPEAX@Z
+    - ?DeleteNode@CStrList@@EEAAXPEAU_STR_LIST_NODE@1@@Z
+    - ?DisableWriteProtectFromCR0@@YAXPEAPEAX@Z
+    - ?DoIt@CWorkerThreadJob@@QEAAJXZ
+    - ?EntryPoint@CSystemThread@@KAXPEAX@Z
+    - ?Find@CContextList@@QEAAPEAVCContext@@K@Z
+    - ?Find@CContextList@@QEAAPEAVCContext@@PEAX@Z
+    - ?Find@CFileExtension@@QEAAPEAU_STR_LIST_NODE@CStrList@@PEBGK@Z
+    - ?Find@CModuleConfigList@@QEAAPEAVCModuleConfig@@K@Z
+    - ?Find@CStrList@@QEAAPEAU_STR_LIST_NODE@1@PEBG@Z
+    - ?FindNode@CContextList@@IEAAPEAXPEAX@Z
+    - ?FindPartiallyAndAllMatch@CStrList@@QEAAPEAU_STR_LIST_NODE@1@PEBG@Z
+    - ?FinishFunction@CUserFuncAdapterJob@@MEAAXXZ
+    - ?FinishIt@CWorkerThreadJob@@QEAAJXZ
+    - ?First@CList@@UEAAPEAXXZ
+    - ?First@CLockList@@UEAAPEAXXZ
+    - ?First@CNoLockList@@UEAAPEAXXZ
+    - ?Free@CMemoryAllocator@@UEAAXPEAX@Z
+    - ?Free@CMemoryPoolAllocator@@UEAAXPEAX@Z
+    - ?GetAttributes@CFile@@QEAAKXZ
+    - ?GetBasicInfomration@CFile@@IEAAJXZ
+    - ?GetBlobCofig@CContext@@UEAAJKPEAXPEAK@Z
+    - ?GetCategory@CContext@@QEAAKXZ
+    - ?GetData@CBlobConfig@@QEAAHPEAXPEAK@Z
+    - ?GetData@CModuleFileExtConfig@@QEAAHPEAGPEAK@Z
+    - ?GetData@CModuleFileExtConfig@@QEAAPEAVCFileExtension@@XZ
+    - ?GetData@CModuleFlagConfig@@QEAAKXZ
+    - ?GetData@CModuleMultiStringConfig@@QEAAHPEAGPEAK@Z
+    - ?GetData@CModuleMultiStringConfig@@QEAAPEAVCStrList@@XZ
+    - ?GetData@CModuleStringConfig@@QEAAPEAGXZ
+    - ?GetData@CStrList@@QEAAEPEAGPEAK@Z
+    - ?GetDataType@CModuleConfig@@QEAAKXZ
+    - ?GetEngineContext@CContext@@QEAAPEAXXZ
+    - ?GetFileExtensionConfig@CContext@@QEAAPEAVCFileExtension@@K@Z
+    - ?GetFileExtensionConfig@CContext@@UEAAJKPEAGPEAK@Z
+    - ?GetFileSize@CFile@@QEAAJPEAT_LARGE_INTEGER@@@Z
+    - ?GetFileSizeWIRP@CFile@@QEAAJPEAT_LARGE_INTEGER@@@Z
+    - ?GetFlagConfig@CContext@@UEAAJKPEAK@Z
+    - ?GetID@CModuleConfig@@QEAAKXZ
+    - ?GetJob@CWorkerThreadJobQueue@@QEAAPEAVCWorkerThreadJob@@XZ
+    - ?GetLength@CModuleStringConfig@@QEAAKXZ
+    - ?GetLinkContext@CContext@@QEAAPEAXXZ
+    - ?GetLogFlag@CDebugLog@@QEAAKXZ
+    - ?GetLogFlag@CDebugLogEx@@QEAAKXZ
+    - ?GetModuleId@CModuleConfig@@QEAAKXZ
+    - ?GetMultiStringConfig@CContext@@QEAAPEAVCStrList@@K@Z
+    - ?GetMultiStringConfig@CContext@@UEAAJKPEAGPEAK@Z
+    - ?GetOneThreadTEB@CWorkerThreadPool@@QEAAPEAU_ETHREAD@@XZ
+    - ?GetOneThreadTEB@CWorkerThreadPool@@QEAAPEAU_KTHREAD@@XZ
+    - ?GetOneThreadTEB@CWorkerThreadPoolEx@@QEAAPEAU_ETHREAD@@XZ
+    - ?GetOneThreadTEB@CWorkerThreadPoolEx@@QEAAPEAU_KTHREAD@@XZ
+    - ?GetReportCallBackRoutine@CContext@@QEAA_KXZ
+    - ?GetSize@CBlobConfig@@QEAAKXZ
+    - ?GetStringConfig@CContext@@QEAAPEAGK@Z
+    - ?GetStringConfig@CContext@@UEAAJKPEAGPEAK@Z
+    - ?GetThreadCount@CWorkerThreadPool@@QEAAKXZ
+    - ?GetThreadCount@CWorkerThreadPoolEx@@QEAAKXZ
+    - ?GetThreadID@CSystemThread@@QEAA_KXZ
+    - ?GetType@CContext@@QEAAKXZ
+    - ?GetUserParameter@CContext@@QEAA_KXZ
+    - ?InitProcMon@CDebugLogEx@@IEAAXXZ
+    - ?InitializeBlobConfig@CContext@@QEAAHKPEAXK@Z
+    - ?InitializeFileExtensionConfig@CContext@@QEAAHKPEBG@Z
+    - ?InitializeFlagConfig@CContext@@QEAAHKK@Z
+    - ?InitializeMultiStringConfig@CContext@@QEAAHKPEBG@Z
+    - ?InitializeStringConfig@CContext@@QEAAHKPEBG@Z
+    - ?Insert@CList@@UEAAXQEAXE@Z
+    - ?Insert@CLockList@@UEAAXQEAXE@Z
+    - ?Insert@CNoLockList@@UEAAXQEAXE@Z
+    - ?InsertAfter@CList@@UEAAXPEAX0@Z
+    - ?InsertBefore@CList@@UEAAXPEAX0@Z
+    - ?Instance@CWorkerThreadPool@@SAPEAV1@XZ
+    - ?IsEmpty@CList@@UEAAEXZ
+    - ?IsEmpty@CLockList@@UEAAEXZ
+    - ?IsEmpty@CNoLockList@@UEAAEXZ
+    - ?IsExceedLimitation@CMemoryPoolAllocator@@IEAAEK@Z
+    - ?IsFull@CLockList@@QEBAEXZ
+    - ?IsFull@CNoLockList@@QEBAEXZ
+    - ?IsInExclusionList@CExclusionExtConfig@@QEAAEPEBG@Z
+    - ?IsInExclusionList@CExclusionFileNameConfig@@QEAAEPEBG@Z
+    - ?IsInExclusionList@CExclusionFilePathConfig@@QEAAEPEBG@Z
+    - ?IsInExclusionList@CExclusionFolderConfig@@QEAAEPEBG@Z
+    - ?IsInExclusionList@CExclusionRegistryConfig@@QEAAEPEBG@Z
+    - ?IsInInclusionList@CInclusionExtConfig@@QEAAEPEBG@Z
+    - ?IsInInclusionList@CInclusionFileNameConfig@@QEAAEPEBG@Z
+    - ?IsInInclusionList@CInclusionFilePathConfig@@QEAAEPEBG@Z
+    - ?IsInInclusionList@CInclusionFolderConfig@@QEAAEPEBG@Z
+    - ?IsOpened@CFile@@QEAAEXZ
+    - ?IsTerminated@CWorkerThreadPool@@QEAAEXZ
+    - ?IsTerminated@CWorkerThreadPoolEx@@QEAAEXZ
+    - ?IsValid@CMemoryAllocator@@UEAAEXZ
+    - ?IsValid@CMemoryPoolAllocator@@UEAAEXZ
+    - ?IsValid@IMemoryAllocator@@UEAAEXZ
+    - ?IsWorkerThread@CWorkerThreadPool@@QEAAE_K@Z
+    - ?IsWorkerThread@CWorkerThreadPoolEx@@QEAAE_K@Z
+    - ?JobFunction@CUserFuncAdapterJob@@MEAAXXZ
+    - ?JobQueue@CWorkerThreadPool@@QEAAAEAVCWorkerThreadJobQueue@@XZ
+    - ?JobQueue@CWorkerThreadPoolEx@@QEAAAEAVCWorkerThreadJobQueue@@XZ
+    - ?Limit@CLockList@@QEAAKXZ
+    - ?Limit@CNoLockList@@QEAAKXZ
+    - ?MatchAllExtensions@CFileExtension@@QEAAEXZ
+    - ?MatchNoExtensions@CFileExtension@@QEAAEXZ
+    - ?MergeLeft@CMemoryPoolAllocator@@IEAAPEAXPEAX@Z
+    - ?MergeRight@CMemoryPoolAllocator@@IEAAPEAXPEAX@Z
+    - ?NeedDelete@CWorkerThreadJob@@QEAAEXZ
+    - ?NeedDeleteWhenFinish@CWorkerThreadJob@@QEAAXE@Z
+    - ?NewNode@CList@@UEAAPEAXXZ
+    - ?NewNode@CStrList@@EEAAPEAXXZ
+    - ?NewNodeVariant@CList@@IEAAPEAXK@Z
+    - ?Next@CList@@UEBAPEAXQEAX@Z
+    - ?Next@CLockList@@UEBAPEAXQEAX@Z
+    - ?Next@CNoLockList@@UEBAPEAXQEAX@Z
+    - ?NextPool@CMemoryPoolAllocator@@QEAAPEAV1@XZ
+    - ?NotityTerminate@CWorkerThread@@QEAAXXZ
+    - ?PostJobToWorkerThread@CWorkerThreadPool@@QEAAJP6AXPEAX@Z0E@Z
+    - ?PostJobToWorkerThread@CWorkerThreadPoolEx@@QEAAJP6AXPEAX@Z0E1@Z
+    - ?Pulse@CKEvent@@QEAAJJE@Z
+    - ?QueueJob@CWorkerThreadJobQueue@@QEAAEPEAVCWorkerThreadJob@@@Z
+    - ?QueueJobItem@CWorkerThreadPool@@QEAAJPEAVCWorkerThreadJob@@@Z
+    - ?QueueJobItem@CWorkerThreadPoolEx@@QEAAJPEAVCWorkerThreadJob@@@Z
+    - ?RCMInstance@CWorkerThreadPool@@SAPEAV1@XZ
+    - ?Read@CFile@@QEAAJPEADKPEAK@Z
+    - ?ReadWIRP@CFile@@QEAAJPEADKPEAK@Z
+    - ?ReferenceCount@CContext@@QEAAAEAKXZ
+    - ?Release@CLockEvent@@QEAAXXZ
+    - ?Remove@CContextList@@UEAAEQEAX@Z
+    - ?Remove@CList@@UEAAEQEAX@Z
+    - ?Remove@CLockList@@UEAAEQEAX@Z
+    - ?Remove@CNoLockList@@UEAAEQEAX@Z
+    - ?RemoveHead@CList@@UEAAPEAXXZ
+    - ?RemoveHead@CLockList@@UEAAPEAXXZ
+    - ?RemoveHead@CNoLockList@@UEAAPEAXXZ
+    - ?RemoveTail@CList@@UEAAPEAXXZ
+    - ?RemoveTail@CLockList@@UEAAPEAXXZ
+    - ?RemoveTail@CNoLockList@@UEAAPEAXXZ
+    - ?Reset@CKEvent@@QEAAXXZ
+    - ?ResetData@CInclusionExtConfig@@QEAAXXZ
+    - ?ResetData@CInclusionFileNameConfig@@QEAAXXZ
+    - ?ResetData@CInclusionFilePathConfig@@QEAAXXZ
+    - ?ResetData@CInclusionFolderConfig@@QEAAXXZ
+    - ?RestoreCR0@@YAXPEAX@Z
+    - ?Run@CAutoUpdateConfigThread@@UEAAXXZ
+    - ?Run@CDelayLoadThread@@UEAAXXZ
+    - ?Run@CWorkerThread@@UEAAXXZ
+    - ?SeekToEnd@CFile@@QEAAJXZ
+    - ?Set@CKEvent@@QEAAJJE@Z
+    - ?SetAttributes@CFile@@QEAAJK@Z
+    - ?SetBlobCofig@CContext@@UEAAJKPEAXK@Z
+    - ?SetData@CBlobConfig@@QEAAHPEAXK@Z
+    - ?SetData@CModuleFileExtConfig@@QEAAHPEBG@Z
+    - ?SetData@CModuleFlagConfig@@QEAAHK@Z
+    - ?SetData@CModuleMultiStringConfig@@QEAAHPEBGK@Z
+    - ?SetData@CModuleStringConfig@@QEAAHPEBG@Z
+    - ?SetEngineContext@CContext@@QEAAXPEAX@Z
+    - ?SetFileExtensionConfig@CContext@@UEAAJKPEBG@Z
+    - ?SetFlagConfig@CContext@@UEAAJKK@Z
+    - ?SetLinkContext@CContext@@QEAAXPEAX@Z
+    - ?SetLogFlag@CDebugLog@@QEAAEK@Z
+    - ?SetLogFlag@CDebugLogEx@@QEAAEK@Z
+    - ?SetMatchAllExtensions@CFileExtension@@QEAAXE@Z
+    - ?SetMatchNoExtensions@CFileExtension@@QEAAXE@Z
+    - ?SetMultiStringConfig@CContext@@UEAAJKPEBG@Z
+    - ?SetNewJobItemEvent@CWorkerThreadJobQueue@@QEAAXXZ
+    - ?SetPriority@CSystemThread@@QEAAXK@Z
+    - ?SetStopUse@CContext@@QEAAXXZ
+    - ?SetStringConfig@CContext@@UEAAJKPEBG@Z
+    - ?Setup@CSystemThread@@MEAAXXZ
+    - ?StopUse@CContext@@QEAAHXZ
+    - ?TearDown@CSystemThread@@MEAAXXZ
+    - ?Terminate@CSystemThread@@QEAAXE@Z
+    - ?Terminate@CWorkerThreadPool@@QEAAEXZ
+    - ?Terminate@CWorkerThreadPoolEx@@QEAAEXZ
+    - ?TmExceptionFilter@@YAJPEAU_EXCEPTION_POINTERS@@@Z
+    - ?Wait@CKEvent@@QEAAJPEAT_LARGE_INTEGER@@E@Z
+    - ?WaitFinish@CWorkerThreadJob@@QEAAXXZ
+    - ?WaitForInit@CDelayLoadThread@@QEAAEXZ
+    - ?WaitForLoad@CDelayLoadThread@@QEAAEXZ
+    - ?WaitNewJobAvailable@CWorkerThreadJobQueue@@QEAAEXZ
+    - ?WaitQueueEmpty@CWorkerThreadJobQueue@@QEAAXXZ
+    - ?Write@CDebugLog@@QEAAXPEBDZZ
+    - ?Write@CDebugLogEx@@QEAAXPEBDZZ
+    - ?Write@CFile@@QEAAJPEADKPEAT_LARGE_INTEGER@@PEAK@Z
+    - ?WriteDataToFile@CDebugLogEx@@IEAAXPEADK@Z
+    - ?WriteDataToProcMonW@CDebugLogEx@@IEAAXPEAD@Z
+    - ?WriteSystemInformation@CDebugLog@@QEAAXXZ
+    - ?WriteSystemInformation@CDebugLogEx@@QEAAXXZ
+    - ?WriteSystemStringInformation@CDebugLog@@IEAAXPEBG@Z
+    - ?WriteSystemStringInformation@CDebugLogEx@@IEAAXPEBG@Z
+    - ?WriteToFile@CDebugLog@@IEAAXPEADK@Z
+    - ?WriteToProcMonW@CDebugLogEx@@IEAAXPEAU_UNICODE_STRING@@@Z
+    - ?_pNonPagedAllocator@@3PEAVCMemoryAllocator@@EA
+    - ?_pPagedAllocator@@3PEAVCMemoryAllocator@@EA
+    - ?m_lpInstance@CWorkerThreadPool@@1PEAV1@EA
+    - ?m_lpRCMInstance@CWorkerThreadPool@@1PEAV1@EA
+    - AllocFullFileName
+    - DeInitKm2UmCommunication
+    - DeInitKmLPC
+    - DuplicateFullFileName
+    - FreeFullFileName
+    - GetKm2UmMode
+    - GetModuleInfoByAddress
+    - GetModuleInfoByModuleName
+    - InitKm2UmCommunication
+    - InitKmLPC
+    - IsVerifierCodeCheckFlagOn
+    - IsWindows8_1_update
+    - KmCallUm
+    - KmCallUmByLPC
+    - KmCallUmEx
+    - KmCleanupCommPortAPIs
+    - KmGetUmInitProcess
+    - KmSetBackupCommPortAPIs
+    - KmSetCommPortAPIs
+    - ModGetExportProcAddress
+    - ModLoadDLLToBuffer
+    - ModLoadDLLToBufferWithImageSize
+    - ModLoadModule
+    - ModUnLoadModule
+    - NormalizeFileName
+    - NormalizeFullNtPathToDosName
+    - TmCommConfigRoutine
+    - UtilAddDeviceInDriveTable
+    - UtilAddReparsePointMapping
+    - UtilCleanFileReadOnly
+    - UtilCloseExclusiveHandle
+    - UtilCreateDosFileName
+    - UtilDeleteFileForce
+    - UtilGetDeviceObjectName
+    - UtilGetFileNameFromFileObject
+    - UtilGetFileObjectForProcessByEPROC
+    - UtilGetFileObjectFromFileName
+    - UtilGetProcessName
+    - UtilGetSystemDirectory
+    - UtilGetSystemDirectoryEx
+    - UtilGetSystemDirectoryLength
+    - UtilGetSystemTime
+    - UtilIoSetFileInfo
+    - UtilIopCreateFileIRP
+    - UtilKeGetLowFileDevice
+    - UtilModuleIATHook
+    - UtilModuleIATUnHook
+    - UtilPostJobToWorkerThread
+    - UtilQueryExclusiveHandle
+    - UtilQueryKeyValue
+    - UtilRemoveDeviceFromDriveTable
+    - UtilVolumeDeviceToDosName
+    - UtilWaitValueChangeToZero
+    - UtilWriteVersionToRegistry
+    - UtilbuildDynamicDiskMappingTable
+    - UtlWriteBinValueKeyToRegistry
+    - ValidateAddressWithSize
+    - _ResetProtectFromClose
+    - _UtilDosPathNameToNtPathName
+    ImportedFunctions:
+    - RtlInitUnicodeString
+    - KeInitializeEvent
+    - KeClearEvent
+    - KeSetEvent
+    - KeEnterCriticalRegion
+    - KeLeaveCriticalRegion
+    - KeWaitForSingleObject
+    - ExFreePoolWithTag
+    - ExAcquireFastMutexUnsafe
+    - ExReleaseFastMutexUnsafe
+    - ProbeForRead
+    - ProbeForWrite
+    - ExAcquireResourceSharedLite
+    - ExAcquireResourceExclusiveLite
+    - ExReleaseResourceLite
+    - MmProbeAndLockPages
+    - MmUnlockPages
+    - MmMapLockedPagesSpecifyCache
+    - IoAllocateMdl
+    - IoFreeMdl
+    - IoGetCurrentProcess
+    - ObfReferenceObject
+    - ObfDereferenceObject
+    - ZwClose
+    - ZwCreateSection
+    - ZwOpenSection
+    - ZwMapViewOfSection
+    - ZwUnmapViewOfSection
+    - ZwOpenEvent
+    - KePulseEvent
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - ObOpenObjectByPointer
+    - ZwAllocateVirtualMemory
+    - ZwFreeVirtualMemory
+    - ZwSetEvent
+    - __C_specific_handler
+    - PsProcessType
+    - wcslen
+    - wcsncpy
+    - wcsrchr
+    - RtlUnicodeStringToInteger
+    - ZwWaitForSingleObject
+    - ZwRequestWaitReplyPort
+    - ZwConnectPort
+    - SeCaptureSubjectContext
+    - SeReleaseSubjectContext
+    - SeAccessCheck
+    - ObGetObjectSecurity
+    - ObReleaseObjectSecurity
+    - PsGetProcessExitTime
+    - PsThreadType
+    - MmSectionObjectType
+    - RtlCreateSecurityDescriptor
+    - RtlSetDaclSecurityDescriptor
+    - KeInitializeSemaphore
+    - KeReleaseSemaphore
+    - ExAllocatePoolWithTag
+    - ExAcquireFastMutex
+    - ExReleaseFastMutex
+    - RtlCreateAcl
+    - RtlAddAccessAllowedAce
+    - RtlLengthRequiredSid
+    - RtlInitializeSid
+    - RtlSubAuthoritySid
+    - KeDelayExecutionThread
+    - ExGetPreviousMode
+    - DbgPrint
+    - swprintf
+    - RtlCopyUnicodeString
+    - PsGetVersion
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - ObReferenceObjectByHandle
+    - PsGetCurrentProcessId
+    - ZwCreateEvent
+    - ExEventObjectType
+    - _wcsnicmp
+    - PsSetCreateProcessNotifyRoutine
+    - ZwQueryInformationProcess
+    - PsLookupProcessByProcessId
+    - ZwOpenDirectoryObject
+    - ExInitializeResourceLite
+    - ExDeleteResourceLite
+    - ZwCreateFile
+    - ZwQueryInformationFile
+    - ZwSetInformationFile
+    - ZwReadFile
+    - ZwWriteFile
+    - towupper
+    - MmGetSystemRoutineAddress
+    - ObReferenceObjectByPointer
+    - MmIsAddressValid
+    - PsGetCurrentThreadId
+    - ObQueryNameString
+    - _snprintf
+    - _vsnprintf
+    - RtlInitAnsiString
+    - RtlAnsiStringToUnicodeString
+    - RtlFreeUnicodeString
+    - RtlTimeToTimeFields
+    - KeWaitForMultipleObjects
+    - ExSystemTimeToLocalTime
+    - wcscat
+    - ZwDeviceIoControlFile
+    - ZwNotifyChangeKey
+    - ZwOpenFile
+    - ZwQueryVolumeInformationFile
+    - mbstowcs
+    - _stricmp
+    - IoGetDeviceObjectPointer
+    - RtlImageNtHeader
+    - ZwQuerySystemInformation
+    - IoBuildDeviceIoControlRequest
+    - IofCallDriver
+    - IoCreateFile
+    - RtlEqualUnicodeString
+    - RtlAppendUnicodeStringToString
+    - RtlUpcaseUnicodeChar
+    - _snwprintf
+    - strlen
+    - _strnicmp
+    - strncpy
+    - NtOpenProcess
+    - NtQueryInformationProcess
+    - ObOpenObjectByName
+    - KeSetPriorityThread
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - KeNumberProcessors
+    - RtlLengthSecurityDescriptor
+    - ZwOpenKey
+    - ZwDeleteKey
+    - ZwDeleteValueKey
+    - ZwEnumerateKey
+    - ZwEnumerateValueKey
+    - ZwQueryKey
+    - ZwQueryValueKey
+    - ZwSetValueKey
+    - ZwTerminateProcess
+    - ZwOpenProcess
+    - ZwDuplicateObject
+    - ZwQuerySecurityObject
+    - ZwSetSecurityObject
+    - ZwQueryDirectoryObject
+    - ZwQueryDirectoryFile
+    - NtCreateFile
+    - NtQueryInformationFile
+    - NtSetInformationFile
+    - IoFileObjectType
+    - ObInsertObject
+    - wcschr
+    - wcsncmp
+    - RtlQueryRegistryValues
+    - RtlAppendUnicodeToString
+    - RtlCompareMemory
+    - MmBuildMdlForNonPagedPool
+    - IoAllocateIrp
+    - IoFreeIrp
+    - ZwOpenSymbolicLinkObject
+    - ZwQuerySymbolicLinkObject
+    - RtlUpcaseUnicodeString
+    - NtClose
+    - ZwSetInformationObject
+    - SeQueryAuthenticationIdToken
+    - MmSystemRangeStart
+    - IoGetFileObjectGenericMapping
+    - ObCreateObject
+    - SeCreateAccessState
+    - IoAcquireVpbSpinLock
+    - IoReleaseVpbSpinLock
+    - wcstombs
+    - strncat
+    - wcsncat
+    - RtlUnicodeStringToAnsiString
+    - RtlFreeAnsiString
+    - strcpy
+    - wcsstr
+    - RtlCompareUnicodeString
+    - DbgPrintEx
+    - KeAcquireSpinLockRaiseToDpc
+    - KeReleaseSpinLock
+    - ExAllocatePool
+    - ExpInterlockedPopEntrySList
+    - IoBuildSynchronousFsdRequest
+    - IoGetStackLimits
+    - IoGetDeviceInterfaces
+    - IoRegisterPlugPlayNotification
+    - IoUnregisterPlugPlayNotification
+    - IoGetConfigurationInformation
+    - FsRtlIsNameInExpression
+    - IoDeviceObjectType
+    - IoCreateDevice
+    - RtlGetOwnerSecurityDescriptor
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetSaclSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - RtlLengthSid
+    - SeExports
+    - IoIsWdmVersionAvailable
+    - RtlAbsoluteToSelfRelativeSD
+    - ZwCreateKey
+    - _purecall
+    - KeBugCheckEx
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited,
+                CN=COMODO SHA,1 Time Stamping Signer
+            ValidFrom: '2015-12-31 00:00:00'
+            ValidTo: '2019-07-09 18:40:36'
+            Signature: ba332440408c7cdb589fb36098b2f5c031feeb1f6e50f60ae0e4e681ad2687a2dffdb3daf473f300fb291b891b153edb6b52932bc4ac3981d73c67579a3936e028089ae3394f9b89097f7bc5617f598932250a6aae1a3ef0a227a8b6c3b887f7160448413d5cd8ec9f4d203104d965a1edcd690753163ddd36020a88eb40e506300bb8164bdcefbc5509ffc63e122e76b3dcce42eff97657e1b70a054098589a5d711693718c6581ea6ff389f7fb73adb4e7bfd98e6faa0b4f25f3b8e1d5dd75986881f8aac0d180c2c4c43989c1f6c99e6cd774f9d997f84fc29a0acd5e8ff819e9e0a59fc4f09221e62d7925c922f9c3f03a8457ad3a16f46394101d5dd0c6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1688f039255e638e69143907e6330b
+            Version: 3
+            TBS:
+                MD5: 0179e8ddeebaf8998fec419d65cdf13d
+                SHA1: 34c724c3369f2da8c25b591808962f66f10bde28
+                SHA256: 35b0bac11602847aaab65fb35199d3c8976cde3ccf7e061b130177c712cbd92f
+                SHA384: 85f2e758b5480eb225ae42777ed339de71da458c1d40677c0fb6ef8e560e42764a577335e4839b5342061c31ee837b6e
+        -   Subject: C=TW, ST=Taiwan, L=Taipei, O=Trend Micro, Inc., CN=Trend Micro,
+                Inc.
+            ValidFrom: '2016-03-29 00:00:00'
+            ValidTo: '2017-06-28 23:59:59'
+            Signature: 27351697f046d1d43fe306dff30b83e7a404e3e6431c1e06829c558d99eb3f21776021e3e1bd4e485aba08b89bb0972f23daa471d7b432a44a591270f9a838f13dbda32ee936c0df792cff8c493e1f27b2282b3d896ae7b4155ca1a50bf7111f3f4bbbe11f17cfe5d49c0589c210966ef7e567153e802d2e783ff498c59585598d9d3e93273d1e81c07ce85c0cfb24834d448c3930120f1686bd472d916ac8f9475acfdb27be8528311f668d71dfc132a0ff62df7baa575a0cc732b3de003beca214954d4d97cf9511b9329eccbb7b716675b31e543a43570080dffce3fc8ca8fbb17d954b9678e2d0c1e1710a5cf03952a687fede59dcba3bf98900f9934f12
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 774d49c5649436de6bf3190a67eedcdf
+            Version: 3
+            TBS:
+                MD5: b3ca7d6b821d8e3432b29874980af55e
+                SHA1: 618d7e55a24c1d8b65a0bcce79120c5e3b13fa4d
+                SHA256: c645c6a7dc7243a4a3f78a6569c029401a7bda8bc4732ce7198d9f21f19b12fa
+                SHA384: a215ae468847498103234ed023774ba72f8d35f82f2fef5ca8521f020e7ea9c1f2df2a312743bff5fa65747b0760ec59
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 774d49c5649436de6bf3190a67eedcdf
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: f24ab92249f890976db4810956894104
+        SHA1: 5abe3da2e90de43df4ee61c89b8adb402176edb3
+        SHA256: da02581a92aa11134e23d9ee3cf7d60945700fec9b37c0a3365e2aebe68ec5b3
+    Sections:
+        .text:
+            Entropy: 5.86389192642893
+            Virtual Size: '0x4f325'
+        .rdata:
+            Entropy: 3.427567442847141
+            Virtual Size: '0x6104'
+        .data:
+            Entropy: 4.655791914208071
+            Virtual Size: '0x325c'
+        .pdata:
+            Entropy: 5.512999023457541
+            Virtual Size: '0x3a2c'
+        PAGE:
+            Entropy: 6.291915046471805
+            Virtual Size: '0x1ae4'
+        .edata:
+            Entropy: 5.779149360804799
+            Virtual Size: '0x5834'
+        INIT:
+            Entropy: 5.341865740296962
+            Virtual Size: '0x18a6'
+        .rsrc:
+            Entropy: 3.355484856716838
+            Virtual Size: '0x560'
+        .reloc:
+            Entropy: 5.322414751159131
+            Virtual Size: '0x4c8'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2016-08-01 21:07:52'
+    Imphash: 60805da513b95c3d18a93b988bdfb58f
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: TmComm.sys
+    MD5: 996ded363410dfd38af50c76bd5b4fbc
+    SHA1: d7597d27eeb2658a7c7362193f4e5c813c5013e5
+    SHA256: fca10cde7d331b7f614118682d834d46125a65888e97bd9fda2df3f15797166c
+    Authentihash:
+        MD5: 8668e5f58ae2a95ada7f83f280974cba
+        SHA1: 0ad65356dae97eebd80c059e1ee1ec39c8119b95
+        SHA256: 683f0af364f8a19f81d2e095e17de6d403ba3672bdf4a1caf601bca5b57454df
+    Description: TrendMicro Common Module
+    Company: Trend Micro Inc.
+    InternalName: TmComm.sys
+    OriginalFilename: TmComm.sys
+    FileVersion: 6.70.0.1129
+    Product: Trend Micro Eyes
+    ProductVersion: '6.70'
+    Copyright: Copyright  (C)  2020 Trend Micro Incorporated. All rights reserved.
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions:
+    - ??0CAutoUpdateConfigThread@@QEAA@AEBV0@@Z
+    - ??0CAutoUpdateConfigThread@@QEAA@PEAU_UNICODE_STRING@@P6AX0PEAX@Z1@Z
+    - ??0CBlobConfig@@QEAA@AEBV0@@Z
+    - ??0CBlobConfig@@QEAA@K@Z
+    - ??0CContext@@QEAA@AEBV0@@Z
+    - ??0CContext@@QEAA@KP6AJPEAU_EVENT_REPORT@@PEAXPEAU_TMCE_REPORT@@PEAU_TMCE_FEEDBACK@@@Z1K@Z
+    - ??0CContextList@@QEAA@AEBV0@@Z
+    - ??0CContextList@@QEAA@KPEAVIMemoryAllocator@@@Z
+    - ??0CDebugLog@@QEAA@AEBV0@@Z
+    - ??0CDebugLog@@QEAA@PEBG@Z
+    - ??0CDebugLogEx@@QEAA@AEBV0@@Z
+    - ??0CDebugLogEx@@QEAA@K@Z
+    - ??0CDelayLoadThread@@QEAA@AEBV0@@Z
+    - ??0CDelayLoadThread@@QEAA@XZ
+    - ??0CExclusionExtConfig@@QEAA@AEBV0@@Z
+    - ??0CExclusionExtConfig@@QEAA@KKE@Z
+    - ??0CExclusionFileNameConfig@@QEAA@AEBV0@@Z
+    - ??0CExclusionFileNameConfig@@QEAA@KK@Z
+    - ??0CExclusionFilePathConfig@@QEAA@AEBV0@@Z
+    - ??0CExclusionFilePathConfig@@QEAA@KK@Z
+    - ??0CExclusionFolderConfig@@QEAA@AEBV0@@Z
+    - ??0CExclusionFolderConfig@@QEAA@KK@Z
+    - ??0CExclusionRegistryConfig@@QEAA@AEBV0@@Z
+    - ??0CExclusionRegistryConfig@@QEAA@KK@Z
+    - ??0CFile@@QEAA@AEBV0@@Z
+    - ??0CFile@@QEAA@E@Z
+    - ??0CFileExtension@@QEAA@AEBV0@@Z
+    - ??0CFileExtension@@QEAA@KEEPEAVIMemoryAllocator@@@Z
+    - ??0CInclusionExtConfig@@QEAA@AEBV0@@Z
+    - ??0CInclusionExtConfig@@QEAA@KKE@Z
+    - ??0CInclusionFileNameConfig@@QEAA@AEBV0@@Z
+    - ??0CInclusionFileNameConfig@@QEAA@KK@Z
+    - ??0CInclusionFilePathConfig@@QEAA@AEBV0@@Z
+    - ??0CInclusionFilePathConfig@@QEAA@KK@Z
+    - ??0CInclusionFolderConfig@@QEAA@AEBV0@@Z
+    - ??0CInclusionFolderConfig@@QEAA@KK@Z
+    - ??0CKEvent@@QEAA@AEBV0@@Z
+    - ??0CKEvent@@QEAA@W4_EVENT_TYPE@@E@Z
+    - ??0CList@@QEAA@AEBV0@@Z
+    - ??0CList@@QEAA@KPEAVIMemoryAllocator@@@Z
+    - ??0CLockEvent@@QEAA@AEBV0@@Z
+    - ??0CLockEvent@@QEAA@XZ
+    - ??0CLockList@@QEAA@AEBV0@@Z
+    - ??0CLockList@@QEAA@KKPEAVIMemoryAllocator@@@Z
+    - ??0CMemoryAllocator@@IEAA@W4_POOL_TYPE@@K@Z
+    - ??0CMemoryAllocator@@QEAA@AEBV0@@Z
+    - ??0CMemoryPoolAllocator@@IEAA@W4_POOL_TYPE@@_K1K@Z
+    - ??0CMemoryPoolAllocator@@QEAA@AEBV0@@Z
+    - ??0CModuleConfig@@QEAA@AEBV0@@Z
+    - ??0CModuleConfig@@QEAA@XZ
+    - ??0CModuleConfigList@@QEAA@AEBV0@@Z
+    - ??0CModuleConfigList@@QEAA@KPEAVIMemoryAllocator@@@Z
+    - ??0CModuleFileExtConfig@@QEAA@AEBV0@@Z
+    - ??0CModuleFileExtConfig@@QEAA@KKE@Z
+    - ??0CModuleFlagConfig@@QEAA@AEBV0@@Z
+    - ??0CModuleFlagConfig@@QEAA@K@Z
+    - ??0CModuleMultiStringConfig@@QEAA@AEBV0@@Z
+    - ??0CModuleMultiStringConfig@@QEAA@KK@Z
+    - ??0CModuleStringConfig@@QEAA@AEBV0@@Z
+    - ??0CModuleStringConfig@@QEAA@K@Z
+    - ??0CNoLockList@@QEAA@AEBV0@@Z
+    - ??0CNoLockList@@QEAA@KKPEAVIMemoryAllocator@@@Z
+    - ??0CSmartLock@@QEAA@AEAVCLockEvent@@@Z
+    - ??0CSmartLock@@QEAA@XZ
+    - ??0CSmartReference@@QEAA@AEAJ@Z
+    - ??0CSmartReference@@QEAA@AEAK@Z
+    - ??0CSmartResource@@QEAA@AEAVCResource@@E@Z
+    - ??0CStrList@@QEAA@AEBV0@@Z
+    - ??0CStrList@@QEAA@KPEAVIMemoryAllocator@@@Z
+    - ??0CSystemThread@@QEAA@AEBV0@@Z
+    - ??0CSystemThread@@QEAA@K@Z
+    - ??0CUserFuncAdapterJob@@QEAA@AEBV0@@Z
+    - ??0CUserFuncAdapterJob@@QEAA@P6AXPEAX@Z01@Z
+    - ??0CWorkerThread@@IEAA@PEAVCWorkerThreadJobQueue@@@Z
+    - ??0CWorkerThread@@QEAA@AEBV0@@Z
+    - ??0CWorkerThreadJob@@QEAA@AEBV0@@Z
+    - ??0CWorkerThreadJob@@QEAA@E@Z
+    - ??0CWorkerThreadJobQueue@@QEAA@AEBV0@@Z
+    - ??0CWorkerThreadJobQueue@@QEAA@K@Z
+    - ??0CWorkerThreadPool@@QEAA@AEBV0@@Z
+    - ??0CWorkerThreadPool@@QEAA@K@Z
+    - ??0CWorkerThreadPoolEx@@QEAA@AEBV0@@Z
+    - ??0CWorkerThreadPoolEx@@QEAA@KK@Z
+    - ??0IMemoryAllocator@@QEAA@AEBV0@@Z
+    - ??0IMemoryAllocator@@QEAA@XZ
+    - ??1CAutoUpdateConfigThread@@UEAA@XZ
+    - ??1CBlobConfig@@UEAA@XZ
+    - ??1CContext@@UEAA@XZ
+    - ??1CContextList@@UEAA@XZ
+    - ??1CDebugLog@@UEAA@XZ
+    - ??1CDebugLogEx@@UEAA@XZ
+    - ??1CDelayLoadThread@@UEAA@XZ
+    - ??1CExclusionExtConfig@@UEAA@XZ
+    - ??1CExclusionFileNameConfig@@UEAA@XZ
+    - ??1CExclusionFilePathConfig@@UEAA@XZ
+    - ??1CExclusionFolderConfig@@UEAA@XZ
+    - ??1CExclusionRegistryConfig@@UEAA@XZ
+    - ??1CFile@@UEAA@XZ
+    - ??1CFileExtension@@UEAA@XZ
+    - ??1CInclusionExtConfig@@UEAA@XZ
+    - ??1CInclusionFileNameConfig@@UEAA@XZ
+    - ??1CInclusionFilePathConfig@@UEAA@XZ
+    - ??1CInclusionFolderConfig@@UEAA@XZ
+    - ??1CKEvent@@UEAA@XZ
+    - ??1CList@@UEAA@XZ
+    - ??1CLockEvent@@UEAA@XZ
+    - ??1CLockList@@UEAA@XZ
+    - ??1CMemoryAllocator@@UEAA@XZ
+    - ??1CMemoryPoolAllocator@@UEAA@XZ
+    - ??1CModuleConfig@@UEAA@XZ
+    - ??1CModuleConfigList@@UEAA@XZ
+    - ??1CModuleFileExtConfig@@UEAA@XZ
+    - ??1CModuleFlagConfig@@UEAA@XZ
+    - ??1CModuleMultiStringConfig@@UEAA@XZ
+    - ??1CModuleStringConfig@@UEAA@XZ
+    - ??1CNoLockList@@UEAA@XZ
+    - ??1CSmartLock@@QEAA@XZ
+    - ??1CSmartReference@@QEAA@XZ
+    - ??1CSmartResource@@QEAA@XZ
+    - ??1CStrList@@UEAA@XZ
+    - ??1CSystemThread@@UEAA@XZ
+    - ??1CUserFuncAdapterJob@@UEAA@XZ
+    - ??1CWorkerThread@@UEAA@XZ
+    - ??1CWorkerThreadJob@@UEAA@XZ
+    - ??1CWorkerThreadJobQueue@@UEAA@XZ
+    - ??1CWorkerThreadPool@@UEAA@XZ
+    - ??1CWorkerThreadPoolEx@@UEAA@XZ
+    - ??1IMemoryAllocator@@UEAA@XZ
+    - ??2@YAPEAX_KPEAVIMemoryAllocator@@PEBDK@Z
+    - ??2CMemoryAllocator@@SAPEAX_K@Z
+    - ??2CMemoryPoolAllocator@@SAPEAX_K@Z
+    - ??3@YAXPEAX@Z
+    - ??3IMemoryAllocator@@SAXPEAX@Z
+    - ??4CAutoUpdateConfigThread@@QEAAAEAV0@AEBV0@@Z
+    - ??4CBlobConfig@@QEAAAEAV0@AEBV0@@Z
+    - ??4CContext@@QEAAAEAV0@AEBV0@@Z
+    - ??4CDebugLog@@QEAAAEAV0@AEBV0@@Z
+    - ??4CDebugLogEx@@QEAAAEAV0@AEBV0@@Z
+    - ??4CDelayLoadThread@@QEAAAEAV0@AEBV0@@Z
+    - ??4CFile@@QEAAAEAV0@AEBV0@@Z
+    - ??4CKEvent@@QEAAAEAV0@AEBV0@@Z
+    - ??4CLockEvent@@QEAAAEAV0@AEBV0@@Z
+    - ??4CMemoryAllocator@@QEAAAEAV0@AEBV0@@Z
+    - ??4CMemoryPoolAllocator@@QEAAAEAV0@AEBV0@@Z
+    - ??4CModuleConfig@@QEAAAEAV0@AEBV0@@Z
+    - ??4CModuleFlagConfig@@QEAAAEAV0@AEBV0@@Z
+    - ??4CModuleStringConfig@@QEAAAEAV0@AEBV0@@Z
+    - ??4CSmartLock@@QEAAAEAV0@AEBV0@@Z
+    - ??4CSmartLock@@QEAAAEBV0@AEAVCLockEvent@@@Z
+    - ??4CSmartResource@@QEAAAEAV0@AEBV0@@Z
+    - ??4CSystemThread@@QEAAAEAV0@AEBV0@@Z
+    - ??4CUserFuncAdapterJob@@QEAAAEAV0@AEBV0@@Z
+    - ??4CWorkerThread@@QEAAAEAV0@AEBV0@@Z
+    - ??4CWorkerThreadJob@@QEAAAEAV0@AEBV0@@Z
+    - ??4IMemoryAllocator@@QEAAAEAV0@AEBV0@@Z
+    - ??_7CAutoUpdateConfigThread@@6B@
+    - ??_7CBlobConfig@@6B@
+    - ??_7CContext@@6B@
+    - ??_7CContextList@@6B@
+    - ??_7CDebugLog@@6B@
+    - ??_7CDebugLogEx@@6B@
+    - ??_7CDelayLoadThread@@6B@
+    - ??_7CExclusionExtConfig@@6B@
+    - ??_7CExclusionFileNameConfig@@6B@
+    - ??_7CExclusionFilePathConfig@@6B@
+    - ??_7CExclusionFolderConfig@@6B@
+    - ??_7CExclusionRegistryConfig@@6B@
+    - ??_7CFile@@6B@
+    - ??_7CFileExtension@@6B@
+    - ??_7CInclusionExtConfig@@6B@
+    - ??_7CInclusionFileNameConfig@@6B@
+    - ??_7CInclusionFilePathConfig@@6B@
+    - ??_7CInclusionFolderConfig@@6B@
+    - ??_7CKEvent@@6B@
+    - ??_7CList@@6B@
+    - ??_7CLockEvent@@6B@
+    - ??_7CLockList@@6B@
+    - ??_7CMemoryAllocator@@6B@
+    - ??_7CMemoryPoolAllocator@@6B@
+    - ??_7CModuleConfig@@6B@
+    - ??_7CModuleConfigList@@6B@
+    - ??_7CModuleFileExtConfig@@6B@
+    - ??_7CModuleFlagConfig@@6B@
+    - ??_7CModuleMultiStringConfig@@6B@
+    - ??_7CModuleStringConfig@@6B@
+    - ??_7CNoLockList@@6B@
+    - ??_7CStrList@@6B@
+    - ??_7CSystemThread@@6B@
+    - ??_7CUserFuncAdapterJob@@6B@
+    - ??_7CWorkerThread@@6B@
+    - ??_7CWorkerThreadJob@@6B@
+    - ??_7CWorkerThreadJobQueue@@6B@
+    - ??_7CWorkerThreadPool@@6B@
+    - ??_7CWorkerThreadPoolEx@@6B@
+    - ??_7IMemoryAllocator@@6B@
+    - ??_FCContextList@@QEAAXXZ
+    - ??_FCFile@@QEAAXXZ
+    - ??_FCFileExtension@@QEAAXXZ
+    - ??_FCModuleConfigList@@QEAAXXZ
+    - ??_FCStrList@@QEAAXXZ
+    - ??_FCSystemThread@@QEAAXXZ
+    - ??_FCWorkerThread@@QEAAXXZ
+    - ??_FCWorkerThreadJob@@QEAAXXZ
+    - ??_FCWorkerThreadJobQueue@@QEAAXXZ
+    - ??_U@YAPEAX_KPEAVIMemoryAllocator@@PEBDK@Z
+    - ??_V@YAXPEAX@Z
+    - ?Acquire@CLockEvent@@QEAAXXZ
+    - ?Add@CContextList@@QEAAEPEAVCContext@@@Z
+    - ?Add@CFileExtension@@QEAAEPEBGK@Z
+    - ?Add@CModuleConfigList@@QEAAEPEAVCModuleConfig@@@Z
+    - ?Add@CStrList@@QEAAEPEBG@Z
+    - ?AddNode@CLockList@@UEAAEQEAXE@Z
+    - ?AddNode@CNoLockList@@UEAAEQEAXE@Z
+    - ?Alloc@CMemoryAllocator@@UEAAPEAX_KPEBDK@Z
+    - ?Alloc@CMemoryPoolAllocator@@UEAAPEAX_KPEBDK@Z
+    - ?AllocBlock@CMemoryPoolAllocator@@IEAAPEAX_K@Z
+    - ?AttachJobQueue@CWorkerThread@@QEAAXPEAVCWorkerThreadJobQueue@@@Z
+    - ?Cancel@CWorkerThreadJob@@QEAAXXZ
+    - ?CheckNode@CLockList@@UEAAHQEAX@Z
+    - ?CheckNode@CNoLockList@@UEAAHQEAX@Z
+    - ?CleanQueue@CWorkerThreadJobQueue@@QEAAXXZ
+    - ?Cleanup@CBlobConfig@@AEAAXXZ
+    - ?Cleanup@CModuleFileExtConfig@@IEAAXXZ
+    - ?Cleanup@CModuleMultiStringConfig@@IEAAXXZ
+    - ?Cleanup@CModuleStringConfig@@AEAAXXZ
+    - ?Close@CFile@@QEAAJXZ
+    - ?Count@CLockList@@QEAAKXZ
+    - ?Count@CNoLockList@@QEAAKXZ
+    - ?Create@CFile@@QEAAJPEBGKKKK@Z
+    - ?Create@CSystemThread@@QEAAEXZ
+    - ?CreateInstance@CMemoryAllocator@@SAPEAV1@W4_POOL_TYPE@@K@Z
+    - ?CreateInstance@CMemoryPoolAllocator@@SAPEAV1@W4_POOL_TYPE@@_K1K@Z
+    - ?CreatePool@CWorkerThreadPool@@QEAAEXZ
+    - ?CreatePool@CWorkerThreadPoolEx@@QEAAEXZ
+    - ?CreateThreads@CWorkerThreadPool@@QEAAEK@Z
+    - ?CreateThreads@CWorkerThreadPoolEx@@QEAAEK@Z
+    - ?CreateWIRP@CFile@@QEAAJPEBGKKKK@Z
+    - ?Delete@CFile@@QEAAJXZ
+    - ?Delete@CFileExtension@@QEAAEPEBGK@Z
+    - ?Delete@CStrList@@QEAAEPEBG@Z
+    - ?DeleteAll@CList@@UEAAXXZ
+    - ?DeleteAll@CLockList@@UEAAXXZ
+    - ?DeleteAll@CNoLockList@@UEAAXXZ
+    - ?DeleteNode@CContextList@@MEAAXPEAX@Z
+    - ?DeleteNode@CList@@UEAAXPEAX@Z
+    - ?DeleteNode@CModuleConfigList@@MEAAXPEAX@Z
+    - ?DeleteNode@CStrList@@EEAAXPEAU_STR_LIST_NODE@1@@Z
+    - ?DisableWriteProtectFromCR0@@YAXPEAPEAX@Z
+    - ?DoIt@CWorkerThreadJob@@QEAAJXZ
+    - ?EntryPoint@CSystemThread@@KAXPEAX@Z
+    - ?Find@CContextList@@QEAAPEAVCContext@@K@Z
+    - ?Find@CContextList@@QEAAPEAVCContext@@PEAX@Z
+    - ?Find@CFileExtension@@QEAAPEAU_STR_LIST_NODE@CStrList@@PEBGK@Z
+    - ?Find@CModuleConfigList@@QEAAPEAVCModuleConfig@@K@Z
+    - ?Find@CStrList@@QEAAPEAU_STR_LIST_NODE@1@PEBG@Z
+    - ?FindNode@CContextList@@IEAAPEAXPEAX@Z
+    - ?FindPartiallyAndAllMatch@CStrList@@QEAAPEAU_STR_LIST_NODE@1@PEBG@Z
+    - ?FinishFunction@CUserFuncAdapterJob@@MEAAXXZ
+    - ?FinishIt@CWorkerThreadJob@@QEAAJXZ
+    - ?First@CList@@UEAAPEAXXZ
+    - ?First@CLockList@@UEAAPEAXXZ
+    - ?First@CNoLockList@@UEAAPEAXXZ
+    - ?Free@CMemoryAllocator@@UEAAXPEAX@Z
+    - ?Free@CMemoryPoolAllocator@@UEAAXPEAX@Z
+    - ?GetAttributes@CFile@@QEAAKXZ
+    - ?GetBasicInfomration@CFile@@IEAAJXZ
+    - ?GetBlobCofig@CContext@@UEAAJKPEAXPEAK@Z
+    - ?GetCategory@CContext@@QEAAKXZ
+    - ?GetData@CBlobConfig@@QEAAHPEAXPEAK@Z
+    - ?GetData@CModuleFileExtConfig@@QEAAHPEAGPEAK@Z
+    - ?GetData@CModuleFileExtConfig@@QEAAPEAVCFileExtension@@XZ
+    - ?GetData@CModuleFlagConfig@@QEAAKXZ
+    - ?GetData@CModuleMultiStringConfig@@QEAAHPEAGPEAK@Z
+    - ?GetData@CModuleMultiStringConfig@@QEAAPEAVCStrList@@XZ
+    - ?GetData@CModuleStringConfig@@QEAAPEAGXZ
+    - ?GetData@CStrList@@QEAAEPEAGPEAK@Z
+    - ?GetDataType@CModuleConfig@@QEAAKXZ
+    - ?GetEngineContext@CContext@@QEAAPEAXXZ
+    - ?GetFileExtensionConfig@CContext@@QEAAPEAVCFileExtension@@K@Z
+    - ?GetFileExtensionConfig@CContext@@UEAAJKPEAGPEAK@Z
+    - ?GetFileSize@CFile@@QEAAJPEAT_LARGE_INTEGER@@@Z
+    - ?GetFileSizeWIRP@CFile@@QEAAJPEAT_LARGE_INTEGER@@@Z
+    - ?GetFlagConfig@CContext@@UEAAJKPEAK@Z
+    - ?GetID@CModuleConfig@@QEAAKXZ
+    - ?GetJob@CWorkerThreadJobQueue@@QEAAPEAVCWorkerThreadJob@@XZ
+    - ?GetLength@CModuleStringConfig@@QEAAKXZ
+    - ?GetLinkContext@CContext@@QEAAPEAXXZ
+    - ?GetLogFlag@CDebugLog@@QEAAKXZ
+    - ?GetLogFlag@CDebugLogEx@@QEAAKXZ
+    - ?GetModuleId@CModuleConfig@@QEAAKXZ
+    - ?GetMultiStringConfig@CContext@@QEAAPEAVCStrList@@K@Z
+    - ?GetMultiStringConfig@CContext@@UEAAJKPEAGPEAK@Z
+    - ?GetOneThreadTEB@CWorkerThreadPool@@QEAAPEAU_ETHREAD@@XZ
+    - ?GetOneThreadTEB@CWorkerThreadPool@@QEAAPEAU_KTHREAD@@XZ
+    - ?GetOneThreadTEB@CWorkerThreadPoolEx@@QEAAPEAU_ETHREAD@@XZ
+    - ?GetOneThreadTEB@CWorkerThreadPoolEx@@QEAAPEAU_KTHREAD@@XZ
+    - ?GetReportCallBackRoutine@CContext@@QEAA_KXZ
+    - ?GetSize@CBlobConfig@@QEAAKXZ
+    - ?GetStringConfig@CContext@@QEAAPEAGK@Z
+    - ?GetStringConfig@CContext@@UEAAJKPEAGPEAK@Z
+    - ?GetThreadCount@CWorkerThreadPool@@QEAAKXZ
+    - ?GetThreadCount@CWorkerThreadPoolEx@@QEAAKXZ
+    - ?GetThreadID@CSystemThread@@QEAA_KXZ
+    - ?GetType@CContext@@QEAAKXZ
+    - ?GetUserParameter@CContext@@QEAA_KXZ
+    - ?InitProcMon@CDebugLogEx@@IEAAXXZ
+    - ?InitializeBlobConfig@CContext@@QEAAHKPEAXK@Z
+    - ?InitializeFileExtensionConfig@CContext@@QEAAHKPEBG@Z
+    - ?InitializeFlagConfig@CContext@@QEAAHKK@Z
+    - ?InitializeMultiStringConfig@CContext@@QEAAHKPEBG@Z
+    - ?InitializeStringConfig@CContext@@QEAAHKPEBG@Z
+    - ?Insert@CList@@UEAAXQEAXE@Z
+    - ?Insert@CLockList@@UEAAXQEAXE@Z
+    - ?Insert@CNoLockList@@UEAAXQEAXE@Z
+    - ?InsertAfter@CList@@UEAAXPEAX0@Z
+    - ?InsertBefore@CList@@UEAAXPEAX0@Z
+    - ?Instance@CWorkerThreadPool@@SAPEAV1@XZ
+    - ?IsEmpty@CList@@UEAAEXZ
+    - ?IsEmpty@CLockList@@UEAAEXZ
+    - ?IsEmpty@CNoLockList@@UEAAEXZ
+    - ?IsExceedLimitation@CMemoryPoolAllocator@@IEAAEK@Z
+    - ?IsFull@CLockList@@QEBAEXZ
+    - ?IsFull@CNoLockList@@QEBAEXZ
+    - ?IsInExclusionList@CExclusionExtConfig@@QEAAEPEBG@Z
+    - ?IsInExclusionList@CExclusionFileNameConfig@@QEAAEPEBG@Z
+    - ?IsInExclusionList@CExclusionFilePathConfig@@QEAAEPEBG@Z
+    - ?IsInExclusionList@CExclusionFolderConfig@@QEAAEPEBG@Z
+    - ?IsInExclusionList@CExclusionRegistryConfig@@QEAAEPEBG@Z
+    - ?IsInInclusionList@CInclusionExtConfig@@QEAAEPEBG@Z
+    - ?IsInInclusionList@CInclusionFileNameConfig@@QEAAEPEBG@Z
+    - ?IsInInclusionList@CInclusionFilePathConfig@@QEAAEPEBG@Z
+    - ?IsInInclusionList@CInclusionFolderConfig@@QEAAEPEBG@Z
+    - ?IsOpened@CFile@@QEAAEXZ
+    - ?IsTerminated@CWorkerThreadPool@@QEAAEXZ
+    - ?IsTerminated@CWorkerThreadPoolEx@@QEAAEXZ
+    - ?IsValid@CMemoryAllocator@@UEAAEXZ
+    - ?IsValid@CMemoryPoolAllocator@@UEAAEXZ
+    - ?IsValid@IMemoryAllocator@@UEAAEXZ
+    - ?IsWorkerThread@CWorkerThreadPool@@QEAAE_K@Z
+    - ?IsWorkerThread@CWorkerThreadPoolEx@@QEAAE_K@Z
+    - ?JobFunction@CUserFuncAdapterJob@@MEAAXXZ
+    - ?JobQueue@CWorkerThreadPool@@QEAAAEAVCWorkerThreadJobQueue@@XZ
+    - ?JobQueue@CWorkerThreadPoolEx@@QEAAAEAVCWorkerThreadJobQueue@@XZ
+    - ?Limit@CLockList@@QEAAKXZ
+    - ?Limit@CNoLockList@@QEAAKXZ
+    - ?MatchAllExtensions@CFileExtension@@QEAAEXZ
+    - ?MatchNoExtensions@CFileExtension@@QEAAEXZ
+    - ?MergeLeft@CMemoryPoolAllocator@@IEAAPEAXPEAX@Z
+    - ?MergeRight@CMemoryPoolAllocator@@IEAAPEAXPEAX@Z
+    - ?NeedDelete@CWorkerThreadJob@@QEAAEXZ
+    - ?NeedDeleteWhenFinish@CWorkerThreadJob@@QEAAXE@Z
+    - ?NewNode@CList@@UEAAPEAXXZ
+    - ?NewNode@CStrList@@EEAAPEAXXZ
+    - ?NewNodeVariant@CList@@IEAAPEAXK@Z
+    - ?Next@CList@@UEBAPEAXQEAX@Z
+    - ?Next@CLockList@@UEBAPEAXQEAX@Z
+    - ?Next@CNoLockList@@UEBAPEAXQEAX@Z
+    - ?NextPool@CMemoryPoolAllocator@@QEAAPEAV1@XZ
+    - ?NotityTerminate@CWorkerThread@@QEAAXXZ
+    - ?PostJobToWorkerThread@CWorkerThreadPool@@QEAAJP6AXPEAX@Z0E@Z
+    - ?PostJobToWorkerThread@CWorkerThreadPoolEx@@QEAAJP6AXPEAX@Z0E1@Z
+    - ?Pulse@CKEvent@@QEAAJJE@Z
+    - ?QueueJob@CWorkerThreadJobQueue@@QEAAEPEAVCWorkerThreadJob@@@Z
+    - ?QueueJobItem@CWorkerThreadPool@@QEAAJPEAVCWorkerThreadJob@@@Z
+    - ?QueueJobItem@CWorkerThreadPoolEx@@QEAAJPEAVCWorkerThreadJob@@@Z
+    - ?RCMInstance@CWorkerThreadPool@@SAPEAV1@XZ
+    - ?Read@CFile@@QEAAJPEADKPEAK@Z
+    - ?ReadWIRP@CFile@@QEAAJPEADKPEAK@Z
+    - ?ReferenceCount@CContext@@QEAAAEAKXZ
+    - ?Release@CLockEvent@@QEAAXXZ
+    - ?Remove@CContextList@@UEAAEQEAX@Z
+    - ?Remove@CList@@UEAAEQEAX@Z
+    - ?Remove@CLockList@@UEAAEQEAX@Z
+    - ?Remove@CNoLockList@@UEAAEQEAX@Z
+    - ?RemoveHead@CList@@UEAAPEAXXZ
+    - ?RemoveHead@CLockList@@UEAAPEAXXZ
+    - ?RemoveHead@CNoLockList@@UEAAPEAXXZ
+    - ?RemoveTail@CList@@UEAAPEAXXZ
+    - ?RemoveTail@CLockList@@UEAAPEAXXZ
+    - ?RemoveTail@CNoLockList@@UEAAPEAXXZ
+    - ?Reset@CKEvent@@QEAAXXZ
+    - ?ResetData@CInclusionExtConfig@@QEAAXXZ
+    - ?ResetData@CInclusionFileNameConfig@@QEAAXXZ
+    - ?ResetData@CInclusionFilePathConfig@@QEAAXXZ
+    - ?ResetData@CInclusionFolderConfig@@QEAAXXZ
+    - ?RestoreCR0@@YAXPEAX@Z
+    - ?Run@CAutoUpdateConfigThread@@UEAAXXZ
+    - ?Run@CDelayLoadThread@@UEAAXXZ
+    - ?Run@CWorkerThread@@UEAAXXZ
+    - ?SeekToEnd@CFile@@QEAAJXZ
+    - ?Set@CKEvent@@QEAAJJE@Z
+    - ?SetAttributes@CFile@@QEAAJK@Z
+    - ?SetBlobCofig@CContext@@UEAAJKPEAXK@Z
+    - ?SetData@CBlobConfig@@QEAAHPEAXK@Z
+    - ?SetData@CModuleFileExtConfig@@QEAAHPEBG@Z
+    - ?SetData@CModuleFlagConfig@@QEAAHK@Z
+    - ?SetData@CModuleMultiStringConfig@@QEAAHPEBGK@Z
+    - ?SetData@CModuleStringConfig@@QEAAHPEBG@Z
+    - ?SetEngineContext@CContext@@QEAAXPEAX@Z
+    - ?SetFileExtensionConfig@CContext@@UEAAJKPEBG@Z
+    - ?SetFlagConfig@CContext@@UEAAJKK@Z
+    - ?SetLinkContext@CContext@@QEAAXPEAX@Z
+    - ?SetLogFlag@CDebugLog@@QEAAEK@Z
+    - ?SetLogFlag@CDebugLogEx@@QEAAEK@Z
+    - ?SetMatchAllExtensions@CFileExtension@@QEAAXE@Z
+    - ?SetMatchNoExtensions@CFileExtension@@QEAAXE@Z
+    - ?SetMultiStringConfig@CContext@@UEAAJKPEBG@Z
+    - ?SetNewJobItemEvent@CWorkerThreadJobQueue@@QEAAXXZ
+    - ?SetPriority@CSystemThread@@QEAAXK@Z
+    - ?SetStopUse@CContext@@QEAAXXZ
+    - ?SetStringConfig@CContext@@UEAAJKPEBG@Z
+    - ?Setup@CSystemThread@@MEAAXXZ
+    - ?StopUse@CContext@@QEAAHXZ
+    - ?TearDown@CSystemThread@@MEAAXXZ
+    - ?Terminate@CSystemThread@@QEAAXE@Z
+    - ?Terminate@CWorkerThreadPool@@QEAAEXZ
+    - ?Terminate@CWorkerThreadPoolEx@@QEAAEXZ
+    - ?TmExceptionFilter@@YAJPEAU_EXCEPTION_POINTERS@@@Z
+    - ?Wait@CKEvent@@QEAAJPEAT_LARGE_INTEGER@@E@Z
+    - ?WaitFinish@CWorkerThreadJob@@QEAAXXZ
+    - ?WaitForInit@CDelayLoadThread@@QEAAEXZ
+    - ?WaitForLoad@CDelayLoadThread@@QEAAEXZ
+    - ?WaitNewJobAvailable@CWorkerThreadJobQueue@@QEAAEXZ
+    - ?WaitQueueEmpty@CWorkerThreadJobQueue@@QEAAXXZ
+    - ?Write@CDebugLog@@QEAAXPEBDZZ
+    - ?Write@CDebugLogEx@@QEAAXPEBDZZ
+    - ?Write@CFile@@QEAAJPEADKPEAT_LARGE_INTEGER@@PEAK@Z
+    - ?WriteDataToFile@CDebugLogEx@@IEAAXPEADK@Z
+    - ?WriteDataToProcMonW@CDebugLogEx@@IEAAXPEAD@Z
+    - ?WriteSystemInformation@CDebugLog@@QEAAXXZ
+    - ?WriteSystemInformation@CDebugLogEx@@QEAAXXZ
+    - ?WriteSystemStringInformation@CDebugLog@@IEAAXPEBG@Z
+    - ?WriteSystemStringInformation@CDebugLogEx@@IEAAXPEBG@Z
+    - ?WriteToFile@CDebugLog@@IEAAXPEADK@Z
+    - ?WriteToProcMonW@CDebugLogEx@@IEAAXPEAU_UNICODE_STRING@@@Z
+    - ?_pNonPagedAllocator@@3PEAVCMemoryAllocator@@EA
+    - ?_pPagedAllocator@@3PEAVCMemoryAllocator@@EA
+    - ?m_lpInstance@CWorkerThreadPool@@1PEAV1@EA
+    - ?m_lpRCMInstance@CWorkerThreadPool@@1PEAV1@EA
+    - DeInitKm2UmCommunication
+    - DeInitKmLPC
+    - DuplicateFullFileName
+    - FreeFullFileName
+    - GetFileVersionOfNtoskrnl
+    - GetKm2UmMode
+    - GetModuleInfoByAddress
+    - GetModuleInfoByModuleName
+    - InitKm2UmCommunication
+    - InitKmLPC
+    - IsWindows8_1_update
+    - KmCallUm
+    - KmCallUmByLPC
+    - KmCallUmEx
+    - KmCleanupCommPortAPIs
+    - KmGetUmInitProcess
+    - KmSetCommPortAPIs
+    - ModGetExportProcAddress
+    - ModLoadDLLToBuffer
+    - ModLoadDLLToBufferWithImageSize
+    - ModLoadModule
+    - ModUnLoadModule
+    - NormalizeFileName
+    - NormalizeFileName1
+    - NormalizeFullNtPathToDosName
+    - NormalizeFullNtPathToDosName1
+    - TmCommConfigRoutine
+    - UtilAddDeviceInDriveTable
+    - UtilAddReparsePointMapping
+    - UtilCleanFileReadOnly
+    - UtilCloseExclusiveHandle
+    - UtilCreateDosFileName
+    - UtilDeleteFileForce
+    - UtilGetDeviceObjectName
+    - UtilGetFileNameFromFileObject
+    - UtilGetFileObjectForProcessByEPROC
+    - UtilGetFileObjectFromFileName
+    - UtilGetProcessName
+    - UtilGetSystemDirectory
+    - UtilGetSystemDirectoryEx
+    - UtilGetSystemDirectoryLength
+    - UtilGetSystemTime
+    - UtilIoSetFileInfo
+    - UtilIopCreateFileIRP
+    - UtilKeGetLowFileDevice
+    - UtilModuleIATHook
+    - UtilModuleIATUnHook
+    - UtilPostJobToWorkerThread
+    - UtilQueryExclusiveHandle
+    - UtilQueryKeyValue
+    - UtilRemoveDeviceFromDriveTable
+    - UtilVolumeDeviceToDosName
+    - UtilWaitValueChangeToZero
+    - UtilWriteVersionToRegistry
+    - UtilbuildDynamicDiskMappingTable
+    - UtlWriteBinValueKeyToRegistry
+    - ValidateAddressWithSize
+    - _ResetProtectFromClose
+    - _UtilDosPathNameToNtPathName
+    ImportedFunctions:
+    - KeLeaveCriticalRegion
+    - wcsncpy
+    - KeEnterCriticalRegion
+    - ExAcquireFastMutexUnsafe
+    - wcsrchr
+    - ExAcquireResourceSharedLite
+    - ExReleaseResourceLite
+    - _purecall
+    - ZwOpenEvent
+    - ZwConnectPort
+    - KeClearEvent
+    - PsProcessType
+    - ExFreePoolWithTag
+    - RtlInitUnicodeString
+    - KeSetEvent
+    - ProbeForWrite
+    - KeUnstackDetachProcess
+    - ZwRequestWaitReplyPort
+    - ZwWaitForSingleObject
+    - DbgBreakPoint
+    - ZwSetEvent
+    - IoGetCurrentProcess
+    - ZwFreeVirtualMemory
+    - ZwClose
+    - ObfReferenceObject
+    - ObfDereferenceObject
+    - RtlUnicodeStringToInteger
+    - ZwCreateSection
+    - ObOpenObjectByPointer
+    - KeStackAttachProcess
+    - KePulseEvent
+    - ZwAllocateVirtualMemory
+    - ObGetObjectSecurity
+    - SeAccessCheck
+    - SeReleaseSubjectContext
+    - SeCaptureSubjectContext
+    - PsThreadType
+    - ObReleaseObjectSecurity
+    - PsGetProcessExitTime
+    - MmSectionObjectType
+    - DbgPrint
+    - ExDeleteResourceLite
+    - ExInitializeResourceLite
+    - ZwReadFile
+    - swprintf
+    - ZwSetInformationFile
+    - ZwCreateFile
+    - ZwQueryInformationFile
+    - ZwWriteFile
+    - _wcsnicmp
+    - towupper
+    - ExAllocatePoolWithTag
+    - KeInitializeEvent
+    - ZwCreateEvent
+    - ZwCreateKey
+    - RtlAnsiStringToUnicodeString
+    - ZwNotifyChangeKey
+    - RtlInitAnsiString
+    - _snprintf
+    - RtlFreeUnicodeString
+    - ExSystemTimeToLocalTime
+    - _vsnprintf
+    - ObReferenceObjectByHandle
+    - RtlTimeToTimeFields
+    - ZwDeviceIoControlFile
+    - PsGetCurrentThreadId
+    - PsGetCurrentProcessId
+    - KeWaitForMultipleObjects
+    - ExGetPreviousMode
+    - RtlEqualUnicodeString
+    - RtlPrefixUnicodeString
+    - RtlAppendUnicodeStringToString
+    - RtlCopyUnicodeString
+    - RtlUpcaseUnicodeChar
+    - KeWaitForSingleObject
+    - KeSetPriorityThread
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - MmIsAddressValid
+    - KeDelayExecutionThread
+    - KeNumberProcessors
+    - PsLookupProcessByProcessId
+    - PsSetCreateProcessNotifyRoutine
+    - ZwOpenDirectoryObject
+    - ZwQueryInformationProcess
+    - ZwQuerySecurityObject
+    - NtSetInformationFile
+    - ZwDeleteValueKey
+    - ZwSetValueKey
+    - ZwQuerySystemInformation
+    - NtQueryInformationFile
+    - IoFileObjectType
+    - ZwQueryValueKey
+    - ZwQueryDirectoryFile
+    - NtCreateFile
+    - ZwEnumerateValueKey
+    - RtlLengthSecurityDescriptor
+    - ZwQueryDirectoryObject
+    - ZwSetSecurityObject
+    - ZwDuplicateObject
+    - ZwOpenProcess
+    - ExReleaseFastMutexUnsafe
+    - ZwDeleteKey
+    - ZwEnumerateKey
+    - ZwQueryKey
+    - ZwOpenKey
+    - MmSystemRangeStart
+    - _stricmp
+    - _strnicmp
+    - mbstowcs
+    - ProbeForRead
+    - RtlUpcaseUnicodeString
+    - _snwprintf
+    - ZwQuerySymbolicLinkObject
+    - ZwMapViewOfSection
+    - MmGetSystemRoutineAddress
+    - RtlAppendUnicodeToString
+    - IoCreateFile
+    - RtlQueryRegistryValues
+    - MmBuildMdlForNonPagedPool
+    - ZwOpenSymbolicLinkObject
+    - IoFreeMdl
+    - ObQueryNameString
+    - ZwUnmapViewOfSection
+    - NtClose
+    - IoFreeIrp
+    - PsGetVersion
+    - IoAllocateIrp
+    - RtlCompareMemory
+    - MmUnlockPages
+    - ZwSetInformationObject
+    - ZwOpenFile
+    - wcsncmp
+    - RtlImageNtHeader
+    - IoAllocateMdl
+    - IofCallDriver
+    - ZwQueryVolumeInformationFile
+    - ObReferenceObjectByPointer
+    - IoBuildDeviceIoControlRequest
+    - ZwOpenSection
+    - RtlSubAuthoritySid
+    - RtlLengthRequiredSid
+    - ExReleaseFastMutex
+    - ExAcquireFastMutex
+    - RtlCreateAcl
+    - RtlSetDaclSecurityDescriptor
+    - RtlAddAccessAllowedAce
+    - KeInitializeSemaphore
+    - KeReleaseSemaphore
+    - RtlInitializeSid
+    - RtlCreateSecurityDescriptor
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - IoGetDeviceObjectPointer
+    - ExEventObjectType
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - ObOpenObjectByName
+    - NtQueryInformationProcess
+    - strncpy
+    - NtOpenProcess
+    - ObInsertObject
+    - IoAcquireVpbSpinLock
+    - SeCreateAccessState
+    - IoGetFileObjectGenericMapping
+    - ObCreateObject
+    - KeAcquireQueuedSpinLock
+    - KeReleaseQueuedSpinLock
+    - IoReleaseVpbSpinLock
+    - wcschr
+    - IoGetConfigurationInformation
+    - IoRegisterPlugPlayNotification
+    - IoGetStackLimits
+    - IoBuildSynchronousFsdRequest
+    - KeReleaseSpinLock
+    - ExpInterlockedPopEntrySList
+    - FsRtlIsNameInExpression
+    - wcsstr
+    - ExAllocatePool
+    - IoUnregisterPlugPlayNotification
+    - MmProbeAndLockPages
+    - RtlCompareUnicodeString
+    - IoGetDeviceInterfaces
+    - KeAcquireSpinLockRaiseToDpc
+    - KeBugCheckEx
+    - IoCreateDevice
+    - IoDeviceObjectType
+    - SeCaptureSecurityDescriptor
+    - RtlAbsoluteToSelfRelativeSD
+    - IoIsWdmVersionAvailable
+    - SeExports
+    - RtlLengthSid
+    - RtlGetSaclSecurityDescriptor
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - ZwTerminateProcess
+    - ExAcquireResourceExclusiveLite
+    - __C_specific_handler
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: ??=TW, ??=Private Organization, serialNumber=23310837, C=TW,
+                ST=Taipei City, L=Daan District, O=Trend Micro, Inc., CN=Trend Micro,
+                Inc.
+            ValidFrom: '2020-08-07 00:00:00'
+            ValidTo: '2021-04-15 12:00:00'
+            Signature: 578aa329d98f23e576b6937a3146ca65f1ec8da04b5ec5f4c499436cfe710be5660f7c864950d9276a6dfdd2341048e6fe4f51044e7fce164f3b9203035bc3d311991685fbce0d90a4c7b2b511d0d3ba37b3558eae76db3ab30f4a2ef102faad1820e26b5fcbc216b368980655de80fe7177f9f1a80c75e4a0a21451a59c86986e5348318da4d295e8d02520fa674ce89756903b25521b5ad358f8328c5591a9702494cc24e340418dbcf08ef06214a8e90c4836dc6f8465fd59385bd56407d83bfc8a633e8125c523ff23dd8c669169848668d5aefe059ee5091e1776ec4686efd0d6ccee0e0bea5922ee41fb36e63d5704633f85115f9584926bdb708a9edb
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0f6146af9397c7fa04b13c2d0279a1ba
+            Version: 3
+            TBS:
+                MD5: df4ab4b67a0e9b1f9ec4a1ad9ea6052a
+                SHA1: dc1d0c4be3072afed8b0739a21b87b14292815e0
+                SHA256: 9c8450b3fa641a421a545e7e4fa7e1bcb657db4796bef147312c44b7a1b5ffe0
+                SHA384: 696022742c9e2b0213ef1a2c2a42e430a4a0823e7a2e8a5561fa6398964bf70ce95a4847da78efc56e17f75a9ddbd105
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA
+            ValidFrom: '2012-04-18 12:00:00'
+            ValidTo: '2027-04-18 12:00:00'
+            Signature: 9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0dd0e3374ac95bdbfa6b434b2a48ec06
+            Version: 3
+            TBS:
+                MD5: f92649915476229b093c211c2b18e6c4
+                SHA1: 2d54c16a8f8b69ccdea48d0603c132f547a5cf75
+                SHA256: 2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
+                SHA384: 511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 0f6146af9397c7fa04b13c2d0279a1ba
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: f4be961fdf2f7511374b1df8df43f982
+        SHA1: 548170450c7a94ed3369b8ea52224efc6207e53e
+        SHA256: afb90f23e79bf9a8d2b7c8cfe6668b65edca751317215ad400d3240b652eea37
+    Sections:
+        .text:
+            Entropy: 6.421875720834917
+            Virtual Size: '0x31c80'
+        .rdata:
+            Entropy: 3.428597518720569
+            Virtual Size: '0x6128'
+        .data:
+            Entropy: 2.99098009328391
+            Virtual Size: '0x35a8'
+        .pdata:
+            Entropy: 5.394401211716848
+            Virtual Size: '0x23f4'
+        PAGE:
+            Entropy: 6.21184090044214
+            Virtual Size: '0x19f7'
+        .edata:
+            Entropy: 5.770740565962119
+            Virtual Size: '0x5805'
+        INIT:
+            Entropy: 5.299636747033507
+            Virtual Size: '0x17d2'
+        .rsrc:
+            Entropy: 3.3710034705474916
+            Virtual Size: '0x568'
+        .reloc:
+            Entropy: 4.0313065892955455
+            Virtual Size: '0x7be'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2020-08-25 02:07:44'
+    Imphash: fbcdb079e9c13a82f98b79bb6ce86175
+    LoadsDespiteHVCI: 'TRUE'
+-   Filename: TmComm.sys
+    MD5: 148bd10da8c8d64928a213c7bf1f2fca
+    SHA1: dfd801b6c2715f5525f8ffb38e3396a5ad9b831d
+    SHA256: fda93c6e41212e86af07f57ca95db841161f00b08dae6304a51b467056e56280
+    Authentihash:
+        MD5: 4fdf46c89a0eb3a5482552a69bd4e21e
+        SHA1: 1a45053380feb519b9388c513b8867b0b40d8b8b
+        SHA256: ef0dbc4c4735f30e96e16375b18c2f5fa58e15ef60d17786e39e616a4438e264
+    Description: TrendMicro Common Module
+    Company: Trend Micro Inc.
+    InternalName: TmComm.sys
+    OriginalFilename: TmComm.sys
+    FileVersion: 6.70.0.1117
+    Product: Trend Micro Eyes
+    ProductVersion: '6.70'
+    Copyright: Copyright  (C)  2019 Trend Micro Incorporated. All rights reserved.
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions:
+    - ??0CAutoUpdateConfigThread@@QEAA@AEBV0@@Z
+    - ??0CAutoUpdateConfigThread@@QEAA@PEAU_UNICODE_STRING@@P6AX0PEAX@Z1@Z
+    - ??0CBlobConfig@@QEAA@AEBV0@@Z
+    - ??0CBlobConfig@@QEAA@K@Z
+    - ??0CContext@@QEAA@AEBV0@@Z
+    - ??0CContext@@QEAA@KP6AJPEAU_EVENT_REPORT@@PEAXPEAU_TMCE_REPORT@@PEAU_TMCE_FEEDBACK@@@Z1K@Z
+    - ??0CContextList@@QEAA@AEBV0@@Z
+    - ??0CContextList@@QEAA@KPEAVIMemoryAllocator@@@Z
+    - ??0CDebugLog@@QEAA@AEBV0@@Z
+    - ??0CDebugLog@@QEAA@PEBG@Z
+    - ??0CDebugLogEx@@QEAA@AEBV0@@Z
+    - ??0CDebugLogEx@@QEAA@K@Z
+    - ??0CDelayLoadThread@@QEAA@AEBV0@@Z
+    - ??0CDelayLoadThread@@QEAA@XZ
+    - ??0CExclusionExtConfig@@QEAA@AEBV0@@Z
+    - ??0CExclusionExtConfig@@QEAA@KKE@Z
+    - ??0CExclusionFileNameConfig@@QEAA@AEBV0@@Z
+    - ??0CExclusionFileNameConfig@@QEAA@KK@Z
+    - ??0CExclusionFilePathConfig@@QEAA@AEBV0@@Z
+    - ??0CExclusionFilePathConfig@@QEAA@KK@Z
+    - ??0CExclusionFolderConfig@@QEAA@AEBV0@@Z
+    - ??0CExclusionFolderConfig@@QEAA@KK@Z
+    - ??0CExclusionRegistryConfig@@QEAA@AEBV0@@Z
+    - ??0CExclusionRegistryConfig@@QEAA@KK@Z
+    - ??0CFile@@QEAA@AEBV0@@Z
+    - ??0CFile@@QEAA@E@Z
+    - ??0CFileExtension@@QEAA@AEBV0@@Z
+    - ??0CFileExtension@@QEAA@KEEPEAVIMemoryAllocator@@@Z
+    - ??0CInclusionExtConfig@@QEAA@AEBV0@@Z
+    - ??0CInclusionExtConfig@@QEAA@KKE@Z
+    - ??0CInclusionFileNameConfig@@QEAA@AEBV0@@Z
+    - ??0CInclusionFileNameConfig@@QEAA@KK@Z
+    - ??0CInclusionFilePathConfig@@QEAA@AEBV0@@Z
+    - ??0CInclusionFilePathConfig@@QEAA@KK@Z
+    - ??0CInclusionFolderConfig@@QEAA@AEBV0@@Z
+    - ??0CInclusionFolderConfig@@QEAA@KK@Z
+    - ??0CKEvent@@QEAA@AEBV0@@Z
+    - ??0CKEvent@@QEAA@W4_EVENT_TYPE@@E@Z
+    - ??0CList@@QEAA@AEBV0@@Z
+    - ??0CList@@QEAA@KPEAVIMemoryAllocator@@@Z
+    - ??0CLockEvent@@QEAA@AEBV0@@Z
+    - ??0CLockEvent@@QEAA@XZ
+    - ??0CLockList@@QEAA@AEBV0@@Z
+    - ??0CLockList@@QEAA@KKPEAVIMemoryAllocator@@@Z
+    - ??0CMemoryAllocator@@IEAA@W4_POOL_TYPE@@K@Z
+    - ??0CMemoryAllocator@@QEAA@AEBV0@@Z
+    - ??0CMemoryPoolAllocator@@IEAA@W4_POOL_TYPE@@_K1K@Z
+    - ??0CMemoryPoolAllocator@@QEAA@AEBV0@@Z
+    - ??0CModuleConfig@@QEAA@AEBV0@@Z
+    - ??0CModuleConfig@@QEAA@XZ
+    - ??0CModuleConfigList@@QEAA@AEBV0@@Z
+    - ??0CModuleConfigList@@QEAA@KPEAVIMemoryAllocator@@@Z
+    - ??0CModuleFileExtConfig@@QEAA@AEBV0@@Z
+    - ??0CModuleFileExtConfig@@QEAA@KKE@Z
+    - ??0CModuleFlagConfig@@QEAA@AEBV0@@Z
+    - ??0CModuleFlagConfig@@QEAA@K@Z
+    - ??0CModuleMultiStringConfig@@QEAA@AEBV0@@Z
+    - ??0CModuleMultiStringConfig@@QEAA@KK@Z
+    - ??0CModuleStringConfig@@QEAA@AEBV0@@Z
+    - ??0CModuleStringConfig@@QEAA@K@Z
+    - ??0CNoLockList@@QEAA@AEBV0@@Z
+    - ??0CNoLockList@@QEAA@KKPEAVIMemoryAllocator@@@Z
+    - ??0CSmartLock@@QEAA@AEAVCLockEvent@@@Z
+    - ??0CSmartLock@@QEAA@XZ
+    - ??0CSmartReference@@QEAA@AEAJ@Z
+    - ??0CSmartReference@@QEAA@AEAK@Z
+    - ??0CSmartResource@@QEAA@AEAVCResource@@E@Z
+    - ??0CStrList@@QEAA@AEBV0@@Z
+    - ??0CStrList@@QEAA@KPEAVIMemoryAllocator@@@Z
+    - ??0CSystemThread@@QEAA@AEBV0@@Z
+    - ??0CSystemThread@@QEAA@K@Z
+    - ??0CUserFuncAdapterJob@@QEAA@AEBV0@@Z
+    - ??0CUserFuncAdapterJob@@QEAA@P6AXPEAX@Z01@Z
+    - ??0CWorkerThread@@IEAA@PEAVCWorkerThreadJobQueue@@@Z
+    - ??0CWorkerThread@@QEAA@AEBV0@@Z
+    - ??0CWorkerThreadJob@@QEAA@AEBV0@@Z
+    - ??0CWorkerThreadJob@@QEAA@E@Z
+    - ??0CWorkerThreadJobQueue@@QEAA@AEBV0@@Z
+    - ??0CWorkerThreadJobQueue@@QEAA@K@Z
+    - ??0CWorkerThreadPool@@QEAA@AEBV0@@Z
+    - ??0CWorkerThreadPool@@QEAA@K@Z
+    - ??0CWorkerThreadPoolEx@@QEAA@AEBV0@@Z
+    - ??0CWorkerThreadPoolEx@@QEAA@KK@Z
+    - ??0IMemoryAllocator@@QEAA@AEBV0@@Z
+    - ??0IMemoryAllocator@@QEAA@XZ
+    - ??1CAutoUpdateConfigThread@@UEAA@XZ
+    - ??1CBlobConfig@@UEAA@XZ
+    - ??1CContext@@UEAA@XZ
+    - ??1CContextList@@UEAA@XZ
+    - ??1CDebugLog@@UEAA@XZ
+    - ??1CDebugLogEx@@UEAA@XZ
+    - ??1CDelayLoadThread@@UEAA@XZ
+    - ??1CExclusionExtConfig@@UEAA@XZ
+    - ??1CExclusionFileNameConfig@@UEAA@XZ
+    - ??1CExclusionFilePathConfig@@UEAA@XZ
+    - ??1CExclusionFolderConfig@@UEAA@XZ
+    - ??1CExclusionRegistryConfig@@UEAA@XZ
+    - ??1CFile@@UEAA@XZ
+    - ??1CFileExtension@@UEAA@XZ
+    - ??1CInclusionExtConfig@@UEAA@XZ
+    - ??1CInclusionFileNameConfig@@UEAA@XZ
+    - ??1CInclusionFilePathConfig@@UEAA@XZ
+    - ??1CInclusionFolderConfig@@UEAA@XZ
+    - ??1CKEvent@@UEAA@XZ
+    - ??1CList@@UEAA@XZ
+    - ??1CLockEvent@@UEAA@XZ
+    - ??1CLockList@@UEAA@XZ
+    - ??1CMemoryAllocator@@UEAA@XZ
+    - ??1CMemoryPoolAllocator@@UEAA@XZ
+    - ??1CModuleConfig@@UEAA@XZ
+    - ??1CModuleConfigList@@UEAA@XZ
+    - ??1CModuleFileExtConfig@@UEAA@XZ
+    - ??1CModuleFlagConfig@@UEAA@XZ
+    - ??1CModuleMultiStringConfig@@UEAA@XZ
+    - ??1CModuleStringConfig@@UEAA@XZ
+    - ??1CNoLockList@@UEAA@XZ
+    - ??1CSmartLock@@QEAA@XZ
+    - ??1CSmartReference@@QEAA@XZ
+    - ??1CSmartResource@@QEAA@XZ
+    - ??1CStrList@@UEAA@XZ
+    - ??1CSystemThread@@UEAA@XZ
+    - ??1CUserFuncAdapterJob@@UEAA@XZ
+    - ??1CWorkerThread@@UEAA@XZ
+    - ??1CWorkerThreadJob@@UEAA@XZ
+    - ??1CWorkerThreadJobQueue@@UEAA@XZ
+    - ??1CWorkerThreadPool@@UEAA@XZ
+    - ??1CWorkerThreadPoolEx@@UEAA@XZ
+    - ??1IMemoryAllocator@@UEAA@XZ
+    - ??2@YAPEAX_KPEAVIMemoryAllocator@@PEBDK@Z
+    - ??2CMemoryAllocator@@SAPEAX_K@Z
+    - ??2CMemoryPoolAllocator@@SAPEAX_K@Z
+    - ??3@YAXPEAX@Z
+    - ??3IMemoryAllocator@@SAXPEAX@Z
+    - ??4CAutoUpdateConfigThread@@QEAAAEAV0@AEBV0@@Z
+    - ??4CBlobConfig@@QEAAAEAV0@AEBV0@@Z
+    - ??4CContext@@QEAAAEAV0@AEBV0@@Z
+    - ??4CDebugLog@@QEAAAEAV0@AEBV0@@Z
+    - ??4CDebugLogEx@@QEAAAEAV0@AEBV0@@Z
+    - ??4CDelayLoadThread@@QEAAAEAV0@AEBV0@@Z
+    - ??4CFile@@QEAAAEAV0@AEBV0@@Z
+    - ??4CKEvent@@QEAAAEAV0@AEBV0@@Z
+    - ??4CLockEvent@@QEAAAEAV0@AEBV0@@Z
+    - ??4CMemoryAllocator@@QEAAAEAV0@AEBV0@@Z
+    - ??4CMemoryPoolAllocator@@QEAAAEAV0@AEBV0@@Z
+    - ??4CModuleConfig@@QEAAAEAV0@AEBV0@@Z
+    - ??4CModuleFlagConfig@@QEAAAEAV0@AEBV0@@Z
+    - ??4CModuleStringConfig@@QEAAAEAV0@AEBV0@@Z
+    - ??4CSmartLock@@QEAAAEAV0@AEBV0@@Z
+    - ??4CSmartLock@@QEAAAEBV0@AEAVCLockEvent@@@Z
+    - ??4CSmartResource@@QEAAAEAV0@AEBV0@@Z
+    - ??4CSystemThread@@QEAAAEAV0@AEBV0@@Z
+    - ??4CUserFuncAdapterJob@@QEAAAEAV0@AEBV0@@Z
+    - ??4CWorkerThread@@QEAAAEAV0@AEBV0@@Z
+    - ??4CWorkerThreadJob@@QEAAAEAV0@AEBV0@@Z
+    - ??4IMemoryAllocator@@QEAAAEAV0@AEBV0@@Z
+    - ??_7CAutoUpdateConfigThread@@6B@
+    - ??_7CBlobConfig@@6B@
+    - ??_7CContext@@6B@
+    - ??_7CContextList@@6B@
+    - ??_7CDebugLog@@6B@
+    - ??_7CDebugLogEx@@6B@
+    - ??_7CDelayLoadThread@@6B@
+    - ??_7CExclusionExtConfig@@6B@
+    - ??_7CExclusionFileNameConfig@@6B@
+    - ??_7CExclusionFilePathConfig@@6B@
+    - ??_7CExclusionFolderConfig@@6B@
+    - ??_7CExclusionRegistryConfig@@6B@
+    - ??_7CFile@@6B@
+    - ??_7CFileExtension@@6B@
+    - ??_7CInclusionExtConfig@@6B@
+    - ??_7CInclusionFileNameConfig@@6B@
+    - ??_7CInclusionFilePathConfig@@6B@
+    - ??_7CInclusionFolderConfig@@6B@
+    - ??_7CKEvent@@6B@
+    - ??_7CList@@6B@
+    - ??_7CLockEvent@@6B@
+    - ??_7CLockList@@6B@
+    - ??_7CMemoryAllocator@@6B@
+    - ??_7CMemoryPoolAllocator@@6B@
+    - ??_7CModuleConfig@@6B@
+    - ??_7CModuleConfigList@@6B@
+    - ??_7CModuleFileExtConfig@@6B@
+    - ??_7CModuleFlagConfig@@6B@
+    - ??_7CModuleMultiStringConfig@@6B@
+    - ??_7CModuleStringConfig@@6B@
+    - ??_7CNoLockList@@6B@
+    - ??_7CStrList@@6B@
+    - ??_7CSystemThread@@6B@
+    - ??_7CUserFuncAdapterJob@@6B@
+    - ??_7CWorkerThread@@6B@
+    - ??_7CWorkerThreadJob@@6B@
+    - ??_7CWorkerThreadJobQueue@@6B@
+    - ??_7CWorkerThreadPool@@6B@
+    - ??_7CWorkerThreadPoolEx@@6B@
+    - ??_7IMemoryAllocator@@6B@
+    - ??_FCContextList@@QEAAXXZ
+    - ??_FCFile@@QEAAXXZ
+    - ??_FCFileExtension@@QEAAXXZ
+    - ??_FCModuleConfigList@@QEAAXXZ
+    - ??_FCStrList@@QEAAXXZ
+    - ??_FCSystemThread@@QEAAXXZ
+    - ??_FCWorkerThread@@QEAAXXZ
+    - ??_FCWorkerThreadJob@@QEAAXXZ
+    - ??_FCWorkerThreadJobQueue@@QEAAXXZ
+    - ??_U@YAPEAX_KPEAVIMemoryAllocator@@PEBDK@Z
+    - ??_V@YAXPEAX@Z
+    - ?Acquire@CLockEvent@@QEAAXXZ
+    - ?Add@CContextList@@QEAAEPEAVCContext@@@Z
+    - ?Add@CFileExtension@@QEAAEPEBGK@Z
+    - ?Add@CModuleConfigList@@QEAAEPEAVCModuleConfig@@@Z
+    - ?Add@CStrList@@QEAAEPEBG@Z
+    - ?AddNode@CLockList@@UEAAEQEAXE@Z
+    - ?AddNode@CNoLockList@@UEAAEQEAXE@Z
+    - ?Alloc@CMemoryAllocator@@UEAAPEAX_KPEBDK@Z
+    - ?Alloc@CMemoryPoolAllocator@@UEAAPEAX_KPEBDK@Z
+    - ?AllocBlock@CMemoryPoolAllocator@@IEAAPEAX_K@Z
+    - ?AttachJobQueue@CWorkerThread@@QEAAXPEAVCWorkerThreadJobQueue@@@Z
+    - ?Cancel@CWorkerThreadJob@@QEAAXXZ
+    - ?CheckNode@CLockList@@UEAAHQEAX@Z
+    - ?CheckNode@CNoLockList@@UEAAHQEAX@Z
+    - ?CleanQueue@CWorkerThreadJobQueue@@QEAAXXZ
+    - ?Cleanup@CBlobConfig@@AEAAXXZ
+    - ?Cleanup@CModuleFileExtConfig@@IEAAXXZ
+    - ?Cleanup@CModuleMultiStringConfig@@IEAAXXZ
+    - ?Cleanup@CModuleStringConfig@@AEAAXXZ
+    - ?Close@CFile@@QEAAJXZ
+    - ?Count@CLockList@@QEAAKXZ
+    - ?Count@CNoLockList@@QEAAKXZ
+    - ?Create@CFile@@QEAAJPEBGKKKK@Z
+    - ?Create@CSystemThread@@QEAAEXZ
+    - ?CreateInstance@CMemoryAllocator@@SAPEAV1@W4_POOL_TYPE@@K@Z
+    - ?CreateInstance@CMemoryPoolAllocator@@SAPEAV1@W4_POOL_TYPE@@_K1K@Z
+    - ?CreatePool@CWorkerThreadPool@@QEAAEXZ
+    - ?CreatePool@CWorkerThreadPoolEx@@QEAAEXZ
+    - ?CreateThreads@CWorkerThreadPool@@QEAAEK@Z
+    - ?CreateThreads@CWorkerThreadPoolEx@@QEAAEK@Z
+    - ?CreateWIRP@CFile@@QEAAJPEBGKKKK@Z
+    - ?Delete@CFile@@QEAAJXZ
+    - ?Delete@CFileExtension@@QEAAEPEBGK@Z
+    - ?Delete@CStrList@@QEAAEPEBG@Z
+    - ?DeleteAll@CList@@UEAAXXZ
+    - ?DeleteAll@CLockList@@UEAAXXZ
+    - ?DeleteAll@CNoLockList@@UEAAXXZ
+    - ?DeleteNode@CContextList@@MEAAXPEAX@Z
+    - ?DeleteNode@CList@@UEAAXPEAX@Z
+    - ?DeleteNode@CModuleConfigList@@MEAAXPEAX@Z
+    - ?DeleteNode@CStrList@@EEAAXPEAU_STR_LIST_NODE@1@@Z
+    - ?DisableWriteProtectFromCR0@@YAXPEAPEAX@Z
+    - ?DoIt@CWorkerThreadJob@@QEAAJXZ
+    - ?EntryPoint@CSystemThread@@KAXPEAX@Z
+    - ?Find@CContextList@@QEAAPEAVCContext@@K@Z
+    - ?Find@CContextList@@QEAAPEAVCContext@@PEAX@Z
+    - ?Find@CFileExtension@@QEAAPEAU_STR_LIST_NODE@CStrList@@PEBGK@Z
+    - ?Find@CModuleConfigList@@QEAAPEAVCModuleConfig@@K@Z
+    - ?Find@CStrList@@QEAAPEAU_STR_LIST_NODE@1@PEBG@Z
+    - ?FindNode@CContextList@@IEAAPEAXPEAX@Z
+    - ?FindPartiallyAndAllMatch@CStrList@@QEAAPEAU_STR_LIST_NODE@1@PEBG@Z
+    - ?FinishFunction@CUserFuncAdapterJob@@MEAAXXZ
+    - ?FinishIt@CWorkerThreadJob@@QEAAJXZ
+    - ?First@CList@@UEAAPEAXXZ
+    - ?First@CLockList@@UEAAPEAXXZ
+    - ?First@CNoLockList@@UEAAPEAXXZ
+    - ?Free@CMemoryAllocator@@UEAAXPEAX@Z
+    - ?Free@CMemoryPoolAllocator@@UEAAXPEAX@Z
+    - ?GetAttributes@CFile@@QEAAKXZ
+    - ?GetBasicInfomration@CFile@@IEAAJXZ
+    - ?GetBlobCofig@CContext@@UEAAJKPEAXPEAK@Z
+    - ?GetCategory@CContext@@QEAAKXZ
+    - ?GetData@CBlobConfig@@QEAAHPEAXPEAK@Z
+    - ?GetData@CModuleFileExtConfig@@QEAAHPEAGPEAK@Z
+    - ?GetData@CModuleFileExtConfig@@QEAAPEAVCFileExtension@@XZ
+    - ?GetData@CModuleFlagConfig@@QEAAKXZ
+    - ?GetData@CModuleMultiStringConfig@@QEAAHPEAGPEAK@Z
+    - ?GetData@CModuleMultiStringConfig@@QEAAPEAVCStrList@@XZ
+    - ?GetData@CModuleStringConfig@@QEAAPEAGXZ
+    - ?GetData@CStrList@@QEAAEPEAGPEAK@Z
+    - ?GetDataType@CModuleConfig@@QEAAKXZ
+    - ?GetEngineContext@CContext@@QEAAPEAXXZ
+    - ?GetFileExtensionConfig@CContext@@QEAAPEAVCFileExtension@@K@Z
+    - ?GetFileExtensionConfig@CContext@@UEAAJKPEAGPEAK@Z
+    - ?GetFileSize@CFile@@QEAAJPEAT_LARGE_INTEGER@@@Z
+    - ?GetFileSizeWIRP@CFile@@QEAAJPEAT_LARGE_INTEGER@@@Z
+    - ?GetFlagConfig@CContext@@UEAAJKPEAK@Z
+    - ?GetID@CModuleConfig@@QEAAKXZ
+    - ?GetJob@CWorkerThreadJobQueue@@QEAAPEAVCWorkerThreadJob@@XZ
+    - ?GetLength@CModuleStringConfig@@QEAAKXZ
+    - ?GetLinkContext@CContext@@QEAAPEAXXZ
+    - ?GetLogFlag@CDebugLog@@QEAAKXZ
+    - ?GetLogFlag@CDebugLogEx@@QEAAKXZ
+    - ?GetModuleId@CModuleConfig@@QEAAKXZ
+    - ?GetMultiStringConfig@CContext@@QEAAPEAVCStrList@@K@Z
+    - ?GetMultiStringConfig@CContext@@UEAAJKPEAGPEAK@Z
+    - ?GetOneThreadTEB@CWorkerThreadPool@@QEAAPEAU_ETHREAD@@XZ
+    - ?GetOneThreadTEB@CWorkerThreadPool@@QEAAPEAU_KTHREAD@@XZ
+    - ?GetOneThreadTEB@CWorkerThreadPoolEx@@QEAAPEAU_ETHREAD@@XZ
+    - ?GetOneThreadTEB@CWorkerThreadPoolEx@@QEAAPEAU_KTHREAD@@XZ
+    - ?GetReportCallBackRoutine@CContext@@QEAA_KXZ
+    - ?GetSize@CBlobConfig@@QEAAKXZ
+    - ?GetStringConfig@CContext@@QEAAPEAGK@Z
+    - ?GetStringConfig@CContext@@UEAAJKPEAGPEAK@Z
+    - ?GetThreadCount@CWorkerThreadPool@@QEAAKXZ
+    - ?GetThreadCount@CWorkerThreadPoolEx@@QEAAKXZ
+    - ?GetThreadID@CSystemThread@@QEAA_KXZ
+    - ?GetType@CContext@@QEAAKXZ
+    - ?GetUserParameter@CContext@@QEAA_KXZ
+    - ?InitProcMon@CDebugLogEx@@IEAAXXZ
+    - ?InitializeBlobConfig@CContext@@QEAAHKPEAXK@Z
+    - ?InitializeFileExtensionConfig@CContext@@QEAAHKPEBG@Z
+    - ?InitializeFlagConfig@CContext@@QEAAHKK@Z
+    - ?InitializeMultiStringConfig@CContext@@QEAAHKPEBG@Z
+    - ?InitializeStringConfig@CContext@@QEAAHKPEBG@Z
+    - ?Insert@CList@@UEAAXQEAXE@Z
+    - ?Insert@CLockList@@UEAAXQEAXE@Z
+    - ?Insert@CNoLockList@@UEAAXQEAXE@Z
+    - ?InsertAfter@CList@@UEAAXPEAX0@Z
+    - ?InsertBefore@CList@@UEAAXPEAX0@Z
+    - ?Instance@CWorkerThreadPool@@SAPEAV1@XZ
+    - ?IsEmpty@CList@@UEAAEXZ
+    - ?IsEmpty@CLockList@@UEAAEXZ
+    - ?IsEmpty@CNoLockList@@UEAAEXZ
+    - ?IsExceedLimitation@CMemoryPoolAllocator@@IEAAEK@Z
+    - ?IsFull@CLockList@@QEBAEXZ
+    - ?IsFull@CNoLockList@@QEBAEXZ
+    - ?IsInExclusionList@CExclusionExtConfig@@QEAAEPEBG@Z
+    - ?IsInExclusionList@CExclusionFileNameConfig@@QEAAEPEBG@Z
+    - ?IsInExclusionList@CExclusionFilePathConfig@@QEAAEPEBG@Z
+    - ?IsInExclusionList@CExclusionFolderConfig@@QEAAEPEBG@Z
+    - ?IsInExclusionList@CExclusionRegistryConfig@@QEAAEPEBG@Z
+    - ?IsInInclusionList@CInclusionExtConfig@@QEAAEPEBG@Z
+    - ?IsInInclusionList@CInclusionFileNameConfig@@QEAAEPEBG@Z
+    - ?IsInInclusionList@CInclusionFilePathConfig@@QEAAEPEBG@Z
+    - ?IsInInclusionList@CInclusionFolderConfig@@QEAAEPEBG@Z
+    - ?IsOpened@CFile@@QEAAEXZ
+    - ?IsTerminated@CWorkerThreadPool@@QEAAEXZ
+    - ?IsTerminated@CWorkerThreadPoolEx@@QEAAEXZ
+    - ?IsValid@CMemoryAllocator@@UEAAEXZ
+    - ?IsValid@CMemoryPoolAllocator@@UEAAEXZ
+    - ?IsValid@IMemoryAllocator@@UEAAEXZ
+    - ?IsWorkerThread@CWorkerThreadPool@@QEAAE_K@Z
+    - ?IsWorkerThread@CWorkerThreadPoolEx@@QEAAE_K@Z
+    - ?JobFunction@CUserFuncAdapterJob@@MEAAXXZ
+    - ?JobQueue@CWorkerThreadPool@@QEAAAEAVCWorkerThreadJobQueue@@XZ
+    - ?JobQueue@CWorkerThreadPoolEx@@QEAAAEAVCWorkerThreadJobQueue@@XZ
+    - ?Limit@CLockList@@QEAAKXZ
+    - ?Limit@CNoLockList@@QEAAKXZ
+    - ?MatchAllExtensions@CFileExtension@@QEAAEXZ
+    - ?MatchNoExtensions@CFileExtension@@QEAAEXZ
+    - ?MergeLeft@CMemoryPoolAllocator@@IEAAPEAXPEAX@Z
+    - ?MergeRight@CMemoryPoolAllocator@@IEAAPEAXPEAX@Z
+    - ?NeedDelete@CWorkerThreadJob@@QEAAEXZ
+    - ?NeedDeleteWhenFinish@CWorkerThreadJob@@QEAAXE@Z
+    - ?NewNode@CList@@UEAAPEAXXZ
+    - ?NewNode@CStrList@@EEAAPEAXXZ
+    - ?NewNodeVariant@CList@@IEAAPEAXK@Z
+    - ?Next@CList@@UEBAPEAXQEAX@Z
+    - ?Next@CLockList@@UEBAPEAXQEAX@Z
+    - ?Next@CNoLockList@@UEBAPEAXQEAX@Z
+    - ?NextPool@CMemoryPoolAllocator@@QEAAPEAV1@XZ
+    - ?NotityTerminate@CWorkerThread@@QEAAXXZ
+    - ?PostJobToWorkerThread@CWorkerThreadPool@@QEAAJP6AXPEAX@Z0E@Z
+    - ?PostJobToWorkerThread@CWorkerThreadPoolEx@@QEAAJP6AXPEAX@Z0E1@Z
+    - ?Pulse@CKEvent@@QEAAJJE@Z
+    - ?QueueJob@CWorkerThreadJobQueue@@QEAAEPEAVCWorkerThreadJob@@@Z
+    - ?QueueJobItem@CWorkerThreadPool@@QEAAJPEAVCWorkerThreadJob@@@Z
+    - ?QueueJobItem@CWorkerThreadPoolEx@@QEAAJPEAVCWorkerThreadJob@@@Z
+    - ?RCMInstance@CWorkerThreadPool@@SAPEAV1@XZ
+    - ?Read@CFile@@QEAAJPEADKPEAK@Z
+    - ?ReadWIRP@CFile@@QEAAJPEADKPEAK@Z
+    - ?ReferenceCount@CContext@@QEAAAEAKXZ
+    - ?Release@CLockEvent@@QEAAXXZ
+    - ?Remove@CContextList@@UEAAEQEAX@Z
+    - ?Remove@CList@@UEAAEQEAX@Z
+    - ?Remove@CLockList@@UEAAEQEAX@Z
+    - ?Remove@CNoLockList@@UEAAEQEAX@Z
+    - ?RemoveHead@CList@@UEAAPEAXXZ
+    - ?RemoveHead@CLockList@@UEAAPEAXXZ
+    - ?RemoveHead@CNoLockList@@UEAAPEAXXZ
+    - ?RemoveTail@CList@@UEAAPEAXXZ
+    - ?RemoveTail@CLockList@@UEAAPEAXXZ
+    - ?RemoveTail@CNoLockList@@UEAAPEAXXZ
+    - ?Reset@CKEvent@@QEAAXXZ
+    - ?ResetData@CInclusionExtConfig@@QEAAXXZ
+    - ?ResetData@CInclusionFileNameConfig@@QEAAXXZ
+    - ?ResetData@CInclusionFilePathConfig@@QEAAXXZ
+    - ?ResetData@CInclusionFolderConfig@@QEAAXXZ
+    - ?RestoreCR0@@YAXPEAX@Z
+    - ?Run@CAutoUpdateConfigThread@@UEAAXXZ
+    - ?Run@CDelayLoadThread@@UEAAXXZ
+    - ?Run@CWorkerThread@@UEAAXXZ
+    - ?SeekToEnd@CFile@@QEAAJXZ
+    - ?Set@CKEvent@@QEAAJJE@Z
+    - ?SetAttributes@CFile@@QEAAJK@Z
+    - ?SetBlobCofig@CContext@@UEAAJKPEAXK@Z
+    - ?SetData@CBlobConfig@@QEAAHPEAXK@Z
+    - ?SetData@CModuleFileExtConfig@@QEAAHPEBG@Z
+    - ?SetData@CModuleFlagConfig@@QEAAHK@Z
+    - ?SetData@CModuleMultiStringConfig@@QEAAHPEBGK@Z
+    - ?SetData@CModuleStringConfig@@QEAAHPEBG@Z
+    - ?SetEngineContext@CContext@@QEAAXPEAX@Z
+    - ?SetFileExtensionConfig@CContext@@UEAAJKPEBG@Z
+    - ?SetFlagConfig@CContext@@UEAAJKK@Z
+    - ?SetLinkContext@CContext@@QEAAXPEAX@Z
+    - ?SetLogFlag@CDebugLog@@QEAAEK@Z
+    - ?SetLogFlag@CDebugLogEx@@QEAAEK@Z
+    - ?SetMatchAllExtensions@CFileExtension@@QEAAXE@Z
+    - ?SetMatchNoExtensions@CFileExtension@@QEAAXE@Z
+    - ?SetMultiStringConfig@CContext@@UEAAJKPEBG@Z
+    - ?SetNewJobItemEvent@CWorkerThreadJobQueue@@QEAAXXZ
+    - ?SetPriority@CSystemThread@@QEAAXK@Z
+    - ?SetStopUse@CContext@@QEAAXXZ
+    - ?SetStringConfig@CContext@@UEAAJKPEBG@Z
+    - ?Setup@CSystemThread@@MEAAXXZ
+    - ?StopUse@CContext@@QEAAHXZ
+    - ?TearDown@CSystemThread@@MEAAXXZ
+    - ?Terminate@CSystemThread@@QEAAXE@Z
+    - ?Terminate@CWorkerThreadPool@@QEAAEXZ
+    - ?Terminate@CWorkerThreadPoolEx@@QEAAEXZ
+    - ?TmExceptionFilter@@YAJPEAU_EXCEPTION_POINTERS@@@Z
+    - ?Wait@CKEvent@@QEAAJPEAT_LARGE_INTEGER@@E@Z
+    - ?WaitFinish@CWorkerThreadJob@@QEAAXXZ
+    - ?WaitForInit@CDelayLoadThread@@QEAAEXZ
+    - ?WaitForLoad@CDelayLoadThread@@QEAAEXZ
+    - ?WaitNewJobAvailable@CWorkerThreadJobQueue@@QEAAEXZ
+    - ?WaitQueueEmpty@CWorkerThreadJobQueue@@QEAAXXZ
+    - ?Write@CDebugLog@@QEAAXPEBDZZ
+    - ?Write@CDebugLogEx@@QEAAXPEBDZZ
+    - ?Write@CFile@@QEAAJPEADKPEAT_LARGE_INTEGER@@PEAK@Z
+    - ?WriteDataToFile@CDebugLogEx@@IEAAXPEADK@Z
+    - ?WriteDataToProcMonW@CDebugLogEx@@IEAAXPEAD@Z
+    - ?WriteSystemInformation@CDebugLog@@QEAAXXZ
+    - ?WriteSystemInformation@CDebugLogEx@@QEAAXXZ
+    - ?WriteSystemStringInformation@CDebugLog@@IEAAXPEBG@Z
+    - ?WriteSystemStringInformation@CDebugLogEx@@IEAAXPEBG@Z
+    - ?WriteToFile@CDebugLog@@IEAAXPEADK@Z
+    - ?WriteToProcMonW@CDebugLogEx@@IEAAXPEAU_UNICODE_STRING@@@Z
+    - ?_pNonPagedAllocator@@3PEAVCMemoryAllocator@@EA
+    - ?_pPagedAllocator@@3PEAVCMemoryAllocator@@EA
+    - ?m_lpInstance@CWorkerThreadPool@@1PEAV1@EA
+    - ?m_lpRCMInstance@CWorkerThreadPool@@1PEAV1@EA
+    - DeInitKm2UmCommunication
+    - DeInitKmLPC
+    - DuplicateFullFileName
+    - FreeFullFileName
+    - GetKm2UmMode
+    - GetModuleInfoByAddress
+    - GetModuleInfoByModuleName
+    - InitKm2UmCommunication
+    - InitKmLPC
+    - IsVerifierCodeCheckFlagOn
+    - IsWindows8_1_update
+    - KmCallUm
+    - KmCallUmByLPC
+    - KmCallUmEx
+    - KmCleanupCommPortAPIs
+    - KmGetUmInitProcess
+    - KmSetCommPortAPIs
+    - ModGetExportProcAddress
+    - ModLoadDLLToBuffer
+    - ModLoadDLLToBufferWithImageSize
+    - ModLoadModule
+    - ModUnLoadModule
+    - NormalizeFileName
+    - NormalizeFullNtPathToDosName
+    - TmCommConfigRoutine
+    - UtilAddDeviceInDriveTable
+    - UtilAddReparsePointMapping
+    - UtilCleanFileReadOnly
+    - UtilCloseExclusiveHandle
+    - UtilCreateDosFileName
+    - UtilDeleteFileForce
+    - UtilGetDeviceObjectName
+    - UtilGetFileNameFromFileObject
+    - UtilGetFileObjectForProcessByEPROC
+    - UtilGetFileObjectFromFileName
+    - UtilGetProcessName
+    - UtilGetSystemDirectory
+    - UtilGetSystemDirectoryEx
+    - UtilGetSystemDirectoryLength
+    - UtilGetSystemTime
+    - UtilIoSetFileInfo
+    - UtilIopCreateFileIRP
+    - UtilKeGetLowFileDevice
+    - UtilModuleIATHook
+    - UtilModuleIATUnHook
+    - UtilPostJobToWorkerThread
+    - UtilQueryExclusiveHandle
+    - UtilQueryKeyValue
+    - UtilRemoveDeviceFromDriveTable
+    - UtilVolumeDeviceToDosName
+    - UtilWaitValueChangeToZero
+    - UtilWriteVersionToRegistry
+    - UtilbuildDynamicDiskMappingTable
+    - UtlWriteBinValueKeyToRegistry
+    - ValidateAddressWithSize
+    - _ResetProtectFromClose
+    - _UtilDosPathNameToNtPathName
+    ImportedFunctions:
+    - KeLeaveCriticalRegion
+    - wcsncpy
+    - KeEnterCriticalRegion
+    - ExAcquireFastMutexUnsafe
+    - wcsrchr
+    - ExAcquireResourceSharedLite
+    - ExReleaseResourceLite
+    - _purecall
+    - ZwOpenEvent
+    - ZwConnectPort
+    - KeClearEvent
+    - PsProcessType
+    - ExFreePoolWithTag
+    - RtlInitUnicodeString
+    - KeSetEvent
+    - ProbeForWrite
+    - KeUnstackDetachProcess
+    - ZwRequestWaitReplyPort
+    - ZwWaitForSingleObject
+    - DbgBreakPoint
+    - ZwSetEvent
+    - IoGetCurrentProcess
+    - ZwFreeVirtualMemory
+    - ZwClose
+    - ObfReferenceObject
+    - ObfDereferenceObject
+    - RtlUnicodeStringToInteger
+    - ZwCreateSection
+    - ObOpenObjectByPointer
+    - KeStackAttachProcess
+    - KePulseEvent
+    - ZwAllocateVirtualMemory
+    - ObGetObjectSecurity
+    - SeAccessCheck
+    - SeReleaseSubjectContext
+    - SeCaptureSubjectContext
+    - PsThreadType
+    - ObReleaseObjectSecurity
+    - PsGetProcessExitTime
+    - MmSectionObjectType
+    - DbgPrint
+    - ExDeleteResourceLite
+    - ExInitializeResourceLite
+    - ZwReadFile
+    - swprintf
+    - ZwSetInformationFile
+    - ZwCreateFile
+    - ZwQueryInformationFile
+    - ZwWriteFile
+    - _wcsnicmp
+    - towupper
+    - ExAllocatePoolWithTag
+    - KeInitializeEvent
+    - ZwCreateEvent
+    - ZwCreateKey
+    - RtlAnsiStringToUnicodeString
+    - ZwNotifyChangeKey
+    - RtlInitAnsiString
+    - _snprintf
+    - RtlFreeUnicodeString
+    - ExSystemTimeToLocalTime
+    - _vsnprintf
+    - ObReferenceObjectByHandle
+    - RtlTimeToTimeFields
+    - ZwDeviceIoControlFile
+    - PsGetCurrentThreadId
+    - PsGetCurrentProcessId
+    - KeWaitForMultipleObjects
+    - ExGetPreviousMode
+    - RtlEqualUnicodeString
+    - RtlPrefixUnicodeString
+    - RtlAppendUnicodeStringToString
+    - RtlCopyUnicodeString
+    - RtlUpcaseUnicodeChar
+    - KeWaitForSingleObject
+    - KeSetPriorityThread
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - MmIsAddressValid
+    - KeDelayExecutionThread
+    - KeNumberProcessors
+    - PsLookupProcessByProcessId
+    - PsSetCreateProcessNotifyRoutine
+    - ZwOpenDirectoryObject
+    - ZwQueryInformationProcess
+    - ZwQuerySecurityObject
+    - NtSetInformationFile
+    - ZwDeleteValueKey
+    - ZwSetValueKey
+    - ZwQuerySystemInformation
+    - NtQueryInformationFile
+    - IoFileObjectType
+    - ZwQueryValueKey
+    - ZwQueryDirectoryFile
+    - NtCreateFile
+    - ZwEnumerateValueKey
+    - RtlLengthSecurityDescriptor
+    - ZwQueryDirectoryObject
+    - ZwSetSecurityObject
+    - ZwDuplicateObject
+    - ZwOpenProcess
+    - ZwTerminateProcess
+    - ExReleaseFastMutexUnsafe
+    - ZwEnumerateKey
+    - ZwQueryKey
+    - ZwOpenKey
+    - MmSystemRangeStart
+    - _stricmp
+    - _strnicmp
+    - mbstowcs
+    - ProbeForRead
+    - RtlUpcaseUnicodeString
+    - _snwprintf
+    - ZwQuerySymbolicLinkObject
+    - ZwMapViewOfSection
+    - MmGetSystemRoutineAddress
+    - RtlAppendUnicodeToString
+    - IoCreateFile
+    - RtlQueryRegistryValues
+    - MmBuildMdlForNonPagedPool
+    - ZwOpenSymbolicLinkObject
+    - IoFreeMdl
+    - ObQueryNameString
+    - ZwUnmapViewOfSection
+    - NtClose
+    - IoFreeIrp
+    - PsGetVersion
+    - IoAllocateIrp
+    - RtlCompareMemory
+    - MmUnlockPages
+    - ZwSetInformationObject
+    - ZwOpenFile
+    - wcsncmp
+    - RtlImageNtHeader
+    - IoAllocateMdl
+    - IofCallDriver
+    - ZwQueryVolumeInformationFile
+    - ObReferenceObjectByPointer
+    - IoBuildDeviceIoControlRequest
+    - ZwOpenSection
+    - RtlSubAuthoritySid
+    - RtlLengthRequiredSid
+    - ExReleaseFastMutex
+    - ExAcquireFastMutex
+    - RtlCreateAcl
+    - RtlSetDaclSecurityDescriptor
+    - RtlAddAccessAllowedAce
+    - KeInitializeSemaphore
+    - KeReleaseSemaphore
+    - RtlInitializeSid
+    - RtlCreateSecurityDescriptor
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - IoGetDeviceObjectPointer
+    - ExEventObjectType
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - ObOpenObjectByName
+    - NtQueryInformationProcess
+    - strncpy
+    - NtOpenProcess
+    - ObInsertObject
+    - IoAcquireVpbSpinLock
+    - SeCreateAccessState
+    - IoGetFileObjectGenericMapping
+    - ObCreateObject
+    - KeAcquireQueuedSpinLock
+    - KeReleaseQueuedSpinLock
+    - IoReleaseVpbSpinLock
+    - wcschr
+    - strncat
+    - RtlUnicodeStringToAnsiString
+    - wcsncat
+    - RtlFreeAnsiString
+    - wcstombs
+    - IoGetConfigurationInformation
+    - IoRegisterPlugPlayNotification
+    - IoGetStackLimits
+    - IoBuildSynchronousFsdRequest
+    - KeReleaseSpinLock
+    - ExpInterlockedPopEntrySList
+    - FsRtlIsNameInExpression
+    - wcsstr
+    - ExAllocatePool
+    - IoUnregisterPlugPlayNotification
+    - MmProbeAndLockPages
+    - RtlCompareUnicodeString
+    - IoGetDeviceInterfaces
+    - KeAcquireSpinLockRaiseToDpc
+    - KeBugCheckEx
+    - IoCreateDevice
+    - IoDeviceObjectType
+    - SeCaptureSecurityDescriptor
+    - RtlAbsoluteToSelfRelativeSD
+    - IoIsWdmVersionAvailable
+    - SeExports
+    - RtlLengthSid
+    - RtlGetSaclSecurityDescriptor
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - ZwDeleteKey
+    - ExAcquireResourceExclusiveLite
+    - __C_specific_handler
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=TW, L=Taipei, O=Trend Micro, Inc., CN=Trend Micro, Inc.
+            ValidFrom: '2018-05-22 00:00:00'
+            ValidTo: '2019-07-16 23:59:59'
+            Signature: f51f3f5ad8cfb51aee3156e1761cf440c448eda8ccacbc48cda1a43f3478a66508bf41a9080e901c134a5d067db2b1175f7352e2b1212a89b0860a46d610412556c2edc049b661d682b418501a89b1e8334ef89be22cc41286eb88be9d529466c5f7455be0a55046c78a77c839524125351d8468b822584925a1466f81e631794b8bfb9f3844b8249cfa8b4fc5ab102cfe61dc182a24fcd1eb15043d98615a5fe574a64af3c9f83621fd4f74be0cce77fa3a7fc5d17b07bbbb034163dbc573be495ebc59b7ea9f4bfde65cb16125195ac4cf2d9d4a50c8c3bcf120cd3b26a5194c0672dd1349fe432df6c6afcc4f82700df8f899dbf035a70c8b294466bf3ae6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 60d927b542b7d1147fb2f0c4b9c1bbb2
+            Version: 3
+            TBS:
+                MD5: 869d63236005004b14196f1446676514
+                SHA1: 5ab0ae52f86a1af51af5a3421d581cc4899f1ccf
+                SHA256: 55c2a996787daba322e26cfeb97216d96f9b0d12fd89b075c3a544f31c9930bd
+                SHA384: 1799b5cca24b4a3007253673705c146a5f8bb1fddf90d567096825eb269e24bb269b73873c48fc371dc7354fb5fdf48e
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 60d927b542b7d1147fb2f0c4b9c1bbb2
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 10609f326d2f94c82a36fc64676533d8
+        SHA1: 2a6eaf986eff3455a32fb6a20ceb7c3ffe70bf41
+        SHA256: b61ea91d46738a0387b4bbfb7c154f3a1881c8cab9360fd8eb85e1dd8c5d386c
+    Sections:
+        .text:
+            Entropy: 6.439439842109969
+            Virtual Size: '0x37a64'
+        .rdata:
+            Entropy: 3.491900069223922
+            Virtual Size: '0x652c'
+        .data:
+            Entropy: 2.985170552740368
+            Virtual Size: '0x3368'
+        .pdata:
+            Entropy: 5.427305321577433
+            Virtual Size: '0x26d0'
+        PAGE:
+            Entropy: 6.21670690194111
+            Virtual Size: '0x19f7'
+        .edata:
+            Entropy: 5.839278075199654
+            Virtual Size: '0x57c1'
+        INIT:
+            Entropy: 5.253186423913903
+            Virtual Size: '0x184e'
+        .rsrc:
+            Entropy: 3.3743739268039503
+            Virtual Size: '0x568'
+        .reloc:
+            Entropy: 4.092946145413326
+            Virtual Size: '0x7f6'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2019-04-26 02:43:26'
+    Imphash: 3ac083b0ee2b752436a8a1532179f032
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/d4664202-d1b9-44d4-97cc-fee2150082db.yaml b/yaml/d4664202-d1b9-44d4-97cc-fee2150082db.yaml
index 80170a1da..237ae82e8 100644
--- a/yaml/d4664202-d1b9-44d4-97cc-fee2150082db.yaml
+++ b/yaml/d4664202-d1b9-44d4-97cc-fee2150082db.yaml
@@ -1,2318 +1,2341 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: d4664202-d1b9-44d4-97cc-fee2150082db
+Tags:
+- nvflsh64.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create nvflsh64.sys binPath=C:\windows\temp \n \n \n  vflsh64.sys
-    type=kernel && sc.exe start nvflsh64.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection: []
-Id: d4664202-d1b9-44d4-97cc-fee2150082db
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: c3a003ae7b48dcd1dac8bced7cf93f28
-    SHA1: 118cbd8cae88dc0dfb0d6a24df9161c90b916b90
-    SHA256: 372c6118541efaa800bcba6e0c1780f9beb8cab6f2176bcc5fe3664ea19379e4
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2014-01-23 23:53:23'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: nvflsh64.sys
-  ImportedFunctions:
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - RtlInitUnicodeString
-  - ZwUnmapViewOfSection
-  - IofCompleteRequest
-  - ObfDereferenceObject
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - ExAllocatePoolWithTag
-  - KeBugCheckEx
-  - IoDeleteDevice
-  - ZwClose
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: d3e40644a91327da2b1a7241606fe559
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: ecfb3bbf1d60b610a6c44fb7be827131
-    SHA1: 862f9bdcc05548b8f7d53768c41488a9713ced4d
-    SHA256: ac08512daaffa35ed865486d3bc4afbede422e341788a404424aaa065716fa4e
-  SHA1: 7667b72471689151e176baeba4e1cd9cd006a09a
-  SHA256: a899b659b08fbae30b182443be8ffb6a6471c1d0497b52293061754886a937a3
-  Sections:
-    .text:
-      Entropy: 5.728812801931185
-      Virtual Size: '0x930'
-    .rdata:
-      Entropy: 4.153378884709535
-      Virtual Size: '0x208'
-    .data:
-      Entropy: 0.5035334969292564
-      Virtual Size: '0x118'
-    .pdata:
-      Entropy: 3.4299412084355048
-      Virtual Size: '0xd8'
-    INIT:
-      Entropy: 4.869482280779335
-      Virtual Size: '0x2a2'
-  Signature:
-  - NVIDIA Corporation
-  - VeriSign Class 3 Code Signing 2010 CA
-  - VeriSign
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=US, ST=California, L=Santa Clara, O=NVIDIA Corporation, OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=Software, CN=NVIDIA Corporation
-      ValidFrom: '2011-09-02 00:00:00'
-      ValidTo: '2014-09-01 23:59:59'
-      Signature: 5238793a97b2868da546597dbe0a1fba197ae635b9f53b53e26758194d749767e05fb1ce407fd31469376b37c67d5d48bc834f970ac733cd63d557e8a3be20a1fbf9d09e7a5c6c4ebd6fc18a68d0842d2ffdf6f79142d914c6521d227014040fa12f2afb3878aa065cfbed7fa29091b4fe54ea6237a0e1f8f183d0573ebb5bfe712cee4c49bd0b2f40c33bfcf0c7de0bc51ce01a70d14072d4d01216f36e388159220a4d8e3250ddccd71c7ef8a93a26edda2e959b598703a85fa391630e052454e31390dd82d69afee5df2f287bdce8f45f6363c27e6e23ab92faefc7e8d78c10cc1f936f33c36a134cb8820b5749ff479f70834bd99d8e15ad79a1cb3d7ebf
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 43bb437d609866286dd839e1d00309f5
-      Version: 3
-      TBS:
-        MD5: cef292b5c6cdb07e480ccbba0c9d56d1
-        SHA1: 15c37dbebe6fcc77108e3d7ad982676d3d5e77f7
-        SHA256: 3cb152375fa9e694fd2f9167c382005166871c783774997df1a42e0b6013d82a
-        SHA384: e64427dea71a71110ebc317f3552cd7193c5743f72d5cac9257abe80346d15ee42930d5a85e16c02ea06f56c7e8811fb
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 43bb437d609866286dd839e1d00309f5
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 96861132665e8d66c0a91e6c02cc6639
-  LoadsDespiteHVCI: 'TRUE'
-- Authentihash:
-    MD5: cccc614ee68ad25b5927f9e240439fce
-    SHA1: 28de9cad03c6f3f335b3b600666b6056a15e44bd
-    SHA256: a00b50cc1d95abc3ada635f331c5911d1aaf9ae8b86d359db6fc7f6fc5eb0c94
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2016-08-15 15:07:23'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - RtlInitUnicodeString
-  - ZwUnmapViewOfSection
-  - IofCompleteRequest
-  - ObfDereferenceObject
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - ExAllocatePoolWithTag
-  - KeBugCheckEx
-  - IoDeleteDevice
-  - ZwClose
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: 7644bed8b74dc294ac77bf406df8ad77
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: ecfb3bbf1d60b610a6c44fb7be827131
-    SHA1: 862f9bdcc05548b8f7d53768c41488a9713ced4d
-    SHA256: ac08512daaffa35ed865486d3bc4afbede422e341788a404424aaa065716fa4e
-  SHA1: a32232a426c552667f710d2dcbd2fb9f9c50331d
-  SHA256: fe2fb5d6cfcd64aeb62e6bf5b71fd2b2a87886eb97ab59e5353ba740da9f5db5
-  Sections:
-    .text:
-      Entropy: 5.728812801931185
-      Virtual Size: '0x930'
-    .rdata:
-      Entropy: 4.523797319378384
-      Virtual Size: '0x240'
-    .data:
-      Entropy: 0.5035334969292564
-      Virtual Size: '0x118'
-    .pdata:
-      Entropy: 3.531568402609688
-      Virtual Size: '0xd8'
-    INIT:
-      Entropy: 4.869482280779335
-      Virtual Size: '0x2a2'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=California, L=SANTA CLARA, O=NVIDIA Corporation, CN=NVIDIA
-        Corporation
-      ValidFrom: '2015-07-28 00:00:00'
-      ValidTo: '2018-07-26 23:59:59'
-      Signature: 988b749e6c6dfa90bcce704fcb9c081682463fcb9369f50230799817c5a5d2070e4a9803fcbbd643deae6fa5e8487b3499d5adafdca75ded45bfaa51ffba486a50139e5307035cd720852628b94aeb21873e8d28a69cbc07c941c6a3225b7ff3e6f4f3fcf37aea2a8860af577d6d31cf5bcb986a0c8fb8a71daae5cc74e5432cf7b01af58b8ea0e6c510a1a841a22dbd3ca766d2e7a9177273931527c0677a66d279b269e1a1b99ff11ab5a2f8ff601e4627364239d821d898c9d7f6f57d016993af75523ea3a3df6b43afb3f55376309f63d0bad89acd2f03876dc7da206ec95bfe850b2774e6c6dc4dfd9a2d4e59a4951b47d49b90377d106504ee0fb77176
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 14781bc862e8dc503a559346f5dcc518
-      Version: 3
-      TBS:
-        MD5: ca9c04cba2830b5f4ef152b4a39d12ed
-        SHA1: f049a238763d4a90b148ab10a500f96ebf1dc436
-        SHA256: aef2a80c4f1f523fd6832fef743b9222808b1c71991e914635846ab8802c4fd9
-        SHA384: 9675fa13ddfdf105282fbbe4697fdda632d16b27b5b81844f5694b9022b0556e2d32ed6e1b9665b5d792499a314e7eb2
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 14781bc862e8dc503a559346f5dcc518
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 96861132665e8d66c0a91e6c02cc6639
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 93a900bd3c7c1be841556d9d58a27bc4
-    SHA1: 7bd52fad60a897b26b0d447f7a84e5d00808b3b3
-    SHA256: 48567fa742841208d4f93f54031218703241baec6f59b1e4ab8a71c26de1cf85
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2013-09-05 16:57:23'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - RtlInitUnicodeString
-  - ZwUnmapViewOfSection
-  - IofCompleteRequest
-  - ObfDereferenceObject
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - ExAllocatePoolWithTag
-  - KeBugCheckEx
-  - IoDeleteDevice
-  - ZwClose
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: 01f092be2a36a5574005e25368426ad2
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: ecfb3bbf1d60b610a6c44fb7be827131
-    SHA1: 862f9bdcc05548b8f7d53768c41488a9713ced4d
-    SHA256: ac08512daaffa35ed865486d3bc4afbede422e341788a404424aaa065716fa4e
-  SHA1: a2167b723dfb24bf8565cbe2de0ecce77307fb9e
-  SHA256: 7ef8949637cb947f1a4e1d4e68d31d1385a600d1b1054b53e7417767461fafa7
-  Sections:
-    .text:
-      Entropy: 5.728812801931185
-      Virtual Size: '0x930'
-    .rdata:
-      Entropy: 4.128141432052858
-      Virtual Size: '0x208'
-    .data:
-      Entropy: 0.5035334969292564
-      Virtual Size: '0x118'
-    .pdata:
-      Entropy: 3.4299412084355048
-      Virtual Size: '0xd8'
-    INIT:
-      Entropy: 4.869482280779335
-      Virtual Size: '0x2a2'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=US, ST=California, L=Santa Clara, O=NVIDIA Corporation, OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=Software, CN=NVIDIA Corporation
-      ValidFrom: '2011-09-02 00:00:00'
-      ValidTo: '2014-09-01 23:59:59'
-      Signature: 5238793a97b2868da546597dbe0a1fba197ae635b9f53b53e26758194d749767e05fb1ce407fd31469376b37c67d5d48bc834f970ac733cd63d557e8a3be20a1fbf9d09e7a5c6c4ebd6fc18a68d0842d2ffdf6f79142d914c6521d227014040fa12f2afb3878aa065cfbed7fa29091b4fe54ea6237a0e1f8f183d0573ebb5bfe712cee4c49bd0b2f40c33bfcf0c7de0bc51ce01a70d14072d4d01216f36e388159220a4d8e3250ddccd71c7ef8a93a26edda2e959b598703a85fa391630e052454e31390dd82d69afee5df2f287bdce8f45f6363c27e6e23ab92faefc7e8d78c10cc1f936f33c36a134cb8820b5749ff479f70834bd99d8e15ad79a1cb3d7ebf
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 43bb437d609866286dd839e1d00309f5
-      Version: 3
-      TBS:
-        MD5: cef292b5c6cdb07e480ccbba0c9d56d1
-        SHA1: 15c37dbebe6fcc77108e3d7ad982676d3d5e77f7
-        SHA256: 3cb152375fa9e694fd2f9167c382005166871c783774997df1a42e0b6013d82a
-        SHA384: e64427dea71a71110ebc317f3552cd7193c5743f72d5cac9257abe80346d15ee42930d5a85e16c02ea06f56c7e8811fb
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 43bb437d609866286dd839e1d00309f5
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 96861132665e8d66c0a91e6c02cc6639
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 97b3a03083142169f3ed78c064262c4f
-    SHA1: c75bbd7f612b0ba6daedf6d399fb4e3405d70fce
-    SHA256: 6a95f3c5cec52da45f9b74660b81226b4314ec18e761490140173998500ae015
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2014-08-14 17:51:48'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - RtlInitUnicodeString
-  - ZwUnmapViewOfSection
-  - IofCompleteRequest
-  - ObfDereferenceObject
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - ExAllocatePoolWithTag
-  - KeBugCheckEx
-  - IoDeleteDevice
-  - ZwClose
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: 0e51d96a3b878b396708535f49a6d7cb
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: ecfb3bbf1d60b610a6c44fb7be827131
-    SHA1: 862f9bdcc05548b8f7d53768c41488a9713ced4d
-    SHA256: ac08512daaffa35ed865486d3bc4afbede422e341788a404424aaa065716fa4e
-  SHA1: a9ea84ee976c66977bb7497aa374bba4f0dd2b27
-  SHA256: c188b36f258f38193ace21a7d254f0aec36b59ad7e3f9bcb9c2958108effebad
-  Sections:
-    .text:
-      Entropy: 5.728812801931185
-      Virtual Size: '0x930'
-    .rdata:
-      Entropy: 4.156635603004811
-      Virtual Size: '0x208'
-    .data:
-      Entropy: 0.5035334969292564
-      Virtual Size: '0x118'
-    .pdata:
-      Entropy: 3.4299412084355048
-      Virtual Size: '0xd8'
-    INIT:
-      Entropy: 4.869482280779335
-      Virtual Size: '0x2a2'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=US, ST=California, L=Santa Clara, O=NVIDIA Corporation, OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=Software, CN=NVIDIA Corporation
-      ValidFrom: '2011-09-02 00:00:00'
-      ValidTo: '2014-09-01 23:59:59'
-      Signature: 5238793a97b2868da546597dbe0a1fba197ae635b9f53b53e26758194d749767e05fb1ce407fd31469376b37c67d5d48bc834f970ac733cd63d557e8a3be20a1fbf9d09e7a5c6c4ebd6fc18a68d0842d2ffdf6f79142d914c6521d227014040fa12f2afb3878aa065cfbed7fa29091b4fe54ea6237a0e1f8f183d0573ebb5bfe712cee4c49bd0b2f40c33bfcf0c7de0bc51ce01a70d14072d4d01216f36e388159220a4d8e3250ddccd71c7ef8a93a26edda2e959b598703a85fa391630e052454e31390dd82d69afee5df2f287bdce8f45f6363c27e6e23ab92faefc7e8d78c10cc1f936f33c36a134cb8820b5749ff479f70834bd99d8e15ad79a1cb3d7ebf
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 43bb437d609866286dd839e1d00309f5
-      Version: 3
-      TBS:
-        MD5: cef292b5c6cdb07e480ccbba0c9d56d1
-        SHA1: 15c37dbebe6fcc77108e3d7ad982676d3d5e77f7
-        SHA256: 3cb152375fa9e694fd2f9167c382005166871c783774997df1a42e0b6013d82a
-        SHA384: e64427dea71a71110ebc317f3552cd7193c5743f72d5cac9257abe80346d15ee42930d5a85e16c02ea06f56c7e8811fb
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 43bb437d609866286dd839e1d00309f5
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 96861132665e8d66c0a91e6c02cc6639
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 756dd53ae9d6061a440cef458beb89e6
-    SHA1: d299f3e02e924746763838b6fbe37ebab64ce698
-    SHA256: b1b708dd7b10616693fd6b56e0b47d9fa6b90f9db28cbf3893b815222e2fa2e5
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2010-05-03 10:59:47'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - RtlInitUnicodeString
-  - ZwUnmapViewOfSection
-  - IofCompleteRequest
-  - ObfDereferenceObject
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - ExAllocatePoolWithTag
-  - KeBugCheckEx
-  - IoDeleteDevice
-  - ZwClose
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: be54aabf09c3fa4671b6efacafa389e3
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: ecfb3bbf1d60b610a6c44fb7be827131
-    SHA1: 862f9bdcc05548b8f7d53768c41488a9713ced4d
-    SHA256: ac08512daaffa35ed865486d3bc4afbede422e341788a404424aaa065716fa4e
-  SHA1: 2027e5e8f2cfdfbd9081f99b65af4921626d77f9
-  SHA256: eef68fdc5df91660410fb9bed005ed08c258c44d66349192faf5bb5f09f5fa90
-  Sections:
-    .text:
-      Entropy: 5.7283354857251965
-      Virtual Size: '0x930'
-    .rdata:
-      Entropy: 4.13968207639289
-      Virtual Size: '0x208'
-    .data:
-      Entropy: 0.5035334969292564
-      Virtual Size: '0x118'
-    .pdata:
-      Entropy: 3.4299412084355048
-      Virtual Size: '0xd8'
-    INIT:
-      Entropy: 4.869482280779335
-      Virtual Size: '0x2a2'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=US, ST=California, L=Santa Clara, O=NVIDIA Corporation, OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=Software, CN=NVIDIA Corporation
-      ValidFrom: '2009-07-31 00:00:00'
-      ValidTo: '2011-09-01 23:59:59'
-      Signature: 637b2f21e7ca2d9c511e9d61685062a36b1fa997fd860d4ebad28445116b417cef4a1bd7dfeb3a0aa4de2e23eae4c7f3abf12e823e3f4aa43e11df3c5bc1822d42125ae4c85c5b1de854950abdf7c1c1dce54186c2294bee017fdacfb123b13d8b1fce69fd7f1f40a112a4b8ca5e17a54251afae7b60f5e5e75cc20cc86bb0578c8478d21c7293af4613094ceff5ead14b0933572693afa4157fbb2ab13cb7a8d44d99fff11be3c0813bbb421ee7a0ed6e6da8f0d0ba915af1db2c9bd63d1bf371ddad6002debf35d03c124253aa9f4b06e5e448a075ef4d084b8061724d7263d19c48b28d916c8a582b5841a161e18d48d6c9618b8100f4194ca648a2fc656b
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 534abed0be56d9840dd12ddb84f8b031
-      Version: 3
-      TBS:
-        MD5: 4914c1d2c944d48a9636059155440df8
-        SHA1: 0337264fca5a8d774786b5b275e03ab42edb11ae
-        SHA256: 8833131f04e02297c80b986ec7e7793e194fb144470dc36cc57a376487c2750b
-        SHA384: 8450d31af22887ac50415c01d88f7eb6081b7044ab8f35ac0b63e09828786258e73fed98f37c99df6d5472b6a34f6db3
-    Signer:
-    - SerialNumber: 534abed0be56d9840dd12ddb84f8b031
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  Imphash: 96861132665e8d66c0a91e6c02cc6639
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 4dccef1e5f250b75954189afb0240d8e
-    SHA1: 7b16f47dac151d8ff54b249f930a37b72cd7094c
-    SHA256: 157ce9ae0d09766cfa3e5be8f90e2ac510f0ce3a0bb7cd97e3a5f9aa20c76661
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2016-09-01 17:53:00'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - RtlInitUnicodeString
-  - ZwUnmapViewOfSection
-  - IofCompleteRequest
-  - ObfDereferenceObject
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - ExAllocatePoolWithTag
-  - KeBugCheckEx
-  - IoDeleteDevice
-  - ZwClose
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: 2e48c3b8042fdcef0ed435562407bd21
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: ecfb3bbf1d60b610a6c44fb7be827131
-    SHA1: 862f9bdcc05548b8f7d53768c41488a9713ced4d
-    SHA256: ac08512daaffa35ed865486d3bc4afbede422e341788a404424aaa065716fa4e
-  SHA1: 2f86a4828ba86034f0c043db3e3db33aa2cf5da5
-  SHA256: ffd1aef19646ffed09b56a2ace4fc8cdf5b2f714fcca1e7ffb82256264c94b18
-  Sections:
-    .text:
-      Entropy: 5.728812801931185
-      Virtual Size: '0x930'
-    .rdata:
-      Entropy: 4.5481411186421035
-      Virtual Size: '0x240'
-    .data:
-      Entropy: 0.5035334969292564
-      Virtual Size: '0x118'
-    .pdata:
-      Entropy: 3.531568402609688
-      Virtual Size: '0xd8'
-    INIT:
-      Entropy: 4.869482280779335
-      Virtual Size: '0x2a2'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=California, L=SANTA CLARA, O=NVIDIA Corporation, CN=NVIDIA
-        Corporation
-      ValidFrom: '2015-07-28 00:00:00'
-      ValidTo: '2018-07-26 23:59:59'
-      Signature: 988b749e6c6dfa90bcce704fcb9c081682463fcb9369f50230799817c5a5d2070e4a9803fcbbd643deae6fa5e8487b3499d5adafdca75ded45bfaa51ffba486a50139e5307035cd720852628b94aeb21873e8d28a69cbc07c941c6a3225b7ff3e6f4f3fcf37aea2a8860af577d6d31cf5bcb986a0c8fb8a71daae5cc74e5432cf7b01af58b8ea0e6c510a1a841a22dbd3ca766d2e7a9177273931527c0677a66d279b269e1a1b99ff11ab5a2f8ff601e4627364239d821d898c9d7f6f57d016993af75523ea3a3df6b43afb3f55376309f63d0bad89acd2f03876dc7da206ec95bfe850b2774e6c6dc4dfd9a2d4e59a4951b47d49b90377d106504ee0fb77176
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 14781bc862e8dc503a559346f5dcc518
-      Version: 3
-      TBS:
-        MD5: ca9c04cba2830b5f4ef152b4a39d12ed
-        SHA1: f049a238763d4a90b148ab10a500f96ebf1dc436
-        SHA256: aef2a80c4f1f523fd6832fef743b9222808b1c71991e914635846ab8802c4fd9
-        SHA384: 9675fa13ddfdf105282fbbe4697fdda632d16b27b5b81844f5694b9022b0556e2d32ed6e1b9665b5d792499a314e7eb2
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 14781bc862e8dc503a559346f5dcc518
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 96861132665e8d66c0a91e6c02cc6639
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 5e4355461b14f9d55215a176071d4cc8
-    SHA1: c905edb291eca91790fec309cbc00e8a6ce0534d
-    SHA256: 057e6a58e3515e56eab85ccb8ec5086552b7de98c886c37f6a5284c002615565
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2014-10-16 13:07:01'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - RtlInitUnicodeString
-  - ZwUnmapViewOfSection
-  - IofCompleteRequest
-  - ObfDereferenceObject
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - ExAllocatePoolWithTag
-  - KeBugCheckEx
-  - IoDeleteDevice
-  - ZwClose
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: 7bdf418a65ec33ec8ff47e7de705a4e1
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: ecfb3bbf1d60b610a6c44fb7be827131
-    SHA1: 862f9bdcc05548b8f7d53768c41488a9713ced4d
-    SHA256: ac08512daaffa35ed865486d3bc4afbede422e341788a404424aaa065716fa4e
-  SHA1: 4dba2ac32ed58ead57dd36b18d1cb30cc1c7b9aa
-  SHA256: 50aa2b3a762abb1306fa003c60de3c78e89ea5d29aab8a9c6479792d2be3c2d7
-  Sections:
-    .text:
-      Entropy: 5.728812801931185
-      Virtual Size: '0x930'
-    .rdata:
-      Entropy: 4.169241673316241
-      Virtual Size: '0x208'
-    .data:
-      Entropy: 0.5035334969292564
-      Virtual Size: '0x118'
-    .pdata:
-      Entropy: 3.4299412084355048
-      Virtual Size: '0xd8'
-    INIT:
-      Entropy: 4.869482280779335
-      Virtual Size: '0x2a2'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Timestamping CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2028-01-28 12:00:00'
-      Signature: 4e5e56901e46b4d94931f3bb1739281bc216ddfd41dc0905049b6fb2a29ad6992e40990055b5ea3fa52076d38634d417cc553ac782eeefa8babcd8069f1550dfcd167b523a02d7191afdaff0785ce04bc518df3a241edaacb8a95804020730dbb0125efe31bef00448f4f070f83a5e5683cf3dfb0dbcf4c5ed979db9d4dba52784e3389b8ba735864420a43b6da46a0ba183fd28ebdaef28f6cc885dfb0a3b00abe021ebe22f356c0f8e344597eba2f79933357ecb9a8abb454de73f9fc2d98afa65b26ec77e65ffe892e12c31a2f7b02736488f266f3bee4d761f79c3e57f9635bc2d0ecc01b08e7fff518080a792d4b34446648c874f166307314b63b0dff3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee152d7
-      Version: 3
-      TBS:
-        MD5: e140543fe3256027cfa79fc3c19c1776
-        SHA1: c655f94eb1ecc93de319fc0c9a2dc6c5ec063728
-        SHA256: 3ca71e85908ff67368e4dc00253f5691b9e6d50c966e7784143d75fb92aa3448
-        SHA384: d9d366f9328f2b55ee19a32cc5fd5148b81d764282fe5dc196c872ae249caa51d2c212ef39f33945dfe0cda81925e326
-    - Subject: C=SG, O=GMO GlobalSign Pte Ltd, CN=GlobalSign TSA for MS Authenticode
-        , G1
-      ValidFrom: '2013-08-23 00:00:00'
-      ValidTo: '2024-09-23 00:00:00'
-      Signature: 0231142e5857644185e8af12753c881cc35eec2ce9a13cf5baaa531db9d12963dc436786d439dadec6c9ffbe4585f4a4d7c151ea18ee40585ee67bcca241291338c8ea21169cce90a62efba6cad994df401df902182bbef65d4f9fff9a48dbc50509ca80cea0f9dc4bc323e6038fb4b4af5b71296191181a6b7af2fd0dd1cd7d5e98ebba705ee5f4ea43de353dc514818adb3e105ebb72faa1a093ab031cc1653c91138b045d2bc4b9161bcc55c50ce8abe743c9b28328a5531347ab3964b91cea3430b176009521f1d43da8fda00032d76e983ca69c3b0b83becbb8bb2a268c59b8b9aeaf26ace234a2dc210d810b3813f745a3e3dbc4aca16d1bb7e5615cd7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1121405c1f0ed258882be54d8686ba11ea45
-      Version: 3
-      TBS:
-        MD5: b95cbc184d388718612d5933f7b36770
-        SHA1: ff124c5d160710720108616ffee99bbe090ed363
-        SHA256: 13027620255363f07bbf85ae7d0dc06c07d8b0f4368b12f983ee3f4fce605733
-        SHA384: f42ed00f615f2822dcd3d33794477428afb52ddab932ebcde3586f92a27e18f9faba6b3334ca4e59e0cb24bdbf8395a6
-    - Subject: C=US, ST=California, L=Santa Clara, O=NVIDIA Corporation, OU=IT,MIS,
-        CN=NVIDIA Corporation
-      ValidFrom: '2014-09-06 00:00:00'
-      ValidTo: '2015-09-07 23:59:59'
-      Signature: bcfe91c880a1d97088818c4357d5a3a5f0a96f10dd5ad25e5ef067731083a524a8b7a45432474047cdce10e75ad2992441ad7763f12c43eff30813e3c17773b0fa1f6908b40d2d1e370eae57136fae9607f2b321a0250dcda40398d2cce30727e3999f4794b35cd53e120d2ae9542a1b587a4ccb0e312cb415296cd03f1d4a11ba98ab1f8d6f662cd9c1a9cb78ba25d8e09eccacf1f26607fcc6370e68612e16e124e8b2715eaa1f64202436d61e5503f60eb379c7fdd1e220befc9d7f726346e8ebd9f4ab4e2aff32ce25896fcd6af2916c1d05210a306ff344767e7941b4e1519a65962977d9d823dfb31ec144d02466ea1ba0b8be4a10202c7ee238017585
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 5e477535c68343ba71c74d70b9e97d5b
-      Version: 3
-      TBS:
-        MD5: 07b62f399867bbd818b590e6fa595fc6
-        SHA1: 04ded4349cbca4e6cb5c266fb0ba0b06e1f4ec94
-        SHA256: 48d30c10f37a2158de95e7b556e100a45b5f397a0b1d35962f2b358fe872663e
-        SHA384: ac52af1a1e220b3c640b203905b78d0e978bd4f60b6338b972ff1461dcfb8d75125055cf7f613b3ca59a62091fc1c056
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 5e477535c68343ba71c74d70b9e97d5b
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 96861132665e8d66c0a91e6c02cc6639
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 71f51c78315024afb9112595b54be422
-    SHA1: 1989e7db7ce6b29f674bff8e7efa7056dd2711aa
-    SHA256: e69bba9f8aae090226841a02e6207fb37f784b83c6641ea15bd20e7bd3418d87
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2013-05-17 00:42:38'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - RtlInitUnicodeString
-  - ZwUnmapViewOfSection
-  - IofCompleteRequest
-  - ObfDereferenceObject
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - ExAllocatePoolWithTag
-  - KeBugCheckEx
-  - IoDeleteDevice
-  - ZwClose
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: 697bbd86ee1d386ae1e99759b1e38919
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: ecfb3bbf1d60b610a6c44fb7be827131
-    SHA1: 862f9bdcc05548b8f7d53768c41488a9713ced4d
-    SHA256: ac08512daaffa35ed865486d3bc4afbede422e341788a404424aaa065716fa4e
-  SHA1: 1e959d6ae22c4d9fa5613c3a9d3b6e1b472be05d
-  SHA256: e2d6cdc3d8960a50d9f292bb337b3235956a61e4e8b16cf158cb979b777f42aa
-  Sections:
-    .text:
-      Entropy: 5.728812801931185
-      Virtual Size: '0x930'
-    .rdata:
-      Entropy: 4.143901353206941
-      Virtual Size: '0x208'
-    .data:
-      Entropy: 0.5035334969292564
-      Virtual Size: '0x118'
-    .pdata:
-      Entropy: 3.4299412084355048
-      Virtual Size: '0xd8'
-    INIT:
-      Entropy: 4.869482280779335
-      Virtual Size: '0x2a2'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=US, ST=California, L=Santa Clara, O=NVIDIA Corporation, OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=Software, CN=NVIDIA Corporation
-      ValidFrom: '2011-09-02 00:00:00'
-      ValidTo: '2014-09-01 23:59:59'
-      Signature: 5238793a97b2868da546597dbe0a1fba197ae635b9f53b53e26758194d749767e05fb1ce407fd31469376b37c67d5d48bc834f970ac733cd63d557e8a3be20a1fbf9d09e7a5c6c4ebd6fc18a68d0842d2ffdf6f79142d914c6521d227014040fa12f2afb3878aa065cfbed7fa29091b4fe54ea6237a0e1f8f183d0573ebb5bfe712cee4c49bd0b2f40c33bfcf0c7de0bc51ce01a70d14072d4d01216f36e388159220a4d8e3250ddccd71c7ef8a93a26edda2e959b598703a85fa391630e052454e31390dd82d69afee5df2f287bdce8f45f6363c27e6e23ab92faefc7e8d78c10cc1f936f33c36a134cb8820b5749ff479f70834bd99d8e15ad79a1cb3d7ebf
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 43bb437d609866286dd839e1d00309f5
-      Version: 3
-      TBS:
-        MD5: cef292b5c6cdb07e480ccbba0c9d56d1
-        SHA1: 15c37dbebe6fcc77108e3d7ad982676d3d5e77f7
-        SHA256: 3cb152375fa9e694fd2f9167c382005166871c783774997df1a42e0b6013d82a
-        SHA384: e64427dea71a71110ebc317f3552cd7193c5743f72d5cac9257abe80346d15ee42930d5a85e16c02ea06f56c7e8811fb
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 43bb437d609866286dd839e1d00309f5
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 96861132665e8d66c0a91e6c02cc6639
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 3efb557f699b3d5ae069b5863c744ac2
-    SHA1: b76b53a72b66938bb3e9c787d0e075260f3e821c
-    SHA256: 3cee638c546efe5bd23880da9fa2b90e8dd0fd4a228fb0ad96f6c11d47a52593
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2016-03-30 19:00:19'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - RtlInitUnicodeString
-  - ZwUnmapViewOfSection
-  - IofCompleteRequest
-  - ObfDereferenceObject
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - ExAllocatePoolWithTag
-  - KeBugCheckEx
-  - IoDeleteDevice
-  - ZwClose
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: c60a4bc4fec820d88113afb1da6e4db3
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: ecfb3bbf1d60b610a6c44fb7be827131
-    SHA1: 862f9bdcc05548b8f7d53768c41488a9713ced4d
-    SHA256: ac08512daaffa35ed865486d3bc4afbede422e341788a404424aaa065716fa4e
-  SHA1: cb25d537f4e2872e5fcbd893da8ce3807137df80
-  SHA256: 0e9072759433abf3304667b332354e0c635964ff930de034294bf13d40da2a6f
-  Sections:
-    .text:
-      Entropy: 5.728812801931185
-      Virtual Size: '0x930'
-    .rdata:
-      Entropy: 4.523119611868724
-      Virtual Size: '0x240'
-    .data:
-      Entropy: 0.5035334969292564
-      Virtual Size: '0x118'
-    .pdata:
-      Entropy: 3.531568402609688
-      Virtual Size: '0xd8'
-    INIT:
-      Entropy: 4.869482280779335
-      Virtual Size: '0x2a2'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, ST=California, L=SANTA CLARA, O=NVIDIA Corporation, CN=NVIDIA
-        Corporation
-      ValidFrom: '2015-07-28 00:00:00'
-      ValidTo: '2018-07-26 23:59:59'
-      Signature: 988b749e6c6dfa90bcce704fcb9c081682463fcb9369f50230799817c5a5d2070e4a9803fcbbd643deae6fa5e8487b3499d5adafdca75ded45bfaa51ffba486a50139e5307035cd720852628b94aeb21873e8d28a69cbc07c941c6a3225b7ff3e6f4f3fcf37aea2a8860af577d6d31cf5bcb986a0c8fb8a71daae5cc74e5432cf7b01af58b8ea0e6c510a1a841a22dbd3ca766d2e7a9177273931527c0677a66d279b269e1a1b99ff11ab5a2f8ff601e4627364239d821d898c9d7f6f57d016993af75523ea3a3df6b43afb3f55376309f63d0bad89acd2f03876dc7da206ec95bfe850b2774e6c6dc4dfd9a2d4e59a4951b47d49b90377d106504ee0fb77176
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 14781bc862e8dc503a559346f5dcc518
-      Version: 3
-      TBS:
-        MD5: ca9c04cba2830b5f4ef152b4a39d12ed
-        SHA1: f049a238763d4a90b148ab10a500f96ebf1dc436
-        SHA256: aef2a80c4f1f523fd6832fef743b9222808b1c71991e914635846ab8802c4fd9
-        SHA384: 9675fa13ddfdf105282fbbe4697fdda632d16b27b5b81844f5694b9022b0556e2d32ed6e1b9665b5d792499a314e7eb2
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 14781bc862e8dc503a559346f5dcc518
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 96861132665e8d66c0a91e6c02cc6639
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: c907da5820cfab62231ad45c6c761800
-    SHA1: 5087f7ed135db66d4b58beaf09f1245e65171466
-    SHA256: cc041a5c21339d62c9ea05215c2c42697f73a3820c83133eb6c6fa574a095384
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2010-05-25 14:12:52'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - RtlInitUnicodeString
-  - ZwUnmapViewOfSection
-  - IofCompleteRequest
-  - ObfDereferenceObject
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - ExAllocatePoolWithTag
-  - KeBugCheckEx
-  - IoDeleteDevice
-  - ZwClose
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: db2fc89098ac722dabe3c37ed23de340
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: ecfb3bbf1d60b610a6c44fb7be827131
-    SHA1: 862f9bdcc05548b8f7d53768c41488a9713ced4d
-    SHA256: ac08512daaffa35ed865486d3bc4afbede422e341788a404424aaa065716fa4e
-  SHA1: 1a01f3bdbfae4f8111674068a001aaf3363f21ea
-  SHA256: 20dd9542d30174585f2623642c7fbbda84e2347e4365e804e3f3d81f530c4ece
-  Sections:
-    .text:
-      Entropy: 5.7283354857251965
-      Virtual Size: '0x930'
-    .rdata:
-      Entropy: 4.143261336769458
-      Virtual Size: '0x208'
-    .data:
-      Entropy: 0.5035334969292564
-      Virtual Size: '0x118'
-    .pdata:
-      Entropy: 3.4299412084355048
-      Virtual Size: '0xd8'
-    INIT:
-      Entropy: 4.869482280779335
-      Virtual Size: '0x2a2'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=US, ST=California, L=Santa Clara, O=NVIDIA Corporation, OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=Software, CN=NVIDIA Corporation
-      ValidFrom: '2009-07-31 00:00:00'
-      ValidTo: '2011-09-01 23:59:59'
-      Signature: 637b2f21e7ca2d9c511e9d61685062a36b1fa997fd860d4ebad28445116b417cef4a1bd7dfeb3a0aa4de2e23eae4c7f3abf12e823e3f4aa43e11df3c5bc1822d42125ae4c85c5b1de854950abdf7c1c1dce54186c2294bee017fdacfb123b13d8b1fce69fd7f1f40a112a4b8ca5e17a54251afae7b60f5e5e75cc20cc86bb0578c8478d21c7293af4613094ceff5ead14b0933572693afa4157fbb2ab13cb7a8d44d99fff11be3c0813bbb421ee7a0ed6e6da8f0d0ba915af1db2c9bd63d1bf371ddad6002debf35d03c124253aa9f4b06e5e448a075ef4d084b8061724d7263d19c48b28d916c8a582b5841a161e18d48d6c9618b8100f4194ca648a2fc656b
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 534abed0be56d9840dd12ddb84f8b031
-      Version: 3
-      TBS:
-        MD5: 4914c1d2c944d48a9636059155440df8
-        SHA1: 0337264fca5a8d774786b5b275e03ab42edb11ae
-        SHA256: 8833131f04e02297c80b986ec7e7793e194fb144470dc36cc57a376487c2750b
-        SHA384: 8450d31af22887ac50415c01d88f7eb6081b7044ab8f35ac0b63e09828786258e73fed98f37c99df6d5472b6a34f6db3
-    Signer:
-    - SerialNumber: 534abed0be56d9840dd12ddb84f8b031
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  Imphash: 96861132665e8d66c0a91e6c02cc6639
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: e8d2b5097e7fecf435927385bc6e526d
-    SHA1: 30de853698f8dbf7063e647f6c6c50759ce233de
-    SHA256: dcef3c2fe44a68992d2344a8ec129e9d35e7790f4317e9bd7bca6bf217252d91
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2015-07-29 21:48:50'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - RtlInitUnicodeString
-  - ZwUnmapViewOfSection
-  - IofCompleteRequest
-  - ObfDereferenceObject
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - ExAllocatePoolWithTag
-  - KeBugCheckEx
-  - IoDeleteDevice
-  - ZwClose
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: 9ade14e58996a6abbfe2409d6cddba6a
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: ecfb3bbf1d60b610a6c44fb7be827131
-    SHA1: 862f9bdcc05548b8f7d53768c41488a9713ced4d
-    SHA256: ac08512daaffa35ed865486d3bc4afbede422e341788a404424aaa065716fa4e
-  SHA1: 81a319685d0b6112edee4bc25d14d6236f4e12da
-  SHA256: 747a4dc50915053649c499a508853a42d9e325a5eec22e586571e338c6d32465
-  Sections:
-    .text:
-      Entropy: 5.728812801931185
-      Virtual Size: '0x930'
-    .rdata:
-      Entropy: 4.151891107986793
-      Virtual Size: '0x208'
-    .data:
-      Entropy: 0.5035334969292564
-      Virtual Size: '0x118'
-    .pdata:
-      Entropy: 3.4299412084355048
-      Virtual Size: '0xd8'
-    INIT:
-      Entropy: 4.869482280779335
-      Virtual Size: '0x2a2'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=California, L=SANTA CLARA, O=NVIDIA Corporation, CN=NVIDIA
-        Corporation
-      ValidFrom: '2015-07-28 00:00:00'
-      ValidTo: '2018-07-26 23:59:59'
-      Signature: 988b749e6c6dfa90bcce704fcb9c081682463fcb9369f50230799817c5a5d2070e4a9803fcbbd643deae6fa5e8487b3499d5adafdca75ded45bfaa51ffba486a50139e5307035cd720852628b94aeb21873e8d28a69cbc07c941c6a3225b7ff3e6f4f3fcf37aea2a8860af577d6d31cf5bcb986a0c8fb8a71daae5cc74e5432cf7b01af58b8ea0e6c510a1a841a22dbd3ca766d2e7a9177273931527c0677a66d279b269e1a1b99ff11ab5a2f8ff601e4627364239d821d898c9d7f6f57d016993af75523ea3a3df6b43afb3f55376309f63d0bad89acd2f03876dc7da206ec95bfe850b2774e6c6dc4dfd9a2d4e59a4951b47d49b90377d106504ee0fb77176
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 14781bc862e8dc503a559346f5dcc518
-      Version: 3
-      TBS:
-        MD5: ca9c04cba2830b5f4ef152b4a39d12ed
-        SHA1: f049a238763d4a90b148ab10a500f96ebf1dc436
-        SHA256: aef2a80c4f1f523fd6832fef743b9222808b1c71991e914635846ab8802c4fd9
-        SHA384: 9675fa13ddfdf105282fbbe4697fdda632d16b27b5b81844f5694b9022b0556e2d32ed6e1b9665b5d792499a314e7eb2
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 14781bc862e8dc503a559346f5dcc518
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 96861132665e8d66c0a91e6c02cc6639
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: a56d1e854f91d1e76663b72d5ddb1cc5
-    SHA1: e127c3a0f3cf3a30a1a82f558b2bdcd995657b0c
-    SHA256: 46cb4aabe49917be885f2c42ade92aceda6b9d0b7739cf0e7c3c6d93820b67c3
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2009-12-22 16:57:52'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - RtlInitUnicodeString
-  - ZwUnmapViewOfSection
-  - IofCompleteRequest
-  - ObfDereferenceObject
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - ExAllocatePoolWithTag
-  - KeBugCheckEx
-  - IoDeleteDevice
-  - ZwClose
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: 05bf59560656c8a9a3191812b0e1235b
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: ecfb3bbf1d60b610a6c44fb7be827131
-    SHA1: 862f9bdcc05548b8f7d53768c41488a9713ced4d
-    SHA256: ac08512daaffa35ed865486d3bc4afbede422e341788a404424aaa065716fa4e
-  SHA1: e840904ce12cc2f94eb1ec16b0b89e2822c24805
-  SHA256: f583cfb8aab7d084dc052dbd0b9d56693308cbb26bd1b607c2aedf8ee2b25e44
-  Sections:
-    .text:
-      Entropy: 5.7283354857251965
-      Virtual Size: '0x930'
-    .rdata:
-      Entropy: 4.129481876458999
-      Virtual Size: '0x208'
-    .data:
-      Entropy: 0.5035334969292564
-      Virtual Size: '0x118'
-    .pdata:
-      Entropy: 3.4299412084355048
-      Virtual Size: '0xd8'
-    INIT:
-      Entropy: 4.869482280779335
-      Virtual Size: '0x2a2'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=US, ST=California, L=Santa Clara, O=NVIDIA Corporation, OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=Software, CN=NVIDIA Corporation
-      ValidFrom: '2009-07-31 00:00:00'
-      ValidTo: '2011-09-01 23:59:59'
-      Signature: 637b2f21e7ca2d9c511e9d61685062a36b1fa997fd860d4ebad28445116b417cef4a1bd7dfeb3a0aa4de2e23eae4c7f3abf12e823e3f4aa43e11df3c5bc1822d42125ae4c85c5b1de854950abdf7c1c1dce54186c2294bee017fdacfb123b13d8b1fce69fd7f1f40a112a4b8ca5e17a54251afae7b60f5e5e75cc20cc86bb0578c8478d21c7293af4613094ceff5ead14b0933572693afa4157fbb2ab13cb7a8d44d99fff11be3c0813bbb421ee7a0ed6e6da8f0d0ba915af1db2c9bd63d1bf371ddad6002debf35d03c124253aa9f4b06e5e448a075ef4d084b8061724d7263d19c48b28d916c8a582b5841a161e18d48d6c9618b8100f4194ca648a2fc656b
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 534abed0be56d9840dd12ddb84f8b031
-      Version: 3
-      TBS:
-        MD5: 4914c1d2c944d48a9636059155440df8
-        SHA1: 0337264fca5a8d774786b5b275e03ab42edb11ae
-        SHA256: 8833131f04e02297c80b986ec7e7793e194fb144470dc36cc57a376487c2750b
-        SHA384: 8450d31af22887ac50415c01d88f7eb6081b7044ab8f35ac0b63e09828786258e73fed98f37c99df6d5472b6a34f6db3
-    Signer:
-    - SerialNumber: 534abed0be56d9840dd12ddb84f8b031
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  Imphash: 96861132665e8d66c0a91e6c02cc6639
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 988c23aed10d8bdd1c41dd05249e1385
-    SHA1: 3b45a3e4c8bc157c97de9d010feea486c8263cca
-    SHA256: e5a6fe0d0a3894f55b7ba9b4d5a03022f6146544f1f874ae1ef32c29450535b7
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2013-02-26 16:39:45'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - RtlInitUnicodeString
-  - ZwUnmapViewOfSection
-  - IofCompleteRequest
-  - ObfDereferenceObject
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - ExAllocatePoolWithTag
-  - KeBugCheckEx
-  - IoDeleteDevice
-  - ZwClose
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: 02fc655279b8ea3ef37237c488b675cc
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: ecfb3bbf1d60b610a6c44fb7be827131
-    SHA1: 862f9bdcc05548b8f7d53768c41488a9713ced4d
-    SHA256: ac08512daaffa35ed865486d3bc4afbede422e341788a404424aaa065716fa4e
-  SHA1: 5622caf22032e5cbef52f48077cfbcbbbe85e961
-  SHA256: f2a4ddc38e68efd2eac27b2562529926f5ade93575a82e8d3e0abb2b37347257
-  Sections:
-    .text:
-      Entropy: 5.728812801931185
-      Virtual Size: '0x930'
-    .rdata:
-      Entropy: 4.139695919721783
-      Virtual Size: '0x208'
-    .data:
-      Entropy: 0.5035334969292564
-      Virtual Size: '0x118'
-    .pdata:
-      Entropy: 3.4299412084355048
-      Virtual Size: '0xd8'
-    INIT:
-      Entropy: 4.869482280779335
-      Virtual Size: '0x2a2'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=US, ST=California, L=Santa Clara, O=NVIDIA Corporation, OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=Software, CN=NVIDIA Corporation
-      ValidFrom: '2011-09-02 00:00:00'
-      ValidTo: '2014-09-01 23:59:59'
-      Signature: 5238793a97b2868da546597dbe0a1fba197ae635b9f53b53e26758194d749767e05fb1ce407fd31469376b37c67d5d48bc834f970ac733cd63d557e8a3be20a1fbf9d09e7a5c6c4ebd6fc18a68d0842d2ffdf6f79142d914c6521d227014040fa12f2afb3878aa065cfbed7fa29091b4fe54ea6237a0e1f8f183d0573ebb5bfe712cee4c49bd0b2f40c33bfcf0c7de0bc51ce01a70d14072d4d01216f36e388159220a4d8e3250ddccd71c7ef8a93a26edda2e959b598703a85fa391630e052454e31390dd82d69afee5df2f287bdce8f45f6363c27e6e23ab92faefc7e8d78c10cc1f936f33c36a134cb8820b5749ff479f70834bd99d8e15ad79a1cb3d7ebf
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 43bb437d609866286dd839e1d00309f5
-      Version: 3
-      TBS:
-        MD5: cef292b5c6cdb07e480ccbba0c9d56d1
-        SHA1: 15c37dbebe6fcc77108e3d7ad982676d3d5e77f7
-        SHA256: 3cb152375fa9e694fd2f9167c382005166871c783774997df1a42e0b6013d82a
-        SHA384: e64427dea71a71110ebc317f3552cd7193c5743f72d5cac9257abe80346d15ee42930d5a85e16c02ea06f56c7e8811fb
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 43bb437d609866286dd839e1d00309f5
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 96861132665e8d66c0a91e6c02cc6639
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: c951c775c02cc9243a6feb863c36bae0
-    SHA1: 2ae5a1f9c96f3935d58830d2fdf00b4517dacfd9
-    SHA256: 51dbf446deb54beb8aef1de11e0f868ac062a9db0c31d0e16eff99203aec86a9
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2012-11-29 13:31:33'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - RtlInitUnicodeString
-  - ZwUnmapViewOfSection
-  - IofCompleteRequest
-  - ObfDereferenceObject
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - ExAllocatePoolWithTag
-  - KeBugCheckEx
-  - IoDeleteDevice
-  - ZwClose
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: 547971da89a47b6ad6459cd7d7854e12
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: ecfb3bbf1d60b610a6c44fb7be827131
-    SHA1: 862f9bdcc05548b8f7d53768c41488a9713ced4d
-    SHA256: ac08512daaffa35ed865486d3bc4afbede422e341788a404424aaa065716fa4e
-  SHA1: 970af806aa5e9a57d42298ab5ffa6e0d0e46deda
-  SHA256: 1ce9e4600859293c59d884ea721e9b20b2410f6ef80699f8a78a6b9fad505dfc
-  Sections:
-    .text:
-      Entropy: 5.728812801931185
-      Virtual Size: '0x930'
-    .rdata:
-      Entropy: 4.140016187598986
-      Virtual Size: '0x208'
-    .data:
-      Entropy: 0.5035334969292564
-      Virtual Size: '0x118'
-    .pdata:
-      Entropy: 3.4299412084355048
-      Virtual Size: '0xd8'
-    INIT:
-      Entropy: 4.869482280779335
-      Virtual Size: '0x2a2'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G3
-      ValidFrom: '2012-05-01 00:00:00'
-      ValidTo: '2012-12-31 23:59:59'
-      Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
-      Version: 3
-      TBS:
-        MD5: e6d820afb23af20a65cf0b03247ea05e
-        SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
-        SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
-        SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=US, ST=California, L=Santa Clara, O=NVIDIA Corporation, OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=Software, CN=NVIDIA Corporation
-      ValidFrom: '2011-09-02 00:00:00'
-      ValidTo: '2014-09-01 23:59:59'
-      Signature: 5238793a97b2868da546597dbe0a1fba197ae635b9f53b53e26758194d749767e05fb1ce407fd31469376b37c67d5d48bc834f970ac733cd63d557e8a3be20a1fbf9d09e7a5c6c4ebd6fc18a68d0842d2ffdf6f79142d914c6521d227014040fa12f2afb3878aa065cfbed7fa29091b4fe54ea6237a0e1f8f183d0573ebb5bfe712cee4c49bd0b2f40c33bfcf0c7de0bc51ce01a70d14072d4d01216f36e388159220a4d8e3250ddccd71c7ef8a93a26edda2e959b598703a85fa391630e052454e31390dd82d69afee5df2f287bdce8f45f6363c27e6e23ab92faefc7e8d78c10cc1f936f33c36a134cb8820b5749ff479f70834bd99d8e15ad79a1cb3d7ebf
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 43bb437d609866286dd839e1d00309f5
-      Version: 3
-      TBS:
-        MD5: cef292b5c6cdb07e480ccbba0c9d56d1
-        SHA1: 15c37dbebe6fcc77108e3d7ad982676d3d5e77f7
-        SHA256: 3cb152375fa9e694fd2f9167c382005166871c783774997df1a42e0b6013d82a
-        SHA384: e64427dea71a71110ebc317f3552cd7193c5743f72d5cac9257abe80346d15ee42930d5a85e16c02ea06f56c7e8811fb
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 43bb437d609866286dd839e1d00309f5
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 96861132665e8d66c0a91e6c02cc6639
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 5db877819ab673a0f2abea7867e6bf98
-    SHA1: 2060f97a7138f29dfeeef3258ecfe5256da8ae87
-    SHA256: 6694435663bf283a3d5f20e9c90cf1bc4d3687e381b32e1a004a9d24471eb95b
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2013-04-30 23:06:23'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - RtlInitUnicodeString
-  - ZwUnmapViewOfSection
-  - IofCompleteRequest
-  - ObfDereferenceObject
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - ExAllocatePoolWithTag
-  - KeBugCheckEx
-  - IoDeleteDevice
-  - ZwClose
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: 87982977500b93330df08bf372435641
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: ecfb3bbf1d60b610a6c44fb7be827131
-    SHA1: 862f9bdcc05548b8f7d53768c41488a9713ced4d
-    SHA256: ac08512daaffa35ed865486d3bc4afbede422e341788a404424aaa065716fa4e
-  SHA1: 343ec3073fc84968e40a145dc9260a403966bcb4
-  SHA256: 7c933f5d07ccb4bd715666cd6eb35a774b266ddd8d212849535a54192a44f667
-  Sections:
-    .text:
-      Entropy: 5.728812801931185
-      Virtual Size: '0x930'
-    .rdata:
-      Entropy: 4.123552805436646
-      Virtual Size: '0x208'
-    .data:
-      Entropy: 0.5035334969292564
-      Virtual Size: '0x118'
-    .pdata:
-      Entropy: 3.4299412084355048
-      Virtual Size: '0xd8'
-    INIT:
-      Entropy: 4.869482280779335
-      Virtual Size: '0x2a2'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=US, ST=California, L=Santa Clara, O=NVIDIA Corporation, OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=Software, CN=NVIDIA Corporation
-      ValidFrom: '2011-09-02 00:00:00'
-      ValidTo: '2014-09-01 23:59:59'
-      Signature: 5238793a97b2868da546597dbe0a1fba197ae635b9f53b53e26758194d749767e05fb1ce407fd31469376b37c67d5d48bc834f970ac733cd63d557e8a3be20a1fbf9d09e7a5c6c4ebd6fc18a68d0842d2ffdf6f79142d914c6521d227014040fa12f2afb3878aa065cfbed7fa29091b4fe54ea6237a0e1f8f183d0573ebb5bfe712cee4c49bd0b2f40c33bfcf0c7de0bc51ce01a70d14072d4d01216f36e388159220a4d8e3250ddccd71c7ef8a93a26edda2e959b598703a85fa391630e052454e31390dd82d69afee5df2f287bdce8f45f6363c27e6e23ab92faefc7e8d78c10cc1f936f33c36a134cb8820b5749ff479f70834bd99d8e15ad79a1cb3d7ebf
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 43bb437d609866286dd839e1d00309f5
-      Version: 3
-      TBS:
-        MD5: cef292b5c6cdb07e480ccbba0c9d56d1
-        SHA1: 15c37dbebe6fcc77108e3d7ad982676d3d5e77f7
-        SHA256: 3cb152375fa9e694fd2f9167c382005166871c783774997df1a42e0b6013d82a
-        SHA384: e64427dea71a71110ebc317f3552cd7193c5743f72d5cac9257abe80346d15ee42930d5a85e16c02ea06f56c7e8811fb
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 43bb437d609866286dd839e1d00309f5
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 96861132665e8d66c0a91e6c02cc6639
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create nvflsh64.sys binPath=C:\windows\temp \n \n \n  vflsh64.sys
+        type=kernel && sc.exe start nvflsh64.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://github.com/eclypsium/Screwed-Drivers/blob/master/DRIVERS.md
-Tags:
-- nvflsh64.sys
-Verified: 'TRUE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: c3a003ae7b48dcd1dac8bced7cf93f28
+        SHA1: 118cbd8cae88dc0dfb0d6a24df9161c90b916b90
+        SHA256: 372c6118541efaa800bcba6e0c1780f9beb8cab6f2176bcc5fe3664ea19379e4
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2014-01-23 23:53:23'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: nvflsh64.sys
+    ImportedFunctions:
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - RtlInitUnicodeString
+    - ZwUnmapViewOfSection
+    - IofCompleteRequest
+    - ObfDereferenceObject
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - ExAllocatePoolWithTag
+    - KeBugCheckEx
+    - IoDeleteDevice
+    - ZwClose
+    - HalTranslateBusAddress
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: d3e40644a91327da2b1a7241606fe559
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: ecfb3bbf1d60b610a6c44fb7be827131
+        SHA1: 862f9bdcc05548b8f7d53768c41488a9713ced4d
+        SHA256: ac08512daaffa35ed865486d3bc4afbede422e341788a404424aaa065716fa4e
+    SHA1: 7667b72471689151e176baeba4e1cd9cd006a09a
+    SHA256: a899b659b08fbae30b182443be8ffb6a6471c1d0497b52293061754886a937a3
+    Sections:
+        .text:
+            Entropy: 5.728812801931185
+            Virtual Size: '0x930'
+        .rdata:
+            Entropy: 4.153378884709535
+            Virtual Size: '0x208'
+        .data:
+            Entropy: 0.5035334969292564
+            Virtual Size: '0x118'
+        .pdata:
+            Entropy: 3.4299412084355048
+            Virtual Size: '0xd8'
+        INIT:
+            Entropy: 4.869482280779335
+            Virtual Size: '0x2a2'
+    Signature:
+    - NVIDIA Corporation
+    - VeriSign Class 3 Code Signing 2010 CA
+    - VeriSign
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=US, ST=California, L=Santa Clara, O=NVIDIA Corporation, OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, OU=Software, CN=NVIDIA
+                Corporation
+            ValidFrom: '2011-09-02 00:00:00'
+            ValidTo: '2014-09-01 23:59:59'
+            Signature: 5238793a97b2868da546597dbe0a1fba197ae635b9f53b53e26758194d749767e05fb1ce407fd31469376b37c67d5d48bc834f970ac733cd63d557e8a3be20a1fbf9d09e7a5c6c4ebd6fc18a68d0842d2ffdf6f79142d914c6521d227014040fa12f2afb3878aa065cfbed7fa29091b4fe54ea6237a0e1f8f183d0573ebb5bfe712cee4c49bd0b2f40c33bfcf0c7de0bc51ce01a70d14072d4d01216f36e388159220a4d8e3250ddccd71c7ef8a93a26edda2e959b598703a85fa391630e052454e31390dd82d69afee5df2f287bdce8f45f6363c27e6e23ab92faefc7e8d78c10cc1f936f33c36a134cb8820b5749ff479f70834bd99d8e15ad79a1cb3d7ebf
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 43bb437d609866286dd839e1d00309f5
+            Version: 3
+            TBS:
+                MD5: cef292b5c6cdb07e480ccbba0c9d56d1
+                SHA1: 15c37dbebe6fcc77108e3d7ad982676d3d5e77f7
+                SHA256: 3cb152375fa9e694fd2f9167c382005166871c783774997df1a42e0b6013d82a
+                SHA384: e64427dea71a71110ebc317f3552cd7193c5743f72d5cac9257abe80346d15ee42930d5a85e16c02ea06f56c7e8811fb
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 43bb437d609866286dd839e1d00309f5
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 96861132665e8d66c0a91e6c02cc6639
+    LoadsDespiteHVCI: 'TRUE'
+-   Authentihash:
+        MD5: cccc614ee68ad25b5927f9e240439fce
+        SHA1: 28de9cad03c6f3f335b3b600666b6056a15e44bd
+        SHA256: a00b50cc1d95abc3ada635f331c5911d1aaf9ae8b86d359db6fc7f6fc5eb0c94
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2016-08-15 15:07:23'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - RtlInitUnicodeString
+    - ZwUnmapViewOfSection
+    - IofCompleteRequest
+    - ObfDereferenceObject
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - ExAllocatePoolWithTag
+    - KeBugCheckEx
+    - IoDeleteDevice
+    - ZwClose
+    - HalTranslateBusAddress
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: 7644bed8b74dc294ac77bf406df8ad77
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: ecfb3bbf1d60b610a6c44fb7be827131
+        SHA1: 862f9bdcc05548b8f7d53768c41488a9713ced4d
+        SHA256: ac08512daaffa35ed865486d3bc4afbede422e341788a404424aaa065716fa4e
+    SHA1: a32232a426c552667f710d2dcbd2fb9f9c50331d
+    SHA256: fe2fb5d6cfcd64aeb62e6bf5b71fd2b2a87886eb97ab59e5353ba740da9f5db5
+    Sections:
+        .text:
+            Entropy: 5.728812801931185
+            Virtual Size: '0x930'
+        .rdata:
+            Entropy: 4.523797319378384
+            Virtual Size: '0x240'
+        .data:
+            Entropy: 0.5035334969292564
+            Virtual Size: '0x118'
+        .pdata:
+            Entropy: 3.531568402609688
+            Virtual Size: '0xd8'
+        INIT:
+            Entropy: 4.869482280779335
+            Virtual Size: '0x2a2'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=California, L=SANTA CLARA, O=NVIDIA Corporation, CN=NVIDIA
+                Corporation
+            ValidFrom: '2015-07-28 00:00:00'
+            ValidTo: '2018-07-26 23:59:59'
+            Signature: 988b749e6c6dfa90bcce704fcb9c081682463fcb9369f50230799817c5a5d2070e4a9803fcbbd643deae6fa5e8487b3499d5adafdca75ded45bfaa51ffba486a50139e5307035cd720852628b94aeb21873e8d28a69cbc07c941c6a3225b7ff3e6f4f3fcf37aea2a8860af577d6d31cf5bcb986a0c8fb8a71daae5cc74e5432cf7b01af58b8ea0e6c510a1a841a22dbd3ca766d2e7a9177273931527c0677a66d279b269e1a1b99ff11ab5a2f8ff601e4627364239d821d898c9d7f6f57d016993af75523ea3a3df6b43afb3f55376309f63d0bad89acd2f03876dc7da206ec95bfe850b2774e6c6dc4dfd9a2d4e59a4951b47d49b90377d106504ee0fb77176
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 14781bc862e8dc503a559346f5dcc518
+            Version: 3
+            TBS:
+                MD5: ca9c04cba2830b5f4ef152b4a39d12ed
+                SHA1: f049a238763d4a90b148ab10a500f96ebf1dc436
+                SHA256: aef2a80c4f1f523fd6832fef743b9222808b1c71991e914635846ab8802c4fd9
+                SHA384: 9675fa13ddfdf105282fbbe4697fdda632d16b27b5b81844f5694b9022b0556e2d32ed6e1b9665b5d792499a314e7eb2
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 14781bc862e8dc503a559346f5dcc518
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 96861132665e8d66c0a91e6c02cc6639
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 93a900bd3c7c1be841556d9d58a27bc4
+        SHA1: 7bd52fad60a897b26b0d447f7a84e5d00808b3b3
+        SHA256: 48567fa742841208d4f93f54031218703241baec6f59b1e4ab8a71c26de1cf85
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2013-09-05 16:57:23'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - RtlInitUnicodeString
+    - ZwUnmapViewOfSection
+    - IofCompleteRequest
+    - ObfDereferenceObject
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - ExAllocatePoolWithTag
+    - KeBugCheckEx
+    - IoDeleteDevice
+    - ZwClose
+    - HalTranslateBusAddress
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: 01f092be2a36a5574005e25368426ad2
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: ecfb3bbf1d60b610a6c44fb7be827131
+        SHA1: 862f9bdcc05548b8f7d53768c41488a9713ced4d
+        SHA256: ac08512daaffa35ed865486d3bc4afbede422e341788a404424aaa065716fa4e
+    SHA1: a2167b723dfb24bf8565cbe2de0ecce77307fb9e
+    SHA256: 7ef8949637cb947f1a4e1d4e68d31d1385a600d1b1054b53e7417767461fafa7
+    Sections:
+        .text:
+            Entropy: 5.728812801931185
+            Virtual Size: '0x930'
+        .rdata:
+            Entropy: 4.128141432052858
+            Virtual Size: '0x208'
+        .data:
+            Entropy: 0.5035334969292564
+            Virtual Size: '0x118'
+        .pdata:
+            Entropy: 3.4299412084355048
+            Virtual Size: '0xd8'
+        INIT:
+            Entropy: 4.869482280779335
+            Virtual Size: '0x2a2'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=US, ST=California, L=Santa Clara, O=NVIDIA Corporation, OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, OU=Software, CN=NVIDIA
+                Corporation
+            ValidFrom: '2011-09-02 00:00:00'
+            ValidTo: '2014-09-01 23:59:59'
+            Signature: 5238793a97b2868da546597dbe0a1fba197ae635b9f53b53e26758194d749767e05fb1ce407fd31469376b37c67d5d48bc834f970ac733cd63d557e8a3be20a1fbf9d09e7a5c6c4ebd6fc18a68d0842d2ffdf6f79142d914c6521d227014040fa12f2afb3878aa065cfbed7fa29091b4fe54ea6237a0e1f8f183d0573ebb5bfe712cee4c49bd0b2f40c33bfcf0c7de0bc51ce01a70d14072d4d01216f36e388159220a4d8e3250ddccd71c7ef8a93a26edda2e959b598703a85fa391630e052454e31390dd82d69afee5df2f287bdce8f45f6363c27e6e23ab92faefc7e8d78c10cc1f936f33c36a134cb8820b5749ff479f70834bd99d8e15ad79a1cb3d7ebf
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 43bb437d609866286dd839e1d00309f5
+            Version: 3
+            TBS:
+                MD5: cef292b5c6cdb07e480ccbba0c9d56d1
+                SHA1: 15c37dbebe6fcc77108e3d7ad982676d3d5e77f7
+                SHA256: 3cb152375fa9e694fd2f9167c382005166871c783774997df1a42e0b6013d82a
+                SHA384: e64427dea71a71110ebc317f3552cd7193c5743f72d5cac9257abe80346d15ee42930d5a85e16c02ea06f56c7e8811fb
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 43bb437d609866286dd839e1d00309f5
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 96861132665e8d66c0a91e6c02cc6639
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 97b3a03083142169f3ed78c064262c4f
+        SHA1: c75bbd7f612b0ba6daedf6d399fb4e3405d70fce
+        SHA256: 6a95f3c5cec52da45f9b74660b81226b4314ec18e761490140173998500ae015
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2014-08-14 17:51:48'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - RtlInitUnicodeString
+    - ZwUnmapViewOfSection
+    - IofCompleteRequest
+    - ObfDereferenceObject
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - ExAllocatePoolWithTag
+    - KeBugCheckEx
+    - IoDeleteDevice
+    - ZwClose
+    - HalTranslateBusAddress
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: 0e51d96a3b878b396708535f49a6d7cb
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: ecfb3bbf1d60b610a6c44fb7be827131
+        SHA1: 862f9bdcc05548b8f7d53768c41488a9713ced4d
+        SHA256: ac08512daaffa35ed865486d3bc4afbede422e341788a404424aaa065716fa4e
+    SHA1: a9ea84ee976c66977bb7497aa374bba4f0dd2b27
+    SHA256: c188b36f258f38193ace21a7d254f0aec36b59ad7e3f9bcb9c2958108effebad
+    Sections:
+        .text:
+            Entropy: 5.728812801931185
+            Virtual Size: '0x930'
+        .rdata:
+            Entropy: 4.156635603004811
+            Virtual Size: '0x208'
+        .data:
+            Entropy: 0.5035334969292564
+            Virtual Size: '0x118'
+        .pdata:
+            Entropy: 3.4299412084355048
+            Virtual Size: '0xd8'
+        INIT:
+            Entropy: 4.869482280779335
+            Virtual Size: '0x2a2'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=US, ST=California, L=Santa Clara, O=NVIDIA Corporation, OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, OU=Software, CN=NVIDIA
+                Corporation
+            ValidFrom: '2011-09-02 00:00:00'
+            ValidTo: '2014-09-01 23:59:59'
+            Signature: 5238793a97b2868da546597dbe0a1fba197ae635b9f53b53e26758194d749767e05fb1ce407fd31469376b37c67d5d48bc834f970ac733cd63d557e8a3be20a1fbf9d09e7a5c6c4ebd6fc18a68d0842d2ffdf6f79142d914c6521d227014040fa12f2afb3878aa065cfbed7fa29091b4fe54ea6237a0e1f8f183d0573ebb5bfe712cee4c49bd0b2f40c33bfcf0c7de0bc51ce01a70d14072d4d01216f36e388159220a4d8e3250ddccd71c7ef8a93a26edda2e959b598703a85fa391630e052454e31390dd82d69afee5df2f287bdce8f45f6363c27e6e23ab92faefc7e8d78c10cc1f936f33c36a134cb8820b5749ff479f70834bd99d8e15ad79a1cb3d7ebf
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 43bb437d609866286dd839e1d00309f5
+            Version: 3
+            TBS:
+                MD5: cef292b5c6cdb07e480ccbba0c9d56d1
+                SHA1: 15c37dbebe6fcc77108e3d7ad982676d3d5e77f7
+                SHA256: 3cb152375fa9e694fd2f9167c382005166871c783774997df1a42e0b6013d82a
+                SHA384: e64427dea71a71110ebc317f3552cd7193c5743f72d5cac9257abe80346d15ee42930d5a85e16c02ea06f56c7e8811fb
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 43bb437d609866286dd839e1d00309f5
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 96861132665e8d66c0a91e6c02cc6639
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 756dd53ae9d6061a440cef458beb89e6
+        SHA1: d299f3e02e924746763838b6fbe37ebab64ce698
+        SHA256: b1b708dd7b10616693fd6b56e0b47d9fa6b90f9db28cbf3893b815222e2fa2e5
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2010-05-03 10:59:47'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - RtlInitUnicodeString
+    - ZwUnmapViewOfSection
+    - IofCompleteRequest
+    - ObfDereferenceObject
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - ExAllocatePoolWithTag
+    - KeBugCheckEx
+    - IoDeleteDevice
+    - ZwClose
+    - HalTranslateBusAddress
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: be54aabf09c3fa4671b6efacafa389e3
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: ecfb3bbf1d60b610a6c44fb7be827131
+        SHA1: 862f9bdcc05548b8f7d53768c41488a9713ced4d
+        SHA256: ac08512daaffa35ed865486d3bc4afbede422e341788a404424aaa065716fa4e
+    SHA1: 2027e5e8f2cfdfbd9081f99b65af4921626d77f9
+    SHA256: eef68fdc5df91660410fb9bed005ed08c258c44d66349192faf5bb5f09f5fa90
+    Sections:
+        .text:
+            Entropy: 5.7283354857251965
+            Virtual Size: '0x930'
+        .rdata:
+            Entropy: 4.13968207639289
+            Virtual Size: '0x208'
+        .data:
+            Entropy: 0.5035334969292564
+            Virtual Size: '0x118'
+        .pdata:
+            Entropy: 3.4299412084355048
+            Virtual Size: '0xd8'
+        INIT:
+            Entropy: 4.869482280779335
+            Virtual Size: '0x2a2'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=US, ST=California, L=Santa Clara, O=NVIDIA Corporation, OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, OU=Software, CN=NVIDIA
+                Corporation
+            ValidFrom: '2009-07-31 00:00:00'
+            ValidTo: '2011-09-01 23:59:59'
+            Signature: 637b2f21e7ca2d9c511e9d61685062a36b1fa997fd860d4ebad28445116b417cef4a1bd7dfeb3a0aa4de2e23eae4c7f3abf12e823e3f4aa43e11df3c5bc1822d42125ae4c85c5b1de854950abdf7c1c1dce54186c2294bee017fdacfb123b13d8b1fce69fd7f1f40a112a4b8ca5e17a54251afae7b60f5e5e75cc20cc86bb0578c8478d21c7293af4613094ceff5ead14b0933572693afa4157fbb2ab13cb7a8d44d99fff11be3c0813bbb421ee7a0ed6e6da8f0d0ba915af1db2c9bd63d1bf371ddad6002debf35d03c124253aa9f4b06e5e448a075ef4d084b8061724d7263d19c48b28d916c8a582b5841a161e18d48d6c9618b8100f4194ca648a2fc656b
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 534abed0be56d9840dd12ddb84f8b031
+            Version: 3
+            TBS:
+                MD5: 4914c1d2c944d48a9636059155440df8
+                SHA1: 0337264fca5a8d774786b5b275e03ab42edb11ae
+                SHA256: 8833131f04e02297c80b986ec7e7793e194fb144470dc36cc57a376487c2750b
+                SHA384: 8450d31af22887ac50415c01d88f7eb6081b7044ab8f35ac0b63e09828786258e73fed98f37c99df6d5472b6a34f6db3
+        Signer:
+        -   SerialNumber: 534abed0be56d9840dd12ddb84f8b031
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    Imphash: 96861132665e8d66c0a91e6c02cc6639
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 4dccef1e5f250b75954189afb0240d8e
+        SHA1: 7b16f47dac151d8ff54b249f930a37b72cd7094c
+        SHA256: 157ce9ae0d09766cfa3e5be8f90e2ac510f0ce3a0bb7cd97e3a5f9aa20c76661
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2016-09-01 17:53:00'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - RtlInitUnicodeString
+    - ZwUnmapViewOfSection
+    - IofCompleteRequest
+    - ObfDereferenceObject
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - ExAllocatePoolWithTag
+    - KeBugCheckEx
+    - IoDeleteDevice
+    - ZwClose
+    - HalTranslateBusAddress
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: 2e48c3b8042fdcef0ed435562407bd21
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: ecfb3bbf1d60b610a6c44fb7be827131
+        SHA1: 862f9bdcc05548b8f7d53768c41488a9713ced4d
+        SHA256: ac08512daaffa35ed865486d3bc4afbede422e341788a404424aaa065716fa4e
+    SHA1: 2f86a4828ba86034f0c043db3e3db33aa2cf5da5
+    SHA256: ffd1aef19646ffed09b56a2ace4fc8cdf5b2f714fcca1e7ffb82256264c94b18
+    Sections:
+        .text:
+            Entropy: 5.728812801931185
+            Virtual Size: '0x930'
+        .rdata:
+            Entropy: 4.5481411186421035
+            Virtual Size: '0x240'
+        .data:
+            Entropy: 0.5035334969292564
+            Virtual Size: '0x118'
+        .pdata:
+            Entropy: 3.531568402609688
+            Virtual Size: '0xd8'
+        INIT:
+            Entropy: 4.869482280779335
+            Virtual Size: '0x2a2'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=California, L=SANTA CLARA, O=NVIDIA Corporation, CN=NVIDIA
+                Corporation
+            ValidFrom: '2015-07-28 00:00:00'
+            ValidTo: '2018-07-26 23:59:59'
+            Signature: 988b749e6c6dfa90bcce704fcb9c081682463fcb9369f50230799817c5a5d2070e4a9803fcbbd643deae6fa5e8487b3499d5adafdca75ded45bfaa51ffba486a50139e5307035cd720852628b94aeb21873e8d28a69cbc07c941c6a3225b7ff3e6f4f3fcf37aea2a8860af577d6d31cf5bcb986a0c8fb8a71daae5cc74e5432cf7b01af58b8ea0e6c510a1a841a22dbd3ca766d2e7a9177273931527c0677a66d279b269e1a1b99ff11ab5a2f8ff601e4627364239d821d898c9d7f6f57d016993af75523ea3a3df6b43afb3f55376309f63d0bad89acd2f03876dc7da206ec95bfe850b2774e6c6dc4dfd9a2d4e59a4951b47d49b90377d106504ee0fb77176
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 14781bc862e8dc503a559346f5dcc518
+            Version: 3
+            TBS:
+                MD5: ca9c04cba2830b5f4ef152b4a39d12ed
+                SHA1: f049a238763d4a90b148ab10a500f96ebf1dc436
+                SHA256: aef2a80c4f1f523fd6832fef743b9222808b1c71991e914635846ab8802c4fd9
+                SHA384: 9675fa13ddfdf105282fbbe4697fdda632d16b27b5b81844f5694b9022b0556e2d32ed6e1b9665b5d792499a314e7eb2
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 14781bc862e8dc503a559346f5dcc518
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 96861132665e8d66c0a91e6c02cc6639
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 5e4355461b14f9d55215a176071d4cc8
+        SHA1: c905edb291eca91790fec309cbc00e8a6ce0534d
+        SHA256: 057e6a58e3515e56eab85ccb8ec5086552b7de98c886c37f6a5284c002615565
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2014-10-16 13:07:01'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - RtlInitUnicodeString
+    - ZwUnmapViewOfSection
+    - IofCompleteRequest
+    - ObfDereferenceObject
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - ExAllocatePoolWithTag
+    - KeBugCheckEx
+    - IoDeleteDevice
+    - ZwClose
+    - HalTranslateBusAddress
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: 7bdf418a65ec33ec8ff47e7de705a4e1
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: ecfb3bbf1d60b610a6c44fb7be827131
+        SHA1: 862f9bdcc05548b8f7d53768c41488a9713ced4d
+        SHA256: ac08512daaffa35ed865486d3bc4afbede422e341788a404424aaa065716fa4e
+    SHA1: 4dba2ac32ed58ead57dd36b18d1cb30cc1c7b9aa
+    SHA256: 50aa2b3a762abb1306fa003c60de3c78e89ea5d29aab8a9c6479792d2be3c2d7
+    Sections:
+        .text:
+            Entropy: 5.728812801931185
+            Virtual Size: '0x930'
+        .rdata:
+            Entropy: 4.169241673316241
+            Virtual Size: '0x208'
+        .data:
+            Entropy: 0.5035334969292564
+            Virtual Size: '0x118'
+        .pdata:
+            Entropy: 3.4299412084355048
+            Virtual Size: '0xd8'
+        INIT:
+            Entropy: 4.869482280779335
+            Virtual Size: '0x2a2'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Timestamping CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2028-01-28 12:00:00'
+            Signature: 4e5e56901e46b4d94931f3bb1739281bc216ddfd41dc0905049b6fb2a29ad6992e40990055b5ea3fa52076d38634d417cc553ac782eeefa8babcd8069f1550dfcd167b523a02d7191afdaff0785ce04bc518df3a241edaacb8a95804020730dbb0125efe31bef00448f4f070f83a5e5683cf3dfb0dbcf4c5ed979db9d4dba52784e3389b8ba735864420a43b6da46a0ba183fd28ebdaef28f6cc885dfb0a3b00abe021ebe22f356c0f8e344597eba2f79933357ecb9a8abb454de73f9fc2d98afa65b26ec77e65ffe892e12c31a2f7b02736488f266f3bee4d761f79c3e57f9635bc2d0ecc01b08e7fff518080a792d4b34446648c874f166307314b63b0dff3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee152d7
+            Version: 3
+            TBS:
+                MD5: e140543fe3256027cfa79fc3c19c1776
+                SHA1: c655f94eb1ecc93de319fc0c9a2dc6c5ec063728
+                SHA256: 3ca71e85908ff67368e4dc00253f5691b9e6d50c966e7784143d75fb92aa3448
+                SHA384: d9d366f9328f2b55ee19a32cc5fd5148b81d764282fe5dc196c872ae249caa51d2c212ef39f33945dfe0cda81925e326
+        -   Subject: C=SG, O=GMO GlobalSign Pte Ltd, CN=GlobalSign TSA for MS Authenticode
+                , G1
+            ValidFrom: '2013-08-23 00:00:00'
+            ValidTo: '2024-09-23 00:00:00'
+            Signature: 0231142e5857644185e8af12753c881cc35eec2ce9a13cf5baaa531db9d12963dc436786d439dadec6c9ffbe4585f4a4d7c151ea18ee40585ee67bcca241291338c8ea21169cce90a62efba6cad994df401df902182bbef65d4f9fff9a48dbc50509ca80cea0f9dc4bc323e6038fb4b4af5b71296191181a6b7af2fd0dd1cd7d5e98ebba705ee5f4ea43de353dc514818adb3e105ebb72faa1a093ab031cc1653c91138b045d2bc4b9161bcc55c50ce8abe743c9b28328a5531347ab3964b91cea3430b176009521f1d43da8fda00032d76e983ca69c3b0b83becbb8bb2a268c59b8b9aeaf26ace234a2dc210d810b3813f745a3e3dbc4aca16d1bb7e5615cd7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1121405c1f0ed258882be54d8686ba11ea45
+            Version: 3
+            TBS:
+                MD5: b95cbc184d388718612d5933f7b36770
+                SHA1: ff124c5d160710720108616ffee99bbe090ed363
+                SHA256: 13027620255363f07bbf85ae7d0dc06c07d8b0f4368b12f983ee3f4fce605733
+                SHA384: f42ed00f615f2822dcd3d33794477428afb52ddab932ebcde3586f92a27e18f9faba6b3334ca4e59e0cb24bdbf8395a6
+        -   Subject: C=US, ST=California, L=Santa Clara, O=NVIDIA Corporation, OU=IT,MIS,
+                CN=NVIDIA Corporation
+            ValidFrom: '2014-09-06 00:00:00'
+            ValidTo: '2015-09-07 23:59:59'
+            Signature: bcfe91c880a1d97088818c4357d5a3a5f0a96f10dd5ad25e5ef067731083a524a8b7a45432474047cdce10e75ad2992441ad7763f12c43eff30813e3c17773b0fa1f6908b40d2d1e370eae57136fae9607f2b321a0250dcda40398d2cce30727e3999f4794b35cd53e120d2ae9542a1b587a4ccb0e312cb415296cd03f1d4a11ba98ab1f8d6f662cd9c1a9cb78ba25d8e09eccacf1f26607fcc6370e68612e16e124e8b2715eaa1f64202436d61e5503f60eb379c7fdd1e220befc9d7f726346e8ebd9f4ab4e2aff32ce25896fcd6af2916c1d05210a306ff344767e7941b4e1519a65962977d9d823dfb31ec144d02466ea1ba0b8be4a10202c7ee238017585
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 5e477535c68343ba71c74d70b9e97d5b
+            Version: 3
+            TBS:
+                MD5: 07b62f399867bbd818b590e6fa595fc6
+                SHA1: 04ded4349cbca4e6cb5c266fb0ba0b06e1f4ec94
+                SHA256: 48d30c10f37a2158de95e7b556e100a45b5f397a0b1d35962f2b358fe872663e
+                SHA384: ac52af1a1e220b3c640b203905b78d0e978bd4f60b6338b972ff1461dcfb8d75125055cf7f613b3ca59a62091fc1c056
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 5e477535c68343ba71c74d70b9e97d5b
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 96861132665e8d66c0a91e6c02cc6639
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 71f51c78315024afb9112595b54be422
+        SHA1: 1989e7db7ce6b29f674bff8e7efa7056dd2711aa
+        SHA256: e69bba9f8aae090226841a02e6207fb37f784b83c6641ea15bd20e7bd3418d87
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2013-05-17 00:42:38'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - RtlInitUnicodeString
+    - ZwUnmapViewOfSection
+    - IofCompleteRequest
+    - ObfDereferenceObject
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - ExAllocatePoolWithTag
+    - KeBugCheckEx
+    - IoDeleteDevice
+    - ZwClose
+    - HalTranslateBusAddress
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: 697bbd86ee1d386ae1e99759b1e38919
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: ecfb3bbf1d60b610a6c44fb7be827131
+        SHA1: 862f9bdcc05548b8f7d53768c41488a9713ced4d
+        SHA256: ac08512daaffa35ed865486d3bc4afbede422e341788a404424aaa065716fa4e
+    SHA1: 1e959d6ae22c4d9fa5613c3a9d3b6e1b472be05d
+    SHA256: e2d6cdc3d8960a50d9f292bb337b3235956a61e4e8b16cf158cb979b777f42aa
+    Sections:
+        .text:
+            Entropy: 5.728812801931185
+            Virtual Size: '0x930'
+        .rdata:
+            Entropy: 4.143901353206941
+            Virtual Size: '0x208'
+        .data:
+            Entropy: 0.5035334969292564
+            Virtual Size: '0x118'
+        .pdata:
+            Entropy: 3.4299412084355048
+            Virtual Size: '0xd8'
+        INIT:
+            Entropy: 4.869482280779335
+            Virtual Size: '0x2a2'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=US, ST=California, L=Santa Clara, O=NVIDIA Corporation, OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, OU=Software, CN=NVIDIA
+                Corporation
+            ValidFrom: '2011-09-02 00:00:00'
+            ValidTo: '2014-09-01 23:59:59'
+            Signature: 5238793a97b2868da546597dbe0a1fba197ae635b9f53b53e26758194d749767e05fb1ce407fd31469376b37c67d5d48bc834f970ac733cd63d557e8a3be20a1fbf9d09e7a5c6c4ebd6fc18a68d0842d2ffdf6f79142d914c6521d227014040fa12f2afb3878aa065cfbed7fa29091b4fe54ea6237a0e1f8f183d0573ebb5bfe712cee4c49bd0b2f40c33bfcf0c7de0bc51ce01a70d14072d4d01216f36e388159220a4d8e3250ddccd71c7ef8a93a26edda2e959b598703a85fa391630e052454e31390dd82d69afee5df2f287bdce8f45f6363c27e6e23ab92faefc7e8d78c10cc1f936f33c36a134cb8820b5749ff479f70834bd99d8e15ad79a1cb3d7ebf
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 43bb437d609866286dd839e1d00309f5
+            Version: 3
+            TBS:
+                MD5: cef292b5c6cdb07e480ccbba0c9d56d1
+                SHA1: 15c37dbebe6fcc77108e3d7ad982676d3d5e77f7
+                SHA256: 3cb152375fa9e694fd2f9167c382005166871c783774997df1a42e0b6013d82a
+                SHA384: e64427dea71a71110ebc317f3552cd7193c5743f72d5cac9257abe80346d15ee42930d5a85e16c02ea06f56c7e8811fb
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 43bb437d609866286dd839e1d00309f5
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 96861132665e8d66c0a91e6c02cc6639
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 3efb557f699b3d5ae069b5863c744ac2
+        SHA1: b76b53a72b66938bb3e9c787d0e075260f3e821c
+        SHA256: 3cee638c546efe5bd23880da9fa2b90e8dd0fd4a228fb0ad96f6c11d47a52593
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2016-03-30 19:00:19'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - RtlInitUnicodeString
+    - ZwUnmapViewOfSection
+    - IofCompleteRequest
+    - ObfDereferenceObject
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - ExAllocatePoolWithTag
+    - KeBugCheckEx
+    - IoDeleteDevice
+    - ZwClose
+    - HalTranslateBusAddress
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: c60a4bc4fec820d88113afb1da6e4db3
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: ecfb3bbf1d60b610a6c44fb7be827131
+        SHA1: 862f9bdcc05548b8f7d53768c41488a9713ced4d
+        SHA256: ac08512daaffa35ed865486d3bc4afbede422e341788a404424aaa065716fa4e
+    SHA1: cb25d537f4e2872e5fcbd893da8ce3807137df80
+    SHA256: 0e9072759433abf3304667b332354e0c635964ff930de034294bf13d40da2a6f
+    Sections:
+        .text:
+            Entropy: 5.728812801931185
+            Virtual Size: '0x930'
+        .rdata:
+            Entropy: 4.523119611868724
+            Virtual Size: '0x240'
+        .data:
+            Entropy: 0.5035334969292564
+            Virtual Size: '0x118'
+        .pdata:
+            Entropy: 3.531568402609688
+            Virtual Size: '0xd8'
+        INIT:
+            Entropy: 4.869482280779335
+            Virtual Size: '0x2a2'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, ST=California, L=SANTA CLARA, O=NVIDIA Corporation, CN=NVIDIA
+                Corporation
+            ValidFrom: '2015-07-28 00:00:00'
+            ValidTo: '2018-07-26 23:59:59'
+            Signature: 988b749e6c6dfa90bcce704fcb9c081682463fcb9369f50230799817c5a5d2070e4a9803fcbbd643deae6fa5e8487b3499d5adafdca75ded45bfaa51ffba486a50139e5307035cd720852628b94aeb21873e8d28a69cbc07c941c6a3225b7ff3e6f4f3fcf37aea2a8860af577d6d31cf5bcb986a0c8fb8a71daae5cc74e5432cf7b01af58b8ea0e6c510a1a841a22dbd3ca766d2e7a9177273931527c0677a66d279b269e1a1b99ff11ab5a2f8ff601e4627364239d821d898c9d7f6f57d016993af75523ea3a3df6b43afb3f55376309f63d0bad89acd2f03876dc7da206ec95bfe850b2774e6c6dc4dfd9a2d4e59a4951b47d49b90377d106504ee0fb77176
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 14781bc862e8dc503a559346f5dcc518
+            Version: 3
+            TBS:
+                MD5: ca9c04cba2830b5f4ef152b4a39d12ed
+                SHA1: f049a238763d4a90b148ab10a500f96ebf1dc436
+                SHA256: aef2a80c4f1f523fd6832fef743b9222808b1c71991e914635846ab8802c4fd9
+                SHA384: 9675fa13ddfdf105282fbbe4697fdda632d16b27b5b81844f5694b9022b0556e2d32ed6e1b9665b5d792499a314e7eb2
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 14781bc862e8dc503a559346f5dcc518
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 96861132665e8d66c0a91e6c02cc6639
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: c907da5820cfab62231ad45c6c761800
+        SHA1: 5087f7ed135db66d4b58beaf09f1245e65171466
+        SHA256: cc041a5c21339d62c9ea05215c2c42697f73a3820c83133eb6c6fa574a095384
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2010-05-25 14:12:52'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - RtlInitUnicodeString
+    - ZwUnmapViewOfSection
+    - IofCompleteRequest
+    - ObfDereferenceObject
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - ExAllocatePoolWithTag
+    - KeBugCheckEx
+    - IoDeleteDevice
+    - ZwClose
+    - HalTranslateBusAddress
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: db2fc89098ac722dabe3c37ed23de340
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: ecfb3bbf1d60b610a6c44fb7be827131
+        SHA1: 862f9bdcc05548b8f7d53768c41488a9713ced4d
+        SHA256: ac08512daaffa35ed865486d3bc4afbede422e341788a404424aaa065716fa4e
+    SHA1: 1a01f3bdbfae4f8111674068a001aaf3363f21ea
+    SHA256: 20dd9542d30174585f2623642c7fbbda84e2347e4365e804e3f3d81f530c4ece
+    Sections:
+        .text:
+            Entropy: 5.7283354857251965
+            Virtual Size: '0x930'
+        .rdata:
+            Entropy: 4.143261336769458
+            Virtual Size: '0x208'
+        .data:
+            Entropy: 0.5035334969292564
+            Virtual Size: '0x118'
+        .pdata:
+            Entropy: 3.4299412084355048
+            Virtual Size: '0xd8'
+        INIT:
+            Entropy: 4.869482280779335
+            Virtual Size: '0x2a2'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=US, ST=California, L=Santa Clara, O=NVIDIA Corporation, OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, OU=Software, CN=NVIDIA
+                Corporation
+            ValidFrom: '2009-07-31 00:00:00'
+            ValidTo: '2011-09-01 23:59:59'
+            Signature: 637b2f21e7ca2d9c511e9d61685062a36b1fa997fd860d4ebad28445116b417cef4a1bd7dfeb3a0aa4de2e23eae4c7f3abf12e823e3f4aa43e11df3c5bc1822d42125ae4c85c5b1de854950abdf7c1c1dce54186c2294bee017fdacfb123b13d8b1fce69fd7f1f40a112a4b8ca5e17a54251afae7b60f5e5e75cc20cc86bb0578c8478d21c7293af4613094ceff5ead14b0933572693afa4157fbb2ab13cb7a8d44d99fff11be3c0813bbb421ee7a0ed6e6da8f0d0ba915af1db2c9bd63d1bf371ddad6002debf35d03c124253aa9f4b06e5e448a075ef4d084b8061724d7263d19c48b28d916c8a582b5841a161e18d48d6c9618b8100f4194ca648a2fc656b
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 534abed0be56d9840dd12ddb84f8b031
+            Version: 3
+            TBS:
+                MD5: 4914c1d2c944d48a9636059155440df8
+                SHA1: 0337264fca5a8d774786b5b275e03ab42edb11ae
+                SHA256: 8833131f04e02297c80b986ec7e7793e194fb144470dc36cc57a376487c2750b
+                SHA384: 8450d31af22887ac50415c01d88f7eb6081b7044ab8f35ac0b63e09828786258e73fed98f37c99df6d5472b6a34f6db3
+        Signer:
+        -   SerialNumber: 534abed0be56d9840dd12ddb84f8b031
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    Imphash: 96861132665e8d66c0a91e6c02cc6639
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: e8d2b5097e7fecf435927385bc6e526d
+        SHA1: 30de853698f8dbf7063e647f6c6c50759ce233de
+        SHA256: dcef3c2fe44a68992d2344a8ec129e9d35e7790f4317e9bd7bca6bf217252d91
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2015-07-29 21:48:50'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - RtlInitUnicodeString
+    - ZwUnmapViewOfSection
+    - IofCompleteRequest
+    - ObfDereferenceObject
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - ExAllocatePoolWithTag
+    - KeBugCheckEx
+    - IoDeleteDevice
+    - ZwClose
+    - HalTranslateBusAddress
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: 9ade14e58996a6abbfe2409d6cddba6a
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: ecfb3bbf1d60b610a6c44fb7be827131
+        SHA1: 862f9bdcc05548b8f7d53768c41488a9713ced4d
+        SHA256: ac08512daaffa35ed865486d3bc4afbede422e341788a404424aaa065716fa4e
+    SHA1: 81a319685d0b6112edee4bc25d14d6236f4e12da
+    SHA256: 747a4dc50915053649c499a508853a42d9e325a5eec22e586571e338c6d32465
+    Sections:
+        .text:
+            Entropy: 5.728812801931185
+            Virtual Size: '0x930'
+        .rdata:
+            Entropy: 4.151891107986793
+            Virtual Size: '0x208'
+        .data:
+            Entropy: 0.5035334969292564
+            Virtual Size: '0x118'
+        .pdata:
+            Entropy: 3.4299412084355048
+            Virtual Size: '0xd8'
+        INIT:
+            Entropy: 4.869482280779335
+            Virtual Size: '0x2a2'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=California, L=SANTA CLARA, O=NVIDIA Corporation, CN=NVIDIA
+                Corporation
+            ValidFrom: '2015-07-28 00:00:00'
+            ValidTo: '2018-07-26 23:59:59'
+            Signature: 988b749e6c6dfa90bcce704fcb9c081682463fcb9369f50230799817c5a5d2070e4a9803fcbbd643deae6fa5e8487b3499d5adafdca75ded45bfaa51ffba486a50139e5307035cd720852628b94aeb21873e8d28a69cbc07c941c6a3225b7ff3e6f4f3fcf37aea2a8860af577d6d31cf5bcb986a0c8fb8a71daae5cc74e5432cf7b01af58b8ea0e6c510a1a841a22dbd3ca766d2e7a9177273931527c0677a66d279b269e1a1b99ff11ab5a2f8ff601e4627364239d821d898c9d7f6f57d016993af75523ea3a3df6b43afb3f55376309f63d0bad89acd2f03876dc7da206ec95bfe850b2774e6c6dc4dfd9a2d4e59a4951b47d49b90377d106504ee0fb77176
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 14781bc862e8dc503a559346f5dcc518
+            Version: 3
+            TBS:
+                MD5: ca9c04cba2830b5f4ef152b4a39d12ed
+                SHA1: f049a238763d4a90b148ab10a500f96ebf1dc436
+                SHA256: aef2a80c4f1f523fd6832fef743b9222808b1c71991e914635846ab8802c4fd9
+                SHA384: 9675fa13ddfdf105282fbbe4697fdda632d16b27b5b81844f5694b9022b0556e2d32ed6e1b9665b5d792499a314e7eb2
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 14781bc862e8dc503a559346f5dcc518
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 96861132665e8d66c0a91e6c02cc6639
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: a56d1e854f91d1e76663b72d5ddb1cc5
+        SHA1: e127c3a0f3cf3a30a1a82f558b2bdcd995657b0c
+        SHA256: 46cb4aabe49917be885f2c42ade92aceda6b9d0b7739cf0e7c3c6d93820b67c3
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2009-12-22 16:57:52'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - RtlInitUnicodeString
+    - ZwUnmapViewOfSection
+    - IofCompleteRequest
+    - ObfDereferenceObject
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - ExAllocatePoolWithTag
+    - KeBugCheckEx
+    - IoDeleteDevice
+    - ZwClose
+    - HalTranslateBusAddress
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: 05bf59560656c8a9a3191812b0e1235b
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: ecfb3bbf1d60b610a6c44fb7be827131
+        SHA1: 862f9bdcc05548b8f7d53768c41488a9713ced4d
+        SHA256: ac08512daaffa35ed865486d3bc4afbede422e341788a404424aaa065716fa4e
+    SHA1: e840904ce12cc2f94eb1ec16b0b89e2822c24805
+    SHA256: f583cfb8aab7d084dc052dbd0b9d56693308cbb26bd1b607c2aedf8ee2b25e44
+    Sections:
+        .text:
+            Entropy: 5.7283354857251965
+            Virtual Size: '0x930'
+        .rdata:
+            Entropy: 4.129481876458999
+            Virtual Size: '0x208'
+        .data:
+            Entropy: 0.5035334969292564
+            Virtual Size: '0x118'
+        .pdata:
+            Entropy: 3.4299412084355048
+            Virtual Size: '0xd8'
+        INIT:
+            Entropy: 4.869482280779335
+            Virtual Size: '0x2a2'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=US, ST=California, L=Santa Clara, O=NVIDIA Corporation, OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, OU=Software, CN=NVIDIA
+                Corporation
+            ValidFrom: '2009-07-31 00:00:00'
+            ValidTo: '2011-09-01 23:59:59'
+            Signature: 637b2f21e7ca2d9c511e9d61685062a36b1fa997fd860d4ebad28445116b417cef4a1bd7dfeb3a0aa4de2e23eae4c7f3abf12e823e3f4aa43e11df3c5bc1822d42125ae4c85c5b1de854950abdf7c1c1dce54186c2294bee017fdacfb123b13d8b1fce69fd7f1f40a112a4b8ca5e17a54251afae7b60f5e5e75cc20cc86bb0578c8478d21c7293af4613094ceff5ead14b0933572693afa4157fbb2ab13cb7a8d44d99fff11be3c0813bbb421ee7a0ed6e6da8f0d0ba915af1db2c9bd63d1bf371ddad6002debf35d03c124253aa9f4b06e5e448a075ef4d084b8061724d7263d19c48b28d916c8a582b5841a161e18d48d6c9618b8100f4194ca648a2fc656b
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 534abed0be56d9840dd12ddb84f8b031
+            Version: 3
+            TBS:
+                MD5: 4914c1d2c944d48a9636059155440df8
+                SHA1: 0337264fca5a8d774786b5b275e03ab42edb11ae
+                SHA256: 8833131f04e02297c80b986ec7e7793e194fb144470dc36cc57a376487c2750b
+                SHA384: 8450d31af22887ac50415c01d88f7eb6081b7044ab8f35ac0b63e09828786258e73fed98f37c99df6d5472b6a34f6db3
+        Signer:
+        -   SerialNumber: 534abed0be56d9840dd12ddb84f8b031
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    Imphash: 96861132665e8d66c0a91e6c02cc6639
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 988c23aed10d8bdd1c41dd05249e1385
+        SHA1: 3b45a3e4c8bc157c97de9d010feea486c8263cca
+        SHA256: e5a6fe0d0a3894f55b7ba9b4d5a03022f6146544f1f874ae1ef32c29450535b7
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2013-02-26 16:39:45'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - RtlInitUnicodeString
+    - ZwUnmapViewOfSection
+    - IofCompleteRequest
+    - ObfDereferenceObject
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - ExAllocatePoolWithTag
+    - KeBugCheckEx
+    - IoDeleteDevice
+    - ZwClose
+    - HalTranslateBusAddress
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: 02fc655279b8ea3ef37237c488b675cc
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: ecfb3bbf1d60b610a6c44fb7be827131
+        SHA1: 862f9bdcc05548b8f7d53768c41488a9713ced4d
+        SHA256: ac08512daaffa35ed865486d3bc4afbede422e341788a404424aaa065716fa4e
+    SHA1: 5622caf22032e5cbef52f48077cfbcbbbe85e961
+    SHA256: f2a4ddc38e68efd2eac27b2562529926f5ade93575a82e8d3e0abb2b37347257
+    Sections:
+        .text:
+            Entropy: 5.728812801931185
+            Virtual Size: '0x930'
+        .rdata:
+            Entropy: 4.139695919721783
+            Virtual Size: '0x208'
+        .data:
+            Entropy: 0.5035334969292564
+            Virtual Size: '0x118'
+        .pdata:
+            Entropy: 3.4299412084355048
+            Virtual Size: '0xd8'
+        INIT:
+            Entropy: 4.869482280779335
+            Virtual Size: '0x2a2'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=US, ST=California, L=Santa Clara, O=NVIDIA Corporation, OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, OU=Software, CN=NVIDIA
+                Corporation
+            ValidFrom: '2011-09-02 00:00:00'
+            ValidTo: '2014-09-01 23:59:59'
+            Signature: 5238793a97b2868da546597dbe0a1fba197ae635b9f53b53e26758194d749767e05fb1ce407fd31469376b37c67d5d48bc834f970ac733cd63d557e8a3be20a1fbf9d09e7a5c6c4ebd6fc18a68d0842d2ffdf6f79142d914c6521d227014040fa12f2afb3878aa065cfbed7fa29091b4fe54ea6237a0e1f8f183d0573ebb5bfe712cee4c49bd0b2f40c33bfcf0c7de0bc51ce01a70d14072d4d01216f36e388159220a4d8e3250ddccd71c7ef8a93a26edda2e959b598703a85fa391630e052454e31390dd82d69afee5df2f287bdce8f45f6363c27e6e23ab92faefc7e8d78c10cc1f936f33c36a134cb8820b5749ff479f70834bd99d8e15ad79a1cb3d7ebf
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 43bb437d609866286dd839e1d00309f5
+            Version: 3
+            TBS:
+                MD5: cef292b5c6cdb07e480ccbba0c9d56d1
+                SHA1: 15c37dbebe6fcc77108e3d7ad982676d3d5e77f7
+                SHA256: 3cb152375fa9e694fd2f9167c382005166871c783774997df1a42e0b6013d82a
+                SHA384: e64427dea71a71110ebc317f3552cd7193c5743f72d5cac9257abe80346d15ee42930d5a85e16c02ea06f56c7e8811fb
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 43bb437d609866286dd839e1d00309f5
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 96861132665e8d66c0a91e6c02cc6639
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: c951c775c02cc9243a6feb863c36bae0
+        SHA1: 2ae5a1f9c96f3935d58830d2fdf00b4517dacfd9
+        SHA256: 51dbf446deb54beb8aef1de11e0f868ac062a9db0c31d0e16eff99203aec86a9
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2012-11-29 13:31:33'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - RtlInitUnicodeString
+    - ZwUnmapViewOfSection
+    - IofCompleteRequest
+    - ObfDereferenceObject
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - ExAllocatePoolWithTag
+    - KeBugCheckEx
+    - IoDeleteDevice
+    - ZwClose
+    - HalTranslateBusAddress
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: 547971da89a47b6ad6459cd7d7854e12
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: ecfb3bbf1d60b610a6c44fb7be827131
+        SHA1: 862f9bdcc05548b8f7d53768c41488a9713ced4d
+        SHA256: ac08512daaffa35ed865486d3bc4afbede422e341788a404424aaa065716fa4e
+    SHA1: 970af806aa5e9a57d42298ab5ffa6e0d0e46deda
+    SHA256: 1ce9e4600859293c59d884ea721e9b20b2410f6ef80699f8a78a6b9fad505dfc
+    Sections:
+        .text:
+            Entropy: 5.728812801931185
+            Virtual Size: '0x930'
+        .rdata:
+            Entropy: 4.140016187598986
+            Virtual Size: '0x208'
+        .data:
+            Entropy: 0.5035334969292564
+            Virtual Size: '0x118'
+        .pdata:
+            Entropy: 3.4299412084355048
+            Virtual Size: '0xd8'
+        INIT:
+            Entropy: 4.869482280779335
+            Virtual Size: '0x2a2'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G3
+            ValidFrom: '2012-05-01 00:00:00'
+            ValidTo: '2012-12-31 23:59:59'
+            Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
+            Version: 3
+            TBS:
+                MD5: e6d820afb23af20a65cf0b03247ea05e
+                SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
+                SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
+                SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=US, ST=California, L=Santa Clara, O=NVIDIA Corporation, OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, OU=Software, CN=NVIDIA
+                Corporation
+            ValidFrom: '2011-09-02 00:00:00'
+            ValidTo: '2014-09-01 23:59:59'
+            Signature: 5238793a97b2868da546597dbe0a1fba197ae635b9f53b53e26758194d749767e05fb1ce407fd31469376b37c67d5d48bc834f970ac733cd63d557e8a3be20a1fbf9d09e7a5c6c4ebd6fc18a68d0842d2ffdf6f79142d914c6521d227014040fa12f2afb3878aa065cfbed7fa29091b4fe54ea6237a0e1f8f183d0573ebb5bfe712cee4c49bd0b2f40c33bfcf0c7de0bc51ce01a70d14072d4d01216f36e388159220a4d8e3250ddccd71c7ef8a93a26edda2e959b598703a85fa391630e052454e31390dd82d69afee5df2f287bdce8f45f6363c27e6e23ab92faefc7e8d78c10cc1f936f33c36a134cb8820b5749ff479f70834bd99d8e15ad79a1cb3d7ebf
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 43bb437d609866286dd839e1d00309f5
+            Version: 3
+            TBS:
+                MD5: cef292b5c6cdb07e480ccbba0c9d56d1
+                SHA1: 15c37dbebe6fcc77108e3d7ad982676d3d5e77f7
+                SHA256: 3cb152375fa9e694fd2f9167c382005166871c783774997df1a42e0b6013d82a
+                SHA384: e64427dea71a71110ebc317f3552cd7193c5743f72d5cac9257abe80346d15ee42930d5a85e16c02ea06f56c7e8811fb
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 43bb437d609866286dd839e1d00309f5
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 96861132665e8d66c0a91e6c02cc6639
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 5db877819ab673a0f2abea7867e6bf98
+        SHA1: 2060f97a7138f29dfeeef3258ecfe5256da8ae87
+        SHA256: 6694435663bf283a3d5f20e9c90cf1bc4d3687e381b32e1a004a9d24471eb95b
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2013-04-30 23:06:23'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - RtlInitUnicodeString
+    - ZwUnmapViewOfSection
+    - IofCompleteRequest
+    - ObfDereferenceObject
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - ExAllocatePoolWithTag
+    - KeBugCheckEx
+    - IoDeleteDevice
+    - ZwClose
+    - HalTranslateBusAddress
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: 87982977500b93330df08bf372435641
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: ecfb3bbf1d60b610a6c44fb7be827131
+        SHA1: 862f9bdcc05548b8f7d53768c41488a9713ced4d
+        SHA256: ac08512daaffa35ed865486d3bc4afbede422e341788a404424aaa065716fa4e
+    SHA1: 343ec3073fc84968e40a145dc9260a403966bcb4
+    SHA256: 7c933f5d07ccb4bd715666cd6eb35a774b266ddd8d212849535a54192a44f667
+    Sections:
+        .text:
+            Entropy: 5.728812801931185
+            Virtual Size: '0x930'
+        .rdata:
+            Entropy: 4.123552805436646
+            Virtual Size: '0x208'
+        .data:
+            Entropy: 0.5035334969292564
+            Virtual Size: '0x118'
+        .pdata:
+            Entropy: 3.4299412084355048
+            Virtual Size: '0xd8'
+        INIT:
+            Entropy: 4.869482280779335
+            Virtual Size: '0x2a2'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=US, ST=California, L=Santa Clara, O=NVIDIA Corporation, OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, OU=Software, CN=NVIDIA
+                Corporation
+            ValidFrom: '2011-09-02 00:00:00'
+            ValidTo: '2014-09-01 23:59:59'
+            Signature: 5238793a97b2868da546597dbe0a1fba197ae635b9f53b53e26758194d749767e05fb1ce407fd31469376b37c67d5d48bc834f970ac733cd63d557e8a3be20a1fbf9d09e7a5c6c4ebd6fc18a68d0842d2ffdf6f79142d914c6521d227014040fa12f2afb3878aa065cfbed7fa29091b4fe54ea6237a0e1f8f183d0573ebb5bfe712cee4c49bd0b2f40c33bfcf0c7de0bc51ce01a70d14072d4d01216f36e388159220a4d8e3250ddccd71c7ef8a93a26edda2e959b598703a85fa391630e052454e31390dd82d69afee5df2f287bdce8f45f6363c27e6e23ab92faefc7e8d78c10cc1f936f33c36a134cb8820b5749ff479f70834bd99d8e15ad79a1cb3d7ebf
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 43bb437d609866286dd839e1d00309f5
+            Version: 3
+            TBS:
+                MD5: cef292b5c6cdb07e480ccbba0c9d56d1
+                SHA1: 15c37dbebe6fcc77108e3d7ad982676d3d5e77f7
+                SHA256: 3cb152375fa9e694fd2f9167c382005166871c783774997df1a42e0b6013d82a
+                SHA384: e64427dea71a71110ebc317f3552cd7193c5743f72d5cac9257abe80346d15ee42930d5a85e16c02ea06f56c7e8811fb
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 43bb437d609866286dd839e1d00309f5
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 96861132665e8d66c0a91e6c02cc6639
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/d5118882-6cdd-4b06-8bf4-e9818f16137e.yaml b/yaml/d5118882-6cdd-4b06-8bf4-e9818f16137e.yaml
index a1fb7103d..e610f7b29 100644
--- a/yaml/d5118882-6cdd-4b06-8bf4-e9818f16137e.yaml
+++ b/yaml/d5118882-6cdd-4b06-8bf4-e9818f16137e.yaml
@@ -1,35 +1,35 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: d5118882-6cdd-4b06-8bf4-e9818f16137e
+Tags:
+- nt3.sys
+Verified: 'FALSE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create nt3.sys binPath=C:\windows\temp \n \n \n  t3.sys type=kernel
-    && sc.exe start nt3.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection: []
-Id: d5118882-6cdd-4b06-8bf4-e9818f16137e
-KnownVulnerableSamples:
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: nt3.sys
-  MachineType: ''
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA256: 7d8937c18d6e11a0952e53970a0934cf0e65515637ac24d6ca52ccf4b93d385f
-  Signature: []
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create nt3.sys binPath=C:\windows\temp \n \n \n  t3.sys type=kernel
+        && sc.exe start nt3.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules
-Tags:
-- nt3.sys
-Verified: 'FALSE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: nt3.sys
+    MachineType: ''
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA256: 7d8937c18d6e11a0952e53970a0934cf0e65515637ac24d6ca52ccf4b93d385f
+    Signature: []
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/d55a5955-6220-4f38-ba7d-91339330fe98.yaml b/yaml/d55a5955-6220-4f38-ba7d-91339330fe98.yaml
index b07f1eb35..fede7fcfc 100644
--- a/yaml/d55a5955-6220-4f38-ba7d-91339330fe98.yaml
+++ b/yaml/d55a5955-6220-4f38-ba7d-91339330fe98.yaml
@@ -1,1274 +1,1283 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: d55a5955-6220-4f38-ba7d-91339330fe98
+Tags:
+- nvflash.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create nvflash.sys binPath=C:\windows\temp \n \n \n  vflash.sys
-    type=kernel && sc.exe start nvflash.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/afdd66562dea51001c3a9de300f91fc3eb965d6848dfce92ccb9b75853e02508.yara
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: d55a5955-6220-4f38-ba7d-91339330fe98
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: aa2051841a882c7080ddf6b224f838da
-    SHA1: ee9073dedb3f05797de41f79be5cc2e5e5028b61
-    SHA256: 1c8cb72b9a011b60b1b9caea508b26fbbd95a1e3634af66082417381fe6544fb
-  Company: NVIDIA Corporation
-  Copyright: (C) 2017 NVIDIA Corporation. All rights reserved.
-  CreationTimestamp: '2019-02-01 01:06:05'
-  Date: ''
-  Description: NVIDIA Flash Driver, Version 1.8.0
-  ExportedFunctions: ''
-  FileVersion: 1.8.0
-  Filename: nvflash.sys
-  ImportedFunctions:
-  - ExFreePoolWithTag
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ObReferenceObjectByHandle
-  - ExAllocatePool
-  - ZwClose
-  - ZwOpenSection
-  - ZwMapViewOfSection
-  - ZwUnmapViewOfSection
-  - KeBugCheckEx
-  - ObfDereferenceObject
-  - RtlInitUnicodeString
-  - MmGetSystemRoutineAddress
-  - ObOpenObjectByPointer
-  - IoDeviceObjectType
-  - IoCreateDevice
-  - ZwSetSecurityObject
-  - RtlGetOwnerSecurityDescriptor
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetSaclSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - RtlLengthSecurityDescriptor
-  - _snwprintf
-  - RtlCreateSecurityDescriptor
-  - RtlLengthSid
-  - SeExports
-  - IoIsWdmVersionAvailable
-  - RtlAbsoluteToSelfRelativeSD
-  - RtlAddAccessAllowedAce
-  - RtlSetDaclSecurityDescriptor
-  - _wcsnicmp
-  - ExAllocatePoolWithTag
-  - wcschr
-  - ZwOpenKey
-  - ZwQueryValueKey
-  - RtlFreeUnicodeString
-  - ZwSetValueKey
-  - ZwCreateKey
-  - ExAllocatePoolWithQuotaTag
-  - ZwQuerySystemInformation
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: nvflash
-  MD5: 84fb76ee319073e77fb364bbbbff5461
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: nvflash.sys
-  Product: NVIDIA Flash Driver
-  ProductVersion: 1.8.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 1ef72b438a6f0585025fd9319f10ded0
-    SHA1: f38a9c1bcdec48083bacb97f2ddb5f2fbc6792ed
-    SHA256: 085312ca2a98e019814c6a6bffec61fcd4279edf9250a519ead341ba828a55b4
-  SHA1: a4b2c56c12799855162ca3b004b4b2078c6ecf77
-  SHA256: afdd66562dea51001c3a9de300f91fc3eb965d6848dfce92ccb9b75853e02508
-  Sections:
-    .text:
-      Entropy: 6.360022958332474
-      Virtual Size: '0x1b40'
-    .rdata:
-      Entropy: 4.277077197078279
-      Virtual Size: '0x818'
-    .data:
-      Entropy: 1.890457584506392
-      Virtual Size: '0x248'
-    .pdata:
-      Entropy: 4.233626125165851
-      Virtual Size: '0x36c'
-    PAGE:
-      Entropy: 6.2778472843180975
-      Virtual Size: '0x1bc4'
-    INIT:
-      Entropy: 4.8735935335934135
-      Virtual Size: '0x5a6'
-    .rsrc:
-      Entropy: 3.2654027990870595
-      Virtual Size: '0x390'
-    .reloc:
-      Entropy: 3.138803162769666
-      Virtual Size: '0x28'
-  Signature:
-  - NVIDIA Corporation
-  - VeriSign Class 3 Code Signing 2010 CA
-  - VeriSign
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, ST=California, L=Santa Clara, O=NVIDIA Corporation, OU=IT,MIS,
-        CN=NVIDIA Corporation
-      ValidFrom: '2018-07-09 00:00:00'
-      ValidTo: '2019-07-10 23:59:59'
-      Signature: e16f403e9d4ad4eb92ff8c7cb35f08838ae4c714539398996b0998de180e70e3dc31155318bce5acf29464b2d2f5abec7f8e6d81fac7e99f121f49cd724e930215907f4d7d12acad911d0bfe9f4247b4a9e3cb1644c85d9d4df75f3c8b429b1a0014ddef7701365b60ea013eec2136309e7d918303f87f17d39d64685fddb5ea610e98ef8ac96e503b16634c69eb9aa91dd4b01973e2c54d626e7f6d1096273f04f61c79e0fda32842cc4c313da10ec23032db9e26d4435bff9c4522e82b881cd3ff6b8a587fe017db52b6a1156fd16788c1a585ad141f414c821acf7399440c982b7cbc5345a866303592a977df3df905215f3708692cf44d9f141b789f2f03
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 4fbe0a02426ebd20c26244b5eca652a3
-      Version: 3
-      TBS:
-        MD5: 1de08c5d4f3fc8565ecc362fa01114ef
-        SHA1: 17d12b784a180588ebffbd8275101648b5484f94
-        SHA256: d9ca17863bfb2ca747a76b66d7c4351ab72f1be3d7a9c40eb2aa9938efc6a779
-        SHA384: e1b8dcee10dd623dfc88ed9adaba1066c52cc5905d49118e51982360cd4b0acd76c84871494821f07da66034fa0d3779
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 4fbe0a02426ebd20c26244b5eca652a3
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 95fe5e937e5acf9bea948fe0256e46ae
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 295b04fae35a06d5277495f8cc871cd2
-    SHA1: e32288042163c61a55fd5cd05f7e1e0ebe2d3064
-    SHA256: b62ecd7eccde402456eab582b49705cc77065d7015e7d92bbc06e0fcff097e58
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2011-04-05 17:22:50'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - RtlInitUnicodeString
-  - ZwUnmapViewOfSection
-  - IofCompleteRequest
-  - ObfDereferenceObject
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - ExAllocatePoolWithTag
-  - KeBugCheckEx
-  - IoDeleteDevice
-  - ZwClose
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: 7951fa3096c99295d681acb0742506bf
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: ecfb3bbf1d60b610a6c44fb7be827131
-    SHA1: 862f9bdcc05548b8f7d53768c41488a9713ced4d
-    SHA256: ac08512daaffa35ed865486d3bc4afbede422e341788a404424aaa065716fa4e
-  SHA1: 8275977e4b586e485e9025222d0a582fcb9e1e8f
-  SHA256: 423d58265b22504f512a84faf787c1af17c44445ae68f7adcaa68b6f970e7bd5
-  Sections:
-    .text:
-      Entropy: 5.728812801931185
-      Virtual Size: '0x930'
-    .rdata:
-      Entropy: 4.165395519470088
-      Virtual Size: '0x208'
-    .data:
-      Entropy: 0.5035334969292564
-      Virtual Size: '0x118'
-    .pdata:
-      Entropy: 3.4299412084355048
-      Virtual Size: '0xd8'
-    INIT:
-      Entropy: 4.869482280779335
-      Virtual Size: '0x2a2'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=US, ST=California, L=Santa Clara, O=NVIDIA Corporation, OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=Software, CN=NVIDIA Corporation
-      ValidFrom: '2009-07-31 00:00:00'
-      ValidTo: '2011-09-01 23:59:59'
-      Signature: 637b2f21e7ca2d9c511e9d61685062a36b1fa997fd860d4ebad28445116b417cef4a1bd7dfeb3a0aa4de2e23eae4c7f3abf12e823e3f4aa43e11df3c5bc1822d42125ae4c85c5b1de854950abdf7c1c1dce54186c2294bee017fdacfb123b13d8b1fce69fd7f1f40a112a4b8ca5e17a54251afae7b60f5e5e75cc20cc86bb0578c8478d21c7293af4613094ceff5ead14b0933572693afa4157fbb2ab13cb7a8d44d99fff11be3c0813bbb421ee7a0ed6e6da8f0d0ba915af1db2c9bd63d1bf371ddad6002debf35d03c124253aa9f4b06e5e448a075ef4d084b8061724d7263d19c48b28d916c8a582b5841a161e18d48d6c9618b8100f4194ca648a2fc656b
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 534abed0be56d9840dd12ddb84f8b031
-      Version: 3
-      TBS:
-        MD5: 4914c1d2c944d48a9636059155440df8
-        SHA1: 0337264fca5a8d774786b5b275e03ab42edb11ae
-        SHA256: 8833131f04e02297c80b986ec7e7793e194fb144470dc36cc57a376487c2750b
-        SHA384: 8450d31af22887ac50415c01d88f7eb6081b7044ab8f35ac0b63e09828786258e73fed98f37c99df6d5472b6a34f6db3
-    Signer:
-    - SerialNumber: 534abed0be56d9840dd12ddb84f8b031
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  Imphash: 96861132665e8d66c0a91e6c02cc6639
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 5ac9678fbcdfd64ee45720a111a775ce
-    SHA1: 892200c0bae37ab60decf28ce9e83d9cb56aca24
-    SHA256: dde12d20a00f7987f6e53eeeee3d5667482940f06d012a0003b80f217a105d74
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2016-09-13 10:55:59'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - ZwOpenSection
-  - RtlInitUnicodeString
-  - ZwUnmapViewOfSection
-  - IofCompleteRequest
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ObReferenceObjectByHandle
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - ExAllocatePoolWithTag
-  - KeTickCount
-  - KeBugCheckEx
-  - ZwMapViewOfSection
-  - ObfDereferenceObject
-  - ExFreePoolWithTag
-  - ZwClose
-  - READ_PORT_ULONG
-  - HalTranslateBusAddress
-  - WRITE_PORT_ULONG
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: 5c5f1c2dc6c2479bafec7c010c41c6ec
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: e13d58791de2d0a78a75e7aa5895f01c
-    SHA1: b01e89baeba99bf6936438515a7908c0e67e1904
-    SHA256: 8c7a52aca95ef6b480d3aa8b2fc87809f8761197b6a2df4bae7a34da6664f6c6
-  SHA1: bff4c3696d81002c56f473a8ab353ef0e45854c0
-  SHA256: 159dcf37dc723d6db2bad46ed6a1b0e31d72390ec298a5413c7be318aef4a241
-  Sections:
-    .text:
-      Entropy: 6.103723738242973
-      Virtual Size: '0x730'
-    .rdata:
-      Entropy: 4.683655651752889
-      Virtual Size: '0xfe'
-    .data:
-      Entropy: 2.1258145836939115
-      Virtual Size: '0xc'
-    INIT:
-      Entropy: 5.339356970733769
-      Virtual Size: '0x27a'
-    .reloc:
-      Entropy: 4.318633733633229
-      Virtual Size: '0x8c'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=California, L=SANTA CLARA, O=NVIDIA Corporation, CN=NVIDIA
-        Corporation
-      ValidFrom: '2015-07-28 00:00:00'
-      ValidTo: '2018-07-26 23:59:59'
-      Signature: 988b749e6c6dfa90bcce704fcb9c081682463fcb9369f50230799817c5a5d2070e4a9803fcbbd643deae6fa5e8487b3499d5adafdca75ded45bfaa51ffba486a50139e5307035cd720852628b94aeb21873e8d28a69cbc07c941c6a3225b7ff3e6f4f3fcf37aea2a8860af577d6d31cf5bcb986a0c8fb8a71daae5cc74e5432cf7b01af58b8ea0e6c510a1a841a22dbd3ca766d2e7a9177273931527c0677a66d279b269e1a1b99ff11ab5a2f8ff601e4627364239d821d898c9d7f6f57d016993af75523ea3a3df6b43afb3f55376309f63d0bad89acd2f03876dc7da206ec95bfe850b2774e6c6dc4dfd9a2d4e59a4951b47d49b90377d106504ee0fb77176
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 14781bc862e8dc503a559346f5dcc518
-      Version: 3
-      TBS:
-        MD5: ca9c04cba2830b5f4ef152b4a39d12ed
-        SHA1: f049a238763d4a90b148ab10a500f96ebf1dc436
-        SHA256: aef2a80c4f1f523fd6832fef743b9222808b1c71991e914635846ab8802c4fd9
-        SHA384: 9675fa13ddfdf105282fbbe4697fdda632d16b27b5b81844f5694b9022b0556e2d32ed6e1b9665b5d792499a314e7eb2
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 14781bc862e8dc503a559346f5dcc518
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 528ac7a1e034801d1f20238971c6ec19
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 6ce547f684956e135eb7798664aba3ec
-    SHA1: fd986601f23ed39308f35a13a54a080065e2b45d
-    SHA256: 4b38c075ba6523502dfd39ed10757db58234a1c84d4952b65e30b4a8679bfcca
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2016-06-14 16:02:51'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - RtlInitUnicodeString
-  - ZwUnmapViewOfSection
-  - IofCompleteRequest
-  - ObfDereferenceObject
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - ExAllocatePoolWithTag
-  - KeBugCheckEx
-  - IoDeleteDevice
-  - ZwClose
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: cf1113723e3c1c71af80d228f040c198
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: ecfb3bbf1d60b610a6c44fb7be827131
-    SHA1: 862f9bdcc05548b8f7d53768c41488a9713ced4d
-    SHA256: ac08512daaffa35ed865486d3bc4afbede422e341788a404424aaa065716fa4e
-  SHA1: 6ed5c2313eecd97b78aa5dcdb442dd47345c9e43
-  SHA256: 1e9ec6b3e83055ae90f3664a083c46885c506d33de5e2a49f5f1189e89fa9f0a
-  Sections:
-    .text:
-      Entropy: 5.728812801931185
-      Virtual Size: '0x930'
-    .rdata:
-      Entropy: 4.5312340971202705
-      Virtual Size: '0x240'
-    .data:
-      Entropy: 0.5035334969292564
-      Virtual Size: '0x118'
-    .pdata:
-      Entropy: 3.531568402609688
-      Virtual Size: '0xd8'
-    INIT:
-      Entropy: 4.869482280779335
-      Virtual Size: '0x2a2'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Timestamping CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2028-01-28 12:00:00'
-      Signature: 4e5e56901e46b4d94931f3bb1739281bc216ddfd41dc0905049b6fb2a29ad6992e40990055b5ea3fa52076d38634d417cc553ac782eeefa8babcd8069f1550dfcd167b523a02d7191afdaff0785ce04bc518df3a241edaacb8a95804020730dbb0125efe31bef00448f4f070f83a5e5683cf3dfb0dbcf4c5ed979db9d4dba52784e3389b8ba735864420a43b6da46a0ba183fd28ebdaef28f6cc885dfb0a3b00abe021ebe22f356c0f8e344597eba2f79933357ecb9a8abb454de73f9fc2d98afa65b26ec77e65ffe892e12c31a2f7b02736488f266f3bee4d761f79c3e57f9635bc2d0ecc01b08e7fff518080a792d4b34446648c874f166307314b63b0dff3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee152d7
-      Version: 3
-      TBS:
-        MD5: e140543fe3256027cfa79fc3c19c1776
-        SHA1: c655f94eb1ecc93de319fc0c9a2dc6c5ec063728
-        SHA256: 3ca71e85908ff67368e4dc00253f5691b9e6d50c966e7784143d75fb92aa3448
-        SHA384: d9d366f9328f2b55ee19a32cc5fd5148b81d764282fe5dc196c872ae249caa51d2c212ef39f33945dfe0cda81925e326
-    - Subject: C=SG, O=GMO GlobalSign Pte Ltd, CN=GlobalSign TSA for MS Authenticode
-        , G2
-      ValidFrom: '2015-02-03 00:00:00'
-      ValidTo: '2026-03-03 00:00:00'
-      Signature: 8032dc078d1ca09c9d3c2ae83d218b59a14d7ecc44ce03be7eaabcc4e67b73bb4bf188da904e7537283863b9d72b0f54a956ce7739973073cd9bd9d905451c8da4b8035d4fd91c2e98e0e988e6ecd7057e562a7bf7165ba3ad8f972512841bb25c634a0ad2ef10544782843569289c0ce41f141624fa75dc74726e4ecae36a43afcf7d3648d1bde906912c2fa6c871fdcfbdd89d2198fcafdbde228cafa7f377ef9ddca3704b441af078851ef2a58c39b5dc881c37edad14f5070b26bdbe6d025eb1b8b0586c853a0df6ff5a270cc5de53e7543c564cc94e4c30f6f25cfb1a8cc282bead5991f61b4d557bcf5b01dcfd7ad36f235c32479b01f3c15114468a9b
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112106a081d33fd87ae5824cc16b52094e03
-      Version: 3
-      TBS:
-        MD5: a0ac4d48fe852f7b3ed4e623d59a825f
-        SHA1: d4db9846bc4d7db142eeb364286f6de7c102420c
-        SHA256: 78d2e41a13eb4e9171bae2d2adb192cf39210b5231f77cda936bcfbe8c003bdf
-        SHA384: 990ed96dca5979deeedc98a012279f04efb5559d7e7f5084a12f3802ee9439326557aecefd081cff739b78515b5d7f50
-    - Subject: C=US, ST=California, L=SANTA CLARA, O=NVIDIA Corporation, CN=NVIDIA
-        Corporation
-      ValidFrom: '2015-07-28 00:00:00'
-      ValidTo: '2018-07-26 23:59:59'
-      Signature: 988b749e6c6dfa90bcce704fcb9c081682463fcb9369f50230799817c5a5d2070e4a9803fcbbd643deae6fa5e8487b3499d5adafdca75ded45bfaa51ffba486a50139e5307035cd720852628b94aeb21873e8d28a69cbc07c941c6a3225b7ff3e6f4f3fcf37aea2a8860af577d6d31cf5bcb986a0c8fb8a71daae5cc74e5432cf7b01af58b8ea0e6c510a1a841a22dbd3ca766d2e7a9177273931527c0677a66d279b269e1a1b99ff11ab5a2f8ff601e4627364239d821d898c9d7f6f57d016993af75523ea3a3df6b43afb3f55376309f63d0bad89acd2f03876dc7da206ec95bfe850b2774e6c6dc4dfd9a2d4e59a4951b47d49b90377d106504ee0fb77176
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 14781bc862e8dc503a559346f5dcc518
-      Version: 3
-      TBS:
-        MD5: ca9c04cba2830b5f4ef152b4a39d12ed
-        SHA1: f049a238763d4a90b148ab10a500f96ebf1dc436
-        SHA256: aef2a80c4f1f523fd6832fef743b9222808b1c71991e914635846ab8802c4fd9
-        SHA384: 9675fa13ddfdf105282fbbe4697fdda632d16b27b5b81844f5694b9022b0556e2d32ed6e1b9665b5d792499a314e7eb2
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 14781bc862e8dc503a559346f5dcc518
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 96861132665e8d66c0a91e6c02cc6639
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 452cbd4e5e9e746612dd4d3c7c154361
-    SHA1: 2c3d006c7c639bffd8828aae973238f570a3d74e
-    SHA256: d9434a50e1a6252f23af362631a5576017cce3ef109d7fc93748de8bd46f9385
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2014-08-01 18:05:12'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - RtlInitUnicodeString
-  - ZwUnmapViewOfSection
-  - IofCompleteRequest
-  - ObfDereferenceObject
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - ExAllocatePoolWithTag
-  - KeBugCheckEx
-  - IoDeleteDevice
-  - ZwClose
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: 3482acba11c71e45026747dbe366a7d9
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: ecfb3bbf1d60b610a6c44fb7be827131
-    SHA1: 862f9bdcc05548b8f7d53768c41488a9713ced4d
-    SHA256: ac08512daaffa35ed865486d3bc4afbede422e341788a404424aaa065716fa4e
-  SHA1: d0216ebc81618c22d9d51f2f702c739625f40037
-  SHA256: 3b2ad08123e8ed2516548240cfcdf5eefd89293f31070a6cd3949ee1b66fed14
-  Sections:
-    .text:
-      Entropy: 5.728812801931185
-      Virtual Size: '0x930'
-    .rdata:
-      Entropy: 4.147925362595232
-      Virtual Size: '0x208'
-    .data:
-      Entropy: 0.5035334969292564
-      Virtual Size: '0x118'
-    .pdata:
-      Entropy: 3.4299412084355048
-      Virtual Size: '0xd8'
-    INIT:
-      Entropy: 4.869482280779335
-      Virtual Size: '0x2a2'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=US, ST=California, L=Santa Clara, O=NVIDIA Corporation, OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=Software, CN=NVIDIA Corporation
-      ValidFrom: '2011-09-02 00:00:00'
-      ValidTo: '2014-09-01 23:59:59'
-      Signature: 5238793a97b2868da546597dbe0a1fba197ae635b9f53b53e26758194d749767e05fb1ce407fd31469376b37c67d5d48bc834f970ac733cd63d557e8a3be20a1fbf9d09e7a5c6c4ebd6fc18a68d0842d2ffdf6f79142d914c6521d227014040fa12f2afb3878aa065cfbed7fa29091b4fe54ea6237a0e1f8f183d0573ebb5bfe712cee4c49bd0b2f40c33bfcf0c7de0bc51ce01a70d14072d4d01216f36e388159220a4d8e3250ddccd71c7ef8a93a26edda2e959b598703a85fa391630e052454e31390dd82d69afee5df2f287bdce8f45f6363c27e6e23ab92faefc7e8d78c10cc1f936f33c36a134cb8820b5749ff479f70834bd99d8e15ad79a1cb3d7ebf
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 43bb437d609866286dd839e1d00309f5
-      Version: 3
-      TBS:
-        MD5: cef292b5c6cdb07e480ccbba0c9d56d1
-        SHA1: 15c37dbebe6fcc77108e3d7ad982676d3d5e77f7
-        SHA256: 3cb152375fa9e694fd2f9167c382005166871c783774997df1a42e0b6013d82a
-        SHA384: e64427dea71a71110ebc317f3552cd7193c5743f72d5cac9257abe80346d15ee42930d5a85e16c02ea06f56c7e8811fb
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 43bb437d609866286dd839e1d00309f5
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 96861132665e8d66c0a91e6c02cc6639
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 76b15d8f570767ebe3652f7e90659d45
-    SHA1: 213c4ec78132d6c0fdfdd7b640107e0ce4990a0e
-    SHA256: 91ee89520105ccbceca6ee0e34070f28c8dc5a3d73ec65f384da5da4f2a36dc0
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2016-09-13 10:56:02'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - RtlInitUnicodeString
-  - ZwUnmapViewOfSection
-  - IofCompleteRequest
-  - ObfDereferenceObject
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - ExAllocatePoolWithTag
-  - KeBugCheckEx
-  - IoDeleteDevice
-  - ZwClose
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: 1e1a3d43bd598b231207ff3e70f78454
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: ecfb3bbf1d60b610a6c44fb7be827131
-    SHA1: 862f9bdcc05548b8f7d53768c41488a9713ced4d
-    SHA256: ac08512daaffa35ed865486d3bc4afbede422e341788a404424aaa065716fa4e
-  SHA1: 376d59d0b19905ebb9b89913a5bdfacde1bd5a1e
-  SHA256: 0a89a6ab2fca486480b6e3dacf392d6ce0c59a5bdb4bcd18d672feb4ebb0543c
-  Sections:
-    .text:
-      Entropy: 5.728812801931185
-      Virtual Size: '0x930'
-    .rdata:
-      Entropy: 4.531801445388662
-      Virtual Size: '0x240'
-    .data:
-      Entropy: 0.5035334969292564
-      Virtual Size: '0x118'
-    .pdata:
-      Entropy: 3.531568402609688
-      Virtual Size: '0xd8'
-    INIT:
-      Entropy: 4.869482280779335
-      Virtual Size: '0x2a2'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Timestamping CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2028-01-28 12:00:00'
-      Signature: 4e5e56901e46b4d94931f3bb1739281bc216ddfd41dc0905049b6fb2a29ad6992e40990055b5ea3fa52076d38634d417cc553ac782eeefa8babcd8069f1550dfcd167b523a02d7191afdaff0785ce04bc518df3a241edaacb8a95804020730dbb0125efe31bef00448f4f070f83a5e5683cf3dfb0dbcf4c5ed979db9d4dba52784e3389b8ba735864420a43b6da46a0ba183fd28ebdaef28f6cc885dfb0a3b00abe021ebe22f356c0f8e344597eba2f79933357ecb9a8abb454de73f9fc2d98afa65b26ec77e65ffe892e12c31a2f7b02736488f266f3bee4d761f79c3e57f9635bc2d0ecc01b08e7fff518080a792d4b34446648c874f166307314b63b0dff3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee152d7
-      Version: 3
-      TBS:
-        MD5: e140543fe3256027cfa79fc3c19c1776
-        SHA1: c655f94eb1ecc93de319fc0c9a2dc6c5ec063728
-        SHA256: 3ca71e85908ff67368e4dc00253f5691b9e6d50c966e7784143d75fb92aa3448
-        SHA384: d9d366f9328f2b55ee19a32cc5fd5148b81d764282fe5dc196c872ae249caa51d2c212ef39f33945dfe0cda81925e326
-    - Subject: C=SG, O=GMO GlobalSign Pte Ltd, CN=GlobalSign TSA for MS Authenticode
-        , G2
-      ValidFrom: '2016-05-24 00:00:00'
-      ValidTo: '2027-06-24 00:00:00'
-      Signature: 8fa91a916d04a637200e8396de23d36b6e1f6edd643d682122b5f84736698ee1a545c724a222b72909cc545aaec6bccd638eb33d5048e5b4ccaecd928d9e288b134a11aabda3efd3b236fcb4a172bf6d9763798c44bc702f7ef3bcdd8253ab1af6ebfa1c97bcb6379ca41c30bcabbc2d4736df922003e871c658f675059a34f00b595a824434aa80e42f84f6475d96c9b6caca9db7a6bae450d3d437b8ba200ed0d3922a5bc459bba16ddb3cce449dc1382aade38dbdcd09771a10be670a02366488b9b31b26eee79e60c446a8bc61336ccf4eb99cb96af09f37feb53d4f9ad34dffde208e4e97a6fd9f09bc4dca1876c9b04d8550f280d21d06f5580407b118
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1121d699a764973ef1f8427ee919cc534114
-      Version: 3
-      TBS:
-        MD5: acb5170547d76873f1e4ff18ed5de2eb
-        SHA1: bd6e261e75b807381bada7287de04d259258a5fa
-        SHA256: 4783380498acf592286ef2dea0fcc5bdea3f54d5e374d3e3497df9d5f662cfb6
-        SHA384: 4f428f115cf3d008248f15f32007fc7c54bd454e1b48b765776b4c87c23ab8818d8fbcbb3646d35eca012b025260a3b8
-    - Subject: C=US, ST=California, L=SANTA CLARA, O=NVIDIA Corporation, CN=NVIDIA
-        Corporation
-      ValidFrom: '2015-07-28 00:00:00'
-      ValidTo: '2018-07-26 23:59:59'
-      Signature: 988b749e6c6dfa90bcce704fcb9c081682463fcb9369f50230799817c5a5d2070e4a9803fcbbd643deae6fa5e8487b3499d5adafdca75ded45bfaa51ffba486a50139e5307035cd720852628b94aeb21873e8d28a69cbc07c941c6a3225b7ff3e6f4f3fcf37aea2a8860af577d6d31cf5bcb986a0c8fb8a71daae5cc74e5432cf7b01af58b8ea0e6c510a1a841a22dbd3ca766d2e7a9177273931527c0677a66d279b269e1a1b99ff11ab5a2f8ff601e4627364239d821d898c9d7f6f57d016993af75523ea3a3df6b43afb3f55376309f63d0bad89acd2f03876dc7da206ec95bfe850b2774e6c6dc4dfd9a2d4e59a4951b47d49b90377d106504ee0fb77176
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 14781bc862e8dc503a559346f5dcc518
-      Version: 3
-      TBS:
-        MD5: ca9c04cba2830b5f4ef152b4a39d12ed
-        SHA1: f049a238763d4a90b148ab10a500f96ebf1dc436
-        SHA256: aef2a80c4f1f523fd6832fef743b9222808b1c71991e914635846ab8802c4fd9
-        SHA384: 9675fa13ddfdf105282fbbe4697fdda632d16b27b5b81844f5694b9022b0556e2d32ed6e1b9665b5d792499a314e7eb2
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 14781bc862e8dc503a559346f5dcc518
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 96861132665e8d66c0a91e6c02cc6639
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 1e4725482a0589826126de0f210d6d42
-    SHA1: 26d406a4ed82f5f4550b4e3bec84fb429a5b7952
-    SHA256: d4288c055c6d68b4a45df501877443e544b31c193f8559c8c7eac927ae738e8a
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2009-06-04 10:13:54'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - RtlInitUnicodeString
-  - ZwUnmapViewOfSection
-  - IofCompleteRequest
-  - ObfDereferenceObject
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - ExAllocatePoolWithTag
-  - KeBugCheckEx
-  - IoDeleteDevice
-  - ZwClose
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: 6f7125540e5e90957ba5f8d755a8d570
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: ecfb3bbf1d60b610a6c44fb7be827131
-    SHA1: 862f9bdcc05548b8f7d53768c41488a9713ced4d
-    SHA256: ac08512daaffa35ed865486d3bc4afbede422e341788a404424aaa065716fa4e
-  SHA1: fece30b9b862bf99ae6a41e49f524fe6f32e215e
-  SHA256: 4737750788c72d2fc9cf95681c622357263075d65b23e54c4dc3f31446cad37b
-  Sections:
-    .text:
-      Entropy: 5.728576049671747
-      Virtual Size: '0x930'
-    .rdata:
-      Entropy: 4.1487952976835825
-      Virtual Size: '0x208'
-    .data:
-      Entropy: 0.5035334969292564
-      Virtual Size: '0x118'
-    .pdata:
-      Entropy: 3.4299412084355048
-      Virtual Size: '0xd8'
-    INIT:
-      Entropy: 4.869482280779335
-      Virtual Size: '0x2a2'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=US, ST=California, L=Santa Clara, O=NVIDIA Corporation, OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=Software, CN=NVIDIA Corporation
-      ValidFrom: '2007-08-07 00:00:00'
-      ValidTo: '2009-09-01 23:59:59'
-      Signature: 657ca22c6aee2d80e07d1d99f3b398873df0f8f68d6436cf98cc75c08d85d9c25a08c551117d7e953a865cff6a21049bdf07b1ea64d97fde9f03846a76f5a6157bb402c623b2e06f6765477f8ed4ef18c2f1f5a2670291479ad7b0adf93651e6dbba1229aff21c64a3b08eb8925b34e4e5e8b81b32a8922881158730d5279effc64687f44c278bae83ef2b920f48f857e02691fc88e2b31a342e6de912c57245571b74791fe6fb7c013511ee13690cf2bbc627ff4f8798bae0c2d0366089f2633c5472d7d159e9734afa1481fe861c29a10da1aa65cbcbf91ead8b03411584d16b66731e1043f3da0a516ed6f0142d9df8975c5b646a826cf0a88ba59ad0d512
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3af820a6907699580410055228ecaddf
-      Version: 3
-      TBS:
-        MD5: 175416493bada497157d28d65f476b32
-        SHA1: 80854f578e2a3b5552ea839ba4f98ddfe94b2381
-        SHA256: 9f176c9eea37039bc9ac9c92f64af7e3718e9cab05291cca2408dbef2bfb7a50
-        SHA384: c178b9d04327f47938b970e8645084e9ef15aec5f42a31067d0d9fb74cce2f092b73d4564be9bcbddd13715b063ab942
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 3af820a6907699580410055228ecaddf
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  Imphash: 96861132665e8d66c0a91e6c02cc6639
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: e79cc56f17577f848c00be1d5227368a
-    SHA1: 403101941f404b42acfb5003d23357effd89ab09
-    SHA256: d510b3424178f80cbe926217d74bbecbf682a88f1b6052ef27fd27d601fc14f7
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2013-03-27 03:31:22'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - RtlInitUnicodeString
-  - ZwUnmapViewOfSection
-  - IofCompleteRequest
-  - ObfDereferenceObject
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - ExAllocatePoolWithTag
-  - KeBugCheckEx
-  - IoDeleteDevice
-  - ZwClose
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: a5ff71e189b462d2b1f0e9e8c4668d79
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: ecfb3bbf1d60b610a6c44fb7be827131
-    SHA1: 862f9bdcc05548b8f7d53768c41488a9713ced4d
-    SHA256: ac08512daaffa35ed865486d3bc4afbede422e341788a404424aaa065716fa4e
-  SHA1: 2bcb81f1b643071180e8ed8f7e42f49606669976
-  SHA256: f1fbec90c60ee4daba1b35932db9f3556633b2777b1039163841a91cf997938e
-  Sections:
-    .text:
-      Entropy: 5.728812801931185
-      Virtual Size: '0x930'
-    .rdata:
-      Entropy: 4.125911008701018
-      Virtual Size: '0x208'
-    .data:
-      Entropy: 0.5035334969292564
-      Virtual Size: '0x118'
-    .pdata:
-      Entropy: 3.4299412084355048
-      Virtual Size: '0xd8'
-    INIT:
-      Entropy: 4.869482280779335
-      Virtual Size: '0x2a2'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=US, ST=California, L=Santa Clara, O=NVIDIA Corporation, OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=Software, CN=NVIDIA Corporation
-      ValidFrom: '2011-09-02 00:00:00'
-      ValidTo: '2014-09-01 23:59:59'
-      Signature: 5238793a97b2868da546597dbe0a1fba197ae635b9f53b53e26758194d749767e05fb1ce407fd31469376b37c67d5d48bc834f970ac733cd63d557e8a3be20a1fbf9d09e7a5c6c4ebd6fc18a68d0842d2ffdf6f79142d914c6521d227014040fa12f2afb3878aa065cfbed7fa29091b4fe54ea6237a0e1f8f183d0573ebb5bfe712cee4c49bd0b2f40c33bfcf0c7de0bc51ce01a70d14072d4d01216f36e388159220a4d8e3250ddccd71c7ef8a93a26edda2e959b598703a85fa391630e052454e31390dd82d69afee5df2f287bdce8f45f6363c27e6e23ab92faefc7e8d78c10cc1f936f33c36a134cb8820b5749ff479f70834bd99d8e15ad79a1cb3d7ebf
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 43bb437d609866286dd839e1d00309f5
-      Version: 3
-      TBS:
-        MD5: cef292b5c6cdb07e480ccbba0c9d56d1
-        SHA1: 15c37dbebe6fcc77108e3d7ad982676d3d5e77f7
-        SHA256: 3cb152375fa9e694fd2f9167c382005166871c783774997df1a42e0b6013d82a
-        SHA384: e64427dea71a71110ebc317f3552cd7193c5743f72d5cac9257abe80346d15ee42930d5a85e16c02ea06f56c7e8811fb
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 43bb437d609866286dd839e1d00309f5
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 96861132665e8d66c0a91e6c02cc6639
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create nvflash.sys binPath=C:\windows\temp \n \n \n  vflash.sys
+        type=kernel && sc.exe start nvflash.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://github.com/eclypsium/Screwed-Drivers/blob/master/DRIVERS.md
-Tags:
-- nvflash.sys
-Verified: 'TRUE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/afdd66562dea51001c3a9de300f91fc3eb965d6848dfce92ccb9b75853e02508.yara
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: aa2051841a882c7080ddf6b224f838da
+        SHA1: ee9073dedb3f05797de41f79be5cc2e5e5028b61
+        SHA256: 1c8cb72b9a011b60b1b9caea508b26fbbd95a1e3634af66082417381fe6544fb
+    Company: NVIDIA Corporation
+    Copyright: (C) 2017 NVIDIA Corporation. All rights reserved.
+    CreationTimestamp: '2019-02-01 01:06:05'
+    Date: ''
+    Description: NVIDIA Flash Driver, Version 1.8.0
+    ExportedFunctions: ''
+    FileVersion: 1.8.0
+    Filename: nvflash.sys
+    ImportedFunctions:
+    - ExFreePoolWithTag
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - ObReferenceObjectByHandle
+    - ExAllocatePool
+    - ZwClose
+    - ZwOpenSection
+    - ZwMapViewOfSection
+    - ZwUnmapViewOfSection
+    - KeBugCheckEx
+    - ObfDereferenceObject
+    - RtlInitUnicodeString
+    - MmGetSystemRoutineAddress
+    - ObOpenObjectByPointer
+    - IoDeviceObjectType
+    - IoCreateDevice
+    - ZwSetSecurityObject
+    - RtlGetOwnerSecurityDescriptor
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetSaclSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - RtlLengthSecurityDescriptor
+    - _snwprintf
+    - RtlCreateSecurityDescriptor
+    - RtlLengthSid
+    - SeExports
+    - IoIsWdmVersionAvailable
+    - RtlAbsoluteToSelfRelativeSD
+    - RtlAddAccessAllowedAce
+    - RtlSetDaclSecurityDescriptor
+    - _wcsnicmp
+    - ExAllocatePoolWithTag
+    - wcschr
+    - ZwOpenKey
+    - ZwQueryValueKey
+    - RtlFreeUnicodeString
+    - ZwSetValueKey
+    - ZwCreateKey
+    - ExAllocatePoolWithQuotaTag
+    - ZwQuerySystemInformation
+    - HalTranslateBusAddress
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: nvflash
+    MD5: 84fb76ee319073e77fb364bbbbff5461
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: nvflash.sys
+    Product: NVIDIA Flash Driver
+    ProductVersion: 1.8.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 1ef72b438a6f0585025fd9319f10ded0
+        SHA1: f38a9c1bcdec48083bacb97f2ddb5f2fbc6792ed
+        SHA256: 085312ca2a98e019814c6a6bffec61fcd4279edf9250a519ead341ba828a55b4
+    SHA1: a4b2c56c12799855162ca3b004b4b2078c6ecf77
+    SHA256: afdd66562dea51001c3a9de300f91fc3eb965d6848dfce92ccb9b75853e02508
+    Sections:
+        .text:
+            Entropy: 6.360022958332474
+            Virtual Size: '0x1b40'
+        .rdata:
+            Entropy: 4.277077197078279
+            Virtual Size: '0x818'
+        .data:
+            Entropy: 1.890457584506392
+            Virtual Size: '0x248'
+        .pdata:
+            Entropy: 4.233626125165851
+            Virtual Size: '0x36c'
+        PAGE:
+            Entropy: 6.2778472843180975
+            Virtual Size: '0x1bc4'
+        INIT:
+            Entropy: 4.8735935335934135
+            Virtual Size: '0x5a6'
+        .rsrc:
+            Entropy: 3.2654027990870595
+            Virtual Size: '0x390'
+        .reloc:
+            Entropy: 3.138803162769666
+            Virtual Size: '0x28'
+    Signature:
+    - NVIDIA Corporation
+    - VeriSign Class 3 Code Signing 2010 CA
+    - VeriSign
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, ST=California, L=Santa Clara, O=NVIDIA Corporation, OU=IT,MIS,
+                CN=NVIDIA Corporation
+            ValidFrom: '2018-07-09 00:00:00'
+            ValidTo: '2019-07-10 23:59:59'
+            Signature: e16f403e9d4ad4eb92ff8c7cb35f08838ae4c714539398996b0998de180e70e3dc31155318bce5acf29464b2d2f5abec7f8e6d81fac7e99f121f49cd724e930215907f4d7d12acad911d0bfe9f4247b4a9e3cb1644c85d9d4df75f3c8b429b1a0014ddef7701365b60ea013eec2136309e7d918303f87f17d39d64685fddb5ea610e98ef8ac96e503b16634c69eb9aa91dd4b01973e2c54d626e7f6d1096273f04f61c79e0fda32842cc4c313da10ec23032db9e26d4435bff9c4522e82b881cd3ff6b8a587fe017db52b6a1156fd16788c1a585ad141f414c821acf7399440c982b7cbc5345a866303592a977df3df905215f3708692cf44d9f141b789f2f03
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 4fbe0a02426ebd20c26244b5eca652a3
+            Version: 3
+            TBS:
+                MD5: 1de08c5d4f3fc8565ecc362fa01114ef
+                SHA1: 17d12b784a180588ebffbd8275101648b5484f94
+                SHA256: d9ca17863bfb2ca747a76b66d7c4351ab72f1be3d7a9c40eb2aa9938efc6a779
+                SHA384: e1b8dcee10dd623dfc88ed9adaba1066c52cc5905d49118e51982360cd4b0acd76c84871494821f07da66034fa0d3779
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 4fbe0a02426ebd20c26244b5eca652a3
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 95fe5e937e5acf9bea948fe0256e46ae
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 295b04fae35a06d5277495f8cc871cd2
+        SHA1: e32288042163c61a55fd5cd05f7e1e0ebe2d3064
+        SHA256: b62ecd7eccde402456eab582b49705cc77065d7015e7d92bbc06e0fcff097e58
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2011-04-05 17:22:50'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - RtlInitUnicodeString
+    - ZwUnmapViewOfSection
+    - IofCompleteRequest
+    - ObfDereferenceObject
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - ExAllocatePoolWithTag
+    - KeBugCheckEx
+    - IoDeleteDevice
+    - ZwClose
+    - HalTranslateBusAddress
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: 7951fa3096c99295d681acb0742506bf
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: ecfb3bbf1d60b610a6c44fb7be827131
+        SHA1: 862f9bdcc05548b8f7d53768c41488a9713ced4d
+        SHA256: ac08512daaffa35ed865486d3bc4afbede422e341788a404424aaa065716fa4e
+    SHA1: 8275977e4b586e485e9025222d0a582fcb9e1e8f
+    SHA256: 423d58265b22504f512a84faf787c1af17c44445ae68f7adcaa68b6f970e7bd5
+    Sections:
+        .text:
+            Entropy: 5.728812801931185
+            Virtual Size: '0x930'
+        .rdata:
+            Entropy: 4.165395519470088
+            Virtual Size: '0x208'
+        .data:
+            Entropy: 0.5035334969292564
+            Virtual Size: '0x118'
+        .pdata:
+            Entropy: 3.4299412084355048
+            Virtual Size: '0xd8'
+        INIT:
+            Entropy: 4.869482280779335
+            Virtual Size: '0x2a2'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=US, ST=California, L=Santa Clara, O=NVIDIA Corporation, OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, OU=Software, CN=NVIDIA
+                Corporation
+            ValidFrom: '2009-07-31 00:00:00'
+            ValidTo: '2011-09-01 23:59:59'
+            Signature: 637b2f21e7ca2d9c511e9d61685062a36b1fa997fd860d4ebad28445116b417cef4a1bd7dfeb3a0aa4de2e23eae4c7f3abf12e823e3f4aa43e11df3c5bc1822d42125ae4c85c5b1de854950abdf7c1c1dce54186c2294bee017fdacfb123b13d8b1fce69fd7f1f40a112a4b8ca5e17a54251afae7b60f5e5e75cc20cc86bb0578c8478d21c7293af4613094ceff5ead14b0933572693afa4157fbb2ab13cb7a8d44d99fff11be3c0813bbb421ee7a0ed6e6da8f0d0ba915af1db2c9bd63d1bf371ddad6002debf35d03c124253aa9f4b06e5e448a075ef4d084b8061724d7263d19c48b28d916c8a582b5841a161e18d48d6c9618b8100f4194ca648a2fc656b
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 534abed0be56d9840dd12ddb84f8b031
+            Version: 3
+            TBS:
+                MD5: 4914c1d2c944d48a9636059155440df8
+                SHA1: 0337264fca5a8d774786b5b275e03ab42edb11ae
+                SHA256: 8833131f04e02297c80b986ec7e7793e194fb144470dc36cc57a376487c2750b
+                SHA384: 8450d31af22887ac50415c01d88f7eb6081b7044ab8f35ac0b63e09828786258e73fed98f37c99df6d5472b6a34f6db3
+        Signer:
+        -   SerialNumber: 534abed0be56d9840dd12ddb84f8b031
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    Imphash: 96861132665e8d66c0a91e6c02cc6639
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 5ac9678fbcdfd64ee45720a111a775ce
+        SHA1: 892200c0bae37ab60decf28ce9e83d9cb56aca24
+        SHA256: dde12d20a00f7987f6e53eeeee3d5667482940f06d012a0003b80f217a105d74
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2016-09-13 10:55:59'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - ZwOpenSection
+    - RtlInitUnicodeString
+    - ZwUnmapViewOfSection
+    - IofCompleteRequest
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - ObReferenceObjectByHandle
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - ExAllocatePoolWithTag
+    - KeTickCount
+    - KeBugCheckEx
+    - ZwMapViewOfSection
+    - ObfDereferenceObject
+    - ExFreePoolWithTag
+    - ZwClose
+    - READ_PORT_ULONG
+    - HalTranslateBusAddress
+    - WRITE_PORT_ULONG
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: 5c5f1c2dc6c2479bafec7c010c41c6ec
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: e13d58791de2d0a78a75e7aa5895f01c
+        SHA1: b01e89baeba99bf6936438515a7908c0e67e1904
+        SHA256: 8c7a52aca95ef6b480d3aa8b2fc87809f8761197b6a2df4bae7a34da6664f6c6
+    SHA1: bff4c3696d81002c56f473a8ab353ef0e45854c0
+    SHA256: 159dcf37dc723d6db2bad46ed6a1b0e31d72390ec298a5413c7be318aef4a241
+    Sections:
+        .text:
+            Entropy: 6.103723738242973
+            Virtual Size: '0x730'
+        .rdata:
+            Entropy: 4.683655651752889
+            Virtual Size: '0xfe'
+        .data:
+            Entropy: 2.1258145836939115
+            Virtual Size: '0xc'
+        INIT:
+            Entropy: 5.339356970733769
+            Virtual Size: '0x27a'
+        .reloc:
+            Entropy: 4.318633733633229
+            Virtual Size: '0x8c'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=California, L=SANTA CLARA, O=NVIDIA Corporation, CN=NVIDIA
+                Corporation
+            ValidFrom: '2015-07-28 00:00:00'
+            ValidTo: '2018-07-26 23:59:59'
+            Signature: 988b749e6c6dfa90bcce704fcb9c081682463fcb9369f50230799817c5a5d2070e4a9803fcbbd643deae6fa5e8487b3499d5adafdca75ded45bfaa51ffba486a50139e5307035cd720852628b94aeb21873e8d28a69cbc07c941c6a3225b7ff3e6f4f3fcf37aea2a8860af577d6d31cf5bcb986a0c8fb8a71daae5cc74e5432cf7b01af58b8ea0e6c510a1a841a22dbd3ca766d2e7a9177273931527c0677a66d279b269e1a1b99ff11ab5a2f8ff601e4627364239d821d898c9d7f6f57d016993af75523ea3a3df6b43afb3f55376309f63d0bad89acd2f03876dc7da206ec95bfe850b2774e6c6dc4dfd9a2d4e59a4951b47d49b90377d106504ee0fb77176
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 14781bc862e8dc503a559346f5dcc518
+            Version: 3
+            TBS:
+                MD5: ca9c04cba2830b5f4ef152b4a39d12ed
+                SHA1: f049a238763d4a90b148ab10a500f96ebf1dc436
+                SHA256: aef2a80c4f1f523fd6832fef743b9222808b1c71991e914635846ab8802c4fd9
+                SHA384: 9675fa13ddfdf105282fbbe4697fdda632d16b27b5b81844f5694b9022b0556e2d32ed6e1b9665b5d792499a314e7eb2
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 14781bc862e8dc503a559346f5dcc518
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 528ac7a1e034801d1f20238971c6ec19
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 6ce547f684956e135eb7798664aba3ec
+        SHA1: fd986601f23ed39308f35a13a54a080065e2b45d
+        SHA256: 4b38c075ba6523502dfd39ed10757db58234a1c84d4952b65e30b4a8679bfcca
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2016-06-14 16:02:51'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - RtlInitUnicodeString
+    - ZwUnmapViewOfSection
+    - IofCompleteRequest
+    - ObfDereferenceObject
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - ExAllocatePoolWithTag
+    - KeBugCheckEx
+    - IoDeleteDevice
+    - ZwClose
+    - HalTranslateBusAddress
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: cf1113723e3c1c71af80d228f040c198
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: ecfb3bbf1d60b610a6c44fb7be827131
+        SHA1: 862f9bdcc05548b8f7d53768c41488a9713ced4d
+        SHA256: ac08512daaffa35ed865486d3bc4afbede422e341788a404424aaa065716fa4e
+    SHA1: 6ed5c2313eecd97b78aa5dcdb442dd47345c9e43
+    SHA256: 1e9ec6b3e83055ae90f3664a083c46885c506d33de5e2a49f5f1189e89fa9f0a
+    Sections:
+        .text:
+            Entropy: 5.728812801931185
+            Virtual Size: '0x930'
+        .rdata:
+            Entropy: 4.5312340971202705
+            Virtual Size: '0x240'
+        .data:
+            Entropy: 0.5035334969292564
+            Virtual Size: '0x118'
+        .pdata:
+            Entropy: 3.531568402609688
+            Virtual Size: '0xd8'
+        INIT:
+            Entropy: 4.869482280779335
+            Virtual Size: '0x2a2'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Timestamping CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2028-01-28 12:00:00'
+            Signature: 4e5e56901e46b4d94931f3bb1739281bc216ddfd41dc0905049b6fb2a29ad6992e40990055b5ea3fa52076d38634d417cc553ac782eeefa8babcd8069f1550dfcd167b523a02d7191afdaff0785ce04bc518df3a241edaacb8a95804020730dbb0125efe31bef00448f4f070f83a5e5683cf3dfb0dbcf4c5ed979db9d4dba52784e3389b8ba735864420a43b6da46a0ba183fd28ebdaef28f6cc885dfb0a3b00abe021ebe22f356c0f8e344597eba2f79933357ecb9a8abb454de73f9fc2d98afa65b26ec77e65ffe892e12c31a2f7b02736488f266f3bee4d761f79c3e57f9635bc2d0ecc01b08e7fff518080a792d4b34446648c874f166307314b63b0dff3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee152d7
+            Version: 3
+            TBS:
+                MD5: e140543fe3256027cfa79fc3c19c1776
+                SHA1: c655f94eb1ecc93de319fc0c9a2dc6c5ec063728
+                SHA256: 3ca71e85908ff67368e4dc00253f5691b9e6d50c966e7784143d75fb92aa3448
+                SHA384: d9d366f9328f2b55ee19a32cc5fd5148b81d764282fe5dc196c872ae249caa51d2c212ef39f33945dfe0cda81925e326
+        -   Subject: C=SG, O=GMO GlobalSign Pte Ltd, CN=GlobalSign TSA for MS Authenticode
+                , G2
+            ValidFrom: '2015-02-03 00:00:00'
+            ValidTo: '2026-03-03 00:00:00'
+            Signature: 8032dc078d1ca09c9d3c2ae83d218b59a14d7ecc44ce03be7eaabcc4e67b73bb4bf188da904e7537283863b9d72b0f54a956ce7739973073cd9bd9d905451c8da4b8035d4fd91c2e98e0e988e6ecd7057e562a7bf7165ba3ad8f972512841bb25c634a0ad2ef10544782843569289c0ce41f141624fa75dc74726e4ecae36a43afcf7d3648d1bde906912c2fa6c871fdcfbdd89d2198fcafdbde228cafa7f377ef9ddca3704b441af078851ef2a58c39b5dc881c37edad14f5070b26bdbe6d025eb1b8b0586c853a0df6ff5a270cc5de53e7543c564cc94e4c30f6f25cfb1a8cc282bead5991f61b4d557bcf5b01dcfd7ad36f235c32479b01f3c15114468a9b
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112106a081d33fd87ae5824cc16b52094e03
+            Version: 3
+            TBS:
+                MD5: a0ac4d48fe852f7b3ed4e623d59a825f
+                SHA1: d4db9846bc4d7db142eeb364286f6de7c102420c
+                SHA256: 78d2e41a13eb4e9171bae2d2adb192cf39210b5231f77cda936bcfbe8c003bdf
+                SHA384: 990ed96dca5979deeedc98a012279f04efb5559d7e7f5084a12f3802ee9439326557aecefd081cff739b78515b5d7f50
+        -   Subject: C=US, ST=California, L=SANTA CLARA, O=NVIDIA Corporation, CN=NVIDIA
+                Corporation
+            ValidFrom: '2015-07-28 00:00:00'
+            ValidTo: '2018-07-26 23:59:59'
+            Signature: 988b749e6c6dfa90bcce704fcb9c081682463fcb9369f50230799817c5a5d2070e4a9803fcbbd643deae6fa5e8487b3499d5adafdca75ded45bfaa51ffba486a50139e5307035cd720852628b94aeb21873e8d28a69cbc07c941c6a3225b7ff3e6f4f3fcf37aea2a8860af577d6d31cf5bcb986a0c8fb8a71daae5cc74e5432cf7b01af58b8ea0e6c510a1a841a22dbd3ca766d2e7a9177273931527c0677a66d279b269e1a1b99ff11ab5a2f8ff601e4627364239d821d898c9d7f6f57d016993af75523ea3a3df6b43afb3f55376309f63d0bad89acd2f03876dc7da206ec95bfe850b2774e6c6dc4dfd9a2d4e59a4951b47d49b90377d106504ee0fb77176
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 14781bc862e8dc503a559346f5dcc518
+            Version: 3
+            TBS:
+                MD5: ca9c04cba2830b5f4ef152b4a39d12ed
+                SHA1: f049a238763d4a90b148ab10a500f96ebf1dc436
+                SHA256: aef2a80c4f1f523fd6832fef743b9222808b1c71991e914635846ab8802c4fd9
+                SHA384: 9675fa13ddfdf105282fbbe4697fdda632d16b27b5b81844f5694b9022b0556e2d32ed6e1b9665b5d792499a314e7eb2
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 14781bc862e8dc503a559346f5dcc518
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 96861132665e8d66c0a91e6c02cc6639
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 452cbd4e5e9e746612dd4d3c7c154361
+        SHA1: 2c3d006c7c639bffd8828aae973238f570a3d74e
+        SHA256: d9434a50e1a6252f23af362631a5576017cce3ef109d7fc93748de8bd46f9385
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2014-08-01 18:05:12'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - RtlInitUnicodeString
+    - ZwUnmapViewOfSection
+    - IofCompleteRequest
+    - ObfDereferenceObject
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - ExAllocatePoolWithTag
+    - KeBugCheckEx
+    - IoDeleteDevice
+    - ZwClose
+    - HalTranslateBusAddress
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: 3482acba11c71e45026747dbe366a7d9
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: ecfb3bbf1d60b610a6c44fb7be827131
+        SHA1: 862f9bdcc05548b8f7d53768c41488a9713ced4d
+        SHA256: ac08512daaffa35ed865486d3bc4afbede422e341788a404424aaa065716fa4e
+    SHA1: d0216ebc81618c22d9d51f2f702c739625f40037
+    SHA256: 3b2ad08123e8ed2516548240cfcdf5eefd89293f31070a6cd3949ee1b66fed14
+    Sections:
+        .text:
+            Entropy: 5.728812801931185
+            Virtual Size: '0x930'
+        .rdata:
+            Entropy: 4.147925362595232
+            Virtual Size: '0x208'
+        .data:
+            Entropy: 0.5035334969292564
+            Virtual Size: '0x118'
+        .pdata:
+            Entropy: 3.4299412084355048
+            Virtual Size: '0xd8'
+        INIT:
+            Entropy: 4.869482280779335
+            Virtual Size: '0x2a2'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=US, ST=California, L=Santa Clara, O=NVIDIA Corporation, OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, OU=Software, CN=NVIDIA
+                Corporation
+            ValidFrom: '2011-09-02 00:00:00'
+            ValidTo: '2014-09-01 23:59:59'
+            Signature: 5238793a97b2868da546597dbe0a1fba197ae635b9f53b53e26758194d749767e05fb1ce407fd31469376b37c67d5d48bc834f970ac733cd63d557e8a3be20a1fbf9d09e7a5c6c4ebd6fc18a68d0842d2ffdf6f79142d914c6521d227014040fa12f2afb3878aa065cfbed7fa29091b4fe54ea6237a0e1f8f183d0573ebb5bfe712cee4c49bd0b2f40c33bfcf0c7de0bc51ce01a70d14072d4d01216f36e388159220a4d8e3250ddccd71c7ef8a93a26edda2e959b598703a85fa391630e052454e31390dd82d69afee5df2f287bdce8f45f6363c27e6e23ab92faefc7e8d78c10cc1f936f33c36a134cb8820b5749ff479f70834bd99d8e15ad79a1cb3d7ebf
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 43bb437d609866286dd839e1d00309f5
+            Version: 3
+            TBS:
+                MD5: cef292b5c6cdb07e480ccbba0c9d56d1
+                SHA1: 15c37dbebe6fcc77108e3d7ad982676d3d5e77f7
+                SHA256: 3cb152375fa9e694fd2f9167c382005166871c783774997df1a42e0b6013d82a
+                SHA384: e64427dea71a71110ebc317f3552cd7193c5743f72d5cac9257abe80346d15ee42930d5a85e16c02ea06f56c7e8811fb
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 43bb437d609866286dd839e1d00309f5
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 96861132665e8d66c0a91e6c02cc6639
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 76b15d8f570767ebe3652f7e90659d45
+        SHA1: 213c4ec78132d6c0fdfdd7b640107e0ce4990a0e
+        SHA256: 91ee89520105ccbceca6ee0e34070f28c8dc5a3d73ec65f384da5da4f2a36dc0
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2016-09-13 10:56:02'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - RtlInitUnicodeString
+    - ZwUnmapViewOfSection
+    - IofCompleteRequest
+    - ObfDereferenceObject
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - ExAllocatePoolWithTag
+    - KeBugCheckEx
+    - IoDeleteDevice
+    - ZwClose
+    - HalTranslateBusAddress
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: 1e1a3d43bd598b231207ff3e70f78454
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: ecfb3bbf1d60b610a6c44fb7be827131
+        SHA1: 862f9bdcc05548b8f7d53768c41488a9713ced4d
+        SHA256: ac08512daaffa35ed865486d3bc4afbede422e341788a404424aaa065716fa4e
+    SHA1: 376d59d0b19905ebb9b89913a5bdfacde1bd5a1e
+    SHA256: 0a89a6ab2fca486480b6e3dacf392d6ce0c59a5bdb4bcd18d672feb4ebb0543c
+    Sections:
+        .text:
+            Entropy: 5.728812801931185
+            Virtual Size: '0x930'
+        .rdata:
+            Entropy: 4.531801445388662
+            Virtual Size: '0x240'
+        .data:
+            Entropy: 0.5035334969292564
+            Virtual Size: '0x118'
+        .pdata:
+            Entropy: 3.531568402609688
+            Virtual Size: '0xd8'
+        INIT:
+            Entropy: 4.869482280779335
+            Virtual Size: '0x2a2'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Timestamping CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2028-01-28 12:00:00'
+            Signature: 4e5e56901e46b4d94931f3bb1739281bc216ddfd41dc0905049b6fb2a29ad6992e40990055b5ea3fa52076d38634d417cc553ac782eeefa8babcd8069f1550dfcd167b523a02d7191afdaff0785ce04bc518df3a241edaacb8a95804020730dbb0125efe31bef00448f4f070f83a5e5683cf3dfb0dbcf4c5ed979db9d4dba52784e3389b8ba735864420a43b6da46a0ba183fd28ebdaef28f6cc885dfb0a3b00abe021ebe22f356c0f8e344597eba2f79933357ecb9a8abb454de73f9fc2d98afa65b26ec77e65ffe892e12c31a2f7b02736488f266f3bee4d761f79c3e57f9635bc2d0ecc01b08e7fff518080a792d4b34446648c874f166307314b63b0dff3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee152d7
+            Version: 3
+            TBS:
+                MD5: e140543fe3256027cfa79fc3c19c1776
+                SHA1: c655f94eb1ecc93de319fc0c9a2dc6c5ec063728
+                SHA256: 3ca71e85908ff67368e4dc00253f5691b9e6d50c966e7784143d75fb92aa3448
+                SHA384: d9d366f9328f2b55ee19a32cc5fd5148b81d764282fe5dc196c872ae249caa51d2c212ef39f33945dfe0cda81925e326
+        -   Subject: C=SG, O=GMO GlobalSign Pte Ltd, CN=GlobalSign TSA for MS Authenticode
+                , G2
+            ValidFrom: '2016-05-24 00:00:00'
+            ValidTo: '2027-06-24 00:00:00'
+            Signature: 8fa91a916d04a637200e8396de23d36b6e1f6edd643d682122b5f84736698ee1a545c724a222b72909cc545aaec6bccd638eb33d5048e5b4ccaecd928d9e288b134a11aabda3efd3b236fcb4a172bf6d9763798c44bc702f7ef3bcdd8253ab1af6ebfa1c97bcb6379ca41c30bcabbc2d4736df922003e871c658f675059a34f00b595a824434aa80e42f84f6475d96c9b6caca9db7a6bae450d3d437b8ba200ed0d3922a5bc459bba16ddb3cce449dc1382aade38dbdcd09771a10be670a02366488b9b31b26eee79e60c446a8bc61336ccf4eb99cb96af09f37feb53d4f9ad34dffde208e4e97a6fd9f09bc4dca1876c9b04d8550f280d21d06f5580407b118
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1121d699a764973ef1f8427ee919cc534114
+            Version: 3
+            TBS:
+                MD5: acb5170547d76873f1e4ff18ed5de2eb
+                SHA1: bd6e261e75b807381bada7287de04d259258a5fa
+                SHA256: 4783380498acf592286ef2dea0fcc5bdea3f54d5e374d3e3497df9d5f662cfb6
+                SHA384: 4f428f115cf3d008248f15f32007fc7c54bd454e1b48b765776b4c87c23ab8818d8fbcbb3646d35eca012b025260a3b8
+        -   Subject: C=US, ST=California, L=SANTA CLARA, O=NVIDIA Corporation, CN=NVIDIA
+                Corporation
+            ValidFrom: '2015-07-28 00:00:00'
+            ValidTo: '2018-07-26 23:59:59'
+            Signature: 988b749e6c6dfa90bcce704fcb9c081682463fcb9369f50230799817c5a5d2070e4a9803fcbbd643deae6fa5e8487b3499d5adafdca75ded45bfaa51ffba486a50139e5307035cd720852628b94aeb21873e8d28a69cbc07c941c6a3225b7ff3e6f4f3fcf37aea2a8860af577d6d31cf5bcb986a0c8fb8a71daae5cc74e5432cf7b01af58b8ea0e6c510a1a841a22dbd3ca766d2e7a9177273931527c0677a66d279b269e1a1b99ff11ab5a2f8ff601e4627364239d821d898c9d7f6f57d016993af75523ea3a3df6b43afb3f55376309f63d0bad89acd2f03876dc7da206ec95bfe850b2774e6c6dc4dfd9a2d4e59a4951b47d49b90377d106504ee0fb77176
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 14781bc862e8dc503a559346f5dcc518
+            Version: 3
+            TBS:
+                MD5: ca9c04cba2830b5f4ef152b4a39d12ed
+                SHA1: f049a238763d4a90b148ab10a500f96ebf1dc436
+                SHA256: aef2a80c4f1f523fd6832fef743b9222808b1c71991e914635846ab8802c4fd9
+                SHA384: 9675fa13ddfdf105282fbbe4697fdda632d16b27b5b81844f5694b9022b0556e2d32ed6e1b9665b5d792499a314e7eb2
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 14781bc862e8dc503a559346f5dcc518
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 96861132665e8d66c0a91e6c02cc6639
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 1e4725482a0589826126de0f210d6d42
+        SHA1: 26d406a4ed82f5f4550b4e3bec84fb429a5b7952
+        SHA256: d4288c055c6d68b4a45df501877443e544b31c193f8559c8c7eac927ae738e8a
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2009-06-04 10:13:54'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - RtlInitUnicodeString
+    - ZwUnmapViewOfSection
+    - IofCompleteRequest
+    - ObfDereferenceObject
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - ExAllocatePoolWithTag
+    - KeBugCheckEx
+    - IoDeleteDevice
+    - ZwClose
+    - HalTranslateBusAddress
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: 6f7125540e5e90957ba5f8d755a8d570
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: ecfb3bbf1d60b610a6c44fb7be827131
+        SHA1: 862f9bdcc05548b8f7d53768c41488a9713ced4d
+        SHA256: ac08512daaffa35ed865486d3bc4afbede422e341788a404424aaa065716fa4e
+    SHA1: fece30b9b862bf99ae6a41e49f524fe6f32e215e
+    SHA256: 4737750788c72d2fc9cf95681c622357263075d65b23e54c4dc3f31446cad37b
+    Sections:
+        .text:
+            Entropy: 5.728576049671747
+            Virtual Size: '0x930'
+        .rdata:
+            Entropy: 4.1487952976835825
+            Virtual Size: '0x208'
+        .data:
+            Entropy: 0.5035334969292564
+            Virtual Size: '0x118'
+        .pdata:
+            Entropy: 3.4299412084355048
+            Virtual Size: '0xd8'
+        INIT:
+            Entropy: 4.869482280779335
+            Virtual Size: '0x2a2'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=US, ST=California, L=Santa Clara, O=NVIDIA Corporation, OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, OU=Software, CN=NVIDIA
+                Corporation
+            ValidFrom: '2007-08-07 00:00:00'
+            ValidTo: '2009-09-01 23:59:59'
+            Signature: 657ca22c6aee2d80e07d1d99f3b398873df0f8f68d6436cf98cc75c08d85d9c25a08c551117d7e953a865cff6a21049bdf07b1ea64d97fde9f03846a76f5a6157bb402c623b2e06f6765477f8ed4ef18c2f1f5a2670291479ad7b0adf93651e6dbba1229aff21c64a3b08eb8925b34e4e5e8b81b32a8922881158730d5279effc64687f44c278bae83ef2b920f48f857e02691fc88e2b31a342e6de912c57245571b74791fe6fb7c013511ee13690cf2bbc627ff4f8798bae0c2d0366089f2633c5472d7d159e9734afa1481fe861c29a10da1aa65cbcbf91ead8b03411584d16b66731e1043f3da0a516ed6f0142d9df8975c5b646a826cf0a88ba59ad0d512
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3af820a6907699580410055228ecaddf
+            Version: 3
+            TBS:
+                MD5: 175416493bada497157d28d65f476b32
+                SHA1: 80854f578e2a3b5552ea839ba4f98ddfe94b2381
+                SHA256: 9f176c9eea37039bc9ac9c92f64af7e3718e9cab05291cca2408dbef2bfb7a50
+                SHA384: c178b9d04327f47938b970e8645084e9ef15aec5f42a31067d0d9fb74cce2f092b73d4564be9bcbddd13715b063ab942
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 3af820a6907699580410055228ecaddf
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    Imphash: 96861132665e8d66c0a91e6c02cc6639
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: e79cc56f17577f848c00be1d5227368a
+        SHA1: 403101941f404b42acfb5003d23357effd89ab09
+        SHA256: d510b3424178f80cbe926217d74bbecbf682a88f1b6052ef27fd27d601fc14f7
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2013-03-27 03:31:22'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - RtlInitUnicodeString
+    - ZwUnmapViewOfSection
+    - IofCompleteRequest
+    - ObfDereferenceObject
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - ExAllocatePoolWithTag
+    - KeBugCheckEx
+    - IoDeleteDevice
+    - ZwClose
+    - HalTranslateBusAddress
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: a5ff71e189b462d2b1f0e9e8c4668d79
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: ecfb3bbf1d60b610a6c44fb7be827131
+        SHA1: 862f9bdcc05548b8f7d53768c41488a9713ced4d
+        SHA256: ac08512daaffa35ed865486d3bc4afbede422e341788a404424aaa065716fa4e
+    SHA1: 2bcb81f1b643071180e8ed8f7e42f49606669976
+    SHA256: f1fbec90c60ee4daba1b35932db9f3556633b2777b1039163841a91cf997938e
+    Sections:
+        .text:
+            Entropy: 5.728812801931185
+            Virtual Size: '0x930'
+        .rdata:
+            Entropy: 4.125911008701018
+            Virtual Size: '0x208'
+        .data:
+            Entropy: 0.5035334969292564
+            Virtual Size: '0x118'
+        .pdata:
+            Entropy: 3.4299412084355048
+            Virtual Size: '0xd8'
+        INIT:
+            Entropy: 4.869482280779335
+            Virtual Size: '0x2a2'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=US, ST=California, L=Santa Clara, O=NVIDIA Corporation, OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, OU=Software, CN=NVIDIA
+                Corporation
+            ValidFrom: '2011-09-02 00:00:00'
+            ValidTo: '2014-09-01 23:59:59'
+            Signature: 5238793a97b2868da546597dbe0a1fba197ae635b9f53b53e26758194d749767e05fb1ce407fd31469376b37c67d5d48bc834f970ac733cd63d557e8a3be20a1fbf9d09e7a5c6c4ebd6fc18a68d0842d2ffdf6f79142d914c6521d227014040fa12f2afb3878aa065cfbed7fa29091b4fe54ea6237a0e1f8f183d0573ebb5bfe712cee4c49bd0b2f40c33bfcf0c7de0bc51ce01a70d14072d4d01216f36e388159220a4d8e3250ddccd71c7ef8a93a26edda2e959b598703a85fa391630e052454e31390dd82d69afee5df2f287bdce8f45f6363c27e6e23ab92faefc7e8d78c10cc1f936f33c36a134cb8820b5749ff479f70834bd99d8e15ad79a1cb3d7ebf
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 43bb437d609866286dd839e1d00309f5
+            Version: 3
+            TBS:
+                MD5: cef292b5c6cdb07e480ccbba0c9d56d1
+                SHA1: 15c37dbebe6fcc77108e3d7ad982676d3d5e77f7
+                SHA256: 3cb152375fa9e694fd2f9167c382005166871c783774997df1a42e0b6013d82a
+                SHA384: e64427dea71a71110ebc317f3552cd7193c5743f72d5cac9257abe80346d15ee42930d5a85e16c02ea06f56c7e8811fb
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 43bb437d609866286dd839e1d00309f5
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 96861132665e8d66c0a91e6c02cc6639
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/d64167b6-f281-41d8-9535-6cb925e77aec.yaml b/yaml/d64167b6-f281-41d8-9535-6cb925e77aec.yaml
index 026b1d3d9..35f56c173 100644
--- a/yaml/d64167b6-f281-41d8-9535-6cb925e77aec.yaml
+++ b/yaml/d64167b6-f281-41d8-9535-6cb925e77aec.yaml
@@ -1,130 +1,130 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: d64167b6-f281-41d8-9535-6cb925e77aec
+Tags:
+- EneTechIo64.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create EneTechIo64.sys binPath=C:\windows\temp\EneTechIo64.sys     type=kernel
-    && sc.exe start EneTechIo64.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection: []
-Id: d64167b6-f281-41d8-9535-6cb925e77aec
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 0765c07a666231285972c3487acfc7b2
-    SHA1: 6b60825564b2dccff3a4f904b71541bfe94136c9
-    SHA256: 865e4bc7290fc3b380e266ccd98c2d4e965beb711d7efd090d052e8326accdd2
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2019-10-14 10:04:53'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: EneTechIo64.sys
-  ImportedFunctions:
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ObReferenceObjectByHandle
-  - IofCompleteRequest
-  - ZwClose
-  - ZwOpenSection
-  - ZwMapViewOfSection
-  - ZwUnmapViewOfSection
-  - RtlTimeToSecondsSince1970
-  - KeBugCheckEx
-  - ObfDereferenceObject
-  - RtlInitUnicodeString
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: d6e9f6c67d9b3d790d592557a7d57c3c
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 4a23d6ba4d088fbf637bb28fc6a99439
-    SHA1: 8f52c83c0f2612ced8898f1eb3f585c909d87254
-    SHA256: 7e972a6436525790aab04e43c9e149d9053d08e56ac404a93263b06c28664731
-  SHA1: a87d6eac2d70a3fbc04e59412326b28001c179de
-  SHA256: 06bda5a1594f7121acd2efe38ccb617fbc078bb9a70b665a5f5efd70e3013f50
-  Sections:
-    .text:
-      Entropy: 6.408882511640041
-      Virtual Size: '0x130e'
-    .rdata:
-      Entropy: 5.616144796481331
-      Virtual Size: '0x714'
-    .data:
-      Entropy: 3.75
-      Virtual Size: '0x10'
-    .pdata:
-      Entropy: 3.692470356444116
-      Virtual Size: '0x12c'
-    INIT:
-      Entropy: 5.223875821180386
-      Virtual Size: '0x2b2'
-    .reloc:
-      Entropy: 3.046439344671015
-      Virtual Size: '0x14'
-  Signature:
-  - Microsoft Windows Hardware Compatibility Publisher
-  - Microsoft Windows Third Party Component CA 2014
-  - Microsoft Root Certificate Authority 2010
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Hardware Compatibility Publisher
-      ValidFrom: '2019-06-05 18:34:00'
-      ValidTo: '2020-06-03 18:34:00'
-      Signature: 312314217055afc1a5751181c7d2d7619b23ba17166e6ae6f358b16921c925c6e3b75c31b93035f357c154fe4d347019e927db1957193b741e3371b46f4d6212b3bec972d6ff2297e8b1f2391f840045471ee31c524d4f5bf1cae4a32b73f6e48f51f777bb5b8a726db2a387c7c8df42289540f4f3d27b37d4ab4854efba809021879f3257d5670d70003a51d62bbc68e345a769f37ccb3ad336b7b3c494f5d56ef8300228d29835e5129b070742a220f83b6c9d5e2589cf2e7a1f7b59cfc81cda3232fc2fa448d736db546dc4b274cad3da83433deaa3eb9919b23ad08dc4055a8026711adcfccdb47d7a7c1adb2671ecc7198a786973807699a0ee236a46771f88913b769693b0b8ce9b002a40c2aa426edfd9a98368f89817b0d174458a390e11628e21f77e751431fae13831228e0e357610a24d89806d85390e9b3831792f62688bf04f91ee9a854b252452de7e752f39e57765a09a4ff41ae96144593a8a99688c6c9ad6b9fcaba1189ef2372b99e96db3fe6402b0e125b17f36c6f70fc1eb83257ce639b6c691a9ec031dddb9fa6536bb8e6080c9db976533f4ddfb73309b6498543cc94d3283d43668d614dd60a4fe707eb3b871da3204c534c8cc73cbc66aeb36cefd765439eef68d7ee9c515eb617f051a72097d0a25003df2dceccc9a0c4be1fd27e473955cc83ee9dba626748b1cb723c3b1c8b8ebc59321a0f5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 33000000319479a318f5522d06000000000031
-      Version: 3
-      TBS:
-        MD5: 5b81fd0f706522a8d7c9f2957283c0b4
-        SHA1: 84d894599653a8ed0e0b2802db3197dc177908cc
-        SHA256: 4fa629304df4287c97ae5b7e481974316e9daf776b0cdeffab1671e7dca68fb4
-        SHA384: 0b89dc122fc7ebf80881a5047ffbbcb0bec30636516aff4f43307e2a925a476cabfc26e2cc392ad748d655f6ec4c8b75
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2014
-      ValidFrom: '2014-10-15 20:31:27'
-      ValidTo: '2029-10-15 20:41:27'
-      Signature: 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 330000000d690d5d7893d076df00000000000d
-      Version: 3
-      TBS:
-        MD5: 83f69422963f11c3c340b81712eef319
-        SHA1: 0c5e5f24590b53bc291e28583acb78e5adc95601
-        SHA256: d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
-        SHA384: 260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63
-    Signer:
-    - SerialNumber: 33000000319479a318f5522d06000000000031
-      Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2014
-      Version: 1
-  Imphash: 23eb5ffc060c6c52546d38e2b63019bd
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create EneTechIo64.sys binPath=C:\windows\temp\EneTechIo64.sys     type=kernel
+        && sc.exe start EneTechIo64.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://github.com/hfiref0x/KDU/releases/tag/v1.2.0
 - https://gist.github.com/k4nfr3/af970e7facb09195e56f2112e1c9549c
-Tags:
-- EneTechIo64.sys
-Verified: 'TRUE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 0765c07a666231285972c3487acfc7b2
+        SHA1: 6b60825564b2dccff3a4f904b71541bfe94136c9
+        SHA256: 865e4bc7290fc3b380e266ccd98c2d4e965beb711d7efd090d052e8326accdd2
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2019-10-14 10:04:53'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: EneTechIo64.sys
+    ImportedFunctions:
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - ObReferenceObjectByHandle
+    - IofCompleteRequest
+    - ZwClose
+    - ZwOpenSection
+    - ZwMapViewOfSection
+    - ZwUnmapViewOfSection
+    - RtlTimeToSecondsSince1970
+    - KeBugCheckEx
+    - ObfDereferenceObject
+    - RtlInitUnicodeString
+    - HalTranslateBusAddress
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: d6e9f6c67d9b3d790d592557a7d57c3c
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 4a23d6ba4d088fbf637bb28fc6a99439
+        SHA1: 8f52c83c0f2612ced8898f1eb3f585c909d87254
+        SHA256: 7e972a6436525790aab04e43c9e149d9053d08e56ac404a93263b06c28664731
+    SHA1: a87d6eac2d70a3fbc04e59412326b28001c179de
+    SHA256: 06bda5a1594f7121acd2efe38ccb617fbc078bb9a70b665a5f5efd70e3013f50
+    Sections:
+        .text:
+            Entropy: 6.408882511640041
+            Virtual Size: '0x130e'
+        .rdata:
+            Entropy: 5.616144796481331
+            Virtual Size: '0x714'
+        .data:
+            Entropy: 3.75
+            Virtual Size: '0x10'
+        .pdata:
+            Entropy: 3.692470356444116
+            Virtual Size: '0x12c'
+        INIT:
+            Entropy: 5.223875821180386
+            Virtual Size: '0x2b2'
+        .reloc:
+            Entropy: 3.046439344671015
+            Virtual Size: '0x14'
+    Signature:
+    - Microsoft Windows Hardware Compatibility Publisher
+    - Microsoft Windows Third Party Component CA 2014
+    - Microsoft Root Certificate Authority 2010
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Hardware Compatibility Publisher
+            ValidFrom: '2019-06-05 18:34:00'
+            ValidTo: '2020-06-03 18:34:00'
+            Signature: 312314217055afc1a5751181c7d2d7619b23ba17166e6ae6f358b16921c925c6e3b75c31b93035f357c154fe4d347019e927db1957193b741e3371b46f4d6212b3bec972d6ff2297e8b1f2391f840045471ee31c524d4f5bf1cae4a32b73f6e48f51f777bb5b8a726db2a387c7c8df42289540f4f3d27b37d4ab4854efba809021879f3257d5670d70003a51d62bbc68e345a769f37ccb3ad336b7b3c494f5d56ef8300228d29835e5129b070742a220f83b6c9d5e2589cf2e7a1f7b59cfc81cda3232fc2fa448d736db546dc4b274cad3da83433deaa3eb9919b23ad08dc4055a8026711adcfccdb47d7a7c1adb2671ecc7198a786973807699a0ee236a46771f88913b769693b0b8ce9b002a40c2aa426edfd9a98368f89817b0d174458a390e11628e21f77e751431fae13831228e0e357610a24d89806d85390e9b3831792f62688bf04f91ee9a854b252452de7e752f39e57765a09a4ff41ae96144593a8a99688c6c9ad6b9fcaba1189ef2372b99e96db3fe6402b0e125b17f36c6f70fc1eb83257ce639b6c691a9ec031dddb9fa6536bb8e6080c9db976533f4ddfb73309b6498543cc94d3283d43668d614dd60a4fe707eb3b871da3204c534c8cc73cbc66aeb36cefd765439eef68d7ee9c515eb617f051a72097d0a25003df2dceccc9a0c4be1fd27e473955cc83ee9dba626748b1cb723c3b1c8b8ebc59321a0f5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 33000000319479a318f5522d06000000000031
+            Version: 3
+            TBS:
+                MD5: 5b81fd0f706522a8d7c9f2957283c0b4
+                SHA1: 84d894599653a8ed0e0b2802db3197dc177908cc
+                SHA256: 4fa629304df4287c97ae5b7e481974316e9daf776b0cdeffab1671e7dca68fb4
+                SHA384: 0b89dc122fc7ebf80881a5047ffbbcb0bec30636516aff4f43307e2a925a476cabfc26e2cc392ad748d655f6ec4c8b75
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2014
+            ValidFrom: '2014-10-15 20:31:27'
+            ValidTo: '2029-10-15 20:41:27'
+            Signature: 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 330000000d690d5d7893d076df00000000000d
+            Version: 3
+            TBS:
+                MD5: 83f69422963f11c3c340b81712eef319
+                SHA1: 0c5e5f24590b53bc291e28583acb78e5adc95601
+                SHA256: d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
+                SHA384: 260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63
+        Signer:
+        -   SerialNumber: 33000000319479a318f5522d06000000000031
+            Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2014
+            Version: 1
+    Imphash: 23eb5ffc060c6c52546d38e2b63019bd
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/d74fdf19-b4b0-4ec2-9c29-4213b064138b.yaml b/yaml/d74fdf19-b4b0-4ec2-9c29-4213b064138b.yaml
index 80448bf45..01edd08fe 100644
--- a/yaml/d74fdf19-b4b0-4ec2-9c29-4213b064138b.yaml
+++ b/yaml/d74fdf19-b4b0-4ec2-9c29-4213b064138b.yaml
@@ -1,217 +1,218 @@
 Id: d74fdf19-b4b0-4ec2-9c29-4213b064138b
+Tags:
+- irec.sys
+Verified: 'TRUE'
 Author: Nasreddine Bencherchali
 Created: '2023-05-11'
 MitreID: T1068
 Category: vulnerable driver
-Verified: 'TRUE'
 Commands:
-  Command: sc.exe create irec binPath=C:\windows\temp\irec.sys type=kernel && sc.exe
-    start irec.sys
-  Description: The driver in question, identified as \\.\IREC, provides an interface
-    for external programs to directly interact with system processes. Its key functionality
-    is encapsulated in the OPENPROCESS function which, upon receiving a Process ID
-    (PID), returns a handle to that specific process operating within the kernels
-    domain. The vulnerability emerges from the indiscriminate nature of this functionality.
-    An ill-intentioned actor can exploit this to obtain handles to critical processes
-    like LSASS. With a hardcoded access mask of 0x410, this driver essentially grants
-    PROCESS_QUERY_INFORMATION and PROCESS_VM_READ permissions, enabling unauthorized
-    memory dumps from privileged processes, all from an unprivileged context.
-  Usecase: Elevate privileges
-  Privileges: kernel
-  OperatingSystem: Windows 10
+    Command: sc.exe create irec binPath=C:\windows\temp\irec.sys type=kernel && sc.exe
+        start irec.sys
+    Description: The driver in question, identified as \\.\IREC, provides an interface
+        for external programs to directly interact with system processes. Its key
+        functionality is encapsulated in the OPENPROCESS function which, upon receiving
+        a Process ID (PID), returns a handle to that specific process operating within
+        the kernels domain. The vulnerability emerges from the indiscriminate nature
+        of this functionality. An ill-intentioned actor can exploit this to obtain
+        handles to critical processes like LSASS. With a hardcoded access mask of
+        0x410, this driver essentially grants PROCESS_QUERY_INFORMATION and PROCESS_VM_READ
+        permissions, enabling unauthorized memory dumps from privileged processes,
+        all from an unprivileged context.
+    Usecase: Elevate privileges
+    Privileges: kernel
+    OperatingSystem: Windows 10
 Resources:
 - https://blog.dru1d.ninja/windows-driver-exploit-development-irec-sys-a5eb45093945
 - https://gist.github.com/dru1d-foofus/1af21179f253879f101c3a8d4f718bf0
 - https://www.binalyze.com/irec
-Acknowledgement:
-  Person: Michael Alfaro (@_mmpte_software), Tyler Booth
-  Handle: '@tyler_dru1d'
 Detection: []
+Acknowledgement:
+    Person: Michael Alfaro (@_mmpte_software), Tyler Booth
+    Handle: '@tyler_dru1d'
 KnownVulnerableSamples:
-- Filename: irec.sys
-  MD5: f1a203406a680cc7e4017844b129dcbf
-  SHA1: d2fb46277c36498e87d0f47415b7980440d40e3d
-  SHA256: dd573f23d656818036fc9ae1064eda31aca86acb9bc44a6e127db3ea112a9094
-  Authentihash:
-    MD5: 3a6ceda4dfa265ed536cbabe0f1d4466
-    SHA1: 719f659300ba463efeeab5916f0378c64fc1ad4a
-    SHA256: 457e2eb5ee1def0e336463b7f62dcc02fdde307b817cf750907a5f5465c4dcb7
-  Description: ''
-  Company: ''
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  Product: ''
-  ProductVersion: ''
-  Copyright: ''
-  MachineType: AMD64
-  Imports:
-  - FLTMGR.SYS
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - FltRegisterFilter
-  - FltUnregisterFilter
-  - FltStartFiltering
-  - FltGetFileNameInformation
-  - FltReleaseFileNameInformation
-  - FltParseFileNameInformation
-  - FltAttachVolume
-  - FltAllocateContext
-  - FltSetInstanceContext
-  - FltDeleteInstanceContext
-  - FltGetInstanceContext
-  - FltReleaseContext
-  - FltEnumerateVolumes
-  - FltObjectDereference
-  - FltCloseCommunicationPort
-  - FltGetRequestorProcessId
-  - DbgPrint
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - RtlIntegerToUnicodeString
-  - RtlAppendUnicodeToString
-  - KeInitializeEvent
-  - KeWaitForSingleObject
-  - KeAcquireSpinLockAtDpcLevel
-  - KeReleaseSpinLockFromDpcLevel
-  - MmProbeAndLockPages
-  - IoAllocateIrp
-  - IoAllocateMdl
-  - IoFreeIrp
-  - IoFreeMdl
-  - IoGetDeviceObjectPointer
-  - ObfReferenceObject
-  - ObfDereferenceObject
-  - ZwClose
-  - ZwOpenSymbolicLinkObject
-  - ZwQuerySymbolicLinkObject
-  - IoGetDeviceAttachmentBaseRef
-  - IoGetStackLimits
-  - FsRtlIsNameInExpression
-  - strncpy
-  - wcsncpy
-  - wcsstr
-  - RtlInitUnicodeString
-  - RtlGetVersion
-  - MmGetSystemRoutineAddress
-  - MmIsDriverVerifying
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - IoGetRelatedDeviceObject
-  - ObReferenceObjectByHandle
-  - ObCloseHandle
-  - PsGetCurrentProcessId
-  - IoCreateFileSpecifyDeviceObjectHint
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - IoFileObjectType
-  - PsProcessType
-  - MmHighestUserAddress
-  - RtlInt64ToUnicodeString
-  - RtlCompareUnicodeString
-  - RtlAppendUnicodeStringToString
-  - ObQueryNameString
-  - ZwQueryObject
-  - ZwOpenDirectoryObject
-  - _vsnwprintf
-  - ObOpenObjectByName
-  - ZwQueryDirectoryObject
-  - ZwQueryInformationProcess
-  - ZwQueryInformationThread
-  - IoDriverObjectType
-  - _stricmp
-  - RtlFreeUnicodeString
-  - KeInitializeMutex
-  - ExSystemTimeToLocalTime
-  - PsSetCreateProcessNotifyRoutine
-  - PsGetProcessCreateTimeQuadPart
-  - ZwOpenProcess
-  - RtlConvertSidToUnicodeString
-  - PsReferencePrimaryToken
-  - PsLookupProcessByProcessId
-  - ObOpenObjectByPointer
-  - ZwQueryInformationToken
-  - PsGetProcessImageFileName
-  - PsGetProcessSectionBaseAddress
-  - ZwQuerySystemInformation
-  - PsGetProcessId
-  - KeRevertToUserAffinityThread
-  - KeSetSystemAffinityThread
-  - ZwOpenSection
-  - ZwMapViewOfSection
-  - ZwUnmapViewOfSection
-  - MmGetPhysicalMemoryRanges
-  - __C_specific_handler
-  - KeDelayExecutionThread
-  - ProbeForRead
-  - KeBugCheckEx
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Hardware Compatibility Publisher
-      ValidFrom: '2020-12-15 22:25:28'
-      ValidTo: '2021-12-02 22:25:28'
-      Signature: 3a8e15af3660c47a1def4303906af38b6ca69186409b4f44ebe8106ece701f6e00e734fe1d0bb290d1496c3f17859e1f9ff1f31080dd8bfd2bb5013956c2f49ffe73916654f04c35b9df2fb27c55a71df3d8e1f25185d398abed244b42e27741c0b1c953c139c011b801f00e80ea992005a1305dd65bcb2032790b0d87636b75d2fb8f431546cd906ab0a55083a26d2649d822871b6aacd1b4d8c74ea2366903eeb318e7826db64e3a858d6377cf2f9a628f21d6ef65279603c18d25d365dd370cef1a45527deec589a331a221c909a8b0d2010d078970678c648d62168056e3b775233eac20e50cc039a85900749f627a419e8959fcf21efc89da76426107e43261ccdcaebad659b89abfdd5d1a78e9d438868b9ff58cac5176bddff8c8dd11008ed72ed249bb7d78af559b04561e6b44aae7846b103d2db8c0e31a5f661851f97acba0757b474c1caa49cf8eed86de15a4118743a418b6b415e7770265801ba51061b5d32125ed5ba1e27fe83ac795f9cc868949b14d59eb4f596763da9102f9e6ae8fe92de61d68af67a906e0be424f5c81dcecd4d190953a66384c3b5fe33f7b402a0934c2befd4a51b2f2850ef05e156fc4e1460eab2f67e3cbc999db761f57970ccafbc49040e999965f5306c1f5c90ce172d889a3aa63ec502a60020b2a7b4fff562b9dc5c50a8e06bc52f04ff0fe535591e2e6b7325239666152819a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 33000000433a68189e33902987000000000043
-      Version: 3
-      TBS:
-        MD5: 3d790bd5602e84a4aa8560133ced0a41
-        SHA1: 909e31e3e3808ab55d508fc0ba47e0132a57d7ab
-        SHA256: ac1acbcba260f10270527c3762457c1b96818466df9da51dfec3b147c90db453
-        SHA384: c548f472f381df2da149c036e2f47be20293838eb23adce5e1b0ad1ba1fe8c33f688528452146c87dcb26070a2a23ced
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2014
-      ValidFrom: '2014-10-15 20:31:27'
-      ValidTo: '2029-10-15 20:41:27'
-      Signature: 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 330000000d690d5d7893d076df00000000000d
-      Version: 3
-      TBS:
-        MD5: 83f69422963f11c3c340b81712eef319
-        SHA1: 0c5e5f24590b53bc291e28583acb78e5adc95601
-        SHA256: d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
-        SHA384: 260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63
-    Signer:
-    - SerialNumber: 33000000433a68189e33902987000000000043
-      Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2014
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 0da13196398d66f818326c83ae18ca08
-    SHA1: 205d5414069dbce2b6e6721a3538dcea0ed136ad
-    SHA256: 82ac138eb1bc938af7fb04af2c1c532827e41af25a3d3500006a3f7cb3327f54
-  Sections:
-    .text:
-      Entropy: 5.802383883721242
-      Virtual Size: '0xb475'
-    .rdata:
-      Entropy: 5.163720787898298
-      Virtual Size: '0x3e28'
-    .data:
-      Entropy: 4.344234095756882
-      Virtual Size: '0x72d0'
-    .pdata:
-      Entropy: 4.596185144612191
-      Virtual Size: '0x408'
-    INIT:
-      Entropy: 5.375836659289259
-      Virtual Size: '0xd12'
-    .reloc:
-      Entropy: 3.842459215777256
-      Virtual Size: '0x50'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2021-05-30 13:17:53'
-  Imphash: 3ee1cb6085fbe05e46e2b88493426848
-  LoadsDespiteHVCI: 'FALSE'
-Tags:
-- irec.sys
+-   Filename: irec.sys
+    MD5: f1a203406a680cc7e4017844b129dcbf
+    SHA1: d2fb46277c36498e87d0f47415b7980440d40e3d
+    SHA256: dd573f23d656818036fc9ae1064eda31aca86acb9bc44a6e127db3ea112a9094
+    Authentihash:
+        MD5: 3a6ceda4dfa265ed536cbabe0f1d4466
+        SHA1: 719f659300ba463efeeab5916f0378c64fc1ad4a
+        SHA256: 457e2eb5ee1def0e336463b7f62dcc02fdde307b817cf750907a5f5465c4dcb7
+    Description: ''
+    Company: ''
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    Product: ''
+    ProductVersion: ''
+    Copyright: ''
+    MachineType: AMD64
+    Imports:
+    - FLTMGR.SYS
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - FltRegisterFilter
+    - FltUnregisterFilter
+    - FltStartFiltering
+    - FltGetFileNameInformation
+    - FltReleaseFileNameInformation
+    - FltParseFileNameInformation
+    - FltAttachVolume
+    - FltAllocateContext
+    - FltSetInstanceContext
+    - FltDeleteInstanceContext
+    - FltGetInstanceContext
+    - FltReleaseContext
+    - FltEnumerateVolumes
+    - FltObjectDereference
+    - FltCloseCommunicationPort
+    - FltGetRequestorProcessId
+    - DbgPrint
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - RtlIntegerToUnicodeString
+    - RtlAppendUnicodeToString
+    - KeInitializeEvent
+    - KeWaitForSingleObject
+    - KeAcquireSpinLockAtDpcLevel
+    - KeReleaseSpinLockFromDpcLevel
+    - MmProbeAndLockPages
+    - IoAllocateIrp
+    - IoAllocateMdl
+    - IoFreeIrp
+    - IoFreeMdl
+    - IoGetDeviceObjectPointer
+    - ObfReferenceObject
+    - ObfDereferenceObject
+    - ZwClose
+    - ZwOpenSymbolicLinkObject
+    - ZwQuerySymbolicLinkObject
+    - IoGetDeviceAttachmentBaseRef
+    - IoGetStackLimits
+    - FsRtlIsNameInExpression
+    - strncpy
+    - wcsncpy
+    - wcsstr
+    - RtlInitUnicodeString
+    - RtlGetVersion
+    - MmGetSystemRoutineAddress
+    - MmIsDriverVerifying
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - IoGetRelatedDeviceObject
+    - ObReferenceObjectByHandle
+    - ObCloseHandle
+    - PsGetCurrentProcessId
+    - IoCreateFileSpecifyDeviceObjectHint
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - IoFileObjectType
+    - PsProcessType
+    - MmHighestUserAddress
+    - RtlInt64ToUnicodeString
+    - RtlCompareUnicodeString
+    - RtlAppendUnicodeStringToString
+    - ObQueryNameString
+    - ZwQueryObject
+    - ZwOpenDirectoryObject
+    - _vsnwprintf
+    - ObOpenObjectByName
+    - ZwQueryDirectoryObject
+    - ZwQueryInformationProcess
+    - ZwQueryInformationThread
+    - IoDriverObjectType
+    - _stricmp
+    - RtlFreeUnicodeString
+    - KeInitializeMutex
+    - ExSystemTimeToLocalTime
+    - PsSetCreateProcessNotifyRoutine
+    - PsGetProcessCreateTimeQuadPart
+    - ZwOpenProcess
+    - RtlConvertSidToUnicodeString
+    - PsReferencePrimaryToken
+    - PsLookupProcessByProcessId
+    - ObOpenObjectByPointer
+    - ZwQueryInformationToken
+    - PsGetProcessImageFileName
+    - PsGetProcessSectionBaseAddress
+    - ZwQuerySystemInformation
+    - PsGetProcessId
+    - KeRevertToUserAffinityThread
+    - KeSetSystemAffinityThread
+    - ZwOpenSection
+    - ZwMapViewOfSection
+    - ZwUnmapViewOfSection
+    - MmGetPhysicalMemoryRanges
+    - __C_specific_handler
+    - KeDelayExecutionThread
+    - ProbeForRead
+    - KeBugCheckEx
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Hardware Compatibility Publisher
+            ValidFrom: '2020-12-15 22:25:28'
+            ValidTo: '2021-12-02 22:25:28'
+            Signature: 3a8e15af3660c47a1def4303906af38b6ca69186409b4f44ebe8106ece701f6e00e734fe1d0bb290d1496c3f17859e1f9ff1f31080dd8bfd2bb5013956c2f49ffe73916654f04c35b9df2fb27c55a71df3d8e1f25185d398abed244b42e27741c0b1c953c139c011b801f00e80ea992005a1305dd65bcb2032790b0d87636b75d2fb8f431546cd906ab0a55083a26d2649d822871b6aacd1b4d8c74ea2366903eeb318e7826db64e3a858d6377cf2f9a628f21d6ef65279603c18d25d365dd370cef1a45527deec589a331a221c909a8b0d2010d078970678c648d62168056e3b775233eac20e50cc039a85900749f627a419e8959fcf21efc89da76426107e43261ccdcaebad659b89abfdd5d1a78e9d438868b9ff58cac5176bddff8c8dd11008ed72ed249bb7d78af559b04561e6b44aae7846b103d2db8c0e31a5f661851f97acba0757b474c1caa49cf8eed86de15a4118743a418b6b415e7770265801ba51061b5d32125ed5ba1e27fe83ac795f9cc868949b14d59eb4f596763da9102f9e6ae8fe92de61d68af67a906e0be424f5c81dcecd4d190953a66384c3b5fe33f7b402a0934c2befd4a51b2f2850ef05e156fc4e1460eab2f67e3cbc999db761f57970ccafbc49040e999965f5306c1f5c90ce172d889a3aa63ec502a60020b2a7b4fff562b9dc5c50a8e06bc52f04ff0fe535591e2e6b7325239666152819a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 33000000433a68189e33902987000000000043
+            Version: 3
+            TBS:
+                MD5: 3d790bd5602e84a4aa8560133ced0a41
+                SHA1: 909e31e3e3808ab55d508fc0ba47e0132a57d7ab
+                SHA256: ac1acbcba260f10270527c3762457c1b96818466df9da51dfec3b147c90db453
+                SHA384: c548f472f381df2da149c036e2f47be20293838eb23adce5e1b0ad1ba1fe8c33f688528452146c87dcb26070a2a23ced
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2014
+            ValidFrom: '2014-10-15 20:31:27'
+            ValidTo: '2029-10-15 20:41:27'
+            Signature: 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 330000000d690d5d7893d076df00000000000d
+            Version: 3
+            TBS:
+                MD5: 83f69422963f11c3c340b81712eef319
+                SHA1: 0c5e5f24590b53bc291e28583acb78e5adc95601
+                SHA256: d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
+                SHA384: 260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63
+        Signer:
+        -   SerialNumber: 33000000433a68189e33902987000000000043
+            Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2014
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 0da13196398d66f818326c83ae18ca08
+        SHA1: 205d5414069dbce2b6e6721a3538dcea0ed136ad
+        SHA256: 82ac138eb1bc938af7fb04af2c1c532827e41af25a3d3500006a3f7cb3327f54
+    Sections:
+        .text:
+            Entropy: 5.802383883721242
+            Virtual Size: '0xb475'
+        .rdata:
+            Entropy: 5.163720787898298
+            Virtual Size: '0x3e28'
+        .data:
+            Entropy: 4.344234095756882
+            Virtual Size: '0x72d0'
+        .pdata:
+            Entropy: 4.596185144612191
+            Virtual Size: '0x408'
+        INIT:
+            Entropy: 5.375836659289259
+            Virtual Size: '0xd12'
+        .reloc:
+            Entropy: 3.842459215777256
+            Virtual Size: '0x50'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2021-05-30 13:17:53'
+    Imphash: 3ee1cb6085fbe05e46e2b88493426848
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/d819bee2-3bff-481f-a301-acc3d1f5fe58.yaml b/yaml/d819bee2-3bff-481f-a301-acc3d1f5fe58.yaml
index 3b6f39fde..108fcc4a8 100644
--- a/yaml/d819bee2-3bff-481f-a301-acc3d1f5fe58.yaml
+++ b/yaml/d819bee2-3bff-481f-a301-acc3d1f5fe58.yaml
@@ -1,204 +1,204 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: d819bee2-3bff-481f-a301-acc3d1f5fe58
+Tags:
+- Se64a.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create Se64a.sys binPath=C:\windows\temp\Se64a.sys type=kernel &&
-    sc.exe start Se64a.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/6cb51ae871fbd5d07c5aad6ff8eea43d34063089528603ca9ceb8b4f52f68ddc.yara
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: d819bee2-3bff-481f-a301-acc3d1f5fe58
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 46f46abcb9e3ba747c2a2904babe38c0
-    SHA1: a4e8e3268569acc0a0b3f6eada713c0fa8825463
-    SHA256: 04cfb452e1ac73fb2f3b8a80d9f27e19a344a6bf0f74c7f9cae3ae82d3770195
-  Company: EnTech Taiwan
-  Copyright: Copyright (c) EnTech Taiwan, 2004-2006.
-  CreationTimestamp: '2007-05-02 23:50:31'
-  Date: ''
-  Description: EnTech softEngine x64 kernel-mode driver
-  ExportedFunctions: ''
-  FileVersion: '1.1'
-  Filename: Se64a.sys
-  ImportedFunctions:
-  - ZwOpenSection
-  - RtlInitUnicodeString
-  - DbgPrint
-  - IofCompleteRequest
-  - ZwUnmapViewOfSection
-  - RtlCopyMemory
-  - ObReferenceObjectByHandle
-  - KeEnterCriticalRegion
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - ZwMapViewOfSection
-  - KeLeaveCriticalRegion
-  - ZwClose
-  - HalTranslateBusAddress
-  - HalGetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: se64a.sys
-  MD5: 0a6a1c9a7f80a2a5dcced5c4c0473765
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: se64a.sys
-  Product: softEngine-x64
-  ProductVersion: '2.1'
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: d8769f69d7da8cd49f23e0c53b4f6691
-    SHA1: a365bf7da477b9e6968d87efe1d4102ae5e7824d
-    SHA256: b26a02d19f2fa49a4edd90db93906a66715b28742990f193c8e206c2e2e83809
-  SHA1: 33285b2e97a0aeb317166cce91f6733cf9c1ad53
-  SHA256: 6cb51ae871fbd5d07c5aad6ff8eea43d34063089528603ca9ceb8b4f52f68ddc
-  Sections:
-    .text:
-      Entropy: 5.93130241752649
-      Virtual Size: '0x6c6'
-    .rdata:
-      Entropy: 4.190891588241376
-      Virtual Size: '0x15c'
-    .data:
-      Entropy: 1.5223397931278442
-      Virtual Size: '0x80'
-    .pdata:
-      Entropy: 2.754900337629122
-      Virtual Size: '0x3c'
-    INIT:
-      Entropy: 4.515964863332142
-      Virtual Size: '0x252'
-    .rsrc:
-      Entropy: 3.2868225931904593
-      Virtual Size: '0x370'
-  Signature:
-  - EnTech Taiwan
-  - GlobalSign ObjectSign CA
-  - GlobalSign Primary Object Publishing CA
-  - GlobalSign Root CA - R1
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=TW, O=EnTech Taiwan, CN=EnTech Taiwan, emailAddress=support@entechtaiwan.com
-      ValidFrom: '2006-09-25 13:13:42'
-      ValidTo: '2007-09-25 13:13:42'
-      Signature: 739a954688a5bb20b2eb536c3f48cd6e12268b1f20d7c8919b33fe01a7bce0f1b635aa818464902885ff85b54359fc618e27daed7251ddd7b69aadfa93934e4984a4df006169520d8153e467cdda6346d13de5534c458dc65d8cee53d40449ddf07c0141baaf5c5027a3ffa82282697be813b8bfd97f2ba1ca2cfb12a20c6962e5bd556fb794d67bd6d3d6f8db113a64833073294431ed9bfa94dd7d62ec07c6093c7fbdba8663fcff1b5d8c6f6322d236abfacc681f9aaf5711fb415e1622d125175ea225f785983e05f56cd7f3dede31c4faea8272570ea3079a8085a8333d348780b35d671479caef0f7d1c23da8bf317ca12b50da33f87f24a4c1b9766b5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0100000000010de51c0971
-      Version: 3
-      TBS:
-        MD5: 2fa8071fc8b4266de6fbcd201437b3a5
-        SHA1: 4b937982ab09b70f8676542f39a883a4294d3fca
-        SHA256: 6934f8f9093cbf62b6af5802405c022d546a33427b98b882522ce29190ae082f
-        SHA384: 11c9878017cbfd40b61344b4b9106d38c1a5660c9192257a58921828c9f216a3e4d5ec36af3924f75cff64499cc9f0f5
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
-        Primary Object Publishing CA
-      ValidFrom: '1999-01-28 12:00:00'
-      ValidTo: '2014-01-27 11:00:00'
-      Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9611cd6
-      Version: 3
-      TBS:
-        MD5: 698f075151097d84c0b1f3e7bc3d6fca
-        SHA1: 041750993d7c9e063f02dfe74699598640911aab
-        SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
-        SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2008-12-03 23:59:59'
-      Signature: 877870da4e5201205be079c98230c4fdb91996bd9100c3bdcdcdc6f40ed8fff94dc033623011c5f5741bd492de5f9c2013b17c45be50cd83e7801783a72793671346fbcab8984103cc9b515b058b7fa86ff31b501b242ef2698d6c22f7bbca1695ed0c74c06877d9eb996287c17390f889747a23aba3987b97b1f78f29714d2e751b4841daf0b50d2054d677a097826369fd09cf8af075bb099bd9f91155269a6132be7a02b07b86bea2c38b222c78d13576bc92735cf9b9e64c150a23cce4d2d4342e4940153c0f607a24c6a566ef96cf70eb3ee7f40d7edcd17ca3767169c19c4f47303521b1a2af1a623c2bd98eaa2a077bd818b35c7be29da56ffe3c89ad
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0de92bf0d4d82988183205095e9a7688
-      Version: 3
-      TBS:
-        MD5: 45c204b8a20f6abb0188d2d38a3fb0c9
-        SHA1: cdf3a3c5c2eda4c29621f30fd3154f9f8c765739
-        SHA256: e32839dddc0f4ed2474efaf37f59d46db400c700fd19533cb0895a111124bc77
-        SHA384: ee9c75832cb252218b3201619852209df490d2ef7a5f7a28afdb37f1c1dd56f4604898838e558f615b1c798d4a488223
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      ValidFrom: '2004-01-22 09:00:00'
-      ValidTo: '2014-01-27 10:00:00'
-      Signature: 11d45d8af43d0d9d7e4fa70071610b56b34caa70e1b2d1dec7886d1d897c2ba946e58b1f8e4cc26695911fe34d394ae31b70b7446edc068a4d6d25e89812dcbca0dd864eae8f81130540905a542529944acaf165b4ef0679dae7cb86f004c918dcee72b320015748dfe333e12ccd9c077f9447278d888d340ca67c5c20c17d07b3736b648c26d29bd7e87965a6a891a174862a050282c1847cf279cd3c2a2b0f99291eea8c8a1ab16aeaa266380e65e1add8c6c91f888d3976ee1782c4138d97ce6341e77af5b4b66c15c33813b3930b620688dde1447f10a950248b60dc05f75ba514b27b56720b96eabffc057090659e051ca4dd07af4b57dec639673bc574
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9612448
-      Version: 3
-      TBS:
-        MD5: 2fc76031fc24eec1ef3db2d246d21d6a
-        SHA1: 75c3a1f76b9dfa31ef6bf56325e7bd0bf6e4779d
-        SHA256: 9238292d441c56dc89684c253343c17de3ed9cecd7f83d1d8f793b5ebc91f7b9
-        SHA384: 9279c1377eb701fdd79ef85038ff151cd8902169ba55fca84b9850f003563f73a1daaf869544252a2e42f06f58d2275f
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 0100000000010de51c0971
-      Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      Version: 1
-  Imphash: 626c8ecbc636968157d73f18ac315926
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create Se64a.sys binPath=C:\windows\temp\Se64a.sys type=kernel
+        && sc.exe start Se64a.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://github.com/namazso/physmem_drivers
-Tags:
-- Se64a.sys
-Verified: 'TRUE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/6cb51ae871fbd5d07c5aad6ff8eea43d34063089528603ca9ceb8b4f52f68ddc.yara
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 46f46abcb9e3ba747c2a2904babe38c0
+        SHA1: a4e8e3268569acc0a0b3f6eada713c0fa8825463
+        SHA256: 04cfb452e1ac73fb2f3b8a80d9f27e19a344a6bf0f74c7f9cae3ae82d3770195
+    Company: EnTech Taiwan
+    Copyright: Copyright (c) EnTech Taiwan, 2004-2006.
+    CreationTimestamp: '2007-05-02 23:50:31'
+    Date: ''
+    Description: EnTech softEngine x64 kernel-mode driver
+    ExportedFunctions: ''
+    FileVersion: '1.1'
+    Filename: Se64a.sys
+    ImportedFunctions:
+    - ZwOpenSection
+    - RtlInitUnicodeString
+    - DbgPrint
+    - IofCompleteRequest
+    - ZwUnmapViewOfSection
+    - RtlCopyMemory
+    - ObReferenceObjectByHandle
+    - KeEnterCriticalRegion
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - ZwMapViewOfSection
+    - KeLeaveCriticalRegion
+    - ZwClose
+    - HalTranslateBusAddress
+    - HalGetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: se64a.sys
+    MD5: 0a6a1c9a7f80a2a5dcced5c4c0473765
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: se64a.sys
+    Product: softEngine-x64
+    ProductVersion: '2.1'
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: d8769f69d7da8cd49f23e0c53b4f6691
+        SHA1: a365bf7da477b9e6968d87efe1d4102ae5e7824d
+        SHA256: b26a02d19f2fa49a4edd90db93906a66715b28742990f193c8e206c2e2e83809
+    SHA1: 33285b2e97a0aeb317166cce91f6733cf9c1ad53
+    SHA256: 6cb51ae871fbd5d07c5aad6ff8eea43d34063089528603ca9ceb8b4f52f68ddc
+    Sections:
+        .text:
+            Entropy: 5.93130241752649
+            Virtual Size: '0x6c6'
+        .rdata:
+            Entropy: 4.190891588241376
+            Virtual Size: '0x15c'
+        .data:
+            Entropy: 1.5223397931278442
+            Virtual Size: '0x80'
+        .pdata:
+            Entropy: 2.754900337629122
+            Virtual Size: '0x3c'
+        INIT:
+            Entropy: 4.515964863332142
+            Virtual Size: '0x252'
+        .rsrc:
+            Entropy: 3.2868225931904593
+            Virtual Size: '0x370'
+    Signature:
+    - EnTech Taiwan
+    - GlobalSign ObjectSign CA
+    - GlobalSign Primary Object Publishing CA
+    - GlobalSign Root CA - R1
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=TW, O=EnTech Taiwan, CN=EnTech Taiwan, emailAddress=support@entechtaiwan.com
+            ValidFrom: '2006-09-25 13:13:42'
+            ValidTo: '2007-09-25 13:13:42'
+            Signature: 739a954688a5bb20b2eb536c3f48cd6e12268b1f20d7c8919b33fe01a7bce0f1b635aa818464902885ff85b54359fc618e27daed7251ddd7b69aadfa93934e4984a4df006169520d8153e467cdda6346d13de5534c458dc65d8cee53d40449ddf07c0141baaf5c5027a3ffa82282697be813b8bfd97f2ba1ca2cfb12a20c6962e5bd556fb794d67bd6d3d6f8db113a64833073294431ed9bfa94dd7d62ec07c6093c7fbdba8663fcff1b5d8c6f6322d236abfacc681f9aaf5711fb415e1622d125175ea225f785983e05f56cd7f3dede31c4faea8272570ea3079a8085a8333d348780b35d671479caef0f7d1c23da8bf317ca12b50da33f87f24a4c1b9766b5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0100000000010de51c0971
+            Version: 3
+            TBS:
+                MD5: 2fa8071fc8b4266de6fbcd201437b3a5
+                SHA1: 4b937982ab09b70f8676542f39a883a4294d3fca
+                SHA256: 6934f8f9093cbf62b6af5802405c022d546a33427b98b882522ce29190ae082f
+                SHA384: 11c9878017cbfd40b61344b4b9106d38c1a5660c9192257a58921828c9f216a3e4d5ec36af3924f75cff64499cc9f0f5
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
+                Primary Object Publishing CA
+            ValidFrom: '1999-01-28 12:00:00'
+            ValidTo: '2014-01-27 11:00:00'
+            Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9611cd6
+            Version: 3
+            TBS:
+                MD5: 698f075151097d84c0b1f3e7bc3d6fca
+                SHA1: 041750993d7c9e063f02dfe74699598640911aab
+                SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
+                SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2008-12-03 23:59:59'
+            Signature: 877870da4e5201205be079c98230c4fdb91996bd9100c3bdcdcdc6f40ed8fff94dc033623011c5f5741bd492de5f9c2013b17c45be50cd83e7801783a72793671346fbcab8984103cc9b515b058b7fa86ff31b501b242ef2698d6c22f7bbca1695ed0c74c06877d9eb996287c17390f889747a23aba3987b97b1f78f29714d2e751b4841daf0b50d2054d677a097826369fd09cf8af075bb099bd9f91155269a6132be7a02b07b86bea2c38b222c78d13576bc92735cf9b9e64c150a23cce4d2d4342e4940153c0f607a24c6a566ef96cf70eb3ee7f40d7edcd17ca3767169c19c4f47303521b1a2af1a623c2bd98eaa2a077bd818b35c7be29da56ffe3c89ad
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0de92bf0d4d82988183205095e9a7688
+            Version: 3
+            TBS:
+                MD5: 45c204b8a20f6abb0188d2d38a3fb0c9
+                SHA1: cdf3a3c5c2eda4c29621f30fd3154f9f8c765739
+                SHA256: e32839dddc0f4ed2474efaf37f59d46db400c700fd19533cb0895a111124bc77
+                SHA384: ee9c75832cb252218b3201619852209df490d2ef7a5f7a28afdb37f1c1dd56f4604898838e558f615b1c798d4a488223
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            ValidFrom: '2004-01-22 09:00:00'
+            ValidTo: '2014-01-27 10:00:00'
+            Signature: 11d45d8af43d0d9d7e4fa70071610b56b34caa70e1b2d1dec7886d1d897c2ba946e58b1f8e4cc26695911fe34d394ae31b70b7446edc068a4d6d25e89812dcbca0dd864eae8f81130540905a542529944acaf165b4ef0679dae7cb86f004c918dcee72b320015748dfe333e12ccd9c077f9447278d888d340ca67c5c20c17d07b3736b648c26d29bd7e87965a6a891a174862a050282c1847cf279cd3c2a2b0f99291eea8c8a1ab16aeaa266380e65e1add8c6c91f888d3976ee1782c4138d97ce6341e77af5b4b66c15c33813b3930b620688dde1447f10a950248b60dc05f75ba514b27b56720b96eabffc057090659e051ca4dd07af4b57dec639673bc574
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9612448
+            Version: 3
+            TBS:
+                MD5: 2fc76031fc24eec1ef3db2d246d21d6a
+                SHA1: 75c3a1f76b9dfa31ef6bf56325e7bd0bf6e4779d
+                SHA256: 9238292d441c56dc89684c253343c17de3ed9cecd7f83d1d8f793b5ebc91f7b9
+                SHA384: 9279c1377eb701fdd79ef85038ff151cd8902169ba55fca84b9850f003563f73a1daaf869544252a2e42f06f58d2275f
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 0100000000010de51c0971
+            Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            Version: 1
+    Imphash: 626c8ecbc636968157d73f18ac315926
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/d827f7a6-1832-4ddb-90dd-7a8cf1c7f25e.yaml b/yaml/d827f7a6-1832-4ddb-90dd-7a8cf1c7f25e.yaml
index c42ea9f58..45259a682 100644
--- a/yaml/d827f7a6-1832-4ddb-90dd-7a8cf1c7f25e.yaml
+++ b/yaml/d827f7a6-1832-4ddb-90dd-7a8cf1c7f25e.yaml
@@ -1,149 +1,149 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: d827f7a6-1832-4ddb-90dd-7a8cf1c7f25e
+Tags:
+- LcTkA.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: malicious
-Commands:
-  Command: sc.exe create LcTkA.sys binPath=C:\windows\temp\LcTkA.sys type=kernel &&
-    sc.exe start LcTkA.sys
-  Description: "SentinelOne has observed prominent threat actors abusing legitimately\
-    \ signed Microsoft drivers in active intrusions into telecommunication, BPO, MSSP,\
-    \ and financial services businesses.\nInvestigations into these intrusions led\
-    \ to the discovery of POORTRY and STONESTOP malware, part of a small toolkit designed\
-    \ to terminate AV and EDR processes.\nWe first reported our discovery to Microsoft\u2019\
-    s Security Response Center (MSRC) in October 2022 and received an official case\
-    \ number (75361). Today, MSRC released an associated advisory under ADV220005.\n\
-    This research is being released alongside Mandiant, a SentinelOne technology and\
-    \ incident response partner. "
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-03-04'
-Detection: []
-Id: d827f7a6-1832-4ddb-90dd-7a8cf1c7f25e
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: b663d79a688800d84065ccc2809874b7
-    SHA1: 46a9d9e9904ba5f4c011ad69d0795969c721c662
-    SHA256: 675329ef7a63a7c58d3daa6cb5c6e299143decec7a149c36a6bfe204bbf0407e
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2022-10-02 13:48:02'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: LcTkA.sys
-  ImportedFunctions:
-  - KeInitializeEvent
-  - HalReturnToFirmware
-  - ExAllocatePool
-  - NtQuerySystemInformation
-  - ExFreePoolWithTag
-  - IoAllocateMdl
-  - MmProbeAndLockPages
-  - MmMapLockedPagesSpecifyCache
-  - MmUnlockPages
-  - IoFreeMdl
-  - KeQueryActiveProcessors
-  - KeSetSystemAffinityThread
-  - KeRevertToUserAffinityThread
-  - DbgPrint
-  - KeQueryPerformanceCounter
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: 909f3fc221acbe999483c87d9ead024a
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: ffdf660eb1ebf020a1d0a55a90712dfb
-    SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
-    SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
-  SHA1: b2f955b3e6107f831ebe67997f8586d4fe9f3e98
-  SHA256: c8f9e1ad7b8cce62fba349a00bc168c849d42cfb2ca5b2c6cc4b51d054e0c497
-  Sections:
-    .text:
-      Entropy: 0.0
-      Virtual Size: '0x266e'
-    .rdata:
-      Entropy: 0.0
-      Virtual Size: '0x68c'
-    .data:
-      Entropy: 0.0
-      Virtual Size: '0x78'
-    .pdata:
-      Entropy: 0.0
-      Virtual Size: '0x18c'
-    INIT:
-      Entropy: 0.0
-      Virtual Size: '0x550'
-    ."!b:
-      Entropy: 0.0
-      Virtual Size: '0x14e2da'
-    .t{f:
-      Entropy: 0.8144190015462619
-      Virtual Size: '0x280'
-    .Kl$:
-      Entropy: 7.704385920634162
-      Virtual Size: '0x2968c0'
-    .reloc:
-      Entropy: 3.7856601791711784
-      Virtual Size: '0xc4'
-  Signature:
-  - Microsoft Windows Hardware Compatibility Publisher
-  - Microsoft Windows Third Party Component CA 2014
-  - Microsoft Root Certificate Authority 2010
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Hardware Compatibility Publisher
-      ValidFrom: '2022-06-07 18:08:06'
-      ValidTo: '2023-06-01 18:08:06'
-      Signature: 0a835e40cdb627d4f0a0d3dbbf64a46a05c132d0b5df9d11cd9c195d7037737057d57a342732ae68d67de47f460e7211c7c40dc29b0a079caff871c4834a9a2fc85e759de9b78659ad6fd79b7320e538e9ba5d52227ad67cc00b0a770ef662af3d743a558643ad89cfb015591709a69b6271a9b65db71898e7cb9964c6376dc474898301a6133198b486b518fdd9d7b9723dcffc441e026833f7c72e27986026c97b9184a0048b10d1fe6847ae467f02173f7a69120be780e5b6b9e6399402cc58735a31b537cc33578fbea443135a4a612359150bcf9ab316f6a9248bc71ef3f3480b9b3fa2341692bc3a121d80214688f7bd87d5ec56dcbd0ea61abf2c7ed2b739a07590adb596d401735d955f5f94c591d69ab4363a42f9fca549d439495711ff7990448c03724792ed4acf31f2b35b136c1b2f37aa82b1aabf7daf059dcb2e976e95311ec6e9cc53876dd09632cf512d39c801849a7c1088a565691953e07c7ff17b22518e982dd2dcc0feda8c834ca1f5e247aef1c3af5f13cd4b8cc1b6c0179bc876db88d677047c34366533e349796dbdea86389ad640710b7742ae8cc4ec88f10fa80ede4b1c93f81b55480fc8228216d54813df0327e74b3db9f3512a40c0568e4215827f9b7a2613deea72a7ec4df2def05e5559015049fe83edc83300526045cb128119e131b7d3573b268e24b0a25b9ad59f6301c8fc8f409322
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 3300000057ee4d659a923e7c10000000000057
-      Version: 3
-      TBS:
-        MD5: fdc11a5676aed4e9cc0c09eeb7450dfb
-        SHA1: 4902077d9a05d4231b791d3b05bafa4a79132f03
-        SHA256: 5db56c23d83bf67c7152e28ad4a684a7372b4ae4f52afe7a81ce91eef94caec3
-        SHA384: c952d7f0e0ea5216ce4400601fb7c0829f0f3fcd6eb2b5b9112fbe45d133e00c4abd660f8e1794f7ac4ef95123e2c0ab
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2014
-      ValidFrom: '2014-10-15 20:31:27'
-      ValidTo: '2029-10-15 20:41:27'
-      Signature: 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 330000000d690d5d7893d076df00000000000d
-      Version: 3
-      TBS:
-        MD5: 83f69422963f11c3c340b81712eef319
-        SHA1: 0c5e5f24590b53bc291e28583acb78e5adc95601
-        SHA256: d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
-        SHA384: 260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63
-    Signer:
-    - SerialNumber: 3300000057ee4d659a923e7c10000000000057
-      Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2014
-      Version: 1
-  Imphash: ce10082e1aa4c1c2bd953b4a7208e56a
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: malicious
+Commands:
+    Command: sc.exe create LcTkA.sys binPath=C:\windows\temp\LcTkA.sys type=kernel
+        && sc.exe start LcTkA.sys
+    Description: "SentinelOne has observed prominent threat actors abusing legitimately\
+        \ signed Microsoft drivers in active intrusions into telecommunication, BPO,\
+        \ MSSP, and financial services businesses.\nInvestigations into these intrusions\
+        \ led to the discovery of POORTRY and STONESTOP malware, part of a small toolkit\
+        \ designed to terminate AV and EDR processes.\nWe first reported our discovery\
+        \ to Microsoft\u2019s Security Response Center (MSRC) in October 2022 and\
+        \ received an official case number (75361). Today, MSRC released an associated\
+        \ advisory under ADV220005.\nThis research is being released alongside Mandiant,\
+        \ a SentinelOne technology and incident response partner. "
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://www.sentinelone.com/labs/driving-through-defenses-targeted-attacks-leverage-signed-malicious-microsoft-drivers/
 - ''
-Tags:
-- LcTkA.sys
-Verified: 'TRUE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: b663d79a688800d84065ccc2809874b7
+        SHA1: 46a9d9e9904ba5f4c011ad69d0795969c721c662
+        SHA256: 675329ef7a63a7c58d3daa6cb5c6e299143decec7a149c36a6bfe204bbf0407e
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2022-10-02 13:48:02'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: LcTkA.sys
+    ImportedFunctions:
+    - KeInitializeEvent
+    - HalReturnToFirmware
+    - ExAllocatePool
+    - NtQuerySystemInformation
+    - ExFreePoolWithTag
+    - IoAllocateMdl
+    - MmProbeAndLockPages
+    - MmMapLockedPagesSpecifyCache
+    - MmUnlockPages
+    - IoFreeMdl
+    - KeQueryActiveProcessors
+    - KeSetSystemAffinityThread
+    - KeRevertToUserAffinityThread
+    - DbgPrint
+    - KeQueryPerformanceCounter
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: 909f3fc221acbe999483c87d9ead024a
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: ffdf660eb1ebf020a1d0a55a90712dfb
+        SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
+        SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
+    SHA1: b2f955b3e6107f831ebe67997f8586d4fe9f3e98
+    SHA256: c8f9e1ad7b8cce62fba349a00bc168c849d42cfb2ca5b2c6cc4b51d054e0c497
+    Sections:
+        .text:
+            Entropy: 0.0
+            Virtual Size: '0x266e'
+        .rdata:
+            Entropy: 0.0
+            Virtual Size: '0x68c'
+        .data:
+            Entropy: 0.0
+            Virtual Size: '0x78'
+        .pdata:
+            Entropy: 0.0
+            Virtual Size: '0x18c'
+        INIT:
+            Entropy: 0.0
+            Virtual Size: '0x550'
+        ."!b:
+            Entropy: 0.0
+            Virtual Size: '0x14e2da'
+        .t{f:
+            Entropy: 0.8144190015462619
+            Virtual Size: '0x280'
+        .Kl$:
+            Entropy: 7.704385920634162
+            Virtual Size: '0x2968c0'
+        .reloc:
+            Entropy: 3.7856601791711784
+            Virtual Size: '0xc4'
+    Signature:
+    - Microsoft Windows Hardware Compatibility Publisher
+    - Microsoft Windows Third Party Component CA 2014
+    - Microsoft Root Certificate Authority 2010
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Hardware Compatibility Publisher
+            ValidFrom: '2022-06-07 18:08:06'
+            ValidTo: '2023-06-01 18:08:06'
+            Signature: 0a835e40cdb627d4f0a0d3dbbf64a46a05c132d0b5df9d11cd9c195d7037737057d57a342732ae68d67de47f460e7211c7c40dc29b0a079caff871c4834a9a2fc85e759de9b78659ad6fd79b7320e538e9ba5d52227ad67cc00b0a770ef662af3d743a558643ad89cfb015591709a69b6271a9b65db71898e7cb9964c6376dc474898301a6133198b486b518fdd9d7b9723dcffc441e026833f7c72e27986026c97b9184a0048b10d1fe6847ae467f02173f7a69120be780e5b6b9e6399402cc58735a31b537cc33578fbea443135a4a612359150bcf9ab316f6a9248bc71ef3f3480b9b3fa2341692bc3a121d80214688f7bd87d5ec56dcbd0ea61abf2c7ed2b739a07590adb596d401735d955f5f94c591d69ab4363a42f9fca549d439495711ff7990448c03724792ed4acf31f2b35b136c1b2f37aa82b1aabf7daf059dcb2e976e95311ec6e9cc53876dd09632cf512d39c801849a7c1088a565691953e07c7ff17b22518e982dd2dcc0feda8c834ca1f5e247aef1c3af5f13cd4b8cc1b6c0179bc876db88d677047c34366533e349796dbdea86389ad640710b7742ae8cc4ec88f10fa80ede4b1c93f81b55480fc8228216d54813df0327e74b3db9f3512a40c0568e4215827f9b7a2613deea72a7ec4df2def05e5559015049fe83edc83300526045cb128119e131b7d3573b268e24b0a25b9ad59f6301c8fc8f409322
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 3300000057ee4d659a923e7c10000000000057
+            Version: 3
+            TBS:
+                MD5: fdc11a5676aed4e9cc0c09eeb7450dfb
+                SHA1: 4902077d9a05d4231b791d3b05bafa4a79132f03
+                SHA256: 5db56c23d83bf67c7152e28ad4a684a7372b4ae4f52afe7a81ce91eef94caec3
+                SHA384: c952d7f0e0ea5216ce4400601fb7c0829f0f3fcd6eb2b5b9112fbe45d133e00c4abd660f8e1794f7ac4ef95123e2c0ab
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2014
+            ValidFrom: '2014-10-15 20:31:27'
+            ValidTo: '2029-10-15 20:41:27'
+            Signature: 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 330000000d690d5d7893d076df00000000000d
+            Version: 3
+            TBS:
+                MD5: 83f69422963f11c3c340b81712eef319
+                SHA1: 0c5e5f24590b53bc291e28583acb78e5adc95601
+                SHA256: d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
+                SHA384: 260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63
+        Signer:
+        -   SerialNumber: 3300000057ee4d659a923e7c10000000000057
+            Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2014
+            Version: 1
+    Imphash: ce10082e1aa4c1c2bd953b4a7208e56a
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/d9e00cc7-a8f4-4390-a6dc-0f5423e97da4.yaml b/yaml/d9e00cc7-a8f4-4390-a6dc-0f5423e97da4.yaml
index 6bd5ba643..29fba9f3f 100644
--- a/yaml/d9e00cc7-a8f4-4390-a6dc-0f5423e97da4.yaml
+++ b/yaml/d9e00cc7-a8f4-4390-a6dc-0f5423e97da4.yaml
@@ -1,204 +1,204 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: d9e00cc7-a8f4-4390-a6dc-0f5423e97da4
+Tags:
+- mydrivers.sys
+Verified: 'FALSE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create mydrivers.sys binPath=C:\windows\temp\mydrivers.sys type=kernel
-    && sc.exe start mydrivers.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/08eb2d2aa25c5f0af4e72a7e0126735536f6c2c05e9c7437282171afe5e322c6.yara
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: d9e00cc7-a8f4-4390-a6dc-0f5423e97da4
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 74a1e675b4fd736298bc24d082684b0e
-    SHA1: c57e38ce02ba45c3ad886faff98fe346560b1f5e
-    SHA256: a689804c4e6e9aa07d48f9c99b7a1be6b05cba1c632b1a083b8031f6e1651c28
-  Company: MyDrivers.com
-  Copyright: Copyright MyDrivers.com all right
-  CreationTimestamp: '2016-07-07 03:47:37'
-  Date: ''
-  Description: DriverGenius Hardware monitor
-  ExportedFunctions: ''
-  FileVersion: 9.2.707.1214
-  Filename: mydrivers.sys
-  ImportedFunctions:
-  - WRITE_REGISTER_BUFFER_USHORT
-  - WRITE_REGISTER_BUFFER_ULONG
-  - IofCompleteRequest
-  - WRITE_REGISTER_BUFFER_UCHAR
-  - IoCreateDevice
-  - KeTickCount
-  - MmMapIoSpace
-  - READ_REGISTER_BUFFER_ULONG
-  - READ_REGISTER_BUFFER_USHORT
-  - READ_REGISTER_BUFFER_UCHAR
-  - MmUnmapIoSpace
-  - RtlInitUnicodeString
-  - IoDeleteSymbolicLink
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - RtlUnwind
-  - KeBugCheckEx
-  - HalGetBusDataByOffset
-  - WRITE_PORT_ULONG
-  - WRITE_PORT_USHORT
-  - WRITE_PORT_UCHAR
-  - READ_PORT_ULONG
-  - READ_PORT_USHORT
-  - READ_PORT_UCHAR
-  - HalSetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: HWM
-  MD5: 507a649eb585d8d0447eab0532ef0c73
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: mydrivers.sys
-  Product: DriverGenius
-  ProductVersion: 2016.7.7.1214
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 32723c8062c08c35296c3e94f2b13cca
-    SHA1: ccb30ac21cfd87ec3d5f72a3e00fc7272f6bedd9
-    SHA256: 08f465c1cc08c882dc26c9b12af153532f5fc848ddb5dd7731009af08ece586c
-  SHA1: 7859e75580570e23a1ef7208b9a76f81738043d5
-  SHA256: 08eb2d2aa25c5f0af4e72a7e0126735536f6c2c05e9c7437282171afe5e322c6
-  Sections:
-    .text:
-      Entropy: 6.200805818650461
-      Virtual Size: '0xaf2'
-    .rdata:
-      Entropy: 4.072413187793462
-      Virtual Size: '0x1b4'
-    .data:
-      Entropy: 2.9182958340544896
-      Virtual Size: '0xc'
-    INIT:
-      Entropy: 5.469889098051007
-      Virtual Size: '0x336'
-    .rsrc:
-      Entropy: 3.2912171468929072
-      Virtual Size: '0x368'
-    .reloc:
-      Entropy: 4.766376236187827
-      Virtual Size: '0xcc'
-  Signature:
-  - Beijing Kingsoft Security software Co.,Ltd
-  - VeriSign Class 3 Code Signing 2010 CA
-  - VeriSign
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=CN, ST=BeiJing, L=BeiJing, O=Beijing Kingsoft Security software Co.,Ltd,
-        OU=OPS, CN=Beijing Kingsoft Security software Co.,Ltd
-      ValidFrom: '2015-12-22 00:00:00'
-      ValidTo: '2017-02-19 23:59:59'
-      Signature: 4eddc641407750a5260530bf6d19afcce9c2b4f8aef8a03486e9622e51669745b3d7d5120b61abac108ede47697e58e0dd0b0d5d688831194584a6a1f3c97096a911e4a1aac543bdb073d20de64425e940f6311a69578bffae7f7499e857c990e07be4126efca2d85f12b01760e6225d1c9e364d8dca8863975c164d84a07716d738ec322c7b37a3945bbf3c5667c71ef27c44da856356f606c067811a11da51647286c76b0519dfa117193d7f9556a8f0a186bafa4755f4eb5b598e04e6756952b7d0a8147f8cc70219bc4ec419cb2af59c3dcff5f935749c6079e6ab47cc7a4008b630c2ece745f71b8767668afaabd57a8706e4500ca53838d7ab098d38b9
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 6e744ece6b39ec11594755543471d551
-      Version: 3
-      TBS:
-        MD5: b218a6fff9e73602305f03f2c3576eef
-        SHA1: 00b719f4564f0a20557032fa40d29d7ce5d8c219
-        SHA256: fa07361993689f7b7efc3c70dfd3475bc6baf6c1c79eb80aeebe57591b1694a7
-        SHA384: 8f38237beb00e430ef6bc85f7f2b46624ddc2e88ed0e71e7056bd33048c54f014ccac86a6c9465d12ccfe5613820a05c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 6e744ece6b39ec11594755543471d551
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: a1d29a3af6402793ec9d23883512938a
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create mydrivers.sys binPath=C:\windows\temp\mydrivers.sys type=kernel
+        && sc.exe start mydrivers.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules
-Tags:
-- mydrivers.sys
-Verified: 'FALSE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/08eb2d2aa25c5f0af4e72a7e0126735536f6c2c05e9c7437282171afe5e322c6.yara
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 74a1e675b4fd736298bc24d082684b0e
+        SHA1: c57e38ce02ba45c3ad886faff98fe346560b1f5e
+        SHA256: a689804c4e6e9aa07d48f9c99b7a1be6b05cba1c632b1a083b8031f6e1651c28
+    Company: MyDrivers.com
+    Copyright: Copyright MyDrivers.com all right
+    CreationTimestamp: '2016-07-07 03:47:37'
+    Date: ''
+    Description: DriverGenius Hardware monitor
+    ExportedFunctions: ''
+    FileVersion: 9.2.707.1214
+    Filename: mydrivers.sys
+    ImportedFunctions:
+    - WRITE_REGISTER_BUFFER_USHORT
+    - WRITE_REGISTER_BUFFER_ULONG
+    - IofCompleteRequest
+    - WRITE_REGISTER_BUFFER_UCHAR
+    - IoCreateDevice
+    - KeTickCount
+    - MmMapIoSpace
+    - READ_REGISTER_BUFFER_ULONG
+    - READ_REGISTER_BUFFER_USHORT
+    - READ_REGISTER_BUFFER_UCHAR
+    - MmUnmapIoSpace
+    - RtlInitUnicodeString
+    - IoDeleteSymbolicLink
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - RtlUnwind
+    - KeBugCheckEx
+    - HalGetBusDataByOffset
+    - WRITE_PORT_ULONG
+    - WRITE_PORT_USHORT
+    - WRITE_PORT_UCHAR
+    - READ_PORT_ULONG
+    - READ_PORT_USHORT
+    - READ_PORT_UCHAR
+    - HalSetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: HWM
+    MD5: 507a649eb585d8d0447eab0532ef0c73
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: mydrivers.sys
+    Product: DriverGenius
+    ProductVersion: 2016.7.7.1214
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 32723c8062c08c35296c3e94f2b13cca
+        SHA1: ccb30ac21cfd87ec3d5f72a3e00fc7272f6bedd9
+        SHA256: 08f465c1cc08c882dc26c9b12af153532f5fc848ddb5dd7731009af08ece586c
+    SHA1: 7859e75580570e23a1ef7208b9a76f81738043d5
+    SHA256: 08eb2d2aa25c5f0af4e72a7e0126735536f6c2c05e9c7437282171afe5e322c6
+    Sections:
+        .text:
+            Entropy: 6.200805818650461
+            Virtual Size: '0xaf2'
+        .rdata:
+            Entropy: 4.072413187793462
+            Virtual Size: '0x1b4'
+        .data:
+            Entropy: 2.9182958340544896
+            Virtual Size: '0xc'
+        INIT:
+            Entropy: 5.469889098051007
+            Virtual Size: '0x336'
+        .rsrc:
+            Entropy: 3.2912171468929072
+            Virtual Size: '0x368'
+        .reloc:
+            Entropy: 4.766376236187827
+            Virtual Size: '0xcc'
+    Signature:
+    - Beijing Kingsoft Security software Co.,Ltd
+    - VeriSign Class 3 Code Signing 2010 CA
+    - VeriSign
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=CN, ST=BeiJing, L=BeiJing, O=Beijing Kingsoft Security software
+                Co.,Ltd, OU=OPS, CN=Beijing Kingsoft Security software Co.,Ltd
+            ValidFrom: '2015-12-22 00:00:00'
+            ValidTo: '2017-02-19 23:59:59'
+            Signature: 4eddc641407750a5260530bf6d19afcce9c2b4f8aef8a03486e9622e51669745b3d7d5120b61abac108ede47697e58e0dd0b0d5d688831194584a6a1f3c97096a911e4a1aac543bdb073d20de64425e940f6311a69578bffae7f7499e857c990e07be4126efca2d85f12b01760e6225d1c9e364d8dca8863975c164d84a07716d738ec322c7b37a3945bbf3c5667c71ef27c44da856356f606c067811a11da51647286c76b0519dfa117193d7f9556a8f0a186bafa4755f4eb5b598e04e6756952b7d0a8147f8cc70219bc4ec419cb2af59c3dcff5f935749c6079e6ab47cc7a4008b630c2ece745f71b8767668afaabd57a8706e4500ca53838d7ab098d38b9
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 6e744ece6b39ec11594755543471d551
+            Version: 3
+            TBS:
+                MD5: b218a6fff9e73602305f03f2c3576eef
+                SHA1: 00b719f4564f0a20557032fa40d29d7ce5d8c219
+                SHA256: fa07361993689f7b7efc3c70dfd3475bc6baf6c1c79eb80aeebe57591b1694a7
+                SHA384: 8f38237beb00e430ef6bc85f7f2b46624ddc2e88ed0e71e7056bd33048c54f014ccac86a6c9465d12ccfe5613820a05c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 6e744ece6b39ec11594755543471d551
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: a1d29a3af6402793ec9d23883512938a
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/d9f2c3d6-160c-4eb3-8547-894fcf810342.yaml b/yaml/d9f2c3d6-160c-4eb3-8547-894fcf810342.yaml
index 9f9e21b97..a29690f10 100644
--- a/yaml/d9f2c3d6-160c-4eb3-8547-894fcf810342.yaml
+++ b/yaml/d9f2c3d6-160c-4eb3-8547-894fcf810342.yaml
@@ -1,227 +1,228 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: d9f2c3d6-160c-4eb3-8547-894fcf810342
+Tags:
+- driver7-x86-withoutdbg.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create driver7-x86-withoutdbg.sys binPath=C:\windows\temp\driver7-x86-withoutdbg.sys     type=kernel
-    && sc.exe start driver7-x86-withoutdbg.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/927c2a580d51a598177fa54c65e9d2610f5f212f1b6cb2fbf2740b64368f010a.yara
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: d9f2c3d6-160c-4eb3-8547-894fcf810342
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 7776703e27df791bf1d4af2acb94115d
-    SHA1: 8c08885be9ec2ad64537038f6dca6654e475106a
-    SHA256: baa89ffd5255e5c72112ed57937353ae48a050c9af423cbde6b380978ecc235c
-  Company: ASUStek
-  Copyright: 'Copyright '
-  CreationTimestamp: '2013-03-21 06:35:36'
-  Date: ''
-  Description: The driver for the ECtool driver-based tools
-  ExportedFunctions: ''
-  FileVersion: 2.5.0.2
-  Filename: driver7-x86-withoutdbg.sys
-  ImportedFunctions:
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - RtlInitUnicodeString
-  - ZwUnmapViewOfSection
-  - MmGetPhysicalAddress
-  - ObfDereferenceObject
-  - ZwMapViewOfSection
-  - IoWMIOpenBlock
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeTickCount
-  - KeBugCheckEx
-  - ZwClose
-  - memset
-  - memcpy
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - RtlAssert
-  - IofCompleteRequest
-  - IoWMIQueryAllData
-  - DbgPrint
-  - HalTranslateBusAddress
-  - WRITE_PORT_ULONG
-  - READ_PORT_ULONG
-  - WRITE_PORT_USHORT
-  - READ_PORT_USHORT
-  - WRITE_PORT_UCHAR
-  - READ_PORT_UCHAR
-  - KeGetCurrentIrql
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: Driver7.sys
-  MD5: 4f191abc652d8f7442ca2636725e1ed6
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: Driver7
-  Product: EC tool
-  ProductVersion: '2.5'
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: c22861539504f6c66aa08576abbb4eaa
-    SHA1: d4945351b9a5348ebf6709e7dede84691d5d34c5
-    SHA256: 7935f1f7091f605cfe6fffbb94de394435ac3448f62a031099b3b1fb3eca7c43
-  SHA1: 4243dbbf6e5719d723f24d0f862afd0fcb40bc35
-  SHA256: 927c2a580d51a598177fa54c65e9d2610f5f212f1b6cb2fbf2740b64368f010a
-  Sections:
-    .text:
-      Entropy: 6.150604069031463
-      Virtual Size: '0x5585'
-    .rdata:
-      Entropy: 4.184831170165224
-      Virtual Size: '0x14e'
-    .data:
-      Entropy: 2.9738513896100436
-      Virtual Size: '0x24'
-    PAGE:
-      Entropy: 5.321075488184404
-      Virtual Size: '0xdc'
-    INIT:
-      Entropy: 5.874768242109667
-      Virtual Size: '0x59e'
-    .rsrc:
-      Entropy: 3.251515813633504
-      Virtual Size: '0x398'
-    .reloc:
-      Entropy: 5.946967872900435
-      Virtual Size: '0x4d8'
-  Signature:
-  - ASUSTeK Computer Inc.
-  - VeriSign Class 3 Code Signing 2010 CA
-  - VeriSign
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=TW, ST=Taiwan, L=Taipei / Peitou, O=ASUSTeK Computer Inc., OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=Quality Testing Department,
-        CN=ASUSTeK Computer Inc.
-      ValidFrom: '2012-07-31 00:00:00'
-      ValidTo: '2015-08-03 23:59:59'
-      Signature: 03cd161c1960e13d0b06441f08fdfc9df8319f8d87a83ecc865bc20767841d4087e40dc9d770bdc5c0fe6ccb9cf3e08bee7364451b03fb3130356761cae54417e8a282ed7cd33b0becd72e8799b616a2766976a7172a1cc299e8321ebeb479f592e03f425da4b2ea6a0cd0b5cc32b9bdeec80aa3ef0a62d6e16b72765301d53ef883ab9210a4b868ff2e2724e37804feb5277d3e26da8ba9d0b6ef61769d1c0f62a78757779d7134a63320b1a692584f12162d3fa20ec6e1b038b1a8d7afc2fad7b692759c6a000159714271f40d608fed3c08213b757fa75baf4674380f5aea46b7125f17532c636876c1f3e0d4b0350822f2a640001fda794b969e2cc681c2
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 7d08d9bc130726de26ee4ef28e133084
-      Version: 3
-      TBS:
-        MD5: 72cafb0a175f0481177fa2c9803283c7
-        SHA1: b603167b958c5fcd7094552891ddc4e2ea4c149f
-        SHA256: a36a0024075771a4b30eab8f1288817059fe1a01003d0c1d92f647df17f3b688
-        SHA384: 33c28dc6857ce5d20a2e9ba8a47f6bc80a9a98fba518fd732963bedbbb408848b89b3d8438d413f8b933ee761ffa1653
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 7d08d9bc130726de26ee4ef28e133084
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 10cb3185e13390f8931a50a131448cdf
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create driver7-x86-withoutdbg.sys binPath=C:\windows\temp\driver7-x86-withoutdbg.sys     type=kernel
+        && sc.exe start driver7-x86-withoutdbg.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://github.com/Chigusa0w0/AsusDriversPrivEscala
-Tags:
-- driver7-x86-withoutdbg.sys
-Verified: 'TRUE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/927c2a580d51a598177fa54c65e9d2610f5f212f1b6cb2fbf2740b64368f010a.yara
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 7776703e27df791bf1d4af2acb94115d
+        SHA1: 8c08885be9ec2ad64537038f6dca6654e475106a
+        SHA256: baa89ffd5255e5c72112ed57937353ae48a050c9af423cbde6b380978ecc235c
+    Company: ASUStek
+    Copyright: 'Copyright '
+    CreationTimestamp: '2013-03-21 06:35:36'
+    Date: ''
+    Description: The driver for the ECtool driver-based tools
+    ExportedFunctions: ''
+    FileVersion: 2.5.0.2
+    Filename: driver7-x86-withoutdbg.sys
+    ImportedFunctions:
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - RtlInitUnicodeString
+    - ZwUnmapViewOfSection
+    - MmGetPhysicalAddress
+    - ObfDereferenceObject
+    - ZwMapViewOfSection
+    - IoWMIOpenBlock
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeTickCount
+    - KeBugCheckEx
+    - ZwClose
+    - memset
+    - memcpy
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - RtlAssert
+    - IofCompleteRequest
+    - IoWMIQueryAllData
+    - DbgPrint
+    - HalTranslateBusAddress
+    - WRITE_PORT_ULONG
+    - READ_PORT_ULONG
+    - WRITE_PORT_USHORT
+    - READ_PORT_USHORT
+    - WRITE_PORT_UCHAR
+    - READ_PORT_UCHAR
+    - KeGetCurrentIrql
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: Driver7.sys
+    MD5: 4f191abc652d8f7442ca2636725e1ed6
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: Driver7
+    Product: EC tool
+    ProductVersion: '2.5'
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: c22861539504f6c66aa08576abbb4eaa
+        SHA1: d4945351b9a5348ebf6709e7dede84691d5d34c5
+        SHA256: 7935f1f7091f605cfe6fffbb94de394435ac3448f62a031099b3b1fb3eca7c43
+    SHA1: 4243dbbf6e5719d723f24d0f862afd0fcb40bc35
+    SHA256: 927c2a580d51a598177fa54c65e9d2610f5f212f1b6cb2fbf2740b64368f010a
+    Sections:
+        .text:
+            Entropy: 6.150604069031463
+            Virtual Size: '0x5585'
+        .rdata:
+            Entropy: 4.184831170165224
+            Virtual Size: '0x14e'
+        .data:
+            Entropy: 2.9738513896100436
+            Virtual Size: '0x24'
+        PAGE:
+            Entropy: 5.321075488184404
+            Virtual Size: '0xdc'
+        INIT:
+            Entropy: 5.874768242109667
+            Virtual Size: '0x59e'
+        .rsrc:
+            Entropy: 3.251515813633504
+            Virtual Size: '0x398'
+        .reloc:
+            Entropy: 5.946967872900435
+            Virtual Size: '0x4d8'
+    Signature:
+    - ASUSTeK Computer Inc.
+    - VeriSign Class 3 Code Signing 2010 CA
+    - VeriSign
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=TW, ST=Taiwan, L=Taipei / Peitou, O=ASUSTeK Computer Inc.,
+                OU=Digital ID Class 3 , Microsoft Software Validation v2, OU=Quality
+                Testing Department, CN=ASUSTeK Computer Inc.
+            ValidFrom: '2012-07-31 00:00:00'
+            ValidTo: '2015-08-03 23:59:59'
+            Signature: 03cd161c1960e13d0b06441f08fdfc9df8319f8d87a83ecc865bc20767841d4087e40dc9d770bdc5c0fe6ccb9cf3e08bee7364451b03fb3130356761cae54417e8a282ed7cd33b0becd72e8799b616a2766976a7172a1cc299e8321ebeb479f592e03f425da4b2ea6a0cd0b5cc32b9bdeec80aa3ef0a62d6e16b72765301d53ef883ab9210a4b868ff2e2724e37804feb5277d3e26da8ba9d0b6ef61769d1c0f62a78757779d7134a63320b1a692584f12162d3fa20ec6e1b038b1a8d7afc2fad7b692759c6a000159714271f40d608fed3c08213b757fa75baf4674380f5aea46b7125f17532c636876c1f3e0d4b0350822f2a640001fda794b969e2cc681c2
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 7d08d9bc130726de26ee4ef28e133084
+            Version: 3
+            TBS:
+                MD5: 72cafb0a175f0481177fa2c9803283c7
+                SHA1: b603167b958c5fcd7094552891ddc4e2ea4c149f
+                SHA256: a36a0024075771a4b30eab8f1288817059fe1a01003d0c1d92f647df17f3b688
+                SHA384: 33c28dc6857ce5d20a2e9ba8a47f6bc80a9a98fba518fd732963bedbbb408848b89b3d8438d413f8b933ee761ffa1653
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 7d08d9bc130726de26ee4ef28e133084
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 10cb3185e13390f8931a50a131448cdf
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/da7314dc-6cf1-4d74-a0d1-796fc08944f8.yaml b/yaml/da7314dc-6cf1-4d74-a0d1-796fc08944f8.yaml
index ca49e9509..bc598ea13 100644
--- a/yaml/da7314dc-6cf1-4d74-a0d1-796fc08944f8.yaml
+++ b/yaml/da7314dc-6cf1-4d74-a0d1-796fc08944f8.yaml
@@ -1,3340 +1,3342 @@
 Id: da7314dc-6cf1-4d74-a0d1-796fc08944f8
+Tags:
+- windbg.sys
+Verified: 'TRUE'
 Author: Michael Haag
 Created: '2023-05-20'
 MitreID: T1068
 Category: malicious
-Verified: 'TRUE'
 Commands:
-  Command: sc.exe create windbg.sys binPath=C:\windows\temp\windbg.sys type=kernel
-    && sc.exe start windbg.sys
-  Description: "These samples are related to CopperStealth campaign found by TrendMicro.\
-    \ CopperStealth\u2019s infection chain involves dropping and loading a rootkit,\
-    \ which later injects its payload into explorer.exe and another system process.\
-    \ These payloads are responsible for downloading and running additional tasks.\
-    \ The rootkit also blocks access to blocklisted registry keys and prevents certain\
-    \ executables and drivers from running."
-  Usecase: Elevate privileges
-  Privileges: kernel
-  OperatingSystem: Windows 10
+    Command: sc.exe create windbg.sys binPath=C:\windows\temp\windbg.sys type=kernel
+        && sc.exe start windbg.sys
+    Description: "These samples are related to CopperStealth campaign found by TrendMicro.\
+        \ CopperStealth\u2019s infection chain involves dropping and loading a rootkit,\
+        \ which later injects its payload into explorer.exe and another system process.\
+        \ These payloads are responsible for downloading and running additional tasks.\
+        \ The rootkit also blocks access to blocklisted registry keys and prevents\
+        \ certain executables and drivers from running."
+    Usecase: Elevate privileges
+    Privileges: kernel
+    OperatingSystem: Windows 10
 Resources:
 - https://www.trendmicro.com/en_us/research/23/e/water-orthrus-new-campaigns-deliver-rootkit-and-phishing-modules.html
-Acknowledgement:
-  Person: ''
-  Handle: ''
 Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/139f8412a7c6fdc43dcfbbcdba256ee55654eb36a40f338249d5162a1f69b988.yara
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/5b932eab6c67f62f097a3249477ac46d80ddccdc52654f8674060b4ddf638e5d.yara
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/6994b32e3f3357f4a1d0abe81e8b62dd54e36b17816f2f1a80018584200a1b77.yara
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/32882949ea084434a376451ff8364243a50485a3b4af2f2240bb5f20c164543d.yara
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/50819a1add4c81c0d53203592d6803f022443440935ff8260ff3b6d5253c0c76.yara
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/770f33259d6fb10f4a32d8a57d0d12953e8455c72bb7b60cb39ce505c507013a.yara
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/86047bb1969d1db455493955fd450d18c62a3f36294d0a6c3732c88dfbcc4f62.yara
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/bb2422e96ea993007f25c71d55b2eddfa1e940c89e895abb50dd07d7c17ca1df.yara
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/06c5ebd0371342d18bc81a96f5e5ce28de64101e3c2fd0161d0b54d8368d2f1f.yara
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/6661320f779337b95bbbe1943ee64afb2101c92f92f3d1571c1bf4201c38c724.yara
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/f9f2091fccb289bcf6a945f6b38676ec71dedb32f3674262928ccaf840ca131a.yara
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/e6f764c3b5580cd1675cbf184938ad5a201a8c096607857869bd7c3399df0d12.yara
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/e1cb86386757b947b39086cc8639da988f6e8018ca9995dd669bdc03c8d39d7d.yara
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/4734a0a5d88f44a4939b8d812364cab6ca5f611b9b8ceebe27df6c1ed3a6d8a4.yara
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/ea50f22daade04d3ca06dedb497b905215cba31aae7b4cab4b533fda0c5be620.yara
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/fa9abb3e7e06f857be191a1e049dd37642ec41fb2520c105df2227fcac3de5d5.yara
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/f936ec4c8164cbd31add659b61c16cb3a717eac90e74d89c47afb96b60120280.yara
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_mal_drivers_strict.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/139f8412a7c6fdc43dcfbbcdba256ee55654eb36a40f338249d5162a1f69b988.yara
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/5b932eab6c67f62f097a3249477ac46d80ddccdc52654f8674060b4ddf638e5d.yara
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/6994b32e3f3357f4a1d0abe81e8b62dd54e36b17816f2f1a80018584200a1b77.yara
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/32882949ea084434a376451ff8364243a50485a3b4af2f2240bb5f20c164543d.yara
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/50819a1add4c81c0d53203592d6803f022443440935ff8260ff3b6d5253c0c76.yara
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/770f33259d6fb10f4a32d8a57d0d12953e8455c72bb7b60cb39ce505c507013a.yara
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/86047bb1969d1db455493955fd450d18c62a3f36294d0a6c3732c88dfbcc4f62.yara
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/bb2422e96ea993007f25c71d55b2eddfa1e940c89e895abb50dd07d7c17ca1df.yara
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/06c5ebd0371342d18bc81a96f5e5ce28de64101e3c2fd0161d0b54d8368d2f1f.yara
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/6661320f779337b95bbbe1943ee64afb2101c92f92f3d1571c1bf4201c38c724.yara
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/f9f2091fccb289bcf6a945f6b38676ec71dedb32f3674262928ccaf840ca131a.yara
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/e6f764c3b5580cd1675cbf184938ad5a201a8c096607857869bd7c3399df0d12.yara
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/e1cb86386757b947b39086cc8639da988f6e8018ca9995dd669bdc03c8d39d7d.yara
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/4734a0a5d88f44a4939b8d812364cab6ca5f611b9b8ceebe27df6c1ed3a6d8a4.yara
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/ea50f22daade04d3ca06dedb497b905215cba31aae7b4cab4b533fda0c5be620.yara
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/fa9abb3e7e06f857be191a1e049dd37642ec41fb2520c105df2227fcac3de5d5.yara
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/f936ec4c8164cbd31add659b61c16cb3a717eac90e74d89c47afb96b60120280.yara
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_mal_drivers_strict.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Person: ''
+    Handle: ''
 KnownVulnerableSamples:
-- Filename: windbg.sys
-  MD5: 40f35792e7565aa047796758a3ce1b77
-  SHA1: 6df35a0c2f6d7d39d24277137ea840078dafb812
-  SHA256: 139f8412a7c6fdc43dcfbbcdba256ee55654eb36a40f338249d5162a1f69b988
-  Signature: ''
-  Date: ''
-  Publisher: ''
-  Company: Microsoft Corporation
-  Description: Windows GUI symbolic debugger
-  Product: Microsoft? Windows? Operating System
-  ProductVersion: 10.0.19041.685
-  FileVersion: 10.0.19041.685 (WinBuild.160101.0800)
-  MachineType: AMD64
-  OriginalFilename: windbg.sys
-  Authentihash:
-    MD5: 3a2404b8c4c87facf5316e4ff16bd603
-    SHA1: ff3d240cf0faeafb37f176b71151dd83b2177a0e
-    SHA256: e307ebe2d43cc8e290e5ade032a6e38bc6961439f92d6e99b954bf1368a975ef
-  InternalName: windbg.sys
-  Copyright: '? Microsoft Corporation. All rights reserved.'
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - ExAllocatePoolWithTag
-  - PsProcessType
-  - IoGetLowerDeviceObject
-  - ExFreePoolWithTag
-  - IoRegisterShutdownNotification
-  - IoAttachDeviceToDeviceStackSafe
-  - PsLookupProcessByProcessId
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - MmGetSystemRoutineAddress
-  - IoDetachDevice
-  - KeDelayExecutionThread
-  - IoUnregisterShutdownNotification
-  - ZwClose
-  - IoGetAttachedDeviceReference
-  - PsGetCurrentProcessId
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - IoEnumerateDeviceObjectList
-  - IoUnregisterFsRegistrationChange
-  - ObOpenObjectByPointer
-  - IoRegisterFsRegistrationChange
-  - IofCallDriver
-  - MmUnmapLockedPages
-  - _wcsicmp
-  - PsGetProcessPeb
-  - ZwCreateKey
-  - RtlCreateUnicodeString
-  - MmMapLockedPages
-  - PsSetLoadImageNotifyRoutine
-  - _wcsnicmp
-  - ZwReadFile
-  - IoCreateFile
-  - ZwDeleteValueKey
-  - ZwSetValueKey
-  - RtlEqualUnicodeString
-  - MmBuildMdlForNonPagedPool
-  - IoFreeMdl
-  - RtlFreeUnicodeString
-  - ObQueryNameString
-  - ZwQueryValueKey
-  - _vsnwprintf
-  - RtlRandom
-  - PsRemoveLoadImageNotifyRoutine
-  - ZwFlushKey
-  - MmCreateMdl
-  - ZwDeleteFile
-  - PsGetVersion
-  - CmRegisterCallback
-  - RtlCopyUnicodeString
-  - MmIsAddressValid
-  - CmUnRegisterCallback
-  - ZwQueryInformationFile
-  - ZwWriteFile
-  - ZwDeleteKey
-  - ZwEnumerateKey
-  - ZwAllocateVirtualMemory
-  - ZwOpenKey
-  - KeUnstackDetachProcess
-  - ZwWaitForSingleObject
-  - ZwFreeVirtualMemory
-  - PsGetProcessSessionId
-  - ZwDuplicateObject
-  - ObReferenceObjectByName
-  - KeStackAttachProcess
-  - RtlSubAuthoritySid
-  - _strnicmp
-  - KeSetEvent
-  - KeInitializeEvent
-  - ZwOpenProcessTokenEx
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - ObReferenceObjectByHandle
-  - KeWaitForSingleObject
-  - PsThreadType
-  - RtlSubAuthorityCountSid
-  - ZwQueryInformationToken
-  - KeBugCheckEx
-  - strncmp
-  - strstr
-  - strchr
-  - strncpy
-  - _vsnprintf
-  - rand
-  - _stricmp
-  - ExAllocatePool
-  - IoBuildDeviceIoControlRequest
-  - IoGetRelatedDeviceObject
-  - ZwCreateFile
-  - IoFreeIrp
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - __C_specific_handler
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=CN, ST=Guangdong, L=Shenzhen, O=Shenzhen Luyoudashi Technology Co.,
-        Ltd., OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=Shenzhen
-        Luyoudashi Technology Co., Ltd.
-      ValidFrom: '2014-05-06 00:00:00'
-      ValidTo: '2015-05-06 23:59:59'
-      Signature: 14a41c7ad5dc6309c5b0390f4dbdec058fab41138c90e8a92e5316495d46210a64a3573a304cb2d791c50f3815a2b7ed11057018158311d061080686a2bd6a0a3c9097161b98e46ab15267b3bbdbd76d43d1bc9a239a24e98a6673e1b1c6ca83230ce3862e0d422f113bb3b5fb2b9254346f40c810f6e0bbc7f137f22d0d272a150eac91baf8513472d277290dfc55c7d2b22003c0fccad9a29fbceeba1586efae4bd98de245bda466f7eca00673d4418f90609b9a6c5cbf1a25a3373f2744a3974cd0ba89f9d1b23a02058dd151c0fda03ffca6a40a6d91c7678b675996b5c0c63f491428684be2367b5a60048f3543b5ddf6ba5270bbe376f5e2b62b14fe6a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 5f9e06262d2eed425c886a4709350426
-      Version: 3
-      TBS:
-        MD5: e01323d4e9f20b9c042abdd9585d2d81
-        SHA1: d1fab71f563191354037fe0bb8bf73718c721e45
-        SHA256: 9db6a214ff40e20a9785ef23e93d98de1c0f3b018703c86e6c7cd0d4ade37a14
-        SHA384: 9977259d83cbe7a02e23c446aa606f37b48ab088e375bb4f09a356fdd3abfc114eb2d22305c3d9daeaa47be4fef9f16b
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    - Subject: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo
-        RSA Time Stamping CA
-      ValidFrom: '2019-05-02 00:00:00'
-      ValidTo: '2038-01-18 23:59:59'
-      Signature: 6d5481a5335d16e1b553819175df037a320b2d258411b2b0db2a7d2a05f5bc3b27f45aa0b9495990296c61cbb550dbe27df99f00ef40c3add3e2e456f95841cff142e5107dffb0741f8fc65c09f9335eeaa01c26585cf3b4110fd5d5c3e2bcd55878bf4876e144676d8fb043100f8de4f93862bf1301c585a34cc5ccb2533095a4d6f4965608b8cd5c7f0196be72526a3b42377c1678399393949bb1dcb26d416d67cdc96f903d7f4572c11b23d6c2558466e4b3c56606f6f3d64b5eada32b428a2192fea86f5a2570628173635ea0bbd8dcd74ad33daf830638121d24872de4fc02d63e7704bc0436b5e777cb9c2e8d2318b9a3c2471df05dd6a1735705689aa7c937651dbeeabcd842834305a58ba609ffd1a194a64eaa3d09f5056cb7d2645ad82a22c24b9df1395e4cde483d9b34969a095f8efdf7b15291ce3f89f61ca1b5a9751f71bf5b435d653d50816eabf0d0d3fcb2b31fb6999626f43c798b5c64cccdee279ae5a0c00c7287c16e4d5ad31eeaf044e6326f1ceb174e94c37865203b0f41aa1fe9a1419dfeb1b8a0652a34e0dea8f93ce6c130bbc0a0632cfc5c1600a8d0c47fea119d1e06c6a66d325db438092b4907aafdec30daf1a72fcfb7fdfad0a384d9279efb016677b95610e1206ec6aeb1f9b6bac8355d33768ef17c200c2a77aeb5a20286ba29eeb45a00b18cabe3f90ac9545dd4b96a749ebd48ae98
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.12
-      IsCertificateAuthority: true
-      SerialNumber: 300f6facdd6698747ca94636a7782db9
-      Version: 3
-      TBS:
-        MD5: 63499ed59a1293b786649470e4ce0bd7
-        SHA1: 7309d8eaa65da1f3da7030c08f00a3b0a20fa908
-        SHA256: 8c8d2046b29e792e71b28705fe67c435208a336dde074a75452d98e72c734937
-        SHA384: 5dbc5eae13908fee4c4e5216f87e3e87208fff0d1052f5fa9f0856a429d6a6c422c625f2318f2f29aea26ece09c1e811
-    - Subject: 'C=GB, ST=Manchester, O=Sectigo Limited, CN=Sectigo RSA Time Stamping
-        Signer #3'
-      ValidFrom: '2022-05-11 00:00:00'
-      ValidTo: '2033-08-10 23:59:59'
-      Signature: 73daed6872cbc2b940a131bbb403a32d147b24e7b45b157da8e9fdadd1920d7c3d36a069d9f39a30daac69d67457243f7e0f3cd9f5c379256c26e88d6893cef17789397fa80405da34c314ea9f0854abffc47e966c2bd394ebb46ce0454d2cb2f73b3b5ab5c1fbd789756d987272f6f70728f3d3b2d0eb19be152c78efcd45a000e4f80476bb57c590be775490749e0b4f4dc4aa138f97af01352bcb9b1178e9f2f989043c4ee3821262ebb4440c7541c20f34b8889dc822f1136adb182f6e78adc405b4e884089307f97d83fe689834e477e5b1ce8c946cdb036d2805477e9b2ef064fbdba40331107c1afb3c1980d10b70b9555f47be3964ceb7da235432e346b232d8d22986c9155d8095af02fbb4d12e9d387c35e00f1ced1b47489c226a5582d9f2ba086503e5f129f3488a09014ca679f2a2b61a9994eb9728e1be7d1ba17ced5680a6f4223390e48453fc2afac0a797a8eab58d7acee4e04ba133ab0b76a0d56916b78e66bf5ffa1fc4a87fa7a14814910d82fcbd4d99edc9e66c36fe774399b8692d7c612feda3b049fe5bbe692491ff93fc5769924bd9053f6d8672d3a2d0c064d23a42c11a03fbd0ed9a21b83fafa6b25154d54cc5ca1f128d57c639ed5cffec9f2676ad646667e8aa30e0d2adb77db16a41276e038aa374e08a09826ebfe3f6b7bc9e0b29186881a19c3f6e16594b1409099ae6aebf6015dd86f5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.12
-      IsCertificateAuthority: false
-      SerialNumber: 0090397f9ad24a3a13f2bd915f0838a943
-      Version: 3
-      TBS:
-        MD5: 26ec2c9bfcb06fdf8a6d95f2c616fd72
-        SHA1: 635466f1432046f6fd338624c068872ab6488b12
-        SHA256: 2219bd6adf84dc8f6f04833974d150f75f5ce79cbf85788a6f7efaa4a5205839
-        SHA384: 62d3259a3af5706e5bd6ca3f7ca35c0978253facbf7bee54f61d6afdd548e39e435fb55f952dbf8ed2bd6ee0c6b69660
-    Signer:
-    - SerialNumber: 5f9e06262d2eed425c886a4709350426
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 57462998048f7ee977ca73cacd0a8a2a
-    SHA1: f1a4626b2b16389bf879d451c63ff53bca825d23
-    SHA256: 9e96e39a30076c985ce6aa3547b8279c8f471122a0b25bebde5a189d9795d427
-  Sections:
-    .text:
-      Entropy: 6.329047072816416
-      Virtual Size: '0xee62'
-    .rdata:
-      Entropy: 7.874863723842617
-      Virtual Size: '0x116164'
-    .data:
-      Entropy: 1.4228529560727312
-      Virtual Size: '0x2608'
-    .pdata:
-      Entropy: 4.838191412178099
-      Virtual Size: '0x6b4'
-    INIT:
-      Entropy: 5.354478421940713
-      Virtual Size: '0xb3c'
-    .rsrc:
-      Entropy: 3.337476767732356
-      Virtual Size: '0x400'
-    .reloc:
-      Entropy: 1.3463891478457575
-      Virtual Size: '0x174'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2023-03-07 08:50:35'
-  Imphash: 63fd1582ac2edee50f7ec7eedde38ee8
-  LoadsDespiteHVCI: 'TRUE'
-- Filename: windbg.sys
-  MD5: 093a2a635c3a27aac50efd6463f4efa1
-  SHA1: b34a012887ddab761b2298f882858fa1ff4d99f1
-  SHA256: 5b932eab6c67f62f097a3249477ac46d80ddccdc52654f8674060b4ddf638e5d
-  Signature: ''
-  Date: ''
-  Publisher: ''
-  Company: Microsoft Corporation
-  Description: Windows GUI symbolic debugger
-  Product: Microsoft? Windows? Operating System
-  ProductVersion: 10.0.19041.685
-  FileVersion: 10.0.19041.685 (WinBuild.160101.0800)
-  MachineType: I386
-  OriginalFilename: windbg.sys
-  Authentihash:
-    MD5: dab51577c44fda1574532847f4deb56c
-    SHA1: c7cb92f60ffe07d1c9bfa43ea1213f8c8f766022
-    SHA256: 6ee267fc3d0ac2662a9cfdb0ed5a2354ee09ef4c218303f20350177cae125cf7
-  InternalName: windbg.sys
-  Copyright: '? Microsoft Corporation. All rights reserved.'
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoDeleteDevice
-  - IoDetachDevice
-  - memcpy
-  - memset
-  - ZwClose
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - ObOpenObjectByPointer
-  - PsProcessType
-  - PsLookupProcessByProcessId
-  - MmGetSystemRoutineAddress
-  - RtlInitUnicodeString
-  - IofCallDriver
-  - PsGetCurrentProcessId
-  - IoGetLowerDeviceObject
-  - ObfDereferenceObject
-  - IoGetAttachedDeviceReference
-  - IoUnregisterShutdownNotification
-  - KeDelayExecutionThread
-  - IoAttachDeviceToDeviceStackSafe
-  - IoCreateDevice
-  - IoEnumerateDeviceObjectList
-  - IoRegisterShutdownNotification
-  - IoUnregisterFsRegistrationChange
-  - IoRegisterFsRegistrationChange
-  - _vsnwprintf
-  - PsGetVersion
-  - ZwAllocateVirtualMemory
-  - MmUnmapLockedPages
-  - IoFreeMdl
-  - MmMapLockedPages
-  - MmBuildMdlForNonPagedPool
-  - MmCreateMdl
-  - ZwReadFile
-  - ZwQueryInformationFile
-  - IoCreateFile
-  - _wcsicmp
-  - _wcsnicmp
-  - RtlEqualUnicodeString
-  - ZwWriteFile
-  - ZwFlushKey
-  - ZwSetValueKey
-  - ZwQueryValueKey
-  - RtlRandom
-  - KeQuerySystemTime
-  - ZwDeleteKey
-  - ZwOpenKey
-  - ZwEnumerateKey
-  - IoFreeIrp
-  - KeSetEvent
-  - KeWaitForSingleObject
-  - KeGetCurrentThread
-  - KeInitializeEvent
-  - IoAllocateIrp
-  - IoGetRelatedDeviceObject
-  - ObReferenceObjectByHandle
-  - IoFileObjectType
-  - ObQueryNameString
-  - RtlCopyUnicodeString
-  - MmIsAddressValid
-  - PsGetProcessPeb
-  - RtlCreateUnicodeString
-  - ZwDeleteValueKey
-  - ZwCreateKey
-  - RtlFreeUnicodeString
-  - ZwDeleteFile
-  - PsRemoveLoadImageNotifyRoutine
-  - CmUnRegisterCallback
-  - PsSetLoadImageNotifyRoutine
-  - CmRegisterCallback
-  - ObReferenceObjectByName
-  - ZwFreeVirtualMemory
-  - ZwWaitForSingleObject
-  - KeUnstackDetachProcess
-  - KeStackAttachProcess
-  - ZwDuplicateObject
-  - PsGetProcessSessionId
-  - _strnicmp
-  - RtlSubAuthoritySid
-  - RtlSubAuthorityCountSid
-  - ZwQueryInformationToken
-  - ZwOpenProcessTokenEx
-  - PsTerminateSystemThread
-  - PsThreadType
-  - PsCreateSystemThread
-  - KeTickCount
-  - KeBugCheckEx
-  - _vsnprintf
-  - strncmp
-  - strchr
-  - strncpy
-  - strstr
-  - ExAllocatePool
-  - _stricmp
-  - rand
-  - ZwCreateFile
-  - IoBuildDeviceIoControlRequest
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - _allshl
-  - RtlUnwind
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: ??=CN, ??=, ??=, ??=Private Organization, serialNumber=91420100MA4KN92W72,
-        C=CN, ST=, L=, O=Wuhan Jiajia Yiyong Technology Co., Ltd., CN=Wuhan Jiajia
-        Yiyong Technology Co., Ltd.
-      ValidFrom: '2020-11-17 00:00:00'
-      ValidTo: '2023-11-12 23:59:59'
-      Signature: 9451eb3eee03a01f0c66d87dc537eb17f37bc157ec9037c05a55ee4a3d0c207c67b981841c2b642084bca0a3c65f8e8eb5413f3e897b267aad91044c4098319a1f703fa995afdc53896d20245af8c2829e80081d36135ac1acb414bf966fd0af157b3fc2dac8f616f2b794a76b0fb7b300db0c579f093e31dd739b43f09fb7a73c6c914d8453032ea14950246e80abfc7fbaff2597ab68b6f03d30d97edbee25c0e2786040a1770e26661867920f3b01132c4ac5dc9ef97ae59e7baad68fe1b2b12acc7ed54697e9d4025ced62ac9dca82104ac7dd8219b331fcbed72aab33b95fed0ef6a1f9831c8b68457be6b080ae3c9ae15df500a53b7b2a198ee71abd1b
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 012eab44fa8853d913e7107c89406432
-      Version: 3
-      TBS:
-        MD5: 5d40693a8cfc4fd21f0c610ed3ee8477
-        SHA1: 4dffeb59ea4c32c7b87c9fe44d55f5e622444824
-        SHA256: d7380ff1b3d400fdf8cf2d8ab18ac65a071ae51c83cce017fa236fb530c4af74
-        SHA384: 9feb1b57516ca5131bb53e05cfc2c1d1df028761ede93e58f42026a9781507a72e28bb2aca693c72f29da7f0421f45bc
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA
-      ValidFrom: '2012-04-18 12:00:00'
-      ValidTo: '2027-04-18 12:00:00'
-      Signature: 9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0dd0e3374ac95bdbfa6b434b2a48ec06
-      Version: 3
-      TBS:
-        MD5: f92649915476229b093c211c2b18e6c4
-        SHA1: 2d54c16a8f8b69ccdea48d0603c132f547a5cf75
-        SHA256: 2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
-        SHA384: 511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace
-    Signer:
-    - SerialNumber: 012eab44fa8853d913e7107c89406432
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: e1c6e942db6887e4c9e630b5bb75c313
-    SHA1: e703cd9718363d923287424967d01ca57fc8a842
-    SHA256: 8afa5d95d504001486a7641c204a06b483d2cf4f3b4ed072606cc05759996d9d
-  Sections:
-    .text:
-      Entropy: 6.5601743726896915
-      Virtual Size: '0xcf52'
-    .rdata:
-      Entropy: 7.956474654695534
-      Virtual Size: '0xdc5e4'
-    .data:
-      Entropy: 2.3758735106170197
-      Virtual Size: '0x2420'
-    INIT:
-      Entropy: 5.700732148931988
-      Virtual Size: '0xa1a'
-    .rsrc:
-      Entropy: 3.337476767732356
-      Virtual Size: '0x400'
-    .reloc:
-      Entropy: 3.4327474207821553
-      Virtual Size: '0x144e'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2023-03-30 04:24:09'
-  Imphash: f8e4844312e81dbdb4e8e95e2ad2c127
-  LoadsDespiteHVCI: 'TRUE'
-- Filename: windbg.sys
-  MD5: 844af8c877f5da723c1b82cf6e213fc1
-  SHA1: 4f2d9a70ea24121ae01df8a76ffba1f9cc0fde4a
-  SHA256: 6994b32e3f3357f4a1d0abe81e8b62dd54e36b17816f2f1a80018584200a1b77
-  Signature: ''
-  Date: ''
-  Publisher: ''
-  Company: Microsoft Corporation
-  Description: Windows GUI symbolic debugger
-  Product: Microsoft? Windows? Operating System
-  ProductVersion: 10.0.19041.685
-  FileVersion: 10.0.19041.685 (WinBuild.160101.0800)
-  MachineType: AMD64
-  OriginalFilename: windbg.sys
-  Authentihash:
-    MD5: 98a3ab2b723de48256701b417ff87a65
-    SHA1: ff80d6663a92ff454526e88847cbb4d9bd00e21e
-    SHA256: 79278979d9300670d1084493bbc03ae374efc5ab02850941e85753885fa88e47
-  InternalName: windbg.sys
-  Copyright: '? Microsoft Corporation. All rights reserved.'
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - ExAllocatePoolWithTag
-  - PsProcessType
-  - IoGetLowerDeviceObject
-  - ExFreePoolWithTag
-  - IoRegisterShutdownNotification
-  - IoAttachDeviceToDeviceStackSafe
-  - PsLookupProcessByProcessId
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - MmGetSystemRoutineAddress
-  - IoDetachDevice
-  - KeDelayExecutionThread
-  - IoUnregisterShutdownNotification
-  - ZwClose
-  - IoGetAttachedDeviceReference
-  - PsGetCurrentProcessId
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - IoEnumerateDeviceObjectList
-  - IoUnregisterFsRegistrationChange
-  - ObOpenObjectByPointer
-  - IoRegisterFsRegistrationChange
-  - IofCallDriver
-  - MmUnmapLockedPages
-  - _wcsicmp
-  - PsGetProcessPeb
-  - ZwCreateKey
-  - RtlCreateUnicodeString
-  - MmMapLockedPages
-  - PsSetLoadImageNotifyRoutine
-  - _wcsnicmp
-  - ZwReadFile
-  - IoGetRelatedDeviceObject
-  - KeSetEvent
-  - IoCreateFile
-  - KeInitializeEvent
-  - ZwDeleteValueKey
-  - ZwSetValueKey
-  - RtlEqualUnicodeString
-  - MmBuildMdlForNonPagedPool
-  - IoFreeMdl
-  - RtlFreeUnicodeString
-  - ObQueryNameString
-  - IoFileObjectType
-  - ZwQueryValueKey
-  - _vsnwprintf
-  - RtlRandom
-  - ObReferenceObjectByHandle
-  - KeWaitForSingleObject
-  - PsRemoveLoadImageNotifyRoutine
-  - ZwFlushKey
-  - MmCreateMdl
-  - IoFreeIrp
-  - ZwDeleteFile
-  - PsGetVersion
-  - IoAllocateIrp
-  - CmRegisterCallback
-  - RtlCopyUnicodeString
-  - MmIsAddressValid
-  - CmUnRegisterCallback
-  - ZwQueryInformationFile
-  - ZwWriteFile
-  - ZwDeleteKey
-  - ZwEnumerateKey
-  - ZwAllocateVirtualMemory
-  - ZwOpenKey
-  - KeUnstackDetachProcess
-  - ZwWaitForSingleObject
-  - ZwFreeVirtualMemory
-  - PsGetProcessSessionId
-  - ZwDuplicateObject
-  - ObReferenceObjectByName
-  - KeStackAttachProcess
-  - RtlSubAuthoritySid
-  - _strnicmp
-  - ZwOpenProcessTokenEx
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - PsThreadType
-  - RtlSubAuthorityCountSid
-  - ZwQueryInformationToken
-  - KeBugCheckEx
-  - strncmp
-  - strstr
-  - strchr
-  - strncpy
-  - _vsnprintf
-  - rand
-  - _stricmp
-  - ExAllocatePool
-  - IoBuildDeviceIoControlRequest
-  - ZwCreateFile
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - __C_specific_handler
-  Signatures: {}
-  RichPEHeaderHash:
-    MD5: 0b8725117e665d5272218cb41038327d
-    SHA1: a6dde20a0c8ba6cfe531ce1a57035b8d7b3d900a
-    SHA256: b54213d1248761579f5f569ab7e32402dd88a12622377d381f7eb55d4f4eb053
-  Sections:
-    .text:
-      Entropy: 6.316212989532183
-      Virtual Size: '0xf332'
-    .rdata:
-      Entropy: 7.924187513971753
-      Virtual Size: '0x1100cc'
-    .data:
-      Entropy: 1.4059711626373768
-      Virtual Size: '0x2608'
-    .pdata:
-      Entropy: 4.843716813714921
-      Virtual Size: '0x6d8'
-    INIT:
-      Entropy: 5.256170796244334
-      Virtual Size: '0xb70'
-    .rsrc:
-      Entropy: 3.333432129597516
-      Virtual Size: '0x400'
-    .reloc:
-      Entropy: 1.3463891478457575
-      Virtual Size: '0x174'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2023-03-30 04:23:58'
-  Imphash: 3db9de43d5d530c10d0cd2d43c7a0771
-  LoadsDespiteHVCI: 'TRUE'
-- Filename: windbg.sys
-  MD5: 2ec877e425bd7eddb663627216e3491e
-  SHA1: d4f5323da704ff2f25d6b97f38763c147f2a0e6f
-  SHA256: 32882949ea084434a376451ff8364243a50485a3b4af2f2240bb5f20c164543d
-  Signature: ''
-  Date: ''
-  Publisher: ''
-  Company: Microsoft Corporation
-  Description: Windows GUI symbolic debugger
-  Product: Microsoft? Windows? Operating System
-  ProductVersion: 10.0.19041.685
-  FileVersion: 10.0.19041.685 (WinBuild.160101.0800)
-  MachineType: AMD64
-  OriginalFilename: windbg.sys
-  Authentihash:
-    MD5: 75c70824590d4db183418c7fd9e47d2d
-    SHA1: 1ccd8bc3104fe1654806752e1e6730d3ee0b4ee4
-    SHA256: e7e7824d611527b67fc36128da1b35d9b8ce3ffdab3fb96e3dbabd6e9c9570c0
-  InternalName: windbg.sys
-  Copyright: '? Microsoft Corporation. All rights reserved.'
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - ExAllocatePoolWithTag
-  - PsProcessType
-  - IoGetLowerDeviceObject
-  - ExFreePoolWithTag
-  - IoRegisterShutdownNotification
-  - IoAttachDeviceToDeviceStackSafe
-  - PsLookupProcessByProcessId
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - MmGetSystemRoutineAddress
-  - IoDetachDevice
-  - KeDelayExecutionThread
-  - IoUnregisterShutdownNotification
-  - ZwClose
-  - IoGetAttachedDeviceReference
-  - PsGetCurrentProcessId
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - IoEnumerateDeviceObjectList
-  - IoUnregisterFsRegistrationChange
-  - ObOpenObjectByPointer
-  - IoRegisterFsRegistrationChange
-  - IofCallDriver
-  - MmUnmapLockedPages
-  - _wcsicmp
-  - PsGetProcessPeb
-  - ZwCreateKey
-  - RtlCreateUnicodeString
-  - MmMapLockedPages
-  - PsSetLoadImageNotifyRoutine
-  - _wcsnicmp
-  - ZwReadFile
-  - IoCreateFile
-  - ZwDeleteValueKey
-  - ZwSetValueKey
-  - RtlEqualUnicodeString
-  - MmBuildMdlForNonPagedPool
-  - IoFreeMdl
-  - RtlFreeUnicodeString
-  - ObQueryNameString
-  - ZwQueryValueKey
-  - _vsnwprintf
-  - RtlRandom
-  - PsRemoveLoadImageNotifyRoutine
-  - ZwFlushKey
-  - MmCreateMdl
-  - ZwDeleteFile
-  - PsGetVersion
-  - CmRegisterCallback
-  - RtlCopyUnicodeString
-  - MmIsAddressValid
-  - CmUnRegisterCallback
-  - ZwQueryInformationFile
-  - ZwWriteFile
-  - ZwDeleteKey
-  - ZwEnumerateKey
-  - ZwAllocateVirtualMemory
-  - ZwOpenKey
-  - KeUnstackDetachProcess
-  - ZwWaitForSingleObject
-  - ZwFreeVirtualMemory
-  - PsGetProcessSessionId
-  - ZwDuplicateObject
-  - ObReferenceObjectByName
-  - KeStackAttachProcess
-  - RtlSubAuthoritySid
-  - _strnicmp
-  - KeSetEvent
-  - KeInitializeEvent
-  - ZwOpenProcessTokenEx
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - ObReferenceObjectByHandle
-  - KeWaitForSingleObject
-  - PsThreadType
-  - RtlSubAuthorityCountSid
-  - ZwQueryInformationToken
-  - KeBugCheckEx
-  - strncmp
-  - strstr
-  - strchr
-  - strncpy
-  - _vsnprintf
-  - rand
-  - _stricmp
-  - ExAllocatePool
-  - IoBuildDeviceIoControlRequest
-  - IoGetRelatedDeviceObject
-  - ZwCreateFile
-  - IoFreeIrp
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - __C_specific_handler
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=CN, ST=Shandong, L=Binzhou, O=Binzhoushi Yongyu Feed Co.,LTd., CN=Binzhoushi
-        Yongyu Feed Co.,LTd.
-      ValidFrom: '2014-01-17 00:00:00'
-      ValidTo: '2016-01-17 23:59:59'
-      Signature: 565de91bd9b0bbefe729b5e1a4070c18ee9855ad678967425dd8f4284cdd54fd20affa0449eb2061c26c0720e6b64ee7323461482ad375a2223074f1d41c96b48249ef810d1dc390b89890e703a407c05c7f5d8670573f22dcf7aa210b6d35793423e62a015309d1b37bc59664c32778d78bda41c215a9db9f13c95d922b5d2c0a798b3a642f50cc1aa12db6a398ab2741ce185e65d24ecbcad0d2309cf28530ae4c2ab4207dd35168d612ba3974230fd8d6121f4a9bd47b8ccb5e431f56e7b7f31e879a0f905dc16d1b73f0aa3ef9aeef75a471c09d484c1f474f97fcae827f29cedbd9f022d3e14a1d7ed7792a62b581f58e5e74c5eae41a32b9cc1da2f889
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 5d11784fb81765023f89a4f4243fe1a9
-      Version: 3
-      TBS:
-        MD5: b5ff0da6f1d327dca52b08e9c7c8d439
-        SHA1: c7acfdfc234a3bb37535cbe2785d9202b4b0a10c
-        SHA256: 80a8f0e8652dcea59596b4238f4c2d9f0212a25ea7434fde70a68a202b7ed0b1
-        SHA384: 5cb5027c847cd97082d64888db37cd3fed2ce3663ae3c7466d16887661fb8772f84f9a756782bd9eadde048ceb0f3773
-    - Subject: C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 56fe535ce1c79ebca7ed7e536d6a144b518c405e805faaa4e82fef38c804c9ca3ecfdf3a584eb0d4b663c52957fa02059a454d68db2a1bd4343d9f00c35acb9549a56ee1b0c5fc414d414a6fd377c8d7388de419de18f31f1565836d450c53f90a9a2ea55dbf6f32811892196a5500ad631c52067e55d92968ae4a7c189a79886b2323d827382a298776cafbc7b662231fed7a564cdd9c325bf53d0c4618953b2a2368836441d9006d0f1924156872bdc571676eac4cdb90eb51a51a6207d0be6a00473c722fec4f613e7385ce5a0ab7bac01c1375e3223928dd6d1d09469d4fbae8408191c6a4ce94721b01cf2a6e15679589ae7db7b7cdf90a3d75b66b3c25
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47974d7873a5bcab0d2fb370192fce5e
-      Version: 3
-      TBS:
-        MD5: e3a93dc2a8a8a668fdbb286bfe9afab5
-        SHA1: 95795d2aa2a554a423bc8c6e5b0a016d14887d35
-        SHA256: d8844186775bddbccaf3dc017064df7d760fd4b85c5d07561a3efd7da950f89e
-        SHA384: 78d972495720b43a6470b18ae1226bcca20707628087717a9364c14ca053ba264e6d149718b103542d9942200138a69d
-    - Subject: C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006
-        thawte, Inc. , For authorized use only, CN=thawte Primary Root CA
-      ValidFrom: '2011-02-22 19:31:57'
-      ValidTo: '2021-02-22 19:41:57'
-      Signature: 2dcc71b5e8ba94ff5ee64467007b6afc412c3ee70e41855ab12a932ba95b89f2f72b499c8003f297b8e760a80ed7fd5de545467594f4ed1c9de166228b61fb29f2c6a8bdf387c98f7f47e1c058b64a1aa2e7f718606969e083069e26c775c40c0d79da746b52b9fae8ea3359b9bb18dd291a14dfd36a37277a9da0dacffffc22c4faf009ff33e93e17ba1cc742cfce2743d30c0c5581303db96060ce02ece19ee81ddc852ce0a18d966d95ac17a4713ea16741b6281d2ce3b615e5b7e5a2f6256d86e320acf9f8314f8e629b9833376d6af735523e90feb03b5fc5b852a9e06ea0479a279e97aea24a9e531939ec357ec659de3ae0aaf533f06abda0821812dea18c4570ca2bd62e959145995a5c240049bd23b30ceca43df5b9e1d1b1825a38eea3fba1ab483a8c5dffa065223fd3d3fe4990db1446a3852e8a554b09ab38b2ab63a008d1fdad48e273d812bcc26ca516fad09ac05e38383a2b718e553aac42197a1f0d4220e7ab5d8c6880524ca1c0d488d02321fb901309007b4937afa9df486022abf4f6c2363bf8513c34bbc586e43ae19f4b90fe5461024b159c34176aa94b8d4cb69d2326c83af1d6b805cdda1d6240183a2f1b41cd3a993a0aa9d1d77eb8c4aff7b8c980105ed55df6ce7a9a02c50f6381efb564e9fc5bd8d2619a68c37cf9c78df91e87d5fa2cf816ae9dab068fc86dc741cda14e84e3dac26ebcfb
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611fb0a400000000001d
-      Version: 3
-      TBS:
-        MD5: a3f222107d4e1085e73b5b589c2f480b
-        SHA1: b94aa26cd77c48d91a53ac44506cbd255e1d362c
-        SHA256: a39ed0d6fd4eb1a6f7fed60f726e23eae668b7591bc004644625d22c701213fa
-        SHA384: 64b7643e4146016cbf83c911eb67e4601b6bb8d66f8ee8dcee67b815f91770d86ab23678b984430f22a963e5484881b7
-    Signer:
-    - SerialNumber: 5d11784fb81765023f89a4f4243fe1a9
-      Issuer: C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 57462998048f7ee977ca73cacd0a8a2a
-    SHA1: f1a4626b2b16389bf879d451c63ff53bca825d23
-    SHA256: 9e96e39a30076c985ce6aa3547b8279c8f471122a0b25bebde5a189d9795d427
-  Sections:
-    .text:
-      Entropy: 6.3276248460048405
-      Virtual Size: '0xee62'
-    .rdata:
-      Entropy: 7.875642919708588
-      Virtual Size: '0x116164'
-    .data:
-      Entropy: 1.4228529560727312
-      Virtual Size: '0x2608'
-    .pdata:
-      Entropy: 4.838191412178099
-      Virtual Size: '0x6b4'
-    INIT:
-      Entropy: 5.354478421940713
-      Virtual Size: '0xb3c'
-    .rsrc:
-      Entropy: 3.337476767732356
-      Virtual Size: '0x400'
-    .reloc:
-      Entropy: 1.3463891478457575
-      Virtual Size: '0x174'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2023-03-08 03:14:00'
-  Imphash: 63fd1582ac2edee50f7ec7eedde38ee8
-  LoadsDespiteHVCI: 'TRUE'
-- Filename: windbg.sys
-  MD5: 0023ca0ca16a62d93ef51f3df98b2f94
-  SHA1: 97812f334a077c40e8e642bb9872ac2c49ddb9a2
-  SHA256: 50819a1add4c81c0d53203592d6803f022443440935ff8260ff3b6d5253c0c76
-  Signature: ''
-  Date: ''
-  Publisher: ''
-  Company: Microsoft Corporation
-  Description: Windows GUI symbolic debugger
-  Product: Microsoft? Windows? Operating System
-  ProductVersion: 10.0.19041.685
-  FileVersion: 10.0.19041.685 (WinBuild.160101.0800)
-  MachineType: AMD64
-  OriginalFilename: windbg.sys
-  Authentihash:
-    MD5: c12f9f4027088d2ca69b2d2fec33131b
-    SHA1: f73aa876791246fb7486214e4d3f81a0d375e649
-    SHA256: 88b901ce8ee199bc371e9cf39ab5375d31c6881a25ba5827e9b32ba7946ecda1
-  InternalName: windbg.sys
-  Copyright: '? Microsoft Corporation. All rights reserved.'
-  Imports:
-  - ntoskrnl.exe
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - ExAllocatePoolWithTag
-  - ExAllocatePool
-  - NtQuerySystemInformation
-  - ExFreePoolWithTag
-  - IoAllocateMdl
-  - MmProbeAndLockPages
-  - MmMapLockedPagesSpecifyCache
-  - MmUnlockPages
-  - IoFreeMdl
-  - KeQueryActiveProcessors
-  - KeSetSystemAffinityThread
-  - KeRevertToUserAffinityThread
-  - DbgPrint
-  - KeQueryPerformanceCounter
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: ??=CN, ??=, ??=, ??=Private Organization, serialNumber=91420100MA4KN92W72,
-        C=CN, ST=, L=, O=Wuhan Jiajia Yiyong Technology Co., Ltd., CN=Wuhan Jiajia
-        Yiyong Technology Co., Ltd.
-      ValidFrom: '2020-11-17 00:00:00'
-      ValidTo: '2023-11-12 23:59:59'
-      Signature: 9451eb3eee03a01f0c66d87dc537eb17f37bc157ec9037c05a55ee4a3d0c207c67b981841c2b642084bca0a3c65f8e8eb5413f3e897b267aad91044c4098319a1f703fa995afdc53896d20245af8c2829e80081d36135ac1acb414bf966fd0af157b3fc2dac8f616f2b794a76b0fb7b300db0c579f093e31dd739b43f09fb7a73c6c914d8453032ea14950246e80abfc7fbaff2597ab68b6f03d30d97edbee25c0e2786040a1770e26661867920f3b01132c4ac5dc9ef97ae59e7baad68fe1b2b12acc7ed54697e9d4025ced62ac9dca82104ac7dd8219b331fcbed72aab33b95fed0ef6a1f9831c8b68457be6b080ae3c9ae15df500a53b7b2a198ee71abd1b
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 012eab44fa8853d913e7107c89406432
-      Version: 3
-      TBS:
-        MD5: 5d40693a8cfc4fd21f0c610ed3ee8477
-        SHA1: 4dffeb59ea4c32c7b87c9fe44d55f5e622444824
-        SHA256: d7380ff1b3d400fdf8cf2d8ab18ac65a071ae51c83cce017fa236fb530c4af74
-        SHA384: 9feb1b57516ca5131bb53e05cfc2c1d1df028761ede93e58f42026a9781507a72e28bb2aca693c72f29da7f0421f45bc
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA
-      ValidFrom: '2012-04-18 12:00:00'
-      ValidTo: '2027-04-18 12:00:00'
-      Signature: 9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0dd0e3374ac95bdbfa6b434b2a48ec06
-      Version: 3
-      TBS:
-        MD5: f92649915476229b093c211c2b18e6c4
-        SHA1: 2d54c16a8f8b69ccdea48d0603c132f547a5cf75
-        SHA256: 2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
-        SHA384: 511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace
-    Signer:
-    - SerialNumber: 012eab44fa8853d913e7107c89406432
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: ffdf660eb1ebf020a1d0a55a90712dfb
-    SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
-    SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
-  Sections:
-    .text:
-      Entropy: 0.0
-      Virtual Size: '0xecf2'
-    .rdata:
-      Entropy: 0.0
-      Virtual Size: '0x11139c'
-    .data:
-      Entropy: 0.0
-      Virtual Size: '0x2608'
-    .pdata:
-      Entropy: 0.0
-      Virtual Size: '0x6a8'
-    INIT:
-      Entropy: 0.0
-      Virtual Size: '0xb3c'
-    .%V,:
-      Entropy: 0.0
-      Virtual Size: '0x2f1e75'
-    .vK6:
-      Entropy: 0.44041120165049624
-      Virtual Size: '0x410'
-    .ubd:
-      Entropy: 7.791669802177395
-      Virtual Size: '0x66d38c'
-    .reloc:
-      Entropy: 3.688528320309426
-      Virtual Size: '0xf0'
-    .rsrc:
-      Entropy: 3.3574600171780125
-      Virtual Size: '0x3f8'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2023-03-09 06:55:38'
-  Imphash: 6b387c029257f024a43a73f38afb2629
-  LoadsDespiteHVCI: 'TRUE'
-- Filename: windbg.sys
-  MD5: f69b06ca7c34d16f26ea1c6861edf62a
-  SHA1: fdbcebb6cafda927d384d7be2e8063a4377d884f
-  SHA256: 770f33259d6fb10f4a32d8a57d0d12953e8455c72bb7b60cb39ce505c507013a
-  Signature: ''
-  Date: ''
-  Publisher: ''
-  Company: Microsoft Corporation
-  Description: Windows GUI symbolic debugger
-  Product: Microsoft? Windows? Operating System
-  ProductVersion: 10.0.19041.685
-  FileVersion: 10.0.19041.685 (WinBuild.160101.0800)
-  MachineType: AMD64
-  OriginalFilename: windbg.sys
-  Authentihash:
-    MD5: 5d9b4ff04047d06a76354c7f7caa1e9e
-    SHA1: 6230645a707228e023d7fc9c5c86c340be05f9c3
-    SHA256: 28d3a5a85eef4561c4ad08fd83aca4f7a946f8dca8bfb7958a855a80197f68a6
-  InternalName: windbg.sys
-  Copyright: '? Microsoft Corporation. All rights reserved.'
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - ExAllocatePoolWithTag
-  - PsProcessType
-  - IoGetLowerDeviceObject
-  - ExFreePoolWithTag
-  - IoRegisterShutdownNotification
-  - IoAttachDeviceToDeviceStackSafe
-  - PsLookupProcessByProcessId
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - MmGetSystemRoutineAddress
-  - IoDetachDevice
-  - KeDelayExecutionThread
-  - IoUnregisterShutdownNotification
-  - ZwClose
-  - IoGetAttachedDeviceReference
-  - PsGetCurrentProcessId
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - IoEnumerateDeviceObjectList
-  - IoUnregisterFsRegistrationChange
-  - ObOpenObjectByPointer
-  - IoRegisterFsRegistrationChange
-  - IofCallDriver
-  - MmUnmapLockedPages
-  - _wcsicmp
-  - PsGetProcessPeb
-  - ZwCreateKey
-  - RtlCreateUnicodeString
-  - MmMapLockedPages
-  - PsSetLoadImageNotifyRoutine
-  - _wcsnicmp
-  - ZwReadFile
-  - IoGetRelatedDeviceObject
-  - KeSetEvent
-  - IoCreateFile
-  - KeInitializeEvent
-  - ZwDeleteValueKey
-  - ZwSetValueKey
-  - RtlEqualUnicodeString
-  - MmBuildMdlForNonPagedPool
-  - IoFreeMdl
-  - RtlFreeUnicodeString
-  - ObQueryNameString
-  - IoFileObjectType
-  - ZwQueryValueKey
-  - _vsnwprintf
-  - RtlRandom
-  - ObReferenceObjectByHandle
-  - KeWaitForSingleObject
-  - PsRemoveLoadImageNotifyRoutine
-  - ZwFlushKey
-  - MmCreateMdl
-  - IoFreeIrp
-  - ZwDeleteFile
-  - PsGetVersion
-  - IoAllocateIrp
-  - CmRegisterCallback
-  - RtlCopyUnicodeString
-  - MmIsAddressValid
-  - CmUnRegisterCallback
-  - ZwQueryInformationFile
-  - ZwWriteFile
-  - ZwDeleteKey
-  - ZwEnumerateKey
-  - ZwAllocateVirtualMemory
-  - ZwOpenKey
-  - KeUnstackDetachProcess
-  - ZwWaitForSingleObject
-  - ZwFreeVirtualMemory
-  - PsGetProcessSessionId
-  - ZwDuplicateObject
-  - ObReferenceObjectByName
-  - KeStackAttachProcess
-  - RtlSubAuthoritySid
-  - _strnicmp
-  - ZwOpenProcessTokenEx
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - PsThreadType
-  - RtlSubAuthorityCountSid
-  - ZwQueryInformationToken
-  - KeBugCheckEx
-  - strncmp
-  - strstr
-  - strchr
-  - strncpy
-  - _vsnprintf
-  - rand
-  - _stricmp
-  - ExAllocatePool
-  - IoBuildDeviceIoControlRequest
-  - ZwCreateFile
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - __C_specific_handler
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: ??=CN, ??=, ??=, ??=Private Organization, serialNumber=91420100MA4KN92W72,
-        C=CN, ST=, L=, O=Wuhan Jiajia Yiyong Technology Co., Ltd., CN=Wuhan Jiajia
-        Yiyong Technology Co., Ltd.
-      ValidFrom: '2020-11-17 00:00:00'
-      ValidTo: '2023-11-12 23:59:59'
-      Signature: 9451eb3eee03a01f0c66d87dc537eb17f37bc157ec9037c05a55ee4a3d0c207c67b981841c2b642084bca0a3c65f8e8eb5413f3e897b267aad91044c4098319a1f703fa995afdc53896d20245af8c2829e80081d36135ac1acb414bf966fd0af157b3fc2dac8f616f2b794a76b0fb7b300db0c579f093e31dd739b43f09fb7a73c6c914d8453032ea14950246e80abfc7fbaff2597ab68b6f03d30d97edbee25c0e2786040a1770e26661867920f3b01132c4ac5dc9ef97ae59e7baad68fe1b2b12acc7ed54697e9d4025ced62ac9dca82104ac7dd8219b331fcbed72aab33b95fed0ef6a1f9831c8b68457be6b080ae3c9ae15df500a53b7b2a198ee71abd1b
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 012eab44fa8853d913e7107c89406432
-      Version: 3
-      TBS:
-        MD5: 5d40693a8cfc4fd21f0c610ed3ee8477
-        SHA1: 4dffeb59ea4c32c7b87c9fe44d55f5e622444824
-        SHA256: d7380ff1b3d400fdf8cf2d8ab18ac65a071ae51c83cce017fa236fb530c4af74
-        SHA384: 9feb1b57516ca5131bb53e05cfc2c1d1df028761ede93e58f42026a9781507a72e28bb2aca693c72f29da7f0421f45bc
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA
-      ValidFrom: '2012-04-18 12:00:00'
-      ValidTo: '2027-04-18 12:00:00'
-      Signature: 9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0dd0e3374ac95bdbfa6b434b2a48ec06
-      Version: 3
-      TBS:
-        MD5: f92649915476229b093c211c2b18e6c4
-        SHA1: 2d54c16a8f8b69ccdea48d0603c132f547a5cf75
-        SHA256: 2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
-        SHA384: 511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace
-    Signer:
-    - SerialNumber: 012eab44fa8853d913e7107c89406432
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 0b8725117e665d5272218cb41038327d
-    SHA1: a6dde20a0c8ba6cfe531ce1a57035b8d7b3d900a
-    SHA256: b54213d1248761579f5f569ab7e32402dd88a12622377d381f7eb55d4f4eb053
-  Sections:
-    .text:
-      Entropy: 6.31593365316145
-      Virtual Size: '0xf332'
-    .rdata:
-      Entropy: 7.924187513971753
-      Virtual Size: '0x1100cc'
-    .data:
-      Entropy: 1.4059711626373768
-      Virtual Size: '0x2608'
-    .pdata:
-      Entropy: 4.843716813714921
-      Virtual Size: '0x6d8'
-    INIT:
-      Entropy: 5.256170796244334
-      Virtual Size: '0xb70'
-    .rsrc:
-      Entropy: 3.333432129597516
-      Virtual Size: '0x400'
-    .reloc:
-      Entropy: 1.3463891478457575
-      Virtual Size: '0x174'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2023-03-30 04:23:58'
-  Imphash: 3db9de43d5d530c10d0cd2d43c7a0771
-  LoadsDespiteHVCI: 'TRUE'
-- Filename: windbg.sys
-  MD5: e8eac6642b882a6196555539149c73f2
-  SHA1: 3825ebb0b0664b5f0789371240f65231693be37d
-  SHA256: 86047bb1969d1db455493955fd450d18c62a3f36294d0a6c3732c88dfbcc4f62
-  Signature: ''
-  Date: ''
-  Publisher: ''
-  Company: Microsoft Corporation
-  Description: Windows GUI symbolic debugger
-  Product: Microsoft? Windows? Operating System
-  ProductVersion: 10.0.19041.685
-  FileVersion: 10.0.19041.685 (WinBuild.160101.0800)
-  MachineType: AMD64
-  OriginalFilename: windbg.sys
-  Authentihash:
-    MD5: 1584b06241f08d74434a452e798b2809
-    SHA1: 8eca36d54d04736f61f54285bcee8c30ed892553
-    SHA256: ff6108dd2017f9bc7ea93c43c1afbda0f1cc7b00f5afafb4ce3cf0a193e9598b
-  InternalName: windbg.sys
-  Copyright: '? Microsoft Corporation. All rights reserved.'
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - ExAllocatePoolWithTag
-  - PsProcessType
-  - IoGetLowerDeviceObject
-  - ExFreePoolWithTag
-  - IoRegisterShutdownNotification
-  - IoAttachDeviceToDeviceStackSafe
-  - PsLookupProcessByProcessId
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - MmGetSystemRoutineAddress
-  - IoDetachDevice
-  - KeDelayExecutionThread
-  - IoUnregisterShutdownNotification
-  - ZwClose
-  - IoGetAttachedDeviceReference
-  - PsGetCurrentProcessId
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - IoEnumerateDeviceObjectList
-  - IoUnregisterFsRegistrationChange
-  - ObOpenObjectByPointer
-  - IoRegisterFsRegistrationChange
-  - IofCallDriver
-  - MmUnmapLockedPages
-  - _wcsicmp
-  - PsGetProcessPeb
-  - ZwCreateKey
-  - RtlCreateUnicodeString
-  - MmMapLockedPages
-  - PsSetLoadImageNotifyRoutine
-  - _wcsnicmp
-  - ZwReadFile
-  - IoGetRelatedDeviceObject
-  - KeSetEvent
-  - IoCreateFile
-  - KeInitializeEvent
-  - ZwDeleteValueKey
-  - ZwSetValueKey
-  - RtlEqualUnicodeString
-  - MmBuildMdlForNonPagedPool
-  - IoFreeMdl
-  - RtlFreeUnicodeString
-  - ObQueryNameString
-  - IoFileObjectType
-  - ZwQueryValueKey
-  - _vsnwprintf
-  - RtlRandom
-  - ObReferenceObjectByHandle
-  - KeWaitForSingleObject
-  - PsRemoveLoadImageNotifyRoutine
-  - ZwFlushKey
-  - MmCreateMdl
-  - IoFreeIrp
-  - ZwDeleteFile
-  - PsGetVersion
-  - IoAllocateIrp
-  - CmRegisterCallback
-  - RtlCopyUnicodeString
-  - MmIsAddressValid
-  - CmUnRegisterCallback
-  - ZwQueryInformationFile
-  - ZwWriteFile
-  - ZwDeleteKey
-  - ZwEnumerateKey
-  - ZwAllocateVirtualMemory
-  - ZwOpenKey
-  - KeUnstackDetachProcess
-  - ZwWaitForSingleObject
-  - ZwFreeVirtualMemory
-  - PsGetProcessSessionId
-  - ZwDuplicateObject
-  - ObReferenceObjectByName
-  - KeStackAttachProcess
-  - RtlSubAuthoritySid
-  - _strnicmp
-  - ZwOpenProcessTokenEx
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - PsThreadType
-  - RtlSubAuthorityCountSid
-  - ZwQueryInformationToken
-  - KeBugCheckEx
-  - strncmp
-  - strstr
-  - strchr
-  - strncpy
-  - _vsnprintf
-  - rand
-  - _stricmp
-  - ExAllocatePool
-  - IoBuildDeviceIoControlRequest
-  - ZwCreateFile
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - __C_specific_handler
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: ??=CN, ??=, ??=, ??=Private Organization, serialNumber=91420100MA4KN92W72,
-        C=CN, ST=, L=, O=Wuhan Jiajia Yiyong Technology Co., Ltd., CN=Wuhan Jiajia
-        Yiyong Technology Co., Ltd.
-      ValidFrom: '2020-11-17 00:00:00'
-      ValidTo: '2023-11-12 23:59:59'
-      Signature: 9451eb3eee03a01f0c66d87dc537eb17f37bc157ec9037c05a55ee4a3d0c207c67b981841c2b642084bca0a3c65f8e8eb5413f3e897b267aad91044c4098319a1f703fa995afdc53896d20245af8c2829e80081d36135ac1acb414bf966fd0af157b3fc2dac8f616f2b794a76b0fb7b300db0c579f093e31dd739b43f09fb7a73c6c914d8453032ea14950246e80abfc7fbaff2597ab68b6f03d30d97edbee25c0e2786040a1770e26661867920f3b01132c4ac5dc9ef97ae59e7baad68fe1b2b12acc7ed54697e9d4025ced62ac9dca82104ac7dd8219b331fcbed72aab33b95fed0ef6a1f9831c8b68457be6b080ae3c9ae15df500a53b7b2a198ee71abd1b
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 012eab44fa8853d913e7107c89406432
-      Version: 3
-      TBS:
-        MD5: 5d40693a8cfc4fd21f0c610ed3ee8477
-        SHA1: 4dffeb59ea4c32c7b87c9fe44d55f5e622444824
-        SHA256: d7380ff1b3d400fdf8cf2d8ab18ac65a071ae51c83cce017fa236fb530c4af74
-        SHA384: 9feb1b57516ca5131bb53e05cfc2c1d1df028761ede93e58f42026a9781507a72e28bb2aca693c72f29da7f0421f45bc
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA
-      ValidFrom: '2012-04-18 12:00:00'
-      ValidTo: '2027-04-18 12:00:00'
-      Signature: 9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0dd0e3374ac95bdbfa6b434b2a48ec06
-      Version: 3
-      TBS:
-        MD5: f92649915476229b093c211c2b18e6c4
-        SHA1: 2d54c16a8f8b69ccdea48d0603c132f547a5cf75
-        SHA256: 2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
-        SHA384: 511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace
-    Signer:
-    - SerialNumber: 012eab44fa8853d913e7107c89406432
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 0b8725117e665d5272218cb41038327d
-    SHA1: a6dde20a0c8ba6cfe531ce1a57035b8d7b3d900a
-    SHA256: b54213d1248761579f5f569ab7e32402dd88a12622377d381f7eb55d4f4eb053
-  Sections:
-    .text:
-      Entropy: 6.316575464847126
-      Virtual Size: '0xf332'
-    .rdata:
-      Entropy: 7.924631486386995
-      Virtual Size: '0x1104dc'
-    .data:
-      Entropy: 1.4059711626373768
-      Virtual Size: '0x2608'
-    .pdata:
-      Entropy: 4.817825512018466
-      Virtual Size: '0x6d8'
-    INIT:
-      Entropy: 5.256170796244334
-      Virtual Size: '0xb70'
-    .rsrc:
-      Entropy: 3.333432129597516
-      Virtual Size: '0x400'
-    .reloc:
-      Entropy: 1.3463891478457575
-      Virtual Size: '0x174'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2023-03-27 22:28:03'
-  Imphash: 3db9de43d5d530c10d0cd2d43c7a0771
-  LoadsDespiteHVCI: 'TRUE'
-- Filename: windbg.sys
-  MD5: 5ebfc0af031130ba9de1d5d3275734b3
-  SHA1: 48f03a13b0f6d3d929a86514ce48a9352ffef5ad
-  SHA256: bb2422e96ea993007f25c71d55b2eddfa1e940c89e895abb50dd07d7c17ca1df
-  Signature: ''
-  Date: ''
-  Publisher: ''
-  Company: Microsoft Corporation
-  Description: Windows GUI symbolic debugger
-  Product: Microsoft? Windows? Operating System
-  ProductVersion: 10.0.19041.685
-  FileVersion: 10.0.19041.685 (WinBuild.160101.0800)
-  MachineType: AMD64
-  OriginalFilename: windbg.sys
-  Authentihash:
-    MD5: 1959eac3bb98c3032791b0dc6d662281
-    SHA1: f8df5fd765770a56c227c66b47edcf38f868ef33
-    SHA256: a0801ade5de44b65afb8c275e11e4d766ae64af1a5740ad4f1db1acc4e088774
-  InternalName: windbg.sys
-  Copyright: '? Microsoft Corporation. All rights reserved.'
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - ExAllocatePoolWithTag
-  - PsProcessType
-  - IoGetLowerDeviceObject
-  - ExFreePoolWithTag
-  - IoRegisterShutdownNotification
-  - IoAttachDeviceToDeviceStackSafe
-  - PsLookupProcessByProcessId
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - MmGetSystemRoutineAddress
-  - IoDetachDevice
-  - KeDelayExecutionThread
-  - IoUnregisterShutdownNotification
-  - ZwClose
-  - IoGetAttachedDeviceReference
-  - PsGetCurrentProcessId
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - IoEnumerateDeviceObjectList
-  - IoUnregisterFsRegistrationChange
-  - ObOpenObjectByPointer
-  - IoRegisterFsRegistrationChange
-  - IofCallDriver
-  - MmUnmapLockedPages
-  - _wcsicmp
-  - PsGetProcessPeb
-  - ZwCreateKey
-  - RtlCreateUnicodeString
-  - MmMapLockedPages
-  - PsSetLoadImageNotifyRoutine
-  - _wcsnicmp
-  - ZwReadFile
-  - IoGetRelatedDeviceObject
-  - KeSetEvent
-  - IoCreateFile
-  - KeInitializeEvent
-  - ZwDeleteValueKey
-  - ZwSetValueKey
-  - RtlEqualUnicodeString
-  - MmBuildMdlForNonPagedPool
-  - IoFreeMdl
-  - RtlFreeUnicodeString
-  - ObQueryNameString
-  - IoFileObjectType
-  - ZwQueryValueKey
-  - _vsnwprintf
-  - RtlRandom
-  - ObReferenceObjectByHandle
-  - KeWaitForSingleObject
-  - PsRemoveLoadImageNotifyRoutine
-  - ZwFlushKey
-  - MmCreateMdl
-  - IoFreeIrp
-  - ZwDeleteFile
-  - PsGetVersion
-  - IoAllocateIrp
-  - CmRegisterCallback
-  - RtlCopyUnicodeString
-  - MmIsAddressValid
-  - CmUnRegisterCallback
-  - ZwQueryInformationFile
-  - ZwWriteFile
-  - ZwDeleteKey
-  - ZwEnumerateKey
-  - ZwAllocateVirtualMemory
-  - ZwOpenKey
-  - KeUnstackDetachProcess
-  - ZwWaitForSingleObject
-  - ZwFreeVirtualMemory
-  - PsGetProcessSessionId
-  - ZwDuplicateObject
-  - ObReferenceObjectByName
-  - KeStackAttachProcess
-  - RtlSubAuthoritySid
-  - _strnicmp
-  - ZwOpenProcessTokenEx
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - PsThreadType
-  - RtlSubAuthorityCountSid
-  - ZwQueryInformationToken
-  - KeBugCheckEx
-  - strncmp
-  - strstr
-  - strchr
-  - strncpy
-  - _vsnprintf
-  - rand
-  - _stricmp
-  - ExAllocatePool
-  - IoBuildDeviceIoControlRequest
-  - ZwCreateFile
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - __C_specific_handler
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: ??=CN, ??=, ??=, ??=Private Organization, serialNumber=91420100MA4KN92W72,
-        C=CN, ST=, L=, O=Wuhan Jiajia Yiyong Technology Co., Ltd., CN=Wuhan Jiajia
-        Yiyong Technology Co., Ltd.
-      ValidFrom: '2020-11-17 00:00:00'
-      ValidTo: '2023-11-12 23:59:59'
-      Signature: 9451eb3eee03a01f0c66d87dc537eb17f37bc157ec9037c05a55ee4a3d0c207c67b981841c2b642084bca0a3c65f8e8eb5413f3e897b267aad91044c4098319a1f703fa995afdc53896d20245af8c2829e80081d36135ac1acb414bf966fd0af157b3fc2dac8f616f2b794a76b0fb7b300db0c579f093e31dd739b43f09fb7a73c6c914d8453032ea14950246e80abfc7fbaff2597ab68b6f03d30d97edbee25c0e2786040a1770e26661867920f3b01132c4ac5dc9ef97ae59e7baad68fe1b2b12acc7ed54697e9d4025ced62ac9dca82104ac7dd8219b331fcbed72aab33b95fed0ef6a1f9831c8b68457be6b080ae3c9ae15df500a53b7b2a198ee71abd1b
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 012eab44fa8853d913e7107c89406432
-      Version: 3
-      TBS:
-        MD5: 5d40693a8cfc4fd21f0c610ed3ee8477
-        SHA1: 4dffeb59ea4c32c7b87c9fe44d55f5e622444824
-        SHA256: d7380ff1b3d400fdf8cf2d8ab18ac65a071ae51c83cce017fa236fb530c4af74
-        SHA384: 9feb1b57516ca5131bb53e05cfc2c1d1df028761ede93e58f42026a9781507a72e28bb2aca693c72f29da7f0421f45bc
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA
-      ValidFrom: '2012-04-18 12:00:00'
-      ValidTo: '2027-04-18 12:00:00'
-      Signature: 9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0dd0e3374ac95bdbfa6b434b2a48ec06
-      Version: 3
-      TBS:
-        MD5: f92649915476229b093c211c2b18e6c4
-        SHA1: 2d54c16a8f8b69ccdea48d0603c132f547a5cf75
-        SHA256: 2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
-        SHA384: 511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace
-    Signer:
-    - SerialNumber: 012eab44fa8853d913e7107c89406432
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 0b8725117e665d5272218cb41038327d
-    SHA1: a6dde20a0c8ba6cfe531ce1a57035b8d7b3d900a
-    SHA256: b54213d1248761579f5f569ab7e32402dd88a12622377d381f7eb55d4f4eb053
-  Sections:
-    .text:
-      Entropy: 6.315949532585678
-      Virtual Size: '0xf332'
-    .rdata:
-      Entropy: 7.924187513971753
-      Virtual Size: '0x1100cc'
-    .data:
-      Entropy: 1.4059711626373768
-      Virtual Size: '0x2608'
-    .pdata:
-      Entropy: 4.843716813714921
-      Virtual Size: '0x6d8'
-    INIT:
-      Entropy: 5.256170796244334
-      Virtual Size: '0xb70'
-    .rsrc:
-      Entropy: 3.333432129597516
-      Virtual Size: '0x400'
-    .reloc:
-      Entropy: 1.3463891478457575
-      Virtual Size: '0x174'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2023-03-30 04:23:58'
-  Imphash: 3db9de43d5d530c10d0cd2d43c7a0771
-  LoadsDespiteHVCI: 'TRUE'
-- Filename: windbg.sys
-  MD5: 40b968ecdbe9e967d92c5da51c390eee
-  SHA1: b8b123a413b7bccfa8433deba4f88669c969b543
-  SHA256: 06c5ebd0371342d18bc81a96f5e5ce28de64101e3c2fd0161d0b54d8368d2f1f
-  Signature: ''
-  Date: ''
-  Publisher: ''
-  Company: Microsoft Corporation
-  Description: Windows GUI symbolic debugger
-  Product: Microsoft? Windows? Operating System
-  ProductVersion: 10.0.19041.685
-  FileVersion: 10.0.19041.685 (WinBuild.160101.0800)
-  MachineType: AMD64
-  OriginalFilename: windbg.sys
-  Authentihash:
-    MD5: 98a3ab2b723de48256701b417ff87a65
-    SHA1: ff80d6663a92ff454526e88847cbb4d9bd00e21e
-    SHA256: 79278979d9300670d1084493bbc03ae374efc5ab02850941e85753885fa88e47
-  InternalName: windbg.sys
-  Copyright: '? Microsoft Corporation. All rights reserved.'
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - ExAllocatePoolWithTag
-  - PsProcessType
-  - IoGetLowerDeviceObject
-  - ExFreePoolWithTag
-  - IoRegisterShutdownNotification
-  - IoAttachDeviceToDeviceStackSafe
-  - PsLookupProcessByProcessId
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - MmGetSystemRoutineAddress
-  - IoDetachDevice
-  - KeDelayExecutionThread
-  - IoUnregisterShutdownNotification
-  - ZwClose
-  - IoGetAttachedDeviceReference
-  - PsGetCurrentProcessId
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - IoEnumerateDeviceObjectList
-  - IoUnregisterFsRegistrationChange
-  - ObOpenObjectByPointer
-  - IoRegisterFsRegistrationChange
-  - IofCallDriver
-  - MmUnmapLockedPages
-  - _wcsicmp
-  - PsGetProcessPeb
-  - ZwCreateKey
-  - RtlCreateUnicodeString
-  - MmMapLockedPages
-  - PsSetLoadImageNotifyRoutine
-  - _wcsnicmp
-  - ZwReadFile
-  - IoGetRelatedDeviceObject
-  - KeSetEvent
-  - IoCreateFile
-  - KeInitializeEvent
-  - ZwDeleteValueKey
-  - ZwSetValueKey
-  - RtlEqualUnicodeString
-  - MmBuildMdlForNonPagedPool
-  - IoFreeMdl
-  - RtlFreeUnicodeString
-  - ObQueryNameString
-  - IoFileObjectType
-  - ZwQueryValueKey
-  - _vsnwprintf
-  - RtlRandom
-  - ObReferenceObjectByHandle
-  - KeWaitForSingleObject
-  - PsRemoveLoadImageNotifyRoutine
-  - ZwFlushKey
-  - MmCreateMdl
-  - IoFreeIrp
-  - ZwDeleteFile
-  - PsGetVersion
-  - IoAllocateIrp
-  - CmRegisterCallback
-  - RtlCopyUnicodeString
-  - MmIsAddressValid
-  - CmUnRegisterCallback
-  - ZwQueryInformationFile
-  - ZwWriteFile
-  - ZwDeleteKey
-  - ZwEnumerateKey
-  - ZwAllocateVirtualMemory
-  - ZwOpenKey
-  - KeUnstackDetachProcess
-  - ZwWaitForSingleObject
-  - ZwFreeVirtualMemory
-  - PsGetProcessSessionId
-  - ZwDuplicateObject
-  - ObReferenceObjectByName
-  - KeStackAttachProcess
-  - RtlSubAuthoritySid
-  - _strnicmp
-  - ZwOpenProcessTokenEx
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - PsThreadType
-  - RtlSubAuthorityCountSid
-  - ZwQueryInformationToken
-  - KeBugCheckEx
-  - strncmp
-  - strstr
-  - strchr
-  - strncpy
-  - _vsnprintf
-  - rand
-  - _stricmp
-  - ExAllocatePool
-  - IoBuildDeviceIoControlRequest
-  - ZwCreateFile
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - __C_specific_handler
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Hardware Compatibility Publisher
-      ValidFrom: '2023-01-12 19:14:52'
-      ValidTo: '2023-12-15 19:14:52'
-      Signature: 5548d9042f4a8d4776b5fccbacda2e58d5161fb7932287aa5da1c9afaca15c230908ed96adeb0f6a86dc3972a85de00fb4d4db0a52394116887998fd673f57a0520fa1e39806b348e555cfe5a419c501a0fbfbdb79e88d37656735fa6cd56d5c465fe3871f5157e357d73956d4586bd50508522be7e24d2357d7ab53e3ae46d2d168e52d0d15761eaab962c36ee0791cabd33869f11f9512772261cda6249f16f85772116cc0585975600e5fe949e1a2bb85820ddf901b9e48ee805aacd1c826a1304916e2180de5d3ecc2fc0375d3a877ab8a058dda7e05aa91727523e579d17ce0dce414612d9b638b1ff5ad74d654c5b7e638a3cca372c5f51db638794ed6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 33000000f5e8773b206b1ccd610000000000f5
-      Version: 3
-      TBS:
-        MD5: bf6aed18e4c3fd6ac87330096df18117
-        SHA1: f96be504b875f1e63bf51eacc6768e4fdecddcc6
-        SHA256: 76c137a4dd29ebb1cb6a5d319d17e7049ad6d524f9de5d47c24c14b16a4f0720
-        SHA384: f1d9ab8315a45f1b96431b009f4b5c12cb4d05428d5b003a4100d4b31124799e8d70dbf72a47787657c42e198bbdff33
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2012
-      ValidFrom: '2012-04-18 23:48:38'
-      ValidTo: '2027-04-18 23:58:38'
-      Signature: 5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 610baac1000000000009
-      Version: 3
-      TBS:
-        MD5: a569061297e8e824767dbc3184a69bea
-        SHA1: adbb26a587a8f44b4fccaecb306f980d1c55a150
-        SHA256: cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46
-        SHA384: e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba
-    Signer:
-    - SerialNumber: 33000000f5e8773b206b1ccd610000000000f5
-      Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2012
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 0b8725117e665d5272218cb41038327d
-    SHA1: a6dde20a0c8ba6cfe531ce1a57035b8d7b3d900a
-    SHA256: b54213d1248761579f5f569ab7e32402dd88a12622377d381f7eb55d4f4eb053
-  Sections:
-    .text:
-      Entropy: 6.316212989532183
-      Virtual Size: '0xf332'
-    .rdata:
-      Entropy: 7.924187513971753
-      Virtual Size: '0x1100cc'
-    .data:
-      Entropy: 1.4059711626373768
-      Virtual Size: '0x2608'
-    .pdata:
-      Entropy: 4.843716813714921
-      Virtual Size: '0x6d8'
-    INIT:
-      Entropy: 5.256170796244334
-      Virtual Size: '0xb70'
-    .rsrc:
-      Entropy: 3.333432129597516
-      Virtual Size: '0x400'
-    .reloc:
-      Entropy: 1.3463891478457575
-      Virtual Size: '0x174'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2023-03-30 04:23:58'
-  Imphash: 3db9de43d5d530c10d0cd2d43c7a0771
-  LoadsDespiteHVCI: 'TRUE'
-- Filename: windbg.sys
-  MD5: c71be7b112059d2dc84c0f952e04e6cc
-  SHA1: 9ee31f1f25f675a12b7bad386244a9fbfa786a87
-  SHA256: 6661320f779337b95bbbe1943ee64afb2101c92f92f3d1571c1bf4201c38c724
-  Signature: ''
-  Date: ''
-  Publisher: ''
-  Company: Microsoft Corporation
-  Description: Windows GUI symbolic debugger
-  Product: Microsoft? Windows? Operating System
-  ProductVersion: 10.0.19041.685
-  FileVersion: 10.0.19041.685 (WinBuild.160101.0800)
-  MachineType: I386
-  OriginalFilename: windbg.sys
-  Authentihash:
-    MD5: 01788e7162863cfe7aeba0f040a6cc08
-    SHA1: ded2c02db6b5addf9d521361fd3657b2b6894a48
-    SHA256: 223b320fb86cd4a1019ce31ac6901ce6bc41792810bd995db232dad790398852
-  InternalName: windbg.sys
-  Copyright: '? Microsoft Corporation. All rights reserved.'
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoDeleteDevice
-  - IoDetachDevice
-  - memcpy
-  - memset
-  - ZwClose
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - ObOpenObjectByPointer
-  - PsProcessType
-  - PsLookupProcessByProcessId
-  - MmGetSystemRoutineAddress
-  - RtlInitUnicodeString
-  - IofCallDriver
-  - PsGetCurrentProcessId
-  - IoGetLowerDeviceObject
-  - ObfDereferenceObject
-  - IoGetAttachedDeviceReference
-  - IoUnregisterShutdownNotification
-  - KeDelayExecutionThread
-  - IoAttachDeviceToDeviceStackSafe
-  - IoCreateDevice
-  - IoEnumerateDeviceObjectList
-  - IoRegisterShutdownNotification
-  - IoUnregisterFsRegistrationChange
-  - IoRegisterFsRegistrationChange
-  - _vsnwprintf
-  - PsGetVersion
-  - ZwAllocateVirtualMemory
-  - MmUnmapLockedPages
-  - IoFreeMdl
-  - MmMapLockedPages
-  - MmBuildMdlForNonPagedPool
-  - MmCreateMdl
-  - ZwReadFile
-  - ZwQueryInformationFile
-  - IoCreateFile
-  - _wcsicmp
-  - _wcsnicmp
-  - RtlEqualUnicodeString
-  - ZwWriteFile
-  - ZwFlushKey
-  - ZwSetValueKey
-  - ZwQueryValueKey
-  - RtlRandom
-  - KeQuerySystemTime
-  - ZwDeleteKey
-  - ZwOpenKey
-  - ZwEnumerateKey
-  - ObQueryNameString
-  - RtlCopyUnicodeString
-  - MmIsAddressValid
-  - PsGetProcessPeb
-  - RtlCreateUnicodeString
-  - ZwDeleteValueKey
-  - ZwCreateKey
-  - RtlFreeUnicodeString
-  - ZwDeleteFile
-  - PsRemoveLoadImageNotifyRoutine
-  - CmUnRegisterCallback
-  - PsSetLoadImageNotifyRoutine
-  - CmRegisterCallback
-  - ObReferenceObjectByName
-  - ZwFreeVirtualMemory
-  - ZwWaitForSingleObject
-  - KeUnstackDetachProcess
-  - KeStackAttachProcess
-  - ZwDuplicateObject
-  - PsGetProcessSessionId
-  - _strnicmp
-  - RtlSubAuthoritySid
-  - RtlSubAuthorityCountSid
-  - ZwQueryInformationToken
-  - ZwOpenProcessTokenEx
-  - PsTerminateSystemThread
-  - KeWaitForSingleObject
-  - ObReferenceObjectByHandle
-  - PsThreadType
-  - PsCreateSystemThread
-  - KeInitializeEvent
-  - KeSetEvent
-  - KeTickCount
-  - KeBugCheckEx
-  - _vsnprintf
-  - strncmp
-  - strchr
-  - strncpy
-  - strstr
-  - ExAllocatePool
-  - _stricmp
-  - rand
-  - ZwCreateFile
-  - IoBuildDeviceIoControlRequest
-  - IoGetRelatedDeviceObject
-  - MmProbeAndLockPages
-  - IoFreeIrp
-  - IoAllocateMdl
-  - _allshl
-  - RtlUnwind
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=CN, ST=Guangdong, L=Shenzhen, O=Shenzhen Luyoudashi Technology Co.,
-        Ltd., OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=Shenzhen
-        Luyoudashi Technology Co., Ltd.
-      ValidFrom: '2014-05-06 00:00:00'
-      ValidTo: '2015-05-06 23:59:59'
-      Signature: 14a41c7ad5dc6309c5b0390f4dbdec058fab41138c90e8a92e5316495d46210a64a3573a304cb2d791c50f3815a2b7ed11057018158311d061080686a2bd6a0a3c9097161b98e46ab15267b3bbdbd76d43d1bc9a239a24e98a6673e1b1c6ca83230ce3862e0d422f113bb3b5fb2b9254346f40c810f6e0bbc7f137f22d0d272a150eac91baf8513472d277290dfc55c7d2b22003c0fccad9a29fbceeba1586efae4bd98de245bda466f7eca00673d4418f90609b9a6c5cbf1a25a3373f2744a3974cd0ba89f9d1b23a02058dd151c0fda03ffca6a40a6d91c7678b675996b5c0c63f491428684be2367b5a60048f3543b5ddf6ba5270bbe376f5e2b62b14fe6a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 5f9e06262d2eed425c886a4709350426
-      Version: 3
-      TBS:
-        MD5: e01323d4e9f20b9c042abdd9585d2d81
-        SHA1: d1fab71f563191354037fe0bb8bf73718c721e45
-        SHA256: 9db6a214ff40e20a9785ef23e93d98de1c0f3b018703c86e6c7cd0d4ade37a14
-        SHA384: 9977259d83cbe7a02e23c446aa606f37b48ab088e375bb4f09a356fdd3abfc114eb2d22305c3d9daeaa47be4fef9f16b
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    - Subject: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo
-        RSA Time Stamping CA
-      ValidFrom: '2019-05-02 00:00:00'
-      ValidTo: '2038-01-18 23:59:59'
-      Signature: 6d5481a5335d16e1b553819175df037a320b2d258411b2b0db2a7d2a05f5bc3b27f45aa0b9495990296c61cbb550dbe27df99f00ef40c3add3e2e456f95841cff142e5107dffb0741f8fc65c09f9335eeaa01c26585cf3b4110fd5d5c3e2bcd55878bf4876e144676d8fb043100f8de4f93862bf1301c585a34cc5ccb2533095a4d6f4965608b8cd5c7f0196be72526a3b42377c1678399393949bb1dcb26d416d67cdc96f903d7f4572c11b23d6c2558466e4b3c56606f6f3d64b5eada32b428a2192fea86f5a2570628173635ea0bbd8dcd74ad33daf830638121d24872de4fc02d63e7704bc0436b5e777cb9c2e8d2318b9a3c2471df05dd6a1735705689aa7c937651dbeeabcd842834305a58ba609ffd1a194a64eaa3d09f5056cb7d2645ad82a22c24b9df1395e4cde483d9b34969a095f8efdf7b15291ce3f89f61ca1b5a9751f71bf5b435d653d50816eabf0d0d3fcb2b31fb6999626f43c798b5c64cccdee279ae5a0c00c7287c16e4d5ad31eeaf044e6326f1ceb174e94c37865203b0f41aa1fe9a1419dfeb1b8a0652a34e0dea8f93ce6c130bbc0a0632cfc5c1600a8d0c47fea119d1e06c6a66d325db438092b4907aafdec30daf1a72fcfb7fdfad0a384d9279efb016677b95610e1206ec6aeb1f9b6bac8355d33768ef17c200c2a77aeb5a20286ba29eeb45a00b18cabe3f90ac9545dd4b96a749ebd48ae98
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.12
-      IsCertificateAuthority: true
-      SerialNumber: 300f6facdd6698747ca94636a7782db9
-      Version: 3
-      TBS:
-        MD5: 63499ed59a1293b786649470e4ce0bd7
-        SHA1: 7309d8eaa65da1f3da7030c08f00a3b0a20fa908
-        SHA256: 8c8d2046b29e792e71b28705fe67c435208a336dde074a75452d98e72c734937
-        SHA384: 5dbc5eae13908fee4c4e5216f87e3e87208fff0d1052f5fa9f0856a429d6a6c422c625f2318f2f29aea26ece09c1e811
-    - Subject: 'C=GB, ST=Manchester, O=Sectigo Limited, CN=Sectigo RSA Time Stamping
-        Signer #3'
-      ValidFrom: '2022-05-11 00:00:00'
-      ValidTo: '2033-08-10 23:59:59'
-      Signature: 73daed6872cbc2b940a131bbb403a32d147b24e7b45b157da8e9fdadd1920d7c3d36a069d9f39a30daac69d67457243f7e0f3cd9f5c379256c26e88d6893cef17789397fa80405da34c314ea9f0854abffc47e966c2bd394ebb46ce0454d2cb2f73b3b5ab5c1fbd789756d987272f6f70728f3d3b2d0eb19be152c78efcd45a000e4f80476bb57c590be775490749e0b4f4dc4aa138f97af01352bcb9b1178e9f2f989043c4ee3821262ebb4440c7541c20f34b8889dc822f1136adb182f6e78adc405b4e884089307f97d83fe689834e477e5b1ce8c946cdb036d2805477e9b2ef064fbdba40331107c1afb3c1980d10b70b9555f47be3964ceb7da235432e346b232d8d22986c9155d8095af02fbb4d12e9d387c35e00f1ced1b47489c226a5582d9f2ba086503e5f129f3488a09014ca679f2a2b61a9994eb9728e1be7d1ba17ced5680a6f4223390e48453fc2afac0a797a8eab58d7acee4e04ba133ab0b76a0d56916b78e66bf5ffa1fc4a87fa7a14814910d82fcbd4d99edc9e66c36fe774399b8692d7c612feda3b049fe5bbe692491ff93fc5769924bd9053f6d8672d3a2d0c064d23a42c11a03fbd0ed9a21b83fafa6b25154d54cc5ca1f128d57c639ed5cffec9f2676ad646667e8aa30e0d2adb77db16a41276e038aa374e08a09826ebfe3f6b7bc9e0b29186881a19c3f6e16594b1409099ae6aebf6015dd86f5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.12
-      IsCertificateAuthority: false
-      SerialNumber: 0090397f9ad24a3a13f2bd915f0838a943
-      Version: 3
-      TBS:
-        MD5: 26ec2c9bfcb06fdf8a6d95f2c616fd72
-        SHA1: 635466f1432046f6fd338624c068872ab6488b12
-        SHA256: 2219bd6adf84dc8f6f04833974d150f75f5ce79cbf85788a6f7efaa4a5205839
-        SHA384: 62d3259a3af5706e5bd6ca3f7ca35c0978253facbf7bee54f61d6afdd548e39e435fb55f952dbf8ed2bd6ee0c6b69660
-    Signer:
-    - SerialNumber: 5f9e06262d2eed425c886a4709350426
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: fcc2deab7e9faa5b1d77595feb500b14
-    SHA1: 986d82b450e146954da1d2aa002df555a2458878
-    SHA256: 8a1062d510272d9077cb3bc5a2afaeb4284c1d31bca2a87324830440d1165e6c
-  Sections:
-    .text:
-      Entropy: 6.537204681444195
-      Virtual Size: '0xcbb8'
-    .rdata:
-      Entropy: 7.89986640817199
-      Virtual Size: '0xe2184'
-    .data:
-      Entropy: 2.3812541502696827
-      Virtual Size: '0x2420'
-    INIT:
-      Entropy: 5.640068534278057
-      Virtual Size: '0x9d4'
-    .rsrc:
-      Entropy: 3.3328333229060245
-      Virtual Size: '0x400'
-    .reloc:
-      Entropy: 3.325148925851967
-      Virtual Size: '0x143c'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2023-03-07 08:50:54'
-  Imphash: cf0eb2dce2ba2c9ff5dd0da794b8b372
-  LoadsDespiteHVCI: 'TRUE'
-- Filename: windbg.sys
-  MD5: 0ea8389589c603a8b05146bd06020597
-  SHA1: 3c1c3f5f5081127229ba0019fbf0efc2a9c1d677
-  SHA256: f9f2091fccb289bcf6a945f6b38676ec71dedb32f3674262928ccaf840ca131a
-  Signature: ''
-  Date: ''
-  Publisher: ''
-  Company: Microsoft Corporation
-  Description: Windows GUI symbolic debugger
-  Product: Microsoft? Windows? Operating System
-  ProductVersion: 10.0.19041.685
-  FileVersion: 10.0.19041.685 (WinBuild.160101.0800)
-  MachineType: I386
-  OriginalFilename: windbg.sys
-  Authentihash:
-    MD5: 0318de365e28ee38442c92b03747b088
-    SHA1: ff0497dbd779bd65bbb7302b360dc0738a464e9b
-    SHA256: dd759c6b9c4222c7b19e8b0ba7288d7395594d6884b9bcdf0ccfada3e6b7a8d5
-  InternalName: windbg.sys
-  Copyright: '? Microsoft Corporation. All rights reserved.'
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoDeleteDevice
-  - IoDetachDevice
-  - memcpy
-  - memset
-  - ZwClose
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - ObOpenObjectByPointer
-  - PsProcessType
-  - PsLookupProcessByProcessId
-  - MmGetSystemRoutineAddress
-  - RtlInitUnicodeString
-  - IofCallDriver
-  - PsGetCurrentProcessId
-  - IoGetLowerDeviceObject
-  - ObfDereferenceObject
-  - IoGetAttachedDeviceReference
-  - IoUnregisterShutdownNotification
-  - KeDelayExecutionThread
-  - IoAttachDeviceToDeviceStackSafe
-  - IoCreateDevice
-  - IoEnumerateDeviceObjectList
-  - IoRegisterShutdownNotification
-  - IoUnregisterFsRegistrationChange
-  - IoRegisterFsRegistrationChange
-  - _vsnwprintf
-  - PsGetVersion
-  - ZwAllocateVirtualMemory
-  - MmUnmapLockedPages
-  - IoFreeMdl
-  - MmMapLockedPages
-  - MmBuildMdlForNonPagedPool
-  - MmCreateMdl
-  - ZwReadFile
-  - ZwQueryInformationFile
-  - IoCreateFile
-  - _wcsicmp
-  - _wcsnicmp
-  - RtlEqualUnicodeString
-  - ZwWriteFile
-  - ZwFlushKey
-  - ZwSetValueKey
-  - ZwQueryValueKey
-  - RtlRandom
-  - KeQuerySystemTime
-  - ZwDeleteKey
-  - ZwOpenKey
-  - ZwEnumerateKey
-  - ObQueryNameString
-  - RtlCopyUnicodeString
-  - MmIsAddressValid
-  - PsGetProcessPeb
-  - RtlCreateUnicodeString
-  - ZwDeleteValueKey
-  - ZwCreateKey
-  - RtlFreeUnicodeString
-  - ZwDeleteFile
-  - PsRemoveLoadImageNotifyRoutine
-  - CmUnRegisterCallback
-  - PsSetLoadImageNotifyRoutine
-  - CmRegisterCallback
-  - ObReferenceObjectByName
-  - ZwFreeVirtualMemory
-  - ZwWaitForSingleObject
-  - KeUnstackDetachProcess
-  - KeStackAttachProcess
-  - ZwDuplicateObject
-  - PsGetProcessSessionId
-  - _strnicmp
-  - RtlSubAuthoritySid
-  - RtlSubAuthorityCountSid
-  - ZwQueryInformationToken
-  - ZwOpenProcessTokenEx
-  - PsTerminateSystemThread
-  - KeWaitForSingleObject
-  - ObReferenceObjectByHandle
-  - PsThreadType
-  - PsCreateSystemThread
-  - KeInitializeEvent
-  - KeSetEvent
-  - KeTickCount
-  - KeBugCheckEx
-  - _vsnprintf
-  - strncmp
-  - strchr
-  - strncpy
-  - strstr
-  - ExAllocatePool
-  - _stricmp
-  - rand
-  - ZwCreateFile
-  - IoBuildDeviceIoControlRequest
-  - IoGetRelatedDeviceObject
-  - MmProbeAndLockPages
-  - IoFreeIrp
-  - IoAllocateMdl
-  - _allshl
-  - RtlUnwind
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=CN, ST=Shandong, L=Binzhou, O=Binzhoushi Yongyu Feed Co.,LTd., CN=Binzhoushi
-        Yongyu Feed Co.,LTd.
-      ValidFrom: '2014-01-17 00:00:00'
-      ValidTo: '2016-01-17 23:59:59'
-      Signature: 565de91bd9b0bbefe729b5e1a4070c18ee9855ad678967425dd8f4284cdd54fd20affa0449eb2061c26c0720e6b64ee7323461482ad375a2223074f1d41c96b48249ef810d1dc390b89890e703a407c05c7f5d8670573f22dcf7aa210b6d35793423e62a015309d1b37bc59664c32778d78bda41c215a9db9f13c95d922b5d2c0a798b3a642f50cc1aa12db6a398ab2741ce185e65d24ecbcad0d2309cf28530ae4c2ab4207dd35168d612ba3974230fd8d6121f4a9bd47b8ccb5e431f56e7b7f31e879a0f905dc16d1b73f0aa3ef9aeef75a471c09d484c1f474f97fcae827f29cedbd9f022d3e14a1d7ed7792a62b581f58e5e74c5eae41a32b9cc1da2f889
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 5d11784fb81765023f89a4f4243fe1a9
-      Version: 3
-      TBS:
-        MD5: b5ff0da6f1d327dca52b08e9c7c8d439
-        SHA1: c7acfdfc234a3bb37535cbe2785d9202b4b0a10c
-        SHA256: 80a8f0e8652dcea59596b4238f4c2d9f0212a25ea7434fde70a68a202b7ed0b1
-        SHA384: 5cb5027c847cd97082d64888db37cd3fed2ce3663ae3c7466d16887661fb8772f84f9a756782bd9eadde048ceb0f3773
-    - Subject: C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 56fe535ce1c79ebca7ed7e536d6a144b518c405e805faaa4e82fef38c804c9ca3ecfdf3a584eb0d4b663c52957fa02059a454d68db2a1bd4343d9f00c35acb9549a56ee1b0c5fc414d414a6fd377c8d7388de419de18f31f1565836d450c53f90a9a2ea55dbf6f32811892196a5500ad631c52067e55d92968ae4a7c189a79886b2323d827382a298776cafbc7b662231fed7a564cdd9c325bf53d0c4618953b2a2368836441d9006d0f1924156872bdc571676eac4cdb90eb51a51a6207d0be6a00473c722fec4f613e7385ce5a0ab7bac01c1375e3223928dd6d1d09469d4fbae8408191c6a4ce94721b01cf2a6e15679589ae7db7b7cdf90a3d75b66b3c25
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47974d7873a5bcab0d2fb370192fce5e
-      Version: 3
-      TBS:
-        MD5: e3a93dc2a8a8a668fdbb286bfe9afab5
-        SHA1: 95795d2aa2a554a423bc8c6e5b0a016d14887d35
-        SHA256: d8844186775bddbccaf3dc017064df7d760fd4b85c5d07561a3efd7da950f89e
-        SHA384: 78d972495720b43a6470b18ae1226bcca20707628087717a9364c14ca053ba264e6d149718b103542d9942200138a69d
-    - Subject: C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006
-        thawte, Inc. , For authorized use only, CN=thawte Primary Root CA
-      ValidFrom: '2011-02-22 19:31:57'
-      ValidTo: '2021-02-22 19:41:57'
-      Signature: 2dcc71b5e8ba94ff5ee64467007b6afc412c3ee70e41855ab12a932ba95b89f2f72b499c8003f297b8e760a80ed7fd5de545467594f4ed1c9de166228b61fb29f2c6a8bdf387c98f7f47e1c058b64a1aa2e7f718606969e083069e26c775c40c0d79da746b52b9fae8ea3359b9bb18dd291a14dfd36a37277a9da0dacffffc22c4faf009ff33e93e17ba1cc742cfce2743d30c0c5581303db96060ce02ece19ee81ddc852ce0a18d966d95ac17a4713ea16741b6281d2ce3b615e5b7e5a2f6256d86e320acf9f8314f8e629b9833376d6af735523e90feb03b5fc5b852a9e06ea0479a279e97aea24a9e531939ec357ec659de3ae0aaf533f06abda0821812dea18c4570ca2bd62e959145995a5c240049bd23b30ceca43df5b9e1d1b1825a38eea3fba1ab483a8c5dffa065223fd3d3fe4990db1446a3852e8a554b09ab38b2ab63a008d1fdad48e273d812bcc26ca516fad09ac05e38383a2b718e553aac42197a1f0d4220e7ab5d8c6880524ca1c0d488d02321fb901309007b4937afa9df486022abf4f6c2363bf8513c34bbc586e43ae19f4b90fe5461024b159c34176aa94b8d4cb69d2326c83af1d6b805cdda1d6240183a2f1b41cd3a993a0aa9d1d77eb8c4aff7b8c980105ed55df6ce7a9a02c50f6381efb564e9fc5bd8d2619a68c37cf9c78df91e87d5fa2cf816ae9dab068fc86dc741cda14e84e3dac26ebcfb
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611fb0a400000000001d
-      Version: 3
-      TBS:
-        MD5: a3f222107d4e1085e73b5b589c2f480b
-        SHA1: b94aa26cd77c48d91a53ac44506cbd255e1d362c
-        SHA256: a39ed0d6fd4eb1a6f7fed60f726e23eae668b7591bc004644625d22c701213fa
-        SHA384: 64b7643e4146016cbf83c911eb67e4601b6bb8d66f8ee8dcee67b815f91770d86ab23678b984430f22a963e5484881b7
-    Signer:
-    - SerialNumber: 5d11784fb81765023f89a4f4243fe1a9
-      Issuer: C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2
-      Version: 1
-  RichPEHeaderHash:
-    MD5: fcc2deab7e9faa5b1d77595feb500b14
-    SHA1: 986d82b450e146954da1d2aa002df555a2458878
-    SHA256: 8a1062d510272d9077cb3bc5a2afaeb4284c1d31bca2a87324830440d1165e6c
-  Sections:
-    .text:
-      Entropy: 6.5355947269042955
-      Virtual Size: '0xcbb8'
-    .rdata:
-      Entropy: 7.900782744418186
-      Virtual Size: '0xe2184'
-    .data:
-      Entropy: 2.3812541502696827
-      Virtual Size: '0x2420'
-    INIT:
-      Entropy: 5.640068534278057
-      Virtual Size: '0x9d4'
-    .rsrc:
-      Entropy: 3.3328333229060245
-      Virtual Size: '0x400'
-    .reloc:
-      Entropy: 3.325148925851967
-      Virtual Size: '0x143c'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2023-03-08 03:14:17'
-  Imphash: cf0eb2dce2ba2c9ff5dd0da794b8b372
-  LoadsDespiteHVCI: 'TRUE'
-- Filename: windbg.sys
-  MD5: 19bdd9b799e3c2c54c0d7fff68b31c20
-  SHA1: ea4a405445bb6e58c16b81f6d5d2c9a9edde419b
-  SHA256: e6f764c3b5580cd1675cbf184938ad5a201a8c096607857869bd7c3399df0d12
-  Signature: ''
-  Date: ''
-  Publisher: ''
-  Company: Microsoft Corporation
-  Description: Windows GUI symbolic debugger
-  Product: Microsoft? Windows? Operating System
-  ProductVersion: 10.0.19041.685
-  FileVersion: 10.0.19041.685 (WinBuild.160101.0800)
-  MachineType: I386
-  OriginalFilename: windbg.sys
-  Authentihash:
-    MD5: 619b74b682d2abd190cb3e0ac5ecd6f7
-    SHA1: ed5e61e534550b1f286d0801d4464d45f38d2739
-    SHA256: 40e0be2ed5d07d5ecf14232fe64a95c7ad6fd942a60b4a6e21fda69c75bbb78d
-  InternalName: windbg.sys
-  Copyright: '? Microsoft Corporation. All rights reserved.'
-  Imports:
-  - ntoskrnl.exe
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoDeleteDevice
-  - ExAllocatePool
-  - NtQuerySystemInformation
-  - ExFreePoolWithTag
-  - IoAllocateMdl
-  - MmProbeAndLockPages
-  - MmMapLockedPagesSpecifyCache
-  - MmUnlockPages
-  - IoFreeMdl
-  - KeQueryActiveProcessors
-  - KeSetSystemAffinityThread
-  - KeRevertToUserAffinityThread
-  - DbgPrint
-  - _except_handler3
-  - KeQueryPerformanceCounter
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: ??=CN, ??=, ??=, ??=Private Organization, serialNumber=91420100MA4KN92W72,
-        C=CN, ST=, L=, O=Wuhan Jiajia Yiyong Technology Co., Ltd., CN=Wuhan Jiajia
-        Yiyong Technology Co., Ltd.
-      ValidFrom: '2020-11-17 00:00:00'
-      ValidTo: '2023-11-12 23:59:59'
-      Signature: 9451eb3eee03a01f0c66d87dc537eb17f37bc157ec9037c05a55ee4a3d0c207c67b981841c2b642084bca0a3c65f8e8eb5413f3e897b267aad91044c4098319a1f703fa995afdc53896d20245af8c2829e80081d36135ac1acb414bf966fd0af157b3fc2dac8f616f2b794a76b0fb7b300db0c579f093e31dd739b43f09fb7a73c6c914d8453032ea14950246e80abfc7fbaff2597ab68b6f03d30d97edbee25c0e2786040a1770e26661867920f3b01132c4ac5dc9ef97ae59e7baad68fe1b2b12acc7ed54697e9d4025ced62ac9dca82104ac7dd8219b331fcbed72aab33b95fed0ef6a1f9831c8b68457be6b080ae3c9ae15df500a53b7b2a198ee71abd1b
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 012eab44fa8853d913e7107c89406432
-      Version: 3
-      TBS:
-        MD5: 5d40693a8cfc4fd21f0c610ed3ee8477
-        SHA1: 4dffeb59ea4c32c7b87c9fe44d55f5e622444824
-        SHA256: d7380ff1b3d400fdf8cf2d8ab18ac65a071ae51c83cce017fa236fb530c4af74
-        SHA384: 9feb1b57516ca5131bb53e05cfc2c1d1df028761ede93e58f42026a9781507a72e28bb2aca693c72f29da7f0421f45bc
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA
-      ValidFrom: '2012-04-18 12:00:00'
-      ValidTo: '2027-04-18 12:00:00'
-      Signature: 9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0dd0e3374ac95bdbfa6b434b2a48ec06
-      Version: 3
-      TBS:
-        MD5: f92649915476229b093c211c2b18e6c4
-        SHA1: 2d54c16a8f8b69ccdea48d0603c132f547a5cf75
-        SHA256: 2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
-        SHA384: 511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace
-    Signer:
-    - SerialNumber: 012eab44fa8853d913e7107c89406432
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: ffdf660eb1ebf020a1d0a55a90712dfb
-    SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
-    SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
-  Sections:
-    .text:
-      Entropy: 0.0
-      Virtual Size: '0xcab8'
-    .rdata:
-      Entropy: 0.0
-      Virtual Size: '0xdd534'
-    .data:
-      Entropy: 0.0
-      Virtual Size: '0x2420'
-    INIT:
-      Entropy: 0.0
-      Virtual Size: '0x9d4'
-    .!ah:
-      Entropy: 0.0
-      Virtual Size: '0x13a13a'
-    .ayl:
-      Entropy: 0.8731292151353464
-      Virtual Size: '0x240'
-    .a"#:
-      Entropy: 7.905485094234152
-      Virtual Size: '0x353c10'
-    .reloc:
-      Entropy: 4.327337601167297
-      Virtual Size: '0x5bc'
-    .rsrc:
-      Entropy: 3.3535230093039967
-      Virtual Size: '0x3f8'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2023-03-09 06:55:46'
-  Imphash: 514298d18002920ee5a917fc34426417
-  LoadsDespiteHVCI: 'TRUE'
-- Filename: windbg.sys
-  MD5: 88bea56ae9257b40063785cf47546024
-  SHA1: b5a8e2104d76dbb04cd9ffe86784113585822375
-  SHA256: e1cb86386757b947b39086cc8639da988f6e8018ca9995dd669bdc03c8d39d7d
-  Signature: ''
-  Date: ''
-  Publisher: ''
-  Company: Microsoft Corporation
-  Description: Windows GUI symbolic debugger
-  Product: Microsoft? Windows? Operating System
-  ProductVersion: 10.0.19041.685
-  FileVersion: 10.0.19041.685 (WinBuild.160101.0800)
-  MachineType: I386
-  OriginalFilename: windbg.sys
-  Authentihash:
-    MD5: 265462dbda175886e0c02257f2385753
-    SHA1: 0e45b675fec76249e64f8a2d4bd5483886b91169
-    SHA256: 37a1a3fa4dc148924c1bfb60c88ffef082ee58cd0ee804d2de0f1d22c1e7802c
-  InternalName: windbg.sys
-  Copyright: '? Microsoft Corporation. All rights reserved.'
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoDeleteDevice
-  - IoDetachDevice
-  - memcpy
-  - memset
-  - ZwClose
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - ObOpenObjectByPointer
-  - PsProcessType
-  - PsLookupProcessByProcessId
-  - MmGetSystemRoutineAddress
-  - RtlInitUnicodeString
-  - IofCallDriver
-  - PsGetCurrentProcessId
-  - IoGetLowerDeviceObject
-  - ObfDereferenceObject
-  - IoGetAttachedDeviceReference
-  - IoUnregisterShutdownNotification
-  - KeDelayExecutionThread
-  - IoAttachDeviceToDeviceStackSafe
-  - IoCreateDevice
-  - IoEnumerateDeviceObjectList
-  - IoRegisterShutdownNotification
-  - IoUnregisterFsRegistrationChange
-  - IoRegisterFsRegistrationChange
-  - _vsnwprintf
-  - PsGetVersion
-  - ZwAllocateVirtualMemory
-  - MmUnmapLockedPages
-  - IoFreeMdl
-  - MmMapLockedPages
-  - MmBuildMdlForNonPagedPool
-  - MmCreateMdl
-  - ZwReadFile
-  - ZwQueryInformationFile
-  - IoCreateFile
-  - _wcsicmp
-  - _wcsnicmp
-  - RtlEqualUnicodeString
-  - ZwWriteFile
-  - ZwFlushKey
-  - ZwSetValueKey
-  - ZwQueryValueKey
-  - RtlRandom
-  - KeQuerySystemTime
-  - ZwDeleteKey
-  - ZwOpenKey
-  - ZwEnumerateKey
-  - IoFreeIrp
-  - KeSetEvent
-  - KeWaitForSingleObject
-  - KeGetCurrentThread
-  - KeInitializeEvent
-  - IoAllocateIrp
-  - IoGetRelatedDeviceObject
-  - ObReferenceObjectByHandle
-  - IoFileObjectType
-  - ObQueryNameString
-  - RtlCopyUnicodeString
-  - MmIsAddressValid
-  - PsGetProcessPeb
-  - RtlCreateUnicodeString
-  - ZwDeleteValueKey
-  - ZwCreateKey
-  - RtlFreeUnicodeString
-  - ZwDeleteFile
-  - PsRemoveLoadImageNotifyRoutine
-  - CmUnRegisterCallback
-  - PsSetLoadImageNotifyRoutine
-  - CmRegisterCallback
-  - ObReferenceObjectByName
-  - ZwFreeVirtualMemory
-  - ZwWaitForSingleObject
-  - KeUnstackDetachProcess
-  - KeStackAttachProcess
-  - ZwDuplicateObject
-  - PsGetProcessSessionId
-  - _strnicmp
-  - RtlSubAuthoritySid
-  - RtlSubAuthorityCountSid
-  - ZwQueryInformationToken
-  - ZwOpenProcessTokenEx
-  - PsTerminateSystemThread
-  - PsThreadType
-  - PsCreateSystemThread
-  - KeTickCount
-  - KeBugCheckEx
-  - _vsnprintf
-  - strncmp
-  - strchr
-  - strncpy
-  - strstr
-  - ExAllocatePool
-  - _stricmp
-  - rand
-  - ZwCreateFile
-  - IoBuildDeviceIoControlRequest
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - _allshl
-  - RtlUnwind
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: ??=CN, ??=, ??=, ??=Private Organization, serialNumber=91420100MA4KN92W72,
-        C=CN, ST=, L=, O=Wuhan Jiajia Yiyong Technology Co., Ltd., CN=Wuhan Jiajia
-        Yiyong Technology Co., Ltd.
-      ValidFrom: '2020-11-17 00:00:00'
-      ValidTo: '2023-11-12 23:59:59'
-      Signature: 9451eb3eee03a01f0c66d87dc537eb17f37bc157ec9037c05a55ee4a3d0c207c67b981841c2b642084bca0a3c65f8e8eb5413f3e897b267aad91044c4098319a1f703fa995afdc53896d20245af8c2829e80081d36135ac1acb414bf966fd0af157b3fc2dac8f616f2b794a76b0fb7b300db0c579f093e31dd739b43f09fb7a73c6c914d8453032ea14950246e80abfc7fbaff2597ab68b6f03d30d97edbee25c0e2786040a1770e26661867920f3b01132c4ac5dc9ef97ae59e7baad68fe1b2b12acc7ed54697e9d4025ced62ac9dca82104ac7dd8219b331fcbed72aab33b95fed0ef6a1f9831c8b68457be6b080ae3c9ae15df500a53b7b2a198ee71abd1b
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 012eab44fa8853d913e7107c89406432
-      Version: 3
-      TBS:
-        MD5: 5d40693a8cfc4fd21f0c610ed3ee8477
-        SHA1: 4dffeb59ea4c32c7b87c9fe44d55f5e622444824
-        SHA256: d7380ff1b3d400fdf8cf2d8ab18ac65a071ae51c83cce017fa236fb530c4af74
-        SHA384: 9feb1b57516ca5131bb53e05cfc2c1d1df028761ede93e58f42026a9781507a72e28bb2aca693c72f29da7f0421f45bc
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA
-      ValidFrom: '2012-04-18 12:00:00'
-      ValidTo: '2027-04-18 12:00:00'
-      Signature: 9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0dd0e3374ac95bdbfa6b434b2a48ec06
-      Version: 3
-      TBS:
-        MD5: f92649915476229b093c211c2b18e6c4
-        SHA1: 2d54c16a8f8b69ccdea48d0603c132f547a5cf75
-        SHA256: 2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
-        SHA384: 511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace
-    Signer:
-    - SerialNumber: 012eab44fa8853d913e7107c89406432
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: e1c6e942db6887e4c9e630b5bb75c313
-    SHA1: e703cd9718363d923287424967d01ca57fc8a842
-    SHA256: 8afa5d95d504001486a7641c204a06b483d2cf4f3b4ed072606cc05759996d9d
-  Sections:
-    .text:
-      Entropy: 6.560143155001299
-      Virtual Size: '0xcf52'
-    .rdata:
-      Entropy: 7.956474654695534
-      Virtual Size: '0xdc5e4'
-    .data:
-      Entropy: 2.3758735106170197
-      Virtual Size: '0x2420'
-    INIT:
-      Entropy: 5.700732148931988
-      Virtual Size: '0xa1a'
-    .rsrc:
-      Entropy: 3.337476767732356
-      Virtual Size: '0x400'
-    .reloc:
-      Entropy: 3.4327474207821553
-      Virtual Size: '0x144e'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2023-03-30 04:24:09'
-  Imphash: f8e4844312e81dbdb4e8e95e2ad2c127
-  LoadsDespiteHVCI: 'TRUE'
-- Filename: windbg.sys
-  MD5: 3f11a94f1ac5efdd19767c6976da9ba4
-  SHA1: f92faed3ef92fa5bc88ebc1725221be5d7425528
-  SHA256: 4734a0a5d88f44a4939b8d812364cab6ca5f611b9b8ceebe27df6c1ed3a6d8a4
-  Signature: ''
-  Date: ''
-  Publisher: ''
-  Company: Microsoft Corporation
-  Description: Windows GUI symbolic debugger
-  Product: Microsoft? Windows? Operating System
-  ProductVersion: 10.0.19041.685
-  FileVersion: 10.0.19041.685 (WinBuild.160101.0800)
-  MachineType: I386
-  OriginalFilename: windbg.sys
-  Authentihash:
-    MD5: 096f2e1d163a780fa3cb7f0870fe2b34
-    SHA1: 0e4f45b762d5c548322cde3d0e2d5ff2d81c87f1
-    SHA256: 948735962436df24baa69e58421345d4a295e0821f4f93fd9f64e11f51a9666f
-  InternalName: windbg.sys
-  Copyright: '? Microsoft Corporation. All rights reserved.'
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoDeleteDevice
-  - IoDetachDevice
-  - memcpy
-  - memset
-  - ZwClose
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - ObOpenObjectByPointer
-  - PsProcessType
-  - PsLookupProcessByProcessId
-  - MmGetSystemRoutineAddress
-  - RtlInitUnicodeString
-  - IofCallDriver
-  - PsGetCurrentProcessId
-  - IoGetLowerDeviceObject
-  - ObfDereferenceObject
-  - IoGetAttachedDeviceReference
-  - IoUnregisterShutdownNotification
-  - KeDelayExecutionThread
-  - IoAttachDeviceToDeviceStackSafe
-  - IoCreateDevice
-  - IoEnumerateDeviceObjectList
-  - IoRegisterShutdownNotification
-  - IoUnregisterFsRegistrationChange
-  - IoRegisterFsRegistrationChange
-  - _vsnwprintf
-  - PsGetVersion
-  - ZwAllocateVirtualMemory
-  - MmUnmapLockedPages
-  - IoFreeMdl
-  - MmMapLockedPages
-  - MmBuildMdlForNonPagedPool
-  - MmCreateMdl
-  - ZwReadFile
-  - ZwQueryInformationFile
-  - IoCreateFile
-  - _wcsicmp
-  - _wcsnicmp
-  - RtlEqualUnicodeString
-  - ZwWriteFile
-  - ZwFlushKey
-  - ZwSetValueKey
-  - ZwQueryValueKey
-  - RtlRandom
-  - KeQuerySystemTime
-  - ZwDeleteKey
-  - ZwOpenKey
-  - ZwEnumerateKey
-  - IoFreeIrp
-  - KeSetEvent
-  - KeWaitForSingleObject
-  - KeGetCurrentThread
-  - KeInitializeEvent
-  - IoAllocateIrp
-  - IoGetRelatedDeviceObject
-  - ObReferenceObjectByHandle
-  - IoFileObjectType
-  - ObQueryNameString
-  - RtlCopyUnicodeString
-  - MmIsAddressValid
-  - PsGetProcessPeb
-  - RtlCreateUnicodeString
-  - ZwDeleteValueKey
-  - ZwCreateKey
-  - RtlFreeUnicodeString
-  - ZwDeleteFile
-  - PsRemoveLoadImageNotifyRoutine
-  - CmUnRegisterCallback
-  - PsSetLoadImageNotifyRoutine
-  - CmRegisterCallback
-  - ObReferenceObjectByName
-  - ZwFreeVirtualMemory
-  - ZwWaitForSingleObject
-  - KeUnstackDetachProcess
-  - KeStackAttachProcess
-  - ZwDuplicateObject
-  - PsGetProcessSessionId
-  - _strnicmp
-  - RtlSubAuthoritySid
-  - RtlSubAuthorityCountSid
-  - ZwQueryInformationToken
-  - ZwOpenProcessTokenEx
-  - PsTerminateSystemThread
-  - PsThreadType
-  - PsCreateSystemThread
-  - KeTickCount
-  - KeBugCheckEx
-  - _vsnprintf
-  - strncmp
-  - strchr
-  - strncpy
-  - strstr
-  - ExAllocatePool
-  - _stricmp
-  - rand
-  - ZwCreateFile
-  - IoBuildDeviceIoControlRequest
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - _allshl
-  - RtlUnwind
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: ??=CN, ??=, ??=, ??=Private Organization, serialNumber=91420100MA4KN92W72,
-        C=CN, ST=, L=, O=Wuhan Jiajia Yiyong Technology Co., Ltd., CN=Wuhan Jiajia
-        Yiyong Technology Co., Ltd.
-      ValidFrom: '2020-11-17 00:00:00'
-      ValidTo: '2023-11-12 23:59:59'
-      Signature: 9451eb3eee03a01f0c66d87dc537eb17f37bc157ec9037c05a55ee4a3d0c207c67b981841c2b642084bca0a3c65f8e8eb5413f3e897b267aad91044c4098319a1f703fa995afdc53896d20245af8c2829e80081d36135ac1acb414bf966fd0af157b3fc2dac8f616f2b794a76b0fb7b300db0c579f093e31dd739b43f09fb7a73c6c914d8453032ea14950246e80abfc7fbaff2597ab68b6f03d30d97edbee25c0e2786040a1770e26661867920f3b01132c4ac5dc9ef97ae59e7baad68fe1b2b12acc7ed54697e9d4025ced62ac9dca82104ac7dd8219b331fcbed72aab33b95fed0ef6a1f9831c8b68457be6b080ae3c9ae15df500a53b7b2a198ee71abd1b
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 012eab44fa8853d913e7107c89406432
-      Version: 3
-      TBS:
-        MD5: 5d40693a8cfc4fd21f0c610ed3ee8477
-        SHA1: 4dffeb59ea4c32c7b87c9fe44d55f5e622444824
-        SHA256: d7380ff1b3d400fdf8cf2d8ab18ac65a071ae51c83cce017fa236fb530c4af74
-        SHA384: 9feb1b57516ca5131bb53e05cfc2c1d1df028761ede93e58f42026a9781507a72e28bb2aca693c72f29da7f0421f45bc
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA
-      ValidFrom: '2012-04-18 12:00:00'
-      ValidTo: '2027-04-18 12:00:00'
-      Signature: 9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0dd0e3374ac95bdbfa6b434b2a48ec06
-      Version: 3
-      TBS:
-        MD5: f92649915476229b093c211c2b18e6c4
-        SHA1: 2d54c16a8f8b69ccdea48d0603c132f547a5cf75
-        SHA256: 2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
-        SHA384: 511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace
-    Signer:
-    - SerialNumber: 012eab44fa8853d913e7107c89406432
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: e1c6e942db6887e4c9e630b5bb75c313
-    SHA1: e703cd9718363d923287424967d01ca57fc8a842
-    SHA256: 8afa5d95d504001486a7641c204a06b483d2cf4f3b4ed072606cc05759996d9d
-  Sections:
-    .text:
-      Entropy: 6.562572727180479
-      Virtual Size: '0xcf52'
-    .rdata:
-      Entropy: 7.956615408068725
-      Virtual Size: '0xdc824'
-    .data:
-      Entropy: 2.3758735106170197
-      Virtual Size: '0x2420'
-    INIT:
-      Entropy: 5.700732148931988
-      Virtual Size: '0xa1a'
-    .rsrc:
-      Entropy: 3.337476767732356
-      Virtual Size: '0x400'
-    .reloc:
-      Entropy: 3.4303160245829205
-      Virtual Size: '0x144e'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2023-03-27 22:28:14'
-  Imphash: f8e4844312e81dbdb4e8e95e2ad2c127
-  LoadsDespiteHVCI: 'TRUE'
-- Filename: windbg.sys
-  MD5: 0bdd51cc33e88b5265dfb7d88c5dc8d6
-  SHA1: 6a6fe0d69e0ea34d695c3b525e6db639f9ad6ac5
-  SHA256: ea50f22daade04d3ca06dedb497b905215cba31aae7b4cab4b533fda0c5be620
-  Signature: ''
-  Date: ''
-  Publisher: ''
-  Company: Microsoft Corporation
-  Description: Windows GUI symbolic debugger
-  Product: Microsoft? Windows? Operating System
-  ProductVersion: 10.0.19041.685
-  FileVersion: 10.0.19041.685 (WinBuild.160101.0800)
-  MachineType: I386
-  OriginalFilename: windbg.sys
-  Authentihash:
-    MD5: 207e5de5c589271ee469dd33442a0bb0
-    SHA1: 34e83718226e039ebf28c4ea2284b011701710d0
-    SHA256: aa833c9e3bcdc33eaf64fd913e80f5b9ce60618f6e3ff4c386420fea4a494380
-  InternalName: windbg.sys
-  Copyright: '? Microsoft Corporation. All rights reserved.'
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoDeleteDevice
-  - IoDetachDevice
-  - memcpy
-  - memset
-  - ZwClose
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - ObOpenObjectByPointer
-  - PsProcessType
-  - PsLookupProcessByProcessId
-  - MmGetSystemRoutineAddress
-  - RtlInitUnicodeString
-  - IofCallDriver
-  - PsGetCurrentProcessId
-  - IoGetLowerDeviceObject
-  - ObfDereferenceObject
-  - IoGetAttachedDeviceReference
-  - IoUnregisterShutdownNotification
-  - KeDelayExecutionThread
-  - IoAttachDeviceToDeviceStackSafe
-  - IoCreateDevice
-  - IoEnumerateDeviceObjectList
-  - IoRegisterShutdownNotification
-  - IoUnregisterFsRegistrationChange
-  - IoRegisterFsRegistrationChange
-  - _vsnwprintf
-  - PsGetVersion
-  - ZwAllocateVirtualMemory
-  - MmUnmapLockedPages
-  - IoFreeMdl
-  - MmMapLockedPages
-  - MmBuildMdlForNonPagedPool
-  - MmCreateMdl
-  - ZwReadFile
-  - ZwQueryInformationFile
-  - IoCreateFile
-  - _wcsicmp
-  - _wcsnicmp
-  - RtlEqualUnicodeString
-  - ZwWriteFile
-  - ZwFlushKey
-  - ZwSetValueKey
-  - ZwQueryValueKey
-  - RtlRandom
-  - KeQuerySystemTime
-  - ZwDeleteKey
-  - ZwOpenKey
-  - ZwEnumerateKey
-  - IoFreeIrp
-  - KeSetEvent
-  - KeWaitForSingleObject
-  - KeGetCurrentThread
-  - KeInitializeEvent
-  - IoAllocateIrp
-  - IoGetRelatedDeviceObject
-  - ObReferenceObjectByHandle
-  - IoFileObjectType
-  - ObQueryNameString
-  - RtlCopyUnicodeString
-  - MmIsAddressValid
-  - PsGetProcessPeb
-  - RtlCreateUnicodeString
-  - ZwDeleteValueKey
-  - ZwCreateKey
-  - RtlFreeUnicodeString
-  - ZwDeleteFile
-  - PsRemoveLoadImageNotifyRoutine
-  - CmUnRegisterCallback
-  - PsSetLoadImageNotifyRoutine
-  - CmRegisterCallback
-  - ObReferenceObjectByName
-  - ZwFreeVirtualMemory
-  - ZwWaitForSingleObject
-  - KeUnstackDetachProcess
-  - KeStackAttachProcess
-  - ZwDuplicateObject
-  - PsGetProcessSessionId
-  - _strnicmp
-  - RtlSubAuthoritySid
-  - RtlSubAuthorityCountSid
-  - ZwQueryInformationToken
-  - ZwOpenProcessTokenEx
-  - PsTerminateSystemThread
-  - PsThreadType
-  - PsCreateSystemThread
-  - KeTickCount
-  - KeBugCheckEx
-  - _vsnprintf
-  - strncmp
-  - strchr
-  - strncpy
-  - strstr
-  - ExAllocatePool
-  - _stricmp
-  - rand
-  - ZwCreateFile
-  - IoBuildDeviceIoControlRequest
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - _allshl
-  - RtlUnwind
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: ??=CN, ??=, ??=, ??=Private Organization, serialNumber=91420100MA4KN92W72,
-        C=CN, ST=, L=, O=Wuhan Jiajia Yiyong Technology Co., Ltd., CN=Wuhan Jiajia
-        Yiyong Technology Co., Ltd.
-      ValidFrom: '2020-11-17 00:00:00'
-      ValidTo: '2023-11-12 23:59:59'
-      Signature: 9451eb3eee03a01f0c66d87dc537eb17f37bc157ec9037c05a55ee4a3d0c207c67b981841c2b642084bca0a3c65f8e8eb5413f3e897b267aad91044c4098319a1f703fa995afdc53896d20245af8c2829e80081d36135ac1acb414bf966fd0af157b3fc2dac8f616f2b794a76b0fb7b300db0c579f093e31dd739b43f09fb7a73c6c914d8453032ea14950246e80abfc7fbaff2597ab68b6f03d30d97edbee25c0e2786040a1770e26661867920f3b01132c4ac5dc9ef97ae59e7baad68fe1b2b12acc7ed54697e9d4025ced62ac9dca82104ac7dd8219b331fcbed72aab33b95fed0ef6a1f9831c8b68457be6b080ae3c9ae15df500a53b7b2a198ee71abd1b
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 012eab44fa8853d913e7107c89406432
-      Version: 3
-      TBS:
-        MD5: 5d40693a8cfc4fd21f0c610ed3ee8477
-        SHA1: 4dffeb59ea4c32c7b87c9fe44d55f5e622444824
-        SHA256: d7380ff1b3d400fdf8cf2d8ab18ac65a071ae51c83cce017fa236fb530c4af74
-        SHA384: 9feb1b57516ca5131bb53e05cfc2c1d1df028761ede93e58f42026a9781507a72e28bb2aca693c72f29da7f0421f45bc
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA
-      ValidFrom: '2012-04-18 12:00:00'
-      ValidTo: '2027-04-18 12:00:00'
-      Signature: 9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0dd0e3374ac95bdbfa6b434b2a48ec06
-      Version: 3
-      TBS:
-        MD5: f92649915476229b093c211c2b18e6c4
-        SHA1: 2d54c16a8f8b69ccdea48d0603c132f547a5cf75
-        SHA256: 2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
-        SHA384: 511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace
-    Signer:
-    - SerialNumber: 012eab44fa8853d913e7107c89406432
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: e1c6e942db6887e4c9e630b5bb75c313
-    SHA1: e703cd9718363d923287424967d01ca57fc8a842
-    SHA256: 8afa5d95d504001486a7641c204a06b483d2cf4f3b4ed072606cc05759996d9d
-  Sections:
-    .text:
-      Entropy: 6.560075759576669
-      Virtual Size: '0xcf52'
-    .rdata:
-      Entropy: 7.956474654695534
-      Virtual Size: '0xdc5e4'
-    .data:
-      Entropy: 2.3758735106170197
-      Virtual Size: '0x2420'
-    INIT:
-      Entropy: 5.700732148931988
-      Virtual Size: '0xa1a'
-    .rsrc:
-      Entropy: 3.337476767732356
-      Virtual Size: '0x400'
-    .reloc:
-      Entropy: 3.4327474207821553
-      Virtual Size: '0x144e'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2023-03-30 04:24:09'
-  Imphash: f8e4844312e81dbdb4e8e95e2ad2c127
-  LoadsDespiteHVCI: 'TRUE'
-- Filename: windbg.sys
-  MD5: b6b530dd25c5eb66499968ec82e8791e
-  SHA1: 9c1c9032aa1e33461f35dbf79b6f2d061bfc6774
-  SHA256: fa9abb3e7e06f857be191a1e049dd37642ec41fb2520c105df2227fcac3de5d5
-  Signature: ''
-  Date: ''
-  Publisher: ''
-  Company: Microsoft Corporation
-  Description: Windows GUI symbolic debugger
-  Product: Microsoft? Windows? Operating System
-  ProductVersion: 10.0.19041.685
-  FileVersion: 10.0.19041.685 (WinBuild.160101.0800)
-  MachineType: I386
-  OriginalFilename: windbg.sys
-  Authentihash:
-    MD5: dbc72430b48b0ca636a84b9e5ed0d534
-    SHA1: 58ca196bfd54c6166aae0f8000fa8a1a66a0073e
-    SHA256: 45b969ae1b381716a29cd509622470b5b20b70c7efe4c9b7c0568faa298605ff
-  InternalName: windbg.sys
-  Copyright: '? Microsoft Corporation. All rights reserved.'
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoDeleteDevice
-  - IoDetachDevice
-  - memcpy
-  - memset
-  - ZwClose
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - ObOpenObjectByPointer
-  - PsProcessType
-  - PsLookupProcessByProcessId
-  - MmGetSystemRoutineAddress
-  - RtlInitUnicodeString
-  - IofCallDriver
-  - PsGetCurrentProcessId
-  - IoGetLowerDeviceObject
-  - ObfDereferenceObject
-  - IoGetAttachedDeviceReference
-  - IoUnregisterShutdownNotification
-  - KeDelayExecutionThread
-  - IoAttachDeviceToDeviceStackSafe
-  - IoCreateDevice
-  - IoEnumerateDeviceObjectList
-  - IoRegisterShutdownNotification
-  - IoUnregisterFsRegistrationChange
-  - IoRegisterFsRegistrationChange
-  - _vsnwprintf
-  - PsGetVersion
-  - ZwAllocateVirtualMemory
-  - MmUnmapLockedPages
-  - IoFreeMdl
-  - MmMapLockedPages
-  - MmBuildMdlForNonPagedPool
-  - MmCreateMdl
-  - ZwReadFile
-  - ZwQueryInformationFile
-  - IoCreateFile
-  - _wcsicmp
-  - _wcsnicmp
-  - RtlEqualUnicodeString
-  - ZwWriteFile
-  - ZwFlushKey
-  - ZwSetValueKey
-  - ZwQueryValueKey
-  - RtlRandom
-  - KeQuerySystemTime
-  - ZwDeleteKey
-  - ZwOpenKey
-  - ZwEnumerateKey
-  - IoFreeIrp
-  - KeSetEvent
-  - KeWaitForSingleObject
-  - KeGetCurrentThread
-  - KeInitializeEvent
-  - IoAllocateIrp
-  - IoGetRelatedDeviceObject
-  - ObReferenceObjectByHandle
-  - IoFileObjectType
-  - ObQueryNameString
-  - RtlCopyUnicodeString
-  - MmIsAddressValid
-  - PsGetProcessPeb
-  - RtlCreateUnicodeString
-  - ZwDeleteValueKey
-  - ZwCreateKey
-  - RtlFreeUnicodeString
-  - ZwDeleteFile
-  - PsRemoveLoadImageNotifyRoutine
-  - CmUnRegisterCallback
-  - PsSetLoadImageNotifyRoutine
-  - CmRegisterCallback
-  - ObReferenceObjectByName
-  - ZwFreeVirtualMemory
-  - ZwWaitForSingleObject
-  - KeUnstackDetachProcess
-  - KeStackAttachProcess
-  - ZwDuplicateObject
-  - PsGetProcessSessionId
-  - _strnicmp
-  - RtlSubAuthoritySid
-  - RtlSubAuthorityCountSid
-  - ZwQueryInformationToken
-  - ZwOpenProcessTokenEx
-  - PsTerminateSystemThread
-  - PsThreadType
-  - PsCreateSystemThread
-  - KeTickCount
-  - KeBugCheckEx
-  - _vsnprintf
-  - strncmp
-  - strchr
-  - strncpy
-  - strstr
-  - ExAllocatePool
-  - _stricmp
-  - rand
-  - ZwCreateFile
-  - IoBuildDeviceIoControlRequest
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - _allshl
-  - RtlUnwind
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Hardware Compatibility Publisher
-      ValidFrom: '2023-01-12 19:14:51'
-      ValidTo: '2023-12-15 19:14:51'
-      Signature: 04d1261b735b38b551b427cf9a295d4eb18edd92de14079aa33a10511ee6d262938b29ae208f96be64a80e2967fb8d7aa5750613901a9da6a82935398175482096430c9acecb55ee2c5468d119f467378c18251a8fe01e9d7b79bce903ccb7afb227e2d0abee00bd9fd6bbbbd67c014888dc46f3efa912d4576f7ca9980957609cd21fbd51815cb11bee95fa780498d905e866bc1a604e407ee0d97a105bcc8e600200b19b9c3a56cb3918047f21ba9ee2228b46b8e5c8b456ba65e6f0c40d28294b654761660e9d14948866c3f0f65f028e47641059d3f195812e871362128bcefb901d5aeace862e3d683b291d65c138138ea1335fe3552f4c46a7f7b0c6e5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 33000000f3158ea57d1c559f290000000000f3
-      Version: 3
-      TBS:
-        MD5: 8d4476692bcda36ed89244b94bd705f0
-        SHA1: ce72176d5cad611366e13a9a997ad7ecc7eb815f
-        SHA256: dd1db9c0e7e50040ac6c586c1b6fd479cef240c064473373f75fbeb3e04ff972
-        SHA384: 6f8e6245a2f817203781cc38a9463e5ac7a7db499aede35d3321b4848fc1389dd29831cdfc26984a691d5875c4eebf1a
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2012
-      ValidFrom: '2012-04-18 23:48:38'
-      ValidTo: '2027-04-18 23:58:38'
-      Signature: 5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 610baac1000000000009
-      Version: 3
-      TBS:
-        MD5: a569061297e8e824767dbc3184a69bea
-        SHA1: adbb26a587a8f44b4fccaecb306f980d1c55a150
-        SHA256: cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46
-        SHA384: e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba
-    Signer:
-    - SerialNumber: 33000000f3158ea57d1c559f290000000000f3
-      Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2012
-      Version: 1
-  RichPEHeaderHash:
-    MD5: e1c6e942db6887e4c9e630b5bb75c313
-    SHA1: e703cd9718363d923287424967d01ca57fc8a842
-    SHA256: 8afa5d95d504001486a7641c204a06b483d2cf4f3b4ed072606cc05759996d9d
-  Sections:
-    .text:
-      Entropy: 6.560245241511933
-      Virtual Size: '0xcf52'
-    .rdata:
-      Entropy: 7.956474654695534
-      Virtual Size: '0xdc5e4'
-    .data:
-      Entropy: 2.3758735106170197
-      Virtual Size: '0x2420'
-    INIT:
-      Entropy: 5.700732148931988
-      Virtual Size: '0xa1a'
-    .rsrc:
-      Entropy: 3.337476767732356
-      Virtual Size: '0x400'
-    .reloc:
-      Entropy: 3.4327474207821553
-      Virtual Size: '0x144e'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2023-03-30 04:24:09'
-  Imphash: f8e4844312e81dbdb4e8e95e2ad2c127
-  LoadsDespiteHVCI: 'TRUE'
-- Filename: windbg.sys
-  MD5: 77a7ed4798d02ef6636cd0fd07fc382a
-  SHA1: 76789196eebfd4203f477a5a6c75eefc12d9a837
-  SHA256: f936ec4c8164cbd31add659b61c16cb3a717eac90e74d89c47afb96b60120280
-  Signature: ''
-  Date: ''
-  Publisher: ''
-  Company: Microsoft Corporation
-  Description: Windows GUI symbolic debugger
-  Product: Microsoft? Windows? Operating System
-  ProductVersion: 10.0.19041.685
-  FileVersion: 10.0.19041.685 (WinBuild.160101.0800)
-  MachineType: AMD64
-  OriginalFilename: windbg.sys
-  Authentihash:
-    MD5: ff65997d5644ff042a7e3a5cb9030af2
-    SHA1: a1c5483d4d29d0cd9edc6e42a21d70f56de12aaf
-    SHA256: 9be868eb7e177ee6d762f2a022acf18b6b190fecbe445b3c09fc0494e8244ee8
-  InternalName: windbg.sys
-  Copyright: '? Microsoft Corporation. All rights reserved.'
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - ExAllocatePoolWithTag
-  - PsProcessType
-  - IoGetLowerDeviceObject
-  - ExFreePoolWithTag
-  - IoRegisterShutdownNotification
-  - IoAttachDeviceToDeviceStackSafe
-  - PsLookupProcessByProcessId
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - MmGetSystemRoutineAddress
-  - IoDetachDevice
-  - KeDelayExecutionThread
-  - IoUnregisterShutdownNotification
-  - ZwClose
-  - IoGetAttachedDeviceReference
-  - PsGetCurrentProcessId
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - IoEnumerateDeviceObjectList
-  - IoUnregisterFsRegistrationChange
-  - ObOpenObjectByPointer
-  - IoRegisterFsRegistrationChange
-  - IofCallDriver
-  - MmUnmapLockedPages
-  - _wcsicmp
-  - PsGetProcessPeb
-  - ZwCreateKey
-  - RtlCreateUnicodeString
-  - MmMapLockedPages
-  - PsSetLoadImageNotifyRoutine
-  - _wcsnicmp
-  - ZwReadFile
-  - IoGetRelatedDeviceObject
-  - KeSetEvent
-  - IoCreateFile
-  - KeInitializeEvent
-  - ZwDeleteValueKey
-  - ZwSetValueKey
-  - RtlEqualUnicodeString
-  - MmBuildMdlForNonPagedPool
-  - IoFreeMdl
-  - RtlFreeUnicodeString
-  - ObQueryNameString
-  - IoFileObjectType
-  - ZwQueryValueKey
-  - _vsnwprintf
-  - RtlRandom
-  - ObReferenceObjectByHandle
-  - KeWaitForSingleObject
-  - PsRemoveLoadImageNotifyRoutine
-  - ZwFlushKey
-  - MmCreateMdl
-  - IoFreeIrp
-  - ZwDeleteFile
-  - PsGetVersion
-  - IoAllocateIrp
-  - CmRegisterCallback
-  - RtlCopyUnicodeString
-  - MmIsAddressValid
-  - CmUnRegisterCallback
-  - ZwQueryInformationFile
-  - ZwWriteFile
-  - ZwDeleteKey
-  - ZwEnumerateKey
-  - ZwAllocateVirtualMemory
-  - ZwOpenKey
-  - KeUnstackDetachProcess
-  - ZwWaitForSingleObject
-  - ZwFreeVirtualMemory
-  - PsGetProcessSessionId
-  - ZwDuplicateObject
-  - ObReferenceObjectByName
-  - KeStackAttachProcess
-  - RtlSubAuthoritySid
-  - _strnicmp
-  - ZwOpenProcessTokenEx
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - PsThreadType
-  - RtlSubAuthorityCountSid
-  - ZwQueryInformationToken
-  - KeBugCheckEx
-  - strncmp
-  - strstr
-  - strchr
-  - strncpy
-  - _vsnprintf
-  - rand
-  - _stricmp
-  - ExAllocatePool
-  - IoBuildDeviceIoControlRequest
-  - ZwCreateFile
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - __C_specific_handler
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: ??=CN, ??=, ??=, ??=Private Organization, serialNumber=91420100MA4KN92W72,
-        C=CN, ST=, L=, O=Wuhan Jiajia Yiyong Technology Co., Ltd., CN=Wuhan Jiajia
-        Yiyong Technology Co., Ltd.
-      ValidFrom: '2020-11-17 00:00:00'
-      ValidTo: '2023-11-12 23:59:59'
-      Signature: 9451eb3eee03a01f0c66d87dc537eb17f37bc157ec9037c05a55ee4a3d0c207c67b981841c2b642084bca0a3c65f8e8eb5413f3e897b267aad91044c4098319a1f703fa995afdc53896d20245af8c2829e80081d36135ac1acb414bf966fd0af157b3fc2dac8f616f2b794a76b0fb7b300db0c579f093e31dd739b43f09fb7a73c6c914d8453032ea14950246e80abfc7fbaff2597ab68b6f03d30d97edbee25c0e2786040a1770e26661867920f3b01132c4ac5dc9ef97ae59e7baad68fe1b2b12acc7ed54697e9d4025ced62ac9dca82104ac7dd8219b331fcbed72aab33b95fed0ef6a1f9831c8b68457be6b080ae3c9ae15df500a53b7b2a198ee71abd1b
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 012eab44fa8853d913e7107c89406432
-      Version: 3
-      TBS:
-        MD5: 5d40693a8cfc4fd21f0c610ed3ee8477
-        SHA1: 4dffeb59ea4c32c7b87c9fe44d55f5e622444824
-        SHA256: d7380ff1b3d400fdf8cf2d8ab18ac65a071ae51c83cce017fa236fb530c4af74
-        SHA384: 9feb1b57516ca5131bb53e05cfc2c1d1df028761ede93e58f42026a9781507a72e28bb2aca693c72f29da7f0421f45bc
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA
-      ValidFrom: '2012-04-18 12:00:00'
-      ValidTo: '2027-04-18 12:00:00'
-      Signature: 9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0dd0e3374ac95bdbfa6b434b2a48ec06
-      Version: 3
-      TBS:
-        MD5: f92649915476229b093c211c2b18e6c4
-        SHA1: 2d54c16a8f8b69ccdea48d0603c132f547a5cf75
-        SHA256: 2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
-        SHA384: 511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace
-    Signer:
-    - SerialNumber: 012eab44fa8853d913e7107c89406432
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 0b8725117e665d5272218cb41038327d
-    SHA1: a6dde20a0c8ba6cfe531ce1a57035b8d7b3d900a
-    SHA256: b54213d1248761579f5f569ab7e32402dd88a12622377d381f7eb55d4f4eb053
-  Sections:
-    .text:
-      Entropy: 6.316005052434714
-      Virtual Size: '0xf332'
-    .rdata:
-      Entropy: 7.924187513971753
-      Virtual Size: '0x1100cc'
-    .data:
-      Entropy: 1.4059711626373768
-      Virtual Size: '0x2608'
-    .pdata:
-      Entropy: 4.843716813714921
-      Virtual Size: '0x6d8'
-    INIT:
-      Entropy: 5.256170796244334
-      Virtual Size: '0xb70'
-    .rsrc:
-      Entropy: 3.333432129597516
-      Virtual Size: '0x400'
-    .reloc:
-      Entropy: 1.3463891478457575
-      Virtual Size: '0x174'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2023-03-30 04:23:58'
-  Imphash: 3db9de43d5d530c10d0cd2d43c7a0771
-  LoadsDespiteHVCI: 'TRUE'
-Tags:
-- windbg.sys
+-   Filename: windbg.sys
+    MD5: 40f35792e7565aa047796758a3ce1b77
+    SHA1: 6df35a0c2f6d7d39d24277137ea840078dafb812
+    SHA256: 139f8412a7c6fdc43dcfbbcdba256ee55654eb36a40f338249d5162a1f69b988
+    Signature: ''
+    Date: ''
+    Publisher: ''
+    Company: Microsoft Corporation
+    Description: Windows GUI symbolic debugger
+    Product: Microsoft? Windows? Operating System
+    ProductVersion: 10.0.19041.685
+    FileVersion: 10.0.19041.685 (WinBuild.160101.0800)
+    MachineType: AMD64
+    OriginalFilename: windbg.sys
+    Authentihash:
+        MD5: 3a2404b8c4c87facf5316e4ff16bd603
+        SHA1: ff3d240cf0faeafb37f176b71151dd83b2177a0e
+        SHA256: e307ebe2d43cc8e290e5ade032a6e38bc6961439f92d6e99b954bf1368a975ef
+    InternalName: windbg.sys
+    Copyright: '? Microsoft Corporation. All rights reserved.'
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - ExAllocatePoolWithTag
+    - PsProcessType
+    - IoGetLowerDeviceObject
+    - ExFreePoolWithTag
+    - IoRegisterShutdownNotification
+    - IoAttachDeviceToDeviceStackSafe
+    - PsLookupProcessByProcessId
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - MmGetSystemRoutineAddress
+    - IoDetachDevice
+    - KeDelayExecutionThread
+    - IoUnregisterShutdownNotification
+    - ZwClose
+    - IoGetAttachedDeviceReference
+    - PsGetCurrentProcessId
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - IoEnumerateDeviceObjectList
+    - IoUnregisterFsRegistrationChange
+    - ObOpenObjectByPointer
+    - IoRegisterFsRegistrationChange
+    - IofCallDriver
+    - MmUnmapLockedPages
+    - _wcsicmp
+    - PsGetProcessPeb
+    - ZwCreateKey
+    - RtlCreateUnicodeString
+    - MmMapLockedPages
+    - PsSetLoadImageNotifyRoutine
+    - _wcsnicmp
+    - ZwReadFile
+    - IoCreateFile
+    - ZwDeleteValueKey
+    - ZwSetValueKey
+    - RtlEqualUnicodeString
+    - MmBuildMdlForNonPagedPool
+    - IoFreeMdl
+    - RtlFreeUnicodeString
+    - ObQueryNameString
+    - ZwQueryValueKey
+    - _vsnwprintf
+    - RtlRandom
+    - PsRemoveLoadImageNotifyRoutine
+    - ZwFlushKey
+    - MmCreateMdl
+    - ZwDeleteFile
+    - PsGetVersion
+    - CmRegisterCallback
+    - RtlCopyUnicodeString
+    - MmIsAddressValid
+    - CmUnRegisterCallback
+    - ZwQueryInformationFile
+    - ZwWriteFile
+    - ZwDeleteKey
+    - ZwEnumerateKey
+    - ZwAllocateVirtualMemory
+    - ZwOpenKey
+    - KeUnstackDetachProcess
+    - ZwWaitForSingleObject
+    - ZwFreeVirtualMemory
+    - PsGetProcessSessionId
+    - ZwDuplicateObject
+    - ObReferenceObjectByName
+    - KeStackAttachProcess
+    - RtlSubAuthoritySid
+    - _strnicmp
+    - KeSetEvent
+    - KeInitializeEvent
+    - ZwOpenProcessTokenEx
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - ObReferenceObjectByHandle
+    - KeWaitForSingleObject
+    - PsThreadType
+    - RtlSubAuthorityCountSid
+    - ZwQueryInformationToken
+    - KeBugCheckEx
+    - strncmp
+    - strstr
+    - strchr
+    - strncpy
+    - _vsnprintf
+    - rand
+    - _stricmp
+    - ExAllocatePool
+    - IoBuildDeviceIoControlRequest
+    - IoGetRelatedDeviceObject
+    - ZwCreateFile
+    - IoFreeIrp
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - __C_specific_handler
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=CN, ST=Guangdong, L=Shenzhen, O=Shenzhen Luyoudashi Technology
+                Co., Ltd., OU=Digital ID Class 3 , Microsoft Software Validation v2,
+                CN=Shenzhen Luyoudashi Technology Co., Ltd.
+            ValidFrom: '2014-05-06 00:00:00'
+            ValidTo: '2015-05-06 23:59:59'
+            Signature: 14a41c7ad5dc6309c5b0390f4dbdec058fab41138c90e8a92e5316495d46210a64a3573a304cb2d791c50f3815a2b7ed11057018158311d061080686a2bd6a0a3c9097161b98e46ab15267b3bbdbd76d43d1bc9a239a24e98a6673e1b1c6ca83230ce3862e0d422f113bb3b5fb2b9254346f40c810f6e0bbc7f137f22d0d272a150eac91baf8513472d277290dfc55c7d2b22003c0fccad9a29fbceeba1586efae4bd98de245bda466f7eca00673d4418f90609b9a6c5cbf1a25a3373f2744a3974cd0ba89f9d1b23a02058dd151c0fda03ffca6a40a6d91c7678b675996b5c0c63f491428684be2367b5a60048f3543b5ddf6ba5270bbe376f5e2b62b14fe6a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 5f9e06262d2eed425c886a4709350426
+            Version: 3
+            TBS:
+                MD5: e01323d4e9f20b9c042abdd9585d2d81
+                SHA1: d1fab71f563191354037fe0bb8bf73718c721e45
+                SHA256: 9db6a214ff40e20a9785ef23e93d98de1c0f3b018703c86e6c7cd0d4ade37a14
+                SHA384: 9977259d83cbe7a02e23c446aa606f37b48ab088e375bb4f09a356fdd3abfc114eb2d22305c3d9daeaa47be4fef9f16b
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        -   Subject: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo
+                RSA Time Stamping CA
+            ValidFrom: '2019-05-02 00:00:00'
+            ValidTo: '2038-01-18 23:59:59'
+            Signature: 6d5481a5335d16e1b553819175df037a320b2d258411b2b0db2a7d2a05f5bc3b27f45aa0b9495990296c61cbb550dbe27df99f00ef40c3add3e2e456f95841cff142e5107dffb0741f8fc65c09f9335eeaa01c26585cf3b4110fd5d5c3e2bcd55878bf4876e144676d8fb043100f8de4f93862bf1301c585a34cc5ccb2533095a4d6f4965608b8cd5c7f0196be72526a3b42377c1678399393949bb1dcb26d416d67cdc96f903d7f4572c11b23d6c2558466e4b3c56606f6f3d64b5eada32b428a2192fea86f5a2570628173635ea0bbd8dcd74ad33daf830638121d24872de4fc02d63e7704bc0436b5e777cb9c2e8d2318b9a3c2471df05dd6a1735705689aa7c937651dbeeabcd842834305a58ba609ffd1a194a64eaa3d09f5056cb7d2645ad82a22c24b9df1395e4cde483d9b34969a095f8efdf7b15291ce3f89f61ca1b5a9751f71bf5b435d653d50816eabf0d0d3fcb2b31fb6999626f43c798b5c64cccdee279ae5a0c00c7287c16e4d5ad31eeaf044e6326f1ceb174e94c37865203b0f41aa1fe9a1419dfeb1b8a0652a34e0dea8f93ce6c130bbc0a0632cfc5c1600a8d0c47fea119d1e06c6a66d325db438092b4907aafdec30daf1a72fcfb7fdfad0a384d9279efb016677b95610e1206ec6aeb1f9b6bac8355d33768ef17c200c2a77aeb5a20286ba29eeb45a00b18cabe3f90ac9545dd4b96a749ebd48ae98
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.12
+            IsCertificateAuthority: true
+            SerialNumber: 300f6facdd6698747ca94636a7782db9
+            Version: 3
+            TBS:
+                MD5: 63499ed59a1293b786649470e4ce0bd7
+                SHA1: 7309d8eaa65da1f3da7030c08f00a3b0a20fa908
+                SHA256: 8c8d2046b29e792e71b28705fe67c435208a336dde074a75452d98e72c734937
+                SHA384: 5dbc5eae13908fee4c4e5216f87e3e87208fff0d1052f5fa9f0856a429d6a6c422c625f2318f2f29aea26ece09c1e811
+        -   Subject: 'C=GB, ST=Manchester, O=Sectigo Limited, CN=Sectigo RSA Time
+                Stamping Signer #3'
+            ValidFrom: '2022-05-11 00:00:00'
+            ValidTo: '2033-08-10 23:59:59'
+            Signature: 73daed6872cbc2b940a131bbb403a32d147b24e7b45b157da8e9fdadd1920d7c3d36a069d9f39a30daac69d67457243f7e0f3cd9f5c379256c26e88d6893cef17789397fa80405da34c314ea9f0854abffc47e966c2bd394ebb46ce0454d2cb2f73b3b5ab5c1fbd789756d987272f6f70728f3d3b2d0eb19be152c78efcd45a000e4f80476bb57c590be775490749e0b4f4dc4aa138f97af01352bcb9b1178e9f2f989043c4ee3821262ebb4440c7541c20f34b8889dc822f1136adb182f6e78adc405b4e884089307f97d83fe689834e477e5b1ce8c946cdb036d2805477e9b2ef064fbdba40331107c1afb3c1980d10b70b9555f47be3964ceb7da235432e346b232d8d22986c9155d8095af02fbb4d12e9d387c35e00f1ced1b47489c226a5582d9f2ba086503e5f129f3488a09014ca679f2a2b61a9994eb9728e1be7d1ba17ced5680a6f4223390e48453fc2afac0a797a8eab58d7acee4e04ba133ab0b76a0d56916b78e66bf5ffa1fc4a87fa7a14814910d82fcbd4d99edc9e66c36fe774399b8692d7c612feda3b049fe5bbe692491ff93fc5769924bd9053f6d8672d3a2d0c064d23a42c11a03fbd0ed9a21b83fafa6b25154d54cc5ca1f128d57c639ed5cffec9f2676ad646667e8aa30e0d2adb77db16a41276e038aa374e08a09826ebfe3f6b7bc9e0b29186881a19c3f6e16594b1409099ae6aebf6015dd86f5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.12
+            IsCertificateAuthority: false
+            SerialNumber: 0090397f9ad24a3a13f2bd915f0838a943
+            Version: 3
+            TBS:
+                MD5: 26ec2c9bfcb06fdf8a6d95f2c616fd72
+                SHA1: 635466f1432046f6fd338624c068872ab6488b12
+                SHA256: 2219bd6adf84dc8f6f04833974d150f75f5ce79cbf85788a6f7efaa4a5205839
+                SHA384: 62d3259a3af5706e5bd6ca3f7ca35c0978253facbf7bee54f61d6afdd548e39e435fb55f952dbf8ed2bd6ee0c6b69660
+        Signer:
+        -   SerialNumber: 5f9e06262d2eed425c886a4709350426
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 57462998048f7ee977ca73cacd0a8a2a
+        SHA1: f1a4626b2b16389bf879d451c63ff53bca825d23
+        SHA256: 9e96e39a30076c985ce6aa3547b8279c8f471122a0b25bebde5a189d9795d427
+    Sections:
+        .text:
+            Entropy: 6.329047072816416
+            Virtual Size: '0xee62'
+        .rdata:
+            Entropy: 7.874863723842617
+            Virtual Size: '0x116164'
+        .data:
+            Entropy: 1.4228529560727312
+            Virtual Size: '0x2608'
+        .pdata:
+            Entropy: 4.838191412178099
+            Virtual Size: '0x6b4'
+        INIT:
+            Entropy: 5.354478421940713
+            Virtual Size: '0xb3c'
+        .rsrc:
+            Entropy: 3.337476767732356
+            Virtual Size: '0x400'
+        .reloc:
+            Entropy: 1.3463891478457575
+            Virtual Size: '0x174'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2023-03-07 08:50:35'
+    Imphash: 63fd1582ac2edee50f7ec7eedde38ee8
+    LoadsDespiteHVCI: 'TRUE'
+-   Filename: windbg.sys
+    MD5: 093a2a635c3a27aac50efd6463f4efa1
+    SHA1: b34a012887ddab761b2298f882858fa1ff4d99f1
+    SHA256: 5b932eab6c67f62f097a3249477ac46d80ddccdc52654f8674060b4ddf638e5d
+    Signature: ''
+    Date: ''
+    Publisher: ''
+    Company: Microsoft Corporation
+    Description: Windows GUI symbolic debugger
+    Product: Microsoft? Windows? Operating System
+    ProductVersion: 10.0.19041.685
+    FileVersion: 10.0.19041.685 (WinBuild.160101.0800)
+    MachineType: I386
+    OriginalFilename: windbg.sys
+    Authentihash:
+        MD5: dab51577c44fda1574532847f4deb56c
+        SHA1: c7cb92f60ffe07d1c9bfa43ea1213f8c8f766022
+        SHA256: 6ee267fc3d0ac2662a9cfdb0ed5a2354ee09ef4c218303f20350177cae125cf7
+    InternalName: windbg.sys
+    Copyright: '? Microsoft Corporation. All rights reserved.'
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoDeleteDevice
+    - IoDetachDevice
+    - memcpy
+    - memset
+    - ZwClose
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - ObOpenObjectByPointer
+    - PsProcessType
+    - PsLookupProcessByProcessId
+    - MmGetSystemRoutineAddress
+    - RtlInitUnicodeString
+    - IofCallDriver
+    - PsGetCurrentProcessId
+    - IoGetLowerDeviceObject
+    - ObfDereferenceObject
+    - IoGetAttachedDeviceReference
+    - IoUnregisterShutdownNotification
+    - KeDelayExecutionThread
+    - IoAttachDeviceToDeviceStackSafe
+    - IoCreateDevice
+    - IoEnumerateDeviceObjectList
+    - IoRegisterShutdownNotification
+    - IoUnregisterFsRegistrationChange
+    - IoRegisterFsRegistrationChange
+    - _vsnwprintf
+    - PsGetVersion
+    - ZwAllocateVirtualMemory
+    - MmUnmapLockedPages
+    - IoFreeMdl
+    - MmMapLockedPages
+    - MmBuildMdlForNonPagedPool
+    - MmCreateMdl
+    - ZwReadFile
+    - ZwQueryInformationFile
+    - IoCreateFile
+    - _wcsicmp
+    - _wcsnicmp
+    - RtlEqualUnicodeString
+    - ZwWriteFile
+    - ZwFlushKey
+    - ZwSetValueKey
+    - ZwQueryValueKey
+    - RtlRandom
+    - KeQuerySystemTime
+    - ZwDeleteKey
+    - ZwOpenKey
+    - ZwEnumerateKey
+    - IoFreeIrp
+    - KeSetEvent
+    - KeWaitForSingleObject
+    - KeGetCurrentThread
+    - KeInitializeEvent
+    - IoAllocateIrp
+    - IoGetRelatedDeviceObject
+    - ObReferenceObjectByHandle
+    - IoFileObjectType
+    - ObQueryNameString
+    - RtlCopyUnicodeString
+    - MmIsAddressValid
+    - PsGetProcessPeb
+    - RtlCreateUnicodeString
+    - ZwDeleteValueKey
+    - ZwCreateKey
+    - RtlFreeUnicodeString
+    - ZwDeleteFile
+    - PsRemoveLoadImageNotifyRoutine
+    - CmUnRegisterCallback
+    - PsSetLoadImageNotifyRoutine
+    - CmRegisterCallback
+    - ObReferenceObjectByName
+    - ZwFreeVirtualMemory
+    - ZwWaitForSingleObject
+    - KeUnstackDetachProcess
+    - KeStackAttachProcess
+    - ZwDuplicateObject
+    - PsGetProcessSessionId
+    - _strnicmp
+    - RtlSubAuthoritySid
+    - RtlSubAuthorityCountSid
+    - ZwQueryInformationToken
+    - ZwOpenProcessTokenEx
+    - PsTerminateSystemThread
+    - PsThreadType
+    - PsCreateSystemThread
+    - KeTickCount
+    - KeBugCheckEx
+    - _vsnprintf
+    - strncmp
+    - strchr
+    - strncpy
+    - strstr
+    - ExAllocatePool
+    - _stricmp
+    - rand
+    - ZwCreateFile
+    - IoBuildDeviceIoControlRequest
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - _allshl
+    - RtlUnwind
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: ??=CN, ??=, ??=, ??=Private Organization, serialNumber=91420100MA4KN92W72,
+                C=CN, ST=, L=, O=Wuhan Jiajia Yiyong Technology Co., Ltd., CN=Wuhan
+                Jiajia Yiyong Technology Co., Ltd.
+            ValidFrom: '2020-11-17 00:00:00'
+            ValidTo: '2023-11-12 23:59:59'
+            Signature: 9451eb3eee03a01f0c66d87dc537eb17f37bc157ec9037c05a55ee4a3d0c207c67b981841c2b642084bca0a3c65f8e8eb5413f3e897b267aad91044c4098319a1f703fa995afdc53896d20245af8c2829e80081d36135ac1acb414bf966fd0af157b3fc2dac8f616f2b794a76b0fb7b300db0c579f093e31dd739b43f09fb7a73c6c914d8453032ea14950246e80abfc7fbaff2597ab68b6f03d30d97edbee25c0e2786040a1770e26661867920f3b01132c4ac5dc9ef97ae59e7baad68fe1b2b12acc7ed54697e9d4025ced62ac9dca82104ac7dd8219b331fcbed72aab33b95fed0ef6a1f9831c8b68457be6b080ae3c9ae15df500a53b7b2a198ee71abd1b
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 012eab44fa8853d913e7107c89406432
+            Version: 3
+            TBS:
+                MD5: 5d40693a8cfc4fd21f0c610ed3ee8477
+                SHA1: 4dffeb59ea4c32c7b87c9fe44d55f5e622444824
+                SHA256: d7380ff1b3d400fdf8cf2d8ab18ac65a071ae51c83cce017fa236fb530c4af74
+                SHA384: 9feb1b57516ca5131bb53e05cfc2c1d1df028761ede93e58f42026a9781507a72e28bb2aca693c72f29da7f0421f45bc
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA
+            ValidFrom: '2012-04-18 12:00:00'
+            ValidTo: '2027-04-18 12:00:00'
+            Signature: 9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0dd0e3374ac95bdbfa6b434b2a48ec06
+            Version: 3
+            TBS:
+                MD5: f92649915476229b093c211c2b18e6c4
+                SHA1: 2d54c16a8f8b69ccdea48d0603c132f547a5cf75
+                SHA256: 2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
+                SHA384: 511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace
+        Signer:
+        -   SerialNumber: 012eab44fa8853d913e7107c89406432
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: e1c6e942db6887e4c9e630b5bb75c313
+        SHA1: e703cd9718363d923287424967d01ca57fc8a842
+        SHA256: 8afa5d95d504001486a7641c204a06b483d2cf4f3b4ed072606cc05759996d9d
+    Sections:
+        .text:
+            Entropy: 6.5601743726896915
+            Virtual Size: '0xcf52'
+        .rdata:
+            Entropy: 7.956474654695534
+            Virtual Size: '0xdc5e4'
+        .data:
+            Entropy: 2.3758735106170197
+            Virtual Size: '0x2420'
+        INIT:
+            Entropy: 5.700732148931988
+            Virtual Size: '0xa1a'
+        .rsrc:
+            Entropy: 3.337476767732356
+            Virtual Size: '0x400'
+        .reloc:
+            Entropy: 3.4327474207821553
+            Virtual Size: '0x144e'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2023-03-30 04:24:09'
+    Imphash: f8e4844312e81dbdb4e8e95e2ad2c127
+    LoadsDespiteHVCI: 'TRUE'
+-   Filename: windbg.sys
+    MD5: 844af8c877f5da723c1b82cf6e213fc1
+    SHA1: 4f2d9a70ea24121ae01df8a76ffba1f9cc0fde4a
+    SHA256: 6994b32e3f3357f4a1d0abe81e8b62dd54e36b17816f2f1a80018584200a1b77
+    Signature: ''
+    Date: ''
+    Publisher: ''
+    Company: Microsoft Corporation
+    Description: Windows GUI symbolic debugger
+    Product: Microsoft? Windows? Operating System
+    ProductVersion: 10.0.19041.685
+    FileVersion: 10.0.19041.685 (WinBuild.160101.0800)
+    MachineType: AMD64
+    OriginalFilename: windbg.sys
+    Authentihash:
+        MD5: 98a3ab2b723de48256701b417ff87a65
+        SHA1: ff80d6663a92ff454526e88847cbb4d9bd00e21e
+        SHA256: 79278979d9300670d1084493bbc03ae374efc5ab02850941e85753885fa88e47
+    InternalName: windbg.sys
+    Copyright: '? Microsoft Corporation. All rights reserved.'
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - ExAllocatePoolWithTag
+    - PsProcessType
+    - IoGetLowerDeviceObject
+    - ExFreePoolWithTag
+    - IoRegisterShutdownNotification
+    - IoAttachDeviceToDeviceStackSafe
+    - PsLookupProcessByProcessId
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - MmGetSystemRoutineAddress
+    - IoDetachDevice
+    - KeDelayExecutionThread
+    - IoUnregisterShutdownNotification
+    - ZwClose
+    - IoGetAttachedDeviceReference
+    - PsGetCurrentProcessId
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - IoEnumerateDeviceObjectList
+    - IoUnregisterFsRegistrationChange
+    - ObOpenObjectByPointer
+    - IoRegisterFsRegistrationChange
+    - IofCallDriver
+    - MmUnmapLockedPages
+    - _wcsicmp
+    - PsGetProcessPeb
+    - ZwCreateKey
+    - RtlCreateUnicodeString
+    - MmMapLockedPages
+    - PsSetLoadImageNotifyRoutine
+    - _wcsnicmp
+    - ZwReadFile
+    - IoGetRelatedDeviceObject
+    - KeSetEvent
+    - IoCreateFile
+    - KeInitializeEvent
+    - ZwDeleteValueKey
+    - ZwSetValueKey
+    - RtlEqualUnicodeString
+    - MmBuildMdlForNonPagedPool
+    - IoFreeMdl
+    - RtlFreeUnicodeString
+    - ObQueryNameString
+    - IoFileObjectType
+    - ZwQueryValueKey
+    - _vsnwprintf
+    - RtlRandom
+    - ObReferenceObjectByHandle
+    - KeWaitForSingleObject
+    - PsRemoveLoadImageNotifyRoutine
+    - ZwFlushKey
+    - MmCreateMdl
+    - IoFreeIrp
+    - ZwDeleteFile
+    - PsGetVersion
+    - IoAllocateIrp
+    - CmRegisterCallback
+    - RtlCopyUnicodeString
+    - MmIsAddressValid
+    - CmUnRegisterCallback
+    - ZwQueryInformationFile
+    - ZwWriteFile
+    - ZwDeleteKey
+    - ZwEnumerateKey
+    - ZwAllocateVirtualMemory
+    - ZwOpenKey
+    - KeUnstackDetachProcess
+    - ZwWaitForSingleObject
+    - ZwFreeVirtualMemory
+    - PsGetProcessSessionId
+    - ZwDuplicateObject
+    - ObReferenceObjectByName
+    - KeStackAttachProcess
+    - RtlSubAuthoritySid
+    - _strnicmp
+    - ZwOpenProcessTokenEx
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - PsThreadType
+    - RtlSubAuthorityCountSid
+    - ZwQueryInformationToken
+    - KeBugCheckEx
+    - strncmp
+    - strstr
+    - strchr
+    - strncpy
+    - _vsnprintf
+    - rand
+    - _stricmp
+    - ExAllocatePool
+    - IoBuildDeviceIoControlRequest
+    - ZwCreateFile
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - __C_specific_handler
+    Signatures: {}
+    RichPEHeaderHash:
+        MD5: 0b8725117e665d5272218cb41038327d
+        SHA1: a6dde20a0c8ba6cfe531ce1a57035b8d7b3d900a
+        SHA256: b54213d1248761579f5f569ab7e32402dd88a12622377d381f7eb55d4f4eb053
+    Sections:
+        .text:
+            Entropy: 6.316212989532183
+            Virtual Size: '0xf332'
+        .rdata:
+            Entropy: 7.924187513971753
+            Virtual Size: '0x1100cc'
+        .data:
+            Entropy: 1.4059711626373768
+            Virtual Size: '0x2608'
+        .pdata:
+            Entropy: 4.843716813714921
+            Virtual Size: '0x6d8'
+        INIT:
+            Entropy: 5.256170796244334
+            Virtual Size: '0xb70'
+        .rsrc:
+            Entropy: 3.333432129597516
+            Virtual Size: '0x400'
+        .reloc:
+            Entropy: 1.3463891478457575
+            Virtual Size: '0x174'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2023-03-30 04:23:58'
+    Imphash: 3db9de43d5d530c10d0cd2d43c7a0771
+    LoadsDespiteHVCI: 'TRUE'
+-   Filename: windbg.sys
+    MD5: 2ec877e425bd7eddb663627216e3491e
+    SHA1: d4f5323da704ff2f25d6b97f38763c147f2a0e6f
+    SHA256: 32882949ea084434a376451ff8364243a50485a3b4af2f2240bb5f20c164543d
+    Signature: ''
+    Date: ''
+    Publisher: ''
+    Company: Microsoft Corporation
+    Description: Windows GUI symbolic debugger
+    Product: Microsoft? Windows? Operating System
+    ProductVersion: 10.0.19041.685
+    FileVersion: 10.0.19041.685 (WinBuild.160101.0800)
+    MachineType: AMD64
+    OriginalFilename: windbg.sys
+    Authentihash:
+        MD5: 75c70824590d4db183418c7fd9e47d2d
+        SHA1: 1ccd8bc3104fe1654806752e1e6730d3ee0b4ee4
+        SHA256: e7e7824d611527b67fc36128da1b35d9b8ce3ffdab3fb96e3dbabd6e9c9570c0
+    InternalName: windbg.sys
+    Copyright: '? Microsoft Corporation. All rights reserved.'
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - ExAllocatePoolWithTag
+    - PsProcessType
+    - IoGetLowerDeviceObject
+    - ExFreePoolWithTag
+    - IoRegisterShutdownNotification
+    - IoAttachDeviceToDeviceStackSafe
+    - PsLookupProcessByProcessId
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - MmGetSystemRoutineAddress
+    - IoDetachDevice
+    - KeDelayExecutionThread
+    - IoUnregisterShutdownNotification
+    - ZwClose
+    - IoGetAttachedDeviceReference
+    - PsGetCurrentProcessId
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - IoEnumerateDeviceObjectList
+    - IoUnregisterFsRegistrationChange
+    - ObOpenObjectByPointer
+    - IoRegisterFsRegistrationChange
+    - IofCallDriver
+    - MmUnmapLockedPages
+    - _wcsicmp
+    - PsGetProcessPeb
+    - ZwCreateKey
+    - RtlCreateUnicodeString
+    - MmMapLockedPages
+    - PsSetLoadImageNotifyRoutine
+    - _wcsnicmp
+    - ZwReadFile
+    - IoCreateFile
+    - ZwDeleteValueKey
+    - ZwSetValueKey
+    - RtlEqualUnicodeString
+    - MmBuildMdlForNonPagedPool
+    - IoFreeMdl
+    - RtlFreeUnicodeString
+    - ObQueryNameString
+    - ZwQueryValueKey
+    - _vsnwprintf
+    - RtlRandom
+    - PsRemoveLoadImageNotifyRoutine
+    - ZwFlushKey
+    - MmCreateMdl
+    - ZwDeleteFile
+    - PsGetVersion
+    - CmRegisterCallback
+    - RtlCopyUnicodeString
+    - MmIsAddressValid
+    - CmUnRegisterCallback
+    - ZwQueryInformationFile
+    - ZwWriteFile
+    - ZwDeleteKey
+    - ZwEnumerateKey
+    - ZwAllocateVirtualMemory
+    - ZwOpenKey
+    - KeUnstackDetachProcess
+    - ZwWaitForSingleObject
+    - ZwFreeVirtualMemory
+    - PsGetProcessSessionId
+    - ZwDuplicateObject
+    - ObReferenceObjectByName
+    - KeStackAttachProcess
+    - RtlSubAuthoritySid
+    - _strnicmp
+    - KeSetEvent
+    - KeInitializeEvent
+    - ZwOpenProcessTokenEx
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - ObReferenceObjectByHandle
+    - KeWaitForSingleObject
+    - PsThreadType
+    - RtlSubAuthorityCountSid
+    - ZwQueryInformationToken
+    - KeBugCheckEx
+    - strncmp
+    - strstr
+    - strchr
+    - strncpy
+    - _vsnprintf
+    - rand
+    - _stricmp
+    - ExAllocatePool
+    - IoBuildDeviceIoControlRequest
+    - IoGetRelatedDeviceObject
+    - ZwCreateFile
+    - IoFreeIrp
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - __C_specific_handler
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=CN, ST=Shandong, L=Binzhou, O=Binzhoushi Yongyu Feed Co.,LTd.,
+                CN=Binzhoushi Yongyu Feed Co.,LTd.
+            ValidFrom: '2014-01-17 00:00:00'
+            ValidTo: '2016-01-17 23:59:59'
+            Signature: 565de91bd9b0bbefe729b5e1a4070c18ee9855ad678967425dd8f4284cdd54fd20affa0449eb2061c26c0720e6b64ee7323461482ad375a2223074f1d41c96b48249ef810d1dc390b89890e703a407c05c7f5d8670573f22dcf7aa210b6d35793423e62a015309d1b37bc59664c32778d78bda41c215a9db9f13c95d922b5d2c0a798b3a642f50cc1aa12db6a398ab2741ce185e65d24ecbcad0d2309cf28530ae4c2ab4207dd35168d612ba3974230fd8d6121f4a9bd47b8ccb5e431f56e7b7f31e879a0f905dc16d1b73f0aa3ef9aeef75a471c09d484c1f474f97fcae827f29cedbd9f022d3e14a1d7ed7792a62b581f58e5e74c5eae41a32b9cc1da2f889
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 5d11784fb81765023f89a4f4243fe1a9
+            Version: 3
+            TBS:
+                MD5: b5ff0da6f1d327dca52b08e9c7c8d439
+                SHA1: c7acfdfc234a3bb37535cbe2785d9202b4b0a10c
+                SHA256: 80a8f0e8652dcea59596b4238f4c2d9f0212a25ea7434fde70a68a202b7ed0b1
+                SHA384: 5cb5027c847cd97082d64888db37cd3fed2ce3663ae3c7466d16887661fb8772f84f9a756782bd9eadde048ceb0f3773
+        -   Subject: C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 56fe535ce1c79ebca7ed7e536d6a144b518c405e805faaa4e82fef38c804c9ca3ecfdf3a584eb0d4b663c52957fa02059a454d68db2a1bd4343d9f00c35acb9549a56ee1b0c5fc414d414a6fd377c8d7388de419de18f31f1565836d450c53f90a9a2ea55dbf6f32811892196a5500ad631c52067e55d92968ae4a7c189a79886b2323d827382a298776cafbc7b662231fed7a564cdd9c325bf53d0c4618953b2a2368836441d9006d0f1924156872bdc571676eac4cdb90eb51a51a6207d0be6a00473c722fec4f613e7385ce5a0ab7bac01c1375e3223928dd6d1d09469d4fbae8408191c6a4ce94721b01cf2a6e15679589ae7db7b7cdf90a3d75b66b3c25
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47974d7873a5bcab0d2fb370192fce5e
+            Version: 3
+            TBS:
+                MD5: e3a93dc2a8a8a668fdbb286bfe9afab5
+                SHA1: 95795d2aa2a554a423bc8c6e5b0a016d14887d35
+                SHA256: d8844186775bddbccaf3dc017064df7d760fd4b85c5d07561a3efd7da950f89e
+                SHA384: 78d972495720b43a6470b18ae1226bcca20707628087717a9364c14ca053ba264e6d149718b103542d9942200138a69d
+        -   Subject: C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c)
+                2006 thawte, Inc. , For authorized use only, CN=thawte Primary Root
+                CA
+            ValidFrom: '2011-02-22 19:31:57'
+            ValidTo: '2021-02-22 19:41:57'
+            Signature: 2dcc71b5e8ba94ff5ee64467007b6afc412c3ee70e41855ab12a932ba95b89f2f72b499c8003f297b8e760a80ed7fd5de545467594f4ed1c9de166228b61fb29f2c6a8bdf387c98f7f47e1c058b64a1aa2e7f718606969e083069e26c775c40c0d79da746b52b9fae8ea3359b9bb18dd291a14dfd36a37277a9da0dacffffc22c4faf009ff33e93e17ba1cc742cfce2743d30c0c5581303db96060ce02ece19ee81ddc852ce0a18d966d95ac17a4713ea16741b6281d2ce3b615e5b7e5a2f6256d86e320acf9f8314f8e629b9833376d6af735523e90feb03b5fc5b852a9e06ea0479a279e97aea24a9e531939ec357ec659de3ae0aaf533f06abda0821812dea18c4570ca2bd62e959145995a5c240049bd23b30ceca43df5b9e1d1b1825a38eea3fba1ab483a8c5dffa065223fd3d3fe4990db1446a3852e8a554b09ab38b2ab63a008d1fdad48e273d812bcc26ca516fad09ac05e38383a2b718e553aac42197a1f0d4220e7ab5d8c6880524ca1c0d488d02321fb901309007b4937afa9df486022abf4f6c2363bf8513c34bbc586e43ae19f4b90fe5461024b159c34176aa94b8d4cb69d2326c83af1d6b805cdda1d6240183a2f1b41cd3a993a0aa9d1d77eb8c4aff7b8c980105ed55df6ce7a9a02c50f6381efb564e9fc5bd8d2619a68c37cf9c78df91e87d5fa2cf816ae9dab068fc86dc741cda14e84e3dac26ebcfb
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611fb0a400000000001d
+            Version: 3
+            TBS:
+                MD5: a3f222107d4e1085e73b5b589c2f480b
+                SHA1: b94aa26cd77c48d91a53ac44506cbd255e1d362c
+                SHA256: a39ed0d6fd4eb1a6f7fed60f726e23eae668b7591bc004644625d22c701213fa
+                SHA384: 64b7643e4146016cbf83c911eb67e4601b6bb8d66f8ee8dcee67b815f91770d86ab23678b984430f22a963e5484881b7
+        Signer:
+        -   SerialNumber: 5d11784fb81765023f89a4f4243fe1a9
+            Issuer: C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 57462998048f7ee977ca73cacd0a8a2a
+        SHA1: f1a4626b2b16389bf879d451c63ff53bca825d23
+        SHA256: 9e96e39a30076c985ce6aa3547b8279c8f471122a0b25bebde5a189d9795d427
+    Sections:
+        .text:
+            Entropy: 6.3276248460048405
+            Virtual Size: '0xee62'
+        .rdata:
+            Entropy: 7.875642919708588
+            Virtual Size: '0x116164'
+        .data:
+            Entropy: 1.4228529560727312
+            Virtual Size: '0x2608'
+        .pdata:
+            Entropy: 4.838191412178099
+            Virtual Size: '0x6b4'
+        INIT:
+            Entropy: 5.354478421940713
+            Virtual Size: '0xb3c'
+        .rsrc:
+            Entropy: 3.337476767732356
+            Virtual Size: '0x400'
+        .reloc:
+            Entropy: 1.3463891478457575
+            Virtual Size: '0x174'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2023-03-08 03:14:00'
+    Imphash: 63fd1582ac2edee50f7ec7eedde38ee8
+    LoadsDespiteHVCI: 'TRUE'
+-   Filename: windbg.sys
+    MD5: 0023ca0ca16a62d93ef51f3df98b2f94
+    SHA1: 97812f334a077c40e8e642bb9872ac2c49ddb9a2
+    SHA256: 50819a1add4c81c0d53203592d6803f022443440935ff8260ff3b6d5253c0c76
+    Signature: ''
+    Date: ''
+    Publisher: ''
+    Company: Microsoft Corporation
+    Description: Windows GUI symbolic debugger
+    Product: Microsoft? Windows? Operating System
+    ProductVersion: 10.0.19041.685
+    FileVersion: 10.0.19041.685 (WinBuild.160101.0800)
+    MachineType: AMD64
+    OriginalFilename: windbg.sys
+    Authentihash:
+        MD5: c12f9f4027088d2ca69b2d2fec33131b
+        SHA1: f73aa876791246fb7486214e4d3f81a0d375e649
+        SHA256: 88b901ce8ee199bc371e9cf39ab5375d31c6881a25ba5827e9b32ba7946ecda1
+    InternalName: windbg.sys
+    Copyright: '? Microsoft Corporation. All rights reserved.'
+    Imports:
+    - ntoskrnl.exe
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - ExAllocatePoolWithTag
+    - ExAllocatePool
+    - NtQuerySystemInformation
+    - ExFreePoolWithTag
+    - IoAllocateMdl
+    - MmProbeAndLockPages
+    - MmMapLockedPagesSpecifyCache
+    - MmUnlockPages
+    - IoFreeMdl
+    - KeQueryActiveProcessors
+    - KeSetSystemAffinityThread
+    - KeRevertToUserAffinityThread
+    - DbgPrint
+    - KeQueryPerformanceCounter
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: ??=CN, ??=, ??=, ??=Private Organization, serialNumber=91420100MA4KN92W72,
+                C=CN, ST=, L=, O=Wuhan Jiajia Yiyong Technology Co., Ltd., CN=Wuhan
+                Jiajia Yiyong Technology Co., Ltd.
+            ValidFrom: '2020-11-17 00:00:00'
+            ValidTo: '2023-11-12 23:59:59'
+            Signature: 9451eb3eee03a01f0c66d87dc537eb17f37bc157ec9037c05a55ee4a3d0c207c67b981841c2b642084bca0a3c65f8e8eb5413f3e897b267aad91044c4098319a1f703fa995afdc53896d20245af8c2829e80081d36135ac1acb414bf966fd0af157b3fc2dac8f616f2b794a76b0fb7b300db0c579f093e31dd739b43f09fb7a73c6c914d8453032ea14950246e80abfc7fbaff2597ab68b6f03d30d97edbee25c0e2786040a1770e26661867920f3b01132c4ac5dc9ef97ae59e7baad68fe1b2b12acc7ed54697e9d4025ced62ac9dca82104ac7dd8219b331fcbed72aab33b95fed0ef6a1f9831c8b68457be6b080ae3c9ae15df500a53b7b2a198ee71abd1b
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 012eab44fa8853d913e7107c89406432
+            Version: 3
+            TBS:
+                MD5: 5d40693a8cfc4fd21f0c610ed3ee8477
+                SHA1: 4dffeb59ea4c32c7b87c9fe44d55f5e622444824
+                SHA256: d7380ff1b3d400fdf8cf2d8ab18ac65a071ae51c83cce017fa236fb530c4af74
+                SHA384: 9feb1b57516ca5131bb53e05cfc2c1d1df028761ede93e58f42026a9781507a72e28bb2aca693c72f29da7f0421f45bc
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA
+            ValidFrom: '2012-04-18 12:00:00'
+            ValidTo: '2027-04-18 12:00:00'
+            Signature: 9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0dd0e3374ac95bdbfa6b434b2a48ec06
+            Version: 3
+            TBS:
+                MD5: f92649915476229b093c211c2b18e6c4
+                SHA1: 2d54c16a8f8b69ccdea48d0603c132f547a5cf75
+                SHA256: 2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
+                SHA384: 511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace
+        Signer:
+        -   SerialNumber: 012eab44fa8853d913e7107c89406432
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: ffdf660eb1ebf020a1d0a55a90712dfb
+        SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
+        SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
+    Sections:
+        .text:
+            Entropy: 0.0
+            Virtual Size: '0xecf2'
+        .rdata:
+            Entropy: 0.0
+            Virtual Size: '0x11139c'
+        .data:
+            Entropy: 0.0
+            Virtual Size: '0x2608'
+        .pdata:
+            Entropy: 0.0
+            Virtual Size: '0x6a8'
+        INIT:
+            Entropy: 0.0
+            Virtual Size: '0xb3c'
+        .%V,:
+            Entropy: 0.0
+            Virtual Size: '0x2f1e75'
+        .vK6:
+            Entropy: 0.44041120165049624
+            Virtual Size: '0x410'
+        .ubd:
+            Entropy: 7.791669802177395
+            Virtual Size: '0x66d38c'
+        .reloc:
+            Entropy: 3.688528320309426
+            Virtual Size: '0xf0'
+        .rsrc:
+            Entropy: 3.3574600171780125
+            Virtual Size: '0x3f8'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2023-03-09 06:55:38'
+    Imphash: 6b387c029257f024a43a73f38afb2629
+    LoadsDespiteHVCI: 'TRUE'
+-   Filename: windbg.sys
+    MD5: f69b06ca7c34d16f26ea1c6861edf62a
+    SHA1: fdbcebb6cafda927d384d7be2e8063a4377d884f
+    SHA256: 770f33259d6fb10f4a32d8a57d0d12953e8455c72bb7b60cb39ce505c507013a
+    Signature: ''
+    Date: ''
+    Publisher: ''
+    Company: Microsoft Corporation
+    Description: Windows GUI symbolic debugger
+    Product: Microsoft? Windows? Operating System
+    ProductVersion: 10.0.19041.685
+    FileVersion: 10.0.19041.685 (WinBuild.160101.0800)
+    MachineType: AMD64
+    OriginalFilename: windbg.sys
+    Authentihash:
+        MD5: 5d9b4ff04047d06a76354c7f7caa1e9e
+        SHA1: 6230645a707228e023d7fc9c5c86c340be05f9c3
+        SHA256: 28d3a5a85eef4561c4ad08fd83aca4f7a946f8dca8bfb7958a855a80197f68a6
+    InternalName: windbg.sys
+    Copyright: '? Microsoft Corporation. All rights reserved.'
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - ExAllocatePoolWithTag
+    - PsProcessType
+    - IoGetLowerDeviceObject
+    - ExFreePoolWithTag
+    - IoRegisterShutdownNotification
+    - IoAttachDeviceToDeviceStackSafe
+    - PsLookupProcessByProcessId
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - MmGetSystemRoutineAddress
+    - IoDetachDevice
+    - KeDelayExecutionThread
+    - IoUnregisterShutdownNotification
+    - ZwClose
+    - IoGetAttachedDeviceReference
+    - PsGetCurrentProcessId
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - IoEnumerateDeviceObjectList
+    - IoUnregisterFsRegistrationChange
+    - ObOpenObjectByPointer
+    - IoRegisterFsRegistrationChange
+    - IofCallDriver
+    - MmUnmapLockedPages
+    - _wcsicmp
+    - PsGetProcessPeb
+    - ZwCreateKey
+    - RtlCreateUnicodeString
+    - MmMapLockedPages
+    - PsSetLoadImageNotifyRoutine
+    - _wcsnicmp
+    - ZwReadFile
+    - IoGetRelatedDeviceObject
+    - KeSetEvent
+    - IoCreateFile
+    - KeInitializeEvent
+    - ZwDeleteValueKey
+    - ZwSetValueKey
+    - RtlEqualUnicodeString
+    - MmBuildMdlForNonPagedPool
+    - IoFreeMdl
+    - RtlFreeUnicodeString
+    - ObQueryNameString
+    - IoFileObjectType
+    - ZwQueryValueKey
+    - _vsnwprintf
+    - RtlRandom
+    - ObReferenceObjectByHandle
+    - KeWaitForSingleObject
+    - PsRemoveLoadImageNotifyRoutine
+    - ZwFlushKey
+    - MmCreateMdl
+    - IoFreeIrp
+    - ZwDeleteFile
+    - PsGetVersion
+    - IoAllocateIrp
+    - CmRegisterCallback
+    - RtlCopyUnicodeString
+    - MmIsAddressValid
+    - CmUnRegisterCallback
+    - ZwQueryInformationFile
+    - ZwWriteFile
+    - ZwDeleteKey
+    - ZwEnumerateKey
+    - ZwAllocateVirtualMemory
+    - ZwOpenKey
+    - KeUnstackDetachProcess
+    - ZwWaitForSingleObject
+    - ZwFreeVirtualMemory
+    - PsGetProcessSessionId
+    - ZwDuplicateObject
+    - ObReferenceObjectByName
+    - KeStackAttachProcess
+    - RtlSubAuthoritySid
+    - _strnicmp
+    - ZwOpenProcessTokenEx
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - PsThreadType
+    - RtlSubAuthorityCountSid
+    - ZwQueryInformationToken
+    - KeBugCheckEx
+    - strncmp
+    - strstr
+    - strchr
+    - strncpy
+    - _vsnprintf
+    - rand
+    - _stricmp
+    - ExAllocatePool
+    - IoBuildDeviceIoControlRequest
+    - ZwCreateFile
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - __C_specific_handler
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: ??=CN, ??=, ??=, ??=Private Organization, serialNumber=91420100MA4KN92W72,
+                C=CN, ST=, L=, O=Wuhan Jiajia Yiyong Technology Co., Ltd., CN=Wuhan
+                Jiajia Yiyong Technology Co., Ltd.
+            ValidFrom: '2020-11-17 00:00:00'
+            ValidTo: '2023-11-12 23:59:59'
+            Signature: 9451eb3eee03a01f0c66d87dc537eb17f37bc157ec9037c05a55ee4a3d0c207c67b981841c2b642084bca0a3c65f8e8eb5413f3e897b267aad91044c4098319a1f703fa995afdc53896d20245af8c2829e80081d36135ac1acb414bf966fd0af157b3fc2dac8f616f2b794a76b0fb7b300db0c579f093e31dd739b43f09fb7a73c6c914d8453032ea14950246e80abfc7fbaff2597ab68b6f03d30d97edbee25c0e2786040a1770e26661867920f3b01132c4ac5dc9ef97ae59e7baad68fe1b2b12acc7ed54697e9d4025ced62ac9dca82104ac7dd8219b331fcbed72aab33b95fed0ef6a1f9831c8b68457be6b080ae3c9ae15df500a53b7b2a198ee71abd1b
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 012eab44fa8853d913e7107c89406432
+            Version: 3
+            TBS:
+                MD5: 5d40693a8cfc4fd21f0c610ed3ee8477
+                SHA1: 4dffeb59ea4c32c7b87c9fe44d55f5e622444824
+                SHA256: d7380ff1b3d400fdf8cf2d8ab18ac65a071ae51c83cce017fa236fb530c4af74
+                SHA384: 9feb1b57516ca5131bb53e05cfc2c1d1df028761ede93e58f42026a9781507a72e28bb2aca693c72f29da7f0421f45bc
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA
+            ValidFrom: '2012-04-18 12:00:00'
+            ValidTo: '2027-04-18 12:00:00'
+            Signature: 9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0dd0e3374ac95bdbfa6b434b2a48ec06
+            Version: 3
+            TBS:
+                MD5: f92649915476229b093c211c2b18e6c4
+                SHA1: 2d54c16a8f8b69ccdea48d0603c132f547a5cf75
+                SHA256: 2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
+                SHA384: 511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace
+        Signer:
+        -   SerialNumber: 012eab44fa8853d913e7107c89406432
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 0b8725117e665d5272218cb41038327d
+        SHA1: a6dde20a0c8ba6cfe531ce1a57035b8d7b3d900a
+        SHA256: b54213d1248761579f5f569ab7e32402dd88a12622377d381f7eb55d4f4eb053
+    Sections:
+        .text:
+            Entropy: 6.31593365316145
+            Virtual Size: '0xf332'
+        .rdata:
+            Entropy: 7.924187513971753
+            Virtual Size: '0x1100cc'
+        .data:
+            Entropy: 1.4059711626373768
+            Virtual Size: '0x2608'
+        .pdata:
+            Entropy: 4.843716813714921
+            Virtual Size: '0x6d8'
+        INIT:
+            Entropy: 5.256170796244334
+            Virtual Size: '0xb70'
+        .rsrc:
+            Entropy: 3.333432129597516
+            Virtual Size: '0x400'
+        .reloc:
+            Entropy: 1.3463891478457575
+            Virtual Size: '0x174'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2023-03-30 04:23:58'
+    Imphash: 3db9de43d5d530c10d0cd2d43c7a0771
+    LoadsDespiteHVCI: 'TRUE'
+-   Filename: windbg.sys
+    MD5: e8eac6642b882a6196555539149c73f2
+    SHA1: 3825ebb0b0664b5f0789371240f65231693be37d
+    SHA256: 86047bb1969d1db455493955fd450d18c62a3f36294d0a6c3732c88dfbcc4f62
+    Signature: ''
+    Date: ''
+    Publisher: ''
+    Company: Microsoft Corporation
+    Description: Windows GUI symbolic debugger
+    Product: Microsoft? Windows? Operating System
+    ProductVersion: 10.0.19041.685
+    FileVersion: 10.0.19041.685 (WinBuild.160101.0800)
+    MachineType: AMD64
+    OriginalFilename: windbg.sys
+    Authentihash:
+        MD5: 1584b06241f08d74434a452e798b2809
+        SHA1: 8eca36d54d04736f61f54285bcee8c30ed892553
+        SHA256: ff6108dd2017f9bc7ea93c43c1afbda0f1cc7b00f5afafb4ce3cf0a193e9598b
+    InternalName: windbg.sys
+    Copyright: '? Microsoft Corporation. All rights reserved.'
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - ExAllocatePoolWithTag
+    - PsProcessType
+    - IoGetLowerDeviceObject
+    - ExFreePoolWithTag
+    - IoRegisterShutdownNotification
+    - IoAttachDeviceToDeviceStackSafe
+    - PsLookupProcessByProcessId
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - MmGetSystemRoutineAddress
+    - IoDetachDevice
+    - KeDelayExecutionThread
+    - IoUnregisterShutdownNotification
+    - ZwClose
+    - IoGetAttachedDeviceReference
+    - PsGetCurrentProcessId
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - IoEnumerateDeviceObjectList
+    - IoUnregisterFsRegistrationChange
+    - ObOpenObjectByPointer
+    - IoRegisterFsRegistrationChange
+    - IofCallDriver
+    - MmUnmapLockedPages
+    - _wcsicmp
+    - PsGetProcessPeb
+    - ZwCreateKey
+    - RtlCreateUnicodeString
+    - MmMapLockedPages
+    - PsSetLoadImageNotifyRoutine
+    - _wcsnicmp
+    - ZwReadFile
+    - IoGetRelatedDeviceObject
+    - KeSetEvent
+    - IoCreateFile
+    - KeInitializeEvent
+    - ZwDeleteValueKey
+    - ZwSetValueKey
+    - RtlEqualUnicodeString
+    - MmBuildMdlForNonPagedPool
+    - IoFreeMdl
+    - RtlFreeUnicodeString
+    - ObQueryNameString
+    - IoFileObjectType
+    - ZwQueryValueKey
+    - _vsnwprintf
+    - RtlRandom
+    - ObReferenceObjectByHandle
+    - KeWaitForSingleObject
+    - PsRemoveLoadImageNotifyRoutine
+    - ZwFlushKey
+    - MmCreateMdl
+    - IoFreeIrp
+    - ZwDeleteFile
+    - PsGetVersion
+    - IoAllocateIrp
+    - CmRegisterCallback
+    - RtlCopyUnicodeString
+    - MmIsAddressValid
+    - CmUnRegisterCallback
+    - ZwQueryInformationFile
+    - ZwWriteFile
+    - ZwDeleteKey
+    - ZwEnumerateKey
+    - ZwAllocateVirtualMemory
+    - ZwOpenKey
+    - KeUnstackDetachProcess
+    - ZwWaitForSingleObject
+    - ZwFreeVirtualMemory
+    - PsGetProcessSessionId
+    - ZwDuplicateObject
+    - ObReferenceObjectByName
+    - KeStackAttachProcess
+    - RtlSubAuthoritySid
+    - _strnicmp
+    - ZwOpenProcessTokenEx
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - PsThreadType
+    - RtlSubAuthorityCountSid
+    - ZwQueryInformationToken
+    - KeBugCheckEx
+    - strncmp
+    - strstr
+    - strchr
+    - strncpy
+    - _vsnprintf
+    - rand
+    - _stricmp
+    - ExAllocatePool
+    - IoBuildDeviceIoControlRequest
+    - ZwCreateFile
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - __C_specific_handler
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: ??=CN, ??=, ??=, ??=Private Organization, serialNumber=91420100MA4KN92W72,
+                C=CN, ST=, L=, O=Wuhan Jiajia Yiyong Technology Co., Ltd., CN=Wuhan
+                Jiajia Yiyong Technology Co., Ltd.
+            ValidFrom: '2020-11-17 00:00:00'
+            ValidTo: '2023-11-12 23:59:59'
+            Signature: 9451eb3eee03a01f0c66d87dc537eb17f37bc157ec9037c05a55ee4a3d0c207c67b981841c2b642084bca0a3c65f8e8eb5413f3e897b267aad91044c4098319a1f703fa995afdc53896d20245af8c2829e80081d36135ac1acb414bf966fd0af157b3fc2dac8f616f2b794a76b0fb7b300db0c579f093e31dd739b43f09fb7a73c6c914d8453032ea14950246e80abfc7fbaff2597ab68b6f03d30d97edbee25c0e2786040a1770e26661867920f3b01132c4ac5dc9ef97ae59e7baad68fe1b2b12acc7ed54697e9d4025ced62ac9dca82104ac7dd8219b331fcbed72aab33b95fed0ef6a1f9831c8b68457be6b080ae3c9ae15df500a53b7b2a198ee71abd1b
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 012eab44fa8853d913e7107c89406432
+            Version: 3
+            TBS:
+                MD5: 5d40693a8cfc4fd21f0c610ed3ee8477
+                SHA1: 4dffeb59ea4c32c7b87c9fe44d55f5e622444824
+                SHA256: d7380ff1b3d400fdf8cf2d8ab18ac65a071ae51c83cce017fa236fb530c4af74
+                SHA384: 9feb1b57516ca5131bb53e05cfc2c1d1df028761ede93e58f42026a9781507a72e28bb2aca693c72f29da7f0421f45bc
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA
+            ValidFrom: '2012-04-18 12:00:00'
+            ValidTo: '2027-04-18 12:00:00'
+            Signature: 9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0dd0e3374ac95bdbfa6b434b2a48ec06
+            Version: 3
+            TBS:
+                MD5: f92649915476229b093c211c2b18e6c4
+                SHA1: 2d54c16a8f8b69ccdea48d0603c132f547a5cf75
+                SHA256: 2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
+                SHA384: 511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace
+        Signer:
+        -   SerialNumber: 012eab44fa8853d913e7107c89406432
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 0b8725117e665d5272218cb41038327d
+        SHA1: a6dde20a0c8ba6cfe531ce1a57035b8d7b3d900a
+        SHA256: b54213d1248761579f5f569ab7e32402dd88a12622377d381f7eb55d4f4eb053
+    Sections:
+        .text:
+            Entropy: 6.316575464847126
+            Virtual Size: '0xf332'
+        .rdata:
+            Entropy: 7.924631486386995
+            Virtual Size: '0x1104dc'
+        .data:
+            Entropy: 1.4059711626373768
+            Virtual Size: '0x2608'
+        .pdata:
+            Entropy: 4.817825512018466
+            Virtual Size: '0x6d8'
+        INIT:
+            Entropy: 5.256170796244334
+            Virtual Size: '0xb70'
+        .rsrc:
+            Entropy: 3.333432129597516
+            Virtual Size: '0x400'
+        .reloc:
+            Entropy: 1.3463891478457575
+            Virtual Size: '0x174'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2023-03-27 22:28:03'
+    Imphash: 3db9de43d5d530c10d0cd2d43c7a0771
+    LoadsDespiteHVCI: 'TRUE'
+-   Filename: windbg.sys
+    MD5: 5ebfc0af031130ba9de1d5d3275734b3
+    SHA1: 48f03a13b0f6d3d929a86514ce48a9352ffef5ad
+    SHA256: bb2422e96ea993007f25c71d55b2eddfa1e940c89e895abb50dd07d7c17ca1df
+    Signature: ''
+    Date: ''
+    Publisher: ''
+    Company: Microsoft Corporation
+    Description: Windows GUI symbolic debugger
+    Product: Microsoft? Windows? Operating System
+    ProductVersion: 10.0.19041.685
+    FileVersion: 10.0.19041.685 (WinBuild.160101.0800)
+    MachineType: AMD64
+    OriginalFilename: windbg.sys
+    Authentihash:
+        MD5: 1959eac3bb98c3032791b0dc6d662281
+        SHA1: f8df5fd765770a56c227c66b47edcf38f868ef33
+        SHA256: a0801ade5de44b65afb8c275e11e4d766ae64af1a5740ad4f1db1acc4e088774
+    InternalName: windbg.sys
+    Copyright: '? Microsoft Corporation. All rights reserved.'
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - ExAllocatePoolWithTag
+    - PsProcessType
+    - IoGetLowerDeviceObject
+    - ExFreePoolWithTag
+    - IoRegisterShutdownNotification
+    - IoAttachDeviceToDeviceStackSafe
+    - PsLookupProcessByProcessId
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - MmGetSystemRoutineAddress
+    - IoDetachDevice
+    - KeDelayExecutionThread
+    - IoUnregisterShutdownNotification
+    - ZwClose
+    - IoGetAttachedDeviceReference
+    - PsGetCurrentProcessId
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - IoEnumerateDeviceObjectList
+    - IoUnregisterFsRegistrationChange
+    - ObOpenObjectByPointer
+    - IoRegisterFsRegistrationChange
+    - IofCallDriver
+    - MmUnmapLockedPages
+    - _wcsicmp
+    - PsGetProcessPeb
+    - ZwCreateKey
+    - RtlCreateUnicodeString
+    - MmMapLockedPages
+    - PsSetLoadImageNotifyRoutine
+    - _wcsnicmp
+    - ZwReadFile
+    - IoGetRelatedDeviceObject
+    - KeSetEvent
+    - IoCreateFile
+    - KeInitializeEvent
+    - ZwDeleteValueKey
+    - ZwSetValueKey
+    - RtlEqualUnicodeString
+    - MmBuildMdlForNonPagedPool
+    - IoFreeMdl
+    - RtlFreeUnicodeString
+    - ObQueryNameString
+    - IoFileObjectType
+    - ZwQueryValueKey
+    - _vsnwprintf
+    - RtlRandom
+    - ObReferenceObjectByHandle
+    - KeWaitForSingleObject
+    - PsRemoveLoadImageNotifyRoutine
+    - ZwFlushKey
+    - MmCreateMdl
+    - IoFreeIrp
+    - ZwDeleteFile
+    - PsGetVersion
+    - IoAllocateIrp
+    - CmRegisterCallback
+    - RtlCopyUnicodeString
+    - MmIsAddressValid
+    - CmUnRegisterCallback
+    - ZwQueryInformationFile
+    - ZwWriteFile
+    - ZwDeleteKey
+    - ZwEnumerateKey
+    - ZwAllocateVirtualMemory
+    - ZwOpenKey
+    - KeUnstackDetachProcess
+    - ZwWaitForSingleObject
+    - ZwFreeVirtualMemory
+    - PsGetProcessSessionId
+    - ZwDuplicateObject
+    - ObReferenceObjectByName
+    - KeStackAttachProcess
+    - RtlSubAuthoritySid
+    - _strnicmp
+    - ZwOpenProcessTokenEx
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - PsThreadType
+    - RtlSubAuthorityCountSid
+    - ZwQueryInformationToken
+    - KeBugCheckEx
+    - strncmp
+    - strstr
+    - strchr
+    - strncpy
+    - _vsnprintf
+    - rand
+    - _stricmp
+    - ExAllocatePool
+    - IoBuildDeviceIoControlRequest
+    - ZwCreateFile
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - __C_specific_handler
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: ??=CN, ??=, ??=, ??=Private Organization, serialNumber=91420100MA4KN92W72,
+                C=CN, ST=, L=, O=Wuhan Jiajia Yiyong Technology Co., Ltd., CN=Wuhan
+                Jiajia Yiyong Technology Co., Ltd.
+            ValidFrom: '2020-11-17 00:00:00'
+            ValidTo: '2023-11-12 23:59:59'
+            Signature: 9451eb3eee03a01f0c66d87dc537eb17f37bc157ec9037c05a55ee4a3d0c207c67b981841c2b642084bca0a3c65f8e8eb5413f3e897b267aad91044c4098319a1f703fa995afdc53896d20245af8c2829e80081d36135ac1acb414bf966fd0af157b3fc2dac8f616f2b794a76b0fb7b300db0c579f093e31dd739b43f09fb7a73c6c914d8453032ea14950246e80abfc7fbaff2597ab68b6f03d30d97edbee25c0e2786040a1770e26661867920f3b01132c4ac5dc9ef97ae59e7baad68fe1b2b12acc7ed54697e9d4025ced62ac9dca82104ac7dd8219b331fcbed72aab33b95fed0ef6a1f9831c8b68457be6b080ae3c9ae15df500a53b7b2a198ee71abd1b
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 012eab44fa8853d913e7107c89406432
+            Version: 3
+            TBS:
+                MD5: 5d40693a8cfc4fd21f0c610ed3ee8477
+                SHA1: 4dffeb59ea4c32c7b87c9fe44d55f5e622444824
+                SHA256: d7380ff1b3d400fdf8cf2d8ab18ac65a071ae51c83cce017fa236fb530c4af74
+                SHA384: 9feb1b57516ca5131bb53e05cfc2c1d1df028761ede93e58f42026a9781507a72e28bb2aca693c72f29da7f0421f45bc
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA
+            ValidFrom: '2012-04-18 12:00:00'
+            ValidTo: '2027-04-18 12:00:00'
+            Signature: 9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0dd0e3374ac95bdbfa6b434b2a48ec06
+            Version: 3
+            TBS:
+                MD5: f92649915476229b093c211c2b18e6c4
+                SHA1: 2d54c16a8f8b69ccdea48d0603c132f547a5cf75
+                SHA256: 2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
+                SHA384: 511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace
+        Signer:
+        -   SerialNumber: 012eab44fa8853d913e7107c89406432
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 0b8725117e665d5272218cb41038327d
+        SHA1: a6dde20a0c8ba6cfe531ce1a57035b8d7b3d900a
+        SHA256: b54213d1248761579f5f569ab7e32402dd88a12622377d381f7eb55d4f4eb053
+    Sections:
+        .text:
+            Entropy: 6.315949532585678
+            Virtual Size: '0xf332'
+        .rdata:
+            Entropy: 7.924187513971753
+            Virtual Size: '0x1100cc'
+        .data:
+            Entropy: 1.4059711626373768
+            Virtual Size: '0x2608'
+        .pdata:
+            Entropy: 4.843716813714921
+            Virtual Size: '0x6d8'
+        INIT:
+            Entropy: 5.256170796244334
+            Virtual Size: '0xb70'
+        .rsrc:
+            Entropy: 3.333432129597516
+            Virtual Size: '0x400'
+        .reloc:
+            Entropy: 1.3463891478457575
+            Virtual Size: '0x174'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2023-03-30 04:23:58'
+    Imphash: 3db9de43d5d530c10d0cd2d43c7a0771
+    LoadsDespiteHVCI: 'TRUE'
+-   Filename: windbg.sys
+    MD5: 40b968ecdbe9e967d92c5da51c390eee
+    SHA1: b8b123a413b7bccfa8433deba4f88669c969b543
+    SHA256: 06c5ebd0371342d18bc81a96f5e5ce28de64101e3c2fd0161d0b54d8368d2f1f
+    Signature: ''
+    Date: ''
+    Publisher: ''
+    Company: Microsoft Corporation
+    Description: Windows GUI symbolic debugger
+    Product: Microsoft? Windows? Operating System
+    ProductVersion: 10.0.19041.685
+    FileVersion: 10.0.19041.685 (WinBuild.160101.0800)
+    MachineType: AMD64
+    OriginalFilename: windbg.sys
+    Authentihash:
+        MD5: 98a3ab2b723de48256701b417ff87a65
+        SHA1: ff80d6663a92ff454526e88847cbb4d9bd00e21e
+        SHA256: 79278979d9300670d1084493bbc03ae374efc5ab02850941e85753885fa88e47
+    InternalName: windbg.sys
+    Copyright: '? Microsoft Corporation. All rights reserved.'
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - ExAllocatePoolWithTag
+    - PsProcessType
+    - IoGetLowerDeviceObject
+    - ExFreePoolWithTag
+    - IoRegisterShutdownNotification
+    - IoAttachDeviceToDeviceStackSafe
+    - PsLookupProcessByProcessId
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - MmGetSystemRoutineAddress
+    - IoDetachDevice
+    - KeDelayExecutionThread
+    - IoUnregisterShutdownNotification
+    - ZwClose
+    - IoGetAttachedDeviceReference
+    - PsGetCurrentProcessId
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - IoEnumerateDeviceObjectList
+    - IoUnregisterFsRegistrationChange
+    - ObOpenObjectByPointer
+    - IoRegisterFsRegistrationChange
+    - IofCallDriver
+    - MmUnmapLockedPages
+    - _wcsicmp
+    - PsGetProcessPeb
+    - ZwCreateKey
+    - RtlCreateUnicodeString
+    - MmMapLockedPages
+    - PsSetLoadImageNotifyRoutine
+    - _wcsnicmp
+    - ZwReadFile
+    - IoGetRelatedDeviceObject
+    - KeSetEvent
+    - IoCreateFile
+    - KeInitializeEvent
+    - ZwDeleteValueKey
+    - ZwSetValueKey
+    - RtlEqualUnicodeString
+    - MmBuildMdlForNonPagedPool
+    - IoFreeMdl
+    - RtlFreeUnicodeString
+    - ObQueryNameString
+    - IoFileObjectType
+    - ZwQueryValueKey
+    - _vsnwprintf
+    - RtlRandom
+    - ObReferenceObjectByHandle
+    - KeWaitForSingleObject
+    - PsRemoveLoadImageNotifyRoutine
+    - ZwFlushKey
+    - MmCreateMdl
+    - IoFreeIrp
+    - ZwDeleteFile
+    - PsGetVersion
+    - IoAllocateIrp
+    - CmRegisterCallback
+    - RtlCopyUnicodeString
+    - MmIsAddressValid
+    - CmUnRegisterCallback
+    - ZwQueryInformationFile
+    - ZwWriteFile
+    - ZwDeleteKey
+    - ZwEnumerateKey
+    - ZwAllocateVirtualMemory
+    - ZwOpenKey
+    - KeUnstackDetachProcess
+    - ZwWaitForSingleObject
+    - ZwFreeVirtualMemory
+    - PsGetProcessSessionId
+    - ZwDuplicateObject
+    - ObReferenceObjectByName
+    - KeStackAttachProcess
+    - RtlSubAuthoritySid
+    - _strnicmp
+    - ZwOpenProcessTokenEx
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - PsThreadType
+    - RtlSubAuthorityCountSid
+    - ZwQueryInformationToken
+    - KeBugCheckEx
+    - strncmp
+    - strstr
+    - strchr
+    - strncpy
+    - _vsnprintf
+    - rand
+    - _stricmp
+    - ExAllocatePool
+    - IoBuildDeviceIoControlRequest
+    - ZwCreateFile
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - __C_specific_handler
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Hardware Compatibility Publisher
+            ValidFrom: '2023-01-12 19:14:52'
+            ValidTo: '2023-12-15 19:14:52'
+            Signature: 5548d9042f4a8d4776b5fccbacda2e58d5161fb7932287aa5da1c9afaca15c230908ed96adeb0f6a86dc3972a85de00fb4d4db0a52394116887998fd673f57a0520fa1e39806b348e555cfe5a419c501a0fbfbdb79e88d37656735fa6cd56d5c465fe3871f5157e357d73956d4586bd50508522be7e24d2357d7ab53e3ae46d2d168e52d0d15761eaab962c36ee0791cabd33869f11f9512772261cda6249f16f85772116cc0585975600e5fe949e1a2bb85820ddf901b9e48ee805aacd1c826a1304916e2180de5d3ecc2fc0375d3a877ab8a058dda7e05aa91727523e579d17ce0dce414612d9b638b1ff5ad74d654c5b7e638a3cca372c5f51db638794ed6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 33000000f5e8773b206b1ccd610000000000f5
+            Version: 3
+            TBS:
+                MD5: bf6aed18e4c3fd6ac87330096df18117
+                SHA1: f96be504b875f1e63bf51eacc6768e4fdecddcc6
+                SHA256: 76c137a4dd29ebb1cb6a5d319d17e7049ad6d524f9de5d47c24c14b16a4f0720
+                SHA384: f1d9ab8315a45f1b96431b009f4b5c12cb4d05428d5b003a4100d4b31124799e8d70dbf72a47787657c42e198bbdff33
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2012
+            ValidFrom: '2012-04-18 23:48:38'
+            ValidTo: '2027-04-18 23:58:38'
+            Signature: 5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 610baac1000000000009
+            Version: 3
+            TBS:
+                MD5: a569061297e8e824767dbc3184a69bea
+                SHA1: adbb26a587a8f44b4fccaecb306f980d1c55a150
+                SHA256: cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46
+                SHA384: e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba
+        Signer:
+        -   SerialNumber: 33000000f5e8773b206b1ccd610000000000f5
+            Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2012
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 0b8725117e665d5272218cb41038327d
+        SHA1: a6dde20a0c8ba6cfe531ce1a57035b8d7b3d900a
+        SHA256: b54213d1248761579f5f569ab7e32402dd88a12622377d381f7eb55d4f4eb053
+    Sections:
+        .text:
+            Entropy: 6.316212989532183
+            Virtual Size: '0xf332'
+        .rdata:
+            Entropy: 7.924187513971753
+            Virtual Size: '0x1100cc'
+        .data:
+            Entropy: 1.4059711626373768
+            Virtual Size: '0x2608'
+        .pdata:
+            Entropy: 4.843716813714921
+            Virtual Size: '0x6d8'
+        INIT:
+            Entropy: 5.256170796244334
+            Virtual Size: '0xb70'
+        .rsrc:
+            Entropy: 3.333432129597516
+            Virtual Size: '0x400'
+        .reloc:
+            Entropy: 1.3463891478457575
+            Virtual Size: '0x174'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2023-03-30 04:23:58'
+    Imphash: 3db9de43d5d530c10d0cd2d43c7a0771
+    LoadsDespiteHVCI: 'TRUE'
+-   Filename: windbg.sys
+    MD5: c71be7b112059d2dc84c0f952e04e6cc
+    SHA1: 9ee31f1f25f675a12b7bad386244a9fbfa786a87
+    SHA256: 6661320f779337b95bbbe1943ee64afb2101c92f92f3d1571c1bf4201c38c724
+    Signature: ''
+    Date: ''
+    Publisher: ''
+    Company: Microsoft Corporation
+    Description: Windows GUI symbolic debugger
+    Product: Microsoft? Windows? Operating System
+    ProductVersion: 10.0.19041.685
+    FileVersion: 10.0.19041.685 (WinBuild.160101.0800)
+    MachineType: I386
+    OriginalFilename: windbg.sys
+    Authentihash:
+        MD5: 01788e7162863cfe7aeba0f040a6cc08
+        SHA1: ded2c02db6b5addf9d521361fd3657b2b6894a48
+        SHA256: 223b320fb86cd4a1019ce31ac6901ce6bc41792810bd995db232dad790398852
+    InternalName: windbg.sys
+    Copyright: '? Microsoft Corporation. All rights reserved.'
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoDeleteDevice
+    - IoDetachDevice
+    - memcpy
+    - memset
+    - ZwClose
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - ObOpenObjectByPointer
+    - PsProcessType
+    - PsLookupProcessByProcessId
+    - MmGetSystemRoutineAddress
+    - RtlInitUnicodeString
+    - IofCallDriver
+    - PsGetCurrentProcessId
+    - IoGetLowerDeviceObject
+    - ObfDereferenceObject
+    - IoGetAttachedDeviceReference
+    - IoUnregisterShutdownNotification
+    - KeDelayExecutionThread
+    - IoAttachDeviceToDeviceStackSafe
+    - IoCreateDevice
+    - IoEnumerateDeviceObjectList
+    - IoRegisterShutdownNotification
+    - IoUnregisterFsRegistrationChange
+    - IoRegisterFsRegistrationChange
+    - _vsnwprintf
+    - PsGetVersion
+    - ZwAllocateVirtualMemory
+    - MmUnmapLockedPages
+    - IoFreeMdl
+    - MmMapLockedPages
+    - MmBuildMdlForNonPagedPool
+    - MmCreateMdl
+    - ZwReadFile
+    - ZwQueryInformationFile
+    - IoCreateFile
+    - _wcsicmp
+    - _wcsnicmp
+    - RtlEqualUnicodeString
+    - ZwWriteFile
+    - ZwFlushKey
+    - ZwSetValueKey
+    - ZwQueryValueKey
+    - RtlRandom
+    - KeQuerySystemTime
+    - ZwDeleteKey
+    - ZwOpenKey
+    - ZwEnumerateKey
+    - ObQueryNameString
+    - RtlCopyUnicodeString
+    - MmIsAddressValid
+    - PsGetProcessPeb
+    - RtlCreateUnicodeString
+    - ZwDeleteValueKey
+    - ZwCreateKey
+    - RtlFreeUnicodeString
+    - ZwDeleteFile
+    - PsRemoveLoadImageNotifyRoutine
+    - CmUnRegisterCallback
+    - PsSetLoadImageNotifyRoutine
+    - CmRegisterCallback
+    - ObReferenceObjectByName
+    - ZwFreeVirtualMemory
+    - ZwWaitForSingleObject
+    - KeUnstackDetachProcess
+    - KeStackAttachProcess
+    - ZwDuplicateObject
+    - PsGetProcessSessionId
+    - _strnicmp
+    - RtlSubAuthoritySid
+    - RtlSubAuthorityCountSid
+    - ZwQueryInformationToken
+    - ZwOpenProcessTokenEx
+    - PsTerminateSystemThread
+    - KeWaitForSingleObject
+    - ObReferenceObjectByHandle
+    - PsThreadType
+    - PsCreateSystemThread
+    - KeInitializeEvent
+    - KeSetEvent
+    - KeTickCount
+    - KeBugCheckEx
+    - _vsnprintf
+    - strncmp
+    - strchr
+    - strncpy
+    - strstr
+    - ExAllocatePool
+    - _stricmp
+    - rand
+    - ZwCreateFile
+    - IoBuildDeviceIoControlRequest
+    - IoGetRelatedDeviceObject
+    - MmProbeAndLockPages
+    - IoFreeIrp
+    - IoAllocateMdl
+    - _allshl
+    - RtlUnwind
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=CN, ST=Guangdong, L=Shenzhen, O=Shenzhen Luyoudashi Technology
+                Co., Ltd., OU=Digital ID Class 3 , Microsoft Software Validation v2,
+                CN=Shenzhen Luyoudashi Technology Co., Ltd.
+            ValidFrom: '2014-05-06 00:00:00'
+            ValidTo: '2015-05-06 23:59:59'
+            Signature: 14a41c7ad5dc6309c5b0390f4dbdec058fab41138c90e8a92e5316495d46210a64a3573a304cb2d791c50f3815a2b7ed11057018158311d061080686a2bd6a0a3c9097161b98e46ab15267b3bbdbd76d43d1bc9a239a24e98a6673e1b1c6ca83230ce3862e0d422f113bb3b5fb2b9254346f40c810f6e0bbc7f137f22d0d272a150eac91baf8513472d277290dfc55c7d2b22003c0fccad9a29fbceeba1586efae4bd98de245bda466f7eca00673d4418f90609b9a6c5cbf1a25a3373f2744a3974cd0ba89f9d1b23a02058dd151c0fda03ffca6a40a6d91c7678b675996b5c0c63f491428684be2367b5a60048f3543b5ddf6ba5270bbe376f5e2b62b14fe6a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 5f9e06262d2eed425c886a4709350426
+            Version: 3
+            TBS:
+                MD5: e01323d4e9f20b9c042abdd9585d2d81
+                SHA1: d1fab71f563191354037fe0bb8bf73718c721e45
+                SHA256: 9db6a214ff40e20a9785ef23e93d98de1c0f3b018703c86e6c7cd0d4ade37a14
+                SHA384: 9977259d83cbe7a02e23c446aa606f37b48ab088e375bb4f09a356fdd3abfc114eb2d22305c3d9daeaa47be4fef9f16b
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        -   Subject: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo
+                RSA Time Stamping CA
+            ValidFrom: '2019-05-02 00:00:00'
+            ValidTo: '2038-01-18 23:59:59'
+            Signature: 6d5481a5335d16e1b553819175df037a320b2d258411b2b0db2a7d2a05f5bc3b27f45aa0b9495990296c61cbb550dbe27df99f00ef40c3add3e2e456f95841cff142e5107dffb0741f8fc65c09f9335eeaa01c26585cf3b4110fd5d5c3e2bcd55878bf4876e144676d8fb043100f8de4f93862bf1301c585a34cc5ccb2533095a4d6f4965608b8cd5c7f0196be72526a3b42377c1678399393949bb1dcb26d416d67cdc96f903d7f4572c11b23d6c2558466e4b3c56606f6f3d64b5eada32b428a2192fea86f5a2570628173635ea0bbd8dcd74ad33daf830638121d24872de4fc02d63e7704bc0436b5e777cb9c2e8d2318b9a3c2471df05dd6a1735705689aa7c937651dbeeabcd842834305a58ba609ffd1a194a64eaa3d09f5056cb7d2645ad82a22c24b9df1395e4cde483d9b34969a095f8efdf7b15291ce3f89f61ca1b5a9751f71bf5b435d653d50816eabf0d0d3fcb2b31fb6999626f43c798b5c64cccdee279ae5a0c00c7287c16e4d5ad31eeaf044e6326f1ceb174e94c37865203b0f41aa1fe9a1419dfeb1b8a0652a34e0dea8f93ce6c130bbc0a0632cfc5c1600a8d0c47fea119d1e06c6a66d325db438092b4907aafdec30daf1a72fcfb7fdfad0a384d9279efb016677b95610e1206ec6aeb1f9b6bac8355d33768ef17c200c2a77aeb5a20286ba29eeb45a00b18cabe3f90ac9545dd4b96a749ebd48ae98
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.12
+            IsCertificateAuthority: true
+            SerialNumber: 300f6facdd6698747ca94636a7782db9
+            Version: 3
+            TBS:
+                MD5: 63499ed59a1293b786649470e4ce0bd7
+                SHA1: 7309d8eaa65da1f3da7030c08f00a3b0a20fa908
+                SHA256: 8c8d2046b29e792e71b28705fe67c435208a336dde074a75452d98e72c734937
+                SHA384: 5dbc5eae13908fee4c4e5216f87e3e87208fff0d1052f5fa9f0856a429d6a6c422c625f2318f2f29aea26ece09c1e811
+        -   Subject: 'C=GB, ST=Manchester, O=Sectigo Limited, CN=Sectigo RSA Time
+                Stamping Signer #3'
+            ValidFrom: '2022-05-11 00:00:00'
+            ValidTo: '2033-08-10 23:59:59'
+            Signature: 73daed6872cbc2b940a131bbb403a32d147b24e7b45b157da8e9fdadd1920d7c3d36a069d9f39a30daac69d67457243f7e0f3cd9f5c379256c26e88d6893cef17789397fa80405da34c314ea9f0854abffc47e966c2bd394ebb46ce0454d2cb2f73b3b5ab5c1fbd789756d987272f6f70728f3d3b2d0eb19be152c78efcd45a000e4f80476bb57c590be775490749e0b4f4dc4aa138f97af01352bcb9b1178e9f2f989043c4ee3821262ebb4440c7541c20f34b8889dc822f1136adb182f6e78adc405b4e884089307f97d83fe689834e477e5b1ce8c946cdb036d2805477e9b2ef064fbdba40331107c1afb3c1980d10b70b9555f47be3964ceb7da235432e346b232d8d22986c9155d8095af02fbb4d12e9d387c35e00f1ced1b47489c226a5582d9f2ba086503e5f129f3488a09014ca679f2a2b61a9994eb9728e1be7d1ba17ced5680a6f4223390e48453fc2afac0a797a8eab58d7acee4e04ba133ab0b76a0d56916b78e66bf5ffa1fc4a87fa7a14814910d82fcbd4d99edc9e66c36fe774399b8692d7c612feda3b049fe5bbe692491ff93fc5769924bd9053f6d8672d3a2d0c064d23a42c11a03fbd0ed9a21b83fafa6b25154d54cc5ca1f128d57c639ed5cffec9f2676ad646667e8aa30e0d2adb77db16a41276e038aa374e08a09826ebfe3f6b7bc9e0b29186881a19c3f6e16594b1409099ae6aebf6015dd86f5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.12
+            IsCertificateAuthority: false
+            SerialNumber: 0090397f9ad24a3a13f2bd915f0838a943
+            Version: 3
+            TBS:
+                MD5: 26ec2c9bfcb06fdf8a6d95f2c616fd72
+                SHA1: 635466f1432046f6fd338624c068872ab6488b12
+                SHA256: 2219bd6adf84dc8f6f04833974d150f75f5ce79cbf85788a6f7efaa4a5205839
+                SHA384: 62d3259a3af5706e5bd6ca3f7ca35c0978253facbf7bee54f61d6afdd548e39e435fb55f952dbf8ed2bd6ee0c6b69660
+        Signer:
+        -   SerialNumber: 5f9e06262d2eed425c886a4709350426
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: fcc2deab7e9faa5b1d77595feb500b14
+        SHA1: 986d82b450e146954da1d2aa002df555a2458878
+        SHA256: 8a1062d510272d9077cb3bc5a2afaeb4284c1d31bca2a87324830440d1165e6c
+    Sections:
+        .text:
+            Entropy: 6.537204681444195
+            Virtual Size: '0xcbb8'
+        .rdata:
+            Entropy: 7.89986640817199
+            Virtual Size: '0xe2184'
+        .data:
+            Entropy: 2.3812541502696827
+            Virtual Size: '0x2420'
+        INIT:
+            Entropy: 5.640068534278057
+            Virtual Size: '0x9d4'
+        .rsrc:
+            Entropy: 3.3328333229060245
+            Virtual Size: '0x400'
+        .reloc:
+            Entropy: 3.325148925851967
+            Virtual Size: '0x143c'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2023-03-07 08:50:54'
+    Imphash: cf0eb2dce2ba2c9ff5dd0da794b8b372
+    LoadsDespiteHVCI: 'TRUE'
+-   Filename: windbg.sys
+    MD5: 0ea8389589c603a8b05146bd06020597
+    SHA1: 3c1c3f5f5081127229ba0019fbf0efc2a9c1d677
+    SHA256: f9f2091fccb289bcf6a945f6b38676ec71dedb32f3674262928ccaf840ca131a
+    Signature: ''
+    Date: ''
+    Publisher: ''
+    Company: Microsoft Corporation
+    Description: Windows GUI symbolic debugger
+    Product: Microsoft? Windows? Operating System
+    ProductVersion: 10.0.19041.685
+    FileVersion: 10.0.19041.685 (WinBuild.160101.0800)
+    MachineType: I386
+    OriginalFilename: windbg.sys
+    Authentihash:
+        MD5: 0318de365e28ee38442c92b03747b088
+        SHA1: ff0497dbd779bd65bbb7302b360dc0738a464e9b
+        SHA256: dd759c6b9c4222c7b19e8b0ba7288d7395594d6884b9bcdf0ccfada3e6b7a8d5
+    InternalName: windbg.sys
+    Copyright: '? Microsoft Corporation. All rights reserved.'
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoDeleteDevice
+    - IoDetachDevice
+    - memcpy
+    - memset
+    - ZwClose
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - ObOpenObjectByPointer
+    - PsProcessType
+    - PsLookupProcessByProcessId
+    - MmGetSystemRoutineAddress
+    - RtlInitUnicodeString
+    - IofCallDriver
+    - PsGetCurrentProcessId
+    - IoGetLowerDeviceObject
+    - ObfDereferenceObject
+    - IoGetAttachedDeviceReference
+    - IoUnregisterShutdownNotification
+    - KeDelayExecutionThread
+    - IoAttachDeviceToDeviceStackSafe
+    - IoCreateDevice
+    - IoEnumerateDeviceObjectList
+    - IoRegisterShutdownNotification
+    - IoUnregisterFsRegistrationChange
+    - IoRegisterFsRegistrationChange
+    - _vsnwprintf
+    - PsGetVersion
+    - ZwAllocateVirtualMemory
+    - MmUnmapLockedPages
+    - IoFreeMdl
+    - MmMapLockedPages
+    - MmBuildMdlForNonPagedPool
+    - MmCreateMdl
+    - ZwReadFile
+    - ZwQueryInformationFile
+    - IoCreateFile
+    - _wcsicmp
+    - _wcsnicmp
+    - RtlEqualUnicodeString
+    - ZwWriteFile
+    - ZwFlushKey
+    - ZwSetValueKey
+    - ZwQueryValueKey
+    - RtlRandom
+    - KeQuerySystemTime
+    - ZwDeleteKey
+    - ZwOpenKey
+    - ZwEnumerateKey
+    - ObQueryNameString
+    - RtlCopyUnicodeString
+    - MmIsAddressValid
+    - PsGetProcessPeb
+    - RtlCreateUnicodeString
+    - ZwDeleteValueKey
+    - ZwCreateKey
+    - RtlFreeUnicodeString
+    - ZwDeleteFile
+    - PsRemoveLoadImageNotifyRoutine
+    - CmUnRegisterCallback
+    - PsSetLoadImageNotifyRoutine
+    - CmRegisterCallback
+    - ObReferenceObjectByName
+    - ZwFreeVirtualMemory
+    - ZwWaitForSingleObject
+    - KeUnstackDetachProcess
+    - KeStackAttachProcess
+    - ZwDuplicateObject
+    - PsGetProcessSessionId
+    - _strnicmp
+    - RtlSubAuthoritySid
+    - RtlSubAuthorityCountSid
+    - ZwQueryInformationToken
+    - ZwOpenProcessTokenEx
+    - PsTerminateSystemThread
+    - KeWaitForSingleObject
+    - ObReferenceObjectByHandle
+    - PsThreadType
+    - PsCreateSystemThread
+    - KeInitializeEvent
+    - KeSetEvent
+    - KeTickCount
+    - KeBugCheckEx
+    - _vsnprintf
+    - strncmp
+    - strchr
+    - strncpy
+    - strstr
+    - ExAllocatePool
+    - _stricmp
+    - rand
+    - ZwCreateFile
+    - IoBuildDeviceIoControlRequest
+    - IoGetRelatedDeviceObject
+    - MmProbeAndLockPages
+    - IoFreeIrp
+    - IoAllocateMdl
+    - _allshl
+    - RtlUnwind
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=CN, ST=Shandong, L=Binzhou, O=Binzhoushi Yongyu Feed Co.,LTd.,
+                CN=Binzhoushi Yongyu Feed Co.,LTd.
+            ValidFrom: '2014-01-17 00:00:00'
+            ValidTo: '2016-01-17 23:59:59'
+            Signature: 565de91bd9b0bbefe729b5e1a4070c18ee9855ad678967425dd8f4284cdd54fd20affa0449eb2061c26c0720e6b64ee7323461482ad375a2223074f1d41c96b48249ef810d1dc390b89890e703a407c05c7f5d8670573f22dcf7aa210b6d35793423e62a015309d1b37bc59664c32778d78bda41c215a9db9f13c95d922b5d2c0a798b3a642f50cc1aa12db6a398ab2741ce185e65d24ecbcad0d2309cf28530ae4c2ab4207dd35168d612ba3974230fd8d6121f4a9bd47b8ccb5e431f56e7b7f31e879a0f905dc16d1b73f0aa3ef9aeef75a471c09d484c1f474f97fcae827f29cedbd9f022d3e14a1d7ed7792a62b581f58e5e74c5eae41a32b9cc1da2f889
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 5d11784fb81765023f89a4f4243fe1a9
+            Version: 3
+            TBS:
+                MD5: b5ff0da6f1d327dca52b08e9c7c8d439
+                SHA1: c7acfdfc234a3bb37535cbe2785d9202b4b0a10c
+                SHA256: 80a8f0e8652dcea59596b4238f4c2d9f0212a25ea7434fde70a68a202b7ed0b1
+                SHA384: 5cb5027c847cd97082d64888db37cd3fed2ce3663ae3c7466d16887661fb8772f84f9a756782bd9eadde048ceb0f3773
+        -   Subject: C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 56fe535ce1c79ebca7ed7e536d6a144b518c405e805faaa4e82fef38c804c9ca3ecfdf3a584eb0d4b663c52957fa02059a454d68db2a1bd4343d9f00c35acb9549a56ee1b0c5fc414d414a6fd377c8d7388de419de18f31f1565836d450c53f90a9a2ea55dbf6f32811892196a5500ad631c52067e55d92968ae4a7c189a79886b2323d827382a298776cafbc7b662231fed7a564cdd9c325bf53d0c4618953b2a2368836441d9006d0f1924156872bdc571676eac4cdb90eb51a51a6207d0be6a00473c722fec4f613e7385ce5a0ab7bac01c1375e3223928dd6d1d09469d4fbae8408191c6a4ce94721b01cf2a6e15679589ae7db7b7cdf90a3d75b66b3c25
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47974d7873a5bcab0d2fb370192fce5e
+            Version: 3
+            TBS:
+                MD5: e3a93dc2a8a8a668fdbb286bfe9afab5
+                SHA1: 95795d2aa2a554a423bc8c6e5b0a016d14887d35
+                SHA256: d8844186775bddbccaf3dc017064df7d760fd4b85c5d07561a3efd7da950f89e
+                SHA384: 78d972495720b43a6470b18ae1226bcca20707628087717a9364c14ca053ba264e6d149718b103542d9942200138a69d
+        -   Subject: C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c)
+                2006 thawte, Inc. , For authorized use only, CN=thawte Primary Root
+                CA
+            ValidFrom: '2011-02-22 19:31:57'
+            ValidTo: '2021-02-22 19:41:57'
+            Signature: 2dcc71b5e8ba94ff5ee64467007b6afc412c3ee70e41855ab12a932ba95b89f2f72b499c8003f297b8e760a80ed7fd5de545467594f4ed1c9de166228b61fb29f2c6a8bdf387c98f7f47e1c058b64a1aa2e7f718606969e083069e26c775c40c0d79da746b52b9fae8ea3359b9bb18dd291a14dfd36a37277a9da0dacffffc22c4faf009ff33e93e17ba1cc742cfce2743d30c0c5581303db96060ce02ece19ee81ddc852ce0a18d966d95ac17a4713ea16741b6281d2ce3b615e5b7e5a2f6256d86e320acf9f8314f8e629b9833376d6af735523e90feb03b5fc5b852a9e06ea0479a279e97aea24a9e531939ec357ec659de3ae0aaf533f06abda0821812dea18c4570ca2bd62e959145995a5c240049bd23b30ceca43df5b9e1d1b1825a38eea3fba1ab483a8c5dffa065223fd3d3fe4990db1446a3852e8a554b09ab38b2ab63a008d1fdad48e273d812bcc26ca516fad09ac05e38383a2b718e553aac42197a1f0d4220e7ab5d8c6880524ca1c0d488d02321fb901309007b4937afa9df486022abf4f6c2363bf8513c34bbc586e43ae19f4b90fe5461024b159c34176aa94b8d4cb69d2326c83af1d6b805cdda1d6240183a2f1b41cd3a993a0aa9d1d77eb8c4aff7b8c980105ed55df6ce7a9a02c50f6381efb564e9fc5bd8d2619a68c37cf9c78df91e87d5fa2cf816ae9dab068fc86dc741cda14e84e3dac26ebcfb
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611fb0a400000000001d
+            Version: 3
+            TBS:
+                MD5: a3f222107d4e1085e73b5b589c2f480b
+                SHA1: b94aa26cd77c48d91a53ac44506cbd255e1d362c
+                SHA256: a39ed0d6fd4eb1a6f7fed60f726e23eae668b7591bc004644625d22c701213fa
+                SHA384: 64b7643e4146016cbf83c911eb67e4601b6bb8d66f8ee8dcee67b815f91770d86ab23678b984430f22a963e5484881b7
+        Signer:
+        -   SerialNumber: 5d11784fb81765023f89a4f4243fe1a9
+            Issuer: C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2
+            Version: 1
+    RichPEHeaderHash:
+        MD5: fcc2deab7e9faa5b1d77595feb500b14
+        SHA1: 986d82b450e146954da1d2aa002df555a2458878
+        SHA256: 8a1062d510272d9077cb3bc5a2afaeb4284c1d31bca2a87324830440d1165e6c
+    Sections:
+        .text:
+            Entropy: 6.5355947269042955
+            Virtual Size: '0xcbb8'
+        .rdata:
+            Entropy: 7.900782744418186
+            Virtual Size: '0xe2184'
+        .data:
+            Entropy: 2.3812541502696827
+            Virtual Size: '0x2420'
+        INIT:
+            Entropy: 5.640068534278057
+            Virtual Size: '0x9d4'
+        .rsrc:
+            Entropy: 3.3328333229060245
+            Virtual Size: '0x400'
+        .reloc:
+            Entropy: 3.325148925851967
+            Virtual Size: '0x143c'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2023-03-08 03:14:17'
+    Imphash: cf0eb2dce2ba2c9ff5dd0da794b8b372
+    LoadsDespiteHVCI: 'TRUE'
+-   Filename: windbg.sys
+    MD5: 19bdd9b799e3c2c54c0d7fff68b31c20
+    SHA1: ea4a405445bb6e58c16b81f6d5d2c9a9edde419b
+    SHA256: e6f764c3b5580cd1675cbf184938ad5a201a8c096607857869bd7c3399df0d12
+    Signature: ''
+    Date: ''
+    Publisher: ''
+    Company: Microsoft Corporation
+    Description: Windows GUI symbolic debugger
+    Product: Microsoft? Windows? Operating System
+    ProductVersion: 10.0.19041.685
+    FileVersion: 10.0.19041.685 (WinBuild.160101.0800)
+    MachineType: I386
+    OriginalFilename: windbg.sys
+    Authentihash:
+        MD5: 619b74b682d2abd190cb3e0ac5ecd6f7
+        SHA1: ed5e61e534550b1f286d0801d4464d45f38d2739
+        SHA256: 40e0be2ed5d07d5ecf14232fe64a95c7ad6fd942a60b4a6e21fda69c75bbb78d
+    InternalName: windbg.sys
+    Copyright: '? Microsoft Corporation. All rights reserved.'
+    Imports:
+    - ntoskrnl.exe
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoDeleteDevice
+    - ExAllocatePool
+    - NtQuerySystemInformation
+    - ExFreePoolWithTag
+    - IoAllocateMdl
+    - MmProbeAndLockPages
+    - MmMapLockedPagesSpecifyCache
+    - MmUnlockPages
+    - IoFreeMdl
+    - KeQueryActiveProcessors
+    - KeSetSystemAffinityThread
+    - KeRevertToUserAffinityThread
+    - DbgPrint
+    - _except_handler3
+    - KeQueryPerformanceCounter
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: ??=CN, ??=, ??=, ??=Private Organization, serialNumber=91420100MA4KN92W72,
+                C=CN, ST=, L=, O=Wuhan Jiajia Yiyong Technology Co., Ltd., CN=Wuhan
+                Jiajia Yiyong Technology Co., Ltd.
+            ValidFrom: '2020-11-17 00:00:00'
+            ValidTo: '2023-11-12 23:59:59'
+            Signature: 9451eb3eee03a01f0c66d87dc537eb17f37bc157ec9037c05a55ee4a3d0c207c67b981841c2b642084bca0a3c65f8e8eb5413f3e897b267aad91044c4098319a1f703fa995afdc53896d20245af8c2829e80081d36135ac1acb414bf966fd0af157b3fc2dac8f616f2b794a76b0fb7b300db0c579f093e31dd739b43f09fb7a73c6c914d8453032ea14950246e80abfc7fbaff2597ab68b6f03d30d97edbee25c0e2786040a1770e26661867920f3b01132c4ac5dc9ef97ae59e7baad68fe1b2b12acc7ed54697e9d4025ced62ac9dca82104ac7dd8219b331fcbed72aab33b95fed0ef6a1f9831c8b68457be6b080ae3c9ae15df500a53b7b2a198ee71abd1b
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 012eab44fa8853d913e7107c89406432
+            Version: 3
+            TBS:
+                MD5: 5d40693a8cfc4fd21f0c610ed3ee8477
+                SHA1: 4dffeb59ea4c32c7b87c9fe44d55f5e622444824
+                SHA256: d7380ff1b3d400fdf8cf2d8ab18ac65a071ae51c83cce017fa236fb530c4af74
+                SHA384: 9feb1b57516ca5131bb53e05cfc2c1d1df028761ede93e58f42026a9781507a72e28bb2aca693c72f29da7f0421f45bc
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA
+            ValidFrom: '2012-04-18 12:00:00'
+            ValidTo: '2027-04-18 12:00:00'
+            Signature: 9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0dd0e3374ac95bdbfa6b434b2a48ec06
+            Version: 3
+            TBS:
+                MD5: f92649915476229b093c211c2b18e6c4
+                SHA1: 2d54c16a8f8b69ccdea48d0603c132f547a5cf75
+                SHA256: 2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
+                SHA384: 511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace
+        Signer:
+        -   SerialNumber: 012eab44fa8853d913e7107c89406432
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: ffdf660eb1ebf020a1d0a55a90712dfb
+        SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
+        SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
+    Sections:
+        .text:
+            Entropy: 0.0
+            Virtual Size: '0xcab8'
+        .rdata:
+            Entropy: 0.0
+            Virtual Size: '0xdd534'
+        .data:
+            Entropy: 0.0
+            Virtual Size: '0x2420'
+        INIT:
+            Entropy: 0.0
+            Virtual Size: '0x9d4'
+        .!ah:
+            Entropy: 0.0
+            Virtual Size: '0x13a13a'
+        .ayl:
+            Entropy: 0.8731292151353464
+            Virtual Size: '0x240'
+        .a"#:
+            Entropy: 7.905485094234152
+            Virtual Size: '0x353c10'
+        .reloc:
+            Entropy: 4.327337601167297
+            Virtual Size: '0x5bc'
+        .rsrc:
+            Entropy: 3.3535230093039967
+            Virtual Size: '0x3f8'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2023-03-09 06:55:46'
+    Imphash: 514298d18002920ee5a917fc34426417
+    LoadsDespiteHVCI: 'TRUE'
+-   Filename: windbg.sys
+    MD5: 88bea56ae9257b40063785cf47546024
+    SHA1: b5a8e2104d76dbb04cd9ffe86784113585822375
+    SHA256: e1cb86386757b947b39086cc8639da988f6e8018ca9995dd669bdc03c8d39d7d
+    Signature: ''
+    Date: ''
+    Publisher: ''
+    Company: Microsoft Corporation
+    Description: Windows GUI symbolic debugger
+    Product: Microsoft? Windows? Operating System
+    ProductVersion: 10.0.19041.685
+    FileVersion: 10.0.19041.685 (WinBuild.160101.0800)
+    MachineType: I386
+    OriginalFilename: windbg.sys
+    Authentihash:
+        MD5: 265462dbda175886e0c02257f2385753
+        SHA1: 0e45b675fec76249e64f8a2d4bd5483886b91169
+        SHA256: 37a1a3fa4dc148924c1bfb60c88ffef082ee58cd0ee804d2de0f1d22c1e7802c
+    InternalName: windbg.sys
+    Copyright: '? Microsoft Corporation. All rights reserved.'
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoDeleteDevice
+    - IoDetachDevice
+    - memcpy
+    - memset
+    - ZwClose
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - ObOpenObjectByPointer
+    - PsProcessType
+    - PsLookupProcessByProcessId
+    - MmGetSystemRoutineAddress
+    - RtlInitUnicodeString
+    - IofCallDriver
+    - PsGetCurrentProcessId
+    - IoGetLowerDeviceObject
+    - ObfDereferenceObject
+    - IoGetAttachedDeviceReference
+    - IoUnregisterShutdownNotification
+    - KeDelayExecutionThread
+    - IoAttachDeviceToDeviceStackSafe
+    - IoCreateDevice
+    - IoEnumerateDeviceObjectList
+    - IoRegisterShutdownNotification
+    - IoUnregisterFsRegistrationChange
+    - IoRegisterFsRegistrationChange
+    - _vsnwprintf
+    - PsGetVersion
+    - ZwAllocateVirtualMemory
+    - MmUnmapLockedPages
+    - IoFreeMdl
+    - MmMapLockedPages
+    - MmBuildMdlForNonPagedPool
+    - MmCreateMdl
+    - ZwReadFile
+    - ZwQueryInformationFile
+    - IoCreateFile
+    - _wcsicmp
+    - _wcsnicmp
+    - RtlEqualUnicodeString
+    - ZwWriteFile
+    - ZwFlushKey
+    - ZwSetValueKey
+    - ZwQueryValueKey
+    - RtlRandom
+    - KeQuerySystemTime
+    - ZwDeleteKey
+    - ZwOpenKey
+    - ZwEnumerateKey
+    - IoFreeIrp
+    - KeSetEvent
+    - KeWaitForSingleObject
+    - KeGetCurrentThread
+    - KeInitializeEvent
+    - IoAllocateIrp
+    - IoGetRelatedDeviceObject
+    - ObReferenceObjectByHandle
+    - IoFileObjectType
+    - ObQueryNameString
+    - RtlCopyUnicodeString
+    - MmIsAddressValid
+    - PsGetProcessPeb
+    - RtlCreateUnicodeString
+    - ZwDeleteValueKey
+    - ZwCreateKey
+    - RtlFreeUnicodeString
+    - ZwDeleteFile
+    - PsRemoveLoadImageNotifyRoutine
+    - CmUnRegisterCallback
+    - PsSetLoadImageNotifyRoutine
+    - CmRegisterCallback
+    - ObReferenceObjectByName
+    - ZwFreeVirtualMemory
+    - ZwWaitForSingleObject
+    - KeUnstackDetachProcess
+    - KeStackAttachProcess
+    - ZwDuplicateObject
+    - PsGetProcessSessionId
+    - _strnicmp
+    - RtlSubAuthoritySid
+    - RtlSubAuthorityCountSid
+    - ZwQueryInformationToken
+    - ZwOpenProcessTokenEx
+    - PsTerminateSystemThread
+    - PsThreadType
+    - PsCreateSystemThread
+    - KeTickCount
+    - KeBugCheckEx
+    - _vsnprintf
+    - strncmp
+    - strchr
+    - strncpy
+    - strstr
+    - ExAllocatePool
+    - _stricmp
+    - rand
+    - ZwCreateFile
+    - IoBuildDeviceIoControlRequest
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - _allshl
+    - RtlUnwind
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: ??=CN, ??=, ??=, ??=Private Organization, serialNumber=91420100MA4KN92W72,
+                C=CN, ST=, L=, O=Wuhan Jiajia Yiyong Technology Co., Ltd., CN=Wuhan
+                Jiajia Yiyong Technology Co., Ltd.
+            ValidFrom: '2020-11-17 00:00:00'
+            ValidTo: '2023-11-12 23:59:59'
+            Signature: 9451eb3eee03a01f0c66d87dc537eb17f37bc157ec9037c05a55ee4a3d0c207c67b981841c2b642084bca0a3c65f8e8eb5413f3e897b267aad91044c4098319a1f703fa995afdc53896d20245af8c2829e80081d36135ac1acb414bf966fd0af157b3fc2dac8f616f2b794a76b0fb7b300db0c579f093e31dd739b43f09fb7a73c6c914d8453032ea14950246e80abfc7fbaff2597ab68b6f03d30d97edbee25c0e2786040a1770e26661867920f3b01132c4ac5dc9ef97ae59e7baad68fe1b2b12acc7ed54697e9d4025ced62ac9dca82104ac7dd8219b331fcbed72aab33b95fed0ef6a1f9831c8b68457be6b080ae3c9ae15df500a53b7b2a198ee71abd1b
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 012eab44fa8853d913e7107c89406432
+            Version: 3
+            TBS:
+                MD5: 5d40693a8cfc4fd21f0c610ed3ee8477
+                SHA1: 4dffeb59ea4c32c7b87c9fe44d55f5e622444824
+                SHA256: d7380ff1b3d400fdf8cf2d8ab18ac65a071ae51c83cce017fa236fb530c4af74
+                SHA384: 9feb1b57516ca5131bb53e05cfc2c1d1df028761ede93e58f42026a9781507a72e28bb2aca693c72f29da7f0421f45bc
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA
+            ValidFrom: '2012-04-18 12:00:00'
+            ValidTo: '2027-04-18 12:00:00'
+            Signature: 9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0dd0e3374ac95bdbfa6b434b2a48ec06
+            Version: 3
+            TBS:
+                MD5: f92649915476229b093c211c2b18e6c4
+                SHA1: 2d54c16a8f8b69ccdea48d0603c132f547a5cf75
+                SHA256: 2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
+                SHA384: 511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace
+        Signer:
+        -   SerialNumber: 012eab44fa8853d913e7107c89406432
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: e1c6e942db6887e4c9e630b5bb75c313
+        SHA1: e703cd9718363d923287424967d01ca57fc8a842
+        SHA256: 8afa5d95d504001486a7641c204a06b483d2cf4f3b4ed072606cc05759996d9d
+    Sections:
+        .text:
+            Entropy: 6.560143155001299
+            Virtual Size: '0xcf52'
+        .rdata:
+            Entropy: 7.956474654695534
+            Virtual Size: '0xdc5e4'
+        .data:
+            Entropy: 2.3758735106170197
+            Virtual Size: '0x2420'
+        INIT:
+            Entropy: 5.700732148931988
+            Virtual Size: '0xa1a'
+        .rsrc:
+            Entropy: 3.337476767732356
+            Virtual Size: '0x400'
+        .reloc:
+            Entropy: 3.4327474207821553
+            Virtual Size: '0x144e'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2023-03-30 04:24:09'
+    Imphash: f8e4844312e81dbdb4e8e95e2ad2c127
+    LoadsDespiteHVCI: 'TRUE'
+-   Filename: windbg.sys
+    MD5: 3f11a94f1ac5efdd19767c6976da9ba4
+    SHA1: f92faed3ef92fa5bc88ebc1725221be5d7425528
+    SHA256: 4734a0a5d88f44a4939b8d812364cab6ca5f611b9b8ceebe27df6c1ed3a6d8a4
+    Signature: ''
+    Date: ''
+    Publisher: ''
+    Company: Microsoft Corporation
+    Description: Windows GUI symbolic debugger
+    Product: Microsoft? Windows? Operating System
+    ProductVersion: 10.0.19041.685
+    FileVersion: 10.0.19041.685 (WinBuild.160101.0800)
+    MachineType: I386
+    OriginalFilename: windbg.sys
+    Authentihash:
+        MD5: 096f2e1d163a780fa3cb7f0870fe2b34
+        SHA1: 0e4f45b762d5c548322cde3d0e2d5ff2d81c87f1
+        SHA256: 948735962436df24baa69e58421345d4a295e0821f4f93fd9f64e11f51a9666f
+    InternalName: windbg.sys
+    Copyright: '? Microsoft Corporation. All rights reserved.'
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoDeleteDevice
+    - IoDetachDevice
+    - memcpy
+    - memset
+    - ZwClose
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - ObOpenObjectByPointer
+    - PsProcessType
+    - PsLookupProcessByProcessId
+    - MmGetSystemRoutineAddress
+    - RtlInitUnicodeString
+    - IofCallDriver
+    - PsGetCurrentProcessId
+    - IoGetLowerDeviceObject
+    - ObfDereferenceObject
+    - IoGetAttachedDeviceReference
+    - IoUnregisterShutdownNotification
+    - KeDelayExecutionThread
+    - IoAttachDeviceToDeviceStackSafe
+    - IoCreateDevice
+    - IoEnumerateDeviceObjectList
+    - IoRegisterShutdownNotification
+    - IoUnregisterFsRegistrationChange
+    - IoRegisterFsRegistrationChange
+    - _vsnwprintf
+    - PsGetVersion
+    - ZwAllocateVirtualMemory
+    - MmUnmapLockedPages
+    - IoFreeMdl
+    - MmMapLockedPages
+    - MmBuildMdlForNonPagedPool
+    - MmCreateMdl
+    - ZwReadFile
+    - ZwQueryInformationFile
+    - IoCreateFile
+    - _wcsicmp
+    - _wcsnicmp
+    - RtlEqualUnicodeString
+    - ZwWriteFile
+    - ZwFlushKey
+    - ZwSetValueKey
+    - ZwQueryValueKey
+    - RtlRandom
+    - KeQuerySystemTime
+    - ZwDeleteKey
+    - ZwOpenKey
+    - ZwEnumerateKey
+    - IoFreeIrp
+    - KeSetEvent
+    - KeWaitForSingleObject
+    - KeGetCurrentThread
+    - KeInitializeEvent
+    - IoAllocateIrp
+    - IoGetRelatedDeviceObject
+    - ObReferenceObjectByHandle
+    - IoFileObjectType
+    - ObQueryNameString
+    - RtlCopyUnicodeString
+    - MmIsAddressValid
+    - PsGetProcessPeb
+    - RtlCreateUnicodeString
+    - ZwDeleteValueKey
+    - ZwCreateKey
+    - RtlFreeUnicodeString
+    - ZwDeleteFile
+    - PsRemoveLoadImageNotifyRoutine
+    - CmUnRegisterCallback
+    - PsSetLoadImageNotifyRoutine
+    - CmRegisterCallback
+    - ObReferenceObjectByName
+    - ZwFreeVirtualMemory
+    - ZwWaitForSingleObject
+    - KeUnstackDetachProcess
+    - KeStackAttachProcess
+    - ZwDuplicateObject
+    - PsGetProcessSessionId
+    - _strnicmp
+    - RtlSubAuthoritySid
+    - RtlSubAuthorityCountSid
+    - ZwQueryInformationToken
+    - ZwOpenProcessTokenEx
+    - PsTerminateSystemThread
+    - PsThreadType
+    - PsCreateSystemThread
+    - KeTickCount
+    - KeBugCheckEx
+    - _vsnprintf
+    - strncmp
+    - strchr
+    - strncpy
+    - strstr
+    - ExAllocatePool
+    - _stricmp
+    - rand
+    - ZwCreateFile
+    - IoBuildDeviceIoControlRequest
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - _allshl
+    - RtlUnwind
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: ??=CN, ??=, ??=, ??=Private Organization, serialNumber=91420100MA4KN92W72,
+                C=CN, ST=, L=, O=Wuhan Jiajia Yiyong Technology Co., Ltd., CN=Wuhan
+                Jiajia Yiyong Technology Co., Ltd.
+            ValidFrom: '2020-11-17 00:00:00'
+            ValidTo: '2023-11-12 23:59:59'
+            Signature: 9451eb3eee03a01f0c66d87dc537eb17f37bc157ec9037c05a55ee4a3d0c207c67b981841c2b642084bca0a3c65f8e8eb5413f3e897b267aad91044c4098319a1f703fa995afdc53896d20245af8c2829e80081d36135ac1acb414bf966fd0af157b3fc2dac8f616f2b794a76b0fb7b300db0c579f093e31dd739b43f09fb7a73c6c914d8453032ea14950246e80abfc7fbaff2597ab68b6f03d30d97edbee25c0e2786040a1770e26661867920f3b01132c4ac5dc9ef97ae59e7baad68fe1b2b12acc7ed54697e9d4025ced62ac9dca82104ac7dd8219b331fcbed72aab33b95fed0ef6a1f9831c8b68457be6b080ae3c9ae15df500a53b7b2a198ee71abd1b
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 012eab44fa8853d913e7107c89406432
+            Version: 3
+            TBS:
+                MD5: 5d40693a8cfc4fd21f0c610ed3ee8477
+                SHA1: 4dffeb59ea4c32c7b87c9fe44d55f5e622444824
+                SHA256: d7380ff1b3d400fdf8cf2d8ab18ac65a071ae51c83cce017fa236fb530c4af74
+                SHA384: 9feb1b57516ca5131bb53e05cfc2c1d1df028761ede93e58f42026a9781507a72e28bb2aca693c72f29da7f0421f45bc
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA
+            ValidFrom: '2012-04-18 12:00:00'
+            ValidTo: '2027-04-18 12:00:00'
+            Signature: 9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0dd0e3374ac95bdbfa6b434b2a48ec06
+            Version: 3
+            TBS:
+                MD5: f92649915476229b093c211c2b18e6c4
+                SHA1: 2d54c16a8f8b69ccdea48d0603c132f547a5cf75
+                SHA256: 2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
+                SHA384: 511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace
+        Signer:
+        -   SerialNumber: 012eab44fa8853d913e7107c89406432
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: e1c6e942db6887e4c9e630b5bb75c313
+        SHA1: e703cd9718363d923287424967d01ca57fc8a842
+        SHA256: 8afa5d95d504001486a7641c204a06b483d2cf4f3b4ed072606cc05759996d9d
+    Sections:
+        .text:
+            Entropy: 6.562572727180479
+            Virtual Size: '0xcf52'
+        .rdata:
+            Entropy: 7.956615408068725
+            Virtual Size: '0xdc824'
+        .data:
+            Entropy: 2.3758735106170197
+            Virtual Size: '0x2420'
+        INIT:
+            Entropy: 5.700732148931988
+            Virtual Size: '0xa1a'
+        .rsrc:
+            Entropy: 3.337476767732356
+            Virtual Size: '0x400'
+        .reloc:
+            Entropy: 3.4303160245829205
+            Virtual Size: '0x144e'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2023-03-27 22:28:14'
+    Imphash: f8e4844312e81dbdb4e8e95e2ad2c127
+    LoadsDespiteHVCI: 'TRUE'
+-   Filename: windbg.sys
+    MD5: 0bdd51cc33e88b5265dfb7d88c5dc8d6
+    SHA1: 6a6fe0d69e0ea34d695c3b525e6db639f9ad6ac5
+    SHA256: ea50f22daade04d3ca06dedb497b905215cba31aae7b4cab4b533fda0c5be620
+    Signature: ''
+    Date: ''
+    Publisher: ''
+    Company: Microsoft Corporation
+    Description: Windows GUI symbolic debugger
+    Product: Microsoft? Windows? Operating System
+    ProductVersion: 10.0.19041.685
+    FileVersion: 10.0.19041.685 (WinBuild.160101.0800)
+    MachineType: I386
+    OriginalFilename: windbg.sys
+    Authentihash:
+        MD5: 207e5de5c589271ee469dd33442a0bb0
+        SHA1: 34e83718226e039ebf28c4ea2284b011701710d0
+        SHA256: aa833c9e3bcdc33eaf64fd913e80f5b9ce60618f6e3ff4c386420fea4a494380
+    InternalName: windbg.sys
+    Copyright: '? Microsoft Corporation. All rights reserved.'
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoDeleteDevice
+    - IoDetachDevice
+    - memcpy
+    - memset
+    - ZwClose
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - ObOpenObjectByPointer
+    - PsProcessType
+    - PsLookupProcessByProcessId
+    - MmGetSystemRoutineAddress
+    - RtlInitUnicodeString
+    - IofCallDriver
+    - PsGetCurrentProcessId
+    - IoGetLowerDeviceObject
+    - ObfDereferenceObject
+    - IoGetAttachedDeviceReference
+    - IoUnregisterShutdownNotification
+    - KeDelayExecutionThread
+    - IoAttachDeviceToDeviceStackSafe
+    - IoCreateDevice
+    - IoEnumerateDeviceObjectList
+    - IoRegisterShutdownNotification
+    - IoUnregisterFsRegistrationChange
+    - IoRegisterFsRegistrationChange
+    - _vsnwprintf
+    - PsGetVersion
+    - ZwAllocateVirtualMemory
+    - MmUnmapLockedPages
+    - IoFreeMdl
+    - MmMapLockedPages
+    - MmBuildMdlForNonPagedPool
+    - MmCreateMdl
+    - ZwReadFile
+    - ZwQueryInformationFile
+    - IoCreateFile
+    - _wcsicmp
+    - _wcsnicmp
+    - RtlEqualUnicodeString
+    - ZwWriteFile
+    - ZwFlushKey
+    - ZwSetValueKey
+    - ZwQueryValueKey
+    - RtlRandom
+    - KeQuerySystemTime
+    - ZwDeleteKey
+    - ZwOpenKey
+    - ZwEnumerateKey
+    - IoFreeIrp
+    - KeSetEvent
+    - KeWaitForSingleObject
+    - KeGetCurrentThread
+    - KeInitializeEvent
+    - IoAllocateIrp
+    - IoGetRelatedDeviceObject
+    - ObReferenceObjectByHandle
+    - IoFileObjectType
+    - ObQueryNameString
+    - RtlCopyUnicodeString
+    - MmIsAddressValid
+    - PsGetProcessPeb
+    - RtlCreateUnicodeString
+    - ZwDeleteValueKey
+    - ZwCreateKey
+    - RtlFreeUnicodeString
+    - ZwDeleteFile
+    - PsRemoveLoadImageNotifyRoutine
+    - CmUnRegisterCallback
+    - PsSetLoadImageNotifyRoutine
+    - CmRegisterCallback
+    - ObReferenceObjectByName
+    - ZwFreeVirtualMemory
+    - ZwWaitForSingleObject
+    - KeUnstackDetachProcess
+    - KeStackAttachProcess
+    - ZwDuplicateObject
+    - PsGetProcessSessionId
+    - _strnicmp
+    - RtlSubAuthoritySid
+    - RtlSubAuthorityCountSid
+    - ZwQueryInformationToken
+    - ZwOpenProcessTokenEx
+    - PsTerminateSystemThread
+    - PsThreadType
+    - PsCreateSystemThread
+    - KeTickCount
+    - KeBugCheckEx
+    - _vsnprintf
+    - strncmp
+    - strchr
+    - strncpy
+    - strstr
+    - ExAllocatePool
+    - _stricmp
+    - rand
+    - ZwCreateFile
+    - IoBuildDeviceIoControlRequest
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - _allshl
+    - RtlUnwind
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: ??=CN, ??=, ??=, ??=Private Organization, serialNumber=91420100MA4KN92W72,
+                C=CN, ST=, L=, O=Wuhan Jiajia Yiyong Technology Co., Ltd., CN=Wuhan
+                Jiajia Yiyong Technology Co., Ltd.
+            ValidFrom: '2020-11-17 00:00:00'
+            ValidTo: '2023-11-12 23:59:59'
+            Signature: 9451eb3eee03a01f0c66d87dc537eb17f37bc157ec9037c05a55ee4a3d0c207c67b981841c2b642084bca0a3c65f8e8eb5413f3e897b267aad91044c4098319a1f703fa995afdc53896d20245af8c2829e80081d36135ac1acb414bf966fd0af157b3fc2dac8f616f2b794a76b0fb7b300db0c579f093e31dd739b43f09fb7a73c6c914d8453032ea14950246e80abfc7fbaff2597ab68b6f03d30d97edbee25c0e2786040a1770e26661867920f3b01132c4ac5dc9ef97ae59e7baad68fe1b2b12acc7ed54697e9d4025ced62ac9dca82104ac7dd8219b331fcbed72aab33b95fed0ef6a1f9831c8b68457be6b080ae3c9ae15df500a53b7b2a198ee71abd1b
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 012eab44fa8853d913e7107c89406432
+            Version: 3
+            TBS:
+                MD5: 5d40693a8cfc4fd21f0c610ed3ee8477
+                SHA1: 4dffeb59ea4c32c7b87c9fe44d55f5e622444824
+                SHA256: d7380ff1b3d400fdf8cf2d8ab18ac65a071ae51c83cce017fa236fb530c4af74
+                SHA384: 9feb1b57516ca5131bb53e05cfc2c1d1df028761ede93e58f42026a9781507a72e28bb2aca693c72f29da7f0421f45bc
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA
+            ValidFrom: '2012-04-18 12:00:00'
+            ValidTo: '2027-04-18 12:00:00'
+            Signature: 9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0dd0e3374ac95bdbfa6b434b2a48ec06
+            Version: 3
+            TBS:
+                MD5: f92649915476229b093c211c2b18e6c4
+                SHA1: 2d54c16a8f8b69ccdea48d0603c132f547a5cf75
+                SHA256: 2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
+                SHA384: 511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace
+        Signer:
+        -   SerialNumber: 012eab44fa8853d913e7107c89406432
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: e1c6e942db6887e4c9e630b5bb75c313
+        SHA1: e703cd9718363d923287424967d01ca57fc8a842
+        SHA256: 8afa5d95d504001486a7641c204a06b483d2cf4f3b4ed072606cc05759996d9d
+    Sections:
+        .text:
+            Entropy: 6.560075759576669
+            Virtual Size: '0xcf52'
+        .rdata:
+            Entropy: 7.956474654695534
+            Virtual Size: '0xdc5e4'
+        .data:
+            Entropy: 2.3758735106170197
+            Virtual Size: '0x2420'
+        INIT:
+            Entropy: 5.700732148931988
+            Virtual Size: '0xa1a'
+        .rsrc:
+            Entropy: 3.337476767732356
+            Virtual Size: '0x400'
+        .reloc:
+            Entropy: 3.4327474207821553
+            Virtual Size: '0x144e'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2023-03-30 04:24:09'
+    Imphash: f8e4844312e81dbdb4e8e95e2ad2c127
+    LoadsDespiteHVCI: 'TRUE'
+-   Filename: windbg.sys
+    MD5: b6b530dd25c5eb66499968ec82e8791e
+    SHA1: 9c1c9032aa1e33461f35dbf79b6f2d061bfc6774
+    SHA256: fa9abb3e7e06f857be191a1e049dd37642ec41fb2520c105df2227fcac3de5d5
+    Signature: ''
+    Date: ''
+    Publisher: ''
+    Company: Microsoft Corporation
+    Description: Windows GUI symbolic debugger
+    Product: Microsoft? Windows? Operating System
+    ProductVersion: 10.0.19041.685
+    FileVersion: 10.0.19041.685 (WinBuild.160101.0800)
+    MachineType: I386
+    OriginalFilename: windbg.sys
+    Authentihash:
+        MD5: dbc72430b48b0ca636a84b9e5ed0d534
+        SHA1: 58ca196bfd54c6166aae0f8000fa8a1a66a0073e
+        SHA256: 45b969ae1b381716a29cd509622470b5b20b70c7efe4c9b7c0568faa298605ff
+    InternalName: windbg.sys
+    Copyright: '? Microsoft Corporation. All rights reserved.'
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoDeleteDevice
+    - IoDetachDevice
+    - memcpy
+    - memset
+    - ZwClose
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - ObOpenObjectByPointer
+    - PsProcessType
+    - PsLookupProcessByProcessId
+    - MmGetSystemRoutineAddress
+    - RtlInitUnicodeString
+    - IofCallDriver
+    - PsGetCurrentProcessId
+    - IoGetLowerDeviceObject
+    - ObfDereferenceObject
+    - IoGetAttachedDeviceReference
+    - IoUnregisterShutdownNotification
+    - KeDelayExecutionThread
+    - IoAttachDeviceToDeviceStackSafe
+    - IoCreateDevice
+    - IoEnumerateDeviceObjectList
+    - IoRegisterShutdownNotification
+    - IoUnregisterFsRegistrationChange
+    - IoRegisterFsRegistrationChange
+    - _vsnwprintf
+    - PsGetVersion
+    - ZwAllocateVirtualMemory
+    - MmUnmapLockedPages
+    - IoFreeMdl
+    - MmMapLockedPages
+    - MmBuildMdlForNonPagedPool
+    - MmCreateMdl
+    - ZwReadFile
+    - ZwQueryInformationFile
+    - IoCreateFile
+    - _wcsicmp
+    - _wcsnicmp
+    - RtlEqualUnicodeString
+    - ZwWriteFile
+    - ZwFlushKey
+    - ZwSetValueKey
+    - ZwQueryValueKey
+    - RtlRandom
+    - KeQuerySystemTime
+    - ZwDeleteKey
+    - ZwOpenKey
+    - ZwEnumerateKey
+    - IoFreeIrp
+    - KeSetEvent
+    - KeWaitForSingleObject
+    - KeGetCurrentThread
+    - KeInitializeEvent
+    - IoAllocateIrp
+    - IoGetRelatedDeviceObject
+    - ObReferenceObjectByHandle
+    - IoFileObjectType
+    - ObQueryNameString
+    - RtlCopyUnicodeString
+    - MmIsAddressValid
+    - PsGetProcessPeb
+    - RtlCreateUnicodeString
+    - ZwDeleteValueKey
+    - ZwCreateKey
+    - RtlFreeUnicodeString
+    - ZwDeleteFile
+    - PsRemoveLoadImageNotifyRoutine
+    - CmUnRegisterCallback
+    - PsSetLoadImageNotifyRoutine
+    - CmRegisterCallback
+    - ObReferenceObjectByName
+    - ZwFreeVirtualMemory
+    - ZwWaitForSingleObject
+    - KeUnstackDetachProcess
+    - KeStackAttachProcess
+    - ZwDuplicateObject
+    - PsGetProcessSessionId
+    - _strnicmp
+    - RtlSubAuthoritySid
+    - RtlSubAuthorityCountSid
+    - ZwQueryInformationToken
+    - ZwOpenProcessTokenEx
+    - PsTerminateSystemThread
+    - PsThreadType
+    - PsCreateSystemThread
+    - KeTickCount
+    - KeBugCheckEx
+    - _vsnprintf
+    - strncmp
+    - strchr
+    - strncpy
+    - strstr
+    - ExAllocatePool
+    - _stricmp
+    - rand
+    - ZwCreateFile
+    - IoBuildDeviceIoControlRequest
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - _allshl
+    - RtlUnwind
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Hardware Compatibility Publisher
+            ValidFrom: '2023-01-12 19:14:51'
+            ValidTo: '2023-12-15 19:14:51'
+            Signature: 04d1261b735b38b551b427cf9a295d4eb18edd92de14079aa33a10511ee6d262938b29ae208f96be64a80e2967fb8d7aa5750613901a9da6a82935398175482096430c9acecb55ee2c5468d119f467378c18251a8fe01e9d7b79bce903ccb7afb227e2d0abee00bd9fd6bbbbd67c014888dc46f3efa912d4576f7ca9980957609cd21fbd51815cb11bee95fa780498d905e866bc1a604e407ee0d97a105bcc8e600200b19b9c3a56cb3918047f21ba9ee2228b46b8e5c8b456ba65e6f0c40d28294b654761660e9d14948866c3f0f65f028e47641059d3f195812e871362128bcefb901d5aeace862e3d683b291d65c138138ea1335fe3552f4c46a7f7b0c6e5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 33000000f3158ea57d1c559f290000000000f3
+            Version: 3
+            TBS:
+                MD5: 8d4476692bcda36ed89244b94bd705f0
+                SHA1: ce72176d5cad611366e13a9a997ad7ecc7eb815f
+                SHA256: dd1db9c0e7e50040ac6c586c1b6fd479cef240c064473373f75fbeb3e04ff972
+                SHA384: 6f8e6245a2f817203781cc38a9463e5ac7a7db499aede35d3321b4848fc1389dd29831cdfc26984a691d5875c4eebf1a
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2012
+            ValidFrom: '2012-04-18 23:48:38'
+            ValidTo: '2027-04-18 23:58:38'
+            Signature: 5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 610baac1000000000009
+            Version: 3
+            TBS:
+                MD5: a569061297e8e824767dbc3184a69bea
+                SHA1: adbb26a587a8f44b4fccaecb306f980d1c55a150
+                SHA256: cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46
+                SHA384: e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba
+        Signer:
+        -   SerialNumber: 33000000f3158ea57d1c559f290000000000f3
+            Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2012
+            Version: 1
+    RichPEHeaderHash:
+        MD5: e1c6e942db6887e4c9e630b5bb75c313
+        SHA1: e703cd9718363d923287424967d01ca57fc8a842
+        SHA256: 8afa5d95d504001486a7641c204a06b483d2cf4f3b4ed072606cc05759996d9d
+    Sections:
+        .text:
+            Entropy: 6.560245241511933
+            Virtual Size: '0xcf52'
+        .rdata:
+            Entropy: 7.956474654695534
+            Virtual Size: '0xdc5e4'
+        .data:
+            Entropy: 2.3758735106170197
+            Virtual Size: '0x2420'
+        INIT:
+            Entropy: 5.700732148931988
+            Virtual Size: '0xa1a'
+        .rsrc:
+            Entropy: 3.337476767732356
+            Virtual Size: '0x400'
+        .reloc:
+            Entropy: 3.4327474207821553
+            Virtual Size: '0x144e'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2023-03-30 04:24:09'
+    Imphash: f8e4844312e81dbdb4e8e95e2ad2c127
+    LoadsDespiteHVCI: 'TRUE'
+-   Filename: windbg.sys
+    MD5: 77a7ed4798d02ef6636cd0fd07fc382a
+    SHA1: 76789196eebfd4203f477a5a6c75eefc12d9a837
+    SHA256: f936ec4c8164cbd31add659b61c16cb3a717eac90e74d89c47afb96b60120280
+    Signature: ''
+    Date: ''
+    Publisher: ''
+    Company: Microsoft Corporation
+    Description: Windows GUI symbolic debugger
+    Product: Microsoft? Windows? Operating System
+    ProductVersion: 10.0.19041.685
+    FileVersion: 10.0.19041.685 (WinBuild.160101.0800)
+    MachineType: AMD64
+    OriginalFilename: windbg.sys
+    Authentihash:
+        MD5: ff65997d5644ff042a7e3a5cb9030af2
+        SHA1: a1c5483d4d29d0cd9edc6e42a21d70f56de12aaf
+        SHA256: 9be868eb7e177ee6d762f2a022acf18b6b190fecbe445b3c09fc0494e8244ee8
+    InternalName: windbg.sys
+    Copyright: '? Microsoft Corporation. All rights reserved.'
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - ExAllocatePoolWithTag
+    - PsProcessType
+    - IoGetLowerDeviceObject
+    - ExFreePoolWithTag
+    - IoRegisterShutdownNotification
+    - IoAttachDeviceToDeviceStackSafe
+    - PsLookupProcessByProcessId
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - MmGetSystemRoutineAddress
+    - IoDetachDevice
+    - KeDelayExecutionThread
+    - IoUnregisterShutdownNotification
+    - ZwClose
+    - IoGetAttachedDeviceReference
+    - PsGetCurrentProcessId
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - IoEnumerateDeviceObjectList
+    - IoUnregisterFsRegistrationChange
+    - ObOpenObjectByPointer
+    - IoRegisterFsRegistrationChange
+    - IofCallDriver
+    - MmUnmapLockedPages
+    - _wcsicmp
+    - PsGetProcessPeb
+    - ZwCreateKey
+    - RtlCreateUnicodeString
+    - MmMapLockedPages
+    - PsSetLoadImageNotifyRoutine
+    - _wcsnicmp
+    - ZwReadFile
+    - IoGetRelatedDeviceObject
+    - KeSetEvent
+    - IoCreateFile
+    - KeInitializeEvent
+    - ZwDeleteValueKey
+    - ZwSetValueKey
+    - RtlEqualUnicodeString
+    - MmBuildMdlForNonPagedPool
+    - IoFreeMdl
+    - RtlFreeUnicodeString
+    - ObQueryNameString
+    - IoFileObjectType
+    - ZwQueryValueKey
+    - _vsnwprintf
+    - RtlRandom
+    - ObReferenceObjectByHandle
+    - KeWaitForSingleObject
+    - PsRemoveLoadImageNotifyRoutine
+    - ZwFlushKey
+    - MmCreateMdl
+    - IoFreeIrp
+    - ZwDeleteFile
+    - PsGetVersion
+    - IoAllocateIrp
+    - CmRegisterCallback
+    - RtlCopyUnicodeString
+    - MmIsAddressValid
+    - CmUnRegisterCallback
+    - ZwQueryInformationFile
+    - ZwWriteFile
+    - ZwDeleteKey
+    - ZwEnumerateKey
+    - ZwAllocateVirtualMemory
+    - ZwOpenKey
+    - KeUnstackDetachProcess
+    - ZwWaitForSingleObject
+    - ZwFreeVirtualMemory
+    - PsGetProcessSessionId
+    - ZwDuplicateObject
+    - ObReferenceObjectByName
+    - KeStackAttachProcess
+    - RtlSubAuthoritySid
+    - _strnicmp
+    - ZwOpenProcessTokenEx
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - PsThreadType
+    - RtlSubAuthorityCountSid
+    - ZwQueryInformationToken
+    - KeBugCheckEx
+    - strncmp
+    - strstr
+    - strchr
+    - strncpy
+    - _vsnprintf
+    - rand
+    - _stricmp
+    - ExAllocatePool
+    - IoBuildDeviceIoControlRequest
+    - ZwCreateFile
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - __C_specific_handler
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: ??=CN, ??=, ??=, ??=Private Organization, serialNumber=91420100MA4KN92W72,
+                C=CN, ST=, L=, O=Wuhan Jiajia Yiyong Technology Co., Ltd., CN=Wuhan
+                Jiajia Yiyong Technology Co., Ltd.
+            ValidFrom: '2020-11-17 00:00:00'
+            ValidTo: '2023-11-12 23:59:59'
+            Signature: 9451eb3eee03a01f0c66d87dc537eb17f37bc157ec9037c05a55ee4a3d0c207c67b981841c2b642084bca0a3c65f8e8eb5413f3e897b267aad91044c4098319a1f703fa995afdc53896d20245af8c2829e80081d36135ac1acb414bf966fd0af157b3fc2dac8f616f2b794a76b0fb7b300db0c579f093e31dd739b43f09fb7a73c6c914d8453032ea14950246e80abfc7fbaff2597ab68b6f03d30d97edbee25c0e2786040a1770e26661867920f3b01132c4ac5dc9ef97ae59e7baad68fe1b2b12acc7ed54697e9d4025ced62ac9dca82104ac7dd8219b331fcbed72aab33b95fed0ef6a1f9831c8b68457be6b080ae3c9ae15df500a53b7b2a198ee71abd1b
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 012eab44fa8853d913e7107c89406432
+            Version: 3
+            TBS:
+                MD5: 5d40693a8cfc4fd21f0c610ed3ee8477
+                SHA1: 4dffeb59ea4c32c7b87c9fe44d55f5e622444824
+                SHA256: d7380ff1b3d400fdf8cf2d8ab18ac65a071ae51c83cce017fa236fb530c4af74
+                SHA384: 9feb1b57516ca5131bb53e05cfc2c1d1df028761ede93e58f42026a9781507a72e28bb2aca693c72f29da7f0421f45bc
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA
+            ValidFrom: '2012-04-18 12:00:00'
+            ValidTo: '2027-04-18 12:00:00'
+            Signature: 9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0dd0e3374ac95bdbfa6b434b2a48ec06
+            Version: 3
+            TBS:
+                MD5: f92649915476229b093c211c2b18e6c4
+                SHA1: 2d54c16a8f8b69ccdea48d0603c132f547a5cf75
+                SHA256: 2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
+                SHA384: 511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace
+        Signer:
+        -   SerialNumber: 012eab44fa8853d913e7107c89406432
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 0b8725117e665d5272218cb41038327d
+        SHA1: a6dde20a0c8ba6cfe531ce1a57035b8d7b3d900a
+        SHA256: b54213d1248761579f5f569ab7e32402dd88a12622377d381f7eb55d4f4eb053
+    Sections:
+        .text:
+            Entropy: 6.316005052434714
+            Virtual Size: '0xf332'
+        .rdata:
+            Entropy: 7.924187513971753
+            Virtual Size: '0x1100cc'
+        .data:
+            Entropy: 1.4059711626373768
+            Virtual Size: '0x2608'
+        .pdata:
+            Entropy: 4.843716813714921
+            Virtual Size: '0x6d8'
+        INIT:
+            Entropy: 5.256170796244334
+            Virtual Size: '0xb70'
+        .rsrc:
+            Entropy: 3.333432129597516
+            Virtual Size: '0x400'
+        .reloc:
+            Entropy: 1.3463891478457575
+            Virtual Size: '0x174'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2023-03-30 04:23:58'
+    Imphash: 3db9de43d5d530c10d0cd2d43c7a0771
+    LoadsDespiteHVCI: 'TRUE'
diff --git a/yaml/db666d40-c9fa-4039-bfac-a5d7afd61b67.yaml b/yaml/db666d40-c9fa-4039-bfac-a5d7afd61b67.yaml
index 58b511b3d..269cafea6 100644
--- a/yaml/db666d40-c9fa-4039-bfac-a5d7afd61b67.yaml
+++ b/yaml/db666d40-c9fa-4039-bfac-a5d7afd61b67.yaml
@@ -1,4796 +1,4830 @@
-Acknowledgement:
-  Handle: Wack0
-  Person: Wack0
+Id: db666d40-c9fa-4039-bfac-a5d7afd61b67
+Tags:
+- bedaisy.sys
+Verified: 'TRUE'
 Author: Wack0
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create BEDaisy.sys binPath=C:\windows\temp\BEDaisy.sys type=kernel
-    && sc.exe start BEDaisy.sys
-  Description: BattlEye Anti-Cheat BEDAISY.SYS PPL privesc.
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-04-22'
-Detection: []
-Id: db666d40-c9fa-4039-bfac-a5d7afd61b67
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 85751ed97dcd3096b4b5ee6f66109551
-    SHA1: 7131f7da22882656c5e22ec033bb95e29273f182
-    SHA256: 35a12d81f7062a22644b500d91b1603b4f97756ad165c3ea571e7fef55c24162
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2019-10-10 14:33:36'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: BEDAISY.SYS
-  ImportedFunctions:
-  - FltGetRoutineAddress
-  - MmGetSystemRoutineAddress
-  - __C_specific_handler
-  - __chkstk
-  - MmMapLockedPagesSpecifyCache
-  - KeBugCheckEx
-  Imports:
-  - FLTMGR.SYS
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: 7475bfea6ea1cd54029208ed59b96c6b
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: ffdf660eb1ebf020a1d0a55a90712dfb
-    SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
-    SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
-  SHA1: fff7ee0febb8c93539220ca49d4206616e15c666
-  SHA256: 2b120de80a5462f8395cfb7153c86dfd44f29f0776ea156ec4a34fa64e5c4797
-  Sections:
-    .text:
-      Entropy: 0.6286635450697889
-      Virtual Size: '0x1012f'
-    .rdata:
-      Entropy: 5.767279764695781
-      Virtual Size: '0xd4c'
-    .data:
-      Entropy: 4.778805631520779
-      Virtual Size: '0x1129'
-    .pdata:
-      Entropy: 7.733378869435181
-      Virtual Size: '0x474'
-    .gfids:
-      Entropy: 2.0
-      Virtual Size: '0x4'
-    INIT:
-      Entropy: 5.091228879087255
-      Virtual Size: '0x1b2'
-    .be0:
-      Entropy: 7.703895493097773
-      Virtual Size: '0x29e864'
-    .reloc:
-      Entropy: 3.7937026745239364
-      Virtual Size: '0xc8'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: C=DE, ST=Baden,Wrttemberg, L=Reutlingen, O=BattlEye Innovations e.K.,
-        CN=BattlEye Innovations e.K.
-      ValidFrom: '2018-11-09 00:00:00'
-      ValidTo: '2019-12-31 12:00:00'
-      Signature: 0e1391b52a7dcdcd6e5f1a2e5e98d07fea5314cc4a43b404bcd7e742cf86c6f14beeb1fa766c7c6370fb6bb0f866f43259fa5cd0921b3d094e296ef0b6d529b77b23f5fc3ffc0d7f86295542360a353fe494a90f8d98721c5c9db07d0a8e945be7460ff1a2d78946ac8be50cc85e2d3f148aa13bbba594df6ebf92ff51f22816724045dc0246d43a69393b26c0189e2139a1424a693c111ea1aa5cc6db4ff08cbf1eba10145fe6a35852a6cf1a3ccf7e15568cd62daa91bd7245def0bfb8c885f0507768e0453504403c40a2c74e20c637db0e8bb4c9d5f68153e7d6cb50bbfbd9137c3801dea2264626885501b48652bb0bd75c834f07676e14dfa3bec8ee4f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 060323c3204df4501ea15b73390dd856
-      Version: 3
-      TBS:
-        MD5: 92a5605ad9f5e70845ba94ce69497daf
-        SHA1: f8a4a34935c94181552bb1234efdc495551be6bc
-        SHA256: 161cb49b11bf44ed701c827c37583768771ed9066e0fb8f7ab5b3768296eae70
-        SHA384: 1e3a6de3e866ff92b95b63b0bfb74810952db516d7fec925c281acbe00fe8008a0f8bdd2d3fc30d354fd0fb785dfc598
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
-      Version: 3
-      TBS:
-        MD5: 829995f702421dea833a24fb2c7f4442
-        SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
-        SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
-        SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 060323c3204df4501ea15b73390dd856
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      Version: 1
-  Imphash: e38cca61999fb8a0308c0eb798b07989
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 3673f3a2d07f53d16a2f5680c355ed11
-    SHA1: 40f77890fc527c559f222acd91f3d1013ff82df9
-    SHA256: bdf49774a13d717c1f0b84bf82f4d9ec652994a475f0b8a0a3ab685cd5fd74a4
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2020-08-27 02:30:28'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - FltGetRoutineAddress
-  - MmGetSystemRoutineAddress
-  - __C_specific_handler
-  - __chkstk
-  - MmMapLockedPagesSpecifyCache
-  - KeBugCheckEx
-  Imports:
-  - FLTMGR.SYS
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: 8aa9d47ec9a0713c56b6dec3d601d105
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: ffdf660eb1ebf020a1d0a55a90712dfb
-    SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
-    SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
-  SHA1: f42aa04b69a2e2241958b972ef24b65f91c3af12
-  SHA256: a0e583bd88eb198558442f69a8bbfc96f4c5c297befea295138cfd2070f745c5
-  Sections:
-    .text:
-      Entropy: 0.5386553676311813
-      Virtual Size: '0x1219f'
-    .rdata:
-      Entropy: 5.682073740123762
-      Virtual Size: '0xf8c'
-    .data:
-      Entropy: 4.82677671685864
-      Virtual Size: '0xfe1'
-    .pdata:
-      Entropy: 7.654144168060397
-      Virtual Size: '0x54c'
-    INIT:
-      Entropy: 5.105787428192093
-      Virtual Size: '0x1b2'
-    .be0:
-      Entropy: 7.745175485338757
-      Virtual Size: '0x2f3744'
-    .reloc:
-      Entropy: 3.949244054021894
-      Virtual Size: '0xb0'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: C=DE, ST=Baden,Wrttemberg, L=Reutlingen, O=BattlEye Innovations e.K.,
-        CN=BattlEye Innovations e.K.
-      ValidFrom: '2020-01-09 00:00:00'
-      ValidTo: '2021-11-24 12:00:00'
-      Signature: b1a7c0bb2039c7b1deaf066108bb0869c734792d70eab5f5e05241a32e331ba4cacb5be7b82db88fb7d213d24f97a921b937abc0a8f33e19d2a0797dd58475e72c2fad972873290f86cf7886cb536cf2b8a0ba25052a89be2857dcd77210303671e772117be71c042e3f913c4092d7ff716c410962949cd858e258ce06e90eac327be0eb9efd0191fcb498afe62285e819f071f88ee343e0f734a1f8f9eb54f894d86b9e91e0dc77df890851ef020bc464e93b888c7b19a0cc09e7489e7d76cca4adabaddecc37a247348eb86b57731fb1253cd9a952ea8cb6ac10be10dbc074d5f9f79505342252f45a5a11936b36a0bb945978d8534c4a48e7b5f263fba850
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 094dc9c3b9d09b4f1d07fa327100e5d5
-      Version: 3
-      TBS:
-        MD5: c91a4116374ff20074633022a6090b91
-        SHA1: b514fc31b903e3100c109b83f229da98fc1c668d
-        SHA256: fda57f4c9af500847bc36b92730b5df4c16d23b46bd8c379d400972bbb062632
-        SHA384: 50235ed2bcf548f675e120d3d8383dcae55e910e23f79144d4b9ea1aab987a7dc2bb757dccc66ce2b1f46df5cb04672d
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
-      Version: 3
-      TBS:
-        MD5: 829995f702421dea833a24fb2c7f4442
-        SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
-        SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
-        SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 094dc9c3b9d09b4f1d07fa327100e5d5
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      Version: 1
-  Imphash: e38cca61999fb8a0308c0eb798b07989
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 4c08353501d5d65fde7a04f134186087
-    SHA1: 6a0fc9c1b6267bd2fb1c71d7eee45caf1f4e7b83
-    SHA256: b1ad1af005bd78e1ea1d1eef5041c2bdb46f60a9baa60f4b7be21f9603f99df0
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2018-07-02 01:34:40'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - FltGetRoutineAddress
-  - MmGetSystemRoutineAddress
-  - __C_specific_handler
-  - __chkstk
-  - MmMapLockedPagesSpecifyCache
-  - KeBugCheckEx
-  Imports:
-  - FLTMGR.SYS
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: eb4de413782193e824773723d790cfc4
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: ffdf660eb1ebf020a1d0a55a90712dfb
-    SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
-    SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
-  SHA1: 3e406325a717d7163ca31e81beae822d03cbe3d8
-  SHA256: ffd03584246730397e231eb8d16c1449aef2c3bc79bf9da3ebf8400a21b20ae7
-  Sections:
-    .text:
-      Entropy: 0.580368312561859
-      Virtual Size: '0xba6f'
-    .rdata:
-      Entropy: 5.77021075553629
-      Virtual Size: '0xa64'
-    .data:
-      Entropy: 4.472915454919098
-      Virtual Size: '0xb41'
-    .pdata:
-      Entropy: 7.523434692334259
-      Virtual Size: '0x348'
-    .gfids:
-      Entropy: 1.5
-      Virtual Size: '0x4'
-    INIT:
-      Entropy: 5.071964101880003
-      Virtual Size: '0x1b2'
-    .be0:
-      Entropy: 7.629449430812014
-      Virtual Size: '0x244fcc'
-    .reloc:
-      Entropy: 3.9427752579513693
-      Virtual Size: '0xb0'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: C=DE, ST=Baden,Wrttemberg, L=Tbingen, O=BattlEye Innovations e.K.,
-        CN=BattlEye Innovations e.K.
-      ValidFrom: '2015-11-10 00:00:00'
-      ValidTo: '2018-11-14 12:00:00'
-      Signature: 7368669bfdfd637b702798e8920e2f53b20963a630c1c12b3701c507a88ac20ed9b70a65ff811f92eeb139af460238cb81b01def55e8081a7f81e0587cd31703c883e2ad53a9f41152710ddbe52b31e715cb533a3030977097a6056813fb0f1cb6a35da6e98679b8c15f3d67db27fd0db7f4147baf6105c37cafd621e557c16d3f3827afff4c99525c0f66415066e91b02b9d283793f995f9d23125fb6b6d21dc9f54924df9747036bd5c83ee1c58edafab83f1e166a6f4374b1a887b7e0d256fa1583e6b13d2be0ad7ad9e7cf2703f66df3413f016544068a6a1f2af9e691e9dde836444f7b42da5394837a72bfa2830f6b9b600c9b55055a5629b2d50e9e07
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0f5a57726999506b6f93fd9a150b88fa
-      Version: 3
-      TBS:
-        MD5: ce9b7df7ccbb74619a38ab27993cac4a
-        SHA1: a7a50e97b1eb82aede99df2bbdd77a0ee638d7c0
-        SHA256: 320f980020cbfb6b87abeaac03b2f1394e2fe5ff0f58d9c8b5afa500fce79099
-        SHA384: c849398347d2f1df8c61b85b544cf2545f1ca4c48cf55fb43d56968ff27882d892abacb6374eecf593e0e9eb00ea37d7
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
-      Version: 3
-      TBS:
-        MD5: 829995f702421dea833a24fb2c7f4442
-        SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
-        SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
-        SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 0f5a57726999506b6f93fd9a150b88fa
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      Version: 1
-  Imphash: e38cca61999fb8a0308c0eb798b07989
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: c595d64014770bdb47a49a237c89feea
-    SHA1: 5ad637dcdb85221e5bbd23ae7c13745bc19d2f50
-    SHA256: f4222e186d23160c29fe2bdf163d29561139eae8484d081457e7278872d7e9e2
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2018-11-14 15:20:44'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - FltGetRoutineAddress
-  - MmGetSystemRoutineAddress
-  - __C_specific_handler
-  - __chkstk
-  - MmMapLockedPagesSpecifyCache
-  - KeBugCheckEx
-  Imports:
-  - FLTMGR.SYS
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: 0797bb21d7a0210fedf4f3533ee82494
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: ffdf660eb1ebf020a1d0a55a90712dfb
-    SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
-    SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
-  SHA1: 4044e5da1f16441fe7eb27cff7a76887a1aa7fec
-  SHA256: c8ff7c9f510f7a2ed88d9b336d8c9339698d5e1ee14bfb91aa89703ec06dce42
-  Sections:
-    .text:
-      Entropy: 0.564148978345375
-      Virtual Size: '0xd66f'
-    .rdata:
-      Entropy: 5.728552908256671
-      Virtual Size: '0xbfc'
-    .data:
-      Entropy: 4.595512112237538
-      Virtual Size: '0xbe1'
-    .pdata:
-      Entropy: 7.717237676358761
-      Virtual Size: '0x408'
-    .gfids:
-      Entropy: 1.5
-      Virtual Size: '0x4'
-    INIT:
-      Entropy: 5.091887102417909
-      Virtual Size: '0x1b2'
-    .be0:
-      Entropy: 7.6361079248795285
-      Virtual Size: '0x255aec'
-    .reloc:
-      Entropy: 3.8266074828362373
-      Virtual Size: '0xb0'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: C=DE, ST=Baden,Wrttemberg, L=Reutlingen, O=BattlEye Innovations e.K.,
-        CN=BattlEye Innovations e.K.
-      ValidFrom: '2018-11-09 00:00:00'
-      ValidTo: '2019-12-31 12:00:00'
-      Signature: 0e1391b52a7dcdcd6e5f1a2e5e98d07fea5314cc4a43b404bcd7e742cf86c6f14beeb1fa766c7c6370fb6bb0f866f43259fa5cd0921b3d094e296ef0b6d529b77b23f5fc3ffc0d7f86295542360a353fe494a90f8d98721c5c9db07d0a8e945be7460ff1a2d78946ac8be50cc85e2d3f148aa13bbba594df6ebf92ff51f22816724045dc0246d43a69393b26c0189e2139a1424a693c111ea1aa5cc6db4ff08cbf1eba10145fe6a35852a6cf1a3ccf7e15568cd62daa91bd7245def0bfb8c885f0507768e0453504403c40a2c74e20c637db0e8bb4c9d5f68153e7d6cb50bbfbd9137c3801dea2264626885501b48652bb0bd75c834f07676e14dfa3bec8ee4f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 060323c3204df4501ea15b73390dd856
-      Version: 3
-      TBS:
-        MD5: 92a5605ad9f5e70845ba94ce69497daf
-        SHA1: f8a4a34935c94181552bb1234efdc495551be6bc
-        SHA256: 161cb49b11bf44ed701c827c37583768771ed9066e0fb8f7ab5b3768296eae70
-        SHA384: 1e3a6de3e866ff92b95b63b0bfb74810952db516d7fec925c281acbe00fe8008a0f8bdd2d3fc30d354fd0fb785dfc598
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
-      Version: 3
-      TBS:
-        MD5: 829995f702421dea833a24fb2c7f4442
-        SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
-        SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
-        SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 060323c3204df4501ea15b73390dd856
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      Version: 1
-  Imphash: e38cca61999fb8a0308c0eb798b07989
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 42e75fe3c1e87568679be91d37a82620
-    SHA1: 2c7ac53b0d5f48fea6816b561ccf1b925d878476
-    SHA256: 7509d30b279e30893db7851a2912a5ffb29ec7e839220890d76de8e3a57b4872
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2020-01-28 00:09:09'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - FltGetRoutineAddress
-  - MmGetSystemRoutineAddress
-  - __C_specific_handler
-  - __chkstk
-  - MmMapLockedPagesSpecifyCache
-  - KeBugCheckEx
-  Imports:
-  - FLTMGR.SYS
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: 0ccc4e9396e0be9c4639faec53715831
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: ffdf660eb1ebf020a1d0a55a90712dfb
-    SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
-    SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
-  SHA1: d126c6974a21e9c5fdd7ff1ca60bcc37c9353b47
-  SHA256: b7bba82777c9912e6a728c3e873c5a8fd3546982e0d5fa88e64b3e2122f9bc3b
-  Sections:
-    .text:
-      Entropy: 0.5595806962941349
-      Virtual Size: '0x1079f'
-    .rdata:
-      Entropy: 5.610716691177331
-      Virtual Size: '0xdc4'
-    .data:
-      Entropy: 4.835546687553313
-      Virtual Size: '0x1159'
-    .pdata:
-      Entropy: 7.658056646711571
-      Virtual Size: '0x498'
-    INIT:
-      Entropy: 5.079407221852174
-      Virtual Size: '0x1b2'
-    .be0:
-      Entropy: 7.706323946161799
-      Virtual Size: '0x2aa5ac'
-    .reloc:
-      Entropy: 3.7161310806339607
-      Virtual Size: '0xe0'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: C=DE, ST=Baden,Wrttemberg, L=Reutlingen, O=BattlEye Innovations e.K.,
-        CN=BattlEye Innovations e.K.
-      ValidFrom: '2020-01-09 00:00:00'
-      ValidTo: '2021-11-24 12:00:00'
-      Signature: b1a7c0bb2039c7b1deaf066108bb0869c734792d70eab5f5e05241a32e331ba4cacb5be7b82db88fb7d213d24f97a921b937abc0a8f33e19d2a0797dd58475e72c2fad972873290f86cf7886cb536cf2b8a0ba25052a89be2857dcd77210303671e772117be71c042e3f913c4092d7ff716c410962949cd858e258ce06e90eac327be0eb9efd0191fcb498afe62285e819f071f88ee343e0f734a1f8f9eb54f894d86b9e91e0dc77df890851ef020bc464e93b888c7b19a0cc09e7489e7d76cca4adabaddecc37a247348eb86b57731fb1253cd9a952ea8cb6ac10be10dbc074d5f9f79505342252f45a5a11936b36a0bb945978d8534c4a48e7b5f263fba850
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 094dc9c3b9d09b4f1d07fa327100e5d5
-      Version: 3
-      TBS:
-        MD5: c91a4116374ff20074633022a6090b91
-        SHA1: b514fc31b903e3100c109b83f229da98fc1c668d
-        SHA256: fda57f4c9af500847bc36b92730b5df4c16d23b46bd8c379d400972bbb062632
-        SHA384: 50235ed2bcf548f675e120d3d8383dcae55e910e23f79144d4b9ea1aab987a7dc2bb757dccc66ce2b1f46df5cb04672d
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
-      Version: 3
-      TBS:
-        MD5: 829995f702421dea833a24fb2c7f4442
-        SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
-        SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
-        SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 094dc9c3b9d09b4f1d07fa327100e5d5
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      Version: 1
-  Imphash: e38cca61999fb8a0308c0eb798b07989
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: c289a81988145dfebed1199b1e9eb921
-    SHA1: 9f49c6de4ff1375d8e0369d8ffb6935e37cfc365
-    SHA256: d27af8f0bed1e4f4aeb2b20da89d0ffa1b7b5f7f14148cdf09e6444a0aa5bb1b
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2020-05-26 20:51:07'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - FltGetRoutineAddress
-  - MmGetSystemRoutineAddress
-  - __C_specific_handler
-  - __chkstk
-  - MmMapLockedPagesSpecifyCache
-  - KeBugCheckEx
-  Imports:
-  - FLTMGR.SYS
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: f670d1570c75ab1d8e870c1c6e3baba1
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: ffdf660eb1ebf020a1d0a55a90712dfb
-    SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
-    SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
-  SHA1: e40182c106f6f09fd79494686329b95477d6beb5
-  SHA256: 0a9b608461d55815e99700607a52fbdb7d598f968126d38e10cc4293ac4b1ad8
-  Sections:
-    .text:
-      Entropy: 0.5508203072659981
-      Virtual Size: '0x1179f'
-    .rdata:
-      Entropy: 5.657533959439764
-      Virtual Size: '0xf04'
-    .data:
-      Entropy: 4.83016604790065
-      Virtual Size: '0xf99'
-    .pdata:
-      Entropy: 7.755868039538539
-      Virtual Size: '0x504'
-    INIT:
-      Entropy: 5.082366236864029
-      Virtual Size: '0x1b2'
-    .be0:
-      Entropy: 7.695198214650769
-      Virtual Size: '0x2d1364'
-    .reloc:
-      Entropy: 3.987915414434092
-      Virtual Size: '0xc0'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: C=DE, ST=Baden,Wrttemberg, L=Reutlingen, O=BattlEye Innovations e.K.,
-        CN=BattlEye Innovations e.K.
-      ValidFrom: '2020-01-09 00:00:00'
-      ValidTo: '2021-11-24 12:00:00'
-      Signature: b1a7c0bb2039c7b1deaf066108bb0869c734792d70eab5f5e05241a32e331ba4cacb5be7b82db88fb7d213d24f97a921b937abc0a8f33e19d2a0797dd58475e72c2fad972873290f86cf7886cb536cf2b8a0ba25052a89be2857dcd77210303671e772117be71c042e3f913c4092d7ff716c410962949cd858e258ce06e90eac327be0eb9efd0191fcb498afe62285e819f071f88ee343e0f734a1f8f9eb54f894d86b9e91e0dc77df890851ef020bc464e93b888c7b19a0cc09e7489e7d76cca4adabaddecc37a247348eb86b57731fb1253cd9a952ea8cb6ac10be10dbc074d5f9f79505342252f45a5a11936b36a0bb945978d8534c4a48e7b5f263fba850
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 094dc9c3b9d09b4f1d07fa327100e5d5
-      Version: 3
-      TBS:
-        MD5: c91a4116374ff20074633022a6090b91
-        SHA1: b514fc31b903e3100c109b83f229da98fc1c668d
-        SHA256: fda57f4c9af500847bc36b92730b5df4c16d23b46bd8c379d400972bbb062632
-        SHA384: 50235ed2bcf548f675e120d3d8383dcae55e910e23f79144d4b9ea1aab987a7dc2bb757dccc66ce2b1f46df5cb04672d
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
-      Version: 3
-      TBS:
-        MD5: 829995f702421dea833a24fb2c7f4442
-        SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
-        SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
-        SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 094dc9c3b9d09b4f1d07fa327100e5d5
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      Version: 1
-  Imphash: e38cca61999fb8a0308c0eb798b07989
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 98a34f93ea5e94a71b6b798a85d93f13
-    SHA1: 01a89dbc757ada8b800c05e190ab5e527220d855
-    SHA256: d7cc798804f07ba04cb1ed9233c5852d147b56df612117c54667cf3ebba975de
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2020-10-14 16:39:50'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - FltGetRoutineAddress
-  - MmGetSystemRoutineAddress
-  - __C_specific_handler
-  - __chkstk
-  - MmMapLockedPagesSpecifyCache
-  - KeBugCheckEx
-  Imports:
-  - FLTMGR.SYS
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: 8bf290b5eda99fc2697373a87f4e1927
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: ffdf660eb1ebf020a1d0a55a90712dfb
-    SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
-    SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
-  SHA1: 9360774a37906e3b3c9fab39721cb9400dd31c46
-  SHA256: bceaf970b60b4457eca3c181f649a1c67f4602778171e53d9bdc9b97a09603ca
-  Sections:
-    .text:
-      Entropy: 0.5320114905516146
-      Virtual Size: '0x1269f'
-    .rdata:
-      Entropy: 5.674886513811
-      Virtual Size: '0xfd4'
-    .data:
-      Entropy: 4.829208577205976
-      Virtual Size: '0xfe1'
-    .pdata:
-      Entropy: 7.682253037047206
-      Virtual Size: '0x558'
-    INIT:
-      Entropy: 5.105787428192094
-      Virtual Size: '0x1b2'
-    .be0:
-      Entropy: 7.74592025122889
-      Virtual Size: '0x308c6c'
-    .reloc:
-      Entropy: 3.990595172261574
-      Virtual Size: '0xa4'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: C=DE, ST=Baden,Wrttemberg, L=Reutlingen, O=BattlEye Innovations e.K.,
-        CN=BattlEye Innovations e.K.
-      ValidFrom: '2020-01-09 00:00:00'
-      ValidTo: '2021-11-24 12:00:00'
-      Signature: b1a7c0bb2039c7b1deaf066108bb0869c734792d70eab5f5e05241a32e331ba4cacb5be7b82db88fb7d213d24f97a921b937abc0a8f33e19d2a0797dd58475e72c2fad972873290f86cf7886cb536cf2b8a0ba25052a89be2857dcd77210303671e772117be71c042e3f913c4092d7ff716c410962949cd858e258ce06e90eac327be0eb9efd0191fcb498afe62285e819f071f88ee343e0f734a1f8f9eb54f894d86b9e91e0dc77df890851ef020bc464e93b888c7b19a0cc09e7489e7d76cca4adabaddecc37a247348eb86b57731fb1253cd9a952ea8cb6ac10be10dbc074d5f9f79505342252f45a5a11936b36a0bb945978d8534c4a48e7b5f263fba850
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 094dc9c3b9d09b4f1d07fa327100e5d5
-      Version: 3
-      TBS:
-        MD5: c91a4116374ff20074633022a6090b91
-        SHA1: b514fc31b903e3100c109b83f229da98fc1c668d
-        SHA256: fda57f4c9af500847bc36b92730b5df4c16d23b46bd8c379d400972bbb062632
-        SHA384: 50235ed2bcf548f675e120d3d8383dcae55e910e23f79144d4b9ea1aab987a7dc2bb757dccc66ce2b1f46df5cb04672d
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
-      Version: 3
-      TBS:
-        MD5: 829995f702421dea833a24fb2c7f4442
-        SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
-        SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
-        SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 094dc9c3b9d09b4f1d07fa327100e5d5
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      Version: 1
-  Imphash: e38cca61999fb8a0308c0eb798b07989
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: b9821174225ea0d99a279e446c279bd5
-    SHA1: faecbf954a50e1198b45635994baee4c72f08dba
-    SHA256: dcb8df13141708f0dd470b5411c065f8ad21688daf424bd05c94eb6e63dd08aa
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2020-11-26 04:41:34'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - FltGetRoutineAddress
-  - MmGetSystemRoutineAddress
-  - __C_specific_handler
-  - __chkstk
-  - MmMapLockedPagesSpecifyCache
-  - KeBugCheckEx
-  Imports:
-  - FLTMGR.SYS
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: 86bec99cd121b0386a5acc1c368a9d49
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: ffdf660eb1ebf020a1d0a55a90712dfb
-    SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
-    SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
-  SHA1: 45e8f87afa41143e0c5850f9e054d18ec9c8a6c0
-  SHA256: 9bd8b0289955a6eb791f45c3203f08a64cbd457fd1b9d598a6fbbca5d0372e36
-  Sections:
-    .text:
-      Entropy: 0.5201100237453087
-      Virtual Size: '0x12e9f'
-    .rdata:
-      Entropy: 5.730382025290031
-      Virtual Size: '0x104c'
-    .data:
-      Entropy: 4.839452937553313
-      Virtual Size: '0xfd1'
-    .pdata:
-      Entropy: 7.716310689641161
-      Virtual Size: '0x57c'
-    INIT:
-      Entropy: 5.095581300213128
-      Virtual Size: '0x1b2'
-    .be0:
-      Entropy: 7.727265778851325
-      Virtual Size: '0x320024'
-    .reloc:
-      Entropy: 3.8202566857198987
-      Virtual Size: '0xd4'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: C=DE, ST=Baden,Wrttemberg, L=Reutlingen, O=BattlEye Innovations e.K.,
-        CN=BattlEye Innovations e.K.
-      ValidFrom: '2020-01-09 00:00:00'
-      ValidTo: '2021-11-24 12:00:00'
-      Signature: b1a7c0bb2039c7b1deaf066108bb0869c734792d70eab5f5e05241a32e331ba4cacb5be7b82db88fb7d213d24f97a921b937abc0a8f33e19d2a0797dd58475e72c2fad972873290f86cf7886cb536cf2b8a0ba25052a89be2857dcd77210303671e772117be71c042e3f913c4092d7ff716c410962949cd858e258ce06e90eac327be0eb9efd0191fcb498afe62285e819f071f88ee343e0f734a1f8f9eb54f894d86b9e91e0dc77df890851ef020bc464e93b888c7b19a0cc09e7489e7d76cca4adabaddecc37a247348eb86b57731fb1253cd9a952ea8cb6ac10be10dbc074d5f9f79505342252f45a5a11936b36a0bb945978d8534c4a48e7b5f263fba850
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 094dc9c3b9d09b4f1d07fa327100e5d5
-      Version: 3
-      TBS:
-        MD5: c91a4116374ff20074633022a6090b91
-        SHA1: b514fc31b903e3100c109b83f229da98fc1c668d
-        SHA256: fda57f4c9af500847bc36b92730b5df4c16d23b46bd8c379d400972bbb062632
-        SHA384: 50235ed2bcf548f675e120d3d8383dcae55e910e23f79144d4b9ea1aab987a7dc2bb757dccc66ce2b1f46df5cb04672d
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
-      Version: 3
-      TBS:
-        MD5: 829995f702421dea833a24fb2c7f4442
-        SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
-        SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
-        SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 094dc9c3b9d09b4f1d07fa327100e5d5
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      Version: 1
-  Imphash: e38cca61999fb8a0308c0eb798b07989
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: ea4ee6a954883c3a6134076cf27dc0fc
-    SHA1: 48360c28ffa27e0316856c5d392a251add2a83b8
-    SHA256: 74f9975737dd078c75048bb01549e7678eb61c065d1f50294b80caeb65cbd65e
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2020-01-21 14:08:12'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - FltGetRoutineAddress
-  - MmGetSystemRoutineAddress
-  - __C_specific_handler
-  - __chkstk
-  - MmMapLockedPagesSpecifyCache
-  - KeBugCheckEx
-  Imports:
-  - FLTMGR.SYS
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: def0da6c95d14f7020e533028224250e
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: ffdf660eb1ebf020a1d0a55a90712dfb
-    SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
-    SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
-  SHA1: 88839168e50a4739dd4193f2d8f93a30cd1f14d8
-  SHA256: e89afd283d5789b8064d5487e04b97e2cd3fc0c711a8cec230543ebdf9ffc534
-  Sections:
-    .text:
-      Entropy: 0.6238417079478847
-      Virtual Size: '0x103ef'
-    .rdata:
-      Entropy: 5.752328511670753
-      Virtual Size: '0xd4c'
-    .data:
-      Entropy: 4.778805631520779
-      Virtual Size: '0x1129'
-    .pdata:
-      Entropy: 7.723257303302194
-      Virtual Size: '0x474'
-    .gfids:
-      Entropy: 2.0
-      Virtual Size: '0x4'
-    INIT:
-      Entropy: 5.091228879087255
-      Virtual Size: '0x1b2'
-    .be0:
-      Entropy: 7.698816363016043
-      Virtual Size: '0x29f364'
-    .reloc:
-      Entropy: 3.8622254134182246
-      Virtual Size: '0xb0'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: C=DE, ST=Baden,Wrttemberg, L=Reutlingen, O=BattlEye Innovations e.K.,
-        CN=BattlEye Innovations e.K.
-      ValidFrom: '2020-01-09 00:00:00'
-      ValidTo: '2021-11-24 12:00:00'
-      Signature: b1a7c0bb2039c7b1deaf066108bb0869c734792d70eab5f5e05241a32e331ba4cacb5be7b82db88fb7d213d24f97a921b937abc0a8f33e19d2a0797dd58475e72c2fad972873290f86cf7886cb536cf2b8a0ba25052a89be2857dcd77210303671e772117be71c042e3f913c4092d7ff716c410962949cd858e258ce06e90eac327be0eb9efd0191fcb498afe62285e819f071f88ee343e0f734a1f8f9eb54f894d86b9e91e0dc77df890851ef020bc464e93b888c7b19a0cc09e7489e7d76cca4adabaddecc37a247348eb86b57731fb1253cd9a952ea8cb6ac10be10dbc074d5f9f79505342252f45a5a11936b36a0bb945978d8534c4a48e7b5f263fba850
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 094dc9c3b9d09b4f1d07fa327100e5d5
-      Version: 3
-      TBS:
-        MD5: c91a4116374ff20074633022a6090b91
-        SHA1: b514fc31b903e3100c109b83f229da98fc1c668d
-        SHA256: fda57f4c9af500847bc36b92730b5df4c16d23b46bd8c379d400972bbb062632
-        SHA384: 50235ed2bcf548f675e120d3d8383dcae55e910e23f79144d4b9ea1aab987a7dc2bb757dccc66ce2b1f46df5cb04672d
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
-      Version: 3
-      TBS:
-        MD5: 829995f702421dea833a24fb2c7f4442
-        SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
-        SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
-        SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 094dc9c3b9d09b4f1d07fa327100e5d5
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      Version: 1
-  Imphash: e38cca61999fb8a0308c0eb798b07989
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 4e3fad5e7756d873a4854c0aaea4ce16
-    SHA1: 06dafe91fd89a1d1f88501ba04649e70770d04a4
-    SHA256: 8be482157bdb504cc35f1126e31f240e0faf6890790c65c58ec3328f58c780d8
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2020-05-13 00:07:37'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - FltGetRoutineAddress
-  - MmGetSystemRoutineAddress
-  - __C_specific_handler
-  - __chkstk
-  - MmMapLockedPagesSpecifyCache
-  - KeBugCheckEx
-  Imports:
-  - FLTMGR.SYS
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: e4b50e44d1f12a47e18259b41074f126
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: ffdf660eb1ebf020a1d0a55a90712dfb
-    SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
-    SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
-  SHA1: 619413b5a6d6aeb4d58c409d54fe4a981dd7e4d9
-  SHA256: 3b19a7207a55d752db1b366b1dea2fd2c7620a825a3f0dcffca10af76611118c
-  Sections:
-    .text:
-      Entropy: 0.5506957255025183
-      Virtual Size: '0x1175f'
-    .rdata:
-      Entropy: 5.6576990953466355
-      Virtual Size: '0xefc'
-    .data:
-      Entropy: 4.83016604790065
-      Virtual Size: '0xf99'
-    .pdata:
-      Entropy: 7.668497280821529
-      Virtual Size: '0x504'
-    INIT:
-      Entropy: 5.086974531794904
-      Virtual Size: '0x1b2'
-    .be0:
-      Entropy: 7.705140843013303
-      Virtual Size: '0x2d1d64'
-    .reloc:
-      Entropy: 3.9853118430321675
-      Virtual Size: '0xb4'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: C=DE, ST=Baden,Wrttemberg, L=Reutlingen, O=BattlEye Innovations e.K.,
-        CN=BattlEye Innovations e.K.
-      ValidFrom: '2020-01-09 00:00:00'
-      ValidTo: '2021-11-24 12:00:00'
-      Signature: b1a7c0bb2039c7b1deaf066108bb0869c734792d70eab5f5e05241a32e331ba4cacb5be7b82db88fb7d213d24f97a921b937abc0a8f33e19d2a0797dd58475e72c2fad972873290f86cf7886cb536cf2b8a0ba25052a89be2857dcd77210303671e772117be71c042e3f913c4092d7ff716c410962949cd858e258ce06e90eac327be0eb9efd0191fcb498afe62285e819f071f88ee343e0f734a1f8f9eb54f894d86b9e91e0dc77df890851ef020bc464e93b888c7b19a0cc09e7489e7d76cca4adabaddecc37a247348eb86b57731fb1253cd9a952ea8cb6ac10be10dbc074d5f9f79505342252f45a5a11936b36a0bb945978d8534c4a48e7b5f263fba850
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 094dc9c3b9d09b4f1d07fa327100e5d5
-      Version: 3
-      TBS:
-        MD5: c91a4116374ff20074633022a6090b91
-        SHA1: b514fc31b903e3100c109b83f229da98fc1c668d
-        SHA256: fda57f4c9af500847bc36b92730b5df4c16d23b46bd8c379d400972bbb062632
-        SHA384: 50235ed2bcf548f675e120d3d8383dcae55e910e23f79144d4b9ea1aab987a7dc2bb757dccc66ce2b1f46df5cb04672d
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
-      Version: 3
-      TBS:
-        MD5: 829995f702421dea833a24fb2c7f4442
-        SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
-        SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
-        SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 094dc9c3b9d09b4f1d07fa327100e5d5
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      Version: 1
-  Imphash: e38cca61999fb8a0308c0eb798b07989
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 24b6bd1e14bebf28ec2b10d9f745fcdc
-    SHA1: 604d6b46e39d0a635fdc853c8260c4dd003baabc
-    SHA256: 9f742d827a2e203a4c9d8fccb1daf2e85d451761fc9c0acb962dd6c447ef10ca
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2020-09-22 17:16:05'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - FltGetRoutineAddress
-  - MmGetSystemRoutineAddress
-  - __C_specific_handler
-  - __chkstk
-  - MmMapLockedPagesSpecifyCache
-  - KeBugCheckEx
-  Imports:
-  - FLTMGR.SYS
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: 57cd52ed992b634e74d2ddf9853a73b3
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: ffdf660eb1ebf020a1d0a55a90712dfb
-    SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
-    SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
-  SHA1: 5c2262f9e160047b9f4dee53bbfd958ec27ec22e
-  SHA256: c0ae3349ebaac9a99c47ec55d5f7de00dc03bd7c5cd15799bc00646d642aa8de
-  Sections:
-    .text:
-      Entropy: 0.5361445391315913
-      Virtual Size: '0x1229f'
-    .rdata:
-      Entropy: 5.629664718178723
-      Virtual Size: '0xf8c'
-    .data:
-      Entropy: 4.82677671685864
-      Virtual Size: '0xfe1'
-    .pdata:
-      Entropy: 7.66667962377338
-      Virtual Size: '0x54c'
-    INIT:
-      Entropy: 5.105787428192094
-      Virtual Size: '0x1b2'
-    .be0:
-      Entropy: 7.724785247205171
-      Virtual Size: '0x2f7ba4'
-    .reloc:
-      Entropy: 3.8750614369752294
-      Virtual Size: '0xa4'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: C=DE, ST=Baden,Wrttemberg, L=Reutlingen, O=BattlEye Innovations e.K.,
-        CN=BattlEye Innovations e.K.
-      ValidFrom: '2020-01-09 00:00:00'
-      ValidTo: '2021-11-24 12:00:00'
-      Signature: b1a7c0bb2039c7b1deaf066108bb0869c734792d70eab5f5e05241a32e331ba4cacb5be7b82db88fb7d213d24f97a921b937abc0a8f33e19d2a0797dd58475e72c2fad972873290f86cf7886cb536cf2b8a0ba25052a89be2857dcd77210303671e772117be71c042e3f913c4092d7ff716c410962949cd858e258ce06e90eac327be0eb9efd0191fcb498afe62285e819f071f88ee343e0f734a1f8f9eb54f894d86b9e91e0dc77df890851ef020bc464e93b888c7b19a0cc09e7489e7d76cca4adabaddecc37a247348eb86b57731fb1253cd9a952ea8cb6ac10be10dbc074d5f9f79505342252f45a5a11936b36a0bb945978d8534c4a48e7b5f263fba850
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 094dc9c3b9d09b4f1d07fa327100e5d5
-      Version: 3
-      TBS:
-        MD5: c91a4116374ff20074633022a6090b91
-        SHA1: b514fc31b903e3100c109b83f229da98fc1c668d
-        SHA256: fda57f4c9af500847bc36b92730b5df4c16d23b46bd8c379d400972bbb062632
-        SHA384: 50235ed2bcf548f675e120d3d8383dcae55e910e23f79144d4b9ea1aab987a7dc2bb757dccc66ce2b1f46df5cb04672d
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
-      Version: 3
-      TBS:
-        MD5: 829995f702421dea833a24fb2c7f4442
-        SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
-        SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
-        SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 094dc9c3b9d09b4f1d07fa327100e5d5
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      Version: 1
-  Imphash: e38cca61999fb8a0308c0eb798b07989
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 96d64636bf6a8d855ee56021e9bf2ca3
-    SHA1: 344bcc6e97ec8026c1684bb97c58fa37973176a0
-    SHA256: facc577070cf72cb8d9247e36054fcb30c60a35ae056cffac7411648c513e642
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2020-10-29 23:47:48'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - FltGetRoutineAddress
-  - MmGetSystemRoutineAddress
-  - __C_specific_handler
-  - __chkstk
-  - MmMapLockedPagesSpecifyCache
-  - KeBugCheckEx
-  Imports:
-  - FLTMGR.SYS
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: 9945823e9846724c70d2f8d66a403300
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: ffdf660eb1ebf020a1d0a55a90712dfb
-    SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
-    SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
-  SHA1: 4c16dcc7e6d7dd29a5f6600e50fc01a272c940e1
-  SHA256: fa21e3d2bfb9fafddec0488852377fbb2dbdd6c066ca05bb5c4b6aa840fb7879
-  Sections:
-    .text:
-      Entropy: 0.5257113953107382
-      Virtual Size: '0x12b5f'
-    .rdata:
-      Entropy: 5.68660965309926
-      Virtual Size: '0x1014'
-    .data:
-      Entropy: 4.829208577205977
-      Virtual Size: '0xfe1'
-    .pdata:
-      Entropy: 7.734303960043426
-      Virtual Size: '0x570'
-    INIT:
-      Entropy: 5.09821379575476
-      Virtual Size: '0x1b2'
-    .be0:
-      Entropy: 7.714005047268491
-      Virtual Size: '0x315a3c'
-    .reloc:
-      Entropy: 3.9034484120039985
-      Virtual Size: '0xa4'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: C=DE, ST=Baden,Wrttemberg, L=Reutlingen, O=BattlEye Innovations e.K.,
-        CN=BattlEye Innovations e.K.
-      ValidFrom: '2020-01-09 00:00:00'
-      ValidTo: '2021-11-24 12:00:00'
-      Signature: b1a7c0bb2039c7b1deaf066108bb0869c734792d70eab5f5e05241a32e331ba4cacb5be7b82db88fb7d213d24f97a921b937abc0a8f33e19d2a0797dd58475e72c2fad972873290f86cf7886cb536cf2b8a0ba25052a89be2857dcd77210303671e772117be71c042e3f913c4092d7ff716c410962949cd858e258ce06e90eac327be0eb9efd0191fcb498afe62285e819f071f88ee343e0f734a1f8f9eb54f894d86b9e91e0dc77df890851ef020bc464e93b888c7b19a0cc09e7489e7d76cca4adabaddecc37a247348eb86b57731fb1253cd9a952ea8cb6ac10be10dbc074d5f9f79505342252f45a5a11936b36a0bb945978d8534c4a48e7b5f263fba850
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 094dc9c3b9d09b4f1d07fa327100e5d5
-      Version: 3
-      TBS:
-        MD5: c91a4116374ff20074633022a6090b91
-        SHA1: b514fc31b903e3100c109b83f229da98fc1c668d
-        SHA256: fda57f4c9af500847bc36b92730b5df4c16d23b46bd8c379d400972bbb062632
-        SHA384: 50235ed2bcf548f675e120d3d8383dcae55e910e23f79144d4b9ea1aab987a7dc2bb757dccc66ce2b1f46df5cb04672d
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
-      Version: 3
-      TBS:
-        MD5: 829995f702421dea833a24fb2c7f4442
-        SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
-        SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
-        SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 094dc9c3b9d09b4f1d07fa327100e5d5
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      Version: 1
-  Imphash: e38cca61999fb8a0308c0eb798b07989
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 8073baae1a8124bd231f1ee431e78ee4
-    SHA1: b72d85f73296f5ef58082050db39ca5f80b932c0
-    SHA256: c29e726448ad3e6452b5d186afb4668e6fcc942be512fe25ed72cfa1b73a6007
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2020-06-18 18:56:38'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - FltGetRoutineAddress
-  - MmGetSystemRoutineAddress
-  - __C_specific_handler
-  - __chkstk
-  - MmMapLockedPagesSpecifyCache
-  - KeBugCheckEx
-  Imports:
-  - FLTMGR.SYS
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: 5eabc87416f59e894adfde065d0405fa
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: ffdf660eb1ebf020a1d0a55a90712dfb
-    SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
-    SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
-  SHA1: 928b9b180ff5deb9f9dd3a38c4758bcf09298c47
-  SHA256: 5d7bfe05792189eaf7193bee85f0c792c33315cfcb40b2e62cc7baef6cafbc5c
-  Sections:
-    .text:
-      Entropy: 0.5472828949769933
-      Virtual Size: '0x1191f'
-    .rdata:
-      Entropy: 5.683109691048882
-      Virtual Size: '0xf1c'
-    .data:
-      Entropy: 4.83407229790065
-      Virtual Size: '0xfc9'
-    .pdata:
-      Entropy: 7.67540928009732
-      Virtual Size: '0x504'
-    INIT:
-      Entropy: 5.082366236864028
-      Virtual Size: '0x1b2'
-    .be0:
-      Entropy: 7.703501828800891
-      Virtual Size: '0x2d3c14'
-    .reloc:
-      Entropy: 3.9854590055548593
-      Virtual Size: '0xb0'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: C=DE, ST=Baden,Wrttemberg, L=Reutlingen, O=BattlEye Innovations e.K.,
-        CN=BattlEye Innovations e.K.
-      ValidFrom: '2020-01-09 00:00:00'
-      ValidTo: '2021-11-24 12:00:00'
-      Signature: b1a7c0bb2039c7b1deaf066108bb0869c734792d70eab5f5e05241a32e331ba4cacb5be7b82db88fb7d213d24f97a921b937abc0a8f33e19d2a0797dd58475e72c2fad972873290f86cf7886cb536cf2b8a0ba25052a89be2857dcd77210303671e772117be71c042e3f913c4092d7ff716c410962949cd858e258ce06e90eac327be0eb9efd0191fcb498afe62285e819f071f88ee343e0f734a1f8f9eb54f894d86b9e91e0dc77df890851ef020bc464e93b888c7b19a0cc09e7489e7d76cca4adabaddecc37a247348eb86b57731fb1253cd9a952ea8cb6ac10be10dbc074d5f9f79505342252f45a5a11936b36a0bb945978d8534c4a48e7b5f263fba850
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 094dc9c3b9d09b4f1d07fa327100e5d5
-      Version: 3
-      TBS:
-        MD5: c91a4116374ff20074633022a6090b91
-        SHA1: b514fc31b903e3100c109b83f229da98fc1c668d
-        SHA256: fda57f4c9af500847bc36b92730b5df4c16d23b46bd8c379d400972bbb062632
-        SHA384: 50235ed2bcf548f675e120d3d8383dcae55e910e23f79144d4b9ea1aab987a7dc2bb757dccc66ce2b1f46df5cb04672d
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
-      Version: 3
-      TBS:
-        MD5: 829995f702421dea833a24fb2c7f4442
-        SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
-        SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
-        SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 094dc9c3b9d09b4f1d07fa327100e5d5
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      Version: 1
-  Imphash: e38cca61999fb8a0308c0eb798b07989
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 3dad3438a45b30a52d10447f2bed9dbf
-    SHA1: 8b20c1ee70505588cdf27f5b1cf4bf1ce2ef3dd6
-    SHA256: 8483c5dc2323306d4ee3685b7e90a4c11e11b01d04cb607e0bc5aad368fd3c6e
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2018-08-20 01:12:46'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - FltGetRoutineAddress
-  - MmGetSystemRoutineAddress
-  - __C_specific_handler
-  - __chkstk
-  - MmMapLockedPagesSpecifyCache
-  - KeBugCheckEx
-  Imports:
-  - FLTMGR.SYS
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: eba6b88bc7bca21658bda9533f0bbff8
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: ffdf660eb1ebf020a1d0a55a90712dfb
-    SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
-    SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
-  SHA1: c8674fe95460a37819e06d9df304254931033ca7
-  SHA256: 7c830ed39c9de8fe711632bf44846615f84b10db383f47b7d7c9db29a2bd829a
-  Sections:
-    .text:
-      Entropy: 0.571086896150577
-      Virtual Size: '0xc06f'
-    .rdata:
-      Entropy: 5.727103265357244
-      Virtual Size: '0xaa4'
-    .data:
-      Entropy: 4.472915454919098
-      Virtual Size: '0xb51'
-    .pdata:
-      Entropy: 7.672719642712553
-      Virtual Size: '0x390'
-    .gfids:
-      Entropy: 1.5
-      Virtual Size: '0x4'
-    INIT:
-      Entropy: 5.068105640956714
-      Virtual Size: '0x1b2'
-    .be0:
-      Entropy: 7.620608145905546
-      Virtual Size: '0x24692c'
-    .reloc:
-      Entropy: 3.8982383158860956
-      Virtual Size: '0x98'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: C=DE, ST=Baden,Wrttemberg, L=Tbingen, O=BattlEye Innovations e.K.,
-        CN=BattlEye Innovations e.K.
-      ValidFrom: '2015-11-10 00:00:00'
-      ValidTo: '2018-11-14 12:00:00'
-      Signature: 7368669bfdfd637b702798e8920e2f53b20963a630c1c12b3701c507a88ac20ed9b70a65ff811f92eeb139af460238cb81b01def55e8081a7f81e0587cd31703c883e2ad53a9f41152710ddbe52b31e715cb533a3030977097a6056813fb0f1cb6a35da6e98679b8c15f3d67db27fd0db7f4147baf6105c37cafd621e557c16d3f3827afff4c99525c0f66415066e91b02b9d283793f995f9d23125fb6b6d21dc9f54924df9747036bd5c83ee1c58edafab83f1e166a6f4374b1a887b7e0d256fa1583e6b13d2be0ad7ad9e7cf2703f66df3413f016544068a6a1f2af9e691e9dde836444f7b42da5394837a72bfa2830f6b9b600c9b55055a5629b2d50e9e07
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0f5a57726999506b6f93fd9a150b88fa
-      Version: 3
-      TBS:
-        MD5: ce9b7df7ccbb74619a38ab27993cac4a
-        SHA1: a7a50e97b1eb82aede99df2bbdd77a0ee638d7c0
-        SHA256: 320f980020cbfb6b87abeaac03b2f1394e2fe5ff0f58d9c8b5afa500fce79099
-        SHA384: c849398347d2f1df8c61b85b544cf2545f1ca4c48cf55fb43d56968ff27882d892abacb6374eecf593e0e9eb00ea37d7
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
-      Version: 3
-      TBS:
-        MD5: 829995f702421dea833a24fb2c7f4442
-        SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
-        SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
-        SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 0f5a57726999506b6f93fd9a150b88fa
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      Version: 1
-  Imphash: e38cca61999fb8a0308c0eb798b07989
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 2cc0df9191b874e7821a7d7bf292800f
-    SHA1: 6a6529fbb133c9535692d92148629418e2bc315e
-    SHA256: b5603b60137fed0dfcc95ec10563b0d5fa2e033944019ba5f338f7f7bd2aa45b
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2018-06-03 17:43:21'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - FltGetRoutineAddress
-  - MmGetSystemRoutineAddress
-  - __C_specific_handler
-  - __chkstk
-  - MmMapLockedPagesSpecifyCache
-  - KeBugCheckEx
-  Imports:
-  - FLTMGR.SYS
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: a5deee418b7b580ca89db8a871dc1645
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: ffdf660eb1ebf020a1d0a55a90712dfb
-    SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
-    SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
-  SHA1: a38aac44ee232fb50a6abf145e8dd921ca3e7d78
-  SHA256: 773999db2f07c50aad70e50c1983fa95804369d25a5b4f10bd610f864c27f2fc
-  Sections:
-    .text:
-      Entropy: 0.68087738204559
-      Virtual Size: '0x9357'
-    .rdata:
-      Entropy: 5.767806597887865
-      Virtual Size: '0x78c'
-    .data:
-      Entropy: 4.472915454919098
-      Virtual Size: '0x969'
-    .pdata:
-      Entropy: 7.62496404255739
-      Virtual Size: '0x258'
-    .gfids:
-      Entropy: 1.5
-      Virtual Size: '0x4'
-    INIT:
-      Entropy: 4.987569684524499
-      Virtual Size: '0x1b2'
-    .be0:
-      Entropy: 7.553684636973308
-      Virtual Size: '0x1f16ec'
-    .reloc:
-      Entropy: 3.802421828259079
-      Virtual Size: '0xa4'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: C=DE, ST=Baden,Wrttemberg, L=Tbingen, O=BattlEye Innovations e.K.,
-        CN=BattlEye Innovations e.K.
-      ValidFrom: '2015-11-10 00:00:00'
-      ValidTo: '2018-11-14 12:00:00'
-      Signature: 7368669bfdfd637b702798e8920e2f53b20963a630c1c12b3701c507a88ac20ed9b70a65ff811f92eeb139af460238cb81b01def55e8081a7f81e0587cd31703c883e2ad53a9f41152710ddbe52b31e715cb533a3030977097a6056813fb0f1cb6a35da6e98679b8c15f3d67db27fd0db7f4147baf6105c37cafd621e557c16d3f3827afff4c99525c0f66415066e91b02b9d283793f995f9d23125fb6b6d21dc9f54924df9747036bd5c83ee1c58edafab83f1e166a6f4374b1a887b7e0d256fa1583e6b13d2be0ad7ad9e7cf2703f66df3413f016544068a6a1f2af9e691e9dde836444f7b42da5394837a72bfa2830f6b9b600c9b55055a5629b2d50e9e07
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0f5a57726999506b6f93fd9a150b88fa
-      Version: 3
-      TBS:
-        MD5: ce9b7df7ccbb74619a38ab27993cac4a
-        SHA1: a7a50e97b1eb82aede99df2bbdd77a0ee638d7c0
-        SHA256: 320f980020cbfb6b87abeaac03b2f1394e2fe5ff0f58d9c8b5afa500fce79099
-        SHA384: c849398347d2f1df8c61b85b544cf2545f1ca4c48cf55fb43d56968ff27882d892abacb6374eecf593e0e9eb00ea37d7
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
-      Version: 3
-      TBS:
-        MD5: 829995f702421dea833a24fb2c7f4442
-        SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
-        SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
-        SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 0f5a57726999506b6f93fd9a150b88fa
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      Version: 1
-  Imphash: e38cca61999fb8a0308c0eb798b07989
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: b56b5360b0e294d26c840bf3ad8c6ad4
-    SHA1: 489cb134ee754835a6a9c0d202e67e05434d8b95
-    SHA256: fc7d726e0e803bb38c0f9e910d91970c3dd7444ace1c071381e2e06939616205
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2020-03-25 08:47:09'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - FltGetRoutineAddress
-  - MmGetSystemRoutineAddress
-  - __C_specific_handler
-  - __chkstk
-  - MmMapLockedPagesSpecifyCache
-  - KeBugCheckEx
-  Imports:
-  - FLTMGR.SYS
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: 6917ef5d483ed30be14f8085eaef521b
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: ffdf660eb1ebf020a1d0a55a90712dfb
-    SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
-    SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
-  SHA1: d8adf4f02513367c2b273abb0bc02f7eb3a5ef19
-  SHA256: 4ba224af60a50cad10d0091c89134c72fc021da8d34a6f25c4827184dc6ca5c7
-  Sections:
-    .text:
-      Entropy: 0.5521572557586151
-      Virtual Size: '0x1161f'
-    .rdata:
-      Entropy: 5.632774852694186
-      Virtual Size: '0xef4'
-    .data:
-      Entropy: 4.83016604790065
-      Virtual Size: '0xf99'
-    .pdata:
-      Entropy: 7.805620930518361
-      Virtual Size: '0x504'
-    INIT:
-      Entropy: 5.086974531794905
-      Virtual Size: '0x1b2'
-    .be0:
-      Entropy: 7.704941175897973
-      Virtual Size: '0x2cdc74'
-    .reloc:
-      Entropy: 3.77777634939276
-      Virtual Size: '0xe0'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: C=DE, ST=Baden,Wrttemberg, L=Reutlingen, O=BattlEye Innovations e.K.,
-        CN=BattlEye Innovations e.K.
-      ValidFrom: '2020-01-09 00:00:00'
-      ValidTo: '2021-11-24 12:00:00'
-      Signature: b1a7c0bb2039c7b1deaf066108bb0869c734792d70eab5f5e05241a32e331ba4cacb5be7b82db88fb7d213d24f97a921b937abc0a8f33e19d2a0797dd58475e72c2fad972873290f86cf7886cb536cf2b8a0ba25052a89be2857dcd77210303671e772117be71c042e3f913c4092d7ff716c410962949cd858e258ce06e90eac327be0eb9efd0191fcb498afe62285e819f071f88ee343e0f734a1f8f9eb54f894d86b9e91e0dc77df890851ef020bc464e93b888c7b19a0cc09e7489e7d76cca4adabaddecc37a247348eb86b57731fb1253cd9a952ea8cb6ac10be10dbc074d5f9f79505342252f45a5a11936b36a0bb945978d8534c4a48e7b5f263fba850
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 094dc9c3b9d09b4f1d07fa327100e5d5
-      Version: 3
-      TBS:
-        MD5: c91a4116374ff20074633022a6090b91
-        SHA1: b514fc31b903e3100c109b83f229da98fc1c668d
-        SHA256: fda57f4c9af500847bc36b92730b5df4c16d23b46bd8c379d400972bbb062632
-        SHA384: 50235ed2bcf548f675e120d3d8383dcae55e910e23f79144d4b9ea1aab987a7dc2bb757dccc66ce2b1f46df5cb04672d
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
-      Version: 3
-      TBS:
-        MD5: 829995f702421dea833a24fb2c7f4442
-        SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
-        SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
-        SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 094dc9c3b9d09b4f1d07fa327100e5d5
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      Version: 1
-  Imphash: e38cca61999fb8a0308c0eb798b07989
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 89210e34f569d4a83649220f95cf14bd
-    SHA1: 427ddaccca98cfda7f6778da1e7ff824c9b49ff8
-    SHA256: 1933f27ebebde55942291381219497019077548a074e8dcdb120c94df1a2489e
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2020-09-16 15:21:46'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - FltGetRoutineAddress
-  - MmGetSystemRoutineAddress
-  - __C_specific_handler
-  - __chkstk
-  - MmMapLockedPagesSpecifyCache
-  - KeBugCheckEx
-  Imports:
-  - FLTMGR.SYS
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: c9cb486b4f652c9cfb8411803f8ed5f0
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: ffdf660eb1ebf020a1d0a55a90712dfb
-    SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
-    SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
-  SHA1: f2ce790bf47b01a7e1ef5291d8fa341d5f66883a
-  SHA256: f2ed6c1906663016123559d9f3407bc67f64e0d235fa6f10810a3fa7bb322967
-  Sections:
-    .text:
-      Entropy: 0.5378117748227611
-      Virtual Size: '0x1221f'
-    .rdata:
-      Entropy: 5.678368223492464
-      Virtual Size: '0xf84'
-    .data:
-      Entropy: 4.82677671685864
-      Virtual Size: '0xfe1'
-    .pdata:
-      Entropy: 7.733801079430733
-      Virtual Size: '0x54c'
-    INIT:
-      Entropy: 5.086781322027377
-      Virtual Size: '0x1b2'
-    .be0:
-      Entropy: 7.74798400991112
-      Virtual Size: '0x2f5db4'
-    .reloc:
-      Entropy: 4.060953076451466
-      Virtual Size: '0xb0'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: C=DE, ST=Baden,Wrttemberg, L=Reutlingen, O=BattlEye Innovations e.K.,
-        CN=BattlEye Innovations e.K.
-      ValidFrom: '2020-01-09 00:00:00'
-      ValidTo: '2021-11-24 12:00:00'
-      Signature: b1a7c0bb2039c7b1deaf066108bb0869c734792d70eab5f5e05241a32e331ba4cacb5be7b82db88fb7d213d24f97a921b937abc0a8f33e19d2a0797dd58475e72c2fad972873290f86cf7886cb536cf2b8a0ba25052a89be2857dcd77210303671e772117be71c042e3f913c4092d7ff716c410962949cd858e258ce06e90eac327be0eb9efd0191fcb498afe62285e819f071f88ee343e0f734a1f8f9eb54f894d86b9e91e0dc77df890851ef020bc464e93b888c7b19a0cc09e7489e7d76cca4adabaddecc37a247348eb86b57731fb1253cd9a952ea8cb6ac10be10dbc074d5f9f79505342252f45a5a11936b36a0bb945978d8534c4a48e7b5f263fba850
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 094dc9c3b9d09b4f1d07fa327100e5d5
-      Version: 3
-      TBS:
-        MD5: c91a4116374ff20074633022a6090b91
-        SHA1: b514fc31b903e3100c109b83f229da98fc1c668d
-        SHA256: fda57f4c9af500847bc36b92730b5df4c16d23b46bd8c379d400972bbb062632
-        SHA384: 50235ed2bcf548f675e120d3d8383dcae55e910e23f79144d4b9ea1aab987a7dc2bb757dccc66ce2b1f46df5cb04672d
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
-      Version: 3
-      TBS:
-        MD5: 829995f702421dea833a24fb2c7f4442
-        SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
-        SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
-        SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 094dc9c3b9d09b4f1d07fa327100e5d5
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      Version: 1
-  Imphash: e38cca61999fb8a0308c0eb798b07989
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 043864883d69e1ff2c94a9e6a700c5f3
-    SHA1: 28f9f951c83666c0a84493e2646693bfa0d227bb
-    SHA256: 55f736e288a101c08b7245ccafe158f5a2e6f0a581f49a87d24e5cbbde8961e1
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2019-01-24 21:54:37'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - FltGetRoutineAddress
-  - MmGetSystemRoutineAddress
-  - __C_specific_handler
-  - __chkstk
-  - MmMapLockedPagesSpecifyCache
-  - KeBugCheckEx
-  Imports:
-  - FLTMGR.SYS
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: e6eaee1b3e41f404c289e22df66ef66b
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: ffdf660eb1ebf020a1d0a55a90712dfb
-    SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
-    SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
-  SHA1: a23a0627297a71a4414193e12a8c074e7bbb8a2e
-  SHA256: 7108613244f16c2279c3c917aa49cef8acf0b92fdaa9ace19bf5cf634360d727
-  Sections:
-    .text:
-      Entropy: 0.6029159211175042
-      Virtual Size: '0xea2f'
-    .rdata:
-      Entropy: 5.765734377488187
-      Virtual Size: '0xcbc'
-    .data:
-      Entropy: 4.711022235914581
-      Virtual Size: '0xca1'
-    .pdata:
-      Entropy: 7.64195331970641
-      Virtual Size: '0x438'
-    .gfids:
-      Entropy: 1.5
-      Virtual Size: '0x4'
-    INIT:
-      Entropy: 5.066779736168507
-      Virtual Size: '0x1b2'
-    .be0:
-      Entropy: 7.641895852447818
-      Virtual Size: '0x26f3c0'
-    .reloc:
-      Entropy: 3.8887424454267845
-      Virtual Size: '0xb0'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: C=DE, ST=Baden,Wrttemberg, L=Reutlingen, O=BattlEye Innovations e.K.,
-        CN=BattlEye Innovations e.K.
-      ValidFrom: '2018-11-09 00:00:00'
-      ValidTo: '2019-12-31 12:00:00'
-      Signature: 0e1391b52a7dcdcd6e5f1a2e5e98d07fea5314cc4a43b404bcd7e742cf86c6f14beeb1fa766c7c6370fb6bb0f866f43259fa5cd0921b3d094e296ef0b6d529b77b23f5fc3ffc0d7f86295542360a353fe494a90f8d98721c5c9db07d0a8e945be7460ff1a2d78946ac8be50cc85e2d3f148aa13bbba594df6ebf92ff51f22816724045dc0246d43a69393b26c0189e2139a1424a693c111ea1aa5cc6db4ff08cbf1eba10145fe6a35852a6cf1a3ccf7e15568cd62daa91bd7245def0bfb8c885f0507768e0453504403c40a2c74e20c637db0e8bb4c9d5f68153e7d6cb50bbfbd9137c3801dea2264626885501b48652bb0bd75c834f07676e14dfa3bec8ee4f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 060323c3204df4501ea15b73390dd856
-      Version: 3
-      TBS:
-        MD5: 92a5605ad9f5e70845ba94ce69497daf
-        SHA1: f8a4a34935c94181552bb1234efdc495551be6bc
-        SHA256: 161cb49b11bf44ed701c827c37583768771ed9066e0fb8f7ab5b3768296eae70
-        SHA384: 1e3a6de3e866ff92b95b63b0bfb74810952db516d7fec925c281acbe00fe8008a0f8bdd2d3fc30d354fd0fb785dfc598
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
-      Version: 3
-      TBS:
-        MD5: 829995f702421dea833a24fb2c7f4442
-        SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
-        SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
-        SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 060323c3204df4501ea15b73390dd856
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      Version: 1
-  Imphash: e38cca61999fb8a0308c0eb798b07989
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 9c10517dc293a376373a7b1e711e4faa
-    SHA1: 2090e9738915845d1171561cb01d15cd043e80cf
-    SHA256: 93f787e33a663311a6a553db1c7d7e5b3f4cd20b0b7725b35dbd0dd67308cef4
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2020-02-18 17:28:29'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - FltGetRoutineAddress
-  - MmGetSystemRoutineAddress
-  - __C_specific_handler
-  - __chkstk
-  - MmMapLockedPagesSpecifyCache
-  - KeBugCheckEx
-  Imports:
-  - FLTMGR.SYS
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: be5f46fd1056f02a7a241e052fa5888f
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: ffdf660eb1ebf020a1d0a55a90712dfb
-    SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
-    SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
-  SHA1: b34fc245d561905c06a8058753d25244aaecbb61
-  SHA256: 8ae383546761069b26826dfbf2ac0233169d155bca6a94160488092b4e70b222
-  Sections:
-    .text:
-      Entropy: 0.560877583076083
-      Virtual Size: '0x1115f'
-    .rdata:
-      Entropy: 5.598360942050186
-      Virtual Size: '0xe9c'
-    .data:
-      Entropy: 4.839452937553313
-      Virtual Size: '0x1161'
-    .pdata:
-      Entropy: 7.740776408657055
-      Virtual Size: '0x4ec'
-    INIT:
-      Entropy: 5.095351195443289
-      Virtual Size: '0x1b2'
-    .be0:
-      Entropy: 7.718793925627918
-      Virtual Size: '0x2bec64'
-    .reloc:
-      Entropy: 3.782078663170565
-      Virtual Size: '0xd4'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: C=DE, ST=Baden,Wrttemberg, L=Reutlingen, O=BattlEye Innovations e.K.,
-        CN=BattlEye Innovations e.K.
-      ValidFrom: '2020-01-09 00:00:00'
-      ValidTo: '2021-11-24 12:00:00'
-      Signature: b1a7c0bb2039c7b1deaf066108bb0869c734792d70eab5f5e05241a32e331ba4cacb5be7b82db88fb7d213d24f97a921b937abc0a8f33e19d2a0797dd58475e72c2fad972873290f86cf7886cb536cf2b8a0ba25052a89be2857dcd77210303671e772117be71c042e3f913c4092d7ff716c410962949cd858e258ce06e90eac327be0eb9efd0191fcb498afe62285e819f071f88ee343e0f734a1f8f9eb54f894d86b9e91e0dc77df890851ef020bc464e93b888c7b19a0cc09e7489e7d76cca4adabaddecc37a247348eb86b57731fb1253cd9a952ea8cb6ac10be10dbc074d5f9f79505342252f45a5a11936b36a0bb945978d8534c4a48e7b5f263fba850
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 094dc9c3b9d09b4f1d07fa327100e5d5
-      Version: 3
-      TBS:
-        MD5: c91a4116374ff20074633022a6090b91
-        SHA1: b514fc31b903e3100c109b83f229da98fc1c668d
-        SHA256: fda57f4c9af500847bc36b92730b5df4c16d23b46bd8c379d400972bbb062632
-        SHA384: 50235ed2bcf548f675e120d3d8383dcae55e910e23f79144d4b9ea1aab987a7dc2bb757dccc66ce2b1f46df5cb04672d
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
-      Version: 3
-      TBS:
-        MD5: 829995f702421dea833a24fb2c7f4442
-        SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
-        SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
-        SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 094dc9c3b9d09b4f1d07fa327100e5d5
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      Version: 1
-  Imphash: e38cca61999fb8a0308c0eb798b07989
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 1a22dcc55fa79a2c8255a529f7e55d94
-    SHA1: 0cf32234e257819204c2881fa579f16f29df7984
-    SHA256: fb467e8c9edf1ac9ddabbc666cd48fc37b05e9d9390bb347504c899e15bce4d8
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2020-10-26 18:55:10'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - FltGetRoutineAddress
-  - MmGetSystemRoutineAddress
-  - __C_specific_handler
-  - __chkstk
-  - MmMapLockedPagesSpecifyCache
-  - KeBugCheckEx
-  Imports:
-  - FLTMGR.SYS
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: 5e9d5c59ba1f1060f53909c129df3355
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: ffdf660eb1ebf020a1d0a55a90712dfb
-    SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
-    SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
-  SHA1: ca4d2bd6022f71e1a48b08728c0ac83c68e91281
-  SHA256: 0bd164da36bd637bb76ca66602d732af912bd9299cb3d520d26db528cb54826d
-  Sections:
-    .text:
-      Entropy: 0.5262446948944841
-      Virtual Size: '0x12b1f'
-    .rdata:
-      Entropy: 5.6852068201887835
-      Virtual Size: '0x1014'
-    .data:
-      Entropy: 4.831640437553313
-      Virtual Size: '0xfe1'
-    .pdata:
-      Entropy: 7.586723826555238
-      Virtual Size: '0x570'
-    INIT:
-      Entropy: 5.103148610155857
-      Virtual Size: '0x1b2'
-    .be0:
-      Entropy: 7.76668582946825
-      Virtual Size: '0x31547c'
-    .reloc:
-      Entropy: 3.971128707763775
-      Virtual Size: '0xc8'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: C=DE, ST=Baden,Wrttemberg, L=Reutlingen, O=BattlEye Innovations e.K.,
-        CN=BattlEye Innovations e.K.
-      ValidFrom: '2020-01-09 00:00:00'
-      ValidTo: '2021-11-24 12:00:00'
-      Signature: b1a7c0bb2039c7b1deaf066108bb0869c734792d70eab5f5e05241a32e331ba4cacb5be7b82db88fb7d213d24f97a921b937abc0a8f33e19d2a0797dd58475e72c2fad972873290f86cf7886cb536cf2b8a0ba25052a89be2857dcd77210303671e772117be71c042e3f913c4092d7ff716c410962949cd858e258ce06e90eac327be0eb9efd0191fcb498afe62285e819f071f88ee343e0f734a1f8f9eb54f894d86b9e91e0dc77df890851ef020bc464e93b888c7b19a0cc09e7489e7d76cca4adabaddecc37a247348eb86b57731fb1253cd9a952ea8cb6ac10be10dbc074d5f9f79505342252f45a5a11936b36a0bb945978d8534c4a48e7b5f263fba850
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 094dc9c3b9d09b4f1d07fa327100e5d5
-      Version: 3
-      TBS:
-        MD5: c91a4116374ff20074633022a6090b91
-        SHA1: b514fc31b903e3100c109b83f229da98fc1c668d
-        SHA256: fda57f4c9af500847bc36b92730b5df4c16d23b46bd8c379d400972bbb062632
-        SHA384: 50235ed2bcf548f675e120d3d8383dcae55e910e23f79144d4b9ea1aab987a7dc2bb757dccc66ce2b1f46df5cb04672d
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
-      Version: 3
-      TBS:
-        MD5: 829995f702421dea833a24fb2c7f4442
-        SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
-        SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
-        SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 094dc9c3b9d09b4f1d07fa327100e5d5
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      Version: 1
-  Imphash: e38cca61999fb8a0308c0eb798b07989
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: d9b5ead8e8216d9dfa63835428e99038
-    SHA1: bd3558fb46fcb2165f4965f3ba08a0640e9259ef
-    SHA256: ac76256f8ca6608abe84ca194d46bc581706ecc6813e1abe5fa2b6cc3b4bdade
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2020-03-04 01:52:30'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - FltGetRoutineAddress
-  - MmGetSystemRoutineAddress
-  - __C_specific_handler
-  - __chkstk
-  - MmMapLockedPagesSpecifyCache
-  - KeBugCheckEx
-  Imports:
-  - FLTMGR.SYS
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: 2315a8919cfb167e718d8c788ed3ceca
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: ffdf660eb1ebf020a1d0a55a90712dfb
-    SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
-    SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
-  SHA1: 40abf7edb4c76fb3f22418f03198151c5363f1cb
-  SHA256: 9e2622d8e7a0ec136ba1fff639833f05137f8a1ff03e7a93b9a4aea25e7abb8d
-  Sections:
-    .text:
-      Entropy: 0.5602027352677121
-      Virtual Size: '0x1125f'
-    .rdata:
-      Entropy: 5.584373909094189
-      Virtual Size: '0xe94'
-    .data:
-      Entropy: 4.827734187553314
-      Virtual Size: '0x11a1'
-    .pdata:
-      Entropy: 7.671630254302685
-      Virtual Size: '0x4ec'
-    INIT:
-      Entropy: 5.0907429005124145
-      Virtual Size: '0x1b2'
-    .be0:
-      Entropy: 7.706695950727811
-      Virtual Size: '0x2c0564'
-    .reloc:
-      Entropy: 3.8753887528118494
-      Virtual Size: '0xc8'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: C=DE, ST=Baden,Wrttemberg, L=Reutlingen, O=BattlEye Innovations e.K.,
-        CN=BattlEye Innovations e.K.
-      ValidFrom: '2020-01-09 00:00:00'
-      ValidTo: '2021-11-24 12:00:00'
-      Signature: b1a7c0bb2039c7b1deaf066108bb0869c734792d70eab5f5e05241a32e331ba4cacb5be7b82db88fb7d213d24f97a921b937abc0a8f33e19d2a0797dd58475e72c2fad972873290f86cf7886cb536cf2b8a0ba25052a89be2857dcd77210303671e772117be71c042e3f913c4092d7ff716c410962949cd858e258ce06e90eac327be0eb9efd0191fcb498afe62285e819f071f88ee343e0f734a1f8f9eb54f894d86b9e91e0dc77df890851ef020bc464e93b888c7b19a0cc09e7489e7d76cca4adabaddecc37a247348eb86b57731fb1253cd9a952ea8cb6ac10be10dbc074d5f9f79505342252f45a5a11936b36a0bb945978d8534c4a48e7b5f263fba850
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 094dc9c3b9d09b4f1d07fa327100e5d5
-      Version: 3
-      TBS:
-        MD5: c91a4116374ff20074633022a6090b91
-        SHA1: b514fc31b903e3100c109b83f229da98fc1c668d
-        SHA256: fda57f4c9af500847bc36b92730b5df4c16d23b46bd8c379d400972bbb062632
-        SHA384: 50235ed2bcf548f675e120d3d8383dcae55e910e23f79144d4b9ea1aab987a7dc2bb757dccc66ce2b1f46df5cb04672d
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
-      Version: 3
-      TBS:
-        MD5: 829995f702421dea833a24fb2c7f4442
-        SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
-        SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
-        SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 094dc9c3b9d09b4f1d07fa327100e5d5
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      Version: 1
-  Imphash: e38cca61999fb8a0308c0eb798b07989
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 6c1ab3f6531a440ad85b7e7d8717bac8
-    SHA1: b52b9bec86703af89322ebbc412dc499fa9ca13e
-    SHA256: df101558cf68e3f50fb468248699e6f3938be7a893680bd4803fc2afe20bfd78
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2019-11-15 00:57:13'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - FltGetRoutineAddress
-  - MmGetSystemRoutineAddress
-  - __C_specific_handler
-  - __chkstk
-  - MmMapLockedPagesSpecifyCache
-  - KeBugCheckEx
-  Imports:
-  - FLTMGR.SYS
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: b17fb1ad5e880467cf7e61b1ee8e3448
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: ffdf660eb1ebf020a1d0a55a90712dfb
-    SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
-    SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
-  SHA1: 0634878c3f6048a38ec82869d7c6df2f69f3e210
-  SHA256: c35f3a9da8e81e75642af20103240618b641d39724f9df438bf0f361122876b0
-  Sections:
-    .text:
-      Entropy: 0.6276836468252875
-      Virtual Size: '0x101ef'
-    .rdata:
-      Entropy: 5.76513015324454
-      Virtual Size: '0xd4c'
-    .data:
-      Entropy: 4.778805631520779
-      Virtual Size: '0x1129'
-    .pdata:
-      Entropy: 7.748767127117102
-      Virtual Size: '0x474'
-    .gfids:
-      Entropy: 2.0
-      Virtual Size: '0x4'
-    INIT:
-      Entropy: 5.091228879087254
-      Virtual Size: '0x1b2'
-    .be0:
-      Entropy: 7.673857613933819
-      Virtual Size: '0x29dec4'
-    .reloc:
-      Entropy: 3.9696926705530466
-      Virtual Size: '0xb4'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: C=DE, ST=Baden,Wrttemberg, L=Reutlingen, O=BattlEye Innovations e.K.,
-        CN=BattlEye Innovations e.K.
-      ValidFrom: '2018-11-09 00:00:00'
-      ValidTo: '2019-12-31 12:00:00'
-      Signature: 0e1391b52a7dcdcd6e5f1a2e5e98d07fea5314cc4a43b404bcd7e742cf86c6f14beeb1fa766c7c6370fb6bb0f866f43259fa5cd0921b3d094e296ef0b6d529b77b23f5fc3ffc0d7f86295542360a353fe494a90f8d98721c5c9db07d0a8e945be7460ff1a2d78946ac8be50cc85e2d3f148aa13bbba594df6ebf92ff51f22816724045dc0246d43a69393b26c0189e2139a1424a693c111ea1aa5cc6db4ff08cbf1eba10145fe6a35852a6cf1a3ccf7e15568cd62daa91bd7245def0bfb8c885f0507768e0453504403c40a2c74e20c637db0e8bb4c9d5f68153e7d6cb50bbfbd9137c3801dea2264626885501b48652bb0bd75c834f07676e14dfa3bec8ee4f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 060323c3204df4501ea15b73390dd856
-      Version: 3
-      TBS:
-        MD5: 92a5605ad9f5e70845ba94ce69497daf
-        SHA1: f8a4a34935c94181552bb1234efdc495551be6bc
-        SHA256: 161cb49b11bf44ed701c827c37583768771ed9066e0fb8f7ab5b3768296eae70
-        SHA384: 1e3a6de3e866ff92b95b63b0bfb74810952db516d7fec925c281acbe00fe8008a0f8bdd2d3fc30d354fd0fb785dfc598
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
-      Version: 3
-      TBS:
-        MD5: 829995f702421dea833a24fb2c7f4442
-        SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
-        SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
-        SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 060323c3204df4501ea15b73390dd856
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      Version: 1
-  Imphash: e38cca61999fb8a0308c0eb798b07989
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: bad68e0a55b3e8acab4f2886d3be875b
-    SHA1: 36ed967bc3b6973b695aa18c57f5b3be5e20bb6a
-    SHA256: 9fb474b921371c4679582df8484932b832345693de94e3c4a158638b4d75a19c
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2019-03-21 03:57:59'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - FltGetRoutineAddress
-  - MmGetSystemRoutineAddress
-  - __C_specific_handler
-  - __chkstk
-  - MmMapLockedPagesSpecifyCache
-  - KeBugCheckEx
-  Imports:
-  - FLTMGR.SYS
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: f7edd110de10f9a50c2922f1450819aa
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: ffdf660eb1ebf020a1d0a55a90712dfb
-    SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
-    SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
-  SHA1: 8d6d6745a2adc9e5aa025c38875554ae6440d1ad
-  SHA256: eba14a2b4cefd74edaf38d963775352dc3618977e30261aab52be682a76b536f
-  Sections:
-    .text:
-      Entropy: 0.5791416913043252
-      Virtual Size: '0xf82f'
-    .rdata:
-      Entropy: 5.691030825080947
-      Virtual Size: '0xd3c'
-    .data:
-      Entropy: 4.725287432857648
-      Virtual Size: '0xf09'
-    .pdata:
-      Entropy: 7.587113063126964
-      Virtual Size: '0x468'
-    .gfids:
-      Entropy: 2.0
-      Virtual Size: '0x4'
-    INIT:
-      Entropy: 5.098450223019205
-      Virtual Size: '0x1b2'
-    .be0:
-      Entropy: 7.674268262416512
-      Virtual Size: '0x2974f4'
-    .reloc:
-      Entropy: 3.9466852497211415
-      Virtual Size: '0xb0'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: C=DE, ST=Baden,Wrttemberg, L=Reutlingen, O=BattlEye Innovations e.K.,
-        CN=BattlEye Innovations e.K.
-      ValidFrom: '2018-11-09 00:00:00'
-      ValidTo: '2019-12-31 12:00:00'
-      Signature: 0e1391b52a7dcdcd6e5f1a2e5e98d07fea5314cc4a43b404bcd7e742cf86c6f14beeb1fa766c7c6370fb6bb0f866f43259fa5cd0921b3d094e296ef0b6d529b77b23f5fc3ffc0d7f86295542360a353fe494a90f8d98721c5c9db07d0a8e945be7460ff1a2d78946ac8be50cc85e2d3f148aa13bbba594df6ebf92ff51f22816724045dc0246d43a69393b26c0189e2139a1424a693c111ea1aa5cc6db4ff08cbf1eba10145fe6a35852a6cf1a3ccf7e15568cd62daa91bd7245def0bfb8c885f0507768e0453504403c40a2c74e20c637db0e8bb4c9d5f68153e7d6cb50bbfbd9137c3801dea2264626885501b48652bb0bd75c834f07676e14dfa3bec8ee4f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 060323c3204df4501ea15b73390dd856
-      Version: 3
-      TBS:
-        MD5: 92a5605ad9f5e70845ba94ce69497daf
-        SHA1: f8a4a34935c94181552bb1234efdc495551be6bc
-        SHA256: 161cb49b11bf44ed701c827c37583768771ed9066e0fb8f7ab5b3768296eae70
-        SHA384: 1e3a6de3e866ff92b95b63b0bfb74810952db516d7fec925c281acbe00fe8008a0f8bdd2d3fc30d354fd0fb785dfc598
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
-      Version: 3
-      TBS:
-        MD5: 829995f702421dea833a24fb2c7f4442
-        SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
-        SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
-        SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 060323c3204df4501ea15b73390dd856
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      Version: 1
-  Imphash: e38cca61999fb8a0308c0eb798b07989
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 0546bd323c625b7418791623dc8baec1
-    SHA1: 95ee60eef4d011ed8e748bbc0b531b21ce95c66c
-    SHA256: 7823833a22e11345c69d0c9687b3b75e0043492ed9546d6300a3f63017384538
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2020-03-12 01:50:11'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - FltGetRoutineAddress
-  - MmGetSystemRoutineAddress
-  - __C_specific_handler
-  - __chkstk
-  - MmMapLockedPagesSpecifyCache
-  - KeBugCheckEx
-  Imports:
-  - FLTMGR.SYS
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: 100fe0bc0c183d16e1f08d1a2ad624a8
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: ffdf660eb1ebf020a1d0a55a90712dfb
-    SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
-    SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
-  SHA1: 1f84d89dd0ae5008c827ce274848d551aff3fc33
-  SHA256: 854bc946b557ed78c7d40547eb39e293e83942a693c94d0e798d1c4fbde7efa9
-  Sections:
-    .text:
-      Entropy: 0.5570597356141154
-      Virtual Size: '0x1135f'
-    .rdata:
-      Entropy: 5.660818141334896
-      Virtual Size: '0xecc'
-    .data:
-      Entropy: 4.827734187553314
-      Virtual Size: '0x11a1'
-    .pdata:
-      Entropy: 7.758868665054195
-      Virtual Size: '0x4ec'
-    INIT:
-      Entropy: 5.092482272637214
-      Virtual Size: '0x1b2'
-    .be0:
-      Entropy: 7.712352401172719
-      Virtual Size: '0x2c4c24'
-    .reloc:
-      Entropy: 3.7967765900624095
-      Virtual Size: '0xb0'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: C=DE, ST=Baden,Wrttemberg, L=Reutlingen, O=BattlEye Innovations e.K.,
-        CN=BattlEye Innovations e.K.
-      ValidFrom: '2020-01-09 00:00:00'
-      ValidTo: '2021-11-24 12:00:00'
-      Signature: b1a7c0bb2039c7b1deaf066108bb0869c734792d70eab5f5e05241a32e331ba4cacb5be7b82db88fb7d213d24f97a921b937abc0a8f33e19d2a0797dd58475e72c2fad972873290f86cf7886cb536cf2b8a0ba25052a89be2857dcd77210303671e772117be71c042e3f913c4092d7ff716c410962949cd858e258ce06e90eac327be0eb9efd0191fcb498afe62285e819f071f88ee343e0f734a1f8f9eb54f894d86b9e91e0dc77df890851ef020bc464e93b888c7b19a0cc09e7489e7d76cca4adabaddecc37a247348eb86b57731fb1253cd9a952ea8cb6ac10be10dbc074d5f9f79505342252f45a5a11936b36a0bb945978d8534c4a48e7b5f263fba850
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 094dc9c3b9d09b4f1d07fa327100e5d5
-      Version: 3
-      TBS:
-        MD5: c91a4116374ff20074633022a6090b91
-        SHA1: b514fc31b903e3100c109b83f229da98fc1c668d
-        SHA256: fda57f4c9af500847bc36b92730b5df4c16d23b46bd8c379d400972bbb062632
-        SHA384: 50235ed2bcf548f675e120d3d8383dcae55e910e23f79144d4b9ea1aab987a7dc2bb757dccc66ce2b1f46df5cb04672d
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
-      Version: 3
-      TBS:
-        MD5: 829995f702421dea833a24fb2c7f4442
-        SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
-        SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
-        SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 094dc9c3b9d09b4f1d07fa327100e5d5
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      Version: 1
-  Imphash: e38cca61999fb8a0308c0eb798b07989
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: c98adcc1e66228fb22bb7c579bc9c5f1
-    SHA1: 60ff2c96436f6cf2a1e0db1c3dbb203f1f6c93a6
-    SHA256: 761ca3aee052d4a34f500dee578ef55a4e481b1d6096eb3573f3f828ecfe4f89
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2019-02-25 04:08:41'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - FltGetRoutineAddress
-  - MmGetSystemRoutineAddress
-  - __C_specific_handler
-  - __chkstk
-  - MmMapLockedPagesSpecifyCache
-  - KeBugCheckEx
-  Imports:
-  - FLTMGR.SYS
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: 0420fa6704fd0590c5ce7176fdada650
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: ffdf660eb1ebf020a1d0a55a90712dfb
-    SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
-    SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
-  SHA1: fde6ab389a6e0a9b2ef1713df9d43cca5f1f3da8
-  SHA256: d2e843d9729da9b19d6085edf69b90b057c890a74142f5202707057ee9c0b568
-  Sections:
-    .text:
-      Entropy: 0.5919214718781832
-      Virtual Size: '0xf0ef'
-    .rdata:
-      Entropy: 5.696659513426179
-      Virtual Size: '0xd24'
-    .data:
-      Entropy: 4.711022235914581
-      Virtual Size: '0xec9'
-    .pdata:
-      Entropy: 7.591180090445488
-      Virtual Size: '0x450'
-    .gfids:
-      Entropy: 1.5
-      Virtual Size: '0x4'
-    INIT:
-      Entropy: 5.098450223019205
-      Virtual Size: '0x1b2'
-    .be0:
-      Entropy: 7.654084144719121
-      Virtual Size: '0x27ef24'
-    .reloc:
-      Entropy: 4.012805891034881
-      Virtual Size: '0xa4'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: C=DE, ST=Baden,Wrttemberg, L=Reutlingen, O=BattlEye Innovations e.K.,
-        CN=BattlEye Innovations e.K.
-      ValidFrom: '2018-11-09 00:00:00'
-      ValidTo: '2019-12-31 12:00:00'
-      Signature: 0e1391b52a7dcdcd6e5f1a2e5e98d07fea5314cc4a43b404bcd7e742cf86c6f14beeb1fa766c7c6370fb6bb0f866f43259fa5cd0921b3d094e296ef0b6d529b77b23f5fc3ffc0d7f86295542360a353fe494a90f8d98721c5c9db07d0a8e945be7460ff1a2d78946ac8be50cc85e2d3f148aa13bbba594df6ebf92ff51f22816724045dc0246d43a69393b26c0189e2139a1424a693c111ea1aa5cc6db4ff08cbf1eba10145fe6a35852a6cf1a3ccf7e15568cd62daa91bd7245def0bfb8c885f0507768e0453504403c40a2c74e20c637db0e8bb4c9d5f68153e7d6cb50bbfbd9137c3801dea2264626885501b48652bb0bd75c834f07676e14dfa3bec8ee4f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 060323c3204df4501ea15b73390dd856
-      Version: 3
-      TBS:
-        MD5: 92a5605ad9f5e70845ba94ce69497daf
-        SHA1: f8a4a34935c94181552bb1234efdc495551be6bc
-        SHA256: 161cb49b11bf44ed701c827c37583768771ed9066e0fb8f7ab5b3768296eae70
-        SHA384: 1e3a6de3e866ff92b95b63b0bfb74810952db516d7fec925c281acbe00fe8008a0f8bdd2d3fc30d354fd0fb785dfc598
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
-      Version: 3
-      TBS:
-        MD5: 829995f702421dea833a24fb2c7f4442
-        SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
-        SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
-        SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 060323c3204df4501ea15b73390dd856
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      Version: 1
-  Imphash: e38cca61999fb8a0308c0eb798b07989
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: c21a5342e4fdb719935f8a9c45ddd16e
-    SHA1: 72f17ffb8a9676a099207ddd28bc616e018173b4
-    SHA256: 4ad2df1ae0c1ffaa2492de91bbe24ff6bf2b2beb18a62366207dfb4257ed5c60
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2018-09-24 07:22:38'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - FltGetRoutineAddress
-  - MmGetSystemRoutineAddress
-  - __C_specific_handler
-  - __chkstk
-  - MmMapLockedPagesSpecifyCache
-  - KeBugCheckEx
-  Imports:
-  - FLTMGR.SYS
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: c607c37af638fa4eac751976a6afbaa6
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: ffdf660eb1ebf020a1d0a55a90712dfb
-    SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
-    SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
-  SHA1: 6679cb0907ade366cf577d55be07eabc9fb83861
-  SHA256: cf66fcbcb8b2ea7fb4398f398b7480c50f6a451b51367718c36330182c1bb496
-  Sections:
-    .text:
-      Entropy: 0.5451590665573177
-      Virtual Size: '0xcd2f'
-    .rdata:
-      Entropy: 5.704550611749161
-      Virtual Size: '0xb54'
-    .data:
-      Entropy: 4.472915454919098
-      Virtual Size: '0xb71'
-    .pdata:
-      Entropy: 7.5914809062106405
-      Virtual Size: '0x3cc'
-    .gfids:
-      Entropy: 1.5
-      Virtual Size: '0x4'
-    INIT:
-      Entropy: 5.087562109460338
-      Virtual Size: '0x1b2'
-    .be0:
-      Entropy: 7.643066888763708
-      Virtual Size: '0x25bd14'
-    .reloc:
-      Entropy: 3.9458561132974985
-      Virtual Size: '0xb0'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: C=DE, ST=Baden,Wrttemberg, L=Tbingen, O=BattlEye Innovations e.K.,
-        CN=BattlEye Innovations e.K.
-      ValidFrom: '2015-11-10 00:00:00'
-      ValidTo: '2018-11-14 12:00:00'
-      Signature: 7368669bfdfd637b702798e8920e2f53b20963a630c1c12b3701c507a88ac20ed9b70a65ff811f92eeb139af460238cb81b01def55e8081a7f81e0587cd31703c883e2ad53a9f41152710ddbe52b31e715cb533a3030977097a6056813fb0f1cb6a35da6e98679b8c15f3d67db27fd0db7f4147baf6105c37cafd621e557c16d3f3827afff4c99525c0f66415066e91b02b9d283793f995f9d23125fb6b6d21dc9f54924df9747036bd5c83ee1c58edafab83f1e166a6f4374b1a887b7e0d256fa1583e6b13d2be0ad7ad9e7cf2703f66df3413f016544068a6a1f2af9e691e9dde836444f7b42da5394837a72bfa2830f6b9b600c9b55055a5629b2d50e9e07
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0f5a57726999506b6f93fd9a150b88fa
-      Version: 3
-      TBS:
-        MD5: ce9b7df7ccbb74619a38ab27993cac4a
-        SHA1: a7a50e97b1eb82aede99df2bbdd77a0ee638d7c0
-        SHA256: 320f980020cbfb6b87abeaac03b2f1394e2fe5ff0f58d9c8b5afa500fce79099
-        SHA384: c849398347d2f1df8c61b85b544cf2545f1ca4c48cf55fb43d56968ff27882d892abacb6374eecf593e0e9eb00ea37d7
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
-      Version: 3
-      TBS:
-        MD5: 829995f702421dea833a24fb2c7f4442
-        SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
-        SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
-        SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 0f5a57726999506b6f93fd9a150b88fa
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      Version: 1
-  Imphash: e38cca61999fb8a0308c0eb798b07989
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 2cb93b2245caed99ebf25ba4de80f923
-    SHA1: e52946d26810573ce95df496337d68246dbe0c47
-    SHA256: 0cf72a6d8c4add613209a1af41c6b09013fa688c9841210b5ff1d2908d99bf00
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2020-02-03 13:19:02'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - FltGetRoutineAddress
-  - MmGetSystemRoutineAddress
-  - __C_specific_handler
-  - __chkstk
-  - MmMapLockedPagesSpecifyCache
-  - KeBugCheckEx
-  Imports:
-  - FLTMGR.SYS
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: c5d1f8ed329ebb86ddd01e414a6a1718
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: ffdf660eb1ebf020a1d0a55a90712dfb
-    SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
-    SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
-  SHA1: 6887668eb41637bbbab285d41a36093c6b17a8fa
-  SHA256: 3d8cfc9abea6d83dfea6da03260ff81be3b7b304321274f696ff0fdb9920c645
-  Sections:
-    .text:
-      Entropy: 0.5690248434405394
-      Virtual Size: '0x10adf'
-    .rdata:
-      Entropy: 5.58542317887343
-      Virtual Size: '0xe0c'
-    .data:
-      Entropy: 4.821380153406965
-      Virtual Size: '0x1159'
-    .pdata:
-      Entropy: 7.597807306730647
-      Virtual Size: '0x4bc'
-    INIT:
-      Entropy: 5.067321709184347
-      Virtual Size: '0x1b2'
-    .be0:
-      Entropy: 7.693237909944207
-      Virtual Size: '0x2b0e94'
-    .reloc:
-      Entropy: 3.8819660595502
-      Virtual Size: '0xc0'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: C=DE, ST=Baden,Wrttemberg, L=Reutlingen, O=BattlEye Innovations e.K.,
-        CN=BattlEye Innovations e.K.
-      ValidFrom: '2020-01-09 00:00:00'
-      ValidTo: '2021-11-24 12:00:00'
-      Signature: b1a7c0bb2039c7b1deaf066108bb0869c734792d70eab5f5e05241a32e331ba4cacb5be7b82db88fb7d213d24f97a921b937abc0a8f33e19d2a0797dd58475e72c2fad972873290f86cf7886cb536cf2b8a0ba25052a89be2857dcd77210303671e772117be71c042e3f913c4092d7ff716c410962949cd858e258ce06e90eac327be0eb9efd0191fcb498afe62285e819f071f88ee343e0f734a1f8f9eb54f894d86b9e91e0dc77df890851ef020bc464e93b888c7b19a0cc09e7489e7d76cca4adabaddecc37a247348eb86b57731fb1253cd9a952ea8cb6ac10be10dbc074d5f9f79505342252f45a5a11936b36a0bb945978d8534c4a48e7b5f263fba850
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 094dc9c3b9d09b4f1d07fa327100e5d5
-      Version: 3
-      TBS:
-        MD5: c91a4116374ff20074633022a6090b91
-        SHA1: b514fc31b903e3100c109b83f229da98fc1c668d
-        SHA256: fda57f4c9af500847bc36b92730b5df4c16d23b46bd8c379d400972bbb062632
-        SHA384: 50235ed2bcf548f675e120d3d8383dcae55e910e23f79144d4b9ea1aab987a7dc2bb757dccc66ce2b1f46df5cb04672d
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
-      Version: 3
-      TBS:
-        MD5: 829995f702421dea833a24fb2c7f4442
-        SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
-        SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
-        SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 094dc9c3b9d09b4f1d07fa327100e5d5
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      Version: 1
-  Imphash: e38cca61999fb8a0308c0eb798b07989
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 8502ba895dd1127a4cdefc6cf470a748
-    SHA1: 2b195297ae70b4858ba8db425f1c807e996f10bf
-    SHA256: 425406152227f499013a6c3fbcf7700d98351a30e7813a30f0003f48eceb08ec
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2018-11-28 04:44:12'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - FltGetRoutineAddress
-  - MmGetSystemRoutineAddress
-  - __C_specific_handler
-  - __chkstk
-  - MmMapLockedPagesSpecifyCache
-  - KeBugCheckEx
-  Imports:
-  - FLTMGR.SYS
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: d3026938514218766cb6d3b36ccfa322
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: ffdf660eb1ebf020a1d0a55a90712dfb
-    SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
-    SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
-  SHA1: 49174d56cce618c77ae4013fe28861c80bf5ba97
-  SHA256: a19fc837ca342d2db43ee8ad7290df48a1b8b85996c58a19ca3530101862a804
-  Sections:
-    .text:
-      Entropy: 0.6118728738659246
-      Virtual Size: '0xdb6f'
-    .rdata:
-      Entropy: 5.721198054195641
-      Virtual Size: '0xc0c'
-    .data:
-      Entropy: 4.655315417980447
-      Virtual Size: '0xbe9'
-    .pdata:
-      Entropy: 7.694305916330059
-      Virtual Size: '0x414'
-    .gfids:
-      Entropy: 1.5
-      Virtual Size: '0x4'
-    INIT:
-      Entropy: 5.08362315567106
-      Virtual Size: '0x1b2'
-    .be0:
-      Entropy: 7.633633952035988
-      Virtual Size: '0x2640e8'
-    .reloc:
-      Entropy: 3.8769045944094733
-      Virtual Size: '0x9c'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: C=DE, ST=Baden,Wrttemberg, L=Reutlingen, O=BattlEye Innovations e.K.,
-        CN=BattlEye Innovations e.K.
-      ValidFrom: '2018-11-09 00:00:00'
-      ValidTo: '2019-12-31 12:00:00'
-      Signature: 0e1391b52a7dcdcd6e5f1a2e5e98d07fea5314cc4a43b404bcd7e742cf86c6f14beeb1fa766c7c6370fb6bb0f866f43259fa5cd0921b3d094e296ef0b6d529b77b23f5fc3ffc0d7f86295542360a353fe494a90f8d98721c5c9db07d0a8e945be7460ff1a2d78946ac8be50cc85e2d3f148aa13bbba594df6ebf92ff51f22816724045dc0246d43a69393b26c0189e2139a1424a693c111ea1aa5cc6db4ff08cbf1eba10145fe6a35852a6cf1a3ccf7e15568cd62daa91bd7245def0bfb8c885f0507768e0453504403c40a2c74e20c637db0e8bb4c9d5f68153e7d6cb50bbfbd9137c3801dea2264626885501b48652bb0bd75c834f07676e14dfa3bec8ee4f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 060323c3204df4501ea15b73390dd856
-      Version: 3
-      TBS:
-        MD5: 92a5605ad9f5e70845ba94ce69497daf
-        SHA1: f8a4a34935c94181552bb1234efdc495551be6bc
-        SHA256: 161cb49b11bf44ed701c827c37583768771ed9066e0fb8f7ab5b3768296eae70
-        SHA384: 1e3a6de3e866ff92b95b63b0bfb74810952db516d7fec925c281acbe00fe8008a0f8bdd2d3fc30d354fd0fb785dfc598
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
-      Version: 3
-      TBS:
-        MD5: 829995f702421dea833a24fb2c7f4442
-        SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
-        SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
-        SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 060323c3204df4501ea15b73390dd856
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      Version: 1
-  Imphash: e38cca61999fb8a0308c0eb798b07989
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: d3b4ebfa52d807a0772e3c870b870c24
-    SHA1: aabd3742ab7e0d8568acbe964ef32fa7b85672b7
-    SHA256: 0a2d4815a03365d40b2b22981d4d8bee81bfbd983db1af30ce497fcdf77f83c9
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2019-03-08 03:53:52'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - FltGetRoutineAddress
-  - MmGetSystemRoutineAddress
-  - __C_specific_handler
-  - __chkstk
-  - MmMapLockedPagesSpecifyCache
-  - KeBugCheckEx
-  Imports:
-  - FLTMGR.SYS
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: 1b2e3b7f2966f2f6e6a1bb89f97228e5
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: ffdf660eb1ebf020a1d0a55a90712dfb
-    SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
-    SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
-  SHA1: 15f16fe63105b8f9cc0ef2bc8f97cfa5deb40662
-  SHA256: 8bf01cd6d55502838853851703eb297ec71361fa9a0b088a30c2434f4d2bf9c6
-  Sections:
-    .text:
-      Entropy: 0.592846243926765
-      Virtual Size: '0xf06f'
-    .rdata:
-      Entropy: 5.73476408306538
-      Virtual Size: '0xcf4'
-    .data:
-      Entropy: 4.725287432857648
-      Virtual Size: '0xec9'
-    .pdata:
-      Entropy: 7.719880854281014
-      Virtual Size: '0x450'
-    .gfids:
-      Entropy: 1.5
-      Virtual Size: '0x4'
-    INIT:
-      Entropy: 5.089233633157453
-      Virtual Size: '0x1b2'
-    .be0:
-      Entropy: 7.624417442530534
-      Virtual Size: '0x2803b4'
-    .reloc:
-      Entropy: 3.9565563067366853
-      Virtual Size: '0xb0'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: C=DE, ST=Baden,Wrttemberg, L=Reutlingen, O=BattlEye Innovations e.K.,
-        CN=BattlEye Innovations e.K.
-      ValidFrom: '2018-11-09 00:00:00'
-      ValidTo: '2019-12-31 12:00:00'
-      Signature: 0e1391b52a7dcdcd6e5f1a2e5e98d07fea5314cc4a43b404bcd7e742cf86c6f14beeb1fa766c7c6370fb6bb0f866f43259fa5cd0921b3d094e296ef0b6d529b77b23f5fc3ffc0d7f86295542360a353fe494a90f8d98721c5c9db07d0a8e945be7460ff1a2d78946ac8be50cc85e2d3f148aa13bbba594df6ebf92ff51f22816724045dc0246d43a69393b26c0189e2139a1424a693c111ea1aa5cc6db4ff08cbf1eba10145fe6a35852a6cf1a3ccf7e15568cd62daa91bd7245def0bfb8c885f0507768e0453504403c40a2c74e20c637db0e8bb4c9d5f68153e7d6cb50bbfbd9137c3801dea2264626885501b48652bb0bd75c834f07676e14dfa3bec8ee4f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 060323c3204df4501ea15b73390dd856
-      Version: 3
-      TBS:
-        MD5: 92a5605ad9f5e70845ba94ce69497daf
-        SHA1: f8a4a34935c94181552bb1234efdc495551be6bc
-        SHA256: 161cb49b11bf44ed701c827c37583768771ed9066e0fb8f7ab5b3768296eae70
-        SHA384: 1e3a6de3e866ff92b95b63b0bfb74810952db516d7fec925c281acbe00fe8008a0f8bdd2d3fc30d354fd0fb785dfc598
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
-      Version: 3
-      TBS:
-        MD5: 829995f702421dea833a24fb2c7f4442
-        SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
-        SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
-        SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 060323c3204df4501ea15b73390dd856
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      Version: 1
-  Imphash: e38cca61999fb8a0308c0eb798b07989
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 51d7485ae8861a772916e0c6ca290128
-    SHA1: 7ecbe0821f670b243837f7a98c08e3229f301339
-    SHA256: f8aeb50a115b4d35f15f876eb1a6e5ee5f3a142de12eec50b6bdf81196ffbea4
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2020-10-13 00:14:50'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - FltGetRoutineAddress
-  - MmGetSystemRoutineAddress
-  - __C_specific_handler
-  - __chkstk
-  - MmMapLockedPagesSpecifyCache
-  - KeBugCheckEx
-  Imports:
-  - FLTMGR.SYS
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: 00685003005b0b437af929f0499545e4
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: ffdf660eb1ebf020a1d0a55a90712dfb
-    SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
-    SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
-  SHA1: 3adea4a3a91504dc2e3c5e9247c6427cd5c73bab
-  SHA256: edfc38f91b5e198f3bf80ef6dcaebb5e86963936bcd2e5280088ca90d6998b8c
-  Sections:
-    .text:
-      Entropy: 0.5330946767681266
-      Virtual Size: '0x1269f'
-    .rdata:
-      Entropy: 5.702295064957219
-      Virtual Size: '0xfd4'
-    .data:
-      Entropy: 4.829208577205976
-      Virtual Size: '0xfe1'
-    .pdata:
-      Entropy: 7.724456277750517
-      Virtual Size: '0x558'
-    INIT:
-      Entropy: 5.105787428192093
-      Virtual Size: '0x1b2'
-    .be0:
-      Entropy: 7.708405258981048
-      Virtual Size: '0x30890c'
-    .reloc:
-      Entropy: 3.9286239773164113
-      Virtual Size: '0xd8'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: C=DE, ST=Baden,Wrttemberg, L=Reutlingen, O=BattlEye Innovations e.K.,
-        CN=BattlEye Innovations e.K.
-      ValidFrom: '2020-01-09 00:00:00'
-      ValidTo: '2021-11-24 12:00:00'
-      Signature: b1a7c0bb2039c7b1deaf066108bb0869c734792d70eab5f5e05241a32e331ba4cacb5be7b82db88fb7d213d24f97a921b937abc0a8f33e19d2a0797dd58475e72c2fad972873290f86cf7886cb536cf2b8a0ba25052a89be2857dcd77210303671e772117be71c042e3f913c4092d7ff716c410962949cd858e258ce06e90eac327be0eb9efd0191fcb498afe62285e819f071f88ee343e0f734a1f8f9eb54f894d86b9e91e0dc77df890851ef020bc464e93b888c7b19a0cc09e7489e7d76cca4adabaddecc37a247348eb86b57731fb1253cd9a952ea8cb6ac10be10dbc074d5f9f79505342252f45a5a11936b36a0bb945978d8534c4a48e7b5f263fba850
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 094dc9c3b9d09b4f1d07fa327100e5d5
-      Version: 3
-      TBS:
-        MD5: c91a4116374ff20074633022a6090b91
-        SHA1: b514fc31b903e3100c109b83f229da98fc1c668d
-        SHA256: fda57f4c9af500847bc36b92730b5df4c16d23b46bd8c379d400972bbb062632
-        SHA384: 50235ed2bcf548f675e120d3d8383dcae55e910e23f79144d4b9ea1aab987a7dc2bb757dccc66ce2b1f46df5cb04672d
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
-      Version: 3
-      TBS:
-        MD5: 829995f702421dea833a24fb2c7f4442
-        SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
-        SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
-        SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 094dc9c3b9d09b4f1d07fa327100e5d5
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      Version: 1
-  Imphash: e38cca61999fb8a0308c0eb798b07989
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: a8025a82a6bb9f60e76fff45df7a0e13
-    SHA1: 5cb6613e446fa2d17036f6a63de658c90bfb0070
-    SHA256: 6ae4d36cf42a3bd1ddf9dd98794b401cd995bc519a12ffbde63e63b03a2424b3
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2018-10-01 14:04:57'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - FltGetRoutineAddress
-  - MmGetSystemRoutineAddress
-  - __C_specific_handler
-  - __chkstk
-  - MmMapLockedPagesSpecifyCache
-  - KeBugCheckEx
-  Imports:
-  - FLTMGR.SYS
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: daf11013cf4c879a54ed6a86a05bee3c
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: ffdf660eb1ebf020a1d0a55a90712dfb
-    SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
-    SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
-  SHA1: cf664e30f8bd548444458eef6d56d5c2e2713e2a
-  SHA256: c640930c29ea3610a3a5cebee573235ec70267ed223b79b9fa45a80081e686a4
-  Sections:
-    .text:
-      Entropy: 0.544095042284656
-      Virtual Size: '0xcd6f'
-    .rdata:
-      Entropy: 5.6970344405194675
-      Virtual Size: '0xb54'
-    .data:
-      Entropy: 4.472915454919098
-      Virtual Size: '0xb71'
-    .pdata:
-      Entropy: 7.6432331801155025
-      Virtual Size: '0x3cc'
-    .gfids:
-      Entropy: 1.0
-      Virtual Size: '0x4'
-    INIT:
-      Entropy: 5.087562109460339
-      Virtual Size: '0x1b2'
-    .be0:
-      Entropy: 7.642071822899899
-      Virtual Size: '0x25bf94'
-    .reloc:
-      Entropy: 3.8042799067164705
-      Virtual Size: '0xb0'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: C=DE, ST=Baden,Wrttemberg, L=Tbingen, O=BattlEye Innovations e.K.,
-        CN=BattlEye Innovations e.K.
-      ValidFrom: '2015-11-10 00:00:00'
-      ValidTo: '2018-11-14 12:00:00'
-      Signature: 7368669bfdfd637b702798e8920e2f53b20963a630c1c12b3701c507a88ac20ed9b70a65ff811f92eeb139af460238cb81b01def55e8081a7f81e0587cd31703c883e2ad53a9f41152710ddbe52b31e715cb533a3030977097a6056813fb0f1cb6a35da6e98679b8c15f3d67db27fd0db7f4147baf6105c37cafd621e557c16d3f3827afff4c99525c0f66415066e91b02b9d283793f995f9d23125fb6b6d21dc9f54924df9747036bd5c83ee1c58edafab83f1e166a6f4374b1a887b7e0d256fa1583e6b13d2be0ad7ad9e7cf2703f66df3413f016544068a6a1f2af9e691e9dde836444f7b42da5394837a72bfa2830f6b9b600c9b55055a5629b2d50e9e07
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0f5a57726999506b6f93fd9a150b88fa
-      Version: 3
-      TBS:
-        MD5: ce9b7df7ccbb74619a38ab27993cac4a
-        SHA1: a7a50e97b1eb82aede99df2bbdd77a0ee638d7c0
-        SHA256: 320f980020cbfb6b87abeaac03b2f1394e2fe5ff0f58d9c8b5afa500fce79099
-        SHA384: c849398347d2f1df8c61b85b544cf2545f1ca4c48cf55fb43d56968ff27882d892abacb6374eecf593e0e9eb00ea37d7
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
-      Version: 3
-      TBS:
-        MD5: 829995f702421dea833a24fb2c7f4442
-        SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
-        SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
-        SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 0f5a57726999506b6f93fd9a150b88fa
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      Version: 1
-  Imphash: e38cca61999fb8a0308c0eb798b07989
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: d9f7f6af0eab15b131532a887860459c
-    SHA1: aa98203bb8c6fb612712a5e44dd118beea49b1ab
-    SHA256: e330de98db81f9b183ef37d31e111301da669f1fc572e87acf8b8c2fe4e602b5
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2020-08-19 20:52:28'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - FltGetRoutineAddress
-  - MmGetSystemRoutineAddress
-  - __C_specific_handler
-  - __chkstk
-  - MmMapLockedPagesSpecifyCache
-  - KeBugCheckEx
-  Imports:
-  - FLTMGR.SYS
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: 2a2867e1f323320fdeef40c1da578a9a
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: ffdf660eb1ebf020a1d0a55a90712dfb
-    SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
-    SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
-  SHA1: 4818d7517054d5cba38b679bdf7f8495fd152729
-  SHA256: af298d940b186f922464d2ef19ccfc129c77126a4f337ecf357b4fe5162a477c
-  Sections:
-    .text:
-      Entropy: 0.5443160641792827
-      Virtual Size: '0x11b5f'
-    .rdata:
-      Entropy: 5.672576865886993
-      Virtual Size: '0xf1c'
-    .data:
-      Entropy: 4.829208577205976
-      Virtual Size: '0xfe1'
-    .pdata:
-      Entropy: 7.811267898328996
-      Virtual Size: '0x504'
-    INIT:
-      Entropy: 5.086974531794904
-      Virtual Size: '0x1b2'
-    .be0:
-      Entropy: 7.722036164946096
-      Virtual Size: '0x2dabb4'
-    .reloc:
-      Entropy: 3.7339845127201867
-      Virtual Size: '0xe0'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: C=DE, ST=Baden,Wrttemberg, L=Reutlingen, O=BattlEye Innovations e.K.,
-        CN=BattlEye Innovations e.K.
-      ValidFrom: '2020-01-09 00:00:00'
-      ValidTo: '2021-11-24 12:00:00'
-      Signature: b1a7c0bb2039c7b1deaf066108bb0869c734792d70eab5f5e05241a32e331ba4cacb5be7b82db88fb7d213d24f97a921b937abc0a8f33e19d2a0797dd58475e72c2fad972873290f86cf7886cb536cf2b8a0ba25052a89be2857dcd77210303671e772117be71c042e3f913c4092d7ff716c410962949cd858e258ce06e90eac327be0eb9efd0191fcb498afe62285e819f071f88ee343e0f734a1f8f9eb54f894d86b9e91e0dc77df890851ef020bc464e93b888c7b19a0cc09e7489e7d76cca4adabaddecc37a247348eb86b57731fb1253cd9a952ea8cb6ac10be10dbc074d5f9f79505342252f45a5a11936b36a0bb945978d8534c4a48e7b5f263fba850
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 094dc9c3b9d09b4f1d07fa327100e5d5
-      Version: 3
-      TBS:
-        MD5: c91a4116374ff20074633022a6090b91
-        SHA1: b514fc31b903e3100c109b83f229da98fc1c668d
-        SHA256: fda57f4c9af500847bc36b92730b5df4c16d23b46bd8c379d400972bbb062632
-        SHA384: 50235ed2bcf548f675e120d3d8383dcae55e910e23f79144d4b9ea1aab987a7dc2bb757dccc66ce2b1f46df5cb04672d
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
-      Version: 3
-      TBS:
-        MD5: 829995f702421dea833a24fb2c7f4442
-        SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
-        SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
-        SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 094dc9c3b9d09b4f1d07fa327100e5d5
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      Version: 1
-  Imphash: e38cca61999fb8a0308c0eb798b07989
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: cbd39d71071c7b0d4fbb59c3b8a33048
-    SHA1: 0ba998452dde334262e0fe1c8fec365805c8b199
-    SHA256: 5db0fe4b16744f14b4ab1d255a4d3c63710d0073417bae9bb3bfeef4a09d38e0
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2019-12-11 05:39:25'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - FltGetRoutineAddress
-  - MmGetSystemRoutineAddress
-  - __C_specific_handler
-  - __chkstk
-  - MmMapLockedPagesSpecifyCache
-  - KeBugCheckEx
-  Imports:
-  - FLTMGR.SYS
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: 729afa54490443da66c2685bd77cb1f0
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: ffdf660eb1ebf020a1d0a55a90712dfb
-    SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
-    SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
-  SHA1: 55d84fd3e5db4bdbd3fb6c56a84b6b8a320c7c58
-  SHA256: dbebf6d463c2dbf61836b3eba09b643e1d79a02652a32482ca58894703b9addb
-  Sections:
-    .text:
-      Entropy: 0.6264162860393628
-      Virtual Size: '0x1036f'
-    .rdata:
-      Entropy: 5.729669699017252
-      Virtual Size: '0xd4c'
-    .data:
-      Entropy: 4.778805631520779
-      Virtual Size: '0x1129'
-    .pdata:
-      Entropy: 7.757155509294066
-      Virtual Size: '0x474'
-    .gfids:
-      Entropy: 2.0
-      Virtual Size: '0x4'
-    INIT:
-      Entropy: 5.091228879087255
-      Virtual Size: '0x1b2'
-    .be0:
-      Entropy: 7.68882653978239
-      Virtual Size: '0x29eb44'
-    .reloc:
-      Entropy: 3.9429412833640627
-      Virtual Size: '0xa4'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: C=DE, ST=Baden,Wrttemberg, L=Reutlingen, O=BattlEye Innovations e.K.,
-        CN=BattlEye Innovations e.K.
-      ValidFrom: '2018-11-09 00:00:00'
-      ValidTo: '2019-12-31 12:00:00'
-      Signature: 0e1391b52a7dcdcd6e5f1a2e5e98d07fea5314cc4a43b404bcd7e742cf86c6f14beeb1fa766c7c6370fb6bb0f866f43259fa5cd0921b3d094e296ef0b6d529b77b23f5fc3ffc0d7f86295542360a353fe494a90f8d98721c5c9db07d0a8e945be7460ff1a2d78946ac8be50cc85e2d3f148aa13bbba594df6ebf92ff51f22816724045dc0246d43a69393b26c0189e2139a1424a693c111ea1aa5cc6db4ff08cbf1eba10145fe6a35852a6cf1a3ccf7e15568cd62daa91bd7245def0bfb8c885f0507768e0453504403c40a2c74e20c637db0e8bb4c9d5f68153e7d6cb50bbfbd9137c3801dea2264626885501b48652bb0bd75c834f07676e14dfa3bec8ee4f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 060323c3204df4501ea15b73390dd856
-      Version: 3
-      TBS:
-        MD5: 92a5605ad9f5e70845ba94ce69497daf
-        SHA1: f8a4a34935c94181552bb1234efdc495551be6bc
-        SHA256: 161cb49b11bf44ed701c827c37583768771ed9066e0fb8f7ab5b3768296eae70
-        SHA384: 1e3a6de3e866ff92b95b63b0bfb74810952db516d7fec925c281acbe00fe8008a0f8bdd2d3fc30d354fd0fb785dfc598
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
-      Version: 3
-      TBS:
-        MD5: 829995f702421dea833a24fb2c7f4442
-        SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
-        SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
-        SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 060323c3204df4501ea15b73390dd856
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      Version: 1
-  Imphash: e38cca61999fb8a0308c0eb798b07989
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 917e4e62a46f9c176a641372dc3c7f0b
-    SHA1: e647041e015042f8542cc042a07d0b0ac1d2f39f
-    SHA256: 7128d13dc4269de832723d4a3a6cfd7e6553576a9e96464583eb8bb5c2f243aa
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2019-09-06 07:40:53'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - FltGetRoutineAddress
-  - MmGetSystemRoutineAddress
-  - __C_specific_handler
-  - __chkstk
-  - MmMapLockedPagesSpecifyCache
-  - KeBugCheckEx
-  Imports:
-  - FLTMGR.SYS
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: 644d687c9f96c82ea2974ccacd8cd549
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: ffdf660eb1ebf020a1d0a55a90712dfb
-    SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
-    SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
-  SHA1: e71caa502d0fe3a7383ce26285a6022e63acda97
-  SHA256: b9ed73af3aef69dc1fb91731d6d0a649e93f83d0f07ddb9729d71c2d00ed0801
-  Sections:
-    .text:
-      Entropy: 0.6754814399036583
-      Virtual Size: '0xfa6f'
-    .rdata:
-      Entropy: 5.759498895249102
-      Virtual Size: '0xd34'
-    .data:
-      Entropy: 4.725287432857648
-      Virtual Size: '0xf09'
-    .pdata:
-      Entropy: 7.76976922568053
-      Virtual Size: '0x468'
-    .gfids:
-      Entropy: 2.0
-      Virtual Size: '0x4'
-    INIT:
-      Entropy: 5.086730945767636
-      Virtual Size: '0x1b2'
-    .be0:
-      Entropy: 7.692693212804419
-      Virtual Size: '0x2940f0'
-    .reloc:
-      Entropy: 3.8423413407631863
-      Virtual Size: '0xb0'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: C=DE, ST=Baden,Wrttemberg, L=Reutlingen, O=BattlEye Innovations e.K.,
-        CN=BattlEye Innovations e.K.
-      ValidFrom: '2018-11-09 00:00:00'
-      ValidTo: '2019-12-31 12:00:00'
-      Signature: 0e1391b52a7dcdcd6e5f1a2e5e98d07fea5314cc4a43b404bcd7e742cf86c6f14beeb1fa766c7c6370fb6bb0f866f43259fa5cd0921b3d094e296ef0b6d529b77b23f5fc3ffc0d7f86295542360a353fe494a90f8d98721c5c9db07d0a8e945be7460ff1a2d78946ac8be50cc85e2d3f148aa13bbba594df6ebf92ff51f22816724045dc0246d43a69393b26c0189e2139a1424a693c111ea1aa5cc6db4ff08cbf1eba10145fe6a35852a6cf1a3ccf7e15568cd62daa91bd7245def0bfb8c885f0507768e0453504403c40a2c74e20c637db0e8bb4c9d5f68153e7d6cb50bbfbd9137c3801dea2264626885501b48652bb0bd75c834f07676e14dfa3bec8ee4f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 060323c3204df4501ea15b73390dd856
-      Version: 3
-      TBS:
-        MD5: 92a5605ad9f5e70845ba94ce69497daf
-        SHA1: f8a4a34935c94181552bb1234efdc495551be6bc
-        SHA256: 161cb49b11bf44ed701c827c37583768771ed9066e0fb8f7ab5b3768296eae70
-        SHA384: 1e3a6de3e866ff92b95b63b0bfb74810952db516d7fec925c281acbe00fe8008a0f8bdd2d3fc30d354fd0fb785dfc598
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
-      Version: 3
-      TBS:
-        MD5: 829995f702421dea833a24fb2c7f4442
-        SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
-        SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
-        SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 060323c3204df4501ea15b73390dd856
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      Version: 1
-  Imphash: e38cca61999fb8a0308c0eb798b07989
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create BEDaisy.sys binPath=C:\windows\temp\BEDaisy.sys type=kernel
+        && sc.exe start BEDaisy.sys
+    Description: BattlEye Anti-Cheat BEDAISY.SYS PPL privesc.
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://github.com/magicsword-io/LOLDrivers/issues/23
 - https://infosec.exchange/@Rairii/109310279380973806
-Tags:
-- bedaisy.sys
-Verified: 'TRUE'
+Detection: []
+Acknowledgement:
+    Handle: Wack0
+    Person: Wack0
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 85751ed97dcd3096b4b5ee6f66109551
+        SHA1: 7131f7da22882656c5e22ec033bb95e29273f182
+        SHA256: 35a12d81f7062a22644b500d91b1603b4f97756ad165c3ea571e7fef55c24162
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2019-10-10 14:33:36'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: BEDAISY.SYS
+    ImportedFunctions:
+    - FltGetRoutineAddress
+    - MmGetSystemRoutineAddress
+    - __C_specific_handler
+    - __chkstk
+    - MmMapLockedPagesSpecifyCache
+    - KeBugCheckEx
+    Imports:
+    - FLTMGR.SYS
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: 7475bfea6ea1cd54029208ed59b96c6b
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: ffdf660eb1ebf020a1d0a55a90712dfb
+        SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
+        SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
+    SHA1: fff7ee0febb8c93539220ca49d4206616e15c666
+    SHA256: 2b120de80a5462f8395cfb7153c86dfd44f29f0776ea156ec4a34fa64e5c4797
+    Sections:
+        .text:
+            Entropy: 0.6286635450697889
+            Virtual Size: '0x1012f'
+        .rdata:
+            Entropy: 5.767279764695781
+            Virtual Size: '0xd4c'
+        .data:
+            Entropy: 4.778805631520779
+            Virtual Size: '0x1129'
+        .pdata:
+            Entropy: 7.733378869435181
+            Virtual Size: '0x474'
+        .gfids:
+            Entropy: 2.0
+            Virtual Size: '0x4'
+        INIT:
+            Entropy: 5.091228879087255
+            Virtual Size: '0x1b2'
+        .be0:
+            Entropy: 7.703895493097773
+            Virtual Size: '0x29e864'
+        .reloc:
+            Entropy: 3.7937026745239364
+            Virtual Size: '0xc8'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: C=DE, ST=Baden,Wrttemberg, L=Reutlingen, O=BattlEye Innovations
+                e.K., CN=BattlEye Innovations e.K.
+            ValidFrom: '2018-11-09 00:00:00'
+            ValidTo: '2019-12-31 12:00:00'
+            Signature: 0e1391b52a7dcdcd6e5f1a2e5e98d07fea5314cc4a43b404bcd7e742cf86c6f14beeb1fa766c7c6370fb6bb0f866f43259fa5cd0921b3d094e296ef0b6d529b77b23f5fc3ffc0d7f86295542360a353fe494a90f8d98721c5c9db07d0a8e945be7460ff1a2d78946ac8be50cc85e2d3f148aa13bbba594df6ebf92ff51f22816724045dc0246d43a69393b26c0189e2139a1424a693c111ea1aa5cc6db4ff08cbf1eba10145fe6a35852a6cf1a3ccf7e15568cd62daa91bd7245def0bfb8c885f0507768e0453504403c40a2c74e20c637db0e8bb4c9d5f68153e7d6cb50bbfbd9137c3801dea2264626885501b48652bb0bd75c834f07676e14dfa3bec8ee4f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 060323c3204df4501ea15b73390dd856
+            Version: 3
+            TBS:
+                MD5: 92a5605ad9f5e70845ba94ce69497daf
+                SHA1: f8a4a34935c94181552bb1234efdc495551be6bc
+                SHA256: 161cb49b11bf44ed701c827c37583768771ed9066e0fb8f7ab5b3768296eae70
+                SHA384: 1e3a6de3e866ff92b95b63b0bfb74810952db516d7fec925c281acbe00fe8008a0f8bdd2d3fc30d354fd0fb785dfc598
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
+            Version: 3
+            TBS:
+                MD5: 829995f702421dea833a24fb2c7f4442
+                SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
+                SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
+                SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 060323c3204df4501ea15b73390dd856
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            Version: 1
+    Imphash: e38cca61999fb8a0308c0eb798b07989
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 3673f3a2d07f53d16a2f5680c355ed11
+        SHA1: 40f77890fc527c559f222acd91f3d1013ff82df9
+        SHA256: bdf49774a13d717c1f0b84bf82f4d9ec652994a475f0b8a0a3ab685cd5fd74a4
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2020-08-27 02:30:28'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - FltGetRoutineAddress
+    - MmGetSystemRoutineAddress
+    - __C_specific_handler
+    - __chkstk
+    - MmMapLockedPagesSpecifyCache
+    - KeBugCheckEx
+    Imports:
+    - FLTMGR.SYS
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: 8aa9d47ec9a0713c56b6dec3d601d105
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: ffdf660eb1ebf020a1d0a55a90712dfb
+        SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
+        SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
+    SHA1: f42aa04b69a2e2241958b972ef24b65f91c3af12
+    SHA256: a0e583bd88eb198558442f69a8bbfc96f4c5c297befea295138cfd2070f745c5
+    Sections:
+        .text:
+            Entropy: 0.5386553676311813
+            Virtual Size: '0x1219f'
+        .rdata:
+            Entropy: 5.682073740123762
+            Virtual Size: '0xf8c'
+        .data:
+            Entropy: 4.82677671685864
+            Virtual Size: '0xfe1'
+        .pdata:
+            Entropy: 7.654144168060397
+            Virtual Size: '0x54c'
+        INIT:
+            Entropy: 5.105787428192093
+            Virtual Size: '0x1b2'
+        .be0:
+            Entropy: 7.745175485338757
+            Virtual Size: '0x2f3744'
+        .reloc:
+            Entropy: 3.949244054021894
+            Virtual Size: '0xb0'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: C=DE, ST=Baden,Wrttemberg, L=Reutlingen, O=BattlEye Innovations
+                e.K., CN=BattlEye Innovations e.K.
+            ValidFrom: '2020-01-09 00:00:00'
+            ValidTo: '2021-11-24 12:00:00'
+            Signature: b1a7c0bb2039c7b1deaf066108bb0869c734792d70eab5f5e05241a32e331ba4cacb5be7b82db88fb7d213d24f97a921b937abc0a8f33e19d2a0797dd58475e72c2fad972873290f86cf7886cb536cf2b8a0ba25052a89be2857dcd77210303671e772117be71c042e3f913c4092d7ff716c410962949cd858e258ce06e90eac327be0eb9efd0191fcb498afe62285e819f071f88ee343e0f734a1f8f9eb54f894d86b9e91e0dc77df890851ef020bc464e93b888c7b19a0cc09e7489e7d76cca4adabaddecc37a247348eb86b57731fb1253cd9a952ea8cb6ac10be10dbc074d5f9f79505342252f45a5a11936b36a0bb945978d8534c4a48e7b5f263fba850
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 094dc9c3b9d09b4f1d07fa327100e5d5
+            Version: 3
+            TBS:
+                MD5: c91a4116374ff20074633022a6090b91
+                SHA1: b514fc31b903e3100c109b83f229da98fc1c668d
+                SHA256: fda57f4c9af500847bc36b92730b5df4c16d23b46bd8c379d400972bbb062632
+                SHA384: 50235ed2bcf548f675e120d3d8383dcae55e910e23f79144d4b9ea1aab987a7dc2bb757dccc66ce2b1f46df5cb04672d
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
+            Version: 3
+            TBS:
+                MD5: 829995f702421dea833a24fb2c7f4442
+                SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
+                SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
+                SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 094dc9c3b9d09b4f1d07fa327100e5d5
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            Version: 1
+    Imphash: e38cca61999fb8a0308c0eb798b07989
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 4c08353501d5d65fde7a04f134186087
+        SHA1: 6a0fc9c1b6267bd2fb1c71d7eee45caf1f4e7b83
+        SHA256: b1ad1af005bd78e1ea1d1eef5041c2bdb46f60a9baa60f4b7be21f9603f99df0
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2018-07-02 01:34:40'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - FltGetRoutineAddress
+    - MmGetSystemRoutineAddress
+    - __C_specific_handler
+    - __chkstk
+    - MmMapLockedPagesSpecifyCache
+    - KeBugCheckEx
+    Imports:
+    - FLTMGR.SYS
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: eb4de413782193e824773723d790cfc4
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: ffdf660eb1ebf020a1d0a55a90712dfb
+        SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
+        SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
+    SHA1: 3e406325a717d7163ca31e81beae822d03cbe3d8
+    SHA256: ffd03584246730397e231eb8d16c1449aef2c3bc79bf9da3ebf8400a21b20ae7
+    Sections:
+        .text:
+            Entropy: 0.580368312561859
+            Virtual Size: '0xba6f'
+        .rdata:
+            Entropy: 5.77021075553629
+            Virtual Size: '0xa64'
+        .data:
+            Entropy: 4.472915454919098
+            Virtual Size: '0xb41'
+        .pdata:
+            Entropy: 7.523434692334259
+            Virtual Size: '0x348'
+        .gfids:
+            Entropy: 1.5
+            Virtual Size: '0x4'
+        INIT:
+            Entropy: 5.071964101880003
+            Virtual Size: '0x1b2'
+        .be0:
+            Entropy: 7.629449430812014
+            Virtual Size: '0x244fcc'
+        .reloc:
+            Entropy: 3.9427752579513693
+            Virtual Size: '0xb0'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: C=DE, ST=Baden,Wrttemberg, L=Tbingen, O=BattlEye Innovations
+                e.K., CN=BattlEye Innovations e.K.
+            ValidFrom: '2015-11-10 00:00:00'
+            ValidTo: '2018-11-14 12:00:00'
+            Signature: 7368669bfdfd637b702798e8920e2f53b20963a630c1c12b3701c507a88ac20ed9b70a65ff811f92eeb139af460238cb81b01def55e8081a7f81e0587cd31703c883e2ad53a9f41152710ddbe52b31e715cb533a3030977097a6056813fb0f1cb6a35da6e98679b8c15f3d67db27fd0db7f4147baf6105c37cafd621e557c16d3f3827afff4c99525c0f66415066e91b02b9d283793f995f9d23125fb6b6d21dc9f54924df9747036bd5c83ee1c58edafab83f1e166a6f4374b1a887b7e0d256fa1583e6b13d2be0ad7ad9e7cf2703f66df3413f016544068a6a1f2af9e691e9dde836444f7b42da5394837a72bfa2830f6b9b600c9b55055a5629b2d50e9e07
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0f5a57726999506b6f93fd9a150b88fa
+            Version: 3
+            TBS:
+                MD5: ce9b7df7ccbb74619a38ab27993cac4a
+                SHA1: a7a50e97b1eb82aede99df2bbdd77a0ee638d7c0
+                SHA256: 320f980020cbfb6b87abeaac03b2f1394e2fe5ff0f58d9c8b5afa500fce79099
+                SHA384: c849398347d2f1df8c61b85b544cf2545f1ca4c48cf55fb43d56968ff27882d892abacb6374eecf593e0e9eb00ea37d7
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
+            Version: 3
+            TBS:
+                MD5: 829995f702421dea833a24fb2c7f4442
+                SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
+                SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
+                SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 0f5a57726999506b6f93fd9a150b88fa
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            Version: 1
+    Imphash: e38cca61999fb8a0308c0eb798b07989
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: c595d64014770bdb47a49a237c89feea
+        SHA1: 5ad637dcdb85221e5bbd23ae7c13745bc19d2f50
+        SHA256: f4222e186d23160c29fe2bdf163d29561139eae8484d081457e7278872d7e9e2
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2018-11-14 15:20:44'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - FltGetRoutineAddress
+    - MmGetSystemRoutineAddress
+    - __C_specific_handler
+    - __chkstk
+    - MmMapLockedPagesSpecifyCache
+    - KeBugCheckEx
+    Imports:
+    - FLTMGR.SYS
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: 0797bb21d7a0210fedf4f3533ee82494
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: ffdf660eb1ebf020a1d0a55a90712dfb
+        SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
+        SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
+    SHA1: 4044e5da1f16441fe7eb27cff7a76887a1aa7fec
+    SHA256: c8ff7c9f510f7a2ed88d9b336d8c9339698d5e1ee14bfb91aa89703ec06dce42
+    Sections:
+        .text:
+            Entropy: 0.564148978345375
+            Virtual Size: '0xd66f'
+        .rdata:
+            Entropy: 5.728552908256671
+            Virtual Size: '0xbfc'
+        .data:
+            Entropy: 4.595512112237538
+            Virtual Size: '0xbe1'
+        .pdata:
+            Entropy: 7.717237676358761
+            Virtual Size: '0x408'
+        .gfids:
+            Entropy: 1.5
+            Virtual Size: '0x4'
+        INIT:
+            Entropy: 5.091887102417909
+            Virtual Size: '0x1b2'
+        .be0:
+            Entropy: 7.6361079248795285
+            Virtual Size: '0x255aec'
+        .reloc:
+            Entropy: 3.8266074828362373
+            Virtual Size: '0xb0'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: C=DE, ST=Baden,Wrttemberg, L=Reutlingen, O=BattlEye Innovations
+                e.K., CN=BattlEye Innovations e.K.
+            ValidFrom: '2018-11-09 00:00:00'
+            ValidTo: '2019-12-31 12:00:00'
+            Signature: 0e1391b52a7dcdcd6e5f1a2e5e98d07fea5314cc4a43b404bcd7e742cf86c6f14beeb1fa766c7c6370fb6bb0f866f43259fa5cd0921b3d094e296ef0b6d529b77b23f5fc3ffc0d7f86295542360a353fe494a90f8d98721c5c9db07d0a8e945be7460ff1a2d78946ac8be50cc85e2d3f148aa13bbba594df6ebf92ff51f22816724045dc0246d43a69393b26c0189e2139a1424a693c111ea1aa5cc6db4ff08cbf1eba10145fe6a35852a6cf1a3ccf7e15568cd62daa91bd7245def0bfb8c885f0507768e0453504403c40a2c74e20c637db0e8bb4c9d5f68153e7d6cb50bbfbd9137c3801dea2264626885501b48652bb0bd75c834f07676e14dfa3bec8ee4f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 060323c3204df4501ea15b73390dd856
+            Version: 3
+            TBS:
+                MD5: 92a5605ad9f5e70845ba94ce69497daf
+                SHA1: f8a4a34935c94181552bb1234efdc495551be6bc
+                SHA256: 161cb49b11bf44ed701c827c37583768771ed9066e0fb8f7ab5b3768296eae70
+                SHA384: 1e3a6de3e866ff92b95b63b0bfb74810952db516d7fec925c281acbe00fe8008a0f8bdd2d3fc30d354fd0fb785dfc598
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
+            Version: 3
+            TBS:
+                MD5: 829995f702421dea833a24fb2c7f4442
+                SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
+                SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
+                SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 060323c3204df4501ea15b73390dd856
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            Version: 1
+    Imphash: e38cca61999fb8a0308c0eb798b07989
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 42e75fe3c1e87568679be91d37a82620
+        SHA1: 2c7ac53b0d5f48fea6816b561ccf1b925d878476
+        SHA256: 7509d30b279e30893db7851a2912a5ffb29ec7e839220890d76de8e3a57b4872
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2020-01-28 00:09:09'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - FltGetRoutineAddress
+    - MmGetSystemRoutineAddress
+    - __C_specific_handler
+    - __chkstk
+    - MmMapLockedPagesSpecifyCache
+    - KeBugCheckEx
+    Imports:
+    - FLTMGR.SYS
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: 0ccc4e9396e0be9c4639faec53715831
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: ffdf660eb1ebf020a1d0a55a90712dfb
+        SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
+        SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
+    SHA1: d126c6974a21e9c5fdd7ff1ca60bcc37c9353b47
+    SHA256: b7bba82777c9912e6a728c3e873c5a8fd3546982e0d5fa88e64b3e2122f9bc3b
+    Sections:
+        .text:
+            Entropy: 0.5595806962941349
+            Virtual Size: '0x1079f'
+        .rdata:
+            Entropy: 5.610716691177331
+            Virtual Size: '0xdc4'
+        .data:
+            Entropy: 4.835546687553313
+            Virtual Size: '0x1159'
+        .pdata:
+            Entropy: 7.658056646711571
+            Virtual Size: '0x498'
+        INIT:
+            Entropy: 5.079407221852174
+            Virtual Size: '0x1b2'
+        .be0:
+            Entropy: 7.706323946161799
+            Virtual Size: '0x2aa5ac'
+        .reloc:
+            Entropy: 3.7161310806339607
+            Virtual Size: '0xe0'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: C=DE, ST=Baden,Wrttemberg, L=Reutlingen, O=BattlEye Innovations
+                e.K., CN=BattlEye Innovations e.K.
+            ValidFrom: '2020-01-09 00:00:00'
+            ValidTo: '2021-11-24 12:00:00'
+            Signature: b1a7c0bb2039c7b1deaf066108bb0869c734792d70eab5f5e05241a32e331ba4cacb5be7b82db88fb7d213d24f97a921b937abc0a8f33e19d2a0797dd58475e72c2fad972873290f86cf7886cb536cf2b8a0ba25052a89be2857dcd77210303671e772117be71c042e3f913c4092d7ff716c410962949cd858e258ce06e90eac327be0eb9efd0191fcb498afe62285e819f071f88ee343e0f734a1f8f9eb54f894d86b9e91e0dc77df890851ef020bc464e93b888c7b19a0cc09e7489e7d76cca4adabaddecc37a247348eb86b57731fb1253cd9a952ea8cb6ac10be10dbc074d5f9f79505342252f45a5a11936b36a0bb945978d8534c4a48e7b5f263fba850
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 094dc9c3b9d09b4f1d07fa327100e5d5
+            Version: 3
+            TBS:
+                MD5: c91a4116374ff20074633022a6090b91
+                SHA1: b514fc31b903e3100c109b83f229da98fc1c668d
+                SHA256: fda57f4c9af500847bc36b92730b5df4c16d23b46bd8c379d400972bbb062632
+                SHA384: 50235ed2bcf548f675e120d3d8383dcae55e910e23f79144d4b9ea1aab987a7dc2bb757dccc66ce2b1f46df5cb04672d
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
+            Version: 3
+            TBS:
+                MD5: 829995f702421dea833a24fb2c7f4442
+                SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
+                SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
+                SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 094dc9c3b9d09b4f1d07fa327100e5d5
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            Version: 1
+    Imphash: e38cca61999fb8a0308c0eb798b07989
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: c289a81988145dfebed1199b1e9eb921
+        SHA1: 9f49c6de4ff1375d8e0369d8ffb6935e37cfc365
+        SHA256: d27af8f0bed1e4f4aeb2b20da89d0ffa1b7b5f7f14148cdf09e6444a0aa5bb1b
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2020-05-26 20:51:07'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - FltGetRoutineAddress
+    - MmGetSystemRoutineAddress
+    - __C_specific_handler
+    - __chkstk
+    - MmMapLockedPagesSpecifyCache
+    - KeBugCheckEx
+    Imports:
+    - FLTMGR.SYS
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: f670d1570c75ab1d8e870c1c6e3baba1
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: ffdf660eb1ebf020a1d0a55a90712dfb
+        SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
+        SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
+    SHA1: e40182c106f6f09fd79494686329b95477d6beb5
+    SHA256: 0a9b608461d55815e99700607a52fbdb7d598f968126d38e10cc4293ac4b1ad8
+    Sections:
+        .text:
+            Entropy: 0.5508203072659981
+            Virtual Size: '0x1179f'
+        .rdata:
+            Entropy: 5.657533959439764
+            Virtual Size: '0xf04'
+        .data:
+            Entropy: 4.83016604790065
+            Virtual Size: '0xf99'
+        .pdata:
+            Entropy: 7.755868039538539
+            Virtual Size: '0x504'
+        INIT:
+            Entropy: 5.082366236864029
+            Virtual Size: '0x1b2'
+        .be0:
+            Entropy: 7.695198214650769
+            Virtual Size: '0x2d1364'
+        .reloc:
+            Entropy: 3.987915414434092
+            Virtual Size: '0xc0'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: C=DE, ST=Baden,Wrttemberg, L=Reutlingen, O=BattlEye Innovations
+                e.K., CN=BattlEye Innovations e.K.
+            ValidFrom: '2020-01-09 00:00:00'
+            ValidTo: '2021-11-24 12:00:00'
+            Signature: b1a7c0bb2039c7b1deaf066108bb0869c734792d70eab5f5e05241a32e331ba4cacb5be7b82db88fb7d213d24f97a921b937abc0a8f33e19d2a0797dd58475e72c2fad972873290f86cf7886cb536cf2b8a0ba25052a89be2857dcd77210303671e772117be71c042e3f913c4092d7ff716c410962949cd858e258ce06e90eac327be0eb9efd0191fcb498afe62285e819f071f88ee343e0f734a1f8f9eb54f894d86b9e91e0dc77df890851ef020bc464e93b888c7b19a0cc09e7489e7d76cca4adabaddecc37a247348eb86b57731fb1253cd9a952ea8cb6ac10be10dbc074d5f9f79505342252f45a5a11936b36a0bb945978d8534c4a48e7b5f263fba850
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 094dc9c3b9d09b4f1d07fa327100e5d5
+            Version: 3
+            TBS:
+                MD5: c91a4116374ff20074633022a6090b91
+                SHA1: b514fc31b903e3100c109b83f229da98fc1c668d
+                SHA256: fda57f4c9af500847bc36b92730b5df4c16d23b46bd8c379d400972bbb062632
+                SHA384: 50235ed2bcf548f675e120d3d8383dcae55e910e23f79144d4b9ea1aab987a7dc2bb757dccc66ce2b1f46df5cb04672d
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
+            Version: 3
+            TBS:
+                MD5: 829995f702421dea833a24fb2c7f4442
+                SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
+                SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
+                SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 094dc9c3b9d09b4f1d07fa327100e5d5
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            Version: 1
+    Imphash: e38cca61999fb8a0308c0eb798b07989
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 98a34f93ea5e94a71b6b798a85d93f13
+        SHA1: 01a89dbc757ada8b800c05e190ab5e527220d855
+        SHA256: d7cc798804f07ba04cb1ed9233c5852d147b56df612117c54667cf3ebba975de
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2020-10-14 16:39:50'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - FltGetRoutineAddress
+    - MmGetSystemRoutineAddress
+    - __C_specific_handler
+    - __chkstk
+    - MmMapLockedPagesSpecifyCache
+    - KeBugCheckEx
+    Imports:
+    - FLTMGR.SYS
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: 8bf290b5eda99fc2697373a87f4e1927
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: ffdf660eb1ebf020a1d0a55a90712dfb
+        SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
+        SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
+    SHA1: 9360774a37906e3b3c9fab39721cb9400dd31c46
+    SHA256: bceaf970b60b4457eca3c181f649a1c67f4602778171e53d9bdc9b97a09603ca
+    Sections:
+        .text:
+            Entropy: 0.5320114905516146
+            Virtual Size: '0x1269f'
+        .rdata:
+            Entropy: 5.674886513811
+            Virtual Size: '0xfd4'
+        .data:
+            Entropy: 4.829208577205976
+            Virtual Size: '0xfe1'
+        .pdata:
+            Entropy: 7.682253037047206
+            Virtual Size: '0x558'
+        INIT:
+            Entropy: 5.105787428192094
+            Virtual Size: '0x1b2'
+        .be0:
+            Entropy: 7.74592025122889
+            Virtual Size: '0x308c6c'
+        .reloc:
+            Entropy: 3.990595172261574
+            Virtual Size: '0xa4'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: C=DE, ST=Baden,Wrttemberg, L=Reutlingen, O=BattlEye Innovations
+                e.K., CN=BattlEye Innovations e.K.
+            ValidFrom: '2020-01-09 00:00:00'
+            ValidTo: '2021-11-24 12:00:00'
+            Signature: b1a7c0bb2039c7b1deaf066108bb0869c734792d70eab5f5e05241a32e331ba4cacb5be7b82db88fb7d213d24f97a921b937abc0a8f33e19d2a0797dd58475e72c2fad972873290f86cf7886cb536cf2b8a0ba25052a89be2857dcd77210303671e772117be71c042e3f913c4092d7ff716c410962949cd858e258ce06e90eac327be0eb9efd0191fcb498afe62285e819f071f88ee343e0f734a1f8f9eb54f894d86b9e91e0dc77df890851ef020bc464e93b888c7b19a0cc09e7489e7d76cca4adabaddecc37a247348eb86b57731fb1253cd9a952ea8cb6ac10be10dbc074d5f9f79505342252f45a5a11936b36a0bb945978d8534c4a48e7b5f263fba850
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 094dc9c3b9d09b4f1d07fa327100e5d5
+            Version: 3
+            TBS:
+                MD5: c91a4116374ff20074633022a6090b91
+                SHA1: b514fc31b903e3100c109b83f229da98fc1c668d
+                SHA256: fda57f4c9af500847bc36b92730b5df4c16d23b46bd8c379d400972bbb062632
+                SHA384: 50235ed2bcf548f675e120d3d8383dcae55e910e23f79144d4b9ea1aab987a7dc2bb757dccc66ce2b1f46df5cb04672d
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
+            Version: 3
+            TBS:
+                MD5: 829995f702421dea833a24fb2c7f4442
+                SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
+                SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
+                SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 094dc9c3b9d09b4f1d07fa327100e5d5
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            Version: 1
+    Imphash: e38cca61999fb8a0308c0eb798b07989
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: b9821174225ea0d99a279e446c279bd5
+        SHA1: faecbf954a50e1198b45635994baee4c72f08dba
+        SHA256: dcb8df13141708f0dd470b5411c065f8ad21688daf424bd05c94eb6e63dd08aa
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2020-11-26 04:41:34'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - FltGetRoutineAddress
+    - MmGetSystemRoutineAddress
+    - __C_specific_handler
+    - __chkstk
+    - MmMapLockedPagesSpecifyCache
+    - KeBugCheckEx
+    Imports:
+    - FLTMGR.SYS
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: 86bec99cd121b0386a5acc1c368a9d49
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: ffdf660eb1ebf020a1d0a55a90712dfb
+        SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
+        SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
+    SHA1: 45e8f87afa41143e0c5850f9e054d18ec9c8a6c0
+    SHA256: 9bd8b0289955a6eb791f45c3203f08a64cbd457fd1b9d598a6fbbca5d0372e36
+    Sections:
+        .text:
+            Entropy: 0.5201100237453087
+            Virtual Size: '0x12e9f'
+        .rdata:
+            Entropy: 5.730382025290031
+            Virtual Size: '0x104c'
+        .data:
+            Entropy: 4.839452937553313
+            Virtual Size: '0xfd1'
+        .pdata:
+            Entropy: 7.716310689641161
+            Virtual Size: '0x57c'
+        INIT:
+            Entropy: 5.095581300213128
+            Virtual Size: '0x1b2'
+        .be0:
+            Entropy: 7.727265778851325
+            Virtual Size: '0x320024'
+        .reloc:
+            Entropy: 3.8202566857198987
+            Virtual Size: '0xd4'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: C=DE, ST=Baden,Wrttemberg, L=Reutlingen, O=BattlEye Innovations
+                e.K., CN=BattlEye Innovations e.K.
+            ValidFrom: '2020-01-09 00:00:00'
+            ValidTo: '2021-11-24 12:00:00'
+            Signature: b1a7c0bb2039c7b1deaf066108bb0869c734792d70eab5f5e05241a32e331ba4cacb5be7b82db88fb7d213d24f97a921b937abc0a8f33e19d2a0797dd58475e72c2fad972873290f86cf7886cb536cf2b8a0ba25052a89be2857dcd77210303671e772117be71c042e3f913c4092d7ff716c410962949cd858e258ce06e90eac327be0eb9efd0191fcb498afe62285e819f071f88ee343e0f734a1f8f9eb54f894d86b9e91e0dc77df890851ef020bc464e93b888c7b19a0cc09e7489e7d76cca4adabaddecc37a247348eb86b57731fb1253cd9a952ea8cb6ac10be10dbc074d5f9f79505342252f45a5a11936b36a0bb945978d8534c4a48e7b5f263fba850
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 094dc9c3b9d09b4f1d07fa327100e5d5
+            Version: 3
+            TBS:
+                MD5: c91a4116374ff20074633022a6090b91
+                SHA1: b514fc31b903e3100c109b83f229da98fc1c668d
+                SHA256: fda57f4c9af500847bc36b92730b5df4c16d23b46bd8c379d400972bbb062632
+                SHA384: 50235ed2bcf548f675e120d3d8383dcae55e910e23f79144d4b9ea1aab987a7dc2bb757dccc66ce2b1f46df5cb04672d
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
+            Version: 3
+            TBS:
+                MD5: 829995f702421dea833a24fb2c7f4442
+                SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
+                SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
+                SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 094dc9c3b9d09b4f1d07fa327100e5d5
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            Version: 1
+    Imphash: e38cca61999fb8a0308c0eb798b07989
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: ea4ee6a954883c3a6134076cf27dc0fc
+        SHA1: 48360c28ffa27e0316856c5d392a251add2a83b8
+        SHA256: 74f9975737dd078c75048bb01549e7678eb61c065d1f50294b80caeb65cbd65e
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2020-01-21 14:08:12'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - FltGetRoutineAddress
+    - MmGetSystemRoutineAddress
+    - __C_specific_handler
+    - __chkstk
+    - MmMapLockedPagesSpecifyCache
+    - KeBugCheckEx
+    Imports:
+    - FLTMGR.SYS
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: def0da6c95d14f7020e533028224250e
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: ffdf660eb1ebf020a1d0a55a90712dfb
+        SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
+        SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
+    SHA1: 88839168e50a4739dd4193f2d8f93a30cd1f14d8
+    SHA256: e89afd283d5789b8064d5487e04b97e2cd3fc0c711a8cec230543ebdf9ffc534
+    Sections:
+        .text:
+            Entropy: 0.6238417079478847
+            Virtual Size: '0x103ef'
+        .rdata:
+            Entropy: 5.752328511670753
+            Virtual Size: '0xd4c'
+        .data:
+            Entropy: 4.778805631520779
+            Virtual Size: '0x1129'
+        .pdata:
+            Entropy: 7.723257303302194
+            Virtual Size: '0x474'
+        .gfids:
+            Entropy: 2.0
+            Virtual Size: '0x4'
+        INIT:
+            Entropy: 5.091228879087255
+            Virtual Size: '0x1b2'
+        .be0:
+            Entropy: 7.698816363016043
+            Virtual Size: '0x29f364'
+        .reloc:
+            Entropy: 3.8622254134182246
+            Virtual Size: '0xb0'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: C=DE, ST=Baden,Wrttemberg, L=Reutlingen, O=BattlEye Innovations
+                e.K., CN=BattlEye Innovations e.K.
+            ValidFrom: '2020-01-09 00:00:00'
+            ValidTo: '2021-11-24 12:00:00'
+            Signature: b1a7c0bb2039c7b1deaf066108bb0869c734792d70eab5f5e05241a32e331ba4cacb5be7b82db88fb7d213d24f97a921b937abc0a8f33e19d2a0797dd58475e72c2fad972873290f86cf7886cb536cf2b8a0ba25052a89be2857dcd77210303671e772117be71c042e3f913c4092d7ff716c410962949cd858e258ce06e90eac327be0eb9efd0191fcb498afe62285e819f071f88ee343e0f734a1f8f9eb54f894d86b9e91e0dc77df890851ef020bc464e93b888c7b19a0cc09e7489e7d76cca4adabaddecc37a247348eb86b57731fb1253cd9a952ea8cb6ac10be10dbc074d5f9f79505342252f45a5a11936b36a0bb945978d8534c4a48e7b5f263fba850
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 094dc9c3b9d09b4f1d07fa327100e5d5
+            Version: 3
+            TBS:
+                MD5: c91a4116374ff20074633022a6090b91
+                SHA1: b514fc31b903e3100c109b83f229da98fc1c668d
+                SHA256: fda57f4c9af500847bc36b92730b5df4c16d23b46bd8c379d400972bbb062632
+                SHA384: 50235ed2bcf548f675e120d3d8383dcae55e910e23f79144d4b9ea1aab987a7dc2bb757dccc66ce2b1f46df5cb04672d
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
+            Version: 3
+            TBS:
+                MD5: 829995f702421dea833a24fb2c7f4442
+                SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
+                SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
+                SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 094dc9c3b9d09b4f1d07fa327100e5d5
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            Version: 1
+    Imphash: e38cca61999fb8a0308c0eb798b07989
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 4e3fad5e7756d873a4854c0aaea4ce16
+        SHA1: 06dafe91fd89a1d1f88501ba04649e70770d04a4
+        SHA256: 8be482157bdb504cc35f1126e31f240e0faf6890790c65c58ec3328f58c780d8
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2020-05-13 00:07:37'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - FltGetRoutineAddress
+    - MmGetSystemRoutineAddress
+    - __C_specific_handler
+    - __chkstk
+    - MmMapLockedPagesSpecifyCache
+    - KeBugCheckEx
+    Imports:
+    - FLTMGR.SYS
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: e4b50e44d1f12a47e18259b41074f126
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: ffdf660eb1ebf020a1d0a55a90712dfb
+        SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
+        SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
+    SHA1: 619413b5a6d6aeb4d58c409d54fe4a981dd7e4d9
+    SHA256: 3b19a7207a55d752db1b366b1dea2fd2c7620a825a3f0dcffca10af76611118c
+    Sections:
+        .text:
+            Entropy: 0.5506957255025183
+            Virtual Size: '0x1175f'
+        .rdata:
+            Entropy: 5.6576990953466355
+            Virtual Size: '0xefc'
+        .data:
+            Entropy: 4.83016604790065
+            Virtual Size: '0xf99'
+        .pdata:
+            Entropy: 7.668497280821529
+            Virtual Size: '0x504'
+        INIT:
+            Entropy: 5.086974531794904
+            Virtual Size: '0x1b2'
+        .be0:
+            Entropy: 7.705140843013303
+            Virtual Size: '0x2d1d64'
+        .reloc:
+            Entropy: 3.9853118430321675
+            Virtual Size: '0xb4'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: C=DE, ST=Baden,Wrttemberg, L=Reutlingen, O=BattlEye Innovations
+                e.K., CN=BattlEye Innovations e.K.
+            ValidFrom: '2020-01-09 00:00:00'
+            ValidTo: '2021-11-24 12:00:00'
+            Signature: b1a7c0bb2039c7b1deaf066108bb0869c734792d70eab5f5e05241a32e331ba4cacb5be7b82db88fb7d213d24f97a921b937abc0a8f33e19d2a0797dd58475e72c2fad972873290f86cf7886cb536cf2b8a0ba25052a89be2857dcd77210303671e772117be71c042e3f913c4092d7ff716c410962949cd858e258ce06e90eac327be0eb9efd0191fcb498afe62285e819f071f88ee343e0f734a1f8f9eb54f894d86b9e91e0dc77df890851ef020bc464e93b888c7b19a0cc09e7489e7d76cca4adabaddecc37a247348eb86b57731fb1253cd9a952ea8cb6ac10be10dbc074d5f9f79505342252f45a5a11936b36a0bb945978d8534c4a48e7b5f263fba850
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 094dc9c3b9d09b4f1d07fa327100e5d5
+            Version: 3
+            TBS:
+                MD5: c91a4116374ff20074633022a6090b91
+                SHA1: b514fc31b903e3100c109b83f229da98fc1c668d
+                SHA256: fda57f4c9af500847bc36b92730b5df4c16d23b46bd8c379d400972bbb062632
+                SHA384: 50235ed2bcf548f675e120d3d8383dcae55e910e23f79144d4b9ea1aab987a7dc2bb757dccc66ce2b1f46df5cb04672d
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
+            Version: 3
+            TBS:
+                MD5: 829995f702421dea833a24fb2c7f4442
+                SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
+                SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
+                SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 094dc9c3b9d09b4f1d07fa327100e5d5
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            Version: 1
+    Imphash: e38cca61999fb8a0308c0eb798b07989
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 24b6bd1e14bebf28ec2b10d9f745fcdc
+        SHA1: 604d6b46e39d0a635fdc853c8260c4dd003baabc
+        SHA256: 9f742d827a2e203a4c9d8fccb1daf2e85d451761fc9c0acb962dd6c447ef10ca
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2020-09-22 17:16:05'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - FltGetRoutineAddress
+    - MmGetSystemRoutineAddress
+    - __C_specific_handler
+    - __chkstk
+    - MmMapLockedPagesSpecifyCache
+    - KeBugCheckEx
+    Imports:
+    - FLTMGR.SYS
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: 57cd52ed992b634e74d2ddf9853a73b3
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: ffdf660eb1ebf020a1d0a55a90712dfb
+        SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
+        SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
+    SHA1: 5c2262f9e160047b9f4dee53bbfd958ec27ec22e
+    SHA256: c0ae3349ebaac9a99c47ec55d5f7de00dc03bd7c5cd15799bc00646d642aa8de
+    Sections:
+        .text:
+            Entropy: 0.5361445391315913
+            Virtual Size: '0x1229f'
+        .rdata:
+            Entropy: 5.629664718178723
+            Virtual Size: '0xf8c'
+        .data:
+            Entropy: 4.82677671685864
+            Virtual Size: '0xfe1'
+        .pdata:
+            Entropy: 7.66667962377338
+            Virtual Size: '0x54c'
+        INIT:
+            Entropy: 5.105787428192094
+            Virtual Size: '0x1b2'
+        .be0:
+            Entropy: 7.724785247205171
+            Virtual Size: '0x2f7ba4'
+        .reloc:
+            Entropy: 3.8750614369752294
+            Virtual Size: '0xa4'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: C=DE, ST=Baden,Wrttemberg, L=Reutlingen, O=BattlEye Innovations
+                e.K., CN=BattlEye Innovations e.K.
+            ValidFrom: '2020-01-09 00:00:00'
+            ValidTo: '2021-11-24 12:00:00'
+            Signature: b1a7c0bb2039c7b1deaf066108bb0869c734792d70eab5f5e05241a32e331ba4cacb5be7b82db88fb7d213d24f97a921b937abc0a8f33e19d2a0797dd58475e72c2fad972873290f86cf7886cb536cf2b8a0ba25052a89be2857dcd77210303671e772117be71c042e3f913c4092d7ff716c410962949cd858e258ce06e90eac327be0eb9efd0191fcb498afe62285e819f071f88ee343e0f734a1f8f9eb54f894d86b9e91e0dc77df890851ef020bc464e93b888c7b19a0cc09e7489e7d76cca4adabaddecc37a247348eb86b57731fb1253cd9a952ea8cb6ac10be10dbc074d5f9f79505342252f45a5a11936b36a0bb945978d8534c4a48e7b5f263fba850
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 094dc9c3b9d09b4f1d07fa327100e5d5
+            Version: 3
+            TBS:
+                MD5: c91a4116374ff20074633022a6090b91
+                SHA1: b514fc31b903e3100c109b83f229da98fc1c668d
+                SHA256: fda57f4c9af500847bc36b92730b5df4c16d23b46bd8c379d400972bbb062632
+                SHA384: 50235ed2bcf548f675e120d3d8383dcae55e910e23f79144d4b9ea1aab987a7dc2bb757dccc66ce2b1f46df5cb04672d
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
+            Version: 3
+            TBS:
+                MD5: 829995f702421dea833a24fb2c7f4442
+                SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
+                SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
+                SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 094dc9c3b9d09b4f1d07fa327100e5d5
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            Version: 1
+    Imphash: e38cca61999fb8a0308c0eb798b07989
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 96d64636bf6a8d855ee56021e9bf2ca3
+        SHA1: 344bcc6e97ec8026c1684bb97c58fa37973176a0
+        SHA256: facc577070cf72cb8d9247e36054fcb30c60a35ae056cffac7411648c513e642
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2020-10-29 23:47:48'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - FltGetRoutineAddress
+    - MmGetSystemRoutineAddress
+    - __C_specific_handler
+    - __chkstk
+    - MmMapLockedPagesSpecifyCache
+    - KeBugCheckEx
+    Imports:
+    - FLTMGR.SYS
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: 9945823e9846724c70d2f8d66a403300
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: ffdf660eb1ebf020a1d0a55a90712dfb
+        SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
+        SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
+    SHA1: 4c16dcc7e6d7dd29a5f6600e50fc01a272c940e1
+    SHA256: fa21e3d2bfb9fafddec0488852377fbb2dbdd6c066ca05bb5c4b6aa840fb7879
+    Sections:
+        .text:
+            Entropy: 0.5257113953107382
+            Virtual Size: '0x12b5f'
+        .rdata:
+            Entropy: 5.68660965309926
+            Virtual Size: '0x1014'
+        .data:
+            Entropy: 4.829208577205977
+            Virtual Size: '0xfe1'
+        .pdata:
+            Entropy: 7.734303960043426
+            Virtual Size: '0x570'
+        INIT:
+            Entropy: 5.09821379575476
+            Virtual Size: '0x1b2'
+        .be0:
+            Entropy: 7.714005047268491
+            Virtual Size: '0x315a3c'
+        .reloc:
+            Entropy: 3.9034484120039985
+            Virtual Size: '0xa4'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: C=DE, ST=Baden,Wrttemberg, L=Reutlingen, O=BattlEye Innovations
+                e.K., CN=BattlEye Innovations e.K.
+            ValidFrom: '2020-01-09 00:00:00'
+            ValidTo: '2021-11-24 12:00:00'
+            Signature: b1a7c0bb2039c7b1deaf066108bb0869c734792d70eab5f5e05241a32e331ba4cacb5be7b82db88fb7d213d24f97a921b937abc0a8f33e19d2a0797dd58475e72c2fad972873290f86cf7886cb536cf2b8a0ba25052a89be2857dcd77210303671e772117be71c042e3f913c4092d7ff716c410962949cd858e258ce06e90eac327be0eb9efd0191fcb498afe62285e819f071f88ee343e0f734a1f8f9eb54f894d86b9e91e0dc77df890851ef020bc464e93b888c7b19a0cc09e7489e7d76cca4adabaddecc37a247348eb86b57731fb1253cd9a952ea8cb6ac10be10dbc074d5f9f79505342252f45a5a11936b36a0bb945978d8534c4a48e7b5f263fba850
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 094dc9c3b9d09b4f1d07fa327100e5d5
+            Version: 3
+            TBS:
+                MD5: c91a4116374ff20074633022a6090b91
+                SHA1: b514fc31b903e3100c109b83f229da98fc1c668d
+                SHA256: fda57f4c9af500847bc36b92730b5df4c16d23b46bd8c379d400972bbb062632
+                SHA384: 50235ed2bcf548f675e120d3d8383dcae55e910e23f79144d4b9ea1aab987a7dc2bb757dccc66ce2b1f46df5cb04672d
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
+            Version: 3
+            TBS:
+                MD5: 829995f702421dea833a24fb2c7f4442
+                SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
+                SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
+                SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 094dc9c3b9d09b4f1d07fa327100e5d5
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            Version: 1
+    Imphash: e38cca61999fb8a0308c0eb798b07989
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 8073baae1a8124bd231f1ee431e78ee4
+        SHA1: b72d85f73296f5ef58082050db39ca5f80b932c0
+        SHA256: c29e726448ad3e6452b5d186afb4668e6fcc942be512fe25ed72cfa1b73a6007
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2020-06-18 18:56:38'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - FltGetRoutineAddress
+    - MmGetSystemRoutineAddress
+    - __C_specific_handler
+    - __chkstk
+    - MmMapLockedPagesSpecifyCache
+    - KeBugCheckEx
+    Imports:
+    - FLTMGR.SYS
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: 5eabc87416f59e894adfde065d0405fa
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: ffdf660eb1ebf020a1d0a55a90712dfb
+        SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
+        SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
+    SHA1: 928b9b180ff5deb9f9dd3a38c4758bcf09298c47
+    SHA256: 5d7bfe05792189eaf7193bee85f0c792c33315cfcb40b2e62cc7baef6cafbc5c
+    Sections:
+        .text:
+            Entropy: 0.5472828949769933
+            Virtual Size: '0x1191f'
+        .rdata:
+            Entropy: 5.683109691048882
+            Virtual Size: '0xf1c'
+        .data:
+            Entropy: 4.83407229790065
+            Virtual Size: '0xfc9'
+        .pdata:
+            Entropy: 7.67540928009732
+            Virtual Size: '0x504'
+        INIT:
+            Entropy: 5.082366236864028
+            Virtual Size: '0x1b2'
+        .be0:
+            Entropy: 7.703501828800891
+            Virtual Size: '0x2d3c14'
+        .reloc:
+            Entropy: 3.9854590055548593
+            Virtual Size: '0xb0'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: C=DE, ST=Baden,Wrttemberg, L=Reutlingen, O=BattlEye Innovations
+                e.K., CN=BattlEye Innovations e.K.
+            ValidFrom: '2020-01-09 00:00:00'
+            ValidTo: '2021-11-24 12:00:00'
+            Signature: b1a7c0bb2039c7b1deaf066108bb0869c734792d70eab5f5e05241a32e331ba4cacb5be7b82db88fb7d213d24f97a921b937abc0a8f33e19d2a0797dd58475e72c2fad972873290f86cf7886cb536cf2b8a0ba25052a89be2857dcd77210303671e772117be71c042e3f913c4092d7ff716c410962949cd858e258ce06e90eac327be0eb9efd0191fcb498afe62285e819f071f88ee343e0f734a1f8f9eb54f894d86b9e91e0dc77df890851ef020bc464e93b888c7b19a0cc09e7489e7d76cca4adabaddecc37a247348eb86b57731fb1253cd9a952ea8cb6ac10be10dbc074d5f9f79505342252f45a5a11936b36a0bb945978d8534c4a48e7b5f263fba850
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 094dc9c3b9d09b4f1d07fa327100e5d5
+            Version: 3
+            TBS:
+                MD5: c91a4116374ff20074633022a6090b91
+                SHA1: b514fc31b903e3100c109b83f229da98fc1c668d
+                SHA256: fda57f4c9af500847bc36b92730b5df4c16d23b46bd8c379d400972bbb062632
+                SHA384: 50235ed2bcf548f675e120d3d8383dcae55e910e23f79144d4b9ea1aab987a7dc2bb757dccc66ce2b1f46df5cb04672d
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
+            Version: 3
+            TBS:
+                MD5: 829995f702421dea833a24fb2c7f4442
+                SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
+                SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
+                SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 094dc9c3b9d09b4f1d07fa327100e5d5
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            Version: 1
+    Imphash: e38cca61999fb8a0308c0eb798b07989
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 3dad3438a45b30a52d10447f2bed9dbf
+        SHA1: 8b20c1ee70505588cdf27f5b1cf4bf1ce2ef3dd6
+        SHA256: 8483c5dc2323306d4ee3685b7e90a4c11e11b01d04cb607e0bc5aad368fd3c6e
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2018-08-20 01:12:46'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - FltGetRoutineAddress
+    - MmGetSystemRoutineAddress
+    - __C_specific_handler
+    - __chkstk
+    - MmMapLockedPagesSpecifyCache
+    - KeBugCheckEx
+    Imports:
+    - FLTMGR.SYS
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: eba6b88bc7bca21658bda9533f0bbff8
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: ffdf660eb1ebf020a1d0a55a90712dfb
+        SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
+        SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
+    SHA1: c8674fe95460a37819e06d9df304254931033ca7
+    SHA256: 7c830ed39c9de8fe711632bf44846615f84b10db383f47b7d7c9db29a2bd829a
+    Sections:
+        .text:
+            Entropy: 0.571086896150577
+            Virtual Size: '0xc06f'
+        .rdata:
+            Entropy: 5.727103265357244
+            Virtual Size: '0xaa4'
+        .data:
+            Entropy: 4.472915454919098
+            Virtual Size: '0xb51'
+        .pdata:
+            Entropy: 7.672719642712553
+            Virtual Size: '0x390'
+        .gfids:
+            Entropy: 1.5
+            Virtual Size: '0x4'
+        INIT:
+            Entropy: 5.068105640956714
+            Virtual Size: '0x1b2'
+        .be0:
+            Entropy: 7.620608145905546
+            Virtual Size: '0x24692c'
+        .reloc:
+            Entropy: 3.8982383158860956
+            Virtual Size: '0x98'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: C=DE, ST=Baden,Wrttemberg, L=Tbingen, O=BattlEye Innovations
+                e.K., CN=BattlEye Innovations e.K.
+            ValidFrom: '2015-11-10 00:00:00'
+            ValidTo: '2018-11-14 12:00:00'
+            Signature: 7368669bfdfd637b702798e8920e2f53b20963a630c1c12b3701c507a88ac20ed9b70a65ff811f92eeb139af460238cb81b01def55e8081a7f81e0587cd31703c883e2ad53a9f41152710ddbe52b31e715cb533a3030977097a6056813fb0f1cb6a35da6e98679b8c15f3d67db27fd0db7f4147baf6105c37cafd621e557c16d3f3827afff4c99525c0f66415066e91b02b9d283793f995f9d23125fb6b6d21dc9f54924df9747036bd5c83ee1c58edafab83f1e166a6f4374b1a887b7e0d256fa1583e6b13d2be0ad7ad9e7cf2703f66df3413f016544068a6a1f2af9e691e9dde836444f7b42da5394837a72bfa2830f6b9b600c9b55055a5629b2d50e9e07
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0f5a57726999506b6f93fd9a150b88fa
+            Version: 3
+            TBS:
+                MD5: ce9b7df7ccbb74619a38ab27993cac4a
+                SHA1: a7a50e97b1eb82aede99df2bbdd77a0ee638d7c0
+                SHA256: 320f980020cbfb6b87abeaac03b2f1394e2fe5ff0f58d9c8b5afa500fce79099
+                SHA384: c849398347d2f1df8c61b85b544cf2545f1ca4c48cf55fb43d56968ff27882d892abacb6374eecf593e0e9eb00ea37d7
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
+            Version: 3
+            TBS:
+                MD5: 829995f702421dea833a24fb2c7f4442
+                SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
+                SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
+                SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 0f5a57726999506b6f93fd9a150b88fa
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            Version: 1
+    Imphash: e38cca61999fb8a0308c0eb798b07989
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 2cc0df9191b874e7821a7d7bf292800f
+        SHA1: 6a6529fbb133c9535692d92148629418e2bc315e
+        SHA256: b5603b60137fed0dfcc95ec10563b0d5fa2e033944019ba5f338f7f7bd2aa45b
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2018-06-03 17:43:21'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - FltGetRoutineAddress
+    - MmGetSystemRoutineAddress
+    - __C_specific_handler
+    - __chkstk
+    - MmMapLockedPagesSpecifyCache
+    - KeBugCheckEx
+    Imports:
+    - FLTMGR.SYS
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: a5deee418b7b580ca89db8a871dc1645
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: ffdf660eb1ebf020a1d0a55a90712dfb
+        SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
+        SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
+    SHA1: a38aac44ee232fb50a6abf145e8dd921ca3e7d78
+    SHA256: 773999db2f07c50aad70e50c1983fa95804369d25a5b4f10bd610f864c27f2fc
+    Sections:
+        .text:
+            Entropy: 0.68087738204559
+            Virtual Size: '0x9357'
+        .rdata:
+            Entropy: 5.767806597887865
+            Virtual Size: '0x78c'
+        .data:
+            Entropy: 4.472915454919098
+            Virtual Size: '0x969'
+        .pdata:
+            Entropy: 7.62496404255739
+            Virtual Size: '0x258'
+        .gfids:
+            Entropy: 1.5
+            Virtual Size: '0x4'
+        INIT:
+            Entropy: 4.987569684524499
+            Virtual Size: '0x1b2'
+        .be0:
+            Entropy: 7.553684636973308
+            Virtual Size: '0x1f16ec'
+        .reloc:
+            Entropy: 3.802421828259079
+            Virtual Size: '0xa4'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: C=DE, ST=Baden,Wrttemberg, L=Tbingen, O=BattlEye Innovations
+                e.K., CN=BattlEye Innovations e.K.
+            ValidFrom: '2015-11-10 00:00:00'
+            ValidTo: '2018-11-14 12:00:00'
+            Signature: 7368669bfdfd637b702798e8920e2f53b20963a630c1c12b3701c507a88ac20ed9b70a65ff811f92eeb139af460238cb81b01def55e8081a7f81e0587cd31703c883e2ad53a9f41152710ddbe52b31e715cb533a3030977097a6056813fb0f1cb6a35da6e98679b8c15f3d67db27fd0db7f4147baf6105c37cafd621e557c16d3f3827afff4c99525c0f66415066e91b02b9d283793f995f9d23125fb6b6d21dc9f54924df9747036bd5c83ee1c58edafab83f1e166a6f4374b1a887b7e0d256fa1583e6b13d2be0ad7ad9e7cf2703f66df3413f016544068a6a1f2af9e691e9dde836444f7b42da5394837a72bfa2830f6b9b600c9b55055a5629b2d50e9e07
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0f5a57726999506b6f93fd9a150b88fa
+            Version: 3
+            TBS:
+                MD5: ce9b7df7ccbb74619a38ab27993cac4a
+                SHA1: a7a50e97b1eb82aede99df2bbdd77a0ee638d7c0
+                SHA256: 320f980020cbfb6b87abeaac03b2f1394e2fe5ff0f58d9c8b5afa500fce79099
+                SHA384: c849398347d2f1df8c61b85b544cf2545f1ca4c48cf55fb43d56968ff27882d892abacb6374eecf593e0e9eb00ea37d7
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
+            Version: 3
+            TBS:
+                MD5: 829995f702421dea833a24fb2c7f4442
+                SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
+                SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
+                SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 0f5a57726999506b6f93fd9a150b88fa
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            Version: 1
+    Imphash: e38cca61999fb8a0308c0eb798b07989
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: b56b5360b0e294d26c840bf3ad8c6ad4
+        SHA1: 489cb134ee754835a6a9c0d202e67e05434d8b95
+        SHA256: fc7d726e0e803bb38c0f9e910d91970c3dd7444ace1c071381e2e06939616205
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2020-03-25 08:47:09'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - FltGetRoutineAddress
+    - MmGetSystemRoutineAddress
+    - __C_specific_handler
+    - __chkstk
+    - MmMapLockedPagesSpecifyCache
+    - KeBugCheckEx
+    Imports:
+    - FLTMGR.SYS
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: 6917ef5d483ed30be14f8085eaef521b
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: ffdf660eb1ebf020a1d0a55a90712dfb
+        SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
+        SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
+    SHA1: d8adf4f02513367c2b273abb0bc02f7eb3a5ef19
+    SHA256: 4ba224af60a50cad10d0091c89134c72fc021da8d34a6f25c4827184dc6ca5c7
+    Sections:
+        .text:
+            Entropy: 0.5521572557586151
+            Virtual Size: '0x1161f'
+        .rdata:
+            Entropy: 5.632774852694186
+            Virtual Size: '0xef4'
+        .data:
+            Entropy: 4.83016604790065
+            Virtual Size: '0xf99'
+        .pdata:
+            Entropy: 7.805620930518361
+            Virtual Size: '0x504'
+        INIT:
+            Entropy: 5.086974531794905
+            Virtual Size: '0x1b2'
+        .be0:
+            Entropy: 7.704941175897973
+            Virtual Size: '0x2cdc74'
+        .reloc:
+            Entropy: 3.77777634939276
+            Virtual Size: '0xe0'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: C=DE, ST=Baden,Wrttemberg, L=Reutlingen, O=BattlEye Innovations
+                e.K., CN=BattlEye Innovations e.K.
+            ValidFrom: '2020-01-09 00:00:00'
+            ValidTo: '2021-11-24 12:00:00'
+            Signature: b1a7c0bb2039c7b1deaf066108bb0869c734792d70eab5f5e05241a32e331ba4cacb5be7b82db88fb7d213d24f97a921b937abc0a8f33e19d2a0797dd58475e72c2fad972873290f86cf7886cb536cf2b8a0ba25052a89be2857dcd77210303671e772117be71c042e3f913c4092d7ff716c410962949cd858e258ce06e90eac327be0eb9efd0191fcb498afe62285e819f071f88ee343e0f734a1f8f9eb54f894d86b9e91e0dc77df890851ef020bc464e93b888c7b19a0cc09e7489e7d76cca4adabaddecc37a247348eb86b57731fb1253cd9a952ea8cb6ac10be10dbc074d5f9f79505342252f45a5a11936b36a0bb945978d8534c4a48e7b5f263fba850
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 094dc9c3b9d09b4f1d07fa327100e5d5
+            Version: 3
+            TBS:
+                MD5: c91a4116374ff20074633022a6090b91
+                SHA1: b514fc31b903e3100c109b83f229da98fc1c668d
+                SHA256: fda57f4c9af500847bc36b92730b5df4c16d23b46bd8c379d400972bbb062632
+                SHA384: 50235ed2bcf548f675e120d3d8383dcae55e910e23f79144d4b9ea1aab987a7dc2bb757dccc66ce2b1f46df5cb04672d
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
+            Version: 3
+            TBS:
+                MD5: 829995f702421dea833a24fb2c7f4442
+                SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
+                SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
+                SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 094dc9c3b9d09b4f1d07fa327100e5d5
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            Version: 1
+    Imphash: e38cca61999fb8a0308c0eb798b07989
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 89210e34f569d4a83649220f95cf14bd
+        SHA1: 427ddaccca98cfda7f6778da1e7ff824c9b49ff8
+        SHA256: 1933f27ebebde55942291381219497019077548a074e8dcdb120c94df1a2489e
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2020-09-16 15:21:46'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - FltGetRoutineAddress
+    - MmGetSystemRoutineAddress
+    - __C_specific_handler
+    - __chkstk
+    - MmMapLockedPagesSpecifyCache
+    - KeBugCheckEx
+    Imports:
+    - FLTMGR.SYS
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: c9cb486b4f652c9cfb8411803f8ed5f0
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: ffdf660eb1ebf020a1d0a55a90712dfb
+        SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
+        SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
+    SHA1: f2ce790bf47b01a7e1ef5291d8fa341d5f66883a
+    SHA256: f2ed6c1906663016123559d9f3407bc67f64e0d235fa6f10810a3fa7bb322967
+    Sections:
+        .text:
+            Entropy: 0.5378117748227611
+            Virtual Size: '0x1221f'
+        .rdata:
+            Entropy: 5.678368223492464
+            Virtual Size: '0xf84'
+        .data:
+            Entropy: 4.82677671685864
+            Virtual Size: '0xfe1'
+        .pdata:
+            Entropy: 7.733801079430733
+            Virtual Size: '0x54c'
+        INIT:
+            Entropy: 5.086781322027377
+            Virtual Size: '0x1b2'
+        .be0:
+            Entropy: 7.74798400991112
+            Virtual Size: '0x2f5db4'
+        .reloc:
+            Entropy: 4.060953076451466
+            Virtual Size: '0xb0'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: C=DE, ST=Baden,Wrttemberg, L=Reutlingen, O=BattlEye Innovations
+                e.K., CN=BattlEye Innovations e.K.
+            ValidFrom: '2020-01-09 00:00:00'
+            ValidTo: '2021-11-24 12:00:00'
+            Signature: b1a7c0bb2039c7b1deaf066108bb0869c734792d70eab5f5e05241a32e331ba4cacb5be7b82db88fb7d213d24f97a921b937abc0a8f33e19d2a0797dd58475e72c2fad972873290f86cf7886cb536cf2b8a0ba25052a89be2857dcd77210303671e772117be71c042e3f913c4092d7ff716c410962949cd858e258ce06e90eac327be0eb9efd0191fcb498afe62285e819f071f88ee343e0f734a1f8f9eb54f894d86b9e91e0dc77df890851ef020bc464e93b888c7b19a0cc09e7489e7d76cca4adabaddecc37a247348eb86b57731fb1253cd9a952ea8cb6ac10be10dbc074d5f9f79505342252f45a5a11936b36a0bb945978d8534c4a48e7b5f263fba850
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 094dc9c3b9d09b4f1d07fa327100e5d5
+            Version: 3
+            TBS:
+                MD5: c91a4116374ff20074633022a6090b91
+                SHA1: b514fc31b903e3100c109b83f229da98fc1c668d
+                SHA256: fda57f4c9af500847bc36b92730b5df4c16d23b46bd8c379d400972bbb062632
+                SHA384: 50235ed2bcf548f675e120d3d8383dcae55e910e23f79144d4b9ea1aab987a7dc2bb757dccc66ce2b1f46df5cb04672d
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
+            Version: 3
+            TBS:
+                MD5: 829995f702421dea833a24fb2c7f4442
+                SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
+                SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
+                SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 094dc9c3b9d09b4f1d07fa327100e5d5
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            Version: 1
+    Imphash: e38cca61999fb8a0308c0eb798b07989
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 043864883d69e1ff2c94a9e6a700c5f3
+        SHA1: 28f9f951c83666c0a84493e2646693bfa0d227bb
+        SHA256: 55f736e288a101c08b7245ccafe158f5a2e6f0a581f49a87d24e5cbbde8961e1
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2019-01-24 21:54:37'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - FltGetRoutineAddress
+    - MmGetSystemRoutineAddress
+    - __C_specific_handler
+    - __chkstk
+    - MmMapLockedPagesSpecifyCache
+    - KeBugCheckEx
+    Imports:
+    - FLTMGR.SYS
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: e6eaee1b3e41f404c289e22df66ef66b
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: ffdf660eb1ebf020a1d0a55a90712dfb
+        SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
+        SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
+    SHA1: a23a0627297a71a4414193e12a8c074e7bbb8a2e
+    SHA256: 7108613244f16c2279c3c917aa49cef8acf0b92fdaa9ace19bf5cf634360d727
+    Sections:
+        .text:
+            Entropy: 0.6029159211175042
+            Virtual Size: '0xea2f'
+        .rdata:
+            Entropy: 5.765734377488187
+            Virtual Size: '0xcbc'
+        .data:
+            Entropy: 4.711022235914581
+            Virtual Size: '0xca1'
+        .pdata:
+            Entropy: 7.64195331970641
+            Virtual Size: '0x438'
+        .gfids:
+            Entropy: 1.5
+            Virtual Size: '0x4'
+        INIT:
+            Entropy: 5.066779736168507
+            Virtual Size: '0x1b2'
+        .be0:
+            Entropy: 7.641895852447818
+            Virtual Size: '0x26f3c0'
+        .reloc:
+            Entropy: 3.8887424454267845
+            Virtual Size: '0xb0'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: C=DE, ST=Baden,Wrttemberg, L=Reutlingen, O=BattlEye Innovations
+                e.K., CN=BattlEye Innovations e.K.
+            ValidFrom: '2018-11-09 00:00:00'
+            ValidTo: '2019-12-31 12:00:00'
+            Signature: 0e1391b52a7dcdcd6e5f1a2e5e98d07fea5314cc4a43b404bcd7e742cf86c6f14beeb1fa766c7c6370fb6bb0f866f43259fa5cd0921b3d094e296ef0b6d529b77b23f5fc3ffc0d7f86295542360a353fe494a90f8d98721c5c9db07d0a8e945be7460ff1a2d78946ac8be50cc85e2d3f148aa13bbba594df6ebf92ff51f22816724045dc0246d43a69393b26c0189e2139a1424a693c111ea1aa5cc6db4ff08cbf1eba10145fe6a35852a6cf1a3ccf7e15568cd62daa91bd7245def0bfb8c885f0507768e0453504403c40a2c74e20c637db0e8bb4c9d5f68153e7d6cb50bbfbd9137c3801dea2264626885501b48652bb0bd75c834f07676e14dfa3bec8ee4f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 060323c3204df4501ea15b73390dd856
+            Version: 3
+            TBS:
+                MD5: 92a5605ad9f5e70845ba94ce69497daf
+                SHA1: f8a4a34935c94181552bb1234efdc495551be6bc
+                SHA256: 161cb49b11bf44ed701c827c37583768771ed9066e0fb8f7ab5b3768296eae70
+                SHA384: 1e3a6de3e866ff92b95b63b0bfb74810952db516d7fec925c281acbe00fe8008a0f8bdd2d3fc30d354fd0fb785dfc598
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
+            Version: 3
+            TBS:
+                MD5: 829995f702421dea833a24fb2c7f4442
+                SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
+                SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
+                SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 060323c3204df4501ea15b73390dd856
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            Version: 1
+    Imphash: e38cca61999fb8a0308c0eb798b07989
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 9c10517dc293a376373a7b1e711e4faa
+        SHA1: 2090e9738915845d1171561cb01d15cd043e80cf
+        SHA256: 93f787e33a663311a6a553db1c7d7e5b3f4cd20b0b7725b35dbd0dd67308cef4
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2020-02-18 17:28:29'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - FltGetRoutineAddress
+    - MmGetSystemRoutineAddress
+    - __C_specific_handler
+    - __chkstk
+    - MmMapLockedPagesSpecifyCache
+    - KeBugCheckEx
+    Imports:
+    - FLTMGR.SYS
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: be5f46fd1056f02a7a241e052fa5888f
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: ffdf660eb1ebf020a1d0a55a90712dfb
+        SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
+        SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
+    SHA1: b34fc245d561905c06a8058753d25244aaecbb61
+    SHA256: 8ae383546761069b26826dfbf2ac0233169d155bca6a94160488092b4e70b222
+    Sections:
+        .text:
+            Entropy: 0.560877583076083
+            Virtual Size: '0x1115f'
+        .rdata:
+            Entropy: 5.598360942050186
+            Virtual Size: '0xe9c'
+        .data:
+            Entropy: 4.839452937553313
+            Virtual Size: '0x1161'
+        .pdata:
+            Entropy: 7.740776408657055
+            Virtual Size: '0x4ec'
+        INIT:
+            Entropy: 5.095351195443289
+            Virtual Size: '0x1b2'
+        .be0:
+            Entropy: 7.718793925627918
+            Virtual Size: '0x2bec64'
+        .reloc:
+            Entropy: 3.782078663170565
+            Virtual Size: '0xd4'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: C=DE, ST=Baden,Wrttemberg, L=Reutlingen, O=BattlEye Innovations
+                e.K., CN=BattlEye Innovations e.K.
+            ValidFrom: '2020-01-09 00:00:00'
+            ValidTo: '2021-11-24 12:00:00'
+            Signature: b1a7c0bb2039c7b1deaf066108bb0869c734792d70eab5f5e05241a32e331ba4cacb5be7b82db88fb7d213d24f97a921b937abc0a8f33e19d2a0797dd58475e72c2fad972873290f86cf7886cb536cf2b8a0ba25052a89be2857dcd77210303671e772117be71c042e3f913c4092d7ff716c410962949cd858e258ce06e90eac327be0eb9efd0191fcb498afe62285e819f071f88ee343e0f734a1f8f9eb54f894d86b9e91e0dc77df890851ef020bc464e93b888c7b19a0cc09e7489e7d76cca4adabaddecc37a247348eb86b57731fb1253cd9a952ea8cb6ac10be10dbc074d5f9f79505342252f45a5a11936b36a0bb945978d8534c4a48e7b5f263fba850
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 094dc9c3b9d09b4f1d07fa327100e5d5
+            Version: 3
+            TBS:
+                MD5: c91a4116374ff20074633022a6090b91
+                SHA1: b514fc31b903e3100c109b83f229da98fc1c668d
+                SHA256: fda57f4c9af500847bc36b92730b5df4c16d23b46bd8c379d400972bbb062632
+                SHA384: 50235ed2bcf548f675e120d3d8383dcae55e910e23f79144d4b9ea1aab987a7dc2bb757dccc66ce2b1f46df5cb04672d
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
+            Version: 3
+            TBS:
+                MD5: 829995f702421dea833a24fb2c7f4442
+                SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
+                SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
+                SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 094dc9c3b9d09b4f1d07fa327100e5d5
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            Version: 1
+    Imphash: e38cca61999fb8a0308c0eb798b07989
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 1a22dcc55fa79a2c8255a529f7e55d94
+        SHA1: 0cf32234e257819204c2881fa579f16f29df7984
+        SHA256: fb467e8c9edf1ac9ddabbc666cd48fc37b05e9d9390bb347504c899e15bce4d8
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2020-10-26 18:55:10'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - FltGetRoutineAddress
+    - MmGetSystemRoutineAddress
+    - __C_specific_handler
+    - __chkstk
+    - MmMapLockedPagesSpecifyCache
+    - KeBugCheckEx
+    Imports:
+    - FLTMGR.SYS
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: 5e9d5c59ba1f1060f53909c129df3355
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: ffdf660eb1ebf020a1d0a55a90712dfb
+        SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
+        SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
+    SHA1: ca4d2bd6022f71e1a48b08728c0ac83c68e91281
+    SHA256: 0bd164da36bd637bb76ca66602d732af912bd9299cb3d520d26db528cb54826d
+    Sections:
+        .text:
+            Entropy: 0.5262446948944841
+            Virtual Size: '0x12b1f'
+        .rdata:
+            Entropy: 5.6852068201887835
+            Virtual Size: '0x1014'
+        .data:
+            Entropy: 4.831640437553313
+            Virtual Size: '0xfe1'
+        .pdata:
+            Entropy: 7.586723826555238
+            Virtual Size: '0x570'
+        INIT:
+            Entropy: 5.103148610155857
+            Virtual Size: '0x1b2'
+        .be0:
+            Entropy: 7.76668582946825
+            Virtual Size: '0x31547c'
+        .reloc:
+            Entropy: 3.971128707763775
+            Virtual Size: '0xc8'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: C=DE, ST=Baden,Wrttemberg, L=Reutlingen, O=BattlEye Innovations
+                e.K., CN=BattlEye Innovations e.K.
+            ValidFrom: '2020-01-09 00:00:00'
+            ValidTo: '2021-11-24 12:00:00'
+            Signature: b1a7c0bb2039c7b1deaf066108bb0869c734792d70eab5f5e05241a32e331ba4cacb5be7b82db88fb7d213d24f97a921b937abc0a8f33e19d2a0797dd58475e72c2fad972873290f86cf7886cb536cf2b8a0ba25052a89be2857dcd77210303671e772117be71c042e3f913c4092d7ff716c410962949cd858e258ce06e90eac327be0eb9efd0191fcb498afe62285e819f071f88ee343e0f734a1f8f9eb54f894d86b9e91e0dc77df890851ef020bc464e93b888c7b19a0cc09e7489e7d76cca4adabaddecc37a247348eb86b57731fb1253cd9a952ea8cb6ac10be10dbc074d5f9f79505342252f45a5a11936b36a0bb945978d8534c4a48e7b5f263fba850
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 094dc9c3b9d09b4f1d07fa327100e5d5
+            Version: 3
+            TBS:
+                MD5: c91a4116374ff20074633022a6090b91
+                SHA1: b514fc31b903e3100c109b83f229da98fc1c668d
+                SHA256: fda57f4c9af500847bc36b92730b5df4c16d23b46bd8c379d400972bbb062632
+                SHA384: 50235ed2bcf548f675e120d3d8383dcae55e910e23f79144d4b9ea1aab987a7dc2bb757dccc66ce2b1f46df5cb04672d
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
+            Version: 3
+            TBS:
+                MD5: 829995f702421dea833a24fb2c7f4442
+                SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
+                SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
+                SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 094dc9c3b9d09b4f1d07fa327100e5d5
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            Version: 1
+    Imphash: e38cca61999fb8a0308c0eb798b07989
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: d9b5ead8e8216d9dfa63835428e99038
+        SHA1: bd3558fb46fcb2165f4965f3ba08a0640e9259ef
+        SHA256: ac76256f8ca6608abe84ca194d46bc581706ecc6813e1abe5fa2b6cc3b4bdade
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2020-03-04 01:52:30'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - FltGetRoutineAddress
+    - MmGetSystemRoutineAddress
+    - __C_specific_handler
+    - __chkstk
+    - MmMapLockedPagesSpecifyCache
+    - KeBugCheckEx
+    Imports:
+    - FLTMGR.SYS
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: 2315a8919cfb167e718d8c788ed3ceca
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: ffdf660eb1ebf020a1d0a55a90712dfb
+        SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
+        SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
+    SHA1: 40abf7edb4c76fb3f22418f03198151c5363f1cb
+    SHA256: 9e2622d8e7a0ec136ba1fff639833f05137f8a1ff03e7a93b9a4aea25e7abb8d
+    Sections:
+        .text:
+            Entropy: 0.5602027352677121
+            Virtual Size: '0x1125f'
+        .rdata:
+            Entropy: 5.584373909094189
+            Virtual Size: '0xe94'
+        .data:
+            Entropy: 4.827734187553314
+            Virtual Size: '0x11a1'
+        .pdata:
+            Entropy: 7.671630254302685
+            Virtual Size: '0x4ec'
+        INIT:
+            Entropy: 5.0907429005124145
+            Virtual Size: '0x1b2'
+        .be0:
+            Entropy: 7.706695950727811
+            Virtual Size: '0x2c0564'
+        .reloc:
+            Entropy: 3.8753887528118494
+            Virtual Size: '0xc8'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: C=DE, ST=Baden,Wrttemberg, L=Reutlingen, O=BattlEye Innovations
+                e.K., CN=BattlEye Innovations e.K.
+            ValidFrom: '2020-01-09 00:00:00'
+            ValidTo: '2021-11-24 12:00:00'
+            Signature: b1a7c0bb2039c7b1deaf066108bb0869c734792d70eab5f5e05241a32e331ba4cacb5be7b82db88fb7d213d24f97a921b937abc0a8f33e19d2a0797dd58475e72c2fad972873290f86cf7886cb536cf2b8a0ba25052a89be2857dcd77210303671e772117be71c042e3f913c4092d7ff716c410962949cd858e258ce06e90eac327be0eb9efd0191fcb498afe62285e819f071f88ee343e0f734a1f8f9eb54f894d86b9e91e0dc77df890851ef020bc464e93b888c7b19a0cc09e7489e7d76cca4adabaddecc37a247348eb86b57731fb1253cd9a952ea8cb6ac10be10dbc074d5f9f79505342252f45a5a11936b36a0bb945978d8534c4a48e7b5f263fba850
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 094dc9c3b9d09b4f1d07fa327100e5d5
+            Version: 3
+            TBS:
+                MD5: c91a4116374ff20074633022a6090b91
+                SHA1: b514fc31b903e3100c109b83f229da98fc1c668d
+                SHA256: fda57f4c9af500847bc36b92730b5df4c16d23b46bd8c379d400972bbb062632
+                SHA384: 50235ed2bcf548f675e120d3d8383dcae55e910e23f79144d4b9ea1aab987a7dc2bb757dccc66ce2b1f46df5cb04672d
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
+            Version: 3
+            TBS:
+                MD5: 829995f702421dea833a24fb2c7f4442
+                SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
+                SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
+                SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 094dc9c3b9d09b4f1d07fa327100e5d5
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            Version: 1
+    Imphash: e38cca61999fb8a0308c0eb798b07989
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 6c1ab3f6531a440ad85b7e7d8717bac8
+        SHA1: b52b9bec86703af89322ebbc412dc499fa9ca13e
+        SHA256: df101558cf68e3f50fb468248699e6f3938be7a893680bd4803fc2afe20bfd78
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2019-11-15 00:57:13'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - FltGetRoutineAddress
+    - MmGetSystemRoutineAddress
+    - __C_specific_handler
+    - __chkstk
+    - MmMapLockedPagesSpecifyCache
+    - KeBugCheckEx
+    Imports:
+    - FLTMGR.SYS
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: b17fb1ad5e880467cf7e61b1ee8e3448
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: ffdf660eb1ebf020a1d0a55a90712dfb
+        SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
+        SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
+    SHA1: 0634878c3f6048a38ec82869d7c6df2f69f3e210
+    SHA256: c35f3a9da8e81e75642af20103240618b641d39724f9df438bf0f361122876b0
+    Sections:
+        .text:
+            Entropy: 0.6276836468252875
+            Virtual Size: '0x101ef'
+        .rdata:
+            Entropy: 5.76513015324454
+            Virtual Size: '0xd4c'
+        .data:
+            Entropy: 4.778805631520779
+            Virtual Size: '0x1129'
+        .pdata:
+            Entropy: 7.748767127117102
+            Virtual Size: '0x474'
+        .gfids:
+            Entropy: 2.0
+            Virtual Size: '0x4'
+        INIT:
+            Entropy: 5.091228879087254
+            Virtual Size: '0x1b2'
+        .be0:
+            Entropy: 7.673857613933819
+            Virtual Size: '0x29dec4'
+        .reloc:
+            Entropy: 3.9696926705530466
+            Virtual Size: '0xb4'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: C=DE, ST=Baden,Wrttemberg, L=Reutlingen, O=BattlEye Innovations
+                e.K., CN=BattlEye Innovations e.K.
+            ValidFrom: '2018-11-09 00:00:00'
+            ValidTo: '2019-12-31 12:00:00'
+            Signature: 0e1391b52a7dcdcd6e5f1a2e5e98d07fea5314cc4a43b404bcd7e742cf86c6f14beeb1fa766c7c6370fb6bb0f866f43259fa5cd0921b3d094e296ef0b6d529b77b23f5fc3ffc0d7f86295542360a353fe494a90f8d98721c5c9db07d0a8e945be7460ff1a2d78946ac8be50cc85e2d3f148aa13bbba594df6ebf92ff51f22816724045dc0246d43a69393b26c0189e2139a1424a693c111ea1aa5cc6db4ff08cbf1eba10145fe6a35852a6cf1a3ccf7e15568cd62daa91bd7245def0bfb8c885f0507768e0453504403c40a2c74e20c637db0e8bb4c9d5f68153e7d6cb50bbfbd9137c3801dea2264626885501b48652bb0bd75c834f07676e14dfa3bec8ee4f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 060323c3204df4501ea15b73390dd856
+            Version: 3
+            TBS:
+                MD5: 92a5605ad9f5e70845ba94ce69497daf
+                SHA1: f8a4a34935c94181552bb1234efdc495551be6bc
+                SHA256: 161cb49b11bf44ed701c827c37583768771ed9066e0fb8f7ab5b3768296eae70
+                SHA384: 1e3a6de3e866ff92b95b63b0bfb74810952db516d7fec925c281acbe00fe8008a0f8bdd2d3fc30d354fd0fb785dfc598
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
+            Version: 3
+            TBS:
+                MD5: 829995f702421dea833a24fb2c7f4442
+                SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
+                SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
+                SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 060323c3204df4501ea15b73390dd856
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            Version: 1
+    Imphash: e38cca61999fb8a0308c0eb798b07989
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: bad68e0a55b3e8acab4f2886d3be875b
+        SHA1: 36ed967bc3b6973b695aa18c57f5b3be5e20bb6a
+        SHA256: 9fb474b921371c4679582df8484932b832345693de94e3c4a158638b4d75a19c
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2019-03-21 03:57:59'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - FltGetRoutineAddress
+    - MmGetSystemRoutineAddress
+    - __C_specific_handler
+    - __chkstk
+    - MmMapLockedPagesSpecifyCache
+    - KeBugCheckEx
+    Imports:
+    - FLTMGR.SYS
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: f7edd110de10f9a50c2922f1450819aa
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: ffdf660eb1ebf020a1d0a55a90712dfb
+        SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
+        SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
+    SHA1: 8d6d6745a2adc9e5aa025c38875554ae6440d1ad
+    SHA256: eba14a2b4cefd74edaf38d963775352dc3618977e30261aab52be682a76b536f
+    Sections:
+        .text:
+            Entropy: 0.5791416913043252
+            Virtual Size: '0xf82f'
+        .rdata:
+            Entropy: 5.691030825080947
+            Virtual Size: '0xd3c'
+        .data:
+            Entropy: 4.725287432857648
+            Virtual Size: '0xf09'
+        .pdata:
+            Entropy: 7.587113063126964
+            Virtual Size: '0x468'
+        .gfids:
+            Entropy: 2.0
+            Virtual Size: '0x4'
+        INIT:
+            Entropy: 5.098450223019205
+            Virtual Size: '0x1b2'
+        .be0:
+            Entropy: 7.674268262416512
+            Virtual Size: '0x2974f4'
+        .reloc:
+            Entropy: 3.9466852497211415
+            Virtual Size: '0xb0'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: C=DE, ST=Baden,Wrttemberg, L=Reutlingen, O=BattlEye Innovations
+                e.K., CN=BattlEye Innovations e.K.
+            ValidFrom: '2018-11-09 00:00:00'
+            ValidTo: '2019-12-31 12:00:00'
+            Signature: 0e1391b52a7dcdcd6e5f1a2e5e98d07fea5314cc4a43b404bcd7e742cf86c6f14beeb1fa766c7c6370fb6bb0f866f43259fa5cd0921b3d094e296ef0b6d529b77b23f5fc3ffc0d7f86295542360a353fe494a90f8d98721c5c9db07d0a8e945be7460ff1a2d78946ac8be50cc85e2d3f148aa13bbba594df6ebf92ff51f22816724045dc0246d43a69393b26c0189e2139a1424a693c111ea1aa5cc6db4ff08cbf1eba10145fe6a35852a6cf1a3ccf7e15568cd62daa91bd7245def0bfb8c885f0507768e0453504403c40a2c74e20c637db0e8bb4c9d5f68153e7d6cb50bbfbd9137c3801dea2264626885501b48652bb0bd75c834f07676e14dfa3bec8ee4f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 060323c3204df4501ea15b73390dd856
+            Version: 3
+            TBS:
+                MD5: 92a5605ad9f5e70845ba94ce69497daf
+                SHA1: f8a4a34935c94181552bb1234efdc495551be6bc
+                SHA256: 161cb49b11bf44ed701c827c37583768771ed9066e0fb8f7ab5b3768296eae70
+                SHA384: 1e3a6de3e866ff92b95b63b0bfb74810952db516d7fec925c281acbe00fe8008a0f8bdd2d3fc30d354fd0fb785dfc598
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
+            Version: 3
+            TBS:
+                MD5: 829995f702421dea833a24fb2c7f4442
+                SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
+                SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
+                SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 060323c3204df4501ea15b73390dd856
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            Version: 1
+    Imphash: e38cca61999fb8a0308c0eb798b07989
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 0546bd323c625b7418791623dc8baec1
+        SHA1: 95ee60eef4d011ed8e748bbc0b531b21ce95c66c
+        SHA256: 7823833a22e11345c69d0c9687b3b75e0043492ed9546d6300a3f63017384538
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2020-03-12 01:50:11'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - FltGetRoutineAddress
+    - MmGetSystemRoutineAddress
+    - __C_specific_handler
+    - __chkstk
+    - MmMapLockedPagesSpecifyCache
+    - KeBugCheckEx
+    Imports:
+    - FLTMGR.SYS
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: 100fe0bc0c183d16e1f08d1a2ad624a8
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: ffdf660eb1ebf020a1d0a55a90712dfb
+        SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
+        SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
+    SHA1: 1f84d89dd0ae5008c827ce274848d551aff3fc33
+    SHA256: 854bc946b557ed78c7d40547eb39e293e83942a693c94d0e798d1c4fbde7efa9
+    Sections:
+        .text:
+            Entropy: 0.5570597356141154
+            Virtual Size: '0x1135f'
+        .rdata:
+            Entropy: 5.660818141334896
+            Virtual Size: '0xecc'
+        .data:
+            Entropy: 4.827734187553314
+            Virtual Size: '0x11a1'
+        .pdata:
+            Entropy: 7.758868665054195
+            Virtual Size: '0x4ec'
+        INIT:
+            Entropy: 5.092482272637214
+            Virtual Size: '0x1b2'
+        .be0:
+            Entropy: 7.712352401172719
+            Virtual Size: '0x2c4c24'
+        .reloc:
+            Entropy: 3.7967765900624095
+            Virtual Size: '0xb0'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: C=DE, ST=Baden,Wrttemberg, L=Reutlingen, O=BattlEye Innovations
+                e.K., CN=BattlEye Innovations e.K.
+            ValidFrom: '2020-01-09 00:00:00'
+            ValidTo: '2021-11-24 12:00:00'
+            Signature: b1a7c0bb2039c7b1deaf066108bb0869c734792d70eab5f5e05241a32e331ba4cacb5be7b82db88fb7d213d24f97a921b937abc0a8f33e19d2a0797dd58475e72c2fad972873290f86cf7886cb536cf2b8a0ba25052a89be2857dcd77210303671e772117be71c042e3f913c4092d7ff716c410962949cd858e258ce06e90eac327be0eb9efd0191fcb498afe62285e819f071f88ee343e0f734a1f8f9eb54f894d86b9e91e0dc77df890851ef020bc464e93b888c7b19a0cc09e7489e7d76cca4adabaddecc37a247348eb86b57731fb1253cd9a952ea8cb6ac10be10dbc074d5f9f79505342252f45a5a11936b36a0bb945978d8534c4a48e7b5f263fba850
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 094dc9c3b9d09b4f1d07fa327100e5d5
+            Version: 3
+            TBS:
+                MD5: c91a4116374ff20074633022a6090b91
+                SHA1: b514fc31b903e3100c109b83f229da98fc1c668d
+                SHA256: fda57f4c9af500847bc36b92730b5df4c16d23b46bd8c379d400972bbb062632
+                SHA384: 50235ed2bcf548f675e120d3d8383dcae55e910e23f79144d4b9ea1aab987a7dc2bb757dccc66ce2b1f46df5cb04672d
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
+            Version: 3
+            TBS:
+                MD5: 829995f702421dea833a24fb2c7f4442
+                SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
+                SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
+                SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 094dc9c3b9d09b4f1d07fa327100e5d5
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            Version: 1
+    Imphash: e38cca61999fb8a0308c0eb798b07989
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: c98adcc1e66228fb22bb7c579bc9c5f1
+        SHA1: 60ff2c96436f6cf2a1e0db1c3dbb203f1f6c93a6
+        SHA256: 761ca3aee052d4a34f500dee578ef55a4e481b1d6096eb3573f3f828ecfe4f89
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2019-02-25 04:08:41'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - FltGetRoutineAddress
+    - MmGetSystemRoutineAddress
+    - __C_specific_handler
+    - __chkstk
+    - MmMapLockedPagesSpecifyCache
+    - KeBugCheckEx
+    Imports:
+    - FLTMGR.SYS
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: 0420fa6704fd0590c5ce7176fdada650
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: ffdf660eb1ebf020a1d0a55a90712dfb
+        SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
+        SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
+    SHA1: fde6ab389a6e0a9b2ef1713df9d43cca5f1f3da8
+    SHA256: d2e843d9729da9b19d6085edf69b90b057c890a74142f5202707057ee9c0b568
+    Sections:
+        .text:
+            Entropy: 0.5919214718781832
+            Virtual Size: '0xf0ef'
+        .rdata:
+            Entropy: 5.696659513426179
+            Virtual Size: '0xd24'
+        .data:
+            Entropy: 4.711022235914581
+            Virtual Size: '0xec9'
+        .pdata:
+            Entropy: 7.591180090445488
+            Virtual Size: '0x450'
+        .gfids:
+            Entropy: 1.5
+            Virtual Size: '0x4'
+        INIT:
+            Entropy: 5.098450223019205
+            Virtual Size: '0x1b2'
+        .be0:
+            Entropy: 7.654084144719121
+            Virtual Size: '0x27ef24'
+        .reloc:
+            Entropy: 4.012805891034881
+            Virtual Size: '0xa4'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: C=DE, ST=Baden,Wrttemberg, L=Reutlingen, O=BattlEye Innovations
+                e.K., CN=BattlEye Innovations e.K.
+            ValidFrom: '2018-11-09 00:00:00'
+            ValidTo: '2019-12-31 12:00:00'
+            Signature: 0e1391b52a7dcdcd6e5f1a2e5e98d07fea5314cc4a43b404bcd7e742cf86c6f14beeb1fa766c7c6370fb6bb0f866f43259fa5cd0921b3d094e296ef0b6d529b77b23f5fc3ffc0d7f86295542360a353fe494a90f8d98721c5c9db07d0a8e945be7460ff1a2d78946ac8be50cc85e2d3f148aa13bbba594df6ebf92ff51f22816724045dc0246d43a69393b26c0189e2139a1424a693c111ea1aa5cc6db4ff08cbf1eba10145fe6a35852a6cf1a3ccf7e15568cd62daa91bd7245def0bfb8c885f0507768e0453504403c40a2c74e20c637db0e8bb4c9d5f68153e7d6cb50bbfbd9137c3801dea2264626885501b48652bb0bd75c834f07676e14dfa3bec8ee4f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 060323c3204df4501ea15b73390dd856
+            Version: 3
+            TBS:
+                MD5: 92a5605ad9f5e70845ba94ce69497daf
+                SHA1: f8a4a34935c94181552bb1234efdc495551be6bc
+                SHA256: 161cb49b11bf44ed701c827c37583768771ed9066e0fb8f7ab5b3768296eae70
+                SHA384: 1e3a6de3e866ff92b95b63b0bfb74810952db516d7fec925c281acbe00fe8008a0f8bdd2d3fc30d354fd0fb785dfc598
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
+            Version: 3
+            TBS:
+                MD5: 829995f702421dea833a24fb2c7f4442
+                SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
+                SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
+                SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 060323c3204df4501ea15b73390dd856
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            Version: 1
+    Imphash: e38cca61999fb8a0308c0eb798b07989
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: c21a5342e4fdb719935f8a9c45ddd16e
+        SHA1: 72f17ffb8a9676a099207ddd28bc616e018173b4
+        SHA256: 4ad2df1ae0c1ffaa2492de91bbe24ff6bf2b2beb18a62366207dfb4257ed5c60
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2018-09-24 07:22:38'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - FltGetRoutineAddress
+    - MmGetSystemRoutineAddress
+    - __C_specific_handler
+    - __chkstk
+    - MmMapLockedPagesSpecifyCache
+    - KeBugCheckEx
+    Imports:
+    - FLTMGR.SYS
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: c607c37af638fa4eac751976a6afbaa6
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: ffdf660eb1ebf020a1d0a55a90712dfb
+        SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
+        SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
+    SHA1: 6679cb0907ade366cf577d55be07eabc9fb83861
+    SHA256: cf66fcbcb8b2ea7fb4398f398b7480c50f6a451b51367718c36330182c1bb496
+    Sections:
+        .text:
+            Entropy: 0.5451590665573177
+            Virtual Size: '0xcd2f'
+        .rdata:
+            Entropy: 5.704550611749161
+            Virtual Size: '0xb54'
+        .data:
+            Entropy: 4.472915454919098
+            Virtual Size: '0xb71'
+        .pdata:
+            Entropy: 7.5914809062106405
+            Virtual Size: '0x3cc'
+        .gfids:
+            Entropy: 1.5
+            Virtual Size: '0x4'
+        INIT:
+            Entropy: 5.087562109460338
+            Virtual Size: '0x1b2'
+        .be0:
+            Entropy: 7.643066888763708
+            Virtual Size: '0x25bd14'
+        .reloc:
+            Entropy: 3.9458561132974985
+            Virtual Size: '0xb0'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: C=DE, ST=Baden,Wrttemberg, L=Tbingen, O=BattlEye Innovations
+                e.K., CN=BattlEye Innovations e.K.
+            ValidFrom: '2015-11-10 00:00:00'
+            ValidTo: '2018-11-14 12:00:00'
+            Signature: 7368669bfdfd637b702798e8920e2f53b20963a630c1c12b3701c507a88ac20ed9b70a65ff811f92eeb139af460238cb81b01def55e8081a7f81e0587cd31703c883e2ad53a9f41152710ddbe52b31e715cb533a3030977097a6056813fb0f1cb6a35da6e98679b8c15f3d67db27fd0db7f4147baf6105c37cafd621e557c16d3f3827afff4c99525c0f66415066e91b02b9d283793f995f9d23125fb6b6d21dc9f54924df9747036bd5c83ee1c58edafab83f1e166a6f4374b1a887b7e0d256fa1583e6b13d2be0ad7ad9e7cf2703f66df3413f016544068a6a1f2af9e691e9dde836444f7b42da5394837a72bfa2830f6b9b600c9b55055a5629b2d50e9e07
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0f5a57726999506b6f93fd9a150b88fa
+            Version: 3
+            TBS:
+                MD5: ce9b7df7ccbb74619a38ab27993cac4a
+                SHA1: a7a50e97b1eb82aede99df2bbdd77a0ee638d7c0
+                SHA256: 320f980020cbfb6b87abeaac03b2f1394e2fe5ff0f58d9c8b5afa500fce79099
+                SHA384: c849398347d2f1df8c61b85b544cf2545f1ca4c48cf55fb43d56968ff27882d892abacb6374eecf593e0e9eb00ea37d7
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
+            Version: 3
+            TBS:
+                MD5: 829995f702421dea833a24fb2c7f4442
+                SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
+                SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
+                SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 0f5a57726999506b6f93fd9a150b88fa
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            Version: 1
+    Imphash: e38cca61999fb8a0308c0eb798b07989
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 2cb93b2245caed99ebf25ba4de80f923
+        SHA1: e52946d26810573ce95df496337d68246dbe0c47
+        SHA256: 0cf72a6d8c4add613209a1af41c6b09013fa688c9841210b5ff1d2908d99bf00
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2020-02-03 13:19:02'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - FltGetRoutineAddress
+    - MmGetSystemRoutineAddress
+    - __C_specific_handler
+    - __chkstk
+    - MmMapLockedPagesSpecifyCache
+    - KeBugCheckEx
+    Imports:
+    - FLTMGR.SYS
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: c5d1f8ed329ebb86ddd01e414a6a1718
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: ffdf660eb1ebf020a1d0a55a90712dfb
+        SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
+        SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
+    SHA1: 6887668eb41637bbbab285d41a36093c6b17a8fa
+    SHA256: 3d8cfc9abea6d83dfea6da03260ff81be3b7b304321274f696ff0fdb9920c645
+    Sections:
+        .text:
+            Entropy: 0.5690248434405394
+            Virtual Size: '0x10adf'
+        .rdata:
+            Entropy: 5.58542317887343
+            Virtual Size: '0xe0c'
+        .data:
+            Entropy: 4.821380153406965
+            Virtual Size: '0x1159'
+        .pdata:
+            Entropy: 7.597807306730647
+            Virtual Size: '0x4bc'
+        INIT:
+            Entropy: 5.067321709184347
+            Virtual Size: '0x1b2'
+        .be0:
+            Entropy: 7.693237909944207
+            Virtual Size: '0x2b0e94'
+        .reloc:
+            Entropy: 3.8819660595502
+            Virtual Size: '0xc0'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: C=DE, ST=Baden,Wrttemberg, L=Reutlingen, O=BattlEye Innovations
+                e.K., CN=BattlEye Innovations e.K.
+            ValidFrom: '2020-01-09 00:00:00'
+            ValidTo: '2021-11-24 12:00:00'
+            Signature: b1a7c0bb2039c7b1deaf066108bb0869c734792d70eab5f5e05241a32e331ba4cacb5be7b82db88fb7d213d24f97a921b937abc0a8f33e19d2a0797dd58475e72c2fad972873290f86cf7886cb536cf2b8a0ba25052a89be2857dcd77210303671e772117be71c042e3f913c4092d7ff716c410962949cd858e258ce06e90eac327be0eb9efd0191fcb498afe62285e819f071f88ee343e0f734a1f8f9eb54f894d86b9e91e0dc77df890851ef020bc464e93b888c7b19a0cc09e7489e7d76cca4adabaddecc37a247348eb86b57731fb1253cd9a952ea8cb6ac10be10dbc074d5f9f79505342252f45a5a11936b36a0bb945978d8534c4a48e7b5f263fba850
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 094dc9c3b9d09b4f1d07fa327100e5d5
+            Version: 3
+            TBS:
+                MD5: c91a4116374ff20074633022a6090b91
+                SHA1: b514fc31b903e3100c109b83f229da98fc1c668d
+                SHA256: fda57f4c9af500847bc36b92730b5df4c16d23b46bd8c379d400972bbb062632
+                SHA384: 50235ed2bcf548f675e120d3d8383dcae55e910e23f79144d4b9ea1aab987a7dc2bb757dccc66ce2b1f46df5cb04672d
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
+            Version: 3
+            TBS:
+                MD5: 829995f702421dea833a24fb2c7f4442
+                SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
+                SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
+                SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 094dc9c3b9d09b4f1d07fa327100e5d5
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            Version: 1
+    Imphash: e38cca61999fb8a0308c0eb798b07989
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 8502ba895dd1127a4cdefc6cf470a748
+        SHA1: 2b195297ae70b4858ba8db425f1c807e996f10bf
+        SHA256: 425406152227f499013a6c3fbcf7700d98351a30e7813a30f0003f48eceb08ec
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2018-11-28 04:44:12'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - FltGetRoutineAddress
+    - MmGetSystemRoutineAddress
+    - __C_specific_handler
+    - __chkstk
+    - MmMapLockedPagesSpecifyCache
+    - KeBugCheckEx
+    Imports:
+    - FLTMGR.SYS
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: d3026938514218766cb6d3b36ccfa322
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: ffdf660eb1ebf020a1d0a55a90712dfb
+        SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
+        SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
+    SHA1: 49174d56cce618c77ae4013fe28861c80bf5ba97
+    SHA256: a19fc837ca342d2db43ee8ad7290df48a1b8b85996c58a19ca3530101862a804
+    Sections:
+        .text:
+            Entropy: 0.6118728738659246
+            Virtual Size: '0xdb6f'
+        .rdata:
+            Entropy: 5.721198054195641
+            Virtual Size: '0xc0c'
+        .data:
+            Entropy: 4.655315417980447
+            Virtual Size: '0xbe9'
+        .pdata:
+            Entropy: 7.694305916330059
+            Virtual Size: '0x414'
+        .gfids:
+            Entropy: 1.5
+            Virtual Size: '0x4'
+        INIT:
+            Entropy: 5.08362315567106
+            Virtual Size: '0x1b2'
+        .be0:
+            Entropy: 7.633633952035988
+            Virtual Size: '0x2640e8'
+        .reloc:
+            Entropy: 3.8769045944094733
+            Virtual Size: '0x9c'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: C=DE, ST=Baden,Wrttemberg, L=Reutlingen, O=BattlEye Innovations
+                e.K., CN=BattlEye Innovations e.K.
+            ValidFrom: '2018-11-09 00:00:00'
+            ValidTo: '2019-12-31 12:00:00'
+            Signature: 0e1391b52a7dcdcd6e5f1a2e5e98d07fea5314cc4a43b404bcd7e742cf86c6f14beeb1fa766c7c6370fb6bb0f866f43259fa5cd0921b3d094e296ef0b6d529b77b23f5fc3ffc0d7f86295542360a353fe494a90f8d98721c5c9db07d0a8e945be7460ff1a2d78946ac8be50cc85e2d3f148aa13bbba594df6ebf92ff51f22816724045dc0246d43a69393b26c0189e2139a1424a693c111ea1aa5cc6db4ff08cbf1eba10145fe6a35852a6cf1a3ccf7e15568cd62daa91bd7245def0bfb8c885f0507768e0453504403c40a2c74e20c637db0e8bb4c9d5f68153e7d6cb50bbfbd9137c3801dea2264626885501b48652bb0bd75c834f07676e14dfa3bec8ee4f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 060323c3204df4501ea15b73390dd856
+            Version: 3
+            TBS:
+                MD5: 92a5605ad9f5e70845ba94ce69497daf
+                SHA1: f8a4a34935c94181552bb1234efdc495551be6bc
+                SHA256: 161cb49b11bf44ed701c827c37583768771ed9066e0fb8f7ab5b3768296eae70
+                SHA384: 1e3a6de3e866ff92b95b63b0bfb74810952db516d7fec925c281acbe00fe8008a0f8bdd2d3fc30d354fd0fb785dfc598
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
+            Version: 3
+            TBS:
+                MD5: 829995f702421dea833a24fb2c7f4442
+                SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
+                SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
+                SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 060323c3204df4501ea15b73390dd856
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            Version: 1
+    Imphash: e38cca61999fb8a0308c0eb798b07989
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: d3b4ebfa52d807a0772e3c870b870c24
+        SHA1: aabd3742ab7e0d8568acbe964ef32fa7b85672b7
+        SHA256: 0a2d4815a03365d40b2b22981d4d8bee81bfbd983db1af30ce497fcdf77f83c9
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2019-03-08 03:53:52'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - FltGetRoutineAddress
+    - MmGetSystemRoutineAddress
+    - __C_specific_handler
+    - __chkstk
+    - MmMapLockedPagesSpecifyCache
+    - KeBugCheckEx
+    Imports:
+    - FLTMGR.SYS
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: 1b2e3b7f2966f2f6e6a1bb89f97228e5
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: ffdf660eb1ebf020a1d0a55a90712dfb
+        SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
+        SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
+    SHA1: 15f16fe63105b8f9cc0ef2bc8f97cfa5deb40662
+    SHA256: 8bf01cd6d55502838853851703eb297ec71361fa9a0b088a30c2434f4d2bf9c6
+    Sections:
+        .text:
+            Entropy: 0.592846243926765
+            Virtual Size: '0xf06f'
+        .rdata:
+            Entropy: 5.73476408306538
+            Virtual Size: '0xcf4'
+        .data:
+            Entropy: 4.725287432857648
+            Virtual Size: '0xec9'
+        .pdata:
+            Entropy: 7.719880854281014
+            Virtual Size: '0x450'
+        .gfids:
+            Entropy: 1.5
+            Virtual Size: '0x4'
+        INIT:
+            Entropy: 5.089233633157453
+            Virtual Size: '0x1b2'
+        .be0:
+            Entropy: 7.624417442530534
+            Virtual Size: '0x2803b4'
+        .reloc:
+            Entropy: 3.9565563067366853
+            Virtual Size: '0xb0'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: C=DE, ST=Baden,Wrttemberg, L=Reutlingen, O=BattlEye Innovations
+                e.K., CN=BattlEye Innovations e.K.
+            ValidFrom: '2018-11-09 00:00:00'
+            ValidTo: '2019-12-31 12:00:00'
+            Signature: 0e1391b52a7dcdcd6e5f1a2e5e98d07fea5314cc4a43b404bcd7e742cf86c6f14beeb1fa766c7c6370fb6bb0f866f43259fa5cd0921b3d094e296ef0b6d529b77b23f5fc3ffc0d7f86295542360a353fe494a90f8d98721c5c9db07d0a8e945be7460ff1a2d78946ac8be50cc85e2d3f148aa13bbba594df6ebf92ff51f22816724045dc0246d43a69393b26c0189e2139a1424a693c111ea1aa5cc6db4ff08cbf1eba10145fe6a35852a6cf1a3ccf7e15568cd62daa91bd7245def0bfb8c885f0507768e0453504403c40a2c74e20c637db0e8bb4c9d5f68153e7d6cb50bbfbd9137c3801dea2264626885501b48652bb0bd75c834f07676e14dfa3bec8ee4f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 060323c3204df4501ea15b73390dd856
+            Version: 3
+            TBS:
+                MD5: 92a5605ad9f5e70845ba94ce69497daf
+                SHA1: f8a4a34935c94181552bb1234efdc495551be6bc
+                SHA256: 161cb49b11bf44ed701c827c37583768771ed9066e0fb8f7ab5b3768296eae70
+                SHA384: 1e3a6de3e866ff92b95b63b0bfb74810952db516d7fec925c281acbe00fe8008a0f8bdd2d3fc30d354fd0fb785dfc598
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
+            Version: 3
+            TBS:
+                MD5: 829995f702421dea833a24fb2c7f4442
+                SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
+                SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
+                SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 060323c3204df4501ea15b73390dd856
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            Version: 1
+    Imphash: e38cca61999fb8a0308c0eb798b07989
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 51d7485ae8861a772916e0c6ca290128
+        SHA1: 7ecbe0821f670b243837f7a98c08e3229f301339
+        SHA256: f8aeb50a115b4d35f15f876eb1a6e5ee5f3a142de12eec50b6bdf81196ffbea4
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2020-10-13 00:14:50'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - FltGetRoutineAddress
+    - MmGetSystemRoutineAddress
+    - __C_specific_handler
+    - __chkstk
+    - MmMapLockedPagesSpecifyCache
+    - KeBugCheckEx
+    Imports:
+    - FLTMGR.SYS
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: 00685003005b0b437af929f0499545e4
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: ffdf660eb1ebf020a1d0a55a90712dfb
+        SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
+        SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
+    SHA1: 3adea4a3a91504dc2e3c5e9247c6427cd5c73bab
+    SHA256: edfc38f91b5e198f3bf80ef6dcaebb5e86963936bcd2e5280088ca90d6998b8c
+    Sections:
+        .text:
+            Entropy: 0.5330946767681266
+            Virtual Size: '0x1269f'
+        .rdata:
+            Entropy: 5.702295064957219
+            Virtual Size: '0xfd4'
+        .data:
+            Entropy: 4.829208577205976
+            Virtual Size: '0xfe1'
+        .pdata:
+            Entropy: 7.724456277750517
+            Virtual Size: '0x558'
+        INIT:
+            Entropy: 5.105787428192093
+            Virtual Size: '0x1b2'
+        .be0:
+            Entropy: 7.708405258981048
+            Virtual Size: '0x30890c'
+        .reloc:
+            Entropy: 3.9286239773164113
+            Virtual Size: '0xd8'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: C=DE, ST=Baden,Wrttemberg, L=Reutlingen, O=BattlEye Innovations
+                e.K., CN=BattlEye Innovations e.K.
+            ValidFrom: '2020-01-09 00:00:00'
+            ValidTo: '2021-11-24 12:00:00'
+            Signature: b1a7c0bb2039c7b1deaf066108bb0869c734792d70eab5f5e05241a32e331ba4cacb5be7b82db88fb7d213d24f97a921b937abc0a8f33e19d2a0797dd58475e72c2fad972873290f86cf7886cb536cf2b8a0ba25052a89be2857dcd77210303671e772117be71c042e3f913c4092d7ff716c410962949cd858e258ce06e90eac327be0eb9efd0191fcb498afe62285e819f071f88ee343e0f734a1f8f9eb54f894d86b9e91e0dc77df890851ef020bc464e93b888c7b19a0cc09e7489e7d76cca4adabaddecc37a247348eb86b57731fb1253cd9a952ea8cb6ac10be10dbc074d5f9f79505342252f45a5a11936b36a0bb945978d8534c4a48e7b5f263fba850
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 094dc9c3b9d09b4f1d07fa327100e5d5
+            Version: 3
+            TBS:
+                MD5: c91a4116374ff20074633022a6090b91
+                SHA1: b514fc31b903e3100c109b83f229da98fc1c668d
+                SHA256: fda57f4c9af500847bc36b92730b5df4c16d23b46bd8c379d400972bbb062632
+                SHA384: 50235ed2bcf548f675e120d3d8383dcae55e910e23f79144d4b9ea1aab987a7dc2bb757dccc66ce2b1f46df5cb04672d
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
+            Version: 3
+            TBS:
+                MD5: 829995f702421dea833a24fb2c7f4442
+                SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
+                SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
+                SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 094dc9c3b9d09b4f1d07fa327100e5d5
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            Version: 1
+    Imphash: e38cca61999fb8a0308c0eb798b07989
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: a8025a82a6bb9f60e76fff45df7a0e13
+        SHA1: 5cb6613e446fa2d17036f6a63de658c90bfb0070
+        SHA256: 6ae4d36cf42a3bd1ddf9dd98794b401cd995bc519a12ffbde63e63b03a2424b3
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2018-10-01 14:04:57'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - FltGetRoutineAddress
+    - MmGetSystemRoutineAddress
+    - __C_specific_handler
+    - __chkstk
+    - MmMapLockedPagesSpecifyCache
+    - KeBugCheckEx
+    Imports:
+    - FLTMGR.SYS
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: daf11013cf4c879a54ed6a86a05bee3c
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: ffdf660eb1ebf020a1d0a55a90712dfb
+        SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
+        SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
+    SHA1: cf664e30f8bd548444458eef6d56d5c2e2713e2a
+    SHA256: c640930c29ea3610a3a5cebee573235ec70267ed223b79b9fa45a80081e686a4
+    Sections:
+        .text:
+            Entropy: 0.544095042284656
+            Virtual Size: '0xcd6f'
+        .rdata:
+            Entropy: 5.6970344405194675
+            Virtual Size: '0xb54'
+        .data:
+            Entropy: 4.472915454919098
+            Virtual Size: '0xb71'
+        .pdata:
+            Entropy: 7.6432331801155025
+            Virtual Size: '0x3cc'
+        .gfids:
+            Entropy: 1.0
+            Virtual Size: '0x4'
+        INIT:
+            Entropy: 5.087562109460339
+            Virtual Size: '0x1b2'
+        .be0:
+            Entropy: 7.642071822899899
+            Virtual Size: '0x25bf94'
+        .reloc:
+            Entropy: 3.8042799067164705
+            Virtual Size: '0xb0'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: C=DE, ST=Baden,Wrttemberg, L=Tbingen, O=BattlEye Innovations
+                e.K., CN=BattlEye Innovations e.K.
+            ValidFrom: '2015-11-10 00:00:00'
+            ValidTo: '2018-11-14 12:00:00'
+            Signature: 7368669bfdfd637b702798e8920e2f53b20963a630c1c12b3701c507a88ac20ed9b70a65ff811f92eeb139af460238cb81b01def55e8081a7f81e0587cd31703c883e2ad53a9f41152710ddbe52b31e715cb533a3030977097a6056813fb0f1cb6a35da6e98679b8c15f3d67db27fd0db7f4147baf6105c37cafd621e557c16d3f3827afff4c99525c0f66415066e91b02b9d283793f995f9d23125fb6b6d21dc9f54924df9747036bd5c83ee1c58edafab83f1e166a6f4374b1a887b7e0d256fa1583e6b13d2be0ad7ad9e7cf2703f66df3413f016544068a6a1f2af9e691e9dde836444f7b42da5394837a72bfa2830f6b9b600c9b55055a5629b2d50e9e07
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0f5a57726999506b6f93fd9a150b88fa
+            Version: 3
+            TBS:
+                MD5: ce9b7df7ccbb74619a38ab27993cac4a
+                SHA1: a7a50e97b1eb82aede99df2bbdd77a0ee638d7c0
+                SHA256: 320f980020cbfb6b87abeaac03b2f1394e2fe5ff0f58d9c8b5afa500fce79099
+                SHA384: c849398347d2f1df8c61b85b544cf2545f1ca4c48cf55fb43d56968ff27882d892abacb6374eecf593e0e9eb00ea37d7
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
+            Version: 3
+            TBS:
+                MD5: 829995f702421dea833a24fb2c7f4442
+                SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
+                SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
+                SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 0f5a57726999506b6f93fd9a150b88fa
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            Version: 1
+    Imphash: e38cca61999fb8a0308c0eb798b07989
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: d9f7f6af0eab15b131532a887860459c
+        SHA1: aa98203bb8c6fb612712a5e44dd118beea49b1ab
+        SHA256: e330de98db81f9b183ef37d31e111301da669f1fc572e87acf8b8c2fe4e602b5
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2020-08-19 20:52:28'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - FltGetRoutineAddress
+    - MmGetSystemRoutineAddress
+    - __C_specific_handler
+    - __chkstk
+    - MmMapLockedPagesSpecifyCache
+    - KeBugCheckEx
+    Imports:
+    - FLTMGR.SYS
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: 2a2867e1f323320fdeef40c1da578a9a
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: ffdf660eb1ebf020a1d0a55a90712dfb
+        SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
+        SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
+    SHA1: 4818d7517054d5cba38b679bdf7f8495fd152729
+    SHA256: af298d940b186f922464d2ef19ccfc129c77126a4f337ecf357b4fe5162a477c
+    Sections:
+        .text:
+            Entropy: 0.5443160641792827
+            Virtual Size: '0x11b5f'
+        .rdata:
+            Entropy: 5.672576865886993
+            Virtual Size: '0xf1c'
+        .data:
+            Entropy: 4.829208577205976
+            Virtual Size: '0xfe1'
+        .pdata:
+            Entropy: 7.811267898328996
+            Virtual Size: '0x504'
+        INIT:
+            Entropy: 5.086974531794904
+            Virtual Size: '0x1b2'
+        .be0:
+            Entropy: 7.722036164946096
+            Virtual Size: '0x2dabb4'
+        .reloc:
+            Entropy: 3.7339845127201867
+            Virtual Size: '0xe0'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: C=DE, ST=Baden,Wrttemberg, L=Reutlingen, O=BattlEye Innovations
+                e.K., CN=BattlEye Innovations e.K.
+            ValidFrom: '2020-01-09 00:00:00'
+            ValidTo: '2021-11-24 12:00:00'
+            Signature: b1a7c0bb2039c7b1deaf066108bb0869c734792d70eab5f5e05241a32e331ba4cacb5be7b82db88fb7d213d24f97a921b937abc0a8f33e19d2a0797dd58475e72c2fad972873290f86cf7886cb536cf2b8a0ba25052a89be2857dcd77210303671e772117be71c042e3f913c4092d7ff716c410962949cd858e258ce06e90eac327be0eb9efd0191fcb498afe62285e819f071f88ee343e0f734a1f8f9eb54f894d86b9e91e0dc77df890851ef020bc464e93b888c7b19a0cc09e7489e7d76cca4adabaddecc37a247348eb86b57731fb1253cd9a952ea8cb6ac10be10dbc074d5f9f79505342252f45a5a11936b36a0bb945978d8534c4a48e7b5f263fba850
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 094dc9c3b9d09b4f1d07fa327100e5d5
+            Version: 3
+            TBS:
+                MD5: c91a4116374ff20074633022a6090b91
+                SHA1: b514fc31b903e3100c109b83f229da98fc1c668d
+                SHA256: fda57f4c9af500847bc36b92730b5df4c16d23b46bd8c379d400972bbb062632
+                SHA384: 50235ed2bcf548f675e120d3d8383dcae55e910e23f79144d4b9ea1aab987a7dc2bb757dccc66ce2b1f46df5cb04672d
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
+            Version: 3
+            TBS:
+                MD5: 829995f702421dea833a24fb2c7f4442
+                SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
+                SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
+                SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 094dc9c3b9d09b4f1d07fa327100e5d5
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            Version: 1
+    Imphash: e38cca61999fb8a0308c0eb798b07989
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: cbd39d71071c7b0d4fbb59c3b8a33048
+        SHA1: 0ba998452dde334262e0fe1c8fec365805c8b199
+        SHA256: 5db0fe4b16744f14b4ab1d255a4d3c63710d0073417bae9bb3bfeef4a09d38e0
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2019-12-11 05:39:25'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - FltGetRoutineAddress
+    - MmGetSystemRoutineAddress
+    - __C_specific_handler
+    - __chkstk
+    - MmMapLockedPagesSpecifyCache
+    - KeBugCheckEx
+    Imports:
+    - FLTMGR.SYS
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: 729afa54490443da66c2685bd77cb1f0
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: ffdf660eb1ebf020a1d0a55a90712dfb
+        SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
+        SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
+    SHA1: 55d84fd3e5db4bdbd3fb6c56a84b6b8a320c7c58
+    SHA256: dbebf6d463c2dbf61836b3eba09b643e1d79a02652a32482ca58894703b9addb
+    Sections:
+        .text:
+            Entropy: 0.6264162860393628
+            Virtual Size: '0x1036f'
+        .rdata:
+            Entropy: 5.729669699017252
+            Virtual Size: '0xd4c'
+        .data:
+            Entropy: 4.778805631520779
+            Virtual Size: '0x1129'
+        .pdata:
+            Entropy: 7.757155509294066
+            Virtual Size: '0x474'
+        .gfids:
+            Entropy: 2.0
+            Virtual Size: '0x4'
+        INIT:
+            Entropy: 5.091228879087255
+            Virtual Size: '0x1b2'
+        .be0:
+            Entropy: 7.68882653978239
+            Virtual Size: '0x29eb44'
+        .reloc:
+            Entropy: 3.9429412833640627
+            Virtual Size: '0xa4'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: C=DE, ST=Baden,Wrttemberg, L=Reutlingen, O=BattlEye Innovations
+                e.K., CN=BattlEye Innovations e.K.
+            ValidFrom: '2018-11-09 00:00:00'
+            ValidTo: '2019-12-31 12:00:00'
+            Signature: 0e1391b52a7dcdcd6e5f1a2e5e98d07fea5314cc4a43b404bcd7e742cf86c6f14beeb1fa766c7c6370fb6bb0f866f43259fa5cd0921b3d094e296ef0b6d529b77b23f5fc3ffc0d7f86295542360a353fe494a90f8d98721c5c9db07d0a8e945be7460ff1a2d78946ac8be50cc85e2d3f148aa13bbba594df6ebf92ff51f22816724045dc0246d43a69393b26c0189e2139a1424a693c111ea1aa5cc6db4ff08cbf1eba10145fe6a35852a6cf1a3ccf7e15568cd62daa91bd7245def0bfb8c885f0507768e0453504403c40a2c74e20c637db0e8bb4c9d5f68153e7d6cb50bbfbd9137c3801dea2264626885501b48652bb0bd75c834f07676e14dfa3bec8ee4f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 060323c3204df4501ea15b73390dd856
+            Version: 3
+            TBS:
+                MD5: 92a5605ad9f5e70845ba94ce69497daf
+                SHA1: f8a4a34935c94181552bb1234efdc495551be6bc
+                SHA256: 161cb49b11bf44ed701c827c37583768771ed9066e0fb8f7ab5b3768296eae70
+                SHA384: 1e3a6de3e866ff92b95b63b0bfb74810952db516d7fec925c281acbe00fe8008a0f8bdd2d3fc30d354fd0fb785dfc598
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
+            Version: 3
+            TBS:
+                MD5: 829995f702421dea833a24fb2c7f4442
+                SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
+                SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
+                SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 060323c3204df4501ea15b73390dd856
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            Version: 1
+    Imphash: e38cca61999fb8a0308c0eb798b07989
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 917e4e62a46f9c176a641372dc3c7f0b
+        SHA1: e647041e015042f8542cc042a07d0b0ac1d2f39f
+        SHA256: 7128d13dc4269de832723d4a3a6cfd7e6553576a9e96464583eb8bb5c2f243aa
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2019-09-06 07:40:53'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - FltGetRoutineAddress
+    - MmGetSystemRoutineAddress
+    - __C_specific_handler
+    - __chkstk
+    - MmMapLockedPagesSpecifyCache
+    - KeBugCheckEx
+    Imports:
+    - FLTMGR.SYS
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: 644d687c9f96c82ea2974ccacd8cd549
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: ffdf660eb1ebf020a1d0a55a90712dfb
+        SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
+        SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
+    SHA1: e71caa502d0fe3a7383ce26285a6022e63acda97
+    SHA256: b9ed73af3aef69dc1fb91731d6d0a649e93f83d0f07ddb9729d71c2d00ed0801
+    Sections:
+        .text:
+            Entropy: 0.6754814399036583
+            Virtual Size: '0xfa6f'
+        .rdata:
+            Entropy: 5.759498895249102
+            Virtual Size: '0xd34'
+        .data:
+            Entropy: 4.725287432857648
+            Virtual Size: '0xf09'
+        .pdata:
+            Entropy: 7.76976922568053
+            Virtual Size: '0x468'
+        .gfids:
+            Entropy: 2.0
+            Virtual Size: '0x4'
+        INIT:
+            Entropy: 5.086730945767636
+            Virtual Size: '0x1b2'
+        .be0:
+            Entropy: 7.692693212804419
+            Virtual Size: '0x2940f0'
+        .reloc:
+            Entropy: 3.8423413407631863
+            Virtual Size: '0xb0'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: C=DE, ST=Baden,Wrttemberg, L=Reutlingen, O=BattlEye Innovations
+                e.K., CN=BattlEye Innovations e.K.
+            ValidFrom: '2018-11-09 00:00:00'
+            ValidTo: '2019-12-31 12:00:00'
+            Signature: 0e1391b52a7dcdcd6e5f1a2e5e98d07fea5314cc4a43b404bcd7e742cf86c6f14beeb1fa766c7c6370fb6bb0f866f43259fa5cd0921b3d094e296ef0b6d529b77b23f5fc3ffc0d7f86295542360a353fe494a90f8d98721c5c9db07d0a8e945be7460ff1a2d78946ac8be50cc85e2d3f148aa13bbba594df6ebf92ff51f22816724045dc0246d43a69393b26c0189e2139a1424a693c111ea1aa5cc6db4ff08cbf1eba10145fe6a35852a6cf1a3ccf7e15568cd62daa91bd7245def0bfb8c885f0507768e0453504403c40a2c74e20c637db0e8bb4c9d5f68153e7d6cb50bbfbd9137c3801dea2264626885501b48652bb0bd75c834f07676e14dfa3bec8ee4f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 060323c3204df4501ea15b73390dd856
+            Version: 3
+            TBS:
+                MD5: 92a5605ad9f5e70845ba94ce69497daf
+                SHA1: f8a4a34935c94181552bb1234efdc495551be6bc
+                SHA256: 161cb49b11bf44ed701c827c37583768771ed9066e0fb8f7ab5b3768296eae70
+                SHA384: 1e3a6de3e866ff92b95b63b0bfb74810952db516d7fec925c281acbe00fe8008a0f8bdd2d3fc30d354fd0fb785dfc598
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
+            Version: 3
+            TBS:
+                MD5: 829995f702421dea833a24fb2c7f4442
+                SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
+                SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
+                SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 060323c3204df4501ea15b73390dd856
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            Version: 1
+    Imphash: e38cca61999fb8a0308c0eb798b07989
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/dbb58de1-a1e5-4c7f-8fe0-4033502b1c63.yaml b/yaml/dbb58de1-a1e5-4c7f-8fe0-4033502b1c63.yaml
index 262200f7c..5200de6a1 100644
--- a/yaml/dbb58de1-a1e5-4c7f-8fe0-4033502b1c63.yaml
+++ b/yaml/dbb58de1-a1e5-4c7f-8fe0-4033502b1c63.yaml
@@ -1,82 +1,82 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: dbb58de1-a1e5-4c7f-8fe0-4033502b1c63
+Tags:
+- asas.sys
+Verified: 'TRUE'
 Author: Michael Haag
+Created: '2023-07-22'
+MitreID: T1068
 CVE:
 - ''
 Category: vulnerable drivers
 Commands:
-  Command: ''
-  Description: Confirmed vulnerable driver from Microsoft Block List
-  OperatingSystem: Windows
-  Privileges: kernel
-  Usecase: Elevate privileges
-Created: '2023-07-22'
-Detection:
-- type: ''
-  value: ''
-Id: dbb58de1-a1e5-4c7f-8fe0-4033502b1c63
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 37458813b5115cbf06552da28fefbbbb
-    SHA1: 1d1cafc73c97c6bcd2331f8777d90fdca57125a3
-    SHA256: faa08cb609a5b7be6bfdb61f1e4a5e8adf2f5a1d2492f262483df7326934f5d4
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2016-09-05 00:43:33'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - IofCompleteRequest
-  - MmGetSystemRoutineAddress
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - IoDeleteDevice
-  Imports:
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: f5938db81d1e620b5c89ca0c5f157a33
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: b2f23c03be4553a744ff25735a80073c
-    SHA1: 2703d60c8f12df9d6adf5ae475bfeb1786486888
-    SHA256: 46ffd109664b6694974986a39d508002d564434d60a0fb9f861401f2cb2c83f1
-  SHA1: d10a054c6c3b1243cb13ff6648cd5de21a0b6548
-  SHA256: 6165491e8391eac9c0e3b9a2a31e1692a567c16cbfa36d7a88c401ffae1f6c63
-  Sections:
-    .text:
-      Entropy: 5.848826218029174
-      Virtual Size: '0x4e0'
-    .data:
-      Entropy: -0.0
-      Virtual Size: '0xc0'
-    .pdata:
-      Entropy: 3.006469661076665
-      Virtual Size: '0x48'
-    .info:
-      Entropy: 1.3665783978789787
-      Virtual Size: '0xa0'
-    INIT:
-      Entropy: 4.123682579107587
-      Virtual Size: '0x114'
-  Signature: ''
-  Signatures: {}
-  Imphash: 45bfe170e0cd654bc1e2ae3fca3ac3f4
-  LoadsDespiteHVCI: 'FALSE'
-MitreID: T1068
+    Command: ''
+    Description: Confirmed vulnerable driver from Microsoft Block List
+    OperatingSystem: Windows
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://gist.github.com/mgraeber-rc/1bde6a2a83237f17b463d051d32e802c
-Tags:
-- asas.sys
-Verified: 'TRUE'
+Detection:
+-   type: ''
+    value: ''
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 37458813b5115cbf06552da28fefbbbb
+        SHA1: 1d1cafc73c97c6bcd2331f8777d90fdca57125a3
+        SHA256: faa08cb609a5b7be6bfdb61f1e4a5e8adf2f5a1d2492f262483df7326934f5d4
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2016-09-05 00:43:33'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - IofCompleteRequest
+    - MmGetSystemRoutineAddress
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - IoDeleteDevice
+    Imports:
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: f5938db81d1e620b5c89ca0c5f157a33
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: b2f23c03be4553a744ff25735a80073c
+        SHA1: 2703d60c8f12df9d6adf5ae475bfeb1786486888
+        SHA256: 46ffd109664b6694974986a39d508002d564434d60a0fb9f861401f2cb2c83f1
+    SHA1: d10a054c6c3b1243cb13ff6648cd5de21a0b6548
+    SHA256: 6165491e8391eac9c0e3b9a2a31e1692a567c16cbfa36d7a88c401ffae1f6c63
+    Sections:
+        .text:
+            Entropy: 5.848826218029174
+            Virtual Size: '0x4e0'
+        .data:
+            Entropy: -0.0
+            Virtual Size: '0xc0'
+        .pdata:
+            Entropy: 3.006469661076665
+            Virtual Size: '0x48'
+        .info:
+            Entropy: 1.3665783978789787
+            Virtual Size: '0xa0'
+        INIT:
+            Entropy: 4.123682579107587
+            Virtual Size: '0x114'
+    Signature: ''
+    Signatures: {}
+    Imphash: 45bfe170e0cd654bc1e2ae3fca3ac3f4
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/dc3fdbd3-601a-4d2a-bf34-d2e84c6ff1d3.yaml b/yaml/dc3fdbd3-601a-4d2a-bf34-d2e84c6ff1d3.yaml
index 6c90f15b3..d40049590 100644
--- a/yaml/dc3fdbd3-601a-4d2a-bf34-d2e84c6ff1d3.yaml
+++ b/yaml/dc3fdbd3-601a-4d2a-bf34-d2e84c6ff1d3.yaml
@@ -1,193 +1,196 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: dc3fdbd3-601a-4d2a-bf34-d2e84c6ff1d3
+Tags:
+- stdcdrvws64.sys
+Verified: 'TRUE'
 Author: Takahiro Haruyama
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create stdcdrvws64sys binPath= C:\windows\temp\stdcdrvws64sys.sys
-    type=kernel && sc.exe start stdcdrvws64sys
-  Description: The Carbon Black Threat Analysis Unit (TAU) discovered 34 unique vulnerable
-    drivers (237 file hashes) accepting firmware access. Six allow kernel memory access.
-    All give full control of the devices to non-admin users. By exploiting the vulnerable
-    drivers, an attacker without the system privilege may erase/alter firmware, and/or
-    elevate privileges. As of the time of writing in October 2023, the filenames of
-    the vulnerable drivers have not been made public until now.
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-11-02'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: dc3fdbd3-601a-4d2a-bf34-d2e84c6ff1d3
-KnownVulnerableSamples:
-- Company: Intel Corp.
-  Date: ''
-  Description: SelfTest Data Collector Driver
-  FileVersion: '1.0.1.0 built by: WinDDK'
-  Filename: ''
-  MD5: 003dc41d148ec3286dc7df404ba3f2aa
-  MachineType: AMD64
-  OriginalFilename: stdcdrvws64.sys
-  Product: SelfTest Data Collector Driver for Windows 7 x64
-  ProductVersion: 1.0.1.0
-  Publisher: ''
-  SHA1: 948fa3149742f73bf3089893407df1b20f78a563
-  SHA256: 70afdc0e11db840d5367afe53c35d9642c1cf616c7832ab283781d085988e505
-  Signature: ''
-  Imphash: 67affe6126c1d4a774b2504061c96a2e
-  Authentihash:
-    MD5: fc47e6d80dc89fc8ac7d7a85a677f801
-    SHA1: 68ea69d26c24877d531b180ffb81b2f6dfdc2b0b
-    SHA256: 53f2bfe03b5d74c9db8c6a849e5a4690cba9a9861dd98c204865000506d8ce67
-  RichPEHeaderHash:
-    MD5: 0a17c1f8d7cbaf754857362b16f43892
-    SHA1: 9dbf81fa9b273a0f4ab917febba296c2eda0f6db
-    SHA256: 20fe35301295c726603b7ad49bb178ba7ac2b2ebe8636f7a28ce043bc5ceb6d0
-  Sections:
-    .text:
-      Entropy: 6.235163715933338
-      Virtual Size: '0x6335'
-    .rdata:
-      Entropy: 4.657769141829398
-      Virtual Size: '0x6d4'
-    .data:
-      Entropy: 0.31780982431271465
-      Virtual Size: '0x1148'
-    .pdata:
-      Entropy: 4.240345675338048
-      Virtual Size: '0x27c'
-    INIT:
-      Entropy: 5.613030348473598
-      Virtual Size: '0x53a'
-    .rsrc:
-      Entropy: 3.298814158938059
-      Virtual Size: '0x3b8'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2010-11-10 17:06:03'
-  InternalName: stdcdrvws64.sys
-  Copyright: "Copyright \xA9 2010"
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - DbgPrint
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - KeSetSystemGroupAffinityThread
-  - KeQueryMaximumGroupCount
-  - KeQueryGroupAffinity
-  - MmUnmapIoSpace
-  - KeQueryActiveGroupCount
-  - MmGetPhysicalAddress
-  - MmMapIoSpace
-  - KeBugCheckEx
-  - __C_specific_handler
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Intel Corporation, CN=Intel External Basic Policy CA
-      ValidFrom: '2006-02-16 18:01:30'
-      ValidTo: '2016-02-19 18:01:30'
-      Signature: 131038ada454a5489545b02d3772c09f9ed8ef8f0bfb9096d2b6177951cab3df067ebdb4e9083f84a00c939fb31ca86c8acf2deef99012f0f83a26d773810e9fc4319259d4282541f555f1ca3d993dda64c8d21864223209092d1de331fafdd347d764a8f95dea8227e24fd2612124611d54263e145964b098d5f3a7c3aead50
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 05b0ff
-      Version: 3
-      TBS:
-        MD5: f532f9999c3f7a078f0f973c726a2a04
-        SHA1: f56832bc9412c372f9a8744591258f8bb11af2d8
-        SHA256: 4c75ce4be51027c4e1f7422775c3ae79d5195ffc0ff7f379123a603ccb702c60
-        SHA384: 084772ceb63ae50ebd8125ba9eba0c9b38d0e94a806f58513f71f1d5489f52489b0dfbb8c67603a425a603451b3b1719
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=Equifax, OU=Equifax Secure Certificate Authority
-      ValidFrom: '2006-05-23 17:01:15'
-      ValidTo: '2016-05-23 17:11:15'
-      Signature: 87a40f6b55916248ff54811ccf5db6c5a514aa671df485f6860d38b31c8d22ce7c867946fb71e16114d0ed4e46a48bca64654094f92ad7870ca9b7bedcc40bbd09c106eb9530841b9d8de7bc70c6f86539c4e5c4e65c8fcda130baef065e555290edd8587f15142ecc21a593dab8508d805e6e22a70fde8093add71d24b02aa2f4f20b98750131cc69bc359b3d13662f21bde54ec3639cc8518d59f5b600937ef10c35b0f4180dbfa7bdb2aae16b9f3ce6bb41b5d904e7c8a63abf8a5bdcaa9a3cd2c8dfcb1774163d78470b4c108e406616a0f300ede034998af0f9460ff27fbf202c972616d59e81da94a6dc61c8f18e092d4e32d03df682267d91d7a6c67bc1311d210ed4a342c1b4dfc0446b4f2aeebb29d62787b0a450ae1a9ab5f996f4ccabe52b3df166e2d5e1c3f0c687b659536638026e6194df1563aa415052f9bb64dc95e05b6c2aacfed6e603c21ff65557fe7e813fcb5a0bc1029cac84e47cd3f4c25a17c312706009ec82e5eccdd0b2106d69868c8da60e0416c57164ebd95bb8b08cfc32427e60846f655b7244272b846181f461d50fd51dbc05a27a5f937f26d1c8b3afa0190723e43e225d32d14a0fcee7b72a5c7b6e1c57126864e8337e8c501340a487b0d3a69b1eacbd3d7812bc52af09e0bab0508e5c81f98383af1482f50a6d035721bb9ac32e66fb04215b0a120fc1c907d63cecabf9a52f90883a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610bdc8f00000000001a
-      Version: 3
-      TBS:
-        MD5: 6e11ed171e9a07e607b8ca65bf0e8858
-        SHA1: 6d329a72420f76868584957854cdc45172e9f902
-        SHA256: 75efb8656a18ba5dacc596757bfb0fa11f0d3d81fd5f8cf9bb8975ced87e7b1b
-        SHA384: c41060ed797c77588692c0b3e36e19cca2d48c354863437f3df76009e25c916e8d2c7e17b297fbc59da085e98d070093
-    - Subject: O=Intel Corporation, CN=Intel(R) Tools and Technologies, emailAddress=tnt.software@intel.com
-      ValidFrom: '2010-11-05 23:29:10'
-      ValidTo: '2013-10-20 23:29:10'
-      Signature: 757255ea1e69c1cfe215f84e34a2c1081855b9bcea4dda8e7bde4ad32c4e8a2ff39a72d2a5526ab1d78a05a853fd1dafc421d1ae9458fa32ece72f28b95e00b1a12c95692122857adcb3a8b16de609c0f52bd70bc2f2bb999f57f9cecd82ce43d89c8fcea47d5c418d32d77c3df300ebf8823c6a6c6543f3b5b2159dca614c0d6fd3bcedd53e541479925ce71689397f7e69078d3ee1697bee9224507e7e21ee3f80cf44668538220f4c0dac90125ff3d7f4c02335bf0fde1d2a6c81a3480abbc4a57bc6ddfcd2821bc09c5198a5cc6c972427e740b82bceb91eef73b6e8f0dbe9c532eeaeb53efe09fbb47dd208e3ac3fb8414bbdd793f77bd1a783ee3edc3a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 292cfc6e000100005eb6
-      Version: 3
-      TBS:
-        MD5: 4e672f6873333f698c07a5d678a1847f
-        SHA1: 4c27cd07ca350df4687962868004d61c1301562a
-        SHA256: c9d77b4a367333cad2994a39acc20659fe5efa6dde51e3a0e761e68149317360
-        SHA384: a09b43987fb726b5776aecc06ff9a3899c43b0beb5aff304a257168af79888e2dd69947ba7be5a855537b5a97f245e1a
-    - Subject: C=US, O=Intel Corporation, CN=Intel External Basic Issuing CA 3B
-      ValidFrom: '2009-05-15 19:27:26'
-      ValidTo: '2015-05-15 19:37:26'
-      Signature: b1b50107721550857ca312ab4c55431eea09263ec21ccc7c527aa35ba3d76c0feeb16d3eb9253fa8620a4802d7c4b185de509bb570286aa5bdb65396cc033ede690716e5bcde7ee7d6bc0ea5836d38f01f28733063feafb93f936962b50ef233a63788d38df26adc4959ef2156a72eeb077566fda37a01362a59f31b4bfc5f87e242c661f776ba1498c248d3f699247b0bb636e316736c1c336b2595f5bf194cefc2dbd618ec91310d3e685b55b7d38f98bf6469e1bf8b6623c4193c236d71e81726b7e1465d83f5b5a975338fad688b0d4ab3cb567a28bed370e4bf3c297c4470895e43dabbfb614d00a92280dadbe73edd703efa04537c0438b2f4cedbad0d
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61208a62000000000008
-      Version: 3
-      TBS:
-        MD5: ebaa5c3e94eb970f0d7abc67a299662f
-        SHA1: fe7ed643c9193cc253850b8a3f2b81b37acb5c6a
-        SHA256: 1f43b3cf2d48d52755d3d5ad7f8da7cd164321c394348b7dba6ee20f8e16910d
-        SHA384: 482afbaf5738886a2063498f776a1085e27be57fa913eacadf2d318c98e509ef2cf1cbe99150b99284a3ee230f37083e
-    Signer:
-    - SerialNumber: 292cfc6e000100005eb6
-      Issuer: C=US, O=Intel Corporation, CN=Intel External Basic Issuing CA 3B
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create stdcdrvws64sys binPath= C:\windows\temp\stdcdrvws64sys.sys
+        type=kernel && sc.exe start stdcdrvws64sys
+    Description: The Carbon Black Threat Analysis Unit (TAU) discovered 34 unique
+        vulnerable drivers (237 file hashes) accepting firmware access. Six allow
+        kernel memory access. All give full control of the devices to non-admin users.
+        By exploiting the vulnerable drivers, an attacker without the system privilege
+        may erase/alter firmware, and/or elevate privileges. As of the time of writing
+        in October 2023, the filenames of the vulnerable drivers have not been made
+        public until now.
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://blogs.vmware.com/security/2023/10/hunting-vulnerable-kernel-drivers.html
-Tags:
-- stdcdrvws64.sys
-Verified: 'TRUE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Company: Intel Corp.
+    Date: ''
+    Description: SelfTest Data Collector Driver
+    FileVersion: '1.0.1.0 built by: WinDDK'
+    Filename: ''
+    MD5: 003dc41d148ec3286dc7df404ba3f2aa
+    MachineType: AMD64
+    OriginalFilename: stdcdrvws64.sys
+    Product: SelfTest Data Collector Driver for Windows 7 x64
+    ProductVersion: 1.0.1.0
+    Publisher: ''
+    SHA1: 948fa3149742f73bf3089893407df1b20f78a563
+    SHA256: 70afdc0e11db840d5367afe53c35d9642c1cf616c7832ab283781d085988e505
+    Signature: ''
+    Imphash: 67affe6126c1d4a774b2504061c96a2e
+    Authentihash:
+        MD5: fc47e6d80dc89fc8ac7d7a85a677f801
+        SHA1: 68ea69d26c24877d531b180ffb81b2f6dfdc2b0b
+        SHA256: 53f2bfe03b5d74c9db8c6a849e5a4690cba9a9861dd98c204865000506d8ce67
+    RichPEHeaderHash:
+        MD5: 0a17c1f8d7cbaf754857362b16f43892
+        SHA1: 9dbf81fa9b273a0f4ab917febba296c2eda0f6db
+        SHA256: 20fe35301295c726603b7ad49bb178ba7ac2b2ebe8636f7a28ce043bc5ceb6d0
+    Sections:
+        .text:
+            Entropy: 6.235163715933338
+            Virtual Size: '0x6335'
+        .rdata:
+            Entropy: 4.657769141829398
+            Virtual Size: '0x6d4'
+        .data:
+            Entropy: 0.31780982431271465
+            Virtual Size: '0x1148'
+        .pdata:
+            Entropy: 4.240345675338048
+            Virtual Size: '0x27c'
+        INIT:
+            Entropy: 5.613030348473598
+            Virtual Size: '0x53a'
+        .rsrc:
+            Entropy: 3.298814158938059
+            Virtual Size: '0x3b8'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2010-11-10 17:06:03'
+    InternalName: stdcdrvws64.sys
+    Copyright: "Copyright \xA9 2010"
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - DbgPrint
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - KeSetSystemGroupAffinityThread
+    - KeQueryMaximumGroupCount
+    - KeQueryGroupAffinity
+    - MmUnmapIoSpace
+    - KeQueryActiveGroupCount
+    - MmGetPhysicalAddress
+    - MmMapIoSpace
+    - KeBugCheckEx
+    - __C_specific_handler
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Intel Corporation, CN=Intel External Basic Policy CA
+            ValidFrom: '2006-02-16 18:01:30'
+            ValidTo: '2016-02-19 18:01:30'
+            Signature: 131038ada454a5489545b02d3772c09f9ed8ef8f0bfb9096d2b6177951cab3df067ebdb4e9083f84a00c939fb31ca86c8acf2deef99012f0f83a26d773810e9fc4319259d4282541f555f1ca3d993dda64c8d21864223209092d1de331fafdd347d764a8f95dea8227e24fd2612124611d54263e145964b098d5f3a7c3aead50
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 05b0ff
+            Version: 3
+            TBS:
+                MD5: f532f9999c3f7a078f0f973c726a2a04
+                SHA1: f56832bc9412c372f9a8744591258f8bb11af2d8
+                SHA256: 4c75ce4be51027c4e1f7422775c3ae79d5195ffc0ff7f379123a603ccb702c60
+                SHA384: 084772ceb63ae50ebd8125ba9eba0c9b38d0e94a806f58513f71f1d5489f52489b0dfbb8c67603a425a603451b3b1719
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=Equifax, OU=Equifax Secure Certificate Authority
+            ValidFrom: '2006-05-23 17:01:15'
+            ValidTo: '2016-05-23 17:11:15'
+            Signature: 87a40f6b55916248ff54811ccf5db6c5a514aa671df485f6860d38b31c8d22ce7c867946fb71e16114d0ed4e46a48bca64654094f92ad7870ca9b7bedcc40bbd09c106eb9530841b9d8de7bc70c6f86539c4e5c4e65c8fcda130baef065e555290edd8587f15142ecc21a593dab8508d805e6e22a70fde8093add71d24b02aa2f4f20b98750131cc69bc359b3d13662f21bde54ec3639cc8518d59f5b600937ef10c35b0f4180dbfa7bdb2aae16b9f3ce6bb41b5d904e7c8a63abf8a5bdcaa9a3cd2c8dfcb1774163d78470b4c108e406616a0f300ede034998af0f9460ff27fbf202c972616d59e81da94a6dc61c8f18e092d4e32d03df682267d91d7a6c67bc1311d210ed4a342c1b4dfc0446b4f2aeebb29d62787b0a450ae1a9ab5f996f4ccabe52b3df166e2d5e1c3f0c687b659536638026e6194df1563aa415052f9bb64dc95e05b6c2aacfed6e603c21ff65557fe7e813fcb5a0bc1029cac84e47cd3f4c25a17c312706009ec82e5eccdd0b2106d69868c8da60e0416c57164ebd95bb8b08cfc32427e60846f655b7244272b846181f461d50fd51dbc05a27a5f937f26d1c8b3afa0190723e43e225d32d14a0fcee7b72a5c7b6e1c57126864e8337e8c501340a487b0d3a69b1eacbd3d7812bc52af09e0bab0508e5c81f98383af1482f50a6d035721bb9ac32e66fb04215b0a120fc1c907d63cecabf9a52f90883a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610bdc8f00000000001a
+            Version: 3
+            TBS:
+                MD5: 6e11ed171e9a07e607b8ca65bf0e8858
+                SHA1: 6d329a72420f76868584957854cdc45172e9f902
+                SHA256: 75efb8656a18ba5dacc596757bfb0fa11f0d3d81fd5f8cf9bb8975ced87e7b1b
+                SHA384: c41060ed797c77588692c0b3e36e19cca2d48c354863437f3df76009e25c916e8d2c7e17b297fbc59da085e98d070093
+        -   Subject: O=Intel Corporation, CN=Intel(R) Tools and Technologies, emailAddress=tnt.software@intel.com
+            ValidFrom: '2010-11-05 23:29:10'
+            ValidTo: '2013-10-20 23:29:10'
+            Signature: 757255ea1e69c1cfe215f84e34a2c1081855b9bcea4dda8e7bde4ad32c4e8a2ff39a72d2a5526ab1d78a05a853fd1dafc421d1ae9458fa32ece72f28b95e00b1a12c95692122857adcb3a8b16de609c0f52bd70bc2f2bb999f57f9cecd82ce43d89c8fcea47d5c418d32d77c3df300ebf8823c6a6c6543f3b5b2159dca614c0d6fd3bcedd53e541479925ce71689397f7e69078d3ee1697bee9224507e7e21ee3f80cf44668538220f4c0dac90125ff3d7f4c02335bf0fde1d2a6c81a3480abbc4a57bc6ddfcd2821bc09c5198a5cc6c972427e740b82bceb91eef73b6e8f0dbe9c532eeaeb53efe09fbb47dd208e3ac3fb8414bbdd793f77bd1a783ee3edc3a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 292cfc6e000100005eb6
+            Version: 3
+            TBS:
+                MD5: 4e672f6873333f698c07a5d678a1847f
+                SHA1: 4c27cd07ca350df4687962868004d61c1301562a
+                SHA256: c9d77b4a367333cad2994a39acc20659fe5efa6dde51e3a0e761e68149317360
+                SHA384: a09b43987fb726b5776aecc06ff9a3899c43b0beb5aff304a257168af79888e2dd69947ba7be5a855537b5a97f245e1a
+        -   Subject: C=US, O=Intel Corporation, CN=Intel External Basic Issuing CA
+                3B
+            ValidFrom: '2009-05-15 19:27:26'
+            ValidTo: '2015-05-15 19:37:26'
+            Signature: b1b50107721550857ca312ab4c55431eea09263ec21ccc7c527aa35ba3d76c0feeb16d3eb9253fa8620a4802d7c4b185de509bb570286aa5bdb65396cc033ede690716e5bcde7ee7d6bc0ea5836d38f01f28733063feafb93f936962b50ef233a63788d38df26adc4959ef2156a72eeb077566fda37a01362a59f31b4bfc5f87e242c661f776ba1498c248d3f699247b0bb636e316736c1c336b2595f5bf194cefc2dbd618ec91310d3e685b55b7d38f98bf6469e1bf8b6623c4193c236d71e81726b7e1465d83f5b5a975338fad688b0d4ab3cb567a28bed370e4bf3c297c4470895e43dabbfb614d00a92280dadbe73edd703efa04537c0438b2f4cedbad0d
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61208a62000000000008
+            Version: 3
+            TBS:
+                MD5: ebaa5c3e94eb970f0d7abc67a299662f
+                SHA1: fe7ed643c9193cc253850b8a3f2b81b37acb5c6a
+                SHA256: 1f43b3cf2d48d52755d3d5ad7f8da7cd164321c394348b7dba6ee20f8e16910d
+                SHA384: 482afbaf5738886a2063498f776a1085e27be57fa913eacadf2d318c98e509ef2cf1cbe99150b99284a3ee230f37083e
+        Signer:
+        -   SerialNumber: 292cfc6e000100005eb6
+            Issuer: C=US, O=Intel Corporation, CN=Intel External Basic Issuing CA
+                3B
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/ddbd60c3-0611-4a59-894d-aec84203906f.yaml b/yaml/ddbd60c3-0611-4a59-894d-aec84203906f.yaml
index cf213be92..ea3b474ee 100644
--- a/yaml/ddbd60c3-0611-4a59-894d-aec84203906f.yaml
+++ b/yaml/ddbd60c3-0611-4a59-894d-aec84203906f.yaml
@@ -1,35 +1,35 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: ddbd60c3-0611-4a59-894d-aec84203906f
+Tags:
+- full.sys
+Verified: 'FALSE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create full.sys binPath=C:\windows\temp\full.sys type=kernel &&
-    sc.exe start full.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection: []
-Id: ddbd60c3-0611-4a59-894d-aec84203906f
-KnownVulnerableSamples:
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: full.sys
-  MachineType: ''
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: 4b8c0445075f09aeef542ab1c86e5de6b06e91a3
-  Signature: []
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create full.sys binPath=C:\windows\temp\full.sys type=kernel &&
+        sc.exe start full.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules
-Tags:
-- full.sys
-Verified: 'FALSE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: full.sys
+    MachineType: ''
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: 4b8c0445075f09aeef542ab1c86e5de6b06e91a3
+    Signature: []
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/ddca6daf-4932-4e82-ad3c-d92d47632ea4.yaml b/yaml/ddca6daf-4932-4e82-ad3c-d92d47632ea4.yaml
index 0146e1b00..b0a72bf7d 100644
--- a/yaml/ddca6daf-4932-4e82-ad3c-d92d47632ea4.yaml
+++ b/yaml/ddca6daf-4932-4e82-ad3c-d92d47632ea4.yaml
@@ -1,224 +1,225 @@
 Id: ddca6daf-4932-4e82-ad3c-d92d47632ea4
+Tags:
+- 6771b13a53b9c7449d4891e427735ea2.sys
+Verified: 'TRUE'
 Author: Alice Climent-Pommeret
 Created: '2023-07-31'
 MitreID: T1014
 Category: malicious
-Verified: 'TRUE'
 Commands:
-  Command: sc.exe create 6771b13a53b9c7449d4891e427735ea2.sys binPath=C:\windows\temp\6771b13a53b9c7449d4891e427735ea2.sys
-    type=kernel && sc.exe start 6771b13a53b9c7449d4891e427735ea2.sys
-  Description: "Cisco Talos has identified multiple versions of an undocumented malicious\
-    \ driver named \u201CRedDriver,\u201D a driver-based browser hijacker that uses\
-    \ the Windows Filtering Platform (WFP) to intercept browser traffic. RedDriver\
-    \ has been active since at least 2021. RedDriver utilizes HookSignTool to forge\
-    \ its signature timestamp to bypass Windows driver-signing policies. Code from\
-    \ multiple open-source tools has been used in the development of RedDriver's infection\
-    \ chain, including HP-Socket and a custom implementation of ReflectiveLoader.\
-    \ The authors of RedDriver appear to be skilled in driver development and have\
-    \ deep knowledge of the Windows operating system. This threat appears to target\
-    \ native Chinese speakers, as it searches for Chinese language browsers to hijack.\
-    \ Additionally, the authors are likely Chinese speakers themselves."
-  Usecase: ''
-  Privileges: kernel
-  OperatingSystem: Windows 10
+    Command: sc.exe create 6771b13a53b9c7449d4891e427735ea2.sys binPath=C:\windows\temp\6771b13a53b9c7449d4891e427735ea2.sys
+        type=kernel && sc.exe start 6771b13a53b9c7449d4891e427735ea2.sys
+    Description: "Cisco Talos has identified multiple versions of an undocumented\
+        \ malicious driver named \u201CRedDriver,\u201D a driver-based browser hijacker\
+        \ that uses the Windows Filtering Platform (WFP) to intercept browser traffic.\
+        \ RedDriver has been active since at least 2021. RedDriver utilizes HookSignTool\
+        \ to forge its signature timestamp to bypass Windows driver-signing policies.\
+        \ Code from multiple open-source tools has been used in the development of\
+        \ RedDriver's infection chain, including HP-Socket and a custom implementation\
+        \ of ReflectiveLoader. The authors of RedDriver appear to be skilled in driver\
+        \ development and have deep knowledge of the Windows operating system. This\
+        \ threat appears to target native Chinese speakers, as it searches for Chinese\
+        \ language browsers to hijack. Additionally, the authors are likely Chinese\
+        \ speakers themselves."
+    Usecase: ''
+    Privileges: kernel
+    OperatingSystem: Windows 10
 Resources:
 - https://blog.talosintelligence.com/undocumented-reddriver/
-Acknowledgement:
-  Person: ''
-  Handle: ''
 Detection: []
+Acknowledgement:
+    Person: ''
+    Handle: ''
 KnownVulnerableSamples:
-- Filename: ''
-  MD5: 6771b13a53b9c7449d4891e427735ea2
-  SHA1: 98c4406fede34c3704afd8cf536ec20d93df9a10
-  SHA256: a2d32c28eb5945b85872697d7cfbe87813c09a0e1be28611563755f68b9cb88b
-  Signature: ''
-  Date: ''
-  Publisher: ''
-  Company: ''
-  Description: ''
-  Product: ''
-  ProductVersion: ''
-  FileVersion: ''
-  MachineType: AMD64
-  OriginalFilename: ''
-  Authentihash:
-    MD5: 39eb5df6c886eddca1a5597097f209df
-    SHA1: 97faafa4a612b3e7b20e28df712bc7f700eaa840
-    SHA256: b975bb2aeb265f1e943a9ca501fc76e2b4514e874ca449c0e59fb36bacf17159
-  RichPEHeaderHash:
-    MD5: ecdd5c0e8a78b145a8e5d9443ff0f2eb
-    SHA1: 3ed3a76d965f1b5e387959ceedc84567a2f7bca4
-    SHA256: 1edc4e310bd57e5c317b972f0bdb9f1f0794009b7039364dd6a879ee5f342754
-  Sections:
-    .text:
-      Entropy: 6.2119592546505995
-      Virtual Size: '0xc1ee'
-    .rdata:
-      Entropy: 5.110403242864534
-      Virtual Size: '0xbac'
-    .data:
-      Entropy: 7.880034750078154
-      Virtual Size: '0xa5490'
-    .pdata:
-      Entropy: 4.5968345164469415
-      Virtual Size: '0x540'
-    PAGE:
-      Entropy: 6.308757256393646
-      Virtual Size: '0x9b5'
-    INIT:
-      Entropy: 5.268683087271941
-      Virtual Size: '0xa96'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2023-07-10 21:46:19'
-  InternalName: ''
-  Copyright: ''
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IoRegisterDriverReinitialization
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeSetEvent
-  - KeInitializeEvent
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - ZwClose
-  - IofCompleteRequest
-  - ObReferenceObjectByHandle
-  - KeWaitForSingleObject
-  - PsThreadType
-  - IoIsWdmVersionAvailable
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - ZwReadFile
-  - IoCreateFile
-  - ZwSetInformationFile
-  - ZwCreateFile
-  - ZwQueryDirectoryFile
-  - ZwDeleteFile
-  - ZwOpenFile
-  - RtlImageNtHeader
-  - ZwQueryInformationFile
-  - ZwWriteFile
-  - ZwSetValueKey
-  - ZwQueryValueKey
-  - _vsnprintf
-  - ZwFlushKey
-  - ZwDeleteKey
-  - ZwOpenKey
-  - _stricmp
-  - ZwCreateKey
-  - PsSetLoadImageNotifyRoutine
-  - PsGetProcessImageFileName
-  - PsLookupProcessByProcessId
-  - MmGetSystemRoutineAddress
-  - RtlGetVersion
-  - FsRtlIsNameInExpression
-  - wcsrchr
-  - PsRemoveLoadImageNotifyRoutine
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - KeUnstackDetachProcess
-  - ObOpenObjectByPointer
-  - KeStackAttachProcess
-  - ZwAllocateVirtualMemory
-  - KeClearEvent
-  - _wcsnicmp
-  - ObCreateObject
-  - IoFileObjectType
-  - IoDriverObjectType
-  - MmMapLockedPagesSpecifyCache
-  - IoGetCurrentProcess
-  - _vsnwprintf
-  - KeQueryTimeIncrement
-  - IoGetDeviceAttachmentBaseRef
-  - IoFreeIrp
-  - IoAllocateIrp
-  - RtlCompareUnicodeString
-  - CmRegisterCallback
-  - PsGetCurrentProcessId
-  - RtlCopyUnicodeString
-  - CmCallbackGetKeyObjectID
-  - ZwEnumerateKey
-  - strstr
-  - KeDelayExecutionThread
-  - ExSystemTimeToLocalTime
-  - RtlTimeToTimeFields
-  - RtlMultiByteToUnicodeN
-  - IoBuildDeviceIoControlRequest
-  - IoGetRelatedDeviceObject
-  - IoFreeMdl
-  - IoCancelIrp
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - IofCallDriver
-  - ZwMapViewOfSection
-  - ExGetPreviousMode
-  - ZwQuerySystemInformation
-  - ZwUnmapViewOfSection
-  - ZwCreateSection
-  - ExFreePool
-  - KeBugCheckEx
-  - __C_specific_handler
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=CN, ST=Beijing, L=Beijing, O=Beijing JoinHope Image Technology Ltd.,
-        CN=Beijing JoinHope Image Technology Ltd.
-      ValidFrom: '2014-05-16 00:00:00'
-      ValidTo: '2015-05-16 23:59:59'
-      Signature: e896f8811ed9938fcbdc8c37f8c029045bb36722791c608d7d59f1d50b9e8923777b3ce973553c8164d7445f038c3720516d74f2f95fd734cd1349c1e6cf17f1c9042f069fb94350f7cd8f36f676fd175742d32adbc5d143423e3bc38bea71f9d021110303529d578ba7aab16d53c61642cf1f7e16964718a083182429d4347a09ea0047d9e53bad112ca5a5a14a180539ceb64000a677709bb70e9e3aea68158977072e7f130f1f99b08c2593b4003523f3f6cd441a7e4d8e88f3a2b871e6a03627dd3dadd97487df1dc5b93119ec65b60d1e4e0248a1978ee7480c08b8b8e54d890e7941aa852cf65d731cf0a6cf66584a0d0fba70d6697ee22a8d859919f4
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0a005d2e2bcd4137168217d8c727747c
-      Version: 3
-      TBS:
-        MD5: 4d213d99215f488050faaa39765656d1
-        SHA1: 0308508b5a3fcd330bbf28931f8e1a9c93c3ee69
-        SHA256: ea947432de238a25fdb7892e436f4ef44f30ab16ae9e1eb914860f4808b25ef2
-        SHA384: 430e932514f35ed55f31f050f33bcc0b9244fd83c6d1d28ee240306e54292e93b5894ef4eb9c09bf84cdc8068c6a7230
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 0a005d2e2bcd4137168217d8c727747c
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: be0dd8b8e045356d600ee55a64d9d197
-  LoadsDespiteHVCI: 'TRUE'
-Tags:
-- 6771b13a53b9c7449d4891e427735ea2.sys
+-   Filename: ''
+    MD5: 6771b13a53b9c7449d4891e427735ea2
+    SHA1: 98c4406fede34c3704afd8cf536ec20d93df9a10
+    SHA256: a2d32c28eb5945b85872697d7cfbe87813c09a0e1be28611563755f68b9cb88b
+    Signature: ''
+    Date: ''
+    Publisher: ''
+    Company: ''
+    Description: ''
+    Product: ''
+    ProductVersion: ''
+    FileVersion: ''
+    MachineType: AMD64
+    OriginalFilename: ''
+    Authentihash:
+        MD5: 39eb5df6c886eddca1a5597097f209df
+        SHA1: 97faafa4a612b3e7b20e28df712bc7f700eaa840
+        SHA256: b975bb2aeb265f1e943a9ca501fc76e2b4514e874ca449c0e59fb36bacf17159
+    RichPEHeaderHash:
+        MD5: ecdd5c0e8a78b145a8e5d9443ff0f2eb
+        SHA1: 3ed3a76d965f1b5e387959ceedc84567a2f7bca4
+        SHA256: 1edc4e310bd57e5c317b972f0bdb9f1f0794009b7039364dd6a879ee5f342754
+    Sections:
+        .text:
+            Entropy: 6.2119592546505995
+            Virtual Size: '0xc1ee'
+        .rdata:
+            Entropy: 5.110403242864534
+            Virtual Size: '0xbac'
+        .data:
+            Entropy: 7.880034750078154
+            Virtual Size: '0xa5490'
+        .pdata:
+            Entropy: 4.5968345164469415
+            Virtual Size: '0x540'
+        PAGE:
+            Entropy: 6.308757256393646
+            Virtual Size: '0x9b5'
+        INIT:
+            Entropy: 5.268683087271941
+            Virtual Size: '0xa96'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2023-07-10 21:46:19'
+    InternalName: ''
+    Copyright: ''
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - IoRegisterDriverReinitialization
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeSetEvent
+    - KeInitializeEvent
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - ZwClose
+    - IofCompleteRequest
+    - ObReferenceObjectByHandle
+    - KeWaitForSingleObject
+    - PsThreadType
+    - IoIsWdmVersionAvailable
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - ZwReadFile
+    - IoCreateFile
+    - ZwSetInformationFile
+    - ZwCreateFile
+    - ZwQueryDirectoryFile
+    - ZwDeleteFile
+    - ZwOpenFile
+    - RtlImageNtHeader
+    - ZwQueryInformationFile
+    - ZwWriteFile
+    - ZwSetValueKey
+    - ZwQueryValueKey
+    - _vsnprintf
+    - ZwFlushKey
+    - ZwDeleteKey
+    - ZwOpenKey
+    - _stricmp
+    - ZwCreateKey
+    - PsSetLoadImageNotifyRoutine
+    - PsGetProcessImageFileName
+    - PsLookupProcessByProcessId
+    - MmGetSystemRoutineAddress
+    - RtlGetVersion
+    - FsRtlIsNameInExpression
+    - wcsrchr
+    - PsRemoveLoadImageNotifyRoutine
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - KeUnstackDetachProcess
+    - ObOpenObjectByPointer
+    - KeStackAttachProcess
+    - ZwAllocateVirtualMemory
+    - KeClearEvent
+    - _wcsnicmp
+    - ObCreateObject
+    - IoFileObjectType
+    - IoDriverObjectType
+    - MmMapLockedPagesSpecifyCache
+    - IoGetCurrentProcess
+    - _vsnwprintf
+    - KeQueryTimeIncrement
+    - IoGetDeviceAttachmentBaseRef
+    - IoFreeIrp
+    - IoAllocateIrp
+    - RtlCompareUnicodeString
+    - CmRegisterCallback
+    - PsGetCurrentProcessId
+    - RtlCopyUnicodeString
+    - CmCallbackGetKeyObjectID
+    - ZwEnumerateKey
+    - strstr
+    - KeDelayExecutionThread
+    - ExSystemTimeToLocalTime
+    - RtlTimeToTimeFields
+    - RtlMultiByteToUnicodeN
+    - IoBuildDeviceIoControlRequest
+    - IoGetRelatedDeviceObject
+    - IoFreeMdl
+    - IoCancelIrp
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - IofCallDriver
+    - ZwMapViewOfSection
+    - ExGetPreviousMode
+    - ZwQuerySystemInformation
+    - ZwUnmapViewOfSection
+    - ZwCreateSection
+    - ExFreePool
+    - KeBugCheckEx
+    - __C_specific_handler
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=CN, ST=Beijing, L=Beijing, O=Beijing JoinHope Image Technology
+                Ltd., CN=Beijing JoinHope Image Technology Ltd.
+            ValidFrom: '2014-05-16 00:00:00'
+            ValidTo: '2015-05-16 23:59:59'
+            Signature: e896f8811ed9938fcbdc8c37f8c029045bb36722791c608d7d59f1d50b9e8923777b3ce973553c8164d7445f038c3720516d74f2f95fd734cd1349c1e6cf17f1c9042f069fb94350f7cd8f36f676fd175742d32adbc5d143423e3bc38bea71f9d021110303529d578ba7aab16d53c61642cf1f7e16964718a083182429d4347a09ea0047d9e53bad112ca5a5a14a180539ceb64000a677709bb70e9e3aea68158977072e7f130f1f99b08c2593b4003523f3f6cd441a7e4d8e88f3a2b871e6a03627dd3dadd97487df1dc5b93119ec65b60d1e4e0248a1978ee7480c08b8b8e54d890e7941aa852cf65d731cf0a6cf66584a0d0fba70d6697ee22a8d859919f4
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0a005d2e2bcd4137168217d8c727747c
+            Version: 3
+            TBS:
+                MD5: 4d213d99215f488050faaa39765656d1
+                SHA1: 0308508b5a3fcd330bbf28931f8e1a9c93c3ee69
+                SHA256: ea947432de238a25fdb7892e436f4ef44f30ab16ae9e1eb914860f4808b25ef2
+                SHA384: 430e932514f35ed55f31f050f33bcc0b9244fd83c6d1d28ee240306e54292e93b5894ef4eb9c09bf84cdc8068c6a7230
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 0a005d2e2bcd4137168217d8c727747c
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: be0dd8b8e045356d600ee55a64d9d197
+    LoadsDespiteHVCI: 'TRUE'
diff --git a/yaml/ddefecdd-9410-46d9-8957-e23aac1aba0c.yaml b/yaml/ddefecdd-9410-46d9-8957-e23aac1aba0c.yaml
index 560fe4ff6..d9220e28e 100644
--- a/yaml/ddefecdd-9410-46d9-8957-e23aac1aba0c.yaml
+++ b/yaml/ddefecdd-9410-46d9-8957-e23aac1aba0c.yaml
@@ -1,224 +1,225 @@
 Id: ddefecdd-9410-46d9-8957-e23aac1aba0c
+Tags:
+- c94f405c5929cfcccc8ad00b42c95083.sys
+Verified: 'TRUE'
 Author: Alice Climent-Pommeret
 Created: '2023-07-31'
 MitreID: T1014
 Category: malicious
-Verified: 'TRUE'
 Commands:
-  Command: sc.exe create c94f405c5929cfcccc8ad00b42c95083.sys binPath=C:\windows\temp\c94f405c5929cfcccc8ad00b42c95083.sys
-    type=kernel && sc.exe start c94f405c5929cfcccc8ad00b42c95083.sys
-  Description: "Cisco Talos has identified multiple versions of an undocumented malicious\
-    \ driver named \u201CRedDriver,\u201D a driver-based browser hijacker that uses\
-    \ the Windows Filtering Platform (WFP) to intercept browser traffic. RedDriver\
-    \ has been active since at least 2021. RedDriver utilizes HookSignTool to forge\
-    \ its signature timestamp to bypass Windows driver-signing policies. Code from\
-    \ multiple open-source tools has been used in the development of RedDriver's infection\
-    \ chain, including HP-Socket and a custom implementation of ReflectiveLoader.\
-    \ The authors of RedDriver appear to be skilled in driver development and have\
-    \ deep knowledge of the Windows operating system. This threat appears to target\
-    \ native Chinese speakers, as it searches for Chinese language browsers to hijack.\
-    \ Additionally, the authors are likely Chinese speakers themselves."
-  Usecase: ''
-  Privileges: kernel
-  OperatingSystem: Windows 10
+    Command: sc.exe create c94f405c5929cfcccc8ad00b42c95083.sys binPath=C:\windows\temp\c94f405c5929cfcccc8ad00b42c95083.sys
+        type=kernel && sc.exe start c94f405c5929cfcccc8ad00b42c95083.sys
+    Description: "Cisco Talos has identified multiple versions of an undocumented\
+        \ malicious driver named \u201CRedDriver,\u201D a driver-based browser hijacker\
+        \ that uses the Windows Filtering Platform (WFP) to intercept browser traffic.\
+        \ RedDriver has been active since at least 2021. RedDriver utilizes HookSignTool\
+        \ to forge its signature timestamp to bypass Windows driver-signing policies.\
+        \ Code from multiple open-source tools has been used in the development of\
+        \ RedDriver's infection chain, including HP-Socket and a custom implementation\
+        \ of ReflectiveLoader. The authors of RedDriver appear to be skilled in driver\
+        \ development and have deep knowledge of the Windows operating system. This\
+        \ threat appears to target native Chinese speakers, as it searches for Chinese\
+        \ language browsers to hijack. Additionally, the authors are likely Chinese\
+        \ speakers themselves."
+    Usecase: ''
+    Privileges: kernel
+    OperatingSystem: Windows 10
 Resources:
 - https://blog.talosintelligence.com/undocumented-reddriver/
-Acknowledgement:
-  Person: ''
-  Handle: ''
 Detection: []
+Acknowledgement:
+    Person: ''
+    Handle: ''
 KnownVulnerableSamples:
-- Filename: ''
-  MD5: c94f405c5929cfcccc8ad00b42c95083
-  SHA1: 03e82eae4d8b155e22ffdafe7ba0c4ab74e8c1a7
-  SHA256: da70fa44290f949e9b3e0fcfe0503de46e82e0472e8e3c360da3fd2bfa364eee
-  Signature: ''
-  Date: ''
-  Publisher: ''
-  Company: ''
-  Description: ''
-  Product: ''
-  ProductVersion: ''
-  FileVersion: ''
-  MachineType: AMD64
-  OriginalFilename: ''
-  Authentihash:
-    MD5: 0895b0ede1999778543eed8b8ea48fda
-    SHA1: 6d7cbfc4e0bb441863e6a7b4c865e05948d6390d
-    SHA256: e42d8953f90e0b052adacd6c8e6cc240d723e5b4605ac897fe9667e661f9ed3c
-  RichPEHeaderHash:
-    MD5: ecdd5c0e8a78b145a8e5d9443ff0f2eb
-    SHA1: 3ed3a76d965f1b5e387959ceedc84567a2f7bca4
-    SHA256: 1edc4e310bd57e5c317b972f0bdb9f1f0794009b7039364dd6a879ee5f342754
-  Sections:
-    .text:
-      Entropy: 6.2119592546505995
-      Virtual Size: '0xc1ee'
-    .rdata:
-      Entropy: 5.110403242864534
-      Virtual Size: '0xbac'
-    .data:
-      Entropy: 7.880069642714129
-      Virtual Size: '0xa5490'
-    .pdata:
-      Entropy: 4.5968345164469415
-      Virtual Size: '0x540'
-    PAGE:
-      Entropy: 6.308757256393646
-      Virtual Size: '0x9b5'
-    INIT:
-      Entropy: 5.268683087271941
-      Virtual Size: '0xa96'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2023-07-08 12:40:11'
-  InternalName: ''
-  Copyright: ''
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IoRegisterDriverReinitialization
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeSetEvent
-  - KeInitializeEvent
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - ZwClose
-  - IofCompleteRequest
-  - ObReferenceObjectByHandle
-  - KeWaitForSingleObject
-  - PsThreadType
-  - IoIsWdmVersionAvailable
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - ZwReadFile
-  - IoCreateFile
-  - ZwSetInformationFile
-  - ZwCreateFile
-  - ZwQueryDirectoryFile
-  - ZwDeleteFile
-  - ZwOpenFile
-  - RtlImageNtHeader
-  - ZwQueryInformationFile
-  - ZwWriteFile
-  - ZwSetValueKey
-  - ZwQueryValueKey
-  - _vsnprintf
-  - ZwFlushKey
-  - ZwDeleteKey
-  - ZwOpenKey
-  - _stricmp
-  - ZwCreateKey
-  - PsSetLoadImageNotifyRoutine
-  - PsGetProcessImageFileName
-  - PsLookupProcessByProcessId
-  - MmGetSystemRoutineAddress
-  - RtlGetVersion
-  - FsRtlIsNameInExpression
-  - wcsrchr
-  - PsRemoveLoadImageNotifyRoutine
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - KeUnstackDetachProcess
-  - ObOpenObjectByPointer
-  - KeStackAttachProcess
-  - ZwAllocateVirtualMemory
-  - KeClearEvent
-  - _wcsnicmp
-  - ObCreateObject
-  - IoFileObjectType
-  - IoDriverObjectType
-  - MmMapLockedPagesSpecifyCache
-  - IoGetCurrentProcess
-  - _vsnwprintf
-  - KeQueryTimeIncrement
-  - IoGetDeviceAttachmentBaseRef
-  - IoFreeIrp
-  - IoAllocateIrp
-  - RtlCompareUnicodeString
-  - CmRegisterCallback
-  - PsGetCurrentProcessId
-  - RtlCopyUnicodeString
-  - CmCallbackGetKeyObjectID
-  - ZwEnumerateKey
-  - strstr
-  - KeDelayExecutionThread
-  - ExSystemTimeToLocalTime
-  - RtlTimeToTimeFields
-  - RtlMultiByteToUnicodeN
-  - IoBuildDeviceIoControlRequest
-  - IoGetRelatedDeviceObject
-  - IoFreeMdl
-  - IoCancelIrp
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - IofCallDriver
-  - ZwMapViewOfSection
-  - ExGetPreviousMode
-  - ZwQuerySystemInformation
-  - ZwUnmapViewOfSection
-  - ZwCreateSection
-  - ExFreePool
-  - KeBugCheckEx
-  - __C_specific_handler
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=CN, ST=Beijing, L=Beijing, O=Beijing JoinHope Image Technology Ltd.,
-        CN=Beijing JoinHope Image Technology Ltd.
-      ValidFrom: '2014-05-16 00:00:00'
-      ValidTo: '2015-05-16 23:59:59'
-      Signature: e896f8811ed9938fcbdc8c37f8c029045bb36722791c608d7d59f1d50b9e8923777b3ce973553c8164d7445f038c3720516d74f2f95fd734cd1349c1e6cf17f1c9042f069fb94350f7cd8f36f676fd175742d32adbc5d143423e3bc38bea71f9d021110303529d578ba7aab16d53c61642cf1f7e16964718a083182429d4347a09ea0047d9e53bad112ca5a5a14a180539ceb64000a677709bb70e9e3aea68158977072e7f130f1f99b08c2593b4003523f3f6cd441a7e4d8e88f3a2b871e6a03627dd3dadd97487df1dc5b93119ec65b60d1e4e0248a1978ee7480c08b8b8e54d890e7941aa852cf65d731cf0a6cf66584a0d0fba70d6697ee22a8d859919f4
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0a005d2e2bcd4137168217d8c727747c
-      Version: 3
-      TBS:
-        MD5: 4d213d99215f488050faaa39765656d1
-        SHA1: 0308508b5a3fcd330bbf28931f8e1a9c93c3ee69
-        SHA256: ea947432de238a25fdb7892e436f4ef44f30ab16ae9e1eb914860f4808b25ef2
-        SHA384: 430e932514f35ed55f31f050f33bcc0b9244fd83c6d1d28ee240306e54292e93b5894ef4eb9c09bf84cdc8068c6a7230
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 0a005d2e2bcd4137168217d8c727747c
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: be0dd8b8e045356d600ee55a64d9d197
-  LoadsDespiteHVCI: 'TRUE'
-Tags:
-- c94f405c5929cfcccc8ad00b42c95083.sys
+-   Filename: ''
+    MD5: c94f405c5929cfcccc8ad00b42c95083
+    SHA1: 03e82eae4d8b155e22ffdafe7ba0c4ab74e8c1a7
+    SHA256: da70fa44290f949e9b3e0fcfe0503de46e82e0472e8e3c360da3fd2bfa364eee
+    Signature: ''
+    Date: ''
+    Publisher: ''
+    Company: ''
+    Description: ''
+    Product: ''
+    ProductVersion: ''
+    FileVersion: ''
+    MachineType: AMD64
+    OriginalFilename: ''
+    Authentihash:
+        MD5: 0895b0ede1999778543eed8b8ea48fda
+        SHA1: 6d7cbfc4e0bb441863e6a7b4c865e05948d6390d
+        SHA256: e42d8953f90e0b052adacd6c8e6cc240d723e5b4605ac897fe9667e661f9ed3c
+    RichPEHeaderHash:
+        MD5: ecdd5c0e8a78b145a8e5d9443ff0f2eb
+        SHA1: 3ed3a76d965f1b5e387959ceedc84567a2f7bca4
+        SHA256: 1edc4e310bd57e5c317b972f0bdb9f1f0794009b7039364dd6a879ee5f342754
+    Sections:
+        .text:
+            Entropy: 6.2119592546505995
+            Virtual Size: '0xc1ee'
+        .rdata:
+            Entropy: 5.110403242864534
+            Virtual Size: '0xbac'
+        .data:
+            Entropy: 7.880069642714129
+            Virtual Size: '0xa5490'
+        .pdata:
+            Entropy: 4.5968345164469415
+            Virtual Size: '0x540'
+        PAGE:
+            Entropy: 6.308757256393646
+            Virtual Size: '0x9b5'
+        INIT:
+            Entropy: 5.268683087271941
+            Virtual Size: '0xa96'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2023-07-08 12:40:11'
+    InternalName: ''
+    Copyright: ''
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - IoRegisterDriverReinitialization
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeSetEvent
+    - KeInitializeEvent
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - ZwClose
+    - IofCompleteRequest
+    - ObReferenceObjectByHandle
+    - KeWaitForSingleObject
+    - PsThreadType
+    - IoIsWdmVersionAvailable
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - ZwReadFile
+    - IoCreateFile
+    - ZwSetInformationFile
+    - ZwCreateFile
+    - ZwQueryDirectoryFile
+    - ZwDeleteFile
+    - ZwOpenFile
+    - RtlImageNtHeader
+    - ZwQueryInformationFile
+    - ZwWriteFile
+    - ZwSetValueKey
+    - ZwQueryValueKey
+    - _vsnprintf
+    - ZwFlushKey
+    - ZwDeleteKey
+    - ZwOpenKey
+    - _stricmp
+    - ZwCreateKey
+    - PsSetLoadImageNotifyRoutine
+    - PsGetProcessImageFileName
+    - PsLookupProcessByProcessId
+    - MmGetSystemRoutineAddress
+    - RtlGetVersion
+    - FsRtlIsNameInExpression
+    - wcsrchr
+    - PsRemoveLoadImageNotifyRoutine
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - KeUnstackDetachProcess
+    - ObOpenObjectByPointer
+    - KeStackAttachProcess
+    - ZwAllocateVirtualMemory
+    - KeClearEvent
+    - _wcsnicmp
+    - ObCreateObject
+    - IoFileObjectType
+    - IoDriverObjectType
+    - MmMapLockedPagesSpecifyCache
+    - IoGetCurrentProcess
+    - _vsnwprintf
+    - KeQueryTimeIncrement
+    - IoGetDeviceAttachmentBaseRef
+    - IoFreeIrp
+    - IoAllocateIrp
+    - RtlCompareUnicodeString
+    - CmRegisterCallback
+    - PsGetCurrentProcessId
+    - RtlCopyUnicodeString
+    - CmCallbackGetKeyObjectID
+    - ZwEnumerateKey
+    - strstr
+    - KeDelayExecutionThread
+    - ExSystemTimeToLocalTime
+    - RtlTimeToTimeFields
+    - RtlMultiByteToUnicodeN
+    - IoBuildDeviceIoControlRequest
+    - IoGetRelatedDeviceObject
+    - IoFreeMdl
+    - IoCancelIrp
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - IofCallDriver
+    - ZwMapViewOfSection
+    - ExGetPreviousMode
+    - ZwQuerySystemInformation
+    - ZwUnmapViewOfSection
+    - ZwCreateSection
+    - ExFreePool
+    - KeBugCheckEx
+    - __C_specific_handler
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=CN, ST=Beijing, L=Beijing, O=Beijing JoinHope Image Technology
+                Ltd., CN=Beijing JoinHope Image Technology Ltd.
+            ValidFrom: '2014-05-16 00:00:00'
+            ValidTo: '2015-05-16 23:59:59'
+            Signature: e896f8811ed9938fcbdc8c37f8c029045bb36722791c608d7d59f1d50b9e8923777b3ce973553c8164d7445f038c3720516d74f2f95fd734cd1349c1e6cf17f1c9042f069fb94350f7cd8f36f676fd175742d32adbc5d143423e3bc38bea71f9d021110303529d578ba7aab16d53c61642cf1f7e16964718a083182429d4347a09ea0047d9e53bad112ca5a5a14a180539ceb64000a677709bb70e9e3aea68158977072e7f130f1f99b08c2593b4003523f3f6cd441a7e4d8e88f3a2b871e6a03627dd3dadd97487df1dc5b93119ec65b60d1e4e0248a1978ee7480c08b8b8e54d890e7941aa852cf65d731cf0a6cf66584a0d0fba70d6697ee22a8d859919f4
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0a005d2e2bcd4137168217d8c727747c
+            Version: 3
+            TBS:
+                MD5: 4d213d99215f488050faaa39765656d1
+                SHA1: 0308508b5a3fcd330bbf28931f8e1a9c93c3ee69
+                SHA256: ea947432de238a25fdb7892e436f4ef44f30ab16ae9e1eb914860f4808b25ef2
+                SHA384: 430e932514f35ed55f31f050f33bcc0b9244fd83c6d1d28ee240306e54292e93b5894ef4eb9c09bf84cdc8068c6a7230
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 0a005d2e2bcd4137168217d8c727747c
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: be0dd8b8e045356d600ee55a64d9d197
+    LoadsDespiteHVCI: 'TRUE'
diff --git a/yaml/ddf661c0-7dfc-4c26-89c5-00cd6a81a139.yaml b/yaml/ddf661c0-7dfc-4c26-89c5-00cd6a81a139.yaml
index 1b6a71ccc..cd7521227 100644
--- a/yaml/ddf661c0-7dfc-4c26-89c5-00cd6a81a139.yaml
+++ b/yaml/ddf661c0-7dfc-4c26-89c5-00cd6a81a139.yaml
@@ -1,224 +1,225 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: ddf661c0-7dfc-4c26-89c5-00cd6a81a139
+Tags:
+- wfshbr64.sys
+- wfshbr32.sys
+Verified: 'TRUE'
 Author: Michael Haag
+Created: '2023-06-05'
+MitreID: T1068
 CVE:
 - CVE-2022-42046
 Category: malicious
 Commands:
-  Command: sc.exe create wfshbr64.sys binPath=C:\windows\temp\wfshbr64.sys type=kernel
-    && sc.exe start wfshbr64.sys
-  Description: 'wfshbr64.sys and wfshbr32.sys specially crafted payload allows arbitrary
-    user to perform bitwise operation with arbitrary EPROCESS offset and flags value
-    to purposely elevate the game process to CodeGen Full protection by manipulating
-    EPROCESS.Protection and EPROCESS.SignatureLevel flags (security hole as a feature).
+    Command: sc.exe create wfshbr64.sys binPath=C:\windows\temp\wfshbr64.sys type=kernel
+        && sc.exe start wfshbr64.sys
+    Description: 'wfshbr64.sys and wfshbr32.sys specially crafted payload allows arbitrary
+        user to perform bitwise operation with arbitrary EPROCESS offset and flags
+        value to purposely elevate the game process to CodeGen Full protection by
+        manipulating EPROCESS.Protection and EPROCESS.SignatureLevel flags (security
+        hole as a feature).
 
 
-    The driver is signed by Microsoft hardware compatibility publisher that is submitted
-    via Microsoft Hardware Program.'
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
-Created: '2023-06-05'
-Detection: []
-Id: ddf661c0-7dfc-4c26-89c5-00cd6a81a139
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: f143857a68801478dbe4de842a9d4f6a
-    SHA1: 47063aa084976104d928e2b0f4f4b800adb22c89
-    SHA256: b0399dd3c395f84cbd6ac2e3e8ca8ee344a0f699b17db0624f936ae4bb4b7953
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2022-11-28 03:10:24'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: wfshbr64.sys
-  ImportedFunctions:
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - IofCompleteRequest
-  - PsGetCurrentProcessId
-  - IoGetCurrentProcess
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  Imports:
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: b76aee508f68b5b6dccd6e1f66f4cf8b
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 1cae7fcf3f9627d90b3aa959faa5495d
-    SHA1: a6fdd5b1bebd1c134a1ff6e613d9694d2ad2f81d
-    SHA256: 46e9b36f8db362f22fa5d1fcd13371e9cd34ee5302ea3a7be320d7cf07815bbd
-  SHA1: 0167259abd9231c29bec32e6106ca93a13999f90
-  SHA256: b8807e365be2813b7eccd2e4c49afb0d1e131086715638b7a6307cd7d7e9556c
-  Sections:
-    .text:
-      Entropy: 6.360436024553698
-      Virtual Size: '0x703'
-    .rdata:
-      Entropy: 3.196284553772549
-      Virtual Size: '0x120'
-    .data:
-      Entropy: 0.20611221646538552
-      Virtual Size: '0xe0'
-    .pdata:
-      Entropy: 3.280267161802354
-      Virtual Size: '0x6c'
-    .info:
-      Entropy: 1.5662542468017437
-      Virtual Size: '0xa0'
-    INIT:
-      Entropy: 4.1005955318674525
-      Virtual Size: '0x12e'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Hardware Compatibility Publisher
-      ValidFrom: '2022-06-07 18:08:06'
-      ValidTo: '2023-06-01 18:08:06'
-      Signature: 0a835e40cdb627d4f0a0d3dbbf64a46a05c132d0b5df9d11cd9c195d7037737057d57a342732ae68d67de47f460e7211c7c40dc29b0a079caff871c4834a9a2fc85e759de9b78659ad6fd79b7320e538e9ba5d52227ad67cc00b0a770ef662af3d743a558643ad89cfb015591709a69b6271a9b65db71898e7cb9964c6376dc474898301a6133198b486b518fdd9d7b9723dcffc441e026833f7c72e27986026c97b9184a0048b10d1fe6847ae467f02173f7a69120be780e5b6b9e6399402cc58735a31b537cc33578fbea443135a4a612359150bcf9ab316f6a9248bc71ef3f3480b9b3fa2341692bc3a121d80214688f7bd87d5ec56dcbd0ea61abf2c7ed2b739a07590adb596d401735d955f5f94c591d69ab4363a42f9fca549d439495711ff7990448c03724792ed4acf31f2b35b136c1b2f37aa82b1aabf7daf059dcb2e976e95311ec6e9cc53876dd09632cf512d39c801849a7c1088a565691953e07c7ff17b22518e982dd2dcc0feda8c834ca1f5e247aef1c3af5f13cd4b8cc1b6c0179bc876db88d677047c34366533e349796dbdea86389ad640710b7742ae8cc4ec88f10fa80ede4b1c93f81b55480fc8228216d54813df0327e74b3db9f3512a40c0568e4215827f9b7a2613deea72a7ec4df2def05e5559015049fe83edc83300526045cb128119e131b7d3573b268e24b0a25b9ad59f6301c8fc8f409322
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 3300000057ee4d659a923e7c10000000000057
-      Version: 3
-      TBS:
-        MD5: fdc11a5676aed4e9cc0c09eeb7450dfb
-        SHA1: 4902077d9a05d4231b791d3b05bafa4a79132f03
-        SHA256: 5db56c23d83bf67c7152e28ad4a684a7372b4ae4f52afe7a81ce91eef94caec3
-        SHA384: c952d7f0e0ea5216ce4400601fb7c0829f0f3fcd6eb2b5b9112fbe45d133e00c4abd660f8e1794f7ac4ef95123e2c0ab
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2014
-      ValidFrom: '2014-10-15 20:31:27'
-      ValidTo: '2029-10-15 20:41:27'
-      Signature: 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 330000000d690d5d7893d076df00000000000d
-      Version: 3
-      TBS:
-        MD5: 83f69422963f11c3c340b81712eef319
-        SHA1: 0c5e5f24590b53bc291e28583acb78e5adc95601
-        SHA256: d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
-        SHA384: 260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63
-    Signer:
-    - SerialNumber: 3300000057ee4d659a923e7c10000000000057
-      Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2014
-      Version: 1
-  Imphash: df43355c636583e56e92142dcc69cc58
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 82a8528c1c8391d38cbd90ba8823f833
-    SHA1: 0122f7a57784f2ac460d175687450d8940cace6e
-    SHA256: d16a59cd7c52d1d32bb43670cdca739aadb19ba15996bac62071845e1bfbdb95
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2022-06-30 23:25:32'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: wfshbr64.sys
-  ImportedFunctions:
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - IofCompleteRequest
-  - PsGetCurrentProcessId
-  - IoGetCurrentProcess
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  Imports:
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: c9d4214c850e0cedf033dc8f0cd3aace
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 1cae7fcf3f9627d90b3aa959faa5495d
-    SHA1: a6fdd5b1bebd1c134a1ff6e613d9694d2ad2f81d
-    SHA256: 46e9b36f8db362f22fa5d1fcd13371e9cd34ee5302ea3a7be320d7cf07815bbd
-  SHA1: b2f5d3318aab69e6e0ca8da4a4733849e3f1cee2
-  SHA256: 89698cad598a56f9e45efffd15d1841e494a2409cc12279150a03842cd6bb7f3
-  Sections:
-    .text:
-      Entropy: 6.375146124739003
-      Virtual Size: '0x677'
-    .rdata:
-      Entropy: 3.204288518505729
-      Virtual Size: '0x120'
-    .data:
-      Entropy: 0.17556101736135615
-      Virtual Size: '0xd0'
-    .pdata:
-      Entropy: 3.2617486432838354
-      Virtual Size: '0x6c'
-    .info:
-      Entropy: 1.5240361999132217
-      Virtual Size: '0xa0'
-    INIT:
-      Entropy: 4.1005955318674525
-      Virtual Size: '0x12e'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Hardware Compatibility Publisher
-      ValidFrom: '2021-09-09 19:15:59'
-      ValidTo: '2022-09-01 19:15:59'
-      Signature: 1757782e797188079911866d54bd474a2432707984658c549a407e7fb4e5efa2ba72367a02b382d2116d4c4538836ddcd4616fcd231229df1ae5d0da6b3abe499ee5d8b47a7919940f6bbcbe2575018dca65eef4913e3d38410f2cd6cca3082d9ba2c061173cd828635665f76e8f0f685e03da24290b9d2cae7039da974de7b7e85798ba64cbe9ba34e0308c3bd6b4d68e9723fde74274fd3806fe799d04d6a3835f82d4fefc52088ccda4b4c817116f2f5a99445a3e952d78bc27753e65e97c6271c71ac7c9e3439b847e8984ab06a5904d150223f9ca92bbda86c02663c3f4964da5e106619b6eaff2768143cce9e5a8b0b2cba90e82cd87866d9fd6499c6cfbc96529a18b5653d12b54a6c928693a4e3d197ffbfcce7ed71a909b18d09b4345b24bc25eb8dfa1821a9cd0971ffc7d38a26580e2f118c4ac55bf926d0666b72ad7ba6ec20f0b54d694bc3b8a0dbddda27bd64194da085319841d1ebc9dc067ef72ea064a475bea865828b13077bc8e14e2f7544b90f0045f3cd84bcc0d5a80645a6fb65528e4f768ec775bdb0225399f3c81c0b667714676d0949f9ffaddc8549dc45e5ce4345c4ea7dc0aff4ac510f5527ad94a2181edc4b73bcfde813a83d81ca897854c98712346001a12e5d3bf9a45c807f9b3c7d3e0bb99c035ea54ee39e2c9af4147dbea7aabec85b47192b945e083ddf6061afb901e83b11135d24e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 330000004de597a775e3157f7b00000000004d
-      Version: 3
-      TBS:
-        MD5: 9f0782e89bd41cdd96ec55357457478a
-        SHA1: 35c2180572baad19019acca1334e6c653699c389
-        SHA256: 50814710213afec410f26e573d25267a2e21d3d15f158be8a43a666c9cc6fa08
-        SHA384: 8d48f066b0284071d64bbc556e018824a8388ccd142a56c7b7b04ef6d27cade07da57ac82d8067e18ad64d35af11e2a7
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2014
-      ValidFrom: '2014-10-15 20:31:27'
-      ValidTo: '2029-10-15 20:41:27'
-      Signature: 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 330000000d690d5d7893d076df00000000000d
-      Version: 3
-      TBS:
-        MD5: 83f69422963f11c3c340b81712eef319
-        SHA1: 0c5e5f24590b53bc291e28583acb78e5adc95601
-        SHA256: d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
-        SHA384: 260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63
-    Signer:
-    - SerialNumber: 330000004de597a775e3157f7b00000000004d
-      Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2014
-      Version: 1
-  Imphash: df43355c636583e56e92142dcc69cc58
-  LoadsDespiteHVCI: 'FALSE'
-MitreID: T1068
+        The driver is signed by Microsoft hardware compatibility publisher that is
+        submitted via Microsoft Hardware Program.'
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://github.com/kkent030315/CVE-2022-42046
-Tags:
-- wfshbr64.sys
-- wfshbr32.sys
-Verified: 'TRUE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: f143857a68801478dbe4de842a9d4f6a
+        SHA1: 47063aa084976104d928e2b0f4f4b800adb22c89
+        SHA256: b0399dd3c395f84cbd6ac2e3e8ca8ee344a0f699b17db0624f936ae4bb4b7953
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2022-11-28 03:10:24'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: wfshbr64.sys
+    ImportedFunctions:
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - IofCompleteRequest
+    - PsGetCurrentProcessId
+    - IoGetCurrentProcess
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    Imports:
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: b76aee508f68b5b6dccd6e1f66f4cf8b
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 1cae7fcf3f9627d90b3aa959faa5495d
+        SHA1: a6fdd5b1bebd1c134a1ff6e613d9694d2ad2f81d
+        SHA256: 46e9b36f8db362f22fa5d1fcd13371e9cd34ee5302ea3a7be320d7cf07815bbd
+    SHA1: 0167259abd9231c29bec32e6106ca93a13999f90
+    SHA256: b8807e365be2813b7eccd2e4c49afb0d1e131086715638b7a6307cd7d7e9556c
+    Sections:
+        .text:
+            Entropy: 6.360436024553698
+            Virtual Size: '0x703'
+        .rdata:
+            Entropy: 3.196284553772549
+            Virtual Size: '0x120'
+        .data:
+            Entropy: 0.20611221646538552
+            Virtual Size: '0xe0'
+        .pdata:
+            Entropy: 3.280267161802354
+            Virtual Size: '0x6c'
+        .info:
+            Entropy: 1.5662542468017437
+            Virtual Size: '0xa0'
+        INIT:
+            Entropy: 4.1005955318674525
+            Virtual Size: '0x12e'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Hardware Compatibility Publisher
+            ValidFrom: '2022-06-07 18:08:06'
+            ValidTo: '2023-06-01 18:08:06'
+            Signature: 0a835e40cdb627d4f0a0d3dbbf64a46a05c132d0b5df9d11cd9c195d7037737057d57a342732ae68d67de47f460e7211c7c40dc29b0a079caff871c4834a9a2fc85e759de9b78659ad6fd79b7320e538e9ba5d52227ad67cc00b0a770ef662af3d743a558643ad89cfb015591709a69b6271a9b65db71898e7cb9964c6376dc474898301a6133198b486b518fdd9d7b9723dcffc441e026833f7c72e27986026c97b9184a0048b10d1fe6847ae467f02173f7a69120be780e5b6b9e6399402cc58735a31b537cc33578fbea443135a4a612359150bcf9ab316f6a9248bc71ef3f3480b9b3fa2341692bc3a121d80214688f7bd87d5ec56dcbd0ea61abf2c7ed2b739a07590adb596d401735d955f5f94c591d69ab4363a42f9fca549d439495711ff7990448c03724792ed4acf31f2b35b136c1b2f37aa82b1aabf7daf059dcb2e976e95311ec6e9cc53876dd09632cf512d39c801849a7c1088a565691953e07c7ff17b22518e982dd2dcc0feda8c834ca1f5e247aef1c3af5f13cd4b8cc1b6c0179bc876db88d677047c34366533e349796dbdea86389ad640710b7742ae8cc4ec88f10fa80ede4b1c93f81b55480fc8228216d54813df0327e74b3db9f3512a40c0568e4215827f9b7a2613deea72a7ec4df2def05e5559015049fe83edc83300526045cb128119e131b7d3573b268e24b0a25b9ad59f6301c8fc8f409322
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 3300000057ee4d659a923e7c10000000000057
+            Version: 3
+            TBS:
+                MD5: fdc11a5676aed4e9cc0c09eeb7450dfb
+                SHA1: 4902077d9a05d4231b791d3b05bafa4a79132f03
+                SHA256: 5db56c23d83bf67c7152e28ad4a684a7372b4ae4f52afe7a81ce91eef94caec3
+                SHA384: c952d7f0e0ea5216ce4400601fb7c0829f0f3fcd6eb2b5b9112fbe45d133e00c4abd660f8e1794f7ac4ef95123e2c0ab
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2014
+            ValidFrom: '2014-10-15 20:31:27'
+            ValidTo: '2029-10-15 20:41:27'
+            Signature: 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 330000000d690d5d7893d076df00000000000d
+            Version: 3
+            TBS:
+                MD5: 83f69422963f11c3c340b81712eef319
+                SHA1: 0c5e5f24590b53bc291e28583acb78e5adc95601
+                SHA256: d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
+                SHA384: 260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63
+        Signer:
+        -   SerialNumber: 3300000057ee4d659a923e7c10000000000057
+            Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2014
+            Version: 1
+    Imphash: df43355c636583e56e92142dcc69cc58
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 82a8528c1c8391d38cbd90ba8823f833
+        SHA1: 0122f7a57784f2ac460d175687450d8940cace6e
+        SHA256: d16a59cd7c52d1d32bb43670cdca739aadb19ba15996bac62071845e1bfbdb95
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2022-06-30 23:25:32'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: wfshbr64.sys
+    ImportedFunctions:
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - IofCompleteRequest
+    - PsGetCurrentProcessId
+    - IoGetCurrentProcess
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    Imports:
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: c9d4214c850e0cedf033dc8f0cd3aace
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 1cae7fcf3f9627d90b3aa959faa5495d
+        SHA1: a6fdd5b1bebd1c134a1ff6e613d9694d2ad2f81d
+        SHA256: 46e9b36f8db362f22fa5d1fcd13371e9cd34ee5302ea3a7be320d7cf07815bbd
+    SHA1: b2f5d3318aab69e6e0ca8da4a4733849e3f1cee2
+    SHA256: 89698cad598a56f9e45efffd15d1841e494a2409cc12279150a03842cd6bb7f3
+    Sections:
+        .text:
+            Entropy: 6.375146124739003
+            Virtual Size: '0x677'
+        .rdata:
+            Entropy: 3.204288518505729
+            Virtual Size: '0x120'
+        .data:
+            Entropy: 0.17556101736135615
+            Virtual Size: '0xd0'
+        .pdata:
+            Entropy: 3.2617486432838354
+            Virtual Size: '0x6c'
+        .info:
+            Entropy: 1.5240361999132217
+            Virtual Size: '0xa0'
+        INIT:
+            Entropy: 4.1005955318674525
+            Virtual Size: '0x12e'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Hardware Compatibility Publisher
+            ValidFrom: '2021-09-09 19:15:59'
+            ValidTo: '2022-09-01 19:15:59'
+            Signature: 1757782e797188079911866d54bd474a2432707984658c549a407e7fb4e5efa2ba72367a02b382d2116d4c4538836ddcd4616fcd231229df1ae5d0da6b3abe499ee5d8b47a7919940f6bbcbe2575018dca65eef4913e3d38410f2cd6cca3082d9ba2c061173cd828635665f76e8f0f685e03da24290b9d2cae7039da974de7b7e85798ba64cbe9ba34e0308c3bd6b4d68e9723fde74274fd3806fe799d04d6a3835f82d4fefc52088ccda4b4c817116f2f5a99445a3e952d78bc27753e65e97c6271c71ac7c9e3439b847e8984ab06a5904d150223f9ca92bbda86c02663c3f4964da5e106619b6eaff2768143cce9e5a8b0b2cba90e82cd87866d9fd6499c6cfbc96529a18b5653d12b54a6c928693a4e3d197ffbfcce7ed71a909b18d09b4345b24bc25eb8dfa1821a9cd0971ffc7d38a26580e2f118c4ac55bf926d0666b72ad7ba6ec20f0b54d694bc3b8a0dbddda27bd64194da085319841d1ebc9dc067ef72ea064a475bea865828b13077bc8e14e2f7544b90f0045f3cd84bcc0d5a80645a6fb65528e4f768ec775bdb0225399f3c81c0b667714676d0949f9ffaddc8549dc45e5ce4345c4ea7dc0aff4ac510f5527ad94a2181edc4b73bcfde813a83d81ca897854c98712346001a12e5d3bf9a45c807f9b3c7d3e0bb99c035ea54ee39e2c9af4147dbea7aabec85b47192b945e083ddf6061afb901e83b11135d24e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 330000004de597a775e3157f7b00000000004d
+            Version: 3
+            TBS:
+                MD5: 9f0782e89bd41cdd96ec55357457478a
+                SHA1: 35c2180572baad19019acca1334e6c653699c389
+                SHA256: 50814710213afec410f26e573d25267a2e21d3d15f158be8a43a666c9cc6fa08
+                SHA384: 8d48f066b0284071d64bbc556e018824a8388ccd142a56c7b7b04ef6d27cade07da57ac82d8067e18ad64d35af11e2a7
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2014
+            ValidFrom: '2014-10-15 20:31:27'
+            ValidTo: '2029-10-15 20:41:27'
+            Signature: 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 330000000d690d5d7893d076df00000000000d
+            Version: 3
+            TBS:
+                MD5: 83f69422963f11c3c340b81712eef319
+                SHA1: 0c5e5f24590b53bc291e28583acb78e5adc95601
+                SHA256: d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
+                SHA384: 260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63
+        Signer:
+        -   SerialNumber: 330000004de597a775e3157f7b00000000004d
+            Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2014
+            Version: 1
+    Imphash: df43355c636583e56e92142dcc69cc58
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/de003542-80e1-4aa0-9b99-ed8647a93a6e.yaml b/yaml/de003542-80e1-4aa0-9b99-ed8647a93a6e.yaml
index 2cc2de88b..00420d633 100644
--- a/yaml/de003542-80e1-4aa0-9b99-ed8647a93a6e.yaml
+++ b/yaml/de003542-80e1-4aa0-9b99-ed8647a93a6e.yaml
@@ -1,188 +1,189 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: de003542-80e1-4aa0-9b99-ed8647a93a6e
+Tags:
+- cpuz_x64.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create cpuz_x64.sys binPath=C:\windows\temp\cpuz_x64.sys type=kernel
-    && sc.exe start cpuz_x64.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/3871e16758a1778907667f78589359734f7f62f9dc953ec558946dcdbe6951e3.yara
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: de003542-80e1-4aa0-9b99-ed8647a93a6e
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 68dbbf7551556cc1f85b2bb03549cc7a
-    SHA1: 21dcf78975dc9df6628e8624a56408ac66dd5218
-    SHA256: 539aa921b5352ab385430e1608ac5c0ae36f35e678d471b7a5994ec7c02eadea
-  Company: Windows (R) Server 2003 DDK provider
-  Copyright: "\xA9 Microsoft Corporation. All rights reserved."
-  CreationTimestamp: '2007-07-13 07:25:20'
-  Date: ''
-  Description: CPUID Driver
-  ExportedFunctions: ''
-  FileVersion: '5.2.3790.0 built by: WinDDK'
-  Filename: cpuz_x64.sys
-  ImportedFunctions:
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - MmMapIoSpace
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - RtlUnwindEx
-  - MmUnmapIoSpace
-  - PsGetVersion
-  - IofCompleteRequest
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: cpuz.sys
-  MD5: 7d46d0ddaf8c7e1776a70c220bf47524
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: cpuz.sys
-  Product: Windows (R) Server 2003 DDK driver
-  ProductVersion: 5.2.3790.0
-  Publisher: CPUID
-  RichPEHeaderHash:
-    MD5: 29339b41fb0fed00ae9eb44e9e39db59
-    SHA1: a652b46d2a5bb2fb679ab38ba95541160b0f7b1a
-    SHA256: 127f6fbd7b28284c861dace6b6d2c12944ed05ae93ad8085eff9acc145917973
-  SHA1: d2e6fc9259420f0c9b6b1769be3b1f63eb36dc57
-  SHA256: 3871e16758a1778907667f78589359734f7f62f9dc953ec558946dcdbe6951e3
-  Sections:
-    .text:
-      Entropy: 5.910901072438337
-      Virtual Size: '0x1294'
-    .rdata:
-      Entropy: 4.629269752704382
-      Virtual Size: '0x3bc'
-    .data:
-      Entropy: 0.6699250014423124
-      Virtual Size: '0x24'
-    .pdata:
-      Entropy: 3.2898520572409398
-      Virtual Size: '0xc0'
-    INIT:
-      Entropy: 4.263302108012708
-      Virtual Size: '0x1b8'
-    .rsrc:
-      Entropy: 3.3973670313444364
-      Virtual Size: '0x3d8'
-  Signature:
-  - CPUID
-  - VeriSign Class 3 Code Signing 2004 CA
-  - VeriSign Class 3 Public Primary CA
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=CPUID
-      ValidFrom: '2007-02-08 00:00:00'
-      ValidTo: '2009-02-07 23:59:59'
-      Signature: 6ca08361ce69863ade5289039d2e6eaf79729d950a57fc32158e56bc0bfc05ca3b76263b8e8a5e2279522eceed35495c697a2f1b1631e1a4f997c8b2e14cd08a3b4aaeca9f150126f5933e6a29fde1e3ef607f452219582ac034c3f95023fd6c5474008ecea3aab5ba096ae73a3dd76b296d3c8b06a72ca763698e49474d624c22ad57a3d11342be8a6d2a49e4af5893003fcf02900a0fbf4854858cc0468d23b9917cfe59ac8b7058de49ab25bbca0bc67f1f367309deed4827295173fad53932d12ad79b8c70175e640f7917fd60940be86d1af397dd5eb0ecb9e92f9e3dc03f2cbf51e9776b31a8cba38fabd8b27e561f66a5ddad46546d6bc984a6a8d8bc
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 10e29d74903d9c7cd58caa35a0944770
-      Version: 3
-      TBS:
-        MD5: 5e3b5587eb8c553dc279bb241c30689d
-        SHA1: 5b5631ff0033ed753a5c630a4d8d48772050db32
-        SHA256: 9b30d9d9f9fd9c0480c0503dd4ac86649d2cc180d1401ade6dd8048356d7f634
-        SHA384: 1886034ac8dc819ed45b8b48b0225cdb142d53d61bda992ee7e4923276c3c36dffbb0f8d929e1ad20c3437709df2399a
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 10e29d74903d9c7cd58caa35a0944770
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  Imphash: 78eaf4d62617f6b614d318cc70c6548a
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create cpuz_x64.sys binPath=C:\windows\temp\cpuz_x64.sys type=kernel
+        && sc.exe start cpuz_x64.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://github.com/namazso/physmem_drivers
-Tags:
-- cpuz_x64.sys
-Verified: 'TRUE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/3871e16758a1778907667f78589359734f7f62f9dc953ec558946dcdbe6951e3.yara
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 68dbbf7551556cc1f85b2bb03549cc7a
+        SHA1: 21dcf78975dc9df6628e8624a56408ac66dd5218
+        SHA256: 539aa921b5352ab385430e1608ac5c0ae36f35e678d471b7a5994ec7c02eadea
+    Company: Windows (R) Server 2003 DDK provider
+    Copyright: "\xA9 Microsoft Corporation. All rights reserved."
+    CreationTimestamp: '2007-07-13 07:25:20'
+    Date: ''
+    Description: CPUID Driver
+    ExportedFunctions: ''
+    FileVersion: '5.2.3790.0 built by: WinDDK'
+    Filename: cpuz_x64.sys
+    ImportedFunctions:
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - MmMapIoSpace
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - RtlUnwindEx
+    - MmUnmapIoSpace
+    - PsGetVersion
+    - IofCompleteRequest
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: cpuz.sys
+    MD5: 7d46d0ddaf8c7e1776a70c220bf47524
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: cpuz.sys
+    Product: Windows (R) Server 2003 DDK driver
+    ProductVersion: 5.2.3790.0
+    Publisher: CPUID
+    RichPEHeaderHash:
+        MD5: 29339b41fb0fed00ae9eb44e9e39db59
+        SHA1: a652b46d2a5bb2fb679ab38ba95541160b0f7b1a
+        SHA256: 127f6fbd7b28284c861dace6b6d2c12944ed05ae93ad8085eff9acc145917973
+    SHA1: d2e6fc9259420f0c9b6b1769be3b1f63eb36dc57
+    SHA256: 3871e16758a1778907667f78589359734f7f62f9dc953ec558946dcdbe6951e3
+    Sections:
+        .text:
+            Entropy: 5.910901072438337
+            Virtual Size: '0x1294'
+        .rdata:
+            Entropy: 4.629269752704382
+            Virtual Size: '0x3bc'
+        .data:
+            Entropy: 0.6699250014423124
+            Virtual Size: '0x24'
+        .pdata:
+            Entropy: 3.2898520572409398
+            Virtual Size: '0xc0'
+        INIT:
+            Entropy: 4.263302108012708
+            Virtual Size: '0x1b8'
+        .rsrc:
+            Entropy: 3.3973670313444364
+            Virtual Size: '0x3d8'
+    Signature:
+    - CPUID
+    - VeriSign Class 3 Code Signing 2004 CA
+    - VeriSign Class 3 Public Primary CA
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=CPUID
+            ValidFrom: '2007-02-08 00:00:00'
+            ValidTo: '2009-02-07 23:59:59'
+            Signature: 6ca08361ce69863ade5289039d2e6eaf79729d950a57fc32158e56bc0bfc05ca3b76263b8e8a5e2279522eceed35495c697a2f1b1631e1a4f997c8b2e14cd08a3b4aaeca9f150126f5933e6a29fde1e3ef607f452219582ac034c3f95023fd6c5474008ecea3aab5ba096ae73a3dd76b296d3c8b06a72ca763698e49474d624c22ad57a3d11342be8a6d2a49e4af5893003fcf02900a0fbf4854858cc0468d23b9917cfe59ac8b7058de49ab25bbca0bc67f1f367309deed4827295173fad53932d12ad79b8c70175e640f7917fd60940be86d1af397dd5eb0ecb9e92f9e3dc03f2cbf51e9776b31a8cba38fabd8b27e561f66a5ddad46546d6bc984a6a8d8bc
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 10e29d74903d9c7cd58caa35a0944770
+            Version: 3
+            TBS:
+                MD5: 5e3b5587eb8c553dc279bb241c30689d
+                SHA1: 5b5631ff0033ed753a5c630a4d8d48772050db32
+                SHA256: 9b30d9d9f9fd9c0480c0503dd4ac86649d2cc180d1401ade6dd8048356d7f634
+                SHA384: 1886034ac8dc819ed45b8b48b0225cdb142d53d61bda992ee7e4923276c3c36dffbb0f8d929e1ad20c3437709df2399a
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 10e29d74903d9c7cd58caa35a0944770
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    Imphash: 78eaf4d62617f6b614d318cc70c6548a
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/de365e80-45cb-48fb-af6e-0a96a5ad7777.yaml b/yaml/de365e80-45cb-48fb-af6e-0a96a5ad7777.yaml
index 89708ec80..439cdd09a 100644
--- a/yaml/de365e80-45cb-48fb-af6e-0a96a5ad7777.yaml
+++ b/yaml/de365e80-45cb-48fb-af6e-0a96a5ad7777.yaml
@@ -1,147 +1,147 @@
-Acknowledgement:
-  Handle: '@zwclose'
-  Person: zwclose
+Id: de365e80-45cb-48fb-af6e-0a96a5ad7777
+Tags:
+- CtiIo64.sys
+Verified: 'True'
 Author: zwclose
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create CtiIo64.sys binPath=C:\windows\temp\CtiIo64.sys type=kernel
-    && sc.exe start CtiIo64.sys
-  Description: The driver is part of Dragon Center (or MSI Center?) from MSI. It creates
-    \Device\CtiIo ACLless DO and provides access to memory and IO. The driver is signed
-    with WHQL cert.
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-05-22'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/2121a2bb8ebbf2e6e82c782b6f3c6b7904f686aa495def25cf1cf52a42e16109.yara
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: de365e80-45cb-48fb-af6e-0a96a5ad7777
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 6bbd44ee42e3bbc6b4acc12fe11d765a
-    SHA1: a19ec41abb65a26116bce1413470271d89d18995
-    SHA256: 2b4af74d74a4380130a1c46d2f1ffe112d87d9d7646540bbbd201c5bd176082b
-  Company: Creative Technology Innovation Co., LTd.
-  Copyright: Copyright (c) 2021 CTI
-  CreationTimestamp: '2021-05-06 21:21:55'
-  Date: ''
-  Description: CTI IO driver
-  ExportedFunctions: ''
-  FileVersion: '1.0 x64 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - RtlInitUnicodeString
-  - DbgPrint
-  - ZwClose
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - IoDeleteSymbolicLink
-  - ZwUnmapViewOfSection
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - ObfDereferenceObject
-  - IoDeleteDevice
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: CtiIo64.sys
-  MD5: 3f8cdaf7413000d34d6a1a1d5341a11b
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: CtiIo64.sys
-  Product: CtiIo64 Driver Version 1.0
-  ProductVersion: 1.0 x64
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: ca146dde5be4c188affdff2cb309138f
-    SHA1: 2ccd48af92b211fe134d5fa3c7888b95d648825e
-    SHA256: 1a49f88636cc1a3ab481d8a17a6bc61de8a93ff1dc8b6253dcc5e3cbcaac827c
-  SHA1: c1c869deee6293eee3d0d84b6706d90fab8f8558
-  SHA256: 2121a2bb8ebbf2e6e82c782b6f3c6b7904f686aa495def25cf1cf52a42e16109
-  Sections:
-    .text:
-      Entropy: 6.003998833007615
-      Virtual Size: '0xe45'
-    .rdata:
-      Entropy: 4.524233693641258
-      Virtual Size: '0x198'
-    .data:
-      Entropy: 0.5014196173403422
-      Virtual Size: '0x130'
-    .pdata:
-      Entropy: 2.8847894065764192
-      Virtual Size: '0x54'
-    INIT:
-      Entropy: 4.780729528841017
-      Virtual Size: '0x262'
-    .rsrc:
-      Entropy: 3.348289734887143
-      Virtual Size: '0x3a0'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Hardware Compatibility Publisher
-      ValidFrom: '2020-12-15 22:25:28'
-      ValidTo: '2021-12-02 22:25:28'
-      Signature: 3a8e15af3660c47a1def4303906af38b6ca69186409b4f44ebe8106ece701f6e00e734fe1d0bb290d1496c3f17859e1f9ff1f31080dd8bfd2bb5013956c2f49ffe73916654f04c35b9df2fb27c55a71df3d8e1f25185d398abed244b42e27741c0b1c953c139c011b801f00e80ea992005a1305dd65bcb2032790b0d87636b75d2fb8f431546cd906ab0a55083a26d2649d822871b6aacd1b4d8c74ea2366903eeb318e7826db64e3a858d6377cf2f9a628f21d6ef65279603c18d25d365dd370cef1a45527deec589a331a221c909a8b0d2010d078970678c648d62168056e3b775233eac20e50cc039a85900749f627a419e8959fcf21efc89da76426107e43261ccdcaebad659b89abfdd5d1a78e9d438868b9ff58cac5176bddff8c8dd11008ed72ed249bb7d78af559b04561e6b44aae7846b103d2db8c0e31a5f661851f97acba0757b474c1caa49cf8eed86de15a4118743a418b6b415e7770265801ba51061b5d32125ed5ba1e27fe83ac795f9cc868949b14d59eb4f596763da9102f9e6ae8fe92de61d68af67a906e0be424f5c81dcecd4d190953a66384c3b5fe33f7b402a0934c2befd4a51b2f2850ef05e156fc4e1460eab2f67e3cbc999db761f57970ccafbc49040e999965f5306c1f5c90ce172d889a3aa63ec502a60020b2a7b4fff562b9dc5c50a8e06bc52f04ff0fe535591e2e6b7325239666152819a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 33000000433a68189e33902987000000000043
-      Version: 3
-      TBS:
-        MD5: 3d790bd5602e84a4aa8560133ced0a41
-        SHA1: 909e31e3e3808ab55d508fc0ba47e0132a57d7ab
-        SHA256: ac1acbcba260f10270527c3762457c1b96818466df9da51dfec3b147c90db453
-        SHA384: c548f472f381df2da149c036e2f47be20293838eb23adce5e1b0ad1ba1fe8c33f688528452146c87dcb26070a2a23ced
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2014
-      ValidFrom: '2014-10-15 20:31:27'
-      ValidTo: '2029-10-15 20:41:27'
-      Signature: 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 330000000d690d5d7893d076df00000000000d
-      Version: 3
-      TBS:
-        MD5: 83f69422963f11c3c340b81712eef319
-        SHA1: 0c5e5f24590b53bc291e28583acb78e5adc95601
-        SHA256: d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
-        SHA384: 260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63
-    Signer:
-    - SerialNumber: 33000000433a68189e33902987000000000043
-      Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2014
-      Version: 1
-  Imphash: 8a424cd36ae3eab0d11332ce3b982a02
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create CtiIo64.sys binPath=C:\windows\temp\CtiIo64.sys type=kernel
+        && sc.exe start CtiIo64.sys
+    Description: The driver is part of Dragon Center (or MSI Center?) from MSI. It
+        creates \Device\CtiIo ACLless DO and provides access to memory and IO. The
+        driver is signed with WHQL cert.
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://github.com/magicsword-io/LOLDrivers/pull/81
-Tags:
-- CtiIo64.sys
-Verified: 'True'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/2121a2bb8ebbf2e6e82c782b6f3c6b7904f686aa495def25cf1cf52a42e16109.yara
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: '@zwclose'
+    Person: zwclose
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 6bbd44ee42e3bbc6b4acc12fe11d765a
+        SHA1: a19ec41abb65a26116bce1413470271d89d18995
+        SHA256: 2b4af74d74a4380130a1c46d2f1ffe112d87d9d7646540bbbd201c5bd176082b
+    Company: Creative Technology Innovation Co., LTd.
+    Copyright: Copyright (c) 2021 CTI
+    CreationTimestamp: '2021-05-06 21:21:55'
+    Date: ''
+    Description: CTI IO driver
+    ExportedFunctions: ''
+    FileVersion: '1.0 x64 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - RtlInitUnicodeString
+    - DbgPrint
+    - ZwClose
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - IoDeleteSymbolicLink
+    - ZwUnmapViewOfSection
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - ObfDereferenceObject
+    - IoDeleteDevice
+    - HalTranslateBusAddress
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: CtiIo64.sys
+    MD5: 3f8cdaf7413000d34d6a1a1d5341a11b
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: CtiIo64.sys
+    Product: CtiIo64 Driver Version 1.0
+    ProductVersion: 1.0 x64
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: ca146dde5be4c188affdff2cb309138f
+        SHA1: 2ccd48af92b211fe134d5fa3c7888b95d648825e
+        SHA256: 1a49f88636cc1a3ab481d8a17a6bc61de8a93ff1dc8b6253dcc5e3cbcaac827c
+    SHA1: c1c869deee6293eee3d0d84b6706d90fab8f8558
+    SHA256: 2121a2bb8ebbf2e6e82c782b6f3c6b7904f686aa495def25cf1cf52a42e16109
+    Sections:
+        .text:
+            Entropy: 6.003998833007615
+            Virtual Size: '0xe45'
+        .rdata:
+            Entropy: 4.524233693641258
+            Virtual Size: '0x198'
+        .data:
+            Entropy: 0.5014196173403422
+            Virtual Size: '0x130'
+        .pdata:
+            Entropy: 2.8847894065764192
+            Virtual Size: '0x54'
+        INIT:
+            Entropy: 4.780729528841017
+            Virtual Size: '0x262'
+        .rsrc:
+            Entropy: 3.348289734887143
+            Virtual Size: '0x3a0'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Hardware Compatibility Publisher
+            ValidFrom: '2020-12-15 22:25:28'
+            ValidTo: '2021-12-02 22:25:28'
+            Signature: 3a8e15af3660c47a1def4303906af38b6ca69186409b4f44ebe8106ece701f6e00e734fe1d0bb290d1496c3f17859e1f9ff1f31080dd8bfd2bb5013956c2f49ffe73916654f04c35b9df2fb27c55a71df3d8e1f25185d398abed244b42e27741c0b1c953c139c011b801f00e80ea992005a1305dd65bcb2032790b0d87636b75d2fb8f431546cd906ab0a55083a26d2649d822871b6aacd1b4d8c74ea2366903eeb318e7826db64e3a858d6377cf2f9a628f21d6ef65279603c18d25d365dd370cef1a45527deec589a331a221c909a8b0d2010d078970678c648d62168056e3b775233eac20e50cc039a85900749f627a419e8959fcf21efc89da76426107e43261ccdcaebad659b89abfdd5d1a78e9d438868b9ff58cac5176bddff8c8dd11008ed72ed249bb7d78af559b04561e6b44aae7846b103d2db8c0e31a5f661851f97acba0757b474c1caa49cf8eed86de15a4118743a418b6b415e7770265801ba51061b5d32125ed5ba1e27fe83ac795f9cc868949b14d59eb4f596763da9102f9e6ae8fe92de61d68af67a906e0be424f5c81dcecd4d190953a66384c3b5fe33f7b402a0934c2befd4a51b2f2850ef05e156fc4e1460eab2f67e3cbc999db761f57970ccafbc49040e999965f5306c1f5c90ce172d889a3aa63ec502a60020b2a7b4fff562b9dc5c50a8e06bc52f04ff0fe535591e2e6b7325239666152819a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 33000000433a68189e33902987000000000043
+            Version: 3
+            TBS:
+                MD5: 3d790bd5602e84a4aa8560133ced0a41
+                SHA1: 909e31e3e3808ab55d508fc0ba47e0132a57d7ab
+                SHA256: ac1acbcba260f10270527c3762457c1b96818466df9da51dfec3b147c90db453
+                SHA384: c548f472f381df2da149c036e2f47be20293838eb23adce5e1b0ad1ba1fe8c33f688528452146c87dcb26070a2a23ced
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2014
+            ValidFrom: '2014-10-15 20:31:27'
+            ValidTo: '2029-10-15 20:41:27'
+            Signature: 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 330000000d690d5d7893d076df00000000000d
+            Version: 3
+            TBS:
+                MD5: 83f69422963f11c3c340b81712eef319
+                SHA1: 0c5e5f24590b53bc291e28583acb78e5adc95601
+                SHA256: d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
+                SHA384: 260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63
+        Signer:
+        -   SerialNumber: 33000000433a68189e33902987000000000043
+            Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2014
+            Version: 1
+    Imphash: 8a424cd36ae3eab0d11332ce3b982a02
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/de4dd27a-1f7e-4271-98a4-55395ab6aabf.yaml b/yaml/de4dd27a-1f7e-4271-98a4-55395ab6aabf.yaml
index 586fd41ca..a9618ffed 100644
--- a/yaml/de4dd27a-1f7e-4271-98a4-55395ab6aabf.yaml
+++ b/yaml/de4dd27a-1f7e-4271-98a4-55395ab6aabf.yaml
@@ -1,197 +1,198 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
-Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create BS_I2c64.sys binPath=C:\windows\temp\BS_I2c64.sys type=kernel
-    && sc.exe start BS_I2c64.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
-Created: '2023-01-09'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/55fee54c0d0d873724864dc0b2a10b38b7f40300ee9cae4d9baaf8a202c4049a.yara
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
 Id: de4dd27a-1f7e-4271-98a4-55395ab6aabf
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: bcc1ae726001fdbabb8159e3b333f3fd
-    SHA1: 7885fb33d8800fa3c036252af70e0a8391ab367d
-    SHA256: 85ac17aec836d5125db7407d2dc3af8e5b01241fea781b2fd55aae796b3912b4
-  Company: BIOSTAR Group
-  Copyright: Copyright (c) 2002-2006 BIOSTAR Group
-  CreationTimestamp: '2008-06-16 00:45:18'
-  Date: ''
-  Description: I/O Interface driver file
-  ExportedFunctions: ''
-  FileVersion: 1, 1, 0, 0
-  Filename: BS_I2c64.sys
-  ImportedFunctions:
-  - IoDeleteSymbolicLink
-  - IoStartNextPacket
-  - IoReleaseCancelSpinLock
-  - IoAcquireCancelSpinLock
-  - MmUnmapIoSpace
-  - RtlInitUnicodeString
-  - KeRemoveEntryDeviceQueue
-  - IofCompleteRequest
-  - IoStartPacket
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - MmMapIoSpace
-  - IoDeleteDevice
-  - HalSetBusDataByOffset
-  - HalTranslateBusAddress
-  - HalGetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: I/O driver
-  MD5: 83601bbe5563d92c1fdb4e960d84dc77
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: BS_I2cIo.sys
-  Product: BIOSTAR I/O driver fle
-  ProductVersion: 1, 1, 0, 0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 195c2f6f9da1c18b845a8235fb390cd2
-    SHA1: 0c7f02af8aa0a5340fcd1c53a328c6373fef5c03
-    SHA256: e844831f6e05858085e47445dd5d7ea20e3d88f8220209b4098e76f0581f4bf1
-  SHA1: dc55217b6043d819eadebd423ff07704ee103231
-  SHA256: 55fee54c0d0d873724864dc0b2a10b38b7f40300ee9cae4d9baaf8a202c4049a
-  Sections:
-    .text:
-      Entropy: 5.977257057316772
-      Virtual Size: '0x9d0'
-    .rdata:
-      Entropy: 4.457181754135786
-      Virtual Size: '0x1c8'
-    .data:
-      Entropy: 0.5035334969292564
-      Virtual Size: '0x118'
-    .pdata:
-      Entropy: 3.26210477374917
-      Virtual Size: '0x9c'
-    PAGE:
-      Entropy: 4.61606579250549
-      Virtual Size: '0xaa'
-    INIT:
-      Entropy: 5.409774533805617
-      Virtual Size: '0x4c8'
-    .rsrc:
-      Entropy: 3.2773872054400512
-      Virtual Size: '0x408'
-  Signature:
-  - BIOSTAR MICROTECH INT'L CORP
-  - VeriSign Class 3 Code Signing 2004 CA
-  - VeriSign Class 3 Public Primary CA
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=TW, ST=TAIPEI HSIEN, L=HSIN TIEN, O=BIOSTAR MICROTECH INT'L CORP,
-        OU=Digital ID Class 3 , Microsoft Software Validation v2, OU=BMA;BMG, CN=BIOSTAR
-        MICROTECH INT'L CORP
-      ValidFrom: '2007-10-16 00:00:00'
-      ValidTo: '2010-10-20 23:59:59'
-      Signature: bd6d9abbee60d79e542436d85a6a1ee7cf79e08e0947e5c74d227cdf7e710069e4a5ea9faf821e4e8a98fc8619b24ec41be8cd2d54b65778405c0b1a159184f671bacc976999c08a1df6013408976dbc9ba5dc5001e7da5ca2eef4109b4f57b700d897913a855e00ccf5a96de2b8fa9878e8353e0b7a7753d01cb7b9b47504a9f28629acc9643e4c35f2133362bbfb5adc633501cac7d6553cf553c52998f600043e4030fcc5740ad575b0820f4a0088e77c78e1b5e64b48c2553c362e3a771c2ebe604f28c42db392098e120af5fe67fe7d8b241213f418800a43ecd1759d1c68e54e20cd6ba2cc2ccbb4b189a9a9920b146e8855239a91dd3e01cd640dbadc
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 4d3675c15944120a97b4ae294ec73245
-      Version: 3
-      TBS:
-        MD5: cbfbaff87f669eacfde92e03144f8153
-        SHA1: d987a82fe339ac9a7cb97d23cd96c11956297c80
-        SHA256: a2317d4c2d54ed475cd9ee6aa1efd246cdbe958ac75890266d97cd031e9506ba
-        SHA384: 4b276b6003eae035fe7da57555f1875f04df1bc81ebc82eb66cbdd9f70edc981060f0445a7759b7d027b3414b36fceb3
-    Signer:
-    - SerialNumber: 4d3675c15944120a97b4ae294ec73245
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  Imphash: 07a513d1599c93bd34f01323b1ef7430
-  LoadsDespiteHVCI: 'FALSE'
-MitreID: T1068
-Resources:
-- https://github.com/eclypsium/Screwed-Drivers/blob/master/DRIVERS.md
 Tags:
 - BS_I2c64.sys
 - BS_I2cIo.sys
 Verified: 'TRUE'
+Author: Michael Haag
+Created: '2023-01-09'
+MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create BS_I2c64.sys binPath=C:\windows\temp\BS_I2c64.sys type=kernel
+        && sc.exe start BS_I2c64.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
+Resources:
+- https://github.com/eclypsium/Screwed-Drivers/blob/master/DRIVERS.md
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/55fee54c0d0d873724864dc0b2a10b38b7f40300ee9cae4d9baaf8a202c4049a.yara
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: bcc1ae726001fdbabb8159e3b333f3fd
+        SHA1: 7885fb33d8800fa3c036252af70e0a8391ab367d
+        SHA256: 85ac17aec836d5125db7407d2dc3af8e5b01241fea781b2fd55aae796b3912b4
+    Company: BIOSTAR Group
+    Copyright: Copyright (c) 2002-2006 BIOSTAR Group
+    CreationTimestamp: '2008-06-16 00:45:18'
+    Date: ''
+    Description: I/O Interface driver file
+    ExportedFunctions: ''
+    FileVersion: 1, 1, 0, 0
+    Filename: BS_I2c64.sys
+    ImportedFunctions:
+    - IoDeleteSymbolicLink
+    - IoStartNextPacket
+    - IoReleaseCancelSpinLock
+    - IoAcquireCancelSpinLock
+    - MmUnmapIoSpace
+    - RtlInitUnicodeString
+    - KeRemoveEntryDeviceQueue
+    - IofCompleteRequest
+    - IoStartPacket
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - MmMapIoSpace
+    - IoDeleteDevice
+    - HalSetBusDataByOffset
+    - HalTranslateBusAddress
+    - HalGetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: I/O driver
+    MD5: 83601bbe5563d92c1fdb4e960d84dc77
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: BS_I2cIo.sys
+    Product: BIOSTAR I/O driver fle
+    ProductVersion: 1, 1, 0, 0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 195c2f6f9da1c18b845a8235fb390cd2
+        SHA1: 0c7f02af8aa0a5340fcd1c53a328c6373fef5c03
+        SHA256: e844831f6e05858085e47445dd5d7ea20e3d88f8220209b4098e76f0581f4bf1
+    SHA1: dc55217b6043d819eadebd423ff07704ee103231
+    SHA256: 55fee54c0d0d873724864dc0b2a10b38b7f40300ee9cae4d9baaf8a202c4049a
+    Sections:
+        .text:
+            Entropy: 5.977257057316772
+            Virtual Size: '0x9d0'
+        .rdata:
+            Entropy: 4.457181754135786
+            Virtual Size: '0x1c8'
+        .data:
+            Entropy: 0.5035334969292564
+            Virtual Size: '0x118'
+        .pdata:
+            Entropy: 3.26210477374917
+            Virtual Size: '0x9c'
+        PAGE:
+            Entropy: 4.61606579250549
+            Virtual Size: '0xaa'
+        INIT:
+            Entropy: 5.409774533805617
+            Virtual Size: '0x4c8'
+        .rsrc:
+            Entropy: 3.2773872054400512
+            Virtual Size: '0x408'
+    Signature:
+    - BIOSTAR MICROTECH INT'L CORP
+    - VeriSign Class 3 Code Signing 2004 CA
+    - VeriSign Class 3 Public Primary CA
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=TW, ST=TAIPEI HSIEN, L=HSIN TIEN, O=BIOSTAR MICROTECH INT'L
+                CORP, OU=Digital ID Class 3 , Microsoft Software Validation v2, OU=BMA;BMG,
+                CN=BIOSTAR MICROTECH INT'L CORP
+            ValidFrom: '2007-10-16 00:00:00'
+            ValidTo: '2010-10-20 23:59:59'
+            Signature: bd6d9abbee60d79e542436d85a6a1ee7cf79e08e0947e5c74d227cdf7e710069e4a5ea9faf821e4e8a98fc8619b24ec41be8cd2d54b65778405c0b1a159184f671bacc976999c08a1df6013408976dbc9ba5dc5001e7da5ca2eef4109b4f57b700d897913a855e00ccf5a96de2b8fa9878e8353e0b7a7753d01cb7b9b47504a9f28629acc9643e4c35f2133362bbfb5adc633501cac7d6553cf553c52998f600043e4030fcc5740ad575b0820f4a0088e77c78e1b5e64b48c2553c362e3a771c2ebe604f28c42db392098e120af5fe67fe7d8b241213f418800a43ecd1759d1c68e54e20cd6ba2cc2ccbb4b189a9a9920b146e8855239a91dd3e01cd640dbadc
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 4d3675c15944120a97b4ae294ec73245
+            Version: 3
+            TBS:
+                MD5: cbfbaff87f669eacfde92e03144f8153
+                SHA1: d987a82fe339ac9a7cb97d23cd96c11956297c80
+                SHA256: a2317d4c2d54ed475cd9ee6aa1efd246cdbe958ac75890266d97cd031e9506ba
+                SHA384: 4b276b6003eae035fe7da57555f1875f04df1bc81ebc82eb66cbdd9f70edc981060f0445a7759b7d027b3414b36fceb3
+        Signer:
+        -   SerialNumber: 4d3675c15944120a97b4ae294ec73245
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    Imphash: 07a513d1599c93bd34f01323b1ef7430
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/de62baae-872d-4e9a-b6d9-b0ac99854c66.yaml b/yaml/de62baae-872d-4e9a-b6d9-b0ac99854c66.yaml
index 694f15f39..19b858ba3 100644
--- a/yaml/de62baae-872d-4e9a-b6d9-b0ac99854c66.yaml
+++ b/yaml/de62baae-872d-4e9a-b6d9-b0ac99854c66.yaml
@@ -1,134 +1,134 @@
 Id: de62baae-872d-4e9a-b6d9-b0ac99854c66
+Tags:
+- Chaos-Rootkit.sys
+Verified: 'TRUE'
 Author: goosvorbook
 Created: '2024-06-20'
 MitreID: T1068
 Category: vulnerable driver
-Verified: 'TRUE'
 Commands:
-  Command: sc.exe create Chaos-Rootkit.sys binPath=C:\windows\temp\Chaos-Rootkit.sys
-    type=kernel && sc.exe start Chaos-Rootkit.sys
-  Description: Chaos-Rootkit is a x64 ring0 rootkit with process hiding, privilege
-    escalation, and capabilities for protecting and unprotecting processes and ability
-    to restrict access to files except for whitelisted process work seamlessly on
-    the latest Windows versions.
-  Usecase: Elevate privileges
-  Privileges: kernel
-  OperatingSystem: Windows 11
+    Command: sc.exe create Chaos-Rootkit.sys binPath=C:\windows\temp\Chaos-Rootkit.sys
+        type=kernel && sc.exe start Chaos-Rootkit.sys
+    Description: Chaos-Rootkit is a x64 ring0 rootkit with process hiding, privilege
+        escalation, and capabilities for protecting and unprotecting processes and
+        ability to restrict access to files except for whitelisted process work seamlessly
+        on the latest Windows versions.
+    Usecase: Elevate privileges
+    Privileges: kernel
+    OperatingSystem: Windows 11
 Resources:
 - https://github.com/ZeroMemoryEx/Chaos-Rootkit
-Acknowledgement:
-  Person: ''
-  Handle: ''
 Detection: []
+Acknowledgement:
+    Person: ''
+    Handle: ''
 KnownVulnerableSamples:
-- Filename: ''
-  MD5: 443e8d915c04c370b7c31bb5f11ebab7
-  SHA1: c3f8b7f0995073abb58c2aec1b6062f89fe838a0
-  SHA256: bdc73f752c1353d41e877d8bf42a1c53f0bba7d6f52348aaef60e06f4d3087d0
-  Signature: ''
-  Date: ''
-  Publisher: ''
-  Company: ''
-  Description: ''
-  Product: ''
-  ProductVersion: ''
-  FileVersion: ''
-  MachineType: AMD64
-  OriginalFilename: ''
-  Imphash: 0abe54d37cd1a70ed9041ab7d80318a9
-  Authentihash:
-    MD5: cec49dd8b1dbb091e3d6f8134cee5bdc
-    SHA1: a4b5442d906715caaadc011d0c2fa44cd894dbfe
-    SHA256: 23be3616a4fb4e620f971e4348dc46b7980abca6463be3cb4b83769a955f2810
-  RichPEHeaderHash:
-    MD5: ae12000e18da8fac0c57ef3d7cd3236e
-    SHA1: 803fe53650c7d62f0652d87117cab64e01934e73
-    SHA256: 329187edf745b2d770774d2c1698151b8e63215b7bc7f56dceb4b2894efe0501
-  Sections:
-    .text:
-      Entropy: 5.914594854595524
-      Virtual Size: '0x21c5'
-    .rdata:
-      Entropy: 4.584664357463394
-      Virtual Size: '0xa74'
-    .data:
-      Entropy: 0.9644793977280222
-      Virtual Size: '0x588'
-    .pdata:
-      Entropy: 3.7773529743020946
-      Virtual Size: '0x15c'
-    INIT:
-      Entropy: 4.897285864473433
-      Virtual Size: '0x4f6'
-    .reloc:
-      Entropy: 3.756091254141947
-      Virtual Size: '0x38'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2024-02-24 04:54:46'
-  InternalName: ''
-  Copyright: ''
-  Imports:
-  - FLTMGR.SYS
-  - ntoskrnl.exe
-  - WDFLDR.SYS
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - FltGetRequestorProcessId
-  - KeWaitForSingleObject
-  - ExInitializePushLock
-  - ExAcquirePushLockExclusiveEx
-  - ExReleasePushLockExclusiveEx
-  - MmProbeAndLockPages
-  - MmUnlockPages
-  - MmProtectMdlSystemAddress
-  - MmMapLockedPagesSpecifyCache
-  - MmUnmapLockedPages
-  - IoAllocateMdl
-  - IofCompleteRequest
-  - KeReleaseMutex
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - IoFreeMdl
-  - ObfDereferenceObject
-  - NtCreateFile
-  - PsReferencePrimaryToken
-  - PsLookupProcessByProcessId
-  - PsGetProcessImageFileName
-  - __C_specific_handler
-  - wcsstr
-  - RtlCopyUnicodeString
-  - DbgPrintEx
-  - KeInitializeMutex
-  - RtlGetVersion
-  - DbgPrint
-  - MmGetSystemRoutineAddress
-  - IoCreateDevice
-  - WdfVersionBindClass
-  - WdfVersionUnbind
-  - WdfLdrQueryInterface
-  - WdfVersionBind
-  - WdfVersionUnbindClass
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: CN=WDKTestCert anash,133231280654008727
-      ValidFrom: '2023-03-12 20:54:25'
-      ValidTo: '2033-03-12 00:00:00'
-      Signature: 2877c0544f97abe3532296be49983e1e9b7f4c99ef327222c4b2b6d70194c8d97db7140a51dc6a18a009549aabe1bcb8c95d089917b9fed893b52f0518b649680aab7fdb5af9098de934aede339cee3d3c271ffc25c8d1b188fee3ff9a8b6591ac9f6e21934467db0d7d6595edcc98f3bbaf303202fab533ae82372da8d8b8dee1dcb80312e8ebe140ea9edfac35bf59e909b49edad358761784ffafb590665a6426e9b3fae943864a0484002555a654647e1495e92d9e8dafd00b0e36e30a921ec424e2d4a70d579879bdaaab9bc21824479b905e710ae1269e3fc3695c50811805f163e23590e53c173a79adda0fe1deb674f34fc0adf3cbcf93a4955907f7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 13d597c6ebaaaf994d4463d3387c0dd2
-      Version: 3
-      TBS:
-        MD5: 6b552c6f192fd7c811a7f292b41dd282
-        SHA1: fbd054373b922c03cad87c948c29ed2ed0883910
-        SHA256: e9098f46ff7e02093422a6e4745f420d41fc08c66a95b6f62f09b44297bf35af
-        SHA384: 4b008e59d2ea4c49427250d7da08075c183e7759d91b9defaf47873d9dab76f2b9e17cd95aeee7ca99ea0967a3ceeb0f
-    Signer:
-    - SerialNumber: 13d597c6ebaaaf994d4463d3387c0dd2
-      Issuer: CN=WDKTestCert anash,133231280654008727
-      Version: 1
-Tags:
-- Chaos-Rootkit.sys
+-   Filename: ''
+    MD5: 443e8d915c04c370b7c31bb5f11ebab7
+    SHA1: c3f8b7f0995073abb58c2aec1b6062f89fe838a0
+    SHA256: bdc73f752c1353d41e877d8bf42a1c53f0bba7d6f52348aaef60e06f4d3087d0
+    Signature: ''
+    Date: ''
+    Publisher: ''
+    Company: ''
+    Description: ''
+    Product: ''
+    ProductVersion: ''
+    FileVersion: ''
+    MachineType: AMD64
+    OriginalFilename: ''
+    Imphash: 0abe54d37cd1a70ed9041ab7d80318a9
+    Authentihash:
+        MD5: cec49dd8b1dbb091e3d6f8134cee5bdc
+        SHA1: a4b5442d906715caaadc011d0c2fa44cd894dbfe
+        SHA256: 23be3616a4fb4e620f971e4348dc46b7980abca6463be3cb4b83769a955f2810
+    RichPEHeaderHash:
+        MD5: ae12000e18da8fac0c57ef3d7cd3236e
+        SHA1: 803fe53650c7d62f0652d87117cab64e01934e73
+        SHA256: 329187edf745b2d770774d2c1698151b8e63215b7bc7f56dceb4b2894efe0501
+    Sections:
+        .text:
+            Entropy: 5.914594854595524
+            Virtual Size: '0x21c5'
+        .rdata:
+            Entropy: 4.584664357463394
+            Virtual Size: '0xa74'
+        .data:
+            Entropy: 0.9644793977280222
+            Virtual Size: '0x588'
+        .pdata:
+            Entropy: 3.7773529743020946
+            Virtual Size: '0x15c'
+        INIT:
+            Entropy: 4.897285864473433
+            Virtual Size: '0x4f6'
+        .reloc:
+            Entropy: 3.756091254141947
+            Virtual Size: '0x38'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2024-02-24 04:54:46'
+    InternalName: ''
+    Copyright: ''
+    Imports:
+    - FLTMGR.SYS
+    - ntoskrnl.exe
+    - WDFLDR.SYS
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - FltGetRequestorProcessId
+    - KeWaitForSingleObject
+    - ExInitializePushLock
+    - ExAcquirePushLockExclusiveEx
+    - ExReleasePushLockExclusiveEx
+    - MmProbeAndLockPages
+    - MmUnlockPages
+    - MmProtectMdlSystemAddress
+    - MmMapLockedPagesSpecifyCache
+    - MmUnmapLockedPages
+    - IoAllocateMdl
+    - IofCompleteRequest
+    - KeReleaseMutex
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - IoFreeMdl
+    - ObfDereferenceObject
+    - NtCreateFile
+    - PsReferencePrimaryToken
+    - PsLookupProcessByProcessId
+    - PsGetProcessImageFileName
+    - __C_specific_handler
+    - wcsstr
+    - RtlCopyUnicodeString
+    - DbgPrintEx
+    - KeInitializeMutex
+    - RtlGetVersion
+    - DbgPrint
+    - MmGetSystemRoutineAddress
+    - IoCreateDevice
+    - WdfVersionBindClass
+    - WdfVersionUnbind
+    - WdfLdrQueryInterface
+    - WdfVersionBind
+    - WdfVersionUnbindClass
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: CN=WDKTestCert anash,133231280654008727
+            ValidFrom: '2023-03-12 20:54:25'
+            ValidTo: '2033-03-12 00:00:00'
+            Signature: 2877c0544f97abe3532296be49983e1e9b7f4c99ef327222c4b2b6d70194c8d97db7140a51dc6a18a009549aabe1bcb8c95d089917b9fed893b52f0518b649680aab7fdb5af9098de934aede339cee3d3c271ffc25c8d1b188fee3ff9a8b6591ac9f6e21934467db0d7d6595edcc98f3bbaf303202fab533ae82372da8d8b8dee1dcb80312e8ebe140ea9edfac35bf59e909b49edad358761784ffafb590665a6426e9b3fae943864a0484002555a654647e1495e92d9e8dafd00b0e36e30a921ec424e2d4a70d579879bdaaab9bc21824479b905e710ae1269e3fc3695c50811805f163e23590e53c173a79adda0fe1deb674f34fc0adf3cbcf93a4955907f7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 13d597c6ebaaaf994d4463d3387c0dd2
+            Version: 3
+            TBS:
+                MD5: 6b552c6f192fd7c811a7f292b41dd282
+                SHA1: fbd054373b922c03cad87c948c29ed2ed0883910
+                SHA256: e9098f46ff7e02093422a6e4745f420d41fc08c66a95b6f62f09b44297bf35af
+                SHA384: 4b008e59d2ea4c49427250d7da08075c183e7759d91b9defaf47873d9dab76f2b9e17cd95aeee7ca99ea0967a3ceeb0f
+        Signer:
+        -   SerialNumber: 13d597c6ebaaaf994d4463d3387c0dd2
+            Issuer: CN=WDKTestCert anash,133231280654008727
+            Version: 1
diff --git a/yaml/dfce8b0f-d857-4808-80ef-61273c7a4183.yaml b/yaml/dfce8b0f-d857-4808-80ef-61273c7a4183.yaml
index 57ea8c29f..ad9a56070 100644
--- a/yaml/dfce8b0f-d857-4808-80ef-61273c7a4183.yaml
+++ b/yaml/dfce8b0f-d857-4808-80ef-61273c7a4183.yaml
@@ -1,218 +1,218 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: dfce8b0f-d857-4808-80ef-61273c7a4183
+Tags:
+- Dh_Kernel_10.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create Dh_Kernel_10.sys binPath=C:\windows\temp\Dh_Kernel_10.sys     type=kernel
-    && sc.exe start Dh_Kernel_10.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/80cbba9f404df3e642f22c476664d63d7c229d45d34f5cd0e19c65eb41becec3.yara
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: dfce8b0f-d857-4808-80ef-61273c7a4183
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: df4f1e566667e15b3d81c5c3e50e97ca
-    SHA1: b92959042d232605abba254bc0368b87ec047079
-    SHA256: c786f3ca229da18b2806af4d57ecad603859ee548549b19f71a623f477fc740e
-  Company: YY Inc.
-  Copyright: "Copyright \xA9 2007-2017 YY Inc. All rights reserved."
-  CreationTimestamp: '2018-01-18 21:39:35'
-  Date: ''
-  Description: dianhu
-  ExportedFunctions: ''
-  FileVersion: 1.0.99
-  Filename: Dh_Kernel_10.sys
-  ImportedFunctions:
-  - ExAllocatePool
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - ProbeForRead
-  - MmProbeAndLockPages
-  - MmBuildMdlForNonPagedPool
-  - MmMapLockedPages
-  - MmUnmapLockedPages
-  - MmCreateMdl
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - KeInitializeSpinLock
-  - ObfDereferenceObject
-  - MmIsAddressValid
-  - KeAttachProcess
-  - KeDetachProcess
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - PsLookupProcessByProcessId
-  - PsGetProcessSectionBaseAddress
-  - __C_specific_handler
-  - RtlCopyUnicodeString
-  - DbgPrintEx
-  - MmGetSystemRoutineAddress
-  - RtlInitUnicodeString
-  - IoFreeMdl
-  - _stricmp
-  - WdfVersionBindClass
-  - WdfVersionUnbind
-  - WdfVersionBind
-  - WdfVersionUnbindClass
-  Imports:
-  - ntoskrnl.exe
-  - WDFLDR.SYS
-  InternalName: ''
-  MD5: 51207adb8dab983332d6b22c29fe8129
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: dianhu
-  ProductVersion: 1.0.99
-  Publisher: YY Inc.
-  RichPEHeaderHash:
-    MD5: dd59fbf2d4f15f7be042491384066375
-    SHA1: 4d812db21605baf50ff41aac70f12e08500f6d36
-    SHA256: 9cd17189761d0a6cc7a9a1c58234197625327c8bdb61dbc2785749f0877cca23
-  SHA1: ddbe809b731a0962e404a045ab9e65a0b64917ad
-  SHA256: 80cbba9f404df3e642f22c476664d63d7c229d45d34f5cd0e19c65eb41becec3
-  Sections:
-    .text:
-      Entropy: 6.123630314203942
-      Virtual Size: '0x1670'
-    .rdata:
-      Entropy: 4.068632989833302
-      Virtual Size: '0x758'
-    .data:
-      Entropy: 0.6055098552416325
-      Virtual Size: '0x360'
-    .pdata:
-      Entropy: 3.8977003523597156
-      Virtual Size: '0x180'
-    .gfids:
-      Entropy: 0.8112781244591328
-      Virtual Size: '0x4'
-    INIT:
-      Entropy: 4.873962088217271
-      Virtual Size: '0x484'
-    .rsrc:
-      Entropy: 3.2019276464793474
-      Virtual Size: '0x468'
-    .reloc:
-      Entropy: 3.066603109673247
-      Virtual Size: '0x28'
-  Signature:
-  - YY Inc.
-  - VeriSign Class 3 Code Signing 2010 CA
-  - VeriSign
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=CN, ST=Guangdong, L=Guangzhou, O=YY Inc., OU=PM, CN=YY Inc.
-      ValidFrom: '2015-07-17 00:00:00'
-      ValidTo: '2018-10-15 23:59:59'
-      Signature: d4ce401727e18291036ff6c80bbc6345f4a165c55b6068af11d818772ceb6767e1d9b1b825acfe295bea0c2c2394dd1c04df89e70de7f9deae21ea00853299fc7b22a8e2d20558247695d870fead281c48d6ad4b2075958924d3436d456c6d649b4fd4098c23154a83c40c39273ddcf400a547c68da9db339fe845205865f78d32933bb6a161539c4c07c972411907ece60770fdcc02a683d8f46980e5432c1af11cc684a9a681311ca440b068ce32a0cb2e446aade3829376fc6407d11c8d4f7ad253f45e95673a272aac9f1a1ad9156f9059f34dc444860e40e33847b0d629fe8097f9e82371973e7236de9a5b4bad1840b7961b81f9b7fcb6510e180a5a18
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 53603f0f228be591521b9822ca852ad4
-      Version: 3
-      TBS:
-        MD5: 5c7d7b0dade70cf4b9066854dcf5a8d4
-        SHA1: 6f330267dc23c8950da764bb52dfeb013ea22221
-        SHA256: cdb0fa6086e4c825e8df60047d9586a90fd86f5b5e434e82fa362b6126085111
-        SHA384: a716a75090503141fd275d5751d8da1b3f99dcf04f5cd30ee74869d30238abe837e4058a4ce27e7eea584e3432c754ce
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 53603f0f228be591521b9822ca852ad4
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 50b6a9c4df6d0c9f517c804ad1307d7c
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create Dh_Kernel_10.sys binPath=C:\windows\temp\Dh_Kernel_10.sys     type=kernel
+        && sc.exe start Dh_Kernel_10.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://github.com/namazso/physmem_drivers
-Tags:
-- Dh_Kernel_10.sys
-Verified: 'TRUE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/80cbba9f404df3e642f22c476664d63d7c229d45d34f5cd0e19c65eb41becec3.yara
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: df4f1e566667e15b3d81c5c3e50e97ca
+        SHA1: b92959042d232605abba254bc0368b87ec047079
+        SHA256: c786f3ca229da18b2806af4d57ecad603859ee548549b19f71a623f477fc740e
+    Company: YY Inc.
+    Copyright: "Copyright \xA9 2007-2017 YY Inc. All rights reserved."
+    CreationTimestamp: '2018-01-18 21:39:35'
+    Date: ''
+    Description: dianhu
+    ExportedFunctions: ''
+    FileVersion: 1.0.99
+    Filename: Dh_Kernel_10.sys
+    ImportedFunctions:
+    - ExAllocatePool
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - ProbeForRead
+    - MmProbeAndLockPages
+    - MmBuildMdlForNonPagedPool
+    - MmMapLockedPages
+    - MmUnmapLockedPages
+    - MmCreateMdl
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - KeInitializeSpinLock
+    - ObfDereferenceObject
+    - MmIsAddressValid
+    - KeAttachProcess
+    - KeDetachProcess
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - PsLookupProcessByProcessId
+    - PsGetProcessSectionBaseAddress
+    - __C_specific_handler
+    - RtlCopyUnicodeString
+    - DbgPrintEx
+    - MmGetSystemRoutineAddress
+    - RtlInitUnicodeString
+    - IoFreeMdl
+    - _stricmp
+    - WdfVersionBindClass
+    - WdfVersionUnbind
+    - WdfVersionBind
+    - WdfVersionUnbindClass
+    Imports:
+    - ntoskrnl.exe
+    - WDFLDR.SYS
+    InternalName: ''
+    MD5: 51207adb8dab983332d6b22c29fe8129
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: dianhu
+    ProductVersion: 1.0.99
+    Publisher: YY Inc.
+    RichPEHeaderHash:
+        MD5: dd59fbf2d4f15f7be042491384066375
+        SHA1: 4d812db21605baf50ff41aac70f12e08500f6d36
+        SHA256: 9cd17189761d0a6cc7a9a1c58234197625327c8bdb61dbc2785749f0877cca23
+    SHA1: ddbe809b731a0962e404a045ab9e65a0b64917ad
+    SHA256: 80cbba9f404df3e642f22c476664d63d7c229d45d34f5cd0e19c65eb41becec3
+    Sections:
+        .text:
+            Entropy: 6.123630314203942
+            Virtual Size: '0x1670'
+        .rdata:
+            Entropy: 4.068632989833302
+            Virtual Size: '0x758'
+        .data:
+            Entropy: 0.6055098552416325
+            Virtual Size: '0x360'
+        .pdata:
+            Entropy: 3.8977003523597156
+            Virtual Size: '0x180'
+        .gfids:
+            Entropy: 0.8112781244591328
+            Virtual Size: '0x4'
+        INIT:
+            Entropy: 4.873962088217271
+            Virtual Size: '0x484'
+        .rsrc:
+            Entropy: 3.2019276464793474
+            Virtual Size: '0x468'
+        .reloc:
+            Entropy: 3.066603109673247
+            Virtual Size: '0x28'
+    Signature:
+    - YY Inc.
+    - VeriSign Class 3 Code Signing 2010 CA
+    - VeriSign
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=CN, ST=Guangdong, L=Guangzhou, O=YY Inc., OU=PM, CN=YY Inc.
+            ValidFrom: '2015-07-17 00:00:00'
+            ValidTo: '2018-10-15 23:59:59'
+            Signature: d4ce401727e18291036ff6c80bbc6345f4a165c55b6068af11d818772ceb6767e1d9b1b825acfe295bea0c2c2394dd1c04df89e70de7f9deae21ea00853299fc7b22a8e2d20558247695d870fead281c48d6ad4b2075958924d3436d456c6d649b4fd4098c23154a83c40c39273ddcf400a547c68da9db339fe845205865f78d32933bb6a161539c4c07c972411907ece60770fdcc02a683d8f46980e5432c1af11cc684a9a681311ca440b068ce32a0cb2e446aade3829376fc6407d11c8d4f7ad253f45e95673a272aac9f1a1ad9156f9059f34dc444860e40e33847b0d629fe8097f9e82371973e7236de9a5b4bad1840b7961b81f9b7fcb6510e180a5a18
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 53603f0f228be591521b9822ca852ad4
+            Version: 3
+            TBS:
+                MD5: 5c7d7b0dade70cf4b9066854dcf5a8d4
+                SHA1: 6f330267dc23c8950da764bb52dfeb013ea22221
+                SHA256: cdb0fa6086e4c825e8df60047d9586a90fd86f5b5e434e82fa362b6126085111
+                SHA384: a716a75090503141fd275d5751d8da1b3f99dcf04f5cd30ee74869d30238abe837e4058a4ce27e7eea584e3432c754ce
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 53603f0f228be591521b9822ca852ad4
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 50b6a9c4df6d0c9f517c804ad1307d7c
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/e0e93453-1007-4799-ad02-9b461b7e0398.yaml b/yaml/e0e93453-1007-4799-ad02-9b461b7e0398.yaml
index 29da97cb3..bf2f1914e 100644
--- a/yaml/e0e93453-1007-4799-ad02-9b461b7e0398.yaml
+++ b/yaml/e0e93453-1007-4799-ad02-9b461b7e0398.yaml
@@ -1,216 +1,220 @@
 Id: e0e93453-1007-4799-ad02-9b461b7e0398
+Tags:
+- truesight.sys
+Verified: 'TRUE'
 Author: ph4nt0mbyt3, Michael Haag
 Created: '2023-11-10'
 MitreID: T1068
 Category: vulnerable driver
-Verified: 'TRUE'
 Commands:
-  Command: sc.exe create truesight.sys binPath=C:\windows\temp\truesight.sys type=kernel
-    && sc.exe start truesight.sys
-  Description: This is a C# AV/EDR Killer using Rogue Anti-Malware Driver 3.3. This
-    driver is not present in the loldrivers or Windows blocklist at the time of this
-    writing. The only reason I'm making this public is because the company has already
-    published a fix in version 3.4, and Microsoft will likely block this driver soon.
-    This driver can be used in Windows 23H2 with HVCI enabled, loldrivers blocklist,
-    or WDAC enabled. HVCI is designed to ensure the integrity of code executed in
-    the kernel, but it cannot protect against all possible vulnerabilities or actions
-    that can be performed through drivers or system interfaces.
-  Usecase: Elevate privileges
-  Privileges: kernel
-  OperatingSystem: Windows 11
+    Command: sc.exe create truesight.sys binPath=C:\windows\temp\truesight.sys type=kernel
+        && sc.exe start truesight.sys
+    Description: This is a C# AV/EDR Killer using Rogue Anti-Malware Driver 3.3. This
+        driver is not present in the loldrivers or Windows blocklist at the time of
+        this writing. The only reason I'm making this public is because the company
+        has already published a fix in version 3.4, and Microsoft will likely block
+        this driver soon. This driver can be used in Windows 23H2 with HVCI enabled,
+        loldrivers blocklist, or WDAC enabled. HVCI is designed to ensure the integrity
+        of code executed in the kernel, but it cannot protect against all possible
+        vulnerabilities or actions that can be performed through drivers or system
+        interfaces.
+    Usecase: Elevate privileges
+    Privileges: kernel
+    OperatingSystem: Windows 11
 Resources:
 - https://github.com/ph4nt0mbyt3/Darkside
-Acknowledgement:
-  Person: ''
-  Handle: ''
 Detection: []
+Acknowledgement:
+    Person: ''
+    Handle: ''
 KnownVulnerableSamples:
-- Filename: Truesight
-  Libraries:
-  - ntoskrnl.exe
-  ImportedFunctions:
-  - ExFreePoolWithTag
-  - RtlInitUnicodeString
-  - RtlGetVersion
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - __C_specific_handler
-  - MmGetSystemRoutineAddress
-  - ZwClose
-  - ZwSetSecurityObject
-  - IoDeviceObjectType
-  - IoCreateDevice
-  - ObOpenObjectByPointer
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - RtlGetSaclSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - _snwprintf
-  - RtlLengthSecurityDescriptor
-  - SeExports
-  - RtlCreateSecurityDescriptor
-  - _wcsnicmp
-  - ExAllocatePoolWithTag
-  - wcschr
-  - RtlAbsoluteToSelfRelativeSD
-  - RtlAddAccessAllowedAce
-  - RtlLengthSid
-  - IoIsWdmVersionAvailable
-  - RtlSetDaclSecurityDescriptor
-  - ZwOpenKey
-  - ZwSetValueKey
-  - ZwQueryValueKey
-  - ZwCreateKey
-  - RtlFreeUnicodeString
-  - KeInitializeEvent
-  - KeResetEvent
-  - KeSetEvent
-  - KeWaitForSingleObject
-  - ObfDereferenceObject
-  - PsGetCurrentThreadId
-  - RtlCaptureStackBackTrace
-  - PsLookupThreadByThreadId
-  - KeInitializeApc
-  - KeInsertQueueApc
-  - _wcsicmp
-  - IoGetDeviceObjectPointer
-  - ObReferenceObjectByHandle
-  - MmIsAddressValid
-  - ObQueryNameString
-  - ZwOpenDirectoryObject
-  - ZwQueryDirectoryObject
-  - ObOpenObjectByName
-  - IoDriverObjectType
-  - ZwTerminateProcess
-  - ZwOpenProcess
-  - ZwQuerySystemInformation
-  - ZwDeleteKey
-  - ZwEnumerateKey
-  - ZwQueryKey
-  - IoAllocateIrp
-  - IofCallDriver
-  - IoCreateFile
-  - IoFreeIrp
-  - IoGetRelatedDeviceObject
-  - IoGetAttachedDevice
-  - IoFileObjectType
-  - MmProbeAndLockPages
-  - MmUnlockPages
-  - MmMapLockedPagesSpecifyCache
-  - IoAllocateMdl
-  - IoFreeMdl
-  - KeBugCheckEx
-  ExportedFunctions: ''
-  MD5: f53fa44c7b591a2be105344790543369
-  SHA1: 363068731e87bcee19ad5cb802e14f9248465d31
-  SHA256: bfc2ef3b404294fe2fa05a8b71c7f786b58519175b7202a69fe30f45e607ff1c
-  Imphash: b95bc1a99081d695b1c0b37b90a4a0be
-  Machine: AMD64
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2023-08-29 06:07:25'
-  RichPEHeaderMD5: 2aa941242ce069665648272f38f01e61
-  RichPEHeaderSHA1: 27a430c07c51453e908a94ae3e2640dc733030e3
-  RichPEHeaderSHA256: 78b94bc1db7ed451dff0467fac7a5e568a1d35f9cabcffbdb4690c13719861bb
-  AuthentihashMD5: 7ac40b0bee0d9b6e84d58d567e82e736
-  AuthentihashSHA1: 13c6de4203098a8017a0bd4c4da98f6d547482bb
-  AuthentihashSHA256: 891ad430e7f1d58ef85b437505a6016fa99a72abcfd4734476efc5fc1fcd1cba
-  Sections:
-    .text:
-      Entropy: 6.252847617016488
-      Virtual Size: '0x2dd4'
-    .rdata:
-      Entropy: 4.696875660287618
-      Virtual Size: '0x1184'
-    .data:
-      Entropy: 2.44485563156831
-      Virtual Size: '0x320'
-    .pdata:
-      Entropy: 4.30658373083434
-      Virtual Size: '0x444'
-    PAGE:
-      Entropy: 6.246280479657509
-      Virtual Size: '0x1cbc'
-    INIT:
-      Entropy: 5.52229514751666
-      Virtual Size: '0xb14'
-    .rsrc:
-      Entropy: 3.2891744328822803
-      Virtual Size: '0x3e0'
-    .reloc:
-      Entropy: 4.191806540004825
-      Virtual Size: '0x6c'
-  CompanyName: Adlice Software
-  FileDescription: RogueKiller Antirootkit Driver
-  InternalName: Truesight
-  OriginalFilename: Truesight
-  FileVersion: 3.3.0
-  Product: Truesight
-  LegalCopyright: Copyright Adlice Software(C) 2023
-  ProductVersion: 3.3.0
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=GB, O=Sectigo Limited, CN=Sectigo Public Code Signing Root R46
-      ValidFrom: '2021-05-25 00:00:00'
-      ValidTo: '2028-12-31 23:59:59'
-      Signature: 12bfa1ef8b749a9844b86946b5ab240a0ca48a67b83a81bf458a7d5207a88d1f4e218539a36b5e2d2086bf10b8ae793b53cdb4fbd844be06d95c6367d44016874486722ad63215f51283c2f9e15d114067f6422772c523e202381a4c20e2db01f7cd464f26a27c66c05136b6890254c7fc58fb6c00eefe98a62e95a10c53291f6fd819a64f9ef7ac09ea5d82c68baf80a7bd8148528431da32ec15e4a64c3d6c3973d40b853920e0851a68e1a74838a9d1362577c18d1916c5884c667d2f63ce98e869dfac3ca85d9dc91c5baed8f32f74cfb87ef6d7839d1196629aae4513da7fdc47fbdfc3529fe60655e99d8cf23a6251bcec240f29d4588084e4457b5ad8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.12
-      IsCertificateAuthority: true
-      SerialNumber: 48fc93b46055948d36a7c98a89d69416
-      Version: 3
-      TBS:
-        MD5: 207045ce7b7ab131e78e459b13825902
-        SHA1: bcf7530a1ab309fb1926cb720f9fd58cff1cb88f
-        SHA256: 0f31a4237992e1ea623baf4c29480afb6d913e10f1fb1d56bb56f5b03fbff13b
-        SHA384: a229d2722bc6091d73b1d979b81088c977cb028a6f7cbf264bb81d5cc8f099f87d7c296e48bf09d7ebe275f5498661a4
-    - Subject: C=GB, O=Sectigo Limited, CN=Sectigo Public Code Signing CA EV R36
-      ValidFrom: '2021-03-22 00:00:00'
-      ValidTo: '2036-03-21 23:59:59'
-      Signature: 5f36acfbf9f6725a14b7f00b1dded8fd9701d2fd01ee992d86e8f6b7f039ffd6814a5aa7424a0a2d159de694fdc5694ab2d74bf116124cf6be9066658b2d74d4ab08f76a110308777cbe69e1b0db9f248903d6de5ca4e0b2d6b4cfe338d5b96dcc27d6ce6411e8107276d3f9e0e92c89e949d3b39796060ae1f60ac8419a915d81d8367798ca804197a8f8913f639faacd54544b80eaf51766d39471fd9efd4731e3e91a861dd3be20d23fb1525fb293bd8c950998728f9501f49843a54afb1426aa9d36bf72b0fcdcbd840deced34a85e952b3816630575d9f6312e156be294b22ad27435b5989aa3fef82b2fb6174b276c5ae6b9765eda86ddab64d66aea8318881b3182f588b39425c0212f086902e34cbb4c2a1130eb817906e141952ad420f60b93e47c760c9d1d266b5f8401f62a99cdafdec7f0e418a24e9b2f2a0c66a6927526bed94035136faea6371a7ae8ad1c5163072a56066ced7e18f6e3ec6473a66d08368baf0f99ae756b172bc24d6ac351464156e98fc28dff13719bdaed9ed39fabe545a612c5145a524197a3060008c5e61cea27823c3bdbe646c4ef2d003513cd367d9de5aa270805cccec0360e4b194fd0639a6dbfc529533122db75507786d0f2f86aee6b061b3e85232b97c87e7a99410cdd587f0ea8c3123d3a359be09d2c8c17815444a87a1d989d967f5958a65465ff51420bf847ebcff8e5bf
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.12
-      IsCertificateAuthority: true
-      SerialNumber: 33d708a891405319e2a5bbd339b9ad6e
-      Version: 3
-      TBS:
-        MD5: b81404c775a2621debdb7825b87b8316
-        SHA1: 47ae94067c3c59b13605192288705db7b52f3685
-        SHA256: 9893b35b3dcefe53d8d24b887569dfe21f9aef27bd57b61c06fcf7438b89c33a
-        SHA384: f55821c081b58e86eaa202923e715e1524c422c7be0469b13a9e7a319e50d70cb5b67e864273029a79250f9dc3203cbd
-    - Subject: serialNumber=793 308 925 00023, ??=FR, ??=Business Entity, C=FR, ST=Loire,Atlantique,
-        O=ADLICE (Julien Ascoet), CN=ADLICE (Julien Ascoet)
-      ValidFrom: '2023-08-15 00:00:00'
-      ValidTo: '2024-08-14 23:59:59'
-      Signature: 04f4980a1b9a8fb8a438ee112ac21f74a5c9bf55f89a5f062d396b5d22d1cd7b9dbf6b7996f55adaef68f86a07ce3ba651b9dc153405b3549e1c9617ab2c46ca7d9abd3afe0ef122d6d3ac1fff593df06e036c61a28ff898c8e75bd98d9298601052d8e0f70c663bbdf70434d136fffe0967e3eb7a4cb0b05a0f00f69b2db92ab1bf86c26b27a0de569625474be0e7b2702416d469fa1a672396143f3c4fdc2d2138ae6eb432ce2fef6f383e568c522c21bb8ffe7869443944e389dd45a86ea31e975656ad549e2234a722419feaf5c00a021a403db34c43b55567a63ab4ad4654931c9ebb8405476c1fc3f350086717b25682a299af26b422682ba1c91da04d4f4dd10104d212947d6b5dd0a5823cb4457f81f14cd634de20b7befe1d6b5720ca2a54fb093bcf48742bbd35eff947e761da2afcef3ef49c4ceef3890a49e14219a1c7c519b363b2260247b8e5a718ed7bc3ba6d35c7f67782602168f4fc4fc96cb94f8669147e071a4d06b591ba9ba50689477df97f3d6cccdcf809f8ef4ced
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 169d2c94309c0380414bcfdd93a6b27d
-      Version: 3
-      TBS:
-        MD5: c35e4c3a6f6e5f166c542006132f8c91
-        SHA1: 3a3f2daf6898839dd0cf73f3783501106997865a
-        SHA256: 781c89d3ef2b94bd13394987cc7e7885e3ed34ed39690cf0afb8d650d509ca80
-        SHA384: 8f67b3ca1c1cddb236503ef87f52d7ac52e52d1b3c75c91a49709b8ca54487cadd7464dd23568b19413643bfedd69299
-    Signer:
-    - SerialNumber: 169d2c94309c0380414bcfdd93a6b27d
-      Issuer: C=GB, O=Sectigo Limited, CN=Sectigo Public Code Signing CA EV R36
-      Version: 1
-  Authentihash:
-    MD5: 7ac40b0bee0d9b6e84d58d567e82e736
-    SHA1: 13c6de4203098a8017a0bd4c4da98f6d547482bb
-    SHA256: 891ad430e7f1d58ef85b437505a6016fa99a72abcfd4734476efc5fc1fcd1cba
-  RichPEHeaderHash:
-    MD5: 2aa941242ce069665648272f38f01e61
-    SHA1: 27a430c07c51453e908a94ae3e2640dc733030e3
-    SHA256: 78b94bc1db7ed451dff0467fac7a5e568a1d35f9cabcffbdb4690c13719861bb
-  Description: RogueKiller Antirootkit Driver
-  Company: Adlice Software
-  Copyright: Copyright Adlice Software(C) 2023
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-Tags:
-- truesight.sys
+-   Filename: Truesight
+    Libraries:
+    - ntoskrnl.exe
+    ImportedFunctions:
+    - ExFreePoolWithTag
+    - RtlInitUnicodeString
+    - RtlGetVersion
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - __C_specific_handler
+    - MmGetSystemRoutineAddress
+    - ZwClose
+    - ZwSetSecurityObject
+    - IoDeviceObjectType
+    - IoCreateDevice
+    - ObOpenObjectByPointer
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - RtlGetSaclSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - _snwprintf
+    - RtlLengthSecurityDescriptor
+    - SeExports
+    - RtlCreateSecurityDescriptor
+    - _wcsnicmp
+    - ExAllocatePoolWithTag
+    - wcschr
+    - RtlAbsoluteToSelfRelativeSD
+    - RtlAddAccessAllowedAce
+    - RtlLengthSid
+    - IoIsWdmVersionAvailable
+    - RtlSetDaclSecurityDescriptor
+    - ZwOpenKey
+    - ZwSetValueKey
+    - ZwQueryValueKey
+    - ZwCreateKey
+    - RtlFreeUnicodeString
+    - KeInitializeEvent
+    - KeResetEvent
+    - KeSetEvent
+    - KeWaitForSingleObject
+    - ObfDereferenceObject
+    - PsGetCurrentThreadId
+    - RtlCaptureStackBackTrace
+    - PsLookupThreadByThreadId
+    - KeInitializeApc
+    - KeInsertQueueApc
+    - _wcsicmp
+    - IoGetDeviceObjectPointer
+    - ObReferenceObjectByHandle
+    - MmIsAddressValid
+    - ObQueryNameString
+    - ZwOpenDirectoryObject
+    - ZwQueryDirectoryObject
+    - ObOpenObjectByName
+    - IoDriverObjectType
+    - ZwTerminateProcess
+    - ZwOpenProcess
+    - ZwQuerySystemInformation
+    - ZwDeleteKey
+    - ZwEnumerateKey
+    - ZwQueryKey
+    - IoAllocateIrp
+    - IofCallDriver
+    - IoCreateFile
+    - IoFreeIrp
+    - IoGetRelatedDeviceObject
+    - IoGetAttachedDevice
+    - IoFileObjectType
+    - MmProbeAndLockPages
+    - MmUnlockPages
+    - MmMapLockedPagesSpecifyCache
+    - IoAllocateMdl
+    - IoFreeMdl
+    - KeBugCheckEx
+    ExportedFunctions: ''
+    MD5: f53fa44c7b591a2be105344790543369
+    SHA1: 363068731e87bcee19ad5cb802e14f9248465d31
+    SHA256: bfc2ef3b404294fe2fa05a8b71c7f786b58519175b7202a69fe30f45e607ff1c
+    Imphash: b95bc1a99081d695b1c0b37b90a4a0be
+    Machine: AMD64
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2023-08-29 06:07:25'
+    RichPEHeaderMD5: 2aa941242ce069665648272f38f01e61
+    RichPEHeaderSHA1: 27a430c07c51453e908a94ae3e2640dc733030e3
+    RichPEHeaderSHA256: 78b94bc1db7ed451dff0467fac7a5e568a1d35f9cabcffbdb4690c13719861bb
+    AuthentihashMD5: 7ac40b0bee0d9b6e84d58d567e82e736
+    AuthentihashSHA1: 13c6de4203098a8017a0bd4c4da98f6d547482bb
+    AuthentihashSHA256: 891ad430e7f1d58ef85b437505a6016fa99a72abcfd4734476efc5fc1fcd1cba
+    Sections:
+        .text:
+            Entropy: 6.252847617016488
+            Virtual Size: '0x2dd4'
+        .rdata:
+            Entropy: 4.696875660287618
+            Virtual Size: '0x1184'
+        .data:
+            Entropy: 2.44485563156831
+            Virtual Size: '0x320'
+        .pdata:
+            Entropy: 4.30658373083434
+            Virtual Size: '0x444'
+        PAGE:
+            Entropy: 6.246280479657509
+            Virtual Size: '0x1cbc'
+        INIT:
+            Entropy: 5.52229514751666
+            Virtual Size: '0xb14'
+        .rsrc:
+            Entropy: 3.2891744328822803
+            Virtual Size: '0x3e0'
+        .reloc:
+            Entropy: 4.191806540004825
+            Virtual Size: '0x6c'
+    CompanyName: Adlice Software
+    FileDescription: RogueKiller Antirootkit Driver
+    InternalName: Truesight
+    OriginalFilename: Truesight
+    FileVersion: 3.3.0
+    Product: Truesight
+    LegalCopyright: Copyright Adlice Software(C) 2023
+    ProductVersion: 3.3.0
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=GB, O=Sectigo Limited, CN=Sectigo Public Code Signing Root
+                R46
+            ValidFrom: '2021-05-25 00:00:00'
+            ValidTo: '2028-12-31 23:59:59'
+            Signature: 12bfa1ef8b749a9844b86946b5ab240a0ca48a67b83a81bf458a7d5207a88d1f4e218539a36b5e2d2086bf10b8ae793b53cdb4fbd844be06d95c6367d44016874486722ad63215f51283c2f9e15d114067f6422772c523e202381a4c20e2db01f7cd464f26a27c66c05136b6890254c7fc58fb6c00eefe98a62e95a10c53291f6fd819a64f9ef7ac09ea5d82c68baf80a7bd8148528431da32ec15e4a64c3d6c3973d40b853920e0851a68e1a74838a9d1362577c18d1916c5884c667d2f63ce98e869dfac3ca85d9dc91c5baed8f32f74cfb87ef6d7839d1196629aae4513da7fdc47fbdfc3529fe60655e99d8cf23a6251bcec240f29d4588084e4457b5ad8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.12
+            IsCertificateAuthority: true
+            SerialNumber: 48fc93b46055948d36a7c98a89d69416
+            Version: 3
+            TBS:
+                MD5: 207045ce7b7ab131e78e459b13825902
+                SHA1: bcf7530a1ab309fb1926cb720f9fd58cff1cb88f
+                SHA256: 0f31a4237992e1ea623baf4c29480afb6d913e10f1fb1d56bb56f5b03fbff13b
+                SHA384: a229d2722bc6091d73b1d979b81088c977cb028a6f7cbf264bb81d5cc8f099f87d7c296e48bf09d7ebe275f5498661a4
+        -   Subject: C=GB, O=Sectigo Limited, CN=Sectigo Public Code Signing CA EV
+                R36
+            ValidFrom: '2021-03-22 00:00:00'
+            ValidTo: '2036-03-21 23:59:59'
+            Signature: 5f36acfbf9f6725a14b7f00b1dded8fd9701d2fd01ee992d86e8f6b7f039ffd6814a5aa7424a0a2d159de694fdc5694ab2d74bf116124cf6be9066658b2d74d4ab08f76a110308777cbe69e1b0db9f248903d6de5ca4e0b2d6b4cfe338d5b96dcc27d6ce6411e8107276d3f9e0e92c89e949d3b39796060ae1f60ac8419a915d81d8367798ca804197a8f8913f639faacd54544b80eaf51766d39471fd9efd4731e3e91a861dd3be20d23fb1525fb293bd8c950998728f9501f49843a54afb1426aa9d36bf72b0fcdcbd840deced34a85e952b3816630575d9f6312e156be294b22ad27435b5989aa3fef82b2fb6174b276c5ae6b9765eda86ddab64d66aea8318881b3182f588b39425c0212f086902e34cbb4c2a1130eb817906e141952ad420f60b93e47c760c9d1d266b5f8401f62a99cdafdec7f0e418a24e9b2f2a0c66a6927526bed94035136faea6371a7ae8ad1c5163072a56066ced7e18f6e3ec6473a66d08368baf0f99ae756b172bc24d6ac351464156e98fc28dff13719bdaed9ed39fabe545a612c5145a524197a3060008c5e61cea27823c3bdbe646c4ef2d003513cd367d9de5aa270805cccec0360e4b194fd0639a6dbfc529533122db75507786d0f2f86aee6b061b3e85232b97c87e7a99410cdd587f0ea8c3123d3a359be09d2c8c17815444a87a1d989d967f5958a65465ff51420bf847ebcff8e5bf
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.12
+            IsCertificateAuthority: true
+            SerialNumber: 33d708a891405319e2a5bbd339b9ad6e
+            Version: 3
+            TBS:
+                MD5: b81404c775a2621debdb7825b87b8316
+                SHA1: 47ae94067c3c59b13605192288705db7b52f3685
+                SHA256: 9893b35b3dcefe53d8d24b887569dfe21f9aef27bd57b61c06fcf7438b89c33a
+                SHA384: f55821c081b58e86eaa202923e715e1524c422c7be0469b13a9e7a319e50d70cb5b67e864273029a79250f9dc3203cbd
+        -   Subject: serialNumber=793 308 925 00023, ??=FR, ??=Business Entity, C=FR,
+                ST=Loire,Atlantique, O=ADLICE (Julien Ascoet), CN=ADLICE (Julien Ascoet)
+            ValidFrom: '2023-08-15 00:00:00'
+            ValidTo: '2024-08-14 23:59:59'
+            Signature: 04f4980a1b9a8fb8a438ee112ac21f74a5c9bf55f89a5f062d396b5d22d1cd7b9dbf6b7996f55adaef68f86a07ce3ba651b9dc153405b3549e1c9617ab2c46ca7d9abd3afe0ef122d6d3ac1fff593df06e036c61a28ff898c8e75bd98d9298601052d8e0f70c663bbdf70434d136fffe0967e3eb7a4cb0b05a0f00f69b2db92ab1bf86c26b27a0de569625474be0e7b2702416d469fa1a672396143f3c4fdc2d2138ae6eb432ce2fef6f383e568c522c21bb8ffe7869443944e389dd45a86ea31e975656ad549e2234a722419feaf5c00a021a403db34c43b55567a63ab4ad4654931c9ebb8405476c1fc3f350086717b25682a299af26b422682ba1c91da04d4f4dd10104d212947d6b5dd0a5823cb4457f81f14cd634de20b7befe1d6b5720ca2a54fb093bcf48742bbd35eff947e761da2afcef3ef49c4ceef3890a49e14219a1c7c519b363b2260247b8e5a718ed7bc3ba6d35c7f67782602168f4fc4fc96cb94f8669147e071a4d06b591ba9ba50689477df97f3d6cccdcf809f8ef4ced
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 169d2c94309c0380414bcfdd93a6b27d
+            Version: 3
+            TBS:
+                MD5: c35e4c3a6f6e5f166c542006132f8c91
+                SHA1: 3a3f2daf6898839dd0cf73f3783501106997865a
+                SHA256: 781c89d3ef2b94bd13394987cc7e7885e3ed34ed39690cf0afb8d650d509ca80
+                SHA384: 8f67b3ca1c1cddb236503ef87f52d7ac52e52d1b3c75c91a49709b8ca54487cadd7464dd23568b19413643bfedd69299
+        Signer:
+        -   SerialNumber: 169d2c94309c0380414bcfdd93a6b27d
+            Issuer: C=GB, O=Sectigo Limited, CN=Sectigo Public Code Signing CA EV
+                R36
+            Version: 1
+    Authentihash:
+        MD5: 7ac40b0bee0d9b6e84d58d567e82e736
+        SHA1: 13c6de4203098a8017a0bd4c4da98f6d547482bb
+        SHA256: 891ad430e7f1d58ef85b437505a6016fa99a72abcfd4734476efc5fc1fcd1cba
+    RichPEHeaderHash:
+        MD5: 2aa941242ce069665648272f38f01e61
+        SHA1: 27a430c07c51453e908a94ae3e2640dc733030e3
+        SHA256: 78b94bc1db7ed451dff0467fac7a5e568a1d35f9cabcffbdb4690c13719861bb
+    Description: RogueKiller Antirootkit Driver
+    Company: Adlice Software
+    Copyright: Copyright Adlice Software(C) 2023
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
diff --git a/yaml/e299b0b6-e5e2-45b3-bf0b-c008068cebfa.yaml b/yaml/e299b0b6-e5e2-45b3-bf0b-c008068cebfa.yaml
index 63a22b87c..f71e0928c 100644
--- a/yaml/e299b0b6-e5e2-45b3-bf0b-c008068cebfa.yaml
+++ b/yaml/e299b0b6-e5e2-45b3-bf0b-c008068cebfa.yaml
@@ -1,141 +1,142 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: e299b0b6-e5e2-45b3-bf0b-c008068cebfa
+Tags:
+- BS_Flash64.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create BS_Flash64.sys binPath=C:\windows\temp\BS_Flash64.sys type=kernel
-    && sc.exe start BS_Flash64.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection: []
-Id: e299b0b6-e5e2-45b3-bf0b-c008068cebfa
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: cf428ad377e1fd1a045e058b896fcee2
-    SHA1: 5107438a02164e1bcedd556a786f37f59cd04231
-    SHA256: 543c3f024e4affd0aafa3a229fa19dbe7a70972bb18ed6347d3492dd174edac5
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2007-08-21 02:38:26'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: BS_Flash64.sys
-  ImportedFunctions:
-  - IoDeleteDevice
-  - RtlFreeUnicodeString
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - RtlAnsiStringToUnicodeString
-  - RtlInitString
-  - IofCompleteRequest
-  - MmMapLockedPages
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - KeBugCheckEx
-  Imports:
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: f5051c756035ef5de9c4c48bacb0612b
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: f611e8b47daf79029d2e777e3071d939
-    SHA1: 2dc185768c738521fb43db6d6b100bb04d43177f
-    SHA256: 66f092383abb8b873a957d01b5079e4f2b52a63770dcf68fff59410500f5974f
-  SHA1: e83458c4a6383223759cd8024e60c17be4e7c85f
-  SHA256: 86a8e0aa29a5b52c84921188cc1f0eca9a7904dcfe09544602933d8377720219
-  Sections:
-    .text:
-      Entropy: 5.928404971671749
-      Virtual Size: '0x78e'
-    .rdata:
-      Entropy: 4.478088869880772
-      Virtual Size: '0x1a4'
-    .data:
-      Entropy: 0.4917211838342579
-      Virtual Size: '0x120'
-    .pdata:
-      Entropy: 3.2547080358712224
-      Virtual Size: '0x78'
-    INIT:
-      Entropy: 4.87693704487193
-      Virtual Size: '0x262'
-  Signature:
-  - BIOSTAR MICROTECH INT'L CORP
-  - VeriSign Class 3 Code Signing 2004 CA
-  - VeriSign Class 3 Public Primary CA
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=TW, ST=TAIPEI HSIEN, L=HSIN TIEN, O=BIOSTAR MICROTECH INT'L CORP,
-        OU=Digital ID Class 3 , Microsoft Software Validation v2, OU=BMA;BMG, CN=BIOSTAR
-        MICROTECH INT'L CORP
-      ValidFrom: '2006-09-25 00:00:00'
-      ValidTo: '2007-10-20 23:59:59'
-      Signature: 0f57cd03d7933c61e5a7149ca948f303376e3d2efe529e8255e98c48ee2dcef4506770eae209c5f308beba1c77ce9a4c0fb27eba18fa8a27911d889259e1064b66028050b2f8dfca9c3cabd33908fdd95cfc71cb64626d108260b629cbeb70d94e12294a00d0f8f040bb05c94d71279e08ce449731bdba08392e11b847d9113ccbef6f585b7f359a33cc5768e1a785c50dc515391d4e14f8123558da7e9890615e275a2348b03e46c7357ec6c0746565851ede90ded73b98607c685c79ab30e8376b5a9b900f9e9047174e6ee8819459ed01243727a9d3bb4fbfb6484a36a0693d17405c4864e60d8fbb39a297fbdf0e7dc593a227ed9929ae05a0cddeb85b26
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 49a570277854e9481d38e34c081226ee
-      Version: 3
-      TBS:
-        MD5: 27a32ddae1fd74f01b6324484fb5995a
-        SHA1: d68dfe595f9f0f94672e1a7b876a2987ba81e675
-        SHA256: 66ef4bb0b353d5f97d46898668f3ea82ac36dd6bf50e70b84fa9a19568fec33f
-        SHA384: db35c2600ef6f07d526d98a2a67e5bc86d2e18d596d4e0e27a1f28e4fa3f88a46bdb554c99ede8158a74554492c3f4ad
-    Signer:
-    - SerialNumber: 49a570277854e9481d38e34c081226ee
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  Imphash: 7a4a0df0bde1f8da6547a580d5bee7c3
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create BS_Flash64.sys binPath=C:\windows\temp\BS_Flash64.sys type=kernel
+        && sc.exe start BS_Flash64.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://github.com/eclypsium/Screwed-Drivers/blob/master/DRIVERS.md
-Tags:
-- BS_Flash64.sys
-Verified: 'TRUE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: cf428ad377e1fd1a045e058b896fcee2
+        SHA1: 5107438a02164e1bcedd556a786f37f59cd04231
+        SHA256: 543c3f024e4affd0aafa3a229fa19dbe7a70972bb18ed6347d3492dd174edac5
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2007-08-21 02:38:26'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: BS_Flash64.sys
+    ImportedFunctions:
+    - IoDeleteDevice
+    - RtlFreeUnicodeString
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - RtlAnsiStringToUnicodeString
+    - RtlInitString
+    - IofCompleteRequest
+    - MmMapLockedPages
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - KeBugCheckEx
+    Imports:
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: f5051c756035ef5de9c4c48bacb0612b
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: f611e8b47daf79029d2e777e3071d939
+        SHA1: 2dc185768c738521fb43db6d6b100bb04d43177f
+        SHA256: 66f092383abb8b873a957d01b5079e4f2b52a63770dcf68fff59410500f5974f
+    SHA1: e83458c4a6383223759cd8024e60c17be4e7c85f
+    SHA256: 86a8e0aa29a5b52c84921188cc1f0eca9a7904dcfe09544602933d8377720219
+    Sections:
+        .text:
+            Entropy: 5.928404971671749
+            Virtual Size: '0x78e'
+        .rdata:
+            Entropy: 4.478088869880772
+            Virtual Size: '0x1a4'
+        .data:
+            Entropy: 0.4917211838342579
+            Virtual Size: '0x120'
+        .pdata:
+            Entropy: 3.2547080358712224
+            Virtual Size: '0x78'
+        INIT:
+            Entropy: 4.87693704487193
+            Virtual Size: '0x262'
+    Signature:
+    - BIOSTAR MICROTECH INT'L CORP
+    - VeriSign Class 3 Code Signing 2004 CA
+    - VeriSign Class 3 Public Primary CA
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=TW, ST=TAIPEI HSIEN, L=HSIN TIEN, O=BIOSTAR MICROTECH INT'L
+                CORP, OU=Digital ID Class 3 , Microsoft Software Validation v2, OU=BMA;BMG,
+                CN=BIOSTAR MICROTECH INT'L CORP
+            ValidFrom: '2006-09-25 00:00:00'
+            ValidTo: '2007-10-20 23:59:59'
+            Signature: 0f57cd03d7933c61e5a7149ca948f303376e3d2efe529e8255e98c48ee2dcef4506770eae209c5f308beba1c77ce9a4c0fb27eba18fa8a27911d889259e1064b66028050b2f8dfca9c3cabd33908fdd95cfc71cb64626d108260b629cbeb70d94e12294a00d0f8f040bb05c94d71279e08ce449731bdba08392e11b847d9113ccbef6f585b7f359a33cc5768e1a785c50dc515391d4e14f8123558da7e9890615e275a2348b03e46c7357ec6c0746565851ede90ded73b98607c685c79ab30e8376b5a9b900f9e9047174e6ee8819459ed01243727a9d3bb4fbfb6484a36a0693d17405c4864e60d8fbb39a297fbdf0e7dc593a227ed9929ae05a0cddeb85b26
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 49a570277854e9481d38e34c081226ee
+            Version: 3
+            TBS:
+                MD5: 27a32ddae1fd74f01b6324484fb5995a
+                SHA1: d68dfe595f9f0f94672e1a7b876a2987ba81e675
+                SHA256: 66ef4bb0b353d5f97d46898668f3ea82ac36dd6bf50e70b84fa9a19568fec33f
+                SHA384: db35c2600ef6f07d526d98a2a67e5bc86d2e18d596d4e0e27a1f28e4fa3f88a46bdb554c99ede8158a74554492c3f4ad
+        Signer:
+        -   SerialNumber: 49a570277854e9481d38e34c081226ee
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    Imphash: 7a4a0df0bde1f8da6547a580d5bee7c3
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/e32bc3da-4db1-4858-a62c-6fbe4db6afbd.yaml b/yaml/e32bc3da-4db1-4858-a62c-6fbe4db6afbd.yaml
index e66ecfb14..5d907fd7a 100644
--- a/yaml/e32bc3da-4db1-4858-a62c-6fbe4db6afbd.yaml
+++ b/yaml/e32bc3da-4db1-4858-a62c-6fbe4db6afbd.yaml
@@ -1,5986 +1,6026 @@
 Id: e32bc3da-4db1-4858-a62c-6fbe4db6afbd
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Tags:
+- RTCore64.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create RTCore64.sys binPath=C:\windows\temp\RTCore64.sys type=kernel
-    && sc.exe start RTCore64.sys
-  Description: The driver in Micro-Star MSI Afterburner 4.6.2.15658 (aka RTCore64.sys
-    and RTCore32.sys) allows any authenticated user to read and write to arbitrary
-    memory, I/O ports, and MSRs. This can be exploited for privilege escalation, code
-    execution under high privileges, and information disclosure. These signed drivers
-    can also be used to bypass the Microsoft driver-signing policy to deploy malicious
-    code.
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection: []
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 538e5e595c61d2ea8defb7b047784734
-    SHA1: 4a68c2d7a4c471e062a32c83a36eedb45a619683
-    SHA256: 478c36f8af7844a80e24c1822507beef6314519185717ec7ae224a0e04b2f330
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2016-09-30 06:03:17'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: RTCore64.sys
-  ImportedFunctions:
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - MmMapIoSpace
-  - __C_specific_handler
-  - ZwClose
-  - ZwUnmapViewOfSection
-  - MmUnmapIoSpace
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - RtlInitUnicodeString
-  - IoDeleteSymbolicLink
-  - IofCompleteRequest
-  - IoDeleteDevice
-  - HalTranslateBusAddress
-  - HalGetBusDataByOffset
-  - HalSetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: 2d8e4f38b36c334d0a32a7324832501d
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: null
-  RichPEHeaderHash:
-    MD5: ebe2ae976914018e88e9fc480e7b6269
-    SHA1: 960715bfbccb53b6c4eccca3b232b25640e15b52
-    SHA256: d755e9f3cb861f5227319238f1811265e332e36a922b9a25da38b122a791fdfa
-  SHA1: f6f11ad2cd2b0cf95ed42324876bee1d83e01775
-  SHA256: 01aa278b07b58dc46c84bd0b1b5c8e9ee4e62ea0bf7a695862444af32e87f1fd
-  Sections:
-    .text:
-      Entropy: 5.9488831741487855
-      Virtual Size: '0xb64'
-    .rdata:
-      Entropy: 3.0845170472775276
-      Virtual Size: '0x12c'
-    .data:
-      Entropy: 2.4884950805464947
-      Virtual Size: '0x58'
-    .pdata:
-      Entropy: 3.0964706270496722
-      Virtual Size: '0x60'
-    INIT:
-      Entropy: 4.528890116790764
-      Virtual Size: '0x258'
-  Signature: []
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Timestamping CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2028-01-28 12:00:00'
-      Signature: 4e5e56901e46b4d94931f3bb1739281bc216ddfd41dc0905049b6fb2a29ad6992e40990055b5ea3fa52076d38634d417cc553ac782eeefa8babcd8069f1550dfcd167b523a02d7191afdaff0785ce04bc518df3a241edaacb8a95804020730dbb0125efe31bef00448f4f070f83a5e5683cf3dfb0dbcf4c5ed979db9d4dba52784e3389b8ba735864420a43b6da46a0ba183fd28ebdaef28f6cc885dfb0a3b00abe021ebe22f356c0f8e344597eba2f79933357ecb9a8abb454de73f9fc2d98afa65b26ec77e65ffe892e12c31a2f7b02736488f266f3bee4d761f79c3e57f9635bc2d0ecc01b08e7fff518080a792d4b34446648c874f166307314b63b0dff3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee152d7
-      Version: 3
-      TBS:
-        MD5: e140543fe3256027cfa79fc3c19c1776
-        SHA1: c655f94eb1ecc93de319fc0c9a2dc6c5ec063728
-        SHA256: 3ca71e85908ff67368e4dc00253f5691b9e6d50c966e7784143d75fb92aa3448
-        SHA384: d9d366f9328f2b55ee19a32cc5fd5148b81d764282fe5dc196c872ae249caa51d2c212ef39f33945dfe0cda81925e326
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=SG, O=GMO GlobalSign Pte Ltd, CN=GlobalSign TSA for MS Authenticode
-        , G2
-      ValidFrom: '2016-05-24 00:00:00'
-      ValidTo: '2027-06-24 00:00:00'
-      Signature: 8fa91a916d04a637200e8396de23d36b6e1f6edd643d682122b5f84736698ee1a545c724a222b72909cc545aaec6bccd638eb33d5048e5b4ccaecd928d9e288b134a11aabda3efd3b236fcb4a172bf6d9763798c44bc702f7ef3bcdd8253ab1af6ebfa1c97bcb6379ca41c30bcabbc2d4736df922003e871c658f675059a34f00b595a824434aa80e42f84f6475d96c9b6caca9db7a6bae450d3d437b8ba200ed0d3922a5bc459bba16ddb3cce449dc1382aade38dbdcd09771a10be670a02366488b9b31b26eee79e60c446a8bc61336ccf4eb99cb96af09f37feb53d4f9ad34dffde208e4e97a6fd9f09bc4dca1876c9b04d8550f280d21d06f5580407b118
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1121d699a764973ef1f8427ee919cc534114
-      Version: 3
-      TBS:
-        MD5: acb5170547d76873f1e4ff18ed5de2eb
-        SHA1: bd6e261e75b807381bada7287de04d259258a5fa
-        SHA256: 4783380498acf592286ef2dea0fcc5bdea3f54d5e374d3e3497df9d5f662cfb6
-        SHA384: 4f428f115cf3d008248f15f32007fc7c54bd454e1b48b765776b4c87c23ab8818d8fbcbb3646d35eca012b025260a3b8
-    - Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL CO.,
-        LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL CO.,
-        LTD.
-      ValidFrom: '2014-06-03 09:16:15'
-      ValidTo: '2017-09-03 09:16:15'
-      Signature: 8c35a5b5d3503f50119ab8f99b07a4bb4b71cafaf983206f744545c2997ae1762032fa2d37f4780cfe83bfa999d7bcbd863dc4a51ff39978160e2e191482ae6d7f08e8ffa337c96d8c2d38ddf476a497265a890c1bbf0dee89b1abd32343889a3757732d205ba06525fa8f6e15005405a53e55cef71ac0b6af3a640e4c8aef5e950ab8a8b5c8bcddb2ade96ad9473a3d860ae16fdbe3362cabfd916da089167d906d378dbf4534f7ffb77d87baba29f8f5bbbd9b4b7c127ac170a270dc7a7272d38fdf3bbadbfb448d47e5dd4d310a588666a0d66762e1b3704b1e00e39739190c02f4b981cf2d27ba07d2472ec320edf29e263f26278995d162102968c999b3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112158044863e4dc19cf29a85668b7f45842
-      Version: 3
-      TBS:
-        MD5: 403bb44a62aed1a94bd5df05b3292482
-        SHA1: e4a0353e75940ab1e8cbff2f433f186c7f0b0f09
-        SHA256: 5b81998ed98b343c04134c336e03f3051779eae0e9f882e8339593d18556375d
-        SHA384: db0076cad41a0ef4ea68754ef6905bd5ff772adcb745b05c0060344e43588abc95952dc3ad272f5a8f17b206e4089aca
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112158044863e4dc19cf29a85668b7f45842
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 7363079b9aae7d58bd33c691a613c83c
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 63fd0d800cac53db02638349cea2f8e7
-    SHA1: 3856e573765f090afbbb9e5be4c886653402f755
-    SHA256: ff8d17761c1645bdd1f0eccc69024907bbbfbe5c60679402b7d02f95b16310fe
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2016-09-30 06:03:16'
-  Date: null
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: RTCore64.sys
-  ImportedFunctions:
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - MmUnmapIoSpace
-  - ZwClose
-  - _except_handler3
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeTickCount
-  - RtlInitUnicodeString
-  - IoDeleteSymbolicLink
-  - ZwUnmapViewOfSection
-  - IoDeleteDevice
-  - HalTranslateBusAddress
-  - HalGetBusDataByOffset
-  - HalSetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: 0ec361f2fba49c73260af351c39ff9cb
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: null
-  RichPEHeaderHash:
-    MD5: ef0782d8ffe1c09386ae12bb2a2ca29c
-    SHA1: 39449f1e1ca8b17755e87827b9a394a4143d5b07
-    SHA256: f56fbdad98db55f8a8a7391c059ec563e0f6754624895ec154a2dd9d1fa350d5
-  SHA1: af50109b112995f8c82be8ef3a88be404510cdde
-  SHA256: cdd2a4575a46bada4837a6153a79c14d60ee3129830717ef09e0e3efd9d00812
-  Sections:
-    .text:
-      Entropy: 6.222517922403874
-      Virtual Size: '0x85e'
-    .rdata:
-      Entropy: 2.5897676319963354
-      Virtual Size: '0xb4'
-    .data:
-      Entropy: 2.810593549963783
-      Virtual Size: '0x58'
-    INIT:
-      Entropy: 5.219089224601385
-      Virtual Size: '0x246'
-    .reloc:
-      Entropy: 3.7952244389178276
-      Virtual Size: '0xa4'
-  Signature: null
-  Signatures: {}
-  Imphash: 9ad5f7496f8c918d6c0536751d3accae
-  LoadsDespiteHVCI: 'TRUE'
-- Authentihash:
-    MD5: bcd9f192e2f9321ed549c722f30206e5
-    SHA1: 8498265d4ca81b83ec1454d9ec013d7a9c0c87bf
-    SHA256: 606beced7746cdb684d3a44f41e48713c6bbe5bfb1486c52b5cca815e99d31b4
-  Company: ''
-  Copyright: ''
-  Date: null
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: RTCore64.sys
-  ImportedFunctions:
-  - MmUnmapIoSpace
-  - ZwUnmapViewOfSection
-  - MmMapIoSpace
-  - ZwClose
-  - IoDeleteDevice
-  - ObReferenceObjectByHandle
-  - IoCreateSymbolicLink
-  - ZwOpenSection
-  - KeBugCheckEx
-  - RtlInitUnicodeString
-  - ZwMapViewOfSection
-  - IofCompleteRequest
-  - IoDeleteSymbolicLink
-  - MmGetSystemRoutineAddress
-  - IoCreateDevice
-  - ObOpenObjectByPointer
-  - ZwSetSecurityObject
-  - IoDeviceObjectType
-  - _snwprintf
-  - RtlLengthSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - ExFreePoolWithTag
-  - RtlCreateSecurityDescriptor
-  - RtlSetDaclSecurityDescriptor
-  - RtlAbsoluteToSelfRelativeSD
-  - IoIsWdmVersionAvailable
-  - SeExports
-  - wcschr
-  - _wcsnicmp
-  - ExAllocatePoolWithTag
-  - RtlLengthSid
-  - RtlAddAccessAllowedAce
-  - RtlGetSaclSecurityDescriptor
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - ZwOpenKey
-  - ZwCreateKey
-  - ZwQueryValueKey
-  - ZwSetValueKey
-  - RtlFreeUnicodeString
-  - __C_specific_handler
-  - HalGetBusDataByOffset
-  - HalSetBusDataByOffset
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: 0a2ec9e3e236698185978a5fc76e74e6
-  MachineType: AMD64
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: null
-  SHA1: 4fe873544c34243826489997a5ff14ed39dd090d
-  SHA256: f1c8ca232789c2f11a511c8cd95a9f3830dd719cad5aa22cb7c3539ab8cb4dc3
-  Signature: null
-  Signatures:
-  - Certificates:
-    - Signature: 4e5e56901e46b4d94931f3bb1739281bc216ddfd41dc0905049b6fb2a29ad6992e40990055b5ea3fa52076d38634d417cc553ac782eeefa8babcd8069f1550dfcd167b523a02d7191afdaff0785ce04bc518df3a241edaacb8a95804020730dbb0125efe31bef00448f4f070f83a5e5683cf3dfb0dbcf4c5ed979db9d4dba52784e3389b8ba735864420a43b6da46a0ba183fd28ebdaef28f6cc885dfb0a3b00abe021ebe22f356c0f8e344597eba2f79933357ecb9a8abb454de73f9fc2d98afa65b26ec77e65ffe892e12c31a2f7b02736488f266f3bee4d761f79c3e57f9635bc2d0ecc01b08e7fff518080a792d4b34446648c874f166307314b63b0dff3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Timestamping CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2028-01-28 12:00:00'
-    - Signature: 8fa91a916d04a637200e8396de23d36b6e1f6edd643d682122b5f84736698ee1a545c724a222b72909cc545aaec6bccd638eb33d5048e5b4ccaecd928d9e288b134a11aabda3efd3b236fcb4a172bf6d9763798c44bc702f7ef3bcdd8253ab1af6ebfa1c97bcb6379ca41c30bcabbc2d4736df922003e871c658f675059a34f00b595a824434aa80e42f84f6475d96c9b6caca9db7a6bae450d3d437b8ba200ed0d3922a5bc459bba16ddb3cce449dc1382aade38dbdcd09771a10be670a02366488b9b31b26eee79e60c446a8bc61336ccf4eb99cb96af09f37feb53d4f9ad34dffde208e4e97a6fd9f09bc4dca1876c9b04d8550f280d21d06f5580407b118
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      Subject: C=SG, O=GMO GlobalSign Pte Ltd, CN=GlobalSign TSA for MS Authenticode
-        , G2
-      ValidFrom: '2016-05-24 00:00:00'
-      ValidTo: '2027-06-24 00:00:00'
-    - Signature: 7609c4cc2fd9ef1e4ba9f857f3403921ca4c3c1d9e292b20d42b44d288ce1a0d05cf8381bbeb69bc318d2ac4c744cc6060941ccfa1e102240ead5bbe2cc2271e67b7e8281f3251e339f398dfb89f2e8b2ab47b0a03bcbd36048fc9d09c4fa3022799b0f045e934dfe43aa3b70637d86f2a7990d4d44e5871ec53a96198f73969e0129c575872862729a51de532f32b99975abf2bb03cb406ea0e64ecb7cd65802417c2d937f5b1261035477b9a02ba54a24593ff79bf1a8cc59fb59fdf78e76b50f14794694b24b8da05e80c9d4f06ec4a31207e4f5d86842f35a3cd9cc184571f1fadc0e2a4b1ef296b2197a6d4feed0337b0fcf58d2abcdc8483e3dec3e75f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Extended Validation CodeSigning
-        CA , SHA256 , G3
-      ValidFrom: '2016-06-15 00:00:00'
-      ValidTo: '2024-06-15 00:00:00'
-    - Signature: 6002ac0e090db46a7d590cad66450a180f5ea7255c14f6d35acf9d5e3bc77afc005f6e402b2de1ce6f76ab3cabd9f945cf779052ea21973ad25d3e57ba73ec007577a2754574c76226b054bad5c9c9da6ced66f2ff8b17b27959ca805465da96ca11de2abbc3d43d37fce6fdcb92866eb9ad4d1b68e047d9b08634231cda1ddd6e54edcb0ee17ad54db2a1abceda712fa23e0804ac2a53d713d93c6e338ca7b7b935afa559df305fea3ee8777123f8f9e91edbe214036a8aef64c17be05d56e0e4f2c84ce0d7ef07d3d620fade651998a7c6712b5d94aee9c90b91578690ccde9fd43c1995043efd5c2ba4fc39958fa88787b25bca804fc31638f50eb0edd7caf6fc774477d84ac89d9fff301798d712d590dde53a66e0f12c974799b60f0e56da9b410dc34bd5f0689ccaa5865c866612f23b8304ff46ed2d64d456952b7e799d01831318d568bd91cedd86fb08a0ab0c4564c3d126345e56a26c4c690c8b63ca84187ac573abb352ae8ddce22b03677d862a126f684f6481752d85e5b8ec80059bab3969ee1f316a6a2afb35bd63aac5ee65d3d696a43e99931ebeee3b6c646caecd140afcd88c20a31cf8627fa4c07d1f2c7f3a50c0269396379c8fa51363b473d816ab27487eaafeeb0f487f29989e3b499190f08f3ebadc9f26819d736631a727b6e4a94d04e5ea5331c0fa934a879dfc4a61e063a2ac4f88f4c5781f65
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      Subject: O=GlobalSign, OU=GlobalSign Root CA , R3, CN=GlobalSign
-      ValidFrom: '2015-06-04 17:47:53'
-      ValidTo: '2025-06-04 17:47:53'
-    - Signature: 31d3e258a115d41cea97ae1122b5482d2df37785b800cd8b16ee0e42b12a04e5b75d4c3447e1ffb7da8be87e733164fd2ed0020ab3d1010bf21a78cda4d031c4a75cec091a5072b44e8946476eb7c04c69e2e46af012ce640075751baf523140e803c62108f3b9efff3024a0e27138ba6763d36ca957fb480006e9b824f677b980edb98903a116d529b318753b539854a15778dacc6e4db10e4f3c5748b399f7270b244fe83e59743dbe4576c110bde088b2224d91e0c32bc8e4e5c7a61516602b962d66b01a46ccd5814a71bf9e99aac9604179d90230caea6c1229ecd20d2638084d62ff053dcf29675a0a44de07b9e75d5c3f8aeb66900828b949ea9289a8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      Subject: ??=Private Organization, serialNumber=22178368, ??=TW, C=TW, ST=New
-        Taipei, L=New Taipei, ??=NO.69, LI,DE ST., ZHONGHE DIST., O=MICRO,STAR INTERNATIONAL
-        CO., LTD., CN=MICRO,STAR INTERNATIONAL CO., LTD.
-      ValidFrom: '2019-09-16 08:28:21'
-      ValidTo: '2022-09-16 08:28:21'
-    CertificatesInfo: ''
-    Signer:
-    - Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Extended Validation CodeSigning
-        CA , SHA256 , G3
-      SerialNumber: 6a7bb9e55c0bbf1def6c739c
-    SignerInfo: ''
-  LoadsDespiteHVCI: 'TRUE'
-- Authentihash:
-    MD5: a17d227444e090ff69e24fcb6d43162b
-    SHA1: 43d3a3c1f7b14cfcc051cae2534dbbbb4c7fc120
-    SHA256: b8eb26b6f79020ae988e4fb752dc06e1b6779749bf4f8df2872fc2b92bab8020
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2005-05-25 00:39:12'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - RtlInitUnicodeString
-  - ZwClose
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - IoDeleteSymbolicLink
-  - IofCompleteRequest
-  - MmIsAddressValid
-  - ZwUnmapViewOfSection
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - __C_specific_handler
-  - IoDeleteDevice
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: 9a5a35112c4f8016abcc6363b44d3385
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: deb9c1e252f598099d70d2b33a313da3
-    SHA1: f0c2801e0091ed6f5e10ea7045e911aa90030290
-    SHA256: 914fb9761d50c3fa2ecf9fbd8af3735f9b8d6c4903e067c8af9546e79b6f22c7
-  SHA1: 8800a33a37c640922ce6a2996cd822ed4603b8bb
-  SHA256: ad215185dc833c54d523350ef3dbc10b3357a88fc4dde00281d9af81ea0764d5
-  Sections:
-    .text:
-      Entropy: 5.7214393917162045
-      Virtual Size: '0xc74'
-    .rdata:
-      Entropy: 3.4063014058939425
-      Virtual Size: '0x130'
-    .data:
-      Entropy: 2.4884950805464947
-      Virtual Size: '0x58'
-    .pdata:
-      Entropy: 3.1879942043708462
-      Virtual Size: '0x60'
-    INIT:
-      Entropy: 4.4494366822955245
-      Virtual Size: '0x202'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: OU=Timestamping CA, O=GlobalSign, CN=GlobalSign Timestamping CA
-      ValidFrom: '2009-03-18 11:00:00'
-      ValidTo: '2028-01-28 12:00:00'
-      Signature: 5df6cb2b0d0140849f857a43706ae0c5e7aa0600d76713c9089131654f14a8a905dc389e6aa0300abd8dc78028ee4245ca94f3de5845a9803204f5595c6a70003927944df5b44634e81c5331b2b35416e9cc42abd5d959301cfb462725b88723b1e8758824831ec876377b01494548a4ede25dd27c9ca2dc2dba105a126265abae00c710343bcb72bd14240cdcc37627b4a7fee15829f20e169f91391d89a6e60f1c878ce258ac927e243eaaec14e73a33348bc63bac83ab0f14627aba1a2d4d4b1bc530f00b92797d3c78e0f8e6d215965999392b3061e8b8f8c0a1e9221411787dc4dc89bec0bb94e172aeebb540404fef171e585ed0a88996ac9228e9babf
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012019c19066
-      Version: 3
-      TBS:
-        MD5: 42023b9487cafe46c1b6a49c369a362e
-        SHA1: 7c7b524d269334b9f073c32e888e09544c6acd98
-        SHA256: b7126567833f3daa4085ff41e73112daad3d1e3808a942c1936520e2d6c46c78
-        SHA384: 0ee4f63d6f157ec4f6990c3ebb411ccd76cb1e2123c7f692459e43f96c0da2dbf60a2bce6afeacc60621d3055028baea
-    - Subject: C=BE, O=GlobalSign NV, CN=GlobalSign Time Stamping Authority
-      ValidFrom: '2009-12-21 09:32:56'
-      ValidTo: '2020-12-22 09:32:56'
-      Signature: bc89ecfee63655935c79d4117a86808f17b693b26d9b91a1561811c655eaf608edad9b9ef52b81c8bbdd607b1b47991e6d403e1d80c213d58e04052fdbe7ae529e688472a1e54a603cf89bd52f46d8c3b2b79353ac9b6c432424d1f1fce9562e3411581843eaefff34746ca0c06c7fad031969881e9560cabbbd0cbb76efc724b081c63831cf36ad0c38b89020849b2e8f28b99ff6ca9427cdac396157e0e3955a9c769230f5dea6973d721c2a6032a8334d8635338a5cf3a4fdf7062ce16b4b30f5cbd34362f841b9de7d20cb058c8e2cf65f35fd338d42896508362ca389f45a858bb0b97bdb6ccba1f8d20e1bbb977cd12779be9d7c3be6a75634d8c991a9
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 01000000000125b0b4cc01
-      Version: 3
-      TBS:
-        MD5: e3369c8e5aec0504b3a50455f615d9f9
-        SHA1: 13c244a894b40ecd18aaf97c362f20385bd005a7
-        SHA256: 26da721a670c72836926032fee6920118bfb9bff89cc8d0ce30d9452c33f2532
-        SHA384: 1524902f0e25addc6d74039d439366d2b06199e215004fd8e145369f50ea94a021ce6312e8a62b35470da0309ccb975c
-    - Subject: C=US, ST=California, L=Brea, O=EVGA, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=EVGA
-      ValidFrom: '2010-04-14 00:00:00'
-      ValidTo: '2012-04-15 23:59:59'
-      Signature: ba96817224593697c9135d803c5fc87767f2a7ed8fa0aa18eab4030a3daed18c55fb7eda8835d0488d18136c0db39d8edf3224790842cdf8580b35324631de717e9279d28d605285615341aeea10a73005d59cbe3138bebfa5003cbcf2971249423d820d6d252a18bf4dd124a1ac0c2f66015cbb23690e1b0fb9d5ce3f047663f1fb6735e54f09cfb6162da298bdc956490586cfdadee74a5766c187223e19112d22f59c7f3f325449afebc42689ec4c9399bd0d97397c37230804a4e5bc17e904008aa9c5972e2332302e57648006d057c9ed8c6384fb42d138971c86079b155c202733b837b3eef122c866ce3e6d8a8d9f1685e618cc2466d623d212b73df6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 79c32d7ddd2458cf2eabe5b1b5c5290f
-      Version: 3
-      TBS:
-        MD5: 5ba772ec00357ae706016510775c7a00
-        SHA1: eeb31b244ea14abae1e947ecdca0d6ae4720031b
-        SHA256: c8e707c2615c26ac78ed06b42dd20bc8ff82bc5e02ddafe2c9af85755097691b
-        SHA384: a1d6af64a5eb3841d632438119fc954354caf3ccea61b69003a7fc9da166a9c653dc0359be2ae2463bffb7b53b0911ac
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 79c32d7ddd2458cf2eabe5b1b5c5290f
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  Imphash: 543f80399f79401471523d335ea61642
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: a17d227444e090ff69e24fcb6d43162b
-    SHA1: 43d3a3c1f7b14cfcc051cae2534dbbbb4c7fc120
-    SHA256: b8eb26b6f79020ae988e4fb752dc06e1b6779749bf4f8df2872fc2b92bab8020
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2005-05-25 00:39:12'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - RtlInitUnicodeString
-  - ZwClose
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - IoDeleteSymbolicLink
-  - IofCompleteRequest
-  - MmIsAddressValid
-  - ZwUnmapViewOfSection
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - __C_specific_handler
-  - IoDeleteDevice
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: a5afd20e34bcd634ebd25b3ab2ff3403
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: deb9c1e252f598099d70d2b33a313da3
-    SHA1: f0c2801e0091ed6f5e10ea7045e911aa90030290
-    SHA256: 914fb9761d50c3fa2ecf9fbd8af3735f9b8d6c4903e067c8af9546e79b6f22c7
-  SHA1: fb349c3cde212ef33a11a9d58a622dc58dff3f74
-  SHA256: d9a2bf0f5ba185170441f003dc46fbb570e1c9fdf2132ab7de28b87ba7ad1a0c
-  Sections:
-    .text:
-      Entropy: 5.7214393917162045
-      Virtual Size: '0xc74'
-    .rdata:
-      Entropy: 3.4063014058939425
-      Virtual Size: '0x130'
-    .data:
-      Entropy: 2.4884950805464947
-      Virtual Size: '0x58'
-    .pdata:
-      Entropy: 3.1879942043708462
-      Virtual Size: '0x60'
-    INIT:
-      Entropy: 4.4494366822955245
-      Virtual Size: '0x202'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: CN=GlobalSign RootSign Partners CA, OU=RootSign Partners CA, O=GlobalSign
-        nv,sa, C=BE
-      ValidFrom: '2003-12-16 13:00:00'
-      ValidTo: '2014-01-27 11:00:00'
-      Signature: 5c2f2e674a26b3e7b53f353cdda003ed569af9443752163065c7d14ea20f8db7b6b6678ee74cec8d95bee6cea7227874acd7f87499b3f7ce8b1338d596cc8d76c52f38b23aae61be0b8799e321626423398d84f6858df777ffb03806f07ec1485fb5ee582606660522749283a7dbb5f992e3e8c3192c2e63efbb1fdff9f70747660d0789977ef8332c9ecbae143df11cdfa3f179afc8928f9471c4d144c554db1eb50b0aa942a3afd643391dee8f9398585bbe6e9c0bf563ec5e99c2f954fa010746da0db06424cf8ed1061d4f3ca26377455ba4bc5fb080bb31e00b54015c161d724ed52a6947d11b667e5f016ef135916be02efeb045d81627b5c58bc2da53
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 040000000000f97faa2e1e
-      Version: 3
-      TBS:
-        MD5: 59466cb0c1788b2f251fce3495837102
-        SHA1: c5cfc5f6a131a3a77c3905c9893c99bb1b2baa0b
-        SHA256: eedda02668f7636eeec69429a7164cc47ca3de0539122d37f5b8078df7ee56db
-        SHA384: 982b72c3ee7066ce80ee642444c91adc60e7009fc6ef981a32edf666591d6aedb09d258e10e86f4ef265eae8149bbd92
-    - Subject: O=GlobalSign, CN=GlobalSign Time Stamping Authority, emailAddress=timestampinfo@globalsign.com
-      ValidFrom: '2007-02-05 09:00:00'
-      ValidTo: '2014-01-27 09:00:00'
-      Signature: 649b07caaccc411e37ef6f349cb5e8ca48f9daeafaf7172e5cad193b7311ec5adbfd7b213161c092515bb166b07c64d8fe10b471a8bc9e75379c5f6ff2da0437b8ecc003e256b7785995581d7a7c3e18d74c32bdf91ee723457fdee08d65825b45fd64c66fc3d7ea12411d0c395ef696f8c3cd9e1fff51886976988b8eb42788821ad63c7aabb04eb73ee8d434d2c1a439533cb2747b15373054a6ebb924cc2f084b4364f14aaf8d9ce8546cb2dbdc3bb1c722849f558e72a8b2a8f6f0ff03c996ebab8273dabe45561936fdba6cbc71f0d3c7c376d7e4bce2a1a67200cfbdb200ed92aa39ab09d16e3953862ad43b517398b754e9972d9977ee123e3642257f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000011092eb8295
-      Version: 3
-      TBS:
-        MD5: 11d73a3638fc78e0bac6c459feadcc42
-        SHA1: 6636f7dcf81b370b919966f9063295ec84422f91
-        SHA256: 1eb5fc1d2e3254b1e3c4587a6efed87ee65306525e684b4cfa4b51893cfe86a3
-        SHA384: a13c07e505c79c58654ad2cffe219c6c801fa092c52f18c489a6061420c6475706f11c200f4dadd51718c660e49b3f24
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=US, ST=California, L=Brea, O=EVGA, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=EVGA
-      ValidFrom: '2008-04-16 00:00:00'
-      ValidTo: '2010-04-16 23:59:59'
-      Signature: 13a3b8caa6bd8d63308898b0c92b79574e5d122a3ecba9758ec450b7c8c848ee5bc486db6370a8dfeb4c96c2c25512f7a3e759cc57a4d92f1a44fba15ca0c1156d22c49251b4e6a01bb93e4a62522ee5af4286c759c01c66fa5ce4452a4f112d03560bfa9737a3d0f3008b3cc48f2042b4428643f1efb4b99a34d0545c9934f1a6f35819e469430b74ba475a2135660948131cf24c9b1fb84580a1fd63eb3218d282e4f7caf77f4adbecb51e4b8237937eda0b7fcc20fc2273bf38282ee69ae6730b21c5314bcdc3f2e3a1e6f6c3ccb2139800f69d3f2fadc235080214f1c9b11e6a8f2165a45e15cca3c3542c2bac7225208a84828456d2e93cfe8315b092a1
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 546ea040bf5075ce0a5c01d4c6ded19d
-      Version: 3
-      TBS:
-        MD5: 8f51b4e16b87e1cc89b9d0c997227546
-        SHA1: 8f3cdd2b86ae03653f0612911a2f01a9dca49a22
-        SHA256: c7f57b7287c808d2713aba9e368fe387b5825bfbda1bd1824f374beaa8e30be9
-        SHA384: 70423f071aae83c68149b7fca1181f65fd5ee37b1527bb989c3c6b0af7d78b19930c8b2cb517da35f66294eba8768e37
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 546ea040bf5075ce0a5c01d4c6ded19d
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  Imphash: 543f80399f79401471523d335ea61642
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 55466195f0b2f4afc4243b43a806e6d9
-    SHA1: 38b353d8480885de5dcf299deca99ce4f26a1d20
-    SHA256: 5182caf10de9cec0740ecde5a081c21cdc100d7eb328ffe6f3f63183889fec6b
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2011-09-06 06:24:50'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - RtlInitUnicodeString
-  - ZwClose
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - MmMapIoSpace
-  - IoDeleteSymbolicLink
-  - IofCompleteRequest
-  - ZwUnmapViewOfSection
-  - MmUnmapIoSpace
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - __C_specific_handler
-  - IoDeleteDevice
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: 6691e873354f1914692df104718eebad
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 59080883b71fd56bbf10ec0ae4b6bdd4
-    SHA1: 503a36a225568553cc9b05f63b3506c6ff21e12e
-    SHA256: bc812d4ddc3ecfbf38c4d0d185e368fc58bac6e07f722db032bf6303daa7c946
-  SHA1: d3d2fe8080f0b18465520785f3a955e1a24ae462
-  SHA256: 22e125c284a55eb730f03ec27b87ab84cf897f9d046b91c76bea2b5809fd51c5
-  Sections:
-    .text:
-      Entropy: 5.866767422382319
-      Virtual Size: '0x8b4'
-    .rdata:
-      Entropy: 3.095201756852517
-      Virtual Size: '0x110'
-    .data:
-      Entropy: 2.4884950805464947
-      Virtual Size: '0x58'
-    .pdata:
-      Entropy: 3.045843351790575
-      Virtual Size: '0x54'
-    INIT:
-      Entropy: 4.468159720315432
-      Virtual Size: '0x218'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: OU=Timestamping CA, O=GlobalSign, CN=GlobalSign Timestamping CA
-      ValidFrom: '2009-03-18 11:00:00'
-      ValidTo: '2028-01-28 12:00:00'
-      Signature: 5df6cb2b0d0140849f857a43706ae0c5e7aa0600d76713c9089131654f14a8a905dc389e6aa0300abd8dc78028ee4245ca94f3de5845a9803204f5595c6a70003927944df5b44634e81c5331b2b35416e9cc42abd5d959301cfb462725b88723b1e8758824831ec876377b01494548a4ede25dd27c9ca2dc2dba105a126265abae00c710343bcb72bd14240cdcc37627b4a7fee15829f20e169f91391d89a6e60f1c878ce258ac927e243eaaec14e73a33348bc63bac83ab0f14627aba1a2d4d4b1bc530f00b92797d3c78e0f8e6d215965999392b3061e8b8f8c0a1e9221411787dc4dc89bec0bb94e172aeebb540404fef171e585ed0a88996ac9228e9babf
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012019c19066
-      Version: 3
-      TBS:
-        MD5: 42023b9487cafe46c1b6a49c369a362e
-        SHA1: 7c7b524d269334b9f073c32e888e09544c6acd98
-        SHA256: b7126567833f3daa4085ff41e73112daad3d1e3808a942c1936520e2d6c46c78
-        SHA384: 0ee4f63d6f157ec4f6990c3ebb411ccd76cb1e2123c7f692459e43f96c0da2dbf60a2bce6afeacc60621d3055028baea
-    - Subject: C=BE, O=GlobalSign NV, CN=GlobalSign Time Stamping Authority
-      ValidFrom: '2009-12-21 09:32:56'
-      ValidTo: '2020-12-22 09:32:56'
-      Signature: bc89ecfee63655935c79d4117a86808f17b693b26d9b91a1561811c655eaf608edad9b9ef52b81c8bbdd607b1b47991e6d403e1d80c213d58e04052fdbe7ae529e688472a1e54a603cf89bd52f46d8c3b2b79353ac9b6c432424d1f1fce9562e3411581843eaefff34746ca0c06c7fad031969881e9560cabbbd0cbb76efc724b081c63831cf36ad0c38b89020849b2e8f28b99ff6ca9427cdac396157e0e3955a9c769230f5dea6973d721c2a6032a8334d8635338a5cf3a4fdf7062ce16b4b30f5cbd34362f841b9de7d20cb058c8e2cf65f35fd338d42896508362ca389f45a858bb0b97bdb6ccba1f8d20e1bbb977cd12779be9d7c3be6a75634d8c991a9
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 01000000000125b0b4cc01
-      Version: 3
-      TBS:
-        MD5: e3369c8e5aec0504b3a50455f615d9f9
-        SHA1: 13c244a894b40ecd18aaf97c362f20385bd005a7
-        SHA256: 26da721a670c72836926032fee6920118bfb9bff89cc8d0ce30d9452c33f2532
-        SHA384: 1524902f0e25addc6d74039d439366d2b06199e215004fd8e145369f50ea94a021ce6312e8a62b35470da0309ccb975c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=US, ST=California, L=Brea, O=EVGA, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=EVGA
-      ValidFrom: '2012-02-29 00:00:00'
-      ValidTo: '2014-04-15 23:59:59'
-      Signature: d77d9dbdeea6d42d15335f0b16117963e49d39b89af081160a467824968e611f0947648a83375d1380acca6cbe1117f488b428bcab943b20dad29e72dd48e7d01b080b12c444727bba415a098799abd5e5673dd7eda91787920c3cc53aac068e0a3d1faef713c14f7ec6f68f69a33340b70e81083db2ce1daf45592063235d05232a1d3d8052fc3f102b2b71e1c46275eff3d4a2dc5ee0d5d727d180da205055a3709a32ad6bd11317b1f109e7c5eca18c8293c937ba6f76278bc306c10f0f1bc865cedcf2c2331e7a7f5c0bcfab91786b8ff848d8ef9c59937ddb94f6369884162148f882e7d0c4343538ad23aeb6ab3db0f6d125a8e2fe3889e40ed66bc66a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 26d7f5563eb3e42a81f7c715fcd2799d
-      Version: 3
-      TBS:
-        MD5: e994671d8d440b7739cdd9775bbca72f
-        SHA1: ea9446b39b968aa6953e1bf74a36435759b3d2e3
-        SHA256: 37a9886a67c19d644c74505801f947d3b2756a5540cbd89a0c8d500511cb838d
-        SHA384: 41d34e73f1b002f885c80004e3c366299392258ce5ba880150875ed8811ebc9913dc34cdf7c9800a8303dd512207787c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 26d7f5563eb3e42a81f7c715fcd2799d
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 690a0fb27a0c47c785d6bbbfc2e56501
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: a17d227444e090ff69e24fcb6d43162b
-    SHA1: 43d3a3c1f7b14cfcc051cae2534dbbbb4c7fc120
-    SHA256: b8eb26b6f79020ae988e4fb752dc06e1b6779749bf4f8df2872fc2b92bab8020
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2005-05-25 00:39:12'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - RtlInitUnicodeString
-  - ZwClose
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - IoDeleteSymbolicLink
-  - IofCompleteRequest
-  - MmIsAddressValid
-  - ZwUnmapViewOfSection
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - __C_specific_handler
-  - IoDeleteDevice
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: b994110f069d197222508a724d8afdac
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: deb9c1e252f598099d70d2b33a313da3
-    SHA1: f0c2801e0091ed6f5e10ea7045e911aa90030290
-    SHA256: 914fb9761d50c3fa2ecf9fbd8af3735f9b8d6c4903e067c8af9546e79b6f22c7
-  SHA1: 47df454cb030c1f4f7002d46b1308a32b03148e7
-  SHA256: dd2c1aa4e14c825f3715891bfa2b6264650a794f366d5f73ed1ef1d79ff0dbf9
-  Sections:
-    .text:
-      Entropy: 5.7214393917162045
-      Virtual Size: '0xc74'
-    .rdata:
-      Entropy: 3.4063014058939425
-      Virtual Size: '0x130'
-    .data:
-      Entropy: 2.4884950805464947
-      Virtual Size: '0x58'
-    .pdata:
-      Entropy: 3.1879942043708462
-      Virtual Size: '0x60'
-    INIT:
-      Entropy: 4.4494366822955245
-      Virtual Size: '0x202'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: OU=Timestamping CA, O=GlobalSign, CN=GlobalSign Timestamping CA
-      ValidFrom: '2009-03-18 11:00:00'
-      ValidTo: '2028-01-28 12:00:00'
-      Signature: 5df6cb2b0d0140849f857a43706ae0c5e7aa0600d76713c9089131654f14a8a905dc389e6aa0300abd8dc78028ee4245ca94f3de5845a9803204f5595c6a70003927944df5b44634e81c5331b2b35416e9cc42abd5d959301cfb462725b88723b1e8758824831ec876377b01494548a4ede25dd27c9ca2dc2dba105a126265abae00c710343bcb72bd14240cdcc37627b4a7fee15829f20e169f91391d89a6e60f1c878ce258ac927e243eaaec14e73a33348bc63bac83ab0f14627aba1a2d4d4b1bc530f00b92797d3c78e0f8e6d215965999392b3061e8b8f8c0a1e9221411787dc4dc89bec0bb94e172aeebb540404fef171e585ed0a88996ac9228e9babf
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012019c19066
-      Version: 3
-      TBS:
-        MD5: 42023b9487cafe46c1b6a49c369a362e
-        SHA1: 7c7b524d269334b9f073c32e888e09544c6acd98
-        SHA256: b7126567833f3daa4085ff41e73112daad3d1e3808a942c1936520e2d6c46c78
-        SHA384: 0ee4f63d6f157ec4f6990c3ebb411ccd76cb1e2123c7f692459e43f96c0da2dbf60a2bce6afeacc60621d3055028baea
-    - Subject: C=BE, O=GlobalSign NV, CN=GlobalSign Time Stamping Authority
-      ValidFrom: '2009-12-21 09:32:56'
-      ValidTo: '2020-12-22 09:32:56'
-      Signature: bc89ecfee63655935c79d4117a86808f17b693b26d9b91a1561811c655eaf608edad9b9ef52b81c8bbdd607b1b47991e6d403e1d80c213d58e04052fdbe7ae529e688472a1e54a603cf89bd52f46d8c3b2b79353ac9b6c432424d1f1fce9562e3411581843eaefff34746ca0c06c7fad031969881e9560cabbbd0cbb76efc724b081c63831cf36ad0c38b89020849b2e8f28b99ff6ca9427cdac396157e0e3955a9c769230f5dea6973d721c2a6032a8334d8635338a5cf3a4fdf7062ce16b4b30f5cbd34362f841b9de7d20cb058c8e2cf65f35fd338d42896508362ca389f45a858bb0b97bdb6ccba1f8d20e1bbb977cd12779be9d7c3be6a75634d8c991a9
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 01000000000125b0b4cc01
-      Version: 3
-      TBS:
-        MD5: e3369c8e5aec0504b3a50455f615d9f9
-        SHA1: 13c244a894b40ecd18aaf97c362f20385bd005a7
-        SHA256: 26da721a670c72836926032fee6920118bfb9bff89cc8d0ce30d9452c33f2532
-        SHA384: 1524902f0e25addc6d74039d439366d2b06199e215004fd8e145369f50ea94a021ce6312e8a62b35470da0309ccb975c
-    - Subject: C=US, ST=California, L=Brea, O=EVGA, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=EVGA
-      ValidFrom: '2010-04-14 00:00:00'
-      ValidTo: '2012-04-15 23:59:59'
-      Signature: ba96817224593697c9135d803c5fc87767f2a7ed8fa0aa18eab4030a3daed18c55fb7eda8835d0488d18136c0db39d8edf3224790842cdf8580b35324631de717e9279d28d605285615341aeea10a73005d59cbe3138bebfa5003cbcf2971249423d820d6d252a18bf4dd124a1ac0c2f66015cbb23690e1b0fb9d5ce3f047663f1fb6735e54f09cfb6162da298bdc956490586cfdadee74a5766c187223e19112d22f59c7f3f325449afebc42689ec4c9399bd0d97397c37230804a4e5bc17e904008aa9c5972e2332302e57648006d057c9ed8c6384fb42d138971c86079b155c202733b837b3eef122c866ce3e6d8a8d9f1685e618cc2466d623d212b73df6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 79c32d7ddd2458cf2eabe5b1b5c5290f
-      Version: 3
-      TBS:
-        MD5: 5ba772ec00357ae706016510775c7a00
-        SHA1: eeb31b244ea14abae1e947ecdca0d6ae4720031b
-        SHA256: c8e707c2615c26ac78ed06b42dd20bc8ff82bc5e02ddafe2c9af85755097691b
-        SHA384: a1d6af64a5eb3841d632438119fc954354caf3ccea61b69003a7fc9da166a9c653dc0359be2ae2463bffb7b53b0911ac
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 79c32d7ddd2458cf2eabe5b1b5c5290f
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  Imphash: 543f80399f79401471523d335ea61642
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: a17d227444e090ff69e24fcb6d43162b
-    SHA1: 43d3a3c1f7b14cfcc051cae2534dbbbb4c7fc120
-    SHA256: b8eb26b6f79020ae988e4fb752dc06e1b6779749bf4f8df2872fc2b92bab8020
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2005-05-25 00:39:12'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - RtlInitUnicodeString
-  - ZwClose
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - IoDeleteSymbolicLink
-  - IofCompleteRequest
-  - MmIsAddressValid
-  - ZwUnmapViewOfSection
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - __C_specific_handler
-  - IoDeleteDevice
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: 4b194021d6bd6650cbd1aed9370b2329
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: deb9c1e252f598099d70d2b33a313da3
-    SHA1: f0c2801e0091ed6f5e10ea7045e911aa90030290
-    SHA256: 914fb9761d50c3fa2ecf9fbd8af3735f9b8d6c4903e067c8af9546e79b6f22c7
-  SHA1: c8a4a64b412fd8ef079661db4a4a7cd7394514ca
-  SHA256: 96df0b01eeba3e6e50759d400df380db27f0d0e34812d0374d22ac1758230452
-  Sections:
-    .text:
-      Entropy: 5.7214393917162045
-      Virtual Size: '0xc74'
-    .rdata:
-      Entropy: 3.4063014058939425
-      Virtual Size: '0x130'
-    .data:
-      Entropy: 2.4884950805464947
-      Virtual Size: '0x58'
-    .pdata:
-      Entropy: 3.1879942043708462
-      Virtual Size: '0x60'
-    INIT:
-      Entropy: 4.4494366822955245
-      Virtual Size: '0x202'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: CN=GlobalSign RootSign Partners CA, OU=RootSign Partners CA, O=GlobalSign
-        nv,sa, C=BE
-      ValidFrom: '2003-12-16 13:00:00'
-      ValidTo: '2014-01-27 11:00:00'
-      Signature: 5c2f2e674a26b3e7b53f353cdda003ed569af9443752163065c7d14ea20f8db7b6b6678ee74cec8d95bee6cea7227874acd7f87499b3f7ce8b1338d596cc8d76c52f38b23aae61be0b8799e321626423398d84f6858df777ffb03806f07ec1485fb5ee582606660522749283a7dbb5f992e3e8c3192c2e63efbb1fdff9f70747660d0789977ef8332c9ecbae143df11cdfa3f179afc8928f9471c4d144c554db1eb50b0aa942a3afd643391dee8f9398585bbe6e9c0bf563ec5e99c2f954fa010746da0db06424cf8ed1061d4f3ca26377455ba4bc5fb080bb31e00b54015c161d724ed52a6947d11b667e5f016ef135916be02efeb045d81627b5c58bc2da53
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 040000000000f97faa2e1e
-      Version: 3
-      TBS:
-        MD5: 59466cb0c1788b2f251fce3495837102
-        SHA1: c5cfc5f6a131a3a77c3905c9893c99bb1b2baa0b
-        SHA256: eedda02668f7636eeec69429a7164cc47ca3de0539122d37f5b8078df7ee56db
-        SHA384: 982b72c3ee7066ce80ee642444c91adc60e7009fc6ef981a32edf666591d6aedb09d258e10e86f4ef265eae8149bbd92
-    - Subject: O=GlobalSign, CN=GlobalSign Time Stamping Authority, emailAddress=timestampinfo@globalsign.com
-      ValidFrom: '2007-02-05 09:00:00'
-      ValidTo: '2014-01-27 09:00:00'
-      Signature: 649b07caaccc411e37ef6f349cb5e8ca48f9daeafaf7172e5cad193b7311ec5adbfd7b213161c092515bb166b07c64d8fe10b471a8bc9e75379c5f6ff2da0437b8ecc003e256b7785995581d7a7c3e18d74c32bdf91ee723457fdee08d65825b45fd64c66fc3d7ea12411d0c395ef696f8c3cd9e1fff51886976988b8eb42788821ad63c7aabb04eb73ee8d434d2c1a439533cb2747b15373054a6ebb924cc2f084b4364f14aaf8d9ce8546cb2dbdc3bb1c722849f558e72a8b2a8f6f0ff03c996ebab8273dabe45561936fdba6cbc71f0d3c7c376d7e4bce2a1a67200cfbdb200ed92aa39ab09d16e3953862ad43b517398b754e9972d9977ee123e3642257f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000011092eb8295
-      Version: 3
-      TBS:
-        MD5: 11d73a3638fc78e0bac6c459feadcc42
-        SHA1: 6636f7dcf81b370b919966f9063295ec84422f91
-        SHA256: 1eb5fc1d2e3254b1e3c4587a6efed87ee65306525e684b4cfa4b51893cfe86a3
-        SHA384: a13c07e505c79c58654ad2cffe219c6c801fa092c52f18c489a6061420c6475706f11c200f4dadd51718c660e49b3f24
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=US, ST=California, L=Brea, O=EVGA, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=EVGA
-      ValidFrom: '2008-04-16 00:00:00'
-      ValidTo: '2010-04-16 23:59:59'
-      Signature: 13a3b8caa6bd8d63308898b0c92b79574e5d122a3ecba9758ec450b7c8c848ee5bc486db6370a8dfeb4c96c2c25512f7a3e759cc57a4d92f1a44fba15ca0c1156d22c49251b4e6a01bb93e4a62522ee5af4286c759c01c66fa5ce4452a4f112d03560bfa9737a3d0f3008b3cc48f2042b4428643f1efb4b99a34d0545c9934f1a6f35819e469430b74ba475a2135660948131cf24c9b1fb84580a1fd63eb3218d282e4f7caf77f4adbecb51e4b8237937eda0b7fcc20fc2273bf38282ee69ae6730b21c5314bcdc3f2e3a1e6f6c3ccb2139800f69d3f2fadc235080214f1c9b11e6a8f2165a45e15cca3c3542c2bac7225208a84828456d2e93cfe8315b092a1
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 546ea040bf5075ce0a5c01d4c6ded19d
-      Version: 3
-      TBS:
-        MD5: 8f51b4e16b87e1cc89b9d0c997227546
-        SHA1: 8f3cdd2b86ae03653f0612911a2f01a9dca49a22
-        SHA256: c7f57b7287c808d2713aba9e368fe387b5825bfbda1bd1824f374beaa8e30be9
-        SHA384: 70423f071aae83c68149b7fca1181f65fd5ee37b1527bb989c3c6b0af7d78b19930c8b2cb517da35f66294eba8768e37
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 546ea040bf5075ce0a5c01d4c6ded19d
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  Imphash: 543f80399f79401471523d335ea61642
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 936e49d3eec0a2f433e9d0115a38a2b6
-    SHA1: 5717bf3e520accfff5ad9943e53a3b118fb67f2e
-    SHA256: 918d2e68a724b58d37443aea159e70bf8b1b5ebb089c395cad1d62745ecdaa19
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2013-03-10 23:32:06'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - RtlInitUnicodeString
-  - ZwClose
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - MmMapIoSpace
-  - IoDeleteSymbolicLink
-  - IofCompleteRequest
-  - ZwUnmapViewOfSection
-  - MmUnmapIoSpace
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - __C_specific_handler
-  - IoDeleteDevice
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: 6b16512bffe88146a7915f749bd81641
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 59080883b71fd56bbf10ec0ae4b6bdd4
-    SHA1: 503a36a225568553cc9b05f63b3506c6ff21e12e
-    SHA256: bc812d4ddc3ecfbf38c4d0d185e368fc58bac6e07f722db032bf6303daa7c946
-  SHA1: fad014ec98529644b5db5388d96bc4f9b77dcdc3
-  SHA256: 5fe5a6f88fbbc85be9efe81204eee11dff1a683b426019d330b1276a3b5424f4
-  Sections:
-    .text:
-      Entropy: 5.875896928498946
-      Virtual Size: '0x8c4'
-    .rdata:
-      Entropy: 3.077836082863532
-      Virtual Size: '0x110'
-    .data:
-      Entropy: 2.4884950805464947
-      Virtual Size: '0x58'
-    .pdata:
-      Entropy: 2.9223636591016042
-      Virtual Size: '0x54'
-    INIT:
-      Entropy: 4.468159720315432
-      Virtual Size: '0x218'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: OU=Timestamping CA, O=GlobalSign, CN=GlobalSign Timestamping CA
-      ValidFrom: '2009-03-18 11:00:00'
-      ValidTo: '2028-01-28 12:00:00'
-      Signature: 5df6cb2b0d0140849f857a43706ae0c5e7aa0600d76713c9089131654f14a8a905dc389e6aa0300abd8dc78028ee4245ca94f3de5845a9803204f5595c6a70003927944df5b44634e81c5331b2b35416e9cc42abd5d959301cfb462725b88723b1e8758824831ec876377b01494548a4ede25dd27c9ca2dc2dba105a126265abae00c710343bcb72bd14240cdcc37627b4a7fee15829f20e169f91391d89a6e60f1c878ce258ac927e243eaaec14e73a33348bc63bac83ab0f14627aba1a2d4d4b1bc530f00b92797d3c78e0f8e6d215965999392b3061e8b8f8c0a1e9221411787dc4dc89bec0bb94e172aeebb540404fef171e585ed0a88996ac9228e9babf
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012019c19066
-      Version: 3
-      TBS:
-        MD5: 42023b9487cafe46c1b6a49c369a362e
-        SHA1: 7c7b524d269334b9f073c32e888e09544c6acd98
-        SHA256: b7126567833f3daa4085ff41e73112daad3d1e3808a942c1936520e2d6c46c78
-        SHA384: 0ee4f63d6f157ec4f6990c3ebb411ccd76cb1e2123c7f692459e43f96c0da2dbf60a2bce6afeacc60621d3055028baea
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=BE, O=GlobalSign NV, CN=GlobalSign Time Stamping Authority
-      ValidFrom: '2009-12-21 09:32:56'
-      ValidTo: '2020-12-22 09:32:56'
-      Signature: bc89ecfee63655935c79d4117a86808f17b693b26d9b91a1561811c655eaf608edad9b9ef52b81c8bbdd607b1b47991e6d403e1d80c213d58e04052fdbe7ae529e688472a1e54a603cf89bd52f46d8c3b2b79353ac9b6c432424d1f1fce9562e3411581843eaefff34746ca0c06c7fad031969881e9560cabbbd0cbb76efc724b081c63831cf36ad0c38b89020849b2e8f28b99ff6ca9427cdac396157e0e3955a9c769230f5dea6973d721c2a6032a8334d8635338a5cf3a4fdf7062ce16b4b30f5cbd34362f841b9de7d20cb058c8e2cf65f35fd338d42896508362ca389f45a858bb0b97bdb6ccba1f8d20e1bbb977cd12779be9d7c3be6a75634d8c991a9
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 01000000000125b0b4cc01
-      Version: 3
-      TBS:
-        MD5: e3369c8e5aec0504b3a50455f615d9f9
-        SHA1: 13c244a894b40ecd18aaf97c362f20385bd005a7
-        SHA256: 26da721a670c72836926032fee6920118bfb9bff89cc8d0ce30d9452c33f2532
-        SHA384: 1524902f0e25addc6d74039d439366d2b06199e215004fd8e145369f50ea94a021ce6312e8a62b35470da0309ccb975c
-    - Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL CO.,
-        LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL CO.,
-        LTD.
-      ValidFrom: '2011-08-30 06:46:09'
-      ValidTo: '2014-08-30 06:46:09'
-      Signature: 87bf57ab7ffd7e005076b34b14ddd924045ec7e389871661794f1ece1bef10e050893b28236cb650af1415f8cd95e86c2052d93311d73e0bbe6fb1c22ddea438a93c8b18bd4b8c0f81ad07032efb46d406bbaa730dd3ac92cbf0d9cc711a397a0e0320b213a5161e6be83ec69967a712b463129ea56d5a8ecd3ff8901be09dfaa0a0f10e879b307863e1b1c3a3149ac73bc3f3160db7012229b57bced6d47b875878663642a8cddd03da1e7f236b8cf16713a5e0f4c892aaca77a8c7dab41d84567e2bbf09b336a2824e0e18d54d199e6e024d2630bb210cd24a9ef4b377be0429e2ecc9bf8478a8c6a78c686e26f29c95925baee85e4bbb97b6eecffe44a25e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
-      Version: 3
-      TBS:
-        MD5: 3a98a18e8636f2a01e49e2a6d116c360
-        SHA1: a2938150e46525adcec2e3a2348824bc1cf532b2
-        SHA256: 01a2e2d31d0a4f3005753cce5972b5da2a7c08b0750fb6947e0fd231e64ae7ec
-        SHA384: 722398e51e6b5bbe064df372be6b6a9ccfcc9719ad775213cae46920e0a3e6c5a4dc8b912de3148abfc60ff4a59050ea
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 690a0fb27a0c47c785d6bbbfc2e56501
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: a17d227444e090ff69e24fcb6d43162b
-    SHA1: 43d3a3c1f7b14cfcc051cae2534dbbbb4c7fc120
-    SHA256: b8eb26b6f79020ae988e4fb752dc06e1b6779749bf4f8df2872fc2b92bab8020
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2005-05-25 00:39:12'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - RtlInitUnicodeString
-  - ZwClose
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - IoDeleteSymbolicLink
-  - IofCompleteRequest
-  - MmIsAddressValid
-  - ZwUnmapViewOfSection
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - __C_specific_handler
-  - IoDeleteDevice
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: 0be80db5d9368fdb29fe9d9bfdd02e7c
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: deb9c1e252f598099d70d2b33a313da3
-    SHA1: f0c2801e0091ed6f5e10ea7045e911aa90030290
-    SHA256: 914fb9761d50c3fa2ecf9fbd8af3735f9b8d6c4903e067c8af9546e79b6f22c7
-  SHA1: 6cc28df318a9420b49a252d6e8aaeda0330dc67d
-  SHA256: 5de78cf5f0b1b09e7145db84e91a2223c3ed4d83cceb3ef073c068cf88b9d444
-  Sections:
-    .text:
-      Entropy: 5.7214393917162045
-      Virtual Size: '0xc74'
-    .rdata:
-      Entropy: 3.4063014058939425
-      Virtual Size: '0x130'
-    .data:
-      Entropy: 2.4884950805464947
-      Virtual Size: '0x58'
-    .pdata:
-      Entropy: 3.1879942043708462
-      Virtual Size: '0x60'
-    INIT:
-      Entropy: 4.4494366822955245
-      Virtual Size: '0x202'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-  Imphash: 543f80399f79401471523d335ea61642
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: a17d227444e090ff69e24fcb6d43162b
-    SHA1: 43d3a3c1f7b14cfcc051cae2534dbbbb4c7fc120
-    SHA256: b8eb26b6f79020ae988e4fb752dc06e1b6779749bf4f8df2872fc2b92bab8020
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2005-05-25 00:39:12'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - RtlInitUnicodeString
-  - ZwClose
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - IoDeleteSymbolicLink
-  - IofCompleteRequest
-  - MmIsAddressValid
-  - ZwUnmapViewOfSection
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - __C_specific_handler
-  - IoDeleteDevice
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: 61e8367fb57297a949c9a80c2e0e5a38
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: deb9c1e252f598099d70d2b33a313da3
-    SHA1: f0c2801e0091ed6f5e10ea7045e911aa90030290
-    SHA256: 914fb9761d50c3fa2ecf9fbd8af3735f9b8d6c4903e067c8af9546e79b6f22c7
-  SHA1: a37616f0575a683bd81a0f49fadbbc87e1525eba
-  SHA256: d3eaf041ce5f3fd59885ead2cb4ce5c61ac9d83d41f626512942a50e3da7b75a
-  Sections:
-    .text:
-      Entropy: 5.7214393917162045
-      Virtual Size: '0xc74'
-    .rdata:
-      Entropy: 3.4063014058939425
-      Virtual Size: '0x130'
-    .data:
-      Entropy: 2.4884950805464947
-      Virtual Size: '0x58'
-    .pdata:
-      Entropy: 3.1879942043708462
-      Virtual Size: '0x60'
-    INIT:
-      Entropy: 4.4494366822955245
-      Virtual Size: '0x202'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: OU=Timestamping CA, O=GlobalSign, CN=GlobalSign Timestamping CA
-      ValidFrom: '2009-03-18 11:00:00'
-      ValidTo: '2028-01-28 12:00:00'
-      Signature: 5df6cb2b0d0140849f857a43706ae0c5e7aa0600d76713c9089131654f14a8a905dc389e6aa0300abd8dc78028ee4245ca94f3de5845a9803204f5595c6a70003927944df5b44634e81c5331b2b35416e9cc42abd5d959301cfb462725b88723b1e8758824831ec876377b01494548a4ede25dd27c9ca2dc2dba105a126265abae00c710343bcb72bd14240cdcc37627b4a7fee15829f20e169f91391d89a6e60f1c878ce258ac927e243eaaec14e73a33348bc63bac83ab0f14627aba1a2d4d4b1bc530f00b92797d3c78e0f8e6d215965999392b3061e8b8f8c0a1e9221411787dc4dc89bec0bb94e172aeebb540404fef171e585ed0a88996ac9228e9babf
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012019c19066
-      Version: 3
-      TBS:
-        MD5: 42023b9487cafe46c1b6a49c369a362e
-        SHA1: 7c7b524d269334b9f073c32e888e09544c6acd98
-        SHA256: b7126567833f3daa4085ff41e73112daad3d1e3808a942c1936520e2d6c46c78
-        SHA384: 0ee4f63d6f157ec4f6990c3ebb411ccd76cb1e2123c7f692459e43f96c0da2dbf60a2bce6afeacc60621d3055028baea
-    - Subject: C=BE, O=GlobalSign NV, CN=GlobalSign Time Stamping Authority
-      ValidFrom: '2009-12-21 09:32:56'
-      ValidTo: '2020-12-22 09:32:56'
-      Signature: bc89ecfee63655935c79d4117a86808f17b693b26d9b91a1561811c655eaf608edad9b9ef52b81c8bbdd607b1b47991e6d403e1d80c213d58e04052fdbe7ae529e688472a1e54a603cf89bd52f46d8c3b2b79353ac9b6c432424d1f1fce9562e3411581843eaefff34746ca0c06c7fad031969881e9560cabbbd0cbb76efc724b081c63831cf36ad0c38b89020849b2e8f28b99ff6ca9427cdac396157e0e3955a9c769230f5dea6973d721c2a6032a8334d8635338a5cf3a4fdf7062ce16b4b30f5cbd34362f841b9de7d20cb058c8e2cf65f35fd338d42896508362ca389f45a858bb0b97bdb6ccba1f8d20e1bbb977cd12779be9d7c3be6a75634d8c991a9
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 01000000000125b0b4cc01
-      Version: 3
-      TBS:
-        MD5: e3369c8e5aec0504b3a50455f615d9f9
-        SHA1: 13c244a894b40ecd18aaf97c362f20385bd005a7
-        SHA256: 26da721a670c72836926032fee6920118bfb9bff89cc8d0ce30d9452c33f2532
-        SHA384: 1524902f0e25addc6d74039d439366d2b06199e215004fd8e145369f50ea94a021ce6312e8a62b35470da0309ccb975c
-    - Subject: C=US, ST=California, L=Brea, O=EVGA, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=EVGA
-      ValidFrom: '2010-04-14 00:00:00'
-      ValidTo: '2012-04-15 23:59:59'
-      Signature: ba96817224593697c9135d803c5fc87767f2a7ed8fa0aa18eab4030a3daed18c55fb7eda8835d0488d18136c0db39d8edf3224790842cdf8580b35324631de717e9279d28d605285615341aeea10a73005d59cbe3138bebfa5003cbcf2971249423d820d6d252a18bf4dd124a1ac0c2f66015cbb23690e1b0fb9d5ce3f047663f1fb6735e54f09cfb6162da298bdc956490586cfdadee74a5766c187223e19112d22f59c7f3f325449afebc42689ec4c9399bd0d97397c37230804a4e5bc17e904008aa9c5972e2332302e57648006d057c9ed8c6384fb42d138971c86079b155c202733b837b3eef122c866ce3e6d8a8d9f1685e618cc2466d623d212b73df6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 79c32d7ddd2458cf2eabe5b1b5c5290f
-      Version: 3
-      TBS:
-        MD5: 5ba772ec00357ae706016510775c7a00
-        SHA1: eeb31b244ea14abae1e947ecdca0d6ae4720031b
-        SHA256: c8e707c2615c26ac78ed06b42dd20bc8ff82bc5e02ddafe2c9af85755097691b
-        SHA384: a1d6af64a5eb3841d632438119fc954354caf3ccea61b69003a7fc9da166a9c653dc0359be2ae2463bffb7b53b0911ac
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 79c32d7ddd2458cf2eabe5b1b5c5290f
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  Imphash: 543f80399f79401471523d335ea61642
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: a17d227444e090ff69e24fcb6d43162b
-    SHA1: 43d3a3c1f7b14cfcc051cae2534dbbbb4c7fc120
-    SHA256: b8eb26b6f79020ae988e4fb752dc06e1b6779749bf4f8df2872fc2b92bab8020
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2005-05-25 00:39:12'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - RtlInitUnicodeString
-  - ZwClose
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - IoDeleteSymbolicLink
-  - IofCompleteRequest
-  - MmIsAddressValid
-  - ZwUnmapViewOfSection
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - __C_specific_handler
-  - IoDeleteDevice
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: 98583b2f2efe12d2a167217a3838c498
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: deb9c1e252f598099d70d2b33a313da3
-    SHA1: f0c2801e0091ed6f5e10ea7045e911aa90030290
-    SHA256: 914fb9761d50c3fa2ecf9fbd8af3735f9b8d6c4903e067c8af9546e79b6f22c7
-  SHA1: 8f266edf9f536c7fc5bb3797a1cf9039fde8e97c
-  SHA256: 5ab48bf8c099611b217cc9f78af2f92e9aaeedf1cea4c95d5dd562f51e9f0d09
-  Sections:
-    .text:
-      Entropy: 5.7214393917162045
-      Virtual Size: '0xc74'
-    .rdata:
-      Entropy: 3.4063014058939425
-      Virtual Size: '0x130'
-    .data:
-      Entropy: 2.4884950805464947
-      Virtual Size: '0x58'
-    .pdata:
-      Entropy: 3.1879942043708462
-      Virtual Size: '0x60'
-    INIT:
-      Entropy: 4.4494366822955245
-      Virtual Size: '0x202'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: OU=Timestamping CA, O=GlobalSign, CN=GlobalSign Timestamping CA
-      ValidFrom: '2009-03-18 11:00:00'
-      ValidTo: '2028-01-28 12:00:00'
-      Signature: 5df6cb2b0d0140849f857a43706ae0c5e7aa0600d76713c9089131654f14a8a905dc389e6aa0300abd8dc78028ee4245ca94f3de5845a9803204f5595c6a70003927944df5b44634e81c5331b2b35416e9cc42abd5d959301cfb462725b88723b1e8758824831ec876377b01494548a4ede25dd27c9ca2dc2dba105a126265abae00c710343bcb72bd14240cdcc37627b4a7fee15829f20e169f91391d89a6e60f1c878ce258ac927e243eaaec14e73a33348bc63bac83ab0f14627aba1a2d4d4b1bc530f00b92797d3c78e0f8e6d215965999392b3061e8b8f8c0a1e9221411787dc4dc89bec0bb94e172aeebb540404fef171e585ed0a88996ac9228e9babf
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012019c19066
-      Version: 3
-      TBS:
-        MD5: 42023b9487cafe46c1b6a49c369a362e
-        SHA1: 7c7b524d269334b9f073c32e888e09544c6acd98
-        SHA256: b7126567833f3daa4085ff41e73112daad3d1e3808a942c1936520e2d6c46c78
-        SHA384: 0ee4f63d6f157ec4f6990c3ebb411ccd76cb1e2123c7f692459e43f96c0da2dbf60a2bce6afeacc60621d3055028baea
-    - Subject: C=BE, O=GlobalSign NV, CN=GlobalSign Time Stamping Authority
-      ValidFrom: '2009-12-21 09:32:56'
-      ValidTo: '2020-12-22 09:32:56'
-      Signature: bc89ecfee63655935c79d4117a86808f17b693b26d9b91a1561811c655eaf608edad9b9ef52b81c8bbdd607b1b47991e6d403e1d80c213d58e04052fdbe7ae529e688472a1e54a603cf89bd52f46d8c3b2b79353ac9b6c432424d1f1fce9562e3411581843eaefff34746ca0c06c7fad031969881e9560cabbbd0cbb76efc724b081c63831cf36ad0c38b89020849b2e8f28b99ff6ca9427cdac396157e0e3955a9c769230f5dea6973d721c2a6032a8334d8635338a5cf3a4fdf7062ce16b4b30f5cbd34362f841b9de7d20cb058c8e2cf65f35fd338d42896508362ca389f45a858bb0b97bdb6ccba1f8d20e1bbb977cd12779be9d7c3be6a75634d8c991a9
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 01000000000125b0b4cc01
-      Version: 3
-      TBS:
-        MD5: e3369c8e5aec0504b3a50455f615d9f9
-        SHA1: 13c244a894b40ecd18aaf97c362f20385bd005a7
-        SHA256: 26da721a670c72836926032fee6920118bfb9bff89cc8d0ce30d9452c33f2532
-        SHA384: 1524902f0e25addc6d74039d439366d2b06199e215004fd8e145369f50ea94a021ce6312e8a62b35470da0309ccb975c
-    - Subject: C=US, ST=California, L=Brea, O=EVGA, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=EVGA
-      ValidFrom: '2010-04-14 00:00:00'
-      ValidTo: '2012-04-15 23:59:59'
-      Signature: ba96817224593697c9135d803c5fc87767f2a7ed8fa0aa18eab4030a3daed18c55fb7eda8835d0488d18136c0db39d8edf3224790842cdf8580b35324631de717e9279d28d605285615341aeea10a73005d59cbe3138bebfa5003cbcf2971249423d820d6d252a18bf4dd124a1ac0c2f66015cbb23690e1b0fb9d5ce3f047663f1fb6735e54f09cfb6162da298bdc956490586cfdadee74a5766c187223e19112d22f59c7f3f325449afebc42689ec4c9399bd0d97397c37230804a4e5bc17e904008aa9c5972e2332302e57648006d057c9ed8c6384fb42d138971c86079b155c202733b837b3eef122c866ce3e6d8a8d9f1685e618cc2466d623d212b73df6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 79c32d7ddd2458cf2eabe5b1b5c5290f
-      Version: 3
-      TBS:
-        MD5: 5ba772ec00357ae706016510775c7a00
-        SHA1: eeb31b244ea14abae1e947ecdca0d6ae4720031b
-        SHA256: c8e707c2615c26ac78ed06b42dd20bc8ff82bc5e02ddafe2c9af85755097691b
-        SHA384: a1d6af64a5eb3841d632438119fc954354caf3ccea61b69003a7fc9da166a9c653dc0359be2ae2463bffb7b53b0911ac
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 79c32d7ddd2458cf2eabe5b1b5c5290f
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  Imphash: 543f80399f79401471523d335ea61642
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 55466195f0b2f4afc4243b43a806e6d9
-    SHA1: 38b353d8480885de5dcf299deca99ce4f26a1d20
-    SHA256: 5182caf10de9cec0740ecde5a081c21cdc100d7eb328ffe6f3f63183889fec6b
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2011-09-06 06:24:50'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - RtlInitUnicodeString
-  - ZwClose
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - MmMapIoSpace
-  - IoDeleteSymbolicLink
-  - IofCompleteRequest
-  - ZwUnmapViewOfSection
-  - MmUnmapIoSpace
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - __C_specific_handler
-  - IoDeleteDevice
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: dca1c62c793f84bb2d8e41ca50efbff1
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 59080883b71fd56bbf10ec0ae4b6bdd4
-    SHA1: 503a36a225568553cc9b05f63b3506c6ff21e12e
-    SHA256: bc812d4ddc3ecfbf38c4d0d185e368fc58bac6e07f722db032bf6303daa7c946
-  SHA1: 7cf7644e38746c9be4537b395285888d5572ae1b
-  SHA256: fded693528f7e6ac1af253e0bd2726607308fdaa904f1e7242ed44e1c0b29ae8
-  Sections:
-    .text:
-      Entropy: 5.866767422382319
-      Virtual Size: '0x8b4'
-    .rdata:
-      Entropy: 3.095201756852517
-      Virtual Size: '0x110'
-    .data:
-      Entropy: 2.4884950805464947
-      Virtual Size: '0x58'
-    .pdata:
-      Entropy: 3.045843351790575
-      Virtual Size: '0x54'
-    INIT:
-      Entropy: 4.468159720315432
-      Virtual Size: '0x218'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: OU=Timestamping CA, O=GlobalSign, CN=GlobalSign Timestamping CA
-      ValidFrom: '2009-03-18 11:00:00'
-      ValidTo: '2028-01-28 12:00:00'
-      Signature: 5df6cb2b0d0140849f857a43706ae0c5e7aa0600d76713c9089131654f14a8a905dc389e6aa0300abd8dc78028ee4245ca94f3de5845a9803204f5595c6a70003927944df5b44634e81c5331b2b35416e9cc42abd5d959301cfb462725b88723b1e8758824831ec876377b01494548a4ede25dd27c9ca2dc2dba105a126265abae00c710343bcb72bd14240cdcc37627b4a7fee15829f20e169f91391d89a6e60f1c878ce258ac927e243eaaec14e73a33348bc63bac83ab0f14627aba1a2d4d4b1bc530f00b92797d3c78e0f8e6d215965999392b3061e8b8f8c0a1e9221411787dc4dc89bec0bb94e172aeebb540404fef171e585ed0a88996ac9228e9babf
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012019c19066
-      Version: 3
-      TBS:
-        MD5: 42023b9487cafe46c1b6a49c369a362e
-        SHA1: 7c7b524d269334b9f073c32e888e09544c6acd98
-        SHA256: b7126567833f3daa4085ff41e73112daad3d1e3808a942c1936520e2d6c46c78
-        SHA384: 0ee4f63d6f157ec4f6990c3ebb411ccd76cb1e2123c7f692459e43f96c0da2dbf60a2bce6afeacc60621d3055028baea
-    - Subject: C=BE, O=GlobalSign NV, CN=GlobalSign Time Stamping Authority
-      ValidFrom: '2009-12-21 09:32:56'
-      ValidTo: '2020-12-22 09:32:56'
-      Signature: bc89ecfee63655935c79d4117a86808f17b693b26d9b91a1561811c655eaf608edad9b9ef52b81c8bbdd607b1b47991e6d403e1d80c213d58e04052fdbe7ae529e688472a1e54a603cf89bd52f46d8c3b2b79353ac9b6c432424d1f1fce9562e3411581843eaefff34746ca0c06c7fad031969881e9560cabbbd0cbb76efc724b081c63831cf36ad0c38b89020849b2e8f28b99ff6ca9427cdac396157e0e3955a9c769230f5dea6973d721c2a6032a8334d8635338a5cf3a4fdf7062ce16b4b30f5cbd34362f841b9de7d20cb058c8e2cf65f35fd338d42896508362ca389f45a858bb0b97bdb6ccba1f8d20e1bbb977cd12779be9d7c3be6a75634d8c991a9
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 01000000000125b0b4cc01
-      Version: 3
-      TBS:
-        MD5: e3369c8e5aec0504b3a50455f615d9f9
-        SHA1: 13c244a894b40ecd18aaf97c362f20385bd005a7
-        SHA256: 26da721a670c72836926032fee6920118bfb9bff89cc8d0ce30d9452c33f2532
-        SHA384: 1524902f0e25addc6d74039d439366d2b06199e215004fd8e145369f50ea94a021ce6312e8a62b35470da0309ccb975c
-    - Subject: C=US, ST=California, L=Brea, O=EVGA, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=EVGA
-      ValidFrom: '2010-04-14 00:00:00'
-      ValidTo: '2012-04-15 23:59:59'
-      Signature: ba96817224593697c9135d803c5fc87767f2a7ed8fa0aa18eab4030a3daed18c55fb7eda8835d0488d18136c0db39d8edf3224790842cdf8580b35324631de717e9279d28d605285615341aeea10a73005d59cbe3138bebfa5003cbcf2971249423d820d6d252a18bf4dd124a1ac0c2f66015cbb23690e1b0fb9d5ce3f047663f1fb6735e54f09cfb6162da298bdc956490586cfdadee74a5766c187223e19112d22f59c7f3f325449afebc42689ec4c9399bd0d97397c37230804a4e5bc17e904008aa9c5972e2332302e57648006d057c9ed8c6384fb42d138971c86079b155c202733b837b3eef122c866ce3e6d8a8d9f1685e618cc2466d623d212b73df6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 79c32d7ddd2458cf2eabe5b1b5c5290f
-      Version: 3
-      TBS:
-        MD5: 5ba772ec00357ae706016510775c7a00
-        SHA1: eeb31b244ea14abae1e947ecdca0d6ae4720031b
-        SHA256: c8e707c2615c26ac78ed06b42dd20bc8ff82bc5e02ddafe2c9af85755097691b
-        SHA384: a1d6af64a5eb3841d632438119fc954354caf3ccea61b69003a7fc9da166a9c653dc0359be2ae2463bffb7b53b0911ac
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 79c32d7ddd2458cf2eabe5b1b5c5290f
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  Imphash: 690a0fb27a0c47c785d6bbbfc2e56501
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: cfe667280acf69d4b5d0e2dbc76510e4
-    SHA1: b3249bacda6e43aa2c46c2af802c9ee0b7e2fd7b
-    SHA256: 3c9829a16eb85272b0e1a2917feffaab8ddb23e633b168b389669339a0cee0b5
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2015-04-24 01:01:47'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - MmMapIoSpace
-  - __C_specific_handler
-  - ZwClose
-  - ZwUnmapViewOfSection
-  - MmUnmapIoSpace
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - RtlInitUnicodeString
-  - IoDeleteSymbolicLink
-  - IofCompleteRequest
-  - IoDeleteDevice
-  - HalSetBusDataByOffset
-  - HalTranslateBusAddress
-  - HalGetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: 027e10a5048b135862d638b9085d1402
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: ebe2ae976914018e88e9fc480e7b6269
-    SHA1: 960715bfbccb53b6c4eccca3b232b25640e15b52
-    SHA256: d755e9f3cb861f5227319238f1811265e332e36a922b9a25da38b122a791fdfa
-  SHA1: a528cdeed550844ca7d31c9e231a700b4185d0da
-  SHA256: bac1cd96ba242cdf29f8feac501110739f1524f0db1c8fcad59409e77b8928ba
-  Sections:
-    .text:
-      Entropy: 5.874422277751402
-      Virtual Size: '0x9b4'
-    .rdata:
-      Entropy: 3.0356607252090053
-      Virtual Size: '0x120'
-    .data:
-      Entropy: 2.4884950805464947
-      Virtual Size: '0x58'
-    .pdata:
-      Entropy: 2.979061917571089
-      Virtual Size: '0x54'
-    INIT:
-      Entropy: 4.523481595961036
-      Virtual Size: '0x258'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Timestamping CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2028-01-28 12:00:00'
-      Signature: 4e5e56901e46b4d94931f3bb1739281bc216ddfd41dc0905049b6fb2a29ad6992e40990055b5ea3fa52076d38634d417cc553ac782eeefa8babcd8069f1550dfcd167b523a02d7191afdaff0785ce04bc518df3a241edaacb8a95804020730dbb0125efe31bef00448f4f070f83a5e5683cf3dfb0dbcf4c5ed979db9d4dba52784e3389b8ba735864420a43b6da46a0ba183fd28ebdaef28f6cc885dfb0a3b00abe021ebe22f356c0f8e344597eba2f79933357ecb9a8abb454de73f9fc2d98afa65b26ec77e65ffe892e12c31a2f7b02736488f266f3bee4d761f79c3e57f9635bc2d0ecc01b08e7fff518080a792d4b34446648c874f166307314b63b0dff3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee152d7
-      Version: 3
-      TBS:
-        MD5: e140543fe3256027cfa79fc3c19c1776
-        SHA1: c655f94eb1ecc93de319fc0c9a2dc6c5ec063728
-        SHA256: 3ca71e85908ff67368e4dc00253f5691b9e6d50c966e7784143d75fb92aa3448
-        SHA384: d9d366f9328f2b55ee19a32cc5fd5148b81d764282fe5dc196c872ae249caa51d2c212ef39f33945dfe0cda81925e326
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=SG, O=GMO GlobalSign Pte Ltd, CN=GlobalSign TSA for MS Authenticode
-        , G2
-      ValidFrom: '2015-02-03 00:00:00'
-      ValidTo: '2026-03-03 00:00:00'
-      Signature: 8032dc078d1ca09c9d3c2ae83d218b59a14d7ecc44ce03be7eaabcc4e67b73bb4bf188da904e7537283863b9d72b0f54a956ce7739973073cd9bd9d905451c8da4b8035d4fd91c2e98e0e988e6ecd7057e562a7bf7165ba3ad8f972512841bb25c634a0ad2ef10544782843569289c0ce41f141624fa75dc74726e4ecae36a43afcf7d3648d1bde906912c2fa6c871fdcfbdd89d2198fcafdbde228cafa7f377ef9ddca3704b441af078851ef2a58c39b5dc881c37edad14f5070b26bdbe6d025eb1b8b0586c853a0df6ff5a270cc5de53e7543c564cc94e4c30f6f25cfb1a8cc282bead5991f61b4d557bcf5b01dcfd7ad36f235c32479b01f3c15114468a9b
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112106a081d33fd87ae5824cc16b52094e03
-      Version: 3
-      TBS:
-        MD5: a0ac4d48fe852f7b3ed4e623d59a825f
-        SHA1: d4db9846bc4d7db142eeb364286f6de7c102420c
-        SHA256: 78d2e41a13eb4e9171bae2d2adb192cf39210b5231f77cda936bcfbe8c003bdf
-        SHA384: 990ed96dca5979deeedc98a012279f04efb5559d7e7f5084a12f3802ee9439326557aecefd081cff739b78515b5d7f50
-    - Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL CO.,
-        LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL CO.,
-        LTD.
-      ValidFrom: '2014-06-03 09:16:15'
-      ValidTo: '2017-09-03 09:16:15'
-      Signature: 8c35a5b5d3503f50119ab8f99b07a4bb4b71cafaf983206f744545c2997ae1762032fa2d37f4780cfe83bfa999d7bcbd863dc4a51ff39978160e2e191482ae6d7f08e8ffa337c96d8c2d38ddf476a497265a890c1bbf0dee89b1abd32343889a3757732d205ba06525fa8f6e15005405a53e55cef71ac0b6af3a640e4c8aef5e950ab8a8b5c8bcddb2ade96ad9473a3d860ae16fdbe3362cabfd916da089167d906d378dbf4534f7ffb77d87baba29f8f5bbbd9b4b7c127ac170a270dc7a7272d38fdf3bbadbfb448d47e5dd4d310a588666a0d66762e1b3704b1e00e39739190c02f4b981cf2d27ba07d2472ec320edf29e263f26278995d162102968c999b3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112158044863e4dc19cf29a85668b7f45842
-      Version: 3
-      TBS:
-        MD5: 403bb44a62aed1a94bd5df05b3292482
-        SHA1: e4a0353e75940ab1e8cbff2f433f186c7f0b0f09
-        SHA256: 5b81998ed98b343c04134c336e03f3051779eae0e9f882e8339593d18556375d
-        SHA384: db0076cad41a0ef4ea68754ef6905bd5ff772adcb745b05c0060344e43588abc95952dc3ad272f5a8f17b206e4089aca
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112158044863e4dc19cf29a85668b7f45842
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: cde9174249f04dad0f79890c976c0792
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: a17d227444e090ff69e24fcb6d43162b
-    SHA1: 43d3a3c1f7b14cfcc051cae2534dbbbb4c7fc120
-    SHA256: b8eb26b6f79020ae988e4fb752dc06e1b6779749bf4f8df2872fc2b92bab8020
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2005-05-25 00:39:12'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - RtlInitUnicodeString
-  - ZwClose
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - IoDeleteSymbolicLink
-  - IofCompleteRequest
-  - MmIsAddressValid
-  - ZwUnmapViewOfSection
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - __C_specific_handler
-  - IoDeleteDevice
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: 592065b29131af32aa18a9e546be9617
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: deb9c1e252f598099d70d2b33a313da3
-    SHA1: f0c2801e0091ed6f5e10ea7045e911aa90030290
-    SHA256: 914fb9761d50c3fa2ecf9fbd8af3735f9b8d6c4903e067c8af9546e79b6f22c7
-  SHA1: 079627e0f5b1ad1fb3fe64038a09bc6e8b8d289d
-  SHA256: f9bc6b2d5822c5b3a7b1023adceb25b47b41e664347860be4603ee81b644590e
-  Sections:
-    .text:
-      Entropy: 5.7214393917162045
-      Virtual Size: '0xc74'
-    .rdata:
-      Entropy: 3.4063014058939425
-      Virtual Size: '0x130'
-    .data:
-      Entropy: 2.4884950805464947
-      Virtual Size: '0x58'
-    .pdata:
-      Entropy: 3.1879942043708462
-      Virtual Size: '0x60'
-    INIT:
-      Entropy: 4.4494366822955245
-      Virtual Size: '0x202'
-  Signature: ''
-  Signatures: {}
-  Imphash: 543f80399f79401471523d335ea61642
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: a17d227444e090ff69e24fcb6d43162b
-    SHA1: 43d3a3c1f7b14cfcc051cae2534dbbbb4c7fc120
-    SHA256: b8eb26b6f79020ae988e4fb752dc06e1b6779749bf4f8df2872fc2b92bab8020
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2005-05-25 00:39:12'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - RtlInitUnicodeString
-  - ZwClose
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - IoDeleteSymbolicLink
-  - IofCompleteRequest
-  - MmIsAddressValid
-  - ZwUnmapViewOfSection
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - __C_specific_handler
-  - IoDeleteDevice
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: ada5f19423f91795c0372ff39d745acf
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: deb9c1e252f598099d70d2b33a313da3
-    SHA1: f0c2801e0091ed6f5e10ea7045e911aa90030290
-    SHA256: 914fb9761d50c3fa2ecf9fbd8af3735f9b8d6c4903e067c8af9546e79b6f22c7
-  SHA1: dd893cd3520b2015790f7f48023d833f8fe81374
-  SHA256: 613d6cc154586c21b330018142a89eac4504e185f0be7f86af975e5b6c046c55
-  Sections:
-    .text:
-      Entropy: 5.7214393917162045
-      Virtual Size: '0xc74'
-    .rdata:
-      Entropy: 3.4063014058939425
-      Virtual Size: '0x130'
-    .data:
-      Entropy: 2.4884950805464947
-      Virtual Size: '0x58'
-    .pdata:
-      Entropy: 3.1879942043708462
-      Virtual Size: '0x60'
-    INIT:
-      Entropy: 4.4494366822955245
-      Virtual Size: '0x202'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: CN=GlobalSign RootSign Partners CA, OU=RootSign Partners CA, O=GlobalSign
-        nv,sa, C=BE
-      ValidFrom: '2003-12-16 13:00:00'
-      ValidTo: '2014-01-27 11:00:00'
-      Signature: 5c2f2e674a26b3e7b53f353cdda003ed569af9443752163065c7d14ea20f8db7b6b6678ee74cec8d95bee6cea7227874acd7f87499b3f7ce8b1338d596cc8d76c52f38b23aae61be0b8799e321626423398d84f6858df777ffb03806f07ec1485fb5ee582606660522749283a7dbb5f992e3e8c3192c2e63efbb1fdff9f70747660d0789977ef8332c9ecbae143df11cdfa3f179afc8928f9471c4d144c554db1eb50b0aa942a3afd643391dee8f9398585bbe6e9c0bf563ec5e99c2f954fa010746da0db06424cf8ed1061d4f3ca26377455ba4bc5fb080bb31e00b54015c161d724ed52a6947d11b667e5f016ef135916be02efeb045d81627b5c58bc2da53
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 040000000000f97faa2e1e
-      Version: 3
-      TBS:
-        MD5: 59466cb0c1788b2f251fce3495837102
-        SHA1: c5cfc5f6a131a3a77c3905c9893c99bb1b2baa0b
-        SHA256: eedda02668f7636eeec69429a7164cc47ca3de0539122d37f5b8078df7ee56db
-        SHA384: 982b72c3ee7066ce80ee642444c91adc60e7009fc6ef981a32edf666591d6aedb09d258e10e86f4ef265eae8149bbd92
-    - Subject: O=GlobalSign, CN=GlobalSign Time Stamping Authority, emailAddress=timestampinfo@globalsign.com
-      ValidFrom: '2007-02-05 09:00:00'
-      ValidTo: '2014-01-27 09:00:00'
-      Signature: 649b07caaccc411e37ef6f349cb5e8ca48f9daeafaf7172e5cad193b7311ec5adbfd7b213161c092515bb166b07c64d8fe10b471a8bc9e75379c5f6ff2da0437b8ecc003e256b7785995581d7a7c3e18d74c32bdf91ee723457fdee08d65825b45fd64c66fc3d7ea12411d0c395ef696f8c3cd9e1fff51886976988b8eb42788821ad63c7aabb04eb73ee8d434d2c1a439533cb2747b15373054a6ebb924cc2f084b4364f14aaf8d9ce8546cb2dbdc3bb1c722849f558e72a8b2a8f6f0ff03c996ebab8273dabe45561936fdba6cbc71f0d3c7c376d7e4bce2a1a67200cfbdb200ed92aa39ab09d16e3953862ad43b517398b754e9972d9977ee123e3642257f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000011092eb8295
-      Version: 3
-      TBS:
-        MD5: 11d73a3638fc78e0bac6c459feadcc42
-        SHA1: 6636f7dcf81b370b919966f9063295ec84422f91
-        SHA256: 1eb5fc1d2e3254b1e3c4587a6efed87ee65306525e684b4cfa4b51893cfe86a3
-        SHA384: a13c07e505c79c58654ad2cffe219c6c801fa092c52f18c489a6061420c6475706f11c200f4dadd51718c660e49b3f24
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=US, ST=California, L=Brea, O=EVGA, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=EVGA
-      ValidFrom: '2008-04-16 00:00:00'
-      ValidTo: '2010-04-16 23:59:59'
-      Signature: 13a3b8caa6bd8d63308898b0c92b79574e5d122a3ecba9758ec450b7c8c848ee5bc486db6370a8dfeb4c96c2c25512f7a3e759cc57a4d92f1a44fba15ca0c1156d22c49251b4e6a01bb93e4a62522ee5af4286c759c01c66fa5ce4452a4f112d03560bfa9737a3d0f3008b3cc48f2042b4428643f1efb4b99a34d0545c9934f1a6f35819e469430b74ba475a2135660948131cf24c9b1fb84580a1fd63eb3218d282e4f7caf77f4adbecb51e4b8237937eda0b7fcc20fc2273bf38282ee69ae6730b21c5314bcdc3f2e3a1e6f6c3ccb2139800f69d3f2fadc235080214f1c9b11e6a8f2165a45e15cca3c3542c2bac7225208a84828456d2e93cfe8315b092a1
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 546ea040bf5075ce0a5c01d4c6ded19d
-      Version: 3
-      TBS:
-        MD5: 8f51b4e16b87e1cc89b9d0c997227546
-        SHA1: 8f3cdd2b86ae03653f0612911a2f01a9dca49a22
-        SHA256: c7f57b7287c808d2713aba9e368fe387b5825bfbda1bd1824f374beaa8e30be9
-        SHA384: 70423f071aae83c68149b7fca1181f65fd5ee37b1527bb989c3c6b0af7d78b19930c8b2cb517da35f66294eba8768e37
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 546ea040bf5075ce0a5c01d4c6ded19d
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  Imphash: 543f80399f79401471523d335ea61642
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: a17d227444e090ff69e24fcb6d43162b
-    SHA1: 43d3a3c1f7b14cfcc051cae2534dbbbb4c7fc120
-    SHA256: b8eb26b6f79020ae988e4fb752dc06e1b6779749bf4f8df2872fc2b92bab8020
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2005-05-25 00:39:12'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - RtlInitUnicodeString
-  - ZwClose
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - IoDeleteSymbolicLink
-  - IofCompleteRequest
-  - MmIsAddressValid
-  - ZwUnmapViewOfSection
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - __C_specific_handler
-  - IoDeleteDevice
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: 8a108158431e9a7d08e330fd7a46d175
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: deb9c1e252f598099d70d2b33a313da3
-    SHA1: f0c2801e0091ed6f5e10ea7045e911aa90030290
-    SHA256: 914fb9761d50c3fa2ecf9fbd8af3735f9b8d6c4903e067c8af9546e79b6f22c7
-  SHA1: 27aa3f1b4baccd70d95ea75a0a3e54e735728aa2
-  SHA256: 0e10d3c73596e359462dc6bfcb886768486ff59e158f0f872d23c5e9a2f7c168
-  Sections:
-    .text:
-      Entropy: 5.7214393917162045
-      Virtual Size: '0xc74'
-    .rdata:
-      Entropy: 3.4063014058939425
-      Virtual Size: '0x130'
-    .data:
-      Entropy: 2.4884950805464947
-      Virtual Size: '0x58'
-    .pdata:
-      Entropy: 3.1879942043708462
-      Virtual Size: '0x60'
-    INIT:
-      Entropy: 4.4494366822955245
-      Virtual Size: '0x202'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: OU=Timestamping CA, O=GlobalSign, CN=GlobalSign Timestamping CA
-      ValidFrom: '2009-03-18 11:00:00'
-      ValidTo: '2028-01-28 12:00:00'
-      Signature: 5df6cb2b0d0140849f857a43706ae0c5e7aa0600d76713c9089131654f14a8a905dc389e6aa0300abd8dc78028ee4245ca94f3de5845a9803204f5595c6a70003927944df5b44634e81c5331b2b35416e9cc42abd5d959301cfb462725b88723b1e8758824831ec876377b01494548a4ede25dd27c9ca2dc2dba105a126265abae00c710343bcb72bd14240cdcc37627b4a7fee15829f20e169f91391d89a6e60f1c878ce258ac927e243eaaec14e73a33348bc63bac83ab0f14627aba1a2d4d4b1bc530f00b92797d3c78e0f8e6d215965999392b3061e8b8f8c0a1e9221411787dc4dc89bec0bb94e172aeebb540404fef171e585ed0a88996ac9228e9babf
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012019c19066
-      Version: 3
-      TBS:
-        MD5: 42023b9487cafe46c1b6a49c369a362e
-        SHA1: 7c7b524d269334b9f073c32e888e09544c6acd98
-        SHA256: b7126567833f3daa4085ff41e73112daad3d1e3808a942c1936520e2d6c46c78
-        SHA384: 0ee4f63d6f157ec4f6990c3ebb411ccd76cb1e2123c7f692459e43f96c0da2dbf60a2bce6afeacc60621d3055028baea
-    - Subject: C=BE, O=GlobalSign NV, CN=GlobalSign Time Stamping Authority
-      ValidFrom: '2009-12-21 09:32:56'
-      ValidTo: '2020-12-22 09:32:56'
-      Signature: bc89ecfee63655935c79d4117a86808f17b693b26d9b91a1561811c655eaf608edad9b9ef52b81c8bbdd607b1b47991e6d403e1d80c213d58e04052fdbe7ae529e688472a1e54a603cf89bd52f46d8c3b2b79353ac9b6c432424d1f1fce9562e3411581843eaefff34746ca0c06c7fad031969881e9560cabbbd0cbb76efc724b081c63831cf36ad0c38b89020849b2e8f28b99ff6ca9427cdac396157e0e3955a9c769230f5dea6973d721c2a6032a8334d8635338a5cf3a4fdf7062ce16b4b30f5cbd34362f841b9de7d20cb058c8e2cf65f35fd338d42896508362ca389f45a858bb0b97bdb6ccba1f8d20e1bbb977cd12779be9d7c3be6a75634d8c991a9
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 01000000000125b0b4cc01
-      Version: 3
-      TBS:
-        MD5: e3369c8e5aec0504b3a50455f615d9f9
-        SHA1: 13c244a894b40ecd18aaf97c362f20385bd005a7
-        SHA256: 26da721a670c72836926032fee6920118bfb9bff89cc8d0ce30d9452c33f2532
-        SHA384: 1524902f0e25addc6d74039d439366d2b06199e215004fd8e145369f50ea94a021ce6312e8a62b35470da0309ccb975c
-    - Subject: C=US, ST=California, L=Brea, O=EVGA, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=EVGA
-      ValidFrom: '2010-04-14 00:00:00'
-      ValidTo: '2012-04-15 23:59:59'
-      Signature: ba96817224593697c9135d803c5fc87767f2a7ed8fa0aa18eab4030a3daed18c55fb7eda8835d0488d18136c0db39d8edf3224790842cdf8580b35324631de717e9279d28d605285615341aeea10a73005d59cbe3138bebfa5003cbcf2971249423d820d6d252a18bf4dd124a1ac0c2f66015cbb23690e1b0fb9d5ce3f047663f1fb6735e54f09cfb6162da298bdc956490586cfdadee74a5766c187223e19112d22f59c7f3f325449afebc42689ec4c9399bd0d97397c37230804a4e5bc17e904008aa9c5972e2332302e57648006d057c9ed8c6384fb42d138971c86079b155c202733b837b3eef122c866ce3e6d8a8d9f1685e618cc2466d623d212b73df6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 79c32d7ddd2458cf2eabe5b1b5c5290f
-      Version: 3
-      TBS:
-        MD5: 5ba772ec00357ae706016510775c7a00
-        SHA1: eeb31b244ea14abae1e947ecdca0d6ae4720031b
-        SHA256: c8e707c2615c26ac78ed06b42dd20bc8ff82bc5e02ddafe2c9af85755097691b
-        SHA384: a1d6af64a5eb3841d632438119fc954354caf3ccea61b69003a7fc9da166a9c653dc0359be2ae2463bffb7b53b0911ac
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 79c32d7ddd2458cf2eabe5b1b5c5290f
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  Imphash: 543f80399f79401471523d335ea61642
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: a17d227444e090ff69e24fcb6d43162b
-    SHA1: 43d3a3c1f7b14cfcc051cae2534dbbbb4c7fc120
-    SHA256: b8eb26b6f79020ae988e4fb752dc06e1b6779749bf4f8df2872fc2b92bab8020
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2005-05-25 00:39:12'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - RtlInitUnicodeString
-  - ZwClose
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - IoDeleteSymbolicLink
-  - IofCompleteRequest
-  - MmIsAddressValid
-  - ZwUnmapViewOfSection
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - __C_specific_handler
-  - IoDeleteDevice
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: c475c7d0f2d934f150b6c32c01479134
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: deb9c1e252f598099d70d2b33a313da3
-    SHA1: f0c2801e0091ed6f5e10ea7045e911aa90030290
-    SHA256: 914fb9761d50c3fa2ecf9fbd8af3735f9b8d6c4903e067c8af9546e79b6f22c7
-  SHA1: 2739c2cfa8306e6f78c335c55639566b3d450644
-  SHA256: 54bf602a6f1baaec5809a630a5c33f76f1c3147e4b05cecf17b96a93b1d41dca
-  Sections:
-    .text:
-      Entropy: 5.7214393917162045
-      Virtual Size: '0xc74'
-    .rdata:
-      Entropy: 3.4063014058939425
-      Virtual Size: '0x130'
-    .data:
-      Entropy: 2.4884950805464947
-      Virtual Size: '0x58'
-    .pdata:
-      Entropy: 3.1879942043708462
-      Virtual Size: '0x60'
-    INIT:
-      Entropy: 4.4494366822955245
-      Virtual Size: '0x202'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: OU=Timestamping CA, O=GlobalSign, CN=GlobalSign Timestamping CA
-      ValidFrom: '2009-03-18 11:00:00'
-      ValidTo: '2028-01-28 12:00:00'
-      Signature: 5df6cb2b0d0140849f857a43706ae0c5e7aa0600d76713c9089131654f14a8a905dc389e6aa0300abd8dc78028ee4245ca94f3de5845a9803204f5595c6a70003927944df5b44634e81c5331b2b35416e9cc42abd5d959301cfb462725b88723b1e8758824831ec876377b01494548a4ede25dd27c9ca2dc2dba105a126265abae00c710343bcb72bd14240cdcc37627b4a7fee15829f20e169f91391d89a6e60f1c878ce258ac927e243eaaec14e73a33348bc63bac83ab0f14627aba1a2d4d4b1bc530f00b92797d3c78e0f8e6d215965999392b3061e8b8f8c0a1e9221411787dc4dc89bec0bb94e172aeebb540404fef171e585ed0a88996ac9228e9babf
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012019c19066
-      Version: 3
-      TBS:
-        MD5: 42023b9487cafe46c1b6a49c369a362e
-        SHA1: 7c7b524d269334b9f073c32e888e09544c6acd98
-        SHA256: b7126567833f3daa4085ff41e73112daad3d1e3808a942c1936520e2d6c46c78
-        SHA384: 0ee4f63d6f157ec4f6990c3ebb411ccd76cb1e2123c7f692459e43f96c0da2dbf60a2bce6afeacc60621d3055028baea
-    - Subject: C=BE, O=GlobalSign NV, CN=GlobalSign Time Stamping Authority
-      ValidFrom: '2009-12-21 09:32:56'
-      ValidTo: '2020-12-22 09:32:56'
-      Signature: bc89ecfee63655935c79d4117a86808f17b693b26d9b91a1561811c655eaf608edad9b9ef52b81c8bbdd607b1b47991e6d403e1d80c213d58e04052fdbe7ae529e688472a1e54a603cf89bd52f46d8c3b2b79353ac9b6c432424d1f1fce9562e3411581843eaefff34746ca0c06c7fad031969881e9560cabbbd0cbb76efc724b081c63831cf36ad0c38b89020849b2e8f28b99ff6ca9427cdac396157e0e3955a9c769230f5dea6973d721c2a6032a8334d8635338a5cf3a4fdf7062ce16b4b30f5cbd34362f841b9de7d20cb058c8e2cf65f35fd338d42896508362ca389f45a858bb0b97bdb6ccba1f8d20e1bbb977cd12779be9d7c3be6a75634d8c991a9
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 01000000000125b0b4cc01
-      Version: 3
-      TBS:
-        MD5: e3369c8e5aec0504b3a50455f615d9f9
-        SHA1: 13c244a894b40ecd18aaf97c362f20385bd005a7
-        SHA256: 26da721a670c72836926032fee6920118bfb9bff89cc8d0ce30d9452c33f2532
-        SHA384: 1524902f0e25addc6d74039d439366d2b06199e215004fd8e145369f50ea94a021ce6312e8a62b35470da0309ccb975c
-    - Subject: C=US, ST=California, L=Brea, O=EVGA, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=EVGA
-      ValidFrom: '2010-04-14 00:00:00'
-      ValidTo: '2012-04-15 23:59:59'
-      Signature: ba96817224593697c9135d803c5fc87767f2a7ed8fa0aa18eab4030a3daed18c55fb7eda8835d0488d18136c0db39d8edf3224790842cdf8580b35324631de717e9279d28d605285615341aeea10a73005d59cbe3138bebfa5003cbcf2971249423d820d6d252a18bf4dd124a1ac0c2f66015cbb23690e1b0fb9d5ce3f047663f1fb6735e54f09cfb6162da298bdc956490586cfdadee74a5766c187223e19112d22f59c7f3f325449afebc42689ec4c9399bd0d97397c37230804a4e5bc17e904008aa9c5972e2332302e57648006d057c9ed8c6384fb42d138971c86079b155c202733b837b3eef122c866ce3e6d8a8d9f1685e618cc2466d623d212b73df6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 79c32d7ddd2458cf2eabe5b1b5c5290f
-      Version: 3
-      TBS:
-        MD5: 5ba772ec00357ae706016510775c7a00
-        SHA1: eeb31b244ea14abae1e947ecdca0d6ae4720031b
-        SHA256: c8e707c2615c26ac78ed06b42dd20bc8ff82bc5e02ddafe2c9af85755097691b
-        SHA384: a1d6af64a5eb3841d632438119fc954354caf3ccea61b69003a7fc9da166a9c653dc0359be2ae2463bffb7b53b0911ac
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 79c32d7ddd2458cf2eabe5b1b5c5290f
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  Imphash: 543f80399f79401471523d335ea61642
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: a17d227444e090ff69e24fcb6d43162b
-    SHA1: 43d3a3c1f7b14cfcc051cae2534dbbbb4c7fc120
-    SHA256: b8eb26b6f79020ae988e4fb752dc06e1b6779749bf4f8df2872fc2b92bab8020
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2005-05-25 00:39:12'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - RtlInitUnicodeString
-  - ZwClose
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - IoDeleteSymbolicLink
-  - IofCompleteRequest
-  - MmIsAddressValid
-  - ZwUnmapViewOfSection
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - __C_specific_handler
-  - IoDeleteDevice
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: 79b8119b012352d255961e76605567d6
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: deb9c1e252f598099d70d2b33a313da3
-    SHA1: f0c2801e0091ed6f5e10ea7045e911aa90030290
-    SHA256: 914fb9761d50c3fa2ecf9fbd8af3735f9b8d6c4903e067c8af9546e79b6f22c7
-  SHA1: ea63567ea8d168cb6e9aae705b80a09f927b2f77
-  SHA256: 7149fbd191d7e4941a32a3118ab017426b551d5d369f20c94c4f36ae4ef54f26
-  Sections:
-    .text:
-      Entropy: 5.7214393917162045
-      Virtual Size: '0xc74'
-    .rdata:
-      Entropy: 3.4063014058939425
-      Virtual Size: '0x130'
-    .data:
-      Entropy: 2.4884950805464947
-      Virtual Size: '0x58'
-    .pdata:
-      Entropy: 3.1879942043708462
-      Virtual Size: '0x60'
-    INIT:
-      Entropy: 4.4494366822955245
-      Virtual Size: '0x202'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: CN=GlobalSign RootSign Partners CA, OU=RootSign Partners CA, O=GlobalSign
-        nv,sa, C=BE
-      ValidFrom: '2003-12-16 13:00:00'
-      ValidTo: '2014-01-27 11:00:00'
-      Signature: 5c2f2e674a26b3e7b53f353cdda003ed569af9443752163065c7d14ea20f8db7b6b6678ee74cec8d95bee6cea7227874acd7f87499b3f7ce8b1338d596cc8d76c52f38b23aae61be0b8799e321626423398d84f6858df777ffb03806f07ec1485fb5ee582606660522749283a7dbb5f992e3e8c3192c2e63efbb1fdff9f70747660d0789977ef8332c9ecbae143df11cdfa3f179afc8928f9471c4d144c554db1eb50b0aa942a3afd643391dee8f9398585bbe6e9c0bf563ec5e99c2f954fa010746da0db06424cf8ed1061d4f3ca26377455ba4bc5fb080bb31e00b54015c161d724ed52a6947d11b667e5f016ef135916be02efeb045d81627b5c58bc2da53
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 040000000000f97faa2e1e
-      Version: 3
-      TBS:
-        MD5: 59466cb0c1788b2f251fce3495837102
-        SHA1: c5cfc5f6a131a3a77c3905c9893c99bb1b2baa0b
-        SHA256: eedda02668f7636eeec69429a7164cc47ca3de0539122d37f5b8078df7ee56db
-        SHA384: 982b72c3ee7066ce80ee642444c91adc60e7009fc6ef981a32edf666591d6aedb09d258e10e86f4ef265eae8149bbd92
-    - Subject: O=GlobalSign, CN=GlobalSign Time Stamping Authority, emailAddress=timestampinfo@globalsign.com
-      ValidFrom: '2007-02-05 09:00:00'
-      ValidTo: '2014-01-27 09:00:00'
-      Signature: 649b07caaccc411e37ef6f349cb5e8ca48f9daeafaf7172e5cad193b7311ec5adbfd7b213161c092515bb166b07c64d8fe10b471a8bc9e75379c5f6ff2da0437b8ecc003e256b7785995581d7a7c3e18d74c32bdf91ee723457fdee08d65825b45fd64c66fc3d7ea12411d0c395ef696f8c3cd9e1fff51886976988b8eb42788821ad63c7aabb04eb73ee8d434d2c1a439533cb2747b15373054a6ebb924cc2f084b4364f14aaf8d9ce8546cb2dbdc3bb1c722849f558e72a8b2a8f6f0ff03c996ebab8273dabe45561936fdba6cbc71f0d3c7c376d7e4bce2a1a67200cfbdb200ed92aa39ab09d16e3953862ad43b517398b754e9972d9977ee123e3642257f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000011092eb8295
-      Version: 3
-      TBS:
-        MD5: 11d73a3638fc78e0bac6c459feadcc42
-        SHA1: 6636f7dcf81b370b919966f9063295ec84422f91
-        SHA256: 1eb5fc1d2e3254b1e3c4587a6efed87ee65306525e684b4cfa4b51893cfe86a3
-        SHA384: a13c07e505c79c58654ad2cffe219c6c801fa092c52f18c489a6061420c6475706f11c200f4dadd51718c660e49b3f24
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=US, ST=California, L=Brea, O=EVGA, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=EVGA
-      ValidFrom: '2008-04-16 00:00:00'
-      ValidTo: '2010-04-16 23:59:59'
-      Signature: 13a3b8caa6bd8d63308898b0c92b79574e5d122a3ecba9758ec450b7c8c848ee5bc486db6370a8dfeb4c96c2c25512f7a3e759cc57a4d92f1a44fba15ca0c1156d22c49251b4e6a01bb93e4a62522ee5af4286c759c01c66fa5ce4452a4f112d03560bfa9737a3d0f3008b3cc48f2042b4428643f1efb4b99a34d0545c9934f1a6f35819e469430b74ba475a2135660948131cf24c9b1fb84580a1fd63eb3218d282e4f7caf77f4adbecb51e4b8237937eda0b7fcc20fc2273bf38282ee69ae6730b21c5314bcdc3f2e3a1e6f6c3ccb2139800f69d3f2fadc235080214f1c9b11e6a8f2165a45e15cca3c3542c2bac7225208a84828456d2e93cfe8315b092a1
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 546ea040bf5075ce0a5c01d4c6ded19d
-      Version: 3
-      TBS:
-        MD5: 8f51b4e16b87e1cc89b9d0c997227546
-        SHA1: 8f3cdd2b86ae03653f0612911a2f01a9dca49a22
-        SHA256: c7f57b7287c808d2713aba9e368fe387b5825bfbda1bd1824f374beaa8e30be9
-        SHA384: 70423f071aae83c68149b7fca1181f65fd5ee37b1527bb989c3c6b0af7d78b19930c8b2cb517da35f66294eba8768e37
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 546ea040bf5075ce0a5c01d4c6ded19d
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  Imphash: 543f80399f79401471523d335ea61642
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: a17d227444e090ff69e24fcb6d43162b
-    SHA1: 43d3a3c1f7b14cfcc051cae2534dbbbb4c7fc120
-    SHA256: b8eb26b6f79020ae988e4fb752dc06e1b6779749bf4f8df2872fc2b92bab8020
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2005-05-25 00:39:12'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - RtlInitUnicodeString
-  - ZwClose
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - IoDeleteSymbolicLink
-  - IofCompleteRequest
-  - MmIsAddressValid
-  - ZwUnmapViewOfSection
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - __C_specific_handler
-  - IoDeleteDevice
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: 6fb3d42a4f07d8115d59eb2ea6504de5
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: deb9c1e252f598099d70d2b33a313da3
-    SHA1: f0c2801e0091ed6f5e10ea7045e911aa90030290
-    SHA256: 914fb9761d50c3fa2ecf9fbd8af3735f9b8d6c4903e067c8af9546e79b6f22c7
-  SHA1: f56186b6a7aa3dd7832c9d821f9d2d93bc2a9360
-  SHA256: 67e9d1f6f7ed58d86b025d3578cb7a3f3c389b9dd425b7f46bb1056e83bffc78
-  Sections:
-    .text:
-      Entropy: 5.7214393917162045
-      Virtual Size: '0xc74'
-    .rdata:
-      Entropy: 3.4063014058939425
-      Virtual Size: '0x130'
-    .data:
-      Entropy: 2.4884950805464947
-      Virtual Size: '0x58'
-    .pdata:
-      Entropy: 3.1879942043708462
-      Virtual Size: '0x60'
-    INIT:
-      Entropy: 4.4494366822955245
-      Virtual Size: '0x202'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
-        Primary Object Publishing CA
-      ValidFrom: '1999-01-28 12:00:00'
-      ValidTo: '2014-01-27 11:00:00'
-      Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9611cd6
-      Version: 3
-      TBS:
-        MD5: 698f075151097d84c0b1f3e7bc3d6fca
-        SHA1: 041750993d7c9e063f02dfe74699598640911aab
-        SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
-        SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
-    - Subject: C=TW, O=Micro,Star Int'l Co. Ltd., CN=Micro,Star Int'l Co. Ltd.
-      ValidFrom: '2008-08-28 09:49:45'
-      ValidTo: '2011-08-28 09:49:45'
-      Signature: 572df373e9b036711b3cf5ee882e5d75d8d50f012407cf0c1b554ff8f41c7b6477fa0b2ad579f2c1fe7b8b9d7374b690527c219eb979686fb67d0b4cf2885d8d7d1261f05cb72fe4c9f294c52aa05f3e5d1ceb0d77085dbd6af07978032505da666f353283a8982af26985e69c1599479945b591124183574b8a4cc34caa62e31b523dac3fedbd04951b3661399ed34f5c5868d9bbe3295fc09890d9521e1cdcae2ff129f547d4c8ce8aa08616107c555fac60e5b63c14ddfeb6962af3608b75d9c77c69260d8af9775b83afaa15b8ecef6840cb4ee87d451f9042b49735ea40931c0664c8c2bf6a139db6ac5b90edcea63a6bf5b54978f027b1046170d476d0
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0100000000011c08b7f67e
-      Version: 3
-      TBS:
-        MD5: 4566c37f56f951a0ce5b4ae966c0ea9f
-        SHA1: a51cbf2834eb6f8535bc5e44913a9ec979379782
-        SHA256: 88a8e9a799af515b9223e4cdf24d0ef1e72f12124be02786f026a3c26317b417
-        SHA384: d8d8769d5b6a0fe7c56fcde24c735475ee0e5d01c63dbf7690cdae5a3e251818bed42443d0c6424d39e81a19d6c83bdb
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      ValidFrom: '2004-01-22 09:00:00'
-      ValidTo: '2014-01-27 10:00:00'
-      Signature: 3c4a010267edf20a2e736e40252f1dccbc2db652141b27122cf1229e190a89b6ef352a29152b1a88c20f37168d2602d5e93080f608b9939ac0498f332c3035ff4ab9892aa75c38e761a778fe22851a07b4b9edcf21f25ddedff329c5d38d9e14c4285c88e590a300442912b23e759540244a6beee2d0ef862ddf6d741a4f1cc79424c443464f7b81015d23733cd9752e995361565e7ccd13e237d222e570f8a743f6154147fda24702c43651ca545da6cdcad61817533ff1d38e0f0aafda17941657a0991431c90e1611d2c04ca2a25978fbb6b933cff763c9d2c4c84953dd8a59525e7d3b385eed220360ac85cd58325dcdc31c07fa7ef67efbc8ac378be498
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000117ab50b915
-      Version: 3
-      TBS:
-        MD5: 5686b287d716c4d2428b092c4ef30f9c
-        SHA1: 306fb5fbeb3d531510bb4b663c4fd48adc121e14
-        SHA256: 60846fc990e271a707cd2d53d0bb21834a04f7652214aa0c12597ff6649d352d
-        SHA384: 6b37b28ca97b32a31b0fa53b5e961ae0f2d1aae2c5bf46de132e57834ee3968d9af7ad204821f9389cc4e0b5a8481fe8
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 0100000000011c08b7f67e
-      Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      Version: 1
-  Imphash: 543f80399f79401471523d335ea61642
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: a17d227444e090ff69e24fcb6d43162b
-    SHA1: 43d3a3c1f7b14cfcc051cae2534dbbbb4c7fc120
-    SHA256: b8eb26b6f79020ae988e4fb752dc06e1b6779749bf4f8df2872fc2b92bab8020
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2005-05-25 00:39:12'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - RtlInitUnicodeString
-  - ZwClose
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - IoDeleteSymbolicLink
-  - IofCompleteRequest
-  - MmIsAddressValid
-  - ZwUnmapViewOfSection
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - __C_specific_handler
-  - IoDeleteDevice
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: 700e9902b0a28979724582f116288bad
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: deb9c1e252f598099d70d2b33a313da3
-    SHA1: f0c2801e0091ed6f5e10ea7045e911aa90030290
-    SHA256: 914fb9761d50c3fa2ecf9fbd8af3735f9b8d6c4903e067c8af9546e79b6f22c7
-  SHA1: 38a863bcd37c9c56d53274753d5b0e614ba6c8bb
-  SHA256: f48f31bf9c6abbd44124b66bce2ab1200176e31ef1e901733761f2b5ceb60fb2
-  Sections:
-    .text:
-      Entropy: 5.7214393917162045
-      Virtual Size: '0xc74'
-    .rdata:
-      Entropy: 3.4063014058939425
-      Virtual Size: '0x130'
-    .data:
-      Entropy: 2.4884950805464947
-      Virtual Size: '0x58'
-    .pdata:
-      Entropy: 3.1879942043708462
-      Virtual Size: '0x60'
-    INIT:
-      Entropy: 4.4494366822955245
-      Virtual Size: '0x202'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
-        Primary Object Publishing CA
-      ValidFrom: '1999-01-28 12:00:00'
-      ValidTo: '2014-01-27 11:00:00'
-      Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9611cd6
-      Version: 3
-      TBS:
-        MD5: 698f075151097d84c0b1f3e7bc3d6fca
-        SHA1: 041750993d7c9e063f02dfe74699598640911aab
-        SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
-        SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
-    - Subject: C=TW, O=Micro,Star Int'l Co. Ltd., CN=Micro,Star Int'l Co. Ltd.
-      ValidFrom: '2008-08-28 09:49:45'
-      ValidTo: '2011-08-28 09:49:45'
-      Signature: 572df373e9b036711b3cf5ee882e5d75d8d50f012407cf0c1b554ff8f41c7b6477fa0b2ad579f2c1fe7b8b9d7374b690527c219eb979686fb67d0b4cf2885d8d7d1261f05cb72fe4c9f294c52aa05f3e5d1ceb0d77085dbd6af07978032505da666f353283a8982af26985e69c1599479945b591124183574b8a4cc34caa62e31b523dac3fedbd04951b3661399ed34f5c5868d9bbe3295fc09890d9521e1cdcae2ff129f547d4c8ce8aa08616107c555fac60e5b63c14ddfeb6962af3608b75d9c77c69260d8af9775b83afaa15b8ecef6840cb4ee87d451f9042b49735ea40931c0664c8c2bf6a139db6ac5b90edcea63a6bf5b54978f027b1046170d476d0
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0100000000011c08b7f67e
-      Version: 3
-      TBS:
-        MD5: 4566c37f56f951a0ce5b4ae966c0ea9f
-        SHA1: a51cbf2834eb6f8535bc5e44913a9ec979379782
-        SHA256: 88a8e9a799af515b9223e4cdf24d0ef1e72f12124be02786f026a3c26317b417
-        SHA384: d8d8769d5b6a0fe7c56fcde24c735475ee0e5d01c63dbf7690cdae5a3e251818bed42443d0c6424d39e81a19d6c83bdb
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      ValidFrom: '2004-01-22 09:00:00'
-      ValidTo: '2014-01-27 10:00:00'
-      Signature: 3c4a010267edf20a2e736e40252f1dccbc2db652141b27122cf1229e190a89b6ef352a29152b1a88c20f37168d2602d5e93080f608b9939ac0498f332c3035ff4ab9892aa75c38e761a778fe22851a07b4b9edcf21f25ddedff329c5d38d9e14c4285c88e590a300442912b23e759540244a6beee2d0ef862ddf6d741a4f1cc79424c443464f7b81015d23733cd9752e995361565e7ccd13e237d222e570f8a743f6154147fda24702c43651ca545da6cdcad61817533ff1d38e0f0aafda17941657a0991431c90e1611d2c04ca2a25978fbb6b933cff763c9d2c4c84953dd8a59525e7d3b385eed220360ac85cd58325dcdc31c07fa7ef67efbc8ac378be498
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000117ab50b915
-      Version: 3
-      TBS:
-        MD5: 5686b287d716c4d2428b092c4ef30f9c
-        SHA1: 306fb5fbeb3d531510bb4b663c4fd48adc121e14
-        SHA256: 60846fc990e271a707cd2d53d0bb21834a04f7652214aa0c12597ff6649d352d
-        SHA384: 6b37b28ca97b32a31b0fa53b5e961ae0f2d1aae2c5bf46de132e57834ee3968d9af7ad204821f9389cc4e0b5a8481fe8
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 0100000000011c08b7f67e
-      Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      Version: 1
-  Imphash: 543f80399f79401471523d335ea61642
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 55466195f0b2f4afc4243b43a806e6d9
-    SHA1: 38b353d8480885de5dcf299deca99ce4f26a1d20
-    SHA256: 5182caf10de9cec0740ecde5a081c21cdc100d7eb328ffe6f3f63183889fec6b
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2011-09-06 06:24:50'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - RtlInitUnicodeString
-  - ZwClose
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - MmMapIoSpace
-  - IoDeleteSymbolicLink
-  - IofCompleteRequest
-  - ZwUnmapViewOfSection
-  - MmUnmapIoSpace
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - __C_specific_handler
-  - IoDeleteDevice
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: ef5ba21690c2f4ba7e62bf022b2df1f7
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 59080883b71fd56bbf10ec0ae4b6bdd4
-    SHA1: 503a36a225568553cc9b05f63b3506c6ff21e12e
-    SHA256: bc812d4ddc3ecfbf38c4d0d185e368fc58bac6e07f722db032bf6303daa7c946
-  SHA1: dd49a71f158c879fb8d607cc558b507c7c8bc5b9
-  SHA256: c181ce9a57e8d763db89ba7c45702a8cf66ef1bb58e3f21874cf0265711f886b
-  Sections:
-    .text:
-      Entropy: 5.866767422382319
-      Virtual Size: '0x8b4'
-    .rdata:
-      Entropy: 3.095201756852517
-      Virtual Size: '0x110'
-    .data:
-      Entropy: 2.4884950805464947
-      Virtual Size: '0x58'
-    .pdata:
-      Entropy: 3.045843351790575
-      Virtual Size: '0x54'
-    INIT:
-      Entropy: 4.468159720315432
-      Virtual Size: '0x218'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: OU=Timestamping CA, O=GlobalSign, CN=GlobalSign Timestamping CA
-      ValidFrom: '2009-03-18 11:00:00'
-      ValidTo: '2028-01-28 12:00:00'
-      Signature: 5df6cb2b0d0140849f857a43706ae0c5e7aa0600d76713c9089131654f14a8a905dc389e6aa0300abd8dc78028ee4245ca94f3de5845a9803204f5595c6a70003927944df5b44634e81c5331b2b35416e9cc42abd5d959301cfb462725b88723b1e8758824831ec876377b01494548a4ede25dd27c9ca2dc2dba105a126265abae00c710343bcb72bd14240cdcc37627b4a7fee15829f20e169f91391d89a6e60f1c878ce258ac927e243eaaec14e73a33348bc63bac83ab0f14627aba1a2d4d4b1bc530f00b92797d3c78e0f8e6d215965999392b3061e8b8f8c0a1e9221411787dc4dc89bec0bb94e172aeebb540404fef171e585ed0a88996ac9228e9babf
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012019c19066
-      Version: 3
-      TBS:
-        MD5: 42023b9487cafe46c1b6a49c369a362e
-        SHA1: 7c7b524d269334b9f073c32e888e09544c6acd98
-        SHA256: b7126567833f3daa4085ff41e73112daad3d1e3808a942c1936520e2d6c46c78
-        SHA384: 0ee4f63d6f157ec4f6990c3ebb411ccd76cb1e2123c7f692459e43f96c0da2dbf60a2bce6afeacc60621d3055028baea
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=BE, O=GlobalSign NV, CN=GlobalSign Time Stamping Authority
-      ValidFrom: '2009-12-21 09:32:56'
-      ValidTo: '2020-12-22 09:32:56'
-      Signature: bc89ecfee63655935c79d4117a86808f17b693b26d9b91a1561811c655eaf608edad9b9ef52b81c8bbdd607b1b47991e6d403e1d80c213d58e04052fdbe7ae529e688472a1e54a603cf89bd52f46d8c3b2b79353ac9b6c432424d1f1fce9562e3411581843eaefff34746ca0c06c7fad031969881e9560cabbbd0cbb76efc724b081c63831cf36ad0c38b89020849b2e8f28b99ff6ca9427cdac396157e0e3955a9c769230f5dea6973d721c2a6032a8334d8635338a5cf3a4fdf7062ce16b4b30f5cbd34362f841b9de7d20cb058c8e2cf65f35fd338d42896508362ca389f45a858bb0b97bdb6ccba1f8d20e1bbb977cd12779be9d7c3be6a75634d8c991a9
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 01000000000125b0b4cc01
-      Version: 3
-      TBS:
-        MD5: e3369c8e5aec0504b3a50455f615d9f9
-        SHA1: 13c244a894b40ecd18aaf97c362f20385bd005a7
-        SHA256: 26da721a670c72836926032fee6920118bfb9bff89cc8d0ce30d9452c33f2532
-        SHA384: 1524902f0e25addc6d74039d439366d2b06199e215004fd8e145369f50ea94a021ce6312e8a62b35470da0309ccb975c
-    - Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL CO.,
-        LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL CO.,
-        LTD.
-      ValidFrom: '2011-08-30 06:46:09'
-      ValidTo: '2014-08-30 06:46:09'
-      Signature: 87bf57ab7ffd7e005076b34b14ddd924045ec7e389871661794f1ece1bef10e050893b28236cb650af1415f8cd95e86c2052d93311d73e0bbe6fb1c22ddea438a93c8b18bd4b8c0f81ad07032efb46d406bbaa730dd3ac92cbf0d9cc711a397a0e0320b213a5161e6be83ec69967a712b463129ea56d5a8ecd3ff8901be09dfaa0a0f10e879b307863e1b1c3a3149ac73bc3f3160db7012229b57bced6d47b875878663642a8cddd03da1e7f236b8cf16713a5e0f4c892aaca77a8c7dab41d84567e2bbf09b336a2824e0e18d54d199e6e024d2630bb210cd24a9ef4b377be0429e2ecc9bf8478a8c6a78c686e26f29c95925baee85e4bbb97b6eecffe44a25e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
-      Version: 3
-      TBS:
-        MD5: 3a98a18e8636f2a01e49e2a6d116c360
-        SHA1: a2938150e46525adcec2e3a2348824bc1cf532b2
-        SHA256: 01a2e2d31d0a4f3005753cce5972b5da2a7c08b0750fb6947e0fd231e64ae7ec
-        SHA384: 722398e51e6b5bbe064df372be6b6a9ccfcc9719ad775213cae46920e0a3e6c5a4dc8b912de3148abfc60ff4a59050ea
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 690a0fb27a0c47c785d6bbbfc2e56501
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: a17d227444e090ff69e24fcb6d43162b
-    SHA1: 43d3a3c1f7b14cfcc051cae2534dbbbb4c7fc120
-    SHA256: b8eb26b6f79020ae988e4fb752dc06e1b6779749bf4f8df2872fc2b92bab8020
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2005-05-25 00:39:12'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - RtlInitUnicodeString
-  - ZwClose
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - IoDeleteSymbolicLink
-  - IofCompleteRequest
-  - MmIsAddressValid
-  - ZwUnmapViewOfSection
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - __C_specific_handler
-  - IoDeleteDevice
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: d6cc5709aca6a6b868962a6506d48abc
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: deb9c1e252f598099d70d2b33a313da3
-    SHA1: f0c2801e0091ed6f5e10ea7045e911aa90030290
-    SHA256: 914fb9761d50c3fa2ecf9fbd8af3735f9b8d6c4903e067c8af9546e79b6f22c7
-  SHA1: c0568bcdf57db1fa43cdee5a2a12b768a0064622
-  SHA256: ad0309c2d225d8540a47250e3773876e05ce6a47a7767511e2f68645562c0686
-  Sections:
-    .text:
-      Entropy: 5.7214393917162045
-      Virtual Size: '0xc74'
-    .rdata:
-      Entropy: 3.4063014058939425
-      Virtual Size: '0x130'
-    .data:
-      Entropy: 2.4884950805464947
-      Virtual Size: '0x58'
-    .pdata:
-      Entropy: 3.1879942043708462
-      Virtual Size: '0x60'
-    INIT:
-      Entropy: 4.4494366822955245
-      Virtual Size: '0x202'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
-        Primary Object Publishing CA
-      ValidFrom: '1999-01-28 12:00:00'
-      ValidTo: '2014-01-27 11:00:00'
-      Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9611cd6
-      Version: 3
-      TBS:
-        MD5: 698f075151097d84c0b1f3e7bc3d6fca
-        SHA1: 041750993d7c9e063f02dfe74699598640911aab
-        SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
-        SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
-    - Subject: C=TW, O=Micro,Star Int'l Co. Ltd., CN=Micro,Star Int'l Co. Ltd.
-      ValidFrom: '2008-08-28 09:49:45'
-      ValidTo: '2011-08-28 09:49:45'
-      Signature: 572df373e9b036711b3cf5ee882e5d75d8d50f012407cf0c1b554ff8f41c7b6477fa0b2ad579f2c1fe7b8b9d7374b690527c219eb979686fb67d0b4cf2885d8d7d1261f05cb72fe4c9f294c52aa05f3e5d1ceb0d77085dbd6af07978032505da666f353283a8982af26985e69c1599479945b591124183574b8a4cc34caa62e31b523dac3fedbd04951b3661399ed34f5c5868d9bbe3295fc09890d9521e1cdcae2ff129f547d4c8ce8aa08616107c555fac60e5b63c14ddfeb6962af3608b75d9c77c69260d8af9775b83afaa15b8ecef6840cb4ee87d451f9042b49735ea40931c0664c8c2bf6a139db6ac5b90edcea63a6bf5b54978f027b1046170d476d0
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0100000000011c08b7f67e
-      Version: 3
-      TBS:
-        MD5: 4566c37f56f951a0ce5b4ae966c0ea9f
-        SHA1: a51cbf2834eb6f8535bc5e44913a9ec979379782
-        SHA256: 88a8e9a799af515b9223e4cdf24d0ef1e72f12124be02786f026a3c26317b417
-        SHA384: d8d8769d5b6a0fe7c56fcde24c735475ee0e5d01c63dbf7690cdae5a3e251818bed42443d0c6424d39e81a19d6c83bdb
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      ValidFrom: '2004-01-22 09:00:00'
-      ValidTo: '2014-01-27 10:00:00'
-      Signature: 3c4a010267edf20a2e736e40252f1dccbc2db652141b27122cf1229e190a89b6ef352a29152b1a88c20f37168d2602d5e93080f608b9939ac0498f332c3035ff4ab9892aa75c38e761a778fe22851a07b4b9edcf21f25ddedff329c5d38d9e14c4285c88e590a300442912b23e759540244a6beee2d0ef862ddf6d741a4f1cc79424c443464f7b81015d23733cd9752e995361565e7ccd13e237d222e570f8a743f6154147fda24702c43651ca545da6cdcad61817533ff1d38e0f0aafda17941657a0991431c90e1611d2c04ca2a25978fbb6b933cff763c9d2c4c84953dd8a59525e7d3b385eed220360ac85cd58325dcdc31c07fa7ef67efbc8ac378be498
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000117ab50b915
-      Version: 3
-      TBS:
-        MD5: 5686b287d716c4d2428b092c4ef30f9c
-        SHA1: 306fb5fbeb3d531510bb4b663c4fd48adc121e14
-        SHA256: 60846fc990e271a707cd2d53d0bb21834a04f7652214aa0c12597ff6649d352d
-        SHA384: 6b37b28ca97b32a31b0fa53b5e961ae0f2d1aae2c5bf46de132e57834ee3968d9af7ad204821f9389cc4e0b5a8481fe8
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 0100000000011c08b7f67e
-      Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      Version: 1
-  Imphash: 543f80399f79401471523d335ea61642
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: a17d227444e090ff69e24fcb6d43162b
-    SHA1: 43d3a3c1f7b14cfcc051cae2534dbbbb4c7fc120
-    SHA256: b8eb26b6f79020ae988e4fb752dc06e1b6779749bf4f8df2872fc2b92bab8020
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2005-05-25 00:39:12'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - RtlInitUnicodeString
-  - ZwClose
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - IoDeleteSymbolicLink
-  - IofCompleteRequest
-  - MmIsAddressValid
-  - ZwUnmapViewOfSection
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - __C_specific_handler
-  - IoDeleteDevice
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: adc1e141b57505fd011bc1efb1ae6967
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: deb9c1e252f598099d70d2b33a313da3
-    SHA1: f0c2801e0091ed6f5e10ea7045e911aa90030290
-    SHA256: 914fb9761d50c3fa2ecf9fbd8af3735f9b8d6c4903e067c8af9546e79b6f22c7
-  SHA1: d28b604b9bb608979cc0eab1e9e93e11c721aa3d
-  SHA256: 1c425793a8ce87be916969d6d7e9dd0687b181565c3b483ce53ad1ec6fb72a17
-  Sections:
-    .text:
-      Entropy: 5.7214393917162045
-      Virtual Size: '0xc74'
-    .rdata:
-      Entropy: 3.4063014058939425
-      Virtual Size: '0x130'
-    .data:
-      Entropy: 2.4884950805464947
-      Virtual Size: '0x58'
-    .pdata:
-      Entropy: 3.1879942043708462
-      Virtual Size: '0x60'
-    INIT:
-      Entropy: 4.4494366822955245
-      Virtual Size: '0x202'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: CN=GlobalSign RootSign Partners CA, OU=RootSign Partners CA, O=GlobalSign
-        nv,sa, C=BE
-      ValidFrom: '2003-12-16 13:00:00'
-      ValidTo: '2014-01-27 11:00:00'
-      Signature: 5c2f2e674a26b3e7b53f353cdda003ed569af9443752163065c7d14ea20f8db7b6b6678ee74cec8d95bee6cea7227874acd7f87499b3f7ce8b1338d596cc8d76c52f38b23aae61be0b8799e321626423398d84f6858df777ffb03806f07ec1485fb5ee582606660522749283a7dbb5f992e3e8c3192c2e63efbb1fdff9f70747660d0789977ef8332c9ecbae143df11cdfa3f179afc8928f9471c4d144c554db1eb50b0aa942a3afd643391dee8f9398585bbe6e9c0bf563ec5e99c2f954fa010746da0db06424cf8ed1061d4f3ca26377455ba4bc5fb080bb31e00b54015c161d724ed52a6947d11b667e5f016ef135916be02efeb045d81627b5c58bc2da53
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 040000000000f97faa2e1e
-      Version: 3
-      TBS:
-        MD5: 59466cb0c1788b2f251fce3495837102
-        SHA1: c5cfc5f6a131a3a77c3905c9893c99bb1b2baa0b
-        SHA256: eedda02668f7636eeec69429a7164cc47ca3de0539122d37f5b8078df7ee56db
-        SHA384: 982b72c3ee7066ce80ee642444c91adc60e7009fc6ef981a32edf666591d6aedb09d258e10e86f4ef265eae8149bbd92
-    - Subject: O=GlobalSign, CN=GlobalSign Time Stamping Authority, emailAddress=timestampinfo@globalsign.com
-      ValidFrom: '2007-02-05 09:00:00'
-      ValidTo: '2014-01-27 09:00:00'
-      Signature: 649b07caaccc411e37ef6f349cb5e8ca48f9daeafaf7172e5cad193b7311ec5adbfd7b213161c092515bb166b07c64d8fe10b471a8bc9e75379c5f6ff2da0437b8ecc003e256b7785995581d7a7c3e18d74c32bdf91ee723457fdee08d65825b45fd64c66fc3d7ea12411d0c395ef696f8c3cd9e1fff51886976988b8eb42788821ad63c7aabb04eb73ee8d434d2c1a439533cb2747b15373054a6ebb924cc2f084b4364f14aaf8d9ce8546cb2dbdc3bb1c722849f558e72a8b2a8f6f0ff03c996ebab8273dabe45561936fdba6cbc71f0d3c7c376d7e4bce2a1a67200cfbdb200ed92aa39ab09d16e3953862ad43b517398b754e9972d9977ee123e3642257f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000011092eb8295
-      Version: 3
-      TBS:
-        MD5: 11d73a3638fc78e0bac6c459feadcc42
-        SHA1: 6636f7dcf81b370b919966f9063295ec84422f91
-        SHA256: 1eb5fc1d2e3254b1e3c4587a6efed87ee65306525e684b4cfa4b51893cfe86a3
-        SHA384: a13c07e505c79c58654ad2cffe219c6c801fa092c52f18c489a6061420c6475706f11c200f4dadd51718c660e49b3f24
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=US, ST=California, L=Brea, O=EVGA, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=EVGA
-      ValidFrom: '2008-04-16 00:00:00'
-      ValidTo: '2010-04-16 23:59:59'
-      Signature: 13a3b8caa6bd8d63308898b0c92b79574e5d122a3ecba9758ec450b7c8c848ee5bc486db6370a8dfeb4c96c2c25512f7a3e759cc57a4d92f1a44fba15ca0c1156d22c49251b4e6a01bb93e4a62522ee5af4286c759c01c66fa5ce4452a4f112d03560bfa9737a3d0f3008b3cc48f2042b4428643f1efb4b99a34d0545c9934f1a6f35819e469430b74ba475a2135660948131cf24c9b1fb84580a1fd63eb3218d282e4f7caf77f4adbecb51e4b8237937eda0b7fcc20fc2273bf38282ee69ae6730b21c5314bcdc3f2e3a1e6f6c3ccb2139800f69d3f2fadc235080214f1c9b11e6a8f2165a45e15cca3c3542c2bac7225208a84828456d2e93cfe8315b092a1
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 546ea040bf5075ce0a5c01d4c6ded19d
-      Version: 3
-      TBS:
-        MD5: 8f51b4e16b87e1cc89b9d0c997227546
-        SHA1: 8f3cdd2b86ae03653f0612911a2f01a9dca49a22
-        SHA256: c7f57b7287c808d2713aba9e368fe387b5825bfbda1bd1824f374beaa8e30be9
-        SHA384: 70423f071aae83c68149b7fca1181f65fd5ee37b1527bb989c3c6b0af7d78b19930c8b2cb517da35f66294eba8768e37
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 546ea040bf5075ce0a5c01d4c6ded19d
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  Imphash: 543f80399f79401471523d335ea61642
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: a17d227444e090ff69e24fcb6d43162b
-    SHA1: 43d3a3c1f7b14cfcc051cae2534dbbbb4c7fc120
-    SHA256: b8eb26b6f79020ae988e4fb752dc06e1b6779749bf4f8df2872fc2b92bab8020
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2005-05-25 00:39:12'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - RtlInitUnicodeString
-  - ZwClose
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - IoDeleteSymbolicLink
-  - IofCompleteRequest
-  - MmIsAddressValid
-  - ZwUnmapViewOfSection
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - __C_specific_handler
-  - IoDeleteDevice
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: 2e887e52e45bba3c47ccd0e75fc5266f
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: deb9c1e252f598099d70d2b33a313da3
-    SHA1: f0c2801e0091ed6f5e10ea7045e911aa90030290
-    SHA256: 914fb9761d50c3fa2ecf9fbd8af3735f9b8d6c4903e067c8af9546e79b6f22c7
-  SHA1: 022f7aa4d0f04d594588ae9fa65c90bcc4bda833
-  SHA256: d21aba58222930cb75946a0fb72b4adc96de583d3f7d8dc13829b804eb877257
-  Sections:
-    .text:
-      Entropy: 5.7214393917162045
-      Virtual Size: '0xc74'
-    .rdata:
-      Entropy: 3.4063014058939425
-      Virtual Size: '0x130'
-    .data:
-      Entropy: 2.4884950805464947
-      Virtual Size: '0x58'
-    .pdata:
-      Entropy: 3.1879942043708462
-      Virtual Size: '0x60'
-    INIT:
-      Entropy: 4.4494366822955245
-      Virtual Size: '0x202'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
-        Primary Object Publishing CA
-      ValidFrom: '1999-01-28 12:00:00'
-      ValidTo: '2014-01-27 11:00:00'
-      Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9611cd6
-      Version: 3
-      TBS:
-        MD5: 698f075151097d84c0b1f3e7bc3d6fca
-        SHA1: 041750993d7c9e063f02dfe74699598640911aab
-        SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
-        SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
-    - Subject: C=TW, O=Micro,Star Int'l Co. Ltd., CN=Micro,Star Int'l Co. Ltd.
-      ValidFrom: '2008-08-28 09:49:45'
-      ValidTo: '2011-08-28 09:49:45'
-      Signature: 572df373e9b036711b3cf5ee882e5d75d8d50f012407cf0c1b554ff8f41c7b6477fa0b2ad579f2c1fe7b8b9d7374b690527c219eb979686fb67d0b4cf2885d8d7d1261f05cb72fe4c9f294c52aa05f3e5d1ceb0d77085dbd6af07978032505da666f353283a8982af26985e69c1599479945b591124183574b8a4cc34caa62e31b523dac3fedbd04951b3661399ed34f5c5868d9bbe3295fc09890d9521e1cdcae2ff129f547d4c8ce8aa08616107c555fac60e5b63c14ddfeb6962af3608b75d9c77c69260d8af9775b83afaa15b8ecef6840cb4ee87d451f9042b49735ea40931c0664c8c2bf6a139db6ac5b90edcea63a6bf5b54978f027b1046170d476d0
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0100000000011c08b7f67e
-      Version: 3
-      TBS:
-        MD5: 4566c37f56f951a0ce5b4ae966c0ea9f
-        SHA1: a51cbf2834eb6f8535bc5e44913a9ec979379782
-        SHA256: 88a8e9a799af515b9223e4cdf24d0ef1e72f12124be02786f026a3c26317b417
-        SHA384: d8d8769d5b6a0fe7c56fcde24c735475ee0e5d01c63dbf7690cdae5a3e251818bed42443d0c6424d39e81a19d6c83bdb
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      ValidFrom: '2004-01-22 09:00:00'
-      ValidTo: '2014-01-27 10:00:00'
-      Signature: 3c4a010267edf20a2e736e40252f1dccbc2db652141b27122cf1229e190a89b6ef352a29152b1a88c20f37168d2602d5e93080f608b9939ac0498f332c3035ff4ab9892aa75c38e761a778fe22851a07b4b9edcf21f25ddedff329c5d38d9e14c4285c88e590a300442912b23e759540244a6beee2d0ef862ddf6d741a4f1cc79424c443464f7b81015d23733cd9752e995361565e7ccd13e237d222e570f8a743f6154147fda24702c43651ca545da6cdcad61817533ff1d38e0f0aafda17941657a0991431c90e1611d2c04ca2a25978fbb6b933cff763c9d2c4c84953dd8a59525e7d3b385eed220360ac85cd58325dcdc31c07fa7ef67efbc8ac378be498
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000117ab50b915
-      Version: 3
-      TBS:
-        MD5: 5686b287d716c4d2428b092c4ef30f9c
-        SHA1: 306fb5fbeb3d531510bb4b663c4fd48adc121e14
-        SHA256: 60846fc990e271a707cd2d53d0bb21834a04f7652214aa0c12597ff6649d352d
-        SHA384: 6b37b28ca97b32a31b0fa53b5e961ae0f2d1aae2c5bf46de132e57834ee3968d9af7ad204821f9389cc4e0b5a8481fe8
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 0100000000011c08b7f67e
-      Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      Version: 1
-  Imphash: 543f80399f79401471523d335ea61642
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 55466195f0b2f4afc4243b43a806e6d9
-    SHA1: 38b353d8480885de5dcf299deca99ce4f26a1d20
-    SHA256: 5182caf10de9cec0740ecde5a081c21cdc100d7eb328ffe6f3f63183889fec6b
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2011-09-06 06:24:50'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - RtlInitUnicodeString
-  - ZwClose
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - MmMapIoSpace
-  - IoDeleteSymbolicLink
-  - IofCompleteRequest
-  - ZwUnmapViewOfSection
-  - MmUnmapIoSpace
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - __C_specific_handler
-  - IoDeleteDevice
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: 7f7b8cde26c4943c9465e412adbb790f
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 59080883b71fd56bbf10ec0ae4b6bdd4
-    SHA1: 503a36a225568553cc9b05f63b3506c6ff21e12e
-    SHA256: bc812d4ddc3ecfbf38c4d0d185e368fc58bac6e07f722db032bf6303daa7c946
-  SHA1: 879e92a7427bdbcc051a18bbb3727ac68154e825
-  SHA256: 08828990218ebb4415c1bb33fa2b0a009efd0784b18b3f7ecd3bc078343f7208
-  Sections:
-    .text:
-      Entropy: 5.866767422382319
-      Virtual Size: '0x8b4'
-    .rdata:
-      Entropy: 3.095201756852517
-      Virtual Size: '0x110'
-    .data:
-      Entropy: 2.4884950805464947
-      Virtual Size: '0x58'
-    .pdata:
-      Entropy: 3.045843351790575
-      Virtual Size: '0x54'
-    INIT:
-      Entropy: 4.468159720315432
-      Virtual Size: '0x218'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: OU=Timestamping CA, O=GlobalSign, CN=GlobalSign Timestamping CA
-      ValidFrom: '2009-03-18 11:00:00'
-      ValidTo: '2028-01-28 12:00:00'
-      Signature: 5df6cb2b0d0140849f857a43706ae0c5e7aa0600d76713c9089131654f14a8a905dc389e6aa0300abd8dc78028ee4245ca94f3de5845a9803204f5595c6a70003927944df5b44634e81c5331b2b35416e9cc42abd5d959301cfb462725b88723b1e8758824831ec876377b01494548a4ede25dd27c9ca2dc2dba105a126265abae00c710343bcb72bd14240cdcc37627b4a7fee15829f20e169f91391d89a6e60f1c878ce258ac927e243eaaec14e73a33348bc63bac83ab0f14627aba1a2d4d4b1bc530f00b92797d3c78e0f8e6d215965999392b3061e8b8f8c0a1e9221411787dc4dc89bec0bb94e172aeebb540404fef171e585ed0a88996ac9228e9babf
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012019c19066
-      Version: 3
-      TBS:
-        MD5: 42023b9487cafe46c1b6a49c369a362e
-        SHA1: 7c7b524d269334b9f073c32e888e09544c6acd98
-        SHA256: b7126567833f3daa4085ff41e73112daad3d1e3808a942c1936520e2d6c46c78
-        SHA384: 0ee4f63d6f157ec4f6990c3ebb411ccd76cb1e2123c7f692459e43f96c0da2dbf60a2bce6afeacc60621d3055028baea
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=BE, O=GlobalSign NV, CN=GlobalSign Time Stamping Authority
-      ValidFrom: '2009-12-21 09:32:56'
-      ValidTo: '2020-12-22 09:32:56'
-      Signature: bc89ecfee63655935c79d4117a86808f17b693b26d9b91a1561811c655eaf608edad9b9ef52b81c8bbdd607b1b47991e6d403e1d80c213d58e04052fdbe7ae529e688472a1e54a603cf89bd52f46d8c3b2b79353ac9b6c432424d1f1fce9562e3411581843eaefff34746ca0c06c7fad031969881e9560cabbbd0cbb76efc724b081c63831cf36ad0c38b89020849b2e8f28b99ff6ca9427cdac396157e0e3955a9c769230f5dea6973d721c2a6032a8334d8635338a5cf3a4fdf7062ce16b4b30f5cbd34362f841b9de7d20cb058c8e2cf65f35fd338d42896508362ca389f45a858bb0b97bdb6ccba1f8d20e1bbb977cd12779be9d7c3be6a75634d8c991a9
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 01000000000125b0b4cc01
-      Version: 3
-      TBS:
-        MD5: e3369c8e5aec0504b3a50455f615d9f9
-        SHA1: 13c244a894b40ecd18aaf97c362f20385bd005a7
-        SHA256: 26da721a670c72836926032fee6920118bfb9bff89cc8d0ce30d9452c33f2532
-        SHA384: 1524902f0e25addc6d74039d439366d2b06199e215004fd8e145369f50ea94a021ce6312e8a62b35470da0309ccb975c
-    - Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL CO.,
-        LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL CO.,
-        LTD.
-      ValidFrom: '2011-08-30 06:46:09'
-      ValidTo: '2014-08-30 06:46:09'
-      Signature: 87bf57ab7ffd7e005076b34b14ddd924045ec7e389871661794f1ece1bef10e050893b28236cb650af1415f8cd95e86c2052d93311d73e0bbe6fb1c22ddea438a93c8b18bd4b8c0f81ad07032efb46d406bbaa730dd3ac92cbf0d9cc711a397a0e0320b213a5161e6be83ec69967a712b463129ea56d5a8ecd3ff8901be09dfaa0a0f10e879b307863e1b1c3a3149ac73bc3f3160db7012229b57bced6d47b875878663642a8cddd03da1e7f236b8cf16713a5e0f4c892aaca77a8c7dab41d84567e2bbf09b336a2824e0e18d54d199e6e024d2630bb210cd24a9ef4b377be0429e2ecc9bf8478a8c6a78c686e26f29c95925baee85e4bbb97b6eecffe44a25e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
-      Version: 3
-      TBS:
-        MD5: 3a98a18e8636f2a01e49e2a6d116c360
-        SHA1: a2938150e46525adcec2e3a2348824bc1cf532b2
-        SHA256: 01a2e2d31d0a4f3005753cce5972b5da2a7c08b0750fb6947e0fd231e64ae7ec
-        SHA384: 722398e51e6b5bbe064df372be6b6a9ccfcc9719ad775213cae46920e0a3e6c5a4dc8b912de3148abfc60ff4a59050ea
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 690a0fb27a0c47c785d6bbbfc2e56501
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 538e5e595c61d2ea8defb7b047784734
-    SHA1: 4a68c2d7a4c471e062a32c83a36eedb45a619683
-    SHA256: 478c36f8af7844a80e24c1822507beef6314519185717ec7ae224a0e04b2f330
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2016-09-30 06:03:17'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - MmMapIoSpace
-  - __C_specific_handler
-  - ZwClose
-  - ZwUnmapViewOfSection
-  - MmUnmapIoSpace
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - RtlInitUnicodeString
-  - IoDeleteSymbolicLink
-  - IofCompleteRequest
-  - IoDeleteDevice
-  - HalTranslateBusAddress
-  - HalGetBusDataByOffset
-  - HalSetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: 86635fdc8e28957e6c01fc483fe7b020
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: ebe2ae976914018e88e9fc480e7b6269
-    SHA1: 960715bfbccb53b6c4eccca3b232b25640e15b52
-    SHA256: d755e9f3cb861f5227319238f1811265e332e36a922b9a25da38b122a791fdfa
-  SHA1: 089411e052ea17d66033155f77ae683c50147018
-  SHA256: 1cedd5815bb6e20d3697103cfc0275f5015f469e6007e8cac16892c97731c695
-  Sections:
-    .text:
-      Entropy: 5.9488831741487855
-      Virtual Size: '0xb64'
-    .rdata:
-      Entropy: 3.0845170472775276
-      Virtual Size: '0x12c'
-    .data:
-      Entropy: 2.4884950805464947
-      Virtual Size: '0x58'
-    .pdata:
-      Entropy: 3.0964706270496722
-      Virtual Size: '0x60'
-    INIT:
-      Entropy: 4.528890116790764
-      Virtual Size: '0x258'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Timestamping CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2028-01-28 12:00:00'
-      Signature: 4e5e56901e46b4d94931f3bb1739281bc216ddfd41dc0905049b6fb2a29ad6992e40990055b5ea3fa52076d38634d417cc553ac782eeefa8babcd8069f1550dfcd167b523a02d7191afdaff0785ce04bc518df3a241edaacb8a95804020730dbb0125efe31bef00448f4f070f83a5e5683cf3dfb0dbcf4c5ed979db9d4dba52784e3389b8ba735864420a43b6da46a0ba183fd28ebdaef28f6cc885dfb0a3b00abe021ebe22f356c0f8e344597eba2f79933357ecb9a8abb454de73f9fc2d98afa65b26ec77e65ffe892e12c31a2f7b02736488f266f3bee4d761f79c3e57f9635bc2d0ecc01b08e7fff518080a792d4b34446648c874f166307314b63b0dff3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee152d7
-      Version: 3
-      TBS:
-        MD5: e140543fe3256027cfa79fc3c19c1776
-        SHA1: c655f94eb1ecc93de319fc0c9a2dc6c5ec063728
-        SHA256: 3ca71e85908ff67368e4dc00253f5691b9e6d50c966e7784143d75fb92aa3448
-        SHA384: d9d366f9328f2b55ee19a32cc5fd5148b81d764282fe5dc196c872ae249caa51d2c212ef39f33945dfe0cda81925e326
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=SG, O=GMO GlobalSign Pte Ltd, CN=GlobalSign TSA for MS Authenticode
-        , G2
-      ValidFrom: '2016-05-24 00:00:00'
-      ValidTo: '2027-06-24 00:00:00'
-      Signature: 8fa91a916d04a637200e8396de23d36b6e1f6edd643d682122b5f84736698ee1a545c724a222b72909cc545aaec6bccd638eb33d5048e5b4ccaecd928d9e288b134a11aabda3efd3b236fcb4a172bf6d9763798c44bc702f7ef3bcdd8253ab1af6ebfa1c97bcb6379ca41c30bcabbc2d4736df922003e871c658f675059a34f00b595a824434aa80e42f84f6475d96c9b6caca9db7a6bae450d3d437b8ba200ed0d3922a5bc459bba16ddb3cce449dc1382aade38dbdcd09771a10be670a02366488b9b31b26eee79e60c446a8bc61336ccf4eb99cb96af09f37feb53d4f9ad34dffde208e4e97a6fd9f09bc4dca1876c9b04d8550f280d21d06f5580407b118
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1121d699a764973ef1f8427ee919cc534114
-      Version: 3
-      TBS:
-        MD5: acb5170547d76873f1e4ff18ed5de2eb
-        SHA1: bd6e261e75b807381bada7287de04d259258a5fa
-        SHA256: 4783380498acf592286ef2dea0fcc5bdea3f54d5e374d3e3497df9d5f662cfb6
-        SHA384: 4f428f115cf3d008248f15f32007fc7c54bd454e1b48b765776b4c87c23ab8818d8fbcbb3646d35eca012b025260a3b8
-    - Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL CO.,
-        LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL CO.,
-        LTD.
-      ValidFrom: '2014-06-03 09:16:15'
-      ValidTo: '2017-09-03 09:16:15'
-      Signature: 8c35a5b5d3503f50119ab8f99b07a4bb4b71cafaf983206f744545c2997ae1762032fa2d37f4780cfe83bfa999d7bcbd863dc4a51ff39978160e2e191482ae6d7f08e8ffa337c96d8c2d38ddf476a497265a890c1bbf0dee89b1abd32343889a3757732d205ba06525fa8f6e15005405a53e55cef71ac0b6af3a640e4c8aef5e950ab8a8b5c8bcddb2ade96ad9473a3d860ae16fdbe3362cabfd916da089167d906d378dbf4534f7ffb77d87baba29f8f5bbbd9b4b7c127ac170a270dc7a7272d38fdf3bbadbfb448d47e5dd4d310a588666a0d66762e1b3704b1e00e39739190c02f4b981cf2d27ba07d2472ec320edf29e263f26278995d162102968c999b3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112158044863e4dc19cf29a85668b7f45842
-      Version: 3
-      TBS:
-        MD5: 403bb44a62aed1a94bd5df05b3292482
-        SHA1: e4a0353e75940ab1e8cbff2f433f186c7f0b0f09
-        SHA256: 5b81998ed98b343c04134c336e03f3051779eae0e9f882e8339593d18556375d
-        SHA384: db0076cad41a0ef4ea68754ef6905bd5ff772adcb745b05c0060344e43588abc95952dc3ad272f5a8f17b206e4089aca
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112158044863e4dc19cf29a85668b7f45842
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 7363079b9aae7d58bd33c691a613c83c
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: cfe667280acf69d4b5d0e2dbc76510e4
-    SHA1: b3249bacda6e43aa2c46c2af802c9ee0b7e2fd7b
-    SHA256: 3c9829a16eb85272b0e1a2917feffaab8ddb23e633b168b389669339a0cee0b5
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2015-04-24 01:01:47'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - MmMapIoSpace
-  - __C_specific_handler
-  - ZwClose
-  - ZwUnmapViewOfSection
-  - MmUnmapIoSpace
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - RtlInitUnicodeString
-  - IoDeleteSymbolicLink
-  - IofCompleteRequest
-  - IoDeleteDevice
-  - HalSetBusDataByOffset
-  - HalTranslateBusAddress
-  - HalGetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: e6ea0e8d2edcc6cad3c414a889d17ac4
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: ebe2ae976914018e88e9fc480e7b6269
-    SHA1: 960715bfbccb53b6c4eccca3b232b25640e15b52
-    SHA256: d755e9f3cb861f5227319238f1811265e332e36a922b9a25da38b122a791fdfa
-  SHA1: 9db1585c0fab6a9feb411c39267ac4ad29171696
-  SHA256: a0dd3d43ab891777b11d4fdcb3b7f246b80bc66d12f7810cf268a5f6f4f8eb7b
-  Sections:
-    .text:
-      Entropy: 5.874422277751402
-      Virtual Size: '0x9b4'
-    .rdata:
-      Entropy: 3.0356607252090053
-      Virtual Size: '0x120'
-    .data:
-      Entropy: 2.4884950805464947
-      Virtual Size: '0x58'
-    .pdata:
-      Entropy: 2.979061917571089
-      Virtual Size: '0x54'
-    INIT:
-      Entropy: 4.523481595961036
-      Virtual Size: '0x258'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Timestamping CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2028-01-28 12:00:00'
-      Signature: 4e5e56901e46b4d94931f3bb1739281bc216ddfd41dc0905049b6fb2a29ad6992e40990055b5ea3fa52076d38634d417cc553ac782eeefa8babcd8069f1550dfcd167b523a02d7191afdaff0785ce04bc518df3a241edaacb8a95804020730dbb0125efe31bef00448f4f070f83a5e5683cf3dfb0dbcf4c5ed979db9d4dba52784e3389b8ba735864420a43b6da46a0ba183fd28ebdaef28f6cc885dfb0a3b00abe021ebe22f356c0f8e344597eba2f79933357ecb9a8abb454de73f9fc2d98afa65b26ec77e65ffe892e12c31a2f7b02736488f266f3bee4d761f79c3e57f9635bc2d0ecc01b08e7fff518080a792d4b34446648c874f166307314b63b0dff3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee152d7
-      Version: 3
-      TBS:
-        MD5: e140543fe3256027cfa79fc3c19c1776
-        SHA1: c655f94eb1ecc93de319fc0c9a2dc6c5ec063728
-        SHA256: 3ca71e85908ff67368e4dc00253f5691b9e6d50c966e7784143d75fb92aa3448
-        SHA384: d9d366f9328f2b55ee19a32cc5fd5148b81d764282fe5dc196c872ae249caa51d2c212ef39f33945dfe0cda81925e326
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=SG, O=GMO GlobalSign Pte Ltd, CN=GlobalSign TSA for MS Authenticode
-        , G2
-      ValidFrom: '2015-02-03 00:00:00'
-      ValidTo: '2026-03-03 00:00:00'
-      Signature: 8032dc078d1ca09c9d3c2ae83d218b59a14d7ecc44ce03be7eaabcc4e67b73bb4bf188da904e7537283863b9d72b0f54a956ce7739973073cd9bd9d905451c8da4b8035d4fd91c2e98e0e988e6ecd7057e562a7bf7165ba3ad8f972512841bb25c634a0ad2ef10544782843569289c0ce41f141624fa75dc74726e4ecae36a43afcf7d3648d1bde906912c2fa6c871fdcfbdd89d2198fcafdbde228cafa7f377ef9ddca3704b441af078851ef2a58c39b5dc881c37edad14f5070b26bdbe6d025eb1b8b0586c853a0df6ff5a270cc5de53e7543c564cc94e4c30f6f25cfb1a8cc282bead5991f61b4d557bcf5b01dcfd7ad36f235c32479b01f3c15114468a9b
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112106a081d33fd87ae5824cc16b52094e03
-      Version: 3
-      TBS:
-        MD5: a0ac4d48fe852f7b3ed4e623d59a825f
-        SHA1: d4db9846bc4d7db142eeb364286f6de7c102420c
-        SHA256: 78d2e41a13eb4e9171bae2d2adb192cf39210b5231f77cda936bcfbe8c003bdf
-        SHA384: 990ed96dca5979deeedc98a012279f04efb5559d7e7f5084a12f3802ee9439326557aecefd081cff739b78515b5d7f50
-    - Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL CO.,
-        LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL CO.,
-        LTD.
-      ValidFrom: '2014-06-03 09:16:15'
-      ValidTo: '2017-09-03 09:16:15'
-      Signature: 8c35a5b5d3503f50119ab8f99b07a4bb4b71cafaf983206f744545c2997ae1762032fa2d37f4780cfe83bfa999d7bcbd863dc4a51ff39978160e2e191482ae6d7f08e8ffa337c96d8c2d38ddf476a497265a890c1bbf0dee89b1abd32343889a3757732d205ba06525fa8f6e15005405a53e55cef71ac0b6af3a640e4c8aef5e950ab8a8b5c8bcddb2ade96ad9473a3d860ae16fdbe3362cabfd916da089167d906d378dbf4534f7ffb77d87baba29f8f5bbbd9b4b7c127ac170a270dc7a7272d38fdf3bbadbfb448d47e5dd4d310a588666a0d66762e1b3704b1e00e39739190c02f4b981cf2d27ba07d2472ec320edf29e263f26278995d162102968c999b3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112158044863e4dc19cf29a85668b7f45842
-      Version: 3
-      TBS:
-        MD5: 403bb44a62aed1a94bd5df05b3292482
-        SHA1: e4a0353e75940ab1e8cbff2f433f186c7f0b0f09
-        SHA256: 5b81998ed98b343c04134c336e03f3051779eae0e9f882e8339593d18556375d
-        SHA384: db0076cad41a0ef4ea68754ef6905bd5ff772adcb745b05c0060344e43588abc95952dc3ad272f5a8f17b206e4089aca
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112158044863e4dc19cf29a85668b7f45842
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: cde9174249f04dad0f79890c976c0792
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 936e49d3eec0a2f433e9d0115a38a2b6
-    SHA1: 5717bf3e520accfff5ad9943e53a3b118fb67f2e
-    SHA256: 918d2e68a724b58d37443aea159e70bf8b1b5ebb089c395cad1d62745ecdaa19
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2013-03-10 23:32:06'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - RtlInitUnicodeString
-  - ZwClose
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - MmMapIoSpace
-  - IoDeleteSymbolicLink
-  - IofCompleteRequest
-  - ZwUnmapViewOfSection
-  - MmUnmapIoSpace
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - __C_specific_handler
-  - IoDeleteDevice
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: 0d992b69029d1f23a872ff5a3352fb5b
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 59080883b71fd56bbf10ec0ae4b6bdd4
-    SHA1: 503a36a225568553cc9b05f63b3506c6ff21e12e
-    SHA256: bc812d4ddc3ecfbf38c4d0d185e368fc58bac6e07f722db032bf6303daa7c946
-  SHA1: b5dfa3396136236cc9a5c91f06514fa717508ef5
-  SHA256: 0aca4447ee54d635f76b941f6100b829dc8b2e0df27bdf584acb90f15f12fbda
-  Sections:
-    .text:
-      Entropy: 5.875896928498946
-      Virtual Size: '0x8c4'
-    .rdata:
-      Entropy: 3.077836082863532
-      Virtual Size: '0x110'
-    .data:
-      Entropy: 2.4884950805464947
-      Virtual Size: '0x58'
-    .pdata:
-      Entropy: 2.9223636591016042
-      Virtual Size: '0x54'
-    INIT:
-      Entropy: 4.468159720315432
-      Virtual Size: '0x218'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: OU=Timestamping CA, O=GlobalSign, CN=GlobalSign Timestamping CA
-      ValidFrom: '2009-03-18 11:00:00'
-      ValidTo: '2028-01-28 12:00:00'
-      Signature: 5df6cb2b0d0140849f857a43706ae0c5e7aa0600d76713c9089131654f14a8a905dc389e6aa0300abd8dc78028ee4245ca94f3de5845a9803204f5595c6a70003927944df5b44634e81c5331b2b35416e9cc42abd5d959301cfb462725b88723b1e8758824831ec876377b01494548a4ede25dd27c9ca2dc2dba105a126265abae00c710343bcb72bd14240cdcc37627b4a7fee15829f20e169f91391d89a6e60f1c878ce258ac927e243eaaec14e73a33348bc63bac83ab0f14627aba1a2d4d4b1bc530f00b92797d3c78e0f8e6d215965999392b3061e8b8f8c0a1e9221411787dc4dc89bec0bb94e172aeebb540404fef171e585ed0a88996ac9228e9babf
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012019c19066
-      Version: 3
-      TBS:
-        MD5: 42023b9487cafe46c1b6a49c369a362e
-        SHA1: 7c7b524d269334b9f073c32e888e09544c6acd98
-        SHA256: b7126567833f3daa4085ff41e73112daad3d1e3808a942c1936520e2d6c46c78
-        SHA384: 0ee4f63d6f157ec4f6990c3ebb411ccd76cb1e2123c7f692459e43f96c0da2dbf60a2bce6afeacc60621d3055028baea
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=BE, O=GlobalSign NV, CN=GlobalSign Time Stamping Authority
-      ValidFrom: '2009-12-21 09:32:56'
-      ValidTo: '2020-12-22 09:32:56'
-      Signature: bc89ecfee63655935c79d4117a86808f17b693b26d9b91a1561811c655eaf608edad9b9ef52b81c8bbdd607b1b47991e6d403e1d80c213d58e04052fdbe7ae529e688472a1e54a603cf89bd52f46d8c3b2b79353ac9b6c432424d1f1fce9562e3411581843eaefff34746ca0c06c7fad031969881e9560cabbbd0cbb76efc724b081c63831cf36ad0c38b89020849b2e8f28b99ff6ca9427cdac396157e0e3955a9c769230f5dea6973d721c2a6032a8334d8635338a5cf3a4fdf7062ce16b4b30f5cbd34362f841b9de7d20cb058c8e2cf65f35fd338d42896508362ca389f45a858bb0b97bdb6ccba1f8d20e1bbb977cd12779be9d7c3be6a75634d8c991a9
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 01000000000125b0b4cc01
-      Version: 3
-      TBS:
-        MD5: e3369c8e5aec0504b3a50455f615d9f9
-        SHA1: 13c244a894b40ecd18aaf97c362f20385bd005a7
-        SHA256: 26da721a670c72836926032fee6920118bfb9bff89cc8d0ce30d9452c33f2532
-        SHA384: 1524902f0e25addc6d74039d439366d2b06199e215004fd8e145369f50ea94a021ce6312e8a62b35470da0309ccb975c
-    - Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL CO.,
-        LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL CO.,
-        LTD.
-      ValidFrom: '2011-08-30 06:46:09'
-      ValidTo: '2014-08-30 06:46:09'
-      Signature: 87bf57ab7ffd7e005076b34b14ddd924045ec7e389871661794f1ece1bef10e050893b28236cb650af1415f8cd95e86c2052d93311d73e0bbe6fb1c22ddea438a93c8b18bd4b8c0f81ad07032efb46d406bbaa730dd3ac92cbf0d9cc711a397a0e0320b213a5161e6be83ec69967a712b463129ea56d5a8ecd3ff8901be09dfaa0a0f10e879b307863e1b1c3a3149ac73bc3f3160db7012229b57bced6d47b875878663642a8cddd03da1e7f236b8cf16713a5e0f4c892aaca77a8c7dab41d84567e2bbf09b336a2824e0e18d54d199e6e024d2630bb210cd24a9ef4b377be0429e2ecc9bf8478a8c6a78c686e26f29c95925baee85e4bbb97b6eecffe44a25e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
-      Version: 3
-      TBS:
-        MD5: 3a98a18e8636f2a01e49e2a6d116c360
-        SHA1: a2938150e46525adcec2e3a2348824bc1cf532b2
-        SHA256: 01a2e2d31d0a4f3005753cce5972b5da2a7c08b0750fb6947e0fd231e64ae7ec
-        SHA384: 722398e51e6b5bbe064df372be6b6a9ccfcc9719ad775213cae46920e0a3e6c5a4dc8b912de3148abfc60ff4a59050ea
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 690a0fb27a0c47c785d6bbbfc2e56501
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 936e49d3eec0a2f433e9d0115a38a2b6
-    SHA1: 5717bf3e520accfff5ad9943e53a3b118fb67f2e
-    SHA256: 918d2e68a724b58d37443aea159e70bf8b1b5ebb089c395cad1d62745ecdaa19
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2013-03-10 23:32:06'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - RtlInitUnicodeString
-  - ZwClose
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - MmMapIoSpace
-  - IoDeleteSymbolicLink
-  - IofCompleteRequest
-  - ZwUnmapViewOfSection
-  - MmUnmapIoSpace
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - __C_specific_handler
-  - IoDeleteDevice
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: b418293e25632c5f377bf034bb450e57
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 59080883b71fd56bbf10ec0ae4b6bdd4
-    SHA1: 503a36a225568553cc9b05f63b3506c6ff21e12e
-    SHA256: bc812d4ddc3ecfbf38c4d0d185e368fc58bac6e07f722db032bf6303daa7c946
-  SHA1: 22c905fcdd7964726b4be5e8b5a9781322687a45
-  SHA256: 63af3fdb1e85949c8adccb43f09ca4556ae258b363a99ae599e1e834d34c8670
-  Sections:
-    .text:
-      Entropy: 5.875896928498946
-      Virtual Size: '0x8c4'
-    .rdata:
-      Entropy: 3.077836082863532
-      Virtual Size: '0x110'
-    .data:
-      Entropy: 2.4884950805464947
-      Virtual Size: '0x58'
-    .pdata:
-      Entropy: 2.9223636591016042
-      Virtual Size: '0x54'
-    INIT:
-      Entropy: 4.468159720315432
-      Virtual Size: '0x218'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: OU=Timestamping CA, O=GlobalSign, CN=GlobalSign Timestamping CA
-      ValidFrom: '2009-03-18 11:00:00'
-      ValidTo: '2028-01-28 12:00:00'
-      Signature: 5df6cb2b0d0140849f857a43706ae0c5e7aa0600d76713c9089131654f14a8a905dc389e6aa0300abd8dc78028ee4245ca94f3de5845a9803204f5595c6a70003927944df5b44634e81c5331b2b35416e9cc42abd5d959301cfb462725b88723b1e8758824831ec876377b01494548a4ede25dd27c9ca2dc2dba105a126265abae00c710343bcb72bd14240cdcc37627b4a7fee15829f20e169f91391d89a6e60f1c878ce258ac927e243eaaec14e73a33348bc63bac83ab0f14627aba1a2d4d4b1bc530f00b92797d3c78e0f8e6d215965999392b3061e8b8f8c0a1e9221411787dc4dc89bec0bb94e172aeebb540404fef171e585ed0a88996ac9228e9babf
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012019c19066
-      Version: 3
-      TBS:
-        MD5: 42023b9487cafe46c1b6a49c369a362e
-        SHA1: 7c7b524d269334b9f073c32e888e09544c6acd98
-        SHA256: b7126567833f3daa4085ff41e73112daad3d1e3808a942c1936520e2d6c46c78
-        SHA384: 0ee4f63d6f157ec4f6990c3ebb411ccd76cb1e2123c7f692459e43f96c0da2dbf60a2bce6afeacc60621d3055028baea
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=BE, O=GlobalSign NV, CN=GlobalSign Time Stamping Authority
-      ValidFrom: '2009-12-21 09:32:56'
-      ValidTo: '2020-12-22 09:32:56'
-      Signature: bc89ecfee63655935c79d4117a86808f17b693b26d9b91a1561811c655eaf608edad9b9ef52b81c8bbdd607b1b47991e6d403e1d80c213d58e04052fdbe7ae529e688472a1e54a603cf89bd52f46d8c3b2b79353ac9b6c432424d1f1fce9562e3411581843eaefff34746ca0c06c7fad031969881e9560cabbbd0cbb76efc724b081c63831cf36ad0c38b89020849b2e8f28b99ff6ca9427cdac396157e0e3955a9c769230f5dea6973d721c2a6032a8334d8635338a5cf3a4fdf7062ce16b4b30f5cbd34362f841b9de7d20cb058c8e2cf65f35fd338d42896508362ca389f45a858bb0b97bdb6ccba1f8d20e1bbb977cd12779be9d7c3be6a75634d8c991a9
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 01000000000125b0b4cc01
-      Version: 3
-      TBS:
-        MD5: e3369c8e5aec0504b3a50455f615d9f9
-        SHA1: 13c244a894b40ecd18aaf97c362f20385bd005a7
-        SHA256: 26da721a670c72836926032fee6920118bfb9bff89cc8d0ce30d9452c33f2532
-        SHA384: 1524902f0e25addc6d74039d439366d2b06199e215004fd8e145369f50ea94a021ce6312e8a62b35470da0309ccb975c
-    - Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL CO.,
-        LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL CO.,
-        LTD.
-      ValidFrom: '2011-08-30 06:46:09'
-      ValidTo: '2014-08-30 06:46:09'
-      Signature: 87bf57ab7ffd7e005076b34b14ddd924045ec7e389871661794f1ece1bef10e050893b28236cb650af1415f8cd95e86c2052d93311d73e0bbe6fb1c22ddea438a93c8b18bd4b8c0f81ad07032efb46d406bbaa730dd3ac92cbf0d9cc711a397a0e0320b213a5161e6be83ec69967a712b463129ea56d5a8ecd3ff8901be09dfaa0a0f10e879b307863e1b1c3a3149ac73bc3f3160db7012229b57bced6d47b875878663642a8cddd03da1e7f236b8cf16713a5e0f4c892aaca77a8c7dab41d84567e2bbf09b336a2824e0e18d54d199e6e024d2630bb210cd24a9ef4b377be0429e2ecc9bf8478a8c6a78c686e26f29c95925baee85e4bbb97b6eecffe44a25e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
-      Version: 3
-      TBS:
-        MD5: 3a98a18e8636f2a01e49e2a6d116c360
-        SHA1: a2938150e46525adcec2e3a2348824bc1cf532b2
-        SHA256: 01a2e2d31d0a4f3005753cce5972b5da2a7c08b0750fb6947e0fd231e64ae7ec
-        SHA384: 722398e51e6b5bbe064df372be6b6a9ccfcc9719ad775213cae46920e0a3e6c5a4dc8b912de3148abfc60ff4a59050ea
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 690a0fb27a0c47c785d6bbbfc2e56501
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: a17d227444e090ff69e24fcb6d43162b
-    SHA1: 43d3a3c1f7b14cfcc051cae2534dbbbb4c7fc120
-    SHA256: b8eb26b6f79020ae988e4fb752dc06e1b6779749bf4f8df2872fc2b92bab8020
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2005-05-25 00:39:12'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - RtlInitUnicodeString
-  - ZwClose
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - IoDeleteSymbolicLink
-  - IofCompleteRequest
-  - MmIsAddressValid
-  - ZwUnmapViewOfSection
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - __C_specific_handler
-  - IoDeleteDevice
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: f4b2580cf0477493908b7ed81e4482f8
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: deb9c1e252f598099d70d2b33a313da3
-    SHA1: f0c2801e0091ed6f5e10ea7045e911aa90030290
-    SHA256: 914fb9761d50c3fa2ecf9fbd8af3735f9b8d6c4903e067c8af9546e79b6f22c7
-  SHA1: 57cc324326ab6c4239f8c10d2d1ce8862b2ce4d5
-  SHA256: d7a61c671eab1dfaa62fe1088a85f6d52fb11f2f32a53822a49521ca2c16585e
-  Sections:
-    .text:
-      Entropy: 5.7214393917162045
-      Virtual Size: '0xc74'
-    .rdata:
-      Entropy: 3.4063014058939425
-      Virtual Size: '0x130'
-    .data:
-      Entropy: 2.4884950805464947
-      Virtual Size: '0x58'
-    .pdata:
-      Entropy: 3.1879942043708462
-      Virtual Size: '0x60'
-    INIT:
-      Entropy: 4.4494366822955245
-      Virtual Size: '0x202'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
-        Primary Object Publishing CA
-      ValidFrom: '1999-01-28 12:00:00'
-      ValidTo: '2014-01-27 11:00:00'
-      Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9611cd6
-      Version: 3
-      TBS:
-        MD5: 698f075151097d84c0b1f3e7bc3d6fca
-        SHA1: 041750993d7c9e063f02dfe74699598640911aab
-        SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
-        SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
-    - Subject: C=TW, O=Micro,Star Int'l Co. Ltd., CN=Micro,Star Int'l Co. Ltd.
-      ValidFrom: '2008-08-28 09:49:45'
-      ValidTo: '2011-08-28 09:49:45'
-      Signature: 572df373e9b036711b3cf5ee882e5d75d8d50f012407cf0c1b554ff8f41c7b6477fa0b2ad579f2c1fe7b8b9d7374b690527c219eb979686fb67d0b4cf2885d8d7d1261f05cb72fe4c9f294c52aa05f3e5d1ceb0d77085dbd6af07978032505da666f353283a8982af26985e69c1599479945b591124183574b8a4cc34caa62e31b523dac3fedbd04951b3661399ed34f5c5868d9bbe3295fc09890d9521e1cdcae2ff129f547d4c8ce8aa08616107c555fac60e5b63c14ddfeb6962af3608b75d9c77c69260d8af9775b83afaa15b8ecef6840cb4ee87d451f9042b49735ea40931c0664c8c2bf6a139db6ac5b90edcea63a6bf5b54978f027b1046170d476d0
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0100000000011c08b7f67e
-      Version: 3
-      TBS:
-        MD5: 4566c37f56f951a0ce5b4ae966c0ea9f
-        SHA1: a51cbf2834eb6f8535bc5e44913a9ec979379782
-        SHA256: 88a8e9a799af515b9223e4cdf24d0ef1e72f12124be02786f026a3c26317b417
-        SHA384: d8d8769d5b6a0fe7c56fcde24c735475ee0e5d01c63dbf7690cdae5a3e251818bed42443d0c6424d39e81a19d6c83bdb
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      ValidFrom: '2004-01-22 09:00:00'
-      ValidTo: '2014-01-27 10:00:00'
-      Signature: 3c4a010267edf20a2e736e40252f1dccbc2db652141b27122cf1229e190a89b6ef352a29152b1a88c20f37168d2602d5e93080f608b9939ac0498f332c3035ff4ab9892aa75c38e761a778fe22851a07b4b9edcf21f25ddedff329c5d38d9e14c4285c88e590a300442912b23e759540244a6beee2d0ef862ddf6d741a4f1cc79424c443464f7b81015d23733cd9752e995361565e7ccd13e237d222e570f8a743f6154147fda24702c43651ca545da6cdcad61817533ff1d38e0f0aafda17941657a0991431c90e1611d2c04ca2a25978fbb6b933cff763c9d2c4c84953dd8a59525e7d3b385eed220360ac85cd58325dcdc31c07fa7ef67efbc8ac378be498
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000117ab50b915
-      Version: 3
-      TBS:
-        MD5: 5686b287d716c4d2428b092c4ef30f9c
-        SHA1: 306fb5fbeb3d531510bb4b663c4fd48adc121e14
-        SHA256: 60846fc990e271a707cd2d53d0bb21834a04f7652214aa0c12597ff6649d352d
-        SHA384: 6b37b28ca97b32a31b0fa53b5e961ae0f2d1aae2c5bf46de132e57834ee3968d9af7ad204821f9389cc4e0b5a8481fe8
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 0100000000011c08b7f67e
-      Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      Version: 1
-  Imphash: 543f80399f79401471523d335ea61642
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: a17d227444e090ff69e24fcb6d43162b
-    SHA1: 43d3a3c1f7b14cfcc051cae2534dbbbb4c7fc120
-    SHA256: b8eb26b6f79020ae988e4fb752dc06e1b6779749bf4f8df2872fc2b92bab8020
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2005-05-25 00:39:12'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - RtlInitUnicodeString
-  - ZwClose
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - IoDeleteSymbolicLink
-  - IofCompleteRequest
-  - MmIsAddressValid
-  - ZwUnmapViewOfSection
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - __C_specific_handler
-  - IoDeleteDevice
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: bc5366760098dc14ec00ae36c359f42b
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: deb9c1e252f598099d70d2b33a313da3
-    SHA1: f0c2801e0091ed6f5e10ea7045e911aa90030290
-    SHA256: 914fb9761d50c3fa2ecf9fbd8af3735f9b8d6c4903e067c8af9546e79b6f22c7
-  SHA1: ba3faca988ff56f4850dede2587d5a3eff7c6677
-  SHA256: a10b4ed33a13c08804da8b46fd1b7bd653a6f2bb65668e82086de1940c5bb5d1
-  Sections:
-    .text:
-      Entropy: 5.7214393917162045
-      Virtual Size: '0xc74'
-    .rdata:
-      Entropy: 3.4063014058939425
-      Virtual Size: '0x130'
-    .data:
-      Entropy: 2.4884950805464947
-      Virtual Size: '0x58'
-    .pdata:
-      Entropy: 3.1879942043708462
-      Virtual Size: '0x60'
-    INIT:
-      Entropy: 4.4494366822955245
-      Virtual Size: '0x202'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: CN=GlobalSign RootSign Partners CA, OU=RootSign Partners CA, O=GlobalSign
-        nv,sa, C=BE
-      ValidFrom: '2003-12-16 13:00:00'
-      ValidTo: '2014-01-27 11:00:00'
-      Signature: 5c2f2e674a26b3e7b53f353cdda003ed569af9443752163065c7d14ea20f8db7b6b6678ee74cec8d95bee6cea7227874acd7f87499b3f7ce8b1338d596cc8d76c52f38b23aae61be0b8799e321626423398d84f6858df777ffb03806f07ec1485fb5ee582606660522749283a7dbb5f992e3e8c3192c2e63efbb1fdff9f70747660d0789977ef8332c9ecbae143df11cdfa3f179afc8928f9471c4d144c554db1eb50b0aa942a3afd643391dee8f9398585bbe6e9c0bf563ec5e99c2f954fa010746da0db06424cf8ed1061d4f3ca26377455ba4bc5fb080bb31e00b54015c161d724ed52a6947d11b667e5f016ef135916be02efeb045d81627b5c58bc2da53
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 040000000000f97faa2e1e
-      Version: 3
-      TBS:
-        MD5: 59466cb0c1788b2f251fce3495837102
-        SHA1: c5cfc5f6a131a3a77c3905c9893c99bb1b2baa0b
-        SHA256: eedda02668f7636eeec69429a7164cc47ca3de0539122d37f5b8078df7ee56db
-        SHA384: 982b72c3ee7066ce80ee642444c91adc60e7009fc6ef981a32edf666591d6aedb09d258e10e86f4ef265eae8149bbd92
-    - Subject: O=GlobalSign, CN=GlobalSign Time Stamping Authority, emailAddress=timestampinfo@globalsign.com
-      ValidFrom: '2007-02-05 09:00:00'
-      ValidTo: '2014-01-27 09:00:00'
-      Signature: 649b07caaccc411e37ef6f349cb5e8ca48f9daeafaf7172e5cad193b7311ec5adbfd7b213161c092515bb166b07c64d8fe10b471a8bc9e75379c5f6ff2da0437b8ecc003e256b7785995581d7a7c3e18d74c32bdf91ee723457fdee08d65825b45fd64c66fc3d7ea12411d0c395ef696f8c3cd9e1fff51886976988b8eb42788821ad63c7aabb04eb73ee8d434d2c1a439533cb2747b15373054a6ebb924cc2f084b4364f14aaf8d9ce8546cb2dbdc3bb1c722849f558e72a8b2a8f6f0ff03c996ebab8273dabe45561936fdba6cbc71f0d3c7c376d7e4bce2a1a67200cfbdb200ed92aa39ab09d16e3953862ad43b517398b754e9972d9977ee123e3642257f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000011092eb8295
-      Version: 3
-      TBS:
-        MD5: 11d73a3638fc78e0bac6c459feadcc42
-        SHA1: 6636f7dcf81b370b919966f9063295ec84422f91
-        SHA256: 1eb5fc1d2e3254b1e3c4587a6efed87ee65306525e684b4cfa4b51893cfe86a3
-        SHA384: a13c07e505c79c58654ad2cffe219c6c801fa092c52f18c489a6061420c6475706f11c200f4dadd51718c660e49b3f24
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=US, ST=California, L=Brea, O=EVGA, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=EVGA
-      ValidFrom: '2008-04-16 00:00:00'
-      ValidTo: '2010-04-16 23:59:59'
-      Signature: 13a3b8caa6bd8d63308898b0c92b79574e5d122a3ecba9758ec450b7c8c848ee5bc486db6370a8dfeb4c96c2c25512f7a3e759cc57a4d92f1a44fba15ca0c1156d22c49251b4e6a01bb93e4a62522ee5af4286c759c01c66fa5ce4452a4f112d03560bfa9737a3d0f3008b3cc48f2042b4428643f1efb4b99a34d0545c9934f1a6f35819e469430b74ba475a2135660948131cf24c9b1fb84580a1fd63eb3218d282e4f7caf77f4adbecb51e4b8237937eda0b7fcc20fc2273bf38282ee69ae6730b21c5314bcdc3f2e3a1e6f6c3ccb2139800f69d3f2fadc235080214f1c9b11e6a8f2165a45e15cca3c3542c2bac7225208a84828456d2e93cfe8315b092a1
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 546ea040bf5075ce0a5c01d4c6ded19d
-      Version: 3
-      TBS:
-        MD5: 8f51b4e16b87e1cc89b9d0c997227546
-        SHA1: 8f3cdd2b86ae03653f0612911a2f01a9dca49a22
-        SHA256: c7f57b7287c808d2713aba9e368fe387b5825bfbda1bd1824f374beaa8e30be9
-        SHA384: 70423f071aae83c68149b7fca1181f65fd5ee37b1527bb989c3c6b0af7d78b19930c8b2cb517da35f66294eba8768e37
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 546ea040bf5075ce0a5c01d4c6ded19d
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  Imphash: 543f80399f79401471523d335ea61642
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: a17d227444e090ff69e24fcb6d43162b
-    SHA1: 43d3a3c1f7b14cfcc051cae2534dbbbb4c7fc120
-    SHA256: b8eb26b6f79020ae988e4fb752dc06e1b6779749bf4f8df2872fc2b92bab8020
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2005-05-25 00:39:12'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - RtlInitUnicodeString
-  - ZwClose
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - IoDeleteSymbolicLink
-  - IofCompleteRequest
-  - MmIsAddressValid
-  - ZwUnmapViewOfSection
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - __C_specific_handler
-  - IoDeleteDevice
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: 7c40ec9ed020cc9404de8fe3a5361a09
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: deb9c1e252f598099d70d2b33a313da3
-    SHA1: f0c2801e0091ed6f5e10ea7045e911aa90030290
-    SHA256: 914fb9761d50c3fa2ecf9fbd8af3735f9b8d6c4903e067c8af9546e79b6f22c7
-  SHA1: 3d3b42d7b0af68da01019274e341b03d7c54f752
-  SHA256: e6a2b1937fa277526a1e0ca9f9b32f85ab9cb7cb1a32250dd9c607e93fc2924f
-  Sections:
-    .text:
-      Entropy: 5.7214393917162045
-      Virtual Size: '0xc74'
-    .rdata:
-      Entropy: 3.4063014058939425
-      Virtual Size: '0x130'
-    .data:
-      Entropy: 2.4884950805464947
-      Virtual Size: '0x58'
-    .pdata:
-      Entropy: 3.1879942043708462
-      Virtual Size: '0x60'
-    INIT:
-      Entropy: 4.4494366822955245
-      Virtual Size: '0x202'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: CN=GlobalSign RootSign Partners CA, OU=RootSign Partners CA, O=GlobalSign
-        nv,sa, C=BE
-      ValidFrom: '2003-12-16 13:00:00'
-      ValidTo: '2014-01-27 11:00:00'
-      Signature: 5c2f2e674a26b3e7b53f353cdda003ed569af9443752163065c7d14ea20f8db7b6b6678ee74cec8d95bee6cea7227874acd7f87499b3f7ce8b1338d596cc8d76c52f38b23aae61be0b8799e321626423398d84f6858df777ffb03806f07ec1485fb5ee582606660522749283a7dbb5f992e3e8c3192c2e63efbb1fdff9f70747660d0789977ef8332c9ecbae143df11cdfa3f179afc8928f9471c4d144c554db1eb50b0aa942a3afd643391dee8f9398585bbe6e9c0bf563ec5e99c2f954fa010746da0db06424cf8ed1061d4f3ca26377455ba4bc5fb080bb31e00b54015c161d724ed52a6947d11b667e5f016ef135916be02efeb045d81627b5c58bc2da53
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 040000000000f97faa2e1e
-      Version: 3
-      TBS:
-        MD5: 59466cb0c1788b2f251fce3495837102
-        SHA1: c5cfc5f6a131a3a77c3905c9893c99bb1b2baa0b
-        SHA256: eedda02668f7636eeec69429a7164cc47ca3de0539122d37f5b8078df7ee56db
-        SHA384: 982b72c3ee7066ce80ee642444c91adc60e7009fc6ef981a32edf666591d6aedb09d258e10e86f4ef265eae8149bbd92
-    - Subject: O=GlobalSign, CN=GlobalSign Time Stamping Authority, emailAddress=timestampinfo@globalsign.com
-      ValidFrom: '2007-02-05 09:00:00'
-      ValidTo: '2014-01-27 09:00:00'
-      Signature: 649b07caaccc411e37ef6f349cb5e8ca48f9daeafaf7172e5cad193b7311ec5adbfd7b213161c092515bb166b07c64d8fe10b471a8bc9e75379c5f6ff2da0437b8ecc003e256b7785995581d7a7c3e18d74c32bdf91ee723457fdee08d65825b45fd64c66fc3d7ea12411d0c395ef696f8c3cd9e1fff51886976988b8eb42788821ad63c7aabb04eb73ee8d434d2c1a439533cb2747b15373054a6ebb924cc2f084b4364f14aaf8d9ce8546cb2dbdc3bb1c722849f558e72a8b2a8f6f0ff03c996ebab8273dabe45561936fdba6cbc71f0d3c7c376d7e4bce2a1a67200cfbdb200ed92aa39ab09d16e3953862ad43b517398b754e9972d9977ee123e3642257f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000011092eb8295
-      Version: 3
-      TBS:
-        MD5: 11d73a3638fc78e0bac6c459feadcc42
-        SHA1: 6636f7dcf81b370b919966f9063295ec84422f91
-        SHA256: 1eb5fc1d2e3254b1e3c4587a6efed87ee65306525e684b4cfa4b51893cfe86a3
-        SHA384: a13c07e505c79c58654ad2cffe219c6c801fa092c52f18c489a6061420c6475706f11c200f4dadd51718c660e49b3f24
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=US, ST=California, L=Brea, O=EVGA, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=EVGA
-      ValidFrom: '2008-04-16 00:00:00'
-      ValidTo: '2010-04-16 23:59:59'
-      Signature: 13a3b8caa6bd8d63308898b0c92b79574e5d122a3ecba9758ec450b7c8c848ee5bc486db6370a8dfeb4c96c2c25512f7a3e759cc57a4d92f1a44fba15ca0c1156d22c49251b4e6a01bb93e4a62522ee5af4286c759c01c66fa5ce4452a4f112d03560bfa9737a3d0f3008b3cc48f2042b4428643f1efb4b99a34d0545c9934f1a6f35819e469430b74ba475a2135660948131cf24c9b1fb84580a1fd63eb3218d282e4f7caf77f4adbecb51e4b8237937eda0b7fcc20fc2273bf38282ee69ae6730b21c5314bcdc3f2e3a1e6f6c3ccb2139800f69d3f2fadc235080214f1c9b11e6a8f2165a45e15cca3c3542c2bac7225208a84828456d2e93cfe8315b092a1
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 546ea040bf5075ce0a5c01d4c6ded19d
-      Version: 3
-      TBS:
-        MD5: 8f51b4e16b87e1cc89b9d0c997227546
-        SHA1: 8f3cdd2b86ae03653f0612911a2f01a9dca49a22
-        SHA256: c7f57b7287c808d2713aba9e368fe387b5825bfbda1bd1824f374beaa8e30be9
-        SHA384: 70423f071aae83c68149b7fca1181f65fd5ee37b1527bb989c3c6b0af7d78b19930c8b2cb517da35f66294eba8768e37
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 546ea040bf5075ce0a5c01d4c6ded19d
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  Imphash: 543f80399f79401471523d335ea61642
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: a17d227444e090ff69e24fcb6d43162b
-    SHA1: 43d3a3c1f7b14cfcc051cae2534dbbbb4c7fc120
-    SHA256: b8eb26b6f79020ae988e4fb752dc06e1b6779749bf4f8df2872fc2b92bab8020
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2005-05-25 00:39:12'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - RtlInitUnicodeString
-  - ZwClose
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - IoDeleteSymbolicLink
-  - IofCompleteRequest
-  - MmIsAddressValid
-  - ZwUnmapViewOfSection
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - __C_specific_handler
-  - IoDeleteDevice
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: b971b79bdca77e8755e615909a1c7a9f
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: deb9c1e252f598099d70d2b33a313da3
-    SHA1: f0c2801e0091ed6f5e10ea7045e911aa90030290
-    SHA256: 914fb9761d50c3fa2ecf9fbd8af3735f9b8d6c4903e067c8af9546e79b6f22c7
-  SHA1: 398e8209e5c5fdcb6c287c5f9561e91887caca7d
-  SHA256: 5da0ffe33987f8d5fb9c151f0eff29b99f42233b27efcad596add27bdc5c88ff
-  Sections:
-    .text:
-      Entropy: 5.7214393917162045
-      Virtual Size: '0xc74'
-    .rdata:
-      Entropy: 3.4063014058939425
-      Virtual Size: '0x130'
-    .data:
-      Entropy: 2.4884950805464947
-      Virtual Size: '0x58'
-    .pdata:
-      Entropy: 3.1879942043708462
-      Virtual Size: '0x60'
-    INIT:
-      Entropy: 4.4494366822955245
-      Virtual Size: '0x202'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: OU=Timestamping CA, O=GlobalSign, CN=GlobalSign Timestamping CA
-      ValidFrom: '2009-03-18 11:00:00'
-      ValidTo: '2028-01-28 12:00:00'
-      Signature: 5df6cb2b0d0140849f857a43706ae0c5e7aa0600d76713c9089131654f14a8a905dc389e6aa0300abd8dc78028ee4245ca94f3de5845a9803204f5595c6a70003927944df5b44634e81c5331b2b35416e9cc42abd5d959301cfb462725b88723b1e8758824831ec876377b01494548a4ede25dd27c9ca2dc2dba105a126265abae00c710343bcb72bd14240cdcc37627b4a7fee15829f20e169f91391d89a6e60f1c878ce258ac927e243eaaec14e73a33348bc63bac83ab0f14627aba1a2d4d4b1bc530f00b92797d3c78e0f8e6d215965999392b3061e8b8f8c0a1e9221411787dc4dc89bec0bb94e172aeebb540404fef171e585ed0a88996ac9228e9babf
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012019c19066
-      Version: 3
-      TBS:
-        MD5: 42023b9487cafe46c1b6a49c369a362e
-        SHA1: 7c7b524d269334b9f073c32e888e09544c6acd98
-        SHA256: b7126567833f3daa4085ff41e73112daad3d1e3808a942c1936520e2d6c46c78
-        SHA384: 0ee4f63d6f157ec4f6990c3ebb411ccd76cb1e2123c7f692459e43f96c0da2dbf60a2bce6afeacc60621d3055028baea
-    - Subject: C=BE, O=GlobalSign NV, CN=GlobalSign Time Stamping Authority
-      ValidFrom: '2009-12-21 09:32:56'
-      ValidTo: '2020-12-22 09:32:56'
-      Signature: bc89ecfee63655935c79d4117a86808f17b693b26d9b91a1561811c655eaf608edad9b9ef52b81c8bbdd607b1b47991e6d403e1d80c213d58e04052fdbe7ae529e688472a1e54a603cf89bd52f46d8c3b2b79353ac9b6c432424d1f1fce9562e3411581843eaefff34746ca0c06c7fad031969881e9560cabbbd0cbb76efc724b081c63831cf36ad0c38b89020849b2e8f28b99ff6ca9427cdac396157e0e3955a9c769230f5dea6973d721c2a6032a8334d8635338a5cf3a4fdf7062ce16b4b30f5cbd34362f841b9de7d20cb058c8e2cf65f35fd338d42896508362ca389f45a858bb0b97bdb6ccba1f8d20e1bbb977cd12779be9d7c3be6a75634d8c991a9
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 01000000000125b0b4cc01
-      Version: 3
-      TBS:
-        MD5: e3369c8e5aec0504b3a50455f615d9f9
-        SHA1: 13c244a894b40ecd18aaf97c362f20385bd005a7
-        SHA256: 26da721a670c72836926032fee6920118bfb9bff89cc8d0ce30d9452c33f2532
-        SHA384: 1524902f0e25addc6d74039d439366d2b06199e215004fd8e145369f50ea94a021ce6312e8a62b35470da0309ccb975c
-    - Subject: C=US, ST=California, L=Brea, O=EVGA, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=EVGA
-      ValidFrom: '2010-04-14 00:00:00'
-      ValidTo: '2012-04-15 23:59:59'
-      Signature: ba96817224593697c9135d803c5fc87767f2a7ed8fa0aa18eab4030a3daed18c55fb7eda8835d0488d18136c0db39d8edf3224790842cdf8580b35324631de717e9279d28d605285615341aeea10a73005d59cbe3138bebfa5003cbcf2971249423d820d6d252a18bf4dd124a1ac0c2f66015cbb23690e1b0fb9d5ce3f047663f1fb6735e54f09cfb6162da298bdc956490586cfdadee74a5766c187223e19112d22f59c7f3f325449afebc42689ec4c9399bd0d97397c37230804a4e5bc17e904008aa9c5972e2332302e57648006d057c9ed8c6384fb42d138971c86079b155c202733b837b3eef122c866ce3e6d8a8d9f1685e618cc2466d623d212b73df6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 79c32d7ddd2458cf2eabe5b1b5c5290f
-      Version: 3
-      TBS:
-        MD5: 5ba772ec00357ae706016510775c7a00
-        SHA1: eeb31b244ea14abae1e947ecdca0d6ae4720031b
-        SHA256: c8e707c2615c26ac78ed06b42dd20bc8ff82bc5e02ddafe2c9af85755097691b
-        SHA384: a1d6af64a5eb3841d632438119fc954354caf3ccea61b69003a7fc9da166a9c653dc0359be2ae2463bffb7b53b0911ac
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 79c32d7ddd2458cf2eabe5b1b5c5290f
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  Imphash: 543f80399f79401471523d335ea61642
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 936e49d3eec0a2f433e9d0115a38a2b6
-    SHA1: 5717bf3e520accfff5ad9943e53a3b118fb67f2e
-    SHA256: 918d2e68a724b58d37443aea159e70bf8b1b5ebb089c395cad1d62745ecdaa19
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2013-03-10 23:32:06'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - RtlInitUnicodeString
-  - ZwClose
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - MmMapIoSpace
-  - IoDeleteSymbolicLink
-  - IofCompleteRequest
-  - ZwUnmapViewOfSection
-  - MmUnmapIoSpace
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - __C_specific_handler
-  - IoDeleteDevice
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: 96c850e53caca0469e1c4604e6c1aad1
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 59080883b71fd56bbf10ec0ae4b6bdd4
-    SHA1: 503a36a225568553cc9b05f63b3506c6ff21e12e
-    SHA256: bc812d4ddc3ecfbf38c4d0d185e368fc58bac6e07f722db032bf6303daa7c946
-  SHA1: dbf3abdc85d6a0801c4af4cd1b77c44d5f57b03e
-  SHA256: 4eb1b9f3fe3c79f20c9cdeba92f6d6eb9b9ed15b546851e1f5338c0b7d36364b
-  Sections:
-    .text:
-      Entropy: 5.875896928498946
-      Virtual Size: '0x8c4'
-    .rdata:
-      Entropy: 3.077836082863532
-      Virtual Size: '0x110'
-    .data:
-      Entropy: 2.4884950805464947
-      Virtual Size: '0x58'
-    .pdata:
-      Entropy: 2.9223636591016042
-      Virtual Size: '0x54'
-    INIT:
-      Entropy: 4.468159720315432
-      Virtual Size: '0x218'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: OU=Timestamping CA, O=GlobalSign, CN=GlobalSign Timestamping CA
-      ValidFrom: '2009-03-18 11:00:00'
-      ValidTo: '2028-01-28 12:00:00'
-      Signature: 5df6cb2b0d0140849f857a43706ae0c5e7aa0600d76713c9089131654f14a8a905dc389e6aa0300abd8dc78028ee4245ca94f3de5845a9803204f5595c6a70003927944df5b44634e81c5331b2b35416e9cc42abd5d959301cfb462725b88723b1e8758824831ec876377b01494548a4ede25dd27c9ca2dc2dba105a126265abae00c710343bcb72bd14240cdcc37627b4a7fee15829f20e169f91391d89a6e60f1c878ce258ac927e243eaaec14e73a33348bc63bac83ab0f14627aba1a2d4d4b1bc530f00b92797d3c78e0f8e6d215965999392b3061e8b8f8c0a1e9221411787dc4dc89bec0bb94e172aeebb540404fef171e585ed0a88996ac9228e9babf
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012019c19066
-      Version: 3
-      TBS:
-        MD5: 42023b9487cafe46c1b6a49c369a362e
-        SHA1: 7c7b524d269334b9f073c32e888e09544c6acd98
-        SHA256: b7126567833f3daa4085ff41e73112daad3d1e3808a942c1936520e2d6c46c78
-        SHA384: 0ee4f63d6f157ec4f6990c3ebb411ccd76cb1e2123c7f692459e43f96c0da2dbf60a2bce6afeacc60621d3055028baea
-    - Subject: C=BE, O=GlobalSign NV, CN=GlobalSign Time Stamping Authority
-      ValidFrom: '2009-12-21 09:32:56'
-      ValidTo: '2020-12-22 09:32:56'
-      Signature: bc89ecfee63655935c79d4117a86808f17b693b26d9b91a1561811c655eaf608edad9b9ef52b81c8bbdd607b1b47991e6d403e1d80c213d58e04052fdbe7ae529e688472a1e54a603cf89bd52f46d8c3b2b79353ac9b6c432424d1f1fce9562e3411581843eaefff34746ca0c06c7fad031969881e9560cabbbd0cbb76efc724b081c63831cf36ad0c38b89020849b2e8f28b99ff6ca9427cdac396157e0e3955a9c769230f5dea6973d721c2a6032a8334d8635338a5cf3a4fdf7062ce16b4b30f5cbd34362f841b9de7d20cb058c8e2cf65f35fd338d42896508362ca389f45a858bb0b97bdb6ccba1f8d20e1bbb977cd12779be9d7c3be6a75634d8c991a9
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 01000000000125b0b4cc01
-      Version: 3
-      TBS:
-        MD5: e3369c8e5aec0504b3a50455f615d9f9
-        SHA1: 13c244a894b40ecd18aaf97c362f20385bd005a7
-        SHA256: 26da721a670c72836926032fee6920118bfb9bff89cc8d0ce30d9452c33f2532
-        SHA384: 1524902f0e25addc6d74039d439366d2b06199e215004fd8e145369f50ea94a021ce6312e8a62b35470da0309ccb975c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=US, ST=California, L=Brea, O=EVGA, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=EVGA
-      ValidFrom: '2012-02-29 00:00:00'
-      ValidTo: '2014-04-15 23:59:59'
-      Signature: d77d9dbdeea6d42d15335f0b16117963e49d39b89af081160a467824968e611f0947648a83375d1380acca6cbe1117f488b428bcab943b20dad29e72dd48e7d01b080b12c444727bba415a098799abd5e5673dd7eda91787920c3cc53aac068e0a3d1faef713c14f7ec6f68f69a33340b70e81083db2ce1daf45592063235d05232a1d3d8052fc3f102b2b71e1c46275eff3d4a2dc5ee0d5d727d180da205055a3709a32ad6bd11317b1f109e7c5eca18c8293c937ba6f76278bc306c10f0f1bc865cedcf2c2331e7a7f5c0bcfab91786b8ff848d8ef9c59937ddb94f6369884162148f882e7d0c4343538ad23aeb6ab3db0f6d125a8e2fe3889e40ed66bc66a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 26d7f5563eb3e42a81f7c715fcd2799d
-      Version: 3
-      TBS:
-        MD5: e994671d8d440b7739cdd9775bbca72f
-        SHA1: ea9446b39b968aa6953e1bf74a36435759b3d2e3
-        SHA256: 37a9886a67c19d644c74505801f947d3b2756a5540cbd89a0c8d500511cb838d
-        SHA384: 41d34e73f1b002f885c80004e3c366299392258ce5ba880150875ed8811ebc9913dc34cdf7c9800a8303dd512207787c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 26d7f5563eb3e42a81f7c715fcd2799d
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 690a0fb27a0c47c785d6bbbfc2e56501
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: a17d227444e090ff69e24fcb6d43162b
-    SHA1: 43d3a3c1f7b14cfcc051cae2534dbbbb4c7fc120
-    SHA256: b8eb26b6f79020ae988e4fb752dc06e1b6779749bf4f8df2872fc2b92bab8020
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2005-05-25 00:39:12'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - RtlInitUnicodeString
-  - ZwClose
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - IoDeleteSymbolicLink
-  - IofCompleteRequest
-  - MmIsAddressValid
-  - ZwUnmapViewOfSection
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - __C_specific_handler
-  - IoDeleteDevice
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: cb22776d06f1e81cc87faeb0245acde8
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: deb9c1e252f598099d70d2b33a313da3
-    SHA1: f0c2801e0091ed6f5e10ea7045e911aa90030290
-    SHA256: 914fb9761d50c3fa2ecf9fbd8af3735f9b8d6c4903e067c8af9546e79b6f22c7
-  SHA1: 8347487b32b993da87275e3d44ff3683c8130d33
-  SHA256: a6c05b10a5c090b743a61fa225b09e390e2dd2bd6cb4fd96b987f1e0d3f2124a
-  Sections:
-    .text:
-      Entropy: 5.7214393917162045
-      Virtual Size: '0xc74'
-    .rdata:
-      Entropy: 3.4063014058939425
-      Virtual Size: '0x130'
-    .data:
-      Entropy: 2.4884950805464947
-      Virtual Size: '0x58'
-    .pdata:
-      Entropy: 3.1879942043708462
-      Virtual Size: '0x60'
-    INIT:
-      Entropy: 4.4494366822955245
-      Virtual Size: '0x202'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: CN=GlobalSign RootSign Partners CA, OU=RootSign Partners CA, O=GlobalSign
-        nv,sa, C=BE
-      ValidFrom: '2003-12-16 13:00:00'
-      ValidTo: '2014-01-27 11:00:00'
-      Signature: 5c2f2e674a26b3e7b53f353cdda003ed569af9443752163065c7d14ea20f8db7b6b6678ee74cec8d95bee6cea7227874acd7f87499b3f7ce8b1338d596cc8d76c52f38b23aae61be0b8799e321626423398d84f6858df777ffb03806f07ec1485fb5ee582606660522749283a7dbb5f992e3e8c3192c2e63efbb1fdff9f70747660d0789977ef8332c9ecbae143df11cdfa3f179afc8928f9471c4d144c554db1eb50b0aa942a3afd643391dee8f9398585bbe6e9c0bf563ec5e99c2f954fa010746da0db06424cf8ed1061d4f3ca26377455ba4bc5fb080bb31e00b54015c161d724ed52a6947d11b667e5f016ef135916be02efeb045d81627b5c58bc2da53
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 040000000000f97faa2e1e
-      Version: 3
-      TBS:
-        MD5: 59466cb0c1788b2f251fce3495837102
-        SHA1: c5cfc5f6a131a3a77c3905c9893c99bb1b2baa0b
-        SHA256: eedda02668f7636eeec69429a7164cc47ca3de0539122d37f5b8078df7ee56db
-        SHA384: 982b72c3ee7066ce80ee642444c91adc60e7009fc6ef981a32edf666591d6aedb09d258e10e86f4ef265eae8149bbd92
-    - Subject: O=GlobalSign, CN=GlobalSign Time Stamping Authority, emailAddress=timestampinfo@globalsign.com
-      ValidFrom: '2007-02-05 09:00:00'
-      ValidTo: '2014-01-27 09:00:00'
-      Signature: 649b07caaccc411e37ef6f349cb5e8ca48f9daeafaf7172e5cad193b7311ec5adbfd7b213161c092515bb166b07c64d8fe10b471a8bc9e75379c5f6ff2da0437b8ecc003e256b7785995581d7a7c3e18d74c32bdf91ee723457fdee08d65825b45fd64c66fc3d7ea12411d0c395ef696f8c3cd9e1fff51886976988b8eb42788821ad63c7aabb04eb73ee8d434d2c1a439533cb2747b15373054a6ebb924cc2f084b4364f14aaf8d9ce8546cb2dbdc3bb1c722849f558e72a8b2a8f6f0ff03c996ebab8273dabe45561936fdba6cbc71f0d3c7c376d7e4bce2a1a67200cfbdb200ed92aa39ab09d16e3953862ad43b517398b754e9972d9977ee123e3642257f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000011092eb8295
-      Version: 3
-      TBS:
-        MD5: 11d73a3638fc78e0bac6c459feadcc42
-        SHA1: 6636f7dcf81b370b919966f9063295ec84422f91
-        SHA256: 1eb5fc1d2e3254b1e3c4587a6efed87ee65306525e684b4cfa4b51893cfe86a3
-        SHA384: a13c07e505c79c58654ad2cffe219c6c801fa092c52f18c489a6061420c6475706f11c200f4dadd51718c660e49b3f24
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=US, ST=California, L=Brea, O=EVGA, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=EVGA
-      ValidFrom: '2008-04-16 00:00:00'
-      ValidTo: '2010-04-16 23:59:59'
-      Signature: 13a3b8caa6bd8d63308898b0c92b79574e5d122a3ecba9758ec450b7c8c848ee5bc486db6370a8dfeb4c96c2c25512f7a3e759cc57a4d92f1a44fba15ca0c1156d22c49251b4e6a01bb93e4a62522ee5af4286c759c01c66fa5ce4452a4f112d03560bfa9737a3d0f3008b3cc48f2042b4428643f1efb4b99a34d0545c9934f1a6f35819e469430b74ba475a2135660948131cf24c9b1fb84580a1fd63eb3218d282e4f7caf77f4adbecb51e4b8237937eda0b7fcc20fc2273bf38282ee69ae6730b21c5314bcdc3f2e3a1e6f6c3ccb2139800f69d3f2fadc235080214f1c9b11e6a8f2165a45e15cca3c3542c2bac7225208a84828456d2e93cfe8315b092a1
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 546ea040bf5075ce0a5c01d4c6ded19d
-      Version: 3
-      TBS:
-        MD5: 8f51b4e16b87e1cc89b9d0c997227546
-        SHA1: 8f3cdd2b86ae03653f0612911a2f01a9dca49a22
-        SHA256: c7f57b7287c808d2713aba9e368fe387b5825bfbda1bd1824f374beaa8e30be9
-        SHA384: 70423f071aae83c68149b7fca1181f65fd5ee37b1527bb989c3c6b0af7d78b19930c8b2cb517da35f66294eba8768e37
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 546ea040bf5075ce0a5c01d4c6ded19d
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  Imphash: 543f80399f79401471523d335ea61642
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 936e49d3eec0a2f433e9d0115a38a2b6
-    SHA1: 5717bf3e520accfff5ad9943e53a3b118fb67f2e
-    SHA256: 918d2e68a724b58d37443aea159e70bf8b1b5ebb089c395cad1d62745ecdaa19
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2013-03-10 23:32:06'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - RtlInitUnicodeString
-  - ZwClose
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - MmMapIoSpace
-  - IoDeleteSymbolicLink
-  - IofCompleteRequest
-  - ZwUnmapViewOfSection
-  - MmUnmapIoSpace
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - __C_specific_handler
-  - IoDeleteDevice
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: 1440c0da81c700bd61142bc569477d81
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 59080883b71fd56bbf10ec0ae4b6bdd4
-    SHA1: 503a36a225568553cc9b05f63b3506c6ff21e12e
-    SHA256: bc812d4ddc3ecfbf38c4d0d185e368fc58bac6e07f722db032bf6303daa7c946
-  SHA1: 4a2bb97d395634b67194856d79a1ee5209aa06a7
-  SHA256: 7fc01f25c4c18a6c539cda38fdbf34b2ff02a15ffd1d93a7215e1f48f76fb3be
-  Sections:
-    .text:
-      Entropy: 5.875896928498946
-      Virtual Size: '0x8c4'
-    .rdata:
-      Entropy: 3.077836082863532
-      Virtual Size: '0x110'
-    .data:
-      Entropy: 2.4884950805464947
-      Virtual Size: '0x58'
-    .pdata:
-      Entropy: 2.9223636591016042
-      Virtual Size: '0x54'
-    INIT:
-      Entropy: 4.468159720315432
-      Virtual Size: '0x218'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: OU=Timestamping CA, O=GlobalSign, CN=GlobalSign Timestamping CA
-      ValidFrom: '2009-03-18 11:00:00'
-      ValidTo: '2028-01-28 12:00:00'
-      Signature: 5df6cb2b0d0140849f857a43706ae0c5e7aa0600d76713c9089131654f14a8a905dc389e6aa0300abd8dc78028ee4245ca94f3de5845a9803204f5595c6a70003927944df5b44634e81c5331b2b35416e9cc42abd5d959301cfb462725b88723b1e8758824831ec876377b01494548a4ede25dd27c9ca2dc2dba105a126265abae00c710343bcb72bd14240cdcc37627b4a7fee15829f20e169f91391d89a6e60f1c878ce258ac927e243eaaec14e73a33348bc63bac83ab0f14627aba1a2d4d4b1bc530f00b92797d3c78e0f8e6d215965999392b3061e8b8f8c0a1e9221411787dc4dc89bec0bb94e172aeebb540404fef171e585ed0a88996ac9228e9babf
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012019c19066
-      Version: 3
-      TBS:
-        MD5: 42023b9487cafe46c1b6a49c369a362e
-        SHA1: 7c7b524d269334b9f073c32e888e09544c6acd98
-        SHA256: b7126567833f3daa4085ff41e73112daad3d1e3808a942c1936520e2d6c46c78
-        SHA384: 0ee4f63d6f157ec4f6990c3ebb411ccd76cb1e2123c7f692459e43f96c0da2dbf60a2bce6afeacc60621d3055028baea
-    - Subject: C=BE, O=GlobalSign NV, CN=GlobalSign Time Stamping Authority
-      ValidFrom: '2009-12-21 09:32:56'
-      ValidTo: '2020-12-22 09:32:56'
-      Signature: bc89ecfee63655935c79d4117a86808f17b693b26d9b91a1561811c655eaf608edad9b9ef52b81c8bbdd607b1b47991e6d403e1d80c213d58e04052fdbe7ae529e688472a1e54a603cf89bd52f46d8c3b2b79353ac9b6c432424d1f1fce9562e3411581843eaefff34746ca0c06c7fad031969881e9560cabbbd0cbb76efc724b081c63831cf36ad0c38b89020849b2e8f28b99ff6ca9427cdac396157e0e3955a9c769230f5dea6973d721c2a6032a8334d8635338a5cf3a4fdf7062ce16b4b30f5cbd34362f841b9de7d20cb058c8e2cf65f35fd338d42896508362ca389f45a858bb0b97bdb6ccba1f8d20e1bbb977cd12779be9d7c3be6a75634d8c991a9
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 01000000000125b0b4cc01
-      Version: 3
-      TBS:
-        MD5: e3369c8e5aec0504b3a50455f615d9f9
-        SHA1: 13c244a894b40ecd18aaf97c362f20385bd005a7
-        SHA256: 26da721a670c72836926032fee6920118bfb9bff89cc8d0ce30d9452c33f2532
-        SHA384: 1524902f0e25addc6d74039d439366d2b06199e215004fd8e145369f50ea94a021ce6312e8a62b35470da0309ccb975c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=US, ST=California, L=Brea, O=EVGA, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=EVGA
-      ValidFrom: '2012-02-29 00:00:00'
-      ValidTo: '2014-04-15 23:59:59'
-      Signature: d77d9dbdeea6d42d15335f0b16117963e49d39b89af081160a467824968e611f0947648a83375d1380acca6cbe1117f488b428bcab943b20dad29e72dd48e7d01b080b12c444727bba415a098799abd5e5673dd7eda91787920c3cc53aac068e0a3d1faef713c14f7ec6f68f69a33340b70e81083db2ce1daf45592063235d05232a1d3d8052fc3f102b2b71e1c46275eff3d4a2dc5ee0d5d727d180da205055a3709a32ad6bd11317b1f109e7c5eca18c8293c937ba6f76278bc306c10f0f1bc865cedcf2c2331e7a7f5c0bcfab91786b8ff848d8ef9c59937ddb94f6369884162148f882e7d0c4343538ad23aeb6ab3db0f6d125a8e2fe3889e40ed66bc66a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 26d7f5563eb3e42a81f7c715fcd2799d
-      Version: 3
-      TBS:
-        MD5: e994671d8d440b7739cdd9775bbca72f
-        SHA1: ea9446b39b968aa6953e1bf74a36435759b3d2e3
-        SHA256: 37a9886a67c19d644c74505801f947d3b2756a5540cbd89a0c8d500511cb838d
-        SHA384: 41d34e73f1b002f885c80004e3c366299392258ce5ba880150875ed8811ebc9913dc34cdf7c9800a8303dd512207787c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 26d7f5563eb3e42a81f7c715fcd2799d
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 690a0fb27a0c47c785d6bbbfc2e56501
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: a17d227444e090ff69e24fcb6d43162b
-    SHA1: 43d3a3c1f7b14cfcc051cae2534dbbbb4c7fc120
-    SHA256: b8eb26b6f79020ae988e4fb752dc06e1b6779749bf4f8df2872fc2b92bab8020
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2005-05-25 00:39:12'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - RtlInitUnicodeString
-  - ZwClose
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - IoDeleteSymbolicLink
-  - IofCompleteRequest
-  - MmIsAddressValid
-  - ZwUnmapViewOfSection
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - __C_specific_handler
-  - IoDeleteDevice
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: 70c2c29643ee1edd3bbcd2ef1ffc9a73
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: deb9c1e252f598099d70d2b33a313da3
-    SHA1: f0c2801e0091ed6f5e10ea7045e911aa90030290
-    SHA256: 914fb9761d50c3fa2ecf9fbd8af3735f9b8d6c4903e067c8af9546e79b6f22c7
-  SHA1: 62244c704b0f227444d3a515ea0dc1003418a028
-  SHA256: 67cd6166d791bdf74453e19c015b2cb1e85e41892c04580034b65f9f03fe2e79
-  Sections:
-    .text:
-      Entropy: 5.7214393917162045
-      Virtual Size: '0xc74'
-    .rdata:
-      Entropy: 3.4063014058939425
-      Virtual Size: '0x130'
-    .data:
-      Entropy: 2.4884950805464947
-      Virtual Size: '0x58'
-    .pdata:
-      Entropy: 3.1879942043708462
-      Virtual Size: '0x60'
-    INIT:
-      Entropy: 4.4494366822955245
-      Virtual Size: '0x202'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: OU=Timestamping CA, O=GlobalSign, CN=GlobalSign Timestamping CA
-      ValidFrom: '2009-03-18 11:00:00'
-      ValidTo: '2028-01-28 12:00:00'
-      Signature: 5df6cb2b0d0140849f857a43706ae0c5e7aa0600d76713c9089131654f14a8a905dc389e6aa0300abd8dc78028ee4245ca94f3de5845a9803204f5595c6a70003927944df5b44634e81c5331b2b35416e9cc42abd5d959301cfb462725b88723b1e8758824831ec876377b01494548a4ede25dd27c9ca2dc2dba105a126265abae00c710343bcb72bd14240cdcc37627b4a7fee15829f20e169f91391d89a6e60f1c878ce258ac927e243eaaec14e73a33348bc63bac83ab0f14627aba1a2d4d4b1bc530f00b92797d3c78e0f8e6d215965999392b3061e8b8f8c0a1e9221411787dc4dc89bec0bb94e172aeebb540404fef171e585ed0a88996ac9228e9babf
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012019c19066
-      Version: 3
-      TBS:
-        MD5: 42023b9487cafe46c1b6a49c369a362e
-        SHA1: 7c7b524d269334b9f073c32e888e09544c6acd98
-        SHA256: b7126567833f3daa4085ff41e73112daad3d1e3808a942c1936520e2d6c46c78
-        SHA384: 0ee4f63d6f157ec4f6990c3ebb411ccd76cb1e2123c7f692459e43f96c0da2dbf60a2bce6afeacc60621d3055028baea
-    - Subject: C=BE, O=GlobalSign NV, CN=GlobalSign Time Stamping Authority
-      ValidFrom: '2009-12-21 09:32:56'
-      ValidTo: '2020-12-22 09:32:56'
-      Signature: bc89ecfee63655935c79d4117a86808f17b693b26d9b91a1561811c655eaf608edad9b9ef52b81c8bbdd607b1b47991e6d403e1d80c213d58e04052fdbe7ae529e688472a1e54a603cf89bd52f46d8c3b2b79353ac9b6c432424d1f1fce9562e3411581843eaefff34746ca0c06c7fad031969881e9560cabbbd0cbb76efc724b081c63831cf36ad0c38b89020849b2e8f28b99ff6ca9427cdac396157e0e3955a9c769230f5dea6973d721c2a6032a8334d8635338a5cf3a4fdf7062ce16b4b30f5cbd34362f841b9de7d20cb058c8e2cf65f35fd338d42896508362ca389f45a858bb0b97bdb6ccba1f8d20e1bbb977cd12779be9d7c3be6a75634d8c991a9
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 01000000000125b0b4cc01
-      Version: 3
-      TBS:
-        MD5: e3369c8e5aec0504b3a50455f615d9f9
-        SHA1: 13c244a894b40ecd18aaf97c362f20385bd005a7
-        SHA256: 26da721a670c72836926032fee6920118bfb9bff89cc8d0ce30d9452c33f2532
-        SHA384: 1524902f0e25addc6d74039d439366d2b06199e215004fd8e145369f50ea94a021ce6312e8a62b35470da0309ccb975c
-    - Subject: C=US, ST=California, L=Brea, O=EVGA, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=EVGA
-      ValidFrom: '2010-04-14 00:00:00'
-      ValidTo: '2012-04-15 23:59:59'
-      Signature: ba96817224593697c9135d803c5fc87767f2a7ed8fa0aa18eab4030a3daed18c55fb7eda8835d0488d18136c0db39d8edf3224790842cdf8580b35324631de717e9279d28d605285615341aeea10a73005d59cbe3138bebfa5003cbcf2971249423d820d6d252a18bf4dd124a1ac0c2f66015cbb23690e1b0fb9d5ce3f047663f1fb6735e54f09cfb6162da298bdc956490586cfdadee74a5766c187223e19112d22f59c7f3f325449afebc42689ec4c9399bd0d97397c37230804a4e5bc17e904008aa9c5972e2332302e57648006d057c9ed8c6384fb42d138971c86079b155c202733b837b3eef122c866ce3e6d8a8d9f1685e618cc2466d623d212b73df6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 79c32d7ddd2458cf2eabe5b1b5c5290f
-      Version: 3
-      TBS:
-        MD5: 5ba772ec00357ae706016510775c7a00
-        SHA1: eeb31b244ea14abae1e947ecdca0d6ae4720031b
-        SHA256: c8e707c2615c26ac78ed06b42dd20bc8ff82bc5e02ddafe2c9af85755097691b
-        SHA384: a1d6af64a5eb3841d632438119fc954354caf3ccea61b69003a7fc9da166a9c653dc0359be2ae2463bffb7b53b0911ac
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 79c32d7ddd2458cf2eabe5b1b5c5290f
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  Imphash: 543f80399f79401471523d335ea61642
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: cfe667280acf69d4b5d0e2dbc76510e4
-    SHA1: b3249bacda6e43aa2c46c2af802c9ee0b7e2fd7b
-    SHA256: 3c9829a16eb85272b0e1a2917feffaab8ddb23e633b168b389669339a0cee0b5
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2015-04-24 01:01:47'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - MmMapIoSpace
-  - __C_specific_handler
-  - ZwClose
-  - ZwUnmapViewOfSection
-  - MmUnmapIoSpace
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - RtlInitUnicodeString
-  - IoDeleteSymbolicLink
-  - IofCompleteRequest
-  - IoDeleteDevice
-  - HalSetBusDataByOffset
-  - HalTranslateBusAddress
-  - HalGetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: ddb7da975d90b2a9c9c58e1af55f0285
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: ebe2ae976914018e88e9fc480e7b6269
-    SHA1: 960715bfbccb53b6c4eccca3b232b25640e15b52
-    SHA256: d755e9f3cb861f5227319238f1811265e332e36a922b9a25da38b122a791fdfa
-  SHA1: 977fd907b6a2509019d8ef4f6213039f2523f2b5
-  SHA256: d9a3dc47699949c8ec0c704346fb2ee86ff9010daa0dbac953cfa5f76b52fcd1
-  Sections:
-    .text:
-      Entropy: 5.874422277751402
-      Virtual Size: '0x9b4'
-    .rdata:
-      Entropy: 3.0356607252090053
-      Virtual Size: '0x120'
-    .data:
-      Entropy: 2.4884950805464947
-      Virtual Size: '0x58'
-    .pdata:
-      Entropy: 2.979061917571089
-      Virtual Size: '0x54'
-    INIT:
-      Entropy: 4.523481595961036
-      Virtual Size: '0x258'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Timestamping CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2028-01-28 12:00:00'
-      Signature: 4e5e56901e46b4d94931f3bb1739281bc216ddfd41dc0905049b6fb2a29ad6992e40990055b5ea3fa52076d38634d417cc553ac782eeefa8babcd8069f1550dfcd167b523a02d7191afdaff0785ce04bc518df3a241edaacb8a95804020730dbb0125efe31bef00448f4f070f83a5e5683cf3dfb0dbcf4c5ed979db9d4dba52784e3389b8ba735864420a43b6da46a0ba183fd28ebdaef28f6cc885dfb0a3b00abe021ebe22f356c0f8e344597eba2f79933357ecb9a8abb454de73f9fc2d98afa65b26ec77e65ffe892e12c31a2f7b02736488f266f3bee4d761f79c3e57f9635bc2d0ecc01b08e7fff518080a792d4b34446648c874f166307314b63b0dff3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee152d7
-      Version: 3
-      TBS:
-        MD5: e140543fe3256027cfa79fc3c19c1776
-        SHA1: c655f94eb1ecc93de319fc0c9a2dc6c5ec063728
-        SHA256: 3ca71e85908ff67368e4dc00253f5691b9e6d50c966e7784143d75fb92aa3448
-        SHA384: d9d366f9328f2b55ee19a32cc5fd5148b81d764282fe5dc196c872ae249caa51d2c212ef39f33945dfe0cda81925e326
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=SG, O=GMO GlobalSign Pte Ltd, CN=GlobalSign TSA for MS Authenticode
-        , G2
-      ValidFrom: '2015-02-03 00:00:00'
-      ValidTo: '2026-03-03 00:00:00'
-      Signature: 8032dc078d1ca09c9d3c2ae83d218b59a14d7ecc44ce03be7eaabcc4e67b73bb4bf188da904e7537283863b9d72b0f54a956ce7739973073cd9bd9d905451c8da4b8035d4fd91c2e98e0e988e6ecd7057e562a7bf7165ba3ad8f972512841bb25c634a0ad2ef10544782843569289c0ce41f141624fa75dc74726e4ecae36a43afcf7d3648d1bde906912c2fa6c871fdcfbdd89d2198fcafdbde228cafa7f377ef9ddca3704b441af078851ef2a58c39b5dc881c37edad14f5070b26bdbe6d025eb1b8b0586c853a0df6ff5a270cc5de53e7543c564cc94e4c30f6f25cfb1a8cc282bead5991f61b4d557bcf5b01dcfd7ad36f235c32479b01f3c15114468a9b
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112106a081d33fd87ae5824cc16b52094e03
-      Version: 3
-      TBS:
-        MD5: a0ac4d48fe852f7b3ed4e623d59a825f
-        SHA1: d4db9846bc4d7db142eeb364286f6de7c102420c
-        SHA256: 78d2e41a13eb4e9171bae2d2adb192cf39210b5231f77cda936bcfbe8c003bdf
-        SHA384: 990ed96dca5979deeedc98a012279f04efb5559d7e7f5084a12f3802ee9439326557aecefd081cff739b78515b5d7f50
-    - Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL CO.,
-        LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL CO.,
-        LTD.
-      ValidFrom: '2014-06-03 09:16:15'
-      ValidTo: '2017-09-03 09:16:15'
-      Signature: 8c35a5b5d3503f50119ab8f99b07a4bb4b71cafaf983206f744545c2997ae1762032fa2d37f4780cfe83bfa999d7bcbd863dc4a51ff39978160e2e191482ae6d7f08e8ffa337c96d8c2d38ddf476a497265a890c1bbf0dee89b1abd32343889a3757732d205ba06525fa8f6e15005405a53e55cef71ac0b6af3a640e4c8aef5e950ab8a8b5c8bcddb2ade96ad9473a3d860ae16fdbe3362cabfd916da089167d906d378dbf4534f7ffb77d87baba29f8f5bbbd9b4b7c127ac170a270dc7a7272d38fdf3bbadbfb448d47e5dd4d310a588666a0d66762e1b3704b1e00e39739190c02f4b981cf2d27ba07d2472ec320edf29e263f26278995d162102968c999b3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112158044863e4dc19cf29a85668b7f45842
-      Version: 3
-      TBS:
-        MD5: 403bb44a62aed1a94bd5df05b3292482
-        SHA1: e4a0353e75940ab1e8cbff2f433f186c7f0b0f09
-        SHA256: 5b81998ed98b343c04134c336e03f3051779eae0e9f882e8339593d18556375d
-        SHA384: db0076cad41a0ef4ea68754ef6905bd5ff772adcb745b05c0060344e43588abc95952dc3ad272f5a8f17b206e4089aca
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112158044863e4dc19cf29a85668b7f45842
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: cde9174249f04dad0f79890c976c0792
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 538e5e595c61d2ea8defb7b047784734
-    SHA1: 4a68c2d7a4c471e062a32c83a36eedb45a619683
-    SHA256: 478c36f8af7844a80e24c1822507beef6314519185717ec7ae224a0e04b2f330
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2016-09-30 06:03:17'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - MmMapIoSpace
-  - __C_specific_handler
-  - ZwClose
-  - ZwUnmapViewOfSection
-  - MmUnmapIoSpace
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - RtlInitUnicodeString
-  - IoDeleteSymbolicLink
-  - IofCompleteRequest
-  - IoDeleteDevice
-  - HalTranslateBusAddress
-  - HalGetBusDataByOffset
-  - HalSetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: 72acbdd8fac58b71b301980eab3ebfc8
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: ebe2ae976914018e88e9fc480e7b6269
-    SHA1: 960715bfbccb53b6c4eccca3b232b25640e15b52
-    SHA256: d755e9f3cb861f5227319238f1811265e332e36a922b9a25da38b122a791fdfa
-  SHA1: d57c732050d7160161e096a8b238cb05d89d1bb2
-  SHA256: 11208bbba148736309a8d2a4ab9ab6b8f22f2297547b100d8bdfd7d413fe98b2
-  Sections:
-    .text:
-      Entropy: 5.9488831741487855
-      Virtual Size: '0xb64'
-    .rdata:
-      Entropy: 3.0845170472775276
-      Virtual Size: '0x12c'
-    .data:
-      Entropy: 2.4884950805464947
-      Virtual Size: '0x58'
-    .pdata:
-      Entropy: 3.0964706270496722
-      Virtual Size: '0x60'
-    INIT:
-      Entropy: 4.528890116790764
-      Virtual Size: '0x258'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Timestamping CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2028-01-28 12:00:00'
-      Signature: 4e5e56901e46b4d94931f3bb1739281bc216ddfd41dc0905049b6fb2a29ad6992e40990055b5ea3fa52076d38634d417cc553ac782eeefa8babcd8069f1550dfcd167b523a02d7191afdaff0785ce04bc518df3a241edaacb8a95804020730dbb0125efe31bef00448f4f070f83a5e5683cf3dfb0dbcf4c5ed979db9d4dba52784e3389b8ba735864420a43b6da46a0ba183fd28ebdaef28f6cc885dfb0a3b00abe021ebe22f356c0f8e344597eba2f79933357ecb9a8abb454de73f9fc2d98afa65b26ec77e65ffe892e12c31a2f7b02736488f266f3bee4d761f79c3e57f9635bc2d0ecc01b08e7fff518080a792d4b34446648c874f166307314b63b0dff3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee152d7
-      Version: 3
-      TBS:
-        MD5: e140543fe3256027cfa79fc3c19c1776
-        SHA1: c655f94eb1ecc93de319fc0c9a2dc6c5ec063728
-        SHA256: 3ca71e85908ff67368e4dc00253f5691b9e6d50c966e7784143d75fb92aa3448
-        SHA384: d9d366f9328f2b55ee19a32cc5fd5148b81d764282fe5dc196c872ae249caa51d2c212ef39f33945dfe0cda81925e326
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=SG, O=GMO GlobalSign Pte Ltd, CN=GlobalSign TSA for MS Authenticode
-        , G2
-      ValidFrom: '2016-05-24 00:00:00'
-      ValidTo: '2027-06-24 00:00:00'
-      Signature: 8fa91a916d04a637200e8396de23d36b6e1f6edd643d682122b5f84736698ee1a545c724a222b72909cc545aaec6bccd638eb33d5048e5b4ccaecd928d9e288b134a11aabda3efd3b236fcb4a172bf6d9763798c44bc702f7ef3bcdd8253ab1af6ebfa1c97bcb6379ca41c30bcabbc2d4736df922003e871c658f675059a34f00b595a824434aa80e42f84f6475d96c9b6caca9db7a6bae450d3d437b8ba200ed0d3922a5bc459bba16ddb3cce449dc1382aade38dbdcd09771a10be670a02366488b9b31b26eee79e60c446a8bc61336ccf4eb99cb96af09f37feb53d4f9ad34dffde208e4e97a6fd9f09bc4dca1876c9b04d8550f280d21d06f5580407b118
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1121d699a764973ef1f8427ee919cc534114
-      Version: 3
-      TBS:
-        MD5: acb5170547d76873f1e4ff18ed5de2eb
-        SHA1: bd6e261e75b807381bada7287de04d259258a5fa
-        SHA256: 4783380498acf592286ef2dea0fcc5bdea3f54d5e374d3e3497df9d5f662cfb6
-        SHA384: 4f428f115cf3d008248f15f32007fc7c54bd454e1b48b765776b4c87c23ab8818d8fbcbb3646d35eca012b025260a3b8
-    - Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL CO.,
-        LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL CO.,
-        LTD.
-      ValidFrom: '2014-06-03 09:16:15'
-      ValidTo: '2017-09-03 09:16:15'
-      Signature: 8c35a5b5d3503f50119ab8f99b07a4bb4b71cafaf983206f744545c2997ae1762032fa2d37f4780cfe83bfa999d7bcbd863dc4a51ff39978160e2e191482ae6d7f08e8ffa337c96d8c2d38ddf476a497265a890c1bbf0dee89b1abd32343889a3757732d205ba06525fa8f6e15005405a53e55cef71ac0b6af3a640e4c8aef5e950ab8a8b5c8bcddb2ade96ad9473a3d860ae16fdbe3362cabfd916da089167d906d378dbf4534f7ffb77d87baba29f8f5bbbd9b4b7c127ac170a270dc7a7272d38fdf3bbadbfb448d47e5dd4d310a588666a0d66762e1b3704b1e00e39739190c02f4b981cf2d27ba07d2472ec320edf29e263f26278995d162102968c999b3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 112158044863e4dc19cf29a85668b7f45842
-      Version: 3
-      TBS:
-        MD5: 403bb44a62aed1a94bd5df05b3292482
-        SHA1: e4a0353e75940ab1e8cbff2f433f186c7f0b0f09
-        SHA256: 5b81998ed98b343c04134c336e03f3051779eae0e9f882e8339593d18556375d
-        SHA384: db0076cad41a0ef4ea68754ef6905bd5ff772adcb745b05c0060344e43588abc95952dc3ad272f5a8f17b206e4089aca
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 112158044863e4dc19cf29a85668b7f45842
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 7363079b9aae7d58bd33c691a613c83c
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 936e49d3eec0a2f433e9d0115a38a2b6
-    SHA1: 5717bf3e520accfff5ad9943e53a3b118fb67f2e
-    SHA256: 918d2e68a724b58d37443aea159e70bf8b1b5ebb089c395cad1d62745ecdaa19
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2013-03-10 23:32:06'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - RtlInitUnicodeString
-  - ZwClose
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - MmMapIoSpace
-  - IoDeleteSymbolicLink
-  - IofCompleteRequest
-  - ZwUnmapViewOfSection
-  - MmUnmapIoSpace
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - __C_specific_handler
-  - IoDeleteDevice
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: 260eef181a9bf2849bfec54c1736613b
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 59080883b71fd56bbf10ec0ae4b6bdd4
-    SHA1: 503a36a225568553cc9b05f63b3506c6ff21e12e
-    SHA256: bc812d4ddc3ecfbf38c4d0d185e368fc58bac6e07f722db032bf6303daa7c946
-  SHA1: 0f78974194b604122b1cd4e82768155f946f6d24
-  SHA256: b749566057dee0439f54b0d38935e5939b5cb011c46d7022530f748ebc63efe5
-  Sections:
-    .text:
-      Entropy: 5.875896928498946
-      Virtual Size: '0x8c4'
-    .rdata:
-      Entropy: 3.077836082863532
-      Virtual Size: '0x110'
-    .data:
-      Entropy: 2.4884950805464947
-      Virtual Size: '0x58'
-    .pdata:
-      Entropy: 2.9223636591016042
-      Virtual Size: '0x54'
-    INIT:
-      Entropy: 4.468159720315432
-      Virtual Size: '0x218'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Timestamping CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2028-01-28 12:00:00'
-      Signature: 4e5e56901e46b4d94931f3bb1739281bc216ddfd41dc0905049b6fb2a29ad6992e40990055b5ea3fa52076d38634d417cc553ac782eeefa8babcd8069f1550dfcd167b523a02d7191afdaff0785ce04bc518df3a241edaacb8a95804020730dbb0125efe31bef00448f4f070f83a5e5683cf3dfb0dbcf4c5ed979db9d4dba52784e3389b8ba735864420a43b6da46a0ba183fd28ebdaef28f6cc885dfb0a3b00abe021ebe22f356c0f8e344597eba2f79933357ecb9a8abb454de73f9fc2d98afa65b26ec77e65ffe892e12c31a2f7b02736488f266f3bee4d761f79c3e57f9635bc2d0ecc01b08e7fff518080a792d4b34446648c874f166307314b63b0dff3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee152d7
-      Version: 3
-      TBS:
-        MD5: e140543fe3256027cfa79fc3c19c1776
-        SHA1: c655f94eb1ecc93de319fc0c9a2dc6c5ec063728
-        SHA256: 3ca71e85908ff67368e4dc00253f5691b9e6d50c966e7784143d75fb92aa3448
-        SHA384: d9d366f9328f2b55ee19a32cc5fd5148b81d764282fe5dc196c872ae249caa51d2c212ef39f33945dfe0cda81925e326
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=SG, O=GMO GlobalSign Pte Ltd, CN=GlobalSign TSA for MS Authenticode
-        , G1
-      ValidFrom: '2013-08-23 00:00:00'
-      ValidTo: '2024-09-23 00:00:00'
-      Signature: 0231142e5857644185e8af12753c881cc35eec2ce9a13cf5baaa531db9d12963dc436786d439dadec6c9ffbe4585f4a4d7c151ea18ee40585ee67bcca241291338c8ea21169cce90a62efba6cad994df401df902182bbef65d4f9fff9a48dbc50509ca80cea0f9dc4bc323e6038fb4b4af5b71296191181a6b7af2fd0dd1cd7d5e98ebba705ee5f4ea43de353dc514818adb3e105ebb72faa1a093ab031cc1653c91138b045d2bc4b9161bcc55c50ce8abe743c9b28328a5531347ab3964b91cea3430b176009521f1d43da8fda00032d76e983ca69c3b0b83becbb8bb2a268c59b8b9aeaf26ace234a2dc210d810b3813f745a3e3dbc4aca16d1bb7e5615cd7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1121405c1f0ed258882be54d8686ba11ea45
-      Version: 3
-      TBS:
-        MD5: b95cbc184d388718612d5933f7b36770
-        SHA1: ff124c5d160710720108616ffee99bbe090ed363
-        SHA256: 13027620255363f07bbf85ae7d0dc06c07d8b0f4368b12f983ee3f4fce605733
-        SHA384: f42ed00f615f2822dcd3d33794477428afb52ddab932ebcde3586f92a27e18f9faba6b3334ca4e59e0cb24bdbf8395a6
-    - Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL CO.,
-        LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL CO.,
-        LTD.
-      ValidFrom: '2011-08-30 06:46:09'
-      ValidTo: '2014-08-30 06:46:09'
-      Signature: 87bf57ab7ffd7e005076b34b14ddd924045ec7e389871661794f1ece1bef10e050893b28236cb650af1415f8cd95e86c2052d93311d73e0bbe6fb1c22ddea438a93c8b18bd4b8c0f81ad07032efb46d406bbaa730dd3ac92cbf0d9cc711a397a0e0320b213a5161e6be83ec69967a712b463129ea56d5a8ecd3ff8901be09dfaa0a0f10e879b307863e1b1c3a3149ac73bc3f3160db7012229b57bced6d47b875878663642a8cddd03da1e7f236b8cf16713a5e0f4c892aaca77a8c7dab41d84567e2bbf09b336a2824e0e18d54d199e6e024d2630bb210cd24a9ef4b377be0429e2ecc9bf8478a8c6a78c686e26f29c95925baee85e4bbb97b6eecffe44a25e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
-      Version: 3
-      TBS:
-        MD5: 3a98a18e8636f2a01e49e2a6d116c360
-        SHA1: a2938150e46525adcec2e3a2348824bc1cf532b2
-        SHA256: 01a2e2d31d0a4f3005753cce5972b5da2a7c08b0750fb6947e0fd231e64ae7ec
-        SHA384: 722398e51e6b5bbe064df372be6b6a9ccfcc9719ad775213cae46920e0a3e6c5a4dc8b912de3148abfc60ff4a59050ea
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 690a0fb27a0c47c785d6bbbfc2e56501
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 55466195f0b2f4afc4243b43a806e6d9
-    SHA1: 38b353d8480885de5dcf299deca99ce4f26a1d20
-    SHA256: 5182caf10de9cec0740ecde5a081c21cdc100d7eb328ffe6f3f63183889fec6b
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2011-09-06 06:24:50'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - RtlInitUnicodeString
-  - ZwClose
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - MmMapIoSpace
-  - IoDeleteSymbolicLink
-  - IofCompleteRequest
-  - ZwUnmapViewOfSection
-  - MmUnmapIoSpace
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - __C_specific_handler
-  - IoDeleteDevice
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: aa55dd14064cb808613d09195e3ba749
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 59080883b71fd56bbf10ec0ae4b6bdd4
-    SHA1: 503a36a225568553cc9b05f63b3506c6ff21e12e
-    SHA256: bc812d4ddc3ecfbf38c4d0d185e368fc58bac6e07f722db032bf6303daa7c946
-  SHA1: 604870e76e55078dfb8055d49ae8565ed6177f7c
-  SHA256: 3ac8e54be2804f5fa60d0d23a11ba323fba078a942c96279425aabad935b8236
-  Sections:
-    .text:
-      Entropy: 5.866767422382319
-      Virtual Size: '0x8b4'
-    .rdata:
-      Entropy: 3.095201756852517
-      Virtual Size: '0x110'
-    .data:
-      Entropy: 2.4884950805464947
-      Virtual Size: '0x58'
-    .pdata:
-      Entropy: 3.045843351790575
-      Virtual Size: '0x54'
-    INIT:
-      Entropy: 4.468159720315432
-      Virtual Size: '0x218'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: OU=Timestamping CA, O=GlobalSign, CN=GlobalSign Timestamping CA
-      ValidFrom: '2009-03-18 11:00:00'
-      ValidTo: '2028-01-28 12:00:00'
-      Signature: 5df6cb2b0d0140849f857a43706ae0c5e7aa0600d76713c9089131654f14a8a905dc389e6aa0300abd8dc78028ee4245ca94f3de5845a9803204f5595c6a70003927944df5b44634e81c5331b2b35416e9cc42abd5d959301cfb462725b88723b1e8758824831ec876377b01494548a4ede25dd27c9ca2dc2dba105a126265abae00c710343bcb72bd14240cdcc37627b4a7fee15829f20e169f91391d89a6e60f1c878ce258ac927e243eaaec14e73a33348bc63bac83ab0f14627aba1a2d4d4b1bc530f00b92797d3c78e0f8e6d215965999392b3061e8b8f8c0a1e9221411787dc4dc89bec0bb94e172aeebb540404fef171e585ed0a88996ac9228e9babf
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012019c19066
-      Version: 3
-      TBS:
-        MD5: 42023b9487cafe46c1b6a49c369a362e
-        SHA1: 7c7b524d269334b9f073c32e888e09544c6acd98
-        SHA256: b7126567833f3daa4085ff41e73112daad3d1e3808a942c1936520e2d6c46c78
-        SHA384: 0ee4f63d6f157ec4f6990c3ebb411ccd76cb1e2123c7f692459e43f96c0da2dbf60a2bce6afeacc60621d3055028baea
-    - Subject: C=BE, O=GlobalSign NV, CN=GlobalSign Time Stamping Authority
-      ValidFrom: '2009-12-21 09:32:56'
-      ValidTo: '2020-12-22 09:32:56'
-      Signature: bc89ecfee63655935c79d4117a86808f17b693b26d9b91a1561811c655eaf608edad9b9ef52b81c8bbdd607b1b47991e6d403e1d80c213d58e04052fdbe7ae529e688472a1e54a603cf89bd52f46d8c3b2b79353ac9b6c432424d1f1fce9562e3411581843eaefff34746ca0c06c7fad031969881e9560cabbbd0cbb76efc724b081c63831cf36ad0c38b89020849b2e8f28b99ff6ca9427cdac396157e0e3955a9c769230f5dea6973d721c2a6032a8334d8635338a5cf3a4fdf7062ce16b4b30f5cbd34362f841b9de7d20cb058c8e2cf65f35fd338d42896508362ca389f45a858bb0b97bdb6ccba1f8d20e1bbb977cd12779be9d7c3be6a75634d8c991a9
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 01000000000125b0b4cc01
-      Version: 3
-      TBS:
-        MD5: e3369c8e5aec0504b3a50455f615d9f9
-        SHA1: 13c244a894b40ecd18aaf97c362f20385bd005a7
-        SHA256: 26da721a670c72836926032fee6920118bfb9bff89cc8d0ce30d9452c33f2532
-        SHA384: 1524902f0e25addc6d74039d439366d2b06199e215004fd8e145369f50ea94a021ce6312e8a62b35470da0309ccb975c
-    - Subject: C=US, ST=California, L=Brea, O=EVGA, OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, CN=EVGA
-      ValidFrom: '2010-04-14 00:00:00'
-      ValidTo: '2012-04-15 23:59:59'
-      Signature: ba96817224593697c9135d803c5fc87767f2a7ed8fa0aa18eab4030a3daed18c55fb7eda8835d0488d18136c0db39d8edf3224790842cdf8580b35324631de717e9279d28d605285615341aeea10a73005d59cbe3138bebfa5003cbcf2971249423d820d6d252a18bf4dd124a1ac0c2f66015cbb23690e1b0fb9d5ce3f047663f1fb6735e54f09cfb6162da298bdc956490586cfdadee74a5766c187223e19112d22f59c7f3f325449afebc42689ec4c9399bd0d97397c37230804a4e5bc17e904008aa9c5972e2332302e57648006d057c9ed8c6384fb42d138971c86079b155c202733b837b3eef122c866ce3e6d8a8d9f1685e618cc2466d623d212b73df6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 79c32d7ddd2458cf2eabe5b1b5c5290f
-      Version: 3
-      TBS:
-        MD5: 5ba772ec00357ae706016510775c7a00
-        SHA1: eeb31b244ea14abae1e947ecdca0d6ae4720031b
-        SHA256: c8e707c2615c26ac78ed06b42dd20bc8ff82bc5e02ddafe2c9af85755097691b
-        SHA384: a1d6af64a5eb3841d632438119fc954354caf3ccea61b69003a7fc9da166a9c653dc0359be2ae2463bffb7b53b0911ac
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 79c32d7ddd2458cf2eabe5b1b5c5290f
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  Imphash: 690a0fb27a0c47c785d6bbbfc2e56501
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 936e49d3eec0a2f433e9d0115a38a2b6
-    SHA1: 5717bf3e520accfff5ad9943e53a3b118fb67f2e
-    SHA256: 918d2e68a724b58d37443aea159e70bf8b1b5ebb089c395cad1d62745ecdaa19
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2013-03-10 23:32:06'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - RtlInitUnicodeString
-  - ZwClose
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - MmMapIoSpace
-  - IoDeleteSymbolicLink
-  - IofCompleteRequest
-  - ZwUnmapViewOfSection
-  - MmUnmapIoSpace
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - __C_specific_handler
-  - IoDeleteDevice
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: 710b290a00598fbb1bcc49b30174b2c9
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 59080883b71fd56bbf10ec0ae4b6bdd4
-    SHA1: 503a36a225568553cc9b05f63b3506c6ff21e12e
-    SHA256: bc812d4ddc3ecfbf38c4d0d185e368fc58bac6e07f722db032bf6303daa7c946
-  SHA1: 1e6c2763f97e4275bba581de880124d64666a2fe
-  SHA256: bbbeb5020b58e6942ec7dec0d1d518e95fc12ddae43f54ef0829d3393c6afd63
-  Sections:
-    .text:
-      Entropy: 5.875896928498946
-      Virtual Size: '0x8c4'
-    .rdata:
-      Entropy: 3.077836082863532
-      Virtual Size: '0x110'
-    .data:
-      Entropy: 2.4884950805464947
-      Virtual Size: '0x58'
-    .pdata:
-      Entropy: 2.9223636591016042
-      Virtual Size: '0x54'
-    INIT:
-      Entropy: 4.468159720315432
-      Virtual Size: '0x218'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: OU=Timestamping CA, O=GlobalSign, CN=GlobalSign Timestamping CA
-      ValidFrom: '2009-03-18 11:00:00'
-      ValidTo: '2028-01-28 12:00:00'
-      Signature: 5df6cb2b0d0140849f857a43706ae0c5e7aa0600d76713c9089131654f14a8a905dc389e6aa0300abd8dc78028ee4245ca94f3de5845a9803204f5595c6a70003927944df5b44634e81c5331b2b35416e9cc42abd5d959301cfb462725b88723b1e8758824831ec876377b01494548a4ede25dd27c9ca2dc2dba105a126265abae00c710343bcb72bd14240cdcc37627b4a7fee15829f20e169f91391d89a6e60f1c878ce258ac927e243eaaec14e73a33348bc63bac83ab0f14627aba1a2d4d4b1bc530f00b92797d3c78e0f8e6d215965999392b3061e8b8f8c0a1e9221411787dc4dc89bec0bb94e172aeebb540404fef171e585ed0a88996ac9228e9babf
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012019c19066
-      Version: 3
-      TBS:
-        MD5: 42023b9487cafe46c1b6a49c369a362e
-        SHA1: 7c7b524d269334b9f073c32e888e09544c6acd98
-        SHA256: b7126567833f3daa4085ff41e73112daad3d1e3808a942c1936520e2d6c46c78
-        SHA384: 0ee4f63d6f157ec4f6990c3ebb411ccd76cb1e2123c7f692459e43f96c0da2dbf60a2bce6afeacc60621d3055028baea
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=BE, O=GlobalSign NV, CN=GlobalSign Time Stamping Authority
-      ValidFrom: '2009-12-21 09:32:56'
-      ValidTo: '2020-12-22 09:32:56'
-      Signature: bc89ecfee63655935c79d4117a86808f17b693b26d9b91a1561811c655eaf608edad9b9ef52b81c8bbdd607b1b47991e6d403e1d80c213d58e04052fdbe7ae529e688472a1e54a603cf89bd52f46d8c3b2b79353ac9b6c432424d1f1fce9562e3411581843eaefff34746ca0c06c7fad031969881e9560cabbbd0cbb76efc724b081c63831cf36ad0c38b89020849b2e8f28b99ff6ca9427cdac396157e0e3955a9c769230f5dea6973d721c2a6032a8334d8635338a5cf3a4fdf7062ce16b4b30f5cbd34362f841b9de7d20cb058c8e2cf65f35fd338d42896508362ca389f45a858bb0b97bdb6ccba1f8d20e1bbb977cd12779be9d7c3be6a75634d8c991a9
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 01000000000125b0b4cc01
-      Version: 3
-      TBS:
-        MD5: e3369c8e5aec0504b3a50455f615d9f9
-        SHA1: 13c244a894b40ecd18aaf97c362f20385bd005a7
-        SHA256: 26da721a670c72836926032fee6920118bfb9bff89cc8d0ce30d9452c33f2532
-        SHA384: 1524902f0e25addc6d74039d439366d2b06199e215004fd8e145369f50ea94a021ce6312e8a62b35470da0309ccb975c
-    - Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL CO.,
-        LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL CO.,
-        LTD.
-      ValidFrom: '2011-08-30 06:46:09'
-      ValidTo: '2014-08-30 06:46:09'
-      Signature: 87bf57ab7ffd7e005076b34b14ddd924045ec7e389871661794f1ece1bef10e050893b28236cb650af1415f8cd95e86c2052d93311d73e0bbe6fb1c22ddea438a93c8b18bd4b8c0f81ad07032efb46d406bbaa730dd3ac92cbf0d9cc711a397a0e0320b213a5161e6be83ec69967a712b463129ea56d5a8ecd3ff8901be09dfaa0a0f10e879b307863e1b1c3a3149ac73bc3f3160db7012229b57bced6d47b875878663642a8cddd03da1e7f236b8cf16713a5e0f4c892aaca77a8c7dab41d84567e2bbf09b336a2824e0e18d54d199e6e024d2630bb210cd24a9ef4b377be0429e2ecc9bf8478a8c6a78c686e26f29c95925baee85e4bbb97b6eecffe44a25e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
-      Version: 3
-      TBS:
-        MD5: 3a98a18e8636f2a01e49e2a6d116c360
-        SHA1: a2938150e46525adcec2e3a2348824bc1cf532b2
-        SHA256: 01a2e2d31d0a4f3005753cce5972b5da2a7c08b0750fb6947e0fd231e64ae7ec
-        SHA384: 722398e51e6b5bbe064df372be6b6a9ccfcc9719ad775213cae46920e0a3e6c5a4dc8b912de3148abfc60ff4a59050ea
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 690a0fb27a0c47c785d6bbbfc2e56501
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create RTCore64.sys binPath=C:\windows\temp\RTCore64.sys type=kernel
+        && sc.exe start RTCore64.sys
+    Description: The driver in Micro-Star MSI Afterburner 4.6.2.15658 (aka RTCore64.sys
+        and RTCore32.sys) allows any authenticated user to read and write to arbitrary
+        memory, I/O ports, and MSRs. This can be exploited for privilege escalation,
+        code execution under high privileges, and information disclosure. These signed
+        drivers can also be used to bypass the Microsoft driver-signing policy to
+        deploy malicious code.
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://github.com/elastic/protections-artifacts/search?q=VulnDriver
 - https://news.sophos.com/en-us/2022/10/04/blackbyte-ransomware-returns/
 - https://github.com/elastic/protections-artifacts/search?q=VulnDriver
 - https://github.com/VoidSec/Exploit-Development/tree/b82b6d3ac1cce66221101d3e0f4634aa64cb4ca7/windows/x64/kernel/RTCore64_MSI_Afterburner_v.4.6.4.16117
-Tags:
-- RTCore64.sys
-Verified: 'TRUE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 538e5e595c61d2ea8defb7b047784734
+        SHA1: 4a68c2d7a4c471e062a32c83a36eedb45a619683
+        SHA256: 478c36f8af7844a80e24c1822507beef6314519185717ec7ae224a0e04b2f330
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2016-09-30 06:03:17'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: RTCore64.sys
+    ImportedFunctions:
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - MmMapIoSpace
+    - __C_specific_handler
+    - ZwClose
+    - ZwUnmapViewOfSection
+    - MmUnmapIoSpace
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - RtlInitUnicodeString
+    - IoDeleteSymbolicLink
+    - IofCompleteRequest
+    - IoDeleteDevice
+    - HalTranslateBusAddress
+    - HalGetBusDataByOffset
+    - HalSetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: 2d8e4f38b36c334d0a32a7324832501d
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: null
+    RichPEHeaderHash:
+        MD5: ebe2ae976914018e88e9fc480e7b6269
+        SHA1: 960715bfbccb53b6c4eccca3b232b25640e15b52
+        SHA256: d755e9f3cb861f5227319238f1811265e332e36a922b9a25da38b122a791fdfa
+    SHA1: f6f11ad2cd2b0cf95ed42324876bee1d83e01775
+    SHA256: 01aa278b07b58dc46c84bd0b1b5c8e9ee4e62ea0bf7a695862444af32e87f1fd
+    Sections:
+        .text:
+            Entropy: 5.9488831741487855
+            Virtual Size: '0xb64'
+        .rdata:
+            Entropy: 3.0845170472775276
+            Virtual Size: '0x12c'
+        .data:
+            Entropy: 2.4884950805464947
+            Virtual Size: '0x58'
+        .pdata:
+            Entropy: 3.0964706270496722
+            Virtual Size: '0x60'
+        INIT:
+            Entropy: 4.528890116790764
+            Virtual Size: '0x258'
+    Signature: []
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Timestamping CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2028-01-28 12:00:00'
+            Signature: 4e5e56901e46b4d94931f3bb1739281bc216ddfd41dc0905049b6fb2a29ad6992e40990055b5ea3fa52076d38634d417cc553ac782eeefa8babcd8069f1550dfcd167b523a02d7191afdaff0785ce04bc518df3a241edaacb8a95804020730dbb0125efe31bef00448f4f070f83a5e5683cf3dfb0dbcf4c5ed979db9d4dba52784e3389b8ba735864420a43b6da46a0ba183fd28ebdaef28f6cc885dfb0a3b00abe021ebe22f356c0f8e344597eba2f79933357ecb9a8abb454de73f9fc2d98afa65b26ec77e65ffe892e12c31a2f7b02736488f266f3bee4d761f79c3e57f9635bc2d0ecc01b08e7fff518080a792d4b34446648c874f166307314b63b0dff3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee152d7
+            Version: 3
+            TBS:
+                MD5: e140543fe3256027cfa79fc3c19c1776
+                SHA1: c655f94eb1ecc93de319fc0c9a2dc6c5ec063728
+                SHA256: 3ca71e85908ff67368e4dc00253f5691b9e6d50c966e7784143d75fb92aa3448
+                SHA384: d9d366f9328f2b55ee19a32cc5fd5148b81d764282fe5dc196c872ae249caa51d2c212ef39f33945dfe0cda81925e326
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=SG, O=GMO GlobalSign Pte Ltd, CN=GlobalSign TSA for MS Authenticode
+                , G2
+            ValidFrom: '2016-05-24 00:00:00'
+            ValidTo: '2027-06-24 00:00:00'
+            Signature: 8fa91a916d04a637200e8396de23d36b6e1f6edd643d682122b5f84736698ee1a545c724a222b72909cc545aaec6bccd638eb33d5048e5b4ccaecd928d9e288b134a11aabda3efd3b236fcb4a172bf6d9763798c44bc702f7ef3bcdd8253ab1af6ebfa1c97bcb6379ca41c30bcabbc2d4736df922003e871c658f675059a34f00b595a824434aa80e42f84f6475d96c9b6caca9db7a6bae450d3d437b8ba200ed0d3922a5bc459bba16ddb3cce449dc1382aade38dbdcd09771a10be670a02366488b9b31b26eee79e60c446a8bc61336ccf4eb99cb96af09f37feb53d4f9ad34dffde208e4e97a6fd9f09bc4dca1876c9b04d8550f280d21d06f5580407b118
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1121d699a764973ef1f8427ee919cc534114
+            Version: 3
+            TBS:
+                MD5: acb5170547d76873f1e4ff18ed5de2eb
+                SHA1: bd6e261e75b807381bada7287de04d259258a5fa
+                SHA256: 4783380498acf592286ef2dea0fcc5bdea3f54d5e374d3e3497df9d5f662cfb6
+                SHA384: 4f428f115cf3d008248f15f32007fc7c54bd454e1b48b765776b4c87c23ab8818d8fbcbb3646d35eca012b025260a3b8
+        -   Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL
+                CO., LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL
+                CO., LTD.
+            ValidFrom: '2014-06-03 09:16:15'
+            ValidTo: '2017-09-03 09:16:15'
+            Signature: 8c35a5b5d3503f50119ab8f99b07a4bb4b71cafaf983206f744545c2997ae1762032fa2d37f4780cfe83bfa999d7bcbd863dc4a51ff39978160e2e191482ae6d7f08e8ffa337c96d8c2d38ddf476a497265a890c1bbf0dee89b1abd32343889a3757732d205ba06525fa8f6e15005405a53e55cef71ac0b6af3a640e4c8aef5e950ab8a8b5c8bcddb2ade96ad9473a3d860ae16fdbe3362cabfd916da089167d906d378dbf4534f7ffb77d87baba29f8f5bbbd9b4b7c127ac170a270dc7a7272d38fdf3bbadbfb448d47e5dd4d310a588666a0d66762e1b3704b1e00e39739190c02f4b981cf2d27ba07d2472ec320edf29e263f26278995d162102968c999b3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112158044863e4dc19cf29a85668b7f45842
+            Version: 3
+            TBS:
+                MD5: 403bb44a62aed1a94bd5df05b3292482
+                SHA1: e4a0353e75940ab1e8cbff2f433f186c7f0b0f09
+                SHA256: 5b81998ed98b343c04134c336e03f3051779eae0e9f882e8339593d18556375d
+                SHA384: db0076cad41a0ef4ea68754ef6905bd5ff772adcb745b05c0060344e43588abc95952dc3ad272f5a8f17b206e4089aca
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112158044863e4dc19cf29a85668b7f45842
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 7363079b9aae7d58bd33c691a613c83c
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 63fd0d800cac53db02638349cea2f8e7
+        SHA1: 3856e573765f090afbbb9e5be4c886653402f755
+        SHA256: ff8d17761c1645bdd1f0eccc69024907bbbfbe5c60679402b7d02f95b16310fe
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2016-09-30 06:03:16'
+    Date: null
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: RTCore64.sys
+    ImportedFunctions:
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - MmUnmapIoSpace
+    - ZwClose
+    - _except_handler3
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeTickCount
+    - RtlInitUnicodeString
+    - IoDeleteSymbolicLink
+    - ZwUnmapViewOfSection
+    - IoDeleteDevice
+    - HalTranslateBusAddress
+    - HalGetBusDataByOffset
+    - HalSetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: 0ec361f2fba49c73260af351c39ff9cb
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: null
+    RichPEHeaderHash:
+        MD5: ef0782d8ffe1c09386ae12bb2a2ca29c
+        SHA1: 39449f1e1ca8b17755e87827b9a394a4143d5b07
+        SHA256: f56fbdad98db55f8a8a7391c059ec563e0f6754624895ec154a2dd9d1fa350d5
+    SHA1: af50109b112995f8c82be8ef3a88be404510cdde
+    SHA256: cdd2a4575a46bada4837a6153a79c14d60ee3129830717ef09e0e3efd9d00812
+    Sections:
+        .text:
+            Entropy: 6.222517922403874
+            Virtual Size: '0x85e'
+        .rdata:
+            Entropy: 2.5897676319963354
+            Virtual Size: '0xb4'
+        .data:
+            Entropy: 2.810593549963783
+            Virtual Size: '0x58'
+        INIT:
+            Entropy: 5.219089224601385
+            Virtual Size: '0x246'
+        .reloc:
+            Entropy: 3.7952244389178276
+            Virtual Size: '0xa4'
+    Signature: null
+    Signatures: {}
+    Imphash: 9ad5f7496f8c918d6c0536751d3accae
+    LoadsDespiteHVCI: 'TRUE'
+-   Authentihash:
+        MD5: bcd9f192e2f9321ed549c722f30206e5
+        SHA1: 8498265d4ca81b83ec1454d9ec013d7a9c0c87bf
+        SHA256: 606beced7746cdb684d3a44f41e48713c6bbe5bfb1486c52b5cca815e99d31b4
+    Company: ''
+    Copyright: ''
+    Date: null
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: RTCore64.sys
+    ImportedFunctions:
+    - MmUnmapIoSpace
+    - ZwUnmapViewOfSection
+    - MmMapIoSpace
+    - ZwClose
+    - IoDeleteDevice
+    - ObReferenceObjectByHandle
+    - IoCreateSymbolicLink
+    - ZwOpenSection
+    - KeBugCheckEx
+    - RtlInitUnicodeString
+    - ZwMapViewOfSection
+    - IofCompleteRequest
+    - IoDeleteSymbolicLink
+    - MmGetSystemRoutineAddress
+    - IoCreateDevice
+    - ObOpenObjectByPointer
+    - ZwSetSecurityObject
+    - IoDeviceObjectType
+    - _snwprintf
+    - RtlLengthSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - ExFreePoolWithTag
+    - RtlCreateSecurityDescriptor
+    - RtlSetDaclSecurityDescriptor
+    - RtlAbsoluteToSelfRelativeSD
+    - IoIsWdmVersionAvailable
+    - SeExports
+    - wcschr
+    - _wcsnicmp
+    - ExAllocatePoolWithTag
+    - RtlLengthSid
+    - RtlAddAccessAllowedAce
+    - RtlGetSaclSecurityDescriptor
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - ZwOpenKey
+    - ZwCreateKey
+    - ZwQueryValueKey
+    - ZwSetValueKey
+    - RtlFreeUnicodeString
+    - __C_specific_handler
+    - HalGetBusDataByOffset
+    - HalSetBusDataByOffset
+    - HalTranslateBusAddress
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: 0a2ec9e3e236698185978a5fc76e74e6
+    MachineType: AMD64
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: null
+    SHA1: 4fe873544c34243826489997a5ff14ed39dd090d
+    SHA256: f1c8ca232789c2f11a511c8cd95a9f3830dd719cad5aa22cb7c3539ab8cb4dc3
+    Signature: null
+    Signatures:
+    -   Certificates:
+        -   Signature: 4e5e56901e46b4d94931f3bb1739281bc216ddfd41dc0905049b6fb2a29ad6992e40990055b5ea3fa52076d38634d417cc553ac782eeefa8babcd8069f1550dfcd167b523a02d7191afdaff0785ce04bc518df3a241edaacb8a95804020730dbb0125efe31bef00448f4f070f83a5e5683cf3dfb0dbcf4c5ed979db9d4dba52784e3389b8ba735864420a43b6da46a0ba183fd28ebdaef28f6cc885dfb0a3b00abe021ebe22f356c0f8e344597eba2f79933357ecb9a8abb454de73f9fc2d98afa65b26ec77e65ffe892e12c31a2f7b02736488f266f3bee4d761f79c3e57f9635bc2d0ecc01b08e7fff518080a792d4b34446648c874f166307314b63b0dff3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Timestamping CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2028-01-28 12:00:00'
+        -   Signature: 8fa91a916d04a637200e8396de23d36b6e1f6edd643d682122b5f84736698ee1a545c724a222b72909cc545aaec6bccd638eb33d5048e5b4ccaecd928d9e288b134a11aabda3efd3b236fcb4a172bf6d9763798c44bc702f7ef3bcdd8253ab1af6ebfa1c97bcb6379ca41c30bcabbc2d4736df922003e871c658f675059a34f00b595a824434aa80e42f84f6475d96c9b6caca9db7a6bae450d3d437b8ba200ed0d3922a5bc459bba16ddb3cce449dc1382aade38dbdcd09771a10be670a02366488b9b31b26eee79e60c446a8bc61336ccf4eb99cb96af09f37feb53d4f9ad34dffde208e4e97a6fd9f09bc4dca1876c9b04d8550f280d21d06f5580407b118
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            Subject: C=SG, O=GMO GlobalSign Pte Ltd, CN=GlobalSign TSA for MS Authenticode
+                , G2
+            ValidFrom: '2016-05-24 00:00:00'
+            ValidTo: '2027-06-24 00:00:00'
+        -   Signature: 7609c4cc2fd9ef1e4ba9f857f3403921ca4c3c1d9e292b20d42b44d288ce1a0d05cf8381bbeb69bc318d2ac4c744cc6060941ccfa1e102240ead5bbe2cc2271e67b7e8281f3251e339f398dfb89f2e8b2ab47b0a03bcbd36048fc9d09c4fa3022799b0f045e934dfe43aa3b70637d86f2a7990d4d44e5871ec53a96198f73969e0129c575872862729a51de532f32b99975abf2bb03cb406ea0e64ecb7cd65802417c2d937f5b1261035477b9a02ba54a24593ff79bf1a8cc59fb59fdf78e76b50f14794694b24b8da05e80c9d4f06ec4a31207e4f5d86842f35a3cd9cc184571f1fadc0e2a4b1ef296b2197a6d4feed0337b0fcf58d2abcdc8483e3dec3e75f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Extended Validation CodeSigning
+                CA , SHA256 , G3
+            ValidFrom: '2016-06-15 00:00:00'
+            ValidTo: '2024-06-15 00:00:00'
+        -   Signature: 6002ac0e090db46a7d590cad66450a180f5ea7255c14f6d35acf9d5e3bc77afc005f6e402b2de1ce6f76ab3cabd9f945cf779052ea21973ad25d3e57ba73ec007577a2754574c76226b054bad5c9c9da6ced66f2ff8b17b27959ca805465da96ca11de2abbc3d43d37fce6fdcb92866eb9ad4d1b68e047d9b08634231cda1ddd6e54edcb0ee17ad54db2a1abceda712fa23e0804ac2a53d713d93c6e338ca7b7b935afa559df305fea3ee8777123f8f9e91edbe214036a8aef64c17be05d56e0e4f2c84ce0d7ef07d3d620fade651998a7c6712b5d94aee9c90b91578690ccde9fd43c1995043efd5c2ba4fc39958fa88787b25bca804fc31638f50eb0edd7caf6fc774477d84ac89d9fff301798d712d590dde53a66e0f12c974799b60f0e56da9b410dc34bd5f0689ccaa5865c866612f23b8304ff46ed2d64d456952b7e799d01831318d568bd91cedd86fb08a0ab0c4564c3d126345e56a26c4c690c8b63ca84187ac573abb352ae8ddce22b03677d862a126f684f6481752d85e5b8ec80059bab3969ee1f316a6a2afb35bd63aac5ee65d3d696a43e99931ebeee3b6c646caecd140afcd88c20a31cf8627fa4c07d1f2c7f3a50c0269396379c8fa51363b473d816ab27487eaafeeb0f487f29989e3b499190f08f3ebadc9f26819d736631a727b6e4a94d04e5ea5331c0fa934a879dfc4a61e063a2ac4f88f4c5781f65
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            Subject: O=GlobalSign, OU=GlobalSign Root CA , R3, CN=GlobalSign
+            ValidFrom: '2015-06-04 17:47:53'
+            ValidTo: '2025-06-04 17:47:53'
+        -   Signature: 31d3e258a115d41cea97ae1122b5482d2df37785b800cd8b16ee0e42b12a04e5b75d4c3447e1ffb7da8be87e733164fd2ed0020ab3d1010bf21a78cda4d031c4a75cec091a5072b44e8946476eb7c04c69e2e46af012ce640075751baf523140e803c62108f3b9efff3024a0e27138ba6763d36ca957fb480006e9b824f677b980edb98903a116d529b318753b539854a15778dacc6e4db10e4f3c5748b399f7270b244fe83e59743dbe4576c110bde088b2224d91e0c32bc8e4e5c7a61516602b962d66b01a46ccd5814a71bf9e99aac9604179d90230caea6c1229ecd20d2638084d62ff053dcf29675a0a44de07b9e75d5c3f8aeb66900828b949ea9289a8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            Subject: ??=Private Organization, serialNumber=22178368, ??=TW, C=TW,
+                ST=New Taipei, L=New Taipei, ??=NO.69, LI,DE ST., ZHONGHE DIST., O=MICRO,STAR
+                INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL CO., LTD.
+            ValidFrom: '2019-09-16 08:28:21'
+            ValidTo: '2022-09-16 08:28:21'
+        CertificatesInfo: ''
+        Signer:
+        -   Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Extended Validation CodeSigning
+                CA , SHA256 , G3
+            SerialNumber: 6a7bb9e55c0bbf1def6c739c
+        SignerInfo: ''
+    LoadsDespiteHVCI: 'TRUE'
+-   Authentihash:
+        MD5: a17d227444e090ff69e24fcb6d43162b
+        SHA1: 43d3a3c1f7b14cfcc051cae2534dbbbb4c7fc120
+        SHA256: b8eb26b6f79020ae988e4fb752dc06e1b6779749bf4f8df2872fc2b92bab8020
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2005-05-25 00:39:12'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - RtlInitUnicodeString
+    - ZwClose
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - IoDeleteSymbolicLink
+    - IofCompleteRequest
+    - MmIsAddressValid
+    - ZwUnmapViewOfSection
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - __C_specific_handler
+    - IoDeleteDevice
+    - HalTranslateBusAddress
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: 9a5a35112c4f8016abcc6363b44d3385
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: deb9c1e252f598099d70d2b33a313da3
+        SHA1: f0c2801e0091ed6f5e10ea7045e911aa90030290
+        SHA256: 914fb9761d50c3fa2ecf9fbd8af3735f9b8d6c4903e067c8af9546e79b6f22c7
+    SHA1: 8800a33a37c640922ce6a2996cd822ed4603b8bb
+    SHA256: ad215185dc833c54d523350ef3dbc10b3357a88fc4dde00281d9af81ea0764d5
+    Sections:
+        .text:
+            Entropy: 5.7214393917162045
+            Virtual Size: '0xc74'
+        .rdata:
+            Entropy: 3.4063014058939425
+            Virtual Size: '0x130'
+        .data:
+            Entropy: 2.4884950805464947
+            Virtual Size: '0x58'
+        .pdata:
+            Entropy: 3.1879942043708462
+            Virtual Size: '0x60'
+        INIT:
+            Entropy: 4.4494366822955245
+            Virtual Size: '0x202'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: OU=Timestamping CA, O=GlobalSign, CN=GlobalSign Timestamping
+                CA
+            ValidFrom: '2009-03-18 11:00:00'
+            ValidTo: '2028-01-28 12:00:00'
+            Signature: 5df6cb2b0d0140849f857a43706ae0c5e7aa0600d76713c9089131654f14a8a905dc389e6aa0300abd8dc78028ee4245ca94f3de5845a9803204f5595c6a70003927944df5b44634e81c5331b2b35416e9cc42abd5d959301cfb462725b88723b1e8758824831ec876377b01494548a4ede25dd27c9ca2dc2dba105a126265abae00c710343bcb72bd14240cdcc37627b4a7fee15829f20e169f91391d89a6e60f1c878ce258ac927e243eaaec14e73a33348bc63bac83ab0f14627aba1a2d4d4b1bc530f00b92797d3c78e0f8e6d215965999392b3061e8b8f8c0a1e9221411787dc4dc89bec0bb94e172aeebb540404fef171e585ed0a88996ac9228e9babf
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012019c19066
+            Version: 3
+            TBS:
+                MD5: 42023b9487cafe46c1b6a49c369a362e
+                SHA1: 7c7b524d269334b9f073c32e888e09544c6acd98
+                SHA256: b7126567833f3daa4085ff41e73112daad3d1e3808a942c1936520e2d6c46c78
+                SHA384: 0ee4f63d6f157ec4f6990c3ebb411ccd76cb1e2123c7f692459e43f96c0da2dbf60a2bce6afeacc60621d3055028baea
+        -   Subject: C=BE, O=GlobalSign NV, CN=GlobalSign Time Stamping Authority
+            ValidFrom: '2009-12-21 09:32:56'
+            ValidTo: '2020-12-22 09:32:56'
+            Signature: bc89ecfee63655935c79d4117a86808f17b693b26d9b91a1561811c655eaf608edad9b9ef52b81c8bbdd607b1b47991e6d403e1d80c213d58e04052fdbe7ae529e688472a1e54a603cf89bd52f46d8c3b2b79353ac9b6c432424d1f1fce9562e3411581843eaefff34746ca0c06c7fad031969881e9560cabbbd0cbb76efc724b081c63831cf36ad0c38b89020849b2e8f28b99ff6ca9427cdac396157e0e3955a9c769230f5dea6973d721c2a6032a8334d8635338a5cf3a4fdf7062ce16b4b30f5cbd34362f841b9de7d20cb058c8e2cf65f35fd338d42896508362ca389f45a858bb0b97bdb6ccba1f8d20e1bbb977cd12779be9d7c3be6a75634d8c991a9
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 01000000000125b0b4cc01
+            Version: 3
+            TBS:
+                MD5: e3369c8e5aec0504b3a50455f615d9f9
+                SHA1: 13c244a894b40ecd18aaf97c362f20385bd005a7
+                SHA256: 26da721a670c72836926032fee6920118bfb9bff89cc8d0ce30d9452c33f2532
+                SHA384: 1524902f0e25addc6d74039d439366d2b06199e215004fd8e145369f50ea94a021ce6312e8a62b35470da0309ccb975c
+        -   Subject: C=US, ST=California, L=Brea, O=EVGA, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=EVGA
+            ValidFrom: '2010-04-14 00:00:00'
+            ValidTo: '2012-04-15 23:59:59'
+            Signature: ba96817224593697c9135d803c5fc87767f2a7ed8fa0aa18eab4030a3daed18c55fb7eda8835d0488d18136c0db39d8edf3224790842cdf8580b35324631de717e9279d28d605285615341aeea10a73005d59cbe3138bebfa5003cbcf2971249423d820d6d252a18bf4dd124a1ac0c2f66015cbb23690e1b0fb9d5ce3f047663f1fb6735e54f09cfb6162da298bdc956490586cfdadee74a5766c187223e19112d22f59c7f3f325449afebc42689ec4c9399bd0d97397c37230804a4e5bc17e904008aa9c5972e2332302e57648006d057c9ed8c6384fb42d138971c86079b155c202733b837b3eef122c866ce3e6d8a8d9f1685e618cc2466d623d212b73df6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 79c32d7ddd2458cf2eabe5b1b5c5290f
+            Version: 3
+            TBS:
+                MD5: 5ba772ec00357ae706016510775c7a00
+                SHA1: eeb31b244ea14abae1e947ecdca0d6ae4720031b
+                SHA256: c8e707c2615c26ac78ed06b42dd20bc8ff82bc5e02ddafe2c9af85755097691b
+                SHA384: a1d6af64a5eb3841d632438119fc954354caf3ccea61b69003a7fc9da166a9c653dc0359be2ae2463bffb7b53b0911ac
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 79c32d7ddd2458cf2eabe5b1b5c5290f
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    Imphash: 543f80399f79401471523d335ea61642
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: a17d227444e090ff69e24fcb6d43162b
+        SHA1: 43d3a3c1f7b14cfcc051cae2534dbbbb4c7fc120
+        SHA256: b8eb26b6f79020ae988e4fb752dc06e1b6779749bf4f8df2872fc2b92bab8020
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2005-05-25 00:39:12'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - RtlInitUnicodeString
+    - ZwClose
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - IoDeleteSymbolicLink
+    - IofCompleteRequest
+    - MmIsAddressValid
+    - ZwUnmapViewOfSection
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - __C_specific_handler
+    - IoDeleteDevice
+    - HalTranslateBusAddress
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: a5afd20e34bcd634ebd25b3ab2ff3403
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: deb9c1e252f598099d70d2b33a313da3
+        SHA1: f0c2801e0091ed6f5e10ea7045e911aa90030290
+        SHA256: 914fb9761d50c3fa2ecf9fbd8af3735f9b8d6c4903e067c8af9546e79b6f22c7
+    SHA1: fb349c3cde212ef33a11a9d58a622dc58dff3f74
+    SHA256: d9a2bf0f5ba185170441f003dc46fbb570e1c9fdf2132ab7de28b87ba7ad1a0c
+    Sections:
+        .text:
+            Entropy: 5.7214393917162045
+            Virtual Size: '0xc74'
+        .rdata:
+            Entropy: 3.4063014058939425
+            Virtual Size: '0x130'
+        .data:
+            Entropy: 2.4884950805464947
+            Virtual Size: '0x58'
+        .pdata:
+            Entropy: 3.1879942043708462
+            Virtual Size: '0x60'
+        INIT:
+            Entropy: 4.4494366822955245
+            Virtual Size: '0x202'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: CN=GlobalSign RootSign Partners CA, OU=RootSign Partners CA,
+                O=GlobalSign nv,sa, C=BE
+            ValidFrom: '2003-12-16 13:00:00'
+            ValidTo: '2014-01-27 11:00:00'
+            Signature: 5c2f2e674a26b3e7b53f353cdda003ed569af9443752163065c7d14ea20f8db7b6b6678ee74cec8d95bee6cea7227874acd7f87499b3f7ce8b1338d596cc8d76c52f38b23aae61be0b8799e321626423398d84f6858df777ffb03806f07ec1485fb5ee582606660522749283a7dbb5f992e3e8c3192c2e63efbb1fdff9f70747660d0789977ef8332c9ecbae143df11cdfa3f179afc8928f9471c4d144c554db1eb50b0aa942a3afd643391dee8f9398585bbe6e9c0bf563ec5e99c2f954fa010746da0db06424cf8ed1061d4f3ca26377455ba4bc5fb080bb31e00b54015c161d724ed52a6947d11b667e5f016ef135916be02efeb045d81627b5c58bc2da53
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 040000000000f97faa2e1e
+            Version: 3
+            TBS:
+                MD5: 59466cb0c1788b2f251fce3495837102
+                SHA1: c5cfc5f6a131a3a77c3905c9893c99bb1b2baa0b
+                SHA256: eedda02668f7636eeec69429a7164cc47ca3de0539122d37f5b8078df7ee56db
+                SHA384: 982b72c3ee7066ce80ee642444c91adc60e7009fc6ef981a32edf666591d6aedb09d258e10e86f4ef265eae8149bbd92
+        -   Subject: O=GlobalSign, CN=GlobalSign Time Stamping Authority, emailAddress=timestampinfo@globalsign.com
+            ValidFrom: '2007-02-05 09:00:00'
+            ValidTo: '2014-01-27 09:00:00'
+            Signature: 649b07caaccc411e37ef6f349cb5e8ca48f9daeafaf7172e5cad193b7311ec5adbfd7b213161c092515bb166b07c64d8fe10b471a8bc9e75379c5f6ff2da0437b8ecc003e256b7785995581d7a7c3e18d74c32bdf91ee723457fdee08d65825b45fd64c66fc3d7ea12411d0c395ef696f8c3cd9e1fff51886976988b8eb42788821ad63c7aabb04eb73ee8d434d2c1a439533cb2747b15373054a6ebb924cc2f084b4364f14aaf8d9ce8546cb2dbdc3bb1c722849f558e72a8b2a8f6f0ff03c996ebab8273dabe45561936fdba6cbc71f0d3c7c376d7e4bce2a1a67200cfbdb200ed92aa39ab09d16e3953862ad43b517398b754e9972d9977ee123e3642257f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000011092eb8295
+            Version: 3
+            TBS:
+                MD5: 11d73a3638fc78e0bac6c459feadcc42
+                SHA1: 6636f7dcf81b370b919966f9063295ec84422f91
+                SHA256: 1eb5fc1d2e3254b1e3c4587a6efed87ee65306525e684b4cfa4b51893cfe86a3
+                SHA384: a13c07e505c79c58654ad2cffe219c6c801fa092c52f18c489a6061420c6475706f11c200f4dadd51718c660e49b3f24
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=US, ST=California, L=Brea, O=EVGA, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=EVGA
+            ValidFrom: '2008-04-16 00:00:00'
+            ValidTo: '2010-04-16 23:59:59'
+            Signature: 13a3b8caa6bd8d63308898b0c92b79574e5d122a3ecba9758ec450b7c8c848ee5bc486db6370a8dfeb4c96c2c25512f7a3e759cc57a4d92f1a44fba15ca0c1156d22c49251b4e6a01bb93e4a62522ee5af4286c759c01c66fa5ce4452a4f112d03560bfa9737a3d0f3008b3cc48f2042b4428643f1efb4b99a34d0545c9934f1a6f35819e469430b74ba475a2135660948131cf24c9b1fb84580a1fd63eb3218d282e4f7caf77f4adbecb51e4b8237937eda0b7fcc20fc2273bf38282ee69ae6730b21c5314bcdc3f2e3a1e6f6c3ccb2139800f69d3f2fadc235080214f1c9b11e6a8f2165a45e15cca3c3542c2bac7225208a84828456d2e93cfe8315b092a1
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 546ea040bf5075ce0a5c01d4c6ded19d
+            Version: 3
+            TBS:
+                MD5: 8f51b4e16b87e1cc89b9d0c997227546
+                SHA1: 8f3cdd2b86ae03653f0612911a2f01a9dca49a22
+                SHA256: c7f57b7287c808d2713aba9e368fe387b5825bfbda1bd1824f374beaa8e30be9
+                SHA384: 70423f071aae83c68149b7fca1181f65fd5ee37b1527bb989c3c6b0af7d78b19930c8b2cb517da35f66294eba8768e37
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 546ea040bf5075ce0a5c01d4c6ded19d
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    Imphash: 543f80399f79401471523d335ea61642
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 55466195f0b2f4afc4243b43a806e6d9
+        SHA1: 38b353d8480885de5dcf299deca99ce4f26a1d20
+        SHA256: 5182caf10de9cec0740ecde5a081c21cdc100d7eb328ffe6f3f63183889fec6b
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2011-09-06 06:24:50'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - RtlInitUnicodeString
+    - ZwClose
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - MmMapIoSpace
+    - IoDeleteSymbolicLink
+    - IofCompleteRequest
+    - ZwUnmapViewOfSection
+    - MmUnmapIoSpace
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - __C_specific_handler
+    - IoDeleteDevice
+    - HalTranslateBusAddress
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: 6691e873354f1914692df104718eebad
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 59080883b71fd56bbf10ec0ae4b6bdd4
+        SHA1: 503a36a225568553cc9b05f63b3506c6ff21e12e
+        SHA256: bc812d4ddc3ecfbf38c4d0d185e368fc58bac6e07f722db032bf6303daa7c946
+    SHA1: d3d2fe8080f0b18465520785f3a955e1a24ae462
+    SHA256: 22e125c284a55eb730f03ec27b87ab84cf897f9d046b91c76bea2b5809fd51c5
+    Sections:
+        .text:
+            Entropy: 5.866767422382319
+            Virtual Size: '0x8b4'
+        .rdata:
+            Entropy: 3.095201756852517
+            Virtual Size: '0x110'
+        .data:
+            Entropy: 2.4884950805464947
+            Virtual Size: '0x58'
+        .pdata:
+            Entropy: 3.045843351790575
+            Virtual Size: '0x54'
+        INIT:
+            Entropy: 4.468159720315432
+            Virtual Size: '0x218'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: OU=Timestamping CA, O=GlobalSign, CN=GlobalSign Timestamping
+                CA
+            ValidFrom: '2009-03-18 11:00:00'
+            ValidTo: '2028-01-28 12:00:00'
+            Signature: 5df6cb2b0d0140849f857a43706ae0c5e7aa0600d76713c9089131654f14a8a905dc389e6aa0300abd8dc78028ee4245ca94f3de5845a9803204f5595c6a70003927944df5b44634e81c5331b2b35416e9cc42abd5d959301cfb462725b88723b1e8758824831ec876377b01494548a4ede25dd27c9ca2dc2dba105a126265abae00c710343bcb72bd14240cdcc37627b4a7fee15829f20e169f91391d89a6e60f1c878ce258ac927e243eaaec14e73a33348bc63bac83ab0f14627aba1a2d4d4b1bc530f00b92797d3c78e0f8e6d215965999392b3061e8b8f8c0a1e9221411787dc4dc89bec0bb94e172aeebb540404fef171e585ed0a88996ac9228e9babf
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012019c19066
+            Version: 3
+            TBS:
+                MD5: 42023b9487cafe46c1b6a49c369a362e
+                SHA1: 7c7b524d269334b9f073c32e888e09544c6acd98
+                SHA256: b7126567833f3daa4085ff41e73112daad3d1e3808a942c1936520e2d6c46c78
+                SHA384: 0ee4f63d6f157ec4f6990c3ebb411ccd76cb1e2123c7f692459e43f96c0da2dbf60a2bce6afeacc60621d3055028baea
+        -   Subject: C=BE, O=GlobalSign NV, CN=GlobalSign Time Stamping Authority
+            ValidFrom: '2009-12-21 09:32:56'
+            ValidTo: '2020-12-22 09:32:56'
+            Signature: bc89ecfee63655935c79d4117a86808f17b693b26d9b91a1561811c655eaf608edad9b9ef52b81c8bbdd607b1b47991e6d403e1d80c213d58e04052fdbe7ae529e688472a1e54a603cf89bd52f46d8c3b2b79353ac9b6c432424d1f1fce9562e3411581843eaefff34746ca0c06c7fad031969881e9560cabbbd0cbb76efc724b081c63831cf36ad0c38b89020849b2e8f28b99ff6ca9427cdac396157e0e3955a9c769230f5dea6973d721c2a6032a8334d8635338a5cf3a4fdf7062ce16b4b30f5cbd34362f841b9de7d20cb058c8e2cf65f35fd338d42896508362ca389f45a858bb0b97bdb6ccba1f8d20e1bbb977cd12779be9d7c3be6a75634d8c991a9
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 01000000000125b0b4cc01
+            Version: 3
+            TBS:
+                MD5: e3369c8e5aec0504b3a50455f615d9f9
+                SHA1: 13c244a894b40ecd18aaf97c362f20385bd005a7
+                SHA256: 26da721a670c72836926032fee6920118bfb9bff89cc8d0ce30d9452c33f2532
+                SHA384: 1524902f0e25addc6d74039d439366d2b06199e215004fd8e145369f50ea94a021ce6312e8a62b35470da0309ccb975c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=US, ST=California, L=Brea, O=EVGA, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=EVGA
+            ValidFrom: '2012-02-29 00:00:00'
+            ValidTo: '2014-04-15 23:59:59'
+            Signature: d77d9dbdeea6d42d15335f0b16117963e49d39b89af081160a467824968e611f0947648a83375d1380acca6cbe1117f488b428bcab943b20dad29e72dd48e7d01b080b12c444727bba415a098799abd5e5673dd7eda91787920c3cc53aac068e0a3d1faef713c14f7ec6f68f69a33340b70e81083db2ce1daf45592063235d05232a1d3d8052fc3f102b2b71e1c46275eff3d4a2dc5ee0d5d727d180da205055a3709a32ad6bd11317b1f109e7c5eca18c8293c937ba6f76278bc306c10f0f1bc865cedcf2c2331e7a7f5c0bcfab91786b8ff848d8ef9c59937ddb94f6369884162148f882e7d0c4343538ad23aeb6ab3db0f6d125a8e2fe3889e40ed66bc66a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 26d7f5563eb3e42a81f7c715fcd2799d
+            Version: 3
+            TBS:
+                MD5: e994671d8d440b7739cdd9775bbca72f
+                SHA1: ea9446b39b968aa6953e1bf74a36435759b3d2e3
+                SHA256: 37a9886a67c19d644c74505801f947d3b2756a5540cbd89a0c8d500511cb838d
+                SHA384: 41d34e73f1b002f885c80004e3c366299392258ce5ba880150875ed8811ebc9913dc34cdf7c9800a8303dd512207787c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 26d7f5563eb3e42a81f7c715fcd2799d
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 690a0fb27a0c47c785d6bbbfc2e56501
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: a17d227444e090ff69e24fcb6d43162b
+        SHA1: 43d3a3c1f7b14cfcc051cae2534dbbbb4c7fc120
+        SHA256: b8eb26b6f79020ae988e4fb752dc06e1b6779749bf4f8df2872fc2b92bab8020
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2005-05-25 00:39:12'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - RtlInitUnicodeString
+    - ZwClose
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - IoDeleteSymbolicLink
+    - IofCompleteRequest
+    - MmIsAddressValid
+    - ZwUnmapViewOfSection
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - __C_specific_handler
+    - IoDeleteDevice
+    - HalTranslateBusAddress
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: b994110f069d197222508a724d8afdac
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: deb9c1e252f598099d70d2b33a313da3
+        SHA1: f0c2801e0091ed6f5e10ea7045e911aa90030290
+        SHA256: 914fb9761d50c3fa2ecf9fbd8af3735f9b8d6c4903e067c8af9546e79b6f22c7
+    SHA1: 47df454cb030c1f4f7002d46b1308a32b03148e7
+    SHA256: dd2c1aa4e14c825f3715891bfa2b6264650a794f366d5f73ed1ef1d79ff0dbf9
+    Sections:
+        .text:
+            Entropy: 5.7214393917162045
+            Virtual Size: '0xc74'
+        .rdata:
+            Entropy: 3.4063014058939425
+            Virtual Size: '0x130'
+        .data:
+            Entropy: 2.4884950805464947
+            Virtual Size: '0x58'
+        .pdata:
+            Entropy: 3.1879942043708462
+            Virtual Size: '0x60'
+        INIT:
+            Entropy: 4.4494366822955245
+            Virtual Size: '0x202'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: OU=Timestamping CA, O=GlobalSign, CN=GlobalSign Timestamping
+                CA
+            ValidFrom: '2009-03-18 11:00:00'
+            ValidTo: '2028-01-28 12:00:00'
+            Signature: 5df6cb2b0d0140849f857a43706ae0c5e7aa0600d76713c9089131654f14a8a905dc389e6aa0300abd8dc78028ee4245ca94f3de5845a9803204f5595c6a70003927944df5b44634e81c5331b2b35416e9cc42abd5d959301cfb462725b88723b1e8758824831ec876377b01494548a4ede25dd27c9ca2dc2dba105a126265abae00c710343bcb72bd14240cdcc37627b4a7fee15829f20e169f91391d89a6e60f1c878ce258ac927e243eaaec14e73a33348bc63bac83ab0f14627aba1a2d4d4b1bc530f00b92797d3c78e0f8e6d215965999392b3061e8b8f8c0a1e9221411787dc4dc89bec0bb94e172aeebb540404fef171e585ed0a88996ac9228e9babf
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012019c19066
+            Version: 3
+            TBS:
+                MD5: 42023b9487cafe46c1b6a49c369a362e
+                SHA1: 7c7b524d269334b9f073c32e888e09544c6acd98
+                SHA256: b7126567833f3daa4085ff41e73112daad3d1e3808a942c1936520e2d6c46c78
+                SHA384: 0ee4f63d6f157ec4f6990c3ebb411ccd76cb1e2123c7f692459e43f96c0da2dbf60a2bce6afeacc60621d3055028baea
+        -   Subject: C=BE, O=GlobalSign NV, CN=GlobalSign Time Stamping Authority
+            ValidFrom: '2009-12-21 09:32:56'
+            ValidTo: '2020-12-22 09:32:56'
+            Signature: bc89ecfee63655935c79d4117a86808f17b693b26d9b91a1561811c655eaf608edad9b9ef52b81c8bbdd607b1b47991e6d403e1d80c213d58e04052fdbe7ae529e688472a1e54a603cf89bd52f46d8c3b2b79353ac9b6c432424d1f1fce9562e3411581843eaefff34746ca0c06c7fad031969881e9560cabbbd0cbb76efc724b081c63831cf36ad0c38b89020849b2e8f28b99ff6ca9427cdac396157e0e3955a9c769230f5dea6973d721c2a6032a8334d8635338a5cf3a4fdf7062ce16b4b30f5cbd34362f841b9de7d20cb058c8e2cf65f35fd338d42896508362ca389f45a858bb0b97bdb6ccba1f8d20e1bbb977cd12779be9d7c3be6a75634d8c991a9
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 01000000000125b0b4cc01
+            Version: 3
+            TBS:
+                MD5: e3369c8e5aec0504b3a50455f615d9f9
+                SHA1: 13c244a894b40ecd18aaf97c362f20385bd005a7
+                SHA256: 26da721a670c72836926032fee6920118bfb9bff89cc8d0ce30d9452c33f2532
+                SHA384: 1524902f0e25addc6d74039d439366d2b06199e215004fd8e145369f50ea94a021ce6312e8a62b35470da0309ccb975c
+        -   Subject: C=US, ST=California, L=Brea, O=EVGA, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=EVGA
+            ValidFrom: '2010-04-14 00:00:00'
+            ValidTo: '2012-04-15 23:59:59'
+            Signature: ba96817224593697c9135d803c5fc87767f2a7ed8fa0aa18eab4030a3daed18c55fb7eda8835d0488d18136c0db39d8edf3224790842cdf8580b35324631de717e9279d28d605285615341aeea10a73005d59cbe3138bebfa5003cbcf2971249423d820d6d252a18bf4dd124a1ac0c2f66015cbb23690e1b0fb9d5ce3f047663f1fb6735e54f09cfb6162da298bdc956490586cfdadee74a5766c187223e19112d22f59c7f3f325449afebc42689ec4c9399bd0d97397c37230804a4e5bc17e904008aa9c5972e2332302e57648006d057c9ed8c6384fb42d138971c86079b155c202733b837b3eef122c866ce3e6d8a8d9f1685e618cc2466d623d212b73df6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 79c32d7ddd2458cf2eabe5b1b5c5290f
+            Version: 3
+            TBS:
+                MD5: 5ba772ec00357ae706016510775c7a00
+                SHA1: eeb31b244ea14abae1e947ecdca0d6ae4720031b
+                SHA256: c8e707c2615c26ac78ed06b42dd20bc8ff82bc5e02ddafe2c9af85755097691b
+                SHA384: a1d6af64a5eb3841d632438119fc954354caf3ccea61b69003a7fc9da166a9c653dc0359be2ae2463bffb7b53b0911ac
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 79c32d7ddd2458cf2eabe5b1b5c5290f
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    Imphash: 543f80399f79401471523d335ea61642
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: a17d227444e090ff69e24fcb6d43162b
+        SHA1: 43d3a3c1f7b14cfcc051cae2534dbbbb4c7fc120
+        SHA256: b8eb26b6f79020ae988e4fb752dc06e1b6779749bf4f8df2872fc2b92bab8020
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2005-05-25 00:39:12'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - RtlInitUnicodeString
+    - ZwClose
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - IoDeleteSymbolicLink
+    - IofCompleteRequest
+    - MmIsAddressValid
+    - ZwUnmapViewOfSection
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - __C_specific_handler
+    - IoDeleteDevice
+    - HalTranslateBusAddress
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: 4b194021d6bd6650cbd1aed9370b2329
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: deb9c1e252f598099d70d2b33a313da3
+        SHA1: f0c2801e0091ed6f5e10ea7045e911aa90030290
+        SHA256: 914fb9761d50c3fa2ecf9fbd8af3735f9b8d6c4903e067c8af9546e79b6f22c7
+    SHA1: c8a4a64b412fd8ef079661db4a4a7cd7394514ca
+    SHA256: 96df0b01eeba3e6e50759d400df380db27f0d0e34812d0374d22ac1758230452
+    Sections:
+        .text:
+            Entropy: 5.7214393917162045
+            Virtual Size: '0xc74'
+        .rdata:
+            Entropy: 3.4063014058939425
+            Virtual Size: '0x130'
+        .data:
+            Entropy: 2.4884950805464947
+            Virtual Size: '0x58'
+        .pdata:
+            Entropy: 3.1879942043708462
+            Virtual Size: '0x60'
+        INIT:
+            Entropy: 4.4494366822955245
+            Virtual Size: '0x202'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: CN=GlobalSign RootSign Partners CA, OU=RootSign Partners CA,
+                O=GlobalSign nv,sa, C=BE
+            ValidFrom: '2003-12-16 13:00:00'
+            ValidTo: '2014-01-27 11:00:00'
+            Signature: 5c2f2e674a26b3e7b53f353cdda003ed569af9443752163065c7d14ea20f8db7b6b6678ee74cec8d95bee6cea7227874acd7f87499b3f7ce8b1338d596cc8d76c52f38b23aae61be0b8799e321626423398d84f6858df777ffb03806f07ec1485fb5ee582606660522749283a7dbb5f992e3e8c3192c2e63efbb1fdff9f70747660d0789977ef8332c9ecbae143df11cdfa3f179afc8928f9471c4d144c554db1eb50b0aa942a3afd643391dee8f9398585bbe6e9c0bf563ec5e99c2f954fa010746da0db06424cf8ed1061d4f3ca26377455ba4bc5fb080bb31e00b54015c161d724ed52a6947d11b667e5f016ef135916be02efeb045d81627b5c58bc2da53
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 040000000000f97faa2e1e
+            Version: 3
+            TBS:
+                MD5: 59466cb0c1788b2f251fce3495837102
+                SHA1: c5cfc5f6a131a3a77c3905c9893c99bb1b2baa0b
+                SHA256: eedda02668f7636eeec69429a7164cc47ca3de0539122d37f5b8078df7ee56db
+                SHA384: 982b72c3ee7066ce80ee642444c91adc60e7009fc6ef981a32edf666591d6aedb09d258e10e86f4ef265eae8149bbd92
+        -   Subject: O=GlobalSign, CN=GlobalSign Time Stamping Authority, emailAddress=timestampinfo@globalsign.com
+            ValidFrom: '2007-02-05 09:00:00'
+            ValidTo: '2014-01-27 09:00:00'
+            Signature: 649b07caaccc411e37ef6f349cb5e8ca48f9daeafaf7172e5cad193b7311ec5adbfd7b213161c092515bb166b07c64d8fe10b471a8bc9e75379c5f6ff2da0437b8ecc003e256b7785995581d7a7c3e18d74c32bdf91ee723457fdee08d65825b45fd64c66fc3d7ea12411d0c395ef696f8c3cd9e1fff51886976988b8eb42788821ad63c7aabb04eb73ee8d434d2c1a439533cb2747b15373054a6ebb924cc2f084b4364f14aaf8d9ce8546cb2dbdc3bb1c722849f558e72a8b2a8f6f0ff03c996ebab8273dabe45561936fdba6cbc71f0d3c7c376d7e4bce2a1a67200cfbdb200ed92aa39ab09d16e3953862ad43b517398b754e9972d9977ee123e3642257f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000011092eb8295
+            Version: 3
+            TBS:
+                MD5: 11d73a3638fc78e0bac6c459feadcc42
+                SHA1: 6636f7dcf81b370b919966f9063295ec84422f91
+                SHA256: 1eb5fc1d2e3254b1e3c4587a6efed87ee65306525e684b4cfa4b51893cfe86a3
+                SHA384: a13c07e505c79c58654ad2cffe219c6c801fa092c52f18c489a6061420c6475706f11c200f4dadd51718c660e49b3f24
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=US, ST=California, L=Brea, O=EVGA, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=EVGA
+            ValidFrom: '2008-04-16 00:00:00'
+            ValidTo: '2010-04-16 23:59:59'
+            Signature: 13a3b8caa6bd8d63308898b0c92b79574e5d122a3ecba9758ec450b7c8c848ee5bc486db6370a8dfeb4c96c2c25512f7a3e759cc57a4d92f1a44fba15ca0c1156d22c49251b4e6a01bb93e4a62522ee5af4286c759c01c66fa5ce4452a4f112d03560bfa9737a3d0f3008b3cc48f2042b4428643f1efb4b99a34d0545c9934f1a6f35819e469430b74ba475a2135660948131cf24c9b1fb84580a1fd63eb3218d282e4f7caf77f4adbecb51e4b8237937eda0b7fcc20fc2273bf38282ee69ae6730b21c5314bcdc3f2e3a1e6f6c3ccb2139800f69d3f2fadc235080214f1c9b11e6a8f2165a45e15cca3c3542c2bac7225208a84828456d2e93cfe8315b092a1
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 546ea040bf5075ce0a5c01d4c6ded19d
+            Version: 3
+            TBS:
+                MD5: 8f51b4e16b87e1cc89b9d0c997227546
+                SHA1: 8f3cdd2b86ae03653f0612911a2f01a9dca49a22
+                SHA256: c7f57b7287c808d2713aba9e368fe387b5825bfbda1bd1824f374beaa8e30be9
+                SHA384: 70423f071aae83c68149b7fca1181f65fd5ee37b1527bb989c3c6b0af7d78b19930c8b2cb517da35f66294eba8768e37
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 546ea040bf5075ce0a5c01d4c6ded19d
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    Imphash: 543f80399f79401471523d335ea61642
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 936e49d3eec0a2f433e9d0115a38a2b6
+        SHA1: 5717bf3e520accfff5ad9943e53a3b118fb67f2e
+        SHA256: 918d2e68a724b58d37443aea159e70bf8b1b5ebb089c395cad1d62745ecdaa19
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2013-03-10 23:32:06'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - RtlInitUnicodeString
+    - ZwClose
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - MmMapIoSpace
+    - IoDeleteSymbolicLink
+    - IofCompleteRequest
+    - ZwUnmapViewOfSection
+    - MmUnmapIoSpace
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - __C_specific_handler
+    - IoDeleteDevice
+    - HalTranslateBusAddress
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: 6b16512bffe88146a7915f749bd81641
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 59080883b71fd56bbf10ec0ae4b6bdd4
+        SHA1: 503a36a225568553cc9b05f63b3506c6ff21e12e
+        SHA256: bc812d4ddc3ecfbf38c4d0d185e368fc58bac6e07f722db032bf6303daa7c946
+    SHA1: fad014ec98529644b5db5388d96bc4f9b77dcdc3
+    SHA256: 5fe5a6f88fbbc85be9efe81204eee11dff1a683b426019d330b1276a3b5424f4
+    Sections:
+        .text:
+            Entropy: 5.875896928498946
+            Virtual Size: '0x8c4'
+        .rdata:
+            Entropy: 3.077836082863532
+            Virtual Size: '0x110'
+        .data:
+            Entropy: 2.4884950805464947
+            Virtual Size: '0x58'
+        .pdata:
+            Entropy: 2.9223636591016042
+            Virtual Size: '0x54'
+        INIT:
+            Entropy: 4.468159720315432
+            Virtual Size: '0x218'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: OU=Timestamping CA, O=GlobalSign, CN=GlobalSign Timestamping
+                CA
+            ValidFrom: '2009-03-18 11:00:00'
+            ValidTo: '2028-01-28 12:00:00'
+            Signature: 5df6cb2b0d0140849f857a43706ae0c5e7aa0600d76713c9089131654f14a8a905dc389e6aa0300abd8dc78028ee4245ca94f3de5845a9803204f5595c6a70003927944df5b44634e81c5331b2b35416e9cc42abd5d959301cfb462725b88723b1e8758824831ec876377b01494548a4ede25dd27c9ca2dc2dba105a126265abae00c710343bcb72bd14240cdcc37627b4a7fee15829f20e169f91391d89a6e60f1c878ce258ac927e243eaaec14e73a33348bc63bac83ab0f14627aba1a2d4d4b1bc530f00b92797d3c78e0f8e6d215965999392b3061e8b8f8c0a1e9221411787dc4dc89bec0bb94e172aeebb540404fef171e585ed0a88996ac9228e9babf
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012019c19066
+            Version: 3
+            TBS:
+                MD5: 42023b9487cafe46c1b6a49c369a362e
+                SHA1: 7c7b524d269334b9f073c32e888e09544c6acd98
+                SHA256: b7126567833f3daa4085ff41e73112daad3d1e3808a942c1936520e2d6c46c78
+                SHA384: 0ee4f63d6f157ec4f6990c3ebb411ccd76cb1e2123c7f692459e43f96c0da2dbf60a2bce6afeacc60621d3055028baea
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=BE, O=GlobalSign NV, CN=GlobalSign Time Stamping Authority
+            ValidFrom: '2009-12-21 09:32:56'
+            ValidTo: '2020-12-22 09:32:56'
+            Signature: bc89ecfee63655935c79d4117a86808f17b693b26d9b91a1561811c655eaf608edad9b9ef52b81c8bbdd607b1b47991e6d403e1d80c213d58e04052fdbe7ae529e688472a1e54a603cf89bd52f46d8c3b2b79353ac9b6c432424d1f1fce9562e3411581843eaefff34746ca0c06c7fad031969881e9560cabbbd0cbb76efc724b081c63831cf36ad0c38b89020849b2e8f28b99ff6ca9427cdac396157e0e3955a9c769230f5dea6973d721c2a6032a8334d8635338a5cf3a4fdf7062ce16b4b30f5cbd34362f841b9de7d20cb058c8e2cf65f35fd338d42896508362ca389f45a858bb0b97bdb6ccba1f8d20e1bbb977cd12779be9d7c3be6a75634d8c991a9
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 01000000000125b0b4cc01
+            Version: 3
+            TBS:
+                MD5: e3369c8e5aec0504b3a50455f615d9f9
+                SHA1: 13c244a894b40ecd18aaf97c362f20385bd005a7
+                SHA256: 26da721a670c72836926032fee6920118bfb9bff89cc8d0ce30d9452c33f2532
+                SHA384: 1524902f0e25addc6d74039d439366d2b06199e215004fd8e145369f50ea94a021ce6312e8a62b35470da0309ccb975c
+        -   Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL
+                CO., LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL
+                CO., LTD.
+            ValidFrom: '2011-08-30 06:46:09'
+            ValidTo: '2014-08-30 06:46:09'
+            Signature: 87bf57ab7ffd7e005076b34b14ddd924045ec7e389871661794f1ece1bef10e050893b28236cb650af1415f8cd95e86c2052d93311d73e0bbe6fb1c22ddea438a93c8b18bd4b8c0f81ad07032efb46d406bbaa730dd3ac92cbf0d9cc711a397a0e0320b213a5161e6be83ec69967a712b463129ea56d5a8ecd3ff8901be09dfaa0a0f10e879b307863e1b1c3a3149ac73bc3f3160db7012229b57bced6d47b875878663642a8cddd03da1e7f236b8cf16713a5e0f4c892aaca77a8c7dab41d84567e2bbf09b336a2824e0e18d54d199e6e024d2630bb210cd24a9ef4b377be0429e2ecc9bf8478a8c6a78c686e26f29c95925baee85e4bbb97b6eecffe44a25e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
+            Version: 3
+            TBS:
+                MD5: 3a98a18e8636f2a01e49e2a6d116c360
+                SHA1: a2938150e46525adcec2e3a2348824bc1cf532b2
+                SHA256: 01a2e2d31d0a4f3005753cce5972b5da2a7c08b0750fb6947e0fd231e64ae7ec
+                SHA384: 722398e51e6b5bbe064df372be6b6a9ccfcc9719ad775213cae46920e0a3e6c5a4dc8b912de3148abfc60ff4a59050ea
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 690a0fb27a0c47c785d6bbbfc2e56501
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: a17d227444e090ff69e24fcb6d43162b
+        SHA1: 43d3a3c1f7b14cfcc051cae2534dbbbb4c7fc120
+        SHA256: b8eb26b6f79020ae988e4fb752dc06e1b6779749bf4f8df2872fc2b92bab8020
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2005-05-25 00:39:12'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - RtlInitUnicodeString
+    - ZwClose
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - IoDeleteSymbolicLink
+    - IofCompleteRequest
+    - MmIsAddressValid
+    - ZwUnmapViewOfSection
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - __C_specific_handler
+    - IoDeleteDevice
+    - HalTranslateBusAddress
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: 0be80db5d9368fdb29fe9d9bfdd02e7c
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: deb9c1e252f598099d70d2b33a313da3
+        SHA1: f0c2801e0091ed6f5e10ea7045e911aa90030290
+        SHA256: 914fb9761d50c3fa2ecf9fbd8af3735f9b8d6c4903e067c8af9546e79b6f22c7
+    SHA1: 6cc28df318a9420b49a252d6e8aaeda0330dc67d
+    SHA256: 5de78cf5f0b1b09e7145db84e91a2223c3ed4d83cceb3ef073c068cf88b9d444
+    Sections:
+        .text:
+            Entropy: 5.7214393917162045
+            Virtual Size: '0xc74'
+        .rdata:
+            Entropy: 3.4063014058939425
+            Virtual Size: '0x130'
+        .data:
+            Entropy: 2.4884950805464947
+            Virtual Size: '0x58'
+        .pdata:
+            Entropy: 3.1879942043708462
+            Virtual Size: '0x60'
+        INIT:
+            Entropy: 4.4494366822955245
+            Virtual Size: '0x202'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+    Imphash: 543f80399f79401471523d335ea61642
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: a17d227444e090ff69e24fcb6d43162b
+        SHA1: 43d3a3c1f7b14cfcc051cae2534dbbbb4c7fc120
+        SHA256: b8eb26b6f79020ae988e4fb752dc06e1b6779749bf4f8df2872fc2b92bab8020
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2005-05-25 00:39:12'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - RtlInitUnicodeString
+    - ZwClose
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - IoDeleteSymbolicLink
+    - IofCompleteRequest
+    - MmIsAddressValid
+    - ZwUnmapViewOfSection
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - __C_specific_handler
+    - IoDeleteDevice
+    - HalTranslateBusAddress
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: 61e8367fb57297a949c9a80c2e0e5a38
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: deb9c1e252f598099d70d2b33a313da3
+        SHA1: f0c2801e0091ed6f5e10ea7045e911aa90030290
+        SHA256: 914fb9761d50c3fa2ecf9fbd8af3735f9b8d6c4903e067c8af9546e79b6f22c7
+    SHA1: a37616f0575a683bd81a0f49fadbbc87e1525eba
+    SHA256: d3eaf041ce5f3fd59885ead2cb4ce5c61ac9d83d41f626512942a50e3da7b75a
+    Sections:
+        .text:
+            Entropy: 5.7214393917162045
+            Virtual Size: '0xc74'
+        .rdata:
+            Entropy: 3.4063014058939425
+            Virtual Size: '0x130'
+        .data:
+            Entropy: 2.4884950805464947
+            Virtual Size: '0x58'
+        .pdata:
+            Entropy: 3.1879942043708462
+            Virtual Size: '0x60'
+        INIT:
+            Entropy: 4.4494366822955245
+            Virtual Size: '0x202'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: OU=Timestamping CA, O=GlobalSign, CN=GlobalSign Timestamping
+                CA
+            ValidFrom: '2009-03-18 11:00:00'
+            ValidTo: '2028-01-28 12:00:00'
+            Signature: 5df6cb2b0d0140849f857a43706ae0c5e7aa0600d76713c9089131654f14a8a905dc389e6aa0300abd8dc78028ee4245ca94f3de5845a9803204f5595c6a70003927944df5b44634e81c5331b2b35416e9cc42abd5d959301cfb462725b88723b1e8758824831ec876377b01494548a4ede25dd27c9ca2dc2dba105a126265abae00c710343bcb72bd14240cdcc37627b4a7fee15829f20e169f91391d89a6e60f1c878ce258ac927e243eaaec14e73a33348bc63bac83ab0f14627aba1a2d4d4b1bc530f00b92797d3c78e0f8e6d215965999392b3061e8b8f8c0a1e9221411787dc4dc89bec0bb94e172aeebb540404fef171e585ed0a88996ac9228e9babf
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012019c19066
+            Version: 3
+            TBS:
+                MD5: 42023b9487cafe46c1b6a49c369a362e
+                SHA1: 7c7b524d269334b9f073c32e888e09544c6acd98
+                SHA256: b7126567833f3daa4085ff41e73112daad3d1e3808a942c1936520e2d6c46c78
+                SHA384: 0ee4f63d6f157ec4f6990c3ebb411ccd76cb1e2123c7f692459e43f96c0da2dbf60a2bce6afeacc60621d3055028baea
+        -   Subject: C=BE, O=GlobalSign NV, CN=GlobalSign Time Stamping Authority
+            ValidFrom: '2009-12-21 09:32:56'
+            ValidTo: '2020-12-22 09:32:56'
+            Signature: bc89ecfee63655935c79d4117a86808f17b693b26d9b91a1561811c655eaf608edad9b9ef52b81c8bbdd607b1b47991e6d403e1d80c213d58e04052fdbe7ae529e688472a1e54a603cf89bd52f46d8c3b2b79353ac9b6c432424d1f1fce9562e3411581843eaefff34746ca0c06c7fad031969881e9560cabbbd0cbb76efc724b081c63831cf36ad0c38b89020849b2e8f28b99ff6ca9427cdac396157e0e3955a9c769230f5dea6973d721c2a6032a8334d8635338a5cf3a4fdf7062ce16b4b30f5cbd34362f841b9de7d20cb058c8e2cf65f35fd338d42896508362ca389f45a858bb0b97bdb6ccba1f8d20e1bbb977cd12779be9d7c3be6a75634d8c991a9
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 01000000000125b0b4cc01
+            Version: 3
+            TBS:
+                MD5: e3369c8e5aec0504b3a50455f615d9f9
+                SHA1: 13c244a894b40ecd18aaf97c362f20385bd005a7
+                SHA256: 26da721a670c72836926032fee6920118bfb9bff89cc8d0ce30d9452c33f2532
+                SHA384: 1524902f0e25addc6d74039d439366d2b06199e215004fd8e145369f50ea94a021ce6312e8a62b35470da0309ccb975c
+        -   Subject: C=US, ST=California, L=Brea, O=EVGA, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=EVGA
+            ValidFrom: '2010-04-14 00:00:00'
+            ValidTo: '2012-04-15 23:59:59'
+            Signature: ba96817224593697c9135d803c5fc87767f2a7ed8fa0aa18eab4030a3daed18c55fb7eda8835d0488d18136c0db39d8edf3224790842cdf8580b35324631de717e9279d28d605285615341aeea10a73005d59cbe3138bebfa5003cbcf2971249423d820d6d252a18bf4dd124a1ac0c2f66015cbb23690e1b0fb9d5ce3f047663f1fb6735e54f09cfb6162da298bdc956490586cfdadee74a5766c187223e19112d22f59c7f3f325449afebc42689ec4c9399bd0d97397c37230804a4e5bc17e904008aa9c5972e2332302e57648006d057c9ed8c6384fb42d138971c86079b155c202733b837b3eef122c866ce3e6d8a8d9f1685e618cc2466d623d212b73df6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 79c32d7ddd2458cf2eabe5b1b5c5290f
+            Version: 3
+            TBS:
+                MD5: 5ba772ec00357ae706016510775c7a00
+                SHA1: eeb31b244ea14abae1e947ecdca0d6ae4720031b
+                SHA256: c8e707c2615c26ac78ed06b42dd20bc8ff82bc5e02ddafe2c9af85755097691b
+                SHA384: a1d6af64a5eb3841d632438119fc954354caf3ccea61b69003a7fc9da166a9c653dc0359be2ae2463bffb7b53b0911ac
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 79c32d7ddd2458cf2eabe5b1b5c5290f
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    Imphash: 543f80399f79401471523d335ea61642
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: a17d227444e090ff69e24fcb6d43162b
+        SHA1: 43d3a3c1f7b14cfcc051cae2534dbbbb4c7fc120
+        SHA256: b8eb26b6f79020ae988e4fb752dc06e1b6779749bf4f8df2872fc2b92bab8020
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2005-05-25 00:39:12'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - RtlInitUnicodeString
+    - ZwClose
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - IoDeleteSymbolicLink
+    - IofCompleteRequest
+    - MmIsAddressValid
+    - ZwUnmapViewOfSection
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - __C_specific_handler
+    - IoDeleteDevice
+    - HalTranslateBusAddress
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: 98583b2f2efe12d2a167217a3838c498
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: deb9c1e252f598099d70d2b33a313da3
+        SHA1: f0c2801e0091ed6f5e10ea7045e911aa90030290
+        SHA256: 914fb9761d50c3fa2ecf9fbd8af3735f9b8d6c4903e067c8af9546e79b6f22c7
+    SHA1: 8f266edf9f536c7fc5bb3797a1cf9039fde8e97c
+    SHA256: 5ab48bf8c099611b217cc9f78af2f92e9aaeedf1cea4c95d5dd562f51e9f0d09
+    Sections:
+        .text:
+            Entropy: 5.7214393917162045
+            Virtual Size: '0xc74'
+        .rdata:
+            Entropy: 3.4063014058939425
+            Virtual Size: '0x130'
+        .data:
+            Entropy: 2.4884950805464947
+            Virtual Size: '0x58'
+        .pdata:
+            Entropy: 3.1879942043708462
+            Virtual Size: '0x60'
+        INIT:
+            Entropy: 4.4494366822955245
+            Virtual Size: '0x202'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: OU=Timestamping CA, O=GlobalSign, CN=GlobalSign Timestamping
+                CA
+            ValidFrom: '2009-03-18 11:00:00'
+            ValidTo: '2028-01-28 12:00:00'
+            Signature: 5df6cb2b0d0140849f857a43706ae0c5e7aa0600d76713c9089131654f14a8a905dc389e6aa0300abd8dc78028ee4245ca94f3de5845a9803204f5595c6a70003927944df5b44634e81c5331b2b35416e9cc42abd5d959301cfb462725b88723b1e8758824831ec876377b01494548a4ede25dd27c9ca2dc2dba105a126265abae00c710343bcb72bd14240cdcc37627b4a7fee15829f20e169f91391d89a6e60f1c878ce258ac927e243eaaec14e73a33348bc63bac83ab0f14627aba1a2d4d4b1bc530f00b92797d3c78e0f8e6d215965999392b3061e8b8f8c0a1e9221411787dc4dc89bec0bb94e172aeebb540404fef171e585ed0a88996ac9228e9babf
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012019c19066
+            Version: 3
+            TBS:
+                MD5: 42023b9487cafe46c1b6a49c369a362e
+                SHA1: 7c7b524d269334b9f073c32e888e09544c6acd98
+                SHA256: b7126567833f3daa4085ff41e73112daad3d1e3808a942c1936520e2d6c46c78
+                SHA384: 0ee4f63d6f157ec4f6990c3ebb411ccd76cb1e2123c7f692459e43f96c0da2dbf60a2bce6afeacc60621d3055028baea
+        -   Subject: C=BE, O=GlobalSign NV, CN=GlobalSign Time Stamping Authority
+            ValidFrom: '2009-12-21 09:32:56'
+            ValidTo: '2020-12-22 09:32:56'
+            Signature: bc89ecfee63655935c79d4117a86808f17b693b26d9b91a1561811c655eaf608edad9b9ef52b81c8bbdd607b1b47991e6d403e1d80c213d58e04052fdbe7ae529e688472a1e54a603cf89bd52f46d8c3b2b79353ac9b6c432424d1f1fce9562e3411581843eaefff34746ca0c06c7fad031969881e9560cabbbd0cbb76efc724b081c63831cf36ad0c38b89020849b2e8f28b99ff6ca9427cdac396157e0e3955a9c769230f5dea6973d721c2a6032a8334d8635338a5cf3a4fdf7062ce16b4b30f5cbd34362f841b9de7d20cb058c8e2cf65f35fd338d42896508362ca389f45a858bb0b97bdb6ccba1f8d20e1bbb977cd12779be9d7c3be6a75634d8c991a9
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 01000000000125b0b4cc01
+            Version: 3
+            TBS:
+                MD5: e3369c8e5aec0504b3a50455f615d9f9
+                SHA1: 13c244a894b40ecd18aaf97c362f20385bd005a7
+                SHA256: 26da721a670c72836926032fee6920118bfb9bff89cc8d0ce30d9452c33f2532
+                SHA384: 1524902f0e25addc6d74039d439366d2b06199e215004fd8e145369f50ea94a021ce6312e8a62b35470da0309ccb975c
+        -   Subject: C=US, ST=California, L=Brea, O=EVGA, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=EVGA
+            ValidFrom: '2010-04-14 00:00:00'
+            ValidTo: '2012-04-15 23:59:59'
+            Signature: ba96817224593697c9135d803c5fc87767f2a7ed8fa0aa18eab4030a3daed18c55fb7eda8835d0488d18136c0db39d8edf3224790842cdf8580b35324631de717e9279d28d605285615341aeea10a73005d59cbe3138bebfa5003cbcf2971249423d820d6d252a18bf4dd124a1ac0c2f66015cbb23690e1b0fb9d5ce3f047663f1fb6735e54f09cfb6162da298bdc956490586cfdadee74a5766c187223e19112d22f59c7f3f325449afebc42689ec4c9399bd0d97397c37230804a4e5bc17e904008aa9c5972e2332302e57648006d057c9ed8c6384fb42d138971c86079b155c202733b837b3eef122c866ce3e6d8a8d9f1685e618cc2466d623d212b73df6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 79c32d7ddd2458cf2eabe5b1b5c5290f
+            Version: 3
+            TBS:
+                MD5: 5ba772ec00357ae706016510775c7a00
+                SHA1: eeb31b244ea14abae1e947ecdca0d6ae4720031b
+                SHA256: c8e707c2615c26ac78ed06b42dd20bc8ff82bc5e02ddafe2c9af85755097691b
+                SHA384: a1d6af64a5eb3841d632438119fc954354caf3ccea61b69003a7fc9da166a9c653dc0359be2ae2463bffb7b53b0911ac
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 79c32d7ddd2458cf2eabe5b1b5c5290f
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    Imphash: 543f80399f79401471523d335ea61642
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 55466195f0b2f4afc4243b43a806e6d9
+        SHA1: 38b353d8480885de5dcf299deca99ce4f26a1d20
+        SHA256: 5182caf10de9cec0740ecde5a081c21cdc100d7eb328ffe6f3f63183889fec6b
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2011-09-06 06:24:50'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - RtlInitUnicodeString
+    - ZwClose
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - MmMapIoSpace
+    - IoDeleteSymbolicLink
+    - IofCompleteRequest
+    - ZwUnmapViewOfSection
+    - MmUnmapIoSpace
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - __C_specific_handler
+    - IoDeleteDevice
+    - HalTranslateBusAddress
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: dca1c62c793f84bb2d8e41ca50efbff1
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 59080883b71fd56bbf10ec0ae4b6bdd4
+        SHA1: 503a36a225568553cc9b05f63b3506c6ff21e12e
+        SHA256: bc812d4ddc3ecfbf38c4d0d185e368fc58bac6e07f722db032bf6303daa7c946
+    SHA1: 7cf7644e38746c9be4537b395285888d5572ae1b
+    SHA256: fded693528f7e6ac1af253e0bd2726607308fdaa904f1e7242ed44e1c0b29ae8
+    Sections:
+        .text:
+            Entropy: 5.866767422382319
+            Virtual Size: '0x8b4'
+        .rdata:
+            Entropy: 3.095201756852517
+            Virtual Size: '0x110'
+        .data:
+            Entropy: 2.4884950805464947
+            Virtual Size: '0x58'
+        .pdata:
+            Entropy: 3.045843351790575
+            Virtual Size: '0x54'
+        INIT:
+            Entropy: 4.468159720315432
+            Virtual Size: '0x218'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: OU=Timestamping CA, O=GlobalSign, CN=GlobalSign Timestamping
+                CA
+            ValidFrom: '2009-03-18 11:00:00'
+            ValidTo: '2028-01-28 12:00:00'
+            Signature: 5df6cb2b0d0140849f857a43706ae0c5e7aa0600d76713c9089131654f14a8a905dc389e6aa0300abd8dc78028ee4245ca94f3de5845a9803204f5595c6a70003927944df5b44634e81c5331b2b35416e9cc42abd5d959301cfb462725b88723b1e8758824831ec876377b01494548a4ede25dd27c9ca2dc2dba105a126265abae00c710343bcb72bd14240cdcc37627b4a7fee15829f20e169f91391d89a6e60f1c878ce258ac927e243eaaec14e73a33348bc63bac83ab0f14627aba1a2d4d4b1bc530f00b92797d3c78e0f8e6d215965999392b3061e8b8f8c0a1e9221411787dc4dc89bec0bb94e172aeebb540404fef171e585ed0a88996ac9228e9babf
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012019c19066
+            Version: 3
+            TBS:
+                MD5: 42023b9487cafe46c1b6a49c369a362e
+                SHA1: 7c7b524d269334b9f073c32e888e09544c6acd98
+                SHA256: b7126567833f3daa4085ff41e73112daad3d1e3808a942c1936520e2d6c46c78
+                SHA384: 0ee4f63d6f157ec4f6990c3ebb411ccd76cb1e2123c7f692459e43f96c0da2dbf60a2bce6afeacc60621d3055028baea
+        -   Subject: C=BE, O=GlobalSign NV, CN=GlobalSign Time Stamping Authority
+            ValidFrom: '2009-12-21 09:32:56'
+            ValidTo: '2020-12-22 09:32:56'
+            Signature: bc89ecfee63655935c79d4117a86808f17b693b26d9b91a1561811c655eaf608edad9b9ef52b81c8bbdd607b1b47991e6d403e1d80c213d58e04052fdbe7ae529e688472a1e54a603cf89bd52f46d8c3b2b79353ac9b6c432424d1f1fce9562e3411581843eaefff34746ca0c06c7fad031969881e9560cabbbd0cbb76efc724b081c63831cf36ad0c38b89020849b2e8f28b99ff6ca9427cdac396157e0e3955a9c769230f5dea6973d721c2a6032a8334d8635338a5cf3a4fdf7062ce16b4b30f5cbd34362f841b9de7d20cb058c8e2cf65f35fd338d42896508362ca389f45a858bb0b97bdb6ccba1f8d20e1bbb977cd12779be9d7c3be6a75634d8c991a9
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 01000000000125b0b4cc01
+            Version: 3
+            TBS:
+                MD5: e3369c8e5aec0504b3a50455f615d9f9
+                SHA1: 13c244a894b40ecd18aaf97c362f20385bd005a7
+                SHA256: 26da721a670c72836926032fee6920118bfb9bff89cc8d0ce30d9452c33f2532
+                SHA384: 1524902f0e25addc6d74039d439366d2b06199e215004fd8e145369f50ea94a021ce6312e8a62b35470da0309ccb975c
+        -   Subject: C=US, ST=California, L=Brea, O=EVGA, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=EVGA
+            ValidFrom: '2010-04-14 00:00:00'
+            ValidTo: '2012-04-15 23:59:59'
+            Signature: ba96817224593697c9135d803c5fc87767f2a7ed8fa0aa18eab4030a3daed18c55fb7eda8835d0488d18136c0db39d8edf3224790842cdf8580b35324631de717e9279d28d605285615341aeea10a73005d59cbe3138bebfa5003cbcf2971249423d820d6d252a18bf4dd124a1ac0c2f66015cbb23690e1b0fb9d5ce3f047663f1fb6735e54f09cfb6162da298bdc956490586cfdadee74a5766c187223e19112d22f59c7f3f325449afebc42689ec4c9399bd0d97397c37230804a4e5bc17e904008aa9c5972e2332302e57648006d057c9ed8c6384fb42d138971c86079b155c202733b837b3eef122c866ce3e6d8a8d9f1685e618cc2466d623d212b73df6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 79c32d7ddd2458cf2eabe5b1b5c5290f
+            Version: 3
+            TBS:
+                MD5: 5ba772ec00357ae706016510775c7a00
+                SHA1: eeb31b244ea14abae1e947ecdca0d6ae4720031b
+                SHA256: c8e707c2615c26ac78ed06b42dd20bc8ff82bc5e02ddafe2c9af85755097691b
+                SHA384: a1d6af64a5eb3841d632438119fc954354caf3ccea61b69003a7fc9da166a9c653dc0359be2ae2463bffb7b53b0911ac
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 79c32d7ddd2458cf2eabe5b1b5c5290f
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    Imphash: 690a0fb27a0c47c785d6bbbfc2e56501
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: cfe667280acf69d4b5d0e2dbc76510e4
+        SHA1: b3249bacda6e43aa2c46c2af802c9ee0b7e2fd7b
+        SHA256: 3c9829a16eb85272b0e1a2917feffaab8ddb23e633b168b389669339a0cee0b5
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2015-04-24 01:01:47'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - MmMapIoSpace
+    - __C_specific_handler
+    - ZwClose
+    - ZwUnmapViewOfSection
+    - MmUnmapIoSpace
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - RtlInitUnicodeString
+    - IoDeleteSymbolicLink
+    - IofCompleteRequest
+    - IoDeleteDevice
+    - HalSetBusDataByOffset
+    - HalTranslateBusAddress
+    - HalGetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: 027e10a5048b135862d638b9085d1402
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: ebe2ae976914018e88e9fc480e7b6269
+        SHA1: 960715bfbccb53b6c4eccca3b232b25640e15b52
+        SHA256: d755e9f3cb861f5227319238f1811265e332e36a922b9a25da38b122a791fdfa
+    SHA1: a528cdeed550844ca7d31c9e231a700b4185d0da
+    SHA256: bac1cd96ba242cdf29f8feac501110739f1524f0db1c8fcad59409e77b8928ba
+    Sections:
+        .text:
+            Entropy: 5.874422277751402
+            Virtual Size: '0x9b4'
+        .rdata:
+            Entropy: 3.0356607252090053
+            Virtual Size: '0x120'
+        .data:
+            Entropy: 2.4884950805464947
+            Virtual Size: '0x58'
+        .pdata:
+            Entropy: 2.979061917571089
+            Virtual Size: '0x54'
+        INIT:
+            Entropy: 4.523481595961036
+            Virtual Size: '0x258'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Timestamping CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2028-01-28 12:00:00'
+            Signature: 4e5e56901e46b4d94931f3bb1739281bc216ddfd41dc0905049b6fb2a29ad6992e40990055b5ea3fa52076d38634d417cc553ac782eeefa8babcd8069f1550dfcd167b523a02d7191afdaff0785ce04bc518df3a241edaacb8a95804020730dbb0125efe31bef00448f4f070f83a5e5683cf3dfb0dbcf4c5ed979db9d4dba52784e3389b8ba735864420a43b6da46a0ba183fd28ebdaef28f6cc885dfb0a3b00abe021ebe22f356c0f8e344597eba2f79933357ecb9a8abb454de73f9fc2d98afa65b26ec77e65ffe892e12c31a2f7b02736488f266f3bee4d761f79c3e57f9635bc2d0ecc01b08e7fff518080a792d4b34446648c874f166307314b63b0dff3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee152d7
+            Version: 3
+            TBS:
+                MD5: e140543fe3256027cfa79fc3c19c1776
+                SHA1: c655f94eb1ecc93de319fc0c9a2dc6c5ec063728
+                SHA256: 3ca71e85908ff67368e4dc00253f5691b9e6d50c966e7784143d75fb92aa3448
+                SHA384: d9d366f9328f2b55ee19a32cc5fd5148b81d764282fe5dc196c872ae249caa51d2c212ef39f33945dfe0cda81925e326
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=SG, O=GMO GlobalSign Pte Ltd, CN=GlobalSign TSA for MS Authenticode
+                , G2
+            ValidFrom: '2015-02-03 00:00:00'
+            ValidTo: '2026-03-03 00:00:00'
+            Signature: 8032dc078d1ca09c9d3c2ae83d218b59a14d7ecc44ce03be7eaabcc4e67b73bb4bf188da904e7537283863b9d72b0f54a956ce7739973073cd9bd9d905451c8da4b8035d4fd91c2e98e0e988e6ecd7057e562a7bf7165ba3ad8f972512841bb25c634a0ad2ef10544782843569289c0ce41f141624fa75dc74726e4ecae36a43afcf7d3648d1bde906912c2fa6c871fdcfbdd89d2198fcafdbde228cafa7f377ef9ddca3704b441af078851ef2a58c39b5dc881c37edad14f5070b26bdbe6d025eb1b8b0586c853a0df6ff5a270cc5de53e7543c564cc94e4c30f6f25cfb1a8cc282bead5991f61b4d557bcf5b01dcfd7ad36f235c32479b01f3c15114468a9b
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112106a081d33fd87ae5824cc16b52094e03
+            Version: 3
+            TBS:
+                MD5: a0ac4d48fe852f7b3ed4e623d59a825f
+                SHA1: d4db9846bc4d7db142eeb364286f6de7c102420c
+                SHA256: 78d2e41a13eb4e9171bae2d2adb192cf39210b5231f77cda936bcfbe8c003bdf
+                SHA384: 990ed96dca5979deeedc98a012279f04efb5559d7e7f5084a12f3802ee9439326557aecefd081cff739b78515b5d7f50
+        -   Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL
+                CO., LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL
+                CO., LTD.
+            ValidFrom: '2014-06-03 09:16:15'
+            ValidTo: '2017-09-03 09:16:15'
+            Signature: 8c35a5b5d3503f50119ab8f99b07a4bb4b71cafaf983206f744545c2997ae1762032fa2d37f4780cfe83bfa999d7bcbd863dc4a51ff39978160e2e191482ae6d7f08e8ffa337c96d8c2d38ddf476a497265a890c1bbf0dee89b1abd32343889a3757732d205ba06525fa8f6e15005405a53e55cef71ac0b6af3a640e4c8aef5e950ab8a8b5c8bcddb2ade96ad9473a3d860ae16fdbe3362cabfd916da089167d906d378dbf4534f7ffb77d87baba29f8f5bbbd9b4b7c127ac170a270dc7a7272d38fdf3bbadbfb448d47e5dd4d310a588666a0d66762e1b3704b1e00e39739190c02f4b981cf2d27ba07d2472ec320edf29e263f26278995d162102968c999b3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112158044863e4dc19cf29a85668b7f45842
+            Version: 3
+            TBS:
+                MD5: 403bb44a62aed1a94bd5df05b3292482
+                SHA1: e4a0353e75940ab1e8cbff2f433f186c7f0b0f09
+                SHA256: 5b81998ed98b343c04134c336e03f3051779eae0e9f882e8339593d18556375d
+                SHA384: db0076cad41a0ef4ea68754ef6905bd5ff772adcb745b05c0060344e43588abc95952dc3ad272f5a8f17b206e4089aca
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112158044863e4dc19cf29a85668b7f45842
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: cde9174249f04dad0f79890c976c0792
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: a17d227444e090ff69e24fcb6d43162b
+        SHA1: 43d3a3c1f7b14cfcc051cae2534dbbbb4c7fc120
+        SHA256: b8eb26b6f79020ae988e4fb752dc06e1b6779749bf4f8df2872fc2b92bab8020
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2005-05-25 00:39:12'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - RtlInitUnicodeString
+    - ZwClose
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - IoDeleteSymbolicLink
+    - IofCompleteRequest
+    - MmIsAddressValid
+    - ZwUnmapViewOfSection
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - __C_specific_handler
+    - IoDeleteDevice
+    - HalTranslateBusAddress
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: 592065b29131af32aa18a9e546be9617
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: deb9c1e252f598099d70d2b33a313da3
+        SHA1: f0c2801e0091ed6f5e10ea7045e911aa90030290
+        SHA256: 914fb9761d50c3fa2ecf9fbd8af3735f9b8d6c4903e067c8af9546e79b6f22c7
+    SHA1: 079627e0f5b1ad1fb3fe64038a09bc6e8b8d289d
+    SHA256: f9bc6b2d5822c5b3a7b1023adceb25b47b41e664347860be4603ee81b644590e
+    Sections:
+        .text:
+            Entropy: 5.7214393917162045
+            Virtual Size: '0xc74'
+        .rdata:
+            Entropy: 3.4063014058939425
+            Virtual Size: '0x130'
+        .data:
+            Entropy: 2.4884950805464947
+            Virtual Size: '0x58'
+        .pdata:
+            Entropy: 3.1879942043708462
+            Virtual Size: '0x60'
+        INIT:
+            Entropy: 4.4494366822955245
+            Virtual Size: '0x202'
+    Signature: ''
+    Signatures: {}
+    Imphash: 543f80399f79401471523d335ea61642
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: a17d227444e090ff69e24fcb6d43162b
+        SHA1: 43d3a3c1f7b14cfcc051cae2534dbbbb4c7fc120
+        SHA256: b8eb26b6f79020ae988e4fb752dc06e1b6779749bf4f8df2872fc2b92bab8020
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2005-05-25 00:39:12'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - RtlInitUnicodeString
+    - ZwClose
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - IoDeleteSymbolicLink
+    - IofCompleteRequest
+    - MmIsAddressValid
+    - ZwUnmapViewOfSection
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - __C_specific_handler
+    - IoDeleteDevice
+    - HalTranslateBusAddress
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: ada5f19423f91795c0372ff39d745acf
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: deb9c1e252f598099d70d2b33a313da3
+        SHA1: f0c2801e0091ed6f5e10ea7045e911aa90030290
+        SHA256: 914fb9761d50c3fa2ecf9fbd8af3735f9b8d6c4903e067c8af9546e79b6f22c7
+    SHA1: dd893cd3520b2015790f7f48023d833f8fe81374
+    SHA256: 613d6cc154586c21b330018142a89eac4504e185f0be7f86af975e5b6c046c55
+    Sections:
+        .text:
+            Entropy: 5.7214393917162045
+            Virtual Size: '0xc74'
+        .rdata:
+            Entropy: 3.4063014058939425
+            Virtual Size: '0x130'
+        .data:
+            Entropy: 2.4884950805464947
+            Virtual Size: '0x58'
+        .pdata:
+            Entropy: 3.1879942043708462
+            Virtual Size: '0x60'
+        INIT:
+            Entropy: 4.4494366822955245
+            Virtual Size: '0x202'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: CN=GlobalSign RootSign Partners CA, OU=RootSign Partners CA,
+                O=GlobalSign nv,sa, C=BE
+            ValidFrom: '2003-12-16 13:00:00'
+            ValidTo: '2014-01-27 11:00:00'
+            Signature: 5c2f2e674a26b3e7b53f353cdda003ed569af9443752163065c7d14ea20f8db7b6b6678ee74cec8d95bee6cea7227874acd7f87499b3f7ce8b1338d596cc8d76c52f38b23aae61be0b8799e321626423398d84f6858df777ffb03806f07ec1485fb5ee582606660522749283a7dbb5f992e3e8c3192c2e63efbb1fdff9f70747660d0789977ef8332c9ecbae143df11cdfa3f179afc8928f9471c4d144c554db1eb50b0aa942a3afd643391dee8f9398585bbe6e9c0bf563ec5e99c2f954fa010746da0db06424cf8ed1061d4f3ca26377455ba4bc5fb080bb31e00b54015c161d724ed52a6947d11b667e5f016ef135916be02efeb045d81627b5c58bc2da53
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 040000000000f97faa2e1e
+            Version: 3
+            TBS:
+                MD5: 59466cb0c1788b2f251fce3495837102
+                SHA1: c5cfc5f6a131a3a77c3905c9893c99bb1b2baa0b
+                SHA256: eedda02668f7636eeec69429a7164cc47ca3de0539122d37f5b8078df7ee56db
+                SHA384: 982b72c3ee7066ce80ee642444c91adc60e7009fc6ef981a32edf666591d6aedb09d258e10e86f4ef265eae8149bbd92
+        -   Subject: O=GlobalSign, CN=GlobalSign Time Stamping Authority, emailAddress=timestampinfo@globalsign.com
+            ValidFrom: '2007-02-05 09:00:00'
+            ValidTo: '2014-01-27 09:00:00'
+            Signature: 649b07caaccc411e37ef6f349cb5e8ca48f9daeafaf7172e5cad193b7311ec5adbfd7b213161c092515bb166b07c64d8fe10b471a8bc9e75379c5f6ff2da0437b8ecc003e256b7785995581d7a7c3e18d74c32bdf91ee723457fdee08d65825b45fd64c66fc3d7ea12411d0c395ef696f8c3cd9e1fff51886976988b8eb42788821ad63c7aabb04eb73ee8d434d2c1a439533cb2747b15373054a6ebb924cc2f084b4364f14aaf8d9ce8546cb2dbdc3bb1c722849f558e72a8b2a8f6f0ff03c996ebab8273dabe45561936fdba6cbc71f0d3c7c376d7e4bce2a1a67200cfbdb200ed92aa39ab09d16e3953862ad43b517398b754e9972d9977ee123e3642257f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000011092eb8295
+            Version: 3
+            TBS:
+                MD5: 11d73a3638fc78e0bac6c459feadcc42
+                SHA1: 6636f7dcf81b370b919966f9063295ec84422f91
+                SHA256: 1eb5fc1d2e3254b1e3c4587a6efed87ee65306525e684b4cfa4b51893cfe86a3
+                SHA384: a13c07e505c79c58654ad2cffe219c6c801fa092c52f18c489a6061420c6475706f11c200f4dadd51718c660e49b3f24
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=US, ST=California, L=Brea, O=EVGA, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=EVGA
+            ValidFrom: '2008-04-16 00:00:00'
+            ValidTo: '2010-04-16 23:59:59'
+            Signature: 13a3b8caa6bd8d63308898b0c92b79574e5d122a3ecba9758ec450b7c8c848ee5bc486db6370a8dfeb4c96c2c25512f7a3e759cc57a4d92f1a44fba15ca0c1156d22c49251b4e6a01bb93e4a62522ee5af4286c759c01c66fa5ce4452a4f112d03560bfa9737a3d0f3008b3cc48f2042b4428643f1efb4b99a34d0545c9934f1a6f35819e469430b74ba475a2135660948131cf24c9b1fb84580a1fd63eb3218d282e4f7caf77f4adbecb51e4b8237937eda0b7fcc20fc2273bf38282ee69ae6730b21c5314bcdc3f2e3a1e6f6c3ccb2139800f69d3f2fadc235080214f1c9b11e6a8f2165a45e15cca3c3542c2bac7225208a84828456d2e93cfe8315b092a1
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 546ea040bf5075ce0a5c01d4c6ded19d
+            Version: 3
+            TBS:
+                MD5: 8f51b4e16b87e1cc89b9d0c997227546
+                SHA1: 8f3cdd2b86ae03653f0612911a2f01a9dca49a22
+                SHA256: c7f57b7287c808d2713aba9e368fe387b5825bfbda1bd1824f374beaa8e30be9
+                SHA384: 70423f071aae83c68149b7fca1181f65fd5ee37b1527bb989c3c6b0af7d78b19930c8b2cb517da35f66294eba8768e37
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 546ea040bf5075ce0a5c01d4c6ded19d
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    Imphash: 543f80399f79401471523d335ea61642
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: a17d227444e090ff69e24fcb6d43162b
+        SHA1: 43d3a3c1f7b14cfcc051cae2534dbbbb4c7fc120
+        SHA256: b8eb26b6f79020ae988e4fb752dc06e1b6779749bf4f8df2872fc2b92bab8020
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2005-05-25 00:39:12'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - RtlInitUnicodeString
+    - ZwClose
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - IoDeleteSymbolicLink
+    - IofCompleteRequest
+    - MmIsAddressValid
+    - ZwUnmapViewOfSection
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - __C_specific_handler
+    - IoDeleteDevice
+    - HalTranslateBusAddress
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: 8a108158431e9a7d08e330fd7a46d175
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: deb9c1e252f598099d70d2b33a313da3
+        SHA1: f0c2801e0091ed6f5e10ea7045e911aa90030290
+        SHA256: 914fb9761d50c3fa2ecf9fbd8af3735f9b8d6c4903e067c8af9546e79b6f22c7
+    SHA1: 27aa3f1b4baccd70d95ea75a0a3e54e735728aa2
+    SHA256: 0e10d3c73596e359462dc6bfcb886768486ff59e158f0f872d23c5e9a2f7c168
+    Sections:
+        .text:
+            Entropy: 5.7214393917162045
+            Virtual Size: '0xc74'
+        .rdata:
+            Entropy: 3.4063014058939425
+            Virtual Size: '0x130'
+        .data:
+            Entropy: 2.4884950805464947
+            Virtual Size: '0x58'
+        .pdata:
+            Entropy: 3.1879942043708462
+            Virtual Size: '0x60'
+        INIT:
+            Entropy: 4.4494366822955245
+            Virtual Size: '0x202'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: OU=Timestamping CA, O=GlobalSign, CN=GlobalSign Timestamping
+                CA
+            ValidFrom: '2009-03-18 11:00:00'
+            ValidTo: '2028-01-28 12:00:00'
+            Signature: 5df6cb2b0d0140849f857a43706ae0c5e7aa0600d76713c9089131654f14a8a905dc389e6aa0300abd8dc78028ee4245ca94f3de5845a9803204f5595c6a70003927944df5b44634e81c5331b2b35416e9cc42abd5d959301cfb462725b88723b1e8758824831ec876377b01494548a4ede25dd27c9ca2dc2dba105a126265abae00c710343bcb72bd14240cdcc37627b4a7fee15829f20e169f91391d89a6e60f1c878ce258ac927e243eaaec14e73a33348bc63bac83ab0f14627aba1a2d4d4b1bc530f00b92797d3c78e0f8e6d215965999392b3061e8b8f8c0a1e9221411787dc4dc89bec0bb94e172aeebb540404fef171e585ed0a88996ac9228e9babf
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012019c19066
+            Version: 3
+            TBS:
+                MD5: 42023b9487cafe46c1b6a49c369a362e
+                SHA1: 7c7b524d269334b9f073c32e888e09544c6acd98
+                SHA256: b7126567833f3daa4085ff41e73112daad3d1e3808a942c1936520e2d6c46c78
+                SHA384: 0ee4f63d6f157ec4f6990c3ebb411ccd76cb1e2123c7f692459e43f96c0da2dbf60a2bce6afeacc60621d3055028baea
+        -   Subject: C=BE, O=GlobalSign NV, CN=GlobalSign Time Stamping Authority
+            ValidFrom: '2009-12-21 09:32:56'
+            ValidTo: '2020-12-22 09:32:56'
+            Signature: bc89ecfee63655935c79d4117a86808f17b693b26d9b91a1561811c655eaf608edad9b9ef52b81c8bbdd607b1b47991e6d403e1d80c213d58e04052fdbe7ae529e688472a1e54a603cf89bd52f46d8c3b2b79353ac9b6c432424d1f1fce9562e3411581843eaefff34746ca0c06c7fad031969881e9560cabbbd0cbb76efc724b081c63831cf36ad0c38b89020849b2e8f28b99ff6ca9427cdac396157e0e3955a9c769230f5dea6973d721c2a6032a8334d8635338a5cf3a4fdf7062ce16b4b30f5cbd34362f841b9de7d20cb058c8e2cf65f35fd338d42896508362ca389f45a858bb0b97bdb6ccba1f8d20e1bbb977cd12779be9d7c3be6a75634d8c991a9
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 01000000000125b0b4cc01
+            Version: 3
+            TBS:
+                MD5: e3369c8e5aec0504b3a50455f615d9f9
+                SHA1: 13c244a894b40ecd18aaf97c362f20385bd005a7
+                SHA256: 26da721a670c72836926032fee6920118bfb9bff89cc8d0ce30d9452c33f2532
+                SHA384: 1524902f0e25addc6d74039d439366d2b06199e215004fd8e145369f50ea94a021ce6312e8a62b35470da0309ccb975c
+        -   Subject: C=US, ST=California, L=Brea, O=EVGA, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=EVGA
+            ValidFrom: '2010-04-14 00:00:00'
+            ValidTo: '2012-04-15 23:59:59'
+            Signature: ba96817224593697c9135d803c5fc87767f2a7ed8fa0aa18eab4030a3daed18c55fb7eda8835d0488d18136c0db39d8edf3224790842cdf8580b35324631de717e9279d28d605285615341aeea10a73005d59cbe3138bebfa5003cbcf2971249423d820d6d252a18bf4dd124a1ac0c2f66015cbb23690e1b0fb9d5ce3f047663f1fb6735e54f09cfb6162da298bdc956490586cfdadee74a5766c187223e19112d22f59c7f3f325449afebc42689ec4c9399bd0d97397c37230804a4e5bc17e904008aa9c5972e2332302e57648006d057c9ed8c6384fb42d138971c86079b155c202733b837b3eef122c866ce3e6d8a8d9f1685e618cc2466d623d212b73df6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 79c32d7ddd2458cf2eabe5b1b5c5290f
+            Version: 3
+            TBS:
+                MD5: 5ba772ec00357ae706016510775c7a00
+                SHA1: eeb31b244ea14abae1e947ecdca0d6ae4720031b
+                SHA256: c8e707c2615c26ac78ed06b42dd20bc8ff82bc5e02ddafe2c9af85755097691b
+                SHA384: a1d6af64a5eb3841d632438119fc954354caf3ccea61b69003a7fc9da166a9c653dc0359be2ae2463bffb7b53b0911ac
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 79c32d7ddd2458cf2eabe5b1b5c5290f
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    Imphash: 543f80399f79401471523d335ea61642
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: a17d227444e090ff69e24fcb6d43162b
+        SHA1: 43d3a3c1f7b14cfcc051cae2534dbbbb4c7fc120
+        SHA256: b8eb26b6f79020ae988e4fb752dc06e1b6779749bf4f8df2872fc2b92bab8020
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2005-05-25 00:39:12'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - RtlInitUnicodeString
+    - ZwClose
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - IoDeleteSymbolicLink
+    - IofCompleteRequest
+    - MmIsAddressValid
+    - ZwUnmapViewOfSection
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - __C_specific_handler
+    - IoDeleteDevice
+    - HalTranslateBusAddress
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: c475c7d0f2d934f150b6c32c01479134
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: deb9c1e252f598099d70d2b33a313da3
+        SHA1: f0c2801e0091ed6f5e10ea7045e911aa90030290
+        SHA256: 914fb9761d50c3fa2ecf9fbd8af3735f9b8d6c4903e067c8af9546e79b6f22c7
+    SHA1: 2739c2cfa8306e6f78c335c55639566b3d450644
+    SHA256: 54bf602a6f1baaec5809a630a5c33f76f1c3147e4b05cecf17b96a93b1d41dca
+    Sections:
+        .text:
+            Entropy: 5.7214393917162045
+            Virtual Size: '0xc74'
+        .rdata:
+            Entropy: 3.4063014058939425
+            Virtual Size: '0x130'
+        .data:
+            Entropy: 2.4884950805464947
+            Virtual Size: '0x58'
+        .pdata:
+            Entropy: 3.1879942043708462
+            Virtual Size: '0x60'
+        INIT:
+            Entropy: 4.4494366822955245
+            Virtual Size: '0x202'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: OU=Timestamping CA, O=GlobalSign, CN=GlobalSign Timestamping
+                CA
+            ValidFrom: '2009-03-18 11:00:00'
+            ValidTo: '2028-01-28 12:00:00'
+            Signature: 5df6cb2b0d0140849f857a43706ae0c5e7aa0600d76713c9089131654f14a8a905dc389e6aa0300abd8dc78028ee4245ca94f3de5845a9803204f5595c6a70003927944df5b44634e81c5331b2b35416e9cc42abd5d959301cfb462725b88723b1e8758824831ec876377b01494548a4ede25dd27c9ca2dc2dba105a126265abae00c710343bcb72bd14240cdcc37627b4a7fee15829f20e169f91391d89a6e60f1c878ce258ac927e243eaaec14e73a33348bc63bac83ab0f14627aba1a2d4d4b1bc530f00b92797d3c78e0f8e6d215965999392b3061e8b8f8c0a1e9221411787dc4dc89bec0bb94e172aeebb540404fef171e585ed0a88996ac9228e9babf
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012019c19066
+            Version: 3
+            TBS:
+                MD5: 42023b9487cafe46c1b6a49c369a362e
+                SHA1: 7c7b524d269334b9f073c32e888e09544c6acd98
+                SHA256: b7126567833f3daa4085ff41e73112daad3d1e3808a942c1936520e2d6c46c78
+                SHA384: 0ee4f63d6f157ec4f6990c3ebb411ccd76cb1e2123c7f692459e43f96c0da2dbf60a2bce6afeacc60621d3055028baea
+        -   Subject: C=BE, O=GlobalSign NV, CN=GlobalSign Time Stamping Authority
+            ValidFrom: '2009-12-21 09:32:56'
+            ValidTo: '2020-12-22 09:32:56'
+            Signature: bc89ecfee63655935c79d4117a86808f17b693b26d9b91a1561811c655eaf608edad9b9ef52b81c8bbdd607b1b47991e6d403e1d80c213d58e04052fdbe7ae529e688472a1e54a603cf89bd52f46d8c3b2b79353ac9b6c432424d1f1fce9562e3411581843eaefff34746ca0c06c7fad031969881e9560cabbbd0cbb76efc724b081c63831cf36ad0c38b89020849b2e8f28b99ff6ca9427cdac396157e0e3955a9c769230f5dea6973d721c2a6032a8334d8635338a5cf3a4fdf7062ce16b4b30f5cbd34362f841b9de7d20cb058c8e2cf65f35fd338d42896508362ca389f45a858bb0b97bdb6ccba1f8d20e1bbb977cd12779be9d7c3be6a75634d8c991a9
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 01000000000125b0b4cc01
+            Version: 3
+            TBS:
+                MD5: e3369c8e5aec0504b3a50455f615d9f9
+                SHA1: 13c244a894b40ecd18aaf97c362f20385bd005a7
+                SHA256: 26da721a670c72836926032fee6920118bfb9bff89cc8d0ce30d9452c33f2532
+                SHA384: 1524902f0e25addc6d74039d439366d2b06199e215004fd8e145369f50ea94a021ce6312e8a62b35470da0309ccb975c
+        -   Subject: C=US, ST=California, L=Brea, O=EVGA, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=EVGA
+            ValidFrom: '2010-04-14 00:00:00'
+            ValidTo: '2012-04-15 23:59:59'
+            Signature: ba96817224593697c9135d803c5fc87767f2a7ed8fa0aa18eab4030a3daed18c55fb7eda8835d0488d18136c0db39d8edf3224790842cdf8580b35324631de717e9279d28d605285615341aeea10a73005d59cbe3138bebfa5003cbcf2971249423d820d6d252a18bf4dd124a1ac0c2f66015cbb23690e1b0fb9d5ce3f047663f1fb6735e54f09cfb6162da298bdc956490586cfdadee74a5766c187223e19112d22f59c7f3f325449afebc42689ec4c9399bd0d97397c37230804a4e5bc17e904008aa9c5972e2332302e57648006d057c9ed8c6384fb42d138971c86079b155c202733b837b3eef122c866ce3e6d8a8d9f1685e618cc2466d623d212b73df6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 79c32d7ddd2458cf2eabe5b1b5c5290f
+            Version: 3
+            TBS:
+                MD5: 5ba772ec00357ae706016510775c7a00
+                SHA1: eeb31b244ea14abae1e947ecdca0d6ae4720031b
+                SHA256: c8e707c2615c26ac78ed06b42dd20bc8ff82bc5e02ddafe2c9af85755097691b
+                SHA384: a1d6af64a5eb3841d632438119fc954354caf3ccea61b69003a7fc9da166a9c653dc0359be2ae2463bffb7b53b0911ac
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 79c32d7ddd2458cf2eabe5b1b5c5290f
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    Imphash: 543f80399f79401471523d335ea61642
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: a17d227444e090ff69e24fcb6d43162b
+        SHA1: 43d3a3c1f7b14cfcc051cae2534dbbbb4c7fc120
+        SHA256: b8eb26b6f79020ae988e4fb752dc06e1b6779749bf4f8df2872fc2b92bab8020
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2005-05-25 00:39:12'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - RtlInitUnicodeString
+    - ZwClose
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - IoDeleteSymbolicLink
+    - IofCompleteRequest
+    - MmIsAddressValid
+    - ZwUnmapViewOfSection
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - __C_specific_handler
+    - IoDeleteDevice
+    - HalTranslateBusAddress
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: 79b8119b012352d255961e76605567d6
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: deb9c1e252f598099d70d2b33a313da3
+        SHA1: f0c2801e0091ed6f5e10ea7045e911aa90030290
+        SHA256: 914fb9761d50c3fa2ecf9fbd8af3735f9b8d6c4903e067c8af9546e79b6f22c7
+    SHA1: ea63567ea8d168cb6e9aae705b80a09f927b2f77
+    SHA256: 7149fbd191d7e4941a32a3118ab017426b551d5d369f20c94c4f36ae4ef54f26
+    Sections:
+        .text:
+            Entropy: 5.7214393917162045
+            Virtual Size: '0xc74'
+        .rdata:
+            Entropy: 3.4063014058939425
+            Virtual Size: '0x130'
+        .data:
+            Entropy: 2.4884950805464947
+            Virtual Size: '0x58'
+        .pdata:
+            Entropy: 3.1879942043708462
+            Virtual Size: '0x60'
+        INIT:
+            Entropy: 4.4494366822955245
+            Virtual Size: '0x202'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: CN=GlobalSign RootSign Partners CA, OU=RootSign Partners CA,
+                O=GlobalSign nv,sa, C=BE
+            ValidFrom: '2003-12-16 13:00:00'
+            ValidTo: '2014-01-27 11:00:00'
+            Signature: 5c2f2e674a26b3e7b53f353cdda003ed569af9443752163065c7d14ea20f8db7b6b6678ee74cec8d95bee6cea7227874acd7f87499b3f7ce8b1338d596cc8d76c52f38b23aae61be0b8799e321626423398d84f6858df777ffb03806f07ec1485fb5ee582606660522749283a7dbb5f992e3e8c3192c2e63efbb1fdff9f70747660d0789977ef8332c9ecbae143df11cdfa3f179afc8928f9471c4d144c554db1eb50b0aa942a3afd643391dee8f9398585bbe6e9c0bf563ec5e99c2f954fa010746da0db06424cf8ed1061d4f3ca26377455ba4bc5fb080bb31e00b54015c161d724ed52a6947d11b667e5f016ef135916be02efeb045d81627b5c58bc2da53
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 040000000000f97faa2e1e
+            Version: 3
+            TBS:
+                MD5: 59466cb0c1788b2f251fce3495837102
+                SHA1: c5cfc5f6a131a3a77c3905c9893c99bb1b2baa0b
+                SHA256: eedda02668f7636eeec69429a7164cc47ca3de0539122d37f5b8078df7ee56db
+                SHA384: 982b72c3ee7066ce80ee642444c91adc60e7009fc6ef981a32edf666591d6aedb09d258e10e86f4ef265eae8149bbd92
+        -   Subject: O=GlobalSign, CN=GlobalSign Time Stamping Authority, emailAddress=timestampinfo@globalsign.com
+            ValidFrom: '2007-02-05 09:00:00'
+            ValidTo: '2014-01-27 09:00:00'
+            Signature: 649b07caaccc411e37ef6f349cb5e8ca48f9daeafaf7172e5cad193b7311ec5adbfd7b213161c092515bb166b07c64d8fe10b471a8bc9e75379c5f6ff2da0437b8ecc003e256b7785995581d7a7c3e18d74c32bdf91ee723457fdee08d65825b45fd64c66fc3d7ea12411d0c395ef696f8c3cd9e1fff51886976988b8eb42788821ad63c7aabb04eb73ee8d434d2c1a439533cb2747b15373054a6ebb924cc2f084b4364f14aaf8d9ce8546cb2dbdc3bb1c722849f558e72a8b2a8f6f0ff03c996ebab8273dabe45561936fdba6cbc71f0d3c7c376d7e4bce2a1a67200cfbdb200ed92aa39ab09d16e3953862ad43b517398b754e9972d9977ee123e3642257f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000011092eb8295
+            Version: 3
+            TBS:
+                MD5: 11d73a3638fc78e0bac6c459feadcc42
+                SHA1: 6636f7dcf81b370b919966f9063295ec84422f91
+                SHA256: 1eb5fc1d2e3254b1e3c4587a6efed87ee65306525e684b4cfa4b51893cfe86a3
+                SHA384: a13c07e505c79c58654ad2cffe219c6c801fa092c52f18c489a6061420c6475706f11c200f4dadd51718c660e49b3f24
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=US, ST=California, L=Brea, O=EVGA, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=EVGA
+            ValidFrom: '2008-04-16 00:00:00'
+            ValidTo: '2010-04-16 23:59:59'
+            Signature: 13a3b8caa6bd8d63308898b0c92b79574e5d122a3ecba9758ec450b7c8c848ee5bc486db6370a8dfeb4c96c2c25512f7a3e759cc57a4d92f1a44fba15ca0c1156d22c49251b4e6a01bb93e4a62522ee5af4286c759c01c66fa5ce4452a4f112d03560bfa9737a3d0f3008b3cc48f2042b4428643f1efb4b99a34d0545c9934f1a6f35819e469430b74ba475a2135660948131cf24c9b1fb84580a1fd63eb3218d282e4f7caf77f4adbecb51e4b8237937eda0b7fcc20fc2273bf38282ee69ae6730b21c5314bcdc3f2e3a1e6f6c3ccb2139800f69d3f2fadc235080214f1c9b11e6a8f2165a45e15cca3c3542c2bac7225208a84828456d2e93cfe8315b092a1
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 546ea040bf5075ce0a5c01d4c6ded19d
+            Version: 3
+            TBS:
+                MD5: 8f51b4e16b87e1cc89b9d0c997227546
+                SHA1: 8f3cdd2b86ae03653f0612911a2f01a9dca49a22
+                SHA256: c7f57b7287c808d2713aba9e368fe387b5825bfbda1bd1824f374beaa8e30be9
+                SHA384: 70423f071aae83c68149b7fca1181f65fd5ee37b1527bb989c3c6b0af7d78b19930c8b2cb517da35f66294eba8768e37
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 546ea040bf5075ce0a5c01d4c6ded19d
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    Imphash: 543f80399f79401471523d335ea61642
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: a17d227444e090ff69e24fcb6d43162b
+        SHA1: 43d3a3c1f7b14cfcc051cae2534dbbbb4c7fc120
+        SHA256: b8eb26b6f79020ae988e4fb752dc06e1b6779749bf4f8df2872fc2b92bab8020
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2005-05-25 00:39:12'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - RtlInitUnicodeString
+    - ZwClose
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - IoDeleteSymbolicLink
+    - IofCompleteRequest
+    - MmIsAddressValid
+    - ZwUnmapViewOfSection
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - __C_specific_handler
+    - IoDeleteDevice
+    - HalTranslateBusAddress
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: 6fb3d42a4f07d8115d59eb2ea6504de5
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: deb9c1e252f598099d70d2b33a313da3
+        SHA1: f0c2801e0091ed6f5e10ea7045e911aa90030290
+        SHA256: 914fb9761d50c3fa2ecf9fbd8af3735f9b8d6c4903e067c8af9546e79b6f22c7
+    SHA1: f56186b6a7aa3dd7832c9d821f9d2d93bc2a9360
+    SHA256: 67e9d1f6f7ed58d86b025d3578cb7a3f3c389b9dd425b7f46bb1056e83bffc78
+    Sections:
+        .text:
+            Entropy: 5.7214393917162045
+            Virtual Size: '0xc74'
+        .rdata:
+            Entropy: 3.4063014058939425
+            Virtual Size: '0x130'
+        .data:
+            Entropy: 2.4884950805464947
+            Virtual Size: '0x58'
+        .pdata:
+            Entropy: 3.1879942043708462
+            Virtual Size: '0x60'
+        INIT:
+            Entropy: 4.4494366822955245
+            Virtual Size: '0x202'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
+                Primary Object Publishing CA
+            ValidFrom: '1999-01-28 12:00:00'
+            ValidTo: '2014-01-27 11:00:00'
+            Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9611cd6
+            Version: 3
+            TBS:
+                MD5: 698f075151097d84c0b1f3e7bc3d6fca
+                SHA1: 041750993d7c9e063f02dfe74699598640911aab
+                SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
+                SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
+        -   Subject: C=TW, O=Micro,Star Int'l Co. Ltd., CN=Micro,Star Int'l Co. Ltd.
+            ValidFrom: '2008-08-28 09:49:45'
+            ValidTo: '2011-08-28 09:49:45'
+            Signature: 572df373e9b036711b3cf5ee882e5d75d8d50f012407cf0c1b554ff8f41c7b6477fa0b2ad579f2c1fe7b8b9d7374b690527c219eb979686fb67d0b4cf2885d8d7d1261f05cb72fe4c9f294c52aa05f3e5d1ceb0d77085dbd6af07978032505da666f353283a8982af26985e69c1599479945b591124183574b8a4cc34caa62e31b523dac3fedbd04951b3661399ed34f5c5868d9bbe3295fc09890d9521e1cdcae2ff129f547d4c8ce8aa08616107c555fac60e5b63c14ddfeb6962af3608b75d9c77c69260d8af9775b83afaa15b8ecef6840cb4ee87d451f9042b49735ea40931c0664c8c2bf6a139db6ac5b90edcea63a6bf5b54978f027b1046170d476d0
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0100000000011c08b7f67e
+            Version: 3
+            TBS:
+                MD5: 4566c37f56f951a0ce5b4ae966c0ea9f
+                SHA1: a51cbf2834eb6f8535bc5e44913a9ec979379782
+                SHA256: 88a8e9a799af515b9223e4cdf24d0ef1e72f12124be02786f026a3c26317b417
+                SHA384: d8d8769d5b6a0fe7c56fcde24c735475ee0e5d01c63dbf7690cdae5a3e251818bed42443d0c6424d39e81a19d6c83bdb
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            ValidFrom: '2004-01-22 09:00:00'
+            ValidTo: '2014-01-27 10:00:00'
+            Signature: 3c4a010267edf20a2e736e40252f1dccbc2db652141b27122cf1229e190a89b6ef352a29152b1a88c20f37168d2602d5e93080f608b9939ac0498f332c3035ff4ab9892aa75c38e761a778fe22851a07b4b9edcf21f25ddedff329c5d38d9e14c4285c88e590a300442912b23e759540244a6beee2d0ef862ddf6d741a4f1cc79424c443464f7b81015d23733cd9752e995361565e7ccd13e237d222e570f8a743f6154147fda24702c43651ca545da6cdcad61817533ff1d38e0f0aafda17941657a0991431c90e1611d2c04ca2a25978fbb6b933cff763c9d2c4c84953dd8a59525e7d3b385eed220360ac85cd58325dcdc31c07fa7ef67efbc8ac378be498
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000117ab50b915
+            Version: 3
+            TBS:
+                MD5: 5686b287d716c4d2428b092c4ef30f9c
+                SHA1: 306fb5fbeb3d531510bb4b663c4fd48adc121e14
+                SHA256: 60846fc990e271a707cd2d53d0bb21834a04f7652214aa0c12597ff6649d352d
+                SHA384: 6b37b28ca97b32a31b0fa53b5e961ae0f2d1aae2c5bf46de132e57834ee3968d9af7ad204821f9389cc4e0b5a8481fe8
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 0100000000011c08b7f67e
+            Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            Version: 1
+    Imphash: 543f80399f79401471523d335ea61642
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: a17d227444e090ff69e24fcb6d43162b
+        SHA1: 43d3a3c1f7b14cfcc051cae2534dbbbb4c7fc120
+        SHA256: b8eb26b6f79020ae988e4fb752dc06e1b6779749bf4f8df2872fc2b92bab8020
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2005-05-25 00:39:12'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - RtlInitUnicodeString
+    - ZwClose
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - IoDeleteSymbolicLink
+    - IofCompleteRequest
+    - MmIsAddressValid
+    - ZwUnmapViewOfSection
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - __C_specific_handler
+    - IoDeleteDevice
+    - HalTranslateBusAddress
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: 700e9902b0a28979724582f116288bad
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: deb9c1e252f598099d70d2b33a313da3
+        SHA1: f0c2801e0091ed6f5e10ea7045e911aa90030290
+        SHA256: 914fb9761d50c3fa2ecf9fbd8af3735f9b8d6c4903e067c8af9546e79b6f22c7
+    SHA1: 38a863bcd37c9c56d53274753d5b0e614ba6c8bb
+    SHA256: f48f31bf9c6abbd44124b66bce2ab1200176e31ef1e901733761f2b5ceb60fb2
+    Sections:
+        .text:
+            Entropy: 5.7214393917162045
+            Virtual Size: '0xc74'
+        .rdata:
+            Entropy: 3.4063014058939425
+            Virtual Size: '0x130'
+        .data:
+            Entropy: 2.4884950805464947
+            Virtual Size: '0x58'
+        .pdata:
+            Entropy: 3.1879942043708462
+            Virtual Size: '0x60'
+        INIT:
+            Entropy: 4.4494366822955245
+            Virtual Size: '0x202'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
+                Primary Object Publishing CA
+            ValidFrom: '1999-01-28 12:00:00'
+            ValidTo: '2014-01-27 11:00:00'
+            Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9611cd6
+            Version: 3
+            TBS:
+                MD5: 698f075151097d84c0b1f3e7bc3d6fca
+                SHA1: 041750993d7c9e063f02dfe74699598640911aab
+                SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
+                SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
+        -   Subject: C=TW, O=Micro,Star Int'l Co. Ltd., CN=Micro,Star Int'l Co. Ltd.
+            ValidFrom: '2008-08-28 09:49:45'
+            ValidTo: '2011-08-28 09:49:45'
+            Signature: 572df373e9b036711b3cf5ee882e5d75d8d50f012407cf0c1b554ff8f41c7b6477fa0b2ad579f2c1fe7b8b9d7374b690527c219eb979686fb67d0b4cf2885d8d7d1261f05cb72fe4c9f294c52aa05f3e5d1ceb0d77085dbd6af07978032505da666f353283a8982af26985e69c1599479945b591124183574b8a4cc34caa62e31b523dac3fedbd04951b3661399ed34f5c5868d9bbe3295fc09890d9521e1cdcae2ff129f547d4c8ce8aa08616107c555fac60e5b63c14ddfeb6962af3608b75d9c77c69260d8af9775b83afaa15b8ecef6840cb4ee87d451f9042b49735ea40931c0664c8c2bf6a139db6ac5b90edcea63a6bf5b54978f027b1046170d476d0
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0100000000011c08b7f67e
+            Version: 3
+            TBS:
+                MD5: 4566c37f56f951a0ce5b4ae966c0ea9f
+                SHA1: a51cbf2834eb6f8535bc5e44913a9ec979379782
+                SHA256: 88a8e9a799af515b9223e4cdf24d0ef1e72f12124be02786f026a3c26317b417
+                SHA384: d8d8769d5b6a0fe7c56fcde24c735475ee0e5d01c63dbf7690cdae5a3e251818bed42443d0c6424d39e81a19d6c83bdb
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            ValidFrom: '2004-01-22 09:00:00'
+            ValidTo: '2014-01-27 10:00:00'
+            Signature: 3c4a010267edf20a2e736e40252f1dccbc2db652141b27122cf1229e190a89b6ef352a29152b1a88c20f37168d2602d5e93080f608b9939ac0498f332c3035ff4ab9892aa75c38e761a778fe22851a07b4b9edcf21f25ddedff329c5d38d9e14c4285c88e590a300442912b23e759540244a6beee2d0ef862ddf6d741a4f1cc79424c443464f7b81015d23733cd9752e995361565e7ccd13e237d222e570f8a743f6154147fda24702c43651ca545da6cdcad61817533ff1d38e0f0aafda17941657a0991431c90e1611d2c04ca2a25978fbb6b933cff763c9d2c4c84953dd8a59525e7d3b385eed220360ac85cd58325dcdc31c07fa7ef67efbc8ac378be498
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000117ab50b915
+            Version: 3
+            TBS:
+                MD5: 5686b287d716c4d2428b092c4ef30f9c
+                SHA1: 306fb5fbeb3d531510bb4b663c4fd48adc121e14
+                SHA256: 60846fc990e271a707cd2d53d0bb21834a04f7652214aa0c12597ff6649d352d
+                SHA384: 6b37b28ca97b32a31b0fa53b5e961ae0f2d1aae2c5bf46de132e57834ee3968d9af7ad204821f9389cc4e0b5a8481fe8
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 0100000000011c08b7f67e
+            Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            Version: 1
+    Imphash: 543f80399f79401471523d335ea61642
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 55466195f0b2f4afc4243b43a806e6d9
+        SHA1: 38b353d8480885de5dcf299deca99ce4f26a1d20
+        SHA256: 5182caf10de9cec0740ecde5a081c21cdc100d7eb328ffe6f3f63183889fec6b
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2011-09-06 06:24:50'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - RtlInitUnicodeString
+    - ZwClose
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - MmMapIoSpace
+    - IoDeleteSymbolicLink
+    - IofCompleteRequest
+    - ZwUnmapViewOfSection
+    - MmUnmapIoSpace
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - __C_specific_handler
+    - IoDeleteDevice
+    - HalTranslateBusAddress
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: ef5ba21690c2f4ba7e62bf022b2df1f7
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 59080883b71fd56bbf10ec0ae4b6bdd4
+        SHA1: 503a36a225568553cc9b05f63b3506c6ff21e12e
+        SHA256: bc812d4ddc3ecfbf38c4d0d185e368fc58bac6e07f722db032bf6303daa7c946
+    SHA1: dd49a71f158c879fb8d607cc558b507c7c8bc5b9
+    SHA256: c181ce9a57e8d763db89ba7c45702a8cf66ef1bb58e3f21874cf0265711f886b
+    Sections:
+        .text:
+            Entropy: 5.866767422382319
+            Virtual Size: '0x8b4'
+        .rdata:
+            Entropy: 3.095201756852517
+            Virtual Size: '0x110'
+        .data:
+            Entropy: 2.4884950805464947
+            Virtual Size: '0x58'
+        .pdata:
+            Entropy: 3.045843351790575
+            Virtual Size: '0x54'
+        INIT:
+            Entropy: 4.468159720315432
+            Virtual Size: '0x218'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: OU=Timestamping CA, O=GlobalSign, CN=GlobalSign Timestamping
+                CA
+            ValidFrom: '2009-03-18 11:00:00'
+            ValidTo: '2028-01-28 12:00:00'
+            Signature: 5df6cb2b0d0140849f857a43706ae0c5e7aa0600d76713c9089131654f14a8a905dc389e6aa0300abd8dc78028ee4245ca94f3de5845a9803204f5595c6a70003927944df5b44634e81c5331b2b35416e9cc42abd5d959301cfb462725b88723b1e8758824831ec876377b01494548a4ede25dd27c9ca2dc2dba105a126265abae00c710343bcb72bd14240cdcc37627b4a7fee15829f20e169f91391d89a6e60f1c878ce258ac927e243eaaec14e73a33348bc63bac83ab0f14627aba1a2d4d4b1bc530f00b92797d3c78e0f8e6d215965999392b3061e8b8f8c0a1e9221411787dc4dc89bec0bb94e172aeebb540404fef171e585ed0a88996ac9228e9babf
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012019c19066
+            Version: 3
+            TBS:
+                MD5: 42023b9487cafe46c1b6a49c369a362e
+                SHA1: 7c7b524d269334b9f073c32e888e09544c6acd98
+                SHA256: b7126567833f3daa4085ff41e73112daad3d1e3808a942c1936520e2d6c46c78
+                SHA384: 0ee4f63d6f157ec4f6990c3ebb411ccd76cb1e2123c7f692459e43f96c0da2dbf60a2bce6afeacc60621d3055028baea
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=BE, O=GlobalSign NV, CN=GlobalSign Time Stamping Authority
+            ValidFrom: '2009-12-21 09:32:56'
+            ValidTo: '2020-12-22 09:32:56'
+            Signature: bc89ecfee63655935c79d4117a86808f17b693b26d9b91a1561811c655eaf608edad9b9ef52b81c8bbdd607b1b47991e6d403e1d80c213d58e04052fdbe7ae529e688472a1e54a603cf89bd52f46d8c3b2b79353ac9b6c432424d1f1fce9562e3411581843eaefff34746ca0c06c7fad031969881e9560cabbbd0cbb76efc724b081c63831cf36ad0c38b89020849b2e8f28b99ff6ca9427cdac396157e0e3955a9c769230f5dea6973d721c2a6032a8334d8635338a5cf3a4fdf7062ce16b4b30f5cbd34362f841b9de7d20cb058c8e2cf65f35fd338d42896508362ca389f45a858bb0b97bdb6ccba1f8d20e1bbb977cd12779be9d7c3be6a75634d8c991a9
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 01000000000125b0b4cc01
+            Version: 3
+            TBS:
+                MD5: e3369c8e5aec0504b3a50455f615d9f9
+                SHA1: 13c244a894b40ecd18aaf97c362f20385bd005a7
+                SHA256: 26da721a670c72836926032fee6920118bfb9bff89cc8d0ce30d9452c33f2532
+                SHA384: 1524902f0e25addc6d74039d439366d2b06199e215004fd8e145369f50ea94a021ce6312e8a62b35470da0309ccb975c
+        -   Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL
+                CO., LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL
+                CO., LTD.
+            ValidFrom: '2011-08-30 06:46:09'
+            ValidTo: '2014-08-30 06:46:09'
+            Signature: 87bf57ab7ffd7e005076b34b14ddd924045ec7e389871661794f1ece1bef10e050893b28236cb650af1415f8cd95e86c2052d93311d73e0bbe6fb1c22ddea438a93c8b18bd4b8c0f81ad07032efb46d406bbaa730dd3ac92cbf0d9cc711a397a0e0320b213a5161e6be83ec69967a712b463129ea56d5a8ecd3ff8901be09dfaa0a0f10e879b307863e1b1c3a3149ac73bc3f3160db7012229b57bced6d47b875878663642a8cddd03da1e7f236b8cf16713a5e0f4c892aaca77a8c7dab41d84567e2bbf09b336a2824e0e18d54d199e6e024d2630bb210cd24a9ef4b377be0429e2ecc9bf8478a8c6a78c686e26f29c95925baee85e4bbb97b6eecffe44a25e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
+            Version: 3
+            TBS:
+                MD5: 3a98a18e8636f2a01e49e2a6d116c360
+                SHA1: a2938150e46525adcec2e3a2348824bc1cf532b2
+                SHA256: 01a2e2d31d0a4f3005753cce5972b5da2a7c08b0750fb6947e0fd231e64ae7ec
+                SHA384: 722398e51e6b5bbe064df372be6b6a9ccfcc9719ad775213cae46920e0a3e6c5a4dc8b912de3148abfc60ff4a59050ea
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 690a0fb27a0c47c785d6bbbfc2e56501
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: a17d227444e090ff69e24fcb6d43162b
+        SHA1: 43d3a3c1f7b14cfcc051cae2534dbbbb4c7fc120
+        SHA256: b8eb26b6f79020ae988e4fb752dc06e1b6779749bf4f8df2872fc2b92bab8020
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2005-05-25 00:39:12'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - RtlInitUnicodeString
+    - ZwClose
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - IoDeleteSymbolicLink
+    - IofCompleteRequest
+    - MmIsAddressValid
+    - ZwUnmapViewOfSection
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - __C_specific_handler
+    - IoDeleteDevice
+    - HalTranslateBusAddress
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: d6cc5709aca6a6b868962a6506d48abc
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: deb9c1e252f598099d70d2b33a313da3
+        SHA1: f0c2801e0091ed6f5e10ea7045e911aa90030290
+        SHA256: 914fb9761d50c3fa2ecf9fbd8af3735f9b8d6c4903e067c8af9546e79b6f22c7
+    SHA1: c0568bcdf57db1fa43cdee5a2a12b768a0064622
+    SHA256: ad0309c2d225d8540a47250e3773876e05ce6a47a7767511e2f68645562c0686
+    Sections:
+        .text:
+            Entropy: 5.7214393917162045
+            Virtual Size: '0xc74'
+        .rdata:
+            Entropy: 3.4063014058939425
+            Virtual Size: '0x130'
+        .data:
+            Entropy: 2.4884950805464947
+            Virtual Size: '0x58'
+        .pdata:
+            Entropy: 3.1879942043708462
+            Virtual Size: '0x60'
+        INIT:
+            Entropy: 4.4494366822955245
+            Virtual Size: '0x202'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
+                Primary Object Publishing CA
+            ValidFrom: '1999-01-28 12:00:00'
+            ValidTo: '2014-01-27 11:00:00'
+            Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9611cd6
+            Version: 3
+            TBS:
+                MD5: 698f075151097d84c0b1f3e7bc3d6fca
+                SHA1: 041750993d7c9e063f02dfe74699598640911aab
+                SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
+                SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
+        -   Subject: C=TW, O=Micro,Star Int'l Co. Ltd., CN=Micro,Star Int'l Co. Ltd.
+            ValidFrom: '2008-08-28 09:49:45'
+            ValidTo: '2011-08-28 09:49:45'
+            Signature: 572df373e9b036711b3cf5ee882e5d75d8d50f012407cf0c1b554ff8f41c7b6477fa0b2ad579f2c1fe7b8b9d7374b690527c219eb979686fb67d0b4cf2885d8d7d1261f05cb72fe4c9f294c52aa05f3e5d1ceb0d77085dbd6af07978032505da666f353283a8982af26985e69c1599479945b591124183574b8a4cc34caa62e31b523dac3fedbd04951b3661399ed34f5c5868d9bbe3295fc09890d9521e1cdcae2ff129f547d4c8ce8aa08616107c555fac60e5b63c14ddfeb6962af3608b75d9c77c69260d8af9775b83afaa15b8ecef6840cb4ee87d451f9042b49735ea40931c0664c8c2bf6a139db6ac5b90edcea63a6bf5b54978f027b1046170d476d0
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0100000000011c08b7f67e
+            Version: 3
+            TBS:
+                MD5: 4566c37f56f951a0ce5b4ae966c0ea9f
+                SHA1: a51cbf2834eb6f8535bc5e44913a9ec979379782
+                SHA256: 88a8e9a799af515b9223e4cdf24d0ef1e72f12124be02786f026a3c26317b417
+                SHA384: d8d8769d5b6a0fe7c56fcde24c735475ee0e5d01c63dbf7690cdae5a3e251818bed42443d0c6424d39e81a19d6c83bdb
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            ValidFrom: '2004-01-22 09:00:00'
+            ValidTo: '2014-01-27 10:00:00'
+            Signature: 3c4a010267edf20a2e736e40252f1dccbc2db652141b27122cf1229e190a89b6ef352a29152b1a88c20f37168d2602d5e93080f608b9939ac0498f332c3035ff4ab9892aa75c38e761a778fe22851a07b4b9edcf21f25ddedff329c5d38d9e14c4285c88e590a300442912b23e759540244a6beee2d0ef862ddf6d741a4f1cc79424c443464f7b81015d23733cd9752e995361565e7ccd13e237d222e570f8a743f6154147fda24702c43651ca545da6cdcad61817533ff1d38e0f0aafda17941657a0991431c90e1611d2c04ca2a25978fbb6b933cff763c9d2c4c84953dd8a59525e7d3b385eed220360ac85cd58325dcdc31c07fa7ef67efbc8ac378be498
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000117ab50b915
+            Version: 3
+            TBS:
+                MD5: 5686b287d716c4d2428b092c4ef30f9c
+                SHA1: 306fb5fbeb3d531510bb4b663c4fd48adc121e14
+                SHA256: 60846fc990e271a707cd2d53d0bb21834a04f7652214aa0c12597ff6649d352d
+                SHA384: 6b37b28ca97b32a31b0fa53b5e961ae0f2d1aae2c5bf46de132e57834ee3968d9af7ad204821f9389cc4e0b5a8481fe8
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 0100000000011c08b7f67e
+            Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            Version: 1
+    Imphash: 543f80399f79401471523d335ea61642
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: a17d227444e090ff69e24fcb6d43162b
+        SHA1: 43d3a3c1f7b14cfcc051cae2534dbbbb4c7fc120
+        SHA256: b8eb26b6f79020ae988e4fb752dc06e1b6779749bf4f8df2872fc2b92bab8020
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2005-05-25 00:39:12'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - RtlInitUnicodeString
+    - ZwClose
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - IoDeleteSymbolicLink
+    - IofCompleteRequest
+    - MmIsAddressValid
+    - ZwUnmapViewOfSection
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - __C_specific_handler
+    - IoDeleteDevice
+    - HalTranslateBusAddress
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: adc1e141b57505fd011bc1efb1ae6967
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: deb9c1e252f598099d70d2b33a313da3
+        SHA1: f0c2801e0091ed6f5e10ea7045e911aa90030290
+        SHA256: 914fb9761d50c3fa2ecf9fbd8af3735f9b8d6c4903e067c8af9546e79b6f22c7
+    SHA1: d28b604b9bb608979cc0eab1e9e93e11c721aa3d
+    SHA256: 1c425793a8ce87be916969d6d7e9dd0687b181565c3b483ce53ad1ec6fb72a17
+    Sections:
+        .text:
+            Entropy: 5.7214393917162045
+            Virtual Size: '0xc74'
+        .rdata:
+            Entropy: 3.4063014058939425
+            Virtual Size: '0x130'
+        .data:
+            Entropy: 2.4884950805464947
+            Virtual Size: '0x58'
+        .pdata:
+            Entropy: 3.1879942043708462
+            Virtual Size: '0x60'
+        INIT:
+            Entropy: 4.4494366822955245
+            Virtual Size: '0x202'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: CN=GlobalSign RootSign Partners CA, OU=RootSign Partners CA,
+                O=GlobalSign nv,sa, C=BE
+            ValidFrom: '2003-12-16 13:00:00'
+            ValidTo: '2014-01-27 11:00:00'
+            Signature: 5c2f2e674a26b3e7b53f353cdda003ed569af9443752163065c7d14ea20f8db7b6b6678ee74cec8d95bee6cea7227874acd7f87499b3f7ce8b1338d596cc8d76c52f38b23aae61be0b8799e321626423398d84f6858df777ffb03806f07ec1485fb5ee582606660522749283a7dbb5f992e3e8c3192c2e63efbb1fdff9f70747660d0789977ef8332c9ecbae143df11cdfa3f179afc8928f9471c4d144c554db1eb50b0aa942a3afd643391dee8f9398585bbe6e9c0bf563ec5e99c2f954fa010746da0db06424cf8ed1061d4f3ca26377455ba4bc5fb080bb31e00b54015c161d724ed52a6947d11b667e5f016ef135916be02efeb045d81627b5c58bc2da53
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 040000000000f97faa2e1e
+            Version: 3
+            TBS:
+                MD5: 59466cb0c1788b2f251fce3495837102
+                SHA1: c5cfc5f6a131a3a77c3905c9893c99bb1b2baa0b
+                SHA256: eedda02668f7636eeec69429a7164cc47ca3de0539122d37f5b8078df7ee56db
+                SHA384: 982b72c3ee7066ce80ee642444c91adc60e7009fc6ef981a32edf666591d6aedb09d258e10e86f4ef265eae8149bbd92
+        -   Subject: O=GlobalSign, CN=GlobalSign Time Stamping Authority, emailAddress=timestampinfo@globalsign.com
+            ValidFrom: '2007-02-05 09:00:00'
+            ValidTo: '2014-01-27 09:00:00'
+            Signature: 649b07caaccc411e37ef6f349cb5e8ca48f9daeafaf7172e5cad193b7311ec5adbfd7b213161c092515bb166b07c64d8fe10b471a8bc9e75379c5f6ff2da0437b8ecc003e256b7785995581d7a7c3e18d74c32bdf91ee723457fdee08d65825b45fd64c66fc3d7ea12411d0c395ef696f8c3cd9e1fff51886976988b8eb42788821ad63c7aabb04eb73ee8d434d2c1a439533cb2747b15373054a6ebb924cc2f084b4364f14aaf8d9ce8546cb2dbdc3bb1c722849f558e72a8b2a8f6f0ff03c996ebab8273dabe45561936fdba6cbc71f0d3c7c376d7e4bce2a1a67200cfbdb200ed92aa39ab09d16e3953862ad43b517398b754e9972d9977ee123e3642257f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000011092eb8295
+            Version: 3
+            TBS:
+                MD5: 11d73a3638fc78e0bac6c459feadcc42
+                SHA1: 6636f7dcf81b370b919966f9063295ec84422f91
+                SHA256: 1eb5fc1d2e3254b1e3c4587a6efed87ee65306525e684b4cfa4b51893cfe86a3
+                SHA384: a13c07e505c79c58654ad2cffe219c6c801fa092c52f18c489a6061420c6475706f11c200f4dadd51718c660e49b3f24
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=US, ST=California, L=Brea, O=EVGA, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=EVGA
+            ValidFrom: '2008-04-16 00:00:00'
+            ValidTo: '2010-04-16 23:59:59'
+            Signature: 13a3b8caa6bd8d63308898b0c92b79574e5d122a3ecba9758ec450b7c8c848ee5bc486db6370a8dfeb4c96c2c25512f7a3e759cc57a4d92f1a44fba15ca0c1156d22c49251b4e6a01bb93e4a62522ee5af4286c759c01c66fa5ce4452a4f112d03560bfa9737a3d0f3008b3cc48f2042b4428643f1efb4b99a34d0545c9934f1a6f35819e469430b74ba475a2135660948131cf24c9b1fb84580a1fd63eb3218d282e4f7caf77f4adbecb51e4b8237937eda0b7fcc20fc2273bf38282ee69ae6730b21c5314bcdc3f2e3a1e6f6c3ccb2139800f69d3f2fadc235080214f1c9b11e6a8f2165a45e15cca3c3542c2bac7225208a84828456d2e93cfe8315b092a1
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 546ea040bf5075ce0a5c01d4c6ded19d
+            Version: 3
+            TBS:
+                MD5: 8f51b4e16b87e1cc89b9d0c997227546
+                SHA1: 8f3cdd2b86ae03653f0612911a2f01a9dca49a22
+                SHA256: c7f57b7287c808d2713aba9e368fe387b5825bfbda1bd1824f374beaa8e30be9
+                SHA384: 70423f071aae83c68149b7fca1181f65fd5ee37b1527bb989c3c6b0af7d78b19930c8b2cb517da35f66294eba8768e37
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 546ea040bf5075ce0a5c01d4c6ded19d
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    Imphash: 543f80399f79401471523d335ea61642
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: a17d227444e090ff69e24fcb6d43162b
+        SHA1: 43d3a3c1f7b14cfcc051cae2534dbbbb4c7fc120
+        SHA256: b8eb26b6f79020ae988e4fb752dc06e1b6779749bf4f8df2872fc2b92bab8020
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2005-05-25 00:39:12'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - RtlInitUnicodeString
+    - ZwClose
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - IoDeleteSymbolicLink
+    - IofCompleteRequest
+    - MmIsAddressValid
+    - ZwUnmapViewOfSection
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - __C_specific_handler
+    - IoDeleteDevice
+    - HalTranslateBusAddress
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: 2e887e52e45bba3c47ccd0e75fc5266f
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: deb9c1e252f598099d70d2b33a313da3
+        SHA1: f0c2801e0091ed6f5e10ea7045e911aa90030290
+        SHA256: 914fb9761d50c3fa2ecf9fbd8af3735f9b8d6c4903e067c8af9546e79b6f22c7
+    SHA1: 022f7aa4d0f04d594588ae9fa65c90bcc4bda833
+    SHA256: d21aba58222930cb75946a0fb72b4adc96de583d3f7d8dc13829b804eb877257
+    Sections:
+        .text:
+            Entropy: 5.7214393917162045
+            Virtual Size: '0xc74'
+        .rdata:
+            Entropy: 3.4063014058939425
+            Virtual Size: '0x130'
+        .data:
+            Entropy: 2.4884950805464947
+            Virtual Size: '0x58'
+        .pdata:
+            Entropy: 3.1879942043708462
+            Virtual Size: '0x60'
+        INIT:
+            Entropy: 4.4494366822955245
+            Virtual Size: '0x202'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
+                Primary Object Publishing CA
+            ValidFrom: '1999-01-28 12:00:00'
+            ValidTo: '2014-01-27 11:00:00'
+            Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9611cd6
+            Version: 3
+            TBS:
+                MD5: 698f075151097d84c0b1f3e7bc3d6fca
+                SHA1: 041750993d7c9e063f02dfe74699598640911aab
+                SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
+                SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
+        -   Subject: C=TW, O=Micro,Star Int'l Co. Ltd., CN=Micro,Star Int'l Co. Ltd.
+            ValidFrom: '2008-08-28 09:49:45'
+            ValidTo: '2011-08-28 09:49:45'
+            Signature: 572df373e9b036711b3cf5ee882e5d75d8d50f012407cf0c1b554ff8f41c7b6477fa0b2ad579f2c1fe7b8b9d7374b690527c219eb979686fb67d0b4cf2885d8d7d1261f05cb72fe4c9f294c52aa05f3e5d1ceb0d77085dbd6af07978032505da666f353283a8982af26985e69c1599479945b591124183574b8a4cc34caa62e31b523dac3fedbd04951b3661399ed34f5c5868d9bbe3295fc09890d9521e1cdcae2ff129f547d4c8ce8aa08616107c555fac60e5b63c14ddfeb6962af3608b75d9c77c69260d8af9775b83afaa15b8ecef6840cb4ee87d451f9042b49735ea40931c0664c8c2bf6a139db6ac5b90edcea63a6bf5b54978f027b1046170d476d0
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0100000000011c08b7f67e
+            Version: 3
+            TBS:
+                MD5: 4566c37f56f951a0ce5b4ae966c0ea9f
+                SHA1: a51cbf2834eb6f8535bc5e44913a9ec979379782
+                SHA256: 88a8e9a799af515b9223e4cdf24d0ef1e72f12124be02786f026a3c26317b417
+                SHA384: d8d8769d5b6a0fe7c56fcde24c735475ee0e5d01c63dbf7690cdae5a3e251818bed42443d0c6424d39e81a19d6c83bdb
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            ValidFrom: '2004-01-22 09:00:00'
+            ValidTo: '2014-01-27 10:00:00'
+            Signature: 3c4a010267edf20a2e736e40252f1dccbc2db652141b27122cf1229e190a89b6ef352a29152b1a88c20f37168d2602d5e93080f608b9939ac0498f332c3035ff4ab9892aa75c38e761a778fe22851a07b4b9edcf21f25ddedff329c5d38d9e14c4285c88e590a300442912b23e759540244a6beee2d0ef862ddf6d741a4f1cc79424c443464f7b81015d23733cd9752e995361565e7ccd13e237d222e570f8a743f6154147fda24702c43651ca545da6cdcad61817533ff1d38e0f0aafda17941657a0991431c90e1611d2c04ca2a25978fbb6b933cff763c9d2c4c84953dd8a59525e7d3b385eed220360ac85cd58325dcdc31c07fa7ef67efbc8ac378be498
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000117ab50b915
+            Version: 3
+            TBS:
+                MD5: 5686b287d716c4d2428b092c4ef30f9c
+                SHA1: 306fb5fbeb3d531510bb4b663c4fd48adc121e14
+                SHA256: 60846fc990e271a707cd2d53d0bb21834a04f7652214aa0c12597ff6649d352d
+                SHA384: 6b37b28ca97b32a31b0fa53b5e961ae0f2d1aae2c5bf46de132e57834ee3968d9af7ad204821f9389cc4e0b5a8481fe8
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 0100000000011c08b7f67e
+            Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            Version: 1
+    Imphash: 543f80399f79401471523d335ea61642
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 55466195f0b2f4afc4243b43a806e6d9
+        SHA1: 38b353d8480885de5dcf299deca99ce4f26a1d20
+        SHA256: 5182caf10de9cec0740ecde5a081c21cdc100d7eb328ffe6f3f63183889fec6b
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2011-09-06 06:24:50'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - RtlInitUnicodeString
+    - ZwClose
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - MmMapIoSpace
+    - IoDeleteSymbolicLink
+    - IofCompleteRequest
+    - ZwUnmapViewOfSection
+    - MmUnmapIoSpace
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - __C_specific_handler
+    - IoDeleteDevice
+    - HalTranslateBusAddress
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: 7f7b8cde26c4943c9465e412adbb790f
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 59080883b71fd56bbf10ec0ae4b6bdd4
+        SHA1: 503a36a225568553cc9b05f63b3506c6ff21e12e
+        SHA256: bc812d4ddc3ecfbf38c4d0d185e368fc58bac6e07f722db032bf6303daa7c946
+    SHA1: 879e92a7427bdbcc051a18bbb3727ac68154e825
+    SHA256: 08828990218ebb4415c1bb33fa2b0a009efd0784b18b3f7ecd3bc078343f7208
+    Sections:
+        .text:
+            Entropy: 5.866767422382319
+            Virtual Size: '0x8b4'
+        .rdata:
+            Entropy: 3.095201756852517
+            Virtual Size: '0x110'
+        .data:
+            Entropy: 2.4884950805464947
+            Virtual Size: '0x58'
+        .pdata:
+            Entropy: 3.045843351790575
+            Virtual Size: '0x54'
+        INIT:
+            Entropy: 4.468159720315432
+            Virtual Size: '0x218'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: OU=Timestamping CA, O=GlobalSign, CN=GlobalSign Timestamping
+                CA
+            ValidFrom: '2009-03-18 11:00:00'
+            ValidTo: '2028-01-28 12:00:00'
+            Signature: 5df6cb2b0d0140849f857a43706ae0c5e7aa0600d76713c9089131654f14a8a905dc389e6aa0300abd8dc78028ee4245ca94f3de5845a9803204f5595c6a70003927944df5b44634e81c5331b2b35416e9cc42abd5d959301cfb462725b88723b1e8758824831ec876377b01494548a4ede25dd27c9ca2dc2dba105a126265abae00c710343bcb72bd14240cdcc37627b4a7fee15829f20e169f91391d89a6e60f1c878ce258ac927e243eaaec14e73a33348bc63bac83ab0f14627aba1a2d4d4b1bc530f00b92797d3c78e0f8e6d215965999392b3061e8b8f8c0a1e9221411787dc4dc89bec0bb94e172aeebb540404fef171e585ed0a88996ac9228e9babf
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012019c19066
+            Version: 3
+            TBS:
+                MD5: 42023b9487cafe46c1b6a49c369a362e
+                SHA1: 7c7b524d269334b9f073c32e888e09544c6acd98
+                SHA256: b7126567833f3daa4085ff41e73112daad3d1e3808a942c1936520e2d6c46c78
+                SHA384: 0ee4f63d6f157ec4f6990c3ebb411ccd76cb1e2123c7f692459e43f96c0da2dbf60a2bce6afeacc60621d3055028baea
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=BE, O=GlobalSign NV, CN=GlobalSign Time Stamping Authority
+            ValidFrom: '2009-12-21 09:32:56'
+            ValidTo: '2020-12-22 09:32:56'
+            Signature: bc89ecfee63655935c79d4117a86808f17b693b26d9b91a1561811c655eaf608edad9b9ef52b81c8bbdd607b1b47991e6d403e1d80c213d58e04052fdbe7ae529e688472a1e54a603cf89bd52f46d8c3b2b79353ac9b6c432424d1f1fce9562e3411581843eaefff34746ca0c06c7fad031969881e9560cabbbd0cbb76efc724b081c63831cf36ad0c38b89020849b2e8f28b99ff6ca9427cdac396157e0e3955a9c769230f5dea6973d721c2a6032a8334d8635338a5cf3a4fdf7062ce16b4b30f5cbd34362f841b9de7d20cb058c8e2cf65f35fd338d42896508362ca389f45a858bb0b97bdb6ccba1f8d20e1bbb977cd12779be9d7c3be6a75634d8c991a9
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 01000000000125b0b4cc01
+            Version: 3
+            TBS:
+                MD5: e3369c8e5aec0504b3a50455f615d9f9
+                SHA1: 13c244a894b40ecd18aaf97c362f20385bd005a7
+                SHA256: 26da721a670c72836926032fee6920118bfb9bff89cc8d0ce30d9452c33f2532
+                SHA384: 1524902f0e25addc6d74039d439366d2b06199e215004fd8e145369f50ea94a021ce6312e8a62b35470da0309ccb975c
+        -   Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL
+                CO., LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL
+                CO., LTD.
+            ValidFrom: '2011-08-30 06:46:09'
+            ValidTo: '2014-08-30 06:46:09'
+            Signature: 87bf57ab7ffd7e005076b34b14ddd924045ec7e389871661794f1ece1bef10e050893b28236cb650af1415f8cd95e86c2052d93311d73e0bbe6fb1c22ddea438a93c8b18bd4b8c0f81ad07032efb46d406bbaa730dd3ac92cbf0d9cc711a397a0e0320b213a5161e6be83ec69967a712b463129ea56d5a8ecd3ff8901be09dfaa0a0f10e879b307863e1b1c3a3149ac73bc3f3160db7012229b57bced6d47b875878663642a8cddd03da1e7f236b8cf16713a5e0f4c892aaca77a8c7dab41d84567e2bbf09b336a2824e0e18d54d199e6e024d2630bb210cd24a9ef4b377be0429e2ecc9bf8478a8c6a78c686e26f29c95925baee85e4bbb97b6eecffe44a25e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
+            Version: 3
+            TBS:
+                MD5: 3a98a18e8636f2a01e49e2a6d116c360
+                SHA1: a2938150e46525adcec2e3a2348824bc1cf532b2
+                SHA256: 01a2e2d31d0a4f3005753cce5972b5da2a7c08b0750fb6947e0fd231e64ae7ec
+                SHA384: 722398e51e6b5bbe064df372be6b6a9ccfcc9719ad775213cae46920e0a3e6c5a4dc8b912de3148abfc60ff4a59050ea
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 690a0fb27a0c47c785d6bbbfc2e56501
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 538e5e595c61d2ea8defb7b047784734
+        SHA1: 4a68c2d7a4c471e062a32c83a36eedb45a619683
+        SHA256: 478c36f8af7844a80e24c1822507beef6314519185717ec7ae224a0e04b2f330
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2016-09-30 06:03:17'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - MmMapIoSpace
+    - __C_specific_handler
+    - ZwClose
+    - ZwUnmapViewOfSection
+    - MmUnmapIoSpace
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - RtlInitUnicodeString
+    - IoDeleteSymbolicLink
+    - IofCompleteRequest
+    - IoDeleteDevice
+    - HalTranslateBusAddress
+    - HalGetBusDataByOffset
+    - HalSetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: 86635fdc8e28957e6c01fc483fe7b020
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: ebe2ae976914018e88e9fc480e7b6269
+        SHA1: 960715bfbccb53b6c4eccca3b232b25640e15b52
+        SHA256: d755e9f3cb861f5227319238f1811265e332e36a922b9a25da38b122a791fdfa
+    SHA1: 089411e052ea17d66033155f77ae683c50147018
+    SHA256: 1cedd5815bb6e20d3697103cfc0275f5015f469e6007e8cac16892c97731c695
+    Sections:
+        .text:
+            Entropy: 5.9488831741487855
+            Virtual Size: '0xb64'
+        .rdata:
+            Entropy: 3.0845170472775276
+            Virtual Size: '0x12c'
+        .data:
+            Entropy: 2.4884950805464947
+            Virtual Size: '0x58'
+        .pdata:
+            Entropy: 3.0964706270496722
+            Virtual Size: '0x60'
+        INIT:
+            Entropy: 4.528890116790764
+            Virtual Size: '0x258'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Timestamping CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2028-01-28 12:00:00'
+            Signature: 4e5e56901e46b4d94931f3bb1739281bc216ddfd41dc0905049b6fb2a29ad6992e40990055b5ea3fa52076d38634d417cc553ac782eeefa8babcd8069f1550dfcd167b523a02d7191afdaff0785ce04bc518df3a241edaacb8a95804020730dbb0125efe31bef00448f4f070f83a5e5683cf3dfb0dbcf4c5ed979db9d4dba52784e3389b8ba735864420a43b6da46a0ba183fd28ebdaef28f6cc885dfb0a3b00abe021ebe22f356c0f8e344597eba2f79933357ecb9a8abb454de73f9fc2d98afa65b26ec77e65ffe892e12c31a2f7b02736488f266f3bee4d761f79c3e57f9635bc2d0ecc01b08e7fff518080a792d4b34446648c874f166307314b63b0dff3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee152d7
+            Version: 3
+            TBS:
+                MD5: e140543fe3256027cfa79fc3c19c1776
+                SHA1: c655f94eb1ecc93de319fc0c9a2dc6c5ec063728
+                SHA256: 3ca71e85908ff67368e4dc00253f5691b9e6d50c966e7784143d75fb92aa3448
+                SHA384: d9d366f9328f2b55ee19a32cc5fd5148b81d764282fe5dc196c872ae249caa51d2c212ef39f33945dfe0cda81925e326
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=SG, O=GMO GlobalSign Pte Ltd, CN=GlobalSign TSA for MS Authenticode
+                , G2
+            ValidFrom: '2016-05-24 00:00:00'
+            ValidTo: '2027-06-24 00:00:00'
+            Signature: 8fa91a916d04a637200e8396de23d36b6e1f6edd643d682122b5f84736698ee1a545c724a222b72909cc545aaec6bccd638eb33d5048e5b4ccaecd928d9e288b134a11aabda3efd3b236fcb4a172bf6d9763798c44bc702f7ef3bcdd8253ab1af6ebfa1c97bcb6379ca41c30bcabbc2d4736df922003e871c658f675059a34f00b595a824434aa80e42f84f6475d96c9b6caca9db7a6bae450d3d437b8ba200ed0d3922a5bc459bba16ddb3cce449dc1382aade38dbdcd09771a10be670a02366488b9b31b26eee79e60c446a8bc61336ccf4eb99cb96af09f37feb53d4f9ad34dffde208e4e97a6fd9f09bc4dca1876c9b04d8550f280d21d06f5580407b118
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1121d699a764973ef1f8427ee919cc534114
+            Version: 3
+            TBS:
+                MD5: acb5170547d76873f1e4ff18ed5de2eb
+                SHA1: bd6e261e75b807381bada7287de04d259258a5fa
+                SHA256: 4783380498acf592286ef2dea0fcc5bdea3f54d5e374d3e3497df9d5f662cfb6
+                SHA384: 4f428f115cf3d008248f15f32007fc7c54bd454e1b48b765776b4c87c23ab8818d8fbcbb3646d35eca012b025260a3b8
+        -   Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL
+                CO., LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL
+                CO., LTD.
+            ValidFrom: '2014-06-03 09:16:15'
+            ValidTo: '2017-09-03 09:16:15'
+            Signature: 8c35a5b5d3503f50119ab8f99b07a4bb4b71cafaf983206f744545c2997ae1762032fa2d37f4780cfe83bfa999d7bcbd863dc4a51ff39978160e2e191482ae6d7f08e8ffa337c96d8c2d38ddf476a497265a890c1bbf0dee89b1abd32343889a3757732d205ba06525fa8f6e15005405a53e55cef71ac0b6af3a640e4c8aef5e950ab8a8b5c8bcddb2ade96ad9473a3d860ae16fdbe3362cabfd916da089167d906d378dbf4534f7ffb77d87baba29f8f5bbbd9b4b7c127ac170a270dc7a7272d38fdf3bbadbfb448d47e5dd4d310a588666a0d66762e1b3704b1e00e39739190c02f4b981cf2d27ba07d2472ec320edf29e263f26278995d162102968c999b3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112158044863e4dc19cf29a85668b7f45842
+            Version: 3
+            TBS:
+                MD5: 403bb44a62aed1a94bd5df05b3292482
+                SHA1: e4a0353e75940ab1e8cbff2f433f186c7f0b0f09
+                SHA256: 5b81998ed98b343c04134c336e03f3051779eae0e9f882e8339593d18556375d
+                SHA384: db0076cad41a0ef4ea68754ef6905bd5ff772adcb745b05c0060344e43588abc95952dc3ad272f5a8f17b206e4089aca
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112158044863e4dc19cf29a85668b7f45842
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 7363079b9aae7d58bd33c691a613c83c
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: cfe667280acf69d4b5d0e2dbc76510e4
+        SHA1: b3249bacda6e43aa2c46c2af802c9ee0b7e2fd7b
+        SHA256: 3c9829a16eb85272b0e1a2917feffaab8ddb23e633b168b389669339a0cee0b5
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2015-04-24 01:01:47'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - MmMapIoSpace
+    - __C_specific_handler
+    - ZwClose
+    - ZwUnmapViewOfSection
+    - MmUnmapIoSpace
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - RtlInitUnicodeString
+    - IoDeleteSymbolicLink
+    - IofCompleteRequest
+    - IoDeleteDevice
+    - HalSetBusDataByOffset
+    - HalTranslateBusAddress
+    - HalGetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: e6ea0e8d2edcc6cad3c414a889d17ac4
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: ebe2ae976914018e88e9fc480e7b6269
+        SHA1: 960715bfbccb53b6c4eccca3b232b25640e15b52
+        SHA256: d755e9f3cb861f5227319238f1811265e332e36a922b9a25da38b122a791fdfa
+    SHA1: 9db1585c0fab6a9feb411c39267ac4ad29171696
+    SHA256: a0dd3d43ab891777b11d4fdcb3b7f246b80bc66d12f7810cf268a5f6f4f8eb7b
+    Sections:
+        .text:
+            Entropy: 5.874422277751402
+            Virtual Size: '0x9b4'
+        .rdata:
+            Entropy: 3.0356607252090053
+            Virtual Size: '0x120'
+        .data:
+            Entropy: 2.4884950805464947
+            Virtual Size: '0x58'
+        .pdata:
+            Entropy: 2.979061917571089
+            Virtual Size: '0x54'
+        INIT:
+            Entropy: 4.523481595961036
+            Virtual Size: '0x258'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Timestamping CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2028-01-28 12:00:00'
+            Signature: 4e5e56901e46b4d94931f3bb1739281bc216ddfd41dc0905049b6fb2a29ad6992e40990055b5ea3fa52076d38634d417cc553ac782eeefa8babcd8069f1550dfcd167b523a02d7191afdaff0785ce04bc518df3a241edaacb8a95804020730dbb0125efe31bef00448f4f070f83a5e5683cf3dfb0dbcf4c5ed979db9d4dba52784e3389b8ba735864420a43b6da46a0ba183fd28ebdaef28f6cc885dfb0a3b00abe021ebe22f356c0f8e344597eba2f79933357ecb9a8abb454de73f9fc2d98afa65b26ec77e65ffe892e12c31a2f7b02736488f266f3bee4d761f79c3e57f9635bc2d0ecc01b08e7fff518080a792d4b34446648c874f166307314b63b0dff3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee152d7
+            Version: 3
+            TBS:
+                MD5: e140543fe3256027cfa79fc3c19c1776
+                SHA1: c655f94eb1ecc93de319fc0c9a2dc6c5ec063728
+                SHA256: 3ca71e85908ff67368e4dc00253f5691b9e6d50c966e7784143d75fb92aa3448
+                SHA384: d9d366f9328f2b55ee19a32cc5fd5148b81d764282fe5dc196c872ae249caa51d2c212ef39f33945dfe0cda81925e326
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=SG, O=GMO GlobalSign Pte Ltd, CN=GlobalSign TSA for MS Authenticode
+                , G2
+            ValidFrom: '2015-02-03 00:00:00'
+            ValidTo: '2026-03-03 00:00:00'
+            Signature: 8032dc078d1ca09c9d3c2ae83d218b59a14d7ecc44ce03be7eaabcc4e67b73bb4bf188da904e7537283863b9d72b0f54a956ce7739973073cd9bd9d905451c8da4b8035d4fd91c2e98e0e988e6ecd7057e562a7bf7165ba3ad8f972512841bb25c634a0ad2ef10544782843569289c0ce41f141624fa75dc74726e4ecae36a43afcf7d3648d1bde906912c2fa6c871fdcfbdd89d2198fcafdbde228cafa7f377ef9ddca3704b441af078851ef2a58c39b5dc881c37edad14f5070b26bdbe6d025eb1b8b0586c853a0df6ff5a270cc5de53e7543c564cc94e4c30f6f25cfb1a8cc282bead5991f61b4d557bcf5b01dcfd7ad36f235c32479b01f3c15114468a9b
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112106a081d33fd87ae5824cc16b52094e03
+            Version: 3
+            TBS:
+                MD5: a0ac4d48fe852f7b3ed4e623d59a825f
+                SHA1: d4db9846bc4d7db142eeb364286f6de7c102420c
+                SHA256: 78d2e41a13eb4e9171bae2d2adb192cf39210b5231f77cda936bcfbe8c003bdf
+                SHA384: 990ed96dca5979deeedc98a012279f04efb5559d7e7f5084a12f3802ee9439326557aecefd081cff739b78515b5d7f50
+        -   Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL
+                CO., LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL
+                CO., LTD.
+            ValidFrom: '2014-06-03 09:16:15'
+            ValidTo: '2017-09-03 09:16:15'
+            Signature: 8c35a5b5d3503f50119ab8f99b07a4bb4b71cafaf983206f744545c2997ae1762032fa2d37f4780cfe83bfa999d7bcbd863dc4a51ff39978160e2e191482ae6d7f08e8ffa337c96d8c2d38ddf476a497265a890c1bbf0dee89b1abd32343889a3757732d205ba06525fa8f6e15005405a53e55cef71ac0b6af3a640e4c8aef5e950ab8a8b5c8bcddb2ade96ad9473a3d860ae16fdbe3362cabfd916da089167d906d378dbf4534f7ffb77d87baba29f8f5bbbd9b4b7c127ac170a270dc7a7272d38fdf3bbadbfb448d47e5dd4d310a588666a0d66762e1b3704b1e00e39739190c02f4b981cf2d27ba07d2472ec320edf29e263f26278995d162102968c999b3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112158044863e4dc19cf29a85668b7f45842
+            Version: 3
+            TBS:
+                MD5: 403bb44a62aed1a94bd5df05b3292482
+                SHA1: e4a0353e75940ab1e8cbff2f433f186c7f0b0f09
+                SHA256: 5b81998ed98b343c04134c336e03f3051779eae0e9f882e8339593d18556375d
+                SHA384: db0076cad41a0ef4ea68754ef6905bd5ff772adcb745b05c0060344e43588abc95952dc3ad272f5a8f17b206e4089aca
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112158044863e4dc19cf29a85668b7f45842
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: cde9174249f04dad0f79890c976c0792
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 936e49d3eec0a2f433e9d0115a38a2b6
+        SHA1: 5717bf3e520accfff5ad9943e53a3b118fb67f2e
+        SHA256: 918d2e68a724b58d37443aea159e70bf8b1b5ebb089c395cad1d62745ecdaa19
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2013-03-10 23:32:06'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - RtlInitUnicodeString
+    - ZwClose
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - MmMapIoSpace
+    - IoDeleteSymbolicLink
+    - IofCompleteRequest
+    - ZwUnmapViewOfSection
+    - MmUnmapIoSpace
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - __C_specific_handler
+    - IoDeleteDevice
+    - HalTranslateBusAddress
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: 0d992b69029d1f23a872ff5a3352fb5b
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 59080883b71fd56bbf10ec0ae4b6bdd4
+        SHA1: 503a36a225568553cc9b05f63b3506c6ff21e12e
+        SHA256: bc812d4ddc3ecfbf38c4d0d185e368fc58bac6e07f722db032bf6303daa7c946
+    SHA1: b5dfa3396136236cc9a5c91f06514fa717508ef5
+    SHA256: 0aca4447ee54d635f76b941f6100b829dc8b2e0df27bdf584acb90f15f12fbda
+    Sections:
+        .text:
+            Entropy: 5.875896928498946
+            Virtual Size: '0x8c4'
+        .rdata:
+            Entropy: 3.077836082863532
+            Virtual Size: '0x110'
+        .data:
+            Entropy: 2.4884950805464947
+            Virtual Size: '0x58'
+        .pdata:
+            Entropy: 2.9223636591016042
+            Virtual Size: '0x54'
+        INIT:
+            Entropy: 4.468159720315432
+            Virtual Size: '0x218'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: OU=Timestamping CA, O=GlobalSign, CN=GlobalSign Timestamping
+                CA
+            ValidFrom: '2009-03-18 11:00:00'
+            ValidTo: '2028-01-28 12:00:00'
+            Signature: 5df6cb2b0d0140849f857a43706ae0c5e7aa0600d76713c9089131654f14a8a905dc389e6aa0300abd8dc78028ee4245ca94f3de5845a9803204f5595c6a70003927944df5b44634e81c5331b2b35416e9cc42abd5d959301cfb462725b88723b1e8758824831ec876377b01494548a4ede25dd27c9ca2dc2dba105a126265abae00c710343bcb72bd14240cdcc37627b4a7fee15829f20e169f91391d89a6e60f1c878ce258ac927e243eaaec14e73a33348bc63bac83ab0f14627aba1a2d4d4b1bc530f00b92797d3c78e0f8e6d215965999392b3061e8b8f8c0a1e9221411787dc4dc89bec0bb94e172aeebb540404fef171e585ed0a88996ac9228e9babf
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012019c19066
+            Version: 3
+            TBS:
+                MD5: 42023b9487cafe46c1b6a49c369a362e
+                SHA1: 7c7b524d269334b9f073c32e888e09544c6acd98
+                SHA256: b7126567833f3daa4085ff41e73112daad3d1e3808a942c1936520e2d6c46c78
+                SHA384: 0ee4f63d6f157ec4f6990c3ebb411ccd76cb1e2123c7f692459e43f96c0da2dbf60a2bce6afeacc60621d3055028baea
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=BE, O=GlobalSign NV, CN=GlobalSign Time Stamping Authority
+            ValidFrom: '2009-12-21 09:32:56'
+            ValidTo: '2020-12-22 09:32:56'
+            Signature: bc89ecfee63655935c79d4117a86808f17b693b26d9b91a1561811c655eaf608edad9b9ef52b81c8bbdd607b1b47991e6d403e1d80c213d58e04052fdbe7ae529e688472a1e54a603cf89bd52f46d8c3b2b79353ac9b6c432424d1f1fce9562e3411581843eaefff34746ca0c06c7fad031969881e9560cabbbd0cbb76efc724b081c63831cf36ad0c38b89020849b2e8f28b99ff6ca9427cdac396157e0e3955a9c769230f5dea6973d721c2a6032a8334d8635338a5cf3a4fdf7062ce16b4b30f5cbd34362f841b9de7d20cb058c8e2cf65f35fd338d42896508362ca389f45a858bb0b97bdb6ccba1f8d20e1bbb977cd12779be9d7c3be6a75634d8c991a9
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 01000000000125b0b4cc01
+            Version: 3
+            TBS:
+                MD5: e3369c8e5aec0504b3a50455f615d9f9
+                SHA1: 13c244a894b40ecd18aaf97c362f20385bd005a7
+                SHA256: 26da721a670c72836926032fee6920118bfb9bff89cc8d0ce30d9452c33f2532
+                SHA384: 1524902f0e25addc6d74039d439366d2b06199e215004fd8e145369f50ea94a021ce6312e8a62b35470da0309ccb975c
+        -   Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL
+                CO., LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL
+                CO., LTD.
+            ValidFrom: '2011-08-30 06:46:09'
+            ValidTo: '2014-08-30 06:46:09'
+            Signature: 87bf57ab7ffd7e005076b34b14ddd924045ec7e389871661794f1ece1bef10e050893b28236cb650af1415f8cd95e86c2052d93311d73e0bbe6fb1c22ddea438a93c8b18bd4b8c0f81ad07032efb46d406bbaa730dd3ac92cbf0d9cc711a397a0e0320b213a5161e6be83ec69967a712b463129ea56d5a8ecd3ff8901be09dfaa0a0f10e879b307863e1b1c3a3149ac73bc3f3160db7012229b57bced6d47b875878663642a8cddd03da1e7f236b8cf16713a5e0f4c892aaca77a8c7dab41d84567e2bbf09b336a2824e0e18d54d199e6e024d2630bb210cd24a9ef4b377be0429e2ecc9bf8478a8c6a78c686e26f29c95925baee85e4bbb97b6eecffe44a25e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
+            Version: 3
+            TBS:
+                MD5: 3a98a18e8636f2a01e49e2a6d116c360
+                SHA1: a2938150e46525adcec2e3a2348824bc1cf532b2
+                SHA256: 01a2e2d31d0a4f3005753cce5972b5da2a7c08b0750fb6947e0fd231e64ae7ec
+                SHA384: 722398e51e6b5bbe064df372be6b6a9ccfcc9719ad775213cae46920e0a3e6c5a4dc8b912de3148abfc60ff4a59050ea
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 690a0fb27a0c47c785d6bbbfc2e56501
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 936e49d3eec0a2f433e9d0115a38a2b6
+        SHA1: 5717bf3e520accfff5ad9943e53a3b118fb67f2e
+        SHA256: 918d2e68a724b58d37443aea159e70bf8b1b5ebb089c395cad1d62745ecdaa19
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2013-03-10 23:32:06'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - RtlInitUnicodeString
+    - ZwClose
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - MmMapIoSpace
+    - IoDeleteSymbolicLink
+    - IofCompleteRequest
+    - ZwUnmapViewOfSection
+    - MmUnmapIoSpace
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - __C_specific_handler
+    - IoDeleteDevice
+    - HalTranslateBusAddress
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: b418293e25632c5f377bf034bb450e57
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 59080883b71fd56bbf10ec0ae4b6bdd4
+        SHA1: 503a36a225568553cc9b05f63b3506c6ff21e12e
+        SHA256: bc812d4ddc3ecfbf38c4d0d185e368fc58bac6e07f722db032bf6303daa7c946
+    SHA1: 22c905fcdd7964726b4be5e8b5a9781322687a45
+    SHA256: 63af3fdb1e85949c8adccb43f09ca4556ae258b363a99ae599e1e834d34c8670
+    Sections:
+        .text:
+            Entropy: 5.875896928498946
+            Virtual Size: '0x8c4'
+        .rdata:
+            Entropy: 3.077836082863532
+            Virtual Size: '0x110'
+        .data:
+            Entropy: 2.4884950805464947
+            Virtual Size: '0x58'
+        .pdata:
+            Entropy: 2.9223636591016042
+            Virtual Size: '0x54'
+        INIT:
+            Entropy: 4.468159720315432
+            Virtual Size: '0x218'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: OU=Timestamping CA, O=GlobalSign, CN=GlobalSign Timestamping
+                CA
+            ValidFrom: '2009-03-18 11:00:00'
+            ValidTo: '2028-01-28 12:00:00'
+            Signature: 5df6cb2b0d0140849f857a43706ae0c5e7aa0600d76713c9089131654f14a8a905dc389e6aa0300abd8dc78028ee4245ca94f3de5845a9803204f5595c6a70003927944df5b44634e81c5331b2b35416e9cc42abd5d959301cfb462725b88723b1e8758824831ec876377b01494548a4ede25dd27c9ca2dc2dba105a126265abae00c710343bcb72bd14240cdcc37627b4a7fee15829f20e169f91391d89a6e60f1c878ce258ac927e243eaaec14e73a33348bc63bac83ab0f14627aba1a2d4d4b1bc530f00b92797d3c78e0f8e6d215965999392b3061e8b8f8c0a1e9221411787dc4dc89bec0bb94e172aeebb540404fef171e585ed0a88996ac9228e9babf
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012019c19066
+            Version: 3
+            TBS:
+                MD5: 42023b9487cafe46c1b6a49c369a362e
+                SHA1: 7c7b524d269334b9f073c32e888e09544c6acd98
+                SHA256: b7126567833f3daa4085ff41e73112daad3d1e3808a942c1936520e2d6c46c78
+                SHA384: 0ee4f63d6f157ec4f6990c3ebb411ccd76cb1e2123c7f692459e43f96c0da2dbf60a2bce6afeacc60621d3055028baea
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=BE, O=GlobalSign NV, CN=GlobalSign Time Stamping Authority
+            ValidFrom: '2009-12-21 09:32:56'
+            ValidTo: '2020-12-22 09:32:56'
+            Signature: bc89ecfee63655935c79d4117a86808f17b693b26d9b91a1561811c655eaf608edad9b9ef52b81c8bbdd607b1b47991e6d403e1d80c213d58e04052fdbe7ae529e688472a1e54a603cf89bd52f46d8c3b2b79353ac9b6c432424d1f1fce9562e3411581843eaefff34746ca0c06c7fad031969881e9560cabbbd0cbb76efc724b081c63831cf36ad0c38b89020849b2e8f28b99ff6ca9427cdac396157e0e3955a9c769230f5dea6973d721c2a6032a8334d8635338a5cf3a4fdf7062ce16b4b30f5cbd34362f841b9de7d20cb058c8e2cf65f35fd338d42896508362ca389f45a858bb0b97bdb6ccba1f8d20e1bbb977cd12779be9d7c3be6a75634d8c991a9
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 01000000000125b0b4cc01
+            Version: 3
+            TBS:
+                MD5: e3369c8e5aec0504b3a50455f615d9f9
+                SHA1: 13c244a894b40ecd18aaf97c362f20385bd005a7
+                SHA256: 26da721a670c72836926032fee6920118bfb9bff89cc8d0ce30d9452c33f2532
+                SHA384: 1524902f0e25addc6d74039d439366d2b06199e215004fd8e145369f50ea94a021ce6312e8a62b35470da0309ccb975c
+        -   Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL
+                CO., LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL
+                CO., LTD.
+            ValidFrom: '2011-08-30 06:46:09'
+            ValidTo: '2014-08-30 06:46:09'
+            Signature: 87bf57ab7ffd7e005076b34b14ddd924045ec7e389871661794f1ece1bef10e050893b28236cb650af1415f8cd95e86c2052d93311d73e0bbe6fb1c22ddea438a93c8b18bd4b8c0f81ad07032efb46d406bbaa730dd3ac92cbf0d9cc711a397a0e0320b213a5161e6be83ec69967a712b463129ea56d5a8ecd3ff8901be09dfaa0a0f10e879b307863e1b1c3a3149ac73bc3f3160db7012229b57bced6d47b875878663642a8cddd03da1e7f236b8cf16713a5e0f4c892aaca77a8c7dab41d84567e2bbf09b336a2824e0e18d54d199e6e024d2630bb210cd24a9ef4b377be0429e2ecc9bf8478a8c6a78c686e26f29c95925baee85e4bbb97b6eecffe44a25e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
+            Version: 3
+            TBS:
+                MD5: 3a98a18e8636f2a01e49e2a6d116c360
+                SHA1: a2938150e46525adcec2e3a2348824bc1cf532b2
+                SHA256: 01a2e2d31d0a4f3005753cce5972b5da2a7c08b0750fb6947e0fd231e64ae7ec
+                SHA384: 722398e51e6b5bbe064df372be6b6a9ccfcc9719ad775213cae46920e0a3e6c5a4dc8b912de3148abfc60ff4a59050ea
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 690a0fb27a0c47c785d6bbbfc2e56501
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: a17d227444e090ff69e24fcb6d43162b
+        SHA1: 43d3a3c1f7b14cfcc051cae2534dbbbb4c7fc120
+        SHA256: b8eb26b6f79020ae988e4fb752dc06e1b6779749bf4f8df2872fc2b92bab8020
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2005-05-25 00:39:12'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - RtlInitUnicodeString
+    - ZwClose
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - IoDeleteSymbolicLink
+    - IofCompleteRequest
+    - MmIsAddressValid
+    - ZwUnmapViewOfSection
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - __C_specific_handler
+    - IoDeleteDevice
+    - HalTranslateBusAddress
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: f4b2580cf0477493908b7ed81e4482f8
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: deb9c1e252f598099d70d2b33a313da3
+        SHA1: f0c2801e0091ed6f5e10ea7045e911aa90030290
+        SHA256: 914fb9761d50c3fa2ecf9fbd8af3735f9b8d6c4903e067c8af9546e79b6f22c7
+    SHA1: 57cc324326ab6c4239f8c10d2d1ce8862b2ce4d5
+    SHA256: d7a61c671eab1dfaa62fe1088a85f6d52fb11f2f32a53822a49521ca2c16585e
+    Sections:
+        .text:
+            Entropy: 5.7214393917162045
+            Virtual Size: '0xc74'
+        .rdata:
+            Entropy: 3.4063014058939425
+            Virtual Size: '0x130'
+        .data:
+            Entropy: 2.4884950805464947
+            Virtual Size: '0x58'
+        .pdata:
+            Entropy: 3.1879942043708462
+            Virtual Size: '0x60'
+        INIT:
+            Entropy: 4.4494366822955245
+            Virtual Size: '0x202'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
+                Primary Object Publishing CA
+            ValidFrom: '1999-01-28 12:00:00'
+            ValidTo: '2014-01-27 11:00:00'
+            Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9611cd6
+            Version: 3
+            TBS:
+                MD5: 698f075151097d84c0b1f3e7bc3d6fca
+                SHA1: 041750993d7c9e063f02dfe74699598640911aab
+                SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
+                SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
+        -   Subject: C=TW, O=Micro,Star Int'l Co. Ltd., CN=Micro,Star Int'l Co. Ltd.
+            ValidFrom: '2008-08-28 09:49:45'
+            ValidTo: '2011-08-28 09:49:45'
+            Signature: 572df373e9b036711b3cf5ee882e5d75d8d50f012407cf0c1b554ff8f41c7b6477fa0b2ad579f2c1fe7b8b9d7374b690527c219eb979686fb67d0b4cf2885d8d7d1261f05cb72fe4c9f294c52aa05f3e5d1ceb0d77085dbd6af07978032505da666f353283a8982af26985e69c1599479945b591124183574b8a4cc34caa62e31b523dac3fedbd04951b3661399ed34f5c5868d9bbe3295fc09890d9521e1cdcae2ff129f547d4c8ce8aa08616107c555fac60e5b63c14ddfeb6962af3608b75d9c77c69260d8af9775b83afaa15b8ecef6840cb4ee87d451f9042b49735ea40931c0664c8c2bf6a139db6ac5b90edcea63a6bf5b54978f027b1046170d476d0
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0100000000011c08b7f67e
+            Version: 3
+            TBS:
+                MD5: 4566c37f56f951a0ce5b4ae966c0ea9f
+                SHA1: a51cbf2834eb6f8535bc5e44913a9ec979379782
+                SHA256: 88a8e9a799af515b9223e4cdf24d0ef1e72f12124be02786f026a3c26317b417
+                SHA384: d8d8769d5b6a0fe7c56fcde24c735475ee0e5d01c63dbf7690cdae5a3e251818bed42443d0c6424d39e81a19d6c83bdb
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            ValidFrom: '2004-01-22 09:00:00'
+            ValidTo: '2014-01-27 10:00:00'
+            Signature: 3c4a010267edf20a2e736e40252f1dccbc2db652141b27122cf1229e190a89b6ef352a29152b1a88c20f37168d2602d5e93080f608b9939ac0498f332c3035ff4ab9892aa75c38e761a778fe22851a07b4b9edcf21f25ddedff329c5d38d9e14c4285c88e590a300442912b23e759540244a6beee2d0ef862ddf6d741a4f1cc79424c443464f7b81015d23733cd9752e995361565e7ccd13e237d222e570f8a743f6154147fda24702c43651ca545da6cdcad61817533ff1d38e0f0aafda17941657a0991431c90e1611d2c04ca2a25978fbb6b933cff763c9d2c4c84953dd8a59525e7d3b385eed220360ac85cd58325dcdc31c07fa7ef67efbc8ac378be498
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000117ab50b915
+            Version: 3
+            TBS:
+                MD5: 5686b287d716c4d2428b092c4ef30f9c
+                SHA1: 306fb5fbeb3d531510bb4b663c4fd48adc121e14
+                SHA256: 60846fc990e271a707cd2d53d0bb21834a04f7652214aa0c12597ff6649d352d
+                SHA384: 6b37b28ca97b32a31b0fa53b5e961ae0f2d1aae2c5bf46de132e57834ee3968d9af7ad204821f9389cc4e0b5a8481fe8
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 0100000000011c08b7f67e
+            Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            Version: 1
+    Imphash: 543f80399f79401471523d335ea61642
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: a17d227444e090ff69e24fcb6d43162b
+        SHA1: 43d3a3c1f7b14cfcc051cae2534dbbbb4c7fc120
+        SHA256: b8eb26b6f79020ae988e4fb752dc06e1b6779749bf4f8df2872fc2b92bab8020
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2005-05-25 00:39:12'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - RtlInitUnicodeString
+    - ZwClose
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - IoDeleteSymbolicLink
+    - IofCompleteRequest
+    - MmIsAddressValid
+    - ZwUnmapViewOfSection
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - __C_specific_handler
+    - IoDeleteDevice
+    - HalTranslateBusAddress
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: bc5366760098dc14ec00ae36c359f42b
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: deb9c1e252f598099d70d2b33a313da3
+        SHA1: f0c2801e0091ed6f5e10ea7045e911aa90030290
+        SHA256: 914fb9761d50c3fa2ecf9fbd8af3735f9b8d6c4903e067c8af9546e79b6f22c7
+    SHA1: ba3faca988ff56f4850dede2587d5a3eff7c6677
+    SHA256: a10b4ed33a13c08804da8b46fd1b7bd653a6f2bb65668e82086de1940c5bb5d1
+    Sections:
+        .text:
+            Entropy: 5.7214393917162045
+            Virtual Size: '0xc74'
+        .rdata:
+            Entropy: 3.4063014058939425
+            Virtual Size: '0x130'
+        .data:
+            Entropy: 2.4884950805464947
+            Virtual Size: '0x58'
+        .pdata:
+            Entropy: 3.1879942043708462
+            Virtual Size: '0x60'
+        INIT:
+            Entropy: 4.4494366822955245
+            Virtual Size: '0x202'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: CN=GlobalSign RootSign Partners CA, OU=RootSign Partners CA,
+                O=GlobalSign nv,sa, C=BE
+            ValidFrom: '2003-12-16 13:00:00'
+            ValidTo: '2014-01-27 11:00:00'
+            Signature: 5c2f2e674a26b3e7b53f353cdda003ed569af9443752163065c7d14ea20f8db7b6b6678ee74cec8d95bee6cea7227874acd7f87499b3f7ce8b1338d596cc8d76c52f38b23aae61be0b8799e321626423398d84f6858df777ffb03806f07ec1485fb5ee582606660522749283a7dbb5f992e3e8c3192c2e63efbb1fdff9f70747660d0789977ef8332c9ecbae143df11cdfa3f179afc8928f9471c4d144c554db1eb50b0aa942a3afd643391dee8f9398585bbe6e9c0bf563ec5e99c2f954fa010746da0db06424cf8ed1061d4f3ca26377455ba4bc5fb080bb31e00b54015c161d724ed52a6947d11b667e5f016ef135916be02efeb045d81627b5c58bc2da53
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 040000000000f97faa2e1e
+            Version: 3
+            TBS:
+                MD5: 59466cb0c1788b2f251fce3495837102
+                SHA1: c5cfc5f6a131a3a77c3905c9893c99bb1b2baa0b
+                SHA256: eedda02668f7636eeec69429a7164cc47ca3de0539122d37f5b8078df7ee56db
+                SHA384: 982b72c3ee7066ce80ee642444c91adc60e7009fc6ef981a32edf666591d6aedb09d258e10e86f4ef265eae8149bbd92
+        -   Subject: O=GlobalSign, CN=GlobalSign Time Stamping Authority, emailAddress=timestampinfo@globalsign.com
+            ValidFrom: '2007-02-05 09:00:00'
+            ValidTo: '2014-01-27 09:00:00'
+            Signature: 649b07caaccc411e37ef6f349cb5e8ca48f9daeafaf7172e5cad193b7311ec5adbfd7b213161c092515bb166b07c64d8fe10b471a8bc9e75379c5f6ff2da0437b8ecc003e256b7785995581d7a7c3e18d74c32bdf91ee723457fdee08d65825b45fd64c66fc3d7ea12411d0c395ef696f8c3cd9e1fff51886976988b8eb42788821ad63c7aabb04eb73ee8d434d2c1a439533cb2747b15373054a6ebb924cc2f084b4364f14aaf8d9ce8546cb2dbdc3bb1c722849f558e72a8b2a8f6f0ff03c996ebab8273dabe45561936fdba6cbc71f0d3c7c376d7e4bce2a1a67200cfbdb200ed92aa39ab09d16e3953862ad43b517398b754e9972d9977ee123e3642257f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000011092eb8295
+            Version: 3
+            TBS:
+                MD5: 11d73a3638fc78e0bac6c459feadcc42
+                SHA1: 6636f7dcf81b370b919966f9063295ec84422f91
+                SHA256: 1eb5fc1d2e3254b1e3c4587a6efed87ee65306525e684b4cfa4b51893cfe86a3
+                SHA384: a13c07e505c79c58654ad2cffe219c6c801fa092c52f18c489a6061420c6475706f11c200f4dadd51718c660e49b3f24
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=US, ST=California, L=Brea, O=EVGA, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=EVGA
+            ValidFrom: '2008-04-16 00:00:00'
+            ValidTo: '2010-04-16 23:59:59'
+            Signature: 13a3b8caa6bd8d63308898b0c92b79574e5d122a3ecba9758ec450b7c8c848ee5bc486db6370a8dfeb4c96c2c25512f7a3e759cc57a4d92f1a44fba15ca0c1156d22c49251b4e6a01bb93e4a62522ee5af4286c759c01c66fa5ce4452a4f112d03560bfa9737a3d0f3008b3cc48f2042b4428643f1efb4b99a34d0545c9934f1a6f35819e469430b74ba475a2135660948131cf24c9b1fb84580a1fd63eb3218d282e4f7caf77f4adbecb51e4b8237937eda0b7fcc20fc2273bf38282ee69ae6730b21c5314bcdc3f2e3a1e6f6c3ccb2139800f69d3f2fadc235080214f1c9b11e6a8f2165a45e15cca3c3542c2bac7225208a84828456d2e93cfe8315b092a1
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 546ea040bf5075ce0a5c01d4c6ded19d
+            Version: 3
+            TBS:
+                MD5: 8f51b4e16b87e1cc89b9d0c997227546
+                SHA1: 8f3cdd2b86ae03653f0612911a2f01a9dca49a22
+                SHA256: c7f57b7287c808d2713aba9e368fe387b5825bfbda1bd1824f374beaa8e30be9
+                SHA384: 70423f071aae83c68149b7fca1181f65fd5ee37b1527bb989c3c6b0af7d78b19930c8b2cb517da35f66294eba8768e37
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 546ea040bf5075ce0a5c01d4c6ded19d
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    Imphash: 543f80399f79401471523d335ea61642
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: a17d227444e090ff69e24fcb6d43162b
+        SHA1: 43d3a3c1f7b14cfcc051cae2534dbbbb4c7fc120
+        SHA256: b8eb26b6f79020ae988e4fb752dc06e1b6779749bf4f8df2872fc2b92bab8020
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2005-05-25 00:39:12'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - RtlInitUnicodeString
+    - ZwClose
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - IoDeleteSymbolicLink
+    - IofCompleteRequest
+    - MmIsAddressValid
+    - ZwUnmapViewOfSection
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - __C_specific_handler
+    - IoDeleteDevice
+    - HalTranslateBusAddress
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: 7c40ec9ed020cc9404de8fe3a5361a09
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: deb9c1e252f598099d70d2b33a313da3
+        SHA1: f0c2801e0091ed6f5e10ea7045e911aa90030290
+        SHA256: 914fb9761d50c3fa2ecf9fbd8af3735f9b8d6c4903e067c8af9546e79b6f22c7
+    SHA1: 3d3b42d7b0af68da01019274e341b03d7c54f752
+    SHA256: e6a2b1937fa277526a1e0ca9f9b32f85ab9cb7cb1a32250dd9c607e93fc2924f
+    Sections:
+        .text:
+            Entropy: 5.7214393917162045
+            Virtual Size: '0xc74'
+        .rdata:
+            Entropy: 3.4063014058939425
+            Virtual Size: '0x130'
+        .data:
+            Entropy: 2.4884950805464947
+            Virtual Size: '0x58'
+        .pdata:
+            Entropy: 3.1879942043708462
+            Virtual Size: '0x60'
+        INIT:
+            Entropy: 4.4494366822955245
+            Virtual Size: '0x202'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: CN=GlobalSign RootSign Partners CA, OU=RootSign Partners CA,
+                O=GlobalSign nv,sa, C=BE
+            ValidFrom: '2003-12-16 13:00:00'
+            ValidTo: '2014-01-27 11:00:00'
+            Signature: 5c2f2e674a26b3e7b53f353cdda003ed569af9443752163065c7d14ea20f8db7b6b6678ee74cec8d95bee6cea7227874acd7f87499b3f7ce8b1338d596cc8d76c52f38b23aae61be0b8799e321626423398d84f6858df777ffb03806f07ec1485fb5ee582606660522749283a7dbb5f992e3e8c3192c2e63efbb1fdff9f70747660d0789977ef8332c9ecbae143df11cdfa3f179afc8928f9471c4d144c554db1eb50b0aa942a3afd643391dee8f9398585bbe6e9c0bf563ec5e99c2f954fa010746da0db06424cf8ed1061d4f3ca26377455ba4bc5fb080bb31e00b54015c161d724ed52a6947d11b667e5f016ef135916be02efeb045d81627b5c58bc2da53
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 040000000000f97faa2e1e
+            Version: 3
+            TBS:
+                MD5: 59466cb0c1788b2f251fce3495837102
+                SHA1: c5cfc5f6a131a3a77c3905c9893c99bb1b2baa0b
+                SHA256: eedda02668f7636eeec69429a7164cc47ca3de0539122d37f5b8078df7ee56db
+                SHA384: 982b72c3ee7066ce80ee642444c91adc60e7009fc6ef981a32edf666591d6aedb09d258e10e86f4ef265eae8149bbd92
+        -   Subject: O=GlobalSign, CN=GlobalSign Time Stamping Authority, emailAddress=timestampinfo@globalsign.com
+            ValidFrom: '2007-02-05 09:00:00'
+            ValidTo: '2014-01-27 09:00:00'
+            Signature: 649b07caaccc411e37ef6f349cb5e8ca48f9daeafaf7172e5cad193b7311ec5adbfd7b213161c092515bb166b07c64d8fe10b471a8bc9e75379c5f6ff2da0437b8ecc003e256b7785995581d7a7c3e18d74c32bdf91ee723457fdee08d65825b45fd64c66fc3d7ea12411d0c395ef696f8c3cd9e1fff51886976988b8eb42788821ad63c7aabb04eb73ee8d434d2c1a439533cb2747b15373054a6ebb924cc2f084b4364f14aaf8d9ce8546cb2dbdc3bb1c722849f558e72a8b2a8f6f0ff03c996ebab8273dabe45561936fdba6cbc71f0d3c7c376d7e4bce2a1a67200cfbdb200ed92aa39ab09d16e3953862ad43b517398b754e9972d9977ee123e3642257f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000011092eb8295
+            Version: 3
+            TBS:
+                MD5: 11d73a3638fc78e0bac6c459feadcc42
+                SHA1: 6636f7dcf81b370b919966f9063295ec84422f91
+                SHA256: 1eb5fc1d2e3254b1e3c4587a6efed87ee65306525e684b4cfa4b51893cfe86a3
+                SHA384: a13c07e505c79c58654ad2cffe219c6c801fa092c52f18c489a6061420c6475706f11c200f4dadd51718c660e49b3f24
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=US, ST=California, L=Brea, O=EVGA, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=EVGA
+            ValidFrom: '2008-04-16 00:00:00'
+            ValidTo: '2010-04-16 23:59:59'
+            Signature: 13a3b8caa6bd8d63308898b0c92b79574e5d122a3ecba9758ec450b7c8c848ee5bc486db6370a8dfeb4c96c2c25512f7a3e759cc57a4d92f1a44fba15ca0c1156d22c49251b4e6a01bb93e4a62522ee5af4286c759c01c66fa5ce4452a4f112d03560bfa9737a3d0f3008b3cc48f2042b4428643f1efb4b99a34d0545c9934f1a6f35819e469430b74ba475a2135660948131cf24c9b1fb84580a1fd63eb3218d282e4f7caf77f4adbecb51e4b8237937eda0b7fcc20fc2273bf38282ee69ae6730b21c5314bcdc3f2e3a1e6f6c3ccb2139800f69d3f2fadc235080214f1c9b11e6a8f2165a45e15cca3c3542c2bac7225208a84828456d2e93cfe8315b092a1
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 546ea040bf5075ce0a5c01d4c6ded19d
+            Version: 3
+            TBS:
+                MD5: 8f51b4e16b87e1cc89b9d0c997227546
+                SHA1: 8f3cdd2b86ae03653f0612911a2f01a9dca49a22
+                SHA256: c7f57b7287c808d2713aba9e368fe387b5825bfbda1bd1824f374beaa8e30be9
+                SHA384: 70423f071aae83c68149b7fca1181f65fd5ee37b1527bb989c3c6b0af7d78b19930c8b2cb517da35f66294eba8768e37
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 546ea040bf5075ce0a5c01d4c6ded19d
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    Imphash: 543f80399f79401471523d335ea61642
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: a17d227444e090ff69e24fcb6d43162b
+        SHA1: 43d3a3c1f7b14cfcc051cae2534dbbbb4c7fc120
+        SHA256: b8eb26b6f79020ae988e4fb752dc06e1b6779749bf4f8df2872fc2b92bab8020
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2005-05-25 00:39:12'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - RtlInitUnicodeString
+    - ZwClose
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - IoDeleteSymbolicLink
+    - IofCompleteRequest
+    - MmIsAddressValid
+    - ZwUnmapViewOfSection
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - __C_specific_handler
+    - IoDeleteDevice
+    - HalTranslateBusAddress
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: b971b79bdca77e8755e615909a1c7a9f
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: deb9c1e252f598099d70d2b33a313da3
+        SHA1: f0c2801e0091ed6f5e10ea7045e911aa90030290
+        SHA256: 914fb9761d50c3fa2ecf9fbd8af3735f9b8d6c4903e067c8af9546e79b6f22c7
+    SHA1: 398e8209e5c5fdcb6c287c5f9561e91887caca7d
+    SHA256: 5da0ffe33987f8d5fb9c151f0eff29b99f42233b27efcad596add27bdc5c88ff
+    Sections:
+        .text:
+            Entropy: 5.7214393917162045
+            Virtual Size: '0xc74'
+        .rdata:
+            Entropy: 3.4063014058939425
+            Virtual Size: '0x130'
+        .data:
+            Entropy: 2.4884950805464947
+            Virtual Size: '0x58'
+        .pdata:
+            Entropy: 3.1879942043708462
+            Virtual Size: '0x60'
+        INIT:
+            Entropy: 4.4494366822955245
+            Virtual Size: '0x202'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: OU=Timestamping CA, O=GlobalSign, CN=GlobalSign Timestamping
+                CA
+            ValidFrom: '2009-03-18 11:00:00'
+            ValidTo: '2028-01-28 12:00:00'
+            Signature: 5df6cb2b0d0140849f857a43706ae0c5e7aa0600d76713c9089131654f14a8a905dc389e6aa0300abd8dc78028ee4245ca94f3de5845a9803204f5595c6a70003927944df5b44634e81c5331b2b35416e9cc42abd5d959301cfb462725b88723b1e8758824831ec876377b01494548a4ede25dd27c9ca2dc2dba105a126265abae00c710343bcb72bd14240cdcc37627b4a7fee15829f20e169f91391d89a6e60f1c878ce258ac927e243eaaec14e73a33348bc63bac83ab0f14627aba1a2d4d4b1bc530f00b92797d3c78e0f8e6d215965999392b3061e8b8f8c0a1e9221411787dc4dc89bec0bb94e172aeebb540404fef171e585ed0a88996ac9228e9babf
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012019c19066
+            Version: 3
+            TBS:
+                MD5: 42023b9487cafe46c1b6a49c369a362e
+                SHA1: 7c7b524d269334b9f073c32e888e09544c6acd98
+                SHA256: b7126567833f3daa4085ff41e73112daad3d1e3808a942c1936520e2d6c46c78
+                SHA384: 0ee4f63d6f157ec4f6990c3ebb411ccd76cb1e2123c7f692459e43f96c0da2dbf60a2bce6afeacc60621d3055028baea
+        -   Subject: C=BE, O=GlobalSign NV, CN=GlobalSign Time Stamping Authority
+            ValidFrom: '2009-12-21 09:32:56'
+            ValidTo: '2020-12-22 09:32:56'
+            Signature: bc89ecfee63655935c79d4117a86808f17b693b26d9b91a1561811c655eaf608edad9b9ef52b81c8bbdd607b1b47991e6d403e1d80c213d58e04052fdbe7ae529e688472a1e54a603cf89bd52f46d8c3b2b79353ac9b6c432424d1f1fce9562e3411581843eaefff34746ca0c06c7fad031969881e9560cabbbd0cbb76efc724b081c63831cf36ad0c38b89020849b2e8f28b99ff6ca9427cdac396157e0e3955a9c769230f5dea6973d721c2a6032a8334d8635338a5cf3a4fdf7062ce16b4b30f5cbd34362f841b9de7d20cb058c8e2cf65f35fd338d42896508362ca389f45a858bb0b97bdb6ccba1f8d20e1bbb977cd12779be9d7c3be6a75634d8c991a9
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 01000000000125b0b4cc01
+            Version: 3
+            TBS:
+                MD5: e3369c8e5aec0504b3a50455f615d9f9
+                SHA1: 13c244a894b40ecd18aaf97c362f20385bd005a7
+                SHA256: 26da721a670c72836926032fee6920118bfb9bff89cc8d0ce30d9452c33f2532
+                SHA384: 1524902f0e25addc6d74039d439366d2b06199e215004fd8e145369f50ea94a021ce6312e8a62b35470da0309ccb975c
+        -   Subject: C=US, ST=California, L=Brea, O=EVGA, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=EVGA
+            ValidFrom: '2010-04-14 00:00:00'
+            ValidTo: '2012-04-15 23:59:59'
+            Signature: ba96817224593697c9135d803c5fc87767f2a7ed8fa0aa18eab4030a3daed18c55fb7eda8835d0488d18136c0db39d8edf3224790842cdf8580b35324631de717e9279d28d605285615341aeea10a73005d59cbe3138bebfa5003cbcf2971249423d820d6d252a18bf4dd124a1ac0c2f66015cbb23690e1b0fb9d5ce3f047663f1fb6735e54f09cfb6162da298bdc956490586cfdadee74a5766c187223e19112d22f59c7f3f325449afebc42689ec4c9399bd0d97397c37230804a4e5bc17e904008aa9c5972e2332302e57648006d057c9ed8c6384fb42d138971c86079b155c202733b837b3eef122c866ce3e6d8a8d9f1685e618cc2466d623d212b73df6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 79c32d7ddd2458cf2eabe5b1b5c5290f
+            Version: 3
+            TBS:
+                MD5: 5ba772ec00357ae706016510775c7a00
+                SHA1: eeb31b244ea14abae1e947ecdca0d6ae4720031b
+                SHA256: c8e707c2615c26ac78ed06b42dd20bc8ff82bc5e02ddafe2c9af85755097691b
+                SHA384: a1d6af64a5eb3841d632438119fc954354caf3ccea61b69003a7fc9da166a9c653dc0359be2ae2463bffb7b53b0911ac
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 79c32d7ddd2458cf2eabe5b1b5c5290f
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    Imphash: 543f80399f79401471523d335ea61642
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 936e49d3eec0a2f433e9d0115a38a2b6
+        SHA1: 5717bf3e520accfff5ad9943e53a3b118fb67f2e
+        SHA256: 918d2e68a724b58d37443aea159e70bf8b1b5ebb089c395cad1d62745ecdaa19
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2013-03-10 23:32:06'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - RtlInitUnicodeString
+    - ZwClose
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - MmMapIoSpace
+    - IoDeleteSymbolicLink
+    - IofCompleteRequest
+    - ZwUnmapViewOfSection
+    - MmUnmapIoSpace
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - __C_specific_handler
+    - IoDeleteDevice
+    - HalTranslateBusAddress
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: 96c850e53caca0469e1c4604e6c1aad1
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 59080883b71fd56bbf10ec0ae4b6bdd4
+        SHA1: 503a36a225568553cc9b05f63b3506c6ff21e12e
+        SHA256: bc812d4ddc3ecfbf38c4d0d185e368fc58bac6e07f722db032bf6303daa7c946
+    SHA1: dbf3abdc85d6a0801c4af4cd1b77c44d5f57b03e
+    SHA256: 4eb1b9f3fe3c79f20c9cdeba92f6d6eb9b9ed15b546851e1f5338c0b7d36364b
+    Sections:
+        .text:
+            Entropy: 5.875896928498946
+            Virtual Size: '0x8c4'
+        .rdata:
+            Entropy: 3.077836082863532
+            Virtual Size: '0x110'
+        .data:
+            Entropy: 2.4884950805464947
+            Virtual Size: '0x58'
+        .pdata:
+            Entropy: 2.9223636591016042
+            Virtual Size: '0x54'
+        INIT:
+            Entropy: 4.468159720315432
+            Virtual Size: '0x218'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: OU=Timestamping CA, O=GlobalSign, CN=GlobalSign Timestamping
+                CA
+            ValidFrom: '2009-03-18 11:00:00'
+            ValidTo: '2028-01-28 12:00:00'
+            Signature: 5df6cb2b0d0140849f857a43706ae0c5e7aa0600d76713c9089131654f14a8a905dc389e6aa0300abd8dc78028ee4245ca94f3de5845a9803204f5595c6a70003927944df5b44634e81c5331b2b35416e9cc42abd5d959301cfb462725b88723b1e8758824831ec876377b01494548a4ede25dd27c9ca2dc2dba105a126265abae00c710343bcb72bd14240cdcc37627b4a7fee15829f20e169f91391d89a6e60f1c878ce258ac927e243eaaec14e73a33348bc63bac83ab0f14627aba1a2d4d4b1bc530f00b92797d3c78e0f8e6d215965999392b3061e8b8f8c0a1e9221411787dc4dc89bec0bb94e172aeebb540404fef171e585ed0a88996ac9228e9babf
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012019c19066
+            Version: 3
+            TBS:
+                MD5: 42023b9487cafe46c1b6a49c369a362e
+                SHA1: 7c7b524d269334b9f073c32e888e09544c6acd98
+                SHA256: b7126567833f3daa4085ff41e73112daad3d1e3808a942c1936520e2d6c46c78
+                SHA384: 0ee4f63d6f157ec4f6990c3ebb411ccd76cb1e2123c7f692459e43f96c0da2dbf60a2bce6afeacc60621d3055028baea
+        -   Subject: C=BE, O=GlobalSign NV, CN=GlobalSign Time Stamping Authority
+            ValidFrom: '2009-12-21 09:32:56'
+            ValidTo: '2020-12-22 09:32:56'
+            Signature: bc89ecfee63655935c79d4117a86808f17b693b26d9b91a1561811c655eaf608edad9b9ef52b81c8bbdd607b1b47991e6d403e1d80c213d58e04052fdbe7ae529e688472a1e54a603cf89bd52f46d8c3b2b79353ac9b6c432424d1f1fce9562e3411581843eaefff34746ca0c06c7fad031969881e9560cabbbd0cbb76efc724b081c63831cf36ad0c38b89020849b2e8f28b99ff6ca9427cdac396157e0e3955a9c769230f5dea6973d721c2a6032a8334d8635338a5cf3a4fdf7062ce16b4b30f5cbd34362f841b9de7d20cb058c8e2cf65f35fd338d42896508362ca389f45a858bb0b97bdb6ccba1f8d20e1bbb977cd12779be9d7c3be6a75634d8c991a9
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 01000000000125b0b4cc01
+            Version: 3
+            TBS:
+                MD5: e3369c8e5aec0504b3a50455f615d9f9
+                SHA1: 13c244a894b40ecd18aaf97c362f20385bd005a7
+                SHA256: 26da721a670c72836926032fee6920118bfb9bff89cc8d0ce30d9452c33f2532
+                SHA384: 1524902f0e25addc6d74039d439366d2b06199e215004fd8e145369f50ea94a021ce6312e8a62b35470da0309ccb975c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=US, ST=California, L=Brea, O=EVGA, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=EVGA
+            ValidFrom: '2012-02-29 00:00:00'
+            ValidTo: '2014-04-15 23:59:59'
+            Signature: d77d9dbdeea6d42d15335f0b16117963e49d39b89af081160a467824968e611f0947648a83375d1380acca6cbe1117f488b428bcab943b20dad29e72dd48e7d01b080b12c444727bba415a098799abd5e5673dd7eda91787920c3cc53aac068e0a3d1faef713c14f7ec6f68f69a33340b70e81083db2ce1daf45592063235d05232a1d3d8052fc3f102b2b71e1c46275eff3d4a2dc5ee0d5d727d180da205055a3709a32ad6bd11317b1f109e7c5eca18c8293c937ba6f76278bc306c10f0f1bc865cedcf2c2331e7a7f5c0bcfab91786b8ff848d8ef9c59937ddb94f6369884162148f882e7d0c4343538ad23aeb6ab3db0f6d125a8e2fe3889e40ed66bc66a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 26d7f5563eb3e42a81f7c715fcd2799d
+            Version: 3
+            TBS:
+                MD5: e994671d8d440b7739cdd9775bbca72f
+                SHA1: ea9446b39b968aa6953e1bf74a36435759b3d2e3
+                SHA256: 37a9886a67c19d644c74505801f947d3b2756a5540cbd89a0c8d500511cb838d
+                SHA384: 41d34e73f1b002f885c80004e3c366299392258ce5ba880150875ed8811ebc9913dc34cdf7c9800a8303dd512207787c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 26d7f5563eb3e42a81f7c715fcd2799d
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 690a0fb27a0c47c785d6bbbfc2e56501
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: a17d227444e090ff69e24fcb6d43162b
+        SHA1: 43d3a3c1f7b14cfcc051cae2534dbbbb4c7fc120
+        SHA256: b8eb26b6f79020ae988e4fb752dc06e1b6779749bf4f8df2872fc2b92bab8020
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2005-05-25 00:39:12'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - RtlInitUnicodeString
+    - ZwClose
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - IoDeleteSymbolicLink
+    - IofCompleteRequest
+    - MmIsAddressValid
+    - ZwUnmapViewOfSection
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - __C_specific_handler
+    - IoDeleteDevice
+    - HalTranslateBusAddress
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: cb22776d06f1e81cc87faeb0245acde8
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: deb9c1e252f598099d70d2b33a313da3
+        SHA1: f0c2801e0091ed6f5e10ea7045e911aa90030290
+        SHA256: 914fb9761d50c3fa2ecf9fbd8af3735f9b8d6c4903e067c8af9546e79b6f22c7
+    SHA1: 8347487b32b993da87275e3d44ff3683c8130d33
+    SHA256: a6c05b10a5c090b743a61fa225b09e390e2dd2bd6cb4fd96b987f1e0d3f2124a
+    Sections:
+        .text:
+            Entropy: 5.7214393917162045
+            Virtual Size: '0xc74'
+        .rdata:
+            Entropy: 3.4063014058939425
+            Virtual Size: '0x130'
+        .data:
+            Entropy: 2.4884950805464947
+            Virtual Size: '0x58'
+        .pdata:
+            Entropy: 3.1879942043708462
+            Virtual Size: '0x60'
+        INIT:
+            Entropy: 4.4494366822955245
+            Virtual Size: '0x202'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: CN=GlobalSign RootSign Partners CA, OU=RootSign Partners CA,
+                O=GlobalSign nv,sa, C=BE
+            ValidFrom: '2003-12-16 13:00:00'
+            ValidTo: '2014-01-27 11:00:00'
+            Signature: 5c2f2e674a26b3e7b53f353cdda003ed569af9443752163065c7d14ea20f8db7b6b6678ee74cec8d95bee6cea7227874acd7f87499b3f7ce8b1338d596cc8d76c52f38b23aae61be0b8799e321626423398d84f6858df777ffb03806f07ec1485fb5ee582606660522749283a7dbb5f992e3e8c3192c2e63efbb1fdff9f70747660d0789977ef8332c9ecbae143df11cdfa3f179afc8928f9471c4d144c554db1eb50b0aa942a3afd643391dee8f9398585bbe6e9c0bf563ec5e99c2f954fa010746da0db06424cf8ed1061d4f3ca26377455ba4bc5fb080bb31e00b54015c161d724ed52a6947d11b667e5f016ef135916be02efeb045d81627b5c58bc2da53
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 040000000000f97faa2e1e
+            Version: 3
+            TBS:
+                MD5: 59466cb0c1788b2f251fce3495837102
+                SHA1: c5cfc5f6a131a3a77c3905c9893c99bb1b2baa0b
+                SHA256: eedda02668f7636eeec69429a7164cc47ca3de0539122d37f5b8078df7ee56db
+                SHA384: 982b72c3ee7066ce80ee642444c91adc60e7009fc6ef981a32edf666591d6aedb09d258e10e86f4ef265eae8149bbd92
+        -   Subject: O=GlobalSign, CN=GlobalSign Time Stamping Authority, emailAddress=timestampinfo@globalsign.com
+            ValidFrom: '2007-02-05 09:00:00'
+            ValidTo: '2014-01-27 09:00:00'
+            Signature: 649b07caaccc411e37ef6f349cb5e8ca48f9daeafaf7172e5cad193b7311ec5adbfd7b213161c092515bb166b07c64d8fe10b471a8bc9e75379c5f6ff2da0437b8ecc003e256b7785995581d7a7c3e18d74c32bdf91ee723457fdee08d65825b45fd64c66fc3d7ea12411d0c395ef696f8c3cd9e1fff51886976988b8eb42788821ad63c7aabb04eb73ee8d434d2c1a439533cb2747b15373054a6ebb924cc2f084b4364f14aaf8d9ce8546cb2dbdc3bb1c722849f558e72a8b2a8f6f0ff03c996ebab8273dabe45561936fdba6cbc71f0d3c7c376d7e4bce2a1a67200cfbdb200ed92aa39ab09d16e3953862ad43b517398b754e9972d9977ee123e3642257f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000011092eb8295
+            Version: 3
+            TBS:
+                MD5: 11d73a3638fc78e0bac6c459feadcc42
+                SHA1: 6636f7dcf81b370b919966f9063295ec84422f91
+                SHA256: 1eb5fc1d2e3254b1e3c4587a6efed87ee65306525e684b4cfa4b51893cfe86a3
+                SHA384: a13c07e505c79c58654ad2cffe219c6c801fa092c52f18c489a6061420c6475706f11c200f4dadd51718c660e49b3f24
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=US, ST=California, L=Brea, O=EVGA, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=EVGA
+            ValidFrom: '2008-04-16 00:00:00'
+            ValidTo: '2010-04-16 23:59:59'
+            Signature: 13a3b8caa6bd8d63308898b0c92b79574e5d122a3ecba9758ec450b7c8c848ee5bc486db6370a8dfeb4c96c2c25512f7a3e759cc57a4d92f1a44fba15ca0c1156d22c49251b4e6a01bb93e4a62522ee5af4286c759c01c66fa5ce4452a4f112d03560bfa9737a3d0f3008b3cc48f2042b4428643f1efb4b99a34d0545c9934f1a6f35819e469430b74ba475a2135660948131cf24c9b1fb84580a1fd63eb3218d282e4f7caf77f4adbecb51e4b8237937eda0b7fcc20fc2273bf38282ee69ae6730b21c5314bcdc3f2e3a1e6f6c3ccb2139800f69d3f2fadc235080214f1c9b11e6a8f2165a45e15cca3c3542c2bac7225208a84828456d2e93cfe8315b092a1
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 546ea040bf5075ce0a5c01d4c6ded19d
+            Version: 3
+            TBS:
+                MD5: 8f51b4e16b87e1cc89b9d0c997227546
+                SHA1: 8f3cdd2b86ae03653f0612911a2f01a9dca49a22
+                SHA256: c7f57b7287c808d2713aba9e368fe387b5825bfbda1bd1824f374beaa8e30be9
+                SHA384: 70423f071aae83c68149b7fca1181f65fd5ee37b1527bb989c3c6b0af7d78b19930c8b2cb517da35f66294eba8768e37
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 546ea040bf5075ce0a5c01d4c6ded19d
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    Imphash: 543f80399f79401471523d335ea61642
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 936e49d3eec0a2f433e9d0115a38a2b6
+        SHA1: 5717bf3e520accfff5ad9943e53a3b118fb67f2e
+        SHA256: 918d2e68a724b58d37443aea159e70bf8b1b5ebb089c395cad1d62745ecdaa19
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2013-03-10 23:32:06'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - RtlInitUnicodeString
+    - ZwClose
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - MmMapIoSpace
+    - IoDeleteSymbolicLink
+    - IofCompleteRequest
+    - ZwUnmapViewOfSection
+    - MmUnmapIoSpace
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - __C_specific_handler
+    - IoDeleteDevice
+    - HalTranslateBusAddress
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: 1440c0da81c700bd61142bc569477d81
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 59080883b71fd56bbf10ec0ae4b6bdd4
+        SHA1: 503a36a225568553cc9b05f63b3506c6ff21e12e
+        SHA256: bc812d4ddc3ecfbf38c4d0d185e368fc58bac6e07f722db032bf6303daa7c946
+    SHA1: 4a2bb97d395634b67194856d79a1ee5209aa06a7
+    SHA256: 7fc01f25c4c18a6c539cda38fdbf34b2ff02a15ffd1d93a7215e1f48f76fb3be
+    Sections:
+        .text:
+            Entropy: 5.875896928498946
+            Virtual Size: '0x8c4'
+        .rdata:
+            Entropy: 3.077836082863532
+            Virtual Size: '0x110'
+        .data:
+            Entropy: 2.4884950805464947
+            Virtual Size: '0x58'
+        .pdata:
+            Entropy: 2.9223636591016042
+            Virtual Size: '0x54'
+        INIT:
+            Entropy: 4.468159720315432
+            Virtual Size: '0x218'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: OU=Timestamping CA, O=GlobalSign, CN=GlobalSign Timestamping
+                CA
+            ValidFrom: '2009-03-18 11:00:00'
+            ValidTo: '2028-01-28 12:00:00'
+            Signature: 5df6cb2b0d0140849f857a43706ae0c5e7aa0600d76713c9089131654f14a8a905dc389e6aa0300abd8dc78028ee4245ca94f3de5845a9803204f5595c6a70003927944df5b44634e81c5331b2b35416e9cc42abd5d959301cfb462725b88723b1e8758824831ec876377b01494548a4ede25dd27c9ca2dc2dba105a126265abae00c710343bcb72bd14240cdcc37627b4a7fee15829f20e169f91391d89a6e60f1c878ce258ac927e243eaaec14e73a33348bc63bac83ab0f14627aba1a2d4d4b1bc530f00b92797d3c78e0f8e6d215965999392b3061e8b8f8c0a1e9221411787dc4dc89bec0bb94e172aeebb540404fef171e585ed0a88996ac9228e9babf
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012019c19066
+            Version: 3
+            TBS:
+                MD5: 42023b9487cafe46c1b6a49c369a362e
+                SHA1: 7c7b524d269334b9f073c32e888e09544c6acd98
+                SHA256: b7126567833f3daa4085ff41e73112daad3d1e3808a942c1936520e2d6c46c78
+                SHA384: 0ee4f63d6f157ec4f6990c3ebb411ccd76cb1e2123c7f692459e43f96c0da2dbf60a2bce6afeacc60621d3055028baea
+        -   Subject: C=BE, O=GlobalSign NV, CN=GlobalSign Time Stamping Authority
+            ValidFrom: '2009-12-21 09:32:56'
+            ValidTo: '2020-12-22 09:32:56'
+            Signature: bc89ecfee63655935c79d4117a86808f17b693b26d9b91a1561811c655eaf608edad9b9ef52b81c8bbdd607b1b47991e6d403e1d80c213d58e04052fdbe7ae529e688472a1e54a603cf89bd52f46d8c3b2b79353ac9b6c432424d1f1fce9562e3411581843eaefff34746ca0c06c7fad031969881e9560cabbbd0cbb76efc724b081c63831cf36ad0c38b89020849b2e8f28b99ff6ca9427cdac396157e0e3955a9c769230f5dea6973d721c2a6032a8334d8635338a5cf3a4fdf7062ce16b4b30f5cbd34362f841b9de7d20cb058c8e2cf65f35fd338d42896508362ca389f45a858bb0b97bdb6ccba1f8d20e1bbb977cd12779be9d7c3be6a75634d8c991a9
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 01000000000125b0b4cc01
+            Version: 3
+            TBS:
+                MD5: e3369c8e5aec0504b3a50455f615d9f9
+                SHA1: 13c244a894b40ecd18aaf97c362f20385bd005a7
+                SHA256: 26da721a670c72836926032fee6920118bfb9bff89cc8d0ce30d9452c33f2532
+                SHA384: 1524902f0e25addc6d74039d439366d2b06199e215004fd8e145369f50ea94a021ce6312e8a62b35470da0309ccb975c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=US, ST=California, L=Brea, O=EVGA, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=EVGA
+            ValidFrom: '2012-02-29 00:00:00'
+            ValidTo: '2014-04-15 23:59:59'
+            Signature: d77d9dbdeea6d42d15335f0b16117963e49d39b89af081160a467824968e611f0947648a83375d1380acca6cbe1117f488b428bcab943b20dad29e72dd48e7d01b080b12c444727bba415a098799abd5e5673dd7eda91787920c3cc53aac068e0a3d1faef713c14f7ec6f68f69a33340b70e81083db2ce1daf45592063235d05232a1d3d8052fc3f102b2b71e1c46275eff3d4a2dc5ee0d5d727d180da205055a3709a32ad6bd11317b1f109e7c5eca18c8293c937ba6f76278bc306c10f0f1bc865cedcf2c2331e7a7f5c0bcfab91786b8ff848d8ef9c59937ddb94f6369884162148f882e7d0c4343538ad23aeb6ab3db0f6d125a8e2fe3889e40ed66bc66a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 26d7f5563eb3e42a81f7c715fcd2799d
+            Version: 3
+            TBS:
+                MD5: e994671d8d440b7739cdd9775bbca72f
+                SHA1: ea9446b39b968aa6953e1bf74a36435759b3d2e3
+                SHA256: 37a9886a67c19d644c74505801f947d3b2756a5540cbd89a0c8d500511cb838d
+                SHA384: 41d34e73f1b002f885c80004e3c366299392258ce5ba880150875ed8811ebc9913dc34cdf7c9800a8303dd512207787c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 26d7f5563eb3e42a81f7c715fcd2799d
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 690a0fb27a0c47c785d6bbbfc2e56501
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: a17d227444e090ff69e24fcb6d43162b
+        SHA1: 43d3a3c1f7b14cfcc051cae2534dbbbb4c7fc120
+        SHA256: b8eb26b6f79020ae988e4fb752dc06e1b6779749bf4f8df2872fc2b92bab8020
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2005-05-25 00:39:12'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - RtlInitUnicodeString
+    - ZwClose
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - IoDeleteSymbolicLink
+    - IofCompleteRequest
+    - MmIsAddressValid
+    - ZwUnmapViewOfSection
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - __C_specific_handler
+    - IoDeleteDevice
+    - HalTranslateBusAddress
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: 70c2c29643ee1edd3bbcd2ef1ffc9a73
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: deb9c1e252f598099d70d2b33a313da3
+        SHA1: f0c2801e0091ed6f5e10ea7045e911aa90030290
+        SHA256: 914fb9761d50c3fa2ecf9fbd8af3735f9b8d6c4903e067c8af9546e79b6f22c7
+    SHA1: 62244c704b0f227444d3a515ea0dc1003418a028
+    SHA256: 67cd6166d791bdf74453e19c015b2cb1e85e41892c04580034b65f9f03fe2e79
+    Sections:
+        .text:
+            Entropy: 5.7214393917162045
+            Virtual Size: '0xc74'
+        .rdata:
+            Entropy: 3.4063014058939425
+            Virtual Size: '0x130'
+        .data:
+            Entropy: 2.4884950805464947
+            Virtual Size: '0x58'
+        .pdata:
+            Entropy: 3.1879942043708462
+            Virtual Size: '0x60'
+        INIT:
+            Entropy: 4.4494366822955245
+            Virtual Size: '0x202'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: OU=Timestamping CA, O=GlobalSign, CN=GlobalSign Timestamping
+                CA
+            ValidFrom: '2009-03-18 11:00:00'
+            ValidTo: '2028-01-28 12:00:00'
+            Signature: 5df6cb2b0d0140849f857a43706ae0c5e7aa0600d76713c9089131654f14a8a905dc389e6aa0300abd8dc78028ee4245ca94f3de5845a9803204f5595c6a70003927944df5b44634e81c5331b2b35416e9cc42abd5d959301cfb462725b88723b1e8758824831ec876377b01494548a4ede25dd27c9ca2dc2dba105a126265abae00c710343bcb72bd14240cdcc37627b4a7fee15829f20e169f91391d89a6e60f1c878ce258ac927e243eaaec14e73a33348bc63bac83ab0f14627aba1a2d4d4b1bc530f00b92797d3c78e0f8e6d215965999392b3061e8b8f8c0a1e9221411787dc4dc89bec0bb94e172aeebb540404fef171e585ed0a88996ac9228e9babf
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012019c19066
+            Version: 3
+            TBS:
+                MD5: 42023b9487cafe46c1b6a49c369a362e
+                SHA1: 7c7b524d269334b9f073c32e888e09544c6acd98
+                SHA256: b7126567833f3daa4085ff41e73112daad3d1e3808a942c1936520e2d6c46c78
+                SHA384: 0ee4f63d6f157ec4f6990c3ebb411ccd76cb1e2123c7f692459e43f96c0da2dbf60a2bce6afeacc60621d3055028baea
+        -   Subject: C=BE, O=GlobalSign NV, CN=GlobalSign Time Stamping Authority
+            ValidFrom: '2009-12-21 09:32:56'
+            ValidTo: '2020-12-22 09:32:56'
+            Signature: bc89ecfee63655935c79d4117a86808f17b693b26d9b91a1561811c655eaf608edad9b9ef52b81c8bbdd607b1b47991e6d403e1d80c213d58e04052fdbe7ae529e688472a1e54a603cf89bd52f46d8c3b2b79353ac9b6c432424d1f1fce9562e3411581843eaefff34746ca0c06c7fad031969881e9560cabbbd0cbb76efc724b081c63831cf36ad0c38b89020849b2e8f28b99ff6ca9427cdac396157e0e3955a9c769230f5dea6973d721c2a6032a8334d8635338a5cf3a4fdf7062ce16b4b30f5cbd34362f841b9de7d20cb058c8e2cf65f35fd338d42896508362ca389f45a858bb0b97bdb6ccba1f8d20e1bbb977cd12779be9d7c3be6a75634d8c991a9
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 01000000000125b0b4cc01
+            Version: 3
+            TBS:
+                MD5: e3369c8e5aec0504b3a50455f615d9f9
+                SHA1: 13c244a894b40ecd18aaf97c362f20385bd005a7
+                SHA256: 26da721a670c72836926032fee6920118bfb9bff89cc8d0ce30d9452c33f2532
+                SHA384: 1524902f0e25addc6d74039d439366d2b06199e215004fd8e145369f50ea94a021ce6312e8a62b35470da0309ccb975c
+        -   Subject: C=US, ST=California, L=Brea, O=EVGA, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=EVGA
+            ValidFrom: '2010-04-14 00:00:00'
+            ValidTo: '2012-04-15 23:59:59'
+            Signature: ba96817224593697c9135d803c5fc87767f2a7ed8fa0aa18eab4030a3daed18c55fb7eda8835d0488d18136c0db39d8edf3224790842cdf8580b35324631de717e9279d28d605285615341aeea10a73005d59cbe3138bebfa5003cbcf2971249423d820d6d252a18bf4dd124a1ac0c2f66015cbb23690e1b0fb9d5ce3f047663f1fb6735e54f09cfb6162da298bdc956490586cfdadee74a5766c187223e19112d22f59c7f3f325449afebc42689ec4c9399bd0d97397c37230804a4e5bc17e904008aa9c5972e2332302e57648006d057c9ed8c6384fb42d138971c86079b155c202733b837b3eef122c866ce3e6d8a8d9f1685e618cc2466d623d212b73df6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 79c32d7ddd2458cf2eabe5b1b5c5290f
+            Version: 3
+            TBS:
+                MD5: 5ba772ec00357ae706016510775c7a00
+                SHA1: eeb31b244ea14abae1e947ecdca0d6ae4720031b
+                SHA256: c8e707c2615c26ac78ed06b42dd20bc8ff82bc5e02ddafe2c9af85755097691b
+                SHA384: a1d6af64a5eb3841d632438119fc954354caf3ccea61b69003a7fc9da166a9c653dc0359be2ae2463bffb7b53b0911ac
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 79c32d7ddd2458cf2eabe5b1b5c5290f
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    Imphash: 543f80399f79401471523d335ea61642
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: cfe667280acf69d4b5d0e2dbc76510e4
+        SHA1: b3249bacda6e43aa2c46c2af802c9ee0b7e2fd7b
+        SHA256: 3c9829a16eb85272b0e1a2917feffaab8ddb23e633b168b389669339a0cee0b5
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2015-04-24 01:01:47'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - MmMapIoSpace
+    - __C_specific_handler
+    - ZwClose
+    - ZwUnmapViewOfSection
+    - MmUnmapIoSpace
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - RtlInitUnicodeString
+    - IoDeleteSymbolicLink
+    - IofCompleteRequest
+    - IoDeleteDevice
+    - HalSetBusDataByOffset
+    - HalTranslateBusAddress
+    - HalGetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: ddb7da975d90b2a9c9c58e1af55f0285
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: ebe2ae976914018e88e9fc480e7b6269
+        SHA1: 960715bfbccb53b6c4eccca3b232b25640e15b52
+        SHA256: d755e9f3cb861f5227319238f1811265e332e36a922b9a25da38b122a791fdfa
+    SHA1: 977fd907b6a2509019d8ef4f6213039f2523f2b5
+    SHA256: d9a3dc47699949c8ec0c704346fb2ee86ff9010daa0dbac953cfa5f76b52fcd1
+    Sections:
+        .text:
+            Entropy: 5.874422277751402
+            Virtual Size: '0x9b4'
+        .rdata:
+            Entropy: 3.0356607252090053
+            Virtual Size: '0x120'
+        .data:
+            Entropy: 2.4884950805464947
+            Virtual Size: '0x58'
+        .pdata:
+            Entropy: 2.979061917571089
+            Virtual Size: '0x54'
+        INIT:
+            Entropy: 4.523481595961036
+            Virtual Size: '0x258'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Timestamping CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2028-01-28 12:00:00'
+            Signature: 4e5e56901e46b4d94931f3bb1739281bc216ddfd41dc0905049b6fb2a29ad6992e40990055b5ea3fa52076d38634d417cc553ac782eeefa8babcd8069f1550dfcd167b523a02d7191afdaff0785ce04bc518df3a241edaacb8a95804020730dbb0125efe31bef00448f4f070f83a5e5683cf3dfb0dbcf4c5ed979db9d4dba52784e3389b8ba735864420a43b6da46a0ba183fd28ebdaef28f6cc885dfb0a3b00abe021ebe22f356c0f8e344597eba2f79933357ecb9a8abb454de73f9fc2d98afa65b26ec77e65ffe892e12c31a2f7b02736488f266f3bee4d761f79c3e57f9635bc2d0ecc01b08e7fff518080a792d4b34446648c874f166307314b63b0dff3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee152d7
+            Version: 3
+            TBS:
+                MD5: e140543fe3256027cfa79fc3c19c1776
+                SHA1: c655f94eb1ecc93de319fc0c9a2dc6c5ec063728
+                SHA256: 3ca71e85908ff67368e4dc00253f5691b9e6d50c966e7784143d75fb92aa3448
+                SHA384: d9d366f9328f2b55ee19a32cc5fd5148b81d764282fe5dc196c872ae249caa51d2c212ef39f33945dfe0cda81925e326
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=SG, O=GMO GlobalSign Pte Ltd, CN=GlobalSign TSA for MS Authenticode
+                , G2
+            ValidFrom: '2015-02-03 00:00:00'
+            ValidTo: '2026-03-03 00:00:00'
+            Signature: 8032dc078d1ca09c9d3c2ae83d218b59a14d7ecc44ce03be7eaabcc4e67b73bb4bf188da904e7537283863b9d72b0f54a956ce7739973073cd9bd9d905451c8da4b8035d4fd91c2e98e0e988e6ecd7057e562a7bf7165ba3ad8f972512841bb25c634a0ad2ef10544782843569289c0ce41f141624fa75dc74726e4ecae36a43afcf7d3648d1bde906912c2fa6c871fdcfbdd89d2198fcafdbde228cafa7f377ef9ddca3704b441af078851ef2a58c39b5dc881c37edad14f5070b26bdbe6d025eb1b8b0586c853a0df6ff5a270cc5de53e7543c564cc94e4c30f6f25cfb1a8cc282bead5991f61b4d557bcf5b01dcfd7ad36f235c32479b01f3c15114468a9b
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112106a081d33fd87ae5824cc16b52094e03
+            Version: 3
+            TBS:
+                MD5: a0ac4d48fe852f7b3ed4e623d59a825f
+                SHA1: d4db9846bc4d7db142eeb364286f6de7c102420c
+                SHA256: 78d2e41a13eb4e9171bae2d2adb192cf39210b5231f77cda936bcfbe8c003bdf
+                SHA384: 990ed96dca5979deeedc98a012279f04efb5559d7e7f5084a12f3802ee9439326557aecefd081cff739b78515b5d7f50
+        -   Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL
+                CO., LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL
+                CO., LTD.
+            ValidFrom: '2014-06-03 09:16:15'
+            ValidTo: '2017-09-03 09:16:15'
+            Signature: 8c35a5b5d3503f50119ab8f99b07a4bb4b71cafaf983206f744545c2997ae1762032fa2d37f4780cfe83bfa999d7bcbd863dc4a51ff39978160e2e191482ae6d7f08e8ffa337c96d8c2d38ddf476a497265a890c1bbf0dee89b1abd32343889a3757732d205ba06525fa8f6e15005405a53e55cef71ac0b6af3a640e4c8aef5e950ab8a8b5c8bcddb2ade96ad9473a3d860ae16fdbe3362cabfd916da089167d906d378dbf4534f7ffb77d87baba29f8f5bbbd9b4b7c127ac170a270dc7a7272d38fdf3bbadbfb448d47e5dd4d310a588666a0d66762e1b3704b1e00e39739190c02f4b981cf2d27ba07d2472ec320edf29e263f26278995d162102968c999b3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112158044863e4dc19cf29a85668b7f45842
+            Version: 3
+            TBS:
+                MD5: 403bb44a62aed1a94bd5df05b3292482
+                SHA1: e4a0353e75940ab1e8cbff2f433f186c7f0b0f09
+                SHA256: 5b81998ed98b343c04134c336e03f3051779eae0e9f882e8339593d18556375d
+                SHA384: db0076cad41a0ef4ea68754ef6905bd5ff772adcb745b05c0060344e43588abc95952dc3ad272f5a8f17b206e4089aca
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112158044863e4dc19cf29a85668b7f45842
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: cde9174249f04dad0f79890c976c0792
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 538e5e595c61d2ea8defb7b047784734
+        SHA1: 4a68c2d7a4c471e062a32c83a36eedb45a619683
+        SHA256: 478c36f8af7844a80e24c1822507beef6314519185717ec7ae224a0e04b2f330
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2016-09-30 06:03:17'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - MmMapIoSpace
+    - __C_specific_handler
+    - ZwClose
+    - ZwUnmapViewOfSection
+    - MmUnmapIoSpace
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - RtlInitUnicodeString
+    - IoDeleteSymbolicLink
+    - IofCompleteRequest
+    - IoDeleteDevice
+    - HalTranslateBusAddress
+    - HalGetBusDataByOffset
+    - HalSetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: 72acbdd8fac58b71b301980eab3ebfc8
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: ebe2ae976914018e88e9fc480e7b6269
+        SHA1: 960715bfbccb53b6c4eccca3b232b25640e15b52
+        SHA256: d755e9f3cb861f5227319238f1811265e332e36a922b9a25da38b122a791fdfa
+    SHA1: d57c732050d7160161e096a8b238cb05d89d1bb2
+    SHA256: 11208bbba148736309a8d2a4ab9ab6b8f22f2297547b100d8bdfd7d413fe98b2
+    Sections:
+        .text:
+            Entropy: 5.9488831741487855
+            Virtual Size: '0xb64'
+        .rdata:
+            Entropy: 3.0845170472775276
+            Virtual Size: '0x12c'
+        .data:
+            Entropy: 2.4884950805464947
+            Virtual Size: '0x58'
+        .pdata:
+            Entropy: 3.0964706270496722
+            Virtual Size: '0x60'
+        INIT:
+            Entropy: 4.528890116790764
+            Virtual Size: '0x258'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Timestamping CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2028-01-28 12:00:00'
+            Signature: 4e5e56901e46b4d94931f3bb1739281bc216ddfd41dc0905049b6fb2a29ad6992e40990055b5ea3fa52076d38634d417cc553ac782eeefa8babcd8069f1550dfcd167b523a02d7191afdaff0785ce04bc518df3a241edaacb8a95804020730dbb0125efe31bef00448f4f070f83a5e5683cf3dfb0dbcf4c5ed979db9d4dba52784e3389b8ba735864420a43b6da46a0ba183fd28ebdaef28f6cc885dfb0a3b00abe021ebe22f356c0f8e344597eba2f79933357ecb9a8abb454de73f9fc2d98afa65b26ec77e65ffe892e12c31a2f7b02736488f266f3bee4d761f79c3e57f9635bc2d0ecc01b08e7fff518080a792d4b34446648c874f166307314b63b0dff3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee152d7
+            Version: 3
+            TBS:
+                MD5: e140543fe3256027cfa79fc3c19c1776
+                SHA1: c655f94eb1ecc93de319fc0c9a2dc6c5ec063728
+                SHA256: 3ca71e85908ff67368e4dc00253f5691b9e6d50c966e7784143d75fb92aa3448
+                SHA384: d9d366f9328f2b55ee19a32cc5fd5148b81d764282fe5dc196c872ae249caa51d2c212ef39f33945dfe0cda81925e326
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=SG, O=GMO GlobalSign Pte Ltd, CN=GlobalSign TSA for MS Authenticode
+                , G2
+            ValidFrom: '2016-05-24 00:00:00'
+            ValidTo: '2027-06-24 00:00:00'
+            Signature: 8fa91a916d04a637200e8396de23d36b6e1f6edd643d682122b5f84736698ee1a545c724a222b72909cc545aaec6bccd638eb33d5048e5b4ccaecd928d9e288b134a11aabda3efd3b236fcb4a172bf6d9763798c44bc702f7ef3bcdd8253ab1af6ebfa1c97bcb6379ca41c30bcabbc2d4736df922003e871c658f675059a34f00b595a824434aa80e42f84f6475d96c9b6caca9db7a6bae450d3d437b8ba200ed0d3922a5bc459bba16ddb3cce449dc1382aade38dbdcd09771a10be670a02366488b9b31b26eee79e60c446a8bc61336ccf4eb99cb96af09f37feb53d4f9ad34dffde208e4e97a6fd9f09bc4dca1876c9b04d8550f280d21d06f5580407b118
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1121d699a764973ef1f8427ee919cc534114
+            Version: 3
+            TBS:
+                MD5: acb5170547d76873f1e4ff18ed5de2eb
+                SHA1: bd6e261e75b807381bada7287de04d259258a5fa
+                SHA256: 4783380498acf592286ef2dea0fcc5bdea3f54d5e374d3e3497df9d5f662cfb6
+                SHA384: 4f428f115cf3d008248f15f32007fc7c54bd454e1b48b765776b4c87c23ab8818d8fbcbb3646d35eca012b025260a3b8
+        -   Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL
+                CO., LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL
+                CO., LTD.
+            ValidFrom: '2014-06-03 09:16:15'
+            ValidTo: '2017-09-03 09:16:15'
+            Signature: 8c35a5b5d3503f50119ab8f99b07a4bb4b71cafaf983206f744545c2997ae1762032fa2d37f4780cfe83bfa999d7bcbd863dc4a51ff39978160e2e191482ae6d7f08e8ffa337c96d8c2d38ddf476a497265a890c1bbf0dee89b1abd32343889a3757732d205ba06525fa8f6e15005405a53e55cef71ac0b6af3a640e4c8aef5e950ab8a8b5c8bcddb2ade96ad9473a3d860ae16fdbe3362cabfd916da089167d906d378dbf4534f7ffb77d87baba29f8f5bbbd9b4b7c127ac170a270dc7a7272d38fdf3bbadbfb448d47e5dd4d310a588666a0d66762e1b3704b1e00e39739190c02f4b981cf2d27ba07d2472ec320edf29e263f26278995d162102968c999b3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 112158044863e4dc19cf29a85668b7f45842
+            Version: 3
+            TBS:
+                MD5: 403bb44a62aed1a94bd5df05b3292482
+                SHA1: e4a0353e75940ab1e8cbff2f433f186c7f0b0f09
+                SHA256: 5b81998ed98b343c04134c336e03f3051779eae0e9f882e8339593d18556375d
+                SHA384: db0076cad41a0ef4ea68754ef6905bd5ff772adcb745b05c0060344e43588abc95952dc3ad272f5a8f17b206e4089aca
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 112158044863e4dc19cf29a85668b7f45842
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 7363079b9aae7d58bd33c691a613c83c
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 936e49d3eec0a2f433e9d0115a38a2b6
+        SHA1: 5717bf3e520accfff5ad9943e53a3b118fb67f2e
+        SHA256: 918d2e68a724b58d37443aea159e70bf8b1b5ebb089c395cad1d62745ecdaa19
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2013-03-10 23:32:06'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - RtlInitUnicodeString
+    - ZwClose
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - MmMapIoSpace
+    - IoDeleteSymbolicLink
+    - IofCompleteRequest
+    - ZwUnmapViewOfSection
+    - MmUnmapIoSpace
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - __C_specific_handler
+    - IoDeleteDevice
+    - HalTranslateBusAddress
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: 260eef181a9bf2849bfec54c1736613b
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 59080883b71fd56bbf10ec0ae4b6bdd4
+        SHA1: 503a36a225568553cc9b05f63b3506c6ff21e12e
+        SHA256: bc812d4ddc3ecfbf38c4d0d185e368fc58bac6e07f722db032bf6303daa7c946
+    SHA1: 0f78974194b604122b1cd4e82768155f946f6d24
+    SHA256: b749566057dee0439f54b0d38935e5939b5cb011c46d7022530f748ebc63efe5
+    Sections:
+        .text:
+            Entropy: 5.875896928498946
+            Virtual Size: '0x8c4'
+        .rdata:
+            Entropy: 3.077836082863532
+            Virtual Size: '0x110'
+        .data:
+            Entropy: 2.4884950805464947
+            Virtual Size: '0x58'
+        .pdata:
+            Entropy: 2.9223636591016042
+            Virtual Size: '0x54'
+        INIT:
+            Entropy: 4.468159720315432
+            Virtual Size: '0x218'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Timestamping CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2028-01-28 12:00:00'
+            Signature: 4e5e56901e46b4d94931f3bb1739281bc216ddfd41dc0905049b6fb2a29ad6992e40990055b5ea3fa52076d38634d417cc553ac782eeefa8babcd8069f1550dfcd167b523a02d7191afdaff0785ce04bc518df3a241edaacb8a95804020730dbb0125efe31bef00448f4f070f83a5e5683cf3dfb0dbcf4c5ed979db9d4dba52784e3389b8ba735864420a43b6da46a0ba183fd28ebdaef28f6cc885dfb0a3b00abe021ebe22f356c0f8e344597eba2f79933357ecb9a8abb454de73f9fc2d98afa65b26ec77e65ffe892e12c31a2f7b02736488f266f3bee4d761f79c3e57f9635bc2d0ecc01b08e7fff518080a792d4b34446648c874f166307314b63b0dff3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee152d7
+            Version: 3
+            TBS:
+                MD5: e140543fe3256027cfa79fc3c19c1776
+                SHA1: c655f94eb1ecc93de319fc0c9a2dc6c5ec063728
+                SHA256: 3ca71e85908ff67368e4dc00253f5691b9e6d50c966e7784143d75fb92aa3448
+                SHA384: d9d366f9328f2b55ee19a32cc5fd5148b81d764282fe5dc196c872ae249caa51d2c212ef39f33945dfe0cda81925e326
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=SG, O=GMO GlobalSign Pte Ltd, CN=GlobalSign TSA for MS Authenticode
+                , G1
+            ValidFrom: '2013-08-23 00:00:00'
+            ValidTo: '2024-09-23 00:00:00'
+            Signature: 0231142e5857644185e8af12753c881cc35eec2ce9a13cf5baaa531db9d12963dc436786d439dadec6c9ffbe4585f4a4d7c151ea18ee40585ee67bcca241291338c8ea21169cce90a62efba6cad994df401df902182bbef65d4f9fff9a48dbc50509ca80cea0f9dc4bc323e6038fb4b4af5b71296191181a6b7af2fd0dd1cd7d5e98ebba705ee5f4ea43de353dc514818adb3e105ebb72faa1a093ab031cc1653c91138b045d2bc4b9161bcc55c50ce8abe743c9b28328a5531347ab3964b91cea3430b176009521f1d43da8fda00032d76e983ca69c3b0b83becbb8bb2a268c59b8b9aeaf26ace234a2dc210d810b3813f745a3e3dbc4aca16d1bb7e5615cd7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1121405c1f0ed258882be54d8686ba11ea45
+            Version: 3
+            TBS:
+                MD5: b95cbc184d388718612d5933f7b36770
+                SHA1: ff124c5d160710720108616ffee99bbe090ed363
+                SHA256: 13027620255363f07bbf85ae7d0dc06c07d8b0f4368b12f983ee3f4fce605733
+                SHA384: f42ed00f615f2822dcd3d33794477428afb52ddab932ebcde3586f92a27e18f9faba6b3334ca4e59e0cb24bdbf8395a6
+        -   Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL
+                CO., LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL
+                CO., LTD.
+            ValidFrom: '2011-08-30 06:46:09'
+            ValidTo: '2014-08-30 06:46:09'
+            Signature: 87bf57ab7ffd7e005076b34b14ddd924045ec7e389871661794f1ece1bef10e050893b28236cb650af1415f8cd95e86c2052d93311d73e0bbe6fb1c22ddea438a93c8b18bd4b8c0f81ad07032efb46d406bbaa730dd3ac92cbf0d9cc711a397a0e0320b213a5161e6be83ec69967a712b463129ea56d5a8ecd3ff8901be09dfaa0a0f10e879b307863e1b1c3a3149ac73bc3f3160db7012229b57bced6d47b875878663642a8cddd03da1e7f236b8cf16713a5e0f4c892aaca77a8c7dab41d84567e2bbf09b336a2824e0e18d54d199e6e024d2630bb210cd24a9ef4b377be0429e2ecc9bf8478a8c6a78c686e26f29c95925baee85e4bbb97b6eecffe44a25e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
+            Version: 3
+            TBS:
+                MD5: 3a98a18e8636f2a01e49e2a6d116c360
+                SHA1: a2938150e46525adcec2e3a2348824bc1cf532b2
+                SHA256: 01a2e2d31d0a4f3005753cce5972b5da2a7c08b0750fb6947e0fd231e64ae7ec
+                SHA384: 722398e51e6b5bbe064df372be6b6a9ccfcc9719ad775213cae46920e0a3e6c5a4dc8b912de3148abfc60ff4a59050ea
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 690a0fb27a0c47c785d6bbbfc2e56501
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 55466195f0b2f4afc4243b43a806e6d9
+        SHA1: 38b353d8480885de5dcf299deca99ce4f26a1d20
+        SHA256: 5182caf10de9cec0740ecde5a081c21cdc100d7eb328ffe6f3f63183889fec6b
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2011-09-06 06:24:50'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - RtlInitUnicodeString
+    - ZwClose
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - MmMapIoSpace
+    - IoDeleteSymbolicLink
+    - IofCompleteRequest
+    - ZwUnmapViewOfSection
+    - MmUnmapIoSpace
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - __C_specific_handler
+    - IoDeleteDevice
+    - HalTranslateBusAddress
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: aa55dd14064cb808613d09195e3ba749
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 59080883b71fd56bbf10ec0ae4b6bdd4
+        SHA1: 503a36a225568553cc9b05f63b3506c6ff21e12e
+        SHA256: bc812d4ddc3ecfbf38c4d0d185e368fc58bac6e07f722db032bf6303daa7c946
+    SHA1: 604870e76e55078dfb8055d49ae8565ed6177f7c
+    SHA256: 3ac8e54be2804f5fa60d0d23a11ba323fba078a942c96279425aabad935b8236
+    Sections:
+        .text:
+            Entropy: 5.866767422382319
+            Virtual Size: '0x8b4'
+        .rdata:
+            Entropy: 3.095201756852517
+            Virtual Size: '0x110'
+        .data:
+            Entropy: 2.4884950805464947
+            Virtual Size: '0x58'
+        .pdata:
+            Entropy: 3.045843351790575
+            Virtual Size: '0x54'
+        INIT:
+            Entropy: 4.468159720315432
+            Virtual Size: '0x218'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: OU=Timestamping CA, O=GlobalSign, CN=GlobalSign Timestamping
+                CA
+            ValidFrom: '2009-03-18 11:00:00'
+            ValidTo: '2028-01-28 12:00:00'
+            Signature: 5df6cb2b0d0140849f857a43706ae0c5e7aa0600d76713c9089131654f14a8a905dc389e6aa0300abd8dc78028ee4245ca94f3de5845a9803204f5595c6a70003927944df5b44634e81c5331b2b35416e9cc42abd5d959301cfb462725b88723b1e8758824831ec876377b01494548a4ede25dd27c9ca2dc2dba105a126265abae00c710343bcb72bd14240cdcc37627b4a7fee15829f20e169f91391d89a6e60f1c878ce258ac927e243eaaec14e73a33348bc63bac83ab0f14627aba1a2d4d4b1bc530f00b92797d3c78e0f8e6d215965999392b3061e8b8f8c0a1e9221411787dc4dc89bec0bb94e172aeebb540404fef171e585ed0a88996ac9228e9babf
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012019c19066
+            Version: 3
+            TBS:
+                MD5: 42023b9487cafe46c1b6a49c369a362e
+                SHA1: 7c7b524d269334b9f073c32e888e09544c6acd98
+                SHA256: b7126567833f3daa4085ff41e73112daad3d1e3808a942c1936520e2d6c46c78
+                SHA384: 0ee4f63d6f157ec4f6990c3ebb411ccd76cb1e2123c7f692459e43f96c0da2dbf60a2bce6afeacc60621d3055028baea
+        -   Subject: C=BE, O=GlobalSign NV, CN=GlobalSign Time Stamping Authority
+            ValidFrom: '2009-12-21 09:32:56'
+            ValidTo: '2020-12-22 09:32:56'
+            Signature: bc89ecfee63655935c79d4117a86808f17b693b26d9b91a1561811c655eaf608edad9b9ef52b81c8bbdd607b1b47991e6d403e1d80c213d58e04052fdbe7ae529e688472a1e54a603cf89bd52f46d8c3b2b79353ac9b6c432424d1f1fce9562e3411581843eaefff34746ca0c06c7fad031969881e9560cabbbd0cbb76efc724b081c63831cf36ad0c38b89020849b2e8f28b99ff6ca9427cdac396157e0e3955a9c769230f5dea6973d721c2a6032a8334d8635338a5cf3a4fdf7062ce16b4b30f5cbd34362f841b9de7d20cb058c8e2cf65f35fd338d42896508362ca389f45a858bb0b97bdb6ccba1f8d20e1bbb977cd12779be9d7c3be6a75634d8c991a9
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 01000000000125b0b4cc01
+            Version: 3
+            TBS:
+                MD5: e3369c8e5aec0504b3a50455f615d9f9
+                SHA1: 13c244a894b40ecd18aaf97c362f20385bd005a7
+                SHA256: 26da721a670c72836926032fee6920118bfb9bff89cc8d0ce30d9452c33f2532
+                SHA384: 1524902f0e25addc6d74039d439366d2b06199e215004fd8e145369f50ea94a021ce6312e8a62b35470da0309ccb975c
+        -   Subject: C=US, ST=California, L=Brea, O=EVGA, OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, CN=EVGA
+            ValidFrom: '2010-04-14 00:00:00'
+            ValidTo: '2012-04-15 23:59:59'
+            Signature: ba96817224593697c9135d803c5fc87767f2a7ed8fa0aa18eab4030a3daed18c55fb7eda8835d0488d18136c0db39d8edf3224790842cdf8580b35324631de717e9279d28d605285615341aeea10a73005d59cbe3138bebfa5003cbcf2971249423d820d6d252a18bf4dd124a1ac0c2f66015cbb23690e1b0fb9d5ce3f047663f1fb6735e54f09cfb6162da298bdc956490586cfdadee74a5766c187223e19112d22f59c7f3f325449afebc42689ec4c9399bd0d97397c37230804a4e5bc17e904008aa9c5972e2332302e57648006d057c9ed8c6384fb42d138971c86079b155c202733b837b3eef122c866ce3e6d8a8d9f1685e618cc2466d623d212b73df6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 79c32d7ddd2458cf2eabe5b1b5c5290f
+            Version: 3
+            TBS:
+                MD5: 5ba772ec00357ae706016510775c7a00
+                SHA1: eeb31b244ea14abae1e947ecdca0d6ae4720031b
+                SHA256: c8e707c2615c26ac78ed06b42dd20bc8ff82bc5e02ddafe2c9af85755097691b
+                SHA384: a1d6af64a5eb3841d632438119fc954354caf3ccea61b69003a7fc9da166a9c653dc0359be2ae2463bffb7b53b0911ac
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 79c32d7ddd2458cf2eabe5b1b5c5290f
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    Imphash: 690a0fb27a0c47c785d6bbbfc2e56501
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 936e49d3eec0a2f433e9d0115a38a2b6
+        SHA1: 5717bf3e520accfff5ad9943e53a3b118fb67f2e
+        SHA256: 918d2e68a724b58d37443aea159e70bf8b1b5ebb089c395cad1d62745ecdaa19
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2013-03-10 23:32:06'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - RtlInitUnicodeString
+    - ZwClose
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - MmMapIoSpace
+    - IoDeleteSymbolicLink
+    - IofCompleteRequest
+    - ZwUnmapViewOfSection
+    - MmUnmapIoSpace
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - __C_specific_handler
+    - IoDeleteDevice
+    - HalTranslateBusAddress
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: 710b290a00598fbb1bcc49b30174b2c9
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 59080883b71fd56bbf10ec0ae4b6bdd4
+        SHA1: 503a36a225568553cc9b05f63b3506c6ff21e12e
+        SHA256: bc812d4ddc3ecfbf38c4d0d185e368fc58bac6e07f722db032bf6303daa7c946
+    SHA1: 1e6c2763f97e4275bba581de880124d64666a2fe
+    SHA256: bbbeb5020b58e6942ec7dec0d1d518e95fc12ddae43f54ef0829d3393c6afd63
+    Sections:
+        .text:
+            Entropy: 5.875896928498946
+            Virtual Size: '0x8c4'
+        .rdata:
+            Entropy: 3.077836082863532
+            Virtual Size: '0x110'
+        .data:
+            Entropy: 2.4884950805464947
+            Virtual Size: '0x58'
+        .pdata:
+            Entropy: 2.9223636591016042
+            Virtual Size: '0x54'
+        INIT:
+            Entropy: 4.468159720315432
+            Virtual Size: '0x218'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: OU=Timestamping CA, O=GlobalSign, CN=GlobalSign Timestamping
+                CA
+            ValidFrom: '2009-03-18 11:00:00'
+            ValidTo: '2028-01-28 12:00:00'
+            Signature: 5df6cb2b0d0140849f857a43706ae0c5e7aa0600d76713c9089131654f14a8a905dc389e6aa0300abd8dc78028ee4245ca94f3de5845a9803204f5595c6a70003927944df5b44634e81c5331b2b35416e9cc42abd5d959301cfb462725b88723b1e8758824831ec876377b01494548a4ede25dd27c9ca2dc2dba105a126265abae00c710343bcb72bd14240cdcc37627b4a7fee15829f20e169f91391d89a6e60f1c878ce258ac927e243eaaec14e73a33348bc63bac83ab0f14627aba1a2d4d4b1bc530f00b92797d3c78e0f8e6d215965999392b3061e8b8f8c0a1e9221411787dc4dc89bec0bb94e172aeebb540404fef171e585ed0a88996ac9228e9babf
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012019c19066
+            Version: 3
+            TBS:
+                MD5: 42023b9487cafe46c1b6a49c369a362e
+                SHA1: 7c7b524d269334b9f073c32e888e09544c6acd98
+                SHA256: b7126567833f3daa4085ff41e73112daad3d1e3808a942c1936520e2d6c46c78
+                SHA384: 0ee4f63d6f157ec4f6990c3ebb411ccd76cb1e2123c7f692459e43f96c0da2dbf60a2bce6afeacc60621d3055028baea
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=BE, O=GlobalSign NV, CN=GlobalSign Time Stamping Authority
+            ValidFrom: '2009-12-21 09:32:56'
+            ValidTo: '2020-12-22 09:32:56'
+            Signature: bc89ecfee63655935c79d4117a86808f17b693b26d9b91a1561811c655eaf608edad9b9ef52b81c8bbdd607b1b47991e6d403e1d80c213d58e04052fdbe7ae529e688472a1e54a603cf89bd52f46d8c3b2b79353ac9b6c432424d1f1fce9562e3411581843eaefff34746ca0c06c7fad031969881e9560cabbbd0cbb76efc724b081c63831cf36ad0c38b89020849b2e8f28b99ff6ca9427cdac396157e0e3955a9c769230f5dea6973d721c2a6032a8334d8635338a5cf3a4fdf7062ce16b4b30f5cbd34362f841b9de7d20cb058c8e2cf65f35fd338d42896508362ca389f45a858bb0b97bdb6ccba1f8d20e1bbb977cd12779be9d7c3be6a75634d8c991a9
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 01000000000125b0b4cc01
+            Version: 3
+            TBS:
+                MD5: e3369c8e5aec0504b3a50455f615d9f9
+                SHA1: 13c244a894b40ecd18aaf97c362f20385bd005a7
+                SHA256: 26da721a670c72836926032fee6920118bfb9bff89cc8d0ce30d9452c33f2532
+                SHA384: 1524902f0e25addc6d74039d439366d2b06199e215004fd8e145369f50ea94a021ce6312e8a62b35470da0309ccb975c
+        -   Subject: C=TW, ST=Taiwan, L=New Taipei City, O=MICRO,STAR INTERNATIONAL
+                CO., LTD., OU=MICRO,STAR INTERNATIONAL CO., LTD., CN=MICRO,STAR INTERNATIONAL
+                CO., LTD.
+            ValidFrom: '2011-08-30 06:46:09'
+            ValidTo: '2014-08-30 06:46:09'
+            Signature: 87bf57ab7ffd7e005076b34b14ddd924045ec7e389871661794f1ece1bef10e050893b28236cb650af1415f8cd95e86c2052d93311d73e0bbe6fb1c22ddea438a93c8b18bd4b8c0f81ad07032efb46d406bbaa730dd3ac92cbf0d9cc711a397a0e0320b213a5161e6be83ec69967a712b463129ea56d5a8ecd3ff8901be09dfaa0a0f10e879b307863e1b1c3a3149ac73bc3f3160db7012229b57bced6d47b875878663642a8cddd03da1e7f236b8cf16713a5e0f4c892aaca77a8c7dab41d84567e2bbf09b336a2824e0e18d54d199e6e024d2630bb210cd24a9ef4b377be0429e2ecc9bf8478a8c6a78c686e26f29c95925baee85e4bbb97b6eecffe44a25e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
+            Version: 3
+            TBS:
+                MD5: 3a98a18e8636f2a01e49e2a6d116c360
+                SHA1: a2938150e46525adcec2e3a2348824bc1cf532b2
+                SHA256: 01a2e2d31d0a4f3005753cce5972b5da2a7c08b0750fb6947e0fd231e64ae7ec
+                SHA384: 722398e51e6b5bbe064df372be6b6a9ccfcc9719ad775213cae46920e0a3e6c5a4dc8b912de3148abfc60ff4a59050ea
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 1121a559b50ef9848661f0faeb7421bbdd2c
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 690a0fb27a0c47c785d6bbbfc2e56501
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/e368efc7-cf69-47ae-8204-f69dac000b22.yaml b/yaml/e368efc7-cf69-47ae-8204-f69dac000b22.yaml
index d2e80fc91..9e31f30ef 100644
--- a/yaml/e368efc7-cf69-47ae-8204-f69dac000b22.yaml
+++ b/yaml/e368efc7-cf69-47ae-8204-f69dac000b22.yaml
@@ -1,3944 +1,3968 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: e368efc7-cf69-47ae-8204-f69dac000b22
+Tags:
+- iobitunlocker.sys
+Verified: 'TRUE'
 Author: Michael Haag
+Created: '2023-07-22'
+MitreID: T1068
 CVE:
 - ''
 Category: vulnerable drivers
 Commands:
-  Command: ''
-  Description: Confirmed vulnerable driver from Microsoft Block List
-  OperatingSystem: Windows
-  Privileges: kernel
-  Usecase: Elevate privileges
-Created: '2023-07-22'
-Detection:
-- type: ''
-  value: ''
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: e368efc7-cf69-47ae-8204-f69dac000b22
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 0a3c811c84c0731bb691dd1c2f51d932
-    SHA1: 9cfe5fdbdd41c4d4e026a588fc8df412cc4620fc
-    SHA256: c025ec72d4b8297ee2e0fac7747f39d256aad26fbf0554e3729e3e381bc6ea86
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2011-06-27 23:49:37'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - MmGetSystemRoutineAddress
-  - ExfInterlockedPopEntryList
-  - KeWaitForSingleObject
-  - IofCallDriver
-  - KeGetCurrentThread
-  - KeInitializeEvent
-  - IoAllocateIrp
-  - ZwClose
-  - ObfDereferenceObject
-  - IoGetRelatedDeviceObject
-  - ObReferenceObjectByHandle
-  - IoFileObjectType
-  - memcpy
-  - ZwWriteFile
-  - ZwReadFile
-  - ZwWaitForSingleObject
-  - memset
-  - RtlCompareUnicodeString
-  - KeDelayExecutionThread
-  - _wcsnicmp
-  - ExAllocatePoolWithTag
-  - IoCreateFile
-  - ZwQueryDirectoryFile
-  - IoFreeIrp
-  - KeSetEvent
-  - ZwOpenProcess
-  - ZwTerminateProcess
-  - _wcsicmp
-  - wcsrchr
-  - ZwDuplicateObject
-  - ExfInterlockedPushEntryList
-  - KeUnstackDetachProcess
-  - MmIsAddressValid
-  - PsGetProcessPeb
-  - KeStackAttachProcess
-  - PsLookupProcessByProcessId
-  - ZwQuerySystemInformation
-  - ZwQuerySymbolicLinkObject
-  - ZwOpenSymbolicLinkObject
-  - RtlInitUnicodeString
-  - ZwQueryInformationFile
-  - ObQueryNameString
-  - KeTickCount
-  - KeBugCheckEx
-  - ExFreePoolWithTag
-  - DbgPrint
-  - IofCompleteRequest
-  - IoDeleteSymbolicLink
-  - _vsnwprintf
-  - IoDeleteDevice
-  - KeGetCurrentIrql
-  - RtlUnwind
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  - NTOSKRNL.EXE
-  InternalName: ''
-  MD5: 05ad4a6ef441e94acb1a1a9a11a26f3a
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 5b4d8c2b8c149dbd5d949b7937d828d8
-    SHA1: 64d5063b776d4a59b8a8cbb7852d9afb61df93f5
-    SHA256: 2c1db2adc3c9d42ce0e0ded5b469406d8748cb851639f3826a5bc8120e7398ae
-  SHA1: d7f12c8d515a0ad401fa02cc8ac42b11b5b7fa55
-  SHA256: 7a1feb8649a5c0679e1073e6d8a02c8a6ebc5825f02999f16c9459284f1b198b
-  Sections:
-    .text:
-      Entropy: 6.355989058358682
-      Virtual Size: '0x3d85'
-    .rdata:
-      Entropy: 4.2685062053422165
-      Virtual Size: '0x29c'
-    .data:
-      Entropy: 1.5672229185382367
-      Virtual Size: '0x8c'
-    INIT:
-      Entropy: 5.415106162348945
-      Virtual Size: '0x5e8'
-    .reloc:
-      Entropy: 5.590213587032387
-      Virtual Size: '0x3ca'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=CN, ST=SiChuan, L=ChengDu, O=IObit Information Technology, OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, CN=IObit Information Technology
-      ValidFrom: '2009-12-08 00:00:00'
-      ValidTo: '2013-01-04 23:59:59'
-      Signature: 121505a16515db672b7a89c4490a50abc3acde2385c839538892a2927a188d02e43d4379e2781145750af1c075c111023d550c0a06285a62ea1d08cfd95cb4e48fb20550a8ec23b5ea180eb802c4c72cc54217787a3fad704c685e43364efb48020458bd61f57498dbb4dc4c9181f72debe1667592515c6217a82c54c96e16266bb4cb9af759ca32aceb7b196bfe951c810d30bf879417fd1de08b8fbca8b45c223bda4feaedd82e8d73c4fd485c71b7271f3e2f225fa2a2a4a4bdd325f1f1d392676122ec7106e4f8c5addc92d89b0b902df56447bd1be2750a1a21a71cc783a65777153a7d1b3ed2d899702a4b53aed227dfabf762cbaf007ab0aa4228ea61
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 2b8f44226c2d9e0edf5765b0d7a21b51
-      Version: 3
-      TBS:
-        MD5: dcd6726e69a9158dd03eb7deec112756
-        SHA1: 639f767702630ca2a0756c3b2d3c07914c75d8ce
-        SHA256: 9a3ca6cae4be1d87bc9836355b5348aa9736a99250653ff9279136c0be63b7c7
-        SHA384: 0ce3d053c4d09a47ad02a0d6381d3199cfe38dd465413403cb03ba89c6ca5830a530a1d90ab4f2a7d96f7619804b661d
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 2b8f44226c2d9e0edf5765b0d7a21b51
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  Imphash: a9e02912a3b2915e7bd0d33d49adc21e
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: edc928500093686626e4d82a09eb5681
-    SHA1: 3221d04a27d9ba6646668bea02fe9538e6eec58d
-    SHA256: ce12d9c2996a6626f6fc68415f8a94851b3468c9c62cc408dbdc0227cf77939d
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2011-03-03 02:01:12'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - IofCompleteRequest
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - MmGetSystemRoutineAddress
-  - DbgPrint
-  - KeWaitForSingleObject
-  - IofCallDriver
-  - KeGetCurrentThread
-  - KeInitializeEvent
-  - IoAllocateIrp
-  - ZwClose
-  - ObfDereferenceObject
-  - IoGetRelatedDeviceObject
-  - ObReferenceObjectByHandle
-  - IoFileObjectType
-  - memcpy
-  - ZwWriteFile
-  - ZwReadFile
-  - ZwWaitForSingleObject
-  - memset
-  - RtlCompareUnicodeString
-  - IoDeleteSymbolicLink
-  - _wcsnicmp
-  - _vsnwprintf
-  - IoCreateFile
-  - ZwQueryDirectoryFile
-  - IoFreeIrp
-  - KeSetEvent
-  - ZwOpenProcess
-  - ZwTerminateProcess
-  - _wcsicmp
-  - wcsrchr
-  - ZwDuplicateObject
-  - KeUnstackDetachProcess
-  - MmIsAddressValid
-  - PsGetProcessPeb
-  - KeStackAttachProcess
-  - PsLookupProcessByProcessId
-  - ZwQuerySystemInformation
-  - IoQueryFileDosDeviceName
-  - ZwQueryInformationFile
-  - KeTickCount
-  - KeBugCheckEx
-  - RtlUnwind
-  - IoDeleteDevice
-  - KeGetCurrentIrql
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: a7c2bc345d60cddf2cf4f5dd416a127b
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 25711a205330f105d8e1b00638fe7c65
-    SHA1: 3e18ce9b3a49b93de45088dc4b4b61ff6971e8eb
-    SHA256: 202a7a99049f60e8147e0c06f761af35f71afdd57862a6a6b388081172bbb8bb
-  SHA1: dcf6ee994e23893ac3b5e90a08003e026cc1fd8e
-  SHA256: 698353791261d5a9ca3245ae8f86334493df554690ec7962895c2affe4050db2
-  Sections:
-    .text:
-      Entropy: 6.317048717136059
-      Virtual Size: '0x39c0'
-    .rdata:
-      Entropy: 4.073332945379357
-      Virtual Size: '0x2ec'
-    .data:
-      Entropy: 2.4133339967645213
-      Virtual Size: '0x50'
-    INIT:
-      Entropy: 5.394756309196413
-      Virtual Size: '0x50c'
-    .reloc:
-      Entropy: 5.367759325264859
-      Virtual Size: '0x3b6'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=CN, ST=SiChuan, L=ChengDu, O=IObit Information Technology, OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, CN=IObit Information Technology
-      ValidFrom: '2009-12-08 00:00:00'
-      ValidTo: '2013-01-04 23:59:59'
-      Signature: 121505a16515db672b7a89c4490a50abc3acde2385c839538892a2927a188d02e43d4379e2781145750af1c075c111023d550c0a06285a62ea1d08cfd95cb4e48fb20550a8ec23b5ea180eb802c4c72cc54217787a3fad704c685e43364efb48020458bd61f57498dbb4dc4c9181f72debe1667592515c6217a82c54c96e16266bb4cb9af759ca32aceb7b196bfe951c810d30bf879417fd1de08b8fbca8b45c223bda4feaedd82e8d73c4fd485c71b7271f3e2f225fa2a2a4a4bdd325f1f1d392676122ec7106e4f8c5addc92d89b0b902df56447bd1be2750a1a21a71cc783a65777153a7d1b3ed2d899702a4b53aed227dfabf762cbaf007ab0aa4228ea61
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 2b8f44226c2d9e0edf5765b0d7a21b51
-      Version: 3
-      TBS:
-        MD5: dcd6726e69a9158dd03eb7deec112756
-        SHA1: 639f767702630ca2a0756c3b2d3c07914c75d8ce
-        SHA256: 9a3ca6cae4be1d87bc9836355b5348aa9736a99250653ff9279136c0be63b7c7
-        SHA384: 0ce3d053c4d09a47ad02a0d6381d3199cfe38dd465413403cb03ba89c6ca5830a530a1d90ab4f2a7d96f7619804b661d
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 2b8f44226c2d9e0edf5765b0d7a21b51
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  Imphash: 81c7c94c8652b882268a4770e95a5b03
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: fca73e05e6e7e72590d9b79ce05ac73e
-    SHA1: 6954d40b1e566c42a720ee5c8e32d73cdb7dc36f
-    SHA256: a298cc166fe3bac9e9e4cae967f8e3bb41b08a6a97117ca4f8e5c4f198dbcffa
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2011-06-27 23:49:19'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - MmGetSystemRoutineAddress
-  - ExfInterlockedPopEntryList
-  - KeWaitForSingleObject
-  - IofCallDriver
-  - KeGetCurrentThread
-  - KeInitializeEvent
-  - IoAllocateIrp
-  - ZwClose
-  - ObfDereferenceObject
-  - IoGetRelatedDeviceObject
-  - ObReferenceObjectByHandle
-  - IoFileObjectType
-  - memcpy
-  - ZwWriteFile
-  - ZwReadFile
-  - ZwWaitForSingleObject
-  - memset
-  - RtlCompareUnicodeString
-  - KeDelayExecutionThread
-  - DbgPrint
-  - _vsnwprintf
-  - IoCreateFile
-  - ZwQueryDirectoryFile
-  - IoFreeIrp
-  - KeSetEvent
-  - ZwOpenProcess
-  - ZwTerminateProcess
-  - _wcsicmp
-  - wcsrchr
-  - ZwDuplicateObject
-  - ExfInterlockedPushEntryList
-  - KeUnstackDetachProcess
-  - MmIsAddressValid
-  - PsGetProcessPeb
-  - KeStackAttachProcess
-  - PsLookupProcessByProcessId
-  - ZwQuerySystemInformation
-  - ZwQuerySymbolicLinkObject
-  - ZwOpenSymbolicLinkObject
-  - RtlInitUnicodeString
-  - ZwQueryInformationFile
-  - ObQueryNameString
-  - KeTickCount
-  - KeBugCheckEx
-  - RtlUnwind
-  - IofCompleteRequest
-  - IoDeleteSymbolicLink
-  - _wcsnicmp
-  - IoDeleteDevice
-  - KeGetCurrentIrql
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: 2491a4ddb3f7a6688669831969b47669
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 1e3feaa9c8f5818242e61732bda2b3f2
-    SHA1: 5fe2ed4fdc06aedbee2593404f4353ba09790c2b
-    SHA256: c3d3d60b87d8bac39d2996f6c599054442381256bfffdb303cec8aa1a0feedee
-  SHA1: 239e41b1a860c2b12225be48930312773726e7fc
-  SHA256: 831b62145c21557928a694e6261e830f1545b5756ad51dcbd28a15fde570f4e7
-  Sections:
-    .text:
-      Entropy: 6.320092681683187
-      Virtual Size: '0x3ddd'
-    .rdata:
-      Entropy: 4.301024031936047
-      Virtual Size: '0x28c'
-    .data:
-      Entropy: 1.5279258901075148
-      Virtual Size: '0x8c'
-    INIT:
-      Entropy: 5.426730341906403
-      Virtual Size: '0x5c2'
-    .reloc:
-      Entropy: 5.573657266134847
-      Virtual Size: '0x3e6'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=CN, ST=SiChuan, L=ChengDu, O=IObit Information Technology, OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, CN=IObit Information Technology
-      ValidFrom: '2009-12-08 00:00:00'
-      ValidTo: '2013-01-04 23:59:59'
-      Signature: 121505a16515db672b7a89c4490a50abc3acde2385c839538892a2927a188d02e43d4379e2781145750af1c075c111023d550c0a06285a62ea1d08cfd95cb4e48fb20550a8ec23b5ea180eb802c4c72cc54217787a3fad704c685e43364efb48020458bd61f57498dbb4dc4c9181f72debe1667592515c6217a82c54c96e16266bb4cb9af759ca32aceb7b196bfe951c810d30bf879417fd1de08b8fbca8b45c223bda4feaedd82e8d73c4fd485c71b7271f3e2f225fa2a2a4a4bdd325f1f1d392676122ec7106e4f8c5addc92d89b0b902df56447bd1be2750a1a21a71cc783a65777153a7d1b3ed2d899702a4b53aed227dfabf762cbaf007ab0aa4228ea61
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 2b8f44226c2d9e0edf5765b0d7a21b51
-      Version: 3
-      TBS:
-        MD5: dcd6726e69a9158dd03eb7deec112756
-        SHA1: 639f767702630ca2a0756c3b2d3c07914c75d8ce
-        SHA256: 9a3ca6cae4be1d87bc9836355b5348aa9736a99250653ff9279136c0be63b7c7
-        SHA384: 0ce3d053c4d09a47ad02a0d6381d3199cfe38dd465413403cb03ba89c6ca5830a530a1d90ab4f2a7d96f7619804b661d
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 2b8f44226c2d9e0edf5765b0d7a21b51
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  Imphash: c12936f479be6928286027facebe1c59
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: ac13d57700837c8613f9d94f175242d0
-    SHA1: 7fb190dfa6cc3e34937991c839353331998b532f
-    SHA256: 1fe70267698ba60012ca4c2c0f21325236bafc7b42fa977a09afa6a0c5ed3784
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2011-06-27 23:49:46'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - MmGetSystemRoutineAddress
-  - ExfInterlockedPopEntryList
-  - KeWaitForSingleObject
-  - IofCallDriver
-  - KeGetCurrentThread
-  - KeInitializeEvent
-  - IoAllocateIrp
-  - ZwClose
-  - ObfDereferenceObject
-  - IoGetRelatedDeviceObject
-  - ObReferenceObjectByHandle
-  - IoFileObjectType
-  - memcpy
-  - ZwWriteFile
-  - ZwReadFile
-  - ZwWaitForSingleObject
-  - memset
-  - RtlCompareUnicodeString
-  - KeDelayExecutionThread
-  - DbgPrint
-  - _vsnwprintf
-  - IoCreateFile
-  - ZwQueryDirectoryFile
-  - IoFreeIrp
-  - KeSetEvent
-  - ZwOpenProcess
-  - ZwTerminateProcess
-  - _wcsicmp
-  - wcsrchr
-  - ZwDuplicateObject
-  - ExfInterlockedPushEntryList
-  - KeUnstackDetachProcess
-  - MmIsAddressValid
-  - PsGetProcessPeb
-  - KeStackAttachProcess
-  - PsLookupProcessByProcessId
-  - ZwQuerySystemInformation
-  - ZwQuerySymbolicLinkObject
-  - ZwOpenSymbolicLinkObject
-  - RtlInitUnicodeString
-  - ZwQueryInformationFile
-  - ObQueryNameString
-  - KeTickCount
-  - KeBugCheckEx
-  - RtlUnwind
-  - IofCompleteRequest
-  - IoDeleteSymbolicLink
-  - _wcsnicmp
-  - IoDeleteDevice
-  - KeGetCurrentIrql
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: 724a9e06f0a846f2556f2e3edd251cc4
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: cd2bd2df115786d1be082c11816bb8bf
-    SHA1: 9bbc6747d36b2e9386835a13e6e77003ba04fc02
-    SHA256: 51b7f6c1d7f3582e201c9903196ee57fa3de962c4b1d451bc2dae4467bd6576a
-  SHA1: ac593c6f4d2ad88bfca455a3a189af6d3cdace32
-  SHA256: 11bc55c0771d692279298211c1d434c04168e7c7f7c4328bfd600215b88c819b
-  Sections:
-    .text:
-      Entropy: 6.320386750174537
-      Virtual Size: '0x3ddd'
-    .rdata:
-      Entropy: 4.2873446237083135
-      Virtual Size: '0x28c'
-    .data:
-      Entropy: 1.5279258901075148
-      Virtual Size: '0x8c'
-    INIT:
-      Entropy: 5.424229057057279
-      Virtual Size: '0x5c2'
-    .reloc:
-      Entropy: 5.573657266134847
-      Virtual Size: '0x3e6'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=CN, ST=SiChuan, L=ChengDu, O=IObit Information Technology, OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, CN=IObit Information Technology
-      ValidFrom: '2009-12-08 00:00:00'
-      ValidTo: '2013-01-04 23:59:59'
-      Signature: 121505a16515db672b7a89c4490a50abc3acde2385c839538892a2927a188d02e43d4379e2781145750af1c075c111023d550c0a06285a62ea1d08cfd95cb4e48fb20550a8ec23b5ea180eb802c4c72cc54217787a3fad704c685e43364efb48020458bd61f57498dbb4dc4c9181f72debe1667592515c6217a82c54c96e16266bb4cb9af759ca32aceb7b196bfe951c810d30bf879417fd1de08b8fbca8b45c223bda4feaedd82e8d73c4fd485c71b7271f3e2f225fa2a2a4a4bdd325f1f1d392676122ec7106e4f8c5addc92d89b0b902df56447bd1be2750a1a21a71cc783a65777153a7d1b3ed2d899702a4b53aed227dfabf762cbaf007ab0aa4228ea61
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 2b8f44226c2d9e0edf5765b0d7a21b51
-      Version: 3
-      TBS:
-        MD5: dcd6726e69a9158dd03eb7deec112756
-        SHA1: 639f767702630ca2a0756c3b2d3c07914c75d8ce
-        SHA256: 9a3ca6cae4be1d87bc9836355b5348aa9736a99250653ff9279136c0be63b7c7
-        SHA384: 0ce3d053c4d09a47ad02a0d6381d3199cfe38dd465413403cb03ba89c6ca5830a530a1d90ab4f2a7d96f7619804b661d
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 2b8f44226c2d9e0edf5765b0d7a21b51
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  Imphash: c12936f479be6928286027facebe1c59
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: d41b2c41b706e2cd26952b00c30d7f64
-    SHA1: 68ec1d226dc2314c5f2ecc949c662b1f4d504824
-    SHA256: 773dc9256c4eada182a5b41179a522740ba994eff30f868641bc91574705b8e3
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2011-06-27 23:49:22'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - ExAllocatePoolWithTag
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - IoDeleteDevice
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - DbgPrint
-  - _wcsnicmp
-  - ZwReadFile
-  - IoGetRelatedDeviceObject
-  - MmGetSystemRoutineAddress
-  - KeInitializeEvent
-  - ExInterlockedPopEntryList
-  - KeDelayExecutionThread
-  - IoFileObjectType
-  - ZwWaitForSingleObject
-  - ZwClose
-  - ObReferenceObjectByHandle
-  - KeWaitForSingleObject
-  - RtlCompareUnicodeString
-  - IoAllocateIrp
-  - ObfDereferenceObject
-  - ZwWriteFile
-  - IofCallDriver
-  - _wcsicmp
-  - PsGetProcessPeb
-  - PsLookupProcessByProcessId
-  - ZwQuerySymbolicLinkObject
-  - RtlInitUnicodeString
-  - KeSetEvent
-  - IoCreateFile
-  - ZwQuerySystemInformation
-  - ZwOpenSymbolicLinkObject
-  - KeUnstackDetachProcess
-  - ObQueryNameString
-  - wcsrchr
-  - ZwQueryDirectoryFile
-  - _vsnwprintf
-  - ZwDuplicateObject
-  - IoFreeIrp
-  - ZwOpenProcess
-  - MmIsAddressValid
-  - ZwTerminateProcess
-  - ZwQueryInformationFile
-  - ExInterlockedPushEntryList
-  - KeStackAttachProcess
-  - KeBugCheckEx
-  - __C_specific_handler
-  Imports:
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: 67f6d2a931f194396bda9b05690008d2
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: ad9b91dbaee6be999d6506faf9a50496
-    SHA1: 38ea8a4d751919b531f6169cab585b4e935d6711
-    SHA256: 8f3ff18b13421201854683eaf11f9a5a1497126ef99bddf602c4eee5b66d2a50
-  SHA1: c90d334d807a0dc7f15ecff38e8f0137a378504b
-  SHA256: a7416a7d9573f1d8873ec1b3109ec683e85412ba817e0001c3ab2d2c92043d4d
-  Sections:
-    .text:
-      Entropy: 6.20613778782764
-      Virtual Size: '0x5226'
-    .rdata:
-      Entropy: 4.766241993256806
-      Virtual Size: '0x59c'
-    .data:
-      Entropy: 0.7812641672999111
-      Virtual Size: '0x170'
-    .pdata:
-      Entropy: 4.261400850513
-      Virtual Size: '0x24c'
-    INIT:
-      Entropy: 5.206339371292222
-      Virtual Size: '0x64c'
-    .reloc:
-      Entropy: 1.2987909647818572
-      Virtual Size: '0x24'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=CN, ST=SiChuan, L=ChengDu, O=IObit Information Technology, OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, CN=IObit Information Technology
-      ValidFrom: '2009-12-08 00:00:00'
-      ValidTo: '2013-01-04 23:59:59'
-      Signature: 121505a16515db672b7a89c4490a50abc3acde2385c839538892a2927a188d02e43d4379e2781145750af1c075c111023d550c0a06285a62ea1d08cfd95cb4e48fb20550a8ec23b5ea180eb802c4c72cc54217787a3fad704c685e43364efb48020458bd61f57498dbb4dc4c9181f72debe1667592515c6217a82c54c96e16266bb4cb9af759ca32aceb7b196bfe951c810d30bf879417fd1de08b8fbca8b45c223bda4feaedd82e8d73c4fd485c71b7271f3e2f225fa2a2a4a4bdd325f1f1d392676122ec7106e4f8c5addc92d89b0b902df56447bd1be2750a1a21a71cc783a65777153a7d1b3ed2d899702a4b53aed227dfabf762cbaf007ab0aa4228ea61
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 2b8f44226c2d9e0edf5765b0d7a21b51
-      Version: 3
-      TBS:
-        MD5: dcd6726e69a9158dd03eb7deec112756
-        SHA1: 639f767702630ca2a0756c3b2d3c07914c75d8ce
-        SHA256: 9a3ca6cae4be1d87bc9836355b5348aa9736a99250653ff9279136c0be63b7c7
-        SHA384: 0ce3d053c4d09a47ad02a0d6381d3199cfe38dd465413403cb03ba89c6ca5830a530a1d90ab4f2a7d96f7619804b661d
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 2b8f44226c2d9e0edf5765b0d7a21b51
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  Imphash: 711b758670a45a9eda505018717c0966
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 89f98b999217b326cc86ac494de536c6
-    SHA1: 6093dcbb29df29d365286d8d86b80e1027cf7d0a
-    SHA256: e73bb03d54b40035558df2e990367a1c4e9c1ef8e980df6380a63f3bc23e6740
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2011-09-05 02:35:34'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - ExAllocatePoolWithTag
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - IoDeleteDevice
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - _wcsnicmp
-  - ZwReadFile
-  - IoGetRelatedDeviceObject
-  - MmGetSystemRoutineAddress
-  - KeInitializeEvent
-  - ExInterlockedPopEntryList
-  - KeDelayExecutionThread
-  - IoFileObjectType
-  - ZwWaitForSingleObject
-  - ZwClose
-  - ObReferenceObjectByHandle
-  - KeWaitForSingleObject
-  - RtlCompareUnicodeString
-  - IoAllocateIrp
-  - ObfDereferenceObject
-  - ZwWriteFile
-  - DbgPrint
-  - IofCallDriver
-  - _wcsicmp
-  - PsGetProcessPeb
-  - PsLookupProcessByProcessId
-  - ZwQuerySymbolicLinkObject
-  - RtlInitUnicodeString
-  - KeSetEvent
-  - IoCreateFile
-  - ZwQuerySystemInformation
-  - ZwOpenSymbolicLinkObject
-  - KeUnstackDetachProcess
-  - ObQueryNameString
-  - ZwCreateFile
-  - wcsrchr
-  - ZwQueryDirectoryFile
-  - _vsnwprintf
-  - ZwDuplicateObject
-  - IoFreeIrp
-  - ZwOpenProcess
-  - MmIsAddressValid
-  - ZwTerminateProcess
-  - ZwQueryInformationFile
-  - ExInterlockedPushEntryList
-  - KeStackAttachProcess
-  - KeBugCheckEx
-  - __C_specific_handler
-  - __chkstk
-  Imports:
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: b2ada4eb20649839a54db078fa6bb1bd
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: b7475c5a12b5a230bc38af8999024009
-    SHA1: f0641a90dd7fbceddca5a1d1ff4adcabcc8cc5ee
-    SHA256: ca2a5d85f9030bc3a6e3128b6a6dc5f52b7e43be10b83b57951c289b80bf16d3
-  SHA1: db649f5adb5e857b2167925f270df56e5f8e5612
-  SHA256: 0aff83f28d70f425539fee3d6a780210d0406264f8a4eb124e32b074e8ffd556
-  Sections:
-    .text:
-      Entropy: 6.170150629427797
-      Virtual Size: '0x5556'
-    .rdata:
-      Entropy: 4.712345522450135
-      Virtual Size: '0x5b4'
-    .data:
-      Entropy: 0.7812641672999111
-      Virtual Size: '0x170'
-    .pdata:
-      Entropy: 4.216695986753876
-      Virtual Size: '0x258'
-    INIT:
-      Entropy: 5.179242948978909
-      Virtual Size: '0x678'
-    .reloc:
-      Entropy: 1.2987909647818572
-      Virtual Size: '0x24'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=CN, ST=Sichuan, L=Chengdu, O=IObit Information Technology, OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, CN=IObit Information Technology
-      ValidFrom: '2013-01-15 00:00:00'
-      ValidTo: '2016-02-14 23:59:59'
-      Signature: a09ea7ad2e5d67136d3a8d90878294843292af15103d0bca0dfb6091aa98d35d2bbda19f7b67e8c60ec5650d5d9edfaa0f61e744c2f3f3df12d07a68429127e2a7c5e262ab6bac51cb4287cc131aac3e115f7b1a0c57bfd901f5aff0555c981017d7670952c661bb07d1349af20539651e5789c99682a314d8beba080acfd9baa442db7b5df21b250ce44649d6b942c7a76d2d45744d3c24b26cc6433790ee5b0d7b54d6151245e0284177afeae7196f59b13718be94ed54e9ba5c84a330f8f39f277ed2be7424dd45dfb9c758566e7aaf4fd7eb45f9c5b10073379de1dc5af34f78727dfc0473a0c7ff2ccab6dc9c0ddba5a602013010ee789dfcaac21d0fa9
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 11cadaf29da4c3cb113bf1877b120103
-      Version: 3
-      TBS:
-        MD5: 6767e14c32c32562d2ed0feeccf02a40
-        SHA1: 84fdcb3f59b6c50918daea4a7cc3b200d6d5c91e
-        SHA256: 264d50b6b2be1acd6642f3f5f7d938820937ecae24a93891c6b45366f3b8d152
-        SHA384: 3b54ba34d3580c8f058565de007864534c2b3ce448d24aea78a5c6ad5186f8664082944db974bcf608dc4b4b7c17aec9
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 11cadaf29da4c3cb113bf1877b120103
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: c89216a982b8a3b67a507c41afa93c04
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 0a3c811c84c0731bb691dd1c2f51d932
-    SHA1: 9cfe5fdbdd41c4d4e026a588fc8df412cc4620fc
-    SHA256: c025ec72d4b8297ee2e0fac7747f39d256aad26fbf0554e3729e3e381bc6ea86
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2011-06-27 23:49:37'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - MmGetSystemRoutineAddress
-  - ExfInterlockedPopEntryList
-  - KeWaitForSingleObject
-  - IofCallDriver
-  - KeGetCurrentThread
-  - KeInitializeEvent
-  - IoAllocateIrp
-  - ZwClose
-  - ObfDereferenceObject
-  - IoGetRelatedDeviceObject
-  - ObReferenceObjectByHandle
-  - IoFileObjectType
-  - memcpy
-  - ZwWriteFile
-  - ZwReadFile
-  - ZwWaitForSingleObject
-  - memset
-  - RtlCompareUnicodeString
-  - KeDelayExecutionThread
-  - _wcsnicmp
-  - ExAllocatePoolWithTag
-  - IoCreateFile
-  - ZwQueryDirectoryFile
-  - IoFreeIrp
-  - KeSetEvent
-  - ZwOpenProcess
-  - ZwTerminateProcess
-  - _wcsicmp
-  - wcsrchr
-  - ZwDuplicateObject
-  - ExfInterlockedPushEntryList
-  - KeUnstackDetachProcess
-  - MmIsAddressValid
-  - PsGetProcessPeb
-  - KeStackAttachProcess
-  - PsLookupProcessByProcessId
-  - ZwQuerySystemInformation
-  - ZwQuerySymbolicLinkObject
-  - ZwOpenSymbolicLinkObject
-  - RtlInitUnicodeString
-  - ZwQueryInformationFile
-  - ObQueryNameString
-  - KeTickCount
-  - KeBugCheckEx
-  - ExFreePoolWithTag
-  - DbgPrint
-  - IofCompleteRequest
-  - IoDeleteSymbolicLink
-  - _vsnwprintf
-  - IoDeleteDevice
-  - KeGetCurrentIrql
-  - RtlUnwind
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  - NTOSKRNL.EXE
-  InternalName: ''
-  MD5: 2f6cf948117cbd383315ebf070d27aa4
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 5b4d8c2b8c149dbd5d949b7937d828d8
-    SHA1: 64d5063b776d4a59b8a8cbb7852d9afb61df93f5
-    SHA256: 2c1db2adc3c9d42ce0e0ded5b469406d8748cb851639f3826a5bc8120e7398ae
-  SHA1: 338679dfda8828c6aa98e0a5c9fa9e0a1fe9e9e8
-  SHA256: 29cf2d374d7afe009bbf60ba5f50db7016314de682cf3a6f90c0996810c821ef
-  Sections:
-    .text:
-      Entropy: 6.355989058358682
-      Virtual Size: '0x3d85'
-    .rdata:
-      Entropy: 4.2685062053422165
-      Virtual Size: '0x29c'
-    .data:
-      Entropy: 1.5672229185382367
-      Virtual Size: '0x8c'
-    INIT:
-      Entropy: 5.415106162348945
-      Virtual Size: '0x5e8'
-    .reloc:
-      Entropy: 5.590213587032387
-      Virtual Size: '0x3ca'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=CN, ST=SiChuan, L=ChengDu, O=IObit Information Technology, OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, CN=IObit Information Technology
-      ValidFrom: '2009-12-08 00:00:00'
-      ValidTo: '2013-01-04 23:59:59'
-      Signature: 121505a16515db672b7a89c4490a50abc3acde2385c839538892a2927a188d02e43d4379e2781145750af1c075c111023d550c0a06285a62ea1d08cfd95cb4e48fb20550a8ec23b5ea180eb802c4c72cc54217787a3fad704c685e43364efb48020458bd61f57498dbb4dc4c9181f72debe1667592515c6217a82c54c96e16266bb4cb9af759ca32aceb7b196bfe951c810d30bf879417fd1de08b8fbca8b45c223bda4feaedd82e8d73c4fd485c71b7271f3e2f225fa2a2a4a4bdd325f1f1d392676122ec7106e4f8c5addc92d89b0b902df56447bd1be2750a1a21a71cc783a65777153a7d1b3ed2d899702a4b53aed227dfabf762cbaf007ab0aa4228ea61
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 2b8f44226c2d9e0edf5765b0d7a21b51
-      Version: 3
-      TBS:
-        MD5: dcd6726e69a9158dd03eb7deec112756
-        SHA1: 639f767702630ca2a0756c3b2d3c07914c75d8ce
-        SHA256: 9a3ca6cae4be1d87bc9836355b5348aa9736a99250653ff9279136c0be63b7c7
-        SHA384: 0ce3d053c4d09a47ad02a0d6381d3199cfe38dd465413403cb03ba89c6ca5830a530a1d90ab4f2a7d96f7619804b661d
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 2b8f44226c2d9e0edf5765b0d7a21b51
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  Imphash: a9e02912a3b2915e7bd0d33d49adc21e
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 0c8ced073b358dbd77b932d76929685b
-    SHA1: f96942de94a05f1ee53f49ca4e806790c0aa780e
-    SHA256: 5f4b06327ffbec2a59725a57c357daf54ea2f58aef5dc7ff3f5370168af09fb0
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2011-06-27 23:49:43'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - ExAllocatePoolWithTag
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - IoDeleteDevice
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - DbgPrint
-  - _wcsnicmp
-  - ZwReadFile
-  - IoGetRelatedDeviceObject
-  - MmGetSystemRoutineAddress
-  - KeInitializeEvent
-  - ExInterlockedPopEntryList
-  - KeDelayExecutionThread
-  - IoFileObjectType
-  - ZwWaitForSingleObject
-  - ZwClose
-  - ObReferenceObjectByHandle
-  - KeWaitForSingleObject
-  - RtlCompareUnicodeString
-  - IoAllocateIrp
-  - ObfDereferenceObject
-  - ZwWriteFile
-  - IofCallDriver
-  - _wcsicmp
-  - PsGetProcessPeb
-  - PsLookupProcessByProcessId
-  - ZwQuerySymbolicLinkObject
-  - RtlInitUnicodeString
-  - KeSetEvent
-  - IoCreateFile
-  - ZwQuerySystemInformation
-  - ZwOpenSymbolicLinkObject
-  - KeUnstackDetachProcess
-  - ObQueryNameString
-  - wcsrchr
-  - ZwQueryDirectoryFile
-  - _vsnwprintf
-  - ZwDuplicateObject
-  - IoFreeIrp
-  - ZwOpenProcess
-  - MmIsAddressValid
-  - ZwTerminateProcess
-  - ZwQueryInformationFile
-  - ExInterlockedPushEntryList
-  - KeStackAttachProcess
-  - KeBugCheckEx
-  - __C_specific_handler
-  Imports:
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: e6ed15980616aa706bf85e6f256d2ebe
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: fb793a110cd04a70e63e24ded69cda69
-    SHA1: 295f35683dd5b0da34dbacd59ee8ce840aa013f0
-    SHA256: 9ff3c3e172cdf69134a6728f7031a6c1d17cdfe2548037099ba7ea2703b99cf7
-  SHA1: b589662db0d96993cd83e97b11e9238d3d70dc2d
-  SHA256: e41d4fd99252fcf9aea529b6e148b311aa26a4ab04f6b79cce4cd19c61db0c87
-  Sections:
-    .text:
-      Entropy: 6.217525540626368
-      Virtual Size: '0x51c6'
-    .rdata:
-      Entropy: 4.819949617753762
-      Virtual Size: '0x588'
-    .data:
-      Entropy: 0.7812641672999111
-      Virtual Size: '0x170'
-    .pdata:
-      Entropy: 4.229977191275536
-      Virtual Size: '0x234'
-    INIT:
-      Entropy: 5.159128460560333
-      Virtual Size: '0x64c'
-    .reloc:
-      Entropy: 1.2987909647818572
-      Virtual Size: '0x24'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=CN, ST=SiChuan, L=ChengDu, O=IObit Information Technology, OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, CN=IObit Information Technology
-      ValidFrom: '2009-12-08 00:00:00'
-      ValidTo: '2013-01-04 23:59:59'
-      Signature: 121505a16515db672b7a89c4490a50abc3acde2385c839538892a2927a188d02e43d4379e2781145750af1c075c111023d550c0a06285a62ea1d08cfd95cb4e48fb20550a8ec23b5ea180eb802c4c72cc54217787a3fad704c685e43364efb48020458bd61f57498dbb4dc4c9181f72debe1667592515c6217a82c54c96e16266bb4cb9af759ca32aceb7b196bfe951c810d30bf879417fd1de08b8fbca8b45c223bda4feaedd82e8d73c4fd485c71b7271f3e2f225fa2a2a4a4bdd325f1f1d392676122ec7106e4f8c5addc92d89b0b902df56447bd1be2750a1a21a71cc783a65777153a7d1b3ed2d899702a4b53aed227dfabf762cbaf007ab0aa4228ea61
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 2b8f44226c2d9e0edf5765b0d7a21b51
-      Version: 3
-      TBS:
-        MD5: dcd6726e69a9158dd03eb7deec112756
-        SHA1: 639f767702630ca2a0756c3b2d3c07914c75d8ce
-        SHA256: 9a3ca6cae4be1d87bc9836355b5348aa9736a99250653ff9279136c0be63b7c7
-        SHA384: 0ce3d053c4d09a47ad02a0d6381d3199cfe38dd465413403cb03ba89c6ca5830a530a1d90ab4f2a7d96f7619804b661d
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 2b8f44226c2d9e0edf5765b0d7a21b51
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  Imphash: 711b758670a45a9eda505018717c0966
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: d865b8b11ee0f2ddc9095e3249015abf
-    SHA1: 0aa57861ba15db6dc026c87f503fbe9635a29629
-    SHA256: 14e6f0d5f93dc52471af549de1c91c1fc1d9dbd175d5932c17e58e6b186694c9
-  Company: IObit
-  Copyright: "IObit Copyright \xA9 2005-2013"
-  CreationTimestamp: '2013-09-27 03:40:47'
-  Date: ''
-  Description: IObitUnlocker Driver
-  ExportedFunctions: ''
-  FileVersion: '1.2.0.0 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - IoCreateDevice
-  - MmGetSystemRoutineAddress
-  - ExfInterlockedPopEntryList
-  - DbgPrint
-  - KeWaitForSingleObject
-  - IofCallDriver
-  - KeGetCurrentThread
-  - KeInitializeEvent
-  - IoAllocateIrp
-  - ZwClose
-  - ObfDereferenceObject
-  - IoGetRelatedDeviceObject
-  - ObReferenceObjectByHandle
-  - IoFileObjectType
-  - memcpy
-  - ZwWriteFile
-  - ZwReadFile
-  - ZwWaitForSingleObject
-  - memset
-  - RtlCompareUnicodeString
-  - KeDelayExecutionThread
-  - _wcsnicmp
-  - IoCreateSymbolicLink
-  - IoCreateFile
-  - ZwQueryDirectoryFile
-  - IoFreeIrp
-  - KeSetEvent
-  - ZwOpenProcess
-  - ZwTerminateProcess
-  - _wcsicmp
-  - wcsrchr
-  - ZwDuplicateObject
-  - ExfInterlockedPushEntryList
-  - KeUnstackDetachProcess
-  - MmIsAddressValid
-  - PsGetProcessPeb
-  - KeStackAttachProcess
-  - PsLookupProcessByProcessId
-  - ZwQuerySystemInformation
-  - ZwQuerySymbolicLinkObject
-  - ZwOpenSymbolicLinkObject
-  - RtlInitUnicodeString
-  - ZwQueryInformationFile
-  - ObQueryNameString
-  - KeTickCount
-  - KeBugCheckEx
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IofCompleteRequest
-  - IoDeleteSymbolicLink
-  - _vsnwprintf
-  - IoDeleteDevice
-  - KeGetCurrentIrql
-  - RtlUnwind
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  - NTOSKRNL.EXE
-  InternalName: IObitUnlocker.sys
-  MD5: 9c14315e086882e89a01c9700c4b5530
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: IObitUnlocker.sys
-  PDBPath: ''
-  Product: IObitUnlocker
-  ProductVersion: 1.2.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 45e8197e8972ce1575cb59ba47bbca6b
-    SHA1: 1c05376b51b700befeedb5e91c2b046898e5e955
-    SHA256: 613e1f251c62380c70363a484341431d05279fd28749c36173025f0a7108e138
-  SHA1: 2446597bd4fd1f67657425310bec5db5614a8616
-  SHA256: 0209934453e9ce60b1a5e4b85412e6faf29127987505bfb1185fc9296c578b09
-  Sections:
-    .text:
-      Entropy: 6.352640579869565
-      Virtual Size: '0x3d9c'
-    .rdata:
-      Entropy: 4.184352632111533
-      Virtual Size: '0x29c'
-    .data:
-      Entropy: 1.5672229185382367
-      Virtual Size: '0x8c'
-    INIT:
-      Entropy: 5.4156598647971395
-      Virtual Size: '0x5e8'
-    .rsrc:
-      Entropy: 3.287732512533589
-      Virtual Size: '0x370'
-    .reloc:
-      Entropy: 5.526376244216933
-      Virtual Size: '0x3d6'
-  Signature: ''
-  Signatures: {}
-  Imphash: 51957e796400bc7de3cfa02db5a95bce
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: d08742729d8b2acaf972fcea6df3bf09
-    SHA1: d7fe09f414ea3a9f2b979c6d883079f0ed563a4b
-    SHA256: 89d96210bf36a88acb14086c96e916b790d21b7adf81d0907c823ca2afbe0ce3
-  Company: IObit
-  Copyright: "IObit Copyright \xA9 2005-2013"
-  CreationTimestamp: '2013-09-27 03:40:53'
-  Date: ''
-  Description: IObitUnlocker Driver
-  ExportedFunctions: ''
-  FileVersion: '1.2.0.0 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - ExAllocatePoolWithTag
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - IoDeleteDevice
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - _wcsnicmp
-  - ZwReadFile
-  - IoGetRelatedDeviceObject
-  - MmGetSystemRoutineAddress
-  - KeInitializeEvent
-  - ExInterlockedPopEntryList
-  - KeDelayExecutionThread
-  - IoFileObjectType
-  - ZwWaitForSingleObject
-  - ZwClose
-  - ObReferenceObjectByHandle
-  - KeWaitForSingleObject
-  - RtlCompareUnicodeString
-  - IoAllocateIrp
-  - ObfDereferenceObject
-  - ZwWriteFile
-  - DbgPrint
-  - IofCallDriver
-  - _wcsicmp
-  - PsGetProcessPeb
-  - PsLookupProcessByProcessId
-  - ZwQuerySymbolicLinkObject
-  - RtlInitUnicodeString
-  - KeSetEvent
-  - IoCreateFile
-  - ZwQuerySystemInformation
-  - ZwOpenSymbolicLinkObject
-  - KeUnstackDetachProcess
-  - ObQueryNameString
-  - wcsrchr
-  - ZwQueryDirectoryFile
-  - _vsnwprintf
-  - ZwDuplicateObject
-  - IoFreeIrp
-  - ZwOpenProcess
-  - MmIsAddressValid
-  - ZwTerminateProcess
-  - ZwQueryInformationFile
-  - ExInterlockedPushEntryList
-  - KeStackAttachProcess
-  - KeBugCheckEx
-  - __C_specific_handler
-  Imports:
-  - ntoskrnl.exe
-  InternalName: IObitUnlocker.sys
-  MD5: ad6ec006e29343c466f73bf47fe0caf3
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: IObitUnlocker.sys
-  PDBPath: ''
-  Product: IObitUnlocker
-  ProductVersion: 1.2.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 772fe1b9794caabb89ee0b78335e3f98
-    SHA1: 877c7c33339b6359e6c366e9c4744b779f24f542
-    SHA256: aed7ad05867110783a74d2c2d4c7a0d2c84075f8a3626e45df6e8f021ea3f592
-  SHA1: 7f4bef1dbc56974f36c25e37b344213d144ffcb4
-  SHA256: d8096325bfe81b093dd522095b6153d9c4850ba2eaa790e12e7056ef160d0432
-  Sections:
-    .text:
-      Entropy: 6.210028479836042
-      Virtual Size: '0x5186'
-    .rdata:
-      Entropy: 4.788425060525102
-      Virtual Size: '0x584'
-    .data:
-      Entropy: 0.7812641672999111
-      Virtual Size: '0x170'
-    .pdata:
-      Entropy: 4.165113468119247
-      Virtual Size: '0x234'
-    INIT:
-      Entropy: 5.162190008807952
-      Virtual Size: '0x64c'
-    .rsrc:
-      Entropy: 3.288590339240593
-      Virtual Size: '0x370'
-    .reloc:
-      Entropy: 1.2987909647818572
-      Virtual Size: '0x24'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=CN, ST=Sichuan, L=Chengdu, O=IObit Information Technology, OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, CN=IObit Information Technology
-      ValidFrom: '2013-01-15 00:00:00'
-      ValidTo: '2016-02-14 23:59:59'
-      Signature: a09ea7ad2e5d67136d3a8d90878294843292af15103d0bca0dfb6091aa98d35d2bbda19f7b67e8c60ec5650d5d9edfaa0f61e744c2f3f3df12d07a68429127e2a7c5e262ab6bac51cb4287cc131aac3e115f7b1a0c57bfd901f5aff0555c981017d7670952c661bb07d1349af20539651e5789c99682a314d8beba080acfd9baa442db7b5df21b250ce44649d6b942c7a76d2d45744d3c24b26cc6433790ee5b0d7b54d6151245e0284177afeae7196f59b13718be94ed54e9ba5c84a330f8f39f277ed2be7424dd45dfb9c758566e7aaf4fd7eb45f9c5b10073379de1dc5af34f78727dfc0473a0c7ff2ccab6dc9c0ddba5a602013010ee789dfcaac21d0fa9
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 11cadaf29da4c3cb113bf1877b120103
-      Version: 3
-      TBS:
-        MD5: 6767e14c32c32562d2ed0feeccf02a40
-        SHA1: 84fdcb3f59b6c50918daea4a7cc3b200d6d5c91e
-        SHA256: 264d50b6b2be1acd6642f3f5f7d938820937ecae24a93891c6b45366f3b8d152
-        SHA384: 3b54ba34d3580c8f058565de007864534c2b3ce448d24aea78a5c6ad5186f8664082944db974bcf608dc4b4b7c17aec9
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 11cadaf29da4c3cb113bf1877b120103
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 0627ee7f7d86e0c552a7bc8ee31a1b18
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 751c91ae91cb43aadaeaa1bb187c593a
-    SHA1: dd220acea885a954085e614b94da2b5bba5c0cc3
-    SHA256: e0aff24a54400fe9f86564b8ce9f874e7ff51e96085ff950baff05844cff2bd1
-  Company: IObit Information Technology
-  Copyright: "\xA9 IObit. All rights reserved."
-  CreationTimestamp: '2022-08-17 02:18:15'
-  Date: ''
-  Description: Unlocker Driver
-  ExportedFunctions: ''
-  FileVersion: 1.3.0.10
-  Filename: IObitUnlocker.sys
-  ImportedFunctions:
-  - ExAllocatePoolWithTag
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - IoDeleteDevice
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - _wcsnicmp
-  - ZwReadFile
-  - IoGetRelatedDeviceObject
-  - MmGetSystemRoutineAddress
-  - KeInitializeEvent
-  - ExInterlockedPopEntryList
-  - KeDelayExecutionThread
-  - IoFileObjectType
-  - ZwWaitForSingleObject
-  - ZwCreateFile
-  - ExAllocatePool
-  - IoGetCurrentProcess
-  - ZwClose
-  - ObReferenceObjectByHandle
-  - KeWaitForSingleObject
-  - RtlCompareUnicodeString
-  - IoAllocateIrp
-  - ObfDereferenceObject
-  - ZwQueryInformationFile
-  - ZwWriteFile
-  - ObOpenObjectByPointer
-  - DbgPrint
-  - IofCallDriver
-  - _wcsicmp
-  - PsGetProcessPeb
-  - PsLookupProcessByProcessId
-  - ZwQuerySymbolicLinkObject
-  - RtlInitUnicodeString
-  - KeSetEvent
-  - RtlAppendUnicodeToString
-  - IoCreateFile
-  - ZwQuerySystemInformation
-  - ZwOpenSymbolicLinkObject
-  - KeUnstackDetachProcess
-  - ObQueryNameString
-  - wcsrchr
-  - ZwQueryDirectoryFile
-  - _vsnwprintf
-  - RtlAppendUnicodeStringToString
-  - ZwDuplicateObject
-  - IoFreeIrp
-  - ZwOpenProcess
-  - PsGetCurrentProcessId
-  - MmIsAddressValid
-  - ZwTerminateProcess
-  - ExInterlockedPushEntryList
-  - KeStackAttachProcess
-  - KeBugCheckEx
-  - __C_specific_handler
-  Imports:
-  - ntoskrnl.exe
-  InternalName: IObitUnlocker.sys
-  MD5: 2391fb461b061d0e5fccb050d4af7941
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: IObitUnlocker.sys
-  Product: Unlocker
-  ProductVersion: 1.3.0.10
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 35ffa69ed506b3a5d24d6e9c10f88070
-    SHA1: a5d21268d58eebe7c8e0921d0079974d8541ffb7
-    SHA256: 7068185b0f6869fa20b8c64c2e6f2c3bedc161bc4118e602df47da640013cb62
-  SHA1: 7c6cad6a268230f6e08417d278dda4d66bb00d13
-  SHA256: f85cca4badff17d1aa90752153ccec77a68ad282b69e3985fdc4743eaea85004
-  Sections:
-    .text:
-      Entropy: 6.174805563267683
-      Virtual Size: '0x5976'
-    .rdata:
-      Entropy: 4.74536885813998
-      Virtual Size: '0x644'
-    .data:
-      Entropy: 0.8079955727472559
-      Virtual Size: '0x170'
-    .pdata:
-      Entropy: 4.257735635509842
-      Virtual Size: '0x27c'
-    INIT:
-      Entropy: 5.202412460125397
-      Virtual Size: '0x72a'
-    .rsrc:
-      Entropy: 3.2596097351980737
-      Virtual Size: '0x370'
-    .reloc:
-      Entropy: 1.2987909647818572
-      Virtual Size: '0x24'
-  Signature:
-  - IObit CO., LTD
-  - DigiCert EV Code Signing CA
-  - DigiCert
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: ??=CN, ??=Sichuan, ??=Wuhou District, Chengdu, ??=Private Organization,
-        serialNumber=91510107072412418F, C=CN, ST=Sichuan, L=Chengdu, O=IObit CO.,
-        LTD, CN=IObit CO., LTD
-      ValidFrom: '2019-08-27 00:00:00'
-      ValidTo: '2022-08-30 12:00:00'
-      Signature: 89d53256ccf4b2e50a8e05d88de9ed33f6adde16e143a6f7f042ec4ed9220c7c4195b543ad1ae9c5ae5421f192140d62b28449c83a0c31759765c127fed77c447072976f2d5e8d44e07dafbbc5a0cea9e8020081c3f8a22a1519e53d8c69ff3ffbd7e090e92593a738b8bd6d583b27e5e797672294147fd1b8492683b1b3f202c3e0c571f9fad02d95f8204e054fa722ac42bf21e54ec1891942ab339f004ab57cb01838539bf5196fc1579e0add7c42206ff5e10bb0934b4a801fab12ed748a6a858af5c9601296ce6ca9b14b46f731a0485f49f142ab65dacb0103daaee13b2269f2c2b2d2bb2b04abe93642ecc988fa536170194acc1c73d48a781d3d5f0e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0d98f5df96c592c5b76bfde1cb823096
-      Version: 3
-      TBS:
-        MD5: d0ba095f2bdb679cea084b4106479484
-        SHA1: 80aba0ecbd2b71c84bc73ac42963bc9ce247a020
-        SHA256: a93f8b7111c3e2288e164e42131e2ad52867060479ade1f6e6b3124cde822cfa
-        SHA384: 8293c567ba382434adab5899693e47e5d6e06c0b9f3c158bf17675d5a1476627db51d00dc9573bf4b89412617e651ba6
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA
-      ValidFrom: '2012-04-18 12:00:00'
-      ValidTo: '2027-04-18 12:00:00'
-      Signature: 9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0dd0e3374ac95bdbfa6b434b2a48ec06
-      Version: 3
-      TBS:
-        MD5: f92649915476229b093c211c2b18e6c4
-        SHA1: 2d54c16a8f8b69ccdea48d0603c132f547a5cf75
-        SHA256: 2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
-        SHA384: 511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace
-    Signer:
-    - SerialNumber: 0d98f5df96c592c5b76bfde1cb823096
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA
-      Version: 1
-  Imphash: b4627789883457d50964a248104cb4c2
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 979c3d1cb589639a129b4e4cec243e73
-    SHA1: 3a54be5a75468b20ef8e182a7af6e6f314a5d633
-    SHA256: afc1873543735d6299543d91d7c09ee1fa1588ff9f131ba4aedcd32b984c8ec1
-  Company: IObit
-  Copyright: "IObit Copyright \xA9 2005-2013"
-  CreationTimestamp: '2013-09-27 03:41:05'
-  Date: ''
-  Description: IObitUnlocker Driver
-  ExportedFunctions: ''
-  FileVersion: '1.2.0.0 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - ExAllocatePoolWithTag
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - IoDeleteDevice
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - _wcsnicmp
-  - ZwReadFile
-  - IoGetRelatedDeviceObject
-  - MmGetSystemRoutineAddress
-  - KeInitializeEvent
-  - ExInterlockedPopEntryList
-  - KeDelayExecutionThread
-  - IoFileObjectType
-  - ZwWaitForSingleObject
-  - ZwClose
-  - ObReferenceObjectByHandle
-  - KeWaitForSingleObject
-  - RtlCompareUnicodeString
-  - IoAllocateIrp
-  - ObfDereferenceObject
-  - ZwWriteFile
-  - DbgPrint
-  - IofCallDriver
-  - _wcsicmp
-  - PsGetProcessPeb
-  - PsLookupProcessByProcessId
-  - ZwQuerySymbolicLinkObject
-  - RtlInitUnicodeString
-  - KeSetEvent
-  - IoCreateFile
-  - ZwQuerySystemInformation
-  - ZwOpenSymbolicLinkObject
-  - KeUnstackDetachProcess
-  - ObQueryNameString
-  - wcsrchr
-  - ZwQueryDirectoryFile
-  - _vsnwprintf
-  - ZwDuplicateObject
-  - IoFreeIrp
-  - ZwOpenProcess
-  - MmIsAddressValid
-  - ZwTerminateProcess
-  - ZwQueryInformationFile
-  - ExInterlockedPushEntryList
-  - KeStackAttachProcess
-  - KeBugCheckEx
-  - __C_specific_handler
-  Imports:
-  - ntoskrnl.exe
-  InternalName: IObitUnlocker.sys
-  MD5: f58e9309d8251a3010ee022aa5a6e377
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: IObitUnlocker.sys
-  PDBPath: ''
-  Product: IObitUnlocker
-  ProductVersion: 1.2.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: fff3d2887cf0d6b4e4c9e7d3140d1f80
-    SHA1: 885e1b2eba8bd38ea2838313f851ce33455454e4
-    SHA256: 51b62dce85767011acfae48ba8fb023efcf56ff687cc3207762652b9bea36013
-  SHA1: 40cfe5793a25722aaf47388f8059af53e77a4b22
-  SHA256: b6ae324b84a4632cf690dd565954d64b205104fc3fa42181612c3f5b830579c6
-  Sections:
-    .text:
-      Entropy: 6.202075133120773
-      Virtual Size: '0x5186'
-    .rdata:
-      Entropy: 4.769811652238958
-      Virtual Size: '0x594'
-    .data:
-      Entropy: 0.7812641672999111
-      Virtual Size: '0x170'
-    .pdata:
-      Entropy: 4.179297571785238
-      Virtual Size: '0x24c'
-    INIT:
-      Entropy: 5.2106778004138254
-      Virtual Size: '0x64c'
-    .rsrc:
-      Entropy: 3.288590339240593
-      Virtual Size: '0x370'
-    .reloc:
-      Entropy: 1.2987909647818572
-      Virtual Size: '0x24'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=CN, ST=Sichuan, L=Chengdu, O=IObit Information Technology, OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, CN=IObit Information Technology
-      ValidFrom: '2013-01-15 00:00:00'
-      ValidTo: '2016-02-14 23:59:59'
-      Signature: a09ea7ad2e5d67136d3a8d90878294843292af15103d0bca0dfb6091aa98d35d2bbda19f7b67e8c60ec5650d5d9edfaa0f61e744c2f3f3df12d07a68429127e2a7c5e262ab6bac51cb4287cc131aac3e115f7b1a0c57bfd901f5aff0555c981017d7670952c661bb07d1349af20539651e5789c99682a314d8beba080acfd9baa442db7b5df21b250ce44649d6b942c7a76d2d45744d3c24b26cc6433790ee5b0d7b54d6151245e0284177afeae7196f59b13718be94ed54e9ba5c84a330f8f39f277ed2be7424dd45dfb9c758566e7aaf4fd7eb45f9c5b10073379de1dc5af34f78727dfc0473a0c7ff2ccab6dc9c0ddba5a602013010ee789dfcaac21d0fa9
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 11cadaf29da4c3cb113bf1877b120103
-      Version: 3
-      TBS:
-        MD5: 6767e14c32c32562d2ed0feeccf02a40
-        SHA1: 84fdcb3f59b6c50918daea4a7cc3b200d6d5c91e
-        SHA256: 264d50b6b2be1acd6642f3f5f7d938820937ecae24a93891c6b45366f3b8d152
-        SHA384: 3b54ba34d3580c8f058565de007864534c2b3ce448d24aea78a5c6ad5186f8664082944db974bcf608dc4b4b7c17aec9
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 11cadaf29da4c3cb113bf1877b120103
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 0627ee7f7d86e0c552a7bc8ee31a1b18
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 979c3d1cb589639a129b4e4cec243e73
-    SHA1: 3a54be5a75468b20ef8e182a7af6e6f314a5d633
-    SHA256: afc1873543735d6299543d91d7c09ee1fa1588ff9f131ba4aedcd32b984c8ec1
-  Company: IObit
-  Copyright: "IObit Copyright \xA9 2005-2013"
-  CreationTimestamp: '2013-09-27 03:41:05'
-  Date: ''
-  Description: IObitUnlocker Driver
-  ExportedFunctions: ''
-  FileVersion: '1.2.0.0 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - ExAllocatePoolWithTag
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - IoDeleteDevice
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - _wcsnicmp
-  - ZwReadFile
-  - IoGetRelatedDeviceObject
-  - MmGetSystemRoutineAddress
-  - KeInitializeEvent
-  - ExInterlockedPopEntryList
-  - KeDelayExecutionThread
-  - IoFileObjectType
-  - ZwWaitForSingleObject
-  - ZwClose
-  - ObReferenceObjectByHandle
-  - KeWaitForSingleObject
-  - RtlCompareUnicodeString
-  - IoAllocateIrp
-  - ObfDereferenceObject
-  - ZwWriteFile
-  - DbgPrint
-  - IofCallDriver
-  - _wcsicmp
-  - PsGetProcessPeb
-  - PsLookupProcessByProcessId
-  - ZwQuerySymbolicLinkObject
-  - RtlInitUnicodeString
-  - KeSetEvent
-  - IoCreateFile
-  - ZwQuerySystemInformation
-  - ZwOpenSymbolicLinkObject
-  - KeUnstackDetachProcess
-  - ObQueryNameString
-  - wcsrchr
-  - ZwQueryDirectoryFile
-  - _vsnwprintf
-  - ZwDuplicateObject
-  - IoFreeIrp
-  - ZwOpenProcess
-  - MmIsAddressValid
-  - ZwTerminateProcess
-  - ZwQueryInformationFile
-  - ExInterlockedPushEntryList
-  - KeStackAttachProcess
-  - KeBugCheckEx
-  - __C_specific_handler
-  Imports:
-  - ntoskrnl.exe
-  InternalName: IObitUnlocker.sys
-  MD5: 3a3d54e49cae4b51f5231d3ae6724fcd
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: IObitUnlocker.sys
-  PDBPath: ''
-  Product: IObitUnlocker
-  ProductVersion: 1.2.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: fff3d2887cf0d6b4e4c9e7d3140d1f80
-    SHA1: 885e1b2eba8bd38ea2838313f851ce33455454e4
-    SHA256: 51b62dce85767011acfae48ba8fb023efcf56ff687cc3207762652b9bea36013
-  SHA1: 8d404be8d892e5a073eca1d872a5023014dd0b73
-  SHA256: d3e95b8d8cbb0c4c3bb78d929408b37fd3b8f305b6234f7f03954465d52454eb
-  Sections:
-    .text:
-      Entropy: 6.202075133120773
-      Virtual Size: '0x5186'
-    .rdata:
-      Entropy: 4.769811652238958
-      Virtual Size: '0x594'
-    .data:
-      Entropy: 0.7812641672999111
-      Virtual Size: '0x170'
-    .pdata:
-      Entropy: 4.179297571785238
-      Virtual Size: '0x24c'
-    INIT:
-      Entropy: 5.2106778004138254
-      Virtual Size: '0x64c'
-    .rsrc:
-      Entropy: 3.288590339240593
-      Virtual Size: '0x370'
-    .reloc:
-      Entropy: 1.2987909647818572
-      Virtual Size: '0x24'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=CN, ST=Sichuan, L=Chengdu, O=IObit Information Technology, OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, CN=IObit Information Technology
-      ValidFrom: '2013-01-15 00:00:00'
-      ValidTo: '2016-02-14 23:59:59'
-      Signature: a09ea7ad2e5d67136d3a8d90878294843292af15103d0bca0dfb6091aa98d35d2bbda19f7b67e8c60ec5650d5d9edfaa0f61e744c2f3f3df12d07a68429127e2a7c5e262ab6bac51cb4287cc131aac3e115f7b1a0c57bfd901f5aff0555c981017d7670952c661bb07d1349af20539651e5789c99682a314d8beba080acfd9baa442db7b5df21b250ce44649d6b942c7a76d2d45744d3c24b26cc6433790ee5b0d7b54d6151245e0284177afeae7196f59b13718be94ed54e9ba5c84a330f8f39f277ed2be7424dd45dfb9c758566e7aaf4fd7eb45f9c5b10073379de1dc5af34f78727dfc0473a0c7ff2ccab6dc9c0ddba5a602013010ee789dfcaac21d0fa9
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 11cadaf29da4c3cb113bf1877b120103
-      Version: 3
-      TBS:
-        MD5: 6767e14c32c32562d2ed0feeccf02a40
-        SHA1: 84fdcb3f59b6c50918daea4a7cc3b200d6d5c91e
-        SHA256: 264d50b6b2be1acd6642f3f5f7d938820937ecae24a93891c6b45366f3b8d152
-        SHA384: 3b54ba34d3580c8f058565de007864534c2b3ce448d24aea78a5c6ad5186f8664082944db974bcf608dc4b4b7c17aec9
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 11cadaf29da4c3cb113bf1877b120103
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 0627ee7f7d86e0c552a7bc8ee31a1b18
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 979c3d1cb589639a129b4e4cec243e73
-    SHA1: 3a54be5a75468b20ef8e182a7af6e6f314a5d633
-    SHA256: afc1873543735d6299543d91d7c09ee1fa1588ff9f131ba4aedcd32b984c8ec1
-  Company: IObit
-  Copyright: "IObit Copyright \xA9 2005-2013"
-  CreationTimestamp: '2013-09-27 03:41:05'
-  Date: ''
-  Description: IObitUnlocker Driver
-  ExportedFunctions: ''
-  FileVersion: '1.2.0.0 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - ExAllocatePoolWithTag
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - IoDeleteDevice
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - _wcsnicmp
-  - ZwReadFile
-  - IoGetRelatedDeviceObject
-  - MmGetSystemRoutineAddress
-  - KeInitializeEvent
-  - ExInterlockedPopEntryList
-  - KeDelayExecutionThread
-  - IoFileObjectType
-  - ZwWaitForSingleObject
-  - ZwClose
-  - ObReferenceObjectByHandle
-  - KeWaitForSingleObject
-  - RtlCompareUnicodeString
-  - IoAllocateIrp
-  - ObfDereferenceObject
-  - ZwWriteFile
-  - DbgPrint
-  - IofCallDriver
-  - _wcsicmp
-  - PsGetProcessPeb
-  - PsLookupProcessByProcessId
-  - ZwQuerySymbolicLinkObject
-  - RtlInitUnicodeString
-  - KeSetEvent
-  - IoCreateFile
-  - ZwQuerySystemInformation
-  - ZwOpenSymbolicLinkObject
-  - KeUnstackDetachProcess
-  - ObQueryNameString
-  - wcsrchr
-  - ZwQueryDirectoryFile
-  - _vsnwprintf
-  - ZwDuplicateObject
-  - IoFreeIrp
-  - ZwOpenProcess
-  - MmIsAddressValid
-  - ZwTerminateProcess
-  - ZwQueryInformationFile
-  - ExInterlockedPushEntryList
-  - KeStackAttachProcess
-  - KeBugCheckEx
-  - __C_specific_handler
-  Imports:
-  - ntoskrnl.exe
-  InternalName: IObitUnlocker.sys
-  MD5: 57fdf2cc39a2865dd67dcf762d2c0b7f
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: IObitUnlocker.sys
-  PDBPath: ''
-  Product: IObitUnlocker
-  ProductVersion: 1.2.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: fff3d2887cf0d6b4e4c9e7d3140d1f80
-    SHA1: 885e1b2eba8bd38ea2838313f851ce33455454e4
-    SHA256: 51b62dce85767011acfae48ba8fb023efcf56ff687cc3207762652b9bea36013
-  SHA1: 8628a983d81e5df59187d3272b509a5a8e12137a
-  SHA256: 5ea5f339b2e40dea57378626790ca7e9a82777aacdada5bc61ebb7d82043fa07
-  Sections:
-    .text:
-      Entropy: 6.202075133120773
-      Virtual Size: '0x5186'
-    .rdata:
-      Entropy: 4.769811652238958
-      Virtual Size: '0x594'
-    .data:
-      Entropy: 0.7812641672999111
-      Virtual Size: '0x170'
-    .pdata:
-      Entropy: 4.179297571785238
-      Virtual Size: '0x24c'
-    INIT:
-      Entropy: 5.2106778004138254
-      Virtual Size: '0x64c'
-    .rsrc:
-      Entropy: 3.288590339240593
-      Virtual Size: '0x370'
-    .reloc:
-      Entropy: 1.2987909647818572
-      Virtual Size: '0x24'
-  Signature: ''
-  Signatures: {}
-  Imphash: 0627ee7f7d86e0c552a7bc8ee31a1b18
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 910e58c2580f8eb3efacae948c39e947
-    SHA1: f96bc840dde4d24fcd3f2f4712fdb8143aeedf99
-    SHA256: 198a4dc1c4bd7eff31ff4d1952a592170b25bfb5fedcd9d5d4c4fd3707337e42
-  Company: IObit
-  Copyright: "IObit Copyright \xA9 2005-2013"
-  CreationTimestamp: '2013-09-27 03:40:56'
-  Date: ''
-  Description: IObitUnlocker Driver
-  ExportedFunctions: ''
-  FileVersion: '1.2.0.0 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - ExAllocatePoolWithTag
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - MmGetSystemRoutineAddress
-  - ExfInterlockedPopEntryList
-  - DbgPrint
-  - KeWaitForSingleObject
-  - IofCallDriver
-  - KeGetCurrentThread
-  - KeInitializeEvent
-  - IoAllocateIrp
-  - ZwClose
-  - ObfDereferenceObject
-  - IoGetRelatedDeviceObject
-  - ObReferenceObjectByHandle
-  - IoFileObjectType
-  - memcpy
-  - ZwWriteFile
-  - ZwReadFile
-  - ZwWaitForSingleObject
-  - memset
-  - RtlCompareUnicodeString
-  - KeDelayExecutionThread
-  - _wcsnicmp
-  - ExFreePoolWithTag
-  - IoCreateFile
-  - ZwQueryDirectoryFile
-  - IoFreeIrp
-  - KeSetEvent
-  - ZwOpenProcess
-  - ZwTerminateProcess
-  - _wcsicmp
-  - wcsrchr
-  - ZwDuplicateObject
-  - ExfInterlockedPushEntryList
-  - KeUnstackDetachProcess
-  - MmIsAddressValid
-  - PsGetProcessPeb
-  - KeStackAttachProcess
-  - PsLookupProcessByProcessId
-  - ZwQuerySystemInformation
-  - ZwQuerySymbolicLinkObject
-  - ZwOpenSymbolicLinkObject
-  - RtlInitUnicodeString
-  - ZwQueryInformationFile
-  - ObQueryNameString
-  - KeTickCount
-  - KeBugCheckEx
-  - RtlUnwind
-  - IofCompleteRequest
-  - IoDeleteSymbolicLink
-  - _vsnwprintf
-  - IoDeleteDevice
-  - KeGetCurrentIrql
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: IObitUnlocker.sys
-  MD5: 98eaed36ba245047410a19c191cd1a69
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: IObitUnlocker.sys
-  PDBPath: ''
-  Product: IObitUnlocker
-  ProductVersion: 1.2.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 5ed41271591cfd1188e26860c867cd71
-    SHA1: 5659e97f0a3d6b4b5cc6db7922ce3b1a5d2a2d62
-    SHA256: 96f9617c2e249fd97c13b33fc62066abc19a3dfc63913f8b7f680423c7d80e63
-  SHA1: e1aa2dcd6702f26c14805bb117acfb4a99b9d673
-  SHA256: 969f73a1da331e43777a3c1f08ec0734e7cf8c8136e5d469cbad8035fbfe3b47
-  Sections:
-    .text:
-      Entropy: 6.315433318536223
-      Virtual Size: '0x3d80'
-    .rdata:
-      Entropy: 4.189271224540514
-      Virtual Size: '0x28c'
-    .data:
-      Entropy: 1.5279258901075148
-      Virtual Size: '0x8c'
-    INIT:
-      Entropy: 5.418516536382236
-      Virtual Size: '0x5c2'
-    .rsrc:
-      Entropy: 3.287732512533589
-      Virtual Size: '0x370'
-    .reloc:
-      Entropy: 5.472046791762154
-      Virtual Size: '0x3f6'
-  Signature: ''
-  Signatures: {}
-  Imphash: df732a700824119a3aa46e52712d50e1
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 910e58c2580f8eb3efacae948c39e947
-    SHA1: f96bc840dde4d24fcd3f2f4712fdb8143aeedf99
-    SHA256: 198a4dc1c4bd7eff31ff4d1952a592170b25bfb5fedcd9d5d4c4fd3707337e42
-  Company: IObit
-  Copyright: "IObit Copyright \xA9 2005-2013"
-  CreationTimestamp: '2013-09-27 03:40:56'
-  Date: ''
-  Description: IObitUnlocker Driver
-  ExportedFunctions: ''
-  FileVersion: '1.2.0.0 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - ExAllocatePoolWithTag
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - MmGetSystemRoutineAddress
-  - ExfInterlockedPopEntryList
-  - DbgPrint
-  - KeWaitForSingleObject
-  - IofCallDriver
-  - KeGetCurrentThread
-  - KeInitializeEvent
-  - IoAllocateIrp
-  - ZwClose
-  - ObfDereferenceObject
-  - IoGetRelatedDeviceObject
-  - ObReferenceObjectByHandle
-  - IoFileObjectType
-  - memcpy
-  - ZwWriteFile
-  - ZwReadFile
-  - ZwWaitForSingleObject
-  - memset
-  - RtlCompareUnicodeString
-  - KeDelayExecutionThread
-  - _wcsnicmp
-  - ExFreePoolWithTag
-  - IoCreateFile
-  - ZwQueryDirectoryFile
-  - IoFreeIrp
-  - KeSetEvent
-  - ZwOpenProcess
-  - ZwTerminateProcess
-  - _wcsicmp
-  - wcsrchr
-  - ZwDuplicateObject
-  - ExfInterlockedPushEntryList
-  - KeUnstackDetachProcess
-  - MmIsAddressValid
-  - PsGetProcessPeb
-  - KeStackAttachProcess
-  - PsLookupProcessByProcessId
-  - ZwQuerySystemInformation
-  - ZwQuerySymbolicLinkObject
-  - ZwOpenSymbolicLinkObject
-  - RtlInitUnicodeString
-  - ZwQueryInformationFile
-  - ObQueryNameString
-  - KeTickCount
-  - KeBugCheckEx
-  - RtlUnwind
-  - IofCompleteRequest
-  - IoDeleteSymbolicLink
-  - _vsnwprintf
-  - IoDeleteDevice
-  - KeGetCurrentIrql
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: IObitUnlocker.sys
-  MD5: 3a41edc1dda049a1b8aa411f728831e0
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: IObitUnlocker.sys
-  PDBPath: ''
-  Product: IObitUnlocker
-  ProductVersion: 1.2.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 5ed41271591cfd1188e26860c867cd71
-    SHA1: 5659e97f0a3d6b4b5cc6db7922ce3b1a5d2a2d62
-    SHA256: 96f9617c2e249fd97c13b33fc62066abc19a3dfc63913f8b7f680423c7d80e63
-  SHA1: abc5bbd11f26232bab2a68ecbff3cbb05f59701b
-  SHA256: 507724d96a54f3e45c16a065bf38ae82a9b80d07096a461068a701cae0c1cf29
-  Sections:
-    .text:
-      Entropy: 6.315433318536223
-      Virtual Size: '0x3d80'
-    .rdata:
-      Entropy: 4.189271224540514
-      Virtual Size: '0x28c'
-    .data:
-      Entropy: 1.5279258901075148
-      Virtual Size: '0x8c'
-    INIT:
-      Entropy: 5.418516536382236
-      Virtual Size: '0x5c2'
-    .rsrc:
-      Entropy: 3.287732512533589
-      Virtual Size: '0x370'
-    .reloc:
-      Entropy: 5.472046791762154
-      Virtual Size: '0x3f6'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=CN, ST=Sichuan, L=Chengdu, O=IObit Information Technology, OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, CN=IObit Information Technology
-      ValidFrom: '2013-01-15 00:00:00'
-      ValidTo: '2016-02-14 23:59:59'
-      Signature: a09ea7ad2e5d67136d3a8d90878294843292af15103d0bca0dfb6091aa98d35d2bbda19f7b67e8c60ec5650d5d9edfaa0f61e744c2f3f3df12d07a68429127e2a7c5e262ab6bac51cb4287cc131aac3e115f7b1a0c57bfd901f5aff0555c981017d7670952c661bb07d1349af20539651e5789c99682a314d8beba080acfd9baa442db7b5df21b250ce44649d6b942c7a76d2d45744d3c24b26cc6433790ee5b0d7b54d6151245e0284177afeae7196f59b13718be94ed54e9ba5c84a330f8f39f277ed2be7424dd45dfb9c758566e7aaf4fd7eb45f9c5b10073379de1dc5af34f78727dfc0473a0c7ff2ccab6dc9c0ddba5a602013010ee789dfcaac21d0fa9
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 11cadaf29da4c3cb113bf1877b120103
-      Version: 3
-      TBS:
-        MD5: 6767e14c32c32562d2ed0feeccf02a40
-        SHA1: 84fdcb3f59b6c50918daea4a7cc3b200d6d5c91e
-        SHA256: 264d50b6b2be1acd6642f3f5f7d938820937ecae24a93891c6b45366f3b8d152
-        SHA384: 3b54ba34d3580c8f058565de007864534c2b3ce448d24aea78a5c6ad5186f8664082944db974bcf608dc4b4b7c17aec9
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 11cadaf29da4c3cb113bf1877b120103
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: df732a700824119a3aa46e52712d50e1
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: d865b8b11ee0f2ddc9095e3249015abf
-    SHA1: 0aa57861ba15db6dc026c87f503fbe9635a29629
-    SHA256: 14e6f0d5f93dc52471af549de1c91c1fc1d9dbd175d5932c17e58e6b186694c9
-  Company: IObit
-  Copyright: "IObit Copyright \xA9 2005-2013"
-  CreationTimestamp: '2013-09-27 03:40:47'
-  Date: ''
-  Description: IObitUnlocker Driver
-  ExportedFunctions: ''
-  FileVersion: '1.2.0.0 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - IoCreateDevice
-  - MmGetSystemRoutineAddress
-  - ExfInterlockedPopEntryList
-  - DbgPrint
-  - KeWaitForSingleObject
-  - IofCallDriver
-  - KeGetCurrentThread
-  - KeInitializeEvent
-  - IoAllocateIrp
-  - ZwClose
-  - ObfDereferenceObject
-  - IoGetRelatedDeviceObject
-  - ObReferenceObjectByHandle
-  - IoFileObjectType
-  - memcpy
-  - ZwWriteFile
-  - ZwReadFile
-  - ZwWaitForSingleObject
-  - memset
-  - RtlCompareUnicodeString
-  - KeDelayExecutionThread
-  - _wcsnicmp
-  - IoCreateSymbolicLink
-  - IoCreateFile
-  - ZwQueryDirectoryFile
-  - IoFreeIrp
-  - KeSetEvent
-  - ZwOpenProcess
-  - ZwTerminateProcess
-  - _wcsicmp
-  - wcsrchr
-  - ZwDuplicateObject
-  - ExfInterlockedPushEntryList
-  - KeUnstackDetachProcess
-  - MmIsAddressValid
-  - PsGetProcessPeb
-  - KeStackAttachProcess
-  - PsLookupProcessByProcessId
-  - ZwQuerySystemInformation
-  - ZwQuerySymbolicLinkObject
-  - ZwOpenSymbolicLinkObject
-  - RtlInitUnicodeString
-  - ZwQueryInformationFile
-  - ObQueryNameString
-  - KeTickCount
-  - KeBugCheckEx
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IofCompleteRequest
-  - IoDeleteSymbolicLink
-  - _vsnwprintf
-  - IoDeleteDevice
-  - KeGetCurrentIrql
-  - RtlUnwind
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  - NTOSKRNL.EXE
-  InternalName: IObitUnlocker.sys
-  MD5: 848690ca707b4850c967e3217f285fcc
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: IObitUnlocker.sys
-  PDBPath: ''
-  Product: IObitUnlocker
-  ProductVersion: 1.2.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 45e8197e8972ce1575cb59ba47bbca6b
-    SHA1: 1c05376b51b700befeedb5e91c2b046898e5e955
-    SHA256: 613e1f251c62380c70363a484341431d05279fd28749c36173025f0a7108e138
-  SHA1: 9e8c4fea1f2bc9fce1e08a6e0a448e567b504f66
-  SHA256: b0dd55b4dc7e561dfe413b029673674e2a5381f5f4daede03ddf3484310a6e11
-  Sections:
-    .text:
-      Entropy: 6.352640579869565
-      Virtual Size: '0x3d9c'
-    .rdata:
-      Entropy: 4.184352632111533
-      Virtual Size: '0x29c'
-    .data:
-      Entropy: 1.5672229185382367
-      Virtual Size: '0x8c'
-    INIT:
-      Entropy: 5.4156598647971395
-      Virtual Size: '0x5e8'
-    .rsrc:
-      Entropy: 3.287732512533589
-      Virtual Size: '0x370'
-    .reloc:
-      Entropy: 5.526376244216933
-      Virtual Size: '0x3d6'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=CN, ST=Sichuan, L=Chengdu, O=IObit Information Technology, OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, CN=IObit Information Technology
-      ValidFrom: '2013-01-15 00:00:00'
-      ValidTo: '2016-02-14 23:59:59'
-      Signature: a09ea7ad2e5d67136d3a8d90878294843292af15103d0bca0dfb6091aa98d35d2bbda19f7b67e8c60ec5650d5d9edfaa0f61e744c2f3f3df12d07a68429127e2a7c5e262ab6bac51cb4287cc131aac3e115f7b1a0c57bfd901f5aff0555c981017d7670952c661bb07d1349af20539651e5789c99682a314d8beba080acfd9baa442db7b5df21b250ce44649d6b942c7a76d2d45744d3c24b26cc6433790ee5b0d7b54d6151245e0284177afeae7196f59b13718be94ed54e9ba5c84a330f8f39f277ed2be7424dd45dfb9c758566e7aaf4fd7eb45f9c5b10073379de1dc5af34f78727dfc0473a0c7ff2ccab6dc9c0ddba5a602013010ee789dfcaac21d0fa9
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 11cadaf29da4c3cb113bf1877b120103
-      Version: 3
-      TBS:
-        MD5: 6767e14c32c32562d2ed0feeccf02a40
-        SHA1: 84fdcb3f59b6c50918daea4a7cc3b200d6d5c91e
-        SHA256: 264d50b6b2be1acd6642f3f5f7d938820937ecae24a93891c6b45366f3b8d152
-        SHA384: 3b54ba34d3580c8f058565de007864534c2b3ce448d24aea78a5c6ad5186f8664082944db974bcf608dc4b4b7c17aec9
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 11cadaf29da4c3cb113bf1877b120103
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 51957e796400bc7de3cfa02db5a95bce
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 979c3d1cb589639a129b4e4cec243e73
-    SHA1: 3a54be5a75468b20ef8e182a7af6e6f314a5d633
-    SHA256: afc1873543735d6299543d91d7c09ee1fa1588ff9f131ba4aedcd32b984c8ec1
-  Company: IObit
-  Copyright: "IObit Copyright \xA9 2005-2013"
-  CreationTimestamp: '2013-09-27 03:41:05'
-  Date: ''
-  Description: IObitUnlocker Driver
-  ExportedFunctions: ''
-  FileVersion: '1.2.0.0 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - ExAllocatePoolWithTag
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - IoDeleteDevice
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - _wcsnicmp
-  - ZwReadFile
-  - IoGetRelatedDeviceObject
-  - MmGetSystemRoutineAddress
-  - KeInitializeEvent
-  - ExInterlockedPopEntryList
-  - KeDelayExecutionThread
-  - IoFileObjectType
-  - ZwWaitForSingleObject
-  - ZwClose
-  - ObReferenceObjectByHandle
-  - KeWaitForSingleObject
-  - RtlCompareUnicodeString
-  - IoAllocateIrp
-  - ObfDereferenceObject
-  - ZwWriteFile
-  - DbgPrint
-  - IofCallDriver
-  - _wcsicmp
-  - PsGetProcessPeb
-  - PsLookupProcessByProcessId
-  - ZwQuerySymbolicLinkObject
-  - RtlInitUnicodeString
-  - KeSetEvent
-  - IoCreateFile
-  - ZwQuerySystemInformation
-  - ZwOpenSymbolicLinkObject
-  - KeUnstackDetachProcess
-  - ObQueryNameString
-  - wcsrchr
-  - ZwQueryDirectoryFile
-  - _vsnwprintf
-  - ZwDuplicateObject
-  - IoFreeIrp
-  - ZwOpenProcess
-  - MmIsAddressValid
-  - ZwTerminateProcess
-  - ZwQueryInformationFile
-  - ExInterlockedPushEntryList
-  - KeStackAttachProcess
-  - KeBugCheckEx
-  - __C_specific_handler
-  Imports:
-  - ntoskrnl.exe
-  InternalName: IObitUnlocker.sys
-  MD5: a8dd685a6afb748c9f487a139c9c367b
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: IObitUnlocker.sys
-  PDBPath: ''
-  Product: IObitUnlocker
-  ProductVersion: 1.2.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: fff3d2887cf0d6b4e4c9e7d3140d1f80
-    SHA1: 885e1b2eba8bd38ea2838313f851ce33455454e4
-    SHA256: 51b62dce85767011acfae48ba8fb023efcf56ff687cc3207762652b9bea36013
-  SHA1: d032ad51c9d12e08709e7b31ea705585a52cbf23
-  SHA256: a92d2736c8cd99195a1ef4d0d9a3412bee481acf585944e3b5946b465361a3e7
-  Sections:
-    .text:
-      Entropy: 6.202075133120773
-      Virtual Size: '0x5186'
-    .rdata:
-      Entropy: 4.769811652238958
-      Virtual Size: '0x594'
-    .data:
-      Entropy: 0.7812641672999111
-      Virtual Size: '0x170'
-    .pdata:
-      Entropy: 4.179297571785238
-      Virtual Size: '0x24c'
-    INIT:
-      Entropy: 5.2106778004138254
-      Virtual Size: '0x64c'
-    .rsrc:
-      Entropy: 3.288590339240593
-      Virtual Size: '0x370'
-    .reloc:
-      Entropy: 1.2987909647818572
-      Virtual Size: '0x24'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=CN, ST=Sichuan, L=Chengdu, O=IObit Information Technology, OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, CN=IObit Information Technology
-      ValidFrom: '2013-01-15 00:00:00'
-      ValidTo: '2016-02-14 23:59:59'
-      Signature: a09ea7ad2e5d67136d3a8d90878294843292af15103d0bca0dfb6091aa98d35d2bbda19f7b67e8c60ec5650d5d9edfaa0f61e744c2f3f3df12d07a68429127e2a7c5e262ab6bac51cb4287cc131aac3e115f7b1a0c57bfd901f5aff0555c981017d7670952c661bb07d1349af20539651e5789c99682a314d8beba080acfd9baa442db7b5df21b250ce44649d6b942c7a76d2d45744d3c24b26cc6433790ee5b0d7b54d6151245e0284177afeae7196f59b13718be94ed54e9ba5c84a330f8f39f277ed2be7424dd45dfb9c758566e7aaf4fd7eb45f9c5b10073379de1dc5af34f78727dfc0473a0c7ff2ccab6dc9c0ddba5a602013010ee789dfcaac21d0fa9
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 11cadaf29da4c3cb113bf1877b120103
-      Version: 3
-      TBS:
-        MD5: 6767e14c32c32562d2ed0feeccf02a40
-        SHA1: 84fdcb3f59b6c50918daea4a7cc3b200d6d5c91e
-        SHA256: 264d50b6b2be1acd6642f3f5f7d938820937ecae24a93891c6b45366f3b8d152
-        SHA384: 3b54ba34d3580c8f058565de007864534c2b3ce448d24aea78a5c6ad5186f8664082944db974bcf608dc4b4b7c17aec9
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 11cadaf29da4c3cb113bf1877b120103
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 0627ee7f7d86e0c552a7bc8ee31a1b18
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: d865b8b11ee0f2ddc9095e3249015abf
-    SHA1: 0aa57861ba15db6dc026c87f503fbe9635a29629
-    SHA256: 14e6f0d5f93dc52471af549de1c91c1fc1d9dbd175d5932c17e58e6b186694c9
-  Company: IObit
-  Copyright: "IObit Copyright \xA9 2005-2013"
-  CreationTimestamp: '2013-09-27 03:40:47'
-  Date: ''
-  Description: IObitUnlocker Driver
-  ExportedFunctions: ''
-  FileVersion: '1.2.0.0 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - IoCreateDevice
-  - MmGetSystemRoutineAddress
-  - ExfInterlockedPopEntryList
-  - DbgPrint
-  - KeWaitForSingleObject
-  - IofCallDriver
-  - KeGetCurrentThread
-  - KeInitializeEvent
-  - IoAllocateIrp
-  - ZwClose
-  - ObfDereferenceObject
-  - IoGetRelatedDeviceObject
-  - ObReferenceObjectByHandle
-  - IoFileObjectType
-  - memcpy
-  - ZwWriteFile
-  - ZwReadFile
-  - ZwWaitForSingleObject
-  - memset
-  - RtlCompareUnicodeString
-  - KeDelayExecutionThread
-  - _wcsnicmp
-  - IoCreateSymbolicLink
-  - IoCreateFile
-  - ZwQueryDirectoryFile
-  - IoFreeIrp
-  - KeSetEvent
-  - ZwOpenProcess
-  - ZwTerminateProcess
-  - _wcsicmp
-  - wcsrchr
-  - ZwDuplicateObject
-  - ExfInterlockedPushEntryList
-  - KeUnstackDetachProcess
-  - MmIsAddressValid
-  - PsGetProcessPeb
-  - KeStackAttachProcess
-  - PsLookupProcessByProcessId
-  - ZwQuerySystemInformation
-  - ZwQuerySymbolicLinkObject
-  - ZwOpenSymbolicLinkObject
-  - RtlInitUnicodeString
-  - ZwQueryInformationFile
-  - ObQueryNameString
-  - KeTickCount
-  - KeBugCheckEx
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IofCompleteRequest
-  - IoDeleteSymbolicLink
-  - _vsnwprintf
-  - IoDeleteDevice
-  - KeGetCurrentIrql
-  - RtlUnwind
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  - NTOSKRNL.EXE
-  InternalName: IObitUnlocker.sys
-  MD5: 501945a3f0055033edc64be09717eef2
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: IObitUnlocker.sys
-  PDBPath: ''
-  Product: IObitUnlocker
-  ProductVersion: 1.2.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 45e8197e8972ce1575cb59ba47bbca6b
-    SHA1: 1c05376b51b700befeedb5e91c2b046898e5e955
-    SHA256: 613e1f251c62380c70363a484341431d05279fd28749c36173025f0a7108e138
-  SHA1: 373d015e5faa183edc164821f68f6bf172f8b364
-  SHA256: a38c26c0754f6c9389ea43dd0149db26b95742c1b37468fcf0d8ced66da1dcb9
-  Sections:
-    .text:
-      Entropy: 6.352640579869565
-      Virtual Size: '0x3d9c'
-    .rdata:
-      Entropy: 4.184352632111533
-      Virtual Size: '0x29c'
-    .data:
-      Entropy: 1.5672229185382367
-      Virtual Size: '0x8c'
-    INIT:
-      Entropy: 5.4156598647971395
-      Virtual Size: '0x5e8'
-    .rsrc:
-      Entropy: 3.287732512533589
-      Virtual Size: '0x370'
-    .reloc:
-      Entropy: 5.526376244216933
-      Virtual Size: '0x3d6'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=CN, ST=Sichuan, L=Chengdu, O=IObit Information Technology, OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, CN=IObit Information Technology
-      ValidFrom: '2013-01-15 00:00:00'
-      ValidTo: '2016-02-14 23:59:59'
-      Signature: a09ea7ad2e5d67136d3a8d90878294843292af15103d0bca0dfb6091aa98d35d2bbda19f7b67e8c60ec5650d5d9edfaa0f61e744c2f3f3df12d07a68429127e2a7c5e262ab6bac51cb4287cc131aac3e115f7b1a0c57bfd901f5aff0555c981017d7670952c661bb07d1349af20539651e5789c99682a314d8beba080acfd9baa442db7b5df21b250ce44649d6b942c7a76d2d45744d3c24b26cc6433790ee5b0d7b54d6151245e0284177afeae7196f59b13718be94ed54e9ba5c84a330f8f39f277ed2be7424dd45dfb9c758566e7aaf4fd7eb45f9c5b10073379de1dc5af34f78727dfc0473a0c7ff2ccab6dc9c0ddba5a602013010ee789dfcaac21d0fa9
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 11cadaf29da4c3cb113bf1877b120103
-      Version: 3
-      TBS:
-        MD5: 6767e14c32c32562d2ed0feeccf02a40
-        SHA1: 84fdcb3f59b6c50918daea4a7cc3b200d6d5c91e
-        SHA256: 264d50b6b2be1acd6642f3f5f7d938820937ecae24a93891c6b45366f3b8d152
-        SHA384: 3b54ba34d3580c8f058565de007864534c2b3ce448d24aea78a5c6ad5186f8664082944db974bcf608dc4b4b7c17aec9
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 11cadaf29da4c3cb113bf1877b120103
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 51957e796400bc7de3cfa02db5a95bce
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: d865b8b11ee0f2ddc9095e3249015abf
-    SHA1: 0aa57861ba15db6dc026c87f503fbe9635a29629
-    SHA256: 14e6f0d5f93dc52471af549de1c91c1fc1d9dbd175d5932c17e58e6b186694c9
-  Company: IObit
-  Copyright: "IObit Copyright \xA9 2005-2013"
-  CreationTimestamp: '2013-09-27 03:40:47'
-  Date: ''
-  Description: IObitUnlocker Driver
-  ExportedFunctions: ''
-  FileVersion: '1.2.0.0 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - IoCreateDevice
-  - MmGetSystemRoutineAddress
-  - ExfInterlockedPopEntryList
-  - DbgPrint
-  - KeWaitForSingleObject
-  - IofCallDriver
-  - KeGetCurrentThread
-  - KeInitializeEvent
-  - IoAllocateIrp
-  - ZwClose
-  - ObfDereferenceObject
-  - IoGetRelatedDeviceObject
-  - ObReferenceObjectByHandle
-  - IoFileObjectType
-  - memcpy
-  - ZwWriteFile
-  - ZwReadFile
-  - ZwWaitForSingleObject
-  - memset
-  - RtlCompareUnicodeString
-  - KeDelayExecutionThread
-  - _wcsnicmp
-  - IoCreateSymbolicLink
-  - IoCreateFile
-  - ZwQueryDirectoryFile
-  - IoFreeIrp
-  - KeSetEvent
-  - ZwOpenProcess
-  - ZwTerminateProcess
-  - _wcsicmp
-  - wcsrchr
-  - ZwDuplicateObject
-  - ExfInterlockedPushEntryList
-  - KeUnstackDetachProcess
-  - MmIsAddressValid
-  - PsGetProcessPeb
-  - KeStackAttachProcess
-  - PsLookupProcessByProcessId
-  - ZwQuerySystemInformation
-  - ZwQuerySymbolicLinkObject
-  - ZwOpenSymbolicLinkObject
-  - RtlInitUnicodeString
-  - ZwQueryInformationFile
-  - ObQueryNameString
-  - KeTickCount
-  - KeBugCheckEx
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IofCompleteRequest
-  - IoDeleteSymbolicLink
-  - _vsnwprintf
-  - IoDeleteDevice
-  - KeGetCurrentIrql
-  - RtlUnwind
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  - NTOSKRNL.EXE
-  InternalName: IObitUnlocker.sys
-  MD5: 5cc5fc8ce149dca1d05fb47c0aec9497
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: IObitUnlocker.sys
-  PDBPath: ''
-  Product: IObitUnlocker
-  ProductVersion: 1.2.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 45e8197e8972ce1575cb59ba47bbca6b
-    SHA1: 1c05376b51b700befeedb5e91c2b046898e5e955
-    SHA256: 613e1f251c62380c70363a484341431d05279fd28749c36173025f0a7108e138
-  SHA1: 14488a51c38e647c2347928f675a167acec8fbd6
-  SHA256: faa9aa7118ecf9bb6594281f6b582f1ced0cc62d5db09a2fbf9b7ce70c532285
-  Sections:
-    .text:
-      Entropy: 6.352640579869565
-      Virtual Size: '0x3d9c'
-    .rdata:
-      Entropy: 4.184352632111533
-      Virtual Size: '0x29c'
-    .data:
-      Entropy: 1.5672229185382367
-      Virtual Size: '0x8c'
-    INIT:
-      Entropy: 5.4156598647971395
-      Virtual Size: '0x5e8'
-    .rsrc:
-      Entropy: 3.287732512533589
-      Virtual Size: '0x370'
-    .reloc:
-      Entropy: 5.526376244216933
-      Virtual Size: '0x3d6'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=CN, ST=Sichuan, L=Chengdu, O=IObit Information Technology, OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, CN=IObit Information Technology
-      ValidFrom: '2013-01-15 00:00:00'
-      ValidTo: '2016-02-14 23:59:59'
-      Signature: a09ea7ad2e5d67136d3a8d90878294843292af15103d0bca0dfb6091aa98d35d2bbda19f7b67e8c60ec5650d5d9edfaa0f61e744c2f3f3df12d07a68429127e2a7c5e262ab6bac51cb4287cc131aac3e115f7b1a0c57bfd901f5aff0555c981017d7670952c661bb07d1349af20539651e5789c99682a314d8beba080acfd9baa442db7b5df21b250ce44649d6b942c7a76d2d45744d3c24b26cc6433790ee5b0d7b54d6151245e0284177afeae7196f59b13718be94ed54e9ba5c84a330f8f39f277ed2be7424dd45dfb9c758566e7aaf4fd7eb45f9c5b10073379de1dc5af34f78727dfc0473a0c7ff2ccab6dc9c0ddba5a602013010ee789dfcaac21d0fa9
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 11cadaf29da4c3cb113bf1877b120103
-      Version: 3
-      TBS:
-        MD5: 6767e14c32c32562d2ed0feeccf02a40
-        SHA1: 84fdcb3f59b6c50918daea4a7cc3b200d6d5c91e
-        SHA256: 264d50b6b2be1acd6642f3f5f7d938820937ecae24a93891c6b45366f3b8d152
-        SHA384: 3b54ba34d3580c8f058565de007864534c2b3ce448d24aea78a5c6ad5186f8664082944db974bcf608dc4b4b7c17aec9
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 11cadaf29da4c3cb113bf1877b120103
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 51957e796400bc7de3cfa02db5a95bce
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: d08742729d8b2acaf972fcea6df3bf09
-    SHA1: d7fe09f414ea3a9f2b979c6d883079f0ed563a4b
-    SHA256: 89d96210bf36a88acb14086c96e916b790d21b7adf81d0907c823ca2afbe0ce3
-  Company: IObit
-  Copyright: "IObit Copyright \xA9 2005-2013"
-  CreationTimestamp: '2013-09-27 03:40:53'
-  Date: ''
-  Description: IObitUnlocker Driver
-  ExportedFunctions: ''
-  FileVersion: '1.2.0.0 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - ExAllocatePoolWithTag
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - IoDeleteDevice
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - _wcsnicmp
-  - ZwReadFile
-  - IoGetRelatedDeviceObject
-  - MmGetSystemRoutineAddress
-  - KeInitializeEvent
-  - ExInterlockedPopEntryList
-  - KeDelayExecutionThread
-  - IoFileObjectType
-  - ZwWaitForSingleObject
-  - ZwClose
-  - ObReferenceObjectByHandle
-  - KeWaitForSingleObject
-  - RtlCompareUnicodeString
-  - IoAllocateIrp
-  - ObfDereferenceObject
-  - ZwWriteFile
-  - DbgPrint
-  - IofCallDriver
-  - _wcsicmp
-  - PsGetProcessPeb
-  - PsLookupProcessByProcessId
-  - ZwQuerySymbolicLinkObject
-  - RtlInitUnicodeString
-  - KeSetEvent
-  - IoCreateFile
-  - ZwQuerySystemInformation
-  - ZwOpenSymbolicLinkObject
-  - KeUnstackDetachProcess
-  - ObQueryNameString
-  - wcsrchr
-  - ZwQueryDirectoryFile
-  - _vsnwprintf
-  - ZwDuplicateObject
-  - IoFreeIrp
-  - ZwOpenProcess
-  - MmIsAddressValid
-  - ZwTerminateProcess
-  - ZwQueryInformationFile
-  - ExInterlockedPushEntryList
-  - KeStackAttachProcess
-  - KeBugCheckEx
-  - __C_specific_handler
-  Imports:
-  - ntoskrnl.exe
-  InternalName: IObitUnlocker.sys
-  MD5: 3b967b644881ccb5a95f06e903d8b218
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: IObitUnlocker.sys
-  PDBPath: ''
-  Product: IObitUnlocker
-  ProductVersion: 1.2.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 772fe1b9794caabb89ee0b78335e3f98
-    SHA1: 877c7c33339b6359e6c366e9c4744b779f24f542
-    SHA256: aed7ad05867110783a74d2c2d4c7a0d2c84075f8a3626e45df6e8f021ea3f592
-  SHA1: 3a97b4f93c69cbf25fa4c4696e44577524c3c9a0
-  SHA256: c2e1a3dd0dfb3477a3e855368b23d12b8818df8fa3bc3508abf069a0873d6bf8
-  Sections:
-    .text:
-      Entropy: 6.210028479836042
-      Virtual Size: '0x5186'
-    .rdata:
-      Entropy: 4.788425060525102
-      Virtual Size: '0x584'
-    .data:
-      Entropy: 0.7812641672999111
-      Virtual Size: '0x170'
-    .pdata:
-      Entropy: 4.165113468119247
-      Virtual Size: '0x234'
-    INIT:
-      Entropy: 5.162190008807952
-      Virtual Size: '0x64c'
-    .rsrc:
-      Entropy: 3.288590339240593
-      Virtual Size: '0x370'
-    .reloc:
-      Entropy: 1.2987909647818572
-      Virtual Size: '0x24'
-  Signature: ''
-  Signatures: {}
-  Imphash: 0627ee7f7d86e0c552a7bc8ee31a1b18
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 979c3d1cb589639a129b4e4cec243e73
-    SHA1: 3a54be5a75468b20ef8e182a7af6e6f314a5d633
-    SHA256: afc1873543735d6299543d91d7c09ee1fa1588ff9f131ba4aedcd32b984c8ec1
-  Company: IObit
-  Copyright: "IObit Copyright \xA9 2005-2013"
-  CreationTimestamp: '2013-09-27 03:41:05'
-  Date: ''
-  Description: IObitUnlocker Driver
-  ExportedFunctions: ''
-  FileVersion: '1.2.0.0 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - ExAllocatePoolWithTag
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - IoDeleteDevice
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - _wcsnicmp
-  - ZwReadFile
-  - IoGetRelatedDeviceObject
-  - MmGetSystemRoutineAddress
-  - KeInitializeEvent
-  - ExInterlockedPopEntryList
-  - KeDelayExecutionThread
-  - IoFileObjectType
-  - ZwWaitForSingleObject
-  - ZwClose
-  - ObReferenceObjectByHandle
-  - KeWaitForSingleObject
-  - RtlCompareUnicodeString
-  - IoAllocateIrp
-  - ObfDereferenceObject
-  - ZwWriteFile
-  - DbgPrint
-  - IofCallDriver
-  - _wcsicmp
-  - PsGetProcessPeb
-  - PsLookupProcessByProcessId
-  - ZwQuerySymbolicLinkObject
-  - RtlInitUnicodeString
-  - KeSetEvent
-  - IoCreateFile
-  - ZwQuerySystemInformation
-  - ZwOpenSymbolicLinkObject
-  - KeUnstackDetachProcess
-  - ObQueryNameString
-  - wcsrchr
-  - ZwQueryDirectoryFile
-  - _vsnwprintf
-  - ZwDuplicateObject
-  - IoFreeIrp
-  - ZwOpenProcess
-  - MmIsAddressValid
-  - ZwTerminateProcess
-  - ZwQueryInformationFile
-  - ExInterlockedPushEntryList
-  - KeStackAttachProcess
-  - KeBugCheckEx
-  - __C_specific_handler
-  Imports:
-  - ntoskrnl.exe
-  InternalName: IObitUnlocker.sys
-  MD5: d7b749051da5fb4604f4141f19c47660
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: IObitUnlocker.sys
-  PDBPath: ''
-  Product: IObitUnlocker
-  ProductVersion: 1.2.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: fff3d2887cf0d6b4e4c9e7d3140d1f80
-    SHA1: 885e1b2eba8bd38ea2838313f851ce33455454e4
-    SHA256: 51b62dce85767011acfae48ba8fb023efcf56ff687cc3207762652b9bea36013
-  SHA1: 288daefd1ce65fb01011dc8a64491111207d3965
-  SHA256: 2b33df9aff7cb99a782b252e8eb65ca49874a112986a1c49cd9971210597a8ae
-  Sections:
-    .text:
-      Entropy: 6.202075133120773
-      Virtual Size: '0x5186'
-    .rdata:
-      Entropy: 4.769811652238958
-      Virtual Size: '0x594'
-    .data:
-      Entropy: 0.7812641672999111
-      Virtual Size: '0x170'
-    .pdata:
-      Entropy: 4.179297571785238
-      Virtual Size: '0x24c'
-    INIT:
-      Entropy: 5.2106778004138254
-      Virtual Size: '0x64c'
-    .rsrc:
-      Entropy: 3.288590339240593
-      Virtual Size: '0x370'
-    .reloc:
-      Entropy: 1.2987909647818572
-      Virtual Size: '0x24'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=CN, ST=Sichuan, L=Chengdu, O=IObit Information Technology, OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, CN=IObit Information Technology
-      ValidFrom: '2013-01-15 00:00:00'
-      ValidTo: '2016-02-14 23:59:59'
-      Signature: a09ea7ad2e5d67136d3a8d90878294843292af15103d0bca0dfb6091aa98d35d2bbda19f7b67e8c60ec5650d5d9edfaa0f61e744c2f3f3df12d07a68429127e2a7c5e262ab6bac51cb4287cc131aac3e115f7b1a0c57bfd901f5aff0555c981017d7670952c661bb07d1349af20539651e5789c99682a314d8beba080acfd9baa442db7b5df21b250ce44649d6b942c7a76d2d45744d3c24b26cc6433790ee5b0d7b54d6151245e0284177afeae7196f59b13718be94ed54e9ba5c84a330f8f39f277ed2be7424dd45dfb9c758566e7aaf4fd7eb45f9c5b10073379de1dc5af34f78727dfc0473a0c7ff2ccab6dc9c0ddba5a602013010ee789dfcaac21d0fa9
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 11cadaf29da4c3cb113bf1877b120103
-      Version: 3
-      TBS:
-        MD5: 6767e14c32c32562d2ed0feeccf02a40
-        SHA1: 84fdcb3f59b6c50918daea4a7cc3b200d6d5c91e
-        SHA256: 264d50b6b2be1acd6642f3f5f7d938820937ecae24a93891c6b45366f3b8d152
-        SHA384: 3b54ba34d3580c8f058565de007864534c2b3ce448d24aea78a5c6ad5186f8664082944db974bcf608dc4b4b7c17aec9
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 11cadaf29da4c3cb113bf1877b120103
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 0627ee7f7d86e0c552a7bc8ee31a1b18
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: ''
-  MD5: 47aa03a10ac3a407f8f30f1088edcbc9
-  SHA1: b5d78a1d3ae93bd343c6d65e64c0945d1d558758
-  SHA256: c79a2bb050af6436b10b58ef04dbc7082df1513cec5934432004eb56fba05e66
-  Signature: ''
-  Date: ''
-  Publisher: ''
-  Company: IObit
-  Description: IObitUnlocker Driver
-  Product: IObitUnlocker
-  ProductVersion: 1.2.0.1
-  FileVersion: '1.2.0.1 built by: WinDDK'
-  MachineType: AMD64
-  OriginalFilename: IObitUnlocker.sys
-  Imphash: 878e0ad08d61b8eeabe5f33873401f2d
-  Authentihash:
-    MD5: 1ed0cb218c469ce7bb2917cde85fb4dd
-    SHA1: 5193f41b2787d16decf7d50891fde34dd1162f4f
-    SHA256: 3ee89c1e8738d465d241630ccca4ce218afc02421461e6de91e4dc8133e9501c
-  RichPEHeaderHash:
-    MD5: 87e7284a82caf3f9332dfaff2f515994
-    SHA1: ba095313dc4473516b91f8c36af612b7355c31d3
-    SHA256: 2b061aa8bc49bc9cce9ba24952a5e0e1a581f7d693db1aef26aa44049811beba
-  Sections:
-    .text:
-      Entropy: 5.405554072789149
-      Virtual Size: '0x7fed'
-    .rdata:
-      Entropy: 4.194087376463995
-      Virtual Size: '0x4e8'
-    .data:
-      Entropy: 0.8079955727472559
-      Virtual Size: '0x170'
-    .pdata:
-      Entropy: 4.175415725903598
-      Virtual Size: '0x3a8'
-    INIT:
-      Entropy: 5.217151964086442
-      Virtual Size: '0x6e6'
-    .rsrc:
-      Entropy: 3.3103115449532003
-      Virtual Size: '0x370'
-    .reloc:
-      Entropy: 1.2987909647818572
-      Virtual Size: '0x24'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2017-06-15 00:26:50'
-  InternalName: IObitUnlocker.sys
-  Copyright: "IObit Copyright \xA9 2005-2013"
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - ExAllocatePoolWithTag
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - IoDeleteDevice
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - RtlAssert
-  - _wcsnicmp
-  - ZwReadFile
-  - IoGetRelatedDeviceObject
-  - MmGetSystemRoutineAddress
-  - KeInitializeEvent
-  - ExInterlockedPopEntryList
-  - KeDelayExecutionThread
-  - IoFileObjectType
-  - ZwWaitForSingleObject
-  - ZwClose
-  - ObReferenceObjectByHandle
-  - KeWaitForSingleObject
-  - RtlCompareUnicodeString
-  - IoAllocateIrp
-  - ObfDereferenceObject
-  - ZwWriteFile
-  - DbgPrint
-  - IofCallDriver
-  - _wcsicmp
-  - PsGetProcessPeb
-  - PsLookupProcessByProcessId
-  - ZwQuerySymbolicLinkObject
-  - RtlInitUnicodeString
-  - KeSetEvent
-  - RtlAppendUnicodeToString
-  - IoCreateFile
-  - ZwQuerySystemInformation
-  - ZwOpenSymbolicLinkObject
-  - KeUnstackDetachProcess
-  - ObQueryNameString
-  - ZwCreateFile
-  - wcsrchr
-  - ZwQueryDirectoryFile
-  - _vsnwprintf
-  - RtlAppendUnicodeStringToString
-  - ZwDuplicateObject
-  - IoFreeIrp
-  - ZwOpenProcess
-  - PsGetCurrentProcessId
-  - MmIsAddressValid
-  - ZwTerminateProcess
-  - ZwQueryInformationFile
-  - ExInterlockedPushEntryList
-  - KeStackAttachProcess
-  - KeBugCheckEx
-  - __C_specific_handler
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=CN, ST=Sichuan, L=Chengdu, O=IObit Information Technology, CN=IObit
-        Information Technology
-      ValidFrom: '2015-12-23 00:00:00'
-      ValidTo: '2018-03-23 23:59:59'
-      Signature: 1eca1dc77a22ba11722bcc6c270cd10fd37c3d8222397413c95649e8785fb1bdf1dc1469688cb7ab3bb4691243c5041b3e44994a21838069d3c272f8104ad6ddbba62a3f4383107e770135da9f63e0f8a10f873db3ca001e08cad9de3b93ffd2932c2709db34f8c08de22388abe76109d78fa23adce1c13b139ab1b0d5df60ff8c337f97d6c174fe4351c5eb1875c2e2633d49e5416074e3d3971e3c3afc6369d1f9294365b97a1676dbf3db4e99b8bce5f45374c29a2c7af48e2e55df3d7e299c0ffab20515d2cc8c6e1641880a5a266702b55549a537dd4c744f98ffcd4e28a98e953c905b78bd1739d4c16391f47bc5dd03473d6ffe9452ed41d899cd790f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 454a6cd2e1e63ca9d542dfdab518fed9
-      Version: 3
-      TBS:
-        MD5: dc758b37359f3efd673d2a20e9d65970
-        SHA1: b7293447deac1ede27c037804acf694e00262d28
-        SHA256: e1f3ec931d84ca3ebf315235e9d6b203c49b53cc2fea8a3317a7f5d9717be934
-        SHA384: e14f9b9f001c64204054a84fde7d18b84f217cf42bd19d30ef1b26d399adc01a17d031f763a981ba99539d80ac8b1abe
-    - Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 SHA256 Code Signing CA
-      ValidFrom: '2013-12-10 00:00:00'
-      ValidTo: '2023-12-09 23:59:59'
-      Signature: 13851a1e69a937f7a0bda4af7e1d6153fe9d8c5e0ca6751e781723ddfdec1a035539fb7195c7655aa78e30d2445a61db706fda2105c22e73ba49f1d193fe5dc9cd5e03e0899e3f741ed7f7388ba9d6cfbb352f3358a89256d1c84d3b82e6798416fc28b0b147f31da23eee87d9a67fa456a53fad842e29de7cbca8aaa33d0401eaba93a20e502229174c87e43a115fd6a425899b056b2fb4c9014c277b0bac190522a060153fdac9fb4d4c8ffb726777fd2794c7ba350e8849fe8dfd28af4a12bd0db39705de440c15fa362b03dcc15001f1a1115d14e5e2bd274b54be2b845e0fa6c374050aef97c38922b11f77f3bdcd43d4f14ca93fb58b84af64f2d01421
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 3d78d7f9764960b2617df4f01eca862a
-      Version: 3
-      TBS:
-        MD5: 1f056ff7d5f874984dc605402b7cb042
-        SHA1: bdb348353a2203deb4b767914fa1bd7248dd728b
-        SHA256: a08e79c386083d875014c409c13d144e0a24386132980df11ff59737c8489eb1
-        SHA384: fa2729064b49e0d77540c1ee95d5f74acaf8eaf55197851a3a40383335f8113e51190bc48b552196edf8ac5cf0c89278
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    Signer:
-    - SerialNumber: 454a6cd2e1e63ca9d542dfdab518fed9
-      Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 SHA256 Code Signing CA
-      Version: 1
-MitreID: T1068
+    Command: ''
+    Description: Confirmed vulnerable driver from Microsoft Block List
+    OperatingSystem: Windows
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://gist.github.com/mgraeber-rc/1bde6a2a83237f17b463d051d32e802c
-Tags:
-- iobitunlocker.sys
-Verified: 'TRUE'
+Detection:
+-   type: ''
+    value: ''
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 0a3c811c84c0731bb691dd1c2f51d932
+        SHA1: 9cfe5fdbdd41c4d4e026a588fc8df412cc4620fc
+        SHA256: c025ec72d4b8297ee2e0fac7747f39d256aad26fbf0554e3729e3e381bc6ea86
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2011-06-27 23:49:37'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - MmGetSystemRoutineAddress
+    - ExfInterlockedPopEntryList
+    - KeWaitForSingleObject
+    - IofCallDriver
+    - KeGetCurrentThread
+    - KeInitializeEvent
+    - IoAllocateIrp
+    - ZwClose
+    - ObfDereferenceObject
+    - IoGetRelatedDeviceObject
+    - ObReferenceObjectByHandle
+    - IoFileObjectType
+    - memcpy
+    - ZwWriteFile
+    - ZwReadFile
+    - ZwWaitForSingleObject
+    - memset
+    - RtlCompareUnicodeString
+    - KeDelayExecutionThread
+    - _wcsnicmp
+    - ExAllocatePoolWithTag
+    - IoCreateFile
+    - ZwQueryDirectoryFile
+    - IoFreeIrp
+    - KeSetEvent
+    - ZwOpenProcess
+    - ZwTerminateProcess
+    - _wcsicmp
+    - wcsrchr
+    - ZwDuplicateObject
+    - ExfInterlockedPushEntryList
+    - KeUnstackDetachProcess
+    - MmIsAddressValid
+    - PsGetProcessPeb
+    - KeStackAttachProcess
+    - PsLookupProcessByProcessId
+    - ZwQuerySystemInformation
+    - ZwQuerySymbolicLinkObject
+    - ZwOpenSymbolicLinkObject
+    - RtlInitUnicodeString
+    - ZwQueryInformationFile
+    - ObQueryNameString
+    - KeTickCount
+    - KeBugCheckEx
+    - ExFreePoolWithTag
+    - DbgPrint
+    - IofCompleteRequest
+    - IoDeleteSymbolicLink
+    - _vsnwprintf
+    - IoDeleteDevice
+    - KeGetCurrentIrql
+    - RtlUnwind
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    - NTOSKRNL.EXE
+    InternalName: ''
+    MD5: 05ad4a6ef441e94acb1a1a9a11a26f3a
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 5b4d8c2b8c149dbd5d949b7937d828d8
+        SHA1: 64d5063b776d4a59b8a8cbb7852d9afb61df93f5
+        SHA256: 2c1db2adc3c9d42ce0e0ded5b469406d8748cb851639f3826a5bc8120e7398ae
+    SHA1: d7f12c8d515a0ad401fa02cc8ac42b11b5b7fa55
+    SHA256: 7a1feb8649a5c0679e1073e6d8a02c8a6ebc5825f02999f16c9459284f1b198b
+    Sections:
+        .text:
+            Entropy: 6.355989058358682
+            Virtual Size: '0x3d85'
+        .rdata:
+            Entropy: 4.2685062053422165
+            Virtual Size: '0x29c'
+        .data:
+            Entropy: 1.5672229185382367
+            Virtual Size: '0x8c'
+        INIT:
+            Entropy: 5.415106162348945
+            Virtual Size: '0x5e8'
+        .reloc:
+            Entropy: 5.590213587032387
+            Virtual Size: '0x3ca'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        -   Subject: C=CN, ST=SiChuan, L=ChengDu, O=IObit Information Technology,
+                OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=IObit
+                Information Technology
+            ValidFrom: '2009-12-08 00:00:00'
+            ValidTo: '2013-01-04 23:59:59'
+            Signature: 121505a16515db672b7a89c4490a50abc3acde2385c839538892a2927a188d02e43d4379e2781145750af1c075c111023d550c0a06285a62ea1d08cfd95cb4e48fb20550a8ec23b5ea180eb802c4c72cc54217787a3fad704c685e43364efb48020458bd61f57498dbb4dc4c9181f72debe1667592515c6217a82c54c96e16266bb4cb9af759ca32aceb7b196bfe951c810d30bf879417fd1de08b8fbca8b45c223bda4feaedd82e8d73c4fd485c71b7271f3e2f225fa2a2a4a4bdd325f1f1d392676122ec7106e4f8c5addc92d89b0b902df56447bd1be2750a1a21a71cc783a65777153a7d1b3ed2d899702a4b53aed227dfabf762cbaf007ab0aa4228ea61
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 2b8f44226c2d9e0edf5765b0d7a21b51
+            Version: 3
+            TBS:
+                MD5: dcd6726e69a9158dd03eb7deec112756
+                SHA1: 639f767702630ca2a0756c3b2d3c07914c75d8ce
+                SHA256: 9a3ca6cae4be1d87bc9836355b5348aa9736a99250653ff9279136c0be63b7c7
+                SHA384: 0ce3d053c4d09a47ad02a0d6381d3199cfe38dd465413403cb03ba89c6ca5830a530a1d90ab4f2a7d96f7619804b661d
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 2b8f44226c2d9e0edf5765b0d7a21b51
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    Imphash: a9e02912a3b2915e7bd0d33d49adc21e
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: edc928500093686626e4d82a09eb5681
+        SHA1: 3221d04a27d9ba6646668bea02fe9538e6eec58d
+        SHA256: ce12d9c2996a6626f6fc68415f8a94851b3468c9c62cc408dbdc0227cf77939d
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2011-03-03 02:01:12'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - IofCompleteRequest
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - MmGetSystemRoutineAddress
+    - DbgPrint
+    - KeWaitForSingleObject
+    - IofCallDriver
+    - KeGetCurrentThread
+    - KeInitializeEvent
+    - IoAllocateIrp
+    - ZwClose
+    - ObfDereferenceObject
+    - IoGetRelatedDeviceObject
+    - ObReferenceObjectByHandle
+    - IoFileObjectType
+    - memcpy
+    - ZwWriteFile
+    - ZwReadFile
+    - ZwWaitForSingleObject
+    - memset
+    - RtlCompareUnicodeString
+    - IoDeleteSymbolicLink
+    - _wcsnicmp
+    - _vsnwprintf
+    - IoCreateFile
+    - ZwQueryDirectoryFile
+    - IoFreeIrp
+    - KeSetEvent
+    - ZwOpenProcess
+    - ZwTerminateProcess
+    - _wcsicmp
+    - wcsrchr
+    - ZwDuplicateObject
+    - KeUnstackDetachProcess
+    - MmIsAddressValid
+    - PsGetProcessPeb
+    - KeStackAttachProcess
+    - PsLookupProcessByProcessId
+    - ZwQuerySystemInformation
+    - IoQueryFileDosDeviceName
+    - ZwQueryInformationFile
+    - KeTickCount
+    - KeBugCheckEx
+    - RtlUnwind
+    - IoDeleteDevice
+    - KeGetCurrentIrql
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: a7c2bc345d60cddf2cf4f5dd416a127b
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 25711a205330f105d8e1b00638fe7c65
+        SHA1: 3e18ce9b3a49b93de45088dc4b4b61ff6971e8eb
+        SHA256: 202a7a99049f60e8147e0c06f761af35f71afdd57862a6a6b388081172bbb8bb
+    SHA1: dcf6ee994e23893ac3b5e90a08003e026cc1fd8e
+    SHA256: 698353791261d5a9ca3245ae8f86334493df554690ec7962895c2affe4050db2
+    Sections:
+        .text:
+            Entropy: 6.317048717136059
+            Virtual Size: '0x39c0'
+        .rdata:
+            Entropy: 4.073332945379357
+            Virtual Size: '0x2ec'
+        .data:
+            Entropy: 2.4133339967645213
+            Virtual Size: '0x50'
+        INIT:
+            Entropy: 5.394756309196413
+            Virtual Size: '0x50c'
+        .reloc:
+            Entropy: 5.367759325264859
+            Virtual Size: '0x3b6'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        -   Subject: C=CN, ST=SiChuan, L=ChengDu, O=IObit Information Technology,
+                OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=IObit
+                Information Technology
+            ValidFrom: '2009-12-08 00:00:00'
+            ValidTo: '2013-01-04 23:59:59'
+            Signature: 121505a16515db672b7a89c4490a50abc3acde2385c839538892a2927a188d02e43d4379e2781145750af1c075c111023d550c0a06285a62ea1d08cfd95cb4e48fb20550a8ec23b5ea180eb802c4c72cc54217787a3fad704c685e43364efb48020458bd61f57498dbb4dc4c9181f72debe1667592515c6217a82c54c96e16266bb4cb9af759ca32aceb7b196bfe951c810d30bf879417fd1de08b8fbca8b45c223bda4feaedd82e8d73c4fd485c71b7271f3e2f225fa2a2a4a4bdd325f1f1d392676122ec7106e4f8c5addc92d89b0b902df56447bd1be2750a1a21a71cc783a65777153a7d1b3ed2d899702a4b53aed227dfabf762cbaf007ab0aa4228ea61
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 2b8f44226c2d9e0edf5765b0d7a21b51
+            Version: 3
+            TBS:
+                MD5: dcd6726e69a9158dd03eb7deec112756
+                SHA1: 639f767702630ca2a0756c3b2d3c07914c75d8ce
+                SHA256: 9a3ca6cae4be1d87bc9836355b5348aa9736a99250653ff9279136c0be63b7c7
+                SHA384: 0ce3d053c4d09a47ad02a0d6381d3199cfe38dd465413403cb03ba89c6ca5830a530a1d90ab4f2a7d96f7619804b661d
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 2b8f44226c2d9e0edf5765b0d7a21b51
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    Imphash: 81c7c94c8652b882268a4770e95a5b03
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: fca73e05e6e7e72590d9b79ce05ac73e
+        SHA1: 6954d40b1e566c42a720ee5c8e32d73cdb7dc36f
+        SHA256: a298cc166fe3bac9e9e4cae967f8e3bb41b08a6a97117ca4f8e5c4f198dbcffa
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2011-06-27 23:49:19'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - MmGetSystemRoutineAddress
+    - ExfInterlockedPopEntryList
+    - KeWaitForSingleObject
+    - IofCallDriver
+    - KeGetCurrentThread
+    - KeInitializeEvent
+    - IoAllocateIrp
+    - ZwClose
+    - ObfDereferenceObject
+    - IoGetRelatedDeviceObject
+    - ObReferenceObjectByHandle
+    - IoFileObjectType
+    - memcpy
+    - ZwWriteFile
+    - ZwReadFile
+    - ZwWaitForSingleObject
+    - memset
+    - RtlCompareUnicodeString
+    - KeDelayExecutionThread
+    - DbgPrint
+    - _vsnwprintf
+    - IoCreateFile
+    - ZwQueryDirectoryFile
+    - IoFreeIrp
+    - KeSetEvent
+    - ZwOpenProcess
+    - ZwTerminateProcess
+    - _wcsicmp
+    - wcsrchr
+    - ZwDuplicateObject
+    - ExfInterlockedPushEntryList
+    - KeUnstackDetachProcess
+    - MmIsAddressValid
+    - PsGetProcessPeb
+    - KeStackAttachProcess
+    - PsLookupProcessByProcessId
+    - ZwQuerySystemInformation
+    - ZwQuerySymbolicLinkObject
+    - ZwOpenSymbolicLinkObject
+    - RtlInitUnicodeString
+    - ZwQueryInformationFile
+    - ObQueryNameString
+    - KeTickCount
+    - KeBugCheckEx
+    - RtlUnwind
+    - IofCompleteRequest
+    - IoDeleteSymbolicLink
+    - _wcsnicmp
+    - IoDeleteDevice
+    - KeGetCurrentIrql
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: 2491a4ddb3f7a6688669831969b47669
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 1e3feaa9c8f5818242e61732bda2b3f2
+        SHA1: 5fe2ed4fdc06aedbee2593404f4353ba09790c2b
+        SHA256: c3d3d60b87d8bac39d2996f6c599054442381256bfffdb303cec8aa1a0feedee
+    SHA1: 239e41b1a860c2b12225be48930312773726e7fc
+    SHA256: 831b62145c21557928a694e6261e830f1545b5756ad51dcbd28a15fde570f4e7
+    Sections:
+        .text:
+            Entropy: 6.320092681683187
+            Virtual Size: '0x3ddd'
+        .rdata:
+            Entropy: 4.301024031936047
+            Virtual Size: '0x28c'
+        .data:
+            Entropy: 1.5279258901075148
+            Virtual Size: '0x8c'
+        INIT:
+            Entropy: 5.426730341906403
+            Virtual Size: '0x5c2'
+        .reloc:
+            Entropy: 5.573657266134847
+            Virtual Size: '0x3e6'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        -   Subject: C=CN, ST=SiChuan, L=ChengDu, O=IObit Information Technology,
+                OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=IObit
+                Information Technology
+            ValidFrom: '2009-12-08 00:00:00'
+            ValidTo: '2013-01-04 23:59:59'
+            Signature: 121505a16515db672b7a89c4490a50abc3acde2385c839538892a2927a188d02e43d4379e2781145750af1c075c111023d550c0a06285a62ea1d08cfd95cb4e48fb20550a8ec23b5ea180eb802c4c72cc54217787a3fad704c685e43364efb48020458bd61f57498dbb4dc4c9181f72debe1667592515c6217a82c54c96e16266bb4cb9af759ca32aceb7b196bfe951c810d30bf879417fd1de08b8fbca8b45c223bda4feaedd82e8d73c4fd485c71b7271f3e2f225fa2a2a4a4bdd325f1f1d392676122ec7106e4f8c5addc92d89b0b902df56447bd1be2750a1a21a71cc783a65777153a7d1b3ed2d899702a4b53aed227dfabf762cbaf007ab0aa4228ea61
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 2b8f44226c2d9e0edf5765b0d7a21b51
+            Version: 3
+            TBS:
+                MD5: dcd6726e69a9158dd03eb7deec112756
+                SHA1: 639f767702630ca2a0756c3b2d3c07914c75d8ce
+                SHA256: 9a3ca6cae4be1d87bc9836355b5348aa9736a99250653ff9279136c0be63b7c7
+                SHA384: 0ce3d053c4d09a47ad02a0d6381d3199cfe38dd465413403cb03ba89c6ca5830a530a1d90ab4f2a7d96f7619804b661d
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 2b8f44226c2d9e0edf5765b0d7a21b51
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    Imphash: c12936f479be6928286027facebe1c59
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: ac13d57700837c8613f9d94f175242d0
+        SHA1: 7fb190dfa6cc3e34937991c839353331998b532f
+        SHA256: 1fe70267698ba60012ca4c2c0f21325236bafc7b42fa977a09afa6a0c5ed3784
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2011-06-27 23:49:46'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - MmGetSystemRoutineAddress
+    - ExfInterlockedPopEntryList
+    - KeWaitForSingleObject
+    - IofCallDriver
+    - KeGetCurrentThread
+    - KeInitializeEvent
+    - IoAllocateIrp
+    - ZwClose
+    - ObfDereferenceObject
+    - IoGetRelatedDeviceObject
+    - ObReferenceObjectByHandle
+    - IoFileObjectType
+    - memcpy
+    - ZwWriteFile
+    - ZwReadFile
+    - ZwWaitForSingleObject
+    - memset
+    - RtlCompareUnicodeString
+    - KeDelayExecutionThread
+    - DbgPrint
+    - _vsnwprintf
+    - IoCreateFile
+    - ZwQueryDirectoryFile
+    - IoFreeIrp
+    - KeSetEvent
+    - ZwOpenProcess
+    - ZwTerminateProcess
+    - _wcsicmp
+    - wcsrchr
+    - ZwDuplicateObject
+    - ExfInterlockedPushEntryList
+    - KeUnstackDetachProcess
+    - MmIsAddressValid
+    - PsGetProcessPeb
+    - KeStackAttachProcess
+    - PsLookupProcessByProcessId
+    - ZwQuerySystemInformation
+    - ZwQuerySymbolicLinkObject
+    - ZwOpenSymbolicLinkObject
+    - RtlInitUnicodeString
+    - ZwQueryInformationFile
+    - ObQueryNameString
+    - KeTickCount
+    - KeBugCheckEx
+    - RtlUnwind
+    - IofCompleteRequest
+    - IoDeleteSymbolicLink
+    - _wcsnicmp
+    - IoDeleteDevice
+    - KeGetCurrentIrql
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: 724a9e06f0a846f2556f2e3edd251cc4
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: cd2bd2df115786d1be082c11816bb8bf
+        SHA1: 9bbc6747d36b2e9386835a13e6e77003ba04fc02
+        SHA256: 51b7f6c1d7f3582e201c9903196ee57fa3de962c4b1d451bc2dae4467bd6576a
+    SHA1: ac593c6f4d2ad88bfca455a3a189af6d3cdace32
+    SHA256: 11bc55c0771d692279298211c1d434c04168e7c7f7c4328bfd600215b88c819b
+    Sections:
+        .text:
+            Entropy: 6.320386750174537
+            Virtual Size: '0x3ddd'
+        .rdata:
+            Entropy: 4.2873446237083135
+            Virtual Size: '0x28c'
+        .data:
+            Entropy: 1.5279258901075148
+            Virtual Size: '0x8c'
+        INIT:
+            Entropy: 5.424229057057279
+            Virtual Size: '0x5c2'
+        .reloc:
+            Entropy: 5.573657266134847
+            Virtual Size: '0x3e6'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        -   Subject: C=CN, ST=SiChuan, L=ChengDu, O=IObit Information Technology,
+                OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=IObit
+                Information Technology
+            ValidFrom: '2009-12-08 00:00:00'
+            ValidTo: '2013-01-04 23:59:59'
+            Signature: 121505a16515db672b7a89c4490a50abc3acde2385c839538892a2927a188d02e43d4379e2781145750af1c075c111023d550c0a06285a62ea1d08cfd95cb4e48fb20550a8ec23b5ea180eb802c4c72cc54217787a3fad704c685e43364efb48020458bd61f57498dbb4dc4c9181f72debe1667592515c6217a82c54c96e16266bb4cb9af759ca32aceb7b196bfe951c810d30bf879417fd1de08b8fbca8b45c223bda4feaedd82e8d73c4fd485c71b7271f3e2f225fa2a2a4a4bdd325f1f1d392676122ec7106e4f8c5addc92d89b0b902df56447bd1be2750a1a21a71cc783a65777153a7d1b3ed2d899702a4b53aed227dfabf762cbaf007ab0aa4228ea61
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 2b8f44226c2d9e0edf5765b0d7a21b51
+            Version: 3
+            TBS:
+                MD5: dcd6726e69a9158dd03eb7deec112756
+                SHA1: 639f767702630ca2a0756c3b2d3c07914c75d8ce
+                SHA256: 9a3ca6cae4be1d87bc9836355b5348aa9736a99250653ff9279136c0be63b7c7
+                SHA384: 0ce3d053c4d09a47ad02a0d6381d3199cfe38dd465413403cb03ba89c6ca5830a530a1d90ab4f2a7d96f7619804b661d
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 2b8f44226c2d9e0edf5765b0d7a21b51
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    Imphash: c12936f479be6928286027facebe1c59
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: d41b2c41b706e2cd26952b00c30d7f64
+        SHA1: 68ec1d226dc2314c5f2ecc949c662b1f4d504824
+        SHA256: 773dc9256c4eada182a5b41179a522740ba994eff30f868641bc91574705b8e3
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2011-06-27 23:49:22'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - ExAllocatePoolWithTag
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - IoDeleteDevice
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - DbgPrint
+    - _wcsnicmp
+    - ZwReadFile
+    - IoGetRelatedDeviceObject
+    - MmGetSystemRoutineAddress
+    - KeInitializeEvent
+    - ExInterlockedPopEntryList
+    - KeDelayExecutionThread
+    - IoFileObjectType
+    - ZwWaitForSingleObject
+    - ZwClose
+    - ObReferenceObjectByHandle
+    - KeWaitForSingleObject
+    - RtlCompareUnicodeString
+    - IoAllocateIrp
+    - ObfDereferenceObject
+    - ZwWriteFile
+    - IofCallDriver
+    - _wcsicmp
+    - PsGetProcessPeb
+    - PsLookupProcessByProcessId
+    - ZwQuerySymbolicLinkObject
+    - RtlInitUnicodeString
+    - KeSetEvent
+    - IoCreateFile
+    - ZwQuerySystemInformation
+    - ZwOpenSymbolicLinkObject
+    - KeUnstackDetachProcess
+    - ObQueryNameString
+    - wcsrchr
+    - ZwQueryDirectoryFile
+    - _vsnwprintf
+    - ZwDuplicateObject
+    - IoFreeIrp
+    - ZwOpenProcess
+    - MmIsAddressValid
+    - ZwTerminateProcess
+    - ZwQueryInformationFile
+    - ExInterlockedPushEntryList
+    - KeStackAttachProcess
+    - KeBugCheckEx
+    - __C_specific_handler
+    Imports:
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: 67f6d2a931f194396bda9b05690008d2
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: ad9b91dbaee6be999d6506faf9a50496
+        SHA1: 38ea8a4d751919b531f6169cab585b4e935d6711
+        SHA256: 8f3ff18b13421201854683eaf11f9a5a1497126ef99bddf602c4eee5b66d2a50
+    SHA1: c90d334d807a0dc7f15ecff38e8f0137a378504b
+    SHA256: a7416a7d9573f1d8873ec1b3109ec683e85412ba817e0001c3ab2d2c92043d4d
+    Sections:
+        .text:
+            Entropy: 6.20613778782764
+            Virtual Size: '0x5226'
+        .rdata:
+            Entropy: 4.766241993256806
+            Virtual Size: '0x59c'
+        .data:
+            Entropy: 0.7812641672999111
+            Virtual Size: '0x170'
+        .pdata:
+            Entropy: 4.261400850513
+            Virtual Size: '0x24c'
+        INIT:
+            Entropy: 5.206339371292222
+            Virtual Size: '0x64c'
+        .reloc:
+            Entropy: 1.2987909647818572
+            Virtual Size: '0x24'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        -   Subject: C=CN, ST=SiChuan, L=ChengDu, O=IObit Information Technology,
+                OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=IObit
+                Information Technology
+            ValidFrom: '2009-12-08 00:00:00'
+            ValidTo: '2013-01-04 23:59:59'
+            Signature: 121505a16515db672b7a89c4490a50abc3acde2385c839538892a2927a188d02e43d4379e2781145750af1c075c111023d550c0a06285a62ea1d08cfd95cb4e48fb20550a8ec23b5ea180eb802c4c72cc54217787a3fad704c685e43364efb48020458bd61f57498dbb4dc4c9181f72debe1667592515c6217a82c54c96e16266bb4cb9af759ca32aceb7b196bfe951c810d30bf879417fd1de08b8fbca8b45c223bda4feaedd82e8d73c4fd485c71b7271f3e2f225fa2a2a4a4bdd325f1f1d392676122ec7106e4f8c5addc92d89b0b902df56447bd1be2750a1a21a71cc783a65777153a7d1b3ed2d899702a4b53aed227dfabf762cbaf007ab0aa4228ea61
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 2b8f44226c2d9e0edf5765b0d7a21b51
+            Version: 3
+            TBS:
+                MD5: dcd6726e69a9158dd03eb7deec112756
+                SHA1: 639f767702630ca2a0756c3b2d3c07914c75d8ce
+                SHA256: 9a3ca6cae4be1d87bc9836355b5348aa9736a99250653ff9279136c0be63b7c7
+                SHA384: 0ce3d053c4d09a47ad02a0d6381d3199cfe38dd465413403cb03ba89c6ca5830a530a1d90ab4f2a7d96f7619804b661d
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 2b8f44226c2d9e0edf5765b0d7a21b51
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    Imphash: 711b758670a45a9eda505018717c0966
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 89f98b999217b326cc86ac494de536c6
+        SHA1: 6093dcbb29df29d365286d8d86b80e1027cf7d0a
+        SHA256: e73bb03d54b40035558df2e990367a1c4e9c1ef8e980df6380a63f3bc23e6740
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2011-09-05 02:35:34'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - ExAllocatePoolWithTag
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - IoDeleteDevice
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - _wcsnicmp
+    - ZwReadFile
+    - IoGetRelatedDeviceObject
+    - MmGetSystemRoutineAddress
+    - KeInitializeEvent
+    - ExInterlockedPopEntryList
+    - KeDelayExecutionThread
+    - IoFileObjectType
+    - ZwWaitForSingleObject
+    - ZwClose
+    - ObReferenceObjectByHandle
+    - KeWaitForSingleObject
+    - RtlCompareUnicodeString
+    - IoAllocateIrp
+    - ObfDereferenceObject
+    - ZwWriteFile
+    - DbgPrint
+    - IofCallDriver
+    - _wcsicmp
+    - PsGetProcessPeb
+    - PsLookupProcessByProcessId
+    - ZwQuerySymbolicLinkObject
+    - RtlInitUnicodeString
+    - KeSetEvent
+    - IoCreateFile
+    - ZwQuerySystemInformation
+    - ZwOpenSymbolicLinkObject
+    - KeUnstackDetachProcess
+    - ObQueryNameString
+    - ZwCreateFile
+    - wcsrchr
+    - ZwQueryDirectoryFile
+    - _vsnwprintf
+    - ZwDuplicateObject
+    - IoFreeIrp
+    - ZwOpenProcess
+    - MmIsAddressValid
+    - ZwTerminateProcess
+    - ZwQueryInformationFile
+    - ExInterlockedPushEntryList
+    - KeStackAttachProcess
+    - KeBugCheckEx
+    - __C_specific_handler
+    - __chkstk
+    Imports:
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: b2ada4eb20649839a54db078fa6bb1bd
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: b7475c5a12b5a230bc38af8999024009
+        SHA1: f0641a90dd7fbceddca5a1d1ff4adcabcc8cc5ee
+        SHA256: ca2a5d85f9030bc3a6e3128b6a6dc5f52b7e43be10b83b57951c289b80bf16d3
+    SHA1: db649f5adb5e857b2167925f270df56e5f8e5612
+    SHA256: 0aff83f28d70f425539fee3d6a780210d0406264f8a4eb124e32b074e8ffd556
+    Sections:
+        .text:
+            Entropy: 6.170150629427797
+            Virtual Size: '0x5556'
+        .rdata:
+            Entropy: 4.712345522450135
+            Virtual Size: '0x5b4'
+        .data:
+            Entropy: 0.7812641672999111
+            Virtual Size: '0x170'
+        .pdata:
+            Entropy: 4.216695986753876
+            Virtual Size: '0x258'
+        INIT:
+            Entropy: 5.179242948978909
+            Virtual Size: '0x678'
+        .reloc:
+            Entropy: 1.2987909647818572
+            Virtual Size: '0x24'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=CN, ST=Sichuan, L=Chengdu, O=IObit Information Technology,
+                OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=IObit
+                Information Technology
+            ValidFrom: '2013-01-15 00:00:00'
+            ValidTo: '2016-02-14 23:59:59'
+            Signature: a09ea7ad2e5d67136d3a8d90878294843292af15103d0bca0dfb6091aa98d35d2bbda19f7b67e8c60ec5650d5d9edfaa0f61e744c2f3f3df12d07a68429127e2a7c5e262ab6bac51cb4287cc131aac3e115f7b1a0c57bfd901f5aff0555c981017d7670952c661bb07d1349af20539651e5789c99682a314d8beba080acfd9baa442db7b5df21b250ce44649d6b942c7a76d2d45744d3c24b26cc6433790ee5b0d7b54d6151245e0284177afeae7196f59b13718be94ed54e9ba5c84a330f8f39f277ed2be7424dd45dfb9c758566e7aaf4fd7eb45f9c5b10073379de1dc5af34f78727dfc0473a0c7ff2ccab6dc9c0ddba5a602013010ee789dfcaac21d0fa9
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 11cadaf29da4c3cb113bf1877b120103
+            Version: 3
+            TBS:
+                MD5: 6767e14c32c32562d2ed0feeccf02a40
+                SHA1: 84fdcb3f59b6c50918daea4a7cc3b200d6d5c91e
+                SHA256: 264d50b6b2be1acd6642f3f5f7d938820937ecae24a93891c6b45366f3b8d152
+                SHA384: 3b54ba34d3580c8f058565de007864534c2b3ce448d24aea78a5c6ad5186f8664082944db974bcf608dc4b4b7c17aec9
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 11cadaf29da4c3cb113bf1877b120103
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: c89216a982b8a3b67a507c41afa93c04
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 0a3c811c84c0731bb691dd1c2f51d932
+        SHA1: 9cfe5fdbdd41c4d4e026a588fc8df412cc4620fc
+        SHA256: c025ec72d4b8297ee2e0fac7747f39d256aad26fbf0554e3729e3e381bc6ea86
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2011-06-27 23:49:37'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - MmGetSystemRoutineAddress
+    - ExfInterlockedPopEntryList
+    - KeWaitForSingleObject
+    - IofCallDriver
+    - KeGetCurrentThread
+    - KeInitializeEvent
+    - IoAllocateIrp
+    - ZwClose
+    - ObfDereferenceObject
+    - IoGetRelatedDeviceObject
+    - ObReferenceObjectByHandle
+    - IoFileObjectType
+    - memcpy
+    - ZwWriteFile
+    - ZwReadFile
+    - ZwWaitForSingleObject
+    - memset
+    - RtlCompareUnicodeString
+    - KeDelayExecutionThread
+    - _wcsnicmp
+    - ExAllocatePoolWithTag
+    - IoCreateFile
+    - ZwQueryDirectoryFile
+    - IoFreeIrp
+    - KeSetEvent
+    - ZwOpenProcess
+    - ZwTerminateProcess
+    - _wcsicmp
+    - wcsrchr
+    - ZwDuplicateObject
+    - ExfInterlockedPushEntryList
+    - KeUnstackDetachProcess
+    - MmIsAddressValid
+    - PsGetProcessPeb
+    - KeStackAttachProcess
+    - PsLookupProcessByProcessId
+    - ZwQuerySystemInformation
+    - ZwQuerySymbolicLinkObject
+    - ZwOpenSymbolicLinkObject
+    - RtlInitUnicodeString
+    - ZwQueryInformationFile
+    - ObQueryNameString
+    - KeTickCount
+    - KeBugCheckEx
+    - ExFreePoolWithTag
+    - DbgPrint
+    - IofCompleteRequest
+    - IoDeleteSymbolicLink
+    - _vsnwprintf
+    - IoDeleteDevice
+    - KeGetCurrentIrql
+    - RtlUnwind
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    - NTOSKRNL.EXE
+    InternalName: ''
+    MD5: 2f6cf948117cbd383315ebf070d27aa4
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 5b4d8c2b8c149dbd5d949b7937d828d8
+        SHA1: 64d5063b776d4a59b8a8cbb7852d9afb61df93f5
+        SHA256: 2c1db2adc3c9d42ce0e0ded5b469406d8748cb851639f3826a5bc8120e7398ae
+    SHA1: 338679dfda8828c6aa98e0a5c9fa9e0a1fe9e9e8
+    SHA256: 29cf2d374d7afe009bbf60ba5f50db7016314de682cf3a6f90c0996810c821ef
+    Sections:
+        .text:
+            Entropy: 6.355989058358682
+            Virtual Size: '0x3d85'
+        .rdata:
+            Entropy: 4.2685062053422165
+            Virtual Size: '0x29c'
+        .data:
+            Entropy: 1.5672229185382367
+            Virtual Size: '0x8c'
+        INIT:
+            Entropy: 5.415106162348945
+            Virtual Size: '0x5e8'
+        .reloc:
+            Entropy: 5.590213587032387
+            Virtual Size: '0x3ca'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        -   Subject: C=CN, ST=SiChuan, L=ChengDu, O=IObit Information Technology,
+                OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=IObit
+                Information Technology
+            ValidFrom: '2009-12-08 00:00:00'
+            ValidTo: '2013-01-04 23:59:59'
+            Signature: 121505a16515db672b7a89c4490a50abc3acde2385c839538892a2927a188d02e43d4379e2781145750af1c075c111023d550c0a06285a62ea1d08cfd95cb4e48fb20550a8ec23b5ea180eb802c4c72cc54217787a3fad704c685e43364efb48020458bd61f57498dbb4dc4c9181f72debe1667592515c6217a82c54c96e16266bb4cb9af759ca32aceb7b196bfe951c810d30bf879417fd1de08b8fbca8b45c223bda4feaedd82e8d73c4fd485c71b7271f3e2f225fa2a2a4a4bdd325f1f1d392676122ec7106e4f8c5addc92d89b0b902df56447bd1be2750a1a21a71cc783a65777153a7d1b3ed2d899702a4b53aed227dfabf762cbaf007ab0aa4228ea61
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 2b8f44226c2d9e0edf5765b0d7a21b51
+            Version: 3
+            TBS:
+                MD5: dcd6726e69a9158dd03eb7deec112756
+                SHA1: 639f767702630ca2a0756c3b2d3c07914c75d8ce
+                SHA256: 9a3ca6cae4be1d87bc9836355b5348aa9736a99250653ff9279136c0be63b7c7
+                SHA384: 0ce3d053c4d09a47ad02a0d6381d3199cfe38dd465413403cb03ba89c6ca5830a530a1d90ab4f2a7d96f7619804b661d
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 2b8f44226c2d9e0edf5765b0d7a21b51
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    Imphash: a9e02912a3b2915e7bd0d33d49adc21e
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 0c8ced073b358dbd77b932d76929685b
+        SHA1: f96942de94a05f1ee53f49ca4e806790c0aa780e
+        SHA256: 5f4b06327ffbec2a59725a57c357daf54ea2f58aef5dc7ff3f5370168af09fb0
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2011-06-27 23:49:43'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - ExAllocatePoolWithTag
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - IoDeleteDevice
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - DbgPrint
+    - _wcsnicmp
+    - ZwReadFile
+    - IoGetRelatedDeviceObject
+    - MmGetSystemRoutineAddress
+    - KeInitializeEvent
+    - ExInterlockedPopEntryList
+    - KeDelayExecutionThread
+    - IoFileObjectType
+    - ZwWaitForSingleObject
+    - ZwClose
+    - ObReferenceObjectByHandle
+    - KeWaitForSingleObject
+    - RtlCompareUnicodeString
+    - IoAllocateIrp
+    - ObfDereferenceObject
+    - ZwWriteFile
+    - IofCallDriver
+    - _wcsicmp
+    - PsGetProcessPeb
+    - PsLookupProcessByProcessId
+    - ZwQuerySymbolicLinkObject
+    - RtlInitUnicodeString
+    - KeSetEvent
+    - IoCreateFile
+    - ZwQuerySystemInformation
+    - ZwOpenSymbolicLinkObject
+    - KeUnstackDetachProcess
+    - ObQueryNameString
+    - wcsrchr
+    - ZwQueryDirectoryFile
+    - _vsnwprintf
+    - ZwDuplicateObject
+    - IoFreeIrp
+    - ZwOpenProcess
+    - MmIsAddressValid
+    - ZwTerminateProcess
+    - ZwQueryInformationFile
+    - ExInterlockedPushEntryList
+    - KeStackAttachProcess
+    - KeBugCheckEx
+    - __C_specific_handler
+    Imports:
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: e6ed15980616aa706bf85e6f256d2ebe
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: fb793a110cd04a70e63e24ded69cda69
+        SHA1: 295f35683dd5b0da34dbacd59ee8ce840aa013f0
+        SHA256: 9ff3c3e172cdf69134a6728f7031a6c1d17cdfe2548037099ba7ea2703b99cf7
+    SHA1: b589662db0d96993cd83e97b11e9238d3d70dc2d
+    SHA256: e41d4fd99252fcf9aea529b6e148b311aa26a4ab04f6b79cce4cd19c61db0c87
+    Sections:
+        .text:
+            Entropy: 6.217525540626368
+            Virtual Size: '0x51c6'
+        .rdata:
+            Entropy: 4.819949617753762
+            Virtual Size: '0x588'
+        .data:
+            Entropy: 0.7812641672999111
+            Virtual Size: '0x170'
+        .pdata:
+            Entropy: 4.229977191275536
+            Virtual Size: '0x234'
+        INIT:
+            Entropy: 5.159128460560333
+            Virtual Size: '0x64c'
+        .reloc:
+            Entropy: 1.2987909647818572
+            Virtual Size: '0x24'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        -   Subject: C=CN, ST=SiChuan, L=ChengDu, O=IObit Information Technology,
+                OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=IObit
+                Information Technology
+            ValidFrom: '2009-12-08 00:00:00'
+            ValidTo: '2013-01-04 23:59:59'
+            Signature: 121505a16515db672b7a89c4490a50abc3acde2385c839538892a2927a188d02e43d4379e2781145750af1c075c111023d550c0a06285a62ea1d08cfd95cb4e48fb20550a8ec23b5ea180eb802c4c72cc54217787a3fad704c685e43364efb48020458bd61f57498dbb4dc4c9181f72debe1667592515c6217a82c54c96e16266bb4cb9af759ca32aceb7b196bfe951c810d30bf879417fd1de08b8fbca8b45c223bda4feaedd82e8d73c4fd485c71b7271f3e2f225fa2a2a4a4bdd325f1f1d392676122ec7106e4f8c5addc92d89b0b902df56447bd1be2750a1a21a71cc783a65777153a7d1b3ed2d899702a4b53aed227dfabf762cbaf007ab0aa4228ea61
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 2b8f44226c2d9e0edf5765b0d7a21b51
+            Version: 3
+            TBS:
+                MD5: dcd6726e69a9158dd03eb7deec112756
+                SHA1: 639f767702630ca2a0756c3b2d3c07914c75d8ce
+                SHA256: 9a3ca6cae4be1d87bc9836355b5348aa9736a99250653ff9279136c0be63b7c7
+                SHA384: 0ce3d053c4d09a47ad02a0d6381d3199cfe38dd465413403cb03ba89c6ca5830a530a1d90ab4f2a7d96f7619804b661d
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 2b8f44226c2d9e0edf5765b0d7a21b51
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    Imphash: 711b758670a45a9eda505018717c0966
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: d865b8b11ee0f2ddc9095e3249015abf
+        SHA1: 0aa57861ba15db6dc026c87f503fbe9635a29629
+        SHA256: 14e6f0d5f93dc52471af549de1c91c1fc1d9dbd175d5932c17e58e6b186694c9
+    Company: IObit
+    Copyright: "IObit Copyright \xA9 2005-2013"
+    CreationTimestamp: '2013-09-27 03:40:47'
+    Date: ''
+    Description: IObitUnlocker Driver
+    ExportedFunctions: ''
+    FileVersion: '1.2.0.0 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - IoCreateDevice
+    - MmGetSystemRoutineAddress
+    - ExfInterlockedPopEntryList
+    - DbgPrint
+    - KeWaitForSingleObject
+    - IofCallDriver
+    - KeGetCurrentThread
+    - KeInitializeEvent
+    - IoAllocateIrp
+    - ZwClose
+    - ObfDereferenceObject
+    - IoGetRelatedDeviceObject
+    - ObReferenceObjectByHandle
+    - IoFileObjectType
+    - memcpy
+    - ZwWriteFile
+    - ZwReadFile
+    - ZwWaitForSingleObject
+    - memset
+    - RtlCompareUnicodeString
+    - KeDelayExecutionThread
+    - _wcsnicmp
+    - IoCreateSymbolicLink
+    - IoCreateFile
+    - ZwQueryDirectoryFile
+    - IoFreeIrp
+    - KeSetEvent
+    - ZwOpenProcess
+    - ZwTerminateProcess
+    - _wcsicmp
+    - wcsrchr
+    - ZwDuplicateObject
+    - ExfInterlockedPushEntryList
+    - KeUnstackDetachProcess
+    - MmIsAddressValid
+    - PsGetProcessPeb
+    - KeStackAttachProcess
+    - PsLookupProcessByProcessId
+    - ZwQuerySystemInformation
+    - ZwQuerySymbolicLinkObject
+    - ZwOpenSymbolicLinkObject
+    - RtlInitUnicodeString
+    - ZwQueryInformationFile
+    - ObQueryNameString
+    - KeTickCount
+    - KeBugCheckEx
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - IofCompleteRequest
+    - IoDeleteSymbolicLink
+    - _vsnwprintf
+    - IoDeleteDevice
+    - KeGetCurrentIrql
+    - RtlUnwind
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    - NTOSKRNL.EXE
+    InternalName: IObitUnlocker.sys
+    MD5: 9c14315e086882e89a01c9700c4b5530
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: IObitUnlocker.sys
+    PDBPath: ''
+    Product: IObitUnlocker
+    ProductVersion: 1.2.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 45e8197e8972ce1575cb59ba47bbca6b
+        SHA1: 1c05376b51b700befeedb5e91c2b046898e5e955
+        SHA256: 613e1f251c62380c70363a484341431d05279fd28749c36173025f0a7108e138
+    SHA1: 2446597bd4fd1f67657425310bec5db5614a8616
+    SHA256: 0209934453e9ce60b1a5e4b85412e6faf29127987505bfb1185fc9296c578b09
+    Sections:
+        .text:
+            Entropy: 6.352640579869565
+            Virtual Size: '0x3d9c'
+        .rdata:
+            Entropy: 4.184352632111533
+            Virtual Size: '0x29c'
+        .data:
+            Entropy: 1.5672229185382367
+            Virtual Size: '0x8c'
+        INIT:
+            Entropy: 5.4156598647971395
+            Virtual Size: '0x5e8'
+        .rsrc:
+            Entropy: 3.287732512533589
+            Virtual Size: '0x370'
+        .reloc:
+            Entropy: 5.526376244216933
+            Virtual Size: '0x3d6'
+    Signature: ''
+    Signatures: {}
+    Imphash: 51957e796400bc7de3cfa02db5a95bce
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: d08742729d8b2acaf972fcea6df3bf09
+        SHA1: d7fe09f414ea3a9f2b979c6d883079f0ed563a4b
+        SHA256: 89d96210bf36a88acb14086c96e916b790d21b7adf81d0907c823ca2afbe0ce3
+    Company: IObit
+    Copyright: "IObit Copyright \xA9 2005-2013"
+    CreationTimestamp: '2013-09-27 03:40:53'
+    Date: ''
+    Description: IObitUnlocker Driver
+    ExportedFunctions: ''
+    FileVersion: '1.2.0.0 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - ExAllocatePoolWithTag
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - IoDeleteDevice
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - _wcsnicmp
+    - ZwReadFile
+    - IoGetRelatedDeviceObject
+    - MmGetSystemRoutineAddress
+    - KeInitializeEvent
+    - ExInterlockedPopEntryList
+    - KeDelayExecutionThread
+    - IoFileObjectType
+    - ZwWaitForSingleObject
+    - ZwClose
+    - ObReferenceObjectByHandle
+    - KeWaitForSingleObject
+    - RtlCompareUnicodeString
+    - IoAllocateIrp
+    - ObfDereferenceObject
+    - ZwWriteFile
+    - DbgPrint
+    - IofCallDriver
+    - _wcsicmp
+    - PsGetProcessPeb
+    - PsLookupProcessByProcessId
+    - ZwQuerySymbolicLinkObject
+    - RtlInitUnicodeString
+    - KeSetEvent
+    - IoCreateFile
+    - ZwQuerySystemInformation
+    - ZwOpenSymbolicLinkObject
+    - KeUnstackDetachProcess
+    - ObQueryNameString
+    - wcsrchr
+    - ZwQueryDirectoryFile
+    - _vsnwprintf
+    - ZwDuplicateObject
+    - IoFreeIrp
+    - ZwOpenProcess
+    - MmIsAddressValid
+    - ZwTerminateProcess
+    - ZwQueryInformationFile
+    - ExInterlockedPushEntryList
+    - KeStackAttachProcess
+    - KeBugCheckEx
+    - __C_specific_handler
+    Imports:
+    - ntoskrnl.exe
+    InternalName: IObitUnlocker.sys
+    MD5: ad6ec006e29343c466f73bf47fe0caf3
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: IObitUnlocker.sys
+    PDBPath: ''
+    Product: IObitUnlocker
+    ProductVersion: 1.2.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 772fe1b9794caabb89ee0b78335e3f98
+        SHA1: 877c7c33339b6359e6c366e9c4744b779f24f542
+        SHA256: aed7ad05867110783a74d2c2d4c7a0d2c84075f8a3626e45df6e8f021ea3f592
+    SHA1: 7f4bef1dbc56974f36c25e37b344213d144ffcb4
+    SHA256: d8096325bfe81b093dd522095b6153d9c4850ba2eaa790e12e7056ef160d0432
+    Sections:
+        .text:
+            Entropy: 6.210028479836042
+            Virtual Size: '0x5186'
+        .rdata:
+            Entropy: 4.788425060525102
+            Virtual Size: '0x584'
+        .data:
+            Entropy: 0.7812641672999111
+            Virtual Size: '0x170'
+        .pdata:
+            Entropy: 4.165113468119247
+            Virtual Size: '0x234'
+        INIT:
+            Entropy: 5.162190008807952
+            Virtual Size: '0x64c'
+        .rsrc:
+            Entropy: 3.288590339240593
+            Virtual Size: '0x370'
+        .reloc:
+            Entropy: 1.2987909647818572
+            Virtual Size: '0x24'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=CN, ST=Sichuan, L=Chengdu, O=IObit Information Technology,
+                OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=IObit
+                Information Technology
+            ValidFrom: '2013-01-15 00:00:00'
+            ValidTo: '2016-02-14 23:59:59'
+            Signature: a09ea7ad2e5d67136d3a8d90878294843292af15103d0bca0dfb6091aa98d35d2bbda19f7b67e8c60ec5650d5d9edfaa0f61e744c2f3f3df12d07a68429127e2a7c5e262ab6bac51cb4287cc131aac3e115f7b1a0c57bfd901f5aff0555c981017d7670952c661bb07d1349af20539651e5789c99682a314d8beba080acfd9baa442db7b5df21b250ce44649d6b942c7a76d2d45744d3c24b26cc6433790ee5b0d7b54d6151245e0284177afeae7196f59b13718be94ed54e9ba5c84a330f8f39f277ed2be7424dd45dfb9c758566e7aaf4fd7eb45f9c5b10073379de1dc5af34f78727dfc0473a0c7ff2ccab6dc9c0ddba5a602013010ee789dfcaac21d0fa9
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 11cadaf29da4c3cb113bf1877b120103
+            Version: 3
+            TBS:
+                MD5: 6767e14c32c32562d2ed0feeccf02a40
+                SHA1: 84fdcb3f59b6c50918daea4a7cc3b200d6d5c91e
+                SHA256: 264d50b6b2be1acd6642f3f5f7d938820937ecae24a93891c6b45366f3b8d152
+                SHA384: 3b54ba34d3580c8f058565de007864534c2b3ce448d24aea78a5c6ad5186f8664082944db974bcf608dc4b4b7c17aec9
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 11cadaf29da4c3cb113bf1877b120103
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 0627ee7f7d86e0c552a7bc8ee31a1b18
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 751c91ae91cb43aadaeaa1bb187c593a
+        SHA1: dd220acea885a954085e614b94da2b5bba5c0cc3
+        SHA256: e0aff24a54400fe9f86564b8ce9f874e7ff51e96085ff950baff05844cff2bd1
+    Company: IObit Information Technology
+    Copyright: "\xA9 IObit. All rights reserved."
+    CreationTimestamp: '2022-08-17 02:18:15'
+    Date: ''
+    Description: Unlocker Driver
+    ExportedFunctions: ''
+    FileVersion: 1.3.0.10
+    Filename: IObitUnlocker.sys
+    ImportedFunctions:
+    - ExAllocatePoolWithTag
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - IoDeleteDevice
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - _wcsnicmp
+    - ZwReadFile
+    - IoGetRelatedDeviceObject
+    - MmGetSystemRoutineAddress
+    - KeInitializeEvent
+    - ExInterlockedPopEntryList
+    - KeDelayExecutionThread
+    - IoFileObjectType
+    - ZwWaitForSingleObject
+    - ZwCreateFile
+    - ExAllocatePool
+    - IoGetCurrentProcess
+    - ZwClose
+    - ObReferenceObjectByHandle
+    - KeWaitForSingleObject
+    - RtlCompareUnicodeString
+    - IoAllocateIrp
+    - ObfDereferenceObject
+    - ZwQueryInformationFile
+    - ZwWriteFile
+    - ObOpenObjectByPointer
+    - DbgPrint
+    - IofCallDriver
+    - _wcsicmp
+    - PsGetProcessPeb
+    - PsLookupProcessByProcessId
+    - ZwQuerySymbolicLinkObject
+    - RtlInitUnicodeString
+    - KeSetEvent
+    - RtlAppendUnicodeToString
+    - IoCreateFile
+    - ZwQuerySystemInformation
+    - ZwOpenSymbolicLinkObject
+    - KeUnstackDetachProcess
+    - ObQueryNameString
+    - wcsrchr
+    - ZwQueryDirectoryFile
+    - _vsnwprintf
+    - RtlAppendUnicodeStringToString
+    - ZwDuplicateObject
+    - IoFreeIrp
+    - ZwOpenProcess
+    - PsGetCurrentProcessId
+    - MmIsAddressValid
+    - ZwTerminateProcess
+    - ExInterlockedPushEntryList
+    - KeStackAttachProcess
+    - KeBugCheckEx
+    - __C_specific_handler
+    Imports:
+    - ntoskrnl.exe
+    InternalName: IObitUnlocker.sys
+    MD5: 2391fb461b061d0e5fccb050d4af7941
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: IObitUnlocker.sys
+    Product: Unlocker
+    ProductVersion: 1.3.0.10
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 35ffa69ed506b3a5d24d6e9c10f88070
+        SHA1: a5d21268d58eebe7c8e0921d0079974d8541ffb7
+        SHA256: 7068185b0f6869fa20b8c64c2e6f2c3bedc161bc4118e602df47da640013cb62
+    SHA1: 7c6cad6a268230f6e08417d278dda4d66bb00d13
+    SHA256: f85cca4badff17d1aa90752153ccec77a68ad282b69e3985fdc4743eaea85004
+    Sections:
+        .text:
+            Entropy: 6.174805563267683
+            Virtual Size: '0x5976'
+        .rdata:
+            Entropy: 4.74536885813998
+            Virtual Size: '0x644'
+        .data:
+            Entropy: 0.8079955727472559
+            Virtual Size: '0x170'
+        .pdata:
+            Entropy: 4.257735635509842
+            Virtual Size: '0x27c'
+        INIT:
+            Entropy: 5.202412460125397
+            Virtual Size: '0x72a'
+        .rsrc:
+            Entropy: 3.2596097351980737
+            Virtual Size: '0x370'
+        .reloc:
+            Entropy: 1.2987909647818572
+            Virtual Size: '0x24'
+    Signature:
+    - IObit CO., LTD
+    - DigiCert EV Code Signing CA
+    - DigiCert
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: ??=CN, ??=Sichuan, ??=Wuhou District, Chengdu, ??=Private Organization,
+                serialNumber=91510107072412418F, C=CN, ST=Sichuan, L=Chengdu, O=IObit
+                CO., LTD, CN=IObit CO., LTD
+            ValidFrom: '2019-08-27 00:00:00'
+            ValidTo: '2022-08-30 12:00:00'
+            Signature: 89d53256ccf4b2e50a8e05d88de9ed33f6adde16e143a6f7f042ec4ed9220c7c4195b543ad1ae9c5ae5421f192140d62b28449c83a0c31759765c127fed77c447072976f2d5e8d44e07dafbbc5a0cea9e8020081c3f8a22a1519e53d8c69ff3ffbd7e090e92593a738b8bd6d583b27e5e797672294147fd1b8492683b1b3f202c3e0c571f9fad02d95f8204e054fa722ac42bf21e54ec1891942ab339f004ab57cb01838539bf5196fc1579e0add7c42206ff5e10bb0934b4a801fab12ed748a6a858af5c9601296ce6ca9b14b46f731a0485f49f142ab65dacb0103daaee13b2269f2c2b2d2bb2b04abe93642ecc988fa536170194acc1c73d48a781d3d5f0e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0d98f5df96c592c5b76bfde1cb823096
+            Version: 3
+            TBS:
+                MD5: d0ba095f2bdb679cea084b4106479484
+                SHA1: 80aba0ecbd2b71c84bc73ac42963bc9ce247a020
+                SHA256: a93f8b7111c3e2288e164e42131e2ad52867060479ade1f6e6b3124cde822cfa
+                SHA384: 8293c567ba382434adab5899693e47e5d6e06c0b9f3c158bf17675d5a1476627db51d00dc9573bf4b89412617e651ba6
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA
+            ValidFrom: '2012-04-18 12:00:00'
+            ValidTo: '2027-04-18 12:00:00'
+            Signature: 9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0dd0e3374ac95bdbfa6b434b2a48ec06
+            Version: 3
+            TBS:
+                MD5: f92649915476229b093c211c2b18e6c4
+                SHA1: 2d54c16a8f8b69ccdea48d0603c132f547a5cf75
+                SHA256: 2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
+                SHA384: 511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace
+        Signer:
+        -   SerialNumber: 0d98f5df96c592c5b76bfde1cb823096
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA
+            Version: 1
+    Imphash: b4627789883457d50964a248104cb4c2
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 979c3d1cb589639a129b4e4cec243e73
+        SHA1: 3a54be5a75468b20ef8e182a7af6e6f314a5d633
+        SHA256: afc1873543735d6299543d91d7c09ee1fa1588ff9f131ba4aedcd32b984c8ec1
+    Company: IObit
+    Copyright: "IObit Copyright \xA9 2005-2013"
+    CreationTimestamp: '2013-09-27 03:41:05'
+    Date: ''
+    Description: IObitUnlocker Driver
+    ExportedFunctions: ''
+    FileVersion: '1.2.0.0 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - ExAllocatePoolWithTag
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - IoDeleteDevice
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - _wcsnicmp
+    - ZwReadFile
+    - IoGetRelatedDeviceObject
+    - MmGetSystemRoutineAddress
+    - KeInitializeEvent
+    - ExInterlockedPopEntryList
+    - KeDelayExecutionThread
+    - IoFileObjectType
+    - ZwWaitForSingleObject
+    - ZwClose
+    - ObReferenceObjectByHandle
+    - KeWaitForSingleObject
+    - RtlCompareUnicodeString
+    - IoAllocateIrp
+    - ObfDereferenceObject
+    - ZwWriteFile
+    - DbgPrint
+    - IofCallDriver
+    - _wcsicmp
+    - PsGetProcessPeb
+    - PsLookupProcessByProcessId
+    - ZwQuerySymbolicLinkObject
+    - RtlInitUnicodeString
+    - KeSetEvent
+    - IoCreateFile
+    - ZwQuerySystemInformation
+    - ZwOpenSymbolicLinkObject
+    - KeUnstackDetachProcess
+    - ObQueryNameString
+    - wcsrchr
+    - ZwQueryDirectoryFile
+    - _vsnwprintf
+    - ZwDuplicateObject
+    - IoFreeIrp
+    - ZwOpenProcess
+    - MmIsAddressValid
+    - ZwTerminateProcess
+    - ZwQueryInformationFile
+    - ExInterlockedPushEntryList
+    - KeStackAttachProcess
+    - KeBugCheckEx
+    - __C_specific_handler
+    Imports:
+    - ntoskrnl.exe
+    InternalName: IObitUnlocker.sys
+    MD5: f58e9309d8251a3010ee022aa5a6e377
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: IObitUnlocker.sys
+    PDBPath: ''
+    Product: IObitUnlocker
+    ProductVersion: 1.2.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: fff3d2887cf0d6b4e4c9e7d3140d1f80
+        SHA1: 885e1b2eba8bd38ea2838313f851ce33455454e4
+        SHA256: 51b62dce85767011acfae48ba8fb023efcf56ff687cc3207762652b9bea36013
+    SHA1: 40cfe5793a25722aaf47388f8059af53e77a4b22
+    SHA256: b6ae324b84a4632cf690dd565954d64b205104fc3fa42181612c3f5b830579c6
+    Sections:
+        .text:
+            Entropy: 6.202075133120773
+            Virtual Size: '0x5186'
+        .rdata:
+            Entropy: 4.769811652238958
+            Virtual Size: '0x594'
+        .data:
+            Entropy: 0.7812641672999111
+            Virtual Size: '0x170'
+        .pdata:
+            Entropy: 4.179297571785238
+            Virtual Size: '0x24c'
+        INIT:
+            Entropy: 5.2106778004138254
+            Virtual Size: '0x64c'
+        .rsrc:
+            Entropy: 3.288590339240593
+            Virtual Size: '0x370'
+        .reloc:
+            Entropy: 1.2987909647818572
+            Virtual Size: '0x24'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=CN, ST=Sichuan, L=Chengdu, O=IObit Information Technology,
+                OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=IObit
+                Information Technology
+            ValidFrom: '2013-01-15 00:00:00'
+            ValidTo: '2016-02-14 23:59:59'
+            Signature: a09ea7ad2e5d67136d3a8d90878294843292af15103d0bca0dfb6091aa98d35d2bbda19f7b67e8c60ec5650d5d9edfaa0f61e744c2f3f3df12d07a68429127e2a7c5e262ab6bac51cb4287cc131aac3e115f7b1a0c57bfd901f5aff0555c981017d7670952c661bb07d1349af20539651e5789c99682a314d8beba080acfd9baa442db7b5df21b250ce44649d6b942c7a76d2d45744d3c24b26cc6433790ee5b0d7b54d6151245e0284177afeae7196f59b13718be94ed54e9ba5c84a330f8f39f277ed2be7424dd45dfb9c758566e7aaf4fd7eb45f9c5b10073379de1dc5af34f78727dfc0473a0c7ff2ccab6dc9c0ddba5a602013010ee789dfcaac21d0fa9
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 11cadaf29da4c3cb113bf1877b120103
+            Version: 3
+            TBS:
+                MD5: 6767e14c32c32562d2ed0feeccf02a40
+                SHA1: 84fdcb3f59b6c50918daea4a7cc3b200d6d5c91e
+                SHA256: 264d50b6b2be1acd6642f3f5f7d938820937ecae24a93891c6b45366f3b8d152
+                SHA384: 3b54ba34d3580c8f058565de007864534c2b3ce448d24aea78a5c6ad5186f8664082944db974bcf608dc4b4b7c17aec9
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 11cadaf29da4c3cb113bf1877b120103
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 0627ee7f7d86e0c552a7bc8ee31a1b18
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 979c3d1cb589639a129b4e4cec243e73
+        SHA1: 3a54be5a75468b20ef8e182a7af6e6f314a5d633
+        SHA256: afc1873543735d6299543d91d7c09ee1fa1588ff9f131ba4aedcd32b984c8ec1
+    Company: IObit
+    Copyright: "IObit Copyright \xA9 2005-2013"
+    CreationTimestamp: '2013-09-27 03:41:05'
+    Date: ''
+    Description: IObitUnlocker Driver
+    ExportedFunctions: ''
+    FileVersion: '1.2.0.0 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - ExAllocatePoolWithTag
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - IoDeleteDevice
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - _wcsnicmp
+    - ZwReadFile
+    - IoGetRelatedDeviceObject
+    - MmGetSystemRoutineAddress
+    - KeInitializeEvent
+    - ExInterlockedPopEntryList
+    - KeDelayExecutionThread
+    - IoFileObjectType
+    - ZwWaitForSingleObject
+    - ZwClose
+    - ObReferenceObjectByHandle
+    - KeWaitForSingleObject
+    - RtlCompareUnicodeString
+    - IoAllocateIrp
+    - ObfDereferenceObject
+    - ZwWriteFile
+    - DbgPrint
+    - IofCallDriver
+    - _wcsicmp
+    - PsGetProcessPeb
+    - PsLookupProcessByProcessId
+    - ZwQuerySymbolicLinkObject
+    - RtlInitUnicodeString
+    - KeSetEvent
+    - IoCreateFile
+    - ZwQuerySystemInformation
+    - ZwOpenSymbolicLinkObject
+    - KeUnstackDetachProcess
+    - ObQueryNameString
+    - wcsrchr
+    - ZwQueryDirectoryFile
+    - _vsnwprintf
+    - ZwDuplicateObject
+    - IoFreeIrp
+    - ZwOpenProcess
+    - MmIsAddressValid
+    - ZwTerminateProcess
+    - ZwQueryInformationFile
+    - ExInterlockedPushEntryList
+    - KeStackAttachProcess
+    - KeBugCheckEx
+    - __C_specific_handler
+    Imports:
+    - ntoskrnl.exe
+    InternalName: IObitUnlocker.sys
+    MD5: 3a3d54e49cae4b51f5231d3ae6724fcd
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: IObitUnlocker.sys
+    PDBPath: ''
+    Product: IObitUnlocker
+    ProductVersion: 1.2.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: fff3d2887cf0d6b4e4c9e7d3140d1f80
+        SHA1: 885e1b2eba8bd38ea2838313f851ce33455454e4
+        SHA256: 51b62dce85767011acfae48ba8fb023efcf56ff687cc3207762652b9bea36013
+    SHA1: 8d404be8d892e5a073eca1d872a5023014dd0b73
+    SHA256: d3e95b8d8cbb0c4c3bb78d929408b37fd3b8f305b6234f7f03954465d52454eb
+    Sections:
+        .text:
+            Entropy: 6.202075133120773
+            Virtual Size: '0x5186'
+        .rdata:
+            Entropy: 4.769811652238958
+            Virtual Size: '0x594'
+        .data:
+            Entropy: 0.7812641672999111
+            Virtual Size: '0x170'
+        .pdata:
+            Entropy: 4.179297571785238
+            Virtual Size: '0x24c'
+        INIT:
+            Entropy: 5.2106778004138254
+            Virtual Size: '0x64c'
+        .rsrc:
+            Entropy: 3.288590339240593
+            Virtual Size: '0x370'
+        .reloc:
+            Entropy: 1.2987909647818572
+            Virtual Size: '0x24'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=CN, ST=Sichuan, L=Chengdu, O=IObit Information Technology,
+                OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=IObit
+                Information Technology
+            ValidFrom: '2013-01-15 00:00:00'
+            ValidTo: '2016-02-14 23:59:59'
+            Signature: a09ea7ad2e5d67136d3a8d90878294843292af15103d0bca0dfb6091aa98d35d2bbda19f7b67e8c60ec5650d5d9edfaa0f61e744c2f3f3df12d07a68429127e2a7c5e262ab6bac51cb4287cc131aac3e115f7b1a0c57bfd901f5aff0555c981017d7670952c661bb07d1349af20539651e5789c99682a314d8beba080acfd9baa442db7b5df21b250ce44649d6b942c7a76d2d45744d3c24b26cc6433790ee5b0d7b54d6151245e0284177afeae7196f59b13718be94ed54e9ba5c84a330f8f39f277ed2be7424dd45dfb9c758566e7aaf4fd7eb45f9c5b10073379de1dc5af34f78727dfc0473a0c7ff2ccab6dc9c0ddba5a602013010ee789dfcaac21d0fa9
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 11cadaf29da4c3cb113bf1877b120103
+            Version: 3
+            TBS:
+                MD5: 6767e14c32c32562d2ed0feeccf02a40
+                SHA1: 84fdcb3f59b6c50918daea4a7cc3b200d6d5c91e
+                SHA256: 264d50b6b2be1acd6642f3f5f7d938820937ecae24a93891c6b45366f3b8d152
+                SHA384: 3b54ba34d3580c8f058565de007864534c2b3ce448d24aea78a5c6ad5186f8664082944db974bcf608dc4b4b7c17aec9
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 11cadaf29da4c3cb113bf1877b120103
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 0627ee7f7d86e0c552a7bc8ee31a1b18
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 979c3d1cb589639a129b4e4cec243e73
+        SHA1: 3a54be5a75468b20ef8e182a7af6e6f314a5d633
+        SHA256: afc1873543735d6299543d91d7c09ee1fa1588ff9f131ba4aedcd32b984c8ec1
+    Company: IObit
+    Copyright: "IObit Copyright \xA9 2005-2013"
+    CreationTimestamp: '2013-09-27 03:41:05'
+    Date: ''
+    Description: IObitUnlocker Driver
+    ExportedFunctions: ''
+    FileVersion: '1.2.0.0 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - ExAllocatePoolWithTag
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - IoDeleteDevice
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - _wcsnicmp
+    - ZwReadFile
+    - IoGetRelatedDeviceObject
+    - MmGetSystemRoutineAddress
+    - KeInitializeEvent
+    - ExInterlockedPopEntryList
+    - KeDelayExecutionThread
+    - IoFileObjectType
+    - ZwWaitForSingleObject
+    - ZwClose
+    - ObReferenceObjectByHandle
+    - KeWaitForSingleObject
+    - RtlCompareUnicodeString
+    - IoAllocateIrp
+    - ObfDereferenceObject
+    - ZwWriteFile
+    - DbgPrint
+    - IofCallDriver
+    - _wcsicmp
+    - PsGetProcessPeb
+    - PsLookupProcessByProcessId
+    - ZwQuerySymbolicLinkObject
+    - RtlInitUnicodeString
+    - KeSetEvent
+    - IoCreateFile
+    - ZwQuerySystemInformation
+    - ZwOpenSymbolicLinkObject
+    - KeUnstackDetachProcess
+    - ObQueryNameString
+    - wcsrchr
+    - ZwQueryDirectoryFile
+    - _vsnwprintf
+    - ZwDuplicateObject
+    - IoFreeIrp
+    - ZwOpenProcess
+    - MmIsAddressValid
+    - ZwTerminateProcess
+    - ZwQueryInformationFile
+    - ExInterlockedPushEntryList
+    - KeStackAttachProcess
+    - KeBugCheckEx
+    - __C_specific_handler
+    Imports:
+    - ntoskrnl.exe
+    InternalName: IObitUnlocker.sys
+    MD5: 57fdf2cc39a2865dd67dcf762d2c0b7f
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: IObitUnlocker.sys
+    PDBPath: ''
+    Product: IObitUnlocker
+    ProductVersion: 1.2.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: fff3d2887cf0d6b4e4c9e7d3140d1f80
+        SHA1: 885e1b2eba8bd38ea2838313f851ce33455454e4
+        SHA256: 51b62dce85767011acfae48ba8fb023efcf56ff687cc3207762652b9bea36013
+    SHA1: 8628a983d81e5df59187d3272b509a5a8e12137a
+    SHA256: 5ea5f339b2e40dea57378626790ca7e9a82777aacdada5bc61ebb7d82043fa07
+    Sections:
+        .text:
+            Entropy: 6.202075133120773
+            Virtual Size: '0x5186'
+        .rdata:
+            Entropy: 4.769811652238958
+            Virtual Size: '0x594'
+        .data:
+            Entropy: 0.7812641672999111
+            Virtual Size: '0x170'
+        .pdata:
+            Entropy: 4.179297571785238
+            Virtual Size: '0x24c'
+        INIT:
+            Entropy: 5.2106778004138254
+            Virtual Size: '0x64c'
+        .rsrc:
+            Entropy: 3.288590339240593
+            Virtual Size: '0x370'
+        .reloc:
+            Entropy: 1.2987909647818572
+            Virtual Size: '0x24'
+    Signature: ''
+    Signatures: {}
+    Imphash: 0627ee7f7d86e0c552a7bc8ee31a1b18
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 910e58c2580f8eb3efacae948c39e947
+        SHA1: f96bc840dde4d24fcd3f2f4712fdb8143aeedf99
+        SHA256: 198a4dc1c4bd7eff31ff4d1952a592170b25bfb5fedcd9d5d4c4fd3707337e42
+    Company: IObit
+    Copyright: "IObit Copyright \xA9 2005-2013"
+    CreationTimestamp: '2013-09-27 03:40:56'
+    Date: ''
+    Description: IObitUnlocker Driver
+    ExportedFunctions: ''
+    FileVersion: '1.2.0.0 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - ExAllocatePoolWithTag
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - MmGetSystemRoutineAddress
+    - ExfInterlockedPopEntryList
+    - DbgPrint
+    - KeWaitForSingleObject
+    - IofCallDriver
+    - KeGetCurrentThread
+    - KeInitializeEvent
+    - IoAllocateIrp
+    - ZwClose
+    - ObfDereferenceObject
+    - IoGetRelatedDeviceObject
+    - ObReferenceObjectByHandle
+    - IoFileObjectType
+    - memcpy
+    - ZwWriteFile
+    - ZwReadFile
+    - ZwWaitForSingleObject
+    - memset
+    - RtlCompareUnicodeString
+    - KeDelayExecutionThread
+    - _wcsnicmp
+    - ExFreePoolWithTag
+    - IoCreateFile
+    - ZwQueryDirectoryFile
+    - IoFreeIrp
+    - KeSetEvent
+    - ZwOpenProcess
+    - ZwTerminateProcess
+    - _wcsicmp
+    - wcsrchr
+    - ZwDuplicateObject
+    - ExfInterlockedPushEntryList
+    - KeUnstackDetachProcess
+    - MmIsAddressValid
+    - PsGetProcessPeb
+    - KeStackAttachProcess
+    - PsLookupProcessByProcessId
+    - ZwQuerySystemInformation
+    - ZwQuerySymbolicLinkObject
+    - ZwOpenSymbolicLinkObject
+    - RtlInitUnicodeString
+    - ZwQueryInformationFile
+    - ObQueryNameString
+    - KeTickCount
+    - KeBugCheckEx
+    - RtlUnwind
+    - IofCompleteRequest
+    - IoDeleteSymbolicLink
+    - _vsnwprintf
+    - IoDeleteDevice
+    - KeGetCurrentIrql
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: IObitUnlocker.sys
+    MD5: 98eaed36ba245047410a19c191cd1a69
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: IObitUnlocker.sys
+    PDBPath: ''
+    Product: IObitUnlocker
+    ProductVersion: 1.2.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 5ed41271591cfd1188e26860c867cd71
+        SHA1: 5659e97f0a3d6b4b5cc6db7922ce3b1a5d2a2d62
+        SHA256: 96f9617c2e249fd97c13b33fc62066abc19a3dfc63913f8b7f680423c7d80e63
+    SHA1: e1aa2dcd6702f26c14805bb117acfb4a99b9d673
+    SHA256: 969f73a1da331e43777a3c1f08ec0734e7cf8c8136e5d469cbad8035fbfe3b47
+    Sections:
+        .text:
+            Entropy: 6.315433318536223
+            Virtual Size: '0x3d80'
+        .rdata:
+            Entropy: 4.189271224540514
+            Virtual Size: '0x28c'
+        .data:
+            Entropy: 1.5279258901075148
+            Virtual Size: '0x8c'
+        INIT:
+            Entropy: 5.418516536382236
+            Virtual Size: '0x5c2'
+        .rsrc:
+            Entropy: 3.287732512533589
+            Virtual Size: '0x370'
+        .reloc:
+            Entropy: 5.472046791762154
+            Virtual Size: '0x3f6'
+    Signature: ''
+    Signatures: {}
+    Imphash: df732a700824119a3aa46e52712d50e1
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 910e58c2580f8eb3efacae948c39e947
+        SHA1: f96bc840dde4d24fcd3f2f4712fdb8143aeedf99
+        SHA256: 198a4dc1c4bd7eff31ff4d1952a592170b25bfb5fedcd9d5d4c4fd3707337e42
+    Company: IObit
+    Copyright: "IObit Copyright \xA9 2005-2013"
+    CreationTimestamp: '2013-09-27 03:40:56'
+    Date: ''
+    Description: IObitUnlocker Driver
+    ExportedFunctions: ''
+    FileVersion: '1.2.0.0 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - ExAllocatePoolWithTag
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - MmGetSystemRoutineAddress
+    - ExfInterlockedPopEntryList
+    - DbgPrint
+    - KeWaitForSingleObject
+    - IofCallDriver
+    - KeGetCurrentThread
+    - KeInitializeEvent
+    - IoAllocateIrp
+    - ZwClose
+    - ObfDereferenceObject
+    - IoGetRelatedDeviceObject
+    - ObReferenceObjectByHandle
+    - IoFileObjectType
+    - memcpy
+    - ZwWriteFile
+    - ZwReadFile
+    - ZwWaitForSingleObject
+    - memset
+    - RtlCompareUnicodeString
+    - KeDelayExecutionThread
+    - _wcsnicmp
+    - ExFreePoolWithTag
+    - IoCreateFile
+    - ZwQueryDirectoryFile
+    - IoFreeIrp
+    - KeSetEvent
+    - ZwOpenProcess
+    - ZwTerminateProcess
+    - _wcsicmp
+    - wcsrchr
+    - ZwDuplicateObject
+    - ExfInterlockedPushEntryList
+    - KeUnstackDetachProcess
+    - MmIsAddressValid
+    - PsGetProcessPeb
+    - KeStackAttachProcess
+    - PsLookupProcessByProcessId
+    - ZwQuerySystemInformation
+    - ZwQuerySymbolicLinkObject
+    - ZwOpenSymbolicLinkObject
+    - RtlInitUnicodeString
+    - ZwQueryInformationFile
+    - ObQueryNameString
+    - KeTickCount
+    - KeBugCheckEx
+    - RtlUnwind
+    - IofCompleteRequest
+    - IoDeleteSymbolicLink
+    - _vsnwprintf
+    - IoDeleteDevice
+    - KeGetCurrentIrql
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: IObitUnlocker.sys
+    MD5: 3a41edc1dda049a1b8aa411f728831e0
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: IObitUnlocker.sys
+    PDBPath: ''
+    Product: IObitUnlocker
+    ProductVersion: 1.2.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 5ed41271591cfd1188e26860c867cd71
+        SHA1: 5659e97f0a3d6b4b5cc6db7922ce3b1a5d2a2d62
+        SHA256: 96f9617c2e249fd97c13b33fc62066abc19a3dfc63913f8b7f680423c7d80e63
+    SHA1: abc5bbd11f26232bab2a68ecbff3cbb05f59701b
+    SHA256: 507724d96a54f3e45c16a065bf38ae82a9b80d07096a461068a701cae0c1cf29
+    Sections:
+        .text:
+            Entropy: 6.315433318536223
+            Virtual Size: '0x3d80'
+        .rdata:
+            Entropy: 4.189271224540514
+            Virtual Size: '0x28c'
+        .data:
+            Entropy: 1.5279258901075148
+            Virtual Size: '0x8c'
+        INIT:
+            Entropy: 5.418516536382236
+            Virtual Size: '0x5c2'
+        .rsrc:
+            Entropy: 3.287732512533589
+            Virtual Size: '0x370'
+        .reloc:
+            Entropy: 5.472046791762154
+            Virtual Size: '0x3f6'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=CN, ST=Sichuan, L=Chengdu, O=IObit Information Technology,
+                OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=IObit
+                Information Technology
+            ValidFrom: '2013-01-15 00:00:00'
+            ValidTo: '2016-02-14 23:59:59'
+            Signature: a09ea7ad2e5d67136d3a8d90878294843292af15103d0bca0dfb6091aa98d35d2bbda19f7b67e8c60ec5650d5d9edfaa0f61e744c2f3f3df12d07a68429127e2a7c5e262ab6bac51cb4287cc131aac3e115f7b1a0c57bfd901f5aff0555c981017d7670952c661bb07d1349af20539651e5789c99682a314d8beba080acfd9baa442db7b5df21b250ce44649d6b942c7a76d2d45744d3c24b26cc6433790ee5b0d7b54d6151245e0284177afeae7196f59b13718be94ed54e9ba5c84a330f8f39f277ed2be7424dd45dfb9c758566e7aaf4fd7eb45f9c5b10073379de1dc5af34f78727dfc0473a0c7ff2ccab6dc9c0ddba5a602013010ee789dfcaac21d0fa9
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 11cadaf29da4c3cb113bf1877b120103
+            Version: 3
+            TBS:
+                MD5: 6767e14c32c32562d2ed0feeccf02a40
+                SHA1: 84fdcb3f59b6c50918daea4a7cc3b200d6d5c91e
+                SHA256: 264d50b6b2be1acd6642f3f5f7d938820937ecae24a93891c6b45366f3b8d152
+                SHA384: 3b54ba34d3580c8f058565de007864534c2b3ce448d24aea78a5c6ad5186f8664082944db974bcf608dc4b4b7c17aec9
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 11cadaf29da4c3cb113bf1877b120103
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: df732a700824119a3aa46e52712d50e1
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: d865b8b11ee0f2ddc9095e3249015abf
+        SHA1: 0aa57861ba15db6dc026c87f503fbe9635a29629
+        SHA256: 14e6f0d5f93dc52471af549de1c91c1fc1d9dbd175d5932c17e58e6b186694c9
+    Company: IObit
+    Copyright: "IObit Copyright \xA9 2005-2013"
+    CreationTimestamp: '2013-09-27 03:40:47'
+    Date: ''
+    Description: IObitUnlocker Driver
+    ExportedFunctions: ''
+    FileVersion: '1.2.0.0 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - IoCreateDevice
+    - MmGetSystemRoutineAddress
+    - ExfInterlockedPopEntryList
+    - DbgPrint
+    - KeWaitForSingleObject
+    - IofCallDriver
+    - KeGetCurrentThread
+    - KeInitializeEvent
+    - IoAllocateIrp
+    - ZwClose
+    - ObfDereferenceObject
+    - IoGetRelatedDeviceObject
+    - ObReferenceObjectByHandle
+    - IoFileObjectType
+    - memcpy
+    - ZwWriteFile
+    - ZwReadFile
+    - ZwWaitForSingleObject
+    - memset
+    - RtlCompareUnicodeString
+    - KeDelayExecutionThread
+    - _wcsnicmp
+    - IoCreateSymbolicLink
+    - IoCreateFile
+    - ZwQueryDirectoryFile
+    - IoFreeIrp
+    - KeSetEvent
+    - ZwOpenProcess
+    - ZwTerminateProcess
+    - _wcsicmp
+    - wcsrchr
+    - ZwDuplicateObject
+    - ExfInterlockedPushEntryList
+    - KeUnstackDetachProcess
+    - MmIsAddressValid
+    - PsGetProcessPeb
+    - KeStackAttachProcess
+    - PsLookupProcessByProcessId
+    - ZwQuerySystemInformation
+    - ZwQuerySymbolicLinkObject
+    - ZwOpenSymbolicLinkObject
+    - RtlInitUnicodeString
+    - ZwQueryInformationFile
+    - ObQueryNameString
+    - KeTickCount
+    - KeBugCheckEx
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - IofCompleteRequest
+    - IoDeleteSymbolicLink
+    - _vsnwprintf
+    - IoDeleteDevice
+    - KeGetCurrentIrql
+    - RtlUnwind
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    - NTOSKRNL.EXE
+    InternalName: IObitUnlocker.sys
+    MD5: 848690ca707b4850c967e3217f285fcc
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: IObitUnlocker.sys
+    PDBPath: ''
+    Product: IObitUnlocker
+    ProductVersion: 1.2.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 45e8197e8972ce1575cb59ba47bbca6b
+        SHA1: 1c05376b51b700befeedb5e91c2b046898e5e955
+        SHA256: 613e1f251c62380c70363a484341431d05279fd28749c36173025f0a7108e138
+    SHA1: 9e8c4fea1f2bc9fce1e08a6e0a448e567b504f66
+    SHA256: b0dd55b4dc7e561dfe413b029673674e2a5381f5f4daede03ddf3484310a6e11
+    Sections:
+        .text:
+            Entropy: 6.352640579869565
+            Virtual Size: '0x3d9c'
+        .rdata:
+            Entropy: 4.184352632111533
+            Virtual Size: '0x29c'
+        .data:
+            Entropy: 1.5672229185382367
+            Virtual Size: '0x8c'
+        INIT:
+            Entropy: 5.4156598647971395
+            Virtual Size: '0x5e8'
+        .rsrc:
+            Entropy: 3.287732512533589
+            Virtual Size: '0x370'
+        .reloc:
+            Entropy: 5.526376244216933
+            Virtual Size: '0x3d6'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=CN, ST=Sichuan, L=Chengdu, O=IObit Information Technology,
+                OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=IObit
+                Information Technology
+            ValidFrom: '2013-01-15 00:00:00'
+            ValidTo: '2016-02-14 23:59:59'
+            Signature: a09ea7ad2e5d67136d3a8d90878294843292af15103d0bca0dfb6091aa98d35d2bbda19f7b67e8c60ec5650d5d9edfaa0f61e744c2f3f3df12d07a68429127e2a7c5e262ab6bac51cb4287cc131aac3e115f7b1a0c57bfd901f5aff0555c981017d7670952c661bb07d1349af20539651e5789c99682a314d8beba080acfd9baa442db7b5df21b250ce44649d6b942c7a76d2d45744d3c24b26cc6433790ee5b0d7b54d6151245e0284177afeae7196f59b13718be94ed54e9ba5c84a330f8f39f277ed2be7424dd45dfb9c758566e7aaf4fd7eb45f9c5b10073379de1dc5af34f78727dfc0473a0c7ff2ccab6dc9c0ddba5a602013010ee789dfcaac21d0fa9
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 11cadaf29da4c3cb113bf1877b120103
+            Version: 3
+            TBS:
+                MD5: 6767e14c32c32562d2ed0feeccf02a40
+                SHA1: 84fdcb3f59b6c50918daea4a7cc3b200d6d5c91e
+                SHA256: 264d50b6b2be1acd6642f3f5f7d938820937ecae24a93891c6b45366f3b8d152
+                SHA384: 3b54ba34d3580c8f058565de007864534c2b3ce448d24aea78a5c6ad5186f8664082944db974bcf608dc4b4b7c17aec9
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 11cadaf29da4c3cb113bf1877b120103
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 51957e796400bc7de3cfa02db5a95bce
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 979c3d1cb589639a129b4e4cec243e73
+        SHA1: 3a54be5a75468b20ef8e182a7af6e6f314a5d633
+        SHA256: afc1873543735d6299543d91d7c09ee1fa1588ff9f131ba4aedcd32b984c8ec1
+    Company: IObit
+    Copyright: "IObit Copyright \xA9 2005-2013"
+    CreationTimestamp: '2013-09-27 03:41:05'
+    Date: ''
+    Description: IObitUnlocker Driver
+    ExportedFunctions: ''
+    FileVersion: '1.2.0.0 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - ExAllocatePoolWithTag
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - IoDeleteDevice
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - _wcsnicmp
+    - ZwReadFile
+    - IoGetRelatedDeviceObject
+    - MmGetSystemRoutineAddress
+    - KeInitializeEvent
+    - ExInterlockedPopEntryList
+    - KeDelayExecutionThread
+    - IoFileObjectType
+    - ZwWaitForSingleObject
+    - ZwClose
+    - ObReferenceObjectByHandle
+    - KeWaitForSingleObject
+    - RtlCompareUnicodeString
+    - IoAllocateIrp
+    - ObfDereferenceObject
+    - ZwWriteFile
+    - DbgPrint
+    - IofCallDriver
+    - _wcsicmp
+    - PsGetProcessPeb
+    - PsLookupProcessByProcessId
+    - ZwQuerySymbolicLinkObject
+    - RtlInitUnicodeString
+    - KeSetEvent
+    - IoCreateFile
+    - ZwQuerySystemInformation
+    - ZwOpenSymbolicLinkObject
+    - KeUnstackDetachProcess
+    - ObQueryNameString
+    - wcsrchr
+    - ZwQueryDirectoryFile
+    - _vsnwprintf
+    - ZwDuplicateObject
+    - IoFreeIrp
+    - ZwOpenProcess
+    - MmIsAddressValid
+    - ZwTerminateProcess
+    - ZwQueryInformationFile
+    - ExInterlockedPushEntryList
+    - KeStackAttachProcess
+    - KeBugCheckEx
+    - __C_specific_handler
+    Imports:
+    - ntoskrnl.exe
+    InternalName: IObitUnlocker.sys
+    MD5: a8dd685a6afb748c9f487a139c9c367b
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: IObitUnlocker.sys
+    PDBPath: ''
+    Product: IObitUnlocker
+    ProductVersion: 1.2.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: fff3d2887cf0d6b4e4c9e7d3140d1f80
+        SHA1: 885e1b2eba8bd38ea2838313f851ce33455454e4
+        SHA256: 51b62dce85767011acfae48ba8fb023efcf56ff687cc3207762652b9bea36013
+    SHA1: d032ad51c9d12e08709e7b31ea705585a52cbf23
+    SHA256: a92d2736c8cd99195a1ef4d0d9a3412bee481acf585944e3b5946b465361a3e7
+    Sections:
+        .text:
+            Entropy: 6.202075133120773
+            Virtual Size: '0x5186'
+        .rdata:
+            Entropy: 4.769811652238958
+            Virtual Size: '0x594'
+        .data:
+            Entropy: 0.7812641672999111
+            Virtual Size: '0x170'
+        .pdata:
+            Entropy: 4.179297571785238
+            Virtual Size: '0x24c'
+        INIT:
+            Entropy: 5.2106778004138254
+            Virtual Size: '0x64c'
+        .rsrc:
+            Entropy: 3.288590339240593
+            Virtual Size: '0x370'
+        .reloc:
+            Entropy: 1.2987909647818572
+            Virtual Size: '0x24'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=CN, ST=Sichuan, L=Chengdu, O=IObit Information Technology,
+                OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=IObit
+                Information Technology
+            ValidFrom: '2013-01-15 00:00:00'
+            ValidTo: '2016-02-14 23:59:59'
+            Signature: a09ea7ad2e5d67136d3a8d90878294843292af15103d0bca0dfb6091aa98d35d2bbda19f7b67e8c60ec5650d5d9edfaa0f61e744c2f3f3df12d07a68429127e2a7c5e262ab6bac51cb4287cc131aac3e115f7b1a0c57bfd901f5aff0555c981017d7670952c661bb07d1349af20539651e5789c99682a314d8beba080acfd9baa442db7b5df21b250ce44649d6b942c7a76d2d45744d3c24b26cc6433790ee5b0d7b54d6151245e0284177afeae7196f59b13718be94ed54e9ba5c84a330f8f39f277ed2be7424dd45dfb9c758566e7aaf4fd7eb45f9c5b10073379de1dc5af34f78727dfc0473a0c7ff2ccab6dc9c0ddba5a602013010ee789dfcaac21d0fa9
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 11cadaf29da4c3cb113bf1877b120103
+            Version: 3
+            TBS:
+                MD5: 6767e14c32c32562d2ed0feeccf02a40
+                SHA1: 84fdcb3f59b6c50918daea4a7cc3b200d6d5c91e
+                SHA256: 264d50b6b2be1acd6642f3f5f7d938820937ecae24a93891c6b45366f3b8d152
+                SHA384: 3b54ba34d3580c8f058565de007864534c2b3ce448d24aea78a5c6ad5186f8664082944db974bcf608dc4b4b7c17aec9
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 11cadaf29da4c3cb113bf1877b120103
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 0627ee7f7d86e0c552a7bc8ee31a1b18
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: d865b8b11ee0f2ddc9095e3249015abf
+        SHA1: 0aa57861ba15db6dc026c87f503fbe9635a29629
+        SHA256: 14e6f0d5f93dc52471af549de1c91c1fc1d9dbd175d5932c17e58e6b186694c9
+    Company: IObit
+    Copyright: "IObit Copyright \xA9 2005-2013"
+    CreationTimestamp: '2013-09-27 03:40:47'
+    Date: ''
+    Description: IObitUnlocker Driver
+    ExportedFunctions: ''
+    FileVersion: '1.2.0.0 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - IoCreateDevice
+    - MmGetSystemRoutineAddress
+    - ExfInterlockedPopEntryList
+    - DbgPrint
+    - KeWaitForSingleObject
+    - IofCallDriver
+    - KeGetCurrentThread
+    - KeInitializeEvent
+    - IoAllocateIrp
+    - ZwClose
+    - ObfDereferenceObject
+    - IoGetRelatedDeviceObject
+    - ObReferenceObjectByHandle
+    - IoFileObjectType
+    - memcpy
+    - ZwWriteFile
+    - ZwReadFile
+    - ZwWaitForSingleObject
+    - memset
+    - RtlCompareUnicodeString
+    - KeDelayExecutionThread
+    - _wcsnicmp
+    - IoCreateSymbolicLink
+    - IoCreateFile
+    - ZwQueryDirectoryFile
+    - IoFreeIrp
+    - KeSetEvent
+    - ZwOpenProcess
+    - ZwTerminateProcess
+    - _wcsicmp
+    - wcsrchr
+    - ZwDuplicateObject
+    - ExfInterlockedPushEntryList
+    - KeUnstackDetachProcess
+    - MmIsAddressValid
+    - PsGetProcessPeb
+    - KeStackAttachProcess
+    - PsLookupProcessByProcessId
+    - ZwQuerySystemInformation
+    - ZwQuerySymbolicLinkObject
+    - ZwOpenSymbolicLinkObject
+    - RtlInitUnicodeString
+    - ZwQueryInformationFile
+    - ObQueryNameString
+    - KeTickCount
+    - KeBugCheckEx
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - IofCompleteRequest
+    - IoDeleteSymbolicLink
+    - _vsnwprintf
+    - IoDeleteDevice
+    - KeGetCurrentIrql
+    - RtlUnwind
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    - NTOSKRNL.EXE
+    InternalName: IObitUnlocker.sys
+    MD5: 501945a3f0055033edc64be09717eef2
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: IObitUnlocker.sys
+    PDBPath: ''
+    Product: IObitUnlocker
+    ProductVersion: 1.2.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 45e8197e8972ce1575cb59ba47bbca6b
+        SHA1: 1c05376b51b700befeedb5e91c2b046898e5e955
+        SHA256: 613e1f251c62380c70363a484341431d05279fd28749c36173025f0a7108e138
+    SHA1: 373d015e5faa183edc164821f68f6bf172f8b364
+    SHA256: a38c26c0754f6c9389ea43dd0149db26b95742c1b37468fcf0d8ced66da1dcb9
+    Sections:
+        .text:
+            Entropy: 6.352640579869565
+            Virtual Size: '0x3d9c'
+        .rdata:
+            Entropy: 4.184352632111533
+            Virtual Size: '0x29c'
+        .data:
+            Entropy: 1.5672229185382367
+            Virtual Size: '0x8c'
+        INIT:
+            Entropy: 5.4156598647971395
+            Virtual Size: '0x5e8'
+        .rsrc:
+            Entropy: 3.287732512533589
+            Virtual Size: '0x370'
+        .reloc:
+            Entropy: 5.526376244216933
+            Virtual Size: '0x3d6'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=CN, ST=Sichuan, L=Chengdu, O=IObit Information Technology,
+                OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=IObit
+                Information Technology
+            ValidFrom: '2013-01-15 00:00:00'
+            ValidTo: '2016-02-14 23:59:59'
+            Signature: a09ea7ad2e5d67136d3a8d90878294843292af15103d0bca0dfb6091aa98d35d2bbda19f7b67e8c60ec5650d5d9edfaa0f61e744c2f3f3df12d07a68429127e2a7c5e262ab6bac51cb4287cc131aac3e115f7b1a0c57bfd901f5aff0555c981017d7670952c661bb07d1349af20539651e5789c99682a314d8beba080acfd9baa442db7b5df21b250ce44649d6b942c7a76d2d45744d3c24b26cc6433790ee5b0d7b54d6151245e0284177afeae7196f59b13718be94ed54e9ba5c84a330f8f39f277ed2be7424dd45dfb9c758566e7aaf4fd7eb45f9c5b10073379de1dc5af34f78727dfc0473a0c7ff2ccab6dc9c0ddba5a602013010ee789dfcaac21d0fa9
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 11cadaf29da4c3cb113bf1877b120103
+            Version: 3
+            TBS:
+                MD5: 6767e14c32c32562d2ed0feeccf02a40
+                SHA1: 84fdcb3f59b6c50918daea4a7cc3b200d6d5c91e
+                SHA256: 264d50b6b2be1acd6642f3f5f7d938820937ecae24a93891c6b45366f3b8d152
+                SHA384: 3b54ba34d3580c8f058565de007864534c2b3ce448d24aea78a5c6ad5186f8664082944db974bcf608dc4b4b7c17aec9
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 11cadaf29da4c3cb113bf1877b120103
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 51957e796400bc7de3cfa02db5a95bce
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: d865b8b11ee0f2ddc9095e3249015abf
+        SHA1: 0aa57861ba15db6dc026c87f503fbe9635a29629
+        SHA256: 14e6f0d5f93dc52471af549de1c91c1fc1d9dbd175d5932c17e58e6b186694c9
+    Company: IObit
+    Copyright: "IObit Copyright \xA9 2005-2013"
+    CreationTimestamp: '2013-09-27 03:40:47'
+    Date: ''
+    Description: IObitUnlocker Driver
+    ExportedFunctions: ''
+    FileVersion: '1.2.0.0 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - IoCreateDevice
+    - MmGetSystemRoutineAddress
+    - ExfInterlockedPopEntryList
+    - DbgPrint
+    - KeWaitForSingleObject
+    - IofCallDriver
+    - KeGetCurrentThread
+    - KeInitializeEvent
+    - IoAllocateIrp
+    - ZwClose
+    - ObfDereferenceObject
+    - IoGetRelatedDeviceObject
+    - ObReferenceObjectByHandle
+    - IoFileObjectType
+    - memcpy
+    - ZwWriteFile
+    - ZwReadFile
+    - ZwWaitForSingleObject
+    - memset
+    - RtlCompareUnicodeString
+    - KeDelayExecutionThread
+    - _wcsnicmp
+    - IoCreateSymbolicLink
+    - IoCreateFile
+    - ZwQueryDirectoryFile
+    - IoFreeIrp
+    - KeSetEvent
+    - ZwOpenProcess
+    - ZwTerminateProcess
+    - _wcsicmp
+    - wcsrchr
+    - ZwDuplicateObject
+    - ExfInterlockedPushEntryList
+    - KeUnstackDetachProcess
+    - MmIsAddressValid
+    - PsGetProcessPeb
+    - KeStackAttachProcess
+    - PsLookupProcessByProcessId
+    - ZwQuerySystemInformation
+    - ZwQuerySymbolicLinkObject
+    - ZwOpenSymbolicLinkObject
+    - RtlInitUnicodeString
+    - ZwQueryInformationFile
+    - ObQueryNameString
+    - KeTickCount
+    - KeBugCheckEx
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - IofCompleteRequest
+    - IoDeleteSymbolicLink
+    - _vsnwprintf
+    - IoDeleteDevice
+    - KeGetCurrentIrql
+    - RtlUnwind
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    - NTOSKRNL.EXE
+    InternalName: IObitUnlocker.sys
+    MD5: 5cc5fc8ce149dca1d05fb47c0aec9497
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: IObitUnlocker.sys
+    PDBPath: ''
+    Product: IObitUnlocker
+    ProductVersion: 1.2.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 45e8197e8972ce1575cb59ba47bbca6b
+        SHA1: 1c05376b51b700befeedb5e91c2b046898e5e955
+        SHA256: 613e1f251c62380c70363a484341431d05279fd28749c36173025f0a7108e138
+    SHA1: 14488a51c38e647c2347928f675a167acec8fbd6
+    SHA256: faa9aa7118ecf9bb6594281f6b582f1ced0cc62d5db09a2fbf9b7ce70c532285
+    Sections:
+        .text:
+            Entropy: 6.352640579869565
+            Virtual Size: '0x3d9c'
+        .rdata:
+            Entropy: 4.184352632111533
+            Virtual Size: '0x29c'
+        .data:
+            Entropy: 1.5672229185382367
+            Virtual Size: '0x8c'
+        INIT:
+            Entropy: 5.4156598647971395
+            Virtual Size: '0x5e8'
+        .rsrc:
+            Entropy: 3.287732512533589
+            Virtual Size: '0x370'
+        .reloc:
+            Entropy: 5.526376244216933
+            Virtual Size: '0x3d6'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=CN, ST=Sichuan, L=Chengdu, O=IObit Information Technology,
+                OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=IObit
+                Information Technology
+            ValidFrom: '2013-01-15 00:00:00'
+            ValidTo: '2016-02-14 23:59:59'
+            Signature: a09ea7ad2e5d67136d3a8d90878294843292af15103d0bca0dfb6091aa98d35d2bbda19f7b67e8c60ec5650d5d9edfaa0f61e744c2f3f3df12d07a68429127e2a7c5e262ab6bac51cb4287cc131aac3e115f7b1a0c57bfd901f5aff0555c981017d7670952c661bb07d1349af20539651e5789c99682a314d8beba080acfd9baa442db7b5df21b250ce44649d6b942c7a76d2d45744d3c24b26cc6433790ee5b0d7b54d6151245e0284177afeae7196f59b13718be94ed54e9ba5c84a330f8f39f277ed2be7424dd45dfb9c758566e7aaf4fd7eb45f9c5b10073379de1dc5af34f78727dfc0473a0c7ff2ccab6dc9c0ddba5a602013010ee789dfcaac21d0fa9
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 11cadaf29da4c3cb113bf1877b120103
+            Version: 3
+            TBS:
+                MD5: 6767e14c32c32562d2ed0feeccf02a40
+                SHA1: 84fdcb3f59b6c50918daea4a7cc3b200d6d5c91e
+                SHA256: 264d50b6b2be1acd6642f3f5f7d938820937ecae24a93891c6b45366f3b8d152
+                SHA384: 3b54ba34d3580c8f058565de007864534c2b3ce448d24aea78a5c6ad5186f8664082944db974bcf608dc4b4b7c17aec9
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 11cadaf29da4c3cb113bf1877b120103
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 51957e796400bc7de3cfa02db5a95bce
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: d08742729d8b2acaf972fcea6df3bf09
+        SHA1: d7fe09f414ea3a9f2b979c6d883079f0ed563a4b
+        SHA256: 89d96210bf36a88acb14086c96e916b790d21b7adf81d0907c823ca2afbe0ce3
+    Company: IObit
+    Copyright: "IObit Copyright \xA9 2005-2013"
+    CreationTimestamp: '2013-09-27 03:40:53'
+    Date: ''
+    Description: IObitUnlocker Driver
+    ExportedFunctions: ''
+    FileVersion: '1.2.0.0 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - ExAllocatePoolWithTag
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - IoDeleteDevice
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - _wcsnicmp
+    - ZwReadFile
+    - IoGetRelatedDeviceObject
+    - MmGetSystemRoutineAddress
+    - KeInitializeEvent
+    - ExInterlockedPopEntryList
+    - KeDelayExecutionThread
+    - IoFileObjectType
+    - ZwWaitForSingleObject
+    - ZwClose
+    - ObReferenceObjectByHandle
+    - KeWaitForSingleObject
+    - RtlCompareUnicodeString
+    - IoAllocateIrp
+    - ObfDereferenceObject
+    - ZwWriteFile
+    - DbgPrint
+    - IofCallDriver
+    - _wcsicmp
+    - PsGetProcessPeb
+    - PsLookupProcessByProcessId
+    - ZwQuerySymbolicLinkObject
+    - RtlInitUnicodeString
+    - KeSetEvent
+    - IoCreateFile
+    - ZwQuerySystemInformation
+    - ZwOpenSymbolicLinkObject
+    - KeUnstackDetachProcess
+    - ObQueryNameString
+    - wcsrchr
+    - ZwQueryDirectoryFile
+    - _vsnwprintf
+    - ZwDuplicateObject
+    - IoFreeIrp
+    - ZwOpenProcess
+    - MmIsAddressValid
+    - ZwTerminateProcess
+    - ZwQueryInformationFile
+    - ExInterlockedPushEntryList
+    - KeStackAttachProcess
+    - KeBugCheckEx
+    - __C_specific_handler
+    Imports:
+    - ntoskrnl.exe
+    InternalName: IObitUnlocker.sys
+    MD5: 3b967b644881ccb5a95f06e903d8b218
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: IObitUnlocker.sys
+    PDBPath: ''
+    Product: IObitUnlocker
+    ProductVersion: 1.2.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 772fe1b9794caabb89ee0b78335e3f98
+        SHA1: 877c7c33339b6359e6c366e9c4744b779f24f542
+        SHA256: aed7ad05867110783a74d2c2d4c7a0d2c84075f8a3626e45df6e8f021ea3f592
+    SHA1: 3a97b4f93c69cbf25fa4c4696e44577524c3c9a0
+    SHA256: c2e1a3dd0dfb3477a3e855368b23d12b8818df8fa3bc3508abf069a0873d6bf8
+    Sections:
+        .text:
+            Entropy: 6.210028479836042
+            Virtual Size: '0x5186'
+        .rdata:
+            Entropy: 4.788425060525102
+            Virtual Size: '0x584'
+        .data:
+            Entropy: 0.7812641672999111
+            Virtual Size: '0x170'
+        .pdata:
+            Entropy: 4.165113468119247
+            Virtual Size: '0x234'
+        INIT:
+            Entropy: 5.162190008807952
+            Virtual Size: '0x64c'
+        .rsrc:
+            Entropy: 3.288590339240593
+            Virtual Size: '0x370'
+        .reloc:
+            Entropy: 1.2987909647818572
+            Virtual Size: '0x24'
+    Signature: ''
+    Signatures: {}
+    Imphash: 0627ee7f7d86e0c552a7bc8ee31a1b18
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 979c3d1cb589639a129b4e4cec243e73
+        SHA1: 3a54be5a75468b20ef8e182a7af6e6f314a5d633
+        SHA256: afc1873543735d6299543d91d7c09ee1fa1588ff9f131ba4aedcd32b984c8ec1
+    Company: IObit
+    Copyright: "IObit Copyright \xA9 2005-2013"
+    CreationTimestamp: '2013-09-27 03:41:05'
+    Date: ''
+    Description: IObitUnlocker Driver
+    ExportedFunctions: ''
+    FileVersion: '1.2.0.0 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - ExAllocatePoolWithTag
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - IoDeleteDevice
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - _wcsnicmp
+    - ZwReadFile
+    - IoGetRelatedDeviceObject
+    - MmGetSystemRoutineAddress
+    - KeInitializeEvent
+    - ExInterlockedPopEntryList
+    - KeDelayExecutionThread
+    - IoFileObjectType
+    - ZwWaitForSingleObject
+    - ZwClose
+    - ObReferenceObjectByHandle
+    - KeWaitForSingleObject
+    - RtlCompareUnicodeString
+    - IoAllocateIrp
+    - ObfDereferenceObject
+    - ZwWriteFile
+    - DbgPrint
+    - IofCallDriver
+    - _wcsicmp
+    - PsGetProcessPeb
+    - PsLookupProcessByProcessId
+    - ZwQuerySymbolicLinkObject
+    - RtlInitUnicodeString
+    - KeSetEvent
+    - IoCreateFile
+    - ZwQuerySystemInformation
+    - ZwOpenSymbolicLinkObject
+    - KeUnstackDetachProcess
+    - ObQueryNameString
+    - wcsrchr
+    - ZwQueryDirectoryFile
+    - _vsnwprintf
+    - ZwDuplicateObject
+    - IoFreeIrp
+    - ZwOpenProcess
+    - MmIsAddressValid
+    - ZwTerminateProcess
+    - ZwQueryInformationFile
+    - ExInterlockedPushEntryList
+    - KeStackAttachProcess
+    - KeBugCheckEx
+    - __C_specific_handler
+    Imports:
+    - ntoskrnl.exe
+    InternalName: IObitUnlocker.sys
+    MD5: d7b749051da5fb4604f4141f19c47660
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: IObitUnlocker.sys
+    PDBPath: ''
+    Product: IObitUnlocker
+    ProductVersion: 1.2.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: fff3d2887cf0d6b4e4c9e7d3140d1f80
+        SHA1: 885e1b2eba8bd38ea2838313f851ce33455454e4
+        SHA256: 51b62dce85767011acfae48ba8fb023efcf56ff687cc3207762652b9bea36013
+    SHA1: 288daefd1ce65fb01011dc8a64491111207d3965
+    SHA256: 2b33df9aff7cb99a782b252e8eb65ca49874a112986a1c49cd9971210597a8ae
+    Sections:
+        .text:
+            Entropy: 6.202075133120773
+            Virtual Size: '0x5186'
+        .rdata:
+            Entropy: 4.769811652238958
+            Virtual Size: '0x594'
+        .data:
+            Entropy: 0.7812641672999111
+            Virtual Size: '0x170'
+        .pdata:
+            Entropy: 4.179297571785238
+            Virtual Size: '0x24c'
+        INIT:
+            Entropy: 5.2106778004138254
+            Virtual Size: '0x64c'
+        .rsrc:
+            Entropy: 3.288590339240593
+            Virtual Size: '0x370'
+        .reloc:
+            Entropy: 1.2987909647818572
+            Virtual Size: '0x24'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=CN, ST=Sichuan, L=Chengdu, O=IObit Information Technology,
+                OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=IObit
+                Information Technology
+            ValidFrom: '2013-01-15 00:00:00'
+            ValidTo: '2016-02-14 23:59:59'
+            Signature: a09ea7ad2e5d67136d3a8d90878294843292af15103d0bca0dfb6091aa98d35d2bbda19f7b67e8c60ec5650d5d9edfaa0f61e744c2f3f3df12d07a68429127e2a7c5e262ab6bac51cb4287cc131aac3e115f7b1a0c57bfd901f5aff0555c981017d7670952c661bb07d1349af20539651e5789c99682a314d8beba080acfd9baa442db7b5df21b250ce44649d6b942c7a76d2d45744d3c24b26cc6433790ee5b0d7b54d6151245e0284177afeae7196f59b13718be94ed54e9ba5c84a330f8f39f277ed2be7424dd45dfb9c758566e7aaf4fd7eb45f9c5b10073379de1dc5af34f78727dfc0473a0c7ff2ccab6dc9c0ddba5a602013010ee789dfcaac21d0fa9
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 11cadaf29da4c3cb113bf1877b120103
+            Version: 3
+            TBS:
+                MD5: 6767e14c32c32562d2ed0feeccf02a40
+                SHA1: 84fdcb3f59b6c50918daea4a7cc3b200d6d5c91e
+                SHA256: 264d50b6b2be1acd6642f3f5f7d938820937ecae24a93891c6b45366f3b8d152
+                SHA384: 3b54ba34d3580c8f058565de007864534c2b3ce448d24aea78a5c6ad5186f8664082944db974bcf608dc4b4b7c17aec9
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 11cadaf29da4c3cb113bf1877b120103
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 0627ee7f7d86e0c552a7bc8ee31a1b18
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: ''
+    MD5: 47aa03a10ac3a407f8f30f1088edcbc9
+    SHA1: b5d78a1d3ae93bd343c6d65e64c0945d1d558758
+    SHA256: c79a2bb050af6436b10b58ef04dbc7082df1513cec5934432004eb56fba05e66
+    Signature: ''
+    Date: ''
+    Publisher: ''
+    Company: IObit
+    Description: IObitUnlocker Driver
+    Product: IObitUnlocker
+    ProductVersion: 1.2.0.1
+    FileVersion: '1.2.0.1 built by: WinDDK'
+    MachineType: AMD64
+    OriginalFilename: IObitUnlocker.sys
+    Imphash: 878e0ad08d61b8eeabe5f33873401f2d
+    Authentihash:
+        MD5: 1ed0cb218c469ce7bb2917cde85fb4dd
+        SHA1: 5193f41b2787d16decf7d50891fde34dd1162f4f
+        SHA256: 3ee89c1e8738d465d241630ccca4ce218afc02421461e6de91e4dc8133e9501c
+    RichPEHeaderHash:
+        MD5: 87e7284a82caf3f9332dfaff2f515994
+        SHA1: ba095313dc4473516b91f8c36af612b7355c31d3
+        SHA256: 2b061aa8bc49bc9cce9ba24952a5e0e1a581f7d693db1aef26aa44049811beba
+    Sections:
+        .text:
+            Entropy: 5.405554072789149
+            Virtual Size: '0x7fed'
+        .rdata:
+            Entropy: 4.194087376463995
+            Virtual Size: '0x4e8'
+        .data:
+            Entropy: 0.8079955727472559
+            Virtual Size: '0x170'
+        .pdata:
+            Entropy: 4.175415725903598
+            Virtual Size: '0x3a8'
+        INIT:
+            Entropy: 5.217151964086442
+            Virtual Size: '0x6e6'
+        .rsrc:
+            Entropy: 3.3103115449532003
+            Virtual Size: '0x370'
+        .reloc:
+            Entropy: 1.2987909647818572
+            Virtual Size: '0x24'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2017-06-15 00:26:50'
+    InternalName: IObitUnlocker.sys
+    Copyright: "IObit Copyright \xA9 2005-2013"
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - ExAllocatePoolWithTag
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - IoDeleteDevice
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - RtlAssert
+    - _wcsnicmp
+    - ZwReadFile
+    - IoGetRelatedDeviceObject
+    - MmGetSystemRoutineAddress
+    - KeInitializeEvent
+    - ExInterlockedPopEntryList
+    - KeDelayExecutionThread
+    - IoFileObjectType
+    - ZwWaitForSingleObject
+    - ZwClose
+    - ObReferenceObjectByHandle
+    - KeWaitForSingleObject
+    - RtlCompareUnicodeString
+    - IoAllocateIrp
+    - ObfDereferenceObject
+    - ZwWriteFile
+    - DbgPrint
+    - IofCallDriver
+    - _wcsicmp
+    - PsGetProcessPeb
+    - PsLookupProcessByProcessId
+    - ZwQuerySymbolicLinkObject
+    - RtlInitUnicodeString
+    - KeSetEvent
+    - RtlAppendUnicodeToString
+    - IoCreateFile
+    - ZwQuerySystemInformation
+    - ZwOpenSymbolicLinkObject
+    - KeUnstackDetachProcess
+    - ObQueryNameString
+    - ZwCreateFile
+    - wcsrchr
+    - ZwQueryDirectoryFile
+    - _vsnwprintf
+    - RtlAppendUnicodeStringToString
+    - ZwDuplicateObject
+    - IoFreeIrp
+    - ZwOpenProcess
+    - PsGetCurrentProcessId
+    - MmIsAddressValid
+    - ZwTerminateProcess
+    - ZwQueryInformationFile
+    - ExInterlockedPushEntryList
+    - KeStackAttachProcess
+    - KeBugCheckEx
+    - __C_specific_handler
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=CN, ST=Sichuan, L=Chengdu, O=IObit Information Technology,
+                CN=IObit Information Technology
+            ValidFrom: '2015-12-23 00:00:00'
+            ValidTo: '2018-03-23 23:59:59'
+            Signature: 1eca1dc77a22ba11722bcc6c270cd10fd37c3d8222397413c95649e8785fb1bdf1dc1469688cb7ab3bb4691243c5041b3e44994a21838069d3c272f8104ad6ddbba62a3f4383107e770135da9f63e0f8a10f873db3ca001e08cad9de3b93ffd2932c2709db34f8c08de22388abe76109d78fa23adce1c13b139ab1b0d5df60ff8c337f97d6c174fe4351c5eb1875c2e2633d49e5416074e3d3971e3c3afc6369d1f9294365b97a1676dbf3db4e99b8bce5f45374c29a2c7af48e2e55df3d7e299c0ffab20515d2cc8c6e1641880a5a266702b55549a537dd4c744f98ffcd4e28a98e953c905b78bd1739d4c16391f47bc5dd03473d6ffe9452ed41d899cd790f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 454a6cd2e1e63ca9d542dfdab518fed9
+            Version: 3
+            TBS:
+                MD5: dc758b37359f3efd673d2a20e9d65970
+                SHA1: b7293447deac1ede27c037804acf694e00262d28
+                SHA256: e1f3ec931d84ca3ebf315235e9d6b203c49b53cc2fea8a3317a7f5d9717be934
+                SHA384: e14f9b9f001c64204054a84fde7d18b84f217cf42bd19d30ef1b26d399adc01a17d031f763a981ba99539d80ac8b1abe
+        -   Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 SHA256 Code Signing CA
+            ValidFrom: '2013-12-10 00:00:00'
+            ValidTo: '2023-12-09 23:59:59'
+            Signature: 13851a1e69a937f7a0bda4af7e1d6153fe9d8c5e0ca6751e781723ddfdec1a035539fb7195c7655aa78e30d2445a61db706fda2105c22e73ba49f1d193fe5dc9cd5e03e0899e3f741ed7f7388ba9d6cfbb352f3358a89256d1c84d3b82e6798416fc28b0b147f31da23eee87d9a67fa456a53fad842e29de7cbca8aaa33d0401eaba93a20e502229174c87e43a115fd6a425899b056b2fb4c9014c277b0bac190522a060153fdac9fb4d4c8ffb726777fd2794c7ba350e8849fe8dfd28af4a12bd0db39705de440c15fa362b03dcc15001f1a1115d14e5e2bd274b54be2b845e0fa6c374050aef97c38922b11f77f3bdcd43d4f14ca93fb58b84af64f2d01421
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 3d78d7f9764960b2617df4f01eca862a
+            Version: 3
+            TBS:
+                MD5: 1f056ff7d5f874984dc605402b7cb042
+                SHA1: bdb348353a2203deb4b767914fa1bd7248dd728b
+                SHA256: a08e79c386083d875014c409c13d144e0a24386132980df11ff59737c8489eb1
+                SHA384: fa2729064b49e0d77540c1ee95d5f74acaf8eaf55197851a3a40383335f8113e51190bc48b552196edf8ac5cf0c89278
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        Signer:
+        -   SerialNumber: 454a6cd2e1e63ca9d542dfdab518fed9
+            Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 SHA256 Code Signing CA
+            Version: 1
diff --git a/yaml/e4098d7e-78b3-4da1-96cb-68b27f245e02.yaml b/yaml/e4098d7e-78b3-4da1-96cb-68b27f245e02.yaml
index a72ab9546..21fd5beb1 100644
--- a/yaml/e4098d7e-78b3-4da1-96cb-68b27f245e02.yaml
+++ b/yaml/e4098d7e-78b3-4da1-96cb-68b27f245e02.yaml
@@ -1,252 +1,253 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: e4098d7e-78b3-4da1-96cb-68b27f245e02
+Tags:
+- HwOs2Ec7x64.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create HwOs2Ec7x64.sys binPath=C:\windows\temp\HwOs2Ec7x64.sys     type=kernel
-    && sc.exe start HwOs2Ec7x64.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/b179e1ab6dc0b1aee783adbcad4ad6bb75a8a64cb798f30c0dd2ee8aaf43e6de.yara
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: e4098d7e-78b3-4da1-96cb-68b27f245e02
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 9a0c8745f43136476aa78ea77af67a0a
-    SHA1: dcfc27b5aac3e1911c0617d6c1823e65267c09a3
-    SHA256: b78cb190a4968d06f2cdab65ea0106bc47eefdaffc871ba5dd2c2dccadb1e403
-  Company: Huawei
-  Copyright: Copyright (C) 2016
-  CreationTimestamp: '2017-04-12 20:51:36'
-  Date: ''
-  Description: HwOs2Ec
-  ExportedFunctions: ''
-  FileVersion: 1.0.0.1
-  Filename: HwOs2Ec7x64.sys
-  ImportedFunctions:
-  - DbgPrint
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - IoGetCurrentProcess
-  - InitSafeBootMode
-  - memcpy_s
-  - RtlInitUnicodeString
-  - RtlEqualUnicodeString
-  - RtlCopyUnicodeString
-  - RtlAppendUnicodeToString
-  - ExAllocatePool
-  - ExFreePoolWithTag
-  - MmProbeAndLockPages
-  - MmMapLockedPagesSpecifyCache
-  - MmUnmapLockedPages
-  - IoAllocateMdl
-  - IoFreeMdl
-  - ObReferenceObjectByHandle
-  - ObfDereferenceObject
-  - ZwClose
-  - PsSetCreateProcessNotifyRoutine
-  - ZwOpenProcess
-  - ZwQuerySystemInformation
-  - ZwAllocateVirtualMemory
-  - ZwFreeVirtualMemory
-  - KeInitializeApc
-  - ZwOpenThread
-  - KeInsertQueueApc
-  - PsGetProcessPeb
-  - RtlImageDirectoryEntryToData
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - __C_specific_handler
-  - PsProcessType
-  - PsThreadType
-  - PsGetThreadId
-  - PsGetThreadProcessId
-  - RtlGetVersion
-  - ExAllocatePoolWithTag
-  - MmGetSystemRoutineAddress
-  - ZwTerminateProcess
-  - KeInitializeEvent
-  - ExAcquireFastMutex
-  - ExReleaseFastMutex
-  - KeSetEvent
-  - KeWaitForMultipleObjects
-  - KeWaitForSingleObject
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - RtlCompareUnicodeStrings
-  - wcscpy_s
-  - _wcsnicmp
-  - RtlCompareUnicodeString
-  - RtlAppendUnicodeStringToString
-  - ZwCreateFile
-  - ZwOpenKey
-  - ZwQueryValueKey
-  - ZwQueryInformationProcess
-  - ObOpenObjectByPointer
-  - ObQueryNameString
-  - IoFileObjectType
-  - KeBugCheckEx
-  Imports:
-  - ntoskrnl.exe
-  InternalName: HwOs2Ec
-  MD5: bae1f127c4ff21d8fe45e2bbfc59c180
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: HwOs2Ec.sys
-  Product: Huawei MateBook
-  ProductVersion: 1.0.0.1
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: b58df55aa41763ccb62987fd4956f59c
-    SHA1: 55b5847cfadc4b9c1fd7d0505c973e2cbaf21365
-    SHA256: 511d3ee1bc5d3763f740817dd866171e179f95d8351036c1d02d8bc4dc12f5d7
-  SHA1: 26c4a7b392d7e7bd7f0a2a758534e45c0d9a56ab
-  SHA256: b179e1ab6dc0b1aee783adbcad4ad6bb75a8a64cb798f30c0dd2ee8aaf43e6de
-  Sections:
-    .text:
-      Entropy: 6.236880813198621
-      Virtual Size: '0x2084'
-    .rdata:
-      Entropy: 4.364746352540341
-      Virtual Size: '0x994'
-    .data:
-      Entropy: 0.30140680731160896
-      Virtual Size: '0x61c'
-    .pdata:
-      Entropy: 4.211164079381654
-      Virtual Size: '0x33c'
-    .gfids:
-      Entropy: 0.8112781244591328
-      Virtual Size: '0x4'
-    PAGE:
-      Entropy: 6.230170005876138
-      Virtual Size: '0x18ea'
-    INIT:
-      Entropy: 5.513789896059991
-      Virtual Size: '0x92a'
-    .rsrc:
-      Entropy: 3.224013557904709
-      Virtual Size: '0x308'
-    .reloc:
-      Entropy: 2.5414460711655216
-      Virtual Size: '0x14'
-  Signature:
-  - Huawei Technologies Co.,Ltd.
-  - VeriSign Class 3 Code Signing 2010 CA
-  - VeriSign
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=CN, ST=Guangdong, L=Shenzhen, O=Huawei Technologies Co.,Ltd., OU=Handset
-        Engineer Testing Department (Dongguan), CN=Huawei Technologies Co.,Ltd.
-      ValidFrom: '2014-08-26 00:00:00'
-      ValidTo: '2017-10-24 23:59:59'
-      Signature: 26ae5c92dcdd43ce7bb0268607a9ae0b1a0285edaf34485ad22397a5c488a1bb50d7bdd0920096ad9607b6f14e99e5678022730b02e37d19fa3ae2570290b232b26b816cba6ed7e040a8cb194c0ae2c904c4fa2374b568435655d3491e0df8c5ab2291d0b95135b425f05d79a46f6848d57c7b500f5cd136c1c505ad2513b235f3cc70fbe8e2322515d88c7e0b00d2be887ddc85a709baccf6999097ca01aa284136d0459b6c4af18ec967796e58411af5408ef5ce0e6570cffb3b5937af9c20d58b21416ac11dc09bcb4af20ab90ae95c04fc0a47129641eb7501954aa957c03181342ceb5371257a83307b5de647054be114f91076e8effdbc8dff85ed7a4d
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 4c1a3d7c5bdaef3e1166416afe8138e9
-      Version: 3
-      TBS:
-        MD5: 1a0a4179e76daa46743b2539b13fd821
-        SHA1: 2b9c5371e6b6dab977a12c14592a33a9827ccc63
-        SHA256: 2f093794212c50c6bf6bb6251bcbbcbee9b288538bc8f0561d3bd61321876bc0
-        SHA384: 7657965883c498864c4e30f49c9cc0ca47bb7cfca05febb54303e3d84964ebb59e979a6e55f59f4216ff11c84fdbafed
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 4c1a3d7c5bdaef3e1166416afe8138e9
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 0f371a913e9fa3ba3a923718e489debb
-  LoadsDespiteHVCI: 'TRUE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create HwOs2Ec7x64.sys binPath=C:\windows\temp\HwOs2Ec7x64.sys     type=kernel
+        && sc.exe start HwOs2Ec7x64.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://github.com/eclypsium/Screwed-Drivers/blob/master/DRIVERS.md
-Tags:
-- HwOs2Ec7x64.sys
-Verified: 'TRUE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/b179e1ab6dc0b1aee783adbcad4ad6bb75a8a64cb798f30c0dd2ee8aaf43e6de.yara
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 9a0c8745f43136476aa78ea77af67a0a
+        SHA1: dcfc27b5aac3e1911c0617d6c1823e65267c09a3
+        SHA256: b78cb190a4968d06f2cdab65ea0106bc47eefdaffc871ba5dd2c2dccadb1e403
+    Company: Huawei
+    Copyright: Copyright (C) 2016
+    CreationTimestamp: '2017-04-12 20:51:36'
+    Date: ''
+    Description: HwOs2Ec
+    ExportedFunctions: ''
+    FileVersion: 1.0.0.1
+    Filename: HwOs2Ec7x64.sys
+    ImportedFunctions:
+    - DbgPrint
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - IoGetCurrentProcess
+    - InitSafeBootMode
+    - memcpy_s
+    - RtlInitUnicodeString
+    - RtlEqualUnicodeString
+    - RtlCopyUnicodeString
+    - RtlAppendUnicodeToString
+    - ExAllocatePool
+    - ExFreePoolWithTag
+    - MmProbeAndLockPages
+    - MmMapLockedPagesSpecifyCache
+    - MmUnmapLockedPages
+    - IoAllocateMdl
+    - IoFreeMdl
+    - ObReferenceObjectByHandle
+    - ObfDereferenceObject
+    - ZwClose
+    - PsSetCreateProcessNotifyRoutine
+    - ZwOpenProcess
+    - ZwQuerySystemInformation
+    - ZwAllocateVirtualMemory
+    - ZwFreeVirtualMemory
+    - KeInitializeApc
+    - ZwOpenThread
+    - KeInsertQueueApc
+    - PsGetProcessPeb
+    - RtlImageDirectoryEntryToData
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - __C_specific_handler
+    - PsProcessType
+    - PsThreadType
+    - PsGetThreadId
+    - PsGetThreadProcessId
+    - RtlGetVersion
+    - ExAllocatePoolWithTag
+    - MmGetSystemRoutineAddress
+    - ZwTerminateProcess
+    - KeInitializeEvent
+    - ExAcquireFastMutex
+    - ExReleaseFastMutex
+    - KeSetEvent
+    - KeWaitForMultipleObjects
+    - KeWaitForSingleObject
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - RtlCompareUnicodeStrings
+    - wcscpy_s
+    - _wcsnicmp
+    - RtlCompareUnicodeString
+    - RtlAppendUnicodeStringToString
+    - ZwCreateFile
+    - ZwOpenKey
+    - ZwQueryValueKey
+    - ZwQueryInformationProcess
+    - ObOpenObjectByPointer
+    - ObQueryNameString
+    - IoFileObjectType
+    - KeBugCheckEx
+    Imports:
+    - ntoskrnl.exe
+    InternalName: HwOs2Ec
+    MD5: bae1f127c4ff21d8fe45e2bbfc59c180
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: HwOs2Ec.sys
+    Product: Huawei MateBook
+    ProductVersion: 1.0.0.1
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: b58df55aa41763ccb62987fd4956f59c
+        SHA1: 55b5847cfadc4b9c1fd7d0505c973e2cbaf21365
+        SHA256: 511d3ee1bc5d3763f740817dd866171e179f95d8351036c1d02d8bc4dc12f5d7
+    SHA1: 26c4a7b392d7e7bd7f0a2a758534e45c0d9a56ab
+    SHA256: b179e1ab6dc0b1aee783adbcad4ad6bb75a8a64cb798f30c0dd2ee8aaf43e6de
+    Sections:
+        .text:
+            Entropy: 6.236880813198621
+            Virtual Size: '0x2084'
+        .rdata:
+            Entropy: 4.364746352540341
+            Virtual Size: '0x994'
+        .data:
+            Entropy: 0.30140680731160896
+            Virtual Size: '0x61c'
+        .pdata:
+            Entropy: 4.211164079381654
+            Virtual Size: '0x33c'
+        .gfids:
+            Entropy: 0.8112781244591328
+            Virtual Size: '0x4'
+        PAGE:
+            Entropy: 6.230170005876138
+            Virtual Size: '0x18ea'
+        INIT:
+            Entropy: 5.513789896059991
+            Virtual Size: '0x92a'
+        .rsrc:
+            Entropy: 3.224013557904709
+            Virtual Size: '0x308'
+        .reloc:
+            Entropy: 2.5414460711655216
+            Virtual Size: '0x14'
+    Signature:
+    - Huawei Technologies Co.,Ltd.
+    - VeriSign Class 3 Code Signing 2010 CA
+    - VeriSign
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=CN, ST=Guangdong, L=Shenzhen, O=Huawei Technologies Co.,Ltd.,
+                OU=Handset Engineer Testing Department (Dongguan), CN=Huawei Technologies
+                Co.,Ltd.
+            ValidFrom: '2014-08-26 00:00:00'
+            ValidTo: '2017-10-24 23:59:59'
+            Signature: 26ae5c92dcdd43ce7bb0268607a9ae0b1a0285edaf34485ad22397a5c488a1bb50d7bdd0920096ad9607b6f14e99e5678022730b02e37d19fa3ae2570290b232b26b816cba6ed7e040a8cb194c0ae2c904c4fa2374b568435655d3491e0df8c5ab2291d0b95135b425f05d79a46f6848d57c7b500f5cd136c1c505ad2513b235f3cc70fbe8e2322515d88c7e0b00d2be887ddc85a709baccf6999097ca01aa284136d0459b6c4af18ec967796e58411af5408ef5ce0e6570cffb3b5937af9c20d58b21416ac11dc09bcb4af20ab90ae95c04fc0a47129641eb7501954aa957c03181342ceb5371257a83307b5de647054be114f91076e8effdbc8dff85ed7a4d
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 4c1a3d7c5bdaef3e1166416afe8138e9
+            Version: 3
+            TBS:
+                MD5: 1a0a4179e76daa46743b2539b13fd821
+                SHA1: 2b9c5371e6b6dab977a12c14592a33a9827ccc63
+                SHA256: 2f093794212c50c6bf6bb6251bcbbcbee9b288538bc8f0561d3bd61321876bc0
+                SHA384: 7657965883c498864c4e30f49c9cc0ca47bb7cfca05febb54303e3d84964ebb59e979a6e55f59f4216ff11c84fdbafed
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 4c1a3d7c5bdaef3e1166416afe8138e9
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 0f371a913e9fa3ba3a923718e489debb
+    LoadsDespiteHVCI: 'TRUE'
diff --git a/yaml/e42cd285-4dda-4086-a696-93ab1d6f17ca.yaml b/yaml/e42cd285-4dda-4086-a696-93ab1d6f17ca.yaml
index 46e4d2516..c90c014e7 100644
--- a/yaml/e42cd285-4dda-4086-a696-93ab1d6f17ca.yaml
+++ b/yaml/e42cd285-4dda-4086-a696-93ab1d6f17ca.yaml
@@ -1,190 +1,191 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: e42cd285-4dda-4086-a696-93ab1d6f17ca
+Tags:
+- HOSTNT.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create HOSTNT.sys binPath=C:\windows\temp\HOSTNT.sys type=kernel
-    && sc.exe start HOSTNT.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/07b6d69bafcfd767f1b63a490a8843c3bb1f8e1bbea56176109b5743c8f7d357.yara
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: e42cd285-4dda-4086-a696-93ab1d6f17ca
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 143dd36b65e3550323812614f6952d95
-    SHA1: 925f076cef081c0c2f6dded10c1349b4e65f7dde
-    SHA256: 8920dedd3c5488ecc1db2ace55b2000d4cebf899c5e591b429d3f7767eee2216
-  Company: SafeNet, Inc.
-  Copyright: Copyright (C)  SafeNet, Inc.
-  CreationTimestamp: '2007-11-26 19:16:37'
-  Date: ''
-  Description: Hostnt 64-bit driver
-  ExportedFunctions: ''
-  FileVersion: 4, 0, 16, 0
-  Filename: HOSTNT.sys
-  ImportedFunctions:
-  - IoDeleteDevice
-  - ZwUnmapViewOfSection
-  - ZwClose
-  - IofCompleteRequest
-  - ObReferenceObjectByHandle
-  - RtlInitUnicodeString
-  - IoCreateDevice
-  - ZwOpenSection
-  - IoDeleteSymbolicLink
-  - KeBugCheckEx
-  - IoCreateSymbolicLink
-  - ZwMapViewOfSection
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: Hostnt
-  MD5: e8ebba56ea799e1e62748c59e1a4c586
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: Hostnt.sys
-  Product: Hostnt
-  ProductVersion: 4, 0, 16, 0
-  Publisher: '"SafeNet, Inc."'
-  RichPEHeaderHash:
-    MD5: 4024d9b5e71cd1761134c397f2cf292b
-    SHA1: a0011e3b0d99e7f5e0c0f0b3bf4026d1883e1e90
-    SHA256: 253ac530a75860bb51af25e2b12a9d0611c7eee6e5bacd9800bf24afbf4b6c80
-  SHA1: ac13941f436139b909d105ad55637e1308f49d9a
-  SHA256: 07b6d69bafcfd767f1b63a490a8843c3bb1f8e1bbea56176109b5743c8f7d357
-  Sections:
-    .text:
-      Entropy: 5.864601789900182
-      Virtual Size: '0x9be'
-    .rdata:
-      Entropy: 4.356371540103682
-      Virtual Size: '0x164'
-    .data:
-      Entropy: 0.32552420731642917
-      Virtual Size: '0x1d4'
-    .pdata:
-      Entropy: 3.182334194023545
-      Virtual Size: '0x54'
-    INIT:
-      Entropy: 4.896619545447233
-      Virtual Size: '0x23e'
-    .rsrc:
-      Entropy: 3.2410270216436903
-      Virtual Size: '0x3c0'
-  Signature:
-  - SafeNet, Inc.
-  - VeriSign Class 3 Code Signing 2004 CA
-  - VeriSign Class 3 Public Primary CA
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=US, ST=Maryland, L=Baltimore, O=SafeNet, Inc., OU=Digital ID Class
-        3 , Microsoft Software Validation v2, OU=Enterprise Security Division, CN=SafeNet,
-        Inc.
-      ValidFrom: '2007-03-13 00:00:00'
-      ValidTo: '2008-03-13 23:59:59'
-      Signature: 0858deea226c69397f4744305e009bbce7615a7ab159d7b4edafa8021e8d81379ff2f8b9a63b97c6de23ec73d55503abb1d4805e7a66082016d165c32010aaa15a646397cc6642c955a7657e0ad34b86ba916af23eb90a0b12ced31cb984fa424e73f30c18eedce4902346efb9c42b3f0b39beb5c3080559c148be6e9b2ceadd0fd09c2d2c033638a9279ff5a1afb8f07074a4b340048bdf8eaf8b1e5bfc5da018720c53467d6a0793e4531c700ca64fe0288917b4beaad20acdc5a2c2dd879aa31da15cfd973d23daf8c3903ff4541b3ace795cd5ea768ccbfda06f9a2237e47fd0a92ec2d49a9dd04fba5824f34f636e89467f134ca6201da770aa3e575960
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 4d1eedd778a51a3d59d419a8b06ca09c
-      Version: 3
-      TBS:
-        MD5: 64c3be981482856661c2ab26e0e7b8bb
-        SHA1: b217c7d2504b99aaee3d35203b7cac7f46fe76ac
-        SHA256: 800c53d15d6b5879e35ba29b697fee8f75bedb953e3739ee221124af686d1edd
-        SHA384: fa67ec97816029fd6af3aec8ffdde60d9fb3d17a94607434e8c4c719c00ac44a3c7af37bac772670241ea2b426b3ee21
-    Signer:
-    - SerialNumber: 4d1eedd778a51a3d59d419a8b06ca09c
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  Imphash: b4c562c2c654abd2cc71658646314976
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create HOSTNT.sys binPath=C:\windows\temp\HOSTNT.sys type=kernel
+        && sc.exe start HOSTNT.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://github.com/namazso/physmem_drivers
-Tags:
-- HOSTNT.sys
-Verified: 'TRUE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/07b6d69bafcfd767f1b63a490a8843c3bb1f8e1bbea56176109b5743c8f7d357.yara
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 143dd36b65e3550323812614f6952d95
+        SHA1: 925f076cef081c0c2f6dded10c1349b4e65f7dde
+        SHA256: 8920dedd3c5488ecc1db2ace55b2000d4cebf899c5e591b429d3f7767eee2216
+    Company: SafeNet, Inc.
+    Copyright: Copyright (C)  SafeNet, Inc.
+    CreationTimestamp: '2007-11-26 19:16:37'
+    Date: ''
+    Description: Hostnt 64-bit driver
+    ExportedFunctions: ''
+    FileVersion: 4, 0, 16, 0
+    Filename: HOSTNT.sys
+    ImportedFunctions:
+    - IoDeleteDevice
+    - ZwUnmapViewOfSection
+    - ZwClose
+    - IofCompleteRequest
+    - ObReferenceObjectByHandle
+    - RtlInitUnicodeString
+    - IoCreateDevice
+    - ZwOpenSection
+    - IoDeleteSymbolicLink
+    - KeBugCheckEx
+    - IoCreateSymbolicLink
+    - ZwMapViewOfSection
+    - HalTranslateBusAddress
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: Hostnt
+    MD5: e8ebba56ea799e1e62748c59e1a4c586
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: Hostnt.sys
+    Product: Hostnt
+    ProductVersion: 4, 0, 16, 0
+    Publisher: '"SafeNet, Inc."'
+    RichPEHeaderHash:
+        MD5: 4024d9b5e71cd1761134c397f2cf292b
+        SHA1: a0011e3b0d99e7f5e0c0f0b3bf4026d1883e1e90
+        SHA256: 253ac530a75860bb51af25e2b12a9d0611c7eee6e5bacd9800bf24afbf4b6c80
+    SHA1: ac13941f436139b909d105ad55637e1308f49d9a
+    SHA256: 07b6d69bafcfd767f1b63a490a8843c3bb1f8e1bbea56176109b5743c8f7d357
+    Sections:
+        .text:
+            Entropy: 5.864601789900182
+            Virtual Size: '0x9be'
+        .rdata:
+            Entropy: 4.356371540103682
+            Virtual Size: '0x164'
+        .data:
+            Entropy: 0.32552420731642917
+            Virtual Size: '0x1d4'
+        .pdata:
+            Entropy: 3.182334194023545
+            Virtual Size: '0x54'
+        INIT:
+            Entropy: 4.896619545447233
+            Virtual Size: '0x23e'
+        .rsrc:
+            Entropy: 3.2410270216436903
+            Virtual Size: '0x3c0'
+    Signature:
+    - SafeNet, Inc.
+    - VeriSign Class 3 Code Signing 2004 CA
+    - VeriSign Class 3 Public Primary CA
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=US, ST=Maryland, L=Baltimore, O=SafeNet, Inc., OU=Digital ID
+                Class 3 , Microsoft Software Validation v2, OU=Enterprise Security
+                Division, CN=SafeNet, Inc.
+            ValidFrom: '2007-03-13 00:00:00'
+            ValidTo: '2008-03-13 23:59:59'
+            Signature: 0858deea226c69397f4744305e009bbce7615a7ab159d7b4edafa8021e8d81379ff2f8b9a63b97c6de23ec73d55503abb1d4805e7a66082016d165c32010aaa15a646397cc6642c955a7657e0ad34b86ba916af23eb90a0b12ced31cb984fa424e73f30c18eedce4902346efb9c42b3f0b39beb5c3080559c148be6e9b2ceadd0fd09c2d2c033638a9279ff5a1afb8f07074a4b340048bdf8eaf8b1e5bfc5da018720c53467d6a0793e4531c700ca64fe0288917b4beaad20acdc5a2c2dd879aa31da15cfd973d23daf8c3903ff4541b3ace795cd5ea768ccbfda06f9a2237e47fd0a92ec2d49a9dd04fba5824f34f636e89467f134ca6201da770aa3e575960
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 4d1eedd778a51a3d59d419a8b06ca09c
+            Version: 3
+            TBS:
+                MD5: 64c3be981482856661c2ab26e0e7b8bb
+                SHA1: b217c7d2504b99aaee3d35203b7cac7f46fe76ac
+                SHA256: 800c53d15d6b5879e35ba29b697fee8f75bedb953e3739ee221124af686d1edd
+                SHA384: fa67ec97816029fd6af3aec8ffdde60d9fb3d17a94607434e8c4c719c00ac44a3c7af37bac772670241ea2b426b3ee21
+        Signer:
+        -   SerialNumber: 4d1eedd778a51a3d59d419a8b06ca09c
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    Imphash: b4c562c2c654abd2cc71658646314976
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/e4609b54-cb25-4433-a75a-7a17f43cec00.yaml b/yaml/e4609b54-cb25-4433-a75a-7a17f43cec00.yaml
index 82c480820..ddfcca320 100644
--- a/yaml/e4609b54-cb25-4433-a75a-7a17f43cec00.yaml
+++ b/yaml/e4609b54-cb25-4433-a75a-7a17f43cec00.yaml
@@ -1,190 +1,190 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: e4609b54-cb25-4433-a75a-7a17f43cec00
+Tags:
+- HwRwDrv.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create HwRwDrv.sys binPath=C:\windows\temp\HwRwDrv.sys type=kernel
-    && sc.exe start HwRwDrv.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/21ccdd306b5183c00ecfd0475b3152e7d94b921e858e59b68a03e925d1715f21.yara
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: e4609b54-cb25-4433-a75a-7a17f43cec00
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 62d9c8a109afc08e2858d98df9776850
-    SHA1: 7beb26c59b8d1b9540c6fae7c05c2b1cc2537e54
-    SHA256: d852810a7319e3249077a1b9f1317f6f4157a19bb99b90063d118c30c2c84ac2
-  Company: "Windows\xAE winows 7 driver kits provider"
-  Copyright: "Copyright\xA9 Microsoft Corporation. All rights reserved."
-  CreationTimestamp: '2012-07-27 23:28:05'
-  Date: ''
-  Description: Hardware read & write driver
-  ExportedFunctions: ''
-  FileVersion: 1.0.5.0
-  Filename: HwRwDrv.sys
-  ImportedFunctions:
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - IoDeleteDevice
-  - IoCreateDevice
-  - KeBugCheckEx
-  - RtlInitUnicodeString
-  - IoCreateSymbolicLink
-  - IoDeleteSymbolicLink
-  - __C_specific_handler
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: HwRwDrv.sys
-  MD5: dbc415304403be25ac83047c170b0ec2
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: HwRwDrv.sys
-  Product: Hardware read & write driver
-  ProductVersion: 1.0.5.0
-  Publisher: Shuttle Inc.
-  RichPEHeaderHash:
-    MD5: 41ddd08b440611823bc5d8cb732c563d
-    SHA1: 8acdfc9ac988c6250e2a031640f6e169b5fddb73
-    SHA256: 189683b4db2e68d2f0b3f91f1141907b3887f23991867a68a22389d40ad3634e
-  SHA1: 2b0bb408ff0e66bcdf6574f1ca52cbf4015b257b
-  SHA256: 21ccdd306b5183c00ecfd0475b3152e7d94b921e858e59b68a03e925d1715f21
-  Sections:
-    .text:
-      Entropy: 6.002580848253962
-      Virtual Size: '0x738'
-    .rdata:
-      Entropy: 4.153369840669388
-      Virtual Size: '0x1a0'
-    .data:
-      Entropy: 0.5096713223407059
-      Virtual Size: '0x114'
-    .pdata:
-      Entropy: 3.3767756355039418
-      Virtual Size: '0x78'
-    INIT:
-      Entropy: 5.046663153942613
-      Virtual Size: '0x242'
-    .rsrc:
-      Entropy: 3.261974484039489
-      Virtual Size: '0x458'
-  Signature:
-  - Shuttle Inc.
-  - VeriSign Class 3 Code Signing 2010 CA
-  - VeriSign
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G3
-      ValidFrom: '2012-05-01 00:00:00'
-      ValidTo: '2012-12-31 23:59:59'
-      Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
-      Version: 3
-      TBS:
-        MD5: e6d820afb23af20a65cf0b03247ea05e
-        SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
-        SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
-        SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=TW, ST=Taiwan, L=Taipei, O=Shuttle Inc., OU=Digital ID Class 3 ,
-        Microsoft Software Validation v2, CN=Shuttle Inc.
-      ValidFrom: '2012-03-08 00:00:00'
-      ValidTo: '2013-03-07 23:59:59'
-      Signature: cf02e69bede8ead2f0e0d61eedbfe480168251486257bcef72f27c482310aa56b7569ecec9ef3955bc5de9fc8f4251dc425df409fcd576c3545e6bc3c1bb2a5987deb41d575e8623e36656a8c119ed34c1e9673bcddb55387d8066417d8c7e7a46368467d4205f505d780c99d2a46aee1206e3300ac6ac5c419b032b01137de7a801c92796b8d62b358b1d120b1ffbeee5f5f9db21f10703094cc13c7e963d79bea0ea2a1d4b6282531295f2f321b4d30beefabdb2dc9cfb1e3835945f7fa213c49677977a58f9986ba6a89d0ce0a4fd15336dcaf31825d1f8706e7b066e3a2afb1cc4b1574e695d01fb16ae689d9892a9be31155ab71e5c20e760b70e7669be
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 160cb9192dc4e0fde5cbaf859feae671
-      Version: 3
-      TBS:
-        MD5: 4bdf770073ad26561f90cbe53d65f4bb
-        SHA1: 268caed0b5d2facdb838384601cac3d1fad185b8
-        SHA256: da8653bf7a0fc4b088889084f919c7d1d4d5ad98102de9c8271e0ac91a6cee2d
-        SHA384: a204fec082be27224992b6e622e9cf5187827df93305ebabc87117666cea00695d9629917962f0c84d24c2a3870f5086
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 160cb9192dc4e0fde5cbaf859feae671
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: d6f977640d4810a784d152e4d3c63a6b
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create HwRwDrv.sys binPath=C:\windows\temp\HwRwDrv.sys type=kernel
+        && sc.exe start HwRwDrv.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://github.com/namazso/physmem_drivers
-Tags:
-- HwRwDrv.sys
-Verified: 'TRUE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/21ccdd306b5183c00ecfd0475b3152e7d94b921e858e59b68a03e925d1715f21.yara
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 62d9c8a109afc08e2858d98df9776850
+        SHA1: 7beb26c59b8d1b9540c6fae7c05c2b1cc2537e54
+        SHA256: d852810a7319e3249077a1b9f1317f6f4157a19bb99b90063d118c30c2c84ac2
+    Company: "Windows\xAE winows 7 driver kits provider"
+    Copyright: "Copyright\xA9 Microsoft Corporation. All rights reserved."
+    CreationTimestamp: '2012-07-27 23:28:05'
+    Date: ''
+    Description: Hardware read & write driver
+    ExportedFunctions: ''
+    FileVersion: 1.0.5.0
+    Filename: HwRwDrv.sys
+    ImportedFunctions:
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - IoDeleteDevice
+    - IoCreateDevice
+    - KeBugCheckEx
+    - RtlInitUnicodeString
+    - IoCreateSymbolicLink
+    - IoDeleteSymbolicLink
+    - __C_specific_handler
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: HwRwDrv.sys
+    MD5: dbc415304403be25ac83047c170b0ec2
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: HwRwDrv.sys
+    Product: Hardware read & write driver
+    ProductVersion: 1.0.5.0
+    Publisher: Shuttle Inc.
+    RichPEHeaderHash:
+        MD5: 41ddd08b440611823bc5d8cb732c563d
+        SHA1: 8acdfc9ac988c6250e2a031640f6e169b5fddb73
+        SHA256: 189683b4db2e68d2f0b3f91f1141907b3887f23991867a68a22389d40ad3634e
+    SHA1: 2b0bb408ff0e66bcdf6574f1ca52cbf4015b257b
+    SHA256: 21ccdd306b5183c00ecfd0475b3152e7d94b921e858e59b68a03e925d1715f21
+    Sections:
+        .text:
+            Entropy: 6.002580848253962
+            Virtual Size: '0x738'
+        .rdata:
+            Entropy: 4.153369840669388
+            Virtual Size: '0x1a0'
+        .data:
+            Entropy: 0.5096713223407059
+            Virtual Size: '0x114'
+        .pdata:
+            Entropy: 3.3767756355039418
+            Virtual Size: '0x78'
+        INIT:
+            Entropy: 5.046663153942613
+            Virtual Size: '0x242'
+        .rsrc:
+            Entropy: 3.261974484039489
+            Virtual Size: '0x458'
+    Signature:
+    - Shuttle Inc.
+    - VeriSign Class 3 Code Signing 2010 CA
+    - VeriSign
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G3
+            ValidFrom: '2012-05-01 00:00:00'
+            ValidTo: '2012-12-31 23:59:59'
+            Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
+            Version: 3
+            TBS:
+                MD5: e6d820afb23af20a65cf0b03247ea05e
+                SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
+                SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
+                SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=TW, ST=Taiwan, L=Taipei, O=Shuttle Inc., OU=Digital ID Class
+                3 , Microsoft Software Validation v2, CN=Shuttle Inc.
+            ValidFrom: '2012-03-08 00:00:00'
+            ValidTo: '2013-03-07 23:59:59'
+            Signature: cf02e69bede8ead2f0e0d61eedbfe480168251486257bcef72f27c482310aa56b7569ecec9ef3955bc5de9fc8f4251dc425df409fcd576c3545e6bc3c1bb2a5987deb41d575e8623e36656a8c119ed34c1e9673bcddb55387d8066417d8c7e7a46368467d4205f505d780c99d2a46aee1206e3300ac6ac5c419b032b01137de7a801c92796b8d62b358b1d120b1ffbeee5f5f9db21f10703094cc13c7e963d79bea0ea2a1d4b6282531295f2f321b4d30beefabdb2dc9cfb1e3835945f7fa213c49677977a58f9986ba6a89d0ce0a4fd15336dcaf31825d1f8706e7b066e3a2afb1cc4b1574e695d01fb16ae689d9892a9be31155ab71e5c20e760b70e7669be
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 160cb9192dc4e0fde5cbaf859feae671
+            Version: 3
+            TBS:
+                MD5: 4bdf770073ad26561f90cbe53d65f4bb
+                SHA1: 268caed0b5d2facdb838384601cac3d1fad185b8
+                SHA256: da8653bf7a0fc4b088889084f919c7d1d4d5ad98102de9c8271e0ac91a6cee2d
+                SHA384: a204fec082be27224992b6e622e9cf5187827df93305ebabc87117666cea00695d9629917962f0c84d24c2a3870f5086
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 160cb9192dc4e0fde5cbaf859feae671
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: d6f977640d4810a784d152e4d3c63a6b
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/e5f12b82-8d07-474e-9587-8c7b3714d60c.yaml b/yaml/e5f12b82-8d07-474e-9587-8c7b3714d60c.yaml
index 7225990c1..efd7f007c 100644
--- a/yaml/e5f12b82-8d07-474e-9587-8c7b3714d60c.yaml
+++ b/yaml/e5f12b82-8d07-474e-9587-8c7b3714d60c.yaml
@@ -1,3048 +1,3048 @@
 Id: e5f12b82-8d07-474e-9587-8c7b3714d60c
+Tags:
+- zam64.sys
+- zamguard32.sys
+- zamguard64.sys
+Verified: 'TRUE'
 Author: Michael Haag, Nasreddine Bencherchali
 Created: '2023-01-09'
 MitreID: T1068
 CVE:
 - CVE-2018-5713
 Category: vulnerable driver
-Verified: 'TRUE'
 Commands:
-  Command: sc.exe create zam64.sys binPath=C:\windows\temp\zam64.sys type=kernel &&
-    sc.exe start zam64.sys
-  Description: ''
-  Usecase: Elevate privileges
-  Privileges: kernel
-  OperatingSystem: Windows 10
+    Command: sc.exe create zam64.sys binPath=C:\windows\temp\zam64.sys type=kernel
+        && sc.exe start zam64.sys
+    Description: ''
+    Usecase: Elevate privileges
+    Privileges: kernel
+    OperatingSystem: Windows 10
 Resources:
 - Internal Research
 - https://www.reddit.com/r/crowdstrike/comments/13wjrgn/20230531_situational_awareness_spyboy_defense/
 - https://github.com/elastic/protections-artifacts/search?q=VulnDriver
 - https://www.trendmicro.com/en_us/research/23/e/attack-on-security-titans-earth-longzhi-returns-with-new-tricks.html
 - https://github.com/ZeroMemoryEx/Terminator
-Acknowledgement:
-  Person: ''
-  Handle: ''
 Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Person: ''
+    Handle: ''
 KnownVulnerableSamples:
-- Filename: zam64.sys
-  MD5: 2a3ce41bb2a7894d939fbd1b20dae5a0
-  SHA1: cd248648eafca6ef77c1b76237a6482f449f13be
-  SHA256: 2bbc6b9dd5e6d0327250b32305be20c89b19b56d33a096522ee33f22d8c82ff1
-  Authentihash:
-    MD5: 689e0587c7821c19c711424fa619dbad
-    SHA1: b9b230bb66c82e15f563ac0873a3a1db25995064
-    SHA256: 1997b7217dfddd8fbd4924e86b58fe585ef4bd91c3069d3deeb34ea70eb82d60
-  Description: ZAM
-  Company: Zemana Ltd.
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  Product: ZAM
-  ProductVersion: 2.18.371
-  Copyright: Zemana Ltd. All rights reserved.
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - ZwClose
-  - RtlUpperString
-  - RtlUpcaseUnicodeString
-  - PsGetCurrentProcessId
-  - ZwOpenProcess
-  - PsLookupProcessByProcessId
-  - ObQueryNameString
-  - FsRtlIsNameInExpression
-  - PsGetProcessImageFileName
-  - ZwQueryInformationProcess
-  - __C_specific_handler
-  - strchr
-  - RtlAppendUnicodeToString
-  - KeInitializeSemaphore
-  - KeReleaseSemaphore
-  - KeWaitForSingleObject
-  - KeAcquireSpinLockRaiseToDpc
-  - KeReleaseSpinLock
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - ZwQueryInformationFile
-  - ZwWriteFile
-  - PsGetCurrentThreadId
-  - ZwDeleteFile
-  - _vsnprintf
-  - PsThreadType
-  - PsSetCreateProcessNotifyRoutine
-  - PsGetProcessSessionId
-  - RtlAppendUnicodeStringToString
-  - ZwDeleteValueKey
-  - ZwSetValueKey
-  - towupper
-  - RtlIntegerToUnicodeString
-  - KeInitializeEvent
-  - KeSetEvent
-  - KeAcquireSpinLockAtDpcLevel
-  - KeReleaseSpinLockFromDpcLevel
-  - MmProbeAndLockPages
-  - IoAllocateIrp
-  - IoAllocateMdl
-  - IofCallDriver
-  - IoFreeIrp
-  - IoFreeMdl
-  - IoGetDeviceObjectPointer
-  - IoGetRelatedDeviceObject
-  - ObCloseHandle
-  - ObfReferenceObject
-  - ZwSetInformationFile
-  - ZwReadFile
-  - ZwOpenSymbolicLinkObject
-  - ZwQuerySymbolicLinkObject
-  - ZwCreateFile
-  - IoGetDeviceAttachmentBaseRef
-  - FsRtlGetFileSize
-  - ZwQuerySystemInformation
-  - IoFileObjectType
-  - KeReadStateEvent
-  - ExQueueWorkItem
-  - ExGetPreviousMode
-  - MmGetSystemRoutineAddress
-  - NtOpenProcess
-  - ZwCreateEvent
-  - ZwWaitForSingleObject
-  - ZwSetEvent
-  - NtQuerySystemInformation
-  - ExEventObjectType
-  - NtBuildNumber
-  - ZwDeleteKey
-  - ObReferenceObjectByName
-  - IoDriverObjectType
-  - MmIsDriverVerifying
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - RtlSetDaclSecurityDescriptor
-  - PsGetProcessId
-  - PsGetCurrentProcessSessionId
-  - ZwTerminateProcess
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - ZwOpenThread
-  - PsProcessType
-  - ExInterlockedInsertHeadList
-  - ExInterlockedRemoveHeadList
-  - CmRegisterCallback
-  - CmUnRegisterCallback
-  - RtlCreateRegistryKey
-  - ZwOpenKey
-  - ZwEnumerateKey
-  - ZwQueryKey
-  - ZwQueryValueKey
-  - RtlUnicodeStringToAnsiString
-  - RtlFreeAnsiString
-  - ProbeForWrite
-  - PsSetLoadImageNotifyRoutine
-  - PsRemoveLoadImageNotifyRoutine
-  - PsGetProcessSectionBaseAddress
-  - MmSystemRangeStart
-  - KeBugCheckEx
-  - ObfDereferenceObject
-  - ObReferenceObjectByHandle
-  - ProbeForRead
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - KeDelayExecutionThread
-  - RtlGetVersion
-  - DbgPrint
-  - RtlCopyUnicodeString
-  - RtlInitUnicodeString
-  - wcsstr
-  - IoCreateFileSpecifyDeviceObjectHint
-  - strstr
-  - FltSendMessage
-  - FltCloseCommunicationPort
-  - FltCreateCommunicationPort
-  - FltStartFiltering
-  - FltUnregisterFilter
-  - FltRegisterFilter
-  - FltBuildDefaultSecurityDescriptor
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=TR, L=Edirne, O=Zemana Ltd., CN=Zemana Ltd.
-      ValidFrom: '2014-12-16 00:00:00'
-      ValidTo: '2017-12-20 12:00:00'
-      Signature: 8a60d49cf93c42e609a5fc51877e8caee77cdc7848d3db41a9556d186c795f8f20e825c3be29056670c4414f35dc24e538606c0b1404c9b751e1fad91e2c136a5970c3c0edbb5a2391c47bb1d2782ff673636c6ec7bc2a69d06011f07dc957039835f50b6d5f342e75e00564be8edc0035aa4ae92d412dd38f347abff1d8ec9059ef25af4f5d1e20d6c5b2a5e69c7cba53c0f88901f7db044f11724be5a04b0d689c4f4fccef40d4a654954b67d5ecacf272c48a3d81ac0056c1d252f42bb403291f674642bd001d99b3846f0270b070d1487ef42e939193c949feb162e29ca5ad41d8d195b8e8f6e4c8dd79c46f27b06f9e15906df8f8fd9a850ba28f169468
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0210230fd364b469091b8a4440145e18
-      Version: 3
-      TBS:
-        MD5: 17e68f0650db3d4d698ef88ef963b47e
-        SHA1: 00162854ea07ea0a83aa941767277a5c3ab03c9d
-        SHA256: 7caefa120bfce12d33df6ed4ffefcb069a7290c90b378deca4ef2d66947eb18d
-        SHA384: e26234d027fe70850cbb5efc9c4e61196cdaa00339a64d729c6d4a57bd04d148b16c00e2855b79979787a76f4b860a25
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
-      Version: 3
-      TBS:
-        MD5: 829995f702421dea833a24fb2c7f4442
-        SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
-        SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
-        SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
-    Signer:
-    - SerialNumber: 0210230fd364b469091b8a4440145e18
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 5e737552d7162062a00f6f22da1133c4
-    SHA1: 4b43c25befb85e28d65bac423a06403c6043fd79
-    SHA256: b53db7580900ee00aaed432b8a5b36169f820f16bbf6d85d34ef641b1e5bfdcb
-  Sections:
-    .text:
-      Entropy: 6.311575029098583
-      Virtual Size: '0x20975'
-    .hook:
-      Entropy: 5.097466333253085
-      Virtual Size: '0x9af'
-    .rdata:
-      Entropy: 5.539147413432647
-      Virtual Size: '0x463c'
-    .data:
-      Entropy: 4.8888094657184
-      Virtual Size: '0x53c88'
-    .pdata:
-      Entropy: 5.125727272335482
-      Virtual Size: '0x84c'
-    INIT:
-      Entropy: 5.341472095080265
-      Virtual Size: '0xf2e'
-    .rsrc:
-      Entropy: 3.1200681658662868
-      Virtual Size: '0x270'
-    .reloc:
-      Entropy: 4.004251703727133
-      Virtual Size: '0x58'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2015-11-20 16:27:25'
-  Imphash: b35d1d3faa6c97b106b343823d5df867
-  LoadsDespiteHVCI: 'TRUE'
-- Filename: zam64.sys
-  MD5: db46c56849bbce9a55a03283efc8c280
-  SHA1: 8f4b79b8026da7f966d38a8ba494c113c5e3894b
-  SHA256: 3c18ae965fba56d09a65770b4d8da54ccd7801f979d3ebd283397bc99646004b
-  Authentihash:
-    MD5: a7d940958aa06308dfb68ed67e6ae18c
-    SHA1: ddb4d31681eb2e8e95aa33b78d454b29542d2a98
-    SHA256: ab1290211250af83be645072d346693890f3f29feda5a3a23ea97758247f7ba1
-  Description: ZAM
-  Company: Zemana Ltd.
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  Product: ZAM
-  ProductVersion: 2.16.928
-  Copyright: Zemana Ltd. All rights reserved.
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - ObfDereferenceObject
-  - ZwCreateFile
-  - ZwClose
-  - RtlUpperString
-  - RtlUpcaseUnicodeString
-  - PsGetCurrentProcessId
-  - ZwOpenProcess
-  - PsLookupProcessByProcessId
-  - ObQueryNameString
-  - FsRtlIsNameInExpression
-  - ZwQueryInformationProcess
-  - __C_specific_handler
-  - DbgPrint
-  - KeAcquireSpinLockRaiseToDpc
-  - KeReleaseSpinLock
-  - PsSetCreateProcessNotifyRoutine
-  - PsGetProcessImageFileName
-  - PsGetProcessSessionId
-  - RtlAppendUnicodeStringToString
-  - ZwDeleteValueKey
-  - ZwSetValueKey
-  - towupper
-  - RtlIntegerToUnicodeString
-  - RtlAppendUnicodeToString
-  - KeInitializeEvent
-  - KeSetEvent
-  - KeWaitForSingleObject
-  - KeAcquireSpinLockAtDpcLevel
-  - KeReleaseSpinLockFromDpcLevel
-  - MmProbeAndLockPages
-  - IoAllocateIrp
-  - IoAllocateMdl
-  - IofCallDriver
-  - IoFreeIrp
-  - IoFreeMdl
-  - IoGetDeviceObjectPointer
-  - IoGetRelatedDeviceObject
-  - ObCloseHandle
-  - ObfReferenceObject
-  - ZwQueryInformationFile
-  - ZwSetInformationFile
-  - ZwReadFile
-  - ZwWriteFile
-  - ZwOpenSymbolicLinkObject
-  - ZwQuerySymbolicLinkObject
-  - IoCreateFileSpecifyDeviceObjectHint
-  - ObReferenceObjectByHandle
-  - FsRtlGetFileSize
-  - ZwDeleteFile
-  - ZwQuerySystemInformation
-  - IoFileObjectType
-  - KeReadStateEvent
-  - ExQueueWorkItem
-  - ExGetPreviousMode
-  - MmGetSystemRoutineAddress
-  - NtOpenProcess
-  - ZwCreateEvent
-  - ZwWaitForSingleObject
-  - ZwSetEvent
-  - NtQuerySystemInformation
-  - ExEventObjectType
-  - NtBuildNumber
-  - ZwDeleteKey
-  - ObReferenceObjectByName
-  - IoDriverObjectType
-  - MmIsDriverVerifying
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - PsGetProcessId
-  - PsGetCurrentProcessSessionId
-  - ZwTerminateProcess
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - ZwOpenThread
-  - PsProcessType
-  - ExInterlockedInsertHeadList
-  - ExInterlockedRemoveHeadList
-  - CmRegisterCallback
-  - CmUnRegisterCallback
-  - RtlCreateRegistryKey
-  - ZwOpenKey
-  - ZwEnumerateKey
-  - ZwQueryKey
-  - ZwQueryValueKey
-  - RtlUnicodeStringToAnsiString
-  - RtlFreeAnsiString
-  - ProbeForWrite
-  - PsSetLoadImageNotifyRoutine
-  - PsRemoveLoadImageNotifyRoutine
-  - MmSystemRangeStart
-  - KeBugCheckEx
-  - ProbeForRead
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - KeDelayExecutionThread
-  - RtlGetVersion
-  - RtlCopyUnicodeString
-  - RtlInitUnicodeString
-  - wcsstr
-  - IoGetDeviceAttachmentBaseRef
-  - strstr
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=TR, L=Edirne, O=Zemana Ltd., CN=Zemana Ltd.
-      ValidFrom: '2014-12-16 00:00:00'
-      ValidTo: '2017-12-20 12:00:00'
-      Signature: 8a60d49cf93c42e609a5fc51877e8caee77cdc7848d3db41a9556d186c795f8f20e825c3be29056670c4414f35dc24e538606c0b1404c9b751e1fad91e2c136a5970c3c0edbb5a2391c47bb1d2782ff673636c6ec7bc2a69d06011f07dc957039835f50b6d5f342e75e00564be8edc0035aa4ae92d412dd38f347abff1d8ec9059ef25af4f5d1e20d6c5b2a5e69c7cba53c0f88901f7db044f11724be5a04b0d689c4f4fccef40d4a654954b67d5ecacf272c48a3d81ac0056c1d252f42bb403291f674642bd001d99b3846f0270b070d1487ef42e939193c949feb162e29ca5ad41d8d195b8e8f6e4c8dd79c46f27b06f9e15906df8f8fd9a850ba28f169468
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0210230fd364b469091b8a4440145e18
-      Version: 3
-      TBS:
-        MD5: 17e68f0650db3d4d698ef88ef963b47e
-        SHA1: 00162854ea07ea0a83aa941767277a5c3ab03c9d
-        SHA256: 7caefa120bfce12d33df6ed4ffefcb069a7290c90b378deca4ef2d66947eb18d
-        SHA384: e26234d027fe70850cbb5efc9c4e61196cdaa00339a64d729c6d4a57bd04d148b16c00e2855b79979787a76f4b860a25
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
-      Version: 3
-      TBS:
-        MD5: 829995f702421dea833a24fb2c7f4442
-        SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
-        SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
-        SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
-    Signer:
-    - SerialNumber: 0210230fd364b469091b8a4440145e18
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      Version: 1
-  RichPEHeaderHash:
-    MD5: ae5755ef6edfaf47c756c813503d9491
-    SHA1: 12e5b706039cb80653dac2ed809faf430e392b64
-    SHA256: 9cb52aae7fdcaabee6e2e9b8640a4a386e7610f0fdedd53413fd1a9d1e7c044b
-  Sections:
-    .text:
-      Entropy: 6.394396532876167
-      Virtual Size: '0xb374'
-    .hook:
-      Entropy: 5.038393262108047
-      Virtual Size: '0x9af'
-    .rdata:
-      Entropy: 5.496538814940608
-      Virtual Size: '0x4354'
-    .data:
-      Entropy: 4.885486089888766
-      Virtual Size: '0x95b0'
-    .pdata:
-      Entropy: 4.837204199996544
-      Virtual Size: '0x774'
-    INIT:
-      Entropy: 5.364871219090765
-      Virtual Size: '0xcea'
-    .rsrc:
-      Entropy: 3.1167029968436752
-      Virtual Size: '0x270'
-    .reloc:
-      Entropy: 4.005527221234636
-      Virtual Size: '0x5c'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2015-07-23 05:10:50'
-  Imphash: 7fba20994f76fb31b9f5a2b3f0c00055
-  LoadsDespiteHVCI: 'TRUE'
-- Filename: zamguard64.sys
-  MD5: 99c131567c10c25589e741e69a8f8aa3
-  SHA1: 3b8ddf860861cc4040dea2d2d09f80582547d105
-  SHA256: 45f42c5d874369d6be270ea27a5511efcca512aeac7977f83a51b7c4dee6b5ef
-  Authentihash:
-    MD5: 38757cf8a65976f362f287c3e94f8c1b
-    SHA1: 87cdb7698822d92a070b83b732fffa0ea99e34a2
-    SHA256: 950b672d3300bcacefe568156fbc8b16fa09da13df2f6ecda31254faaaf041f9
-  Description: ZAM
-  Company: Zemana Ltd.
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  Product: ZAM
-  ProductVersion: 2.20.865
-  Copyright: Zemana Ltd. All rights reserved.
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - FsRtlIsNameInExpression
-  - PsGetProcessImageFileName
-  - ZwQueryInformationProcess
-  - __C_specific_handler
-  - strchr
-  - RtlAppendUnicodeToString
-  - KeInitializeSemaphore
-  - KeReleaseSemaphore
-  - KeWaitForSingleObject
-  - KeAcquireSpinLockRaiseToDpc
-  - KeReleaseSpinLock
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - ZwQueryInformationFile
-  - ZwWriteFile
-  - PsGetCurrentThreadId
-  - ZwDeleteFile
-  - _vsnprintf
-  - PsThreadType
-  - PsSetCreateProcessNotifyRoutine
-  - PsGetProcessSessionId
-  - RtlAppendUnicodeStringToString
-  - ZwDeleteValueKey
-  - ZwSetValueKey
-  - towupper
-  - RtlIntegerToUnicodeString
-  - KeInitializeEvent
-  - KeSetEvent
-  - KeAcquireSpinLockAtDpcLevel
-  - KeReleaseSpinLockFromDpcLevel
-  - MmProbeAndLockPages
-  - IoAllocateIrp
-  - IoAllocateMdl
-  - IofCallDriver
-  - IoFreeIrp
-  - IoFreeMdl
-  - IoGetDeviceObjectPointer
-  - IoGetRelatedDeviceObject
-  - ObCloseHandle
-  - ObfReferenceObject
-  - ZwSetInformationFile
-  - ZwReadFile
-  - ZwOpenSymbolicLinkObject
-  - ZwQuerySymbolicLinkObject
-  - IoCreateFileSpecifyDeviceObjectHint
-  - IoGetDeviceAttachmentBaseRef
-  - FsRtlGetFileSize
-  - ObQueryNameString
-  - IoFileObjectType
-  - KeReadStateEvent
-  - ExQueueWorkItem
-  - ExGetPreviousMode
-  - MmGetSystemRoutineAddress
-  - NtOpenProcess
-  - ZwCreateEvent
-  - ZwWaitForSingleObject
-  - ZwSetEvent
-  - NtQuerySystemInformation
-  - ExEventObjectType
-  - NtBuildNumber
-  - ZwDeleteKey
-  - ObReferenceObjectByName
-  - IoDriverObjectType
-  - MmIsDriverVerifying
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - RtlSetDaclSecurityDescriptor
-  - MmMapLockedPagesSpecifyCache
-  - PsGetProcessId
-  - IoThreadToProcess
-  - PsGetCurrentProcessSessionId
-  - ZwTerminateProcess
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - ZwOpenThread
-  - PsProcessType
-  - ExInterlockedInsertHeadList
-  - ExInterlockedRemoveHeadList
-  - CmRegisterCallback
-  - CmUnRegisterCallback
-  - RtlCreateRegistryKey
-  - ZwOpenKey
-  - ZwEnumerateKey
-  - ZwQueryKey
-  - ZwQueryValueKey
-  - RtlUnicodeStringToAnsiString
-  - RtlFreeAnsiString
-  - ProbeForWrite
-  - PsSetLoadImageNotifyRoutine
-  - PsRemoveLoadImageNotifyRoutine
-  - PsGetProcessSectionBaseAddress
-  - MmSystemRangeStart
-  - KeBugCheckEx
-  - PsLookupProcessByProcessId
-  - ZwOpenProcess
-  - PsGetCurrentProcessId
-  - RtlUpcaseUnicodeString
-  - RtlUpperString
-  - ZwClose
-  - ZwCreateFile
-  - ObfDereferenceObject
-  - ObReferenceObjectByHandle
-  - ProbeForRead
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - KeDelayExecutionThread
-  - RtlGetVersion
-  - DbgPrint
-  - RtlCopyUnicodeString
-  - RtlInitUnicodeString
-  - wcsstr
-  - ZwQuerySystemInformation
-  - strstr
-  - FltSendMessage
-  - FltCloseCommunicationPort
-  - FltCreateCommunicationPort
-  - FltReleaseContext
-  - FltGetStreamHandleContext
-  - FltSetStreamHandleContext
-  - FltAllocateContext
-  - FltCancelFileOpen
-  - FltQueryInformationFile
-  - FltReadFile
-  - FltParseFileNameInformation
-  - FltReleaseFileNameInformation
-  - FltGetFileNameInformation
-  - FltFreePoolAlignedWithTag
-  - FltAllocatePoolAlignedWithTag
-  - FltStartFiltering
-  - FltUnregisterFilter
-  - FltRegisterFilter
-  - FltBuildDefaultSecurityDescriptor
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=TR, L=Edirne, O=Zemana Ltd., CN=Zemana Ltd.
-      ValidFrom: '2014-12-16 00:00:00'
-      ValidTo: '2017-12-20 12:00:00'
-      Signature: 8a60d49cf93c42e609a5fc51877e8caee77cdc7848d3db41a9556d186c795f8f20e825c3be29056670c4414f35dc24e538606c0b1404c9b751e1fad91e2c136a5970c3c0edbb5a2391c47bb1d2782ff673636c6ec7bc2a69d06011f07dc957039835f50b6d5f342e75e00564be8edc0035aa4ae92d412dd38f347abff1d8ec9059ef25af4f5d1e20d6c5b2a5e69c7cba53c0f88901f7db044f11724be5a04b0d689c4f4fccef40d4a654954b67d5ecacf272c48a3d81ac0056c1d252f42bb403291f674642bd001d99b3846f0270b070d1487ef42e939193c949feb162e29ca5ad41d8d195b8e8f6e4c8dd79c46f27b06f9e15906df8f8fd9a850ba28f169468
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0210230fd364b469091b8a4440145e18
-      Version: 3
-      TBS:
-        MD5: 17e68f0650db3d4d698ef88ef963b47e
-        SHA1: 00162854ea07ea0a83aa941767277a5c3ab03c9d
-        SHA256: 7caefa120bfce12d33df6ed4ffefcb069a7290c90b378deca4ef2d66947eb18d
-        SHA384: e26234d027fe70850cbb5efc9c4e61196cdaa00339a64d729c6d4a57bd04d148b16c00e2855b79979787a76f4b860a25
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
-      Version: 3
-      TBS:
-        MD5: 829995f702421dea833a24fb2c7f4442
-        SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
-        SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
-        SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
-    Signer:
-    - SerialNumber: 0210230fd364b469091b8a4440145e18
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      Version: 1
-  RichPEHeaderHash:
-    MD5: c0210f91c028886456549a7aa78f8147
-    SHA1: ea5478898d988d1bfa1287940ad74e5445f80a8d
-    SHA256: 820b53e3b20277040944a1286a3f401ca8fb24b4f93535dc570e2261632e2f26
-  Sections:
-    .text:
-      Entropy: 6.318184968025881
-      Virtual Size: '0x217a5'
-    .hook:
-      Entropy: 5.11576244605271
-      Virtual Size: '0x9af'
-    .rdata:
-      Entropy: 5.528539978421143
-      Virtual Size: '0x4744'
-    .data:
-      Entropy: 4.888903009535537
-      Virtual Size: '0x53c88'
-    .pdata:
-      Entropy: 5.14656609792469
-      Virtual Size: '0x8d0'
-    INIT:
-      Entropy: 5.334266463396646
-      Virtual Size: '0x1106'
-    .rsrc:
-      Entropy: 3.1014865335947537
-      Virtual Size: '0x270'
-    .reloc:
-      Entropy: 4.064239284774715
-      Virtual Size: '0x60'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2016-05-24 03:38:42'
-  Imphash: 3edc60bda68569cac7ad7604728ff40d
-  LoadsDespiteHVCI: 'TRUE'
-- Filename: zam64.sys
-  MD5: e5f8fcdfb52155ed4dffd8a205b3d091
-  SHA1: 90abd7670c84c47e6ffc45c67d676db8c12b1939
-  SHA256: 76614f2e372f33100a8d92bf372cdbc1e183930ca747eed0b0cf2501293b990a
-  Authentihash:
-    MD5: ad2c4382390a8740dcea8b0aef5552c2
-    SHA1: 0740faffcb163f4c8cd204c367b9492f2e361207
-    SHA256: b529550e8d2ec6133be50d7139179654301ff84ba09da0cd256c5dec924a185c
-  Description: ZAM
-  Company: Zemana Ltd.
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  Product: ZAM
-  ProductVersion: 2.18.229
-  Copyright: Zemana Ltd. All rights reserved.
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - ZwClose
-  - RtlUpperString
-  - RtlUpcaseUnicodeString
-  - PsGetCurrentProcessId
-  - ZwOpenProcess
-  - PsLookupProcessByProcessId
-  - ObQueryNameString
-  - FsRtlIsNameInExpression
-  - PsGetProcessImageFileName
-  - ZwQueryInformationProcess
-  - __C_specific_handler
-  - strchr
-  - RtlAppendUnicodeToString
-  - KeInitializeSemaphore
-  - KeReleaseSemaphore
-  - KeWaitForSingleObject
-  - KeAcquireSpinLockRaiseToDpc
-  - KeReleaseSpinLock
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - ZwQueryInformationFile
-  - ZwWriteFile
-  - PsGetCurrentThreadId
-  - ZwDeleteFile
-  - _vsnprintf
-  - PsThreadType
-  - PsSetCreateProcessNotifyRoutine
-  - PsGetProcessSessionId
-  - RtlAppendUnicodeStringToString
-  - ZwDeleteValueKey
-  - ZwSetValueKey
-  - towupper
-  - RtlIntegerToUnicodeString
-  - KeInitializeEvent
-  - KeSetEvent
-  - KeAcquireSpinLockAtDpcLevel
-  - KeReleaseSpinLockFromDpcLevel
-  - MmProbeAndLockPages
-  - IoAllocateIrp
-  - IoAllocateMdl
-  - IofCallDriver
-  - IoFreeIrp
-  - IoFreeMdl
-  - IoGetDeviceObjectPointer
-  - IoGetRelatedDeviceObject
-  - ObCloseHandle
-  - ObfReferenceObject
-  - ZwSetInformationFile
-  - ZwReadFile
-  - ZwOpenSymbolicLinkObject
-  - ZwCreateFile
-  - IoCreateFileSpecifyDeviceObjectHint
-  - IoGetDeviceAttachmentBaseRef
-  - FsRtlGetFileSize
-  - ZwQuerySystemInformation
-  - IoFileObjectType
-  - KeReadStateEvent
-  - ExQueueWorkItem
-  - ExGetPreviousMode
-  - MmGetSystemRoutineAddress
-  - NtOpenProcess
-  - ZwCreateEvent
-  - ZwWaitForSingleObject
-  - ZwSetEvent
-  - NtQuerySystemInformation
-  - ExEventObjectType
-  - NtBuildNumber
-  - ZwDeleteKey
-  - ObReferenceObjectByName
-  - IoDriverObjectType
-  - MmIsDriverVerifying
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - RtlSetDaclSecurityDescriptor
-  - PsGetProcessId
-  - PsGetCurrentProcessSessionId
-  - ZwTerminateProcess
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - ZwOpenThread
-  - PsProcessType
-  - ExInterlockedInsertHeadList
-  - ExInterlockedRemoveHeadList
-  - CmRegisterCallback
-  - CmUnRegisterCallback
-  - RtlCreateRegistryKey
-  - ZwOpenKey
-  - ZwEnumerateKey
-  - ZwQueryKey
-  - ZwQueryValueKey
-  - RtlUnicodeStringToAnsiString
-  - RtlFreeAnsiString
-  - ProbeForWrite
-  - PsSetLoadImageNotifyRoutine
-  - PsRemoveLoadImageNotifyRoutine
-  - MmSystemRangeStart
-  - KeBugCheckEx
-  - ObfDereferenceObject
-  - ObReferenceObjectByHandle
-  - ProbeForRead
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - KeDelayExecutionThread
-  - RtlGetVersion
-  - DbgPrint
-  - RtlCopyUnicodeString
-  - RtlInitUnicodeString
-  - wcsstr
-  - ZwQuerySymbolicLinkObject
-  - strstr
-  - FltSendMessage
-  - FltCloseCommunicationPort
-  - FltCreateCommunicationPort
-  - FltStartFiltering
-  - FltUnregisterFilter
-  - FltRegisterFilter
-  - FltBuildDefaultSecurityDescriptor
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=TR, L=Edirne, O=Zemana Ltd., CN=Zemana Ltd.
-      ValidFrom: '2014-12-16 00:00:00'
-      ValidTo: '2017-12-20 12:00:00'
-      Signature: 8a60d49cf93c42e609a5fc51877e8caee77cdc7848d3db41a9556d186c795f8f20e825c3be29056670c4414f35dc24e538606c0b1404c9b751e1fad91e2c136a5970c3c0edbb5a2391c47bb1d2782ff673636c6ec7bc2a69d06011f07dc957039835f50b6d5f342e75e00564be8edc0035aa4ae92d412dd38f347abff1d8ec9059ef25af4f5d1e20d6c5b2a5e69c7cba53c0f88901f7db044f11724be5a04b0d689c4f4fccef40d4a654954b67d5ecacf272c48a3d81ac0056c1d252f42bb403291f674642bd001d99b3846f0270b070d1487ef42e939193c949feb162e29ca5ad41d8d195b8e8f6e4c8dd79c46f27b06f9e15906df8f8fd9a850ba28f169468
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0210230fd364b469091b8a4440145e18
-      Version: 3
-      TBS:
-        MD5: 17e68f0650db3d4d698ef88ef963b47e
-        SHA1: 00162854ea07ea0a83aa941767277a5c3ab03c9d
-        SHA256: 7caefa120bfce12d33df6ed4ffefcb069a7290c90b378deca4ef2d66947eb18d
-        SHA384: e26234d027fe70850cbb5efc9c4e61196cdaa00339a64d729c6d4a57bd04d148b16c00e2855b79979787a76f4b860a25
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
-      Version: 3
-      TBS:
-        MD5: 829995f702421dea833a24fb2c7f4442
-        SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
-        SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
-        SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
-    Signer:
-    - SerialNumber: 0210230fd364b469091b8a4440145e18
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 9b5178d71a0cb5373b4990094392a528
-    SHA1: 155e20603f42078857e8d77b8729385f21b38222
-    SHA256: 20fee3293ed1f05bc11ae72145db01fabac5b03a5373d99becc657699f98b330
-  Sections:
-    .text:
-      Entropy: 6.311766074951009
-      Virtual Size: '0x20925'
-    .hook:
-      Entropy: 5.1040723684174
-      Virtual Size: '0x9af'
-    .rdata:
-      Entropy: 5.537965882188229
-      Virtual Size: '0x464c'
-    .data:
-      Entropy: 4.8888094657184
-      Virtual Size: '0x53c88'
-    .pdata:
-      Entropy: 5.128533673234583
-      Virtual Size: '0x84c'
-    INIT:
-      Entropy: 5.3440427741633085
-      Virtual Size: '0xf04'
-    .rsrc:
-      Entropy: 3.11127988172195
-      Virtual Size: '0x270'
-    .reloc:
-      Entropy: 4.004251703727133
-      Virtual Size: '0x58'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2015-11-03 07:00:59'
-  Imphash: c6a0f65ba653ee78255cc9e314abc442
-  LoadsDespiteHVCI: 'TRUE'
-- Filename: zam64.sys
-  MD5: 707ab1170389eba44ffd4cfad01b5969
-  SHA1: b99a5396094b6b20cea72fbf0c0083030155f74e
-  SHA256: 7cb594af6a3655daebc9fad9c8abf2417b00ba31dcd118707824e5316fc0cc21
-  Authentihash:
-    MD5: fb3161dd2e402cfdd3495278974f4181
-    SHA1: 9c7deb9def09bca28c37211992c76880f575b9ef
-    SHA256: a59ad5be59f73f2a138c70d8aa634bf5f3364a67e072b64ff2a6d4627514a9ad
-  Description: ZAM
-  Company: Zemana Ltd.
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: 3.0.0.000
-  Product: ZAM
-  ProductVersion: 3.0.0.000
-  Copyright: Zemana Ltd. All rights reserved.
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - FsRtlIsNameInExpression
-  - PsGetProcessImageFileName
-  - ZwQueryInformationProcess
-  - __C_specific_handler
-  - strchr
-  - RtlAppendUnicodeToString
-  - KeInitializeSemaphore
-  - KeReleaseSemaphore
-  - KeWaitForSingleObject
-  - KeAcquireSpinLockRaiseToDpc
-  - KeReleaseSpinLock
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - ZwQueryInformationFile
-  - ZwWriteFile
-  - PsGetCurrentThreadId
-  - ZwDeleteFile
-  - _vsnprintf
-  - PsThreadType
-  - PsSetCreateProcessNotifyRoutine
-  - PsGetProcessSessionId
-  - RtlAppendUnicodeStringToString
-  - ZwDeleteValueKey
-  - ZwSetValueKey
-  - towupper
-  - RtlIntegerToUnicodeString
-  - KeInitializeEvent
-  - KeSetEvent
-  - KeAcquireSpinLockAtDpcLevel
-  - KeReleaseSpinLockFromDpcLevel
-  - MmProbeAndLockPages
-  - IoAllocateIrp
-  - IoAllocateMdl
-  - IofCallDriver
-  - IoFreeIrp
-  - IoFreeMdl
-  - IoGetDeviceObjectPointer
-  - IoGetRelatedDeviceObject
-  - ObCloseHandle
-  - ObfReferenceObject
-  - ZwSetInformationFile
-  - ZwReadFile
-  - ZwOpenSymbolicLinkObject
-  - ZwQuerySymbolicLinkObject
-  - IoCreateFileSpecifyDeviceObjectHint
-  - IoGetDeviceAttachmentBaseRef
-  - FsRtlGetFileSize
-  - ObQueryNameString
-  - IoFileObjectType
-  - KeReadStateEvent
-  - ExQueueWorkItem
-  - ExGetPreviousMode
-  - MmGetSystemRoutineAddress
-  - NtOpenProcess
-  - ZwCreateEvent
-  - ZwWaitForSingleObject
-  - ZwSetEvent
-  - NtQuerySystemInformation
-  - ExEventObjectType
-  - NtBuildNumber
-  - ZwDeleteKey
-  - ObReferenceObjectByName
-  - IoDriverObjectType
-  - MmIsDriverVerifying
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - RtlSetDaclSecurityDescriptor
-  - MmMapLockedPagesSpecifyCache
-  - PsGetProcessId
-  - IoThreadToProcess
-  - PsGetCurrentProcessSessionId
-  - ZwTerminateProcess
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - ZwOpenThread
-  - PsProcessType
-  - ExInterlockedInsertHeadList
-  - ExInterlockedRemoveHeadList
-  - CmRegisterCallback
-  - CmUnRegisterCallback
-  - RtlCreateRegistryKey
-  - ZwOpenKey
-  - ZwEnumerateKey
-  - ZwQueryKey
-  - ZwQueryValueKey
-  - RtlUnicodeStringToAnsiString
-  - RtlFreeAnsiString
-  - ProbeForWrite
-  - PsSetLoadImageNotifyRoutine
-  - PsRemoveLoadImageNotifyRoutine
-  - PsGetProcessSectionBaseAddress
-  - MmSystemRangeStart
-  - KeBugCheckEx
-  - PsLookupProcessByProcessId
-  - ZwOpenProcess
-  - PsGetCurrentProcessId
-  - RtlUpcaseUnicodeString
-  - RtlUpperString
-  - ZwClose
-  - ZwCreateFile
-  - ObfDereferenceObject
-  - ObReferenceObjectByHandle
-  - ProbeForRead
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - KeDelayExecutionThread
-  - RtlGetVersion
-  - DbgPrint
-  - RtlCopyUnicodeString
-  - RtlInitUnicodeString
-  - wcsstr
-  - ZwQuerySystemInformation
-  - strstr
-  - FltSendMessage
-  - FltCloseCommunicationPort
-  - FltCreateCommunicationPort
-  - FltReleaseContext
-  - FltGetStreamHandleContext
-  - FltSetStreamHandleContext
-  - FltAllocateContext
-  - FltCancelFileOpen
-  - FltQueryInformationFile
-  - FltReadFile
-  - FltParseFileNameInformation
-  - FltReleaseFileNameInformation
-  - FltGetFileNameInformation
-  - FltFreePoolAlignedWithTag
-  - FltAllocatePoolAlignedWithTag
-  - FltStartFiltering
-  - FltUnregisterFilter
-  - FltRegisterFilter
-  - FltBuildDefaultSecurityDescriptor
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Hardware Compatibility Publisher
-      ValidFrom: '2022-06-07 18:08:07'
-      ValidTo: '2023-06-01 18:08:07'
-      Signature: 4c967b89d7f96aa22dbaa9eee6cdc8dad16669620cd9c5c84bf3ca1ec4eaa4a67df9fafb84ba75fcec635f0a3d484541d890d65542406e5792504ecb8fd428068837b11d8e9d4cdb503608d0842dea48428247b46364746dc86b79cdc3379acb229e67b749ed31d3c6bcc88624bff3e066355d59b7ef9e715d3c3270506d1e794959edd8df2572505c15876ac0f42ed0d05f70214f50fb109627ab192b217d6a2bf503fe35811f6ffcf0585ae508c37589dc8015eea615f36ea2f1105c0f677a6758cb4898b57458cab4fc2e1c60f8af32baf51cb41b775e79815713693db878a935b1fb8232232310bba545e57c74d63a406968c36818974ea1e425839b83e81c94897f1b896d2974e32ff5a47f8bcefdebfde84a4d01c5918bf98aececb8edb2ef9dc697054676a10c04313f3a131469c978f2e7839f11a28e436936cc07e227fd705becbb54ba67c2eeaaa025658811de22f37e4ce51109c10ed94a65583cc4e4024432cedf41b3b18b175360b1f4e12a0cc9d562e7fabd80bacb78a74e9262a9a46c3d0a7757f71e4202522cb70d9591c77e1a4b0ca24739a9cef78f7d2fb376c4cf56a35b58deb7dba458bee058254bc3883ba356c79f458815e3bbcac600b063594db47ffdbb215783bf5c38c74a1fc6271a093aab79b4cf253c14b1eeb89f9c607d7956203166fa4420482b52ab4f3bd3f0e6bda4a13a018f0ecdb0a0
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 3300000058e7c589c068dca727000000000058
-      Version: 3
-      TBS:
-        MD5: d83c9268bb1f35e4ea0f81b7b876b4f8
-        SHA1: 6a784e02bf67f5791a85567716aa2d0fd701fcd0
-        SHA256: 00dab92fcb3753ac06147a6d8888b5731877d84979e3f178f572e3a1dff33fa8
-        SHA384: 75264b08d0862968698b184e6049337dbb3ddaab64c4cb71aaa8b990f10bc8b8660e2b1044da616784559b92f6b45280
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2014
-      ValidFrom: '2014-10-15 20:31:27'
-      ValidTo: '2029-10-15 20:41:27'
-      Signature: 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 330000000d690d5d7893d076df00000000000d
-      Version: 3
-      TBS:
-        MD5: 83f69422963f11c3c340b81712eef319
-        SHA1: 0c5e5f24590b53bc291e28583acb78e5adc95601
-        SHA256: d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
-        SHA384: 260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63
-    Signer:
-    - SerialNumber: 3300000058e7c589c068dca727000000000058
-      Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2014
-      Version: 1
-  RichPEHeaderHash:
-    MD5: c0210f91c028886456549a7aa78f8147
-    SHA1: ea5478898d988d1bfa1287940ad74e5445f80a8d
-    SHA256: 820b53e3b20277040944a1286a3f401ca8fb24b4f93535dc570e2261632e2f26
-  Sections:
-    .text:
-      Entropy: 6.31806175189807
-      Virtual Size: '0x217b5'
-    .hook:
-      Entropy: 5.11599521430575
-      Virtual Size: '0x9af'
-    .rdata:
-      Entropy: 5.529476686216564
-      Virtual Size: '0x4744'
-    .data:
-      Entropy: 4.888903009535537
-      Virtual Size: '0x53c88'
-    .pdata:
-      Entropy: 5.138271966562841
-      Virtual Size: '0x8d0'
-    INIT:
-      Entropy: 5.334070329167121
-      Virtual Size: '0x1106'
-    .rsrc:
-      Entropy: 3.1501576835148613
-      Virtual Size: '0x298'
-    .reloc:
-      Entropy: 4.064239284774715
-      Virtual Size: '0x60'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2016-08-17 11:06:53'
-  Imphash: 3edc60bda68569cac7ad7604728ff40d
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: zam64.sys
-  MD5: 9e0659d443a2b9d1afc75a160f500605
-  SHA1: 09f117d83f2f206ee37f1eb19eea576a0ac9bdcc
-  SHA256: 8fe9828bea83adc8b1429394db7a556a17f79846ad0bfb7f242084a5c96edf2a
-  Authentihash:
-    MD5: 536527a09edbc7e8c174f7f7423a79a1
-    SHA1: 60d4d82640d4550c3e2cfba69f00b5c7472e4926
-    SHA256: dcf9bc1e511993fd8c87b8cab5c23366cc818cccc40617cabc8f242d4a8751d7
-  Description: ZAM
-  Company: Zemana Ltd.
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  Product: ZAM
-  ProductVersion: 2.17.115
-  Copyright: Zemana Ltd. All rights reserved.
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - ObfDereferenceObject
-  - ZwCreateFile
-  - ZwClose
-  - RtlUpperString
-  - RtlUpcaseUnicodeString
-  - PsGetCurrentProcessId
-  - ZwOpenProcess
-  - PsLookupProcessByProcessId
-  - ObQueryNameString
-  - FsRtlIsNameInExpression
-  - ZwQueryInformationProcess
-  - __C_specific_handler
-  - DbgPrint
-  - KeAcquireSpinLockRaiseToDpc
-  - KeReleaseSpinLock
-  - PsSetCreateProcessNotifyRoutine
-  - PsGetProcessImageFileName
-  - PsGetProcessSessionId
-  - RtlAppendUnicodeStringToString
-  - ZwDeleteValueKey
-  - ZwSetValueKey
-  - towupper
-  - RtlIntegerToUnicodeString
-  - RtlAppendUnicodeToString
-  - KeInitializeEvent
-  - KeSetEvent
-  - KeWaitForSingleObject
-  - KeAcquireSpinLockAtDpcLevel
-  - KeReleaseSpinLockFromDpcLevel
-  - MmProbeAndLockPages
-  - IoAllocateIrp
-  - IoAllocateMdl
-  - IofCallDriver
-  - IoFreeIrp
-  - IoFreeMdl
-  - IoGetDeviceObjectPointer
-  - IoGetRelatedDeviceObject
-  - ObCloseHandle
-  - ObfReferenceObject
-  - ZwQueryInformationFile
-  - ZwSetInformationFile
-  - ZwReadFile
-  - ZwWriteFile
-  - ZwOpenSymbolicLinkObject
-  - ZwQuerySymbolicLinkObject
-  - IoCreateFileSpecifyDeviceObjectHint
-  - ObReferenceObjectByHandle
-  - FsRtlGetFileSize
-  - ZwDeleteFile
-  - ZwQuerySystemInformation
-  - IoFileObjectType
-  - KeReadStateEvent
-  - ExQueueWorkItem
-  - ExGetPreviousMode
-  - MmGetSystemRoutineAddress
-  - NtOpenProcess
-  - ZwCreateEvent
-  - ZwWaitForSingleObject
-  - ZwSetEvent
-  - NtQuerySystemInformation
-  - ExEventObjectType
-  - NtBuildNumber
-  - ZwDeleteKey
-  - ObReferenceObjectByName
-  - IoDriverObjectType
-  - MmIsDriverVerifying
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - PsGetProcessId
-  - PsGetCurrentProcessSessionId
-  - ZwTerminateProcess
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - ZwOpenThread
-  - PsProcessType
-  - ExInterlockedInsertHeadList
-  - ExInterlockedRemoveHeadList
-  - CmRegisterCallback
-  - CmUnRegisterCallback
-  - RtlCreateRegistryKey
-  - ZwOpenKey
-  - ZwEnumerateKey
-  - ZwQueryKey
-  - ZwQueryValueKey
-  - RtlUnicodeStringToAnsiString
-  - RtlFreeAnsiString
-  - ProbeForWrite
-  - PsSetLoadImageNotifyRoutine
-  - PsRemoveLoadImageNotifyRoutine
-  - MmSystemRangeStart
-  - KeBugCheckEx
-  - ProbeForRead
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - KeDelayExecutionThread
-  - RtlGetVersion
-  - RtlCopyUnicodeString
-  - RtlInitUnicodeString
-  - wcsstr
-  - IoGetDeviceAttachmentBaseRef
-  - strstr
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=TR, L=Edirne, O=Zemana Ltd., CN=Zemana Ltd.
-      ValidFrom: '2014-12-16 00:00:00'
-      ValidTo: '2017-12-20 12:00:00'
-      Signature: 8a60d49cf93c42e609a5fc51877e8caee77cdc7848d3db41a9556d186c795f8f20e825c3be29056670c4414f35dc24e538606c0b1404c9b751e1fad91e2c136a5970c3c0edbb5a2391c47bb1d2782ff673636c6ec7bc2a69d06011f07dc957039835f50b6d5f342e75e00564be8edc0035aa4ae92d412dd38f347abff1d8ec9059ef25af4f5d1e20d6c5b2a5e69c7cba53c0f88901f7db044f11724be5a04b0d689c4f4fccef40d4a654954b67d5ecacf272c48a3d81ac0056c1d252f42bb403291f674642bd001d99b3846f0270b070d1487ef42e939193c949feb162e29ca5ad41d8d195b8e8f6e4c8dd79c46f27b06f9e15906df8f8fd9a850ba28f169468
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0210230fd364b469091b8a4440145e18
-      Version: 3
-      TBS:
-        MD5: 17e68f0650db3d4d698ef88ef963b47e
-        SHA1: 00162854ea07ea0a83aa941767277a5c3ab03c9d
-        SHA256: 7caefa120bfce12d33df6ed4ffefcb069a7290c90b378deca4ef2d66947eb18d
-        SHA384: e26234d027fe70850cbb5efc9c4e61196cdaa00339a64d729c6d4a57bd04d148b16c00e2855b79979787a76f4b860a25
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
-      Version: 3
-      TBS:
-        MD5: 829995f702421dea833a24fb2c7f4442
-        SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
-        SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
-        SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
-    Signer:
-    - SerialNumber: 0210230fd364b469091b8a4440145e18
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      Version: 1
-  RichPEHeaderHash:
-    MD5: ae5755ef6edfaf47c756c813503d9491
-    SHA1: 12e5b706039cb80653dac2ed809faf430e392b64
-    SHA256: 9cb52aae7fdcaabee6e2e9b8640a4a386e7610f0fdedd53413fd1a9d1e7c044b
-  Sections:
-    .text:
-      Entropy: 6.39444173923497
-      Virtual Size: '0xb374'
-    .hook:
-      Entropy: 5.038393262108047
-      Virtual Size: '0x9af'
-    .rdata:
-      Entropy: 5.49649919697251
-      Virtual Size: '0x4354'
-    .data:
-      Entropy: 4.885486089888766
-      Virtual Size: '0x95b0'
-    .pdata:
-      Entropy: 4.837204199996544
-      Virtual Size: '0x774'
-    INIT:
-      Entropy: 5.364871219090765
-      Virtual Size: '0xcea'
-    .rsrc:
-      Entropy: 3.1027914592928436
-      Virtual Size: '0x270'
-    .reloc:
-      Entropy: 4.005527221234636
-      Virtual Size: '0x5c'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2015-08-30 06:52:48'
-  Imphash: 7fba20994f76fb31b9f5a2b3f0c00055
-  LoadsDespiteHVCI: 'TRUE'
-- Filename: zamguard64.sys
-  MD5: 51e7b58f6e9b776568ffbd4dd9972a60
-  SHA1: 2cf75df00c69d907cfe683cb25077015d05be65d
-  SHA256: 9a95a70f68144980f2d684e96c79bdc93ebca1587f46afae6962478631e85d0c
-  Authentihash:
-    MD5: e03436e22127cd75a132169b627e5a3f
-    SHA1: b8d8e15e952b3fd2a510699d2124253565ecd611
-    SHA256: 082adcdc2d246d2291bcf135a7519840a84f27cfa3143d1372a9e2aa5e514dbd
-  Description: ZAM
-  Company: Zemana Ltd.
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  Product: ZAM
-  ProductVersion: 2.16.287
-  Copyright: Zemana Ltd. All rights reserved.
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - strstr
-  - wcsstr
-  - RtlInitUnicodeString
-  - RtlCopyUnicodeString
-  - RtlGetVersion
-  - KeDelayExecutionThread
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - ProbeForRead
-  - ObReferenceObjectByHandle
-  - ObfDereferenceObject
-  - ZwCreateFile
-  - ZwClose
-  - RtlUpperString
-  - RtlUpcaseUnicodeString
-  - PsGetCurrentProcessId
-  - ZwOpenProcess
-  - PsLookupProcessByProcessId
-  - ObQueryNameString
-  - FsRtlIsNameInExpression
-  - ZwQueryInformationProcess
-  - __C_specific_handler
-  - DbgPrint
-  - KeAcquireSpinLockRaiseToDpc
-  - KeReleaseSpinLock
-  - PsSetCreateProcessNotifyRoutine
-  - PsGetProcessImageFileName
-  - PsGetProcessSessionId
-  - RtlAppendUnicodeStringToString
-  - ZwDeleteValueKey
-  - ZwSetValueKey
-  - towupper
-  - RtlIntegerToUnicodeString
-  - RtlAppendUnicodeToString
-  - KeInitializeEvent
-  - KeSetEvent
-  - KeWaitForSingleObject
-  - KeAcquireSpinLockAtDpcLevel
-  - KeReleaseSpinLockFromDpcLevel
-  - MmProbeAndLockPages
-  - IoAllocateIrp
-  - IoAllocateMdl
-  - IofCallDriver
-  - IoFreeIrp
-  - IoFreeMdl
-  - IoGetDeviceObjectPointer
-  - IoGetRelatedDeviceObject
-  - ObCloseHandle
-  - ObfReferenceObject
-  - ZwQueryInformationFile
-  - ZwSetInformationFile
-  - ZwReadFile
-  - ZwWriteFile
-  - ZwOpenSymbolicLinkObject
-  - ZwQuerySymbolicLinkObject
-  - IoCreateFileSpecifyDeviceObjectHint
-  - IoGetDeviceAttachmentBaseRef
-  - FsRtlGetFileSize
-  - ZwDeleteFile
-  - ZwQuerySystemInformation
-  - IoFileObjectType
-  - KeReadStateEvent
-  - ExQueueWorkItem
-  - ExGetPreviousMode
-  - MmGetSystemRoutineAddress
-  - NtOpenProcess
-  - ZwCreateEvent
-  - ZwWaitForSingleObject
-  - ZwSetEvent
-  - NtQuerySystemInformation
-  - ExEventObjectType
-  - NtBuildNumber
-  - ZwDeleteKey
-  - ObReferenceObjectByName
-  - IoDriverObjectType
-  - MmIsDriverVerifying
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - PsGetCurrentProcessSessionId
-  - ZwTerminateProcess
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - ZwOpenThread
-  - PsProcessType
-  - ExInterlockedInsertHeadList
-  - ExInterlockedRemoveHeadList
-  - CmRegisterCallback
-  - CmUnRegisterCallback
-  - RtlCreateRegistryKey
-  - ZwOpenKey
-  - ZwEnumerateKey
-  - ZwQueryKey
-  - ZwQueryValueKey
-  - PsGetProcessId
-  - RtlUnicodeStringToAnsiString
-  - RtlFreeAnsiString
-  - ProbeForWrite
-  - PsSetLoadImageNotifyRoutine
-  - PsRemoveLoadImageNotifyRoutine
-  - MmSystemRangeStart
-  - KeBugCheckEx
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=TR, L=Edirne, O=Zemana Ltd., CN=Zemana Ltd.
-      ValidFrom: '2014-12-16 00:00:00'
-      ValidTo: '2017-12-20 12:00:00'
-      Signature: 8a60d49cf93c42e609a5fc51877e8caee77cdc7848d3db41a9556d186c795f8f20e825c3be29056670c4414f35dc24e538606c0b1404c9b751e1fad91e2c136a5970c3c0edbb5a2391c47bb1d2782ff673636c6ec7bc2a69d06011f07dc957039835f50b6d5f342e75e00564be8edc0035aa4ae92d412dd38f347abff1d8ec9059ef25af4f5d1e20d6c5b2a5e69c7cba53c0f88901f7db044f11724be5a04b0d689c4f4fccef40d4a654954b67d5ecacf272c48a3d81ac0056c1d252f42bb403291f674642bd001d99b3846f0270b070d1487ef42e939193c949feb162e29ca5ad41d8d195b8e8f6e4c8dd79c46f27b06f9e15906df8f8fd9a850ba28f169468
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0210230fd364b469091b8a4440145e18
-      Version: 3
-      TBS:
-        MD5: 17e68f0650db3d4d698ef88ef963b47e
-        SHA1: 00162854ea07ea0a83aa941767277a5c3ab03c9d
-        SHA256: 7caefa120bfce12d33df6ed4ffefcb069a7290c90b378deca4ef2d66947eb18d
-        SHA384: e26234d027fe70850cbb5efc9c4e61196cdaa00339a64d729c6d4a57bd04d148b16c00e2855b79979787a76f4b860a25
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
-      Version: 3
-      TBS:
-        MD5: 829995f702421dea833a24fb2c7f4442
-        SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
-        SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
-        SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
-    Signer:
-    - SerialNumber: 0210230fd364b469091b8a4440145e18
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      Version: 1
-  RichPEHeaderHash:
-    MD5: e0c0e404602172aa48774d25d95566a0
-    SHA1: 0063132555d9e0100f871f754fde426fbd9ad317
-    SHA256: abed6bb7959144a794ce1a624a4c333b89d73ac622d253fca9f3aab4a3505783
-  Sections:
-    .text:
-      Entropy: 6.385878636968825
-      Virtual Size: '0xb224'
-    .hook:
-      Entropy: 5.044794310603694
-      Virtual Size: '0x9af'
-    .rdata:
-      Entropy: 5.531467293507371
-      Virtual Size: '0x41d4'
-    .data:
-      Entropy: 4.886572228837024
-      Virtual Size: '0x8f58'
-    .pdata:
-      Entropy: 4.807436318496407
-      Virtual Size: '0x75c'
-    INIT:
-      Entropy: 5.3696053533373425
-      Virtual Size: '0xcea'
-    .rsrc:
-      Entropy: 3.1111150668737135
-      Virtual Size: '0x270'
-    .reloc:
-      Entropy: 3.8191100346914766
-      Virtual Size: '0x54'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2015-06-30 07:29:29'
-  Imphash: 0e9dfd08346bbe128159bff440d13389
-  LoadsDespiteHVCI: 'TRUE'
-- Filename: zamguard32.sys
-  MD5: 06897b431c07886454e0681723dd53e6
-  SHA1: 40d29aa7b3fafd27c8b27c7ca7a3089ccb88d69b
-  SHA256: ab2632a4d93a7f3b7598c06a9fdc773a1b1b69a7dd926bdb7cf578992628e9dd
-  Authentihash:
-    MD5: 4e0b0bd19c0f3c4a2a75e786474d9d06
-    SHA1: c5388c61135c7fe5617607206d663ac3eaef649c
-    SHA256: de99cea1cb680816afa10d2629a8067af1dc289d2d162a21b9dba71eb0e47745
-  Description: ZAM
-  Company: Zemana Ltd.
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  Product: ZAM
-  ProductVersion: 2.21.63
-  Copyright: Zemana Ltd. All rights reserved.
-  MachineType: I386
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  - FLTMGR.SYS
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - _allmul
-  - strchr
-  - RtlAppendUnicodeToString
-  - KeInitializeSemaphore
-  - KeReleaseSemaphore
-  - KeWaitForSingleObject
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - ZwQueryInformationFile
-  - ZwWriteFile
-  - PsGetCurrentThreadId
-  - ZwDeleteFile
-  - _vsnprintf
-  - PsThreadType
-  - KeQuerySystemTime
-  - PsSetCreateProcessNotifyRoutine
-  - PsGetProcessSessionId
-  - RtlAppendUnicodeStringToString
-  - ZwDeleteValueKey
-  - ZwSetValueKey
-  - towupper
-  - KeGetCurrentThread
-  - RtlIntegerToUnicodeString
-  - RtlCompareMemory
-  - KeInitializeEvent
-  - KeSetEvent
-  - KefAcquireSpinLockAtDpcLevel
-  - KefReleaseSpinLockFromDpcLevel
-  - MmProbeAndLockPages
-  - IoAllocateIrp
-  - IoAllocateMdl
-  - IofCallDriver
-  - IoFreeIrp
-  - IoFreeMdl
-  - IoGetDeviceObjectPointer
-  - IoGetRelatedDeviceObject
-  - ObCloseHandle
-  - ObfReferenceObject
-  - ZwSetInformationFile
-  - ZwReadFile
-  - ZwOpenSymbolicLinkObject
-  - ZwQuerySymbolicLinkObject
-  - IoCreateFileSpecifyDeviceObjectHint
-  - IoGetDeviceAttachmentBaseRef
-  - FsRtlGetFileSize
-  - ZwQuerySystemInformation
-  - IoFileObjectType
-  - ZwQueryInformationProcess
-  - ExQueueWorkItem
-  - ExGetPreviousMode
-  - MmGetSystemRoutineAddress
-  - NtOpenProcess
-  - ZwCreateEvent
-  - ZwWaitForSingleObject
-  - ZwSetEvent
-  - NtQuerySystemInformation
-  - ExEventObjectType
-  - NtBuildNumber
-  - ZwDeleteKey
-  - ObReferenceObjectByName
-  - IoDriverObjectType
-  - MmIsDriverVerifying
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - RtlSetDaclSecurityDescriptor
-  - MmMapLockedPagesSpecifyCache
-  - PsGetProcessId
-  - IoThreadToProcess
-  - PsGetCurrentProcessSessionId
-  - ZwTerminateProcess
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - ZwOpenThread
-  - PsProcessType
-  - ExfInterlockedInsertHeadList
-  - ExfInterlockedRemoveHeadList
-  - CmRegisterCallback
-  - CmUnRegisterCallback
-  - RtlCreateRegistryKey
-  - ZwOpenKey
-  - ZwEnumerateKey
-  - ZwQueryKey
-  - ZwQueryValueKey
-  - KeServiceDescriptorTable
-  - RtlUnicodeStringToAnsiString
-  - RtlFreeAnsiString
-  - ProbeForWrite
-  - PsSetLoadImageNotifyRoutine
-  - PsRemoveLoadImageNotifyRoutine
-  - PsGetProcessSectionBaseAddress
-  - MmSystemRangeStart
-  - KeBugCheckEx
-  - RtlUnwind
-  - PsGetProcessImageFileName
-  - FsRtlIsNameInExpression
-  - ObQueryNameString
-  - PsLookupProcessByProcessId
-  - PsGetCurrentProcessId
-  - ZwOpenProcess
-  - RtlUpcaseUnicodeString
-  - RtlUpperString
-  - ZwClose
-  - ZwCreateFile
-  - ObfDereferenceObject
-  - ObReferenceObjectByHandle
-  - ProbeForRead
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - KeDelayExecutionThread
-  - RtlGetVersion
-  - DbgPrint
-  - RtlCopyUnicodeString
-  - RtlInitUnicodeString
-  - wcsstr
-  - strstr
-  - _aullshr
-  - memcpy
-  - KeReadStateEvent
-  - memset
-  - KfRaiseIrql
-  - KfLowerIrql
-  - KfReleaseSpinLock
-  - KfAcquireSpinLock
-  - KeGetCurrentIrql
-  - FltSendMessage
-  - FltCloseCommunicationPort
-  - FltCreateCommunicationPort
-  - FltReleaseContext
-  - FltGetStreamHandleContext
-  - FltSetStreamHandleContext
-  - FltAllocateContext
-  - FltCancelFileOpen
-  - FltQueryInformationFile
-  - FltReadFile
-  - FltParseFileNameInformation
-  - FltReleaseFileNameInformation
-  - FltGetFileNameInformation
-  - FltFreePoolAlignedWithTag
-  - FltAllocatePoolAlignedWithTag
-  - FltStartFiltering
-  - FltUnregisterFilter
-  - FltRegisterFilter
-  - FltBuildDefaultSecurityDescriptor
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=TR, L=Edirne, O=Zemana Ltd., CN=Zemana Ltd.
-      ValidFrom: '2014-12-16 00:00:00'
-      ValidTo: '2017-12-20 12:00:00'
-      Signature: 8a60d49cf93c42e609a5fc51877e8caee77cdc7848d3db41a9556d186c795f8f20e825c3be29056670c4414f35dc24e538606c0b1404c9b751e1fad91e2c136a5970c3c0edbb5a2391c47bb1d2782ff673636c6ec7bc2a69d06011f07dc957039835f50b6d5f342e75e00564be8edc0035aa4ae92d412dd38f347abff1d8ec9059ef25af4f5d1e20d6c5b2a5e69c7cba53c0f88901f7db044f11724be5a04b0d689c4f4fccef40d4a654954b67d5ecacf272c48a3d81ac0056c1d252f42bb403291f674642bd001d99b3846f0270b070d1487ef42e939193c949feb162e29ca5ad41d8d195b8e8f6e4c8dd79c46f27b06f9e15906df8f8fd9a850ba28f169468
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0210230fd364b469091b8a4440145e18
-      Version: 3
-      TBS:
-        MD5: 17e68f0650db3d4d698ef88ef963b47e
-        SHA1: 00162854ea07ea0a83aa941767277a5c3ab03c9d
-        SHA256: 7caefa120bfce12d33df6ed4ffefcb069a7290c90b378deca4ef2d66947eb18d
-        SHA384: e26234d027fe70850cbb5efc9c4e61196cdaa00339a64d729c6d4a57bd04d148b16c00e2855b79979787a76f4b860a25
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
-      Version: 3
-      TBS:
-        MD5: 829995f702421dea833a24fb2c7f4442
-        SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
-        SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
-        SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
-    Signer:
-    - SerialNumber: 0210230fd364b469091b8a4440145e18
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      Version: 1
-  RichPEHeaderHash:
-    MD5: bf4174b7e1b1688fc834924419fb2346
-    SHA1: 829a54d3ecb838b80db5f3231a409664bff1b987
-    SHA256: da5b2c2f97975f75865da42c25ff8a3f10f02a2eb3f7a80ccb37de3f16118e12
-  Sections:
-    .text:
-      Entropy: 6.572668371587258
-      Virtual Size: '0x1b995'
-    .hook:
-      Entropy: 4.580963402374781
-      Virtual Size: '0x889'
-    .rdata:
-      Entropy: 5.467252707390709
-      Virtual Size: '0x3934'
-    .data:
-      Entropy: 4.880345457711278
-      Virtual Size: '0x3668c'
-    INIT:
-      Entropy: 5.638118044252383
-      Virtual Size: '0xf8c'
-    .rsrc:
-      Entropy: 3.132774613745373
-      Virtual Size: '0x268'
-    .reloc:
-      Entropy: 6.750936493564276
-      Virtual Size: '0x222c'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2016-08-17 11:07:02'
-  Imphash: a49a51d7f2ae972483961eb64d17888e
-  LoadsDespiteHVCI: 'TRUE'
-- Filename: zam64.sys
-  MD5: d4a10447fdaff7a001715191c1f914b6
-  SHA1: 628e63caf72c29042e162f5f7570105d2108e3c2
-  SHA256: d7e091e0d478c34232e8479b950c5513077b3a69309885cee4c61063e5f74ac0
-  Authentihash:
-    MD5: 8ff959801623fcaf37f6fde89a4aeec1
-    SHA1: b24f8e34221cb7eaa5bed2f177f6701380a0e71f
-    SHA256: 1a166e70dcaf3ef12836db1927953ee528e532cdae8165e67d776971e4cbc48c
-  Description: ZAM
-  Company: Zemana Ltd.
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: 2.11.1.510
-  Product: ZAM
-  ProductVersion: 2.11.1.510
-  Copyright: Zemana Ltd. All rights reserved.
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - strstr
-  - wcsstr
-  - RtlInitUnicodeString
-  - RtlCopyUnicodeString
-  - RtlGetVersion
-  - KeDelayExecutionThread
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - ProbeForRead
-  - ObReferenceObjectByHandle
-  - ObfDereferenceObject
-  - ZwCreateFile
-  - ZwClose
-  - RtlUpperString
-  - RtlUpcaseUnicodeString
-  - PsGetCurrentProcessId
-  - ZwOpenProcess
-  - PsLookupProcessByProcessId
-  - ObQueryNameString
-  - FsRtlIsNameInExpression
-  - ZwQueryInformationProcess
-  - __C_specific_handler
-  - DbgPrint
-  - KeAcquireSpinLockRaiseToDpc
-  - KeReleaseSpinLock
-  - PsSetCreateProcessNotifyRoutine
-  - PsGetProcessImageFileName
-  - PsGetProcessSessionId
-  - RtlAppendUnicodeStringToString
-  - ZwDeleteValueKey
-  - ZwSetValueKey
-  - towupper
-  - RtlIntegerToUnicodeString
-  - RtlAppendUnicodeToString
-  - KeInitializeEvent
-  - KeSetEvent
-  - KeWaitForSingleObject
-  - KeAcquireSpinLockAtDpcLevel
-  - KeReleaseSpinLockFromDpcLevel
-  - MmProbeAndLockPages
-  - IoAllocateIrp
-  - IoAllocateMdl
-  - IofCallDriver
-  - IoFreeIrp
-  - IoFreeMdl
-  - IoGetDeviceObjectPointer
-  - IoGetRelatedDeviceObject
-  - ObCloseHandle
-  - ObfReferenceObject
-  - ZwQueryInformationFile
-  - ZwSetInformationFile
-  - ZwReadFile
-  - ZwWriteFile
-  - ZwOpenSymbolicLinkObject
-  - ZwQuerySymbolicLinkObject
-  - IoCreateFileSpecifyDeviceObjectHint
-  - IoGetDeviceAttachmentBaseRef
-  - FsRtlGetFileSize
-  - ZwDeleteFile
-  - ZwQuerySystemInformation
-  - IoFileObjectType
-  - KeReadStateEvent
-  - ExQueueWorkItem
-  - ExGetPreviousMode
-  - MmGetSystemRoutineAddress
-  - NtOpenProcess
-  - ZwCreateEvent
-  - ZwWaitForSingleObject
-  - ZwSetEvent
-  - NtQuerySystemInformation
-  - ExEventObjectType
-  - NtBuildNumber
-  - ZwDeleteKey
-  - ObReferenceObjectByName
-  - IoDriverObjectType
-  - MmIsDriverVerifying
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - PsGetCurrentProcessSessionId
-  - ZwTerminateProcess
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - PsProcessType
-  - ExInterlockedInsertHeadList
-  - ExInterlockedRemoveHeadList
-  - CmRegisterCallback
-  - CmUnRegisterCallback
-  - RtlCreateRegistryKey
-  - ZwOpenKey
-  - ZwEnumerateKey
-  - ZwQueryKey
-  - ZwQueryValueKey
-  - PsGetProcessId
-  - RtlUnicodeStringToAnsiString
-  - RtlFreeAnsiString
-  - PsSetLoadImageNotifyRoutine
-  - PsRemoveLoadImageNotifyRoutine
-  - MmSystemRangeStart
-  - KeBugCheckEx
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=TR, L=Edirne, O=Zemana Ltd., CN=Zemana Ltd.
-      ValidFrom: '2014-12-16 00:00:00'
-      ValidTo: '2017-12-20 12:00:00'
-      Signature: 8a60d49cf93c42e609a5fc51877e8caee77cdc7848d3db41a9556d186c795f8f20e825c3be29056670c4414f35dc24e538606c0b1404c9b751e1fad91e2c136a5970c3c0edbb5a2391c47bb1d2782ff673636c6ec7bc2a69d06011f07dc957039835f50b6d5f342e75e00564be8edc0035aa4ae92d412dd38f347abff1d8ec9059ef25af4f5d1e20d6c5b2a5e69c7cba53c0f88901f7db044f11724be5a04b0d689c4f4fccef40d4a654954b67d5ecacf272c48a3d81ac0056c1d252f42bb403291f674642bd001d99b3846f0270b070d1487ef42e939193c949feb162e29ca5ad41d8d195b8e8f6e4c8dd79c46f27b06f9e15906df8f8fd9a850ba28f169468
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0210230fd364b469091b8a4440145e18
-      Version: 3
-      TBS:
-        MD5: 17e68f0650db3d4d698ef88ef963b47e
-        SHA1: 00162854ea07ea0a83aa941767277a5c3ab03c9d
-        SHA256: 7caefa120bfce12d33df6ed4ffefcb069a7290c90b378deca4ef2d66947eb18d
-        SHA384: e26234d027fe70850cbb5efc9c4e61196cdaa00339a64d729c6d4a57bd04d148b16c00e2855b79979787a76f4b860a25
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
-      Version: 3
-      TBS:
-        MD5: 829995f702421dea833a24fb2c7f4442
-        SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
-        SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
-        SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
-    Signer:
-    - SerialNumber: 0210230fd364b469091b8a4440145e18
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 03ecbde4b65b5fc87f13e1aac3284168
-    SHA1: 40790d40c391b7325d1843e2c39597720c8c4f69
-    SHA256: 86aa19cd5e2beaf013e66553b916cc39a8c456d7000e46bcfc4719eda41206b5
-  Sections:
-    .text:
-      Entropy: 6.391414310346214
-      Virtual Size: '0xaf64'
-    .hook:
-      Entropy: 5.064996868770916
-      Virtual Size: '0x9af'
-    .rdata:
-      Entropy: 5.536191925684008
-      Virtual Size: '0x414c'
-    .data:
-      Entropy: 4.88510732017845
-      Virtual Size: '0x8f58'
-    .pdata:
-      Entropy: 4.8352396491085745
-      Virtual Size: '0x720'
-    INIT:
-      Entropy: 5.371003736727007
-      Virtual Size: '0xcba'
-    .rsrc:
-      Entropy: 3.2000366091764283
-      Virtual Size: '0x2a8'
-    .reloc:
-      Entropy: 3.7715246176915187
-      Virtual Size: '0x54'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2015-05-12 07:14:11'
-  Imphash: 089e8a8f2bb007852c63b64e66430293
-  LoadsDespiteHVCI: 'TRUE'
-- Filename: zam64.sys
-  MD5: 75e50ae2e0f783e0caf912f45e15248a
-  SHA1: a3d612a5ea3439ba72157bd96e390070bdddbbf3
-  SHA256: de8f8006d8ee429b5f333503defa54b25447f4ed6aeade5e4219e23f3473ef1c
-  Authentihash:
-    MD5: cf4707d1cc2b1d1344058ac750e4e61e
-    SHA1: 3bd3de766013c31d87545bd7affd8e52c4e24f72
-    SHA256: e5316670c0bddc0519ef96b2db89285a8620a260429a97f9d2cf5b58b0287d91
-  Description: ZAM
-  Company: Zemana Ltd.
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  Product: ZAM
-  ProductVersion: 2.20.104
-  Copyright: Zemana Ltd. All rights reserved.
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - FsRtlIsNameInExpression
-  - PsGetProcessImageFileName
-  - ZwQueryInformationProcess
-  - __C_specific_handler
-  - strchr
-  - RtlAppendUnicodeToString
-  - KeInitializeSemaphore
-  - KeReleaseSemaphore
-  - KeWaitForSingleObject
-  - KeAcquireSpinLockRaiseToDpc
-  - KeReleaseSpinLock
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - ZwQueryInformationFile
-  - ZwWriteFile
-  - PsGetCurrentThreadId
-  - ZwDeleteFile
-  - _vsnprintf
-  - PsThreadType
-  - PsSetCreateProcessNotifyRoutine
-  - PsGetProcessSessionId
-  - RtlAppendUnicodeStringToString
-  - ZwDeleteValueKey
-  - ZwSetValueKey
-  - towupper
-  - RtlIntegerToUnicodeString
-  - KeInitializeEvent
-  - KeSetEvent
-  - KeAcquireSpinLockAtDpcLevel
-  - KeReleaseSpinLockFromDpcLevel
-  - MmProbeAndLockPages
-  - IoAllocateIrp
-  - IoAllocateMdl
-  - IofCallDriver
-  - IoFreeIrp
-  - IoFreeMdl
-  - IoGetDeviceObjectPointer
-  - IoGetRelatedDeviceObject
-  - ObCloseHandle
-  - ObfReferenceObject
-  - ZwSetInformationFile
-  - ZwReadFile
-  - ZwOpenSymbolicLinkObject
-  - ZwQuerySymbolicLinkObject
-  - IoCreateFileSpecifyDeviceObjectHint
-  - IoGetDeviceAttachmentBaseRef
-  - FsRtlGetFileSize
-  - ObQueryNameString
-  - IoFileObjectType
-  - KeReadStateEvent
-  - ExQueueWorkItem
-  - ExGetPreviousMode
-  - MmGetSystemRoutineAddress
-  - NtOpenProcess
-  - ZwCreateEvent
-  - ZwWaitForSingleObject
-  - ZwSetEvent
-  - NtQuerySystemInformation
-  - ExEventObjectType
-  - NtBuildNumber
-  - ZwDeleteKey
-  - ObReferenceObjectByName
-  - IoDriverObjectType
-  - MmIsDriverVerifying
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - RtlSetDaclSecurityDescriptor
-  - MmMapLockedPagesSpecifyCache
-  - PsGetProcessId
-  - IoThreadToProcess
-  - PsGetCurrentProcessSessionId
-  - ZwTerminateProcess
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - ZwOpenThread
-  - PsProcessType
-  - ExInterlockedInsertHeadList
-  - ExInterlockedRemoveHeadList
-  - CmRegisterCallback
-  - CmUnRegisterCallback
-  - RtlCreateRegistryKey
-  - ZwOpenKey
-  - ZwEnumerateKey
-  - ZwQueryKey
-  - ZwQueryValueKey
-  - RtlUnicodeStringToAnsiString
-  - RtlFreeAnsiString
-  - ProbeForWrite
-  - PsSetLoadImageNotifyRoutine
-  - PsRemoveLoadImageNotifyRoutine
-  - PsGetProcessSectionBaseAddress
-  - MmSystemRangeStart
-  - KeBugCheckEx
-  - PsLookupProcessByProcessId
-  - ZwOpenProcess
-  - PsGetCurrentProcessId
-  - RtlUpcaseUnicodeString
-  - RtlUpperString
-  - ZwClose
-  - ZwCreateFile
-  - ObfDereferenceObject
-  - ObReferenceObjectByHandle
-  - ProbeForRead
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - KeDelayExecutionThread
-  - RtlGetVersion
-  - RtlCopyUnicodeString
-  - RtlInitUnicodeString
-  - wcsstr
-  - strstr
-  - ZwQuerySystemInformation
-  - DbgPrint
-  - FltSendMessage
-  - FltCloseCommunicationPort
-  - FltCreateCommunicationPort
-  - FltReleaseContext
-  - FltGetStreamHandleContext
-  - FltSetStreamHandleContext
-  - FltAllocateContext
-  - FltCancelFileOpen
-  - FltQueryInformationFile
-  - FltReadFile
-  - FltParseFileNameInformation
-  - FltReleaseFileNameInformation
-  - FltGetFileNameInformation
-  - FltFreePoolAlignedWithTag
-  - FltAllocatePoolAlignedWithTag
-  - FltStartFiltering
-  - FltUnregisterFilter
-  - FltRegisterFilter
-  - FltBuildDefaultSecurityDescriptor
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=TR, L=Edirne, O=Zemana Ltd., CN=Zemana Ltd.
-      ValidFrom: '2014-12-16 00:00:00'
-      ValidTo: '2017-12-20 12:00:00'
-      Signature: 8a60d49cf93c42e609a5fc51877e8caee77cdc7848d3db41a9556d186c795f8f20e825c3be29056670c4414f35dc24e538606c0b1404c9b751e1fad91e2c136a5970c3c0edbb5a2391c47bb1d2782ff673636c6ec7bc2a69d06011f07dc957039835f50b6d5f342e75e00564be8edc0035aa4ae92d412dd38f347abff1d8ec9059ef25af4f5d1e20d6c5b2a5e69c7cba53c0f88901f7db044f11724be5a04b0d689c4f4fccef40d4a654954b67d5ecacf272c48a3d81ac0056c1d252f42bb403291f674642bd001d99b3846f0270b070d1487ef42e939193c949feb162e29ca5ad41d8d195b8e8f6e4c8dd79c46f27b06f9e15906df8f8fd9a850ba28f169468
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0210230fd364b469091b8a4440145e18
-      Version: 3
-      TBS:
-        MD5: 17e68f0650db3d4d698ef88ef963b47e
-        SHA1: 00162854ea07ea0a83aa941767277a5c3ab03c9d
-        SHA256: 7caefa120bfce12d33df6ed4ffefcb069a7290c90b378deca4ef2d66947eb18d
-        SHA384: e26234d027fe70850cbb5efc9c4e61196cdaa00339a64d729c6d4a57bd04d148b16c00e2855b79979787a76f4b860a25
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
-      Version: 3
-      TBS:
-        MD5: 829995f702421dea833a24fb2c7f4442
-        SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
-        SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
-        SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
-    Signer:
-    - SerialNumber: 0210230fd364b469091b8a4440145e18
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      Version: 1
-  RichPEHeaderHash:
-    MD5: de13056bb6ad645db28aad154de62bbd
-    SHA1: fab3d62fdad6b298341cc10935165f8e565b4f0b
-    SHA256: a0d4900197b774247b0cb136ab600bfdb16e2ea139e80b8ee4bd0cc768223a5a
-  Sections:
-    .text:
-      Entropy: 5.993512424846143
-      Virtual Size: '0x2c275'
-    .hook:
-      Entropy: 5.054306709915981
-      Virtual Size: '0x9cf'
-    .rdata:
-      Entropy: 5.401668155372347
-      Virtual Size: '0x43d4'
-    .data:
-      Entropy: 4.886684982431987
-      Virtual Size: '0x53c88'
-    .pdata:
-      Entropy: 5.218831215225971
-      Virtual Size: '0xa38'
-    INIT:
-      Entropy: 5.34672539398453
-      Virtual Size: '0x1106'
-    .rsrc:
-      Entropy: 3.099017887403996
-      Virtual Size: '0x270'
-    .reloc:
-      Entropy: 4.067679213183045
-      Virtual Size: '0x60'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2016-04-01 04:23:58'
-  Imphash: 5f6fd4ffba177389f414dd1a6ded24b4
-  LoadsDespiteHVCI: 'TRUE'
-- Filename: zam64.sys
-  MD5: 5054083cf29649a76c94658ba7ff5bce
-  SHA1: dd4cd182192b43d4105786ba87f55a036ec45ef2
-  SHA256: e428ddf9afc9b2d11e2271f0a67a2d6638b860c2c12d4b8cc63d33f3349ee93f
-  Authentihash:
-    MD5: 8d4a371e8da97e8dfd254e7b860bf147
-    SHA1: d2a888f664ffa91e876dbd797ca1fc95c511c5bc
-    SHA256: 27f5c5eb9a5fc9e02d3ac3cd83fc26b07f3d0143b03db69d6dcf7554d0c50fb6
-  Description: ZAM
-  Company: Zemana Ltd.
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  Product: ZAM
-  ProductVersion: 2.17.984
-  Copyright: Zemana Ltd. All rights reserved.
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - RtlUpperString
-  - RtlUpcaseUnicodeString
-  - PsGetCurrentProcessId
-  - ZwOpenProcess
-  - PsLookupProcessByProcessId
-  - ObQueryNameString
-  - FsRtlIsNameInExpression
-  - ZwQueryInformationProcess
-  - __C_specific_handler
-  - DbgPrint
-  - KeAcquireSpinLockRaiseToDpc
-  - KeReleaseSpinLock
-  - PsSetCreateProcessNotifyRoutine
-  - PsGetProcessImageFileName
-  - PsGetProcessSessionId
-  - RtlAppendUnicodeStringToString
-  - ZwDeleteValueKey
-  - ZwSetValueKey
-  - towupper
-  - RtlIntegerToUnicodeString
-  - RtlAppendUnicodeToString
-  - KeInitializeEvent
-  - KeSetEvent
-  - KeWaitForSingleObject
-  - KeAcquireSpinLockAtDpcLevel
-  - KeReleaseSpinLockFromDpcLevel
-  - MmProbeAndLockPages
-  - IoAllocateIrp
-  - IoAllocateMdl
-  - IofCallDriver
-  - IoFreeIrp
-  - IoFreeMdl
-  - IoGetDeviceObjectPointer
-  - IoGetRelatedDeviceObject
-  - ObCloseHandle
-  - ObfReferenceObject
-  - ZwQueryInformationFile
-  - ZwSetInformationFile
-  - ZwReadFile
-  - ZwWriteFile
-  - ZwOpenSymbolicLinkObject
-  - ZwQuerySymbolicLinkObject
-  - IoCreateFileSpecifyDeviceObjectHint
-  - IoGetDeviceAttachmentBaseRef
-  - FsRtlGetFileSize
-  - ZwDeleteFile
-  - ZwClose
-  - IoFileObjectType
-  - KeReadStateEvent
-  - ExQueueWorkItem
-  - ExGetPreviousMode
-  - MmGetSystemRoutineAddress
-  - NtOpenProcess
-  - ZwCreateEvent
-  - ZwWaitForSingleObject
-  - ZwSetEvent
-  - NtQuerySystemInformation
-  - ExEventObjectType
-  - NtBuildNumber
-  - ZwDeleteKey
-  - ObReferenceObjectByName
-  - IoDriverObjectType
-  - MmIsDriverVerifying
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - RtlSetDaclSecurityDescriptor
-  - PsGetProcessId
-  - PsGetCurrentProcessSessionId
-  - ZwTerminateProcess
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - ZwOpenThread
-  - PsProcessType
-  - ExInterlockedInsertHeadList
-  - ExInterlockedRemoveHeadList
-  - CmRegisterCallback
-  - CmUnRegisterCallback
-  - RtlCreateRegistryKey
-  - ZwOpenKey
-  - ZwEnumerateKey
-  - ZwQueryKey
-  - ZwQueryValueKey
-  - RtlUnicodeStringToAnsiString
-  - RtlFreeAnsiString
-  - ProbeForWrite
-  - PsSetLoadImageNotifyRoutine
-  - PsRemoveLoadImageNotifyRoutine
-  - MmSystemRangeStart
-  - KeBugCheckEx
-  - ZwCreateFile
-  - ObfDereferenceObject
-  - ObReferenceObjectByHandle
-  - ProbeForRead
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - KeDelayExecutionThread
-  - RtlGetVersion
-  - RtlCopyUnicodeString
-  - RtlInitUnicodeString
-  - wcsstr
-  - ZwQuerySystemInformation
-  - strstr
-  - FltSendMessage
-  - FltCloseCommunicationPort
-  - FltCreateCommunicationPort
-  - FltStartFiltering
-  - FltUnregisterFilter
-  - FltRegisterFilter
-  - FltBuildDefaultSecurityDescriptor
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=TR, L=Edirne, O=Zemana Ltd., CN=Zemana Ltd.
-      ValidFrom: '2014-12-16 00:00:00'
-      ValidTo: '2017-12-20 12:00:00'
-      Signature: 8a60d49cf93c42e609a5fc51877e8caee77cdc7848d3db41a9556d186c795f8f20e825c3be29056670c4414f35dc24e538606c0b1404c9b751e1fad91e2c136a5970c3c0edbb5a2391c47bb1d2782ff673636c6ec7bc2a69d06011f07dc957039835f50b6d5f342e75e00564be8edc0035aa4ae92d412dd38f347abff1d8ec9059ef25af4f5d1e20d6c5b2a5e69c7cba53c0f88901f7db044f11724be5a04b0d689c4f4fccef40d4a654954b67d5ecacf272c48a3d81ac0056c1d252f42bb403291f674642bd001d99b3846f0270b070d1487ef42e939193c949feb162e29ca5ad41d8d195b8e8f6e4c8dd79c46f27b06f9e15906df8f8fd9a850ba28f169468
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0210230fd364b469091b8a4440145e18
-      Version: 3
-      TBS:
-        MD5: 17e68f0650db3d4d698ef88ef963b47e
-        SHA1: 00162854ea07ea0a83aa941767277a5c3ab03c9d
-        SHA256: 7caefa120bfce12d33df6ed4ffefcb069a7290c90b378deca4ef2d66947eb18d
-        SHA384: e26234d027fe70850cbb5efc9c4e61196cdaa00339a64d729c6d4a57bd04d148b16c00e2855b79979787a76f4b860a25
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
-      Version: 3
-      TBS:
-        MD5: 829995f702421dea833a24fb2c7f4442
-        SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
-        SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
-        SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
-    Signer:
-    - SerialNumber: 0210230fd364b469091b8a4440145e18
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 665ad4c00f9eec6edc1f766ccac676f0
-    SHA1: 08d0338ae7414b104b0fa26a31d46b90e001bd19
-    SHA256: 02f7c54750b6c80addc5b62d3517dfc10363a27e0277cc87d5c12136d341d484
-  Sections:
-    .text:
-      Entropy: 6.399466980549077
-      Virtual Size: '0xbae4'
-    .hook:
-      Entropy: 5.065053175214044
-      Virtual Size: '0x9af'
-    .rdata:
-      Entropy: 5.476727334664607
-      Virtual Size: '0x43ec'
-    .data:
-      Entropy: 4.8858201894451
-      Virtual Size: '0x30398'
-    .pdata:
-      Entropy: 4.828897068133496
-      Virtual Size: '0x7c8'
-    INIT:
-      Entropy: 5.313494891405246
-      Virtual Size: '0xe24'
-    .rsrc:
-      Entropy: 3.118718502578378
-      Virtual Size: '0x270'
-    .reloc:
-      Entropy: 3.983795976674783
-      Virtual Size: '0x58'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2015-10-22 05:36:54'
-  Imphash: 519cf5394541bf5e2869edeec81521e1
-  LoadsDespiteHVCI: 'TRUE'
-- Filename: zam64.sys
-  MD5: 21e13f2cb269defeae5e1d09887d47bb
-  SHA1: 16d7ecf09fc98798a6170e4cef2745e0bee3f5c7
-  SHA256: 543991ca8d1c65113dff039b85ae3f9a87f503daec30f46929fd454bc57e5a91
-  Signature:
-  - Zemana Ltd.
-  - DigiCert High Assurance Code Signing CA-1
-  - DigiCert
-  Date: ''
-  Publisher: ''
-  Company: Zemana Ltd.
-  Description: ZAM
-  Product: ZAM
-  ProductVersion: 2.21.63
-  FileVersion: ''
-  MachineType: AMD64
-  OriginalFilename: ''
-  Authentihash:
-    MD5: 3f2771b22553380efcee72a27dc4d96c
-    SHA1: 0d15b7de0f1129b540f48d7a3cba2c6bf5d44112
-    SHA256: ceb1bf90d8652dac481fba362e5c3a6548a116897e729733f2be27f4edc5fc1f
-  InternalName: ''
-  Copyright: Zemana Ltd. All rights reserved.
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - FsRtlIsNameInExpression
-  - PsGetProcessImageFileName
-  - ZwQueryInformationProcess
-  - __C_specific_handler
-  - strchr
-  - RtlAppendUnicodeToString
-  - KeInitializeSemaphore
-  - KeReleaseSemaphore
-  - KeWaitForSingleObject
-  - KeAcquireSpinLockRaiseToDpc
-  - KeReleaseSpinLock
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - ZwQueryInformationFile
-  - ZwWriteFile
-  - PsGetCurrentThreadId
-  - ZwDeleteFile
-  - _vsnprintf
-  - PsThreadType
-  - PsSetCreateProcessNotifyRoutine
-  - PsGetProcessSessionId
-  - RtlAppendUnicodeStringToString
-  - ZwDeleteValueKey
-  - ZwSetValueKey
-  - towupper
-  - RtlIntegerToUnicodeString
-  - KeInitializeEvent
-  - KeSetEvent
-  - KeAcquireSpinLockAtDpcLevel
-  - KeReleaseSpinLockFromDpcLevel
-  - MmProbeAndLockPages
-  - IoAllocateIrp
-  - IoAllocateMdl
-  - IofCallDriver
-  - IoFreeIrp
-  - IoFreeMdl
-  - IoGetDeviceObjectPointer
-  - IoGetRelatedDeviceObject
-  - ObCloseHandle
-  - ObfReferenceObject
-  - ZwSetInformationFile
-  - ZwReadFile
-  - ZwOpenSymbolicLinkObject
-  - ZwQuerySymbolicLinkObject
-  - IoCreateFileSpecifyDeviceObjectHint
-  - IoGetDeviceAttachmentBaseRef
-  - FsRtlGetFileSize
-  - ObQueryNameString
-  - IoFileObjectType
-  - KeReadStateEvent
-  - ExQueueWorkItem
-  - ExGetPreviousMode
-  - MmGetSystemRoutineAddress
-  - NtOpenProcess
-  - ZwCreateEvent
-  - ZwWaitForSingleObject
-  - ZwSetEvent
-  - NtQuerySystemInformation
-  - ExEventObjectType
-  - NtBuildNumber
-  - ZwDeleteKey
-  - ObReferenceObjectByName
-  - IoDriverObjectType
-  - MmIsDriverVerifying
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - RtlSetDaclSecurityDescriptor
-  - MmMapLockedPagesSpecifyCache
-  - PsGetProcessId
-  - IoThreadToProcess
-  - PsGetCurrentProcessSessionId
-  - ZwTerminateProcess
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - ZwOpenThread
-  - PsProcessType
-  - ExInterlockedInsertHeadList
-  - ExInterlockedRemoveHeadList
-  - CmRegisterCallback
-  - CmUnRegisterCallback
-  - RtlCreateRegistryKey
-  - ZwOpenKey
-  - ZwEnumerateKey
-  - ZwQueryKey
-  - ZwQueryValueKey
-  - RtlUnicodeStringToAnsiString
-  - RtlFreeAnsiString
-  - ProbeForWrite
-  - PsSetLoadImageNotifyRoutine
-  - PsRemoveLoadImageNotifyRoutine
-  - PsGetProcessSectionBaseAddress
-  - MmSystemRangeStart
-  - KeBugCheckEx
-  - PsLookupProcessByProcessId
-  - ZwOpenProcess
-  - PsGetCurrentProcessId
-  - RtlUpcaseUnicodeString
-  - RtlUpperString
-  - ZwClose
-  - ZwCreateFile
-  - ObfDereferenceObject
-  - ObReferenceObjectByHandle
-  - ProbeForRead
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - KeDelayExecutionThread
-  - RtlGetVersion
-  - DbgPrint
-  - RtlCopyUnicodeString
-  - RtlInitUnicodeString
-  - wcsstr
-  - ZwQuerySystemInformation
-  - strstr
-  - FltSendMessage
-  - FltCloseCommunicationPort
-  - FltCreateCommunicationPort
-  - FltReleaseContext
-  - FltGetStreamHandleContext
-  - FltSetStreamHandleContext
-  - FltAllocateContext
-  - FltCancelFileOpen
-  - FltQueryInformationFile
-  - FltReadFile
-  - FltParseFileNameInformation
-  - FltReleaseFileNameInformation
-  - FltGetFileNameInformation
-  - FltFreePoolAlignedWithTag
-  - FltAllocatePoolAlignedWithTag
-  - FltStartFiltering
-  - FltUnregisterFilter
-  - FltRegisterFilter
-  - FltBuildDefaultSecurityDescriptor
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=TR, L=Edirne, O=Zemana Ltd., CN=Zemana Ltd.
-      ValidFrom: '2014-12-16 00:00:00'
-      ValidTo: '2017-12-20 12:00:00'
-      Signature: 8a60d49cf93c42e609a5fc51877e8caee77cdc7848d3db41a9556d186c795f8f20e825c3be29056670c4414f35dc24e538606c0b1404c9b751e1fad91e2c136a5970c3c0edbb5a2391c47bb1d2782ff673636c6ec7bc2a69d06011f07dc957039835f50b6d5f342e75e00564be8edc0035aa4ae92d412dd38f347abff1d8ec9059ef25af4f5d1e20d6c5b2a5e69c7cba53c0f88901f7db044f11724be5a04b0d689c4f4fccef40d4a654954b67d5ecacf272c48a3d81ac0056c1d252f42bb403291f674642bd001d99b3846f0270b070d1487ef42e939193c949feb162e29ca5ad41d8d195b8e8f6e4c8dd79c46f27b06f9e15906df8f8fd9a850ba28f169468
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0210230fd364b469091b8a4440145e18
-      Version: 3
-      TBS:
-        MD5: 17e68f0650db3d4d698ef88ef963b47e
-        SHA1: 00162854ea07ea0a83aa941767277a5c3ab03c9d
-        SHA256: 7caefa120bfce12d33df6ed4ffefcb069a7290c90b378deca4ef2d66947eb18d
-        SHA384: e26234d027fe70850cbb5efc9c4e61196cdaa00339a64d729c6d4a57bd04d148b16c00e2855b79979787a76f4b860a25
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
-      Version: 3
-      TBS:
-        MD5: 829995f702421dea833a24fb2c7f4442
-        SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
-        SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
-        SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
-    Signer:
-    - SerialNumber: 0210230fd364b469091b8a4440145e18
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      Version: 1
-  RichPEHeaderHash:
-    MD5: c0210f91c028886456549a7aa78f8147
-    SHA1: ea5478898d988d1bfa1287940ad74e5445f80a8d
-    SHA256: 820b53e3b20277040944a1286a3f401ca8fb24b4f93535dc570e2261632e2f26
-  Sections:
-    .text:
-      Entropy: 6.318212914980563
-      Virtual Size: '0x217b5'
-    .hook:
-      Entropy: 5.11599521430575
-      Virtual Size: '0x9af'
-    .rdata:
-      Entropy: 5.529476686216564
-      Virtual Size: '0x4744'
-    .data:
-      Entropy: 4.888903009535537
-      Virtual Size: '0x53c88'
-    .pdata:
-      Entropy: 5.138271966562841
-      Virtual Size: '0x8d0'
-    INIT:
-      Entropy: 5.334070329167121
-      Virtual Size: '0x1106'
-    .rsrc:
-      Entropy: 3.11126789304551
-      Virtual Size: '0x268'
-    .reloc:
-      Entropy: 4.064239284774715
-      Virtual Size: '0x60'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2016-08-17 11:06:53'
-  Imphash: 3edc60bda68569cac7ad7604728ff40d
-  LoadsDespiteHVCI: 'TRUE'
-Tags:
-- zam64.sys
-- zamguard32.sys
-- zamguard64.sys
+-   Filename: zam64.sys
+    MD5: 2a3ce41bb2a7894d939fbd1b20dae5a0
+    SHA1: cd248648eafca6ef77c1b76237a6482f449f13be
+    SHA256: 2bbc6b9dd5e6d0327250b32305be20c89b19b56d33a096522ee33f22d8c82ff1
+    Authentihash:
+        MD5: 689e0587c7821c19c711424fa619dbad
+        SHA1: b9b230bb66c82e15f563ac0873a3a1db25995064
+        SHA256: 1997b7217dfddd8fbd4924e86b58fe585ef4bd91c3069d3deeb34ea70eb82d60
+    Description: ZAM
+    Company: Zemana Ltd.
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    Product: ZAM
+    ProductVersion: 2.18.371
+    Copyright: Zemana Ltd. All rights reserved.
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - ZwClose
+    - RtlUpperString
+    - RtlUpcaseUnicodeString
+    - PsGetCurrentProcessId
+    - ZwOpenProcess
+    - PsLookupProcessByProcessId
+    - ObQueryNameString
+    - FsRtlIsNameInExpression
+    - PsGetProcessImageFileName
+    - ZwQueryInformationProcess
+    - __C_specific_handler
+    - strchr
+    - RtlAppendUnicodeToString
+    - KeInitializeSemaphore
+    - KeReleaseSemaphore
+    - KeWaitForSingleObject
+    - KeAcquireSpinLockRaiseToDpc
+    - KeReleaseSpinLock
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - ZwQueryInformationFile
+    - ZwWriteFile
+    - PsGetCurrentThreadId
+    - ZwDeleteFile
+    - _vsnprintf
+    - PsThreadType
+    - PsSetCreateProcessNotifyRoutine
+    - PsGetProcessSessionId
+    - RtlAppendUnicodeStringToString
+    - ZwDeleteValueKey
+    - ZwSetValueKey
+    - towupper
+    - RtlIntegerToUnicodeString
+    - KeInitializeEvent
+    - KeSetEvent
+    - KeAcquireSpinLockAtDpcLevel
+    - KeReleaseSpinLockFromDpcLevel
+    - MmProbeAndLockPages
+    - IoAllocateIrp
+    - IoAllocateMdl
+    - IofCallDriver
+    - IoFreeIrp
+    - IoFreeMdl
+    - IoGetDeviceObjectPointer
+    - IoGetRelatedDeviceObject
+    - ObCloseHandle
+    - ObfReferenceObject
+    - ZwSetInformationFile
+    - ZwReadFile
+    - ZwOpenSymbolicLinkObject
+    - ZwQuerySymbolicLinkObject
+    - ZwCreateFile
+    - IoGetDeviceAttachmentBaseRef
+    - FsRtlGetFileSize
+    - ZwQuerySystemInformation
+    - IoFileObjectType
+    - KeReadStateEvent
+    - ExQueueWorkItem
+    - ExGetPreviousMode
+    - MmGetSystemRoutineAddress
+    - NtOpenProcess
+    - ZwCreateEvent
+    - ZwWaitForSingleObject
+    - ZwSetEvent
+    - NtQuerySystemInformation
+    - ExEventObjectType
+    - NtBuildNumber
+    - ZwDeleteKey
+    - ObReferenceObjectByName
+    - IoDriverObjectType
+    - MmIsDriverVerifying
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - RtlSetDaclSecurityDescriptor
+    - PsGetProcessId
+    - PsGetCurrentProcessSessionId
+    - ZwTerminateProcess
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - ZwOpenThread
+    - PsProcessType
+    - ExInterlockedInsertHeadList
+    - ExInterlockedRemoveHeadList
+    - CmRegisterCallback
+    - CmUnRegisterCallback
+    - RtlCreateRegistryKey
+    - ZwOpenKey
+    - ZwEnumerateKey
+    - ZwQueryKey
+    - ZwQueryValueKey
+    - RtlUnicodeStringToAnsiString
+    - RtlFreeAnsiString
+    - ProbeForWrite
+    - PsSetLoadImageNotifyRoutine
+    - PsRemoveLoadImageNotifyRoutine
+    - PsGetProcessSectionBaseAddress
+    - MmSystemRangeStart
+    - KeBugCheckEx
+    - ObfDereferenceObject
+    - ObReferenceObjectByHandle
+    - ProbeForRead
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - KeDelayExecutionThread
+    - RtlGetVersion
+    - DbgPrint
+    - RtlCopyUnicodeString
+    - RtlInitUnicodeString
+    - wcsstr
+    - IoCreateFileSpecifyDeviceObjectHint
+    - strstr
+    - FltSendMessage
+    - FltCloseCommunicationPort
+    - FltCreateCommunicationPort
+    - FltStartFiltering
+    - FltUnregisterFilter
+    - FltRegisterFilter
+    - FltBuildDefaultSecurityDescriptor
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=TR, L=Edirne, O=Zemana Ltd., CN=Zemana Ltd.
+            ValidFrom: '2014-12-16 00:00:00'
+            ValidTo: '2017-12-20 12:00:00'
+            Signature: 8a60d49cf93c42e609a5fc51877e8caee77cdc7848d3db41a9556d186c795f8f20e825c3be29056670c4414f35dc24e538606c0b1404c9b751e1fad91e2c136a5970c3c0edbb5a2391c47bb1d2782ff673636c6ec7bc2a69d06011f07dc957039835f50b6d5f342e75e00564be8edc0035aa4ae92d412dd38f347abff1d8ec9059ef25af4f5d1e20d6c5b2a5e69c7cba53c0f88901f7db044f11724be5a04b0d689c4f4fccef40d4a654954b67d5ecacf272c48a3d81ac0056c1d252f42bb403291f674642bd001d99b3846f0270b070d1487ef42e939193c949feb162e29ca5ad41d8d195b8e8f6e4c8dd79c46f27b06f9e15906df8f8fd9a850ba28f169468
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0210230fd364b469091b8a4440145e18
+            Version: 3
+            TBS:
+                MD5: 17e68f0650db3d4d698ef88ef963b47e
+                SHA1: 00162854ea07ea0a83aa941767277a5c3ab03c9d
+                SHA256: 7caefa120bfce12d33df6ed4ffefcb069a7290c90b378deca4ef2d66947eb18d
+                SHA384: e26234d027fe70850cbb5efc9c4e61196cdaa00339a64d729c6d4a57bd04d148b16c00e2855b79979787a76f4b860a25
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
+            Version: 3
+            TBS:
+                MD5: 829995f702421dea833a24fb2c7f4442
+                SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
+                SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
+                SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
+        Signer:
+        -   SerialNumber: 0210230fd364b469091b8a4440145e18
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 5e737552d7162062a00f6f22da1133c4
+        SHA1: 4b43c25befb85e28d65bac423a06403c6043fd79
+        SHA256: b53db7580900ee00aaed432b8a5b36169f820f16bbf6d85d34ef641b1e5bfdcb
+    Sections:
+        .text:
+            Entropy: 6.311575029098583
+            Virtual Size: '0x20975'
+        .hook:
+            Entropy: 5.097466333253085
+            Virtual Size: '0x9af'
+        .rdata:
+            Entropy: 5.539147413432647
+            Virtual Size: '0x463c'
+        .data:
+            Entropy: 4.8888094657184
+            Virtual Size: '0x53c88'
+        .pdata:
+            Entropy: 5.125727272335482
+            Virtual Size: '0x84c'
+        INIT:
+            Entropy: 5.341472095080265
+            Virtual Size: '0xf2e'
+        .rsrc:
+            Entropy: 3.1200681658662868
+            Virtual Size: '0x270'
+        .reloc:
+            Entropy: 4.004251703727133
+            Virtual Size: '0x58'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2015-11-20 16:27:25'
+    Imphash: b35d1d3faa6c97b106b343823d5df867
+    LoadsDespiteHVCI: 'TRUE'
+-   Filename: zam64.sys
+    MD5: db46c56849bbce9a55a03283efc8c280
+    SHA1: 8f4b79b8026da7f966d38a8ba494c113c5e3894b
+    SHA256: 3c18ae965fba56d09a65770b4d8da54ccd7801f979d3ebd283397bc99646004b
+    Authentihash:
+        MD5: a7d940958aa06308dfb68ed67e6ae18c
+        SHA1: ddb4d31681eb2e8e95aa33b78d454b29542d2a98
+        SHA256: ab1290211250af83be645072d346693890f3f29feda5a3a23ea97758247f7ba1
+    Description: ZAM
+    Company: Zemana Ltd.
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    Product: ZAM
+    ProductVersion: 2.16.928
+    Copyright: Zemana Ltd. All rights reserved.
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - ObfDereferenceObject
+    - ZwCreateFile
+    - ZwClose
+    - RtlUpperString
+    - RtlUpcaseUnicodeString
+    - PsGetCurrentProcessId
+    - ZwOpenProcess
+    - PsLookupProcessByProcessId
+    - ObQueryNameString
+    - FsRtlIsNameInExpression
+    - ZwQueryInformationProcess
+    - __C_specific_handler
+    - DbgPrint
+    - KeAcquireSpinLockRaiseToDpc
+    - KeReleaseSpinLock
+    - PsSetCreateProcessNotifyRoutine
+    - PsGetProcessImageFileName
+    - PsGetProcessSessionId
+    - RtlAppendUnicodeStringToString
+    - ZwDeleteValueKey
+    - ZwSetValueKey
+    - towupper
+    - RtlIntegerToUnicodeString
+    - RtlAppendUnicodeToString
+    - KeInitializeEvent
+    - KeSetEvent
+    - KeWaitForSingleObject
+    - KeAcquireSpinLockAtDpcLevel
+    - KeReleaseSpinLockFromDpcLevel
+    - MmProbeAndLockPages
+    - IoAllocateIrp
+    - IoAllocateMdl
+    - IofCallDriver
+    - IoFreeIrp
+    - IoFreeMdl
+    - IoGetDeviceObjectPointer
+    - IoGetRelatedDeviceObject
+    - ObCloseHandle
+    - ObfReferenceObject
+    - ZwQueryInformationFile
+    - ZwSetInformationFile
+    - ZwReadFile
+    - ZwWriteFile
+    - ZwOpenSymbolicLinkObject
+    - ZwQuerySymbolicLinkObject
+    - IoCreateFileSpecifyDeviceObjectHint
+    - ObReferenceObjectByHandle
+    - FsRtlGetFileSize
+    - ZwDeleteFile
+    - ZwQuerySystemInformation
+    - IoFileObjectType
+    - KeReadStateEvent
+    - ExQueueWorkItem
+    - ExGetPreviousMode
+    - MmGetSystemRoutineAddress
+    - NtOpenProcess
+    - ZwCreateEvent
+    - ZwWaitForSingleObject
+    - ZwSetEvent
+    - NtQuerySystemInformation
+    - ExEventObjectType
+    - NtBuildNumber
+    - ZwDeleteKey
+    - ObReferenceObjectByName
+    - IoDriverObjectType
+    - MmIsDriverVerifying
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - PsGetProcessId
+    - PsGetCurrentProcessSessionId
+    - ZwTerminateProcess
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - ZwOpenThread
+    - PsProcessType
+    - ExInterlockedInsertHeadList
+    - ExInterlockedRemoveHeadList
+    - CmRegisterCallback
+    - CmUnRegisterCallback
+    - RtlCreateRegistryKey
+    - ZwOpenKey
+    - ZwEnumerateKey
+    - ZwQueryKey
+    - ZwQueryValueKey
+    - RtlUnicodeStringToAnsiString
+    - RtlFreeAnsiString
+    - ProbeForWrite
+    - PsSetLoadImageNotifyRoutine
+    - PsRemoveLoadImageNotifyRoutine
+    - MmSystemRangeStart
+    - KeBugCheckEx
+    - ProbeForRead
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - KeDelayExecutionThread
+    - RtlGetVersion
+    - RtlCopyUnicodeString
+    - RtlInitUnicodeString
+    - wcsstr
+    - IoGetDeviceAttachmentBaseRef
+    - strstr
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=TR, L=Edirne, O=Zemana Ltd., CN=Zemana Ltd.
+            ValidFrom: '2014-12-16 00:00:00'
+            ValidTo: '2017-12-20 12:00:00'
+            Signature: 8a60d49cf93c42e609a5fc51877e8caee77cdc7848d3db41a9556d186c795f8f20e825c3be29056670c4414f35dc24e538606c0b1404c9b751e1fad91e2c136a5970c3c0edbb5a2391c47bb1d2782ff673636c6ec7bc2a69d06011f07dc957039835f50b6d5f342e75e00564be8edc0035aa4ae92d412dd38f347abff1d8ec9059ef25af4f5d1e20d6c5b2a5e69c7cba53c0f88901f7db044f11724be5a04b0d689c4f4fccef40d4a654954b67d5ecacf272c48a3d81ac0056c1d252f42bb403291f674642bd001d99b3846f0270b070d1487ef42e939193c949feb162e29ca5ad41d8d195b8e8f6e4c8dd79c46f27b06f9e15906df8f8fd9a850ba28f169468
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0210230fd364b469091b8a4440145e18
+            Version: 3
+            TBS:
+                MD5: 17e68f0650db3d4d698ef88ef963b47e
+                SHA1: 00162854ea07ea0a83aa941767277a5c3ab03c9d
+                SHA256: 7caefa120bfce12d33df6ed4ffefcb069a7290c90b378deca4ef2d66947eb18d
+                SHA384: e26234d027fe70850cbb5efc9c4e61196cdaa00339a64d729c6d4a57bd04d148b16c00e2855b79979787a76f4b860a25
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
+            Version: 3
+            TBS:
+                MD5: 829995f702421dea833a24fb2c7f4442
+                SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
+                SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
+                SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
+        Signer:
+        -   SerialNumber: 0210230fd364b469091b8a4440145e18
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            Version: 1
+    RichPEHeaderHash:
+        MD5: ae5755ef6edfaf47c756c813503d9491
+        SHA1: 12e5b706039cb80653dac2ed809faf430e392b64
+        SHA256: 9cb52aae7fdcaabee6e2e9b8640a4a386e7610f0fdedd53413fd1a9d1e7c044b
+    Sections:
+        .text:
+            Entropy: 6.394396532876167
+            Virtual Size: '0xb374'
+        .hook:
+            Entropy: 5.038393262108047
+            Virtual Size: '0x9af'
+        .rdata:
+            Entropy: 5.496538814940608
+            Virtual Size: '0x4354'
+        .data:
+            Entropy: 4.885486089888766
+            Virtual Size: '0x95b0'
+        .pdata:
+            Entropy: 4.837204199996544
+            Virtual Size: '0x774'
+        INIT:
+            Entropy: 5.364871219090765
+            Virtual Size: '0xcea'
+        .rsrc:
+            Entropy: 3.1167029968436752
+            Virtual Size: '0x270'
+        .reloc:
+            Entropy: 4.005527221234636
+            Virtual Size: '0x5c'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2015-07-23 05:10:50'
+    Imphash: 7fba20994f76fb31b9f5a2b3f0c00055
+    LoadsDespiteHVCI: 'TRUE'
+-   Filename: zamguard64.sys
+    MD5: 99c131567c10c25589e741e69a8f8aa3
+    SHA1: 3b8ddf860861cc4040dea2d2d09f80582547d105
+    SHA256: 45f42c5d874369d6be270ea27a5511efcca512aeac7977f83a51b7c4dee6b5ef
+    Authentihash:
+        MD5: 38757cf8a65976f362f287c3e94f8c1b
+        SHA1: 87cdb7698822d92a070b83b732fffa0ea99e34a2
+        SHA256: 950b672d3300bcacefe568156fbc8b16fa09da13df2f6ecda31254faaaf041f9
+    Description: ZAM
+    Company: Zemana Ltd.
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    Product: ZAM
+    ProductVersion: 2.20.865
+    Copyright: Zemana Ltd. All rights reserved.
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - FsRtlIsNameInExpression
+    - PsGetProcessImageFileName
+    - ZwQueryInformationProcess
+    - __C_specific_handler
+    - strchr
+    - RtlAppendUnicodeToString
+    - KeInitializeSemaphore
+    - KeReleaseSemaphore
+    - KeWaitForSingleObject
+    - KeAcquireSpinLockRaiseToDpc
+    - KeReleaseSpinLock
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - ZwQueryInformationFile
+    - ZwWriteFile
+    - PsGetCurrentThreadId
+    - ZwDeleteFile
+    - _vsnprintf
+    - PsThreadType
+    - PsSetCreateProcessNotifyRoutine
+    - PsGetProcessSessionId
+    - RtlAppendUnicodeStringToString
+    - ZwDeleteValueKey
+    - ZwSetValueKey
+    - towupper
+    - RtlIntegerToUnicodeString
+    - KeInitializeEvent
+    - KeSetEvent
+    - KeAcquireSpinLockAtDpcLevel
+    - KeReleaseSpinLockFromDpcLevel
+    - MmProbeAndLockPages
+    - IoAllocateIrp
+    - IoAllocateMdl
+    - IofCallDriver
+    - IoFreeIrp
+    - IoFreeMdl
+    - IoGetDeviceObjectPointer
+    - IoGetRelatedDeviceObject
+    - ObCloseHandle
+    - ObfReferenceObject
+    - ZwSetInformationFile
+    - ZwReadFile
+    - ZwOpenSymbolicLinkObject
+    - ZwQuerySymbolicLinkObject
+    - IoCreateFileSpecifyDeviceObjectHint
+    - IoGetDeviceAttachmentBaseRef
+    - FsRtlGetFileSize
+    - ObQueryNameString
+    - IoFileObjectType
+    - KeReadStateEvent
+    - ExQueueWorkItem
+    - ExGetPreviousMode
+    - MmGetSystemRoutineAddress
+    - NtOpenProcess
+    - ZwCreateEvent
+    - ZwWaitForSingleObject
+    - ZwSetEvent
+    - NtQuerySystemInformation
+    - ExEventObjectType
+    - NtBuildNumber
+    - ZwDeleteKey
+    - ObReferenceObjectByName
+    - IoDriverObjectType
+    - MmIsDriverVerifying
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - RtlSetDaclSecurityDescriptor
+    - MmMapLockedPagesSpecifyCache
+    - PsGetProcessId
+    - IoThreadToProcess
+    - PsGetCurrentProcessSessionId
+    - ZwTerminateProcess
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - ZwOpenThread
+    - PsProcessType
+    - ExInterlockedInsertHeadList
+    - ExInterlockedRemoveHeadList
+    - CmRegisterCallback
+    - CmUnRegisterCallback
+    - RtlCreateRegistryKey
+    - ZwOpenKey
+    - ZwEnumerateKey
+    - ZwQueryKey
+    - ZwQueryValueKey
+    - RtlUnicodeStringToAnsiString
+    - RtlFreeAnsiString
+    - ProbeForWrite
+    - PsSetLoadImageNotifyRoutine
+    - PsRemoveLoadImageNotifyRoutine
+    - PsGetProcessSectionBaseAddress
+    - MmSystemRangeStart
+    - KeBugCheckEx
+    - PsLookupProcessByProcessId
+    - ZwOpenProcess
+    - PsGetCurrentProcessId
+    - RtlUpcaseUnicodeString
+    - RtlUpperString
+    - ZwClose
+    - ZwCreateFile
+    - ObfDereferenceObject
+    - ObReferenceObjectByHandle
+    - ProbeForRead
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - KeDelayExecutionThread
+    - RtlGetVersion
+    - DbgPrint
+    - RtlCopyUnicodeString
+    - RtlInitUnicodeString
+    - wcsstr
+    - ZwQuerySystemInformation
+    - strstr
+    - FltSendMessage
+    - FltCloseCommunicationPort
+    - FltCreateCommunicationPort
+    - FltReleaseContext
+    - FltGetStreamHandleContext
+    - FltSetStreamHandleContext
+    - FltAllocateContext
+    - FltCancelFileOpen
+    - FltQueryInformationFile
+    - FltReadFile
+    - FltParseFileNameInformation
+    - FltReleaseFileNameInformation
+    - FltGetFileNameInformation
+    - FltFreePoolAlignedWithTag
+    - FltAllocatePoolAlignedWithTag
+    - FltStartFiltering
+    - FltUnregisterFilter
+    - FltRegisterFilter
+    - FltBuildDefaultSecurityDescriptor
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=TR, L=Edirne, O=Zemana Ltd., CN=Zemana Ltd.
+            ValidFrom: '2014-12-16 00:00:00'
+            ValidTo: '2017-12-20 12:00:00'
+            Signature: 8a60d49cf93c42e609a5fc51877e8caee77cdc7848d3db41a9556d186c795f8f20e825c3be29056670c4414f35dc24e538606c0b1404c9b751e1fad91e2c136a5970c3c0edbb5a2391c47bb1d2782ff673636c6ec7bc2a69d06011f07dc957039835f50b6d5f342e75e00564be8edc0035aa4ae92d412dd38f347abff1d8ec9059ef25af4f5d1e20d6c5b2a5e69c7cba53c0f88901f7db044f11724be5a04b0d689c4f4fccef40d4a654954b67d5ecacf272c48a3d81ac0056c1d252f42bb403291f674642bd001d99b3846f0270b070d1487ef42e939193c949feb162e29ca5ad41d8d195b8e8f6e4c8dd79c46f27b06f9e15906df8f8fd9a850ba28f169468
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0210230fd364b469091b8a4440145e18
+            Version: 3
+            TBS:
+                MD5: 17e68f0650db3d4d698ef88ef963b47e
+                SHA1: 00162854ea07ea0a83aa941767277a5c3ab03c9d
+                SHA256: 7caefa120bfce12d33df6ed4ffefcb069a7290c90b378deca4ef2d66947eb18d
+                SHA384: e26234d027fe70850cbb5efc9c4e61196cdaa00339a64d729c6d4a57bd04d148b16c00e2855b79979787a76f4b860a25
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
+            Version: 3
+            TBS:
+                MD5: 829995f702421dea833a24fb2c7f4442
+                SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
+                SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
+                SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
+        Signer:
+        -   SerialNumber: 0210230fd364b469091b8a4440145e18
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            Version: 1
+    RichPEHeaderHash:
+        MD5: c0210f91c028886456549a7aa78f8147
+        SHA1: ea5478898d988d1bfa1287940ad74e5445f80a8d
+        SHA256: 820b53e3b20277040944a1286a3f401ca8fb24b4f93535dc570e2261632e2f26
+    Sections:
+        .text:
+            Entropy: 6.318184968025881
+            Virtual Size: '0x217a5'
+        .hook:
+            Entropy: 5.11576244605271
+            Virtual Size: '0x9af'
+        .rdata:
+            Entropy: 5.528539978421143
+            Virtual Size: '0x4744'
+        .data:
+            Entropy: 4.888903009535537
+            Virtual Size: '0x53c88'
+        .pdata:
+            Entropy: 5.14656609792469
+            Virtual Size: '0x8d0'
+        INIT:
+            Entropy: 5.334266463396646
+            Virtual Size: '0x1106'
+        .rsrc:
+            Entropy: 3.1014865335947537
+            Virtual Size: '0x270'
+        .reloc:
+            Entropy: 4.064239284774715
+            Virtual Size: '0x60'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2016-05-24 03:38:42'
+    Imphash: 3edc60bda68569cac7ad7604728ff40d
+    LoadsDespiteHVCI: 'TRUE'
+-   Filename: zam64.sys
+    MD5: e5f8fcdfb52155ed4dffd8a205b3d091
+    SHA1: 90abd7670c84c47e6ffc45c67d676db8c12b1939
+    SHA256: 76614f2e372f33100a8d92bf372cdbc1e183930ca747eed0b0cf2501293b990a
+    Authentihash:
+        MD5: ad2c4382390a8740dcea8b0aef5552c2
+        SHA1: 0740faffcb163f4c8cd204c367b9492f2e361207
+        SHA256: b529550e8d2ec6133be50d7139179654301ff84ba09da0cd256c5dec924a185c
+    Description: ZAM
+    Company: Zemana Ltd.
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    Product: ZAM
+    ProductVersion: 2.18.229
+    Copyright: Zemana Ltd. All rights reserved.
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - ZwClose
+    - RtlUpperString
+    - RtlUpcaseUnicodeString
+    - PsGetCurrentProcessId
+    - ZwOpenProcess
+    - PsLookupProcessByProcessId
+    - ObQueryNameString
+    - FsRtlIsNameInExpression
+    - PsGetProcessImageFileName
+    - ZwQueryInformationProcess
+    - __C_specific_handler
+    - strchr
+    - RtlAppendUnicodeToString
+    - KeInitializeSemaphore
+    - KeReleaseSemaphore
+    - KeWaitForSingleObject
+    - KeAcquireSpinLockRaiseToDpc
+    - KeReleaseSpinLock
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - ZwQueryInformationFile
+    - ZwWriteFile
+    - PsGetCurrentThreadId
+    - ZwDeleteFile
+    - _vsnprintf
+    - PsThreadType
+    - PsSetCreateProcessNotifyRoutine
+    - PsGetProcessSessionId
+    - RtlAppendUnicodeStringToString
+    - ZwDeleteValueKey
+    - ZwSetValueKey
+    - towupper
+    - RtlIntegerToUnicodeString
+    - KeInitializeEvent
+    - KeSetEvent
+    - KeAcquireSpinLockAtDpcLevel
+    - KeReleaseSpinLockFromDpcLevel
+    - MmProbeAndLockPages
+    - IoAllocateIrp
+    - IoAllocateMdl
+    - IofCallDriver
+    - IoFreeIrp
+    - IoFreeMdl
+    - IoGetDeviceObjectPointer
+    - IoGetRelatedDeviceObject
+    - ObCloseHandle
+    - ObfReferenceObject
+    - ZwSetInformationFile
+    - ZwReadFile
+    - ZwOpenSymbolicLinkObject
+    - ZwCreateFile
+    - IoCreateFileSpecifyDeviceObjectHint
+    - IoGetDeviceAttachmentBaseRef
+    - FsRtlGetFileSize
+    - ZwQuerySystemInformation
+    - IoFileObjectType
+    - KeReadStateEvent
+    - ExQueueWorkItem
+    - ExGetPreviousMode
+    - MmGetSystemRoutineAddress
+    - NtOpenProcess
+    - ZwCreateEvent
+    - ZwWaitForSingleObject
+    - ZwSetEvent
+    - NtQuerySystemInformation
+    - ExEventObjectType
+    - NtBuildNumber
+    - ZwDeleteKey
+    - ObReferenceObjectByName
+    - IoDriverObjectType
+    - MmIsDriverVerifying
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - RtlSetDaclSecurityDescriptor
+    - PsGetProcessId
+    - PsGetCurrentProcessSessionId
+    - ZwTerminateProcess
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - ZwOpenThread
+    - PsProcessType
+    - ExInterlockedInsertHeadList
+    - ExInterlockedRemoveHeadList
+    - CmRegisterCallback
+    - CmUnRegisterCallback
+    - RtlCreateRegistryKey
+    - ZwOpenKey
+    - ZwEnumerateKey
+    - ZwQueryKey
+    - ZwQueryValueKey
+    - RtlUnicodeStringToAnsiString
+    - RtlFreeAnsiString
+    - ProbeForWrite
+    - PsSetLoadImageNotifyRoutine
+    - PsRemoveLoadImageNotifyRoutine
+    - MmSystemRangeStart
+    - KeBugCheckEx
+    - ObfDereferenceObject
+    - ObReferenceObjectByHandle
+    - ProbeForRead
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - KeDelayExecutionThread
+    - RtlGetVersion
+    - DbgPrint
+    - RtlCopyUnicodeString
+    - RtlInitUnicodeString
+    - wcsstr
+    - ZwQuerySymbolicLinkObject
+    - strstr
+    - FltSendMessage
+    - FltCloseCommunicationPort
+    - FltCreateCommunicationPort
+    - FltStartFiltering
+    - FltUnregisterFilter
+    - FltRegisterFilter
+    - FltBuildDefaultSecurityDescriptor
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=TR, L=Edirne, O=Zemana Ltd., CN=Zemana Ltd.
+            ValidFrom: '2014-12-16 00:00:00'
+            ValidTo: '2017-12-20 12:00:00'
+            Signature: 8a60d49cf93c42e609a5fc51877e8caee77cdc7848d3db41a9556d186c795f8f20e825c3be29056670c4414f35dc24e538606c0b1404c9b751e1fad91e2c136a5970c3c0edbb5a2391c47bb1d2782ff673636c6ec7bc2a69d06011f07dc957039835f50b6d5f342e75e00564be8edc0035aa4ae92d412dd38f347abff1d8ec9059ef25af4f5d1e20d6c5b2a5e69c7cba53c0f88901f7db044f11724be5a04b0d689c4f4fccef40d4a654954b67d5ecacf272c48a3d81ac0056c1d252f42bb403291f674642bd001d99b3846f0270b070d1487ef42e939193c949feb162e29ca5ad41d8d195b8e8f6e4c8dd79c46f27b06f9e15906df8f8fd9a850ba28f169468
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0210230fd364b469091b8a4440145e18
+            Version: 3
+            TBS:
+                MD5: 17e68f0650db3d4d698ef88ef963b47e
+                SHA1: 00162854ea07ea0a83aa941767277a5c3ab03c9d
+                SHA256: 7caefa120bfce12d33df6ed4ffefcb069a7290c90b378deca4ef2d66947eb18d
+                SHA384: e26234d027fe70850cbb5efc9c4e61196cdaa00339a64d729c6d4a57bd04d148b16c00e2855b79979787a76f4b860a25
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
+            Version: 3
+            TBS:
+                MD5: 829995f702421dea833a24fb2c7f4442
+                SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
+                SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
+                SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
+        Signer:
+        -   SerialNumber: 0210230fd364b469091b8a4440145e18
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 9b5178d71a0cb5373b4990094392a528
+        SHA1: 155e20603f42078857e8d77b8729385f21b38222
+        SHA256: 20fee3293ed1f05bc11ae72145db01fabac5b03a5373d99becc657699f98b330
+    Sections:
+        .text:
+            Entropy: 6.311766074951009
+            Virtual Size: '0x20925'
+        .hook:
+            Entropy: 5.1040723684174
+            Virtual Size: '0x9af'
+        .rdata:
+            Entropy: 5.537965882188229
+            Virtual Size: '0x464c'
+        .data:
+            Entropy: 4.8888094657184
+            Virtual Size: '0x53c88'
+        .pdata:
+            Entropy: 5.128533673234583
+            Virtual Size: '0x84c'
+        INIT:
+            Entropy: 5.3440427741633085
+            Virtual Size: '0xf04'
+        .rsrc:
+            Entropy: 3.11127988172195
+            Virtual Size: '0x270'
+        .reloc:
+            Entropy: 4.004251703727133
+            Virtual Size: '0x58'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2015-11-03 07:00:59'
+    Imphash: c6a0f65ba653ee78255cc9e314abc442
+    LoadsDespiteHVCI: 'TRUE'
+-   Filename: zam64.sys
+    MD5: 707ab1170389eba44ffd4cfad01b5969
+    SHA1: b99a5396094b6b20cea72fbf0c0083030155f74e
+    SHA256: 7cb594af6a3655daebc9fad9c8abf2417b00ba31dcd118707824e5316fc0cc21
+    Authentihash:
+        MD5: fb3161dd2e402cfdd3495278974f4181
+        SHA1: 9c7deb9def09bca28c37211992c76880f575b9ef
+        SHA256: a59ad5be59f73f2a138c70d8aa634bf5f3364a67e072b64ff2a6d4627514a9ad
+    Description: ZAM
+    Company: Zemana Ltd.
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: 3.0.0.000
+    Product: ZAM
+    ProductVersion: 3.0.0.000
+    Copyright: Zemana Ltd. All rights reserved.
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - FsRtlIsNameInExpression
+    - PsGetProcessImageFileName
+    - ZwQueryInformationProcess
+    - __C_specific_handler
+    - strchr
+    - RtlAppendUnicodeToString
+    - KeInitializeSemaphore
+    - KeReleaseSemaphore
+    - KeWaitForSingleObject
+    - KeAcquireSpinLockRaiseToDpc
+    - KeReleaseSpinLock
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - ZwQueryInformationFile
+    - ZwWriteFile
+    - PsGetCurrentThreadId
+    - ZwDeleteFile
+    - _vsnprintf
+    - PsThreadType
+    - PsSetCreateProcessNotifyRoutine
+    - PsGetProcessSessionId
+    - RtlAppendUnicodeStringToString
+    - ZwDeleteValueKey
+    - ZwSetValueKey
+    - towupper
+    - RtlIntegerToUnicodeString
+    - KeInitializeEvent
+    - KeSetEvent
+    - KeAcquireSpinLockAtDpcLevel
+    - KeReleaseSpinLockFromDpcLevel
+    - MmProbeAndLockPages
+    - IoAllocateIrp
+    - IoAllocateMdl
+    - IofCallDriver
+    - IoFreeIrp
+    - IoFreeMdl
+    - IoGetDeviceObjectPointer
+    - IoGetRelatedDeviceObject
+    - ObCloseHandle
+    - ObfReferenceObject
+    - ZwSetInformationFile
+    - ZwReadFile
+    - ZwOpenSymbolicLinkObject
+    - ZwQuerySymbolicLinkObject
+    - IoCreateFileSpecifyDeviceObjectHint
+    - IoGetDeviceAttachmentBaseRef
+    - FsRtlGetFileSize
+    - ObQueryNameString
+    - IoFileObjectType
+    - KeReadStateEvent
+    - ExQueueWorkItem
+    - ExGetPreviousMode
+    - MmGetSystemRoutineAddress
+    - NtOpenProcess
+    - ZwCreateEvent
+    - ZwWaitForSingleObject
+    - ZwSetEvent
+    - NtQuerySystemInformation
+    - ExEventObjectType
+    - NtBuildNumber
+    - ZwDeleteKey
+    - ObReferenceObjectByName
+    - IoDriverObjectType
+    - MmIsDriverVerifying
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - RtlSetDaclSecurityDescriptor
+    - MmMapLockedPagesSpecifyCache
+    - PsGetProcessId
+    - IoThreadToProcess
+    - PsGetCurrentProcessSessionId
+    - ZwTerminateProcess
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - ZwOpenThread
+    - PsProcessType
+    - ExInterlockedInsertHeadList
+    - ExInterlockedRemoveHeadList
+    - CmRegisterCallback
+    - CmUnRegisterCallback
+    - RtlCreateRegistryKey
+    - ZwOpenKey
+    - ZwEnumerateKey
+    - ZwQueryKey
+    - ZwQueryValueKey
+    - RtlUnicodeStringToAnsiString
+    - RtlFreeAnsiString
+    - ProbeForWrite
+    - PsSetLoadImageNotifyRoutine
+    - PsRemoveLoadImageNotifyRoutine
+    - PsGetProcessSectionBaseAddress
+    - MmSystemRangeStart
+    - KeBugCheckEx
+    - PsLookupProcessByProcessId
+    - ZwOpenProcess
+    - PsGetCurrentProcessId
+    - RtlUpcaseUnicodeString
+    - RtlUpperString
+    - ZwClose
+    - ZwCreateFile
+    - ObfDereferenceObject
+    - ObReferenceObjectByHandle
+    - ProbeForRead
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - KeDelayExecutionThread
+    - RtlGetVersion
+    - DbgPrint
+    - RtlCopyUnicodeString
+    - RtlInitUnicodeString
+    - wcsstr
+    - ZwQuerySystemInformation
+    - strstr
+    - FltSendMessage
+    - FltCloseCommunicationPort
+    - FltCreateCommunicationPort
+    - FltReleaseContext
+    - FltGetStreamHandleContext
+    - FltSetStreamHandleContext
+    - FltAllocateContext
+    - FltCancelFileOpen
+    - FltQueryInformationFile
+    - FltReadFile
+    - FltParseFileNameInformation
+    - FltReleaseFileNameInformation
+    - FltGetFileNameInformation
+    - FltFreePoolAlignedWithTag
+    - FltAllocatePoolAlignedWithTag
+    - FltStartFiltering
+    - FltUnregisterFilter
+    - FltRegisterFilter
+    - FltBuildDefaultSecurityDescriptor
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Hardware Compatibility Publisher
+            ValidFrom: '2022-06-07 18:08:07'
+            ValidTo: '2023-06-01 18:08:07'
+            Signature: 4c967b89d7f96aa22dbaa9eee6cdc8dad16669620cd9c5c84bf3ca1ec4eaa4a67df9fafb84ba75fcec635f0a3d484541d890d65542406e5792504ecb8fd428068837b11d8e9d4cdb503608d0842dea48428247b46364746dc86b79cdc3379acb229e67b749ed31d3c6bcc88624bff3e066355d59b7ef9e715d3c3270506d1e794959edd8df2572505c15876ac0f42ed0d05f70214f50fb109627ab192b217d6a2bf503fe35811f6ffcf0585ae508c37589dc8015eea615f36ea2f1105c0f677a6758cb4898b57458cab4fc2e1c60f8af32baf51cb41b775e79815713693db878a935b1fb8232232310bba545e57c74d63a406968c36818974ea1e425839b83e81c94897f1b896d2974e32ff5a47f8bcefdebfde84a4d01c5918bf98aececb8edb2ef9dc697054676a10c04313f3a131469c978f2e7839f11a28e436936cc07e227fd705becbb54ba67c2eeaaa025658811de22f37e4ce51109c10ed94a65583cc4e4024432cedf41b3b18b175360b1f4e12a0cc9d562e7fabd80bacb78a74e9262a9a46c3d0a7757f71e4202522cb70d9591c77e1a4b0ca24739a9cef78f7d2fb376c4cf56a35b58deb7dba458bee058254bc3883ba356c79f458815e3bbcac600b063594db47ffdbb215783bf5c38c74a1fc6271a093aab79b4cf253c14b1eeb89f9c607d7956203166fa4420482b52ab4f3bd3f0e6bda4a13a018f0ecdb0a0
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 3300000058e7c589c068dca727000000000058
+            Version: 3
+            TBS:
+                MD5: d83c9268bb1f35e4ea0f81b7b876b4f8
+                SHA1: 6a784e02bf67f5791a85567716aa2d0fd701fcd0
+                SHA256: 00dab92fcb3753ac06147a6d8888b5731877d84979e3f178f572e3a1dff33fa8
+                SHA384: 75264b08d0862968698b184e6049337dbb3ddaab64c4cb71aaa8b990f10bc8b8660e2b1044da616784559b92f6b45280
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2014
+            ValidFrom: '2014-10-15 20:31:27'
+            ValidTo: '2029-10-15 20:41:27'
+            Signature: 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 330000000d690d5d7893d076df00000000000d
+            Version: 3
+            TBS:
+                MD5: 83f69422963f11c3c340b81712eef319
+                SHA1: 0c5e5f24590b53bc291e28583acb78e5adc95601
+                SHA256: d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
+                SHA384: 260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63
+        Signer:
+        -   SerialNumber: 3300000058e7c589c068dca727000000000058
+            Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2014
+            Version: 1
+    RichPEHeaderHash:
+        MD5: c0210f91c028886456549a7aa78f8147
+        SHA1: ea5478898d988d1bfa1287940ad74e5445f80a8d
+        SHA256: 820b53e3b20277040944a1286a3f401ca8fb24b4f93535dc570e2261632e2f26
+    Sections:
+        .text:
+            Entropy: 6.31806175189807
+            Virtual Size: '0x217b5'
+        .hook:
+            Entropy: 5.11599521430575
+            Virtual Size: '0x9af'
+        .rdata:
+            Entropy: 5.529476686216564
+            Virtual Size: '0x4744'
+        .data:
+            Entropy: 4.888903009535537
+            Virtual Size: '0x53c88'
+        .pdata:
+            Entropy: 5.138271966562841
+            Virtual Size: '0x8d0'
+        INIT:
+            Entropy: 5.334070329167121
+            Virtual Size: '0x1106'
+        .rsrc:
+            Entropy: 3.1501576835148613
+            Virtual Size: '0x298'
+        .reloc:
+            Entropy: 4.064239284774715
+            Virtual Size: '0x60'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2016-08-17 11:06:53'
+    Imphash: 3edc60bda68569cac7ad7604728ff40d
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: zam64.sys
+    MD5: 9e0659d443a2b9d1afc75a160f500605
+    SHA1: 09f117d83f2f206ee37f1eb19eea576a0ac9bdcc
+    SHA256: 8fe9828bea83adc8b1429394db7a556a17f79846ad0bfb7f242084a5c96edf2a
+    Authentihash:
+        MD5: 536527a09edbc7e8c174f7f7423a79a1
+        SHA1: 60d4d82640d4550c3e2cfba69f00b5c7472e4926
+        SHA256: dcf9bc1e511993fd8c87b8cab5c23366cc818cccc40617cabc8f242d4a8751d7
+    Description: ZAM
+    Company: Zemana Ltd.
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    Product: ZAM
+    ProductVersion: 2.17.115
+    Copyright: Zemana Ltd. All rights reserved.
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - ObfDereferenceObject
+    - ZwCreateFile
+    - ZwClose
+    - RtlUpperString
+    - RtlUpcaseUnicodeString
+    - PsGetCurrentProcessId
+    - ZwOpenProcess
+    - PsLookupProcessByProcessId
+    - ObQueryNameString
+    - FsRtlIsNameInExpression
+    - ZwQueryInformationProcess
+    - __C_specific_handler
+    - DbgPrint
+    - KeAcquireSpinLockRaiseToDpc
+    - KeReleaseSpinLock
+    - PsSetCreateProcessNotifyRoutine
+    - PsGetProcessImageFileName
+    - PsGetProcessSessionId
+    - RtlAppendUnicodeStringToString
+    - ZwDeleteValueKey
+    - ZwSetValueKey
+    - towupper
+    - RtlIntegerToUnicodeString
+    - RtlAppendUnicodeToString
+    - KeInitializeEvent
+    - KeSetEvent
+    - KeWaitForSingleObject
+    - KeAcquireSpinLockAtDpcLevel
+    - KeReleaseSpinLockFromDpcLevel
+    - MmProbeAndLockPages
+    - IoAllocateIrp
+    - IoAllocateMdl
+    - IofCallDriver
+    - IoFreeIrp
+    - IoFreeMdl
+    - IoGetDeviceObjectPointer
+    - IoGetRelatedDeviceObject
+    - ObCloseHandle
+    - ObfReferenceObject
+    - ZwQueryInformationFile
+    - ZwSetInformationFile
+    - ZwReadFile
+    - ZwWriteFile
+    - ZwOpenSymbolicLinkObject
+    - ZwQuerySymbolicLinkObject
+    - IoCreateFileSpecifyDeviceObjectHint
+    - ObReferenceObjectByHandle
+    - FsRtlGetFileSize
+    - ZwDeleteFile
+    - ZwQuerySystemInformation
+    - IoFileObjectType
+    - KeReadStateEvent
+    - ExQueueWorkItem
+    - ExGetPreviousMode
+    - MmGetSystemRoutineAddress
+    - NtOpenProcess
+    - ZwCreateEvent
+    - ZwWaitForSingleObject
+    - ZwSetEvent
+    - NtQuerySystemInformation
+    - ExEventObjectType
+    - NtBuildNumber
+    - ZwDeleteKey
+    - ObReferenceObjectByName
+    - IoDriverObjectType
+    - MmIsDriverVerifying
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - PsGetProcessId
+    - PsGetCurrentProcessSessionId
+    - ZwTerminateProcess
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - ZwOpenThread
+    - PsProcessType
+    - ExInterlockedInsertHeadList
+    - ExInterlockedRemoveHeadList
+    - CmRegisterCallback
+    - CmUnRegisterCallback
+    - RtlCreateRegistryKey
+    - ZwOpenKey
+    - ZwEnumerateKey
+    - ZwQueryKey
+    - ZwQueryValueKey
+    - RtlUnicodeStringToAnsiString
+    - RtlFreeAnsiString
+    - ProbeForWrite
+    - PsSetLoadImageNotifyRoutine
+    - PsRemoveLoadImageNotifyRoutine
+    - MmSystemRangeStart
+    - KeBugCheckEx
+    - ProbeForRead
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - KeDelayExecutionThread
+    - RtlGetVersion
+    - RtlCopyUnicodeString
+    - RtlInitUnicodeString
+    - wcsstr
+    - IoGetDeviceAttachmentBaseRef
+    - strstr
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=TR, L=Edirne, O=Zemana Ltd., CN=Zemana Ltd.
+            ValidFrom: '2014-12-16 00:00:00'
+            ValidTo: '2017-12-20 12:00:00'
+            Signature: 8a60d49cf93c42e609a5fc51877e8caee77cdc7848d3db41a9556d186c795f8f20e825c3be29056670c4414f35dc24e538606c0b1404c9b751e1fad91e2c136a5970c3c0edbb5a2391c47bb1d2782ff673636c6ec7bc2a69d06011f07dc957039835f50b6d5f342e75e00564be8edc0035aa4ae92d412dd38f347abff1d8ec9059ef25af4f5d1e20d6c5b2a5e69c7cba53c0f88901f7db044f11724be5a04b0d689c4f4fccef40d4a654954b67d5ecacf272c48a3d81ac0056c1d252f42bb403291f674642bd001d99b3846f0270b070d1487ef42e939193c949feb162e29ca5ad41d8d195b8e8f6e4c8dd79c46f27b06f9e15906df8f8fd9a850ba28f169468
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0210230fd364b469091b8a4440145e18
+            Version: 3
+            TBS:
+                MD5: 17e68f0650db3d4d698ef88ef963b47e
+                SHA1: 00162854ea07ea0a83aa941767277a5c3ab03c9d
+                SHA256: 7caefa120bfce12d33df6ed4ffefcb069a7290c90b378deca4ef2d66947eb18d
+                SHA384: e26234d027fe70850cbb5efc9c4e61196cdaa00339a64d729c6d4a57bd04d148b16c00e2855b79979787a76f4b860a25
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
+            Version: 3
+            TBS:
+                MD5: 829995f702421dea833a24fb2c7f4442
+                SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
+                SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
+                SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
+        Signer:
+        -   SerialNumber: 0210230fd364b469091b8a4440145e18
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            Version: 1
+    RichPEHeaderHash:
+        MD5: ae5755ef6edfaf47c756c813503d9491
+        SHA1: 12e5b706039cb80653dac2ed809faf430e392b64
+        SHA256: 9cb52aae7fdcaabee6e2e9b8640a4a386e7610f0fdedd53413fd1a9d1e7c044b
+    Sections:
+        .text:
+            Entropy: 6.39444173923497
+            Virtual Size: '0xb374'
+        .hook:
+            Entropy: 5.038393262108047
+            Virtual Size: '0x9af'
+        .rdata:
+            Entropy: 5.49649919697251
+            Virtual Size: '0x4354'
+        .data:
+            Entropy: 4.885486089888766
+            Virtual Size: '0x95b0'
+        .pdata:
+            Entropy: 4.837204199996544
+            Virtual Size: '0x774'
+        INIT:
+            Entropy: 5.364871219090765
+            Virtual Size: '0xcea'
+        .rsrc:
+            Entropy: 3.1027914592928436
+            Virtual Size: '0x270'
+        .reloc:
+            Entropy: 4.005527221234636
+            Virtual Size: '0x5c'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2015-08-30 06:52:48'
+    Imphash: 7fba20994f76fb31b9f5a2b3f0c00055
+    LoadsDespiteHVCI: 'TRUE'
+-   Filename: zamguard64.sys
+    MD5: 51e7b58f6e9b776568ffbd4dd9972a60
+    SHA1: 2cf75df00c69d907cfe683cb25077015d05be65d
+    SHA256: 9a95a70f68144980f2d684e96c79bdc93ebca1587f46afae6962478631e85d0c
+    Authentihash:
+        MD5: e03436e22127cd75a132169b627e5a3f
+        SHA1: b8d8e15e952b3fd2a510699d2124253565ecd611
+        SHA256: 082adcdc2d246d2291bcf135a7519840a84f27cfa3143d1372a9e2aa5e514dbd
+    Description: ZAM
+    Company: Zemana Ltd.
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    Product: ZAM
+    ProductVersion: 2.16.287
+    Copyright: Zemana Ltd. All rights reserved.
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - strstr
+    - wcsstr
+    - RtlInitUnicodeString
+    - RtlCopyUnicodeString
+    - RtlGetVersion
+    - KeDelayExecutionThread
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - ProbeForRead
+    - ObReferenceObjectByHandle
+    - ObfDereferenceObject
+    - ZwCreateFile
+    - ZwClose
+    - RtlUpperString
+    - RtlUpcaseUnicodeString
+    - PsGetCurrentProcessId
+    - ZwOpenProcess
+    - PsLookupProcessByProcessId
+    - ObQueryNameString
+    - FsRtlIsNameInExpression
+    - ZwQueryInformationProcess
+    - __C_specific_handler
+    - DbgPrint
+    - KeAcquireSpinLockRaiseToDpc
+    - KeReleaseSpinLock
+    - PsSetCreateProcessNotifyRoutine
+    - PsGetProcessImageFileName
+    - PsGetProcessSessionId
+    - RtlAppendUnicodeStringToString
+    - ZwDeleteValueKey
+    - ZwSetValueKey
+    - towupper
+    - RtlIntegerToUnicodeString
+    - RtlAppendUnicodeToString
+    - KeInitializeEvent
+    - KeSetEvent
+    - KeWaitForSingleObject
+    - KeAcquireSpinLockAtDpcLevel
+    - KeReleaseSpinLockFromDpcLevel
+    - MmProbeAndLockPages
+    - IoAllocateIrp
+    - IoAllocateMdl
+    - IofCallDriver
+    - IoFreeIrp
+    - IoFreeMdl
+    - IoGetDeviceObjectPointer
+    - IoGetRelatedDeviceObject
+    - ObCloseHandle
+    - ObfReferenceObject
+    - ZwQueryInformationFile
+    - ZwSetInformationFile
+    - ZwReadFile
+    - ZwWriteFile
+    - ZwOpenSymbolicLinkObject
+    - ZwQuerySymbolicLinkObject
+    - IoCreateFileSpecifyDeviceObjectHint
+    - IoGetDeviceAttachmentBaseRef
+    - FsRtlGetFileSize
+    - ZwDeleteFile
+    - ZwQuerySystemInformation
+    - IoFileObjectType
+    - KeReadStateEvent
+    - ExQueueWorkItem
+    - ExGetPreviousMode
+    - MmGetSystemRoutineAddress
+    - NtOpenProcess
+    - ZwCreateEvent
+    - ZwWaitForSingleObject
+    - ZwSetEvent
+    - NtQuerySystemInformation
+    - ExEventObjectType
+    - NtBuildNumber
+    - ZwDeleteKey
+    - ObReferenceObjectByName
+    - IoDriverObjectType
+    - MmIsDriverVerifying
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - PsGetCurrentProcessSessionId
+    - ZwTerminateProcess
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - ZwOpenThread
+    - PsProcessType
+    - ExInterlockedInsertHeadList
+    - ExInterlockedRemoveHeadList
+    - CmRegisterCallback
+    - CmUnRegisterCallback
+    - RtlCreateRegistryKey
+    - ZwOpenKey
+    - ZwEnumerateKey
+    - ZwQueryKey
+    - ZwQueryValueKey
+    - PsGetProcessId
+    - RtlUnicodeStringToAnsiString
+    - RtlFreeAnsiString
+    - ProbeForWrite
+    - PsSetLoadImageNotifyRoutine
+    - PsRemoveLoadImageNotifyRoutine
+    - MmSystemRangeStart
+    - KeBugCheckEx
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=TR, L=Edirne, O=Zemana Ltd., CN=Zemana Ltd.
+            ValidFrom: '2014-12-16 00:00:00'
+            ValidTo: '2017-12-20 12:00:00'
+            Signature: 8a60d49cf93c42e609a5fc51877e8caee77cdc7848d3db41a9556d186c795f8f20e825c3be29056670c4414f35dc24e538606c0b1404c9b751e1fad91e2c136a5970c3c0edbb5a2391c47bb1d2782ff673636c6ec7bc2a69d06011f07dc957039835f50b6d5f342e75e00564be8edc0035aa4ae92d412dd38f347abff1d8ec9059ef25af4f5d1e20d6c5b2a5e69c7cba53c0f88901f7db044f11724be5a04b0d689c4f4fccef40d4a654954b67d5ecacf272c48a3d81ac0056c1d252f42bb403291f674642bd001d99b3846f0270b070d1487ef42e939193c949feb162e29ca5ad41d8d195b8e8f6e4c8dd79c46f27b06f9e15906df8f8fd9a850ba28f169468
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0210230fd364b469091b8a4440145e18
+            Version: 3
+            TBS:
+                MD5: 17e68f0650db3d4d698ef88ef963b47e
+                SHA1: 00162854ea07ea0a83aa941767277a5c3ab03c9d
+                SHA256: 7caefa120bfce12d33df6ed4ffefcb069a7290c90b378deca4ef2d66947eb18d
+                SHA384: e26234d027fe70850cbb5efc9c4e61196cdaa00339a64d729c6d4a57bd04d148b16c00e2855b79979787a76f4b860a25
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
+            Version: 3
+            TBS:
+                MD5: 829995f702421dea833a24fb2c7f4442
+                SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
+                SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
+                SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
+        Signer:
+        -   SerialNumber: 0210230fd364b469091b8a4440145e18
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            Version: 1
+    RichPEHeaderHash:
+        MD5: e0c0e404602172aa48774d25d95566a0
+        SHA1: 0063132555d9e0100f871f754fde426fbd9ad317
+        SHA256: abed6bb7959144a794ce1a624a4c333b89d73ac622d253fca9f3aab4a3505783
+    Sections:
+        .text:
+            Entropy: 6.385878636968825
+            Virtual Size: '0xb224'
+        .hook:
+            Entropy: 5.044794310603694
+            Virtual Size: '0x9af'
+        .rdata:
+            Entropy: 5.531467293507371
+            Virtual Size: '0x41d4'
+        .data:
+            Entropy: 4.886572228837024
+            Virtual Size: '0x8f58'
+        .pdata:
+            Entropy: 4.807436318496407
+            Virtual Size: '0x75c'
+        INIT:
+            Entropy: 5.3696053533373425
+            Virtual Size: '0xcea'
+        .rsrc:
+            Entropy: 3.1111150668737135
+            Virtual Size: '0x270'
+        .reloc:
+            Entropy: 3.8191100346914766
+            Virtual Size: '0x54'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2015-06-30 07:29:29'
+    Imphash: 0e9dfd08346bbe128159bff440d13389
+    LoadsDespiteHVCI: 'TRUE'
+-   Filename: zamguard32.sys
+    MD5: 06897b431c07886454e0681723dd53e6
+    SHA1: 40d29aa7b3fafd27c8b27c7ca7a3089ccb88d69b
+    SHA256: ab2632a4d93a7f3b7598c06a9fdc773a1b1b69a7dd926bdb7cf578992628e9dd
+    Authentihash:
+        MD5: 4e0b0bd19c0f3c4a2a75e786474d9d06
+        SHA1: c5388c61135c7fe5617607206d663ac3eaef649c
+        SHA256: de99cea1cb680816afa10d2629a8067af1dc289d2d162a21b9dba71eb0e47745
+    Description: ZAM
+    Company: Zemana Ltd.
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    Product: ZAM
+    ProductVersion: 2.21.63
+    Copyright: Zemana Ltd. All rights reserved.
+    MachineType: I386
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    - FLTMGR.SYS
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - _allmul
+    - strchr
+    - RtlAppendUnicodeToString
+    - KeInitializeSemaphore
+    - KeReleaseSemaphore
+    - KeWaitForSingleObject
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - ZwQueryInformationFile
+    - ZwWriteFile
+    - PsGetCurrentThreadId
+    - ZwDeleteFile
+    - _vsnprintf
+    - PsThreadType
+    - KeQuerySystemTime
+    - PsSetCreateProcessNotifyRoutine
+    - PsGetProcessSessionId
+    - RtlAppendUnicodeStringToString
+    - ZwDeleteValueKey
+    - ZwSetValueKey
+    - towupper
+    - KeGetCurrentThread
+    - RtlIntegerToUnicodeString
+    - RtlCompareMemory
+    - KeInitializeEvent
+    - KeSetEvent
+    - KefAcquireSpinLockAtDpcLevel
+    - KefReleaseSpinLockFromDpcLevel
+    - MmProbeAndLockPages
+    - IoAllocateIrp
+    - IoAllocateMdl
+    - IofCallDriver
+    - IoFreeIrp
+    - IoFreeMdl
+    - IoGetDeviceObjectPointer
+    - IoGetRelatedDeviceObject
+    - ObCloseHandle
+    - ObfReferenceObject
+    - ZwSetInformationFile
+    - ZwReadFile
+    - ZwOpenSymbolicLinkObject
+    - ZwQuerySymbolicLinkObject
+    - IoCreateFileSpecifyDeviceObjectHint
+    - IoGetDeviceAttachmentBaseRef
+    - FsRtlGetFileSize
+    - ZwQuerySystemInformation
+    - IoFileObjectType
+    - ZwQueryInformationProcess
+    - ExQueueWorkItem
+    - ExGetPreviousMode
+    - MmGetSystemRoutineAddress
+    - NtOpenProcess
+    - ZwCreateEvent
+    - ZwWaitForSingleObject
+    - ZwSetEvent
+    - NtQuerySystemInformation
+    - ExEventObjectType
+    - NtBuildNumber
+    - ZwDeleteKey
+    - ObReferenceObjectByName
+    - IoDriverObjectType
+    - MmIsDriverVerifying
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - RtlSetDaclSecurityDescriptor
+    - MmMapLockedPagesSpecifyCache
+    - PsGetProcessId
+    - IoThreadToProcess
+    - PsGetCurrentProcessSessionId
+    - ZwTerminateProcess
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - ZwOpenThread
+    - PsProcessType
+    - ExfInterlockedInsertHeadList
+    - ExfInterlockedRemoveHeadList
+    - CmRegisterCallback
+    - CmUnRegisterCallback
+    - RtlCreateRegistryKey
+    - ZwOpenKey
+    - ZwEnumerateKey
+    - ZwQueryKey
+    - ZwQueryValueKey
+    - KeServiceDescriptorTable
+    - RtlUnicodeStringToAnsiString
+    - RtlFreeAnsiString
+    - ProbeForWrite
+    - PsSetLoadImageNotifyRoutine
+    - PsRemoveLoadImageNotifyRoutine
+    - PsGetProcessSectionBaseAddress
+    - MmSystemRangeStart
+    - KeBugCheckEx
+    - RtlUnwind
+    - PsGetProcessImageFileName
+    - FsRtlIsNameInExpression
+    - ObQueryNameString
+    - PsLookupProcessByProcessId
+    - PsGetCurrentProcessId
+    - ZwOpenProcess
+    - RtlUpcaseUnicodeString
+    - RtlUpperString
+    - ZwClose
+    - ZwCreateFile
+    - ObfDereferenceObject
+    - ObReferenceObjectByHandle
+    - ProbeForRead
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - KeDelayExecutionThread
+    - RtlGetVersion
+    - DbgPrint
+    - RtlCopyUnicodeString
+    - RtlInitUnicodeString
+    - wcsstr
+    - strstr
+    - _aullshr
+    - memcpy
+    - KeReadStateEvent
+    - memset
+    - KfRaiseIrql
+    - KfLowerIrql
+    - KfReleaseSpinLock
+    - KfAcquireSpinLock
+    - KeGetCurrentIrql
+    - FltSendMessage
+    - FltCloseCommunicationPort
+    - FltCreateCommunicationPort
+    - FltReleaseContext
+    - FltGetStreamHandleContext
+    - FltSetStreamHandleContext
+    - FltAllocateContext
+    - FltCancelFileOpen
+    - FltQueryInformationFile
+    - FltReadFile
+    - FltParseFileNameInformation
+    - FltReleaseFileNameInformation
+    - FltGetFileNameInformation
+    - FltFreePoolAlignedWithTag
+    - FltAllocatePoolAlignedWithTag
+    - FltStartFiltering
+    - FltUnregisterFilter
+    - FltRegisterFilter
+    - FltBuildDefaultSecurityDescriptor
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=TR, L=Edirne, O=Zemana Ltd., CN=Zemana Ltd.
+            ValidFrom: '2014-12-16 00:00:00'
+            ValidTo: '2017-12-20 12:00:00'
+            Signature: 8a60d49cf93c42e609a5fc51877e8caee77cdc7848d3db41a9556d186c795f8f20e825c3be29056670c4414f35dc24e538606c0b1404c9b751e1fad91e2c136a5970c3c0edbb5a2391c47bb1d2782ff673636c6ec7bc2a69d06011f07dc957039835f50b6d5f342e75e00564be8edc0035aa4ae92d412dd38f347abff1d8ec9059ef25af4f5d1e20d6c5b2a5e69c7cba53c0f88901f7db044f11724be5a04b0d689c4f4fccef40d4a654954b67d5ecacf272c48a3d81ac0056c1d252f42bb403291f674642bd001d99b3846f0270b070d1487ef42e939193c949feb162e29ca5ad41d8d195b8e8f6e4c8dd79c46f27b06f9e15906df8f8fd9a850ba28f169468
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0210230fd364b469091b8a4440145e18
+            Version: 3
+            TBS:
+                MD5: 17e68f0650db3d4d698ef88ef963b47e
+                SHA1: 00162854ea07ea0a83aa941767277a5c3ab03c9d
+                SHA256: 7caefa120bfce12d33df6ed4ffefcb069a7290c90b378deca4ef2d66947eb18d
+                SHA384: e26234d027fe70850cbb5efc9c4e61196cdaa00339a64d729c6d4a57bd04d148b16c00e2855b79979787a76f4b860a25
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
+            Version: 3
+            TBS:
+                MD5: 829995f702421dea833a24fb2c7f4442
+                SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
+                SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
+                SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
+        Signer:
+        -   SerialNumber: 0210230fd364b469091b8a4440145e18
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            Version: 1
+    RichPEHeaderHash:
+        MD5: bf4174b7e1b1688fc834924419fb2346
+        SHA1: 829a54d3ecb838b80db5f3231a409664bff1b987
+        SHA256: da5b2c2f97975f75865da42c25ff8a3f10f02a2eb3f7a80ccb37de3f16118e12
+    Sections:
+        .text:
+            Entropy: 6.572668371587258
+            Virtual Size: '0x1b995'
+        .hook:
+            Entropy: 4.580963402374781
+            Virtual Size: '0x889'
+        .rdata:
+            Entropy: 5.467252707390709
+            Virtual Size: '0x3934'
+        .data:
+            Entropy: 4.880345457711278
+            Virtual Size: '0x3668c'
+        INIT:
+            Entropy: 5.638118044252383
+            Virtual Size: '0xf8c'
+        .rsrc:
+            Entropy: 3.132774613745373
+            Virtual Size: '0x268'
+        .reloc:
+            Entropy: 6.750936493564276
+            Virtual Size: '0x222c'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2016-08-17 11:07:02'
+    Imphash: a49a51d7f2ae972483961eb64d17888e
+    LoadsDespiteHVCI: 'TRUE'
+-   Filename: zam64.sys
+    MD5: d4a10447fdaff7a001715191c1f914b6
+    SHA1: 628e63caf72c29042e162f5f7570105d2108e3c2
+    SHA256: d7e091e0d478c34232e8479b950c5513077b3a69309885cee4c61063e5f74ac0
+    Authentihash:
+        MD5: 8ff959801623fcaf37f6fde89a4aeec1
+        SHA1: b24f8e34221cb7eaa5bed2f177f6701380a0e71f
+        SHA256: 1a166e70dcaf3ef12836db1927953ee528e532cdae8165e67d776971e4cbc48c
+    Description: ZAM
+    Company: Zemana Ltd.
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: 2.11.1.510
+    Product: ZAM
+    ProductVersion: 2.11.1.510
+    Copyright: Zemana Ltd. All rights reserved.
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - strstr
+    - wcsstr
+    - RtlInitUnicodeString
+    - RtlCopyUnicodeString
+    - RtlGetVersion
+    - KeDelayExecutionThread
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - ProbeForRead
+    - ObReferenceObjectByHandle
+    - ObfDereferenceObject
+    - ZwCreateFile
+    - ZwClose
+    - RtlUpperString
+    - RtlUpcaseUnicodeString
+    - PsGetCurrentProcessId
+    - ZwOpenProcess
+    - PsLookupProcessByProcessId
+    - ObQueryNameString
+    - FsRtlIsNameInExpression
+    - ZwQueryInformationProcess
+    - __C_specific_handler
+    - DbgPrint
+    - KeAcquireSpinLockRaiseToDpc
+    - KeReleaseSpinLock
+    - PsSetCreateProcessNotifyRoutine
+    - PsGetProcessImageFileName
+    - PsGetProcessSessionId
+    - RtlAppendUnicodeStringToString
+    - ZwDeleteValueKey
+    - ZwSetValueKey
+    - towupper
+    - RtlIntegerToUnicodeString
+    - RtlAppendUnicodeToString
+    - KeInitializeEvent
+    - KeSetEvent
+    - KeWaitForSingleObject
+    - KeAcquireSpinLockAtDpcLevel
+    - KeReleaseSpinLockFromDpcLevel
+    - MmProbeAndLockPages
+    - IoAllocateIrp
+    - IoAllocateMdl
+    - IofCallDriver
+    - IoFreeIrp
+    - IoFreeMdl
+    - IoGetDeviceObjectPointer
+    - IoGetRelatedDeviceObject
+    - ObCloseHandle
+    - ObfReferenceObject
+    - ZwQueryInformationFile
+    - ZwSetInformationFile
+    - ZwReadFile
+    - ZwWriteFile
+    - ZwOpenSymbolicLinkObject
+    - ZwQuerySymbolicLinkObject
+    - IoCreateFileSpecifyDeviceObjectHint
+    - IoGetDeviceAttachmentBaseRef
+    - FsRtlGetFileSize
+    - ZwDeleteFile
+    - ZwQuerySystemInformation
+    - IoFileObjectType
+    - KeReadStateEvent
+    - ExQueueWorkItem
+    - ExGetPreviousMode
+    - MmGetSystemRoutineAddress
+    - NtOpenProcess
+    - ZwCreateEvent
+    - ZwWaitForSingleObject
+    - ZwSetEvent
+    - NtQuerySystemInformation
+    - ExEventObjectType
+    - NtBuildNumber
+    - ZwDeleteKey
+    - ObReferenceObjectByName
+    - IoDriverObjectType
+    - MmIsDriverVerifying
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - PsGetCurrentProcessSessionId
+    - ZwTerminateProcess
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - PsProcessType
+    - ExInterlockedInsertHeadList
+    - ExInterlockedRemoveHeadList
+    - CmRegisterCallback
+    - CmUnRegisterCallback
+    - RtlCreateRegistryKey
+    - ZwOpenKey
+    - ZwEnumerateKey
+    - ZwQueryKey
+    - ZwQueryValueKey
+    - PsGetProcessId
+    - RtlUnicodeStringToAnsiString
+    - RtlFreeAnsiString
+    - PsSetLoadImageNotifyRoutine
+    - PsRemoveLoadImageNotifyRoutine
+    - MmSystemRangeStart
+    - KeBugCheckEx
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=TR, L=Edirne, O=Zemana Ltd., CN=Zemana Ltd.
+            ValidFrom: '2014-12-16 00:00:00'
+            ValidTo: '2017-12-20 12:00:00'
+            Signature: 8a60d49cf93c42e609a5fc51877e8caee77cdc7848d3db41a9556d186c795f8f20e825c3be29056670c4414f35dc24e538606c0b1404c9b751e1fad91e2c136a5970c3c0edbb5a2391c47bb1d2782ff673636c6ec7bc2a69d06011f07dc957039835f50b6d5f342e75e00564be8edc0035aa4ae92d412dd38f347abff1d8ec9059ef25af4f5d1e20d6c5b2a5e69c7cba53c0f88901f7db044f11724be5a04b0d689c4f4fccef40d4a654954b67d5ecacf272c48a3d81ac0056c1d252f42bb403291f674642bd001d99b3846f0270b070d1487ef42e939193c949feb162e29ca5ad41d8d195b8e8f6e4c8dd79c46f27b06f9e15906df8f8fd9a850ba28f169468
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0210230fd364b469091b8a4440145e18
+            Version: 3
+            TBS:
+                MD5: 17e68f0650db3d4d698ef88ef963b47e
+                SHA1: 00162854ea07ea0a83aa941767277a5c3ab03c9d
+                SHA256: 7caefa120bfce12d33df6ed4ffefcb069a7290c90b378deca4ef2d66947eb18d
+                SHA384: e26234d027fe70850cbb5efc9c4e61196cdaa00339a64d729c6d4a57bd04d148b16c00e2855b79979787a76f4b860a25
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
+            Version: 3
+            TBS:
+                MD5: 829995f702421dea833a24fb2c7f4442
+                SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
+                SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
+                SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
+        Signer:
+        -   SerialNumber: 0210230fd364b469091b8a4440145e18
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 03ecbde4b65b5fc87f13e1aac3284168
+        SHA1: 40790d40c391b7325d1843e2c39597720c8c4f69
+        SHA256: 86aa19cd5e2beaf013e66553b916cc39a8c456d7000e46bcfc4719eda41206b5
+    Sections:
+        .text:
+            Entropy: 6.391414310346214
+            Virtual Size: '0xaf64'
+        .hook:
+            Entropy: 5.064996868770916
+            Virtual Size: '0x9af'
+        .rdata:
+            Entropy: 5.536191925684008
+            Virtual Size: '0x414c'
+        .data:
+            Entropy: 4.88510732017845
+            Virtual Size: '0x8f58'
+        .pdata:
+            Entropy: 4.8352396491085745
+            Virtual Size: '0x720'
+        INIT:
+            Entropy: 5.371003736727007
+            Virtual Size: '0xcba'
+        .rsrc:
+            Entropy: 3.2000366091764283
+            Virtual Size: '0x2a8'
+        .reloc:
+            Entropy: 3.7715246176915187
+            Virtual Size: '0x54'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2015-05-12 07:14:11'
+    Imphash: 089e8a8f2bb007852c63b64e66430293
+    LoadsDespiteHVCI: 'TRUE'
+-   Filename: zam64.sys
+    MD5: 75e50ae2e0f783e0caf912f45e15248a
+    SHA1: a3d612a5ea3439ba72157bd96e390070bdddbbf3
+    SHA256: de8f8006d8ee429b5f333503defa54b25447f4ed6aeade5e4219e23f3473ef1c
+    Authentihash:
+        MD5: cf4707d1cc2b1d1344058ac750e4e61e
+        SHA1: 3bd3de766013c31d87545bd7affd8e52c4e24f72
+        SHA256: e5316670c0bddc0519ef96b2db89285a8620a260429a97f9d2cf5b58b0287d91
+    Description: ZAM
+    Company: Zemana Ltd.
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    Product: ZAM
+    ProductVersion: 2.20.104
+    Copyright: Zemana Ltd. All rights reserved.
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - FsRtlIsNameInExpression
+    - PsGetProcessImageFileName
+    - ZwQueryInformationProcess
+    - __C_specific_handler
+    - strchr
+    - RtlAppendUnicodeToString
+    - KeInitializeSemaphore
+    - KeReleaseSemaphore
+    - KeWaitForSingleObject
+    - KeAcquireSpinLockRaiseToDpc
+    - KeReleaseSpinLock
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - ZwQueryInformationFile
+    - ZwWriteFile
+    - PsGetCurrentThreadId
+    - ZwDeleteFile
+    - _vsnprintf
+    - PsThreadType
+    - PsSetCreateProcessNotifyRoutine
+    - PsGetProcessSessionId
+    - RtlAppendUnicodeStringToString
+    - ZwDeleteValueKey
+    - ZwSetValueKey
+    - towupper
+    - RtlIntegerToUnicodeString
+    - KeInitializeEvent
+    - KeSetEvent
+    - KeAcquireSpinLockAtDpcLevel
+    - KeReleaseSpinLockFromDpcLevel
+    - MmProbeAndLockPages
+    - IoAllocateIrp
+    - IoAllocateMdl
+    - IofCallDriver
+    - IoFreeIrp
+    - IoFreeMdl
+    - IoGetDeviceObjectPointer
+    - IoGetRelatedDeviceObject
+    - ObCloseHandle
+    - ObfReferenceObject
+    - ZwSetInformationFile
+    - ZwReadFile
+    - ZwOpenSymbolicLinkObject
+    - ZwQuerySymbolicLinkObject
+    - IoCreateFileSpecifyDeviceObjectHint
+    - IoGetDeviceAttachmentBaseRef
+    - FsRtlGetFileSize
+    - ObQueryNameString
+    - IoFileObjectType
+    - KeReadStateEvent
+    - ExQueueWorkItem
+    - ExGetPreviousMode
+    - MmGetSystemRoutineAddress
+    - NtOpenProcess
+    - ZwCreateEvent
+    - ZwWaitForSingleObject
+    - ZwSetEvent
+    - NtQuerySystemInformation
+    - ExEventObjectType
+    - NtBuildNumber
+    - ZwDeleteKey
+    - ObReferenceObjectByName
+    - IoDriverObjectType
+    - MmIsDriverVerifying
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - RtlSetDaclSecurityDescriptor
+    - MmMapLockedPagesSpecifyCache
+    - PsGetProcessId
+    - IoThreadToProcess
+    - PsGetCurrentProcessSessionId
+    - ZwTerminateProcess
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - ZwOpenThread
+    - PsProcessType
+    - ExInterlockedInsertHeadList
+    - ExInterlockedRemoveHeadList
+    - CmRegisterCallback
+    - CmUnRegisterCallback
+    - RtlCreateRegistryKey
+    - ZwOpenKey
+    - ZwEnumerateKey
+    - ZwQueryKey
+    - ZwQueryValueKey
+    - RtlUnicodeStringToAnsiString
+    - RtlFreeAnsiString
+    - ProbeForWrite
+    - PsSetLoadImageNotifyRoutine
+    - PsRemoveLoadImageNotifyRoutine
+    - PsGetProcessSectionBaseAddress
+    - MmSystemRangeStart
+    - KeBugCheckEx
+    - PsLookupProcessByProcessId
+    - ZwOpenProcess
+    - PsGetCurrentProcessId
+    - RtlUpcaseUnicodeString
+    - RtlUpperString
+    - ZwClose
+    - ZwCreateFile
+    - ObfDereferenceObject
+    - ObReferenceObjectByHandle
+    - ProbeForRead
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - KeDelayExecutionThread
+    - RtlGetVersion
+    - RtlCopyUnicodeString
+    - RtlInitUnicodeString
+    - wcsstr
+    - strstr
+    - ZwQuerySystemInformation
+    - DbgPrint
+    - FltSendMessage
+    - FltCloseCommunicationPort
+    - FltCreateCommunicationPort
+    - FltReleaseContext
+    - FltGetStreamHandleContext
+    - FltSetStreamHandleContext
+    - FltAllocateContext
+    - FltCancelFileOpen
+    - FltQueryInformationFile
+    - FltReadFile
+    - FltParseFileNameInformation
+    - FltReleaseFileNameInformation
+    - FltGetFileNameInformation
+    - FltFreePoolAlignedWithTag
+    - FltAllocatePoolAlignedWithTag
+    - FltStartFiltering
+    - FltUnregisterFilter
+    - FltRegisterFilter
+    - FltBuildDefaultSecurityDescriptor
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=TR, L=Edirne, O=Zemana Ltd., CN=Zemana Ltd.
+            ValidFrom: '2014-12-16 00:00:00'
+            ValidTo: '2017-12-20 12:00:00'
+            Signature: 8a60d49cf93c42e609a5fc51877e8caee77cdc7848d3db41a9556d186c795f8f20e825c3be29056670c4414f35dc24e538606c0b1404c9b751e1fad91e2c136a5970c3c0edbb5a2391c47bb1d2782ff673636c6ec7bc2a69d06011f07dc957039835f50b6d5f342e75e00564be8edc0035aa4ae92d412dd38f347abff1d8ec9059ef25af4f5d1e20d6c5b2a5e69c7cba53c0f88901f7db044f11724be5a04b0d689c4f4fccef40d4a654954b67d5ecacf272c48a3d81ac0056c1d252f42bb403291f674642bd001d99b3846f0270b070d1487ef42e939193c949feb162e29ca5ad41d8d195b8e8f6e4c8dd79c46f27b06f9e15906df8f8fd9a850ba28f169468
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0210230fd364b469091b8a4440145e18
+            Version: 3
+            TBS:
+                MD5: 17e68f0650db3d4d698ef88ef963b47e
+                SHA1: 00162854ea07ea0a83aa941767277a5c3ab03c9d
+                SHA256: 7caefa120bfce12d33df6ed4ffefcb069a7290c90b378deca4ef2d66947eb18d
+                SHA384: e26234d027fe70850cbb5efc9c4e61196cdaa00339a64d729c6d4a57bd04d148b16c00e2855b79979787a76f4b860a25
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
+            Version: 3
+            TBS:
+                MD5: 829995f702421dea833a24fb2c7f4442
+                SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
+                SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
+                SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
+        Signer:
+        -   SerialNumber: 0210230fd364b469091b8a4440145e18
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            Version: 1
+    RichPEHeaderHash:
+        MD5: de13056bb6ad645db28aad154de62bbd
+        SHA1: fab3d62fdad6b298341cc10935165f8e565b4f0b
+        SHA256: a0d4900197b774247b0cb136ab600bfdb16e2ea139e80b8ee4bd0cc768223a5a
+    Sections:
+        .text:
+            Entropy: 5.993512424846143
+            Virtual Size: '0x2c275'
+        .hook:
+            Entropy: 5.054306709915981
+            Virtual Size: '0x9cf'
+        .rdata:
+            Entropy: 5.401668155372347
+            Virtual Size: '0x43d4'
+        .data:
+            Entropy: 4.886684982431987
+            Virtual Size: '0x53c88'
+        .pdata:
+            Entropy: 5.218831215225971
+            Virtual Size: '0xa38'
+        INIT:
+            Entropy: 5.34672539398453
+            Virtual Size: '0x1106'
+        .rsrc:
+            Entropy: 3.099017887403996
+            Virtual Size: '0x270'
+        .reloc:
+            Entropy: 4.067679213183045
+            Virtual Size: '0x60'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2016-04-01 04:23:58'
+    Imphash: 5f6fd4ffba177389f414dd1a6ded24b4
+    LoadsDespiteHVCI: 'TRUE'
+-   Filename: zam64.sys
+    MD5: 5054083cf29649a76c94658ba7ff5bce
+    SHA1: dd4cd182192b43d4105786ba87f55a036ec45ef2
+    SHA256: e428ddf9afc9b2d11e2271f0a67a2d6638b860c2c12d4b8cc63d33f3349ee93f
+    Authentihash:
+        MD5: 8d4a371e8da97e8dfd254e7b860bf147
+        SHA1: d2a888f664ffa91e876dbd797ca1fc95c511c5bc
+        SHA256: 27f5c5eb9a5fc9e02d3ac3cd83fc26b07f3d0143b03db69d6dcf7554d0c50fb6
+    Description: ZAM
+    Company: Zemana Ltd.
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    Product: ZAM
+    ProductVersion: 2.17.984
+    Copyright: Zemana Ltd. All rights reserved.
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - RtlUpperString
+    - RtlUpcaseUnicodeString
+    - PsGetCurrentProcessId
+    - ZwOpenProcess
+    - PsLookupProcessByProcessId
+    - ObQueryNameString
+    - FsRtlIsNameInExpression
+    - ZwQueryInformationProcess
+    - __C_specific_handler
+    - DbgPrint
+    - KeAcquireSpinLockRaiseToDpc
+    - KeReleaseSpinLock
+    - PsSetCreateProcessNotifyRoutine
+    - PsGetProcessImageFileName
+    - PsGetProcessSessionId
+    - RtlAppendUnicodeStringToString
+    - ZwDeleteValueKey
+    - ZwSetValueKey
+    - towupper
+    - RtlIntegerToUnicodeString
+    - RtlAppendUnicodeToString
+    - KeInitializeEvent
+    - KeSetEvent
+    - KeWaitForSingleObject
+    - KeAcquireSpinLockAtDpcLevel
+    - KeReleaseSpinLockFromDpcLevel
+    - MmProbeAndLockPages
+    - IoAllocateIrp
+    - IoAllocateMdl
+    - IofCallDriver
+    - IoFreeIrp
+    - IoFreeMdl
+    - IoGetDeviceObjectPointer
+    - IoGetRelatedDeviceObject
+    - ObCloseHandle
+    - ObfReferenceObject
+    - ZwQueryInformationFile
+    - ZwSetInformationFile
+    - ZwReadFile
+    - ZwWriteFile
+    - ZwOpenSymbolicLinkObject
+    - ZwQuerySymbolicLinkObject
+    - IoCreateFileSpecifyDeviceObjectHint
+    - IoGetDeviceAttachmentBaseRef
+    - FsRtlGetFileSize
+    - ZwDeleteFile
+    - ZwClose
+    - IoFileObjectType
+    - KeReadStateEvent
+    - ExQueueWorkItem
+    - ExGetPreviousMode
+    - MmGetSystemRoutineAddress
+    - NtOpenProcess
+    - ZwCreateEvent
+    - ZwWaitForSingleObject
+    - ZwSetEvent
+    - NtQuerySystemInformation
+    - ExEventObjectType
+    - NtBuildNumber
+    - ZwDeleteKey
+    - ObReferenceObjectByName
+    - IoDriverObjectType
+    - MmIsDriverVerifying
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - RtlSetDaclSecurityDescriptor
+    - PsGetProcessId
+    - PsGetCurrentProcessSessionId
+    - ZwTerminateProcess
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - ZwOpenThread
+    - PsProcessType
+    - ExInterlockedInsertHeadList
+    - ExInterlockedRemoveHeadList
+    - CmRegisterCallback
+    - CmUnRegisterCallback
+    - RtlCreateRegistryKey
+    - ZwOpenKey
+    - ZwEnumerateKey
+    - ZwQueryKey
+    - ZwQueryValueKey
+    - RtlUnicodeStringToAnsiString
+    - RtlFreeAnsiString
+    - ProbeForWrite
+    - PsSetLoadImageNotifyRoutine
+    - PsRemoveLoadImageNotifyRoutine
+    - MmSystemRangeStart
+    - KeBugCheckEx
+    - ZwCreateFile
+    - ObfDereferenceObject
+    - ObReferenceObjectByHandle
+    - ProbeForRead
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - KeDelayExecutionThread
+    - RtlGetVersion
+    - RtlCopyUnicodeString
+    - RtlInitUnicodeString
+    - wcsstr
+    - ZwQuerySystemInformation
+    - strstr
+    - FltSendMessage
+    - FltCloseCommunicationPort
+    - FltCreateCommunicationPort
+    - FltStartFiltering
+    - FltUnregisterFilter
+    - FltRegisterFilter
+    - FltBuildDefaultSecurityDescriptor
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=TR, L=Edirne, O=Zemana Ltd., CN=Zemana Ltd.
+            ValidFrom: '2014-12-16 00:00:00'
+            ValidTo: '2017-12-20 12:00:00'
+            Signature: 8a60d49cf93c42e609a5fc51877e8caee77cdc7848d3db41a9556d186c795f8f20e825c3be29056670c4414f35dc24e538606c0b1404c9b751e1fad91e2c136a5970c3c0edbb5a2391c47bb1d2782ff673636c6ec7bc2a69d06011f07dc957039835f50b6d5f342e75e00564be8edc0035aa4ae92d412dd38f347abff1d8ec9059ef25af4f5d1e20d6c5b2a5e69c7cba53c0f88901f7db044f11724be5a04b0d689c4f4fccef40d4a654954b67d5ecacf272c48a3d81ac0056c1d252f42bb403291f674642bd001d99b3846f0270b070d1487ef42e939193c949feb162e29ca5ad41d8d195b8e8f6e4c8dd79c46f27b06f9e15906df8f8fd9a850ba28f169468
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0210230fd364b469091b8a4440145e18
+            Version: 3
+            TBS:
+                MD5: 17e68f0650db3d4d698ef88ef963b47e
+                SHA1: 00162854ea07ea0a83aa941767277a5c3ab03c9d
+                SHA256: 7caefa120bfce12d33df6ed4ffefcb069a7290c90b378deca4ef2d66947eb18d
+                SHA384: e26234d027fe70850cbb5efc9c4e61196cdaa00339a64d729c6d4a57bd04d148b16c00e2855b79979787a76f4b860a25
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
+            Version: 3
+            TBS:
+                MD5: 829995f702421dea833a24fb2c7f4442
+                SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
+                SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
+                SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
+        Signer:
+        -   SerialNumber: 0210230fd364b469091b8a4440145e18
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 665ad4c00f9eec6edc1f766ccac676f0
+        SHA1: 08d0338ae7414b104b0fa26a31d46b90e001bd19
+        SHA256: 02f7c54750b6c80addc5b62d3517dfc10363a27e0277cc87d5c12136d341d484
+    Sections:
+        .text:
+            Entropy: 6.399466980549077
+            Virtual Size: '0xbae4'
+        .hook:
+            Entropy: 5.065053175214044
+            Virtual Size: '0x9af'
+        .rdata:
+            Entropy: 5.476727334664607
+            Virtual Size: '0x43ec'
+        .data:
+            Entropy: 4.8858201894451
+            Virtual Size: '0x30398'
+        .pdata:
+            Entropy: 4.828897068133496
+            Virtual Size: '0x7c8'
+        INIT:
+            Entropy: 5.313494891405246
+            Virtual Size: '0xe24'
+        .rsrc:
+            Entropy: 3.118718502578378
+            Virtual Size: '0x270'
+        .reloc:
+            Entropy: 3.983795976674783
+            Virtual Size: '0x58'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2015-10-22 05:36:54'
+    Imphash: 519cf5394541bf5e2869edeec81521e1
+    LoadsDespiteHVCI: 'TRUE'
+-   Filename: zam64.sys
+    MD5: 21e13f2cb269defeae5e1d09887d47bb
+    SHA1: 16d7ecf09fc98798a6170e4cef2745e0bee3f5c7
+    SHA256: 543991ca8d1c65113dff039b85ae3f9a87f503daec30f46929fd454bc57e5a91
+    Signature:
+    - Zemana Ltd.
+    - DigiCert High Assurance Code Signing CA-1
+    - DigiCert
+    Date: ''
+    Publisher: ''
+    Company: Zemana Ltd.
+    Description: ZAM
+    Product: ZAM
+    ProductVersion: 2.21.63
+    FileVersion: ''
+    MachineType: AMD64
+    OriginalFilename: ''
+    Authentihash:
+        MD5: 3f2771b22553380efcee72a27dc4d96c
+        SHA1: 0d15b7de0f1129b540f48d7a3cba2c6bf5d44112
+        SHA256: ceb1bf90d8652dac481fba362e5c3a6548a116897e729733f2be27f4edc5fc1f
+    InternalName: ''
+    Copyright: Zemana Ltd. All rights reserved.
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - FsRtlIsNameInExpression
+    - PsGetProcessImageFileName
+    - ZwQueryInformationProcess
+    - __C_specific_handler
+    - strchr
+    - RtlAppendUnicodeToString
+    - KeInitializeSemaphore
+    - KeReleaseSemaphore
+    - KeWaitForSingleObject
+    - KeAcquireSpinLockRaiseToDpc
+    - KeReleaseSpinLock
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - ZwQueryInformationFile
+    - ZwWriteFile
+    - PsGetCurrentThreadId
+    - ZwDeleteFile
+    - _vsnprintf
+    - PsThreadType
+    - PsSetCreateProcessNotifyRoutine
+    - PsGetProcessSessionId
+    - RtlAppendUnicodeStringToString
+    - ZwDeleteValueKey
+    - ZwSetValueKey
+    - towupper
+    - RtlIntegerToUnicodeString
+    - KeInitializeEvent
+    - KeSetEvent
+    - KeAcquireSpinLockAtDpcLevel
+    - KeReleaseSpinLockFromDpcLevel
+    - MmProbeAndLockPages
+    - IoAllocateIrp
+    - IoAllocateMdl
+    - IofCallDriver
+    - IoFreeIrp
+    - IoFreeMdl
+    - IoGetDeviceObjectPointer
+    - IoGetRelatedDeviceObject
+    - ObCloseHandle
+    - ObfReferenceObject
+    - ZwSetInformationFile
+    - ZwReadFile
+    - ZwOpenSymbolicLinkObject
+    - ZwQuerySymbolicLinkObject
+    - IoCreateFileSpecifyDeviceObjectHint
+    - IoGetDeviceAttachmentBaseRef
+    - FsRtlGetFileSize
+    - ObQueryNameString
+    - IoFileObjectType
+    - KeReadStateEvent
+    - ExQueueWorkItem
+    - ExGetPreviousMode
+    - MmGetSystemRoutineAddress
+    - NtOpenProcess
+    - ZwCreateEvent
+    - ZwWaitForSingleObject
+    - ZwSetEvent
+    - NtQuerySystemInformation
+    - ExEventObjectType
+    - NtBuildNumber
+    - ZwDeleteKey
+    - ObReferenceObjectByName
+    - IoDriverObjectType
+    - MmIsDriverVerifying
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - RtlSetDaclSecurityDescriptor
+    - MmMapLockedPagesSpecifyCache
+    - PsGetProcessId
+    - IoThreadToProcess
+    - PsGetCurrentProcessSessionId
+    - ZwTerminateProcess
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - ZwOpenThread
+    - PsProcessType
+    - ExInterlockedInsertHeadList
+    - ExInterlockedRemoveHeadList
+    - CmRegisterCallback
+    - CmUnRegisterCallback
+    - RtlCreateRegistryKey
+    - ZwOpenKey
+    - ZwEnumerateKey
+    - ZwQueryKey
+    - ZwQueryValueKey
+    - RtlUnicodeStringToAnsiString
+    - RtlFreeAnsiString
+    - ProbeForWrite
+    - PsSetLoadImageNotifyRoutine
+    - PsRemoveLoadImageNotifyRoutine
+    - PsGetProcessSectionBaseAddress
+    - MmSystemRangeStart
+    - KeBugCheckEx
+    - PsLookupProcessByProcessId
+    - ZwOpenProcess
+    - PsGetCurrentProcessId
+    - RtlUpcaseUnicodeString
+    - RtlUpperString
+    - ZwClose
+    - ZwCreateFile
+    - ObfDereferenceObject
+    - ObReferenceObjectByHandle
+    - ProbeForRead
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - KeDelayExecutionThread
+    - RtlGetVersion
+    - DbgPrint
+    - RtlCopyUnicodeString
+    - RtlInitUnicodeString
+    - wcsstr
+    - ZwQuerySystemInformation
+    - strstr
+    - FltSendMessage
+    - FltCloseCommunicationPort
+    - FltCreateCommunicationPort
+    - FltReleaseContext
+    - FltGetStreamHandleContext
+    - FltSetStreamHandleContext
+    - FltAllocateContext
+    - FltCancelFileOpen
+    - FltQueryInformationFile
+    - FltReadFile
+    - FltParseFileNameInformation
+    - FltReleaseFileNameInformation
+    - FltGetFileNameInformation
+    - FltFreePoolAlignedWithTag
+    - FltAllocatePoolAlignedWithTag
+    - FltStartFiltering
+    - FltUnregisterFilter
+    - FltRegisterFilter
+    - FltBuildDefaultSecurityDescriptor
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=TR, L=Edirne, O=Zemana Ltd., CN=Zemana Ltd.
+            ValidFrom: '2014-12-16 00:00:00'
+            ValidTo: '2017-12-20 12:00:00'
+            Signature: 8a60d49cf93c42e609a5fc51877e8caee77cdc7848d3db41a9556d186c795f8f20e825c3be29056670c4414f35dc24e538606c0b1404c9b751e1fad91e2c136a5970c3c0edbb5a2391c47bb1d2782ff673636c6ec7bc2a69d06011f07dc957039835f50b6d5f342e75e00564be8edc0035aa4ae92d412dd38f347abff1d8ec9059ef25af4f5d1e20d6c5b2a5e69c7cba53c0f88901f7db044f11724be5a04b0d689c4f4fccef40d4a654954b67d5ecacf272c48a3d81ac0056c1d252f42bb403291f674642bd001d99b3846f0270b070d1487ef42e939193c949feb162e29ca5ad41d8d195b8e8f6e4c8dd79c46f27b06f9e15906df8f8fd9a850ba28f169468
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0210230fd364b469091b8a4440145e18
+            Version: 3
+            TBS:
+                MD5: 17e68f0650db3d4d698ef88ef963b47e
+                SHA1: 00162854ea07ea0a83aa941767277a5c3ab03c9d
+                SHA256: 7caefa120bfce12d33df6ed4ffefcb069a7290c90b378deca4ef2d66947eb18d
+                SHA384: e26234d027fe70850cbb5efc9c4e61196cdaa00339a64d729c6d4a57bd04d148b16c00e2855b79979787a76f4b860a25
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
+            Version: 3
+            TBS:
+                MD5: 829995f702421dea833a24fb2c7f4442
+                SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
+                SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
+                SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
+        Signer:
+        -   SerialNumber: 0210230fd364b469091b8a4440145e18
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            Version: 1
+    RichPEHeaderHash:
+        MD5: c0210f91c028886456549a7aa78f8147
+        SHA1: ea5478898d988d1bfa1287940ad74e5445f80a8d
+        SHA256: 820b53e3b20277040944a1286a3f401ca8fb24b4f93535dc570e2261632e2f26
+    Sections:
+        .text:
+            Entropy: 6.318212914980563
+            Virtual Size: '0x217b5'
+        .hook:
+            Entropy: 5.11599521430575
+            Virtual Size: '0x9af'
+        .rdata:
+            Entropy: 5.529476686216564
+            Virtual Size: '0x4744'
+        .data:
+            Entropy: 4.888903009535537
+            Virtual Size: '0x53c88'
+        .pdata:
+            Entropy: 5.138271966562841
+            Virtual Size: '0x8d0'
+        INIT:
+            Entropy: 5.334070329167121
+            Virtual Size: '0x1106'
+        .rsrc:
+            Entropy: 3.11126789304551
+            Virtual Size: '0x268'
+        .reloc:
+            Entropy: 4.064239284774715
+            Virtual Size: '0x60'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2016-08-17 11:06:53'
+    Imphash: 3edc60bda68569cac7ad7604728ff40d
+    LoadsDespiteHVCI: 'TRUE'
diff --git a/yaml/e6338692-90e0-41b1-9481-a47e0df144ad.yaml b/yaml/e6338692-90e0-41b1-9481-a47e0df144ad.yaml
index 9afc6f75b..bfb24aa5a 100644
--- a/yaml/e6338692-90e0-41b1-9481-a47e0df144ad.yaml
+++ b/yaml/e6338692-90e0-41b1-9481-a47e0df144ad.yaml
@@ -1,74 +1,74 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: e6338692-90e0-41b1-9481-a47e0df144ad
+Tags:
+- fidpcidrv.sys
+Verified: 'FALSE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create fidpcidrv.sys binPath=C:\windows\temp\fidpcidrv.sys type=kernel
-    && sc.exe start fidpcidrv.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection: []
-Id: e6338692-90e0-41b1-9481-a47e0df144ad
-KnownVulnerableSamples:
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: fidpcidrv.sys
-  MachineType: ''
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: 08596732304351b311970ff96b21f451f23b1e25
-  Signature: []
-  LoadsDespiteHVCI: 'FALSE'
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: fidpcidrv.sys
-  MachineType: ''
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: 7838fb56fdab816bc1900a4720eea2fc9972ef7a
-  Signature: []
-  LoadsDespiteHVCI: 'FALSE'
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: fidpcidrv.sys
-  MachineType: ''
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: 4789b910023a667bee70ff1f1a8f369cffb10fe8
-  Signature: []
-  LoadsDespiteHVCI: 'FALSE'
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: fidpcidrv.sys
-  MachineType: ''
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: eeff4ec4ebc12c6acd2c930dc2eaaf877cfec7ec
-  Signature: []
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create fidpcidrv.sys binPath=C:\windows\temp\fidpcidrv.sys type=kernel
+        && sc.exe start fidpcidrv.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules
-Tags:
-- fidpcidrv.sys
-Verified: 'FALSE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: fidpcidrv.sys
+    MachineType: ''
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: 08596732304351b311970ff96b21f451f23b1e25
+    Signature: []
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: fidpcidrv.sys
+    MachineType: ''
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: 7838fb56fdab816bc1900a4720eea2fc9972ef7a
+    Signature: []
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: fidpcidrv.sys
+    MachineType: ''
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: 4789b910023a667bee70ff1f1a8f369cffb10fe8
+    Signature: []
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: fidpcidrv.sys
+    MachineType: ''
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: eeff4ec4ebc12c6acd2c930dc2eaaf877cfec7ec
+    Signature: []
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/e71f0866-e317-44d4-a456-d6f0c555aa73.yaml b/yaml/e71f0866-e317-44d4-a456-d6f0c555aa73.yaml
index 2d8e2e982..77646fa61 100644
--- a/yaml/e71f0866-e317-44d4-a456-d6f0c555aa73.yaml
+++ b/yaml/e71f0866-e317-44d4-a456-d6f0c555aa73.yaml
@@ -1,35 +1,35 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: e71f0866-e317-44d4-a456-d6f0c555aa73
+Tags:
+- nt6.sys
+Verified: 'FALSE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create nt6.sys binPath=C:\windows\temp \n \n \n  t6.sys type=kernel
-    && sc.exe start nt6.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection: []
-Id: e71f0866-e317-44d4-a456-d6f0c555aa73
-KnownVulnerableSamples:
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: nt6.sys
-  MachineType: ''
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA256: 15c53eb3a0ea44bbd2901a45a6ebeae29bb123f9c1115c38dfb2cdbec0642229
-  Signature: []
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create nt6.sys binPath=C:\windows\temp \n \n \n  t6.sys type=kernel
+        && sc.exe start nt6.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules
-Tags:
-- nt6.sys
-Verified: 'FALSE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: nt6.sys
+    MachineType: ''
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA256: 15c53eb3a0ea44bbd2901a45a6ebeae29bb123f9c1115c38dfb2cdbec0642229
+    Signature: []
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/e769d1f6-8a38-426f-b5e7-447241204ee1.yaml b/yaml/e769d1f6-8a38-426f-b5e7-447241204ee1.yaml
index 23c45418f..2237936fa 100644
--- a/yaml/e769d1f6-8a38-426f-b5e7-447241204ee1.yaml
+++ b/yaml/e769d1f6-8a38-426f-b5e7-447241204ee1.yaml
@@ -1,644 +1,646 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: e769d1f6-8a38-426f-b5e7-447241204ee1
+Tags:
+- GEDevDrv.SYS
+Verified: 'TRUE'
 Author: Takahiro Haruyama
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create GEDevDrvSYS binPath= C:\windows\temp\GEDevDrvSYS.sys type=kernel
-    && sc.exe start GEDevDrvSYS
-  Description: The Carbon Black Threat Analysis Unit (TAU) discovered 34 unique vulnerable
-    drivers (237 file hashes) accepting firmware access. Six allow kernel memory access.
-    All give full control of the devices to non-admin users. By exploiting the vulnerable
-    drivers, an attacker without the system privilege may erase/alter firmware, and/or
-    elevate privileges. As of the time of writing in October 2023, the filenames of
-    the vulnerable drivers have not been made public until now.
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-11-02'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: e769d1f6-8a38-426f-b5e7-447241204ee1
-KnownVulnerableSamples:
-- Company: GE Intelligent Platforms, Inc.
-  Date: ''
-  Description: GE Device Driver
-  FileVersion: 7.00 (Build 5517)
-  Filename: ''
-  MD5: 4514a0e8bcab7de4cff55999cdf00cd1
-  MachineType: AMD64
-  OriginalFilename: GEDevDrv.SYS
-  Product: Proficy Machine Edition
-  ProductVersion: 7.00 (Build 5517)
-  Publisher: ''
-  SHA1: faa61346430aedc952d820f7b16b973c9bf133c3
-  SHA256: 51145a3fa8258aac106f65f34159d23c54b48b6d54ec0421748b3939ab6778eb
-  Signature: ''
-  Imphash: c7912c850407aa93c979d95c4f593507
-  Authentihash:
-    MD5: 48b814c2df4c1a15512c8a32b45766ba
-    SHA1: ed3f9e742b37a81db447d9d398f3ea26235e05aa
-    SHA256: 33494ed37d4be23b7de493d5f2c9c31a83a7a834c79a5fd7c2a93c1054f583b1
-  RichPEHeaderHash:
-    MD5: bdd669eb03f684fce92f472d6e23e8f0
-    SHA1: 81cf571f5981407318f4f16ebe87f4f17fd922b5
-    SHA256: 7b5b0004422eabd33f23138b420c99feeb3d299134fa91182d665bc4f73c4b17
-  Sections:
-    .text:
-      Entropy: 6.250523559581872
-      Virtual Size: '0x18e1'
-    .rdata:
-      Entropy: 5.103147599531327
-      Virtual Size: '0x304'
-    .data:
-      Entropy: 0.8631301754097059
-      Virtual Size: '0x107c'
-    .pdata:
-      Entropy: 3.931084340144605
-      Virtual Size: '0x168'
-    PAGE:
-      Entropy: 6.327772052605595
-      Virtual Size: '0x1c8b'
-    INIT:
-      Entropy: 5.608071767074674
-      Virtual Size: '0x3ee'
-    .rsrc:
-      Entropy: 3.3800381473818986
-      Virtual Size: '0x3e0'
-    .reloc:
-      Entropy: 1.2066155458808279
-      Virtual Size: '0x54'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2011-05-31 22:58:31'
-  InternalName: GE Device Driver
-  Copyright: "\xA9 2011, GE Intelligent Platforms, Inc."
-  Imports:
-  - ntoskrnl.exe
-  - WDFLDR.SYS
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - MmBuildMdlForNonPagedPool
-  - MmMapLockedPagesSpecifyCache
-  - IoAllocateMdl
-  - RtlCopyUnicodeString
-  - MmMapIoSpace
-  - MmUnmapIoSpace
-  - IoFreeMdl
-  - KeBugCheckEx
-  - MmUnmapLockedPages
-  - __C_specific_handler
-  - WdfVersionBindClass
-  - WdfVersionBind
-  - WdfVersionUnbind
-  - WdfVersionUnbindClass
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: 'C=CA, ST=Alberta, L=Edmonton, O=GE , OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, OU=Intelligent Platforms, CN=GE '
-      ValidFrom: '2010-04-08 00:00:00'
-      ValidTo: '2013-04-07 23:59:59'
-      Signature: 606daddb4410cea2602a13f4cf09dd9f7e3a02d740e874e42ef5f07a35d558e14b846c2df6ae7246bd61f883bd9bd9ec5664460e36de7eac97df14700074798e840a8080a70511eb08988459cba7398cdcaf6aff86e226d53eb0c32d1c2178200b44d474847033a7cd3fcb8b5ccc9126d75d35701687c83f16c6d83e1ad99c5394216cde89b2d706a83b353da7d0d1a9939fd37f2d25f85edafeffa7552d67ba4115e2977106d1986470e3eacea1396493a8f346683f2743c83a15033c57f22e6b80eb6ee51951e847f045227089e72bee8c8abc469f64f8f8aef283b4059a3a58eb5695d916c9b73a6587bb4c3ed71882f40a4ee2b9c5b7e0482e075bd8f755
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 696d42a62da190c8cebe0345810f5372
-      Version: 3
-      TBS:
-        MD5: cbfc054efc981779e2e5d9f25ff0f537
-        SHA1: b8b92324d6493e199f87f074f7b91c9ddab2658a
-        SHA256: 5996b03c1b8d5ae1fad121a487989abf91ac4ad550540591009183df9cffce29
-        SHA384: 0171dd207a27c93502245917d4bdda2afcf14ceebc3cf3bff95f1d90a5befe675372a5732f5efe975bec23df6593b97e
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 696d42a62da190c8cebe0345810f5372
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: General Electric Company
-  Date: ''
-  Description: GE Device Driver
-  FileVersion: 9.50 (Build 7677)
-  Filename: ''
-  MD5: 1793e1d4247b29313325d1462dec81e2
-  MachineType: AMD64
-  OriginalFilename: GEDevDrv.SYS
-  Product: Proficy Machine Edition
-  ProductVersion: 9.50 (Build 7677)
-  Publisher: ''
-  SHA1: cc3186debacb98e0b0fb40ad82816bea10741099
-  SHA256: a369942ce8d4b70ebf664981e12c736ec980dbe5a74585dd826553c4723b1bce
-  Signature: ''
-  Imphash: c7912c850407aa93c979d95c4f593507
-  Authentihash:
-    MD5: 35c40570f78b1562c064347f3719bb17
-    SHA1: 9f5eaab353bf93697eec55b9fac8479968f17e7c
-    SHA256: 8a228c751d1664b362f10dc7083c223995b976b264da8b7380c51157bed66fbe
-  RichPEHeaderHash:
-    MD5: bdd669eb03f684fce92f472d6e23e8f0
-    SHA1: 81cf571f5981407318f4f16ebe87f4f17fd922b5
-    SHA256: 7b5b0004422eabd33f23138b420c99feeb3d299134fa91182d665bc4f73c4b17
-  Sections:
-    .text:
-      Entropy: 6.250523559581872
-      Virtual Size: '0x18e1'
-    .rdata:
-      Entropy: 5.115390589732117
-      Virtual Size: '0x304'
-    .data:
-      Entropy: 0.8631301754097059
-      Virtual Size: '0x107c'
-    .pdata:
-      Entropy: 3.935278159601069
-      Virtual Size: '0x168'
-    PAGE:
-      Entropy: 6.328704784326926
-      Virtual Size: '0x1c8b'
-    INIT:
-      Entropy: 5.609901355100797
-      Virtual Size: '0x3ee'
-    .rsrc:
-      Entropy: 3.35612534297055
-      Virtual Size: '0x3c8'
-    .reloc:
-      Entropy: 1.2066155458808279
-      Virtual Size: '0x54'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2017-01-24 20:35:14'
-  InternalName: GE Device Driver
-  Copyright: "\xA9 2017 General Electric Company"
-  Imports:
-  - ntoskrnl.exe
-  - WDFLDR.SYS
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - MmBuildMdlForNonPagedPool
-  - MmMapLockedPagesSpecifyCache
-  - IoAllocateMdl
-  - RtlCopyUnicodeString
-  - MmMapIoSpace
-  - MmUnmapIoSpace
-  - IoFreeMdl
-  - KeBugCheckEx
-  - MmUnmapLockedPages
-  - __C_specific_handler
-  - WdfVersionBindClass
-  - WdfVersionBind
-  - WdfVersionUnbind
-  - WdfVersionUnbindClass
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=CA, ST=Alberta, L=Edmonton, O=GE Intelligent Platforms Canada Company,
-        CN=GE Intelligent Platforms Canada Company
-      ValidFrom: '2016-01-29 00:00:00'
-      ValidTo: '2019-01-28 23:59:59'
-      Signature: 4258e9d490c578f2a130124aded7508017af5b46afbfd7484add272fe8acd172d567a78bc3251a0a9ab2b38e309eeb5992106e1de682f383da0e723ff0211edde91c4e2dce334770339ab98fa98e03b985cca1451032aa28ddd244a586cf1b9ad172794cb9169d07a3f339f90ff5f78e3e1e5e6db1c0c2e9aa1b5dec5a9ad5b435e56b55a379c65c2de8c18615eb77d39fd8b39c72ae98d4d87fef13ec8888f4616d613279e61f968af87de8fa954cea66f196ebeaf45fbf77902dcf230e7b34b7dd3defdee49f68ed6c20f5752b2e92e1995fd141d18c3faa1463eed3d62f1becbeae111bdb66b610c64bff7a3dbdfd6a9c349359fd1cce7ff611be6bc51bc3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 21d1e9203b5d6fc7379869075104849a
-      Version: 3
-      TBS:
-        MD5: 769eb6a61bfee7586c6fc6d3f8e6980a
-        SHA1: a96b34cfe8a09e8dd8c33eafe4b2043abadcd595
-        SHA256: f368351de9da350b7cee666ef8e555b979a530f129787ac09cad25f9138954fe
-        SHA384: b2ff97a57c966b6488f59a6554e2cc29ca2d74015b44015bdeeb0b66eb3893fd424a79b6fe9066b62843a44c77d05f3c
-    - Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 SHA256 Code Signing CA
-      ValidFrom: '2013-12-10 00:00:00'
-      ValidTo: '2023-12-09 23:59:59'
-      Signature: 13851a1e69a937f7a0bda4af7e1d6153fe9d8c5e0ca6751e781723ddfdec1a035539fb7195c7655aa78e30d2445a61db706fda2105c22e73ba49f1d193fe5dc9cd5e03e0899e3f741ed7f7388ba9d6cfbb352f3358a89256d1c84d3b82e6798416fc28b0b147f31da23eee87d9a67fa456a53fad842e29de7cbca8aaa33d0401eaba93a20e502229174c87e43a115fd6a425899b056b2fb4c9014c277b0bac190522a060153fdac9fb4d4c8ffb726777fd2794c7ba350e8849fe8dfd28af4a12bd0db39705de440c15fa362b03dcc15001f1a1115d14e5e2bd274b54be2b845e0fa6c374050aef97c38922b11f77f3bdcd43d4f14ca93fb58b84af64f2d01421
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 3d78d7f9764960b2617df4f01eca862a
-      Version: 3
-      TBS:
-        MD5: 1f056ff7d5f874984dc605402b7cb042
-        SHA1: bdb348353a2203deb4b767914fa1bd7248dd728b
-        SHA256: a08e79c386083d875014c409c13d144e0a24386132980df11ff59737c8489eb1
-        SHA384: fa2729064b49e0d77540c1ee95d5f74acaf8eaf55197851a3a40383335f8113e51190bc48b552196edf8ac5cf0c89278
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    Signer:
-    - SerialNumber: 21d1e9203b5d6fc7379869075104849a
-      Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 SHA256 Code Signing CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: General Electric Company
-  Date: ''
-  Description: GE Device Driver
-  FileVersion: 9.50 (Build 7677)
-  Filename: ''
-  MD5: 62f8d7f884366df6100c7e892e3d70bf
-  MachineType: I386
-  OriginalFilename: GEDevDrv.SYS
-  Product: Proficy Machine Edition
-  ProductVersion: 9.50 (Build 7677)
-  Publisher: ''
-  SHA1: 8589a284f1a087ad5b548fb1a933289781b4cedc
-  SHA256: ae73dd357e5950face9c956570088f334d18464cd49f00c56420e3d6ff47e8dc
-  Signature: ''
-  Imphash: 5f9cf5b0511f3c1129b467d273b921f2
-  Authentihash:
-    MD5: c2066a8850532d5609348012e72715fa
-    SHA1: a236f58a6e3c596360078b96966416a1c66c87d7
-    SHA256: d9cbdfc10ba743d5229f7dbb6507b9864012fb58cb253da92962dc611603a73c
-  RichPEHeaderHash:
-    MD5: 4f2ad68669103ddc09fe3694d20ed3fe
-    SHA1: 6a833e9ded09ce2fff014e3f8bc3fb2a6201af92
-    SHA256: 9a78349e539cf98c0d740a350fd6e63f39721ee8381606e5277089c7810dc257
-  Sections:
-    .text:
-      Entropy: 6.4067174061066074
-      Virtual Size: '0x16ec'
-    .rdata:
-      Entropy: 4.483289851967865
-      Virtual Size: '0x1d4'
-    .data:
-      Entropy: 0.8104503128192735
-      Virtual Size: '0x8e4'
-    PAGE:
-      Entropy: 6.452929394722625
-      Virtual Size: '0x1a50'
-    INIT:
-      Entropy: 5.82065238740312
-      Virtual Size: '0x3d8'
-    .rsrc:
-      Entropy: 3.3523963755382806
-      Virtual Size: '0x3c8'
-    .reloc:
-      Entropy: 5.970417165409168
-      Virtual Size: '0x44c'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2017-01-24 20:35:25'
-  InternalName: GE Device Driver
-  Copyright: "\xA9 2017 General Electric Company"
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  - WDFLDR.SYS
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - RtlUnwind
-  - KeBugCheckEx
-  - KeTickCount
-  - memcpy
-  - MmMapIoSpace
-  - IoAllocateMdl
-  - MmBuildMdlForNonPagedPool
-  - RtlCopyUnicodeString
-  - MmMapLockedPagesSpecifyCache
-  - MmUnmapLockedPages
-  - IoFreeMdl
-  - MmUnmapIoSpace
-  - memset
-  - READ_PORT_USHORT
-  - WRITE_PORT_USHORT
-  - READ_PORT_UCHAR
-  - WRITE_PORT_ULONG
-  - READ_PORT_ULONG
-  - WRITE_PORT_UCHAR
-  - WdfVersionBindClass
-  - WdfVersionUnbindClass
-  - WdfVersionBind
-  - WdfVersionUnbind
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=CA, ST=Alberta, L=Edmonton, O=GE Intelligent Platforms Canada Company,
-        CN=GE Intelligent Platforms Canada Company
-      ValidFrom: '2016-01-29 00:00:00'
-      ValidTo: '2019-01-28 23:59:59'
-      Signature: 4258e9d490c578f2a130124aded7508017af5b46afbfd7484add272fe8acd172d567a78bc3251a0a9ab2b38e309eeb5992106e1de682f383da0e723ff0211edde91c4e2dce334770339ab98fa98e03b985cca1451032aa28ddd244a586cf1b9ad172794cb9169d07a3f339f90ff5f78e3e1e5e6db1c0c2e9aa1b5dec5a9ad5b435e56b55a379c65c2de8c18615eb77d39fd8b39c72ae98d4d87fef13ec8888f4616d613279e61f968af87de8fa954cea66f196ebeaf45fbf77902dcf230e7b34b7dd3defdee49f68ed6c20f5752b2e92e1995fd141d18c3faa1463eed3d62f1becbeae111bdb66b610c64bff7a3dbdfd6a9c349359fd1cce7ff611be6bc51bc3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 21d1e9203b5d6fc7379869075104849a
-      Version: 3
-      TBS:
-        MD5: 769eb6a61bfee7586c6fc6d3f8e6980a
-        SHA1: a96b34cfe8a09e8dd8c33eafe4b2043abadcd595
-        SHA256: f368351de9da350b7cee666ef8e555b979a530f129787ac09cad25f9138954fe
-        SHA384: b2ff97a57c966b6488f59a6554e2cc29ca2d74015b44015bdeeb0b66eb3893fd424a79b6fe9066b62843a44c77d05f3c
-    - Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 SHA256 Code Signing CA
-      ValidFrom: '2013-12-10 00:00:00'
-      ValidTo: '2023-12-09 23:59:59'
-      Signature: 13851a1e69a937f7a0bda4af7e1d6153fe9d8c5e0ca6751e781723ddfdec1a035539fb7195c7655aa78e30d2445a61db706fda2105c22e73ba49f1d193fe5dc9cd5e03e0899e3f741ed7f7388ba9d6cfbb352f3358a89256d1c84d3b82e6798416fc28b0b147f31da23eee87d9a67fa456a53fad842e29de7cbca8aaa33d0401eaba93a20e502229174c87e43a115fd6a425899b056b2fb4c9014c277b0bac190522a060153fdac9fb4d4c8ffb726777fd2794c7ba350e8849fe8dfd28af4a12bd0db39705de440c15fa362b03dcc15001f1a1115d14e5e2bd274b54be2b845e0fa6c374050aef97c38922b11f77f3bdcd43d4f14ca93fb58b84af64f2d01421
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 3d78d7f9764960b2617df4f01eca862a
-      Version: 3
-      TBS:
-        MD5: 1f056ff7d5f874984dc605402b7cb042
-        SHA1: bdb348353a2203deb4b767914fa1bd7248dd728b
-        SHA256: a08e79c386083d875014c409c13d144e0a24386132980df11ff59737c8489eb1
-        SHA384: fa2729064b49e0d77540c1ee95d5f74acaf8eaf55197851a3a40383335f8113e51190bc48b552196edf8ac5cf0c89278
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    Signer:
-    - SerialNumber: 21d1e9203b5d6fc7379869075104849a
-      Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 SHA256 Code Signing CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: GE Intelligent Platforms, Inc.
-  Date: ''
-  Description: GE Device Driver
-  FileVersion: 7.00 (Build 5517)
-  Filename: ''
-  MD5: 328a2cb2da464b0c2beb898ff9ae9f3a
-  MachineType: I386
-  OriginalFilename: GEDevDrv.SYS
-  Product: Proficy Machine Edition
-  ProductVersion: 7.00 (Build 5517)
-  Publisher: ''
-  SHA1: adf9328e60c714ff0b98083bcf2f4ee2d58b960b
-  SHA256: cac5dc7c3da69b682097144f12a816530091d4708ca432a7ce39f6abe6616461
-  Signature: ''
-  Imphash: 5f9cf5b0511f3c1129b467d273b921f2
-  Authentihash:
-    MD5: ac9499fe14d8b42cda567660f3d081df
-    SHA1: 30d5627753948f533ef45636a0a845d1accd82e3
-    SHA256: 1dcdd1efab9abc25f4227b37f76da295a6dc4cf810875ba34ee1d465eb709b70
-  RichPEHeaderHash:
-    MD5: 4f2ad68669103ddc09fe3694d20ed3fe
-    SHA1: 6a833e9ded09ce2fff014e3f8bc3fb2a6201af92
-    SHA256: 9a78349e539cf98c0d740a350fd6e63f39721ee8381606e5277089c7810dc257
-  Sections:
-    .text:
-      Entropy: 6.4067174061066074
-      Virtual Size: '0x16ec'
-    .rdata:
-      Entropy: 4.4686510323905075
-      Virtual Size: '0x1d4'
-    .data:
-      Entropy: 0.8104503128192735
-      Virtual Size: '0x8e4'
-    PAGE:
-      Entropy: 6.455861127735065
-      Virtual Size: '0x1a4e'
-    INIT:
-      Entropy: 5.82048122262467
-      Virtual Size: '0x3d8'
-    .rsrc:
-      Entropy: 3.3763993969036354
-      Virtual Size: '0x3e0'
-    .reloc:
-      Entropy: 5.96284808819353
-      Virtual Size: '0x44c'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2011-05-31 22:58:39'
-  InternalName: GE Device Driver
-  Copyright: "\xA9 2011, GE Intelligent Platforms, Inc."
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  - WDFLDR.SYS
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - RtlUnwind
-  - KeBugCheckEx
-  - KeTickCount
-  - memcpy
-  - MmMapIoSpace
-  - IoAllocateMdl
-  - MmBuildMdlForNonPagedPool
-  - RtlCopyUnicodeString
-  - MmMapLockedPagesSpecifyCache
-  - MmUnmapLockedPages
-  - IoFreeMdl
-  - MmUnmapIoSpace
-  - memset
-  - READ_PORT_USHORT
-  - WRITE_PORT_USHORT
-  - READ_PORT_UCHAR
-  - WRITE_PORT_ULONG
-  - READ_PORT_ULONG
-  - WRITE_PORT_UCHAR
-  - WdfVersionBindClass
-  - WdfVersionUnbindClass
-  - WdfVersionBind
-  - WdfVersionUnbind
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: 'C=CA, ST=Alberta, L=Edmonton, O=GE , OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, OU=Intelligent Platforms, CN=GE '
-      ValidFrom: '2010-04-08 00:00:00'
-      ValidTo: '2013-04-07 23:59:59'
-      Signature: 606daddb4410cea2602a13f4cf09dd9f7e3a02d740e874e42ef5f07a35d558e14b846c2df6ae7246bd61f883bd9bd9ec5664460e36de7eac97df14700074798e840a8080a70511eb08988459cba7398cdcaf6aff86e226d53eb0c32d1c2178200b44d474847033a7cd3fcb8b5ccc9126d75d35701687c83f16c6d83e1ad99c5394216cde89b2d706a83b353da7d0d1a9939fd37f2d25f85edafeffa7552d67ba4115e2977106d1986470e3eacea1396493a8f346683f2743c83a15033c57f22e6b80eb6ee51951e847f045227089e72bee8c8abc469f64f8f8aef283b4059a3a58eb5695d916c9b73a6587bb4c3ed71882f40a4ee2b9c5b7e0482e075bd8f755
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 696d42a62da190c8cebe0345810f5372
-      Version: 3
-      TBS:
-        MD5: cbfc054efc981779e2e5d9f25ff0f537
-        SHA1: b8b92324d6493e199f87f074f7b91c9ddab2658a
-        SHA256: 5996b03c1b8d5ae1fad121a487989abf91ac4ad550540591009183df9cffce29
-        SHA384: 0171dd207a27c93502245917d4bdda2afcf14ceebc3cf3bff95f1d90a5befe675372a5732f5efe975bec23df6593b97e
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    Signer:
-    - SerialNumber: 696d42a62da190c8cebe0345810f5372
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create GEDevDrvSYS binPath= C:\windows\temp\GEDevDrvSYS.sys type=kernel
+        && sc.exe start GEDevDrvSYS
+    Description: The Carbon Black Threat Analysis Unit (TAU) discovered 34 unique
+        vulnerable drivers (237 file hashes) accepting firmware access. Six allow
+        kernel memory access. All give full control of the devices to non-admin users.
+        By exploiting the vulnerable drivers, an attacker without the system privilege
+        may erase/alter firmware, and/or elevate privileges. As of the time of writing
+        in October 2023, the filenames of the vulnerable drivers have not been made
+        public until now.
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://blogs.vmware.com/security/2023/10/hunting-vulnerable-kernel-drivers.html
-Tags:
-- GEDevDrv.SYS
-Verified: 'TRUE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Company: GE Intelligent Platforms, Inc.
+    Date: ''
+    Description: GE Device Driver
+    FileVersion: 7.00 (Build 5517)
+    Filename: ''
+    MD5: 4514a0e8bcab7de4cff55999cdf00cd1
+    MachineType: AMD64
+    OriginalFilename: GEDevDrv.SYS
+    Product: Proficy Machine Edition
+    ProductVersion: 7.00 (Build 5517)
+    Publisher: ''
+    SHA1: faa61346430aedc952d820f7b16b973c9bf133c3
+    SHA256: 51145a3fa8258aac106f65f34159d23c54b48b6d54ec0421748b3939ab6778eb
+    Signature: ''
+    Imphash: c7912c850407aa93c979d95c4f593507
+    Authentihash:
+        MD5: 48b814c2df4c1a15512c8a32b45766ba
+        SHA1: ed3f9e742b37a81db447d9d398f3ea26235e05aa
+        SHA256: 33494ed37d4be23b7de493d5f2c9c31a83a7a834c79a5fd7c2a93c1054f583b1
+    RichPEHeaderHash:
+        MD5: bdd669eb03f684fce92f472d6e23e8f0
+        SHA1: 81cf571f5981407318f4f16ebe87f4f17fd922b5
+        SHA256: 7b5b0004422eabd33f23138b420c99feeb3d299134fa91182d665bc4f73c4b17
+    Sections:
+        .text:
+            Entropy: 6.250523559581872
+            Virtual Size: '0x18e1'
+        .rdata:
+            Entropy: 5.103147599531327
+            Virtual Size: '0x304'
+        .data:
+            Entropy: 0.8631301754097059
+            Virtual Size: '0x107c'
+        .pdata:
+            Entropy: 3.931084340144605
+            Virtual Size: '0x168'
+        PAGE:
+            Entropy: 6.327772052605595
+            Virtual Size: '0x1c8b'
+        INIT:
+            Entropy: 5.608071767074674
+            Virtual Size: '0x3ee'
+        .rsrc:
+            Entropy: 3.3800381473818986
+            Virtual Size: '0x3e0'
+        .reloc:
+            Entropy: 1.2066155458808279
+            Virtual Size: '0x54'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2011-05-31 22:58:31'
+    InternalName: GE Device Driver
+    Copyright: "\xA9 2011, GE Intelligent Platforms, Inc."
+    Imports:
+    - ntoskrnl.exe
+    - WDFLDR.SYS
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - MmBuildMdlForNonPagedPool
+    - MmMapLockedPagesSpecifyCache
+    - IoAllocateMdl
+    - RtlCopyUnicodeString
+    - MmMapIoSpace
+    - MmUnmapIoSpace
+    - IoFreeMdl
+    - KeBugCheckEx
+    - MmUnmapLockedPages
+    - __C_specific_handler
+    - WdfVersionBindClass
+    - WdfVersionBind
+    - WdfVersionUnbind
+    - WdfVersionUnbindClass
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: 'C=CA, ST=Alberta, L=Edmonton, O=GE , OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, OU=Intelligent Platforms, CN=GE '
+            ValidFrom: '2010-04-08 00:00:00'
+            ValidTo: '2013-04-07 23:59:59'
+            Signature: 606daddb4410cea2602a13f4cf09dd9f7e3a02d740e874e42ef5f07a35d558e14b846c2df6ae7246bd61f883bd9bd9ec5664460e36de7eac97df14700074798e840a8080a70511eb08988459cba7398cdcaf6aff86e226d53eb0c32d1c2178200b44d474847033a7cd3fcb8b5ccc9126d75d35701687c83f16c6d83e1ad99c5394216cde89b2d706a83b353da7d0d1a9939fd37f2d25f85edafeffa7552d67ba4115e2977106d1986470e3eacea1396493a8f346683f2743c83a15033c57f22e6b80eb6ee51951e847f045227089e72bee8c8abc469f64f8f8aef283b4059a3a58eb5695d916c9b73a6587bb4c3ed71882f40a4ee2b9c5b7e0482e075bd8f755
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 696d42a62da190c8cebe0345810f5372
+            Version: 3
+            TBS:
+                MD5: cbfc054efc981779e2e5d9f25ff0f537
+                SHA1: b8b92324d6493e199f87f074f7b91c9ddab2658a
+                SHA256: 5996b03c1b8d5ae1fad121a487989abf91ac4ad550540591009183df9cffce29
+                SHA384: 0171dd207a27c93502245917d4bdda2afcf14ceebc3cf3bff95f1d90a5befe675372a5732f5efe975bec23df6593b97e
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 696d42a62da190c8cebe0345810f5372
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: General Electric Company
+    Date: ''
+    Description: GE Device Driver
+    FileVersion: 9.50 (Build 7677)
+    Filename: ''
+    MD5: 1793e1d4247b29313325d1462dec81e2
+    MachineType: AMD64
+    OriginalFilename: GEDevDrv.SYS
+    Product: Proficy Machine Edition
+    ProductVersion: 9.50 (Build 7677)
+    Publisher: ''
+    SHA1: cc3186debacb98e0b0fb40ad82816bea10741099
+    SHA256: a369942ce8d4b70ebf664981e12c736ec980dbe5a74585dd826553c4723b1bce
+    Signature: ''
+    Imphash: c7912c850407aa93c979d95c4f593507
+    Authentihash:
+        MD5: 35c40570f78b1562c064347f3719bb17
+        SHA1: 9f5eaab353bf93697eec55b9fac8479968f17e7c
+        SHA256: 8a228c751d1664b362f10dc7083c223995b976b264da8b7380c51157bed66fbe
+    RichPEHeaderHash:
+        MD5: bdd669eb03f684fce92f472d6e23e8f0
+        SHA1: 81cf571f5981407318f4f16ebe87f4f17fd922b5
+        SHA256: 7b5b0004422eabd33f23138b420c99feeb3d299134fa91182d665bc4f73c4b17
+    Sections:
+        .text:
+            Entropy: 6.250523559581872
+            Virtual Size: '0x18e1'
+        .rdata:
+            Entropy: 5.115390589732117
+            Virtual Size: '0x304'
+        .data:
+            Entropy: 0.8631301754097059
+            Virtual Size: '0x107c'
+        .pdata:
+            Entropy: 3.935278159601069
+            Virtual Size: '0x168'
+        PAGE:
+            Entropy: 6.328704784326926
+            Virtual Size: '0x1c8b'
+        INIT:
+            Entropy: 5.609901355100797
+            Virtual Size: '0x3ee'
+        .rsrc:
+            Entropy: 3.35612534297055
+            Virtual Size: '0x3c8'
+        .reloc:
+            Entropy: 1.2066155458808279
+            Virtual Size: '0x54'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2017-01-24 20:35:14'
+    InternalName: GE Device Driver
+    Copyright: "\xA9 2017 General Electric Company"
+    Imports:
+    - ntoskrnl.exe
+    - WDFLDR.SYS
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - MmBuildMdlForNonPagedPool
+    - MmMapLockedPagesSpecifyCache
+    - IoAllocateMdl
+    - RtlCopyUnicodeString
+    - MmMapIoSpace
+    - MmUnmapIoSpace
+    - IoFreeMdl
+    - KeBugCheckEx
+    - MmUnmapLockedPages
+    - __C_specific_handler
+    - WdfVersionBindClass
+    - WdfVersionBind
+    - WdfVersionUnbind
+    - WdfVersionUnbindClass
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=CA, ST=Alberta, L=Edmonton, O=GE Intelligent Platforms Canada
+                Company, CN=GE Intelligent Platforms Canada Company
+            ValidFrom: '2016-01-29 00:00:00'
+            ValidTo: '2019-01-28 23:59:59'
+            Signature: 4258e9d490c578f2a130124aded7508017af5b46afbfd7484add272fe8acd172d567a78bc3251a0a9ab2b38e309eeb5992106e1de682f383da0e723ff0211edde91c4e2dce334770339ab98fa98e03b985cca1451032aa28ddd244a586cf1b9ad172794cb9169d07a3f339f90ff5f78e3e1e5e6db1c0c2e9aa1b5dec5a9ad5b435e56b55a379c65c2de8c18615eb77d39fd8b39c72ae98d4d87fef13ec8888f4616d613279e61f968af87de8fa954cea66f196ebeaf45fbf77902dcf230e7b34b7dd3defdee49f68ed6c20f5752b2e92e1995fd141d18c3faa1463eed3d62f1becbeae111bdb66b610c64bff7a3dbdfd6a9c349359fd1cce7ff611be6bc51bc3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 21d1e9203b5d6fc7379869075104849a
+            Version: 3
+            TBS:
+                MD5: 769eb6a61bfee7586c6fc6d3f8e6980a
+                SHA1: a96b34cfe8a09e8dd8c33eafe4b2043abadcd595
+                SHA256: f368351de9da350b7cee666ef8e555b979a530f129787ac09cad25f9138954fe
+                SHA384: b2ff97a57c966b6488f59a6554e2cc29ca2d74015b44015bdeeb0b66eb3893fd424a79b6fe9066b62843a44c77d05f3c
+        -   Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 SHA256 Code Signing CA
+            ValidFrom: '2013-12-10 00:00:00'
+            ValidTo: '2023-12-09 23:59:59'
+            Signature: 13851a1e69a937f7a0bda4af7e1d6153fe9d8c5e0ca6751e781723ddfdec1a035539fb7195c7655aa78e30d2445a61db706fda2105c22e73ba49f1d193fe5dc9cd5e03e0899e3f741ed7f7388ba9d6cfbb352f3358a89256d1c84d3b82e6798416fc28b0b147f31da23eee87d9a67fa456a53fad842e29de7cbca8aaa33d0401eaba93a20e502229174c87e43a115fd6a425899b056b2fb4c9014c277b0bac190522a060153fdac9fb4d4c8ffb726777fd2794c7ba350e8849fe8dfd28af4a12bd0db39705de440c15fa362b03dcc15001f1a1115d14e5e2bd274b54be2b845e0fa6c374050aef97c38922b11f77f3bdcd43d4f14ca93fb58b84af64f2d01421
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 3d78d7f9764960b2617df4f01eca862a
+            Version: 3
+            TBS:
+                MD5: 1f056ff7d5f874984dc605402b7cb042
+                SHA1: bdb348353a2203deb4b767914fa1bd7248dd728b
+                SHA256: a08e79c386083d875014c409c13d144e0a24386132980df11ff59737c8489eb1
+                SHA384: fa2729064b49e0d77540c1ee95d5f74acaf8eaf55197851a3a40383335f8113e51190bc48b552196edf8ac5cf0c89278
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        Signer:
+        -   SerialNumber: 21d1e9203b5d6fc7379869075104849a
+            Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 SHA256 Code Signing CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: General Electric Company
+    Date: ''
+    Description: GE Device Driver
+    FileVersion: 9.50 (Build 7677)
+    Filename: ''
+    MD5: 62f8d7f884366df6100c7e892e3d70bf
+    MachineType: I386
+    OriginalFilename: GEDevDrv.SYS
+    Product: Proficy Machine Edition
+    ProductVersion: 9.50 (Build 7677)
+    Publisher: ''
+    SHA1: 8589a284f1a087ad5b548fb1a933289781b4cedc
+    SHA256: ae73dd357e5950face9c956570088f334d18464cd49f00c56420e3d6ff47e8dc
+    Signature: ''
+    Imphash: 5f9cf5b0511f3c1129b467d273b921f2
+    Authentihash:
+        MD5: c2066a8850532d5609348012e72715fa
+        SHA1: a236f58a6e3c596360078b96966416a1c66c87d7
+        SHA256: d9cbdfc10ba743d5229f7dbb6507b9864012fb58cb253da92962dc611603a73c
+    RichPEHeaderHash:
+        MD5: 4f2ad68669103ddc09fe3694d20ed3fe
+        SHA1: 6a833e9ded09ce2fff014e3f8bc3fb2a6201af92
+        SHA256: 9a78349e539cf98c0d740a350fd6e63f39721ee8381606e5277089c7810dc257
+    Sections:
+        .text:
+            Entropy: 6.4067174061066074
+            Virtual Size: '0x16ec'
+        .rdata:
+            Entropy: 4.483289851967865
+            Virtual Size: '0x1d4'
+        .data:
+            Entropy: 0.8104503128192735
+            Virtual Size: '0x8e4'
+        PAGE:
+            Entropy: 6.452929394722625
+            Virtual Size: '0x1a50'
+        INIT:
+            Entropy: 5.82065238740312
+            Virtual Size: '0x3d8'
+        .rsrc:
+            Entropy: 3.3523963755382806
+            Virtual Size: '0x3c8'
+        .reloc:
+            Entropy: 5.970417165409168
+            Virtual Size: '0x44c'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2017-01-24 20:35:25'
+    InternalName: GE Device Driver
+    Copyright: "\xA9 2017 General Electric Company"
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    - WDFLDR.SYS
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - RtlUnwind
+    - KeBugCheckEx
+    - KeTickCount
+    - memcpy
+    - MmMapIoSpace
+    - IoAllocateMdl
+    - MmBuildMdlForNonPagedPool
+    - RtlCopyUnicodeString
+    - MmMapLockedPagesSpecifyCache
+    - MmUnmapLockedPages
+    - IoFreeMdl
+    - MmUnmapIoSpace
+    - memset
+    - READ_PORT_USHORT
+    - WRITE_PORT_USHORT
+    - READ_PORT_UCHAR
+    - WRITE_PORT_ULONG
+    - READ_PORT_ULONG
+    - WRITE_PORT_UCHAR
+    - WdfVersionBindClass
+    - WdfVersionUnbindClass
+    - WdfVersionBind
+    - WdfVersionUnbind
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=CA, ST=Alberta, L=Edmonton, O=GE Intelligent Platforms Canada
+                Company, CN=GE Intelligent Platforms Canada Company
+            ValidFrom: '2016-01-29 00:00:00'
+            ValidTo: '2019-01-28 23:59:59'
+            Signature: 4258e9d490c578f2a130124aded7508017af5b46afbfd7484add272fe8acd172d567a78bc3251a0a9ab2b38e309eeb5992106e1de682f383da0e723ff0211edde91c4e2dce334770339ab98fa98e03b985cca1451032aa28ddd244a586cf1b9ad172794cb9169d07a3f339f90ff5f78e3e1e5e6db1c0c2e9aa1b5dec5a9ad5b435e56b55a379c65c2de8c18615eb77d39fd8b39c72ae98d4d87fef13ec8888f4616d613279e61f968af87de8fa954cea66f196ebeaf45fbf77902dcf230e7b34b7dd3defdee49f68ed6c20f5752b2e92e1995fd141d18c3faa1463eed3d62f1becbeae111bdb66b610c64bff7a3dbdfd6a9c349359fd1cce7ff611be6bc51bc3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 21d1e9203b5d6fc7379869075104849a
+            Version: 3
+            TBS:
+                MD5: 769eb6a61bfee7586c6fc6d3f8e6980a
+                SHA1: a96b34cfe8a09e8dd8c33eafe4b2043abadcd595
+                SHA256: f368351de9da350b7cee666ef8e555b979a530f129787ac09cad25f9138954fe
+                SHA384: b2ff97a57c966b6488f59a6554e2cc29ca2d74015b44015bdeeb0b66eb3893fd424a79b6fe9066b62843a44c77d05f3c
+        -   Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 SHA256 Code Signing CA
+            ValidFrom: '2013-12-10 00:00:00'
+            ValidTo: '2023-12-09 23:59:59'
+            Signature: 13851a1e69a937f7a0bda4af7e1d6153fe9d8c5e0ca6751e781723ddfdec1a035539fb7195c7655aa78e30d2445a61db706fda2105c22e73ba49f1d193fe5dc9cd5e03e0899e3f741ed7f7388ba9d6cfbb352f3358a89256d1c84d3b82e6798416fc28b0b147f31da23eee87d9a67fa456a53fad842e29de7cbca8aaa33d0401eaba93a20e502229174c87e43a115fd6a425899b056b2fb4c9014c277b0bac190522a060153fdac9fb4d4c8ffb726777fd2794c7ba350e8849fe8dfd28af4a12bd0db39705de440c15fa362b03dcc15001f1a1115d14e5e2bd274b54be2b845e0fa6c374050aef97c38922b11f77f3bdcd43d4f14ca93fb58b84af64f2d01421
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 3d78d7f9764960b2617df4f01eca862a
+            Version: 3
+            TBS:
+                MD5: 1f056ff7d5f874984dc605402b7cb042
+                SHA1: bdb348353a2203deb4b767914fa1bd7248dd728b
+                SHA256: a08e79c386083d875014c409c13d144e0a24386132980df11ff59737c8489eb1
+                SHA384: fa2729064b49e0d77540c1ee95d5f74acaf8eaf55197851a3a40383335f8113e51190bc48b552196edf8ac5cf0c89278
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        Signer:
+        -   SerialNumber: 21d1e9203b5d6fc7379869075104849a
+            Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 SHA256 Code Signing CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: GE Intelligent Platforms, Inc.
+    Date: ''
+    Description: GE Device Driver
+    FileVersion: 7.00 (Build 5517)
+    Filename: ''
+    MD5: 328a2cb2da464b0c2beb898ff9ae9f3a
+    MachineType: I386
+    OriginalFilename: GEDevDrv.SYS
+    Product: Proficy Machine Edition
+    ProductVersion: 7.00 (Build 5517)
+    Publisher: ''
+    SHA1: adf9328e60c714ff0b98083bcf2f4ee2d58b960b
+    SHA256: cac5dc7c3da69b682097144f12a816530091d4708ca432a7ce39f6abe6616461
+    Signature: ''
+    Imphash: 5f9cf5b0511f3c1129b467d273b921f2
+    Authentihash:
+        MD5: ac9499fe14d8b42cda567660f3d081df
+        SHA1: 30d5627753948f533ef45636a0a845d1accd82e3
+        SHA256: 1dcdd1efab9abc25f4227b37f76da295a6dc4cf810875ba34ee1d465eb709b70
+    RichPEHeaderHash:
+        MD5: 4f2ad68669103ddc09fe3694d20ed3fe
+        SHA1: 6a833e9ded09ce2fff014e3f8bc3fb2a6201af92
+        SHA256: 9a78349e539cf98c0d740a350fd6e63f39721ee8381606e5277089c7810dc257
+    Sections:
+        .text:
+            Entropy: 6.4067174061066074
+            Virtual Size: '0x16ec'
+        .rdata:
+            Entropy: 4.4686510323905075
+            Virtual Size: '0x1d4'
+        .data:
+            Entropy: 0.8104503128192735
+            Virtual Size: '0x8e4'
+        PAGE:
+            Entropy: 6.455861127735065
+            Virtual Size: '0x1a4e'
+        INIT:
+            Entropy: 5.82048122262467
+            Virtual Size: '0x3d8'
+        .rsrc:
+            Entropy: 3.3763993969036354
+            Virtual Size: '0x3e0'
+        .reloc:
+            Entropy: 5.96284808819353
+            Virtual Size: '0x44c'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2011-05-31 22:58:39'
+    InternalName: GE Device Driver
+    Copyright: "\xA9 2011, GE Intelligent Platforms, Inc."
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    - WDFLDR.SYS
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - RtlUnwind
+    - KeBugCheckEx
+    - KeTickCount
+    - memcpy
+    - MmMapIoSpace
+    - IoAllocateMdl
+    - MmBuildMdlForNonPagedPool
+    - RtlCopyUnicodeString
+    - MmMapLockedPagesSpecifyCache
+    - MmUnmapLockedPages
+    - IoFreeMdl
+    - MmUnmapIoSpace
+    - memset
+    - READ_PORT_USHORT
+    - WRITE_PORT_USHORT
+    - READ_PORT_UCHAR
+    - WRITE_PORT_ULONG
+    - READ_PORT_ULONG
+    - WRITE_PORT_UCHAR
+    - WdfVersionBindClass
+    - WdfVersionUnbindClass
+    - WdfVersionBind
+    - WdfVersionUnbind
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: 'C=CA, ST=Alberta, L=Edmonton, O=GE , OU=Digital ID Class 3 ,
+                Microsoft Software Validation v2, OU=Intelligent Platforms, CN=GE '
+            ValidFrom: '2010-04-08 00:00:00'
+            ValidTo: '2013-04-07 23:59:59'
+            Signature: 606daddb4410cea2602a13f4cf09dd9f7e3a02d740e874e42ef5f07a35d558e14b846c2df6ae7246bd61f883bd9bd9ec5664460e36de7eac97df14700074798e840a8080a70511eb08988459cba7398cdcaf6aff86e226d53eb0c32d1c2178200b44d474847033a7cd3fcb8b5ccc9126d75d35701687c83f16c6d83e1ad99c5394216cde89b2d706a83b353da7d0d1a9939fd37f2d25f85edafeffa7552d67ba4115e2977106d1986470e3eacea1396493a8f346683f2743c83a15033c57f22e6b80eb6ee51951e847f045227089e72bee8c8abc469f64f8f8aef283b4059a3a58eb5695d916c9b73a6587bb4c3ed71882f40a4ee2b9c5b7e0482e075bd8f755
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 696d42a62da190c8cebe0345810f5372
+            Version: 3
+            TBS:
+                MD5: cbfc054efc981779e2e5d9f25ff0f537
+                SHA1: b8b92324d6493e199f87f074f7b91c9ddab2658a
+                SHA256: 5996b03c1b8d5ae1fad121a487989abf91ac4ad550540591009183df9cffce29
+                SHA384: 0171dd207a27c93502245917d4bdda2afcf14ceebc3cf3bff95f1d90a5befe675372a5732f5efe975bec23df6593b97e
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        Signer:
+        -   SerialNumber: 696d42a62da190c8cebe0345810f5372
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/e7c958da-fd5d-40d6-975e-582c6fee7f69.yaml b/yaml/e7c958da-fd5d-40d6-975e-582c6fee7f69.yaml
index 0e5cfff5c..7503ab48f 100644
--- a/yaml/e7c958da-fd5d-40d6-975e-582c6fee7f69.yaml
+++ b/yaml/e7c958da-fd5d-40d6-975e-582c6fee7f69.yaml
@@ -1,163 +1,163 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: e7c958da-fd5d-40d6-975e-582c6fee7f69
+Tags:
+- BS_RCIO64.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create BS_RCIO64.sys binPath=C:\windows\temp\BS_RCIO64.sys type=kernel
-    && sc.exe start BS_RCIO64.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/d205286bffdf09bc033c09e95c519c1c267b40c2ee8bab703c6a2d86741ccd3e.yara
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: e7c958da-fd5d-40d6-975e-582c6fee7f69
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 380a4fd97d795fec244add19a9c21fd6
-    SHA1: 6832acd68bcf08f8ced63023b5f7da36824cc596
-    SHA256: 6991be9952aa08c0d2ac9fa728410ebdb44988b496ed01b8b7f478785ebb30c4
-  Company: BIOSTAR Group
-  Copyright: Copyright (c) 2018-2019 BIOSTAR Group
-  CreationTimestamp: '2019-01-10 19:06:10'
-  Date: ''
-  Description: I/O Interface driver file
-  ExportedFunctions: ''
-  FileVersion: 10.0.1901.1100
-  Filename: BS_RCIO64.sys
-  ImportedFunctions:
-  - KeInitializeSemaphore
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeSetEvent
-  - MmUnmapIoSpace
-  - KeDelayExecutionThread
-  - PsCreateSystemThread
-  - IoStartNextPacket
-  - PsTerminateSystemThread
-  - ExEventObjectType
-  - MmMapIoSpace
-  - IoDeleteDevice
-  - ObReferenceObjectByHandle
-  - KeWaitForSingleObject
-  - KeReleaseSemaphore
-  - ObfDereferenceObject
-  - IoReleaseCancelSpinLock
-  - IoAcquireCancelSpinLock
-  - IoStartPacket
-  - IofCompleteRequest
-  - KeRemoveEntryDeviceQueue
-  - KeBugCheckEx
-  - RtlInitUnicodeString
-  - ZwClose
-  - IoDeleteSymbolicLink
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: I/O driver
-  MD5: b10b210c5944965d0dc85e70a0b19a42
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: BS_RCIO64.sys
-  Product: BIOSTAR I/O driver
-  ProductVersion: 10.0.1901.1100
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: fa3d25060a1ec2f8199a8bba2d045991
-    SHA1: ad2b349c74d3ed46f9becdf406543a042bc9aa42
-    SHA256: 248bdbea478bce55d40dfffeec5d164dd8018c12791b03ef33306faa402a261c
-  SHA1: 5db61d00a001fd493591dc919f69b14713889fc5
-  SHA256: d205286bffdf09bc033c09e95c519c1c267b40c2ee8bab703c6a2d86741ccd3e
-  Sections:
-    .text:
-      Entropy: 6.431562553318975
-      Virtual Size: '0x23a8'
-    .rdata:
-      Entropy: 4.706103981422025
-      Virtual Size: '0x2b0'
-    .data:
-      Entropy: 0.43605306823188833
-      Virtual Size: '0x14c'
-    .pdata:
-      Entropy: 3.811817272023083
-      Virtual Size: '0x168'
-    INIT:
-      Entropy: 5.343740869583082
-      Virtual Size: '0x550'
-    .rsrc:
-      Entropy: 3.3065491006589522
-      Virtual Size: '0x410'
-  Signature:
-  - Microsoft Windows Hardware Compatibility Publisher
-  - Microsoft Windows Third Party Component CA 2014
-  - Microsoft Root Certificate Authority 2010
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Hardware Compatibility Publisher
-      ValidFrom: '2018-09-06 21:30:32'
-      ValidTo: '2019-09-06 21:30:32'
-      Signature: a5a2a99a97df110e18898e98fd07aaa52616e13f9c681d0f99cbafcb2914dd7a56a8324ab1fa926b26b9c5c87fd653c193cac3773f7750425d2090034461012f476d77005a079f2883e4cfa8b1dbab735f086c9692b3f6f53efb5db881bd94cdbda4c4c9597026a8fbf1eed41bf628879156fcacae96e751d4fe117f0f6dc985ef3bd72a7bd299bd507633600c9df2f92306fe4833a8d784019dbe8baaaa06fddae1d5066677c9bcce6506e6ebe455cc9f46b1e6e9d77f2a82159b2aac861eeb400de3dcef2bdfa85e0dc51628945f14b3f44340ba9f2a3af7ef1bf24f372b3a0d0fef4baafb86cf3ba43f29030b891d4b46b4ccb29b00506dc0ee0e44959f8369fc9e0fd4bc5fa12159a4cd6db8f9af57353c132654278784509635cf5e020c43757525a4d3dcbbd532986b46b2efaa2b6b3a00aa8d44cd0546efddb6ab2e30ccf75aba4bc8d9249262e408516b89cdd58c55b9af18baeb0201f7732724b4d3ca0c74ebc4afa19bb5583f948e9619232ece825e09465fdab93f6fe6ed0590d08435879ac1ba3cf41a8c4a8f5fea6a50e84a21a5ca38414e85de3867f4bce967cb45b62335b7416a0fdc08c1e3c049e85ef944f438e5f1296a659ff8e01a170001751f92b395bd7c9b4f33106a708a005c16c2b5439bac392253e1bcfbcb545d5f6243466205655a2e496098b9045d605b632b8f98d29f51e27e62fe63a4e8f2
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 33000000253a2738690a3451c1000000000025
-      Version: 3
-      TBS:
-        MD5: 60cb2d8488f8724a67bf3254e6a57ff1
-        SHA1: 37aef77a1afaa33ac5787fc43a2c1e2509a19eb1
-        SHA256: 495a6ff7ace92f915eb1753c4c0b32612056e6d320bb17ff90346db3aa357432
-        SHA384: 2a90dcf67abc92f070775de78ecf066e7730ea57b4c4d6c64cfdd66c3eb0f639ac188b24571a9f600ef017737a71decf
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2014
-      ValidFrom: '2014-10-15 20:31:27'
-      ValidTo: '2029-10-15 20:41:27'
-      Signature: 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 330000000d690d5d7893d076df00000000000d
-      Version: 3
-      TBS:
-        MD5: 83f69422963f11c3c340b81712eef319
-        SHA1: 0c5e5f24590b53bc291e28583acb78e5adc95601
-        SHA256: d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
-        SHA384: 260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63
-    Signer:
-    - SerialNumber: 33000000253a2738690a3451c1000000000025
-      Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2014
-      Version: 1
-  Imphash: 095c0cdb9c0421da216371c1f4e8790e
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create BS_RCIO64.sys binPath=C:\windows\temp\BS_RCIO64.sys type=kernel
+        && sc.exe start BS_RCIO64.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://github.com/jbaines-r7/dellicious
 - https://www.rapid7.com/blog/post/2021/12/13/driver-based-attacks-past-and-present/
 - https://github.com/elastic/protections-artifacts/blob/932baf346cc8a743f1963ad3d4565b42ed17bebe/yara/rules/Windows_VulnDriver_Biostar.yar#L54
-Tags:
-- BS_RCIO64.sys
-Verified: 'TRUE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/d205286bffdf09bc033c09e95c519c1c267b40c2ee8bab703c6a2d86741ccd3e.yara
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 380a4fd97d795fec244add19a9c21fd6
+        SHA1: 6832acd68bcf08f8ced63023b5f7da36824cc596
+        SHA256: 6991be9952aa08c0d2ac9fa728410ebdb44988b496ed01b8b7f478785ebb30c4
+    Company: BIOSTAR Group
+    Copyright: Copyright (c) 2018-2019 BIOSTAR Group
+    CreationTimestamp: '2019-01-10 19:06:10'
+    Date: ''
+    Description: I/O Interface driver file
+    ExportedFunctions: ''
+    FileVersion: 10.0.1901.1100
+    Filename: BS_RCIO64.sys
+    ImportedFunctions:
+    - KeInitializeSemaphore
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeSetEvent
+    - MmUnmapIoSpace
+    - KeDelayExecutionThread
+    - PsCreateSystemThread
+    - IoStartNextPacket
+    - PsTerminateSystemThread
+    - ExEventObjectType
+    - MmMapIoSpace
+    - IoDeleteDevice
+    - ObReferenceObjectByHandle
+    - KeWaitForSingleObject
+    - KeReleaseSemaphore
+    - ObfDereferenceObject
+    - IoReleaseCancelSpinLock
+    - IoAcquireCancelSpinLock
+    - IoStartPacket
+    - IofCompleteRequest
+    - KeRemoveEntryDeviceQueue
+    - KeBugCheckEx
+    - RtlInitUnicodeString
+    - ZwClose
+    - IoDeleteSymbolicLink
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: I/O driver
+    MD5: b10b210c5944965d0dc85e70a0b19a42
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: BS_RCIO64.sys
+    Product: BIOSTAR I/O driver
+    ProductVersion: 10.0.1901.1100
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: fa3d25060a1ec2f8199a8bba2d045991
+        SHA1: ad2b349c74d3ed46f9becdf406543a042bc9aa42
+        SHA256: 248bdbea478bce55d40dfffeec5d164dd8018c12791b03ef33306faa402a261c
+    SHA1: 5db61d00a001fd493591dc919f69b14713889fc5
+    SHA256: d205286bffdf09bc033c09e95c519c1c267b40c2ee8bab703c6a2d86741ccd3e
+    Sections:
+        .text:
+            Entropy: 6.431562553318975
+            Virtual Size: '0x23a8'
+        .rdata:
+            Entropy: 4.706103981422025
+            Virtual Size: '0x2b0'
+        .data:
+            Entropy: 0.43605306823188833
+            Virtual Size: '0x14c'
+        .pdata:
+            Entropy: 3.811817272023083
+            Virtual Size: '0x168'
+        INIT:
+            Entropy: 5.343740869583082
+            Virtual Size: '0x550'
+        .rsrc:
+            Entropy: 3.3065491006589522
+            Virtual Size: '0x410'
+    Signature:
+    - Microsoft Windows Hardware Compatibility Publisher
+    - Microsoft Windows Third Party Component CA 2014
+    - Microsoft Root Certificate Authority 2010
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Hardware Compatibility Publisher
+            ValidFrom: '2018-09-06 21:30:32'
+            ValidTo: '2019-09-06 21:30:32'
+            Signature: a5a2a99a97df110e18898e98fd07aaa52616e13f9c681d0f99cbafcb2914dd7a56a8324ab1fa926b26b9c5c87fd653c193cac3773f7750425d2090034461012f476d77005a079f2883e4cfa8b1dbab735f086c9692b3f6f53efb5db881bd94cdbda4c4c9597026a8fbf1eed41bf628879156fcacae96e751d4fe117f0f6dc985ef3bd72a7bd299bd507633600c9df2f92306fe4833a8d784019dbe8baaaa06fddae1d5066677c9bcce6506e6ebe455cc9f46b1e6e9d77f2a82159b2aac861eeb400de3dcef2bdfa85e0dc51628945f14b3f44340ba9f2a3af7ef1bf24f372b3a0d0fef4baafb86cf3ba43f29030b891d4b46b4ccb29b00506dc0ee0e44959f8369fc9e0fd4bc5fa12159a4cd6db8f9af57353c132654278784509635cf5e020c43757525a4d3dcbbd532986b46b2efaa2b6b3a00aa8d44cd0546efddb6ab2e30ccf75aba4bc8d9249262e408516b89cdd58c55b9af18baeb0201f7732724b4d3ca0c74ebc4afa19bb5583f948e9619232ece825e09465fdab93f6fe6ed0590d08435879ac1ba3cf41a8c4a8f5fea6a50e84a21a5ca38414e85de3867f4bce967cb45b62335b7416a0fdc08c1e3c049e85ef944f438e5f1296a659ff8e01a170001751f92b395bd7c9b4f33106a708a005c16c2b5439bac392253e1bcfbcb545d5f6243466205655a2e496098b9045d605b632b8f98d29f51e27e62fe63a4e8f2
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 33000000253a2738690a3451c1000000000025
+            Version: 3
+            TBS:
+                MD5: 60cb2d8488f8724a67bf3254e6a57ff1
+                SHA1: 37aef77a1afaa33ac5787fc43a2c1e2509a19eb1
+                SHA256: 495a6ff7ace92f915eb1753c4c0b32612056e6d320bb17ff90346db3aa357432
+                SHA384: 2a90dcf67abc92f070775de78ecf066e7730ea57b4c4d6c64cfdd66c3eb0f639ac188b24571a9f600ef017737a71decf
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2014
+            ValidFrom: '2014-10-15 20:31:27'
+            ValidTo: '2029-10-15 20:41:27'
+            Signature: 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 330000000d690d5d7893d076df00000000000d
+            Version: 3
+            TBS:
+                MD5: 83f69422963f11c3c340b81712eef319
+                SHA1: 0c5e5f24590b53bc291e28583acb78e5adc95601
+                SHA256: d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
+                SHA384: 260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63
+        Signer:
+        -   SerialNumber: 33000000253a2738690a3451c1000000000025
+            Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2014
+            Version: 1
+    Imphash: 095c0cdb9c0421da216371c1f4e8790e
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/e9b099f6-8a12-46f0-a540-40e88cf0ce17.yaml b/yaml/e9b099f6-8a12-46f0-a540-40e88cf0ce17.yaml
index 4a15f9f91..91c875fd7 100644
--- a/yaml/e9b099f6-8a12-46f0-a540-40e88cf0ce17.yaml
+++ b/yaml/e9b099f6-8a12-46f0-a540-40e88cf0ce17.yaml
@@ -1,35 +1,35 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: e9b099f6-8a12-46f0-a540-40e88cf0ce17
+Tags:
+- nstrwsk.sys
+Verified: 'FALSE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create nstrwsk.sys binPath=C:\windows\temp \n \n \n  strwsk.sys
-    type=kernel && sc.exe start nstrwsk.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection: []
-Id: e9b099f6-8a12-46f0-a540-40e88cf0ce17
-KnownVulnerableSamples:
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: nstrwsk.sys
-  MachineType: ''
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA256: 3390919bb28d5c36cc348f9ef23be5fa49bfd81263eb7740826e4437cbe904cd
-  Signature: []
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create nstrwsk.sys binPath=C:\windows\temp \n \n \n  strwsk.sys
+        type=kernel && sc.exe start nstrwsk.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules
-Tags:
-- nstrwsk.sys
-Verified: 'FALSE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: nstrwsk.sys
+    MachineType: ''
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA256: 3390919bb28d5c36cc348f9ef23be5fa49bfd81263eb7740826e4437cbe904cd
+    Signature: []
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/eb07ef7e-0402-48eb-8e06-8fb76eda5b84.yaml b/yaml/eb07ef7e-0402-48eb-8e06-8fb76eda5b84.yaml
index 9de31d6b5..99a11f527 100644
--- a/yaml/eb07ef7e-0402-48eb-8e06-8fb76eda5b84.yaml
+++ b/yaml/eb07ef7e-0402-48eb-8e06-8fb76eda5b84.yaml
@@ -1,192 +1,192 @@
 Id: eb07ef7e-0402-48eb-8e06-8fb76eda5b84
+Tags:
+- LHA.sys
+Verified: 'TRUE'
 Author: Nasreddine Bencherchali
 Created: '2023-05-06'
 MitreID: T1068
 Category: vulnerable driver
-Verified: 'TRUE'
 Commands:
-  Command: sc.exe create LHA.sys binPath=C:\windows\temp\LHA.sys type=kernel && sc.exe
-    start LHA.sys
-  Description: ''
-  Usecase: Elevate privileges
-  Privileges: kernel
-  OperatingSystem: Windows 10
+    Command: sc.exe create LHA.sys binPath=C:\windows\temp\LHA.sys type=kernel &&
+        sc.exe start LHA.sys
+    Description: ''
+    Usecase: Elevate privileges
+    Privileges: kernel
+    OperatingSystem: Windows 10
 Resources:
 - Internal Research
-Acknowledgement:
-  Person: ''
-  Handle: ''
 Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/23ba19352b1e71a965260bf4d5120f0200709ee8657ed381043bec9a938a1ade.yara
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/23ba19352b1e71a965260bf4d5120f0200709ee8657ed381043bec9a938a1ade.yara
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Person: ''
+    Handle: ''
 KnownVulnerableSamples:
-- Filename: LHA.sys
-  MD5: 1d768959aaa194d60e4524ce47708377
-  SHA1: 3fd55927d5997d33f5449e9a355eb5c0452e0de3
-  SHA256: 23ba19352b1e71a965260bf4d5120f0200709ee8657ed381043bec9a938a1ade
-  Authentihash:
-    MD5: e8daeb4eae6a46b46de0e42fcfeece79
-    SHA1: 87c155d933ca3513e29d235562d96b88d3913cde
-    SHA256: dcd5404c83f74f0b7a8d0735174af78782aaa99d2b5b5b24f44c48b295a2ba31
-  Description: LHA
-  Company: LG Electronics Inc.
-  InternalName: LHA.sys
-  OriginalFilename: LHA.sys
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Product: "Microsoft\xAE Windows\xAE Operating System"
-  ProductVersion: 6.1.7600.16385
-  Copyright: ultrabios@hotmail.com
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - ExFreePoolWithTag
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeReleaseSpinLock
-  - MmUnmapIoSpace
-  - MmFreeNonCachedMemory
-  - MmGetPhysicalAddress
-  - MmMapIoSpace
-  - IoDeleteSymbolicLink
-  - IoCreateSymbolicLink
-  - MmAllocateNonCachedMemory
-  - IoCreateDevice
-  - KeAcquireSpinLockRaiseToDpc
-  - DbgPrint
-  - IoWMIQueryAllData
-  - MmGetSystemRoutineAddress
-  - KeBugCheckEx
-  - IofCompleteRequest
-  - ExAllocatePoolWithTag
-  - KeStallExecutionProcessor
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=KR, ST= , L= , O=LG Electronics Inc., CN=LG Electronics Inc.
-      ValidFrom: '2014-07-30 00:00:00'
-      ValidTo: '2017-09-27 23:59:59'
-      Signature: e5240868f932855b412fcfb55a2d2e6a117e180f2c1ace813e5d234bce408b042a504dbade9c7586a4d54149845acde53075e86e0d739e4a3d1c891834beb37785f0c08c043488dc70c3290e652f0a24836354692556ad87b4eceb24d91348a7becbb7854185e8fc135c01577c182b600d76865a11382f89ccc2ca73d56c4a15a6d43f57c2dcd007639aaab4902b1b0c06242ad6e138c7499a3fb6aa3483454aac67a5ba6cadb29cbeb453921b3f1f9d54dd7660305846e376c5811e0b9d129a0fe079a00cd0e20c90934042bf320b952a75a9e3080c1b35b2213a406e3f2255f45cf0d9933e16b78a222f7e62b554d1f210a520f1ca97680a5d8530573d2780
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 4bad88265909f29eb7827157954a75a5
-      Version: 3
-      TBS:
-        MD5: 52a4b746528c06f501945b65a62947e0
-        SHA1: d6ceebc8b2b42593ba455288596ac537ada0a97c
-        SHA256: ac5e2ff118ef7840f833e2aa3cc53389a85e092cb732cba8f3f48e45735af79e
-        SHA384: 17d54ba5865642ef456642143388a0831789f8430ecb4786d8258b259e9d7c4609121ccc893c0c9753367bbb32e677c6
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 4bad88265909f29eb7827157954a75a5
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 30c853790d43b4458084956d9d579d85
-    SHA1: f3ae411539a96e483f7abe861a274004470e2c6f
-    SHA256: 102020b25facf0be74f4f0fe654d19ef01334cf6a3431c43aaed5c85c009f02f
-  Sections:
-    .text:
-      Entropy: 6.409315273884316
-      Virtual Size: '0x236e'
-    .rdata:
-      Entropy: 4.57142215607415
-      Virtual Size: '0x25c'
-    .data:
-      Entropy: 0.41395709433809735
-      Virtual Size: '0x161'
-    .pdata:
-      Entropy: 3.8305271148391036
-      Virtual Size: '0x120'
-    INIT:
-      Entropy: 5.082764435526367
-      Virtual Size: '0x33c'
-    .rsrc:
-      Entropy: 3.4159725787162216
-      Virtual Size: '0x380'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2015-12-28 16:11:06'
-  Imphash: 1dd3b83f2b007f862a1d8de4a1d3303f
-  LoadsDespiteHVCI: 'FALSE'
-Tags:
-- LHA.sys
+-   Filename: LHA.sys
+    MD5: 1d768959aaa194d60e4524ce47708377
+    SHA1: 3fd55927d5997d33f5449e9a355eb5c0452e0de3
+    SHA256: 23ba19352b1e71a965260bf4d5120f0200709ee8657ed381043bec9a938a1ade
+    Authentihash:
+        MD5: e8daeb4eae6a46b46de0e42fcfeece79
+        SHA1: 87c155d933ca3513e29d235562d96b88d3913cde
+        SHA256: dcd5404c83f74f0b7a8d0735174af78782aaa99d2b5b5b24f44c48b295a2ba31
+    Description: LHA
+    Company: LG Electronics Inc.
+    InternalName: LHA.sys
+    OriginalFilename: LHA.sys
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Product: "Microsoft\xAE Windows\xAE Operating System"
+    ProductVersion: 6.1.7600.16385
+    Copyright: ultrabios@hotmail.com
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - ExFreePoolWithTag
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeReleaseSpinLock
+    - MmUnmapIoSpace
+    - MmFreeNonCachedMemory
+    - MmGetPhysicalAddress
+    - MmMapIoSpace
+    - IoDeleteSymbolicLink
+    - IoCreateSymbolicLink
+    - MmAllocateNonCachedMemory
+    - IoCreateDevice
+    - KeAcquireSpinLockRaiseToDpc
+    - DbgPrint
+    - IoWMIQueryAllData
+    - MmGetSystemRoutineAddress
+    - KeBugCheckEx
+    - IofCompleteRequest
+    - ExAllocatePoolWithTag
+    - KeStallExecutionProcessor
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=KR, ST= , L= , O=LG Electronics Inc., CN=LG Electronics Inc.
+            ValidFrom: '2014-07-30 00:00:00'
+            ValidTo: '2017-09-27 23:59:59'
+            Signature: e5240868f932855b412fcfb55a2d2e6a117e180f2c1ace813e5d234bce408b042a504dbade9c7586a4d54149845acde53075e86e0d739e4a3d1c891834beb37785f0c08c043488dc70c3290e652f0a24836354692556ad87b4eceb24d91348a7becbb7854185e8fc135c01577c182b600d76865a11382f89ccc2ca73d56c4a15a6d43f57c2dcd007639aaab4902b1b0c06242ad6e138c7499a3fb6aa3483454aac67a5ba6cadb29cbeb453921b3f1f9d54dd7660305846e376c5811e0b9d129a0fe079a00cd0e20c90934042bf320b952a75a9e3080c1b35b2213a406e3f2255f45cf0d9933e16b78a222f7e62b554d1f210a520f1ca97680a5d8530573d2780
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 4bad88265909f29eb7827157954a75a5
+            Version: 3
+            TBS:
+                MD5: 52a4b746528c06f501945b65a62947e0
+                SHA1: d6ceebc8b2b42593ba455288596ac537ada0a97c
+                SHA256: ac5e2ff118ef7840f833e2aa3cc53389a85e092cb732cba8f3f48e45735af79e
+                SHA384: 17d54ba5865642ef456642143388a0831789f8430ecb4786d8258b259e9d7c4609121ccc893c0c9753367bbb32e677c6
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 4bad88265909f29eb7827157954a75a5
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 30c853790d43b4458084956d9d579d85
+        SHA1: f3ae411539a96e483f7abe861a274004470e2c6f
+        SHA256: 102020b25facf0be74f4f0fe654d19ef01334cf6a3431c43aaed5c85c009f02f
+    Sections:
+        .text:
+            Entropy: 6.409315273884316
+            Virtual Size: '0x236e'
+        .rdata:
+            Entropy: 4.57142215607415
+            Virtual Size: '0x25c'
+        .data:
+            Entropy: 0.41395709433809735
+            Virtual Size: '0x161'
+        .pdata:
+            Entropy: 3.8305271148391036
+            Virtual Size: '0x120'
+        INIT:
+            Entropy: 5.082764435526367
+            Virtual Size: '0x33c'
+        .rsrc:
+            Entropy: 3.4159725787162216
+            Virtual Size: '0x380'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2015-12-28 16:11:06'
+    Imphash: 1dd3b83f2b007f862a1d8de4a1d3303f
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/ebdde780-e142-44e7-a998-504c516f4695.yaml b/yaml/ebdde780-e142-44e7-a998-504c516f4695.yaml
index 90a6e2c72..b5b0f70f1 100644
--- a/yaml/ebdde780-e142-44e7-a998-504c516f4695.yaml
+++ b/yaml/ebdde780-e142-44e7-a998-504c516f4695.yaml
@@ -1,260 +1,260 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: ebdde780-e142-44e7-a998-504c516f4695
+Tags:
+- mhyprotrpg.Sys
+Verified: 'TRUE'
 Author: Michael Haag
+Created: '2023-07-22'
+MitreID: T1068
 CVE:
 - ''
 Category: vulnerable drivers
 Commands:
-  Command: ''
-  Description: Confirmed vulnerable driver from Microsoft Block List
-  OperatingSystem: Windows
-  Privileges: kernel
-  Usecase: Elevate privileges
-Created: '2023-07-22'
-Detection:
-- type: ''
-  value: ''
-Id: ebdde780-e142-44e7-a998-504c516f4695
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 147333457f1bc42553237b1e54badabe
-    SHA1: 75f87f73836acfebcfd7680ff2ca7da356a9720b
-    SHA256: 5195443274ee3a382e947f03fd409437730434c2af0c1bb1c99f5ba1953f989e
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2021-12-20 21:33:43'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - NtQuerySystemInformation
-  - RtlInitUnicodeString
-  - ExAllocatePool
-  - ExFreePoolWithTag
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - IoGetCurrentProcess
-  - _wcsicmp
-  - RtlInitString
-  - RtlAnsiStringToUnicodeString
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - ZwClose
-  - MmIsAddressValid
-  - ZwOpenDirectoryObject
-  - ZwQueryDirectoryObject
-  - ObReferenceObjectByName
-  - ZwQuerySystemInformation
-  - __C_specific_handler
-  - MmHighestUserAddress
-  - IoDriverObjectType
-  - KeQueryTimeIncrement
-  - KeStackAttachProcess
-  - KeUnstackDetachProcess
-  - PsGetProcessWow64Process
-  - PsGetProcessPeb
-  - MmUnlockPages
-  - MmGetSystemRoutineAddress
-  - MmUnmapLockedPages
-  - IoFreeMdl
-  - ZwTerminateProcess
-  - PsGetProcessImageFileName
-  - ZwQueryObject
-  - ObOpenObjectByPointer
-  - PsReferenceProcessFilePointer
-  - IoQueryFileDosDeviceName
-  - MmProbeAndLockPages
-  - PsLookupProcessByProcessId
-  - MmMapLockedPagesSpecifyCache
-  - IoAllocateMdl
-  - MmCopyVirtualMemory
-  - KeClearEvent
-  - KeSetEvent
-  - KeWaitForSingleObject
-  - MmMapLockedPages
-  - ObReferenceObjectByHandle
-  - PsSetCreateProcessNotifyRoutineEx
-  - PsSetCreateThreadNotifyRoutine
-  - PsRemoveCreateThreadNotifyRoutine
-  - PsSetLoadImageNotifyRoutine
-  - PsRemoveLoadImageNotifyRoutine
-  - ExEventObjectType
-  - ObRegisterCallbacks
-  - ObUnRegisterCallbacks
-  - ObGetFilterVersion
-  - PsGetProcessId
-  - IoThreadToProcess
-  - strcmp
-  - PsProcessType
-  - PsThreadType
-  - RtlEqualUnicodeString
-  - RtlGetVersion
-  - ObfReferenceObject
-  - ObGetObjectType
-  - ExEnumHandleTable
-  - ExfUnblockPushLock
-  - PsAcquireProcessExitSynchronization
-  - PsReleaseProcessExitSynchronization
-  - _snprintf
-  - vsprintf_s
-  - ZwCreateFile
-  - ZwWriteFile
-  - PsLookupThreadByThreadId
-  - NtQueryInformationThread
-  - PsGetThreadProcess
-  - KeDelayExecutionThread
-  - KdDisableDebugger
-  - KdChangeOption
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - KdDebuggerEnabled
-  - PsGetVersion
-  - KeInitializeEvent
-  - RtlCopyUnicodeString
-  - ObfDereferenceObject
-  - ExReleaseFastMutex
-  - ExAcquireFastMutex
-  - MmBuildMdlForNonPagedPool
-  - WdfVersionBindClass
-  - WdfVersionBind
-  - WdfVersionUnbind
-  - WdfVersionUnbindClass
-  Imports:
-  - ntoskrnl.exe
-  - WDFLDR.SYS
-  InternalName: ''
-  MD5: a860d74c13d125d7c6253a4dc3b47ddf
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: ffdf660eb1ebf020a1d0a55a90712dfb
-    SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
-    SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
-  SHA1: 7ac42dda788b55fd3f32c0c27670c7bc7f5bced4
-  SHA256: f7d72d22cd4ad3e44fd617bdb4c90b9a884f4eb045688c0e3fb64dd33e033eaa
-  Sections:
-    .text:
-      Entropy: 6.158075145426797
-      Virtual Size: '0x6b90'
-    .rdata:
-      Entropy: 4.765869084881738
-      Virtual Size: '0x152c'
-    .data:
-      Entropy: 0.807954115503613
-      Virtual Size: '0x15f8'
-    .pdata:
-      Entropy: 7.800461572948713
-      Virtual Size: '0x660'
-    PAGE:
-      Entropy: 5.557939798776847
-      Virtual Size: '0xb0e'
-    INIT:
-      Entropy: 5.377891226514562
-      Virtual Size: '0xeae'
-    .upx0:
-      Entropy: 7.132796829919025
-      Virtual Size: '0x139a64'
-    .reloc:
-      Entropy: 3.8780168751674
-      Virtual Size: '0xd8'
-    .rsrc:
-      Entropy: 2.9106266625370485
-      Virtual Size: '0x22c'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=CN, L=Shanghai, O=miHoYo Co.,Ltd., OU=OPS, CN=miHoYo Co.,Ltd.
-      ValidFrom: '2019-04-08 00:00:00'
-      ValidTo: '2022-04-08 12:00:00'
-      Signature: 46a5e6f6c38a63b314f7e2677bb86d4bcd7839eef8e006048ddd58c6783ff0657456e61c800efb31966c611f7ca7d1de1785e006e3f4c0b24cb652842e42cbae016320a774724537fc30e8f09895fdb626daa26b5740c7538aa1df1f97dcab12c3a743c2048f6c9a754f66189ac0f21544399798fb780cd347c9cac0443c8d778736938e17cdd5eca8a2338d8171efd61e13c868dff862da9df4ca8c653a227e0971030aa7e6b44dc2199d1ebd9cae00c6f0a3e91bb883cc509fb297902ba5c13e5826071d92178ace51f1a0653b0445cf7ba17226401c92d7db4f67a37d1243f9094ad5f32873891ea5004a8cbfec77129d4955e344492aaee456f852001ded
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 05a7559541e0fdc678d79e3272468907
-      Version: 3
-      TBS:
-        MD5: 3e83a7572d1c522dd9072ba6399029d7
-        SHA1: e2c2d59b70f028a66a8711bfa97f842475f84639
-        SHA256: 5a504a929cb21f72008d5d57bcd992a7cac13f6aa90cbb886b5ecd809e3b59dd
-        SHA384: 72916ab6c7eb3f5cb7444b3d7d2ac8cb52944605477c5a0f181d060e4edb4c37ebe5eb3c0566dda9de2d2707636ec355
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root
-        CA
-      ValidFrom: '2011-04-15 19:41:37'
-      ValidTo: '2021-04-15 19:51:37'
-      Signature: 5cf5b22d02ceed01b53512d813f7aa4014c7a15ca08a55ed7e55ea6ac457176fd04722423658efc5ac61c5f62c52ce6ae6c80d85dab334420ea40225182672b92a4ea57e4b16f2a0e40c449ce24d9af474f0f927a6699031c244654348c74869d0fc8409f286140ac22996857f11eb8713176ed3ec6bff1d578ab17b1ea5a07ce9a27a68e5fac6b161d67263fa379163835599f81d614f0c6fa3f7bcb1152acc8d85e31417ef7e49443fb022c0f0acbe2fdbe10c86b0f4585c5a10a94bcdf3448a4652083e0a6210e9459504b78b8d4b074f500db7bbe7fb8ca27878c6c53b7663b2cfe521845a66fce04c79834ecfa8ee700586587cc29cd73ca3ad3c7e76625c87d0ed7cd5c55b1421f4be75a275d2e9e15ad020307841624d6b5e6e1b1710244ad8588775d015d762bbfd185665842561977faad49df4f35d6da031c2e19e02ac3e90c3327ee832903416d08b14cf95accee58c54a265b8bfed186a57073ed3e79a4a2f081a041c49871a8ae61b08a365d81c31c50d9cbab368ddf45076160675fec403e7d13edfdc862e10027e661296534e7af3365879b12042d8963f35be3f8ef2999743f5e40ce13c68728c8d49d75a52b573fb7a35943a61b08482c04885c19732d39b725fa0d2348f7ef0467cf28c7294c707b0d7b5b230b81965f09c8327b0a0abd0a2727e050fb3aeddb95b9b42bcc32663456b86f11d4643edc8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611cb28a000000000026
-      Version: 3
-      TBS:
-        MD5: 983a0c315a50542362f2bd6a5d71c8d0
-        SHA1: 8047f476001f5cb16a661d2a3fd0c3576168f5e2
-        SHA256: 5f6a519ed2e35cd0fa1cdfc90f4387162c36287bbf9e4d6648251d99542a9e83
-        SHA384: 5f014b60511ddab3247ef0b3c03fe82c622237ba76015e2911d1adc50dc632d56ebd1ee532f3c2b6cbfe68d80a2c91dc
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code
-        Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 7b721d64ff88c83ac1b7e9e7a9c487bbdb9492d7905933fa2b87dea85b80253f138f9b831b7c43c4e68cdf393ec315ecb0da3b21257b24c1725db84791811346fa9c3f6a5138deb425cbf0abdfc528015479104624d1380f26a161904dbabd28e63ff1c4aa9bf6da35534fc9f23dd36cdc23edaaa04d6709f33a803d3cfb364c90e776a4ddf23abf56352fa24c65e8e0d4dad1c7c8916a2d234f373b199418d4d59c103cd5b11c19ff8fc86b9b9ef8ae9c999678d1cd9c51155b4226725a8d0a4a239240e886de22c2933ad49b68a6df297f06b93c0ebd9fc4869c82474271328609997209794b9d7169f541ff7f397764f1848dbe8b1eb27d68a3a590b10cff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0fa8490615d700a0be2176fdc5ec6dbd
-      Version: 3
-      TBS:
-        MD5: a9a31555bbc92b6033975c5428fb3679
-        SHA1: 47f4b9898631773231b32844ec0d49990ac4eb1e
-        SHA256: c826846e4b1d73edb7561ab1b41c949354e237a91e82fe1be5b7e2e1701f52d1
-        SHA384: 86f49574f368a561914a52d7ae043ec6784ef8c718960700f834e123594605d25d39f1ad45f1eb5052c9567f3edd0e16
-    - Subject: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo
-        RSA Time Stamping CA
-      ValidFrom: '2019-05-02 00:00:00'
-      ValidTo: '2038-01-18 23:59:59'
-      Signature: 6d5481a5335d16e1b553819175df037a320b2d258411b2b0db2a7d2a05f5bc3b27f45aa0b9495990296c61cbb550dbe27df99f00ef40c3add3e2e456f95841cff142e5107dffb0741f8fc65c09f9335eeaa01c26585cf3b4110fd5d5c3e2bcd55878bf4876e144676d8fb043100f8de4f93862bf1301c585a34cc5ccb2533095a4d6f4965608b8cd5c7f0196be72526a3b42377c1678399393949bb1dcb26d416d67cdc96f903d7f4572c11b23d6c2558466e4b3c56606f6f3d64b5eada32b428a2192fea86f5a2570628173635ea0bbd8dcd74ad33daf830638121d24872de4fc02d63e7704bc0436b5e777cb9c2e8d2318b9a3c2471df05dd6a1735705689aa7c937651dbeeabcd842834305a58ba609ffd1a194a64eaa3d09f5056cb7d2645ad82a22c24b9df1395e4cde483d9b34969a095f8efdf7b15291ce3f89f61ca1b5a9751f71bf5b435d653d50816eabf0d0d3fcb2b31fb6999626f43c798b5c64cccdee279ae5a0c00c7287c16e4d5ad31eeaf044e6326f1ceb174e94c37865203b0f41aa1fe9a1419dfeb1b8a0652a34e0dea8f93ce6c130bbc0a0632cfc5c1600a8d0c47fea119d1e06c6a66d325db438092b4907aafdec30daf1a72fcfb7fdfad0a384d9279efb016677b95610e1206ec6aeb1f9b6bac8355d33768ef17c200c2a77aeb5a20286ba29eeb45a00b18cabe3f90ac9545dd4b96a749ebd48ae98
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.12
-      IsCertificateAuthority: true
-      SerialNumber: 300f6facdd6698747ca94636a7782db9
-      Version: 3
-      TBS:
-        MD5: 63499ed59a1293b786649470e4ce0bd7
-        SHA1: 7309d8eaa65da1f3da7030c08f00a3b0a20fa908
-        SHA256: 8c8d2046b29e792e71b28705fe67c435208a336dde074a75452d98e72c734937
-        SHA384: 5dbc5eae13908fee4c4e5216f87e3e87208fff0d1052f5fa9f0856a429d6a6c422c625f2318f2f29aea26ece09c1e811
-    - Subject: 'C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo
-        RSA Time Stamping Signer #2'
-      ValidFrom: '2020-10-23 00:00:00'
-      ValidTo: '2032-01-22 23:59:59'
-      Signature: 4a0378904233ec7b1a830936339855bb9d4006306b456af1940e1950ff5b255e3be139c45bbae995903737bddffb64ece582b795cc5755704b4ef4a887dd2285a657bbb82127d4a02a31948a07219e8abda71af50215cb4450998cec3eba0377a6820290c22e93a9be21347563b9e02d0fcf0137cb8da2fab85a9aaea17a9e139319558f09902edfea881716eb69d6e125bd45089780d75420284fca7bb3b3a5d200b0603465c4e3c5c3a5e4ba85aa7a69db75a43e79689a368b43ae36d461723c0e85620da05e70db642f01c7c1a1c72494a3b23c6eb25ea2d0faa8d1b8251c16e6c0d57f681ac46529352a2d88bceaae74d682e7c088b8e14f78f05ccac0405cc29fd5321c2cda3cac36f706529aa3403017b0291699c9aab78849f7e80b2533b53f6daf9f5f0a56df12b1c3eece9177e82013e95c24c7ea440b4ae613841c4deb0db5b886a030a78ba19fb42cccc01623c991e542034b80cee44de62a013ec05e85a024a11740d5dbdbe79810a4f1ea191b8054fa4789e89881a975c00edfd0689479a1a09e8eb6b74266cbd9d96b2f4dd8de3e321e20e4ec9c4d428d9dc73399823744d4262926408e782fb9eefa2ff1f18ffe50b878dd1496de1c0e70b02a856ab16c68e92ae4102b6e21fdd37c9d37e42a06d6c3f1d768e34f0779810813feb2645ee9b13ce6d07823b2092ce22662bf3ba99751ccc7443281b2afcfdf
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.12
-      IsCertificateAuthority: false
-      SerialNumber: 008c77a0008ff4d1b0c63d9f3a48838d6b
-      Version: 3
-      TBS:
-        MD5: 6efd500ce038df7aa3087c1e63a5eb5c
-        SHA1: 1c961712a02fb995c585080eda53a753656ca3ad
-        SHA256: f60d4f8f7b56499de889264b1e64890694c5b106129d3db068976ed33495577a
-        SHA384: 031fdf7c078e205b4d3ffaff40de36f48f91f87c3b0005b482ff614b320f5e47785045cb87a3e6a75085c24ae8409498
-    Signer:
-    - SerialNumber: 05a7559541e0fdc678d79e3272468907
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code
-        Signing CA,1
-      Version: 1
-  Imphash: ebb99842fa08915eb8b7f67d8dc7a13a
-  LoadsDespiteHVCI: 'FALSE'
-MitreID: T1068
+    Command: ''
+    Description: Confirmed vulnerable driver from Microsoft Block List
+    OperatingSystem: Windows
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://gist.github.com/mgraeber-rc/1bde6a2a83237f17b463d051d32e802c
-Tags:
-- mhyprotrpg.Sys
-Verified: 'TRUE'
+Detection:
+-   type: ''
+    value: ''
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 147333457f1bc42553237b1e54badabe
+        SHA1: 75f87f73836acfebcfd7680ff2ca7da356a9720b
+        SHA256: 5195443274ee3a382e947f03fd409437730434c2af0c1bb1c99f5ba1953f989e
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2021-12-20 21:33:43'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - NtQuerySystemInformation
+    - RtlInitUnicodeString
+    - ExAllocatePool
+    - ExFreePoolWithTag
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - IoGetCurrentProcess
+    - _wcsicmp
+    - RtlInitString
+    - RtlAnsiStringToUnicodeString
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - ZwClose
+    - MmIsAddressValid
+    - ZwOpenDirectoryObject
+    - ZwQueryDirectoryObject
+    - ObReferenceObjectByName
+    - ZwQuerySystemInformation
+    - __C_specific_handler
+    - MmHighestUserAddress
+    - IoDriverObjectType
+    - KeQueryTimeIncrement
+    - KeStackAttachProcess
+    - KeUnstackDetachProcess
+    - PsGetProcessWow64Process
+    - PsGetProcessPeb
+    - MmUnlockPages
+    - MmGetSystemRoutineAddress
+    - MmUnmapLockedPages
+    - IoFreeMdl
+    - ZwTerminateProcess
+    - PsGetProcessImageFileName
+    - ZwQueryObject
+    - ObOpenObjectByPointer
+    - PsReferenceProcessFilePointer
+    - IoQueryFileDosDeviceName
+    - MmProbeAndLockPages
+    - PsLookupProcessByProcessId
+    - MmMapLockedPagesSpecifyCache
+    - IoAllocateMdl
+    - MmCopyVirtualMemory
+    - KeClearEvent
+    - KeSetEvent
+    - KeWaitForSingleObject
+    - MmMapLockedPages
+    - ObReferenceObjectByHandle
+    - PsSetCreateProcessNotifyRoutineEx
+    - PsSetCreateThreadNotifyRoutine
+    - PsRemoveCreateThreadNotifyRoutine
+    - PsSetLoadImageNotifyRoutine
+    - PsRemoveLoadImageNotifyRoutine
+    - ExEventObjectType
+    - ObRegisterCallbacks
+    - ObUnRegisterCallbacks
+    - ObGetFilterVersion
+    - PsGetProcessId
+    - IoThreadToProcess
+    - strcmp
+    - PsProcessType
+    - PsThreadType
+    - RtlEqualUnicodeString
+    - RtlGetVersion
+    - ObfReferenceObject
+    - ObGetObjectType
+    - ExEnumHandleTable
+    - ExfUnblockPushLock
+    - PsAcquireProcessExitSynchronization
+    - PsReleaseProcessExitSynchronization
+    - _snprintf
+    - vsprintf_s
+    - ZwCreateFile
+    - ZwWriteFile
+    - PsLookupThreadByThreadId
+    - NtQueryInformationThread
+    - PsGetThreadProcess
+    - KeDelayExecutionThread
+    - KdDisableDebugger
+    - KdChangeOption
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - KdDebuggerEnabled
+    - PsGetVersion
+    - KeInitializeEvent
+    - RtlCopyUnicodeString
+    - ObfDereferenceObject
+    - ExReleaseFastMutex
+    - ExAcquireFastMutex
+    - MmBuildMdlForNonPagedPool
+    - WdfVersionBindClass
+    - WdfVersionBind
+    - WdfVersionUnbind
+    - WdfVersionUnbindClass
+    Imports:
+    - ntoskrnl.exe
+    - WDFLDR.SYS
+    InternalName: ''
+    MD5: a860d74c13d125d7c6253a4dc3b47ddf
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: ffdf660eb1ebf020a1d0a55a90712dfb
+        SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
+        SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
+    SHA1: 7ac42dda788b55fd3f32c0c27670c7bc7f5bced4
+    SHA256: f7d72d22cd4ad3e44fd617bdb4c90b9a884f4eb045688c0e3fb64dd33e033eaa
+    Sections:
+        .text:
+            Entropy: 6.158075145426797
+            Virtual Size: '0x6b90'
+        .rdata:
+            Entropy: 4.765869084881738
+            Virtual Size: '0x152c'
+        .data:
+            Entropy: 0.807954115503613
+            Virtual Size: '0x15f8'
+        .pdata:
+            Entropy: 7.800461572948713
+            Virtual Size: '0x660'
+        PAGE:
+            Entropy: 5.557939798776847
+            Virtual Size: '0xb0e'
+        INIT:
+            Entropy: 5.377891226514562
+            Virtual Size: '0xeae'
+        .upx0:
+            Entropy: 7.132796829919025
+            Virtual Size: '0x139a64'
+        .reloc:
+            Entropy: 3.8780168751674
+            Virtual Size: '0xd8'
+        .rsrc:
+            Entropy: 2.9106266625370485
+            Virtual Size: '0x22c'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=CN, L=Shanghai, O=miHoYo Co.,Ltd., OU=OPS, CN=miHoYo Co.,Ltd.
+            ValidFrom: '2019-04-08 00:00:00'
+            ValidTo: '2022-04-08 12:00:00'
+            Signature: 46a5e6f6c38a63b314f7e2677bb86d4bcd7839eef8e006048ddd58c6783ff0657456e61c800efb31966c611f7ca7d1de1785e006e3f4c0b24cb652842e42cbae016320a774724537fc30e8f09895fdb626daa26b5740c7538aa1df1f97dcab12c3a743c2048f6c9a754f66189ac0f21544399798fb780cd347c9cac0443c8d778736938e17cdd5eca8a2338d8171efd61e13c868dff862da9df4ca8c653a227e0971030aa7e6b44dc2199d1ebd9cae00c6f0a3e91bb883cc509fb297902ba5c13e5826071d92178ace51f1a0653b0445cf7ba17226401c92d7db4f67a37d1243f9094ad5f32873891ea5004a8cbfec77129d4955e344492aaee456f852001ded
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 05a7559541e0fdc678d79e3272468907
+            Version: 3
+            TBS:
+                MD5: 3e83a7572d1c522dd9072ba6399029d7
+                SHA1: e2c2d59b70f028a66a8711bfa97f842475f84639
+                SHA256: 5a504a929cb21f72008d5d57bcd992a7cac13f6aa90cbb886b5ecd809e3b59dd
+                SHA384: 72916ab6c7eb3f5cb7444b3d7d2ac8cb52944605477c5a0f181d060e4edb4c37ebe5eb3c0566dda9de2d2707636ec355
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID Root CA
+            ValidFrom: '2011-04-15 19:41:37'
+            ValidTo: '2021-04-15 19:51:37'
+            Signature: 5cf5b22d02ceed01b53512d813f7aa4014c7a15ca08a55ed7e55ea6ac457176fd04722423658efc5ac61c5f62c52ce6ae6c80d85dab334420ea40225182672b92a4ea57e4b16f2a0e40c449ce24d9af474f0f927a6699031c244654348c74869d0fc8409f286140ac22996857f11eb8713176ed3ec6bff1d578ab17b1ea5a07ce9a27a68e5fac6b161d67263fa379163835599f81d614f0c6fa3f7bcb1152acc8d85e31417ef7e49443fb022c0f0acbe2fdbe10c86b0f4585c5a10a94bcdf3448a4652083e0a6210e9459504b78b8d4b074f500db7bbe7fb8ca27878c6c53b7663b2cfe521845a66fce04c79834ecfa8ee700586587cc29cd73ca3ad3c7e76625c87d0ed7cd5c55b1421f4be75a275d2e9e15ad020307841624d6b5e6e1b1710244ad8588775d015d762bbfd185665842561977faad49df4f35d6da031c2e19e02ac3e90c3327ee832903416d08b14cf95accee58c54a265b8bfed186a57073ed3e79a4a2f081a041c49871a8ae61b08a365d81c31c50d9cbab368ddf45076160675fec403e7d13edfdc862e10027e661296534e7af3365879b12042d8963f35be3f8ef2999743f5e40ce13c68728c8d49d75a52b573fb7a35943a61b08482c04885c19732d39b725fa0d2348f7ef0467cf28c7294c707b0d7b5b230b81965f09c8327b0a0abd0a2727e050fb3aeddb95b9b42bcc32663456b86f11d4643edc8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611cb28a000000000026
+            Version: 3
+            TBS:
+                MD5: 983a0c315a50542362f2bd6a5d71c8d0
+                SHA1: 8047f476001f5cb16a661d2a3fd0c3576168f5e2
+                SHA256: 5f6a519ed2e35cd0fa1cdfc90f4387162c36287bbf9e4d6648251d99542a9e83
+                SHA384: 5f014b60511ddab3247ef0b3c03fe82c622237ba76015e2911d1adc50dc632d56ebd1ee532f3c2b6cbfe68d80a2c91dc
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 7b721d64ff88c83ac1b7e9e7a9c487bbdb9492d7905933fa2b87dea85b80253f138f9b831b7c43c4e68cdf393ec315ecb0da3b21257b24c1725db84791811346fa9c3f6a5138deb425cbf0abdfc528015479104624d1380f26a161904dbabd28e63ff1c4aa9bf6da35534fc9f23dd36cdc23edaaa04d6709f33a803d3cfb364c90e776a4ddf23abf56352fa24c65e8e0d4dad1c7c8916a2d234f373b199418d4d59c103cd5b11c19ff8fc86b9b9ef8ae9c999678d1cd9c51155b4226725a8d0a4a239240e886de22c2933ad49b68a6df297f06b93c0ebd9fc4869c82474271328609997209794b9d7169f541ff7f397764f1848dbe8b1eb27d68a3a590b10cff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0fa8490615d700a0be2176fdc5ec6dbd
+            Version: 3
+            TBS:
+                MD5: a9a31555bbc92b6033975c5428fb3679
+                SHA1: 47f4b9898631773231b32844ec0d49990ac4eb1e
+                SHA256: c826846e4b1d73edb7561ab1b41c949354e237a91e82fe1be5b7e2e1701f52d1
+                SHA384: 86f49574f368a561914a52d7ae043ec6784ef8c718960700f834e123594605d25d39f1ad45f1eb5052c9567f3edd0e16
+        -   Subject: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo
+                RSA Time Stamping CA
+            ValidFrom: '2019-05-02 00:00:00'
+            ValidTo: '2038-01-18 23:59:59'
+            Signature: 6d5481a5335d16e1b553819175df037a320b2d258411b2b0db2a7d2a05f5bc3b27f45aa0b9495990296c61cbb550dbe27df99f00ef40c3add3e2e456f95841cff142e5107dffb0741f8fc65c09f9335eeaa01c26585cf3b4110fd5d5c3e2bcd55878bf4876e144676d8fb043100f8de4f93862bf1301c585a34cc5ccb2533095a4d6f4965608b8cd5c7f0196be72526a3b42377c1678399393949bb1dcb26d416d67cdc96f903d7f4572c11b23d6c2558466e4b3c56606f6f3d64b5eada32b428a2192fea86f5a2570628173635ea0bbd8dcd74ad33daf830638121d24872de4fc02d63e7704bc0436b5e777cb9c2e8d2318b9a3c2471df05dd6a1735705689aa7c937651dbeeabcd842834305a58ba609ffd1a194a64eaa3d09f5056cb7d2645ad82a22c24b9df1395e4cde483d9b34969a095f8efdf7b15291ce3f89f61ca1b5a9751f71bf5b435d653d50816eabf0d0d3fcb2b31fb6999626f43c798b5c64cccdee279ae5a0c00c7287c16e4d5ad31eeaf044e6326f1ceb174e94c37865203b0f41aa1fe9a1419dfeb1b8a0652a34e0dea8f93ce6c130bbc0a0632cfc5c1600a8d0c47fea119d1e06c6a66d325db438092b4907aafdec30daf1a72fcfb7fdfad0a384d9279efb016677b95610e1206ec6aeb1f9b6bac8355d33768ef17c200c2a77aeb5a20286ba29eeb45a00b18cabe3f90ac9545dd4b96a749ebd48ae98
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.12
+            IsCertificateAuthority: true
+            SerialNumber: 300f6facdd6698747ca94636a7782db9
+            Version: 3
+            TBS:
+                MD5: 63499ed59a1293b786649470e4ce0bd7
+                SHA1: 7309d8eaa65da1f3da7030c08f00a3b0a20fa908
+                SHA256: 8c8d2046b29e792e71b28705fe67c435208a336dde074a75452d98e72c734937
+                SHA384: 5dbc5eae13908fee4c4e5216f87e3e87208fff0d1052f5fa9f0856a429d6a6c422c625f2318f2f29aea26ece09c1e811
+        -   Subject: 'C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo
+                RSA Time Stamping Signer #2'
+            ValidFrom: '2020-10-23 00:00:00'
+            ValidTo: '2032-01-22 23:59:59'
+            Signature: 4a0378904233ec7b1a830936339855bb9d4006306b456af1940e1950ff5b255e3be139c45bbae995903737bddffb64ece582b795cc5755704b4ef4a887dd2285a657bbb82127d4a02a31948a07219e8abda71af50215cb4450998cec3eba0377a6820290c22e93a9be21347563b9e02d0fcf0137cb8da2fab85a9aaea17a9e139319558f09902edfea881716eb69d6e125bd45089780d75420284fca7bb3b3a5d200b0603465c4e3c5c3a5e4ba85aa7a69db75a43e79689a368b43ae36d461723c0e85620da05e70db642f01c7c1a1c72494a3b23c6eb25ea2d0faa8d1b8251c16e6c0d57f681ac46529352a2d88bceaae74d682e7c088b8e14f78f05ccac0405cc29fd5321c2cda3cac36f706529aa3403017b0291699c9aab78849f7e80b2533b53f6daf9f5f0a56df12b1c3eece9177e82013e95c24c7ea440b4ae613841c4deb0db5b886a030a78ba19fb42cccc01623c991e542034b80cee44de62a013ec05e85a024a11740d5dbdbe79810a4f1ea191b8054fa4789e89881a975c00edfd0689479a1a09e8eb6b74266cbd9d96b2f4dd8de3e321e20e4ec9c4d428d9dc73399823744d4262926408e782fb9eefa2ff1f18ffe50b878dd1496de1c0e70b02a856ab16c68e92ae4102b6e21fdd37c9d37e42a06d6c3f1d768e34f0779810813feb2645ee9b13ce6d07823b2092ce22662bf3ba99751ccc7443281b2afcfdf
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.12
+            IsCertificateAuthority: false
+            SerialNumber: 008c77a0008ff4d1b0c63d9f3a48838d6b
+            Version: 3
+            TBS:
+                MD5: 6efd500ce038df7aa3087c1e63a5eb5c
+                SHA1: 1c961712a02fb995c585080eda53a753656ca3ad
+                SHA256: f60d4f8f7b56499de889264b1e64890694c5b106129d3db068976ed33495577a
+                SHA384: 031fdf7c078e205b4d3ffaff40de36f48f91f87c3b0005b482ff614b320f5e47785045cb87a3e6a75085c24ae8409498
+        Signer:
+        -   SerialNumber: 05a7559541e0fdc678d79e3272468907
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID Code Signing CA,1
+            Version: 1
+    Imphash: ebb99842fa08915eb8b7f67d8dc7a13a
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/ecabc507-2cc7-4011-89ab-7d9d659e6f88.yaml b/yaml/ecabc507-2cc7-4011-89ab-7d9d659e6f88.yaml
index 8d59a8f5a..38f82785a 100644
--- a/yaml/ecabc507-2cc7-4011-89ab-7d9d659e6f88.yaml
+++ b/yaml/ecabc507-2cc7-4011-89ab-7d9d659e6f88.yaml
@@ -1,278 +1,278 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: ecabc507-2cc7-4011-89ab-7d9d659e6f88
+Tags:
+- VBoxMouseNT.sys
+Verified: 'TRUE'
 Author: Michael Haag
+Created: '2023-07-22'
+MitreID: T1068
 CVE:
 - ''
 Category: vulnerable drivers
 Commands:
-  Command: ''
-  Description: Confirmed vulnerable driver from Microsoft Block List
-  OperatingSystem: Windows
-  Privileges: kernel
-  Usecase: Elevate privileges
-Created: '2023-07-22'
-Detection:
-- type: ''
-  value: ''
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: ecabc507-2cc7-4011-89ab-7d9d659e6f88
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: a25f4c5111ddfde40e42212d87e07c8f
-    SHA1: d164686b53fb72444d42e196ffdd30fad4aaf37e
-    SHA256: 07c0239c548fdabcb18ac3b54001edd0f8abffd8285e39662d7632a26456d58b
-  Company: innotek GmbH
-  Copyright: Copyright (C) 2004-2007 innotek GmbH
-  CreationTimestamp: '2008-02-19 09:08:53'
-  Date: ''
-  Description: VirtualBox i8042 Port Driver
-  ExportedFunctions:
-  - AssertMsg1
-  - AssertMsg2
-  - RTLogBackdoorPrintf
-  - RTLogBackdoorPrintfV
-  - RTLogFormatV
-  - RTLogWriteUser
-  - RTMemAlloc
-  - RTMemAllocZ
-  - RTMemContAlloc
-  - RTMemContFree
-  - RTMemExecAlloc
-  - RTMemExecFree
-  - RTMemFree
-  - RTMemRealloc
-  - RTMemTmpAlloc
-  - RTMemTmpAllocZ
-  - RTMemTmpFree
-  - RTSemEventCreate
-  - RTSemEventDestroy
-  - RTSemEventSignal
-  - RTSemEventWait
-  - RTSemFastMutexCreate
-  - RTSemFastMutexDestroy
-  - RTSemFastMutexRelease
-  - RTSemFastMutexRequest
-  - RTSemMutexCreate
-  - RTSemMutexDestroy
-  - RTSemMutexRelease
-  - RTSemMutexRequest
-  - RTStrFormat
-  - RTStrFormatNumber
-  - RTStrFormatV
-  FileVersion: 1.5.6.28241
-  Filename: ''
-  ImportedFunctions:
-  - memmove
-  - IoReleaseCancelSpinLock
-  - IoAcquireCancelSpinLock
-  - ExAllocatePool
-  - ExFreePool
-  - KeQueryTimeIncrement
-  - RtlCopyUnicodeString
-  - RtlQueryRegistryValues
-  - RtlAppendUnicodeToString
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - MmUnmapIoSpace
-  - IoDisconnectInterrupt
-  - RtlWriteRegistryValue
-  - IoConnectInterrupt
-  - KeInitializeTimer
-  - KeInitializeDpc
-  - IoCreateSymbolicLink
-  - MmMapIoSpace
-  - IoReportResourceUsage
-  - IoCreateDevice
-  - RtlAppendUnicodeStringToString
-  - RtlIntegerToUnicodeString
-  - KeTickCount
-  - IoStartPacket
-  - DbgBreakPointWithStatus
-  - KdDebuggerEnabled
-  - KdDebuggerNotPresent
-  - IoQueryDeviceDescription
-  - RtlFreeAnsiString
-  - strstr
-  - RtlUnicodeStringToAnsiString
-  - RtlUnwind
-  - KeSynchronizeExecution
-  - KeSetTimer
-  - IoAllocateErrorLogEntry
-  - IoWriteErrorLogEntry
-  - KeCancelTimer
-  - IoStartNextPacket
-  - IoFreeMdl
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - MmUnlockPages
-  - IoGetDeviceObjectPointer
-  - KeWaitForSingleObject
-  - IofCallDriver
-  - IoBuildDeviceIoControlRequest
-  - KeInitializeEvent
-  - ObfDereferenceObject
-  - KeSetEvent
-  - KeInitializeMutex
-  - KeReleaseMutex
-  - MmFreeContiguousMemory
-  - MmGetPhysicalAddress
-  - MmAllocateContiguousMemory
-  - KeInsertQueueDpc
-  - IofCompleteRequest
-  - ExReleaseFastMutex
-  - HalTranslateBusAddress
-  - HalGetInterruptVector
-  - WRITE_PORT_UCHAR
-  - READ_PORT_UCHAR
-  - KeStallExecutionProcessor
-  - ExAcquireFastMutex
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: i8042prt
-  MD5: 77fee376657e3178546185d135656268
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: VBoxMouseNT.sys
-  PDBPath: ''
-  Product: VirtualBox Guest Additions
-  ProductVersion: 1.5.6.28241
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: b29e9f07f83635e751136d5722b353c8
-    SHA1: b24330ae97bc722edc3a1cb9736bb95d7379f6cc
-    SHA256: 57dd96e5e671d9119ec8ac50140da14fa5078125d371c0dfbbba0acdfef3f78f
-  SHA1: 1f7bd4b4fd717cc7dcaee15c0a461bcd87d41169
-  SHA256: bbf564a02784d53b8006333406807c3539ee4a594585b1f3713325904cb730ec
-  Sections:
-    .text:
-      Entropy: 6.511042738461029
-      Virtual Size: '0x55c4'
-    .rdata:
-      Entropy: 5.112430369048444
-      Virtual Size: '0x1608'
-    .data:
-      Entropy: 1.9734116454177761
-      Virtual Size: '0x668'
-    .edata:
-      Entropy: 5.028967461980268
-      Virtual Size: '0x371'
-    INIT:
-      Entropy: 6.396099012840886
-      Virtual Size: '0x2c86'
-    .rsrc:
-      Entropy: 3.3181198499061986
-      Virtual Size: '0x398'
-    .reloc:
-      Entropy: 6.522788940317208
-      Virtual Size: '0x550'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=DE, O=innotek GmbH, CN=innotek GmbH, emailAddress=info@innotek.de
-      ValidFrom: '2007-12-27 14:37:17'
-      ValidTo: '2010-12-27 14:37:17'
-      Signature: 2a6d31919705290526ee3286d2825883af75a52ec1257276e9ab0eeff47a83adeab4bc2068eb7f76f84a356d466012e17b91d4f5c2913d28c73ee15018243e2ba7487f70d21f954eeeefb9854fc980d1ee61bf9a779e6e9a661938d7d9d6d101ddb49a9917264622f0ce4d63ac106b50769c38e9361a34f6cf5c5cae3ef50eb2a49d0f02c001af28d1f1fe250f2c99e5436b485a107eab17295180e5750eb31faee1ea0937a827bc140906a014b85409d8c48afbfcee20bf53f4e74661c1f555823c4bee18fde06e1e3e44fb8930e3ea84385e5006fd994fe8e69205a84ed7ed0f25c7b9f8fcb6f7d5b30188c27bf99050175afb1fc60f89ed2462ce999ca5dc
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 010000000001171c092665
-      Version: 3
-      TBS:
-        MD5: 5cfd8530475b20ed5a2bed70b37ee977
-        SHA1: 4761dbd41ba2b01f21b9306ca21e8add93a30f09
-        SHA256: 219041cc8d9e3248c69d9b116d440a0bbaa6aa500aa0c5de2d5af15908d83c7f
-        SHA384: 46dcdf272bf47e608519abe5183dae12858d1b3763b78d7f5212be2adc021325e7f7a2ff3e18cc9b5307f43a61b184c5
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
-        Primary Object Publishing CA
-      ValidFrom: '1999-01-28 12:00:00'
-      ValidTo: '2014-01-27 11:00:00'
-      Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9611cd6
-      Version: 3
-      TBS:
-        MD5: 698f075151097d84c0b1f3e7bc3d6fca
-        SHA1: 041750993d7c9e063f02dfe74699598640911aab
-        SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
-        SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      ValidFrom: '2004-01-22 09:00:00'
-      ValidTo: '2014-01-27 10:00:00'
-      Signature: 11d45d8af43d0d9d7e4fa70071610b56b34caa70e1b2d1dec7886d1d897c2ba946e58b1f8e4cc26695911fe34d394ae31b70b7446edc068a4d6d25e89812dcbca0dd864eae8f81130540905a542529944acaf165b4ef0679dae7cb86f004c918dcee72b320015748dfe333e12ccd9c077f9447278d888d340ca67c5c20c17d07b3736b648c26d29bd7e87965a6a891a174862a050282c1847cf279cd3c2a2b0f99291eea8c8a1ab16aeaa266380e65e1add8c6c91f888d3976ee1782c4138d97ce6341e77af5b4b66c15c33813b3930b620688dde1447f10a950248b60dc05f75ba514b27b56720b96eabffc057090659e051ca4dd07af4b57dec639673bc574
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9612448
-      Version: 3
-      TBS:
-        MD5: 2fc76031fc24eec1ef3db2d246d21d6a
-        SHA1: 75c3a1f76b9dfa31ef6bf56325e7bd0bf6e4779d
-        SHA256: 9238292d441c56dc89684c253343c17de3ed9cecd7f83d1d8f793b5ebc91f7b9
-        SHA384: 9279c1377eb701fdd79ef85038ff151cd8902169ba55fca84b9850f003563f73a1daaf869544252a2e42f06f58d2275f
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 010000000001171c092665
-      Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      Version: 1
-  Imphash: 218b721c746ae678c4a55323447495e8
-  LoadsDespiteHVCI: 'FALSE'
-MitreID: T1068
+    Command: ''
+    Description: Confirmed vulnerable driver from Microsoft Block List
+    OperatingSystem: Windows
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://gist.github.com/mgraeber-rc/1bde6a2a83237f17b463d051d32e802c
-Tags:
-- VBoxMouseNT.sys
-Verified: 'TRUE'
+Detection:
+-   type: ''
+    value: ''
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: a25f4c5111ddfde40e42212d87e07c8f
+        SHA1: d164686b53fb72444d42e196ffdd30fad4aaf37e
+        SHA256: 07c0239c548fdabcb18ac3b54001edd0f8abffd8285e39662d7632a26456d58b
+    Company: innotek GmbH
+    Copyright: Copyright (C) 2004-2007 innotek GmbH
+    CreationTimestamp: '2008-02-19 09:08:53'
+    Date: ''
+    Description: VirtualBox i8042 Port Driver
+    ExportedFunctions:
+    - AssertMsg1
+    - AssertMsg2
+    - RTLogBackdoorPrintf
+    - RTLogBackdoorPrintfV
+    - RTLogFormatV
+    - RTLogWriteUser
+    - RTMemAlloc
+    - RTMemAllocZ
+    - RTMemContAlloc
+    - RTMemContFree
+    - RTMemExecAlloc
+    - RTMemExecFree
+    - RTMemFree
+    - RTMemRealloc
+    - RTMemTmpAlloc
+    - RTMemTmpAllocZ
+    - RTMemTmpFree
+    - RTSemEventCreate
+    - RTSemEventDestroy
+    - RTSemEventSignal
+    - RTSemEventWait
+    - RTSemFastMutexCreate
+    - RTSemFastMutexDestroy
+    - RTSemFastMutexRelease
+    - RTSemFastMutexRequest
+    - RTSemMutexCreate
+    - RTSemMutexDestroy
+    - RTSemMutexRelease
+    - RTSemMutexRequest
+    - RTStrFormat
+    - RTStrFormatNumber
+    - RTStrFormatV
+    FileVersion: 1.5.6.28241
+    Filename: ''
+    ImportedFunctions:
+    - memmove
+    - IoReleaseCancelSpinLock
+    - IoAcquireCancelSpinLock
+    - ExAllocatePool
+    - ExFreePool
+    - KeQueryTimeIncrement
+    - RtlCopyUnicodeString
+    - RtlQueryRegistryValues
+    - RtlAppendUnicodeToString
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - MmUnmapIoSpace
+    - IoDisconnectInterrupt
+    - RtlWriteRegistryValue
+    - IoConnectInterrupt
+    - KeInitializeTimer
+    - KeInitializeDpc
+    - IoCreateSymbolicLink
+    - MmMapIoSpace
+    - IoReportResourceUsage
+    - IoCreateDevice
+    - RtlAppendUnicodeStringToString
+    - RtlIntegerToUnicodeString
+    - KeTickCount
+    - IoStartPacket
+    - DbgBreakPointWithStatus
+    - KdDebuggerEnabled
+    - KdDebuggerNotPresent
+    - IoQueryDeviceDescription
+    - RtlFreeAnsiString
+    - strstr
+    - RtlUnicodeStringToAnsiString
+    - RtlUnwind
+    - KeSynchronizeExecution
+    - KeSetTimer
+    - IoAllocateErrorLogEntry
+    - IoWriteErrorLogEntry
+    - KeCancelTimer
+    - IoStartNextPacket
+    - IoFreeMdl
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - MmUnlockPages
+    - IoGetDeviceObjectPointer
+    - KeWaitForSingleObject
+    - IofCallDriver
+    - IoBuildDeviceIoControlRequest
+    - KeInitializeEvent
+    - ObfDereferenceObject
+    - KeSetEvent
+    - KeInitializeMutex
+    - KeReleaseMutex
+    - MmFreeContiguousMemory
+    - MmGetPhysicalAddress
+    - MmAllocateContiguousMemory
+    - KeInsertQueueDpc
+    - IofCompleteRequest
+    - ExReleaseFastMutex
+    - HalTranslateBusAddress
+    - HalGetInterruptVector
+    - WRITE_PORT_UCHAR
+    - READ_PORT_UCHAR
+    - KeStallExecutionProcessor
+    - ExAcquireFastMutex
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: i8042prt
+    MD5: 77fee376657e3178546185d135656268
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: VBoxMouseNT.sys
+    PDBPath: ''
+    Product: VirtualBox Guest Additions
+    ProductVersion: 1.5.6.28241
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: b29e9f07f83635e751136d5722b353c8
+        SHA1: b24330ae97bc722edc3a1cb9736bb95d7379f6cc
+        SHA256: 57dd96e5e671d9119ec8ac50140da14fa5078125d371c0dfbbba0acdfef3f78f
+    SHA1: 1f7bd4b4fd717cc7dcaee15c0a461bcd87d41169
+    SHA256: bbf564a02784d53b8006333406807c3539ee4a594585b1f3713325904cb730ec
+    Sections:
+        .text:
+            Entropy: 6.511042738461029
+            Virtual Size: '0x55c4'
+        .rdata:
+            Entropy: 5.112430369048444
+            Virtual Size: '0x1608'
+        .data:
+            Entropy: 1.9734116454177761
+            Virtual Size: '0x668'
+        .edata:
+            Entropy: 5.028967461980268
+            Virtual Size: '0x371'
+        INIT:
+            Entropy: 6.396099012840886
+            Virtual Size: '0x2c86'
+        .rsrc:
+            Entropy: 3.3181198499061986
+            Virtual Size: '0x398'
+        .reloc:
+            Entropy: 6.522788940317208
+            Virtual Size: '0x550'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=DE, O=innotek GmbH, CN=innotek GmbH, emailAddress=info@innotek.de
+            ValidFrom: '2007-12-27 14:37:17'
+            ValidTo: '2010-12-27 14:37:17'
+            Signature: 2a6d31919705290526ee3286d2825883af75a52ec1257276e9ab0eeff47a83adeab4bc2068eb7f76f84a356d466012e17b91d4f5c2913d28c73ee15018243e2ba7487f70d21f954eeeefb9854fc980d1ee61bf9a779e6e9a661938d7d9d6d101ddb49a9917264622f0ce4d63ac106b50769c38e9361a34f6cf5c5cae3ef50eb2a49d0f02c001af28d1f1fe250f2c99e5436b485a107eab17295180e5750eb31faee1ea0937a827bc140906a014b85409d8c48afbfcee20bf53f4e74661c1f555823c4bee18fde06e1e3e44fb8930e3ea84385e5006fd994fe8e69205a84ed7ed0f25c7b9f8fcb6f7d5b30188c27bf99050175afb1fc60f89ed2462ce999ca5dc
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 010000000001171c092665
+            Version: 3
+            TBS:
+                MD5: 5cfd8530475b20ed5a2bed70b37ee977
+                SHA1: 4761dbd41ba2b01f21b9306ca21e8add93a30f09
+                SHA256: 219041cc8d9e3248c69d9b116d440a0bbaa6aa500aa0c5de2d5af15908d83c7f
+                SHA384: 46dcdf272bf47e608519abe5183dae12858d1b3763b78d7f5212be2adc021325e7f7a2ff3e18cc9b5307f43a61b184c5
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
+                Primary Object Publishing CA
+            ValidFrom: '1999-01-28 12:00:00'
+            ValidTo: '2014-01-27 11:00:00'
+            Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9611cd6
+            Version: 3
+            TBS:
+                MD5: 698f075151097d84c0b1f3e7bc3d6fca
+                SHA1: 041750993d7c9e063f02dfe74699598640911aab
+                SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
+                SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            ValidFrom: '2004-01-22 09:00:00'
+            ValidTo: '2014-01-27 10:00:00'
+            Signature: 11d45d8af43d0d9d7e4fa70071610b56b34caa70e1b2d1dec7886d1d897c2ba946e58b1f8e4cc26695911fe34d394ae31b70b7446edc068a4d6d25e89812dcbca0dd864eae8f81130540905a542529944acaf165b4ef0679dae7cb86f004c918dcee72b320015748dfe333e12ccd9c077f9447278d888d340ca67c5c20c17d07b3736b648c26d29bd7e87965a6a891a174862a050282c1847cf279cd3c2a2b0f99291eea8c8a1ab16aeaa266380e65e1add8c6c91f888d3976ee1782c4138d97ce6341e77af5b4b66c15c33813b3930b620688dde1447f10a950248b60dc05f75ba514b27b56720b96eabffc057090659e051ca4dd07af4b57dec639673bc574
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9612448
+            Version: 3
+            TBS:
+                MD5: 2fc76031fc24eec1ef3db2d246d21d6a
+                SHA1: 75c3a1f76b9dfa31ef6bf56325e7bd0bf6e4779d
+                SHA256: 9238292d441c56dc89684c253343c17de3ed9cecd7f83d1d8f793b5ebc91f7b9
+                SHA384: 9279c1377eb701fdd79ef85038ff151cd8902169ba55fca84b9850f003563f73a1daaf869544252a2e42f06f58d2275f
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 010000000001171c092665
+            Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            Version: 1
+    Imphash: 218b721c746ae678c4a55323447495e8
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/edd29861-6984-4dbe-8e7c-22e9b6cf68d0.yaml b/yaml/edd29861-6984-4dbe-8e7c-22e9b6cf68d0.yaml
index 93be6aaeb..80ac6346c 100644
--- a/yaml/edd29861-6984-4dbe-8e7c-22e9b6cf68d0.yaml
+++ b/yaml/edd29861-6984-4dbe-8e7c-22e9b6cf68d0.yaml
@@ -1,465 +1,469 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: edd29861-6984-4dbe-8e7c-22e9b6cf68d0
+Tags:
+- kprocesshacker.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create krpocesshacker.sys binPath=C:\windows\temp\krpocesshacker.sys     type=kernel
-    && sc.exe start krpocesshacker.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/c725919e6357126d512c638f993cf572112f323da359645e4088f789eb4c7b8c.yara
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: edd29861-6984-4dbe-8e7c-22e9b6cf68d0
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: a9ccdbae433c4377abce8f514e4fe43e
-    SHA1: 61b55bb7c111f93bd3ea9ac71591e1a6b89feee1
-    SHA256: c7b1bb39dcd7f0331989f16fcc7cd29a9ae126bee47746a4be385160da3c5a29
-  Company: wj32
-  Copyright: Licensed under the GNU GPL, v3.
-  CreationTimestamp: '2015-05-30 02:42:12'
-  Date: ''
-  Description: KProcessHacker
-  ExportedFunctions: ''
-  FileVersion: '2.8'
-  Filename: krpocesshacker.sys
-  ImportedFunctions:
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - ProbeForWrite
-  - ZwQuerySystemInformation
-  - ZwQueryValueKey
-  - ZwClose
-  - IofCompleteRequest
-  - PsGetCurrentProcessId
-  - IoCreateDevice
-  - SePrivilegeCheck
-  - ZwOpenKey
-  - ProbeForRead
-  - RtlGetVersion
-  - RtlCompareMemory
-  - MmGetSystemRoutineAddress
-  - PsProcessType
-  - ObOpenObjectByName
-  - ZwQueryObject
-  - RtlEqualUnicodeString
-  - KeUnstackDetachProcess
-  - ExEnumHandleTable
-  - ObQueryNameString
-  - IoFileObjectType
-  - IoDriverObjectType
-  - IoGetCurrentProcess
-  - ObReferenceObjectByHandle
-  - ObCloseHandle
-  - PsInitialSystemProcess
-  - ObSetHandleAttributes
-  - ZwQueryInformationProcess
-  - ObfDereferenceObject
-  - ExAllocatePoolWithQuotaTag
-  - ZwQueryInformationThread
-  - ObOpenObjectByPointer
-  - KeStackAttachProcess
-  - ExAcquireRundownProtection
-  - PsLookupProcessByProcessId
-  - PsJobType
-  - PsReferencePrimaryToken
-  - SeTokenObjectType
-  - ExReleaseRundownProtection
-  - ZwSetInformationProcess
-  - PsGetProcessJob
-  - PsLookupProcessThreadByCid
-  - ZwTerminateProcess
-  - PsDereferencePrimaryToken
-  - IoThreadToProcess
-  - RtlWalkFrameChain
-  - KeInitializeApc
-  - KeSetEvent
-  - KeInsertQueueApc
-  - KeInitializeEvent
-  - PsSetContextThread
-  - PsGetThreadWin32Thread
-  - ZwSetInformationThread
-  - KeWaitForSingleObject
-  - PsThreadType
-  - PsAssignImpersonationToken
-  - PsGetContextThread
-  - PsLookupThreadByThreadId
-  - MmUnmapLockedPages
-  - ExRaiseStatus
-  - MmHighestUserAddress
-  - MmMapLockedPagesSpecifyCache
-  - MmProbeAndLockPages
-  - MmUnlockPages
-  - MmIsAddressValid
-  - KeBugCheckEx
-  - __C_specific_handler
-  Imports:
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: bbbc9a6cc488cfb0f6c6934b193891eb
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: kprocesshacker.sys
-  Product: KProcessHacker
-  ProductVersion: '2.8'
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 22fd8ea8bcf37fb7eeed6eb279a87419
-    SHA1: 2a8a26a532f530afcd98cc0daa634946b0c4b04d
-    SHA256: 509aa32d5245481006346163b0cc645cf9696332bb16b9c3e9ca9209aeb43d35
-  SHA1: d8498707f295082f6a95fd9d32c9782951f5a082
-  SHA256: c725919e6357126d512c638f993cf572112f323da359645e4088f789eb4c7b8c
-  Sections:
-    .text:
-      Entropy: 6.0840579686351735
-      Virtual Size: '0x1470'
-    .rdata:
-      Entropy: 4.499779343345311
-      Virtual Size: '0xad4'
-    .data:
-      Entropy: 0.6432882401390995
-      Virtual Size: '0x340'
-    .pdata:
-      Entropy: 4.300343584983189
-      Virtual Size: '0x27c'
-    PAGE:
-      Entropy: 6.138553864199604
-      Virtual Size: '0x3cb2'
-    INIT:
-      Entropy: 5.199875231714174
-      Virtual Size: '0x91a'
-    .rsrc:
-      Entropy: 3.218599087365255
-      Virtual Size: '0x2f8'
-  Signature:
-  - Wen Jia Liu
-  - DigiCert High Assurance Code Signing CA-1
-  - DigiCert
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=AU, ST=New South Wales, L=Sydney, O=Wen Jia Liu, CN=Wen Jia Liu
-      ValidFrom: '2013-10-30 00:00:00'
-      ValidTo: '2015-11-04 12:00:00'
-      Signature: bbc031b3dd6b1c6ebec77b8dc1ecfa938149c64e0c959e5857db5c28ef549ddf0be920ccb7ec515aaeb180a28d64a1f4065d38cb997db59295f123851392903c673ed6d1db930ec1618add9989f0f1fc8d06ec5a945242cd7432d6838e33b4c3e4784e754b64dce078686ab2e6626848ff7dcd6fb7efebffdfdad1eefc1e98f9c338ff2565f05039176b24148a841614635157da5f61a17bbd6d479815714e8d3067f0320d5e8bfaa6e35731804925df9b85ba32c0d9f4ccd484d6d1b279bad0ef22b0da375826ea2e119d5c848d9a9275b93abb084c02af9f1b46c5357652f113f556fdb9d1900223341503f4e89b98bae134f7cc9d6409fcf72d2c746c714a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03e9017d54cd93f094d0a2ab7fc0e3f5
-      Version: 3
-      TBS:
-        MD5: edebe2eab71887f7571e5c501cf8b745
-        SHA1: 9b039c3cc8d41568351b37628c8dd682b36872e4
-        SHA256: d6bc8ae81688ac5660ff3b1a337a63edb4c86b6eac8af9dc77f361c820bc7a82
-        SHA384: a7728722407d4cab35d1e851b050c4c9614f5a66b47352b270c76bfea92b8002c7859c02b5fa1ef0773eb3a73f0a37dc
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
-      Version: 3
-      TBS:
-        MD5: 829995f702421dea833a24fb2c7f4442
-        SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
-        SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
-        SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 03e9017d54cd93f094d0a2ab7fc0e3f5
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      Version: 1
-  Imphash: 821d74031d3f625bcbd0df08b70f1e77
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: dd81d5b2343e1976d1708e7eb0649f8f
-    SHA1: c2b8c1b34f09a91efe196f646ef7f9a11190fb8e
-    SHA256: 4ee2a56c1592ff0e951b452c0de064eba05b7c98e3add04c8aa3b4a84eb797a5
-  Company: wj32
-  Copyright: Licensed under the GNU GPL, v3.
-  CreationTimestamp: '2016-03-28 12:20:42'
-  Date: ''
-  Description: KProcessHacker
-  ExportedFunctions: ''
-  FileVersion: '3.0'
-  Filename: kprocesshacker.sys
-  ImportedFunctions:
-  - SePrivilegeCheck
-  - ZwOpenKey
-  - ProbeForRead
-  - RtlGetVersion
-  - PsProcessType
-  - ObOpenObjectByName
-  - ObGetObjectType
-  - PsReleaseProcessExitSynchronization
-  - ZwQueryObject
-  - RtlEqualUnicodeString
-  - KeUnstackDetachProcess
-  - ExEnumHandleTable
-  - ObQueryNameString
-  - IoFileObjectType
-  - IoDriverObjectType
-  - ExfUnblockPushLock
-  - ObReferenceObjectByHandle
-  - PsAcquireProcessExitSynchronization
-  - PsInitialSystemProcess
-  - ObSetHandleAttributes
-  - ZwQueryInformationProcess
-  - ObfDereferenceObject
-  - ExAllocatePoolWithQuotaTag
-  - ZwQueryInformationThread
-  - ObOpenObjectByPointer
-  - KeStackAttachProcess
-  - PsLookupProcessByProcessId
-  - PsJobType
-  - PsReferencePrimaryToken
-  - SeTokenObjectType
-  - IoCreateDevice
-  - PsGetProcessJob
-  - PsLookupProcessThreadByCid
-  - ZwTerminateProcess
-  - PsDereferencePrimaryToken
-  - IoThreadToProcess
-  - RtlWalkFrameChain
-  - KeInitializeApc
-  - KeSetEvent
-  - KeInsertQueueApc
-  - KeWaitForSingleObject
-  - PsThreadType
-  - PsLookupThreadByThreadId
-  - ZwQuerySystemInformation
-  - ZwQueryVirtualMemory
-  - ExReleaseFastMutex
-  - ExAcquireFastMutex
-  - ZwReadFile
-  - MmHighestUserAddress
-  - SeLocateProcessImageName
-  - KeDelayExecutionThread
-  - ZwCreateFile
-  - RtlRandomEx
-  - ZwQueryInformationFile
-  - MmUnmapLockedPages
-  - ExRaiseStatus
-  - MmMapLockedPagesSpecifyCache
-  - MmProbeAndLockPages
-  - MmUnlockPages
-  - MmIsAddressValid
-  - KeBugCheckEx
-  - PsGetCurrentProcessId
-  - IofCompleteRequest
-  - ZwClose
-  - ZwQueryValueKey
-  - KeInitializeEvent
-  - ProbeForWrite
-  - IoDeleteDevice
-  - RtlInitUnicodeString
-  - ExFreePoolWithTag
-  - IoGetCurrentProcess
-  - ExAllocatePoolWithTag
-  - __C_specific_handler
-  - BCryptCreateHash
-  - BCryptDestroyKey
-  - BCryptImportKeyPair
-  - BCryptCloseAlgorithmProvider
-  - BCryptVerifySignature
-  - BCryptFinishHash
-  - BCryptHashData
-  - BCryptDestroyHash
-  - BCryptOpenAlgorithmProvider
-  - BCryptGetProperty
-  Imports:
-  - ntoskrnl.exe
-  - ksecdd.sys
-  InternalName: ''
-  MD5: 1b5c3c458e31bede55145d0644e88d75
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: kprocesshacker.sys
-  Product: KProcessHacker
-  ProductVersion: '3.0'
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 95cae32d57756079c2a857fba0a9d5a1
-    SHA1: ed3d6169ffa0e3b9b7cd864f3778a041c591f3c7
-    SHA256: a583b777b45f3612b94a90db572e26d37c05c2616131926002e495753f05ea72
-  SHA1: a21c84c6bf2e21d69fa06daaf19b4cc34b589347
-  SHA256: 70211a3f90376bbc61f49c22a63075d1d4ddd53f0aefa976216c46e6ba39a9f4
-  Sections:
-    .text:
-      Entropy: 6.0853988855023635
-      Virtual Size: '0xfa0'
-    .rdata:
-      Entropy: 4.392981457459457
-      Virtual Size: '0x9d4'
-    .data:
-      Entropy: 1.9410176598553965
-      Virtual Size: '0x2d8'
-    .pdata:
-      Entropy: 4.257019431837176
-      Virtual Size: '0x234'
-    PAGE:
-      Entropy: 6.147362256586533
-      Virtual Size: '0x364e'
-    INIT:
-      Entropy: 5.20255690837536
-      Virtual Size: '0xaa0'
-    .rsrc:
-      Entropy: 3.1869399520998494
-      Virtual Size: '0x2f8'
-  Signature:
-  - Wen Jia Liu
-  - DigiCert High Assurance Code Signing CA-1
-  - DigiCert
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=AU, ST=New South Wales, L=Sydney, O=Wen Jia Liu, CN=Wen Jia Liu
-      ValidFrom: '2013-10-30 00:00:00'
-      ValidTo: '2017-01-04 12:00:00'
-      Signature: 88f1598a6a8a6c4904646770021476573d57c2f9cb88786e823a6312f7c90b578b1316b069d7670f8c5a59386aa72defedeb4187b9e58199c3c2c805b056622022c294ac38e14d5e66a7a77a4524b893fac245341155abf301ae41c91918705d4c9c291e671cea6b9c77dbede85379866ea935ddda4f28e2954a30251d1e0696bd21c948de0d4201487fb7b35faa308b78cfc81a7d51979a5c0d1fe41fc55cddffd0039e6cf49b497cbe7dc15d492da007906accf14a601e1814334045b45198650b317d09653182dd78daccef4964c457cf6d15a7b79fbf0b732ae0ac45cfba627afb622dfe9dc18064c21411f0464ede145be82db7c5124488044547eb2022
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ff1ef66bd621c65b74b4de41425717f
-      Version: 3
-      TBS:
-        MD5: 757eb14413aba2d993b15943483df3b8
-        SHA1: 69f7d9ce7728f0a25643d4da3774704c699718b5
-        SHA256: f57d1b370f6a90ced8f5776d31549223448aad3486f777b0ccfa812ea3ed55fe
-        SHA384: 6da02d968aa1ea786396c9faa116633063d216347fcea5c226cf88d734574f8c8a578467919af7c1fc0c4680645bd3d9
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        EV Root CA
-      ValidFrom: '2011-04-15 19:45:33'
-      ValidTo: '2021-04-15 19:55:33'
-      Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 61204db4000000000027
-      Version: 3
-      TBS:
-        MD5: 8e3ffc222fbcebdbb8b23115ab259be7
-        SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
-        SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
-        SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
-    - Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
-      ValidFrom: '2014-10-22 00:00:00'
-      ValidTo: '2024-10-22 00:00:00'
-      Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 03019a023aff58b16bd6d5eae617f066
-      Version: 3
-      TBS:
-        MD5: a752afee44f017e8d74e3f3eb7914ae3
-        SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
-        SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
-        SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
-      Version: 3
-      TBS:
-        MD5: 829995f702421dea833a24fb2c7f4442
-        SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
-        SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
-        SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
-      ValidFrom: '2006-11-10 00:00:00'
-      ValidTo: '2021-11-10 00:00:00'
-      Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
-      Version: 3
-      TBS:
-        MD5: 4e5ad189638cf52ba9cd881d4d44668c
-        SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
-        SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
-        SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
-    Signer:
-    - SerialNumber: 0ff1ef66bd621c65b74b4de41425717f
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
-        Code Signing CA,1
-      Version: 1
-  Imphash: f86759bb4de4320918615dc06e998a39
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create krpocesshacker.sys binPath=C:\windows\temp\krpocesshacker.sys     type=kernel
+        && sc.exe start krpocesshacker.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://www.unknowncheats.me/forum/anti-cheat-bypass/334557-vulnerable-driver-megathread.html
 - https://www.unknowncheats.me/forum/anti-cheat-bypass/312791-bypaph-process-hackers-bypass-read-write-process-virtual-memory-kernel-mem.html#post2315763
 - https://github.com/elastic/protections-artifacts/search?q=VulnDriver
-Tags:
-- kprocesshacker.sys
-Verified: 'TRUE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/c725919e6357126d512c638f993cf572112f323da359645e4088f789eb4c7b8c.yara
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: a9ccdbae433c4377abce8f514e4fe43e
+        SHA1: 61b55bb7c111f93bd3ea9ac71591e1a6b89feee1
+        SHA256: c7b1bb39dcd7f0331989f16fcc7cd29a9ae126bee47746a4be385160da3c5a29
+    Company: wj32
+    Copyright: Licensed under the GNU GPL, v3.
+    CreationTimestamp: '2015-05-30 02:42:12'
+    Date: ''
+    Description: KProcessHacker
+    ExportedFunctions: ''
+    FileVersion: '2.8'
+    Filename: krpocesshacker.sys
+    ImportedFunctions:
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - ProbeForWrite
+    - ZwQuerySystemInformation
+    - ZwQueryValueKey
+    - ZwClose
+    - IofCompleteRequest
+    - PsGetCurrentProcessId
+    - IoCreateDevice
+    - SePrivilegeCheck
+    - ZwOpenKey
+    - ProbeForRead
+    - RtlGetVersion
+    - RtlCompareMemory
+    - MmGetSystemRoutineAddress
+    - PsProcessType
+    - ObOpenObjectByName
+    - ZwQueryObject
+    - RtlEqualUnicodeString
+    - KeUnstackDetachProcess
+    - ExEnumHandleTable
+    - ObQueryNameString
+    - IoFileObjectType
+    - IoDriverObjectType
+    - IoGetCurrentProcess
+    - ObReferenceObjectByHandle
+    - ObCloseHandle
+    - PsInitialSystemProcess
+    - ObSetHandleAttributes
+    - ZwQueryInformationProcess
+    - ObfDereferenceObject
+    - ExAllocatePoolWithQuotaTag
+    - ZwQueryInformationThread
+    - ObOpenObjectByPointer
+    - KeStackAttachProcess
+    - ExAcquireRundownProtection
+    - PsLookupProcessByProcessId
+    - PsJobType
+    - PsReferencePrimaryToken
+    - SeTokenObjectType
+    - ExReleaseRundownProtection
+    - ZwSetInformationProcess
+    - PsGetProcessJob
+    - PsLookupProcessThreadByCid
+    - ZwTerminateProcess
+    - PsDereferencePrimaryToken
+    - IoThreadToProcess
+    - RtlWalkFrameChain
+    - KeInitializeApc
+    - KeSetEvent
+    - KeInsertQueueApc
+    - KeInitializeEvent
+    - PsSetContextThread
+    - PsGetThreadWin32Thread
+    - ZwSetInformationThread
+    - KeWaitForSingleObject
+    - PsThreadType
+    - PsAssignImpersonationToken
+    - PsGetContextThread
+    - PsLookupThreadByThreadId
+    - MmUnmapLockedPages
+    - ExRaiseStatus
+    - MmHighestUserAddress
+    - MmMapLockedPagesSpecifyCache
+    - MmProbeAndLockPages
+    - MmUnlockPages
+    - MmIsAddressValid
+    - KeBugCheckEx
+    - __C_specific_handler
+    Imports:
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: bbbc9a6cc488cfb0f6c6934b193891eb
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: kprocesshacker.sys
+    Product: KProcessHacker
+    ProductVersion: '2.8'
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 22fd8ea8bcf37fb7eeed6eb279a87419
+        SHA1: 2a8a26a532f530afcd98cc0daa634946b0c4b04d
+        SHA256: 509aa32d5245481006346163b0cc645cf9696332bb16b9c3e9ca9209aeb43d35
+    SHA1: d8498707f295082f6a95fd9d32c9782951f5a082
+    SHA256: c725919e6357126d512c638f993cf572112f323da359645e4088f789eb4c7b8c
+    Sections:
+        .text:
+            Entropy: 6.0840579686351735
+            Virtual Size: '0x1470'
+        .rdata:
+            Entropy: 4.499779343345311
+            Virtual Size: '0xad4'
+        .data:
+            Entropy: 0.6432882401390995
+            Virtual Size: '0x340'
+        .pdata:
+            Entropy: 4.300343584983189
+            Virtual Size: '0x27c'
+        PAGE:
+            Entropy: 6.138553864199604
+            Virtual Size: '0x3cb2'
+        INIT:
+            Entropy: 5.199875231714174
+            Virtual Size: '0x91a'
+        .rsrc:
+            Entropy: 3.218599087365255
+            Virtual Size: '0x2f8'
+    Signature:
+    - Wen Jia Liu
+    - DigiCert High Assurance Code Signing CA-1
+    - DigiCert
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=AU, ST=New South Wales, L=Sydney, O=Wen Jia Liu, CN=Wen Jia
+                Liu
+            ValidFrom: '2013-10-30 00:00:00'
+            ValidTo: '2015-11-04 12:00:00'
+            Signature: bbc031b3dd6b1c6ebec77b8dc1ecfa938149c64e0c959e5857db5c28ef549ddf0be920ccb7ec515aaeb180a28d64a1f4065d38cb997db59295f123851392903c673ed6d1db930ec1618add9989f0f1fc8d06ec5a945242cd7432d6838e33b4c3e4784e754b64dce078686ab2e6626848ff7dcd6fb7efebffdfdad1eefc1e98f9c338ff2565f05039176b24148a841614635157da5f61a17bbd6d479815714e8d3067f0320d5e8bfaa6e35731804925df9b85ba32c0d9f4ccd484d6d1b279bad0ef22b0da375826ea2e119d5c848d9a9275b93abb084c02af9f1b46c5357652f113f556fdb9d1900223341503f4e89b98bae134f7cc9d6409fcf72d2c746c714a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03e9017d54cd93f094d0a2ab7fc0e3f5
+            Version: 3
+            TBS:
+                MD5: edebe2eab71887f7571e5c501cf8b745
+                SHA1: 9b039c3cc8d41568351b37628c8dd682b36872e4
+                SHA256: d6bc8ae81688ac5660ff3b1a337a63edb4c86b6eac8af9dc77f361c820bc7a82
+                SHA384: a7728722407d4cab35d1e851b050c4c9614f5a66b47352b270c76bfea92b8002c7859c02b5fa1ef0773eb3a73f0a37dc
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
+            Version: 3
+            TBS:
+                MD5: 829995f702421dea833a24fb2c7f4442
+                SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
+                SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
+                SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 03e9017d54cd93f094d0a2ab7fc0e3f5
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            Version: 1
+    Imphash: 821d74031d3f625bcbd0df08b70f1e77
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: dd81d5b2343e1976d1708e7eb0649f8f
+        SHA1: c2b8c1b34f09a91efe196f646ef7f9a11190fb8e
+        SHA256: 4ee2a56c1592ff0e951b452c0de064eba05b7c98e3add04c8aa3b4a84eb797a5
+    Company: wj32
+    Copyright: Licensed under the GNU GPL, v3.
+    CreationTimestamp: '2016-03-28 12:20:42'
+    Date: ''
+    Description: KProcessHacker
+    ExportedFunctions: ''
+    FileVersion: '3.0'
+    Filename: kprocesshacker.sys
+    ImportedFunctions:
+    - SePrivilegeCheck
+    - ZwOpenKey
+    - ProbeForRead
+    - RtlGetVersion
+    - PsProcessType
+    - ObOpenObjectByName
+    - ObGetObjectType
+    - PsReleaseProcessExitSynchronization
+    - ZwQueryObject
+    - RtlEqualUnicodeString
+    - KeUnstackDetachProcess
+    - ExEnumHandleTable
+    - ObQueryNameString
+    - IoFileObjectType
+    - IoDriverObjectType
+    - ExfUnblockPushLock
+    - ObReferenceObjectByHandle
+    - PsAcquireProcessExitSynchronization
+    - PsInitialSystemProcess
+    - ObSetHandleAttributes
+    - ZwQueryInformationProcess
+    - ObfDereferenceObject
+    - ExAllocatePoolWithQuotaTag
+    - ZwQueryInformationThread
+    - ObOpenObjectByPointer
+    - KeStackAttachProcess
+    - PsLookupProcessByProcessId
+    - PsJobType
+    - PsReferencePrimaryToken
+    - SeTokenObjectType
+    - IoCreateDevice
+    - PsGetProcessJob
+    - PsLookupProcessThreadByCid
+    - ZwTerminateProcess
+    - PsDereferencePrimaryToken
+    - IoThreadToProcess
+    - RtlWalkFrameChain
+    - KeInitializeApc
+    - KeSetEvent
+    - KeInsertQueueApc
+    - KeWaitForSingleObject
+    - PsThreadType
+    - PsLookupThreadByThreadId
+    - ZwQuerySystemInformation
+    - ZwQueryVirtualMemory
+    - ExReleaseFastMutex
+    - ExAcquireFastMutex
+    - ZwReadFile
+    - MmHighestUserAddress
+    - SeLocateProcessImageName
+    - KeDelayExecutionThread
+    - ZwCreateFile
+    - RtlRandomEx
+    - ZwQueryInformationFile
+    - MmUnmapLockedPages
+    - ExRaiseStatus
+    - MmMapLockedPagesSpecifyCache
+    - MmProbeAndLockPages
+    - MmUnlockPages
+    - MmIsAddressValid
+    - KeBugCheckEx
+    - PsGetCurrentProcessId
+    - IofCompleteRequest
+    - ZwClose
+    - ZwQueryValueKey
+    - KeInitializeEvent
+    - ProbeForWrite
+    - IoDeleteDevice
+    - RtlInitUnicodeString
+    - ExFreePoolWithTag
+    - IoGetCurrentProcess
+    - ExAllocatePoolWithTag
+    - __C_specific_handler
+    - BCryptCreateHash
+    - BCryptDestroyKey
+    - BCryptImportKeyPair
+    - BCryptCloseAlgorithmProvider
+    - BCryptVerifySignature
+    - BCryptFinishHash
+    - BCryptHashData
+    - BCryptDestroyHash
+    - BCryptOpenAlgorithmProvider
+    - BCryptGetProperty
+    Imports:
+    - ntoskrnl.exe
+    - ksecdd.sys
+    InternalName: ''
+    MD5: 1b5c3c458e31bede55145d0644e88d75
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: kprocesshacker.sys
+    Product: KProcessHacker
+    ProductVersion: '3.0'
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 95cae32d57756079c2a857fba0a9d5a1
+        SHA1: ed3d6169ffa0e3b9b7cd864f3778a041c591f3c7
+        SHA256: a583b777b45f3612b94a90db572e26d37c05c2616131926002e495753f05ea72
+    SHA1: a21c84c6bf2e21d69fa06daaf19b4cc34b589347
+    SHA256: 70211a3f90376bbc61f49c22a63075d1d4ddd53f0aefa976216c46e6ba39a9f4
+    Sections:
+        .text:
+            Entropy: 6.0853988855023635
+            Virtual Size: '0xfa0'
+        .rdata:
+            Entropy: 4.392981457459457
+            Virtual Size: '0x9d4'
+        .data:
+            Entropy: 1.9410176598553965
+            Virtual Size: '0x2d8'
+        .pdata:
+            Entropy: 4.257019431837176
+            Virtual Size: '0x234'
+        PAGE:
+            Entropy: 6.147362256586533
+            Virtual Size: '0x364e'
+        INIT:
+            Entropy: 5.20255690837536
+            Virtual Size: '0xaa0'
+        .rsrc:
+            Entropy: 3.1869399520998494
+            Virtual Size: '0x2f8'
+    Signature:
+    - Wen Jia Liu
+    - DigiCert High Assurance Code Signing CA-1
+    - DigiCert
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=AU, ST=New South Wales, L=Sydney, O=Wen Jia Liu, CN=Wen Jia
+                Liu
+            ValidFrom: '2013-10-30 00:00:00'
+            ValidTo: '2017-01-04 12:00:00'
+            Signature: 88f1598a6a8a6c4904646770021476573d57c2f9cb88786e823a6312f7c90b578b1316b069d7670f8c5a59386aa72defedeb4187b9e58199c3c2c805b056622022c294ac38e14d5e66a7a77a4524b893fac245341155abf301ae41c91918705d4c9c291e671cea6b9c77dbede85379866ea935ddda4f28e2954a30251d1e0696bd21c948de0d4201487fb7b35faa308b78cfc81a7d51979a5c0d1fe41fc55cddffd0039e6cf49b497cbe7dc15d492da007906accf14a601e1814334045b45198650b317d09653182dd78daccef4964c457cf6d15a7b79fbf0b732ae0ac45cfba627afb622dfe9dc18064c21411f0464ede145be82db7c5124488044547eb2022
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ff1ef66bd621c65b74b4de41425717f
+            Version: 3
+            TBS:
+                MD5: 757eb14413aba2d993b15943483df3b8
+                SHA1: 69f7d9ce7728f0a25643d4da3774704c699718b5
+                SHA256: f57d1b370f6a90ced8f5776d31549223448aad3486f777b0ccfa812ea3ed55fe
+                SHA384: 6da02d968aa1ea786396c9faa116633063d216347fcea5c226cf88d734574f8c8a578467919af7c1fc0c4680645bd3d9
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                EV Root CA
+            ValidFrom: '2011-04-15 19:45:33'
+            ValidTo: '2021-04-15 19:55:33'
+            Signature: 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 61204db4000000000027
+            Version: 3
+            TBS:
+                MD5: 8e3ffc222fbcebdbb8b23115ab259be7
+                SHA1: ee20bff28ffe13be731c294c90d6ded5aae0ec0e
+                SHA256: 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
+                SHA384: f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7
+        -   Subject: C=US, O=DigiCert, CN=DigiCert Timestamp Responder
+            ValidFrom: '2014-10-22 00:00:00'
+            ValidTo: '2024-10-22 00:00:00'
+            Signature: 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 03019a023aff58b16bd6d5eae617f066
+            Version: 3
+            TBS:
+                MD5: a752afee44f017e8d74e3f3eb7914ae3
+                SHA1: 8eca80a6b80e9c69dcef7745748524afb8019e2d
+                SHA256: 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
+                SHA384: e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 02c4d1e58a4a680c568da3047e7e4d5f
+            Version: 3
+            TBS:
+                MD5: 829995f702421dea833a24fb2c7f4442
+                SHA1: 1d7e838accd498c2e5ba9373af819ec097bb955c
+                SHA256: 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
+                SHA384: dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID CA,1
+            ValidFrom: '2006-11-10 00:00:00'
+            ValidTo: '2021-11-10 00:00:00'
+            Signature: 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 06fdf9039603adea000aeb3f27bbba1b
+            Version: 3
+            TBS:
+                MD5: 4e5ad189638cf52ba9cd881d4d44668c
+                SHA1: cdc115e98d798b33904c820d63cc1e1afc19251d
+                SHA256: 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
+                SHA384: 173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f
+        Signer:
+        -   SerialNumber: 0ff1ef66bd621c65b74b4de41425717f
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance
+                Code Signing CA,1
+            Version: 1
+    Imphash: f86759bb4de4320918615dc06e998a39
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/ee2d68aa-1a65-4967-8627-73590b041538.yaml b/yaml/ee2d68aa-1a65-4967-8627-73590b041538.yaml
index 6f7da30eb..fab94b27c 100644
--- a/yaml/ee2d68aa-1a65-4967-8627-73590b041538.yaml
+++ b/yaml/ee2d68aa-1a65-4967-8627-73590b041538.yaml
@@ -1,1508 +1,1516 @@
 Id: ee2d68aa-1a65-4967-8627-73590b041538
+Tags:
+- DirectIo32.sys
+Verified: 'TRUE'
 Author: Nasreddine Bencherchali
 Created: '2023-05-06'
 MitreID: T1068
 Category: vulnerable driver
-Verified: 'TRUE'
 Commands:
-  Command: sc.exe create DirectIo32.sys binPath=C:\windows\temp\DirectIo32.sys type=kernel
-    && sc.exe start DirectIo32.sys
-  Description: ''
-  Usecase: Elevate privileges
-  Privileges: kernel
-  OperatingSystem: Windows 10
+    Command: sc.exe create DirectIo32.sys binPath=C:\windows\temp\DirectIo32.sys type=kernel
+        && sc.exe start DirectIo32.sys
+    Description: ''
+    Usecase: Elevate privileges
+    Privileges: kernel
+    OperatingSystem: Windows 10
 Resources:
 - Internal Research
-Acknowledgement:
-  Person: ''
-  Handle: ''
 Detection: []
+Acknowledgement:
+    Person: ''
+    Handle: ''
 KnownVulnerableSamples:
-- Filename: DirectIo32.sys
-  MD5: 79ab228766c76cfdf42a64722821711e
-  SHA1: b0a684474eb746876faa617a28824bee93ba24f0
-  SHA256: 0be4912bfd7a79f6ebfa1c06a59f0fb402bd4fe0158265780509edd0e562eac1
-  Authentihash:
-    MD5: 643df6049601b73ec4ceaa3d80673871
-    SHA1: 956c004dbed19d2682f159e03d4faa3e2e8fc56c
-    SHA256: a8492a553ee840235fd12fa47b6caf1e5a8c82c3f4b681921246d7f192ed9126
-  Description: ''
-  Company: ''
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  Product: ''
-  ProductVersion: ''
-  Copyright: ''
-  MachineType: I386
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - ZwUnmapViewOfSection
-  - ZwWriteFile
-  - PsGetProcessId
-  - NtBuildNumber
-  - RtlFillMemoryUlong
-  - ZwCreateFile
-  - memset
-  - memcpy
-  - MmGetPhysicalMemoryRanges
-  - IoWriteErrorLogEntry
-  - memmove
-  - IoAllocateErrorLogEntry
-  - IofCompleteRequest
-  - IoDeleteDevice
-  - RtlAppendUnicodeStringToString
-  - RtlIntegerToUnicodeString
-  - RtlAppendUnicodeToString
-  - ObfDereferenceObject
-  - RtlQueryRegistryValues
-  - ZwOpenKey
-  - _snwprintf
-  - RtlWriteRegistryValue
-  - KeWaitForSingleObject
-  - IofCallDriver
-  - IoBuildDeviceIoControlRequest
-  - KeInitializeEvent
-  - IoCreateSymbolicLink
-  - ObReferenceObjectByPointer
-  - IoGetDeviceObjectPointer
-  - IoCreateDevice
-  - wcsrchr
-  - DbgPrintEx
-  - KeQueryActiveProcessors
-  - KeRevertToUserAffinityThread
-  - KeSetSystemAffinityThread
-  - KeTickCount
-  - KeBugCheckEx
-  - ZwClose
-  - DbgPrint
-  - RtlInitUnicodeString
-  - ExAllocatePoolWithTag
-  - ZwQueryValueKey
-  - ExFreePoolWithTag
-  - IoDeleteSymbolicLink
-  - RtlAssert
-  - READ_PORT_USHORT
-  - READ_PORT_UCHAR
-  - WRITE_PORT_ULONG
-  - WRITE_PORT_USHORT
-  - WRITE_PORT_UCHAR
-  - KeGetCurrentIrql
-  - READ_PORT_ULONG
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G3
-      ValidFrom: '2012-05-01 00:00:00'
-      ValidTo: '2012-12-31 23:59:59'
-      Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
-      Version: 3
-      TBS:
-        MD5: e6d820afb23af20a65cf0b03247ea05e
-        SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
-        SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
-        SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=AU, ST=NSW, O=PassMark Software Pty Ltd, OU=Digital ID Class 3 ,
-        Microsoft Software Validation v2, CN=PassMark Software Pty Ltd
-      ValidFrom: '2009-09-22 00:00:00'
-      ValidTo: '2012-10-18 23:59:59'
-      Signature: b7f68f477ab8836d5a2eaa9eaf9449186c71f90679d58058c558928f1ad7c76398511ce520afd6dce66540f536c377f824cf5b84fd60f83ead01a592fbce29cc51cca7da2fe8b50e89bc6999104fb406db3b878a7f9f148c767b668b84fcba161c1c14215de332cfcfc2fa52bce1543341231dd345b41da888372d4a2f82711f6125e029fd71859711bccd6b600247a440b6603296cfa9451e6ec81d51b1b7512705461af59e23e0423ba441c68025359a6e591c6370fa516188f8d720a16c6c7b24e975a204fbe5a3b8236443813e993d717df40642fe7d88d85aa1a51b47a3a05232da19c8f2de4144aa11d4577379c794ef9a48d60fc40f8793d5273a25da
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 38e7fa0db1a398f805bb85a69171dc9d
-      Version: 3
-      TBS:
-        MD5: 159feaed9447c7d71653069c337ec2b3
-        SHA1: 5079a8aa946ee016c86153d4456f58277360c036
-        SHA256: e76ee5754b8da5b514befb3a89eed638de08605326a1e611ddbed9e864551abf
-        SHA384: 9830194c19654f1196e74505a987588c36aa700489f3f482f1ad017bba6e39ebf9be18ab153da8cd9f8a672801820a87
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 38e7fa0db1a398f805bb85a69171dc9d
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 765d558180f54ed27c00a071f14b9150
-    SHA1: 39040b1a672804c0f0173c4b6bb3632c29f9d99b
-    SHA256: beaf06a61f68e85f98275b59edc329b4d58f310175f1ba8f610c42f76c83fa78
-  Sections:
-    .text:
-      Entropy: 6.072885505483524
-      Virtual Size: '0x26d9'
-    .rdata:
-      Entropy: 4.092745241218812
-      Virtual Size: '0x14d'
-    .data:
-      Entropy: 3.4193819456463705
-      Virtual Size: '0x24'
-    PAGE:
-      Entropy: 5.613410605164544
-      Virtual Size: '0xcd'
-    INIT:
-      Entropy: 5.472543544418243
-      Virtual Size: '0x5ec'
-    .reloc:
-      Entropy: 5.537217390905003
-      Virtual Size: '0x282'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2012-05-29 19:37:59'
-  Imphash: e2c63196ed5368f03dabed73b1ff3409
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: DirectIo32.sys
-  MD5: e913a51f66e380837ffe8da6707d4cc4
-  SHA1: 0be77bb3720283c9a970a97dab25d2a312e86110
-  SHA256: 38b3eb8c86201d26353aab625cea672e60c2f66ce6f5e5eda673e8c3478bf305
-  Authentihash:
-    MD5: 91941a5ecd36d5eda1e509e9f525fc83
-    SHA1: 1ad46a8e038a62e146ddb5a4fe8ca5a56c53f018
-    SHA256: 542cd21b0c835b818e6b2eea2efe5b340ff3d554b2b7e13af084f0817cc920fd
-  Description: ''
-  Company: ''
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  Product: ''
-  ProductVersion: ''
-  Copyright: ''
-  MachineType: I386
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - ZwUnmapViewOfSection
-  - ZwWriteFile
-  - PsGetProcessId
-  - NtBuildNumber
-  - RtlFillMemoryUlong
-  - ZwCreateFile
-  - memset
-  - memcpy
-  - MmGetPhysicalMemoryRanges
-  - IoWriteErrorLogEntry
-  - memmove
-  - IoAllocateErrorLogEntry
-  - IofCompleteRequest
-  - IoDeleteDevice
-  - RtlAppendUnicodeStringToString
-  - ObfDereferenceObject
-  - RtlAppendUnicodeToString
-  - IoDeleteSymbolicLink
-  - RtlQueryRegistryValues
-  - ZwOpenKey
-  - RtlWriteRegistryValue
-  - KeWaitForSingleObject
-  - IofCallDriver
-  - IoBuildDeviceIoControlRequest
-  - KeInitializeEvent
-  - IoCreateSymbolicLink
-  - ObReferenceObjectByPointer
-  - IoGetDeviceObjectPointer
-  - IoCreateDevice
-  - KeQueryActiveProcessors
-  - KeRevertToUserAffinityThread
-  - KeSetSystemAffinityThread
-  - KeTickCount
-  - KeBugCheckEx
-  - ZwClose
-  - DbgPrint
-  - RtlInitUnicodeString
-  - ExAllocatePoolWithTag
-  - ZwQueryValueKey
-  - ExFreePoolWithTag
-  - RtlIntegerToUnicodeString
-  - RtlAssert
-  - READ_PORT_USHORT
-  - READ_PORT_UCHAR
-  - WRITE_PORT_ULONG
-  - WRITE_PORT_USHORT
-  - WRITE_PORT_UCHAR
-  - KeGetCurrentIrql
-  - READ_PORT_ULONG
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=AU, ST=NSW, O=PassMark Software Pty Ltd, OU=Digital ID Class 3 ,
-        Microsoft Software Validation v2, CN=PassMark Software Pty Ltd
-      ValidFrom: '2009-09-22 00:00:00'
-      ValidTo: '2012-10-18 23:59:59'
-      Signature: b7f68f477ab8836d5a2eaa9eaf9449186c71f90679d58058c558928f1ad7c76398511ce520afd6dce66540f536c377f824cf5b84fd60f83ead01a592fbce29cc51cca7da2fe8b50e89bc6999104fb406db3b878a7f9f148c767b668b84fcba161c1c14215de332cfcfc2fa52bce1543341231dd345b41da888372d4a2f82711f6125e029fd71859711bccd6b600247a440b6603296cfa9451e6ec81d51b1b7512705461af59e23e0423ba441c68025359a6e591c6370fa516188f8d720a16c6c7b24e975a204fbe5a3b8236443813e993d717df40642fe7d88d85aa1a51b47a3a05232da19c8f2de4144aa11d4577379c794ef9a48d60fc40f8793d5273a25da
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 38e7fa0db1a398f805bb85a69171dc9d
-      Version: 3
-      TBS:
-        MD5: 159feaed9447c7d71653069c337ec2b3
-        SHA1: 5079a8aa946ee016c86153d4456f58277360c036
-        SHA256: e76ee5754b8da5b514befb3a89eed638de08605326a1e611ddbed9e864551abf
-        SHA384: 9830194c19654f1196e74505a987588c36aa700489f3f482f1ad017bba6e39ebf9be18ab153da8cd9f8a672801820a87
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 38e7fa0db1a398f805bb85a69171dc9d
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: bdaae5ccba049985b33c943d9a3ef28e
-    SHA1: 0061b9039804cc086dbae70e788e91b9a85c5128
-    SHA256: c46f0e8863984c8b11a0ae9872cc81e67e15608f50035ce728700fce24b59787
-  Sections:
-    .text:
-      Entropy: 6.043042283001294
-      Virtual Size: '0x2537'
-    .rdata:
-      Entropy: 4.164825953238762
-      Virtual Size: '0x144'
-    .data:
-      Entropy: 3.625
-      Virtual Size: '0x20'
-    PAGE:
-      Entropy: 5.630531458844188
-      Virtual Size: '0xcd'
-    INIT:
-      Entropy: 5.468877748140006
-      Virtual Size: '0x5ba'
-    .reloc:
-      Entropy: 5.422595746439076
-      Virtual Size: '0x258'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2012-05-07 23:45:54'
-  Imphash: 68b717fa2ab9431cd176776363359d48
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: DirectIo32.sys
-  MD5: 8ac6d458abbe4f5280996eb90235377c
-  SHA1: bd421ffdcc074ecca954d9b2c2fbce9301e9a36c
-  SHA256: 3f9530c94b689f39cc83377d76979d443275012e022782a600dcb5cad4cca6aa
-  Authentihash:
-    MD5: e4b5345eaa754dce6279e13b09b491ca
-    SHA1: ae806ca05e141b71664d9c6f20cc2369ef26f996
-    SHA256: 38fa9b5b66a11fd7387012c5c4bbd414eca8361273d57dba1e49aa6af23337f3
-  Description: ''
-  Company: ''
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  Product: ''
-  ProductVersion: ''
-  Copyright: ''
-  MachineType: I386
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoBuildSynchronousFsdRequest
-  - KeInitializeEvent
-  - IoGetDeviceProperty
-  - ObfDereferenceObject
-  - IoEnumerateDeviceObjectList
-  - ObReferenceObjectByName
-  - IoDriverObjectType
-  - IoGetAttachedDeviceReference
-  - IoFreeMdl
-  - MmMapLockedPagesSpecifyCache
-  - MmBuildMdlForNonPagedPool
-  - MmUnmapIoSpace
-  - IoAllocateMdl
-  - MmMapIoSpace
-  - ZwMapViewOfSection
-  - ZwClose
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - MmUnmapLockedPages
-  - ZwUnmapViewOfSection
-  - ZwWriteFile
-  - PsGetProcessId
-  - NtBuildNumber
-  - RtlFillMemoryUlong
-  - ZwCreateFile
-  - memset
-  - IofCallDriver
-  - MmGetPhysicalMemoryRanges
-  - IoWriteErrorLogEntry
-  - memmove
-  - IoAllocateErrorLogEntry
-  - RtlQueryRegistryValues
-  - IoDeleteDevice
-  - RtlAppendUnicodeStringToString
-  - RtlIntegerToUnicodeString
-  - RtlAppendUnicodeToString
-  - IoDeleteSymbolicLink
-  - ZwOpenKey
-  - RtlWriteRegistryValue
-  - IoBuildDeviceIoControlRequest
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - ObReferenceObjectByPointer
-  - IoGetDeviceObjectPointer
-  - IoCreateDevice
-  - wcsrchr
-  - DbgPrintEx
-  - KeQueryActiveProcessors
-  - KeRevertToUserAffinityThread
-  - KeSetSystemAffinityThread
-  - KeTickCount
-  - KeBugCheckEx
-  - RtlUnwind
-  - KeWaitForSingleObject
-  - DbgPrint
-  - RtlInitUnicodeString
-  - ExAllocatePoolWithTag
-  - ZwQueryValueKey
-  - ExFreePoolWithTag
-  - _vsnwprintf
-  - memcpy
-  - RtlAssert
-  - READ_PORT_USHORT
-  - READ_PORT_UCHAR
-  - WRITE_PORT_ULONG
-  - WRITE_PORT_USHORT
-  - WRITE_PORT_UCHAR
-  - KeStallExecutionProcessor
-  - KeGetCurrentIrql
-  - READ_PORT_ULONG
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 56fe535ce1c79ebca7ed7e536d6a144b518c405e805faaa4e82fef38c804c9ca3ecfdf3a584eb0d4b663c52957fa02059a454d68db2a1bd4343d9f00c35acb9549a56ee1b0c5fc414d414a6fd377c8d7388de419de18f31f1565836d450c53f90a9a2ea55dbf6f32811892196a5500ad631c52067e55d92968ae4a7c189a79886b2323d827382a298776cafbc7b662231fed7a564cdd9c325bf53d0c4618953b2a2368836441d9006d0f1924156872bdc571676eac4cdb90eb51a51a6207d0be6a00473c722fec4f613e7385ce5a0ab7bac01c1375e3223928dd6d1d09469d4fbae8408191c6a4ce94721b01cf2a6e15679589ae7db7b7cdf90a3d75b66b3c25
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47974d7873a5bcab0d2fb370192fce5e
-      Version: 3
-      TBS:
-        MD5: e3a93dc2a8a8a668fdbb286bfe9afab5
-        SHA1: 95795d2aa2a554a423bc8c6e5b0a016d14887d35
-        SHA256: d8844186775bddbccaf3dc017064df7d760fd4b85c5d07561a3efd7da950f89e
-        SHA384: 78d972495720b43a6470b18ae1226bcca20707628087717a9364c14ca053ba264e6d149718b103542d9942200138a69d
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=AU, ST=New South Wales, L=Sydney, O=PassMark Software Pty Ltd, OU=Secure
-        Application Development, CN=PassMark Software Pty Ltd
-      ValidFrom: '2014-10-23 00:00:00'
-      ValidTo: '2017-01-13 23:59:59'
-      Signature: 2a7625d379f9d98000b6a91746a285e932f9b02086b92f0f5511369a2fe6917b6b0b1f833094654288a1b282fe4057f84aa07a68c19a460d989c2935df87248a85456b058fcb53b1a5f3d037735374336fb58c1ff3d8973017b0aefac3e114f0d439239b2c7f3e1ef073bd38748dfd81ad871e50e71ece4cb43d44de9b36f13240b52c20a02a74581ba72f526f8362bf8bff2e51884cfdaf89859fe8ffd32e82d36745d05754c7161ee5945647d6fb907f347f0448761bf6dcd40ead8a425b4e575fc13ce3a74d1b99504a6db112fb1fb930c11488f702bc9fc78f278c4a987fa4de2382839206d25290cb74895c82be23d5d44002745c4e7a3cab28f42583f1
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 5ece8cdb4d508efee821a7cfff5b8016
-      Version: 3
-      TBS:
-        MD5: fbbc2fd31bef7df6deb6127e593c71bb
-        SHA1: 82b8bf771c8f1b038935f84e2a41a37c30650003
-        SHA256: ed0d4e6cc774379d4622d107da1a202d9f330e7a68b03abd182ec86685ec7067
-        SHA384: d774707c21ab68e089c3a431d1a85fa8037cf9f5148930ffecb95f979603ee80322b6bdd156d49d85b3a91d527f6034a
-    - Subject: C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006
-        thawte, Inc. , For authorized use only, CN=thawte Primary Root CA
-      ValidFrom: '2011-02-22 19:31:57'
-      ValidTo: '2021-02-22 19:41:57'
-      Signature: 2dcc71b5e8ba94ff5ee64467007b6afc412c3ee70e41855ab12a932ba95b89f2f72b499c8003f297b8e760a80ed7fd5de545467594f4ed1c9de166228b61fb29f2c6a8bdf387c98f7f47e1c058b64a1aa2e7f718606969e083069e26c775c40c0d79da746b52b9fae8ea3359b9bb18dd291a14dfd36a37277a9da0dacffffc22c4faf009ff33e93e17ba1cc742cfce2743d30c0c5581303db96060ce02ece19ee81ddc852ce0a18d966d95ac17a4713ea16741b6281d2ce3b615e5b7e5a2f6256d86e320acf9f8314f8e629b9833376d6af735523e90feb03b5fc5b852a9e06ea0479a279e97aea24a9e531939ec357ec659de3ae0aaf533f06abda0821812dea18c4570ca2bd62e959145995a5c240049bd23b30ceca43df5b9e1d1b1825a38eea3fba1ab483a8c5dffa065223fd3d3fe4990db1446a3852e8a554b09ab38b2ab63a008d1fdad48e273d812bcc26ca516fad09ac05e38383a2b718e553aac42197a1f0d4220e7ab5d8c6880524ca1c0d488d02321fb901309007b4937afa9df486022abf4f6c2363bf8513c34bbc586e43ae19f4b90fe5461024b159c34176aa94b8d4cb69d2326c83af1d6b805cdda1d6240183a2f1b41cd3a993a0aa9d1d77eb8c4aff7b8c980105ed55df6ce7a9a02c50f6381efb564e9fc5bd8d2619a68c37cf9c78df91e87d5fa2cf816ae9dab068fc86dc741cda14e84e3dac26ebcfb
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611fb0a400000000001d
-      Version: 3
-      TBS:
-        MD5: a3f222107d4e1085e73b5b589c2f480b
-        SHA1: b94aa26cd77c48d91a53ac44506cbd255e1d362c
-        SHA256: a39ed0d6fd4eb1a6f7fed60f726e23eae668b7591bc004644625d22c701213fa
-        SHA384: 64b7643e4146016cbf83c911eb67e4601b6bb8d66f8ee8dcee67b815f91770d86ab23678b984430f22a963e5484881b7
-    Signer:
-    - SerialNumber: 5ece8cdb4d508efee821a7cfff5b8016
-      Issuer: C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2
-      Version: 1
-  RichPEHeaderHash:
-    MD5: e8e9418525c79781b2801bde5da6f541
-    SHA1: 30714e68eee4eb992462c2aee50c9fca77c98299
-    SHA256: 90241e844553b5439be81ddd9accb390ef1d052371ded8c3bf17190f425e1b44
-  Sections:
-    .text:
-      Entropy: 6.228494768524962
-      Virtual Size: '0x3805'
-    .rdata:
-      Entropy: 4.190420870369975
-      Virtual Size: '0x204'
-    .data:
-      Entropy: 3.108247650458953
-      Virtual Size: '0x34'
-    PAGE:
-      Entropy: 5.538055649345997
-      Virtual Size: '0xcd'
-    INIT:
-      Entropy: 5.61277320867206
-      Virtual Size: '0x784'
-    .reloc:
-      Entropy: 5.684854112325549
-      Virtual Size: '0x352'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2015-02-17 15:48:32'
-  Imphash: eade2a2576f329e4971bf5044ab24ac7
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: DirectIo32.sys
-  MD5: 592756f68ab8ae590662b0c4212a3bb9
-  SHA1: aadaec4c31d661c249e4cf455ec752fffa3e5cfc
-  SHA256: 65025741ecd0ef516da01319b42c2d96e13cb8d78de53fb7e39cd53ea6d58c75
-  Authentihash:
-    MD5: ae08002e9920a85b42f78d85e4f5baaa
-    SHA1: 6e2ea1d108b9f05f2d077ed6c254a70e2b11251d
-    SHA256: fb7cb120d51e217ee4cc50bee619603be5eb6091634df45acc5249aed283c9be
-  Description: ''
-  Company: ''
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  Product: ''
-  ProductVersion: ''
-  Copyright: ''
-  MachineType: I386
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - ZwUnmapViewOfSection
-  - ZwWriteFile
-  - PsGetProcessId
-  - NtBuildNumber
-  - RtlFillMemoryUlong
-  - ZwCreateFile
-  - memset
-  - memcpy
-  - MmGetPhysicalMemoryRanges
-  - IoWriteErrorLogEntry
-  - memmove
-  - IoAllocateErrorLogEntry
-  - IofCompleteRequest
-  - IoDeleteDevice
-  - RtlAppendUnicodeStringToString
-  - ObfDereferenceObject
-  - RtlAppendUnicodeToString
-  - IoDeleteSymbolicLink
-  - RtlQueryRegistryValues
-  - ZwOpenKey
-  - RtlWriteRegistryValue
-  - KeWaitForSingleObject
-  - IofCallDriver
-  - IoBuildDeviceIoControlRequest
-  - KeInitializeEvent
-  - IoCreateSymbolicLink
-  - ObReferenceObjectByPointer
-  - IoGetDeviceObjectPointer
-  - IoCreateDevice
-  - KeQueryActiveProcessors
-  - KeRevertToUserAffinityThread
-  - KeSetSystemAffinityThread
-  - KeTickCount
-  - KeBugCheckEx
-  - ZwClose
-  - DbgPrint
-  - RtlInitUnicodeString
-  - ExAllocatePoolWithTag
-  - ZwQueryValueKey
-  - ExFreePoolWithTag
-  - RtlIntegerToUnicodeString
-  - RtlAssert
-  - READ_PORT_USHORT
-  - READ_PORT_UCHAR
-  - WRITE_PORT_ULONG
-  - WRITE_PORT_USHORT
-  - WRITE_PORT_UCHAR
-  - KeGetCurrentIrql
-  - READ_PORT_ULONG
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=AU, ST=NSW, O=PassMark Software Pty Ltd, OU=Digital ID Class 3 ,
-        Microsoft Software Validation v2, CN=PassMark Software Pty Ltd
-      ValidFrom: '2009-09-22 00:00:00'
-      ValidTo: '2012-10-18 23:59:59'
-      Signature: b7f68f477ab8836d5a2eaa9eaf9449186c71f90679d58058c558928f1ad7c76398511ce520afd6dce66540f536c377f824cf5b84fd60f83ead01a592fbce29cc51cca7da2fe8b50e89bc6999104fb406db3b878a7f9f148c767b668b84fcba161c1c14215de332cfcfc2fa52bce1543341231dd345b41da888372d4a2f82711f6125e029fd71859711bccd6b600247a440b6603296cfa9451e6ec81d51b1b7512705461af59e23e0423ba441c68025359a6e591c6370fa516188f8d720a16c6c7b24e975a204fbe5a3b8236443813e993d717df40642fe7d88d85aa1a51b47a3a05232da19c8f2de4144aa11d4577379c794ef9a48d60fc40f8793d5273a25da
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 38e7fa0db1a398f805bb85a69171dc9d
-      Version: 3
-      TBS:
-        MD5: 159feaed9447c7d71653069c337ec2b3
-        SHA1: 5079a8aa946ee016c86153d4456f58277360c036
-        SHA256: e76ee5754b8da5b514befb3a89eed638de08605326a1e611ddbed9e864551abf
-        SHA384: 9830194c19654f1196e74505a987588c36aa700489f3f482f1ad017bba6e39ebf9be18ab153da8cd9f8a672801820a87
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 38e7fa0db1a398f805bb85a69171dc9d
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 734407991bf996dcce877cc270aa0c2e
-    SHA1: 34393468374dd93a1ac2d35d46a897d0f88e57df
-    SHA256: ee0c3e409a4b3b20f4c32627212bd49db7d120ac6c180fda7f4a0d2b794841c4
-  Sections:
-    .text:
-      Entropy: 6.0540990271280695
-      Virtual Size: '0x2559'
-    .rdata:
-      Entropy: 4.140406079254939
-      Virtual Size: '0x13b'
-    .data:
-      Entropy: 3.625
-      Virtual Size: '0x20'
-    PAGE:
-      Entropy: 5.630531458844188
-      Virtual Size: '0xcd'
-    INIT:
-      Entropy: 5.476536863560775
-      Virtual Size: '0x5ba'
-    .reloc:
-      Entropy: 5.4555025563265716
-      Virtual Size: '0x258'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2012-05-14 10:58:59'
-  Imphash: 68b717fa2ab9431cd176776363359d48
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: DirectIo32.sys
-  MD5: 0a653d9d0594b152ca835d0b2593269f
-  SHA1: 6102b73489e1d319c0db7b84cb2c426c5f680120
-  SHA256: 72288d4978ee87ea6c8b1566dbd906107357087cef7364fb3dd1e1896d00baeb
-  Authentihash:
-    MD5: 4ffb30623d9570c0a19742435ba230bb
-    SHA1: 9703903219c7d7f88748fd68f277649b82f2df83
-    SHA256: c3a215473d836c1d7315f371bff4dea956d7d1b440e43b4671f6e3772bae00dd
-  Description: ''
-  Company: ''
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  Product: ''
-  ProductVersion: ''
-  Copyright: ''
-  MachineType: I386
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - ObfDereferenceObject
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - ZwUnmapViewOfSection
-  - ZwWriteFile
-  - PsGetProcessId
-  - NtBuildNumber
-  - RtlFillMemoryUlong
-  - ZwCreateFile
-  - memset
-  - memcpy
-  - MmGetPhysicalMemoryRanges
-  - IoWriteErrorLogEntry
-  - memmove
-  - IoAllocateErrorLogEntry
-  - IofCompleteRequest
-  - IoDeleteDevice
-  - RtlAppendUnicodeStringToString
-  - RtlIntegerToUnicodeString
-  - ZwClose
-  - IoDeleteSymbolicLink
-  - RtlQueryRegistryValues
-  - ZwOpenKey
-  - RtlWriteRegistryValue
-  - KeWaitForSingleObject
-  - IofCallDriver
-  - IoBuildDeviceIoControlRequest
-  - KeInitializeEvent
-  - IoCreateSymbolicLink
-  - ObReferenceObjectByPointer
-  - IoGetDeviceObjectPointer
-  - IoCreateDevice
-  - wcsrchr
-  - DbgPrintEx
-  - KeQueryActiveProcessors
-  - KeRevertToUserAffinityThread
-  - KeSetSystemAffinityThread
-  - KeTickCount
-  - KeBugCheckEx
-  - DbgPrint
-  - RtlInitUnicodeString
-  - ExAllocatePoolWithTag
-  - ZwQueryValueKey
-  - ExFreePoolWithTag
-  - _vsnwprintf
-  - RtlAppendUnicodeToString
-  - RtlAssert
-  - READ_PORT_USHORT
-  - READ_PORT_UCHAR
-  - WRITE_PORT_ULONG
-  - WRITE_PORT_USHORT
-  - WRITE_PORT_UCHAR
-  - KeGetCurrentIrql
-  - READ_PORT_ULONG
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G3
-      ValidFrom: '2012-05-01 00:00:00'
-      ValidTo: '2012-12-31 23:59:59'
-      Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
-      Version: 3
-      TBS:
-        MD5: e6d820afb23af20a65cf0b03247ea05e
-        SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
-        SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
-        SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=AU, ST=NSW, O=PassMark Software Pty Ltd, OU=Digital ID Class 3 ,
-        Microsoft Software Validation v2, CN=PassMark Software Pty Ltd
-      ValidFrom: '2009-09-22 00:00:00'
-      ValidTo: '2012-10-18 23:59:59'
-      Signature: b7f68f477ab8836d5a2eaa9eaf9449186c71f90679d58058c558928f1ad7c76398511ce520afd6dce66540f536c377f824cf5b84fd60f83ead01a592fbce29cc51cca7da2fe8b50e89bc6999104fb406db3b878a7f9f148c767b668b84fcba161c1c14215de332cfcfc2fa52bce1543341231dd345b41da888372d4a2f82711f6125e029fd71859711bccd6b600247a440b6603296cfa9451e6ec81d51b1b7512705461af59e23e0423ba441c68025359a6e591c6370fa516188f8d720a16c6c7b24e975a204fbe5a3b8236443813e993d717df40642fe7d88d85aa1a51b47a3a05232da19c8f2de4144aa11d4577379c794ef9a48d60fc40f8793d5273a25da
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 38e7fa0db1a398f805bb85a69171dc9d
-      Version: 3
-      TBS:
-        MD5: 159feaed9447c7d71653069c337ec2b3
-        SHA1: 5079a8aa946ee016c86153d4456f58277360c036
-        SHA256: e76ee5754b8da5b514befb3a89eed638de08605326a1e611ddbed9e864551abf
-        SHA384: 9830194c19654f1196e74505a987588c36aa700489f3f482f1ad017bba6e39ebf9be18ab153da8cd9f8a672801820a87
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 38e7fa0db1a398f805bb85a69171dc9d
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 765d558180f54ed27c00a071f14b9150
-    SHA1: 39040b1a672804c0f0173c4b6bb3632c29f9d99b
-    SHA256: beaf06a61f68e85f98275b59edc329b4d58f310175f1ba8f610c42f76c83fa78
-  Sections:
-    .text:
-      Entropy: 6.094411959893321
-      Virtual Size: '0x27cb'
-    .rdata:
-      Entropy: 4.0771638057775
-      Virtual Size: '0x14d'
-    .data:
-      Entropy: 3.4193819456463705
-      Virtual Size: '0x24'
-    PAGE:
-      Entropy: 5.606645620052774
-      Virtual Size: '0xcd'
-    INIT:
-      Entropy: 5.474590145522427
-      Virtual Size: '0x5ec'
-    .reloc:
-      Entropy: 5.535152929801922
-      Virtual Size: '0x280'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2012-08-12 22:30:17'
-  Imphash: 427cd9c70cca88ca1db61a5ddc3b8450
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: DirectIo32.sys
-  MD5: e140cb81bd27434fc4fd9080b7551922
-  SHA1: 2a06006e54c62a2e8bdf14313f90f0ab5d2f8de8
-  SHA256: 7dfc2eb033d2e090540860b8853036f40736d02bd22099ff6cf665a90be659cd
-  Authentihash:
-    MD5: c62966c201e259ff8b2642470b2bd621
-    SHA1: abe422f9289fe922f671cc70c78046e2bde5e309
-    SHA256: c0752dc13548fe8d3b5a7a73c04ebcd7bcfa5e4ecec9ba233d193bd36ed4b54e
-  Description: ''
-  Company: ''
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  Product: ''
-  ProductVersion: ''
-  Copyright: ''
-  MachineType: I386
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoBuildSynchronousFsdRequest
-  - KeInitializeEvent
-  - IoGetDeviceProperty
-  - ObfDereferenceObject
-  - IoEnumerateDeviceObjectList
-  - ObReferenceObjectByName
-  - IoDriverObjectType
-  - IoGetAttachedDeviceReference
-  - IoFreeMdl
-  - MmMapLockedPagesSpecifyCache
-  - MmBuildMdlForNonPagedPool
-  - MmUnmapIoSpace
-  - IoAllocateMdl
-  - MmMapIoSpace
-  - ZwMapViewOfSection
-  - ZwClose
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - MmUnmapLockedPages
-  - ZwUnmapViewOfSection
-  - ZwWriteFile
-  - PsGetProcessId
-  - NtBuildNumber
-  - RtlFillMemoryUlong
-  - ZwCreateFile
-  - memset
-  - IofCallDriver
-  - MmGetPhysicalMemoryRanges
-  - IoWriteErrorLogEntry
-  - memmove
-  - IoAllocateErrorLogEntry
-  - IoDeleteDevice
-  - RtlAppendUnicodeStringToString
-  - RtlIntegerToUnicodeString
-  - RtlAppendUnicodeToString
-  - IoDeleteSymbolicLink
-  - RtlQueryRegistryValues
-  - ZwOpenKey
-  - RtlWriteRegistryValue
-  - IoBuildDeviceIoControlRequest
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - ObReferenceObjectByPointer
-  - IoGetDeviceObjectPointer
-  - IoCreateDevice
-  - wcsrchr
-  - DbgPrintEx
-  - KeQueryActiveProcessors
-  - KeRevertToUserAffinityThread
-  - KeSetSystemAffinityThread
-  - KeTickCount
-  - KeBugCheckEx
-  - RtlUnwind
-  - KeWaitForSingleObject
-  - DbgPrint
-  - RtlInitUnicodeString
-  - ExAllocatePoolWithTag
-  - ZwQueryValueKey
-  - ExFreePoolWithTag
-  - _vsnwprintf
-  - memcpy
-  - RtlAssert
-  - READ_PORT_USHORT
-  - READ_PORT_UCHAR
-  - WRITE_PORT_ULONG
-  - WRITE_PORT_USHORT
-  - WRITE_PORT_UCHAR
-  - KeStallExecutionProcessor
-  - KeGetCurrentIrql
-  - READ_PORT_ULONG
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=AU, ST=New South Wales, L=Sydney, O=PassMark Software Pty Ltd, OU=Secure
-        Application Development, CN=PassMark Software Pty Ltd
-      ValidFrom: '2013-01-14 00:00:00'
-      ValidTo: '2015-01-14 23:59:59'
-      Signature: 962575976d67babaeead5b02f75eb90413510ab88431e41e557b88607fdb1788cc2a92e9314ec15ad64a575e59ad1d56b393600e9821e2ba7e50a4e8c7a8bbac03da75a6aa19c5ea5a74e541a0ee96928771368dce74948facce20e2fde3165fb5f5a5aa1c7f1809fca417d1179e7f4f46ade45c1c9f1b9696337719ca36dc304a0df468908064e37f878eeddc42a4b417652d563615134bc7f52927f8f96717b63631df61403dbad145e56ad07a466c911fca193cbe2e013925287326bf7c4870c0a7564be57688769c742685822b853bcc7ef4d53e322ac619c85a90693ecf40674cd9286cdac7da899b50a13c69433cbc298e176d7dbecf178fffd66a79f3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 6ec5060c23b767aa5eb4fe5ddad4af2d
-      Version: 3
-      TBS:
-        MD5: 68d63143985e350ea05f95c3c989d910
-        SHA1: 35d4099366238cdf0d0568367df87e76a721e4e4
-        SHA256: 565f57952c378ad23755193c410d80a4b4cf11374e8d68ae7ad35d58f7bd2705
-        SHA384: 4bd08adf5fda0e77a40698a53035b92924ac76993d1b3653da1db17f24e99f4525bdf5c31e5b2b0923bb76033f2804ac
-    - Subject: C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 56fe535ce1c79ebca7ed7e536d6a144b518c405e805faaa4e82fef38c804c9ca3ecfdf3a584eb0d4b663c52957fa02059a454d68db2a1bd4343d9f00c35acb9549a56ee1b0c5fc414d414a6fd377c8d7388de419de18f31f1565836d450c53f90a9a2ea55dbf6f32811892196a5500ad631c52067e55d92968ae4a7c189a79886b2323d827382a298776cafbc7b662231fed7a564cdd9c325bf53d0c4618953b2a2368836441d9006d0f1924156872bdc571676eac4cdb90eb51a51a6207d0be6a00473c722fec4f613e7385ce5a0ab7bac01c1375e3223928dd6d1d09469d4fbae8408191c6a4ce94721b01cf2a6e15679589ae7db7b7cdf90a3d75b66b3c25
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47974d7873a5bcab0d2fb370192fce5e
-      Version: 3
-      TBS:
-        MD5: e3a93dc2a8a8a668fdbb286bfe9afab5
-        SHA1: 95795d2aa2a554a423bc8c6e5b0a016d14887d35
-        SHA256: d8844186775bddbccaf3dc017064df7d760fd4b85c5d07561a3efd7da950f89e
-        SHA384: 78d972495720b43a6470b18ae1226bcca20707628087717a9364c14ca053ba264e6d149718b103542d9942200138a69d
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006
-        thawte, Inc. , For authorized use only, CN=thawte Primary Root CA
-      ValidFrom: '2011-02-22 19:31:57'
-      ValidTo: '2021-02-22 19:41:57'
-      Signature: 2dcc71b5e8ba94ff5ee64467007b6afc412c3ee70e41855ab12a932ba95b89f2f72b499c8003f297b8e760a80ed7fd5de545467594f4ed1c9de166228b61fb29f2c6a8bdf387c98f7f47e1c058b64a1aa2e7f718606969e083069e26c775c40c0d79da746b52b9fae8ea3359b9bb18dd291a14dfd36a37277a9da0dacffffc22c4faf009ff33e93e17ba1cc742cfce2743d30c0c5581303db96060ce02ece19ee81ddc852ce0a18d966d95ac17a4713ea16741b6281d2ce3b615e5b7e5a2f6256d86e320acf9f8314f8e629b9833376d6af735523e90feb03b5fc5b852a9e06ea0479a279e97aea24a9e531939ec357ec659de3ae0aaf533f06abda0821812dea18c4570ca2bd62e959145995a5c240049bd23b30ceca43df5b9e1d1b1825a38eea3fba1ab483a8c5dffa065223fd3d3fe4990db1446a3852e8a554b09ab38b2ab63a008d1fdad48e273d812bcc26ca516fad09ac05e38383a2b718e553aac42197a1f0d4220e7ab5d8c6880524ca1c0d488d02321fb901309007b4937afa9df486022abf4f6c2363bf8513c34bbc586e43ae19f4b90fe5461024b159c34176aa94b8d4cb69d2326c83af1d6b805cdda1d6240183a2f1b41cd3a993a0aa9d1d77eb8c4aff7b8c980105ed55df6ce7a9a02c50f6381efb564e9fc5bd8d2619a68c37cf9c78df91e87d5fa2cf816ae9dab068fc86dc741cda14e84e3dac26ebcfb
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611fb0a400000000001d
-      Version: 3
-      TBS:
-        MD5: a3f222107d4e1085e73b5b589c2f480b
-        SHA1: b94aa26cd77c48d91a53ac44506cbd255e1d362c
-        SHA256: a39ed0d6fd4eb1a6f7fed60f726e23eae668b7591bc004644625d22c701213fa
-        SHA384: 64b7643e4146016cbf83c911eb67e4601b6bb8d66f8ee8dcee67b815f91770d86ab23678b984430f22a963e5484881b7
-    Signer:
-    - SerialNumber: 6ec5060c23b767aa5eb4fe5ddad4af2d
-      Issuer: C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 48d4f16811ddd51f0b0dfcc0d54e38b0
-    SHA1: cd935f133cb091515e17af73958f40ff2f38a637
-    SHA256: abd3700677467347253a474d80771952d516b441f3437a2038b2ef6d91316290
-  Sections:
-    .text:
-      Entropy: 6.2285329518114985
-      Virtual Size: '0x3815'
-    .rdata:
-      Entropy: 4.064531984619777
-      Virtual Size: '0x204'
-    .data:
-      Entropy: 3.108247650458953
-      Virtual Size: '0x34'
-    PAGE:
-      Entropy: 5.551494124966307
-      Virtual Size: '0xcd'
-    INIT:
-      Entropy: 5.614365858236212
-      Virtual Size: '0x784'
-    .reloc:
-      Entropy: 5.653025095053076
-      Virtual Size: '0x350'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2014-03-10 10:45:24'
-  Imphash: a7f2c2e8e9d6c90e28819d1a3ab84bc8
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: DirectIo32.sys
-  MD5: 10e681ce84afdd642e59ddfdb28284e9
-  SHA1: 983a8d4b1cb68140740a7680f929d493463e32e3
-  SHA256: e3b257357be41a18319332df7023c4407e2b93ac4c9e0c6754032e29f3763eac
-  Authentihash:
-    MD5: d2fd725385f0f7acb722a5cb177b40aa
-    SHA1: de239bda4c75f8b2cfbbf74823466491d2e1f76d
-    SHA256: d6753d2e6cf2f11932b4fedd4362ab57651f8f3baa886eace22fd98a14ebc2e8
-  Description: ''
-  Company: ''
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  Product: ''
-  ProductVersion: ''
-  Copyright: ''
-  MachineType: I386
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - ZwUnmapViewOfSection
-  - ZwWriteFile
-  - PsGetProcessId
-  - NtBuildNumber
-  - RtlFillMemoryUlong
-  - ZwCreateFile
-  - memset
-  - memcpy
-  - MmGetPhysicalMemoryRanges
-  - IoWriteErrorLogEntry
-  - memmove
-  - IoAllocateErrorLogEntry
-  - IofCompleteRequest
-  - IoDeleteDevice
-  - RtlAppendUnicodeStringToString
-  - RtlIntegerToUnicodeString
-  - RtlAppendUnicodeToString
-  - ObfDereferenceObject
-  - RtlQueryRegistryValues
-  - ZwOpenKey
-  - _snwprintf_s
-  - RtlWriteRegistryValue
-  - KeWaitForSingleObject
-  - IofCallDriver
-  - IoBuildDeviceIoControlRequest
-  - KeInitializeEvent
-  - IoCreateSymbolicLink
-  - ObReferenceObjectByPointer
-  - IoGetDeviceObjectPointer
-  - IoCreateDevice
-  - wcscpy_s
-  - wcsrchr
-  - DbgPrintEx
-  - KeQueryActiveProcessors
-  - KeRevertToUserAffinityThread
-  - KeSetSystemAffinityThread
-  - KeTickCount
-  - KeBugCheckEx
-  - ZwClose
-  - DbgPrint
-  - RtlInitUnicodeString
-  - ExAllocatePoolWithTag
-  - ZwQueryValueKey
-  - ExFreePoolWithTag
-  - IoDeleteSymbolicLink
-  - RtlAssert
-  - READ_PORT_USHORT
-  - READ_PORT_UCHAR
-  - WRITE_PORT_ULONG
-  - WRITE_PORT_USHORT
-  - WRITE_PORT_UCHAR
-  - KeGetCurrentIrql
-  - READ_PORT_ULONG
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G3
-      ValidFrom: '2012-05-01 00:00:00'
-      ValidTo: '2012-12-31 23:59:59'
-      Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
-      Version: 3
-      TBS:
-        MD5: e6d820afb23af20a65cf0b03247ea05e
-        SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
-        SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
-        SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=AU, ST=NSW, O=PassMark Software Pty Ltd, OU=Digital ID Class 3 ,
-        Microsoft Software Validation v2, CN=PassMark Software Pty Ltd
-      ValidFrom: '2009-09-22 00:00:00'
-      ValidTo: '2012-10-18 23:59:59'
-      Signature: b7f68f477ab8836d5a2eaa9eaf9449186c71f90679d58058c558928f1ad7c76398511ce520afd6dce66540f536c377f824cf5b84fd60f83ead01a592fbce29cc51cca7da2fe8b50e89bc6999104fb406db3b878a7f9f148c767b668b84fcba161c1c14215de332cfcfc2fa52bce1543341231dd345b41da888372d4a2f82711f6125e029fd71859711bccd6b600247a440b6603296cfa9451e6ec81d51b1b7512705461af59e23e0423ba441c68025359a6e591c6370fa516188f8d720a16c6c7b24e975a204fbe5a3b8236443813e993d717df40642fe7d88d85aa1a51b47a3a05232da19c8f2de4144aa11d4577379c794ef9a48d60fc40f8793d5273a25da
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 38e7fa0db1a398f805bb85a69171dc9d
-      Version: 3
-      TBS:
-        MD5: 159feaed9447c7d71653069c337ec2b3
-        SHA1: 5079a8aa946ee016c86153d4456f58277360c036
-        SHA256: e76ee5754b8da5b514befb3a89eed638de08605326a1e611ddbed9e864551abf
-        SHA384: 9830194c19654f1196e74505a987588c36aa700489f3f482f1ad017bba6e39ebf9be18ab153da8cd9f8a672801820a87
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 38e7fa0db1a398f805bb85a69171dc9d
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 38314989283fdd5f45ec4d8d3d15e116
-    SHA1: a1b9eff6145e1176c41c86b0c49038a5c757b144
-    SHA256: 698ac0c9fdb4ab4afde156a75e859fcb43f91ebfc29d93e1efd9bd9a5d971fea
-  Sections:
-    .text:
-      Entropy: 6.071623655142026
-      Virtual Size: '0x2717'
-    .rdata:
-      Entropy: 4.121756234287931
-      Virtual Size: '0x14d'
-    .data:
-      Entropy: 3.4193819456463705
-      Virtual Size: '0x24'
-    PAGE:
-      Entropy: 5.62316670272552
-      Virtual Size: '0xcd'
-    INIT:
-      Entropy: 5.463728716873735
-      Virtual Size: '0x5fe'
-    .reloc:
-      Entropy: 5.542859163741398
-      Virtual Size: '0x27e'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2012-07-30 19:02:19'
-  Imphash: 32204eaf2afa5b348ab17de07362885c
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: DirectIo32.sys
-  MD5: aa5dd4beca6f67733e04d9d050ecd523
-  SHA1: ebafebe5e94fdf12bd2159ed66d73268576bc7d9
-  SHA256: e4c154a0073bbad3c9f8ab7218e9b3be252ae705c20c568861dae4088f17ffcc
-  Authentihash:
-    MD5: e631c2272278e20c81a8d8dcb825ae78
-    SHA1: ef06513dc0f8456e09260857fd63ee1222c60c82
-    SHA256: 507cee84e2924e81916c8bf090efb1beab3c258a79e1e1bf3637b8b7824d0a86
-  Description: ''
-  Company: ''
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  Product: ''
-  ProductVersion: ''
-  Copyright: ''
-  MachineType: I386
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - ZwMapViewOfSection
-  - ObReferenceObjectByHandle
-  - ZwOpenSection
-  - ZwUnmapViewOfSection
-  - ZwWriteFile
-  - PsGetProcessId
-  - NtBuildNumber
-  - RtlFillMemoryUlong
-  - ZwCreateFile
-  - memset
-  - memcpy
-  - MmGetPhysicalMemoryRanges
-  - IoWriteErrorLogEntry
-  - memmove
-  - IoAllocateErrorLogEntry
-  - IofCompleteRequest
-  - IoDeleteDevice
-  - RtlAppendUnicodeStringToString
-  - RtlIntegerToUnicodeString
-  - RtlAppendUnicodeToString
-  - ObfDereferenceObject
-  - RtlQueryRegistryValues
-  - ZwOpenKey
-  - _snwprintf_s
-  - RtlWriteRegistryValue
-  - KeWaitForSingleObject
-  - IofCallDriver
-  - IoBuildDeviceIoControlRequest
-  - KeInitializeEvent
-  - IoCreateSymbolicLink
-  - ObReferenceObjectByPointer
-  - IoGetDeviceObjectPointer
-  - IoCreateDevice
-  - wcscpy_s
-  - wcsrchr
-  - DbgPrintEx
-  - KeQueryActiveProcessors
-  - KeRevertToUserAffinityThread
-  - KeSetSystemAffinityThread
-  - KeTickCount
-  - KeBugCheckEx
-  - ZwClose
-  - DbgPrint
-  - RtlInitUnicodeString
-  - ExAllocatePoolWithTag
-  - ZwQueryValueKey
-  - ExFreePoolWithTag
-  - IoDeleteSymbolicLink
-  - RtlAssert
-  - READ_PORT_USHORT
-  - READ_PORT_UCHAR
-  - WRITE_PORT_ULONG
-  - WRITE_PORT_USHORT
-  - WRITE_PORT_UCHAR
-  - KeGetCurrentIrql
-  - READ_PORT_ULONG
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=AU, ST=NSW, O=PassMark Software Pty Ltd, OU=Digital ID Class 3 ,
-        Microsoft Software Validation v2, CN=PassMark Software Pty Ltd
-      ValidFrom: '2009-09-22 00:00:00'
-      ValidTo: '2012-10-18 23:59:59'
-      Signature: b7f68f477ab8836d5a2eaa9eaf9449186c71f90679d58058c558928f1ad7c76398511ce520afd6dce66540f536c377f824cf5b84fd60f83ead01a592fbce29cc51cca7da2fe8b50e89bc6999104fb406db3b878a7f9f148c767b668b84fcba161c1c14215de332cfcfc2fa52bce1543341231dd345b41da888372d4a2f82711f6125e029fd71859711bccd6b600247a440b6603296cfa9451e6ec81d51b1b7512705461af59e23e0423ba441c68025359a6e591c6370fa516188f8d720a16c6c7b24e975a204fbe5a3b8236443813e993d717df40642fe7d88d85aa1a51b47a3a05232da19c8f2de4144aa11d4577379c794ef9a48d60fc40f8793d5273a25da
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 38e7fa0db1a398f805bb85a69171dc9d
-      Version: 3
-      TBS:
-        MD5: 159feaed9447c7d71653069c337ec2b3
-        SHA1: 5079a8aa946ee016c86153d4456f58277360c036
-        SHA256: e76ee5754b8da5b514befb3a89eed638de08605326a1e611ddbed9e864551abf
-        SHA384: 9830194c19654f1196e74505a987588c36aa700489f3f482f1ad017bba6e39ebf9be18ab153da8cd9f8a672801820a87
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 38e7fa0db1a398f805bb85a69171dc9d
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 38314989283fdd5f45ec4d8d3d15e116
-    SHA1: a1b9eff6145e1176c41c86b0c49038a5c757b144
-    SHA256: 698ac0c9fdb4ab4afde156a75e859fcb43f91ebfc29d93e1efd9bd9a5d971fea
-  Sections:
-    .text:
-      Entropy: 6.061050295068108
-      Virtual Size: '0x26f3'
-    .rdata:
-      Entropy: 4.193579920546634
-      Virtual Size: '0x154'
-    .data:
-      Entropy: 3.4193819456463705
-      Virtual Size: '0x24'
-    PAGE:
-      Entropy: 5.613410605164544
-      Virtual Size: '0xcd'
-    INIT:
-      Entropy: 5.4626794075683645
-      Virtual Size: '0x5fe'
-    .reloc:
-      Entropy: 5.529407432639037
-      Virtual Size: '0x27e'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2012-02-22 20:49:09'
-  Imphash: 32204eaf2afa5b348ab17de07362885c
-  LoadsDespiteHVCI: 'FALSE'
-Tags:
-- DirectIo32.sys
+-   Filename: DirectIo32.sys
+    MD5: 79ab228766c76cfdf42a64722821711e
+    SHA1: b0a684474eb746876faa617a28824bee93ba24f0
+    SHA256: 0be4912bfd7a79f6ebfa1c06a59f0fb402bd4fe0158265780509edd0e562eac1
+    Authentihash:
+        MD5: 643df6049601b73ec4ceaa3d80673871
+        SHA1: 956c004dbed19d2682f159e03d4faa3e2e8fc56c
+        SHA256: a8492a553ee840235fd12fa47b6caf1e5a8c82c3f4b681921246d7f192ed9126
+    Description: ''
+    Company: ''
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    Product: ''
+    ProductVersion: ''
+    Copyright: ''
+    MachineType: I386
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - ZwUnmapViewOfSection
+    - ZwWriteFile
+    - PsGetProcessId
+    - NtBuildNumber
+    - RtlFillMemoryUlong
+    - ZwCreateFile
+    - memset
+    - memcpy
+    - MmGetPhysicalMemoryRanges
+    - IoWriteErrorLogEntry
+    - memmove
+    - IoAllocateErrorLogEntry
+    - IofCompleteRequest
+    - IoDeleteDevice
+    - RtlAppendUnicodeStringToString
+    - RtlIntegerToUnicodeString
+    - RtlAppendUnicodeToString
+    - ObfDereferenceObject
+    - RtlQueryRegistryValues
+    - ZwOpenKey
+    - _snwprintf
+    - RtlWriteRegistryValue
+    - KeWaitForSingleObject
+    - IofCallDriver
+    - IoBuildDeviceIoControlRequest
+    - KeInitializeEvent
+    - IoCreateSymbolicLink
+    - ObReferenceObjectByPointer
+    - IoGetDeviceObjectPointer
+    - IoCreateDevice
+    - wcsrchr
+    - DbgPrintEx
+    - KeQueryActiveProcessors
+    - KeRevertToUserAffinityThread
+    - KeSetSystemAffinityThread
+    - KeTickCount
+    - KeBugCheckEx
+    - ZwClose
+    - DbgPrint
+    - RtlInitUnicodeString
+    - ExAllocatePoolWithTag
+    - ZwQueryValueKey
+    - ExFreePoolWithTag
+    - IoDeleteSymbolicLink
+    - RtlAssert
+    - READ_PORT_USHORT
+    - READ_PORT_UCHAR
+    - WRITE_PORT_ULONG
+    - WRITE_PORT_USHORT
+    - WRITE_PORT_UCHAR
+    - KeGetCurrentIrql
+    - READ_PORT_ULONG
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G3
+            ValidFrom: '2012-05-01 00:00:00'
+            ValidTo: '2012-12-31 23:59:59'
+            Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
+            Version: 3
+            TBS:
+                MD5: e6d820afb23af20a65cf0b03247ea05e
+                SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
+                SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
+                SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=AU, ST=NSW, O=PassMark Software Pty Ltd, OU=Digital ID Class
+                3 , Microsoft Software Validation v2, CN=PassMark Software Pty Ltd
+            ValidFrom: '2009-09-22 00:00:00'
+            ValidTo: '2012-10-18 23:59:59'
+            Signature: b7f68f477ab8836d5a2eaa9eaf9449186c71f90679d58058c558928f1ad7c76398511ce520afd6dce66540f536c377f824cf5b84fd60f83ead01a592fbce29cc51cca7da2fe8b50e89bc6999104fb406db3b878a7f9f148c767b668b84fcba161c1c14215de332cfcfc2fa52bce1543341231dd345b41da888372d4a2f82711f6125e029fd71859711bccd6b600247a440b6603296cfa9451e6ec81d51b1b7512705461af59e23e0423ba441c68025359a6e591c6370fa516188f8d720a16c6c7b24e975a204fbe5a3b8236443813e993d717df40642fe7d88d85aa1a51b47a3a05232da19c8f2de4144aa11d4577379c794ef9a48d60fc40f8793d5273a25da
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 38e7fa0db1a398f805bb85a69171dc9d
+            Version: 3
+            TBS:
+                MD5: 159feaed9447c7d71653069c337ec2b3
+                SHA1: 5079a8aa946ee016c86153d4456f58277360c036
+                SHA256: e76ee5754b8da5b514befb3a89eed638de08605326a1e611ddbed9e864551abf
+                SHA384: 9830194c19654f1196e74505a987588c36aa700489f3f482f1ad017bba6e39ebf9be18ab153da8cd9f8a672801820a87
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 38e7fa0db1a398f805bb85a69171dc9d
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 765d558180f54ed27c00a071f14b9150
+        SHA1: 39040b1a672804c0f0173c4b6bb3632c29f9d99b
+        SHA256: beaf06a61f68e85f98275b59edc329b4d58f310175f1ba8f610c42f76c83fa78
+    Sections:
+        .text:
+            Entropy: 6.072885505483524
+            Virtual Size: '0x26d9'
+        .rdata:
+            Entropy: 4.092745241218812
+            Virtual Size: '0x14d'
+        .data:
+            Entropy: 3.4193819456463705
+            Virtual Size: '0x24'
+        PAGE:
+            Entropy: 5.613410605164544
+            Virtual Size: '0xcd'
+        INIT:
+            Entropy: 5.472543544418243
+            Virtual Size: '0x5ec'
+        .reloc:
+            Entropy: 5.537217390905003
+            Virtual Size: '0x282'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2012-05-29 19:37:59'
+    Imphash: e2c63196ed5368f03dabed73b1ff3409
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: DirectIo32.sys
+    MD5: e913a51f66e380837ffe8da6707d4cc4
+    SHA1: 0be77bb3720283c9a970a97dab25d2a312e86110
+    SHA256: 38b3eb8c86201d26353aab625cea672e60c2f66ce6f5e5eda673e8c3478bf305
+    Authentihash:
+        MD5: 91941a5ecd36d5eda1e509e9f525fc83
+        SHA1: 1ad46a8e038a62e146ddb5a4fe8ca5a56c53f018
+        SHA256: 542cd21b0c835b818e6b2eea2efe5b340ff3d554b2b7e13af084f0817cc920fd
+    Description: ''
+    Company: ''
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    Product: ''
+    ProductVersion: ''
+    Copyright: ''
+    MachineType: I386
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - ZwUnmapViewOfSection
+    - ZwWriteFile
+    - PsGetProcessId
+    - NtBuildNumber
+    - RtlFillMemoryUlong
+    - ZwCreateFile
+    - memset
+    - memcpy
+    - MmGetPhysicalMemoryRanges
+    - IoWriteErrorLogEntry
+    - memmove
+    - IoAllocateErrorLogEntry
+    - IofCompleteRequest
+    - IoDeleteDevice
+    - RtlAppendUnicodeStringToString
+    - ObfDereferenceObject
+    - RtlAppendUnicodeToString
+    - IoDeleteSymbolicLink
+    - RtlQueryRegistryValues
+    - ZwOpenKey
+    - RtlWriteRegistryValue
+    - KeWaitForSingleObject
+    - IofCallDriver
+    - IoBuildDeviceIoControlRequest
+    - KeInitializeEvent
+    - IoCreateSymbolicLink
+    - ObReferenceObjectByPointer
+    - IoGetDeviceObjectPointer
+    - IoCreateDevice
+    - KeQueryActiveProcessors
+    - KeRevertToUserAffinityThread
+    - KeSetSystemAffinityThread
+    - KeTickCount
+    - KeBugCheckEx
+    - ZwClose
+    - DbgPrint
+    - RtlInitUnicodeString
+    - ExAllocatePoolWithTag
+    - ZwQueryValueKey
+    - ExFreePoolWithTag
+    - RtlIntegerToUnicodeString
+    - RtlAssert
+    - READ_PORT_USHORT
+    - READ_PORT_UCHAR
+    - WRITE_PORT_ULONG
+    - WRITE_PORT_USHORT
+    - WRITE_PORT_UCHAR
+    - KeGetCurrentIrql
+    - READ_PORT_ULONG
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=AU, ST=NSW, O=PassMark Software Pty Ltd, OU=Digital ID Class
+                3 , Microsoft Software Validation v2, CN=PassMark Software Pty Ltd
+            ValidFrom: '2009-09-22 00:00:00'
+            ValidTo: '2012-10-18 23:59:59'
+            Signature: b7f68f477ab8836d5a2eaa9eaf9449186c71f90679d58058c558928f1ad7c76398511ce520afd6dce66540f536c377f824cf5b84fd60f83ead01a592fbce29cc51cca7da2fe8b50e89bc6999104fb406db3b878a7f9f148c767b668b84fcba161c1c14215de332cfcfc2fa52bce1543341231dd345b41da888372d4a2f82711f6125e029fd71859711bccd6b600247a440b6603296cfa9451e6ec81d51b1b7512705461af59e23e0423ba441c68025359a6e591c6370fa516188f8d720a16c6c7b24e975a204fbe5a3b8236443813e993d717df40642fe7d88d85aa1a51b47a3a05232da19c8f2de4144aa11d4577379c794ef9a48d60fc40f8793d5273a25da
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 38e7fa0db1a398f805bb85a69171dc9d
+            Version: 3
+            TBS:
+                MD5: 159feaed9447c7d71653069c337ec2b3
+                SHA1: 5079a8aa946ee016c86153d4456f58277360c036
+                SHA256: e76ee5754b8da5b514befb3a89eed638de08605326a1e611ddbed9e864551abf
+                SHA384: 9830194c19654f1196e74505a987588c36aa700489f3f482f1ad017bba6e39ebf9be18ab153da8cd9f8a672801820a87
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 38e7fa0db1a398f805bb85a69171dc9d
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: bdaae5ccba049985b33c943d9a3ef28e
+        SHA1: 0061b9039804cc086dbae70e788e91b9a85c5128
+        SHA256: c46f0e8863984c8b11a0ae9872cc81e67e15608f50035ce728700fce24b59787
+    Sections:
+        .text:
+            Entropy: 6.043042283001294
+            Virtual Size: '0x2537'
+        .rdata:
+            Entropy: 4.164825953238762
+            Virtual Size: '0x144'
+        .data:
+            Entropy: 3.625
+            Virtual Size: '0x20'
+        PAGE:
+            Entropy: 5.630531458844188
+            Virtual Size: '0xcd'
+        INIT:
+            Entropy: 5.468877748140006
+            Virtual Size: '0x5ba'
+        .reloc:
+            Entropy: 5.422595746439076
+            Virtual Size: '0x258'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2012-05-07 23:45:54'
+    Imphash: 68b717fa2ab9431cd176776363359d48
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: DirectIo32.sys
+    MD5: 8ac6d458abbe4f5280996eb90235377c
+    SHA1: bd421ffdcc074ecca954d9b2c2fbce9301e9a36c
+    SHA256: 3f9530c94b689f39cc83377d76979d443275012e022782a600dcb5cad4cca6aa
+    Authentihash:
+        MD5: e4b5345eaa754dce6279e13b09b491ca
+        SHA1: ae806ca05e141b71664d9c6f20cc2369ef26f996
+        SHA256: 38fa9b5b66a11fd7387012c5c4bbd414eca8361273d57dba1e49aa6af23337f3
+    Description: ''
+    Company: ''
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    Product: ''
+    ProductVersion: ''
+    Copyright: ''
+    MachineType: I386
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoBuildSynchronousFsdRequest
+    - KeInitializeEvent
+    - IoGetDeviceProperty
+    - ObfDereferenceObject
+    - IoEnumerateDeviceObjectList
+    - ObReferenceObjectByName
+    - IoDriverObjectType
+    - IoGetAttachedDeviceReference
+    - IoFreeMdl
+    - MmMapLockedPagesSpecifyCache
+    - MmBuildMdlForNonPagedPool
+    - MmUnmapIoSpace
+    - IoAllocateMdl
+    - MmMapIoSpace
+    - ZwMapViewOfSection
+    - ZwClose
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - MmUnmapLockedPages
+    - ZwUnmapViewOfSection
+    - ZwWriteFile
+    - PsGetProcessId
+    - NtBuildNumber
+    - RtlFillMemoryUlong
+    - ZwCreateFile
+    - memset
+    - IofCallDriver
+    - MmGetPhysicalMemoryRanges
+    - IoWriteErrorLogEntry
+    - memmove
+    - IoAllocateErrorLogEntry
+    - RtlQueryRegistryValues
+    - IoDeleteDevice
+    - RtlAppendUnicodeStringToString
+    - RtlIntegerToUnicodeString
+    - RtlAppendUnicodeToString
+    - IoDeleteSymbolicLink
+    - ZwOpenKey
+    - RtlWriteRegistryValue
+    - IoBuildDeviceIoControlRequest
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - ObReferenceObjectByPointer
+    - IoGetDeviceObjectPointer
+    - IoCreateDevice
+    - wcsrchr
+    - DbgPrintEx
+    - KeQueryActiveProcessors
+    - KeRevertToUserAffinityThread
+    - KeSetSystemAffinityThread
+    - KeTickCount
+    - KeBugCheckEx
+    - RtlUnwind
+    - KeWaitForSingleObject
+    - DbgPrint
+    - RtlInitUnicodeString
+    - ExAllocatePoolWithTag
+    - ZwQueryValueKey
+    - ExFreePoolWithTag
+    - _vsnwprintf
+    - memcpy
+    - RtlAssert
+    - READ_PORT_USHORT
+    - READ_PORT_UCHAR
+    - WRITE_PORT_ULONG
+    - WRITE_PORT_USHORT
+    - WRITE_PORT_UCHAR
+    - KeStallExecutionProcessor
+    - KeGetCurrentIrql
+    - READ_PORT_ULONG
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 56fe535ce1c79ebca7ed7e536d6a144b518c405e805faaa4e82fef38c804c9ca3ecfdf3a584eb0d4b663c52957fa02059a454d68db2a1bd4343d9f00c35acb9549a56ee1b0c5fc414d414a6fd377c8d7388de419de18f31f1565836d450c53f90a9a2ea55dbf6f32811892196a5500ad631c52067e55d92968ae4a7c189a79886b2323d827382a298776cafbc7b662231fed7a564cdd9c325bf53d0c4618953b2a2368836441d9006d0f1924156872bdc571676eac4cdb90eb51a51a6207d0be6a00473c722fec4f613e7385ce5a0ab7bac01c1375e3223928dd6d1d09469d4fbae8408191c6a4ce94721b01cf2a6e15679589ae7db7b7cdf90a3d75b66b3c25
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47974d7873a5bcab0d2fb370192fce5e
+            Version: 3
+            TBS:
+                MD5: e3a93dc2a8a8a668fdbb286bfe9afab5
+                SHA1: 95795d2aa2a554a423bc8c6e5b0a016d14887d35
+                SHA256: d8844186775bddbccaf3dc017064df7d760fd4b85c5d07561a3efd7da950f89e
+                SHA384: 78d972495720b43a6470b18ae1226bcca20707628087717a9364c14ca053ba264e6d149718b103542d9942200138a69d
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=AU, ST=New South Wales, L=Sydney, O=PassMark Software Pty Ltd,
+                OU=Secure Application Development, CN=PassMark Software Pty Ltd
+            ValidFrom: '2014-10-23 00:00:00'
+            ValidTo: '2017-01-13 23:59:59'
+            Signature: 2a7625d379f9d98000b6a91746a285e932f9b02086b92f0f5511369a2fe6917b6b0b1f833094654288a1b282fe4057f84aa07a68c19a460d989c2935df87248a85456b058fcb53b1a5f3d037735374336fb58c1ff3d8973017b0aefac3e114f0d439239b2c7f3e1ef073bd38748dfd81ad871e50e71ece4cb43d44de9b36f13240b52c20a02a74581ba72f526f8362bf8bff2e51884cfdaf89859fe8ffd32e82d36745d05754c7161ee5945647d6fb907f347f0448761bf6dcd40ead8a425b4e575fc13ce3a74d1b99504a6db112fb1fb930c11488f702bc9fc78f278c4a987fa4de2382839206d25290cb74895c82be23d5d44002745c4e7a3cab28f42583f1
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 5ece8cdb4d508efee821a7cfff5b8016
+            Version: 3
+            TBS:
+                MD5: fbbc2fd31bef7df6deb6127e593c71bb
+                SHA1: 82b8bf771c8f1b038935f84e2a41a37c30650003
+                SHA256: ed0d4e6cc774379d4622d107da1a202d9f330e7a68b03abd182ec86685ec7067
+                SHA384: d774707c21ab68e089c3a431d1a85fa8037cf9f5148930ffecb95f979603ee80322b6bdd156d49d85b3a91d527f6034a
+        -   Subject: C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c)
+                2006 thawte, Inc. , For authorized use only, CN=thawte Primary Root
+                CA
+            ValidFrom: '2011-02-22 19:31:57'
+            ValidTo: '2021-02-22 19:41:57'
+            Signature: 2dcc71b5e8ba94ff5ee64467007b6afc412c3ee70e41855ab12a932ba95b89f2f72b499c8003f297b8e760a80ed7fd5de545467594f4ed1c9de166228b61fb29f2c6a8bdf387c98f7f47e1c058b64a1aa2e7f718606969e083069e26c775c40c0d79da746b52b9fae8ea3359b9bb18dd291a14dfd36a37277a9da0dacffffc22c4faf009ff33e93e17ba1cc742cfce2743d30c0c5581303db96060ce02ece19ee81ddc852ce0a18d966d95ac17a4713ea16741b6281d2ce3b615e5b7e5a2f6256d86e320acf9f8314f8e629b9833376d6af735523e90feb03b5fc5b852a9e06ea0479a279e97aea24a9e531939ec357ec659de3ae0aaf533f06abda0821812dea18c4570ca2bd62e959145995a5c240049bd23b30ceca43df5b9e1d1b1825a38eea3fba1ab483a8c5dffa065223fd3d3fe4990db1446a3852e8a554b09ab38b2ab63a008d1fdad48e273d812bcc26ca516fad09ac05e38383a2b718e553aac42197a1f0d4220e7ab5d8c6880524ca1c0d488d02321fb901309007b4937afa9df486022abf4f6c2363bf8513c34bbc586e43ae19f4b90fe5461024b159c34176aa94b8d4cb69d2326c83af1d6b805cdda1d6240183a2f1b41cd3a993a0aa9d1d77eb8c4aff7b8c980105ed55df6ce7a9a02c50f6381efb564e9fc5bd8d2619a68c37cf9c78df91e87d5fa2cf816ae9dab068fc86dc741cda14e84e3dac26ebcfb
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611fb0a400000000001d
+            Version: 3
+            TBS:
+                MD5: a3f222107d4e1085e73b5b589c2f480b
+                SHA1: b94aa26cd77c48d91a53ac44506cbd255e1d362c
+                SHA256: a39ed0d6fd4eb1a6f7fed60f726e23eae668b7591bc004644625d22c701213fa
+                SHA384: 64b7643e4146016cbf83c911eb67e4601b6bb8d66f8ee8dcee67b815f91770d86ab23678b984430f22a963e5484881b7
+        Signer:
+        -   SerialNumber: 5ece8cdb4d508efee821a7cfff5b8016
+            Issuer: C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2
+            Version: 1
+    RichPEHeaderHash:
+        MD5: e8e9418525c79781b2801bde5da6f541
+        SHA1: 30714e68eee4eb992462c2aee50c9fca77c98299
+        SHA256: 90241e844553b5439be81ddd9accb390ef1d052371ded8c3bf17190f425e1b44
+    Sections:
+        .text:
+            Entropy: 6.228494768524962
+            Virtual Size: '0x3805'
+        .rdata:
+            Entropy: 4.190420870369975
+            Virtual Size: '0x204'
+        .data:
+            Entropy: 3.108247650458953
+            Virtual Size: '0x34'
+        PAGE:
+            Entropy: 5.538055649345997
+            Virtual Size: '0xcd'
+        INIT:
+            Entropy: 5.61277320867206
+            Virtual Size: '0x784'
+        .reloc:
+            Entropy: 5.684854112325549
+            Virtual Size: '0x352'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2015-02-17 15:48:32'
+    Imphash: eade2a2576f329e4971bf5044ab24ac7
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: DirectIo32.sys
+    MD5: 592756f68ab8ae590662b0c4212a3bb9
+    SHA1: aadaec4c31d661c249e4cf455ec752fffa3e5cfc
+    SHA256: 65025741ecd0ef516da01319b42c2d96e13cb8d78de53fb7e39cd53ea6d58c75
+    Authentihash:
+        MD5: ae08002e9920a85b42f78d85e4f5baaa
+        SHA1: 6e2ea1d108b9f05f2d077ed6c254a70e2b11251d
+        SHA256: fb7cb120d51e217ee4cc50bee619603be5eb6091634df45acc5249aed283c9be
+    Description: ''
+    Company: ''
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    Product: ''
+    ProductVersion: ''
+    Copyright: ''
+    MachineType: I386
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - ZwUnmapViewOfSection
+    - ZwWriteFile
+    - PsGetProcessId
+    - NtBuildNumber
+    - RtlFillMemoryUlong
+    - ZwCreateFile
+    - memset
+    - memcpy
+    - MmGetPhysicalMemoryRanges
+    - IoWriteErrorLogEntry
+    - memmove
+    - IoAllocateErrorLogEntry
+    - IofCompleteRequest
+    - IoDeleteDevice
+    - RtlAppendUnicodeStringToString
+    - ObfDereferenceObject
+    - RtlAppendUnicodeToString
+    - IoDeleteSymbolicLink
+    - RtlQueryRegistryValues
+    - ZwOpenKey
+    - RtlWriteRegistryValue
+    - KeWaitForSingleObject
+    - IofCallDriver
+    - IoBuildDeviceIoControlRequest
+    - KeInitializeEvent
+    - IoCreateSymbolicLink
+    - ObReferenceObjectByPointer
+    - IoGetDeviceObjectPointer
+    - IoCreateDevice
+    - KeQueryActiveProcessors
+    - KeRevertToUserAffinityThread
+    - KeSetSystemAffinityThread
+    - KeTickCount
+    - KeBugCheckEx
+    - ZwClose
+    - DbgPrint
+    - RtlInitUnicodeString
+    - ExAllocatePoolWithTag
+    - ZwQueryValueKey
+    - ExFreePoolWithTag
+    - RtlIntegerToUnicodeString
+    - RtlAssert
+    - READ_PORT_USHORT
+    - READ_PORT_UCHAR
+    - WRITE_PORT_ULONG
+    - WRITE_PORT_USHORT
+    - WRITE_PORT_UCHAR
+    - KeGetCurrentIrql
+    - READ_PORT_ULONG
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=AU, ST=NSW, O=PassMark Software Pty Ltd, OU=Digital ID Class
+                3 , Microsoft Software Validation v2, CN=PassMark Software Pty Ltd
+            ValidFrom: '2009-09-22 00:00:00'
+            ValidTo: '2012-10-18 23:59:59'
+            Signature: b7f68f477ab8836d5a2eaa9eaf9449186c71f90679d58058c558928f1ad7c76398511ce520afd6dce66540f536c377f824cf5b84fd60f83ead01a592fbce29cc51cca7da2fe8b50e89bc6999104fb406db3b878a7f9f148c767b668b84fcba161c1c14215de332cfcfc2fa52bce1543341231dd345b41da888372d4a2f82711f6125e029fd71859711bccd6b600247a440b6603296cfa9451e6ec81d51b1b7512705461af59e23e0423ba441c68025359a6e591c6370fa516188f8d720a16c6c7b24e975a204fbe5a3b8236443813e993d717df40642fe7d88d85aa1a51b47a3a05232da19c8f2de4144aa11d4577379c794ef9a48d60fc40f8793d5273a25da
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 38e7fa0db1a398f805bb85a69171dc9d
+            Version: 3
+            TBS:
+                MD5: 159feaed9447c7d71653069c337ec2b3
+                SHA1: 5079a8aa946ee016c86153d4456f58277360c036
+                SHA256: e76ee5754b8da5b514befb3a89eed638de08605326a1e611ddbed9e864551abf
+                SHA384: 9830194c19654f1196e74505a987588c36aa700489f3f482f1ad017bba6e39ebf9be18ab153da8cd9f8a672801820a87
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 38e7fa0db1a398f805bb85a69171dc9d
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 734407991bf996dcce877cc270aa0c2e
+        SHA1: 34393468374dd93a1ac2d35d46a897d0f88e57df
+        SHA256: ee0c3e409a4b3b20f4c32627212bd49db7d120ac6c180fda7f4a0d2b794841c4
+    Sections:
+        .text:
+            Entropy: 6.0540990271280695
+            Virtual Size: '0x2559'
+        .rdata:
+            Entropy: 4.140406079254939
+            Virtual Size: '0x13b'
+        .data:
+            Entropy: 3.625
+            Virtual Size: '0x20'
+        PAGE:
+            Entropy: 5.630531458844188
+            Virtual Size: '0xcd'
+        INIT:
+            Entropy: 5.476536863560775
+            Virtual Size: '0x5ba'
+        .reloc:
+            Entropy: 5.4555025563265716
+            Virtual Size: '0x258'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2012-05-14 10:58:59'
+    Imphash: 68b717fa2ab9431cd176776363359d48
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: DirectIo32.sys
+    MD5: 0a653d9d0594b152ca835d0b2593269f
+    SHA1: 6102b73489e1d319c0db7b84cb2c426c5f680120
+    SHA256: 72288d4978ee87ea6c8b1566dbd906107357087cef7364fb3dd1e1896d00baeb
+    Authentihash:
+        MD5: 4ffb30623d9570c0a19742435ba230bb
+        SHA1: 9703903219c7d7f88748fd68f277649b82f2df83
+        SHA256: c3a215473d836c1d7315f371bff4dea956d7d1b440e43b4671f6e3772bae00dd
+    Description: ''
+    Company: ''
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    Product: ''
+    ProductVersion: ''
+    Copyright: ''
+    MachineType: I386
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - ObfDereferenceObject
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - ZwUnmapViewOfSection
+    - ZwWriteFile
+    - PsGetProcessId
+    - NtBuildNumber
+    - RtlFillMemoryUlong
+    - ZwCreateFile
+    - memset
+    - memcpy
+    - MmGetPhysicalMemoryRanges
+    - IoWriteErrorLogEntry
+    - memmove
+    - IoAllocateErrorLogEntry
+    - IofCompleteRequest
+    - IoDeleteDevice
+    - RtlAppendUnicodeStringToString
+    - RtlIntegerToUnicodeString
+    - ZwClose
+    - IoDeleteSymbolicLink
+    - RtlQueryRegistryValues
+    - ZwOpenKey
+    - RtlWriteRegistryValue
+    - KeWaitForSingleObject
+    - IofCallDriver
+    - IoBuildDeviceIoControlRequest
+    - KeInitializeEvent
+    - IoCreateSymbolicLink
+    - ObReferenceObjectByPointer
+    - IoGetDeviceObjectPointer
+    - IoCreateDevice
+    - wcsrchr
+    - DbgPrintEx
+    - KeQueryActiveProcessors
+    - KeRevertToUserAffinityThread
+    - KeSetSystemAffinityThread
+    - KeTickCount
+    - KeBugCheckEx
+    - DbgPrint
+    - RtlInitUnicodeString
+    - ExAllocatePoolWithTag
+    - ZwQueryValueKey
+    - ExFreePoolWithTag
+    - _vsnwprintf
+    - RtlAppendUnicodeToString
+    - RtlAssert
+    - READ_PORT_USHORT
+    - READ_PORT_UCHAR
+    - WRITE_PORT_ULONG
+    - WRITE_PORT_USHORT
+    - WRITE_PORT_UCHAR
+    - KeGetCurrentIrql
+    - READ_PORT_ULONG
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G3
+            ValidFrom: '2012-05-01 00:00:00'
+            ValidTo: '2012-12-31 23:59:59'
+            Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
+            Version: 3
+            TBS:
+                MD5: e6d820afb23af20a65cf0b03247ea05e
+                SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
+                SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
+                SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=AU, ST=NSW, O=PassMark Software Pty Ltd, OU=Digital ID Class
+                3 , Microsoft Software Validation v2, CN=PassMark Software Pty Ltd
+            ValidFrom: '2009-09-22 00:00:00'
+            ValidTo: '2012-10-18 23:59:59'
+            Signature: b7f68f477ab8836d5a2eaa9eaf9449186c71f90679d58058c558928f1ad7c76398511ce520afd6dce66540f536c377f824cf5b84fd60f83ead01a592fbce29cc51cca7da2fe8b50e89bc6999104fb406db3b878a7f9f148c767b668b84fcba161c1c14215de332cfcfc2fa52bce1543341231dd345b41da888372d4a2f82711f6125e029fd71859711bccd6b600247a440b6603296cfa9451e6ec81d51b1b7512705461af59e23e0423ba441c68025359a6e591c6370fa516188f8d720a16c6c7b24e975a204fbe5a3b8236443813e993d717df40642fe7d88d85aa1a51b47a3a05232da19c8f2de4144aa11d4577379c794ef9a48d60fc40f8793d5273a25da
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 38e7fa0db1a398f805bb85a69171dc9d
+            Version: 3
+            TBS:
+                MD5: 159feaed9447c7d71653069c337ec2b3
+                SHA1: 5079a8aa946ee016c86153d4456f58277360c036
+                SHA256: e76ee5754b8da5b514befb3a89eed638de08605326a1e611ddbed9e864551abf
+                SHA384: 9830194c19654f1196e74505a987588c36aa700489f3f482f1ad017bba6e39ebf9be18ab153da8cd9f8a672801820a87
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 38e7fa0db1a398f805bb85a69171dc9d
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 765d558180f54ed27c00a071f14b9150
+        SHA1: 39040b1a672804c0f0173c4b6bb3632c29f9d99b
+        SHA256: beaf06a61f68e85f98275b59edc329b4d58f310175f1ba8f610c42f76c83fa78
+    Sections:
+        .text:
+            Entropy: 6.094411959893321
+            Virtual Size: '0x27cb'
+        .rdata:
+            Entropy: 4.0771638057775
+            Virtual Size: '0x14d'
+        .data:
+            Entropy: 3.4193819456463705
+            Virtual Size: '0x24'
+        PAGE:
+            Entropy: 5.606645620052774
+            Virtual Size: '0xcd'
+        INIT:
+            Entropy: 5.474590145522427
+            Virtual Size: '0x5ec'
+        .reloc:
+            Entropy: 5.535152929801922
+            Virtual Size: '0x280'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2012-08-12 22:30:17'
+    Imphash: 427cd9c70cca88ca1db61a5ddc3b8450
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: DirectIo32.sys
+    MD5: e140cb81bd27434fc4fd9080b7551922
+    SHA1: 2a06006e54c62a2e8bdf14313f90f0ab5d2f8de8
+    SHA256: 7dfc2eb033d2e090540860b8853036f40736d02bd22099ff6cf665a90be659cd
+    Authentihash:
+        MD5: c62966c201e259ff8b2642470b2bd621
+        SHA1: abe422f9289fe922f671cc70c78046e2bde5e309
+        SHA256: c0752dc13548fe8d3b5a7a73c04ebcd7bcfa5e4ecec9ba233d193bd36ed4b54e
+    Description: ''
+    Company: ''
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    Product: ''
+    ProductVersion: ''
+    Copyright: ''
+    MachineType: I386
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoBuildSynchronousFsdRequest
+    - KeInitializeEvent
+    - IoGetDeviceProperty
+    - ObfDereferenceObject
+    - IoEnumerateDeviceObjectList
+    - ObReferenceObjectByName
+    - IoDriverObjectType
+    - IoGetAttachedDeviceReference
+    - IoFreeMdl
+    - MmMapLockedPagesSpecifyCache
+    - MmBuildMdlForNonPagedPool
+    - MmUnmapIoSpace
+    - IoAllocateMdl
+    - MmMapIoSpace
+    - ZwMapViewOfSection
+    - ZwClose
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - MmUnmapLockedPages
+    - ZwUnmapViewOfSection
+    - ZwWriteFile
+    - PsGetProcessId
+    - NtBuildNumber
+    - RtlFillMemoryUlong
+    - ZwCreateFile
+    - memset
+    - IofCallDriver
+    - MmGetPhysicalMemoryRanges
+    - IoWriteErrorLogEntry
+    - memmove
+    - IoAllocateErrorLogEntry
+    - IoDeleteDevice
+    - RtlAppendUnicodeStringToString
+    - RtlIntegerToUnicodeString
+    - RtlAppendUnicodeToString
+    - IoDeleteSymbolicLink
+    - RtlQueryRegistryValues
+    - ZwOpenKey
+    - RtlWriteRegistryValue
+    - IoBuildDeviceIoControlRequest
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - ObReferenceObjectByPointer
+    - IoGetDeviceObjectPointer
+    - IoCreateDevice
+    - wcsrchr
+    - DbgPrintEx
+    - KeQueryActiveProcessors
+    - KeRevertToUserAffinityThread
+    - KeSetSystemAffinityThread
+    - KeTickCount
+    - KeBugCheckEx
+    - RtlUnwind
+    - KeWaitForSingleObject
+    - DbgPrint
+    - RtlInitUnicodeString
+    - ExAllocatePoolWithTag
+    - ZwQueryValueKey
+    - ExFreePoolWithTag
+    - _vsnwprintf
+    - memcpy
+    - RtlAssert
+    - READ_PORT_USHORT
+    - READ_PORT_UCHAR
+    - WRITE_PORT_ULONG
+    - WRITE_PORT_USHORT
+    - WRITE_PORT_UCHAR
+    - KeStallExecutionProcessor
+    - KeGetCurrentIrql
+    - READ_PORT_ULONG
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=AU, ST=New South Wales, L=Sydney, O=PassMark Software Pty Ltd,
+                OU=Secure Application Development, CN=PassMark Software Pty Ltd
+            ValidFrom: '2013-01-14 00:00:00'
+            ValidTo: '2015-01-14 23:59:59'
+            Signature: 962575976d67babaeead5b02f75eb90413510ab88431e41e557b88607fdb1788cc2a92e9314ec15ad64a575e59ad1d56b393600e9821e2ba7e50a4e8c7a8bbac03da75a6aa19c5ea5a74e541a0ee96928771368dce74948facce20e2fde3165fb5f5a5aa1c7f1809fca417d1179e7f4f46ade45c1c9f1b9696337719ca36dc304a0df468908064e37f878eeddc42a4b417652d563615134bc7f52927f8f96717b63631df61403dbad145e56ad07a466c911fca193cbe2e013925287326bf7c4870c0a7564be57688769c742685822b853bcc7ef4d53e322ac619c85a90693ecf40674cd9286cdac7da899b50a13c69433cbc298e176d7dbecf178fffd66a79f3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 6ec5060c23b767aa5eb4fe5ddad4af2d
+            Version: 3
+            TBS:
+                MD5: 68d63143985e350ea05f95c3c989d910
+                SHA1: 35d4099366238cdf0d0568367df87e76a721e4e4
+                SHA256: 565f57952c378ad23755193c410d80a4b4cf11374e8d68ae7ad35d58f7bd2705
+                SHA384: 4bd08adf5fda0e77a40698a53035b92924ac76993d1b3653da1db17f24e99f4525bdf5c31e5b2b0923bb76033f2804ac
+        -   Subject: C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 56fe535ce1c79ebca7ed7e536d6a144b518c405e805faaa4e82fef38c804c9ca3ecfdf3a584eb0d4b663c52957fa02059a454d68db2a1bd4343d9f00c35acb9549a56ee1b0c5fc414d414a6fd377c8d7388de419de18f31f1565836d450c53f90a9a2ea55dbf6f32811892196a5500ad631c52067e55d92968ae4a7c189a79886b2323d827382a298776cafbc7b662231fed7a564cdd9c325bf53d0c4618953b2a2368836441d9006d0f1924156872bdc571676eac4cdb90eb51a51a6207d0be6a00473c722fec4f613e7385ce5a0ab7bac01c1375e3223928dd6d1d09469d4fbae8408191c6a4ce94721b01cf2a6e15679589ae7db7b7cdf90a3d75b66b3c25
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47974d7873a5bcab0d2fb370192fce5e
+            Version: 3
+            TBS:
+                MD5: e3a93dc2a8a8a668fdbb286bfe9afab5
+                SHA1: 95795d2aa2a554a423bc8c6e5b0a016d14887d35
+                SHA256: d8844186775bddbccaf3dc017064df7d760fd4b85c5d07561a3efd7da950f89e
+                SHA384: 78d972495720b43a6470b18ae1226bcca20707628087717a9364c14ca053ba264e6d149718b103542d9942200138a69d
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c)
+                2006 thawte, Inc. , For authorized use only, CN=thawte Primary Root
+                CA
+            ValidFrom: '2011-02-22 19:31:57'
+            ValidTo: '2021-02-22 19:41:57'
+            Signature: 2dcc71b5e8ba94ff5ee64467007b6afc412c3ee70e41855ab12a932ba95b89f2f72b499c8003f297b8e760a80ed7fd5de545467594f4ed1c9de166228b61fb29f2c6a8bdf387c98f7f47e1c058b64a1aa2e7f718606969e083069e26c775c40c0d79da746b52b9fae8ea3359b9bb18dd291a14dfd36a37277a9da0dacffffc22c4faf009ff33e93e17ba1cc742cfce2743d30c0c5581303db96060ce02ece19ee81ddc852ce0a18d966d95ac17a4713ea16741b6281d2ce3b615e5b7e5a2f6256d86e320acf9f8314f8e629b9833376d6af735523e90feb03b5fc5b852a9e06ea0479a279e97aea24a9e531939ec357ec659de3ae0aaf533f06abda0821812dea18c4570ca2bd62e959145995a5c240049bd23b30ceca43df5b9e1d1b1825a38eea3fba1ab483a8c5dffa065223fd3d3fe4990db1446a3852e8a554b09ab38b2ab63a008d1fdad48e273d812bcc26ca516fad09ac05e38383a2b718e553aac42197a1f0d4220e7ab5d8c6880524ca1c0d488d02321fb901309007b4937afa9df486022abf4f6c2363bf8513c34bbc586e43ae19f4b90fe5461024b159c34176aa94b8d4cb69d2326c83af1d6b805cdda1d6240183a2f1b41cd3a993a0aa9d1d77eb8c4aff7b8c980105ed55df6ce7a9a02c50f6381efb564e9fc5bd8d2619a68c37cf9c78df91e87d5fa2cf816ae9dab068fc86dc741cda14e84e3dac26ebcfb
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611fb0a400000000001d
+            Version: 3
+            TBS:
+                MD5: a3f222107d4e1085e73b5b589c2f480b
+                SHA1: b94aa26cd77c48d91a53ac44506cbd255e1d362c
+                SHA256: a39ed0d6fd4eb1a6f7fed60f726e23eae668b7591bc004644625d22c701213fa
+                SHA384: 64b7643e4146016cbf83c911eb67e4601b6bb8d66f8ee8dcee67b815f91770d86ab23678b984430f22a963e5484881b7
+        Signer:
+        -   SerialNumber: 6ec5060c23b767aa5eb4fe5ddad4af2d
+            Issuer: C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 48d4f16811ddd51f0b0dfcc0d54e38b0
+        SHA1: cd935f133cb091515e17af73958f40ff2f38a637
+        SHA256: abd3700677467347253a474d80771952d516b441f3437a2038b2ef6d91316290
+    Sections:
+        .text:
+            Entropy: 6.2285329518114985
+            Virtual Size: '0x3815'
+        .rdata:
+            Entropy: 4.064531984619777
+            Virtual Size: '0x204'
+        .data:
+            Entropy: 3.108247650458953
+            Virtual Size: '0x34'
+        PAGE:
+            Entropy: 5.551494124966307
+            Virtual Size: '0xcd'
+        INIT:
+            Entropy: 5.614365858236212
+            Virtual Size: '0x784'
+        .reloc:
+            Entropy: 5.653025095053076
+            Virtual Size: '0x350'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2014-03-10 10:45:24'
+    Imphash: a7f2c2e8e9d6c90e28819d1a3ab84bc8
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: DirectIo32.sys
+    MD5: 10e681ce84afdd642e59ddfdb28284e9
+    SHA1: 983a8d4b1cb68140740a7680f929d493463e32e3
+    SHA256: e3b257357be41a18319332df7023c4407e2b93ac4c9e0c6754032e29f3763eac
+    Authentihash:
+        MD5: d2fd725385f0f7acb722a5cb177b40aa
+        SHA1: de239bda4c75f8b2cfbbf74823466491d2e1f76d
+        SHA256: d6753d2e6cf2f11932b4fedd4362ab57651f8f3baa886eace22fd98a14ebc2e8
+    Description: ''
+    Company: ''
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    Product: ''
+    ProductVersion: ''
+    Copyright: ''
+    MachineType: I386
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - ZwUnmapViewOfSection
+    - ZwWriteFile
+    - PsGetProcessId
+    - NtBuildNumber
+    - RtlFillMemoryUlong
+    - ZwCreateFile
+    - memset
+    - memcpy
+    - MmGetPhysicalMemoryRanges
+    - IoWriteErrorLogEntry
+    - memmove
+    - IoAllocateErrorLogEntry
+    - IofCompleteRequest
+    - IoDeleteDevice
+    - RtlAppendUnicodeStringToString
+    - RtlIntegerToUnicodeString
+    - RtlAppendUnicodeToString
+    - ObfDereferenceObject
+    - RtlQueryRegistryValues
+    - ZwOpenKey
+    - _snwprintf_s
+    - RtlWriteRegistryValue
+    - KeWaitForSingleObject
+    - IofCallDriver
+    - IoBuildDeviceIoControlRequest
+    - KeInitializeEvent
+    - IoCreateSymbolicLink
+    - ObReferenceObjectByPointer
+    - IoGetDeviceObjectPointer
+    - IoCreateDevice
+    - wcscpy_s
+    - wcsrchr
+    - DbgPrintEx
+    - KeQueryActiveProcessors
+    - KeRevertToUserAffinityThread
+    - KeSetSystemAffinityThread
+    - KeTickCount
+    - KeBugCheckEx
+    - ZwClose
+    - DbgPrint
+    - RtlInitUnicodeString
+    - ExAllocatePoolWithTag
+    - ZwQueryValueKey
+    - ExFreePoolWithTag
+    - IoDeleteSymbolicLink
+    - RtlAssert
+    - READ_PORT_USHORT
+    - READ_PORT_UCHAR
+    - WRITE_PORT_ULONG
+    - WRITE_PORT_USHORT
+    - WRITE_PORT_UCHAR
+    - KeGetCurrentIrql
+    - READ_PORT_ULONG
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G3
+            ValidFrom: '2012-05-01 00:00:00'
+            ValidTo: '2012-12-31 23:59:59'
+            Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
+            Version: 3
+            TBS:
+                MD5: e6d820afb23af20a65cf0b03247ea05e
+                SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
+                SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
+                SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=AU, ST=NSW, O=PassMark Software Pty Ltd, OU=Digital ID Class
+                3 , Microsoft Software Validation v2, CN=PassMark Software Pty Ltd
+            ValidFrom: '2009-09-22 00:00:00'
+            ValidTo: '2012-10-18 23:59:59'
+            Signature: b7f68f477ab8836d5a2eaa9eaf9449186c71f90679d58058c558928f1ad7c76398511ce520afd6dce66540f536c377f824cf5b84fd60f83ead01a592fbce29cc51cca7da2fe8b50e89bc6999104fb406db3b878a7f9f148c767b668b84fcba161c1c14215de332cfcfc2fa52bce1543341231dd345b41da888372d4a2f82711f6125e029fd71859711bccd6b600247a440b6603296cfa9451e6ec81d51b1b7512705461af59e23e0423ba441c68025359a6e591c6370fa516188f8d720a16c6c7b24e975a204fbe5a3b8236443813e993d717df40642fe7d88d85aa1a51b47a3a05232da19c8f2de4144aa11d4577379c794ef9a48d60fc40f8793d5273a25da
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 38e7fa0db1a398f805bb85a69171dc9d
+            Version: 3
+            TBS:
+                MD5: 159feaed9447c7d71653069c337ec2b3
+                SHA1: 5079a8aa946ee016c86153d4456f58277360c036
+                SHA256: e76ee5754b8da5b514befb3a89eed638de08605326a1e611ddbed9e864551abf
+                SHA384: 9830194c19654f1196e74505a987588c36aa700489f3f482f1ad017bba6e39ebf9be18ab153da8cd9f8a672801820a87
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 38e7fa0db1a398f805bb85a69171dc9d
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 38314989283fdd5f45ec4d8d3d15e116
+        SHA1: a1b9eff6145e1176c41c86b0c49038a5c757b144
+        SHA256: 698ac0c9fdb4ab4afde156a75e859fcb43f91ebfc29d93e1efd9bd9a5d971fea
+    Sections:
+        .text:
+            Entropy: 6.071623655142026
+            Virtual Size: '0x2717'
+        .rdata:
+            Entropy: 4.121756234287931
+            Virtual Size: '0x14d'
+        .data:
+            Entropy: 3.4193819456463705
+            Virtual Size: '0x24'
+        PAGE:
+            Entropy: 5.62316670272552
+            Virtual Size: '0xcd'
+        INIT:
+            Entropy: 5.463728716873735
+            Virtual Size: '0x5fe'
+        .reloc:
+            Entropy: 5.542859163741398
+            Virtual Size: '0x27e'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2012-07-30 19:02:19'
+    Imphash: 32204eaf2afa5b348ab17de07362885c
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: DirectIo32.sys
+    MD5: aa5dd4beca6f67733e04d9d050ecd523
+    SHA1: ebafebe5e94fdf12bd2159ed66d73268576bc7d9
+    SHA256: e4c154a0073bbad3c9f8ab7218e9b3be252ae705c20c568861dae4088f17ffcc
+    Authentihash:
+        MD5: e631c2272278e20c81a8d8dcb825ae78
+        SHA1: ef06513dc0f8456e09260857fd63ee1222c60c82
+        SHA256: 507cee84e2924e81916c8bf090efb1beab3c258a79e1e1bf3637b8b7824d0a86
+    Description: ''
+    Company: ''
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    Product: ''
+    ProductVersion: ''
+    Copyright: ''
+    MachineType: I386
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - ZwMapViewOfSection
+    - ObReferenceObjectByHandle
+    - ZwOpenSection
+    - ZwUnmapViewOfSection
+    - ZwWriteFile
+    - PsGetProcessId
+    - NtBuildNumber
+    - RtlFillMemoryUlong
+    - ZwCreateFile
+    - memset
+    - memcpy
+    - MmGetPhysicalMemoryRanges
+    - IoWriteErrorLogEntry
+    - memmove
+    - IoAllocateErrorLogEntry
+    - IofCompleteRequest
+    - IoDeleteDevice
+    - RtlAppendUnicodeStringToString
+    - RtlIntegerToUnicodeString
+    - RtlAppendUnicodeToString
+    - ObfDereferenceObject
+    - RtlQueryRegistryValues
+    - ZwOpenKey
+    - _snwprintf_s
+    - RtlWriteRegistryValue
+    - KeWaitForSingleObject
+    - IofCallDriver
+    - IoBuildDeviceIoControlRequest
+    - KeInitializeEvent
+    - IoCreateSymbolicLink
+    - ObReferenceObjectByPointer
+    - IoGetDeviceObjectPointer
+    - IoCreateDevice
+    - wcscpy_s
+    - wcsrchr
+    - DbgPrintEx
+    - KeQueryActiveProcessors
+    - KeRevertToUserAffinityThread
+    - KeSetSystemAffinityThread
+    - KeTickCount
+    - KeBugCheckEx
+    - ZwClose
+    - DbgPrint
+    - RtlInitUnicodeString
+    - ExAllocatePoolWithTag
+    - ZwQueryValueKey
+    - ExFreePoolWithTag
+    - IoDeleteSymbolicLink
+    - RtlAssert
+    - READ_PORT_USHORT
+    - READ_PORT_UCHAR
+    - WRITE_PORT_ULONG
+    - WRITE_PORT_USHORT
+    - WRITE_PORT_UCHAR
+    - KeGetCurrentIrql
+    - READ_PORT_ULONG
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=AU, ST=NSW, O=PassMark Software Pty Ltd, OU=Digital ID Class
+                3 , Microsoft Software Validation v2, CN=PassMark Software Pty Ltd
+            ValidFrom: '2009-09-22 00:00:00'
+            ValidTo: '2012-10-18 23:59:59'
+            Signature: b7f68f477ab8836d5a2eaa9eaf9449186c71f90679d58058c558928f1ad7c76398511ce520afd6dce66540f536c377f824cf5b84fd60f83ead01a592fbce29cc51cca7da2fe8b50e89bc6999104fb406db3b878a7f9f148c767b668b84fcba161c1c14215de332cfcfc2fa52bce1543341231dd345b41da888372d4a2f82711f6125e029fd71859711bccd6b600247a440b6603296cfa9451e6ec81d51b1b7512705461af59e23e0423ba441c68025359a6e591c6370fa516188f8d720a16c6c7b24e975a204fbe5a3b8236443813e993d717df40642fe7d88d85aa1a51b47a3a05232da19c8f2de4144aa11d4577379c794ef9a48d60fc40f8793d5273a25da
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 38e7fa0db1a398f805bb85a69171dc9d
+            Version: 3
+            TBS:
+                MD5: 159feaed9447c7d71653069c337ec2b3
+                SHA1: 5079a8aa946ee016c86153d4456f58277360c036
+                SHA256: e76ee5754b8da5b514befb3a89eed638de08605326a1e611ddbed9e864551abf
+                SHA384: 9830194c19654f1196e74505a987588c36aa700489f3f482f1ad017bba6e39ebf9be18ab153da8cd9f8a672801820a87
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 38e7fa0db1a398f805bb85a69171dc9d
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 38314989283fdd5f45ec4d8d3d15e116
+        SHA1: a1b9eff6145e1176c41c86b0c49038a5c757b144
+        SHA256: 698ac0c9fdb4ab4afde156a75e859fcb43f91ebfc29d93e1efd9bd9a5d971fea
+    Sections:
+        .text:
+            Entropy: 6.061050295068108
+            Virtual Size: '0x26f3'
+        .rdata:
+            Entropy: 4.193579920546634
+            Virtual Size: '0x154'
+        .data:
+            Entropy: 3.4193819456463705
+            Virtual Size: '0x24'
+        PAGE:
+            Entropy: 5.613410605164544
+            Virtual Size: '0xcd'
+        INIT:
+            Entropy: 5.4626794075683645
+            Virtual Size: '0x5fe'
+        .reloc:
+            Entropy: 5.529407432639037
+            Virtual Size: '0x27e'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2012-02-22 20:49:09'
+    Imphash: 32204eaf2afa5b348ab17de07362885c
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/ee6fa2de-d388-416c-862d-24385c152fad.yaml b/yaml/ee6fa2de-d388-416c-862d-24385c152fad.yaml
index a46bceb5c..83422ae5c 100644
--- a/yaml/ee6fa2de-d388-416c-862d-24385c152fad.yaml
+++ b/yaml/ee6fa2de-d388-416c-862d-24385c152fad.yaml
@@ -1,251 +1,251 @@
 Id: ee6fa2de-d388-416c-862d-24385c152fad
+Tags:
+- msr.sys
+Verified: 'TRUE'
 Author: Michael Haag
 Created: '2023-12-02'
 MitreID: T1068
 Category: vulnerable driver
-Verified: 'TRUE'
 Commands:
-  Command: sc.exe create msr.sys binPath=C:\windows\temp\msr.sys type=kernel && sc.exe
-    start msr.sys
-  Description: 'Identified on the MSFT Driver Block list, non-admin can write MSR. '
-  Usecase: Elevate privileges
-  Privileges: kernel
-  OperatingSystem: Windows 10
+    Command: sc.exe create msr.sys binPath=C:\windows\temp\msr.sys type=kernel &&
+        sc.exe start msr.sys
+    Description: 'Identified on the MSFT Driver Block list, non-admin can write MSR. '
+    Usecase: Elevate privileges
+    Privileges: kernel
+    OperatingSystem: Windows 10
 Resources:
 - https://twitter.com/wdormann/status/1699878227261411699
 - https://learn.microsoft.com/en-us/windows/security/application-security/application-control/windows-defender-application-control/design/microsoft-recommended-driver-block-rules
-Acknowledgement:
-  Person: ''
-  Handle: ''
 Detection: []
+Acknowledgement:
+    Person: ''
+    Handle: ''
 KnownVulnerableSamples:
-- Filename: msr.sys
-  Libraries:
-  - ntoskrnl.exe
-  - HAL.dll
-  ImportedFunctions:
-  - IofCompleteRequest
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - IoCreateSymbolicLink
-  - KeSetSystemGroupAffinityThread
-  - KeRevertToUserGroupAffinityThread
-  - KeBugCheckEx
-  - IoCreateDevice
-  - KeGetProcessorNumberFromIndex
-  - RtlInitUnicodeString
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  ExportedFunctions: ''
-  MD5: 808d2bcad62afa82a2b4fdd0fec6d9c6
-  SHA1: 14c6e52e1ed19cdaac5a82da6051de89be06c334
-  SHA256: ede9a3858a12d5ddea21a310e5721bf86c2248539f42c9e0c3c29ae5b0148ba5
-  Imphash: ddffac000a9ce8309fadca5939bd6b19
-  Machine: AMD64
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2019-02-07 07:46:11'
-  RichPEHeaderMD5: d4f3dea543c7d1110de608833ff941e6
-  RichPEHeaderSHA1: ca0a39ffadb3f6c0106d0be3b3f7f08a3a153dd1
-  RichPEHeaderSHA256: e94f754b1eb264a935896cf00f5dd78aeb61f6e8448841eb5ee3150f1d8d85d5
-  AuthentihashMD5: dc5d6e5c4884d33d8e85acbb295982b0
-  AuthentihashSHA1: 2146bf058139453c0447786d6f6d5fc454ab955f
-  AuthentihashSHA256: 1f8812611cf7120e89e769cc908fabc0c9e49b27fded8dde6a3de51d9ce34f09
-  Sections:
-    .text:
-      Entropy: 5.183293718914335
-      Virtual Size: '0xfd'
-    .rdata:
-      Entropy: 4.194281523340796
-      Virtual Size: '0x128'
-    .data:
-      Entropy: 0.5096713223407059
-      Virtual Size: '0x114'
-    .pdata:
-      Entropy: 3.132230438014181
-      Virtual Size: '0x60'
-    PAGE:
-      Entropy: 5.788463310734859
-      Virtual Size: '0x2e4'
-    INIT:
-      Entropy: 5.363130494284849
-      Virtual Size: '0x36e'
-  CompanyName: ''
-  FileDescription: ''
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  ProductName: ''
-  LegalCopyright: ''
-  ProductVersion: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Hardware Compatibility Publisher
-      ValidFrom: '2023-04-06 19:16:30'
-      ValidTo: '2024-04-03 19:16:30'
-      Signature: 46265205ad9b6e72f93c97f9bf34c09a4a9f618fec8b7dd6ec24db2163c8b019835dab33b75917d152e60a82e374a0c824aabd01367487ae41dd80c6e98facf7ab35fb0e21b812444a0740d44e44c100b6edc2d3a5a243594b116a979fae9c2e5a0e8d8b9d3809064110d2427a911e520310562b1a3524d5b3767a94069e35c0a3df4f4e1d11f91c05e35bdcce15a12d0d0083f080b21de4d12c3cd428214ed47c21b2ecf546c3d258c90fc982530b04eb7b84fcad5c7898fb6ce95f8970d0d98ab02d730c33c75ced79ea3b9aa19938e719ad84889325a5de27e97c7715d7130926057292a83f09c89f0b5e3993f32de9f773016ba173520ae0d0559bfb4f78dc8564a66b619af0162abe1b02a812562d5517d681a5f096f73a8414bc414919c173240a48d5dd226caf91c1a7fc25b88d4d407af788d09452b324bdfecb7fbec11569e50dc596319701cdf5bd4e0d3714097054b84be6a9715cbf4d499a25a01114f02aa44973515379ebfa23bf8bbaf931f08fd998c4d63cbe8ca6b062145ba4379ad1fcd5749e226e14596ad99249c8c8009212f4a997cf6e4f4940c14a0d4733bc511189110958a9defce1668953a0ef3f17bd5d588af12fae2de418169c1ad1b3571584fcd7be4875ce8d4c10edfa60652327e39158c64eba0e1db8e85c8d07371603d60d2585a61f39f265d662240813567907809db37b3a38c50c1dab
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 3300000062f45cf99e58a96a89000000000062
-      Version: 3
-      TBS:
-        MD5: 93c79f426eb2f2a03b74a6275cac238f
-        SHA1: e3ae60577ad97b4113d71845e11bd33a1ef2bea8
-        SHA256: 0f06228de7bacfbf65d426df80c4e40c5abfe5a2a402e6221dea03b18897de2b
-        SHA384: 4fcbd8696874577fdeed02d6f1245fb7f45d477850cbfdac0db27f478ed500665247ca122157f2678949f85e5386aa71
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2014
-      ValidFrom: '2014-10-15 20:31:27'
-      ValidTo: '2029-10-15 20:41:27'
-      Signature: 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 330000000d690d5d7893d076df00000000000d
-      Version: 3
-      TBS:
-        MD5: 83f69422963f11c3c340b81712eef319
-        SHA1: 0c5e5f24590b53bc291e28583acb78e5adc95601
-        SHA256: d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
-        SHA384: 260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63
-    Signer:
-    - SerialNumber: 3300000062f45cf99e58a96a89000000000062
-      Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2014
-      Version: 1
-  Authentihash:
-    MD5: dc5d6e5c4884d33d8e85acbb295982b0
-    SHA1: 2146bf058139453c0447786d6f6d5fc454ab955f
-    SHA256: 1f8812611cf7120e89e769cc908fabc0c9e49b27fded8dde6a3de51d9ce34f09
-  RichPEHeaderHash:
-    MD5: d4f3dea543c7d1110de608833ff941e6
-    SHA1: ca0a39ffadb3f6c0106d0be3b3f7f08a3a153dd1
-    SHA256: e94f754b1eb264a935896cf00f5dd78aeb61f6e8448841eb5ee3150f1d8d85d5
-  Description: ''
-  Company: ''
-  Product: ''
-  Copyright: ''
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-- Filename: msr.sys
-  Libraries:
-  - ntoskrnl.exe
-  - HAL.dll
-  ImportedFunctions:
-  - IofCompleteRequest
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - KeGetProcessorNumberFromIndex
-  - IoCreateSymbolicLink
-  - KeRevertToUserGroupAffinityThread
-  - ZwMapViewOfSection
-  - ZwUnmapViewOfSection
-  - KeBugCheckEx
-  - DbgPrint
-  - ZwOpenSection
-  - IoCreateDevice
-  - KeSetSystemGroupAffinityThread
-  - RtlInitUnicodeString
-  - HalSetBusDataByOffset
-  - HalFreeHardwareCounters
-  - HalAllocateHardwareCounters
-  - HalGetBusDataByOffset
-  ExportedFunctions: ''
-  MD5: d90251456195433abcb63ff579a8dda8
-  SHA1: 0a02625927613c9a492a9eac3ea943ddf6f64028
-  SHA256: 6c6a4d07e95ab4212c2afefcb0ce37dc485fa56120b0419b636bd8bd326038c1
-  Imphash: 90862ed3cb06642744e5aff0d881f694
-  Machine: AMD64
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2023-03-13 06:03:45'
-  RichPEHeaderMD5: a9a5e090dd2f0faae708d12243a6beb2
-  RichPEHeaderSHA1: 89fb87aed185c809cd36b07ac5f9e7a5830925a2
-  RichPEHeaderSHA256: aa3af1f1ddf9ec78ac1569ee1f30193f9636ed216fbe99e5d3f3167807749249
-  AuthentihashMD5: b6bb37bc17ea29b0edac914de37518e6
-  AuthentihashSHA1: 381cc2b974d440edea0bbc010c4bef4cdc2169b7
-  AuthentihashSHA256: d23f28169d6e5c09a89e5136a4ff899a3b6f886535bb0254a27dd00a2753c412
-  Sections:
-    .text:
-      Entropy: 5.020611101197345
-      Virtual Size: '0x121'
-    .rdata:
-      Entropy: 4.134658643685672
-      Virtual Size: '0x16c'
-    .data:
-      Entropy: 0.5096713223407059
-      Virtual Size: '0x114'
-    .pdata:
-      Entropy: 3.1007767920907034
-      Virtual Size: '0x60'
-    PAGE:
-      Entropy: 6.135370120580779
-      Virtual Size: '0x474'
-    INIT:
-      Entropy: 5.4171130453837355
-      Virtual Size: '0x520'
-  CompanyName: ''
-  FileDescription: ''
-  InternalName: ''
-  OriginalFilename: ''
-  FileVersion: ''
-  ProductName: ''
-  LegalCopyright: ''
-  ProductVersion: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Hardware Compatibility Publisher
-      ValidFrom: '2023-04-06 19:16:30'
-      ValidTo: '2024-04-03 19:16:30'
-      Signature: 46265205ad9b6e72f93c97f9bf34c09a4a9f618fec8b7dd6ec24db2163c8b019835dab33b75917d152e60a82e374a0c824aabd01367487ae41dd80c6e98facf7ab35fb0e21b812444a0740d44e44c100b6edc2d3a5a243594b116a979fae9c2e5a0e8d8b9d3809064110d2427a911e520310562b1a3524d5b3767a94069e35c0a3df4f4e1d11f91c05e35bdcce15a12d0d0083f080b21de4d12c3cd428214ed47c21b2ecf546c3d258c90fc982530b04eb7b84fcad5c7898fb6ce95f8970d0d98ab02d730c33c75ced79ea3b9aa19938e719ad84889325a5de27e97c7715d7130926057292a83f09c89f0b5e3993f32de9f773016ba173520ae0d0559bfb4f78dc8564a66b619af0162abe1b02a812562d5517d681a5f096f73a8414bc414919c173240a48d5dd226caf91c1a7fc25b88d4d407af788d09452b324bdfecb7fbec11569e50dc596319701cdf5bd4e0d3714097054b84be6a9715cbf4d499a25a01114f02aa44973515379ebfa23bf8bbaf931f08fd998c4d63cbe8ca6b062145ba4379ad1fcd5749e226e14596ad99249c8c8009212f4a997cf6e4f4940c14a0d4733bc511189110958a9defce1668953a0ef3f17bd5d588af12fae2de418169c1ad1b3571584fcd7be4875ce8d4c10edfa60652327e39158c64eba0e1db8e85c8d07371603d60d2585a61f39f265d662240813567907809db37b3a38c50c1dab
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 3300000062f45cf99e58a96a89000000000062
-      Version: 3
-      TBS:
-        MD5: 93c79f426eb2f2a03b74a6275cac238f
-        SHA1: e3ae60577ad97b4113d71845e11bd33a1ef2bea8
-        SHA256: 0f06228de7bacfbf65d426df80c4e40c5abfe5a2a402e6221dea03b18897de2b
-        SHA384: 4fcbd8696874577fdeed02d6f1245fb7f45d477850cbfdac0db27f478ed500665247ca122157f2678949f85e5386aa71
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2014
-      ValidFrom: '2014-10-15 20:31:27'
-      ValidTo: '2029-10-15 20:41:27'
-      Signature: 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 330000000d690d5d7893d076df00000000000d
-      Version: 3
-      TBS:
-        MD5: 83f69422963f11c3c340b81712eef319
-        SHA1: 0c5e5f24590b53bc291e28583acb78e5adc95601
-        SHA256: d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
-        SHA384: 260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63
-    Signer:
-    - SerialNumber: 3300000062f45cf99e58a96a89000000000062
-      Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2014
-      Version: 1
-  Authentihash:
-    MD5: b6bb37bc17ea29b0edac914de37518e6
-    SHA1: 381cc2b974d440edea0bbc010c4bef4cdc2169b7
-    SHA256: d23f28169d6e5c09a89e5136a4ff899a3b6f886535bb0254a27dd00a2753c412
-  RichPEHeaderHash:
-    MD5: a9a5e090dd2f0faae708d12243a6beb2
-    SHA1: 89fb87aed185c809cd36b07ac5f9e7a5830925a2
-    SHA256: aa3af1f1ddf9ec78ac1569ee1f30193f9636ed216fbe99e5d3f3167807749249
-  Description: ''
-  Company: ''
-  Product: ''
-  Copyright: ''
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-Tags:
-- msr.sys
+-   Filename: msr.sys
+    Libraries:
+    - ntoskrnl.exe
+    - HAL.dll
+    ImportedFunctions:
+    - IofCompleteRequest
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - IoCreateSymbolicLink
+    - KeSetSystemGroupAffinityThread
+    - KeRevertToUserGroupAffinityThread
+    - KeBugCheckEx
+    - IoCreateDevice
+    - KeGetProcessorNumberFromIndex
+    - RtlInitUnicodeString
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    ExportedFunctions: ''
+    MD5: 808d2bcad62afa82a2b4fdd0fec6d9c6
+    SHA1: 14c6e52e1ed19cdaac5a82da6051de89be06c334
+    SHA256: ede9a3858a12d5ddea21a310e5721bf86c2248539f42c9e0c3c29ae5b0148ba5
+    Imphash: ddffac000a9ce8309fadca5939bd6b19
+    Machine: AMD64
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2019-02-07 07:46:11'
+    RichPEHeaderMD5: d4f3dea543c7d1110de608833ff941e6
+    RichPEHeaderSHA1: ca0a39ffadb3f6c0106d0be3b3f7f08a3a153dd1
+    RichPEHeaderSHA256: e94f754b1eb264a935896cf00f5dd78aeb61f6e8448841eb5ee3150f1d8d85d5
+    AuthentihashMD5: dc5d6e5c4884d33d8e85acbb295982b0
+    AuthentihashSHA1: 2146bf058139453c0447786d6f6d5fc454ab955f
+    AuthentihashSHA256: 1f8812611cf7120e89e769cc908fabc0c9e49b27fded8dde6a3de51d9ce34f09
+    Sections:
+        .text:
+            Entropy: 5.183293718914335
+            Virtual Size: '0xfd'
+        .rdata:
+            Entropy: 4.194281523340796
+            Virtual Size: '0x128'
+        .data:
+            Entropy: 0.5096713223407059
+            Virtual Size: '0x114'
+        .pdata:
+            Entropy: 3.132230438014181
+            Virtual Size: '0x60'
+        PAGE:
+            Entropy: 5.788463310734859
+            Virtual Size: '0x2e4'
+        INIT:
+            Entropy: 5.363130494284849
+            Virtual Size: '0x36e'
+    CompanyName: ''
+    FileDescription: ''
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    ProductName: ''
+    LegalCopyright: ''
+    ProductVersion: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Hardware Compatibility Publisher
+            ValidFrom: '2023-04-06 19:16:30'
+            ValidTo: '2024-04-03 19:16:30'
+            Signature: 46265205ad9b6e72f93c97f9bf34c09a4a9f618fec8b7dd6ec24db2163c8b019835dab33b75917d152e60a82e374a0c824aabd01367487ae41dd80c6e98facf7ab35fb0e21b812444a0740d44e44c100b6edc2d3a5a243594b116a979fae9c2e5a0e8d8b9d3809064110d2427a911e520310562b1a3524d5b3767a94069e35c0a3df4f4e1d11f91c05e35bdcce15a12d0d0083f080b21de4d12c3cd428214ed47c21b2ecf546c3d258c90fc982530b04eb7b84fcad5c7898fb6ce95f8970d0d98ab02d730c33c75ced79ea3b9aa19938e719ad84889325a5de27e97c7715d7130926057292a83f09c89f0b5e3993f32de9f773016ba173520ae0d0559bfb4f78dc8564a66b619af0162abe1b02a812562d5517d681a5f096f73a8414bc414919c173240a48d5dd226caf91c1a7fc25b88d4d407af788d09452b324bdfecb7fbec11569e50dc596319701cdf5bd4e0d3714097054b84be6a9715cbf4d499a25a01114f02aa44973515379ebfa23bf8bbaf931f08fd998c4d63cbe8ca6b062145ba4379ad1fcd5749e226e14596ad99249c8c8009212f4a997cf6e4f4940c14a0d4733bc511189110958a9defce1668953a0ef3f17bd5d588af12fae2de418169c1ad1b3571584fcd7be4875ce8d4c10edfa60652327e39158c64eba0e1db8e85c8d07371603d60d2585a61f39f265d662240813567907809db37b3a38c50c1dab
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 3300000062f45cf99e58a96a89000000000062
+            Version: 3
+            TBS:
+                MD5: 93c79f426eb2f2a03b74a6275cac238f
+                SHA1: e3ae60577ad97b4113d71845e11bd33a1ef2bea8
+                SHA256: 0f06228de7bacfbf65d426df80c4e40c5abfe5a2a402e6221dea03b18897de2b
+                SHA384: 4fcbd8696874577fdeed02d6f1245fb7f45d477850cbfdac0db27f478ed500665247ca122157f2678949f85e5386aa71
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2014
+            ValidFrom: '2014-10-15 20:31:27'
+            ValidTo: '2029-10-15 20:41:27'
+            Signature: 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 330000000d690d5d7893d076df00000000000d
+            Version: 3
+            TBS:
+                MD5: 83f69422963f11c3c340b81712eef319
+                SHA1: 0c5e5f24590b53bc291e28583acb78e5adc95601
+                SHA256: d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
+                SHA384: 260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63
+        Signer:
+        -   SerialNumber: 3300000062f45cf99e58a96a89000000000062
+            Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2014
+            Version: 1
+    Authentihash:
+        MD5: dc5d6e5c4884d33d8e85acbb295982b0
+        SHA1: 2146bf058139453c0447786d6f6d5fc454ab955f
+        SHA256: 1f8812611cf7120e89e769cc908fabc0c9e49b27fded8dde6a3de51d9ce34f09
+    RichPEHeaderHash:
+        MD5: d4f3dea543c7d1110de608833ff941e6
+        SHA1: ca0a39ffadb3f6c0106d0be3b3f7f08a3a153dd1
+        SHA256: e94f754b1eb264a935896cf00f5dd78aeb61f6e8448841eb5ee3150f1d8d85d5
+    Description: ''
+    Company: ''
+    Product: ''
+    Copyright: ''
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+-   Filename: msr.sys
+    Libraries:
+    - ntoskrnl.exe
+    - HAL.dll
+    ImportedFunctions:
+    - IofCompleteRequest
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - KeGetProcessorNumberFromIndex
+    - IoCreateSymbolicLink
+    - KeRevertToUserGroupAffinityThread
+    - ZwMapViewOfSection
+    - ZwUnmapViewOfSection
+    - KeBugCheckEx
+    - DbgPrint
+    - ZwOpenSection
+    - IoCreateDevice
+    - KeSetSystemGroupAffinityThread
+    - RtlInitUnicodeString
+    - HalSetBusDataByOffset
+    - HalFreeHardwareCounters
+    - HalAllocateHardwareCounters
+    - HalGetBusDataByOffset
+    ExportedFunctions: ''
+    MD5: d90251456195433abcb63ff579a8dda8
+    SHA1: 0a02625927613c9a492a9eac3ea943ddf6f64028
+    SHA256: 6c6a4d07e95ab4212c2afefcb0ce37dc485fa56120b0419b636bd8bd326038c1
+    Imphash: 90862ed3cb06642744e5aff0d881f694
+    Machine: AMD64
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2023-03-13 06:03:45'
+    RichPEHeaderMD5: a9a5e090dd2f0faae708d12243a6beb2
+    RichPEHeaderSHA1: 89fb87aed185c809cd36b07ac5f9e7a5830925a2
+    RichPEHeaderSHA256: aa3af1f1ddf9ec78ac1569ee1f30193f9636ed216fbe99e5d3f3167807749249
+    AuthentihashMD5: b6bb37bc17ea29b0edac914de37518e6
+    AuthentihashSHA1: 381cc2b974d440edea0bbc010c4bef4cdc2169b7
+    AuthentihashSHA256: d23f28169d6e5c09a89e5136a4ff899a3b6f886535bb0254a27dd00a2753c412
+    Sections:
+        .text:
+            Entropy: 5.020611101197345
+            Virtual Size: '0x121'
+        .rdata:
+            Entropy: 4.134658643685672
+            Virtual Size: '0x16c'
+        .data:
+            Entropy: 0.5096713223407059
+            Virtual Size: '0x114'
+        .pdata:
+            Entropy: 3.1007767920907034
+            Virtual Size: '0x60'
+        PAGE:
+            Entropy: 6.135370120580779
+            Virtual Size: '0x474'
+        INIT:
+            Entropy: 5.4171130453837355
+            Virtual Size: '0x520'
+    CompanyName: ''
+    FileDescription: ''
+    InternalName: ''
+    OriginalFilename: ''
+    FileVersion: ''
+    ProductName: ''
+    LegalCopyright: ''
+    ProductVersion: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Hardware Compatibility Publisher
+            ValidFrom: '2023-04-06 19:16:30'
+            ValidTo: '2024-04-03 19:16:30'
+            Signature: 46265205ad9b6e72f93c97f9bf34c09a4a9f618fec8b7dd6ec24db2163c8b019835dab33b75917d152e60a82e374a0c824aabd01367487ae41dd80c6e98facf7ab35fb0e21b812444a0740d44e44c100b6edc2d3a5a243594b116a979fae9c2e5a0e8d8b9d3809064110d2427a911e520310562b1a3524d5b3767a94069e35c0a3df4f4e1d11f91c05e35bdcce15a12d0d0083f080b21de4d12c3cd428214ed47c21b2ecf546c3d258c90fc982530b04eb7b84fcad5c7898fb6ce95f8970d0d98ab02d730c33c75ced79ea3b9aa19938e719ad84889325a5de27e97c7715d7130926057292a83f09c89f0b5e3993f32de9f773016ba173520ae0d0559bfb4f78dc8564a66b619af0162abe1b02a812562d5517d681a5f096f73a8414bc414919c173240a48d5dd226caf91c1a7fc25b88d4d407af788d09452b324bdfecb7fbec11569e50dc596319701cdf5bd4e0d3714097054b84be6a9715cbf4d499a25a01114f02aa44973515379ebfa23bf8bbaf931f08fd998c4d63cbe8ca6b062145ba4379ad1fcd5749e226e14596ad99249c8c8009212f4a997cf6e4f4940c14a0d4733bc511189110958a9defce1668953a0ef3f17bd5d588af12fae2de418169c1ad1b3571584fcd7be4875ce8d4c10edfa60652327e39158c64eba0e1db8e85c8d07371603d60d2585a61f39f265d662240813567907809db37b3a38c50c1dab
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 3300000062f45cf99e58a96a89000000000062
+            Version: 3
+            TBS:
+                MD5: 93c79f426eb2f2a03b74a6275cac238f
+                SHA1: e3ae60577ad97b4113d71845e11bd33a1ef2bea8
+                SHA256: 0f06228de7bacfbf65d426df80c4e40c5abfe5a2a402e6221dea03b18897de2b
+                SHA384: 4fcbd8696874577fdeed02d6f1245fb7f45d477850cbfdac0db27f478ed500665247ca122157f2678949f85e5386aa71
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2014
+            ValidFrom: '2014-10-15 20:31:27'
+            ValidTo: '2029-10-15 20:41:27'
+            Signature: 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 330000000d690d5d7893d076df00000000000d
+            Version: 3
+            TBS:
+                MD5: 83f69422963f11c3c340b81712eef319
+                SHA1: 0c5e5f24590b53bc291e28583acb78e5adc95601
+                SHA256: d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
+                SHA384: 260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63
+        Signer:
+        -   SerialNumber: 3300000062f45cf99e58a96a89000000000062
+            Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2014
+            Version: 1
+    Authentihash:
+        MD5: b6bb37bc17ea29b0edac914de37518e6
+        SHA1: 381cc2b974d440edea0bbc010c4bef4cdc2169b7
+        SHA256: d23f28169d6e5c09a89e5136a4ff899a3b6f886535bb0254a27dd00a2753c412
+    RichPEHeaderHash:
+        MD5: a9a5e090dd2f0faae708d12243a6beb2
+        SHA1: 89fb87aed185c809cd36b07ac5f9e7a5830925a2
+        SHA256: aa3af1f1ddf9ec78ac1569ee1f30193f9636ed216fbe99e5d3f3167807749249
+    Description: ''
+    Company: ''
+    Product: ''
+    Copyright: ''
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
diff --git a/yaml/eef1fcf4-8c54-420b-8d38-9c5f95129dcc.yaml b/yaml/eef1fcf4-8c54-420b-8d38-9c5f95129dcc.yaml
index a62ccf0c9..1b4d3a551 100644
--- a/yaml/eef1fcf4-8c54-420b-8d38-9c5f95129dcc.yaml
+++ b/yaml/eef1fcf4-8c54-420b-8d38-9c5f95129dcc.yaml
@@ -1,160 +1,160 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: eef1fcf4-8c54-420b-8d38-9c5f95129dcc
+Tags:
+- ntbios.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: malicious
-Commands:
-  Command: sc.exe create ntbios.sys binPath=C:\windows\temp \n \n \n  tbios.sys type=kernel
-    && sc.exe start ntbios.sys
-  Description: Driver used in the Daxin malware campaign.
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-02-28'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/96bf3ee7c6673b69c6aa173bb44e21fa636b1c2c73f4356a7599c121284a51cc.yara
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_mal_drivers_strict.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: eef1fcf4-8c54-420b-8d38-9c5f95129dcc
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: dd3f6fe14dadb95f5d8c963006dec9d7
-    SHA1: 2374491565e5798dccd4db2dc2af7e9bbefafd5b
-    SHA256: 50f9323eaf7c49cfca5890c6c46d729574d0caca89f7acc9f608c8226f54a975
-  Company: Microsoft Corporation
-  Copyright: "\u7248\u6743\u6240\u6709 (C) 2003"
-  CreationTimestamp: '2009-11-19 03:26:14'
-  Date: ''
-  Description: ntbios driver
-  ExportedFunctions: ''
-  FileVersion: 5, 0, 2, 1
-  Filename: ntbios.sys
-  ImportedFunctions:
-  - MmUnlockPages
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - IoQueueWorkItem
-  - IoAllocateWorkItem
-  - IoGetCurrentProcess
-  - _stricmp
-  - IoFreeWorkItem
-  - RtlFreeUnicodeString
-  - ZwClose
-  - ZwWriteFile
-  - ZwCreateFile
-  - RtlAnsiStringToUnicodeString
-  - _strnicmp
-  - RtlUnwind
-  - RtlCopyUnicodeString
-  - wcsncmp
-  - swprintf
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - KeInitializeSpinLock
-  - ExfInterlockedInsertTailList
-  - RtlInitUnicodeString
-  - MmMapLockedPagesSpecifyCache
-  - IoFreeMdl
-  - InterlockedDecrement
-  - InterlockedIncrement
-  - InterlockedExchange
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - ExfInterlockedRemoveHeadList
-  - IofCompleteRequest
-  - ExAllocatePoolWithTag
-  - strncmp
-  - ExFreePool
-  - KfAcquireSpinLock
-  - KfReleaseSpinLock
-  - KeInitializeApc
-  - KeInsertQueueApc
-  - KeAttachProcess
-  - KeDetachProcess
-  - NtQuerySystemInformation
-  - NdisAllocatePacket
-  - NdisCopyFromPacketToPacket
-  - NdisAllocateMemory
-  - NdisFreePacket
-  - NdisAllocateBuffer
-  - NdisSetEvent
-  - NdisResetEvent
-  - NdisFreeBufferPool
-  - NdisFreePacketPool
-  - NdisFreeMemory
-  - NdisWaitEvent
-  - NdisQueryAdapterInstanceName
-  - NdisOpenAdapter
-  - NdisInitializeEvent
-  - NdisAllocatePacketPool
-  - NdisRegisterProtocol
-  - NdisAllocateBufferPool
-  - NdisCloseAdapter
-  - NdisDeregisterProtocol
-  Imports:
-  - NTOSKRNL.EXE
-  - HAL.DLL
-  - ntoskrnl.exe
-  - NDIS.SYS
-  InternalName: ntbio.sys
-  MD5: 14580bd59c55185115fd3abe73b016a2
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ntbios.sys
-  Product: ' Microsoft(R) Windows (R) NT Operating System'
-  ProductVersion: 5, 0, 2, 1
-  Publisher: n/a
-  RichPEHeaderHash:
-    MD5: ebd225fe8cf34907033d6b6123047339
-    SHA1: 642936e6d95c6231c8427a1c7a76dd99910fc635
-    SHA256: b04e0a7d507b0838174bb9df686e4ce60c5b81e183867441ed5951a5d3555510
-  SHA1: 71469dce9c2f38d0e0243a289f915131bf6dd2a8
-  SHA256: 96bf3ee7c6673b69c6aa173bb44e21fa636b1c2c73f4356a7599c121284a51cc
-  Sections:
-    .text:
-      Entropy: 6.406428066873703
-      Virtual Size: '0x39b8'
-    .rdata:
-      Entropy: 4.157708038266207
-      Virtual Size: '0x221'
-    .data:
-      Entropy: 1.9267671732967222
-      Virtual Size: '0x4eb9c'
-    INIT:
-      Entropy: 5.1775498523671
-      Virtual Size: '0x67c'
-    .rsrc:
-      Entropy: 3.325586936369158
-      Virtual Size: '0x370'
-    .reloc:
-      Entropy: 4.172193963992313
-      Virtual Size: '0x768'
-  Signature: Unsigned
-  Signatures: {}
-  Imphash: a7bd820fa5b895fab06f20739c9f24b8
-  LoadsDespiteHVCI: 'TRUE'
 MitreID: T1068
+Category: malicious
+Commands:
+    Command: sc.exe create ntbios.sys binPath=C:\windows\temp \n \n \n  tbios.sys
+        type=kernel && sc.exe start ntbios.sys
+    Description: Driver used in the Daxin malware campaign.
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://gist.github.com/MHaggis/9ab3bb795a6018d70fb11fa7c31f8f48
 - https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/daxin-backdoor-espionage
 - ''
-Tags:
-- ntbios.sys
-Verified: 'TRUE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/96bf3ee7c6673b69c6aa173bb44e21fa636b1c2c73f4356a7599c121284a51cc.yara
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_mal_drivers_strict.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: dd3f6fe14dadb95f5d8c963006dec9d7
+        SHA1: 2374491565e5798dccd4db2dc2af7e9bbefafd5b
+        SHA256: 50f9323eaf7c49cfca5890c6c46d729574d0caca89f7acc9f608c8226f54a975
+    Company: Microsoft Corporation
+    Copyright: "\u7248\u6743\u6240\u6709 (C) 2003"
+    CreationTimestamp: '2009-11-19 03:26:14'
+    Date: ''
+    Description: ntbios driver
+    ExportedFunctions: ''
+    FileVersion: 5, 0, 2, 1
+    Filename: ntbios.sys
+    ImportedFunctions:
+    - MmUnlockPages
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - IoQueueWorkItem
+    - IoAllocateWorkItem
+    - IoGetCurrentProcess
+    - _stricmp
+    - IoFreeWorkItem
+    - RtlFreeUnicodeString
+    - ZwClose
+    - ZwWriteFile
+    - ZwCreateFile
+    - RtlAnsiStringToUnicodeString
+    - _strnicmp
+    - RtlUnwind
+    - RtlCopyUnicodeString
+    - wcsncmp
+    - swprintf
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - KeInitializeSpinLock
+    - ExfInterlockedInsertTailList
+    - RtlInitUnicodeString
+    - MmMapLockedPagesSpecifyCache
+    - IoFreeMdl
+    - InterlockedDecrement
+    - InterlockedIncrement
+    - InterlockedExchange
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - ExfInterlockedRemoveHeadList
+    - IofCompleteRequest
+    - ExAllocatePoolWithTag
+    - strncmp
+    - ExFreePool
+    - KfAcquireSpinLock
+    - KfReleaseSpinLock
+    - KeInitializeApc
+    - KeInsertQueueApc
+    - KeAttachProcess
+    - KeDetachProcess
+    - NtQuerySystemInformation
+    - NdisAllocatePacket
+    - NdisCopyFromPacketToPacket
+    - NdisAllocateMemory
+    - NdisFreePacket
+    - NdisAllocateBuffer
+    - NdisSetEvent
+    - NdisResetEvent
+    - NdisFreeBufferPool
+    - NdisFreePacketPool
+    - NdisFreeMemory
+    - NdisWaitEvent
+    - NdisQueryAdapterInstanceName
+    - NdisOpenAdapter
+    - NdisInitializeEvent
+    - NdisAllocatePacketPool
+    - NdisRegisterProtocol
+    - NdisAllocateBufferPool
+    - NdisCloseAdapter
+    - NdisDeregisterProtocol
+    Imports:
+    - NTOSKRNL.EXE
+    - HAL.DLL
+    - ntoskrnl.exe
+    - NDIS.SYS
+    InternalName: ntbio.sys
+    MD5: 14580bd59c55185115fd3abe73b016a2
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ntbios.sys
+    Product: ' Microsoft(R) Windows (R) NT Operating System'
+    ProductVersion: 5, 0, 2, 1
+    Publisher: n/a
+    RichPEHeaderHash:
+        MD5: ebd225fe8cf34907033d6b6123047339
+        SHA1: 642936e6d95c6231c8427a1c7a76dd99910fc635
+        SHA256: b04e0a7d507b0838174bb9df686e4ce60c5b81e183867441ed5951a5d3555510
+    SHA1: 71469dce9c2f38d0e0243a289f915131bf6dd2a8
+    SHA256: 96bf3ee7c6673b69c6aa173bb44e21fa636b1c2c73f4356a7599c121284a51cc
+    Sections:
+        .text:
+            Entropy: 6.406428066873703
+            Virtual Size: '0x39b8'
+        .rdata:
+            Entropy: 4.157708038266207
+            Virtual Size: '0x221'
+        .data:
+            Entropy: 1.9267671732967222
+            Virtual Size: '0x4eb9c'
+        INIT:
+            Entropy: 5.1775498523671
+            Virtual Size: '0x67c'
+        .rsrc:
+            Entropy: 3.325586936369158
+            Virtual Size: '0x370'
+        .reloc:
+            Entropy: 4.172193963992313
+            Virtual Size: '0x768'
+    Signature: Unsigned
+    Signatures: {}
+    Imphash: a7bd820fa5b895fab06f20739c9f24b8
+    LoadsDespiteHVCI: 'TRUE'
diff --git a/yaml/ef6b5fe8-6c4b-4b32-8adc-c1d8a83e8558.yaml b/yaml/ef6b5fe8-6c4b-4b32-8adc-c1d8a83e8558.yaml
index 6c8d2f78d..2474bd530 100644
--- a/yaml/ef6b5fe8-6c4b-4b32-8adc-c1d8a83e8558.yaml
+++ b/yaml/ef6b5fe8-6c4b-4b32-8adc-c1d8a83e8558.yaml
@@ -1,224 +1,225 @@
 Id: ef6b5fe8-6c4b-4b32-8adc-c1d8a83e8558
+Tags:
+- a26363e7b02b13f2b8d697abb90cd5c3.sys
+Verified: 'TRUE'
 Author: Alice Climent-Pommeret
 Created: '2023-07-31'
 MitreID: T1014
 Category: malicious
-Verified: 'TRUE'
 Commands:
-  Command: sc.exe create a26363e7b02b13f2b8d697abb90cd5c3.sys binPath=C:\windows\temp\a26363e7b02b13f2b8d697abb90cd5c3.sys
-    type=kernel && sc.exe start a26363e7b02b13f2b8d697abb90cd5c3.sys
-  Description: "Cisco Talos has identified multiple versions of an undocumented malicious\
-    \ driver named \u201CRedDriver,\u201D a driver-based browser hijacker that uses\
-    \ the Windows Filtering Platform (WFP) to intercept browser traffic. RedDriver\
-    \ has been active since at least 2021. RedDriver utilizes HookSignTool to forge\
-    \ its signature timestamp to bypass Windows driver-signing policies. Code from\
-    \ multiple open-source tools has been used in the development of RedDriver's infection\
-    \ chain, including HP-Socket and a custom implementation of ReflectiveLoader.\
-    \ The authors of RedDriver appear to be skilled in driver development and have\
-    \ deep knowledge of the Windows operating system. This threat appears to target\
-    \ native Chinese speakers, as it searches for Chinese language browsers to hijack.\
-    \ Additionally, the authors are likely Chinese speakers themselves."
-  Usecase: ''
-  Privileges: kernel
-  OperatingSystem: Windows 10
+    Command: sc.exe create a26363e7b02b13f2b8d697abb90cd5c3.sys binPath=C:\windows\temp\a26363e7b02b13f2b8d697abb90cd5c3.sys
+        type=kernel && sc.exe start a26363e7b02b13f2b8d697abb90cd5c3.sys
+    Description: "Cisco Talos has identified multiple versions of an undocumented\
+        \ malicious driver named \u201CRedDriver,\u201D a driver-based browser hijacker\
+        \ that uses the Windows Filtering Platform (WFP) to intercept browser traffic.\
+        \ RedDriver has been active since at least 2021. RedDriver utilizes HookSignTool\
+        \ to forge its signature timestamp to bypass Windows driver-signing policies.\
+        \ Code from multiple open-source tools has been used in the development of\
+        \ RedDriver's infection chain, including HP-Socket and a custom implementation\
+        \ of ReflectiveLoader. The authors of RedDriver appear to be skilled in driver\
+        \ development and have deep knowledge of the Windows operating system. This\
+        \ threat appears to target native Chinese speakers, as it searches for Chinese\
+        \ language browsers to hijack. Additionally, the authors are likely Chinese\
+        \ speakers themselves."
+    Usecase: ''
+    Privileges: kernel
+    OperatingSystem: Windows 10
 Resources:
 - https://blog.talosintelligence.com/undocumented-reddriver/
-Acknowledgement:
-  Person: ''
-  Handle: ''
 Detection: []
+Acknowledgement:
+    Person: ''
+    Handle: ''
 KnownVulnerableSamples:
-- Filename: ''
-  MD5: a26363e7b02b13f2b8d697abb90cd5c3
-  SHA1: 18693de1487c55e374b46a7728b5bf43300d4f69
-  SHA256: 42ff11ddb46dfe5fa895e7babf88ee27790cde53a9139fc384346a89e802a327
-  Signature: ''
-  Date: ''
-  Publisher: ''
-  Company: ''
-  Description: ''
-  Product: ''
-  ProductVersion: ''
-  FileVersion: ''
-  MachineType: AMD64
-  OriginalFilename: ''
-  Authentihash:
-    MD5: 973487ded5a1e7b32d97de36ce4a45cc
-    SHA1: fe263450295cfa07653d2c9a6bc6f75324c9163b
-    SHA256: 4225bd4ba3f5d6d5cbd0606402aedca7342e2538abf85309ed3ccef0a738cbb8
-  RichPEHeaderHash:
-    MD5: ecdd5c0e8a78b145a8e5d9443ff0f2eb
-    SHA1: 3ed3a76d965f1b5e387959ceedc84567a2f7bca4
-    SHA256: 1edc4e310bd57e5c317b972f0bdb9f1f0794009b7039364dd6a879ee5f342754
-  Sections:
-    .text:
-      Entropy: 6.2119592546505995
-      Virtual Size: '0xc1ee'
-    .rdata:
-      Entropy: 5.110403242864534
-      Virtual Size: '0xbac'
-    .data:
-      Entropy: 7.880059123812229
-      Virtual Size: '0xa5490'
-    .pdata:
-      Entropy: 4.5968345164469415
-      Virtual Size: '0x540'
-    PAGE:
-      Entropy: 6.308757256393646
-      Virtual Size: '0x9b5'
-    INIT:
-      Entropy: 5.268683087271941
-      Virtual Size: '0xa96'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2023-06-30 05:42:51'
-  InternalName: ''
-  Copyright: ''
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - IoRegisterDriverReinitialization
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeSetEvent
-  - KeInitializeEvent
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - ZwClose
-  - IofCompleteRequest
-  - ObReferenceObjectByHandle
-  - KeWaitForSingleObject
-  - PsThreadType
-  - IoIsWdmVersionAvailable
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - ZwReadFile
-  - IoCreateFile
-  - ZwSetInformationFile
-  - ZwCreateFile
-  - ZwQueryDirectoryFile
-  - ZwDeleteFile
-  - ZwOpenFile
-  - RtlImageNtHeader
-  - ZwQueryInformationFile
-  - ZwWriteFile
-  - ZwSetValueKey
-  - ZwQueryValueKey
-  - _vsnprintf
-  - ZwFlushKey
-  - ZwDeleteKey
-  - ZwOpenKey
-  - _stricmp
-  - ZwCreateKey
-  - PsSetLoadImageNotifyRoutine
-  - PsGetProcessImageFileName
-  - PsLookupProcessByProcessId
-  - MmGetSystemRoutineAddress
-  - RtlGetVersion
-  - FsRtlIsNameInExpression
-  - wcsrchr
-  - PsRemoveLoadImageNotifyRoutine
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - KeUnstackDetachProcess
-  - ObOpenObjectByPointer
-  - KeStackAttachProcess
-  - ZwAllocateVirtualMemory
-  - KeClearEvent
-  - _wcsnicmp
-  - ObCreateObject
-  - IoFileObjectType
-  - IoDriverObjectType
-  - MmMapLockedPagesSpecifyCache
-  - IoGetCurrentProcess
-  - _vsnwprintf
-  - KeQueryTimeIncrement
-  - IoGetDeviceAttachmentBaseRef
-  - IoFreeIrp
-  - IoAllocateIrp
-  - RtlCompareUnicodeString
-  - CmRegisterCallback
-  - PsGetCurrentProcessId
-  - RtlCopyUnicodeString
-  - CmCallbackGetKeyObjectID
-  - ZwEnumerateKey
-  - strstr
-  - KeDelayExecutionThread
-  - ExSystemTimeToLocalTime
-  - RtlTimeToTimeFields
-  - RtlMultiByteToUnicodeN
-  - IoBuildDeviceIoControlRequest
-  - IoGetRelatedDeviceObject
-  - IoFreeMdl
-  - IoCancelIrp
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - IofCallDriver
-  - ZwMapViewOfSection
-  - ExGetPreviousMode
-  - ZwQuerySystemInformation
-  - ZwUnmapViewOfSection
-  - ZwCreateSection
-  - ExFreePool
-  - KeBugCheckEx
-  - __C_specific_handler
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=CN, ST=Beijing, L=Beijing, O=Beijing JoinHope Image Technology Ltd.,
-        CN=Beijing JoinHope Image Technology Ltd.
-      ValidFrom: '2014-05-16 00:00:00'
-      ValidTo: '2015-05-16 23:59:59'
-      Signature: e896f8811ed9938fcbdc8c37f8c029045bb36722791c608d7d59f1d50b9e8923777b3ce973553c8164d7445f038c3720516d74f2f95fd734cd1349c1e6cf17f1c9042f069fb94350f7cd8f36f676fd175742d32adbc5d143423e3bc38bea71f9d021110303529d578ba7aab16d53c61642cf1f7e16964718a083182429d4347a09ea0047d9e53bad112ca5a5a14a180539ceb64000a677709bb70e9e3aea68158977072e7f130f1f99b08c2593b4003523f3f6cd441a7e4d8e88f3a2b871e6a03627dd3dadd97487df1dc5b93119ec65b60d1e4e0248a1978ee7480c08b8b8e54d890e7941aa852cf65d731cf0a6cf66584a0d0fba70d6697ee22a8d859919f4
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0a005d2e2bcd4137168217d8c727747c
-      Version: 3
-      TBS:
-        MD5: 4d213d99215f488050faaa39765656d1
-        SHA1: 0308508b5a3fcd330bbf28931f8e1a9c93c3ee69
-        SHA256: ea947432de238a25fdb7892e436f4ef44f30ab16ae9e1eb914860f4808b25ef2
-        SHA384: 430e932514f35ed55f31f050f33bcc0b9244fd83c6d1d28ee240306e54292e93b5894ef4eb9c09bf84cdc8068c6a7230
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 0a005d2e2bcd4137168217d8c727747c
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: be0dd8b8e045356d600ee55a64d9d197
-  LoadsDespiteHVCI: 'TRUE'
-Tags:
-- a26363e7b02b13f2b8d697abb90cd5c3.sys
+-   Filename: ''
+    MD5: a26363e7b02b13f2b8d697abb90cd5c3
+    SHA1: 18693de1487c55e374b46a7728b5bf43300d4f69
+    SHA256: 42ff11ddb46dfe5fa895e7babf88ee27790cde53a9139fc384346a89e802a327
+    Signature: ''
+    Date: ''
+    Publisher: ''
+    Company: ''
+    Description: ''
+    Product: ''
+    ProductVersion: ''
+    FileVersion: ''
+    MachineType: AMD64
+    OriginalFilename: ''
+    Authentihash:
+        MD5: 973487ded5a1e7b32d97de36ce4a45cc
+        SHA1: fe263450295cfa07653d2c9a6bc6f75324c9163b
+        SHA256: 4225bd4ba3f5d6d5cbd0606402aedca7342e2538abf85309ed3ccef0a738cbb8
+    RichPEHeaderHash:
+        MD5: ecdd5c0e8a78b145a8e5d9443ff0f2eb
+        SHA1: 3ed3a76d965f1b5e387959ceedc84567a2f7bca4
+        SHA256: 1edc4e310bd57e5c317b972f0bdb9f1f0794009b7039364dd6a879ee5f342754
+    Sections:
+        .text:
+            Entropy: 6.2119592546505995
+            Virtual Size: '0xc1ee'
+        .rdata:
+            Entropy: 5.110403242864534
+            Virtual Size: '0xbac'
+        .data:
+            Entropy: 7.880059123812229
+            Virtual Size: '0xa5490'
+        .pdata:
+            Entropy: 4.5968345164469415
+            Virtual Size: '0x540'
+        PAGE:
+            Entropy: 6.308757256393646
+            Virtual Size: '0x9b5'
+        INIT:
+            Entropy: 5.268683087271941
+            Virtual Size: '0xa96'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2023-06-30 05:42:51'
+    InternalName: ''
+    Copyright: ''
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - IoRegisterDriverReinitialization
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeSetEvent
+    - KeInitializeEvent
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - ZwClose
+    - IofCompleteRequest
+    - ObReferenceObjectByHandle
+    - KeWaitForSingleObject
+    - PsThreadType
+    - IoIsWdmVersionAvailable
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - ZwReadFile
+    - IoCreateFile
+    - ZwSetInformationFile
+    - ZwCreateFile
+    - ZwQueryDirectoryFile
+    - ZwDeleteFile
+    - ZwOpenFile
+    - RtlImageNtHeader
+    - ZwQueryInformationFile
+    - ZwWriteFile
+    - ZwSetValueKey
+    - ZwQueryValueKey
+    - _vsnprintf
+    - ZwFlushKey
+    - ZwDeleteKey
+    - ZwOpenKey
+    - _stricmp
+    - ZwCreateKey
+    - PsSetLoadImageNotifyRoutine
+    - PsGetProcessImageFileName
+    - PsLookupProcessByProcessId
+    - MmGetSystemRoutineAddress
+    - RtlGetVersion
+    - FsRtlIsNameInExpression
+    - wcsrchr
+    - PsRemoveLoadImageNotifyRoutine
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - KeUnstackDetachProcess
+    - ObOpenObjectByPointer
+    - KeStackAttachProcess
+    - ZwAllocateVirtualMemory
+    - KeClearEvent
+    - _wcsnicmp
+    - ObCreateObject
+    - IoFileObjectType
+    - IoDriverObjectType
+    - MmMapLockedPagesSpecifyCache
+    - IoGetCurrentProcess
+    - _vsnwprintf
+    - KeQueryTimeIncrement
+    - IoGetDeviceAttachmentBaseRef
+    - IoFreeIrp
+    - IoAllocateIrp
+    - RtlCompareUnicodeString
+    - CmRegisterCallback
+    - PsGetCurrentProcessId
+    - RtlCopyUnicodeString
+    - CmCallbackGetKeyObjectID
+    - ZwEnumerateKey
+    - strstr
+    - KeDelayExecutionThread
+    - ExSystemTimeToLocalTime
+    - RtlTimeToTimeFields
+    - RtlMultiByteToUnicodeN
+    - IoBuildDeviceIoControlRequest
+    - IoGetRelatedDeviceObject
+    - IoFreeMdl
+    - IoCancelIrp
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - IofCallDriver
+    - ZwMapViewOfSection
+    - ExGetPreviousMode
+    - ZwQuerySystemInformation
+    - ZwUnmapViewOfSection
+    - ZwCreateSection
+    - ExFreePool
+    - KeBugCheckEx
+    - __C_specific_handler
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=CN, ST=Beijing, L=Beijing, O=Beijing JoinHope Image Technology
+                Ltd., CN=Beijing JoinHope Image Technology Ltd.
+            ValidFrom: '2014-05-16 00:00:00'
+            ValidTo: '2015-05-16 23:59:59'
+            Signature: e896f8811ed9938fcbdc8c37f8c029045bb36722791c608d7d59f1d50b9e8923777b3ce973553c8164d7445f038c3720516d74f2f95fd734cd1349c1e6cf17f1c9042f069fb94350f7cd8f36f676fd175742d32adbc5d143423e3bc38bea71f9d021110303529d578ba7aab16d53c61642cf1f7e16964718a083182429d4347a09ea0047d9e53bad112ca5a5a14a180539ceb64000a677709bb70e9e3aea68158977072e7f130f1f99b08c2593b4003523f3f6cd441a7e4d8e88f3a2b871e6a03627dd3dadd97487df1dc5b93119ec65b60d1e4e0248a1978ee7480c08b8b8e54d890e7941aa852cf65d731cf0a6cf66584a0d0fba70d6697ee22a8d859919f4
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0a005d2e2bcd4137168217d8c727747c
+            Version: 3
+            TBS:
+                MD5: 4d213d99215f488050faaa39765656d1
+                SHA1: 0308508b5a3fcd330bbf28931f8e1a9c93c3ee69
+                SHA256: ea947432de238a25fdb7892e436f4ef44f30ab16ae9e1eb914860f4808b25ef2
+                SHA384: 430e932514f35ed55f31f050f33bcc0b9244fd83c6d1d28ee240306e54292e93b5894ef4eb9c09bf84cdc8068c6a7230
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 0a005d2e2bcd4137168217d8c727747c
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: be0dd8b8e045356d600ee55a64d9d197
+    LoadsDespiteHVCI: 'TRUE'
diff --git a/yaml/f16f82de-1ad0-47d8-a869-2c10ed25d9f1.yaml b/yaml/f16f82de-1ad0-47d8-a869-2c10ed25d9f1.yaml
index cb2db5f4c..937d54363 100644
--- a/yaml/f16f82de-1ad0-47d8-a869-2c10ed25d9f1.yaml
+++ b/yaml/f16f82de-1ad0-47d8-a869-2c10ed25d9f1.yaml
@@ -1,260 +1,261 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: f16f82de-1ad0-47d8-a869-2c10ed25d9f1
+Tags:
+- FH-EtherCAT_DIO.sys
+Verified: 'TRUE'
 Author: Takahiro Haruyama
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create FH-EtherCAT_DIOsys binPath= C:\windows\temp\FH-EtherCAT_DIOsys.sys
-    type=kernel && sc.exe start FH-EtherCAT_DIOsys
-  Description: The Carbon Black Threat Analysis Unit (TAU) discovered 34 unique vulnerable
-    drivers (237 file hashes) accepting firmware access. Six allow kernel memory access.
-    All give full control of the devices to non-admin users. By exploiting the vulnerable
-    drivers, an attacker without the system privilege may erase/alter firmware, and/or
-    elevate privileges. As of the time of writing in October 2023, the filenames of
-    the vulnerable drivers have not been made public until now.
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-11-02'
-Detection: []
-Id: f16f82de-1ad0-47d8-a869-2c10ed25d9f1
-KnownVulnerableSamples:
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: ''
-  MD5: eb0a8eeb444033ebf9b4b304f114f2c8
-  MachineType: I386
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: b8d19cd28788ce4570623a5433b091a5fbd4c26d
-  SHA256: 8001d7161d662a6f4afb4d17823144e042fd24696d8904380d48065209f28258
-  Signature: ''
-  Imphash: 69163e5596280d3319375c9bcd4b5da1
-  Authentihash:
-    MD5: 3fac9a0418f2319fc1b9ddc3fddde14f
-    SHA1: f003d1d1abbb02b0b338aefdca8ea31b92e6b616
-    SHA256: 039f442ffbda7decaaf1e367db6fc6f28cc73d549527ef5bedf2be8badedbfd7
-  RichPEHeaderHash:
-    MD5: 01803160bf42f5cb8bc329909f9a7c1a
-    SHA1: 8c7dc2739a76bfa9fc36876dbc2cd5302cdb36f6
-    SHA256: ac2d1fd8107533a6331706b2967c0b0a4578fc69906cf04ad78519dbfb770417
-  Sections:
-    .text:
-      Entropy: 5.901691322133691
-      Virtual Size: '0x25c5'
-    .rdata:
-      Entropy: 4.961383930860603
-      Virtual Size: '0x152'
-    .data:
-      Entropy: 1.9182958340544898
-      Virtual Size: '0x18'
-    PAGE:
-      Entropy: 6.217238130535036
-      Virtual Size: '0x183f'
-    INIT:
-      Entropy: 5.729271875970734
-      Virtual Size: '0x68e'
-    .reloc:
-      Entropy: 5.846387306381428
-      Virtual Size: '0x266'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2018-05-28 23:01:50'
-  InternalName: ''
-  Copyright: ''
-  Imports:
-  - ntoskrnl.exe
-  - HAL.DLL
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoDetachDevice
-  - KeInitializeDpc
-  - KeInitializeTimer
-  - IoRegisterDeviceInterface
-  - KeInitializeEvent
-  - IoAttachDeviceToDeviceStack
-  - IoCreateDevice
-  - IoGetDeviceProperty
-  - IoDeleteDevice
-  - memset
-  - IofCallDriver
-  - MmUnmapIoSpace
-  - IoDisconnectInterrupt
-  - KeCancelTimer
-  - KeSetTimer
-  - IoSetDeviceInterfaceState
-  - IoConnectInterrupt
-  - DbgPrint
-  - IofCompleteRequest
-  - MmMapIoSpace
-  - RtlAssert
-  - KeDelayExecutionThread
-  - ObReferenceObjectByHandle
-  - ExEventObjectType
-  - ObfDereferenceObject
-  - KeWaitForSingleObject
-  - KeSetEvent
-  - KeInsertQueueDpc
-  - WRITE_REGISTER_UCHAR
-  - WRITE_REGISTER_USHORT
-  - WRITE_REGISTER_ULONG
-  - READ_REGISTER_UCHAR
-  - READ_REGISTER_USHORT
-  - READ_REGISTER_ULONG
-  - ExAllocatePoolWithTag
-  - RtlCopyUnicodeString
-  - KeTickCount
-  - ExFreePoolWithTag
-  - KeStallExecutionProcessor
-  - KfAcquireSpinLock
-  - KfReleaseSpinLock
-  - KeGetCurrentIrql
-  Signatures: {}
-  LoadsDespiteHVCI: 'FALSE'
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: ''
-  MD5: 5c55fcfe39336de769bfa258ab4c901d
-  MachineType: AMD64
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: 170a50139f95ad1ec94d51fdd94c1966dbed0e47
-  SHA256: ae71f40f06edda422efcd16f3a48f5b795b34dd6d9bb19c9c8f2e083f0850eb7
-  Signature: ''
-  Imphash: 68a12eb3f32f7e193bd0d722ea6be4ab
-  Authentihash:
-    MD5: 48d0dc0f0c7f19a4ad4f923af1b971fd
-    SHA1: 364f53ed52e121182be0e0a21c17c2254894713d
-    SHA256: 5e7b92e6a1f656a70ed56ef2a190fce6bb3f12063b891fbfd722ca4e951de15f
-  RichPEHeaderHash:
-    MD5: 2de13e46d55279d7b416782d6bbc3090
-    SHA1: 1169c889d4f8d66a4ac942e365da0374b00c331e
-    SHA256: 0d1ae3144674ac08c57920a12a0b7713a1e74aaa33b0122cf6052746d83767e4
-  Sections:
-    .text:
-      Entropy: 5.641453645525418
-      Virtual Size: '0x2de5'
-    .rdata:
-      Entropy: 4.158269867338521
-      Virtual Size: '0x2a0'
-    .data:
-      Entropy: 0.4917211838342579
-      Virtual Size: '0x120'
-    .pdata:
-      Entropy: 4.008320765530775
-      Virtual Size: '0x204'
-    PAGE:
-      Entropy: 5.982753179846998
-      Virtual Size: '0x1c2f'
-    INIT:
-      Entropy: 5.533732474907791
-      Virtual Size: '0x6d4'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2018-05-28 23:01:57'
-  InternalName: ''
-  Copyright: ''
-  Imports:
-  - ntoskrnl.exe
-  - HAL.DLL
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - ExFreePoolWithTag
-  - IoRegisterDeviceInterface
-  - IoSetDeviceInterfaceState
-  - IoDeleteDevice
-  - KeSetEvent
-  - KeInitializeEvent
-  - KeInitializeDpc
-  - KeReleaseSpinLock
-  - IoDetachDevice
-  - MmUnmapIoSpace
-  - KeInitializeTimer
-  - KeDelayExecutionThread
-  - ExEventObjectType
-  - MmMapIoSpace
-  - KeInsertQueueDpc
-  - IofCompleteRequest
-  - IoConnectInterrupt
-  - ObReferenceObjectByHandle
-  - KeWaitForSingleObject
-  - IoAttachDeviceToDeviceStack
-  - KeSetTimer
-  - RtlCopyUnicodeString
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - IoDisconnectInterrupt
-  - RtlAssert
-  - KeCancelTimer
-  - IoGetDeviceProperty
-  - DbgPrint
-  - IofCallDriver
-  - KeAcquireSpinLockRaiseToDpc
-  - KeBugCheckEx
-  - ExAllocatePoolWithTag
-  - KeStallExecutionProcessor
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: ??=JP, ??=Private Organization, serialNumber=1300,01,016824, C=JP,
-        ST=Shiga, L=Kusatsu,city, O=OMRON Corporation, CN=OMRON Corporation
-      ValidFrom: '2017-07-31 00:00:00'
-      ValidTo: '2018-07-31 23:59:59'
-      Signature: 8362ee2339efc4b452de6019f266520f926ffa5ee7db3ec05efb97c42e06be69f1b4834f69e0da8ddc09af08fb9efc56d43007561684066dd7537eefedfc200985c3f3ee0bf7969e755aef4af7f66874c5ac9d791a1168fb2e34076e506bf44e108a69329037284af5a68319423e34164ffafd9688c1fb58e38ea0c6156af531edc3ae2e6de17b5b63076e4362d606882fa9acb385cc9c21af896d49f0bb27aff846dc4a9ddd9b9de1b5eabfb42a3577813f2b3e3af20cd7980ee95bbacd92a3d8aa6a55f1e2357ba826af83aea21df5d60a9225de041acd03da2ae0b46cdbedbaa8fbc400bdabfe687ddd7866fc084b2f95b44de7a87562824de9f028b6ae45
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 0a60585e11d143fc61db92bd9370b833
-      Version: 3
-      TBS:
-        MD5: 0d0c0b9219f7ce087c4a9c1e756b88c8
-        SHA1: 2841dd43b7491ce68f777036ff910b70c57efd0f
-        SHA256: 11fb5faf42812f4c5781a03d9fbb7c8ed7b7786d44cd3bc986ed07d4447a38d3
-        SHA384: e8dd3feceae753f9c7e99d3a10c6f00c6beeb946b572feff3cd567a0beb538597fb156b2596af371838a838389520885
-    - Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 Extended Validation Code Signing CA , G2
-      ValidFrom: '2014-03-04 00:00:00'
-      ValidTo: '2024-03-03 23:59:59'
-      Signature: 3f5b19f3fa13d575382a5aee9f5aa04ca91dc5cc94eede15fef5106ea41ba56483541858c40b28a185c34e74e5ff897cfed5ed3cba719f5602268f162a88feb0a32722ce4be2388e00a63a865f9de53ea8de644941744121fd07c88417da1d653082cb264f39d60427a481b14b49c3238b7e02321827b7ab0bf31872b6a4ee67066f38a6588de0f17e5da460c6a8e5505fe0e8bae28f9958b6b5a0a876f1a2f11c8841727e52979b0a36998d50f701eb3ce7f0226ae5358c63368a1ab1d967665f971aefa8209df02fba6cced9948500f158f17dc97c22b5075d02c6e60bbfab9393ff27188e33367e5734f1c3af04c184f156b3e8878336f8d30a31dc6e2c6d
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 191a32cb759c97b8cfac118dd5127f49
-      Version: 3
-      TBS:
-        MD5: 788b61bd26da89253179e3de2cdb527f
-        SHA1: 7d06f16e7bf21bce4f71c2cb7a3e74351451bf69
-        SHA256: b3c925b4048c3f7c444d248a2b101186b57cba39596eb5dce0e17a4ee4b32f19
-        SHA384: 2955e28cb7ec0ea9730b499a0f189f9621eceb02591a9486b583f12bb845885a30d6a871826318a167cc5f06b274e58c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    Signer:
-    - SerialNumber: 0a60585e11d143fc61db92bd9370b833
-      Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 Extended Validation Code Signing CA , G2
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create FH-EtherCAT_DIOsys binPath= C:\windows\temp\FH-EtherCAT_DIOsys.sys
+        type=kernel && sc.exe start FH-EtherCAT_DIOsys
+    Description: The Carbon Black Threat Analysis Unit (TAU) discovered 34 unique
+        vulnerable drivers (237 file hashes) accepting firmware access. Six allow
+        kernel memory access. All give full control of the devices to non-admin users.
+        By exploiting the vulnerable drivers, an attacker without the system privilege
+        may erase/alter firmware, and/or elevate privileges. As of the time of writing
+        in October 2023, the filenames of the vulnerable drivers have not been made
+        public until now.
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://blogs.vmware.com/security/2023/10/hunting-vulnerable-kernel-drivers.html
-Tags:
-- FH-EtherCAT_DIO.sys
-Verified: 'TRUE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: ''
+    MD5: eb0a8eeb444033ebf9b4b304f114f2c8
+    MachineType: I386
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: b8d19cd28788ce4570623a5433b091a5fbd4c26d
+    SHA256: 8001d7161d662a6f4afb4d17823144e042fd24696d8904380d48065209f28258
+    Signature: ''
+    Imphash: 69163e5596280d3319375c9bcd4b5da1
+    Authentihash:
+        MD5: 3fac9a0418f2319fc1b9ddc3fddde14f
+        SHA1: f003d1d1abbb02b0b338aefdca8ea31b92e6b616
+        SHA256: 039f442ffbda7decaaf1e367db6fc6f28cc73d549527ef5bedf2be8badedbfd7
+    RichPEHeaderHash:
+        MD5: 01803160bf42f5cb8bc329909f9a7c1a
+        SHA1: 8c7dc2739a76bfa9fc36876dbc2cd5302cdb36f6
+        SHA256: ac2d1fd8107533a6331706b2967c0b0a4578fc69906cf04ad78519dbfb770417
+    Sections:
+        .text:
+            Entropy: 5.901691322133691
+            Virtual Size: '0x25c5'
+        .rdata:
+            Entropy: 4.961383930860603
+            Virtual Size: '0x152'
+        .data:
+            Entropy: 1.9182958340544898
+            Virtual Size: '0x18'
+        PAGE:
+            Entropy: 6.217238130535036
+            Virtual Size: '0x183f'
+        INIT:
+            Entropy: 5.729271875970734
+            Virtual Size: '0x68e'
+        .reloc:
+            Entropy: 5.846387306381428
+            Virtual Size: '0x266'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2018-05-28 23:01:50'
+    InternalName: ''
+    Copyright: ''
+    Imports:
+    - ntoskrnl.exe
+    - HAL.DLL
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoDetachDevice
+    - KeInitializeDpc
+    - KeInitializeTimer
+    - IoRegisterDeviceInterface
+    - KeInitializeEvent
+    - IoAttachDeviceToDeviceStack
+    - IoCreateDevice
+    - IoGetDeviceProperty
+    - IoDeleteDevice
+    - memset
+    - IofCallDriver
+    - MmUnmapIoSpace
+    - IoDisconnectInterrupt
+    - KeCancelTimer
+    - KeSetTimer
+    - IoSetDeviceInterfaceState
+    - IoConnectInterrupt
+    - DbgPrint
+    - IofCompleteRequest
+    - MmMapIoSpace
+    - RtlAssert
+    - KeDelayExecutionThread
+    - ObReferenceObjectByHandle
+    - ExEventObjectType
+    - ObfDereferenceObject
+    - KeWaitForSingleObject
+    - KeSetEvent
+    - KeInsertQueueDpc
+    - WRITE_REGISTER_UCHAR
+    - WRITE_REGISTER_USHORT
+    - WRITE_REGISTER_ULONG
+    - READ_REGISTER_UCHAR
+    - READ_REGISTER_USHORT
+    - READ_REGISTER_ULONG
+    - ExAllocatePoolWithTag
+    - RtlCopyUnicodeString
+    - KeTickCount
+    - ExFreePoolWithTag
+    - KeStallExecutionProcessor
+    - KfAcquireSpinLock
+    - KfReleaseSpinLock
+    - KeGetCurrentIrql
+    Signatures: {}
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: ''
+    MD5: 5c55fcfe39336de769bfa258ab4c901d
+    MachineType: AMD64
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: 170a50139f95ad1ec94d51fdd94c1966dbed0e47
+    SHA256: ae71f40f06edda422efcd16f3a48f5b795b34dd6d9bb19c9c8f2e083f0850eb7
+    Signature: ''
+    Imphash: 68a12eb3f32f7e193bd0d722ea6be4ab
+    Authentihash:
+        MD5: 48d0dc0f0c7f19a4ad4f923af1b971fd
+        SHA1: 364f53ed52e121182be0e0a21c17c2254894713d
+        SHA256: 5e7b92e6a1f656a70ed56ef2a190fce6bb3f12063b891fbfd722ca4e951de15f
+    RichPEHeaderHash:
+        MD5: 2de13e46d55279d7b416782d6bbc3090
+        SHA1: 1169c889d4f8d66a4ac942e365da0374b00c331e
+        SHA256: 0d1ae3144674ac08c57920a12a0b7713a1e74aaa33b0122cf6052746d83767e4
+    Sections:
+        .text:
+            Entropy: 5.641453645525418
+            Virtual Size: '0x2de5'
+        .rdata:
+            Entropy: 4.158269867338521
+            Virtual Size: '0x2a0'
+        .data:
+            Entropy: 0.4917211838342579
+            Virtual Size: '0x120'
+        .pdata:
+            Entropy: 4.008320765530775
+            Virtual Size: '0x204'
+        PAGE:
+            Entropy: 5.982753179846998
+            Virtual Size: '0x1c2f'
+        INIT:
+            Entropy: 5.533732474907791
+            Virtual Size: '0x6d4'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2018-05-28 23:01:57'
+    InternalName: ''
+    Copyright: ''
+    Imports:
+    - ntoskrnl.exe
+    - HAL.DLL
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - ExFreePoolWithTag
+    - IoRegisterDeviceInterface
+    - IoSetDeviceInterfaceState
+    - IoDeleteDevice
+    - KeSetEvent
+    - KeInitializeEvent
+    - KeInitializeDpc
+    - KeReleaseSpinLock
+    - IoDetachDevice
+    - MmUnmapIoSpace
+    - KeInitializeTimer
+    - KeDelayExecutionThread
+    - ExEventObjectType
+    - MmMapIoSpace
+    - KeInsertQueueDpc
+    - IofCompleteRequest
+    - IoConnectInterrupt
+    - ObReferenceObjectByHandle
+    - KeWaitForSingleObject
+    - IoAttachDeviceToDeviceStack
+    - KeSetTimer
+    - RtlCopyUnicodeString
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - IoDisconnectInterrupt
+    - RtlAssert
+    - KeCancelTimer
+    - IoGetDeviceProperty
+    - DbgPrint
+    - IofCallDriver
+    - KeAcquireSpinLockRaiseToDpc
+    - KeBugCheckEx
+    - ExAllocatePoolWithTag
+    - KeStallExecutionProcessor
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: ??=JP, ??=Private Organization, serialNumber=1300,01,016824,
+                C=JP, ST=Shiga, L=Kusatsu,city, O=OMRON Corporation, CN=OMRON Corporation
+            ValidFrom: '2017-07-31 00:00:00'
+            ValidTo: '2018-07-31 23:59:59'
+            Signature: 8362ee2339efc4b452de6019f266520f926ffa5ee7db3ec05efb97c42e06be69f1b4834f69e0da8ddc09af08fb9efc56d43007561684066dd7537eefedfc200985c3f3ee0bf7969e755aef4af7f66874c5ac9d791a1168fb2e34076e506bf44e108a69329037284af5a68319423e34164ffafd9688c1fb58e38ea0c6156af531edc3ae2e6de17b5b63076e4362d606882fa9acb385cc9c21af896d49f0bb27aff846dc4a9ddd9b9de1b5eabfb42a3577813f2b3e3af20cd7980ee95bbacd92a3d8aa6a55f1e2357ba826af83aea21df5d60a9225de041acd03da2ae0b46cdbedbaa8fbc400bdabfe687ddd7866fc084b2f95b44de7a87562824de9f028b6ae45
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 0a60585e11d143fc61db92bd9370b833
+            Version: 3
+            TBS:
+                MD5: 0d0c0b9219f7ce087c4a9c1e756b88c8
+                SHA1: 2841dd43b7491ce68f777036ff910b70c57efd0f
+                SHA256: 11fb5faf42812f4c5781a03d9fbb7c8ed7b7786d44cd3bc986ed07d4447a38d3
+                SHA384: e8dd3feceae753f9c7e99d3a10c6f00c6beeb946b572feff3cd567a0beb538597fb156b2596af371838a838389520885
+        -   Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 Extended Validation Code Signing CA , G2
+            ValidFrom: '2014-03-04 00:00:00'
+            ValidTo: '2024-03-03 23:59:59'
+            Signature: 3f5b19f3fa13d575382a5aee9f5aa04ca91dc5cc94eede15fef5106ea41ba56483541858c40b28a185c34e74e5ff897cfed5ed3cba719f5602268f162a88feb0a32722ce4be2388e00a63a865f9de53ea8de644941744121fd07c88417da1d653082cb264f39d60427a481b14b49c3238b7e02321827b7ab0bf31872b6a4ee67066f38a6588de0f17e5da460c6a8e5505fe0e8bae28f9958b6b5a0a876f1a2f11c8841727e52979b0a36998d50f701eb3ce7f0226ae5358c63368a1ab1d967665f971aefa8209df02fba6cced9948500f158f17dc97c22b5075d02c6e60bbfab9393ff27188e33367e5734f1c3af04c184f156b3e8878336f8d30a31dc6e2c6d
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 191a32cb759c97b8cfac118dd5127f49
+            Version: 3
+            TBS:
+                MD5: 788b61bd26da89253179e3de2cdb527f
+                SHA1: 7d06f16e7bf21bce4f71c2cb7a3e74351451bf69
+                SHA256: b3c925b4048c3f7c444d248a2b101186b57cba39596eb5dce0e17a4ee4b32f19
+                SHA384: 2955e28cb7ec0ea9730b499a0f189f9621eceb02591a9486b583f12bb845885a30d6a871826318a167cc5f06b274e58c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        Signer:
+        -   SerialNumber: 0a60585e11d143fc61db92bd9370b833
+            Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 Extended Validation Code Signing CA , G2
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/f1dcb0e4-aa53-4e62-ab09-fb7b4a356916.yaml b/yaml/f1dcb0e4-aa53-4e62-ab09-fb7b4a356916.yaml
index ef89b88bf..6a8d7d1d1 100644
--- a/yaml/f1dcb0e4-aa53-4e62-ab09-fb7b4a356916.yaml
+++ b/yaml/f1dcb0e4-aa53-4e62-ab09-fb7b4a356916.yaml
@@ -1,809 +1,809 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: f1dcb0e4-aa53-4e62-ab09-fb7b4a356916
+Tags:
+- netfilterdrv.sys
+Verified: 'TRUE'
 Author: Michael Haag
+Created: '2023-01-09'
+MitreID: T1068
 Category: vulnerable driver
 Commands:
-  Command: sc.exe create netfilterdrv.sys binPath=C:\windows\temp \n \n \n  etfilterdrv.sys     type=kernel
-    type=kernel && sc.exe start netfilterdrv.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
-Created: '2023-01-09'
+    Command: sc.exe create netfilterdrv.sys binPath=C:\windows\temp \n \n \n  etfilterdrv.sys     type=kernel
+        type=kernel && sc.exe start netfilterdrv.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
+Resources:
+- https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules
 Detection: []
-Id: f1dcb0e4-aa53-4e62-ab09-fb7b4a356916
+Acknowledgement:
+    Handle: ''
+    Person: ''
 KnownVulnerableSamples:
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: netfilterdrv.sys
-  MachineType: ''
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: e74b6dda8bc53bc687fc21218bd34062a78d8467
-  Signature: []
-  LoadsDespiteHVCI: 'FALSE'
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: netfilterdrv.sys
-  MachineType: ''
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: 2c27abbbbcf10dfb75ad79557e30ace5ed314df8
-  Signature: []
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 66257018e5d6ab9266c67b93110b62d6
-    SHA1: fd8a340cd071bc98e6eeac9bbd4ac8a78688bc17
-    SHA256: 84df20b1d9d87e305c92e5ffae21b10b325609d59d835a954dbd8750ef5dabf4
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2021-05-15 01:03:51'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - ZwClose
-  - KeSetBasePriorityThread
-  - KeInitializeEvent
-  - PsTerminateSystemThread
-  - KeSetEvent
-  - KeInitializeTimerEx
-  - KeSetTimerEx
-  - KeWaitForSingleObject
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - PsCreateSystemThread
-  - MmIsAddressValid
-  - KeLeaveCriticalRegion
-  - RtlCopyUnicodeString
-  - KeEnterCriticalRegion
-  - IoDeleteSymbolicLink
-  - RtlInitUnicodeString
-  - WdfVersionBind
-  - WdfVersionUnbind
-  - WdfVersionUnbindClass
-  - WdfVersionBindClass
-  Imports:
-  - ntoskrnl.exe
-  - WDFLDR.SYS
-  InternalName: ''
-  MD5: 6133e1008f8c6fc32d4b1a60941bab85
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 18a0f8b968cb4f912598bef50726cda5
-    SHA1: 41e70a84e3eb08e4cc7f7369dd454dd63a3c4aec
-    SHA256: f2fa2e301684948585c5d62d695075ab8f33d2256621d54f262c375fd4a07e97
-  SHA1: 108439a4c4508e8dca659905128a4633d8851fd9
-  SHA256: 5bdba1561ec5b23b1d56ea8cee411147d1526595f03a9281166a563b3641fa2a
-  Sections:
-    .text:
-      Entropy: 5.848599003485273
-      Virtual Size: '0xb6c'
-    .rdata:
-      Entropy: 3.8445919290404915
-      Virtual Size: '0x5dc'
-    .data:
-      Entropy: 0.6185079451479871
-      Virtual Size: '0xf88'
-    .pdata:
-      Entropy: 3.4552362597357438
-      Virtual Size: '0xfc'
-    INIT:
-      Entropy: 5.06210191753448
-      Virtual Size: '0x334'
-    .reloc:
-      Entropy: 3.0816870830264413
-      Virtual Size: '0x28'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Hardware Compatibility Publisher
-      ValidFrom: '2020-12-15 22:15:33'
-      ValidTo: '2021-12-02 22:15:33'
-      Signature: 0d2d53cd15a8feddcb17e2df1bf7dc1aef21e98c6cd220f58b593824849c134a0f1add59ce42ef80ddf47860273013604d9568ec5894a797bd4e571432a9aaf10ab04dd1c038b26ab7c5ca3a9c88d009267fab56254525546a0a055fb37b9cd8029c7d501809fc8b11482c7a4347b3ad29f35427c9570e87117db52cc94864259274b9e2e758f918a3af1fdb9f9d40ffa3ae2e2ae012fb97a436258642a2a4223dc6690db88103a6e5220646bd8afb3d12eb894ac28b527396a1965408487f6ab878b3c474b8c960842861ae8e799a3d2a8d6f918f50f8e26bb1ed6ced47be36e447574e8568582964ff31cd288b9c7f8d7e6a46d6c3d92f5c101fe1522a720c
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 33000000b5213fca1e4aa03de40000000000b5
-      Version: 3
-      TBS:
-        MD5: a0dd89c33c4973bf6758331e200fb6de
-        SHA1: 65ff7fa429c0f08f8a8bf30509e8ca2919d9edb5
-        SHA256: 29a7b646af062aee3bf37d1ba190211365116db7d7aa4cb87ba268843262ae47
-        SHA384: a7ac729302762483ea304ff2660a2ce2f5fa67cbbfc3f6df32a8feafa3852812c9bb8f7050140079aad1dec8119ee88e
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2012
-      ValidFrom: '2012-04-18 23:48:38'
-      ValidTo: '2027-04-18 23:58:38'
-      Signature: 5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 610baac1000000000009
-      Version: 3
-      TBS:
-        MD5: a569061297e8e824767dbc3184a69bea
-        SHA1: adbb26a587a8f44b4fccaecb306f980d1c55a150
-        SHA256: cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46
-        SHA384: e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba
-    Signer:
-    - SerialNumber: 33000000b5213fca1e4aa03de40000000000b5
-      Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2012
-      Version: 1
-  Imphash: d14ea0e632fc8485d77e7eba3c4d4537
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: e03a070a426b0c2de53ea23bfc76086b
-    SHA1: 202d5a05e546740037f9a4dc2b21f71680c39d3b
-    SHA256: 0391107305d76eb9ddf1a5b3b3c50da361e8ab35b573dbd19bf9383436b9303e
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2021-04-09 00:29:46'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - FwpsAcquireClassifyHandle0
-  - FwpsReleaseClassifyHandle0
-  - FwpmFilterDeleteById0
-  - FwpsAcquireWritableLayerDataPointer0
-  - FwpsApplyModifiedLayerData0
-  - FwpmFilterAdd0
-  - FwpmCalloutAdd0
-  - FwpmSubLayerDeleteByKey0
-  - FwpmSubLayerAdd0
-  - FwpmTransactionAbort0
-  - FwpmTransactionCommit0
-  - FwpmTransactionBegin0
-  - FwpmEngineClose0
-  - FwpmEngineOpen0
-  - FwpsCalloutUnregisterById0
-  - FwpsCompleteClassify0
-  - FwpsCalloutRegister1
-  - memcpy
-  - KeGetCurrentThread
-  - KeInitializeEvent
-  - KeWaitForSingleObject
-  - IoAllocateIrp
-  - IofCallDriver
-  - IoCreateFile
-  - IoFreeIrp
-  - IoGetRelatedDeviceObject
-  - ObReferenceObjectByHandle
-  - ObfDereferenceObject
-  - ZwQueryInformationFile
-  - ZwSetInformationFile
-  - ZwReadFile
-  - ZwWriteFile
-  - ZwClose
-  - IoFileObjectType
-  - strchr
-  - strncat
-  - strncpy_s
-  - KeResetEvent
-  - MmProbeAndLockPages
-  - MmUnlockPages
-  - IoAllocateMdl
-  - IoFreeMdl
-  - IoReuseIrp
-  - memset
-  - sprintf
-  - KeEnterCriticalRegion
-  - KeLeaveCriticalRegion
-  - PsTerminateSystemThread
-  - KeSetBasePriorityThread
-  - CmUnRegisterCallback
-  - CmRegisterCallbackEx
-  - CmCallbackGetKeyObjectID
-  - strncmp
-  - strncpy
-  - wcsncmp
-  - ExAcquireSpinLockExclusive
-  - ExReleaseSpinLockExclusive
-  - RtlCreateSecurityDescriptor
-  - RtlSetDaclSecurityDescriptor
-  - KeInitializeTimerEx
-  - KeSetTimerEx
-  - PsCreateSystemThread
-  - ZwCreateKey
-  - ZwOpenKey
-  - ZwFlushKey
-  - ZwQueryValueKey
-  - ZwSetValueKey
-  - NtQueryInformationToken
-  - RtlLengthSid
-  - RtlConvertSidToUnicodeString
-  - RtlCreateAcl
-  - RtlAddAccessAllowedAce
-  - RtlSetOwnerSecurityDescriptor
-  - PsLookupProcessByProcessId
-  - ObOpenObjectByPointer
-  - ZwOpenProcessTokenEx
-  - ZwSetSecurityObject
-  - PsGetProcessImageFileName
-  - _allmul
-  - PsProcessType
-  - SeExports
-  - IoDeleteSymbolicLink
-  - RtlUnwind
-  - MmIsAddressValid
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - KeSetEvent
-  - RtlFreeUnicodeString
-  - KeBugCheckEx
-  - RtlAnsiStringToUnicodeString
-  - RtlCopyUnicodeString
-  - RtlInitUnicodeString
-  - RtlInitAnsiString
-  - strstr
-  - WskDeregister
-  - WskReleaseProviderNPI
-  - WskCaptureProviderNPI
-  - WskRegister
-  - KeGetCurrentIrql
-  - WdfVersionBind
-  - WdfVersionBindClass
-  - WdfVersionUnbindClass
-  - WdfVersionUnbind
-  Imports:
-  - fwpkclnt.sys
-  - ntoskrnl.exe
-  - NETIO.SYS
-  - HAL.dll
-  - WDFLDR.SYS
-  InternalName: ''
-  MD5: e04ff937f6fd273b774f23aed5dd8c13
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 48c184eea90f0f9d8a01e83867866680
-    SHA1: fadd2ab2dd0e54dd2328f37e313b3a7f50f58391
-    SHA256: a918abac8859e89b8f2d620f60f54921e2f156a401cfe171a609326331f60635
-  SHA1: 655a9487d7a935322e19bb92d2465849055d029d
-  SHA256: c8926e31be2d1355e542793af8ff9ccc4d1d60cae40c9564b2400dd4e1090bda
-  Sections:
-    .text:
-      Entropy: 6.564030296364231
-      Virtual Size: '0x5b62'
-    .rdata:
-      Entropy: 4.44659940311796
-      Virtual Size: '0x8c4'
-    .data:
-      Entropy: 1.2415415090465123
-      Virtual Size: '0x6f40'
-    INIT:
-      Entropy: 5.541103554795583
-      Virtual Size: '0xae6'
-    .reloc:
-      Entropy: 6.652737807428317
-      Virtual Size: '0x5e4'
-  Signature: ''
-  Signatures: {}
-  Imphash: 518e77c070ae21af7c558962cd1854a3
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 9ade8d34c15a3b675fbdb13522fb3607
-    SHA1: e5a152bb57060c2b27e825258698bd7ff67907ff
-    SHA256: 7113dee11925b346192f6ee5441974db7d1fe9b5be1497a6b295c06930fdd264
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2021-03-27 02:40:44'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - FwpsAcquireClassifyHandle0
-  - FwpsReleaseClassifyHandle0
-  - FwpmFilterDeleteById0
-  - FwpsAcquireWritableLayerDataPointer0
-  - FwpsApplyModifiedLayerData0
-  - FwpmFilterAdd0
-  - FwpmCalloutAdd0
-  - FwpmSubLayerDeleteByKey0
-  - FwpmSubLayerAdd0
-  - FwpmTransactionAbort0
-  - FwpmTransactionCommit0
-  - FwpmTransactionBegin0
-  - FwpmEngineClose0
-  - FwpmEngineOpen0
-  - FwpsCalloutUnregisterById0
-  - FwpsCompleteClassify0
-  - FwpsCalloutRegister1
-  - KeGetCurrentThread
-  - KeInitializeEvent
-  - KeWaitForSingleObject
-  - IoAllocateIrp
-  - IofCallDriver
-  - IoCreateFile
-  - IoFreeIrp
-  - IoGetRelatedDeviceObject
-  - ObReferenceObjectByHandle
-  - ObfDereferenceObject
-  - ZwQueryInformationFile
-  - ZwSetInformationFile
-  - ZwReadFile
-  - ZwWriteFile
-  - ZwClose
-  - IoFileObjectType
-  - strchr
-  - strncat
-  - strncpy_s
-  - strstr
-  - KeResetEvent
-  - MmProbeAndLockPages
-  - MmUnlockPages
-  - IoAllocateMdl
-  - IoFreeMdl
-  - IoReuseIrp
-  - IoDeleteSymbolicLink
-  - sprintf
-  - KeEnterCriticalRegion
-  - KeLeaveCriticalRegion
-  - PsTerminateSystemThread
-  - KeSetBasePriorityThread
-  - CmUnRegisterCallback
-  - CmRegisterCallbackEx
-  - CmCallbackGetKeyObjectID
-  - strncmp
-  - strncpy
-  - wcsncmp
-  - ExAcquireSpinLockExclusive
-  - ExReleaseSpinLockExclusive
-  - RtlCreateSecurityDescriptor
-  - RtlSetDaclSecurityDescriptor
-  - KeInitializeTimerEx
-  - KeSetTimerEx
-  - PsCreateSystemThread
-  - ZwCreateKey
-  - ZwOpenKey
-  - ZwFlushKey
-  - ZwQueryValueKey
-  - ZwSetValueKey
-  - NtQueryInformationToken
-  - RtlLengthSid
-  - RtlConvertSidToUnicodeString
-  - RtlCreateAcl
-  - RtlAddAccessAllowedAce
-  - RtlSetOwnerSecurityDescriptor
-  - PsLookupProcessByProcessId
-  - ObOpenObjectByPointer
-  - ZwOpenProcessTokenEx
-  - ZwSetSecurityObject
-  - PsGetProcessImageFileName
-  - _allmul
-  - PsProcessType
-  - SeExports
-  - memcpy
-  - RtlUnwind
-  - memset
-  - MmIsAddressValid
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - KeSetEvent
-  - KeBugCheckEx
-  - RtlFreeUnicodeString
-  - RtlCopyUnicodeString
-  - RtlAnsiStringToUnicodeString
-  - RtlInitUnicodeString
-  - RtlInitAnsiString
-  - WskDeregister
-  - WskReleaseProviderNPI
-  - WskCaptureProviderNPI
-  - WskRegister
-  - KeGetCurrentIrql
-  - WdfVersionBind
-  - WdfVersionBindClass
-  - WdfVersionUnbindClass
-  - WdfVersionUnbind
-  Imports:
-  - fwpkclnt.sys
-  - ntoskrnl.exe
-  - NETIO.SYS
-  - HAL.dll
-  - WDFLDR.SYS
-  InternalName: ''
-  MD5: e65fa439efa9e5ad1d2c9aee40c7238e
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: e78033e3940227ef529f8a8c84025c5c
-    SHA1: aef9cac4f326b7e9ddab651d1afe738e8f424e0d
-    SHA256: d32fce59ec211d0c8774e2778437271bfb431c68a6ff3d42b1d37219cce7e934
-  SHA1: 1c3f2579310ddd7ae09ce9ca1cc537a771b83c9f
-  SHA256: 70b63dfc3ed2b89a4eb8a0aa6c26885f460e5686d21c9d32413df0cdc5f962c7
-  Sections:
-    .text:
-      Entropy: 6.594332216216938
-      Virtual Size: '0x569e'
-    .rdata:
-      Entropy: 4.499737117203536
-      Virtual Size: '0x8dc'
-    .data:
-      Entropy: 1.2232140216567502
-      Virtual Size: '0x6d38'
-    INIT:
-      Entropy: 5.5462767634898
-      Virtual Size: '0xae6'
-    .reloc:
-      Entropy: 6.625214369147053
-      Virtual Size: '0x5e0'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Hardware Compatibility Publisher
-      ValidFrom: '2020-12-15 22:15:33'
-      ValidTo: '2021-12-02 22:15:33'
-      Signature: 0d2d53cd15a8feddcb17e2df1bf7dc1aef21e98c6cd220f58b593824849c134a0f1add59ce42ef80ddf47860273013604d9568ec5894a797bd4e571432a9aaf10ab04dd1c038b26ab7c5ca3a9c88d009267fab56254525546a0a055fb37b9cd8029c7d501809fc8b11482c7a4347b3ad29f35427c9570e87117db52cc94864259274b9e2e758f918a3af1fdb9f9d40ffa3ae2e2ae012fb97a436258642a2a4223dc6690db88103a6e5220646bd8afb3d12eb894ac28b527396a1965408487f6ab878b3c474b8c960842861ae8e799a3d2a8d6f918f50f8e26bb1ed6ced47be36e447574e8568582964ff31cd288b9c7f8d7e6a46d6c3d92f5c101fe1522a720c
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 33000000b5213fca1e4aa03de40000000000b5
-      Version: 3
-      TBS:
-        MD5: a0dd89c33c4973bf6758331e200fb6de
-        SHA1: 65ff7fa429c0f08f8a8bf30509e8ca2919d9edb5
-        SHA256: 29a7b646af062aee3bf37d1ba190211365116db7d7aa4cb87ba268843262ae47
-        SHA384: a7ac729302762483ea304ff2660a2ce2f5fa67cbbfc3f6df32a8feafa3852812c9bb8f7050140079aad1dec8119ee88e
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2012
-      ValidFrom: '2012-04-18 23:48:38'
-      ValidTo: '2027-04-18 23:58:38'
-      Signature: 5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 610baac1000000000009
-      Version: 3
-      TBS:
-        MD5: a569061297e8e824767dbc3184a69bea
-        SHA1: adbb26a587a8f44b4fccaecb306f980d1c55a150
-        SHA256: cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46
-        SHA384: e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba
-    Signer:
-    - SerialNumber: 33000000b5213fca1e4aa03de40000000000b5
-      Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2012
-      Version: 1
-  Imphash: 9321f9c47129fbc728ead2710e22f1a5
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 1abe3c9e3bf2b93b6674b79f3ebabe7f
-    SHA1: 61258963d900c2a39408ef4b51f69f405f55e407
-    SHA256: 455bc98ba32adab8b47d2d89bdbadca4910f91c182ab2fc3211ba07d3784537b
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2021-04-18 05:19:48'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - KeSetBasePriorityThread
-  - KeInitializeEvent
-  - KeSetEvent
-  - KeInitializeTimerEx
-  - PsTerminateSystemThread
-  - KeWaitForSingleObject
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - PsCreateSystemThread
-  - MmIsAddressValid
-  - KeLeaveCriticalRegion
-  - RtlCopyUnicodeString
-  - KeEnterCriticalRegion
-  - IoDeleteSymbolicLink
-  - KeSetTimerEx
-  - RtlInitUnicodeString
-  - WdfVersionBind
-  - WdfVersionUnbind
-  - WdfVersionUnbindClass
-  - WdfVersionBindClass
-  Imports:
-  - ntoskrnl.exe
-  - WDFLDR.SYS
-  InternalName: ''
-  MD5: 9258e3cb20e24a93d4afdee9f5a0299c
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 260f7e40bc974c643148b68fb181b0a0
-    SHA1: 5a6e523683ebf8f68ca7bf77fb82f7a864f21ea6
-    SHA256: df6d0f8e6ee70e468e334dd4c5439fb941c9e212ace4401ce7c02e6137b0fd53
-  SHA1: 0cca79962d9af574169f5dec12b1f4ca8e5e1868
-  SHA256: 1aa8ba45f9524847e2a36c0dc6fd80162923e88dc1be217dde2fb5894c65ff43
-  Sections:
-    .text:
-      Entropy: 5.922660949600736
-      Virtual Size: '0xc69'
-    .rdata:
-      Entropy: 3.9806608014799743
-      Virtual Size: '0x5e4'
-    .data:
-      Entropy: 0.6711643044426095
-      Virtual Size: '0x3698'
-    .pdata:
-      Entropy: 3.6075972543972052
-      Virtual Size: '0xfc'
-    INIT:
-      Entropy: 5.090213816019943
-      Virtual Size: '0x322'
-    .reloc:
-      Entropy: 3.2030559073332747
-      Virtual Size: '0x28'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Hardware Compatibility Publisher
-      ValidFrom: '2020-12-15 22:15:33'
-      ValidTo: '2021-12-02 22:15:33'
-      Signature: 0d2d53cd15a8feddcb17e2df1bf7dc1aef21e98c6cd220f58b593824849c134a0f1add59ce42ef80ddf47860273013604d9568ec5894a797bd4e571432a9aaf10ab04dd1c038b26ab7c5ca3a9c88d009267fab56254525546a0a055fb37b9cd8029c7d501809fc8b11482c7a4347b3ad29f35427c9570e87117db52cc94864259274b9e2e758f918a3af1fdb9f9d40ffa3ae2e2ae012fb97a436258642a2a4223dc6690db88103a6e5220646bd8afb3d12eb894ac28b527396a1965408487f6ab878b3c474b8c960842861ae8e799a3d2a8d6f918f50f8e26bb1ed6ced47be36e447574e8568582964ff31cd288b9c7f8d7e6a46d6c3d92f5c101fe1522a720c
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 33000000b5213fca1e4aa03de40000000000b5
-      Version: 3
-      TBS:
-        MD5: a0dd89c33c4973bf6758331e200fb6de
-        SHA1: 65ff7fa429c0f08f8a8bf30509e8ca2919d9edb5
-        SHA256: 29a7b646af062aee3bf37d1ba190211365116db7d7aa4cb87ba268843262ae47
-        SHA384: a7ac729302762483ea304ff2660a2ce2f5fa67cbbfc3f6df32a8feafa3852812c9bb8f7050140079aad1dec8119ee88e
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2012
-      ValidFrom: '2012-04-18 23:48:38'
-      ValidTo: '2027-04-18 23:58:38'
-      Signature: 5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 610baac1000000000009
-      Version: 3
-      TBS:
-        MD5: a569061297e8e824767dbc3184a69bea
-        SHA1: adbb26a587a8f44b4fccaecb306f980d1c55a150
-        SHA256: cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46
-        SHA384: e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba
-    Signer:
-    - SerialNumber: 33000000b5213fca1e4aa03de40000000000b5
-      Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2012
-      Version: 1
-  Imphash: eac62dd0c27ed557fa4b641fa4050d04
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: c57bf5199b7e785e6d1ad348a5dda6b9
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: netfilterdrv.sys
+    MachineType: ''
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
     SHA1: e74b6dda8bc53bc687fc21218bd34062a78d8467
-    SHA256: 12a636449a491ef3dc8688c5d25be9ebf785874f9c4573667eefd42139201aa4
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2021-03-17 07:05:54'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: ''
-  ImportedFunctions:
-  - FwpmFilterAdd0
-  - FwpmFilterDeleteById0
-  - FwpsAcquireClassifyHandle0
-  - FwpmCalloutAdd0
-  - FwpsCompleteClassify0
-  - FwpsAcquireWritableLayerDataPointer0
-  - FwpsApplyModifiedLayerData0
-  - FwpmSubLayerDeleteByKey0
-  - FwpmSubLayerAdd0
-  - FwpmTransactionAbort0
-  - FwpmTransactionCommit0
-  - FwpmTransactionBegin0
-  - FwpmEngineClose0
-  - FwpmEngineOpen0
-  - FwpsCalloutUnregisterById0
-  - FwpsReleaseClassifyHandle0
-  - FwpsCalloutRegister1
-  - KeInitializeEvent
-  - KeWaitForSingleObject
-  - IoAllocateIrp
-  - IofCallDriver
-  - IoCreateFile
-  - IoFreeIrp
-  - IoGetRelatedDeviceObject
-  - ObReferenceObjectByHandle
-  - ObfDereferenceObject
-  - ZwQueryInformationFile
-  - ZwSetInformationFile
-  - ZwReadFile
-  - ZwWriteFile
-  - ZwClose
-  - IoFileObjectType
-  - strchr
-  - strncat
-  - strncpy_s
-  - strstr
-  - KeResetEvent
-  - MmProbeAndLockPages
-  - MmUnlockPages
-  - IoAllocateMdl
-  - IoFreeMdl
-  - IoReuseIrp
-  - __C_specific_handler
-  - MmIsAddressValid
-  - sprintf
-  - KeEnterCriticalRegion
-  - KeLeaveCriticalRegion
-  - PsTerminateSystemThread
-  - KeSetBasePriorityThread
-  - CmUnRegisterCallback
-  - CmRegisterCallbackEx
-  - CmCallbackGetKeyObjectID
-  - strncmp
-  - strncpy
-  - wcsncmp
-  - ExAcquireSpinLockExclusive
-  - ExReleaseSpinLockExclusive
-  - RtlCreateSecurityDescriptor
-  - RtlSetDaclSecurityDescriptor
-  - KeInitializeTimerEx
-  - KeSetTimerEx
-  - PsCreateSystemThread
-  - ZwCreateKey
-  - ZwOpenKey
-  - ZwFlushKey
-  - ZwQueryValueKey
-  - ZwSetValueKey
-  - NtQueryInformationToken
-  - RtlLengthSid
-  - RtlConvertSidToUnicodeString
-  - RtlCreateAcl
-  - RtlAddAccessAllowedAce
-  - RtlSetOwnerSecurityDescriptor
-  - PsLookupProcessByProcessId
-  - ObOpenObjectByPointer
-  - ZwOpenProcessTokenEx
-  - ZwSetSecurityObject
-  - PsGetProcessImageFileName
-  - PsProcessType
-  - SeExports
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - KeSetEvent
-  - RtlFreeUnicodeString
-  - KeBugCheckEx
-  - RtlCopyUnicodeString
-  - RtlAnsiStringToUnicodeString
-  - RtlInitUnicodeString
-  - RtlInitAnsiString
-  - WskCaptureProviderNPI
-  - WskReleaseProviderNPI
-  - WskDeregister
-  - WskRegister
-  - WdfVersionBind
-  - WdfVersionBindClass
-  - WdfVersionUnbindClass
-  - WdfVersionUnbind
-  Imports:
-  - fwpkclnt.sys
-  - ntoskrnl.exe
-  - NETIO.SYS
-  - WDFLDR.SYS
-  InternalName: ''
-  MD5: 916ba55fc004b85939ee0cc86a5191c5
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  PDBPath: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: a47d93f02dee54ad56542d814d001142
-    SHA1: 2d6f2588a47d00c1c29caf3788c526b269336c9f
-    SHA256: bbb6ea1f1094dc888e550580580a36bd7037614d3cd2e82f9ebbe8603b2ef205
-  SHA1: 8788f4b39cbf037270904bdb8118c8b037ee6562
-  SHA256: 115034373fc0ec8f75fb075b7a7011b603259ecc0aca271445e559b5404a1406
-  Sections:
-    .text:
-      Entropy: 6.344598891563977
-      Virtual Size: '0x67d8'
-    .rdata:
-      Entropy: 4.678454190583274
-      Virtual Size: '0x11ac'
-    .data:
-      Entropy: 1.4664164031598028
-      Virtual Size: '0x9468'
-    .pdata:
-      Entropy: 4.37900773562117
-      Virtual Size: '0x5f4'
-    INIT:
-      Entropy: 5.255249066470295
-      Virtual Size: '0xc3a'
-    .reloc:
-      Entropy: 3.7366309574076895
-      Virtual Size: '0x3c'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Hardware Compatibility Publisher
-      ValidFrom: '2020-12-15 22:15:33'
-      ValidTo: '2021-12-02 22:15:33'
-      Signature: 0d2d53cd15a8feddcb17e2df1bf7dc1aef21e98c6cd220f58b593824849c134a0f1add59ce42ef80ddf47860273013604d9568ec5894a797bd4e571432a9aaf10ab04dd1c038b26ab7c5ca3a9c88d009267fab56254525546a0a055fb37b9cd8029c7d501809fc8b11482c7a4347b3ad29f35427c9570e87117db52cc94864259274b9e2e758f918a3af1fdb9f9d40ffa3ae2e2ae012fb97a436258642a2a4223dc6690db88103a6e5220646bd8afb3d12eb894ac28b527396a1965408487f6ab878b3c474b8c960842861ae8e799a3d2a8d6f918f50f8e26bb1ed6ced47be36e447574e8568582964ff31cd288b9c7f8d7e6a46d6c3d92f5c101fe1522a720c
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 33000000b5213fca1e4aa03de40000000000b5
-      Version: 3
-      TBS:
-        MD5: a0dd89c33c4973bf6758331e200fb6de
-        SHA1: 65ff7fa429c0f08f8a8bf30509e8ca2919d9edb5
-        SHA256: 29a7b646af062aee3bf37d1ba190211365116db7d7aa4cb87ba268843262ae47
-        SHA384: a7ac729302762483ea304ff2660a2ce2f5fa67cbbfc3f6df32a8feafa3852812c9bb8f7050140079aad1dec8119ee88e
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2012
-      ValidFrom: '2012-04-18 23:48:38'
-      ValidTo: '2027-04-18 23:58:38'
-      Signature: 5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 610baac1000000000009
-      Version: 3
-      TBS:
-        MD5: a569061297e8e824767dbc3184a69bea
-        SHA1: adbb26a587a8f44b4fccaecb306f980d1c55a150
-        SHA256: cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46
-        SHA384: e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba
-    Signer:
-    - SerialNumber: 33000000b5213fca1e4aa03de40000000000b5
-      Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2012
-      Version: 1
-  Imphash: e938b727f5a033818337f7ba0584500f
-  LoadsDespiteHVCI: 'FALSE'
-MitreID: T1068
-Resources:
-- https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules
-Tags:
-- netfilterdrv.sys
-Verified: 'TRUE'
+    Signature: []
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: netfilterdrv.sys
+    MachineType: ''
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: 2c27abbbbcf10dfb75ad79557e30ace5ed314df8
+    Signature: []
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 66257018e5d6ab9266c67b93110b62d6
+        SHA1: fd8a340cd071bc98e6eeac9bbd4ac8a78688bc17
+        SHA256: 84df20b1d9d87e305c92e5ffae21b10b325609d59d835a954dbd8750ef5dabf4
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2021-05-15 01:03:51'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - ZwClose
+    - KeSetBasePriorityThread
+    - KeInitializeEvent
+    - PsTerminateSystemThread
+    - KeSetEvent
+    - KeInitializeTimerEx
+    - KeSetTimerEx
+    - KeWaitForSingleObject
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - PsCreateSystemThread
+    - MmIsAddressValid
+    - KeLeaveCriticalRegion
+    - RtlCopyUnicodeString
+    - KeEnterCriticalRegion
+    - IoDeleteSymbolicLink
+    - RtlInitUnicodeString
+    - WdfVersionBind
+    - WdfVersionUnbind
+    - WdfVersionUnbindClass
+    - WdfVersionBindClass
+    Imports:
+    - ntoskrnl.exe
+    - WDFLDR.SYS
+    InternalName: ''
+    MD5: 6133e1008f8c6fc32d4b1a60941bab85
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 18a0f8b968cb4f912598bef50726cda5
+        SHA1: 41e70a84e3eb08e4cc7f7369dd454dd63a3c4aec
+        SHA256: f2fa2e301684948585c5d62d695075ab8f33d2256621d54f262c375fd4a07e97
+    SHA1: 108439a4c4508e8dca659905128a4633d8851fd9
+    SHA256: 5bdba1561ec5b23b1d56ea8cee411147d1526595f03a9281166a563b3641fa2a
+    Sections:
+        .text:
+            Entropy: 5.848599003485273
+            Virtual Size: '0xb6c'
+        .rdata:
+            Entropy: 3.8445919290404915
+            Virtual Size: '0x5dc'
+        .data:
+            Entropy: 0.6185079451479871
+            Virtual Size: '0xf88'
+        .pdata:
+            Entropy: 3.4552362597357438
+            Virtual Size: '0xfc'
+        INIT:
+            Entropy: 5.06210191753448
+            Virtual Size: '0x334'
+        .reloc:
+            Entropy: 3.0816870830264413
+            Virtual Size: '0x28'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Hardware Compatibility Publisher
+            ValidFrom: '2020-12-15 22:15:33'
+            ValidTo: '2021-12-02 22:15:33'
+            Signature: 0d2d53cd15a8feddcb17e2df1bf7dc1aef21e98c6cd220f58b593824849c134a0f1add59ce42ef80ddf47860273013604d9568ec5894a797bd4e571432a9aaf10ab04dd1c038b26ab7c5ca3a9c88d009267fab56254525546a0a055fb37b9cd8029c7d501809fc8b11482c7a4347b3ad29f35427c9570e87117db52cc94864259274b9e2e758f918a3af1fdb9f9d40ffa3ae2e2ae012fb97a436258642a2a4223dc6690db88103a6e5220646bd8afb3d12eb894ac28b527396a1965408487f6ab878b3c474b8c960842861ae8e799a3d2a8d6f918f50f8e26bb1ed6ced47be36e447574e8568582964ff31cd288b9c7f8d7e6a46d6c3d92f5c101fe1522a720c
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 33000000b5213fca1e4aa03de40000000000b5
+            Version: 3
+            TBS:
+                MD5: a0dd89c33c4973bf6758331e200fb6de
+                SHA1: 65ff7fa429c0f08f8a8bf30509e8ca2919d9edb5
+                SHA256: 29a7b646af062aee3bf37d1ba190211365116db7d7aa4cb87ba268843262ae47
+                SHA384: a7ac729302762483ea304ff2660a2ce2f5fa67cbbfc3f6df32a8feafa3852812c9bb8f7050140079aad1dec8119ee88e
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2012
+            ValidFrom: '2012-04-18 23:48:38'
+            ValidTo: '2027-04-18 23:58:38'
+            Signature: 5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 610baac1000000000009
+            Version: 3
+            TBS:
+                MD5: a569061297e8e824767dbc3184a69bea
+                SHA1: adbb26a587a8f44b4fccaecb306f980d1c55a150
+                SHA256: cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46
+                SHA384: e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba
+        Signer:
+        -   SerialNumber: 33000000b5213fca1e4aa03de40000000000b5
+            Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2012
+            Version: 1
+    Imphash: d14ea0e632fc8485d77e7eba3c4d4537
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: e03a070a426b0c2de53ea23bfc76086b
+        SHA1: 202d5a05e546740037f9a4dc2b21f71680c39d3b
+        SHA256: 0391107305d76eb9ddf1a5b3b3c50da361e8ab35b573dbd19bf9383436b9303e
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2021-04-09 00:29:46'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - FwpsAcquireClassifyHandle0
+    - FwpsReleaseClassifyHandle0
+    - FwpmFilterDeleteById0
+    - FwpsAcquireWritableLayerDataPointer0
+    - FwpsApplyModifiedLayerData0
+    - FwpmFilterAdd0
+    - FwpmCalloutAdd0
+    - FwpmSubLayerDeleteByKey0
+    - FwpmSubLayerAdd0
+    - FwpmTransactionAbort0
+    - FwpmTransactionCommit0
+    - FwpmTransactionBegin0
+    - FwpmEngineClose0
+    - FwpmEngineOpen0
+    - FwpsCalloutUnregisterById0
+    - FwpsCompleteClassify0
+    - FwpsCalloutRegister1
+    - memcpy
+    - KeGetCurrentThread
+    - KeInitializeEvent
+    - KeWaitForSingleObject
+    - IoAllocateIrp
+    - IofCallDriver
+    - IoCreateFile
+    - IoFreeIrp
+    - IoGetRelatedDeviceObject
+    - ObReferenceObjectByHandle
+    - ObfDereferenceObject
+    - ZwQueryInformationFile
+    - ZwSetInformationFile
+    - ZwReadFile
+    - ZwWriteFile
+    - ZwClose
+    - IoFileObjectType
+    - strchr
+    - strncat
+    - strncpy_s
+    - KeResetEvent
+    - MmProbeAndLockPages
+    - MmUnlockPages
+    - IoAllocateMdl
+    - IoFreeMdl
+    - IoReuseIrp
+    - memset
+    - sprintf
+    - KeEnterCriticalRegion
+    - KeLeaveCriticalRegion
+    - PsTerminateSystemThread
+    - KeSetBasePriorityThread
+    - CmUnRegisterCallback
+    - CmRegisterCallbackEx
+    - CmCallbackGetKeyObjectID
+    - strncmp
+    - strncpy
+    - wcsncmp
+    - ExAcquireSpinLockExclusive
+    - ExReleaseSpinLockExclusive
+    - RtlCreateSecurityDescriptor
+    - RtlSetDaclSecurityDescriptor
+    - KeInitializeTimerEx
+    - KeSetTimerEx
+    - PsCreateSystemThread
+    - ZwCreateKey
+    - ZwOpenKey
+    - ZwFlushKey
+    - ZwQueryValueKey
+    - ZwSetValueKey
+    - NtQueryInformationToken
+    - RtlLengthSid
+    - RtlConvertSidToUnicodeString
+    - RtlCreateAcl
+    - RtlAddAccessAllowedAce
+    - RtlSetOwnerSecurityDescriptor
+    - PsLookupProcessByProcessId
+    - ObOpenObjectByPointer
+    - ZwOpenProcessTokenEx
+    - ZwSetSecurityObject
+    - PsGetProcessImageFileName
+    - _allmul
+    - PsProcessType
+    - SeExports
+    - IoDeleteSymbolicLink
+    - RtlUnwind
+    - MmIsAddressValid
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - KeSetEvent
+    - RtlFreeUnicodeString
+    - KeBugCheckEx
+    - RtlAnsiStringToUnicodeString
+    - RtlCopyUnicodeString
+    - RtlInitUnicodeString
+    - RtlInitAnsiString
+    - strstr
+    - WskDeregister
+    - WskReleaseProviderNPI
+    - WskCaptureProviderNPI
+    - WskRegister
+    - KeGetCurrentIrql
+    - WdfVersionBind
+    - WdfVersionBindClass
+    - WdfVersionUnbindClass
+    - WdfVersionUnbind
+    Imports:
+    - fwpkclnt.sys
+    - ntoskrnl.exe
+    - NETIO.SYS
+    - HAL.dll
+    - WDFLDR.SYS
+    InternalName: ''
+    MD5: e04ff937f6fd273b774f23aed5dd8c13
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 48c184eea90f0f9d8a01e83867866680
+        SHA1: fadd2ab2dd0e54dd2328f37e313b3a7f50f58391
+        SHA256: a918abac8859e89b8f2d620f60f54921e2f156a401cfe171a609326331f60635
+    SHA1: 655a9487d7a935322e19bb92d2465849055d029d
+    SHA256: c8926e31be2d1355e542793af8ff9ccc4d1d60cae40c9564b2400dd4e1090bda
+    Sections:
+        .text:
+            Entropy: 6.564030296364231
+            Virtual Size: '0x5b62'
+        .rdata:
+            Entropy: 4.44659940311796
+            Virtual Size: '0x8c4'
+        .data:
+            Entropy: 1.2415415090465123
+            Virtual Size: '0x6f40'
+        INIT:
+            Entropy: 5.541103554795583
+            Virtual Size: '0xae6'
+        .reloc:
+            Entropy: 6.652737807428317
+            Virtual Size: '0x5e4'
+    Signature: ''
+    Signatures: {}
+    Imphash: 518e77c070ae21af7c558962cd1854a3
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 9ade8d34c15a3b675fbdb13522fb3607
+        SHA1: e5a152bb57060c2b27e825258698bd7ff67907ff
+        SHA256: 7113dee11925b346192f6ee5441974db7d1fe9b5be1497a6b295c06930fdd264
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2021-03-27 02:40:44'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - FwpsAcquireClassifyHandle0
+    - FwpsReleaseClassifyHandle0
+    - FwpmFilterDeleteById0
+    - FwpsAcquireWritableLayerDataPointer0
+    - FwpsApplyModifiedLayerData0
+    - FwpmFilterAdd0
+    - FwpmCalloutAdd0
+    - FwpmSubLayerDeleteByKey0
+    - FwpmSubLayerAdd0
+    - FwpmTransactionAbort0
+    - FwpmTransactionCommit0
+    - FwpmTransactionBegin0
+    - FwpmEngineClose0
+    - FwpmEngineOpen0
+    - FwpsCalloutUnregisterById0
+    - FwpsCompleteClassify0
+    - FwpsCalloutRegister1
+    - KeGetCurrentThread
+    - KeInitializeEvent
+    - KeWaitForSingleObject
+    - IoAllocateIrp
+    - IofCallDriver
+    - IoCreateFile
+    - IoFreeIrp
+    - IoGetRelatedDeviceObject
+    - ObReferenceObjectByHandle
+    - ObfDereferenceObject
+    - ZwQueryInformationFile
+    - ZwSetInformationFile
+    - ZwReadFile
+    - ZwWriteFile
+    - ZwClose
+    - IoFileObjectType
+    - strchr
+    - strncat
+    - strncpy_s
+    - strstr
+    - KeResetEvent
+    - MmProbeAndLockPages
+    - MmUnlockPages
+    - IoAllocateMdl
+    - IoFreeMdl
+    - IoReuseIrp
+    - IoDeleteSymbolicLink
+    - sprintf
+    - KeEnterCriticalRegion
+    - KeLeaveCriticalRegion
+    - PsTerminateSystemThread
+    - KeSetBasePriorityThread
+    - CmUnRegisterCallback
+    - CmRegisterCallbackEx
+    - CmCallbackGetKeyObjectID
+    - strncmp
+    - strncpy
+    - wcsncmp
+    - ExAcquireSpinLockExclusive
+    - ExReleaseSpinLockExclusive
+    - RtlCreateSecurityDescriptor
+    - RtlSetDaclSecurityDescriptor
+    - KeInitializeTimerEx
+    - KeSetTimerEx
+    - PsCreateSystemThread
+    - ZwCreateKey
+    - ZwOpenKey
+    - ZwFlushKey
+    - ZwQueryValueKey
+    - ZwSetValueKey
+    - NtQueryInformationToken
+    - RtlLengthSid
+    - RtlConvertSidToUnicodeString
+    - RtlCreateAcl
+    - RtlAddAccessAllowedAce
+    - RtlSetOwnerSecurityDescriptor
+    - PsLookupProcessByProcessId
+    - ObOpenObjectByPointer
+    - ZwOpenProcessTokenEx
+    - ZwSetSecurityObject
+    - PsGetProcessImageFileName
+    - _allmul
+    - PsProcessType
+    - SeExports
+    - memcpy
+    - RtlUnwind
+    - memset
+    - MmIsAddressValid
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - KeSetEvent
+    - KeBugCheckEx
+    - RtlFreeUnicodeString
+    - RtlCopyUnicodeString
+    - RtlAnsiStringToUnicodeString
+    - RtlInitUnicodeString
+    - RtlInitAnsiString
+    - WskDeregister
+    - WskReleaseProviderNPI
+    - WskCaptureProviderNPI
+    - WskRegister
+    - KeGetCurrentIrql
+    - WdfVersionBind
+    - WdfVersionBindClass
+    - WdfVersionUnbindClass
+    - WdfVersionUnbind
+    Imports:
+    - fwpkclnt.sys
+    - ntoskrnl.exe
+    - NETIO.SYS
+    - HAL.dll
+    - WDFLDR.SYS
+    InternalName: ''
+    MD5: e65fa439efa9e5ad1d2c9aee40c7238e
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: e78033e3940227ef529f8a8c84025c5c
+        SHA1: aef9cac4f326b7e9ddab651d1afe738e8f424e0d
+        SHA256: d32fce59ec211d0c8774e2778437271bfb431c68a6ff3d42b1d37219cce7e934
+    SHA1: 1c3f2579310ddd7ae09ce9ca1cc537a771b83c9f
+    SHA256: 70b63dfc3ed2b89a4eb8a0aa6c26885f460e5686d21c9d32413df0cdc5f962c7
+    Sections:
+        .text:
+            Entropy: 6.594332216216938
+            Virtual Size: '0x569e'
+        .rdata:
+            Entropy: 4.499737117203536
+            Virtual Size: '0x8dc'
+        .data:
+            Entropy: 1.2232140216567502
+            Virtual Size: '0x6d38'
+        INIT:
+            Entropy: 5.5462767634898
+            Virtual Size: '0xae6'
+        .reloc:
+            Entropy: 6.625214369147053
+            Virtual Size: '0x5e0'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Hardware Compatibility Publisher
+            ValidFrom: '2020-12-15 22:15:33'
+            ValidTo: '2021-12-02 22:15:33'
+            Signature: 0d2d53cd15a8feddcb17e2df1bf7dc1aef21e98c6cd220f58b593824849c134a0f1add59ce42ef80ddf47860273013604d9568ec5894a797bd4e571432a9aaf10ab04dd1c038b26ab7c5ca3a9c88d009267fab56254525546a0a055fb37b9cd8029c7d501809fc8b11482c7a4347b3ad29f35427c9570e87117db52cc94864259274b9e2e758f918a3af1fdb9f9d40ffa3ae2e2ae012fb97a436258642a2a4223dc6690db88103a6e5220646bd8afb3d12eb894ac28b527396a1965408487f6ab878b3c474b8c960842861ae8e799a3d2a8d6f918f50f8e26bb1ed6ced47be36e447574e8568582964ff31cd288b9c7f8d7e6a46d6c3d92f5c101fe1522a720c
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 33000000b5213fca1e4aa03de40000000000b5
+            Version: 3
+            TBS:
+                MD5: a0dd89c33c4973bf6758331e200fb6de
+                SHA1: 65ff7fa429c0f08f8a8bf30509e8ca2919d9edb5
+                SHA256: 29a7b646af062aee3bf37d1ba190211365116db7d7aa4cb87ba268843262ae47
+                SHA384: a7ac729302762483ea304ff2660a2ce2f5fa67cbbfc3f6df32a8feafa3852812c9bb8f7050140079aad1dec8119ee88e
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2012
+            ValidFrom: '2012-04-18 23:48:38'
+            ValidTo: '2027-04-18 23:58:38'
+            Signature: 5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 610baac1000000000009
+            Version: 3
+            TBS:
+                MD5: a569061297e8e824767dbc3184a69bea
+                SHA1: adbb26a587a8f44b4fccaecb306f980d1c55a150
+                SHA256: cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46
+                SHA384: e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba
+        Signer:
+        -   SerialNumber: 33000000b5213fca1e4aa03de40000000000b5
+            Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2012
+            Version: 1
+    Imphash: 9321f9c47129fbc728ead2710e22f1a5
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 1abe3c9e3bf2b93b6674b79f3ebabe7f
+        SHA1: 61258963d900c2a39408ef4b51f69f405f55e407
+        SHA256: 455bc98ba32adab8b47d2d89bdbadca4910f91c182ab2fc3211ba07d3784537b
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2021-04-18 05:19:48'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - KeSetBasePriorityThread
+    - KeInitializeEvent
+    - KeSetEvent
+    - KeInitializeTimerEx
+    - PsTerminateSystemThread
+    - KeWaitForSingleObject
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - PsCreateSystemThread
+    - MmIsAddressValid
+    - KeLeaveCriticalRegion
+    - RtlCopyUnicodeString
+    - KeEnterCriticalRegion
+    - IoDeleteSymbolicLink
+    - KeSetTimerEx
+    - RtlInitUnicodeString
+    - WdfVersionBind
+    - WdfVersionUnbind
+    - WdfVersionUnbindClass
+    - WdfVersionBindClass
+    Imports:
+    - ntoskrnl.exe
+    - WDFLDR.SYS
+    InternalName: ''
+    MD5: 9258e3cb20e24a93d4afdee9f5a0299c
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 260f7e40bc974c643148b68fb181b0a0
+        SHA1: 5a6e523683ebf8f68ca7bf77fb82f7a864f21ea6
+        SHA256: df6d0f8e6ee70e468e334dd4c5439fb941c9e212ace4401ce7c02e6137b0fd53
+    SHA1: 0cca79962d9af574169f5dec12b1f4ca8e5e1868
+    SHA256: 1aa8ba45f9524847e2a36c0dc6fd80162923e88dc1be217dde2fb5894c65ff43
+    Sections:
+        .text:
+            Entropy: 5.922660949600736
+            Virtual Size: '0xc69'
+        .rdata:
+            Entropy: 3.9806608014799743
+            Virtual Size: '0x5e4'
+        .data:
+            Entropy: 0.6711643044426095
+            Virtual Size: '0x3698'
+        .pdata:
+            Entropy: 3.6075972543972052
+            Virtual Size: '0xfc'
+        INIT:
+            Entropy: 5.090213816019943
+            Virtual Size: '0x322'
+        .reloc:
+            Entropy: 3.2030559073332747
+            Virtual Size: '0x28'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Hardware Compatibility Publisher
+            ValidFrom: '2020-12-15 22:15:33'
+            ValidTo: '2021-12-02 22:15:33'
+            Signature: 0d2d53cd15a8feddcb17e2df1bf7dc1aef21e98c6cd220f58b593824849c134a0f1add59ce42ef80ddf47860273013604d9568ec5894a797bd4e571432a9aaf10ab04dd1c038b26ab7c5ca3a9c88d009267fab56254525546a0a055fb37b9cd8029c7d501809fc8b11482c7a4347b3ad29f35427c9570e87117db52cc94864259274b9e2e758f918a3af1fdb9f9d40ffa3ae2e2ae012fb97a436258642a2a4223dc6690db88103a6e5220646bd8afb3d12eb894ac28b527396a1965408487f6ab878b3c474b8c960842861ae8e799a3d2a8d6f918f50f8e26bb1ed6ced47be36e447574e8568582964ff31cd288b9c7f8d7e6a46d6c3d92f5c101fe1522a720c
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 33000000b5213fca1e4aa03de40000000000b5
+            Version: 3
+            TBS:
+                MD5: a0dd89c33c4973bf6758331e200fb6de
+                SHA1: 65ff7fa429c0f08f8a8bf30509e8ca2919d9edb5
+                SHA256: 29a7b646af062aee3bf37d1ba190211365116db7d7aa4cb87ba268843262ae47
+                SHA384: a7ac729302762483ea304ff2660a2ce2f5fa67cbbfc3f6df32a8feafa3852812c9bb8f7050140079aad1dec8119ee88e
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2012
+            ValidFrom: '2012-04-18 23:48:38'
+            ValidTo: '2027-04-18 23:58:38'
+            Signature: 5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 610baac1000000000009
+            Version: 3
+            TBS:
+                MD5: a569061297e8e824767dbc3184a69bea
+                SHA1: adbb26a587a8f44b4fccaecb306f980d1c55a150
+                SHA256: cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46
+                SHA384: e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba
+        Signer:
+        -   SerialNumber: 33000000b5213fca1e4aa03de40000000000b5
+            Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2012
+            Version: 1
+    Imphash: eac62dd0c27ed557fa4b641fa4050d04
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: c57bf5199b7e785e6d1ad348a5dda6b9
+        SHA1: e74b6dda8bc53bc687fc21218bd34062a78d8467
+        SHA256: 12a636449a491ef3dc8688c5d25be9ebf785874f9c4573667eefd42139201aa4
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2021-03-17 07:05:54'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: ''
+    ImportedFunctions:
+    - FwpmFilterAdd0
+    - FwpmFilterDeleteById0
+    - FwpsAcquireClassifyHandle0
+    - FwpmCalloutAdd0
+    - FwpsCompleteClassify0
+    - FwpsAcquireWritableLayerDataPointer0
+    - FwpsApplyModifiedLayerData0
+    - FwpmSubLayerDeleteByKey0
+    - FwpmSubLayerAdd0
+    - FwpmTransactionAbort0
+    - FwpmTransactionCommit0
+    - FwpmTransactionBegin0
+    - FwpmEngineClose0
+    - FwpmEngineOpen0
+    - FwpsCalloutUnregisterById0
+    - FwpsReleaseClassifyHandle0
+    - FwpsCalloutRegister1
+    - KeInitializeEvent
+    - KeWaitForSingleObject
+    - IoAllocateIrp
+    - IofCallDriver
+    - IoCreateFile
+    - IoFreeIrp
+    - IoGetRelatedDeviceObject
+    - ObReferenceObjectByHandle
+    - ObfDereferenceObject
+    - ZwQueryInformationFile
+    - ZwSetInformationFile
+    - ZwReadFile
+    - ZwWriteFile
+    - ZwClose
+    - IoFileObjectType
+    - strchr
+    - strncat
+    - strncpy_s
+    - strstr
+    - KeResetEvent
+    - MmProbeAndLockPages
+    - MmUnlockPages
+    - IoAllocateMdl
+    - IoFreeMdl
+    - IoReuseIrp
+    - __C_specific_handler
+    - MmIsAddressValid
+    - sprintf
+    - KeEnterCriticalRegion
+    - KeLeaveCriticalRegion
+    - PsTerminateSystemThread
+    - KeSetBasePriorityThread
+    - CmUnRegisterCallback
+    - CmRegisterCallbackEx
+    - CmCallbackGetKeyObjectID
+    - strncmp
+    - strncpy
+    - wcsncmp
+    - ExAcquireSpinLockExclusive
+    - ExReleaseSpinLockExclusive
+    - RtlCreateSecurityDescriptor
+    - RtlSetDaclSecurityDescriptor
+    - KeInitializeTimerEx
+    - KeSetTimerEx
+    - PsCreateSystemThread
+    - ZwCreateKey
+    - ZwOpenKey
+    - ZwFlushKey
+    - ZwQueryValueKey
+    - ZwSetValueKey
+    - NtQueryInformationToken
+    - RtlLengthSid
+    - RtlConvertSidToUnicodeString
+    - RtlCreateAcl
+    - RtlAddAccessAllowedAce
+    - RtlSetOwnerSecurityDescriptor
+    - PsLookupProcessByProcessId
+    - ObOpenObjectByPointer
+    - ZwOpenProcessTokenEx
+    - ZwSetSecurityObject
+    - PsGetProcessImageFileName
+    - PsProcessType
+    - SeExports
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - KeSetEvent
+    - RtlFreeUnicodeString
+    - KeBugCheckEx
+    - RtlCopyUnicodeString
+    - RtlAnsiStringToUnicodeString
+    - RtlInitUnicodeString
+    - RtlInitAnsiString
+    - WskCaptureProviderNPI
+    - WskReleaseProviderNPI
+    - WskDeregister
+    - WskRegister
+    - WdfVersionBind
+    - WdfVersionBindClass
+    - WdfVersionUnbindClass
+    - WdfVersionUnbind
+    Imports:
+    - fwpkclnt.sys
+    - ntoskrnl.exe
+    - NETIO.SYS
+    - WDFLDR.SYS
+    InternalName: ''
+    MD5: 916ba55fc004b85939ee0cc86a5191c5
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    PDBPath: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: a47d93f02dee54ad56542d814d001142
+        SHA1: 2d6f2588a47d00c1c29caf3788c526b269336c9f
+        SHA256: bbb6ea1f1094dc888e550580580a36bd7037614d3cd2e82f9ebbe8603b2ef205
+    SHA1: 8788f4b39cbf037270904bdb8118c8b037ee6562
+    SHA256: 115034373fc0ec8f75fb075b7a7011b603259ecc0aca271445e559b5404a1406
+    Sections:
+        .text:
+            Entropy: 6.344598891563977
+            Virtual Size: '0x67d8'
+        .rdata:
+            Entropy: 4.678454190583274
+            Virtual Size: '0x11ac'
+        .data:
+            Entropy: 1.4664164031598028
+            Virtual Size: '0x9468'
+        .pdata:
+            Entropy: 4.37900773562117
+            Virtual Size: '0x5f4'
+        INIT:
+            Entropy: 5.255249066470295
+            Virtual Size: '0xc3a'
+        .reloc:
+            Entropy: 3.7366309574076895
+            Virtual Size: '0x3c'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Hardware Compatibility Publisher
+            ValidFrom: '2020-12-15 22:15:33'
+            ValidTo: '2021-12-02 22:15:33'
+            Signature: 0d2d53cd15a8feddcb17e2df1bf7dc1aef21e98c6cd220f58b593824849c134a0f1add59ce42ef80ddf47860273013604d9568ec5894a797bd4e571432a9aaf10ab04dd1c038b26ab7c5ca3a9c88d009267fab56254525546a0a055fb37b9cd8029c7d501809fc8b11482c7a4347b3ad29f35427c9570e87117db52cc94864259274b9e2e758f918a3af1fdb9f9d40ffa3ae2e2ae012fb97a436258642a2a4223dc6690db88103a6e5220646bd8afb3d12eb894ac28b527396a1965408487f6ab878b3c474b8c960842861ae8e799a3d2a8d6f918f50f8e26bb1ed6ced47be36e447574e8568582964ff31cd288b9c7f8d7e6a46d6c3d92f5c101fe1522a720c
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 33000000b5213fca1e4aa03de40000000000b5
+            Version: 3
+            TBS:
+                MD5: a0dd89c33c4973bf6758331e200fb6de
+                SHA1: 65ff7fa429c0f08f8a8bf30509e8ca2919d9edb5
+                SHA256: 29a7b646af062aee3bf37d1ba190211365116db7d7aa4cb87ba268843262ae47
+                SHA384: a7ac729302762483ea304ff2660a2ce2f5fa67cbbfc3f6df32a8feafa3852812c9bb8f7050140079aad1dec8119ee88e
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2012
+            ValidFrom: '2012-04-18 23:48:38'
+            ValidTo: '2027-04-18 23:58:38'
+            Signature: 5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 610baac1000000000009
+            Version: 3
+            TBS:
+                MD5: a569061297e8e824767dbc3184a69bea
+                SHA1: adbb26a587a8f44b4fccaecb306f980d1c55a150
+                SHA256: cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46
+                SHA384: e947cac936803f5683196e4ff1b259096073395d0b908522ddce90d57597c9f7b57f7ddcdbe021ba863d843c340da8ba
+        Signer:
+        -   SerialNumber: 33000000b5213fca1e4aa03de40000000000b5
+            Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2012
+            Version: 1
+    Imphash: e938b727f5a033818337f7ba0584500f
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/f22e7230-5f32-4c4e-bc9d-9076ebf10baa.yaml b/yaml/f22e7230-5f32-4c4e-bc9d-9076ebf10baa.yaml
index 4a20ca991..0f55f7700 100644
--- a/yaml/f22e7230-5f32-4c4e-bc9d-9076ebf10baa.yaml
+++ b/yaml/f22e7230-5f32-4c4e-bc9d-9076ebf10baa.yaml
@@ -1,404 +1,404 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: f22e7230-5f32-4c4e-bc9d-9076ebf10baa
+Tags:
+- VBoxTAP.sys
+Verified: 'TRUE'
 Author: Michael Haag
+Created: '2023-07-22'
+MitreID: T1068
 CVE:
 - ''
 Category: vulnerable drivers
 Commands:
-  Command: ''
-  Description: Confirmed vulnerable driver from Microsoft Block List
-  OperatingSystem: Windows
-  Privileges: kernel
-  Usecase: Elevate privileges
-Created: '2023-07-22'
-Detection:
-- type: ''
-  value: ''
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: f22e7230-5f32-4c4e-bc9d-9076ebf10baa
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 0fbb326913f5473846836039def3d5bc
-    SHA1: fbce0fae387aeb93049a0975839ec96be3e9e87b
-    SHA256: f020137cb08f86c48810780209a3f4a1fac361ed089ade61c1b5d6c64ded7872
-  Company: innotek GmbH
-  Copyright: innotek GmbH & Others
-  CreationTimestamp: '2007-12-29 01:25:14'
-  Date: ''
-  Description: VirtualBox Host Interface Networking Driver
-  ExportedFunctions: ''
-  FileVersion: 8/2
-  Filename: ''
-  ImportedFunctions:
-  - RtlFreeUnicodeString
-  - IofCompleteRequest
-  - RtlFreeAnsiString
-  - RtlUnicodeStringToAnsiString
-  - RtlAnsiStringToUnicodeString
-  - KeInitializeSpinLock
-  - IoAllocateMdl
-  - MmProbeAndLockPages
-  - MmMapLockedPagesSpecifyCache
-  - MmUnlockPages
-  - IoFreeMdl
-  - MmMapLockedPages
-  - RtlCreateSecurityDescriptor
-  - ZwOpenFile
-  - ZwSetSecurityObject
-  - ZwClose
-  - _except_handler3
-  - IoReleaseCancelSpinLock
-  - RtlUnicodeToMultiByteN
-  - RtlAnsiCharToUnicodeChar
-  - KeTickCount
-  - KeBugCheckEx
-  - KfAcquireSpinLock
-  - KfReleaseSpinLock
-  - KeGetCurrentIrql
-  - NdisMRegisterMiniport
-  - NdisTerminateWrapper
-  - NdisMRegisterUnloadHandler
-  - NdisMSetAttributesEx
-  - NdisMRegisterAdapterShutdownHandler
-  - NdisOpenConfiguration
-  - NdisReadConfiguration
-  - NdisCloseConfiguration
-  - NdisMRegisterDevice
-  - NdisMDeregisterDevice
-  - NdisMDeregisterAdapterShutdownHandler
-  - NdisMSleep
-  - NdisFreeMemory
-  - NdisAllocateMemoryWithTag
-  - NdisInitializeWrapper
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  - NDIS.SYS
-  InternalName: VBoxTAP.sys
-  MD5: 298f30c20c6b2b5b56f9946fb4e6f85a
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: VBoxTAP.sys
-  PDBPath: ''
-  Product: VirtualBox Host Interface Networking Driver
-  ProductVersion: 8/2
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 0185dad5be094ff48eb2b120716019b2
-    SHA1: f4ffac92065304d5681677a851fff39fb99da34e
-    SHA256: a9486d778008cc5838da6a0d4b3265e05ed71d5361ef4863698e6d0d87959fed
-  SHA1: ab7f8de9c8ba5fc8692e02f3ae4548cd08ddb17d
-  SHA256: 994f322def98c99aec7ea0036ef5f4b802120458782ae3867d116d55215c56e4
-  Sections:
-    .text:
-      Entropy: 6.4726131591031075
-      Virtual Size: '0x79ac'
-    .rdata:
-      Entropy: 3.266802862287294
-      Virtual Size: '0x844'
-    .data:
-      Entropy: 4.87905427246399
-      Virtual Size: '0xab8'
-    INIT:
-      Entropy: 5.82434285801796
-      Virtual Size: '0x62e'
-    .rsrc:
-      Entropy: 3.300772104333135
-      Virtual Size: '0x390'
-    .reloc:
-      Entropy: 6.184220326704345
-      Virtual Size: '0x454'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=DE, O=InnoTek Systemberatung GmbH, CN=InnoTek Systemberatung GmbH,
-        emailAddress=info@innotek.de
-      ValidFrom: '2007-01-09 12:35:15'
-      ValidTo: '2008-01-09 12:35:15'
-      Signature: afdad3534508399d12ede2f611e2d0eeb79cddeb8193638a13865632fad7e8c879fa7dc83a9731e81f85ceb8bf6ef42b257af4b265a03fa7b445ea06869fda28efe2e0642c277fcb46d1e3d14394a70872581cff992979238c319514f6665e7906c738d7152ce8ae0e5660392ed454ef57309d41a139f32e4ef4ecd1fe9c8560da48ab88522492523bf103ca8a47d3ac853fd6d3502788ef56a107baa0a7335e25dca7dc2aa6456240144ba583c206ec308ba5b04c1be2229126c4d817e723ca2b8eb36d692329e7372e0dc4d78d82ace182d44856e88163ef041e16b415ab851b2dba181948f3c92fbaad952e41e7922e7e5354687f63204e6c76455b01ab5c
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0100000000011006daed6b
-      Version: 3
-      TBS:
-        MD5: bfbe9f4dc7264d47b48dbc2ec48aa897
-        SHA1: 699c3e67f349f262426097a4c9320951f0d56e8f
-        SHA256: 785b2e779c33465eaba8a6326a40af1ff990d22a5493b55ce3c1f3aa04f3b3e2
-        SHA384: 3178625856310ac3802a36f337bf9af1e2b62fbc7881221390cbd8f2e1be0f8d82c165dba90745f99c09c0bad2eced79
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
-        Primary Object Publishing CA
-      ValidFrom: '1999-01-28 12:00:00'
-      ValidTo: '2014-01-27 11:00:00'
-      Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9611cd6
-      Version: 3
-      TBS:
-        MD5: 698f075151097d84c0b1f3e7bc3d6fca
-        SHA1: 041750993d7c9e063f02dfe74699598640911aab
-        SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
-        SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      ValidFrom: '2004-01-22 09:00:00'
-      ValidTo: '2014-01-27 10:00:00'
-      Signature: 11d45d8af43d0d9d7e4fa70071610b56b34caa70e1b2d1dec7886d1d897c2ba946e58b1f8e4cc26695911fe34d394ae31b70b7446edc068a4d6d25e89812dcbca0dd864eae8f81130540905a542529944acaf165b4ef0679dae7cb86f004c918dcee72b320015748dfe333e12ccd9c077f9447278d888d340ca67c5c20c17d07b3736b648c26d29bd7e87965a6a891a174862a050282c1847cf279cd3c2a2b0f99291eea8c8a1ab16aeaa266380e65e1add8c6c91f888d3976ee1782c4138d97ce6341e77af5b4b66c15c33813b3930b620688dde1447f10a950248b60dc05f75ba514b27b56720b96eabffc057090659e051ca4dd07af4b57dec639673bc574
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9612448
-      Version: 3
-      TBS:
-        MD5: 2fc76031fc24eec1ef3db2d246d21d6a
-        SHA1: 75c3a1f76b9dfa31ef6bf56325e7bd0bf6e4779d
-        SHA256: 9238292d441c56dc89684c253343c17de3ed9cecd7f83d1d8f793b5ebc91f7b9
-        SHA384: 9279c1377eb701fdd79ef85038ff151cd8902169ba55fca84b9850f003563f73a1daaf869544252a2e42f06f58d2275f
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 0100000000011006daed6b
-      Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      Version: 1
-  Imphash: 76950c8e12482b742f86f2896856a00e
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 470e29597bd85eece73b1d7876ed4581
-    SHA1: 653f0e8dce4363f65da265d03c5fb89ac1e40fca
-    SHA256: 16c63f5ebd96caecae3581a91b949ccc803cf7c18482448d19f9433d6d40ebee
-  Company: Sun Microsystems, Inc.
-  Copyright: Sun Microsystems, Inc. & Others
-  CreationTimestamp: '2008-04-30 14:07:13'
-  Date: ''
-  Description: VirtualBox Host Interface Networking Driver
-  ExportedFunctions: ''
-  FileVersion: 8/2
-  Filename: ''
-  ImportedFunctions:
-  - RtlFreeUnicodeString
-  - IofCompleteRequest
-  - RtlFreeAnsiString
-  - RtlUnicodeStringToAnsiString
-  - RtlAnsiStringToUnicodeString
-  - KeInitializeSpinLock
-  - IoAllocateMdl
-  - MmProbeAndLockPages
-  - MmMapLockedPagesSpecifyCache
-  - MmUnlockPages
-  - IoFreeMdl
-  - MmMapLockedPages
-  - RtlCreateSecurityDescriptor
-  - ZwOpenFile
-  - ZwSetSecurityObject
-  - ZwClose
-  - _except_handler3
-  - IoReleaseCancelSpinLock
-  - RtlUnicodeToMultiByteN
-  - RtlAnsiCharToUnicodeChar
-  - KeTickCount
-  - KeBugCheckEx
-  - KfAcquireSpinLock
-  - KfReleaseSpinLock
-  - KeGetCurrentIrql
-  - NdisMRegisterMiniport
-  - NdisTerminateWrapper
-  - NdisMRegisterUnloadHandler
-  - NdisMSetAttributesEx
-  - NdisMRegisterAdapterShutdownHandler
-  - NdisOpenConfiguration
-  - NdisReadConfiguration
-  - NdisCloseConfiguration
-  - NdisMRegisterDevice
-  - NdisMDeregisterDevice
-  - NdisMDeregisterAdapterShutdownHandler
-  - NdisMSleep
-  - NdisFreeMemory
-  - NdisAllocateMemoryWithTag
-  - NdisInitializeWrapper
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  - NDIS.SYS
-  InternalName: VBoxTAP.sys
-  MD5: 9b25ccf5765034119a61c9beb2ad1369
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: VBoxTAP.sys
-  PDBPath: ''
-  Product: VirtualBox Host Interface Networking Driver
-  ProductVersion: 8/2
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 0185dad5be094ff48eb2b120716019b2
-    SHA1: f4ffac92065304d5681677a851fff39fb99da34e
-    SHA256: a9486d778008cc5838da6a0d4b3265e05ed71d5361ef4863698e6d0d87959fed
-  SHA1: a5404c4a57171d8a74e0af6efb4a50aaf7e5fb30
-  SHA256: cfa28e2f624f927d4cbd2952306570d86901d2f24e3d07cc6277e98289d09783
-  Sections:
-    .text:
-      Entropy: 6.464554740728887
-      Virtual Size: '0x79ac'
-    .rdata:
-      Entropy: 3.2651434224417204
-      Virtual Size: '0x844'
-    .data:
-      Entropy: 4.7625831958480065
-      Virtual Size: '0xa38'
-    INIT:
-      Entropy: 5.795225260851648
-      Virtual Size: '0x62e'
-    .rsrc:
-      Entropy: 3.3054907316246935
-      Virtual Size: '0x3b8'
-    .reloc:
-      Entropy: 6.182943276421891
-      Virtual Size: '0x454'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=DE, O=innotek GmbH, CN=innotek GmbH, emailAddress=info@innotek.de
-      ValidFrom: '2007-12-27 14:37:17'
-      ValidTo: '2010-12-27 14:37:17'
-      Signature: 2a6d31919705290526ee3286d2825883af75a52ec1257276e9ab0eeff47a83adeab4bc2068eb7f76f84a356d466012e17b91d4f5c2913d28c73ee15018243e2ba7487f70d21f954eeeefb9854fc980d1ee61bf9a779e6e9a661938d7d9d6d101ddb49a9917264622f0ce4d63ac106b50769c38e9361a34f6cf5c5cae3ef50eb2a49d0f02c001af28d1f1fe250f2c99e5436b485a107eab17295180e5750eb31faee1ea0937a827bc140906a014b85409d8c48afbfcee20bf53f4e74661c1f555823c4bee18fde06e1e3e44fb8930e3ea84385e5006fd994fe8e69205a84ed7ed0f25c7b9f8fcb6f7d5b30188c27bf99050175afb1fc60f89ed2462ce999ca5dc
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 010000000001171c092665
-      Version: 3
-      TBS:
-        MD5: 5cfd8530475b20ed5a2bed70b37ee977
-        SHA1: 4761dbd41ba2b01f21b9306ca21e8add93a30f09
-        SHA256: 219041cc8d9e3248c69d9b116d440a0bbaa6aa500aa0c5de2d5af15908d83c7f
-        SHA384: 46dcdf272bf47e608519abe5183dae12858d1b3763b78d7f5212be2adc021325e7f7a2ff3e18cc9b5307f43a61b184c5
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
-        Primary Object Publishing CA
-      ValidFrom: '1999-01-28 12:00:00'
-      ValidTo: '2014-01-27 11:00:00'
-      Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9611cd6
-      Version: 3
-      TBS:
-        MD5: 698f075151097d84c0b1f3e7bc3d6fca
-        SHA1: 041750993d7c9e063f02dfe74699598640911aab
-        SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
-        SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      ValidFrom: '2004-01-22 09:00:00'
-      ValidTo: '2014-01-27 10:00:00'
-      Signature: 11d45d8af43d0d9d7e4fa70071610b56b34caa70e1b2d1dec7886d1d897c2ba946e58b1f8e4cc26695911fe34d394ae31b70b7446edc068a4d6d25e89812dcbca0dd864eae8f81130540905a542529944acaf165b4ef0679dae7cb86f004c918dcee72b320015748dfe333e12ccd9c077f9447278d888d340ca67c5c20c17d07b3736b648c26d29bd7e87965a6a891a174862a050282c1847cf279cd3c2a2b0f99291eea8c8a1ab16aeaa266380e65e1add8c6c91f888d3976ee1782c4138d97ce6341e77af5b4b66c15c33813b3930b620688dde1447f10a950248b60dc05f75ba514b27b56720b96eabffc057090659e051ca4dd07af4b57dec639673bc574
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9612448
-      Version: 3
-      TBS:
-        MD5: 2fc76031fc24eec1ef3db2d246d21d6a
-        SHA1: 75c3a1f76b9dfa31ef6bf56325e7bd0bf6e4779d
-        SHA256: 9238292d441c56dc89684c253343c17de3ed9cecd7f83d1d8f793b5ebc91f7b9
-        SHA384: 9279c1377eb701fdd79ef85038ff151cd8902169ba55fca84b9850f003563f73a1daaf869544252a2e42f06f58d2275f
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 010000000001171c092665
-      Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      Version: 1
-  Imphash: 76950c8e12482b742f86f2896856a00e
-  LoadsDespiteHVCI: 'FALSE'
-MitreID: T1068
+    Command: ''
+    Description: Confirmed vulnerable driver from Microsoft Block List
+    OperatingSystem: Windows
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://gist.github.com/mgraeber-rc/1bde6a2a83237f17b463d051d32e802c
-Tags:
-- VBoxTAP.sys
-Verified: 'TRUE'
+Detection:
+-   type: ''
+    value: ''
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 0fbb326913f5473846836039def3d5bc
+        SHA1: fbce0fae387aeb93049a0975839ec96be3e9e87b
+        SHA256: f020137cb08f86c48810780209a3f4a1fac361ed089ade61c1b5d6c64ded7872
+    Company: innotek GmbH
+    Copyright: innotek GmbH & Others
+    CreationTimestamp: '2007-12-29 01:25:14'
+    Date: ''
+    Description: VirtualBox Host Interface Networking Driver
+    ExportedFunctions: ''
+    FileVersion: 8/2
+    Filename: ''
+    ImportedFunctions:
+    - RtlFreeUnicodeString
+    - IofCompleteRequest
+    - RtlFreeAnsiString
+    - RtlUnicodeStringToAnsiString
+    - RtlAnsiStringToUnicodeString
+    - KeInitializeSpinLock
+    - IoAllocateMdl
+    - MmProbeAndLockPages
+    - MmMapLockedPagesSpecifyCache
+    - MmUnlockPages
+    - IoFreeMdl
+    - MmMapLockedPages
+    - RtlCreateSecurityDescriptor
+    - ZwOpenFile
+    - ZwSetSecurityObject
+    - ZwClose
+    - _except_handler3
+    - IoReleaseCancelSpinLock
+    - RtlUnicodeToMultiByteN
+    - RtlAnsiCharToUnicodeChar
+    - KeTickCount
+    - KeBugCheckEx
+    - KfAcquireSpinLock
+    - KfReleaseSpinLock
+    - KeGetCurrentIrql
+    - NdisMRegisterMiniport
+    - NdisTerminateWrapper
+    - NdisMRegisterUnloadHandler
+    - NdisMSetAttributesEx
+    - NdisMRegisterAdapterShutdownHandler
+    - NdisOpenConfiguration
+    - NdisReadConfiguration
+    - NdisCloseConfiguration
+    - NdisMRegisterDevice
+    - NdisMDeregisterDevice
+    - NdisMDeregisterAdapterShutdownHandler
+    - NdisMSleep
+    - NdisFreeMemory
+    - NdisAllocateMemoryWithTag
+    - NdisInitializeWrapper
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    - NDIS.SYS
+    InternalName: VBoxTAP.sys
+    MD5: 298f30c20c6b2b5b56f9946fb4e6f85a
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: VBoxTAP.sys
+    PDBPath: ''
+    Product: VirtualBox Host Interface Networking Driver
+    ProductVersion: 8/2
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 0185dad5be094ff48eb2b120716019b2
+        SHA1: f4ffac92065304d5681677a851fff39fb99da34e
+        SHA256: a9486d778008cc5838da6a0d4b3265e05ed71d5361ef4863698e6d0d87959fed
+    SHA1: ab7f8de9c8ba5fc8692e02f3ae4548cd08ddb17d
+    SHA256: 994f322def98c99aec7ea0036ef5f4b802120458782ae3867d116d55215c56e4
+    Sections:
+        .text:
+            Entropy: 6.4726131591031075
+            Virtual Size: '0x79ac'
+        .rdata:
+            Entropy: 3.266802862287294
+            Virtual Size: '0x844'
+        .data:
+            Entropy: 4.87905427246399
+            Virtual Size: '0xab8'
+        INIT:
+            Entropy: 5.82434285801796
+            Virtual Size: '0x62e'
+        .rsrc:
+            Entropy: 3.300772104333135
+            Virtual Size: '0x390'
+        .reloc:
+            Entropy: 6.184220326704345
+            Virtual Size: '0x454'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=DE, O=InnoTek Systemberatung GmbH, CN=InnoTek Systemberatung
+                GmbH, emailAddress=info@innotek.de
+            ValidFrom: '2007-01-09 12:35:15'
+            ValidTo: '2008-01-09 12:35:15'
+            Signature: afdad3534508399d12ede2f611e2d0eeb79cddeb8193638a13865632fad7e8c879fa7dc83a9731e81f85ceb8bf6ef42b257af4b265a03fa7b445ea06869fda28efe2e0642c277fcb46d1e3d14394a70872581cff992979238c319514f6665e7906c738d7152ce8ae0e5660392ed454ef57309d41a139f32e4ef4ecd1fe9c8560da48ab88522492523bf103ca8a47d3ac853fd6d3502788ef56a107baa0a7335e25dca7dc2aa6456240144ba583c206ec308ba5b04c1be2229126c4d817e723ca2b8eb36d692329e7372e0dc4d78d82ace182d44856e88163ef041e16b415ab851b2dba181948f3c92fbaad952e41e7922e7e5354687f63204e6c76455b01ab5c
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0100000000011006daed6b
+            Version: 3
+            TBS:
+                MD5: bfbe9f4dc7264d47b48dbc2ec48aa897
+                SHA1: 699c3e67f349f262426097a4c9320951f0d56e8f
+                SHA256: 785b2e779c33465eaba8a6326a40af1ff990d22a5493b55ce3c1f3aa04f3b3e2
+                SHA384: 3178625856310ac3802a36f337bf9af1e2b62fbc7881221390cbd8f2e1be0f8d82c165dba90745f99c09c0bad2eced79
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
+                Primary Object Publishing CA
+            ValidFrom: '1999-01-28 12:00:00'
+            ValidTo: '2014-01-27 11:00:00'
+            Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9611cd6
+            Version: 3
+            TBS:
+                MD5: 698f075151097d84c0b1f3e7bc3d6fca
+                SHA1: 041750993d7c9e063f02dfe74699598640911aab
+                SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
+                SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            ValidFrom: '2004-01-22 09:00:00'
+            ValidTo: '2014-01-27 10:00:00'
+            Signature: 11d45d8af43d0d9d7e4fa70071610b56b34caa70e1b2d1dec7886d1d897c2ba946e58b1f8e4cc26695911fe34d394ae31b70b7446edc068a4d6d25e89812dcbca0dd864eae8f81130540905a542529944acaf165b4ef0679dae7cb86f004c918dcee72b320015748dfe333e12ccd9c077f9447278d888d340ca67c5c20c17d07b3736b648c26d29bd7e87965a6a891a174862a050282c1847cf279cd3c2a2b0f99291eea8c8a1ab16aeaa266380e65e1add8c6c91f888d3976ee1782c4138d97ce6341e77af5b4b66c15c33813b3930b620688dde1447f10a950248b60dc05f75ba514b27b56720b96eabffc057090659e051ca4dd07af4b57dec639673bc574
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9612448
+            Version: 3
+            TBS:
+                MD5: 2fc76031fc24eec1ef3db2d246d21d6a
+                SHA1: 75c3a1f76b9dfa31ef6bf56325e7bd0bf6e4779d
+                SHA256: 9238292d441c56dc89684c253343c17de3ed9cecd7f83d1d8f793b5ebc91f7b9
+                SHA384: 9279c1377eb701fdd79ef85038ff151cd8902169ba55fca84b9850f003563f73a1daaf869544252a2e42f06f58d2275f
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 0100000000011006daed6b
+            Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            Version: 1
+    Imphash: 76950c8e12482b742f86f2896856a00e
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 470e29597bd85eece73b1d7876ed4581
+        SHA1: 653f0e8dce4363f65da265d03c5fb89ac1e40fca
+        SHA256: 16c63f5ebd96caecae3581a91b949ccc803cf7c18482448d19f9433d6d40ebee
+    Company: Sun Microsystems, Inc.
+    Copyright: Sun Microsystems, Inc. & Others
+    CreationTimestamp: '2008-04-30 14:07:13'
+    Date: ''
+    Description: VirtualBox Host Interface Networking Driver
+    ExportedFunctions: ''
+    FileVersion: 8/2
+    Filename: ''
+    ImportedFunctions:
+    - RtlFreeUnicodeString
+    - IofCompleteRequest
+    - RtlFreeAnsiString
+    - RtlUnicodeStringToAnsiString
+    - RtlAnsiStringToUnicodeString
+    - KeInitializeSpinLock
+    - IoAllocateMdl
+    - MmProbeAndLockPages
+    - MmMapLockedPagesSpecifyCache
+    - MmUnlockPages
+    - IoFreeMdl
+    - MmMapLockedPages
+    - RtlCreateSecurityDescriptor
+    - ZwOpenFile
+    - ZwSetSecurityObject
+    - ZwClose
+    - _except_handler3
+    - IoReleaseCancelSpinLock
+    - RtlUnicodeToMultiByteN
+    - RtlAnsiCharToUnicodeChar
+    - KeTickCount
+    - KeBugCheckEx
+    - KfAcquireSpinLock
+    - KfReleaseSpinLock
+    - KeGetCurrentIrql
+    - NdisMRegisterMiniport
+    - NdisTerminateWrapper
+    - NdisMRegisterUnloadHandler
+    - NdisMSetAttributesEx
+    - NdisMRegisterAdapterShutdownHandler
+    - NdisOpenConfiguration
+    - NdisReadConfiguration
+    - NdisCloseConfiguration
+    - NdisMRegisterDevice
+    - NdisMDeregisterDevice
+    - NdisMDeregisterAdapterShutdownHandler
+    - NdisMSleep
+    - NdisFreeMemory
+    - NdisAllocateMemoryWithTag
+    - NdisInitializeWrapper
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    - NDIS.SYS
+    InternalName: VBoxTAP.sys
+    MD5: 9b25ccf5765034119a61c9beb2ad1369
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: VBoxTAP.sys
+    PDBPath: ''
+    Product: VirtualBox Host Interface Networking Driver
+    ProductVersion: 8/2
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 0185dad5be094ff48eb2b120716019b2
+        SHA1: f4ffac92065304d5681677a851fff39fb99da34e
+        SHA256: a9486d778008cc5838da6a0d4b3265e05ed71d5361ef4863698e6d0d87959fed
+    SHA1: a5404c4a57171d8a74e0af6efb4a50aaf7e5fb30
+    SHA256: cfa28e2f624f927d4cbd2952306570d86901d2f24e3d07cc6277e98289d09783
+    Sections:
+        .text:
+            Entropy: 6.464554740728887
+            Virtual Size: '0x79ac'
+        .rdata:
+            Entropy: 3.2651434224417204
+            Virtual Size: '0x844'
+        .data:
+            Entropy: 4.7625831958480065
+            Virtual Size: '0xa38'
+        INIT:
+            Entropy: 5.795225260851648
+            Virtual Size: '0x62e'
+        .rsrc:
+            Entropy: 3.3054907316246935
+            Virtual Size: '0x3b8'
+        .reloc:
+            Entropy: 6.182943276421891
+            Virtual Size: '0x454'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=DE, O=innotek GmbH, CN=innotek GmbH, emailAddress=info@innotek.de
+            ValidFrom: '2007-12-27 14:37:17'
+            ValidTo: '2010-12-27 14:37:17'
+            Signature: 2a6d31919705290526ee3286d2825883af75a52ec1257276e9ab0eeff47a83adeab4bc2068eb7f76f84a356d466012e17b91d4f5c2913d28c73ee15018243e2ba7487f70d21f954eeeefb9854fc980d1ee61bf9a779e6e9a661938d7d9d6d101ddb49a9917264622f0ce4d63ac106b50769c38e9361a34f6cf5c5cae3ef50eb2a49d0f02c001af28d1f1fe250f2c99e5436b485a107eab17295180e5750eb31faee1ea0937a827bc140906a014b85409d8c48afbfcee20bf53f4e74661c1f555823c4bee18fde06e1e3e44fb8930e3ea84385e5006fd994fe8e69205a84ed7ed0f25c7b9f8fcb6f7d5b30188c27bf99050175afb1fc60f89ed2462ce999ca5dc
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 010000000001171c092665
+            Version: 3
+            TBS:
+                MD5: 5cfd8530475b20ed5a2bed70b37ee977
+                SHA1: 4761dbd41ba2b01f21b9306ca21e8add93a30f09
+                SHA256: 219041cc8d9e3248c69d9b116d440a0bbaa6aa500aa0c5de2d5af15908d83c7f
+                SHA384: 46dcdf272bf47e608519abe5183dae12858d1b3763b78d7f5212be2adc021325e7f7a2ff3e18cc9b5307f43a61b184c5
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
+                Primary Object Publishing CA
+            ValidFrom: '1999-01-28 12:00:00'
+            ValidTo: '2014-01-27 11:00:00'
+            Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9611cd6
+            Version: 3
+            TBS:
+                MD5: 698f075151097d84c0b1f3e7bc3d6fca
+                SHA1: 041750993d7c9e063f02dfe74699598640911aab
+                SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
+                SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            ValidFrom: '2004-01-22 09:00:00'
+            ValidTo: '2014-01-27 10:00:00'
+            Signature: 11d45d8af43d0d9d7e4fa70071610b56b34caa70e1b2d1dec7886d1d897c2ba946e58b1f8e4cc26695911fe34d394ae31b70b7446edc068a4d6d25e89812dcbca0dd864eae8f81130540905a542529944acaf165b4ef0679dae7cb86f004c918dcee72b320015748dfe333e12ccd9c077f9447278d888d340ca67c5c20c17d07b3736b648c26d29bd7e87965a6a891a174862a050282c1847cf279cd3c2a2b0f99291eea8c8a1ab16aeaa266380e65e1add8c6c91f888d3976ee1782c4138d97ce6341e77af5b4b66c15c33813b3930b620688dde1447f10a950248b60dc05f75ba514b27b56720b96eabffc057090659e051ca4dd07af4b57dec639673bc574
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9612448
+            Version: 3
+            TBS:
+                MD5: 2fc76031fc24eec1ef3db2d246d21d6a
+                SHA1: 75c3a1f76b9dfa31ef6bf56325e7bd0bf6e4779d
+                SHA256: 9238292d441c56dc89684c253343c17de3ed9cecd7f83d1d8f793b5ebc91f7b9
+                SHA384: 9279c1377eb701fdd79ef85038ff151cd8902169ba55fca84b9850f003563f73a1daaf869544252a2e42f06f58d2275f
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 010000000001171c092665
+            Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            Version: 1
+    Imphash: 76950c8e12482b742f86f2896856a00e
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/f3215c19-8053-458c-81a5-90a74c5d2e6d.yaml b/yaml/f3215c19-8053-458c-81a5-90a74c5d2e6d.yaml
index 61406aeaf..3b3511339 100644
--- a/yaml/f3215c19-8053-458c-81a5-90a74c5d2e6d.yaml
+++ b/yaml/f3215c19-8053-458c-81a5-90a74c5d2e6d.yaml
@@ -1,2325 +1,2338 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: f3215c19-8053-458c-81a5-90a74c5d2e6d
+Tags:
+- CITMDRV_AMD64.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create CITMDRV_AMD64.sys binPath=C:\windows\temp\CITMDRV_AMD64.sys     type=kernel
-    && sc.exe start CITMDRV_AMD64.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection: []
-Id: f3215c19-8053-458c-81a5-90a74c5d2e6d
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 6df250bd96e46a522bd7536100737f13
-    SHA1: d917e8e8aee2cb3d01d1ba123098654cf370689f
-    SHA256: 5be61901f41d55e6fbd0994869015448f8eb0450ae38f67b75ddb594c3325aac
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2006-05-05 01:39:53'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: CITMDRV_AMD64.sys
-  ImportedFunctions:
-  - ZwClose
-  - ZwOpenFile
-  - RtlInitUnicodeString
-  - ZwWriteFile
-  - DbgPrint
-  - ZwCreateFile
-  - vsprintf
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ZwMapViewOfSection
-  - ZwUnmapViewOfSection
-  - __C_specific_handler
-  - IoFreeMdl
-  - MmUnlockPages
-  - ZwOpenSection
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeBugCheckEx
-  Imports:
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: e076dadf37dd43a6b36aeed957abee9e
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: IBM Polska Sp. z o.o.
-  RichPEHeaderHash:
-    MD5: 2913b9a2d064bbf06952ebcd7b6a75de
-    SHA1: 06e980c32915f83814a657f8e37a8320803a7b7e
-    SHA256: 3f8fc8e800b7c61556df8a46929b7e1f1456d58f242d1301f44851a7648c1d53
-  SHA1: 468e2e5505a3d924b14fedee4ddf240d09393776
-  SHA256: 29e0062a017a93b2f2f5207a608a96df4d554c5de976bd0276c2590a03bd3e94
-  Sections:
-    .text:
-      Entropy: 6.162845467346244
-      Virtual Size: '0x1a00'
-    .rdata:
-      Entropy: 4.3931373244808105
-      Virtual Size: '0x228'
-    .data:
-      Entropy: 0.5035334969292564
-      Virtual Size: '0x118'
-    .pdata:
-      Entropy: 3.456333815753792
-      Virtual Size: '0x9c'
-    INIT:
-      Entropy: 4.839932002422845
-      Virtual Size: '0x2ce'
-  Signature:
-  - IBM Polska Sp. z o.o.
-  - VeriSign Class 3 Code Signing 2009-2 CA
-  - VeriSign Class 3 Public Primary CA
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G3
-      ValidFrom: '2012-05-01 00:00:00'
-      ValidTo: '2012-12-31 23:59:59'
-      Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
-      Version: 3
-      TBS:
-        MD5: e6d820afb23af20a65cf0b03247ea05e
-        SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
-        SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
-        SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=PL, ST=malopolska, L=Krakow, O=IBM Polska Sp. z o.o., OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, CN=IBM Polska Sp. z o.o.
-      ValidFrom: '2010-04-08 00:00:00'
-      ValidTo: '2013-04-09 23:59:59'
-      Signature: aec628787fc5115db93dba252e13cd029479d493c11fe73c7489505159c140ffe12c4626385c9dc75bb198692a08f1ddef7596666f654f6b2ac73884106f73c854ea38c3ea17af5d6b114884e174c4fb9061d48894066d6375662ddfdbb501cecbd1b6b92b9ac67a4b420aab9275658932fbcddfaa96590f5d40d29c807fda722681eb09fd16407fc1f2aea03470f36d1e134807d87dfc934789a500bf97b7fa816a56b96b269cf900d66809306d450556051df6ea7643848b2199d3a4927c34f1e385a31ead8aabb510a3dc1551c2ddabfede5f3210e774196660380a9d707d329c97e4317ddde27e111865367bab7c424e9a704f7f005d641cff9e3977bd38
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 45595f53cb4840a48f7415305213fba6
-      Version: 3
-      TBS:
-        MD5: 478f5b241a92e2c4a0b1580fbf6a1222
-        SHA1: 16c4e1d539fe3eff639929b0e688e97dea1fbd7c
-        SHA256: f9655471d8ad73cfa42a56521d31e6f0d7088207234f3aaa00638fe36fad109d
-        SHA384: 3f0f3cdcb3f9b03da2be316c4305836ffb88b0cb8e18001518cff506e0fa35b27b98f4330f7f91fef30d37de2d57cf24
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    Signer:
-    - SerialNumber: 45595f53cb4840a48f7415305213fba6
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  Imphash: a5b3ea8c2012c517c472ad6befd37134
-  LoadsDespiteHVCI: 'TRUE'
-- Authentihash:
-    MD5: 6df250bd96e46a522bd7536100737f13
-    SHA1: d917e8e8aee2cb3d01d1ba123098654cf370689f
-    SHA256: 5be61901f41d55e6fbd0994869015448f8eb0450ae38f67b75ddb594c3325aac
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2006-05-05 01:39:53'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: CITMDRV_AMD64.sys
-  ImportedFunctions:
-  - ZwClose
-  - ZwOpenFile
-  - RtlInitUnicodeString
-  - ZwWriteFile
-  - DbgPrint
-  - ZwCreateFile
-  - vsprintf
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ZwMapViewOfSection
-  - ZwUnmapViewOfSection
-  - __C_specific_handler
-  - IoFreeMdl
-  - MmUnlockPages
-  - ZwOpenSection
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeBugCheckEx
-  Imports:
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: aa1ed3917928f04d97d8a217fe9b5cb1
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: IBM Polska Sp. z o.o.
-  RichPEHeaderHash:
-    MD5: 2913b9a2d064bbf06952ebcd7b6a75de
-    SHA1: 06e980c32915f83814a657f8e37a8320803a7b7e
-    SHA256: 3f8fc8e800b7c61556df8a46929b7e1f1456d58f242d1301f44851a7648c1d53
-  SHA1: 2e3de9bff43d7712707ef8a0b10f7e4ad8427fd8
-  SHA256: 45abdbcd4c0916b7d9faaf1cd08543a3a5178871074628e0126a6eda890d26e0
-  Sections:
-    .text:
-      Entropy: 6.162845467346244
-      Virtual Size: '0x1a00'
-    .rdata:
-      Entropy: 4.3931373244808105
-      Virtual Size: '0x228'
-    .data:
-      Entropy: 0.5035334969292564
-      Virtual Size: '0x118'
-    .pdata:
-      Entropy: 3.456333815753792
-      Virtual Size: '0x9c'
-    INIT:
-      Entropy: 4.839932002422845
-      Virtual Size: '0x2ce'
-  Signature:
-  - IBM Polska Sp. z o.o.
-  - VeriSign Class 3 Code Signing 2010 CA
-  - VeriSign
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=PL, ST=mazowieckie, L=Warsaw, O=IBM Polska Sp. z o.o., OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, CN=IBM Polska Sp. z o.o.
-      ValidFrom: '2013-05-31 00:00:00'
-      ValidTo: '2016-06-29 23:59:59'
-      Signature: 42e8dc916f2dc408ca5166c8b7ced14e560f83871c13c6c64e315e05fe905f6d744191e2e1fa04e15896b09c9853c735ac78efecf1d9d6c4b81d449b71b041b37f66e879cdd3ccaee2fad716d01f842540235d15c8b607c010ae4abe541053cc38f0f16c25c4cc1064aea63f2db60ebb4a7fd0f4c468f658bfe57c541b1b9292c3e6490604e75ceb222dad4bd25c3cf81031d9eeb9599a7f150f3ea8417ae517a59488fc512bbda13ba30018b1692ebfea87957384abb8cb0ce20141a7d58299a15454184e79a36c7e492e5e98c145e6e2b6010fb70825c2557176ad96047e55ca2136536f9d2357f3bbd970eb696a6af7eedb5ffdbe4696b99412a5d09e568e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 63acb2cbe8cf97d66478469f5ce0d445
-      Version: 3
-      TBS:
-        MD5: d2f517a828f35cbbd527489cdc79ea5d
-        SHA1: c09bc2bc5ba1256a1a7928f16cb0a628ff50209b
-        SHA256: e20f8274f7861cfeac94335c1201e538a22ed769e10c4eef430bf8f50598ff85
-        SHA384: 6011cff1637bf8176fdda7d4f22656034e7cfa63676bb0414ad5e48f3a7e4a0eb013ba6f533c997a0eadc507c65d914f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 63acb2cbe8cf97d66478469f5ce0d445
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: a5b3ea8c2012c517c472ad6befd37134
-  LoadsDespiteHVCI: 'TRUE'
-- Authentihash:
-    MD5: 6df250bd96e46a522bd7536100737f13
-    SHA1: d917e8e8aee2cb3d01d1ba123098654cf370689f
-    SHA256: 5be61901f41d55e6fbd0994869015448f8eb0450ae38f67b75ddb594c3325aac
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2006-05-05 01:39:53'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: CITMDRV_AMD64.sys
-  ImportedFunctions:
-  - ZwClose
-  - ZwOpenFile
-  - RtlInitUnicodeString
-  - ZwWriteFile
-  - DbgPrint
-  - ZwCreateFile
-  - vsprintf
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ZwMapViewOfSection
-  - ZwUnmapViewOfSection
-  - __C_specific_handler
-  - IoFreeMdl
-  - MmUnlockPages
-  - ZwOpenSection
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeBugCheckEx
-  Imports:
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: dd39a86852b498b891672ffbcd071c03
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: IBM Polska Sp. z o.o.
-  RichPEHeaderHash:
-    MD5: 2913b9a2d064bbf06952ebcd7b6a75de
-    SHA1: 06e980c32915f83814a657f8e37a8320803a7b7e
-    SHA256: 3f8fc8e800b7c61556df8a46929b7e1f1456d58f242d1301f44851a7648c1d53
-  SHA1: c9cbfdd0be7b35751a017ec59ff7237ffdc4df1f
-  SHA256: 50db5480d0392a7dd6ab5df98389dc24d1ed1e9c98c9c35964b19dabcd6dc67f
-  Sections:
-    .text:
-      Entropy: 6.162845467346244
-      Virtual Size: '0x1a00'
-    .rdata:
-      Entropy: 4.3931373244808105
-      Virtual Size: '0x228'
-    .data:
-      Entropy: 0.5035334969292564
-      Virtual Size: '0x118'
-    .pdata:
-      Entropy: 3.456333815753792
-      Virtual Size: '0x9c'
-    INIT:
-      Entropy: 4.839932002422845
-      Virtual Size: '0x2ce'
-  Signature:
-  - IBM Polska Sp. z o.o.
-  - VeriSign Class 3 Code Signing 2010 CA
-  - VeriSign
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=PL, ST=mazowieckie, L=Warsaw, O=IBM Polska Sp. z o.o., OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, CN=IBM Polska Sp. z o.o.
-      ValidFrom: '2013-05-31 00:00:00'
-      ValidTo: '2016-06-29 23:59:59'
-      Signature: 42e8dc916f2dc408ca5166c8b7ced14e560f83871c13c6c64e315e05fe905f6d744191e2e1fa04e15896b09c9853c735ac78efecf1d9d6c4b81d449b71b041b37f66e879cdd3ccaee2fad716d01f842540235d15c8b607c010ae4abe541053cc38f0f16c25c4cc1064aea63f2db60ebb4a7fd0f4c468f658bfe57c541b1b9292c3e6490604e75ceb222dad4bd25c3cf81031d9eeb9599a7f150f3ea8417ae517a59488fc512bbda13ba30018b1692ebfea87957384abb8cb0ce20141a7d58299a15454184e79a36c7e492e5e98c145e6e2b6010fb70825c2557176ad96047e55ca2136536f9d2357f3bbd970eb696a6af7eedb5ffdbe4696b99412a5d09e568e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 63acb2cbe8cf97d66478469f5ce0d445
-      Version: 3
-      TBS:
-        MD5: d2f517a828f35cbbd527489cdc79ea5d
-        SHA1: c09bc2bc5ba1256a1a7928f16cb0a628ff50209b
-        SHA256: e20f8274f7861cfeac94335c1201e538a22ed769e10c4eef430bf8f50598ff85
-        SHA384: 6011cff1637bf8176fdda7d4f22656034e7cfa63676bb0414ad5e48f3a7e4a0eb013ba6f533c997a0eadc507c65d914f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 63acb2cbe8cf97d66478469f5ce0d445
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: a5b3ea8c2012c517c472ad6befd37134
-  LoadsDespiteHVCI: 'TRUE'
-- Authentihash:
-    MD5: 6df250bd96e46a522bd7536100737f13
-    SHA1: d917e8e8aee2cb3d01d1ba123098654cf370689f
-    SHA256: 5be61901f41d55e6fbd0994869015448f8eb0450ae38f67b75ddb594c3325aac
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2006-05-05 01:39:53'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: CITMDRV_AMD64.sys
-  ImportedFunctions:
-  - ZwClose
-  - ZwOpenFile
-  - RtlInitUnicodeString
-  - ZwWriteFile
-  - DbgPrint
-  - ZwCreateFile
-  - vsprintf
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ZwMapViewOfSection
-  - ZwUnmapViewOfSection
-  - __C_specific_handler
-  - IoFreeMdl
-  - MmUnlockPages
-  - ZwOpenSection
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeBugCheckEx
-  Imports:
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: 708ac9f7b12b6ca4553fd8d0c7299296
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: IBM Polska Sp. z o.o.
-  RichPEHeaderHash:
-    MD5: 2913b9a2d064bbf06952ebcd7b6a75de
-    SHA1: 06e980c32915f83814a657f8e37a8320803a7b7e
-    SHA256: 3f8fc8e800b7c61556df8a46929b7e1f1456d58f242d1301f44851a7648c1d53
-  SHA1: 078ae07dec258db4376d5a2a05b9b508d68c0123
-  SHA256: 607dc4c75ac7aef82ae0616a453866b3b358c6cf5c8f9d29e4d37f844306b97c
-  Sections:
-    .text:
-      Entropy: 6.162845467346244
-      Virtual Size: '0x1a00'
-    .rdata:
-      Entropy: 4.3931373244808105
-      Virtual Size: '0x228'
-    .data:
-      Entropy: 0.5035334969292564
-      Virtual Size: '0x118'
-    .pdata:
-      Entropy: 3.456333815753792
-      Virtual Size: '0x9c'
-    INIT:
-      Entropy: 4.839932002422845
-      Virtual Size: '0x2ce'
-  Signature:
-  - IBM Polska Sp. z o.o.
-  - VeriSign Class 3 Code Signing 2010 CA
-  - VeriSign
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=PL, ST=mazowieckie, L=Warsaw, O=IBM Polska Sp. z o.o., OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, CN=IBM Polska Sp. z o.o.
-      ValidFrom: '2013-05-31 00:00:00'
-      ValidTo: '2016-06-29 23:59:59'
-      Signature: 42e8dc916f2dc408ca5166c8b7ced14e560f83871c13c6c64e315e05fe905f6d744191e2e1fa04e15896b09c9853c735ac78efecf1d9d6c4b81d449b71b041b37f66e879cdd3ccaee2fad716d01f842540235d15c8b607c010ae4abe541053cc38f0f16c25c4cc1064aea63f2db60ebb4a7fd0f4c468f658bfe57c541b1b9292c3e6490604e75ceb222dad4bd25c3cf81031d9eeb9599a7f150f3ea8417ae517a59488fc512bbda13ba30018b1692ebfea87957384abb8cb0ce20141a7d58299a15454184e79a36c7e492e5e98c145e6e2b6010fb70825c2557176ad96047e55ca2136536f9d2357f3bbd970eb696a6af7eedb5ffdbe4696b99412a5d09e568e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 63acb2cbe8cf97d66478469f5ce0d445
-      Version: 3
-      TBS:
-        MD5: d2f517a828f35cbbd527489cdc79ea5d
-        SHA1: c09bc2bc5ba1256a1a7928f16cb0a628ff50209b
-        SHA256: e20f8274f7861cfeac94335c1201e538a22ed769e10c4eef430bf8f50598ff85
-        SHA384: 6011cff1637bf8176fdda7d4f22656034e7cfa63676bb0414ad5e48f3a7e4a0eb013ba6f533c997a0eadc507c65d914f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 63acb2cbe8cf97d66478469f5ce0d445
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: a5b3ea8c2012c517c472ad6befd37134
-  LoadsDespiteHVCI: 'TRUE'
-- Authentihash:
-    MD5: 6df250bd96e46a522bd7536100737f13
-    SHA1: d917e8e8aee2cb3d01d1ba123098654cf370689f
-    SHA256: 5be61901f41d55e6fbd0994869015448f8eb0450ae38f67b75ddb594c3325aac
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2006-05-05 01:39:53'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: CITMDRV_AMD64.sys
-  ImportedFunctions:
-  - ZwClose
-  - ZwOpenFile
-  - RtlInitUnicodeString
-  - ZwWriteFile
-  - DbgPrint
-  - ZwCreateFile
-  - vsprintf
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ZwMapViewOfSection
-  - ZwUnmapViewOfSection
-  - __C_specific_handler
-  - IoFreeMdl
-  - MmUnlockPages
-  - ZwOpenSection
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeBugCheckEx
-  Imports:
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: 7a16fca3d56c6038c692ec75b2bfee15
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: IBM Polska Sp. z o.o.
-  RichPEHeaderHash:
-    MD5: 2913b9a2d064bbf06952ebcd7b6a75de
-    SHA1: 06e980c32915f83814a657f8e37a8320803a7b7e
-    SHA256: 3f8fc8e800b7c61556df8a46929b7e1f1456d58f242d1301f44851a7648c1d53
-  SHA1: 623cd2abef6c92255f79cbbd3309cb59176771da
-  SHA256: 61d6e40601fa368800980801a662a5b3b36e3c23296e8ae1c85726a56ef18cc8
-  Sections:
-    .text:
-      Entropy: 6.162845467346244
-      Virtual Size: '0x1a00'
-    .rdata:
-      Entropy: 4.3931373244808105
-      Virtual Size: '0x228'
-    .data:
-      Entropy: 0.5035334969292564
-      Virtual Size: '0x118'
-    .pdata:
-      Entropy: 3.456333815753792
-      Virtual Size: '0x9c'
-    INIT:
-      Entropy: 4.839932002422845
-      Virtual Size: '0x2ce'
-  Signature:
-  - IBM Polska Sp. z o.o.
-  - VeriSign Class 3 Code Signing 2010 CA
-  - VeriSign
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=PL, ST=mazowieckie, L=Warsaw, O=IBM Polska Sp. z o.o., OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, CN=IBM Polska Sp. z o.o.
-      ValidFrom: '2013-05-31 00:00:00'
-      ValidTo: '2016-06-29 23:59:59'
-      Signature: 42e8dc916f2dc408ca5166c8b7ced14e560f83871c13c6c64e315e05fe905f6d744191e2e1fa04e15896b09c9853c735ac78efecf1d9d6c4b81d449b71b041b37f66e879cdd3ccaee2fad716d01f842540235d15c8b607c010ae4abe541053cc38f0f16c25c4cc1064aea63f2db60ebb4a7fd0f4c468f658bfe57c541b1b9292c3e6490604e75ceb222dad4bd25c3cf81031d9eeb9599a7f150f3ea8417ae517a59488fc512bbda13ba30018b1692ebfea87957384abb8cb0ce20141a7d58299a15454184e79a36c7e492e5e98c145e6e2b6010fb70825c2557176ad96047e55ca2136536f9d2357f3bbd970eb696a6af7eedb5ffdbe4696b99412a5d09e568e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 63acb2cbe8cf97d66478469f5ce0d445
-      Version: 3
-      TBS:
-        MD5: d2f517a828f35cbbd527489cdc79ea5d
-        SHA1: c09bc2bc5ba1256a1a7928f16cb0a628ff50209b
-        SHA256: e20f8274f7861cfeac94335c1201e538a22ed769e10c4eef430bf8f50598ff85
-        SHA384: 6011cff1637bf8176fdda7d4f22656034e7cfa63676bb0414ad5e48f3a7e4a0eb013ba6f533c997a0eadc507c65d914f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 63acb2cbe8cf97d66478469f5ce0d445
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: a5b3ea8c2012c517c472ad6befd37134
-  LoadsDespiteHVCI: 'TRUE'
-- Authentihash:
-    MD5: 6df250bd96e46a522bd7536100737f13
-    SHA1: d917e8e8aee2cb3d01d1ba123098654cf370689f
-    SHA256: 5be61901f41d55e6fbd0994869015448f8eb0450ae38f67b75ddb594c3325aac
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2006-05-05 01:39:53'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: CITMDRV_AMD64.sys
-  ImportedFunctions:
-  - ZwClose
-  - ZwOpenFile
-  - RtlInitUnicodeString
-  - ZwWriteFile
-  - DbgPrint
-  - ZwCreateFile
-  - vsprintf
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ZwMapViewOfSection
-  - ZwUnmapViewOfSection
-  - __C_specific_handler
-  - IoFreeMdl
-  - MmUnlockPages
-  - ZwOpenSection
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeBugCheckEx
-  Imports:
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: 5970e8de1b337ca665114511b9d10806
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: IBM Polska Sp. z o.o.
-  RichPEHeaderHash:
-    MD5: 2913b9a2d064bbf06952ebcd7b6a75de
-    SHA1: 06e980c32915f83814a657f8e37a8320803a7b7e
-    SHA256: 3f8fc8e800b7c61556df8a46929b7e1f1456d58f242d1301f44851a7648c1d53
-  SHA1: 1f3a9265963b660392c4053329eb9436deeed339
-  SHA256: 74a846c61adc53692d3040aff4c1916f32987ad72b07fe226e9e7dbeff1036c4
-  Sections:
-    .text:
-      Entropy: 6.162845467346244
-      Virtual Size: '0x1a00'
-    .rdata:
-      Entropy: 4.3931373244808105
-      Virtual Size: '0x228'
-    .data:
-      Entropy: 0.5035334969292564
-      Virtual Size: '0x118'
-    .pdata:
-      Entropy: 3.456333815753792
-      Virtual Size: '0x9c'
-    INIT:
-      Entropy: 4.839932002422845
-      Virtual Size: '0x2ce'
-  Signature:
-  - IBM Polska Sp. z o.o.
-  - VeriSign Class 3 Code Signing 2009-2 CA
-  - VeriSign Class 3 Public Primary CA
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G3
-      ValidFrom: '2012-05-01 00:00:00'
-      ValidTo: '2012-12-31 23:59:59'
-      Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
-      Version: 3
-      TBS:
-        MD5: e6d820afb23af20a65cf0b03247ea05e
-        SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
-        SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
-        SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=PL, ST=malopolska, L=Krakow, O=IBM Polska Sp. z o.o., OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, CN=IBM Polska Sp. z o.o.
-      ValidFrom: '2010-04-08 00:00:00'
-      ValidTo: '2013-04-09 23:59:59'
-      Signature: aec628787fc5115db93dba252e13cd029479d493c11fe73c7489505159c140ffe12c4626385c9dc75bb198692a08f1ddef7596666f654f6b2ac73884106f73c854ea38c3ea17af5d6b114884e174c4fb9061d48894066d6375662ddfdbb501cecbd1b6b92b9ac67a4b420aab9275658932fbcddfaa96590f5d40d29c807fda722681eb09fd16407fc1f2aea03470f36d1e134807d87dfc934789a500bf97b7fa816a56b96b269cf900d66809306d450556051df6ea7643848b2199d3a4927c34f1e385a31ead8aabb510a3dc1551c2ddabfede5f3210e774196660380a9d707d329c97e4317ddde27e111865367bab7c424e9a704f7f005d641cff9e3977bd38
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 45595f53cb4840a48f7415305213fba6
-      Version: 3
-      TBS:
-        MD5: 478f5b241a92e2c4a0b1580fbf6a1222
-        SHA1: 16c4e1d539fe3eff639929b0e688e97dea1fbd7c
-        SHA256: f9655471d8ad73cfa42a56521d31e6f0d7088207234f3aaa00638fe36fad109d
-        SHA384: 3f0f3cdcb3f9b03da2be316c4305836ffb88b0cb8e18001518cff506e0fa35b27b98f4330f7f91fef30d37de2d57cf24
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    Signer:
-    - SerialNumber: 45595f53cb4840a48f7415305213fba6
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  Imphash: a5b3ea8c2012c517c472ad6befd37134
-  LoadsDespiteHVCI: 'TRUE'
-- Authentihash:
-    MD5: 6df250bd96e46a522bd7536100737f13
-    SHA1: d917e8e8aee2cb3d01d1ba123098654cf370689f
-    SHA256: 5be61901f41d55e6fbd0994869015448f8eb0450ae38f67b75ddb594c3325aac
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2006-05-05 01:39:53'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: CITMDRV_AMD64.sys
-  ImportedFunctions:
-  - ZwClose
-  - ZwOpenFile
-  - RtlInitUnicodeString
-  - ZwWriteFile
-  - DbgPrint
-  - ZwCreateFile
-  - vsprintf
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ZwMapViewOfSection
-  - ZwUnmapViewOfSection
-  - __C_specific_handler
-  - IoFreeMdl
-  - MmUnlockPages
-  - ZwOpenSection
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeBugCheckEx
-  Imports:
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: 2509a71a02296aa65a3428ddfac22180
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: IBM Polska Sp. z o.o.
-  RichPEHeaderHash:
-    MD5: 2913b9a2d064bbf06952ebcd7b6a75de
-    SHA1: 06e980c32915f83814a657f8e37a8320803a7b7e
-    SHA256: 3f8fc8e800b7c61556df8a46929b7e1f1456d58f242d1301f44851a7648c1d53
-  SHA1: 4a235f0b84ff615e2879fa9e0ec0d745fcfdaa5c
-  SHA256: 76fb4deaee57ef30e56c382c92abffe2cf616d08dbecb3368c8ee6b02e59f303
-  Sections:
-    .text:
-      Entropy: 6.162845467346244
-      Virtual Size: '0x1a00'
-    .rdata:
-      Entropy: 4.3931373244808105
-      Virtual Size: '0x228'
-    .data:
-      Entropy: 0.5035334969292564
-      Virtual Size: '0x118'
-    .pdata:
-      Entropy: 3.456333815753792
-      Virtual Size: '0x9c'
-    INIT:
-      Entropy: 4.839932002422845
-      Virtual Size: '0x2ce'
-  Signature:
-  - IBM Polska Sp. z o.o.
-  - VeriSign Class 3 Code Signing 2010 CA
-  - VeriSign
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=PL, ST=mazowieckie, L=Warsaw, O=IBM Polska Sp. z o.o., OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, CN=IBM Polska Sp. z o.o.
-      ValidFrom: '2013-05-31 00:00:00'
-      ValidTo: '2016-06-29 23:59:59'
-      Signature: 42e8dc916f2dc408ca5166c8b7ced14e560f83871c13c6c64e315e05fe905f6d744191e2e1fa04e15896b09c9853c735ac78efecf1d9d6c4b81d449b71b041b37f66e879cdd3ccaee2fad716d01f842540235d15c8b607c010ae4abe541053cc38f0f16c25c4cc1064aea63f2db60ebb4a7fd0f4c468f658bfe57c541b1b9292c3e6490604e75ceb222dad4bd25c3cf81031d9eeb9599a7f150f3ea8417ae517a59488fc512bbda13ba30018b1692ebfea87957384abb8cb0ce20141a7d58299a15454184e79a36c7e492e5e98c145e6e2b6010fb70825c2557176ad96047e55ca2136536f9d2357f3bbd970eb696a6af7eedb5ffdbe4696b99412a5d09e568e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 63acb2cbe8cf97d66478469f5ce0d445
-      Version: 3
-      TBS:
-        MD5: d2f517a828f35cbbd527489cdc79ea5d
-        SHA1: c09bc2bc5ba1256a1a7928f16cb0a628ff50209b
-        SHA256: e20f8274f7861cfeac94335c1201e538a22ed769e10c4eef430bf8f50598ff85
-        SHA384: 6011cff1637bf8176fdda7d4f22656034e7cfa63676bb0414ad5e48f3a7e4a0eb013ba6f533c997a0eadc507c65d914f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 63acb2cbe8cf97d66478469f5ce0d445
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: a5b3ea8c2012c517c472ad6befd37134
-  LoadsDespiteHVCI: 'TRUE'
-- Authentihash:
-    MD5: 6df250bd96e46a522bd7536100737f13
-    SHA1: d917e8e8aee2cb3d01d1ba123098654cf370689f
-    SHA256: 5be61901f41d55e6fbd0994869015448f8eb0450ae38f67b75ddb594c3325aac
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2006-05-05 01:39:53'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: CITMDRV_AMD64.sys
-  ImportedFunctions:
-  - ZwClose
-  - ZwOpenFile
-  - RtlInitUnicodeString
-  - ZwWriteFile
-  - DbgPrint
-  - ZwCreateFile
-  - vsprintf
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ZwMapViewOfSection
-  - ZwUnmapViewOfSection
-  - __C_specific_handler
-  - IoFreeMdl
-  - MmUnlockPages
-  - ZwOpenSection
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeBugCheckEx
-  Imports:
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: 296bde4d0ed32c6069eb90c502187d0d
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: IBM Polska Sp. z o.o.
-  RichPEHeaderHash:
-    MD5: 2913b9a2d064bbf06952ebcd7b6a75de
-    SHA1: 06e980c32915f83814a657f8e37a8320803a7b7e
-    SHA256: 3f8fc8e800b7c61556df8a46929b7e1f1456d58f242d1301f44851a7648c1d53
-  SHA1: ace6b9e34e3e2e73fe584f3bbdb4e4ec106e0a7d
-  SHA256: 81939e5c12bd627ff268e9887d6fb57e95e6049f28921f3437898757e7f21469
-  Sections:
-    .text:
-      Entropy: 6.162845467346244
-      Virtual Size: '0x1a00'
-    .rdata:
-      Entropy: 4.3931373244808105
-      Virtual Size: '0x228'
-    .data:
-      Entropy: 0.5035334969292564
-      Virtual Size: '0x118'
-    .pdata:
-      Entropy: 3.456333815753792
-      Virtual Size: '0x9c'
-    INIT:
-      Entropy: 4.839932002422845
-      Virtual Size: '0x2ce'
-  Signature:
-  - IBM Polska Sp. z o.o.
-  - VeriSign Class 3 Code Signing 2010 CA
-  - VeriSign
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=PL, ST=mazowieckie, L=Warsaw, O=IBM Polska Sp. z o.o., OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, CN=IBM Polska Sp. z o.o.
-      ValidFrom: '2013-05-31 00:00:00'
-      ValidTo: '2016-06-29 23:59:59'
-      Signature: 42e8dc916f2dc408ca5166c8b7ced14e560f83871c13c6c64e315e05fe905f6d744191e2e1fa04e15896b09c9853c735ac78efecf1d9d6c4b81d449b71b041b37f66e879cdd3ccaee2fad716d01f842540235d15c8b607c010ae4abe541053cc38f0f16c25c4cc1064aea63f2db60ebb4a7fd0f4c468f658bfe57c541b1b9292c3e6490604e75ceb222dad4bd25c3cf81031d9eeb9599a7f150f3ea8417ae517a59488fc512bbda13ba30018b1692ebfea87957384abb8cb0ce20141a7d58299a15454184e79a36c7e492e5e98c145e6e2b6010fb70825c2557176ad96047e55ca2136536f9d2357f3bbd970eb696a6af7eedb5ffdbe4696b99412a5d09e568e
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 63acb2cbe8cf97d66478469f5ce0d445
-      Version: 3
-      TBS:
-        MD5: d2f517a828f35cbbd527489cdc79ea5d
-        SHA1: c09bc2bc5ba1256a1a7928f16cb0a628ff50209b
-        SHA256: e20f8274f7861cfeac94335c1201e538a22ed769e10c4eef430bf8f50598ff85
-        SHA384: 6011cff1637bf8176fdda7d4f22656034e7cfa63676bb0414ad5e48f3a7e4a0eb013ba6f533c997a0eadc507c65d914f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 63acb2cbe8cf97d66478469f5ce0d445
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: a5b3ea8c2012c517c472ad6befd37134
-  LoadsDespiteHVCI: 'TRUE'
-- Authentihash:
-    MD5: 6df250bd96e46a522bd7536100737f13
-    SHA1: d917e8e8aee2cb3d01d1ba123098654cf370689f
-    SHA256: 5be61901f41d55e6fbd0994869015448f8eb0450ae38f67b75ddb594c3325aac
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2006-05-05 01:39:53'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: CITMDRV_AMD64.sys
-  ImportedFunctions:
-  - ZwClose
-  - ZwOpenFile
-  - RtlInitUnicodeString
-  - ZwWriteFile
-  - DbgPrint
-  - ZwCreateFile
-  - vsprintf
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ZwMapViewOfSection
-  - ZwUnmapViewOfSection
-  - __C_specific_handler
-  - IoFreeMdl
-  - MmUnlockPages
-  - ZwOpenSection
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeBugCheckEx
-  Imports:
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: d1bac75205c389d6d5d6418f0457c29b
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: IBM Polska Sp. z o.o.
-  RichPEHeaderHash:
-    MD5: 2913b9a2d064bbf06952ebcd7b6a75de
-    SHA1: 06e980c32915f83814a657f8e37a8320803a7b7e
-    SHA256: 3f8fc8e800b7c61556df8a46929b7e1f1456d58f242d1301f44851a7648c1d53
-  SHA1: 4268f30b79ce125a81d0d588bef0d4e2ad409bbb
-  SHA256: 9790a7b9d624b2b18768bb655dda4a05a9929633cef0b1521e79e40d7de0a05b
-  Sections:
-    .text:
-      Entropy: 6.162845467346244
-      Virtual Size: '0x1a00'
-    .rdata:
-      Entropy: 4.3931373244808105
-      Virtual Size: '0x228'
-    .data:
-      Entropy: 0.5035334969292564
-      Virtual Size: '0x118'
-    .pdata:
-      Entropy: 3.456333815753792
-      Virtual Size: '0x9c'
-    INIT:
-      Entropy: 4.839932002422845
-      Virtual Size: '0x2ce'
-  Signature:
-  - IBM Polska Sp. z o.o.
-  - VeriSign Class 3 Code Signing 2009-2 CA
-  - VeriSign Class 3 Public Primary CA
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=PL, ST=malopolska, L=Krakow, O=IBM Polska Sp. z o.o., OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, CN=IBM Polska Sp. z o.o.
-      ValidFrom: '2010-04-08 00:00:00'
-      ValidTo: '2013-04-09 23:59:59'
-      Signature: aec628787fc5115db93dba252e13cd029479d493c11fe73c7489505159c140ffe12c4626385c9dc75bb198692a08f1ddef7596666f654f6b2ac73884106f73c854ea38c3ea17af5d6b114884e174c4fb9061d48894066d6375662ddfdbb501cecbd1b6b92b9ac67a4b420aab9275658932fbcddfaa96590f5d40d29c807fda722681eb09fd16407fc1f2aea03470f36d1e134807d87dfc934789a500bf97b7fa816a56b96b269cf900d66809306d450556051df6ea7643848b2199d3a4927c34f1e385a31ead8aabb510a3dc1551c2ddabfede5f3210e774196660380a9d707d329c97e4317ddde27e111865367bab7c424e9a704f7f005d641cff9e3977bd38
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 45595f53cb4840a48f7415305213fba6
-      Version: 3
-      TBS:
-        MD5: 478f5b241a92e2c4a0b1580fbf6a1222
-        SHA1: 16c4e1d539fe3eff639929b0e688e97dea1fbd7c
-        SHA256: f9655471d8ad73cfa42a56521d31e6f0d7088207234f3aaa00638fe36fad109d
-        SHA384: 3f0f3cdcb3f9b03da2be316c4305836ffb88b0cb8e18001518cff506e0fa35b27b98f4330f7f91fef30d37de2d57cf24
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    Signer:
-    - SerialNumber: 45595f53cb4840a48f7415305213fba6
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  Imphash: a5b3ea8c2012c517c472ad6befd37134
-  LoadsDespiteHVCI: 'TRUE'
-- Authentihash:
-    MD5: 6df250bd96e46a522bd7536100737f13
-    SHA1: d917e8e8aee2cb3d01d1ba123098654cf370689f
-    SHA256: 5be61901f41d55e6fbd0994869015448f8eb0450ae38f67b75ddb594c3325aac
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2006-05-05 01:39:53'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: CITMDRV_AMD64.sys
-  ImportedFunctions:
-  - ZwClose
-  - ZwOpenFile
-  - RtlInitUnicodeString
-  - ZwWriteFile
-  - DbgPrint
-  - ZwCreateFile
-  - vsprintf
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ZwMapViewOfSection
-  - ZwUnmapViewOfSection
-  - __C_specific_handler
-  - IoFreeMdl
-  - MmUnlockPages
-  - ZwOpenSection
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeBugCheckEx
-  Imports:
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: b2a9ac0600b12ec9819e049d7a6a0b75
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: IBM Polska Sp. z o.o.
-  RichPEHeaderHash:
-    MD5: 2913b9a2d064bbf06952ebcd7b6a75de
-    SHA1: 06e980c32915f83814a657f8e37a8320803a7b7e
-    SHA256: 3f8fc8e800b7c61556df8a46929b7e1f1456d58f242d1301f44851a7648c1d53
-  SHA1: c834c4931b074665d56ccab437dfcc326649d612
-  SHA256: 9a1d66036b0868bbb1b2823209fedea61a301d5dd245f8e7d390bd31e52d663e
-  Sections:
-    .text:
-      Entropy: 6.162845467346244
-      Virtual Size: '0x1a00'
-    .rdata:
-      Entropy: 4.3931373244808105
-      Virtual Size: '0x228'
-    .data:
-      Entropy: 0.5035334969292564
-      Virtual Size: '0x118'
-    .pdata:
-      Entropy: 3.456333815753792
-      Virtual Size: '0x9c'
-    INIT:
-      Entropy: 4.839932002422845
-      Virtual Size: '0x2ce'
-  Signature:
-  - IBM Polska Sp. z o.o.
-  - Symantec Class 3 SHA256 Code Signing CA
-  - VeriSign
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=PL, ST=mazowieckie, L=Warsaw, O=IBM Polska Sp. z o.o., CN=IBM Polska
-        Sp. z o.o.
-      ValidFrom: '2016-05-30 00:00:00'
-      ValidTo: '2019-07-29 23:59:59'
-      Signature: 37c4cb65c2d5579c51543d15af31471b5b497715b8018ab41d79e8c5fd07393f3ae94bc05fe9c7c309f7ac8cc213535a8fa8ea90100c57e455b50ddc95ee310d73c0577dd2e02e8f488ac3402f0a04f6bd5f40892e98c1c7a0f2763666416c56578c5124f057a762ac7e12ec79b0513db914a194e0180e7c60ebcfe6669802fa959e117dbe681d72789baa05343c622da0bb17eb05b8c6f0740d7053dbee3f12d569d4186d2dcc65a802e5ff99f6e9737f3b025eb44df12036e51b3d078fb5c29f36134134aa0ac6d34dc45d973b92fb05740c50975194828977dbe9c7218c092a4a96ec45d08610914926d92eb2fc2f0e7e4965dda5f82b7c9bbd731256acbf
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 74c58808c139aecc23260eb2ba16f2fd
-      Version: 3
-      TBS:
-        MD5: e7b67b21239296b841387cb545428012
-        SHA1: 16490d98ea08654a99e355b9b87be04fc66b62df
-        SHA256: 3dfd1ebc716c318dd93c0532018c67ca0e98bdb16dfbbd266dabf6f47dcb8870
-        SHA384: e70fb3a325bd9a1d3b52f5a7d8648a21c9a27ce88da95b324448220897832618a427b2b7d7f99cd4192645f1c1dac2a7
-    - Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 SHA256 Code Signing CA
-      ValidFrom: '2013-12-10 00:00:00'
-      ValidTo: '2023-12-09 23:59:59'
-      Signature: 13851a1e69a937f7a0bda4af7e1d6153fe9d8c5e0ca6751e781723ddfdec1a035539fb7195c7655aa78e30d2445a61db706fda2105c22e73ba49f1d193fe5dc9cd5e03e0899e3f741ed7f7388ba9d6cfbb352f3358a89256d1c84d3b82e6798416fc28b0b147f31da23eee87d9a67fa456a53fad842e29de7cbca8aaa33d0401eaba93a20e502229174c87e43a115fd6a425899b056b2fb4c9014c277b0bac190522a060153fdac9fb4d4c8ffb726777fd2794c7ba350e8849fe8dfd28af4a12bd0db39705de440c15fa362b03dcc15001f1a1115d14e5e2bd274b54be2b845e0fa6c374050aef97c38922b11f77f3bdcd43d4f14ca93fb58b84af64f2d01421
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 3d78d7f9764960b2617df4f01eca862a
-      Version: 3
-      TBS:
-        MD5: 1f056ff7d5f874984dc605402b7cb042
-        SHA1: bdb348353a2203deb4b767914fa1bd7248dd728b
-        SHA256: a08e79c386083d875014c409c13d144e0a24386132980df11ff59737c8489eb1
-        SHA384: fa2729064b49e0d77540c1ee95d5f74acaf8eaf55197851a3a40383335f8113e51190bc48b552196edf8ac5cf0c89278
-    Signer:
-    - SerialNumber: 74c58808c139aecc23260eb2ba16f2fd
-      Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 SHA256 Code Signing CA
-      Version: 1
-  Imphash: a5b3ea8c2012c517c472ad6befd37134
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 6df250bd96e46a522bd7536100737f13
-    SHA1: d917e8e8aee2cb3d01d1ba123098654cf370689f
-    SHA256: 5be61901f41d55e6fbd0994869015448f8eb0450ae38f67b75ddb594c3325aac
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2006-05-05 01:39:53'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: CITMDRV_AMD64.sys
-  ImportedFunctions:
-  - ZwClose
-  - ZwOpenFile
-  - RtlInitUnicodeString
-  - ZwWriteFile
-  - DbgPrint
-  - ZwCreateFile
-  - vsprintf
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ZwMapViewOfSection
-  - ZwUnmapViewOfSection
-  - __C_specific_handler
-  - IoFreeMdl
-  - MmUnlockPages
-  - ZwOpenSection
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeBugCheckEx
-  Imports:
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: 79f7e6f98a5d3ab6601622be4471027f
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: IBM Polska Sp. z o.o.
-  RichPEHeaderHash:
-    MD5: 2913b9a2d064bbf06952ebcd7b6a75de
-    SHA1: 06e980c32915f83814a657f8e37a8320803a7b7e
-    SHA256: 3f8fc8e800b7c61556df8a46929b7e1f1456d58f242d1301f44851a7648c1d53
-  SHA1: 8f5cd4a56e6e15935491aa40adb1ecad61eafe7c
-  SHA256: aa9ab1195dc866270e984f1bed5e1358d6ef24c515dfdb6c2a92d1e1b94bf608
-  Sections:
-    .text:
-      Entropy: 6.162845467346244
-      Virtual Size: '0x1a00'
-    .rdata:
-      Entropy: 4.3931373244808105
-      Virtual Size: '0x228'
-    .data:
-      Entropy: 0.5035334969292564
-      Virtual Size: '0x118'
-    .pdata:
-      Entropy: 3.456333815753792
-      Virtual Size: '0x9c'
-    INIT:
-      Entropy: 4.839932002422845
-      Virtual Size: '0x2ce'
-  Signature:
-  - IBM Polska Sp. z o.o.
-  - VeriSign Class 3 Code Signing 2009-2 CA
-  - VeriSign Class 3 Public Primary Certification Authority (PCA3 G1 SHA1)
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G3
-      ValidFrom: '2012-05-01 00:00:00'
-      ValidTo: '2012-12-31 23:59:59'
-      Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
-      Version: 3
-      TBS:
-        MD5: e6d820afb23af20a65cf0b03247ea05e
-        SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
-        SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
-        SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=PL, ST=malopolska, L=Krakow, O=IBM Polska Sp. z o.o., OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, CN=IBM Polska Sp. z o.o.
-      ValidFrom: '2010-04-08 00:00:00'
-      ValidTo: '2013-04-09 23:59:59'
-      Signature: aec628787fc5115db93dba252e13cd029479d493c11fe73c7489505159c140ffe12c4626385c9dc75bb198692a08f1ddef7596666f654f6b2ac73884106f73c854ea38c3ea17af5d6b114884e174c4fb9061d48894066d6375662ddfdbb501cecbd1b6b92b9ac67a4b420aab9275658932fbcddfaa96590f5d40d29c807fda722681eb09fd16407fc1f2aea03470f36d1e134807d87dfc934789a500bf97b7fa816a56b96b269cf900d66809306d450556051df6ea7643848b2199d3a4927c34f1e385a31ead8aabb510a3dc1551c2ddabfede5f3210e774196660380a9d707d329c97e4317ddde27e111865367bab7c424e9a704f7f005d641cff9e3977bd38
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 45595f53cb4840a48f7415305213fba6
-      Version: 3
-      TBS:
-        MD5: 478f5b241a92e2c4a0b1580fbf6a1222
-        SHA1: 16c4e1d539fe3eff639929b0e688e97dea1fbd7c
-        SHA256: f9655471d8ad73cfa42a56521d31e6f0d7088207234f3aaa00638fe36fad109d
-        SHA384: 3f0f3cdcb3f9b03da2be316c4305836ffb88b0cb8e18001518cff506e0fa35b27b98f4330f7f91fef30d37de2d57cf24
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    Signer:
-    - SerialNumber: 45595f53cb4840a48f7415305213fba6
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  Imphash: a5b3ea8c2012c517c472ad6befd37134
-  LoadsDespiteHVCI: 'TRUE'
-- Authentihash:
-    MD5: 6df250bd96e46a522bd7536100737f13
-    SHA1: d917e8e8aee2cb3d01d1ba123098654cf370689f
-    SHA256: 5be61901f41d55e6fbd0994869015448f8eb0450ae38f67b75ddb594c3325aac
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2006-05-05 01:39:53'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: CITMDRV_AMD64.sys
-  ImportedFunctions:
-  - ZwClose
-  - ZwOpenFile
-  - RtlInitUnicodeString
-  - ZwWriteFile
-  - DbgPrint
-  - ZwCreateFile
-  - vsprintf
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ZwMapViewOfSection
-  - ZwUnmapViewOfSection
-  - __C_specific_handler
-  - IoFreeMdl
-  - MmUnlockPages
-  - ZwOpenSection
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeBugCheckEx
-  Imports:
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: 2d465b4487dc81effaa84f122b71c24f
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: IBM Polska Sp. z o.o.
-  RichPEHeaderHash:
-    MD5: 2913b9a2d064bbf06952ebcd7b6a75de
-    SHA1: 06e980c32915f83814a657f8e37a8320803a7b7e
-    SHA256: 3f8fc8e800b7c61556df8a46929b7e1f1456d58f242d1301f44851a7648c1d53
-  SHA1: 51b60eaa228458dee605430aae1bc26f3fc62325
-  SHA256: af095de15a16255ca1b2c27dad365dff9ac32d2a75e8e288f5a1307680781685
-  Sections:
-    .text:
-      Entropy: 6.162845467346244
-      Virtual Size: '0x1a00'
-    .rdata:
-      Entropy: 4.3931373244808105
-      Virtual Size: '0x228'
-    .data:
-      Entropy: 0.5035334969292564
-      Virtual Size: '0x118'
-    .pdata:
-      Entropy: 3.456333815753792
-      Virtual Size: '0x9c'
-    INIT:
-      Entropy: 4.839932002422845
-      Virtual Size: '0x2ce'
-  Signature:
-  - IBM Polska Sp. z o.o.
-  - VeriSign Class 3 Code Signing 2009-2 CA
-  - VeriSign Class 3 Public Primary CA
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G3
-      ValidFrom: '2012-05-01 00:00:00'
-      ValidTo: '2012-12-31 23:59:59'
-      Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
-      Version: 3
-      TBS:
-        MD5: e6d820afb23af20a65cf0b03247ea05e
-        SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
-        SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
-        SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=PL, ST=malopolska, L=Krakow, O=IBM Polska Sp. z o.o., OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, CN=IBM Polska Sp. z o.o.
-      ValidFrom: '2010-04-08 00:00:00'
-      ValidTo: '2013-04-09 23:59:59'
-      Signature: aec628787fc5115db93dba252e13cd029479d493c11fe73c7489505159c140ffe12c4626385c9dc75bb198692a08f1ddef7596666f654f6b2ac73884106f73c854ea38c3ea17af5d6b114884e174c4fb9061d48894066d6375662ddfdbb501cecbd1b6b92b9ac67a4b420aab9275658932fbcddfaa96590f5d40d29c807fda722681eb09fd16407fc1f2aea03470f36d1e134807d87dfc934789a500bf97b7fa816a56b96b269cf900d66809306d450556051df6ea7643848b2199d3a4927c34f1e385a31ead8aabb510a3dc1551c2ddabfede5f3210e774196660380a9d707d329c97e4317ddde27e111865367bab7c424e9a704f7f005d641cff9e3977bd38
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 45595f53cb4840a48f7415305213fba6
-      Version: 3
-      TBS:
-        MD5: 478f5b241a92e2c4a0b1580fbf6a1222
-        SHA1: 16c4e1d539fe3eff639929b0e688e97dea1fbd7c
-        SHA256: f9655471d8ad73cfa42a56521d31e6f0d7088207234f3aaa00638fe36fad109d
-        SHA384: 3f0f3cdcb3f9b03da2be316c4305836ffb88b0cb8e18001518cff506e0fa35b27b98f4330f7f91fef30d37de2d57cf24
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    Signer:
-    - SerialNumber: 45595f53cb4840a48f7415305213fba6
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  Imphash: a5b3ea8c2012c517c472ad6befd37134
-  LoadsDespiteHVCI: 'TRUE'
-- Authentihash:
-    MD5: 6df250bd96e46a522bd7536100737f13
-    SHA1: d917e8e8aee2cb3d01d1ba123098654cf370689f
-    SHA256: 5be61901f41d55e6fbd0994869015448f8eb0450ae38f67b75ddb594c3325aac
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2006-05-05 01:39:53'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: CITMDRV_AMD64.sys
-  ImportedFunctions:
-  - ZwClose
-  - ZwOpenFile
-  - RtlInitUnicodeString
-  - ZwWriteFile
-  - DbgPrint
-  - ZwCreateFile
-  - vsprintf
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ZwMapViewOfSection
-  - ZwUnmapViewOfSection
-  - __C_specific_handler
-  - IoFreeMdl
-  - MmUnlockPages
-  - ZwOpenSection
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeBugCheckEx
-  Imports:
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: 4d17b32be70ef39eae5d5edeb5e89877
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: IBM Polska Sp. z o.o.
-  RichPEHeaderHash:
-    MD5: 2913b9a2d064bbf06952ebcd7b6a75de
-    SHA1: 06e980c32915f83814a657f8e37a8320803a7b7e
-    SHA256: 3f8fc8e800b7c61556df8a46929b7e1f1456d58f242d1301f44851a7648c1d53
-  SHA1: 3270720a066492b046d7180ca6e60602c764cac7
-  SHA256: d5586dc1e61796a9ae5e5d1ced397874753056c3df2eb963a8916287e1929a71
-  Sections:
-    .text:
-      Entropy: 6.162845467346244
-      Virtual Size: '0x1a00'
-    .rdata:
-      Entropy: 4.3931373244808105
-      Virtual Size: '0x228'
-    .data:
-      Entropy: 0.5035334969292564
-      Virtual Size: '0x118'
-    .pdata:
-      Entropy: 3.456333815753792
-      Virtual Size: '0x9c'
-    INIT:
-      Entropy: 4.839932002422845
-      Virtual Size: '0x2ce'
-  Signature:
-  - IBM Polska Sp. z o.o.
-  - VeriSign Class 3 Code Signing 2009-2 CA
-  - VeriSign Class 3 Public Primary CA
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=PL, ST=malopolska, L=Krakow, O=IBM Polska Sp. z o.o., OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, CN=IBM Polska Sp. z o.o.
-      ValidFrom: '2010-04-08 00:00:00'
-      ValidTo: '2013-04-09 23:59:59'
-      Signature: aec628787fc5115db93dba252e13cd029479d493c11fe73c7489505159c140ffe12c4626385c9dc75bb198692a08f1ddef7596666f654f6b2ac73884106f73c854ea38c3ea17af5d6b114884e174c4fb9061d48894066d6375662ddfdbb501cecbd1b6b92b9ac67a4b420aab9275658932fbcddfaa96590f5d40d29c807fda722681eb09fd16407fc1f2aea03470f36d1e134807d87dfc934789a500bf97b7fa816a56b96b269cf900d66809306d450556051df6ea7643848b2199d3a4927c34f1e385a31ead8aabb510a3dc1551c2ddabfede5f3210e774196660380a9d707d329c97e4317ddde27e111865367bab7c424e9a704f7f005d641cff9e3977bd38
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 45595f53cb4840a48f7415305213fba6
-      Version: 3
-      TBS:
-        MD5: 478f5b241a92e2c4a0b1580fbf6a1222
-        SHA1: 16c4e1d539fe3eff639929b0e688e97dea1fbd7c
-        SHA256: f9655471d8ad73cfa42a56521d31e6f0d7088207234f3aaa00638fe36fad109d
-        SHA384: 3f0f3cdcb3f9b03da2be316c4305836ffb88b0cb8e18001518cff506e0fa35b27b98f4330f7f91fef30d37de2d57cf24
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    Signer:
-    - SerialNumber: 45595f53cb4840a48f7415305213fba6
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  Imphash: a5b3ea8c2012c517c472ad6befd37134
-  LoadsDespiteHVCI: 'TRUE'
-- Authentihash:
-    MD5: 6df250bd96e46a522bd7536100737f13
-    SHA1: d917e8e8aee2cb3d01d1ba123098654cf370689f
-    SHA256: 5be61901f41d55e6fbd0994869015448f8eb0450ae38f67b75ddb594c3325aac
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2006-05-05 01:39:53'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: CITMDRV_AMD64.sys
-  ImportedFunctions:
-  - ZwClose
-  - ZwOpenFile
-  - RtlInitUnicodeString
-  - ZwWriteFile
-  - DbgPrint
-  - ZwCreateFile
-  - vsprintf
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ZwMapViewOfSection
-  - ZwUnmapViewOfSection
-  - __C_specific_handler
-  - IoFreeMdl
-  - MmUnlockPages
-  - ZwOpenSection
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeBugCheckEx
-  Imports:
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: c1d3a6bb423739a5e781f7eee04c9cfd
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: IBM Polska Sp. z o.o.
-  RichPEHeaderHash:
-    MD5: 2913b9a2d064bbf06952ebcd7b6a75de
-    SHA1: 06e980c32915f83814a657f8e37a8320803a7b7e
-    SHA256: 3f8fc8e800b7c61556df8a46929b7e1f1456d58f242d1301f44851a7648c1d53
-  SHA1: 2a6e6bd51c7062ad24c02a4d2c1b5e948908d131
-  SHA256: d8459f7d707c635e2c04d6d6d47b63f73ba3f6629702c7a6e0df0462f6478ae2
-  Sections:
-    .text:
-      Entropy: 6.162845467346244
-      Virtual Size: '0x1a00'
-    .rdata:
-      Entropy: 4.3931373244808105
-      Virtual Size: '0x228'
-    .data:
-      Entropy: 0.5035334969292564
-      Virtual Size: '0x118'
-    .pdata:
-      Entropy: 3.456333815753792
-      Virtual Size: '0x9c'
-    INIT:
-      Entropy: 4.839932002422845
-      Virtual Size: '0x2ce'
-  Signature:
-  - IBM Polska Sp. z o.o.
-  - VeriSign Class 3 Code Signing 2009-2 CA
-  - VeriSign Class 3 Public Primary CA
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G3
-      ValidFrom: '2012-05-01 00:00:00'
-      ValidTo: '2012-12-31 23:59:59'
-      Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
-      Version: 3
-      TBS:
-        MD5: e6d820afb23af20a65cf0b03247ea05e
-        SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
-        SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
-        SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=PL, ST=malopolska, L=Krakow, O=IBM Polska Sp. z o.o., OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, CN=IBM Polska Sp. z o.o.
-      ValidFrom: '2010-04-08 00:00:00'
-      ValidTo: '2013-04-09 23:59:59'
-      Signature: aec628787fc5115db93dba252e13cd029479d493c11fe73c7489505159c140ffe12c4626385c9dc75bb198692a08f1ddef7596666f654f6b2ac73884106f73c854ea38c3ea17af5d6b114884e174c4fb9061d48894066d6375662ddfdbb501cecbd1b6b92b9ac67a4b420aab9275658932fbcddfaa96590f5d40d29c807fda722681eb09fd16407fc1f2aea03470f36d1e134807d87dfc934789a500bf97b7fa816a56b96b269cf900d66809306d450556051df6ea7643848b2199d3a4927c34f1e385a31ead8aabb510a3dc1551c2ddabfede5f3210e774196660380a9d707d329c97e4317ddde27e111865367bab7c424e9a704f7f005d641cff9e3977bd38
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 45595f53cb4840a48f7415305213fba6
-      Version: 3
-      TBS:
-        MD5: 478f5b241a92e2c4a0b1580fbf6a1222
-        SHA1: 16c4e1d539fe3eff639929b0e688e97dea1fbd7c
-        SHA256: f9655471d8ad73cfa42a56521d31e6f0d7088207234f3aaa00638fe36fad109d
-        SHA384: 3f0f3cdcb3f9b03da2be316c4305836ffb88b0cb8e18001518cff506e0fa35b27b98f4330f7f91fef30d37de2d57cf24
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    Signer:
-    - SerialNumber: 45595f53cb4840a48f7415305213fba6
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  Imphash: a5b3ea8c2012c517c472ad6befd37134
-  LoadsDespiteHVCI: 'TRUE'
-- Authentihash:
-    MD5: 6df250bd96e46a522bd7536100737f13
-    SHA1: d917e8e8aee2cb3d01d1ba123098654cf370689f
-    SHA256: 5be61901f41d55e6fbd0994869015448f8eb0450ae38f67b75ddb594c3325aac
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2006-05-05 01:39:53'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: CITMDRV_AMD64.sys
-  ImportedFunctions:
-  - ZwClose
-  - ZwOpenFile
-  - RtlInitUnicodeString
-  - ZwWriteFile
-  - DbgPrint
-  - ZwCreateFile
-  - vsprintf
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ZwMapViewOfSection
-  - ZwUnmapViewOfSection
-  - __C_specific_handler
-  - IoFreeMdl
-  - MmUnlockPages
-  - ZwOpenSection
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeBugCheckEx
-  Imports:
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: 054299e09cea38df2b84e6b29348b418
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: IBM Polska Sp. z o.o.
-  RichPEHeaderHash:
-    MD5: 2913b9a2d064bbf06952ebcd7b6a75de
-    SHA1: 06e980c32915f83814a657f8e37a8320803a7b7e
-    SHA256: 3f8fc8e800b7c61556df8a46929b7e1f1456d58f242d1301f44851a7648c1d53
-  SHA1: 19bd488fe54b011f387e8c5d202a70019a204adf
-  SHA256: e81230217988f3e7ec6f89a06d231ec66039bdba340fd8ebb2bbb586506e3293
-  Sections:
-    .text:
-      Entropy: 6.162845467346244
-      Virtual Size: '0x1a00'
-    .rdata:
-      Entropy: 4.3931373244808105
-      Virtual Size: '0x228'
-    .data:
-      Entropy: 0.5035334969292564
-      Virtual Size: '0x118'
-    .pdata:
-      Entropy: 3.456333815753792
-      Virtual Size: '0x9c'
-    INIT:
-      Entropy: 4.839932002422845
-      Virtual Size: '0x2ce'
-  Signature:
-  - IBM Polska Sp. z o.o.
-  - Symantec Class 3 SHA256 Code Signing CA
-  - VeriSign
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=PL, ST=mazowieckie, L=Warsaw, O=IBM Polska Sp. z o.o., CN=IBM Polska
-        Sp. z o.o.
-      ValidFrom: '2016-05-30 00:00:00'
-      ValidTo: '2019-07-29 23:59:59'
-      Signature: 37c4cb65c2d5579c51543d15af31471b5b497715b8018ab41d79e8c5fd07393f3ae94bc05fe9c7c309f7ac8cc213535a8fa8ea90100c57e455b50ddc95ee310d73c0577dd2e02e8f488ac3402f0a04f6bd5f40892e98c1c7a0f2763666416c56578c5124f057a762ac7e12ec79b0513db914a194e0180e7c60ebcfe6669802fa959e117dbe681d72789baa05343c622da0bb17eb05b8c6f0740d7053dbee3f12d569d4186d2dcc65a802e5ff99f6e9737f3b025eb44df12036e51b3d078fb5c29f36134134aa0ac6d34dc45d973b92fb05740c50975194828977dbe9c7218c092a4a96ec45d08610914926d92eb2fc2f0e7e4965dda5f82b7c9bbd731256acbf
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 74c58808c139aecc23260eb2ba16f2fd
-      Version: 3
-      TBS:
-        MD5: e7b67b21239296b841387cb545428012
-        SHA1: 16490d98ea08654a99e355b9b87be04fc66b62df
-        SHA256: 3dfd1ebc716c318dd93c0532018c67ca0e98bdb16dfbbd266dabf6f47dcb8870
-        SHA384: e70fb3a325bd9a1d3b52f5a7d8648a21c9a27ce88da95b324448220897832618a427b2b7d7f99cd4192645f1c1dac2a7
-    - Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 SHA256 Code Signing CA
-      ValidFrom: '2013-12-10 00:00:00'
-      ValidTo: '2023-12-09 23:59:59'
-      Signature: 13851a1e69a937f7a0bda4af7e1d6153fe9d8c5e0ca6751e781723ddfdec1a035539fb7195c7655aa78e30d2445a61db706fda2105c22e73ba49f1d193fe5dc9cd5e03e0899e3f741ed7f7388ba9d6cfbb352f3358a89256d1c84d3b82e6798416fc28b0b147f31da23eee87d9a67fa456a53fad842e29de7cbca8aaa33d0401eaba93a20e502229174c87e43a115fd6a425899b056b2fb4c9014c277b0bac190522a060153fdac9fb4d4c8ffb726777fd2794c7ba350e8849fe8dfd28af4a12bd0db39705de440c15fa362b03dcc15001f1a1115d14e5e2bd274b54be2b845e0fa6c374050aef97c38922b11f77f3bdcd43d4f14ca93fb58b84af64f2d01421
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 3d78d7f9764960b2617df4f01eca862a
-      Version: 3
-      TBS:
-        MD5: 1f056ff7d5f874984dc605402b7cb042
-        SHA1: bdb348353a2203deb4b767914fa1bd7248dd728b
-        SHA256: a08e79c386083d875014c409c13d144e0a24386132980df11ff59737c8489eb1
-        SHA384: fa2729064b49e0d77540c1ee95d5f74acaf8eaf55197851a3a40383335f8113e51190bc48b552196edf8ac5cf0c89278
-    Signer:
-    - SerialNumber: 74c58808c139aecc23260eb2ba16f2fd
-      Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 SHA256 Code Signing CA
-      Version: 1
-  Imphash: a5b3ea8c2012c517c472ad6befd37134
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 6df250bd96e46a522bd7536100737f13
-    SHA1: d917e8e8aee2cb3d01d1ba123098654cf370689f
-    SHA256: 5be61901f41d55e6fbd0994869015448f8eb0450ae38f67b75ddb594c3325aac
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2006-05-05 01:39:53'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: CITMDRV_AMD64.sys
-  ImportedFunctions:
-  - ZwClose
-  - ZwOpenFile
-  - RtlInitUnicodeString
-  - ZwWriteFile
-  - DbgPrint
-  - ZwCreateFile
-  - vsprintf
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ZwMapViewOfSection
-  - ZwUnmapViewOfSection
-  - __C_specific_handler
-  - IoFreeMdl
-  - MmUnlockPages
-  - ZwOpenSection
-  - MmProbeAndLockPages
-  - IoAllocateMdl
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeBugCheckEx
-  Imports:
-  - ntoskrnl.exe
-  InternalName: ''
-  MD5: 0ba6afe0ea182236f98365bd977adfdf
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: IBM Polska Sp. z o.o.
-  RichPEHeaderHash:
-    MD5: 2913b9a2d064bbf06952ebcd7b6a75de
-    SHA1: 06e980c32915f83814a657f8e37a8320803a7b7e
-    SHA256: 3f8fc8e800b7c61556df8a46929b7e1f1456d58f242d1301f44851a7648c1d53
-  SHA1: a6fe4f30ca7cb94d74bc6d42cdd09a136056952e
-  SHA256: f88ebb633406a086d9cca6bc8b66a4ea940c5476529f9033a9e0463512a23a57
-  Sections:
-    .text:
-      Entropy: 6.162845467346244
-      Virtual Size: '0x1a00'
-    .rdata:
-      Entropy: 4.3931373244808105
-      Virtual Size: '0x228'
-    .data:
-      Entropy: 0.5035334969292564
-      Virtual Size: '0x118'
-    .pdata:
-      Entropy: 3.456333815753792
-      Virtual Size: '0x9c'
-    INIT:
-      Entropy: 4.839932002422845
-      Virtual Size: '0x2ce'
-  Signature:
-  - IBM Polska Sp. z o.o.
-  - Symantec Class 3 SHA256 Code Signing CA
-  - VeriSign
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=PL, ST=mazowieckie, L=Warsaw, O=IBM Polska Sp. z o.o., CN=IBM Polska
-        Sp. z o.o.
-      ValidFrom: '2016-05-30 00:00:00'
-      ValidTo: '2019-07-29 23:59:59'
-      Signature: 37c4cb65c2d5579c51543d15af31471b5b497715b8018ab41d79e8c5fd07393f3ae94bc05fe9c7c309f7ac8cc213535a8fa8ea90100c57e455b50ddc95ee310d73c0577dd2e02e8f488ac3402f0a04f6bd5f40892e98c1c7a0f2763666416c56578c5124f057a762ac7e12ec79b0513db914a194e0180e7c60ebcfe6669802fa959e117dbe681d72789baa05343c622da0bb17eb05b8c6f0740d7053dbee3f12d569d4186d2dcc65a802e5ff99f6e9737f3b025eb44df12036e51b3d078fb5c29f36134134aa0ac6d34dc45d973b92fb05740c50975194828977dbe9c7218c092a4a96ec45d08610914926d92eb2fc2f0e7e4965dda5f82b7c9bbd731256acbf
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 74c58808c139aecc23260eb2ba16f2fd
-      Version: 3
-      TBS:
-        MD5: e7b67b21239296b841387cb545428012
-        SHA1: 16490d98ea08654a99e355b9b87be04fc66b62df
-        SHA256: 3dfd1ebc716c318dd93c0532018c67ca0e98bdb16dfbbd266dabf6f47dcb8870
-        SHA384: e70fb3a325bd9a1d3b52f5a7d8648a21c9a27ce88da95b324448220897832618a427b2b7d7f99cd4192645f1c1dac2a7
-    - Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 SHA256 Code Signing CA
-      ValidFrom: '2013-12-10 00:00:00'
-      ValidTo: '2023-12-09 23:59:59'
-      Signature: 13851a1e69a937f7a0bda4af7e1d6153fe9d8c5e0ca6751e781723ddfdec1a035539fb7195c7655aa78e30d2445a61db706fda2105c22e73ba49f1d193fe5dc9cd5e03e0899e3f741ed7f7388ba9d6cfbb352f3358a89256d1c84d3b82e6798416fc28b0b147f31da23eee87d9a67fa456a53fad842e29de7cbca8aaa33d0401eaba93a20e502229174c87e43a115fd6a425899b056b2fb4c9014c277b0bac190522a060153fdac9fb4d4c8ffb726777fd2794c7ba350e8849fe8dfd28af4a12bd0db39705de440c15fa362b03dcc15001f1a1115d14e5e2bd274b54be2b845e0fa6c374050aef97c38922b11f77f3bdcd43d4f14ca93fb58b84af64f2d01421
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 3d78d7f9764960b2617df4f01eca862a
-      Version: 3
-      TBS:
-        MD5: 1f056ff7d5f874984dc605402b7cb042
-        SHA1: bdb348353a2203deb4b767914fa1bd7248dd728b
-        SHA256: a08e79c386083d875014c409c13d144e0a24386132980df11ff59737c8489eb1
-        SHA384: fa2729064b49e0d77540c1ee95d5f74acaf8eaf55197851a3a40383335f8113e51190bc48b552196edf8ac5cf0c89278
-    Signer:
-    - SerialNumber: 74c58808c139aecc23260eb2ba16f2fd
-      Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 SHA256 Code Signing CA
-      Version: 1
-  Imphash: a5b3ea8c2012c517c472ad6befd37134
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create CITMDRV_AMD64.sys binPath=C:\windows\temp\CITMDRV_AMD64.sys     type=kernel
+        && sc.exe start CITMDRV_AMD64.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://github.com/namazso/physmem_drivers
-Tags:
-- CITMDRV_AMD64.sys
-Verified: 'TRUE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 6df250bd96e46a522bd7536100737f13
+        SHA1: d917e8e8aee2cb3d01d1ba123098654cf370689f
+        SHA256: 5be61901f41d55e6fbd0994869015448f8eb0450ae38f67b75ddb594c3325aac
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2006-05-05 01:39:53'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: CITMDRV_AMD64.sys
+    ImportedFunctions:
+    - ZwClose
+    - ZwOpenFile
+    - RtlInitUnicodeString
+    - ZwWriteFile
+    - DbgPrint
+    - ZwCreateFile
+    - vsprintf
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - ZwMapViewOfSection
+    - ZwUnmapViewOfSection
+    - __C_specific_handler
+    - IoFreeMdl
+    - MmUnlockPages
+    - ZwOpenSection
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeBugCheckEx
+    Imports:
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: e076dadf37dd43a6b36aeed957abee9e
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: IBM Polska Sp. z o.o.
+    RichPEHeaderHash:
+        MD5: 2913b9a2d064bbf06952ebcd7b6a75de
+        SHA1: 06e980c32915f83814a657f8e37a8320803a7b7e
+        SHA256: 3f8fc8e800b7c61556df8a46929b7e1f1456d58f242d1301f44851a7648c1d53
+    SHA1: 468e2e5505a3d924b14fedee4ddf240d09393776
+    SHA256: 29e0062a017a93b2f2f5207a608a96df4d554c5de976bd0276c2590a03bd3e94
+    Sections:
+        .text:
+            Entropy: 6.162845467346244
+            Virtual Size: '0x1a00'
+        .rdata:
+            Entropy: 4.3931373244808105
+            Virtual Size: '0x228'
+        .data:
+            Entropy: 0.5035334969292564
+            Virtual Size: '0x118'
+        .pdata:
+            Entropy: 3.456333815753792
+            Virtual Size: '0x9c'
+        INIT:
+            Entropy: 4.839932002422845
+            Virtual Size: '0x2ce'
+    Signature:
+    - IBM Polska Sp. z o.o.
+    - VeriSign Class 3 Code Signing 2009-2 CA
+    - VeriSign Class 3 Public Primary CA
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G3
+            ValidFrom: '2012-05-01 00:00:00'
+            ValidTo: '2012-12-31 23:59:59'
+            Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
+            Version: 3
+            TBS:
+                MD5: e6d820afb23af20a65cf0b03247ea05e
+                SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
+                SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
+                SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=PL, ST=malopolska, L=Krakow, O=IBM Polska Sp. z o.o., OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, CN=IBM Polska Sp. z
+                o.o.
+            ValidFrom: '2010-04-08 00:00:00'
+            ValidTo: '2013-04-09 23:59:59'
+            Signature: aec628787fc5115db93dba252e13cd029479d493c11fe73c7489505159c140ffe12c4626385c9dc75bb198692a08f1ddef7596666f654f6b2ac73884106f73c854ea38c3ea17af5d6b114884e174c4fb9061d48894066d6375662ddfdbb501cecbd1b6b92b9ac67a4b420aab9275658932fbcddfaa96590f5d40d29c807fda722681eb09fd16407fc1f2aea03470f36d1e134807d87dfc934789a500bf97b7fa816a56b96b269cf900d66809306d450556051df6ea7643848b2199d3a4927c34f1e385a31ead8aabb510a3dc1551c2ddabfede5f3210e774196660380a9d707d329c97e4317ddde27e111865367bab7c424e9a704f7f005d641cff9e3977bd38
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 45595f53cb4840a48f7415305213fba6
+            Version: 3
+            TBS:
+                MD5: 478f5b241a92e2c4a0b1580fbf6a1222
+                SHA1: 16c4e1d539fe3eff639929b0e688e97dea1fbd7c
+                SHA256: f9655471d8ad73cfa42a56521d31e6f0d7088207234f3aaa00638fe36fad109d
+                SHA384: 3f0f3cdcb3f9b03da2be316c4305836ffb88b0cb8e18001518cff506e0fa35b27b98f4330f7f91fef30d37de2d57cf24
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        Signer:
+        -   SerialNumber: 45595f53cb4840a48f7415305213fba6
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    Imphash: a5b3ea8c2012c517c472ad6befd37134
+    LoadsDespiteHVCI: 'TRUE'
+-   Authentihash:
+        MD5: 6df250bd96e46a522bd7536100737f13
+        SHA1: d917e8e8aee2cb3d01d1ba123098654cf370689f
+        SHA256: 5be61901f41d55e6fbd0994869015448f8eb0450ae38f67b75ddb594c3325aac
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2006-05-05 01:39:53'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: CITMDRV_AMD64.sys
+    ImportedFunctions:
+    - ZwClose
+    - ZwOpenFile
+    - RtlInitUnicodeString
+    - ZwWriteFile
+    - DbgPrint
+    - ZwCreateFile
+    - vsprintf
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - ZwMapViewOfSection
+    - ZwUnmapViewOfSection
+    - __C_specific_handler
+    - IoFreeMdl
+    - MmUnlockPages
+    - ZwOpenSection
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeBugCheckEx
+    Imports:
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: aa1ed3917928f04d97d8a217fe9b5cb1
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: IBM Polska Sp. z o.o.
+    RichPEHeaderHash:
+        MD5: 2913b9a2d064bbf06952ebcd7b6a75de
+        SHA1: 06e980c32915f83814a657f8e37a8320803a7b7e
+        SHA256: 3f8fc8e800b7c61556df8a46929b7e1f1456d58f242d1301f44851a7648c1d53
+    SHA1: 2e3de9bff43d7712707ef8a0b10f7e4ad8427fd8
+    SHA256: 45abdbcd4c0916b7d9faaf1cd08543a3a5178871074628e0126a6eda890d26e0
+    Sections:
+        .text:
+            Entropy: 6.162845467346244
+            Virtual Size: '0x1a00'
+        .rdata:
+            Entropy: 4.3931373244808105
+            Virtual Size: '0x228'
+        .data:
+            Entropy: 0.5035334969292564
+            Virtual Size: '0x118'
+        .pdata:
+            Entropy: 3.456333815753792
+            Virtual Size: '0x9c'
+        INIT:
+            Entropy: 4.839932002422845
+            Virtual Size: '0x2ce'
+    Signature:
+    - IBM Polska Sp. z o.o.
+    - VeriSign Class 3 Code Signing 2010 CA
+    - VeriSign
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=PL, ST=mazowieckie, L=Warsaw, O=IBM Polska Sp. z o.o., OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, CN=IBM Polska Sp. z
+                o.o.
+            ValidFrom: '2013-05-31 00:00:00'
+            ValidTo: '2016-06-29 23:59:59'
+            Signature: 42e8dc916f2dc408ca5166c8b7ced14e560f83871c13c6c64e315e05fe905f6d744191e2e1fa04e15896b09c9853c735ac78efecf1d9d6c4b81d449b71b041b37f66e879cdd3ccaee2fad716d01f842540235d15c8b607c010ae4abe541053cc38f0f16c25c4cc1064aea63f2db60ebb4a7fd0f4c468f658bfe57c541b1b9292c3e6490604e75ceb222dad4bd25c3cf81031d9eeb9599a7f150f3ea8417ae517a59488fc512bbda13ba30018b1692ebfea87957384abb8cb0ce20141a7d58299a15454184e79a36c7e492e5e98c145e6e2b6010fb70825c2557176ad96047e55ca2136536f9d2357f3bbd970eb696a6af7eedb5ffdbe4696b99412a5d09e568e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 63acb2cbe8cf97d66478469f5ce0d445
+            Version: 3
+            TBS:
+                MD5: d2f517a828f35cbbd527489cdc79ea5d
+                SHA1: c09bc2bc5ba1256a1a7928f16cb0a628ff50209b
+                SHA256: e20f8274f7861cfeac94335c1201e538a22ed769e10c4eef430bf8f50598ff85
+                SHA384: 6011cff1637bf8176fdda7d4f22656034e7cfa63676bb0414ad5e48f3a7e4a0eb013ba6f533c997a0eadc507c65d914f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 63acb2cbe8cf97d66478469f5ce0d445
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: a5b3ea8c2012c517c472ad6befd37134
+    LoadsDespiteHVCI: 'TRUE'
+-   Authentihash:
+        MD5: 6df250bd96e46a522bd7536100737f13
+        SHA1: d917e8e8aee2cb3d01d1ba123098654cf370689f
+        SHA256: 5be61901f41d55e6fbd0994869015448f8eb0450ae38f67b75ddb594c3325aac
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2006-05-05 01:39:53'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: CITMDRV_AMD64.sys
+    ImportedFunctions:
+    - ZwClose
+    - ZwOpenFile
+    - RtlInitUnicodeString
+    - ZwWriteFile
+    - DbgPrint
+    - ZwCreateFile
+    - vsprintf
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - ZwMapViewOfSection
+    - ZwUnmapViewOfSection
+    - __C_specific_handler
+    - IoFreeMdl
+    - MmUnlockPages
+    - ZwOpenSection
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeBugCheckEx
+    Imports:
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: dd39a86852b498b891672ffbcd071c03
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: IBM Polska Sp. z o.o.
+    RichPEHeaderHash:
+        MD5: 2913b9a2d064bbf06952ebcd7b6a75de
+        SHA1: 06e980c32915f83814a657f8e37a8320803a7b7e
+        SHA256: 3f8fc8e800b7c61556df8a46929b7e1f1456d58f242d1301f44851a7648c1d53
+    SHA1: c9cbfdd0be7b35751a017ec59ff7237ffdc4df1f
+    SHA256: 50db5480d0392a7dd6ab5df98389dc24d1ed1e9c98c9c35964b19dabcd6dc67f
+    Sections:
+        .text:
+            Entropy: 6.162845467346244
+            Virtual Size: '0x1a00'
+        .rdata:
+            Entropy: 4.3931373244808105
+            Virtual Size: '0x228'
+        .data:
+            Entropy: 0.5035334969292564
+            Virtual Size: '0x118'
+        .pdata:
+            Entropy: 3.456333815753792
+            Virtual Size: '0x9c'
+        INIT:
+            Entropy: 4.839932002422845
+            Virtual Size: '0x2ce'
+    Signature:
+    - IBM Polska Sp. z o.o.
+    - VeriSign Class 3 Code Signing 2010 CA
+    - VeriSign
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=PL, ST=mazowieckie, L=Warsaw, O=IBM Polska Sp. z o.o., OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, CN=IBM Polska Sp. z
+                o.o.
+            ValidFrom: '2013-05-31 00:00:00'
+            ValidTo: '2016-06-29 23:59:59'
+            Signature: 42e8dc916f2dc408ca5166c8b7ced14e560f83871c13c6c64e315e05fe905f6d744191e2e1fa04e15896b09c9853c735ac78efecf1d9d6c4b81d449b71b041b37f66e879cdd3ccaee2fad716d01f842540235d15c8b607c010ae4abe541053cc38f0f16c25c4cc1064aea63f2db60ebb4a7fd0f4c468f658bfe57c541b1b9292c3e6490604e75ceb222dad4bd25c3cf81031d9eeb9599a7f150f3ea8417ae517a59488fc512bbda13ba30018b1692ebfea87957384abb8cb0ce20141a7d58299a15454184e79a36c7e492e5e98c145e6e2b6010fb70825c2557176ad96047e55ca2136536f9d2357f3bbd970eb696a6af7eedb5ffdbe4696b99412a5d09e568e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 63acb2cbe8cf97d66478469f5ce0d445
+            Version: 3
+            TBS:
+                MD5: d2f517a828f35cbbd527489cdc79ea5d
+                SHA1: c09bc2bc5ba1256a1a7928f16cb0a628ff50209b
+                SHA256: e20f8274f7861cfeac94335c1201e538a22ed769e10c4eef430bf8f50598ff85
+                SHA384: 6011cff1637bf8176fdda7d4f22656034e7cfa63676bb0414ad5e48f3a7e4a0eb013ba6f533c997a0eadc507c65d914f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 63acb2cbe8cf97d66478469f5ce0d445
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: a5b3ea8c2012c517c472ad6befd37134
+    LoadsDespiteHVCI: 'TRUE'
+-   Authentihash:
+        MD5: 6df250bd96e46a522bd7536100737f13
+        SHA1: d917e8e8aee2cb3d01d1ba123098654cf370689f
+        SHA256: 5be61901f41d55e6fbd0994869015448f8eb0450ae38f67b75ddb594c3325aac
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2006-05-05 01:39:53'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: CITMDRV_AMD64.sys
+    ImportedFunctions:
+    - ZwClose
+    - ZwOpenFile
+    - RtlInitUnicodeString
+    - ZwWriteFile
+    - DbgPrint
+    - ZwCreateFile
+    - vsprintf
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - ZwMapViewOfSection
+    - ZwUnmapViewOfSection
+    - __C_specific_handler
+    - IoFreeMdl
+    - MmUnlockPages
+    - ZwOpenSection
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeBugCheckEx
+    Imports:
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: 708ac9f7b12b6ca4553fd8d0c7299296
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: IBM Polska Sp. z o.o.
+    RichPEHeaderHash:
+        MD5: 2913b9a2d064bbf06952ebcd7b6a75de
+        SHA1: 06e980c32915f83814a657f8e37a8320803a7b7e
+        SHA256: 3f8fc8e800b7c61556df8a46929b7e1f1456d58f242d1301f44851a7648c1d53
+    SHA1: 078ae07dec258db4376d5a2a05b9b508d68c0123
+    SHA256: 607dc4c75ac7aef82ae0616a453866b3b358c6cf5c8f9d29e4d37f844306b97c
+    Sections:
+        .text:
+            Entropy: 6.162845467346244
+            Virtual Size: '0x1a00'
+        .rdata:
+            Entropy: 4.3931373244808105
+            Virtual Size: '0x228'
+        .data:
+            Entropy: 0.5035334969292564
+            Virtual Size: '0x118'
+        .pdata:
+            Entropy: 3.456333815753792
+            Virtual Size: '0x9c'
+        INIT:
+            Entropy: 4.839932002422845
+            Virtual Size: '0x2ce'
+    Signature:
+    - IBM Polska Sp. z o.o.
+    - VeriSign Class 3 Code Signing 2010 CA
+    - VeriSign
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=PL, ST=mazowieckie, L=Warsaw, O=IBM Polska Sp. z o.o., OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, CN=IBM Polska Sp. z
+                o.o.
+            ValidFrom: '2013-05-31 00:00:00'
+            ValidTo: '2016-06-29 23:59:59'
+            Signature: 42e8dc916f2dc408ca5166c8b7ced14e560f83871c13c6c64e315e05fe905f6d744191e2e1fa04e15896b09c9853c735ac78efecf1d9d6c4b81d449b71b041b37f66e879cdd3ccaee2fad716d01f842540235d15c8b607c010ae4abe541053cc38f0f16c25c4cc1064aea63f2db60ebb4a7fd0f4c468f658bfe57c541b1b9292c3e6490604e75ceb222dad4bd25c3cf81031d9eeb9599a7f150f3ea8417ae517a59488fc512bbda13ba30018b1692ebfea87957384abb8cb0ce20141a7d58299a15454184e79a36c7e492e5e98c145e6e2b6010fb70825c2557176ad96047e55ca2136536f9d2357f3bbd970eb696a6af7eedb5ffdbe4696b99412a5d09e568e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 63acb2cbe8cf97d66478469f5ce0d445
+            Version: 3
+            TBS:
+                MD5: d2f517a828f35cbbd527489cdc79ea5d
+                SHA1: c09bc2bc5ba1256a1a7928f16cb0a628ff50209b
+                SHA256: e20f8274f7861cfeac94335c1201e538a22ed769e10c4eef430bf8f50598ff85
+                SHA384: 6011cff1637bf8176fdda7d4f22656034e7cfa63676bb0414ad5e48f3a7e4a0eb013ba6f533c997a0eadc507c65d914f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 63acb2cbe8cf97d66478469f5ce0d445
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: a5b3ea8c2012c517c472ad6befd37134
+    LoadsDespiteHVCI: 'TRUE'
+-   Authentihash:
+        MD5: 6df250bd96e46a522bd7536100737f13
+        SHA1: d917e8e8aee2cb3d01d1ba123098654cf370689f
+        SHA256: 5be61901f41d55e6fbd0994869015448f8eb0450ae38f67b75ddb594c3325aac
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2006-05-05 01:39:53'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: CITMDRV_AMD64.sys
+    ImportedFunctions:
+    - ZwClose
+    - ZwOpenFile
+    - RtlInitUnicodeString
+    - ZwWriteFile
+    - DbgPrint
+    - ZwCreateFile
+    - vsprintf
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - ZwMapViewOfSection
+    - ZwUnmapViewOfSection
+    - __C_specific_handler
+    - IoFreeMdl
+    - MmUnlockPages
+    - ZwOpenSection
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeBugCheckEx
+    Imports:
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: 7a16fca3d56c6038c692ec75b2bfee15
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: IBM Polska Sp. z o.o.
+    RichPEHeaderHash:
+        MD5: 2913b9a2d064bbf06952ebcd7b6a75de
+        SHA1: 06e980c32915f83814a657f8e37a8320803a7b7e
+        SHA256: 3f8fc8e800b7c61556df8a46929b7e1f1456d58f242d1301f44851a7648c1d53
+    SHA1: 623cd2abef6c92255f79cbbd3309cb59176771da
+    SHA256: 61d6e40601fa368800980801a662a5b3b36e3c23296e8ae1c85726a56ef18cc8
+    Sections:
+        .text:
+            Entropy: 6.162845467346244
+            Virtual Size: '0x1a00'
+        .rdata:
+            Entropy: 4.3931373244808105
+            Virtual Size: '0x228'
+        .data:
+            Entropy: 0.5035334969292564
+            Virtual Size: '0x118'
+        .pdata:
+            Entropy: 3.456333815753792
+            Virtual Size: '0x9c'
+        INIT:
+            Entropy: 4.839932002422845
+            Virtual Size: '0x2ce'
+    Signature:
+    - IBM Polska Sp. z o.o.
+    - VeriSign Class 3 Code Signing 2010 CA
+    - VeriSign
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=PL, ST=mazowieckie, L=Warsaw, O=IBM Polska Sp. z o.o., OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, CN=IBM Polska Sp. z
+                o.o.
+            ValidFrom: '2013-05-31 00:00:00'
+            ValidTo: '2016-06-29 23:59:59'
+            Signature: 42e8dc916f2dc408ca5166c8b7ced14e560f83871c13c6c64e315e05fe905f6d744191e2e1fa04e15896b09c9853c735ac78efecf1d9d6c4b81d449b71b041b37f66e879cdd3ccaee2fad716d01f842540235d15c8b607c010ae4abe541053cc38f0f16c25c4cc1064aea63f2db60ebb4a7fd0f4c468f658bfe57c541b1b9292c3e6490604e75ceb222dad4bd25c3cf81031d9eeb9599a7f150f3ea8417ae517a59488fc512bbda13ba30018b1692ebfea87957384abb8cb0ce20141a7d58299a15454184e79a36c7e492e5e98c145e6e2b6010fb70825c2557176ad96047e55ca2136536f9d2357f3bbd970eb696a6af7eedb5ffdbe4696b99412a5d09e568e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 63acb2cbe8cf97d66478469f5ce0d445
+            Version: 3
+            TBS:
+                MD5: d2f517a828f35cbbd527489cdc79ea5d
+                SHA1: c09bc2bc5ba1256a1a7928f16cb0a628ff50209b
+                SHA256: e20f8274f7861cfeac94335c1201e538a22ed769e10c4eef430bf8f50598ff85
+                SHA384: 6011cff1637bf8176fdda7d4f22656034e7cfa63676bb0414ad5e48f3a7e4a0eb013ba6f533c997a0eadc507c65d914f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 63acb2cbe8cf97d66478469f5ce0d445
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: a5b3ea8c2012c517c472ad6befd37134
+    LoadsDespiteHVCI: 'TRUE'
+-   Authentihash:
+        MD5: 6df250bd96e46a522bd7536100737f13
+        SHA1: d917e8e8aee2cb3d01d1ba123098654cf370689f
+        SHA256: 5be61901f41d55e6fbd0994869015448f8eb0450ae38f67b75ddb594c3325aac
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2006-05-05 01:39:53'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: CITMDRV_AMD64.sys
+    ImportedFunctions:
+    - ZwClose
+    - ZwOpenFile
+    - RtlInitUnicodeString
+    - ZwWriteFile
+    - DbgPrint
+    - ZwCreateFile
+    - vsprintf
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - ZwMapViewOfSection
+    - ZwUnmapViewOfSection
+    - __C_specific_handler
+    - IoFreeMdl
+    - MmUnlockPages
+    - ZwOpenSection
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeBugCheckEx
+    Imports:
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: 5970e8de1b337ca665114511b9d10806
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: IBM Polska Sp. z o.o.
+    RichPEHeaderHash:
+        MD5: 2913b9a2d064bbf06952ebcd7b6a75de
+        SHA1: 06e980c32915f83814a657f8e37a8320803a7b7e
+        SHA256: 3f8fc8e800b7c61556df8a46929b7e1f1456d58f242d1301f44851a7648c1d53
+    SHA1: 1f3a9265963b660392c4053329eb9436deeed339
+    SHA256: 74a846c61adc53692d3040aff4c1916f32987ad72b07fe226e9e7dbeff1036c4
+    Sections:
+        .text:
+            Entropy: 6.162845467346244
+            Virtual Size: '0x1a00'
+        .rdata:
+            Entropy: 4.3931373244808105
+            Virtual Size: '0x228'
+        .data:
+            Entropy: 0.5035334969292564
+            Virtual Size: '0x118'
+        .pdata:
+            Entropy: 3.456333815753792
+            Virtual Size: '0x9c'
+        INIT:
+            Entropy: 4.839932002422845
+            Virtual Size: '0x2ce'
+    Signature:
+    - IBM Polska Sp. z o.o.
+    - VeriSign Class 3 Code Signing 2009-2 CA
+    - VeriSign Class 3 Public Primary CA
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G3
+            ValidFrom: '2012-05-01 00:00:00'
+            ValidTo: '2012-12-31 23:59:59'
+            Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
+            Version: 3
+            TBS:
+                MD5: e6d820afb23af20a65cf0b03247ea05e
+                SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
+                SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
+                SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=PL, ST=malopolska, L=Krakow, O=IBM Polska Sp. z o.o., OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, CN=IBM Polska Sp. z
+                o.o.
+            ValidFrom: '2010-04-08 00:00:00'
+            ValidTo: '2013-04-09 23:59:59'
+            Signature: aec628787fc5115db93dba252e13cd029479d493c11fe73c7489505159c140ffe12c4626385c9dc75bb198692a08f1ddef7596666f654f6b2ac73884106f73c854ea38c3ea17af5d6b114884e174c4fb9061d48894066d6375662ddfdbb501cecbd1b6b92b9ac67a4b420aab9275658932fbcddfaa96590f5d40d29c807fda722681eb09fd16407fc1f2aea03470f36d1e134807d87dfc934789a500bf97b7fa816a56b96b269cf900d66809306d450556051df6ea7643848b2199d3a4927c34f1e385a31ead8aabb510a3dc1551c2ddabfede5f3210e774196660380a9d707d329c97e4317ddde27e111865367bab7c424e9a704f7f005d641cff9e3977bd38
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 45595f53cb4840a48f7415305213fba6
+            Version: 3
+            TBS:
+                MD5: 478f5b241a92e2c4a0b1580fbf6a1222
+                SHA1: 16c4e1d539fe3eff639929b0e688e97dea1fbd7c
+                SHA256: f9655471d8ad73cfa42a56521d31e6f0d7088207234f3aaa00638fe36fad109d
+                SHA384: 3f0f3cdcb3f9b03da2be316c4305836ffb88b0cb8e18001518cff506e0fa35b27b98f4330f7f91fef30d37de2d57cf24
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        Signer:
+        -   SerialNumber: 45595f53cb4840a48f7415305213fba6
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    Imphash: a5b3ea8c2012c517c472ad6befd37134
+    LoadsDespiteHVCI: 'TRUE'
+-   Authentihash:
+        MD5: 6df250bd96e46a522bd7536100737f13
+        SHA1: d917e8e8aee2cb3d01d1ba123098654cf370689f
+        SHA256: 5be61901f41d55e6fbd0994869015448f8eb0450ae38f67b75ddb594c3325aac
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2006-05-05 01:39:53'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: CITMDRV_AMD64.sys
+    ImportedFunctions:
+    - ZwClose
+    - ZwOpenFile
+    - RtlInitUnicodeString
+    - ZwWriteFile
+    - DbgPrint
+    - ZwCreateFile
+    - vsprintf
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - ZwMapViewOfSection
+    - ZwUnmapViewOfSection
+    - __C_specific_handler
+    - IoFreeMdl
+    - MmUnlockPages
+    - ZwOpenSection
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeBugCheckEx
+    Imports:
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: 2509a71a02296aa65a3428ddfac22180
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: IBM Polska Sp. z o.o.
+    RichPEHeaderHash:
+        MD5: 2913b9a2d064bbf06952ebcd7b6a75de
+        SHA1: 06e980c32915f83814a657f8e37a8320803a7b7e
+        SHA256: 3f8fc8e800b7c61556df8a46929b7e1f1456d58f242d1301f44851a7648c1d53
+    SHA1: 4a235f0b84ff615e2879fa9e0ec0d745fcfdaa5c
+    SHA256: 76fb4deaee57ef30e56c382c92abffe2cf616d08dbecb3368c8ee6b02e59f303
+    Sections:
+        .text:
+            Entropy: 6.162845467346244
+            Virtual Size: '0x1a00'
+        .rdata:
+            Entropy: 4.3931373244808105
+            Virtual Size: '0x228'
+        .data:
+            Entropy: 0.5035334969292564
+            Virtual Size: '0x118'
+        .pdata:
+            Entropy: 3.456333815753792
+            Virtual Size: '0x9c'
+        INIT:
+            Entropy: 4.839932002422845
+            Virtual Size: '0x2ce'
+    Signature:
+    - IBM Polska Sp. z o.o.
+    - VeriSign Class 3 Code Signing 2010 CA
+    - VeriSign
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=PL, ST=mazowieckie, L=Warsaw, O=IBM Polska Sp. z o.o., OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, CN=IBM Polska Sp. z
+                o.o.
+            ValidFrom: '2013-05-31 00:00:00'
+            ValidTo: '2016-06-29 23:59:59'
+            Signature: 42e8dc916f2dc408ca5166c8b7ced14e560f83871c13c6c64e315e05fe905f6d744191e2e1fa04e15896b09c9853c735ac78efecf1d9d6c4b81d449b71b041b37f66e879cdd3ccaee2fad716d01f842540235d15c8b607c010ae4abe541053cc38f0f16c25c4cc1064aea63f2db60ebb4a7fd0f4c468f658bfe57c541b1b9292c3e6490604e75ceb222dad4bd25c3cf81031d9eeb9599a7f150f3ea8417ae517a59488fc512bbda13ba30018b1692ebfea87957384abb8cb0ce20141a7d58299a15454184e79a36c7e492e5e98c145e6e2b6010fb70825c2557176ad96047e55ca2136536f9d2357f3bbd970eb696a6af7eedb5ffdbe4696b99412a5d09e568e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 63acb2cbe8cf97d66478469f5ce0d445
+            Version: 3
+            TBS:
+                MD5: d2f517a828f35cbbd527489cdc79ea5d
+                SHA1: c09bc2bc5ba1256a1a7928f16cb0a628ff50209b
+                SHA256: e20f8274f7861cfeac94335c1201e538a22ed769e10c4eef430bf8f50598ff85
+                SHA384: 6011cff1637bf8176fdda7d4f22656034e7cfa63676bb0414ad5e48f3a7e4a0eb013ba6f533c997a0eadc507c65d914f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 63acb2cbe8cf97d66478469f5ce0d445
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: a5b3ea8c2012c517c472ad6befd37134
+    LoadsDespiteHVCI: 'TRUE'
+-   Authentihash:
+        MD5: 6df250bd96e46a522bd7536100737f13
+        SHA1: d917e8e8aee2cb3d01d1ba123098654cf370689f
+        SHA256: 5be61901f41d55e6fbd0994869015448f8eb0450ae38f67b75ddb594c3325aac
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2006-05-05 01:39:53'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: CITMDRV_AMD64.sys
+    ImportedFunctions:
+    - ZwClose
+    - ZwOpenFile
+    - RtlInitUnicodeString
+    - ZwWriteFile
+    - DbgPrint
+    - ZwCreateFile
+    - vsprintf
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - ZwMapViewOfSection
+    - ZwUnmapViewOfSection
+    - __C_specific_handler
+    - IoFreeMdl
+    - MmUnlockPages
+    - ZwOpenSection
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeBugCheckEx
+    Imports:
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: 296bde4d0ed32c6069eb90c502187d0d
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: IBM Polska Sp. z o.o.
+    RichPEHeaderHash:
+        MD5: 2913b9a2d064bbf06952ebcd7b6a75de
+        SHA1: 06e980c32915f83814a657f8e37a8320803a7b7e
+        SHA256: 3f8fc8e800b7c61556df8a46929b7e1f1456d58f242d1301f44851a7648c1d53
+    SHA1: ace6b9e34e3e2e73fe584f3bbdb4e4ec106e0a7d
+    SHA256: 81939e5c12bd627ff268e9887d6fb57e95e6049f28921f3437898757e7f21469
+    Sections:
+        .text:
+            Entropy: 6.162845467346244
+            Virtual Size: '0x1a00'
+        .rdata:
+            Entropy: 4.3931373244808105
+            Virtual Size: '0x228'
+        .data:
+            Entropy: 0.5035334969292564
+            Virtual Size: '0x118'
+        .pdata:
+            Entropy: 3.456333815753792
+            Virtual Size: '0x9c'
+        INIT:
+            Entropy: 4.839932002422845
+            Virtual Size: '0x2ce'
+    Signature:
+    - IBM Polska Sp. z o.o.
+    - VeriSign Class 3 Code Signing 2010 CA
+    - VeriSign
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=PL, ST=mazowieckie, L=Warsaw, O=IBM Polska Sp. z o.o., OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, CN=IBM Polska Sp. z
+                o.o.
+            ValidFrom: '2013-05-31 00:00:00'
+            ValidTo: '2016-06-29 23:59:59'
+            Signature: 42e8dc916f2dc408ca5166c8b7ced14e560f83871c13c6c64e315e05fe905f6d744191e2e1fa04e15896b09c9853c735ac78efecf1d9d6c4b81d449b71b041b37f66e879cdd3ccaee2fad716d01f842540235d15c8b607c010ae4abe541053cc38f0f16c25c4cc1064aea63f2db60ebb4a7fd0f4c468f658bfe57c541b1b9292c3e6490604e75ceb222dad4bd25c3cf81031d9eeb9599a7f150f3ea8417ae517a59488fc512bbda13ba30018b1692ebfea87957384abb8cb0ce20141a7d58299a15454184e79a36c7e492e5e98c145e6e2b6010fb70825c2557176ad96047e55ca2136536f9d2357f3bbd970eb696a6af7eedb5ffdbe4696b99412a5d09e568e
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 63acb2cbe8cf97d66478469f5ce0d445
+            Version: 3
+            TBS:
+                MD5: d2f517a828f35cbbd527489cdc79ea5d
+                SHA1: c09bc2bc5ba1256a1a7928f16cb0a628ff50209b
+                SHA256: e20f8274f7861cfeac94335c1201e538a22ed769e10c4eef430bf8f50598ff85
+                SHA384: 6011cff1637bf8176fdda7d4f22656034e7cfa63676bb0414ad5e48f3a7e4a0eb013ba6f533c997a0eadc507c65d914f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 63acb2cbe8cf97d66478469f5ce0d445
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: a5b3ea8c2012c517c472ad6befd37134
+    LoadsDespiteHVCI: 'TRUE'
+-   Authentihash:
+        MD5: 6df250bd96e46a522bd7536100737f13
+        SHA1: d917e8e8aee2cb3d01d1ba123098654cf370689f
+        SHA256: 5be61901f41d55e6fbd0994869015448f8eb0450ae38f67b75ddb594c3325aac
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2006-05-05 01:39:53'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: CITMDRV_AMD64.sys
+    ImportedFunctions:
+    - ZwClose
+    - ZwOpenFile
+    - RtlInitUnicodeString
+    - ZwWriteFile
+    - DbgPrint
+    - ZwCreateFile
+    - vsprintf
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - ZwMapViewOfSection
+    - ZwUnmapViewOfSection
+    - __C_specific_handler
+    - IoFreeMdl
+    - MmUnlockPages
+    - ZwOpenSection
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeBugCheckEx
+    Imports:
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: d1bac75205c389d6d5d6418f0457c29b
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: IBM Polska Sp. z o.o.
+    RichPEHeaderHash:
+        MD5: 2913b9a2d064bbf06952ebcd7b6a75de
+        SHA1: 06e980c32915f83814a657f8e37a8320803a7b7e
+        SHA256: 3f8fc8e800b7c61556df8a46929b7e1f1456d58f242d1301f44851a7648c1d53
+    SHA1: 4268f30b79ce125a81d0d588bef0d4e2ad409bbb
+    SHA256: 9790a7b9d624b2b18768bb655dda4a05a9929633cef0b1521e79e40d7de0a05b
+    Sections:
+        .text:
+            Entropy: 6.162845467346244
+            Virtual Size: '0x1a00'
+        .rdata:
+            Entropy: 4.3931373244808105
+            Virtual Size: '0x228'
+        .data:
+            Entropy: 0.5035334969292564
+            Virtual Size: '0x118'
+        .pdata:
+            Entropy: 3.456333815753792
+            Virtual Size: '0x9c'
+        INIT:
+            Entropy: 4.839932002422845
+            Virtual Size: '0x2ce'
+    Signature:
+    - IBM Polska Sp. z o.o.
+    - VeriSign Class 3 Code Signing 2009-2 CA
+    - VeriSign Class 3 Public Primary CA
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=PL, ST=malopolska, L=Krakow, O=IBM Polska Sp. z o.o., OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, CN=IBM Polska Sp. z
+                o.o.
+            ValidFrom: '2010-04-08 00:00:00'
+            ValidTo: '2013-04-09 23:59:59'
+            Signature: aec628787fc5115db93dba252e13cd029479d493c11fe73c7489505159c140ffe12c4626385c9dc75bb198692a08f1ddef7596666f654f6b2ac73884106f73c854ea38c3ea17af5d6b114884e174c4fb9061d48894066d6375662ddfdbb501cecbd1b6b92b9ac67a4b420aab9275658932fbcddfaa96590f5d40d29c807fda722681eb09fd16407fc1f2aea03470f36d1e134807d87dfc934789a500bf97b7fa816a56b96b269cf900d66809306d450556051df6ea7643848b2199d3a4927c34f1e385a31ead8aabb510a3dc1551c2ddabfede5f3210e774196660380a9d707d329c97e4317ddde27e111865367bab7c424e9a704f7f005d641cff9e3977bd38
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 45595f53cb4840a48f7415305213fba6
+            Version: 3
+            TBS:
+                MD5: 478f5b241a92e2c4a0b1580fbf6a1222
+                SHA1: 16c4e1d539fe3eff639929b0e688e97dea1fbd7c
+                SHA256: f9655471d8ad73cfa42a56521d31e6f0d7088207234f3aaa00638fe36fad109d
+                SHA384: 3f0f3cdcb3f9b03da2be316c4305836ffb88b0cb8e18001518cff506e0fa35b27b98f4330f7f91fef30d37de2d57cf24
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        Signer:
+        -   SerialNumber: 45595f53cb4840a48f7415305213fba6
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    Imphash: a5b3ea8c2012c517c472ad6befd37134
+    LoadsDespiteHVCI: 'TRUE'
+-   Authentihash:
+        MD5: 6df250bd96e46a522bd7536100737f13
+        SHA1: d917e8e8aee2cb3d01d1ba123098654cf370689f
+        SHA256: 5be61901f41d55e6fbd0994869015448f8eb0450ae38f67b75ddb594c3325aac
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2006-05-05 01:39:53'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: CITMDRV_AMD64.sys
+    ImportedFunctions:
+    - ZwClose
+    - ZwOpenFile
+    - RtlInitUnicodeString
+    - ZwWriteFile
+    - DbgPrint
+    - ZwCreateFile
+    - vsprintf
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - ZwMapViewOfSection
+    - ZwUnmapViewOfSection
+    - __C_specific_handler
+    - IoFreeMdl
+    - MmUnlockPages
+    - ZwOpenSection
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeBugCheckEx
+    Imports:
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: b2a9ac0600b12ec9819e049d7a6a0b75
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: IBM Polska Sp. z o.o.
+    RichPEHeaderHash:
+        MD5: 2913b9a2d064bbf06952ebcd7b6a75de
+        SHA1: 06e980c32915f83814a657f8e37a8320803a7b7e
+        SHA256: 3f8fc8e800b7c61556df8a46929b7e1f1456d58f242d1301f44851a7648c1d53
+    SHA1: c834c4931b074665d56ccab437dfcc326649d612
+    SHA256: 9a1d66036b0868bbb1b2823209fedea61a301d5dd245f8e7d390bd31e52d663e
+    Sections:
+        .text:
+            Entropy: 6.162845467346244
+            Virtual Size: '0x1a00'
+        .rdata:
+            Entropy: 4.3931373244808105
+            Virtual Size: '0x228'
+        .data:
+            Entropy: 0.5035334969292564
+            Virtual Size: '0x118'
+        .pdata:
+            Entropy: 3.456333815753792
+            Virtual Size: '0x9c'
+        INIT:
+            Entropy: 4.839932002422845
+            Virtual Size: '0x2ce'
+    Signature:
+    - IBM Polska Sp. z o.o.
+    - Symantec Class 3 SHA256 Code Signing CA
+    - VeriSign
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=PL, ST=mazowieckie, L=Warsaw, O=IBM Polska Sp. z o.o., CN=IBM
+                Polska Sp. z o.o.
+            ValidFrom: '2016-05-30 00:00:00'
+            ValidTo: '2019-07-29 23:59:59'
+            Signature: 37c4cb65c2d5579c51543d15af31471b5b497715b8018ab41d79e8c5fd07393f3ae94bc05fe9c7c309f7ac8cc213535a8fa8ea90100c57e455b50ddc95ee310d73c0577dd2e02e8f488ac3402f0a04f6bd5f40892e98c1c7a0f2763666416c56578c5124f057a762ac7e12ec79b0513db914a194e0180e7c60ebcfe6669802fa959e117dbe681d72789baa05343c622da0bb17eb05b8c6f0740d7053dbee3f12d569d4186d2dcc65a802e5ff99f6e9737f3b025eb44df12036e51b3d078fb5c29f36134134aa0ac6d34dc45d973b92fb05740c50975194828977dbe9c7218c092a4a96ec45d08610914926d92eb2fc2f0e7e4965dda5f82b7c9bbd731256acbf
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 74c58808c139aecc23260eb2ba16f2fd
+            Version: 3
+            TBS:
+                MD5: e7b67b21239296b841387cb545428012
+                SHA1: 16490d98ea08654a99e355b9b87be04fc66b62df
+                SHA256: 3dfd1ebc716c318dd93c0532018c67ca0e98bdb16dfbbd266dabf6f47dcb8870
+                SHA384: e70fb3a325bd9a1d3b52f5a7d8648a21c9a27ce88da95b324448220897832618a427b2b7d7f99cd4192645f1c1dac2a7
+        -   Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 SHA256 Code Signing CA
+            ValidFrom: '2013-12-10 00:00:00'
+            ValidTo: '2023-12-09 23:59:59'
+            Signature: 13851a1e69a937f7a0bda4af7e1d6153fe9d8c5e0ca6751e781723ddfdec1a035539fb7195c7655aa78e30d2445a61db706fda2105c22e73ba49f1d193fe5dc9cd5e03e0899e3f741ed7f7388ba9d6cfbb352f3358a89256d1c84d3b82e6798416fc28b0b147f31da23eee87d9a67fa456a53fad842e29de7cbca8aaa33d0401eaba93a20e502229174c87e43a115fd6a425899b056b2fb4c9014c277b0bac190522a060153fdac9fb4d4c8ffb726777fd2794c7ba350e8849fe8dfd28af4a12bd0db39705de440c15fa362b03dcc15001f1a1115d14e5e2bd274b54be2b845e0fa6c374050aef97c38922b11f77f3bdcd43d4f14ca93fb58b84af64f2d01421
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 3d78d7f9764960b2617df4f01eca862a
+            Version: 3
+            TBS:
+                MD5: 1f056ff7d5f874984dc605402b7cb042
+                SHA1: bdb348353a2203deb4b767914fa1bd7248dd728b
+                SHA256: a08e79c386083d875014c409c13d144e0a24386132980df11ff59737c8489eb1
+                SHA384: fa2729064b49e0d77540c1ee95d5f74acaf8eaf55197851a3a40383335f8113e51190bc48b552196edf8ac5cf0c89278
+        Signer:
+        -   SerialNumber: 74c58808c139aecc23260eb2ba16f2fd
+            Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 SHA256 Code Signing CA
+            Version: 1
+    Imphash: a5b3ea8c2012c517c472ad6befd37134
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 6df250bd96e46a522bd7536100737f13
+        SHA1: d917e8e8aee2cb3d01d1ba123098654cf370689f
+        SHA256: 5be61901f41d55e6fbd0994869015448f8eb0450ae38f67b75ddb594c3325aac
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2006-05-05 01:39:53'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: CITMDRV_AMD64.sys
+    ImportedFunctions:
+    - ZwClose
+    - ZwOpenFile
+    - RtlInitUnicodeString
+    - ZwWriteFile
+    - DbgPrint
+    - ZwCreateFile
+    - vsprintf
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - ZwMapViewOfSection
+    - ZwUnmapViewOfSection
+    - __C_specific_handler
+    - IoFreeMdl
+    - MmUnlockPages
+    - ZwOpenSection
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeBugCheckEx
+    Imports:
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: 79f7e6f98a5d3ab6601622be4471027f
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: IBM Polska Sp. z o.o.
+    RichPEHeaderHash:
+        MD5: 2913b9a2d064bbf06952ebcd7b6a75de
+        SHA1: 06e980c32915f83814a657f8e37a8320803a7b7e
+        SHA256: 3f8fc8e800b7c61556df8a46929b7e1f1456d58f242d1301f44851a7648c1d53
+    SHA1: 8f5cd4a56e6e15935491aa40adb1ecad61eafe7c
+    SHA256: aa9ab1195dc866270e984f1bed5e1358d6ef24c515dfdb6c2a92d1e1b94bf608
+    Sections:
+        .text:
+            Entropy: 6.162845467346244
+            Virtual Size: '0x1a00'
+        .rdata:
+            Entropy: 4.3931373244808105
+            Virtual Size: '0x228'
+        .data:
+            Entropy: 0.5035334969292564
+            Virtual Size: '0x118'
+        .pdata:
+            Entropy: 3.456333815753792
+            Virtual Size: '0x9c'
+        INIT:
+            Entropy: 4.839932002422845
+            Virtual Size: '0x2ce'
+    Signature:
+    - IBM Polska Sp. z o.o.
+    - VeriSign Class 3 Code Signing 2009-2 CA
+    - VeriSign Class 3 Public Primary Certification Authority (PCA3 G1 SHA1)
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G3
+            ValidFrom: '2012-05-01 00:00:00'
+            ValidTo: '2012-12-31 23:59:59'
+            Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
+            Version: 3
+            TBS:
+                MD5: e6d820afb23af20a65cf0b03247ea05e
+                SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
+                SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
+                SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=PL, ST=malopolska, L=Krakow, O=IBM Polska Sp. z o.o., OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, CN=IBM Polska Sp. z
+                o.o.
+            ValidFrom: '2010-04-08 00:00:00'
+            ValidTo: '2013-04-09 23:59:59'
+            Signature: aec628787fc5115db93dba252e13cd029479d493c11fe73c7489505159c140ffe12c4626385c9dc75bb198692a08f1ddef7596666f654f6b2ac73884106f73c854ea38c3ea17af5d6b114884e174c4fb9061d48894066d6375662ddfdbb501cecbd1b6b92b9ac67a4b420aab9275658932fbcddfaa96590f5d40d29c807fda722681eb09fd16407fc1f2aea03470f36d1e134807d87dfc934789a500bf97b7fa816a56b96b269cf900d66809306d450556051df6ea7643848b2199d3a4927c34f1e385a31ead8aabb510a3dc1551c2ddabfede5f3210e774196660380a9d707d329c97e4317ddde27e111865367bab7c424e9a704f7f005d641cff9e3977bd38
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 45595f53cb4840a48f7415305213fba6
+            Version: 3
+            TBS:
+                MD5: 478f5b241a92e2c4a0b1580fbf6a1222
+                SHA1: 16c4e1d539fe3eff639929b0e688e97dea1fbd7c
+                SHA256: f9655471d8ad73cfa42a56521d31e6f0d7088207234f3aaa00638fe36fad109d
+                SHA384: 3f0f3cdcb3f9b03da2be316c4305836ffb88b0cb8e18001518cff506e0fa35b27b98f4330f7f91fef30d37de2d57cf24
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        Signer:
+        -   SerialNumber: 45595f53cb4840a48f7415305213fba6
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    Imphash: a5b3ea8c2012c517c472ad6befd37134
+    LoadsDespiteHVCI: 'TRUE'
+-   Authentihash:
+        MD5: 6df250bd96e46a522bd7536100737f13
+        SHA1: d917e8e8aee2cb3d01d1ba123098654cf370689f
+        SHA256: 5be61901f41d55e6fbd0994869015448f8eb0450ae38f67b75ddb594c3325aac
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2006-05-05 01:39:53'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: CITMDRV_AMD64.sys
+    ImportedFunctions:
+    - ZwClose
+    - ZwOpenFile
+    - RtlInitUnicodeString
+    - ZwWriteFile
+    - DbgPrint
+    - ZwCreateFile
+    - vsprintf
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - ZwMapViewOfSection
+    - ZwUnmapViewOfSection
+    - __C_specific_handler
+    - IoFreeMdl
+    - MmUnlockPages
+    - ZwOpenSection
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeBugCheckEx
+    Imports:
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: 2d465b4487dc81effaa84f122b71c24f
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: IBM Polska Sp. z o.o.
+    RichPEHeaderHash:
+        MD5: 2913b9a2d064bbf06952ebcd7b6a75de
+        SHA1: 06e980c32915f83814a657f8e37a8320803a7b7e
+        SHA256: 3f8fc8e800b7c61556df8a46929b7e1f1456d58f242d1301f44851a7648c1d53
+    SHA1: 51b60eaa228458dee605430aae1bc26f3fc62325
+    SHA256: af095de15a16255ca1b2c27dad365dff9ac32d2a75e8e288f5a1307680781685
+    Sections:
+        .text:
+            Entropy: 6.162845467346244
+            Virtual Size: '0x1a00'
+        .rdata:
+            Entropy: 4.3931373244808105
+            Virtual Size: '0x228'
+        .data:
+            Entropy: 0.5035334969292564
+            Virtual Size: '0x118'
+        .pdata:
+            Entropy: 3.456333815753792
+            Virtual Size: '0x9c'
+        INIT:
+            Entropy: 4.839932002422845
+            Virtual Size: '0x2ce'
+    Signature:
+    - IBM Polska Sp. z o.o.
+    - VeriSign Class 3 Code Signing 2009-2 CA
+    - VeriSign Class 3 Public Primary CA
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G3
+            ValidFrom: '2012-05-01 00:00:00'
+            ValidTo: '2012-12-31 23:59:59'
+            Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
+            Version: 3
+            TBS:
+                MD5: e6d820afb23af20a65cf0b03247ea05e
+                SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
+                SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
+                SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=PL, ST=malopolska, L=Krakow, O=IBM Polska Sp. z o.o., OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, CN=IBM Polska Sp. z
+                o.o.
+            ValidFrom: '2010-04-08 00:00:00'
+            ValidTo: '2013-04-09 23:59:59'
+            Signature: aec628787fc5115db93dba252e13cd029479d493c11fe73c7489505159c140ffe12c4626385c9dc75bb198692a08f1ddef7596666f654f6b2ac73884106f73c854ea38c3ea17af5d6b114884e174c4fb9061d48894066d6375662ddfdbb501cecbd1b6b92b9ac67a4b420aab9275658932fbcddfaa96590f5d40d29c807fda722681eb09fd16407fc1f2aea03470f36d1e134807d87dfc934789a500bf97b7fa816a56b96b269cf900d66809306d450556051df6ea7643848b2199d3a4927c34f1e385a31ead8aabb510a3dc1551c2ddabfede5f3210e774196660380a9d707d329c97e4317ddde27e111865367bab7c424e9a704f7f005d641cff9e3977bd38
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 45595f53cb4840a48f7415305213fba6
+            Version: 3
+            TBS:
+                MD5: 478f5b241a92e2c4a0b1580fbf6a1222
+                SHA1: 16c4e1d539fe3eff639929b0e688e97dea1fbd7c
+                SHA256: f9655471d8ad73cfa42a56521d31e6f0d7088207234f3aaa00638fe36fad109d
+                SHA384: 3f0f3cdcb3f9b03da2be316c4305836ffb88b0cb8e18001518cff506e0fa35b27b98f4330f7f91fef30d37de2d57cf24
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        Signer:
+        -   SerialNumber: 45595f53cb4840a48f7415305213fba6
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    Imphash: a5b3ea8c2012c517c472ad6befd37134
+    LoadsDespiteHVCI: 'TRUE'
+-   Authentihash:
+        MD5: 6df250bd96e46a522bd7536100737f13
+        SHA1: d917e8e8aee2cb3d01d1ba123098654cf370689f
+        SHA256: 5be61901f41d55e6fbd0994869015448f8eb0450ae38f67b75ddb594c3325aac
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2006-05-05 01:39:53'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: CITMDRV_AMD64.sys
+    ImportedFunctions:
+    - ZwClose
+    - ZwOpenFile
+    - RtlInitUnicodeString
+    - ZwWriteFile
+    - DbgPrint
+    - ZwCreateFile
+    - vsprintf
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - ZwMapViewOfSection
+    - ZwUnmapViewOfSection
+    - __C_specific_handler
+    - IoFreeMdl
+    - MmUnlockPages
+    - ZwOpenSection
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeBugCheckEx
+    Imports:
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: 4d17b32be70ef39eae5d5edeb5e89877
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: IBM Polska Sp. z o.o.
+    RichPEHeaderHash:
+        MD5: 2913b9a2d064bbf06952ebcd7b6a75de
+        SHA1: 06e980c32915f83814a657f8e37a8320803a7b7e
+        SHA256: 3f8fc8e800b7c61556df8a46929b7e1f1456d58f242d1301f44851a7648c1d53
+    SHA1: 3270720a066492b046d7180ca6e60602c764cac7
+    SHA256: d5586dc1e61796a9ae5e5d1ced397874753056c3df2eb963a8916287e1929a71
+    Sections:
+        .text:
+            Entropy: 6.162845467346244
+            Virtual Size: '0x1a00'
+        .rdata:
+            Entropy: 4.3931373244808105
+            Virtual Size: '0x228'
+        .data:
+            Entropy: 0.5035334969292564
+            Virtual Size: '0x118'
+        .pdata:
+            Entropy: 3.456333815753792
+            Virtual Size: '0x9c'
+        INIT:
+            Entropy: 4.839932002422845
+            Virtual Size: '0x2ce'
+    Signature:
+    - IBM Polska Sp. z o.o.
+    - VeriSign Class 3 Code Signing 2009-2 CA
+    - VeriSign Class 3 Public Primary CA
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=PL, ST=malopolska, L=Krakow, O=IBM Polska Sp. z o.o., OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, CN=IBM Polska Sp. z
+                o.o.
+            ValidFrom: '2010-04-08 00:00:00'
+            ValidTo: '2013-04-09 23:59:59'
+            Signature: aec628787fc5115db93dba252e13cd029479d493c11fe73c7489505159c140ffe12c4626385c9dc75bb198692a08f1ddef7596666f654f6b2ac73884106f73c854ea38c3ea17af5d6b114884e174c4fb9061d48894066d6375662ddfdbb501cecbd1b6b92b9ac67a4b420aab9275658932fbcddfaa96590f5d40d29c807fda722681eb09fd16407fc1f2aea03470f36d1e134807d87dfc934789a500bf97b7fa816a56b96b269cf900d66809306d450556051df6ea7643848b2199d3a4927c34f1e385a31ead8aabb510a3dc1551c2ddabfede5f3210e774196660380a9d707d329c97e4317ddde27e111865367bab7c424e9a704f7f005d641cff9e3977bd38
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 45595f53cb4840a48f7415305213fba6
+            Version: 3
+            TBS:
+                MD5: 478f5b241a92e2c4a0b1580fbf6a1222
+                SHA1: 16c4e1d539fe3eff639929b0e688e97dea1fbd7c
+                SHA256: f9655471d8ad73cfa42a56521d31e6f0d7088207234f3aaa00638fe36fad109d
+                SHA384: 3f0f3cdcb3f9b03da2be316c4305836ffb88b0cb8e18001518cff506e0fa35b27b98f4330f7f91fef30d37de2d57cf24
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        Signer:
+        -   SerialNumber: 45595f53cb4840a48f7415305213fba6
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    Imphash: a5b3ea8c2012c517c472ad6befd37134
+    LoadsDespiteHVCI: 'TRUE'
+-   Authentihash:
+        MD5: 6df250bd96e46a522bd7536100737f13
+        SHA1: d917e8e8aee2cb3d01d1ba123098654cf370689f
+        SHA256: 5be61901f41d55e6fbd0994869015448f8eb0450ae38f67b75ddb594c3325aac
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2006-05-05 01:39:53'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: CITMDRV_AMD64.sys
+    ImportedFunctions:
+    - ZwClose
+    - ZwOpenFile
+    - RtlInitUnicodeString
+    - ZwWriteFile
+    - DbgPrint
+    - ZwCreateFile
+    - vsprintf
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - ZwMapViewOfSection
+    - ZwUnmapViewOfSection
+    - __C_specific_handler
+    - IoFreeMdl
+    - MmUnlockPages
+    - ZwOpenSection
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeBugCheckEx
+    Imports:
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: c1d3a6bb423739a5e781f7eee04c9cfd
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: IBM Polska Sp. z o.o.
+    RichPEHeaderHash:
+        MD5: 2913b9a2d064bbf06952ebcd7b6a75de
+        SHA1: 06e980c32915f83814a657f8e37a8320803a7b7e
+        SHA256: 3f8fc8e800b7c61556df8a46929b7e1f1456d58f242d1301f44851a7648c1d53
+    SHA1: 2a6e6bd51c7062ad24c02a4d2c1b5e948908d131
+    SHA256: d8459f7d707c635e2c04d6d6d47b63f73ba3f6629702c7a6e0df0462f6478ae2
+    Sections:
+        .text:
+            Entropy: 6.162845467346244
+            Virtual Size: '0x1a00'
+        .rdata:
+            Entropy: 4.3931373244808105
+            Virtual Size: '0x228'
+        .data:
+            Entropy: 0.5035334969292564
+            Virtual Size: '0x118'
+        .pdata:
+            Entropy: 3.456333815753792
+            Virtual Size: '0x9c'
+        INIT:
+            Entropy: 4.839932002422845
+            Virtual Size: '0x2ce'
+    Signature:
+    - IBM Polska Sp. z o.o.
+    - VeriSign Class 3 Code Signing 2009-2 CA
+    - VeriSign Class 3 Public Primary CA
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G3
+            ValidFrom: '2012-05-01 00:00:00'
+            ValidTo: '2012-12-31 23:59:59'
+            Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
+            Version: 3
+            TBS:
+                MD5: e6d820afb23af20a65cf0b03247ea05e
+                SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
+                SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
+                SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=PL, ST=malopolska, L=Krakow, O=IBM Polska Sp. z o.o., OU=Digital
+                ID Class 3 , Microsoft Software Validation v2, CN=IBM Polska Sp. z
+                o.o.
+            ValidFrom: '2010-04-08 00:00:00'
+            ValidTo: '2013-04-09 23:59:59'
+            Signature: aec628787fc5115db93dba252e13cd029479d493c11fe73c7489505159c140ffe12c4626385c9dc75bb198692a08f1ddef7596666f654f6b2ac73884106f73c854ea38c3ea17af5d6b114884e174c4fb9061d48894066d6375662ddfdbb501cecbd1b6b92b9ac67a4b420aab9275658932fbcddfaa96590f5d40d29c807fda722681eb09fd16407fc1f2aea03470f36d1e134807d87dfc934789a500bf97b7fa816a56b96b269cf900d66809306d450556051df6ea7643848b2199d3a4927c34f1e385a31ead8aabb510a3dc1551c2ddabfede5f3210e774196660380a9d707d329c97e4317ddde27e111865367bab7c424e9a704f7f005d641cff9e3977bd38
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 45595f53cb4840a48f7415305213fba6
+            Version: 3
+            TBS:
+                MD5: 478f5b241a92e2c4a0b1580fbf6a1222
+                SHA1: 16c4e1d539fe3eff639929b0e688e97dea1fbd7c
+                SHA256: f9655471d8ad73cfa42a56521d31e6f0d7088207234f3aaa00638fe36fad109d
+                SHA384: 3f0f3cdcb3f9b03da2be316c4305836ffb88b0cb8e18001518cff506e0fa35b27b98f4330f7f91fef30d37de2d57cf24
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        Signer:
+        -   SerialNumber: 45595f53cb4840a48f7415305213fba6
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    Imphash: a5b3ea8c2012c517c472ad6befd37134
+    LoadsDespiteHVCI: 'TRUE'
+-   Authentihash:
+        MD5: 6df250bd96e46a522bd7536100737f13
+        SHA1: d917e8e8aee2cb3d01d1ba123098654cf370689f
+        SHA256: 5be61901f41d55e6fbd0994869015448f8eb0450ae38f67b75ddb594c3325aac
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2006-05-05 01:39:53'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: CITMDRV_AMD64.sys
+    ImportedFunctions:
+    - ZwClose
+    - ZwOpenFile
+    - RtlInitUnicodeString
+    - ZwWriteFile
+    - DbgPrint
+    - ZwCreateFile
+    - vsprintf
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - ZwMapViewOfSection
+    - ZwUnmapViewOfSection
+    - __C_specific_handler
+    - IoFreeMdl
+    - MmUnlockPages
+    - ZwOpenSection
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeBugCheckEx
+    Imports:
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: 054299e09cea38df2b84e6b29348b418
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: IBM Polska Sp. z o.o.
+    RichPEHeaderHash:
+        MD5: 2913b9a2d064bbf06952ebcd7b6a75de
+        SHA1: 06e980c32915f83814a657f8e37a8320803a7b7e
+        SHA256: 3f8fc8e800b7c61556df8a46929b7e1f1456d58f242d1301f44851a7648c1d53
+    SHA1: 19bd488fe54b011f387e8c5d202a70019a204adf
+    SHA256: e81230217988f3e7ec6f89a06d231ec66039bdba340fd8ebb2bbb586506e3293
+    Sections:
+        .text:
+            Entropy: 6.162845467346244
+            Virtual Size: '0x1a00'
+        .rdata:
+            Entropy: 4.3931373244808105
+            Virtual Size: '0x228'
+        .data:
+            Entropy: 0.5035334969292564
+            Virtual Size: '0x118'
+        .pdata:
+            Entropy: 3.456333815753792
+            Virtual Size: '0x9c'
+        INIT:
+            Entropy: 4.839932002422845
+            Virtual Size: '0x2ce'
+    Signature:
+    - IBM Polska Sp. z o.o.
+    - Symantec Class 3 SHA256 Code Signing CA
+    - VeriSign
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=PL, ST=mazowieckie, L=Warsaw, O=IBM Polska Sp. z o.o., CN=IBM
+                Polska Sp. z o.o.
+            ValidFrom: '2016-05-30 00:00:00'
+            ValidTo: '2019-07-29 23:59:59'
+            Signature: 37c4cb65c2d5579c51543d15af31471b5b497715b8018ab41d79e8c5fd07393f3ae94bc05fe9c7c309f7ac8cc213535a8fa8ea90100c57e455b50ddc95ee310d73c0577dd2e02e8f488ac3402f0a04f6bd5f40892e98c1c7a0f2763666416c56578c5124f057a762ac7e12ec79b0513db914a194e0180e7c60ebcfe6669802fa959e117dbe681d72789baa05343c622da0bb17eb05b8c6f0740d7053dbee3f12d569d4186d2dcc65a802e5ff99f6e9737f3b025eb44df12036e51b3d078fb5c29f36134134aa0ac6d34dc45d973b92fb05740c50975194828977dbe9c7218c092a4a96ec45d08610914926d92eb2fc2f0e7e4965dda5f82b7c9bbd731256acbf
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 74c58808c139aecc23260eb2ba16f2fd
+            Version: 3
+            TBS:
+                MD5: e7b67b21239296b841387cb545428012
+                SHA1: 16490d98ea08654a99e355b9b87be04fc66b62df
+                SHA256: 3dfd1ebc716c318dd93c0532018c67ca0e98bdb16dfbbd266dabf6f47dcb8870
+                SHA384: e70fb3a325bd9a1d3b52f5a7d8648a21c9a27ce88da95b324448220897832618a427b2b7d7f99cd4192645f1c1dac2a7
+        -   Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 SHA256 Code Signing CA
+            ValidFrom: '2013-12-10 00:00:00'
+            ValidTo: '2023-12-09 23:59:59'
+            Signature: 13851a1e69a937f7a0bda4af7e1d6153fe9d8c5e0ca6751e781723ddfdec1a035539fb7195c7655aa78e30d2445a61db706fda2105c22e73ba49f1d193fe5dc9cd5e03e0899e3f741ed7f7388ba9d6cfbb352f3358a89256d1c84d3b82e6798416fc28b0b147f31da23eee87d9a67fa456a53fad842e29de7cbca8aaa33d0401eaba93a20e502229174c87e43a115fd6a425899b056b2fb4c9014c277b0bac190522a060153fdac9fb4d4c8ffb726777fd2794c7ba350e8849fe8dfd28af4a12bd0db39705de440c15fa362b03dcc15001f1a1115d14e5e2bd274b54be2b845e0fa6c374050aef97c38922b11f77f3bdcd43d4f14ca93fb58b84af64f2d01421
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 3d78d7f9764960b2617df4f01eca862a
+            Version: 3
+            TBS:
+                MD5: 1f056ff7d5f874984dc605402b7cb042
+                SHA1: bdb348353a2203deb4b767914fa1bd7248dd728b
+                SHA256: a08e79c386083d875014c409c13d144e0a24386132980df11ff59737c8489eb1
+                SHA384: fa2729064b49e0d77540c1ee95d5f74acaf8eaf55197851a3a40383335f8113e51190bc48b552196edf8ac5cf0c89278
+        Signer:
+        -   SerialNumber: 74c58808c139aecc23260eb2ba16f2fd
+            Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 SHA256 Code Signing CA
+            Version: 1
+    Imphash: a5b3ea8c2012c517c472ad6befd37134
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 6df250bd96e46a522bd7536100737f13
+        SHA1: d917e8e8aee2cb3d01d1ba123098654cf370689f
+        SHA256: 5be61901f41d55e6fbd0994869015448f8eb0450ae38f67b75ddb594c3325aac
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2006-05-05 01:39:53'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: CITMDRV_AMD64.sys
+    ImportedFunctions:
+    - ZwClose
+    - ZwOpenFile
+    - RtlInitUnicodeString
+    - ZwWriteFile
+    - DbgPrint
+    - ZwCreateFile
+    - vsprintf
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - ZwMapViewOfSection
+    - ZwUnmapViewOfSection
+    - __C_specific_handler
+    - IoFreeMdl
+    - MmUnlockPages
+    - ZwOpenSection
+    - MmProbeAndLockPages
+    - IoAllocateMdl
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeBugCheckEx
+    Imports:
+    - ntoskrnl.exe
+    InternalName: ''
+    MD5: 0ba6afe0ea182236f98365bd977adfdf
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: IBM Polska Sp. z o.o.
+    RichPEHeaderHash:
+        MD5: 2913b9a2d064bbf06952ebcd7b6a75de
+        SHA1: 06e980c32915f83814a657f8e37a8320803a7b7e
+        SHA256: 3f8fc8e800b7c61556df8a46929b7e1f1456d58f242d1301f44851a7648c1d53
+    SHA1: a6fe4f30ca7cb94d74bc6d42cdd09a136056952e
+    SHA256: f88ebb633406a086d9cca6bc8b66a4ea940c5476529f9033a9e0463512a23a57
+    Sections:
+        .text:
+            Entropy: 6.162845467346244
+            Virtual Size: '0x1a00'
+        .rdata:
+            Entropy: 4.3931373244808105
+            Virtual Size: '0x228'
+        .data:
+            Entropy: 0.5035334969292564
+            Virtual Size: '0x118'
+        .pdata:
+            Entropy: 3.456333815753792
+            Virtual Size: '0x9c'
+        INIT:
+            Entropy: 4.839932002422845
+            Virtual Size: '0x2ce'
+    Signature:
+    - IBM Polska Sp. z o.o.
+    - Symantec Class 3 SHA256 Code Signing CA
+    - VeriSign
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=PL, ST=mazowieckie, L=Warsaw, O=IBM Polska Sp. z o.o., CN=IBM
+                Polska Sp. z o.o.
+            ValidFrom: '2016-05-30 00:00:00'
+            ValidTo: '2019-07-29 23:59:59'
+            Signature: 37c4cb65c2d5579c51543d15af31471b5b497715b8018ab41d79e8c5fd07393f3ae94bc05fe9c7c309f7ac8cc213535a8fa8ea90100c57e455b50ddc95ee310d73c0577dd2e02e8f488ac3402f0a04f6bd5f40892e98c1c7a0f2763666416c56578c5124f057a762ac7e12ec79b0513db914a194e0180e7c60ebcfe6669802fa959e117dbe681d72789baa05343c622da0bb17eb05b8c6f0740d7053dbee3f12d569d4186d2dcc65a802e5ff99f6e9737f3b025eb44df12036e51b3d078fb5c29f36134134aa0ac6d34dc45d973b92fb05740c50975194828977dbe9c7218c092a4a96ec45d08610914926d92eb2fc2f0e7e4965dda5f82b7c9bbd731256acbf
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 74c58808c139aecc23260eb2ba16f2fd
+            Version: 3
+            TBS:
+                MD5: e7b67b21239296b841387cb545428012
+                SHA1: 16490d98ea08654a99e355b9b87be04fc66b62df
+                SHA256: 3dfd1ebc716c318dd93c0532018c67ca0e98bdb16dfbbd266dabf6f47dcb8870
+                SHA384: e70fb3a325bd9a1d3b52f5a7d8648a21c9a27ce88da95b324448220897832618a427b2b7d7f99cd4192645f1c1dac2a7
+        -   Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 SHA256 Code Signing CA
+            ValidFrom: '2013-12-10 00:00:00'
+            ValidTo: '2023-12-09 23:59:59'
+            Signature: 13851a1e69a937f7a0bda4af7e1d6153fe9d8c5e0ca6751e781723ddfdec1a035539fb7195c7655aa78e30d2445a61db706fda2105c22e73ba49f1d193fe5dc9cd5e03e0899e3f741ed7f7388ba9d6cfbb352f3358a89256d1c84d3b82e6798416fc28b0b147f31da23eee87d9a67fa456a53fad842e29de7cbca8aaa33d0401eaba93a20e502229174c87e43a115fd6a425899b056b2fb4c9014c277b0bac190522a060153fdac9fb4d4c8ffb726777fd2794c7ba350e8849fe8dfd28af4a12bd0db39705de440c15fa362b03dcc15001f1a1115d14e5e2bd274b54be2b845e0fa6c374050aef97c38922b11f77f3bdcd43d4f14ca93fb58b84af64f2d01421
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 3d78d7f9764960b2617df4f01eca862a
+            Version: 3
+            TBS:
+                MD5: 1f056ff7d5f874984dc605402b7cb042
+                SHA1: bdb348353a2203deb4b767914fa1bd7248dd728b
+                SHA256: a08e79c386083d875014c409c13d144e0a24386132980df11ff59737c8489eb1
+                SHA384: fa2729064b49e0d77540c1ee95d5f74acaf8eaf55197851a3a40383335f8113e51190bc48b552196edf8ac5cf0c89278
+        Signer:
+        -   SerialNumber: 74c58808c139aecc23260eb2ba16f2fd
+            Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 SHA256 Code Signing CA
+            Version: 1
+    Imphash: a5b3ea8c2012c517c472ad6befd37134
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/f33c2e80-7b01-416b-821a-ed06db4b6511.yaml b/yaml/f33c2e80-7b01-416b-821a-ed06db4b6511.yaml
index 68858b329..796156e48 100644
--- a/yaml/f33c2e80-7b01-416b-821a-ed06db4b6511.yaml
+++ b/yaml/f33c2e80-7b01-416b-821a-ed06db4b6511.yaml
@@ -1,157 +1,158 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: f33c2e80-7b01-416b-821a-ed06db4b6511
+Tags:
+- stdcdrv64.sys
+Verified: 'TRUE'
 Author: Takahiro Haruyama
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create stdcdrv64sys binPath= C:\windows\temp\stdcdrv64sys.sys type=kernel
-    && sc.exe start stdcdrv64sys
-  Description: The Carbon Black Threat Analysis Unit (TAU) discovered 34 unique vulnerable
-    drivers (237 file hashes) accepting firmware access. Six allow kernel memory access.
-    All give full control of the devices to non-admin users. By exploiting the vulnerable
-    drivers, an attacker without the system privilege may erase/alter firmware, and/or
-    elevate privileges. As of the time of writing in October 2023, the filenames of
-    the vulnerable drivers have not been made public until now.
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-11-02'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: f33c2e80-7b01-416b-821a-ed06db4b6511
-KnownVulnerableSamples:
-- Company: Intel Corporation
-  Date: ''
-  Description: SelfTest Data Collector
-  FileVersion: 2.0.0.0
-  Filename: ''
-  MD5: d95c9a241e52b4f967fa4cdb7b99fc80
-  MachineType: AMD64
-  OriginalFilename: stdcdrv64.sys
-  Product: SelfTest Data Collector
-  ProductVersion: 2.0.0.0
-  Publisher: ''
-  SHA1: 8ea50d7d13ff2d1306fed30a2d136dd6245eb3bc
-  SHA256: 37022838c4327e2a5805e8479330d8ff6f8cd3495079905e867811906c98ea20
-  Signature: ''
-  Imphash: 2e7d3b001306473cbff3d0dc11a6fcbc
-  Authentihash:
-    MD5: e70d9f1ab58cf19930dc7744a9135bd3
-    SHA1: 04dd836ca6b4fdc52aeef349d042e629b74f34d0
-    SHA256: 59cbdc9190000b1de3719dbdb5d90459c602487672a3bae9c56d8ffae5e64250
-  RichPEHeaderHash:
-    MD5: 4177fc696ec2b92edb94bd0fa66e6043
-    SHA1: ed292b21c8da0d265f40699d579ad442a17483c7
-    SHA256: 83b9906909b8181816feb15b0807566eb053b800c4da8b21bc86dea28637b101
-  Sections:
-    .text:
-      Entropy: 6.336058210124275
-      Virtual Size: '0x2828'
-    .rdata:
-      Entropy: 4.3799557699565765
-      Virtual Size: '0x900'
-    .data:
-      Entropy: 0.6187029948942955
-      Virtual Size: '0x402f0'
-    .pdata:
-      Entropy: 3.9750454932513692
-      Virtual Size: '0x18c'
-    INIT:
-      Entropy: 4.900451719096127
-      Virtual Size: '0x238'
-    .rsrc:
-      Entropy: 3.489627550651526
-      Virtual Size: '0x408'
-    .reloc:
-      Entropy: 3.2855342446735882
-      Virtual Size: '0x2c'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2022-01-26 12:37:43'
-  InternalName: stdcdrv64.sys
-  Copyright: Copyright (c) 2019 Intel Corporation
-  Imports:
-  - ntoskrnl.exe
-  - WDFLDR.SYS
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - KeQueryGroupAffinity
-  - MmMapIoSpace
-  - KeQueryMaximumGroupCount
-  - __C_specific_handler
-  - KeQueryActiveGroupCount
-  - RtlCopyUnicodeString
-  - KeSetSystemGroupAffinityThread
-  - memcpy_s
-  - MmUnmapIoSpace
-  - DbgPrint
-  - WdfVersionUnbind
-  - WdfVersionBind
-  - WdfVersionUnbindClass
-  - WdfVersionBindClass
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=California, L=Santa Clara, O=Intel Corporation, OU=Intel(R)
-        Connectivity Innovation, CN=Intel Corporation
-      ValidFrom: '2021-04-01 00:00:00'
-      ValidTo: '2023-04-01 23:59:59'
-      Signature: 404fb875b6d9ad32d46f121ce14b84fc351a062761e6af184f2ad349473db5da22aa57cec601b22b1d0481d5762ed641d6a32d36e827658b6b60994c3b8fa3e50dc042ccb8237578d668cb73a463b27c4e44ea86d3018ce1d28b0ee05108ab8de0b4ef92f9ae3dae2493deafa551d8020289fe31ab52e619b2a96bcc7914f93bde0fe8b76871b00695cfc5898b7021ca486aaa40e8191a84c63ea21cdb2a115cf66bff7e2275d6e51da41a246fabffabc1a41d793821298875ef79a86dc6f7c811fe83fd6c6c4d6b39b421db1f9e036ee5c8616a193267c8ba2458746b41e1d798691fd3f2301247f2b74c154868784894485319da9abde7d1a771970a0dc21c
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 2338186a527042bb43a86c0e8ffae349
-      Version: 3
-      TBS:
-        MD5: 59f261a5b1f3515f0d8133d016945e5b
-        SHA1: 6611dc5b1ee4681579f769ddcbde722288af80eb
-        SHA256: 471a15c5a022768601454a96e0e26f6f655b11712e6116a464276d3e7be4324c
-        SHA384: 841df5dddfc38126a6797e3bfdc2f7479d1184516b6ae0ebe89debe4161208fb88be2c930c177d40a33904a1c9e27f5a
-    - Subject: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo
-        RSA Code Signing CA
-      ValidFrom: '2018-11-02 00:00:00'
-      ValidTo: '2030-12-31 23:59:59'
-      Signature: 4d6350ed47344a61a4dbde6a2a8c9bf100001e1d627b3ad732c2f6b3e063b3fb6100889a1b6d1007044fbeb8ea897822eb0f46ecf3465e40468912f40b775a9c2a413afcd6f4ebe7f7159533c3a18328b7de2fe494f78533832d4a4048bf9ac24f4ab18f24f4b38137d3b764b0a6236a596852425fff04ebe174657908f5a993de6b71409996ba78f1b9c8e2c30816b1ab635ac815806d745e4a757ea5b8c36cb5cfdf4a79875cc7404d6335f630d3cfb50a0e0b047fa04baebba3a5d08400933e535d34a50035696cbe9f2025100d19fb509061be398f7a8e4df69f0e1efe075112668326194895ce4ac9c17ff33a059bf96fdf887fc0239ed21e437a4531c19c4da9f059b25919e86a8d290402777c4b4bcd70be3ab2555a783ebcbb6f0310257715348af936cc4392e4ba4ff1629328255729fb5119c7a125406a8457c6b29db1bc1c0ada7c677e7d2ee9284c187ec47b3141719a4b29ec0b3d5750d2caddfd9e0551e54478dd01deb175980d5424fdf04ee3e2f883bd72bacb3d3aeef05e1792686dc861f9a6f12a0a0ba5b9f49eee983205859eebf98329d3c62c7dbd3a772e8b3742a06a82ed3b4aaa9410a4e10df817c5b65a79331892e3b575f8a1e98e0a251ee41ef19f5a8723ff9fa4519efb398011cddbb5c4a7a8806fe553d4e0e3a2c2d25b1afa32262d6a57701c3ca4582ea3f35b4b07dc3259f387a71a6d58
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.12
-      IsCertificateAuthority: true
-      SerialNumber: 1da248306f9b2618d082e0967d33d36a
-      Version: 3
-      TBS:
-        MD5: c1eabfb5994258ad955adb7c2df165e6
-        SHA1: fa33b3c00cebc469b269220d9eab26926c9b8ad8
-        SHA256: 70dffac37eb787b2198816982c7d44f541d2e39a7dac069d37b367dc9f354b32
-        SHA384: 20adc5b59cb532e215f01ba09a9c745898c206555613512fea7c295ccfd17ced4fe2c5bc3274ca8a270fc68799b8343c
-    - Subject: C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust
-        RSA Certification Authority
-      ValidFrom: '2015-07-22 21:03:49'
-      ValidTo: '2025-07-22 21:03:49'
-      Signature: 6b22933c3d395471646b0ef2e43c3011c5204a4b860f92f1ff33793ad9e498a70e40a022807e61b2e0a719cf2695312a65d46a4f3186eac0c62ec5648c3d4859cd0b2f743d9426131042d49798275e3c76d278691d1a64e7057275e0eb6640439f8f0c46ff9760a6c867ad10089b62a6e9be3a8ad3074d9f729325bc0611e02c90383e671cfd19d79e90ce3dc2e0e761acc0e504f51e99540c910d01567137ae27d49e4322a5c927cd4de571123924a5415687ffbc55140f25ca89eec797e5d213ff3d7e1aa08f3fc82cd7a370d0c760c0fcd83e51e797c63e3bedcf78be8acae3c4f2a7a7ed9eae08028fa052db721ed53bc34d9f8efa9b70c7f8e3bf6c3f929be4373eec6a8c29f9c1a2bf8b3e1a6966fb1c634f2601c902c43ed2ffc343a81bfd99fad4bca5b9e2932f3b01c5d1f43a2f68c3e064b75a955e46cc078369bb3c05925673357345984e7cd812a5b742e9a263f642601870d13b6f31c087c7e671e1f34616e9f5b872b3e96d1f622649a3498bdd68c78b6856f7defcfa8724b80381178fe5f1676a1daed374f78ca55db30b8e422996ce49c4777e667c01171a6c1424c3b0177705d81a40b7866bd8e47b40ac7edf4e6f24f92080828c33e7e5fa29d89dda8b705d2bc91d824c0b67cb84419ee7067e1183442d8a19eef47f9add791c37191e9f3f8c29ba0d5c1086376c48cd455dcd70bcbcd14d5dd8c5b876
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 3300000044b73ffcef5acfa27a000000000044
-      Version: 3
-      TBS:
-        MD5: a2d2ae7554f77f6e9ffb0b1a9b700ac4
-        SHA1: 9f69ff166f5dc446578a45d7d69482373755e141
-        SHA256: ad394b7e5cb9ccf6429762405f9840b648e38e8faf2de376f1aa375c6729abb7
-        SHA384: eda103bac2997f31d778637ce8d1fa1263485a9d6a77d6e381bad8312e6bbec020ce5036e16ca96087e50f6ab200944a
-    Signer:
-    - SerialNumber: 2338186a527042bb43a86c0e8ffae349
-      Issuer: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo
-        RSA Code Signing CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create stdcdrv64sys binPath= C:\windows\temp\stdcdrv64sys.sys
+        type=kernel && sc.exe start stdcdrv64sys
+    Description: The Carbon Black Threat Analysis Unit (TAU) discovered 34 unique
+        vulnerable drivers (237 file hashes) accepting firmware access. Six allow
+        kernel memory access. All give full control of the devices to non-admin users.
+        By exploiting the vulnerable drivers, an attacker without the system privilege
+        may erase/alter firmware, and/or elevate privileges. As of the time of writing
+        in October 2023, the filenames of the vulnerable drivers have not been made
+        public until now.
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://blogs.vmware.com/security/2023/10/hunting-vulnerable-kernel-drivers.html
-Tags:
-- stdcdrv64.sys
-Verified: 'TRUE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Company: Intel Corporation
+    Date: ''
+    Description: SelfTest Data Collector
+    FileVersion: 2.0.0.0
+    Filename: ''
+    MD5: d95c9a241e52b4f967fa4cdb7b99fc80
+    MachineType: AMD64
+    OriginalFilename: stdcdrv64.sys
+    Product: SelfTest Data Collector
+    ProductVersion: 2.0.0.0
+    Publisher: ''
+    SHA1: 8ea50d7d13ff2d1306fed30a2d136dd6245eb3bc
+    SHA256: 37022838c4327e2a5805e8479330d8ff6f8cd3495079905e867811906c98ea20
+    Signature: ''
+    Imphash: 2e7d3b001306473cbff3d0dc11a6fcbc
+    Authentihash:
+        MD5: e70d9f1ab58cf19930dc7744a9135bd3
+        SHA1: 04dd836ca6b4fdc52aeef349d042e629b74f34d0
+        SHA256: 59cbdc9190000b1de3719dbdb5d90459c602487672a3bae9c56d8ffae5e64250
+    RichPEHeaderHash:
+        MD5: 4177fc696ec2b92edb94bd0fa66e6043
+        SHA1: ed292b21c8da0d265f40699d579ad442a17483c7
+        SHA256: 83b9906909b8181816feb15b0807566eb053b800c4da8b21bc86dea28637b101
+    Sections:
+        .text:
+            Entropy: 6.336058210124275
+            Virtual Size: '0x2828'
+        .rdata:
+            Entropy: 4.3799557699565765
+            Virtual Size: '0x900'
+        .data:
+            Entropy: 0.6187029948942955
+            Virtual Size: '0x402f0'
+        .pdata:
+            Entropy: 3.9750454932513692
+            Virtual Size: '0x18c'
+        INIT:
+            Entropy: 4.900451719096127
+            Virtual Size: '0x238'
+        .rsrc:
+            Entropy: 3.489627550651526
+            Virtual Size: '0x408'
+        .reloc:
+            Entropy: 3.2855342446735882
+            Virtual Size: '0x2c'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2022-01-26 12:37:43'
+    InternalName: stdcdrv64.sys
+    Copyright: Copyright (c) 2019 Intel Corporation
+    Imports:
+    - ntoskrnl.exe
+    - WDFLDR.SYS
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - KeQueryGroupAffinity
+    - MmMapIoSpace
+    - KeQueryMaximumGroupCount
+    - __C_specific_handler
+    - KeQueryActiveGroupCount
+    - RtlCopyUnicodeString
+    - KeSetSystemGroupAffinityThread
+    - memcpy_s
+    - MmUnmapIoSpace
+    - DbgPrint
+    - WdfVersionUnbind
+    - WdfVersionBind
+    - WdfVersionUnbindClass
+    - WdfVersionBindClass
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=California, L=Santa Clara, O=Intel Corporation, OU=Intel(R)
+                Connectivity Innovation, CN=Intel Corporation
+            ValidFrom: '2021-04-01 00:00:00'
+            ValidTo: '2023-04-01 23:59:59'
+            Signature: 404fb875b6d9ad32d46f121ce14b84fc351a062761e6af184f2ad349473db5da22aa57cec601b22b1d0481d5762ed641d6a32d36e827658b6b60994c3b8fa3e50dc042ccb8237578d668cb73a463b27c4e44ea86d3018ce1d28b0ee05108ab8de0b4ef92f9ae3dae2493deafa551d8020289fe31ab52e619b2a96bcc7914f93bde0fe8b76871b00695cfc5898b7021ca486aaa40e8191a84c63ea21cdb2a115cf66bff7e2275d6e51da41a246fabffabc1a41d793821298875ef79a86dc6f7c811fe83fd6c6c4d6b39b421db1f9e036ee5c8616a193267c8ba2458746b41e1d798691fd3f2301247f2b74c154868784894485319da9abde7d1a771970a0dc21c
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 2338186a527042bb43a86c0e8ffae349
+            Version: 3
+            TBS:
+                MD5: 59f261a5b1f3515f0d8133d016945e5b
+                SHA1: 6611dc5b1ee4681579f769ddcbde722288af80eb
+                SHA256: 471a15c5a022768601454a96e0e26f6f655b11712e6116a464276d3e7be4324c
+                SHA384: 841df5dddfc38126a6797e3bfdc2f7479d1184516b6ae0ebe89debe4161208fb88be2c930c177d40a33904a1c9e27f5a
+        -   Subject: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo
+                RSA Code Signing CA
+            ValidFrom: '2018-11-02 00:00:00'
+            ValidTo: '2030-12-31 23:59:59'
+            Signature: 4d6350ed47344a61a4dbde6a2a8c9bf100001e1d627b3ad732c2f6b3e063b3fb6100889a1b6d1007044fbeb8ea897822eb0f46ecf3465e40468912f40b775a9c2a413afcd6f4ebe7f7159533c3a18328b7de2fe494f78533832d4a4048bf9ac24f4ab18f24f4b38137d3b764b0a6236a596852425fff04ebe174657908f5a993de6b71409996ba78f1b9c8e2c30816b1ab635ac815806d745e4a757ea5b8c36cb5cfdf4a79875cc7404d6335f630d3cfb50a0e0b047fa04baebba3a5d08400933e535d34a50035696cbe9f2025100d19fb509061be398f7a8e4df69f0e1efe075112668326194895ce4ac9c17ff33a059bf96fdf887fc0239ed21e437a4531c19c4da9f059b25919e86a8d290402777c4b4bcd70be3ab2555a783ebcbb6f0310257715348af936cc4392e4ba4ff1629328255729fb5119c7a125406a8457c6b29db1bc1c0ada7c677e7d2ee9284c187ec47b3141719a4b29ec0b3d5750d2caddfd9e0551e54478dd01deb175980d5424fdf04ee3e2f883bd72bacb3d3aeef05e1792686dc861f9a6f12a0a0ba5b9f49eee983205859eebf98329d3c62c7dbd3a772e8b3742a06a82ed3b4aaa9410a4e10df817c5b65a79331892e3b575f8a1e98e0a251ee41ef19f5a8723ff9fa4519efb398011cddbb5c4a7a8806fe553d4e0e3a2c2d25b1afa32262d6a57701c3ca4582ea3f35b4b07dc3259f387a71a6d58
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.12
+            IsCertificateAuthority: true
+            SerialNumber: 1da248306f9b2618d082e0967d33d36a
+            Version: 3
+            TBS:
+                MD5: c1eabfb5994258ad955adb7c2df165e6
+                SHA1: fa33b3c00cebc469b269220d9eab26926c9b8ad8
+                SHA256: 70dffac37eb787b2198816982c7d44f541d2e39a7dac069d37b367dc9f354b32
+                SHA384: 20adc5b59cb532e215f01ba09a9c745898c206555613512fea7c295ccfd17ced4fe2c5bc3274ca8a270fc68799b8343c
+        -   Subject: C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network,
+                CN=USERTrust RSA Certification Authority
+            ValidFrom: '2015-07-22 21:03:49'
+            ValidTo: '2025-07-22 21:03:49'
+            Signature: 6b22933c3d395471646b0ef2e43c3011c5204a4b860f92f1ff33793ad9e498a70e40a022807e61b2e0a719cf2695312a65d46a4f3186eac0c62ec5648c3d4859cd0b2f743d9426131042d49798275e3c76d278691d1a64e7057275e0eb6640439f8f0c46ff9760a6c867ad10089b62a6e9be3a8ad3074d9f729325bc0611e02c90383e671cfd19d79e90ce3dc2e0e761acc0e504f51e99540c910d01567137ae27d49e4322a5c927cd4de571123924a5415687ffbc55140f25ca89eec797e5d213ff3d7e1aa08f3fc82cd7a370d0c760c0fcd83e51e797c63e3bedcf78be8acae3c4f2a7a7ed9eae08028fa052db721ed53bc34d9f8efa9b70c7f8e3bf6c3f929be4373eec6a8c29f9c1a2bf8b3e1a6966fb1c634f2601c902c43ed2ffc343a81bfd99fad4bca5b9e2932f3b01c5d1f43a2f68c3e064b75a955e46cc078369bb3c05925673357345984e7cd812a5b742e9a263f642601870d13b6f31c087c7e671e1f34616e9f5b872b3e96d1f622649a3498bdd68c78b6856f7defcfa8724b80381178fe5f1676a1daed374f78ca55db30b8e422996ce49c4777e667c01171a6c1424c3b0177705d81a40b7866bd8e47b40ac7edf4e6f24f92080828c33e7e5fa29d89dda8b705d2bc91d824c0b67cb84419ee7067e1183442d8a19eef47f9add791c37191e9f3f8c29ba0d5c1086376c48cd455dcd70bcbcd14d5dd8c5b876
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 3300000044b73ffcef5acfa27a000000000044
+            Version: 3
+            TBS:
+                MD5: a2d2ae7554f77f6e9ffb0b1a9b700ac4
+                SHA1: 9f69ff166f5dc446578a45d7d69482373755e141
+                SHA256: ad394b7e5cb9ccf6429762405f9840b648e38e8faf2de376f1aa375c6729abb7
+                SHA384: eda103bac2997f31d778637ce8d1fa1263485a9d6a77d6e381bad8312e6bbec020ce5036e16ca96087e50f6ab200944a
+        Signer:
+        -   SerialNumber: 2338186a527042bb43a86c0e8ffae349
+            Issuer: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo
+                RSA Code Signing CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/f4126206-564f-49f5-a942-2138a3131e0e.yaml b/yaml/f4126206-564f-49f5-a942-2138a3131e0e.yaml
index 6a5c91f76..61b406990 100644
--- a/yaml/f4126206-564f-49f5-a942-2138a3131e0e.yaml
+++ b/yaml/f4126206-564f-49f5-a942-2138a3131e0e.yaml
@@ -1,613 +1,617 @@
 Id: f4126206-564f-49f5-a942-2138a3131e0e
+Tags:
+- NICM.SYS
+Verified: 'TRUE'
 Author: Nasreddine Bencherchali
 Created: '2023-05-06'
 MitreID: T1068
 Category: vulnerable driver
-Verified: 'TRUE'
 Commands:
-  Command: sc.exe create NICM.sys binPath=C:\windows\temp\NICM.SYS type=kernel &&
-    sc.exe start NICM.SYS
-  Description: ''
-  Usecase: Elevate privileges
-  Privileges: kernel
-  OperatingSystem: Windows 10
+    Command: sc.exe create NICM.sys binPath=C:\windows\temp\NICM.SYS type=kernel &&
+        sc.exe start NICM.SYS
+    Description: ''
+    Usecase: Elevate privileges
+    Privileges: kernel
+    OperatingSystem: Windows 10
 Resources:
 - Internal Research
-Acknowledgement:
-  Person: ''
-  Handle: ''
 Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Person: ''
+    Handle: ''
 KnownVulnerableSamples:
-- Filename: NICM.SYS
-  MD5: 52b7cd123f6d1b9ed76b08f2ee7d9433
-  SHA1: 4d6e532830058fadd861ff9eac16de8cfc6974ce
-  SHA256: 3a65d14fd3b1b5981084cdbd293dc6f4558911ea18dd80177d1e5b54d85bcaa0
-  Authentihash:
-    MD5: cd820a2aee5e475a92f3860b20a3fc1a
-    SHA1: db97af81d295f3f7f7777d3805635ab8cc40ab44
-    SHA256: 98636f857235fb66122296db147cd29440de681a29bbd631fc94373da31f99fa
-  Description: Novell Client Portability Layer
-  Company: Novell, Inc.
-  InternalName: ''
-  OriginalFilename: NICM.SYS
-  FileVersion: 3.1.11.0
-  Product: Novell XTier
-  ProductVersion: 3.1.11
-  Copyright: (C) Copyright 2000-2013, Novell, Inc. All Rights Reserved.
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - nicm.sys
-  ExportedFunctions:
-  - DllGetClassObject
-  - XTCOM_Table
-  ImportedFunctions:
-  - KeWaitForSingleObject
-  - ExAllocatePoolWithTag
-  - ZwCreateKey
-  - ExFreePoolWithTag
-  - ExReleaseFastMutex
-  - ExAcquireFastMutex
-  - RtlInitUnicodeString
-  - ZwSetValueKey
-  - ZwQueryValueKey
-  - ZwEnumerateValueKey
-  - ZwClose
-  - RtlAppendUnicodeStringToString
-  - RtlCopyUnicodeString
-  - ZwDeleteKey
-  - ZwEnumerateKey
-  - ZwOpenKey
-  - DbgPrintEx
-  - RtlUpcaseUnicodeString
-  - RtlAnsiStringToUnicodeString
-  - RtlUnicodeStringToAnsiString
-  - RtlUnicodeStringToOemString
-  - RtlFreeUnicodeString
-  - RtlOemStringToUnicodeString
-  - RtlFreeAnsiString
-  - DbgPrint
-  - KeReleaseSpinLock
-  - KeAcquireSpinLockRaiseToDpc
-  - RtlIntegerToUnicodeString
-  - RtlAppendUnicodeToString
-  - RtlInitString
-  - RtlEqualUnicodeString
-  - RtlCompareString
-  - RtlCopyString
-  - KeReleaseMutex
-  - RtlEqualString
-  - RtlUnicodeStringToInteger
-  - ExAcquireResourceExclusiveLite
-  - KeResetEvent
-  - KeInitializeMutex
-  - KeLeaveCriticalRegion
-  - KeSetEvent
-  - ExIsResourceAcquiredSharedLite
-  - ExIsResourceAcquiredExclusiveLite
-  - KeEnterCriticalRegion
-  - ExAcquireResourceSharedLite
-  - ExReleaseResourceLite
-  - ExDeleteResourceLite
-  - ExInitializeResourceLite
-  - KeWaitForMultipleObjects
-  - KeSetPriorityThread
-  - IoDeleteDevice
-  - IoCreateDevice
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - RtlCompareMemory
-  - IoUninitializeWorkItem
-  - IoFreeWorkItem
-  - KeInitializeDpc
-  - KeInitializeTimer
-  - KeDelayExecutionThread
-  - IoAllocateWorkItem
-  - KeSetTimer
-  - IoInitializeWorkItem
-  - IoQueueWorkItem
-  - KeCancelTimer
-  - KeBugCheckEx
-  - RtlCompareUnicodeString
-  - KeInitializeEvent
-  - NicmCreateInstance
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Corporation
-      ValidFrom: '2021-09-02 18:32:59'
-      ValidTo: '2022-09-01 18:32:59'
-      Signature: 164937b92c644c4061d4db4097b062bc812c0167605f5a99f847593186d029ab18e888522d744cc45d41dce29d47d2bf91c72992f35c1a5f03ed8c984b89a109430147e54bae0ddff0f523dfc03d5796a2636fc9a24ed66453809a33d134d1a7c9e83b974953893845a84fb668eb3afa179e82a01d7a51a03492911cb591ba118ab8b230e65920c7d2b2f90bd9ae7fc3762f2e4c88162a9f8c186f3163a3c1bef8e0b7d8d04a19673eb677518f01bf0cbaaf29e15c1695d15d134cbd20131ede87f2b5a3c3226abbbab3fec5caa38b7944b8bd31e1f538012f90edc4262ead76d2055b4bd458f8e3e39dffa7260bd9a6bebb62c86ef4f58dd177761d263d9fdc626aed8eca756ab441885ab4a8417a0e1fc63860d32badda0e9a3359b18cd3eb138f33e87582346bbd80c2b966e765751c386b8e59d3a02892da1fd02a8ec9312bbead188e81385e96b4fbced3fcf5545cda9fed8faa494efef4bb4b42e318478c377123e3b8dbacbcb7fd8019dc87946a33b91a0ed6160e02f2078d847ecc5e32ac0a5b003e4d58b41eb591a9f4b1da895b139ea125c1243233922b3dec46eba91425f752ba3261fe762feda2553add6bc5d67ac3c6eb63279f74fc02e2dfcde245b806df392111c7b20564ef7650fa17135b848cbe6c925d724d907732e6e0380e05f0aa11361be21401124fe9c6f1cf2e22c6d979bd3c49e61032a8d51269
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 33000002528b33aaf895f339db000000000252
-      Version: 3
-      TBS:
-        MD5: 92b6022918bc02eb361b8a02fb1da57d
-        SHA1: 8ceb945fac0f6d623d464e21740ae6eb60351652
-        SHA256: c1446860a1cd9db490d3ea85e9df05df44af8d44e2bb803a2a2018f3b6c41bcb
-        SHA384: 322ed1a62a9f2ed7c7f601e99a8db15371e3ba1039a73c81801165ea987679023bc36f8c357f74354dce65532b71be3c
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Code Signing PCA 2011
-      ValidFrom: '2011-07-08 20:59:09'
-      ValidTo: '2026-07-08 21:09:09'
-      Signature: 67f286a598e054791a2ed3d87467229b0b9611e163929942967dd2790c90c1655f2e2c3ef8c372d16d83febe3fe80aca3bbf47a9a3f369db63bf2235a5975d6584907d8b465055d80c927cd21a4b1cf33c428b52d0b0fd6be33e072e299be63d1ba5d4b51d779439e2e964c9443d787a23f3137da69074838df4cb2602462ac28a10bba4a9050c9bed68fa682e95a02a3f2a6b5849631f09696e5a9896e483f4c08ff3462bdefc3bd0bd35ef6e25aee5af27edd0ddf30eaf992897984d0e3d0bf20889d61fc33218e2f0c52dce5b9eb449390ac60ac2c6adaee5b2d9db1588514558383271271a7fb1f427f8de2c3a206998b25989686e6fa7b774c3400506a6012a283e823f134d660bc0b34df5e18f7f1c6f157d45a776e5402a65a3c35d526286c31d63369786dfdaf3f8f216a19a27e1cda597d0ee5d6341e35b079c873e067706d106b1751f14be6161b5f0dcc61b04bedf41c70e28eede652fec97f6a15c96d800d6a146bd59f397a5094b481099801fd00029c5b19ba53f45771e35c6d2a2a29f7a7a22fa48951fabfb472380f59ef8bf6bb74b97e2eb75781aecea379979184bffd6b3236875e6affafc8beb0b80ea693baffc30ed044c8edfdf756d63913dd19d564e4fbf805722a1781132217aef410ab13ffba8cca45dc1a1889b5771564e4845c042c99b765b0a80486bfd799fc1bd6d6d6ac95273130d7a50cd
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 610e90d2000000000003
-      Version: 3
-      TBS:
-        MD5: b4ec95434f1d45b8055077cf90540a5f
-        SHA1: 71f74db41d045d6eaf81a849bbb3e21544edcff4
-        SHA256: f6f717a43ad9abddc8cefdde1c505462535e7d1307e630f9544a2d14fe8bf26e
-        SHA384: 25cbac323e740588a1ea3ca39ea907647440884ad75fc4bd99be6c82202aba42e95049fa7b66884977e60b819b21a2a5
-    Signer:
-    - SerialNumber: 33000002528b33aaf895f339db000000000252
-      Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Code Signing PCA 2011
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 69be7d6bc33a7ee9619315180123bd46
-    SHA1: 7ee6731a37901780d7908fc3fad4474835f832bf
-    SHA256: 14ccd7b6557e31d8e57079e70c05cb15da8336c7380554b9b40f44840989f524
-  Sections:
-    .text:
-      Entropy: 6.282178701948502
-      Virtual Size: '0x7bef'
-    .rdata:
-      Entropy: 4.695628681469371
-      Virtual Size: '0x7dc'
-    .data:
-      Entropy: 2.3749984963543618
-      Virtual Size: '0x8c8'
-    .pdata:
-      Entropy: 4.376596538087973
-      Virtual Size: '0x5d0'
-    .edata:
-      Entropy: 3.9914754428646444
-      Virtual Size: '0x63'
-    INIT:
-      Entropy: 5.215237124572024
-      Virtual Size: '0x976'
-    .rsrc:
-      Entropy: 3.2836822710764215
-      Virtual Size: '0x360'
-    .reloc:
-      Entropy: 3.6567400216610486
-      Virtual Size: '0x160'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2013-01-15 23:20:00'
-  Imphash: 8ec78cf864273fd81203678b61c41f04
-  LoadsDespiteHVCI: 'TRUE'
-- Filename: NICM.SYS
-  MD5: f690bfc0799e51a626ba3931960c3173
-  SHA1: d3a6f86245212e1ef9e0e906818027ec14a239cb
-  SHA256: 904e0f7d485a98e8497d5ec6dd6e6e1cf0b8d8e067fb64a9e09790af3c8c9d5a
-  Authentihash:
-    MD5: 2e72873429bed4886fe76aeba274283e
-    SHA1: ab636e8ba41f37d2bcd5291ddf30024be7f3ce2f
-    SHA256: 7419b05e74733d2b7ce4c860ab74043b816a7f66a1ff7eec81fe3b35730e3bbb
-  Description: Novell Client Portability Layer
-  Company: Novell, Inc.
-  InternalName: ''
-  OriginalFilename: NICM.SYS
-  FileVersion: 3.1.6.0
-  Product: Novell XTier
-  ProductVersion: 3.1.6
-  Copyright: (C) Copyright 2000-2008, Novell, Inc. All Rights Reserved.
-  MachineType: I386
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  - nicm.sys
-  ExportedFunctions:
-  - DllGetClassObject
-  - XTCOM_Table
-  ImportedFunctions:
-  - RtlCopyUnicodeString
-  - RtlInitUnicodeString
-  - ExAllocatePoolWithTag
-  - ZwDeleteKey
-  - ZwEnumerateKey
-  - ZwEnumerateValueKey
-  - ZwOpenKey
-  - ZwQueryValueKey
-  - ZwSetValueKey
-  - DbgBreakPoint
-  - memset
-  - _aulldvrm
-  - DbgPrintEx
-  - RtlUpcaseUnicodeString
-  - RtlFreeUnicodeString
-  - RtlAnsiStringToUnicodeString
-  - RtlOemStringToUnicodeString
-  - RtlFreeAnsiString
-  - RtlUnicodeStringToAnsiString
-  - RtlUnicodeStringToOemString
-  - DbgPrint
-  - RtlAppendUnicodeToString
-  - RtlCompareString
-  - RtlCompareUnicodeString
-  - RtlCopyString
-  - RtlEqualString
-  - RtlEqualUnicodeString
-  - RtlInitString
-  - RtlIntegerToUnicodeString
-  - RtlUnicodeStringToInteger
-  - KeLeaveCriticalRegion
-  - KeGetCurrentThread
-  - ExAcquireResourceSharedLite
-  - RtlAppendUnicodeStringToString
-  - ExAcquireResourceExclusiveLite
-  - KeInitializeMutex
-  - ExInitializeResourceLite
-  - KeSetEvent
-  - ExDeleteResourceLite
-  - ExIsResourceAcquiredSharedLite
-  - ExIsResourceAcquiredExclusiveLite
-  - ExReleaseResourceLite
-  - KeResetEvent
-  - KeWaitForMultipleObjects
-  - _allmul
-  - KeSetPriorityThread
-  - KeQuerySystemTime
-  - IoDeleteDevice
-  - IoCreateDevice
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - RtlCompareMemory
-  - memcpy
-  - memmove
-  - IoInitializeWorkItem
-  - IoAllocateWorkItem
-  - KeCancelTimer
-  - IoFreeWorkItem
-  - IoUninitializeWorkItem
-  - KeSetTimer
-  - KeDelayExecutionThread
-  - KeInitializeDpc
-  - KeInitializeTimer
-  - IoQueueWorkItem
-  - KeTickCount
-  - KeBugCheckEx
-  - ZwCreateKey
-  - ZwClose
-  - ExFreePoolWithTag
-  - KeWaitForSingleObject
-  - KeReleaseMutex
-  - KeEnterCriticalRegion
-  - KeInitializeEvent
-  - KfAcquireSpinLock
-  - KfReleaseSpinLock
-  - ExAcquireFastMutex
-  - ExReleaseFastMutex
-  - NicmCreateInstance
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, OU=Novell Products Group, CN=Novell, Inc.
-      ValidFrom: '2007-04-04 00:00:00'
-      ValidTo: '2010-04-27 23:59:59'
-      Signature: 267f71f6ee43755fd6395f85c34bb15a72a6f2a959c2074627d294395fb1aaa4c7bbeff369d735628b233bde7e5c95a0f1837e5ad03704270834ce9c1b07649a256027930f44e064568666b06e7f9dc3cd299b38b0a6766301200ab58434a05a34a369ab99bbbf2aaa6b3603481e0393a80ea09e78a7cf55317a9590c49887f02e1fd948c3b1f6d203e91782ce423d0569f45e7f074205df5f92be6ccd9836641439af4390022242e0ca84aedb0d71c5a50f2dbd1ed30e5ac9c1bda67c694f94f2fe4aa83945ed32e426afe26f44dcb6dcc8186728f86f1a1bddc1ea7dd82b76578a42d1e63bf5f8f348fbcd509094858978e375d277394529df1dd5d78abab2
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 4808d93b14b8600dbfa18dab5d15310f
-      Version: 3
-      TBS:
-        MD5: adddb65a3a360b3c1a55cb33e426f32a
-        SHA1: 93d9b282265288a94ee4f1a01c5fb3a08badb7ac
-        SHA256: d98d63f26125a94eb767fdd2526f6c74bfb40cb4d117a1d87ca3ed0d99bd6f0b
-        SHA384: cf20d9d6343b52b05ebaeace8a75ad950089e2d55508571cf5b153583fdf2d7b11bc61b8f38bfa70f09b2e7ac63d9ef5
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 4808d93b14b8600dbfa18dab5d15310f
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 9a271840015f5068d0bd867da9c79669
-    SHA1: e758d2f4525ea5880a0cd08f8f0032d89b4bd4e7
-    SHA256: d5afe68d99aac43ff5850dd37b3184bed8f8f14e681b622515121d8000b4fbbb
-  Sections:
-    .text:
-      Entropy: 6.380228257440719
-      Virtual Size: '0x5f2d'
-    .rdata:
-      Entropy: 4.977707301726536
-      Virtual Size: '0x490'
-    .data:
-      Entropy: 3.286914336177474
-      Virtual Size: '0x4a4'
-    .edata:
-      Entropy: 4.011677463066665
-      Virtual Size: '0x63'
-    INIT:
-      Entropy: 5.486682664178041
-      Virtual Size: '0x8b0'
-    .rsrc:
-      Entropy: 3.285837261243419
-      Virtual Size: '0x358'
-    .reloc:
-      Entropy: 6.153392798668095
-      Virtual Size: '0x600'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2009-03-27 11:49:27'
-  Imphash: 0e4f5481813eeec4e5dd96e36020135f
-  LoadsDespiteHVCI: 'FALSE'
-- Filename: NICM.SYS
-  MD5: 3bf217f8ef018ca5ea20947bfdfc0a4d
-  SHA1: 26a8ab6ea80ab64d5736b9b72a39d90121156e76
-  SHA256: cf3180f5308af002ac5d6fd5b75d1340878c375f0aebc3157e3bcad6322b7190
-  Authentihash:
-    MD5: 1b164cdc9dadc9944f2d3c0063cfcaa9
-    SHA1: a13e2a1ea1c6427bc2006b1512047cc9779e480e
-    SHA256: ea80b4a2314e44061f33a7403e0740437aa34326082e97816bb6e7693866478b
-  Description: Novell Client Portability Layer
-  Company: Novell, Inc.
-  InternalName: ''
-  OriginalFilename: NICM.SYS
-  FileVersion: 3.1.6.0
-  Product: Novell XTier
-  ProductVersion: 3.1.6
-  Copyright: (C) Copyright 2000-2008, Novell, Inc. All Rights Reserved.
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - nicm.sys
-  ExportedFunctions:
-  - DllGetClassObject
-  - XTCOM_Table
-  ImportedFunctions:
-  - KeWaitForSingleObject
-  - ZwEnumerateKey
-  - ZwOpenKey
-  - ExAllocatePoolWithTag
-  - ZwCreateKey
-  - ExFreePoolWithTag
-  - ExReleaseFastMutex
-  - ExAcquireFastMutex
-  - RtlInitUnicodeString
-  - ZwSetValueKey
-  - ZwQueryValueKey
-  - ZwEnumerateValueKey
-  - ZwClose
-  - RtlAppendUnicodeStringToString
-  - RtlCopyUnicodeString
-  - ZwDeleteKey
-  - DbgBreakPoint
-  - DbgPrintEx
-  - DbgPrint
-  - RtlUpcaseUnicodeString
-  - RtlAnsiStringToUnicodeString
-  - RtlUnicodeStringToAnsiString
-  - RtlUnicodeStringToOemString
-  - RtlFreeUnicodeString
-  - RtlOemStringToUnicodeString
-  - RtlFreeAnsiString
-  - KeReleaseSpinLock
-  - KeAcquireSpinLockRaiseToDpc
-  - RtlIntegerToUnicodeString
-  - RtlAppendUnicodeToString
-  - RtlInitString
-  - RtlEqualUnicodeString
-  - RtlCompareString
-  - KeReleaseMutex
-  - RtlCompareUnicodeString
-  - RtlEqualString
-  - RtlUnicodeStringToInteger
-  - ExDeleteResourceLite
-  - ExInitializeResourceLite
-  - KeWaitForMultipleObjects
-  - ExAcquireResourceExclusiveLite
-  - KeResetEvent
-  - KeInitializeMutex
-  - KeLeaveCriticalRegion
-  - KeSetEvent
-  - ExIsResourceAcquiredSharedLite
-  - ExIsResourceAcquiredExclusiveLite
-  - KeEnterCriticalRegion
-  - ExAcquireResourceSharedLite
-  - ExReleaseResourceLite
-  - KeSetPriorityThread
-  - IoDeleteDevice
-  - IoCreateDevice
-  - PsCreateSystemThread
-  - PsTerminateSystemThread
-  - RtlCompareMemory
-  - IoUninitializeWorkItem
-  - IoFreeWorkItem
-  - KeInitializeDpc
-  - KeInitializeTimer
-  - KeDelayExecutionThread
-  - IoAllocateWorkItem
-  - KeSetTimer
-  - IoInitializeWorkItem
-  - IoQueueWorkItem
-  - KeCancelTimer
-  - KeBugCheckEx
-  - RtlCopyString
-  - KeInitializeEvent
-  - NicmCreateInstance
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3 , Microsoft
-        Software Validation v2, OU=Novell Products Group, CN=Novell, Inc.
-      ValidFrom: '2007-04-04 00:00:00'
-      ValidTo: '2010-04-27 23:59:59'
-      Signature: 267f71f6ee43755fd6395f85c34bb15a72a6f2a959c2074627d294395fb1aaa4c7bbeff369d735628b233bde7e5c95a0f1837e5ad03704270834ce9c1b07649a256027930f44e064568666b06e7f9dc3cd299b38b0a6766301200ab58434a05a34a369ab99bbbf2aaa6b3603481e0393a80ea09e78a7cf55317a9590c49887f02e1fd948c3b1f6d203e91782ce423d0569f45e7f074205df5f92be6ccd9836641439af4390022242e0ca84aedb0d71c5a50f2dbd1ed30e5ac9c1bda67c694f94f2fe4aa83945ed32e426afe26f44dcb6dcc8186728f86f1a1bddc1ea7dd82b76578a42d1e63bf5f8f348fbcd509094858978e375d277394529df1dd5d78abab2
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 4808d93b14b8600dbfa18dab5d15310f
-      Version: 3
-      TBS:
-        MD5: adddb65a3a360b3c1a55cb33e426f32a
-        SHA1: 93d9b282265288a94ee4f1a01c5fb3a08badb7ac
-        SHA256: d98d63f26125a94eb767fdd2526f6c74bfb40cb4d117a1d87ca3ed0d99bd6f0b
-        SHA384: cf20d9d6343b52b05ebaeace8a75ad950089e2d55508571cf5b153583fdf2d7b11bc61b8f38bfa70f09b2e7ac63d9ef5
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 4808d93b14b8600dbfa18dab5d15310f
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  RichPEHeaderHash:
-    MD5: 7ccba2f5532d28974864bb49f2f7ecde
-    SHA1: d70b833fc592a8822e52af45961fb0eb6675311c
-    SHA256: 2c7265667f82af5943f1c9d0a07c904f2bc44c93380430659daaabd4527fa943
-  Sections:
-    .text:
-      Entropy: 6.2707978239378175
-      Virtual Size: '0x7b1f'
-    .rdata:
-      Entropy: 4.7168552248845295
-      Virtual Size: '0x7c8'
-    .data:
-      Entropy: 2.3540808182213286
-      Virtual Size: '0x8c8'
-    .pdata:
-      Entropy: 4.31228440148608
-      Virtual Size: '0x5ac'
-    .edata:
-      Entropy: 4.011677463066665
-      Virtual Size: '0x63'
-    INIT:
-      Entropy: 5.176988201091535
-      Virtual Size: '0x96e'
-    .rsrc:
-      Entropy: 3.285837261243419
-      Virtual Size: '0x358'
-    .reloc:
-      Entropy: 3.6567400216610486
-      Virtual Size: '0x160'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2009-03-27 11:53:53'
-  Imphash: f2dc136141066311fddef65f7f417c44
-  LoadsDespiteHVCI: 'FALSE'
-Tags:
-- NICM.SYS
+-   Filename: NICM.SYS
+    MD5: 52b7cd123f6d1b9ed76b08f2ee7d9433
+    SHA1: 4d6e532830058fadd861ff9eac16de8cfc6974ce
+    SHA256: 3a65d14fd3b1b5981084cdbd293dc6f4558911ea18dd80177d1e5b54d85bcaa0
+    Authentihash:
+        MD5: cd820a2aee5e475a92f3860b20a3fc1a
+        SHA1: db97af81d295f3f7f7777d3805635ab8cc40ab44
+        SHA256: 98636f857235fb66122296db147cd29440de681a29bbd631fc94373da31f99fa
+    Description: Novell Client Portability Layer
+    Company: Novell, Inc.
+    InternalName: ''
+    OriginalFilename: NICM.SYS
+    FileVersion: 3.1.11.0
+    Product: Novell XTier
+    ProductVersion: 3.1.11
+    Copyright: (C) Copyright 2000-2013, Novell, Inc. All Rights Reserved.
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - nicm.sys
+    ExportedFunctions:
+    - DllGetClassObject
+    - XTCOM_Table
+    ImportedFunctions:
+    - KeWaitForSingleObject
+    - ExAllocatePoolWithTag
+    - ZwCreateKey
+    - ExFreePoolWithTag
+    - ExReleaseFastMutex
+    - ExAcquireFastMutex
+    - RtlInitUnicodeString
+    - ZwSetValueKey
+    - ZwQueryValueKey
+    - ZwEnumerateValueKey
+    - ZwClose
+    - RtlAppendUnicodeStringToString
+    - RtlCopyUnicodeString
+    - ZwDeleteKey
+    - ZwEnumerateKey
+    - ZwOpenKey
+    - DbgPrintEx
+    - RtlUpcaseUnicodeString
+    - RtlAnsiStringToUnicodeString
+    - RtlUnicodeStringToAnsiString
+    - RtlUnicodeStringToOemString
+    - RtlFreeUnicodeString
+    - RtlOemStringToUnicodeString
+    - RtlFreeAnsiString
+    - DbgPrint
+    - KeReleaseSpinLock
+    - KeAcquireSpinLockRaiseToDpc
+    - RtlIntegerToUnicodeString
+    - RtlAppendUnicodeToString
+    - RtlInitString
+    - RtlEqualUnicodeString
+    - RtlCompareString
+    - RtlCopyString
+    - KeReleaseMutex
+    - RtlEqualString
+    - RtlUnicodeStringToInteger
+    - ExAcquireResourceExclusiveLite
+    - KeResetEvent
+    - KeInitializeMutex
+    - KeLeaveCriticalRegion
+    - KeSetEvent
+    - ExIsResourceAcquiredSharedLite
+    - ExIsResourceAcquiredExclusiveLite
+    - KeEnterCriticalRegion
+    - ExAcquireResourceSharedLite
+    - ExReleaseResourceLite
+    - ExDeleteResourceLite
+    - ExInitializeResourceLite
+    - KeWaitForMultipleObjects
+    - KeSetPriorityThread
+    - IoDeleteDevice
+    - IoCreateDevice
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - RtlCompareMemory
+    - IoUninitializeWorkItem
+    - IoFreeWorkItem
+    - KeInitializeDpc
+    - KeInitializeTimer
+    - KeDelayExecutionThread
+    - IoAllocateWorkItem
+    - KeSetTimer
+    - IoInitializeWorkItem
+    - IoQueueWorkItem
+    - KeCancelTimer
+    - KeBugCheckEx
+    - RtlCompareUnicodeString
+    - KeInitializeEvent
+    - NicmCreateInstance
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Corporation
+            ValidFrom: '2021-09-02 18:32:59'
+            ValidTo: '2022-09-01 18:32:59'
+            Signature: 164937b92c644c4061d4db4097b062bc812c0167605f5a99f847593186d029ab18e888522d744cc45d41dce29d47d2bf91c72992f35c1a5f03ed8c984b89a109430147e54bae0ddff0f523dfc03d5796a2636fc9a24ed66453809a33d134d1a7c9e83b974953893845a84fb668eb3afa179e82a01d7a51a03492911cb591ba118ab8b230e65920c7d2b2f90bd9ae7fc3762f2e4c88162a9f8c186f3163a3c1bef8e0b7d8d04a19673eb677518f01bf0cbaaf29e15c1695d15d134cbd20131ede87f2b5a3c3226abbbab3fec5caa38b7944b8bd31e1f538012f90edc4262ead76d2055b4bd458f8e3e39dffa7260bd9a6bebb62c86ef4f58dd177761d263d9fdc626aed8eca756ab441885ab4a8417a0e1fc63860d32badda0e9a3359b18cd3eb138f33e87582346bbd80c2b966e765751c386b8e59d3a02892da1fd02a8ec9312bbead188e81385e96b4fbced3fcf5545cda9fed8faa494efef4bb4b42e318478c377123e3b8dbacbcb7fd8019dc87946a33b91a0ed6160e02f2078d847ecc5e32ac0a5b003e4d58b41eb591a9f4b1da895b139ea125c1243233922b3dec46eba91425f752ba3261fe762feda2553add6bc5d67ac3c6eb63279f74fc02e2dfcde245b806df392111c7b20564ef7650fa17135b848cbe6c925d724d907732e6e0380e05f0aa11361be21401124fe9c6f1cf2e22c6d979bd3c49e61032a8d51269
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 33000002528b33aaf895f339db000000000252
+            Version: 3
+            TBS:
+                MD5: 92b6022918bc02eb361b8a02fb1da57d
+                SHA1: 8ceb945fac0f6d623d464e21740ae6eb60351652
+                SHA256: c1446860a1cd9db490d3ea85e9df05df44af8d44e2bb803a2a2018f3b6c41bcb
+                SHA384: 322ed1a62a9f2ed7c7f601e99a8db15371e3ba1039a73c81801165ea987679023bc36f8c357f74354dce65532b71be3c
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Code Signing PCA 2011
+            ValidFrom: '2011-07-08 20:59:09'
+            ValidTo: '2026-07-08 21:09:09'
+            Signature: 67f286a598e054791a2ed3d87467229b0b9611e163929942967dd2790c90c1655f2e2c3ef8c372d16d83febe3fe80aca3bbf47a9a3f369db63bf2235a5975d6584907d8b465055d80c927cd21a4b1cf33c428b52d0b0fd6be33e072e299be63d1ba5d4b51d779439e2e964c9443d787a23f3137da69074838df4cb2602462ac28a10bba4a9050c9bed68fa682e95a02a3f2a6b5849631f09696e5a9896e483f4c08ff3462bdefc3bd0bd35ef6e25aee5af27edd0ddf30eaf992897984d0e3d0bf20889d61fc33218e2f0c52dce5b9eb449390ac60ac2c6adaee5b2d9db1588514558383271271a7fb1f427f8de2c3a206998b25989686e6fa7b774c3400506a6012a283e823f134d660bc0b34df5e18f7f1c6f157d45a776e5402a65a3c35d526286c31d63369786dfdaf3f8f216a19a27e1cda597d0ee5d6341e35b079c873e067706d106b1751f14be6161b5f0dcc61b04bedf41c70e28eede652fec97f6a15c96d800d6a146bd59f397a5094b481099801fd00029c5b19ba53f45771e35c6d2a2a29f7a7a22fa48951fabfb472380f59ef8bf6bb74b97e2eb75781aecea379979184bffd6b3236875e6affafc8beb0b80ea693baffc30ed044c8edfdf756d63913dd19d564e4fbf805722a1781132217aef410ab13ffba8cca45dc1a1889b5771564e4845c042c99b765b0a80486bfd799fc1bd6d6d6ac95273130d7a50cd
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 610e90d2000000000003
+            Version: 3
+            TBS:
+                MD5: b4ec95434f1d45b8055077cf90540a5f
+                SHA1: 71f74db41d045d6eaf81a849bbb3e21544edcff4
+                SHA256: f6f717a43ad9abddc8cefdde1c505462535e7d1307e630f9544a2d14fe8bf26e
+                SHA384: 25cbac323e740588a1ea3ca39ea907647440884ad75fc4bd99be6c82202aba42e95049fa7b66884977e60b819b21a2a5
+        Signer:
+        -   SerialNumber: 33000002528b33aaf895f339db000000000252
+            Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Code Signing PCA 2011
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 69be7d6bc33a7ee9619315180123bd46
+        SHA1: 7ee6731a37901780d7908fc3fad4474835f832bf
+        SHA256: 14ccd7b6557e31d8e57079e70c05cb15da8336c7380554b9b40f44840989f524
+    Sections:
+        .text:
+            Entropy: 6.282178701948502
+            Virtual Size: '0x7bef'
+        .rdata:
+            Entropy: 4.695628681469371
+            Virtual Size: '0x7dc'
+        .data:
+            Entropy: 2.3749984963543618
+            Virtual Size: '0x8c8'
+        .pdata:
+            Entropy: 4.376596538087973
+            Virtual Size: '0x5d0'
+        .edata:
+            Entropy: 3.9914754428646444
+            Virtual Size: '0x63'
+        INIT:
+            Entropy: 5.215237124572024
+            Virtual Size: '0x976'
+        .rsrc:
+            Entropy: 3.2836822710764215
+            Virtual Size: '0x360'
+        .reloc:
+            Entropy: 3.6567400216610486
+            Virtual Size: '0x160'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2013-01-15 23:20:00'
+    Imphash: 8ec78cf864273fd81203678b61c41f04
+    LoadsDespiteHVCI: 'TRUE'
+-   Filename: NICM.SYS
+    MD5: f690bfc0799e51a626ba3931960c3173
+    SHA1: d3a6f86245212e1ef9e0e906818027ec14a239cb
+    SHA256: 904e0f7d485a98e8497d5ec6dd6e6e1cf0b8d8e067fb64a9e09790af3c8c9d5a
+    Authentihash:
+        MD5: 2e72873429bed4886fe76aeba274283e
+        SHA1: ab636e8ba41f37d2bcd5291ddf30024be7f3ce2f
+        SHA256: 7419b05e74733d2b7ce4c860ab74043b816a7f66a1ff7eec81fe3b35730e3bbb
+    Description: Novell Client Portability Layer
+    Company: Novell, Inc.
+    InternalName: ''
+    OriginalFilename: NICM.SYS
+    FileVersion: 3.1.6.0
+    Product: Novell XTier
+    ProductVersion: 3.1.6
+    Copyright: (C) Copyright 2000-2008, Novell, Inc. All Rights Reserved.
+    MachineType: I386
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    - nicm.sys
+    ExportedFunctions:
+    - DllGetClassObject
+    - XTCOM_Table
+    ImportedFunctions:
+    - RtlCopyUnicodeString
+    - RtlInitUnicodeString
+    - ExAllocatePoolWithTag
+    - ZwDeleteKey
+    - ZwEnumerateKey
+    - ZwEnumerateValueKey
+    - ZwOpenKey
+    - ZwQueryValueKey
+    - ZwSetValueKey
+    - DbgBreakPoint
+    - memset
+    - _aulldvrm
+    - DbgPrintEx
+    - RtlUpcaseUnicodeString
+    - RtlFreeUnicodeString
+    - RtlAnsiStringToUnicodeString
+    - RtlOemStringToUnicodeString
+    - RtlFreeAnsiString
+    - RtlUnicodeStringToAnsiString
+    - RtlUnicodeStringToOemString
+    - DbgPrint
+    - RtlAppendUnicodeToString
+    - RtlCompareString
+    - RtlCompareUnicodeString
+    - RtlCopyString
+    - RtlEqualString
+    - RtlEqualUnicodeString
+    - RtlInitString
+    - RtlIntegerToUnicodeString
+    - RtlUnicodeStringToInteger
+    - KeLeaveCriticalRegion
+    - KeGetCurrentThread
+    - ExAcquireResourceSharedLite
+    - RtlAppendUnicodeStringToString
+    - ExAcquireResourceExclusiveLite
+    - KeInitializeMutex
+    - ExInitializeResourceLite
+    - KeSetEvent
+    - ExDeleteResourceLite
+    - ExIsResourceAcquiredSharedLite
+    - ExIsResourceAcquiredExclusiveLite
+    - ExReleaseResourceLite
+    - KeResetEvent
+    - KeWaitForMultipleObjects
+    - _allmul
+    - KeSetPriorityThread
+    - KeQuerySystemTime
+    - IoDeleteDevice
+    - IoCreateDevice
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - RtlCompareMemory
+    - memcpy
+    - memmove
+    - IoInitializeWorkItem
+    - IoAllocateWorkItem
+    - KeCancelTimer
+    - IoFreeWorkItem
+    - IoUninitializeWorkItem
+    - KeSetTimer
+    - KeDelayExecutionThread
+    - KeInitializeDpc
+    - KeInitializeTimer
+    - IoQueueWorkItem
+    - KeTickCount
+    - KeBugCheckEx
+    - ZwCreateKey
+    - ZwClose
+    - ExFreePoolWithTag
+    - KeWaitForSingleObject
+    - KeReleaseMutex
+    - KeEnterCriticalRegion
+    - KeInitializeEvent
+    - KfAcquireSpinLock
+    - KfReleaseSpinLock
+    - ExAcquireFastMutex
+    - ExReleaseFastMutex
+    - NicmCreateInstance
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3
+                , Microsoft Software Validation v2, OU=Novell Products Group, CN=Novell,
+                Inc.
+            ValidFrom: '2007-04-04 00:00:00'
+            ValidTo: '2010-04-27 23:59:59'
+            Signature: 267f71f6ee43755fd6395f85c34bb15a72a6f2a959c2074627d294395fb1aaa4c7bbeff369d735628b233bde7e5c95a0f1837e5ad03704270834ce9c1b07649a256027930f44e064568666b06e7f9dc3cd299b38b0a6766301200ab58434a05a34a369ab99bbbf2aaa6b3603481e0393a80ea09e78a7cf55317a9590c49887f02e1fd948c3b1f6d203e91782ce423d0569f45e7f074205df5f92be6ccd9836641439af4390022242e0ca84aedb0d71c5a50f2dbd1ed30e5ac9c1bda67c694f94f2fe4aa83945ed32e426afe26f44dcb6dcc8186728f86f1a1bddc1ea7dd82b76578a42d1e63bf5f8f348fbcd509094858978e375d277394529df1dd5d78abab2
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 4808d93b14b8600dbfa18dab5d15310f
+            Version: 3
+            TBS:
+                MD5: adddb65a3a360b3c1a55cb33e426f32a
+                SHA1: 93d9b282265288a94ee4f1a01c5fb3a08badb7ac
+                SHA256: d98d63f26125a94eb767fdd2526f6c74bfb40cb4d117a1d87ca3ed0d99bd6f0b
+                SHA384: cf20d9d6343b52b05ebaeace8a75ad950089e2d55508571cf5b153583fdf2d7b11bc61b8f38bfa70f09b2e7ac63d9ef5
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 4808d93b14b8600dbfa18dab5d15310f
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 9a271840015f5068d0bd867da9c79669
+        SHA1: e758d2f4525ea5880a0cd08f8f0032d89b4bd4e7
+        SHA256: d5afe68d99aac43ff5850dd37b3184bed8f8f14e681b622515121d8000b4fbbb
+    Sections:
+        .text:
+            Entropy: 6.380228257440719
+            Virtual Size: '0x5f2d'
+        .rdata:
+            Entropy: 4.977707301726536
+            Virtual Size: '0x490'
+        .data:
+            Entropy: 3.286914336177474
+            Virtual Size: '0x4a4'
+        .edata:
+            Entropy: 4.011677463066665
+            Virtual Size: '0x63'
+        INIT:
+            Entropy: 5.486682664178041
+            Virtual Size: '0x8b0'
+        .rsrc:
+            Entropy: 3.285837261243419
+            Virtual Size: '0x358'
+        .reloc:
+            Entropy: 6.153392798668095
+            Virtual Size: '0x600'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2009-03-27 11:49:27'
+    Imphash: 0e4f5481813eeec4e5dd96e36020135f
+    LoadsDespiteHVCI: 'FALSE'
+-   Filename: NICM.SYS
+    MD5: 3bf217f8ef018ca5ea20947bfdfc0a4d
+    SHA1: 26a8ab6ea80ab64d5736b9b72a39d90121156e76
+    SHA256: cf3180f5308af002ac5d6fd5b75d1340878c375f0aebc3157e3bcad6322b7190
+    Authentihash:
+        MD5: 1b164cdc9dadc9944f2d3c0063cfcaa9
+        SHA1: a13e2a1ea1c6427bc2006b1512047cc9779e480e
+        SHA256: ea80b4a2314e44061f33a7403e0740437aa34326082e97816bb6e7693866478b
+    Description: Novell Client Portability Layer
+    Company: Novell, Inc.
+    InternalName: ''
+    OriginalFilename: NICM.SYS
+    FileVersion: 3.1.6.0
+    Product: Novell XTier
+    ProductVersion: 3.1.6
+    Copyright: (C) Copyright 2000-2008, Novell, Inc. All Rights Reserved.
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - nicm.sys
+    ExportedFunctions:
+    - DllGetClassObject
+    - XTCOM_Table
+    ImportedFunctions:
+    - KeWaitForSingleObject
+    - ZwEnumerateKey
+    - ZwOpenKey
+    - ExAllocatePoolWithTag
+    - ZwCreateKey
+    - ExFreePoolWithTag
+    - ExReleaseFastMutex
+    - ExAcquireFastMutex
+    - RtlInitUnicodeString
+    - ZwSetValueKey
+    - ZwQueryValueKey
+    - ZwEnumerateValueKey
+    - ZwClose
+    - RtlAppendUnicodeStringToString
+    - RtlCopyUnicodeString
+    - ZwDeleteKey
+    - DbgBreakPoint
+    - DbgPrintEx
+    - DbgPrint
+    - RtlUpcaseUnicodeString
+    - RtlAnsiStringToUnicodeString
+    - RtlUnicodeStringToAnsiString
+    - RtlUnicodeStringToOemString
+    - RtlFreeUnicodeString
+    - RtlOemStringToUnicodeString
+    - RtlFreeAnsiString
+    - KeReleaseSpinLock
+    - KeAcquireSpinLockRaiseToDpc
+    - RtlIntegerToUnicodeString
+    - RtlAppendUnicodeToString
+    - RtlInitString
+    - RtlEqualUnicodeString
+    - RtlCompareString
+    - KeReleaseMutex
+    - RtlCompareUnicodeString
+    - RtlEqualString
+    - RtlUnicodeStringToInteger
+    - ExDeleteResourceLite
+    - ExInitializeResourceLite
+    - KeWaitForMultipleObjects
+    - ExAcquireResourceExclusiveLite
+    - KeResetEvent
+    - KeInitializeMutex
+    - KeLeaveCriticalRegion
+    - KeSetEvent
+    - ExIsResourceAcquiredSharedLite
+    - ExIsResourceAcquiredExclusiveLite
+    - KeEnterCriticalRegion
+    - ExAcquireResourceSharedLite
+    - ExReleaseResourceLite
+    - KeSetPriorityThread
+    - IoDeleteDevice
+    - IoCreateDevice
+    - PsCreateSystemThread
+    - PsTerminateSystemThread
+    - RtlCompareMemory
+    - IoUninitializeWorkItem
+    - IoFreeWorkItem
+    - KeInitializeDpc
+    - KeInitializeTimer
+    - KeDelayExecutionThread
+    - IoAllocateWorkItem
+    - KeSetTimer
+    - IoInitializeWorkItem
+    - IoQueueWorkItem
+    - KeCancelTimer
+    - KeBugCheckEx
+    - RtlCopyString
+    - KeInitializeEvent
+    - NicmCreateInstance
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3
+                , Microsoft Software Validation v2, OU=Novell Products Group, CN=Novell,
+                Inc.
+            ValidFrom: '2007-04-04 00:00:00'
+            ValidTo: '2010-04-27 23:59:59'
+            Signature: 267f71f6ee43755fd6395f85c34bb15a72a6f2a959c2074627d294395fb1aaa4c7bbeff369d735628b233bde7e5c95a0f1837e5ad03704270834ce9c1b07649a256027930f44e064568666b06e7f9dc3cd299b38b0a6766301200ab58434a05a34a369ab99bbbf2aaa6b3603481e0393a80ea09e78a7cf55317a9590c49887f02e1fd948c3b1f6d203e91782ce423d0569f45e7f074205df5f92be6ccd9836641439af4390022242e0ca84aedb0d71c5a50f2dbd1ed30e5ac9c1bda67c694f94f2fe4aa83945ed32e426afe26f44dcb6dcc8186728f86f1a1bddc1ea7dd82b76578a42d1e63bf5f8f348fbcd509094858978e375d277394529df1dd5d78abab2
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 4808d93b14b8600dbfa18dab5d15310f
+            Version: 3
+            TBS:
+                MD5: adddb65a3a360b3c1a55cb33e426f32a
+                SHA1: 93d9b282265288a94ee4f1a01c5fb3a08badb7ac
+                SHA256: d98d63f26125a94eb767fdd2526f6c74bfb40cb4d117a1d87ca3ed0d99bd6f0b
+                SHA384: cf20d9d6343b52b05ebaeace8a75ad950089e2d55508571cf5b153583fdf2d7b11bc61b8f38bfa70f09b2e7ac63d9ef5
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 4808d93b14b8600dbfa18dab5d15310f
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    RichPEHeaderHash:
+        MD5: 7ccba2f5532d28974864bb49f2f7ecde
+        SHA1: d70b833fc592a8822e52af45961fb0eb6675311c
+        SHA256: 2c7265667f82af5943f1c9d0a07c904f2bc44c93380430659daaabd4527fa943
+    Sections:
+        .text:
+            Entropy: 6.2707978239378175
+            Virtual Size: '0x7b1f'
+        .rdata:
+            Entropy: 4.7168552248845295
+            Virtual Size: '0x7c8'
+        .data:
+            Entropy: 2.3540808182213286
+            Virtual Size: '0x8c8'
+        .pdata:
+            Entropy: 4.31228440148608
+            Virtual Size: '0x5ac'
+        .edata:
+            Entropy: 4.011677463066665
+            Virtual Size: '0x63'
+        INIT:
+            Entropy: 5.176988201091535
+            Virtual Size: '0x96e'
+        .rsrc:
+            Entropy: 3.285837261243419
+            Virtual Size: '0x358'
+        .reloc:
+            Entropy: 3.6567400216610486
+            Virtual Size: '0x160'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2009-03-27 11:53:53'
+    Imphash: f2dc136141066311fddef65f7f417c44
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/f4990bdd-8821-4a3c-a11a-4651e645810c.yaml b/yaml/f4990bdd-8821-4a3c-a11a-4651e645810c.yaml
index fb566fdc9..8148ef5f1 100644
--- a/yaml/f4990bdd-8821-4a3c-a11a-4651e645810c.yaml
+++ b/yaml/f4990bdd-8821-4a3c-a11a-4651e645810c.yaml
@@ -1,196 +1,197 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: f4990bdd-8821-4a3c-a11a-4651e645810c
+Tags:
+- IOMap64.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create IOMap64.sys binPath=C:\windows\temp\IOMap64.sys type=kernel
-    && sc.exe start IOMap64.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/ea85bbe63d6f66f7efee7007e770af820d57f914c7f179c5fee3ef2845f19c41.yara
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: f4990bdd-8821-4a3c-a11a-4651e645810c
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 3d840e2458fef30b0871bf1c13b060ff
-    SHA1: 63b773c3c8308ddfa783b318d0ea67724fa1dc2f
-    SHA256: 34b3acdeac5002880071f73b70aa3abd3a6facb9e281b5c93cc82a7a8a6d5cc1
-  Company: ASUSTeK Computer Inc.
-  Copyright: Copyright 2010 ASUSTeK Computer Inc.
-  CreationTimestamp: '2010-02-04 18:55:34'
-  Date: ''
-  Description: 'ASUS Kernel Mode Driver for NT '
-  ExportedFunctions: ''
-  FileVersion: '1.00'
-  Filename: IOMap64.sys
-  ImportedFunctions:
-  - KeInitializeMutex
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - PoStartNextPowerIrp
-  - IofCompleteRequest
-  - ExFreePoolWithTag
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - IofCallDriver
-  - KeReleaseMutex
-  - KeWaitForSingleObject
-  - KeBugCheckEx
-  - IoDeleteSymbolicLink
-  - PoCallDriver
-  - ExAllocatePoolWithTag
-  - HalTranslateBusAddress
-  - KeStallExecutionProcessor
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: IOMap.sys
-  MD5: a01c412699b6f21645b2885c2bae4454
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: IOMap.sys
-  Product: 'ASUS Kernel Mode Driver for NT '
-  ProductVersion: '1.00'
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: fbccc3a104df27d5cfc3732e79242335
-    SHA1: f43a074e5d0724463bece3b665b3602a0642ceb1
-    SHA256: 9da8629da77396f72801318b4779adec059769739c20388b7552c8dd6f54999d
-  SHA1: 2fc6845047abcf2a918fce89ab99e4955d08e72c
-  SHA256: ea85bbe63d6f66f7efee7007e770af820d57f914c7f179c5fee3ef2845f19c41
-  Sections:
-    .text:
-      Entropy: 6.34225561921043
-      Virtual Size: '0x2b08'
-    .rdata:
-      Entropy: 4.599132287329003
-      Virtual Size: '0x264'
-    .data:
-      Entropy: 0.30140680731160896
-      Virtual Size: '0x368'
-    .pdata:
-      Entropy: 3.885379359516789
-      Virtual Size: '0x174'
-    INIT:
-      Entropy: 5.022850878062124
-      Virtual Size: '0x308'
-    .rsrc:
-      Entropy: 3.2496696786658736
-      Virtual Size: '0x410'
-  Signature:
-  - ASUSTeK Computer Inc.
-  - VeriSign Class 3 Code Signing 2009-2 CA
-  - VeriSign Class 3 Public Primary CA
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      ValidFrom: '2009-05-21 00:00:00'
-      ValidTo: '2019-05-20 23:59:59'
-      Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 655226e1b22e18e1590f2985ac22e75c
-      Version: 3
-      TBS:
-        MD5: 650704c342850095f3288eaf791147d4
-        SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
-        SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
-        SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=TW, ST=Taiwan, L=Taipei / Peitou, O=ASUSTeK Computer Inc., OU=Digital
-        ID Class 3 , Microsoft Software Validation v2, OU=Quality Testing Department,
-        CN=ASUSTeK Computer Inc.
-      ValidFrom: '2009-08-03 00:00:00'
-      ValidTo: '2012-08-03 23:59:59'
-      Signature: bdc1dedf888c617c55af86763028f36094aeaadb7ebe82208e02d910305a252b4156a62a7f17366536fde06c13ff2bd8891e303a1e8c5c3cdb5fb257627367e3b6446b76c8080f61feac4424c5ef89467a79dc55fcb929805b727a10b39493038f97535686250f46e169bc85a02fb1f8a2626235a540e058084d1b17dbb7c426e76a8d3c2b3e2c0c4f33b9d6cc8d7a3590f8f61358ea5380ee0af3df7197dc4a615bcef1bcd119dba007d955d1acd14b42ab89d3539047d13d3e767de04ab5aa289fa0a698a582e84a5a65a1c9fabed2f75576629e8ad1826b68f2fca2baa751745f5ec968ed91cdf9761244a80b8c0d957900297ac3523c7a20c64e35be1b0a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 12d5c9e2949d48abaccd3514f0fb22ad
-      Version: 3
-      TBS:
-        MD5: a8e2727ca2cb8705c02aaef015feb372
-        SHA1: 94a0711ecebe96729e048ae1c7de9c4ba5c25ec4
-        SHA256: dd670882ef38bfeecfb2865ad06f52e36b07f99fbf5937b2ede58178d2221961
-        SHA384: 508037c851d72d2bf8f35ba25436903a510d02d58f923b6d2c694a9a27f4a82b0b0953ee7b3c68078faafe3886a64aa4
-    Signer:
-    - SerialNumber: 12d5c9e2949d48abaccd3514f0fb22ad
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2
-        CA
-      Version: 1
-  Imphash: 9928d53dbe860aba1b7c891831680629
-  LoadsDespiteHVCI: 'TRUE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create IOMap64.sys binPath=C:\windows\temp\IOMap64.sys type=kernel
+        && sc.exe start IOMap64.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://github.com/elastic/protections-artifacts/search?q=VulnDriver
-Tags:
-- IOMap64.sys
-Verified: 'TRUE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/ea85bbe63d6f66f7efee7007e770af820d57f914c7f179c5fee3ef2845f19c41.yara
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 3d840e2458fef30b0871bf1c13b060ff
+        SHA1: 63b773c3c8308ddfa783b318d0ea67724fa1dc2f
+        SHA256: 34b3acdeac5002880071f73b70aa3abd3a6facb9e281b5c93cc82a7a8a6d5cc1
+    Company: ASUSTeK Computer Inc.
+    Copyright: Copyright 2010 ASUSTeK Computer Inc.
+    CreationTimestamp: '2010-02-04 18:55:34'
+    Date: ''
+    Description: 'ASUS Kernel Mode Driver for NT '
+    ExportedFunctions: ''
+    FileVersion: '1.00'
+    Filename: IOMap64.sys
+    ImportedFunctions:
+    - KeInitializeMutex
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - PoStartNextPowerIrp
+    - IofCompleteRequest
+    - ExFreePoolWithTag
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - IofCallDriver
+    - KeReleaseMutex
+    - KeWaitForSingleObject
+    - KeBugCheckEx
+    - IoDeleteSymbolicLink
+    - PoCallDriver
+    - ExAllocatePoolWithTag
+    - HalTranslateBusAddress
+    - KeStallExecutionProcessor
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: IOMap.sys
+    MD5: a01c412699b6f21645b2885c2bae4454
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: IOMap.sys
+    Product: 'ASUS Kernel Mode Driver for NT '
+    ProductVersion: '1.00'
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: fbccc3a104df27d5cfc3732e79242335
+        SHA1: f43a074e5d0724463bece3b665b3602a0642ceb1
+        SHA256: 9da8629da77396f72801318b4779adec059769739c20388b7552c8dd6f54999d
+    SHA1: 2fc6845047abcf2a918fce89ab99e4955d08e72c
+    SHA256: ea85bbe63d6f66f7efee7007e770af820d57f914c7f179c5fee3ef2845f19c41
+    Sections:
+        .text:
+            Entropy: 6.34225561921043
+            Virtual Size: '0x2b08'
+        .rdata:
+            Entropy: 4.599132287329003
+            Virtual Size: '0x264'
+        .data:
+            Entropy: 0.30140680731160896
+            Virtual Size: '0x368'
+        .pdata:
+            Entropy: 3.885379359516789
+            Virtual Size: '0x174'
+        INIT:
+            Entropy: 5.022850878062124
+            Virtual Size: '0x308'
+        .rsrc:
+            Entropy: 3.2496696786658736
+            Virtual Size: '0x410'
+    Signature:
+    - ASUSTeK Computer Inc.
+    - VeriSign Class 3 Code Signing 2009-2 CA
+    - VeriSign Class 3 Public Primary CA
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            ValidFrom: '2009-05-21 00:00:00'
+            ValidTo: '2019-05-20 23:59:59'
+            Signature: 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 655226e1b22e18e1590f2985ac22e75c
+            Version: 3
+            TBS:
+                MD5: 650704c342850095f3288eaf791147d4
+                SHA1: 4cdc38c800761463749c3cbd94a12f32e49877bf
+                SHA256: 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214
+                SHA384: 2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=TW, ST=Taiwan, L=Taipei / Peitou, O=ASUSTeK Computer Inc.,
+                OU=Digital ID Class 3 , Microsoft Software Validation v2, OU=Quality
+                Testing Department, CN=ASUSTeK Computer Inc.
+            ValidFrom: '2009-08-03 00:00:00'
+            ValidTo: '2012-08-03 23:59:59'
+            Signature: bdc1dedf888c617c55af86763028f36094aeaadb7ebe82208e02d910305a252b4156a62a7f17366536fde06c13ff2bd8891e303a1e8c5c3cdb5fb257627367e3b6446b76c8080f61feac4424c5ef89467a79dc55fcb929805b727a10b39493038f97535686250f46e169bc85a02fb1f8a2626235a540e058084d1b17dbb7c426e76a8d3c2b3e2c0c4f33b9d6cc8d7a3590f8f61358ea5380ee0af3df7197dc4a615bcef1bcd119dba007d955d1acd14b42ab89d3539047d13d3e767de04ab5aa289fa0a698a582e84a5a65a1c9fabed2f75576629e8ad1826b68f2fca2baa751745f5ec968ed91cdf9761244a80b8c0d957900297ac3523c7a20c64e35be1b0a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 12d5c9e2949d48abaccd3514f0fb22ad
+            Version: 3
+            TBS:
+                MD5: a8e2727ca2cb8705c02aaef015feb372
+                SHA1: 94a0711ecebe96729e048ae1c7de9c4ba5c25ec4
+                SHA256: dd670882ef38bfeecfb2865ad06f52e36b07f99fbf5937b2ede58178d2221961
+                SHA384: 508037c851d72d2bf8f35ba25436903a510d02d58f923b6d2c694a9a27f4a82b0b0953ee7b3c68078faafe3886a64aa4
+        Signer:
+        -   SerialNumber: 12d5c9e2949d48abaccd3514f0fb22ad
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code
+                Signing 2009,2 CA
+            Version: 1
+    Imphash: 9928d53dbe860aba1b7c891831680629
+    LoadsDespiteHVCI: 'TRUE'
diff --git a/yaml/f4c22f4d-eff8-40c5-8b31-146abe5f17b7.yaml b/yaml/f4c22f4d-eff8-40c5-8b31-146abe5f17b7.yaml
index 60a23449c..64d835c18 100644
--- a/yaml/f4c22f4d-eff8-40c5-8b31-146abe5f17b7.yaml
+++ b/yaml/f4c22f4d-eff8-40c5-8b31-146abe5f17b7.yaml
@@ -1,229 +1,230 @@
-Acknowledgement:
-  Handle: hfiref0x
-  Person: hfiref0x
+Id: f4c22f4d-eff8-40c5-8b31-146abe5f17b7
+Tags:
+- physmem.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create physmem.sys binPath=C:\windows\temp\physmem.sys type=kernel
-    && sc.exe start physmem.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/c299063e3eae8ddc15839767e83b9808fd43418dc5a1af7e4f44b97ba53fbd3d.yara
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: f4c22f4d-eff8-40c5-8b31-146abe5f17b7
-KnownVulnerableSamples:
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: physmem.sys
-  MachineType: ''
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-  Signature: []
-  LoadsDespiteHVCI: 'TRUE'
-- Authentihash:
-    MD5: f2cd816e7f899442730b832a2e03797e
-    SHA1: fd0cb3ea1deb4fdb22536a7c15669eb53315e5c8
-    SHA256: 03a831e18d933954d432187835e0d6aea8bf10fd84dfbe36a23366e2b0538a11
-  Company: "Hilscher Gesellschaft f\xFCr Systemaoutomation mbH"
-  Copyright: "\xA9 Hilscher Gesellschaft f\xFCr Systemaoutomation mbH. All rights\
-    \ reserved."
-  CreationTimestamp: '2015-03-03 03:41:21'
-  Date: ''
-  Description: Physical Memory Access Driver
-  ExportedFunctions: ''
-  FileVersion: 1.0.0.0
-  Filename: physmem.sys
-  ImportedFunctions:
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - ExAllocatePoolWithQuotaTag
-  - KeBugCheckEx
-  - MmGetSystemRoutineAddress
-  - IoCreateDevice
-  - ZwClose
-  - ObOpenObjectByPointer
-  - ZwSetSecurityObject
-  - IoDeviceObjectType
-  - _snwprintf
-  - RtlLengthSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - RtlCreateSecurityDescriptor
-  - RtlSetDaclSecurityDescriptor
-  - RtlAbsoluteToSelfRelativeSD
-  - IoIsWdmVersionAvailable
-  - SeExports
-  - wcschr
-  - _wcsnicmp
-  - ExAllocatePoolWithTag
-  - RtlLengthSid
-  - RtlAddAccessAllowedAce
-  - RtlGetSaclSecurityDescriptor
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - ZwOpenKey
-  - ZwCreateKey
-  - ZwQueryValueKey
-  - ZwSetValueKey
-  - RtlFreeUnicodeString
-  Imports:
-  - ntoskrnl.exe
-  InternalName: physmem.sys
-  MD5: a0e2223868b6133c5712ba5ed20c3e8a
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: physmem.sys
-  Product: Physical Memory Access Driver
-  ProductVersion: 1.0.0.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: e6cc56ca27c747f0eac9bf069c3fa6bd
-    SHA1: fbccb687d26acddde11a3bdffffc25f203c5e2c5
-    SHA256: 2587386d839f45995acd720c0492f5cd11a36b6ad2ec4c4e43d7b2a4abfe38f2
-  SHA1: 17614fdee3b89272e99758983b99111cbb1b312c
-  SHA256: c299063e3eae8ddc15839767e83b9808fd43418dc5a1af7e4f44b97ba53fbd3d
-  Sections:
-    .text:
-      Entropy: 6.027791363175618
-      Virtual Size: '0x9a4'
-    .rdata:
-      Entropy: 4.406909342132945
-      Virtual Size: '0x6a4'
-    .data:
-      Entropy: 1.4415102248217193
-      Virtual Size: '0x2fc'
-    .pdata:
-      Entropy: 4.084260584440838
-      Virtual Size: '0x234'
-    PAGE:
-      Entropy: 6.207000209026155
-      Virtual Size: '0x1b74'
-    INIT:
-      Entropy: 5.390231391811294
-      Virtual Size: '0x72e'
-    .rsrc:
-      Entropy: 3.2825157034395094
-      Virtual Size: '0x410'
-    .reloc:
-      Entropy: 1.2280731978955797
-      Virtual Size: '0x60'
-  Signature: []
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Timestamping CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2028-01-28 12:00:00'
-      Signature: 4e5e56901e46b4d94931f3bb1739281bc216ddfd41dc0905049b6fb2a29ad6992e40990055b5ea3fa52076d38634d417cc553ac782eeefa8babcd8069f1550dfcd167b523a02d7191afdaff0785ce04bc518df3a241edaacb8a95804020730dbb0125efe31bef00448f4f070f83a5e5683cf3dfb0dbcf4c5ed979db9d4dba52784e3389b8ba735864420a43b6da46a0ba183fd28ebdaef28f6cc885dfb0a3b00abe021ebe22f356c0f8e344597eba2f79933357ecb9a8abb454de73f9fc2d98afa65b26ec77e65ffe892e12c31a2f7b02736488f266f3bee4d761f79c3e57f9635bc2d0ecc01b08e7fff518080a792d4b34446648c874f166307314b63b0dff3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee152d7
-      Version: 3
-      TBS:
-        MD5: e140543fe3256027cfa79fc3c19c1776
-        SHA1: c655f94eb1ecc93de319fc0c9a2dc6c5ec063728
-        SHA256: 3ca71e85908ff67368e4dc00253f5691b9e6d50c966e7784143d75fb92aa3448
-        SHA384: d9d366f9328f2b55ee19a32cc5fd5148b81d764282fe5dc196c872ae249caa51d2c212ef39f33945dfe0cda81925e326
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=SG, O=GMO GlobalSign Pte Ltd, CN=GlobalSign TSA for MS Authenticode
-        , G1
-      ValidFrom: '2013-08-23 00:00:00'
-      ValidTo: '2024-09-23 00:00:00'
-      Signature: 0231142e5857644185e8af12753c881cc35eec2ce9a13cf5baaa531db9d12963dc436786d439dadec6c9ffbe4585f4a4d7c151ea18ee40585ee67bcca241291338c8ea21169cce90a62efba6cad994df401df902182bbef65d4f9fff9a48dbc50509ca80cea0f9dc4bc323e6038fb4b4af5b71296191181a6b7af2fd0dd1cd7d5e98ebba705ee5f4ea43de353dc514818adb3e105ebb72faa1a093ab031cc1653c91138b045d2bc4b9161bcc55c50ce8abe743c9b28328a5531347ab3964b91cea3430b176009521f1d43da8fda00032d76e983ca69c3b0b83becbb8bb2a268c59b8b9aeaf26ace234a2dc210d810b3813f745a3e3dbc4aca16d1bb7e5615cd7
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1121405c1f0ed258882be54d8686ba11ea45
-      Version: 3
-      TBS:
-        MD5: b95cbc184d388718612d5933f7b36770
-        SHA1: ff124c5d160710720108616ffee99bbe090ed363
-        SHA256: 13027620255363f07bbf85ae7d0dc06c07d8b0f4368b12f983ee3f4fce605733
-        SHA384: f42ed00f615f2822dcd3d33794477428afb52ddab932ebcde3586f92a27e18f9faba6b3334ca4e59e0cb24bdbf8395a6
-    - Subject: C=DE, ST=Hessen, L=Hattersheim, O=Hilscher Gesellschaft fuer Systemautomation
-        mbH, OU=Entwicklung, CN=Hilscher Gesellschaft fuer Systemautomation mbH
-      ValidFrom: '2012-10-16 17:12:03'
-      ValidTo: '2015-10-17 17:12:03'
-      Signature: a36a6ca0e8d7a5e3bdcde809e45422bdebd5f09b9a38ed003a7ceeb21a000268ccdd35e5887ed196c4a6d0994d557138e23bd2591e6e2e09008f3e8c62983609f12c4b910b4a17c32a772bc473321142415fd35003967debc7c029460615ed66fd427d1b440fa7ed2190ff6afd85e35bb9879b9b76959d9ebd661cd87b15e38b030610b1c88f9f36b4515a0b085c56cb9fd04623de00fe27d3ae86138c9c6ac9170f26314bad5c9225d7d27ab80a1f767d8db55ef55ccc8b544e465ff5243059f7e9af7d50b8493cbdb0f5a178669b870c1dc0e7cfdc6ed902837c94a0b972f273c3e8b3f3142aab2bd9f4c29e671a8f5655e39579d015488d50b5ed23a5b687
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 1121d48f27abe17574473e4066a863792d46
-      Version: 3
-      TBS:
-        MD5: a0b38273556ad764038918e68194eec5
-        SHA1: d56fdcc2f77abef441098296982738c5ee38a581
-        SHA256: a05023adb30251cf5d067da276c9cbac05e6c6effcd4af6afbc7f0da0b028c36
-        SHA384: 22132b899076c26e5398232e59454abe49d2a22eb701dca9924da4bc7da6eb18c677c4d4a980bb6b1b0fb0e8cad2fd2a
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2011-04-15 19:55:08'
-      ValidTo: '2021-04-15 20:05:08'
-      Signature: 5ff8d065746a81c6a6ca5b03b6914ae84bbdef2ba142f0efb4a5adcd3389ec0b9585ac62501108aa58d25aa08310e5a6337af25af2c5fe787cf09c83df190ad97396002dd62ccde914d41d9de83f3c1a76f7904efb01350a6c9313a0c356eb67a0e4d17a96dec267f190f80a7bf5321b94ec5f751f8d1b34da6c58a7cb2d279e2226b7c9aa30cc0777b836e38201b5393ccc8dd9a75f7f23b3877fdb5798918bd7ce2520e39d644fdd87f72b68490318e0a5df7c5f68644d36838d4781f2e9e0a869abfa7b163c05a449ea8830190a6c73055178dfd41ddd3ad47f2de44e54be83431e7a7433b4a4ebd77073bc2a02988966eef6bc8f749378e329025a5a43e258ce7ccf9acad236893be25fda26054ec8d4e72c910e1797c5beee8b13112323294ffa83d050f6bafad53db3173df4ff034aa325dce67561d1fa35086bd62744d068b78d45e0eb852cc8a15d614474160e5958aed2b5eea5bcd6d7076ab62978fd976767dd8d4f17944fd2ed0caf972437c3a29c81da6be143b6577b4cecbf791319e79fe844e94781b75e701e91f83dd17b27f50b7056434805dda92fab86101d0b12e31ad04c6e75ded645b30b748887935c564a41029af7aeb799d8b67f88fa11f2457cf4d71b91c01cf1a0fbd4080a411a142acef4eb34486e66879ed54b7a397fbb0e3d3861cf735706e412066bd96b5308cd7018c22d4f974691bca9f0
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 6129152700000000002a
-      Version: 3
-      TBS:
-        MD5: 0bb058d116f02817737920f112d9fd3b
-        SHA1: fd116235171a4feafedee586b7a59185fb5fd7e6
-        SHA256: f970426cc46d2ae0fc5f899fa19dbe76e05f07e525654c60c3c9399492c291f4
-        SHA384: c0df876be008c26ca407fe904e6f5e7ccded17f9c16830ce9f8022309c9e64c97f494810f152811ae43e223b82ad7cc6
-    Signer:
-    - SerialNumber: 1121d48f27abe17574473e4066a863792d46
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: e5af2438da6df2aa9750aa632c80cfa4
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create physmem.sys binPath=C:\windows\temp\physmem.sys type=kernel
+        && sc.exe start physmem.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://github.com/jbaines-r7/dellicious
 - https://www.rapid7.com/blog/post/2021/12/13/driver-based-attacks-past-and-present/
 - https://github.com/magicsword-io/LOLDrivers/issues/55
 - https://github.com/hfiref0x/KDU
-Tags:
-- physmem.sys
-Verified: 'TRUE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/c299063e3eae8ddc15839767e83b9808fd43418dc5a1af7e4f44b97ba53fbd3d.yara
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: hfiref0x
+    Person: hfiref0x
+KnownVulnerableSamples:
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: physmem.sys
+    MachineType: ''
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+    Signature: []
+    LoadsDespiteHVCI: 'TRUE'
+-   Authentihash:
+        MD5: f2cd816e7f899442730b832a2e03797e
+        SHA1: fd0cb3ea1deb4fdb22536a7c15669eb53315e5c8
+        SHA256: 03a831e18d933954d432187835e0d6aea8bf10fd84dfbe36a23366e2b0538a11
+    Company: "Hilscher Gesellschaft f\xFCr Systemaoutomation mbH"
+    Copyright: "\xA9 Hilscher Gesellschaft f\xFCr Systemaoutomation mbH. All rights\
+        \ reserved."
+    CreationTimestamp: '2015-03-03 03:41:21'
+    Date: ''
+    Description: Physical Memory Access Driver
+    ExportedFunctions: ''
+    FileVersion: 1.0.0.0
+    Filename: physmem.sys
+    ImportedFunctions:
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - ExAllocatePoolWithQuotaTag
+    - KeBugCheckEx
+    - MmGetSystemRoutineAddress
+    - IoCreateDevice
+    - ZwClose
+    - ObOpenObjectByPointer
+    - ZwSetSecurityObject
+    - IoDeviceObjectType
+    - _snwprintf
+    - RtlLengthSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - RtlCreateSecurityDescriptor
+    - RtlSetDaclSecurityDescriptor
+    - RtlAbsoluteToSelfRelativeSD
+    - IoIsWdmVersionAvailable
+    - SeExports
+    - wcschr
+    - _wcsnicmp
+    - ExAllocatePoolWithTag
+    - RtlLengthSid
+    - RtlAddAccessAllowedAce
+    - RtlGetSaclSecurityDescriptor
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - ZwOpenKey
+    - ZwCreateKey
+    - ZwQueryValueKey
+    - ZwSetValueKey
+    - RtlFreeUnicodeString
+    Imports:
+    - ntoskrnl.exe
+    InternalName: physmem.sys
+    MD5: a0e2223868b6133c5712ba5ed20c3e8a
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: physmem.sys
+    Product: Physical Memory Access Driver
+    ProductVersion: 1.0.0.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: e6cc56ca27c747f0eac9bf069c3fa6bd
+        SHA1: fbccb687d26acddde11a3bdffffc25f203c5e2c5
+        SHA256: 2587386d839f45995acd720c0492f5cd11a36b6ad2ec4c4e43d7b2a4abfe38f2
+    SHA1: 17614fdee3b89272e99758983b99111cbb1b312c
+    SHA256: c299063e3eae8ddc15839767e83b9808fd43418dc5a1af7e4f44b97ba53fbd3d
+    Sections:
+        .text:
+            Entropy: 6.027791363175618
+            Virtual Size: '0x9a4'
+        .rdata:
+            Entropy: 4.406909342132945
+            Virtual Size: '0x6a4'
+        .data:
+            Entropy: 1.4415102248217193
+            Virtual Size: '0x2fc'
+        .pdata:
+            Entropy: 4.084260584440838
+            Virtual Size: '0x234'
+        PAGE:
+            Entropy: 6.207000209026155
+            Virtual Size: '0x1b74'
+        INIT:
+            Entropy: 5.390231391811294
+            Virtual Size: '0x72e'
+        .rsrc:
+            Entropy: 3.2825157034395094
+            Virtual Size: '0x410'
+        .reloc:
+            Entropy: 1.2280731978955797
+            Virtual Size: '0x60'
+    Signature: []
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign Timestamping CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2028-01-28 12:00:00'
+            Signature: 4e5e56901e46b4d94931f3bb1739281bc216ddfd41dc0905049b6fb2a29ad6992e40990055b5ea3fa52076d38634d417cc553ac782eeefa8babcd8069f1550dfcd167b523a02d7191afdaff0785ce04bc518df3a241edaacb8a95804020730dbb0125efe31bef00448f4f070f83a5e5683cf3dfb0dbcf4c5ed979db9d4dba52784e3389b8ba735864420a43b6da46a0ba183fd28ebdaef28f6cc885dfb0a3b00abe021ebe22f356c0f8e344597eba2f79933357ecb9a8abb454de73f9fc2d98afa65b26ec77e65ffe892e12c31a2f7b02736488f266f3bee4d761f79c3e57f9635bc2d0ecc01b08e7fff518080a792d4b34446648c874f166307314b63b0dff3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee152d7
+            Version: 3
+            TBS:
+                MD5: e140543fe3256027cfa79fc3c19c1776
+                SHA1: c655f94eb1ecc93de319fc0c9a2dc6c5ec063728
+                SHA256: 3ca71e85908ff67368e4dc00253f5691b9e6d50c966e7784143d75fb92aa3448
+                SHA384: d9d366f9328f2b55ee19a32cc5fd5148b81d764282fe5dc196c872ae249caa51d2c212ef39f33945dfe0cda81925e326
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=SG, O=GMO GlobalSign Pte Ltd, CN=GlobalSign TSA for MS Authenticode
+                , G1
+            ValidFrom: '2013-08-23 00:00:00'
+            ValidTo: '2024-09-23 00:00:00'
+            Signature: 0231142e5857644185e8af12753c881cc35eec2ce9a13cf5baaa531db9d12963dc436786d439dadec6c9ffbe4585f4a4d7c151ea18ee40585ee67bcca241291338c8ea21169cce90a62efba6cad994df401df902182bbef65d4f9fff9a48dbc50509ca80cea0f9dc4bc323e6038fb4b4af5b71296191181a6b7af2fd0dd1cd7d5e98ebba705ee5f4ea43de353dc514818adb3e105ebb72faa1a093ab031cc1653c91138b045d2bc4b9161bcc55c50ce8abe743c9b28328a5531347ab3964b91cea3430b176009521f1d43da8fda00032d76e983ca69c3b0b83becbb8bb2a268c59b8b9aeaf26ace234a2dc210d810b3813f745a3e3dbc4aca16d1bb7e5615cd7
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1121405c1f0ed258882be54d8686ba11ea45
+            Version: 3
+            TBS:
+                MD5: b95cbc184d388718612d5933f7b36770
+                SHA1: ff124c5d160710720108616ffee99bbe090ed363
+                SHA256: 13027620255363f07bbf85ae7d0dc06c07d8b0f4368b12f983ee3f4fce605733
+                SHA384: f42ed00f615f2822dcd3d33794477428afb52ddab932ebcde3586f92a27e18f9faba6b3334ca4e59e0cb24bdbf8395a6
+        -   Subject: C=DE, ST=Hessen, L=Hattersheim, O=Hilscher Gesellschaft fuer
+                Systemautomation mbH, OU=Entwicklung, CN=Hilscher Gesellschaft fuer
+                Systemautomation mbH
+            ValidFrom: '2012-10-16 17:12:03'
+            ValidTo: '2015-10-17 17:12:03'
+            Signature: a36a6ca0e8d7a5e3bdcde809e45422bdebd5f09b9a38ed003a7ceeb21a000268ccdd35e5887ed196c4a6d0994d557138e23bd2591e6e2e09008f3e8c62983609f12c4b910b4a17c32a772bc473321142415fd35003967debc7c029460615ed66fd427d1b440fa7ed2190ff6afd85e35bb9879b9b76959d9ebd661cd87b15e38b030610b1c88f9f36b4515a0b085c56cb9fd04623de00fe27d3ae86138c9c6ac9170f26314bad5c9225d7d27ab80a1f767d8db55ef55ccc8b544e465ff5243059f7e9af7d50b8493cbdb0f5a178669b870c1dc0e7cfdc6ed902837c94a0b972f273c3e8b3f3142aab2bd9f4c29e671a8f5655e39579d015488d50b5ed23a5b687
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 1121d48f27abe17574473e4066a863792d46
+            Version: 3
+            TBS:
+                MD5: a0b38273556ad764038918e68194eec5
+                SHA1: d56fdcc2f77abef441098296982738c5ee38a581
+                SHA256: a05023adb30251cf5d067da276c9cbac05e6c6effcd4af6afbc7f0da0b028c36
+                SHA384: 22132b899076c26e5398232e59454abe49d2a22eb701dca9924da4bc7da6eb18c677c4d4a980bb6b1b0fb0e8cad2fd2a
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2011-04-15 19:55:08'
+            ValidTo: '2021-04-15 20:05:08'
+            Signature: 5ff8d065746a81c6a6ca5b03b6914ae84bbdef2ba142f0efb4a5adcd3389ec0b9585ac62501108aa58d25aa08310e5a6337af25af2c5fe787cf09c83df190ad97396002dd62ccde914d41d9de83f3c1a76f7904efb01350a6c9313a0c356eb67a0e4d17a96dec267f190f80a7bf5321b94ec5f751f8d1b34da6c58a7cb2d279e2226b7c9aa30cc0777b836e38201b5393ccc8dd9a75f7f23b3877fdb5798918bd7ce2520e39d644fdd87f72b68490318e0a5df7c5f68644d36838d4781f2e9e0a869abfa7b163c05a449ea8830190a6c73055178dfd41ddd3ad47f2de44e54be83431e7a7433b4a4ebd77073bc2a02988966eef6bc8f749378e329025a5a43e258ce7ccf9acad236893be25fda26054ec8d4e72c910e1797c5beee8b13112323294ffa83d050f6bafad53db3173df4ff034aa325dce67561d1fa35086bd62744d068b78d45e0eb852cc8a15d614474160e5958aed2b5eea5bcd6d7076ab62978fd976767dd8d4f17944fd2ed0caf972437c3a29c81da6be143b6577b4cecbf791319e79fe844e94781b75e701e91f83dd17b27f50b7056434805dda92fab86101d0b12e31ad04c6e75ded645b30b748887935c564a41029af7aeb799d8b67f88fa11f2457cf4d71b91c01cf1a0fbd4080a411a142acef4eb34486e66879ed54b7a397fbb0e3d3861cf735706e412066bd96b5308cd7018c22d4f974691bca9f0
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 6129152700000000002a
+            Version: 3
+            TBS:
+                MD5: 0bb058d116f02817737920f112d9fd3b
+                SHA1: fd116235171a4feafedee586b7a59185fb5fd7e6
+                SHA256: f970426cc46d2ae0fc5f899fa19dbe76e05f07e525654c60c3c9399492c291f4
+                SHA384: c0df876be008c26ca407fe904e6f5e7ccded17f9c16830ce9f8022309c9e64c97f494810f152811ae43e223b82ad7cc6
+        Signer:
+        -   SerialNumber: 1121d48f27abe17574473e4066a863792d46
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: e5af2438da6df2aa9750aa632c80cfa4
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/f654ad84-c61d-477c-a0b2-d153b927dfcc.yaml b/yaml/f654ad84-c61d-477c-a0b2-d153b927dfcc.yaml
index 2f7f6967a..34baac2e5 100644
--- a/yaml/f654ad84-c61d-477c-a0b2-d153b927dfcc.yaml
+++ b/yaml/f654ad84-c61d-477c-a0b2-d153b927dfcc.yaml
@@ -1,424 +1,424 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: f654ad84-c61d-477c-a0b2-d153b927dfcc
+Tags:
+- EIO.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create EIO.sys binPath=C:\windows\temp\EIO.sys type=kernel && sc.exe
-    start EIO.sys
-  Description: This is a vulnerable driver per Microsoft.
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-05-20'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/b17507a3246020fa0052a172485d7b3567e0161747927f2edf27c40e310852e0.yara
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/cf69704755ec2643dfd245ae1d4e15d77f306aeb1a576ffa159453de1a7345cb.yara
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: f654ad84-c61d-477c-a0b2-d153b927dfcc
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: ff6c5b1f92372186d4f9879e00e42fcf
-    SHA1: 200be5a696990ee97b4c3176234cde46c3ebc2ce
-    SHA256: 72b36c64f0b349d7816c8e5e2d1a7f59807de0c87d3f071a04dbc56bec9c00db
-  Company: ASUSTeK Computer Inc.
-  Copyright: Copyright 2007 ASUSTeK Computer Inc.
-  CreationTimestamp: '2007-10-16 07:54:18'
-  Date: ''
-  Description: ASUS VGA Kernel Mode Driver
-  ExportedFunctions: ''
-  FileVersion: '1.96'
-  Filename: EIO.sys
-  ImportedFunctions:
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - ExAllocatePoolWithTag
-  - IofCallDriver
-  - IoDeleteSymbolicLink
-  - KeInitializeMutex
-  - IoAttachDeviceToDeviceStack
-  - IoDeleteDevice
-  - IoDetachDevice
-  - MmUnmapIoSpace
-  - KeReleaseMutex
-  - KeWaitForSingleObject
-  - KeBugCheckEx
-  - IofCompleteRequest
-  - RtlInitUnicodeString
-  - MmMapIoSpace
-  - KeStallExecutionProcessor
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: EIO.sys
-  MD5: be9eeea2a8cac5f6cd92c97f234e2fe1
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: EIO.sys
-  Product: ASUS VGA Kernel Mode Driver
-  ProductVersion: '1.96'
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 631b52d0fb39bc8beb7c0d3d3f514da3
-    SHA1: 5e80e96c8a5ad4e5dc7564392e3b173f48801a97
-    SHA256: bf9303b65e432a0cf45638587d9df6f824fe37ca3920f35cc3d5c3553d54556f
-  SHA1: 585df373a9c56072ab6074afee8f1ec3778d70f8
-  SHA256: b17507a3246020fa0052a172485d7b3567e0161747927f2edf27c40e310852e0
-  Sections:
-    .text:
-      Entropy: 6.372645817931939
-      Virtual Size: '0x2940'
-    .rdata:
-      Entropy: 4.601458654378137
-      Virtual Size: '0x238'
-    .data:
-      Entropy: 0.30140680731160896
-      Virtual Size: '0x268'
-    .pdata:
-      Entropy: 3.8604464008584847
-      Virtual Size: '0x150'
-    INIT:
-      Entropy: 4.888514779635871
-      Virtual Size: '0x2d6'
-    .rsrc:
-      Entropy: 3.312382528187867
-      Virtual Size: '0x3f8'
-  Signature: ''
-  Signatures: {}
-  Imphash: b8302791cd2edfe6dd562c4854ea495f
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 5af6b25eec77fec510803a229944c8ad
-    SHA1: ed54e23998978f8124bd1f97c265f708ddba1de0
-    SHA256: d4e7335a177e47688d68ad89940c272f82728c882623f1630e7fd2e03e16f003
-  Company: ASUSTeK Computer Inc.
-  Copyright: Copyright 2004 ASUSTeK Computer Inc.
-  CreationTimestamp: '2009-07-21 20:34:42'
-  Date: ''
-  Description: ASUS VGA Kernel Mode Driver
-  ExportedFunctions: ''
-  FileVersion: '1.97'
-  Filename: EIO.sys
-  ImportedFunctions:
-  - KeInitializeMutex
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - IoDetachDevice
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - PoStartNextPowerIrp
-  - IofCompleteRequest
-  - ExFreePoolWithTag
-  - PoCallDriver
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - IofCallDriver
-  - KeReleaseMutex
-  - KeWaitForSingleObject
-  - KeBugCheckEx
-  - IoDeleteSymbolicLink
-  - IoAttachDeviceToDeviceStack
-  - ExAllocatePoolWithTag
-  - KeStallExecutionProcessor
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: EIO.sys
-  MD5: 343ada10d948db29251f2d9c809af204
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: EIO.sys
-  Product: ASUS VGA Kernel Mode Driver
-  ProductVersion: '1.97'
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 9e879414ec72529ec97c71019ff54ff0
-    SHA1: 9f70178044e7de72a85ee75901f03bacfd277c05
-    SHA256: 769dd395a70eb58e4a9b4bac925874290f3a688367a35aa5a392d93b0fc1fe47
-  SHA1: 3f17ff83dc8a5f875fb1b3a5d3b9fcbe407a99f0
-  SHA256: cf69704755ec2643dfd245ae1d4e15d77f306aeb1a576ffa159453de1a7345cb
-  Sections:
-    .text:
-      Entropy: 6.344394733228123
-      Virtual Size: '0x2af0'
-    .rdata:
-      Entropy: 4.547262034696364
-      Virtual Size: '0x28c'
-    .data:
-      Entropy: 0.30140680731160896
-      Virtual Size: '0x2e8'
-    .pdata:
-      Entropy: 3.922304177151045
-      Virtual Size: '0x18c'
-    INIT:
-      Entropy: 5.040059459826639
-      Virtual Size: '0x348'
-    .rsrc:
-      Entropy: 3.309188519823855
-      Virtual Size: '0x3f8'
-  Signature: ''
-  Signatures: {}
-  Imphash: a96a02cf5f7896a9a9f045d1986bd83c
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 3fc7ad198c185c20a883e902a02b80f1
-    SHA1: 30a48418d07561c8df8aa4219734f0ded791e430
-    SHA256: 047c1d5bb80826a6f66c182fc8b5f66f59609a71e734117f20a4f98b9866bde5
-  Company: ASUSTeK Computer Inc.
-  Copyright: Copyright 2004 ASUSTeK Computer Inc.
-  CreationTimestamp: '2009-07-21 20:34:52'
-  Date: ''
-  Description: ASUS VGA Kernel Mode Driver
-  ExportedFunctions: ''
-  FileVersion: '1.97'
-  Filename: ''
-  ImportedFunctions:
-  - IoDetachDevice
-  - IofCallDriver
-  - PoCallDriver
-  - PoStartNextPowerIrp
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - READ_REGISTER_UCHAR
-  - READ_REGISTER_USHORT
-  - READ_REGISTER_ULONG
-  - WRITE_REGISTER_UCHAR
-  - WRITE_REGISTER_USHORT
-  - RtlInitUnicodeString
-  - ExFreePoolWithTag
-  - IoDeleteSymbolicLink
-  - IofCompleteRequest
-  - KeQuerySystemTime
-  - memmove
-  - ExAllocatePoolWithTag
-  - memset
-  - KeWaitForSingleObject
-  - KeReleaseMutex
-  - KeTickCount
-  - KeBugCheckEx
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoAttachDeviceToDeviceStack
-  - WRITE_REGISTER_ULONG
-  - KeInitializeMutex
-  - KeStallExecutionProcessor
-  - WRITE_PORT_UCHAR
-  - READ_PORT_ULONG
-  - WRITE_PORT_ULONG
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: EIO.sys
-  MD5: 00143c457c8885fd935fc5d5a6ba07a4
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: EIO.sys
-  PDBPath: ''
-  Product: ASUS VGA Kernel Mode Driver
-  ProductVersion: '1.97'
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: ec621a5c93befc7894cf9e25fe8d8e5a
-    SHA1: 325b01f040538a3c52d4e228d2a12db399e0f3f1
-    SHA256: 2def42426b474ae4318a6b9ddb2295179989bf0418d8a0ab738f0d3225ba006b
-  SHA1: a92207062fb72e6e173b2ffdb12c76834455f5d3
-  SHA256: 1fac3fab8ea2137a7e81a26de121187bf72e7d16ffa3e9aec3886e2376d3c718
-  Sections:
-    .text:
-      Entropy: 6.197406818919454
-      Virtual Size: '0x2300'
-    .rdata:
-      Entropy: 4.397674780869272
-      Virtual Size: '0xf2'
-    .data:
-      Entropy: 0.26335818237546343
-      Virtual Size: '0x124'
-    INIT:
-      Entropy: 5.41898794187558
-      Virtual Size: '0x3e8'
-    .rsrc:
-      Entropy: 3.3076199882850426
-      Virtual Size: '0x3f8'
-    .reloc:
-      Entropy: 5.484189210185175
-      Virtual Size: '0x226'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: ??=TW, ??=Private Organization, serialNumber=23638777, C=TW, L=Taipei
-        City, O=ASUSTEK COMPUTER INC., CN=ASUSTEK COMPUTER INC.
-      ValidFrom: '2019-03-18 00:00:00'
-      ValidTo: '2022-03-23 12:00:00'
-      Signature: 05ab2d8216108391cd6f6a64cecefc78936899f2c3d6144e5b457ee70ab001e557a55c07a40a6b5395045e43bf1a320e79e2c12e11446a1e1426530b434e778abc836198ecce68769fa499016f2883e65104cb36a976c4986263485b774f36522f50432ee823651a17d03787ff672db6689a10cb58d84bb7bacf5da54ee5ebe4bae7c9a1ed2d95ecd7e42bb354d375fe94661df0acb3a64aa6866822140a716049924aab891e4955d7321a25875331f5f8b744ad39bbba4c564711273ae5675afd06175243e5e5940afe9fac413170ef21ac125e698edadefea6026eb7117c506fe422867b6479c34ae0300caf99c75dbf5f60465d5677831a55e9fdc10d621b
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 0c5167c023b9adedf0f8918ee65712a1
-      Version: 3
-      TBS:
-        MD5: b9dcc79e9817431a597f16b483f5bab2
-        SHA1: fae5bf9779eed37708a44ba44f440c60174daa14
-        SHA256: e6d299f754eaa1c55b8485adf0eeefdde50a924207ff0e36333c4fe1729e2376
-        SHA384: dc752d4d6f75849adb9d446f5833354b22aca8ddbf8f104aec25d5a61ecfb4ead072ea8ea264d326e41b1313c29f040c
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA (SHA2)
-      ValidFrom: '2012-04-18 12:00:00'
-      ValidTo: '2027-04-18 12:00:00'
-      Signature: 19334a0c813337dbad36c9e4c93abbb51b2e7aa2e2f44342179ebf4ea14de1b1dbe981dd9f01f2e488d5e9fe09fd21c1ec5d80d2f0d6c143c2fe772bdbf9d79133ce6cd5b2193be62ed6c9934f88408ecde1f57ef10fc6595672e8eb6a41bd1cd546d57c49ca663815c1bfe091707787dcc98d31c90c29a233ed8de287cd898d3f1bffd5e01a978b7cda6dfba8c6b23a666b7b01b3cdd8a634ec1201ab9558a5c45357a860e6e70212a0b92364a24dbb7c81256421becfee42184397bba53706af4dff26a54d614bec4641b865ceb8799e08960b818c8a3b8fc7998ca32a6e986d5e61c696b78ab9612d93b8eb0e0443d7f5fea6f062d4996aa5c1c1f0649480
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 03f1b4e15f3a82f1149678b3d7d8475c
-      Version: 3
-      TBS:
-        MD5: 83f5de89f641d0fbf60248e10a7b9534
-        SHA1: 382a73a059a08698d6eb98c87e1b36fc750933a4
-        SHA256: eec58131dc11cd7f512501b15fdbc6074c603b68ca91f7162d5a042054edb0cf
-        SHA384: 4a25018683cabfb8ec2cad136334f37f33c89aa8540326322991d997c8adfb7faf06ab602ebd46630fe75fe3d2edc6b1
-    Signer:
-    - SerialNumber: 0c5167c023b9adedf0f8918ee65712a1
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA (SHA2)
-      Version: 1
-  Imphash: 6a47c957830ccce7ef43ed96aacf7c2c
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 5af6b25eec77fec510803a229944c8ad
-    SHA1: ed54e23998978f8124bd1f97c265f708ddba1de0
-    SHA256: d4e7335a177e47688d68ad89940c272f82728c882623f1630e7fd2e03e16f003
-  Company: ASUSTeK Computer Inc.
-  Copyright: Copyright 2004 ASUSTeK Computer Inc.
-  CreationTimestamp: '2009-07-21 20:34:42'
-  Date: ''
-  Description: ASUS VGA Kernel Mode Driver
-  ExportedFunctions: ''
-  FileVersion: '1.97'
-  Filename: ''
-  ImportedFunctions:
-  - KeInitializeMutex
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - IoDetachDevice
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - PoStartNextPowerIrp
-  - IofCompleteRequest
-  - ExFreePoolWithTag
-  - PoCallDriver
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - IofCallDriver
-  - KeReleaseMutex
-  - KeWaitForSingleObject
-  - KeBugCheckEx
-  - IoDeleteSymbolicLink
-  - IoAttachDeviceToDeviceStack
-  - ExAllocatePoolWithTag
-  - KeStallExecutionProcessor
-  - HalTranslateBusAddress
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: EIO.sys
-  MD5: 6dd82d91f981893be57ff90101a7f7f1
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: EIO.sys
-  PDBPath: ''
-  Product: ASUS VGA Kernel Mode Driver
-  ProductVersion: '1.97'
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 9e879414ec72529ec97c71019ff54ff0
-    SHA1: 9f70178044e7de72a85ee75901f03bacfd277c05
-    SHA256: 769dd395a70eb58e4a9b4bac925874290f3a688367a35aa5a392d93b0fc1fe47
-  SHA1: 21ce232de0f306a162d6407fe1826aff435b2a04
-  SHA256: f4c7e94a7c2e49b130671b573a9e4ff4527a777978f371c659c3f97c14d126de
-  Sections:
-    .text:
-      Entropy: 6.344394733228123
-      Virtual Size: '0x2af0'
-    .rdata:
-      Entropy: 4.547262034696364
-      Virtual Size: '0x28c'
-    .data:
-      Entropy: 0.30140680731160896
-      Virtual Size: '0x2e8'
-    .pdata:
-      Entropy: 3.922304177151045
-      Virtual Size: '0x18c'
-    INIT:
-      Entropy: 5.040059459826639
-      Virtual Size: '0x348'
-    .rsrc:
-      Entropy: 3.309188519823855
-      Virtual Size: '0x3f8'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: ??=TW, ??=Private Organization, serialNumber=23638777, C=TW, L=Taipei
-        City, O=ASUSTEK COMPUTER INC., CN=ASUSTEK COMPUTER INC.
-      ValidFrom: '2019-03-18 00:00:00'
-      ValidTo: '2022-03-23 12:00:00'
-      Signature: 05ab2d8216108391cd6f6a64cecefc78936899f2c3d6144e5b457ee70ab001e557a55c07a40a6b5395045e43bf1a320e79e2c12e11446a1e1426530b434e778abc836198ecce68769fa499016f2883e65104cb36a976c4986263485b774f36522f50432ee823651a17d03787ff672db6689a10cb58d84bb7bacf5da54ee5ebe4bae7c9a1ed2d95ecd7e42bb354d375fe94661df0acb3a64aa6866822140a716049924aab891e4955d7321a25875331f5f8b744ad39bbba4c564711273ae5675afd06175243e5e5940afe9fac413170ef21ac125e698edadefea6026eb7117c506fe422867b6479c34ae0300caf99c75dbf5f60465d5677831a55e9fdc10d621b
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 0c5167c023b9adedf0f8918ee65712a1
-      Version: 3
-      TBS:
-        MD5: b9dcc79e9817431a597f16b483f5bab2
-        SHA1: fae5bf9779eed37708a44ba44f440c60174daa14
-        SHA256: e6d299f754eaa1c55b8485adf0eeefdde50a924207ff0e36333c4fe1729e2376
-        SHA384: dc752d4d6f75849adb9d446f5833354b22aca8ddbf8f104aec25d5a61ecfb4ead072ea8ea264d326e41b1313c29f040c
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA (SHA2)
-      ValidFrom: '2012-04-18 12:00:00'
-      ValidTo: '2027-04-18 12:00:00'
-      Signature: 19334a0c813337dbad36c9e4c93abbb51b2e7aa2e2f44342179ebf4ea14de1b1dbe981dd9f01f2e488d5e9fe09fd21c1ec5d80d2f0d6c143c2fe772bdbf9d79133ce6cd5b2193be62ed6c9934f88408ecde1f57ef10fc6595672e8eb6a41bd1cd546d57c49ca663815c1bfe091707787dcc98d31c90c29a233ed8de287cd898d3f1bffd5e01a978b7cda6dfba8c6b23a666b7b01b3cdd8a634ec1201ab9558a5c45357a860e6e70212a0b92364a24dbb7c81256421becfee42184397bba53706af4dff26a54d614bec4641b865ceb8799e08960b818c8a3b8fc7998ca32a6e986d5e61c696b78ab9612d93b8eb0e0443d7f5fea6f062d4996aa5c1c1f0649480
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 03f1b4e15f3a82f1149678b3d7d8475c
-      Version: 3
-      TBS:
-        MD5: 83f5de89f641d0fbf60248e10a7b9534
-        SHA1: 382a73a059a08698d6eb98c87e1b36fc750933a4
-        SHA256: eec58131dc11cd7f512501b15fdbc6074c603b68ca91f7162d5a042054edb0cf
-        SHA384: 4a25018683cabfb8ec2cad136334f37f33c89aa8540326322991d997c8adfb7faf06ab602ebd46630fe75fe3d2edc6b1
-    Signer:
-    - SerialNumber: 0c5167c023b9adedf0f8918ee65712a1
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing
-        CA (SHA2)
-      Version: 1
-  Imphash: a96a02cf5f7896a9a9f045d1986bd83c
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create EIO.sys binPath=C:\windows\temp\EIO.sys type=kernel &&
+        sc.exe start EIO.sys
+    Description: This is a vulnerable driver per Microsoft.
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules
-Tags:
-- EIO.sys
-Verified: 'TRUE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/b17507a3246020fa0052a172485d7b3567e0161747927f2edf27c40e310852e0.yara
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/cf69704755ec2643dfd245ae1d4e15d77f306aeb1a576ffa159453de1a7345cb.yara
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: ff6c5b1f92372186d4f9879e00e42fcf
+        SHA1: 200be5a696990ee97b4c3176234cde46c3ebc2ce
+        SHA256: 72b36c64f0b349d7816c8e5e2d1a7f59807de0c87d3f071a04dbc56bec9c00db
+    Company: ASUSTeK Computer Inc.
+    Copyright: Copyright 2007 ASUSTeK Computer Inc.
+    CreationTimestamp: '2007-10-16 07:54:18'
+    Date: ''
+    Description: ASUS VGA Kernel Mode Driver
+    ExportedFunctions: ''
+    FileVersion: '1.96'
+    Filename: EIO.sys
+    ImportedFunctions:
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - ExAllocatePoolWithTag
+    - IofCallDriver
+    - IoDeleteSymbolicLink
+    - KeInitializeMutex
+    - IoAttachDeviceToDeviceStack
+    - IoDeleteDevice
+    - IoDetachDevice
+    - MmUnmapIoSpace
+    - KeReleaseMutex
+    - KeWaitForSingleObject
+    - KeBugCheckEx
+    - IofCompleteRequest
+    - RtlInitUnicodeString
+    - MmMapIoSpace
+    - KeStallExecutionProcessor
+    - HalTranslateBusAddress
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: EIO.sys
+    MD5: be9eeea2a8cac5f6cd92c97f234e2fe1
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: EIO.sys
+    Product: ASUS VGA Kernel Mode Driver
+    ProductVersion: '1.96'
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 631b52d0fb39bc8beb7c0d3d3f514da3
+        SHA1: 5e80e96c8a5ad4e5dc7564392e3b173f48801a97
+        SHA256: bf9303b65e432a0cf45638587d9df6f824fe37ca3920f35cc3d5c3553d54556f
+    SHA1: 585df373a9c56072ab6074afee8f1ec3778d70f8
+    SHA256: b17507a3246020fa0052a172485d7b3567e0161747927f2edf27c40e310852e0
+    Sections:
+        .text:
+            Entropy: 6.372645817931939
+            Virtual Size: '0x2940'
+        .rdata:
+            Entropy: 4.601458654378137
+            Virtual Size: '0x238'
+        .data:
+            Entropy: 0.30140680731160896
+            Virtual Size: '0x268'
+        .pdata:
+            Entropy: 3.8604464008584847
+            Virtual Size: '0x150'
+        INIT:
+            Entropy: 4.888514779635871
+            Virtual Size: '0x2d6'
+        .rsrc:
+            Entropy: 3.312382528187867
+            Virtual Size: '0x3f8'
+    Signature: ''
+    Signatures: {}
+    Imphash: b8302791cd2edfe6dd562c4854ea495f
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 5af6b25eec77fec510803a229944c8ad
+        SHA1: ed54e23998978f8124bd1f97c265f708ddba1de0
+        SHA256: d4e7335a177e47688d68ad89940c272f82728c882623f1630e7fd2e03e16f003
+    Company: ASUSTeK Computer Inc.
+    Copyright: Copyright 2004 ASUSTeK Computer Inc.
+    CreationTimestamp: '2009-07-21 20:34:42'
+    Date: ''
+    Description: ASUS VGA Kernel Mode Driver
+    ExportedFunctions: ''
+    FileVersion: '1.97'
+    Filename: EIO.sys
+    ImportedFunctions:
+    - KeInitializeMutex
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - IoDetachDevice
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - PoStartNextPowerIrp
+    - IofCompleteRequest
+    - ExFreePoolWithTag
+    - PoCallDriver
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - IofCallDriver
+    - KeReleaseMutex
+    - KeWaitForSingleObject
+    - KeBugCheckEx
+    - IoDeleteSymbolicLink
+    - IoAttachDeviceToDeviceStack
+    - ExAllocatePoolWithTag
+    - KeStallExecutionProcessor
+    - HalTranslateBusAddress
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: EIO.sys
+    MD5: 343ada10d948db29251f2d9c809af204
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: EIO.sys
+    Product: ASUS VGA Kernel Mode Driver
+    ProductVersion: '1.97'
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 9e879414ec72529ec97c71019ff54ff0
+        SHA1: 9f70178044e7de72a85ee75901f03bacfd277c05
+        SHA256: 769dd395a70eb58e4a9b4bac925874290f3a688367a35aa5a392d93b0fc1fe47
+    SHA1: 3f17ff83dc8a5f875fb1b3a5d3b9fcbe407a99f0
+    SHA256: cf69704755ec2643dfd245ae1d4e15d77f306aeb1a576ffa159453de1a7345cb
+    Sections:
+        .text:
+            Entropy: 6.344394733228123
+            Virtual Size: '0x2af0'
+        .rdata:
+            Entropy: 4.547262034696364
+            Virtual Size: '0x28c'
+        .data:
+            Entropy: 0.30140680731160896
+            Virtual Size: '0x2e8'
+        .pdata:
+            Entropy: 3.922304177151045
+            Virtual Size: '0x18c'
+        INIT:
+            Entropy: 5.040059459826639
+            Virtual Size: '0x348'
+        .rsrc:
+            Entropy: 3.309188519823855
+            Virtual Size: '0x3f8'
+    Signature: ''
+    Signatures: {}
+    Imphash: a96a02cf5f7896a9a9f045d1986bd83c
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 3fc7ad198c185c20a883e902a02b80f1
+        SHA1: 30a48418d07561c8df8aa4219734f0ded791e430
+        SHA256: 047c1d5bb80826a6f66c182fc8b5f66f59609a71e734117f20a4f98b9866bde5
+    Company: ASUSTeK Computer Inc.
+    Copyright: Copyright 2004 ASUSTeK Computer Inc.
+    CreationTimestamp: '2009-07-21 20:34:52'
+    Date: ''
+    Description: ASUS VGA Kernel Mode Driver
+    ExportedFunctions: ''
+    FileVersion: '1.97'
+    Filename: ''
+    ImportedFunctions:
+    - IoDetachDevice
+    - IofCallDriver
+    - PoCallDriver
+    - PoStartNextPowerIrp
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - READ_REGISTER_UCHAR
+    - READ_REGISTER_USHORT
+    - READ_REGISTER_ULONG
+    - WRITE_REGISTER_UCHAR
+    - WRITE_REGISTER_USHORT
+    - RtlInitUnicodeString
+    - ExFreePoolWithTag
+    - IoDeleteSymbolicLink
+    - IofCompleteRequest
+    - KeQuerySystemTime
+    - memmove
+    - ExAllocatePoolWithTag
+    - memset
+    - KeWaitForSingleObject
+    - KeReleaseMutex
+    - KeTickCount
+    - KeBugCheckEx
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoAttachDeviceToDeviceStack
+    - WRITE_REGISTER_ULONG
+    - KeInitializeMutex
+    - KeStallExecutionProcessor
+    - WRITE_PORT_UCHAR
+    - READ_PORT_ULONG
+    - WRITE_PORT_ULONG
+    - HalTranslateBusAddress
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: EIO.sys
+    MD5: 00143c457c8885fd935fc5d5a6ba07a4
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: EIO.sys
+    PDBPath: ''
+    Product: ASUS VGA Kernel Mode Driver
+    ProductVersion: '1.97'
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: ec621a5c93befc7894cf9e25fe8d8e5a
+        SHA1: 325b01f040538a3c52d4e228d2a12db399e0f3f1
+        SHA256: 2def42426b474ae4318a6b9ddb2295179989bf0418d8a0ab738f0d3225ba006b
+    SHA1: a92207062fb72e6e173b2ffdb12c76834455f5d3
+    SHA256: 1fac3fab8ea2137a7e81a26de121187bf72e7d16ffa3e9aec3886e2376d3c718
+    Sections:
+        .text:
+            Entropy: 6.197406818919454
+            Virtual Size: '0x2300'
+        .rdata:
+            Entropy: 4.397674780869272
+            Virtual Size: '0xf2'
+        .data:
+            Entropy: 0.26335818237546343
+            Virtual Size: '0x124'
+        INIT:
+            Entropy: 5.41898794187558
+            Virtual Size: '0x3e8'
+        .rsrc:
+            Entropy: 3.3076199882850426
+            Virtual Size: '0x3f8'
+        .reloc:
+            Entropy: 5.484189210185175
+            Virtual Size: '0x226'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: ??=TW, ??=Private Organization, serialNumber=23638777, C=TW,
+                L=Taipei City, O=ASUSTEK COMPUTER INC., CN=ASUSTEK COMPUTER INC.
+            ValidFrom: '2019-03-18 00:00:00'
+            ValidTo: '2022-03-23 12:00:00'
+            Signature: 05ab2d8216108391cd6f6a64cecefc78936899f2c3d6144e5b457ee70ab001e557a55c07a40a6b5395045e43bf1a320e79e2c12e11446a1e1426530b434e778abc836198ecce68769fa499016f2883e65104cb36a976c4986263485b774f36522f50432ee823651a17d03787ff672db6689a10cb58d84bb7bacf5da54ee5ebe4bae7c9a1ed2d95ecd7e42bb354d375fe94661df0acb3a64aa6866822140a716049924aab891e4955d7321a25875331f5f8b744ad39bbba4c564711273ae5675afd06175243e5e5940afe9fac413170ef21ac125e698edadefea6026eb7117c506fe422867b6479c34ae0300caf99c75dbf5f60465d5677831a55e9fdc10d621b
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 0c5167c023b9adedf0f8918ee65712a1
+            Version: 3
+            TBS:
+                MD5: b9dcc79e9817431a597f16b483f5bab2
+                SHA1: fae5bf9779eed37708a44ba44f440c60174daa14
+                SHA256: e6d299f754eaa1c55b8485adf0eeefdde50a924207ff0e36333c4fe1729e2376
+                SHA384: dc752d4d6f75849adb9d446f5833354b22aca8ddbf8f104aec25d5a61ecfb4ead072ea8ea264d326e41b1313c29f040c
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA (SHA2)
+            ValidFrom: '2012-04-18 12:00:00'
+            ValidTo: '2027-04-18 12:00:00'
+            Signature: 19334a0c813337dbad36c9e4c93abbb51b2e7aa2e2f44342179ebf4ea14de1b1dbe981dd9f01f2e488d5e9fe09fd21c1ec5d80d2f0d6c143c2fe772bdbf9d79133ce6cd5b2193be62ed6c9934f88408ecde1f57ef10fc6595672e8eb6a41bd1cd546d57c49ca663815c1bfe091707787dcc98d31c90c29a233ed8de287cd898d3f1bffd5e01a978b7cda6dfba8c6b23a666b7b01b3cdd8a634ec1201ab9558a5c45357a860e6e70212a0b92364a24dbb7c81256421becfee42184397bba53706af4dff26a54d614bec4641b865ceb8799e08960b818c8a3b8fc7998ca32a6e986d5e61c696b78ab9612d93b8eb0e0443d7f5fea6f062d4996aa5c1c1f0649480
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 03f1b4e15f3a82f1149678b3d7d8475c
+            Version: 3
+            TBS:
+                MD5: 83f5de89f641d0fbf60248e10a7b9534
+                SHA1: 382a73a059a08698d6eb98c87e1b36fc750933a4
+                SHA256: eec58131dc11cd7f512501b15fdbc6074c603b68ca91f7162d5a042054edb0cf
+                SHA384: 4a25018683cabfb8ec2cad136334f37f33c89aa8540326322991d997c8adfb7faf06ab602ebd46630fe75fe3d2edc6b1
+        Signer:
+        -   SerialNumber: 0c5167c023b9adedf0f8918ee65712a1
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA (SHA2)
+            Version: 1
+    Imphash: 6a47c957830ccce7ef43ed96aacf7c2c
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 5af6b25eec77fec510803a229944c8ad
+        SHA1: ed54e23998978f8124bd1f97c265f708ddba1de0
+        SHA256: d4e7335a177e47688d68ad89940c272f82728c882623f1630e7fd2e03e16f003
+    Company: ASUSTeK Computer Inc.
+    Copyright: Copyright 2004 ASUSTeK Computer Inc.
+    CreationTimestamp: '2009-07-21 20:34:42'
+    Date: ''
+    Description: ASUS VGA Kernel Mode Driver
+    ExportedFunctions: ''
+    FileVersion: '1.97'
+    Filename: ''
+    ImportedFunctions:
+    - KeInitializeMutex
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - IoDetachDevice
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - PoStartNextPowerIrp
+    - IofCompleteRequest
+    - ExFreePoolWithTag
+    - PoCallDriver
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - IofCallDriver
+    - KeReleaseMutex
+    - KeWaitForSingleObject
+    - KeBugCheckEx
+    - IoDeleteSymbolicLink
+    - IoAttachDeviceToDeviceStack
+    - ExAllocatePoolWithTag
+    - KeStallExecutionProcessor
+    - HalTranslateBusAddress
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: EIO.sys
+    MD5: 6dd82d91f981893be57ff90101a7f7f1
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: EIO.sys
+    PDBPath: ''
+    Product: ASUS VGA Kernel Mode Driver
+    ProductVersion: '1.97'
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 9e879414ec72529ec97c71019ff54ff0
+        SHA1: 9f70178044e7de72a85ee75901f03bacfd277c05
+        SHA256: 769dd395a70eb58e4a9b4bac925874290f3a688367a35aa5a392d93b0fc1fe47
+    SHA1: 21ce232de0f306a162d6407fe1826aff435b2a04
+    SHA256: f4c7e94a7c2e49b130671b573a9e4ff4527a777978f371c659c3f97c14d126de
+    Sections:
+        .text:
+            Entropy: 6.344394733228123
+            Virtual Size: '0x2af0'
+        .rdata:
+            Entropy: 4.547262034696364
+            Virtual Size: '0x28c'
+        .data:
+            Entropy: 0.30140680731160896
+            Virtual Size: '0x2e8'
+        .pdata:
+            Entropy: 3.922304177151045
+            Virtual Size: '0x18c'
+        INIT:
+            Entropy: 5.040059459826639
+            Virtual Size: '0x348'
+        .rsrc:
+            Entropy: 3.309188519823855
+            Virtual Size: '0x3f8'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: ??=TW, ??=Private Organization, serialNumber=23638777, C=TW,
+                L=Taipei City, O=ASUSTEK COMPUTER INC., CN=ASUSTEK COMPUTER INC.
+            ValidFrom: '2019-03-18 00:00:00'
+            ValidTo: '2022-03-23 12:00:00'
+            Signature: 05ab2d8216108391cd6f6a64cecefc78936899f2c3d6144e5b457ee70ab001e557a55c07a40a6b5395045e43bf1a320e79e2c12e11446a1e1426530b434e778abc836198ecce68769fa499016f2883e65104cb36a976c4986263485b774f36522f50432ee823651a17d03787ff672db6689a10cb58d84bb7bacf5da54ee5ebe4bae7c9a1ed2d95ecd7e42bb354d375fe94661df0acb3a64aa6866822140a716049924aab891e4955d7321a25875331f5f8b744ad39bbba4c564711273ae5675afd06175243e5e5940afe9fac413170ef21ac125e698edadefea6026eb7117c506fe422867b6479c34ae0300caf99c75dbf5f60465d5677831a55e9fdc10d621b
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 0c5167c023b9adedf0f8918ee65712a1
+            Version: 3
+            TBS:
+                MD5: b9dcc79e9817431a597f16b483f5bab2
+                SHA1: fae5bf9779eed37708a44ba44f440c60174daa14
+                SHA256: e6d299f754eaa1c55b8485adf0eeefdde50a924207ff0e36333c4fe1729e2376
+                SHA384: dc752d4d6f75849adb9d446f5833354b22aca8ddbf8f104aec25d5a61ecfb4ead072ea8ea264d326e41b1313c29f040c
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA (SHA2)
+            ValidFrom: '2012-04-18 12:00:00'
+            ValidTo: '2027-04-18 12:00:00'
+            Signature: 19334a0c813337dbad36c9e4c93abbb51b2e7aa2e2f44342179ebf4ea14de1b1dbe981dd9f01f2e488d5e9fe09fd21c1ec5d80d2f0d6c143c2fe772bdbf9d79133ce6cd5b2193be62ed6c9934f88408ecde1f57ef10fc6595672e8eb6a41bd1cd546d57c49ca663815c1bfe091707787dcc98d31c90c29a233ed8de287cd898d3f1bffd5e01a978b7cda6dfba8c6b23a666b7b01b3cdd8a634ec1201ab9558a5c45357a860e6e70212a0b92364a24dbb7c81256421becfee42184397bba53706af4dff26a54d614bec4641b865ceb8799e08960b818c8a3b8fc7998ca32a6e986d5e61c696b78ab9612d93b8eb0e0443d7f5fea6f062d4996aa5c1c1f0649480
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 03f1b4e15f3a82f1149678b3d7d8475c
+            Version: 3
+            TBS:
+                MD5: 83f5de89f641d0fbf60248e10a7b9534
+                SHA1: 382a73a059a08698d6eb98c87e1b36fc750933a4
+                SHA256: eec58131dc11cd7f512501b15fdbc6074c603b68ca91f7162d5a042054edb0cf
+                SHA384: 4a25018683cabfb8ec2cad136334f37f33c89aa8540326322991d997c8adfb7faf06ab602ebd46630fe75fe3d2edc6b1
+        Signer:
+        -   SerialNumber: 0c5167c023b9adedf0f8918ee65712a1
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code
+                Signing CA (SHA2)
+            Version: 1
+    Imphash: a96a02cf5f7896a9a9f045d1986bd83c
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/f7f88ef4-ada4-4210-a40d-9d84142ef0fb.yaml b/yaml/f7f88ef4-ada4-4210-a40d-9d84142ef0fb.yaml
index 8e862cdf2..443c7cb56 100644
--- a/yaml/f7f88ef4-ada4-4210-a40d-9d84142ef0fb.yaml
+++ b/yaml/f7f88ef4-ada4-4210-a40d-9d84142ef0fb.yaml
@@ -1,147 +1,147 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: f7f88ef4-ada4-4210-a40d-9d84142ef0fb
+Tags:
+- 7.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: malicious
-Commands:
-  Command: sc.exe create 7.sys binPath=C:\windows\temp\7.sys type=kernel && sc.exe
-    start 7.sys
-  Description: Driver categorized as POORTRY by Mandiant.
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-03-04'
-Detection: []
-Id: f7f88ef4-ada4-4210-a40d-9d84142ef0fb
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: f147f4f5f6dcaf5d0e5481418ef02c42
-    SHA1: e31276554b012178dc6fb06c7f44b6241d48f8a7
-    SHA256: 3325f541c9930a321930853e0d7f0f4c35ba99f99a97bfe275c60248957720fb
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2022-08-19 01:48:21'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: 7.sys
-  ImportedFunctions:
-  - WskCaptureProviderNPI
-  - RtlFreeAnsiString
-  - WdfVersionBindClass
-  - _stricmp
-  - KeQueryPerformanceCounter
-  - ExAllocatePool
-  - NtQuerySystemInformation
-  - ExFreePoolWithTag
-  - IoAllocateMdl
-  - MmProbeAndLockPages
-  - MmMapLockedPagesSpecifyCache
-  - MmUnlockPages
-  - IoFreeMdl
-  - KeQueryActiveProcessors
-  - KeSetSystemAffinityThread
-  - KeRevertToUserAffinityThread
-  - DbgPrint
-  - KeQueryPerformanceCounter
-  Imports:
-  - NETIO.SYS
-  - ntoskrnl.exe
-  - WDFLDR.SYS
-  - ntoskrnl.exe
-  - HAL.dll
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: ''
-  MD5: dc564bac7258e16627b9de0ce39fae25
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: ffdf660eb1ebf020a1d0a55a90712dfb
-    SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
-    SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
-  SHA1: 0291d0457acaf0fe8ed5c3137302390469ce8b35
-  SHA256: 6839fcae985774427c65fe38e773aa96ec451a412caa5354ad9e2b9b54ffe6c1
-  Sections:
-    .text:
-      Entropy: 0.0
-      Virtual Size: '0x5046'
-    .rdata:
-      Entropy: 0.0
-      Virtual Size: '0x1074'
-    .data:
-      Entropy: 0.0
-      Virtual Size: '0x7e8'
-    .pdata:
-      Entropy: 0.0
-      Virtual Size: '0x4b0'
-    INIT:
-      Entropy: 0.0
-      Virtual Size: '0x9f6'
-    .vmp0:
-      Entropy: 0.0
-      Virtual Size: '0x37d19a'
-    .vmp1:
-      Entropy: 2.75
-      Virtual Size: '0x8'
-    .vmp2:
-      Entropy: 7.887021821864985
-      Virtual Size: '0x4bf0a8'
-    .reloc:
-      Entropy: 3.730379301057809
-      Virtual Size: '0xdc'
-  Signature:
-  - Microsoft Windows Hardware Compatibility Publisher
-  - Microsoft Windows Third Party Component CA 2014
-  - Microsoft Root Certificate Authority 2010
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Hardware Compatibility Publisher
-      ValidFrom: '2022-06-07 18:08:06'
-      ValidTo: '2023-06-01 18:08:06'
-      Signature: 0a835e40cdb627d4f0a0d3dbbf64a46a05c132d0b5df9d11cd9c195d7037737057d57a342732ae68d67de47f460e7211c7c40dc29b0a079caff871c4834a9a2fc85e759de9b78659ad6fd79b7320e538e9ba5d52227ad67cc00b0a770ef662af3d743a558643ad89cfb015591709a69b6271a9b65db71898e7cb9964c6376dc474898301a6133198b486b518fdd9d7b9723dcffc441e026833f7c72e27986026c97b9184a0048b10d1fe6847ae467f02173f7a69120be780e5b6b9e6399402cc58735a31b537cc33578fbea443135a4a612359150bcf9ab316f6a9248bc71ef3f3480b9b3fa2341692bc3a121d80214688f7bd87d5ec56dcbd0ea61abf2c7ed2b739a07590adb596d401735d955f5f94c591d69ab4363a42f9fca549d439495711ff7990448c03724792ed4acf31f2b35b136c1b2f37aa82b1aabf7daf059dcb2e976e95311ec6e9cc53876dd09632cf512d39c801849a7c1088a565691953e07c7ff17b22518e982dd2dcc0feda8c834ca1f5e247aef1c3af5f13cd4b8cc1b6c0179bc876db88d677047c34366533e349796dbdea86389ad640710b7742ae8cc4ec88f10fa80ede4b1c93f81b55480fc8228216d54813df0327e74b3db9f3512a40c0568e4215827f9b7a2613deea72a7ec4df2def05e5559015049fe83edc83300526045cb128119e131b7d3573b268e24b0a25b9ad59f6301c8fc8f409322
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 3300000057ee4d659a923e7c10000000000057
-      Version: 3
-      TBS:
-        MD5: fdc11a5676aed4e9cc0c09eeb7450dfb
-        SHA1: 4902077d9a05d4231b791d3b05bafa4a79132f03
-        SHA256: 5db56c23d83bf67c7152e28ad4a684a7372b4ae4f52afe7a81ce91eef94caec3
-        SHA384: c952d7f0e0ea5216ce4400601fb7c0829f0f3fcd6eb2b5b9112fbe45d133e00c4abd660f8e1794f7ac4ef95123e2c0ab
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2014
-      ValidFrom: '2014-10-15 20:31:27'
-      ValidTo: '2029-10-15 20:41:27'
-      Signature: 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 330000000d690d5d7893d076df00000000000d
-      Version: 3
-      TBS:
-        MD5: 83f69422963f11c3c340b81712eef319
-        SHA1: 0c5e5f24590b53bc291e28583acb78e5adc95601
-        SHA256: d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
-        SHA384: 260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63
-    Signer:
-    - SerialNumber: 3300000057ee4d659a923e7c10000000000057
-      Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2014
-      Version: 1
-  Imphash: b351627263648b1d220bb488e7ec7202
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: malicious
+Commands:
+    Command: sc.exe create 7.sys binPath=C:\windows\temp\7.sys type=kernel && sc.exe
+        start 7.sys
+    Description: Driver categorized as POORTRY by Mandiant.
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://www.mandiant.com/resources/blog/hunting-attestation-signed-malware
 - ''
-Tags:
-- 7.sys
-Verified: 'TRUE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: f147f4f5f6dcaf5d0e5481418ef02c42
+        SHA1: e31276554b012178dc6fb06c7f44b6241d48f8a7
+        SHA256: 3325f541c9930a321930853e0d7f0f4c35ba99f99a97bfe275c60248957720fb
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2022-08-19 01:48:21'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: 7.sys
+    ImportedFunctions:
+    - WskCaptureProviderNPI
+    - RtlFreeAnsiString
+    - WdfVersionBindClass
+    - _stricmp
+    - KeQueryPerformanceCounter
+    - ExAllocatePool
+    - NtQuerySystemInformation
+    - ExFreePoolWithTag
+    - IoAllocateMdl
+    - MmProbeAndLockPages
+    - MmMapLockedPagesSpecifyCache
+    - MmUnlockPages
+    - IoFreeMdl
+    - KeQueryActiveProcessors
+    - KeSetSystemAffinityThread
+    - KeRevertToUserAffinityThread
+    - DbgPrint
+    - KeQueryPerformanceCounter
+    Imports:
+    - NETIO.SYS
+    - ntoskrnl.exe
+    - WDFLDR.SYS
+    - ntoskrnl.exe
+    - HAL.dll
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: ''
+    MD5: dc564bac7258e16627b9de0ce39fae25
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: ffdf660eb1ebf020a1d0a55a90712dfb
+        SHA1: 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3
+        SHA256: 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
+    SHA1: 0291d0457acaf0fe8ed5c3137302390469ce8b35
+    SHA256: 6839fcae985774427c65fe38e773aa96ec451a412caa5354ad9e2b9b54ffe6c1
+    Sections:
+        .text:
+            Entropy: 0.0
+            Virtual Size: '0x5046'
+        .rdata:
+            Entropy: 0.0
+            Virtual Size: '0x1074'
+        .data:
+            Entropy: 0.0
+            Virtual Size: '0x7e8'
+        .pdata:
+            Entropy: 0.0
+            Virtual Size: '0x4b0'
+        INIT:
+            Entropy: 0.0
+            Virtual Size: '0x9f6'
+        .vmp0:
+            Entropy: 0.0
+            Virtual Size: '0x37d19a'
+        .vmp1:
+            Entropy: 2.75
+            Virtual Size: '0x8'
+        .vmp2:
+            Entropy: 7.887021821864985
+            Virtual Size: '0x4bf0a8'
+        .reloc:
+            Entropy: 3.730379301057809
+            Virtual Size: '0xdc'
+    Signature:
+    - Microsoft Windows Hardware Compatibility Publisher
+    - Microsoft Windows Third Party Component CA 2014
+    - Microsoft Root Certificate Authority 2010
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Hardware Compatibility Publisher
+            ValidFrom: '2022-06-07 18:08:06'
+            ValidTo: '2023-06-01 18:08:06'
+            Signature: 0a835e40cdb627d4f0a0d3dbbf64a46a05c132d0b5df9d11cd9c195d7037737057d57a342732ae68d67de47f460e7211c7c40dc29b0a079caff871c4834a9a2fc85e759de9b78659ad6fd79b7320e538e9ba5d52227ad67cc00b0a770ef662af3d743a558643ad89cfb015591709a69b6271a9b65db71898e7cb9964c6376dc474898301a6133198b486b518fdd9d7b9723dcffc441e026833f7c72e27986026c97b9184a0048b10d1fe6847ae467f02173f7a69120be780e5b6b9e6399402cc58735a31b537cc33578fbea443135a4a612359150bcf9ab316f6a9248bc71ef3f3480b9b3fa2341692bc3a121d80214688f7bd87d5ec56dcbd0ea61abf2c7ed2b739a07590adb596d401735d955f5f94c591d69ab4363a42f9fca549d439495711ff7990448c03724792ed4acf31f2b35b136c1b2f37aa82b1aabf7daf059dcb2e976e95311ec6e9cc53876dd09632cf512d39c801849a7c1088a565691953e07c7ff17b22518e982dd2dcc0feda8c834ca1f5e247aef1c3af5f13cd4b8cc1b6c0179bc876db88d677047c34366533e349796dbdea86389ad640710b7742ae8cc4ec88f10fa80ede4b1c93f81b55480fc8228216d54813df0327e74b3db9f3512a40c0568e4215827f9b7a2613deea72a7ec4df2def05e5559015049fe83edc83300526045cb128119e131b7d3573b268e24b0a25b9ad59f6301c8fc8f409322
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 3300000057ee4d659a923e7c10000000000057
+            Version: 3
+            TBS:
+                MD5: fdc11a5676aed4e9cc0c09eeb7450dfb
+                SHA1: 4902077d9a05d4231b791d3b05bafa4a79132f03
+                SHA256: 5db56c23d83bf67c7152e28ad4a684a7372b4ae4f52afe7a81ce91eef94caec3
+                SHA384: c952d7f0e0ea5216ce4400601fb7c0829f0f3fcd6eb2b5b9112fbe45d133e00c4abd660f8e1794f7ac4ef95123e2c0ab
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2014
+            ValidFrom: '2014-10-15 20:31:27'
+            ValidTo: '2029-10-15 20:41:27'
+            Signature: 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 330000000d690d5d7893d076df00000000000d
+            Version: 3
+            TBS:
+                MD5: 83f69422963f11c3c340b81712eef319
+                SHA1: 0c5e5f24590b53bc291e28583acb78e5adc95601
+                SHA256: d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
+                SHA384: 260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63
+        Signer:
+        -   SerialNumber: 3300000057ee4d659a923e7c10000000000057
+            Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2014
+            Version: 1
+    Imphash: b351627263648b1d220bb488e7ec7202
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/f8bddc8b-49b9-41f7-a877-d15ec3f174f9.yaml b/yaml/f8bddc8b-49b9-41f7-a877-d15ec3f174f9.yaml
index 42df998a2..a68a3477e 100644
--- a/yaml/f8bddc8b-49b9-41f7-a877-d15ec3f174f9.yaml
+++ b/yaml/f8bddc8b-49b9-41f7-a877-d15ec3f174f9.yaml
@@ -1,175 +1,175 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: f8bddc8b-49b9-41f7-a877-d15ec3f174f9
+Tags:
+- daxin_blank4.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: malicious
-Commands:
-  Command: sc.exe create daxin_blank4.sys binPath=C:\windows\temp\daxin_blank4.sys     type=kernel
-    && sc.exe start daxin_blank4.sys
-  Description: Driver used in the Daxin malware campaign.
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-02-28'
-Detection: []
-Id: f8bddc8b-49b9-41f7-a877-d15ec3f174f9
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: f66f4d6b97b9e7b0e467daed2ed69bed
-    SHA1: c8f227b45d27c43db4b661ef610efbfacfda8a75
-    SHA256: 15b081ec83a89182b5bb0a642d56513f40810b5b0a42e904ab6d3fa8f34c0446
-  Company: ''
-  Copyright: ''
-  CreationTimestamp: '2010-04-20 02:42:35'
-  Date: ''
-  Description: ''
-  ExportedFunctions: ''
-  FileVersion: ''
-  Filename: daxin_blank4.sys
-  ImportedFunctions:
-  - strlen
-  - IoFreeMdl
-  - MmMapLockedPagesSpecifyCache
-  - ZwClose
-  - IofCompleteRequest
-  - KeResetEvent
-  - InterlockedIncrement
-  - KeSetEvent
-  - InterlockedDecrement
-  - RtlUnicodeStringToInteger
-  - RtlInitUnicodeString
-  - KeInitializeEvent
-  - wcsncmp
-  - wcscat
-  - wcslen
-  - wcscpy
-  - MmBuildMdlForNonPagedPool
-  - IoAllocateMdl
-  - strncmp
-  - MmMapLockedPages
-  - MmProbeAndLockPages
-  - MmUnlockPages
-  - MmUnmapLockedPages
-  - RtlFreeUnicodeString
-  - ZwWriteFile
-  - ZwCreateFile
-  - RtlAnsiStringToUnicodeString
-  - strcat
-  - ZwReadFile
-  - ZwQueryInformationFile
-  - _wcsnicmp
-  - strcmp
-  - _stricmp
-  - MmGetSystemRoutineAddress
-  - ZwQueryValueKey
-  - ZwOpenKey
-  - IoCreateFile
-  - KeWaitForMultipleObjects
-  - strcpy
-  - RtlUnwind
-  - vsprintf
-  - KeWaitForSingleObject
-  - KeDelayExecutionThread
-  - PsTerminateSystemThread
-  - PsCreateSystemThread
-  - ObReferenceObjectByHandle
-  - ExFreePool
-  - KeInitializeSpinLock
-  - KeTickCount
-  - memset
-  - memcpy
-  - RtlCompareUnicodeString
-  - ExAllocatePoolWithTag
-  - KfAcquireSpinLock
-  - KfReleaseSpinLock
-  - PsGetVersion
-  - ZwTerminateProcess
-  - ZwOpenProcess
-  - RtlSetDaclSecurityDescriptor
-  - RtlAddAccessAllowedAce
-  - RtlCreateAcl
-  - RtlLengthSid
-  - RtlCreateSecurityDescriptor
-  - ZwWaitForSingleObject
-  - NtFsControlFile
-  - NtWriteFile
-  - NtReadFile
-  - RtlLengthRequiredSid
-  - RtlImageDirectoryEntryToData
-  - ZwQueryInformationProcess
-  - ZwQuerySystemInformation
-  - PsLookupProcessByProcessId
-  - KeAttachProcess
-  - KeDetachProcess
-  - PsLookupThreadByThreadId
-  - KeInitializeApc
-  - KeInsertQueueApc
-  - ZwOpenFile
-  - ZwDeviceIoControlFile
-  - PsThreadType
-  - NtQuerySystemInformation
-  - NdisAllocateMemory
-  - NdisAllocatePacket
-  - NdisCopyFromPacketToPacket
-  - NdisFreePacket
-  - NdisAllocateBuffer
-  - NdisDeregisterProtocol
-  - NdisRegisterProtocol
-  - NdisAllocateBufferPool
-  - NdisAllocatePacketPool
-  - NdisFreeBufferPool
-  - NdisFreePacketPool
-  - NdisFreeMemory
-  Imports:
-  - NTOSKRNL.EXE
-  - HAL.DLL
-  - ntoskrnl.exe
-  - NDIS.SYS
-  InternalName: ''
-  MD5: 491aec2249ad8e2020f9f9b559ab68a8
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: n/a
-  RichPEHeaderHash:
-    MD5: 1381b25bf0ced4095e632696cc69b688
-    SHA1: 430cd24c4929262cae66fffe4f3aea3e2f1a7d4e
-    SHA256: 8fa76d4c6994c56e80ca822d3f346cbd3934333a2dfa1ea7c7800023b27efe04
-  SHA1: 8692274681e8d10c26ddf2b993f31974b04f5bf0
-  SHA256: 8dafe5f3d0527b66f6857559e3c81872699003e0f2ffda9202a1b5e29db2002e
-  Sections:
-    .text:
-      Entropy: 6.0195250267284255
-      Virtual Size: '0x9786'
-    .rdata:
-      Entropy: 5.526837662527405
-      Virtual Size: '0x4e8'
-    .data:
-      Entropy: 3.0844180409640822
-      Virtual Size: '0xc2300'
-    INIT:
-      Entropy: 5.443407835301055
-      Virtual Size: '0x954'
-    .vmp0:
-      Entropy: 3.0924132037589103
-      Virtual Size: '0xebe'
-    .vmp1:
-      Entropy: 7.965990900452569
-      Virtual Size: '0x211c'
-    .reloc:
-      Entropy: 6.615348924620848
-      Virtual Size: '0x88c'
-  Signature: Unsigned
-  Signatures: {}
-  Imphash: ea37e43ffc7cfcba181c5cff37a9be1f
-  LoadsDespiteHVCI: 'TRUE'
 MitreID: T1068
+Category: malicious
+Commands:
+    Command: sc.exe create daxin_blank4.sys binPath=C:\windows\temp\daxin_blank4.sys     type=kernel
+        && sc.exe start daxin_blank4.sys
+    Description: Driver used in the Daxin malware campaign.
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://gist.github.com/MHaggis/9ab3bb795a6018d70fb11fa7c31f8f48
 - https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/daxin-backdoor-espionage
 - ''
-Tags:
-- daxin_blank4.sys
-Verified: 'TRUE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: f66f4d6b97b9e7b0e467daed2ed69bed
+        SHA1: c8f227b45d27c43db4b661ef610efbfacfda8a75
+        SHA256: 15b081ec83a89182b5bb0a642d56513f40810b5b0a42e904ab6d3fa8f34c0446
+    Company: ''
+    Copyright: ''
+    CreationTimestamp: '2010-04-20 02:42:35'
+    Date: ''
+    Description: ''
+    ExportedFunctions: ''
+    FileVersion: ''
+    Filename: daxin_blank4.sys
+    ImportedFunctions:
+    - strlen
+    - IoFreeMdl
+    - MmMapLockedPagesSpecifyCache
+    - ZwClose
+    - IofCompleteRequest
+    - KeResetEvent
+    - InterlockedIncrement
+    - KeSetEvent
+    - InterlockedDecrement
+    - RtlUnicodeStringToInteger
+    - RtlInitUnicodeString
+    - KeInitializeEvent
+    - wcsncmp
+    - wcscat
+    - wcslen
+    - wcscpy
+    - MmBuildMdlForNonPagedPool
+    - IoAllocateMdl
+    - strncmp
+    - MmMapLockedPages
+    - MmProbeAndLockPages
+    - MmUnlockPages
+    - MmUnmapLockedPages
+    - RtlFreeUnicodeString
+    - ZwWriteFile
+    - ZwCreateFile
+    - RtlAnsiStringToUnicodeString
+    - strcat
+    - ZwReadFile
+    - ZwQueryInformationFile
+    - _wcsnicmp
+    - strcmp
+    - _stricmp
+    - MmGetSystemRoutineAddress
+    - ZwQueryValueKey
+    - ZwOpenKey
+    - IoCreateFile
+    - KeWaitForMultipleObjects
+    - strcpy
+    - RtlUnwind
+    - vsprintf
+    - KeWaitForSingleObject
+    - KeDelayExecutionThread
+    - PsTerminateSystemThread
+    - PsCreateSystemThread
+    - ObReferenceObjectByHandle
+    - ExFreePool
+    - KeInitializeSpinLock
+    - KeTickCount
+    - memset
+    - memcpy
+    - RtlCompareUnicodeString
+    - ExAllocatePoolWithTag
+    - KfAcquireSpinLock
+    - KfReleaseSpinLock
+    - PsGetVersion
+    - ZwTerminateProcess
+    - ZwOpenProcess
+    - RtlSetDaclSecurityDescriptor
+    - RtlAddAccessAllowedAce
+    - RtlCreateAcl
+    - RtlLengthSid
+    - RtlCreateSecurityDescriptor
+    - ZwWaitForSingleObject
+    - NtFsControlFile
+    - NtWriteFile
+    - NtReadFile
+    - RtlLengthRequiredSid
+    - RtlImageDirectoryEntryToData
+    - ZwQueryInformationProcess
+    - ZwQuerySystemInformation
+    - PsLookupProcessByProcessId
+    - KeAttachProcess
+    - KeDetachProcess
+    - PsLookupThreadByThreadId
+    - KeInitializeApc
+    - KeInsertQueueApc
+    - ZwOpenFile
+    - ZwDeviceIoControlFile
+    - PsThreadType
+    - NtQuerySystemInformation
+    - NdisAllocateMemory
+    - NdisAllocatePacket
+    - NdisCopyFromPacketToPacket
+    - NdisFreePacket
+    - NdisAllocateBuffer
+    - NdisDeregisterProtocol
+    - NdisRegisterProtocol
+    - NdisAllocateBufferPool
+    - NdisAllocatePacketPool
+    - NdisFreeBufferPool
+    - NdisFreePacketPool
+    - NdisFreeMemory
+    Imports:
+    - NTOSKRNL.EXE
+    - HAL.DLL
+    - ntoskrnl.exe
+    - NDIS.SYS
+    InternalName: ''
+    MD5: 491aec2249ad8e2020f9f9b559ab68a8
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: n/a
+    RichPEHeaderHash:
+        MD5: 1381b25bf0ced4095e632696cc69b688
+        SHA1: 430cd24c4929262cae66fffe4f3aea3e2f1a7d4e
+        SHA256: 8fa76d4c6994c56e80ca822d3f346cbd3934333a2dfa1ea7c7800023b27efe04
+    SHA1: 8692274681e8d10c26ddf2b993f31974b04f5bf0
+    SHA256: 8dafe5f3d0527b66f6857559e3c81872699003e0f2ffda9202a1b5e29db2002e
+    Sections:
+        .text:
+            Entropy: 6.0195250267284255
+            Virtual Size: '0x9786'
+        .rdata:
+            Entropy: 5.526837662527405
+            Virtual Size: '0x4e8'
+        .data:
+            Entropy: 3.0844180409640822
+            Virtual Size: '0xc2300'
+        INIT:
+            Entropy: 5.443407835301055
+            Virtual Size: '0x954'
+        .vmp0:
+            Entropy: 3.0924132037589103
+            Virtual Size: '0xebe'
+        .vmp1:
+            Entropy: 7.965990900452569
+            Virtual Size: '0x211c'
+        .reloc:
+            Entropy: 6.615348924620848
+            Virtual Size: '0x88c'
+    Signature: Unsigned
+    Signatures: {}
+    Imphash: ea37e43ffc7cfcba181c5cff37a9be1f
+    LoadsDespiteHVCI: 'TRUE'
diff --git a/yaml/f92f4c60-b39c-4726-ba74-dcab7f653ae2.yaml b/yaml/f92f4c60-b39c-4726-ba74-dcab7f653ae2.yaml
index b98ef1072..44f93ecde 100644
--- a/yaml/f92f4c60-b39c-4726-ba74-dcab7f653ae2.yaml
+++ b/yaml/f92f4c60-b39c-4726-ba74-dcab7f653ae2.yaml
@@ -1,568 +1,569 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: f92f4c60-b39c-4726-ba74-dcab7f653ae2
+Tags:
+- hwdetectng.sys
+Verified: 'TRUE'
 Author: Takahiro Haruyama
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create hwdetectngsys binPath= C:\windows\temp\hwdetectngsys.sys
-    type=kernel && sc.exe start hwdetectngsys
-  Description: The Carbon Black Threat Analysis Unit (TAU) discovered 34 unique vulnerable
-    drivers (237 file hashes) accepting firmware access. Six allow kernel memory access.
-    All give full control of the devices to non-admin users. By exploiting the vulnerable
-    drivers, an attacker without the system privilege may erase/alter firmware, and/or
-    elevate privileges. As of the time of writing in October 2023, the filenames of
-    the vulnerable drivers have not been made public until now.
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-11-02'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: f92f4c60-b39c-4726-ba74-dcab7f653ae2
-KnownVulnerableSamples:
-- Company: iNFERRE
-  Date: ''
-  Description: HWDetectNG
-  FileVersion: '2.8 built by: WinDDK'
-  Filename: ''
-  MD5: 2a5fb925125af951bd76c00579d61666
-  MachineType: AMD64
-  OriginalFilename: hwdetectng.sys
-  Product: hwdetectng.sys
-  ProductVersion: '2.8'
-  Publisher: ''
-  SHA1: 75dd52e28c40cd22e38ae2a74b52eb0cddfcb2c4
-  SHA256: 2f8b68de1e541093f2d4525a0d02f36d361cd69ee8b1db18e6dd064af3856f4f
-  Signature: ''
-  Imphash: 6e796fd10b55f58fd0ec9f122a14e918
-  Authentihash:
-    MD5: 4ba7b8be35d807e1bed633e7ca5a3106
-    SHA1: 0a91d2278becb99b1128e480fe0524b6b92a8326
-    SHA256: 39b8c4549fcf28f4b5d8aee04bf170f648272197a631c3487a34fdb8d4a826b6
-  RichPEHeaderHash:
-    MD5: dc868591e4061a8ee6ad1e1a68adbc11
-    SHA1: 2883cab1a1d87d86f32feeaa25fc593deb69075a
-    SHA256: ae6a7b48660bebb24d349dcb2795a9c1f5fb2d89a9bd2a8ad6737139a3f7da53
-  Sections:
-    .text:
-      Entropy: 6.109837840069236
-      Virtual Size: '0x241e'
-    .rdata:
-      Entropy: 4.524797648949431
-      Virtual Size: '0x2d4'
-    .data:
-      Entropy: 0.30140680731160896
-      Virtual Size: '0x960'
-    .pdata:
-      Entropy: 3.8169456133588318
-      Virtual Size: '0xfc'
-    INIT:
-      Entropy: 4.948480630137199
-      Virtual Size: '0x37a'
-    .rsrc:
-      Entropy: 3.3405647393075157
-      Virtual Size: '0x338'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2009-01-10 03:54:33'
-  InternalName: hwdetectng.sys
-  Copyright: (c) 2008-09 iNFERRE
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - KeInitializeEvent
-  - RtlInitAnsiString
-  - MmUnmapIoSpace
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - KeWaitForSingleObject
-  - IoDeleteDevice
-  - IoCreateSymbolicLink
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - IoBuildDeviceIoControlRequest
-  - IoDeleteSymbolicLink
-  - IofCallDriver
-  - KeBugCheckEx
-  - RtlInitUnicodeString
-  - PsGetVersion
-  - RtlAnsiStringToUnicodeString
-  - __C_specific_handler
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: CN=GlobalSign RootSign Partners CA, OU=RootSign Partners CA, O=GlobalSign
-        nv,sa, C=BE
-      ValidFrom: '2003-12-16 13:00:00'
-      ValidTo: '2014-01-27 11:00:00'
-      Signature: 5c2f2e674a26b3e7b53f353cdda003ed569af9443752163065c7d14ea20f8db7b6b6678ee74cec8d95bee6cea7227874acd7f87499b3f7ce8b1338d596cc8d76c52f38b23aae61be0b8799e321626423398d84f6858df777ffb03806f07ec1485fb5ee582606660522749283a7dbb5f992e3e8c3192c2e63efbb1fdff9f70747660d0789977ef8332c9ecbae143df11cdfa3f179afc8928f9471c4d144c554db1eb50b0aa942a3afd643391dee8f9398585bbe6e9c0bf563ec5e99c2f954fa010746da0db06424cf8ed1061d4f3ca26377455ba4bc5fb080bb31e00b54015c161d724ed52a6947d11b667e5f016ef135916be02efeb045d81627b5c58bc2da53
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 040000000000f97faa2e1e
-      Version: 3
-      TBS:
-        MD5: 59466cb0c1788b2f251fce3495837102
-        SHA1: c5cfc5f6a131a3a77c3905c9893c99bb1b2baa0b
-        SHA256: eedda02668f7636eeec69429a7164cc47ca3de0539122d37f5b8078df7ee56db
-        SHA384: 982b72c3ee7066ce80ee642444c91adc60e7009fc6ef981a32edf666591d6aedb09d258e10e86f4ef265eae8149bbd92
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
-        Primary Object Publishing CA
-      ValidFrom: '1999-01-28 12:00:00'
-      ValidTo: '2014-01-27 11:00:00'
-      Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9611cd6
-      Version: 3
-      TBS:
-        MD5: 698f075151097d84c0b1f3e7bc3d6fca
-        SHA1: 041750993d7c9e063f02dfe74699598640911aab
-        SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
-        SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
-    - Subject: O=GlobalSign, CN=GlobalSign Time Stamping Authority, emailAddress=timestampinfo@globalsign.com
-      ValidFrom: '2007-02-05 09:00:00'
-      ValidTo: '2014-01-27 09:00:00'
-      Signature: 649b07caaccc411e37ef6f349cb5e8ca48f9daeafaf7172e5cad193b7311ec5adbfd7b213161c092515bb166b07c64d8fe10b471a8bc9e75379c5f6ff2da0437b8ecc003e256b7785995581d7a7c3e18d74c32bdf91ee723457fdee08d65825b45fd64c66fc3d7ea12411d0c395ef696f8c3cd9e1fff51886976988b8eb42788821ad63c7aabb04eb73ee8d434d2c1a439533cb2747b15373054a6ebb924cc2f084b4364f14aaf8d9ce8546cb2dbdc3bb1c722849f558e72a8b2a8f6f0ff03c996ebab8273dabe45561936fdba6cbc71f0d3c7c376d7e4bce2a1a67200cfbdb200ed92aa39ab09d16e3953862ad43b517398b754e9972d9977ee123e3642257f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000011092eb8295
-      Version: 3
-      TBS:
-        MD5: 11d73a3638fc78e0bac6c459feadcc42
-        SHA1: 6636f7dcf81b370b919966f9063295ec84422f91
-        SHA256: 1eb5fc1d2e3254b1e3c4587a6efed87ee65306525e684b4cfa4b51893cfe86a3
-        SHA384: a13c07e505c79c58654ad2cffe219c6c801fa092c52f18c489a6061420c6475706f11c200f4dadd51718c660e49b3f24
-    - Subject: C=DE, O=iNFERRE, CN=iNFERRE, emailAddress=info@inferre.de
-      ValidFrom: '2009-01-08 12:13:16'
-      ValidTo: '2010-01-08 12:13:16'
-      Signature: 72e37d0068aea54881842e43059a019fcab192f655fc089b406c9a8b341cf1bc65a8c767114a16e9b1266ba9ac5715736f6d9b9b039a9f7d8afb785a1e7020cf2b095e0d2d0b0677743888a4a51ce68473e7cfd204078915b6830cbd77a6f88a030741ae876f94432ea7fb5bcdfd6591c702356a9fec5e6a19cfe19984d4653feea6e1e2e73ba38c3a56aeaacde82cda983ee18efb7a11677a64bd8c7e171a8b0c023e4fc3e611c3d8461b39ed3b97f382448c9510ab6808f9bea9fcf6275220c09d73ce345437ad789e4e84e668f6b6cf26aad4feda20551ac6010b0323ee82cdc047bb3501987d81800e1818f55b9cea174ea1e1c68045927d373239e595d9
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0100000000011eb6590a5e
-      Version: 3
-      TBS:
-        MD5: 5e43f6d26158ba6af72f462711ffbda8
-        SHA1: 810286c6701d2b3c310250e18e8435e3d4a3c8a3
-        SHA256: d102f99864124d4cd6bd5c4d488ac3dd49566dae9c9e4a0030e0cf9a0edba634
-        SHA384: 750d802e65a529292101d5ce4447d8a50fa1c145e58af5a491f45ee4cfbaf3fa5becf441fb14c19d4c0a649a99ecb19b
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      ValidFrom: '2004-01-22 09:00:00'
-      ValidTo: '2014-01-27 10:00:00'
-      Signature: 3c4a010267edf20a2e736e40252f1dccbc2db652141b27122cf1229e190a89b6ef352a29152b1a88c20f37168d2602d5e93080f608b9939ac0498f332c3035ff4ab9892aa75c38e761a778fe22851a07b4b9edcf21f25ddedff329c5d38d9e14c4285c88e590a300442912b23e759540244a6beee2d0ef862ddf6d741a4f1cc79424c443464f7b81015d23733cd9752e995361565e7ccd13e237d222e570f8a743f6154147fda24702c43651ca545da6cdcad61817533ff1d38e0f0aafda17941657a0991431c90e1611d2c04ca2a25978fbb6b933cff763c9d2c4c84953dd8a59525e7d3b385eed220360ac85cd58325dcdc31c07fa7ef67efbc8ac378be498
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000117ab50b915
-      Version: 3
-      TBS:
-        MD5: 5686b287d716c4d2428b092c4ef30f9c
-        SHA1: 306fb5fbeb3d531510bb4b663c4fd48adc121e14
-        SHA256: 60846fc990e271a707cd2d53d0bb21834a04f7652214aa0c12597ff6649d352d
-        SHA384: 6b37b28ca97b32a31b0fa53b5e961ae0f2d1aae2c5bf46de132e57834ee3968d9af7ad204821f9389cc4e0b5a8481fe8
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 0100000000011eb6590a5e
-      Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: iNFERRE
-  Date: ''
-  Description: HWDetectNG
-  FileVersion: '2.8 built by: WinDDK'
-  Filename: ''
-  MD5: 17fe96af33f1fe475957689aeb5f816e
-  MachineType: I386
-  OriginalFilename: hwdetectng.sys
-  Product: hwdetectng.sys
-  ProductVersion: '2.8'
-  Publisher: ''
-  SHA1: a547c5b1543a4c3a4f91208d377a2b513088f4a4
-  SHA256: 43136de6b77ef85bc661d401723f38624e93c4408d758bc9f27987f2b4511fee
-  Signature: ''
-  Imphash: 81ba5280406320ce6f03a9817d7d6035
-  Authentihash:
-    MD5: 6863b0cfa59b423f3c8807a6134606f6
-    SHA1: c681fa2eee7661b56933371375702a4bb5b28460
-    SHA256: e38c1b19e1bef9be8e9d8aa0d599086acb33867988e4077e0e7f35cc2bb30738
-  RichPEHeaderHash:
-    MD5: 2164a9839cbf1fa60bc079887c06c517
-    SHA1: 39df33a00fe99cf6012c2c00b0e25eb61e507c1c
-    SHA256: 713334cd5738cd6018557f6b0076dcc493b6e42ee4d3677f2ae28be7cdc09a59
-  Sections:
-    .text:
-      Entropy: 6.355377918248074
-      Virtual Size: '0x1da2'
-    .rdata:
-      Entropy: 4.011447131780805
-      Virtual Size: '0x1d4'
-    .data:
-      Entropy: 0.04728921714680376
-      Virtual Size: '0x840'
-    INIT:
-      Entropy: 5.600917511412774
-      Virtual Size: '0x4c6'
-    .rsrc:
-      Entropy: 3.3399698060603393
-      Virtual Size: '0x338'
-    .reloc:
-      Entropy: 5.65361579991719
-      Virtual Size: '0x1f6'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2009-01-10 03:53:00'
-  InternalName: hwdetectng.sys
-  Copyright: (c) 2008-09 iNFERRE
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - READ_REGISTER_BUFFER_USHORT
-  - READ_REGISTER_BUFFER_ULONG
-  - WRITE_REGISTER_BUFFER_UCHAR
-  - WRITE_REGISTER_BUFFER_USHORT
-  - WRITE_REGISTER_BUFFER_ULONG
-  - KeWaitForSingleObject
-  - IofCallDriver
-  - IoBuildDeviceIoControlRequest
-  - KeInitializeEvent
-  - RtlFreeUnicodeString
-  - ObfDereferenceObject
-  - IoGetDeviceObjectPointer
-  - RtlAnsiStringToUnicodeString
-  - READ_REGISTER_BUFFER_UCHAR
-  - MmIsAddressValid
-  - memcpy
-  - IofCompleteRequest
-  - MmFreeNonCachedMemory
-  - Ke386SetIoAccessMap
-  - Ke386IoSetAccessProcess
-  - IoGetCurrentProcess
-  - MmAllocateNonCachedMemory
-  - memset
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeTickCount
-  - KeBugCheckEx
-  - RtlInitUnicodeString
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - RtlInitAnsiString
-  - PsGetVersion
-  - RtlUnwind
-  - READ_PORT_ULONG
-  - KfRaiseIrql
-  - KfLowerIrql
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  - HalGetBusData
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: CN=GlobalSign RootSign Partners CA, OU=RootSign Partners CA, O=GlobalSign
-        nv,sa, C=BE
-      ValidFrom: '2003-12-16 13:00:00'
-      ValidTo: '2014-01-27 11:00:00'
-      Signature: 5c2f2e674a26b3e7b53f353cdda003ed569af9443752163065c7d14ea20f8db7b6b6678ee74cec8d95bee6cea7227874acd7f87499b3f7ce8b1338d596cc8d76c52f38b23aae61be0b8799e321626423398d84f6858df777ffb03806f07ec1485fb5ee582606660522749283a7dbb5f992e3e8c3192c2e63efbb1fdff9f70747660d0789977ef8332c9ecbae143df11cdfa3f179afc8928f9471c4d144c554db1eb50b0aa942a3afd643391dee8f9398585bbe6e9c0bf563ec5e99c2f954fa010746da0db06424cf8ed1061d4f3ca26377455ba4bc5fb080bb31e00b54015c161d724ed52a6947d11b667e5f016ef135916be02efeb045d81627b5c58bc2da53
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 040000000000f97faa2e1e
-      Version: 3
-      TBS:
-        MD5: 59466cb0c1788b2f251fce3495837102
-        SHA1: c5cfc5f6a131a3a77c3905c9893c99bb1b2baa0b
-        SHA256: eedda02668f7636eeec69429a7164cc47ca3de0539122d37f5b8078df7ee56db
-        SHA384: 982b72c3ee7066ce80ee642444c91adc60e7009fc6ef981a32edf666591d6aedb09d258e10e86f4ef265eae8149bbd92
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
-        Primary Object Publishing CA
-      ValidFrom: '1999-01-28 12:00:00'
-      ValidTo: '2014-01-27 11:00:00'
-      Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9611cd6
-      Version: 3
-      TBS:
-        MD5: 698f075151097d84c0b1f3e7bc3d6fca
-        SHA1: 041750993d7c9e063f02dfe74699598640911aab
-        SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
-        SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
-    - Subject: O=GlobalSign, CN=GlobalSign Time Stamping Authority, emailAddress=timestampinfo@globalsign.com
-      ValidFrom: '2007-02-05 09:00:00'
-      ValidTo: '2014-01-27 09:00:00'
-      Signature: 649b07caaccc411e37ef6f349cb5e8ca48f9daeafaf7172e5cad193b7311ec5adbfd7b213161c092515bb166b07c64d8fe10b471a8bc9e75379c5f6ff2da0437b8ecc003e256b7785995581d7a7c3e18d74c32bdf91ee723457fdee08d65825b45fd64c66fc3d7ea12411d0c395ef696f8c3cd9e1fff51886976988b8eb42788821ad63c7aabb04eb73ee8d434d2c1a439533cb2747b15373054a6ebb924cc2f084b4364f14aaf8d9ce8546cb2dbdc3bb1c722849f558e72a8b2a8f6f0ff03c996ebab8273dabe45561936fdba6cbc71f0d3c7c376d7e4bce2a1a67200cfbdb200ed92aa39ab09d16e3953862ad43b517398b754e9972d9977ee123e3642257f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000011092eb8295
-      Version: 3
-      TBS:
-        MD5: 11d73a3638fc78e0bac6c459feadcc42
-        SHA1: 6636f7dcf81b370b919966f9063295ec84422f91
-        SHA256: 1eb5fc1d2e3254b1e3c4587a6efed87ee65306525e684b4cfa4b51893cfe86a3
-        SHA384: a13c07e505c79c58654ad2cffe219c6c801fa092c52f18c489a6061420c6475706f11c200f4dadd51718c660e49b3f24
-    - Subject: C=DE, O=iNFERRE, CN=iNFERRE, emailAddress=info@inferre.de
-      ValidFrom: '2009-01-08 12:13:16'
-      ValidTo: '2010-01-08 12:13:16'
-      Signature: 72e37d0068aea54881842e43059a019fcab192f655fc089b406c9a8b341cf1bc65a8c767114a16e9b1266ba9ac5715736f6d9b9b039a9f7d8afb785a1e7020cf2b095e0d2d0b0677743888a4a51ce68473e7cfd204078915b6830cbd77a6f88a030741ae876f94432ea7fb5bcdfd6591c702356a9fec5e6a19cfe19984d4653feea6e1e2e73ba38c3a56aeaacde82cda983ee18efb7a11677a64bd8c7e171a8b0c023e4fc3e611c3d8461b39ed3b97f382448c9510ab6808f9bea9fcf6275220c09d73ce345437ad789e4e84e668f6b6cf26aad4feda20551ac6010b0323ee82cdc047bb3501987d81800e1818f55b9cea174ea1e1c68045927d373239e595d9
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0100000000011eb6590a5e
-      Version: 3
-      TBS:
-        MD5: 5e43f6d26158ba6af72f462711ffbda8
-        SHA1: 810286c6701d2b3c310250e18e8435e3d4a3c8a3
-        SHA256: d102f99864124d4cd6bd5c4d488ac3dd49566dae9c9e4a0030e0cf9a0edba634
-        SHA384: 750d802e65a529292101d5ce4447d8a50fa1c145e58af5a491f45ee4cfbaf3fa5becf441fb14c19d4c0a649a99ecb19b
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      ValidFrom: '2004-01-22 09:00:00'
-      ValidTo: '2014-01-27 10:00:00'
-      Signature: 3c4a010267edf20a2e736e40252f1dccbc2db652141b27122cf1229e190a89b6ef352a29152b1a88c20f37168d2602d5e93080f608b9939ac0498f332c3035ff4ab9892aa75c38e761a778fe22851a07b4b9edcf21f25ddedff329c5d38d9e14c4285c88e590a300442912b23e759540244a6beee2d0ef862ddf6d741a4f1cc79424c443464f7b81015d23733cd9752e995361565e7ccd13e237d222e570f8a743f6154147fda24702c43651ca545da6cdcad61817533ff1d38e0f0aafda17941657a0991431c90e1611d2c04ca2a25978fbb6b933cff763c9d2c4c84953dd8a59525e7d3b385eed220360ac85cd58325dcdc31c07fa7ef67efbc8ac378be498
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000117ab50b915
-      Version: 3
-      TBS:
-        MD5: 5686b287d716c4d2428b092c4ef30f9c
-        SHA1: 306fb5fbeb3d531510bb4b663c4fd48adc121e14
-        SHA256: 60846fc990e271a707cd2d53d0bb21834a04f7652214aa0c12597ff6649d352d
-        SHA384: 6b37b28ca97b32a31b0fa53b5e961ae0f2d1aae2c5bf46de132e57834ee3968d9af7ad204821f9389cc4e0b5a8481fe8
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 0100000000011eb6590a5e
-      Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: iNFERRE
-  Date: ''
-  Description: HWDetectNG
-  FileVersion: '2.8 built by: WinDDK'
-  Filename: ''
-  MD5: 62792c30836ae7861c3ca2409cd35c02
-  MachineType: I386
-  OriginalFilename: hwdetectng.sys
-  Product: hwdetectng.sys
-  ProductVersion: '2.8'
-  Publisher: ''
-  SHA1: bda26e533ef971d501095950010081b772920afc
-  SHA256: d45600f3015a54fa2c9baa7897edbd821aeea2532e6aadb8065415ed0a23d0c2
-  Signature: ''
-  Imphash: 89f3f52b23bdf03bd2bb7eb3cfab8817
-  Authentihash:
-    MD5: d3159f03de95f81157c4f724aeeada33
-    SHA1: f08b5536b989208f0b072862ad92573545a47dfe
-    SHA256: c92df36fa57fd215aef78a016c6cf6bd535bb3472ce4eb07e403535daa96318c
-  RichPEHeaderHash:
-    MD5: cc0693c7e0d7543e93d109cd8afb59d6
-    SHA1: bceeec433416dd2ca37b2be43c8c3cd9cd1c0211
-    SHA256: 80e6fce7931e5f34b33ff172cb9bcf5206916adc7af7746b7e220c98e0f30684
-  Sections:
-    .text:
-      Entropy: 6.344999936726902
-      Virtual Size: '0x1dde'
-    .rdata:
-      Entropy: 4.042185411492534
-      Virtual Size: '0x1d4'
-    .data:
-      Entropy: 0.24044503450968063
-      Virtual Size: '0x840'
-    INIT:
-      Entropy: 5.529088121943655
-      Virtual Size: '0x4c6'
-    .rsrc:
-      Entropy: 3.341480864916937
-      Virtual Size: '0x338'
-    .reloc:
-      Entropy: 5.500048045775867
-      Virtual Size: '0x20e'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2009-01-10 03:51:57'
-  InternalName: hwdetectng.sys
-  Copyright: (c) 2008-09 iNFERRE
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - READ_REGISTER_BUFFER_USHORT
-  - READ_REGISTER_BUFFER_ULONG
-  - WRITE_REGISTER_BUFFER_UCHAR
-  - WRITE_REGISTER_BUFFER_USHORT
-  - WRITE_REGISTER_BUFFER_ULONG
-  - KeWaitForSingleObject
-  - IofCallDriver
-  - IoBuildDeviceIoControlRequest
-  - KeInitializeEvent
-  - RtlFreeUnicodeString
-  - ObfDereferenceObject
-  - IoGetDeviceObjectPointer
-  - RtlAnsiStringToUnicodeString
-  - RtlInitAnsiString
-  - READ_REGISTER_BUFFER_UCHAR
-  - memcpy
-  - IofCompleteRequest
-  - MmFreeNonCachedMemory
-  - Ke386SetIoAccessMap
-  - Ke386IoSetAccessProcess
-  - IoGetCurrentProcess
-  - MmAllocateNonCachedMemory
-  - memset
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeTickCount
-  - KeBugCheckEx
-  - RtlUnwind
-  - RtlInitUnicodeString
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - MmIsAddressValid
-  - PsGetVersion
-  - READ_PORT_ULONG
-  - KfRaiseIrql
-  - KfLowerIrql
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  - HalGetBusData
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: CN=GlobalSign RootSign Partners CA, OU=RootSign Partners CA, O=GlobalSign
-        nv,sa, C=BE
-      ValidFrom: '2003-12-16 13:00:00'
-      ValidTo: '2014-01-27 11:00:00'
-      Signature: 5c2f2e674a26b3e7b53f353cdda003ed569af9443752163065c7d14ea20f8db7b6b6678ee74cec8d95bee6cea7227874acd7f87499b3f7ce8b1338d596cc8d76c52f38b23aae61be0b8799e321626423398d84f6858df777ffb03806f07ec1485fb5ee582606660522749283a7dbb5f992e3e8c3192c2e63efbb1fdff9f70747660d0789977ef8332c9ecbae143df11cdfa3f179afc8928f9471c4d144c554db1eb50b0aa942a3afd643391dee8f9398585bbe6e9c0bf563ec5e99c2f954fa010746da0db06424cf8ed1061d4f3ca26377455ba4bc5fb080bb31e00b54015c161d724ed52a6947d11b667e5f016ef135916be02efeb045d81627b5c58bc2da53
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 040000000000f97faa2e1e
-      Version: 3
-      TBS:
-        MD5: 59466cb0c1788b2f251fce3495837102
-        SHA1: c5cfc5f6a131a3a77c3905c9893c99bb1b2baa0b
-        SHA256: eedda02668f7636eeec69429a7164cc47ca3de0539122d37f5b8078df7ee56db
-        SHA384: 982b72c3ee7066ce80ee642444c91adc60e7009fc6ef981a32edf666591d6aedb09d258e10e86f4ef265eae8149bbd92
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
-        Primary Object Publishing CA
-      ValidFrom: '1999-01-28 12:00:00'
-      ValidTo: '2014-01-27 11:00:00'
-      Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000108d9611cd6
-      Version: 3
-      TBS:
-        MD5: 698f075151097d84c0b1f3e7bc3d6fca
-        SHA1: 041750993d7c9e063f02dfe74699598640911aab
-        SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
-        SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
-    - Subject: O=GlobalSign, CN=GlobalSign Time Stamping Authority, emailAddress=timestampinfo@globalsign.com
-      ValidFrom: '2007-02-05 09:00:00'
-      ValidTo: '2014-01-27 09:00:00'
-      Signature: 649b07caaccc411e37ef6f349cb5e8ca48f9daeafaf7172e5cad193b7311ec5adbfd7b213161c092515bb166b07c64d8fe10b471a8bc9e75379c5f6ff2da0437b8ecc003e256b7785995581d7a7c3e18d74c32bdf91ee723457fdee08d65825b45fd64c66fc3d7ea12411d0c395ef696f8c3cd9e1fff51886976988b8eb42788821ad63c7aabb04eb73ee8d434d2c1a439533cb2747b15373054a6ebb924cc2f084b4364f14aaf8d9ce8546cb2dbdc3bb1c722849f558e72a8b2a8f6f0ff03c996ebab8273dabe45561936fdba6cbc71f0d3c7c376d7e4bce2a1a67200cfbdb200ed92aa39ab09d16e3953862ad43b517398b754e9972d9977ee123e3642257f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000011092eb8295
-      Version: 3
-      TBS:
-        MD5: 11d73a3638fc78e0bac6c459feadcc42
-        SHA1: 6636f7dcf81b370b919966f9063295ec84422f91
-        SHA256: 1eb5fc1d2e3254b1e3c4587a6efed87ee65306525e684b4cfa4b51893cfe86a3
-        SHA384: a13c07e505c79c58654ad2cffe219c6c801fa092c52f18c489a6061420c6475706f11c200f4dadd51718c660e49b3f24
-    - Subject: C=DE, O=iNFERRE, CN=iNFERRE, emailAddress=info@inferre.de
-      ValidFrom: '2009-01-08 12:13:16'
-      ValidTo: '2010-01-08 12:13:16'
-      Signature: 72e37d0068aea54881842e43059a019fcab192f655fc089b406c9a8b341cf1bc65a8c767114a16e9b1266ba9ac5715736f6d9b9b039a9f7d8afb785a1e7020cf2b095e0d2d0b0677743888a4a51ce68473e7cfd204078915b6830cbd77a6f88a030741ae876f94432ea7fb5bcdfd6591c702356a9fec5e6a19cfe19984d4653feea6e1e2e73ba38c3a56aeaacde82cda983ee18efb7a11677a64bd8c7e171a8b0c023e4fc3e611c3d8461b39ed3b97f382448c9510ab6808f9bea9fcf6275220c09d73ce345437ad789e4e84e668f6b6cf26aad4feda20551ac6010b0323ee82cdc047bb3501987d81800e1818f55b9cea174ea1e1c68045927d373239e595d9
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0100000000011eb6590a5e
-      Version: 3
-      TBS:
-        MD5: 5e43f6d26158ba6af72f462711ffbda8
-        SHA1: 810286c6701d2b3c310250e18e8435e3d4a3c8a3
-        SHA256: d102f99864124d4cd6bd5c4d488ac3dd49566dae9c9e4a0030e0cf9a0edba634
-        SHA384: 750d802e65a529292101d5ce4447d8a50fa1c145e58af5a491f45ee4cfbaf3fa5becf441fb14c19d4c0a649a99ecb19b
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      ValidFrom: '2004-01-22 09:00:00'
-      ValidTo: '2014-01-27 10:00:00'
-      Signature: 3c4a010267edf20a2e736e40252f1dccbc2db652141b27122cf1229e190a89b6ef352a29152b1a88c20f37168d2602d5e93080f608b9939ac0498f332c3035ff4ab9892aa75c38e761a778fe22851a07b4b9edcf21f25ddedff329c5d38d9e14c4285c88e590a300442912b23e759540244a6beee2d0ef862ddf6d741a4f1cc79424c443464f7b81015d23733cd9752e995361565e7ccd13e237d222e570f8a743f6154147fda24702c43651ca545da6cdcad61817533ff1d38e0f0aafda17941657a0991431c90e1611d2c04ca2a25978fbb6b933cff763c9d2c4c84953dd8a59525e7d3b385eed220360ac85cd58325dcdc31c07fa7ef67efbc8ac378be498
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 04000000000117ab50b915
-      Version: 3
-      TBS:
-        MD5: 5686b287d716c4d2428b092c4ef30f9c
-        SHA1: 306fb5fbeb3d531510bb4b663c4fd48adc121e14
-        SHA256: 60846fc990e271a707cd2d53d0bb21834a04f7652214aa0c12597ff6649d352d
-        SHA384: 6b37b28ca97b32a31b0fa53b5e961ae0f2d1aae2c5bf46de132e57834ee3968d9af7ad204821f9389cc4e0b5a8481fe8
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2006-05-23 17:00:51'
-      ValidTo: '2016-05-23 17:10:51'
-      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610b7f6b000000000019
-      Version: 3
-      TBS:
-        MD5: 4798d55be7663a75649cda4dedc686ef
-        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
-        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
-        SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
-    Signer:
-    - SerialNumber: 0100000000011eb6590a5e
-      Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create hwdetectngsys binPath= C:\windows\temp\hwdetectngsys.sys
+        type=kernel && sc.exe start hwdetectngsys
+    Description: The Carbon Black Threat Analysis Unit (TAU) discovered 34 unique
+        vulnerable drivers (237 file hashes) accepting firmware access. Six allow
+        kernel memory access. All give full control of the devices to non-admin users.
+        By exploiting the vulnerable drivers, an attacker without the system privilege
+        may erase/alter firmware, and/or elevate privileges. As of the time of writing
+        in October 2023, the filenames of the vulnerable drivers have not been made
+        public until now.
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://blogs.vmware.com/security/2023/10/hunting-vulnerable-kernel-drivers.html
-Tags:
-- hwdetectng.sys
-Verified: 'TRUE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Company: iNFERRE
+    Date: ''
+    Description: HWDetectNG
+    FileVersion: '2.8 built by: WinDDK'
+    Filename: ''
+    MD5: 2a5fb925125af951bd76c00579d61666
+    MachineType: AMD64
+    OriginalFilename: hwdetectng.sys
+    Product: hwdetectng.sys
+    ProductVersion: '2.8'
+    Publisher: ''
+    SHA1: 75dd52e28c40cd22e38ae2a74b52eb0cddfcb2c4
+    SHA256: 2f8b68de1e541093f2d4525a0d02f36d361cd69ee8b1db18e6dd064af3856f4f
+    Signature: ''
+    Imphash: 6e796fd10b55f58fd0ec9f122a14e918
+    Authentihash:
+        MD5: 4ba7b8be35d807e1bed633e7ca5a3106
+        SHA1: 0a91d2278becb99b1128e480fe0524b6b92a8326
+        SHA256: 39b8c4549fcf28f4b5d8aee04bf170f648272197a631c3487a34fdb8d4a826b6
+    RichPEHeaderHash:
+        MD5: dc868591e4061a8ee6ad1e1a68adbc11
+        SHA1: 2883cab1a1d87d86f32feeaa25fc593deb69075a
+        SHA256: ae6a7b48660bebb24d349dcb2795a9c1f5fb2d89a9bd2a8ad6737139a3f7da53
+    Sections:
+        .text:
+            Entropy: 6.109837840069236
+            Virtual Size: '0x241e'
+        .rdata:
+            Entropy: 4.524797648949431
+            Virtual Size: '0x2d4'
+        .data:
+            Entropy: 0.30140680731160896
+            Virtual Size: '0x960'
+        .pdata:
+            Entropy: 3.8169456133588318
+            Virtual Size: '0xfc'
+        INIT:
+            Entropy: 4.948480630137199
+            Virtual Size: '0x37a'
+        .rsrc:
+            Entropy: 3.3405647393075157
+            Virtual Size: '0x338'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2009-01-10 03:54:33'
+    InternalName: hwdetectng.sys
+    Copyright: (c) 2008-09 iNFERRE
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - KeInitializeEvent
+    - RtlInitAnsiString
+    - MmUnmapIoSpace
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - KeWaitForSingleObject
+    - IoDeleteDevice
+    - IoCreateSymbolicLink
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - IoBuildDeviceIoControlRequest
+    - IoDeleteSymbolicLink
+    - IofCallDriver
+    - KeBugCheckEx
+    - RtlInitUnicodeString
+    - PsGetVersion
+    - RtlAnsiStringToUnicodeString
+    - __C_specific_handler
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: CN=GlobalSign RootSign Partners CA, OU=RootSign Partners CA,
+                O=GlobalSign nv,sa, C=BE
+            ValidFrom: '2003-12-16 13:00:00'
+            ValidTo: '2014-01-27 11:00:00'
+            Signature: 5c2f2e674a26b3e7b53f353cdda003ed569af9443752163065c7d14ea20f8db7b6b6678ee74cec8d95bee6cea7227874acd7f87499b3f7ce8b1338d596cc8d76c52f38b23aae61be0b8799e321626423398d84f6858df777ffb03806f07ec1485fb5ee582606660522749283a7dbb5f992e3e8c3192c2e63efbb1fdff9f70747660d0789977ef8332c9ecbae143df11cdfa3f179afc8928f9471c4d144c554db1eb50b0aa942a3afd643391dee8f9398585bbe6e9c0bf563ec5e99c2f954fa010746da0db06424cf8ed1061d4f3ca26377455ba4bc5fb080bb31e00b54015c161d724ed52a6947d11b667e5f016ef135916be02efeb045d81627b5c58bc2da53
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 040000000000f97faa2e1e
+            Version: 3
+            TBS:
+                MD5: 59466cb0c1788b2f251fce3495837102
+                SHA1: c5cfc5f6a131a3a77c3905c9893c99bb1b2baa0b
+                SHA256: eedda02668f7636eeec69429a7164cc47ca3de0539122d37f5b8078df7ee56db
+                SHA384: 982b72c3ee7066ce80ee642444c91adc60e7009fc6ef981a32edf666591d6aedb09d258e10e86f4ef265eae8149bbd92
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
+                Primary Object Publishing CA
+            ValidFrom: '1999-01-28 12:00:00'
+            ValidTo: '2014-01-27 11:00:00'
+            Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9611cd6
+            Version: 3
+            TBS:
+                MD5: 698f075151097d84c0b1f3e7bc3d6fca
+                SHA1: 041750993d7c9e063f02dfe74699598640911aab
+                SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
+                SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
+        -   Subject: O=GlobalSign, CN=GlobalSign Time Stamping Authority, emailAddress=timestampinfo@globalsign.com
+            ValidFrom: '2007-02-05 09:00:00'
+            ValidTo: '2014-01-27 09:00:00'
+            Signature: 649b07caaccc411e37ef6f349cb5e8ca48f9daeafaf7172e5cad193b7311ec5adbfd7b213161c092515bb166b07c64d8fe10b471a8bc9e75379c5f6ff2da0437b8ecc003e256b7785995581d7a7c3e18d74c32bdf91ee723457fdee08d65825b45fd64c66fc3d7ea12411d0c395ef696f8c3cd9e1fff51886976988b8eb42788821ad63c7aabb04eb73ee8d434d2c1a439533cb2747b15373054a6ebb924cc2f084b4364f14aaf8d9ce8546cb2dbdc3bb1c722849f558e72a8b2a8f6f0ff03c996ebab8273dabe45561936fdba6cbc71f0d3c7c376d7e4bce2a1a67200cfbdb200ed92aa39ab09d16e3953862ad43b517398b754e9972d9977ee123e3642257f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000011092eb8295
+            Version: 3
+            TBS:
+                MD5: 11d73a3638fc78e0bac6c459feadcc42
+                SHA1: 6636f7dcf81b370b919966f9063295ec84422f91
+                SHA256: 1eb5fc1d2e3254b1e3c4587a6efed87ee65306525e684b4cfa4b51893cfe86a3
+                SHA384: a13c07e505c79c58654ad2cffe219c6c801fa092c52f18c489a6061420c6475706f11c200f4dadd51718c660e49b3f24
+        -   Subject: C=DE, O=iNFERRE, CN=iNFERRE, emailAddress=info@inferre.de
+            ValidFrom: '2009-01-08 12:13:16'
+            ValidTo: '2010-01-08 12:13:16'
+            Signature: 72e37d0068aea54881842e43059a019fcab192f655fc089b406c9a8b341cf1bc65a8c767114a16e9b1266ba9ac5715736f6d9b9b039a9f7d8afb785a1e7020cf2b095e0d2d0b0677743888a4a51ce68473e7cfd204078915b6830cbd77a6f88a030741ae876f94432ea7fb5bcdfd6591c702356a9fec5e6a19cfe19984d4653feea6e1e2e73ba38c3a56aeaacde82cda983ee18efb7a11677a64bd8c7e171a8b0c023e4fc3e611c3d8461b39ed3b97f382448c9510ab6808f9bea9fcf6275220c09d73ce345437ad789e4e84e668f6b6cf26aad4feda20551ac6010b0323ee82cdc047bb3501987d81800e1818f55b9cea174ea1e1c68045927d373239e595d9
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0100000000011eb6590a5e
+            Version: 3
+            TBS:
+                MD5: 5e43f6d26158ba6af72f462711ffbda8
+                SHA1: 810286c6701d2b3c310250e18e8435e3d4a3c8a3
+                SHA256: d102f99864124d4cd6bd5c4d488ac3dd49566dae9c9e4a0030e0cf9a0edba634
+                SHA384: 750d802e65a529292101d5ce4447d8a50fa1c145e58af5a491f45ee4cfbaf3fa5becf441fb14c19d4c0a649a99ecb19b
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            ValidFrom: '2004-01-22 09:00:00'
+            ValidTo: '2014-01-27 10:00:00'
+            Signature: 3c4a010267edf20a2e736e40252f1dccbc2db652141b27122cf1229e190a89b6ef352a29152b1a88c20f37168d2602d5e93080f608b9939ac0498f332c3035ff4ab9892aa75c38e761a778fe22851a07b4b9edcf21f25ddedff329c5d38d9e14c4285c88e590a300442912b23e759540244a6beee2d0ef862ddf6d741a4f1cc79424c443464f7b81015d23733cd9752e995361565e7ccd13e237d222e570f8a743f6154147fda24702c43651ca545da6cdcad61817533ff1d38e0f0aafda17941657a0991431c90e1611d2c04ca2a25978fbb6b933cff763c9d2c4c84953dd8a59525e7d3b385eed220360ac85cd58325dcdc31c07fa7ef67efbc8ac378be498
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000117ab50b915
+            Version: 3
+            TBS:
+                MD5: 5686b287d716c4d2428b092c4ef30f9c
+                SHA1: 306fb5fbeb3d531510bb4b663c4fd48adc121e14
+                SHA256: 60846fc990e271a707cd2d53d0bb21834a04f7652214aa0c12597ff6649d352d
+                SHA384: 6b37b28ca97b32a31b0fa53b5e961ae0f2d1aae2c5bf46de132e57834ee3968d9af7ad204821f9389cc4e0b5a8481fe8
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 0100000000011eb6590a5e
+            Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: iNFERRE
+    Date: ''
+    Description: HWDetectNG
+    FileVersion: '2.8 built by: WinDDK'
+    Filename: ''
+    MD5: 17fe96af33f1fe475957689aeb5f816e
+    MachineType: I386
+    OriginalFilename: hwdetectng.sys
+    Product: hwdetectng.sys
+    ProductVersion: '2.8'
+    Publisher: ''
+    SHA1: a547c5b1543a4c3a4f91208d377a2b513088f4a4
+    SHA256: 43136de6b77ef85bc661d401723f38624e93c4408d758bc9f27987f2b4511fee
+    Signature: ''
+    Imphash: 81ba5280406320ce6f03a9817d7d6035
+    Authentihash:
+        MD5: 6863b0cfa59b423f3c8807a6134606f6
+        SHA1: c681fa2eee7661b56933371375702a4bb5b28460
+        SHA256: e38c1b19e1bef9be8e9d8aa0d599086acb33867988e4077e0e7f35cc2bb30738
+    RichPEHeaderHash:
+        MD5: 2164a9839cbf1fa60bc079887c06c517
+        SHA1: 39df33a00fe99cf6012c2c00b0e25eb61e507c1c
+        SHA256: 713334cd5738cd6018557f6b0076dcc493b6e42ee4d3677f2ae28be7cdc09a59
+    Sections:
+        .text:
+            Entropy: 6.355377918248074
+            Virtual Size: '0x1da2'
+        .rdata:
+            Entropy: 4.011447131780805
+            Virtual Size: '0x1d4'
+        .data:
+            Entropy: 0.04728921714680376
+            Virtual Size: '0x840'
+        INIT:
+            Entropy: 5.600917511412774
+            Virtual Size: '0x4c6'
+        .rsrc:
+            Entropy: 3.3399698060603393
+            Virtual Size: '0x338'
+        .reloc:
+            Entropy: 5.65361579991719
+            Virtual Size: '0x1f6'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2009-01-10 03:53:00'
+    InternalName: hwdetectng.sys
+    Copyright: (c) 2008-09 iNFERRE
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - READ_REGISTER_BUFFER_USHORT
+    - READ_REGISTER_BUFFER_ULONG
+    - WRITE_REGISTER_BUFFER_UCHAR
+    - WRITE_REGISTER_BUFFER_USHORT
+    - WRITE_REGISTER_BUFFER_ULONG
+    - KeWaitForSingleObject
+    - IofCallDriver
+    - IoBuildDeviceIoControlRequest
+    - KeInitializeEvent
+    - RtlFreeUnicodeString
+    - ObfDereferenceObject
+    - IoGetDeviceObjectPointer
+    - RtlAnsiStringToUnicodeString
+    - READ_REGISTER_BUFFER_UCHAR
+    - MmIsAddressValid
+    - memcpy
+    - IofCompleteRequest
+    - MmFreeNonCachedMemory
+    - Ke386SetIoAccessMap
+    - Ke386IoSetAccessProcess
+    - IoGetCurrentProcess
+    - MmAllocateNonCachedMemory
+    - memset
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeTickCount
+    - KeBugCheckEx
+    - RtlInitUnicodeString
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - RtlInitAnsiString
+    - PsGetVersion
+    - RtlUnwind
+    - READ_PORT_ULONG
+    - KfRaiseIrql
+    - KfLowerIrql
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    - HalGetBusData
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: CN=GlobalSign RootSign Partners CA, OU=RootSign Partners CA,
+                O=GlobalSign nv,sa, C=BE
+            ValidFrom: '2003-12-16 13:00:00'
+            ValidTo: '2014-01-27 11:00:00'
+            Signature: 5c2f2e674a26b3e7b53f353cdda003ed569af9443752163065c7d14ea20f8db7b6b6678ee74cec8d95bee6cea7227874acd7f87499b3f7ce8b1338d596cc8d76c52f38b23aae61be0b8799e321626423398d84f6858df777ffb03806f07ec1485fb5ee582606660522749283a7dbb5f992e3e8c3192c2e63efbb1fdff9f70747660d0789977ef8332c9ecbae143df11cdfa3f179afc8928f9471c4d144c554db1eb50b0aa942a3afd643391dee8f9398585bbe6e9c0bf563ec5e99c2f954fa010746da0db06424cf8ed1061d4f3ca26377455ba4bc5fb080bb31e00b54015c161d724ed52a6947d11b667e5f016ef135916be02efeb045d81627b5c58bc2da53
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 040000000000f97faa2e1e
+            Version: 3
+            TBS:
+                MD5: 59466cb0c1788b2f251fce3495837102
+                SHA1: c5cfc5f6a131a3a77c3905c9893c99bb1b2baa0b
+                SHA256: eedda02668f7636eeec69429a7164cc47ca3de0539122d37f5b8078df7ee56db
+                SHA384: 982b72c3ee7066ce80ee642444c91adc60e7009fc6ef981a32edf666591d6aedb09d258e10e86f4ef265eae8149bbd92
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
+                Primary Object Publishing CA
+            ValidFrom: '1999-01-28 12:00:00'
+            ValidTo: '2014-01-27 11:00:00'
+            Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9611cd6
+            Version: 3
+            TBS:
+                MD5: 698f075151097d84c0b1f3e7bc3d6fca
+                SHA1: 041750993d7c9e063f02dfe74699598640911aab
+                SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
+                SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
+        -   Subject: O=GlobalSign, CN=GlobalSign Time Stamping Authority, emailAddress=timestampinfo@globalsign.com
+            ValidFrom: '2007-02-05 09:00:00'
+            ValidTo: '2014-01-27 09:00:00'
+            Signature: 649b07caaccc411e37ef6f349cb5e8ca48f9daeafaf7172e5cad193b7311ec5adbfd7b213161c092515bb166b07c64d8fe10b471a8bc9e75379c5f6ff2da0437b8ecc003e256b7785995581d7a7c3e18d74c32bdf91ee723457fdee08d65825b45fd64c66fc3d7ea12411d0c395ef696f8c3cd9e1fff51886976988b8eb42788821ad63c7aabb04eb73ee8d434d2c1a439533cb2747b15373054a6ebb924cc2f084b4364f14aaf8d9ce8546cb2dbdc3bb1c722849f558e72a8b2a8f6f0ff03c996ebab8273dabe45561936fdba6cbc71f0d3c7c376d7e4bce2a1a67200cfbdb200ed92aa39ab09d16e3953862ad43b517398b754e9972d9977ee123e3642257f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000011092eb8295
+            Version: 3
+            TBS:
+                MD5: 11d73a3638fc78e0bac6c459feadcc42
+                SHA1: 6636f7dcf81b370b919966f9063295ec84422f91
+                SHA256: 1eb5fc1d2e3254b1e3c4587a6efed87ee65306525e684b4cfa4b51893cfe86a3
+                SHA384: a13c07e505c79c58654ad2cffe219c6c801fa092c52f18c489a6061420c6475706f11c200f4dadd51718c660e49b3f24
+        -   Subject: C=DE, O=iNFERRE, CN=iNFERRE, emailAddress=info@inferre.de
+            ValidFrom: '2009-01-08 12:13:16'
+            ValidTo: '2010-01-08 12:13:16'
+            Signature: 72e37d0068aea54881842e43059a019fcab192f655fc089b406c9a8b341cf1bc65a8c767114a16e9b1266ba9ac5715736f6d9b9b039a9f7d8afb785a1e7020cf2b095e0d2d0b0677743888a4a51ce68473e7cfd204078915b6830cbd77a6f88a030741ae876f94432ea7fb5bcdfd6591c702356a9fec5e6a19cfe19984d4653feea6e1e2e73ba38c3a56aeaacde82cda983ee18efb7a11677a64bd8c7e171a8b0c023e4fc3e611c3d8461b39ed3b97f382448c9510ab6808f9bea9fcf6275220c09d73ce345437ad789e4e84e668f6b6cf26aad4feda20551ac6010b0323ee82cdc047bb3501987d81800e1818f55b9cea174ea1e1c68045927d373239e595d9
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0100000000011eb6590a5e
+            Version: 3
+            TBS:
+                MD5: 5e43f6d26158ba6af72f462711ffbda8
+                SHA1: 810286c6701d2b3c310250e18e8435e3d4a3c8a3
+                SHA256: d102f99864124d4cd6bd5c4d488ac3dd49566dae9c9e4a0030e0cf9a0edba634
+                SHA384: 750d802e65a529292101d5ce4447d8a50fa1c145e58af5a491f45ee4cfbaf3fa5becf441fb14c19d4c0a649a99ecb19b
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            ValidFrom: '2004-01-22 09:00:00'
+            ValidTo: '2014-01-27 10:00:00'
+            Signature: 3c4a010267edf20a2e736e40252f1dccbc2db652141b27122cf1229e190a89b6ef352a29152b1a88c20f37168d2602d5e93080f608b9939ac0498f332c3035ff4ab9892aa75c38e761a778fe22851a07b4b9edcf21f25ddedff329c5d38d9e14c4285c88e590a300442912b23e759540244a6beee2d0ef862ddf6d741a4f1cc79424c443464f7b81015d23733cd9752e995361565e7ccd13e237d222e570f8a743f6154147fda24702c43651ca545da6cdcad61817533ff1d38e0f0aafda17941657a0991431c90e1611d2c04ca2a25978fbb6b933cff763c9d2c4c84953dd8a59525e7d3b385eed220360ac85cd58325dcdc31c07fa7ef67efbc8ac378be498
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000117ab50b915
+            Version: 3
+            TBS:
+                MD5: 5686b287d716c4d2428b092c4ef30f9c
+                SHA1: 306fb5fbeb3d531510bb4b663c4fd48adc121e14
+                SHA256: 60846fc990e271a707cd2d53d0bb21834a04f7652214aa0c12597ff6649d352d
+                SHA384: 6b37b28ca97b32a31b0fa53b5e961ae0f2d1aae2c5bf46de132e57834ee3968d9af7ad204821f9389cc4e0b5a8481fe8
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 0100000000011eb6590a5e
+            Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: iNFERRE
+    Date: ''
+    Description: HWDetectNG
+    FileVersion: '2.8 built by: WinDDK'
+    Filename: ''
+    MD5: 62792c30836ae7861c3ca2409cd35c02
+    MachineType: I386
+    OriginalFilename: hwdetectng.sys
+    Product: hwdetectng.sys
+    ProductVersion: '2.8'
+    Publisher: ''
+    SHA1: bda26e533ef971d501095950010081b772920afc
+    SHA256: d45600f3015a54fa2c9baa7897edbd821aeea2532e6aadb8065415ed0a23d0c2
+    Signature: ''
+    Imphash: 89f3f52b23bdf03bd2bb7eb3cfab8817
+    Authentihash:
+        MD5: d3159f03de95f81157c4f724aeeada33
+        SHA1: f08b5536b989208f0b072862ad92573545a47dfe
+        SHA256: c92df36fa57fd215aef78a016c6cf6bd535bb3472ce4eb07e403535daa96318c
+    RichPEHeaderHash:
+        MD5: cc0693c7e0d7543e93d109cd8afb59d6
+        SHA1: bceeec433416dd2ca37b2be43c8c3cd9cd1c0211
+        SHA256: 80e6fce7931e5f34b33ff172cb9bcf5206916adc7af7746b7e220c98e0f30684
+    Sections:
+        .text:
+            Entropy: 6.344999936726902
+            Virtual Size: '0x1dde'
+        .rdata:
+            Entropy: 4.042185411492534
+            Virtual Size: '0x1d4'
+        .data:
+            Entropy: 0.24044503450968063
+            Virtual Size: '0x840'
+        INIT:
+            Entropy: 5.529088121943655
+            Virtual Size: '0x4c6'
+        .rsrc:
+            Entropy: 3.341480864916937
+            Virtual Size: '0x338'
+        .reloc:
+            Entropy: 5.500048045775867
+            Virtual Size: '0x20e'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2009-01-10 03:51:57'
+    InternalName: hwdetectng.sys
+    Copyright: (c) 2008-09 iNFERRE
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - READ_REGISTER_BUFFER_USHORT
+    - READ_REGISTER_BUFFER_ULONG
+    - WRITE_REGISTER_BUFFER_UCHAR
+    - WRITE_REGISTER_BUFFER_USHORT
+    - WRITE_REGISTER_BUFFER_ULONG
+    - KeWaitForSingleObject
+    - IofCallDriver
+    - IoBuildDeviceIoControlRequest
+    - KeInitializeEvent
+    - RtlFreeUnicodeString
+    - ObfDereferenceObject
+    - IoGetDeviceObjectPointer
+    - RtlAnsiStringToUnicodeString
+    - RtlInitAnsiString
+    - READ_REGISTER_BUFFER_UCHAR
+    - memcpy
+    - IofCompleteRequest
+    - MmFreeNonCachedMemory
+    - Ke386SetIoAccessMap
+    - Ke386IoSetAccessProcess
+    - IoGetCurrentProcess
+    - MmAllocateNonCachedMemory
+    - memset
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeTickCount
+    - KeBugCheckEx
+    - RtlUnwind
+    - RtlInitUnicodeString
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - MmIsAddressValid
+    - PsGetVersion
+    - READ_PORT_ULONG
+    - KfRaiseIrql
+    - KfLowerIrql
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    - HalGetBusData
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: CN=GlobalSign RootSign Partners CA, OU=RootSign Partners CA,
+                O=GlobalSign nv,sa, C=BE
+            ValidFrom: '2003-12-16 13:00:00'
+            ValidTo: '2014-01-27 11:00:00'
+            Signature: 5c2f2e674a26b3e7b53f353cdda003ed569af9443752163065c7d14ea20f8db7b6b6678ee74cec8d95bee6cea7227874acd7f87499b3f7ce8b1338d596cc8d76c52f38b23aae61be0b8799e321626423398d84f6858df777ffb03806f07ec1485fb5ee582606660522749283a7dbb5f992e3e8c3192c2e63efbb1fdff9f70747660d0789977ef8332c9ecbae143df11cdfa3f179afc8928f9471c4d144c554db1eb50b0aa942a3afd643391dee8f9398585bbe6e9c0bf563ec5e99c2f954fa010746da0db06424cf8ed1061d4f3ca26377455ba4bc5fb080bb31e00b54015c161d724ed52a6947d11b667e5f016ef135916be02efeb045d81627b5c58bc2da53
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 040000000000f97faa2e1e
+            Version: 3
+            TBS:
+                MD5: 59466cb0c1788b2f251fce3495837102
+                SHA1: c5cfc5f6a131a3a77c3905c9893c99bb1b2baa0b
+                SHA256: eedda02668f7636eeec69429a7164cc47ca3de0539122d37f5b8078df7ee56db
+                SHA384: 982b72c3ee7066ce80ee642444c91adc60e7009fc6ef981a32edf666591d6aedb09d258e10e86f4ef265eae8149bbd92
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign
+                Primary Object Publishing CA
+            ValidFrom: '1999-01-28 12:00:00'
+            ValidTo: '2014-01-27 11:00:00'
+            Signature: a0422eb876a7427186404d464d5b26b0b074f93f89a87b7cb7f1c697e08239999d43fe60823642b55b878df55df4bbffa91044a871d3c7f12241f29aa4a5ec63fae5eb654a19309d8bc7b6fddc3fe16cfdd5521407fc6d24ccb3cc81a2c052f327b96d9e063dd8a849023269c7054294d0bbe3bba908c393501bdb846dc0ba1e5298659c1376bdb3d567292f1f7baa2c51a0fd854f263c48a38127a6feee7f7899c245cf9d1f527ed7958bfde1d020c3af7e51a22f663bab2dcf2d8e8c4d7d18392128fbdcae6d6581d0e0d7184be7b5f774d784e6522aac3b68fd3b4ab80154849132bb95d28e6330a69ece2396feab2eb86a8b74dcde21a114c2fbbf53af10
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000108d9611cd6
+            Version: 3
+            TBS:
+                MD5: 698f075151097d84c0b1f3e7bc3d6fca
+                SHA1: 041750993d7c9e063f02dfe74699598640911aab
+                SHA256: a8622cca0913a20477be8313b8d16fcad5d83088b46b36ddac10b31e96abb5e8
+                SHA384: a50291d3b15caf28d96e972cefcb88455a58ce1c802920fdcc2f4feafb1553510fd9b464d25e81635f4ad37570225a67
+        -   Subject: O=GlobalSign, CN=GlobalSign Time Stamping Authority, emailAddress=timestampinfo@globalsign.com
+            ValidFrom: '2007-02-05 09:00:00'
+            ValidTo: '2014-01-27 09:00:00'
+            Signature: 649b07caaccc411e37ef6f349cb5e8ca48f9daeafaf7172e5cad193b7311ec5adbfd7b213161c092515bb166b07c64d8fe10b471a8bc9e75379c5f6ff2da0437b8ecc003e256b7785995581d7a7c3e18d74c32bdf91ee723457fdee08d65825b45fd64c66fc3d7ea12411d0c395ef696f8c3cd9e1fff51886976988b8eb42788821ad63c7aabb04eb73ee8d434d2c1a439533cb2747b15373054a6ebb924cc2f084b4364f14aaf8d9ce8546cb2dbdc3bb1c722849f558e72a8b2a8f6f0ff03c996ebab8273dabe45561936fdba6cbc71f0d3c7c376d7e4bce2a1a67200cfbdb200ed92aa39ab09d16e3953862ad43b517398b754e9972d9977ee123e3642257f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000011092eb8295
+            Version: 3
+            TBS:
+                MD5: 11d73a3638fc78e0bac6c459feadcc42
+                SHA1: 6636f7dcf81b370b919966f9063295ec84422f91
+                SHA256: 1eb5fc1d2e3254b1e3c4587a6efed87ee65306525e684b4cfa4b51893cfe86a3
+                SHA384: a13c07e505c79c58654ad2cffe219c6c801fa092c52f18c489a6061420c6475706f11c200f4dadd51718c660e49b3f24
+        -   Subject: C=DE, O=iNFERRE, CN=iNFERRE, emailAddress=info@inferre.de
+            ValidFrom: '2009-01-08 12:13:16'
+            ValidTo: '2010-01-08 12:13:16'
+            Signature: 72e37d0068aea54881842e43059a019fcab192f655fc089b406c9a8b341cf1bc65a8c767114a16e9b1266ba9ac5715736f6d9b9b039a9f7d8afb785a1e7020cf2b095e0d2d0b0677743888a4a51ce68473e7cfd204078915b6830cbd77a6f88a030741ae876f94432ea7fb5bcdfd6591c702356a9fec5e6a19cfe19984d4653feea6e1e2e73ba38c3a56aeaacde82cda983ee18efb7a11677a64bd8c7e171a8b0c023e4fc3e611c3d8461b39ed3b97f382448c9510ab6808f9bea9fcf6275220c09d73ce345437ad789e4e84e668f6b6cf26aad4feda20551ac6010b0323ee82cdc047bb3501987d81800e1818f55b9cea174ea1e1c68045927d373239e595d9
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0100000000011eb6590a5e
+            Version: 3
+            TBS:
+                MD5: 5e43f6d26158ba6af72f462711ffbda8
+                SHA1: 810286c6701d2b3c310250e18e8435e3d4a3c8a3
+                SHA256: d102f99864124d4cd6bd5c4d488ac3dd49566dae9c9e4a0030e0cf9a0edba634
+                SHA384: 750d802e65a529292101d5ce4447d8a50fa1c145e58af5a491f45ee4cfbaf3fa5becf441fb14c19d4c0a649a99ecb19b
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            ValidFrom: '2004-01-22 09:00:00'
+            ValidTo: '2014-01-27 10:00:00'
+            Signature: 3c4a010267edf20a2e736e40252f1dccbc2db652141b27122cf1229e190a89b6ef352a29152b1a88c20f37168d2602d5e93080f608b9939ac0498f332c3035ff4ab9892aa75c38e761a778fe22851a07b4b9edcf21f25ddedff329c5d38d9e14c4285c88e590a300442912b23e759540244a6beee2d0ef862ddf6d741a4f1cc79424c443464f7b81015d23733cd9752e995361565e7ccd13e237d222e570f8a743f6154147fda24702c43651ca545da6cdcad61817533ff1d38e0f0aafda17941657a0991431c90e1611d2c04ca2a25978fbb6b933cff763c9d2c4c84953dd8a59525e7d3b385eed220360ac85cd58325dcdc31c07fa7ef67efbc8ac378be498
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 04000000000117ab50b915
+            Version: 3
+            TBS:
+                MD5: 5686b287d716c4d2428b092c4ef30f9c
+                SHA1: 306fb5fbeb3d531510bb4b663c4fd48adc121e14
+                SHA256: 60846fc990e271a707cd2d53d0bb21834a04f7652214aa0c12597ff6649d352d
+                SHA384: 6b37b28ca97b32a31b0fa53b5e961ae0f2d1aae2c5bf46de132e57834ee3968d9af7ad204821f9389cc4e0b5a8481fe8
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2006-05-23 17:00:51'
+            ValidTo: '2016-05-23 17:10:51'
+            Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610b7f6b000000000019
+            Version: 3
+            TBS:
+                MD5: 4798d55be7663a75649cda4dedc686ef
+                SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+                SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+                SHA384: 6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3
+        Signer:
+        -   SerialNumber: 0100000000011eb6590a5e
+            Issuer: C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign
+                CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/f93e88c2-d0e8-4347-869f-efa568955e9d.yaml b/yaml/f93e88c2-d0e8-4347-869f-efa568955e9d.yaml
index 053c05b44..b9ce5c589 100644
--- a/yaml/f93e88c2-d0e8-4347-869f-efa568955e9d.yaml
+++ b/yaml/f93e88c2-d0e8-4347-869f-efa568955e9d.yaml
@@ -1,49 +1,49 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
-Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create WYProxy64.sys binPath=C:\windows\temp\WYProxy64.sys type=kernel
-    && sc.exe start WYProxy64.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
-Created: '2023-01-09'
-Detection: []
 Id: f93e88c2-d0e8-4347-869f-efa568955e9d
-KnownVulnerableSamples:
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: WYProxy64.sys
-  MachineType: ''
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA256: fafa1bb36f0ac34b762a10e9f327dcab2152a6d0b16a19697362d49a31e7f566
-  Signature: []
-  LoadsDespiteHVCI: 'FALSE'
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: WYProxy32.sys
-  MachineType: ''
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA256: de6bf572d39e2611773e7a01f0388f84fb25da6cba2f1f8b9b36ffba467de6fa
-  Signature: []
-  LoadsDespiteHVCI: 'FALSE'
-MitreID: T1068
-Resources:
-- https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules
 Tags:
 - WYProxy64.sys
 - WYProxy32.sys
 Verified: 'FALSE'
+Author: Michael Haag
+Created: '2023-01-09'
+MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create WYProxy64.sys binPath=C:\windows\temp\WYProxy64.sys type=kernel
+        && sc.exe start WYProxy64.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
+Resources:
+- https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: WYProxy64.sys
+    MachineType: ''
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA256: fafa1bb36f0ac34b762a10e9f327dcab2152a6d0b16a19697362d49a31e7f566
+    Signature: []
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: WYProxy32.sys
+    MachineType: ''
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA256: de6bf572d39e2611773e7a01f0388f84fb25da6cba2f1f8b9b36ffba467de6fa
+    Signature: []
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/fa612342-5ae0-4e69-ad9c-14d574d9fb1e.yaml b/yaml/fa612342-5ae0-4e69-ad9c-14d574d9fb1e.yaml
index c35ab5c91..810885ecd 100644
--- a/yaml/fa612342-5ae0-4e69-ad9c-14d574d9fb1e.yaml
+++ b/yaml/fa612342-5ae0-4e69-ad9c-14d574d9fb1e.yaml
@@ -1,1167 +1,1173 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: fa612342-5ae0-4e69-ad9c-14d574d9fb1e
+Tags:
+- dellbios.sys
+Verified: 'TRUE'
 Author: Takahiro Haruyama
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create dellbiossys binPath= C:\windows\temp\dellbiossys.sys type=kernel
-    && sc.exe start dellbiossys
-  Description: The Carbon Black Threat Analysis Unit (TAU) discovered 34 unique vulnerable
-    drivers (237 file hashes) accepting firmware access. Six allow kernel memory access.
-    All give full control of the devices to non-admin users. By exploiting the vulnerable
-    drivers, an attacker without the system privilege may erase/alter firmware, and/or
-    elevate privileges. As of the time of writing in October 2023, the filenames of
-    the vulnerable drivers have not been made public until now.
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-11-02'
-Detection: []
-Id: fa612342-5ae0-4e69-ad9c-14d574d9fb1e
-KnownVulnerableSamples:
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: ''
-  MD5: fe937e1ed4c8f1d4eac12b065093ae63
-  MachineType: AMD64
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: 4f02fb7387ca0bc598c3bcb66c5065d08dbb3f73
-  SHA256: 0584520b4b3bdad1d177329bd9952c0589b2a99eb9676cb324d1fce46dad0b9a
-  Signature: ''
-  Imphash: a9e22f5e8f4965960716d94ba7639c9f
-  Authentihash:
-    MD5: c7c7df2ad7431960cac0875dd12c85cf
-    SHA1: 7b8c480f527d76880037739b1b25e94efbb2f9ae
-    SHA256: 51859571d807d984e4f1cf145d5d74491feabd19327309c2c598c496a1976c70
-  RichPEHeaderHash:
-    MD5: 1bbdf7cd8766fe6015dfc47be47c216d
-    SHA1: 8ceda53f04fa7380d72b394d0fa5307a8efc8c6b
-    SHA256: f8900dbcaf9222d11685156134b12cbd17d420d2c0f7dbb2f4a10865d79b83c4
-  Sections:
-    .text:
-      Entropy: 4.309583289169937
-      Virtual Size: '0x94'
-    .rdata:
-      Entropy: 4.71301608054388
-      Virtual Size: '0x310'
-    .data:
-      Entropy: 2.437393253979351
-      Virtual Size: '0x1a0'
-    .pdata:
-      Entropy: 3.675962095520548
-      Virtual Size: '0x138'
-    PAGE:
-      Entropy: 6.023148213418988
-      Virtual Size: '0x991'
-    INIT:
-      Entropy: 5.424160104157257
-      Virtual Size: '0x4c2'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2005-04-05 09:16:56'
-  InternalName: ''
-  Copyright: ''
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - KeSetPriorityThread
-  - MmGetPhysicalAddress
-  - MmAllocateContiguousMemorySpecifyCache
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - IoDeleteDevice
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - RtlInitUnicodeString
-  - KeBugCheckEx
-  Signatures: {}
-  LoadsDespiteHVCI: 'FALSE'
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: ''
-  MD5: 0215d0681979987fe908fb19dab83399
-  MachineType: AMD64
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: 724dde837df2ff92b3ea7026fe8a0c4e5773898f
-  SHA256: 163912dfa4ad141e689e1625e994ab7c1f335410ebff0ade86bda3b7cdf6e065
-  Signature: ''
-  Imphash: 10917aa77669c6ae714f074d89be9ab8
-  Authentihash:
-    MD5: 1c1b634a312794371abfac3d67e1eca6
-    SHA1: a5f8e8044e4add00fef7f43725c8e6e121ba0e6a
-    SHA256: e2b6350e17e9b24b7140eed743b4ae0b01453bbb8cb73b091b51e2306017d80f
-  RichPEHeaderHash:
-    MD5: 2a677cfe0eaf9861e292c33b6bf4d08f
-    SHA1: 5404274bdd3c5b826d764c20a9126ba421e2729a
-    SHA256: 272046a9ecd8a55ae2e46744bb9a6fc0b83a22ad456a501a8a62a4445b3d2ffc
-  Sections:
-    .text:
-      Entropy: 5.466835057166973
-      Virtual Size: '0x1ae'
-    .rdata:
-      Entropy: 4.66286486361732
-      Virtual Size: '0x3c4'
-    .data:
-      Entropy: 2.430770928252996
-      Virtual Size: '0x1a0'
-    .pdata:
-      Entropy: 3.797556729656597
-      Virtual Size: '0x180'
-    PAGE:
-      Entropy: 6.018974428780573
-      Virtual Size: '0xc55'
-    INIT:
-      Entropy: 5.507474579363753
-      Virtual Size: '0x58a'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2006-10-05 13:30:45'
-  InternalName: ''
-  Copyright: ''
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - KeSetPriorityThread
-  - MmGetPhysicalAddress
-  - MmAllocateContiguousMemorySpecifyCache
-  - KeInsertQueueDpc
-  - MmFreeContiguousMemory
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - KeSetImportanceDpc
-  - KeSetTargetProcessorDpc
-  - KeInitializeDpc
-  - IoDeleteDevice
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - RtlInitUnicodeString
-  - KeBugCheckEx
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2008-12-03 23:59:59'
-      Signature: 877870da4e5201205be079c98230c4fdb91996bd9100c3bdcdcdc6f40ed8fff94dc033623011c5f5741bd492de5f9c2013b17c45be50cd83e7801783a72793671346fbcab8984103cc9b515b058b7fa86ff31b501b242ef2698d6c22f7bbca1695ed0c74c06877d9eb996287c17390f889747a23aba3987b97b1f78f29714d2e751b4841daf0b50d2054d677a097826369fd09cf8af075bb099bd9f91155269a6132be7a02b07b86bea2c38b222c78d13576bc92735cf9b9e64c150a23cce4d2d4342e4940153c0f607a24c6a566ef96cf70eb3ee7f40d7edcd17ca3767169c19c4f47303521b1a2af1a623c2bd98eaa2a077bd818b35c7be29da56ffe3c89ad
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0de92bf0d4d82988183205095e9a7688
-      Version: 3
-      TBS:
-        MD5: 45c204b8a20f6abb0188d2d38a3fb0c9
-        SHA1: cdf3a3c5c2eda4c29621f30fd3154f9f8c765739
-        SHA256: e32839dddc0f4ed2474efaf37f59d46db400c700fd19533cb0895a111124bc77
-        SHA384: ee9c75832cb252218b3201619852209df490d2ef7a5f7a28afdb37f1c1dd56f4604898838e558f615b1c798d4a488223
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2009-07-15 23:59:59'
-      Signature: 9a65f5d8d7e1a4d05dded87d7bc3eec408c256d08cdcedac228de750060d072ca0a46995cc99dfcc6331cfb0c1e496cb38ce21fb7ce7580a2321072c9097abd89604935453ba3a1048720d85ec1b0a4125cc7d6cac7b03f1f7783cf2a840d05572dbbe0b28b5c8c705fed3e0b521dcbc40b7bebc60f5b8e3d85e3b65dd66565f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 57646e2b550023d490534a553eab0d0a
-      Version: 3
-      TBS:
-        MD5: e0554e925960f8ebfe053732b72cf185
-        SHA1: f305b91e55019f4353be8ef3f83c1cee7a986b4d
-        SHA256: ea81c5bd80a1c1fc0e3b82cfb15837f221ea835f6b9d6c54c767f754355e3880
-        SHA384: e77db35cbba6960fd54597a4dfb37740658cb8affa1472c75c0c1c6343cadd227334fe54b9acfa0493367c54661db9e4
-    - Subject: C=US, ST=Texas, L=Round Rock, O=Dell Inc., OU=Digital ID Class 3 ,
-        Microsoft Software Validation v2, CN=Dell Inc.
-      ValidFrom: '2005-12-06 00:00:00'
-      ValidTo: '2007-01-10 23:59:59'
-      Signature: 3cb891a21ee1115b0b7c51fc20a95edde7d6937b63428592fe1e4ce1c924995a5abcc250c18b986b9c34dd59094a5fb6e85ca434d4c7926724dc31acf425e36b4c147324b0c1c8b7ec07ae6f06aa3ea08896a14cca3daecadf310151d6a5b5e991dfca8d17312f6daa6ac64bc340f472a285538f8b7169125fd240ed0eb32706923be279b2379dac174a6d51d0c760531cc5913d61216d41a3198a58b4342791471f50f3e667a0e95e46e1c1eec5531ebda1f605a564ee14e104dec15daf37201a349d5cd55d92e58667772d00eea7c85b54692be14699a6822676b1619ec2ad8fd16573beed295588f522c024e54e2a1c83eb8f194f684c0e2a563b76dfdcad
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 4957a5495776e13165eb89eeda14831a
-      Version: 3
-      TBS:
-        MD5: 0477ed8e1755ed9b4ed2c38236da79df
-        SHA1: 741cf63102fbccf6873168697c21019c23f78d01
-        SHA256: 9fad3c4e14b1d1e5f8b15d75ef42a18dc6cd20d5f746b99cc72cff82eb274510
-        SHA384: 3783e3faef9f301e720c588be5bf3dcc2a960facb2341f876c7f7e60c86e977ce3cca796712fb92346a225582aed45e2
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 4957a5495776e13165eb89eeda14831a
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: ''
-  MD5: 16a8e8437b94d6207af2f25fd4801b6d
-  MachineType: AMD64
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: 9e8a87401dc7cc56b3a628b554ba395b1868520f
-  SHA256: 2288c418ddadd5a1db4e58c118d8455b01fd33728664408ce23b9346ae0ca057
-  Signature: ''
-  Imphash: 10917aa77669c6ae714f074d89be9ab8
-  Authentihash:
-    MD5: bebca66f8c5c2f34e2dc07b90c3b27fe
-    SHA1: 70c3aa0e20ceb094f72b53ef4228c62d884a7232
-    SHA256: f9db97bd12d2d734ccd86045bae1fd5fbeed106ba5cfa519e6fcd9093c1c04a6
-  RichPEHeaderHash:
-    MD5: 2a677cfe0eaf9861e292c33b6bf4d08f
-    SHA1: 5404274bdd3c5b826d764c20a9126ba421e2729a
-    SHA256: 272046a9ecd8a55ae2e46744bb9a6fc0b83a22ad456a501a8a62a4445b3d2ffc
-  Sections:
-    .text:
-      Entropy: 5.420137545377288
-      Virtual Size: '0x1a4'
-    .rdata:
-      Entropy: 4.6745798650878365
-      Virtual Size: '0x3a0'
-    .data:
-      Entropy: 2.437393253979351
-      Virtual Size: '0x1a0'
-    .pdata:
-      Entropy: 3.7783998677644606
-      Virtual Size: '0x174'
-    PAGE:
-      Entropy: 6.020214568565758
-      Virtual Size: '0xc25'
-    INIT:
-      Entropy: 5.495248997126044
-      Virtual Size: '0x58a'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2005-04-26 12:28:26'
-  InternalName: ''
-  Copyright: ''
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - KeSetPriorityThread
-  - MmGetPhysicalAddress
-  - MmAllocateContiguousMemorySpecifyCache
-  - KeInsertQueueDpc
-  - MmFreeContiguousMemory
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - KeSetImportanceDpc
-  - KeSetTargetProcessorDpc
-  - KeInitializeDpc
-  - IoDeleteDevice
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - RtlInitUnicodeString
-  - KeBugCheckEx
-  Signatures: {}
-  LoadsDespiteHVCI: 'FALSE'
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: ''
-  MD5: c04a5cdcb446dc708d9302be4e91e46d
-  MachineType: AMD64
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: 7c46ecc5ce8e5f6e236a3b169fb46bb357ac3546
-  SHA256: 3678ba63d62efd3b706d1b661d631ded801485c08b5eb9a3ef38380c6cff319a
-  Signature: ''
-  Imphash: e7cbb1ce75bfc69f53855066a936042d
-  Authentihash:
-    MD5: e03a33bd4f099f5d493030b040eeabfd
-    SHA1: 280fcedfe4013a14bf122a917ae2fa469142714c
-    SHA256: ee067313bd75acae24e1661cb6807ed6148f9af34542ed77578144b21f5c8da1
-  RichPEHeaderHash:
-    MD5: 0df29e332220beca9a43c8a546411803
-    SHA1: fbc770f7abc1c150d19058bc52b402f0530f28bf
-    SHA256: 890246379c5e6ebdb38b657798a7615b23836e48297e4a1d72324cd9388c6ab5
-  Sections:
-    .text:
-      Entropy: 6.042555605693659
-      Virtual Size: '0x814'
-    .rdata:
-      Entropy: 4.616453656954646
-      Virtual Size: '0x23c'
-    .data:
-      Entropy: 2.442200946287043
-      Virtual Size: '0x1a0'
-    .pdata:
-      Entropy: 3.575672337094565
-      Virtual Size: '0xb4'
-    PAGE:
-      Entropy: 6.172515545014358
-      Virtual Size: '0xa71'
-    INIT:
-      Entropy: 5.379234357204095
-      Virtual Size: '0x432'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2008-05-12 13:35:43'
-  InternalName: ''
-  Copyright: ''
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - KeSetImportanceDpc
-  - KeSetTargetProcessorDpc
-  - KeSetPriorityThread
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeInitializeDpc
-  - MmFreeContiguousMemory
-  - MmUnmapIoSpace
-  - MmGetPhysicalAddress
-  - MmMapIoSpace
-  - KeInsertQueueDpc
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - MmAllocateContiguousMemorySpecifyCache
-  - KeBugCheckEx
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer ,
-        G2
-      ValidFrom: '2007-06-15 00:00:00'
-      ValidTo: '2012-06-14 23:59:59'
-      Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
-      Version: 3
-      TBS:
-        MD5: d6c7684e9aaa508cf268335f83afe040
-        SHA1: 18066d20ad92409c567cdfde745279ff71c75226
-        SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
-        SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=US, ST=Texas, L=Round Rock, O=Dell Inc., OU=Digital ID Class 3 ,
-        Microsoft Software Validation v2, CN=Dell Inc.
-      ValidFrom: '2006-12-15 00:00:00'
-      ValidTo: '2010-01-10 23:59:59'
-      Signature: 964a90189bd6c008960e4aae75cdf7c5f763b0e04e8921995bb7bb7898297c7d4c84082cc6c324d5a0cc60c77f72cc04c7782416f13b04254e961796dab40b7b5726a18f4f1a1d6a02f18794758bbbc4f8664cef6cc505a5367a8ea999b3c296006dc8336d03d71bfbb5f828d14646a39714657909190d5927bbfa55aec76aad25fe4ec1c5d73b37caec576dbe1a40d13e91509e316dc512d6b07b01c08b7f59f8dbd0d65fcac246b545a91527a2e89c0d3a6603ef49ae2d5373f640ba930fcac4848ae1d1820d3b80866f4335eb9072ece3ab41e80d9d9b1338d8c0e026a11d90e96396b92bf4e4fdf5a161a526f7896a0b77357976010916e455d6bb888d67
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 18a686a1229059017a672136ac2e7265
-      Version: 3
-      TBS:
-        MD5: 3f3990fd4fcf9d9ca9e6a3d53abb0083
-        SHA1: e642b59ed916131746a973ddecfc5549cc81ecb3
-        SHA256: cdfd38299aeafaa4853c8c21e8c33e2f6816a01d2b7daa4b8a7a0a59092d268e
-        SHA384: 33007140387111f8970a2e9f798a874c8ba6c8fc14b41e6cde3308d150e362c97185b5691f2f3647bd928159688d5441
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 18a686a1229059017a672136ac2e7265
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: ''
-  MD5: 2d64d681d79e0d26650928259530c075
-  MachineType: I386
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: fc154983af4a5be15ae1e4b54e2050530b8bc057
-  SHA256: 5449e4dd1b75a7d52922c30baeca0ca8e32fe2210d1e72af2a2f314a5c2268fb
-  Signature: ''
-  Imphash: 1957e33acbc826c69f452ae1d1b89ac9
-  Authentihash:
-    MD5: 8f2101c5eeaa09c79656ec7e6edc4d5b
-    SHA1: 0da8d2776086079a96bef45383c53c9091e0432e
-    SHA256: be589c5c853c86703e23e3b77455bd0d4330bd5e612d0af538f98cc3c4cec1b4
-  RichPEHeaderHash:
-    MD5: 5d5242fdee7917d60c0902d4dcdf1fb0
-    SHA1: 1dbde4fae3f6a3b254d9bc7aa0167917c9aea38e
-    SHA256: 78b46fed6412f8c058305a69f359f5711e0309b9b3406a3ac60d4e6c6a74836e
-  Sections:
-    .text:
-      Entropy: 6.003834861765604
-      Virtual Size: '0x294'
-    .rdata:
-      Entropy: 4.549663477419902
-      Virtual Size: '0xd8'
-    .data:
-      Entropy: 4.677565267016201
-      Virtual Size: '0x8c'
-    PAGE:
-      Entropy: 6.159898187773842
-      Virtual Size: '0x900'
-    INIT:
-      Entropy: 5.737212126373759
-      Virtual Size: '0x3c6'
-    .reloc:
-      Entropy: 4.164503927260694
-      Virtual Size: '0xce'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2006-12-22 08:54:43'
-  InternalName: ''
-  Copyright: ''
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - KeSetPriorityThread
-  - KeGetCurrentThread
-  - KeInsertQueueDpc
-  - WRITE_REGISTER_BUFFER_UCHAR
-  - MmGetPhysicalAddress
-  - MmAllocateContiguousMemorySpecifyCache
-  - READ_REGISTER_BUFFER_UCHAR
-  - MmFreeContiguousMemory
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - KeSetImportanceDpc
-  - KeSetTargetProcessorDpc
-  - KeInitializeDpc
-  - IoDeleteDevice
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - RtlInitUnicodeString
-  - KeTickCount
-  - KeBugCheckEx
-  Signatures: {}
-  LoadsDespiteHVCI: 'FALSE'
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: ''
-  MD5: 8a70921638ff82bb924456deadcd20e6
-  MachineType: AMD64
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: a88546fb61a2fa7dab978a9cb678469e8f0ed475
-  SHA256: 5bf3985644308662ebfa2fbcc11fb4d3e2a0c817ad3da1a791020f8c8589ebc8
-  Signature: ''
-  Imphash: 10917aa77669c6ae714f074d89be9ab8
-  Authentihash:
-    MD5: fbb107d4b7088fa529edcf9a27b4499b
-    SHA1: 808b0de6f644d48c4ed0c9b607a17362ec3df083
-    SHA256: b8e047a7c96a94eb7cf0416253eca48fa7ba66914b684ee75e81651c83c7ac30
-  RichPEHeaderHash:
-    MD5: 2a677cfe0eaf9861e292c33b6bf4d08f
-    SHA1: 5404274bdd3c5b826d764c20a9126ba421e2729a
-    SHA256: 272046a9ecd8a55ae2e46744bb9a6fc0b83a22ad456a501a8a62a4445b3d2ffc
-  Sections:
-    .text:
-      Entropy: 5.466835057166973
-      Virtual Size: '0x1ae'
-    .rdata:
-      Entropy: 4.682617552506909
-      Virtual Size: '0x3c4'
-    .data:
-      Entropy: 2.437393253979351
-      Virtual Size: '0x1a0'
-    .pdata:
-      Entropy: 3.797556729656597
-      Virtual Size: '0x180'
-    PAGE:
-      Entropy: 6.017523364135105
-      Virtual Size: '0xc55'
-    INIT:
-      Entropy: 5.501098548183702
-      Virtual Size: '0x58a'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2007-03-21 14:11:53'
-  InternalName: ''
-  Copyright: ''
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - KeSetPriorityThread
-  - MmGetPhysicalAddress
-  - MmAllocateContiguousMemorySpecifyCache
-  - KeInsertQueueDpc
-  - MmFreeContiguousMemory
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - KeSetImportanceDpc
-  - KeSetTargetProcessorDpc
-  - KeInitializeDpc
-  - IoDeleteDevice
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - RtlInitUnicodeString
-  - KeBugCheckEx
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2008-12-03 23:59:59'
-      Signature: 877870da4e5201205be079c98230c4fdb91996bd9100c3bdcdcdc6f40ed8fff94dc033623011c5f5741bd492de5f9c2013b17c45be50cd83e7801783a72793671346fbcab8984103cc9b515b058b7fa86ff31b501b242ef2698d6c22f7bbca1695ed0c74c06877d9eb996287c17390f889747a23aba3987b97b1f78f29714d2e751b4841daf0b50d2054d677a097826369fd09cf8af075bb099bd9f91155269a6132be7a02b07b86bea2c38b222c78d13576bc92735cf9b9e64c150a23cce4d2d4342e4940153c0f607a24c6a566ef96cf70eb3ee7f40d7edcd17ca3767169c19c4f47303521b1a2af1a623c2bd98eaa2a077bd818b35c7be29da56ffe3c89ad
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0de92bf0d4d82988183205095e9a7688
-      Version: 3
-      TBS:
-        MD5: 45c204b8a20f6abb0188d2d38a3fb0c9
-        SHA1: cdf3a3c5c2eda4c29621f30fd3154f9f8c765739
-        SHA256: e32839dddc0f4ed2474efaf37f59d46db400c700fd19533cb0895a111124bc77
-        SHA384: ee9c75832cb252218b3201619852209df490d2ef7a5f7a28afdb37f1c1dd56f4604898838e558f615b1c798d4a488223
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2014-07-15 23:59:59'
-      Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 4191a15a3978dfcf496566381d4c75c2
-      Version: 3
-      TBS:
-        MD5: 41011f8d0e7c7a6408334ca387914c61
-        SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
-        SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
-        SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
-    - Subject: C=US, ST=Texas, L=Round Rock, O=Dell Inc., OU=Digital ID Class 3 ,
-        Microsoft Software Validation v2, CN=Dell Inc.
-      ValidFrom: '2006-12-15 00:00:00'
-      ValidTo: '2010-01-10 23:59:59'
-      Signature: 964a90189bd6c008960e4aae75cdf7c5f763b0e04e8921995bb7bb7898297c7d4c84082cc6c324d5a0cc60c77f72cc04c7782416f13b04254e961796dab40b7b5726a18f4f1a1d6a02f18794758bbbc4f8664cef6cc505a5367a8ea999b3c296006dc8336d03d71bfbb5f828d14646a39714657909190d5927bbfa55aec76aad25fe4ec1c5d73b37caec576dbe1a40d13e91509e316dc512d6b07b01c08b7f59f8dbd0d65fcac246b545a91527a2e89c0d3a6603ef49ae2d5373f640ba930fcac4848ae1d1820d3b80866f4335eb9072ece3ab41e80d9d9b1338d8c0e026a11d90e96396b92bf4e4fdf5a161a526f7896a0b77357976010916e455d6bb888d67
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 18a686a1229059017a672136ac2e7265
-      Version: 3
-      TBS:
-        MD5: 3f3990fd4fcf9d9ca9e6a3d53abb0083
-        SHA1: e642b59ed916131746a973ddecfc5549cc81ecb3
-        SHA256: cdfd38299aeafaa4853c8c21e8c33e2f6816a01d2b7daa4b8a7a0a59092d268e
-        SHA384: 33007140387111f8970a2e9f798a874c8ba6c8fc14b41e6cde3308d150e362c97185b5691f2f3647bd928159688d5441
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 18a686a1229059017a672136ac2e7265
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: ''
-  MD5: c37b575c3a96b9788c26cefcf43f3542
-  MachineType: AMD64
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: f7413250e7e8ad83c350092d78f0f75fcca9f474
-  SHA256: 6575ea9b319beb3845d43ce2c70ea55f0414da2055fa82eec324c4cebdefe893
-  Signature: ''
-  Imphash: be69e763a6a858c3e7e1ea6e3af12691
-  Authentihash:
-    MD5: a1c36e75bb10e6010531223ab5141ae7
-    SHA1: ac1d5f3691326940bb3cb471097296ff7d21dc9b
-    SHA256: 419b5bca6d43650893d5e044e785c0ad87cbe1185de0d3feaa9f681c6e7f50b4
-  RichPEHeaderHash:
-    MD5: 86b20d196871ff3f737af9f0c91d3228
-    SHA1: 9e15e0df43370ffcc4aceed701abba1258c4e611
-    SHA256: 137a0549327550f5b20068fa9d4cbea9c8ec8bec6b80008c9a3e60a00e6b0b3d
-  Sections:
-    .text:
-      Entropy: 5.281823709049508
-      Virtual Size: '0x138'
-    .rdata:
-      Entropy: 4.771663253268149
-      Virtual Size: '0x1d8'
-    .data:
-      Entropy: 4.5877080636470255
-      Virtual Size: '0x83'
-    .pdata:
-      Entropy: 3.2367173466653854
-      Virtual Size: '0x84'
-    PAGE:
-      Entropy: 6.218000851496456
-      Virtual Size: '0xa45'
-    INIT:
-      Entropy: 5.550166547865309
-      Virtual Size: '0x3e8'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2005-08-02 14:38:51'
-  InternalName: ''
-  Copyright: ''
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - KeSetPriorityThread
-  - KeGetCurrentThread
-  - MmGetPhysicalAddress
-  - MmAllocateContiguousMemorySpecifyCache
-  - KeInsertQueueDpc
-  - MmFreeContiguousMemory
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - KeSetImportanceDpc
-  - KeSetTargetProcessorDpc
-  - KeInitializeDpc
-  - IoDeleteDevice
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - RtlInitUnicodeString
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2008-12-03 23:59:59'
-      Signature: 877870da4e5201205be079c98230c4fdb91996bd9100c3bdcdcdc6f40ed8fff94dc033623011c5f5741bd492de5f9c2013b17c45be50cd83e7801783a72793671346fbcab8984103cc9b515b058b7fa86ff31b501b242ef2698d6c22f7bbca1695ed0c74c06877d9eb996287c17390f889747a23aba3987b97b1f78f29714d2e751b4841daf0b50d2054d677a097826369fd09cf8af075bb099bd9f91155269a6132be7a02b07b86bea2c38b222c78d13576bc92735cf9b9e64c150a23cce4d2d4342e4940153c0f607a24c6a566ef96cf70eb3ee7f40d7edcd17ca3767169c19c4f47303521b1a2af1a623c2bd98eaa2a077bd818b35c7be29da56ffe3c89ad
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0de92bf0d4d82988183205095e9a7688
-      Version: 3
-      TBS:
-        MD5: 45c204b8a20f6abb0188d2d38a3fb0c9
-        SHA1: cdf3a3c5c2eda4c29621f30fd3154f9f8c765739
-        SHA256: e32839dddc0f4ed2474efaf37f59d46db400c700fd19533cb0895a111124bc77
-        SHA384: ee9c75832cb252218b3201619852209df490d2ef7a5f7a28afdb37f1c1dd56f4604898838e558f615b1c798d4a488223
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2009-07-15 23:59:59'
-      Signature: 9a65f5d8d7e1a4d05dded87d7bc3eec408c256d08cdcedac228de750060d072ca0a46995cc99dfcc6331cfb0c1e496cb38ce21fb7ce7580a2321072c9097abd89604935453ba3a1048720d85ec1b0a4125cc7d6cac7b03f1f7783cf2a840d05572dbbe0b28b5c8c705fed3e0b521dcbc40b7bebc60f5b8e3d85e3b65dd66565f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 57646e2b550023d490534a553eab0d0a
-      Version: 3
-      TBS:
-        MD5: e0554e925960f8ebfe053732b72cf185
-        SHA1: f305b91e55019f4353be8ef3f83c1cee7a986b4d
-        SHA256: ea81c5bd80a1c1fc0e3b82cfb15837f221ea835f6b9d6c54c767f754355e3880
-        SHA384: e77db35cbba6960fd54597a4dfb37740658cb8affa1472c75c0c1c6343cadd227334fe54b9acfa0493367c54661db9e4
-    - Subject: C=US, ST=Texas, L=Round Rock, O=Dell Inc., OU=Digital ID Class 3 ,
-        Microsoft Software Validation v2, CN=Dell Inc.
-      ValidFrom: '2005-12-06 00:00:00'
-      ValidTo: '2007-01-10 23:59:59'
-      Signature: 3cb891a21ee1115b0b7c51fc20a95edde7d6937b63428592fe1e4ce1c924995a5abcc250c18b986b9c34dd59094a5fb6e85ca434d4c7926724dc31acf425e36b4c147324b0c1c8b7ec07ae6f06aa3ea08896a14cca3daecadf310151d6a5b5e991dfca8d17312f6daa6ac64bc340f472a285538f8b7169125fd240ed0eb32706923be279b2379dac174a6d51d0c760531cc5913d61216d41a3198a58b4342791471f50f3e667a0e95e46e1c1eec5531ebda1f605a564ee14e104dec15daf37201a349d5cd55d92e58667772d00eea7c85b54692be14699a6822676b1619ec2ad8fd16573beed295588f522c024e54e2a1c83eb8f194f684c0e2a563b76dfdcad
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 4957a5495776e13165eb89eeda14831a
-      Version: 3
-      TBS:
-        MD5: 0477ed8e1755ed9b4ed2c38236da79df
-        SHA1: 741cf63102fbccf6873168697c21019c23f78d01
-        SHA256: 9fad3c4e14b1d1e5f8b15d75ef42a18dc6cd20d5f746b99cc72cff82eb274510
-        SHA384: 3783e3faef9f301e720c588be5bf3dcc2a960facb2341f876c7f7e60c86e977ce3cca796712fb92346a225582aed45e2
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 4957a5495776e13165eb89eeda14831a
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: ''
-  MD5: f4a31e08f89e5f002ef3cf7b1224af5f
-  MachineType: AMD64
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: c2d18ce26ce2435845f534146d7f353b662ad2b9
-  SHA256: 700b9839fde53e91f0847053b4d2eb8d9bd3aca098844510f1fa3bab6a37eb24
-  Signature: ''
-  Imphash: 10917aa77669c6ae714f074d89be9ab8
-  Authentihash:
-    MD5: 685227232e3e50d40eedef9afdb000aa
-    SHA1: 03952b6ddcdfc4a2ab375dce0475cea07113ad36
-    SHA256: 7c62a659a4f8fdecfd5a64f4f4391852996db564d123fc5d20e3f3dfb11ed62c
-  RichPEHeaderHash:
-    MD5: b02c2ef12ee24a4e0caf681e8cccb03e
-    SHA1: a982890a37bf51a61a4624f3efb2e059f22c28be
-    SHA256: e461fb5e07f45e90c6b58963b5562836a30aafbb6f932eef710471aabc83ae14
-  Sections:
-    .text:
-      Entropy: 6.024293789731569
-      Virtual Size: '0x51e'
-    .rdata:
-      Entropy: 4.71171050052965
-      Virtual Size: '0x430'
-    .data:
-      Entropy: 2.437393253979351
-      Virtual Size: '0x1a0'
-    .pdata:
-      Entropy: 3.9099178695802297
-      Virtual Size: '0x1b0'
-    PAGE:
-      Entropy: 6.0074072317452885
-      Virtual Size: '0xda5'
-    INIT:
-      Entropy: 5.388922651806295
-      Virtual Size: '0x49a'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2006-12-22 08:54:37'
-  InternalName: ''
-  Copyright: ''
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - KeSetPriorityThread
-  - MmGetPhysicalAddress
-  - MmAllocateContiguousMemorySpecifyCache
-  - KeInsertQueueDpc
-  - MmFreeContiguousMemory
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - KeSetImportanceDpc
-  - KeSetTargetProcessorDpc
-  - KeInitializeDpc
-  - IoDeleteDevice
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - RtlInitUnicodeString
-  - KeBugCheckEx
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2008-12-03 23:59:59'
-      Signature: 877870da4e5201205be079c98230c4fdb91996bd9100c3bdcdcdc6f40ed8fff94dc033623011c5f5741bd492de5f9c2013b17c45be50cd83e7801783a72793671346fbcab8984103cc9b515b058b7fa86ff31b501b242ef2698d6c22f7bbca1695ed0c74c06877d9eb996287c17390f889747a23aba3987b97b1f78f29714d2e751b4841daf0b50d2054d677a097826369fd09cf8af075bb099bd9f91155269a6132be7a02b07b86bea2c38b222c78d13576bc92735cf9b9e64c150a23cce4d2d4342e4940153c0f607a24c6a566ef96cf70eb3ee7f40d7edcd17ca3767169c19c4f47303521b1a2af1a623c2bd98eaa2a077bd818b35c7be29da56ffe3c89ad
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0de92bf0d4d82988183205095e9a7688
-      Version: 3
-      TBS:
-        MD5: 45c204b8a20f6abb0188d2d38a3fb0c9
-        SHA1: cdf3a3c5c2eda4c29621f30fd3154f9f8c765739
-        SHA256: e32839dddc0f4ed2474efaf37f59d46db400c700fd19533cb0895a111124bc77
-        SHA384: ee9c75832cb252218b3201619852209df490d2ef7a5f7a28afdb37f1c1dd56f4604898838e558f615b1c798d4a488223
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      ValidFrom: '2004-07-16 00:00:00'
-      ValidTo: '2009-07-15 23:59:59'
-      Signature: 9a65f5d8d7e1a4d05dded87d7bc3eec408c256d08cdcedac228de750060d072ca0a46995cc99dfcc6331cfb0c1e496cb38ce21fb7ce7580a2321072c9097abd89604935453ba3a1048720d85ec1b0a4125cc7d6cac7b03f1f7783cf2a840d05572dbbe0b28b5c8c705fed3e0b521dcbc40b7bebc60f5b8e3d85e3b65dd66565f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 57646e2b550023d490534a553eab0d0a
-      Version: 3
-      TBS:
-        MD5: e0554e925960f8ebfe053732b72cf185
-        SHA1: f305b91e55019f4353be8ef3f83c1cee7a986b4d
-        SHA256: ea81c5bd80a1c1fc0e3b82cfb15837f221ea835f6b9d6c54c767f754355e3880
-        SHA384: e77db35cbba6960fd54597a4dfb37740658cb8affa1472c75c0c1c6343cadd227334fe54b9acfa0493367c54661db9e4
-    - Subject: C=US, ST=Texas, L=Round Rock, O=Dell Inc., OU=Digital ID Class 3 ,
-        Microsoft Software Validation v2, CN=Dell Inc.
-      ValidFrom: '2005-12-06 00:00:00'
-      ValidTo: '2007-01-10 23:59:59'
-      Signature: 3cb891a21ee1115b0b7c51fc20a95edde7d6937b63428592fe1e4ce1c924995a5abcc250c18b986b9c34dd59094a5fb6e85ca434d4c7926724dc31acf425e36b4c147324b0c1c8b7ec07ae6f06aa3ea08896a14cca3daecadf310151d6a5b5e991dfca8d17312f6daa6ac64bc340f472a285538f8b7169125fd240ed0eb32706923be279b2379dac174a6d51d0c760531cc5913d61216d41a3198a58b4342791471f50f3e667a0e95e46e1c1eec5531ebda1f605a564ee14e104dec15daf37201a349d5cd55d92e58667772d00eea7c85b54692be14699a6822676b1619ec2ad8fd16573beed295588f522c024e54e2a1c83eb8f194f684c0e2a563b76dfdcad
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 4957a5495776e13165eb89eeda14831a
-      Version: 3
-      TBS:
-        MD5: 0477ed8e1755ed9b4ed2c38236da79df
-        SHA1: 741cf63102fbccf6873168697c21019c23f78d01
-        SHA256: 9fad3c4e14b1d1e5f8b15d75ef42a18dc6cd20d5f746b99cc72cff82eb274510
-        SHA384: 3783e3faef9f301e720c588be5bf3dcc2a960facb2341f876c7f7e60c86e977ce3cca796712fb92346a225582aed45e2
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    Signer:
-    - SerialNumber: 4957a5495776e13165eb89eeda14831a
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004
-        CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: ''
-  MD5: 51c233297c3aa16c4222e35ded1139b6
-  MachineType: I386
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: 0ff2ad8941fbb80cbccb6db7db1990c01c2869b1
-  SHA256: a6c11d3bec2a94c40933ec1d3604cfe87617ba828b14f4cded6cfe85656debc0
-  Signature: ''
-  Imphash: edc2197e927392567cf09f7de410b5bb
-  Authentihash:
-    MD5: afd1f043a2f346f1349131e0db185805
-    SHA1: 586987aba0aed6f989588f7e852260aab2679332
-    SHA256: 03df432d7ff56ed53fd050b1875f5a05dffbe1c999adf2dd6c8d790b7ffd2c2d
-  RichPEHeaderHash:
-    MD5: 632ce656b30c7ea200ce437baddf369a
-    SHA1: cd7045c7d331f3707df34afd5dea72a3572c0360
-    SHA256: 2a7bc3f088c84d3a52f54c2c2d94b21d0a3e9d5c55cf6151f5ac16f3b0fe3949
-  Sections:
-    .text:
-      Entropy: 6.021213675788733
-      Virtual Size: '0x2a0'
-    .rdata:
-      Entropy: 4.42031665937162
-      Virtual Size: '0xca'
-    .data:
-      Entropy: 4.773136066100384
-      Virtual Size: '0x8c'
-    PAGE:
-      Entropy: 6.185648330264994
-      Virtual Size: '0x910'
-    INIT:
-      Entropy: 5.786044343517343
-      Virtual Size: '0x3cc'
-    .reloc:
-      Entropy: 4.312323739183205
-      Virtual Size: '0xdc'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2008-05-12 13:32:50'
-  InternalName: ''
-  Copyright: ''
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - KeSetPriorityThread
-  - KeGetCurrentThread
-  - KeInsertQueueDpc
-  - WRITE_REGISTER_BUFFER_UCHAR
-  - MmGetPhysicalAddress
-  - MmAllocateContiguousMemorySpecifyCache
-  - READ_REGISTER_BUFFER_UCHAR
-  - MmFreeContiguousMemory
-  - memset
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - KeSetImportanceDpc
-  - KeSetTargetProcessorDpc
-  - KeInitializeDpc
-  - IoDeleteDevice
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - RtlInitUnicodeString
-  - KeTickCount
-  - KeBugCheckEx
-  Signatures: {}
-  LoadsDespiteHVCI: 'FALSE'
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: ''
-  MD5: 1a5a95d6bedbe29e5acf5eb6a727c634
-  MachineType: AMD64
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: c1777fcb7005b707f8c86b2370f3278a8ccd729f
-  SHA256: b3a191ccd1df19cdf17fe6637d48266ac84c4310b013ad6973d8cb336b06ff69
-  Signature: ''
-  Imphash: be69e763a6a858c3e7e1ea6e3af12691
-  Authentihash:
-    MD5: a1c36e75bb10e6010531223ab5141ae7
-    SHA1: ac1d5f3691326940bb3cb471097296ff7d21dc9b
-    SHA256: 419b5bca6d43650893d5e044e785c0ad87cbe1185de0d3feaa9f681c6e7f50b4
-  RichPEHeaderHash:
-    MD5: 86b20d196871ff3f737af9f0c91d3228
-    SHA1: 9e15e0df43370ffcc4aceed701abba1258c4e611
-    SHA256: 137a0549327550f5b20068fa9d4cbea9c8ec8bec6b80008c9a3e60a00e6b0b3d
-  Sections:
-    .text:
-      Entropy: 5.281823709049508
-      Virtual Size: '0x138'
-    .rdata:
-      Entropy: 4.771663253268149
-      Virtual Size: '0x1d8'
-    .data:
-      Entropy: 4.5877080636470255
-      Virtual Size: '0x83'
-    .pdata:
-      Entropy: 3.2367173466653854
-      Virtual Size: '0x84'
-    PAGE:
-      Entropy: 6.218000851496456
-      Virtual Size: '0xa45'
-    INIT:
-      Entropy: 5.550166547865309
-      Virtual Size: '0x3e8'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2005-08-02 14:38:51'
-  InternalName: ''
-  Copyright: ''
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - KeSetPriorityThread
-  - KeGetCurrentThread
-  - MmGetPhysicalAddress
-  - MmAllocateContiguousMemorySpecifyCache
-  - KeInsertQueueDpc
-  - MmFreeContiguousMemory
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - KeSetImportanceDpc
-  - KeSetTargetProcessorDpc
-  - KeInitializeDpc
-  - IoDeleteDevice
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - RtlInitUnicodeString
-  Signatures: {}
-  LoadsDespiteHVCI: 'FALSE'
-- Company: ''
-  Date: ''
-  Description: ''
-  FileVersion: ''
-  Filename: ''
-  MD5: 637cf50b06bc53deae846b252d56bbdc
-  MachineType: I386
-  OriginalFilename: ''
-  Product: ''
-  ProductVersion: ''
-  Publisher: ''
-  SHA1: be270d94744b62b0d36bef905ef6296165ffcee9
-  SHA256: b84dc9b885193ced6a1b6842a365a4f18d1683951bb11a5c780ab737ffa06684
-  Signature: ''
-  Imphash: 6b867dee14a77d0ada8ccad99b16291e
-  Authentihash:
-    MD5: 275dc7c2ad082fb91ce22e5c327fe6d4
-    SHA1: 53b69917a6aed8b1a309fc2de63f37f5f1062af7
-    SHA256: 8fe475d3082a0226ae9fa945542ac3e0cb5214c0f44193dcff12514cadf52101
-  RichPEHeaderHash:
-    MD5: cd0af2102bca4e2aa767a00f8cb91093
-    SHA1: 888d0caadbd9248a8fd687d141da2fe4a11bf7c3
-    SHA256: 25902bf5a0ecec83c62506620b9e269e456964e63f4bc1bafdc02e0c988eaf86
-  Sections:
-    .text:
-      Entropy: 5.564781789405919
-      Virtual Size: '0xe2'
-    .rdata:
-      Entropy: 4.506571896579582
-      Virtual Size: '0xba'
-    .data:
-      Entropy: 4.5877080636470255
-      Virtual Size: '0x83'
-    PAGE:
-      Entropy: 6.253128102349306
-      Virtual Size: '0x7b4'
-    INIT:
-      Entropy: 5.737910509343613
-      Virtual Size: '0x380'
-    .reloc:
-      Entropy: 4.2249116580967305
-      Virtual Size: '0x88'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2005-08-02 14:39:08'
-  InternalName: ''
-  Copyright: ''
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - KeSetPriorityThread
-  - KeGetCurrentThread
-  - KeInsertQueueDpc
-  - WRITE_REGISTER_BUFFER_UCHAR
-  - MmGetPhysicalAddress
-  - MmAllocateContiguousMemorySpecifyCache
-  - READ_REGISTER_BUFFER_UCHAR
-  - MmFreeContiguousMemory
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - KeSetImportanceDpc
-  - KeSetTargetProcessorDpc
-  - KeInitializeDpc
-  - IoDeleteDevice
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - RtlInitUnicodeString
-  Signatures: {}
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create dellbiossys binPath= C:\windows\temp\dellbiossys.sys type=kernel
+        && sc.exe start dellbiossys
+    Description: The Carbon Black Threat Analysis Unit (TAU) discovered 34 unique
+        vulnerable drivers (237 file hashes) accepting firmware access. Six allow
+        kernel memory access. All give full control of the devices to non-admin users.
+        By exploiting the vulnerable drivers, an attacker without the system privilege
+        may erase/alter firmware, and/or elevate privileges. As of the time of writing
+        in October 2023, the filenames of the vulnerable drivers have not been made
+        public until now.
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://blogs.vmware.com/security/2023/10/hunting-vulnerable-kernel-drivers.html
-Tags:
-- dellbios.sys
-Verified: 'TRUE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: ''
+    MD5: fe937e1ed4c8f1d4eac12b065093ae63
+    MachineType: AMD64
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: 4f02fb7387ca0bc598c3bcb66c5065d08dbb3f73
+    SHA256: 0584520b4b3bdad1d177329bd9952c0589b2a99eb9676cb324d1fce46dad0b9a
+    Signature: ''
+    Imphash: a9e22f5e8f4965960716d94ba7639c9f
+    Authentihash:
+        MD5: c7c7df2ad7431960cac0875dd12c85cf
+        SHA1: 7b8c480f527d76880037739b1b25e94efbb2f9ae
+        SHA256: 51859571d807d984e4f1cf145d5d74491feabd19327309c2c598c496a1976c70
+    RichPEHeaderHash:
+        MD5: 1bbdf7cd8766fe6015dfc47be47c216d
+        SHA1: 8ceda53f04fa7380d72b394d0fa5307a8efc8c6b
+        SHA256: f8900dbcaf9222d11685156134b12cbd17d420d2c0f7dbb2f4a10865d79b83c4
+    Sections:
+        .text:
+            Entropy: 4.309583289169937
+            Virtual Size: '0x94'
+        .rdata:
+            Entropy: 4.71301608054388
+            Virtual Size: '0x310'
+        .data:
+            Entropy: 2.437393253979351
+            Virtual Size: '0x1a0'
+        .pdata:
+            Entropy: 3.675962095520548
+            Virtual Size: '0x138'
+        PAGE:
+            Entropy: 6.023148213418988
+            Virtual Size: '0x991'
+        INIT:
+            Entropy: 5.424160104157257
+            Virtual Size: '0x4c2'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2005-04-05 09:16:56'
+    InternalName: ''
+    Copyright: ''
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - KeSetPriorityThread
+    - MmGetPhysicalAddress
+    - MmAllocateContiguousMemorySpecifyCache
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - IoDeleteDevice
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - RtlInitUnicodeString
+    - KeBugCheckEx
+    Signatures: {}
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: ''
+    MD5: 0215d0681979987fe908fb19dab83399
+    MachineType: AMD64
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: 724dde837df2ff92b3ea7026fe8a0c4e5773898f
+    SHA256: 163912dfa4ad141e689e1625e994ab7c1f335410ebff0ade86bda3b7cdf6e065
+    Signature: ''
+    Imphash: 10917aa77669c6ae714f074d89be9ab8
+    Authentihash:
+        MD5: 1c1b634a312794371abfac3d67e1eca6
+        SHA1: a5f8e8044e4add00fef7f43725c8e6e121ba0e6a
+        SHA256: e2b6350e17e9b24b7140eed743b4ae0b01453bbb8cb73b091b51e2306017d80f
+    RichPEHeaderHash:
+        MD5: 2a677cfe0eaf9861e292c33b6bf4d08f
+        SHA1: 5404274bdd3c5b826d764c20a9126ba421e2729a
+        SHA256: 272046a9ecd8a55ae2e46744bb9a6fc0b83a22ad456a501a8a62a4445b3d2ffc
+    Sections:
+        .text:
+            Entropy: 5.466835057166973
+            Virtual Size: '0x1ae'
+        .rdata:
+            Entropy: 4.66286486361732
+            Virtual Size: '0x3c4'
+        .data:
+            Entropy: 2.430770928252996
+            Virtual Size: '0x1a0'
+        .pdata:
+            Entropy: 3.797556729656597
+            Virtual Size: '0x180'
+        PAGE:
+            Entropy: 6.018974428780573
+            Virtual Size: '0xc55'
+        INIT:
+            Entropy: 5.507474579363753
+            Virtual Size: '0x58a'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2006-10-05 13:30:45'
+    InternalName: ''
+    Copyright: ''
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - KeSetPriorityThread
+    - MmGetPhysicalAddress
+    - MmAllocateContiguousMemorySpecifyCache
+    - KeInsertQueueDpc
+    - MmFreeContiguousMemory
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - KeSetImportanceDpc
+    - KeSetTargetProcessorDpc
+    - KeInitializeDpc
+    - IoDeleteDevice
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - RtlInitUnicodeString
+    - KeBugCheckEx
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2008-12-03 23:59:59'
+            Signature: 877870da4e5201205be079c98230c4fdb91996bd9100c3bdcdcdc6f40ed8fff94dc033623011c5f5741bd492de5f9c2013b17c45be50cd83e7801783a72793671346fbcab8984103cc9b515b058b7fa86ff31b501b242ef2698d6c22f7bbca1695ed0c74c06877d9eb996287c17390f889747a23aba3987b97b1f78f29714d2e751b4841daf0b50d2054d677a097826369fd09cf8af075bb099bd9f91155269a6132be7a02b07b86bea2c38b222c78d13576bc92735cf9b9e64c150a23cce4d2d4342e4940153c0f607a24c6a566ef96cf70eb3ee7f40d7edcd17ca3767169c19c4f47303521b1a2af1a623c2bd98eaa2a077bd818b35c7be29da56ffe3c89ad
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0de92bf0d4d82988183205095e9a7688
+            Version: 3
+            TBS:
+                MD5: 45c204b8a20f6abb0188d2d38a3fb0c9
+                SHA1: cdf3a3c5c2eda4c29621f30fd3154f9f8c765739
+                SHA256: e32839dddc0f4ed2474efaf37f59d46db400c700fd19533cb0895a111124bc77
+                SHA384: ee9c75832cb252218b3201619852209df490d2ef7a5f7a28afdb37f1c1dd56f4604898838e558f615b1c798d4a488223
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2009-07-15 23:59:59'
+            Signature: 9a65f5d8d7e1a4d05dded87d7bc3eec408c256d08cdcedac228de750060d072ca0a46995cc99dfcc6331cfb0c1e496cb38ce21fb7ce7580a2321072c9097abd89604935453ba3a1048720d85ec1b0a4125cc7d6cac7b03f1f7783cf2a840d05572dbbe0b28b5c8c705fed3e0b521dcbc40b7bebc60f5b8e3d85e3b65dd66565f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 57646e2b550023d490534a553eab0d0a
+            Version: 3
+            TBS:
+                MD5: e0554e925960f8ebfe053732b72cf185
+                SHA1: f305b91e55019f4353be8ef3f83c1cee7a986b4d
+                SHA256: ea81c5bd80a1c1fc0e3b82cfb15837f221ea835f6b9d6c54c767f754355e3880
+                SHA384: e77db35cbba6960fd54597a4dfb37740658cb8affa1472c75c0c1c6343cadd227334fe54b9acfa0493367c54661db9e4
+        -   Subject: C=US, ST=Texas, L=Round Rock, O=Dell Inc., OU=Digital ID Class
+                3 , Microsoft Software Validation v2, CN=Dell Inc.
+            ValidFrom: '2005-12-06 00:00:00'
+            ValidTo: '2007-01-10 23:59:59'
+            Signature: 3cb891a21ee1115b0b7c51fc20a95edde7d6937b63428592fe1e4ce1c924995a5abcc250c18b986b9c34dd59094a5fb6e85ca434d4c7926724dc31acf425e36b4c147324b0c1c8b7ec07ae6f06aa3ea08896a14cca3daecadf310151d6a5b5e991dfca8d17312f6daa6ac64bc340f472a285538f8b7169125fd240ed0eb32706923be279b2379dac174a6d51d0c760531cc5913d61216d41a3198a58b4342791471f50f3e667a0e95e46e1c1eec5531ebda1f605a564ee14e104dec15daf37201a349d5cd55d92e58667772d00eea7c85b54692be14699a6822676b1619ec2ad8fd16573beed295588f522c024e54e2a1c83eb8f194f684c0e2a563b76dfdcad
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 4957a5495776e13165eb89eeda14831a
+            Version: 3
+            TBS:
+                MD5: 0477ed8e1755ed9b4ed2c38236da79df
+                SHA1: 741cf63102fbccf6873168697c21019c23f78d01
+                SHA256: 9fad3c4e14b1d1e5f8b15d75ef42a18dc6cd20d5f746b99cc72cff82eb274510
+                SHA384: 3783e3faef9f301e720c588be5bf3dcc2a960facb2341f876c7f7e60c86e977ce3cca796712fb92346a225582aed45e2
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 4957a5495776e13165eb89eeda14831a
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: ''
+    MD5: 16a8e8437b94d6207af2f25fd4801b6d
+    MachineType: AMD64
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: 9e8a87401dc7cc56b3a628b554ba395b1868520f
+    SHA256: 2288c418ddadd5a1db4e58c118d8455b01fd33728664408ce23b9346ae0ca057
+    Signature: ''
+    Imphash: 10917aa77669c6ae714f074d89be9ab8
+    Authentihash:
+        MD5: bebca66f8c5c2f34e2dc07b90c3b27fe
+        SHA1: 70c3aa0e20ceb094f72b53ef4228c62d884a7232
+        SHA256: f9db97bd12d2d734ccd86045bae1fd5fbeed106ba5cfa519e6fcd9093c1c04a6
+    RichPEHeaderHash:
+        MD5: 2a677cfe0eaf9861e292c33b6bf4d08f
+        SHA1: 5404274bdd3c5b826d764c20a9126ba421e2729a
+        SHA256: 272046a9ecd8a55ae2e46744bb9a6fc0b83a22ad456a501a8a62a4445b3d2ffc
+    Sections:
+        .text:
+            Entropy: 5.420137545377288
+            Virtual Size: '0x1a4'
+        .rdata:
+            Entropy: 4.6745798650878365
+            Virtual Size: '0x3a0'
+        .data:
+            Entropy: 2.437393253979351
+            Virtual Size: '0x1a0'
+        .pdata:
+            Entropy: 3.7783998677644606
+            Virtual Size: '0x174'
+        PAGE:
+            Entropy: 6.020214568565758
+            Virtual Size: '0xc25'
+        INIT:
+            Entropy: 5.495248997126044
+            Virtual Size: '0x58a'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2005-04-26 12:28:26'
+    InternalName: ''
+    Copyright: ''
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - KeSetPriorityThread
+    - MmGetPhysicalAddress
+    - MmAllocateContiguousMemorySpecifyCache
+    - KeInsertQueueDpc
+    - MmFreeContiguousMemory
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - KeSetImportanceDpc
+    - KeSetTargetProcessorDpc
+    - KeInitializeDpc
+    - IoDeleteDevice
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - RtlInitUnicodeString
+    - KeBugCheckEx
+    Signatures: {}
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: ''
+    MD5: c04a5cdcb446dc708d9302be4e91e46d
+    MachineType: AMD64
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: 7c46ecc5ce8e5f6e236a3b169fb46bb357ac3546
+    SHA256: 3678ba63d62efd3b706d1b661d631ded801485c08b5eb9a3ef38380c6cff319a
+    Signature: ''
+    Imphash: e7cbb1ce75bfc69f53855066a936042d
+    Authentihash:
+        MD5: e03a33bd4f099f5d493030b040eeabfd
+        SHA1: 280fcedfe4013a14bf122a917ae2fa469142714c
+        SHA256: ee067313bd75acae24e1661cb6807ed6148f9af34542ed77578144b21f5c8da1
+    RichPEHeaderHash:
+        MD5: 0df29e332220beca9a43c8a546411803
+        SHA1: fbc770f7abc1c150d19058bc52b402f0530f28bf
+        SHA256: 890246379c5e6ebdb38b657798a7615b23836e48297e4a1d72324cd9388c6ab5
+    Sections:
+        .text:
+            Entropy: 6.042555605693659
+            Virtual Size: '0x814'
+        .rdata:
+            Entropy: 4.616453656954646
+            Virtual Size: '0x23c'
+        .data:
+            Entropy: 2.442200946287043
+            Virtual Size: '0x1a0'
+        .pdata:
+            Entropy: 3.575672337094565
+            Virtual Size: '0xb4'
+        PAGE:
+            Entropy: 6.172515545014358
+            Virtual Size: '0xa71'
+        INIT:
+            Entropy: 5.379234357204095
+            Virtual Size: '0x432'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2008-05-12 13:35:43'
+    InternalName: ''
+    Copyright: ''
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - KeSetImportanceDpc
+    - KeSetTargetProcessorDpc
+    - KeSetPriorityThread
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeInitializeDpc
+    - MmFreeContiguousMemory
+    - MmUnmapIoSpace
+    - MmGetPhysicalAddress
+    - MmMapIoSpace
+    - KeInsertQueueDpc
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - MmAllocateContiguousMemorySpecifyCache
+    - KeBugCheckEx
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+                , G2
+            ValidFrom: '2007-06-15 00:00:00'
+            ValidTo: '2012-06-14 23:59:59'
+            Signature: 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 3825d7faf861af9ef490e726b5d65ad5
+            Version: 3
+            TBS:
+                MD5: d6c7684e9aaa508cf268335f83afe040
+                SHA1: 18066d20ad92409c567cdfde745279ff71c75226
+                SHA256: a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
+                SHA384: 35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=US, ST=Texas, L=Round Rock, O=Dell Inc., OU=Digital ID Class
+                3 , Microsoft Software Validation v2, CN=Dell Inc.
+            ValidFrom: '2006-12-15 00:00:00'
+            ValidTo: '2010-01-10 23:59:59'
+            Signature: 964a90189bd6c008960e4aae75cdf7c5f763b0e04e8921995bb7bb7898297c7d4c84082cc6c324d5a0cc60c77f72cc04c7782416f13b04254e961796dab40b7b5726a18f4f1a1d6a02f18794758bbbc4f8664cef6cc505a5367a8ea999b3c296006dc8336d03d71bfbb5f828d14646a39714657909190d5927bbfa55aec76aad25fe4ec1c5d73b37caec576dbe1a40d13e91509e316dc512d6b07b01c08b7f59f8dbd0d65fcac246b545a91527a2e89c0d3a6603ef49ae2d5373f640ba930fcac4848ae1d1820d3b80866f4335eb9072ece3ab41e80d9d9b1338d8c0e026a11d90e96396b92bf4e4fdf5a161a526f7896a0b77357976010916e455d6bb888d67
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 18a686a1229059017a672136ac2e7265
+            Version: 3
+            TBS:
+                MD5: 3f3990fd4fcf9d9ca9e6a3d53abb0083
+                SHA1: e642b59ed916131746a973ddecfc5549cc81ecb3
+                SHA256: cdfd38299aeafaa4853c8c21e8c33e2f6816a01d2b7daa4b8a7a0a59092d268e
+                SHA384: 33007140387111f8970a2e9f798a874c8ba6c8fc14b41e6cde3308d150e362c97185b5691f2f3647bd928159688d5441
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 18a686a1229059017a672136ac2e7265
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: ''
+    MD5: 2d64d681d79e0d26650928259530c075
+    MachineType: I386
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: fc154983af4a5be15ae1e4b54e2050530b8bc057
+    SHA256: 5449e4dd1b75a7d52922c30baeca0ca8e32fe2210d1e72af2a2f314a5c2268fb
+    Signature: ''
+    Imphash: 1957e33acbc826c69f452ae1d1b89ac9
+    Authentihash:
+        MD5: 8f2101c5eeaa09c79656ec7e6edc4d5b
+        SHA1: 0da8d2776086079a96bef45383c53c9091e0432e
+        SHA256: be589c5c853c86703e23e3b77455bd0d4330bd5e612d0af538f98cc3c4cec1b4
+    RichPEHeaderHash:
+        MD5: 5d5242fdee7917d60c0902d4dcdf1fb0
+        SHA1: 1dbde4fae3f6a3b254d9bc7aa0167917c9aea38e
+        SHA256: 78b46fed6412f8c058305a69f359f5711e0309b9b3406a3ac60d4e6c6a74836e
+    Sections:
+        .text:
+            Entropy: 6.003834861765604
+            Virtual Size: '0x294'
+        .rdata:
+            Entropy: 4.549663477419902
+            Virtual Size: '0xd8'
+        .data:
+            Entropy: 4.677565267016201
+            Virtual Size: '0x8c'
+        PAGE:
+            Entropy: 6.159898187773842
+            Virtual Size: '0x900'
+        INIT:
+            Entropy: 5.737212126373759
+            Virtual Size: '0x3c6'
+        .reloc:
+            Entropy: 4.164503927260694
+            Virtual Size: '0xce'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2006-12-22 08:54:43'
+    InternalName: ''
+    Copyright: ''
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - KeSetPriorityThread
+    - KeGetCurrentThread
+    - KeInsertQueueDpc
+    - WRITE_REGISTER_BUFFER_UCHAR
+    - MmGetPhysicalAddress
+    - MmAllocateContiguousMemorySpecifyCache
+    - READ_REGISTER_BUFFER_UCHAR
+    - MmFreeContiguousMemory
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - KeSetImportanceDpc
+    - KeSetTargetProcessorDpc
+    - KeInitializeDpc
+    - IoDeleteDevice
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - RtlInitUnicodeString
+    - KeTickCount
+    - KeBugCheckEx
+    Signatures: {}
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: ''
+    MD5: 8a70921638ff82bb924456deadcd20e6
+    MachineType: AMD64
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: a88546fb61a2fa7dab978a9cb678469e8f0ed475
+    SHA256: 5bf3985644308662ebfa2fbcc11fb4d3e2a0c817ad3da1a791020f8c8589ebc8
+    Signature: ''
+    Imphash: 10917aa77669c6ae714f074d89be9ab8
+    Authentihash:
+        MD5: fbb107d4b7088fa529edcf9a27b4499b
+        SHA1: 808b0de6f644d48c4ed0c9b607a17362ec3df083
+        SHA256: b8e047a7c96a94eb7cf0416253eca48fa7ba66914b684ee75e81651c83c7ac30
+    RichPEHeaderHash:
+        MD5: 2a677cfe0eaf9861e292c33b6bf4d08f
+        SHA1: 5404274bdd3c5b826d764c20a9126ba421e2729a
+        SHA256: 272046a9ecd8a55ae2e46744bb9a6fc0b83a22ad456a501a8a62a4445b3d2ffc
+    Sections:
+        .text:
+            Entropy: 5.466835057166973
+            Virtual Size: '0x1ae'
+        .rdata:
+            Entropy: 4.682617552506909
+            Virtual Size: '0x3c4'
+        .data:
+            Entropy: 2.437393253979351
+            Virtual Size: '0x1a0'
+        .pdata:
+            Entropy: 3.797556729656597
+            Virtual Size: '0x180'
+        PAGE:
+            Entropy: 6.017523364135105
+            Virtual Size: '0xc55'
+        INIT:
+            Entropy: 5.501098548183702
+            Virtual Size: '0x58a'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2007-03-21 14:11:53'
+    InternalName: ''
+    Copyright: ''
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - KeSetPriorityThread
+    - MmGetPhysicalAddress
+    - MmAllocateContiguousMemorySpecifyCache
+    - KeInsertQueueDpc
+    - MmFreeContiguousMemory
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - KeSetImportanceDpc
+    - KeSetTargetProcessorDpc
+    - KeInitializeDpc
+    - IoDeleteDevice
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - RtlInitUnicodeString
+    - KeBugCheckEx
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2008-12-03 23:59:59'
+            Signature: 877870da4e5201205be079c98230c4fdb91996bd9100c3bdcdcdc6f40ed8fff94dc033623011c5f5741bd492de5f9c2013b17c45be50cd83e7801783a72793671346fbcab8984103cc9b515b058b7fa86ff31b501b242ef2698d6c22f7bbca1695ed0c74c06877d9eb996287c17390f889747a23aba3987b97b1f78f29714d2e751b4841daf0b50d2054d677a097826369fd09cf8af075bb099bd9f91155269a6132be7a02b07b86bea2c38b222c78d13576bc92735cf9b9e64c150a23cce4d2d4342e4940153c0f607a24c6a566ef96cf70eb3ee7f40d7edcd17ca3767169c19c4f47303521b1a2af1a623c2bd98eaa2a077bd818b35c7be29da56ffe3c89ad
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0de92bf0d4d82988183205095e9a7688
+            Version: 3
+            TBS:
+                MD5: 45c204b8a20f6abb0188d2d38a3fb0c9
+                SHA1: cdf3a3c5c2eda4c29621f30fd3154f9f8c765739
+                SHA256: e32839dddc0f4ed2474efaf37f59d46db400c700fd19533cb0895a111124bc77
+                SHA384: ee9c75832cb252218b3201619852209df490d2ef7a5f7a28afdb37f1c1dd56f4604898838e558f615b1c798d4a488223
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2014-07-15 23:59:59'
+            Signature: ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 4191a15a3978dfcf496566381d4c75c2
+            Version: 3
+            TBS:
+                MD5: 41011f8d0e7c7a6408334ca387914c61
+                SHA1: c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
+                SHA256: 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
+                SHA384: a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459
+        -   Subject: C=US, ST=Texas, L=Round Rock, O=Dell Inc., OU=Digital ID Class
+                3 , Microsoft Software Validation v2, CN=Dell Inc.
+            ValidFrom: '2006-12-15 00:00:00'
+            ValidTo: '2010-01-10 23:59:59'
+            Signature: 964a90189bd6c008960e4aae75cdf7c5f763b0e04e8921995bb7bb7898297c7d4c84082cc6c324d5a0cc60c77f72cc04c7782416f13b04254e961796dab40b7b5726a18f4f1a1d6a02f18794758bbbc4f8664cef6cc505a5367a8ea999b3c296006dc8336d03d71bfbb5f828d14646a39714657909190d5927bbfa55aec76aad25fe4ec1c5d73b37caec576dbe1a40d13e91509e316dc512d6b07b01c08b7f59f8dbd0d65fcac246b545a91527a2e89c0d3a6603ef49ae2d5373f640ba930fcac4848ae1d1820d3b80866f4335eb9072ece3ab41e80d9d9b1338d8c0e026a11d90e96396b92bf4e4fdf5a161a526f7896a0b77357976010916e455d6bb888d67
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 18a686a1229059017a672136ac2e7265
+            Version: 3
+            TBS:
+                MD5: 3f3990fd4fcf9d9ca9e6a3d53abb0083
+                SHA1: e642b59ed916131746a973ddecfc5549cc81ecb3
+                SHA256: cdfd38299aeafaa4853c8c21e8c33e2f6816a01d2b7daa4b8a7a0a59092d268e
+                SHA384: 33007140387111f8970a2e9f798a874c8ba6c8fc14b41e6cde3308d150e362c97185b5691f2f3647bd928159688d5441
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 18a686a1229059017a672136ac2e7265
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: ''
+    MD5: c37b575c3a96b9788c26cefcf43f3542
+    MachineType: AMD64
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: f7413250e7e8ad83c350092d78f0f75fcca9f474
+    SHA256: 6575ea9b319beb3845d43ce2c70ea55f0414da2055fa82eec324c4cebdefe893
+    Signature: ''
+    Imphash: be69e763a6a858c3e7e1ea6e3af12691
+    Authentihash:
+        MD5: a1c36e75bb10e6010531223ab5141ae7
+        SHA1: ac1d5f3691326940bb3cb471097296ff7d21dc9b
+        SHA256: 419b5bca6d43650893d5e044e785c0ad87cbe1185de0d3feaa9f681c6e7f50b4
+    RichPEHeaderHash:
+        MD5: 86b20d196871ff3f737af9f0c91d3228
+        SHA1: 9e15e0df43370ffcc4aceed701abba1258c4e611
+        SHA256: 137a0549327550f5b20068fa9d4cbea9c8ec8bec6b80008c9a3e60a00e6b0b3d
+    Sections:
+        .text:
+            Entropy: 5.281823709049508
+            Virtual Size: '0x138'
+        .rdata:
+            Entropy: 4.771663253268149
+            Virtual Size: '0x1d8'
+        .data:
+            Entropy: 4.5877080636470255
+            Virtual Size: '0x83'
+        .pdata:
+            Entropy: 3.2367173466653854
+            Virtual Size: '0x84'
+        PAGE:
+            Entropy: 6.218000851496456
+            Virtual Size: '0xa45'
+        INIT:
+            Entropy: 5.550166547865309
+            Virtual Size: '0x3e8'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2005-08-02 14:38:51'
+    InternalName: ''
+    Copyright: ''
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - KeSetPriorityThread
+    - KeGetCurrentThread
+    - MmGetPhysicalAddress
+    - MmAllocateContiguousMemorySpecifyCache
+    - KeInsertQueueDpc
+    - MmFreeContiguousMemory
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - KeSetImportanceDpc
+    - KeSetTargetProcessorDpc
+    - KeInitializeDpc
+    - IoDeleteDevice
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - RtlInitUnicodeString
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2008-12-03 23:59:59'
+            Signature: 877870da4e5201205be079c98230c4fdb91996bd9100c3bdcdcdc6f40ed8fff94dc033623011c5f5741bd492de5f9c2013b17c45be50cd83e7801783a72793671346fbcab8984103cc9b515b058b7fa86ff31b501b242ef2698d6c22f7bbca1695ed0c74c06877d9eb996287c17390f889747a23aba3987b97b1f78f29714d2e751b4841daf0b50d2054d677a097826369fd09cf8af075bb099bd9f91155269a6132be7a02b07b86bea2c38b222c78d13576bc92735cf9b9e64c150a23cce4d2d4342e4940153c0f607a24c6a566ef96cf70eb3ee7f40d7edcd17ca3767169c19c4f47303521b1a2af1a623c2bd98eaa2a077bd818b35c7be29da56ffe3c89ad
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0de92bf0d4d82988183205095e9a7688
+            Version: 3
+            TBS:
+                MD5: 45c204b8a20f6abb0188d2d38a3fb0c9
+                SHA1: cdf3a3c5c2eda4c29621f30fd3154f9f8c765739
+                SHA256: e32839dddc0f4ed2474efaf37f59d46db400c700fd19533cb0895a111124bc77
+                SHA384: ee9c75832cb252218b3201619852209df490d2ef7a5f7a28afdb37f1c1dd56f4604898838e558f615b1c798d4a488223
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2009-07-15 23:59:59'
+            Signature: 9a65f5d8d7e1a4d05dded87d7bc3eec408c256d08cdcedac228de750060d072ca0a46995cc99dfcc6331cfb0c1e496cb38ce21fb7ce7580a2321072c9097abd89604935453ba3a1048720d85ec1b0a4125cc7d6cac7b03f1f7783cf2a840d05572dbbe0b28b5c8c705fed3e0b521dcbc40b7bebc60f5b8e3d85e3b65dd66565f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 57646e2b550023d490534a553eab0d0a
+            Version: 3
+            TBS:
+                MD5: e0554e925960f8ebfe053732b72cf185
+                SHA1: f305b91e55019f4353be8ef3f83c1cee7a986b4d
+                SHA256: ea81c5bd80a1c1fc0e3b82cfb15837f221ea835f6b9d6c54c767f754355e3880
+                SHA384: e77db35cbba6960fd54597a4dfb37740658cb8affa1472c75c0c1c6343cadd227334fe54b9acfa0493367c54661db9e4
+        -   Subject: C=US, ST=Texas, L=Round Rock, O=Dell Inc., OU=Digital ID Class
+                3 , Microsoft Software Validation v2, CN=Dell Inc.
+            ValidFrom: '2005-12-06 00:00:00'
+            ValidTo: '2007-01-10 23:59:59'
+            Signature: 3cb891a21ee1115b0b7c51fc20a95edde7d6937b63428592fe1e4ce1c924995a5abcc250c18b986b9c34dd59094a5fb6e85ca434d4c7926724dc31acf425e36b4c147324b0c1c8b7ec07ae6f06aa3ea08896a14cca3daecadf310151d6a5b5e991dfca8d17312f6daa6ac64bc340f472a285538f8b7169125fd240ed0eb32706923be279b2379dac174a6d51d0c760531cc5913d61216d41a3198a58b4342791471f50f3e667a0e95e46e1c1eec5531ebda1f605a564ee14e104dec15daf37201a349d5cd55d92e58667772d00eea7c85b54692be14699a6822676b1619ec2ad8fd16573beed295588f522c024e54e2a1c83eb8f194f684c0e2a563b76dfdcad
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 4957a5495776e13165eb89eeda14831a
+            Version: 3
+            TBS:
+                MD5: 0477ed8e1755ed9b4ed2c38236da79df
+                SHA1: 741cf63102fbccf6873168697c21019c23f78d01
+                SHA256: 9fad3c4e14b1d1e5f8b15d75ef42a18dc6cd20d5f746b99cc72cff82eb274510
+                SHA384: 3783e3faef9f301e720c588be5bf3dcc2a960facb2341f876c7f7e60c86e977ce3cca796712fb92346a225582aed45e2
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 4957a5495776e13165eb89eeda14831a
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: ''
+    MD5: f4a31e08f89e5f002ef3cf7b1224af5f
+    MachineType: AMD64
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: c2d18ce26ce2435845f534146d7f353b662ad2b9
+    SHA256: 700b9839fde53e91f0847053b4d2eb8d9bd3aca098844510f1fa3bab6a37eb24
+    Signature: ''
+    Imphash: 10917aa77669c6ae714f074d89be9ab8
+    Authentihash:
+        MD5: 685227232e3e50d40eedef9afdb000aa
+        SHA1: 03952b6ddcdfc4a2ab375dce0475cea07113ad36
+        SHA256: 7c62a659a4f8fdecfd5a64f4f4391852996db564d123fc5d20e3f3dfb11ed62c
+    RichPEHeaderHash:
+        MD5: b02c2ef12ee24a4e0caf681e8cccb03e
+        SHA1: a982890a37bf51a61a4624f3efb2e059f22c28be
+        SHA256: e461fb5e07f45e90c6b58963b5562836a30aafbb6f932eef710471aabc83ae14
+    Sections:
+        .text:
+            Entropy: 6.024293789731569
+            Virtual Size: '0x51e'
+        .rdata:
+            Entropy: 4.71171050052965
+            Virtual Size: '0x430'
+        .data:
+            Entropy: 2.437393253979351
+            Virtual Size: '0x1a0'
+        .pdata:
+            Entropy: 3.9099178695802297
+            Virtual Size: '0x1b0'
+        PAGE:
+            Entropy: 6.0074072317452885
+            Virtual Size: '0xda5'
+        INIT:
+            Entropy: 5.388922651806295
+            Virtual Size: '0x49a'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2006-12-22 08:54:37'
+    InternalName: ''
+    Copyright: ''
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - KeSetPriorityThread
+    - MmGetPhysicalAddress
+    - MmAllocateContiguousMemorySpecifyCache
+    - KeInsertQueueDpc
+    - MmFreeContiguousMemory
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - KeSetImportanceDpc
+    - KeSetTargetProcessorDpc
+    - KeInitializeDpc
+    - IoDeleteDevice
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - RtlInitUnicodeString
+    - KeBugCheckEx
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2008-12-03 23:59:59'
+            Signature: 877870da4e5201205be079c98230c4fdb91996bd9100c3bdcdcdc6f40ed8fff94dc033623011c5f5741bd492de5f9c2013b17c45be50cd83e7801783a72793671346fbcab8984103cc9b515b058b7fa86ff31b501b242ef2698d6c22f7bbca1695ed0c74c06877d9eb996287c17390f889747a23aba3987b97b1f78f29714d2e751b4841daf0b50d2054d677a097826369fd09cf8af075bb099bd9f91155269a6132be7a02b07b86bea2c38b222c78d13576bc92735cf9b9e64c150a23cce4d2d4342e4940153c0f607a24c6a566ef96cf70eb3ee7f40d7edcd17ca3767169c19c4f47303521b1a2af1a623c2bd98eaa2a077bd818b35c7be29da56ffe3c89ad
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0de92bf0d4d82988183205095e9a7688
+            Version: 3
+            TBS:
+                MD5: 45c204b8a20f6abb0188d2d38a3fb0c9
+                SHA1: cdf3a3c5c2eda4c29621f30fd3154f9f8c765739
+                SHA256: e32839dddc0f4ed2474efaf37f59d46db400c700fd19533cb0895a111124bc77
+                SHA384: ee9c75832cb252218b3201619852209df490d2ef7a5f7a28afdb37f1c1dd56f4604898838e558f615b1c798d4a488223
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            ValidFrom: '2004-07-16 00:00:00'
+            ValidTo: '2009-07-15 23:59:59'
+            Signature: 9a65f5d8d7e1a4d05dded87d7bc3eec408c256d08cdcedac228de750060d072ca0a46995cc99dfcc6331cfb0c1e496cb38ce21fb7ce7580a2321072c9097abd89604935453ba3a1048720d85ec1b0a4125cc7d6cac7b03f1f7783cf2a840d05572dbbe0b28b5c8c705fed3e0b521dcbc40b7bebc60f5b8e3d85e3b65dd66565f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 57646e2b550023d490534a553eab0d0a
+            Version: 3
+            TBS:
+                MD5: e0554e925960f8ebfe053732b72cf185
+                SHA1: f305b91e55019f4353be8ef3f83c1cee7a986b4d
+                SHA256: ea81c5bd80a1c1fc0e3b82cfb15837f221ea835f6b9d6c54c767f754355e3880
+                SHA384: e77db35cbba6960fd54597a4dfb37740658cb8affa1472c75c0c1c6343cadd227334fe54b9acfa0493367c54661db9e4
+        -   Subject: C=US, ST=Texas, L=Round Rock, O=Dell Inc., OU=Digital ID Class
+                3 , Microsoft Software Validation v2, CN=Dell Inc.
+            ValidFrom: '2005-12-06 00:00:00'
+            ValidTo: '2007-01-10 23:59:59'
+            Signature: 3cb891a21ee1115b0b7c51fc20a95edde7d6937b63428592fe1e4ce1c924995a5abcc250c18b986b9c34dd59094a5fb6e85ca434d4c7926724dc31acf425e36b4c147324b0c1c8b7ec07ae6f06aa3ea08896a14cca3daecadf310151d6a5b5e991dfca8d17312f6daa6ac64bc340f472a285538f8b7169125fd240ed0eb32706923be279b2379dac174a6d51d0c760531cc5913d61216d41a3198a58b4342791471f50f3e667a0e95e46e1c1eec5531ebda1f605a564ee14e104dec15daf37201a349d5cd55d92e58667772d00eea7c85b54692be14699a6822676b1619ec2ad8fd16573beed295588f522c024e54e2a1c83eb8f194f684c0e2a563b76dfdcad
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 4957a5495776e13165eb89eeda14831a
+            Version: 3
+            TBS:
+                MD5: 0477ed8e1755ed9b4ed2c38236da79df
+                SHA1: 741cf63102fbccf6873168697c21019c23f78d01
+                SHA256: 9fad3c4e14b1d1e5f8b15d75ef42a18dc6cd20d5f746b99cc72cff82eb274510
+                SHA384: 3783e3faef9f301e720c588be5bf3dcc2a960facb2341f876c7f7e60c86e977ce3cca796712fb92346a225582aed45e2
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        Signer:
+        -   SerialNumber: 4957a5495776e13165eb89eeda14831a
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code
+                Signing 2004 CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: ''
+    MD5: 51c233297c3aa16c4222e35ded1139b6
+    MachineType: I386
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: 0ff2ad8941fbb80cbccb6db7db1990c01c2869b1
+    SHA256: a6c11d3bec2a94c40933ec1d3604cfe87617ba828b14f4cded6cfe85656debc0
+    Signature: ''
+    Imphash: edc2197e927392567cf09f7de410b5bb
+    Authentihash:
+        MD5: afd1f043a2f346f1349131e0db185805
+        SHA1: 586987aba0aed6f989588f7e852260aab2679332
+        SHA256: 03df432d7ff56ed53fd050b1875f5a05dffbe1c999adf2dd6c8d790b7ffd2c2d
+    RichPEHeaderHash:
+        MD5: 632ce656b30c7ea200ce437baddf369a
+        SHA1: cd7045c7d331f3707df34afd5dea72a3572c0360
+        SHA256: 2a7bc3f088c84d3a52f54c2c2d94b21d0a3e9d5c55cf6151f5ac16f3b0fe3949
+    Sections:
+        .text:
+            Entropy: 6.021213675788733
+            Virtual Size: '0x2a0'
+        .rdata:
+            Entropy: 4.42031665937162
+            Virtual Size: '0xca'
+        .data:
+            Entropy: 4.773136066100384
+            Virtual Size: '0x8c'
+        PAGE:
+            Entropy: 6.185648330264994
+            Virtual Size: '0x910'
+        INIT:
+            Entropy: 5.786044343517343
+            Virtual Size: '0x3cc'
+        .reloc:
+            Entropy: 4.312323739183205
+            Virtual Size: '0xdc'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2008-05-12 13:32:50'
+    InternalName: ''
+    Copyright: ''
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - KeSetPriorityThread
+    - KeGetCurrentThread
+    - KeInsertQueueDpc
+    - WRITE_REGISTER_BUFFER_UCHAR
+    - MmGetPhysicalAddress
+    - MmAllocateContiguousMemorySpecifyCache
+    - READ_REGISTER_BUFFER_UCHAR
+    - MmFreeContiguousMemory
+    - memset
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - KeSetImportanceDpc
+    - KeSetTargetProcessorDpc
+    - KeInitializeDpc
+    - IoDeleteDevice
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - RtlInitUnicodeString
+    - KeTickCount
+    - KeBugCheckEx
+    Signatures: {}
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: ''
+    MD5: 1a5a95d6bedbe29e5acf5eb6a727c634
+    MachineType: AMD64
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: c1777fcb7005b707f8c86b2370f3278a8ccd729f
+    SHA256: b3a191ccd1df19cdf17fe6637d48266ac84c4310b013ad6973d8cb336b06ff69
+    Signature: ''
+    Imphash: be69e763a6a858c3e7e1ea6e3af12691
+    Authentihash:
+        MD5: a1c36e75bb10e6010531223ab5141ae7
+        SHA1: ac1d5f3691326940bb3cb471097296ff7d21dc9b
+        SHA256: 419b5bca6d43650893d5e044e785c0ad87cbe1185de0d3feaa9f681c6e7f50b4
+    RichPEHeaderHash:
+        MD5: 86b20d196871ff3f737af9f0c91d3228
+        SHA1: 9e15e0df43370ffcc4aceed701abba1258c4e611
+        SHA256: 137a0549327550f5b20068fa9d4cbea9c8ec8bec6b80008c9a3e60a00e6b0b3d
+    Sections:
+        .text:
+            Entropy: 5.281823709049508
+            Virtual Size: '0x138'
+        .rdata:
+            Entropy: 4.771663253268149
+            Virtual Size: '0x1d8'
+        .data:
+            Entropy: 4.5877080636470255
+            Virtual Size: '0x83'
+        .pdata:
+            Entropy: 3.2367173466653854
+            Virtual Size: '0x84'
+        PAGE:
+            Entropy: 6.218000851496456
+            Virtual Size: '0xa45'
+        INIT:
+            Entropy: 5.550166547865309
+            Virtual Size: '0x3e8'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2005-08-02 14:38:51'
+    InternalName: ''
+    Copyright: ''
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - KeSetPriorityThread
+    - KeGetCurrentThread
+    - MmGetPhysicalAddress
+    - MmAllocateContiguousMemorySpecifyCache
+    - KeInsertQueueDpc
+    - MmFreeContiguousMemory
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - KeSetImportanceDpc
+    - KeSetTargetProcessorDpc
+    - KeInitializeDpc
+    - IoDeleteDevice
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - RtlInitUnicodeString
+    Signatures: {}
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: ''
+    Date: ''
+    Description: ''
+    FileVersion: ''
+    Filename: ''
+    MD5: 637cf50b06bc53deae846b252d56bbdc
+    MachineType: I386
+    OriginalFilename: ''
+    Product: ''
+    ProductVersion: ''
+    Publisher: ''
+    SHA1: be270d94744b62b0d36bef905ef6296165ffcee9
+    SHA256: b84dc9b885193ced6a1b6842a365a4f18d1683951bb11a5c780ab737ffa06684
+    Signature: ''
+    Imphash: 6b867dee14a77d0ada8ccad99b16291e
+    Authentihash:
+        MD5: 275dc7c2ad082fb91ce22e5c327fe6d4
+        SHA1: 53b69917a6aed8b1a309fc2de63f37f5f1062af7
+        SHA256: 8fe475d3082a0226ae9fa945542ac3e0cb5214c0f44193dcff12514cadf52101
+    RichPEHeaderHash:
+        MD5: cd0af2102bca4e2aa767a00f8cb91093
+        SHA1: 888d0caadbd9248a8fd687d141da2fe4a11bf7c3
+        SHA256: 25902bf5a0ecec83c62506620b9e269e456964e63f4bc1bafdc02e0c988eaf86
+    Sections:
+        .text:
+            Entropy: 5.564781789405919
+            Virtual Size: '0xe2'
+        .rdata:
+            Entropy: 4.506571896579582
+            Virtual Size: '0xba'
+        .data:
+            Entropy: 4.5877080636470255
+            Virtual Size: '0x83'
+        PAGE:
+            Entropy: 6.253128102349306
+            Virtual Size: '0x7b4'
+        INIT:
+            Entropy: 5.737910509343613
+            Virtual Size: '0x380'
+        .reloc:
+            Entropy: 4.2249116580967305
+            Virtual Size: '0x88'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2005-08-02 14:39:08'
+    InternalName: ''
+    Copyright: ''
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - KeSetPriorityThread
+    - KeGetCurrentThread
+    - KeInsertQueueDpc
+    - WRITE_REGISTER_BUFFER_UCHAR
+    - MmGetPhysicalAddress
+    - MmAllocateContiguousMemorySpecifyCache
+    - READ_REGISTER_BUFFER_UCHAR
+    - MmFreeContiguousMemory
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - KeSetImportanceDpc
+    - KeSetTargetProcessorDpc
+    - KeInitializeDpc
+    - IoDeleteDevice
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - RtlInitUnicodeString
+    Signatures: {}
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/fab98aaa-e4e7-4c4a-af65-c00d35cf66e9.yaml b/yaml/fab98aaa-e4e7-4c4a-af65-c00d35cf66e9.yaml
index 425f82f20..66628dffa 100644
--- a/yaml/fab98aaa-e4e7-4c4a-af65-c00d35cf66e9.yaml
+++ b/yaml/fab98aaa-e4e7-4c4a-af65-c00d35cf66e9.yaml
@@ -1,190 +1,191 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: fab98aaa-e4e7-4c4a-af65-c00d35cf66e9
+Tags:
+- cpuz141.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create cpuz141.sys binPath=C:\windows\temp\cpuz141.sys type=kernel
-    && sc.exe start cpuz141.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/ded2927f9a4e64eefd09d0caba78e94f309e3a6292841ae81d5528cab109f95d.yara
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: fab98aaa-e4e7-4c4a-af65-c00d35cf66e9
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 17b67e675e778c70d3c348d5088ab514
-    SHA1: b38b98608e410c1555a7d73056e86e1db850bb2e
-    SHA256: 33b88ac3151f2192eaf4c2be3c7ad00e49090c8b94ec51b754e19ac784b087aa
-  Company: CPUID
-  Copyright: Copyright(C) 2016 CPUID
-  CreationTimestamp: '2016-11-22 06:20:59'
-  Date: ''
-  Description: CPUID Driver
-  ExportedFunctions: ''
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Filename: cpuz141.sys
-  ImportedFunctions:
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeInitializeEvent
-  - RtlInitAnsiString
-  - MmUnmapIoSpace
-  - IoCancelIrp
-  - RtlFreeUnicodeString
-  - IoGetDeviceObjectPointer
-  - RtlAnsiStringToUnicodeString
-  - IofCompleteRequest
-  - KeWaitForSingleObject
-  - PsGetVersion
-  - IoCreateSymbolicLink
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - IofCallDriver
-  - KeBugCheckEx
-  - ExFreePoolWithTag
-  - IoDeleteSymbolicLink
-  - IoBuildDeviceIoControlRequest
-  - MmMapIoSpace
-  - ExAllocatePoolWithTag
-  - RtlUnwindEx
-  - HalGetBusDataByOffset
-  - HalSetBusDataByOffset
-  - KeStallExecutionProcessor
-  - KeQueryPerformanceCounter
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: cpuz.sys
-  MD5: db72def618cbc3c5f9aa82f091b54250
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: cpuz.sys
-  Product: CPUID service
-  ProductVersion: 6.1.7600.16385
-  Publisher: CPUID
-  RichPEHeaderHash:
-    MD5: c046d6f14ec39d2a0f67a417bda83c5e
-    SHA1: 74661f1063b4c80566f75a1bee22c35f7af17fa9
-    SHA256: 440eebbdc09d290724d364056ba4e2725c75759819a6df0a1ed5c876ed7d2474
-  SHA1: f5696fb352a3fbd14fb1a89ad21a71776027f9ab
-  SHA256: ded2927f9a4e64eefd09d0caba78e94f309e3a6292841ae81d5528cab109f95d
-  Sections:
-    .text:
-      Entropy: 6.216329473107877
-      Virtual Size: '0x3a06'
-    .rdata:
-      Entropy: 4.223270892386599
-      Virtual Size: '0x48c'
-    .data:
-      Entropy: 0.378703493487675
-      Virtual Size: '0x440'
-    .pdata:
-      Entropy: 3.5113758608463215
-      Virtual Size: '0xf0'
-    INIT:
-      Entropy: 5.116119018385266
-      Virtual Size: '0x40e'
-    .rsrc:
-      Entropy: 3.3889145139722916
-      Virtual Size: '0x350'
-  Signature:
-  - CPUID
-  - VeriSign Class 3 Code Signing 2010 CA
-  - VeriSign
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2006-11-08 00:00:00'
-      ValidTo: '2021-11-07 23:59:59'
-      Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
-      Version: 3
-      TBS:
-        MD5: 918d9eb6a6cd36c531eceb926170a7e1
-        SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
-        SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
-        SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
-    - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-      ValidFrom: '2006-05-23 17:01:29'
-      ValidTo: '2016-05-23 17:11:29'
-      Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 610c120600000000001b
-      Version: 3
-      TBS:
-        MD5: 53c41bc1164e09e0cd1617a5bf913efd
-        SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
-        SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
-        SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
-    - Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, CN=CPUID
-      ValidFrom: '2014-12-02 00:00:00'
-      ValidTo: '2018-03-02 23:59:59'
-      Signature: a59808b35f916a1201f0987b958aaaf50b81f3e507cf9d1b902bc22787244617e38069e4ca74bcf505dfdfeb6bad8bee2ecba26a428c2b26c9b9987241b50ccfd895a7335b35534c5569fdef2554d773cb3b20f10e08eeff2701d2a3e8ef7c5bb759baf1995d1580dce4f0c5da90eff4f07e01e7c9273b24c14c514f2ae1d1fe940dd53bfa25572cd6f3c007c7f21aebc58ea32ca3aea83c731419c9dcc191158cbb52b0b70545a16c9b42aadd4dcb167443d6c15fa03ae7f6f0f644845a69cb8badb3f143fd916a70c5008c3486d1f0cc8e0527f76da5aeaca4925f6eb6861dd54e1ce8b80e6b000446d77ac8bd0299e38db3b8e4a9c43294367cd6a55351d0
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 2d8021d84f098e7abde199f818e211a4
-      Version: 3
-      TBS:
-        MD5: 8f8c7ccf1ef7e1ee347f49e8266008ca
-        SHA1: b856b993df73da9d824aa1e5161788bd10d1e10e
-        SHA256: 1dd13a417806106c76cfbcd3614fe27a0638d2aaf2731f6a110c05043e34ad91
-        SHA384: d24ede407b82f80a6f0703b59af267f227a956c21f642f4c3d717d6999728ba2acfde76966340f4334f8ecdcf294616e
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 2d8021d84f098e7abde199f818e211a4
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 8f96c3ef5dda3fe697d4a4d6326dbe37
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create cpuz141.sys binPath=C:\windows\temp\cpuz141.sys type=kernel
+        && sc.exe start cpuz141.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://github.com/namazso/physmem_drivers
-Tags:
-- cpuz141.sys
-Verified: 'TRUE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/ded2927f9a4e64eefd09d0caba78e94f309e3a6292841ae81d5528cab109f95d.yara
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 17b67e675e778c70d3c348d5088ab514
+        SHA1: b38b98608e410c1555a7d73056e86e1db850bb2e
+        SHA256: 33b88ac3151f2192eaf4c2be3c7ad00e49090c8b94ec51b754e19ac784b087aa
+    Company: CPUID
+    Copyright: Copyright(C) 2016 CPUID
+    CreationTimestamp: '2016-11-22 06:20:59'
+    Date: ''
+    Description: CPUID Driver
+    ExportedFunctions: ''
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Filename: cpuz141.sys
+    ImportedFunctions:
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeInitializeEvent
+    - RtlInitAnsiString
+    - MmUnmapIoSpace
+    - IoCancelIrp
+    - RtlFreeUnicodeString
+    - IoGetDeviceObjectPointer
+    - RtlAnsiStringToUnicodeString
+    - IofCompleteRequest
+    - KeWaitForSingleObject
+    - PsGetVersion
+    - IoCreateSymbolicLink
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - IofCallDriver
+    - KeBugCheckEx
+    - ExFreePoolWithTag
+    - IoDeleteSymbolicLink
+    - IoBuildDeviceIoControlRequest
+    - MmMapIoSpace
+    - ExAllocatePoolWithTag
+    - RtlUnwindEx
+    - HalGetBusDataByOffset
+    - HalSetBusDataByOffset
+    - KeStallExecutionProcessor
+    - KeQueryPerformanceCounter
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: cpuz.sys
+    MD5: db72def618cbc3c5f9aa82f091b54250
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: cpuz.sys
+    Product: CPUID service
+    ProductVersion: 6.1.7600.16385
+    Publisher: CPUID
+    RichPEHeaderHash:
+        MD5: c046d6f14ec39d2a0f67a417bda83c5e
+        SHA1: 74661f1063b4c80566f75a1bee22c35f7af17fa9
+        SHA256: 440eebbdc09d290724d364056ba4e2725c75759819a6df0a1ed5c876ed7d2474
+    SHA1: f5696fb352a3fbd14fb1a89ad21a71776027f9ab
+    SHA256: ded2927f9a4e64eefd09d0caba78e94f309e3a6292841ae81d5528cab109f95d
+    Sections:
+        .text:
+            Entropy: 6.216329473107877
+            Virtual Size: '0x3a06'
+        .rdata:
+            Entropy: 4.223270892386599
+            Virtual Size: '0x48c'
+        .data:
+            Entropy: 0.378703493487675
+            Virtual Size: '0x440'
+        .pdata:
+            Entropy: 3.5113758608463215
+            Virtual Size: '0xf0'
+        INIT:
+            Entropy: 5.116119018385266
+            Virtual Size: '0x40e'
+        .rsrc:
+            Entropy: 3.3889145139722916
+            Virtual Size: '0x350'
+    Signature:
+    - CPUID
+    - VeriSign Class 3 Code Signing 2010 CA
+    - VeriSign
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2006-11-08 00:00:00'
+            ValidTo: '2021-11-07 23:59:59'
+            Signature: 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 250ce8e030612e9f2b89f7054d7cf8fd
+            Version: 3
+            TBS:
+                MD5: 918d9eb6a6cd36c531eceb926170a7e1
+                SHA1: 0ae95700d65e6f59715aa47048993ca7858e676a
+                SHA256: 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
+                SHA384: e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85
+        -   Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
+                Authority
+            ValidFrom: '2006-05-23 17:01:29'
+            ValidTo: '2016-05-23 17:11:29'
+            Signature: 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 610c120600000000001b
+            Version: 3
+            TBS:
+                MD5: 53c41bc1164e09e0cd1617a5bf913efd
+                SHA1: 93c03aac8951d494ecd5696b1c08658541b18727
+                SHA256: 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
+                SHA384: f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8
+        -   Subject: C=FR, ST=NORD, L=DUNKERQUE, O=CPUID, CN=CPUID
+            ValidFrom: '2014-12-02 00:00:00'
+            ValidTo: '2018-03-02 23:59:59'
+            Signature: a59808b35f916a1201f0987b958aaaf50b81f3e507cf9d1b902bc22787244617e38069e4ca74bcf505dfdfeb6bad8bee2ecba26a428c2b26c9b9987241b50ccfd895a7335b35534c5569fdef2554d773cb3b20f10e08eeff2701d2a3e8ef7c5bb759baf1995d1580dce4f0c5da90eff4f07e01e7c9273b24c14c514f2ae1d1fe940dd53bfa25572cd6f3c007c7f21aebc58ea32ca3aea83c731419c9dcc191158cbb52b0b70545a16c9b42aadd4dcb167443d6c15fa03ae7f6f0f644845a69cb8badb3f143fd916a70c5008c3486d1f0cc8e0527f76da5aeaca4925f6eb6861dd54e1ce8b80e6b000446d77ac8bd0299e38db3b8e4a9c43294367cd6a55351d0
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 2d8021d84f098e7abde199f818e211a4
+            Version: 3
+            TBS:
+                MD5: 8f8c7ccf1ef7e1ee347f49e8266008ca
+                SHA1: b856b993df73da9d824aa1e5161788bd10d1e10e
+                SHA256: 1dd13a417806106c76cfbcd3614fe27a0638d2aaf2731f6a110c05043e34ad91
+                SHA384: d24ede407b82f80a6f0703b59af267f227a956c21f642f4c3d717d6999728ba2acfde76966340f4334f8ecdcf294616e
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 2d8021d84f098e7abde199f818e211a4
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 8f96c3ef5dda3fe697d4a4d6326dbe37
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/fb783760-cb3f-4cf4-b4ac-8edb756b9821.yaml b/yaml/fb783760-cb3f-4cf4-b4ac-8edb756b9821.yaml
index fcfda4d86..74a35e6e1 100644
--- a/yaml/fb783760-cb3f-4cf4-b4ac-8edb756b9821.yaml
+++ b/yaml/fb783760-cb3f-4cf4-b4ac-8edb756b9821.yaml
@@ -1,176 +1,177 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: fb783760-cb3f-4cf4-b4ac-8edb756b9821
+Tags:
+- atlAccess.sys
+Verified: 'TRUE'
 Author: Takahiro Haruyama
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create atlAccesssys binPath= C:\windows\temp\atlAccesssys.sys type=kernel
-    && sc.exe start atlAccesssys
-  Description: The Carbon Black Threat Analysis Unit (TAU) discovered 34 unique vulnerable
-    drivers (237 file hashes) accepting firmware access. Six allow kernel memory access.
-    All give full control of the devices to non-admin users. By exploiting the vulnerable
-    drivers, an attacker without the system privilege may erase/alter firmware, and/or
-    elevate privileges. As of the time of writing in October 2023, the filenames of
-    the vulnerable drivers have not been made public until now.
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-11-02'
-Detection: []
-Id: fb783760-cb3f-4cf4-b4ac-8edb756b9821
-KnownVulnerableSamples:
-- Company: Windows (R) Win 7 DDK provider
-  Date: ''
-  Description: Simple PCI access driver
-  FileVersion: '6.1.7600.16385 built by: WinDDK'
-  Filename: ''
-  MD5: 08001b0cdb0946433366032827d7a187
-  MachineType: AMD64
-  OriginalFilename: atlAccess.sys
-  Product: Windows (R) Win 7 DDK driver
-  ProductVersion: 6.1.7600.16385
-  Publisher: ''
-  SHA1: 6b54b8f7edca5fb25a8ef1a1d31e14b9738db579
-  SHA256: 0b57569aaa0f4789d9642dd2189b0a82466b80ad32ff35f88127210ed105fe57
-  Signature: ''
-  Imphash: 8b47d6faba90b5c89e27f7119c987e1a
-  Authentihash:
-    MD5: b9bac046427a6f1664a5af4baebd3a61
-    SHA1: c5d83d40db80c87b370af91c67713658c6ae0a79
-    SHA256: c25cb17f5879e9c2fb4c91adb18e24b50a94738d5deb62a4189065bcf2c1d86b
-  RichPEHeaderHash:
-    MD5: ae583efa641b5b3adcd20b1b1f8a468c
-    SHA1: 26b53309451f6cb17ebcd2e6adaf2ff420605f24
-    SHA256: e5fc90cce8f3fbf1937764ed5b2b36b9d7346be931e177172ef52aaa225183f6
-  Sections:
-    .text:
-      Entropy: 5.315744591990343
-      Virtual Size: '0xc24'
-    .rdata:
-      Entropy: 3.9728170876693523
-      Virtual Size: '0x168'
-    .data:
-      Entropy: 0.4975521352521052
-      Virtual Size: '0x11c'
-    .pdata:
-      Entropy: 3.294395845770031
-      Virtual Size: '0x84'
-    INIT:
-      Entropy: 5.075371650679493
-      Virtual Size: '0x2bc'
-    .rsrc:
-      Entropy: 3.4471340230661465
-      Virtual Size: '0x3f8'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2020-03-31 01:35:36'
-  InternalName: atlAccess.sys
-  Copyright: "\xA9 Microsoft Corporation. All rights reserved."
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - MmUnmapLockedPages
-  - ExAllocatePoolWithTag
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - MmUnmapIoSpace
-  - MmBuildMdlForNonPagedPool
-  - IoFreeMdl
-  - MmMapLockedPagesSpecifyCache
-  - MmMapIoSpace
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - RtlAssert
-  - DbgPrint
-  - IoAllocateMdl
-  - KeBugCheckEx
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=US, ST=California, L=San Jose, O=Aquantia Corp., OU=IT, CN=Aquantia
-        Corp.
-      ValidFrom: '2018-11-06 00:00:00'
-      ValidTo: '2020-11-05 23:59:59'
-      Signature: 2853f6902e3ef0c34d9b5ddd86d1901bdf6bbb7d06b17d344e5afbfd7522b748b573f50b07d7445257c2856fef7a0675ede5e062932e8e19987468a99f82716f823667df93d95557151d99ae64920f3c8da868eb4f203518ae04d70c37b5fae1e0763100cef38ed698a93e35411a51a369c41c9eeae26526ea300d85bdf572b14dde2187605ec439badedc0d53c82d0209bf9baeae7dc1db6a2652726f8b9e1ad098647d90a1acbfe7af2db0871cf8ff363aa8551a14e244f4a0fc494c0b8ef2a2b12081813ee59411fbf6705eb9a69a955a2316cf8b962d7be8bce63022e530d817a5863232d3ed01a6b9adf58b0e4bef4a9c12e17942ec806cb2a1405be69d
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 7c3eead1d01e25d1efe1e3a788d520e8
-      Version: 3
-      TBS:
-        MD5: 72de81c11261fe09bcf8e625f61bf119
-        SHA1: 5b1dfe2c24c571c2c5ead9824c2aa2c2cbc2f514
-        SHA256: c0df23f328bcc3055572746dedad7427b548921bf757d8bf59e89ad321f08307
-        SHA384: 0e73dd74284a89d8938530f40031b1838cc58ef25523d585222505d65f1a1d50b47f6c983acd36105c0e62b5e2412b33
-    - Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 SHA256 Code Signing CA
-      ValidFrom: '2013-12-10 00:00:00'
-      ValidTo: '2023-12-09 23:59:59'
-      Signature: 13851a1e69a937f7a0bda4af7e1d6153fe9d8c5e0ca6751e781723ddfdec1a035539fb7195c7655aa78e30d2445a61db706fda2105c22e73ba49f1d193fe5dc9cd5e03e0899e3f741ed7f7388ba9d6cfbb352f3358a89256d1c84d3b82e6798416fc28b0b147f31da23eee87d9a67fa456a53fad842e29de7cbca8aaa33d0401eaba93a20e502229174c87e43a115fd6a425899b056b2fb4c9014c277b0bac190522a060153fdac9fb4d4c8ffb726777fd2794c7ba350e8849fe8dfd28af4a12bd0db39705de440c15fa362b03dcc15001f1a1115d14e5e2bd274b54be2b845e0fa6c374050aef97c38922b11f77f3bdcd43d4f14ca93fb58b84af64f2d01421
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 3d78d7f9764960b2617df4f01eca862a
-      Version: 3
-      TBS:
-        MD5: 1f056ff7d5f874984dc605402b7cb042
-        SHA1: bdb348353a2203deb4b767914fa1bd7248dd728b
-        SHA256: a08e79c386083d875014c409c13d144e0a24386132980df11ff59737c8489eb1
-        SHA384: fa2729064b49e0d77540c1ee95d5f74acaf8eaf55197851a3a40383335f8113e51190bc48b552196edf8ac5cf0c89278
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    Signer:
-    - SerialNumber: 7c3eead1d01e25d1efe1e3a788d520e8
-      Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
-        Class 3 SHA256 Code Signing CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create atlAccesssys binPath= C:\windows\temp\atlAccesssys.sys
+        type=kernel && sc.exe start atlAccesssys
+    Description: The Carbon Black Threat Analysis Unit (TAU) discovered 34 unique
+        vulnerable drivers (237 file hashes) accepting firmware access. Six allow
+        kernel memory access. All give full control of the devices to non-admin users.
+        By exploiting the vulnerable drivers, an attacker without the system privilege
+        may erase/alter firmware, and/or elevate privileges. As of the time of writing
+        in October 2023, the filenames of the vulnerable drivers have not been made
+        public until now.
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://blogs.vmware.com/security/2023/10/hunting-vulnerable-kernel-drivers.html
-Tags:
-- atlAccess.sys
-Verified: 'TRUE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Company: Windows (R) Win 7 DDK provider
+    Date: ''
+    Description: Simple PCI access driver
+    FileVersion: '6.1.7600.16385 built by: WinDDK'
+    Filename: ''
+    MD5: 08001b0cdb0946433366032827d7a187
+    MachineType: AMD64
+    OriginalFilename: atlAccess.sys
+    Product: Windows (R) Win 7 DDK driver
+    ProductVersion: 6.1.7600.16385
+    Publisher: ''
+    SHA1: 6b54b8f7edca5fb25a8ef1a1d31e14b9738db579
+    SHA256: 0b57569aaa0f4789d9642dd2189b0a82466b80ad32ff35f88127210ed105fe57
+    Signature: ''
+    Imphash: 8b47d6faba90b5c89e27f7119c987e1a
+    Authentihash:
+        MD5: b9bac046427a6f1664a5af4baebd3a61
+        SHA1: c5d83d40db80c87b370af91c67713658c6ae0a79
+        SHA256: c25cb17f5879e9c2fb4c91adb18e24b50a94738d5deb62a4189065bcf2c1d86b
+    RichPEHeaderHash:
+        MD5: ae583efa641b5b3adcd20b1b1f8a468c
+        SHA1: 26b53309451f6cb17ebcd2e6adaf2ff420605f24
+        SHA256: e5fc90cce8f3fbf1937764ed5b2b36b9d7346be931e177172ef52aaa225183f6
+    Sections:
+        .text:
+            Entropy: 5.315744591990343
+            Virtual Size: '0xc24'
+        .rdata:
+            Entropy: 3.9728170876693523
+            Virtual Size: '0x168'
+        .data:
+            Entropy: 0.4975521352521052
+            Virtual Size: '0x11c'
+        .pdata:
+            Entropy: 3.294395845770031
+            Virtual Size: '0x84'
+        INIT:
+            Entropy: 5.075371650679493
+            Virtual Size: '0x2bc'
+        .rsrc:
+            Entropy: 3.4471340230661465
+            Virtual Size: '0x3f8'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2020-03-31 01:35:36'
+    InternalName: atlAccess.sys
+    Copyright: "\xA9 Microsoft Corporation. All rights reserved."
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - MmUnmapLockedPages
+    - ExAllocatePoolWithTag
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - MmUnmapIoSpace
+    - MmBuildMdlForNonPagedPool
+    - IoFreeMdl
+    - MmMapLockedPagesSpecifyCache
+    - MmMapIoSpace
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - RtlAssert
+    - DbgPrint
+    - IoAllocateMdl
+    - KeBugCheckEx
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=US, ST=California, L=San Jose, O=Aquantia Corp., OU=IT, CN=Aquantia
+                Corp.
+            ValidFrom: '2018-11-06 00:00:00'
+            ValidTo: '2020-11-05 23:59:59'
+            Signature: 2853f6902e3ef0c34d9b5ddd86d1901bdf6bbb7d06b17d344e5afbfd7522b748b573f50b07d7445257c2856fef7a0675ede5e062932e8e19987468a99f82716f823667df93d95557151d99ae64920f3c8da868eb4f203518ae04d70c37b5fae1e0763100cef38ed698a93e35411a51a369c41c9eeae26526ea300d85bdf572b14dde2187605ec439badedc0d53c82d0209bf9baeae7dc1db6a2652726f8b9e1ad098647d90a1acbfe7af2db0871cf8ff363aa8551a14e244f4a0fc494c0b8ef2a2b12081813ee59411fbf6705eb9a69a955a2316cf8b962d7be8bce63022e530d817a5863232d3ed01a6b9adf58b0e4bef4a9c12e17942ec806cb2a1405be69d
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 7c3eead1d01e25d1efe1e3a788d520e8
+            Version: 3
+            TBS:
+                MD5: 72de81c11261fe09bcf8e625f61bf119
+                SHA1: 5b1dfe2c24c571c2c5ead9824c2aa2c2cbc2f514
+                SHA256: c0df23f328bcc3055572746dedad7427b548921bf757d8bf59e89ad321f08307
+                SHA384: 0e73dd74284a89d8938530f40031b1838cc58ef25523d585222505d65f1a1d50b47f6c983acd36105c0e62b5e2412b33
+        -   Subject: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 SHA256 Code Signing CA
+            ValidFrom: '2013-12-10 00:00:00'
+            ValidTo: '2023-12-09 23:59:59'
+            Signature: 13851a1e69a937f7a0bda4af7e1d6153fe9d8c5e0ca6751e781723ddfdec1a035539fb7195c7655aa78e30d2445a61db706fda2105c22e73ba49f1d193fe5dc9cd5e03e0899e3f741ed7f7388ba9d6cfbb352f3358a89256d1c84d3b82e6798416fc28b0b147f31da23eee87d9a67fa456a53fad842e29de7cbca8aaa33d0401eaba93a20e502229174c87e43a115fd6a425899b056b2fb4c9014c277b0bac190522a060153fdac9fb4d4c8ffb726777fd2794c7ba350e8849fe8dfd28af4a12bd0db39705de440c15fa362b03dcc15001f1a1115d14e5e2bd274b54be2b845e0fa6c374050aef97c38922b11f77f3bdcd43d4f14ca93fb58b84af64f2d01421
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 3d78d7f9764960b2617df4f01eca862a
+            Version: 3
+            TBS:
+                MD5: 1f056ff7d5f874984dc605402b7cb042
+                SHA1: bdb348353a2203deb4b767914fa1bd7248dd728b
+                SHA256: a08e79c386083d875014c409c13d144e0a24386132980df11ff59737c8489eb1
+                SHA384: fa2729064b49e0d77540c1ee95d5f74acaf8eaf55197851a3a40383335f8113e51190bc48b552196edf8ac5cf0c89278
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        Signer:
+        -   SerialNumber: 7c3eead1d01e25d1efe1e3a788d520e8
+            Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec
+                Class 3 SHA256 Code Signing CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/fbdd993b-47b1-4448-8c41-24c310802398.yaml b/yaml/fbdd993b-47b1-4448-8c41-24c310802398.yaml
index 296d162e7..17dfbd5ab 100644
--- a/yaml/fbdd993b-47b1-4448-8c41-24c310802398.yaml
+++ b/yaml/fbdd993b-47b1-4448-8c41-24c310802398.yaml
@@ -1,711 +1,711 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: fbdd993b-47b1-4448-8c41-24c310802398
+Tags:
+- rwdrv.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create rwdrv.sys binPath=C:\windows\temp\rwdrv.sys type=kernel &&
-    sc.exe start rwdrv.sys
-  Description: This utility access almost all the computer hardware, including PCI
-    (PCI Express), PCI Index/Data, Memory, Memory Index/Data, I/O Space, I/O Index/Data,
-    Super I/O, Clock Generator, DIMM SPD, SMBus Device, CPU MSR Registers, ATA/ATAPI
-    Identify Data, Disk Read Write, ACPI Tables Dump (include AML decode), Embedded
-    Controller, USB Information, SMBIOS Structures, PCI Option ROMs, MP Configuration
-    Table, E820, EDID and Remote Access. And also a Command Window is provided to
-    access hardware manually.
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/ea0b9eecf4ad5ec8c14aec13de7d661e7615018b1a3c65464bf5eca9bbf6ded3.yara
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: fbdd993b-47b1-4448-8c41-24c310802398
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 3cd1454d2308cee5c59b45d5f952e70b
-    SHA1: 2c3b01ff8ce024f70f9daad31ea6c78de54f239b
-    SHA256: acb65f96f1d5c986b52d980a1c5ea009292ff472087fdd8a98a485404948f585
-  Company: RW-Everything
-  Copyright: Copyright (C) 2011 RW-Everything
-  CreationTimestamp: '2013-05-25 07:02:16'
-  Date: ''
-  Description: RwDrv Driver
-  ExportedFunctions: ''
-  FileVersion: '1.00.00.0000 built by: WinDDK'
-  Filename: rwdrv.sys
-  ImportedFunctions:
-  - ObfDereferenceObject
-  - IoUnregisterPlugPlayNotification
-  - ExFreePoolWithTag
-  - MmUnmapIoSpace
-  - MmMapIoSpace
-  - RtlCompareMemory
-  - ExAllocatePoolWithTag
-  - memcpy
-  - memset
-  - MmGetPhysicalAddress
-  - MmAllocateContiguousMemorySpecifyCache
-  - MmFreeContiguousMemorySpecifyCache
-  - IoFreeIrp
-  - IoFreeMdl
-  - MmUnlockPages
-  - RtlInitUnicodeString
-  - IoBuildAsynchronousFsdRequest
-  - KeWaitForSingleObject
-  - IoBuildDeviceIoControlRequest
-  - KeInitializeEvent
-  - RtlQueryRegistryValues
-  - IoFreeWorkItem
-  - IoGetDeviceObjectPointer
-  - ExfInterlockedInsertTailList
-  - IoQueueWorkItem
-  - IoAllocateWorkItem
-  - RtlCopyUnicodeString
-  - IoRegisterPlugPlayNotification
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeTickCount
-  - IoDeleteSymbolicLink
-  - IoDeleteDevice
-  - IofCallDriver
-  - IofCompleteRequest
-  - KfReleaseSpinLock
-  - KeStallExecutionProcessor
-  - KfAcquireSpinLock
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: RwDrv.sys
-  MD5: 257483d5d8b268d0d679956c7acdf02d
-  MachineType: I386
-  MagicHeader: 50 45 0 0
-  OriginalFilename: RwDrv.sys
-  Product: RwDrv Driver
-  ProductVersion: 1.00.00.0000
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: b46f1ecb6dd9d289467b472fef3765ec
-    SHA1: f8005ee6fa960fe7a35064b913dc3faee6733365
-    SHA256: 35e185403f7cb126f3ba88d9baa3bf19e4771fc1b7d2d2a6ce9793e6a5c9ad2e
-  SHA1: fbf8b0613a2f7039aeb9fa09bd3b40c8ff49ded2
-  SHA256: ea0b9eecf4ad5ec8c14aec13de7d661e7615018b1a3c65464bf5eca9bbf6ded3
-  Sections:
-    .text:
-      Entropy: 6.340812423857232
-      Virtual Size: '0x18d2'
-    .rdata:
-      Entropy: 4.805264435636949
-      Virtual Size: '0x12d'
-    .data:
-      Entropy: 3.0
-      Virtual Size: '0x8'
-    INIT:
-      Entropy: 5.668933301784241
-      Virtual Size: '0x5b6'
-    .rsrc:
-      Entropy: 3.2720678524841276
-      Virtual Size: '0x370'
-    .reloc:
-      Entropy: 4.97566742449347
-      Virtual Size: '0x19a'
-  Signature:
-  - ChongKim Chan
-  - GlobalSign CodeSigning CA - G2
-  - GlobalSign Root CA - R1
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=TW, CN=ChongKim Chan
-      ValidFrom: '2012-07-31 20:41:59'
-      ValidTo: '2013-08-01 20:41:59'
-      Signature: 6b86336c2008e3d1a9cb42f4e323c36c782602b06948e63b7cc646ca61b5768677c2cdd5cf24f58d68844079cd6d8e9534b3170a0261fe64ea47971eecf4a84de8174a4a8b5c6ad87894cf5cc8a10ec522db9697504b208442ae34ec6e9a0e85d93470f66374f36c4f1ec3483c136497b2880d8ba4de0342b5aa2c0890ad80e010c8e34ae8792740e677952d3bc05a36a032ab7bbb64051d506f674e0232f66900c8c29dad2df6960012a8bb216f9e83157632545ead40db592c1e7de76f407601b111113e9b087db3e780f21a61e9f7593e96332f0c35162e0900a61c6ba3a88faee64d9fe94cad5705d6d16585603b5bb376161bdcf01b0bb9022bb360aceb
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 11218f56dafd7542d5f3d70b213e2a546cff
-      Version: 3
-      TBS:
-        MD5: b990c61c8edf9e8d0ac6504541be0b65
-        SHA1: 519e011f6cab88c812da20225dd37cc1808d5180
-        SHA256: 5b8b9e8e3ddd3ab7cc1f8531e88d83cb075539bb4473ed348d80a13dc1a4e065
-        SHA384: 98aa58231d0881595c83ab26289a982c0ff7f697e2a30eb1ff3bea3058897a722b67966a665b5a893cb0daa9dc88f93e
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2011-04-15 19:55:08'
-      ValidTo: '2021-04-15 20:05:08'
-      Signature: 5ff8d065746a81c6a6ca5b03b6914ae84bbdef2ba142f0efb4a5adcd3389ec0b9585ac62501108aa58d25aa08310e5a6337af25af2c5fe787cf09c83df190ad97396002dd62ccde914d41d9de83f3c1a76f7904efb01350a6c9313a0c356eb67a0e4d17a96dec267f190f80a7bf5321b94ec5f751f8d1b34da6c58a7cb2d279e2226b7c9aa30cc0777b836e38201b5393ccc8dd9a75f7f23b3877fdb5798918bd7ce2520e39d644fdd87f72b68490318e0a5df7c5f68644d36838d4781f2e9e0a869abfa7b163c05a449ea8830190a6c73055178dfd41ddd3ad47f2de44e54be83431e7a7433b4a4ebd77073bc2a02988966eef6bc8f749378e329025a5a43e258ce7ccf9acad236893be25fda26054ec8d4e72c910e1797c5beee8b13112323294ffa83d050f6bafad53db3173df4ff034aa325dce67561d1fa35086bd62744d068b78d45e0eb852cc8a15d614474160e5958aed2b5eea5bcd6d7076ab62978fd976767dd8d4f17944fd2ed0caf972437c3a29c81da6be143b6577b4cecbf791319e79fe844e94781b75e701e91f83dd17b27f50b7056434805dda92fab86101d0b12e31ad04c6e75ded645b30b748887935c564a41029af7aeb799d8b67f88fa11f2457cf4d71b91c01cf1a0fbd4080a411a142acef4eb34486e66879ed54b7a397fbb0e3d3861cf735706e412066bd96b5308cd7018c22d4f974691bca9f0
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 6129152700000000002a
-      Version: 3
-      TBS:
-        MD5: 0bb058d116f02817737920f112d9fd3b
-        SHA1: fd116235171a4feafedee586b7a59185fb5fd7e6
-        SHA256: f970426cc46d2ae0fc5f899fa19dbe76e05f07e525654c60c3c9399492c291f4
-        SHA384: c0df876be008c26ca407fe904e6f5e7ccded17f9c16830ce9f8022309c9e64c97f494810f152811ae43e223b82ad7cc6
-    Signer:
-    - SerialNumber: 11218f56dafd7542d5f3d70b213e2a546cff
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 176d8e75a27a45e2c6f5d4cceca4d869
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 9c15e4f6f0e218cbaae27bf6952f6303
-    SHA1: e15698840eaa0d72abce8207b4e57966e8c064b2
-    SHA256: b1d0fdfddddfe520afc18b79b18b5eef730f7586639bd05857a41c0d09a9b9e6
-  Company: RW-Everything
-  Copyright: Copyright (C) 2011 RW-Everything
-  CreationTimestamp: '2012-12-26 00:59:05'
-  Date: ''
-  Description: RwDrv Driver
-  ExportedFunctions: ''
-  FileVersion: '1.00.00.0000 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - IoRegisterPlugPlayNotification
-  - MmFreeContiguousMemorySpecifyCache
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - IoFreeWorkItem
-  - KeInitializeEvent
-  - RtlQueryRegistryValues
-  - KeReleaseSpinLock
-  - MmUnmapIoSpace
-  - IoFreeMdl
-  - MmGetPhysicalAddress
-  - IoGetDeviceObjectPointer
-  - IoBuildAsynchronousFsdRequest
-  - ExInterlockedInsertTailList
-  - IoBuildDeviceIoControlRequest
-  - MmMapIoSpace
-  - IoUnregisterPlugPlayNotification
-  - IofCompleteRequest
-  - KeWaitForSingleObject
-  - IoFreeIrp
-  - RtlCompareMemory
-  - MmUnlockPages
-  - IoCreateSymbolicLink
-  - RtlCopyUnicodeString
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - IoQueueWorkItem
-  - MmAllocateContiguousMemorySpecifyCache
-  - IofCallDriver
-  - KeAcquireSpinLockRaiseToDpc
-  - KeBugCheckEx
-  - IoAllocateWorkItem
-  - ExAllocatePoolWithTag
-  - KeStallExecutionProcessor
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: RwDrv.sys
-  MD5: f7a09ac4a91a6390f8d00bf09f53ae37
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: RwDrv.sys
-  PDBPath: ''
-  Product: RwDrv Driver
-  ProductVersion: 1.00.00.0000
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 0b5c9cd3aba44e676db021ef2c00fc45
-    SHA1: 51cce8a4ba776bf947e796c39beed532e3e4bf87
-    SHA256: c2c9369065835fd61a176b79323fbd54eff3e8c28cb32aff70bc05afafe01ec3
-  SHA1: 8031ecbff95f299b53113ccd105582defad38d7b
-  SHA256: d15a0bc7a39bbeff10019496c1ed217b7c1b26da37b2bdd46820b35161ddb3c4
-  Sections:
-    .text:
-      Entropy: 6.335549562375017
-      Virtual Size: '0x2098'
-    .rdata:
-      Entropy: 4.537426592599987
-      Virtual Size: '0x30c'
-    .data:
-      Entropy: 0.46979092711892695
-      Virtual Size: '0x130'
-    .pdata:
-      Entropy: 3.743141584606769
-      Virtual Size: '0x120'
-    INIT:
-      Entropy: 5.458963819105193
-      Virtual Size: '0x6e8'
-    .rsrc:
-      Entropy: 3.2712100257771235
-      Virtual Size: '0x370'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=TW, CN=ChongKim Chan
-      ValidFrom: '2012-07-31 20:41:59'
-      ValidTo: '2013-08-01 20:41:59'
-      Signature: 6b86336c2008e3d1a9cb42f4e323c36c782602b06948e63b7cc646ca61b5768677c2cdd5cf24f58d68844079cd6d8e9534b3170a0261fe64ea47971eecf4a84de8174a4a8b5c6ad87894cf5cc8a10ec522db9697504b208442ae34ec6e9a0e85d93470f66374f36c4f1ec3483c136497b2880d8ba4de0342b5aa2c0890ad80e010c8e34ae8792740e677952d3bc05a36a032ab7bbb64051d506f674e0232f66900c8c29dad2df6960012a8bb216f9e83157632545ead40db592c1e7de76f407601b111113e9b087db3e780f21a61e9f7593e96332f0c35162e0900a61c6ba3a88faee64d9fe94cad5705d6d16585603b5bb376161bdcf01b0bb9022bb360aceb
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 11218f56dafd7542d5f3d70b213e2a546cff
-      Version: 3
-      TBS:
-        MD5: b990c61c8edf9e8d0ac6504541be0b65
-        SHA1: 519e011f6cab88c812da20225dd37cc1808d5180
-        SHA256: 5b8b9e8e3ddd3ab7cc1f8531e88d83cb075539bb4473ed348d80a13dc1a4e065
-        SHA384: 98aa58231d0881595c83ab26289a982c0ff7f697e2a30eb1ff3bea3058897a722b67966a665b5a893cb0daa9dc88f93e
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-10-18 14:38:35'
-      ValidTo: '2022-05-20 14:38:35'
-      Signature: aa3e3f03412f35137f8c3f125c10cfee67557956600f01520f23877a412847e5d36672bb02cfc90c242941c2da2e99e02391efb133473cc2083a069573a21b0ebc3fb7e259f169bef0d3e1188f732de8a39c214040f3cd3ab7018ddc4d94b47a1005507f1b61c582158ae42c4ded3411eb5b6a8959c7def72c84c0b3bd3a98e145288a2195803fc90797f0ff42c11e4284e7b2c7e0a26a99d4f1d4c6fe57c0b93ae7f627700da9e07b4a1395c2c9b9ab6907d94dcc6647424a74a7a76db3a735e87e4baacebdbc939f7dc640a5fcaa1fa8d5d1f07e7fd2e34c56fd4064f0474c510430eaea942f24cae908c5785ba162c91d48879719fa4da578edec04790e36
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 023a64
-      Version: 3
-      TBS:
-        MD5: 1c4eabb6695c77091994554285e367d1
-        SHA1: 01ee4a5386a24a8b6805c4dfcbc5816c38583ce2
-        SHA256: e2ccfe68a71dc3bd439a8ba3934461748dacd7a9aaaa5358bed91a4e654829ad
-        SHA384: 23b294260204c6450aa7a05f438dea1c0974056755bbfc6e69760106e64a934b50b356d1ea2bdedf7562876cf8671c32
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2022-05-19 23:59:59'
-      Signature: 6300328d171f28dc0479c9271984b83668a7751918b24f49ac5d612b8632d00d4dbab57c5eb6d237e8ed5b882cd22961be1f50294a22f91786bd87215bd13c4dbf64c0ba2e9ba610a1f1c48453b08d58f28eaf1219771fadf7bebe812d8e827e70f83996336559a84f7f8b22c9187e5e64e2b9306d06b4b7118c66ba2c2644b98adcb18791b5dcbf14a1dc83a360af295e668a2b0ded9dd03905b9b86f1eb9ba71cc68deb2793a03d688e11d29b334e721d8a30f2b721a42b59e45fadfa72b9dd7f2cd1dc856122f8d9d4dce32c9266164d09a78e52f126a4a440224d85785327fcd598c6b733300a55eabc3f022c0cb08c3e0f7b8b80414ec4aef39f9cfca25
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 7e1fdf7299e8d245a15d0ba8e5b159ba
-      Version: 3
-      TBS:
-        MD5: e451247dadf3cdbd75735f81335ede9a
-        SHA1: 6488fdef17121c59aba8e4d9ee03fed253995625
-        SHA256: 0428cd5afa2e236b4e6d5b767f16d696c3232ad4dae5d5d31800d084937879c3
-        SHA384: 763791c9569bbd8d6c83b1af674b9cac806fca862283d7a0bda0f033de9c9ede9f1ea163251749f9faa7f3ba01662831
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2011-04-15 19:55:08'
-      ValidTo: '2021-04-15 20:05:08'
-      Signature: 5ff8d065746a81c6a6ca5b03b6914ae84bbdef2ba142f0efb4a5adcd3389ec0b9585ac62501108aa58d25aa08310e5a6337af25af2c5fe787cf09c83df190ad97396002dd62ccde914d41d9de83f3c1a76f7904efb01350a6c9313a0c356eb67a0e4d17a96dec267f190f80a7bf5321b94ec5f751f8d1b34da6c58a7cb2d279e2226b7c9aa30cc0777b836e38201b5393ccc8dd9a75f7f23b3877fdb5798918bd7ce2520e39d644fdd87f72b68490318e0a5df7c5f68644d36838d4781f2e9e0a869abfa7b163c05a449ea8830190a6c73055178dfd41ddd3ad47f2de44e54be83431e7a7433b4a4ebd77073bc2a02988966eef6bc8f749378e329025a5a43e258ce7ccf9acad236893be25fda26054ec8d4e72c910e1797c5beee8b13112323294ffa83d050f6bafad53db3173df4ff034aa325dce67561d1fa35086bd62744d068b78d45e0eb852cc8a15d614474160e5958aed2b5eea5bcd6d7076ab62978fd976767dd8d4f17944fd2ed0caf972437c3a29c81da6be143b6577b4cecbf791319e79fe844e94781b75e701e91f83dd17b27f50b7056434805dda92fab86101d0b12e31ad04c6e75ded645b30b748887935c564a41029af7aeb799d8b67f88fa11f2457cf4d71b91c01cf1a0fbd4080a411a142acef4eb34486e66879ed54b7a397fbb0e3d3861cf735706e412066bd96b5308cd7018c22d4f974691bca9f0
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 6129152700000000002a
-      Version: 3
-      TBS:
-        MD5: 0bb058d116f02817737920f112d9fd3b
-        SHA1: fd116235171a4feafedee586b7a59185fb5fd7e6
-        SHA256: f970426cc46d2ae0fc5f899fa19dbe76e05f07e525654c60c3c9399492c291f4
-        SHA384: c0df876be008c26ca407fe904e6f5e7ccded17f9c16830ce9f8022309c9e64c97f494810f152811ae43e223b82ad7cc6
-    Signer:
-    - SerialNumber: 11218f56dafd7542d5f3d70b213e2a546cff
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 955e7b12a8fa06444c68e54026c45de1
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 26e06bbacf3f202b0295342c22e71124
-    SHA1: 53aea389ddaba5c52c577a82e416c8c533d1cd1d
-    SHA256: 21e6d9229f380d5e9591beaa82bd93547f517af90707d7757f0e27ff4731b484
-  Company: RW-Everything
-  Copyright: Copyright (C) 2011 RW-Everything
-  CreationTimestamp: '2012-10-24 01:46:54'
-  Date: ''
-  Description: RwDrv Driver
-  ExportedFunctions: ''
-  FileVersion: '1.00.00.0000 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - IoRegisterPlugPlayNotification
-  - MmFreeContiguousMemorySpecifyCache
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - IoFreeWorkItem
-  - KeInitializeEvent
-  - RtlQueryRegistryValues
-  - KeReleaseSpinLock
-  - MmUnmapIoSpace
-  - IoFreeMdl
-  - MmGetPhysicalAddress
-  - IoGetDeviceObjectPointer
-  - IoBuildAsynchronousFsdRequest
-  - ExInterlockedInsertTailList
-  - IoBuildDeviceIoControlRequest
-  - MmMapIoSpace
-  - IoUnregisterPlugPlayNotification
-  - IofCompleteRequest
-  - KeWaitForSingleObject
-  - IoFreeIrp
-  - RtlCompareMemory
-  - MmUnlockPages
-  - IoCreateSymbolicLink
-  - RtlCopyUnicodeString
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - IoQueueWorkItem
-  - MmAllocateContiguousMemorySpecifyCache
-  - IofCallDriver
-  - KeAcquireSpinLockRaiseToDpc
-  - KeBugCheckEx
-  - IoAllocateWorkItem
-  - ExAllocatePoolWithTag
-  - KeStallExecutionProcessor
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: RwDrv.sys
-  MD5: 1276f735d22cf04676a719edc6b0df18
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: RwDrv.sys
-  PDBPath: ''
-  Product: RwDrv Driver
-  ProductVersion: 1.00.00.0000
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 0b5c9cd3aba44e676db021ef2c00fc45
-    SHA1: 51cce8a4ba776bf947e796c39beed532e3e4bf87
-    SHA256: c2c9369065835fd61a176b79323fbd54eff3e8c28cb32aff70bc05afafe01ec3
-  SHA1: 108575d8f0b98fed29514a54052f7bf5a8cb3ff0
-  SHA256: 83fbf5d46cff38dd1c0f83686708b3bd6a3a73fddd7a2da2b5a3acccd1d9359c
-  Sections:
-    .text:
-      Entropy: 6.339385586617087
-      Virtual Size: '0x1f68'
-    .rdata:
-      Entropy: 4.463483654720896
-      Virtual Size: '0x2f4'
-    .data:
-      Entropy: 0.46979092711892695
-      Virtual Size: '0x130'
-    .pdata:
-      Entropy: 3.7256744210297663
-      Virtual Size: '0x114'
-    INIT:
-      Entropy: 5.457431859650041
-      Virtual Size: '0x6e8'
-    .rsrc:
-      Entropy: 3.270238715581358
-      Virtual Size: '0x370'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G3
-      ValidFrom: '2012-05-01 00:00:00'
-      ValidTo: '2012-12-31 23:59:59'
-      Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
-      Version: 3
-      TBS:
-        MD5: e6d820afb23af20a65cf0b03247ea05e
-        SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
-        SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
-        SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
-    - Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
-      ValidFrom: '2003-12-04 00:00:00'
-      ValidTo: '2013-12-03 23:59:59'
-      Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 47bf1995df8d524643f7db6d480d31a4
-      Version: 3
-      TBS:
-        MD5: 518d2ea8a21e879c942d504824ac211c
-        SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
-        SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
-        SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=TW, CN=ChongKim Chan
-      ValidFrom: '2012-07-31 20:41:59'
-      ValidTo: '2013-08-01 20:41:59'
-      Signature: 6b86336c2008e3d1a9cb42f4e323c36c782602b06948e63b7cc646ca61b5768677c2cdd5cf24f58d68844079cd6d8e9534b3170a0261fe64ea47971eecf4a84de8174a4a8b5c6ad87894cf5cc8a10ec522db9697504b208442ae34ec6e9a0e85d93470f66374f36c4f1ec3483c136497b2880d8ba4de0342b5aa2c0890ad80e010c8e34ae8792740e677952d3bc05a36a032ab7bbb64051d506f674e0232f66900c8c29dad2df6960012a8bb216f9e83157632545ead40db592c1e7de76f407601b111113e9b087db3e780f21a61e9f7593e96332f0c35162e0900a61c6ba3a88faee64d9fe94cad5705d6d16585603b5bb376161bdcf01b0bb9022bb360aceb
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 11218f56dafd7542d5f3d70b213e2a546cff
-      Version: 3
-      TBS:
-        MD5: b990c61c8edf9e8d0ac6504541be0b65
-        SHA1: 519e011f6cab88c812da20225dd37cc1808d5180
-        SHA256: 5b8b9e8e3ddd3ab7cc1f8531e88d83cb075539bb4473ed348d80a13dc1a4e065
-        SHA384: 98aa58231d0881595c83ab26289a982c0ff7f697e2a30eb1ff3bea3058897a722b67966a665b5a893cb0daa9dc88f93e
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2011-04-15 19:55:08'
-      ValidTo: '2021-04-15 20:05:08'
-      Signature: 5ff8d065746a81c6a6ca5b03b6914ae84bbdef2ba142f0efb4a5adcd3389ec0b9585ac62501108aa58d25aa08310e5a6337af25af2c5fe787cf09c83df190ad97396002dd62ccde914d41d9de83f3c1a76f7904efb01350a6c9313a0c356eb67a0e4d17a96dec267f190f80a7bf5321b94ec5f751f8d1b34da6c58a7cb2d279e2226b7c9aa30cc0777b836e38201b5393ccc8dd9a75f7f23b3877fdb5798918bd7ce2520e39d644fdd87f72b68490318e0a5df7c5f68644d36838d4781f2e9e0a869abfa7b163c05a449ea8830190a6c73055178dfd41ddd3ad47f2de44e54be83431e7a7433b4a4ebd77073bc2a02988966eef6bc8f749378e329025a5a43e258ce7ccf9acad236893be25fda26054ec8d4e72c910e1797c5beee8b13112323294ffa83d050f6bafad53db3173df4ff034aa325dce67561d1fa35086bd62744d068b78d45e0eb852cc8a15d614474160e5958aed2b5eea5bcd6d7076ab62978fd976767dd8d4f17944fd2ed0caf972437c3a29c81da6be143b6577b4cecbf791319e79fe844e94781b75e701e91f83dd17b27f50b7056434805dda92fab86101d0b12e31ad04c6e75ded645b30b748887935c564a41029af7aeb799d8b67f88fa11f2457cf4d71b91c01cf1a0fbd4080a411a142acef4eb34486e66879ed54b7a397fbb0e3d3861cf735706e412066bd96b5308cd7018c22d4f974691bca9f0
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 6129152700000000002a
-      Version: 3
-      TBS:
-        MD5: 0bb058d116f02817737920f112d9fd3b
-        SHA1: fd116235171a4feafedee586b7a59185fb5fd7e6
-        SHA256: f970426cc46d2ae0fc5f899fa19dbe76e05f07e525654c60c3c9399492c291f4
-        SHA384: c0df876be008c26ca407fe904e6f5e7ccded17f9c16830ce9f8022309c9e64c97f494810f152811ae43e223b82ad7cc6
-    Signer:
-    - SerialNumber: 11218f56dafd7542d5f3d70b213e2a546cff
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 955e7b12a8fa06444c68e54026c45de1
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: d82a89cc750ae680af9f463b1b4ec8d9
-    SHA1: 3b61791f361c785019347cff13712400198c9364
-    SHA256: 1997e2a6302f3196975f858fef63188a249f79b6c2982d31ae07405e8aada58f
-  Company: RW-Everything
-  Copyright: Copyright (C) 2011 RW-Everything
-  CreationTimestamp: '2013-05-01 21:59:34'
-  Date: ''
-  Description: RwDrv Driver
-  ExportedFunctions: ''
-  FileVersion: '1.00.00.0000 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - IoRegisterPlugPlayNotification
-  - MmFreeContiguousMemorySpecifyCache
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - IoFreeWorkItem
-  - KeInitializeEvent
-  - RtlQueryRegistryValues
-  - KeReleaseSpinLock
-  - MmUnmapIoSpace
-  - IoFreeMdl
-  - MmGetPhysicalAddress
-  - IoGetDeviceObjectPointer
-  - IoBuildAsynchronousFsdRequest
-  - ExInterlockedInsertTailList
-  - IoAllocateWorkItem
-  - IoBuildDeviceIoControlRequest
-  - IoUnregisterPlugPlayNotification
-  - IofCompleteRequest
-  - KeWaitForSingleObject
-  - IoFreeIrp
-  - RtlCompareMemory
-  - MmUnlockPages
-  - IoCreateSymbolicLink
-  - RtlCopyUnicodeString
-  - ObfDereferenceObject
-  - IoCreateDevice
-  - IoQueueWorkItem
-  - RtlAssert
-  - MmAllocateContiguousMemorySpecifyCache
-  - DbgPrint
-  - IofCallDriver
-  - KeAcquireSpinLockRaiseToDpc
-  - KeBugCheckEx
-  - MmMapIoSpace
-  - ExAllocatePoolWithTag
-  - KeStallExecutionProcessor
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: RwDrv.sys
-  MD5: 9650db2ef0a44984845841ab24972ced
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: RwDrv.sys
-  PDBPath: ''
-  Product: RwDrv Driver
-  ProductVersion: 1.00.00.0000
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 34f9ee05d0625423a967fe59af07b3b7
-    SHA1: 977c80038c9a4ea1b19a46fbaf339efa52332028
-    SHA256: 7ab534cf1988576feaa977b3906d1f22777b8a1bbb0b27345834b4d37d1fabb8
-  SHA1: 9d191bee98f0af4969a26113098e3ea85483ae2d
-  SHA256: bdcacb9f373b017d0905845292bca2089feb0900ce80e78df1bcaae8328ce042
-  Sections:
-    .text:
-      Entropy: 5.5452107521100436
-      Virtual Size: '0x3948'
-    .rdata:
-      Entropy: 4.069864946156118
-      Virtual Size: '0x2bc'
-    .data:
-      Entropy: 0.46979092711892695
-      Virtual Size: '0x130'
-    .pdata:
-      Entropy: 3.8809705707794
-      Virtual Size: '0x1d4'
-    INIT:
-      Entropy: 5.490832644719796
-      Virtual Size: '0x790'
-    .rsrc:
-      Entropy: 3.271210025777123
-      Virtual Size: '0x370'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      ValidFrom: '2011-04-13 10:00:00'
-      ValidTo: '2019-04-13 10:00:00'
-      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0400000000012f4ee1355c
-      Version: 3
-      TBS:
-        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
-        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
-        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
-        SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
-    - Subject: C=TW, CN=ChongKim Chan
-      ValidFrom: '2012-07-31 20:41:59'
-      ValidTo: '2013-08-01 20:41:59'
-      Signature: 6b86336c2008e3d1a9cb42f4e323c36c782602b06948e63b7cc646ca61b5768677c2cdd5cf24f58d68844079cd6d8e9534b3170a0261fe64ea47971eecf4a84de8174a4a8b5c6ad87894cf5cc8a10ec522db9697504b208442ae34ec6e9a0e85d93470f66374f36c4f1ec3483c136497b2880d8ba4de0342b5aa2c0890ad80e010c8e34ae8792740e677952d3bc05a36a032ab7bbb64051d506f674e0232f66900c8c29dad2df6960012a8bb216f9e83157632545ead40db592c1e7de76f407601b111113e9b087db3e780f21a61e9f7593e96332f0c35162e0900a61c6ba3a88faee64d9fe94cad5705d6d16585603b5bb376161bdcf01b0bb9022bb360aceb
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 11218f56dafd7542d5f3d70b213e2a546cff
-      Version: 3
-      TBS:
-        MD5: b990c61c8edf9e8d0ac6504541be0b65
-        SHA1: 519e011f6cab88c812da20225dd37cc1808d5180
-        SHA256: 5b8b9e8e3ddd3ab7cc1f8531e88d83cb075539bb4473ed348d80a13dc1a4e065
-        SHA384: 98aa58231d0881595c83ab26289a982c0ff7f697e2a30eb1ff3bea3058897a722b67966a665b5a893cb0daa9dc88f93e
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
-      ValidFrom: '2011-04-15 19:55:08'
-      ValidTo: '2021-04-15 20:05:08'
-      Signature: 5ff8d065746a81c6a6ca5b03b6914ae84bbdef2ba142f0efb4a5adcd3389ec0b9585ac62501108aa58d25aa08310e5a6337af25af2c5fe787cf09c83df190ad97396002dd62ccde914d41d9de83f3c1a76f7904efb01350a6c9313a0c356eb67a0e4d17a96dec267f190f80a7bf5321b94ec5f751f8d1b34da6c58a7cb2d279e2226b7c9aa30cc0777b836e38201b5393ccc8dd9a75f7f23b3877fdb5798918bd7ce2520e39d644fdd87f72b68490318e0a5df7c5f68644d36838d4781f2e9e0a869abfa7b163c05a449ea8830190a6c73055178dfd41ddd3ad47f2de44e54be83431e7a7433b4a4ebd77073bc2a02988966eef6bc8f749378e329025a5a43e258ce7ccf9acad236893be25fda26054ec8d4e72c910e1797c5beee8b13112323294ffa83d050f6bafad53db3173df4ff034aa325dce67561d1fa35086bd62744d068b78d45e0eb852cc8a15d614474160e5958aed2b5eea5bcd6d7076ab62978fd976767dd8d4f17944fd2ed0caf972437c3a29c81da6be143b6577b4cecbf791319e79fe844e94781b75e701e91f83dd17b27f50b7056434805dda92fab86101d0b12e31ad04c6e75ded645b30b748887935c564a41029af7aeb799d8b67f88fa11f2457cf4d71b91c01cf1a0fbd4080a411a142acef4eb34486e66879ed54b7a397fbb0e3d3861cf735706e412066bd96b5308cd7018c22d4f974691bca9f0
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 6129152700000000002a
-      Version: 3
-      TBS:
-        MD5: 0bb058d116f02817737920f112d9fd3b
-        SHA1: fd116235171a4feafedee586b7a59185fb5fd7e6
-        SHA256: f970426cc46d2ae0fc5f899fa19dbe76e05f07e525654c60c3c9399492c291f4
-        SHA384: c0df876be008c26ca407fe904e6f5e7ccded17f9c16830ce9f8022309c9e64c97f494810f152811ae43e223b82ad7cc6
-    Signer:
-    - SerialNumber: 11218f56dafd7542d5f3d70b213e2a546cff
-      Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
-      Version: 1
-  Imphash: 6f0b9814da4da038669c47e77c2f268f
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create rwdrv.sys binPath=C:\windows\temp\rwdrv.sys type=kernel
+        && sc.exe start rwdrv.sys
+    Description: This utility access almost all the computer hardware, including PCI
+        (PCI Express), PCI Index/Data, Memory, Memory Index/Data, I/O Space, I/O Index/Data,
+        Super I/O, Clock Generator, DIMM SPD, SMBus Device, CPU MSR Registers, ATA/ATAPI
+        Identify Data, Disk Read Write, ACPI Tables Dump (include AML decode), Embedded
+        Controller, USB Information, SMBIOS Structures, PCI Option ROMs, MP Configuration
+        Table, E820, EDID and Remote Access. And also a Command Window is provided
+        to access hardware manually.
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://github.com/jbaines-r7/dellicious
 - https://www.rapid7.com/blog/post/2021/12/13/driver-based-attacks-past-and-present/
 - http://rweverything.com/
-Tags:
-- rwdrv.sys
-Verified: 'TRUE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/ea0b9eecf4ad5ec8c14aec13de7d661e7615018b1a3c65464bf5eca9bbf6ded3.yara
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 3cd1454d2308cee5c59b45d5f952e70b
+        SHA1: 2c3b01ff8ce024f70f9daad31ea6c78de54f239b
+        SHA256: acb65f96f1d5c986b52d980a1c5ea009292ff472087fdd8a98a485404948f585
+    Company: RW-Everything
+    Copyright: Copyright (C) 2011 RW-Everything
+    CreationTimestamp: '2013-05-25 07:02:16'
+    Date: ''
+    Description: RwDrv Driver
+    ExportedFunctions: ''
+    FileVersion: '1.00.00.0000 built by: WinDDK'
+    Filename: rwdrv.sys
+    ImportedFunctions:
+    - ObfDereferenceObject
+    - IoUnregisterPlugPlayNotification
+    - ExFreePoolWithTag
+    - MmUnmapIoSpace
+    - MmMapIoSpace
+    - RtlCompareMemory
+    - ExAllocatePoolWithTag
+    - memcpy
+    - memset
+    - MmGetPhysicalAddress
+    - MmAllocateContiguousMemorySpecifyCache
+    - MmFreeContiguousMemorySpecifyCache
+    - IoFreeIrp
+    - IoFreeMdl
+    - MmUnlockPages
+    - RtlInitUnicodeString
+    - IoBuildAsynchronousFsdRequest
+    - KeWaitForSingleObject
+    - IoBuildDeviceIoControlRequest
+    - KeInitializeEvent
+    - RtlQueryRegistryValues
+    - IoFreeWorkItem
+    - IoGetDeviceObjectPointer
+    - ExfInterlockedInsertTailList
+    - IoQueueWorkItem
+    - IoAllocateWorkItem
+    - RtlCopyUnicodeString
+    - IoRegisterPlugPlayNotification
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeTickCount
+    - IoDeleteSymbolicLink
+    - IoDeleteDevice
+    - IofCallDriver
+    - IofCompleteRequest
+    - KfReleaseSpinLock
+    - KeStallExecutionProcessor
+    - KfAcquireSpinLock
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: RwDrv.sys
+    MD5: 257483d5d8b268d0d679956c7acdf02d
+    MachineType: I386
+    MagicHeader: 50 45 0 0
+    OriginalFilename: RwDrv.sys
+    Product: RwDrv Driver
+    ProductVersion: 1.00.00.0000
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: b46f1ecb6dd9d289467b472fef3765ec
+        SHA1: f8005ee6fa960fe7a35064b913dc3faee6733365
+        SHA256: 35e185403f7cb126f3ba88d9baa3bf19e4771fc1b7d2d2a6ce9793e6a5c9ad2e
+    SHA1: fbf8b0613a2f7039aeb9fa09bd3b40c8ff49ded2
+    SHA256: ea0b9eecf4ad5ec8c14aec13de7d661e7615018b1a3c65464bf5eca9bbf6ded3
+    Sections:
+        .text:
+            Entropy: 6.340812423857232
+            Virtual Size: '0x18d2'
+        .rdata:
+            Entropy: 4.805264435636949
+            Virtual Size: '0x12d'
+        .data:
+            Entropy: 3.0
+            Virtual Size: '0x8'
+        INIT:
+            Entropy: 5.668933301784241
+            Virtual Size: '0x5b6'
+        .rsrc:
+            Entropy: 3.2720678524841276
+            Virtual Size: '0x370'
+        .reloc:
+            Entropy: 4.97566742449347
+            Virtual Size: '0x19a'
+    Signature:
+    - ChongKim Chan
+    - GlobalSign CodeSigning CA - G2
+    - GlobalSign Root CA - R1
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=TW, CN=ChongKim Chan
+            ValidFrom: '2012-07-31 20:41:59'
+            ValidTo: '2013-08-01 20:41:59'
+            Signature: 6b86336c2008e3d1a9cb42f4e323c36c782602b06948e63b7cc646ca61b5768677c2cdd5cf24f58d68844079cd6d8e9534b3170a0261fe64ea47971eecf4a84de8174a4a8b5c6ad87894cf5cc8a10ec522db9697504b208442ae34ec6e9a0e85d93470f66374f36c4f1ec3483c136497b2880d8ba4de0342b5aa2c0890ad80e010c8e34ae8792740e677952d3bc05a36a032ab7bbb64051d506f674e0232f66900c8c29dad2df6960012a8bb216f9e83157632545ead40db592c1e7de76f407601b111113e9b087db3e780f21a61e9f7593e96332f0c35162e0900a61c6ba3a88faee64d9fe94cad5705d6d16585603b5bb376161bdcf01b0bb9022bb360aceb
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 11218f56dafd7542d5f3d70b213e2a546cff
+            Version: 3
+            TBS:
+                MD5: b990c61c8edf9e8d0ac6504541be0b65
+                SHA1: 519e011f6cab88c812da20225dd37cc1808d5180
+                SHA256: 5b8b9e8e3ddd3ab7cc1f8531e88d83cb075539bb4473ed348d80a13dc1a4e065
+                SHA384: 98aa58231d0881595c83ab26289a982c0ff7f697e2a30eb1ff3bea3058897a722b67966a665b5a893cb0daa9dc88f93e
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2011-04-15 19:55:08'
+            ValidTo: '2021-04-15 20:05:08'
+            Signature: 5ff8d065746a81c6a6ca5b03b6914ae84bbdef2ba142f0efb4a5adcd3389ec0b9585ac62501108aa58d25aa08310e5a6337af25af2c5fe787cf09c83df190ad97396002dd62ccde914d41d9de83f3c1a76f7904efb01350a6c9313a0c356eb67a0e4d17a96dec267f190f80a7bf5321b94ec5f751f8d1b34da6c58a7cb2d279e2226b7c9aa30cc0777b836e38201b5393ccc8dd9a75f7f23b3877fdb5798918bd7ce2520e39d644fdd87f72b68490318e0a5df7c5f68644d36838d4781f2e9e0a869abfa7b163c05a449ea8830190a6c73055178dfd41ddd3ad47f2de44e54be83431e7a7433b4a4ebd77073bc2a02988966eef6bc8f749378e329025a5a43e258ce7ccf9acad236893be25fda26054ec8d4e72c910e1797c5beee8b13112323294ffa83d050f6bafad53db3173df4ff034aa325dce67561d1fa35086bd62744d068b78d45e0eb852cc8a15d614474160e5958aed2b5eea5bcd6d7076ab62978fd976767dd8d4f17944fd2ed0caf972437c3a29c81da6be143b6577b4cecbf791319e79fe844e94781b75e701e91f83dd17b27f50b7056434805dda92fab86101d0b12e31ad04c6e75ded645b30b748887935c564a41029af7aeb799d8b67f88fa11f2457cf4d71b91c01cf1a0fbd4080a411a142acef4eb34486e66879ed54b7a397fbb0e3d3861cf735706e412066bd96b5308cd7018c22d4f974691bca9f0
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 6129152700000000002a
+            Version: 3
+            TBS:
+                MD5: 0bb058d116f02817737920f112d9fd3b
+                SHA1: fd116235171a4feafedee586b7a59185fb5fd7e6
+                SHA256: f970426cc46d2ae0fc5f899fa19dbe76e05f07e525654c60c3c9399492c291f4
+                SHA384: c0df876be008c26ca407fe904e6f5e7ccded17f9c16830ce9f8022309c9e64c97f494810f152811ae43e223b82ad7cc6
+        Signer:
+        -   SerialNumber: 11218f56dafd7542d5f3d70b213e2a546cff
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 176d8e75a27a45e2c6f5d4cceca4d869
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 9c15e4f6f0e218cbaae27bf6952f6303
+        SHA1: e15698840eaa0d72abce8207b4e57966e8c064b2
+        SHA256: b1d0fdfddddfe520afc18b79b18b5eef730f7586639bd05857a41c0d09a9b9e6
+    Company: RW-Everything
+    Copyright: Copyright (C) 2011 RW-Everything
+    CreationTimestamp: '2012-12-26 00:59:05'
+    Date: ''
+    Description: RwDrv Driver
+    ExportedFunctions: ''
+    FileVersion: '1.00.00.0000 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - IoRegisterPlugPlayNotification
+    - MmFreeContiguousMemorySpecifyCache
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - IoFreeWorkItem
+    - KeInitializeEvent
+    - RtlQueryRegistryValues
+    - KeReleaseSpinLock
+    - MmUnmapIoSpace
+    - IoFreeMdl
+    - MmGetPhysicalAddress
+    - IoGetDeviceObjectPointer
+    - IoBuildAsynchronousFsdRequest
+    - ExInterlockedInsertTailList
+    - IoBuildDeviceIoControlRequest
+    - MmMapIoSpace
+    - IoUnregisterPlugPlayNotification
+    - IofCompleteRequest
+    - KeWaitForSingleObject
+    - IoFreeIrp
+    - RtlCompareMemory
+    - MmUnlockPages
+    - IoCreateSymbolicLink
+    - RtlCopyUnicodeString
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - IoQueueWorkItem
+    - MmAllocateContiguousMemorySpecifyCache
+    - IofCallDriver
+    - KeAcquireSpinLockRaiseToDpc
+    - KeBugCheckEx
+    - IoAllocateWorkItem
+    - ExAllocatePoolWithTag
+    - KeStallExecutionProcessor
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: RwDrv.sys
+    MD5: f7a09ac4a91a6390f8d00bf09f53ae37
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: RwDrv.sys
+    PDBPath: ''
+    Product: RwDrv Driver
+    ProductVersion: 1.00.00.0000
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 0b5c9cd3aba44e676db021ef2c00fc45
+        SHA1: 51cce8a4ba776bf947e796c39beed532e3e4bf87
+        SHA256: c2c9369065835fd61a176b79323fbd54eff3e8c28cb32aff70bc05afafe01ec3
+    SHA1: 8031ecbff95f299b53113ccd105582defad38d7b
+    SHA256: d15a0bc7a39bbeff10019496c1ed217b7c1b26da37b2bdd46820b35161ddb3c4
+    Sections:
+        .text:
+            Entropy: 6.335549562375017
+            Virtual Size: '0x2098'
+        .rdata:
+            Entropy: 4.537426592599987
+            Virtual Size: '0x30c'
+        .data:
+            Entropy: 0.46979092711892695
+            Virtual Size: '0x130'
+        .pdata:
+            Entropy: 3.743141584606769
+            Virtual Size: '0x120'
+        INIT:
+            Entropy: 5.458963819105193
+            Virtual Size: '0x6e8'
+        .rsrc:
+            Entropy: 3.2712100257771235
+            Virtual Size: '0x370'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=TW, CN=ChongKim Chan
+            ValidFrom: '2012-07-31 20:41:59'
+            ValidTo: '2013-08-01 20:41:59'
+            Signature: 6b86336c2008e3d1a9cb42f4e323c36c782602b06948e63b7cc646ca61b5768677c2cdd5cf24f58d68844079cd6d8e9534b3170a0261fe64ea47971eecf4a84de8174a4a8b5c6ad87894cf5cc8a10ec522db9697504b208442ae34ec6e9a0e85d93470f66374f36c4f1ec3483c136497b2880d8ba4de0342b5aa2c0890ad80e010c8e34ae8792740e677952d3bc05a36a032ab7bbb64051d506f674e0232f66900c8c29dad2df6960012a8bb216f9e83157632545ead40db592c1e7de76f407601b111113e9b087db3e780f21a61e9f7593e96332f0c35162e0900a61c6ba3a88faee64d9fe94cad5705d6d16585603b5bb376161bdcf01b0bb9022bb360aceb
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 11218f56dafd7542d5f3d70b213e2a546cff
+            Version: 3
+            TBS:
+                MD5: b990c61c8edf9e8d0ac6504541be0b65
+                SHA1: 519e011f6cab88c812da20225dd37cc1808d5180
+                SHA256: 5b8b9e8e3ddd3ab7cc1f8531e88d83cb075539bb4473ed348d80a13dc1a4e065
+                SHA384: 98aa58231d0881595c83ab26289a982c0ff7f697e2a30eb1ff3bea3058897a722b67966a665b5a893cb0daa9dc88f93e
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-10-18 14:38:35'
+            ValidTo: '2022-05-20 14:38:35'
+            Signature: aa3e3f03412f35137f8c3f125c10cfee67557956600f01520f23877a412847e5d36672bb02cfc90c242941c2da2e99e02391efb133473cc2083a069573a21b0ebc3fb7e259f169bef0d3e1188f732de8a39c214040f3cd3ab7018ddc4d94b47a1005507f1b61c582158ae42c4ded3411eb5b6a8959c7def72c84c0b3bd3a98e145288a2195803fc90797f0ff42c11e4284e7b2c7e0a26a99d4f1d4c6fe57c0b93ae7f627700da9e07b4a1395c2c9b9ab6907d94dcc6647424a74a7a76db3a735e87e4baacebdbc939f7dc640a5fcaa1fa8d5d1f07e7fd2e34c56fd4064f0474c510430eaea942f24cae908c5785ba162c91d48879719fa4da578edec04790e36
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 023a64
+            Version: 3
+            TBS:
+                MD5: 1c4eabb6695c77091994554285e367d1
+                SHA1: 01ee4a5386a24a8b6805c4dfcbc5816c38583ce2
+                SHA256: e2ccfe68a71dc3bd439a8ba3934461748dacd7a9aaaa5358bed91a4e654829ad
+                SHA384: 23b294260204c6450aa7a05f438dea1c0974056755bbfc6e69760106e64a934b50b356d1ea2bdedf7562876cf8671c32
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2022-05-19 23:59:59'
+            Signature: 6300328d171f28dc0479c9271984b83668a7751918b24f49ac5d612b8632d00d4dbab57c5eb6d237e8ed5b882cd22961be1f50294a22f91786bd87215bd13c4dbf64c0ba2e9ba610a1f1c48453b08d58f28eaf1219771fadf7bebe812d8e827e70f83996336559a84f7f8b22c9187e5e64e2b9306d06b4b7118c66ba2c2644b98adcb18791b5dcbf14a1dc83a360af295e668a2b0ded9dd03905b9b86f1eb9ba71cc68deb2793a03d688e11d29b334e721d8a30f2b721a42b59e45fadfa72b9dd7f2cd1dc856122f8d9d4dce32c9266164d09a78e52f126a4a440224d85785327fcd598c6b733300a55eabc3f022c0cb08c3e0f7b8b80414ec4aef39f9cfca25
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 7e1fdf7299e8d245a15d0ba8e5b159ba
+            Version: 3
+            TBS:
+                MD5: e451247dadf3cdbd75735f81335ede9a
+                SHA1: 6488fdef17121c59aba8e4d9ee03fed253995625
+                SHA256: 0428cd5afa2e236b4e6d5b767f16d696c3232ad4dae5d5d31800d084937879c3
+                SHA384: 763791c9569bbd8d6c83b1af674b9cac806fca862283d7a0bda0f033de9c9ede9f1ea163251749f9faa7f3ba01662831
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2011-04-15 19:55:08'
+            ValidTo: '2021-04-15 20:05:08'
+            Signature: 5ff8d065746a81c6a6ca5b03b6914ae84bbdef2ba142f0efb4a5adcd3389ec0b9585ac62501108aa58d25aa08310e5a6337af25af2c5fe787cf09c83df190ad97396002dd62ccde914d41d9de83f3c1a76f7904efb01350a6c9313a0c356eb67a0e4d17a96dec267f190f80a7bf5321b94ec5f751f8d1b34da6c58a7cb2d279e2226b7c9aa30cc0777b836e38201b5393ccc8dd9a75f7f23b3877fdb5798918bd7ce2520e39d644fdd87f72b68490318e0a5df7c5f68644d36838d4781f2e9e0a869abfa7b163c05a449ea8830190a6c73055178dfd41ddd3ad47f2de44e54be83431e7a7433b4a4ebd77073bc2a02988966eef6bc8f749378e329025a5a43e258ce7ccf9acad236893be25fda26054ec8d4e72c910e1797c5beee8b13112323294ffa83d050f6bafad53db3173df4ff034aa325dce67561d1fa35086bd62744d068b78d45e0eb852cc8a15d614474160e5958aed2b5eea5bcd6d7076ab62978fd976767dd8d4f17944fd2ed0caf972437c3a29c81da6be143b6577b4cecbf791319e79fe844e94781b75e701e91f83dd17b27f50b7056434805dda92fab86101d0b12e31ad04c6e75ded645b30b748887935c564a41029af7aeb799d8b67f88fa11f2457cf4d71b91c01cf1a0fbd4080a411a142acef4eb34486e66879ed54b7a397fbb0e3d3861cf735706e412066bd96b5308cd7018c22d4f974691bca9f0
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 6129152700000000002a
+            Version: 3
+            TBS:
+                MD5: 0bb058d116f02817737920f112d9fd3b
+                SHA1: fd116235171a4feafedee586b7a59185fb5fd7e6
+                SHA256: f970426cc46d2ae0fc5f899fa19dbe76e05f07e525654c60c3c9399492c291f4
+                SHA384: c0df876be008c26ca407fe904e6f5e7ccded17f9c16830ce9f8022309c9e64c97f494810f152811ae43e223b82ad7cc6
+        Signer:
+        -   SerialNumber: 11218f56dafd7542d5f3d70b213e2a546cff
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 955e7b12a8fa06444c68e54026c45de1
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 26e06bbacf3f202b0295342c22e71124
+        SHA1: 53aea389ddaba5c52c577a82e416c8c533d1cd1d
+        SHA256: 21e6d9229f380d5e9591beaa82bd93547f517af90707d7757f0e27ff4731b484
+    Company: RW-Everything
+    Copyright: Copyright (C) 2011 RW-Everything
+    CreationTimestamp: '2012-10-24 01:46:54'
+    Date: ''
+    Description: RwDrv Driver
+    ExportedFunctions: ''
+    FileVersion: '1.00.00.0000 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - IoRegisterPlugPlayNotification
+    - MmFreeContiguousMemorySpecifyCache
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - IoFreeWorkItem
+    - KeInitializeEvent
+    - RtlQueryRegistryValues
+    - KeReleaseSpinLock
+    - MmUnmapIoSpace
+    - IoFreeMdl
+    - MmGetPhysicalAddress
+    - IoGetDeviceObjectPointer
+    - IoBuildAsynchronousFsdRequest
+    - ExInterlockedInsertTailList
+    - IoBuildDeviceIoControlRequest
+    - MmMapIoSpace
+    - IoUnregisterPlugPlayNotification
+    - IofCompleteRequest
+    - KeWaitForSingleObject
+    - IoFreeIrp
+    - RtlCompareMemory
+    - MmUnlockPages
+    - IoCreateSymbolicLink
+    - RtlCopyUnicodeString
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - IoQueueWorkItem
+    - MmAllocateContiguousMemorySpecifyCache
+    - IofCallDriver
+    - KeAcquireSpinLockRaiseToDpc
+    - KeBugCheckEx
+    - IoAllocateWorkItem
+    - ExAllocatePoolWithTag
+    - KeStallExecutionProcessor
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: RwDrv.sys
+    MD5: 1276f735d22cf04676a719edc6b0df18
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: RwDrv.sys
+    PDBPath: ''
+    Product: RwDrv Driver
+    ProductVersion: 1.00.00.0000
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 0b5c9cd3aba44e676db021ef2c00fc45
+        SHA1: 51cce8a4ba776bf947e796c39beed532e3e4bf87
+        SHA256: c2c9369065835fd61a176b79323fbd54eff3e8c28cb32aff70bc05afafe01ec3
+    SHA1: 108575d8f0b98fed29514a54052f7bf5a8cb3ff0
+    SHA256: 83fbf5d46cff38dd1c0f83686708b3bd6a3a73fddd7a2da2b5a3acccd1d9359c
+    Sections:
+        .text:
+            Entropy: 6.339385586617087
+            Virtual Size: '0x1f68'
+        .rdata:
+            Entropy: 4.463483654720896
+            Virtual Size: '0x2f4'
+        .data:
+            Entropy: 0.46979092711892695
+            Virtual Size: '0x130'
+        .pdata:
+            Entropy: 3.7256744210297663
+            Virtual Size: '0x114'
+        INIT:
+            Entropy: 5.457431859650041
+            Virtual Size: '0x6e8'
+        .rsrc:
+            Entropy: 3.270238715581358
+            Virtual Size: '0x370'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G3
+            ValidFrom: '2012-05-01 00:00:00'
+            ValidTo: '2012-12-31 23:59:59'
+            Signature: 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 79a2a585f9d1154213d9b83ef6b68ded
+            Version: 3
+            TBS:
+                MD5: e6d820afb23af20a65cf0b03247ea05e
+                SHA1: 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7
+                SHA256: 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27
+                SHA384: 7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa
+        -   Subject: C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
+            ValidFrom: '2003-12-04 00:00:00'
+            ValidTo: '2013-12-03 23:59:59'
+            Signature: 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 47bf1995df8d524643f7db6d480d31a4
+            Version: 3
+            TBS:
+                MD5: 518d2ea8a21e879c942d504824ac211c
+                SHA1: 21ce87d827077e61abddf2beba69fde5432ea031
+                SHA256: 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
+                SHA384: 53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=TW, CN=ChongKim Chan
+            ValidFrom: '2012-07-31 20:41:59'
+            ValidTo: '2013-08-01 20:41:59'
+            Signature: 6b86336c2008e3d1a9cb42f4e323c36c782602b06948e63b7cc646ca61b5768677c2cdd5cf24f58d68844079cd6d8e9534b3170a0261fe64ea47971eecf4a84de8174a4a8b5c6ad87894cf5cc8a10ec522db9697504b208442ae34ec6e9a0e85d93470f66374f36c4f1ec3483c136497b2880d8ba4de0342b5aa2c0890ad80e010c8e34ae8792740e677952d3bc05a36a032ab7bbb64051d506f674e0232f66900c8c29dad2df6960012a8bb216f9e83157632545ead40db592c1e7de76f407601b111113e9b087db3e780f21a61e9f7593e96332f0c35162e0900a61c6ba3a88faee64d9fe94cad5705d6d16585603b5bb376161bdcf01b0bb9022bb360aceb
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 11218f56dafd7542d5f3d70b213e2a546cff
+            Version: 3
+            TBS:
+                MD5: b990c61c8edf9e8d0ac6504541be0b65
+                SHA1: 519e011f6cab88c812da20225dd37cc1808d5180
+                SHA256: 5b8b9e8e3ddd3ab7cc1f8531e88d83cb075539bb4473ed348d80a13dc1a4e065
+                SHA384: 98aa58231d0881595c83ab26289a982c0ff7f697e2a30eb1ff3bea3058897a722b67966a665b5a893cb0daa9dc88f93e
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2011-04-15 19:55:08'
+            ValidTo: '2021-04-15 20:05:08'
+            Signature: 5ff8d065746a81c6a6ca5b03b6914ae84bbdef2ba142f0efb4a5adcd3389ec0b9585ac62501108aa58d25aa08310e5a6337af25af2c5fe787cf09c83df190ad97396002dd62ccde914d41d9de83f3c1a76f7904efb01350a6c9313a0c356eb67a0e4d17a96dec267f190f80a7bf5321b94ec5f751f8d1b34da6c58a7cb2d279e2226b7c9aa30cc0777b836e38201b5393ccc8dd9a75f7f23b3877fdb5798918bd7ce2520e39d644fdd87f72b68490318e0a5df7c5f68644d36838d4781f2e9e0a869abfa7b163c05a449ea8830190a6c73055178dfd41ddd3ad47f2de44e54be83431e7a7433b4a4ebd77073bc2a02988966eef6bc8f749378e329025a5a43e258ce7ccf9acad236893be25fda26054ec8d4e72c910e1797c5beee8b13112323294ffa83d050f6bafad53db3173df4ff034aa325dce67561d1fa35086bd62744d068b78d45e0eb852cc8a15d614474160e5958aed2b5eea5bcd6d7076ab62978fd976767dd8d4f17944fd2ed0caf972437c3a29c81da6be143b6577b4cecbf791319e79fe844e94781b75e701e91f83dd17b27f50b7056434805dda92fab86101d0b12e31ad04c6e75ded645b30b748887935c564a41029af7aeb799d8b67f88fa11f2457cf4d71b91c01cf1a0fbd4080a411a142acef4eb34486e66879ed54b7a397fbb0e3d3861cf735706e412066bd96b5308cd7018c22d4f974691bca9f0
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 6129152700000000002a
+            Version: 3
+            TBS:
+                MD5: 0bb058d116f02817737920f112d9fd3b
+                SHA1: fd116235171a4feafedee586b7a59185fb5fd7e6
+                SHA256: f970426cc46d2ae0fc5f899fa19dbe76e05f07e525654c60c3c9399492c291f4
+                SHA384: c0df876be008c26ca407fe904e6f5e7ccded17f9c16830ce9f8022309c9e64c97f494810f152811ae43e223b82ad7cc6
+        Signer:
+        -   SerialNumber: 11218f56dafd7542d5f3d70b213e2a546cff
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 955e7b12a8fa06444c68e54026c45de1
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: d82a89cc750ae680af9f463b1b4ec8d9
+        SHA1: 3b61791f361c785019347cff13712400198c9364
+        SHA256: 1997e2a6302f3196975f858fef63188a249f79b6c2982d31ae07405e8aada58f
+    Company: RW-Everything
+    Copyright: Copyright (C) 2011 RW-Everything
+    CreationTimestamp: '2013-05-01 21:59:34'
+    Date: ''
+    Description: RwDrv Driver
+    ExportedFunctions: ''
+    FileVersion: '1.00.00.0000 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - IoRegisterPlugPlayNotification
+    - MmFreeContiguousMemorySpecifyCache
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - IoFreeWorkItem
+    - KeInitializeEvent
+    - RtlQueryRegistryValues
+    - KeReleaseSpinLock
+    - MmUnmapIoSpace
+    - IoFreeMdl
+    - MmGetPhysicalAddress
+    - IoGetDeviceObjectPointer
+    - IoBuildAsynchronousFsdRequest
+    - ExInterlockedInsertTailList
+    - IoAllocateWorkItem
+    - IoBuildDeviceIoControlRequest
+    - IoUnregisterPlugPlayNotification
+    - IofCompleteRequest
+    - KeWaitForSingleObject
+    - IoFreeIrp
+    - RtlCompareMemory
+    - MmUnlockPages
+    - IoCreateSymbolicLink
+    - RtlCopyUnicodeString
+    - ObfDereferenceObject
+    - IoCreateDevice
+    - IoQueueWorkItem
+    - RtlAssert
+    - MmAllocateContiguousMemorySpecifyCache
+    - DbgPrint
+    - IofCallDriver
+    - KeAcquireSpinLockRaiseToDpc
+    - KeBugCheckEx
+    - MmMapIoSpace
+    - ExAllocatePoolWithTag
+    - KeStallExecutionProcessor
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: RwDrv.sys
+    MD5: 9650db2ef0a44984845841ab24972ced
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: RwDrv.sys
+    PDBPath: ''
+    Product: RwDrv Driver
+    ProductVersion: 1.00.00.0000
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 34f9ee05d0625423a967fe59af07b3b7
+        SHA1: 977c80038c9a4ea1b19a46fbaf339efa52332028
+        SHA256: 7ab534cf1988576feaa977b3906d1f22777b8a1bbb0b27345834b4d37d1fabb8
+    SHA1: 9d191bee98f0af4969a26113098e3ea85483ae2d
+    SHA256: bdcacb9f373b017d0905845292bca2089feb0900ce80e78df1bcaae8328ce042
+    Sections:
+        .text:
+            Entropy: 5.5452107521100436
+            Virtual Size: '0x3948'
+        .rdata:
+            Entropy: 4.069864946156118
+            Virtual Size: '0x2bc'
+        .data:
+            Entropy: 0.46979092711892695
+            Virtual Size: '0x130'
+        .pdata:
+            Entropy: 3.8809705707794
+            Virtual Size: '0x1d4'
+        INIT:
+            Entropy: 5.490832644719796
+            Virtual Size: '0x790'
+        .rsrc:
+            Entropy: 3.271210025777123
+            Virtual Size: '0x370'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            ValidFrom: '2011-04-13 10:00:00'
+            ValidTo: '2019-04-13 10:00:00'
+            Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0400000000012f4ee1355c
+            Version: 3
+            TBS:
+                MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+                SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+                SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+                SHA384: dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b
+        -   Subject: C=TW, CN=ChongKim Chan
+            ValidFrom: '2012-07-31 20:41:59'
+            ValidTo: '2013-08-01 20:41:59'
+            Signature: 6b86336c2008e3d1a9cb42f4e323c36c782602b06948e63b7cc646ca61b5768677c2cdd5cf24f58d68844079cd6d8e9534b3170a0261fe64ea47971eecf4a84de8174a4a8b5c6ad87894cf5cc8a10ec522db9697504b208442ae34ec6e9a0e85d93470f66374f36c4f1ec3483c136497b2880d8ba4de0342b5aa2c0890ad80e010c8e34ae8792740e677952d3bc05a36a032ab7bbb64051d506f674e0232f66900c8c29dad2df6960012a8bb216f9e83157632545ead40db592c1e7de76f407601b111113e9b087db3e780f21a61e9f7593e96332f0c35162e0900a61c6ba3a88faee64d9fe94cad5705d6d16585603b5bb376161bdcf01b0bb9022bb360aceb
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 11218f56dafd7542d5f3d70b213e2a546cff
+            Version: 3
+            TBS:
+                MD5: b990c61c8edf9e8d0ac6504541be0b65
+                SHA1: 519e011f6cab88c812da20225dd37cc1808d5180
+                SHA256: 5b8b9e8e3ddd3ab7cc1f8531e88d83cb075539bb4473ed348d80a13dc1a4e065
+                SHA384: 98aa58231d0881595c83ab26289a982c0ff7f697e2a30eb1ff3bea3058897a722b67966a665b5a893cb0daa9dc88f93e
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+            ValidFrom: '2011-04-15 19:55:08'
+            ValidTo: '2021-04-15 20:05:08'
+            Signature: 5ff8d065746a81c6a6ca5b03b6914ae84bbdef2ba142f0efb4a5adcd3389ec0b9585ac62501108aa58d25aa08310e5a6337af25af2c5fe787cf09c83df190ad97396002dd62ccde914d41d9de83f3c1a76f7904efb01350a6c9313a0c356eb67a0e4d17a96dec267f190f80a7bf5321b94ec5f751f8d1b34da6c58a7cb2d279e2226b7c9aa30cc0777b836e38201b5393ccc8dd9a75f7f23b3877fdb5798918bd7ce2520e39d644fdd87f72b68490318e0a5df7c5f68644d36838d4781f2e9e0a869abfa7b163c05a449ea8830190a6c73055178dfd41ddd3ad47f2de44e54be83431e7a7433b4a4ebd77073bc2a02988966eef6bc8f749378e329025a5a43e258ce7ccf9acad236893be25fda26054ec8d4e72c910e1797c5beee8b13112323294ffa83d050f6bafad53db3173df4ff034aa325dce67561d1fa35086bd62744d068b78d45e0eb852cc8a15d614474160e5958aed2b5eea5bcd6d7076ab62978fd976767dd8d4f17944fd2ed0caf972437c3a29c81da6be143b6577b4cecbf791319e79fe844e94781b75e701e91f83dd17b27f50b7056434805dda92fab86101d0b12e31ad04c6e75ded645b30b748887935c564a41029af7aeb799d8b67f88fa11f2457cf4d71b91c01cf1a0fbd4080a411a142acef4eb34486e66879ed54b7a397fbb0e3d3861cf735706e412066bd96b5308cd7018c22d4f974691bca9f0
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 6129152700000000002a
+            Version: 3
+            TBS:
+                MD5: 0bb058d116f02817737920f112d9fd3b
+                SHA1: fd116235171a4feafedee586b7a59185fb5fd7e6
+                SHA256: f970426cc46d2ae0fc5f899fa19dbe76e05f07e525654c60c3c9399492c291f4
+                SHA384: c0df876be008c26ca407fe904e6f5e7ccded17f9c16830ce9f8022309c9e64c97f494810f152811ae43e223b82ad7cc6
+        Signer:
+        -   SerialNumber: 11218f56dafd7542d5f3d70b213e2a546cff
+            Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+            Version: 1
+    Imphash: 6f0b9814da4da038669c47e77c2f268f
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/fda3ff67-12dc-488c-a4c2-603f5bf420bd.yaml b/yaml/fda3ff67-12dc-488c-a4c2-603f5bf420bd.yaml
index 3d1a238df..7dd0c99ba 100644
--- a/yaml/fda3ff67-12dc-488c-a4c2-603f5bf420bd.yaml
+++ b/yaml/fda3ff67-12dc-488c-a4c2-603f5bf420bd.yaml
@@ -1,183 +1,184 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: fda3ff67-12dc-488c-a4c2-603f5bf420bd
+Tags:
+- cg6kwin2k.sys
+Verified: 'TRUE'
 Author: Takahiro Haruyama
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create cg6kwin2ksys binPath= C:\windows\temp\cg6kwin2ksys.sys type=kernel
-    && sc.exe start cg6kwin2ksys
-  Description: The Carbon Black Threat Analysis Unit (TAU) discovered 34 unique vulnerable
-    drivers (237 file hashes) accepting firmware access. Six allow kernel memory access.
-    All give full control of the devices to non-admin users. By exploiting the vulnerable
-    drivers, an attacker without the system privilege may erase/alter firmware, and/or
-    elevate privileges. As of the time of writing in October 2023, the filenames of
-    the vulnerable drivers have not been made public until now.
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-11-02'
-Detection: []
-Id: fda3ff67-12dc-488c-a4c2-603f5bf420bd
-KnownVulnerableSamples:
-- Company: NMS Communications
-  Date: ''
-  Description: CG/MG family driver
-  FileVersion: '2.00 built by: Administrator'
-  Filename: ''
-  MD5: e3d290406de40c32095bd76dc88179fb
-  MachineType: AMD64
-  OriginalFilename: cg6kwin2k.sys
-  Product: CT Access
-  ProductVersion: '2.00'
-  Publisher: ''
-  SHA1: 06ec62c590ca0f1f2575300c151c84640d2523c0
-  SHA256: 223f61c3f443c5047d1aeb905b0551005a426f084b7a50384905e7e4ecb761a1
-  Signature: ''
-  Imphash: 6c42ea981bc29a7e2ed56d297e0b56dc
-  Authentihash:
-    MD5: fe2bb16274052394a433f202b2f2c556
-    SHA1: 65980c174fc4930339ca81f70667439ad10b85cc
-    SHA256: 8c33314792854eef6c6cc4bd1cc4b00f1feed35e8bd260dd4ab0d93b1f6165af
-  RichPEHeaderHash:
-    MD5: 174dcc1f4d118a31686a876b819a7f19
-    SHA1: d48fc38a407eaed8bfb247f89a2ad22d69da9e54
-    SHA256: 75fd010ec23cdc46727239764006ce424df73edfcbbea22833eaf50d7d07b2a5
-  Sections:
-    .text:
-      Entropy: 6.3326235330898335
-      Virtual Size: '0xae7e'
-    .rdata:
-      Entropy: 5.465551715777126
-      Virtual Size: '0xf8c'
-    .data:
-      Entropy: 2.176116674347563
-      Virtual Size: '0x638'
-    .pdata:
-      Entropy: 4.478462877824751
-      Virtual Size: '0x5b8'
-    INIT:
-      Entropy: 5.063095996432754
-      Virtual Size: '0x886'
-    .rsrc:
-      Entropy: 3.5311310995023666
-      Virtual Size: '0x1430'
-    .reloc:
-      Entropy: 3.9098148164589683
-      Virtual Size: '0x1da'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2022-09-13 08:32:49'
-  InternalName: cg6kwin2k.sys
-  Copyright: Copyright (C) NMS Communications Corp.2004
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - RtlQueryRegistryValues
-  - KeInitializeDpc
-  - KeReleaseSpinLock
-  - IoAllocateErrorLogEntry
-  - KeInitializeTimer
-  - KeSetTimerEx
-  - RtlAppendUnicodeStringToString
-  - IofCompleteRequest
-  - RtlCopyUnicodeString
-  - KeCancelTimer
-  - KeAcquireSpinLockRaiseToDpc
-  - IoCreateSymbolicLink
-  - IoCreateDevice
-  - KeSetEvent
-  - swprintf
-  - KeInitializeEvent
-  - RtlUnicodeStringToAnsiString
-  - MmUnmapIoSpace
-  - PsCreateSystemThread
-  - MmMapIoSpace
-  - ZwClose
-  - IoConnectInterrupt
-  - ObReferenceObjectByHandle
-  - KeWaitForSingleObject
-  - RtlFreeAnsiString
-  - ObfDereferenceObject
-  - IoDisconnectInterrupt
-  - IoWriteErrorLogEntry
-  - IoGetDeviceObjectPointer
-  - IoReleaseCancelSpinLock
-  - KeDelayExecutionThread
-  - PsTerminateSystemThread
-  - KeReleaseSpinLockFromDpcLevel
-  - KeAcquireSpinLockAtDpcLevel
-  - KeQueryTimeIncrement
-  - KeClearEvent
-  - IoRegisterDeviceInterface
-  - IoSetDeviceInterfaceState
-  - IoBuildSynchronousFsdRequest
-  - IoDetachDevice
-  - RtlFreeUnicodeString
-  - PoStartNextPowerIrp
-  - IoGetAttachedDeviceReference
-  - IoAttachDeviceToDeviceStack
-  - PoCallDriver
-  - IoGetDeviceProperty
-  - IofCallDriver
-  - MmFreeContiguousMemory
-  - MmBuildMdlForNonPagedPool
-  - IoFreeMdl
-  - MmGetPhysicalAddress
-  - IoAllocateMdl
-  - MmAllocateContiguousMemory
-  - KeInsertQueueDpc
-  - RtlTimeToTimeFields
-  - ExSystemTimeToLocalTime
-  - KeBugCheckEx
-  - MmMapLockedPagesSpecifyCache
-  - ExAllocatePoolWithTag
-  - KeStallExecutionProcessor
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Hardware Compatibility Publisher
-      ValidFrom: '2022-06-07 18:08:06'
-      ValidTo: '2023-06-01 18:08:06'
-      Signature: 0a835e40cdb627d4f0a0d3dbbf64a46a05c132d0b5df9d11cd9c195d7037737057d57a342732ae68d67de47f460e7211c7c40dc29b0a079caff871c4834a9a2fc85e759de9b78659ad6fd79b7320e538e9ba5d52227ad67cc00b0a770ef662af3d743a558643ad89cfb015591709a69b6271a9b65db71898e7cb9964c6376dc474898301a6133198b486b518fdd9d7b9723dcffc441e026833f7c72e27986026c97b9184a0048b10d1fe6847ae467f02173f7a69120be780e5b6b9e6399402cc58735a31b537cc33578fbea443135a4a612359150bcf9ab316f6a9248bc71ef3f3480b9b3fa2341692bc3a121d80214688f7bd87d5ec56dcbd0ea61abf2c7ed2b739a07590adb596d401735d955f5f94c591d69ab4363a42f9fca549d439495711ff7990448c03724792ed4acf31f2b35b136c1b2f37aa82b1aabf7daf059dcb2e976e95311ec6e9cc53876dd09632cf512d39c801849a7c1088a565691953e07c7ff17b22518e982dd2dcc0feda8c834ca1f5e247aef1c3af5f13cd4b8cc1b6c0179bc876db88d677047c34366533e349796dbdea86389ad640710b7742ae8cc4ec88f10fa80ede4b1c93f81b55480fc8228216d54813df0327e74b3db9f3512a40c0568e4215827f9b7a2613deea72a7ec4df2def05e5559015049fe83edc83300526045cb128119e131b7d3573b268e24b0a25b9ad59f6301c8fc8f409322
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 3300000057ee4d659a923e7c10000000000057
-      Version: 3
-      TBS:
-        MD5: fdc11a5676aed4e9cc0c09eeb7450dfb
-        SHA1: 4902077d9a05d4231b791d3b05bafa4a79132f03
-        SHA256: 5db56c23d83bf67c7152e28ad4a684a7372b4ae4f52afe7a81ce91eef94caec3
-        SHA384: c952d7f0e0ea5216ce4400601fb7c0829f0f3fcd6eb2b5b9112fbe45d133e00c4abd660f8e1794f7ac4ef95123e2c0ab
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2014
-      ValidFrom: '2014-10-15 20:31:27'
-      ValidTo: '2029-10-15 20:41:27'
-      Signature: 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 330000000d690d5d7893d076df00000000000d
-      Version: 3
-      TBS:
-        MD5: 83f69422963f11c3c340b81712eef319
-        SHA1: 0c5e5f24590b53bc291e28583acb78e5adc95601
-        SHA256: d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
-        SHA384: 260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63
-    Signer:
-    - SerialNumber: 3300000057ee4d659a923e7c10000000000057
-      Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2014
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create cg6kwin2ksys binPath= C:\windows\temp\cg6kwin2ksys.sys
+        type=kernel && sc.exe start cg6kwin2ksys
+    Description: The Carbon Black Threat Analysis Unit (TAU) discovered 34 unique
+        vulnerable drivers (237 file hashes) accepting firmware access. Six allow
+        kernel memory access. All give full control of the devices to non-admin users.
+        By exploiting the vulnerable drivers, an attacker without the system privilege
+        may erase/alter firmware, and/or elevate privileges. As of the time of writing
+        in October 2023, the filenames of the vulnerable drivers have not been made
+        public until now.
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://blogs.vmware.com/security/2023/10/hunting-vulnerable-kernel-drivers.html
-Tags:
-- cg6kwin2k.sys
-Verified: 'TRUE'
+Detection: []
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Company: NMS Communications
+    Date: ''
+    Description: CG/MG family driver
+    FileVersion: '2.00 built by: Administrator'
+    Filename: ''
+    MD5: e3d290406de40c32095bd76dc88179fb
+    MachineType: AMD64
+    OriginalFilename: cg6kwin2k.sys
+    Product: CT Access
+    ProductVersion: '2.00'
+    Publisher: ''
+    SHA1: 06ec62c590ca0f1f2575300c151c84640d2523c0
+    SHA256: 223f61c3f443c5047d1aeb905b0551005a426f084b7a50384905e7e4ecb761a1
+    Signature: ''
+    Imphash: 6c42ea981bc29a7e2ed56d297e0b56dc
+    Authentihash:
+        MD5: fe2bb16274052394a433f202b2f2c556
+        SHA1: 65980c174fc4930339ca81f70667439ad10b85cc
+        SHA256: 8c33314792854eef6c6cc4bd1cc4b00f1feed35e8bd260dd4ab0d93b1f6165af
+    RichPEHeaderHash:
+        MD5: 174dcc1f4d118a31686a876b819a7f19
+        SHA1: d48fc38a407eaed8bfb247f89a2ad22d69da9e54
+        SHA256: 75fd010ec23cdc46727239764006ce424df73edfcbbea22833eaf50d7d07b2a5
+    Sections:
+        .text:
+            Entropy: 6.3326235330898335
+            Virtual Size: '0xae7e'
+        .rdata:
+            Entropy: 5.465551715777126
+            Virtual Size: '0xf8c'
+        .data:
+            Entropy: 2.176116674347563
+            Virtual Size: '0x638'
+        .pdata:
+            Entropy: 4.478462877824751
+            Virtual Size: '0x5b8'
+        INIT:
+            Entropy: 5.063095996432754
+            Virtual Size: '0x886'
+        .rsrc:
+            Entropy: 3.5311310995023666
+            Virtual Size: '0x1430'
+        .reloc:
+            Entropy: 3.9098148164589683
+            Virtual Size: '0x1da'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2022-09-13 08:32:49'
+    InternalName: cg6kwin2k.sys
+    Copyright: Copyright (C) NMS Communications Corp.2004
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - RtlQueryRegistryValues
+    - KeInitializeDpc
+    - KeReleaseSpinLock
+    - IoAllocateErrorLogEntry
+    - KeInitializeTimer
+    - KeSetTimerEx
+    - RtlAppendUnicodeStringToString
+    - IofCompleteRequest
+    - RtlCopyUnicodeString
+    - KeCancelTimer
+    - KeAcquireSpinLockRaiseToDpc
+    - IoCreateSymbolicLink
+    - IoCreateDevice
+    - KeSetEvent
+    - swprintf
+    - KeInitializeEvent
+    - RtlUnicodeStringToAnsiString
+    - MmUnmapIoSpace
+    - PsCreateSystemThread
+    - MmMapIoSpace
+    - ZwClose
+    - IoConnectInterrupt
+    - ObReferenceObjectByHandle
+    - KeWaitForSingleObject
+    - RtlFreeAnsiString
+    - ObfDereferenceObject
+    - IoDisconnectInterrupt
+    - IoWriteErrorLogEntry
+    - IoGetDeviceObjectPointer
+    - IoReleaseCancelSpinLock
+    - KeDelayExecutionThread
+    - PsTerminateSystemThread
+    - KeReleaseSpinLockFromDpcLevel
+    - KeAcquireSpinLockAtDpcLevel
+    - KeQueryTimeIncrement
+    - KeClearEvent
+    - IoRegisterDeviceInterface
+    - IoSetDeviceInterfaceState
+    - IoBuildSynchronousFsdRequest
+    - IoDetachDevice
+    - RtlFreeUnicodeString
+    - PoStartNextPowerIrp
+    - IoGetAttachedDeviceReference
+    - IoAttachDeviceToDeviceStack
+    - PoCallDriver
+    - IoGetDeviceProperty
+    - IofCallDriver
+    - MmFreeContiguousMemory
+    - MmBuildMdlForNonPagedPool
+    - IoFreeMdl
+    - MmGetPhysicalAddress
+    - IoAllocateMdl
+    - MmAllocateContiguousMemory
+    - KeInsertQueueDpc
+    - RtlTimeToTimeFields
+    - ExSystemTimeToLocalTime
+    - KeBugCheckEx
+    - MmMapLockedPagesSpecifyCache
+    - ExAllocatePoolWithTag
+    - KeStallExecutionProcessor
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Hardware Compatibility Publisher
+            ValidFrom: '2022-06-07 18:08:06'
+            ValidTo: '2023-06-01 18:08:06'
+            Signature: 0a835e40cdb627d4f0a0d3dbbf64a46a05c132d0b5df9d11cd9c195d7037737057d57a342732ae68d67de47f460e7211c7c40dc29b0a079caff871c4834a9a2fc85e759de9b78659ad6fd79b7320e538e9ba5d52227ad67cc00b0a770ef662af3d743a558643ad89cfb015591709a69b6271a9b65db71898e7cb9964c6376dc474898301a6133198b486b518fdd9d7b9723dcffc441e026833f7c72e27986026c97b9184a0048b10d1fe6847ae467f02173f7a69120be780e5b6b9e6399402cc58735a31b537cc33578fbea443135a4a612359150bcf9ab316f6a9248bc71ef3f3480b9b3fa2341692bc3a121d80214688f7bd87d5ec56dcbd0ea61abf2c7ed2b739a07590adb596d401735d955f5f94c591d69ab4363a42f9fca549d439495711ff7990448c03724792ed4acf31f2b35b136c1b2f37aa82b1aabf7daf059dcb2e976e95311ec6e9cc53876dd09632cf512d39c801849a7c1088a565691953e07c7ff17b22518e982dd2dcc0feda8c834ca1f5e247aef1c3af5f13cd4b8cc1b6c0179bc876db88d677047c34366533e349796dbdea86389ad640710b7742ae8cc4ec88f10fa80ede4b1c93f81b55480fc8228216d54813df0327e74b3db9f3512a40c0568e4215827f9b7a2613deea72a7ec4df2def05e5559015049fe83edc83300526045cb128119e131b7d3573b268e24b0a25b9ad59f6301c8fc8f409322
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 3300000057ee4d659a923e7c10000000000057
+            Version: 3
+            TBS:
+                MD5: fdc11a5676aed4e9cc0c09eeb7450dfb
+                SHA1: 4902077d9a05d4231b791d3b05bafa4a79132f03
+                SHA256: 5db56c23d83bf67c7152e28ad4a684a7372b4ae4f52afe7a81ce91eef94caec3
+                SHA384: c952d7f0e0ea5216ce4400601fb7c0829f0f3fcd6eb2b5b9112fbe45d133e00c4abd660f8e1794f7ac4ef95123e2c0ab
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2014
+            ValidFrom: '2014-10-15 20:31:27'
+            ValidTo: '2029-10-15 20:41:27'
+            Signature: 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 330000000d690d5d7893d076df00000000000d
+            Version: 3
+            TBS:
+                MD5: 83f69422963f11c3c340b81712eef319
+                SHA1: 0c5e5f24590b53bc291e28583acb78e5adc95601
+                SHA256: d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
+                SHA384: 260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63
+        Signer:
+        -   SerialNumber: 3300000057ee4d659a923e7c10000000000057
+            Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2014
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/fded7e63-0470-40fe-97ed-aa83fd027bad.yaml b/yaml/fded7e63-0470-40fe-97ed-aa83fd027bad.yaml
index 673faaa31..8467bed57 100644
--- a/yaml/fded7e63-0470-40fe-97ed-aa83fd027bad.yaml
+++ b/yaml/fded7e63-0470-40fe-97ed-aa83fd027bad.yaml
@@ -1,555 +1,556 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: fded7e63-0470-40fe-97ed-aa83fd027bad
+Tags:
+- PDFWKRNL.sys
+Verified: 'TRUE'
 Author: Takahiro Haruyama
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create PDFWKRNLsys binPath= C:\windows\temp\PDFWKRNLsys.sys type=kernel
-    && sc.exe start PDFWKRNLsys
-  Description: The Carbon Black Threat Analysis Unit (TAU) discovered 34 unique vulnerable
-    drivers (237 file hashes) accepting firmware access. Six allow kernel memory access.
-    All give full control of the devices to non-admin users. By exploiting the vulnerable
-    drivers, an attacker without the system privilege may erase/alter firmware, and/or
-    elevate privileges. As of the time of writing in October 2023, the filenames of
-    the vulnerable drivers have not been made public until now.
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-11-02'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: fded7e63-0470-40fe-97ed-aa83fd027bad
-KnownVulnerableSamples:
-- Company: Advanced Micro Devices, Inc.
-  Date: ''
-  Description: USB-C Power Delivery Firmware Update Tool Kernel Driver
-  FileVersion: '1.0'
-  Filename: ''
-  MD5: 057ec65bac5e786affeb97c0a0d1db15
-  MachineType: AMD64
-  OriginalFilename: PDFWKRNL.sys
-  Product: USB-C Power Delivery Firmware Update Tool Kernel Driver
-  ProductVersion: '1.0'
-  Publisher: ''
-  SHA1: 16a091bfd1fd616d4607cac367782b1d2ab07491
-  SHA256: 0cf84400c09582ee2911a5b1582332c992d1cd29fcf811cb1dc00fcd61757db0
-  Signature: ''
-  Imphash: 3f4c9025125027e307b7e52dd577303b
-  Authentihash:
-    MD5: 88f43386706a10bf13406da24ff3ce17
-    SHA1: 2bb6572b167727925c082adbe1f68671c1198fe4
-    SHA256: 6370c82c2dbdf93608cccb88d78468edeb27f5d08f9ed0baf161842c0751f6a4
-  RichPEHeaderHash:
-    MD5: ab0033f961519a670a4f5bb4cb27078c
-    SHA1: 001439f5c078236db0d9f3975d109bbbbcdca85d
-    SHA256: 0d157e35d3e64fede649680b050c99079456df79286889fc0ed61417f8249918
-  Sections:
-    .text:
-      Entropy: 5.774198151282791
-      Virtual Size: '0x96a'
-    .rdata:
-      Entropy: 3.152042663025651
-      Virtual Size: '0x474'
-    .data:
-      Entropy: 1.457518749639422
-      Virtual Size: '0x18'
-    .pdata:
-      Entropy: 3.1359292104877943
-      Virtual Size: '0x84'
-    INIT:
-      Entropy: 4.58854617911247
-      Virtual Size: '0x23c'
-    .rsrc:
-      Entropy: 3.3373025657841526
-      Virtual Size: '0x418'
-    .reloc:
-      Entropy: 3.569548827786958
-      Virtual Size: '0x20'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2022-04-07 20:20:42'
-  InternalName: PDFWKRNL.sys
-  Copyright: Copyright (C) 2021 Advanced Micro Devices, Inc.
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - MmBuildMdlForNonPagedPool
-  - IoAllocateMdl
-  - RtlInitUnicodeString
-  - MmMapIoSpace
-  - MmFreeContiguousMemory
-  - IoDeleteDevice
-  - MmUnmapIoSpace
-  - MmGetPhysicalAddress
-  - IoDeleteSymbolicLink
-  - IoFreeMdl
-  - MmAllocateContiguousMemorySpecifyCache
-  - IoCreateDevice
-  - ExFreePoolWithTag
-  - MmUnmapLockedPages
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - MmMapLockedPages
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=California, L=Santa Clara, O=Advanced Micro Devices Inc.,
-        CN=Advanced Micro Devices Inc.
-      ValidFrom: '2021-05-11 00:00:00'
-      ValidTo: '2024-05-10 23:59:59'
-      Signature: 8444e268ff381c9148985f408e5cc1453a560c9dd94d2a6cfa01dd7f2adc8af633053d2c79027db4f185f477b0d5db8b362b37dbd0d258823831ace7058baf3feb80a9eb2de9dd886bcf390fae9b586fc833e63db5c6a07019f35a9fce6899502852737b32d25ea7832c3786df0642d21622e56c0b0171e96f9520d07f73950376ff555bcf9c8a55bf4f86c088b58e2cb625a0ef4680ed7281f09a40c7be9f69cba77a6967030e39b2cfa46692698ced9e5347dd7056b476545c3442f934cb2c30cb986afabd29a9a9e2eb28c5bd6ee47dabf5ef587f850ea49b124eb868aac68de949616d08f875192b93388549c7327a3ef085e287d5a743810c151b250c64
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 535091e6cab13af393b51ead0825f627
-      Version: 3
-      TBS:
-        MD5: f2f60243e26dcdf4729d28b1beb55f01
-        SHA1: a23ac91136dd79d77b93b12c813e0c6669ed9f4d
-        SHA256: 192ee517f8ae928808632422a6461613d65ee324fa58d2f099a27a3d0da9ca6b
-        SHA384: beb93a1ff1715564a418ecb07cee42465dbf9c76cc703e7088bdafb2099b003afa0c335bcd15d318dcb2bf8519c199da
-    - Subject: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo
-        RSA Code Signing CA
-      ValidFrom: '2018-11-02 00:00:00'
-      ValidTo: '2030-12-31 23:59:59'
-      Signature: 4d6350ed47344a61a4dbde6a2a8c9bf100001e1d627b3ad732c2f6b3e063b3fb6100889a1b6d1007044fbeb8ea897822eb0f46ecf3465e40468912f40b775a9c2a413afcd6f4ebe7f7159533c3a18328b7de2fe494f78533832d4a4048bf9ac24f4ab18f24f4b38137d3b764b0a6236a596852425fff04ebe174657908f5a993de6b71409996ba78f1b9c8e2c30816b1ab635ac815806d745e4a757ea5b8c36cb5cfdf4a79875cc7404d6335f630d3cfb50a0e0b047fa04baebba3a5d08400933e535d34a50035696cbe9f2025100d19fb509061be398f7a8e4df69f0e1efe075112668326194895ce4ac9c17ff33a059bf96fdf887fc0239ed21e437a4531c19c4da9f059b25919e86a8d290402777c4b4bcd70be3ab2555a783ebcbb6f0310257715348af936cc4392e4ba4ff1629328255729fb5119c7a125406a8457c6b29db1bc1c0ada7c677e7d2ee9284c187ec47b3141719a4b29ec0b3d5750d2caddfd9e0551e54478dd01deb175980d5424fdf04ee3e2f883bd72bacb3d3aeef05e1792686dc861f9a6f12a0a0ba5b9f49eee983205859eebf98329d3c62c7dbd3a772e8b3742a06a82ed3b4aaa9410a4e10df817c5b65a79331892e3b575f8a1e98e0a251ee41ef19f5a8723ff9fa4519efb398011cddbb5c4a7a8806fe553d4e0e3a2c2d25b1afa32262d6a57701c3ca4582ea3f35b4b07dc3259f387a71a6d58
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.12
-      IsCertificateAuthority: true
-      SerialNumber: 1da248306f9b2618d082e0967d33d36a
-      Version: 3
-      TBS:
-        MD5: c1eabfb5994258ad955adb7c2df165e6
-        SHA1: fa33b3c00cebc469b269220d9eab26926c9b8ad8
-        SHA256: 70dffac37eb787b2198816982c7d44f541d2e39a7dac069d37b367dc9f354b32
-        SHA384: 20adc5b59cb532e215f01ba09a9c745898c206555613512fea7c295ccfd17ced4fe2c5bc3274ca8a270fc68799b8343c
-    - Subject: C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust
-        RSA Certification Authority
-      ValidFrom: '2015-07-22 21:03:49'
-      ValidTo: '2025-07-22 21:03:49'
-      Signature: 6b22933c3d395471646b0ef2e43c3011c5204a4b860f92f1ff33793ad9e498a70e40a022807e61b2e0a719cf2695312a65d46a4f3186eac0c62ec5648c3d4859cd0b2f743d9426131042d49798275e3c76d278691d1a64e7057275e0eb6640439f8f0c46ff9760a6c867ad10089b62a6e9be3a8ad3074d9f729325bc0611e02c90383e671cfd19d79e90ce3dc2e0e761acc0e504f51e99540c910d01567137ae27d49e4322a5c927cd4de571123924a5415687ffbc55140f25ca89eec797e5d213ff3d7e1aa08f3fc82cd7a370d0c760c0fcd83e51e797c63e3bedcf78be8acae3c4f2a7a7ed9eae08028fa052db721ed53bc34d9f8efa9b70c7f8e3bf6c3f929be4373eec6a8c29f9c1a2bf8b3e1a6966fb1c634f2601c902c43ed2ffc343a81bfd99fad4bca5b9e2932f3b01c5d1f43a2f68c3e064b75a955e46cc078369bb3c05925673357345984e7cd812a5b742e9a263f642601870d13b6f31c087c7e671e1f34616e9f5b872b3e96d1f622649a3498bdd68c78b6856f7defcfa8724b80381178fe5f1676a1daed374f78ca55db30b8e422996ce49c4777e667c01171a6c1424c3b0177705d81a40b7866bd8e47b40ac7edf4e6f24f92080828c33e7e5fa29d89dda8b705d2bc91d824c0b67cb84419ee7067e1183442d8a19eef47f9add791c37191e9f3f8c29ba0d5c1086376c48cd455dcd70bcbcd14d5dd8c5b876
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 3300000044b73ffcef5acfa27a000000000044
-      Version: 3
-      TBS:
-        MD5: a2d2ae7554f77f6e9ffb0b1a9b700ac4
-        SHA1: 9f69ff166f5dc446578a45d7d69482373755e141
-        SHA256: ad394b7e5cb9ccf6429762405f9840b648e38e8faf2de376f1aa375c6729abb7
-        SHA384: eda103bac2997f31d778637ce8d1fa1263485a9d6a77d6e381bad8312e6bbec020ce5036e16ca96087e50f6ab200944a
-    Signer:
-    - SerialNumber: 535091e6cab13af393b51ead0825f627
-      Issuer: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo
-        RSA Code Signing CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: Advanced Micro Devices, Inc.
-  Date: ''
-  Description: USB-C Power Delivery Firmware Update Utility Driver
-  FileVersion: '1.1'
-  Filename: ''
-  MD5: 0b0447072ada1636a14087574a512c82
-  MachineType: AMD64
-  OriginalFilename: PDFWKRNL.sys
-  Product: USB-C Power Delivery Firmware Update Utility Driver
-  ProductVersion: '1.1'
-  Publisher: ''
-  SHA1: e28b754d4d332ea57349110c019d841cf4d27356
-  SHA256: 5df689a62003d26df4aefbaed41ec1205abbf3a2e18e1f1d51b97711e8fcdf00
-  Signature: ''
-  Imphash: f5df2479285c7b593b3630b8357032e3
-  Authentihash:
-    MD5: afe828d66195a0e13579137ca102238b
-    SHA1: b0e839e75e4a607e1697a6a8a246d11bcca712e0
-    SHA256: cd5bff03256b98922b47a2725128540953a0ac15bd2be204196917d0c707a9cb
-  RichPEHeaderHash:
-    MD5: 33c9bfc9dc766dcea534eeb1d824cd8a
-    SHA1: 56a256d7e55cd26ee6ef005948cc10775844d8aa
-    SHA256: 8b6a847e85f2718f6ffb093a6e5623d635e5d35fe85fe238f7b349800ee790ec
-  Sections:
-    .text:
-      Entropy: 5.860373054881857
-      Virtual Size: '0xdc0'
-    .rdata:
-      Entropy: 4.017039388906641
-      Virtual Size: '0xc54'
-    .data:
-      Entropy: 1.874295453293815
-      Virtual Size: '0x240'
-    .pdata:
-      Entropy: 4.093065667164915
-      Virtual Size: '0x270'
-    PAGE:
-      Entropy: 6.200431242069836
-      Virtual Size: '0x1d0b'
-    INIT:
-      Entropy: 4.845082540506861
-      Virtual Size: '0x576'
-    .rsrc:
-      Entropy: 3.34832425352919
-      Virtual Size: '0x408'
-    .reloc:
-      Entropy: 3.92146948986705
-      Virtual Size: '0x3c'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2023-06-23 11:20:08'
-  InternalName: PDFWKRNL.sys
-  Copyright: Copyright (C) 2023 Advanced Micro Devices, Inc.
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - MmBuildMdlForNonPagedPool
-  - IoAllocateMdl
-  - RtlInitUnicodeString
-  - MmMapIoSpace
-  - MmFreeContiguousMemory
-  - IoDeleteDevice
-  - MmUnmapIoSpace
-  - MmGetPhysicalAddress
-  - IoDeleteSymbolicLink
-  - IoFreeMdl
-  - MmAllocateContiguousMemorySpecifyCache
-  - ExFreePoolWithTag
-  - MmUnmapLockedPages
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - MmMapLockedPages
-  - ZwCreateKey
-  - MmGetSystemRoutineAddress
-  - ZwClose
-  - ZwSetSecurityObject
-  - IoDeviceObjectType
-  - IoCreateDevice
-  - ObOpenObjectByPointer
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - RtlGetSaclSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - _snwprintf
-  - RtlLengthSecurityDescriptor
-  - SeExports
-  - RtlCreateSecurityDescriptor
-  - _wcsnicmp
-  - ExAllocatePoolWithTag
-  - wcschr
-  - RtlAbsoluteToSelfRelativeSD
-  - RtlAddAccessAllowedAce
-  - RtlLengthSid
-  - IoIsWdmVersionAvailable
-  - RtlSetDaclSecurityDescriptor
-  - ZwOpenKey
-  - ZwSetValueKey
-  - ZwQueryValueKey
-  - RtlFreeUnicodeString
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=California, L=Santa Clara, O=Advanced Micro Devices Inc.,
-        CN=Advanced Micro Devices Inc.
-      ValidFrom: '2021-05-11 00:00:00'
-      ValidTo: '2024-05-10 23:59:59'
-      Signature: 8444e268ff381c9148985f408e5cc1453a560c9dd94d2a6cfa01dd7f2adc8af633053d2c79027db4f185f477b0d5db8b362b37dbd0d258823831ace7058baf3feb80a9eb2de9dd886bcf390fae9b586fc833e63db5c6a07019f35a9fce6899502852737b32d25ea7832c3786df0642d21622e56c0b0171e96f9520d07f73950376ff555bcf9c8a55bf4f86c088b58e2cb625a0ef4680ed7281f09a40c7be9f69cba77a6967030e39b2cfa46692698ced9e5347dd7056b476545c3442f934cb2c30cb986afabd29a9a9e2eb28c5bd6ee47dabf5ef587f850ea49b124eb868aac68de949616d08f875192b93388549c7327a3ef085e287d5a743810c151b250c64
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 535091e6cab13af393b51ead0825f627
-      Version: 3
-      TBS:
-        MD5: f2f60243e26dcdf4729d28b1beb55f01
-        SHA1: a23ac91136dd79d77b93b12c813e0c6669ed9f4d
-        SHA256: 192ee517f8ae928808632422a6461613d65ee324fa58d2f099a27a3d0da9ca6b
-        SHA384: beb93a1ff1715564a418ecb07cee42465dbf9c76cc703e7088bdafb2099b003afa0c335bcd15d318dcb2bf8519c199da
-    - Subject: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo
-        RSA Code Signing CA
-      ValidFrom: '2018-11-02 00:00:00'
-      ValidTo: '2030-12-31 23:59:59'
-      Signature: 4d6350ed47344a61a4dbde6a2a8c9bf100001e1d627b3ad732c2f6b3e063b3fb6100889a1b6d1007044fbeb8ea897822eb0f46ecf3465e40468912f40b775a9c2a413afcd6f4ebe7f7159533c3a18328b7de2fe494f78533832d4a4048bf9ac24f4ab18f24f4b38137d3b764b0a6236a596852425fff04ebe174657908f5a993de6b71409996ba78f1b9c8e2c30816b1ab635ac815806d745e4a757ea5b8c36cb5cfdf4a79875cc7404d6335f630d3cfb50a0e0b047fa04baebba3a5d08400933e535d34a50035696cbe9f2025100d19fb509061be398f7a8e4df69f0e1efe075112668326194895ce4ac9c17ff33a059bf96fdf887fc0239ed21e437a4531c19c4da9f059b25919e86a8d290402777c4b4bcd70be3ab2555a783ebcbb6f0310257715348af936cc4392e4ba4ff1629328255729fb5119c7a125406a8457c6b29db1bc1c0ada7c677e7d2ee9284c187ec47b3141719a4b29ec0b3d5750d2caddfd9e0551e54478dd01deb175980d5424fdf04ee3e2f883bd72bacb3d3aeef05e1792686dc861f9a6f12a0a0ba5b9f49eee983205859eebf98329d3c62c7dbd3a772e8b3742a06a82ed3b4aaa9410a4e10df817c5b65a79331892e3b575f8a1e98e0a251ee41ef19f5a8723ff9fa4519efb398011cddbb5c4a7a8806fe553d4e0e3a2c2d25b1afa32262d6a57701c3ca4582ea3f35b4b07dc3259f387a71a6d58
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.12
-      IsCertificateAuthority: true
-      SerialNumber: 1da248306f9b2618d082e0967d33d36a
-      Version: 3
-      TBS:
-        MD5: c1eabfb5994258ad955adb7c2df165e6
-        SHA1: fa33b3c00cebc469b269220d9eab26926c9b8ad8
-        SHA256: 70dffac37eb787b2198816982c7d44f541d2e39a7dac069d37b367dc9f354b32
-        SHA384: 20adc5b59cb532e215f01ba09a9c745898c206555613512fea7c295ccfd17ced4fe2c5bc3274ca8a270fc68799b8343c
-    - Subject: C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust
-        RSA Certification Authority
-      ValidFrom: '2015-07-22 21:03:49'
-      ValidTo: '2025-07-22 21:03:49'
-      Signature: 6b22933c3d395471646b0ef2e43c3011c5204a4b860f92f1ff33793ad9e498a70e40a022807e61b2e0a719cf2695312a65d46a4f3186eac0c62ec5648c3d4859cd0b2f743d9426131042d49798275e3c76d278691d1a64e7057275e0eb6640439f8f0c46ff9760a6c867ad10089b62a6e9be3a8ad3074d9f729325bc0611e02c90383e671cfd19d79e90ce3dc2e0e761acc0e504f51e99540c910d01567137ae27d49e4322a5c927cd4de571123924a5415687ffbc55140f25ca89eec797e5d213ff3d7e1aa08f3fc82cd7a370d0c760c0fcd83e51e797c63e3bedcf78be8acae3c4f2a7a7ed9eae08028fa052db721ed53bc34d9f8efa9b70c7f8e3bf6c3f929be4373eec6a8c29f9c1a2bf8b3e1a6966fb1c634f2601c902c43ed2ffc343a81bfd99fad4bca5b9e2932f3b01c5d1f43a2f68c3e064b75a955e46cc078369bb3c05925673357345984e7cd812a5b742e9a263f642601870d13b6f31c087c7e671e1f34616e9f5b872b3e96d1f622649a3498bdd68c78b6856f7defcfa8724b80381178fe5f1676a1daed374f78ca55db30b8e422996ce49c4777e667c01171a6c1424c3b0177705d81a40b7866bd8e47b40ac7edf4e6f24f92080828c33e7e5fa29d89dda8b705d2bc91d824c0b67cb84419ee7067e1183442d8a19eef47f9add791c37191e9f3f8c29ba0d5c1086376c48cd455dcd70bcbcd14d5dd8c5b876
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 3300000044b73ffcef5acfa27a000000000044
-      Version: 3
-      TBS:
-        MD5: a2d2ae7554f77f6e9ffb0b1a9b700ac4
-        SHA1: 9f69ff166f5dc446578a45d7d69482373755e141
-        SHA256: ad394b7e5cb9ccf6429762405f9840b648e38e8faf2de376f1aa375c6729abb7
-        SHA384: eda103bac2997f31d778637ce8d1fa1263485a9d6a77d6e381bad8312e6bbec020ce5036e16ca96087e50f6ab200944a
-    Signer:
-    - SerialNumber: 535091e6cab13af393b51ead0825f627
-      Issuer: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo
-        RSA Code Signing CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: Advanced Micro Devices, Inc.
-  Date: ''
-  Description: USB-C Power Delivery Firmware Update Utility Driver
-  FileVersion: '1.0'
-  Filename: ''
-  MD5: f0db5af13c457a299a64cf524c64b042
-  MachineType: AMD64
-  OriginalFilename: PDFWKRNL.sys
-  Product: USB-C Power Delivery Firmware Update Utility Driver
-  ProductVersion: '1.0'
-  Publisher: ''
-  SHA1: a24840e32071e0f64e1dff8ca540604896811587
-  SHA256: 6945077a6846af3e4e2f6a2f533702f57e993c5b156b6965a552d6a5d63b7402
-  Signature: ''
-  Imphash: 3f4c9025125027e307b7e52dd577303b
-  Authentihash:
-    MD5: d255a6146ab4e75a6ac362cf07641180
-    SHA1: 661a1a28950cec3f2c3d0e72ab2a05d4a173cf9a
-    SHA256: fc23abdcf93928e1db8401a7ff53c86c85230a8637c4168f7434208f9e8b5ded
-  RichPEHeaderHash:
-    MD5: eff2e20cff5d56c711ba91e03ead294d
-    SHA1: 94f9b8467857dfe5b38ddaf5b260de7da65563ef
-    SHA256: 8548170c0fc3ef601bbd115b2ad461be8dd8abcceb062617f2b02469de17f2c0
-  Sections:
-    .text:
-      Entropy: 5.775171264269732
-      Virtual Size: '0x96a'
-    .rdata:
-      Entropy: 2.837849121032207
-      Virtual Size: '0x504'
-    .data:
-      Entropy: 1.457518749639422
-      Virtual Size: '0x18'
-    .pdata:
-      Entropy: 3.213363216579077
-      Virtual Size: '0x84'
-    INIT:
-      Entropy: 4.607889156155057
-      Virtual Size: '0x23c'
-    .rsrc:
-      Entropy: 3.3343295190199753
-      Virtual Size: '0x408'
-    .reloc:
-      Entropy: 3.5168756957665632
-      Virtual Size: '0x24'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2022-12-22 11:13:53'
-  InternalName: PDFWKRNL.sys
-  Copyright: Copyright (C) 2021 Advanced Micro Devices, Inc.
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - MmBuildMdlForNonPagedPool
-  - IoAllocateMdl
-  - RtlInitUnicodeString
-  - MmMapIoSpace
-  - MmFreeContiguousMemory
-  - IoDeleteDevice
-  - MmUnmapIoSpace
-  - MmGetPhysicalAddress
-  - IoDeleteSymbolicLink
-  - IoFreeMdl
-  - MmAllocateContiguousMemorySpecifyCache
-  - IoCreateDevice
-  - ExFreePoolWithTag
-  - MmUnmapLockedPages
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - MmMapLockedPages
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=California, L=Santa Clara, O=Advanced Micro Devices Inc.,
-        CN=Advanced Micro Devices Inc.
-      ValidFrom: '2021-05-11 00:00:00'
-      ValidTo: '2024-05-10 23:59:59'
-      Signature: 8444e268ff381c9148985f408e5cc1453a560c9dd94d2a6cfa01dd7f2adc8af633053d2c79027db4f185f477b0d5db8b362b37dbd0d258823831ace7058baf3feb80a9eb2de9dd886bcf390fae9b586fc833e63db5c6a07019f35a9fce6899502852737b32d25ea7832c3786df0642d21622e56c0b0171e96f9520d07f73950376ff555bcf9c8a55bf4f86c088b58e2cb625a0ef4680ed7281f09a40c7be9f69cba77a6967030e39b2cfa46692698ced9e5347dd7056b476545c3442f934cb2c30cb986afabd29a9a9e2eb28c5bd6ee47dabf5ef587f850ea49b124eb868aac68de949616d08f875192b93388549c7327a3ef085e287d5a743810c151b250c64
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 535091e6cab13af393b51ead0825f627
-      Version: 3
-      TBS:
-        MD5: f2f60243e26dcdf4729d28b1beb55f01
-        SHA1: a23ac91136dd79d77b93b12c813e0c6669ed9f4d
-        SHA256: 192ee517f8ae928808632422a6461613d65ee324fa58d2f099a27a3d0da9ca6b
-        SHA384: beb93a1ff1715564a418ecb07cee42465dbf9c76cc703e7088bdafb2099b003afa0c335bcd15d318dcb2bf8519c199da
-    - Subject: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo
-        RSA Code Signing CA
-      ValidFrom: '2018-11-02 00:00:00'
-      ValidTo: '2030-12-31 23:59:59'
-      Signature: 4d6350ed47344a61a4dbde6a2a8c9bf100001e1d627b3ad732c2f6b3e063b3fb6100889a1b6d1007044fbeb8ea897822eb0f46ecf3465e40468912f40b775a9c2a413afcd6f4ebe7f7159533c3a18328b7de2fe494f78533832d4a4048bf9ac24f4ab18f24f4b38137d3b764b0a6236a596852425fff04ebe174657908f5a993de6b71409996ba78f1b9c8e2c30816b1ab635ac815806d745e4a757ea5b8c36cb5cfdf4a79875cc7404d6335f630d3cfb50a0e0b047fa04baebba3a5d08400933e535d34a50035696cbe9f2025100d19fb509061be398f7a8e4df69f0e1efe075112668326194895ce4ac9c17ff33a059bf96fdf887fc0239ed21e437a4531c19c4da9f059b25919e86a8d290402777c4b4bcd70be3ab2555a783ebcbb6f0310257715348af936cc4392e4ba4ff1629328255729fb5119c7a125406a8457c6b29db1bc1c0ada7c677e7d2ee9284c187ec47b3141719a4b29ec0b3d5750d2caddfd9e0551e54478dd01deb175980d5424fdf04ee3e2f883bd72bacb3d3aeef05e1792686dc861f9a6f12a0a0ba5b9f49eee983205859eebf98329d3c62c7dbd3a772e8b3742a06a82ed3b4aaa9410a4e10df817c5b65a79331892e3b575f8a1e98e0a251ee41ef19f5a8723ff9fa4519efb398011cddbb5c4a7a8806fe553d4e0e3a2c2d25b1afa32262d6a57701c3ca4582ea3f35b4b07dc3259f387a71a6d58
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.12
-      IsCertificateAuthority: true
-      SerialNumber: 1da248306f9b2618d082e0967d33d36a
-      Version: 3
-      TBS:
-        MD5: c1eabfb5994258ad955adb7c2df165e6
-        SHA1: fa33b3c00cebc469b269220d9eab26926c9b8ad8
-        SHA256: 70dffac37eb787b2198816982c7d44f541d2e39a7dac069d37b367dc9f354b32
-        SHA384: 20adc5b59cb532e215f01ba09a9c745898c206555613512fea7c295ccfd17ced4fe2c5bc3274ca8a270fc68799b8343c
-    - Subject: C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust
-        RSA Certification Authority
-      ValidFrom: '2015-07-22 21:03:49'
-      ValidTo: '2025-07-22 21:03:49'
-      Signature: 6b22933c3d395471646b0ef2e43c3011c5204a4b860f92f1ff33793ad9e498a70e40a022807e61b2e0a719cf2695312a65d46a4f3186eac0c62ec5648c3d4859cd0b2f743d9426131042d49798275e3c76d278691d1a64e7057275e0eb6640439f8f0c46ff9760a6c867ad10089b62a6e9be3a8ad3074d9f729325bc0611e02c90383e671cfd19d79e90ce3dc2e0e761acc0e504f51e99540c910d01567137ae27d49e4322a5c927cd4de571123924a5415687ffbc55140f25ca89eec797e5d213ff3d7e1aa08f3fc82cd7a370d0c760c0fcd83e51e797c63e3bedcf78be8acae3c4f2a7a7ed9eae08028fa052db721ed53bc34d9f8efa9b70c7f8e3bf6c3f929be4373eec6a8c29f9c1a2bf8b3e1a6966fb1c634f2601c902c43ed2ffc343a81bfd99fad4bca5b9e2932f3b01c5d1f43a2f68c3e064b75a955e46cc078369bb3c05925673357345984e7cd812a5b742e9a263f642601870d13b6f31c087c7e671e1f34616e9f5b872b3e96d1f622649a3498bdd68c78b6856f7defcfa8724b80381178fe5f1676a1daed374f78ca55db30b8e422996ce49c4777e667c01171a6c1424c3b0177705d81a40b7866bd8e47b40ac7edf4e6f24f92080828c33e7e5fa29d89dda8b705d2bc91d824c0b67cb84419ee7067e1183442d8a19eef47f9add791c37191e9f3f8c29ba0d5c1086376c48cd455dcd70bcbcd14d5dd8c5b876
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 3300000044b73ffcef5acfa27a000000000044
-      Version: 3
-      TBS:
-        MD5: a2d2ae7554f77f6e9ffb0b1a9b700ac4
-        SHA1: 9f69ff166f5dc446578a45d7d69482373755e141
-        SHA256: ad394b7e5cb9ccf6429762405f9840b648e38e8faf2de376f1aa375c6729abb7
-        SHA384: eda103bac2997f31d778637ce8d1fa1263485a9d6a77d6e381bad8312e6bbec020ce5036e16ca96087e50f6ab200944a
-    Signer:
-    - SerialNumber: 535091e6cab13af393b51ead0825f627
-      Issuer: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo
-        RSA Code Signing CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
-- Company: Advanced Micro Devices, Inc.
-  Date: ''
-  Description: USB-C Power Delivery Firmware Update Tool Kernel Driver
-  FileVersion: '1.0'
-  Filename: ''
-  MD5: 19c0c18384d6a6d65462be891692df9c
-  MachineType: AMD64
-  OriginalFilename: PDFWKRNL.sys
-  Product: USB-C Power Delivery Firmware Update Tool Kernel Driver
-  ProductVersion: '1.0'
-  Publisher: ''
-  SHA1: 2ee7b3f6bcc9e95a9ae60bcb9bbc483b0400077d
-  SHA256: f190919f1668652249fa23d8c0455acbde9d344089fde96566239b1a18b91da2
-  Signature: ''
-  Imphash: 3f4c9025125027e307b7e52dd577303b
-  Authentihash:
-    MD5: 813f710d7941bc8df3fd60625dcae48a
-    SHA1: 531ae2d8f7aa301b74a37b82b5f3cadbf91962e0
-    SHA256: b49b7bcf44242dac00ca559dca217ec5d935b78c963f23bd0f49f53a610dd569
-  RichPEHeaderHash:
-    MD5: ab0033f961519a670a4f5bb4cb27078c
-    SHA1: 001439f5c078236db0d9f3975d109bbbbcdca85d
-    SHA256: 0d157e35d3e64fede649680b050c99079456df79286889fc0ed61417f8249918
-  Sections:
-    .text:
-      Entropy: 5.774198151282791
-      Virtual Size: '0x96a'
-    .rdata:
-      Entropy: 3.1411445742410575
-      Virtual Size: '0x474'
-    .data:
-      Entropy: 1.457518749639422
-      Virtual Size: '0x18'
-    .pdata:
-      Entropy: 3.1359292104877943
-      Virtual Size: '0x84'
-    INIT:
-      Entropy: 4.58854617911247
-      Virtual Size: '0x23c'
-    .rsrc:
-      Entropy: 3.3373025657841526
-      Virtual Size: '0x418'
-    .reloc:
-      Entropy: 3.569548827786958
-      Virtual Size: '0x20'
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2021-09-08 12:42:11'
-  InternalName: PDFWKRNL.sys
-  Copyright: Copyright (C) 2021 Advanced Micro Devices, Inc.
-  Imports:
-  - ntoskrnl.exe
-  ExportedFunctions: ''
-  ImportedFunctions:
-  - MmBuildMdlForNonPagedPool
-  - IoAllocateMdl
-  - RtlInitUnicodeString
-  - MmMapIoSpace
-  - MmFreeContiguousMemory
-  - IoDeleteDevice
-  - MmUnmapIoSpace
-  - MmGetPhysicalAddress
-  - IoDeleteSymbolicLink
-  - IoFreeMdl
-  - MmAllocateContiguousMemorySpecifyCache
-  - IoCreateDevice
-  - ExFreePoolWithTag
-  - MmUnmapLockedPages
-  - IofCompleteRequest
-  - IoCreateSymbolicLink
-  - MmMapLockedPages
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=California, L=Santa Clara, O=Advanced Micro Devices Inc.,
-        CN=Advanced Micro Devices Inc.
-      ValidFrom: '2021-05-11 00:00:00'
-      ValidTo: '2024-05-10 23:59:59'
-      Signature: 8444e268ff381c9148985f408e5cc1453a560c9dd94d2a6cfa01dd7f2adc8af633053d2c79027db4f185f477b0d5db8b362b37dbd0d258823831ace7058baf3feb80a9eb2de9dd886bcf390fae9b586fc833e63db5c6a07019f35a9fce6899502852737b32d25ea7832c3786df0642d21622e56c0b0171e96f9520d07f73950376ff555bcf9c8a55bf4f86c088b58e2cb625a0ef4680ed7281f09a40c7be9f69cba77a6967030e39b2cfa46692698ced9e5347dd7056b476545c3442f934cb2c30cb986afabd29a9a9e2eb28c5bd6ee47dabf5ef587f850ea49b124eb868aac68de949616d08f875192b93388549c7327a3ef085e287d5a743810c151b250c64
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 535091e6cab13af393b51ead0825f627
-      Version: 3
-      TBS:
-        MD5: f2f60243e26dcdf4729d28b1beb55f01
-        SHA1: a23ac91136dd79d77b93b12c813e0c6669ed9f4d
-        SHA256: 192ee517f8ae928808632422a6461613d65ee324fa58d2f099a27a3d0da9ca6b
-        SHA384: beb93a1ff1715564a418ecb07cee42465dbf9c76cc703e7088bdafb2099b003afa0c335bcd15d318dcb2bf8519c199da
-    - Subject: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo
-        RSA Code Signing CA
-      ValidFrom: '2018-11-02 00:00:00'
-      ValidTo: '2030-12-31 23:59:59'
-      Signature: 4d6350ed47344a61a4dbde6a2a8c9bf100001e1d627b3ad732c2f6b3e063b3fb6100889a1b6d1007044fbeb8ea897822eb0f46ecf3465e40468912f40b775a9c2a413afcd6f4ebe7f7159533c3a18328b7de2fe494f78533832d4a4048bf9ac24f4ab18f24f4b38137d3b764b0a6236a596852425fff04ebe174657908f5a993de6b71409996ba78f1b9c8e2c30816b1ab635ac815806d745e4a757ea5b8c36cb5cfdf4a79875cc7404d6335f630d3cfb50a0e0b047fa04baebba3a5d08400933e535d34a50035696cbe9f2025100d19fb509061be398f7a8e4df69f0e1efe075112668326194895ce4ac9c17ff33a059bf96fdf887fc0239ed21e437a4531c19c4da9f059b25919e86a8d290402777c4b4bcd70be3ab2555a783ebcbb6f0310257715348af936cc4392e4ba4ff1629328255729fb5119c7a125406a8457c6b29db1bc1c0ada7c677e7d2ee9284c187ec47b3141719a4b29ec0b3d5750d2caddfd9e0551e54478dd01deb175980d5424fdf04ee3e2f883bd72bacb3d3aeef05e1792686dc861f9a6f12a0a0ba5b9f49eee983205859eebf98329d3c62c7dbd3a772e8b3742a06a82ed3b4aaa9410a4e10df817c5b65a79331892e3b575f8a1e98e0a251ee41ef19f5a8723ff9fa4519efb398011cddbb5c4a7a8806fe553d4e0e3a2c2d25b1afa32262d6a57701c3ca4582ea3f35b4b07dc3259f387a71a6d58
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.12
-      IsCertificateAuthority: true
-      SerialNumber: 1da248306f9b2618d082e0967d33d36a
-      Version: 3
-      TBS:
-        MD5: c1eabfb5994258ad955adb7c2df165e6
-        SHA1: fa33b3c00cebc469b269220d9eab26926c9b8ad8
-        SHA256: 70dffac37eb787b2198816982c7d44f541d2e39a7dac069d37b367dc9f354b32
-        SHA384: 20adc5b59cb532e215f01ba09a9c745898c206555613512fea7c295ccfd17ced4fe2c5bc3274ca8a270fc68799b8343c
-    - Subject: C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust
-        RSA Certification Authority
-      ValidFrom: '2015-07-22 21:03:49'
-      ValidTo: '2025-07-22 21:03:49'
-      Signature: 6b22933c3d395471646b0ef2e43c3011c5204a4b860f92f1ff33793ad9e498a70e40a022807e61b2e0a719cf2695312a65d46a4f3186eac0c62ec5648c3d4859cd0b2f743d9426131042d49798275e3c76d278691d1a64e7057275e0eb6640439f8f0c46ff9760a6c867ad10089b62a6e9be3a8ad3074d9f729325bc0611e02c90383e671cfd19d79e90ce3dc2e0e761acc0e504f51e99540c910d01567137ae27d49e4322a5c927cd4de571123924a5415687ffbc55140f25ca89eec797e5d213ff3d7e1aa08f3fc82cd7a370d0c760c0fcd83e51e797c63e3bedcf78be8acae3c4f2a7a7ed9eae08028fa052db721ed53bc34d9f8efa9b70c7f8e3bf6c3f929be4373eec6a8c29f9c1a2bf8b3e1a6966fb1c634f2601c902c43ed2ffc343a81bfd99fad4bca5b9e2932f3b01c5d1f43a2f68c3e064b75a955e46cc078369bb3c05925673357345984e7cd812a5b742e9a263f642601870d13b6f31c087c7e671e1f34616e9f5b872b3e96d1f622649a3498bdd68c78b6856f7defcfa8724b80381178fe5f1676a1daed374f78ca55db30b8e422996ce49c4777e667c01171a6c1424c3b0177705d81a40b7866bd8e47b40ac7edf4e6f24f92080828c33e7e5fa29d89dda8b705d2bc91d824c0b67cb84419ee7067e1183442d8a19eef47f9add791c37191e9f3f8c29ba0d5c1086376c48cd455dcd70bcbcd14d5dd8c5b876
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 3300000044b73ffcef5acfa27a000000000044
-      Version: 3
-      TBS:
-        MD5: a2d2ae7554f77f6e9ffb0b1a9b700ac4
-        SHA1: 9f69ff166f5dc446578a45d7d69482373755e141
-        SHA256: ad394b7e5cb9ccf6429762405f9840b648e38e8faf2de376f1aa375c6729abb7
-        SHA384: eda103bac2997f31d778637ce8d1fa1263485a9d6a77d6e381bad8312e6bbec020ce5036e16ca96087e50f6ab200944a
-    Signer:
-    - SerialNumber: 535091e6cab13af393b51ead0825f627
-      Issuer: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo
-        RSA Code Signing CA
-      Version: 1
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create PDFWKRNLsys binPath= C:\windows\temp\PDFWKRNLsys.sys type=kernel
+        && sc.exe start PDFWKRNLsys
+    Description: The Carbon Black Threat Analysis Unit (TAU) discovered 34 unique
+        vulnerable drivers (237 file hashes) accepting firmware access. Six allow
+        kernel memory access. All give full control of the devices to non-admin users.
+        By exploiting the vulnerable drivers, an attacker without the system privilege
+        may erase/alter firmware, and/or elevate privileges. As of the time of writing
+        in October 2023, the filenames of the vulnerable drivers have not been made
+        public until now.
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://blogs.vmware.com/security/2023/10/hunting-vulnerable-kernel-drivers.html
-Tags:
-- PDFWKRNL.sys
-Verified: 'TRUE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Company: Advanced Micro Devices, Inc.
+    Date: ''
+    Description: USB-C Power Delivery Firmware Update Tool Kernel Driver
+    FileVersion: '1.0'
+    Filename: ''
+    MD5: 057ec65bac5e786affeb97c0a0d1db15
+    MachineType: AMD64
+    OriginalFilename: PDFWKRNL.sys
+    Product: USB-C Power Delivery Firmware Update Tool Kernel Driver
+    ProductVersion: '1.0'
+    Publisher: ''
+    SHA1: 16a091bfd1fd616d4607cac367782b1d2ab07491
+    SHA256: 0cf84400c09582ee2911a5b1582332c992d1cd29fcf811cb1dc00fcd61757db0
+    Signature: ''
+    Imphash: 3f4c9025125027e307b7e52dd577303b
+    Authentihash:
+        MD5: 88f43386706a10bf13406da24ff3ce17
+        SHA1: 2bb6572b167727925c082adbe1f68671c1198fe4
+        SHA256: 6370c82c2dbdf93608cccb88d78468edeb27f5d08f9ed0baf161842c0751f6a4
+    RichPEHeaderHash:
+        MD5: ab0033f961519a670a4f5bb4cb27078c
+        SHA1: 001439f5c078236db0d9f3975d109bbbbcdca85d
+        SHA256: 0d157e35d3e64fede649680b050c99079456df79286889fc0ed61417f8249918
+    Sections:
+        .text:
+            Entropy: 5.774198151282791
+            Virtual Size: '0x96a'
+        .rdata:
+            Entropy: 3.152042663025651
+            Virtual Size: '0x474'
+        .data:
+            Entropy: 1.457518749639422
+            Virtual Size: '0x18'
+        .pdata:
+            Entropy: 3.1359292104877943
+            Virtual Size: '0x84'
+        INIT:
+            Entropy: 4.58854617911247
+            Virtual Size: '0x23c'
+        .rsrc:
+            Entropy: 3.3373025657841526
+            Virtual Size: '0x418'
+        .reloc:
+            Entropy: 3.569548827786958
+            Virtual Size: '0x20'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2022-04-07 20:20:42'
+    InternalName: PDFWKRNL.sys
+    Copyright: Copyright (C) 2021 Advanced Micro Devices, Inc.
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - MmBuildMdlForNonPagedPool
+    - IoAllocateMdl
+    - RtlInitUnicodeString
+    - MmMapIoSpace
+    - MmFreeContiguousMemory
+    - IoDeleteDevice
+    - MmUnmapIoSpace
+    - MmGetPhysicalAddress
+    - IoDeleteSymbolicLink
+    - IoFreeMdl
+    - MmAllocateContiguousMemorySpecifyCache
+    - IoCreateDevice
+    - ExFreePoolWithTag
+    - MmUnmapLockedPages
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - MmMapLockedPages
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=California, L=Santa Clara, O=Advanced Micro Devices
+                Inc., CN=Advanced Micro Devices Inc.
+            ValidFrom: '2021-05-11 00:00:00'
+            ValidTo: '2024-05-10 23:59:59'
+            Signature: 8444e268ff381c9148985f408e5cc1453a560c9dd94d2a6cfa01dd7f2adc8af633053d2c79027db4f185f477b0d5db8b362b37dbd0d258823831ace7058baf3feb80a9eb2de9dd886bcf390fae9b586fc833e63db5c6a07019f35a9fce6899502852737b32d25ea7832c3786df0642d21622e56c0b0171e96f9520d07f73950376ff555bcf9c8a55bf4f86c088b58e2cb625a0ef4680ed7281f09a40c7be9f69cba77a6967030e39b2cfa46692698ced9e5347dd7056b476545c3442f934cb2c30cb986afabd29a9a9e2eb28c5bd6ee47dabf5ef587f850ea49b124eb868aac68de949616d08f875192b93388549c7327a3ef085e287d5a743810c151b250c64
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 535091e6cab13af393b51ead0825f627
+            Version: 3
+            TBS:
+                MD5: f2f60243e26dcdf4729d28b1beb55f01
+                SHA1: a23ac91136dd79d77b93b12c813e0c6669ed9f4d
+                SHA256: 192ee517f8ae928808632422a6461613d65ee324fa58d2f099a27a3d0da9ca6b
+                SHA384: beb93a1ff1715564a418ecb07cee42465dbf9c76cc703e7088bdafb2099b003afa0c335bcd15d318dcb2bf8519c199da
+        -   Subject: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo
+                RSA Code Signing CA
+            ValidFrom: '2018-11-02 00:00:00'
+            ValidTo: '2030-12-31 23:59:59'
+            Signature: 4d6350ed47344a61a4dbde6a2a8c9bf100001e1d627b3ad732c2f6b3e063b3fb6100889a1b6d1007044fbeb8ea897822eb0f46ecf3465e40468912f40b775a9c2a413afcd6f4ebe7f7159533c3a18328b7de2fe494f78533832d4a4048bf9ac24f4ab18f24f4b38137d3b764b0a6236a596852425fff04ebe174657908f5a993de6b71409996ba78f1b9c8e2c30816b1ab635ac815806d745e4a757ea5b8c36cb5cfdf4a79875cc7404d6335f630d3cfb50a0e0b047fa04baebba3a5d08400933e535d34a50035696cbe9f2025100d19fb509061be398f7a8e4df69f0e1efe075112668326194895ce4ac9c17ff33a059bf96fdf887fc0239ed21e437a4531c19c4da9f059b25919e86a8d290402777c4b4bcd70be3ab2555a783ebcbb6f0310257715348af936cc4392e4ba4ff1629328255729fb5119c7a125406a8457c6b29db1bc1c0ada7c677e7d2ee9284c187ec47b3141719a4b29ec0b3d5750d2caddfd9e0551e54478dd01deb175980d5424fdf04ee3e2f883bd72bacb3d3aeef05e1792686dc861f9a6f12a0a0ba5b9f49eee983205859eebf98329d3c62c7dbd3a772e8b3742a06a82ed3b4aaa9410a4e10df817c5b65a79331892e3b575f8a1e98e0a251ee41ef19f5a8723ff9fa4519efb398011cddbb5c4a7a8806fe553d4e0e3a2c2d25b1afa32262d6a57701c3ca4582ea3f35b4b07dc3259f387a71a6d58
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.12
+            IsCertificateAuthority: true
+            SerialNumber: 1da248306f9b2618d082e0967d33d36a
+            Version: 3
+            TBS:
+                MD5: c1eabfb5994258ad955adb7c2df165e6
+                SHA1: fa33b3c00cebc469b269220d9eab26926c9b8ad8
+                SHA256: 70dffac37eb787b2198816982c7d44f541d2e39a7dac069d37b367dc9f354b32
+                SHA384: 20adc5b59cb532e215f01ba09a9c745898c206555613512fea7c295ccfd17ced4fe2c5bc3274ca8a270fc68799b8343c
+        -   Subject: C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network,
+                CN=USERTrust RSA Certification Authority
+            ValidFrom: '2015-07-22 21:03:49'
+            ValidTo: '2025-07-22 21:03:49'
+            Signature: 6b22933c3d395471646b0ef2e43c3011c5204a4b860f92f1ff33793ad9e498a70e40a022807e61b2e0a719cf2695312a65d46a4f3186eac0c62ec5648c3d4859cd0b2f743d9426131042d49798275e3c76d278691d1a64e7057275e0eb6640439f8f0c46ff9760a6c867ad10089b62a6e9be3a8ad3074d9f729325bc0611e02c90383e671cfd19d79e90ce3dc2e0e761acc0e504f51e99540c910d01567137ae27d49e4322a5c927cd4de571123924a5415687ffbc55140f25ca89eec797e5d213ff3d7e1aa08f3fc82cd7a370d0c760c0fcd83e51e797c63e3bedcf78be8acae3c4f2a7a7ed9eae08028fa052db721ed53bc34d9f8efa9b70c7f8e3bf6c3f929be4373eec6a8c29f9c1a2bf8b3e1a6966fb1c634f2601c902c43ed2ffc343a81bfd99fad4bca5b9e2932f3b01c5d1f43a2f68c3e064b75a955e46cc078369bb3c05925673357345984e7cd812a5b742e9a263f642601870d13b6f31c087c7e671e1f34616e9f5b872b3e96d1f622649a3498bdd68c78b6856f7defcfa8724b80381178fe5f1676a1daed374f78ca55db30b8e422996ce49c4777e667c01171a6c1424c3b0177705d81a40b7866bd8e47b40ac7edf4e6f24f92080828c33e7e5fa29d89dda8b705d2bc91d824c0b67cb84419ee7067e1183442d8a19eef47f9add791c37191e9f3f8c29ba0d5c1086376c48cd455dcd70bcbcd14d5dd8c5b876
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 3300000044b73ffcef5acfa27a000000000044
+            Version: 3
+            TBS:
+                MD5: a2d2ae7554f77f6e9ffb0b1a9b700ac4
+                SHA1: 9f69ff166f5dc446578a45d7d69482373755e141
+                SHA256: ad394b7e5cb9ccf6429762405f9840b648e38e8faf2de376f1aa375c6729abb7
+                SHA384: eda103bac2997f31d778637ce8d1fa1263485a9d6a77d6e381bad8312e6bbec020ce5036e16ca96087e50f6ab200944a
+        Signer:
+        -   SerialNumber: 535091e6cab13af393b51ead0825f627
+            Issuer: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo
+                RSA Code Signing CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: Advanced Micro Devices, Inc.
+    Date: ''
+    Description: USB-C Power Delivery Firmware Update Utility Driver
+    FileVersion: '1.1'
+    Filename: ''
+    MD5: 0b0447072ada1636a14087574a512c82
+    MachineType: AMD64
+    OriginalFilename: PDFWKRNL.sys
+    Product: USB-C Power Delivery Firmware Update Utility Driver
+    ProductVersion: '1.1'
+    Publisher: ''
+    SHA1: e28b754d4d332ea57349110c019d841cf4d27356
+    SHA256: 5df689a62003d26df4aefbaed41ec1205abbf3a2e18e1f1d51b97711e8fcdf00
+    Signature: ''
+    Imphash: f5df2479285c7b593b3630b8357032e3
+    Authentihash:
+        MD5: afe828d66195a0e13579137ca102238b
+        SHA1: b0e839e75e4a607e1697a6a8a246d11bcca712e0
+        SHA256: cd5bff03256b98922b47a2725128540953a0ac15bd2be204196917d0c707a9cb
+    RichPEHeaderHash:
+        MD5: 33c9bfc9dc766dcea534eeb1d824cd8a
+        SHA1: 56a256d7e55cd26ee6ef005948cc10775844d8aa
+        SHA256: 8b6a847e85f2718f6ffb093a6e5623d635e5d35fe85fe238f7b349800ee790ec
+    Sections:
+        .text:
+            Entropy: 5.860373054881857
+            Virtual Size: '0xdc0'
+        .rdata:
+            Entropy: 4.017039388906641
+            Virtual Size: '0xc54'
+        .data:
+            Entropy: 1.874295453293815
+            Virtual Size: '0x240'
+        .pdata:
+            Entropy: 4.093065667164915
+            Virtual Size: '0x270'
+        PAGE:
+            Entropy: 6.200431242069836
+            Virtual Size: '0x1d0b'
+        INIT:
+            Entropy: 4.845082540506861
+            Virtual Size: '0x576'
+        .rsrc:
+            Entropy: 3.34832425352919
+            Virtual Size: '0x408'
+        .reloc:
+            Entropy: 3.92146948986705
+            Virtual Size: '0x3c'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2023-06-23 11:20:08'
+    InternalName: PDFWKRNL.sys
+    Copyright: Copyright (C) 2023 Advanced Micro Devices, Inc.
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - MmBuildMdlForNonPagedPool
+    - IoAllocateMdl
+    - RtlInitUnicodeString
+    - MmMapIoSpace
+    - MmFreeContiguousMemory
+    - IoDeleteDevice
+    - MmUnmapIoSpace
+    - MmGetPhysicalAddress
+    - IoDeleteSymbolicLink
+    - IoFreeMdl
+    - MmAllocateContiguousMemorySpecifyCache
+    - ExFreePoolWithTag
+    - MmUnmapLockedPages
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - MmMapLockedPages
+    - ZwCreateKey
+    - MmGetSystemRoutineAddress
+    - ZwClose
+    - ZwSetSecurityObject
+    - IoDeviceObjectType
+    - IoCreateDevice
+    - ObOpenObjectByPointer
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - RtlGetSaclSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - _snwprintf
+    - RtlLengthSecurityDescriptor
+    - SeExports
+    - RtlCreateSecurityDescriptor
+    - _wcsnicmp
+    - ExAllocatePoolWithTag
+    - wcschr
+    - RtlAbsoluteToSelfRelativeSD
+    - RtlAddAccessAllowedAce
+    - RtlLengthSid
+    - IoIsWdmVersionAvailable
+    - RtlSetDaclSecurityDescriptor
+    - ZwOpenKey
+    - ZwSetValueKey
+    - ZwQueryValueKey
+    - RtlFreeUnicodeString
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=California, L=Santa Clara, O=Advanced Micro Devices
+                Inc., CN=Advanced Micro Devices Inc.
+            ValidFrom: '2021-05-11 00:00:00'
+            ValidTo: '2024-05-10 23:59:59'
+            Signature: 8444e268ff381c9148985f408e5cc1453a560c9dd94d2a6cfa01dd7f2adc8af633053d2c79027db4f185f477b0d5db8b362b37dbd0d258823831ace7058baf3feb80a9eb2de9dd886bcf390fae9b586fc833e63db5c6a07019f35a9fce6899502852737b32d25ea7832c3786df0642d21622e56c0b0171e96f9520d07f73950376ff555bcf9c8a55bf4f86c088b58e2cb625a0ef4680ed7281f09a40c7be9f69cba77a6967030e39b2cfa46692698ced9e5347dd7056b476545c3442f934cb2c30cb986afabd29a9a9e2eb28c5bd6ee47dabf5ef587f850ea49b124eb868aac68de949616d08f875192b93388549c7327a3ef085e287d5a743810c151b250c64
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 535091e6cab13af393b51ead0825f627
+            Version: 3
+            TBS:
+                MD5: f2f60243e26dcdf4729d28b1beb55f01
+                SHA1: a23ac91136dd79d77b93b12c813e0c6669ed9f4d
+                SHA256: 192ee517f8ae928808632422a6461613d65ee324fa58d2f099a27a3d0da9ca6b
+                SHA384: beb93a1ff1715564a418ecb07cee42465dbf9c76cc703e7088bdafb2099b003afa0c335bcd15d318dcb2bf8519c199da
+        -   Subject: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo
+                RSA Code Signing CA
+            ValidFrom: '2018-11-02 00:00:00'
+            ValidTo: '2030-12-31 23:59:59'
+            Signature: 4d6350ed47344a61a4dbde6a2a8c9bf100001e1d627b3ad732c2f6b3e063b3fb6100889a1b6d1007044fbeb8ea897822eb0f46ecf3465e40468912f40b775a9c2a413afcd6f4ebe7f7159533c3a18328b7de2fe494f78533832d4a4048bf9ac24f4ab18f24f4b38137d3b764b0a6236a596852425fff04ebe174657908f5a993de6b71409996ba78f1b9c8e2c30816b1ab635ac815806d745e4a757ea5b8c36cb5cfdf4a79875cc7404d6335f630d3cfb50a0e0b047fa04baebba3a5d08400933e535d34a50035696cbe9f2025100d19fb509061be398f7a8e4df69f0e1efe075112668326194895ce4ac9c17ff33a059bf96fdf887fc0239ed21e437a4531c19c4da9f059b25919e86a8d290402777c4b4bcd70be3ab2555a783ebcbb6f0310257715348af936cc4392e4ba4ff1629328255729fb5119c7a125406a8457c6b29db1bc1c0ada7c677e7d2ee9284c187ec47b3141719a4b29ec0b3d5750d2caddfd9e0551e54478dd01deb175980d5424fdf04ee3e2f883bd72bacb3d3aeef05e1792686dc861f9a6f12a0a0ba5b9f49eee983205859eebf98329d3c62c7dbd3a772e8b3742a06a82ed3b4aaa9410a4e10df817c5b65a79331892e3b575f8a1e98e0a251ee41ef19f5a8723ff9fa4519efb398011cddbb5c4a7a8806fe553d4e0e3a2c2d25b1afa32262d6a57701c3ca4582ea3f35b4b07dc3259f387a71a6d58
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.12
+            IsCertificateAuthority: true
+            SerialNumber: 1da248306f9b2618d082e0967d33d36a
+            Version: 3
+            TBS:
+                MD5: c1eabfb5994258ad955adb7c2df165e6
+                SHA1: fa33b3c00cebc469b269220d9eab26926c9b8ad8
+                SHA256: 70dffac37eb787b2198816982c7d44f541d2e39a7dac069d37b367dc9f354b32
+                SHA384: 20adc5b59cb532e215f01ba09a9c745898c206555613512fea7c295ccfd17ced4fe2c5bc3274ca8a270fc68799b8343c
+        -   Subject: C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network,
+                CN=USERTrust RSA Certification Authority
+            ValidFrom: '2015-07-22 21:03:49'
+            ValidTo: '2025-07-22 21:03:49'
+            Signature: 6b22933c3d395471646b0ef2e43c3011c5204a4b860f92f1ff33793ad9e498a70e40a022807e61b2e0a719cf2695312a65d46a4f3186eac0c62ec5648c3d4859cd0b2f743d9426131042d49798275e3c76d278691d1a64e7057275e0eb6640439f8f0c46ff9760a6c867ad10089b62a6e9be3a8ad3074d9f729325bc0611e02c90383e671cfd19d79e90ce3dc2e0e761acc0e504f51e99540c910d01567137ae27d49e4322a5c927cd4de571123924a5415687ffbc55140f25ca89eec797e5d213ff3d7e1aa08f3fc82cd7a370d0c760c0fcd83e51e797c63e3bedcf78be8acae3c4f2a7a7ed9eae08028fa052db721ed53bc34d9f8efa9b70c7f8e3bf6c3f929be4373eec6a8c29f9c1a2bf8b3e1a6966fb1c634f2601c902c43ed2ffc343a81bfd99fad4bca5b9e2932f3b01c5d1f43a2f68c3e064b75a955e46cc078369bb3c05925673357345984e7cd812a5b742e9a263f642601870d13b6f31c087c7e671e1f34616e9f5b872b3e96d1f622649a3498bdd68c78b6856f7defcfa8724b80381178fe5f1676a1daed374f78ca55db30b8e422996ce49c4777e667c01171a6c1424c3b0177705d81a40b7866bd8e47b40ac7edf4e6f24f92080828c33e7e5fa29d89dda8b705d2bc91d824c0b67cb84419ee7067e1183442d8a19eef47f9add791c37191e9f3f8c29ba0d5c1086376c48cd455dcd70bcbcd14d5dd8c5b876
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 3300000044b73ffcef5acfa27a000000000044
+            Version: 3
+            TBS:
+                MD5: a2d2ae7554f77f6e9ffb0b1a9b700ac4
+                SHA1: 9f69ff166f5dc446578a45d7d69482373755e141
+                SHA256: ad394b7e5cb9ccf6429762405f9840b648e38e8faf2de376f1aa375c6729abb7
+                SHA384: eda103bac2997f31d778637ce8d1fa1263485a9d6a77d6e381bad8312e6bbec020ce5036e16ca96087e50f6ab200944a
+        Signer:
+        -   SerialNumber: 535091e6cab13af393b51ead0825f627
+            Issuer: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo
+                RSA Code Signing CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: Advanced Micro Devices, Inc.
+    Date: ''
+    Description: USB-C Power Delivery Firmware Update Utility Driver
+    FileVersion: '1.0'
+    Filename: ''
+    MD5: f0db5af13c457a299a64cf524c64b042
+    MachineType: AMD64
+    OriginalFilename: PDFWKRNL.sys
+    Product: USB-C Power Delivery Firmware Update Utility Driver
+    ProductVersion: '1.0'
+    Publisher: ''
+    SHA1: a24840e32071e0f64e1dff8ca540604896811587
+    SHA256: 6945077a6846af3e4e2f6a2f533702f57e993c5b156b6965a552d6a5d63b7402
+    Signature: ''
+    Imphash: 3f4c9025125027e307b7e52dd577303b
+    Authentihash:
+        MD5: d255a6146ab4e75a6ac362cf07641180
+        SHA1: 661a1a28950cec3f2c3d0e72ab2a05d4a173cf9a
+        SHA256: fc23abdcf93928e1db8401a7ff53c86c85230a8637c4168f7434208f9e8b5ded
+    RichPEHeaderHash:
+        MD5: eff2e20cff5d56c711ba91e03ead294d
+        SHA1: 94f9b8467857dfe5b38ddaf5b260de7da65563ef
+        SHA256: 8548170c0fc3ef601bbd115b2ad461be8dd8abcceb062617f2b02469de17f2c0
+    Sections:
+        .text:
+            Entropy: 5.775171264269732
+            Virtual Size: '0x96a'
+        .rdata:
+            Entropy: 2.837849121032207
+            Virtual Size: '0x504'
+        .data:
+            Entropy: 1.457518749639422
+            Virtual Size: '0x18'
+        .pdata:
+            Entropy: 3.213363216579077
+            Virtual Size: '0x84'
+        INIT:
+            Entropy: 4.607889156155057
+            Virtual Size: '0x23c'
+        .rsrc:
+            Entropy: 3.3343295190199753
+            Virtual Size: '0x408'
+        .reloc:
+            Entropy: 3.5168756957665632
+            Virtual Size: '0x24'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2022-12-22 11:13:53'
+    InternalName: PDFWKRNL.sys
+    Copyright: Copyright (C) 2021 Advanced Micro Devices, Inc.
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - MmBuildMdlForNonPagedPool
+    - IoAllocateMdl
+    - RtlInitUnicodeString
+    - MmMapIoSpace
+    - MmFreeContiguousMemory
+    - IoDeleteDevice
+    - MmUnmapIoSpace
+    - MmGetPhysicalAddress
+    - IoDeleteSymbolicLink
+    - IoFreeMdl
+    - MmAllocateContiguousMemorySpecifyCache
+    - IoCreateDevice
+    - ExFreePoolWithTag
+    - MmUnmapLockedPages
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - MmMapLockedPages
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=California, L=Santa Clara, O=Advanced Micro Devices
+                Inc., CN=Advanced Micro Devices Inc.
+            ValidFrom: '2021-05-11 00:00:00'
+            ValidTo: '2024-05-10 23:59:59'
+            Signature: 8444e268ff381c9148985f408e5cc1453a560c9dd94d2a6cfa01dd7f2adc8af633053d2c79027db4f185f477b0d5db8b362b37dbd0d258823831ace7058baf3feb80a9eb2de9dd886bcf390fae9b586fc833e63db5c6a07019f35a9fce6899502852737b32d25ea7832c3786df0642d21622e56c0b0171e96f9520d07f73950376ff555bcf9c8a55bf4f86c088b58e2cb625a0ef4680ed7281f09a40c7be9f69cba77a6967030e39b2cfa46692698ced9e5347dd7056b476545c3442f934cb2c30cb986afabd29a9a9e2eb28c5bd6ee47dabf5ef587f850ea49b124eb868aac68de949616d08f875192b93388549c7327a3ef085e287d5a743810c151b250c64
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 535091e6cab13af393b51ead0825f627
+            Version: 3
+            TBS:
+                MD5: f2f60243e26dcdf4729d28b1beb55f01
+                SHA1: a23ac91136dd79d77b93b12c813e0c6669ed9f4d
+                SHA256: 192ee517f8ae928808632422a6461613d65ee324fa58d2f099a27a3d0da9ca6b
+                SHA384: beb93a1ff1715564a418ecb07cee42465dbf9c76cc703e7088bdafb2099b003afa0c335bcd15d318dcb2bf8519c199da
+        -   Subject: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo
+                RSA Code Signing CA
+            ValidFrom: '2018-11-02 00:00:00'
+            ValidTo: '2030-12-31 23:59:59'
+            Signature: 4d6350ed47344a61a4dbde6a2a8c9bf100001e1d627b3ad732c2f6b3e063b3fb6100889a1b6d1007044fbeb8ea897822eb0f46ecf3465e40468912f40b775a9c2a413afcd6f4ebe7f7159533c3a18328b7de2fe494f78533832d4a4048bf9ac24f4ab18f24f4b38137d3b764b0a6236a596852425fff04ebe174657908f5a993de6b71409996ba78f1b9c8e2c30816b1ab635ac815806d745e4a757ea5b8c36cb5cfdf4a79875cc7404d6335f630d3cfb50a0e0b047fa04baebba3a5d08400933e535d34a50035696cbe9f2025100d19fb509061be398f7a8e4df69f0e1efe075112668326194895ce4ac9c17ff33a059bf96fdf887fc0239ed21e437a4531c19c4da9f059b25919e86a8d290402777c4b4bcd70be3ab2555a783ebcbb6f0310257715348af936cc4392e4ba4ff1629328255729fb5119c7a125406a8457c6b29db1bc1c0ada7c677e7d2ee9284c187ec47b3141719a4b29ec0b3d5750d2caddfd9e0551e54478dd01deb175980d5424fdf04ee3e2f883bd72bacb3d3aeef05e1792686dc861f9a6f12a0a0ba5b9f49eee983205859eebf98329d3c62c7dbd3a772e8b3742a06a82ed3b4aaa9410a4e10df817c5b65a79331892e3b575f8a1e98e0a251ee41ef19f5a8723ff9fa4519efb398011cddbb5c4a7a8806fe553d4e0e3a2c2d25b1afa32262d6a57701c3ca4582ea3f35b4b07dc3259f387a71a6d58
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.12
+            IsCertificateAuthority: true
+            SerialNumber: 1da248306f9b2618d082e0967d33d36a
+            Version: 3
+            TBS:
+                MD5: c1eabfb5994258ad955adb7c2df165e6
+                SHA1: fa33b3c00cebc469b269220d9eab26926c9b8ad8
+                SHA256: 70dffac37eb787b2198816982c7d44f541d2e39a7dac069d37b367dc9f354b32
+                SHA384: 20adc5b59cb532e215f01ba09a9c745898c206555613512fea7c295ccfd17ced4fe2c5bc3274ca8a270fc68799b8343c
+        -   Subject: C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network,
+                CN=USERTrust RSA Certification Authority
+            ValidFrom: '2015-07-22 21:03:49'
+            ValidTo: '2025-07-22 21:03:49'
+            Signature: 6b22933c3d395471646b0ef2e43c3011c5204a4b860f92f1ff33793ad9e498a70e40a022807e61b2e0a719cf2695312a65d46a4f3186eac0c62ec5648c3d4859cd0b2f743d9426131042d49798275e3c76d278691d1a64e7057275e0eb6640439f8f0c46ff9760a6c867ad10089b62a6e9be3a8ad3074d9f729325bc0611e02c90383e671cfd19d79e90ce3dc2e0e761acc0e504f51e99540c910d01567137ae27d49e4322a5c927cd4de571123924a5415687ffbc55140f25ca89eec797e5d213ff3d7e1aa08f3fc82cd7a370d0c760c0fcd83e51e797c63e3bedcf78be8acae3c4f2a7a7ed9eae08028fa052db721ed53bc34d9f8efa9b70c7f8e3bf6c3f929be4373eec6a8c29f9c1a2bf8b3e1a6966fb1c634f2601c902c43ed2ffc343a81bfd99fad4bca5b9e2932f3b01c5d1f43a2f68c3e064b75a955e46cc078369bb3c05925673357345984e7cd812a5b742e9a263f642601870d13b6f31c087c7e671e1f34616e9f5b872b3e96d1f622649a3498bdd68c78b6856f7defcfa8724b80381178fe5f1676a1daed374f78ca55db30b8e422996ce49c4777e667c01171a6c1424c3b0177705d81a40b7866bd8e47b40ac7edf4e6f24f92080828c33e7e5fa29d89dda8b705d2bc91d824c0b67cb84419ee7067e1183442d8a19eef47f9add791c37191e9f3f8c29ba0d5c1086376c48cd455dcd70bcbcd14d5dd8c5b876
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 3300000044b73ffcef5acfa27a000000000044
+            Version: 3
+            TBS:
+                MD5: a2d2ae7554f77f6e9ffb0b1a9b700ac4
+                SHA1: 9f69ff166f5dc446578a45d7d69482373755e141
+                SHA256: ad394b7e5cb9ccf6429762405f9840b648e38e8faf2de376f1aa375c6729abb7
+                SHA384: eda103bac2997f31d778637ce8d1fa1263485a9d6a77d6e381bad8312e6bbec020ce5036e16ca96087e50f6ab200944a
+        Signer:
+        -   SerialNumber: 535091e6cab13af393b51ead0825f627
+            Issuer: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo
+                RSA Code Signing CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
+-   Company: Advanced Micro Devices, Inc.
+    Date: ''
+    Description: USB-C Power Delivery Firmware Update Tool Kernel Driver
+    FileVersion: '1.0'
+    Filename: ''
+    MD5: 19c0c18384d6a6d65462be891692df9c
+    MachineType: AMD64
+    OriginalFilename: PDFWKRNL.sys
+    Product: USB-C Power Delivery Firmware Update Tool Kernel Driver
+    ProductVersion: '1.0'
+    Publisher: ''
+    SHA1: 2ee7b3f6bcc9e95a9ae60bcb9bbc483b0400077d
+    SHA256: f190919f1668652249fa23d8c0455acbde9d344089fde96566239b1a18b91da2
+    Signature: ''
+    Imphash: 3f4c9025125027e307b7e52dd577303b
+    Authentihash:
+        MD5: 813f710d7941bc8df3fd60625dcae48a
+        SHA1: 531ae2d8f7aa301b74a37b82b5f3cadbf91962e0
+        SHA256: b49b7bcf44242dac00ca559dca217ec5d935b78c963f23bd0f49f53a610dd569
+    RichPEHeaderHash:
+        MD5: ab0033f961519a670a4f5bb4cb27078c
+        SHA1: 001439f5c078236db0d9f3975d109bbbbcdca85d
+        SHA256: 0d157e35d3e64fede649680b050c99079456df79286889fc0ed61417f8249918
+    Sections:
+        .text:
+            Entropy: 5.774198151282791
+            Virtual Size: '0x96a'
+        .rdata:
+            Entropy: 3.1411445742410575
+            Virtual Size: '0x474'
+        .data:
+            Entropy: 1.457518749639422
+            Virtual Size: '0x18'
+        .pdata:
+            Entropy: 3.1359292104877943
+            Virtual Size: '0x84'
+        INIT:
+            Entropy: 4.58854617911247
+            Virtual Size: '0x23c'
+        .rsrc:
+            Entropy: 3.3373025657841526
+            Virtual Size: '0x418'
+        .reloc:
+            Entropy: 3.569548827786958
+            Virtual Size: '0x20'
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2021-09-08 12:42:11'
+    InternalName: PDFWKRNL.sys
+    Copyright: Copyright (C) 2021 Advanced Micro Devices, Inc.
+    Imports:
+    - ntoskrnl.exe
+    ExportedFunctions: ''
+    ImportedFunctions:
+    - MmBuildMdlForNonPagedPool
+    - IoAllocateMdl
+    - RtlInitUnicodeString
+    - MmMapIoSpace
+    - MmFreeContiguousMemory
+    - IoDeleteDevice
+    - MmUnmapIoSpace
+    - MmGetPhysicalAddress
+    - IoDeleteSymbolicLink
+    - IoFreeMdl
+    - MmAllocateContiguousMemorySpecifyCache
+    - IoCreateDevice
+    - ExFreePoolWithTag
+    - MmUnmapLockedPages
+    - IofCompleteRequest
+    - IoCreateSymbolicLink
+    - MmMapLockedPages
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=California, L=Santa Clara, O=Advanced Micro Devices
+                Inc., CN=Advanced Micro Devices Inc.
+            ValidFrom: '2021-05-11 00:00:00'
+            ValidTo: '2024-05-10 23:59:59'
+            Signature: 8444e268ff381c9148985f408e5cc1453a560c9dd94d2a6cfa01dd7f2adc8af633053d2c79027db4f185f477b0d5db8b362b37dbd0d258823831ace7058baf3feb80a9eb2de9dd886bcf390fae9b586fc833e63db5c6a07019f35a9fce6899502852737b32d25ea7832c3786df0642d21622e56c0b0171e96f9520d07f73950376ff555bcf9c8a55bf4f86c088b58e2cb625a0ef4680ed7281f09a40c7be9f69cba77a6967030e39b2cfa46692698ced9e5347dd7056b476545c3442f934cb2c30cb986afabd29a9a9e2eb28c5bd6ee47dabf5ef587f850ea49b124eb868aac68de949616d08f875192b93388549c7327a3ef085e287d5a743810c151b250c64
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 535091e6cab13af393b51ead0825f627
+            Version: 3
+            TBS:
+                MD5: f2f60243e26dcdf4729d28b1beb55f01
+                SHA1: a23ac91136dd79d77b93b12c813e0c6669ed9f4d
+                SHA256: 192ee517f8ae928808632422a6461613d65ee324fa58d2f099a27a3d0da9ca6b
+                SHA384: beb93a1ff1715564a418ecb07cee42465dbf9c76cc703e7088bdafb2099b003afa0c335bcd15d318dcb2bf8519c199da
+        -   Subject: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo
+                RSA Code Signing CA
+            ValidFrom: '2018-11-02 00:00:00'
+            ValidTo: '2030-12-31 23:59:59'
+            Signature: 4d6350ed47344a61a4dbde6a2a8c9bf100001e1d627b3ad732c2f6b3e063b3fb6100889a1b6d1007044fbeb8ea897822eb0f46ecf3465e40468912f40b775a9c2a413afcd6f4ebe7f7159533c3a18328b7de2fe494f78533832d4a4048bf9ac24f4ab18f24f4b38137d3b764b0a6236a596852425fff04ebe174657908f5a993de6b71409996ba78f1b9c8e2c30816b1ab635ac815806d745e4a757ea5b8c36cb5cfdf4a79875cc7404d6335f630d3cfb50a0e0b047fa04baebba3a5d08400933e535d34a50035696cbe9f2025100d19fb509061be398f7a8e4df69f0e1efe075112668326194895ce4ac9c17ff33a059bf96fdf887fc0239ed21e437a4531c19c4da9f059b25919e86a8d290402777c4b4bcd70be3ab2555a783ebcbb6f0310257715348af936cc4392e4ba4ff1629328255729fb5119c7a125406a8457c6b29db1bc1c0ada7c677e7d2ee9284c187ec47b3141719a4b29ec0b3d5750d2caddfd9e0551e54478dd01deb175980d5424fdf04ee3e2f883bd72bacb3d3aeef05e1792686dc861f9a6f12a0a0ba5b9f49eee983205859eebf98329d3c62c7dbd3a772e8b3742a06a82ed3b4aaa9410a4e10df817c5b65a79331892e3b575f8a1e98e0a251ee41ef19f5a8723ff9fa4519efb398011cddbb5c4a7a8806fe553d4e0e3a2c2d25b1afa32262d6a57701c3ca4582ea3f35b4b07dc3259f387a71a6d58
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.12
+            IsCertificateAuthority: true
+            SerialNumber: 1da248306f9b2618d082e0967d33d36a
+            Version: 3
+            TBS:
+                MD5: c1eabfb5994258ad955adb7c2df165e6
+                SHA1: fa33b3c00cebc469b269220d9eab26926c9b8ad8
+                SHA256: 70dffac37eb787b2198816982c7d44f541d2e39a7dac069d37b367dc9f354b32
+                SHA384: 20adc5b59cb532e215f01ba09a9c745898c206555613512fea7c295ccfd17ced4fe2c5bc3274ca8a270fc68799b8343c
+        -   Subject: C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network,
+                CN=USERTrust RSA Certification Authority
+            ValidFrom: '2015-07-22 21:03:49'
+            ValidTo: '2025-07-22 21:03:49'
+            Signature: 6b22933c3d395471646b0ef2e43c3011c5204a4b860f92f1ff33793ad9e498a70e40a022807e61b2e0a719cf2695312a65d46a4f3186eac0c62ec5648c3d4859cd0b2f743d9426131042d49798275e3c76d278691d1a64e7057275e0eb6640439f8f0c46ff9760a6c867ad10089b62a6e9be3a8ad3074d9f729325bc0611e02c90383e671cfd19d79e90ce3dc2e0e761acc0e504f51e99540c910d01567137ae27d49e4322a5c927cd4de571123924a5415687ffbc55140f25ca89eec797e5d213ff3d7e1aa08f3fc82cd7a370d0c760c0fcd83e51e797c63e3bedcf78be8acae3c4f2a7a7ed9eae08028fa052db721ed53bc34d9f8efa9b70c7f8e3bf6c3f929be4373eec6a8c29f9c1a2bf8b3e1a6966fb1c634f2601c902c43ed2ffc343a81bfd99fad4bca5b9e2932f3b01c5d1f43a2f68c3e064b75a955e46cc078369bb3c05925673357345984e7cd812a5b742e9a263f642601870d13b6f31c087c7e671e1f34616e9f5b872b3e96d1f622649a3498bdd68c78b6856f7defcfa8724b80381178fe5f1676a1daed374f78ca55db30b8e422996ce49c4777e667c01171a6c1424c3b0177705d81a40b7866bd8e47b40ac7edf4e6f24f92080828c33e7e5fa29d89dda8b705d2bc91d824c0b67cb84419ee7067e1183442d8a19eef47f9add791c37191e9f3f8c29ba0d5c1086376c48cd455dcd70bcbcd14d5dd8c5b876
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 3300000044b73ffcef5acfa27a000000000044
+            Version: 3
+            TBS:
+                MD5: a2d2ae7554f77f6e9ffb0b1a9b700ac4
+                SHA1: 9f69ff166f5dc446578a45d7d69482373755e141
+                SHA256: ad394b7e5cb9ccf6429762405f9840b648e38e8faf2de376f1aa375c6729abb7
+                SHA384: eda103bac2997f31d778637ce8d1fa1263485a9d6a77d6e381bad8312e6bbec020ce5036e16ca96087e50f6ab200944a
+        Signer:
+        -   SerialNumber: 535091e6cab13af393b51ead0825f627
+            Issuer: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo
+                RSA Code Signing CA
+            Version: 1
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/fdf4f85b-47f4-4c98-a0d5-a6583463f565.yaml b/yaml/fdf4f85b-47f4-4c98-a0d5-a6583463f565.yaml
index 0c494ac49..e4eef1dea 100644
--- a/yaml/fdf4f85b-47f4-4c98-a0d5-a6583463f565.yaml
+++ b/yaml/fdf4f85b-47f4-4c98-a0d5-a6583463f565.yaml
@@ -1,179 +1,180 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: fdf4f85b-47f4-4c98-a0d5-a6583463f565
+Tags:
+- vmdrv.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create vmdrv.sys binPath=C:\windows\temp\vmdrv.sys type=kernel &&
-    sc.exe start vmdrv.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/32cccc4f249499061c0afa18f534c825d01034a1f6815f5506bf4c4ff55d1351.yara
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: fdf4f85b-47f4-4c98-a0d5-a6583463f565
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: 681bb8e9713477839a1ee8d87b498630
-    SHA1: 68cdcd073e57f650c5d6173cd79af3a3526052f6
-    SHA256: 99ddeba6bcdc79e52e3ff8afc63dbe4b299161cf0f5558a2d7630c2a18daf2c6
-  Company: Windows (R) Win 7 DDK provider
-  Copyright: Copyright (C) Voicemod S.L.2010-2020
-  CreationTimestamp: '2022-02-22 13:12:24'
-  Date: ''
-  Description: Voicemod Virtual Audio Device (WDM)
-  ExportedFunctions: ''
-  FileVersion: 10.0.10011.16384
-  Filename: vmdrv.sys
-  ImportedFunctions:
-  - RtlInitUnicodeString
-  - KeClearEvent
-  - KeSetEvent
-  - ExFreePool
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - ObReferenceObjectByHandle
-  - ObfDereferenceObject
-  - ExEventObjectType
-  - ExAllocatePoolWithTag
-  - ExFreePoolWithTag
-  - ExSystemTimeToLocalTime
-  - _purecall
-  - KeInitializeDpc
-  - KeFlushQueuedDpcs
-  - KeInitializeMutex
-  - KeReleaseMutex
-  - KeInitializeTimerEx
-  - KeCancelTimer
-  - KeSetTimerEx
-  - KeWaitForSingleObject
-  - KeInitializeSpinLock
-  - KeAcquireSpinLockRaiseToDpc
-  - KeReleaseSpinLock
-  - IoAllocateWorkItem
-  - IoFreeWorkItem
-  - IoQueueWorkItem
-  - RtlIsNtDdiVersionAvailable
-  - PcInitializeAdapterDriver
-  - PcDispatchIrp
-  - PcAddAdapterDevice
-  - PcRegisterAdapterPowerManagement
-  - PcNewServiceGroup
-  - PcRegisterSubdevice
-  - PcRegisterPhysicalConnection
-  - PcNewPort
-  Imports:
-  - ntoskrnl.exe
-  - portcls.sys
-  InternalName: vmdrv.sys
-  MD5: d5db81974ffda566fa821400419f59be
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: vmdrv.sys
-  Product: Windows (R) Win 7 DDK driver
-  ProductVersion: 10.0.10011.16384
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: f6ca8831520c235d28dbfa26ad735d55
-    SHA1: e8d1bb5697814956222cfbf5d0275766135f9ba0
-    SHA256: 709e3c46eff74215c009624ce48e3d6d65a6e5237d38781232e9cb1844748fcf
-  SHA1: 4c18754dca481f107f0923fb8ef5e149d128525d
-  SHA256: 32cccc4f249499061c0afa18f534c825d01034a1f6815f5506bf4c4ff55d1351
-  Sections:
-    .text:
-      Entropy: 5.72820930665092
-      Virtual Size: '0x1466'
-    .rdata:
-      Entropy: 4.71043452997573
-      Virtual Size: '0x1440'
-    .data:
-      Entropy: 1.9612699371321567
-      Virtual Size: '0x72c'
-    .pdata:
-      Entropy: 4.38228852061058
-      Virtual Size: '0x570'
-    PAGE:
-      Entropy: 6.039766687351532
-      Virtual Size: '0x2e8a'
-    INIT:
-      Entropy: 5.4515972556240095
-      Virtual Size: '0x6da'
-    .rsrc:
-      Entropy: 3.595344946345435
-      Virtual Size: '0x460'
-    .reloc:
-      Entropy: 5.058075646330186
-      Virtual Size: '0x188'
-  Signature:
-  - Voicemod Sociedad Limitada
-  - DigiCert Global G3 Code Signing ECC SHA384 2021 CA1
-  - DigiCert Global Root G3
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=DigiCert, Inc., CN=DigiCert Global G3 Code Signing ECC SHA384
-        2021 CA1
-      ValidFrom: '2021-04-29 00:00:00'
-      ValidTo: '2036-04-28 23:59:59'
-      Signature: 3065023078bd4995657101d0465768650e68a9dc3608c1eefdd48edb40653f0dff93afc2ae6386a37ecbb4915a78ec070367077c023100e79f1ff1075bac34c638bcb5a550cee6ea387e3e7990e4a45bab020de807fc56a65a8addb350b2ddf2fa66749ed01663
-      SignatureAlgorithmOID: 1.2.840.10045.4.3.3
-      IsCertificateAuthority: true
-      SerialNumber: 0fb8a740b9158d035143bc59d9f04029
-      Version: 3
-      TBS:
-        MD5: b4a3c39dbd2935ac070032406fa082e4
-        SHA1: 891bf1b0a017f5aadbc0d997fe63eb0ec25a1655
-        SHA256: 81d8278fe4857a2dfa510a0af74deeb0623ef79e25fcf171644808a3ec652305
-        SHA384: 17653c0976e1370da584b5eaf4a6deb1d3b7cad97c2f12592e7b96c5302b88bde20b30fa5963ef0ac9f2063083b48e9e
-    - Subject: ??=Private Organization, ??=ES, ??=Valencia, serialNumber=B98657844,
-        C=ES, L=Valencia, O=Voicemod Sociedad Limitada, CN=Voicemod Sociedad Limitada
-      ValidFrom: '2021-10-21 00:00:00'
-      ValidTo: '2023-01-19 23:59:59'
-      Signature: 3066023100fd8a9d376bf4399c7cb947c5fbb2e90bb3fdbcb37cab257ef47db016f1898e2d129241a757f039f8e7112b05a48632a60231009b75d4e2623fb9f54ce9ffc6ba7a661a5d2d54b096ddf6c510b2f6063981c15846e282779e9febffa39e5c9fad429646
-      SignatureAlgorithmOID: 1.2.840.10045.4.3.3
-      IsCertificateAuthority: false
-      SerialNumber: 014d8930c6a3fceb0f4021734d5ed508
-      Version: 3
-      TBS:
-        MD5: 59e2799dd07c9a450f06c376eb220a48
-        SHA1: 8588e052171ee54d148087ef5e2b8cf81017d199
-        SHA256: 3a0fbfc101d7832c403769e3f28cdfcea533abdd1461c09b134594a1d21aabe8
-        SHA384: 6df23072f503ec2ff425603e606c706a149144483579648653c5e1f40c64243b77cc021873ed46c5ac9597ba452f11fc
-    Signer:
-    - SerialNumber: 014d8930c6a3fceb0f4021734d5ed508
-      Issuer: C=US, O=DigiCert, Inc., CN=DigiCert Global G3 Code Signing ECC SHA384
-        2021 CA1
-      Version: 1
-  Imphash: 7c24141cdcfc23f5eb0e2b6792d80740
-  LoadsDespiteHVCI: 'TRUE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create vmdrv.sys binPath=C:\windows\temp\vmdrv.sys type=kernel
+        && sc.exe start vmdrv.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://github.com/elastic/protections-artifacts/search?q=VulnDriver
-Tags:
-- vmdrv.sys
-Verified: 'TRUE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/32cccc4f249499061c0afa18f534c825d01034a1f6815f5506bf4c4ff55d1351.yara
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: 681bb8e9713477839a1ee8d87b498630
+        SHA1: 68cdcd073e57f650c5d6173cd79af3a3526052f6
+        SHA256: 99ddeba6bcdc79e52e3ff8afc63dbe4b299161cf0f5558a2d7630c2a18daf2c6
+    Company: Windows (R) Win 7 DDK provider
+    Copyright: Copyright (C) Voicemod S.L.2010-2020
+    CreationTimestamp: '2022-02-22 13:12:24'
+    Date: ''
+    Description: Voicemod Virtual Audio Device (WDM)
+    ExportedFunctions: ''
+    FileVersion: 10.0.10011.16384
+    Filename: vmdrv.sys
+    ImportedFunctions:
+    - RtlInitUnicodeString
+    - KeClearEvent
+    - KeSetEvent
+    - ExFreePool
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - ObReferenceObjectByHandle
+    - ObfDereferenceObject
+    - ExEventObjectType
+    - ExAllocatePoolWithTag
+    - ExFreePoolWithTag
+    - ExSystemTimeToLocalTime
+    - _purecall
+    - KeInitializeDpc
+    - KeFlushQueuedDpcs
+    - KeInitializeMutex
+    - KeReleaseMutex
+    - KeInitializeTimerEx
+    - KeCancelTimer
+    - KeSetTimerEx
+    - KeWaitForSingleObject
+    - KeInitializeSpinLock
+    - KeAcquireSpinLockRaiseToDpc
+    - KeReleaseSpinLock
+    - IoAllocateWorkItem
+    - IoFreeWorkItem
+    - IoQueueWorkItem
+    - RtlIsNtDdiVersionAvailable
+    - PcInitializeAdapterDriver
+    - PcDispatchIrp
+    - PcAddAdapterDevice
+    - PcRegisterAdapterPowerManagement
+    - PcNewServiceGroup
+    - PcRegisterSubdevice
+    - PcRegisterPhysicalConnection
+    - PcNewPort
+    Imports:
+    - ntoskrnl.exe
+    - portcls.sys
+    InternalName: vmdrv.sys
+    MD5: d5db81974ffda566fa821400419f59be
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: vmdrv.sys
+    Product: Windows (R) Win 7 DDK driver
+    ProductVersion: 10.0.10011.16384
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: f6ca8831520c235d28dbfa26ad735d55
+        SHA1: e8d1bb5697814956222cfbf5d0275766135f9ba0
+        SHA256: 709e3c46eff74215c009624ce48e3d6d65a6e5237d38781232e9cb1844748fcf
+    SHA1: 4c18754dca481f107f0923fb8ef5e149d128525d
+    SHA256: 32cccc4f249499061c0afa18f534c825d01034a1f6815f5506bf4c4ff55d1351
+    Sections:
+        .text:
+            Entropy: 5.72820930665092
+            Virtual Size: '0x1466'
+        .rdata:
+            Entropy: 4.71043452997573
+            Virtual Size: '0x1440'
+        .data:
+            Entropy: 1.9612699371321567
+            Virtual Size: '0x72c'
+        .pdata:
+            Entropy: 4.38228852061058
+            Virtual Size: '0x570'
+        PAGE:
+            Entropy: 6.039766687351532
+            Virtual Size: '0x2e8a'
+        INIT:
+            Entropy: 5.4515972556240095
+            Virtual Size: '0x6da'
+        .rsrc:
+            Entropy: 3.595344946345435
+            Virtual Size: '0x460'
+        .reloc:
+            Entropy: 5.058075646330186
+            Virtual Size: '0x188'
+    Signature:
+    - Voicemod Sociedad Limitada
+    - DigiCert Global G3 Code Signing ECC SHA384 2021 CA1
+    - DigiCert Global Root G3
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=DigiCert, Inc., CN=DigiCert Global G3 Code Signing ECC
+                SHA384 2021 CA1
+            ValidFrom: '2021-04-29 00:00:00'
+            ValidTo: '2036-04-28 23:59:59'
+            Signature: 3065023078bd4995657101d0465768650e68a9dc3608c1eefdd48edb40653f0dff93afc2ae6386a37ecbb4915a78ec070367077c023100e79f1ff1075bac34c638bcb5a550cee6ea387e3e7990e4a45bab020de807fc56a65a8addb350b2ddf2fa66749ed01663
+            SignatureAlgorithmOID: 1.2.840.10045.4.3.3
+            IsCertificateAuthority: true
+            SerialNumber: 0fb8a740b9158d035143bc59d9f04029
+            Version: 3
+            TBS:
+                MD5: b4a3c39dbd2935ac070032406fa082e4
+                SHA1: 891bf1b0a017f5aadbc0d997fe63eb0ec25a1655
+                SHA256: 81d8278fe4857a2dfa510a0af74deeb0623ef79e25fcf171644808a3ec652305
+                SHA384: 17653c0976e1370da584b5eaf4a6deb1d3b7cad97c2f12592e7b96c5302b88bde20b30fa5963ef0ac9f2063083b48e9e
+        -   Subject: ??=Private Organization, ??=ES, ??=Valencia, serialNumber=B98657844,
+                C=ES, L=Valencia, O=Voicemod Sociedad Limitada, CN=Voicemod Sociedad
+                Limitada
+            ValidFrom: '2021-10-21 00:00:00'
+            ValidTo: '2023-01-19 23:59:59'
+            Signature: 3066023100fd8a9d376bf4399c7cb947c5fbb2e90bb3fdbcb37cab257ef47db016f1898e2d129241a757f039f8e7112b05a48632a60231009b75d4e2623fb9f54ce9ffc6ba7a661a5d2d54b096ddf6c510b2f6063981c15846e282779e9febffa39e5c9fad429646
+            SignatureAlgorithmOID: 1.2.840.10045.4.3.3
+            IsCertificateAuthority: false
+            SerialNumber: 014d8930c6a3fceb0f4021734d5ed508
+            Version: 3
+            TBS:
+                MD5: 59e2799dd07c9a450f06c376eb220a48
+                SHA1: 8588e052171ee54d148087ef5e2b8cf81017d199
+                SHA256: 3a0fbfc101d7832c403769e3f28cdfcea533abdd1461c09b134594a1d21aabe8
+                SHA384: 6df23072f503ec2ff425603e606c706a149144483579648653c5e1f40c64243b77cc021873ed46c5ac9597ba452f11fc
+        Signer:
+        -   SerialNumber: 014d8930c6a3fceb0f4021734d5ed508
+            Issuer: C=US, O=DigiCert, Inc., CN=DigiCert Global G3 Code Signing ECC
+                SHA384 2021 CA1
+            Version: 1
+    Imphash: 7c24141cdcfc23f5eb0e2b6792d80740
+    LoadsDespiteHVCI: 'TRUE'
diff --git a/yaml/fe2f68e1-e459-4802-9a9a-23bb3c2fd331.yaml b/yaml/fe2f68e1-e459-4802-9a9a-23bb3c2fd331.yaml
index 486b0172f..51d7c7c67 100644
--- a/yaml/fe2f68e1-e459-4802-9a9a-23bb3c2fd331.yaml
+++ b/yaml/fe2f68e1-e459-4802-9a9a-23bb3c2fd331.yaml
@@ -1,1753 +1,1753 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: fe2f68e1-e459-4802-9a9a-23bb3c2fd331
+Tags:
+- kEvP64.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create kEvP64.sys binPath=C:\windows\temp\kEvP64.sys type=kernel
-    && sc.exe start kEvP64.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/1aaa9aef39cb3c0a854ecb4ca7d3b213458f302025e0ec5bfbdef973cca9111c.yara
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: fe2f68e1-e459-4802-9a9a-23bb3c2fd331
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: dd340bd4626e61ca6b85d8be496cf474
-    SHA1: 2890346c9be7683fe8c111c0a9ccef8f8734f05c
-    SHA256: 7a1dfe962c0c714c35827f7cf19bbca693bb1e769037b06b5f86d7f33b723f72
-  Company: PowerTool
-  Copyright: PowerTool
-  CreationTimestamp: '2015-08-11 22:47:01'
-  Date: ''
-  Description: PowerTool
-  ExportedFunctions: ''
-  FileVersion: '1.0.1.0 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - IoThreadToProcess
-  - ExAllocatePoolWithTag
-  - ProbeForRead
-  - KeClearEvent
-  - PsProcessType
-  - IoReuseIrp
-  - ObRegisterCallbacks
-  - IoBuildDeviceIoControlRequest
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - RtlAnsiStringToUnicodeString
-  - ObUnRegisterCallbacks
-  - PsGetProcessImageFileName
-  - PsRemoveCreateThreadNotifyRoutine
-  - PsLookupProcessByProcessId
-  - ZwQuerySymbolicLinkObject
-  - _wcsnicmp
-  - SeCreateAccessState
-  - KeInitializeApc
-  - IoGetRelatedDeviceObject
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeSetEvent
-  - ExGetPreviousMode
-  - ProbeForWrite
-  - IoGetFileObjectGenericMapping
-  - swprintf
-  - ObCreateObject
-  - ObGetFilterVersion
-  - MmGetSystemRoutineAddress
-  - IoCreateFile
-  - KeInitializeEvent
-  - RtlInitAnsiString
-  - RtlUnicodeStringToAnsiString
-  - RtlGetVersion
-  - ZwQuerySystemInformation
-  - ExReleaseRundownProtection
-  - PsSetCreateProcessNotifyRoutine
-  - RtlEqualUnicodeString
-  - MmBuildMdlForNonPagedPool
-  - ZwOpenSymbolicLinkObject
-  - IoFreeMdl
-  - KeUnstackDetachProcess
-  - ExInitializeRundownProtection
-  - ZwOpenDirectoryObject
-  - IoVolumeDeviceToDosName
-  - KeDelayExecutionThread
-  - RtlFreeUnicodeString
-  - ExAcquireRundownProtection
-  - ObQueryNameString
-  - IoFileObjectType
-  - IoDriverObjectType
-  - ZwCreateFile
-  - wcsstr
-  - MmMapLockedPagesSpecifyCache
-  - IoGetDeviceObjectPointer
-  - IoStopTimer
-  - ExAllocatePool
-  - IoUnregisterShutdownNotification
-  - IoGetCurrentProcess
-  - NtClose
-  - ZwClose
-  - IofCompleteRequest
-  - ObReferenceObjectByHandle
-  - KeWaitForSingleObject
-  - ZwQueryDirectoryObject
-  - PsRemoveLoadImageNotifyRoutine
-  - IoFreeIrp
-  - MmProbeAndLockPages
-  - PsThreadType
-  - RtlCompareUnicodeString
-  - IoAllocateIrp
-  - ObSetHandleAttributes
-  - MmUnlockPages
-  - ZwQueryInformationProcess
-  - IoCreateSymbolicLink
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - ObReferenceObjectByName
-  - IoCreateDevice
-  - RtlAssert
-  - KeCancelTimer
-  - CmUnRegisterCallback
-  - ObOpenObjectByPointer
-  - DbgPrint
-  - KeStackAttachProcess
-  - IoAllocateMdl
-  - IofCallDriver
-  - KeBugCheckEx
-  - sprintf
-  - PsGetProcessPeb
-  - ExWaitForRundownProtectionRelease
-  - _wcsicmp
-  - _stricmp
-  - ExEnumHandleTable
-  - __C_specific_handler
-  - KeStallExecutionProcessor
-  - FltUnregisterFilter
-  - FltEnumerateFilters
-  - FltObjectDereference
-  - FltRegisterFilter
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  - FLTMGR.SYS
-  InternalName: kEvP64.sys
-  MD5: 3ae11bde32cdbd8637124ada866a5a7e
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: kEvP64.sys
-  PDBPath: ''
-  Product: PowerTool
-  ProductVersion: 1.0.1.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 4d1db9cac7ab13390ea7d7ec35eddf7b
-    SHA1: 228e64d99fe82f4916f10dce9b4fd301b71e5116
-    SHA256: c5cb014591ad8b30275f0b0f5d846669fef5bead29f1c85e984ef149b3cbe166
-  SHA1: 4a2e034d2702aba6bca5d9405ba533ed1274ff0c
-  SHA256: 7462b7ae48ae9469474222d4df2f0c4f72cdef7f3a69a524d4fccc5ed0fd343f
-  Sections:
-    .text:
-      Entropy: 5.613109580628023
-      Virtual Size: '0x1b21d'
-    .rdata:
-      Entropy: 5.0642907178262595
-      Virtual Size: '0x39dc'
-    .data:
-      Entropy: 4.884576013154239
-      Virtual Size: '0x6c80'
-    .pdata:
-      Entropy: 4.990690495588537
-      Virtual Size: '0x9cc'
-    PAGE:
-      Entropy: 5.5994638376395525
-      Virtual Size: '0xccd'
-    INIT:
-      Entropy: 5.548198899919406
-      Virtual Size: '0xf20'
-    .rsrc:
-      Entropy: 3.234842024525819
-      Virtual Size: '0x318'
-    .reloc:
-      Entropy: 1.3741854163060885
-      Virtual Size: '0x18'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=CN, ST=Beijing, L=Beijing, O=, OU=RD, CN=
-      ValidFrom: '2015-07-27 00:00:00'
-      ValidTo: '2016-08-25 23:59:59'
-      Signature: cb382c80e762f190213e6d4d24123b8e2851f2775f1df964e29655c927f1395c81bd01aa4106ceba3895b1db2744a41d4b0bc9b4305f7f5826764c038808d14dd7d3429ffbf6cbac8462d86c176c36ca145a8b9298eed05a55f84731eff3f5e98f6d4d0d7bda39e2a1e8854362dff3bd1b9be33f4f34f97e1e74354f5afd2689260230c61481f8cc6bbba9659f47dd114e9991e9c0d9cb91453001dd604edd328454ecb389c37ebbfb4ed2477a9abbca65723363ffd0814ddff8248ff33129df16bcd5a47c4140d1ff4d245c2b3f2cbf39ca68fcba6377cfb455d3a564ebe8af38855b4482176763e1d9a63777a1112972edf7f0b7ebaecde68653b23acd229d
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 195c5f9885214bfb4f88dd2ad1f0be8c
-      Version: 3
-      TBS:
-        MD5: 29354273ffa68d860d2e9deb5fe3d602
-        SHA1: fa3d720490408dcaad3762167515dd5023710e1a
-        SHA256: f2be523e7f4c60d579119a390a4bfc10c4400b4e5104bc1187dd67cdde7491e0
-        SHA384: c5706cd33379ce04bf38d2ad2016b09a5a53da722a8998b6387c8bd5fcda06bad32415c7b1ab1a09a1f1b76a85fbb03b
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 195c5f9885214bfb4f88dd2ad1f0be8c
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 021fd02a8adad420116496b6f2759960
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: f921aff2b09e5b82787b7f84c0d57e2d
-    SHA1: 1f046fae17d77909883f4dcfd13459e1db2768eb
-    SHA256: be690e8bbc4b0ba4b37c1a331294655dff0c73be530428a447e318c06ec06d57
-  Company: PowerTool
-  Copyright: PowerTool
-  CreationTimestamp: '2015-12-08 19:11:57'
-  Date: ''
-  Description: PowerTool
-  ExportedFunctions: ''
-  FileVersion: '1.0.1.0 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - IoThreadToProcess
-  - ExAllocatePoolWithTag
-  - ProbeForRead
-  - KeClearEvent
-  - PsProcessType
-  - IoReuseIrp
-  - ObRegisterCallbacks
-  - IoBuildDeviceIoControlRequest
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - RtlAnsiStringToUnicodeString
-  - ObUnRegisterCallbacks
-  - PsGetProcessImageFileName
-  - PsRemoveCreateThreadNotifyRoutine
-  - PsLookupProcessByProcessId
-  - ZwQuerySymbolicLinkObject
-  - _wcsnicmp
-  - SeCreateAccessState
-  - KeInitializeApc
-  - IoGetRelatedDeviceObject
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeSetEvent
-  - ExGetPreviousMode
-  - ProbeForWrite
-  - IoGetFileObjectGenericMapping
-  - swprintf
-  - ObCreateObject
-  - ObGetFilterVersion
-  - MmGetSystemRoutineAddress
-  - IoCreateFile
-  - KeInitializeEvent
-  - RtlInitAnsiString
-  - RtlUnicodeStringToAnsiString
-  - RtlGetVersion
-  - ZwQuerySystemInformation
-  - ExReleaseRundownProtection
-  - PsSetCreateProcessNotifyRoutine
-  - RtlEqualUnicodeString
-  - MmBuildMdlForNonPagedPool
-  - ZwOpenSymbolicLinkObject
-  - IoFreeMdl
-  - KeUnstackDetachProcess
-  - ExInitializeRundownProtection
-  - ZwOpenDirectoryObject
-  - IoVolumeDeviceToDosName
-  - KeDelayExecutionThread
-  - RtlFreeUnicodeString
-  - ExEnumHandleTable
-  - ExAcquireRundownProtection
-  - IoFileObjectType
-  - IoDriverObjectType
-  - ZwCreateFile
-  - wcsstr
-  - MmMapLockedPagesSpecifyCache
-  - IoGetDeviceObjectPointer
-  - IoStopTimer
-  - ExAllocatePool
-  - IoUnregisterShutdownNotification
-  - IoGetCurrentProcess
-  - NtClose
-  - ZwClose
-  - IofCompleteRequest
-  - ObReferenceObjectByHandle
-  - KeWaitForSingleObject
-  - ZwQueryDirectoryObject
-  - PsRemoveLoadImageNotifyRoutine
-  - IoFreeIrp
-  - MmProbeAndLockPages
-  - PsThreadType
-  - RtlCompareUnicodeString
-  - IoAllocateIrp
-  - ObSetHandleAttributes
-  - MmUnlockPages
-  - ZwQueryInformationProcess
-  - IoCreateSymbolicLink
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - ObReferenceObjectByName
-  - IoCreateDevice
-  - ZwTerminateProcess
-  - RtlAssert
-  - KeCancelTimer
-  - CmUnRegisterCallback
-  - ObOpenObjectByPointer
-  - DbgPrint
-  - KeStackAttachProcess
-  - PsGetProcessWow64Process
-  - IoAllocateMdl
-  - IofCallDriver
-  - KeBugCheckEx
-  - sprintf
-  - PsGetProcessPeb
-  - ExWaitForRundownProtectionRelease
-  - _wcsicmp
-  - _stricmp
-  - ObQueryNameString
-  - __C_specific_handler
-  - KeStallExecutionProcessor
-  - FltUnregisterFilter
-  - FltEnumerateFilters
-  - FltObjectDereference
-  - FltRegisterFilter
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  - FLTMGR.SYS
-  InternalName: kEvP64.sys
-  MD5: 1c9001dcd34b4db414f0c54242fedf49
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: kEvP64.sys
-  PDBPath: ''
-  Product: PowerTool
-  ProductVersion: 1.0.1.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: fcdc85906fc0d379ce5bd1f99cd4ec0e
-    SHA1: 862a2c25721e0e4bd332fd64324d347d1bcdc617
-    SHA256: 3b55a7c6f619060d5a89038de0943b3fe83d4653e92b8062581f97ba14bf51ea
-  SHA1: 56af49e030eb85528e82849d7d1b6147f3c4973e
-  SHA256: 2a4f4400402cdc475d39389645ca825bb0e775c3ecb7c527e30c5be44e24af7d
-  Sections:
-    .text:
-      Entropy: 5.6112015272148374
-      Virtual Size: '0x1b49d'
-    .rdata:
-      Entropy: 5.07533286836199
-      Virtual Size: '0x3a28'
-    .data:
-      Entropy: 4.884576013154239
-      Virtual Size: '0x6c80'
-    .pdata:
-      Entropy: 4.9553740981969785
-      Virtual Size: '0x9e4'
-    PAGE:
-      Entropy: 5.596201545135429
-      Virtual Size: '0xd9d'
-    INIT:
-      Entropy: 5.553006501210225
-      Virtual Size: '0xf62'
-    .rsrc:
-      Entropy: 3.234842024525819
-      Virtual Size: '0x318'
-    .reloc:
-      Entropy: 1.3741854163060885
-      Virtual Size: '0x18'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=CN, ST=Beijing, L=Beijing, O=, OU=RD, CN=
-      ValidFrom: '2015-07-27 00:00:00'
-      ValidTo: '2016-08-25 23:59:59'
-      Signature: cb382c80e762f190213e6d4d24123b8e2851f2775f1df964e29655c927f1395c81bd01aa4106ceba3895b1db2744a41d4b0bc9b4305f7f5826764c038808d14dd7d3429ffbf6cbac8462d86c176c36ca145a8b9298eed05a55f84731eff3f5e98f6d4d0d7bda39e2a1e8854362dff3bd1b9be33f4f34f97e1e74354f5afd2689260230c61481f8cc6bbba9659f47dd114e9991e9c0d9cb91453001dd604edd328454ecb389c37ebbfb4ed2477a9abbca65723363ffd0814ddff8248ff33129df16bcd5a47c4140d1ff4d245c2b3f2cbf39ca68fcba6377cfb455d3a564ebe8af38855b4482176763e1d9a63777a1112972edf7f0b7ebaecde68653b23acd229d
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 195c5f9885214bfb4f88dd2ad1f0be8c
-      Version: 3
-      TBS:
-        MD5: 29354273ffa68d860d2e9deb5fe3d602
-        SHA1: fa3d720490408dcaad3762167515dd5023710e1a
-        SHA256: f2be523e7f4c60d579119a390a4bfc10c4400b4e5104bc1187dd67cdde7491e0
-        SHA384: c5706cd33379ce04bf38d2ad2016b09a5a53da722a8998b6387c8bd5fcda06bad32415c7b1ab1a09a1f1b76a85fbb03b
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 195c5f9885214bfb4f88dd2ad1f0be8c
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: f5030145594c486434040aa2636a5dde
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: bd0b58bcd07ce5e3de35a47317c751e0
-    SHA1: 5c9e742280da8bd96a5ff6cbfb70641f8d29e179
-    SHA256: 340ab79ca0f9f2c2448e936621ffe937fb200270c2f7f5197b4a669dcdd69c7b
-  Company: PowerTool
-  Copyright: PowerTool
-  CreationTimestamp: '2015-12-21 00:56:08'
-  Date: ''
-  Description: PowerTool
-  ExportedFunctions: ''
-  FileVersion: '1.0.1.0 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - IoThreadToProcess
-  - ExAllocatePoolWithTag
-  - ProbeForRead
-  - KeClearEvent
-  - PsProcessType
-  - IoReuseIrp
-  - ObRegisterCallbacks
-  - IoBuildDeviceIoControlRequest
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - RtlAnsiStringToUnicodeString
-  - ObUnRegisterCallbacks
-  - PsGetProcessImageFileName
-  - PsRemoveCreateThreadNotifyRoutine
-  - PsLookupProcessByProcessId
-  - ZwQuerySymbolicLinkObject
-  - _wcsnicmp
-  - SeCreateAccessState
-  - KeInitializeApc
-  - IoGetRelatedDeviceObject
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeSetEvent
-  - ExGetPreviousMode
-  - ProbeForWrite
-  - IoGetFileObjectGenericMapping
-  - swprintf
-  - ObCreateObject
-  - ObGetFilterVersion
-  - MmGetSystemRoutineAddress
-  - IoCreateFile
-  - KeInitializeEvent
-  - RtlInitAnsiString
-  - RtlUnicodeStringToAnsiString
-  - RtlGetVersion
-  - ZwQuerySystemInformation
-  - ExReleaseRundownProtection
-  - PsSetCreateProcessNotifyRoutine
-  - RtlEqualUnicodeString
-  - MmBuildMdlForNonPagedPool
-  - ZwOpenSymbolicLinkObject
-  - IoFreeMdl
-  - KeUnstackDetachProcess
-  - ExInitializeRundownProtection
-  - ZwOpenDirectoryObject
-  - IoVolumeDeviceToDosName
-  - KeDelayExecutionThread
-  - RtlFreeUnicodeString
-  - ExEnumHandleTable
-  - ExAcquireRundownProtection
-  - IoFileObjectType
-  - IoDriverObjectType
-  - ZwCreateFile
-  - wcsstr
-  - MmMapLockedPagesSpecifyCache
-  - IoGetDeviceObjectPointer
-  - IoStopTimer
-  - ExAllocatePool
-  - IoUnregisterShutdownNotification
-  - IoGetCurrentProcess
-  - NtClose
-  - ZwClose
-  - IofCompleteRequest
-  - ObReferenceObjectByHandle
-  - KeWaitForSingleObject
-  - ZwQueryDirectoryObject
-  - PsRemoveLoadImageNotifyRoutine
-  - IoFreeIrp
-  - MmProbeAndLockPages
-  - PsThreadType
-  - RtlCompareUnicodeString
-  - IoAllocateIrp
-  - ObSetHandleAttributes
-  - MmUnlockPages
-  - ZwQueryInformationProcess
-  - IoCreateSymbolicLink
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - ObReferenceObjectByName
-  - IoCreateDevice
-  - ZwTerminateProcess
-  - RtlAssert
-  - KeCancelTimer
-  - CmUnRegisterCallback
-  - ObOpenObjectByPointer
-  - DbgPrint
-  - KeStackAttachProcess
-  - PsGetProcessWow64Process
-  - IoAllocateMdl
-  - IofCallDriver
-  - KeBugCheckEx
-  - sprintf
-  - PsGetProcessPeb
-  - ExWaitForRundownProtectionRelease
-  - _wcsicmp
-  - _stricmp
-  - ObQueryNameString
-  - __C_specific_handler
-  - KeStallExecutionProcessor
-  - FltUnregisterFilter
-  - FltEnumerateFilters
-  - FltObjectDereference
-  - FltRegisterFilter
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  - FLTMGR.SYS
-  InternalName: kEvP64.sys
-  MD5: 23b807c09b9b6ea85ed5c508aab200b7
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: kEvP64.sys
-  PDBPath: ''
-  Product: PowerTool
-  ProductVersion: 1.0.1.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: fcdc85906fc0d379ce5bd1f99cd4ec0e
-    SHA1: 862a2c25721e0e4bd332fd64324d347d1bcdc617
-    SHA256: 3b55a7c6f619060d5a89038de0943b3fe83d4653e92b8062581f97ba14bf51ea
-  SHA1: e5114fd50904c7fb75d8c86367b9a2dd4f79dfb1
-  SHA256: 97363f377aaf3c01641ac04a15714acbec978afb1219ac8f22c7e5df7f2b2d56
-  Sections:
-    .text:
-      Entropy: 5.613631106472611
-      Virtual Size: '0x1b1ad'
-    .rdata:
-      Entropy: 5.0751353959883
-      Virtual Size: '0x3a28'
-    .data:
-      Entropy: 4.884576013154239
-      Virtual Size: '0x6c80'
-    .pdata:
-      Entropy: 5.001144635940318
-      Virtual Size: '0x9cc'
-    PAGE:
-      Entropy: 5.56864239699956
-      Virtual Size: '0xd0d'
-    INIT:
-      Entropy: 5.551018134028347
-      Virtual Size: '0xf62'
-    .rsrc:
-      Entropy: 3.234842024525819
-      Virtual Size: '0x318'
-    .reloc:
-      Entropy: 1.3741854163060885
-      Virtual Size: '0x18'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=CN, ST=Beijing, L=Beijing, O=, OU=RD, CN=
-      ValidFrom: '2015-07-27 00:00:00'
-      ValidTo: '2016-08-25 23:59:59'
-      Signature: cb382c80e762f190213e6d4d24123b8e2851f2775f1df964e29655c927f1395c81bd01aa4106ceba3895b1db2744a41d4b0bc9b4305f7f5826764c038808d14dd7d3429ffbf6cbac8462d86c176c36ca145a8b9298eed05a55f84731eff3f5e98f6d4d0d7bda39e2a1e8854362dff3bd1b9be33f4f34f97e1e74354f5afd2689260230c61481f8cc6bbba9659f47dd114e9991e9c0d9cb91453001dd604edd328454ecb389c37ebbfb4ed2477a9abbca65723363ffd0814ddff8248ff33129df16bcd5a47c4140d1ff4d245c2b3f2cbf39ca68fcba6377cfb455d3a564ebe8af38855b4482176763e1d9a63777a1112972edf7f0b7ebaecde68653b23acd229d
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 195c5f9885214bfb4f88dd2ad1f0be8c
-      Version: 3
-      TBS:
-        MD5: 29354273ffa68d860d2e9deb5fe3d602
-        SHA1: fa3d720490408dcaad3762167515dd5023710e1a
-        SHA256: f2be523e7f4c60d579119a390a4bfc10c4400b4e5104bc1187dd67cdde7491e0
-        SHA384: c5706cd33379ce04bf38d2ad2016b09a5a53da722a8998b6387c8bd5fcda06bad32415c7b1ab1a09a1f1b76a85fbb03b
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 195c5f9885214bfb4f88dd2ad1f0be8c
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: f5030145594c486434040aa2636a5dde
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 1b48e3ebf24bc8c648e7eca9219d1484
-    SHA1: ae06eb14cd837b37a02c066e7892802900b4ecc4
-    SHA256: ecd1412340d618be39c4ac26d442ed66c0fd1ff6a7641cda404e970fb6c48bad
-  Company: PowerTool
-  Copyright: PowerTool
-  CreationTimestamp: '2015-12-08 19:11:57'
-  Date: ''
-  Description: PowerTool
-  ExportedFunctions: ''
-  FileVersion: '1.0.1.0 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - IoThreadToProcess
-  - ExAllocatePoolWithTag
-  - ProbeForRead
-  - KeClearEvent
-  - PsProcessType
-  - IoReuseIrp
-  - ObRegisterCallbacks
-  - IoBuildDeviceIoControlRequest
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - RtlAnsiStringToUnicodeString
-  - ObUnRegisterCallbacks
-  - PsGetProcessImageFileName
-  - PsRemoveCreateThreadNotifyRoutine
-  - PsLookupProcessByProcessId
-  - ZwQuerySymbolicLinkObject
-  - _wcsnicmp
-  - SeCreateAccessState
-  - KeInitializeApc
-  - IoGetRelatedDeviceObject
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeSetEvent
-  - ExGetPreviousMode
-  - ProbeForWrite
-  - IoGetFileObjectGenericMapping
-  - swprintf
-  - ObCreateObject
-  - ObGetFilterVersion
-  - MmGetSystemRoutineAddress
-  - IoCreateFile
-  - KeInitializeEvent
-  - RtlInitAnsiString
-  - RtlUnicodeStringToAnsiString
-  - RtlGetVersion
-  - ZwQuerySystemInformation
-  - ExReleaseRundownProtection
-  - PsSetCreateProcessNotifyRoutine
-  - RtlEqualUnicodeString
-  - MmBuildMdlForNonPagedPool
-  - ZwOpenSymbolicLinkObject
-  - IoFreeMdl
-  - KeUnstackDetachProcess
-  - ExInitializeRundownProtection
-  - ZwOpenDirectoryObject
-  - IoVolumeDeviceToDosName
-  - KeDelayExecutionThread
-  - RtlFreeUnicodeString
-  - ExEnumHandleTable
-  - ExAcquireRundownProtection
-  - IoFileObjectType
-  - IoDriverObjectType
-  - ZwCreateFile
-  - wcsstr
-  - MmMapLockedPagesSpecifyCache
-  - IoGetDeviceObjectPointer
-  - IoStopTimer
-  - ExAllocatePool
-  - IoUnregisterShutdownNotification
-  - IoGetCurrentProcess
-  - NtClose
-  - ZwClose
-  - IofCompleteRequest
-  - ObReferenceObjectByHandle
-  - KeWaitForSingleObject
-  - ZwQueryDirectoryObject
-  - PsRemoveLoadImageNotifyRoutine
-  - IoFreeIrp
-  - MmProbeAndLockPages
-  - PsThreadType
-  - RtlCompareUnicodeString
-  - IoAllocateIrp
-  - ObSetHandleAttributes
-  - MmUnlockPages
-  - ZwQueryInformationProcess
-  - IoCreateSymbolicLink
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - ObReferenceObjectByName
-  - IoCreateDevice
-  - ZwTerminateProcess
-  - RtlAssert
-  - KeCancelTimer
-  - CmUnRegisterCallback
-  - ObOpenObjectByPointer
-  - DbgPrint
-  - KeStackAttachProcess
-  - PsGetProcessWow64Process
-  - IoAllocateMdl
-  - IofCallDriver
-  - KeBugCheckEx
-  - sprintf
-  - PsGetProcessPeb
-  - ExWaitForRundownProtectionRelease
-  - _wcsicmp
-  - _stricmp
-  - ObQueryNameString
-  - __C_specific_handler
-  - KeStallExecutionProcessor
-  - FltUnregisterFilter
-  - FltEnumerateFilters
-  - FltObjectDereference
-  - FltRegisterFilter
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  - FLTMGR.SYS
-  InternalName: kEvP64.sys
-  MD5: 2c1045bb133b7c9f5115e7f2b20c267a
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: kEvP64.sys
-  PDBPath: ''
-  Product: PowerTool
-  ProductVersion: 1.0.1.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: fcdc85906fc0d379ce5bd1f99cd4ec0e
-    SHA1: 862a2c25721e0e4bd332fd64324d347d1bcdc617
-    SHA256: 3b55a7c6f619060d5a89038de0943b3fe83d4653e92b8062581f97ba14bf51ea
-  SHA1: a380aeb3ffaecc53ca48bb1d4d622c46f1de7962
-  SHA256: e61004335dfe7349f2b2252baa1e111fb47c0f2d6c78a060502b6fcc92f801e4
-  Sections:
-    .text:
-      Entropy: 5.6112015272148374
-      Virtual Size: '0x1b49d'
-    .rdata:
-      Entropy: 5.075219300211116
-      Virtual Size: '0x3a28'
-    .data:
-      Entropy: 4.884576013154239
-      Virtual Size: '0x6c80'
-    .pdata:
-      Entropy: 4.9553740981969785
-      Virtual Size: '0x9e4'
-    PAGE:
-      Entropy: 5.596201545135429
-      Virtual Size: '0xd9d'
-    INIT:
-      Entropy: 5.553006501210225
-      Virtual Size: '0xf62'
-    .rsrc:
-      Entropy: 3.234842024525819
-      Virtual Size: '0x318'
-    .reloc:
-      Entropy: 1.3741854163060885
-      Virtual Size: '0x18'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=CN, ST=Beijing, L=Beijing, O=, OU=RD, CN=
-      ValidFrom: '2015-07-27 00:00:00'
-      ValidTo: '2016-08-25 23:59:59'
-      Signature: cb382c80e762f190213e6d4d24123b8e2851f2775f1df964e29655c927f1395c81bd01aa4106ceba3895b1db2744a41d4b0bc9b4305f7f5826764c038808d14dd7d3429ffbf6cbac8462d86c176c36ca145a8b9298eed05a55f84731eff3f5e98f6d4d0d7bda39e2a1e8854362dff3bd1b9be33f4f34f97e1e74354f5afd2689260230c61481f8cc6bbba9659f47dd114e9991e9c0d9cb91453001dd604edd328454ecb389c37ebbfb4ed2477a9abbca65723363ffd0814ddff8248ff33129df16bcd5a47c4140d1ff4d245c2b3f2cbf39ca68fcba6377cfb455d3a564ebe8af38855b4482176763e1d9a63777a1112972edf7f0b7ebaecde68653b23acd229d
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 195c5f9885214bfb4f88dd2ad1f0be8c
-      Version: 3
-      TBS:
-        MD5: 29354273ffa68d860d2e9deb5fe3d602
-        SHA1: fa3d720490408dcaad3762167515dd5023710e1a
-        SHA256: f2be523e7f4c60d579119a390a4bfc10c4400b4e5104bc1187dd67cdde7491e0
-        SHA384: c5706cd33379ce04bf38d2ad2016b09a5a53da722a8998b6387c8bd5fcda06bad32415c7b1ab1a09a1f1b76a85fbb03b
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 195c5f9885214bfb4f88dd2ad1f0be8c
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: f5030145594c486434040aa2636a5dde
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 89184d56336f62fecc67f644b1ec4219
-    SHA1: cd773a4b5aef78bda651069b9304e4d5e2033cb9
-    SHA256: c7ba2720675aada538c47fa9e8950a81b6df23f63fa181680e6232651abffbef
-  Company: PowerTool
-  Copyright: PowerTool
-  CreationTimestamp: '2016-02-01 22:35:30'
-  Date: ''
-  Description: PowerTool
-  ExportedFunctions: ''
-  FileVersion: '1.0.1.0 built by: WinDDK'
-  Filename: kEvP64.sys
-  ImportedFunctions:
-  - ProbeForRead
-  - KeClearEvent
-  - PsProcessType
-  - IoReuseIrp
-  - ObRegisterCallbacks
-  - IoBuildDeviceIoControlRequest
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - RtlAnsiStringToUnicodeString
-  - ObUnRegisterCallbacks
-  - PsGetProcessImageFileName
-  - PsRemoveCreateThreadNotifyRoutine
-  - PsLookupProcessByProcessId
-  - ZwQuerySymbolicLinkObject
-  - _wcsnicmp
-  - SeCreateAccessState
-  - KeInitializeApc
-  - IoGetRelatedDeviceObject
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeSetEvent
-  - ExGetPreviousMode
-  - ProbeForWrite
-  - IoGetFileObjectGenericMapping
-  - swprintf
-  - ObCreateObject
-  - ObGetFilterVersion
-  - MmGetSystemRoutineAddress
-  - IoCreateFile
-  - KeInitializeEvent
-  - RtlInitAnsiString
-  - RtlUnicodeStringToAnsiString
-  - RtlGetVersion
-  - ZwQuerySystemInformation
-  - ExReleaseRundownProtection
-  - PsSetCreateProcessNotifyRoutine
-  - MmUnmapIoSpace
-  - RtlEqualUnicodeString
-  - MmBuildMdlForNonPagedPool
-  - ZwOpenSymbolicLinkObject
-  - IoFreeMdl
-  - KeUnstackDetachProcess
-  - ExInitializeRundownProtection
-  - ZwOpenDirectoryObject
-  - IoVolumeDeviceToDosName
-  - KeDelayExecutionThread
-  - RtlFreeUnicodeString
-  - ExEnumHandleTable
-  - ObQueryNameString
-  - ExAllocatePoolWithTag
-  - IoDriverObjectType
-  - ZwCreateFile
-  - wcsstr
-  - MmMapLockedPagesSpecifyCache
-  - IoGetDeviceObjectPointer
-  - IoStopTimer
-  - ExAllocatePool
-  - IoUnregisterShutdownNotification
-  - IoGetCurrentProcess
-  - MmMapIoSpace
-  - NtClose
-  - ZwClose
-  - IofCompleteRequest
-  - ObReferenceObjectByHandle
-  - KeWaitForSingleObject
-  - ZwQueryDirectoryObject
-  - PsRemoveLoadImageNotifyRoutine
-  - IoFreeIrp
-  - MmProbeAndLockPages
-  - PsThreadType
-  - RtlCompareUnicodeString
-  - IoAllocateIrp
-  - ObSetHandleAttributes
-  - MmUnlockPages
-  - ZwQueryInformationProcess
-  - IoCreateSymbolicLink
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - ObReferenceObjectByName
-  - IoCreateDevice
-  - ZwTerminateProcess
-  - RtlAssert
-  - KeCancelTimer
-  - CmUnRegisterCallback
-  - ObOpenObjectByPointer
-  - DbgPrint
-  - KeStackAttachProcess
-  - PsGetProcessWow64Process
-  - IoAllocateMdl
-  - IofCallDriver
-  - KeBugCheckEx
-  - IoThreadToProcess
-  - ExAcquireRundownProtection
-  - sprintf
-  - PsGetProcessPeb
-  - ExWaitForRundownProtectionRelease
-  - _wcsicmp
-  - _stricmp
-  - IoFileObjectType
-  - __C_specific_handler
-  - HalSetBusDataByOffset
-  - KeStallExecutionProcessor
-  - HalGetBusDataByOffset
-  - FltUnregisterFilter
-  - FltEnumerateFilters
-  - FltObjectDereference
-  - FltRegisterFilter
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  - FLTMGR.SYS
-  InternalName: kEvP64.sys
-  MD5: 20125794b807116617d43f02b616e092
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: kEvP64.sys
-  Product: PowerTool
-  ProductVersion: 1.0.1.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: ee24a08c66067b7389e848a1516b7f6b
-    SHA1: 7ce681e20a56a600cddb99f37cbac905c154b675
-    SHA256: 413bc2d3e455ffd744f2e89687f72effab31c743e326bcb766b79ede0f6b265b
-  SHA1: f3db629cfe37a73144d5258e64d9dd8b38084cf4
-  SHA256: 1aaa9aef39cb3c0a854ecb4ca7d3b213458f302025e0ec5bfbdef973cca9111c
-  Sections:
-    .text:
-      Entropy: 5.60537050107418
-      Virtual Size: '0x1becd'
-    .rdata:
-      Entropy: 5.076243162419521
-      Virtual Size: '0x3ab8'
-    .data:
-      Entropy: 4.884576013154239
-      Virtual Size: '0x6c80'
-    .pdata:
-      Entropy: 5.037067727325732
-      Virtual Size: '0xa8c'
-    PAGE:
-      Entropy: 5.570527027186361
-      Virtual Size: '0xd0d'
-    INIT:
-      Entropy: 5.541302560807435
-      Virtual Size: '0xfd4'
-    .rsrc:
-      Entropy: 3.234842024525819
-      Virtual Size: '0x318'
-    .reloc:
-      Entropy: 1.3741854163060885
-      Virtual Size: '0x18'
-  Signature:
-  - "\u5317\u4EAC\u534E\u6797\u4FDD\u8F6F\u4EF6\u6280\u672F\u6709\u9650\u516C\u53F8"
-  - VeriSign Class 3 Code Signing 2010 CA
-  - VeriSign
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=CN, ST=Beijing, L=Beijing, O=, OU=RD, CN=
-      ValidFrom: '2015-07-27 00:00:00'
-      ValidTo: '2016-08-25 23:59:59'
-      Signature: cb382c80e762f190213e6d4d24123b8e2851f2775f1df964e29655c927f1395c81bd01aa4106ceba3895b1db2744a41d4b0bc9b4305f7f5826764c038808d14dd7d3429ffbf6cbac8462d86c176c36ca145a8b9298eed05a55f84731eff3f5e98f6d4d0d7bda39e2a1e8854362dff3bd1b9be33f4f34f97e1e74354f5afd2689260230c61481f8cc6bbba9659f47dd114e9991e9c0d9cb91453001dd604edd328454ecb389c37ebbfb4ed2477a9abbca65723363ffd0814ddff8248ff33129df16bcd5a47c4140d1ff4d245c2b3f2cbf39ca68fcba6377cfb455d3a564ebe8af38855b4482176763e1d9a63777a1112972edf7f0b7ebaecde68653b23acd229d
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 195c5f9885214bfb4f88dd2ad1f0be8c
-      Version: 3
-      TBS:
-        MD5: 29354273ffa68d860d2e9deb5fe3d602
-        SHA1: fa3d720490408dcaad3762167515dd5023710e1a
-        SHA256: f2be523e7f4c60d579119a390a4bfc10c4400b4e5104bc1187dd67cdde7491e0
-        SHA384: c5706cd33379ce04bf38d2ad2016b09a5a53da722a8998b6387c8bd5fcda06bad32415c7b1ab1a09a1f1b76a85fbb03b
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 195c5f9885214bfb4f88dd2ad1f0be8c
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: a1603fe7f02448c6b33687ddb9304c7f
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: f9ec21687228b70cfe92917d228b5c89
-    SHA1: 693b84a12ac160d492f50b7dc261aa081224313d
-    SHA256: 15d44fa77f8d922b5cf03425116c394eefc20ae9a082d3d7f10e68b832be36e7
-  Company: PowerTool
-  Copyright: PowerTool
-  CreationTimestamp: '2015-12-06 22:16:36'
-  Date: ''
-  Description: PowerTool
-  ExportedFunctions: ''
-  FileVersion: '1.0.1.0 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - IoThreadToProcess
-  - ExAllocatePoolWithTag
-  - ProbeForRead
-  - KeClearEvent
-  - PsProcessType
-  - IoReuseIrp
-  - ObRegisterCallbacks
-  - IoBuildDeviceIoControlRequest
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - RtlAnsiStringToUnicodeString
-  - ObUnRegisterCallbacks
-  - PsGetProcessImageFileName
-  - PsRemoveCreateThreadNotifyRoutine
-  - PsLookupProcessByProcessId
-  - ZwQuerySymbolicLinkObject
-  - _wcsnicmp
-  - SeCreateAccessState
-  - KeInitializeApc
-  - IoGetRelatedDeviceObject
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeSetEvent
-  - ExGetPreviousMode
-  - ProbeForWrite
-  - IoGetFileObjectGenericMapping
-  - swprintf
-  - ObCreateObject
-  - ObGetFilterVersion
-  - MmGetSystemRoutineAddress
-  - IoCreateFile
-  - KeInitializeEvent
-  - RtlInitAnsiString
-  - RtlUnicodeStringToAnsiString
-  - RtlGetVersion
-  - ZwQuerySystemInformation
-  - ExReleaseRundownProtection
-  - PsSetCreateProcessNotifyRoutine
-  - RtlEqualUnicodeString
-  - MmBuildMdlForNonPagedPool
-  - ZwOpenSymbolicLinkObject
-  - IoFreeMdl
-  - KeUnstackDetachProcess
-  - ExInitializeRundownProtection
-  - ZwOpenDirectoryObject
-  - IoVolumeDeviceToDosName
-  - KeDelayExecutionThread
-  - RtlFreeUnicodeString
-  - ExAcquireRundownProtection
-  - ObQueryNameString
-  - IoFileObjectType
-  - IoDriverObjectType
-  - ZwCreateFile
-  - wcsstr
-  - MmMapLockedPagesSpecifyCache
-  - IoGetDeviceObjectPointer
-  - IoStopTimer
-  - ExAllocatePool
-  - IoUnregisterShutdownNotification
-  - IoGetCurrentProcess
-  - NtClose
-  - ZwClose
-  - IofCompleteRequest
-  - ObReferenceObjectByHandle
-  - KeWaitForSingleObject
-  - ZwQueryDirectoryObject
-  - PsRemoveLoadImageNotifyRoutine
-  - IoFreeIrp
-  - MmProbeAndLockPages
-  - PsThreadType
-  - RtlCompareUnicodeString
-  - IoAllocateIrp
-  - ObSetHandleAttributes
-  - MmUnlockPages
-  - ZwQueryInformationProcess
-  - IoCreateSymbolicLink
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - ObReferenceObjectByName
-  - IoCreateDevice
-  - RtlAssert
-  - KeCancelTimer
-  - CmUnRegisterCallback
-  - ObOpenObjectByPointer
-  - DbgPrint
-  - KeStackAttachProcess
-  - PsGetProcessWow64Process
-  - IoAllocateMdl
-  - IofCallDriver
-  - KeBugCheckEx
-  - sprintf
-  - PsGetProcessPeb
-  - ExWaitForRundownProtectionRelease
-  - _wcsicmp
-  - _stricmp
-  - ExEnumHandleTable
-  - __C_specific_handler
-  - KeStallExecutionProcessor
-  - FltUnregisterFilter
-  - FltEnumerateFilters
-  - FltObjectDereference
-  - FltRegisterFilter
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  - FLTMGR.SYS
-  InternalName: kEvP64.sys
-  MD5: 81b72492d45982cd7a4a138676329fd6
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: kEvP64.sys
-  PDBPath: ''
-  Product: PowerTool
-  ProductVersion: 1.0.1.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: 51445ed2912d766161533161cca45d1b
-    SHA1: eef41f3b8d8bd395a56293c837b2c19b7b97f201
-    SHA256: 38391ca80386fbe97bc4eef7f1a6e6889a6e6100e069f584b3689ce6ef69b8c0
-  SHA1: 569f4605c65c2a217b28aefeb8570f9ea663e4b7
-  SHA256: d9500af86bf129d06b47bcfbc4b23fcc724cfbd2af58b03cdb13b26f8f50d65e
-  Sections:
-    .text:
-      Entropy: 5.613096284701755
-      Virtual Size: '0x1b55d'
-    .rdata:
-      Entropy: 5.070306572234041
-      Virtual Size: '0x3a10'
-    .data:
-      Entropy: 4.884576013154239
-      Virtual Size: '0x6c80'
-    .pdata:
-      Entropy: 4.993139690112651
-      Virtual Size: '0x9d8'
-    PAGE:
-      Entropy: 5.594754873530551
-      Virtual Size: '0xccd'
-    INIT:
-      Entropy: 5.5569601558145045
-      Virtual Size: '0xf44'
-    .rsrc:
-      Entropy: 3.234842024525819
-      Virtual Size: '0x318'
-    .reloc:
-      Entropy: 1.3741854163060885
-      Virtual Size: '0x18'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=CN, ST=Beijing, L=Beijing, O=, OU=RD, CN=
-      ValidFrom: '2015-07-27 00:00:00'
-      ValidTo: '2016-08-25 23:59:59'
-      Signature: cb382c80e762f190213e6d4d24123b8e2851f2775f1df964e29655c927f1395c81bd01aa4106ceba3895b1db2744a41d4b0bc9b4305f7f5826764c038808d14dd7d3429ffbf6cbac8462d86c176c36ca145a8b9298eed05a55f84731eff3f5e98f6d4d0d7bda39e2a1e8854362dff3bd1b9be33f4f34f97e1e74354f5afd2689260230c61481f8cc6bbba9659f47dd114e9991e9c0d9cb91453001dd604edd328454ecb389c37ebbfb4ed2477a9abbca65723363ffd0814ddff8248ff33129df16bcd5a47c4140d1ff4d245c2b3f2cbf39ca68fcba6377cfb455d3a564ebe8af38855b4482176763e1d9a63777a1112972edf7f0b7ebaecde68653b23acd229d
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 195c5f9885214bfb4f88dd2ad1f0be8c
-      Version: 3
-      TBS:
-        MD5: 29354273ffa68d860d2e9deb5fe3d602
-        SHA1: fa3d720490408dcaad3762167515dd5023710e1a
-        SHA256: f2be523e7f4c60d579119a390a4bfc10c4400b4e5104bc1187dd67cdde7491e0
-        SHA384: c5706cd33379ce04bf38d2ad2016b09a5a53da722a8998b6387c8bd5fcda06bad32415c7b1ab1a09a1f1b76a85fbb03b
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 195c5f9885214bfb4f88dd2ad1f0be8c
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: 4fb27d2712ef4afdb67e0921d64a5f1e
-  LoadsDespiteHVCI: 'FALSE'
-- Authentihash:
-    MD5: 6450bc1b911cd59bdc4a3c8643b98d39
-    SHA1: 84b16f661e1899c09a2e3f3fe98b55c5f41e53bd
-    SHA256: 36238dc2e5236fca63e81a81855e46218f5bc52591bb4f74996a2aaeadc581a1
-  Company: PowerTool
-  Copyright: PowerTool
-  CreationTimestamp: '2015-12-08 19:11:57'
-  Date: ''
-  Description: PowerTool
-  ExportedFunctions: ''
-  FileVersion: '1.0.1.0 built by: WinDDK'
-  Filename: ''
-  ImportedFunctions:
-  - IoThreadToProcess
-  - ExAllocatePoolWithTag
-  - ProbeForRead
-  - KeClearEvent
-  - PsProcessType
-  - IoReuseIrp
-  - ObRegisterCallbacks
-  - IoBuildDeviceIoControlRequest
-  - IoDeleteSymbolicLink
-  - ExFreePoolWithTag
-  - RtlAnsiStringToUnicodeString
-  - ObUnRegisterCallbacks
-  - PsGetProcessImageFileName
-  - PsRemoveCreateThreadNotifyRoutine
-  - PsLookupProcessByProcessId
-  - ZwQuerySymbolicLinkObject
-  - _wcsnicmp
-  - SeCreateAccessState
-  - KeInitializeApc
-  - IoGetRelatedDeviceObject
-  - RtlInitUnicodeString
-  - IoDeleteDevice
-  - KeSetEvent
-  - ExGetPreviousMode
-  - ProbeForWrite
-  - IoGetFileObjectGenericMapping
-  - swprintf
-  - ObCreateObject
-  - ObGetFilterVersion
-  - MmGetSystemRoutineAddress
-  - IoCreateFile
-  - KeInitializeEvent
-  - RtlInitAnsiString
-  - RtlUnicodeStringToAnsiString
-  - RtlGetVersion
-  - ZwQuerySystemInformation
-  - ExReleaseRundownProtection
-  - PsSetCreateProcessNotifyRoutine
-  - RtlEqualUnicodeString
-  - MmBuildMdlForNonPagedPool
-  - ZwOpenSymbolicLinkObject
-  - IoFreeMdl
-  - KeUnstackDetachProcess
-  - ExInitializeRundownProtection
-  - ZwOpenDirectoryObject
-  - IoVolumeDeviceToDosName
-  - KeDelayExecutionThread
-  - RtlFreeUnicodeString
-  - ExEnumHandleTable
-  - ExAcquireRundownProtection
-  - IoFileObjectType
-  - IoDriverObjectType
-  - ZwCreateFile
-  - wcsstr
-  - MmMapLockedPagesSpecifyCache
-  - IoGetDeviceObjectPointer
-  - IoStopTimer
-  - ExAllocatePool
-  - IoUnregisterShutdownNotification
-  - IoGetCurrentProcess
-  - NtClose
-  - ZwClose
-  - IofCompleteRequest
-  - ObReferenceObjectByHandle
-  - KeWaitForSingleObject
-  - ZwQueryDirectoryObject
-  - PsRemoveLoadImageNotifyRoutine
-  - IoFreeIrp
-  - MmProbeAndLockPages
-  - PsThreadType
-  - RtlCompareUnicodeString
-  - IoAllocateIrp
-  - ObSetHandleAttributes
-  - MmUnlockPages
-  - ZwQueryInformationProcess
-  - IoCreateSymbolicLink
-  - MmIsAddressValid
-  - ObfDereferenceObject
-  - ObReferenceObjectByName
-  - IoCreateDevice
-  - ZwTerminateProcess
-  - RtlAssert
-  - KeCancelTimer
-  - CmUnRegisterCallback
-  - ObOpenObjectByPointer
-  - DbgPrint
-  - KeStackAttachProcess
-  - PsGetProcessWow64Process
-  - IoAllocateMdl
-  - IofCallDriver
-  - KeBugCheckEx
-  - sprintf
-  - PsGetProcessPeb
-  - ExWaitForRundownProtectionRelease
-  - _wcsicmp
-  - _stricmp
-  - ObQueryNameString
-  - __C_specific_handler
-  - KeStallExecutionProcessor
-  - FltUnregisterFilter
-  - FltEnumerateFilters
-  - FltObjectDereference
-  - FltRegisterFilter
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  - FLTMGR.SYS
-  InternalName: kEvP64.sys
-  MD5: 2a5ccd95292f03f0dd4899d18b55b428
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: kEvP64.sys
-  PDBPath: ''
-  Product: PowerTool
-  ProductVersion: 1.0.1.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: fcdc85906fc0d379ce5bd1f99cd4ec0e
-    SHA1: 862a2c25721e0e4bd332fd64324d347d1bcdc617
-    SHA256: 3b55a7c6f619060d5a89038de0943b3fe83d4653e92b8062581f97ba14bf51ea
-  SHA1: 4927d843577bada119a17b249ff4e7f5e9983a92
-  SHA256: 7c0f77d103015fc29379ba75d133dc3450d557b0ba1f7495c6b43447abdae230
-  Sections:
-    .text:
-      Entropy: 5.6112015272148374
-      Virtual Size: '0x1b49d'
-    .rdata:
-      Entropy: 5.075219300211116
-      Virtual Size: '0x3a28'
-    .data:
-      Entropy: 4.884576013154239
-      Virtual Size: '0x6c80'
-    .pdata:
-      Entropy: 4.9553740981969785
-      Virtual Size: '0x9e4'
-    PAGE:
-      Entropy: 5.596201545135429
-      Virtual Size: '0xd9d'
-    INIT:
-      Entropy: 5.553006501210225
-      Virtual Size: '0xf62'
-    .rsrc:
-      Entropy: 3.234842024525819
-      Virtual Size: '0x318'
-    .reloc:
-      Entropy: 1.3741854163060885
-      Virtual Size: '0x18'
-  Signature: ''
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA
-        , G2
-      ValidFrom: '2012-12-21 00:00:00'
-      ValidTo: '2020-12-30 23:59:59'
-      Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
-      Version: 3
-      TBS:
-        MD5: d0785ad36e427c92b19f6826ab1e8020
-        SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
-        SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
-        SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
-    - Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer
-        , G4
-      ValidFrom: '2012-10-18 00:00:00'
-      ValidTo: '2020-12-29 23:59:59'
-      Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0ecff438c8febf356e04d86a981b1a50
-      Version: 3
-      TBS:
-        MD5: e9d38360b914c8863f6cba3ee58764d3
-        SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
-        SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
-        SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
-    - Subject: C=CN, ST=Beijing, L=Beijing, O=, OU=RD, CN=
-      ValidFrom: '2015-07-27 00:00:00'
-      ValidTo: '2016-08-25 23:59:59'
-      Signature: cb382c80e762f190213e6d4d24123b8e2851f2775f1df964e29655c927f1395c81bd01aa4106ceba3895b1db2744a41d4b0bc9b4305f7f5826764c038808d14dd7d3429ffbf6cbac8462d86c176c36ca145a8b9298eed05a55f84731eff3f5e98f6d4d0d7bda39e2a1e8854362dff3bd1b9be33f4f34f97e1e74354f5afd2689260230c61481f8cc6bbba9659f47dd114e9991e9c0d9cb91453001dd604edd328454ecb389c37ebbfb4ed2477a9abbca65723363ffd0814ddff8248ff33129df16bcd5a47c4140d1ff4d245c2b3f2cbf39ca68fcba6377cfb455d3a564ebe8af38855b4482176763e1d9a63777a1112972edf7f0b7ebaecde68653b23acd229d
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 195c5f9885214bfb4f88dd2ad1f0be8c
-      Version: 3
-      TBS:
-        MD5: 29354273ffa68d860d2e9deb5fe3d602
-        SHA1: fa3d720490408dcaad3762167515dd5023710e1a
-        SHA256: f2be523e7f4c60d579119a390a4bfc10c4400b4e5104bc1187dd67cdde7491e0
-        SHA384: c5706cd33379ce04bf38d2ad2016b09a5a53da722a8998b6387c8bd5fcda06bad32415c7b1ab1a09a1f1b76a85fbb03b
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign,
-        Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification
-        Authority , G5
-      ValidFrom: '2011-02-22 19:25:17'
-      ValidTo: '2021-02-22 19:35:17'
-      Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611993e400000000001c
-      Version: 3
-      TBS:
-        MD5: 78a717e082dcc1cda3458d917e677d14
-        SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
-        SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
-        SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
-    - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use
-        at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      ValidFrom: '2010-02-08 00:00:00'
-      ValidTo: '2020-02-07 23:59:59'
-      Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
-      Version: 3
-      TBS:
-        MD5: b30c31a572b0409383ed3fbe17e56e81
-        SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
-        SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
-        SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
-    Signer:
-    - SerialNumber: 195c5f9885214bfb4f88dd2ad1f0be8c
-      Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at
-        https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010
-        CA
-      Version: 1
-  Imphash: f5030145594c486434040aa2636a5dde
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create kEvP64.sys binPath=C:\windows\temp\kEvP64.sys type=kernel
+        && sc.exe start kEvP64.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://github.com/elastic/protections-artifacts/search?q=VulnDriver
-Tags:
-- kEvP64.sys
-Verified: 'TRUE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/1aaa9aef39cb3c0a854ecb4ca7d3b213458f302025e0ec5bfbdef973cca9111c.yara
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: dd340bd4626e61ca6b85d8be496cf474
+        SHA1: 2890346c9be7683fe8c111c0a9ccef8f8734f05c
+        SHA256: 7a1dfe962c0c714c35827f7cf19bbca693bb1e769037b06b5f86d7f33b723f72
+    Company: PowerTool
+    Copyright: PowerTool
+    CreationTimestamp: '2015-08-11 22:47:01'
+    Date: ''
+    Description: PowerTool
+    ExportedFunctions: ''
+    FileVersion: '1.0.1.0 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - IoThreadToProcess
+    - ExAllocatePoolWithTag
+    - ProbeForRead
+    - KeClearEvent
+    - PsProcessType
+    - IoReuseIrp
+    - ObRegisterCallbacks
+    - IoBuildDeviceIoControlRequest
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - RtlAnsiStringToUnicodeString
+    - ObUnRegisterCallbacks
+    - PsGetProcessImageFileName
+    - PsRemoveCreateThreadNotifyRoutine
+    - PsLookupProcessByProcessId
+    - ZwQuerySymbolicLinkObject
+    - _wcsnicmp
+    - SeCreateAccessState
+    - KeInitializeApc
+    - IoGetRelatedDeviceObject
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeSetEvent
+    - ExGetPreviousMode
+    - ProbeForWrite
+    - IoGetFileObjectGenericMapping
+    - swprintf
+    - ObCreateObject
+    - ObGetFilterVersion
+    - MmGetSystemRoutineAddress
+    - IoCreateFile
+    - KeInitializeEvent
+    - RtlInitAnsiString
+    - RtlUnicodeStringToAnsiString
+    - RtlGetVersion
+    - ZwQuerySystemInformation
+    - ExReleaseRundownProtection
+    - PsSetCreateProcessNotifyRoutine
+    - RtlEqualUnicodeString
+    - MmBuildMdlForNonPagedPool
+    - ZwOpenSymbolicLinkObject
+    - IoFreeMdl
+    - KeUnstackDetachProcess
+    - ExInitializeRundownProtection
+    - ZwOpenDirectoryObject
+    - IoVolumeDeviceToDosName
+    - KeDelayExecutionThread
+    - RtlFreeUnicodeString
+    - ExAcquireRundownProtection
+    - ObQueryNameString
+    - IoFileObjectType
+    - IoDriverObjectType
+    - ZwCreateFile
+    - wcsstr
+    - MmMapLockedPagesSpecifyCache
+    - IoGetDeviceObjectPointer
+    - IoStopTimer
+    - ExAllocatePool
+    - IoUnregisterShutdownNotification
+    - IoGetCurrentProcess
+    - NtClose
+    - ZwClose
+    - IofCompleteRequest
+    - ObReferenceObjectByHandle
+    - KeWaitForSingleObject
+    - ZwQueryDirectoryObject
+    - PsRemoveLoadImageNotifyRoutine
+    - IoFreeIrp
+    - MmProbeAndLockPages
+    - PsThreadType
+    - RtlCompareUnicodeString
+    - IoAllocateIrp
+    - ObSetHandleAttributes
+    - MmUnlockPages
+    - ZwQueryInformationProcess
+    - IoCreateSymbolicLink
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - ObReferenceObjectByName
+    - IoCreateDevice
+    - RtlAssert
+    - KeCancelTimer
+    - CmUnRegisterCallback
+    - ObOpenObjectByPointer
+    - DbgPrint
+    - KeStackAttachProcess
+    - IoAllocateMdl
+    - IofCallDriver
+    - KeBugCheckEx
+    - sprintf
+    - PsGetProcessPeb
+    - ExWaitForRundownProtectionRelease
+    - _wcsicmp
+    - _stricmp
+    - ExEnumHandleTable
+    - __C_specific_handler
+    - KeStallExecutionProcessor
+    - FltUnregisterFilter
+    - FltEnumerateFilters
+    - FltObjectDereference
+    - FltRegisterFilter
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    - FLTMGR.SYS
+    InternalName: kEvP64.sys
+    MD5: 3ae11bde32cdbd8637124ada866a5a7e
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: kEvP64.sys
+    PDBPath: ''
+    Product: PowerTool
+    ProductVersion: 1.0.1.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 4d1db9cac7ab13390ea7d7ec35eddf7b
+        SHA1: 228e64d99fe82f4916f10dce9b4fd301b71e5116
+        SHA256: c5cb014591ad8b30275f0b0f5d846669fef5bead29f1c85e984ef149b3cbe166
+    SHA1: 4a2e034d2702aba6bca5d9405ba533ed1274ff0c
+    SHA256: 7462b7ae48ae9469474222d4df2f0c4f72cdef7f3a69a524d4fccc5ed0fd343f
+    Sections:
+        .text:
+            Entropy: 5.613109580628023
+            Virtual Size: '0x1b21d'
+        .rdata:
+            Entropy: 5.0642907178262595
+            Virtual Size: '0x39dc'
+        .data:
+            Entropy: 4.884576013154239
+            Virtual Size: '0x6c80'
+        .pdata:
+            Entropy: 4.990690495588537
+            Virtual Size: '0x9cc'
+        PAGE:
+            Entropy: 5.5994638376395525
+            Virtual Size: '0xccd'
+        INIT:
+            Entropy: 5.548198899919406
+            Virtual Size: '0xf20'
+        .rsrc:
+            Entropy: 3.234842024525819
+            Virtual Size: '0x318'
+        .reloc:
+            Entropy: 1.3741854163060885
+            Virtual Size: '0x18'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=CN, ST=Beijing, L=Beijing, O=, OU=RD, CN=
+            ValidFrom: '2015-07-27 00:00:00'
+            ValidTo: '2016-08-25 23:59:59'
+            Signature: cb382c80e762f190213e6d4d24123b8e2851f2775f1df964e29655c927f1395c81bd01aa4106ceba3895b1db2744a41d4b0bc9b4305f7f5826764c038808d14dd7d3429ffbf6cbac8462d86c176c36ca145a8b9298eed05a55f84731eff3f5e98f6d4d0d7bda39e2a1e8854362dff3bd1b9be33f4f34f97e1e74354f5afd2689260230c61481f8cc6bbba9659f47dd114e9991e9c0d9cb91453001dd604edd328454ecb389c37ebbfb4ed2477a9abbca65723363ffd0814ddff8248ff33129df16bcd5a47c4140d1ff4d245c2b3f2cbf39ca68fcba6377cfb455d3a564ebe8af38855b4482176763e1d9a63777a1112972edf7f0b7ebaecde68653b23acd229d
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 195c5f9885214bfb4f88dd2ad1f0be8c
+            Version: 3
+            TBS:
+                MD5: 29354273ffa68d860d2e9deb5fe3d602
+                SHA1: fa3d720490408dcaad3762167515dd5023710e1a
+                SHA256: f2be523e7f4c60d579119a390a4bfc10c4400b4e5104bc1187dd67cdde7491e0
+                SHA384: c5706cd33379ce04bf38d2ad2016b09a5a53da722a8998b6387c8bd5fcda06bad32415c7b1ab1a09a1f1b76a85fbb03b
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 195c5f9885214bfb4f88dd2ad1f0be8c
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 021fd02a8adad420116496b6f2759960
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: f921aff2b09e5b82787b7f84c0d57e2d
+        SHA1: 1f046fae17d77909883f4dcfd13459e1db2768eb
+        SHA256: be690e8bbc4b0ba4b37c1a331294655dff0c73be530428a447e318c06ec06d57
+    Company: PowerTool
+    Copyright: PowerTool
+    CreationTimestamp: '2015-12-08 19:11:57'
+    Date: ''
+    Description: PowerTool
+    ExportedFunctions: ''
+    FileVersion: '1.0.1.0 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - IoThreadToProcess
+    - ExAllocatePoolWithTag
+    - ProbeForRead
+    - KeClearEvent
+    - PsProcessType
+    - IoReuseIrp
+    - ObRegisterCallbacks
+    - IoBuildDeviceIoControlRequest
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - RtlAnsiStringToUnicodeString
+    - ObUnRegisterCallbacks
+    - PsGetProcessImageFileName
+    - PsRemoveCreateThreadNotifyRoutine
+    - PsLookupProcessByProcessId
+    - ZwQuerySymbolicLinkObject
+    - _wcsnicmp
+    - SeCreateAccessState
+    - KeInitializeApc
+    - IoGetRelatedDeviceObject
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeSetEvent
+    - ExGetPreviousMode
+    - ProbeForWrite
+    - IoGetFileObjectGenericMapping
+    - swprintf
+    - ObCreateObject
+    - ObGetFilterVersion
+    - MmGetSystemRoutineAddress
+    - IoCreateFile
+    - KeInitializeEvent
+    - RtlInitAnsiString
+    - RtlUnicodeStringToAnsiString
+    - RtlGetVersion
+    - ZwQuerySystemInformation
+    - ExReleaseRundownProtection
+    - PsSetCreateProcessNotifyRoutine
+    - RtlEqualUnicodeString
+    - MmBuildMdlForNonPagedPool
+    - ZwOpenSymbolicLinkObject
+    - IoFreeMdl
+    - KeUnstackDetachProcess
+    - ExInitializeRundownProtection
+    - ZwOpenDirectoryObject
+    - IoVolumeDeviceToDosName
+    - KeDelayExecutionThread
+    - RtlFreeUnicodeString
+    - ExEnumHandleTable
+    - ExAcquireRundownProtection
+    - IoFileObjectType
+    - IoDriverObjectType
+    - ZwCreateFile
+    - wcsstr
+    - MmMapLockedPagesSpecifyCache
+    - IoGetDeviceObjectPointer
+    - IoStopTimer
+    - ExAllocatePool
+    - IoUnregisterShutdownNotification
+    - IoGetCurrentProcess
+    - NtClose
+    - ZwClose
+    - IofCompleteRequest
+    - ObReferenceObjectByHandle
+    - KeWaitForSingleObject
+    - ZwQueryDirectoryObject
+    - PsRemoveLoadImageNotifyRoutine
+    - IoFreeIrp
+    - MmProbeAndLockPages
+    - PsThreadType
+    - RtlCompareUnicodeString
+    - IoAllocateIrp
+    - ObSetHandleAttributes
+    - MmUnlockPages
+    - ZwQueryInformationProcess
+    - IoCreateSymbolicLink
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - ObReferenceObjectByName
+    - IoCreateDevice
+    - ZwTerminateProcess
+    - RtlAssert
+    - KeCancelTimer
+    - CmUnRegisterCallback
+    - ObOpenObjectByPointer
+    - DbgPrint
+    - KeStackAttachProcess
+    - PsGetProcessWow64Process
+    - IoAllocateMdl
+    - IofCallDriver
+    - KeBugCheckEx
+    - sprintf
+    - PsGetProcessPeb
+    - ExWaitForRundownProtectionRelease
+    - _wcsicmp
+    - _stricmp
+    - ObQueryNameString
+    - __C_specific_handler
+    - KeStallExecutionProcessor
+    - FltUnregisterFilter
+    - FltEnumerateFilters
+    - FltObjectDereference
+    - FltRegisterFilter
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    - FLTMGR.SYS
+    InternalName: kEvP64.sys
+    MD5: 1c9001dcd34b4db414f0c54242fedf49
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: kEvP64.sys
+    PDBPath: ''
+    Product: PowerTool
+    ProductVersion: 1.0.1.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: fcdc85906fc0d379ce5bd1f99cd4ec0e
+        SHA1: 862a2c25721e0e4bd332fd64324d347d1bcdc617
+        SHA256: 3b55a7c6f619060d5a89038de0943b3fe83d4653e92b8062581f97ba14bf51ea
+    SHA1: 56af49e030eb85528e82849d7d1b6147f3c4973e
+    SHA256: 2a4f4400402cdc475d39389645ca825bb0e775c3ecb7c527e30c5be44e24af7d
+    Sections:
+        .text:
+            Entropy: 5.6112015272148374
+            Virtual Size: '0x1b49d'
+        .rdata:
+            Entropy: 5.07533286836199
+            Virtual Size: '0x3a28'
+        .data:
+            Entropy: 4.884576013154239
+            Virtual Size: '0x6c80'
+        .pdata:
+            Entropy: 4.9553740981969785
+            Virtual Size: '0x9e4'
+        PAGE:
+            Entropy: 5.596201545135429
+            Virtual Size: '0xd9d'
+        INIT:
+            Entropy: 5.553006501210225
+            Virtual Size: '0xf62'
+        .rsrc:
+            Entropy: 3.234842024525819
+            Virtual Size: '0x318'
+        .reloc:
+            Entropy: 1.3741854163060885
+            Virtual Size: '0x18'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=CN, ST=Beijing, L=Beijing, O=, OU=RD, CN=
+            ValidFrom: '2015-07-27 00:00:00'
+            ValidTo: '2016-08-25 23:59:59'
+            Signature: cb382c80e762f190213e6d4d24123b8e2851f2775f1df964e29655c927f1395c81bd01aa4106ceba3895b1db2744a41d4b0bc9b4305f7f5826764c038808d14dd7d3429ffbf6cbac8462d86c176c36ca145a8b9298eed05a55f84731eff3f5e98f6d4d0d7bda39e2a1e8854362dff3bd1b9be33f4f34f97e1e74354f5afd2689260230c61481f8cc6bbba9659f47dd114e9991e9c0d9cb91453001dd604edd328454ecb389c37ebbfb4ed2477a9abbca65723363ffd0814ddff8248ff33129df16bcd5a47c4140d1ff4d245c2b3f2cbf39ca68fcba6377cfb455d3a564ebe8af38855b4482176763e1d9a63777a1112972edf7f0b7ebaecde68653b23acd229d
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 195c5f9885214bfb4f88dd2ad1f0be8c
+            Version: 3
+            TBS:
+                MD5: 29354273ffa68d860d2e9deb5fe3d602
+                SHA1: fa3d720490408dcaad3762167515dd5023710e1a
+                SHA256: f2be523e7f4c60d579119a390a4bfc10c4400b4e5104bc1187dd67cdde7491e0
+                SHA384: c5706cd33379ce04bf38d2ad2016b09a5a53da722a8998b6387c8bd5fcda06bad32415c7b1ab1a09a1f1b76a85fbb03b
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 195c5f9885214bfb4f88dd2ad1f0be8c
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: f5030145594c486434040aa2636a5dde
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: bd0b58bcd07ce5e3de35a47317c751e0
+        SHA1: 5c9e742280da8bd96a5ff6cbfb70641f8d29e179
+        SHA256: 340ab79ca0f9f2c2448e936621ffe937fb200270c2f7f5197b4a669dcdd69c7b
+    Company: PowerTool
+    Copyright: PowerTool
+    CreationTimestamp: '2015-12-21 00:56:08'
+    Date: ''
+    Description: PowerTool
+    ExportedFunctions: ''
+    FileVersion: '1.0.1.0 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - IoThreadToProcess
+    - ExAllocatePoolWithTag
+    - ProbeForRead
+    - KeClearEvent
+    - PsProcessType
+    - IoReuseIrp
+    - ObRegisterCallbacks
+    - IoBuildDeviceIoControlRequest
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - RtlAnsiStringToUnicodeString
+    - ObUnRegisterCallbacks
+    - PsGetProcessImageFileName
+    - PsRemoveCreateThreadNotifyRoutine
+    - PsLookupProcessByProcessId
+    - ZwQuerySymbolicLinkObject
+    - _wcsnicmp
+    - SeCreateAccessState
+    - KeInitializeApc
+    - IoGetRelatedDeviceObject
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeSetEvent
+    - ExGetPreviousMode
+    - ProbeForWrite
+    - IoGetFileObjectGenericMapping
+    - swprintf
+    - ObCreateObject
+    - ObGetFilterVersion
+    - MmGetSystemRoutineAddress
+    - IoCreateFile
+    - KeInitializeEvent
+    - RtlInitAnsiString
+    - RtlUnicodeStringToAnsiString
+    - RtlGetVersion
+    - ZwQuerySystemInformation
+    - ExReleaseRundownProtection
+    - PsSetCreateProcessNotifyRoutine
+    - RtlEqualUnicodeString
+    - MmBuildMdlForNonPagedPool
+    - ZwOpenSymbolicLinkObject
+    - IoFreeMdl
+    - KeUnstackDetachProcess
+    - ExInitializeRundownProtection
+    - ZwOpenDirectoryObject
+    - IoVolumeDeviceToDosName
+    - KeDelayExecutionThread
+    - RtlFreeUnicodeString
+    - ExEnumHandleTable
+    - ExAcquireRundownProtection
+    - IoFileObjectType
+    - IoDriverObjectType
+    - ZwCreateFile
+    - wcsstr
+    - MmMapLockedPagesSpecifyCache
+    - IoGetDeviceObjectPointer
+    - IoStopTimer
+    - ExAllocatePool
+    - IoUnregisterShutdownNotification
+    - IoGetCurrentProcess
+    - NtClose
+    - ZwClose
+    - IofCompleteRequest
+    - ObReferenceObjectByHandle
+    - KeWaitForSingleObject
+    - ZwQueryDirectoryObject
+    - PsRemoveLoadImageNotifyRoutine
+    - IoFreeIrp
+    - MmProbeAndLockPages
+    - PsThreadType
+    - RtlCompareUnicodeString
+    - IoAllocateIrp
+    - ObSetHandleAttributes
+    - MmUnlockPages
+    - ZwQueryInformationProcess
+    - IoCreateSymbolicLink
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - ObReferenceObjectByName
+    - IoCreateDevice
+    - ZwTerminateProcess
+    - RtlAssert
+    - KeCancelTimer
+    - CmUnRegisterCallback
+    - ObOpenObjectByPointer
+    - DbgPrint
+    - KeStackAttachProcess
+    - PsGetProcessWow64Process
+    - IoAllocateMdl
+    - IofCallDriver
+    - KeBugCheckEx
+    - sprintf
+    - PsGetProcessPeb
+    - ExWaitForRundownProtectionRelease
+    - _wcsicmp
+    - _stricmp
+    - ObQueryNameString
+    - __C_specific_handler
+    - KeStallExecutionProcessor
+    - FltUnregisterFilter
+    - FltEnumerateFilters
+    - FltObjectDereference
+    - FltRegisterFilter
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    - FLTMGR.SYS
+    InternalName: kEvP64.sys
+    MD5: 23b807c09b9b6ea85ed5c508aab200b7
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: kEvP64.sys
+    PDBPath: ''
+    Product: PowerTool
+    ProductVersion: 1.0.1.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: fcdc85906fc0d379ce5bd1f99cd4ec0e
+        SHA1: 862a2c25721e0e4bd332fd64324d347d1bcdc617
+        SHA256: 3b55a7c6f619060d5a89038de0943b3fe83d4653e92b8062581f97ba14bf51ea
+    SHA1: e5114fd50904c7fb75d8c86367b9a2dd4f79dfb1
+    SHA256: 97363f377aaf3c01641ac04a15714acbec978afb1219ac8f22c7e5df7f2b2d56
+    Sections:
+        .text:
+            Entropy: 5.613631106472611
+            Virtual Size: '0x1b1ad'
+        .rdata:
+            Entropy: 5.0751353959883
+            Virtual Size: '0x3a28'
+        .data:
+            Entropy: 4.884576013154239
+            Virtual Size: '0x6c80'
+        .pdata:
+            Entropy: 5.001144635940318
+            Virtual Size: '0x9cc'
+        PAGE:
+            Entropy: 5.56864239699956
+            Virtual Size: '0xd0d'
+        INIT:
+            Entropy: 5.551018134028347
+            Virtual Size: '0xf62'
+        .rsrc:
+            Entropy: 3.234842024525819
+            Virtual Size: '0x318'
+        .reloc:
+            Entropy: 1.3741854163060885
+            Virtual Size: '0x18'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=CN, ST=Beijing, L=Beijing, O=, OU=RD, CN=
+            ValidFrom: '2015-07-27 00:00:00'
+            ValidTo: '2016-08-25 23:59:59'
+            Signature: cb382c80e762f190213e6d4d24123b8e2851f2775f1df964e29655c927f1395c81bd01aa4106ceba3895b1db2744a41d4b0bc9b4305f7f5826764c038808d14dd7d3429ffbf6cbac8462d86c176c36ca145a8b9298eed05a55f84731eff3f5e98f6d4d0d7bda39e2a1e8854362dff3bd1b9be33f4f34f97e1e74354f5afd2689260230c61481f8cc6bbba9659f47dd114e9991e9c0d9cb91453001dd604edd328454ecb389c37ebbfb4ed2477a9abbca65723363ffd0814ddff8248ff33129df16bcd5a47c4140d1ff4d245c2b3f2cbf39ca68fcba6377cfb455d3a564ebe8af38855b4482176763e1d9a63777a1112972edf7f0b7ebaecde68653b23acd229d
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 195c5f9885214bfb4f88dd2ad1f0be8c
+            Version: 3
+            TBS:
+                MD5: 29354273ffa68d860d2e9deb5fe3d602
+                SHA1: fa3d720490408dcaad3762167515dd5023710e1a
+                SHA256: f2be523e7f4c60d579119a390a4bfc10c4400b4e5104bc1187dd67cdde7491e0
+                SHA384: c5706cd33379ce04bf38d2ad2016b09a5a53da722a8998b6387c8bd5fcda06bad32415c7b1ab1a09a1f1b76a85fbb03b
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 195c5f9885214bfb4f88dd2ad1f0be8c
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: f5030145594c486434040aa2636a5dde
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 1b48e3ebf24bc8c648e7eca9219d1484
+        SHA1: ae06eb14cd837b37a02c066e7892802900b4ecc4
+        SHA256: ecd1412340d618be39c4ac26d442ed66c0fd1ff6a7641cda404e970fb6c48bad
+    Company: PowerTool
+    Copyright: PowerTool
+    CreationTimestamp: '2015-12-08 19:11:57'
+    Date: ''
+    Description: PowerTool
+    ExportedFunctions: ''
+    FileVersion: '1.0.1.0 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - IoThreadToProcess
+    - ExAllocatePoolWithTag
+    - ProbeForRead
+    - KeClearEvent
+    - PsProcessType
+    - IoReuseIrp
+    - ObRegisterCallbacks
+    - IoBuildDeviceIoControlRequest
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - RtlAnsiStringToUnicodeString
+    - ObUnRegisterCallbacks
+    - PsGetProcessImageFileName
+    - PsRemoveCreateThreadNotifyRoutine
+    - PsLookupProcessByProcessId
+    - ZwQuerySymbolicLinkObject
+    - _wcsnicmp
+    - SeCreateAccessState
+    - KeInitializeApc
+    - IoGetRelatedDeviceObject
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeSetEvent
+    - ExGetPreviousMode
+    - ProbeForWrite
+    - IoGetFileObjectGenericMapping
+    - swprintf
+    - ObCreateObject
+    - ObGetFilterVersion
+    - MmGetSystemRoutineAddress
+    - IoCreateFile
+    - KeInitializeEvent
+    - RtlInitAnsiString
+    - RtlUnicodeStringToAnsiString
+    - RtlGetVersion
+    - ZwQuerySystemInformation
+    - ExReleaseRundownProtection
+    - PsSetCreateProcessNotifyRoutine
+    - RtlEqualUnicodeString
+    - MmBuildMdlForNonPagedPool
+    - ZwOpenSymbolicLinkObject
+    - IoFreeMdl
+    - KeUnstackDetachProcess
+    - ExInitializeRundownProtection
+    - ZwOpenDirectoryObject
+    - IoVolumeDeviceToDosName
+    - KeDelayExecutionThread
+    - RtlFreeUnicodeString
+    - ExEnumHandleTable
+    - ExAcquireRundownProtection
+    - IoFileObjectType
+    - IoDriverObjectType
+    - ZwCreateFile
+    - wcsstr
+    - MmMapLockedPagesSpecifyCache
+    - IoGetDeviceObjectPointer
+    - IoStopTimer
+    - ExAllocatePool
+    - IoUnregisterShutdownNotification
+    - IoGetCurrentProcess
+    - NtClose
+    - ZwClose
+    - IofCompleteRequest
+    - ObReferenceObjectByHandle
+    - KeWaitForSingleObject
+    - ZwQueryDirectoryObject
+    - PsRemoveLoadImageNotifyRoutine
+    - IoFreeIrp
+    - MmProbeAndLockPages
+    - PsThreadType
+    - RtlCompareUnicodeString
+    - IoAllocateIrp
+    - ObSetHandleAttributes
+    - MmUnlockPages
+    - ZwQueryInformationProcess
+    - IoCreateSymbolicLink
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - ObReferenceObjectByName
+    - IoCreateDevice
+    - ZwTerminateProcess
+    - RtlAssert
+    - KeCancelTimer
+    - CmUnRegisterCallback
+    - ObOpenObjectByPointer
+    - DbgPrint
+    - KeStackAttachProcess
+    - PsGetProcessWow64Process
+    - IoAllocateMdl
+    - IofCallDriver
+    - KeBugCheckEx
+    - sprintf
+    - PsGetProcessPeb
+    - ExWaitForRundownProtectionRelease
+    - _wcsicmp
+    - _stricmp
+    - ObQueryNameString
+    - __C_specific_handler
+    - KeStallExecutionProcessor
+    - FltUnregisterFilter
+    - FltEnumerateFilters
+    - FltObjectDereference
+    - FltRegisterFilter
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    - FLTMGR.SYS
+    InternalName: kEvP64.sys
+    MD5: 2c1045bb133b7c9f5115e7f2b20c267a
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: kEvP64.sys
+    PDBPath: ''
+    Product: PowerTool
+    ProductVersion: 1.0.1.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: fcdc85906fc0d379ce5bd1f99cd4ec0e
+        SHA1: 862a2c25721e0e4bd332fd64324d347d1bcdc617
+        SHA256: 3b55a7c6f619060d5a89038de0943b3fe83d4653e92b8062581f97ba14bf51ea
+    SHA1: a380aeb3ffaecc53ca48bb1d4d622c46f1de7962
+    SHA256: e61004335dfe7349f2b2252baa1e111fb47c0f2d6c78a060502b6fcc92f801e4
+    Sections:
+        .text:
+            Entropy: 5.6112015272148374
+            Virtual Size: '0x1b49d'
+        .rdata:
+            Entropy: 5.075219300211116
+            Virtual Size: '0x3a28'
+        .data:
+            Entropy: 4.884576013154239
+            Virtual Size: '0x6c80'
+        .pdata:
+            Entropy: 4.9553740981969785
+            Virtual Size: '0x9e4'
+        PAGE:
+            Entropy: 5.596201545135429
+            Virtual Size: '0xd9d'
+        INIT:
+            Entropy: 5.553006501210225
+            Virtual Size: '0xf62'
+        .rsrc:
+            Entropy: 3.234842024525819
+            Virtual Size: '0x318'
+        .reloc:
+            Entropy: 1.3741854163060885
+            Virtual Size: '0x18'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=CN, ST=Beijing, L=Beijing, O=, OU=RD, CN=
+            ValidFrom: '2015-07-27 00:00:00'
+            ValidTo: '2016-08-25 23:59:59'
+            Signature: cb382c80e762f190213e6d4d24123b8e2851f2775f1df964e29655c927f1395c81bd01aa4106ceba3895b1db2744a41d4b0bc9b4305f7f5826764c038808d14dd7d3429ffbf6cbac8462d86c176c36ca145a8b9298eed05a55f84731eff3f5e98f6d4d0d7bda39e2a1e8854362dff3bd1b9be33f4f34f97e1e74354f5afd2689260230c61481f8cc6bbba9659f47dd114e9991e9c0d9cb91453001dd604edd328454ecb389c37ebbfb4ed2477a9abbca65723363ffd0814ddff8248ff33129df16bcd5a47c4140d1ff4d245c2b3f2cbf39ca68fcba6377cfb455d3a564ebe8af38855b4482176763e1d9a63777a1112972edf7f0b7ebaecde68653b23acd229d
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 195c5f9885214bfb4f88dd2ad1f0be8c
+            Version: 3
+            TBS:
+                MD5: 29354273ffa68d860d2e9deb5fe3d602
+                SHA1: fa3d720490408dcaad3762167515dd5023710e1a
+                SHA256: f2be523e7f4c60d579119a390a4bfc10c4400b4e5104bc1187dd67cdde7491e0
+                SHA384: c5706cd33379ce04bf38d2ad2016b09a5a53da722a8998b6387c8bd5fcda06bad32415c7b1ab1a09a1f1b76a85fbb03b
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 195c5f9885214bfb4f88dd2ad1f0be8c
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: f5030145594c486434040aa2636a5dde
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 89184d56336f62fecc67f644b1ec4219
+        SHA1: cd773a4b5aef78bda651069b9304e4d5e2033cb9
+        SHA256: c7ba2720675aada538c47fa9e8950a81b6df23f63fa181680e6232651abffbef
+    Company: PowerTool
+    Copyright: PowerTool
+    CreationTimestamp: '2016-02-01 22:35:30'
+    Date: ''
+    Description: PowerTool
+    ExportedFunctions: ''
+    FileVersion: '1.0.1.0 built by: WinDDK'
+    Filename: kEvP64.sys
+    ImportedFunctions:
+    - ProbeForRead
+    - KeClearEvent
+    - PsProcessType
+    - IoReuseIrp
+    - ObRegisterCallbacks
+    - IoBuildDeviceIoControlRequest
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - RtlAnsiStringToUnicodeString
+    - ObUnRegisterCallbacks
+    - PsGetProcessImageFileName
+    - PsRemoveCreateThreadNotifyRoutine
+    - PsLookupProcessByProcessId
+    - ZwQuerySymbolicLinkObject
+    - _wcsnicmp
+    - SeCreateAccessState
+    - KeInitializeApc
+    - IoGetRelatedDeviceObject
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeSetEvent
+    - ExGetPreviousMode
+    - ProbeForWrite
+    - IoGetFileObjectGenericMapping
+    - swprintf
+    - ObCreateObject
+    - ObGetFilterVersion
+    - MmGetSystemRoutineAddress
+    - IoCreateFile
+    - KeInitializeEvent
+    - RtlInitAnsiString
+    - RtlUnicodeStringToAnsiString
+    - RtlGetVersion
+    - ZwQuerySystemInformation
+    - ExReleaseRundownProtection
+    - PsSetCreateProcessNotifyRoutine
+    - MmUnmapIoSpace
+    - RtlEqualUnicodeString
+    - MmBuildMdlForNonPagedPool
+    - ZwOpenSymbolicLinkObject
+    - IoFreeMdl
+    - KeUnstackDetachProcess
+    - ExInitializeRundownProtection
+    - ZwOpenDirectoryObject
+    - IoVolumeDeviceToDosName
+    - KeDelayExecutionThread
+    - RtlFreeUnicodeString
+    - ExEnumHandleTable
+    - ObQueryNameString
+    - ExAllocatePoolWithTag
+    - IoDriverObjectType
+    - ZwCreateFile
+    - wcsstr
+    - MmMapLockedPagesSpecifyCache
+    - IoGetDeviceObjectPointer
+    - IoStopTimer
+    - ExAllocatePool
+    - IoUnregisterShutdownNotification
+    - IoGetCurrentProcess
+    - MmMapIoSpace
+    - NtClose
+    - ZwClose
+    - IofCompleteRequest
+    - ObReferenceObjectByHandle
+    - KeWaitForSingleObject
+    - ZwQueryDirectoryObject
+    - PsRemoveLoadImageNotifyRoutine
+    - IoFreeIrp
+    - MmProbeAndLockPages
+    - PsThreadType
+    - RtlCompareUnicodeString
+    - IoAllocateIrp
+    - ObSetHandleAttributes
+    - MmUnlockPages
+    - ZwQueryInformationProcess
+    - IoCreateSymbolicLink
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - ObReferenceObjectByName
+    - IoCreateDevice
+    - ZwTerminateProcess
+    - RtlAssert
+    - KeCancelTimer
+    - CmUnRegisterCallback
+    - ObOpenObjectByPointer
+    - DbgPrint
+    - KeStackAttachProcess
+    - PsGetProcessWow64Process
+    - IoAllocateMdl
+    - IofCallDriver
+    - KeBugCheckEx
+    - IoThreadToProcess
+    - ExAcquireRundownProtection
+    - sprintf
+    - PsGetProcessPeb
+    - ExWaitForRundownProtectionRelease
+    - _wcsicmp
+    - _stricmp
+    - IoFileObjectType
+    - __C_specific_handler
+    - HalSetBusDataByOffset
+    - KeStallExecutionProcessor
+    - HalGetBusDataByOffset
+    - FltUnregisterFilter
+    - FltEnumerateFilters
+    - FltObjectDereference
+    - FltRegisterFilter
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    - FLTMGR.SYS
+    InternalName: kEvP64.sys
+    MD5: 20125794b807116617d43f02b616e092
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: kEvP64.sys
+    Product: PowerTool
+    ProductVersion: 1.0.1.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: ee24a08c66067b7389e848a1516b7f6b
+        SHA1: 7ce681e20a56a600cddb99f37cbac905c154b675
+        SHA256: 413bc2d3e455ffd744f2e89687f72effab31c743e326bcb766b79ede0f6b265b
+    SHA1: f3db629cfe37a73144d5258e64d9dd8b38084cf4
+    SHA256: 1aaa9aef39cb3c0a854ecb4ca7d3b213458f302025e0ec5bfbdef973cca9111c
+    Sections:
+        .text:
+            Entropy: 5.60537050107418
+            Virtual Size: '0x1becd'
+        .rdata:
+            Entropy: 5.076243162419521
+            Virtual Size: '0x3ab8'
+        .data:
+            Entropy: 4.884576013154239
+            Virtual Size: '0x6c80'
+        .pdata:
+            Entropy: 5.037067727325732
+            Virtual Size: '0xa8c'
+        PAGE:
+            Entropy: 5.570527027186361
+            Virtual Size: '0xd0d'
+        INIT:
+            Entropy: 5.541302560807435
+            Virtual Size: '0xfd4'
+        .rsrc:
+            Entropy: 3.234842024525819
+            Virtual Size: '0x318'
+        .reloc:
+            Entropy: 1.3741854163060885
+            Virtual Size: '0x18'
+    Signature:
+    - "\u5317\u4EAC\u534E\u6797\u4FDD\u8F6F\u4EF6\u6280\u672F\u6709\u9650\u516C\u53F8"
+    - VeriSign Class 3 Code Signing 2010 CA
+    - VeriSign
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=CN, ST=Beijing, L=Beijing, O=, OU=RD, CN=
+            ValidFrom: '2015-07-27 00:00:00'
+            ValidTo: '2016-08-25 23:59:59'
+            Signature: cb382c80e762f190213e6d4d24123b8e2851f2775f1df964e29655c927f1395c81bd01aa4106ceba3895b1db2744a41d4b0bc9b4305f7f5826764c038808d14dd7d3429ffbf6cbac8462d86c176c36ca145a8b9298eed05a55f84731eff3f5e98f6d4d0d7bda39e2a1e8854362dff3bd1b9be33f4f34f97e1e74354f5afd2689260230c61481f8cc6bbba9659f47dd114e9991e9c0d9cb91453001dd604edd328454ecb389c37ebbfb4ed2477a9abbca65723363ffd0814ddff8248ff33129df16bcd5a47c4140d1ff4d245c2b3f2cbf39ca68fcba6377cfb455d3a564ebe8af38855b4482176763e1d9a63777a1112972edf7f0b7ebaecde68653b23acd229d
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 195c5f9885214bfb4f88dd2ad1f0be8c
+            Version: 3
+            TBS:
+                MD5: 29354273ffa68d860d2e9deb5fe3d602
+                SHA1: fa3d720490408dcaad3762167515dd5023710e1a
+                SHA256: f2be523e7f4c60d579119a390a4bfc10c4400b4e5104bc1187dd67cdde7491e0
+                SHA384: c5706cd33379ce04bf38d2ad2016b09a5a53da722a8998b6387c8bd5fcda06bad32415c7b1ab1a09a1f1b76a85fbb03b
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 195c5f9885214bfb4f88dd2ad1f0be8c
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: a1603fe7f02448c6b33687ddb9304c7f
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: f9ec21687228b70cfe92917d228b5c89
+        SHA1: 693b84a12ac160d492f50b7dc261aa081224313d
+        SHA256: 15d44fa77f8d922b5cf03425116c394eefc20ae9a082d3d7f10e68b832be36e7
+    Company: PowerTool
+    Copyright: PowerTool
+    CreationTimestamp: '2015-12-06 22:16:36'
+    Date: ''
+    Description: PowerTool
+    ExportedFunctions: ''
+    FileVersion: '1.0.1.0 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - IoThreadToProcess
+    - ExAllocatePoolWithTag
+    - ProbeForRead
+    - KeClearEvent
+    - PsProcessType
+    - IoReuseIrp
+    - ObRegisterCallbacks
+    - IoBuildDeviceIoControlRequest
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - RtlAnsiStringToUnicodeString
+    - ObUnRegisterCallbacks
+    - PsGetProcessImageFileName
+    - PsRemoveCreateThreadNotifyRoutine
+    - PsLookupProcessByProcessId
+    - ZwQuerySymbolicLinkObject
+    - _wcsnicmp
+    - SeCreateAccessState
+    - KeInitializeApc
+    - IoGetRelatedDeviceObject
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeSetEvent
+    - ExGetPreviousMode
+    - ProbeForWrite
+    - IoGetFileObjectGenericMapping
+    - swprintf
+    - ObCreateObject
+    - ObGetFilterVersion
+    - MmGetSystemRoutineAddress
+    - IoCreateFile
+    - KeInitializeEvent
+    - RtlInitAnsiString
+    - RtlUnicodeStringToAnsiString
+    - RtlGetVersion
+    - ZwQuerySystemInformation
+    - ExReleaseRundownProtection
+    - PsSetCreateProcessNotifyRoutine
+    - RtlEqualUnicodeString
+    - MmBuildMdlForNonPagedPool
+    - ZwOpenSymbolicLinkObject
+    - IoFreeMdl
+    - KeUnstackDetachProcess
+    - ExInitializeRundownProtection
+    - ZwOpenDirectoryObject
+    - IoVolumeDeviceToDosName
+    - KeDelayExecutionThread
+    - RtlFreeUnicodeString
+    - ExAcquireRundownProtection
+    - ObQueryNameString
+    - IoFileObjectType
+    - IoDriverObjectType
+    - ZwCreateFile
+    - wcsstr
+    - MmMapLockedPagesSpecifyCache
+    - IoGetDeviceObjectPointer
+    - IoStopTimer
+    - ExAllocatePool
+    - IoUnregisterShutdownNotification
+    - IoGetCurrentProcess
+    - NtClose
+    - ZwClose
+    - IofCompleteRequest
+    - ObReferenceObjectByHandle
+    - KeWaitForSingleObject
+    - ZwQueryDirectoryObject
+    - PsRemoveLoadImageNotifyRoutine
+    - IoFreeIrp
+    - MmProbeAndLockPages
+    - PsThreadType
+    - RtlCompareUnicodeString
+    - IoAllocateIrp
+    - ObSetHandleAttributes
+    - MmUnlockPages
+    - ZwQueryInformationProcess
+    - IoCreateSymbolicLink
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - ObReferenceObjectByName
+    - IoCreateDevice
+    - RtlAssert
+    - KeCancelTimer
+    - CmUnRegisterCallback
+    - ObOpenObjectByPointer
+    - DbgPrint
+    - KeStackAttachProcess
+    - PsGetProcessWow64Process
+    - IoAllocateMdl
+    - IofCallDriver
+    - KeBugCheckEx
+    - sprintf
+    - PsGetProcessPeb
+    - ExWaitForRundownProtectionRelease
+    - _wcsicmp
+    - _stricmp
+    - ExEnumHandleTable
+    - __C_specific_handler
+    - KeStallExecutionProcessor
+    - FltUnregisterFilter
+    - FltEnumerateFilters
+    - FltObjectDereference
+    - FltRegisterFilter
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    - FLTMGR.SYS
+    InternalName: kEvP64.sys
+    MD5: 81b72492d45982cd7a4a138676329fd6
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: kEvP64.sys
+    PDBPath: ''
+    Product: PowerTool
+    ProductVersion: 1.0.1.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: 51445ed2912d766161533161cca45d1b
+        SHA1: eef41f3b8d8bd395a56293c837b2c19b7b97f201
+        SHA256: 38391ca80386fbe97bc4eef7f1a6e6889a6e6100e069f584b3689ce6ef69b8c0
+    SHA1: 569f4605c65c2a217b28aefeb8570f9ea663e4b7
+    SHA256: d9500af86bf129d06b47bcfbc4b23fcc724cfbd2af58b03cdb13b26f8f50d65e
+    Sections:
+        .text:
+            Entropy: 5.613096284701755
+            Virtual Size: '0x1b55d'
+        .rdata:
+            Entropy: 5.070306572234041
+            Virtual Size: '0x3a10'
+        .data:
+            Entropy: 4.884576013154239
+            Virtual Size: '0x6c80'
+        .pdata:
+            Entropy: 4.993139690112651
+            Virtual Size: '0x9d8'
+        PAGE:
+            Entropy: 5.594754873530551
+            Virtual Size: '0xccd'
+        INIT:
+            Entropy: 5.5569601558145045
+            Virtual Size: '0xf44'
+        .rsrc:
+            Entropy: 3.234842024525819
+            Virtual Size: '0x318'
+        .reloc:
+            Entropy: 1.3741854163060885
+            Virtual Size: '0x18'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=CN, ST=Beijing, L=Beijing, O=, OU=RD, CN=
+            ValidFrom: '2015-07-27 00:00:00'
+            ValidTo: '2016-08-25 23:59:59'
+            Signature: cb382c80e762f190213e6d4d24123b8e2851f2775f1df964e29655c927f1395c81bd01aa4106ceba3895b1db2744a41d4b0bc9b4305f7f5826764c038808d14dd7d3429ffbf6cbac8462d86c176c36ca145a8b9298eed05a55f84731eff3f5e98f6d4d0d7bda39e2a1e8854362dff3bd1b9be33f4f34f97e1e74354f5afd2689260230c61481f8cc6bbba9659f47dd114e9991e9c0d9cb91453001dd604edd328454ecb389c37ebbfb4ed2477a9abbca65723363ffd0814ddff8248ff33129df16bcd5a47c4140d1ff4d245c2b3f2cbf39ca68fcba6377cfb455d3a564ebe8af38855b4482176763e1d9a63777a1112972edf7f0b7ebaecde68653b23acd229d
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 195c5f9885214bfb4f88dd2ad1f0be8c
+            Version: 3
+            TBS:
+                MD5: 29354273ffa68d860d2e9deb5fe3d602
+                SHA1: fa3d720490408dcaad3762167515dd5023710e1a
+                SHA256: f2be523e7f4c60d579119a390a4bfc10c4400b4e5104bc1187dd67cdde7491e0
+                SHA384: c5706cd33379ce04bf38d2ad2016b09a5a53da722a8998b6387c8bd5fcda06bad32415c7b1ab1a09a1f1b76a85fbb03b
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 195c5f9885214bfb4f88dd2ad1f0be8c
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: 4fb27d2712ef4afdb67e0921d64a5f1e
+    LoadsDespiteHVCI: 'FALSE'
+-   Authentihash:
+        MD5: 6450bc1b911cd59bdc4a3c8643b98d39
+        SHA1: 84b16f661e1899c09a2e3f3fe98b55c5f41e53bd
+        SHA256: 36238dc2e5236fca63e81a81855e46218f5bc52591bb4f74996a2aaeadc581a1
+    Company: PowerTool
+    Copyright: PowerTool
+    CreationTimestamp: '2015-12-08 19:11:57'
+    Date: ''
+    Description: PowerTool
+    ExportedFunctions: ''
+    FileVersion: '1.0.1.0 built by: WinDDK'
+    Filename: ''
+    ImportedFunctions:
+    - IoThreadToProcess
+    - ExAllocatePoolWithTag
+    - ProbeForRead
+    - KeClearEvent
+    - PsProcessType
+    - IoReuseIrp
+    - ObRegisterCallbacks
+    - IoBuildDeviceIoControlRequest
+    - IoDeleteSymbolicLink
+    - ExFreePoolWithTag
+    - RtlAnsiStringToUnicodeString
+    - ObUnRegisterCallbacks
+    - PsGetProcessImageFileName
+    - PsRemoveCreateThreadNotifyRoutine
+    - PsLookupProcessByProcessId
+    - ZwQuerySymbolicLinkObject
+    - _wcsnicmp
+    - SeCreateAccessState
+    - KeInitializeApc
+    - IoGetRelatedDeviceObject
+    - RtlInitUnicodeString
+    - IoDeleteDevice
+    - KeSetEvent
+    - ExGetPreviousMode
+    - ProbeForWrite
+    - IoGetFileObjectGenericMapping
+    - swprintf
+    - ObCreateObject
+    - ObGetFilterVersion
+    - MmGetSystemRoutineAddress
+    - IoCreateFile
+    - KeInitializeEvent
+    - RtlInitAnsiString
+    - RtlUnicodeStringToAnsiString
+    - RtlGetVersion
+    - ZwQuerySystemInformation
+    - ExReleaseRundownProtection
+    - PsSetCreateProcessNotifyRoutine
+    - RtlEqualUnicodeString
+    - MmBuildMdlForNonPagedPool
+    - ZwOpenSymbolicLinkObject
+    - IoFreeMdl
+    - KeUnstackDetachProcess
+    - ExInitializeRundownProtection
+    - ZwOpenDirectoryObject
+    - IoVolumeDeviceToDosName
+    - KeDelayExecutionThread
+    - RtlFreeUnicodeString
+    - ExEnumHandleTable
+    - ExAcquireRundownProtection
+    - IoFileObjectType
+    - IoDriverObjectType
+    - ZwCreateFile
+    - wcsstr
+    - MmMapLockedPagesSpecifyCache
+    - IoGetDeviceObjectPointer
+    - IoStopTimer
+    - ExAllocatePool
+    - IoUnregisterShutdownNotification
+    - IoGetCurrentProcess
+    - NtClose
+    - ZwClose
+    - IofCompleteRequest
+    - ObReferenceObjectByHandle
+    - KeWaitForSingleObject
+    - ZwQueryDirectoryObject
+    - PsRemoveLoadImageNotifyRoutine
+    - IoFreeIrp
+    - MmProbeAndLockPages
+    - PsThreadType
+    - RtlCompareUnicodeString
+    - IoAllocateIrp
+    - ObSetHandleAttributes
+    - MmUnlockPages
+    - ZwQueryInformationProcess
+    - IoCreateSymbolicLink
+    - MmIsAddressValid
+    - ObfDereferenceObject
+    - ObReferenceObjectByName
+    - IoCreateDevice
+    - ZwTerminateProcess
+    - RtlAssert
+    - KeCancelTimer
+    - CmUnRegisterCallback
+    - ObOpenObjectByPointer
+    - DbgPrint
+    - KeStackAttachProcess
+    - PsGetProcessWow64Process
+    - IoAllocateMdl
+    - IofCallDriver
+    - KeBugCheckEx
+    - sprintf
+    - PsGetProcessPeb
+    - ExWaitForRundownProtectionRelease
+    - _wcsicmp
+    - _stricmp
+    - ObQueryNameString
+    - __C_specific_handler
+    - KeStallExecutionProcessor
+    - FltUnregisterFilter
+    - FltEnumerateFilters
+    - FltObjectDereference
+    - FltRegisterFilter
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    - FLTMGR.SYS
+    InternalName: kEvP64.sys
+    MD5: 2a5ccd95292f03f0dd4899d18b55b428
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: kEvP64.sys
+    PDBPath: ''
+    Product: PowerTool
+    ProductVersion: 1.0.1.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: fcdc85906fc0d379ce5bd1f99cd4ec0e
+        SHA1: 862a2c25721e0e4bd332fd64324d347d1bcdc617
+        SHA256: 3b55a7c6f619060d5a89038de0943b3fe83d4653e92b8062581f97ba14bf51ea
+    SHA1: 4927d843577bada119a17b249ff4e7f5e9983a92
+    SHA256: 7c0f77d103015fc29379ba75d133dc3450d557b0ba1f7495c6b43447abdae230
+    Sections:
+        .text:
+            Entropy: 5.6112015272148374
+            Virtual Size: '0x1b49d'
+        .rdata:
+            Entropy: 5.075219300211116
+            Virtual Size: '0x3a28'
+        .data:
+            Entropy: 4.884576013154239
+            Virtual Size: '0x6c80'
+        .pdata:
+            Entropy: 4.9553740981969785
+            Virtual Size: '0x9e4'
+        PAGE:
+            Entropy: 5.596201545135429
+            Virtual Size: '0xd9d'
+        INIT:
+            Entropy: 5.553006501210225
+            Virtual Size: '0xf62'
+        .rsrc:
+            Entropy: 3.234842024525819
+            Virtual Size: '0x318'
+        .reloc:
+            Entropy: 1.3741854163060885
+            Virtual Size: '0x18'
+    Signature: ''
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                CA , G2
+            ValidFrom: '2012-12-21 00:00:00'
+            ValidTo: '2020-12-30 23:59:59'
+            Signature: 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 7e93ebfb7cc64e59ea4b9a77d406fc3b
+            Version: 3
+            TBS:
+                MD5: d0785ad36e427c92b19f6826ab1e8020
+                SHA1: 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
+                SHA256: c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
+                SHA384: eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b
+        -   Subject: C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services
+                Signer , G4
+            ValidFrom: '2012-10-18 00:00:00'
+            ValidTo: '2020-12-29 23:59:59'
+            Signature: 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0ecff438c8febf356e04d86a981b1a50
+            Version: 3
+            TBS:
+                MD5: e9d38360b914c8863f6cba3ee58764d3
+                SHA1: 4cba8eae47b6bf76f20b3504b98b8f062694a89b
+                SHA256: 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
+                SHA384: e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652
+        -   Subject: C=CN, ST=Beijing, L=Beijing, O=, OU=RD, CN=
+            ValidFrom: '2015-07-27 00:00:00'
+            ValidTo: '2016-08-25 23:59:59'
+            Signature: cb382c80e762f190213e6d4d24123b8e2851f2775f1df964e29655c927f1395c81bd01aa4106ceba3895b1db2744a41d4b0bc9b4305f7f5826764c038808d14dd7d3429ffbf6cbac8462d86c176c36ca145a8b9298eed05a55f84731eff3f5e98f6d4d0d7bda39e2a1e8854362dff3bd1b9be33f4f34f97e1e74354f5afd2689260230c61481f8cc6bbba9659f47dd114e9991e9c0d9cb91453001dd604edd328454ecb389c37ebbfb4ed2477a9abbca65723363ffd0814ddff8248ff33129df16bcd5a47c4140d1ff4d245c2b3f2cbf39ca68fcba6377cfb455d3a564ebe8af38855b4482176763e1d9a63777a1112972edf7f0b7ebaecde68653b23acd229d
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 195c5f9885214bfb4f88dd2ad1f0be8c
+            Version: 3
+            TBS:
+                MD5: 29354273ffa68d860d2e9deb5fe3d602
+                SHA1: fa3d720490408dcaad3762167515dd5023710e1a
+                SHA256: f2be523e7f4c60d579119a390a4bfc10c4400b4e5104bc1187dd67cdde7491e0
+                SHA384: c5706cd33379ce04bf38d2ad2016b09a5a53da722a8998b6387c8bd5fcda06bad32415c7b1ab1a09a1f1b76a85fbb03b
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006
+                VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public
+                Primary Certification Authority , G5
+            ValidFrom: '2011-02-22 19:25:17'
+            ValidTo: '2021-02-22 19:35:17'
+            Signature: 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611993e400000000001c
+            Version: 3
+            TBS:
+                MD5: 78a717e082dcc1cda3458d917e677d14
+                SHA1: 4a872e0e51f9b304469cd1dedb496ee9b8b983a4
+                SHA256: 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
+                SHA384: b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c
+        -   Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            ValidFrom: '2010-02-08 00:00:00'
+            ValidTo: '2020-02-07 23:59:59'
+            Signature: 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 5200e5aa2556fc1a86ed96c9d44b33c7
+            Version: 3
+            TBS:
+                MD5: b30c31a572b0409383ed3fbe17e56e81
+                SHA1: 4843a82ed3b1f2bfbee9671960e1940c942f688d
+                SHA256: 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
+                SHA384: bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da
+        Signer:
+        -   SerialNumber: 195c5f9885214bfb4f88dd2ad1f0be8c
+            Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
+                use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code
+                Signing 2010 CA
+            Version: 1
+    Imphash: f5030145594c486434040aa2636a5dde
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/ff74f03e-e4ce-4242-bfe3-60601056bb34.yaml b/yaml/ff74f03e-e4ce-4242-bfe3-60601056bb34.yaml
index 0113a6e5f..9d5356ba5 100644
--- a/yaml/ff74f03e-e4ce-4242-bfe3-60601056bb34.yaml
+++ b/yaml/ff74f03e-e4ce-4242-bfe3-60601056bb34.yaml
@@ -1,167 +1,167 @@
-Acknowledgement:
-  Handle: ''
-  Person: ''
+Id: ff74f03e-e4ce-4242-bfe3-60601056bb34
+Tags:
+- CorsairLLAccess64.sys
+Verified: 'TRUE'
 Author: Michael Haag
-Category: vulnerable driver
-Commands:
-  Command: sc.exe create CorsairLLAccess64.sys binPath=C:\windows\temp\CorsairLLAccess64.sys     type=kernel
-    && sc.exe start CorsairLLAccess64.sys
-  Description: ''
-  OperatingSystem: Windows 10
-  Privileges: kernel
-  Usecase: Elevate privileges
 Created: '2023-01-09'
-Detection:
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/000547560fea0dd4b477eb28bf781ea67bf83c748945ce8923f90fdd14eb7a4b.yara
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-- type: yara_signature
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
-- type: sigma_hash
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
-- type: sigma_names
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
-- type: sysmon_hash_detect
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
-- type: sysmon_hash_block
-  value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
-Id: ff74f03e-e4ce-4242-bfe3-60601056bb34
-KnownVulnerableSamples:
-- Authentihash:
-    MD5: daa859bc87e256d7cbf1d86285d96f9b
-    SHA1: d29d73b2add87a7daf3c626d593599ef6b9560ca
-    SHA256: e4ac5c7fbb41ee988029b27d8b6be574725689fd1365f5a56f5a12d9120f86c6
-  Company: Corsair Memory, Inc.
-  Copyright: Corsair Memory, Inc. (c) 2019, All rights reserved
-  CreationTimestamp: '2019-10-28 17:19:22'
-  Date: ''
-  Description: Corsair LL Access
-  ExportedFunctions: ''
-  FileVersion: 1.0.18.0
-  Filename: CorsairLLAccess64.sys
-  ImportedFunctions:
-  - RtlInitUnicodeString
-  - RtlGetVersion
-  - KeInitializeMutex
-  - KeReleaseMutex
-  - KeWaitForSingleObject
-  - ExQueryDepthSList
-  - ExpInterlockedPopEntrySList
-  - ExpInterlockedPushEntrySList
-  - ExInitializeNPagedLookasideList
-  - ExDeleteNPagedLookasideList
-  - MmBuildMdlForNonPagedPool
-  - MmMapLockedPagesSpecifyCache
-  - wcsncmp
-  - MmMapIoSpace
-  - MmUnmapIoSpace
-  - IoAllocateMdl
-  - IofCompleteRequest
-  - IoCreateDevice
-  - IoCreateSymbolicLink
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - IoFreeMdl
-  - IoGetRequestorProcessId
-  - __C_specific_handler
-  - KeBugCheckEx
-  - wcsncat_s
-  - MmUnmapLockedPages
-  - wcscpy_s
-  - HalSetBusDataByOffset
-  - HalGetBusDataByOffset
-  Imports:
-  - ntoskrnl.exe
-  - HAL.dll
-  InternalName: Corsair LL Access
-  MD5: 803a371a78d528a44ef8777f67443b16
-  MachineType: AMD64
-  MagicHeader: 50 45 0 0
-  OriginalFilename: Corsair LL Access
-  Product: Corsair LL Access
-  ProductVersion: 1.0.18.0
-  Publisher: ''
-  RichPEHeaderHash:
-    MD5: db4a4d1f55d69acf244fb7278f381f4d
-    SHA1: a5ee4f58eb5c1091d35c894571d1c1d3ec096027
-    SHA256: c7b0e867e0605a50d4db86a2de3b5af8451f84f8c3708e18267cb16fec877e18
-  SHA1: 5fb9421be8a8b08ec395d05e00fd45eb753b593a
-  SHA256: 000547560fea0dd4b477eb28bf781ea67bf83c748945ce8923f90fdd14eb7a4b
-  Sections:
-    .text:
-      Entropy: 6.167927885696172
-      Virtual Size: '0xf8a'
-    .rdata:
-      Entropy: 3.8995505502370675
-      Virtual Size: '0x5ec'
-    .data:
-      Entropy: 0.28109187076190567
-      Virtual Size: '0x380'
-    .pdata:
-      Entropy: 3.6266995207164214
-      Virtual Size: '0xfc'
-    INIT:
-      Entropy: 5.2475324615066405
-      Virtual Size: '0x46c'
-    .rsrc:
-      Entropy: 3.494224562959288
-      Virtual Size: '0x428'
-    .reloc:
-      Entropy: 2.5414460711655216
-      Virtual Size: '0x14'
-  Signature:
-  - Microsoft Windows Hardware Compatibility Publisher
-  - Microsoft Windows Third Party Component CA 2014
-  - Microsoft Root Certificate Authority 2010
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Hardware Compatibility Publisher
-      ValidFrom: '2019-06-05 18:34:00'
-      ValidTo: '2020-06-03 18:34:00'
-      Signature: 312314217055afc1a5751181c7d2d7619b23ba17166e6ae6f358b16921c925c6e3b75c31b93035f357c154fe4d347019e927db1957193b741e3371b46f4d6212b3bec972d6ff2297e8b1f2391f840045471ee31c524d4f5bf1cae4a32b73f6e48f51f777bb5b8a726db2a387c7c8df42289540f4f3d27b37d4ab4854efba809021879f3257d5670d70003a51d62bbc68e345a769f37ccb3ad336b7b3c494f5d56ef8300228d29835e5129b070742a220f83b6c9d5e2589cf2e7a1f7b59cfc81cda3232fc2fa448d736db546dc4b274cad3da83433deaa3eb9919b23ad08dc4055a8026711adcfccdb47d7a7c1adb2671ecc7198a786973807699a0ee236a46771f88913b769693b0b8ce9b002a40c2aa426edfd9a98368f89817b0d174458a390e11628e21f77e751431fae13831228e0e357610a24d89806d85390e9b3831792f62688bf04f91ee9a854b252452de7e752f39e57765a09a4ff41ae96144593a8a99688c6c9ad6b9fcaba1189ef2372b99e96db3fe6402b0e125b17f36c6f70fc1eb83257ce639b6c691a9ec031dddb9fa6536bb8e6080c9db976533f4ddfb73309b6498543cc94d3283d43668d614dd60a4fe707eb3b871da3204c534c8cc73cbc66aeb36cefd765439eef68d7ee9c515eb617f051a72097d0a25003df2dceccc9a0c4be1fd27e473955cc83ee9dba626748b1cb723c3b1c8b8ebc59321a0f5
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: false
-      SerialNumber: 33000000319479a318f5522d06000000000031
-      Version: 3
-      TBS:
-        MD5: 5b81fd0f706522a8d7c9f2957283c0b4
-        SHA1: 84d894599653a8ed0e0b2802db3197dc177908cc
-        SHA256: 4fa629304df4287c97ae5b7e481974316e9daf776b0cdeffab1671e7dca68fb4
-        SHA384: 0b89dc122fc7ebf80881a5047ffbbcb0bec30636516aff4f43307e2a925a476cabfc26e2cc392ad748d655f6ec4c8b75
-    - Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2014
-      ValidFrom: '2014-10-15 20:31:27'
-      ValidTo: '2029-10-15 20:41:27'
-      Signature: 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.11
-      IsCertificateAuthority: true
-      SerialNumber: 330000000d690d5d7893d076df00000000000d
-      Version: 3
-      TBS:
-        MD5: 83f69422963f11c3c340b81712eef319
-        SHA1: 0c5e5f24590b53bc291e28583acb78e5adc95601
-        SHA256: d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
-        SHA384: 260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63
-    Signer:
-    - SerialNumber: 33000000319479a318f5522d06000000000031
-      Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
-        Windows Third Party Component CA 2014
-      Version: 1
-  Imphash: f2c2ee1ff03c54f384f4eee8c2533107
-  LoadsDespiteHVCI: 'FALSE'
 MitreID: T1068
+Category: vulnerable driver
+Commands:
+    Command: sc.exe create CorsairLLAccess64.sys binPath=C:\windows\temp\CorsairLLAccess64.sys     type=kernel
+        && sc.exe start CorsairLLAccess64.sys
+    Description: ''
+    OperatingSystem: Windows 10
+    Privileges: kernel
+    Usecase: Elevate privileges
 Resources:
 - https://github.com/elastic/protections-artifacts/search?q=VulnDriver
-Tags:
-- CorsairLLAccess64.sys
-Verified: 'TRUE'
+Detection:
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/000547560fea0dd4b477eb28bf781ea67bf83c748945ce8923f90fdd14eb7a4b.yara
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+-   type: yara_signature
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/yara/yara-rules_vuln_drivers_strict_renamed.yar
+-   type: sigma_hash
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers.yml
+-   type: sigma_names
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_vuln_drivers_names.yml
+-   type: sysmon_hash_detect
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes.xml
+-   type: sysmon_hash_block
+    value: https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sysmon/sysmon_config_vulnerable_hashes_block.xml
+Acknowledgement:
+    Handle: ''
+    Person: ''
+KnownVulnerableSamples:
+-   Authentihash:
+        MD5: daa859bc87e256d7cbf1d86285d96f9b
+        SHA1: d29d73b2add87a7daf3c626d593599ef6b9560ca
+        SHA256: e4ac5c7fbb41ee988029b27d8b6be574725689fd1365f5a56f5a12d9120f86c6
+    Company: Corsair Memory, Inc.
+    Copyright: Corsair Memory, Inc. (c) 2019, All rights reserved
+    CreationTimestamp: '2019-10-28 17:19:22'
+    Date: ''
+    Description: Corsair LL Access
+    ExportedFunctions: ''
+    FileVersion: 1.0.18.0
+    Filename: CorsairLLAccess64.sys
+    ImportedFunctions:
+    - RtlInitUnicodeString
+    - RtlGetVersion
+    - KeInitializeMutex
+    - KeReleaseMutex
+    - KeWaitForSingleObject
+    - ExQueryDepthSList
+    - ExpInterlockedPopEntrySList
+    - ExpInterlockedPushEntrySList
+    - ExInitializeNPagedLookasideList
+    - ExDeleteNPagedLookasideList
+    - MmBuildMdlForNonPagedPool
+    - MmMapLockedPagesSpecifyCache
+    - wcsncmp
+    - MmMapIoSpace
+    - MmUnmapIoSpace
+    - IoAllocateMdl
+    - IofCompleteRequest
+    - IoCreateDevice
+    - IoCreateSymbolicLink
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - IoFreeMdl
+    - IoGetRequestorProcessId
+    - __C_specific_handler
+    - KeBugCheckEx
+    - wcsncat_s
+    - MmUnmapLockedPages
+    - wcscpy_s
+    - HalSetBusDataByOffset
+    - HalGetBusDataByOffset
+    Imports:
+    - ntoskrnl.exe
+    - HAL.dll
+    InternalName: Corsair LL Access
+    MD5: 803a371a78d528a44ef8777f67443b16
+    MachineType: AMD64
+    MagicHeader: 50 45 0 0
+    OriginalFilename: Corsair LL Access
+    Product: Corsair LL Access
+    ProductVersion: 1.0.18.0
+    Publisher: ''
+    RichPEHeaderHash:
+        MD5: db4a4d1f55d69acf244fb7278f381f4d
+        SHA1: a5ee4f58eb5c1091d35c894571d1c1d3ec096027
+        SHA256: c7b0e867e0605a50d4db86a2de3b5af8451f84f8c3708e18267cb16fec877e18
+    SHA1: 5fb9421be8a8b08ec395d05e00fd45eb753b593a
+    SHA256: 000547560fea0dd4b477eb28bf781ea67bf83c748945ce8923f90fdd14eb7a4b
+    Sections:
+        .text:
+            Entropy: 6.167927885696172
+            Virtual Size: '0xf8a'
+        .rdata:
+            Entropy: 3.8995505502370675
+            Virtual Size: '0x5ec'
+        .data:
+            Entropy: 0.28109187076190567
+            Virtual Size: '0x380'
+        .pdata:
+            Entropy: 3.6266995207164214
+            Virtual Size: '0xfc'
+        INIT:
+            Entropy: 5.2475324615066405
+            Virtual Size: '0x46c'
+        .rsrc:
+            Entropy: 3.494224562959288
+            Virtual Size: '0x428'
+        .reloc:
+            Entropy: 2.5414460711655216
+            Virtual Size: '0x14'
+    Signature:
+    - Microsoft Windows Hardware Compatibility Publisher
+    - Microsoft Windows Third Party Component CA 2014
+    - Microsoft Root Certificate Authority 2010
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Hardware Compatibility Publisher
+            ValidFrom: '2019-06-05 18:34:00'
+            ValidTo: '2020-06-03 18:34:00'
+            Signature: 312314217055afc1a5751181c7d2d7619b23ba17166e6ae6f358b16921c925c6e3b75c31b93035f357c154fe4d347019e927db1957193b741e3371b46f4d6212b3bec972d6ff2297e8b1f2391f840045471ee31c524d4f5bf1cae4a32b73f6e48f51f777bb5b8a726db2a387c7c8df42289540f4f3d27b37d4ab4854efba809021879f3257d5670d70003a51d62bbc68e345a769f37ccb3ad336b7b3c494f5d56ef8300228d29835e5129b070742a220f83b6c9d5e2589cf2e7a1f7b59cfc81cda3232fc2fa448d736db546dc4b274cad3da83433deaa3eb9919b23ad08dc4055a8026711adcfccdb47d7a7c1adb2671ecc7198a786973807699a0ee236a46771f88913b769693b0b8ce9b002a40c2aa426edfd9a98368f89817b0d174458a390e11628e21f77e751431fae13831228e0e357610a24d89806d85390e9b3831792f62688bf04f91ee9a854b252452de7e752f39e57765a09a4ff41ae96144593a8a99688c6c9ad6b9fcaba1189ef2372b99e96db3fe6402b0e125b17f36c6f70fc1eb83257ce639b6c691a9ec031dddb9fa6536bb8e6080c9db976533f4ddfb73309b6498543cc94d3283d43668d614dd60a4fe707eb3b871da3204c534c8cc73cbc66aeb36cefd765439eef68d7ee9c515eb617f051a72097d0a25003df2dceccc9a0c4be1fd27e473955cc83ee9dba626748b1cb723c3b1c8b8ebc59321a0f5
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: false
+            SerialNumber: 33000000319479a318f5522d06000000000031
+            Version: 3
+            TBS:
+                MD5: 5b81fd0f706522a8d7c9f2957283c0b4
+                SHA1: 84d894599653a8ed0e0b2802db3197dc177908cc
+                SHA256: 4fa629304df4287c97ae5b7e481974316e9daf776b0cdeffab1671e7dca68fb4
+                SHA384: 0b89dc122fc7ebf80881a5047ffbbcb0bec30636516aff4f43307e2a925a476cabfc26e2cc392ad748d655f6ec4c8b75
+        -   Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2014
+            ValidFrom: '2014-10-15 20:31:27'
+            ValidTo: '2029-10-15 20:41:27'
+            Signature: 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.11
+            IsCertificateAuthority: true
+            SerialNumber: 330000000d690d5d7893d076df00000000000d
+            Version: 3
+            TBS:
+                MD5: 83f69422963f11c3c340b81712eef319
+                SHA1: 0c5e5f24590b53bc291e28583acb78e5adc95601
+                SHA256: d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
+                SHA384: 260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63
+        Signer:
+        -   SerialNumber: 33000000319479a318f5522d06000000000031
+            Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft
+                Windows Third Party Component CA 2014
+            Version: 1
+    Imphash: f2c2ee1ff03c54f384f4eee8c2533107
+    LoadsDespiteHVCI: 'FALSE'
diff --git a/yaml/ff77b58d-e143-4f61-92de-c0d9bc0af7d5.yaml b/yaml/ff77b58d-e143-4f61-92de-c0d9bc0af7d5.yaml
index 47cb10737..9b57391d9 100644
--- a/yaml/ff77b58d-e143-4f61-92de-c0d9bc0af7d5.yaml
+++ b/yaml/ff77b58d-e143-4f61-92de-c0d9bc0af7d5.yaml
@@ -1,357 +1,357 @@
 Id: ff77b58d-e143-4f61-92de-c0d9bc0af7d5
+Tags:
+- ACE-BASE.sys
+Verified: 'FALSE'
 Author: Defence Tech security
 Created: '2024-02-22'
 MitreID: T1068
 CVE:
 - CVE-2024-22830
 Category: vulnerable driver
-Verified: 'FALSE'
 Commands:
-  Command: ''
-  Description: Allows privilege escalation from regular user to System or PPL
-  Usecase: Elevate privileges
-  Privileges: kernel
-  OperatingSystem: Windows 10
+    Command: ''
+    Description: Allows privilege escalation from regular user to System or PPL
+    Usecase: Elevate privileges
+    Privileges: kernel
+    OperatingSystem: Windows 10
 Resources:
 - ''
-Acknowledgement:
-  Person: ''
-  Handle: ''
 Detection: []
+Acknowledgement:
+    Person: ''
+    Handle: ''
 KnownVulnerableSamples:
-- Filename: ACE-BASE.sys
-  Libraries:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  - HAL.dll
-  ImportedFunctions:
-  - PsGetCurrentThreadId
-  - PsGetProcessCreateTimeQuadPart
-  - PsGetProcessId
-  - ObOpenObjectByPointer
-  - PsGetProcessSessionId
-  - PsGetProcessInheritedFromUniqueProcessId
-  - ZwFreeVirtualMemory
-  - PsReferenceProcessFilePointer
-  - RtlInitUnicodeString
-  - ZwCreateFile
-  - ZwDeviceIoControlFile
-  - RtlNtStatusToDosError
-  - ZwFsControlFile
-  - ZwWaitForSingleObject
-  - MmGetVirtualForPhysical
-  - PsGetThreadId
-  - IoFileObjectType
-  - ExSemaphoreObjectType
-  - PsProcessType
-  - PsThreadType
-  - PsJobType
-  - SeTokenObjectType
-  - IofCompleteRequest
-  - IoDeleteDevice
-  - IoDeleteSymbolicLink
-  - RtlUnicodeStringToAnsiString
-  - RtlFreeAnsiString
-  - KeInitializeEvent
-  - KeInitializeTimerEx
-  - KeCancelTimer
-  - KeSetTimerEx
-  - KeWaitForMultipleObjects
-  - PsCreateSystemThread
-  - ObReferenceObjectByHandle
-  - ZwClose
-  - KeClearEvent
-  - IoCreateDevice
-  - IoCreateNotificationEvent
-  - IoCreateSymbolicLink
-  - IoRegisterShutdownNotification
-  - IoUnregisterShutdownNotification
-  - KeEnterCriticalRegion
-  - KeLeaveCriticalRegion
-  - ExInitializeResourceLite
-  - ExAcquireResourceSharedLite
-  - ExAcquireResourceExclusiveLite
-  - ExReleaseResourceLite
-  - ExDeleteResourceLite
-  - RtlInitializeGenericTableAvl
-  - RtlInsertElementGenericTableAvl
-  - RtlDeleteElementGenericTableAvl
-  - RtlLookupElementGenericTableAvl
-  - RtlIsGenericTableEmptyAvl
-  - RtlUpcaseUnicodeString
-  - RtlTimeToTimeFields
-  - ExSystemTimeToLocalTime
-  - RtlEqualUnicodeString
-  - KeAcquireSpinLockRaiseToDpc
-  - KeReleaseSpinLock
-  - RtlWalkFrameChain
-  - KeInitializeDpc
-  - KeSetTargetProcessorDpc
-  - ProbeForRead
-  - KeDelayExecutionThread
-  - KeQueryTimeIncrement
-  - KeQueryActiveProcessors
-  - MmGetSystemRoutineAddress
-  - MmProbeAndLockPages
-  - MmUnlockPages
-  - MmBuildMdlForNonPagedPool
-  - MmMapLockedPagesSpecifyCache
-  - MmUnmapLockedPages
-  - IoAllocateMdl
-  - IoFreeMdl
-  - MmSecureVirtualMemory
-  - MmUnsecureVirtualMemory
-  - RtlCompareMemory
-  - ExAcquireRundownProtection
-  - ExReleaseRundownProtection
-  - PsInitialSystemProcess
-  - ExpInterlockedPopEntrySList
-  - MmAdvanceMdl
-  - MmCreateMdl
-  - PsGetProcessPeb
-  - KeNumberProcessors
-  - RtlInitAnsiString
-  - RtlAnsiStringToUnicodeString
-  - ZwOpenKey
-  - ZwQueryValueKey
-  - ZwOpenSymbolicLinkObject
-  - ZwQuerySymbolicLinkObject
-  - RtlCompareString
-  - PsGetThreadProcess
-  - ZwOpenDirectoryObject
-  - KeWaitForSingleObject
-  - RtlCompareUnicodeString
-  - PsGetProcessWow64Process
-  - RtlFreeUnicodeString
-  - IoCreateFile
-  - ZwOpenFile
-  - ZwQueryInformationFile
-  - ZwSetInformationFile
-  - ZwReadFile
-  - IoCreateFileSpecifyDeviceObjectHint
-  - NtQueryDirectoryFile
-  - IoGetBaseFileSystemDeviceObject
-  - IoQueryFileInformation
-  - ObQueryNameString
-  - ZwDeleteFile
-  - ZwQueryObject
-  - ZwCreateKey
-  - ZwDeleteKey
-  - ZwEnumerateKey
-  - ZwSetValueKey
-  - RtlAnsiCharToUnicodeChar
-  - PsGetVersion
-  - ZwQuerySystemInformation
-  - ZwSetSecurityObject
-  - IoDeviceObjectType
-  - RtlGetDaclSecurityDescriptor
-  - RtlGetGroupSecurityDescriptor
-  - RtlGetOwnerSecurityDescriptor
-  - RtlGetSaclSecurityDescriptor
-  - SeCaptureSecurityDescriptor
-  - _snwprintf
-  - RtlLengthSecurityDescriptor
-  - SeExports
-  - RtlCreateSecurityDescriptor
-  - wcschr
-  - RtlAbsoluteToSelfRelativeSD
-  - RtlAddAccessAllowedAce
-  - RtlLengthSid
-  - IoIsWdmVersionAvailable
-  - RtlSetDaclSecurityDescriptor
-  - strcpy_s
-  - KeUnstackDetachProcess
-  - KeStackAttachProcess
-  - KeInitializeGuardedMutex
-  - KeRegisterBugCheckReasonCallback
-  - KeDeregisterBugCheckReasonCallback
-  - ExEventObjectType
-  - __C_specific_handler
-  - KeSetEvent
-  - ObfDereferenceObject
-  - ExAllocatePool
-  - PsGetProcessImageFileName
-  - ExFreePoolWithTag
-  - ExAllocatePoolWithTag
-  - KeReleaseGuardedMutex
-  - KeAcquireGuardedMutex
-  - PsGetCurrentProcessId
-  - IoGetCurrentProcess
-  - KeBugCheckEx
-  - PsLookupProcessByProcessId
-  - MmIsAddressValid
-  - MmGetPhysicalAddress
-  - PsTerminateSystemThread
-  - RtlAssert
-  - ProbeForWrite
-  - PsIsThreadTerminating
-  - PsLookupThreadByThreadId
-  - ZwOpenThread
-  - ZwQueryInformationThread
-  - KeInitializeApc
-  - KeInsertQueueApc
-  - IoBuildDeviceIoControlRequest
-  - IofCallDriver
-  - IoGetDeviceObjectPointer
-  - wcsrchr
-  - RtlCopyUnicodeString
-  - RtlAppendUnicodeStringToString
-  - ZwUnloadDriver
-  - ZwOpenProcess
-  - ZwQueryInformationProcess
-  - towupper
-  - ZwCreateSection
-  - ZwMapViewOfSection
-  - ZwUnmapViewOfSection
-  - MmProtectMdlSystemAddress
-  - MmProbeAndLockProcessPages
-  - KeDeregisterNmiCallback
-  - PsGetProcessExitStatus
-  - ZwOpenSection
-  - ObReferenceObjectByName
-  - IoAllocateIrp
-  - IoFreeIrp
-  - MmUnmapIoSpace
-  - MmAllocateContiguousMemory
-  - MmMapIoSpace
-  - FltWriteFile
-  - FltReleaseFileNameInformation
-  - FltStartFiltering
-  - FltUnregisterFilter
-  - FltRegisterFilter
-  - FltObjectDereference
-  - FltEnumerateInstances
-  - FltGetVolumeProperties
-  - FltGetVolumeFromInstance
-  - FltClose
-  - FltSetInformationFile
-  - FltReadFile
-  - FltCreateFileEx
-  - FltGetVolumeName
-  - FltParseFileNameInformation
-  - FltGetFileNameInformation
-  - FltFreePoolAlignedWithTag
-  - FltAllocatePoolAlignedWithTag
-  - FltGetFileNameInformationUnsafe
-  - FltGetRequestorProcessId
-  - KeStallExecutionProcessor
-  ExportedFunctions: ''
-  MD5: e8f177545acc656c837b74102cd76527
-  SHA1: 39402a9a3d90ba62938052089c8cbde9fb4e639f
-  SHA256: 7326aefff9ea3a32286b423a62baebe33b73251348666c1ee569afe62dd60e11
-  Imphash: 13ad56e7c65468e58c468f56e33687d4
-  Machine: AMD64
-  MagicHeader: 50 45 0 0
-  CreationTimestamp: '2022-02-22 08:16:48'
-  RichPEHeaderMD5: 062556004ee11c5a66737fee0c2ef190
-  RichPEHeaderSHA1: 67512e1821c28bf63354cc771c15c6e65982911d
-  RichPEHeaderSHA256: 87208680099d7e82d232a61048f4acaaa4a7b49ad81501cbff1fd3f12c80256a
-  AuthentihashMD5: dd3bfadd02f076a1bdea2279c7be339b
-  AuthentihashSHA1: d2e7cbdf71ae78df5cc61c3dc4eacca4365c0f87
-  AuthentihashSHA256: 2759e2290295a81e80ef5d8e95266aa08d67832c0af51267ad1100b89d8b890c
-  Sections:
-    .text:
-      Entropy: 5.798357152286487
-      Virtual Size: '0x5a1b5'
-    .rdata:
-      Entropy: 5.0264329620337405
-      Virtual Size: '0x4db84'
-    .data:
-      Entropy: 2.6820310018716422
-      Virtual Size: '0x97374'
-    .pdata:
-      Entropy: 5.671296849565602
-      Virtual Size: '0x42f0'
-    PAGE:
-      Entropy: 6.344388673223935
-      Virtual Size: '0x1a15'
-    INIT:
-      Entropy: 5.359883496957578
-      Virtual Size: '0x1ad0'
-    .rsrc:
-      Entropy: 3.359205191552997
-      Virtual Size: '0x3d0'
-    .reloc:
-      Entropy: 6.834766060295568
-      Virtual Size: '0xf00'
-    .tvm0:
-      Entropy: 5.528023547055279
-      Virtual Size: '0x110000'
-  CompanyName: ANTICHEATEXPERT.COM
-  FileDescription: ACE-BASE64 NT Driver
-  InternalName: ACE-BASE64
-  OriginalFilename: ''
-  FileVersion: 1.0.2202.6217
-  ProductName: Anti-Cheat Expert
-  LegalCopyright: "\xA9 AntiCheatExpert.com Limited. All Rights Reserved."
-  ProductVersion: 1.0.0.0
-  Signatures:
-  - CertificatesInfo: ''
-    SignerInfo: ''
-    Certificates:
-    - Subject: C=HK, L=Hong Kong Island, O=HIGH MORALE DEVELOPMENTS LIMITED, CN=HIGH
-        MORALE DEVELOPMENTS LIMITED
-      ValidFrom: '2020-10-10 00:00:00'
-      ValidTo: '2023-10-18 12:00:00'
-      Signature: 4315b73181923749bb0bda91672c11d257dce7ae271422366ca02032c2e1350f375eda0154e630b6d99d86d2578ddf0ead7f9cc8c82e1d9e8dfad35fbb355d24c3324ae7c29756116b71e0ed23070c3fd0383ab2e761aee37dd3993a8d957396908a036277313ffa66ad800bedb0f0eab00011071aa866f1c0d3d700e8ff35450d6d1c64c8d9e0aecdb3a8f4d4fd8574be01fabdc89b49b1136662b6acae6767927d685d600afa623aa4269880652807cc3c4ac2cc79c07d12f6d139d36eb8060a81ff07e798c609bd81c11555ed70e5b5402ef362621cc638565268c71cd3c45433bbd9ee6410a8e1137b5c43ad8f7fd2998d2bb0a66d7a9a74446a6679e5a9
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: false
-      SerialNumber: 0f316a214f60d59dc921aeb9685136cc
-      Version: 3
-      TBS:
-        MD5: 8cefdc7dfa7da86a8d3bfce9c642d0f4
-        SHA1: 6bc97cc3df00260304a6d1eb96795ac43974d82d
-        SHA256: 71ccc1f111e9b46aa35e5695652084505e36efec36224990cfad2dc2263ab4e3
-        SHA384: d59a26595ba8ad78d72ed0c3a1c0a578df85526471ae439212c50aed3bfcd71dacd599abc072cfeed937348a175e6bce
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root
-        CA
-      ValidFrom: '2011-04-15 19:41:37'
-      ValidTo: '2021-04-15 19:51:37'
-      Signature: 5cf5b22d02ceed01b53512d813f7aa4014c7a15ca08a55ed7e55ea6ac457176fd04722423658efc5ac61c5f62c52ce6ae6c80d85dab334420ea40225182672b92a4ea57e4b16f2a0e40c449ce24d9af474f0f927a6699031c244654348c74869d0fc8409f286140ac22996857f11eb8713176ed3ec6bff1d578ab17b1ea5a07ce9a27a68e5fac6b161d67263fa379163835599f81d614f0c6fa3f7bcb1152acc8d85e31417ef7e49443fb022c0f0acbe2fdbe10c86b0f4585c5a10a94bcdf3448a4652083e0a6210e9459504b78b8d4b074f500db7bbe7fb8ca27878c6c53b7663b2cfe521845a66fce04c79834ecfa8ee700586587cc29cd73ca3ad3c7e76625c87d0ed7cd5c55b1421f4be75a275d2e9e15ad020307841624d6b5e6e1b1710244ad8588775d015d762bbfd185665842561977faad49df4f35d6da031c2e19e02ac3e90c3327ee832903416d08b14cf95accee58c54a265b8bfed186a57073ed3e79a4a2f081a041c49871a8ae61b08a365d81c31c50d9cbab368ddf45076160675fec403e7d13edfdc862e10027e661296534e7af3365879b12042d8963f35be3f8ef2999743f5e40ce13c68728c8d49d75a52b573fb7a35943a61b08482c04885c19732d39b725fa0d2348f7ef0467cf28c7294c707b0d7b5b230b81965f09c8327b0a0abd0a2727e050fb3aeddb95b9b42bcc32663456b86f11d4643edc8
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 611cb28a000000000026
-      Version: 3
-      TBS:
-        MD5: 983a0c315a50542362f2bd6a5d71c8d0
-        SHA1: 8047f476001f5cb16a661d2a3fd0c3576168f5e2
-        SHA256: 5f6a519ed2e35cd0fa1cdfc90f4387162c36287bbf9e4d6648251d99542a9e83
-        SHA384: 5f014b60511ddab3247ef0b3c03fe82c622237ba76015e2911d1adc50dc632d56ebd1ee532f3c2b6cbfe68d80a2c91dc
-    - Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code
-        Signing CA,1
-      ValidFrom: '2011-02-11 12:00:00'
-      ValidTo: '2026-02-10 12:00:00'
-      Signature: 7b721d64ff88c83ac1b7e9e7a9c487bbdb9492d7905933fa2b87dea85b80253f138f9b831b7c43c4e68cdf393ec315ecb0da3b21257b24c1725db84791811346fa9c3f6a5138deb425cbf0abdfc528015479104624d1380f26a161904dbabd28e63ff1c4aa9bf6da35534fc9f23dd36cdc23edaaa04d6709f33a803d3cfb364c90e776a4ddf23abf56352fa24c65e8e0d4dad1c7c8916a2d234f373b199418d4d59c103cd5b11c19ff8fc86b9b9ef8ae9c999678d1cd9c51155b4226725a8d0a4a239240e886de22c2933ad49b68a6df297f06b93c0ebd9fc4869c82474271328609997209794b9d7169f541ff7f397764f1848dbe8b1eb27d68a3a590b10cff
-      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
-      IsCertificateAuthority: true
-      SerialNumber: 0fa8490615d700a0be2176fdc5ec6dbd
-      Version: 3
-      TBS:
-        MD5: a9a31555bbc92b6033975c5428fb3679
-        SHA1: 47f4b9898631773231b32844ec0d49990ac4eb1e
-        SHA256: c826846e4b1d73edb7561ab1b41c949354e237a91e82fe1be5b7e2e1701f52d1
-        SHA384: 86f49574f368a561914a52d7ae043ec6784ef8c718960700f834e123594605d25d39f1ad45f1eb5052c9567f3edd0e16
-    Signer:
-    - SerialNumber: 0f316a214f60d59dc921aeb9685136cc
-      Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code
-        Signing CA,1
-      Version: 1
-  Authentihash:
-    MD5: dd3bfadd02f076a1bdea2279c7be339b
-    SHA1: d2e7cbdf71ae78df5cc61c3dc4eacca4365c0f87
-    SHA256: 2759e2290295a81e80ef5d8e95266aa08d67832c0af51267ad1100b89d8b890c
-  RichPEHeaderHash:
-    MD5: 062556004ee11c5a66737fee0c2ef190
-    SHA1: 67512e1821c28bf63354cc771c15c6e65982911d
-    SHA256: 87208680099d7e82d232a61048f4acaaa4a7b49ad81501cbff1fd3f12c80256a
-  Description: ACE-BASE64 NT Driver
-  Company: ANTICHEATEXPERT.COM
-  Product: Anti-Cheat Expert
-  Copyright: "\xA9 AntiCheatExpert.com Limited. All Rights Reserved."
-  MachineType: AMD64
-  Imports:
-  - ntoskrnl.exe
-  - FLTMGR.SYS
-  - HAL.dll
-Tags:
-- ACE-BASE.sys
+-   Filename: ACE-BASE.sys
+    Libraries:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    - HAL.dll
+    ImportedFunctions:
+    - PsGetCurrentThreadId
+    - PsGetProcessCreateTimeQuadPart
+    - PsGetProcessId
+    - ObOpenObjectByPointer
+    - PsGetProcessSessionId
+    - PsGetProcessInheritedFromUniqueProcessId
+    - ZwFreeVirtualMemory
+    - PsReferenceProcessFilePointer
+    - RtlInitUnicodeString
+    - ZwCreateFile
+    - ZwDeviceIoControlFile
+    - RtlNtStatusToDosError
+    - ZwFsControlFile
+    - ZwWaitForSingleObject
+    - MmGetVirtualForPhysical
+    - PsGetThreadId
+    - IoFileObjectType
+    - ExSemaphoreObjectType
+    - PsProcessType
+    - PsThreadType
+    - PsJobType
+    - SeTokenObjectType
+    - IofCompleteRequest
+    - IoDeleteDevice
+    - IoDeleteSymbolicLink
+    - RtlUnicodeStringToAnsiString
+    - RtlFreeAnsiString
+    - KeInitializeEvent
+    - KeInitializeTimerEx
+    - KeCancelTimer
+    - KeSetTimerEx
+    - KeWaitForMultipleObjects
+    - PsCreateSystemThread
+    - ObReferenceObjectByHandle
+    - ZwClose
+    - KeClearEvent
+    - IoCreateDevice
+    - IoCreateNotificationEvent
+    - IoCreateSymbolicLink
+    - IoRegisterShutdownNotification
+    - IoUnregisterShutdownNotification
+    - KeEnterCriticalRegion
+    - KeLeaveCriticalRegion
+    - ExInitializeResourceLite
+    - ExAcquireResourceSharedLite
+    - ExAcquireResourceExclusiveLite
+    - ExReleaseResourceLite
+    - ExDeleteResourceLite
+    - RtlInitializeGenericTableAvl
+    - RtlInsertElementGenericTableAvl
+    - RtlDeleteElementGenericTableAvl
+    - RtlLookupElementGenericTableAvl
+    - RtlIsGenericTableEmptyAvl
+    - RtlUpcaseUnicodeString
+    - RtlTimeToTimeFields
+    - ExSystemTimeToLocalTime
+    - RtlEqualUnicodeString
+    - KeAcquireSpinLockRaiseToDpc
+    - KeReleaseSpinLock
+    - RtlWalkFrameChain
+    - KeInitializeDpc
+    - KeSetTargetProcessorDpc
+    - ProbeForRead
+    - KeDelayExecutionThread
+    - KeQueryTimeIncrement
+    - KeQueryActiveProcessors
+    - MmGetSystemRoutineAddress
+    - MmProbeAndLockPages
+    - MmUnlockPages
+    - MmBuildMdlForNonPagedPool
+    - MmMapLockedPagesSpecifyCache
+    - MmUnmapLockedPages
+    - IoAllocateMdl
+    - IoFreeMdl
+    - MmSecureVirtualMemory
+    - MmUnsecureVirtualMemory
+    - RtlCompareMemory
+    - ExAcquireRundownProtection
+    - ExReleaseRundownProtection
+    - PsInitialSystemProcess
+    - ExpInterlockedPopEntrySList
+    - MmAdvanceMdl
+    - MmCreateMdl
+    - PsGetProcessPeb
+    - KeNumberProcessors
+    - RtlInitAnsiString
+    - RtlAnsiStringToUnicodeString
+    - ZwOpenKey
+    - ZwQueryValueKey
+    - ZwOpenSymbolicLinkObject
+    - ZwQuerySymbolicLinkObject
+    - RtlCompareString
+    - PsGetThreadProcess
+    - ZwOpenDirectoryObject
+    - KeWaitForSingleObject
+    - RtlCompareUnicodeString
+    - PsGetProcessWow64Process
+    - RtlFreeUnicodeString
+    - IoCreateFile
+    - ZwOpenFile
+    - ZwQueryInformationFile
+    - ZwSetInformationFile
+    - ZwReadFile
+    - IoCreateFileSpecifyDeviceObjectHint
+    - NtQueryDirectoryFile
+    - IoGetBaseFileSystemDeviceObject
+    - IoQueryFileInformation
+    - ObQueryNameString
+    - ZwDeleteFile
+    - ZwQueryObject
+    - ZwCreateKey
+    - ZwDeleteKey
+    - ZwEnumerateKey
+    - ZwSetValueKey
+    - RtlAnsiCharToUnicodeChar
+    - PsGetVersion
+    - ZwQuerySystemInformation
+    - ZwSetSecurityObject
+    - IoDeviceObjectType
+    - RtlGetDaclSecurityDescriptor
+    - RtlGetGroupSecurityDescriptor
+    - RtlGetOwnerSecurityDescriptor
+    - RtlGetSaclSecurityDescriptor
+    - SeCaptureSecurityDescriptor
+    - _snwprintf
+    - RtlLengthSecurityDescriptor
+    - SeExports
+    - RtlCreateSecurityDescriptor
+    - wcschr
+    - RtlAbsoluteToSelfRelativeSD
+    - RtlAddAccessAllowedAce
+    - RtlLengthSid
+    - IoIsWdmVersionAvailable
+    - RtlSetDaclSecurityDescriptor
+    - strcpy_s
+    - KeUnstackDetachProcess
+    - KeStackAttachProcess
+    - KeInitializeGuardedMutex
+    - KeRegisterBugCheckReasonCallback
+    - KeDeregisterBugCheckReasonCallback
+    - ExEventObjectType
+    - __C_specific_handler
+    - KeSetEvent
+    - ObfDereferenceObject
+    - ExAllocatePool
+    - PsGetProcessImageFileName
+    - ExFreePoolWithTag
+    - ExAllocatePoolWithTag
+    - KeReleaseGuardedMutex
+    - KeAcquireGuardedMutex
+    - PsGetCurrentProcessId
+    - IoGetCurrentProcess
+    - KeBugCheckEx
+    - PsLookupProcessByProcessId
+    - MmIsAddressValid
+    - MmGetPhysicalAddress
+    - PsTerminateSystemThread
+    - RtlAssert
+    - ProbeForWrite
+    - PsIsThreadTerminating
+    - PsLookupThreadByThreadId
+    - ZwOpenThread
+    - ZwQueryInformationThread
+    - KeInitializeApc
+    - KeInsertQueueApc
+    - IoBuildDeviceIoControlRequest
+    - IofCallDriver
+    - IoGetDeviceObjectPointer
+    - wcsrchr
+    - RtlCopyUnicodeString
+    - RtlAppendUnicodeStringToString
+    - ZwUnloadDriver
+    - ZwOpenProcess
+    - ZwQueryInformationProcess
+    - towupper
+    - ZwCreateSection
+    - ZwMapViewOfSection
+    - ZwUnmapViewOfSection
+    - MmProtectMdlSystemAddress
+    - MmProbeAndLockProcessPages
+    - KeDeregisterNmiCallback
+    - PsGetProcessExitStatus
+    - ZwOpenSection
+    - ObReferenceObjectByName
+    - IoAllocateIrp
+    - IoFreeIrp
+    - MmUnmapIoSpace
+    - MmAllocateContiguousMemory
+    - MmMapIoSpace
+    - FltWriteFile
+    - FltReleaseFileNameInformation
+    - FltStartFiltering
+    - FltUnregisterFilter
+    - FltRegisterFilter
+    - FltObjectDereference
+    - FltEnumerateInstances
+    - FltGetVolumeProperties
+    - FltGetVolumeFromInstance
+    - FltClose
+    - FltSetInformationFile
+    - FltReadFile
+    - FltCreateFileEx
+    - FltGetVolumeName
+    - FltParseFileNameInformation
+    - FltGetFileNameInformation
+    - FltFreePoolAlignedWithTag
+    - FltAllocatePoolAlignedWithTag
+    - FltGetFileNameInformationUnsafe
+    - FltGetRequestorProcessId
+    - KeStallExecutionProcessor
+    ExportedFunctions: ''
+    MD5: e8f177545acc656c837b74102cd76527
+    SHA1: 39402a9a3d90ba62938052089c8cbde9fb4e639f
+    SHA256: 7326aefff9ea3a32286b423a62baebe33b73251348666c1ee569afe62dd60e11
+    Imphash: 13ad56e7c65468e58c468f56e33687d4
+    Machine: AMD64
+    MagicHeader: 50 45 0 0
+    CreationTimestamp: '2022-02-22 08:16:48'
+    RichPEHeaderMD5: 062556004ee11c5a66737fee0c2ef190
+    RichPEHeaderSHA1: 67512e1821c28bf63354cc771c15c6e65982911d
+    RichPEHeaderSHA256: 87208680099d7e82d232a61048f4acaaa4a7b49ad81501cbff1fd3f12c80256a
+    AuthentihashMD5: dd3bfadd02f076a1bdea2279c7be339b
+    AuthentihashSHA1: d2e7cbdf71ae78df5cc61c3dc4eacca4365c0f87
+    AuthentihashSHA256: 2759e2290295a81e80ef5d8e95266aa08d67832c0af51267ad1100b89d8b890c
+    Sections:
+        .text:
+            Entropy: 5.798357152286487
+            Virtual Size: '0x5a1b5'
+        .rdata:
+            Entropy: 5.0264329620337405
+            Virtual Size: '0x4db84'
+        .data:
+            Entropy: 2.6820310018716422
+            Virtual Size: '0x97374'
+        .pdata:
+            Entropy: 5.671296849565602
+            Virtual Size: '0x42f0'
+        PAGE:
+            Entropy: 6.344388673223935
+            Virtual Size: '0x1a15'
+        INIT:
+            Entropy: 5.359883496957578
+            Virtual Size: '0x1ad0'
+        .rsrc:
+            Entropy: 3.359205191552997
+            Virtual Size: '0x3d0'
+        .reloc:
+            Entropy: 6.834766060295568
+            Virtual Size: '0xf00'
+        .tvm0:
+            Entropy: 5.528023547055279
+            Virtual Size: '0x110000'
+    CompanyName: ANTICHEATEXPERT.COM
+    FileDescription: ACE-BASE64 NT Driver
+    InternalName: ACE-BASE64
+    OriginalFilename: ''
+    FileVersion: 1.0.2202.6217
+    ProductName: Anti-Cheat Expert
+    LegalCopyright: "\xA9 AntiCheatExpert.com Limited. All Rights Reserved."
+    ProductVersion: 1.0.0.0
+    Signatures:
+    -   CertificatesInfo: ''
+        SignerInfo: ''
+        Certificates:
+        -   Subject: C=HK, L=Hong Kong Island, O=HIGH MORALE DEVELOPMENTS LIMITED,
+                CN=HIGH MORALE DEVELOPMENTS LIMITED
+            ValidFrom: '2020-10-10 00:00:00'
+            ValidTo: '2023-10-18 12:00:00'
+            Signature: 4315b73181923749bb0bda91672c11d257dce7ae271422366ca02032c2e1350f375eda0154e630b6d99d86d2578ddf0ead7f9cc8c82e1d9e8dfad35fbb355d24c3324ae7c29756116b71e0ed23070c3fd0383ab2e761aee37dd3993a8d957396908a036277313ffa66ad800bedb0f0eab00011071aa866f1c0d3d700e8ff35450d6d1c64c8d9e0aecdb3a8f4d4fd8574be01fabdc89b49b1136662b6acae6767927d685d600afa623aa4269880652807cc3c4ac2cc79c07d12f6d139d36eb8060a81ff07e798c609bd81c11555ed70e5b5402ef362621cc638565268c71cd3c45433bbd9ee6410a8e1137b5c43ad8f7fd2998d2bb0a66d7a9a74446a6679e5a9
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: false
+            SerialNumber: 0f316a214f60d59dc921aeb9685136cc
+            Version: 3
+            TBS:
+                MD5: 8cefdc7dfa7da86a8d3bfce9c642d0f4
+                SHA1: 6bc97cc3df00260304a6d1eb96795ac43974d82d
+                SHA256: 71ccc1f111e9b46aa35e5695652084505e36efec36224990cfad2dc2263ab4e3
+                SHA384: d59a26595ba8ad78d72ed0c3a1c0a578df85526471ae439212c50aed3bfcd71dacd599abc072cfeed937348a175e6bce
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID Root CA
+            ValidFrom: '2011-04-15 19:41:37'
+            ValidTo: '2021-04-15 19:51:37'
+            Signature: 5cf5b22d02ceed01b53512d813f7aa4014c7a15ca08a55ed7e55ea6ac457176fd04722423658efc5ac61c5f62c52ce6ae6c80d85dab334420ea40225182672b92a4ea57e4b16f2a0e40c449ce24d9af474f0f927a6699031c244654348c74869d0fc8409f286140ac22996857f11eb8713176ed3ec6bff1d578ab17b1ea5a07ce9a27a68e5fac6b161d67263fa379163835599f81d614f0c6fa3f7bcb1152acc8d85e31417ef7e49443fb022c0f0acbe2fdbe10c86b0f4585c5a10a94bcdf3448a4652083e0a6210e9459504b78b8d4b074f500db7bbe7fb8ca27878c6c53b7663b2cfe521845a66fce04c79834ecfa8ee700586587cc29cd73ca3ad3c7e76625c87d0ed7cd5c55b1421f4be75a275d2e9e15ad020307841624d6b5e6e1b1710244ad8588775d015d762bbfd185665842561977faad49df4f35d6da031c2e19e02ac3e90c3327ee832903416d08b14cf95accee58c54a265b8bfed186a57073ed3e79a4a2f081a041c49871a8ae61b08a365d81c31c50d9cbab368ddf45076160675fec403e7d13edfdc862e10027e661296534e7af3365879b12042d8963f35be3f8ef2999743f5e40ce13c68728c8d49d75a52b573fb7a35943a61b08482c04885c19732d39b725fa0d2348f7ef0467cf28c7294c707b0d7b5b230b81965f09c8327b0a0abd0a2727e050fb3aeddb95b9b42bcc32663456b86f11d4643edc8
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 611cb28a000000000026
+            Version: 3
+            TBS:
+                MD5: 983a0c315a50542362f2bd6a5d71c8d0
+                SHA1: 8047f476001f5cb16a661d2a3fd0c3576168f5e2
+                SHA256: 5f6a519ed2e35cd0fa1cdfc90f4387162c36287bbf9e4d6648251d99542a9e83
+                SHA384: 5f014b60511ddab3247ef0b3c03fe82c622237ba76015e2911d1adc50dc632d56ebd1ee532f3c2b6cbfe68d80a2c91dc
+        -   Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID Code Signing CA,1
+            ValidFrom: '2011-02-11 12:00:00'
+            ValidTo: '2026-02-10 12:00:00'
+            Signature: 7b721d64ff88c83ac1b7e9e7a9c487bbdb9492d7905933fa2b87dea85b80253f138f9b831b7c43c4e68cdf393ec315ecb0da3b21257b24c1725db84791811346fa9c3f6a5138deb425cbf0abdfc528015479104624d1380f26a161904dbabd28e63ff1c4aa9bf6da35534fc9f23dd36cdc23edaaa04d6709f33a803d3cfb364c90e776a4ddf23abf56352fa24c65e8e0d4dad1c7c8916a2d234f373b199418d4d59c103cd5b11c19ff8fc86b9b9ef8ae9c999678d1cd9c51155b4226725a8d0a4a239240e886de22c2933ad49b68a6df297f06b93c0ebd9fc4869c82474271328609997209794b9d7169f541ff7f397764f1848dbe8b1eb27d68a3a590b10cff
+            SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+            IsCertificateAuthority: true
+            SerialNumber: 0fa8490615d700a0be2176fdc5ec6dbd
+            Version: 3
+            TBS:
+                MD5: a9a31555bbc92b6033975c5428fb3679
+                SHA1: 47f4b9898631773231b32844ec0d49990ac4eb1e
+                SHA256: c826846e4b1d73edb7561ab1b41c949354e237a91e82fe1be5b7e2e1701f52d1
+                SHA384: 86f49574f368a561914a52d7ae043ec6784ef8c718960700f834e123594605d25d39f1ad45f1eb5052c9567f3edd0e16
+        Signer:
+        -   SerialNumber: 0f316a214f60d59dc921aeb9685136cc
+            Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured
+                ID Code Signing CA,1
+            Version: 1
+    Authentihash:
+        MD5: dd3bfadd02f076a1bdea2279c7be339b
+        SHA1: d2e7cbdf71ae78df5cc61c3dc4eacca4365c0f87
+        SHA256: 2759e2290295a81e80ef5d8e95266aa08d67832c0af51267ad1100b89d8b890c
+    RichPEHeaderHash:
+        MD5: 062556004ee11c5a66737fee0c2ef190
+        SHA1: 67512e1821c28bf63354cc771c15c6e65982911d
+        SHA256: 87208680099d7e82d232a61048f4acaaa4a7b49ad81501cbff1fd3f12c80256a
+    Description: ACE-BASE64 NT Driver
+    Company: ANTICHEATEXPERT.COM
+    Product: Anti-Cheat Expert
+    Copyright: "\xA9 AntiCheatExpert.com Limited. All Rights Reserved."
+    MachineType: AMD64
+    Imports:
+    - ntoskrnl.exe
+    - FLTMGR.SYS
+    - HAL.dll